diff --git a/flake.lock b/flake.lock
index 40ce566..543631c 100644
--- a/flake.lock
+++ b/flake.lock
@@ -5,7 +5,7 @@
"crane": "crane",
"flake-compat": "flake-compat",
"flake-utils": "flake-utils_2",
- "nixpkgs": "nixpkgs_4",
+ "nixpkgs": "nixpkgs_2",
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
@@ -29,7 +29,7 @@
"flake-compat": "flake-compat_3",
"flake-parts": "flake-parts",
"nix-github-actions": "nix-github-actions",
- "nixpkgs": "nixpkgs_6",
+ "nixpkgs": "nixpkgs_4",
"nixpkgs-stable": "nixpkgs-stable_2"
},
"locked": {
@@ -69,18 +69,16 @@
"cgit-magenta": {
"inputs": {
"flake-utils": "flake-utils",
- "home-manager": "home-manager",
"nixpkgs": [
"nixpkgs"
- ],
- "sops-nix": "sops-nix"
+ ]
},
"locked": {
- "lastModified": 1741761479,
- "narHash": "sha256-RhrEgFHXbkvvoZRrWXwVQCLGFmBbxZoV3loNieGEI0Q=",
+ "lastModified": 1745744468,
+ "narHash": "sha256-iM+uxKk3eaSr2WHqhBd+M1MQvEMLf0VIfs0Y8yYdC9E=",
"ref": "refs/heads/master",
- "rev": "015b6bc11a83430f6f419501071748b7db1f6171",
- "revCount": 1652,
+ "rev": "43939110959a719b0b346780e8f0d0c028320180",
+ "revCount": 1658,
"type": "git",
"url": "https://cgit.rory.gay/cgit-magenta.git"
},
@@ -97,7 +95,7 @@
"flake-compat": "flake-compat_2",
"flake-utils": "flake-utils_3",
"nix-filter": "nix-filter",
- "nixpkgs": "nixpkgs_5"
+ "nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1742789401,
@@ -323,22 +321,6 @@
"type": "github"
}
},
- "flake-compat_5": {
- "flake": false,
- "locked": {
- "lastModified": 1733328505,
- "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
- "owner": "edolstra",
- "repo": "flake-compat",
- "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
- "type": "github"
- },
- "original": {
- "owner": "edolstra",
- "repo": "flake-compat",
- "type": "github"
- }
- },
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
@@ -490,16 +472,16 @@
"flake-compat": "flake-compat_4",
"flake-utils": "flake-utils_5",
"nix-filter": "nix-filter_2",
- "nixpkgs": "nixpkgs_7",
+ "nixpkgs": "nixpkgs_5",
"rocksdb": "rocksdb"
},
"locked": {
"host": "gitlab.computer.surgery",
- "lastModified": 1745120827,
- "narHash": "sha256-wF6xQA6TmaTci2RrDpAVJBzSUOp7kj1rgfd0JUt7KCI=",
+ "lastModified": 1746392626,
+ "narHash": "sha256-nEqrWmRwMW2KUJKycc3M2aaqUaugqgW5SfHm/2m17b4=",
"owner": "matrix",
"repo": "grapevine-fork",
- "rev": "48ecf50973b759eb6ca1940650e074f2b2a925f3",
+ "rev": "d425ba72f879854e10de5f8f2e4b6bc18257eb89",
"type": "gitlab"
},
"original": {
@@ -511,33 +493,14 @@
},
"home-manager": {
"inputs": {
- "nixpkgs": "nixpkgs_2"
+ "nixpkgs": "nixpkgs_6"
},
"locked": {
- "lastModified": 1741701235,
- "narHash": "sha256-gBlb8R9gnjUAT5XabJeel3C2iEUiBHx3+91651y3Sqo=",
+ "lastModified": 1746413188,
+ "narHash": "sha256-i6BoiQP0PasExESQHszC0reQHfO6D4aI2GzOwZMOI20=",
"owner": "nix-community",
"repo": "home-manager",
- "rev": "c630dfa8abcc65984cc1e47fb25d4552c81dd37e",
- "type": "github"
- },
- "original": {
- "owner": "nix-community",
- "ref": "master",
- "repo": "home-manager",
- "type": "github"
- }
- },
- "home-manager_2": {
- "inputs": {
- "nixpkgs": "nixpkgs_8"
- },
- "locked": {
- "lastModified": 1745627989,
- "narHash": "sha256-mOCdFmxocBPae7wg7RYWOtJzWMJk34u9493ItY0dVqw=",
- "owner": "nix-community",
- "repo": "home-manager",
- "rev": "4d2d32231797bfa7213ae5e8ac89d25f8caaae82",
+ "rev": "8a318641ac13d3bc0a53651feaee9560f9b2d89a",
"type": "github"
},
"original": {
@@ -619,11 +582,11 @@
"nhekoSrc": {
"flake": false,
"locked": {
- "lastModified": 1743772580,
- "narHash": "sha256-TQCL00cYeCDIm2REru5dA2dSttkd/IyfT9mtzHMmEh8=",
+ "lastModified": 1746136083,
+ "narHash": "sha256-4K8+482xIfIWn0n3i0LjtSTii4bH+YLfMLuGIwtvDbA=",
"owner": "Nheko-reborn",
"repo": "nheko",
- "rev": "6abfe8b44f0057d16f279e96343a4b4850c7dc46",
+ "rev": "ad19bf3a308de121a832562ade8e7b470d1f809a",
"type": "github"
},
"original": {
@@ -686,25 +649,6 @@
"type": "github"
}
},
- "nixos-wsl": {
- "inputs": {
- "flake-compat": "flake-compat_5",
- "nixpkgs": "nixpkgs_9"
- },
- "locked": {
- "lastModified": 1744290088,
- "narHash": "sha256-/X9XVEl0EiyisNbF5srrxXRSVoRqdwExuqyspYqqEjQ=",
- "owner": "nix-community",
- "repo": "NixOS-WSL",
- "rev": "60b4904a1390ac4c89e93d95f6ed928975e525ed",
- "type": "github"
- },
- "original": {
- "owner": "nix-community",
- "repo": "NixOS-WSL",
- "type": "github"
- }
- },
"nixpkgs": {
"locked": {
"lastModified": 1733212471,
@@ -739,11 +683,11 @@
},
"nixpkgs-RoryNix": {
"locked": {
- "lastModified": 1745676824,
- "narHash": "sha256-B3bvP7K4P+fT3GgmxbMSz7NcZXQ+4a+E4vIU1IJvJ3w=",
+ "lastModified": 1746463976,
+ "narHash": "sha256-R5eQGTgf+yW5dLBSXe/1zEdUhmgoReceZ0dqszMI12g=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "be8287851a1db30cb19f112f6ef61a8ebc44c28e",
+ "rev": "b08e86e19fadad4bb0a610eec7213f14b80afb21",
"type": "github"
},
"original": {
@@ -771,11 +715,11 @@
},
"nixpkgs-master": {
"locked": {
- "lastModified": 1745676824,
- "narHash": "sha256-B3bvP7K4P+fT3GgmxbMSz7NcZXQ+4a+E4vIU1IJvJ3w=",
+ "lastModified": 1746463976,
+ "narHash": "sha256-R5eQGTgