diff --git a/.git-blame-ignore-revs b/.git-blame-ignore-revs
new file mode 100644
index 0000000..a30dd09
--- /dev/null
+++ b/.git-blame-ignore-revs
@@ -0,0 +1,15 @@
+#commit 7dda362c06c93d53705cfd5ff78e895aeae95e9c (HEAD -> master)
+#Author: Rory& <root@rory.gay>
+#Date: Sat Feb 8 19:34:44 2025 +0100
+#
+# Format files
+#
+7dda362c06c93d53705cfd5ff78e895aeae95e9c
+
+#commit c6358f6e048a33153dcd27564a3380aab79bd44a (HEAD -> master)
+#Author: Rory& <root@rory.gay>
+#Date: Sat Feb 8 19:36:41 2025 +0100
+#
+# Format files
+#
+c6358f6e048a33153dcd27564a3380aab79bd44a
diff --git a/.gitignore b/.gitignore
index 2dfcba2..8f0b582 100755
--- a/.gitignore
+++ b/.gitignore
@@ -6,4 +6,8 @@ matrix-user-tokens.txt
nixpkgs/
result
wg/
-
+opensuse/
+modules/opensuse/
+/*.qcow2
+Ran.ca
+OOYE-module/
diff --git a/build.sh b/build.sh
index 27d0e11..483b3e8 100755
--- a/build.sh
+++ b/build.sh
@@ -7,21 +7,29 @@ if [ $# -ne 2 ]; then
cat flake.nix | grep '.lib.nixosSystem' | sed 's/ =.*//' | sed 's/^[ \t]*//;s/[ \t]*$//' | while read cfg; do echo " - $cfg"; done
exit 1
fi
-if [ "$1" = "/" ]; then
- [ -f "host/${2}/pre-rebuild.sh" ] && host/$2/pre-rebuild.sh
- nixos-generate-config --show-hardware-config > hardware-configuration.nix
+
+ROOT=$1
+CONFIG=$2
+
+DERIVATION=".#nixosConfigurations.${CONFIG}.config.system.build.toplevel"
+EXTRA_NIX_FLAGS="-L --accept-flake-config --keep-going"
+EXTRA_NIXOS_REBUILD_FLAGS="--use-remote-sudo --offline --fast"
+
+if [ "${ROOT}" = "/" ]; then
+ [ -f "host/${CONFIG}/hooks/pre-rebuild.sh" ] && host/${CONFIG}/hooks/pre-rebuild.sh
+ [ ! -f "hardware-configuration.nix" ] && nixos-generate-config --show-hardware-config > hardware-configuration.nix
git add -f hardware-configuration.nix
- nom build .#nixosConfigurations.${2}.config.system.build.toplevel && sudo nixos-rebuild switch --flake .#${HOSTNAME} || exit 1
- nixos-rebuild switch --flake ".#${2}" -j`nproc` --upgrade-all -L || exit 1
- [ -f "host/${2}/post-rebuild.sh" ] && host/$2/post-rebuild.sh
+ nom build $DERIVATION $EXTRA_NIX_FLAGS && nixos-rebuild switch --flake .#${CONFIG} $EXTRA_NIX_FLAGS $EXTRA_NIXOS_REBUILD_FLAGS || exit 1
+ #nixos-rebuild switch --flake ".#${CONFIG}" -j`nproc` --upgrade-all -L || exit 1
+ [ -f "host/${CONFIG}/hooks/post-rebuild.sh" ] && host/${CONFIG}/hooks/post-rebuild.sh
git rm --cached hardware-configuration.nix
exit
else
- nixos-generate-config --show-hardware-config --root "${1}" > hardware-configuration.nix
+ nixos-generate-config --show-hardware-config --root "${ROOT}" > hardware-configuration.nix
git add -f hardware-configuration.nix
- nom build .#nixosConfigurations.${2}.config.system.build.toplevel || exit 1
- nixos-install --root "${1}" --flake ".#${2}"
+ #nom build $DERIVATION $EXTRA_NIX_FLAGS --option store "${ROOT}" || exit 1
+ sudo nixos-install --root "${ROOT}" --flake ".#${CONFIG}" --no-channel-copy
git rm --cached hardware-configuration.nix
- cp . "${1}/Rory-Open-Architecture" -r
+ sudo cp . "${ROOT}/Rory-Open-Architecture" -r
exit
fi
diff --git a/flake.lock b/flake.lock
index f9a04d4..74a08f1 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1,19 +1,53 @@
{
"nodes": {
+ "aquamarine": {
+ "inputs": {
+ "hyprutils": [
+ "hyprland",
+ "hyprutils"
+ ],
+ "hyprwayland-scanner": [
+ "hyprland",
+ "hyprwayland-scanner"
+ ],
+ "nixpkgs": [
+ "hyprland",
+ "nixpkgs"
+ ],
+ "systems": [
+ "hyprland",
+ "systems"
+ ]
+ },
+ "locked": {
+ "lastModified": 1742213273,
+ "narHash": "sha256-0l0vDb4anfsBu1rOs94bC73Hub+xEivgBAo6QXl2MmU=",
+ "owner": "hyprwm",
+ "repo": "aquamarine",
+ "rev": "484b732195cc53f4536ce4bd59a5c6402b1e7ccf",
+ "type": "github"
+ },
+ "original": {
+ "owner": "hyprwm",
+ "repo": "aquamarine",
+ "type": "github"
+ }
+ },
"attic": {
"inputs": {
"crane": "crane",
"flake-compat": "flake-compat",
- "flake-utils": "flake-utils",
- "nixpkgs": "nixpkgs",
+ "flake-parts": "flake-parts",
+ "nix-github-actions": "nix-github-actions",
+ "nixpkgs": "nixpkgs_2",
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
- "lastModified": 1707922053,
- "narHash": "sha256-wSZjK+rOXn+UQiP1NbdNn5/UW6UcBxjvlqr2wh++MbM=",
+ "lastModified": 1738524606,
+ "narHash": "sha256-hPYEJ4juK3ph7kbjbvv7PlU1D9pAkkhl+pwx8fZY53U=",
"owner": "zhaofengli",
"repo": "attic",
- "rev": "6eabc3f02fae3683bffab483e614bebfcd476b21",
+ "rev": "ff8a897d1f4408ebbf4d45fa9049c06b3e1e3f4e",
"type": "github"
},
"original": {
@@ -27,16 +61,17 @@
"inputs": {
"crane": "crane_3",
"flake-compat": "flake-compat_3",
- "flake-utils": "flake-utils_4",
- "nixpkgs": "nixpkgs_3",
+ "flake-parts": "flake-parts_2",
+ "nix-github-actions": "nix-github-actions_2",
+ "nixpkgs": "nixpkgs_4",
"nixpkgs-stable": "nixpkgs-stable_2"
},
"locked": {
- "lastModified": 1711742460,
- "narHash": "sha256-0O4v6e4a1toxXZ2gf5INhg4WPE5C5T+SVvsBt+45Mcc=",
+ "lastModified": 1738524606,
+ "narHash": "sha256-hPYEJ4juK3ph7kbjbvv7PlU1D9pAkkhl+pwx8fZY53U=",
"owner": "zhaofengli",
"repo": "attic",
- "rev": "4dbdbee45728d8ce5788db6461aaaa89d98081f0",
+ "rev": "ff8a897d1f4408ebbf4d45fa9049c06b3e1e3f4e",
"type": "github"
},
"original": {
@@ -48,16 +83,14 @@
},
"botcore-v4": {
"inputs": {
- "nixpkgs": [
- "nixpkgs"
- ]
+ "nixpkgs": "nixpkgs"
},
"locked": {
- "lastModified": 1683656302,
- "narHash": "sha256-I2eu+9/i0ktqNzQwkc0NuczQ2UThCBf8L9xnZ8v3NSM=",
+ "lastModified": 1733399338,
+ "narHash": "sha256-qojztR32eAuJwlukn34CvrpGcarj7AZtgAPNA6C7PV0=",
"owner": "BotCore-Devs",
"repo": "BotCore-v4",
- "rev": "0e8738ba7df060782df050dc733b0bfc8c499830",
+ "rev": "5e513088c1076aa42aeb473557da11d2d1d32130",
"type": "gitlab"
},
"original": {
@@ -67,6 +100,27 @@
"type": "gitlab"
}
},
+ "cgit-magenta": {
+ "inputs": {
+ "flake-utils": "flake-utils",
+ "nixpkgs": [
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1746960839,
+ "narHash": "sha256-YOov+78fsGBZGj2JQQQDozflSLJA1Wo4tRODFi2srto=",
+ "ref": "refs/heads/master",
+ "rev": "863a3817820d28d8026f6d73de304b43cb60f6fa",
+ "revCount": 1660,
+ "type": "git",
+ "url": "https://cgit.rory.gay/cgit-magenta.git"
+ },
+ "original": {
+ "type": "git",
+ "url": "https://cgit.rory.gay/cgit-magenta.git"
+ }
+ },
"conduit": {
"inputs": {
"attic": "attic",
@@ -75,14 +129,14 @@
"flake-compat": "flake-compat_2",
"flake-utils": "flake-utils_2",
"nix-filter": "nix-filter",
- "nixpkgs": "nixpkgs_2"
+ "nixpkgs": "nixpkgs_3"
},
"locked": {
- "lastModified": 1724842781,
- "narHash": "sha256-HRF4BHnVBlosE6ksyfPPgK3OIATD6LV79CK0rpX9MMU=",
+ "lastModified": 1750688623,
+ "narHash": "sha256-GuFMTK2ovfmNT8LM58EupnI5zuK7ldjD9+ta87Ow/Ig=",
"owner": "famedly",
"repo": "conduit",
- "rev": "2bab8869d08765a7824b9d9dd937050dddbae4f1",
+ "rev": "5c8b030c1e7ec66b1d72b219e62505dd758be2e3",
"type": "gitlab"
},
"original": {
@@ -101,11 +155,11 @@
]
},
"locked": {
- "lastModified": 1702918879,
- "narHash": "sha256-tWJqzajIvYcaRWxn+cLUB9L9Pv4dQ3Bfit/YjU5ze3g=",
+ "lastModified": 1722960479,
+ "narHash": "sha256-NhCkJJQhD5GUib8zN9JrmYGMwt4lCRp6ZVNzIiYCl0Y=",
"owner": "ipetkov",
"repo": "crane",
- "rev": "7195c00c272fdd92fc74e7d5a0a2844b9fadb2fb",
+ "rev": "4c6c77920b8d44cd6660c1621dea6b3fc4b4c4f4",
"type": "github"
},
"original": {
@@ -115,24 +169,18 @@
}
},
"crane_2": {
- "inputs": {
- "nixpkgs": [
- "conduit",
- "nixpkgs"
- ]
- },
"locked": {
- "lastModified": 1713721181,
- "narHash": "sha256-Vz1KRVTzU3ClBfyhOj8gOehZk21q58T1YsXC30V23PU=",
+ "lastModified": 1741481578,
+ "narHash": "sha256-JBTSyJFQdO3V8cgcL08VaBUByEU6P5kXbTJN6R0PFQo=",
"owner": "ipetkov",
"repo": "crane",
- "rev": "55f4939ac59ff8f89c6a4029730a2d49ea09105f",
+ "rev": "bb1c9567c43e4434f54e9481eb4b8e8e0d50f0b5",
"type": "github"
},
"original": {
"owner": "ipetkov",
- "ref": "master",
"repo": "crane",
+ "rev": "bb1c9567c43e4434f54e9481eb4b8e8e0d50f0b5",
"type": "github"
}
},
@@ -145,11 +193,11 @@
]
},
"locked": {
- "lastModified": 1702918879,
- "narHash": "sha256-tWJqzajIvYcaRWxn+cLUB9L9Pv4dQ3Bfit/YjU5ze3g=",
+ "lastModified": 1722960479,
+ "narHash": "sha256-NhCkJJQhD5GUib8zN9JrmYGMwt4lCRp6ZVNzIiYCl0Y=",
"owner": "ipetkov",
"repo": "crane",
- "rev": "7195c00c272fdd92fc74e7d5a0a2844b9fadb2fb",
+ "rev": "4c6c77920b8d44cd6660c1621dea6b3fc4b4c4f4",
"type": "github"
},
"original": {
@@ -159,18 +207,12 @@
}
},
"crane_4": {
- "inputs": {
- "nixpkgs": [
- "grapevine",
- "nixpkgs"
- ]
- },
"locked": {
- "lastModified": 1716569590,
- "narHash": "sha256-5eDbq8TuXFGGO3mqJFzhUbt5zHVTf5zilQoyW5jnJwo=",
+ "lastModified": 1742394900,
+ "narHash": "sha256-vVOAp9ahvnU+fQoKd4SEXB2JG2wbENkpqcwlkIXgUC0=",
"owner": "ipetkov",
"repo": "crane",
- "rev": "109987da061a1bf452f435f1653c47511587d919",
+ "rev": "70947c1908108c0c551ddfd73d4f750ff2ea67cd",
"type": "github"
},
"original": {
@@ -180,6 +222,23 @@
"type": "github"
}
},
+ "draupnirSrc": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1750769344,
+ "narHash": "sha256-1jlqkaJpeOoKty6ONsxdRlAf7A15rcR8q3w/FbMuMpo=",
+ "owner": "the-draupnir-project",
+ "repo": "Draupnir",
+ "rev": "5565ef3bc75dc857cda3fd67d2ce45cdceb88263",
+ "type": "github"
+ },
+ "original": {
+ "owner": "the-draupnir-project",
+ "ref": "main",
+ "repo": "Draupnir",
+ "type": "github"
+ }
+ },
"fenix": {
"inputs": {
"nixpkgs": [
@@ -189,11 +248,11 @@
"rust-analyzer-src": "rust-analyzer-src"
},
"locked": {
- "lastModified": 1709619709,
- "narHash": "sha256-l6EPVJfwfelWST7qWQeP6t/TDK3HHv5uUB1b2vw4mOQ=",
+ "lastModified": 1745735608,
+ "narHash": "sha256-L0jzm815XBFfF2wCFmR+M1CF+beIEFj6SxlqVKF59Ec=",
"owner": "nix-community",
"repo": "fenix",
- "rev": "c8943ea9e98d41325ff57d4ec14736d330b321b2",
+ "rev": "c39a78eba6ed2a022cc3218db90d485077101496",
"type": "github"
},
"original": {
@@ -211,11 +270,11 @@
"rust-analyzer-src": "rust-analyzer-src_2"
},
"locked": {
- "lastModified": 1716359173,
- "narHash": "sha256-pYcjP6Gy7i6jPWrjiWAVV0BCQp+DdmGaI/k65lBb/kM=",
+ "lastModified": 1742452566,
+ "narHash": "sha256-sVuLDQ2UIWfXUBbctzrZrXM2X05YjX08K7XHMztt36E=",
"owner": "nix-community",
"repo": "fenix",
- "rev": "b6fc5035b28e36a98370d0eac44f4ef3fd323df6",
+ "rev": "7d9ba794daf5e8cc7ee728859bc688d8e26d5f06",
"type": "github"
},
"original": {
@@ -228,11 +287,11 @@
"flake-compat": {
"flake": false,
"locked": {
- "lastModified": 1673956053,
- "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
+ "lastModified": 1696426674,
+ "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
- "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
+ "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
@@ -244,11 +303,11 @@
"flake-compat_2": {
"flake": false,
"locked": {
- "lastModified": 1696426674,
- "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
+ "lastModified": 1733328505,
+ "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
"owner": "edolstra",
"repo": "flake-compat",
- "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
+ "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
"type": "github"
},
"original": {
@@ -260,11 +319,11 @@
"flake-compat_3": {
"flake": false,
"locked": {
- "lastModified": 1673956053,
- "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
+ "lastModified": 1696426674,
+ "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
- "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
+ "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
@@ -276,11 +335,11 @@
"flake-compat_4": {
"flake": false,
"locked": {
- "lastModified": 1696426674,
- "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
+ "lastModified": 1733328505,
+ "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
"owner": "edolstra",
"repo": "flake-compat",
- "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
+ "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
"type": "github"
},
"original": {
@@ -306,13 +365,60 @@
"type": "github"
}
},
+ "flake-parts": {
+ "inputs": {
+ "nixpkgs-lib": [
+ "conduit",
+ "attic",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1722555600,
+ "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
+ "owner": "hercules-ci",
+ "repo": "flake-parts",
+ "rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
+ "type": "github"
+ },
+ "original": {
+ "owner": "hercules-ci",
+ "repo": "flake-parts",
+ "type": "github"
+ }
+ },
+ "flake-parts_2": {
+ "inputs": {
+ "nixpkgs-lib": [
+ "grapevine",
+ "attic",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1722555600,
+ "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
+ "owner": "hercules-ci",
+ "repo": "flake-parts",
+ "rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
+ "type": "github"
+ },
+ "original": {
+ "owner": "hercules-ci",
+ "repo": "flake-parts",
+ "type": "github"
+ }
+ },
"flake-utils": {
+ "inputs": {
+ "systems": "systems"
+ },
"locked": {
- "lastModified": 1667395993,
- "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
+ "lastModified": 1731533236,
+ "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
- "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
+ "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
@@ -323,14 +429,14 @@
},
"flake-utils_2": {
"inputs": {
- "systems": "systems"
+ "systems": "systems_2"
},
"locked": {
- "lastModified": 1709126324,
- "narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=",
+ "lastModified": 1731533236,
+ "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
- "rev": "d465f4819400de7c8d874d50b982301f28a84605",
+ "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
@@ -341,14 +447,14 @@
},
"flake-utils_3": {
"inputs": {
- "systems": "systems_2"
+ "systems": "systems_3"
},
"locked": {
- "lastModified": 1710146030,
- "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
+ "lastModified": 1731533236,
+ "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
- "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
+ "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
@@ -358,54 +464,76 @@
}
},
"flake-utils_4": {
+ "inputs": {
+ "systems": "systems_4"
+ },
"locked": {
- "lastModified": 1667395993,
- "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
+ "lastModified": 1731533236,
+ "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
- "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
+ "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
+ "ref": "main",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_5": {
"inputs": {
- "systems": "systems_3"
+ "systems": "systems_6"
},
"locked": {
- "lastModified": 1710146030,
- "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
+ "lastModified": 1726560853,
+ "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
"owner": "numtide",
"repo": "flake-utils",
- "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
+ "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
"type": "github"
},
"original": {
"owner": "numtide",
- "ref": "main",
"repo": "flake-utils",
"type": "github"
}
},
- "flake-utils_6": {
+ "flakey-profile": {
+ "locked": {
+ "lastModified": 1712898590,
+ "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=",
+ "owner": "lf-",
+ "repo": "flakey-profile",
+ "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d",
+ "type": "github"
+ },
+ "original": {
+ "owner": "lf-",
+ "repo": "flakey-profile",
+ "type": "github"
+ }
+ },
+ "gitignore": {
"inputs": {
- "systems": "systems_4"
+ "nixpkgs": [
+ "hyprland",
+ "pre-commit-hooks",
+ "nixpkgs"
+ ]
},
"locked": {
- "lastModified": 1710146030,
- "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
- "owner": "numtide",
- "repo": "flake-utils",
- "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
+ "lastModified": 1709087332,
+ "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
+ "owner": "hercules-ci",
+ "repo": "gitignore.nix",
+ "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
- "owner": "numtide",
- "repo": "flake-utils",
+ "owner": "hercules-ci",
+ "repo": "gitignore.nix",
"type": "github"
}
},
@@ -415,18 +543,18 @@
"crane": "crane_4",
"fenix": "fenix_2",
"flake-compat": "flake-compat_4",
- "flake-utils": "flake-utils_5",
+ "flake-utils": "flake-utils_4",
"nix-filter": "nix-filter_2",
- "nixpkgs": "nixpkgs_4",
- "rust-manifest": "rust-manifest"
+ "nixpkgs": "nixpkgs_5",
+ "rocksdb": "rocksdb"
},
"locked": {
"host": "gitlab.computer.surgery",
- "lastModified": 1725829712,
- "narHash": "sha256-W2PKJuOVPex+5bF+xlFfJARnf9T/sXOtPkSL5EanoqQ=",
+ "lastModified": 1748887641,
+ "narHash": "sha256-dVq0DeK8jfixeubXxu1UWUYo3IpMyWzOwNaAoJ/zwPA=",
"owner": "matrix",
"repo": "grapevine-fork",
- "rev": "9e6a5e6604966f1b64a26371e8d20f8976489bbc",
+ "rev": "88ad596e8dafd31732e15aad938e575d3a28cd53",
"type": "gitlab"
},
"original": {
@@ -438,14 +566,14 @@
},
"home-manager": {
"inputs": {
- "nixpkgs": "nixpkgs_5"
+ "nixpkgs": "nixpkgs_6"
},
"locked": {
- "lastModified": 1726036828,
- "narHash": "sha256-ZQHbpyti0jcAKnwQY1lwmooecLmSG6wX1JakQ/eZNeM=",
+ "lastModified": 1750798083,
+ "narHash": "sha256-DTCCcp6WCFaYXWKFRA6fiI2zlvOLCf5Vwx8+/0R8Wc4=",
"owner": "nix-community",
"repo": "home-manager",
- "rev": "8a1671642826633586d12ac3158e463c7a50a112",
+ "rev": "ff31a4677c1a8ae506aa7e003a3dba08cb203f82",
"type": "github"
},
"original": {
@@ -455,14 +583,349 @@
"type": "github"
}
},
+ "hy3": {
+ "inputs": {
+ "hyprland": [
+ "hyprland"
+ ]
+ },
+ "locked": {
+ "lastModified": 1743128724,
+ "narHash": "sha256-CUlxc2u1Y8gpeAl7NKrZxxpeZjyU2DBxOYb8b0haM2M=",
+ "owner": "outfoxxed",
+ "repo": "hy3",
+ "rev": "4014433d1c3d1bf36c6684cff14c23d538337070",
+ "type": "github"
+ },
+ "original": {
+ "owner": "outfoxxed",
+ "ref": "hl0.48.0",
+ "repo": "hy3",
+ "type": "github"
+ }
+ },
+ "hyprcursor": {
+ "inputs": {
+ "hyprlang": [
+ "hyprland",
+ "hyprlang"
+ ],
+ "nixpkgs": [
+ "hyprland",
+ "nixpkgs"
+ ],
+ "systems": [
+ "hyprland",
+ "systems"
+ ]
+ },
+ "locked": {
+ "lastModified": 1742215578,
+ "narHash": "sha256-zfs71PXVVPEe56WEyNi2TJQPs0wabU4WAlq0XV7GcdE=",
+ "owner": "hyprwm",
+ "repo": "hyprcursor",
+ "rev": "2fd36421c21aa87e2fe3bee11067540ae612f719",
+ "type": "github"
+ },
+ "original": {
+ "owner": "hyprwm",
+ "repo": "hyprcursor",
+ "type": "github"
+ }
+ },
+ "hyprgraphics": {
+ "inputs": {
+ "hyprutils": [
+ "hyprland",
+ "hyprutils"
+ ],
+ "nixpkgs": [
+ "hyprland",
+ "nixpkgs"
+ ],
+ "systems": [
+ "hyprland",
+ "systems"
+ ]
+ },
+ "locked": {
+ "lastModified": 1739049071,
+ "narHash": "sha256-3+7TpXMrbsUXSwgr5VAKAnmkzMb6JO+Rvc9XRb5NMg4=",
+ "owner": "hyprwm",
+ "repo": "hyprgraphics",
+ "rev": "175c6b29b6ff82100539e7c4363a35a02c74dd73",
+ "type": "github"
+ },
+ "original": {
+ "owner": "hyprwm",
+ "repo": "hyprgraphics",
+ "type": "github"
+ }
+ },
+ "hyprland": {
+ "inputs": {
+ "aquamarine": "aquamarine",
+ "hyprcursor": "hyprcursor",
+ "hyprgraphics": "hyprgraphics",
+ "hyprland-protocols": "hyprland-protocols",
+ "hyprland-qtutils": "hyprland-qtutils",
+ "hyprlang": "hyprlang",
+ "hyprutils": "hyprutils",
+ "hyprwayland-scanner": "hyprwayland-scanner",
+ "nixpkgs": "nixpkgs_7",
+ "pre-commit-hooks": "pre-commit-hooks",
+ "systems": "systems_5",
+ "xdph": "xdph"
+ },
+ "locked": {
+ "lastModified": 1743178567,
+ "narHash": "sha256-skuJFly6LSFfyAVy2ByNolkEwIijsTu2TxzQ9ugWarI=",
+ "ref": "refs/tags/v0.48.1",
+ "rev": "29e2e59fdbab8ed2cc23a20e3c6043d5decb5cdc",
+ "revCount": 5937,
+ "submodules": true,
+ "type": "git",
+ "url": "https://github.com/hyprwm/Hyprland"
+ },
+ "original": {
+ "ref": "refs/tags/v0.48.1",
+ "submodules": true,
+ "type": "git",
+ "url": "https://github.com/hyprwm/Hyprland"
+ }
+ },
+ "hyprland-protocols": {
+ "inputs": {
+ "nixpkgs": [
+ "hyprland",
+ "nixpkgs"
+ ],
+ "systems": [
+ "hyprland",
+ "systems"
+ ]
+ },
+ "locked": {
+ "lastModified": 1738422629,
+ "narHash": "sha256-5v+bv75wJWvahyM2xcMTSNNxmV8a7hb01Eey5zYnBJw=",
+ "owner": "hyprwm",
+ "repo": "hyprland-protocols",
+ "rev": "755aef8dab49d0fc4663c715fa4ad221b2aedaed",
+ "type": "github"
+ },
+ "original": {
+ "owner": "hyprwm",
+ "repo": "hyprland-protocols",
+ "type": "github"
+ }
+ },
+ "hyprland-qt-support": {
+ "inputs": {
+ "hyprlang": [
+ "hyprland",
+ "hyprland-qtutils",
+ "hyprlang"
+ ],
+ "nixpkgs": [
+ "hyprland",
+ "hyprland-qtutils",
+ "nixpkgs"
+ ],
+ "systems": [
+ "hyprland",
+ "hyprland-qtutils",
+ "systems"
+ ]
+ },
+ "locked": {
+ "lastModified": 1737634706,
+ "narHash": "sha256-nGCibkfsXz7ARx5R+SnisRtMq21IQIhazp6viBU8I/A=",
+ "owner": "hyprwm",
+ "repo": "hyprland-qt-support",
+ "rev": "8810df502cdee755993cb803eba7b23f189db795",
+ "type": "github"
+ },
+ "original": {
+ "owner": "hyprwm",
+ "repo": "hyprland-qt-support",
+ "type": "github"
+ }
+ },
+ "hyprland-qtutils": {
+ "inputs": {
+ "hyprland-qt-support": "hyprland-qt-support",
+ "hyprlang": [
+ "hyprland",
+ "hyprlang"
+ ],
+ "hyprutils": [
+ "hyprland",
+ "hyprland-qtutils",
+ "hyprlang",
+ "hyprutils"
+ ],
+ "nixpkgs": [
+ "hyprland",
+ "nixpkgs"
+ ],
+ "systems": [
+ "hyprland",
+ "systems"
+ ]
+ },
+ "locked": {
+ "lastModified": 1739048983,
+ "narHash": "sha256-REhTcXq4qs3B3cCDtLlYDz0GZvmsBSh947Ub6pQWGTQ=",
+ "owner": "hyprwm",
+ "repo": "hyprland-qtutils",
+ "rev": "3504a293c8f8db4127cb0f7cfc1a318ffb4316f8",
+ "type": "github"
+ },
+ "original": {
+ "owner": "hyprwm",
+ "repo": "hyprland-qtutils",
+ "type": "github"
+ }
+ },
+ "hyprlang": {
+ "inputs": {
+ "hyprutils": [
+ "hyprland",
+ "hyprutils"
+ ],
+ "nixpkgs": [
+ "hyprland",
+ "nixpkgs"
+ ],
+ "systems": [
+ "hyprland",
+ "systems"
+ ]
+ },
+ "locked": {
+ "lastModified": 1741191527,
+ "narHash": "sha256-kM+11Nch47Xwfgtw2EpRitJuORy4miwoMuRi5tyMBDY=",
+ "owner": "hyprwm",
+ "repo": "hyprlang",
+ "rev": "72df3861f1197e41b078faa3e38eedd60e00018d",
+ "type": "github"
+ },
+ "original": {
+ "owner": "hyprwm",
+ "repo": "hyprlang",
+ "type": "github"
+ }
+ },
+ "hyprutils": {
+ "inputs": {
+ "nixpkgs": [
+ "hyprland",
+ "nixpkgs"
+ ],
+ "systems": [
+ "hyprland",
+ "systems"
+ ]
+ },
+ "locked": {
+ "lastModified": 1741534688,
+ "narHash": "sha256-EV3945SnjOCuRVbGRghsWx/9D89FyshnSO1Q6/TuQ14=",
+ "owner": "hyprwm",
+ "repo": "hyprutils",
+ "rev": "dd1f720cbc2dbb3c71167c9598045dd3261d27b3",
+ "type": "github"
+ },
+ "original": {
+ "owner": "hyprwm",
+ "repo": "hyprutils",
+ "type": "github"
+ }
+ },
+ "hyprwayland-scanner": {
+ "inputs": {
+ "nixpkgs": [
+ "hyprland",
+ "nixpkgs"
+ ],
+ "systems": [
+ "hyprland",
+ "systems"
+ ]
+ },
+ "locked": {
+ "lastModified": 1739870480,
+ "narHash": "sha256-SiDN5BGxa/1hAsqhgJsS03C3t2QrLgBT8u+ENJ0Qzwc=",
+ "owner": "hyprwm",
+ "repo": "hyprwayland-scanner",
+ "rev": "206367a08dc5ac4ba7ad31bdca391d098082e64b",
+ "type": "github"
+ },
+ "original": {
+ "owner": "hyprwm",
+ "repo": "hyprwayland-scanner",
+ "type": "github"
+ }
+ },
+ "lix": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1729298361,
+ "narHash": "sha256-hiGtfzxFkDc9TSYsb96Whg0vnqBVV7CUxyscZNhed0U=",
+ "rev": "ad9d06f7838a25beec425ff406fe68721fef73be",
+ "type": "tarball",
+ "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/ad9d06f7838a25beec425ff406fe68721fef73be.tar.gz?rev=ad9d06f7838a25beec425ff406fe68721fef73be"
+ },
+ "original": {
+ "type": "tarball",
+ "url": "https://git.lix.systems/lix-project/lix/archive/2.91.1.tar.gz"
+ }
+ },
+ "lix-module": {
+ "inputs": {
+ "flake-utils": "flake-utils_5",
+ "flakey-profile": "flakey-profile",
+ "lix": "lix",
+ "nixpkgs": [
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1732605668,
+ "narHash": "sha256-DN5/166jhiiAW0Uw6nueXaGTueVxhfZISAkoxasmz/g=",
+ "rev": "f19bd752910bbe3a861c9cad269bd078689d50fe",
+ "type": "tarball",
+ "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/f19bd752910bbe3a861c9cad269bd078689d50fe.tar.gz?rev=f19bd752910bbe3a861c9cad269bd078689d50fe"
+ },
+ "original": {
+ "type": "tarball",
+ "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-2.tar.gz"
+ }
+ },
+ "matrixSpecSrc": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1750783562,
+ "narHash": "sha256-xcXuUp4dnZmQjOD1/wBTC6hjQow5MycyDXweH+0aqy8=",
+ "owner": "matrix-org",
+ "repo": "matrix-spec",
+ "rev": "0e05e45d846735289c74f595922e59568f80e429",
+ "type": "github"
+ },
+ "original": {
+ "owner": "matrix-org",
+ "ref": "main",
+ "repo": "matrix-spec",
+ "type": "github"
+ }
+ },
"mtxclientSrc": {
"flake": false,
"locked": {
- "lastModified": 1721941104,
- "narHash": "sha256-iSPra8k5o68yWq/c5xnzu4t8EsN8CZ6CeWSYTsmnsIY=",
+ "lastModified": 1748174505,
+ "narHash": "sha256-0ASLFpWZ0Gd0bVg45+LCs9IcSOrnxD2fx7Vi7RJSLOU=",
"owner": "Nheko-reborn",
"repo": "mtxclient",
- "rev": "a0b203980491ddf2e2fe4f1cd6af8c2562b3ee35",
+ "rev": "8e1c3814542b3b4088c1ffa6c88ec8583c928fc5",
"type": "github"
},
"original": {
@@ -475,11 +938,11 @@
"nhekoSrc": {
"flake": false,
"locked": {
- "lastModified": 1725917417,
- "narHash": "sha256-pCCbREJLSpDYUszseOvXb2b+hLNtrxPDd25b0RdruPI=",
+ "lastModified": 1750508442,
+ "narHash": "sha256-L4HIY2SeknZ0hHpT9ySKKazj5ExXWSNItqE7t+PZnUo=",
"owner": "Nheko-reborn",
"repo": "nheko",
- "rev": "25e552c6fa674a9c1b581a85a46cfe4d9f0ffa83",
+ "rev": "72dcd874203c6044f48217e7b33ebc4410e652dd",
"type": "github"
},
"original": {
@@ -491,11 +954,11 @@
},
"nix-filter": {
"locked": {
- "lastModified": 1705332318,
- "narHash": "sha256-kcw1yFeJe9N4PjQji9ZeX47jg0p9A0DuU4djKvg1a7I=",
+ "lastModified": 1731533336,
+ "narHash": "sha256-oRam5PS1vcrr5UPgALW0eo1m/5/pls27Z/pabHNy2Ms=",
"owner": "numtide",
"repo": "nix-filter",
- "rev": "3449dc925982ad46246cfc36469baf66e1b64f17",
+ "rev": "f7653272fd234696ae94229839a99b73c9ab7de0",
"type": "github"
},
"original": {
@@ -506,11 +969,11 @@
},
"nix-filter_2": {
"locked": {
- "lastModified": 1710156097,
- "narHash": "sha256-1Wvk8UP7PXdf8bCCaEoMnOT1qe5/Duqgj+rL8sRQsSM=",
+ "lastModified": 1731533336,
+ "narHash": "sha256-oRam5PS1vcrr5UPgALW0eo1m/5/pls27Z/pabHNy2Ms=",
"owner": "numtide",
"repo": "nix-filter",
- "rev": "3342559a24e85fc164b295c3444e8a139924675b",
+ "rev": "f7653272fd234696ae94229839a99b73c9ab7de0",
"type": "github"
},
"original": {
@@ -520,81 +983,89 @@
"type": "github"
}
},
- "nixos-wsl": {
+ "nix-github-actions": {
"inputs": {
- "flake-compat": "flake-compat_5",
- "flake-utils": "flake-utils_6",
- "nixpkgs": "nixpkgs_6"
+ "nixpkgs": [
+ "conduit",
+ "attic",
+ "nixpkgs"
+ ]
},
"locked": {
- "lastModified": 1725882169,
- "narHash": "sha256-v5L+Dh6KdyycIgcdIc6SQ1fRNNvFJmYz02+fyeptA2o=",
+ "lastModified": 1729742964,
+ "narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=",
"owner": "nix-community",
- "repo": "NixOS-WSL",
- "rev": "34b95b3962f5b3436d4bae5091d1b2ff7c1eb180",
+ "repo": "nix-github-actions",
+ "rev": "e04df33f62cdcf93d73e9a04142464753a16db67",
"type": "github"
},
"original": {
"owner": "nix-community",
- "repo": "NixOS-WSL",
+ "repo": "nix-github-actions",
"type": "github"
}
},
- "nixpkgs": {
+ "nix-github-actions_2": {
+ "inputs": {
+ "nixpkgs": [
+ "grapevine",
+ "attic",
+ "nixpkgs"
+ ]
+ },
"locked": {
- "lastModified": 1702539185,
- "narHash": "sha256-KnIRG5NMdLIpEkZTnN5zovNYc0hhXjAgv6pfd5Z4c7U=",
- "owner": "NixOS",
- "repo": "nixpkgs",
- "rev": "aa9d4729cbc99dabacb50e3994dcefb3ea0f7447",
+ "lastModified": 1729742964,
+ "narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=",
+ "owner": "nix-community",
+ "repo": "nix-github-actions",
+ "rev": "e04df33f62cdcf93d73e9a04142464753a16db67",
"type": "github"
},
"original": {
- "owner": "NixOS",
- "ref": "nixpkgs-unstable",
- "repo": "nixpkgs",
+ "owner": "nix-community",
+ "repo": "nix-github-actions",
"type": "github"
}
},
- "nixpkgs-Draupnir": {
+ "nixpkgs": {
"locked": {
- "lastModified": 1726450556,
- "narHash": "sha256-QPTBj5+SmYNL/2E4Jlb5ptUpNYBcyO8EfANLXVw6KJA=",
- "owner": "TheArcaneBrony",
+ "lastModified": 1733212471,
+ "narHash": "sha256-M1+uCoV5igihRfcUKrr1riygbe73/dzNnzPsmaLCmpo=",
+ "owner": "NixOS",
"repo": "nixpkgs",
- "rev": "bd7179de2c4192b0d054086e42f2b4c80a82d60b",
+ "rev": "55d15ad12a74eb7d4646254e13638ad0c4128776",
"type": "github"
},
"original": {
- "owner": "TheArcaneBrony",
- "ref": "master",
+ "owner": "NixOS",
+ "ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-RoryNix": {
"locked": {
- "lastModified": 1720535198,
- "narHash": "sha256-zwVvxrdIzralnSbcpghA92tWu2DV2lwv89xZc8MTrbg=",
+ "lastModified": 1750898778,
+ "narHash": "sha256-DXI7+SKDlTyA+C4zp0LoIywQ+BfdH5m4nkuxbWgV4UU=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "205fd4226592cc83fd4c0885a3e4c9c400efabb5",
+ "rev": "322d8a3c6940039f7cff179a8b09c5d7ca06359d",
"type": "github"
},
"original": {
"owner": "NixOS",
- "ref": "nixos-23.11",
+ "ref": "master",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-master": {
"locked": {
- "lastModified": 1726091564,
- "narHash": "sha256-FiT4R5r4oq43jvUPQMUDwfiYaoLyOhxF36pKYduaNtY=",
+ "lastModified": 1750898778,
+ "narHash": "sha256-DXI7+SKDlTyA+C4zp0LoIywQ+BfdH5m4nkuxbWgV4UU=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "ed0fe13cc637546cad8c3ee903a23459b59f5080",
+ "rev": "322d8a3c6940039f7cff179a8b09c5d7ca06359d",
"type": "github"
},
"original": {
@@ -606,107 +1077,107 @@
},
"nixpkgs-stable": {
"locked": {
- "lastModified": 1702780907,
- "narHash": "sha256-blbrBBXjjZt6OKTcYX1jpe9SRof2P9ZYWPzq22tzXAA=",
+ "lastModified": 1724316499,
+ "narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "1e2e384c5b7c50dbf8e9c441a9e58d85f408b01f",
+ "rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841",
"type": "github"
},
"original": {
"owner": "NixOS",
- "ref": "nixos-23.11",
+ "ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable_2": {
"locked": {
- "lastModified": 1711460390,
- "narHash": "sha256-akSgjDZL6pVHEfSE6sz1DNSXuYX6hq+P/1Z5IoYWs7E=",
+ "lastModified": 1724316499,
+ "narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "44733514b72e732bd49f5511bd0203dea9b9a434",
+ "rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841",
"type": "github"
},
"original": {
"owner": "NixOS",
- "ref": "nixos-23.11",
+ "ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
- "nixpkgs-stable_3": {
+ "nixpkgs_10": {
"locked": {
- "lastModified": 1725762081,
- "narHash": "sha256-vNv+aJUW5/YurRy1ocfvs4q/48yVESwlC/yHzjkZSP8=",
+ "lastModified": 1744868846,
+ "narHash": "sha256-5RJTdUHDmj12Qsv7XOhuospjAjATNiTMElplWnJE9Hs=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "dc454045f5b5d814e5862a6d057e7bb5c29edc05",
+ "rev": "ebe4301cbd8f81c4f8d3244b3632338bbeb6d49c",
"type": "github"
},
"original": {
"owner": "NixOS",
- "ref": "release-24.05",
+ "ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
- "lastModified": 1709479366,
- "narHash": "sha256-n6F0n8UV6lnTZbYPl1A9q1BS0p4hduAv1mGAP17CVd0=",
+ "lastModified": 1726042813,
+ "narHash": "sha256-LnNKCCxnwgF+575y0pxUdlGZBO/ru1CtGHIqQVfvjlA=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "b8697e57f10292a6165a20f03d2f42920dfaf973",
+ "rev": "159be5db480d1df880a0135ca0bfed84c2f88353",
"type": "github"
},
"original": {
"owner": "NixOS",
- "ref": "nixos-unstable",
+ "ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
- "lastModified": 1711401922,
- "narHash": "sha256-QoQqXoj8ClGo0sqD/qWKFWezgEwUL0SUh37/vY2jNhc=",
+ "lastModified": 1745526057,
+ "narHash": "sha256-ITSpPDwvLBZBnPRS2bUcHY3gZSwis/uTe255QgMtTLA=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "07262b18b97000d16a4bdb003418bd2fb067a932",
+ "rev": "f771eb401a46846c1aebd20552521b233dd7e18b",
"type": "github"
},
"original": {
"owner": "NixOS",
- "ref": "nixpkgs-unstable",
+ "ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
- "lastModified": 1716330097,
- "narHash": "sha256-8BO3B7e3BiyIDsaKA0tY8O88rClYRTjvAp66y+VBUeU=",
+ "lastModified": 1726042813,
+ "narHash": "sha256-LnNKCCxnwgF+575y0pxUdlGZBO/ru1CtGHIqQVfvjlA=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "5710852ba686cc1fd0d3b8e22b3117d43ba374c2",
+ "rev": "159be5db480d1df880a0135ca0bfed84c2f88353",
"type": "github"
},
"original": {
"owner": "NixOS",
- "ref": "nixos-unstable",
+ "ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_5": {
"locked": {
- "lastModified": 1725634671,
- "narHash": "sha256-v3rIhsJBOMLR8e/RNWxr828tB+WywYIoajrZKFM+0Gg=",
+ "lastModified": 1742889210,
+ "narHash": "sha256-hw63HnwnqU3ZQfsMclLhMvOezpM7RSB0dMAtD5/sOiw=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "574d1eac1c200690e27b8eb4e24887f8df7ac27c",
+ "rev": "698214a32beb4f4c8e3942372c694f40848b360d",
"type": "github"
},
"original": {
@@ -718,27 +1189,27 @@
},
"nixpkgs_6": {
"locked": {
- "lastModified": 1725693463,
- "narHash": "sha256-ZPzhebbWBOr0zRWW10FfqfbJlan3G96/h3uqhiFqmwg=",
+ "lastModified": 1750365781,
+ "narHash": "sha256-XE/lFNhz5lsriMm/yjXkvSZz5DfvKJLUjsS6pP8EC50=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "68e7dce0a6532e876980764167ad158174402c6f",
+ "rev": "08f22084e6085d19bcfb4be30d1ca76ecb96fe54",
"type": "github"
},
"original": {
"owner": "NixOS",
- "ref": "nixos-24.05",
+ "ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_7": {
"locked": {
- "lastModified": 1725983898,
- "narHash": "sha256-4b3A9zPpxAxLnkF9MawJNHDtOOl6ruL0r6Og1TEDGCE=",
+ "lastModified": 1742069588,
+ "narHash": "sha256-C7jVfohcGzdZRF6DO+ybyG/sqpo1h6bZi9T56sxLy+k=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "1355a0cbfeac61d785b7183c0caaec1f97361b43",
+ "rev": "c80f6a7e10b39afcc1894e02ef785b1ad0b0d7e5",
"type": "github"
},
"original": {
@@ -750,45 +1221,126 @@
},
"nixpkgs_8": {
"locked": {
- "lastModified": 1725534445,
- "narHash": "sha256-Yd0FK9SkWy+ZPuNqUgmVPXokxDgMJoGuNpMEtkfcf84=",
+ "lastModified": 1750741721,
+ "narHash": "sha256-Z0djmTa1YmnGMfE9jEe05oO4zggjDmxOGKwt844bUhE=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "9bb1e7571aadf31ddb4af77fc64b2d59580f9a39",
+ "rev": "4b1164c3215f018c4442463a27689d973cffd750",
"type": "github"
},
"original": {
"owner": "NixOS",
- "ref": "nixpkgs-unstable",
+ "ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
+ "nixpkgs_9": {
+ "locked": {
+ "lastModified": 1749285348,
+ "narHash": "sha256-frdhQvPbmDYaScPFiCnfdh3B/Vh81Uuoo0w5TkWmmjU=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "3e3afe5174c561dee0df6f2c2b2236990146329f",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "ref": "nixos-unstable",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "ooye": {
+ "inputs": {
+ "nixpkgs": "nixpkgs_9"
+ },
+ "locked": {
+ "lastModified": 1750514805,
+ "narHash": "sha256-BcHbwm7cVfxb0ocicnn21PNE7ijyLlUZk1utzrR06Ys=",
+ "ref": "refs/heads/master",
+ "rev": "1bf1950bdea07f72b699ac105800f5bb437a70fd",
+ "revCount": 15,
+ "type": "git",
+ "url": "https://cgit.rory.gay/nix/OOYE-module.git"
+ },
+ "original": {
+ "type": "git",
+ "url": "https://cgit.rory.gay/nix/OOYE-module.git"
+ }
+ },
+ "pre-commit-hooks": {
+ "inputs": {
+ "flake-compat": "flake-compat_5",
+ "gitignore": "gitignore",
+ "nixpkgs": [
+ "hyprland",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1742058297,
+ "narHash": "sha256-b4SZc6TkKw8WQQssbN5O2DaCEzmFfvSTPYHlx/SFW9Y=",
+ "owner": "cachix",
+ "repo": "git-hooks.nix",
+ "rev": "59f17850021620cd348ad2e9c0c64f4e6325ce2a",
+ "type": "github"
+ },
+ "original": {
+ "owner": "cachix",
+ "repo": "git-hooks.nix",
+ "type": "github"
+ }
+ },
+ "rocksdb": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1734381914,
+ "narHash": "sha256-G+DlQwEUyd7JOCjS1Hg1cKWmA/qAiK8UpUIKcP+riGQ=",
+ "owner": "facebook",
+ "repo": "rocksdb",
+ "rev": "ae8fb3e5000e46d8d4c9dbf3a36019c0aaceebff",
+ "type": "github"
+ },
+ "original": {
+ "owner": "facebook",
+ "ref": "v9.10.0",
+ "repo": "rocksdb",
+ "type": "github"
+ }
+ },
"root": {
"inputs": {
"botcore-v4": "botcore-v4",
+ "cgit-magenta": "cgit-magenta",
"conduit": "conduit",
+ "draupnirSrc": "draupnirSrc",
"flake-utils": "flake-utils_3",
"grapevine": "grapevine",
"home-manager": "home-manager",
+ "hy3": "hy3",
+ "hyprland": "hyprland",
+ "lix-module": "lix-module",
+ "matrixSpecSrc": "matrixSpecSrc",
"mtxclientSrc": "mtxclientSrc",
"nhekoSrc": "nhekoSrc",
- "nixos-wsl": "nixos-wsl",
- "nixpkgs": "nixpkgs_7",
- "nixpkgs-Draupnir": "nixpkgs-Draupnir",
+ "nixpkgs": "nixpkgs_8",
"nixpkgs-RoryNix": "nixpkgs-RoryNix",
"nixpkgs-master": "nixpkgs-master",
- "sops-nix": "sops-nix"
+ "ooye": "ooye",
+ "safeNSound": "safeNSound",
+ "sops-nix": "sops-nix",
+ "synapseHttpAntispamSrc": "synapseHttpAntispamSrc"
}
},
"rust-analyzer-src": {
"flake": false,
"locked": {
- "lastModified": 1709571018,
- "narHash": "sha256-ISFrxHxE0J5g7lDAscbK88hwaT5uewvWoma9TlFmRzM=",
+ "lastModified": 1745694049,
+ "narHash": "sha256-fxvRYH/tS7hGQeg9zCVh5RBcSWT+JGJet7RA8Ss+rC0=",
"owner": "rust-lang",
"repo": "rust-analyzer",
- "rev": "9f14343f9ee24f53f17492c5f9b653427e2ad15e",
+ "rev": "d8887c0758bbd2d5f752d5bd405d4491e90e7ed6",
"type": "github"
},
"original": {
@@ -801,11 +1353,11 @@
"rust-analyzer-src_2": {
"flake": false,
"locked": {
- "lastModified": 1716107283,
- "narHash": "sha256-NJgrwLiLGHDrCia5AeIvZUHUY7xYGVryee0/9D3Ir1I=",
+ "lastModified": 1742296961,
+ "narHash": "sha256-gCpvEQOrugHWLimD1wTFOJHagnSEP6VYBDspq96Idu0=",
"owner": "rust-lang",
"repo": "rust-analyzer",
- "rev": "21ec8f523812b88418b2bfc64240c62b3dd967bd",
+ "rev": "15d87419f1a123d8f888d608129c3ce3ff8f13d4",
"type": "github"
},
"original": {
@@ -815,29 +1367,39 @@
"type": "github"
}
},
- "rust-manifest": {
- "flake": false,
+ "safeNSound": {
+ "inputs": {
+ "flake-utils": [
+ "flake-utils"
+ ],
+ "nixpkgs": [
+ "nixpkgs"
+ ]
+ },
"locked": {
- "narHash": "sha256-tB9BZB6nRHDk5ELIVlGYlIjViLKBjQl52nC1avhcCwA=",
- "type": "file",
- "url": "https://static.rust-lang.org/dist/channel-rust-1.81.0.toml"
+ "lastModified": 1748987648,
+ "narHash": "sha256-v523tDanOoveoccin8eaPPIfOG12p9cCfhH9vbEr2Qg=",
+ "ref": "refs/heads/main",
+ "rev": "df4af1b6b14b9287da332b36ca23bc4ccddfe58f",
+ "revCount": 54,
+ "type": "git",
+ "url": "https://cgit.rory.gay/school/nodejs-final-assignment.git/"
},
"original": {
- "type": "file",
- "url": "https://static.rust-lang.org/dist/channel-rust-1.81.0.toml"
+ "type": "git",
+ "url": "https://cgit.rory.gay/school/nodejs-final-assignment.git/"
}
},
"sops-nix": {
"inputs": {
- "nixpkgs": "nixpkgs_8",
- "nixpkgs-stable": "nixpkgs-stable_3"
+ "nixpkgs": "nixpkgs_10"
},
"locked": {
- "lastModified": 1725922448,
- "narHash": "sha256-ruvh8tlEflRPifs5tlpa0gkttzq4UtgXkJQS7FusgFE=",
+ "lastModified": 1750119275,
+ "narHash": "sha256-Rr7Pooz9zQbhdVxux16h7URa6mA80Pb/G07T4lHvh0M=",
"owner": "Mic92",
"repo": "sops-nix",
- "rev": "cede1a08039178ac12957733e97ab1006c6b6892",
+ "rev": "77c423a03b9b2b79709ea2cb63336312e78b72e2",
"type": "github"
},
"original": {
@@ -846,6 +1408,22 @@
"type": "github"
}
},
+ "synapseHttpAntispamSrc": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1746616438,
+ "narHash": "sha256-8tZ+jNm90UCIGccm0GHVs98//8o581lP43rJNSsISEY=",
+ "owner": "TheArcaneBrony",
+ "repo": "synapse-http-antispam",
+ "rev": "6fbe551c7d5c47d1779bed7ab15e5020a0573e69",
+ "type": "github"
+ },
+ "original": {
+ "owner": "TheArcaneBrony",
+ "repo": "synapse-http-antispam",
+ "type": "github"
+ }
+ },
"systems": {
"locked": {
"lastModified": 1681028828,
@@ -905,6 +1483,77 @@
"repo": "default",
"type": "github"
}
+ },
+ "systems_5": {
+ "locked": {
+ "lastModified": 1689347949,
+ "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
+ "owner": "nix-systems",
+ "repo": "default-linux",
+ "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-systems",
+ "repo": "default-linux",
+ "type": "github"
+ }
+ },
+ "systems_6": {
+ "locked": {
+ "lastModified": 1681028828,
+ "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+ "owner": "nix-systems",
+ "repo": "default",
+ "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-systems",
+ "repo": "default",
+ "type": "github"
+ }
+ },
+ "xdph": {
+ "inputs": {
+ "hyprland-protocols": [
+ "hyprland",
+ "hyprland-protocols"
+ ],
+ "hyprlang": [
+ "hyprland",
+ "hyprlang"
+ ],
+ "hyprutils": [
+ "hyprland",
+ "hyprutils"
+ ],
+ "hyprwayland-scanner": [
+ "hyprland",
+ "hyprwayland-scanner"
+ ],
+ "nixpkgs": [
+ "hyprland",
+ "nixpkgs"
+ ],
+ "systems": [
+ "hyprland",
+ "systems"
+ ]
+ },
+ "locked": {
+ "lastModified": 1741934139,
+ "narHash": "sha256-ZhTcTH9FoeAtbPfWGrhkH7RjLJZ7GeF18nygLAMR+WE=",
+ "owner": "hyprwm",
+ "repo": "xdg-desktop-portal-hyprland",
+ "rev": "150b0b6f52bb422a1b232a53698606fe0320dde0",
+ "type": "github"
+ },
+ "original": {
+ "owner": "hyprwm",
+ "repo": "xdg-desktop-portal-hyprland",
+ "type": "github"
+ }
}
},
"root": "root",
diff --git a/flake.nix b/flake.nix
index 7d6284c..7c8dd12 100755
--- a/flake.nix
+++ b/flake.nix
@@ -2,8 +2,14 @@
description = "Rory&'s services flake";
nixConfig = {
- extra-substituters = [ "https://attic.computer.surgery/grapevine" ];
- extra-trusted-public-keys = [ "grapevine:nYiZ0Qz9nT7Y7kNC/2NdoS3+J9gwTyWxOvlwZnFgceA=" ];
+ extra-substituters = [
+ "https://attic.computer.surgery/grapevine"
+ "https://hyprland.cachix.org"
+ ];
+ extra-trusted-public-keys = [
+ "grapevine:nYiZ0Qz9nT7Y7kNC/2NdoS3+J9gwTyWxOvlwZnFgceA="
+ "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
+ ];
};
inputs = {
@@ -12,17 +18,24 @@
url = "github:NixOS/nixpkgs/nixos-unstable";
};
+# nixpkgs-stable = {
+# url = "github:NixOS/nixpkgs/nixos-24.11";
+# };
+
nixpkgs-master = {
url = "github:NixOS/nixpkgs/master";
};
nixpkgs-RoryNix = {
#url = "github:NixOS/nixpkgs/nixos-23.05";
- url = "github:NixOS/nixpkgs/nixos-23.11";
+ url = "github:NixOS/nixpkgs/master";
};
# Draupnir module/package
- nixpkgs-Draupnir.url = "github:TheArcaneBrony/nixpkgs/master";
+ #nixpkgs-DraupnirPkg.url = "github:r-ryantm/nixpkgs/auto-update/draupnir";
+ #nixpkgs-DraupnirPkg.url = "github:NixOS/nixpkgs/master";
+# nixpkgs-keydb.url = "github:NixOS/nixpkgs?rev=e0464e47880a69896f0fb1810f00e0de469f770a";
+ #MatrixContentFilter.url = "git+file:/home/Rory/git/matrix/MatrixContentFilter?submodules=1";
# Base modules
home-manager.url = "github:nix-community/home-manager/master";
@@ -30,26 +43,73 @@
flake-utils.url = "github:numtide/flake-utils";
# Packages
- grapevine.url = "gitlab:matrix/grapevine-fork?host=gitlab.computer.surgery"; # &ref=benjamin/debug-emma-kde-room";
+ grapevine.url = "gitlab:matrix/grapevine-fork?host=gitlab.computer.surgery";
conduit.url = "gitlab:famedly/conduit/next";
- #conduwuit.url = "github:girlbossceo/conduwuit";
- nixos-wsl.url = "github:nix-community/NixOS-WSL";
+ # - AUR imports
+ # aur-visual-paradigm = {
+ # url = "git+https://aur.archlinux.org/visual-paradigm.git";
+ # flake = false;
+ # };
- # Own projects
+ lix-module = {
+ url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-2.tar.gz";
+ inputs.nixpkgs.follows = "nixpkgs";
+ };
+
+ # Own projects/custom modules
botcore-v4 = {
url = "gitlab:BotCore-Devs/BotCore-v4/staging";
- inputs.nixpkgs.follows = "nixpkgs"; # We need this to avoid a LIBC error.
+ };
+
+ ooye = {
+ url = "git+https://cgit.rory.gay/nix/OOYE-module.git";
+ };
+
+ cgit-magenta = {
+ url = "git+https://cgit.rory.gay/cgit-magenta.git";
+ inputs.nixpkgs.follows = "nixpkgs";
};
# Packages built from git
+ synapseHttpAntispamSrc = {
+ url = "github:TheArcaneBrony/synapse-http-antispam";
+ flake = false;
+ };
+
nhekoSrc = {
url = "github:Nheko-reborn/nheko/master";
flake = false;
};
+
mtxclientSrc = {
url = "github:Nheko-reborn/mtxclient/master";
flake = false;
};
+
+ draupnirSrc = {
+ url = "github:the-draupnir-project/Draupnir/main";
+ flake = false;
+ };
+
+ matrixSpecSrc = {
+ url = "github:matrix-org/matrix-spec/main";
+ flake = false;
+ };
+
+ hyprland.url = "git+https://github.com/hyprwm/Hyprland?submodules=1&ref=refs/tags/v0.48.1";
+ hy3 = {
+ url = "github:outfoxxed/hy3?ref=hl0.48.0";
+ inputs.hyprland.follows = "hyprland";
+ };
+
+ safeNSound = {
+ url = "git+https://cgit.rory.gay/school/nodejs-final-assignment.git/";
+ inputs = {
+ flake-utils.follows = "flake-utils";
+ nixpkgs.follows = "nixpkgs";
+ };
+ };
+
};
outputs =
@@ -57,33 +117,45 @@
with inputs;
{
nixosConfigurations = {
- #NIXPKGS FORK
- Rory-nginx = nixpkgs.lib.nixosSystem {
+ Module-dev = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
- ./host/Rory-nginx/configuration.nix
+ ./host/Module-dev/configuration.nix
+ home-manager.nixosModules.home-manager
+ lix-module.nixosModules.default
+ ];
+ };
+ Rory-ovh = nixpkgs.lib.nixosSystem {
+ system = "x86_64-linux";
+ modules = [
+ ./host/Rory-ovh/configuration.nix
./hardware-configuration.nix
+
+ ./host/Rory-nginx/services/matrix/synapse/workers/module.nix
+
home-manager.nixosModules.home-manager
+ lix-module.nixosModules.default
grapevine.nixosModules.default
-
- # these arent really modules...
- botcore-v4.modules.bots
- botcore-v4.modules.frontend
- botcore-v4.modules.dataupdater
- botcore-v4.modules.users
+ ooye.modules.default
+ safeNSound.nixosModules.default
(
- { pkgs, ... }:
+ { pkgs, lib, ... }:
{
disabledModules = [ "services/matrix/synapse.nix" ];
imports = [
"${nixpkgs-master}/nixos/modules/services/matrix/synapse.nix"
- "${nixpkgs-Draupnir}/nixos/modules/services/matrix/draupnir.nix"
+ #"${nixpkgs-Draupnir}/nixos/modules/services/matrix/draupnir.nix"
];
nixpkgs.overlays = [
(final: prev: {
- matrix-synapse-unwrapped = inputs.nixpkgs-master.legacyPackages.${pkgs.stdenv.hostPlatform.system}.matrix-synapse-unwrapped;
- draupnir = inputs.nixpkgs-Draupnir.legacyPackages.${pkgs.stdenv.hostPlatform.system}.draupnir;
+ matrix-synapse-unwrapped = self.packages.${pkgs.stdenv.hostPlatform.system}.matrix-synapse-unwrapped-patched;
+ draupnir = inputs.nixpkgs-master.legacyPackages.${pkgs.stdenv.hostPlatform.system}.draupnir;
+ #draupnir = inputs.nixpkgs-DraupnirPkg.legacyPackages.${pkgs.stdenv.hostPlatform.system}.draupnir;
+ matrix-synapse-plugins.synapse-http-antispam = prev.matrix-synapse-plugins.synapse-http-antispam.overrideAttrs (oldAttrs: {
+ src = inputs.synapseHttpAntispamSrc;
+ version = inputs.synapseHttpAntispamSrc.rev;
+ });
})
];
}
@@ -94,8 +166,35 @@
inherit home-manager;
inherit grapevine;
inherit conduit;
- inherit nixpkgs-Draupnir;
- #inherit conduwuit;
+ #inherit nixpkgs-Draupnir;
+ inherit nixpkgs-DraupnirPkg;
+ inherit cgit-magenta;
+
+ inherit (inputs) draupnirSrc;
+ };
+ };
+
+ Rory-nginx = nixpkgs.lib.nixosSystem {
+ system = "x86_64-linux";
+ modules = [
+ ./host/Rory-nginx/configuration.nix
+ ./hardware-configuration.nix
+ ./packages/redpanda-connect/module.nix
+ home-manager.nixosModules.home-manager
+ lix-module.nixosModules.default
+ grapevine.nixosModules.default
+
+ # these arent really modules...
+ botcore-v4.modules.bots
+ botcore-v4.modules.frontend
+ botcore-v4.modules.dataupdater
+ botcore-v4.modules.users
+ ];
+ specialArgs = {
+ inherit botcore-v4;
+ inherit home-manager;
+ inherit grapevine;
+ inherit conduit;
};
};
@@ -117,7 +216,9 @@
modules = [
./host/Rory-desktop/configuration.nix
./hardware-configuration.nix
+ ./packages/overlays/jetbrains-plugins.nix
home-manager.nixosModules.home-manager
+ lix-module.nixosModules.default
sops-nix.nixosModules.sops
(
{ ... }:
@@ -128,11 +229,82 @@
};
}
)
+ #(
+ # { pkgs, lib, ... }:
+ # {
+ # nixpkgs.overlays = [
+ # (final: prev: {
+ # jetbrains = (prev.jetbrains // {
+ # plugins = (prev.jetbrains.plugins // {
+ # addPlugins = (pkgs.callPackage "${inputs.nixpkgs-JetbrainsPlugins}/pkgs/applications/editors/jetbrains/plugins/default.nix" { }).addPlugins;
+ # });
+ # });
+ # })
+ # ];
+ # }
+ #)
];
specialArgs = {
inherit home-manager;
inherit (inputs) mtxclientSrc;
inherit (inputs) nhekoSrc;
+ inherit hyprland;
+ inherit hy3;
+ };
+ };
+ Rory-laptop = nixpkgs.lib.nixosSystem {
+ system = "x86_64-linux";
+ modules = [
+ ./host/Rory-laptop/configuration.nix
+ ./hardware-configuration.nix
+ home-manager.nixosModules.home-manager
+ lix-module.nixosModules.default
+ sops-nix.nixosModules.sops
+
+ #temporary:
+ ./packages/overlays/lldb.nix
+
+ (
+ { ... }:
+ {
+ nix = {
+ registry.nixpkgs.flake = nixpkgs;
+ nixPath = [ "nixpkgs=${nixpkgs.outPath}" ];
+ };
+ }
+ )
+ ];
+ specialArgs = {
+ inherit home-manager;
+ inherit (inputs) matrixSpecSrc;
+ inherit (inputs) mtxclientSrc;
+ inherit (inputs) nhekoSrc;
+ inherit hyprland;
+ inherit hy3;
+ };
+ };
+
+ Arc = nixpkgs.lib.nixosSystem {
+ system = "x86_64-linux";
+ modules = [
+ ./host/Arc/configuration.nix
+ ./hardware-configuration.nix
+ home-manager.nixosModules.home-manager
+ lix-module.nixosModules.default
+ (
+ { ... }:
+ {
+ nix = {
+ registry.nixpkgs.flake = nixpkgs;
+ nixPath = [ "nixpkgs=${nixpkgs.outPath}" ];
+ };
+ }
+ )
+ ];
+ specialArgs = {
+ inherit home-manager;
+ inherit hyprland;
+ inherit hy3;
};
};
@@ -151,12 +323,29 @@
};
}
)
- # ... add this line to the rest of your configuration modules
- #nix-ld.nixosModules.nix-ld
+ ];
+ specialArgs = {
+ inherit home-manager;
+ inherit (inputs) mtxclientSrc;
+ inherit (inputs) nhekoSrc;
+ };
+ };
- # The module in this repository defines a new module under (programs.nix-ld.dev) instead of (programs.nix-ld)
- # to not collide with the nixpkgs version.
- #{ programs.nix-ld.dev.enable = true; }
+ Rory-NTFS = nixpkgs.lib.nixosSystem {
+ system = "x86_64-linux";
+ modules = [
+ ./host/Rory-NTFS/configuration.nix
+ ./hardware-configuration.nix
+ home-manager.nixosModules.home-manager
+ (
+ { ... }:
+ {
+ nix = {
+ registry.nixpkgs.flake = nixpkgs;
+ nixPath = [ "nixpkgs=${nixpkgs.outPath}" ];
+ };
+ }
+ )
];
specialArgs = {
inherit home-manager;
@@ -174,44 +363,70 @@
(
{ ... }:
{
+ nixpkgs.hostPlatform = "i686-linux";
+ nixpkgs.buildPlatform = "x86_64-linux";
nix.registry.nixpkgs.flake = nixpkgs-RoryNix;
}
)
];
};
- #WSL
- Rory-wsl = nixpkgs.lib.nixosSystem {
+ # ISO images
+ uISO = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
- nixos-wsl.nixosModules.default
- ./host/Rory-wsl/configuration.nix
- # ./hardware-configuration.nix
- home-manager.nixosModules.home-manager
- #nur.nixosModules.nur
+ ./host/uISO/iso-root.nix
+ ./host/uISO/development.nix
];
specialArgs = {
- inherit (inputs) mtxclientSrc;
- inherit (inputs) nhekoSrc;
+ # inherit spacebarchat-server-master;
};
};
};
+
+ modules = {
+ monitoring = import ./modules/monitoring/module.nix;
+ redpanda-connect = import ./packages/redpanda-connect/module.nix;
+ };
}
// flake-utils.lib.eachSystem flake-utils.lib.allSystems (
system:
let
pkgs = import nixpkgs { inherit system; };
+ pkgs-master = import nixpkgs-master { inherit system; };
in
{
packages.nheko-git = (
- pkgs.callPackage ./modules/packages/nheko-git.nix {
+ pkgs.callPackage ./packages/nheko-git.nix {
inherit nhekoSrc;
inherit mtxclientSrc;
voipSupport = false;
}
);
- packages.mtxclient-git = (pkgs.callPackage ./modules/packages/mtxclient-git.nix { inherit mtxclientSrc; });
+ packages.mtxclient-git = (pkgs.callPackage ./packages/mtxclient-git.nix { inherit mtxclientSrc; });
+ packages.matrix-spec-git = (pkgs.callPackage ./packages/matrix-spec.nix { inherit matrixSpecSrc; });
+ packages.nbtexplorer = pkgs.callPackage ./packages/nbtexplorer.nix { };
+
+ # untested
+ #packages.draupnir-main = pkgs.draupnir.overrideAttrs (oldAttrs: {
+ # src = draupnirSrc;
+ # version = draupnirSrc.rev;
+ #});
+
+ packages.redpanda-connect = (pkgs.callPackage ./packages/redpanda-connect/default.nix { });
+ packages.matrix-synapse-unwrapped-patched = pkgs-master.matrix-synapse-unwrapped.overrideAttrs (oldAttrs: rec {
+ patches = (if oldAttrs ? patches then oldAttrs.patches else []) ++ pkgs.lib.map (
+ path: ./packages/overlays/matrix-synapse/patches/${path}
+ ) (builtins.attrNames (builtins.readDir ./packages/overlays/matrix-synapse/patches));
+
+ cargoDeps = pkgs.rustPlatform.fetchCargoVendor {
+ inherit (oldAttrs) src;
+ inherit patches;
+ name = "${oldAttrs.pname}-${oldAttrs.version}";
+ hash = "sha256-9VJnn8aPkShqK2wYGFr+S5koIjma7VOr+LkLXwStL1E=";
+ };
+ });
}
);
}
diff --git a/host/Arc/configuration.nix b/host/Arc/configuration.nix
new file mode 100644
index 0000000..b97a8fa
--- /dev/null
+++ b/host/Arc/configuration.nix
@@ -0,0 +1,240 @@
+args@{
+ config,
+ pkgs,
+ lib,
+ nhekoSrc,
+ mtxclientSrc,
+ ...
+}:
+
+{
+ imports = [
+ # base imports
+ ../../modules/base-client.nix
+ ../../packages/vim.nix
+ ../../modules/users/Arci.nix
+
+ # hardware-specific imports
+ #./optional/hardware-specific/nvidia.nix
+
+ #./optional/gui/x11.nix
+ ./optional/gui/wayland.nix
+ ];
+
+ boot = {
+ kernelPackages = pkgs.linuxPackages_latest;
+ loader = {
+ grub = {
+ configurationLimit = 10;
+ enable = true;
+ device = "nodev"; # nodev for EFI only
+ # EFI
+ efiSupport = true;
+ efiInstallAsRemovable = true;
+ };
+ };
+ };
+ programs.noisetorch.enable = true;
+ programs.gamemode.enable = true;
+ users.users.Rory.extraGroups = [ "gamemode" ];
+ users.users.Arci.extraGroups = [ "gamemode" ];
+
+ environment.sessionVariables = {
+ ZSH_DISABLE_COMPFIX = "true";
+ };
+
+ networking = {
+ hostName = "Arc";
+ networkmanager.enable = true;
+ wireless.enable = false;
+ firewall = {
+ enable = false;
+ # allowedTCPPorts = [ ... ];
+ # allowedUDPPorts = [ ... ];
+ };
+
+ #useDHCP = true; # Doesn't work with NetworkManager, investigate
+ };
+
+ time.timeZone = "Europe/Brussels";
+ i18n.defaultLocale = "en_US.UTF-8";
+
+ services = {
+ xserver = {
+ displayManager.gdm.enable = true;
+ displayManager.lightdm.enable = false;
+ enable = true;
+ updateDbusEnvironment = true;
+ xkb.layout = "us";
+ };
+ libinput.enable = true;
+
+ openssh = {
+ enable = true;
+ extraConfig = ''
+ MaxAuthTries 32
+ '';
+ settings.PermitRootLogin = "yes";
+ };
+ pipewire = {
+ enable = true;
+ audio.enable = true;
+ pulse.enable = true;
+ wireplumber.enable = true;
+ jack.enable = true;
+ alsa.enable = true;
+ };
+
+ desktopManager.plasma6.enable = true;
+ };
+
+ services.desktopManager.gnome.enable = false;
+ environment.systemPackages = with pkgs; [
+ eog
+ #mpv
+ #libreoffice
+ qt6.qtwayland
+
+ #easyeffects
+ kitty
+ #youtube-music
+
+ dbeaver-bin
+ vscode
+
+ # - Utilities
+ #inkscape-with-extensions
+ #gimp
+
+ # - Languages
+ #dotnet-sdk_8
+ dotnetCorePackages.sdk_9_0
+
+ #games
+ #osu-lazer-bin
+ #steam
+ steam-run
+ #steam-acf
+
+ # extra packages
+ dmenu
+
+ nemo
+ file-roller
+ firefox-bin
+ #ungoogled-chromium #needed for Rider in order to debug WASM
+
+ unrar-wrapper
+ #mangohud
+ #prismlauncher
+ #vesktop
+ #mindustry
+
+ blueman
+ ft2-clone
+ ];
+
+ programs.steam = {
+ enable = false;
+ gamescopeSession.enable = true;
+ extraCompatPackages = with pkgs; [
+ steam-play-none
+ proton-ge-bin
+ ];
+ };
+ virtualisation.waydroid.enable = false;
+
+ xdg = {
+ portal = {
+ enable = true;
+ extraPortals = with pkgs; [
+ #xdg-desktop-portal-gtk
+ xdg-desktop-portal-xapp
+ # (callPackage ../../modules/packages/xdg-desktop-portal-gtk.nix { })
+ ];
+ config = {
+ common = {
+ default = [ "gtk" ];
+ };
+ };
+ xdgOpenUsePortal = true;
+ };
+ #sounds.enable = true;
+ #mime.enable = true;
+ #menus.enable = true;
+ #icons.enable = true;
+ #autostart.enable = true;
+ };
+ fonts = {
+ packages = with pkgs; [
+ #(nerdfonts.override { fonts = [ "JetBrainsMono" ]; })
+ nerd-fonts.jetbrains-mono
+ noto-fonts-monochrome-emoji
+ ];
+ fontconfig.defaultFonts.monospace = with pkgs; [ "JetBrainsMonoNL Nerd Font,JetBrainsMonoNL NF:style=Regular" ];
+ fontconfig.defaultFonts.sansSerif = with pkgs; [ "JetBrainsMonoNL Nerd Font,JetBrainsMonoNL NF:style=Regular" ];
+ fontconfig.defaultFonts.serif = with pkgs; [ "JetBrainsMonoNL Nerd Font,JetBrainsMonoNL NF:style=Regular" ];
+ fontconfig.defaultFonts.emoji = with pkgs; [ "freefont" ];
+ enableDefaultPackages = lib.mkForce false;
+ enableGhostscriptFonts = lib.mkForce false;
+ };
+
+ nixpkgs = {
+ config = {
+ allowUnfree = true;
+ permittedInsecurePackages = [
+ "electron-25.9.0"
+ "olm-3.2.16"
+ "dotnet-sdk-wrapped-7.0.410"
+ "dotnet-sdk-7.0.410"
+ ];
+ };
+ };
+ security = {
+ polkit.enable = true;
+ sudo.wheelNeedsPassword = false;
+ };
+
+ hardware = {
+ pulseaudio.enable = false;
+ };
+
+ programs.dconf.enable = true;
+
+ #networking.wireguard.interfaces = {
+ # wg-KP-Ran = {
+
+ #};
+ # };
+
+ virtualisation.libvirtd.enable = true;
+ programs.virt-manager.enable = true;
+
+ monitoring = {
+ monitorAll = false;
+ localPrometheus = true;
+ exposePrometheus = true;
+ localGrafana = true;
+ exposeGrafana = true;
+ nginxHost = "monitoring.localhost";
+ nginxSsl = false;
+ };
+ networking.hosts."127.0.0.1" = builtins.attrNames config.services.nginx.virtualHosts;
+
+ services.gvfs.enable = true;
+ zramSwap = {
+ enable = true;
+ memoryPercent = 200;
+ };
+ services.pcscd.enable = true;
+
+ virtualisation.vmVariant = {
+ users = {
+ mutableUsers = false;
+ users.Rory.password = "password";
+ };
+ networking.interfaces.enp34s0 = lib.mkForce { };
+ };
+
+ system.stateVersion = "24.11"; # DO NOT EDIT!
+}
diff --git a/host/Arc/hacks/drm-amd-3437.patch b/host/Arc/hacks/drm-amd-3437.patch
new file mode 100644
index 0000000..1867762
--- /dev/null
+++ b/host/Arc/hacks/drm-amd-3437.patch
@@ -0,0 +1,13 @@
+diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_object.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_object.c
+index c556c8b653fa..272ad5e4a328 100644
+--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_object.c
++++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_object.c
+@@ -180,7 +180,7 @@ void amdgpu_bo_placement_from_domain(struct amdgpu_bo *abo, u32 domain)
+ * When GTT is just an alternative to VRAM make sure that we
+ * only use it as fallback and still try to fill up VRAM first.
+ */
+- if (domain & abo->preferred_domains & AMDGPU_GEM_DOMAIN_VRAM)
++ if (domain & abo->preferred_domains & AMDGPU_GEM_DOMAIN_VRAM && !(adev->flags & AMD_IS_APU))
+ places[c].flags |= TTM_PL_FLAG_FALLBACK;
+ c++;
+ }
\ No newline at end of file
diff --git a/host/Arc/hooks/post-rebuild.sh b/host/Arc/hooks/post-rebuild.sh
new file mode 100755
index 0000000..30733ad
--- /dev/null
+++ b/host/Arc/hooks/post-rebuild.sh
@@ -0,0 +1,7 @@
+#!/usr/bin/env sh
+set -x
+
+git restore --staged hardware-configuration.nix
+git restore --staged Ran.ca
+git restore --staged modules/opensuse/
+git restore --staged opensuse/
\ No newline at end of file
diff --git a/host/Arc/hooks/pre-rebuild.sh b/host/Arc/hooks/pre-rebuild.sh
new file mode 100755
index 0000000..d4ec9d3
--- /dev/null
+++ b/host/Arc/hooks/pre-rebuild.sh
@@ -0,0 +1,7 @@
+#!/usr/bin/env sh
+set -x
+
+git add -f hardware-configuration.nix
+git add -f Ran.ca
+git add -f modules/opensuse/
+git add -f opensuse/
\ No newline at end of file
diff --git a/host/Rory-desktop/nginx/discord.localhost.nix b/host/Arc/nginx/discord.localhost.nix
index b40e13c..b40e13c 100755..100644
--- a/host/Rory-desktop/nginx/discord.localhost.nix
+++ b/host/Arc/nginx/discord.localhost.nix
diff --git a/host/Arc/optional/gui/wayland.nix b/host/Arc/optional/gui/wayland.nix
new file mode 100644
index 0000000..281c72d
--- /dev/null
+++ b/host/Arc/optional/gui/wayland.nix
@@ -0,0 +1,63 @@
+{
+ pkgs,
+ hyprland,
+ hy3,
+ ...
+}:
+
+{
+ #programs.sway = {
+ # enable = true;
+#
+ # wrapperFeatures.gtk = true;
+ # extraSessionCommands = ''
+ # # -- Wayland fixes
+ # # SDL:
+ # export SDL_VIDEODRIVER=wayland
+ # # QT (needs qt5.qtwayland in systemPackages):
+ # export QT_QPA_PLATFORM=wayland-egl
+ # export QT_WAYLAND_DISABLE_WINDOWDECORATION="1"
+ # # Fix for some Java AWT applications (e.g. Android Studio),
+ # # use this if they aren't displayed properly:
+ # export _JAVA_AWT_WM_NONREPARENTING=1
+ # '';
+#
+ # extraPackages = with pkgs; [
+ # swaybg
+ # #swayidle
+ # #swaylock
+ # waybar
+ # wl-clipboard
+ # grim
+ # slurp
+ # easyeffects
+ # keepassxc
+ # ];
+ #};
+
+ programs.hyprland = {
+ enable = true;
+ package = hyprland.packages.${pkgs.stdenv.hostPlatform.system}.hyprland;
+ };
+
+ programs.hyprlock.enable = true;
+ environment.systemPackages = with pkgs;[
+ wmenu
+
+ waybar
+ wl-clipboard
+ grim
+ slurp
+ #easyeffects
+ keepassxc
+ networkmanagerapplet
+ ];
+
+ #environment.etc."hyprPlugins" = {
+ # text = ''
+ # plugin = ${hy3.packages.${pkgs.stdenv.hostPlatform.system}.hy3}/lib/libhy3.so
+ # '';
+ #};
+
+ xdg.portal.wlr.enable = true;
+}
diff --git a/host/Rory-desktop/optional/gui/x11.nix b/host/Arc/optional/gui/x11.nix
index 9070298..9070298 100644
--- a/host/Rory-desktop/optional/gui/x11.nix
+++ b/host/Arc/optional/gui/x11.nix
diff --git a/host/Arc/optional/hardware-specific/amd.nix b/host/Arc/optional/hardware-specific/amd.nix
new file mode 100644
index 0000000..e4758a6
--- /dev/null
+++ b/host/Arc/optional/hardware-specific/amd.nix
@@ -0,0 +1,42 @@
+{
+ config,
+ pkgs,
+ lib,
+ nhekoSrc,
+ mtxclientSrc,
+ ...
+}:
+
+{
+ imports = [ ];
+
+ boot.initrd.kernelModules = [ "amdgpu" ];
+
+ services = {
+ xserver = {
+ windowManager.i3.extraSessionCommands = ''
+ xrandr --output HDMI-1 --mode 3840x2160 --pos 0x0 --rotate normal --primary --output DP-1 --mode 1920x1080 --pos 3840x1080 --rotate normal --output HDMI-2 --off --output DP-2 --off
+ '';
+ wacom.enable = true;
+ };
+ picom.backend = "glx";
+ };
+
+ environment.systemPackages = with pkgs; [
+ rocmPackages.rocm-smi # useful to have
+ ];
+
+ hardware = {
+ graphics = {
+ enable = true;
+ enable32Bit = true;
+ extraPackages = with pkgs; [
+ rocmPackages.clr.icd
+ #amdvlk
+ ];
+ #extraPackages32 = with pkgs; [ driversi686Linux.amdvlk ];
+ };
+ };
+
+ systemd.tmpfiles.rules = [ "L+ /opt/rocm/hip - - - - ${pkgs.rocmPackages.clr}" ];
+}
diff --git a/host/Arc/optional/hardware-specific/nvidia.nix b/host/Arc/optional/hardware-specific/nvidia.nix
new file mode 100644
index 0000000..1f98541
--- /dev/null
+++ b/host/Arc/optional/hardware-specific/nvidia.nix
@@ -0,0 +1,40 @@
+{
+ config,
+ pkgs,
+ lib,
+ nhekoSrc,
+ mtxclientSrc,
+ ...
+}:
+
+{
+ imports = [
+
+ ];
+
+ services = {
+ xserver = {
+ #videoDrivers = [ "nvidia" ];
+ #windowManager.i3.extraSessionCommands = ''
+ # todo: restore
+ #'';
+ };
+ picom.backend = "glx";
+ };
+
+ hardware = {
+ graphics = {
+ enable = true;
+ };
+
+ nvidia = {
+ modesetting.enable = true;
+ powerManagement.enable = false;
+ powerManagement.finegrained = false;
+ open = true;
+ nvidiaSettings = true;
+ nvidiaPersistenced = true;
+ package = config.boot.kernelPackages.nvidiaPackages.stable;
+ };
+ };
+}
diff --git a/host/Module-dev/configuration.nix b/host/Module-dev/configuration.nix
new file mode 100644
index 0000000..f3f66fe
--- /dev/null
+++ b/host/Module-dev/configuration.nix
@@ -0,0 +1,55 @@
+{
+ pkgs,
+ lib,
+ grapevine,
+ ...
+}:
+
+{
+ imports = [
+ ../../modules/base-server.nix
+ ./set/matrix/root.nix
+ ];
+
+ networking = {
+ hostName = "Module-dev";
+ useDHCP = lib.mkForce true;
+ defaultGateway.interface = "eth0";
+ nat = {
+ enable = true;
+ internalInterfaces = [
+ "ve-+"
+ "vb-+"
+ ];
+ externalInterface = "ens18";
+ enableIPv6 = false;
+ };
+ enableIPv6 = lib.mkForce false;
+ nameservers = lib.mkForce [ "192.168.1.1" ];
+ };
+
+ monitoring = {
+ monitorAll = true;
+ localPrometheus = true;
+ exposePrometheus = true;
+ localGrafana = true;
+ exposeGrafana = true;
+ nginxHost = "monitoring.rory.gay";
+ nginxSsl = true;
+ };
+
+ nixpkgs.config.permittedInsecurePackages = [
+ "olm-3.2.16"
+ "dotnet-runtime-wrapped-7.0.20"
+ "dotnet-runtime-7.0.20"
+ "dotnet-sdk-7.0.20"
+ ];
+ services.irqbalance.enable = true;
+
+ environment.memoryAllocator.provider = "jemalloc";
+
+ system.stateVersion = lib.trivial.release; # DO NOT copy to real configs!
+
+ environment.systemPackages = with pkgs; [ waypipe ];
+ nix.nrBuildUsers = 128;
+}
diff --git a/host/Module-dev/set/matrix/postgres.nix b/host/Module-dev/set/matrix/postgres.nix
new file mode 100644
index 0000000..0a6a8d7
--- /dev/null
+++ b/host/Module-dev/set/matrix/postgres.nix
@@ -0,0 +1,22 @@
+{ pkgs, ... }:
+
+{
+ services.postgresql = {
+ enable = true;
+ package = pkgs.postgresql_17_jit;
+ enableTCPIP = true;
+ authentication = pkgs.lib.mkOverride 10 ''
+ # TYPE, DATABASE, USER, ADDRESS, METHOD
+ local all all trust
+ host all all 127.0.0.1/32 trust
+ host all all ::1/128 trust
+ host discordbots discordbots 192.168.1.2/32 trust
+ host matrix-synapse-rory-gay matrix-synapse-rory-gay 192.168.1.5/32 trust
+ host all all 0.0.0.0/0 md5
+ '';
+ settings = {
+ max_connections = 2500;
+ superuser_reserved_connections = 3;
+ };
+ };
+}
diff --git a/host/Module-dev/set/matrix/root.nix b/host/Module-dev/set/matrix/root.nix
new file mode 100644
index 0000000..83636d2
--- /dev/null
+++ b/host/Module-dev/set/matrix/root.nix
@@ -0,0 +1,202 @@
+{ pkgs, config, ... }:
+
+let
+ mkWorker =
+ name: tasks:
+ import ../../../../modules/software-templates/synapse-workers/generic.nix {
+ workerName = name;
+ tasks = tasks;
+ };
+in
+{
+ # Worker plumbing examples: https://github.com/element-hq/synapse/blob/master/docker/configure_workers_and_start.py
+ # Documentation: https://github.com/element-hq/synapse/blob/develop/docs/workers.md
+ imports = [
+ ../../../../modules/software-templates/synapse-workers/module.nix
+ ./postgres.nix
+
+ (mkWorker "sync" [ "sync" ])
+ ];
+
+ services.matrix-synapse = {
+ enable = true;
+ withJemalloc = true;
+
+ nginxVirtualHostName = "matrix.rory.gay";
+ enableWorkers = true;
+
+ federationSenders = 16; # 16
+ pushers = 1;
+ mediaRepoWorkers = 2; # 4
+ clientReaders = 2; # 4
+ syncWorkers = 2; # 4
+ authWorkers = 0;
+
+ eventCreators = 16;
+
+ federationReaders = 8; # 8
+ federationInboundWorkers = 16; # 8
+
+ enableAppserviceWorker = true;
+ enableBackgroundWorker = true;
+ enableUserDirWorker = true;
+
+ accountDataStreamWriters = 1;
+ eventStreamWriters = 2; # 8
+ presenceStreamWriters = 1;
+ pushRuleStreamWriters = 1;
+ receiptStreamWriters = 1;
+ toDeviceStreamWriters = 1;
+ typingStreamWriters = 1;
+
+ # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html
+ settings = {
+ server_name = "rory.gay";
+
+ dummy_devents_treshold = 2;
+ cleanup_extremities_with_dummy_events = true;
+
+ enable_registration = true;
+ registration_requires_token = true;
+
+ require_membership_for_aliases = false;
+ redaction_retention_period = null;
+ user_ips_max_age = null;
+ allow_device_name_lookup_over_federation = true;
+
+ federation = {
+ client_timeout = "30s"; # default=60s
+ max_short_retries = 12;
+ max_short_retry_delay = "5s";
+ max_long_retries = 5;
+ max_long_retry_delay = "30s";
+
+ # rapid retry, small increments
+ destination_min_retry_interval = "5m"; # default=10m
+ destination_max_retry_interval = "12h"; # default=7d
+ destination_retry_multiplier = 1.2; # default=2
+ };
+
+ registration_shared_secret_path = pkgs.writeText "registration_shared_secret.txt" ''
+ sometext
+ '';
+
+ listeners = [
+ {
+ port = 8008;
+ bind_addresses = [ "127.0.0.1" ];
+ type = "http";
+ tls = false;
+ x_forwarded = true;
+ resources = [
+ {
+ names = [
+ "client"
+ "federation"
+ ];
+ compress = false;
+ }
+ ];
+ }
+ {
+ type = "http";
+ path = "/run/matrix-synapse/main.sock";
+ resources = [
+ {
+ names = [ "replication" ];
+ compress = false;
+ }
+ ];
+ }
+ ];
+ presence = {
+ enablee = true;
+ update_interval = 60;
+ };
+ database = {
+ name = "psycopg2";
+ args = {
+ user = "matrix-synapse-rory-gay";
+ password = "somepassword";
+ database = "matrix-synapse-rory-gay";
+ host = "/run/postgresql";
+ application_name = "matrix-synapse (rory.gay) - main";
+ cp_min = 2;
+ cp_max = 5;
+
+ # cp_reconnect - default=True - https://github.com/element-hq/synapse/blob/develop/synapse/storage/database.py#L129
+ # cp_noisy - default=False - https://docs.twisted.org/en/stable/api/twisted.enterprise.adbapi.ConnectionPool.html#__init__ - info logs during operation
+ # check_same_thread - default=False - https://github.com/element-hq/synapse/blob/develop/synapse/config/database.py#L65 - can this even be set?
+ };
+
+ # synchronous_commit - default=True - https://github.com/element-hq/synapse/blob/develop/synapse/storage/engines/postgres.py#L56
+ # statement_timeout - default=60 * 60 * 1000 ms - https://github.com/element-hq/synapse/blob/develop/synapse/storage/engines/postgres.py#L63
+ # allow_unsafe_locale - default=False - https://github.com/element-hq/synapse/blob/develop/synapse/storage/engines/postgres.py#L99
+ # allow_outdated_version - default=False - https://github.com/element-hq/synapse/blob/develop/synapse/storage/engines/postgres.py#L92 - needs source link
+ # txn_limit - default=0 - https://github.com/element-hq/synapse/blob/develop/synapse/storage/database.py#L564
+
+ statement_timeout = 24 * 60 * 60 * 1000; # 24 hours, good for bg jobs
+ txn_limit = 500; # maybe dropping old data from pg caches helps?
+ };
+
+ ui_auth = {
+ session_timeout = "1m";
+ };
+
+ login_via_existing_session = {
+ enabled = true;
+ require_ui_auth = true;
+ token_timeout = "1y";
+ };
+
+ report_stats = false;
+
+ user_directory = {
+ enabled = true;
+ search_all_users = true;
+ prefer_local_users = true;
+ };
+
+ # https://github.com/element-hq/synapse/blob/master/synapse/config/experimental.py
+ experimental_features = {
+ "msc2815_enabled" = true; # Redacted event content
+ "msc3026_enabled" = true; # Busy presence
+ "msc3266_enabled" = true; # Room summary API
+ "msc3916_authenticated_media_enabled" = true; # Authenticated media
+ "msc3823_account_suspension" = true; # Account suspension
+ "msc4151_enabled" = true; # Report room API (CS-API)
+ };
+
+ redis = {
+ enabled = true;
+ path = "/run/redis-matrix-synapse/redis.sock";
+ };
+
+ instance_map = {
+ main = {
+ # replication listener
+ path = "/run/matrix-synapse/main.sock";
+ };
+ };
+ };
+ # // import ./ratelimits.nix
+ # // import ./caches.nix;
+ };
+
+ services.redis = {
+ package = pkgs.valkey;
+ servers.matrix-synapse = {
+ enable = true;
+ user = "matrix-synapse";
+ };
+ };
+
+ services.postgresql = {
+ initialScript = pkgs.writeText "synapse-init.sql" ''
+ CREATE USER "${config.services.matrix-synapse.settings.database.args.user}" WITH PASSWORD '${config.services.matrix-synapse.settings.database.args.password}';
+ CREATE DATABASE "${config.services.matrix-synapse.settings.database.args.database}" OWNER '${config.services.matrix-synapse.settings.database.args.user}' LOCALE 'C' ENCODING 'UTF8' TEMPLATE "template0";
+ '';
+ };
+
+ systemd.tmpfiles.rules = [ "D /run/redis-matrix-synapse 0755 matrix-synapse matrix-synapse" ];
+}
diff --git a/host/Rory-NTFS/configuration.nix b/host/Rory-NTFS/configuration.nix
new file mode 100644
index 0000000..98e28de
--- /dev/null
+++ b/host/Rory-NTFS/configuration.nix
@@ -0,0 +1,229 @@
+{
+ pkgs,
+ lib,
+ nhekoSrc,
+ mtxclientSrc,
+ ...
+}:
+
+{
+ imports = [
+ ../../modules/base-client.nix
+ ../../packages/vim.nix
+ ./optional/gui/wayland.nix
+ ];
+
+ boot = {
+ kernelPackages = pkgs.linuxPackages_latest;
+ loader = {
+ grub = {
+ enable = true;
+ device = "nodev"; # nodev for EFI only
+ # EFI
+ efiSupport = true;
+ efiInstallAsRemovable = true;
+ };
+ };
+ #readOnlyNixStore = false;
+ };
+
+ services.udev.extraRules = ''
+ #SUBSYSTEM=="usb", ATTR{idVendor}=="18d1", MODE="0664", GROUP="users"
+ # SDP protocol
+ KERNEL=="hidraw*", ATTRS{idVendor}=="1fc9", MODE="0666"
+ ACTION=="add", SUBSYSTEM=="usb", ATTR{idVendor}=="1fc9", MODE="0666"
+ ACTION=="add", SUBSYSTEM=="usb", ATTR{idVendor}=="0d28", MODE="0666"
+ # Flashloader
+ KERNEL=="hidraw*", ATTRS{idVendor}=="15a2", MODE="0666"
+ # Controller
+ KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="18d1", MODE="0666"
+ SUBSYSTEMS=="usb", ATTRS{idVendor}=="18d1", ATTRS{idProduct}=="9400", MODE="0660", TAG+="uaccess"
+ '';
+
+ #systemd.services.NetworkManager-wait-online.enable = false;
+
+ networking = {
+ hostName = "Rory-portable";
+ networkmanager.enable = true;
+ wireless.enable = false;
+ firewall = {
+ enable = false;
+ # allowedTCPPorts = [ ... ];
+ # allowedUDPPorts = [ ... ];
+ };
+
+ #interfaces.enp34s0.ipv4.addresses = [ {
+ # address = "192.168.0.3";
+ # prefixLength = 24;
+ #} ];
+ #
+ #defaultGateway = "192.168.0.1";
+ # useDHCP = true;
+ };
+ systemd.sleep.extraConfig = ''
+ AllowSuspend=yes
+ AllowHibernation=yes
+ AllowHybridSleep=yes
+ AllowSuspendThenHibernate=yes
+ '';
+
+ services.power-profiles-daemon.enable = true;
+ time.timeZone = "Europe/Brussels";
+
+ services = {
+ libinput.touchpad.naturalScrolling = true;
+ xserver = {
+ enable = true;
+ updateDbusEnvironment = true;
+ xkb.layout = "us";
+ };
+ libinput.enable = true;
+
+ openssh = {
+ enable = true;
+ settings.PermitRootLogin = "yes";
+ extraConfig = ''
+ MaxAuthTries 32
+ '';
+ };
+ pipewire = {
+ enable = true;
+ audio.enable = true;
+ pulse.enable = true;
+ wireplumber.enable = true;
+ jack.enable = true;
+ alsa.enable = true;
+ };
+ };
+
+ environment.systemPackages = with pkgs; [
+ libreoffice
+ qt6.qtwayland
+
+ gnome-console
+ feh
+ easyeffects
+ kitty
+ #youtube-music
+
+ # - IDEs
+ #jetbrains-toolbox
+ #jetbrains.rider
+ #jetbrains.webstorm
+ #jetbrains.clion
+ #github-copilot-intellij-agent
+
+ #dbeaver-bin
+ #insomnia
+ #vscode
+
+ # - Utilities
+ #inkscape-with-extensions
+ #gimp # -with-plugins
+
+ # - Languages
+ #dotnet-sdk_7
+ #dotnet-sdk_8
+ #(callPackage ../../packages/dotnet-pack.nix { inherit pkgs; })
+
+ #games
+ #osu-lazer-bin
+ #steam
+ #steam-run
+
+ # extra packages
+ dmenu
+
+ nemo
+ file-roller
+ firefox-bin
+ #ungoogled-chromium # needed for Rider in order to debug WASM
+
+ unrar-wrapper
+
+ #(schildichat-desktop.override { electron = electron; })
+ (callPackage ../../packages/nheko-git.nix {
+ inherit nhekoSrc;
+ inherit mtxclientSrc;
+ voipSupport = false;
+ })
+ #(callPackage ../../packages/mc/server/modpack/curseforge/techopolis-2/5.4.nix { })
+
+ #vesktop
+ virt-viewer
+ wireguard-tools
+
+ # (dwarf-fortress-packages.dwarf-fortress-full.override { enableStoneSense = true; enableFPS = true; theme = dwarf-fortress-packages.themes.spacefox; })
+ ];
+
+ #programs.steam.enable = true;
+ #programs.steam.gamescopeSession.enable = true;
+
+ #environment.gnome.excludePackages = [
+ # pkgs.orca
+ # pkgs.gnome-tour
+ # pkgs.gnome-user-docs
+ #];
+ xdg = {
+ portal = {
+ enable = true;
+ extraPortals = with pkgs; [
+ #xdg-desktop-portal-gtk
+ xdg-desktop-portal-xapp
+# (callPackage ../../packages/xdg-desktop-portal-gtk.nix { })
+ ];
+ config = {
+ common = {
+ default = [ "gtk" ];
+ };
+ };
+ xdgOpenUsePortal = true;
+ };
+ #sounds.enable = true;
+ #mime.enable = true;
+ #menus.enable = true;
+ #icons.enable = true;
+ #autostart.enable = true;
+ };
+ fonts = {
+ packages = with pkgs; [
+ nerd-fonts.jetbrains-mono
+ noto-fonts-monochrome-emoji
+ ];
+ fontconfig.defaultFonts.monospace = [ "JetBrainsMonoNL Nerd Font,JetBrainsMonoNL NF:style=Regular" ];
+ fontconfig.defaultFonts.sansSerif = [ "JetBrainsMonoNL Nerd Font,JetBrainsMonoNL NF:style=Regular" ];
+ fontconfig.defaultFonts.serif = [ "JetBrainsMonoNL Nerd Font,JetBrainsMonoNL NF:style=Regular" ];
+ fontconfig.defaultFonts.emoji = [ "freefont" ];
+ enableDefaultPackages = lib.mkForce false;
+ enableGhostscriptFonts = lib.mkForce false;
+ };
+
+ programs.dconf.enable = true;
+ environment.etc."resolv.conf".text = ''
+ nameserver 8.8.8.8
+ nameserver 8.4.4.8
+ nameserver 1.1.1.1
+ nameserver 1.0.0.1
+ '';
+
+ #networking.wireguard.interfaces = {
+ # wg-KP-Ran = {
+
+ #};
+ # };
+
+ #virtualisation.libvirtd.enable = true;
+ #programs.virt-manager.enable = true;
+
+ system.stateVersion = "22.11"; # DO NOT EDIT!
+
+ nixpkgs = {
+ config = {
+ allowUnfree = true;
+ permittedInsecurePackages = [
+ "electron-25.9.0"
+ "olm-3.2.16"
+ ];
+ };
+ };
+}
diff --git a/host/Rory-desktop/optional/gui/wayland.nix b/host/Rory-NTFS/optional/gui/wayland.nix
index 689dee7..eac6391 100644
--- a/host/Rory-desktop/optional/gui/wayland.nix
+++ b/host/Rory-NTFS/optional/gui/wayland.nix
@@ -1,7 +1,5 @@
{
- config,
pkgs,
- lib,
...
}:
@@ -20,16 +18,7 @@
# Fix for some Java AWT applications (e.g. Android Studio),
# use this if they aren't displayed properly:
export _JAVA_AWT_WM_NONREPARENTING=1
- cp ${../../../../modules/users/Rory/wallpaper.webp} ~/.cache/wallpaper.webp
-
'';
- #(
- #sleep 5
- #${pkgs.swaybg}/bin/swaybg -i ${../../../../modules/users/Rory/wallpaper.webp}
- #$ {pkgs.swayidle}/bin/swayidle -w timeout 300 'swaylock -f -i ${../../../../modules/users/Rory/wallpaper.webp}' 'swaymsg "output * dpms off"'
- #$ {pkgs.swaylock}/bin/swaylock -f -i ${../../../../modules/users/Rory/wallpaper.webp}
- #${pkgs.waybar}/bin/waybar
- #) &
extraPackages = with pkgs; [
swaybg
diff --git a/host/Rory-NTFS/optional/hardware-specific/amd.nix b/host/Rory-NTFS/optional/hardware-specific/amd.nix
new file mode 100644
index 0000000..4456c6f
--- /dev/null
+++ b/host/Rory-NTFS/optional/hardware-specific/amd.nix
@@ -0,0 +1,45 @@
+{
+ config,
+ pkgs,
+ lib,
+ nhekoSrc,
+ mtxclientSrc,
+ ...
+}:
+
+{
+ imports = [ ];
+
+ boot.initrd.kernelModules = [ "amdgpu" ];
+
+ services = {
+ xserver = {
+ windowManager.i3.extraSessionCommands = ''
+ xrandr --output HDMI-1 --mode 3840x2160 --pos 0x0 --rotate normal --primary --output DP-1 --mode 1920x1080 --pos 3840x1080 --rotate normal --output HDMI-2 --off --output DP-2 --off
+ '';
+ wacom.enable = true;
+ };
+ picom.backend = "glx";
+ };
+
+ environment.systemPackages = with pkgs; [
+ rocmPackages.rocm-smi # useful to have
+ ];
+
+ hardware = {
+ graphics = {
+ enable = true;
+ #driSupport = true;
+ driSupport32Bit = true;
+ extraPackages = with pkgs; [
+ rocmPackages.clr.icd
+ amdvlk
+ ];
+ extraPackages32 = with pkgs; [ driversi686Linux.amdvlk ];
+ };
+ };
+
+ systemd.tmpfiles.rules = [ "L+ /opt/rocm/hip - - - - ${pkgs.rocmPackages.clr}" ];
+
+ system.stateVersion = "22.11"; # DO NOT EDIT!
+}
diff --git a/host/Rory-NTFS/optional/hardware-specific/nvidia.nix b/host/Rory-NTFS/optional/hardware-specific/nvidia.nix
new file mode 100644
index 0000000..c146c3a
--- /dev/null
+++ b/host/Rory-NTFS/optional/hardware-specific/nvidia.nix
@@ -0,0 +1,44 @@
+{
+ config,
+ pkgs,
+ lib,
+ nhekoSrc,
+ mtxclientSrc,
+ ...
+}:
+
+{
+ imports = [
+
+ ];
+
+ services = {
+ xserver = {
+ videoDrivers = [ "nvidia" ];
+ #windowManager.i3.extraSessionCommands = ''
+ # todo: restore
+ #'';
+ };
+ picom.backend = "glx";
+ };
+
+ hardware = {
+ graphics = {
+ enable = true;
+ driSupport = true;
+ driSupport32Bit = true;
+ };
+
+ nvidia = {
+ modesetting.enable = true;
+ powerManagement.enable = false;
+ powerManagement.finegrained = false;
+ open = true;
+ nvidiaSettings = true;
+ nvidiaPersistenced = true;
+ package = config.boot.kernelPackages.nvidiaPackages.stable;
+ };
+ };
+
+ system.stateVersion = "22.11"; # DO NOT EDIT!
+}
diff --git a/host/Rory-desktop/configuration.nix b/host/Rory-desktop/configuration.nix
index aa09659..d48d10c 100644
--- a/host/Rory-desktop/configuration.nix
+++ b/host/Rory-desktop/configuration.nix
@@ -12,26 +12,33 @@ args@{
# base imports
../../modules/base-client.nix
# (import ../../modules/base-secrets.nix { path = "/home/rory/.config/sops/config.yaml"; })
- ../../modules/packages/vim.nix
+ ../../packages/vim.nix
# ../../modules/environments/home.nix
- # ../../modules/software-templates/profilers.nix
- ./postgres.nix
- ./nginx.nix
+ ../../modules/software-templates/profilers.nix
+ ../../modules/software-templates/dotnet.client.nix
+ #../../modules/hardware/google-stadia-controller.nix
+
+ ./services/nginx.nix
+ ./services/postgres.nix
# hardware-specific imports
./optional/hardware-specific/amd.nix
- ./optional/gui/x11.nix
- ./optional/gui/wayland.nix
-
- #./printing.nix
-# ./ollama.nix
+ #./services/edu/mongodb.nix
+ ./optional/gui/hyprland.nix
+ #./optional/gui/x11.nix
+ #./services/libvirt.nix
+ #./services/printing.nix
+ #./services/rabbitmq.nix
+ #./services/ollama.nix
+ #./services/waydroid.nix
];
boot = {
kernelPackages = pkgs.linuxPackages_latest;
loader = {
grub = {
+ configurationLimit = 10;
enable = true;
device = "nodev"; # nodev for EFI only
# EFI
@@ -39,34 +46,19 @@ args@{
efiInstallAsRemovable = true;
};
};
- kernelPatches = [
- {
- # FIXME: https://gitlab.freedesktop.org/drm/amd/-/issues/3437
- name = "drm-amd-3437-hack";
- patch = ./hacks/drm-amd-3437.patch;
- }
- ];
-
- #readOnlyNixStore = false;
};
- programs.noisetorch.enable = true;
+
+ # TODO: re-enable when USB is fixed
+ #programs.noisetorch.enable = true;
+
+ programs.gamemode.enable = true;
+ users.users.Rory.extraGroups = [ "gamemode" ];
environment.sessionVariables = {
ZSH_DISABLE_COMPFIX = "true";
};
- services.udev.extraRules = ''
- #SUBSYSTEM=="usb", ATTR{idVendor}=="18d1", MODE="0664", GROUP="users"
- # SDP protocol
- KERNEL=="hidraw*", ATTRS{idVendor}=="1fc9", MODE="0666"
- ACTION=="add", SUBSYSTEM=="usb", ATTR{idVendor}=="1fc9", MODE="0666"
- ACTION=="add", SUBSYSTEM=="usb", ATTR{idVendor}=="0d28", MODE="0666"
- # Flashloader
- KERNEL=="hidraw*", ATTRS{idVendor}=="15a2", MODE="0666"
- # Controller
- KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="18d1", MODE="0666"
- SUBSYSTEMS=="usb", ATTRS{idVendor}=="18d1", ATTRS{idProduct}=="9400", MODE="0660", TAG+="uaccess"
- '';
+# hardware.google-stadia-controller.enable = true;
networking = {
hostName = "Rory-desktop";
@@ -86,7 +78,7 @@ args@{
];
defaultGateway = "192.168.0.1";
- # useDHCP = true;
+ #useDHCP = true; # Doesn't work with NetworkManager, investigate
};
time.timeZone = "Europe/Brussels";
@@ -110,6 +102,7 @@ args@{
'';
settings.PermitRootLogin = "yes";
};
+ pulseaudio.enable = false;
pipewire = {
enable = true;
audio.enable = true;
@@ -120,11 +113,13 @@ args@{
};
};
+ services.desktopManager.gnome.enable = false;
environment.systemPackages = with pkgs; [
+ eog
+ mpv
libreoffice
qt6.qtwayland
- gnome-console
feh
easyeffects
kitty
@@ -132,10 +127,19 @@ args@{
# - IDEs
#jetbrains-toolbox
- jetbrains.rider
- #jetbrains.webstorm
+ (jetbrains.plugins.addPlugins jetbrains.webstorm [
+ jetbrains.plugins.github-copilot-fixed
+ #"github-copilot"
+ ])
+ (jetbrains.plugins.addPlugins jetbrains.clion [
+ jetbrains.plugins.github-copilot-fixed
+ #"github-copilot"
+ "nixidea"
+ "visual-studio-keymap"
+ ]) #"string-manipulation"
+ #jetbrains.rider
#jetbrains.clion
- github-copilot-intellij-agent
+ #github-copilot-intellij-agent
dbeaver-bin
#insomnia
@@ -146,13 +150,10 @@ args@{
gimp
# - Languages
- dotnet-sdk_8
+ dotnetCorePackages.sdk_9_0
#games
osu-lazer-bin
- #steam
- steam-run
- steam-acf
# extra packages
dmenu
@@ -163,41 +164,47 @@ args@{
#ungoogled-chromium #needed for Rider in order to debug WASM
#yuzu-early-access
- wineWowPackages.unstableFull
- winetricks
+ #wineWowPackages.unstableFull
+ #winetricks
#fragments
- peek
unrar-wrapper
#(schildichat-desktop.override { electron = electron; })
- (callPackage ../../modules/packages/nheko-git.nix {
+ (callPackage ../../packages/nheko-git.nix {
inherit nhekoSrc;
inherit mtxclientSrc;
voipSupport = false;
})
- #(callPackage ../../modules/packages/mc/server/modpack/curseforge/techopolis-2/5.4.nix { })
+ #(callPackage ../../packages/mc/server/modpack/curseforge/techopolis-2/5.4.nix { })
#vesktop
- virt-viewer
+ #discord-development
+
# (dwarf-fortress-packages.dwarf-fortress-full.override { enableStoneSense = true; enableFPS = true; theme = dwarf-fortress-packages.themes.spacefox; })
mangohud
prismlauncher
- ];
- programs.steam.enable = true;
- programs.steam.gamescopeSession.enable = true;
- virtualisation.waydroid.enable = true;
+ thunderbird
+
+ p11-kit
+ opensc
+ eid-mw
+ jitsi-meet-electron
+ #nixd
+ ];
+ environment.etc."pkcs11/modules/opensc-pkcs11".text = ''
+ module: ${pkgs.opensc}/lib/opensc-pkcs11.so
+ '';
xdg = {
portal = {
-
enable = true;
extraPortals = with pkgs; [
#xdg-desktop-portal-gtk
xdg-desktop-portal-xapp
- (callPackage ../../modules/packages/xdg-desktop-portal-gtk.nix { })
+ # (callPackage ../../packages/xdg-desktop-portal-gtk.nix { })
];
config = {
common = {
@@ -205,8 +212,6 @@ args@{
};
};
xdgOpenUsePortal = true;
- #gtkUsePortal = true; # deprecated
-
};
#sounds.enable = true;
#mime.enable = true;
@@ -214,14 +219,22 @@ args@{
#icons.enable = true;
#autostart.enable = true;
};
+
fonts = {
packages = with pkgs; [
- (nerdfonts.override { fonts = [ "JetBrainsMono" ]; })
+ #(nerdfonts.override { fonts = [ "JetBrainsMono" ]; })
+ nerd-fonts.jetbrains-mono
noto-fonts-monochrome-emoji
];
- fontconfig.defaultFonts.monospace = with pkgs; [ "JetBrainsMonoNL Nerd Font,JetBrainsMonoNL NF:style=Regular" ];
- fontconfig.defaultFonts.sansSerif = with pkgs; [ "JetBrainsMonoNL Nerd Font,JetBrainsMonoNL NF:style=Regular" ];
- fontconfig.defaultFonts.serif = with pkgs; [ "JetBrainsMonoNL Nerd Font,JetBrainsMonoNL NF:style=Regular" ];
+ fontconfig.defaultFonts.monospace = with pkgs; [
+ "JetBrainsMonoNL Nerd Font,JetBrainsMonoNL NF:style=Regular"
+ ];
+ fontconfig.defaultFonts.sansSerif = with pkgs; [
+ "JetBrainsMonoNL Nerd Font,JetBrainsMonoNL NF:style=Regular"
+ ];
+ fontconfig.defaultFonts.serif = with pkgs; [
+ "JetBrainsMonoNL Nerd Font,JetBrainsMonoNL NF:style=Regular"
+ ];
fontconfig.defaultFonts.emoji = with pkgs; [ "freefont" ];
enableDefaultPackages = lib.mkForce false;
enableGhostscriptFonts = lib.mkForce false;
@@ -233,25 +246,18 @@ args@{
permittedInsecurePackages = [
"electron-25.9.0"
"olm-3.2.16"
+ "dotnet-sdk-wrapped-7.0.410"
+ "dotnet-sdk-7.0.410"
];
};
-
};
+
security = {
polkit.enable = true;
sudo.wheelNeedsPassword = false;
};
- hardware = {
- pulseaudio.enable = false;
- };
programs.dconf.enable = true;
- environment.etc."resolv.conf".text = ''
- nameserver 8.8.8.8
- nameserver 8.4.4.8
- nameserver 1.1.1.1
- nameserver 1.0.0.1
- '';
#networking.wireguard.interfaces = {
# wg-KP-Ran = {
@@ -259,9 +265,6 @@ args@{
#};
# };
- virtualisation.libvirtd.enable = true;
- programs.virt-manager.enable = true;
-
monitoring = {
monitorAll = true;
localPrometheus = true;
@@ -271,8 +274,23 @@ args@{
nginxHost = "monitoring.localhost";
nginxSsl = false;
};
+
networking.hosts."127.0.0.1" = builtins.attrNames config.services.nginx.virtualHosts;
-
+
+ services.gvfs.enable = true;
+ zramSwap = {
+ enable = true;
+ memoryPercent = 200;
+ };
+ services.pcscd.enable = true;
+
+ virtualisation.vmVariant = {
+ users = {
+ mutableUsers = false;
+ users.Rory.password = "password";
+ };
+ networking.interfaces.enp34s0 = lib.mkForce { };
+ };
system.stateVersion = "22.11"; # DO NOT EDIT!
}
diff --git a/host/Rory-desktop/hooks/post-rebuild.sh b/host/Rory-desktop/hooks/post-rebuild.sh
new file mode 100755
index 0000000..30733ad
--- /dev/null
+++ b/host/Rory-desktop/hooks/post-rebuild.sh
@@ -0,0 +1,7 @@
+#!/usr/bin/env sh
+set -x
+
+git restore --staged hardware-configuration.nix
+git restore --staged Ran.ca
+git restore --staged modules/opensuse/
+git restore --staged opensuse/
\ No newline at end of file
diff --git a/host/Rory-desktop/hooks/pre-rebuild.sh b/host/Rory-desktop/hooks/pre-rebuild.sh
new file mode 100755
index 0000000..d4ec9d3
--- /dev/null
+++ b/host/Rory-desktop/hooks/pre-rebuild.sh
@@ -0,0 +1,7 @@
+#!/usr/bin/env sh
+set -x
+
+git add -f hardware-configuration.nix
+git add -f Ran.ca
+git add -f modules/opensuse/
+git add -f opensuse/
\ No newline at end of file
diff --git a/host/Rory-desktop/optional/gui/hyprland.nix b/host/Rory-desktop/optional/gui/hyprland.nix
new file mode 100644
index 0000000..d9dcbb2
--- /dev/null
+++ b/host/Rory-desktop/optional/gui/hyprland.nix
@@ -0,0 +1,32 @@
+{
+ pkgs,
+ hyprland,
+ hy3,
+ ...
+}:
+
+{
+ programs.hyprland = {
+ enable = true;
+ package = hyprland.packages.${pkgs.stdenv.hostPlatform.system}.hyprland;
+ };
+
+ programs.hyprlock.enable = true;
+ environment.systemPackages = with pkgs;[
+ wmenu
+ waybar
+ wl-clipboard
+ grim
+ slurp
+ easyeffects
+ keepassxc
+ ];
+
+ environment.etc."hyprPlugins" = {
+ text = ''
+ plugin = ${hy3.packages.${pkgs.stdenv.hostPlatform.system}.hy3}/lib/libhy3.so
+ '';
+ };
+
+ xdg.portal.wlr.enable = true;
+}
diff --git a/host/Rory-desktop/optional/gui/i3.nix b/host/Rory-desktop/optional/gui/i3.nix
new file mode 100644
index 0000000..9070298
--- /dev/null
+++ b/host/Rory-desktop/optional/gui/i3.nix
@@ -0,0 +1,36 @@
+{
+ config,
+ pkgs,
+ lib,
+ nhekoSrc,
+ mtxclientSrc,
+ ...
+}:
+
+{
+ imports = [ ];
+
+ services = {
+ xserver = {
+ windowManager.i3.enable = true;
+ windowManager.i3.extraSessionCommands = ''
+ # output from arandr:
+ #xrandr --output DP-1 --mode 1920x1080 --pos 3840x1080 --rotate normal --output HDMI-1 --mode 3840x2160 --pos 0x0 --rotate normal --output HDMI-2 --off --output DP-2 --off
+ xrandr --output HDMI-1 --mode 3840x2160 --pos 0x0 --rotate normal --primary --output DP-1 --mode 1920x1080 --pos 3840x1080 --rotate normal --output HDMI-2 --off --output DP-2 --off
+ ${pkgs.polybarFull}/bin/polybar &
+ ${pkgs.dunst}/bin/dunst &
+ ${pkgs.picom}/bin/picom --config ~/.config/picom.conf &
+ ${pkgs.feh}/bin/feh --no-fehbg --bg-fill ${../../../../modules/users/Rory/wallpaper.webp}
+ '';
+ windowManager.i3.extraPackages = with pkgs; [
+ easyeffects
+ keepassxc
+ ];
+ };
+
+ picom.enable = false;
+ #picom.vSync = false;
+ #picom.backend = "glx";
+ };
+
+}
diff --git a/host/Rory-desktop/optional/gui/sway.nix b/host/Rory-desktop/optional/gui/sway.nix
new file mode 100644
index 0000000..f19635f
--- /dev/null
+++ b/host/Rory-desktop/optional/gui/sway.nix
@@ -0,0 +1,39 @@
+{
+ pkgs,
+ hyprland,
+ hy3,
+ ...
+}:
+
+{
+ programs.sway = {
+ enable = true;
+
+ wrapperFeatures.gtk = true;
+ extraSessionCommands = ''
+ # -- Wayland fixes
+ # SDL:
+ export SDL_VIDEODRIVER=wayland
+ # QT (needs qt5.qtwayland in systemPackages):
+ export QT_QPA_PLATFORM=wayland-egl
+ export QT_WAYLAND_DISABLE_WINDOWDECORATION="1"
+ # Fix for some Java AWT applications (e.g. Android Studio),
+ # use this if they aren't displayed properly:
+ export _JAVA_AWT_WM_NONREPARENTING=1
+ '';
+
+ extraPackages = with pkgs; [
+ swaybg
+ #swayidle
+ #swaylock
+ waybar
+ wl-clipboard
+ grim
+ slurp
+ easyeffects
+ keepassxc
+ ];
+ };
+
+ xdg.portal.wlr.enable = true;
+}
diff --git a/host/Rory-desktop/optional/hardware-specific/amd.nix b/host/Rory-desktop/optional/hardware-specific/amd.nix
index 3ae47d2..e4758a6 100644
--- a/host/Rory-desktop/optional/hardware-specific/amd.nix
+++ b/host/Rory-desktop/optional/hardware-specific/amd.nix
@@ -32,13 +32,11 @@
enable32Bit = true;
extraPackages = with pkgs; [
rocmPackages.clr.icd
- amdvlk
+ #amdvlk
];
- extraPackages32 = with pkgs; [ driversi686Linux.amdvlk ];
+ #extraPackages32 = with pkgs; [ driversi686Linux.amdvlk ];
};
};
systemd.tmpfiles.rules = [ "L+ /opt/rocm/hip - - - - ${pkgs.rocmPackages.clr}" ];
-
- system.stateVersion = "22.11"; # DO NOT EDIT!
}
diff --git a/host/Rory-desktop/services/edu/mongodb.nix b/host/Rory-desktop/services/edu/mongodb.nix
new file mode 100644
index 0000000..92ffc6a
--- /dev/null
+++ b/host/Rory-desktop/services/edu/mongodb.nix
@@ -0,0 +1,20 @@
+{
+ config,
+ pkgs,
+ lib,
+ ...
+}:
+
+{
+ services.mongodb = {
+ enable = true;
+ package = pkgs.mongodb-ce;
+ enableAuth = true;
+ initialRootPasswordFile = "/etc/mongo-pass";
+ #bind_ip = "/run/mongodb.sock";
+ extraConfig = ''
+ net.unixDomainSocket.filePermissions: 0777
+ '';
+ };
+
+}
diff --git a/host/Rory-desktop/services/libvirt.nix b/host/Rory-desktop/services/libvirt.nix
new file mode 100644
index 0000000..405a73d
--- /dev/null
+++ b/host/Rory-desktop/services/libvirt.nix
@@ -0,0 +1,8 @@
+{ pkgs, ... }:
+{
+ virtualisation.libvirtd.enable = true;
+ programs.virt-manager.enable = true;
+ environment.systemPackages = with pkgs; [
+ virt-viewer
+ ];
+}
\ No newline at end of file
diff --git a/host/Rory-desktop/mariadb.nix b/host/Rory-desktop/services/mariadb.nix
index 758cb3d..758cb3d 100644
--- a/host/Rory-desktop/mariadb.nix
+++ b/host/Rory-desktop/services/mariadb.nix
diff --git a/host/Rory-desktop/services/nginx.nix b/host/Rory-desktop/services/nginx.nix
new file mode 100644
index 0000000..bd1f364
--- /dev/null
+++ b/host/Rory-desktop/services/nginx.nix
@@ -0,0 +1,43 @@
+{
+ config,
+ pkgs,
+ lib,
+ ...
+}:
+
+{
+ services = {
+ nginx = {
+ enable = true;
+ #package = pkgs.nginxQuic;
+ recommendedProxySettings = true;
+ #recommendedTlsSettings = true;
+ recommendedZstdSettings = true;
+ # recommendedGzipSettings = true;
+ recommendedBrotliSettings = true;
+ recommendedOptimisation = true;
+ #defaultMimeTypes = ../../../../packages/nginx/mime.types;
+ appendConfig = ''
+ worker_processes 16;
+ '';
+ eventsConfig = ''
+ #use kqueue;
+ worker_connections 512;
+ '';
+ appendHttpConfig = ''
+ #sendfile on;
+ disable_symlinks off;
+ '';
+ additionalModules = with pkgs.nginxModules; [ moreheaders ];
+ virtualHosts = {
+ "discord.localhost" = import ./nginx/discord.localhost.nix { inherit pkgs; };
+ "hse.localhost" = import ./nginx/hse.localhost.nix { inherit pkgs; };
+ "matrix.opensuse.localhost" = import ./nginx/matrix.opensuse.localhost.nix { inherit pkgs; };
+ "synapse.localhost" = import ./nginx/synapse.localhost.nix { inherit pkgs; };
+ };
+ };
+ };
+ systemd.services.nginx.serviceConfig = {
+ LimitNOFILE = 5000000;
+ };
+}
diff --git a/host/Rory-desktop/services/nginx/discord.localhost.nix b/host/Rory-desktop/services/nginx/discord.localhost.nix
new file mode 100755
index 0000000..b40e13c
--- /dev/null
+++ b/host/Rory-desktop/services/nginx/discord.localhost.nix
@@ -0,0 +1,36 @@
+{ pkgs, ... }:
+
+{
+ root = "/www/discord";
+ addSSL = true;
+ enableACME = false;
+
+ # We don't care about certificates around here...
+ sslCertificate = "${pkgs.path}/nixos/tests/common/acme/server/acme.test.cert.pem";
+ sslCertificateKey = "${pkgs.path}/nixos/tests/common/acme/server/acme.test.key.pem";
+
+ extraConfig = ''
+ autoindex on;
+ more_set_headers 'Access-Control-Allow-Origin: *';
+ more_set_headers 'Access-Control-Allow-Methods: GET, POST, OPTIONS';
+ more_set_headers 'Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
+ more_set_headers 'Access-Control-Expose-Headers: Content-Length,Content-Range';
+ more_set_headers 'Access-Control-Allow-Credentials: true';
+ '';
+
+ locations = {
+ "/" = {
+ index = "index.html";
+ extraConfig = ''
+ more_set_headers 'Access-Control-Allow-Origin: *';
+ more_set_headers 'Access-Control-Allow-Methods: *';
+ more_set_headers 'Access-Control-Allow-Headers: *';
+ more_set_headers 'Access-Control-Expose-Headers: *';
+ more_set_headers 'Access-Control-Max-Age' 1728000;
+
+ # default to /index.html if file not found
+ try_files $uri $uri/ /index.html;
+ '';
+ };
+ };
+}
diff --git a/host/Rory-desktop/services/nginx/hse.localhost.nix b/host/Rory-desktop/services/nginx/hse.localhost.nix
new file mode 100755
index 0000000..5812b02
--- /dev/null
+++ b/host/Rory-desktop/services/nginx/hse.localhost.nix
@@ -0,0 +1,75 @@
+{pkgs, ...}:
+{
+ enableACME = false;
+ addSSL = true;
+ # We don't care about certificates around here...
+ sslCertificate = "${pkgs.path}/nixos/tests/common/acme/server/acme.test.cert.pem";
+ sslCertificateKey = "${pkgs.path}/nixos/tests/common/acme/server/acme.test.key.pem";
+ locations."/" = {
+ #proxyPass = "http://127.0.0.1:9001";
+ proxyPass = "http://localhost:5298";
+ extraConfig = ''
+ if ($request_method = 'OPTIONS') {
+ more_set_headers 'Access-Control-Allow-Origin: *';
+ more_set_headers 'Access-Control-Allow-Methods: *';
+ #
+ # Custom headers and headers various browsers *should* be OK with but aren't
+ #
+ more_set_headers 'Access-Control-Allow-Headers: *, Authorization';
+ #
+ # Tell client that this pre-flight info is valid for 20 days
+ #
+ more_set_headers 'Access-Control-Max-Age: 1728000';
+ more_set_headers 'Content-Type: text/plain; charset=utf-8';
+ more_set_headers 'Content-Length: 0';
+ return 204;
+ }
+ '';
+ };
+
+# locations."= /.well-known/matrix/server".extraConfig = ''
+# more_set_headers 'Content-Type application/json';
+# more_set_headers 'Access-Control-Allow-Origin *';
+# return 200 '${builtins.toJSON { "m.server" = "hse.localhost:5298"; }}';
+# '';
+# locations."= /.well-known/matrix/client".extraConfig = ''
+# more_set_headers 'Content-Type application/json';
+# more_set_headers 'Access-Control-Allow-Origin *';
+# return 200 '${
+# builtins.toJSON {
+# "m.homeserver".base_url = "http://hse.localhost:5298";
+# "org.matrix.msc3575.proxy".url = "https://matrix.rory.gay";
+# }
+# }';
+# '';
+ locations."= /.well-known/matrix/support".extraConfig = ''
+ more_set_headers 'Content-Type application/json';
+ more_set_headers 'Access-Control-Allow-Origin *';
+ return 200 '${
+ builtins.toJSON {
+ admins = [
+ {
+ matrix_id = "@emma:rory.gay";
+ role = "admin";
+ }
+ {
+ matrix_id = "@alicia:rory.gay";
+ role = "admin";
+ }
+ {
+ matrix_id = "@root:rory.gay";
+ role = "admin";
+ }
+ {
+ matrix_id = "@rory:rory.gay";
+ role = "admin";
+ }
+ ];
+ }
+ }';
+ '';
+
+ locations."~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync)" = {
+ proxyPass = "http://localhost:8100";
+ };
+}
diff --git a/host/Rory-desktop/services/nginx/matrix.opensuse.localhost.nix b/host/Rory-desktop/services/nginx/matrix.opensuse.localhost.nix
new file mode 100644
index 0000000..87287a4
--- /dev/null
+++ b/host/Rory-desktop/services/nginx/matrix.opensuse.localhost.nix
@@ -0,0 +1,75 @@
+{pkgs, ...}:
+{
+ enableACME = false;
+ addSSL = true;
+ # We don't care about certificates around here...
+ sslCertificate = "${pkgs.path}/nixos/tests/common/acme/server/acme.test.cert.pem";
+ sslCertificateKey = "${pkgs.path}/nixos/tests/common/acme/server/acme.test.key.pem";
+ locations."/" = {
+ #proxyPass = "http://127.0.0.1:9001";
+ proxyPass = "http://localhost:8008";
+ extraConfig = ''
+ if ($request_method = 'OPTIONS') {
+ more_set_headers 'Access-Control-Allow-Origin: *';
+ more_set_headers 'Access-Control-Allow-Methods: *';
+ #
+ # Custom headers and headers various browsers *should* be OK with but aren't
+ #
+ more_set_headers 'Access-Control-Allow-Headers: *, Authorization';
+ #
+ # Tell client that this pre-flight info is valid for 20 days
+ #
+ more_set_headers 'Access-Control-Max-Age: 1728000';
+ more_set_headers 'Content-Type: text/plain; charset=utf-8';
+ more_set_headers 'Content-Length: 0';
+ return 204;
+ }
+ '';
+ };
+
+# locations."= /.well-known/matrix/server".extraConfig = ''
+# more_set_headers 'Content-Type application/json';
+# more_set_headers 'Access-Control-Allow-Origin *';
+# return 200 '${builtins.toJSON { "m.server" = "hse.localhost:5298"; }}';
+# '';
+# locations."= /.well-known/matrix/client".extraConfig = ''
+# more_set_headers 'Content-Type application/json';
+# more_set_headers 'Access-Control-Allow-Origin *';
+# return 200 '${
+# builtins.toJSON {
+# "m.homeserver".base_url = "http://hse.localhost:5298";
+# "org.matrix.msc3575.proxy".url = "https://matrix.rory.gay";
+# }
+# }';
+# '';
+ locations."= /.well-known/matrix/support".extraConfig = ''
+ more_set_headers 'Content-Type application/json';
+ more_set_headers 'Access-Control-Allow-Origin *';
+ return 200 '${
+ builtins.toJSON {
+ admins = [
+ {
+ matrix_id = "@emma:rory.gay";
+ role = "admin";
+ }
+ {
+ matrix_id = "@alicia:rory.gay";
+ role = "admin";
+ }
+ {
+ matrix_id = "@root:rory.gay";
+ role = "admin";
+ }
+ {
+ matrix_id = "@rory:rory.gay";
+ role = "admin";
+ }
+ ];
+ }
+ }';
+ '';
+
+ locations."~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync)" = {
+ proxyPass = "http://localhost:8100";
+ };
+}
diff --git a/host/Rory-desktop/services/nginx/synapse.localhost.nix b/host/Rory-desktop/services/nginx/synapse.localhost.nix
new file mode 100755
index 0000000..9f89678
--- /dev/null
+++ b/host/Rory-desktop/services/nginx/synapse.localhost.nix
@@ -0,0 +1,70 @@
+{ pkgs }:
+{
+ enableACME = false;
+ addSSL = true;
+ # We don't care about certificates around here...
+ sslCertificate = "${pkgs.path}/nixos/tests/common/acme/server/acme.test.cert.pem";
+ sslCertificateKey = "${pkgs.path}/nixos/tests/common/acme/server/acme.test.key.pem";
+ locations."/" = {
+ #proxyPass = "http://127.0.0.1:9001";
+ proxyPass = "http://localhost:8008";
+ extraConfig = ''
+ if ($request_method = 'OPTIONS') {
+ more_set_headers 'Access-Control-Allow-Origin: *';
+ more_set_headers 'Access-Control-Allow-Methods: *';
+ #
+ # Custom headers and headers various browsers *should* be OK with but aren't
+ #
+ more_set_headers 'Access-Control-Allow-Headers: *, Authorization';
+ #
+ # Tell client that this pre-flight info is valid for 20 days
+ #
+ more_set_headers 'Access-Control-Max-Age: 1728000';
+ more_set_headers 'Content-Type: text/plain; charset=utf-8';
+ more_set_headers 'Content-Length: 0';
+ return 204;
+ }
+ '';
+ };
+
+ locations."= /.well-known/matrix/server".extraConfig = ''
+ more_set_headers 'Content-Type application/json';
+ more_set_headers 'Access-Control-Allow-Origin *';
+ return 200 '${builtins.toJSON { "m.server" = "synapse.localhost:443"; }}';
+ '';
+ locations."= /.well-known/matrix/client".extraConfig = ''
+ more_set_headers 'Content-Type application/json';
+ more_set_headers 'Access-Control-Allow-Origin *';
+ return 200 '${
+ builtins.toJSON {
+ "m.homeserver".base_url = "http://synapse.localhost";
+ }
+ }';
+ '';
+ locations."= /.well-known/matrix/support".extraConfig = ''
+ more_set_headers 'Content-Type application/json';
+ more_set_headers 'Access-Control-Allow-Origin *';
+ return 200 '${
+ builtins.toJSON {
+ admins = [
+ {
+ matrix_id = "@emma:rory.gay";
+ role = "admin";
+ }
+ {
+ matrix_id = "@alicia:rory.gay";
+ role = "admin";
+ }
+ {
+ matrix_id = "@root:rory.gay";
+ role = "admin";
+ }
+ {
+ matrix_id = "@rory:rory.gay";
+ role = "admin";
+ }
+ ];
+ }
+ }';
+ '';
+}
diff --git a/host/Rory-desktop/ollama.nix b/host/Rory-desktop/services/ollama.nix
index 7f0ae8c..b1b0a7a 100755
--- a/host/Rory-desktop/ollama.nix
+++ b/host/Rory-desktop/services/ollama.nix
@@ -21,17 +21,24 @@
#];
services.ollama = {
- enable = false;
+ enable = true;
home = "/data/ollama/home";
models = "/data/ollama/home/models";
environmentVariables = {
OLLAMA_LLM_LIBRARY = "rocm";
+ HCC_AMDGPU_TARGET = "gfx1102";
};
# writablePaths = [ "/data/ollama/home" ];
#listenAddress = "0.0.0.0:11434";
host = "0.0.0.0";
port = 11434;
- sandbox = false;
+ user = "ollama";
+ group = "ollama";
acceleration = "rocm";
+ rocmOverrideGfx = "11.0.2";
};
+
+ #services.nextjs-ollama-llm-ui = {
+
+ #};
}
diff --git a/host/Rory-desktop/postgres.nix b/host/Rory-desktop/services/postgres.nix
index 60fd8d6..c201b04 100755
--- a/host/Rory-desktop/postgres.nix
+++ b/host/Rory-desktop/services/postgres.nix
@@ -28,10 +28,17 @@
# '';
#dataDir = "/mnt/postgres/data";
settings = {
- "max_connections" = "100";
- "shared_buffers" = "128MB";
+ "max_connections" = "1000";
+ "shared_buffers" = "512MB";
"max_wal_size" = "1GB";
"min_wal_size" = "80MB";
+
+ shared_preload_libraries = "pg_stat_statements";
+ track_io_timing = "on";
+ track_functions = "pl";
+ "pg_stat_statements.max" = "10000"; # additional
+ "pg_stat_statements.track" = "all"; # additional
+
};
};
diff --git a/host/Rory-portable/printing.nix b/host/Rory-desktop/services/printing.nix
index f25580f..4f86347 100644
--- a/host/Rory-portable/printing.nix
+++ b/host/Rory-desktop/services/printing.nix
@@ -14,7 +14,7 @@
environment.systemPackages = with pkgs; [
xsane
- gnome.simple-scan
+ simple-scan
];
hardware = {
@@ -39,7 +39,7 @@
};
avahi = {
enable = true;
- nssmdns = true;
+ nssmdns4 = true;
reflector = true;
publish = {
workstation = true;
@@ -51,6 +51,4 @@
};
};
};
-
- system.stateVersion = "22.11"; # DO NOT EDIT!
}
diff --git a/host/Rory-desktop/services/rabbitmq.nix b/host/Rory-desktop/services/rabbitmq.nix
new file mode 100644
index 0000000..f786a70
--- /dev/null
+++ b/host/Rory-desktop/services/rabbitmq.nix
@@ -0,0 +1,6 @@
+{ ... }:
+{
+ services.rabbitmq = {
+ enable = true;
+ };
+}
\ No newline at end of file
diff --git a/host/Rory-desktop/services/steam.nix b/host/Rory-desktop/services/steam.nix
new file mode 100644
index 0000000..a01b46e
--- /dev/null
+++ b/host/Rory-desktop/services/steam.nix
@@ -0,0 +1,11 @@
+{ ... }:
+{
+ programs.steam = {
+ enable = true;
+ gamescopeSession.enable = true;
+ extraCompatPackages = with pkgs; [
+ steam-play-none
+ proton-ge-bin
+ ];
+ };
+}
\ No newline at end of file
diff --git a/host/Rory-desktop/services/waydroid.nix b/host/Rory-desktop/services/waydroid.nix
new file mode 100644
index 0000000..45a90ea
--- /dev/null
+++ b/host/Rory-desktop/services/waydroid.nix
@@ -0,0 +1,4 @@
+{ ... }:
+{
+ virtualisation.waydroid.enable = true;
+}
\ No newline at end of file
diff --git a/host/Rory-laptop/configuration.nix b/host/Rory-laptop/configuration.nix
new file mode 100644
index 0000000..894878a
--- /dev/null
+++ b/host/Rory-laptop/configuration.nix
@@ -0,0 +1,376 @@
+args@{
+ config,
+ pkgs,
+ lib,
+ nhekoSrc,
+ mtxclientSrc,
+ ...
+}:
+
+{
+ imports = [
+ # base imports
+ ../../modules/base-client.nix
+ # (import ../../modules/base-secrets.nix { path = "/home/rory/.config/sops/config.yaml"; })
+ ../../packages/vim.nix
+ # ../../modules/environments/home.nix
+ #../../modules/software-templates/profilers.nix
+ ../../modules/software-templates/dotnet.client.nix
+
+ ./postgres.nix
+ ./nginx.nix
+
+ ./edu/vmware.nix
+ ./edu/nodejs-dev.nix
+
+ # hardware-specific imports
+ #./optional/hardware-specific/nvidia.nix
+ ./optional/hardware-specific/intel.nix
+ ./optional/gui/wayland.nix
+ ];
+
+ boot = {
+ kernelPackages = pkgs.linuxPackages_latest;
+ loader = {
+ grub = {
+ configurationLimit = 10;
+ enable = true;
+ device = "nodev"; # nodev for EFI only
+ # EFI
+ efiSupport = true;
+ #efiInstallAsRemovable = true;
+ };
+ #efi.canTouchEfiVariables = true;
+ };
+ };
+ programs.noisetorch.enable = true;
+ programs.gamemode.enable = true;
+ users.users.Rory.extraGroups = [ "gamemode" ];
+ virtualisation.diskSize = 81920;
+
+ environment.sessionVariables = {
+ ZSH_DISABLE_COMPFIX = "true";
+ };
+
+ networking = {
+ hostName = "Rory-laptop";
+ networkmanager.enable = true;
+ wireless.enable = false;
+ firewall = {
+ enable = false;
+ # allowedTCPPorts = [ ... ];
+ # allowedUDPPorts = [ ... ];
+ };
+
+ #interfaces.enp2s0.ipv4.addresses = [
+ # {
+ # address = "192.168.0.4";
+ # prefixLength = 24;
+ # }
+ #];
+
+ #defaultGateway = "192.168.0.1";
+ #useDHCP = true; # Doesn't work with NetworkManager, investigate
+ };
+
+ time.timeZone = "Europe/Brussels";
+ i18n.defaultLocale = "en_US.UTF-8";
+
+ services = {
+ blueman.enable = true;
+ resolved.enable = true;
+ mullvad-vpn = {
+ enable = true;
+ package = pkgs.mullvad-vpn;
+ };
+ xserver = {
+ displayManager.gdm.enable = true;
+ displayManager.lightdm.enable = false;
+ enable = true;
+ updateDbusEnvironment = true;
+ xkb.layout = "us";
+ wacom.enable = true;
+ };
+ libinput.enable = true;
+
+ openssh = {
+ enable = true;
+ extraConfig = ''
+ MaxAuthTries 32
+ '';
+ settings.PermitRootLogin = "yes";
+ };
+ pipewire = {
+ enable = true;
+ audio.enable = true;
+ pulse.enable = true;
+ wireplumber.enable = true;
+ jack.enable = true;
+ alsa.enable = true;
+ };
+ };
+
+ services.desktopManager.gnome.enable = false;
+ environment.systemPackages = with pkgs; [
+ eog
+ mpv
+ libreoffice
+ qt6.qtwayland
+
+ feh
+ easyeffects
+ kitty
+ youtube-music
+
+ # - IDEs
+
+ (jetbrains.plugins.addPlugins jetbrains.webstorm [
+ jetbrains.plugins.github-copilot-fixed
+ #"github-copilot"
+ ])
+ (jetbrains.plugins.addPlugins jetbrains.idea-ultimate [
+ jetbrains.plugins.github-copilot-fixed
+ #"github-copilot"
+ ])
+ (jetbrains.plugins.addPlugins jetbrains.clion [
+ jetbrains.plugins.github-copilot-fixed
+ #"github-copilot"
+ "string-manipulation"
+ "nixidea"
+ "visual-studio-keymap"
+ ])
+ binutils
+
+ dbeaver-bin
+ vscode
+
+ # - Utilities
+ inkscape-with-extensions
+ gimp
+
+ # - Languages
+ #dotnet-sdk_8
+ dotnetCorePackages.sdk_9_0
+
+ #games
+ osu-lazer-bin
+
+ # extra packages
+ dmenu
+ hyprlock
+
+ nemo
+ file-roller
+ firefox-bin
+ #ungoogled-chromium #needed for Rider in order to debug WASM
+
+ #yuzu-early-access
+ #wineWowPackages.unstableFull
+ #winetricks
+ #fragments
+ #peek
+
+ unrar-wrapper
+
+ #(schildichat-desktop.override { electron = electron; })
+ (callPackage ../../packages/nheko-git.nix {
+ inherit nhekoSrc;
+ inherit mtxclientSrc;
+ voipSupport = false;
+ })
+ #(callPackage ../../packages/mc/server/modpack/curseforge/techopolis-2/5.4.nix { })
+
+ #vesktop
+ virt-viewer
+
+ # (dwarf-fortress-packages.dwarf-fortress-full.override { enableStoneSense = true; enableFPS = true; theme = dwarf-fortress-packages.themes.spacefox; })
+ mangohud
+ prismlauncher
+
+ thunderbird
+
+ jitsi-meet-electron
+ # nixd # broken 24/03/2025
+ mullvad-vpn
+ blueman
+ ft2-clone
+ wxmaxima
+ ];
+ environment.etc."pkcs11/modules/opensc-pkcs11".text = ''
+ module: ${pkgs.opensc}/lib/opensc-pkcs11.so
+ '';
+
+ boot.initrd.systemd.emergencyAccess = true;
+
+ # Speed up boot
+ boot.initrd.systemd.network.wait-online.enable = false;
+ systemd.network.wait-online.enable = false;
+ services.power-profiles-daemon.enable = true;
+ systemd.services."NetworkManager-wait-online".enable = false;
+ virtualisation.libvirtd.onBoot = "ignore";
+
+# systemd.services."systemd-rfkill".serviceConfig.Type = "simple"; # maybe exec?
+ systemd.services."NetworkManager".serviceConfig.Type = "exec"; # maybe exec?
+# systemd.services."home-manager-Rory".serviceConfig.Type = lib.mkForce "exec";
+# systemd.services."systemd-backlight@backlight:intel_backlight".serviceConfig.Type = "exec";
+# systemd.services."wpa_supplicant".serviceConfig.Type = "exec";
+# systemd.services."libvirtd".serviceConfig.Type = lib.mkForce "exec";
+# systemd.services."nginx".serviceConfig.Type = "exec";
+# systemd.services."grafana".serviceConfig.Type = "exec";
+# systemd.services."prometheus".serviceConfig.Type = "exec";
+# systemd.services."bluetooth".serviceConfig.Type = "exec";
+# systemd.services."vmware-usbarbitrator".enable = false;
+# systemd.services."vmware-authdlauncher".enable = false;
+# systemd.services."waydroid-container".enable = false;
+# systemd.services."NetworkManager".serviceConfig.TimeoutStartSec = 10;
+ boot.kernelParams = [
+ #"quiet"
+ "loglevel=8" #3
+ #"systemd.show_status=auto"
+ #"rd.udev.log_level=3"
+ #"libahci.ignore_sss=1"
+ ];
+
+ # Simplfy initrd
+ #boot.bcache.enable = false;
+ #boot.initrd.services.bcache.enable = false;
+ #services.lvm.enable = false;
+ #boot.initrd.services.resolved.enable = false;
+ #boot.initrd.network.udhcpc.enable = false;
+ #boot.initrd.network.enable = false;
+ #boot.initrd.services.lvm.enable = false;
+ #boot.initrd.compressor = "cat";
+#
+ #boot.initrd.systemd.units."systemd-backlight@.service".enable = false;
+ #boot.initrd.systemd.units."dev-ttyS0.device".enable = false;
+ #boot.initrd.systemd.units."dev-ttyS1.device".enable = false;
+ #boot.initrd.systemd.units."dev-ttyS2.device".enable = false;
+ #boot.initrd.systemd.units."dev-ttyS3.device".enable = false;
+ #boot.initrd.systemd.units."dev-ttyS4.device".enable = false;
+ #boot.initrd.systemd.units."dev-sda.device".enable = false;
+ #boot.initrd.systemd.units."dev-sda1.device".enable = false;
+ #boot.initrd.systemd.units."dev-sda2.device".enable = false;
+ #
+ #boot.initrd.includeDefaultModules = false;
+ #boot.initrd.availableKernelModules = [
+ # "nvme"
+ #];
+#
+ #services.orca.enable = true;
+
+ virtualisation.waydroid.enable = true;
+
+ xdg = {
+ portal = {
+ enable = true;
+ extraPortals = with pkgs; [
+ #xdg-desktop-portal-gtk
+ xdg-desktop-portal-xapp
+ # (callPackage ../../packages/xdg-desktop-portal-gtk.nix { })
+ ];
+ config = {
+ common = {
+ default = [ "gtk" ];
+ };
+ };
+ xdgOpenUsePortal = true;
+ };
+ #sounds.enable = true;
+ #mime.enable = true;
+ #menus.enable = true;
+ #icons.enable = true;
+ #autostart.enable = true;
+ };
+ fonts = {
+ packages = with pkgs; [
+ nerd-fonts.jetbrains-mono
+ noto-fonts-monochrome-emoji
+ ];
+ fontconfig.defaultFonts.monospace = with pkgs; [
+ "JetBrainsMonoNL Nerd Font,JetBrainsMonoNL NF:style=Regular"
+ ];
+ fontconfig.defaultFonts.sansSerif = with pkgs; [
+ "JetBrainsMonoNL Nerd Font,JetBrainsMonoNL NF:style=Regular"
+ ];
+ fontconfig.defaultFonts.serif = with pkgs; [
+ "JetBrainsMonoNL Nerd Font,JetBrainsMonoNL NF:style=Regular"
+ ];
+ fontconfig.defaultFonts.emoji = with pkgs; [ "freefont" ];
+ enableDefaultPackages = lib.mkForce false;
+ enableGhostscriptFonts = lib.mkForce false;
+ };
+
+ nixpkgs = {
+ config = {
+ allowUnfree = true;
+ permittedInsecurePackages = [
+ "electron-25.9.0"
+ "olm-3.2.16"
+ "dotnet-sdk-wrapped-7.0.410"
+ "dotnet-sdk-7.0.410"
+ ];
+ };
+ };
+ security = {
+ polkit.enable = true;
+ sudo.wheelNeedsPassword = false;
+ };
+
+ services.pulseaudio.enable = false;
+ hardware = {
+ bluetooth = {
+ enable = true;
+ powerOnBoot = true;
+ };
+ };
+
+ services.locate.package = pkgs.plocate;
+ services.locate.enable = true;
+ programs.dconf.enable = true;
+
+ #networking.wireguard.interfaces = {
+ # wg-KP-Ran = {
+
+ #};
+ # };
+
+ virtualisation.libvirtd = {
+ enable = true;
+ qemu = {
+ swtpm.enable = true;
+ ovmf.enable = true;
+ };
+ };
+ programs.virt-manager.enable = true;
+
+ monitoring = {
+ monitorAll = true;
+ localPrometheus = true;
+ exposePrometheus = true;
+ localGrafana = true;
+ exposeGrafana = true;
+ nginxHost = "monitoring.localhost";
+ nginxSsl = false;
+ };
+ networking.hosts."127.0.0.1" = builtins.attrNames config.services.nginx.virtualHosts;
+
+ services.gvfs.enable = true;
+ zramSwap = {
+ enable = true;
+ memoryPercent = 200;
+ };
+
+ virtualisation.vmVariant = {
+ users = {
+ mutableUsers = false;
+ users.Rory.password = "password";
+ };
+ networking.interfaces.enp34s0 = lib.mkForce { };
+ };
+
+ services.rabbitmq = {
+ #enable = true;
+ };
+
+ system.stateVersion = "22.11"; # DO NOT EDIT!
+}
diff --git a/host/Rory-laptop/edu/nodejs-dev.nix b/host/Rory-laptop/edu/nodejs-dev.nix
new file mode 100644
index 0000000..3850cb9
--- /dev/null
+++ b/host/Rory-laptop/edu/nodejs-dev.nix
@@ -0,0 +1,25 @@
+{
+ config,
+ pkgs,
+ lib,
+ ...
+}:
+
+{
+ environment.systemPackages = with pkgs; [
+ nodejs_latest
+
+ ];
+
+ services.mongodb = {
+ enable = true;
+ package = pkgs.mongodb-ce;
+ enableAuth = true;
+ initialRootPasswordFile = "/etc/mongo-pass";
+ #bind_ip = "/run/mongodb.sock";
+ extraConfig = ''
+ net.unixDomainSocket.filePermissions: 0777
+ '';
+ };
+
+}
diff --git a/host/Rory-laptop/edu/vmware.nix b/host/Rory-laptop/edu/vmware.nix
new file mode 100644
index 0000000..de9e988
--- /dev/null
+++ b/host/Rory-laptop/edu/vmware.nix
@@ -0,0 +1,18 @@
+{
+ config,
+ pkgs,
+ lib,
+ ...
+}:
+
+{
+ virtualisation.vmware.host = {
+ enable = true;
+ extraConfig = ''
+ # Allow unsupported device's OpenGL and Vulkan acceleration for guest vGPU
+ mks.gl.allowUnsupportedDrivers = "TRUE"
+ mks.vk.allowUnsupportedDevices = "TRUE"
+ '';
+ };
+
+}
diff --git a/host/Rory-laptop/hacks/drm-amd-3437.patch b/host/Rory-laptop/hacks/drm-amd-3437.patch
new file mode 100644
index 0000000..1867762
--- /dev/null
+++ b/host/Rory-laptop/hacks/drm-amd-3437.patch
@@ -0,0 +1,13 @@
+diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_object.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_object.c
+index c556c8b653fa..272ad5e4a328 100644
+--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_object.c
++++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_object.c
+@@ -180,7 +180,7 @@ void amdgpu_bo_placement_from_domain(struct amdgpu_bo *abo, u32 domain)
+ * When GTT is just an alternative to VRAM make sure that we
+ * only use it as fallback and still try to fill up VRAM first.
+ */
+- if (domain & abo->preferred_domains & AMDGPU_GEM_DOMAIN_VRAM)
++ if (domain & abo->preferred_domains & AMDGPU_GEM_DOMAIN_VRAM && !(adev->flags & AMD_IS_APU))
+ places[c].flags |= TTM_PL_FLAG_FALLBACK;
+ c++;
+ }
\ No newline at end of file
diff --git a/host/Rory-laptop/hooks/post-rebuild.sh b/host/Rory-laptop/hooks/post-rebuild.sh
new file mode 100755
index 0000000..30733ad
--- /dev/null
+++ b/host/Rory-laptop/hooks/post-rebuild.sh
@@ -0,0 +1,7 @@
+#!/usr/bin/env sh
+set -x
+
+git restore --staged hardware-configuration.nix
+git restore --staged Ran.ca
+git restore --staged modules/opensuse/
+git restore --staged opensuse/
\ No newline at end of file
diff --git a/host/Rory-laptop/hooks/pre-rebuild.sh b/host/Rory-laptop/hooks/pre-rebuild.sh
new file mode 100755
index 0000000..d4ec9d3
--- /dev/null
+++ b/host/Rory-laptop/hooks/pre-rebuild.sh
@@ -0,0 +1,7 @@
+#!/usr/bin/env sh
+set -x
+
+git add -f hardware-configuration.nix
+git add -f Ran.ca
+git add -f modules/opensuse/
+git add -f opensuse/
\ No newline at end of file
diff --git a/host/Rory-laptop/mariadb.nix b/host/Rory-laptop/mariadb.nix
new file mode 100644
index 0000000..758cb3d
--- /dev/null
+++ b/host/Rory-laptop/mariadb.nix
@@ -0,0 +1,14 @@
+{
+ config,
+ pkgs,
+ lib,
+ ...
+}:
+
+{
+ services.mysql = {
+ enable = true;
+ package = pkgs.mariadb;
+ };
+
+}
diff --git a/host/Rory-desktop/nginx.nix b/host/Rory-laptop/nginx.nix
index dfb1d03..0a72304 100644
--- a/host/Rory-desktop/nginx.nix
+++ b/host/Rory-laptop/nginx.nix
@@ -13,16 +13,16 @@
recommendedProxySettings = true;
#recommendedTlsSettings = true;
recommendedZstdSettings = true;
-# recommendedGzipSettings = true;
+ # recommendedGzipSettings = true;
recommendedBrotliSettings = true;
recommendedOptimisation = true;
- #defaultMimeTypes = ../../../../modules/packages/nginx/mime.types;
+ #defaultMimeTypes = ../../../../packages/nginx/mime.types;
appendConfig = ''
- worker_processes 16;
+ #worker_processes 16;
'';
eventsConfig = ''
#use kqueue;
- worker_connections 512;
+ #worker_connections 512;
'';
appendHttpConfig = ''
#sendfile on;
@@ -31,6 +31,7 @@
additionalModules = with pkgs.nginxModules; [ moreheaders ];
virtualHosts = {
"discord.localhost" = import ./nginx/discord.localhost.nix { inherit pkgs; };
+ "hse.localhost" = import ./nginx/hse.localhost.nix {inherit pkgs;};
};
};
diff --git a/host/Rory-laptop/nginx/discord.localhost.nix b/host/Rory-laptop/nginx/discord.localhost.nix
new file mode 100644
index 0000000..b40e13c
--- /dev/null
+++ b/host/Rory-laptop/nginx/discord.localhost.nix
@@ -0,0 +1,36 @@
+{ pkgs, ... }:
+
+{
+ root = "/www/discord";
+ addSSL = true;
+ enableACME = false;
+
+ # We don't care about certificates around here...
+ sslCertificate = "${pkgs.path}/nixos/tests/common/acme/server/acme.test.cert.pem";
+ sslCertificateKey = "${pkgs.path}/nixos/tests/common/acme/server/acme.test.key.pem";
+
+ extraConfig = ''
+ autoindex on;
+ more_set_headers 'Access-Control-Allow-Origin: *';
+ more_set_headers 'Access-Control-Allow-Methods: GET, POST, OPTIONS';
+ more_set_headers 'Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
+ more_set_headers 'Access-Control-Expose-Headers: Content-Length,Content-Range';
+ more_set_headers 'Access-Control-Allow-Credentials: true';
+ '';
+
+ locations = {
+ "/" = {
+ index = "index.html";
+ extraConfig = ''
+ more_set_headers 'Access-Control-Allow-Origin: *';
+ more_set_headers 'Access-Control-Allow-Methods: *';
+ more_set_headers 'Access-Control-Allow-Headers: *';
+ more_set_headers 'Access-Control-Expose-Headers: *';
+ more_set_headers 'Access-Control-Max-Age' 1728000;
+
+ # default to /index.html if file not found
+ try_files $uri $uri/ /index.html;
+ '';
+ };
+ };
+}
diff --git a/host/Rory-laptop/nginx/hse.localhost.nix b/host/Rory-laptop/nginx/hse.localhost.nix
new file mode 100755
index 0000000..5812b02
--- /dev/null
+++ b/host/Rory-laptop/nginx/hse.localhost.nix
@@ -0,0 +1,75 @@
+{pkgs, ...}:
+{
+ enableACME = false;
+ addSSL = true;
+ # We don't care about certificates around here...
+ sslCertificate = "${pkgs.path}/nixos/tests/common/acme/server/acme.test.cert.pem";
+ sslCertificateKey = "${pkgs.path}/nixos/tests/common/acme/server/acme.test.key.pem";
+ locations."/" = {
+ #proxyPass = "http://127.0.0.1:9001";
+ proxyPass = "http://localhost:5298";
+ extraConfig = ''
+ if ($request_method = 'OPTIONS') {
+ more_set_headers 'Access-Control-Allow-Origin: *';
+ more_set_headers 'Access-Control-Allow-Methods: *';
+ #
+ # Custom headers and headers various browsers *should* be OK with but aren't
+ #
+ more_set_headers 'Access-Control-Allow-Headers: *, Authorization';
+ #
+ # Tell client that this pre-flight info is valid for 20 days
+ #
+ more_set_headers 'Access-Control-Max-Age: 1728000';
+ more_set_headers 'Content-Type: text/plain; charset=utf-8';
+ more_set_headers 'Content-Length: 0';
+ return 204;
+ }
+ '';
+ };
+
+# locations."= /.well-known/matrix/server".extraConfig = ''
+# more_set_headers 'Content-Type application/json';
+# more_set_headers 'Access-Control-Allow-Origin *';
+# return 200 '${builtins.toJSON { "m.server" = "hse.localhost:5298"; }}';
+# '';
+# locations."= /.well-known/matrix/client".extraConfig = ''
+# more_set_headers 'Content-Type application/json';
+# more_set_headers 'Access-Control-Allow-Origin *';
+# return 200 '${
+# builtins.toJSON {
+# "m.homeserver".base_url = "http://hse.localhost:5298";
+# "org.matrix.msc3575.proxy".url = "https://matrix.rory.gay";
+# }
+# }';
+# '';
+ locations."= /.well-known/matrix/support".extraConfig = ''
+ more_set_headers 'Content-Type application/json';
+ more_set_headers 'Access-Control-Allow-Origin *';
+ return 200 '${
+ builtins.toJSON {
+ admins = [
+ {
+ matrix_id = "@emma:rory.gay";
+ role = "admin";
+ }
+ {
+ matrix_id = "@alicia:rory.gay";
+ role = "admin";
+ }
+ {
+ matrix_id = "@root:rory.gay";
+ role = "admin";
+ }
+ {
+ matrix_id = "@rory:rory.gay";
+ role = "admin";
+ }
+ ];
+ }
+ }';
+ '';
+
+ locations."~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync)" = {
+ proxyPass = "http://localhost:8100";
+ };
+}
diff --git a/host/Rory-laptop/ollama.nix b/host/Rory-laptop/ollama.nix
new file mode 100644
index 0000000..b1b0a7a
--- /dev/null
+++ b/host/Rory-laptop/ollama.nix
@@ -0,0 +1,44 @@
+{
+ config,
+ pkgs,
+ lib,
+ ...
+}:
+
+{
+ # systemd.tmpfiles.rules = [ "d /data/ollama 0750 ostgres postgres" ];
+
+ #overlays
+ #nixpkgs.overlays = [
+ # (final: old: {
+ # rocmPackages = old.rocmPackages // {
+ # rocblas = (old.rocmPackages.rocblas.overrideAttrs (oldAttrs: {
+ # gpuTargets = [ "gfx1102" ];
+ # }));
+ # };
+ # }
+ # )
+ #];
+
+ services.ollama = {
+ enable = true;
+ home = "/data/ollama/home";
+ models = "/data/ollama/home/models";
+ environmentVariables = {
+ OLLAMA_LLM_LIBRARY = "rocm";
+ HCC_AMDGPU_TARGET = "gfx1102";
+ };
+ # writablePaths = [ "/data/ollama/home" ];
+ #listenAddress = "0.0.0.0:11434";
+ host = "0.0.0.0";
+ port = 11434;
+ user = "ollama";
+ group = "ollama";
+ acceleration = "rocm";
+ rocmOverrideGfx = "11.0.2";
+ };
+
+ #services.nextjs-ollama-llm-ui = {
+
+ #};
+}
diff --git a/host/Rory-laptop/optional/gui/wayland.nix b/host/Rory-laptop/optional/gui/wayland.nix
new file mode 100644
index 0000000..ab72165
--- /dev/null
+++ b/host/Rory-laptop/optional/gui/wayland.nix
@@ -0,0 +1,60 @@
+{
+ pkgs,
+ hyprland,
+ hy3,
+ ...
+}:
+
+{
+ programs.sway = {
+ enable = true;
+
+ wrapperFeatures.gtk = true;
+ extraSessionCommands = ''
+ # -- Wayland fixes
+ # SDL:
+ export SDL_VIDEODRIVER=wayland
+ # QT (needs qt5.qtwayland in systemPackages):
+ export QT_QPA_PLATFORM=wayland
+ export QT_WAYLAND_DISABLE_WINDOWDECORATION="1"
+ # Fix for some Java AWT applications (e.g. Android Studio),
+ # use this if they aren't displayed properly:
+ export _JAVA_AWT_WM_NONREPARENTING=1
+ '';
+
+ extraPackages = with pkgs; [
+ swaybg
+ #swayidle
+ #swaylock
+ waybar
+ wl-clipboard
+ grim
+ slurp
+ easyeffects
+ keepassxc
+ networkmanagerapplet
+ ];
+ };
+
+ programs.hyprland = {
+ enable = true;
+ package = hyprland.packages.${pkgs.stdenv.hostPlatform.system}.hyprland;
+ xwayland.enable = true;
+ withUWSM = true;
+ };
+ security.rtkit.enable = true;
+
+ programs.hyprlock.enable = true;
+ environment.systemPackages = with pkgs;[
+ wmenu
+ kdePackages.xwaylandvideobridge
+ ];
+
+ environment.etc."hyprPlugins" = {
+ text = ''
+ plugin = ${hy3.packages.${pkgs.stdenv.hostPlatform.system}.hy3}/lib/libhy3.so
+ '';
+ };
+
+ xdg.portal.wlr.enable = true;
+}
diff --git a/host/Rory-laptop/optional/gui/x11.nix b/host/Rory-laptop/optional/gui/x11.nix
new file mode 100644
index 0000000..9070298
--- /dev/null
+++ b/host/Rory-laptop/optional/gui/x11.nix
@@ -0,0 +1,36 @@
+{
+ config,
+ pkgs,
+ lib,
+ nhekoSrc,
+ mtxclientSrc,
+ ...
+}:
+
+{
+ imports = [ ];
+
+ services = {
+ xserver = {
+ windowManager.i3.enable = true;
+ windowManager.i3.extraSessionCommands = ''
+ # output from arandr:
+ #xrandr --output DP-1 --mode 1920x1080 --pos 3840x1080 --rotate normal --output HDMI-1 --mode 3840x2160 --pos 0x0 --rotate normal --output HDMI-2 --off --output DP-2 --off
+ xrandr --output HDMI-1 --mode 3840x2160 --pos 0x0 --rotate normal --primary --output DP-1 --mode 1920x1080 --pos 3840x1080 --rotate normal --output HDMI-2 --off --output DP-2 --off
+ ${pkgs.polybarFull}/bin/polybar &
+ ${pkgs.dunst}/bin/dunst &
+ ${pkgs.picom}/bin/picom --config ~/.config/picom.conf &
+ ${pkgs.feh}/bin/feh --no-fehbg --bg-fill ${../../../../modules/users/Rory/wallpaper.webp}
+ '';
+ windowManager.i3.extraPackages = with pkgs; [
+ easyeffects
+ keepassxc
+ ];
+ };
+
+ picom.enable = false;
+ #picom.vSync = false;
+ #picom.backend = "glx";
+ };
+
+}
diff --git a/host/Rory-laptop/optional/hardware-specific/amd.nix b/host/Rory-laptop/optional/hardware-specific/amd.nix
new file mode 100644
index 0000000..e4758a6
--- /dev/null
+++ b/host/Rory-laptop/optional/hardware-specific/amd.nix
@@ -0,0 +1,42 @@
+{
+ config,
+ pkgs,
+ lib,
+ nhekoSrc,
+ mtxclientSrc,
+ ...
+}:
+
+{
+ imports = [ ];
+
+ boot.initrd.kernelModules = [ "amdgpu" ];
+
+ services = {
+ xserver = {
+ windowManager.i3.extraSessionCommands = ''
+ xrandr --output HDMI-1 --mode 3840x2160 --pos 0x0 --rotate normal --primary --output DP-1 --mode 1920x1080 --pos 3840x1080 --rotate normal --output HDMI-2 --off --output DP-2 --off
+ '';
+ wacom.enable = true;
+ };
+ picom.backend = "glx";
+ };
+
+ environment.systemPackages = with pkgs; [
+ rocmPackages.rocm-smi # useful to have
+ ];
+
+ hardware = {
+ graphics = {
+ enable = true;
+ enable32Bit = true;
+ extraPackages = with pkgs; [
+ rocmPackages.clr.icd
+ #amdvlk
+ ];
+ #extraPackages32 = with pkgs; [ driversi686Linux.amdvlk ];
+ };
+ };
+
+ systemd.tmpfiles.rules = [ "L+ /opt/rocm/hip - - - - ${pkgs.rocmPackages.clr}" ];
+}
diff --git a/host/Rory-laptop/optional/hardware-specific/intel.nix b/host/Rory-laptop/optional/hardware-specific/intel.nix
new file mode 100644
index 0000000..0cb03f0
--- /dev/null
+++ b/host/Rory-laptop/optional/hardware-specific/intel.nix
@@ -0,0 +1,25 @@
+{
+ pkgs,
+ ...
+}:
+
+{
+ nixpkgs.config.packageOverrides = pkgs: {
+ intel-vaapi-driver = pkgs.intel-vaapi-driver.override { enableHybridCodec = true; };
+ };
+
+ hardware = {
+ graphics = {
+ enable = true;
+ extraPackages = with pkgs; [
+ intel-media-driver # LIBVA_DRIVER_NAME=iHD
+ intel-vaapi-driver # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
+ libvdpau-va-gl
+ ];
+ };
+ };
+ environment.sessionVariables = {
+ LIBVA_DRIVER_NAME = "iHD";
+ };
+ system.stateVersion = "22.11"; # DO NOT EDIT!
+}
diff --git a/host/Rory-laptop/optional/hardware-specific/nvidia.nix b/host/Rory-laptop/optional/hardware-specific/nvidia.nix
new file mode 100644
index 0000000..8df1eaf
--- /dev/null
+++ b/host/Rory-laptop/optional/hardware-specific/nvidia.nix
@@ -0,0 +1,36 @@
+{
+ config,
+ ...
+}:
+
+{
+ imports = [
+
+ ];
+
+ services = {
+ xserver = {
+ #videoDrivers = [ "nvidia" ];
+ };
+ #picom.backend = "glx";
+ };
+
+ hardware = {
+ graphics = {
+ enable = true;
+ enable32Bit = true;
+ };
+
+ nvidia = {
+ modesetting.enable = true;
+ powerManagement.enable = false;
+ powerManagement.finegrained = false;
+ open = true;
+ nvidiaSettings = true;
+ nvidiaPersistenced = true;
+ package = config.boot.kernelPackages.nvidiaPackages.stable;
+ };
+ };
+
+ system.stateVersion = "22.11"; # DO NOT EDIT!
+}
diff --git a/host/Rory-portable/postgres.nix b/host/Rory-laptop/postgres.nix
index 7223f6a..c201b04 100755..100644
--- a/host/Rory-portable/postgres.nix
+++ b/host/Rory-laptop/postgres.nix
@@ -1,4 +1,9 @@
-{ pkgs, ... }:
+{
+ config,
+ pkgs,
+ lib,
+ ...
+}:
{
#systemd.tmpfiles.rules = [ "d /mnt/postgres/data 0750 postgres postgres" ];
@@ -23,10 +28,17 @@
# '';
#dataDir = "/mnt/postgres/data";
settings = {
- "max_connections" = "100";
- "shared_buffers" = "128MB";
+ "max_connections" = "1000";
+ "shared_buffers" = "512MB";
"max_wal_size" = "1GB";
"min_wal_size" = "80MB";
+
+ shared_preload_libraries = "pg_stat_statements";
+ track_io_timing = "on";
+ track_functions = "pl";
+ "pg_stat_statements.max" = "10000"; # additional
+ "pg_stat_statements.track" = "all"; # additional
+
};
};
diff --git a/host/Rory-desktop/printing.nix b/host/Rory-laptop/printing.nix
index f25580f..4f86347 100644
--- a/host/Rory-desktop/printing.nix
+++ b/host/Rory-laptop/printing.nix
@@ -14,7 +14,7 @@
environment.systemPackages = with pkgs; [
xsane
- gnome.simple-scan
+ simple-scan
];
hardware = {
@@ -39,7 +39,7 @@
};
avahi = {
enable = true;
- nssmdns = true;
+ nssmdns4 = true;
reflector = true;
publish = {
workstation = true;
@@ -51,6 +51,4 @@
};
};
};
-
- system.stateVersion = "22.11"; # DO NOT EDIT!
}
diff --git a/host/Rory-nginx/configuration.nix b/host/Rory-nginx/configuration.nix
index 3f0bcc4..9448569 100755..100644
--- a/host/Rory-nginx/configuration.nix
+++ b/host/Rory-nginx/configuration.nix
@@ -18,13 +18,15 @@
../../modules/users/Alice.nix
./services/postgres.nix
- ./services/matrix/root.nix
./services/nginx/nginx.nix
#./services/jitsi.nix
./services/cgit.nix
- #./services/ollama.nix
+ ./services/ollama.nix
+ ./services/deluge.nix
./services/prometheus.nix
];
+
+ boot.loader.grub.devices = [ "/dev/vda" ];
users.groups.ocp = { };
networking = {
hostName = "Rory-nginx";
@@ -51,27 +53,25 @@
enableIPv6 = false;
};
enableIPv6 = lib.mkForce false;
- nameservers = lib.mkOverride [ "192.168.1.1" ];
+ nameservers = lib.mkForce [ "192.168.1.1" ];
};
-# environment.etc."resolv.conf" = lib.mkOverride {
-# text = ''
-# nameserver 192.168.1.1
-# '';
-# };
-
monitoring = {
monitorAll = true;
localPrometheus = true;
exposePrometheus = true;
localGrafana = true;
exposeGrafana = true;
- nginxHost = "monitoring.rory.gay";
+ nginxHost = "monitoring.old.rory.gay";
nginxSsl = true;
};
- nixpkgs.config.permittedInsecurePackages = [ "olm-3.2.16" ];
-
+ nixpkgs.config.permittedInsecurePackages = [
+ "olm-3.2.16"
+ "dotnet-runtime-wrapped-7.0.20"
+ "dotnet-runtime-7.0.20"
+ "dotnet-sdk-7.0.20"
+ ];
services.irqbalance.enable = true;
environment.memoryAllocator.provider = "jemalloc";
@@ -81,23 +81,17 @@
# conduit = grapevine;
#};
- containers."matrixunittests" = import ./services/containers/matrixunittests/container.nix { inherit pkgs lib grapevine; };
-
- containers."matrixunittests-conduit" = import ./services/containers/matrixunittests-conduit/container.nix {
- inherit pkgs lib;
- conduit = conduit;
+ containers."matrixunittests" = import ./services/containers/matrixunittests/container.nix {
+ inherit pkgs lib grapevine;
};
-
- services.pgadmin = {
- enable = true;
- initialEmail = "root@localhost.localdomain";
- initialPasswordFile = "/etc/matrix-user-pass";
- };
- containers."draupnir-cme" = import ./services/containers/draupnir-cme/container.nix { inherit pkgs lib nixpkgs-Draupnir; };
-
- #containers."draupnir-linux-mint" = import ./services/containers/draupnir-linux-mint/container.nix { inherit pkgs lib nixpkgs-Draupnir; };
+ #
+ #containers."matrixunittests-conduit" = import ./services/containers/matrixunittests-conduit/container.nix {
+ # inherit pkgs lib;
+ # conduit = conduit;
+ #};
system.stateVersion = "22.11"; # DO NOT EDIT!
environment.systemPackages = with pkgs; [ waypipe ];
+ nix.nrBuildUsers = 128;
}
diff --git a/host/Rory-nginx/post-rebuild.sh b/host/Rory-nginx/hooks/post-rebuild.sh
index 9b0c17c..198b7e6 100755
--- a/host/Rory-nginx/post-rebuild.sh
+++ b/host/Rory-nginx/hooks/post-rebuild.sh
@@ -1,6 +1,7 @@
#!/usr/bin/env nix-shell
#!nix-shell -i bash -p curl gnused nix coreutils jq openssl
#set -x
+exit
REG_KEY=`cat /var/lib/matrix-synapse/registration_shared_secret.txt`
LOCALPART='rory.gay'
REACHABLE_DOMAIN='http://localhost:8008'
diff --git a/host/Rory-nginx/services/containers/draupnir-cme/container.nix b/host/Rory-nginx/services/containers/draupnir-cme/container.nix
deleted file mode 100755
index b8936ac..0000000
--- a/host/Rory-nginx/services/containers/draupnir-cme/container.nix
+++ /dev/null
@@ -1,28 +0,0 @@
-{ nixpkgs-Draupnir, ... }:
-
-{
- privateNetwork = true;
- autoStart = true;
- specialArgs = {
- inherit nixpkgs-Draupnir;
- };
- config =
- { lib, pkgs, ... }:
- {
- imports = [
- ../shared.nix
- ./root.nix
- ./services/draupnir.nix
- "${nixpkgs-Draupnir}/nixos/modules/services/matrix/draupnir.nix"
- ];
- nixpkgs.overlays = [ (final: prev: { draupnir = nixpkgs-Draupnir.legacyPackages.${pkgs.stdenv.hostPlatform.system}.draupnir; }) ];
- };
- hostAddress = "192.168.100.1";
- localAddress = "192.168.100.17";
-
- bindMounts."draupnir-access-token" = {
- hostPath = "/etc/draupnir-cme-access-token";
- mountPoint = "/etc/draupnir-access-token";
- isReadOnly = true;
- };
-}
diff --git a/host/Rory-nginx/services/containers/draupnir-linux-mint/container.nix b/host/Rory-nginx/services/containers/draupnir-linux-mint/container.nix
deleted file mode 100755
index 17c981a..0000000
--- a/host/Rory-nginx/services/containers/draupnir-linux-mint/container.nix
+++ /dev/null
@@ -1,28 +0,0 @@
-{ nixpkgs-Draupnir, ... }:
-
-{
- privateNetwork = true;
- autoStart = true;
- specialArgs = {
- inherit nixpkgs-Draupnir;
- };
- config =
- { lib, pkgs, ... }:
- {
- imports = [
- ../shared.nix
- ./root.nix
- ./services/draupnir.nix
- "${nixpkgs-Draupnir}/nixos/modules/services/matrix/draupnir.nix"
- ];
- nixpkgs.overlays = [ (final: prev: { draupnir = nixpkgs-Draupnir.legacyPackages.${pkgs.stdenv.hostPlatform.system}.draupnir; }) ];
- };
- hostAddress = "192.168.100.1";
- localAddress = "192.168.100.19";
-
- bindMounts."draupnir-access-token" = {
- hostPath = "/etc/draupnir-linux-mint-access-token";
- mountPoint = "/etc/draupnir-access-token";
- isReadOnly = true;
- };
-}
diff --git a/host/Rory-nginx/services/containers/draupnir-linux-mint/root.nix b/host/Rory-nginx/services/containers/draupnir-linux-mint/root.nix
deleted file mode 100755
index 2254695..0000000
--- a/host/Rory-nginx/services/containers/draupnir-linux-mint/root.nix
+++ /dev/null
@@ -1,21 +0,0 @@
-{ pkgs, ... }:
-
-{
- environment.etc."resolv.conf".text = ''
- nameserver 8.8.8.8
- nameserver 8.4.4.8
- nameserver 1.1.1.1
- nameserver 1.0.0.1
- '';
-
- networking.hosts = {
- "192.168.100.18" = [
- "matrix.rory.gay"
- "rory.gay"
- ];
- };
-
- networking.firewall = {
- enable = true;
- };
-}
diff --git a/host/Rory-nginx/services/containers/matrixunittests-conduit/container.nix b/host/Rory-nginx/services/containers/matrixunittests-conduit/container.nix
index 35c4bea..daefba1 100755..100644
--- a/host/Rory-nginx/services/containers/matrixunittests-conduit/container.nix
+++ b/host/Rory-nginx/services/containers/matrixunittests-conduit/container.nix
@@ -19,12 +19,7 @@
./services/nginx.nix
./services/conduit.nix
];
- environment.etc."resolv.conf".text = ''
- nameserver 8.8.8.8
- nameserver 8.4.4.8
- nameserver 1.1.1.1
- nameserver 1.0.0.1
- '';
+ networking.useHostResolvConf = true;
networking.firewall = {
enable = true;
allowedTCPPorts = [ 80 ];
diff --git a/host/Rory-nginx/services/containers/matrixunittests-conduit/services/conduit.nix b/host/Rory-nginx/services/containers/matrixunittests-conduit/services/conduit.nix
index 3df71be..3df71be 100755..100644
--- a/host/Rory-nginx/services/containers/matrixunittests-conduit/services/conduit.nix
+++ b/host/Rory-nginx/services/containers/matrixunittests-conduit/services/conduit.nix
diff --git a/host/Rory-nginx/services/containers/matrixunittests-conduit/services/nginx.nix b/host/Rory-nginx/services/containers/matrixunittests-conduit/services/nginx.nix
index 0d7874e..0d7874e 100755..100644
--- a/host/Rory-nginx/services/containers/matrixunittests-conduit/services/nginx.nix
+++ b/host/Rory-nginx/services/containers/matrixunittests-conduit/services/nginx.nix
diff --git a/host/Rory-nginx/services/containers/matrixunittests/container.nix b/host/Rory-nginx/services/containers/matrixunittests/container.nix
index 1de1ddf..cbd90f8 100755..100644
--- a/host/Rory-nginx/services/containers/matrixunittests/container.nix
+++ b/host/Rory-nginx/services/containers/matrixunittests/container.nix
@@ -17,12 +17,7 @@
grapevine.nixosModules.default
];
- environment.etc."resolv.conf".text = ''
- nameserver 8.8.8.8
- nameserver 8.4.4.8
- nameserver 1.1.1.1
- nameserver 1.0.0.1
- '';
+ networking.useHostResolvConf = true;
networking.firewall = {
enable = true;
allowedTCPPorts = [
diff --git a/host/Rory-nginx/services/containers/matrixunittests/services/conduit.nix b/host/Rory-nginx/services/containers/matrixunittests/services/conduit.nix
index a49a003..cd5776f 100755..100644
--- a/host/Rory-nginx/services/containers/matrixunittests/services/conduit.nix
+++ b/host/Rory-nginx/services/containers/matrixunittests/services/conduit.nix
@@ -6,13 +6,7 @@
enable = true;
settings = {
server_name = "matrixunittests.rory.gay";
- enable_lightning_bolt = true;
- max_concurrent_requests = 1000;
- allow_check_for_updates = false;
allow_registration = true;
- yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse = true;
- allow_guest_registration = true;
- disable_federation = true;
listen = [
{
@@ -21,6 +15,8 @@
port = 6167;
}
];
+ federation.enable = false;
+ server_discovery.client.base_url = "https://matrixunittests.rory.gay"; # This is required for some reason
database = {
backend = "rocksdb";
@@ -44,5 +40,4 @@
Restart = "on-failure";
};
};
-
}
diff --git a/host/Rory-nginx/services/containers/matrixunittests/services/nginx.nix b/host/Rory-nginx/services/containers/matrixunittests/services/nginx.nix
index 0236182..0236182 100755..100644
--- a/host/Rory-nginx/services/containers/matrixunittests/services/nginx.nix
+++ b/host/Rory-nginx/services/containers/matrixunittests/services/nginx.nix
diff --git a/host/Rory-nginx/services/containers/pluralcontactbotpoc/container.nix b/host/Rory-nginx/services/containers/pluralcontactbotpoc/container.nix
index 38049db..6be7c83 100755..100644
--- a/host/Rory-nginx/services/containers/pluralcontactbotpoc/container.nix
+++ b/host/Rory-nginx/services/containers/pluralcontactbotpoc/container.nix
@@ -18,12 +18,7 @@
./root.nix
../shared.nix
];
- environment.etc."resolv.conf".text = ''
- nameserver 8.8.8.8
- nameserver 8.4.4.8
- nameserver 1.1.1.1
- nameserver 1.0.0.1
- '';
+ networking.useHostResolvConf = true;
networking.firewall = {
enable = true;
allowedTCPPorts = [ 80 ];
diff --git a/host/Rory-nginx/services/containers/pluralcontactbotpoc/root.nix b/host/Rory-nginx/services/containers/pluralcontactbotpoc/root.nix
index 11d0be3..11d0be3 100755..100644
--- a/host/Rory-nginx/services/containers/pluralcontactbotpoc/root.nix
+++ b/host/Rory-nginx/services/containers/pluralcontactbotpoc/root.nix
diff --git a/host/Rory-nginx/services/containers/pluralcontactbotpoc/services/conduit.nix b/host/Rory-nginx/services/containers/pluralcontactbotpoc/services/conduit.nix
index db9df9a..db9df9a 100755..100644
--- a/host/Rory-nginx/services/containers/pluralcontactbotpoc/services/conduit.nix
+++ b/host/Rory-nginx/services/containers/pluralcontactbotpoc/services/conduit.nix
diff --git a/host/Rory-nginx/services/containers/pluralcontactbotpoc/services/nginx.nix b/host/Rory-nginx/services/containers/pluralcontactbotpoc/services/nginx.nix
index 9d8041a..9d8041a 100755..100644
--- a/host/Rory-nginx/services/containers/pluralcontactbotpoc/services/nginx.nix
+++ b/host/Rory-nginx/services/containers/pluralcontactbotpoc/services/nginx.nix
diff --git a/host/Rory-nginx/services/containers/pluralcontactbotpoc/services/pantalaimon.nix b/host/Rory-nginx/services/containers/pluralcontactbotpoc/services/pantalaimon.nix
index 335176f..335176f 100755..100644
--- a/host/Rory-nginx/services/containers/pluralcontactbotpoc/services/pantalaimon.nix
+++ b/host/Rory-nginx/services/containers/pluralcontactbotpoc/services/pantalaimon.nix
diff --git a/host/Rory-nginx/services/deluge.nix b/host/Rory-nginx/services/deluge.nix
new file mode 100644
index 0000000..4a499ed
--- /dev/null
+++ b/host/Rory-nginx/services/deluge.nix
@@ -0,0 +1,14 @@
+{ ... }:
+
+{
+ # systemd.tmpfiles.rules = [ "d /data/ollama 0750 ostgres postgres" ];
+
+ services.deluge = {
+ enable = true;
+ web.enable = true;
+ #dataDir = "/mnt/torrent/deluge";
+ declarative = false;
+ user = "Rory";
+ group = "users";
+ };
+}
diff --git a/host/Rory-nginx/services/jitsi.nix b/host/Rory-nginx/services/jitsi.nix
index 9fe8d73..9fe8d73 100755..100644
--- a/host/Rory-nginx/services/jitsi.nix
+++ b/host/Rory-nginx/services/jitsi.nix
diff --git a/host/Rory-nginx/services/mastodon.nix b/host/Rory-nginx/services/mastodon.nix
new file mode 100644
index 0000000..56f1808
--- /dev/null
+++ b/host/Rory-nginx/services/mastodon.nix
@@ -0,0 +1,12 @@
+{ ... }:
+
+{
+ services.mastodon = {
+ enable = true;
+ webProcesses = 8;
+ webThreads = 4;
+
+ streamingProcesses = 63;
+ localDomain = "rory.gay";
+ };
+}
diff --git a/host/Rory-nginx/services/matrix/grapevine.nix b/host/Rory-nginx/services/matrix/grapevine.nix
index 0f0006b..c73b48c 100755..100644
--- a/host/Rory-nginx/services/matrix/grapevine.nix
+++ b/host/Rory-nginx/services/matrix/grapevine.nix
@@ -6,7 +6,7 @@
settings = {
conduit_compat = true;
server_name = "conduit.rory.gay";
- trusted_servers = [ "rory.gay" ];
+ #trusted_servers = [ "rory.gay" ];
listen = [
{
@@ -15,17 +15,16 @@
port = 6167;
}
];
+ server_discovery.client.base_url = "https://conduit.rory.gay"; # This is required for some reason
database = {
backend = "rocksdb";
};
-
- allow_check_for_updates = false;
allow_registration = false;
#log = "info";
#log_format = "full";
- log = "debug";
+ #log = "debug";
};
};
}
diff --git a/host/Rory-nginx/services/matrix/ooye.nix b/host/Rory-nginx/services/matrix/ooye.nix
new file mode 100644
index 0000000..7b9c403
--- /dev/null
+++ b/host/Rory-nginx/services/matrix/ooye.nix
@@ -0,0 +1,10 @@
+{ ... }:
+
+{
+ services.matrix-ooye = {
+ enable = true;
+ homeserver = "https://matrix.rory.gay";
+ homeserverName = "rory.gay";
+ enableSynapseIntegration = true;
+ };
+}
diff --git a/host/Rory-nginx/services/matrix/root.nix b/host/Rory-nginx/services/matrix/root.nix
index b13c38a..5bb3915 100755..100644
--- a/host/Rory-nginx/services/matrix/root.nix
+++ b/host/Rory-nginx/services/matrix/root.nix
@@ -7,7 +7,8 @@
./matrix-appservice-discord.nix
./draupnir.nix
./grapevine.nix
- ./sliding-sync.nix
+ # ./sliding-sync.nix # removed from nixpkgs, use synapse support instead
+ ./ooye.nix
];
}
diff --git a/host/Rory-nginx/services/matrix/sliding-sync.nix b/host/Rory-nginx/services/matrix/sliding-sync.nix
deleted file mode 100644
index a8fbd0c..0000000
--- a/host/Rory-nginx/services/matrix/sliding-sync.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{ ... }:
-{
- services.matrix-sliding-sync = {
- enable = true;
- settings = {
- "SYNCV3_SERVER" = "http://matrix.rory.gay";
- "SYNCV3_DB" = "postgresql://%2Frun%2Fpostgresql/syncv3";
- "SYNCV3_BINDADDR" = "0.0.0.0:8100";
- };
- environmentFile = "/etc/sliding-sync.env";
- };
-}
diff --git a/host/Rory-nginx/services/matrix/synapse/db.nix b/host/Rory-nginx/services/matrix/synapse/db.nix
index 77d9773..409c039 100644
--- a/host/Rory-nginx/services/matrix/synapse/db.nix
+++ b/host/Rory-nginx/services/matrix/synapse/db.nix
@@ -32,19 +32,18 @@
10
else
throw "synapse/db.nix: Invalid dbGroup: ${if dbGroup == null then "null" else dbGroup}";
-
+
# cp_reconnect - default=True - https://github.com/element-hq/synapse/blob/develop/synapse/storage/database.py#L129
# cp_noisy - default=False - https://docs.twisted.org/en/stable/api/twisted.enterprise.adbapi.ConnectionPool.html#__init__ - info logs during operation
# check_same_thread - default=False - https://github.com/element-hq/synapse/blob/develop/synapse/config/database.py#L65 - can this even be set?
};
-
-
- # synchronous_commit - default=True - https://github.com/element-hq/synapse/blob/develop/synapse/storage/engines/postgres.py#L56
+
+ # synchronous_commit - default=True - https://github.com/element-hq/synapse/blob/develop/synapse/storage/engines/postgres.py#L56
# statement_timeout - default=60 * 60 * 1000 ms - https://github.com/element-hq/synapse/blob/develop/synapse/storage/engines/postgres.py#L63
# allow_unsafe_locale - default=False - https://github.com/element-hq/synapse/blob/develop/synapse/storage/engines/postgres.py#L99
# allow_outdated_version - default=False - https://github.com/element-hq/synapse/blob/develop/synapse/storage/engines/postgres.py#L92 - needs source link
# txn_limit - default=0 - https://github.com/element-hq/synapse/blob/develop/synapse/storage/database.py#L564
-
- statement_timeout = 24 * 60 * 60 * 1000; #24 hours, good for bg jobs
- txn_limit = 500; #maybe dropping old data from pg caches helps?
+
+ statement_timeout = 24 * 60 * 60 * 1000; # 24 hours, good for bg jobs
+ txn_limit = 500; # maybe dropping old data from pg caches helps?
}
diff --git a/host/Rory-nginx/services/matrix/synapse/ratelimits.nix b/host/Rory-nginx/services/matrix/synapse/ratelimits.nix
index ffce1cc..d6d4a94 100644
--- a/host/Rory-nginx/services/matrix/synapse/ratelimits.nix
+++ b/host/Rory-nginx/services/matrix/synapse/ratelimits.nix
@@ -53,7 +53,7 @@
reject_limit = 1000;
concurrent = 100;
};
- federation_rr_transactions_per_room_per_second = 1;
+ federation_rr_transactions_per_room_per_second = 1000;
# media
rc_media_create = {
@@ -82,4 +82,16 @@
per_second = 1000;
burst_count = 1000;
};
+
+ #presence
+ rc_presence.per_user = {
+ per_second = 1;
+ burst_count = 2;
+ };
+
+ #delayed events
+ rc_delayed_event_mgmt = {
+ per_second = 1000;
+ burst_count = 1000;
+ };
}
diff --git a/host/Rory-nginx/services/matrix/synapse/synapse-main.nix b/host/Rory-nginx/services/matrix/synapse/synapse-main.nix
index d1dafb1..d65b614 100755..100644
--- a/host/Rory-nginx/services/matrix/synapse/synapse-main.nix
+++ b/host/Rory-nginx/services/matrix/synapse/synapse-main.nix
@@ -18,7 +18,7 @@
clientReaders = 2; # 4
syncWorkers = 2; # 4
authWorkers = 0;
-
+
eventCreators = 16;
federationReaders = 8; # 8
@@ -40,149 +40,152 @@
#sharedStreamWriters = 1;
# https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html
- settings = {
- server_name = "rory.gay";
-
-# use_frozen_dicts = true;
-# user_agent_suffix = " (rory.gay)";
-
- # look into later: replication_torture_level - https://github.com/element-hq/synapse/blob/develop/synapse/config/server.py#L560
- # limit_remote_rooms ???
- # cleanup_extremities_with_dummy_events - default=True
- # dummy_devents_treshold - default=10 - required forward extremities to send dummy event
- # enable_ephemeral_messages - default=False - ???
- # rooms_to_exclude_from_sync - default=[] - room ids...
- # third_party_event_rules - https://github.com/element-hq/synapse/blob/develop/synapse/config/third_party_event_rules.py - ???
- # default_power_level_content_override - default=None - https://github.com/element-hq/synapse/blob/develop/synapse/config/room.py#L73
-
- dummy_devents_treshold = 2;
- cleanup_extremities_with_dummy_events = true;
-
- enable_registration = true;
- registration_requires_token = true;
-
- require_membership_for_aliases = false;
- redaction_retention_period = null;
- user_ips_max_age = null;
- allow_device_name_lookup_over_federation = true;
-
- federation = {
- client_timeout = "30s"; # default=60s
- max_short_retries = 12;
- max_short_retry_delay = "5s";
- max_long_retries = 5;
- max_long_retry_delay = "30s";
-
- # rapid retry, small increments
- destination_min_retry_interval = "5m"; # default=10m
- destination_max_retry_interval = "12h"; #default=7d
- destination_retry_multiplier = 1.2; #default=2
- };
-
- registration_shared_secret_path = "/var/lib/matrix-synapse/registration_shared_secret.txt";
-
- listeners = [
- {
- port = 8008;
- bind_addresses = [ "127.0.0.1" ];
- type = "http";
- tls = false;
- x_forwarded = true;
- resources = [
- {
- names = [
- "client"
- "federation"
- ];
- compress = false;
- }
- ];
- }
- {
- type = "http";
- path = "/run/matrix-synapse/main.sock";
- resources = [
- {
- names = [ "replication" ];
- compress = false;
- }
- ];
- }
- ];
- presence = {
- enablee = true;
- update_interval = 60;
- };
- database = (
- import ./db.nix {
- workerName = "main";
- dbGroup = "medium";
- }
- );
- app_service_config_files = [
- #"/etc/matrix-synapse/appservice-registration.yaml"
- "/var/lib/matrix-synapse/modas-registration.yaml"
- ];
-
- #region Media
- max_upload_size = "512M";
-
- max_avatar_size = "512M";
- max_image_pixels = "250M";
-
- max_pending_media_uploads = 512;
- dynamic_thumbnails = true;
-
- prevent_media_downloads_from = [
- # none, give me all the media
- ];
- enable_authenticated_media = false;
-
- url_preview_enabled = true;
- max_spider_size = "50M";
-
- #endregion
-
- ui_auth = {
- session_timeout = "1m";
- };
-
- login_via_existing_session = {
- enabled = true;
- require_ui_auth = true;
- token_timeout = "1y";
- };
-
- report_stats = false;
-
- user_directory = {
- enabled = true;
- search_all_users = true;
- prefer_local_users = true;
- };
-
- # https://github.com/element-hq/synapse/blob/master/synapse/config/experimental.py
- experimental_features = {
- "msc2815_enabled" = true; # Redacted event content
- "msc3026_enabled" = true; # Busy presence
- "msc3266_enabled" = true; # Room summary API
- "msc3916_authenticated_media_enabled" = true; # Authenticated media
- "msc3823_account_suspension" = true; # Account suspension
- "msc4151_enabled" = true; # Report room API (CS-API)
- };
-
- redis = {
- enabled = true;
- path = "/run/redis-matrix-synapse/redis.sock";
- };
-
- instance_map = {
- main = {
- # replication listener
- path = "/run/matrix-synapse/main.sock";
+ settings =
+ {
+ server_name = "rory.gay";
+
+ # use_frozen_dicts = true;
+ # user_agent_suffix = " (rory.gay)";
+
+ # look into later: replication_torture_level - https://github.com/element-hq/synapse/blob/develop/synapse/config/server.py#L560
+ # limit_remote_rooms ???
+ # cleanup_extremities_with_dummy_events - default=True
+ # dummy_devents_treshold - default=10 - required forward extremities to send dummy event
+ # enable_ephemeral_messages - default=False - ???
+ # rooms_to_exclude_from_sync - default=[] - room ids...
+ # third_party_event_rules - https://github.com/element-hq/synapse/blob/develop/synapse/config/third_party_event_rules.py - ???
+ # default_power_level_content_override - default=None - https://github.com/element-hq/synapse/blob/develop/synapse/config/room.py#L73
+
+ dummy_devents_treshold = 2;
+ cleanup_extremities_with_dummy_events = true;
+
+ enable_registration = true;
+ registration_requires_token = true;
+
+ require_membership_for_aliases = false;
+ redaction_retention_period = null;
+ user_ips_max_age = null;
+ allow_device_name_lookup_over_federation = true;
+
+ federation = {
+ client_timeout = "30s"; # default=60s
+ max_short_retries = 12;
+ max_short_retry_delay = "5s";
+ max_long_retries = 5;
+ max_long_retry_delay = "30s";
+
+ # rapid retry, small increments
+ destination_min_retry_interval = "5m"; # default=10m
+ destination_max_retry_interval = "12h"; # default=7d
+ destination_retry_multiplier = 1.2; # default=2
+ };
+
+ registration_shared_secret_path = "/var/lib/matrix-synapse/registration_shared_secret.txt";
+
+ listeners = [
+ {
+ port = 8008;
+ bind_addresses = [ "127.0.0.1" ];
+ type = "http";
+ tls = false;
+ x_forwarded = true;
+ resources = [
+ {
+ names = [
+ "client"
+ "federation"
+ ];
+ compress = false;
+ }
+ ];
+ }
+ {
+ type = "http";
+ path = "/run/matrix-synapse/main.sock";
+ resources = [
+ {
+ names = [ "replication" ];
+ compress = false;
+ }
+ ];
+ }
+ ];
+ presence = {
+ enablee = true;
+ update_interval = 60;
+ };
+ database = (
+ import ./db.nix {
+ workerName = "main";
+ dbGroup = "medium";
+ }
+ );
+ app_service_config_files = [
+ #"/etc/matrix-synapse/appservice-registration.yaml"
+ "/var/lib/matrix-synapse/modas-registration.yaml"
+ ];
+
+ #region Media
+ max_upload_size = "512M";
+
+ max_avatar_size = "512M";
+ max_image_pixels = "250M";
+
+ max_pending_media_uploads = 512;
+ dynamic_thumbnails = true;
+
+ prevent_media_downloads_from = [
+ # none, give me all the media
+ ];
+ enable_authenticated_media = false;
+
+ url_preview_enabled = true;
+ max_spider_size = "50M";
+
+ #endregion
+
+ ui_auth = {
+ session_timeout = "1m";
+ };
+
+ login_via_existing_session = {
+ enabled = true;
+ require_ui_auth = true;
+ token_timeout = "1y";
+ };
+
+ report_stats = false;
+
+ user_directory = {
+ enabled = true;
+ search_all_users = true;
+ prefer_local_users = true;
+ };
+
+ # https://github.com/element-hq/synapse/blob/master/synapse/config/experimental.py
+ experimental_features = {
+ "msc2815_enabled" = true; # Redacted event content
+ "msc3026_enabled" = true; # Busy presence
+ "msc3266_enabled" = true; # Room summary API
+ "msc3916_authenticated_media_enabled" = true; # Authenticated media
+ "msc3823_account_suspension" = true; # Account suspension
+ "msc4151_enabled" = true; # Report room API (CS-API)
+ };
+
+ redis = {
+ enabled = true;
+ path = "/run/redis-matrix-synapse/redis.sock";
+ };
+
+ instance_map = {
+ main = {
+ # replication listener
+ path = "/run/matrix-synapse/main.sock";
+ };
};
- };
- } // import ./ratelimits.nix // import ./caches.nix;
+ }
+ // import ./ratelimits.nix
+ // import ./caches.nix;
};
systemd.services.matrix-synapse-reg-token = {
@@ -207,7 +210,7 @@
};
services.redis = {
- package = pkgs.keydb;
+ package = pkgs.valkey;
servers.matrix-synapse = {
enable = true;
user = "matrix-synapse";
diff --git a/host/Rory-nginx/services/matrix/synapse/workers/auth.nix b/host/Rory-nginx/services/matrix/synapse/workers/auth.nix
index 3c8d1e9..6e97c15 100644
--- a/host/Rory-nginx/services/matrix/synapse/workers/auth.nix
+++ b/host/Rory-nginx/services/matrix/synapse/workers/auth.nix
@@ -97,6 +97,7 @@ in
name = "unix:/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
value = {
max_fails = 0;
+ fail_timeout = "0s";
};
}) workers
);
diff --git a/host/Rory-nginx/services/matrix/synapse/workers/client-reader.nix b/host/Rory-nginx/services/matrix/synapse/workers/client-reader.nix
index 9a0aafa..f327004 100644
--- a/host/Rory-nginx/services/matrix/synapse/workers/client-reader.nix
+++ b/host/Rory-nginx/services/matrix/synapse/workers/client-reader.nix
@@ -28,6 +28,8 @@ let
# unstable
"~ ^/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary$"
+ "~ ^/_matrix/client/v3/keys/query$"
+ "~ ^/_matrix/client/v3/room_keys/keys/"
]
++ lib.optionals (cfg.authWorkers == 0) [
"~ ^/_matrix/client/(api/v1|r0|v3|unstable)/login$"
@@ -113,13 +115,15 @@ in
value = {
extraConfig = ''
keepalive 32;
- least_conn;
+# least_conn;
+ hash $request_uri consistent;
'';
servers = lib.listToAttrs (
lib.map (index: {
name = "unix:/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
value = {
max_fails = 0;
+ fail_timeout = "0s";
};
}) workers
);
diff --git a/host/Rory-nginx/services/matrix/synapse/workers/event-creator.nix b/host/Rory-nginx/services/matrix/synapse/workers/event-creator.nix
index 2be7a5b..1c08d4b 100644
--- a/host/Rory-nginx/services/matrix/synapse/workers/event-creator.nix
+++ b/host/Rory-nginx/services/matrix/synapse/workers/event-creator.nix
@@ -13,6 +13,7 @@ let
"~ ^/_matrix/client/(api/v1|r0|v3|unstable)/join/"
"~ ^/_matrix/client/(api/v1|r0|v3|unstable)/knock/"
"~ ^/_matrix/client/(api/v1|r0|v3|unstable)/profile/"
+ "~ ^/_synapse/admin/v1/rooms" # We have a lot of them, so let's do a bunch of jobs at once!
];
federation = [ ];
media = [ ];
@@ -86,13 +87,15 @@ in
value = {
extraConfig = ''
keepalive 32;
- least_conn;
+# least_conn;
+ hash $request_uri consistent;
'';
servers = lib.listToAttrs (
lib.map (index: {
name = "unix:/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
value = {
max_fails = 0;
+ fail_timeout = "0s";
};
}) workers
);
diff --git a/host/Rory-nginx/services/matrix/synapse/workers/federation-inbound.nix b/host/Rory-nginx/services/matrix/synapse/workers/federation-inbound.nix
index effaa69..bdaf456 100644
--- a/host/Rory-nginx/services/matrix/synapse/workers/federation-inbound.nix
+++ b/host/Rory-nginx/services/matrix/synapse/workers/federation-inbound.nix
@@ -86,6 +86,7 @@ in
name = "unix:/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
value = {
max_fails = 0;
+ fail_timeout = "0s";
};
}) workers
);
diff --git a/host/Rory-nginx/services/matrix/synapse/workers/federation-reader.nix b/host/Rory-nginx/services/matrix/synapse/workers/federation-reader.nix
index 5b3d4bf..c5852d3 100644
--- a/host/Rory-nginx/services/matrix/synapse/workers/federation-reader.nix
+++ b/host/Rory-nginx/services/matrix/synapse/workers/federation-reader.nix
@@ -21,14 +21,16 @@ let
"~ ^/_matrix/federation/(v1|v2)/send_leave/"
"~ ^/_matrix/federation/v1/make_knock/"
"~ ^/_matrix/federation/v1/send_knock/"
- "~ ^/_matrix/federation/(v1|v2)/invite/"
+ "~ ^/_matrix/federation/(v1|v2)/invite/" # Needs special handling, define manually
"~ ^/_matrix/federation/(v1|v2)/query_auth/"
"~ ^/_matrix/federation/(v1|v2)/event_auth/"
"~ ^/_matrix/federation/v1/timestamp_to_event/"
"~ ^/_matrix/federation/(v1|v2)/exchange_third_party_invite/"
"~ ^/_matrix/federation/(v1|v2)/user/devices/"
"~ ^/_matrix/federation/(v1|v2)/get_groups_publicised$"
+ "~ ^/_matrix/federation/v1/hierarchy/"
"~ ^/_matrix/key/v2/query"
+ "~ ^/_matrix/federation/v1/user/keys/query$"
# extra
"~ ^/_matrix/key/v2/server$"
];
@@ -110,6 +112,7 @@ in
name = "unix:/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
value = {
max_fails = 0;
+ fail_timeout = "0s";
};
}) workers
);
@@ -134,6 +137,14 @@ in
)
)
);
+
+ #virtualHosts."${cfg.nginxVirtualHostName}".locations."~ ^/_matrix/federation/(v1|v2)/invite/" = {
+ # proxyPass = "http://${workerName}-federation";
+ # extraConfig = ''
+ # proxy_http_version 1.1;
+ # proxy_set_header Connection "";
+ # '';
+ #};
};
};
}
diff --git a/host/Rory-nginx/services/matrix/synapse/workers/federation-sender.nix b/host/Rory-nginx/services/matrix/synapse/workers/federation-sender.nix
index 468916e..c2622be 100644
--- a/host/Rory-nginx/services/matrix/synapse/workers/federation-sender.nix
+++ b/host/Rory-nginx/services/matrix/synapse/workers/federation-sender.nix
@@ -88,6 +88,7 @@ in
name = "unix:/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
value = {
max_fails = 0;
+ fail_timeout = "0s";
};
}) workers
);
diff --git a/host/Rory-nginx/services/matrix/synapse/workers/media-repo.nix b/host/Rory-nginx/services/matrix/synapse/workers/media-repo.nix
index e52010c..25271a5 100644
--- a/host/Rory-nginx/services/matrix/synapse/workers/media-repo.nix
+++ b/host/Rory-nginx/services/matrix/synapse/workers/media-repo.nix
@@ -14,6 +14,7 @@ let
"~ ^/_synapse/admin/v1/purge_media_cache$"
"~ ^/_synapse/admin/v1/room/.*/media.*$"
"~ ^/_synapse/admin/v1/user/.*/media.*$"
+ "~ ^/_synapse/admin/v1/users/.*/media$"
"~ ^/_synapse/admin/v1/media/.*$"
"~ ^/_synapse/admin/v1/quarantine_media/.*$"
"~ ^/_matrix/media/"
@@ -106,6 +107,7 @@ in
name = "unix:/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
value = {
max_fails = 0;
+ fail_timeout = "0s";
};
}) workers
);
diff --git a/host/Rory-nginx/services/matrix/synapse/workers/module.nix b/host/Rory-nginx/services/matrix/synapse/workers/module.nix
index 32f2095..3b6456b 100644
--- a/host/Rory-nginx/services/matrix/synapse/workers/module.nix
+++ b/host/Rory-nginx/services/matrix/synapse/workers/module.nix
@@ -33,7 +33,7 @@ in
./stream-writers/to_device-stream-writer.nix
./stream-writers/typing-stream-writer.nix
-# ./stream-writers/shared-stream-writer.nix
+ # ./stream-writers/shared-stream-writer.nix
];
options.services.matrix-synapse = {
enableWorkers = lib.mkEnableOption "Enable dedicated workers";
@@ -60,7 +60,7 @@ in
receiptStreamWriters = mkIntOption "Number of read receipt stream writers";
presenceStreamWriters = mkIntOption "Number of presence stream writers";
pushRuleStreamWriters = mkIntOption "Number of push rule stream writers";
-
+
sharedStreamWriters = mkIntOption "Number of shared stream writers";
nginxVirtualHostName = lib.mkOption {
@@ -68,6 +68,12 @@ in
default = null;
description = "The virtual host name for the nginx server";
};
+
+ allowedRemoteInviteOrigins = lib.mkOption {
+ type = lib.types.listOf lib.types.str;
+ default = [ ];
+ description = "List of allowed remote invite origins";
+ };
};
config = {
@@ -77,7 +83,6 @@ in
message = "nginxVirtualHostName must be set when enableWorkers is true";
}
-
# Stream types and count limitations: https://github.com/element-hq/synapse/blob/develop/synapse/config/workers.py#L344
{
assertion = cfg.typingStreamWriters <= 1;
@@ -104,11 +109,26 @@ in
assertion = cfg.pushRuleStreamWriters <= 1;
message = "Only one push rule stream writer is supported";
}
-
+
{
assertion = cfg.sharedStreamWriters <= 1;
message = "Only one shared stream writer is supported";
}
];
+
+ # Matrix utility maps
+ services.nginx.appendHttpConfig = ''
+ # Map authorization header to origin name
+ map $http_authorization $mx_origin_name {
+ default "";
+ "~*X-Matrix origin=(?<origin>[^,]+)" $origin;
+ }
+
+ # Map origin name to whether it can invite
+ map $mx_origin_name $mx_can_invite {
+ default 0;
+ ${lib.concatMapStringsSep "\n" (origin: " \"${origin}\" 1;") cfg.allowedRemoteInviteOrigins}
+ }
+ '';
};
}
diff --git a/host/Rory-nginx/services/matrix/synapse/workers/pusher.nix b/host/Rory-nginx/services/matrix/synapse/workers/pusher.nix
index edf1632..05f8c1a 100644
--- a/host/Rory-nginx/services/matrix/synapse/workers/pusher.nix
+++ b/host/Rory-nginx/services/matrix/synapse/workers/pusher.nix
@@ -87,6 +87,7 @@ in
name = "unix:/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
value = {
max_fails = 0;
+ fail_timeout = "0s";
};
}) workers
);
diff --git a/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/account_data-stream-writer.nix b/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/account_data-stream-writer.nix
index 48649f6..ee9e8c9 100644
--- a/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/account_data-stream-writer.nix
+++ b/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/account_data-stream-writer.nix
@@ -92,6 +92,7 @@ in
name = "unix:/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
value = {
max_fails = 0;
+ fail_timeout = "0s";
};
}) workers
);
diff --git a/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/event-stream-writer.nix b/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/event-stream-writer.nix
index 5395aea..2772e0f 100644
--- a/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/event-stream-writer.nix
+++ b/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/event-stream-writer.nix
@@ -89,6 +89,7 @@ in
name = "unix:/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
value = {
max_fails = 0;
+ fail_timeout = "0s";
};
}) workers
);
diff --git a/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/presence-stream-writer.nix b/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/presence-stream-writer.nix
index e6487ca..e496715 100644
--- a/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/presence-stream-writer.nix
+++ b/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/presence-stream-writer.nix
@@ -89,6 +89,7 @@ in
name = "unix:/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
value = {
max_fails = 0;
+ fail_timeout = "0s";
};
}) workers
);
diff --git a/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/push_rule-stream-writer.nix b/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/push_rule-stream-writer.nix
index 4a4af04..4c44de5 100644
--- a/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/push_rule-stream-writer.nix
+++ b/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/push_rule-stream-writer.nix
@@ -89,6 +89,7 @@ in
name = "unix:/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
value = {
max_fails = 0;
+ fail_timeout = "0s";
};
}) workers
);
diff --git a/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/receipt-stream-writer.nix b/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/receipt-stream-writer.nix
index 54c31b4..ce7f028 100644
--- a/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/receipt-stream-writer.nix
+++ b/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/receipt-stream-writer.nix
@@ -92,6 +92,7 @@ in
name = "unix:/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
value = {
max_fails = 0;
+ fail_timeout = "0s";
};
}) workers
);
diff --git a/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/shared-stream-writer.nix b/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/shared-stream-writer.nix
index 5fd0bd0..1170613 100644
--- a/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/shared-stream-writer.nix
+++ b/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/shared-stream-writer.nix
@@ -95,6 +95,7 @@ in
name = "unix:/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
value = {
max_fails = 0;
+ fail_timeout = "0s";
};
}) workers
);
diff --git a/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/to_device-stream-writer.nix b/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/to_device-stream-writer.nix
index 2b487d6..689805b 100644
--- a/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/to_device-stream-writer.nix
+++ b/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/to_device-stream-writer.nix
@@ -89,6 +89,7 @@ in
name = "unix:/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
value = {
max_fails = 0;
+ fail_timeout = "0s";
};
}) workers
);
diff --git a/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/typing-stream-writer.nix b/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/typing-stream-writer.nix
index 5bff505..a046ca6 100644
--- a/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/typing-stream-writer.nix
+++ b/host/Rory-nginx/services/matrix/synapse/workers/stream-writers/typing-stream-writer.nix
@@ -89,6 +89,7 @@ in
name = "unix:/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
value = {
max_fails = 0;
+ fail_timeout = "0s";
};
}) workers
);
diff --git a/host/Rory-nginx/services/matrix/synapse/workers/sync.nix b/host/Rory-nginx/services/matrix/synapse/workers/sync.nix
index 67b63dd..fbdb73e 100644
--- a/host/Rory-nginx/services/matrix/synapse/workers/sync.nix
+++ b/host/Rory-nginx/services/matrix/synapse/workers/sync.nix
@@ -11,6 +11,7 @@ let
"~ ^/_matrix/client/(api/v1|v2_alpha|r0|v3)/events$"
"~ ^/_matrix/client/(api/v1|r0|v3)/initialSync$"
"~ ^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$"
+ "~ ^/_matrix/client/unstable/org.matrix.simplified_msc3575/sync$"
];
federation = [ ];
media = [ ];
@@ -91,6 +92,7 @@ in
name = "unix:/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
value = {
max_fails = 0;
+ fail_timeout = "0s";
};
}) workers
);
diff --git a/host/Rory-nginx/services/nginx/nginx.nix b/host/Rory-nginx/services/nginx/nginx.nix
index bd6e62d..0547cd5 100755..100644
--- a/host/Rory-nginx/services/nginx/nginx.nix
+++ b/host/Rory-nginx/services/nginx/nginx.nix
@@ -22,7 +22,7 @@ in
#recommendedGzipSettings = true;
recommendedBrotliSettings = true;
recommendedOptimisation = true;
- defaultMimeTypes = ../../../../modules/packages/nginx/mime.types;
+ defaultMimeTypes = ../../../../packages/nginx/mime.types;
appendConfig = ''
worker_processes 16;
'';
@@ -38,23 +38,13 @@ in
'';
additionalModules = with pkgs.nginxModules; [ moreheaders ];
virtualHosts = {
- "boorunav.com" = serveDir { path = "/data/nginx/html_boorunav"; };
- "catgirlsaresexy.com" = serveDir { path = "/data/nginx/html_catgirlsaresexy"; };
"sugarcanemc.org" = serveDir { path = "/data/nginx/html_sugarcanemc"; };
- "siliconheaven.thearcanebrony.net" = serveDir { path = "/data/nginx/html_siliconheaven"; };
- "lfs.thearcanebrony.net" = serveDir { path = "/data/nginx/html_lfs"; };
- "git.thearcanebrony.net" = serveDir { path = "/data/nginx/html_git"; };
- "files.thearcanebrony.net" = serveDir { path = "/data/nginx/html_files"; };
- "spigotav.thearcanebrony.net" = serveDir { path = "/data/nginx/html_spigotav"; };
- "terra.thearcanebrony.net" = serveDir { path = "/data/nginx/html_terrarchive"; };
- "vives.thearcanebrony.net" = serveDir { path = "/data/nginx/html_vives"; };
-
- "git.rory.gay" = serveDir { path = "/data/nginx/html_git"; };
- "wad.rory.gay" = serveDir { path = "/data/nginx/html_wad"; } // { locations."/".extraConfig = "autoindex on; try_files $uri $uri/ /index.html;"; };
+ "wad.rory.gay" = serveDir { path = "/data/nginx/html_wad"; } // {
+ locations."/".extraConfig = "autoindex on; try_files $uri $uri/ /index.html;";
+ };
"wad-api.rory.gay" = import ./rory.gay/wad-api.nix;
- "thearcanebrony.net" = import ./thearcanebrony.net/root.nix;
"sentry.thearcanebrony.net" = import ./thearcanebrony.net/sentry.nix;
"search.thearcanebrony.net" = import ./thearcanebrony.net/search.nix;
@@ -67,11 +57,9 @@ in
#matrix...
"conduit.rory.gay" = import ./rory.gay/conduit.nix;
- "matrix.rory.gay" = import ./rory.gay/matrix.nix;
"pcpoc.rory.gay" = import ./rory.gay/pcpoc.nix;
"matrixunittests.rory.gay" = import ./rory.gay/matrixunittests.nix;
"conduit.matrixunittests.rory.gay" = import ./rory.gay/conduit.matrixunittests.nix;
- "mru.rory.gay" = import ./rory.gay/mru.nix;
#bots...
"0bottests.bots.rory.gay" = import ./rory.gay/bots.nix;
@@ -101,7 +89,7 @@ in
};
systemd.services.nginx.requires = [ "data.mount" ];
security.acme.acceptTerms = true;
- security.acme.defaults.email = "root@thearcanebrony.net";
+ security.acme.defaults.email = "root@rory.gay";
networking.hosts."127.0.0.1" = builtins.attrNames config.services.nginx.virtualHosts;
}
diff --git a/host/Rory-nginx/services/nginx/rory.gay/bots.nix b/host/Rory-nginx/services/nginx/rory.gay/bots.nix
index 9bd18a8..9bd18a8 100755..100644
--- a/host/Rory-nginx/services/nginx/rory.gay/bots.nix
+++ b/host/Rory-nginx/services/nginx/rory.gay/bots.nix
diff --git a/host/Rory-nginx/services/nginx/rory.gay/cgit.nix b/host/Rory-nginx/services/nginx/rory.gay/cgit.nix
index 812e946..812e946 100755..100644
--- a/host/Rory-nginx/services/nginx/rory.gay/cgit.nix
+++ b/host/Rory-nginx/services/nginx/rory.gay/cgit.nix
diff --git a/host/Rory-nginx/services/nginx/rory.gay/conduit.matrixunittests.nix b/host/Rory-nginx/services/nginx/rory.gay/conduit.matrixunittests.nix
index 9503747..9503747 100755..100644
--- a/host/Rory-nginx/services/nginx/rory.gay/conduit.matrixunittests.nix
+++ b/host/Rory-nginx/services/nginx/rory.gay/conduit.matrixunittests.nix
diff --git a/host/Rory-nginx/services/nginx/rory.gay/conduit.nix b/host/Rory-nginx/services/nginx/rory.gay/conduit.nix
index 250a6b2..ef0fbd8 100755..100644
--- a/host/Rory-nginx/services/nginx/rory.gay/conduit.nix
+++ b/host/Rory-nginx/services/nginx/rory.gay/conduit.nix
@@ -26,7 +26,7 @@
proxy_send_timeout 54000;
'';
};
- #locations."/_synapse/client".proxyPass = "http://192.168.1.5:8008";
+ #locations."/_synapse/client".proxyPass = "http://192.168.1.5:8008";
locations."/_conduwuit/".extraConfig = ''
return 404;
'';
diff --git a/host/Rory-nginx/services/nginx/rory.gay/ec.nix b/host/Rory-nginx/services/nginx/rory.gay/ec.nix
new file mode 100644
index 0000000..0985503
--- /dev/null
+++ b/host/Rory-nginx/services/nginx/rory.gay/ec.nix
@@ -0,0 +1,26 @@
+{
+ enableACME = true;
+ addSSL = true;
+ kTLS = true;
+ root = "/data/nginx/html_ec";
+ reuseport = true;
+ extraConfig = ''
+ brotli off;
+ brotli_static off;
+ '';
+ locations = {
+ "/" = {
+ index = "index.html";
+ extraConfig = ''
+ more_set_headers 'Access-Control-Allow-Origin: *';
+ more_set_headers 'Access-Control-Allow-Methods: *';
+ more_set_headers 'Access-Control-Allow-Headers: *';
+ more_set_headers 'Access-Control-Expose-Headers: *';
+ more_set_headers 'Access-Control-Max-Age' 1728000;
+
+ # default to /index.html if file not found
+ try_files $uri $uri/ /index.html;
+ '';
+ };
+ };
+}
diff --git a/host/Rory-nginx/services/nginx/rory.gay/jitsi.nix b/host/Rory-nginx/services/nginx/rory.gay/jitsi.nix
index f6091bc..9469087 100755..100644
--- a/host/Rory-nginx/services/nginx/rory.gay/jitsi.nix
+++ b/host/Rory-nginx/services/nginx/rory.gay/jitsi.nix
@@ -39,7 +39,13 @@ in
proxy_set_header Host $host;
'';
};
- locations."=/external_api.js" = lib.mkDefault { alias = "${pkgs.jitsi-meet}/libs/external_api.min.js"; };
- locations."=/config.js" = lib.mkDefault { alias = overrideJs "${pkgs.jitsi-meet}/config.js" "config" (lib.recursiveUpdate defaultCfg cfg.config) cfg.extraConfig; };
- locations."=/interface_config.js" = lib.mkDefault { alias = overrideJs "${pkgs.jitsi-meet}/interface_config.js" "interfaceConfig" cfg.interfaceConfig ""; };
+ locations."=/external_api.js" = lib.mkDefault {
+ alias = "${pkgs.jitsi-meet}/libs/external_api.min.js";
+ };
+ locations."=/config.js" = lib.mkDefault {
+ alias = overrideJs "${pkgs.jitsi-meet}/config.js" "config" (lib.recursiveUpdate defaultCfg cfg.config) cfg.extraConfig;
+ };
+ locations."=/interface_config.js" = lib.mkDefault {
+ alias = overrideJs "${pkgs.jitsi-meet}/interface_config.js" "interfaceConfig" cfg.interfaceConfig "";
+ };
}
diff --git a/host/Rory-nginx/services/nginx/rory.gay/matrix-bak.nix b/host/Rory-nginx/services/nginx/rory.gay/matrix-bak.nix
index 5d44454..5d44454 100755..100644
--- a/host/Rory-nginx/services/nginx/rory.gay/matrix-bak.nix
+++ b/host/Rory-nginx/services/nginx/rory.gay/matrix-bak.nix
diff --git a/host/Rory-nginx/services/nginx/rory.gay/matrix.nix b/host/Rory-nginx/services/nginx/rory.gay/matrix.nix
index d48f4ca..d48f4ca 100755..100644
--- a/host/Rory-nginx/services/nginx/rory.gay/matrix.nix
+++ b/host/Rory-nginx/services/nginx/rory.gay/matrix.nix
diff --git a/host/Rory-nginx/services/nginx/rory.gay/matrixunittests.nix b/host/Rory-nginx/services/nginx/rory.gay/matrixunittests.nix
index edb1704..edb1704 100755..100644
--- a/host/Rory-nginx/services/nginx/rory.gay/matrixunittests.nix
+++ b/host/Rory-nginx/services/nginx/rory.gay/matrixunittests.nix
diff --git a/host/Rory-nginx/services/nginx/rory.gay/mru.nix b/host/Rory-nginx/services/nginx/rory.gay/mru.nix
index dd59830..d1e1cd7 100755..100644
--- a/host/Rory-nginx/services/nginx/rory.gay/mru.nix
+++ b/host/Rory-nginx/services/nginx/rory.gay/mru.nix
@@ -1,12 +1,12 @@
{
enableACME = true;
addSSL = true;
- quic = true;
+# quic = true;
http3 = true;
http3_hq = true;
kTLS = true;
root = "/data/nginx/html_mru";
- reuseport = true;
+# reuseport = true;
extraConfig = ''
brotli off;
brotli_static off;
diff --git a/host/Rory-nginx/services/nginx/rory.gay/pcpoc.nix b/host/Rory-nginx/services/nginx/rory.gay/pcpoc.nix
index b62c5fe..b62c5fe 100755..100644
--- a/host/Rory-nginx/services/nginx/rory.gay/pcpoc.nix
+++ b/host/Rory-nginx/services/nginx/rory.gay/pcpoc.nix
diff --git a/host/Rory-nginx/services/nginx/rory.gay/root.nix b/host/Rory-nginx/services/nginx/rory.gay/root.nix
index 11d06c0..11d06c0 100755..100644
--- a/host/Rory-nginx/services/nginx/rory.gay/root.nix
+++ b/host/Rory-nginx/services/nginx/rory.gay/root.nix
diff --git a/host/Rory-nginx/services/nginx/rory.gay/wad-api.nix b/host/Rory-nginx/services/nginx/rory.gay/wad-api.nix
index 65e9bdb..65e9bdb 100755..100644
--- a/host/Rory-nginx/services/nginx/rory.gay/wad-api.nix
+++ b/host/Rory-nginx/services/nginx/rory.gay/wad-api.nix
diff --git a/host/Rory-nginx/services/nginx/thearcanebrony.net/awooradio.nix b/host/Rory-nginx/services/nginx/thearcanebrony.net/awooradio.nix
index f13cb0c..f13cb0c 100755..100644
--- a/host/Rory-nginx/services/nginx/thearcanebrony.net/awooradio.nix
+++ b/host/Rory-nginx/services/nginx/thearcanebrony.net/awooradio.nix
diff --git a/host/Rory-nginx/services/nginx/thearcanebrony.net/root.nix b/host/Rory-nginx/services/nginx/thearcanebrony.net/root.nix
index 86dddac..86dddac 100755..100644
--- a/host/Rory-nginx/services/nginx/thearcanebrony.net/root.nix
+++ b/host/Rory-nginx/services/nginx/thearcanebrony.net/root.nix
diff --git a/host/Rory-nginx/services/nginx/thearcanebrony.net/search.nix b/host/Rory-nginx/services/nginx/thearcanebrony.net/search.nix
index cd655d8..cd655d8 100755..100644
--- a/host/Rory-nginx/services/nginx/thearcanebrony.net/search.nix
+++ b/host/Rory-nginx/services/nginx/thearcanebrony.net/search.nix
diff --git a/host/Rory-nginx/services/nginx/thearcanebrony.net/sentry.nix b/host/Rory-nginx/services/nginx/thearcanebrony.net/sentry.nix
index f496190..f496190 100755..100644
--- a/host/Rory-nginx/services/nginx/thearcanebrony.net/sentry.nix
+++ b/host/Rory-nginx/services/nginx/thearcanebrony.net/sentry.nix
diff --git a/host/Rory-nginx/services/ollama.nix b/host/Rory-nginx/services/ollama.nix
index c9709da..16f4e1c 100755..100644
--- a/host/Rory-nginx/services/ollama.nix
+++ b/host/Rory-nginx/services/ollama.nix
@@ -10,8 +10,10 @@
environmentVariables = {
OLLAMA_LLM_LIBRARY = "cpu_avx2";
};
- writablePaths = [ "/data/ollama/home" ];
- listenAddress = "0.0.0.0:11434";
- sandbox = false;
+ #listenAddress = "0.0.0.0:11434";
+ host = "0.0.0.0";
+ port = 11434;
+ user = "ollama";
+ group = "ollama";
};
}
diff --git a/host/Rory-nginx/services/postgres.nix b/host/Rory-nginx/services/postgres.nix
index c728151..f0fb3e7 100755..100644
--- a/host/Rory-nginx/services/postgres.nix
+++ b/host/Rory-nginx/services/postgres.nix
@@ -5,7 +5,7 @@
services.postgresql = {
enable = true;
- package = pkgs.postgresql_16;
+ package = pkgs.postgresql_16_jit;
enableTCPIP = true;
authentication = pkgs.lib.mkOverride 10 ''
# TYPE, DATABASE, USER, ADDRESS, METHOD
@@ -27,8 +27,8 @@
max_connections = 2500;
superuser_reserved_connections = 3;
- shared_buffers = "32GB";
- work_mem = "16GB";
+ shared_buffers = "64GB";
+ work_mem = "32GB";
maintenance_work_mem = "8GB";
huge_pages = "try";
effective_cache_size = "64GB"; # was 22
@@ -44,17 +44,17 @@
wal_level = "replica";
max_wal_senders = 0;
- synchronous_commit = "off"; # was ond3
+ synchronous_commit = "on"; # was ond3
checkpoint_timeout = "15min";
checkpoint_completion_target = "0.9";
max_wal_size = "2GB";
min_wal_size = "1GB";
- wal_compression = "on";
+ wal_compression = "off";
wal_buffers = "-1";
- wal_writer_delay = "200ms";
- wal_writer_flush_after = "1MB";
+ wal_writer_delay = "500ms"; # was 100
+ wal_writer_flush_after = "32MB"; # was 1
#checkpoint_segments = "64"; # additional
default_statistics_target = "250"; # additional
@@ -63,10 +63,10 @@
bgwriter_lru_multiplier = "2.0";
bgwriter_flush_after = "0";
- max_worker_processes = "32"; # was 14
- max_parallel_workers_per_gather = "16"; # was 7
- max_parallel_maintenance_workers = "16"; # was 7
- max_parallel_workers = "32"; # was 14
+ max_worker_processes = "64"; # was 14
+ max_parallel_workers_per_gather = "32"; # was 7
+ max_parallel_maintenance_workers = "32"; # was 7
+ max_parallel_workers = "64"; # was 14
parallel_leader_participation = "on";
enable_partitionwise_join = "on";
@@ -80,20 +80,20 @@
};
};
-# services.prometheus.exporters.postgres = {
-# enable = true;
-# port = 9187;
-# extraFlags = [
-# "--collector.database_wraparound"
-# "--collector.long_running_transactions"
-# "--collector.postmaster"
-# "--collector.process_idle"
-# "--collector.stat_activity_autovacuum"
-# "--collector.stat_statements"
-# #"--collector.stat_wal_receiver" #we dont have WAL receivers
-# "--collector.statio_user_indexes"
-# "--collector.xlog_location"
-# ];
-# };
+ # services.prometheus.exporters.postgres = {
+ # enable = true;
+ # port = 9187;
+ # extraFlags = [
+ # "--collector.database_wraparound"
+ # "--collector.long_running_transactions"
+ # "--collector.postmaster"
+ # "--collector.process_idle"
+ # "--collector.stat_activity_autovacuum"
+ # "--collector.stat_statements"
+ # #"--collector.stat_wal_receiver" #we dont have WAL receivers
+ # "--collector.statio_user_indexes"
+ # "--collector.xlog_location"
+ # ];
+ # };
}
diff --git a/host/Rory-ovh/configuration.nix b/host/Rory-ovh/configuration.nix
new file mode 100755
index 0000000..3ded494
--- /dev/null
+++ b/host/Rory-ovh/configuration.nix
@@ -0,0 +1,122 @@
+{
+ pkgs,
+ lib,
+ nixpkgs-Draupnir,
+ nixpkgs-DraupnirPkg,
+ ...
+}:
+
+{
+ imports = [
+ ../../modules/base-server.nix
+ ../../modules/users/levi.nix
+ ../../modules/users/db2k.nix
+ ../../modules/users/ks.nix
+ ../../modules/users/Alice.nix
+
+ ./services/prometheus.nix
+
+ ./services/nginx/nginx.nix
+ ./services/cgit.nix
+ ./services/postgres.nix
+ ./services/matrix/synapse/synapse-main.nix
+ ./services/matrix/draupnir.nix
+ ./services/email/root.nix
+ #./services/wireguard/wireguard.nix
+ ./services/safensound.nix
+ ];
+
+ users.groups.ocp = { };
+ boot.loader.grub.devices = lib.mkForce [ "nodev" ];
+ networking = {
+ hostName = "Rory-ovh";
+ nat = {
+ enable = true;
+ internalInterfaces = [
+ "ve-+"
+ "vb-+"
+ ];
+ externalInterface = "enp98s0f0";
+ enableIPv6 = false;
+ };
+ enableIPv6 = lib.mkForce false;
+ nameservers = lib.mkForce [ "1.1.1.1" ];
+ firewall.enable = lib.mkForce true;
+ resolvconf.enable = false;
+ defaultGateway = lib.mkForce null;
+ defaultGateway6 = lib.mkForce null;
+ };
+
+ systemd.network = {
+ enable = true;
+ networks.enp98s0f0 = {
+ name = "enp98s0f0";
+ DHCP = "no";
+ #gateway = [ "51.210.113.254" ];
+ routes = [
+ {
+ Gateway = "51.210.113.254";
+ GatewayOnLink = true;
+ }
+ ];
+ address = [ "51.210.113.110/32" ];
+ };
+ };
+
+ monitoring = {
+ monitorAll = true;
+ localPrometheus = true;
+ exposePrometheus = true;
+ localGrafana = true;
+ exposeGrafana = true;
+ nginxHost = "monitoring.rory.gay";
+ nginxSsl = true;
+ };
+
+ nixpkgs.config.permittedInsecurePackages = [
+ "olm-3.2.16"
+ "dotnet-runtime-wrapped-7.0.20"
+ "dotnet-runtime-7.0.20"
+ "dotnet-sdk-7.0.20"
+ ];
+ services.irqbalance.enable = true;
+
+ environment.memoryAllocator.provider = "jemalloc";
+
+ containers."draupnir-cme" = import ./services/containers/draupnir-cme/container.nix {
+ inherit
+ pkgs
+ lib
+ nixpkgs-Draupnir
+ nixpkgs-DraupnirPkg
+ ;
+ };
+
+ containers."draupnir-fedora" = import ./services/containers/draupnir-fedora/container.nix {
+ inherit
+ pkgs
+ lib
+ nixpkgs-Draupnir
+ nixpkgs-DraupnirPkg
+ ;
+ };
+
+ containers."draupnir-ansible" = import ./services/containers/draupnir-ansible/container.nix {
+ inherit
+ pkgs
+ lib
+ nixpkgs-Draupnir
+ nixpkgs-DraupnirPkg
+ ;
+ };
+
+ system.stateVersion = "22.11"; # DO NOT EDIT!
+
+ environment.systemPackages = with pkgs; [ waypipe ];
+
+ nix.nrBuildUsers = 128;
+ services.owncast = {
+ enable = true;
+ port = 1934;
+ };
+}
diff --git a/host/Rory-ovh/hooks/post-rebuild.sh b/host/Rory-ovh/hooks/post-rebuild.sh
new file mode 100755
index 0000000..f4f5896
--- /dev/null
+++ b/host/Rory-ovh/hooks/post-rebuild.sh
@@ -0,0 +1,30 @@
+#!/usr/bin/env nix-shell
+#!nix-shell -i bash -p curl gnused nix coreutils jq openssl
+#set -x
+exit
+REG_KEY=`cat /var/lib/matrix-synapse/registration_shared_secret.txt`
+LOCALPART='rory.gay'
+REACHABLE_DOMAIN='http://localhost:8008'
+
+# -- LICENSE: CNPL v7+ - https://thufie.lain.haus/files/CNPLv7.md
+# Modified from Nyaaori (https://nyaaori.cat) <+@nyaaori.cat>
+# Explicit authorisation to use the code has been granted by the original author
+# for use by members of the Rory& system (https://rory.gay)
+
+# the magic function:
+register(){
+ echo "Registering $1"
+ _nonce=`curl -s http://localhost:8008/_synapse/admin/v1/register | jq -r .nonce`
+ #data: nonce, domain, username, password
+ _hmac=`printf '%s\0%s\0%s\0%s' "$_nonce" "$1" "$2" "admin" | openssl dgst -sha1 -hmac "$REG_KEY" | awk '{print $2}'`
+ curl -s -XPOST -d '{"nonce": "'"$_nonce"'", "username": "'"$1"'", "displayname": "'"$1"'", "password": "'"$2"'", "admin": true, "mac": "'"$_hmac"'"}' $REACHABLE_DOMAIN/_synapse/admin/v1/register | tee -a matrix-user-tokens.txt
+ echo
+}
+
+# -- END OF LICENSED CODE
+
+#PASSWD=`cat /etc/matrix-user-pass`
+#for u in {draupnir,Alicia,Emma,Rory,root,Quetzelle}
+#do
+# register $u $PASSWD
+#done
diff --git a/host/Rory-ovh/services/cgit.nix b/host/Rory-ovh/services/cgit.nix
new file mode 100644
index 0000000..cbdc350
--- /dev/null
+++ b/host/Rory-ovh/services/cgit.nix
@@ -0,0 +1,62 @@
+{ pkgs, lib, cgit-magenta, ... }:
+
+let
+ pkg = cgit-magenta.packages.${pkgs.stdenv.hostPlatform.system}.default;
+ base_cgit_config = {
+ enable = true;
+ nginx.virtualHost = "cgit.rory.gay";
+ #package = pkgs.cgit-pink;
+ package = pkg;
+ scanPath = "/data/git";
+ settings = {
+ css = "/cgit.css";
+ logo = "/cgit.png";
+ favicon = "/favicon.ico";
+ readme = ":README.MD";
+ about-filter = "${pkg}/lib/cgit/filters/about-formatting.sh";
+ source-filter = "${pkg}/lib/cgit/filters/syntax-highlighting.py";
+ clone-url = (
+ lib.concatStringsSep " " [
+ "https://cgit.rory.gay/$CGIT_REPO_URL"
+ "ssh://<user>@git.rory.gay:$CGIT_REPO_URL"
+ ]
+ );
+ enable-log-filecount = 1;
+ enable-log-linecount = 1;
+ enable-git-config = 1;
+ #testing
+ enable-blame = 1;
+ enable-commit-graph = 1;
+ enable-follow-links = 1;
+ enable-http-clone = 1;
+ enable-index-links = 1;
+ enable-remote-branches = 1;
+ enable-subject-links = 1;
+ enable-tree-linenumbers = 1;
+ max-atom-items = 100;
+ max-commit-count = 250;
+ max-repo-count = 500;
+ snapshots = "tar.xz";
+ #side-by-side-diffs = 1;
+
+ root-title = "cgit.rory.gay";
+ root-desc = "Rory&s Git Repositories";
+ };
+ };
+in
+{
+ services.cgit."main" = base_cgit_config;
+ services.fcgiwrap.instances."cgit-main".process.prefork = 32;
+
+ services.cgit."ocp" = lib.attrsets.recursiveUpdate base_cgit_config {
+ scanPath = "/data/git/.ocp";
+ nginx.location = "/.ocp/";
+ settings.clone-url = (
+ lib.concatStringsSep " " [
+ "https://cgit.rory.gay/.ocp/$CGIT_REPO_URL"
+ "ssh://<user>@git.rory.gay:.ocp/$CGIT_REPO_URL"
+ ]
+ );
+ };
+ services.fcgiwrap.instances."cgit-ocp".process.prefork = 32;
+}
diff --git a/host/Rory-ovh/services/containers/draupnir-ansible/container.nix b/host/Rory-ovh/services/containers/draupnir-ansible/container.nix
new file mode 100644
index 0000000..5ab1aed
--- /dev/null
+++ b/host/Rory-ovh/services/containers/draupnir-ansible/container.nix
@@ -0,0 +1,37 @@
+{
+# nixpkgs-Draupnir,
+# nixpkgs-DraupnirPkg,
+ ...
+}:
+
+{
+ privateNetwork = true;
+ autoStart = true;
+ specialArgs = {
+# inherit nixpkgs-Draupnir;
+# inherit nixpkgs-DraupnirPkg;
+ };
+ config =
+ { lib, pkgs, ... }:
+ {
+ imports = [
+ ../shared.nix
+ ./root.nix
+ ./services/draupnir.nix
+# "${nixpkgs-Draupnir}/nixos/modules/services/matrix/draupnir.nix"
+ ];
+# nixpkgs.overlays = [
+# (final: prev: {
+# draupnir = nixpkgs-DraupnirPkg.legacyPackages.${pkgs.stdenv.hostPlatform.system}.draupnir;
+# })
+# ];
+ };
+ hostAddress = "192.168.100.1";
+ localAddress = "192.168.100.19";
+
+ bindMounts."draupnir-access-token" = {
+ hostPath = "/data/secrets/draupnir-ansible-access-token";
+ mountPoint = "/etc/draupnir-access-token";
+ isReadOnly = true;
+ };
+}
diff --git a/host/Rory-nginx/services/containers/draupnir-cme/root.nix b/host/Rory-ovh/services/containers/draupnir-ansible/root.nix
index e4da810..0ebce9e 100755..100644
--- a/host/Rory-nginx/services/containers/draupnir-cme/root.nix
+++ b/host/Rory-ovh/services/containers/draupnir-ansible/root.nix
@@ -1,12 +1,7 @@
{ ... }:
{
- environment.etc."resolv.conf".text = ''
- nameserver 8.8.8.8
- nameserver 8.4.4.8
- nameserver 1.1.1.1
- nameserver 1.0.0.1
- '';
+ networking.useHostResolvConf = true;
networking.hosts = {
"192.168.100.1" = [
diff --git a/host/Rory-ovh/services/containers/draupnir-ansible/services/draupnir.nix b/host/Rory-ovh/services/containers/draupnir-ansible/services/draupnir.nix
new file mode 100644
index 0000000..c05b170
--- /dev/null
+++ b/host/Rory-ovh/services/containers/draupnir-ansible/services/draupnir.nix
@@ -0,0 +1,30 @@
+{ ... }:
+
+{
+ services.draupnir = {
+ enable = true;
+ secrets.accessToken = "/etc/draupnir-access-token";
+
+ settings = {
+ homeserverUrl = "https://matrix.rory.gay";
+ managementRoom = "#draupnir-ansible-mgmt:rory.gay";
+ recordIgnoredInvites = true; # We want to be aware of invites
+ autojoinOnlyIfManager = true; # ... but we don't want the bot to be invited to eg. Matrix HQ...
+ automaticallyRedactForReasons = [ "*" ]; # Always autoredact
+ fasterMembershipChecks = true;
+
+ backgroundDelayMS = 10; # delay isn't needed, I don't mind the performance hit
+ pollReports = false;
+
+ admin.enableMakeRoomAdminCommand = false;
+ commands.ban.defaultReasons = [ "spam" ];
+
+ protections = {
+ wordlist = {
+ words = [ "https://postimg.cc/" ];
+ minutesBeforeTrusting = 0;
+ };
+ };
+ };
+ };
+}
diff --git a/host/Rory-ovh/services/containers/draupnir-cme/container.nix b/host/Rory-ovh/services/containers/draupnir-cme/container.nix
new file mode 100755
index 0000000..b1ee74b
--- /dev/null
+++ b/host/Rory-ovh/services/containers/draupnir-cme/container.nix
@@ -0,0 +1,37 @@
+{
+ #nixpkgs-Draupnir,
+ #nixpkgs-DraupnirPkg,
+ ...
+}:
+
+{
+ privateNetwork = true;
+ autoStart = true;
+ specialArgs = {
+ #inherit nixpkgs-Draupnir;
+ #inherit nixpkgs-DraupnirPkg;
+ };
+ config =
+ { lib, pkgs, ... }:
+ {
+ imports = [
+ ../shared.nix
+ ./root.nix
+ ./services/draupnir.nix
+ #"${nixpkgs-Draupnir}/nixos/modules/services/matrix/draupnir.nix"
+ ];
+# nixpkgs.overlays = [
+# (final: prev: {
+# draupnir = nixpkgs-DraupnirPkg.legacyPackages.${pkgs.stdenv.hostPlatform.system}.draupnir;
+# })
+# ];
+ };
+ hostAddress = "192.168.100.1";
+ localAddress = "192.168.100.17";
+
+ bindMounts."draupnir-access-token" = {
+ hostPath = "/data/secrets/draupnir-cme-access-token";
+ mountPoint = "/etc/draupnir-access-token";
+ isReadOnly = true;
+ };
+}
diff --git a/host/Rory-ovh/services/containers/draupnir-cme/root.nix b/host/Rory-ovh/services/containers/draupnir-cme/root.nix
new file mode 100755
index 0000000..0ebce9e
--- /dev/null
+++ b/host/Rory-ovh/services/containers/draupnir-cme/root.nix
@@ -0,0 +1,16 @@
+{ ... }:
+
+{
+ networking.useHostResolvConf = true;
+
+ networking.hosts = {
+ "192.168.100.1" = [
+ "matrix.rory.gay"
+ "rory.gay"
+ ];
+ };
+
+ networking.firewall = {
+ enable = true;
+ };
+}
diff --git a/host/Rory-nginx/services/containers/draupnir-cme/services/draupnir.nix b/host/Rory-ovh/services/containers/draupnir-cme/services/draupnir.nix
index cf59809..4b3cd57 100755
--- a/host/Rory-nginx/services/containers/draupnir-cme/services/draupnir.nix
+++ b/host/Rory-ovh/services/containers/draupnir-cme/services/draupnir.nix
@@ -3,10 +3,10 @@
{
services.draupnir = {
enable = true;
- accessTokenFile = "/etc/draupnir-access-token";
- homeserverUrl = "https://matrix.rory.gay";
+ secrets.accessToken = "/etc/draupnir-access-token";
settings = {
+ homeserverUrl = "https://matrix.rory.gay";
managementRoom = "#draupnir-cme:rory.gay";
recordIgnoredInvites = true; # We want to be aware of invites
autojoinOnlyIfManager = true; # ... but we don't want the bot to be invited to eg. Matrix HQ...
diff --git a/host/Rory-ovh/services/containers/draupnir-fedora/container.nix b/host/Rory-ovh/services/containers/draupnir-fedora/container.nix
new file mode 100644
index 0000000..5ba9765
--- /dev/null
+++ b/host/Rory-ovh/services/containers/draupnir-fedora/container.nix
@@ -0,0 +1,37 @@
+{
+# nixpkgs-Draupnir,
+# nixpkgs-DraupnirPkg,
+ ...
+}:
+
+{
+ privateNetwork = true;
+ autoStart = true;
+ specialArgs = {
+# inherit nixpkgs-Draupnir;
+# inherit nixpkgs-DraupnirPkg;
+ };
+ config =
+ { lib, pkgs, ... }:
+ {
+ imports = [
+ ../shared.nix
+ ./root.nix
+ ./services/draupnir.nix
+# "${nixpkgs-Draupnir}/nixos/modules/services/matrix/draupnir.nix"
+ ];
+# nixpkgs.overlays = [
+# (final: prev: {
+# draupnir = nixpkgs-DraupnirPkg.legacyPackages.${pkgs.stdenv.hostPlatform.system}.draupnir;
+# })
+# ];
+ };
+ hostAddress = "192.168.100.1";
+ localAddress = "192.168.100.18";
+
+ bindMounts."draupnir-access-token" = {
+ hostPath = "/data/secrets/draupnir-fedora-access-token";
+ mountPoint = "/etc/draupnir-access-token";
+ isReadOnly = true;
+ };
+}
diff --git a/host/Rory-ovh/services/containers/draupnir-fedora/root.nix b/host/Rory-ovh/services/containers/draupnir-fedora/root.nix
new file mode 100644
index 0000000..0ebce9e
--- /dev/null
+++ b/host/Rory-ovh/services/containers/draupnir-fedora/root.nix
@@ -0,0 +1,16 @@
+{ ... }:
+
+{
+ networking.useHostResolvConf = true;
+
+ networking.hosts = {
+ "192.168.100.1" = [
+ "matrix.rory.gay"
+ "rory.gay"
+ ];
+ };
+
+ networking.firewall = {
+ enable = true;
+ };
+}
diff --git a/host/Rory-nginx/services/containers/draupnir-linux-mint/services/draupnir.nix b/host/Rory-ovh/services/containers/draupnir-fedora/services/draupnir.nix
index 042651a..a39b3a9 100755..100644
--- a/host/Rory-nginx/services/containers/draupnir-linux-mint/services/draupnir.nix
+++ b/host/Rory-ovh/services/containers/draupnir-fedora/services/draupnir.nix
@@ -3,11 +3,11 @@
{
services.draupnir = {
enable = true;
- accessTokenFile = "/etc/draupnir-access-token";
- homeserverUrl = "https://matrix.rory.gay";
+ secrets.accessToken = "/etc/draupnir-access-token";
settings = {
- managementRoom = "#draupnir-linux-mint:rory.gay";
+ homeserverUrl = "https://matrix.rory.gay";
+ managementRoom = "#draupnir-fedora-mgmt:rory.gay";
recordIgnoredInvites = true; # We want to be aware of invites
autojoinOnlyIfManager = true; # ... but we don't want the bot to be invited to eg. Matrix HQ...
automaticallyRedactForReasons = [ "*" ]; # Always autoredact
@@ -17,10 +17,14 @@
pollReports = false;
admin.enableMakeRoomAdminCommand = false;
- commands.ban.defaultReasons = [
- "spam"
- "code of conduct violation"
- ];
+ commands.ban.defaultReasons = [ "spam" ];
+
+ protections = {
+ wordlist = {
+ words = [ "https://postimg.cc/" ];
+ minutesBeforeTrusting = 0;
+ };
+ };
};
};
}
diff --git a/host/Rory-ovh/services/containers/shared.nix b/host/Rory-ovh/services/containers/shared.nix
new file mode 100644
index 0000000..f267ff0
--- /dev/null
+++ b/host/Rory-ovh/services/containers/shared.nix
@@ -0,0 +1,17 @@
+{ pkgs, ... }:
+{
+ environment.systemPackages = with pkgs; [
+ neofetch
+ lnav
+ zsh
+ git
+ lsd
+ htop
+ btop
+ duf
+ kitty.terminfo
+ neovim
+ jq
+ dig
+ ];
+}
diff --git a/host/Rory-ovh/services/email/autoconfig.nix b/host/Rory-ovh/services/email/autoconfig.nix
new file mode 100644
index 0000000..5f3bce2
--- /dev/null
+++ b/host/Rory-ovh/services/email/autoconfig.nix
@@ -0,0 +1,18 @@
+{ config, ... }:
+{
+ services.go-autoconfig = {
+ enable = !config.virtualisation.isVmVariant;
+ settings = {
+ service_addr = ":1323";
+ domain = "autoconfig.rory.gay";
+ imap = {
+ server = "rory.gay";
+ port = 993;
+ };
+ smtp = {
+ server = "rory.gay";
+ port = 587;
+ };
+ };
+ };
+}
diff --git a/host/Rory-ovh/services/email/maddy.conf b/host/Rory-ovh/services/email/maddy.conf
new file mode 100644
index 0000000..1d3eb2f
--- /dev/null
+++ b/host/Rory-ovh/services/email/maddy.conf
@@ -0,0 +1,124 @@
+
+# Minimal configuration with TLS disabled, adapted from upstream example
+# configuration here https://github.com/foxcpp/maddy/blob/master/maddy.conf
+# Do not use this in production!
+
+auth.pass_table local_authdb {
+ table sql_table {
+ driver sqlite3
+ dsn credentials.db
+ table_name passwords
+ }
+}
+
+storage.imapsql local_mailboxes {
+ driver sqlite3
+ dsn imapsql.db
+}
+
+table.chain local_rewrites {
+ optional_step regexp "(.+)\+(.+)@(.+)" "$1@$3"
+ optional_step static {
+ entry postmaster root@$(primary_domain)
+ }
+ optional_step file /etc/maddy/aliases
+}
+
+msgpipeline local_routing {
+ destination postmaster $(local_domains) {
+ modify {
+ replace_rcpt &local_rewrites
+ }
+ deliver_to &local_mailboxes
+ }
+ default_destination {
+ reject 550 5.1.1 "User doesn't exist"
+ }
+}
+
+smtp tcp://0.0.0.0:25 {
+ limits {
+ all rate 20 1s
+ all concurrency 10
+ }
+ dmarc yes
+ check {
+ require_mx_record
+ dkim
+ spf
+ }
+ source $(local_domains) {
+ reject 501 5.1.8 "Use Submission for outgoing SMTP"
+ }
+ default_source {
+ destination postmaster $(local_domains) {
+ deliver_to &local_routing
+ }
+ default_destination {
+ reject 550 5.1.1 "User doesn't exist"
+ }
+ }
+}
+
+submission tls://0.0.0.0:465 tcp://0.0.0.0:587 {
+ limits {
+ all rate 50 1s
+ }
+ auth &local_authdb
+ source $(local_domains) {
+ check {
+ authorize_sender {
+ prepare_email &local_rewrites
+ user_to_email identity
+ }
+ }
+ destination postmaster $(local_domains) {
+ deliver_to &local_routing
+ }
+ default_destination {
+ modify {
+ dkim $(primary_domain) $(local_domains) default
+ }
+ deliver_to &remote_queue
+ }
+ }
+ default_source {
+ reject 501 5.1.8 "Non-local sender domain"
+ }
+}
+
+target.remote outbound_delivery {
+ limits {
+ destination rate 20 1s
+ destination concurrency 10
+ }
+ mx_auth {
+ dane
+ mtasts {
+ cache fs
+ fs_dir mtasts_cache/
+ }
+ local_policy {
+ min_tls_level encrypted
+ min_mx_level none
+ }
+ }
+}
+
+target.queue remote_queue {
+ target &outbound_delivery
+ autogenerated_msg_domain $(primary_domain)
+ bounce {
+ destination postmaster $(local_domains) {
+ deliver_to &local_routing
+ }
+ default_destination {
+ reject 550 5.0.0 "Refusing to send DSNs to non-local addresses"
+ }
+ }
+}
+
+imap tls://0.0.0.0:993 tcp://0.0.0.0:143 {
+ auth &local_authdb
+ storage &local_mailboxes
+}
\ No newline at end of file
diff --git a/host/Rory-ovh/services/email/maddy.nix b/host/Rory-ovh/services/email/maddy.nix
new file mode 100644
index 0000000..548cb1a
--- /dev/null
+++ b/host/Rory-ovh/services/email/maddy.nix
@@ -0,0 +1,71 @@
+{
+ lib,
+ pkgs,
+ options,
+ config,
+ ...
+}:
+{
+ config = lib.mkIf (!config.virtualisation.isVmVariant) {
+ services.maddy = {
+ enable = true;
+ primaryDomain = "rory.gay";
+ hostname = "mail.rory.gay";
+ ensureAccounts = [
+ "root@rory.gay"
+ ];
+ ensureCredentials = {
+ "root@rory.gay".passwordFile = "/var/lib/maddy/passwd/root";
+ };
+ config = builtins.readFile ./maddy.conf;
+ # builtins.replaceStrings
+ # [
+ # "imap tcp://0.0.0.0:143"
+ # "submission tcp://0.0.0.0:587"
+ # "entry postmaster postmaster@$(primary_domain)"
+ # ]
+ # [
+ # "imap tls://0.0.0.0:993 tcp://0.0.0.0:143"
+ # "submission tls://0.0.0.0:465 tcp://0.0.0.0:587"
+ # "entry postmaster root@$(primary_domain)"
+ # ]
+ # options.services.maddy.config.default;
+
+ tls = {
+ loader = "file";
+ certificates = [
+ {
+ # certPath = "/var/lib/acme/mail.rory.gay/fullchain.pem";
+ # keyPath = "/var/lib/acme/mail.rory.gay/key.pem";
+ certPath = "/run/credentials/maddy.service/acme-fullchain.pem";
+ keyPath = "/run/credentials/maddy.service/acme-key.pem";
+ }
+ ];
+ };
+ };
+
+ networking.firewall.allowedTCPPorts = [
+ 25
+ 143
+ 465
+ 587
+ 993
+ ];
+
+ users.users.maddy.extraGroups = [ "nginx" ];
+
+ fileSystems."/var/lib/maddy" = {
+ depends = [ "/" ];
+ device = "/data/maddy";
+ fsType = "none";
+ options = [ "bind" ];
+ };
+
+ systemd.services.maddy.serviceConfig = {
+ LoadCredential = [
+ "acme-fullchain.pem:/var/lib/acme/rory.gay/fullchain.pem"
+ "acme-key.pem:/var/lib/acme/rory.gay/key.pem"
+ ];
+ };
+ };
+}
diff --git a/host/Rory-ovh/services/email/nginx.nix b/host/Rory-ovh/services/email/nginx.nix
new file mode 100644
index 0000000..5b04612
--- /dev/null
+++ b/host/Rory-ovh/services/email/nginx.nix
@@ -0,0 +1,32 @@
+{ config, ... }:
+{
+ services.nginx.virtualHosts = {
+ "mta-sts.rory.gay" = {
+ enableACME = !config.virtualisation.isVmVariant;
+ forceSSL = !config.virtualisation.isVmVariant;
+ locations = {
+ "/.well-known/mta-sts.txt" = {
+ # age 604800
+ return = ''
+ 200 "version: STSv1
+ mode: enforce
+ max_age: 120
+ mx: mail.rory.gay
+ "'';
+ };
+ };
+ };
+ "mail.rory.gay" = {
+ enableACME = !config.virtualisation.isVmVariant;
+ forceSSL = !config.virtualisation.isVmVariant;
+ locations = {
+ "/".return = "200 'OK'";
+ };
+ };
+ "autoconfig.rory.gay" = {
+ enableACME = !config.virtualisation.isVmVariant;
+ forceSSL = !config.virtualisation.isVmVariant;
+ locations."/".proxyPass = "http://localhost:1323";
+ };
+ };
+}
diff --git a/host/Rory-ovh/services/email/root.nix b/host/Rory-ovh/services/email/root.nix
new file mode 100644
index 0000000..7db85d8
--- /dev/null
+++ b/host/Rory-ovh/services/email/root.nix
@@ -0,0 +1,8 @@
+{ ... }:
+{
+ imports = [
+ ./autoconfig.nix
+ ./maddy.nix
+ ./nginx.nix
+ ];
+}
diff --git a/host/Rory-ovh/services/mastodon.nix b/host/Rory-ovh/services/mastodon.nix
new file mode 100644
index 0000000..56f1808
--- /dev/null
+++ b/host/Rory-ovh/services/mastodon.nix
@@ -0,0 +1,12 @@
+{ ... }:
+
+{
+ services.mastodon = {
+ enable = true;
+ webProcesses = 8;
+ webThreads = 4;
+
+ streamingProcesses = 63;
+ localDomain = "rory.gay";
+ };
+}
diff --git a/host/Rory-nginx/services/matrix/coturn.nix b/host/Rory-ovh/services/matrix/coturn.nix
index 805faa9..805faa9 100755
--- a/host/Rory-nginx/services/matrix/coturn.nix
+++ b/host/Rory-ovh/services/matrix/coturn.nix
diff --git a/host/Rory-nginx/services/matrix/draupnir.nix b/host/Rory-ovh/services/matrix/draupnir.nix
index f20a7d0..3f6d89a 100755
--- a/host/Rory-nginx/services/matrix/draupnir.nix
+++ b/host/Rory-ovh/services/matrix/draupnir.nix
@@ -1,28 +1,20 @@
-{ ... }:
+{ pkgs, draupnirSrc, ... }:
{
services.draupnir = {
+
enable = true;
- homeserverUrl = "https://matrix.rory.gay";
- accessTokenFile = "/etc/draupnir-access-token";
+ secrets.accessToken = "/data/secrets/draupnir-access-token";
- #pantalaimon = {
- # enable = false;
- # username = "draupnir";
- # passwordFile = "/etc/draupnir-password";
- # options = {
- #homeserver = "http://localhost:8008";
- #ssl = false;
- # };
- #};
settings = {
+ homeserverUrl = "https://matrix.rory.gay";
managementRoom = "#draupnir-mgmt:rory.gay";
- verboseLogging = false;
recordIgnoredInvites = true; # Let's log ignored invites, just incase
autojoinOnlyIfManager = true; # Let's not open ourselves up to DoS attacks
automaticallyRedactForReasons = [ "*" ]; # I always want autoredact
fasterMembershipChecks = true;
- roomStateBackingStore.enabled = true; # broken under nix.
+ logLevel = "DEBUG";
+ #roomStateBackingStore.enabled = true; # broken under nix.
backgroundDelayMS = 10; # delay isn't needed, I don't mind the performance hit
pollReports = false; # this is a single person homeserver... let's save ourself the work
@@ -41,6 +33,7 @@
"faggot"
"ywnbaw"
"nigger"
+ "https://postimg.cc/"
];
minutesBeforeTrusting = 0;
};
diff --git a/host/Rory-ovh/services/matrix/grapevine.nix b/host/Rory-ovh/services/matrix/grapevine.nix
new file mode 100755
index 0000000..7368c2a
--- /dev/null
+++ b/host/Rory-ovh/services/matrix/grapevine.nix
@@ -0,0 +1,31 @@
+{ ... }:
+
+{
+ services.grapevine = {
+ enable = true;
+ settings = {
+ conduit_compat = true;
+ server_name = "conduit.rory.gay";
+ #trusted_servers = [ "rory.gay" ];
+ federation.self_test = false;
+
+ listen = [
+ {
+ type = "tcp";
+ address = "127.0.0.1";
+ port = 6167;
+ }
+ ];
+ server_discovery.client.base_url = "https://conduit.rory.gay"; # This is required for some reason
+
+ database = {
+ backend = "rocksdb";
+ };
+ allow_registration = false;
+
+ #log = "info";
+ #log_format = "full";
+ #log = "debug";
+ };
+ };
+}
diff --git a/host/Rory-nginx/services/matrix/matrix-appservice-discord.nix b/host/Rory-ovh/services/matrix/matrix-appservice-discord.nix
index 3041aaa..3041aaa 100755
--- a/host/Rory-nginx/services/matrix/matrix-appservice-discord.nix
+++ b/host/Rory-ovh/services/matrix/matrix-appservice-discord.nix
diff --git a/host/Rory-ovh/services/matrix/ooye.nix b/host/Rory-ovh/services/matrix/ooye.nix
new file mode 100644
index 0000000..7b9c403
--- /dev/null
+++ b/host/Rory-ovh/services/matrix/ooye.nix
@@ -0,0 +1,10 @@
+{ ... }:
+
+{
+ services.matrix-ooye = {
+ enable = true;
+ homeserver = "https://matrix.rory.gay";
+ homeserverName = "rory.gay";
+ enableSynapseIntegration = true;
+ };
+}
diff --git a/host/Rory-ovh/services/matrix/root.nix b/host/Rory-ovh/services/matrix/root.nix
new file mode 100755
index 0000000..d32cc54
--- /dev/null
+++ b/host/Rory-ovh/services/matrix/root.nix
@@ -0,0 +1,13 @@
+{ ... }:
+
+{
+ imports = [
+ ./synapse/synapse-main.nix
+ ./coturn.nix
+ ./matrix-appservice-discord.nix
+ ./draupnir.nix
+ ./grapevine.nix
+ ./ooye.nix
+ ];
+
+}
diff --git a/host/Rory-ovh/services/matrix/synapse/caches.nix b/host/Rory-ovh/services/matrix/synapse/caches.nix
new file mode 100644
index 0000000..f00c78c
--- /dev/null
+++ b/host/Rory-ovh/services/matrix/synapse/caches.nix
@@ -0,0 +1,25 @@
+{
+ gc_min_interval = [
+ "15m"
+ "30m"
+ "60m"
+ ];
+ gc_thresholds = [
+ 10000
+
+ 5000
+ 2500
+ ];
+ event_cache_size = "12000K"; # defaults to 10K
+ caches = {
+ global_factor = 500000.0;
+ cache_entry_ttl = "24h";
+ expire_caches = true;
+ sync_response_cache_duration = "15m";
+ cache_autotuning = {
+ max_cache_memory_usage = "65536M";
+ target_cache_memory_usage = "32768M";
+ min_cache_ttl = "6h";
+ };
+ };
+}
diff --git a/host/Rory-ovh/services/matrix/synapse/db.nix b/host/Rory-ovh/services/matrix/synapse/db.nix
new file mode 100644
index 0000000..409c039
--- /dev/null
+++ b/host/Rory-ovh/services/matrix/synapse/db.nix
@@ -0,0 +1,49 @@
+{
+ workerName ? null,
+ dbGroup ? null,
+}:
+{
+ name = "psycopg2";
+ args = {
+ user = "matrix-synapse-rory-gay";
+ password = "somepassword";
+ database = "matrix-synapse-rory-gay";
+ host = "/run/postgresql";
+ application_name = "matrix-synapse (rory.gay) - ${if workerName == null then throw "synapse/db.nix: workerName unspecified" else workerName}";
+ cp_min =
+ if dbGroup == "solo" then
+ 1
+ else if dbGroup == "small" then
+ 2
+ else if dbGroup == "medium" then
+ 5
+ else if dbGroup == "large" then
+ 10
+ else
+ throw "synapse/db.nix: Invalid dbGroup: ${if dbGroup == null then "null" else dbGroup}";
+ cp_max =
+ if dbGroup == "solo" then
+ 1
+ else if dbGroup == "small" then
+ 2
+ else if dbGroup == "medium" then
+ 10
+ else if dbGroup == "large" then
+ 10
+ else
+ throw "synapse/db.nix: Invalid dbGroup: ${if dbGroup == null then "null" else dbGroup}";
+
+ # cp_reconnect - default=True - https://github.com/element-hq/synapse/blob/develop/synapse/storage/database.py#L129
+ # cp_noisy - default=False - https://docs.twisted.org/en/stable/api/twisted.enterprise.adbapi.ConnectionPool.html#__init__ - info logs during operation
+ # check_same_thread - default=False - https://github.com/element-hq/synapse/blob/develop/synapse/config/database.py#L65 - can this even be set?
+ };
+
+ # synchronous_commit - default=True - https://github.com/element-hq/synapse/blob/develop/synapse/storage/engines/postgres.py#L56
+ # statement_timeout - default=60 * 60 * 1000 ms - https://github.com/element-hq/synapse/blob/develop/synapse/storage/engines/postgres.py#L63
+ # allow_unsafe_locale - default=False - https://github.com/element-hq/synapse/blob/develop/synapse/storage/engines/postgres.py#L99
+ # allow_outdated_version - default=False - https://github.com/element-hq/synapse/blob/develop/synapse/storage/engines/postgres.py#L92 - needs source link
+ # txn_limit - default=0 - https://github.com/element-hq/synapse/blob/develop/synapse/storage/database.py#L564
+
+ statement_timeout = 24 * 60 * 60 * 1000; # 24 hours, good for bg jobs
+ txn_limit = 500; # maybe dropping old data from pg caches helps?
+}
diff --git a/host/Rory-ovh/services/matrix/synapse/ratelimits.nix b/host/Rory-ovh/services/matrix/synapse/ratelimits.nix
new file mode 100644
index 0000000..85f51f2
--- /dev/null
+++ b/host/Rory-ovh/services/matrix/synapse/ratelimits.nix
@@ -0,0 +1,97 @@
+{
+ # messages
+ rc_message = {
+ per_second = 1000000;
+ burst_count = 1000000;
+ };
+ rc_admin_redaction = {
+ per_second = 10000000;
+ burst_count = 10000000;
+ };
+
+ # room joins
+ rc_joins = {
+ local = {
+ per_second = 1000;
+ burst_count = 1000;
+ };
+ remote = {
+ per_second = 1000;
+ burst_count = 1000;
+ };
+ };
+ rc_joins_per_room = {
+ per_second = 1000;
+ burst_count = 1000;
+ };
+
+ # room invites
+ rc_invites = {
+ per_room = {
+ per_second = 1000;
+ burst_count = 1000;
+ };
+ per_user = {
+ per_second = 1000;
+ burst_count = 1000;
+ };
+ per_issuer = {
+ per_second = 1000;
+ burst_count = 1000;
+ };
+ };
+ rc_third_party_invite = {
+ per_second = 1000;
+ burst_count = 1000;
+ };
+
+ # federation
+ rc_federation = {
+ window_size = 10;
+ sleep_limit = 1000;
+ sleep_delay = 100;
+ reject_limit = 1000;
+ concurrent = 100;
+ };
+ federation_rr_transactions_per_room_per_second = 100;
+
+ # media
+ rc_media_create = {
+ per_second = 1000;
+ burst_count = 1000;
+ };
+ remote_media_download_burst_count = "512G";
+ remote_media_download_per_second = "512G";
+
+ # authentication
+ rc_login = {
+ address = {
+ per_second = 1000;
+ burst_count = 1000;
+ };
+ account = {
+ per_second = 1000;
+ burst_count = 1000;
+ };
+ failed_attempts = {
+ per_second = 0.1;
+ burst_count = 3;
+ };
+ };
+ rc_3pid_validation = {
+ per_second = 1000;
+ burst_count = 1000;
+ };
+
+ #presence
+ rc_presence.per_user = {
+ per_second = 1;
+ burst_count = 2;
+ };
+
+ #delayed events
+ rc_delayed_event_mgmt = {
+ per_second = 1000;
+ burst_count = 1000;
+ };
+}
diff --git a/host/Rory-ovh/services/matrix/synapse/synapse-main.nix b/host/Rory-ovh/services/matrix/synapse/synapse-main.nix
new file mode 100755
index 0000000..7907927
--- /dev/null
+++ b/host/Rory-ovh/services/matrix/synapse/synapse-main.nix
@@ -0,0 +1,283 @@
+{ config, pkgs, ... }:
+
+{
+ # Worker plumbing examples: https://github.com/element-hq/synapse/blob/master/docker/configure_workers_and_start.py
+ # Documentation: https://github.com/element-hq/synapse/blob/develop/docs/workers.md
+ services.matrix-synapse = {
+ enable = true;
+ withJemalloc = true;
+ dataDir = "/data/matrix-synapse";
+
+ nginxVirtualHostName = "matrix.rory.gay";
+ enableWorkers = true;
+
+ federationSenders = if config.virtualisation.isVmVariant then 0 else 16; # 16
+ pushers = if config.virtualisation.isVmVariant then 1 else 1;
+ mediaRepoWorkers = if config.virtualisation.isVmVariant then 1 else 2; # 4
+ clientReaders = if config.virtualisation.isVmVariant then 2 else 2; # 4
+ syncWorkers = if config.virtualisation.isVmVariant then 2 else 2; # 4
+ #authWorkers = 0;
+
+ eventCreators = if config.virtualisation.isVmVariant then 2 else 16;
+
+ federationReaders = if config.virtualisation.isVmVariant then 0 else 8; # 8
+ federationInboundWorkers = if config.virtualisation.isVmVariant then 0 else 16; # 8
+
+ enableAppserviceWorker = if config.virtualisation.isVmVariant then true else true;
+ enableBackgroundWorker = if config.virtualisation.isVmVariant then true else true;
+ enableUserDirWorker = if config.virtualisation.isVmVariant then true else true;
+
+ accountDataStreamWriters = 1;
+ eventStreamWriters = 2; # 8
+ presenceStreamWriters = 1;
+ pushRuleStreamWriters = 1;
+ receiptStreamWriters = 1;
+ toDeviceStreamWriters = 1;
+ typingStreamWriters = 1;
+
+ plugins = with pkgs.matrix-synapse-plugins; [
+ synapse-http-antispam
+ ];
+
+ #untested:
+ #sharedStreamWriters = 1;
+
+ # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html
+ settings =
+ {
+ server_name = "rory.gay";
+
+ # use_frozen_dicts = true;
+ # user_agent_suffix = " (rory.gay)";
+
+ # look into later: replication_torture_level - https://github.com/element-hq/synapse/blob/develop/synapse/config/server.py#L560
+ # limit_remote_rooms ???
+ # cleanup_extremities_with_dummy_events - default=True
+ # dummy_events_threshold - default=10 - required forward extremities to send dummy event
+ # enable_ephemeral_messages - default=False - ???
+ # rooms_to_exclude_from_sync - default=[] - room ids...
+ # third_party_event_rules - https://github.com/element-hq/synapse/blob/develop/synapse/config/third_party_event_rules.py - ???
+ # default_power_level_content_override - default=None - https://github.com/element-hq/synapse/blob/develop/synapse/config/room.py#L73
+
+ dummy_events_threshold = 5;
+ cleanup_extremities_with_dummy_events = true;
+
+ enable_registration = true;
+ registration_requires_token = true;
+
+ require_membership_for_aliases = false;
+ redaction_retention_period = null;
+ user_ips_max_age = null;
+ allow_device_name_lookup_over_federation = true;
+
+ federation = {
+ client_timeout = "90s"; # 30 # default=60s
+ max_short_retries = 6; # 12
+ max_short_retry_delay = "10s"; # 5
+ max_long_retries = 5;
+ max_long_retry_delay = "30s";
+
+ # rapid retry, small increments
+ destination_min_retry_interval = "1m"; # default=10m
+ destination_max_retry_interval = "12h"; # default=7d
+ destination_retry_multiplier = 1.1; # 1.2 # default=2
+ };
+
+ registration_shared_secret_path = "/data/secrets/synapse-shared-secret";
+
+ listeners = [
+ {
+ port = 8008;
+ bind_addresses = [ "127.0.0.1" ];
+ type = "http";
+ tls = false;
+ x_forwarded = true;
+ resources = [
+ {
+ names = [
+ "client"
+ "federation"
+ ];
+ compress = false;
+ }
+ ];
+ }
+ {
+ type = "http";
+ path = "/run/matrix-synapse/main.sock";
+ resources = [
+ {
+ names = [ "replication" ];
+ compress = false;
+ }
+ ];
+ }
+ ];
+ presence = {
+ enable = true;
+ update_interval = 60;
+ };
+ database = (
+ import ./db.nix {
+ workerName = "main";
+ dbGroup = "medium";
+ }
+ );
+ app_service_config_files = [
+ #"/etc/matrix-synapse/appservice-registration.yaml"
+ #"/var/lib/matrix-synapse/modas-registration.yaml"
+ ];
+
+ #region Media
+ max_upload_size = "512M";
+
+ max_avatar_size = "512M";
+ max_image_pixels = "250M";
+
+ max_pending_media_uploads = 512;
+ dynamic_thumbnails = true;
+
+ prevent_media_downloads_from = [
+ # none, give me all the media
+ ];
+ enable_authenticated_media = false;
+
+ url_preview_enabled = true;
+ max_spider_size = "50M";
+
+ #endregion
+
+ ui_auth = {
+ session_timeout = "1m";
+ };
+
+ login_via_existing_session = {
+ enabled = true;
+ require_ui_auth = true;
+ token_timeout = "1y";
+ };
+
+ report_stats = false;
+
+ user_directory = {
+ enabled = true;
+ search_all_users = true;
+ prefer_local_users = true;
+ };
+
+ # https://github.com/element-hq/synapse/blob/master/synapse/config/experimental.py
+ experimental_features = {
+ "msc2409_to_device_messages_enabled" = true;
+ "msc2815_enabled" = true; # Redacted event content
+ "msc3026_enabled" = true; # Busy presence
+ "msc3202_transaction_extensions" = true; # appservice transaction extensions (device list/keys)
+ "msc3266_enabled" = true; # Room summary API
+ "msc3391_enabled" = true; # Remove account data
+ "msc3823_account_suspension" = true; # Account suspension
+ "msc3852_enabled" = true; # Last seen on /devices (CS-API/admin)
+ "msc3874_enabled" = true; # filtering /messages with rel_types / not_rel_types
+ "msc3890_enabled" = true; # communicate account data deletion to clients
+ "msc3912_enabled" = true; # /messages with rel_types / not_rel_types and event id
+ "msc3916_authenticated_media_enabled" = true; # Authenticated media
+ "msc4069_profile_inhibit_propagation" = true; # Inhibit profile update propagation
+ "msc4133_enabled" = true; # Custom profile fields
+ "msc4151_enabled" = true; # Report room API (CS-API)
+ "msc4210_enabled" = false; # Remove legacy mentions -- we want this *disabled* for moderation reasons
+ "msc4222_enabled" = true; # state_after in sync
+ };
+
+ redis = {
+ enabled = true;
+ path = "/run/redis-matrix-synapse/redis.sock";
+ };
+
+ instance_map = {
+ main = {
+ # replication listener
+ path = "/run/matrix-synapse/main.sock";
+ };
+ };
+ }
+ // import ./ratelimits.nix
+ // import ./caches.nix;
+ };
+
+ #systemd.services.matrix-synapse-reg-token = {
+ # description = "Random registration token for Synapse.";
+ # before = [ "matrix-synapse.service" ]; # So the registration can be used by Synapse
+ # wantedBy = [ "multi-user.target" ];
+ # after = [ "network.target" ];
+#
+ # script = ''
+ # set -e -x -o pipefail
+ # echo "Starting key generation"
+ # if [ ! -f "registration_shared_secret.txt" ]
+ # then
+ # echo "Generating new key"
+ # strace cat /dev/urandom | tr -dc a-zA-Z0-9 | fold -w 256 | head -n 1 > registration_shared_secret.txt
+ # echo "Key generation complete"
+ # else
+ # echo "Not generating key, key exists"
+ # fi
+ # echo "Script complete"
+ # '';
+ # serviceConfig = {
+ # User = "matrix-synapse";
+ # Group = "matrix-synapse";
+ # WorkingDirectory = "/var/lib/matrix-synapse";
+ # RemainAfterExit = true;
+ # };
+ #};
+
+ services.redis = {
+ package = pkgs.valkey;
+ servers.matrix-synapse = {
+ enable = true;
+ user = "matrix-synapse";
+ };
+ };
+
+ systemd.tmpfiles.rules = [ "D /run/redis-matrix-synapse 0755 matrix-synapse matrix-synapse" ];
+
+ virtualisation.vmVariant = {
+ systemd.tmpfiles.rules = [ "D /run/secrets 0755 nobody nobody" ];
+ systemd.services."matrix-synapse-generate-token" = {
+ # generate /data/secrets/synapse-shared-secret
+ description = "Generate Synapse shared secret";
+ wantedBy = [ "multi-user.target" ];
+ after = [ "network.target" ];
+ before = [ "matrix-synapse.service" ];
+ script = ''
+ set -e -x -o pipefail
+ echo "Starting key generation"
+ if [ ! -f "/data/secrets/synapse-shared-secret" ]
+ then
+ echo "Generating new key"
+ ${pkgs.openssl}/bin/openssl rand -base64 32 > /data/secrets/synapse-shared-secret
+ echo "Key generation complete"
+ else
+ echo "Not generating key, key exists"
+ fi
+ echo "Script complete"
+ '';
+ };
+ systemd.services."matrix-synapse-postgres-init" = {
+ description = "Generate synapse postgres user";
+ wantedBy = [ "multi-user.target" ];
+ after = [ "network.target" "postgresql.service" ];
+ before = [ "matrix-synapse.service" ];
+
+ script = ''
+ set -e -x -o pipefail
+ ${pkgs.postgresql}/bin/createuser ${config.services.matrix-synapse.settings.database.args.user} || true
+ ${pkgs.postgresql}/bin/createdb --encoding=UTF8 --locale=C --template=template0 --owner=${config.services.matrix-synapse.settings.database.args.user} ${config.services.matrix-synapse.settings.database.args.database} || true
+ '';
+ serviceConfig = {
+ User = "postgres";
+ Group = "postgres";
+ WorkingDirectory = config.services.postgresql.dataDir;
+ RemainAfterExit = true;
+ };
+ };
+ };
+}
diff --git a/host/Rory-ovh/services/nginx/nginx.nix b/host/Rory-ovh/services/nginx/nginx.nix
new file mode 100755
index 0000000..d422cc8
--- /dev/null
+++ b/host/Rory-ovh/services/nginx/nginx.nix
@@ -0,0 +1,95 @@
+{ config, pkgs, ... }:
+let
+ serveDir = config: {
+ enableACME = if config ? ssl then config.ssl else !config.virtualisation.isVmVariant;
+ addSSL = if config ? ssl then config.ssl else true;
+ root = if config ? path then config.path else builtins.throw "path is required";
+ locations = {
+ "/" = {
+ index = "index.html";
+ };
+ };
+ };
+in
+{
+ services = {
+ nginx = {
+ enable = true;
+ package = pkgs.nginxQuic;
+ recommendedProxySettings = true;
+ recommendedTlsSettings = true;
+ recommendedZstdSettings = true;
+ #recommendedGzipSettings = true;
+ recommendedBrotliSettings = true;
+ recommendedOptimisation = true;
+ defaultMimeTypes = ../../../../packages/nginx/mime.types;
+ appendConfig = ''
+ worker_processes 16;
+ '';
+ eventsConfig = ''
+ #use kqueue;
+ worker_connections 512;
+ '';
+ appendHttpConfig = ''
+ #sendfile on;
+ disable_symlinks off;
+ log_format combined_vhosts '$remote_addr - $remote_user [$time_local] {host="$host",server_name="$server_name",upstream=$upstream_addr,t=$request_time[u_conn=$upstream_connect_time,u_hdr=$upstream_header_time,u_resp=$upstream_response_time]} "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"';
+ access_log /var/log/nginx/access.log combined_vhosts;
+ '';
+ additionalModules = with pkgs.nginxModules; [ moreheaders ];
+ virtualHosts = {
+ #"boorunav.com" = serveDir { path = "/data/nginx/html_boorunav"; };
+ # "catgirlsaresexy.com" = serveDir { path = "/data/nginx/html_catgirlsaresexy"; };
+ # "sugarcanemc.org" = serveDir { path = "/data/nginx/html_sugarcanemc"; };
+#
+ #"siliconheaven.thearcanebrony.net" = serveDir { path = "/data/nginx/html_siliconheaven"; };
+ #"lfs.thearcanebrony.net" = serveDir { path = "/data/nginx/html_lfs"; };
+ #"git.thearcanebrony.net" = serveDir { path = "/data/nginx/html_git"; };
+ #"files.thearcanebrony.net" = serveDir { path = "/data/nginx/html_files"; };
+ #"spigotav.thearcanebrony.net" = serveDir { path = "/data/nginx/html_spigotav"; };
+ #"terra.thearcanebrony.net" = serveDir { path = "/data/nginx/html_terrarchive"; };
+ #"vives.thearcanebrony.net" = serveDir { path = "/data/nginx/html_vives"; };
+#
+ # "git.rory.gay" = serveDir { path = "/data/nginx/html_git"; };
+ # "wad.rory.gay" = serveDir { path = "/data/nginx/html_wad"; } // {
+ # locations."/".extraConfig = "autoindex on; try_files $uri $uri/ /index.html;";
+ # };
+ # "wad-api.rory.gay" = import ./rory.gay/wad-api.nix;
+#
+ #"thearcanebrony.net" = import ./thearcanebrony.net/root.nix;
+ # "sentry.thearcanebrony.net" = import ./thearcanebrony.net/sentry.nix;
+ # "search.thearcanebrony.net" = import ./thearcanebrony.net/search.nix;
+#
+ "rory.gay" = import ./rory.gay/root.nix { inherit config; };
+ # "lfs.rory.gay" = serveDir { path = "/data/nginx/html_lfs"; };
+#
+ # "awooradio.thearcanebrony.net" = import ./thearcanebrony.net/awooradio.nix;
+ "cgit.rory.gay" = import ./rory.gay/cgit.nix { inherit config; };
+ # #"jitsi.rory.gay" = import ./rory.gay/jitsi.nix;
+#
+ # #matrix...
+ # "conduit.rory.gay" = import ./rory.gay/conduit.nix;
+ "matrix.rory.gay" = import ./rory.gay/matrix.nix { inherit config; };
+ "libmatrix-fed-test.rory.gay" = import ./rory.gay/libmatrix-fed-test.nix { inherit config; };
+ "safensound.rory.gay" = import ./rory.gay/safensound.nix { inherit config; };
+ "demo.safensound.rory.gay" = import ./rory.gay/demo.safensound.nix { inherit config; };
+ "api.safensound.rory.gay" = import ./rory.gay/api.safensound.nix { inherit config; };
+ "stream.rory.gay" = import ./rory.gay/stream.nix { inherit config; };
+ # "pcpoc.rory.gay" = import ./rory.gay/pcpoc.nix;
+ # "matrixunittests.rory.gay" = import ./rory.gay/matrixunittests.nix;
+ # "conduit.matrixunittests.rory.gay" = import ./rory.gay/conduit.matrixunittests.nix;
+ "mru.rory.gay" = import ./rory.gay/mru.nix { inherit config; };
+ "ec.rory.gay" = import ./rory.gay/ec.nix { inherit config; };
+ };
+ };
+ };
+ systemd.services.nginx.serviceConfig = {
+ LimitNOFILE = 5000000;
+ };
+ security.acme.acceptTerms = true;
+ security.acme.defaults.email = "root@rory.gay";
+
+ networking.hosts."127.0.0.1" = builtins.attrNames config.services.nginx.virtualHosts;
+ networking.firewall.allowedTCPPorts = [ 80 443 ];
+ networking.firewall.allowedUDPPorts = [ 443 ];
+}
diff --git a/host/Rory-ovh/services/nginx/rory.gay/api.safensound.nix b/host/Rory-ovh/services/nginx/rory.gay/api.safensound.nix
new file mode 100755
index 0000000..b0ff075
--- /dev/null
+++ b/host/Rory-ovh/services/nginx/rory.gay/api.safensound.nix
@@ -0,0 +1,72 @@
+{ config }:
+{
+ enableACME = !config.virtualisation.isVmVariant;
+ addSSL = !config.virtualisation.isVmVariant;
+ locations."/" = {
+ #proxyPass = "http://127.0.0.1:9001";
+ proxyPass = "http://localhost:7645";
+ extraConfig = ''
+ if ($request_method = 'OPTIONS') {
+ more_set_headers 'Access-Control-Allow-Origin: *';
+ more_set_headers 'Access-Control-Allow-Methods: *';
+ #
+ # Custom headers and headers various browsers *should* be OK with but aren't
+ #
+ more_set_headers 'Access-Control-Allow-Headers: *, Authorization';
+ #
+ # Tell client that this pre-flight info is valid for 20 days
+ #
+ more_set_headers 'Access-Control-Max-Age: 1728000';
+ more_set_headers 'Content-Type: text/plain; charset=utf-8';
+ more_set_headers 'Content-Length: 0';
+ return 204;
+ }
+ '';
+ };
+
+ locations."= /.well-known/matrix/server".extraConfig = ''
+ more_set_headers 'Content-Type application/json';
+ more_set_headers 'Access-Control-Allow-Origin *';
+ return 200 '${builtins.toJSON { "m.server" = "matrix.rory.gay:443"; }}';
+ '';
+ locations."= /.well-known/matrix/client".extraConfig = ''
+ more_set_headers 'Content-Type application/json';
+ more_set_headers 'Access-Control-Allow-Origin *';
+ return 200 '${
+ builtins.toJSON {
+ "m.homeserver".base_url = "https://matrix.rory.gay";
+ "org.matrix.msc3575.proxy".url = "https://matrix.rory.gay";
+ }
+ }';
+ '';
+ locations."= /.well-known/matrix/support".extraConfig = ''
+ more_set_headers 'Content-Type application/json';
+ more_set_headers 'Access-Control-Allow-Origin *';
+ return 200 '${
+ builtins.toJSON {
+ admins = [
+ {
+ matrix_id = "@emma:rory.gay";
+ role = "admin";
+ }
+ {
+ matrix_id = "@alicia:rory.gay";
+ role = "admin";
+ }
+ {
+ matrix_id = "@root:rory.gay";
+ role = "admin";
+ }
+ {
+ matrix_id = "@rory:rory.gay";
+ role = "admin";
+ }
+ ];
+ }
+ }';
+ '';
+
+ locations."~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync)" = {
+ proxyPass = "http://localhost:8100";
+ };
+}
diff --git a/host/Rory-ovh/services/nginx/rory.gay/cgit.nix b/host/Rory-ovh/services/nginx/rory.gay/cgit.nix
new file mode 100755
index 0000000..7b49a42
--- /dev/null
+++ b/host/Rory-ovh/services/nginx/rory.gay/cgit.nix
@@ -0,0 +1,14 @@
+{ config }:
+{
+ enableACME = !config.virtualisation.isVmVariant;
+ addSSL = !config.virtualisation.isVmVariant;
+ root = "/data/git";
+ extraConfig = ''
+ autoindex on;
+ more_set_headers 'Access-Control-Allow-Origin: *';
+ more_set_headers 'Access-Control-Allow-Methods: GET, POST, OPTIONS';
+ more_set_headers 'Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
+ more_set_headers 'Access-Control-Expose-Headers: Content-Length,Content-Range';
+ more_set_headers 'Access-Control-Allow-Credentials: true';
+ '';
+}
diff --git a/host/Rory-ovh/services/nginx/rory.gay/conduit.matrixunittests.nix b/host/Rory-ovh/services/nginx/rory.gay/conduit.matrixunittests.nix
new file mode 100755
index 0000000..231d5e3
--- /dev/null
+++ b/host/Rory-ovh/services/nginx/rory.gay/conduit.matrixunittests.nix
@@ -0,0 +1,16 @@
+{ config }:
+{
+ enableACME = !config.virtualisation.isVmVariant;
+ addSSL = !config.virtualisation.isVmVariant;
+ http3 = true;
+ http3_hq = true;
+ kTLS = true;
+ extraConfig = ''
+ brotli off;
+ '';
+ locations = {
+ "/" = {
+ proxyPass = "http://192.168.100.15:80";
+ };
+ };
+}
diff --git a/host/Rory-ovh/services/nginx/rory.gay/demo.safensound.nix b/host/Rory-ovh/services/nginx/rory.gay/demo.safensound.nix
new file mode 100755
index 0000000..f75c78b
--- /dev/null
+++ b/host/Rory-ovh/services/nginx/rory.gay/demo.safensound.nix
@@ -0,0 +1,30 @@
+{ config }:
+{
+ enableACME = !config.virtualisation.isVmVariant;
+ addSSL = !config.virtualisation.isVmVariant;
+# quic = true;
+ http3 = !config.virtualisation.isVmVariant;
+ http3_hq = !config.virtualisation.isVmVariant;
+ kTLS = !config.virtualisation.isVmVariant;
+ root = "/data/nginx/html_safensound_demo";
+# reuseport = true;
+ extraConfig = ''
+ brotli off;
+ brotli_static off;
+ '';
+ locations = {
+ "/" = {
+ index = "index.html";
+ extraConfig = ''
+ more_set_headers 'Access-Control-Allow-Origin: *';
+ more_set_headers 'Access-Control-Allow-Methods: *';
+ more_set_headers 'Access-Control-Allow-Headers: *';
+ more_set_headers 'Access-Control-Expose-Headers: *';
+ more_set_headers 'Access-Control-Max-Age' 1728000;
+
+ # default to /index.html if file not found
+ try_files $uri $uri/ /index.html;
+ '';
+ };
+ };
+}
diff --git a/host/Rory-ovh/services/nginx/rory.gay/ec.nix b/host/Rory-ovh/services/nginx/rory.gay/ec.nix
new file mode 100755
index 0000000..c50b1f9
--- /dev/null
+++ b/host/Rory-ovh/services/nginx/rory.gay/ec.nix
@@ -0,0 +1,26 @@
+{ config }:
+{
+ enableACME = !config.virtualisation.isVmVariant;
+ addSSL = !config.virtualisation.isVmVariant;
+ root = "/data/nginx/html_ec";
+ reuseport = true;
+ extraConfig = ''
+ brotli off;
+ brotli_static off;
+ '';
+ locations = {
+ "/" = {
+ index = "index.html";
+ extraConfig = ''
+ more_set_headers 'Access-Control-Allow-Origin: *';
+ more_set_headers 'Access-Control-Allow-Methods: *';
+ more_set_headers 'Access-Control-Allow-Headers: *';
+ more_set_headers 'Access-Control-Expose-Headers: *';
+ more_set_headers 'Access-Control-Max-Age' 1728000;
+
+ # default to /index.html if file not found
+ try_files $uri $uri/ /index.html;
+ '';
+ };
+ };
+}
diff --git a/host/Rory-ovh/services/nginx/rory.gay/jitsi.nix b/host/Rory-ovh/services/nginx/rory.gay/jitsi.nix
new file mode 100755
index 0000000..9469087
--- /dev/null
+++ b/host/Rory-ovh/services/nginx/rory.gay/jitsi.nix
@@ -0,0 +1,51 @@
+{
+ config,
+ pkgs,
+ lib,
+ ...
+}:
+
+let
+ overrideJs =
+ filePath: varName: newContent: appendExtra:
+ let
+ oldContent = builtins.readFile filePath;
+ regex = "var ${varName} = {[^}]*};";
+ newJs = builtins.replaceStrings [ regex ] [ "var ${varName} = ${newContent};" ] oldContent;
+ in
+ builtins.writeFile filePath newJs;
+
+ cfg = config.services.jitsi-meet;
+in
+{
+ enableACME = true;
+ addSSL = true;
+ extraConfig = ''
+ ssi on;
+ '';
+ locations."@root_path".extraConfig = ''
+ rewrite ^/(.*)$ / break;
+ '';
+ locations."~ ^/([^/\\?&:'\"]+)$".tryFiles = "$uri @root_path";
+ locations."^~ /xmpp-websocket" = {
+ priority = 100;
+ proxyPass = "http://localhost:5280/xmpp-websocket";
+ proxyWebsockets = true;
+ };
+ locations."=/http-bind" = {
+ proxyPass = "http://localhost:5280/http-bind";
+ extraConfig = ''
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header Host $host;
+ '';
+ };
+ locations."=/external_api.js" = lib.mkDefault {
+ alias = "${pkgs.jitsi-meet}/libs/external_api.min.js";
+ };
+ locations."=/config.js" = lib.mkDefault {
+ alias = overrideJs "${pkgs.jitsi-meet}/config.js" "config" (lib.recursiveUpdate defaultCfg cfg.config) cfg.extraConfig;
+ };
+ locations."=/interface_config.js" = lib.mkDefault {
+ alias = overrideJs "${pkgs.jitsi-meet}/interface_config.js" "interfaceConfig" cfg.interfaceConfig "";
+ };
+}
diff --git a/host/Rory-ovh/services/nginx/rory.gay/libmatrix-fed-test.nix b/host/Rory-ovh/services/nginx/rory.gay/libmatrix-fed-test.nix
new file mode 100755
index 0000000..c2909d6
--- /dev/null
+++ b/host/Rory-ovh/services/nginx/rory.gay/libmatrix-fed-test.nix
@@ -0,0 +1,26 @@
+{ config }:
+{
+ enableACME = !config.virtualisation.isVmVariant;
+ addSSL = !config.virtualisation.isVmVariant;
+ locations."/" = {
+ #proxyPass = "http://127.0.0.1:9001";
+ proxyPass = "http://localhost:6500";
+ extraConfig = ''
+ if ($request_method = 'OPTIONS') {
+ more_set_headers 'Access-Control-Allow-Origin: *';
+ more_set_headers 'Access-Control-Allow-Methods: *';
+ #
+ # Custom headers and headers various browsers *should* be OK with but aren't
+ #
+ more_set_headers 'Access-Control-Allow-Headers: *, Authorization';
+ #
+ # Tell client that this pre-flight info is valid for 20 days
+ #
+ more_set_headers 'Access-Control-Max-Age: 1728000';
+ more_set_headers 'Content-Type: text/plain; charset=utf-8';
+ more_set_headers 'Content-Length: 0';
+ return 204;
+ }
+ '';
+ };
+}
diff --git a/host/Rory-ovh/services/nginx/rory.gay/matrix-bak.nix b/host/Rory-ovh/services/nginx/rory.gay/matrix-bak.nix
new file mode 100755
index 0000000..1af3669
--- /dev/null
+++ b/host/Rory-ovh/services/nginx/rory.gay/matrix-bak.nix
@@ -0,0 +1,26 @@
+{ config }:
+{
+ enableACME = !config.virtualisation.isVmVariant;
+ addSSL = !config.virtualisation.isVmVariant;
+ locations."/_matrix" = {
+ proxyPass = "http://192.168.1.5:8008";
+ extraConfig = ''
+ if ($request_method = 'OPTIONS') {
+ more_set_headers 'Access-Control-Allow-Origin: *';
+ more_set_headers 'Access-Control-Allow-Methods: *';
+ #
+ # Custom headers and headers various browsers *should* be OK with but aren't
+ #
+ more_set_headers 'Access-Control-Allow-Headers: *';
+ #
+ # Tell client that this pre-flight info is valid for 20 days
+ #
+ more_set_headers 'Access-Control-Max-Age: 1728000';
+ more_set_headers 'Content-Type: text/plain; charset=utf-8';
+ more_set_headers 'Content-Length: 0';
+ return 204;
+ }
+ '';
+ };
+ locations."/_synapse/client".proxyPass = "http://192.168.1.5:8008";
+}
diff --git a/host/Rory-ovh/services/nginx/rory.gay/matrix.nix b/host/Rory-ovh/services/nginx/rory.gay/matrix.nix
new file mode 100755
index 0000000..45a507f
--- /dev/null
+++ b/host/Rory-ovh/services/nginx/rory.gay/matrix.nix
@@ -0,0 +1,72 @@
+{ config }:
+{
+ enableACME = !config.virtualisation.isVmVariant;
+ addSSL = !config.virtualisation.isVmVariant;
+ locations."/" = {
+ #proxyPass = "http://127.0.0.1:9001";
+ proxyPass = "http://localhost:8008";
+ extraConfig = ''
+ if ($request_method = 'OPTIONS') {
+ more_set_headers 'Access-Control-Allow-Origin: *';
+ more_set_headers 'Access-Control-Allow-Methods: *';
+ #
+ # Custom headers and headers various browsers *should* be OK with but aren't
+ #
+ more_set_headers 'Access-Control-Allow-Headers: *, Authorization';
+ #
+ # Tell client that this pre-flight info is valid for 20 days
+ #
+ more_set_headers 'Access-Control-Max-Age: 1728000';
+ more_set_headers 'Content-Type: text/plain; charset=utf-8';
+ more_set_headers 'Content-Length: 0';
+ return 204;
+ }
+ '';
+ };
+
+ locations."= /.well-known/matrix/server".extraConfig = ''
+ more_set_headers 'Content-Type application/json';
+ more_set_headers 'Access-Control-Allow-Origin *';
+ return 200 '${builtins.toJSON { "m.server" = "matrix.rory.gay:443"; }}';
+ '';
+ locations."= /.well-known/matrix/client".extraConfig = ''
+ more_set_headers 'Content-Type application/json';
+ more_set_headers 'Access-Control-Allow-Origin *';
+ return 200 '${
+ builtins.toJSON {
+ "m.homeserver".base_url = "https://matrix.rory.gay";
+ "org.matrix.msc3575.proxy".url = "https://matrix.rory.gay";
+ }
+ }';
+ '';
+ locations."= /.well-known/matrix/support".extraConfig = ''
+ more_set_headers 'Content-Type application/json';
+ more_set_headers 'Access-Control-Allow-Origin *';
+ return 200 '${
+ builtins.toJSON {
+ admins = [
+ {
+ matrix_id = "@emma:rory.gay";
+ role = "admin";
+ }
+ {
+ matrix_id = "@alicia:rory.gay";
+ role = "admin";
+ }
+ {
+ matrix_id = "@root:rory.gay";
+ role = "admin";
+ }
+ {
+ matrix_id = "@rory:rory.gay";
+ role = "admin";
+ }
+ ];
+ }
+ }';
+ '';
+
+ locations."~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync)" = {
+ proxyPass = "http://localhost:8100";
+ };
+}
diff --git a/host/Rory-ovh/services/nginx/rory.gay/matrixunittests.nix b/host/Rory-ovh/services/nginx/rory.gay/matrixunittests.nix
new file mode 100755
index 0000000..f23f0dd
--- /dev/null
+++ b/host/Rory-ovh/services/nginx/rory.gay/matrixunittests.nix
@@ -0,0 +1,16 @@
+{ config }:
+{
+ enableACME = !config.virtualisation.isVmVariant;
+ addSSL = !config.virtualisation.isVmVariant;
+ http3 = !config.virtualisation.isVmVariant;
+ http3_hq = !config.virtualisation.isVmVariant;
+ kTLS = !config.virtualisation.isVmVariant;
+ extraConfig = ''
+ brotli off;
+ '';
+ locations = {
+ "/" = {
+ proxyPass = "http://192.168.100.13:80";
+ };
+ };
+}
diff --git a/host/Rory-ovh/services/nginx/rory.gay/mru.nix b/host/Rory-ovh/services/nginx/rory.gay/mru.nix
new file mode 100755
index 0000000..6e685de
--- /dev/null
+++ b/host/Rory-ovh/services/nginx/rory.gay/mru.nix
@@ -0,0 +1,30 @@
+{ config }:
+{
+ enableACME = !config.virtualisation.isVmVariant;
+ addSSL = !config.virtualisation.isVmVariant;
+# quic = true;
+ http3 = !config.virtualisation.isVmVariant;
+ http3_hq = !config.virtualisation.isVmVariant;
+ kTLS = !config.virtualisation.isVmVariant;
+ root = "/data/nginx/html_mru";
+# reuseport = true;
+ extraConfig = ''
+ brotli off;
+ brotli_static off;
+ '';
+ locations = {
+ "/" = {
+ index = "index.html";
+ extraConfig = ''
+ more_set_headers 'Access-Control-Allow-Origin: *';
+ more_set_headers 'Access-Control-Allow-Methods: *';
+ more_set_headers 'Access-Control-Allow-Headers: *';
+ more_set_headers 'Access-Control-Expose-Headers: *';
+ more_set_headers 'Access-Control-Max-Age' 1728000;
+
+ # default to /index.html if file not found
+ try_files $uri $uri/ /index.html;
+ '';
+ };
+ };
+}
diff --git a/host/Rory-ovh/services/nginx/rory.gay/pcpoc.nix b/host/Rory-ovh/services/nginx/rory.gay/pcpoc.nix
new file mode 100755
index 0000000..b62c5fe
--- /dev/null
+++ b/host/Rory-ovh/services/nginx/rory.gay/pcpoc.nix
@@ -0,0 +1,15 @@
+{
+ enableACME = true;
+ addSSL = true;
+ http3 = true;
+ http3_hq = true;
+ kTLS = true;
+ extraConfig = ''
+ brotli off;
+ '';
+ locations = {
+ "/" = {
+ proxyPass = "http://192.168.100.11:80";
+ };
+ };
+}
diff --git a/host/Rory-ovh/services/nginx/rory.gay/root.nix b/host/Rory-ovh/services/nginx/rory.gay/root.nix
new file mode 100755
index 0000000..a7720ec
--- /dev/null
+++ b/host/Rory-ovh/services/nginx/rory.gay/root.nix
@@ -0,0 +1,49 @@
+{ config }:
+{
+ enableACME = !config.virtualisation.isVmVariant;
+ addSSL = !config.virtualisation.isVmVariant;
+ root = "/data/nginx/html_rory_gay";
+ extraConfig = ''autoindex on;'';
+
+ locations."= /.well-known/matrix/server".extraConfig = ''
+ more_set_headers 'Content-Type application/json';
+ more_set_headers 'Access-Control-Allow-Origin *';
+ return 200 '${builtins.toJSON { "m.server" = "matrix.rory.gay:443"; }}';
+ '';
+ locations."= /.well-known/matrix/client".extraConfig = ''
+ more_set_headers 'Content-Type application/json';
+ more_set_headers 'Access-Control-Allow-Origin *';
+ return 200 '${
+ builtins.toJSON {
+ "m.homeserver".base_url = "https://matrix.rory.gay";
+ "org.matrix.msc3575.proxy".url = "https://matrix.rory.gay";
+ }
+ }';
+ '';
+ locations."= /.well-known/matrix/support".extraConfig = ''
+ more_set_headers 'Content-Type application/json';
+ more_set_headers 'Access-Control-Allow-Origin *';
+ return 200 '${
+ builtins.toJSON {
+ admins = [
+ {
+ matrix_id = "@emma:rory.gay";
+ role = "admin";
+ }
+ {
+ matrix_id = "@alicia:rory.gay";
+ role = "admin";
+ }
+ {
+ matrix_id = "@root:rory.gay";
+ role = "admin";
+ }
+ {
+ matrix_id = "@rory:rory.gay";
+ role = "admin";
+ }
+ ];
+ }
+ }';
+ '';
+}
diff --git a/host/Rory-ovh/services/nginx/rory.gay/safensound.nix b/host/Rory-ovh/services/nginx/rory.gay/safensound.nix
new file mode 100755
index 0000000..9208129
--- /dev/null
+++ b/host/Rory-ovh/services/nginx/rory.gay/safensound.nix
@@ -0,0 +1,30 @@
+{ config }:
+{
+ enableACME = !config.virtualisation.isVmVariant;
+ addSSL = !config.virtualisation.isVmVariant;
+# quic = true;
+ http3 = !config.virtualisation.isVmVariant;
+ http3_hq = !config.virtualisation.isVmVariant;
+ kTLS = !config.virtualisation.isVmVariant;
+ root = "/data/nginx/html_safensound";
+# reuseport = true;
+ extraConfig = ''
+ brotli off;
+ brotli_static off;
+ '';
+ locations = {
+ "/" = {
+ index = "index.html";
+ extraConfig = ''
+ more_set_headers 'Access-Control-Allow-Origin: *';
+ more_set_headers 'Access-Control-Allow-Methods: *';
+ more_set_headers 'Access-Control-Allow-Headers: *';
+ more_set_headers 'Access-Control-Expose-Headers: *';
+ more_set_headers 'Access-Control-Max-Age' 1728000;
+
+ # default to /index.html if file not found
+ try_files $uri $uri/ /index.html;
+ '';
+ };
+ };
+}
diff --git a/host/Rory-ovh/services/nginx/rory.gay/stream.nix b/host/Rory-ovh/services/nginx/rory.gay/stream.nix
new file mode 100755
index 0000000..caed22f
--- /dev/null
+++ b/host/Rory-ovh/services/nginx/rory.gay/stream.nix
@@ -0,0 +1,34 @@
+{ config }:
+{
+ enableACME = !config.virtualisation.isVmVariant;
+ addSSL = !config.virtualisation.isVmVariant;
+ locations = {
+ "/" = {
+ proxyPass = "http://localhost:1934";
+ proxyWebsockets = true;
+ recommendedProxySettings = true;
+ extraConfig = ''
+ proxy_ssl_verify off;
+# proxy_set_header Host youthapp.inuits.dev;
+ proxy_ssl_server_name on;
+
+ more_set_headers 'Access-Control-Allow-Origin: *';
+ more_set_headers 'Access-Control-Allow-Methods: *';
+ #
+ # Custom headers and headers various browsers *should* be OK with but aren't
+ #
+ more_set_headers 'Access-Control-Allow-Headers: *, Authorization';
+ #
+ # Tell client that this pre-flight info is valid for 20 days
+ #
+ more_set_headers 'Access-Control-Max-Age: 1728000';
+
+ if ($request_method = 'OPTIONS') {
+ more_set_headers 'Content-Type: text/plain; charset=utf-8';
+ more_set_headers 'Content-Length: 0';
+ return 204;
+ }
+ '';
+ };
+ };
+}
diff --git a/host/Rory-ovh/services/nginx/rory.gay/wad-api.nix b/host/Rory-ovh/services/nginx/rory.gay/wad-api.nix
new file mode 100755
index 0000000..ac07547
--- /dev/null
+++ b/host/Rory-ovh/services/nginx/rory.gay/wad-api.nix
@@ -0,0 +1,32 @@
+{
+ enableACME = !config.virtualisation.isVmVariant;
+ addSSL = true;
+ locations = {
+ "/" = {
+ proxyPass = "https://youthapp.inuits.dev";
+ recommendedProxySettings = false;
+ extraConfig = ''
+ proxy_ssl_verify off;
+ proxy_set_header Host youthapp.inuits.dev;
+ proxy_ssl_server_name on;
+
+ more_set_headers 'Access-Control-Allow-Origin: *';
+ more_set_headers 'Access-Control-Allow-Methods: *';
+ #
+ # Custom headers and headers various browsers *should* be OK with but aren't
+ #
+ more_set_headers 'Access-Control-Allow-Headers: *, Authorization';
+ #
+ # Tell client that this pre-flight info is valid for 20 days
+ #
+ more_set_headers 'Access-Control-Max-Age: 1728000';
+
+ if ($request_method = 'OPTIONS') {
+ more_set_headers 'Content-Type: text/plain; charset=utf-8';
+ more_set_headers 'Content-Length: 0';
+ return 204;
+ }
+ '';
+ };
+ };
+}
diff --git a/host/Rory-ovh/services/nginx/thearcanebrony.net/awooradio.nix b/host/Rory-ovh/services/nginx/thearcanebrony.net/awooradio.nix
new file mode 100755
index 0000000..c0ca8b0
--- /dev/null
+++ b/host/Rory-ovh/services/nginx/thearcanebrony.net/awooradio.nix
@@ -0,0 +1,13 @@
+{ config }:
+{
+ enableACME = !config.virtualisation.isVmVariant;
+ addSSL = true;
+ locations = {
+ "/" = {
+ extraConfig = ''
+ rewrite ^/api/(.*) /$1 break;
+ return 200 $request_uri;'';
+ proxyPass = "http://localhost:4998";
+ };
+ };
+}
diff --git a/host/Rory-ovh/services/nginx/thearcanebrony.net/root.nix b/host/Rory-ovh/services/nginx/thearcanebrony.net/root.nix
new file mode 100755
index 0000000..59cba43
--- /dev/null
+++ b/host/Rory-ovh/services/nginx/thearcanebrony.net/root.nix
@@ -0,0 +1,41 @@
+{ config }:
+{
+ enableACME = !config.virtualisation.isVmVariant;
+ addSSL = true;
+ root = "/data/nginx/html_thearcanebrony";
+ extraConfig = ''autoindex on;'';
+ locations = {
+ "/" = {
+ #index = "index.html";
+ };
+ "/destroy" = {
+ return = "301 https://gitlab.com/KinoshitaProductions/SecureDestroyer/-/raw/master/run";
+ };
+ "= /.well-known/matrix/support".extraConfig = ''
+ more_set_headers 'Content-Type application/json';
+ more_set_headers 'Access-Control-Allow-Origin *';
+ return 200 '${
+ builtins.toJSON {
+ admins = [
+ {
+ matrix_id = "@emma:rory.gay";
+ role = "admin";
+ }
+ {
+ matrix_id = "@alicia:rory.gay";
+ role = "admin";
+ }
+ {
+ matrix_id = "@root:rory.gay";
+ role = "admin";
+ }
+ {
+ matrix_id = "@rory:rory.gay";
+ role = "admin";
+ }
+ ];
+ }
+ }';
+ '';
+ };
+}
diff --git a/host/Rory-ovh/services/nginx/thearcanebrony.net/search.nix b/host/Rory-ovh/services/nginx/thearcanebrony.net/search.nix
new file mode 100755
index 0000000..cfb4e1c
--- /dev/null
+++ b/host/Rory-ovh/services/nginx/thearcanebrony.net/search.nix
@@ -0,0 +1,10 @@
+{ config }:
+{
+ enableACME = !config.virtualisation.isVmVariant;
+ addSSL = true;
+ locations = {
+ "/" = {
+ extraConfig = ''rewrite ^ https://thearcanebrony.net/unavailable.html break;'';
+ };
+ };
+}
diff --git a/host/Rory-ovh/services/nginx/thearcanebrony.net/sentry.nix b/host/Rory-ovh/services/nginx/thearcanebrony.net/sentry.nix
new file mode 100755
index 0000000..8cd0826
--- /dev/null
+++ b/host/Rory-ovh/services/nginx/thearcanebrony.net/sentry.nix
@@ -0,0 +1,10 @@
+{ config }:
+{
+ enableACME = !config.virtualisation.isVmVariant;
+ addSSL = true;
+ locations = {
+ "/" = {
+ proxyPass = "http://192.168.1.4:9000";
+ };
+ };
+}
diff --git a/host/Rory-ovh/services/postgres.nix b/host/Rory-ovh/services/postgres.nix
new file mode 100755
index 0000000..10d1cb7
--- /dev/null
+++ b/host/Rory-ovh/services/postgres.nix
@@ -0,0 +1,99 @@
+{ config, pkgs, ... }:
+
+{
+ systemd.tmpfiles.rules = [ "d /data/dedicated/postgres 0750 postgres postgres" ];
+
+ services.postgresql = {
+ enable = true;
+ package = pkgs.postgresql_17_jit;
+ enableTCPIP = true;
+ authentication = pkgs.lib.mkOverride 10 ''
+ # TYPE, DATABASE, USER, ADDRESS, METHOD
+ local all all trust
+ host all all 127.0.0.1/32 trust
+ host all all ::1/128 trust
+ host discordbots discordbots 192.168.1.2/32 trust
+ host matrix-synapse-rory-gay matrix-synapse-rory-gay 192.168.1.5/32 trust
+ host all all 0.0.0.0/0 md5
+ '';
+ # initialScript = pkgs.writeText "backend-initScript" ''
+ # CREATE ROLE nixcloud WITH LOGIN PASSWORD 'nixcloud' CREATEDB;
+ # CREATE DATABASE nixcloud;
+ # GRANT ALL PRIVILEGES ON DATABASE nixcloud TO nixcloud;
+ # '';
+ dataDir = "/data/dedicated/postgres";
+ settings = {
+ # https://pgconfigurator.cybertec.at/
+ max_connections = 2500;
+ superuser_reserved_connections = 3;
+
+ shared_buffers = if config.virtualisation.isVmVariant then "128MB" else "64GB";
+ work_mem = if config.virtualisation.isVmVariant then "64MB" else "32GB";
+ maintenance_work_mem = if config.virtualisation.isVmVariant then "512MB" else "8GB";
+ huge_pages = "try";
+ effective_cache_size = if config.virtualisation.isVmVariant then "1GB" else "64GB"; # was 22
+ effective_io_concurrency = 100;
+ random_page_cost = 1.1;
+
+ # can use this to view stats: SELECT query, total_time, calls, rows FROM pg_stat_statements ORDER BY total_time DESC LIMIT 10;
+ shared_preload_libraries = "pg_stat_statements";
+ track_io_timing = "on";
+ track_functions = "pl";
+ "pg_stat_statements.max" = "10000"; # additional
+ "pg_stat_statements.track" = "all"; # additional
+
+ wal_level = "replica";
+ max_wal_senders = 0;
+ synchronous_commit = "on"; # was ond3
+
+ checkpoint_timeout = "15min";
+ checkpoint_completion_target = "0.9";
+ max_wal_size = "2GB";
+ min_wal_size = "1GB";
+
+ wal_compression = "off";
+ wal_buffers = "-1";
+ wal_writer_delay = "500ms"; # was 100
+ wal_writer_flush_after = "32MB"; # was 1
+ #checkpoint_segments = "64"; # additional
+ default_statistics_target = "250"; # additional
+
+ bgwriter_delay = "200ms";
+ bgwriter_lru_maxpages = "100";
+ bgwriter_lru_multiplier = "2.0";
+ bgwriter_flush_after = "0";
+
+ max_worker_processes = "64"; # was 14
+ max_parallel_workers_per_gather = "32"; # was 7
+ max_parallel_maintenance_workers = "32"; # was 7
+ max_parallel_workers = "64"; # was 14
+ parallel_leader_participation = "on";
+
+ enable_partitionwise_join = "on";
+ enable_partitionwise_aggregate = "on";
+ jit = "on";
+ max_slot_wal_keep_size = "1GB";
+ track_wal_io_timing = "on";
+ maintenance_io_concurrency = "4";
+ wal_recycle = "on";
+
+ };
+ };
+
+ # services.prometheus.exporters.postgres = {
+ # enable = true;
+ # port = 9187;
+ # extraFlags = [
+ # "--collector.database_wraparound"
+ # "--collector.long_running_transactions"
+ # "--collector.postmaster"
+ # "--collector.process_idle"
+ # "--collector.stat_activity_autovacuum"
+ # "--collector.stat_statements"
+ # #"--collector.stat_wal_receiver" #we dont have WAL receivers
+ # "--collector.statio_user_indexes"
+ # "--collector.xlog_location"
+ # ];
+ # };
+
+}
diff --git a/host/Rory-ovh/services/prometheus.nix b/host/Rory-ovh/services/prometheus.nix
new file mode 100644
index 0000000..9409529
--- /dev/null
+++ b/host/Rory-ovh/services/prometheus.nix
@@ -0,0 +1,8 @@
+{ ... }:
+
+{
+ services.prometheus = {
+ enable = true;
+ port = 9001;
+ };
+}
diff --git a/host/Rory-ovh/services/safensound.nix b/host/Rory-ovh/services/safensound.nix
new file mode 100644
index 0000000..69f301a
--- /dev/null
+++ b/host/Rory-ovh/services/safensound.nix
@@ -0,0 +1,28 @@
+{
+ config,
+ pkgs,
+ lib,
+ ...
+}:
+
+{
+ services.mongodb = {
+ enable = true;
+ package = pkgs.mongodb-ce;
+ enableAuth = true;
+ initialRootPasswordFile = "/etc/mongo-pass";
+ #bind_ip = "/run/mongodb.sock";
+ extraConfig = ''
+ net.unixDomainSocket.filePermissions: 0777
+ '';
+ };
+
+ services.safensound = {
+ enable = true;
+ dbCredentialsPath = "/data/secrets/safensound-mongodb";
+ port = 7645;
+ logRequests = "-";
+ logQueries = true;
+ logAuth = true;
+ };
+}
diff --git a/host/Rory-ovh/services/wireguard/wireguard.nix b/host/Rory-ovh/services/wireguard/wireguard.nix
new file mode 100644
index 0000000..af69f66
--- /dev/null
+++ b/host/Rory-ovh/services/wireguard/wireguard.nix
@@ -0,0 +1,39 @@
+{ pkgs, ... }:
+{
+ networking.nat.internalInterfaces = [ "wg0" ];
+ networking.firewall = {
+ allowedUDPPorts = [ 51820 ];
+ };
+
+ systemd.network = {
+ enable = true;
+ netdevs = {
+ "50-wg0" = {
+ netdevConfig = {
+ Kind = "wireguard";
+ Name = "wg0";
+ MTUBytes = "1300";
+ };
+ wireguardConfig = {
+ PrivateKeyFile = "/data/secrets/wireguard-keys/private";
+ ListenPort = 51820;
+ RouteTable = "main"; # wg-quick creates routing entries automatically but we must use use this option in systemd.
+ };
+ wireguardPeers = [
+ {
+ PublicKey = "WLHEyWxEXRn/T0b9xk/8XJnuoCX0fXxWKHUjZ+AORGQ=";
+ AllowedIPs = [ "10.100.0.2" ];
+ }
+ ];
+ };
+ };
+ networks.wg0 = {
+ matchConfig.Name = "wg0";
+ address = [ "10.100.0.1/24" ];
+ networkConfig = {
+ IPMasquerade = "ipv4";
+ IPv4Forwarding = true;
+ };
+ };
+ };
+}
diff --git a/host/Rory-portable/configuration.nix b/host/Rory-portable/configuration.nix
index 0c4fd6d..1982205 100644
--- a/host/Rory-portable/configuration.nix
+++ b/host/Rory-portable/configuration.nix
@@ -9,7 +9,8 @@
{
imports = [
../../modules/base-client.nix
- ../../modules/packages/vim.nix
+ ../../packages/vim.nix
+ ./optional/gui/wayland.nix
];
boot = {
@@ -26,19 +27,6 @@
#readOnlyNixStore = false;
};
- services.udev.extraRules = ''
- #SUBSYSTEM=="usb", ATTR{idVendor}=="18d1", MODE="0664", GROUP="users"
- # SDP protocol
- KERNEL=="hidraw*", ATTRS{idVendor}=="1fc9", MODE="0666"
- ACTION=="add", SUBSYSTEM=="usb", ATTR{idVendor}=="1fc9", MODE="0666"
- ACTION=="add", SUBSYSTEM=="usb", ATTR{idVendor}=="0d28", MODE="0666"
- # Flashloader
- KERNEL=="hidraw*", ATTRS{idVendor}=="15a2", MODE="0666"
- # Controller
- KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="18d1", MODE="0666"
- SUBSYSTEMS=="usb", ATTRS{idVendor}=="18d1", ATTRS{idProduct}=="9400", MODE="0660", TAG+="uaccess"
- '';
-
#systemd.services.NetworkManager-wait-online.enable = false;
networking = {
@@ -51,7 +39,7 @@
# allowedUDPPorts = [ ... ];
};
- #interfaces.enp34s0.ipv4.addresses = [ {
+ #interfaces.enp34s0.ipv4.addresses = [ {
# address = "192.168.0.3";
# prefixLength = 24;
#} ];
@@ -74,23 +62,9 @@
xserver = {
enable = true;
updateDbusEnvironment = true;
- #videoDrivers = ["amdgpu"]; #"nvidia"
- #desktopManager.gnome.enable = true;
xkb.layout = "us";
- windowManager.i3.enable = true;
- windowManager.i3.extraSessionCommands = ''
- # output from arandr:
- #xrandr --output DP-1 --mode 1920x1080 --pos 3840x1080 --rotate normal --output HDMI-1 --mode 3840x2160 --pos 0x0 --rotate normal --output HDMI-2 --off --output DP-2 --off
- #xrandr --output HDMI-1 --mode 3840x2160 --pos 0x0 --rotate normal --primary --output DP-1 --mode 1920x1080 --pos 3840x1080 --rotate normal --output HDMI-2 --off --output DP-2 --off
- ${pkgs.polybarFull}/bin/polybar &
- ${pkgs.dunst}/bin/dunst &
- ${pkgs.feh}/bin/feh --no-fehbg --bg-fill ${../../modules/users/Rory/wallpaper.webp}
- '';
};
libinput.enable = true;
- picom.enable = true;
- picom.vSync = false;
- picom.backend = "glx";
openssh = {
enable = true;
@@ -116,32 +90,32 @@
feh
easyeffects
kitty
- youtube-music
+ #youtube-music
# - IDEs
#jetbrains-toolbox
- jetbrains.rider
+ #jetbrains.rider
#jetbrains.webstorm
#jetbrains.clion
- github-copilot-intellij-agent
+ #github-copilot-intellij-agent
- dbeaver-bin
+ #dbeaver-bin
#insomnia
- vscode
+ #vscode
# - Utilities
- inkscape-with-extensions
- gimp # -with-plugins
+ #inkscape-with-extensions
+ #gimp # -with-plugins
# - Languages
#dotnet-sdk_7
- dotnet-sdk_8
- #(callPackage ../../modules/packages/dotnet-pack.nix { inherit pkgs; })
+ #dotnet-sdk_8
+ #(callPackage ../../packages/dotnet-pack.nix { inherit pkgs; })
#games
- osu-lazer-bin
+ #osu-lazer-bin
#steam
- steam-run
+ #steam-run
# extra packages
dmenu
@@ -149,19 +123,17 @@
nemo
file-roller
firefox-bin
- ungoogled-chromium # needed for Rider in order to debug WASM
-
- peek
+ #ungoogled-chromium # needed for Rider in order to debug WASM
unrar-wrapper
#(schildichat-desktop.override { electron = electron; })
- (callPackage ../../modules/packages/nheko-git.nix {
+ (callPackage ../../packages/nheko-git.nix {
inherit nhekoSrc;
inherit mtxclientSrc;
voipSupport = false;
})
- #(callPackage ../../modules/packages/mc/server/modpack/curseforge/techopolis-2/5.4.nix { })
+ #(callPackage ../../packages/mc/server/modpack/curseforge/techopolis-2/5.4.nix { })
#vesktop
virt-viewer
@@ -170,8 +142,8 @@
# (dwarf-fortress-packages.dwarf-fortress-full.override { enableStoneSense = true; enableFPS = true; theme = dwarf-fortress-packages.themes.spacefox; })
];
- programs.steam.enable = true;
- programs.steam.gamescopeSession.enable = true;
+ #programs.steam.enable = true;
+ #programs.steam.gamescopeSession.enable = true;
#environment.gnome.excludePackages = [
# pkgs.orca
@@ -180,12 +152,11 @@
#];
xdg = {
portal = {
-
enable = true;
extraPortals = with pkgs; [
#xdg-desktop-portal-gtk
xdg-desktop-portal-xapp
- (callPackage ../../modules/packages/xdg-desktop-portal-gtk.nix { })
+ # (callPackage ../../packages/xdg-desktop-portal-gtk.nix { })
];
config = {
common = {
@@ -193,8 +164,6 @@
};
};
xdgOpenUsePortal = true;
- #gtkUsePortal = true;
-
};
#sounds.enable = true;
#mime.enable = true;
@@ -203,12 +172,16 @@
#autostart.enable = true;
};
fonts = {
- fonts = with pkgs; [
+ packages = with pkgs; [
(nerdfonts.override { fonts = [ "JetBrainsMono" ]; })
noto-fonts-monochrome-emoji
];
- fontconfig.defaultFonts.monospace = [ "JetBrainsMonoNL Nerd Font,JetBrainsMonoNL NF:style=Regular" ];
- fontconfig.defaultFonts.sansSerif = [ "JetBrainsMonoNL Nerd Font,JetBrainsMonoNL NF:style=Regular" ];
+ fontconfig.defaultFonts.monospace = [
+ "JetBrainsMonoNL Nerd Font,JetBrainsMonoNL NF:style=Regular"
+ ];
+ fontconfig.defaultFonts.sansSerif = [
+ "JetBrainsMonoNL Nerd Font,JetBrainsMonoNL NF:style=Regular"
+ ];
fontconfig.defaultFonts.serif = [ "JetBrainsMonoNL Nerd Font,JetBrainsMonoNL NF:style=Regular" ];
fontconfig.defaultFonts.emoji = [ "freefont" ];
enableDefaultPackages = lib.mkForce false;
@@ -229,8 +202,18 @@
#};
# };
- virtualisation.libvirtd.enable = true;
- programs.virt-manager.enable = true;
+ #virtualisation.libvirtd.enable = true;
+ #programs.virt-manager.enable = true;
system.stateVersion = "22.11"; # DO NOT EDIT!
+
+ nixpkgs = {
+ config = {
+ allowUnfree = true;
+ permittedInsecurePackages = [
+ "electron-25.9.0"
+ "olm-3.2.16"
+ ];
+ };
+ };
}
diff --git a/host/Rory-portable/optional/gui/wayland.nix b/host/Rory-portable/optional/gui/wayland.nix
new file mode 100644
index 0000000..eac6391
--- /dev/null
+++ b/host/Rory-portable/optional/gui/wayland.nix
@@ -0,0 +1,37 @@
+{
+ pkgs,
+ ...
+}:
+
+{
+ programs.sway = {
+ enable = true;
+
+ wrapperFeatures.gtk = true;
+ extraSessionCommands = ''
+ # -- Wayland fixes
+ # SDL:
+ export SDL_VIDEODRIVER=wayland
+ # QT (needs qt5.qtwayland in systemPackages):
+ export QT_QPA_PLATFORM=wayland-egl
+ export QT_WAYLAND_DISABLE_WINDOWDECORATION="1"
+ # Fix for some Java AWT applications (e.g. Android Studio),
+ # use this if they aren't displayed properly:
+ export _JAVA_AWT_WM_NONREPARENTING=1
+ '';
+
+ extraPackages = with pkgs; [
+ swaybg
+ #swayidle
+ #swaylock
+ waybar
+ wl-clipboard
+ grim
+ slurp
+ easyeffects
+ keepassxc
+ ];
+ };
+
+ xdg.portal.wlr.enable = true;
+}
diff --git a/host/Rory-wsl/configuration.nix b/host/Rory-wsl/configuration.nix
deleted file mode 100644
index b155058..0000000
--- a/host/Rory-wsl/configuration.nix
+++ /dev/null
@@ -1,105 +0,0 @@
-{
- lib,
- pkgs,
- nhekoSrc,
- mtxclientSrc,
- ...
-}:
-
-{
- imports = [
- ../../modules/base-client.nix
- # ../../modules/software-templates/profilers.nix
- # ../../modules/software-templates/dotnet.client.nix
- ];
- wsl = {
- enable = true;
- automountPath = "/mnt";
- #defaultUser = "nixos";
- defaultUser = "Rory";
- startMenuLaunchers = true;
-
- # Fix binfmt registration
- interop.register = true;
-
- # Enable native Docker support
- # docker-native.enable = true;
-
- # Enable integration with Docker Desktop (needs to be installed)
- # docker-desktop.enable = true;
-
- };
- networking.hostName = "Rory-wsl";
- users.users.Rory.uid = 1000;
-
- environment.systemPackages = with pkgs; [
- gnome-console
- feh
- easyeffects
- kitty
- # youtube-music
- nemo
- file-roller
-
- # - IDEs
- # jetbrains-toolbox
- # jetbrains.rider
- # github-copilot-intellij-agent
-
- # dbeaver
- # insomnia
- # vscode
- # discord
-
- # - Languages
- #dotnet-sdk_7
- #dotnet-sdk_8
- # (callPackage ../../modules/packages/dotnet-pack.nix { inherit pkgs; })
-
- # temurin-bin
- # obsidian
- # ungoogled-chromium #needed for Rider in order to debug WASM
- # peek
-
- unrar-wrapper
-
- #(schildichat-desktop.override { electron = electron; })
- (callPackage ../../modules/packages/nheko-git.nix {
- inherit nhekoSrc;
- inherit mtxclientSrc;
- })
- # steam-run
- ];
-
- programs.firefox = {
- enable = true;
- package = pkgs.firefox-devedition;
- #preferencesStatus = "default";
- wrapperConfig.speechSynthesisSupport = false;
- };
-
- fonts = {
- fonts = with pkgs; [
- (nerdfonts.override { fonts = [ "JetBrainsMono" ]; })
- noto-fonts-monochrome-emoji
- ];
- # fontconfig.defaultFonts.monospace = with pkgs; [
- # "JetBrainsMonoNL Nerd Font,JetBrainsMonoNL NF:style=Regular"
- # ];
- # fontconfig.defaultFonts.sansSerif = with pkgs; [
- # "JetBrainsMonoNL Nerd Font,JetBrainsMonoNL NF:style=Regular"
- # ];
- # fontconfig.defaultFonts.serif = with pkgs; [
- # "JetBrainsMonoNL Nerd Font,JetBrainsMonoNL NF:style=Regular"
- # ];
- fontconfig.defaultFonts.emoji = with pkgs; [ "freefont" ];
- enableDefaultPackages = lib.mkForce false;
- enableGhostscriptFonts = lib.mkForce false;
- };
-
- programs.dconf.enable = true;
-
- system.stateVersion = "23.05";
- nixpkgs.config.permittedInsecurePackages = [ "electron-25.9.0" ];
- home-manager.users.Rory.home.stateVersion = lib.mkForce "23.05";
-}
diff --git a/host/RoryNix/configuration.nix b/host/RoryNix/configuration.nix
index 5876d2f..891d3ad 100644
--- a/host/RoryNix/configuration.nix
+++ b/host/RoryNix/configuration.nix
@@ -8,9 +8,9 @@
{
imports = [
# ./hardware-configuration.nix
- ../../modules/packages/vim.nix
+ ../../packages/vim.nix
../../modules/environments/home.nix
- # ../../modules/packages/overlays/haskell/basement/IntWord64.nix
+ # ../../packages/overlays/haskell/basement/IntWord64.nix
];
boot = {
@@ -43,22 +43,23 @@
services = {
xserver = {
enable = true;
- videoDrivers = [ "intel" ];
+ #videoDrivers = [ "intel" ];
+ videoDrivers = [ "nouveau" ];
desktopManager.gnome.enable = true;
xkb.layout = "us";
- modules = [ pkgs.xorg.xf86videointel ];
+ #modules = [ pkgs.xorg.xf86videointel ];
};
#libinput.enable = true;
gnome = {
core-developer-tools.enable = false;
core-utilities.enable = false;
- tracker-miners.enable = false;
- tracker.enable = false;
+ localsearch.enable = false;
+ tinysparql.enable = false;
sushi.enable = false;
rygel.enable = false;
gnome-user-share.enable = false;
gnome-remote-desktop.enable = false;
- gnome-online-miners.enable = lib.mkForce false;
+ # gnome-online-miners.enable = lib.mkForce false; # removed
gnome-online-accounts.enable = false;
gnome-initial-setup.enable = false;
gnome-browser-connector.enable = false;
@@ -83,8 +84,8 @@
};
};
- sound.enable = true;
- hardware.pulseaudio.enable = false;
+ # sound.enable = true; # removed
+ services.pulseaudio.enable = false;
users.users = {
Rory = {
@@ -146,7 +147,7 @@
zsh-completions
];
- fonts.packages = with pkgs; [ (nerdfonts.override { fonts = [ "JetBrainsMono" ]; }) ];
+ fonts.packages = with pkgs; [ nerd-fonts.jetbrains-mono noto-fonts-monochrome-emoji ];
nix = {
settings = {
experimental-features = [
diff --git a/host/uISO/development.nix b/host/uISO/development.nix
new file mode 100644
index 0000000..90ffcfb
--- /dev/null
+++ b/host/uISO/development.nix
@@ -0,0 +1,51 @@
+{
+ config,
+ lib,
+ pkgs,
+
+ #params
+ #enableBios ? true,
+ #enableEfi ? true,
+ #enableUsb ? true,
+
+ ...
+}:
+
+#with lib;
+
+{
+ users.users.root.initialPassword = "root";
+ services.getty.autologinUser = "root";
+
+ isoImage = {
+ squashfsCompression = "gzip -Xcompression-level 1";
+ compressImage = false;
+ includeSystemBuildDependencies = false;
+ efiSplashImage = null;
+ #splashImage = null;
+ grubTheme = null;
+ };
+
+ boot = {
+ initrd = {
+ #systemd.enable = true;
+ systemd.emergencyAccess = true;
+ };
+ #consoleLogLevel = 1;
+ kernelParams = [
+ "console=ttyS0,115200"
+ "systemd.gpt_auto=0"
+ #"console=tty1"
+ #"quiet"
+ ];
+ };
+ environment.systemPackages = with pkgs; [
+ #xterm
+
+ (callPackage ./pkgs/resize.nix { })
+ #coreutils
+ htop
+ btop
+ neofetch
+ ];
+}
\ No newline at end of file
diff --git a/host/uISO/iso-root.nix b/host/uISO/iso-root.nix
new file mode 100644
index 0000000..6f02772
--- /dev/null
+++ b/host/uISO/iso-root.nix
@@ -0,0 +1,128 @@
+{
+ config,
+ lib,
+ pkgs,
+ nixpkgs,
+
+ #params
+ #enableBios ? true,
+ #enableEfi ? true,
+ #enableUsb ? true,
+
+ ...
+}:
+
+#with lib;
+
+{
+ imports = [
+ (nixpkgs + "/nixos/modules/installer/cd-dvd/iso-image.nix")
+ ];
+
+ fileSystems = lib.mkImageMediaOverride config.lib.isoFileSystems;# // {
+ # "/".device = lib.mkForce "/dev/disk/by-label/NIXOS_ISO";
+ # "/nix/.ro-store".device = lib.mkForce "/sysroot/iso/nix-store.squashfs";
+ #};
+
+ isoImage = {
+ isoName = "Spacebar-Selfhosting-Kit-${config.system.nixos.label}-${pkgs.stdenv.hostPlatform.system}.iso";
+
+ makeEfiBootable = false;
+ makeUsbBootable = false;
+ makeBiosBootable = true;
+ };
+
+
+ boot.supportedFilesystems = lib.mkForce [ ];
+ hardware.enableRedistributableFirmware = lib.mkForce false;
+ #environment.systemPackages = lib.mkForce [ ];
+ documentation.enable = lib.mkForce false;
+ documentation.nixos.enable = lib.mkForce false;
+ networking.wireless.enable = lib.mkForce false;
+
+ system.extraDependencies = lib.mkForce [];
+
+ boot = {
+ loader = {
+ grub.memtest86.enable = false;
+ #systemd-boot.enable = true;
+ grub.enable = false;
+ timeout = lib.mkForce 1;
+ };
+
+ #kernelPackages = pkgs.linuxPackages_latest;
+ systemdExecutable = "${pkgs.systemd}/bin/init";
+
+ enableContainers = lib.mkForce false;
+ };
+
+
+ #perlless profile
+ system.switch.enable = lib.mkForce false;
+
+ # Remove perl from activation
+ #system.etc.overlay.enable = lib.mkForce true;
+ #systemd.sysusers.enable = lib.mkForce true;
+
+ # Random perl remnants
+ programs.less.lessopen = lib.mkForce null;
+ programs.command-not-found.enable = lib.mkForce false;
+ environment.defaultPackages = lib.mkForce [ ];
+ documentation.info.enable = lib.mkForce false;
+ documentation.man.enable = false;
+
+ system = {
+ #activatable = false;
+ copySystemConfiguration = false;
+ includeBuildDependencies = false;
+ disableInstallerTools = lib.mkForce true;
+ build = {
+ separateActivationScript = true;
+ };
+ };
+
+ nix.enable = false;
+ networking.firewall.enable = false;
+ networking.networkmanager.enable = false;
+ systemd.coredump.enable = false;
+ services.timesyncd.enable = false;
+
+ services.nscd.enableNsncd = false;
+ networking.dhcpcd.enable = false;
+ services.udev.enable = false;
+ services.nscd.enable = false;
+ system.nssModules = lib.mkForce [];
+
+ systemd.oomd.enable = false;
+ #services.getty = {
+ # autologinUser = "root";
+ # loginProgram = "${pkgs.bash}/bin/bash";
+ # loginOptions = "--login";
+ #};
+
+ security = {
+ loginDefs = {
+ settings = {
+ ENCRYPT_METHOD = "MD5";
+ };
+ };
+ sudo.enable = false;
+ };
+
+ nixpkgs.overlays = [
+ (import ./overlays/systemd-overlay.nix)
+ (import ./overlays/grub-overlay.nix)
+ ];
+
+ services.lvm.enable = lib.mkForce false;
+ boot.initrd.services.lvm.enable = lib.mkForce false;
+ boot.initrd.systemd.suppressedUnits = [
+ "systemd-hibernate-clear.service"
+ ];
+
+ systemd.suppressedSystemUnits = [
+ "systemd-hibernate-clear.service"
+ "systemd-bootctl@.service"
+ "systemd-bootctl.socket"
+ ];
+}
\ No newline at end of file
diff --git a/host/uISO/overlays/grub-overlay.nix b/host/uISO/overlays/grub-overlay.nix
new file mode 100644
index 0000000..abbed8e
--- /dev/null
+++ b/host/uISO/overlays/grub-overlay.nix
@@ -0,0 +1,20 @@
+final: prev: {
+ grub2 = (prev.grub2.override {
+ zfsSupport = false;
+ efiSupport = false;
+ xenSupport = false;
+ }).overrideAttrs (oldAttrs: {
+ doCheck = false;
+ doInstallCheck = false;
+ #remove --enable-grub-mount
+ configureFlags = oldAttrs.configureFlags ++ [ "--disable-year2038 --disable-nls --disable-rpath --disable-dependency-tracking --disable-grub-mount --disable-grub-themes --disable-grub-mkfont" ];
+ # remove unnecessary commands
+ # postInstall = oldAttrs.postInstall + ''
+ # rm -rf $out/share/locale
+ # '';
+ });
+
+ grub2_light = final.grub2;
+ grub2_efi = final.grub2;
+ grub2_xen = final.grub2;
+}
diff --git a/host/uISO/overlays/systemd-overlay.nix b/host/uISO/overlays/systemd-overlay.nix
new file mode 100644
index 0000000..69a4d3f
--- /dev/null
+++ b/host/uISO/overlays/systemd-overlay.nix
@@ -0,0 +1,62 @@
+final: prev: {
+ systemd = prev.systemd.override {
+ #pname = "systemd-extra-minimal";
+ withSelinux = false;
+ withKexectools = false;
+ withLibseccomp = false;
+ withAcl = false;
+ withAudit = false;
+ withAnalyze = false;
+ withApparmor = false;
+ withBootloader = false;
+ withCompression = false;
+ withCoredump = false;
+ withCryptsetup = false;
+ withRepart = false;
+ withDocumentation = false;
+ withEfi = false;
+ withFido2 = false;
+ withHomed = false;
+ withHostnamed = false;
+ withHwdb = true; # required by nixos
+ withImportd = false;
+ withIptables = false;
+ withKmod = true; # required by nixos
+ withLibBPF = false;
+ withLibidn2 = false;
+ withLocaled = false;
+ withLogind = true; # required by nixos
+ withMachined = false;
+ withNetworkd = false;
+ withNss = false;
+ withOomd = false;
+ withPam = true; # required by nixos
+ withPCRE2 = false;
+ withPolkit = false;
+ withPortabled = false;
+ withQrencode = false;
+ withRemote = false;
+ withResolved = false;
+ withShellCompletions = false;
+ withSysusers = false;
+ withSysupdate = false;
+ withTimedated = false;
+ withTimesyncd = false;
+ withTpm2Tss = false;
+ withUkify = false;
+ withUserDb = false;
+ withUtmp = false;
+ withVmspawn = false;
+ withKernelInstall = false;
+ withTests = false;
+ withLogTrace = false;
+ };
+
+ systemd-minimal = final.systemd;
+
+ openssh = prev.openssh.overrideAttrs (oldAttrs: {
+ # Disable PAM support
+ doCheck = false;
+ doInstallCheck = false;
+ });
+}
diff --git a/host/uISO/pkgs/resize.nix b/host/uISO/pkgs/resize.nix
new file mode 100644
index 0000000..5dc3b77
--- /dev/null
+++ b/host/uISO/pkgs/resize.nix
@@ -0,0 +1,9 @@
+{ lib, pkgs, ... }:
+
+derivation {
+ name = "resize";
+ version = "1.0";
+ builder = "${pkgs.bash}/bin/bash";
+ args = [ "-c" "${pkgs.coreutils}/bin/mkdir -p $out/bin; ${pkgs.coreutils}/bin/cp ${pkgs.xterm}/bin/.resize-wrapped $out/bin/resize" ];
+ system = builtins.currentSystem;
+}
\ No newline at end of file
diff --git a/host/uISO/test.sh b/host/uISO/test.sh
new file mode 100755
index 0000000..9033b8c
--- /dev/null
+++ b/host/uISO/test.sh
@@ -0,0 +1,7 @@
+#!/usr/bin/env sh
+
+nom build .#nixosConfigurations.test-iso.config.system.build.isoImage --impure || exit 1
+clear
+du -sh result/iso/*.iso || exit 1
+sleep 2
+qemu-system-x86_64 -enable-kvm -m 256 -cdrom result/iso/*.iso -nographic -serial mon:stdio
\ No newline at end of file
diff --git a/lib/hooks/pre-commit b/lib/hooks/pre-commit
index e69de29..bcd164c 100755
--- a/lib/hooks/pre-commit
+++ b/lib/hooks/pre-commit
@@ -0,0 +1,23 @@
+#!/usr/bin/env sh
+
+# full paths from the repo root separated by newlines
+MUST_NOT_CHANGE='hardware-configuration.nix
+key2.json'
+
+if git rev-parse --verify HEAD >/dev/null 2>&1
+then
+ against=HEAD
+else
+ # Initial commit: diff against an empty tree object
+ against=4b825dc642cb6eb9a060e54bf8d69288fbee4904
+fi
+
+exec 1>&2
+
+if git diff --cached --name-only $against | grep --quiet --line-regexp --fixed-strings "$MUST_NOT_CHANGE"
+then
+ echo Commit would modify one or more files that must not change.
+ exit 1
+else
+ exit 0
+fi
\ No newline at end of file
diff --git a/lib/hooks/pre-receive b/lib/hooks/pre-receive
new file mode 100644
index 0000000..61a04dd
--- /dev/null
+++ b/lib/hooks/pre-receive
@@ -0,0 +1,24 @@
+#!/usr/bin/env sh
+
+# full paths from the repo root separated by newlines
+MUST_NOT_CHANGE='hardware-configuration.nix
+key2.json'
+
+z40=0000000000000000000000000000000000000000
+
+while read old_value new_value ref_name
+do
+ if [ "$old_value" = $z40 ]; then
+ # New branch: diff against an empty tree object
+ against=4b825dc642cb6eb9a060e54bf8d69288fbee4904
+ else
+ against=$old_value
+ fi
+
+ if git diff --name-only $against..$new_value |
+ grep --quiet --line-regexp --fixed-strings "$MUST_NOT_CHANGE"
+ then
+ echo "$ref_name" may commit key, rejected ... >&2
+ exit 1
+ fi
+done
\ No newline at end of file
diff --git a/mkiso.sh b/mkiso.sh
new file mode 100755
index 0000000..9815e13
--- /dev/null
+++ b/mkiso.sh
@@ -0,0 +1,17 @@
+#!/usr/bin/env nix-shell
+#!nix-shell -i bash -p git nixos-install-tools nix-output-monitor
+if [ $# -ne 1 ]; then
+ echo "Usage: $0 <config>"
+ echo "NOTE: hardware config will be generated from root!"
+ echo "Defined configs:"
+ cat flake.nix | grep '.lib.nixosSystem' | sed 's/ =.*//' | sed 's/^[ \t]*//;s/[ \t]*$//' | while read cfg; do echo " - $cfg"; done
+ exit 1
+fi
+
+CONFIG=$1
+
+DERIVATION=".#nixosConfigurations.${CONFIG}.config.system.build.isoImage"
+EXTRA_NIX_FLAGS="-L --accept-flake-config"
+EXTRA_NIXOS_REBUILD_FLAGS="--use-remote-sudo --offline --fast"
+
+nom build $DERIVATION $EXTRA_NIX_FLAGS || exit 1
diff --git a/modules/base-client.nix b/modules/base-client.nix
index 6537f92..2a5c8e5 100755
--- a/modules/base-client.nix
+++ b/modules/base-client.nix
@@ -31,19 +31,16 @@
sshfs
# - gui utils
- gnome-console
nemo
feh
udisks
gparted
arandr
- #discord-development
- discord
- gnome-screenshot
];
fonts.packages = with pkgs; [
- (nerdfonts.override { fonts = [ "JetBrainsMono" ]; })
+ #(nerdfonts.override { fonts = [ "JetBrainsMono" ]; })
+ nerd-fonts.jetbrains-mono
cozette
];
diff --git a/modules/base-server.nix b/modules/base-server.nix
index 7473513..ccf4a77 100755
--- a/modules/base-server.nix
+++ b/modules/base-server.nix
@@ -39,10 +39,10 @@
kernelPackages = pkgs.linuxPackages_latest;
loader = {
grub = {
- devices = [ "/dev/vda" ]; # nodev for EFI only
+ devices = lib.mkIf (config.fileSystems ? "/boot") [ "nodev" ];
# EFI
- efiSupport = false;
- efiInstallAsRemovable = false;
+ efiSupport = config.fileSystems ? "/boot" && config.fileSystems."/boot".fsType == "vfat";
+ efiInstallAsRemovable = config.fileSystems ? "/boot" && config.fileSystems."/boot".fsType == "vfat";
};
timeout = 1;
};
@@ -51,17 +51,14 @@
networking = {
hostName = lib.mkDefault "Rory-nix-base-server";
networkmanager.enable = false;
- useNetworkd = true;
wireless.enable = false;
enableIPv6 = false;
firewall = {
enable = false;
- # allowedTCPPorts = [ ... ];
- # allowedUDPPorts = [ ... ];
+ allowedTCPPorts = [ 22 ];
};
useDHCP = false;
- # nameservers = [ "1.1.1.1" "1.0.0.1" "8.8.8.8" "8.4.4.8" ];
nameservers = [
"10.10.0.4"
"10.10.0.5"
@@ -70,8 +67,7 @@
"8.8.8.8"
"8.4.4.8"
];
- resolvconf.enable = true;
- defaultGateway = "192.168.1.1";
+ defaultGateway = lib.mkDefault "192.168.1.1";
};
hardware.pulseaudio.enable = false;
@@ -81,51 +77,6 @@
hardware.enableRedistributableFirmware = false;
services = {
-# prometheus = {
-# exporters = {
-# node = {
-# enable = true;
-# port = 9100;
-# enabledCollectors = [
-# #"logind" #too slow
-# "systemd"
-# "processes"
-# "interrupts"
-# # Testing:
-# "buddyinfo"
-# "cgroups"
-# "ksmd"
-# "lnstat"
-# "mountstats"
-# "network_route"
-# #"perf" # requires sysctl change
-# "qdisc"
-# "sysctl"
-# "softirqs"
-# "tcpstat"
-# ];
-# disabledCollectors = [
-# "textfile"
-# "xfs"
-# "zfs"
-# "selinux"
-# "cpufreq"
-# "btrfs"
-# "powersupplyclass"
-# "mdadm"
-# "tapestats"
-# "fibrechannel"
-# "cpu_vulnerabilities"
-# "watchdog"
-# "thermal_zone"
-# "logind"
-# "nfs"
-# "nfsd"
-# "infiniband"
-# ];
-# };
-# };
-# };
promtail = {
enable = true;
configuration = {
diff --git a/modules/base.nix b/modules/base.nix
index 4cf2aff..44909aa 100755
--- a/modules/base.nix
+++ b/modules/base.nix
@@ -1,11 +1,19 @@
-{ pkgs, lib, ... }:
+{
+ pkgs,
+ lib,
+ config,
+ ...
+}:
{
imports = [
- ./packages/vim.nix
+ ./expose-vmvariant.nix
+ ../packages/vim.nix
./users/Rory.nix
./extra-substituters.nix
./monitoring/module.nix
+
+ # ../packages/overlays/openvpn.nix # Temporary: Fix a build failure
];
boot = {
@@ -57,28 +65,33 @@
hostName = lib.mkDefault "Rory-nix-base";
firewall = {
enable = false;
- # allowedTCPPorts = [ ... ];
- # allowedUDPPorts = [ ... ];
};
- nameservers = [
+ nameservers = lib.mkDefault [
"1.1.1.1"
"1.0.0.1"
"8.8.8.8"
"8.4.4.8"
];
};
- environment.etc."resolv.conf".text = ''
- nameserver 8.8.8.8
- nameserver 8.4.4.8
- nameserver 1.1.1.1
- nameserver 1.0.0.1
- '';
+
+ environment.etc."resolv.conf" = lib.mkDefault {
+ text = lib.concatStringsSep "\n" (
+ lib.optionals (config.networking ? nameservers) (map (nameserver: "nameserver ${nameserver}") (config.networking.nameservers))
+ #++ lib.optionals (config.networking ? enableIPv6 && !config.networking.enableIPv6) [ "options no-aaaa" ]
+ ++ lib.optionals (config.networking ? enableIPv6 && config.networking.enableIPv6) [
+ "options single-request"
+ "options single-request-reopen"
+ "options inet6"
+ ]
+ );
+ };
i18n.defaultLocale = "en_US.UTF-8";
services = {
openssh = {
enable = true;
+ settings.PermitRootLogin = "yes";
#allow more logins in cases where i have many ssh keys on a system
extraConfig = ''
MaxAuthTries 32
@@ -99,7 +112,7 @@
};
environment.systemPackages = with pkgs; [
- wget
+ #wget
neofetch
lnav
pciutils
@@ -110,17 +123,17 @@
btop
duf
kitty.terminfo
- tmux
+ #tmux
jq
yq
pv
dig
cloud-utils
nix-output-monitor
- expect
+ #expect
unrar-wrapper
- arch-install-scripts
- debootstrap
+ #arch-install-scripts
+ #debootstrap
file
unzip
brotli
@@ -157,5 +170,17 @@
polkit.enable = true;
sudo.wheelNeedsPassword = false;
};
-
+ virtualisation.vmVariant = {
+ services.getty.autologinUser = "root";
+ virtualisation = {
+ memorySize = 8192;
+ cores = 6;
+ msize = 1*1024*1024;
+ bios = pkgs.qboot;
+ };
+
+ monitoring.monitorAll = lib.mkForce false;
+ services.promtail.enable = lib.mkForce false;
+ networking.useDHCP = lib.mkOverride 51 true;
+ };
}
diff --git a/modules/environments/home.nix b/modules/environments/home.nix
index 3fbf14e..cf9f841 100755
--- a/modules/environments/home.nix
+++ b/modules/environments/home.nix
@@ -8,38 +8,40 @@
{
nix = {
distributedBuilds = true;
- #
- buildMachines = builtins.filter (machine: !builtins.any (ip: ip == machine.hostName) (builtins.map (iface: iface.ipv4.addresses) (builtins.attrValues config.networking.interfaces))) [
- {
- systems = [
- "x86_64-linux"
- "i686-linux"
+ #
+ buildMachines =
+ builtins.filter (machine: !builtins.any (ip: ip == machine.hostName) (builtins.map (iface: iface.ipv4.addresses) (builtins.attrValues config.networking.interfaces)))
+ [
+ {
+ systems = [
+ "x86_64-linux"
+ "i686-linux"
+ ];
+ hostName = "192.168.0.3";
+ sshUser = "Rory";
+ sshKey = "/home/Rory/.ssh/id_ed25519";
+ maxJobs = 6;
+ speedFactor = 43200;
+ }
+ {
+ systems = [
+ "x86_64-linux"
+ "i686-linux"
+ ];
+ hostName = "192.168.0.59";
+ sshUser = "Rory";
+ sshKey = "/home/Rory/.ssh/id_ed25519";
+ maxJobs = 2;
+ speedFactor = 16000;
+ }
];
- hostName = "192.168.0.3";
- sshUser = "Rory";
- sshKey = "/home/Rory/.ssh/id_ed25519";
- maxJobs = 6;
- speedFactor = 43200;
- }
- {
- systems = [
- "x86_64-linux"
- "i686-linux"
- ];
- hostName = "192.168.0.59";
- sshUser = "Rory";
- sshKey = "/home/Rory/.ssh/id_ed25519";
- maxJobs = 2;
- speedFactor = 16000;
- }
- ];
#ssh://Rory@192.168.0.3 x86_64-linux,i686-linux /home/Rory/.ssh/id_ed25519 12 1 - - -
registry.nixpkgs.flake = pkgs;
nixPath = [ "nixpkgs=flake:nixpkgs" ];
settings = {
builders-use-substitutes = true;
- #builders
+ #builders
trusted-substituters = [
"https://nix-community.cachix.org"
"https://cache.garnix.io"
diff --git a/modules/expose-vmvariant.nix b/modules/expose-vmvariant.nix
new file mode 100755
index 0000000..ab1bad0
--- /dev/null
+++ b/modules/expose-vmvariant.nix
@@ -0,0 +1,22 @@
+{
+ pkgs,
+ lib,
+ config,
+ ...
+}:
+
+{
+ options.virtualisation = {
+ isVmVariant = lib.mkOption {
+ default = false;
+ example = true;
+ description = "Whether this build is a VM build.";
+ type = lib.types.bool;
+ };
+ };
+ config = {
+ virtualisation.vmVariant = {
+ virtualisation.isVmVariant = true;
+ };
+ };
+}
diff --git a/modules/hardware/google-stadia-controller.nix b/modules/hardware/google-stadia-controller.nix
new file mode 100644
index 0000000..7b59e13
--- /dev/null
+++ b/modules/hardware/google-stadia-controller.nix
@@ -0,0 +1,24 @@
+{
+ lib,
+ config,
+ ...
+}:
+{
+ options.hardware.google-stadia-controller = {
+ enable = lib.mkEnableOption "Enable Google Stadia Controller support";
+ };
+ config = lib.mkIf config.hardware.google-stadia-controller.enable {
+ services.udev.extraRules = ''
+ #SUBSYSTEM=="usb", ATTR{idVendor}=="18d1", MODE="0664", GROUP="users"
+ # SDP protocol
+ KERNEL=="hidraw*", ATTRS{idVendor}=="1fc9", MODE="0666"
+ ACTION=="add", SUBSYSTEM=="usb", ATTR{idVendor}=="1fc9", MODE="0666"
+ ACTION=="add", SUBSYSTEM=="usb", ATTR{idVendor}=="0d28", MODE="0666"
+ # Flashloader
+ KERNEL=="hidraw*", ATTRS{idVendor}=="15a2", MODE="0666"
+ # Controller
+ KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="18d1", MODE="0666"
+ SUBSYSTEMS=="usb", ATTRS{idVendor}=="18d1", ATTRS{idProduct}=="9400", MODE="0660", TAG+="uaccess"
+ '';
+ };
+}
diff --git a/modules/monitoring/crutches/synapse.nix b/modules/monitoring/crutches/synapse.nix
index 3145d11..7028396 100644
--- a/modules/monitoring/crutches/synapse.nix
+++ b/modules/monitoring/crutches/synapse.nix
@@ -1,10 +1,10 @@
-{lib, ...}:
+{ lib, ... }:
{
options.monitoring.synapse = {
workerNames = lib.mkOption {
type = lib.types.listOf lib.types.str;
- default = [];
+ default = [ ];
description = "Synapse worker names";
};
};
diff --git a/modules/monitoring/module.nix b/modules/monitoring/module.nix
index 62ff1ea..f47c483 100644
--- a/modules/monitoring/module.nix
+++ b/modules/monitoring/module.nix
@@ -40,7 +40,13 @@ in
prometheus = lib.mkIf (cfg.localPrometheus) {
enable = true;
listenAddress = "127.0.0.1";
- extraFlags = [ "--storage.tsdb.wal-compression" ];
+ extraFlags = [
+ "--storage.tsdb.wal-compression"
+ "--query.max-concurrency 128"
+ "--rules.max-concurrent-evals 64"
+ "--storage.tsdb.retention.size 250GB"
+ "--enable-feature concurrent-rule-eval"
+ ];
};
grafana = lib.mkIf (cfg.localGrafana) {
enable = true;
diff --git a/modules/monitoring/postgres.nix b/modules/monitoring/postgres.nix
index 25266fa..63f536b 100644
--- a/modules/monitoring/postgres.nix
+++ b/modules/monitoring/postgres.nix
@@ -23,7 +23,9 @@ in
{
job_name = "postgres";
scrape_interval = "${toString cfg.prometheusScrapeInterval}s";
- static_configs = [ { targets = [ "localhost:${toString config.services.prometheus.exporters.postgres.port}" ]; } ];
+ static_configs = [
+ { targets = [ "localhost:${toString config.services.prometheus.exporters.postgres.port}" ]; }
+ ];
}
];
diff --git a/modules/monitoring/synapse.nix b/modules/monitoring/synapse.nix
index a000698..ccc4ae2 100644
--- a/modules/monitoring/synapse.nix
+++ b/modules/monitoring/synapse.nix
@@ -42,7 +42,7 @@ in
[
{
job_name = "synapse-main";
- scrape_interval = "${toString cfg.prometheusScrapeInterval}s";
+ scrape_interval = "5s";
static_configs = [
{
targets = [ "localhost:9200" ];
@@ -55,7 +55,7 @@ in
++ lib.flatten (
lib.imap (index: workerName: {
job_name = "synapse-${workerName}";
- scrape_interval = "${toString cfg.prometheusScrapeInterval}s";
+ scrape_interval = "5s";
static_configs = [
{
targets = [ "localhost:${toString (9200 + index + 1)}" ];
@@ -75,8 +75,8 @@ in
type = "file";
options = {
path = builtins.fetchurl {
- url = "https://raw.githubusercontent.com/element-hq/synapse/master/contrib/grafana/synapse.json";
- sha256 = "07qlr0waw9phmyd38bv22bn5v303w3397b89l44l3lzwhpnhs16s";
+ url = "https://raw.githubusercontent.com/element-hq/synapse/develop/contrib/grafana/synapse.json";
+ sha256 = "16fl81sx1by0wldw4vda0zr1pvbq1dpih1fikzwlvmk63mpc80kb";
};
};
}
diff --git a/modules/monitoring/system.nix b/modules/monitoring/system.nix
index 171a7af..7e2634b 100644
--- a/modules/monitoring/system.nix
+++ b/modules/monitoring/system.nix
@@ -49,8 +49,10 @@ in
services.prometheus.scrapeConfigs = [
{
job_name = "node";
- scrape_interval = "${toString cfg.prometheusScrapeInterval}s";
- static_configs = [ { targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ]; } ];
+ scrape_interval = "5s";
+ static_configs = [
+ { targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ]; }
+ ];
}
];
diff --git a/modules/software-templates/dotnet.client.nix b/modules/software-templates/dotnet.client.nix
index fa0082b..f855aa3 100644
--- a/modules/software-templates/dotnet.client.nix
+++ b/modules/software-templates/dotnet.client.nix
@@ -1,9 +1,26 @@
-{ pkgs, ... }:
+{
+ config,
+ pkgs,
+ nixpkgs-stable,
+ ...
+}:
+let
+ # We have to specify config to set allowUnfree, as nixpkgs-stable.legacyPackages doesn't pass through config.
+ # See: https://slab.midna.dev/public/posts/where-does-pkgs-come-from-xw6epo0t
+ stablePkgs = import nixpkgs-stable {
+ config = config.nixpkgs.config;
+ system = pkgs.stdenv.hostPlatform.system;
+ };
+in
{
#imports = [ ./dotnet.nix ];
environment.systemPackages = with pkgs; [
#`jetbrains.rider
- (jetbrains.plugins.addPlugins jetbrains.rider [ "github-copilot" ])
+ (jetbrains.plugins.addPlugins jetbrains.rider [
+ jetbrains.plugins.github-copilot-fixed
+ #"github-copilot"
+ "nixidea"
+ ])
];
}
diff --git a/modules/software-templates/dotnet.nix b/modules/software-templates/dotnet.nix
index edbcca3..4ab30d5 100644
--- a/modules/software-templates/dotnet.nix
+++ b/modules/software-templates/dotnet.nix
@@ -1,7 +1,9 @@
{ pkgs, ... }:
{
- environment.systemPackages = with pkgs; [ (callPackage ../packages/dotnet-pack.nix { inherit pkgs; }) ];
+ environment.systemPackages = with pkgs; [
+ (callPackage ../packages/dotnet-pack.nix { inherit pkgs; })
+ ];
environment.sessionVariables = {
DOTNET_CLI_TELEMETRY_OPTOUT = "1";
DOTNET_ROOT = "${(pkgs.callPackage ../packages/dotnet-pack.nix { inherit pkgs; })}";
diff --git a/modules/software-templates/firefox-policy.nix b/modules/software-templates/firefox-policy.nix
index 83d0a47..b8155fd 100644
--- a/modules/software-templates/firefox-policy.nix
+++ b/modules/software-templates/firefox-policy.nix
@@ -36,7 +36,9 @@
Enabled = false;
};
Extensions = {
- Install = [ "https://github.com/gorhill/uBlock/releases/download/1.52.2/uBlock0_1.52.2.firefox.signed.xpi" ];
+ Install = [
+ "https://github.com/gorhill/uBlock/releases/download/1.52.2/uBlock0_1.52.2.firefox.signed.xpi"
+ ];
};
ExtensionUpdate = false;
FirefoxHome = {
diff --git a/modules/software-templates/profilers.nix b/modules/software-templates/profilers.nix
index 4381193..c90f81e 100644
--- a/modules/software-templates/profilers.nix
+++ b/modules/software-templates/profilers.nix
@@ -1,9 +1,9 @@
-{ pkgs, ... }:
+{ pkgs, config, ... }:
{
environment.systemPackages = with pkgs; [
- kcachegrind
- linuxKernel.packages.linux_5_15.perf
+ kdePackages.kcachegrind
+ config.boot.kernelPackages.perf
hotspot
valgrind
];
diff --git a/modules/software-templates/spacebar-server-ts/module.nix b/modules/software-templates/spacebar-server-ts/module.nix
new file mode 100644
index 0000000..768b423
--- /dev/null
+++ b/modules/software-templates/spacebar-server-ts/module.nix
@@ -0,0 +1,11 @@
+{ lib, ... }:
+{
+ options.services.spacebar-server-ts = {
+ enable = lib.mkEnableOption "spacebar-server-ts";
+ package = lib.mkOption {
+ type = lib.types.package;
+ default = null;
+ description = "The package to use for the spacebar-server-ts service";
+ };
+ };
+}
diff --git a/modules/software-templates/steam.nix b/modules/software-templates/steam.nix
new file mode 100644
index 0000000..ac548a7
--- /dev/null
+++ b/modules/software-templates/steam.nix
@@ -0,0 +1,15 @@
+{ pkgs, ... }: {
+ programs.steam = {
+ enable = true;
+ gamescopeSession.enable = true;
+ extraCompatPackages = with pkgs; [
+ steam-play-none
+ proton-ge-bin
+ ];
+ };
+
+ environment.systemPackages = with pkgs; [
+ steam-run
+ steam-acf
+ ];
+}
\ No newline at end of file
diff --git a/modules/software-templates/synapse-workers/generic.nix b/modules/software-templates/synapse-workers/generic.nix
new file mode 100644
index 0000000..7fa3967
--- /dev/null
+++ b/modules/software-templates/synapse-workers/generic.nix
@@ -0,0 +1,152 @@
+{
+ workerName,
+ tasks,
+ dbOverrides ? { },
+ count ? 1,
+}:
+{ config, lib, ... }:
+
+#let
+# dbGroup = "medium";
+# workerName = "account_data_stream_writer";
+# tasks = [ "stream_account_data" ];
+## workerRoutes = workerLib.workerRoutes.accountData;
+# count = 1;
+#in
+let
+ workerLib = import ./lib.nix;
+ cfg = config.services.matrix-synapse;
+ enabledResources = lib.attrNames workerRoutes;
+ workers = lib.range 0 count;
+ streamTypes =
+ [ ]
+ ++ lib.optional (lib.elem "stream_account_data" tasks) "account_data"
+ ++ lib.optional (lib.elem "stream_presence" tasks) "presence"
+ ++ lib.optional (lib.elem "stream_push_rules" tasks) "push_rules"
+ ++ lib.optional (lib.elem "stream_to_device" tasks) "to_device"
+ ++ lib.optional (lib.elem "stream_typing" tasks) "typing"
+ ++ lib.optional (lib.elem "stream_receipts" tasks) "receipts"
+ ++ lib.optional (lib.elem "stream_events" tasks) "events";
+
+ # recursive update list of attrs
+# recursiveMerge = list: lib.foldl (a: b: lib.recursiveUpdate a b) (lib.head list) (lib.tail list);
+# workerRoutes = recursiveMerge (lib.map (type: workerLib.workerRoutes.${type}) streamTypes);
+in
+{
+ config = lib.mkIf (cfg.accountDataStreamWriters > 0) {
+ monitoring.synapse.workerNames = if (count == 1) then [ workerName ] else lib.map (index: "${workerName}-${toString index}") workers;
+ services.matrix-synapse = {
+ settings = {
+ instance_map = lib.listToAttrs (
+ lib.map (index: {
+ name = "${workerName}-${toString index}";
+ value = {
+ path = "/run/matrix-synapse/${workerName}-${toString index}.sock";
+ };
+ }) workers
+ );
+
+ stream_writers = lib.listToAttrs (
+ lib.map (stream: {
+ name = stream;
+ value = lib.map (index: "${workerName}-${toString index}") workers;
+ }) streamTypes
+ );
+ };
+
+ workers = lib.listToAttrs (
+ lib.map (index: {
+ name = "${workerName}-${toString index}";
+ value = {
+ worker_app = "synapse.app.generic_worker";
+ worker_listeners =
+ [
+ {
+ type = "http";
+ path = "/run/matrix-synapse/${workerName}-${toString index}.sock";
+ resources = [
+ {
+ names = [ "replication" ];
+ compress = false;
+ }
+ ];
+ }
+ ]
+ ++ lib.map (type: {
+ type = "http";
+ path = "/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
+ mode = "666";
+ resources = [
+ {
+ names = [ type ];
+ compress = false;
+ }
+ ];
+ }) enabledResources;
+ database = lib.recursiveUpdate (lib.recursiveUpdate config.services.matrix-synapse.settings.database {
+ application_name = "matrix-synapse (${config.services.matrix-synapse.settings.server_name}) - ${if workerName == null then throw "synapse/db.nix: workerName unspecified" else workerName}";
+ }) dbOverrides;
+
+ #region Media
+ max_upload_size = lib.mkIf (lib.elem "media_repo" tasks) "512M";
+ max_avatar_size = lib.mkIf (lib.elem "media_repo" tasks) "512M";
+ max_image_pixels = lib.mkIf (lib.elem "media_repo" tasks) "250M";
+
+ max_pending_media_uploads = lib.mkIf (lib.elem "media_repo" tasks) 512;
+ dynamic_thumbnails = lib.mkIf (lib.elem "media_repo" tasks) true;
+
+ prevent_media_downloads_from = lib.mkIf (lib.elem "media_repo" tasks) [
+ # none, give me all the media
+ ];
+ enable_authenticated_media = lib.mkIf (lib.elem "media_repo" tasks) false;
+
+ url_preview_enabled = lib.mkIf (lib.elem "media_repo" tasks) true;
+ max_spider_size = lib.mkIf (lib.elem "media_repo" tasks) "50M";
+ #endregion
+ };
+ }) workers
+ );
+ };
+
+ services.nginx = {
+ upstreams = lib.listToAttrs (
+ lib.map (type: {
+ name = "${workerName}-${type}";
+ value = {
+ extraConfig = ''
+ keepalive 32;
+ least_conn;
+ '';
+ servers = lib.listToAttrs (
+ lib.map (index: {
+ name = "unix:/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
+ value = {
+ max_fails = 0;
+ fail_timeout = "0s";
+ };
+ }) workers
+ );
+ };
+ }) enabledResources
+ );
+
+ virtualHosts."${cfg.nginxVirtualHostName}".locations = lib.listToAttrs (
+ lib.flatten (
+ lib.forEach enabledResources (
+ type:
+ lib.map (route: {
+ name = route;
+ value = {
+ proxyPass = "http://${workerName}-${type}";
+ extraConfig = ''
+ proxy_http_version 1.1;
+ proxy_set_header Connection "";
+ '';
+ };
+ }) workerRoutes.${type}
+ )
+ )
+ );
+ };
+ };
+}
diff --git a/modules/software-templates/synapse-workers/generic/auth.nix b/modules/software-templates/synapse-workers/generic/auth.nix
new file mode 100644
index 0000000..47064be
--- /dev/null
+++ b/modules/software-templates/synapse-workers/generic/auth.nix
@@ -0,0 +1,113 @@
+{ config, lib, ... }:
+
+let
+ cfg = config.services.matrix-synapse;
+ workerLib = import ./lib.nix;
+ dbGroup = "solo";
+ workers = lib.range 0 (cfg.authWorkers - 1);
+ workerName = "auth";
+ tasks = [ ];
+ workerRoutes = workerLib.workerRoutes.auth;
+ enabledResources = lib.attrNames workerRoutes;
+in
+{
+ config = lib.mkIf (cfg.authWorkers > 0) {
+ monitoring.synapse.workerNames = lib.map (index: "${workerName}-${toString index}") workers;
+ services.matrix-synapse = {
+ settings = {
+ instance_map = lib.listToAttrs (
+ lib.map (index: {
+ name = "${workerName}-${toString index}";
+ value = {
+ path = "/run/matrix-synapse/${workerName}-${toString index}.sock";
+ };
+ }) workers
+ );
+
+ media_instance_running_background_jobs = lib.mkIf (lib.elem "media_repo_background" tasks) "${workerName}";
+ enable_media_repo = lib.mkIf (lib.elem "media_repo" tasks) false;
+ };
+
+ workers = lib.listToAttrs (
+ lib.map (index: {
+ name = "${workerName}-${toString index}";
+ value = {
+ worker_app = "synapse.app.generic_worker";
+ worker_listeners =
+ [
+ {
+ type = "http";
+ path = "/run/matrix-synapse/${workerName}-${toString index}.sock";
+ resources = [
+ {
+ names = [ "replication" ];
+ compress = false;
+ }
+ ];
+ }
+ ]
+ ++ lib.map (type: {
+ type = "http";
+ path = "/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
+ mode = "666";
+ resources = [
+ {
+ names = [ type ];
+ compress = false;
+ }
+ ];
+ }) enabledResources;
+ database = (
+ import ../db.nix {
+ inherit dbGroup;
+ workerName = "${workerName}-${toString index}";
+ }
+ );
+ };
+ }) workers
+ );
+ };
+
+ services.nginx = {
+ upstreams = lib.listToAttrs (
+ lib.map (type: {
+ name = "${workerName}-${type}";
+ value = {
+ extraConfig = ''
+ keepalive 32;
+ least_conn;
+ '';
+ servers = lib.listToAttrs (
+ lib.map (index: {
+ name = "unix:/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
+ value = {
+ max_fails = 0;
+ fail_timeout = "0s";
+ };
+ }) workers
+ );
+ };
+ }) enabledResources
+ );
+
+ virtualHosts."${cfg.nginxVirtualHostName}".locations = lib.listToAttrs (
+ lib.flatten (
+ lib.forEach enabledResources (
+ type:
+ lib.map (route: {
+ name = route;
+ value = {
+ proxyPass = "http://${workerName}-${type}";
+ extraConfig = ''
+ client_max_body_size 512M;
+ proxy_http_version 1.1;
+ proxy_set_header Connection "";
+ '';
+ };
+ }) workerRoutes.${type}
+ )
+ )
+ );
+ };
+ };
+}
diff --git a/modules/software-templates/synapse-workers/generic/client-reader.nix b/modules/software-templates/synapse-workers/generic/client-reader.nix
new file mode 100644
index 0000000..9072988
--- /dev/null
+++ b/modules/software-templates/synapse-workers/generic/client-reader.nix
@@ -0,0 +1,113 @@
+{ config, lib, ... }:
+
+let
+ cfg = config.services.matrix-synapse;
+ workerLib = import ./lib.nix;
+ dbGroup = "medium";
+ workers = lib.range 0 (cfg.clientReaders - 1);
+ workerName = "client_reader";
+ tasks = [ ];
+ workerRoutes = workerLib.workerRoutes.clientReader;
+ enabledResources = lib.attrNames workerRoutes;
+in
+{
+ config = lib.mkIf (cfg.clientReaders > 0) {
+ monitoring.synapse.workerNames = lib.map (index: "${workerName}-${toString index}") workers;
+ services.matrix-synapse = {
+ settings = {
+ instance_map = lib.listToAttrs (
+ lib.map (index: {
+ name = "${workerName}-${toString index}";
+ value = {
+ path = "/run/matrix-synapse/${workerName}-${toString index}.sock";
+ };
+ }) workers
+ );
+
+ media_instance_running_background_jobs = lib.mkIf (lib.elem "media_repo_background" tasks) "${workerName}";
+ enable_media_repo = lib.mkIf (lib.elem "media_repo" tasks) false;
+ };
+
+ workers = lib.listToAttrs (
+ lib.map (index: {
+ name = "${workerName}-${toString index}";
+ value = {
+ worker_app = "synapse.app.generic_worker";
+ worker_listeners =
+ [
+ {
+ type = "http";
+ path = "/run/matrix-synapse/${workerName}-${toString index}.sock";
+ resources = [
+ {
+ names = [ "replication" ];
+ compress = false;
+ }
+ ];
+ }
+ ]
+ ++ lib.map (type: {
+ type = "http";
+ path = "/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
+ mode = "666";
+ resources = [
+ {
+ names = [ type ];
+ compress = false;
+ }
+ ];
+ }) enabledResources;
+ database = (
+ import ../db.nix {
+ inherit dbGroup;
+ workerName = "${workerName}-${toString index}";
+ }
+ );
+ };
+ }) workers
+ );
+ };
+
+ services.nginx = {
+ upstreams = lib.listToAttrs (
+ lib.map (type: {
+ name = "${workerName}-${type}";
+ value = {
+ extraConfig = ''
+ keepalive 32;
+ least_conn;
+ '';
+ servers = lib.listToAttrs (
+ lib.map (index: {
+ name = "unix:/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
+ value = {
+ max_fails = 0;
+ fail_timeout = "0s";
+ };
+ }) workers
+ );
+ };
+ }) enabledResources
+ );
+
+ virtualHosts."${cfg.nginxVirtualHostName}".locations = lib.listToAttrs (
+ lib.flatten (
+ lib.forEach enabledResources (
+ type:
+ lib.map (route: {
+ name = route;
+ value = {
+ proxyPass = "http://${workerName}-${type}";
+ extraConfig = ''
+ client_max_body_size 512M;
+ proxy_http_version 1.1;
+ proxy_set_header Connection "";
+ '';
+ };
+ }) workerRoutes.${type}
+ )
+ )
+ );
+ };
+ };
+}
diff --git a/modules/software-templates/synapse-workers/generic/event-creator.nix b/modules/software-templates/synapse-workers/generic/event-creator.nix
new file mode 100644
index 0000000..e035405
--- /dev/null
+++ b/modules/software-templates/synapse-workers/generic/event-creator.nix
@@ -0,0 +1,113 @@
+{ config, lib, ... }:
+
+let
+ cfg = config.services.matrix-synapse;
+ workerLib = import ./lib.nix;
+ dbGroup = "medium";
+ workers = lib.range 0 (cfg.eventCreators - 1);
+ workerName = "event_creator";
+ tasks = [ ];
+ workerRoutes = workerLib.workerRoutes.eventCreator;
+ enabledResources = lib.attrNames workerRoutes;
+in
+{
+ config = lib.mkIf (cfg.eventCreators > 0) {
+ monitoring.synapse.workerNames = lib.map (index: "${workerName}-${toString index}") workers;
+ services.matrix-synapse = {
+ settings = {
+ instance_map = lib.listToAttrs (
+ lib.map (index: {
+ name = "${workerName}-${toString index}";
+ value = {
+ path = "/run/matrix-synapse/${workerName}-${toString index}.sock";
+ };
+ }) workers
+ );
+
+ media_instance_running_background_jobs = lib.mkIf (lib.elem "media_repo_background" tasks) "${workerName}";
+ enable_media_repo = lib.mkIf (lib.elem "media_repo" tasks) false;
+ };
+
+ workers = lib.listToAttrs (
+ lib.map (index: {
+ name = "${workerName}-${toString index}";
+ value = {
+ worker_app = "synapse.app.generic_worker";
+ worker_listeners =
+ [
+ {
+ type = "http";
+ path = "/run/matrix-synapse/${workerName}-${toString index}.sock";
+ resources = [
+ {
+ names = [ "replication" ];
+ compress = false;
+ }
+ ];
+ }
+ ]
+ ++ lib.map (type: {
+ type = "http";
+ path = "/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
+ mode = "666";
+ resources = [
+ {
+ names = [ type ];
+ compress = false;
+ }
+ ];
+ }) enabledResources;
+ database = (
+ import ../db.nix {
+ inherit dbGroup;
+ workerName = "${workerName}-${toString index}";
+ }
+ );
+ };
+ }) workers
+ );
+ };
+
+ services.nginx = {
+ upstreams = lib.listToAttrs (
+ lib.map (type: {
+ name = "${workerName}-${type}";
+ value = {
+ extraConfig = ''
+ keepalive 32;
+ least_conn;
+ '';
+ servers = lib.listToAttrs (
+ lib.map (index: {
+ name = "unix:/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
+ value = {
+ max_fails = 0;
+ fail_timeout = "0s";
+ };
+ }) workers
+ );
+ };
+ }) enabledResources
+ );
+
+ virtualHosts."${cfg.nginxVirtualHostName}".locations = lib.listToAttrs (
+ lib.flatten (
+ lib.forEach enabledResources (
+ type:
+ lib.map (route: {
+ name = route;
+ value = {
+ proxyPass = "http://${workerName}-${type}";
+ extraConfig = ''
+ client_max_body_size 512M;
+ proxy_http_version 1.1;
+ proxy_set_header Connection "";
+ '';
+ };
+ }) workerRoutes.${type}
+ )
+ )
+ );
+ };
+ };
+}
diff --git a/modules/software-templates/synapse-workers/generic/federation-inbound.nix b/modules/software-templates/synapse-workers/generic/federation-inbound.nix
new file mode 100644
index 0000000..af18e8e
--- /dev/null
+++ b/modules/software-templates/synapse-workers/generic/federation-inbound.nix
@@ -0,0 +1,113 @@
+{ config, lib, ... }:
+
+let
+ cfg = config.services.matrix-synapse;
+ workerLib = import ./lib.nix;
+ dbGroup = "medium";
+ workers = lib.range 0 (cfg.federationReaders - 1);
+ workerName = "federation_inbound";
+ tasks = [ ];
+ workerRoutes = workerLib.workerRoutes.federationInbound;
+ enabledResources = lib.attrNames workerRoutes;
+in
+{
+ config = lib.mkIf (cfg.federationInboundWorkers > 0) {
+ monitoring.synapse.workerNames = lib.map (index: "${workerName}-${toString index}") workers;
+ services.matrix-synapse = {
+ settings = {
+ instance_map = lib.listToAttrs (
+ lib.map (index: {
+ name = "${workerName}-${toString index}";
+ value = {
+ path = "/run/matrix-synapse/${workerName}-${toString index}.sock";
+ };
+ }) workers
+ );
+
+ media_instance_running_background_jobs = lib.mkIf (lib.elem "media_repo_background" tasks) "${workerName}";
+ enable_media_repo = lib.mkIf (lib.elem "media_repo" tasks) false;
+ };
+
+ workers = lib.listToAttrs (
+ lib.map (index: {
+ name = "${workerName}-${toString index}";
+ value = {
+ worker_app = "synapse.app.generic_worker";
+ worker_listeners =
+ [
+ {
+ type = "http";
+ path = "/run/matrix-synapse/${workerName}-${toString index}.sock";
+ resources = [
+ {
+ names = [ "replication" ];
+ compress = false;
+ }
+ ];
+ }
+ ]
+ ++ lib.map (type: {
+ type = "http";
+ path = "/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
+ mode = "666";
+ resources = [
+ {
+ names = [ type ];
+ compress = false;
+ }
+ ];
+ }) enabledResources;
+ database = (
+ import ../db.nix {
+ inherit dbGroup;
+ workerName = "${workerName}-${toString index}";
+ }
+ );
+ };
+ }) workers
+ );
+ };
+
+ services.nginx = {
+ upstreams = lib.listToAttrs (
+ lib.map (type: {
+ name = "${workerName}-${type}";
+ value = {
+ extraConfig = ''
+ keepalive 32;
+ least_conn;
+ '';
+ servers = lib.listToAttrs (
+ lib.map (index: {
+ name = "unix:/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
+ value = {
+ max_fails = 0;
+ fail_timeout = "0s";
+ };
+ }) workers
+ );
+ };
+ }) enabledResources
+ );
+
+ virtualHosts."${cfg.nginxVirtualHostName}".locations = lib.listToAttrs (
+ lib.flatten (
+ lib.forEach enabledResources (
+ type:
+ lib.map (route: {
+ name = route;
+ value = {
+ proxyPass = "http://${workerName}-${type}";
+ extraConfig = ''
+ client_max_body_size 512M;
+ proxy_http_version 1.1;
+ proxy_set_header Connection "";
+ '';
+ };
+ }) workerRoutes.${type}
+ )
+ )
+ );
+ };
+ };
+}
diff --git a/modules/software-templates/synapse-workers/generic/federation-reader.nix b/modules/software-templates/synapse-workers/generic/federation-reader.nix
new file mode 100644
index 0000000..09e8419
--- /dev/null
+++ b/modules/software-templates/synapse-workers/generic/federation-reader.nix
@@ -0,0 +1,113 @@
+{ config, lib, ... }:
+
+let
+ cfg = config.services.matrix-synapse;
+ workerLib = import ./lib.nix;
+ dbGroup = "medium";
+ workers = lib.range 0 (cfg.federationReaders - 1);
+ workerName = "federation_reader";
+ tasks = [ ];
+ workerRoutes = workerLib.workerRoutes.federationReader;
+ enabledResources = lib.attrNames workerRoutes;
+in
+{
+ config = lib.mkIf (cfg.federationReaders > 0) {
+ monitoring.synapse.workerNames = lib.map (index: "${workerName}-${toString index}") workers;
+ services.matrix-synapse = {
+ settings = {
+ instance_map = lib.listToAttrs (
+ lib.map (index: {
+ name = "${workerName}-${toString index}";
+ value = {
+ path = "/run/matrix-synapse/${workerName}-${toString index}.sock";
+ };
+ }) workers
+ );
+
+ media_instance_running_background_jobs = lib.mkIf (lib.elem "media_repo_background" tasks) "${workerName}";
+ enable_media_repo = lib.mkIf (lib.elem "media_repo" tasks) false;
+ };
+
+ workers = lib.listToAttrs (
+ lib.map (index: {
+ name = "${workerName}-${toString index}";
+ value = {
+ worker_app = "synapse.app.generic_worker";
+ worker_listeners =
+ [
+ {
+ type = "http";
+ path = "/run/matrix-synapse/${workerName}-${toString index}.sock";
+ resources = [
+ {
+ names = [ "replication" ];
+ compress = false;
+ }
+ ];
+ }
+ ]
+ ++ lib.map (type: {
+ type = "http";
+ path = "/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
+ mode = "666";
+ resources = [
+ {
+ names = [ type ];
+ compress = false;
+ }
+ ];
+ }) enabledResources;
+ database = (
+ import ../db.nix {
+ inherit dbGroup;
+ workerName = "${workerName}-${toString index}";
+ }
+ );
+ };
+ }) workers
+ );
+ };
+
+ services.nginx = {
+ upstreams = lib.listToAttrs (
+ lib.map (type: {
+ name = "${workerName}-${type}";
+ value = {
+ extraConfig = ''
+ keepalive 32;
+ least_conn;
+ '';
+ servers = lib.listToAttrs (
+ lib.map (index: {
+ name = "unix:/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
+ value = {
+ max_fails = 0;
+ fail_timeout = "0s";
+ };
+ }) workers
+ );
+ };
+ }) enabledResources
+ );
+
+ virtualHosts."${cfg.nginxVirtualHostName}".locations = lib.listToAttrs (
+ lib.flatten (
+ lib.forEach enabledResources (
+ type:
+ lib.map (route: {
+ name = route;
+ value = {
+ proxyPass = "http://${workerName}-${type}";
+ extraConfig = ''
+ client_max_body_size 512M;
+ proxy_http_version 1.1;
+ proxy_set_header Connection "";
+ '';
+ };
+ }) workerRoutes.${type}
+ )
+ )
+ );
+ };
+ };
+}
diff --git a/modules/software-templates/synapse-workers/generic/federation-sender.nix b/modules/software-templates/synapse-workers/generic/federation-sender.nix
new file mode 100644
index 0000000..bf6cf51
--- /dev/null
+++ b/modules/software-templates/synapse-workers/generic/federation-sender.nix
@@ -0,0 +1,131 @@
+{ config, lib, ... }:
+let
+ cfg = config.services.matrix-synapse;
+ dbGroup = "medium";
+ workers = lib.range 0 (cfg.federationSenders - 1);
+ workerName = "federation_sender";
+ tasks = [ ];
+ workerRoutes = {};
+ enabledResources = lib.attrNames workerRoutes;
+in
+{
+ config = lib.mkIf (cfg.federationSenders > 0) {
+ monitoring.synapse.workerNames = lib.map (index: "${workerName}-${toString index}") workers;
+ services.matrix-synapse = {
+ settings = {
+ instance_map = lib.listToAttrs (
+ lib.map (index: {
+ name = "${workerName}-${toString index}";
+ value = {
+ path = "/run/matrix-synapse/${workerName}-${toString index}.sock";
+ };
+ }) workers
+ );
+
+ # Federation sender
+ send_federation = lib.mkIf (lib.elem "federation_sender" tasks) false;
+ federation_sender_instances = lib.mkIf (lib.elem "federation_sender" tasks) [ workerName ];
+ outbound_federation_restricted_to = lib.mkIf (lib.elem "federation_sender" tasks) [ workerName ];
+ worker_replication_secret = "${workerName}_secret";
+
+ # Pusher
+ pusher_instances = lib.optional (lib.elem "pusher" tasks) "${workerName}";
+
+ # Media repo
+ media_instance_running_background_jobs = lib.mkIf (lib.elem "media_repo_background" tasks) "${workerName}";
+ enable_media_repo = lib.mkIf (lib.elem "media_repo" tasks) false;
+ };
+
+ workers = lib.listToAttrs (
+ lib.map (index: {
+ name = "${workerName}-${toString index}";
+ value = {
+ worker_app = "synapse.app.generic_worker";
+ worker_listeners =
+ [
+ {
+ type = "http";
+ path = "/run/matrix-synapse/${workerName}-${toString index}.sock";
+ resources = [
+ {
+ names = [ "replication" ];
+ compress = false;
+ }
+ ];
+ }
+ ]
+ ++ lib.map (type: {
+ type = "http";
+ path = "/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
+ mode = "666";
+ resources = [
+ {
+ names = [ type ];
+ compress = false;
+ }
+ ];
+ }) enabledResources;
+ database = (
+ import ../db.nix {
+ inherit dbGroup;
+ workerName = "${workerName}-${toString index}";
+ }
+ );
+
+ # Media repo
+ enable_media_repo = lib.elem "media_repo" tasks;
+ rc_federation = {
+ window_size = 1;
+ sleep_limit = 1000;
+ sleep_delay = 1;
+ reject_limit = 1000;
+ concurrent = 100;
+ };
+ };
+ }) workers
+ );
+ };
+
+ services.nginx = {
+ upstreams = lib.listToAttrs (
+ lib.map (type: {
+ name = "${workerName}-${type}";
+ value = {
+ extraConfig = ''
+ keepalive 32;
+ least_conn;
+ '';
+ servers = lib.listToAttrs (
+ lib.map (index: {
+ name = "unix:/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
+ value = {
+ max_fails = 0;
+ fail_timeout = "0s";
+ };
+ }) workers
+ );
+ };
+ }) enabledResources
+ );
+
+ virtualHosts."${cfg.nginxVirtualHostName}".locations = lib.listToAttrs (
+ lib.flatten (
+ lib.forEach enabledResources (
+ type:
+ lib.map (route: {
+ name = route;
+ value = {
+ proxyPass = "http://${workerName}-${type}";
+ extraConfig = ''
+ client_max_body_size 512M;
+ proxy_http_version 1.1;
+ proxy_set_header Connection "";
+ '';
+ };
+ }) workerRoutes.${type}
+ )
+ )
+ );
+ };
+ };
+}
diff --git a/modules/software-templates/synapse-workers/generic/media-repo.nix b/modules/software-templates/synapse-workers/generic/media-repo.nix
new file mode 100644
index 0000000..d9db8cf
--- /dev/null
+++ b/modules/software-templates/synapse-workers/generic/media-repo.nix
@@ -0,0 +1,113 @@
+{ config, lib, ... }:
+
+let
+ cfg = config.services.matrix-synapse;
+ workerLib = import ./lib.nix;
+ dbGroup = "solo";
+ workers = lib.range 0 (cfg.mediaRepoWorkers - 1);
+ workerName = "media_repo";
+ tasks = [ ];
+ workerRoutes = workerLib.workerRoutes.mediaRepo;
+ enabledResources = lib.attrNames workerRoutes;
+in
+{
+ config = lib.mkIf (cfg.mediaRepoWorkers > 0) {
+ monitoring.synapse.workerNames = lib.map (index: "${workerName}-${toString index}") workers;
+ services.matrix-synapse = {
+ settings = {
+ instance_map = lib.listToAttrs (
+ lib.map (index: {
+ name = "${workerName}-${toString index}";
+ value = {
+ path = "/run/matrix-synapse/${workerName}-${toString index}.sock";
+ };
+ }) workers
+ );
+
+ media_instance_running_background_jobs = lib.mkIf (lib.elem "media_repo_background" tasks) "${workerName}";
+ enable_media_repo = lib.mkIf (lib.elem "media_repo" tasks) false;
+ };
+
+ workers = lib.listToAttrs (
+ lib.map (index: {
+ name = "${workerName}-${toString index}";
+ value = {
+ worker_app = "synapse.app.generic_worker";
+ worker_listeners =
+ [
+ {
+ type = "http";
+ path = "/run/matrix-synapse/${workerName}-${toString index}.sock";
+ resources = [
+ {
+ names = [ "replication" ];
+ compress = false;
+ }
+ ];
+ }
+ ]
+ ++ lib.map (type: {
+ type = "http";
+ path = "/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
+ mode = "666";
+ resources = [
+ {
+ names = [ type ];
+ compress = false;
+ }
+ ];
+ }) enabledResources;
+ database = (
+ import ../db.nix {
+ inherit dbGroup;
+ workerName = "${workerName}-${toString index}";
+ }
+ );
+ };
+ }) workers
+ );
+ };
+
+ services.nginx = {
+ upstreams = lib.listToAttrs (
+ lib.map (type: {
+ name = "${workerName}-${type}";
+ value = {
+ extraConfig = ''
+ keepalive 32;
+ least_conn;
+ '';
+ servers = lib.listToAttrs (
+ lib.map (index: {
+ name = "unix:/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
+ value = {
+ max_fails = 0;
+ fail_timeout = "0s";
+ };
+ }) workers
+ );
+ };
+ }) enabledResources
+ );
+
+ virtualHosts."${cfg.nginxVirtualHostName}".locations = lib.listToAttrs (
+ lib.flatten (
+ lib.forEach enabledResources (
+ type:
+ lib.map (route: {
+ name = route;
+ value = {
+ proxyPass = "http://${workerName}-${type}";
+ extraConfig = ''
+ client_max_body_size 512M;
+ proxy_http_version 1.1;
+ proxy_set_header Connection "";
+ '';
+ };
+ }) workerRoutes.${type}
+ )
+ )
+ );
+ };
+ };
+}
diff --git a/modules/software-templates/synapse-workers/generic/pusher.nix b/modules/software-templates/synapse-workers/generic/pusher.nix
new file mode 100644
index 0000000..8c6b697
--- /dev/null
+++ b/modules/software-templates/synapse-workers/generic/pusher.nix
@@ -0,0 +1,112 @@
+{ config, lib, ... }:
+let
+ cfg = config.services.matrix-synapse;
+ dbGroup = "small";
+ workers = lib.range 0 (cfg.pushers - 1);
+ workerName = "pusher";
+ tasks = [ ];
+ workerRoutes = {};
+ enabledResources = lib.attrNames workerRoutes;
+in
+{
+ config = lib.mkIf (cfg.pushers > 0) {
+ monitoring.synapse.workerNames = lib.map (index: "${workerName}-${toString index}") workers;
+ services.matrix-synapse = {
+ settings = {
+ instance_map = lib.listToAttrs (
+ lib.map (index: {
+ name = "${workerName}-${toString index}";
+ value = {
+ path = "/run/matrix-synapse/${workerName}-${toString index}.sock";
+ };
+ }) workers
+ );
+
+ pusher_instances = lib.mkIf (lib.elem "pusher" tasks) "${workerName}";
+ media_instance_running_background_jobs = lib.mkIf (lib.elem "media_repo_background" tasks) "${workerName}";
+ enable_media_repo = lib.mkIf (lib.elem "media_repo" tasks) false;
+ };
+
+ workers = lib.listToAttrs (
+ lib.map (index: {
+ name = "${workerName}-${toString index}";
+ value = {
+ worker_app = "synapse.app.generic_worker";
+ worker_listeners =
+ [
+ {
+ type = "http";
+ path = "/run/matrix-synapse/${workerName}-${toString index}.sock";
+ resources = [
+ {
+ names = [ "replication" ];
+ compress = false;
+ }
+ ];
+ }
+ ]
+ ++ lib.map (type: {
+ type = "http";
+ path = "/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
+ mode = "666";
+ resources = [
+ {
+ names = [ type ];
+ compress = false;
+ }
+ ];
+ }) enabledResources;
+ database = (
+ import ../db.nix {
+ inherit dbGroup;
+ workerName = "${workerName}-${toString index}";
+ }
+ );
+ };
+ }) workers
+ );
+ };
+
+ services.nginx = {
+ upstreams = lib.listToAttrs (
+ lib.map (type: {
+ name = "${workerName}-${type}";
+ value = {
+ extraConfig = ''
+ keepalive 32;
+ least_conn;
+ '';
+ servers = lib.listToAttrs (
+ lib.map (index: {
+ name = "unix:/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
+ value = {
+ max_fails = 0;
+ fail_timeout = "0s";
+ };
+ }) workers
+ );
+ };
+ }) enabledResources
+ );
+
+ virtualHosts."${cfg.nginxVirtualHostName}".locations = lib.listToAttrs (
+ lib.flatten (
+ lib.forEach enabledResources (
+ type:
+ lib.map (route: {
+ name = route;
+ value = {
+ proxyPass = "http://${workerName}-${type}";
+ extraConfig = ''
+ client_max_body_size 512M;
+ proxy_http_version 1.1;
+ proxy_set_header Connection "";
+ '';
+ };
+ }) workerRoutes.${type}
+ )
+ )
+ );
+ };
+ };
+}
diff --git a/modules/software-templates/synapse-workers/generic/sync.nix b/modules/software-templates/synapse-workers/generic/sync.nix
new file mode 100644
index 0000000..eb47e59
--- /dev/null
+++ b/modules/software-templates/synapse-workers/generic/sync.nix
@@ -0,0 +1,113 @@
+{ config, lib, ... }:
+
+let
+ cfg = config.services.matrix-synapse;
+ workerLib = import ./lib.nix;
+ dbGroup = "medium";
+ workers = lib.range 0 (cfg.syncWorkers - 1);
+ workerName = "sync";
+ tasks = [ ];
+ workerRoutes = workerLib.workerRoutes.sync;
+ enabledResources = lib.attrNames workerRoutes;
+in
+{
+ config = lib.mkIf (cfg.syncWorkers > 0) {
+ monitoring.synapse.workerNames = lib.map (index: "${workerName}-${toString index}") workers;
+ services.matrix-synapse = {
+ settings = {
+ instance_map = lib.listToAttrs (
+ lib.map (index: {
+ name = "${workerName}-${toString index}";
+ value = {
+ path = "/run/matrix-synapse/${workerName}-${toString index}.sock";
+ };
+ }) workers
+ );
+
+ media_instance_running_background_jobs = lib.mkIf (lib.elem "media_repo_background" tasks) "${workerName}";
+ enable_media_repo = lib.mkIf (lib.elem "media_repo" tasks) false;
+ };
+
+ workers = lib.listToAttrs (
+ lib.map (index: {
+ name = "${workerName}-${toString index}";
+ value = {
+ worker_app = "synapse.app.generic_worker";
+ worker_listeners =
+ [
+ {
+ type = "http";
+ path = "/run/matrix-synapse/${workerName}-${toString index}.sock";
+ resources = [
+ {
+ names = [ "replication" ];
+ compress = false;
+ }
+ ];
+ }
+ ]
+ ++ lib.map (type: {
+ type = "http";
+ path = "/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
+ mode = "666";
+ resources = [
+ {
+ names = [ type ];
+ compress = false;
+ }
+ ];
+ }) enabledResources;
+ database = (
+ import ../db.nix {
+ inherit dbGroup;
+ workerName = "${workerName}-${toString index}";
+ }
+ );
+ };
+ }) workers
+ );
+ };
+
+ services.nginx = {
+ upstreams = lib.listToAttrs (
+ lib.map (type: {
+ name = "${workerName}-${type}";
+ value = {
+ extraConfig = ''
+ keepalive 32;
+ least_conn;
+ '';
+ servers = lib.listToAttrs (
+ lib.map (index: {
+ name = "unix:/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
+ value = {
+ max_fails = 0;
+ fail_timeout = "0s";
+ };
+ }) workers
+ );
+ };
+ }) enabledResources
+ );
+
+ virtualHosts."${cfg.nginxVirtualHostName}".locations = lib.listToAttrs (
+ lib.flatten (
+ lib.forEach enabledResources (
+ type:
+ lib.map (route: {
+ name = route;
+ value = {
+ proxyPass = "http://${workerName}-${type}";
+ extraConfig = ''
+ client_max_body_size 512M;
+ proxy_http_version 1.1;
+ proxy_set_header Connection "";
+ '';
+ };
+ }) workerRoutes.${type}
+ )
+ )
+ );
+ };
+ };
+}
diff --git a/modules/software-templates/synapse-workers/lib.nix b/modules/software-templates/synapse-workers/lib.nix
new file mode 100644
index 0000000..c99e2ef
--- /dev/null
+++ b/modules/software-templates/synapse-workers/lib.nix
@@ -0,0 +1,147 @@
+{
+ workerRoutes = {
+ sync.client = [
+ "~ ^/_matrix/client/(v2_alpha|r0|v3)/sync$"
+ "~ ^/_matrix/client/(api/v1|v2_alpha|r0|v3)/events$"
+ "~ ^/_matrix/client/(api/v1|r0|v3)/initialSync$"
+ "~ ^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$"
+ "~ ^/_matrix/client/unstable/org.matrix.simplified_msc3575/sync$"
+ ];
+
+ clientReader.client = [
+ "~ ^/_matrix/client/(api/v1|r0|v3|unstable)/publicRooms$"
+ "~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/joined_members$"
+ "~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/context/.*$"
+ "~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/members$"
+ "~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/state(/|$)"
+ "~ ^/_matrix/client/v1/rooms/.*/hierarchy$"
+ "~ ^/_matrix/client/(v1|unstable)/rooms/.*/relations/"
+ "~ ^/_matrix/client/v1/rooms/.*/threads$"
+ "~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/messages$"
+ "~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/event"
+ "~ ^/_matrix/client/(api/v1|r0|v3|unstable)/joined_rooms"
+ "~ ^/_matrix/client/(api/v1|r0|v3|unstable/.*)/rooms/.*/aliases"
+ "~ ^/_matrix/client/v1/rooms/.*/timestamp_to_event$"
+ "~ ^/_matrix/client/(api/v1|r0|v3|unstable)/search"
+ "~ ^/_matrix/client/(r0|v3|unstable)/user/.*/filter(/|$)"
+ "~ ^/_matrix/client/(api/v1|r0|v3|unstable)/directory/room/.*$"
+ "~ ^/_matrix/client/(r0|v3|unstable)/notifications$"
+ # e2ee
+ "~ ^/_matrix/client/(api/v1|r0|v3|unstable)/keys/query$"
+
+ # unstable
+ "~ ^/_matrix/client/unstable/im.nheko.summary/rooms/.*/summary$"
+
+ # auth
+ "~ ^/_matrix/client/(api/v1|r0|v3|unstable)/login$"
+ "~ ^/_matrix/client/(api/v1|r0|v3|unstable)/account/3pid$"
+ "~ ^/_matrix/client/(api/v1|r0|v3|unstable)/account/whoami$"
+ "~ ^/_matrix/client/versions$"
+ "~ ^/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer$"
+ "~ ^/_matrix/client/(r0|v3|unstable)/register$"
+ "~ ^/_matrix/client/(r0|v3|unstable)/register/available$"
+ "~ ^/_matrix/client/(r0|v3|unstable)/auth/.*/fallback/web$"
+ "~ ^/_matrix/client/(r0|v3|unstable)/password_policy$"
+ "~ ^/_matrix/client/(r0|v3|unstable)/capabilities$"
+ ];
+
+ eventCreator.client = [
+ "~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/redact"
+ "~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/send"
+ "~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/(join|invite|leave|ban|unban|kick)$"
+ "~ ^/_matrix/client/(api/v1|r0|v3|unstable)/join/"
+ "~ ^/_matrix/client/(api/v1|r0|v3|unstable)/knock/"
+ "~ ^/_matrix/client/(api/v1|r0|v3|unstable)/profile/"
+ ];
+
+ federationInbound.federation = [
+ "~ ^/_matrix/federation/(v1|v2)/send/"
+ ];
+
+ federationReader.federation = [
+ "~ ^/_matrix/federation/(v1|v2)/event/"
+ "~ ^/_matrix/federation/(v1|v2)/state/"
+ "~ ^/_matrix/federation/(v1|v2)/state_ids/"
+ "~ ^/_matrix/federation/(v1|v2)/backfill/"
+ "~ ^/_matrix/federation/(v1|v2)/get_missing_events/"
+ "~ ^/_matrix/federation/(v1|v2)/publicRooms"
+ "~ ^/_matrix/federation/(v1|v2)/query/"
+ "~ ^/_matrix/federation/(v1|v2)/make_join/"
+ "~ ^/_matrix/federation/(v1|v2)/make_leave/"
+ "~ ^/_matrix/federation/(v1|v2)/send_join/"
+ "~ ^/_matrix/federation/(v1|v2)/send_leave/"
+ "~ ^/_matrix/federation/v1/make_knock/"
+ "~ ^/_matrix/federation/v1/send_knock/"
+ "~ ^/_matrix/federation/(v1|v2)/invite/" # Needs special handling, define manually
+ "~ ^/_matrix/federation/(v1|v2)/query_auth/"
+ "~ ^/_matrix/federation/(v1|v2)/event_auth/"
+ "~ ^/_matrix/federation/v1/timestamp_to_event/"
+ "~ ^/_matrix/federation/(v1|v2)/exchange_third_party_invite/"
+ "~ ^/_matrix/federation/(v1|v2)/user/devices/"
+ "~ ^/_matrix/federation/(v1|v2)/get_groups_publicised$"
+ "~ ^/_matrix/key/v2/query"
+ # extra
+ "~ ^/_matrix/key/v2/server$"
+ ];
+
+ mediaRepo.media = [
+ "~ ^/_matrix/client/v1/media/"
+ "~ ^/_matrix/federation/v1/media/"
+ "~ ^/_synapse/admin/v1/purge_media_cache$"
+ "~ ^/_synapse/admin/v1/room/.*/media.*$"
+ "~ ^/_synapse/admin/v1/user/.*/media.*$"
+ "~ ^/_synapse/admin/v1/users/.*/media$"
+ "~ ^/_synapse/admin/v1/media/.*$"
+ "~ ^/_synapse/admin/v1/quarantine_media/.*$"
+ "~ ^/_matrix/media/"
+ ];
+
+ auth.client = [
+ "~ ^/_matrix/client/(api/v1|r0|v3|unstable)/login$"
+ "~ ^/_matrix/client/(api/v1|r0|v3|unstable)/account/3pid$"
+ "~ ^/_matrix/client/(api/v1|r0|v3|unstable)/account/whoami$"
+ "~ ^/_matrix/client/versions$"
+ "~ ^/_matrix/client/(api/v1|r0|v3|unstable)/voip/turnServer$"
+ "~ ^/_matrix/client/(r0|v3|unstable)/register$"
+ "~ ^/_matrix/client/(r0|v3|unstable)/register/available$"
+ "~ ^/_matrix/client/(r0|v3|unstable)/auth/.*/fallback/web$"
+ "~ ^/_matrix/client/(r0|v3|unstable)/password_policy$"
+ "~ ^/_matrix/client/(r0|v3|unstable)/capabilities$"
+ ];
+
+ typing.client = [
+ "~ ^/_matrix/client/(api/v1|r0|v3|unstable)/rooms/.*/typing"
+ ];
+
+ toDevice.client = [
+ "~ ^/_matrix/client/(r0|v3|unstable)/sendToDevice/"
+ ];
+
+ receipts.client = [
+ "~ ^/_matrix/client/(r0|v3|unstable)/rooms/.*/receipt"
+ "~ ^/_matrix/client/(r0|v3|unstable)/rooms/.*/read_markers"
+ ];
+
+ pushRules.client = [
+ "~ ^/_matrix/client/(api/v1|r0|v3|unstable)/pushrules/"
+ ];
+
+ presence.client = [
+ "~ ^/_matrix/client/(api/v1|r0|v3|unstable)/presence/"
+ ];
+
+ accountData.client = [
+ "~ ^/_matrix/client/(r0|v3|unstable)/account_data"
+ "~ ^/_matrix/client/(r0|v3|unstable)/rooms/.*/account_data"
+ "~ ^/_matrix/client/(r0|v3|unstable)/rooms/.*/tags"
+ ];
+
+ userDirectory.client = [
+ "~ ^/_matrix/client/(api/v1|r0|v3|unstable)/user_directory/search$"
+
+ #profile
+ "~ ^/_matrix/client/v3/profile/.*$"
+ "~ ^/_matrix/client/v3/profile/.*/(displayname|avatar_url)$"
+ ];
+ };
+}
diff --git a/modules/software-templates/synapse-workers/module.nix b/modules/software-templates/synapse-workers/module.nix
new file mode 100644
index 0000000..b1d0ced
--- /dev/null
+++ b/modules/software-templates/synapse-workers/module.nix
@@ -0,0 +1,108 @@
+{ config, lib, ... }:
+let
+ cfg = config.services.matrix-synapse;
+ mkIntOption =
+ description:
+ lib.mkOption {
+ type = lib.types.int;
+ default = 0;
+ description = description;
+ };
+in
+{
+ imports = [
+ ];
+ options.services.matrix-synapse = {
+ enableWorkers = lib.mkEnableOption "Enable dedicated workers";
+ enableStreamWriters = lib.mkEnableOption "Enable stream writers";
+ enableAppserviceWorker = lib.mkEnableOption "Enable dedicated appservice worker";
+ enableBackgroundWorker = lib.mkEnableOption "Enable dedicated background task worker";
+ enableUserDirWorker = lib.mkEnableOption "Enable dedicated user directory worker";
+
+ authWorkers = mkIntOption "Number of auth workers";
+ clientReaders = mkIntOption "Number of client readers";
+ eventCreators = mkIntOption "Number of auth workers";
+ federationInboundWorkers = mkIntOption "Number of federation inbound workers";
+ federationReaders = mkIntOption "Number of federation readers";
+ federationSenders = mkIntOption "Number of federation senders";
+ mediaRepoWorkers = mkIntOption "Number of media repo workers";
+ pushers = mkIntOption "Number of pushers";
+ syncWorkers = mkIntOption "Number of sync workers";
+
+ #stream writers
+ eventStreamWriters = mkIntOption "Number of event stream writers";
+ typingStreamWriters = mkIntOption "Number of typing stream writers";
+ toDeviceStreamWriters = mkIntOption "Number of to_device stream writers";
+ accountDataStreamWriters = mkIntOption "Number of account data stream writers";
+ receiptStreamWriters = mkIntOption "Number of read receipt stream writers";
+ presenceStreamWriters = mkIntOption "Number of presence stream writers";
+ pushRuleStreamWriters = mkIntOption "Number of push rule stream writers";
+
+ sharedStreamWriters = mkIntOption "Number of shared stream writers";
+
+ nginxVirtualHostName = lib.mkOption {
+ type = lib.types.str;
+ default = null;
+ description = "The virtual host name for the nginx server";
+ };
+
+ allowedRemoteInviteOrigins = lib.mkOption {
+ type = lib.types.listOf lib.types.str;
+ default = [ ];
+ description = "List of allowed remote invite origins";
+ };
+ };
+
+ config = {
+ assertions =
+ [
+ {
+ assertion = cfg.enableWorkers -> cfg.nginxVirtualHostName != null;
+ message = "nginxVirtualHostName must be set when enableWorkers is true";
+ }
+ ]
+ ++ lib.optionals (cfg.settings ? stream_writers) [
+ # Stream types and count limitations: https://github.com/element-hq/synapse/blob/develop/synapse/config/workers.py#L344
+ {
+ assertion = cfg.settings.stream_writers ? typing -> lib.length cfg.settings.stream_writers.typing <= 1;
+ message = "Only one typing stream writer is supported";
+ }
+ {
+ assertion = cfg.settings.stream_writers ? to_device -> lib.length cfg.settings.stream_writers.to_device <= 1;
+ message = "Only one to_device stream writer is supported";
+ }
+ {
+ assertion = cfg.settings.stream_writers ? account_data -> lib.length cfg.settings.stream_writers.account_data <= 1;
+ message = "Only one account data stream writer is supported";
+ }
+ # This may be outdated in the documentation...?
+ #{
+ # assertion = cfg.receiptStreamWriters <= 1;
+ # message = "Only one receipt stream writer is supported";
+ #}
+ {
+ assertion = cfg.settings.stream_writers ? presence -> lib.length cfg.settings.stream_writers.presence <= 1;
+ message = "Only one presence stream writer is supported";
+ }
+ {
+ assertion = cfg.settings.stream_writers ? push_rules -> lib.length cfg.settings.stream_writers.push_rules <= 1;
+ message = "Only one push rule stream writer is supported";
+ }
+ ];
+
+ # Matrix utility maps
+ services.nginx.appendHttpConfig = ''
+ # Map authorization header to origin name
+ map $http_authorization $mx_origin_name {
+ default "";
+ "~*X-Matrix origin=(?<origin>[^,]+)" $origin;
+ }
+
+ # Map origin name to whether it can invite
+ map $mx_origin_name $mx_can_invite {
+ default 0;
+ ${lib.concatMapStringsSep "\n" (origin: " \"${origin}\" 1;") cfg.allowedRemoteInviteOrigins}
+ }
+ '';
+ };
+}
diff --git a/modules/software-templates/synapse-workers/single/appservice.nix b/modules/software-templates/synapse-workers/single/appservice.nix
new file mode 100644
index 0000000..03a080b
--- /dev/null
+++ b/modules/software-templates/synapse-workers/single/appservice.nix
@@ -0,0 +1,77 @@
+{ config, lib, ... }:
+
+let
+ cfg = config.services.matrix-synapse;
+ workerLib = import ../lib.nix;
+ dbGroup = "small";
+ workerName = "appservice";
+ tasks = [ "appservice" ];
+ workerRoutes = {};
+ enabledResources = lib.attrNames workerRoutes;
+in
+{
+ config = lib.mkIf (lib.length tasks > 0) {
+ monitoring.synapse.workerNames = [ workerName ];
+ services.matrix-synapse = {
+ settings = {
+ instance_map = {
+ ${workerName} = {
+ path = "/run/matrix-synapse/${workerName}.sock";
+ };
+ };
+
+ run_background_tasks_on = lib.mkIf (lib.elem "background" tasks) workerName;
+ notify_appservices_from_worker = lib.mkIf (lib.elem "appservice" tasks) workerName;
+ update_user_directory_from_worker = lib.mkIf (lib.elem "user_directory" tasks) workerName;
+ };
+
+ workers = {
+ ${workerName} = {
+ worker_app = "synapse.app.generic_worker";
+ worker_listeners =
+ [
+ {
+ type = "http";
+ path = "/run/matrix-synapse/${workerName}.sock";
+ resources = [
+ {
+ names = [ "replication" ];
+ compress = false;
+ }
+ ];
+ }
+ ]
+ ++ lib.map (type: {
+ type = "http";
+ path = "/run/matrix-synapse/${workerName}-${type}.sock";
+ mode = "666";
+ resources = [
+ {
+ names = [ type ];
+ compress = false;
+ }
+ ];
+ }) enabledResources;
+
+ database = (import ../../db.nix { inherit workerName dbGroup; });
+ };
+ };
+ };
+
+ services.nginx = {
+ virtualHosts."${cfg.nginxVirtualHostName}".locations = lib.listToAttrs (
+ lib.flatten (
+ lib.forEach enabledResources (
+ type:
+ lib.map (route: {
+ name = route;
+ value = {
+ proxyPass = "http://unix:/run/matrix-synapse/${workerName}-${type}.sock";
+ };
+ }) workerRoutes.${type}
+ )
+ )
+ );
+ };
+ };
+}
diff --git a/modules/software-templates/synapse-workers/single/background.nix b/modules/software-templates/synapse-workers/single/background.nix
new file mode 100644
index 0000000..741b88c
--- /dev/null
+++ b/modules/software-templates/synapse-workers/single/background.nix
@@ -0,0 +1,77 @@
+{ config, lib, ... }:
+
+let
+ cfg = config.services.matrix-synapse;
+ workerLib = import ../lib.nix;
+ dbGroup = "small";
+ workerName = "background";
+ tasks = [ "background" ];
+ workerRoutes = { };
+ enabledResources = lib.attrNames workerRoutes;
+in
+{
+ config = lib.mkIf (lib.length tasks > 0) {
+ monitoring.synapse.workerNames = [ workerName ];
+ services.matrix-synapse = {
+ settings = {
+ instance_map = {
+ ${workerName} = {
+ path = "/run/matrix-synapse/${workerName}.sock";
+ };
+ };
+
+ run_background_tasks_on = lib.mkIf (lib.elem "background" tasks) workerName;
+ notify_appservices_from_worker = lib.mkIf (lib.elem "appservice" tasks) workerName;
+ update_user_directory_from_worker = lib.mkIf (lib.elem "user_directory" tasks) workerName;
+ };
+
+ workers = {
+ ${workerName} = {
+ worker_app = "synapse.app.generic_worker";
+ worker_listeners =
+ [
+ {
+ type = "http";
+ path = "/run/matrix-synapse/${workerName}.sock";
+ resources = [
+ {
+ names = [ "replication" ];
+ compress = false;
+ }
+ ];
+ }
+ ]
+ ++ lib.map (type: {
+ type = "http";
+ path = "/run/matrix-synapse/${workerName}-${type}.sock";
+ mode = "666";
+ resources = [
+ {
+ names = [ type ];
+ compress = false;
+ }
+ ];
+ }) enabledResources;
+
+ database = (import ../../db.nix { inherit workerName dbGroup; });
+ };
+ };
+ };
+
+ services.nginx = {
+ virtualHosts."${cfg.nginxVirtualHostName}".locations = lib.listToAttrs (
+ lib.flatten (
+ lib.forEach enabledResources (
+ type:
+ lib.map (route: {
+ name = route;
+ value = {
+ proxyPass = "http://unix:/run/matrix-synapse/${workerName}-${type}.sock";
+ };
+ }) workerRoutes.${type}
+ )
+ )
+ );
+ };
+ };
+}
diff --git a/modules/software-templates/synapse-workers/single/user-dir.nix b/modules/software-templates/synapse-workers/single/user-dir.nix
new file mode 100644
index 0000000..97ddf26
--- /dev/null
+++ b/modules/software-templates/synapse-workers/single/user-dir.nix
@@ -0,0 +1,77 @@
+{ config, lib, ... }:
+
+let
+ cfg = config.services.matrix-synapse;
+ workerLib = import ../lib.nix;
+ dbGroup = "small";
+ workerName = "user_dir";
+ tasks = [ "user_directory" ];
+ workerRoutes = workerLib.workerRoutes.userDirectory;
+ enabledResources = lib.attrNames workerRoutes;
+in
+{
+ config = lib.mkIf (lib.length tasks > 0) {
+ monitoring.synapse.workerNames = [ workerName ];
+ services.matrix-synapse = {
+ settings = {
+ instance_map = {
+ ${workerName} = {
+ path = "/run/matrix-synapse/${workerName}.sock";
+ };
+ };
+
+ run_background_tasks_on = lib.mkIf (lib.elem "background" tasks) workerName;
+ notify_appservices_from_worker = lib.mkIf (lib.elem "appservice" tasks) workerName;
+ update_user_directory_from_worker = lib.mkIf (lib.elem "user_directory" tasks) workerName;
+ };
+
+ workers = {
+ ${workerName} = {
+ worker_app = "synapse.app.generic_worker";
+ worker_listeners =
+ [
+ {
+ type = "http";
+ path = "/run/matrix-synapse/${workerName}.sock";
+ resources = [
+ {
+ names = [ "replication" ];
+ compress = false;
+ }
+ ];
+ }
+ ]
+ ++ lib.map (type: {
+ type = "http";
+ path = "/run/matrix-synapse/${workerName}-${type}.sock";
+ mode = "666";
+ resources = [
+ {
+ names = [ type ];
+ compress = false;
+ }
+ ];
+ }) enabledResources;
+
+ database = (import ../../db.nix { inherit workerName dbGroup; });
+ };
+ };
+ };
+
+ services.nginx = {
+ virtualHosts."${cfg.nginxVirtualHostName}".locations = lib.listToAttrs (
+ lib.flatten (
+ lib.forEach enabledResources (
+ type:
+ lib.map (route: {
+ name = route;
+ value = {
+ proxyPass = "http://unix:/run/matrix-synapse/${workerName}-${type}.sock";
+ };
+ }) workerRoutes.${type}
+ )
+ )
+ );
+ };
+ };
+}
diff --git a/modules/software-templates/synapse-workers/stream-writers/account_data-stream-writer.nix b/modules/software-templates/synapse-workers/stream-writers/account_data-stream-writer.nix
new file mode 100644
index 0000000..3f8363a
--- /dev/null
+++ b/modules/software-templates/synapse-workers/stream-writers/account_data-stream-writer.nix
@@ -0,0 +1,130 @@
+{ config, lib, ... }:
+
+let
+ cfg = config.services.matrix-synapse;
+ workerLib = import ../lib.nix;
+ dbGroup = "medium";
+# streamWriterType = "account_data";
+ workers = lib.range 0 (cfg.accountDataStreamWriters - 1);
+ workerName = "account_data_stream_writer";
+ tasks = [ "stream_account_data" ];
+ workerRoutes = workerLib.workerRoutes.accountData;
+in
+let
+ enabledResources = lib.attrNames workerRoutes;
+ streamTypes = []
+ ++ lib.optional (lib.elem "stream_account_data" tasks) "account_data"
+ ++ lib.optional (lib.elem "stream_presence" tasks) "presence"
+ ++ lib.optional (lib.elem "stream_push_rules" tasks) "push_rules"
+ ++ lib.optional (lib.elem "stream_to_device" tasks) "to_device"
+ ++ lib.optional (lib.elem "stream_typing" tasks) "typing"
+ ++ lib.optional (lib.elem "stream_receipts" tasks) "receipts"
+ ++ lib.optional (lib.elem "stream_events" tasks) "events";
+in
+{
+ config = lib.mkIf (cfg.accountDataStreamWriters > 0) {
+ monitoring.synapse.workerNames = lib.map (index: "${workerName}-${toString index}") workers;
+ services.matrix-synapse = {
+ settings = {
+ instance_map = lib.listToAttrs (
+ lib.map (index: {
+ name = "${workerName}-${toString index}";
+ value = {
+ path = "/run/matrix-synapse/${workerName}-${toString index}.sock";
+ };
+ }) workers
+ );
+
+ #stream_writers.${streamWriterType} = lib.map (index: "${workerName}-${toString index}") workers;
+# stream_writers = lib.listToA
+ # map `streams` to `workers`
+ stream_writers = lib.listToAttrs (
+ lib.map (stream: {
+ name = stream;
+ value = lib.map (index: "${workerName}-${toString index}") workers;
+ }) streamTypes
+ );
+ };
+
+ workers = lib.listToAttrs (
+ lib.map (index: {
+ name = "${workerName}-${toString index}";
+ value = {
+ worker_app = "synapse.app.generic_worker";
+ worker_listeners =
+ [
+ {
+ type = "http";
+ path = "/run/matrix-synapse/${workerName}-${toString index}.sock";
+ resources = [
+ {
+ names = [ "replication" ];
+ compress = false;
+ }
+ ];
+ }
+ ]
+ ++ lib.map (type: {
+ type = "http";
+ path = "/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
+ mode = "666";
+ resources = [
+ {
+ names = [ type ];
+ compress = false;
+ }
+ ];
+ }) enabledResources;
+ database = (
+ import ../../db.nix {
+ inherit dbGroup;
+ workerName = "${workerName}-${toString index}";
+ }
+ );
+ };
+ }) workers
+ );
+ };
+
+ services.nginx = {
+ upstreams = lib.listToAttrs (
+ lib.map (type: {
+ name = "${workerName}-${type}";
+ value = {
+ extraConfig = ''
+ keepalive 32;
+ least_conn;
+ '';
+ servers = lib.listToAttrs (
+ lib.map (index: {
+ name = "unix:/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
+ value = {
+ max_fails = 0;
+ fail_timeout = "0s";
+ };
+ }) workers
+ );
+ };
+ }) enabledResources
+ );
+
+ virtualHosts."${cfg.nginxVirtualHostName}".locations = lib.listToAttrs (
+ lib.flatten (
+ lib.forEach enabledResources (
+ type:
+ lib.map (route: {
+ name = route;
+ value = {
+ proxyPass = "http://${workerName}-${type}";
+ extraConfig = ''
+ proxy_http_version 1.1;
+ proxy_set_header Connection "";
+ '';
+ };
+ }) workerRoutes.${type}
+ )
+ )
+ );
+ };
+ };
+}
diff --git a/modules/software-templates/synapse-workers/stream-writers/event-stream-writer.nix b/modules/software-templates/synapse-workers/stream-writers/event-stream-writer.nix
new file mode 100644
index 0000000..6abce3f
--- /dev/null
+++ b/modules/software-templates/synapse-workers/stream-writers/event-stream-writer.nix
@@ -0,0 +1,111 @@
+{ config, lib, ... }:
+
+let
+ cfg = config.services.matrix-synapse;
+ dbGroup = "medium";
+ streamWriterType = "events";
+ workers = lib.range 0 (cfg.eventStreamWriters - 1);
+ workerName = "event_stream_writer";
+ tasks = [ ];
+ workerRoutes = {};
+ enabledResources = [];
+in
+{
+ config = lib.mkIf (cfg.eventStreamWriters > 0) {
+ monitoring.synapse.workerNames = lib.map (index: "${workerName}-${toString index}") workers;
+ services.matrix-synapse = {
+ settings = {
+ instance_map = lib.listToAttrs (
+ lib.map (index: {
+ name = "${workerName}-${toString index}";
+ value = {
+ path = "/run/matrix-synapse/${workerName}-${toString index}.sock";
+ };
+ }) workers
+ );
+
+ stream_writers.${streamWriterType} = lib.map (index: "${workerName}-${toString index}") workers;
+ };
+
+ workers = lib.listToAttrs (
+ lib.map (index: {
+ name = "${workerName}-${toString index}";
+ value = {
+ worker_app = "synapse.app.generic_worker";
+ worker_listeners =
+ [
+ {
+ type = "http";
+ path = "/run/matrix-synapse/${workerName}-${toString index}.sock";
+ resources = [
+ {
+ names = [ "replication" ];
+ compress = false;
+ }
+ ];
+ }
+ ]
+ ++ lib.map (type: {
+ type = "http";
+ path = "/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
+ mode = "666";
+ resources = [
+ {
+ names = [ type ];
+ compress = false;
+ }
+ ];
+ }) enabledResources;
+ database = (
+ import ../../db.nix {
+ inherit dbGroup;
+ workerName = "${workerName}-${toString index}";
+ }
+ );
+ };
+ }) workers
+ );
+ };
+
+ services.nginx = {
+ upstreams = lib.listToAttrs (
+ lib.map (type: {
+ name = "${workerName}-${type}";
+ value = {
+ extraConfig = ''
+ keepalive 32;
+ least_conn;
+ '';
+ servers = lib.listToAttrs (
+ lib.map (index: {
+ name = "unix:/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
+ value = {
+ max_fails = 0;
+ fail_timeout = "0s";
+ };
+ }) workers
+ );
+ };
+ }) enabledResources
+ );
+
+ virtualHosts."${cfg.nginxVirtualHostName}".locations = lib.listToAttrs (
+ lib.flatten (
+ lib.forEach enabledResources (
+ type:
+ lib.map (route: {
+ name = route;
+ value = {
+ proxyPass = "http://${workerName}-${type}";
+ extraConfig = ''
+ proxy_http_version 1.1;
+ proxy_set_header Connection "";
+ '';
+ };
+ }) workerRoutes.${type}
+ )
+ )
+ );
+ };
+ };
+}
diff --git a/modules/software-templates/synapse-workers/stream-writers/presence-stream-writer.nix b/modules/software-templates/synapse-workers/stream-writers/presence-stream-writer.nix
new file mode 100644
index 0000000..052f037
--- /dev/null
+++ b/modules/software-templates/synapse-workers/stream-writers/presence-stream-writer.nix
@@ -0,0 +1,112 @@
+{ config, lib, ... }:
+
+let
+ cfg = config.services.matrix-synapse;
+ workerLib = import ../lib.nix;
+ dbGroup = "medium";
+ streamWriterType = "presence";
+ workers = lib.range 0 (cfg.presenceStreamWriters - 1);
+ workerName = "presence_stream_writer";
+ tasks = [ ];
+ workerRoutes = workerLib.workerRoutes.presence;
+ enabledResources = lib.attrNames workerRoutes;
+in
+{
+ config = lib.mkIf (cfg.presenceStreamWriters > 0) {
+ monitoring.synapse.workerNames = lib.map (index: "${workerName}-${toString index}") workers;
+ services.matrix-synapse = {
+ settings = {
+ instance_map = lib.listToAttrs (
+ lib.map (index: {
+ name = "${workerName}-${toString index}";
+ value = {
+ path = "/run/matrix-synapse/${workerName}-${toString index}.sock";
+ };
+ }) workers
+ );
+
+ stream_writers.${streamWriterType} = lib.map (index: "${workerName}-${toString index}") workers;
+ };
+
+ workers = lib.listToAttrs (
+ lib.map (index: {
+ name = "${workerName}-${toString index}";
+ value = {
+ worker_app = "synapse.app.generic_worker";
+ worker_listeners =
+ [
+ {
+ type = "http";
+ path = "/run/matrix-synapse/${workerName}-${toString index}.sock";
+ resources = [
+ {
+ names = [ "replication" ];
+ compress = false;
+ }
+ ];
+ }
+ ]
+ ++ lib.map (type: {
+ type = "http";
+ path = "/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
+ mode = "666";
+ resources = [
+ {
+ names = [ type ];
+ compress = false;
+ }
+ ];
+ }) enabledResources;
+ database = (
+ import ../../db.nix {
+ inherit dbGroup;
+ workerName = "${workerName}-${toString index}";
+ }
+ );
+ };
+ }) workers
+ );
+ };
+
+ services.nginx = {
+ upstreams = lib.listToAttrs (
+ lib.map (type: {
+ name = "${workerName}-${type}";
+ value = {
+ extraConfig = ''
+ keepalive 32;
+ least_conn;
+ '';
+ servers = lib.listToAttrs (
+ lib.map (index: {
+ name = "unix:/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
+ value = {
+ max_fails = 0;
+ fail_timeout = "0s";
+ };
+ }) workers
+ );
+ };
+ }) enabledResources
+ );
+
+ virtualHosts."${cfg.nginxVirtualHostName}".locations = lib.listToAttrs (
+ lib.flatten (
+ lib.forEach enabledResources (
+ type:
+ lib.map (route: {
+ name = route;
+ value = {
+ proxyPass = "http://${workerName}-${type}";
+ extraConfig = ''
+ proxy_http_version 1.1;
+ proxy_set_header Connection "";
+ '';
+ };
+ }) workerRoutes.${type}
+ )
+ )
+ );
+ };
+ };
+}
diff --git a/modules/software-templates/synapse-workers/stream-writers/push_rule-stream-writer.nix b/modules/software-templates/synapse-workers/stream-writers/push_rule-stream-writer.nix
new file mode 100644
index 0000000..6bba28d
--- /dev/null
+++ b/modules/software-templates/synapse-workers/stream-writers/push_rule-stream-writer.nix
@@ -0,0 +1,112 @@
+{ config, lib, ... }:
+
+let
+ cfg = config.services.matrix-synapse;
+ workerLib = import ../lib.nix;
+ dbGroup = "medium";
+ streamWriterType = "push_rules";
+ workers = lib.range 0 (cfg.pushRuleStreamWriters - 1);
+ workerName = "push_rule_stream_writer";
+ tasks = [ ];
+ workerRoutes = workerLib.workerRoutes.pushRules;
+ enabledResources = lib.attrNames workerRoutes;
+in
+{
+ config = lib.mkIf (cfg.pushRuleStreamWriters > 0) {
+ monitoring.synapse.workerNames = lib.map (index: "${workerName}-${toString index}") workers;
+ services.matrix-synapse = {
+ settings = {
+ instance_map = lib.listToAttrs (
+ lib.map (index: {
+ name = "${workerName}-${toString index}";
+ value = {
+ path = "/run/matrix-synapse/${workerName}-${toString index}.sock";
+ };
+ }) workers
+ );
+
+ stream_writers.${streamWriterType} = lib.map (index: "${workerName}-${toString index}") workers;
+ };
+
+ workers = lib.listToAttrs (
+ lib.map (index: {
+ name = "${workerName}-${toString index}";
+ value = {
+ worker_app = "synapse.app.generic_worker";
+ worker_listeners =
+ [
+ {
+ type = "http";
+ path = "/run/matrix-synapse/${workerName}-${toString index}.sock";
+ resources = [
+ {
+ names = [ "replication" ];
+ compress = false;
+ }
+ ];
+ }
+ ]
+ ++ lib.map (type: {
+ type = "http";
+ path = "/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
+ mode = "666";
+ resources = [
+ {
+ names = [ type ];
+ compress = false;
+ }
+ ];
+ }) enabledResources;
+ database = (
+ import ../../db.nix {
+ inherit dbGroup;
+ workerName = "${workerName}-${toString index}";
+ }
+ );
+ };
+ }) workers
+ );
+ };
+
+ services.nginx = {
+ upstreams = lib.listToAttrs (
+ lib.map (type: {
+ name = "${workerName}-${type}";
+ value = {
+ extraConfig = ''
+ keepalive 32;
+ least_conn;
+ '';
+ servers = lib.listToAttrs (
+ lib.map (index: {
+ name = "unix:/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
+ value = {
+ max_fails = 0;
+ fail_timeout = "0s";
+ };
+ }) workers
+ );
+ };
+ }) enabledResources
+ );
+
+ virtualHosts."${cfg.nginxVirtualHostName}".locations = lib.listToAttrs (
+ lib.flatten (
+ lib.forEach enabledResources (
+ type:
+ lib.map (route: {
+ name = route;
+ value = {
+ proxyPass = "http://${workerName}-${type}";
+ extraConfig = ''
+ proxy_http_version 1.1;
+ proxy_set_header Connection "";
+ '';
+ };
+ }) workerRoutes.${type}
+ )
+ )
+ );
+ };
+ };
+}
diff --git a/modules/software-templates/synapse-workers/stream-writers/receipt-stream-writer.nix b/modules/software-templates/synapse-workers/stream-writers/receipt-stream-writer.nix
new file mode 100644
index 0000000..37a5287
--- /dev/null
+++ b/modules/software-templates/synapse-workers/stream-writers/receipt-stream-writer.nix
@@ -0,0 +1,112 @@
+{ config, lib, ... }:
+
+let
+ cfg = config.services.matrix-synapse;
+ workerLib = import ../lib.nix;
+ dbGroup = "medium";
+ streamWriterType = "receipts";
+ workers = lib.range 0 (cfg.receiptStreamWriters - 1);
+ workerName = "receipts_stream_writer";
+ tasks = [ ];
+ workerRoutes = workerLib.workerRoutes.receipts;
+ enabledResources = lib.attrNames workerRoutes;
+in
+{
+ config = lib.mkIf (cfg.receiptStreamWriters > 0) {
+ monitoring.synapse.workerNames = lib.map (index: "${workerName}-${toString index}") workers;
+ services.matrix-synapse = {
+ settings = {
+ instance_map = lib.listToAttrs (
+ lib.map (index: {
+ name = "${workerName}-${toString index}";
+ value = {
+ path = "/run/matrix-synapse/${workerName}-${toString index}.sock";
+ };
+ }) workers
+ );
+
+ stream_writers.${streamWriterType} = lib.map (index: "${workerName}-${toString index}") workers;
+ };
+
+ workers = lib.listToAttrs (
+ lib.map (index: {
+ name = "${workerName}-${toString index}";
+ value = {
+ worker_app = "synapse.app.generic_worker";
+ worker_listeners =
+ [
+ {
+ type = "http";
+ path = "/run/matrix-synapse/${workerName}-${toString index}.sock";
+ resources = [
+ {
+ names = [ "replication" ];
+ compress = false;
+ }
+ ];
+ }
+ ]
+ ++ lib.map (type: {
+ type = "http";
+ path = "/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
+ mode = "666";
+ resources = [
+ {
+ names = [ type ];
+ compress = false;
+ }
+ ];
+ }) enabledResources;
+ database = (
+ import ../../db.nix {
+ inherit dbGroup;
+ workerName = "${workerName}-${toString index}";
+ }
+ );
+ };
+ }) workers
+ );
+ };
+
+ services.nginx = {
+ upstreams = lib.listToAttrs (
+ lib.map (type: {
+ name = "${workerName}-${type}";
+ value = {
+ extraConfig = ''
+ keepalive 32;
+ least_conn;
+ '';
+ servers = lib.listToAttrs (
+ lib.map (index: {
+ name = "unix:/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
+ value = {
+ max_fails = 0;
+ fail_timeout = "0s";
+ };
+ }) workers
+ );
+ };
+ }) enabledResources
+ );
+
+ virtualHosts."${cfg.nginxVirtualHostName}".locations = lib.listToAttrs (
+ lib.flatten (
+ lib.forEach enabledResources (
+ type:
+ lib.map (route: {
+ name = route;
+ value = {
+ proxyPass = "http://${workerName}-${type}";
+ extraConfig = ''
+ proxy_http_version 1.1;
+ proxy_set_header Connection "";
+ '';
+ };
+ }) workerRoutes.${type}
+ )
+ )
+ );
+ };
+ };
+}
diff --git a/modules/software-templates/synapse-workers/stream-writers/to_device-stream-writer.nix b/modules/software-templates/synapse-workers/stream-writers/to_device-stream-writer.nix
new file mode 100644
index 0000000..eb01af9
--- /dev/null
+++ b/modules/software-templates/synapse-workers/stream-writers/to_device-stream-writer.nix
@@ -0,0 +1,112 @@
+{ config, lib, ... }:
+
+let
+ cfg = config.services.matrix-synapse;
+ workerLib = import ../lib.nix;
+ dbGroup = "medium";
+ streamWriterType = "to_device";
+ workers = lib.range 0 (cfg.toDeviceStreamWriters - 1);
+ workerName = "to_device_stream_writer";
+ tasks = [ ];
+ workerRoutes = workerLib.workerRoutes.toDevice;
+ enabledResources = lib.attrNames workerRoutes;
+in
+{
+ config = lib.mkIf (cfg.toDeviceStreamWriters > 0) {
+ monitoring.synapse.workerNames = lib.map (index: "${workerName}-${toString index}") workers;
+ services.matrix-synapse = {
+ settings = {
+ instance_map = lib.listToAttrs (
+ lib.map (index: {
+ name = "${workerName}-${toString index}";
+ value = {
+ path = "/run/matrix-synapse/${workerName}-${toString index}.sock";
+ };
+ }) workers
+ );
+
+ stream_writers.${streamWriterType} = lib.map (index: "${workerName}-${toString index}") workers;
+ };
+
+ workers = lib.listToAttrs (
+ lib.map (index: {
+ name = "${workerName}-${toString index}";
+ value = {
+ worker_app = "synapse.app.generic_worker";
+ worker_listeners =
+ [
+ {
+ type = "http";
+ path = "/run/matrix-synapse/${workerName}-${toString index}.sock";
+ resources = [
+ {
+ names = [ "replication" ];
+ compress = false;
+ }
+ ];
+ }
+ ]
+ ++ lib.map (type: {
+ type = "http";
+ path = "/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
+ mode = "666";
+ resources = [
+ {
+ names = [ type ];
+ compress = false;
+ }
+ ];
+ }) enabledResources;
+ database = (
+ import ../../db.nix {
+ inherit dbGroup;
+ workerName = "${workerName}-${toString index}";
+ }
+ );
+ };
+ }) workers
+ );
+ };
+
+ services.nginx = {
+ upstreams = lib.listToAttrs (
+ lib.map (type: {
+ name = "${workerName}-${type}";
+ value = {
+ extraConfig = ''
+ keepalive 32;
+ least_conn;
+ '';
+ servers = lib.listToAttrs (
+ lib.map (index: {
+ name = "unix:/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
+ value = {
+ max_fails = 0;
+ fail_timeout = "0s";
+ };
+ }) workers
+ );
+ };
+ }) enabledResources
+ );
+
+ virtualHosts."${cfg.nginxVirtualHostName}".locations = lib.listToAttrs (
+ lib.flatten (
+ lib.forEach enabledResources (
+ type:
+ lib.map (route: {
+ name = route;
+ value = {
+ proxyPass = "http://${workerName}-${type}";
+ extraConfig = ''
+ proxy_http_version 1.1;
+ proxy_set_header Connection "";
+ '';
+ };
+ }) workerRoutes.${type}
+ )
+ )
+ );
+ };
+ };
+}
diff --git a/modules/software-templates/synapse-workers/stream-writers/typing-stream-writer.nix b/modules/software-templates/synapse-workers/stream-writers/typing-stream-writer.nix
new file mode 100644
index 0000000..dadc34a
--- /dev/null
+++ b/modules/software-templates/synapse-workers/stream-writers/typing-stream-writer.nix
@@ -0,0 +1,112 @@
+{ config, lib, ... }:
+
+let
+ cfg = config.services.matrix-synapse;
+ workerLib = import ../lib.nix;
+ dbGroup = "medium";
+ streamWriterType = "typing";
+ workers = lib.range 0 (cfg.typingStreamWriters - 1);
+ workerName = "typing_stream_writer";
+ tasks = [ ];
+ workerRoutes = workerLib.workerRoutes.typing;
+ enabledResources = lib.attrNames workerRoutes;
+in
+{
+ config = lib.mkIf (cfg.typingStreamWriters > 0) {
+ monitoring.synapse.workerNames = lib.map (index: "${workerName}-${toString index}") workers;
+ services.matrix-synapse = {
+ settings = {
+ instance_map = lib.listToAttrs (
+ lib.map (index: {
+ name = "${workerName}-${toString index}";
+ value = {
+ path = "/run/matrix-synapse/${workerName}-${toString index}.sock";
+ };
+ }) workers
+ );
+
+ stream_writers.${streamWriterType} = lib.map (index: "${workerName}-${toString index}") workers;
+ };
+
+ workers = lib.listToAttrs (
+ lib.map (index: {
+ name = "${workerName}-${toString index}";
+ value = {
+ worker_app = "synapse.app.generic_worker";
+ worker_listeners =
+ [
+ {
+ type = "http";
+ path = "/run/matrix-synapse/${workerName}-${toString index}.sock";
+ resources = [
+ {
+ names = [ "replication" ];
+ compress = false;
+ }
+ ];
+ }
+ ]
+ ++ lib.map (type: {
+ type = "http";
+ path = "/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
+ mode = "666";
+ resources = [
+ {
+ names = [ type ];
+ compress = false;
+ }
+ ];
+ }) enabledResources;
+ database = (
+ import ../../db.nix {
+ inherit dbGroup;
+ workerName = "${workerName}-${toString index}";
+ }
+ );
+ };
+ }) workers
+ );
+ };
+
+ services.nginx = {
+ upstreams = lib.listToAttrs (
+ lib.map (type: {
+ name = "${workerName}-${type}";
+ value = {
+ extraConfig = ''
+ keepalive 32;
+ least_conn;
+ '';
+ servers = lib.listToAttrs (
+ lib.map (index: {
+ name = "unix:/run/matrix-synapse/${workerName}-${type}-${toString index}.sock";
+ value = {
+ max_fails = 0;
+ fail_timeout = "0s";
+ };
+ }) workers
+ );
+ };
+ }) enabledResources
+ );
+
+ virtualHosts."${cfg.nginxVirtualHostName}".locations = lib.listToAttrs (
+ lib.flatten (
+ lib.forEach enabledResources (
+ type:
+ lib.map (route: {
+ name = route;
+ value = {
+ proxyPass = "http://${workerName}-${type}";
+ extraConfig = ''
+ proxy_http_version 1.1;
+ proxy_set_header Connection "";
+ '';
+ };
+ }) workerRoutes.${type}
+ )
+ )
+ );
+ };
+ };
+}
diff --git a/modules/users/Alice.nix b/modules/users/Alice.nix
index b3a3cb8..7692950 100755
--- a/modules/users/Alice.nix
+++ b/modules/users/Alice.nix
@@ -9,6 +9,8 @@
group = "Alice";
home = "/group/bugmine-contrib";
shell = "${pkgs.git}/bin/git-shell";
- openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPb52m1rnJSffSOJvN6OYkKgK0TmiRKE4SbOKlkT8Tvn" ];
+ openssh.authorizedKeys.keys = [
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPb52m1rnJSffSOJvN6OYkKgK0TmiRKE4SbOKlkT8Tvn"
+ ];
};
}
diff --git a/modules/users/Arci.nix b/modules/users/Arci.nix
new file mode 100644
index 0000000..f5e747d
--- /dev/null
+++ b/modules/users/Arci.nix
@@ -0,0 +1,200 @@
+{ lib, pkgs, ... }:
+
+{
+ users.users.Arci = {
+ isNormalUser = true;
+ extraGroups = [
+ "wheel"
+ "libvirtd"
+ "ocp"
+ ];
+ packages = with pkgs; [
+ lnav
+ age
+ git
+ lsd
+ duf
+ (btop.override { rocmSupport = true; })
+ htop
+ kitty.terminfo
+ tmux
+ jq
+ dig
+
+ # - zsh
+ zsh
+ zsh-powerlevel10k
+ zsh-nix-shell
+ zsh-you-should-use
+ zsh-syntax-highlighting
+ zsh-completions
+
+ wireguard-tools
+ ];
+ openssh.authorizedKeys.keys = [
+ ];
+ useDefaultShell = true;
+ shell = pkgs.zsh;
+ };
+ programs.zsh.enable = true;
+ environment.shells = with pkgs; [ zsh ];
+
+ home-manager.users.Arci = {
+ home.preferXdgDirectories = true;
+ home.sessionVariables = {
+ EDITOR = "nvim";
+ SYSTEMD_EDITOR = "nvim";
+ GIT_EDITOR = "nvim";
+ QT_QPA_PLATFORMTHEME = "xdgdesktopportal";
+ GTK_USE_PORTAL = "1";
+ _JAVA_AWT_WM_NONREPARENTING = "1";
+ WINEDEBUG = "-all";
+ CHOKIDAR_USEPOLLING = "true";
+ MSBUILDLIVELOGGER = "auto";
+ DOTNET_WATCH_SUPPRESS_LAUNCH_BROWSER = "1";
+ DOTNET_CLI_TELEMETRY_OPTOUT = "1";
+ NIXPKGS_ALLOW_UNFREE = "1";
+ MOZ_USE_XINPUT2 = "1";
+ };
+ programs = {
+ git = {
+ enable = true;
+ userName = "Rory&";
+ userEmail = "root@rory.gay";
+ extraConfig = {
+ safe = {
+ directory = "/";
+ };
+ };
+ };
+ zsh = {
+ enable = true;
+ #enableAutosuggestions = true;
+ autosuggestion.enable = true;
+ enableVteIntegration = true;
+ autocd = true;
+
+ initExtraFirst = ''
+ export EDITOR=nvim
+ export SYSTEMD_EDITOR=$EDITOR
+ export GIT_EDITOR=$EDITOR
+ export QT_QPA_PLATFORMTHEME=xdgdesktopportal
+ export GTK_USE_PORTAL=1
+ export _JAVA_AWT_WM_NONREPARENTING=1
+ export WINEDEBUG=-all
+ export DOTPROFILE_LOADED='yes'
+ export CHOKIDAR_USEPOLLING=true
+ export MSBUILDLIVELOGGER=auto
+ export DOTNET_WATCH_SUPPRESS_LAUNCH_BROWSER=1
+ export DOTNET_CLI_TELEMETRY_OPTOUT=1
+ function mkkey() {
+ echo "Making key for $1"
+ ssh-keygen -t ed25519 -C "$HOST -> $1" -f ~/.ssh/id_ed25519_$1
+ (
+ echo "Host $1"
+ echo " IdentityFile ~/.ssh/id_ed25519_$1"
+ ) >> ~/.ssh/config
+ echo 'Done! Public key:'
+ cat ~/.ssh/id_ed25519_$1.pub
+ }
+
+ export DISABLE_AUTO_UPDATE=true
+ COMPLETION_WAITING_DOTS="true"
+ '';
+ initExtra = ''
+ alias mv='mv -v'
+ alias pre='npx prettier -w'
+ alias git-commit='git commit --signoff --sign'
+ alias npm='NODE_OPTIONS=--openssl-legacy-provider npm'
+ alias npx='NODE_OPTIONS=--openssl-legacy-provider npx'
+ alias yarn='NODE_OPTIONS=--openssl-legacy-provider npx -y yarn --use-yarnrc $XDG_CONFIG_HOME/yarn/config'
+ alias node='NODE_OPTIONS=--openssl-legacy-provider node'
+ # - dotnet
+ alias drun='dotnet watch run --no-hot-reload --property WarningLevel=0'
+ alias dbuild='dotnet watch build --no-hot-reload --property WarningLevel=0'
+ alias ls='lsd -lAhF --color=always --icon=always'
+ alias transfetch='neofetch --kitty ~/trans_witch.jpg'
+ alias gc='git-commit'
+ [ -f "$HOME/.profile" ] && . $HOME/.profile
+ '';
+ #alias knconfig='cp .config ../$(date ''+%Y%m%d_%k%M%S\'').config -v; make CC=clang LLVM=1 nconfig'
+ oh-my-zsh = {
+ enable = true;
+ plugins = [
+ "git"
+ "sudo"
+ ];
+ };
+
+ plugins = [
+ {
+ name = "powerlevel10k";
+ src = pkgs.zsh-powerlevel10k;
+ file = "share/zsh-powerlevel10k/powerlevel10k.zsh-theme";
+ }
+ {
+ name = "powerlevel10k-config";
+ src = lib.cleanSource ./Rory;
+ file = "p10k.zsh";
+ }
+ {
+ name = "zsh-syntax-highlighting";
+ src = pkgs.zsh-syntax-highlighting;
+ file = "share/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh";
+ }
+ {
+ name = "zsh-autosuggestions";
+ src = pkgs.zsh-autosuggestions;
+ file = "share/zsh-autosuggestions/zsh-autosuggestions.zsh";
+ }
+ ];
+
+ localVariables = {
+ POWERLEVEL9K_LEFT_PROMPT_ELEMENTS = [
+ "os_icon"
+ "dir"
+ "vcs"
+ "prompt_char"
+ ];
+ POWERLEVEL9K_RIGHT_PROMPT_ELEMENTS = [
+ "status"
+ "command_execution_time"
+ "background_jobs"
+ "direnv"
+ "virtualenv"
+ "pyenv"
+ "nodeenv"
+ "context"
+ "nix_shell"
+ "vi_mode"
+ "load"
+ "disk_usage"
+ "ram"
+ ];
+ POWERLEVEL9K_MODE = "nerdfont-complete";
+ POWERLEVEL9K_ICON_PADDING = "none";
+ POWERLEVEL9K_PROMPT_ADD_NEWLINE = "false";
+ POWERLEVEL9K_LEFT_SUBSEGMENT_SEPARATOR = "\uE0B1";
+ POWERLEVEL9K_RIGHT_SUBSEGMENT_SEPARATOR = "\uE0B3";
+ POWERLEVEL9K_LEFT_SEGMENT_SEPARATOR = "\uE0B0";
+ POWERLEVEL9K_RIGHT_SEGMENT_SEPARATOR = "\uE0B2";
+ POWERLEVEL9K_LEFT_PROMPT_LAST_SEGMENT_END_SYMBOL = "\uE0B0";
+ POWERLEVEL9K_RIGHT_PROMPT_FIRST_SEGMENT_START_SYMBOL = "\uE0B2";
+ POWERLEVEL9K_PROMPT_CHAR_OVERWRITE_STATE = true;
+ };
+ };
+ neovim = {
+ defaultEditor = true;
+ viAlias = true;
+ vimAlias = true;
+ vimdiffAlias = true;
+ coc = {
+ enable = true;
+
+ };
+ };
+ };
+
+ home.stateVersion = "22.11";
+ };
+}
diff --git a/modules/users/Rory.client.nix b/modules/users/Rory.client.nix
index fb6ad88..ede12df 100755
--- a/modules/users/Rory.client.nix
+++ b/modules/users/Rory.client.nix
@@ -35,7 +35,7 @@
#
# Install = { WantedBy = [ "default.target" ]; };
#
- # Service = {
+ # Service = {
# ExecStart = "${pkgs.keepassxc}/bin/keepassxc ~/.secrets.kdbx";
# Restart = "always";
# };
@@ -50,7 +50,7 @@
#
# Install = { WantedBy = [ "default.target" ]; };
#
- # Service = {
+ # Service = {
# ExecStart = "${pkgs.easyeffects}/bin/easyeffects";
# Restart = "always";
# };
diff --git a/modules/users/Rory.nix b/modules/users/Rory.nix
index a1007fc..9667a3b 100755
--- a/modules/users/Rory.nix
+++ b/modules/users/Rory.nix
@@ -7,6 +7,7 @@
"wheel"
"libvirtd"
"ocp"
+ "networkmanager"
];
packages = with pkgs; [
lnav
@@ -14,7 +15,7 @@
git
lsd
duf
- (btop.override { rocmSupport = true; })
+ btop
htop
kitty.terminfo
tmux
@@ -35,6 +36,7 @@
#"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICT+53Hy3wbIlNVIomK2RroaimMWrTlUkndjHt1dFuyh root@pfSense-arcane-home.localdomain"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILF2IuNu//0DP/wKMuDvBgVT3YBS2uULsipbdrhJCTM7 thearcanebrony@tab-linux-desktop"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN/kNkY/E5b6rvCQLMaSbpLQ/xoyywIwVVu9uo2j/B6p Rory@RoryNix"
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK0SOsjSqU9nIVH2hdB81InGytIRrBvjC4QqM7g+hBZX Rory@Arc"
];
useDefaultShell = true;
shell = pkgs.zsh;
@@ -42,6 +44,13 @@
programs.zsh.enable = true;
environment.shells = with pkgs; [ zsh ];
+ virtualisation.vmVariant = {
+ users = {
+ mutableUsers = false;
+ users.Rory.password = "password";
+ };
+ };
+
home-manager.users.Rory = {
home.preferXdgDirectories = true;
home.sessionVariables = {
@@ -77,7 +86,7 @@
enableVteIntegration = true;
autocd = true;
- initExtraFirst = ''
+ initContent = lib.mkBefore ''
export EDITOR=nvim
export SYSTEMD_EDITOR=$EDITOR
export GIT_EDITOR=$EDITOR
@@ -116,8 +125,15 @@
alias drun='dotnet watch run --no-hot-reload --property WarningLevel=0'
alias dbuild='dotnet watch build --no-hot-reload --property WarningLevel=0'
alias ls='lsd -lAhF --color=always --icon=always'
- alias transfetch='neofetch --kitty ~/trans_witch.jpg'
+ alias tree='lsd --tree'
+ alias lstree='ls --tree --total-size --sort=size'
+ #alias transfetch='neofetch --kitty ~/trans_witch.jpg'
alias gc='git-commit'
+ alias yt-dlp='nix run ${pkgs.path}\#yt-dlp --'
+ alias ytdl='nix run ${pkgs.path}\#yt-dlp -- -k --console-title --print-traffic'
+ alias ytdl-mp3='nix run ${pkgs.path}\#yt-dlp -- -k --console-title --print-traffic -x --audio-quality 0 --audio-format mp3 -i'
+ alias ytdl-mp3l='nix run ${pkgs.path}\#yt-dlp -- --console-title -x --audio-quality 0 --audio-format mp3 -o "%%(playlist)s/%%(playlist_index)s. %%(title)s.%%(ext)s" --download-archive archive.txt --embed-thumbnail --add-metadata -R 100 --http-chunk-size 64M --buffer-size 64M -i'
+
[ -f "$HOME/.profile" ] && . $HOME/.profile
'';
#alias knconfig='cp .config ../$(date ''+%Y%m%d_%k%M%S\'').config -v; make CC=clang LLVM=1 nconfig'
@@ -193,7 +209,6 @@
vimdiffAlias = true;
coc = {
enable = true;
-
};
};
};
diff --git a/modules/users/chris.nix b/modules/users/chris.nix
index 9df69a8..43399ac 100755
--- a/modules/users/chris.nix
+++ b/modules/users/chris.nix
@@ -4,12 +4,17 @@
users.users.chris = {
isNormalUser = true;
- extraGroups = [ "wheel" ];
+ extraGroups = [
+ "wheel"
+ "dialout"
+ ];
packages = with pkgs; [
nano
#nodejs-slim
];
#initialPassword = "password";
- openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMd9U0+wKjBG3Q9Qg249xJY+ybYeRV9/VMPjuwKvFBEI" ];
+ openssh.authorizedKeys.keys = [
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMd9U0+wKjBG3Q9Qg249xJY+ybYeRV9/VMPjuwKvFBEI"
+ ];
};
}
diff --git a/modules/users/db2k.nix b/modules/users/db2k.nix
index 8bc43e2..3e5addb 100755
--- a/modules/users/db2k.nix
+++ b/modules/users/db2k.nix
@@ -8,6 +8,8 @@
group = "db2k";
home = "/data/nginx/html_git/.ocp";
shell = "${pkgs.git}/bin/git-shell";
- openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMfXA4Oh0LZqY8LAS/lnANKVDBlemHGPWdtep1GE/LId garyzipperer09@gmail.com" ];
+ openssh.authorizedKeys.keys = [
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMfXA4Oh0LZqY8LAS/lnANKVDBlemHGPWdtep1GE/LId garyzipperer09@gmail.com"
+ ];
};
}
diff --git a/modules/users/ks.nix b/modules/users/ks.nix
index 0e2d36c..ea2eb10 100755
--- a/modules/users/ks.nix
+++ b/modules/users/ks.nix
@@ -9,7 +9,9 @@
"ocp"
];
#initialPassword = "password";
- openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPUDh1WPUF6mPQ1E38ozUjY/DZhEbwZL37eZ51DgpuLo ks" ];
+ openssh.authorizedKeys.keys = [
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPUDh1WPUF6mPQ1E38ozUjY/DZhEbwZL37eZ51DgpuLo ks"
+ ];
};
home-manager.users.ks = {
diff --git a/modules/packages/dotnet-pack.nix b/packages/dotnet-pack.nix
index 0e4a9b4..0e4a9b4 100644
--- a/modules/packages/dotnet-pack.nix
+++ b/packages/dotnet-pack.nix
diff --git a/modules/packages/gitfs.nix b/packages/gitfs.nix
index 728e836..728e836 100755
--- a/modules/packages/gitfs.nix
+++ b/packages/gitfs.nix
diff --git a/packages/matrix-spec.nix b/packages/matrix-spec.nix
new file mode 100644
index 0000000..01475bf
--- /dev/null
+++ b/packages/matrix-spec.nix
@@ -0,0 +1,52 @@
+{
+ lib,
+ stdenv,
+ fetchFromGitHub,
+ buildGoModule,
+ hugo,
+ cacert,
+
+ pkgs,
+
+ matrixSpecSrc
+}:
+let
+ src = matrixSpecSrc;
+
+ version = src.shortRev or (builtins.substring 0 7 src.dirtyRev);
+ rev = src.rev or src.dirtyRev;
+in
+buildGoModule {
+ inherit version;
+ pname = "matrix-spec";
+ src = src;
+ vendorHash = "sha256-4f04IS76JtH+I4Xpu6gF8JQSO3TM7p56mCs8BwyPo8U=";
+ buildInputs = [ cacert ];
+
+ nativeBuildInputs = [ hugo ];
+ # Nix doesn't play well with Hugo's "GitInfo" module, so disable it and inject
+ # the revision from the flake.
+ postPatch = ''
+# substituteInPlace ./site/layouts/shortcodes/gitinfo.html \
+# --replace "{{ .Page.GitInfo.Hash }}" "${rev}"
+
+# substituteInPlace ./config/_default/config.yaml \
+# --replace "enableGitInfo: true" "enableGitInfo: false"
+ ${lib.getExe pkgs.lsd} -lAh .
+ '';
+
+ # Generate the Hugo site before building the Go application which embeds the
+ # built site.
+ preBuild = ''
+ hugo --minify --gc --cleanDestinationDir -d spec
+ '';
+
+ ldflags = [ "-X main.commit=${rev}" ];
+
+ # Rename the main executable in the output directory
+ postInstall = ''
+ mv $out/bin/jnsgr.uk $out/bin/jnsgruk
+ '';
+
+ meta.mainProgram = "jnsgruk";
+}
diff --git a/modules/packages/mtxclient-git.nix b/packages/mtxclient-git.nix
index 2392312..2392312 100644
--- a/modules/packages/mtxclient-git.nix
+++ b/packages/mtxclient-git.nix
diff --git a/packages/nbtexplorer.nix b/packages/nbtexplorer.nix
new file mode 100644
index 0000000..567ba53
--- /dev/null
+++ b/packages/nbtexplorer.nix
@@ -0,0 +1,39 @@
+{
+ lib,
+ stdenvNoCC,
+ fetchFromGitHub,
+ dotnetPackages,
+ msbuild,
+ makeWrapper,
+ mono,
+ libGL,
+ gtk2,
+}:
+
+stdenvNoCC.mkDerivation rec {
+ pname = "nbt-explorer";
+ version = "2.8.0-win";
+
+ src = fetchFromGitHub {
+ owner = "jaquadro";
+ repo = "NBTExplorer";
+ rev = "v${version}";
+ hash = "sha256-uOoELun0keFYN1N2/a1IkCP1AZQvfDLiUdrLxxrhE/A=";
+ #buildCommand = ''
+ # touch $out
+ #'';
+ };
+
+ buildCommand = ''
+ touch $out
+ '';
+
+ meta = with lib; {
+ description = "A graphical NBT editor for all Minecraft NBT data sources";
+ homepage = "https://github.com/jaquadro/NBTExplorer.git";
+ license = licenses.mit;
+ maintainers = with maintainers; [ ];
+ mainProgram = "nbt-explorer";
+ platforms = platforms.all;
+ };
+}
diff --git a/modules/packages/nginx/mime.types b/packages/nginx/mime.types
index 3ac8468..3ac8468 100644
--- a/modules/packages/nginx/mime.types
+++ b/packages/nginx/mime.types
diff --git a/modules/packages/nheko-git.nix b/packages/nheko-git.nix
index c392d2f..c392d2f 100644
--- a/modules/packages/nheko-git.nix
+++ b/packages/nheko-git.nix
diff --git a/modules/packages/overlays/haskell/basement/IntWord64.nix b/packages/overlays/haskell/basement/IntWord64.nix
index d407bf0..d407bf0 100644
--- a/modules/packages/overlays/haskell/basement/IntWord64.nix
+++ b/packages/overlays/haskell/basement/IntWord64.nix
diff --git a/modules/packages/overlays/haskell/basement/IntWord64.patch b/packages/overlays/haskell/basement/IntWord64.patch
index 0d1cdf7..0d1cdf7 100644
--- a/modules/packages/overlays/haskell/basement/IntWord64.patch
+++ b/packages/overlays/haskell/basement/IntWord64.patch
diff --git a/packages/overlays/jetbrains-plugins.nix b/packages/overlays/jetbrains-plugins.nix
new file mode 100644
index 0000000..50eb061
--- /dev/null
+++ b/packages/overlays/jetbrains-plugins.nix
@@ -0,0 +1,75 @@
+{ ... }:
+{
+ nixpkgs.overlays = [
+ (
+ # https://github.com/NixOS/nixpkgs/issues/400317
+ self: super:
+ let
+ file = "https://plugins.jetbrains.com/files/17718/743191/github-copilot-intellij-1.5.45-243.zip";
+ id = "17718";
+ in
+ {
+ jetbrains = super.lib.recursiveUpdate super.jetbrains {
+ plugins.github-copilot-fixed = super.stdenv.mkDerivation {
+ name = "jetbrains-plugin-${id}";
+ installPhase = ''
+ runHook preInstall
+ mkdir -p $out && cp -r . $out
+ runHook postInstall
+ '';
+ src = super.fetchzip {
+ url = "https://plugins.jetbrains.com/files/17718/743191/github-copilot-intellij-1.5.45-243.zip";
+ hash = "sha256-wSIGsDmgZV8o6F9ekf84b06Ul16rw+wXdQx/X4D/rCI=";
+ executable = false;
+ };
+
+ # prelude
+ # (function(process, require, console, EXECPATH_FD, PAYLOAD_POSITION, PAYLOAD_SIZE) { return (function (REQUIRE_COMMON, VIRTUAL_FILESYSTEM, DEFAULT_ENTRYPOINT, SYMLINKS, DICT, DOCOMPRESS) {
+ # payload
+ # grep -aobUam1 $'\x1f\x8b\x08\x00' copilot-language-server
+
+ buildPhase = ''
+ agent='copilot-agent/native/${super.lib.toLower super.stdenv.hostPlatform.uname.system}${
+ {
+ x86_64 = "-x64";
+ aarch64 = "-arm64";
+ }
+ .${super.stdenv.hostPlatform.uname.processor} or ""
+ }/copilot-language-server'
+
+ # Helper: find the offset of the payload by matching gzip magic bytes
+ find_payload_offset() {
+ grep -aobUam1 -f <(printf '\x1f\x8b\x08\x00') "$agent" | cut -d: -f1
+ }
+
+ # Helper: find the offset of the prelude by searching for function string start
+ find_prelude_offset() {
+ local prelude_string='(function(process, require, console, EXECPATH_FD, PAYLOAD_POSITION, PAYLOAD_SIZE) {'
+ grep -obUa -- "$prelude_string" "$agent" | cut -d: -f1
+ }
+
+ before_payload_position="$(find_payload_offset)"
+ before_prelude_position="$(find_prelude_offset)"
+
+ patchelf --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" $agent
+ patchelf --set-rpath ${
+ super.lib.makeLibraryPath [
+ super.glibc
+ super.gcc-unwrapped
+ ]
+ } $agent
+ chmod +x $agent
+
+ after_payload_position="$(find_payload_offset)"
+ after_prelude_position="$(find_prelude_offset)"
+
+ # There are hardcoded positions in the binary, then it replaces the placeholders by himself
+ sed -i -e "s/$before_payload_position/$after_payload_position/g" "$agent"
+ sed -i -e "s/$before_prelude_position/$after_prelude_position/g" "$agent"
+ '';
+ };
+ };
+ }
+ )
+ ];
+}
diff --git a/packages/overlays/lldb.nix b/packages/overlays/lldb.nix
new file mode 100644
index 0000000..d76a34a
--- /dev/null
+++ b/packages/overlays/lldb.nix
@@ -0,0 +1,10 @@
+{ ... }:
+{
+ nixpkgs.overlays = [
+ (final: prev: {
+ lldb = prev.lldb.overrideAttrs (old: {
+ dontCheckForBrokenSymlinks = true;
+ });
+ })
+ ];
+}
diff --git a/packages/overlays/matrix-synapse/patches/0001-Hotfix-ignore-rejected-events-in-delayed_events.patch b/packages/overlays/matrix-synapse/patches/0001-Hotfix-ignore-rejected-events-in-delayed_events.patch
new file mode 100644
index 0000000..10bda30
--- /dev/null
+++ b/packages/overlays/matrix-synapse/patches/0001-Hotfix-ignore-rejected-events-in-delayed_events.patch
@@ -0,0 +1,31 @@
+From c9685b56adfec0f8917e2a04b792519c57f0baa4 Mon Sep 17 00:00:00 2001
+From: Rory& <root@rory.gay>
+Date: Sun, 20 Apr 2025 00:30:29 +0200
+Subject: [PATCH 01/10] Hotfix: ignore rejected events in delayed_events
+
+---
+ synapse/handlers/delayed_events.py | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/synapse/handlers/delayed_events.py b/synapse/handlers/delayed_events.py
+index 80cb1cec9b..cb2a34ff73 100644
+--- a/synapse/handlers/delayed_events.py
++++ b/synapse/handlers/delayed_events.py
+@@ -208,8 +208,13 @@ class DelayedEventsHandler:
+ )
+
+ event = await self._store.get_event(
+- delta.event_id, check_room_id=delta.room_id
++ delta.event_id, check_room_id=delta.room_id, allow_rejected=True, allow_none=True
+ )
++
++ if event is None or event.rejected_reason is not None:
++ # This event has been rejected, so we don't want to cancel any delayed events for it.
++ continue
++
+ sender = UserID.from_string(event.sender)
+
+ next_send_ts = await self._store.cancel_delayed_state_events(
+--
+2.49.0
+
diff --git a/packages/overlays/matrix-synapse/patches/0002-Add-too-much-logging-to-room-summary-over-federation.patch b/packages/overlays/matrix-synapse/patches/0002-Add-too-much-logging-to-room-summary-over-federation.patch
new file mode 100644
index 0000000..8441823
--- /dev/null
+++ b/packages/overlays/matrix-synapse/patches/0002-Add-too-much-logging-to-room-summary-over-federation.patch
@@ -0,0 +1,77 @@
+From 12f5c44e7d1cedc9f11402fc5c06ce54a8c24915 Mon Sep 17 00:00:00 2001
+From: Rory& <root@rory.gay>
+Date: Wed, 23 Apr 2025 17:53:52 +0200
+Subject: [PATCH 02/10] Add too much logging to room summary over federation
+
+Signed-off-by: Rory& <root@rory.gay>
+---
+ synapse/handlers/room_summary.py | 40 ++++++++++++++++++++++++++++----
+ 1 file changed, 36 insertions(+), 4 deletions(-)
+
+diff --git a/synapse/handlers/room_summary.py b/synapse/handlers/room_summary.py
+index 91b131d09b..6e64930682 100644
+--- a/synapse/handlers/room_summary.py
++++ b/synapse/handlers/room_summary.py
+@@ -700,23 +700,55 @@ class RoomSummaryHandler:
+ """
+ # The API doesn't return the room version so assume that a
+ # join rule of knock is valid.
++ join_rule = room.get("join_rule")
++ world_readable = room.get("world_readable")
++
++ logger.warning(
++ "[EMMA] Checking if room %s is accessible to %s: join_rule=%s, world_readable=%s",
++ room_id, requester, join_rule, world_readable
++ )
++
+ if (
+- room.get("join_rule", JoinRules.PUBLIC)
+- in (JoinRules.PUBLIC, JoinRules.KNOCK, JoinRules.KNOCK_RESTRICTED)
+- or room.get("world_readable") is True
++ join_rule in (JoinRules.PUBLIC, JoinRules.KNOCK, JoinRules.KNOCK_RESTRICTED)
++ or world_readable is True
+ ):
+ return True
+- elif not requester:
++ else:
++ logger.warning(
++ "[EMMA] Room %s is not accessible to %s: join_rule=%s, world_readable=%s, join_rule result=%s, world_readable result=%s",
++ room_id, requester, join_rule, world_readable,
++ join_rule in (JoinRules.PUBLIC, JoinRules.KNOCK, JoinRules.KNOCK_RESTRICTED),
++ world_readable is True
++ )
++
++ if not requester:
++ logger.warning(
++ "[EMMA] No requester, so room %s is not accessible",
++ room_id
++ )
+ return False
++
+
+ # Check if the user is a member of any of the allowed rooms from the response.
+ allowed_rooms = room.get("allowed_room_ids")
++ logger.warning(
++ "[EMMA] Checking if room %s is in allowed rooms for %s: join_rule=%s, allowed_rooms=%s",
++ requester,
++ room_id,
++ join_rule,
++ allowed_rooms
++ )
+ if allowed_rooms and isinstance(allowed_rooms, list):
+ if await self._event_auth_handler.is_user_in_rooms(
+ allowed_rooms, requester
+ ):
+ return True
+
++ logger.warning(
++ "[EMMA] Checking if room %s is accessble to %s via local state",
++ room_id,
++ requester
++ )
+ # Finally, check locally if we can access the room. The user might
+ # already be in the room (if it was a child room), or there might be a
+ # pending invite, etc.
+--
+2.49.0
+
diff --git a/packages/overlays/matrix-synapse/patches/0003-Log-entire-room-if-accessibility-check-fails.patch b/packages/overlays/matrix-synapse/patches/0003-Log-entire-room-if-accessibility-check-fails.patch
new file mode 100644
index 0000000..e1676c6
--- /dev/null
+++ b/packages/overlays/matrix-synapse/patches/0003-Log-entire-room-if-accessibility-check-fails.patch
@@ -0,0 +1,28 @@
+From feb88e251b0a7402095643444710f160b9e73daa Mon Sep 17 00:00:00 2001
+From: Rory& <root@rory.gay>
+Date: Wed, 23 Apr 2025 18:24:57 +0200
+Subject: [PATCH 03/10] Log entire room if accessibility check fails
+
+Signed-off-by: Rory& <root@rory.gay>
+---
+ synapse/handlers/room_summary.py | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/synapse/handlers/room_summary.py b/synapse/handlers/room_summary.py
+index 6e64930682..1c39cfed1b 100644
+--- a/synapse/handlers/room_summary.py
++++ b/synapse/handlers/room_summary.py
+@@ -916,6 +916,10 @@ class RoomSummaryHandler:
+ if not room_entry or not await self._is_remote_room_accessible(
+ requester, room_entry.room_id, room_entry.room
+ ):
++ logger.warning(
++ "[Emma] Room entry contents: %s",
++ room_entry.room if room_entry else None
++ )
+ raise NotFoundError("Room not found or is not accessible")
+
+ room = dict(room_entry.room)
+--
+2.49.0
+
diff --git a/packages/overlays/matrix-synapse/patches/0004-Log-policy-server-rejected-events.patch b/packages/overlays/matrix-synapse/patches/0004-Log-policy-server-rejected-events.patch
new file mode 100644
index 0000000..63903f1
--- /dev/null
+++ b/packages/overlays/matrix-synapse/patches/0004-Log-policy-server-rejected-events.patch
@@ -0,0 +1,30 @@
+From d06fbc3b1b6158a1e3805d3dd282427268dea01a Mon Sep 17 00:00:00 2001
+From: Rory& <root@rory.gay>
+Date: Tue, 27 May 2025 05:21:46 +0200
+Subject: [PATCH 04/10] Log policy server rejected events
+
+---
+ synapse/handlers/room_policy.py | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/synapse/handlers/room_policy.py b/synapse/handlers/room_policy.py
+index dcfebb128c..3a83c4d6ec 100644
+--- a/synapse/handlers/room_policy.py
++++ b/synapse/handlers/room_policy.py
+@@ -84,6 +84,13 @@ class RoomPolicyHandler:
+ policy_server, event
+ )
+ if recommendation != RECOMMENDATION_OK:
++ logger.info(
++ "[POLICY] Policy server %s recommended not to allow event %s in room %s: %s",
++ policy_server,
++ event.event_id,
++ event.room_id,
++ recommendation,
++ )
+ return False
+
+ return True # default allow
+--
+2.49.0
+
diff --git a/packages/overlays/matrix-synapse/patches/0005-Use-parse_boolean-for-unredacted-content.patch b/packages/overlays/matrix-synapse/patches/0005-Use-parse_boolean-for-unredacted-content.patch
new file mode 100644
index 0000000..bfb3e75
--- /dev/null
+++ b/packages/overlays/matrix-synapse/patches/0005-Use-parse_boolean-for-unredacted-content.patch
@@ -0,0 +1,29 @@
+From 9c3f28c68cb89e81a98561e0898b00c43a280a65 Mon Sep 17 00:00:00 2001
+From: Rory& <root@rory.gay>
+Date: Tue, 27 May 2025 06:14:26 +0200
+Subject: [PATCH 05/10] Use parse_boolean for unredacted content
+
+---
+ synapse/rest/client/room.py | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/synapse/rest/client/room.py b/synapse/rest/client/room.py
+index bb41575d46..63ea52baf8 100644
+--- a/synapse/rest/client/room.py
++++ b/synapse/rest/client/room.py
+@@ -914,10 +914,9 @@ class RoomEventServlet(RestServlet):
+ requester = await self.auth.get_user_by_req(request, allow_guest=True)
+
+ include_unredacted_content = self.msc2815_enabled and (
+- parse_string(
++ parse_boolean(
+ request,
+- "fi.mau.msc2815.include_unredacted_content",
+- allowed_values=("true", "false"),
++ "fi.mau.msc2815.include_unredacted_content"
+ )
+ == "true"
+ )
+--
+2.49.0
+
diff --git a/packages/overlays/matrix-synapse/patches/0006-Expose-tombstone-in-room-admin-api.patch b/packages/overlays/matrix-synapse/patches/0006-Expose-tombstone-in-room-admin-api.patch
new file mode 100644
index 0000000..c12912e
--- /dev/null
+++ b/packages/overlays/matrix-synapse/patches/0006-Expose-tombstone-in-room-admin-api.patch
@@ -0,0 +1,114 @@
+From 23c042aead65385a500be6e671ddd0e942a7e864 Mon Sep 17 00:00:00 2001
+From: Rory& <root@rory.gay>
+Date: Tue, 27 May 2025 06:37:52 +0200
+Subject: [PATCH 06/10] Expose tombstone in room admin api
+
+---
+ synapse/rest/admin/rooms.py | 5 ++++
+ synapse/rest/client/room.py | 1 -
+ synapse/storage/databases/main/room.py | 36 +++++++++++++++++++++++++-
+ 3 files changed, 40 insertions(+), 2 deletions(-)
+
+diff --git a/synapse/rest/admin/rooms.py b/synapse/rest/admin/rooms.py
+index f8c5bf18d4..adac1f0362 100644
+--- a/synapse/rest/admin/rooms.py
++++ b/synapse/rest/admin/rooms.py
+@@ -251,6 +251,10 @@ class ListRoomRestServlet(RestServlet):
+ direction = parse_enum(request, "dir", Direction, default=Direction.FORWARDS)
+ reverse_order = True if direction == Direction.BACKWARDS else False
+
++ emma_include_tombstone = parse_boolean(
++ request, "emma_include_tombstone", default=False
++ )
++
+ # Return list of rooms according to parameters
+ rooms, total_rooms = await self.store.get_rooms_paginate(
+ start,
+@@ -260,6 +264,7 @@ class ListRoomRestServlet(RestServlet):
+ search_term,
+ public_rooms,
+ empty_rooms,
++ emma_include_tombstone = emma_include_tombstone
+ )
+
+ response = {
+diff --git a/synapse/rest/client/room.py b/synapse/rest/client/room.py
+index 63ea52baf8..38230de0de 100644
+--- a/synapse/rest/client/room.py
++++ b/synapse/rest/client/room.py
+@@ -918,7 +918,6 @@ class RoomEventServlet(RestServlet):
+ request,
+ "fi.mau.msc2815.include_unredacted_content"
+ )
+- == "true"
+ )
+ if include_unredacted_content and not await self.auth.is_server_admin(
+ requester
+diff --git a/synapse/storage/databases/main/room.py b/synapse/storage/databases/main/room.py
+index 1df06a5171..347dbbba6b 100644
+--- a/synapse/storage/databases/main/room.py
++++ b/synapse/storage/databases/main/room.py
+@@ -610,6 +610,7 @@ class RoomWorkerStore(CacheInvalidationWorkerStore):
+ search_term: Optional[str],
+ public_rooms: Optional[bool],
+ empty_rooms: Optional[bool],
++ emma_include_tombstone: bool = False,
+ ) -> Tuple[List[Dict[str, Any]], int]:
+ """Function to retrieve a paginated list of rooms as json.
+
+@@ -629,6 +630,7 @@ class RoomWorkerStore(CacheInvalidationWorkerStore):
+ If true, empty rooms are queried.
+ if false, empty rooms are excluded from the query. When it is
+ none (the default), both empty rooms and none-empty rooms are queried.
++ emma_include_tombstone: If true, include tombstone events in the results.
+ Returns:
+ A list of room dicts and an integer representing the total number of
+ rooms that exist given this query
+@@ -797,11 +799,43 @@ class RoomWorkerStore(CacheInvalidationWorkerStore):
+ room_count = cast(Tuple[int], txn.fetchone())
+ return rooms, room_count[0]
+
+- return await self.db_pool.runInteraction(
++ result = await self.db_pool.runInteraction(
+ "get_rooms_paginate",
+ _get_rooms_paginate_txn,
+ )
+
++ if emma_include_tombstone:
++ room_id_sql, room_id_args = make_in_list_sql_clause(
++ self.database_engine, "cse.room_id", [r["room_id"] for r in result[0]]
++ )
++
++ tombstone_sql = """
++ SELECT cse.room_id, cse.event_id, ej.json
++ FROM current_state_events cse
++ JOIN event_json ej USING (event_id)
++ WHERE cse.type = 'm.room.tombstone'
++ AND {room_id_sql}
++ """.format(
++ room_id_sql=room_id_sql
++ )
++
++ def _get_tombstones_txn(
++ txn: LoggingTransaction,
++ ) -> Dict[str, JsonDict]:
++ txn.execute(tombstone_sql, room_id_args)
++ for room_id, event_id, json in txn:
++ for result_room in result[0]:
++ if result_room["room_id"] == room_id:
++ result_room["gay.rory.synapse_admin_extensions.tombstone"] = db_to_json(json)
++ break
++ return result[0], result[1]
++
++ result = await self.db_pool.runInteraction(
++ "get_rooms_tombstones", _get_tombstones_txn,
++ )
++
++ return result
++
+ @cached(max_entries=10000)
+ async def get_ratelimit_for_user(self, user_id: str) -> Optional[RatelimitOverride]:
+ """Check if there are any overrides for ratelimiting for the given user
+--
+2.49.0
+
diff --git a/packages/overlays/matrix-synapse/patches/0007-fix-Always-recheck-messages-pagination-data-if-a-bac.patch b/packages/overlays/matrix-synapse/patches/0007-fix-Always-recheck-messages-pagination-data-if-a-bac.patch
new file mode 100644
index 0000000..4ebc20c
--- /dev/null
+++ b/packages/overlays/matrix-synapse/patches/0007-fix-Always-recheck-messages-pagination-data-if-a-bac.patch
@@ -0,0 +1,204 @@
+From 99b146825a1a8257d05440ae3e331c68b8e1575a Mon Sep 17 00:00:00 2001
+From: Jason Little <j.little@famedly.com>
+Date: Wed, 30 Apr 2025 09:29:42 -0500
+Subject: [PATCH 07/10] fix: Always recheck `/messages` pagination data if a
+ backfill might have been needed (#28)
+
+---
+ synapse/handlers/federation.py | 35 +++++++++++++--------------------
+ synapse/handlers/pagination.py | 36 +++++++++++++++++++---------------
+ 2 files changed, 34 insertions(+), 37 deletions(-)
+
+diff --git a/synapse/handlers/federation.py b/synapse/handlers/federation.py
+index a6de3e824d..ff751d25f6 100644
+--- a/synapse/handlers/federation.py
++++ b/synapse/handlers/federation.py
+@@ -211,7 +211,7 @@ class FederationHandler:
+ @tag_args
+ async def maybe_backfill(
+ self, room_id: str, current_depth: int, limit: int, record_time: bool = True
+- ) -> bool:
++ ) -> None:
+ """Checks the database to see if we should backfill before paginating,
+ and if so do.
+
+@@ -225,8 +225,6 @@ class FederationHandler:
+ should back paginate.
+ record_time: Whether to record the time it takes to backfill.
+
+- Returns:
+- True if we actually tried to backfill something, otherwise False.
+ """
+ # Starting the processing time here so we can include the room backfill
+ # linearizer lock queue in the timing
+@@ -252,7 +250,7 @@ class FederationHandler:
+ limit: int,
+ *,
+ processing_start_time: Optional[int],
+- ) -> bool:
++ ) -> None:
+ """
+ Checks whether the `current_depth` is at or approaching any backfill
+ points in the room and if so, will backfill. We only care about
+@@ -326,7 +324,7 @@ class FederationHandler:
+ limit=1,
+ )
+ if not have_later_backfill_points:
+- return False
++ return None
+
+ logger.debug(
+ "_maybe_backfill_inner: all backfill points are *after* current depth. Trying again with later backfill points."
+@@ -346,15 +344,15 @@ class FederationHandler:
+ )
+ # We return `False` because we're backfilling in the background and there is
+ # no new events immediately for the caller to know about yet.
+- return False
++ return None
+
+ # Even after recursing with `MAX_DEPTH`, we didn't find any
+ # backward extremities to backfill from.
+ if not sorted_backfill_points:
+ logger.debug(
+- "_maybe_backfill_inner: Not backfilling as no backward extremeties found."
++ "_maybe_backfill_inner: Not backfilling as no backward extremities found."
+ )
+- return False
++ return None
+
+ # If we're approaching an extremity we trigger a backfill, otherwise we
+ # no-op.
+@@ -373,7 +371,7 @@ class FederationHandler:
+ current_depth,
+ limit,
+ )
+- return False
++ return None
+
+ # For performance's sake, we only want to paginate from a particular extremity
+ # if we can actually see the events we'll get. Otherwise, we'd just spend a lot
+@@ -441,7 +439,7 @@ class FederationHandler:
+ logger.debug(
+ "_maybe_backfill_inner: found no extremities which would be visible"
+ )
+- return False
++ return None
+
+ logger.debug(
+ "_maybe_backfill_inner: extremities_to_request %s", extremities_to_request
+@@ -464,7 +462,7 @@ class FederationHandler:
+ )
+ )
+
+- async def try_backfill(domains: StrCollection) -> bool:
++ async def try_backfill(domains: StrCollection) -> None:
+ # TODO: Should we try multiple of these at a time?
+
+ # Number of contacted remote homeservers that have denied our backfill
+@@ -487,7 +485,7 @@ class FederationHandler:
+ # If this succeeded then we probably already have the
+ # appropriate stuff.
+ # TODO: We can probably do something more intelligent here.
+- return True
++ return None
+ except NotRetryingDestination as e:
+ logger.info("_maybe_backfill_inner: %s", e)
+ continue
+@@ -511,7 +509,7 @@ class FederationHandler:
+ )
+ denied_count += 1
+ if denied_count >= max_denied_count:
+- return False
++ return None
+ continue
+
+ logger.info("Failed to backfill from %s because %s", dom, e)
+@@ -527,7 +525,7 @@ class FederationHandler:
+ )
+ denied_count += 1
+ if denied_count >= max_denied_count:
+- return False
++ return None
+ continue
+
+ logger.info("Failed to backfill from %s because %s", dom, e)
+@@ -539,7 +537,7 @@ class FederationHandler:
+ logger.exception("Failed to backfill from %s because %s", dom, e)
+ continue
+
+- return False
++ return None
+
+ # If we have the `processing_start_time`, then we can make an
+ # observation. We wouldn't have the `processing_start_time` in the case
+@@ -551,14 +549,9 @@ class FederationHandler:
+ (processing_end_time - processing_start_time) / 1000
+ )
+
+- success = await try_backfill(likely_domains)
+- if success:
+- return True
+-
+ # TODO: we could also try servers which were previously in the room, but
+ # are no longer.
+-
+- return False
++ return await try_backfill(likely_domains)
+
+ async def send_invite(self, target_host: str, event: EventBase) -> EventBase:
+ """Sends the invite to the remote server for signing.
+diff --git a/synapse/handlers/pagination.py b/synapse/handlers/pagination.py
+index 4070b74b7a..81cda38549 100644
+--- a/synapse/handlers/pagination.py
++++ b/synapse/handlers/pagination.py
+@@ -577,27 +577,31 @@ class PaginationHandler:
+ or missing_too_many_events
+ or not_enough_events_to_fill_response
+ ):
+- did_backfill = await self.hs.get_federation_handler().maybe_backfill(
++ # Historical Note: There used to be a check here for if backfill was
++ # successful or not
++ await self.hs.get_federation_handler().maybe_backfill(
+ room_id,
+ curr_topo,
+ limit=pagin_config.limit,
+ )
+
+- # If we did backfill something, refetch the events from the database to
+- # catch anything new that might have been added since we last fetched.
+- if did_backfill:
+- (
+- events,
+- next_key,
+- _,
+- ) = await self.store.paginate_room_events_by_topological_ordering(
+- room_id=room_id,
+- from_key=from_token.room_key,
+- to_key=to_room_key,
+- direction=pagin_config.direction,
+- limit=pagin_config.limit,
+- event_filter=event_filter,
+- )
++ # Regardless if we backfilled or not, another worker or even a
++ # simultaneous request may have backfilled for us while we were held
++ # behind the linearizer. This should not have too much additional
++ # database load as it will only be triggered if a backfill *might* have
++ # been needed
++ (
++ events,
++ next_key,
++ _,
++ ) = await self.store.paginate_room_events_by_topological_ordering(
++ room_id=room_id,
++ from_key=from_token.room_key,
++ to_key=to_room_key,
++ direction=pagin_config.direction,
++ limit=pagin_config.limit,
++ event_filter=event_filter,
++ )
+ else:
+ # Otherwise, we can backfill in the background for eventual
+ # consistency's sake but we don't need to block the client waiting
+--
+2.49.0
+
diff --git a/packages/overlays/matrix-synapse/patches/0008-Fix-pagination-with-large-gaps-of-rejected-events.patch b/packages/overlays/matrix-synapse/patches/0008-Fix-pagination-with-large-gaps-of-rejected-events.patch
new file mode 100644
index 0000000..81a6d3f
--- /dev/null
+++ b/packages/overlays/matrix-synapse/patches/0008-Fix-pagination-with-large-gaps-of-rejected-events.patch
@@ -0,0 +1,50 @@
+From 6eb23d3018f68744ba363fb7a89a9a4982d67a19 Mon Sep 17 00:00:00 2001
+From: Nicolas Werner <nicolas.werner@hotmail.de>
+Date: Sun, 8 Jun 2025 23:14:31 +0200
+Subject: [PATCH 08/10] Fix pagination with large gaps of rejected events
+
+---
+ synapse/handlers/pagination.py | 13 +++++++++++--
+ 1 file changed, 11 insertions(+), 2 deletions(-)
+
+diff --git a/synapse/handlers/pagination.py b/synapse/handlers/pagination.py
+index 81cda38549..365c9cabcb 100644
+--- a/synapse/handlers/pagination.py
++++ b/synapse/handlers/pagination.py
+@@ -510,7 +510,7 @@ class PaginationHandler:
+ (
+ events,
+ next_key,
+- _,
++ limited,
+ ) = await self.store.paginate_room_events_by_topological_ordering(
+ room_id=room_id,
+ from_key=from_token.room_key,
+@@ -593,7 +593,7 @@ class PaginationHandler:
+ (
+ events,
+ next_key,
+- _,
++ limited,
+ ) = await self.store.paginate_room_events_by_topological_ordering(
+ room_id=room_id,
+ from_key=from_token.room_key,
+@@ -616,6 +616,15 @@ class PaginationHandler:
+
+ next_token = from_token.copy_and_replace(StreamKeyType.ROOM, next_key)
+
++ # We might have hit some internal filtering first, for example rejected
++ # events. Ensure we return a pagination token then.
++ if not events and limited:
++ return {
++ "chunk": [],
++ "start": await from_token.to_string(self.store),
++ "end": await next_token.to_string(self.store),
++ }
++
+ # if no events are returned from pagination, that implies
+ # we have reached the end of the available events.
+ # In that case we do not return end, to tell the client
+--
+2.49.0
+
diff --git a/packages/overlays/matrix-synapse/patches/0009-Fix-nix-flake.patch b/packages/overlays/matrix-synapse/patches/0009-Fix-nix-flake.patch
new file mode 100644
index 0000000..09a7f5c
--- /dev/null
+++ b/packages/overlays/matrix-synapse/patches/0009-Fix-nix-flake.patch
@@ -0,0 +1,189 @@
+From 69d854a8250493f9c1e468f24031378ff334cf7f Mon Sep 17 00:00:00 2001
+From: Rory& <root@rory.gay>
+Date: Mon, 9 Jun 2025 17:38:34 +0200
+Subject: [PATCH 09/10] Fix nix flake
+
+---
+ flake.lock | 58 +++++++++++++++++++-----------------------------------
+ flake.nix | 10 +++++++++-
+ 2 files changed, 29 insertions(+), 39 deletions(-)
+
+diff --git a/flake.lock b/flake.lock
+index a6a2aea328..4e2f01153b 100644
+--- a/flake.lock
++++ b/flake.lock
+@@ -39,15 +39,12 @@
+ }
+ },
+ "flake-utils": {
+- "inputs": {
+- "systems": "systems"
+- },
+ "locked": {
+- "lastModified": 1685518550,
+- "narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=",
++ "lastModified": 1667395993,
++ "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+- "rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef",
++ "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
+ "type": "github"
+ },
+ "original": {
+@@ -152,27 +149,27 @@
+ },
+ "nixpkgs-stable": {
+ "locked": {
+- "lastModified": 1685801374,
+- "narHash": "sha256-otaSUoFEMM+LjBI1XL/xGB5ao6IwnZOXc47qhIgJe8U=",
++ "lastModified": 1678872516,
++ "narHash": "sha256-/E1YwtMtFAu2KUQKV/1+KFuReYPANM2Rzehk84VxVoc=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+- "rev": "c37ca420157f4abc31e26f436c1145f8951ff373",
++ "rev": "9b8e5abb18324c7fe9f07cb100c3cd4a29cda8b8",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+- "ref": "nixos-23.05",
++ "ref": "nixos-22.11",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs_2": {
+ "locked": {
+- "lastModified": 1729265718,
+- "narHash": "sha256-4HQI+6LsO3kpWTYuVGIzhJs1cetFcwT7quWCk/6rqeo=",
++ "lastModified": 1748217807,
++ "narHash": "sha256-P3u2PXxMlo49PutQLnk2PhI/imC69hFl1yY4aT5Nax8=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+- "rev": "ccc0c2126893dd20963580b6478d1a10a4512185",
++ "rev": "3108eaa516ae22c2360928589731a4f1581526ef",
+ "type": "github"
+ },
+ "original": {
+@@ -184,11 +181,11 @@
+ },
+ "nixpkgs_3": {
+ "locked": {
+- "lastModified": 1728538411,
+- "narHash": "sha256-f0SBJz1eZ2yOuKUr5CA9BHULGXVSn6miBuUWdTyhUhU=",
++ "lastModified": 1744536153,
++ "narHash": "sha256-awS2zRgF4uTwrOKwwiJcByDzDOdo3Q1rPZbiHQg/N38=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+- "rev": "b69de56fac8c2b6f8fd27f2eca01dcda8e0a4221",
++ "rev": "18dd725c29603f582cf1900e0d25f9f1063dbf11",
+ "type": "github"
+ },
+ "original": {
+@@ -213,11 +210,11 @@
+ "nixpkgs-stable": "nixpkgs-stable"
+ },
+ "locked": {
+- "lastModified": 1688056373,
+- "narHash": "sha256-2+SDlNRTKsgo3LBRiMUcoEUb6sDViRNQhzJquZ4koOI=",
++ "lastModified": 1686050334,
++ "narHash": "sha256-R0mczWjDzBpIvM3XXhO908X5e2CQqjyh/gFbwZk/7/Q=",
+ "owner": "cachix",
+ "repo": "pre-commit-hooks.nix",
+- "rev": "5843cf069272d92b60c3ed9e55b7a8989c01d4c7",
++ "rev": "6881eb2ae5d8a3516e34714e7a90d9d95914c4dc",
+ "type": "github"
+ },
+ "original": {
+@@ -231,7 +228,7 @@
+ "devenv": "devenv",
+ "nixpkgs": "nixpkgs_2",
+ "rust-overlay": "rust-overlay",
+- "systems": "systems_2"
++ "systems": "systems"
+ }
+ },
+ "rust-overlay": {
+@@ -239,11 +236,11 @@
+ "nixpkgs": "nixpkgs_3"
+ },
+ "locked": {
+- "lastModified": 1731897198,
+- "narHash": "sha256-Ou7vLETSKwmE/HRQz4cImXXJBr/k9gp4J4z/PF8LzTE=",
++ "lastModified": 1748313401,
++ "narHash": "sha256-x5UuDKP2Ui/TresAngUo9U4Ss9xfOmN8dAXU8OrkZmA=",
+ "owner": "oxalica",
+ "repo": "rust-overlay",
+- "rev": "0be641045af6d8666c11c2c40e45ffc9667839b5",
++ "rev": "9c8ea175cf9af29edbcff121512e44092a8f37e4",
+ "type": "github"
+ },
+ "original": {
+@@ -266,21 +263,6 @@
+ "repo": "default",
+ "type": "github"
+ }
+- },
+- "systems_2": {
+- "locked": {
+- "lastModified": 1681028828,
+- "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+- "owner": "nix-systems",
+- "repo": "default",
+- "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+- "type": "github"
+- },
+- "original": {
+- "owner": "nix-systems",
+- "repo": "default",
+- "type": "github"
+- }
+ }
+ },
+ "root": "root",
+diff --git a/flake.nix b/flake.nix
+index 749c10da1d..e33b233ece 100644
+--- a/flake.nix
++++ b/flake.nix
+@@ -82,7 +82,7 @@
+ #
+ # NOTE: We currently need to set the Rust version unnecessarily high
+ # in order to work around https://github.com/matrix-org/synapse/issues/15939
+- (rust-bin.stable."1.82.0".default.override {
++ (rust-bin.stable."1.87.0".default.override {
+ # Additionally install the "rust-src" extension to allow diving into the
+ # Rust source code in an IDE (rust-analyzer will also make use of it).
+ extensions = [ "rust-src" ];
+@@ -118,6 +118,8 @@
+ # For releasing Synapse
+ debian-devscripts # (`dch` for manipulating the Debian changelog)
+ libnotify # (the release script uses `notify-send` to tell you when CI jobs are done)
++
++ postgresql.pg_config
+ ];
+
+ # Install Python and manage a virtualenv with Poetry.
+@@ -140,6 +142,9 @@
+ # force compiling those binaries locally instead.
+ env.POETRY_INSTALLER_NO_BINARY = "ruff";
+
++ # Required to make git work
++ env.CARGO_NET_GIT_FETCH_WITH_CLI = "true";
++
+ # Install dependencies for the additional programming languages
+ # involved with Synapse development.
+ #
+@@ -160,6 +165,9 @@
+ services.postgres.initialDatabases = [
+ { name = "synapse"; }
+ ];
++
++ services.postgres.port = 5433;
++
+ # Create a postgres user called 'synapse_user' which has ownership
+ # over the 'synapse' database.
+ services.postgres.initialScript = ''
+--
+2.49.0
+
diff --git a/packages/overlays/matrix-synapse/patches/0010-Fix-gitignore-to-ignore-.venv.patch b/packages/overlays/matrix-synapse/patches/0010-Fix-gitignore-to-ignore-.venv.patch
new file mode 100644
index 0000000..abe0eb3
--- /dev/null
+++ b/packages/overlays/matrix-synapse/patches/0010-Fix-gitignore-to-ignore-.venv.patch
@@ -0,0 +1,24 @@
+From 35c7dfe6a8df912f14d4f18642e2af2675d607af Mon Sep 17 00:00:00 2001
+From: Rory& <root@rory.gay>
+Date: Mon, 9 Jun 2025 17:46:10 +0200
+Subject: [PATCH 10/10] Fix gitignore to ignore .venv
+
+---
+ .gitignore | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/.gitignore b/.gitignore
+index a89f149ec1..0567934c4e 100644
+--- a/.gitignore
++++ b/.gitignore
+@@ -30,6 +30,7 @@ __pycache__/
+ /*.signing.key
+ /env/
+ /.venv*/
++/.venv
+ /homeserver*.yaml
+ /logs
+ /media_store/
+--
+2.49.0
+
diff --git a/packages/overlays/matrix-synapse/patches/synapse-fast-links.patch b/packages/overlays/matrix-synapse/patches/synapse-fast-links.patch
new file mode 100644
index 0000000..c35ba87
--- /dev/null
+++ b/packages/overlays/matrix-synapse/patches/synapse-fast-links.patch
@@ -0,0 +1,87 @@
+diff --git a/synapse/storage/database.py b/synapse/storage/database.py
+index cb4a585..1196781 100644
+--- a/synapse/storage/database.py
++++ b/synapse/storage/database.py
+@@ -2503,6 +2503,49 @@ class DatabasePool:
+
+ return txn.fetchall()
+
++# requires database_engine.supports_using_any_list to be true
++def make_select_id_if_found_sql_clause(
++ database_engine: BaseDatabaseEngine,
++ column: str,
++ table: str,
++ iterable: Collection[Any],
++ *,
++ negative: bool = False,
++) -> Tuple[str, list]:
++ """Returns an SQL clause that checks the given column is in the iterable.
++
++ On SQLite this expands to `column IN (?, ?, ...)`, whereas on Postgres
++ it expands to `column = ANY(?)`. While both DBs support the `IN` form,
++ using the `ANY` form on postgres means that it views queries with
++ different length iterables as the same, helping the query stats.
++
++ Args:
++ database_engine
++ column: Name of the column
++ table: Name of the table
++ iterable: The values to check the column against.
++ negative: Whether we should check for inequality, i.e. `NOT IN`
++
++ Returns:
++ A tuple of SQL query and the args
++ """
++ # This should hopefully be faster, but also makes postgres query
++ # stats easier to understand.
++ if database_engine.supports_using_any_list:
++ if not negative:
++ clause = f"{column}_lookup AS {column} FROM UNNEST(?::bigint[]) {column}_lookup WHERE EXISTS(SELECT FROM {table} WHERE {column}={column}_lookup)"
++ else:
++ clause = f"{column}_lookup AS {column} FROM UNNEST(?::bigint[]) {column}_lookup WHERE NOT EXISTS(SELECT FROM {table} WHERE {column}={column}_lookup)"
++
++ return clause, [list(iterable)]
++ else:
++ params = ",".join("?" for _ in iterable)
++ if not negative:
++ clause = f"DISTINCT {column} FROM {table} WHERE {column} IN ({params})"
++ else:
++ clause = f"DISTINCT {column} FROM {table} WHERE {column} NOT IN ({params})"
++ return clause, list(iterable)
++
+
+ def make_in_list_sql_clause(
+ database_engine: BaseDatabaseEngine,
+diff --git a/synapse/storage/databases/main/event_federation.py b/synapse/storage/databases/main/event_federation.py
+index 46aa590..026f011 100644
+--- a/synapse/storage/databases/main/event_federation.py
++++ b/synapse/storage/databases/main/event_federation.py
+@@ -52,6 +52,7 @@ from synapse.storage.database import (
+ DatabasePool,
+ LoggingDatabaseConnection,
+ LoggingTransaction,
++ make_select_id_if_found_sql_clause,
+ )
+ from synapse.storage.databases.main.events_worker import EventsWorkerStore
+ from synapse.storage.databases.main.signatures import SignatureWorkerStore
+@@ -362,8 +363,7 @@ class EventFederationWorkerStore(SignatureWorkerStore, EventsWorkerStore, SQLBas
+ sql = """
+ WITH RECURSIVE links(chain_id) AS (
+ SELECT
+- DISTINCT origin_chain_id
+- FROM event_auth_chain_links WHERE %s
++ %s
+ UNION
+ SELECT
+ target_chain_id
+@@ -380,8 +380,8 @@ class EventFederationWorkerStore(SignatureWorkerStore, EventsWorkerStore, SQLBas
+ while chains_to_fetch:
+ batch2 = tuple(itertools.islice(chains_to_fetch, 1000))
+ chains_to_fetch.difference_update(batch2)
+- clause, args = make_in_list_sql_clause(
+- txn.database_engine, "origin_chain_id", batch2
++ clause, args = make_select_id_if_found_sql_clause(
++ txn.database_engine, "origin_chain_id", "event_auth_chain_links", batch2
+ )
+ txn.execute(sql % (clause,), args)
+
diff --git a/packages/overlays/openvpn-iomanip.patch b/packages/overlays/openvpn-iomanip.patch
new file mode 100644
index 0000000..f334a34
--- /dev/null
+++ b/packages/overlays/openvpn-iomanip.patch
@@ -0,0 +1,13 @@
+diff --git a/src/tests/unit/machine-id.cpp b/src/tests/unit/machine-id.cpp
+index 8131947..a875743 100644
+--- a/src/tests/unit/machine-id.cpp
++++ b/src/tests/unit/machine-id.cpp
+@@ -15,6 +15,7 @@
+ #include "build-config.h"
+
+ #include <iostream>
++#include <iomanip>
+ #include <fstream>
+ #include <string>
+ #include <vector>
+
diff --git a/packages/overlays/openvpn.nix b/packages/overlays/openvpn.nix
new file mode 100644
index 0000000..0dc2af6
--- /dev/null
+++ b/packages/overlays/openvpn.nix
@@ -0,0 +1,12 @@
+{ ... }:
+{
+ nixpkgs.overlays = [
+ (final: prev: {
+ openvpn3 = prev.openvpn3.overrideAttrs (old: {
+ patches = (old.patches or [ ]) ++ [
+ ./openvpn-iomanip.patch
+ ];
+ });
+ })
+ ];
+}
diff --git a/packages/redpanda-connect/module.nix b/packages/redpanda-connect/module.nix
new file mode 100644
index 0000000..4a4c300
--- /dev/null
+++ b/packages/redpanda-connect/module.nix
@@ -0,0 +1,80 @@
+{
+ lib,
+ config,
+ pkgs,
+ ...
+}:
+let
+ cfg = config.services.redpanda-connect;
+in
+{
+ options.services.redpanda-connect = {
+ enable = lib.mkEnableOption "Enable Redpanda Connect";
+ package = lib.mkOption {
+ type = lib.types.package;
+ default = (pkgs.callPackage ./package.nix { });
+ description = "The Redpanda Connect package";
+ };
+ pipelines = lib.mkOption {
+ type = lib.types.attrsOf (
+ lib.types.submodule {
+ options = {
+ enable = lib.mkEnableOption "Enable the pipeline";
+ allowSudo = lib.mkEnableOption "Allow sudo";
+ config = lib.mkOption {
+ type = lib.types.attrs;
+ description = "The configuration for the pipeline";
+ };
+ };
+ }
+ );
+ };
+ };
+
+ config = lib.mkIf cfg.enable (
+ let
+ sudoEnabledServices = builtins.filter (pipeline: pipeline.value.allowSudo) (lib.attrsToList cfg.pipelines);
+ in
+ {
+ systemd.services = builtins.listToAttrs (
+ lib.mapAttrsToList (name: pipeline: {
+ name = "redpanda-connect-${name}";
+ value = {
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig = {
+ Type = "simple";
+ ExecStart =
+ let
+ configFile = pkgs.writeText "redpanda-connect-${name}.json" (builtins.toJSON pipeline.config);
+ in
+ "${cfg.package}/bin/redpanda-connect run ${configFile}";
+ Restart = "always";
+ RestartSec = "5";
+ DynamicUser = !pipeline.allowSudo;
+ User = if pipeline.allowSudo then "root" else null;
+ };
+ };
+ }) cfg.pipelines
+ );
+
+ #security.polkit.extraConfig = builtins.concatStringsSep "\n" (
+ # builtins.map (value: ''
+ # polkit.addRule(function(action, subject) {
+ # if (action.id == "org.freedesktop.systemd1.manage-units" &&
+ # action.lookup("unit") == "redpanda-connect-${value.name}") {
+ # return polkit.Result.YES;
+ # }
+ # });
+ # '') sudoEnabledServices
+ #);
+
+ #users.users.redpanda-connect-sudo = {
+ # isSystemUser = true;
+ # description = "Redpanda Connect sudo user";
+ # createHome = false;
+ # shell = "/run/current-system/sw/bin/nologin";
+ # group = "nogroup"; # We don't need a group...
+ #};
+ }
+ );
+}
diff --git a/packages/redpanda-connect/package.nix b/packages/redpanda-connect/package.nix
new file mode 100644
index 0000000..2f9a6d9
--- /dev/null
+++ b/packages/redpanda-connect/package.nix
@@ -0,0 +1,43 @@
+{
+ lib,
+ buildGoModule,
+ fetchFromGitHub,
+ nix-update-script,
+}:
+
+buildGoModule rec {
+ pname = "redpanda-connect";
+ version = "4.44.0";
+
+ src = fetchFromGitHub {
+ owner = "redpanda-data";
+ repo = "connect";
+ rev = "refs/tags/v${version}";
+ hash = "sha256-pwtP1zybMvq1wQ50Ob20MVR3/v1yd7BjWe1nPFLO6mU=";
+ };
+
+ proxyVendor = true;
+
+ subPackages = [
+ "cmd/redpanda-connect"
+ ];
+
+ vendorHash = "sha256-5KXJiInuEX7fEl7y3iGvxQHptoM5z3TMmg6KZ2lx/fw=";
+
+ ldflags = [
+ "-s"
+ "-w"
+ "-X github.com/redpanda-data/connect/v4/internal/cli.Version=${version}"
+ ];
+
+ passthru.updateScript = nix-update-script { };
+
+ meta = {
+ description = "Fancy stream processing made operationally mundane";
+ mainProgram = "redpanda-connect";
+ homepage = "https://www.redpanda.com/connect";
+ changelog = "https://github.com/redpanda-data/connect/blob/v${version}/CHANGELOG.md";
+ # license = lib.licenses.mixed;
+ maintainers = with lib.maintainers; [ ];
+ };
+}
diff --git a/modules/packages/vim.nix b/packages/vim.nix
index 1b7bb37..1b7bb37 100755
--- a/modules/packages/vim.nix
+++ b/packages/vim.nix
diff --git a/modules/packages/xdg-desktop-portal-gtk.nix b/packages/xdg-desktop-portal-gtk.nix
index cfe48d4..c849b17 100644
--- a/modules/packages/xdg-desktop-portal-gtk.nix
+++ b/packages/xdg-desktop-portal-gtk.nix
@@ -7,7 +7,7 @@
pkg-config,
xdg-desktop-portal,
gtk3,
- gnome,
+ gnome-settings-daemon,
gnome-desktop,
glib,
wrapGAppsHook,
@@ -44,7 +44,7 @@ stdenv.mkDerivation (finalAttrs: {
++ lib.optionals buildPortalsInGnome [
gsettings-desktop-schemas # settings exposed by settings portal
gnome-desktop
- gnome.gnome-settings-daemon # schemas needed for settings api (mostly useless now that fonts were moved to g-d-s, just mouse and xsettings)
+ gnome-settings-daemon # schemas needed for settings api (mostly useless now that fonts were moved to g-d-s, just mouse and xsettings)
];
mesonFlags = lib.optionals (!buildPortalsInGnome) [
diff --git a/rebuild.sh b/rebuild.sh
index 0e02eab..51c3329 100755
--- a/rebuild.sh
+++ b/rebuild.sh
@@ -1,2 +1,2 @@
#!/usr/bin/env sh
-./build.sh / $HOSTNAME
\ No newline at end of file
+./build.sh / $HOSTNAME
|
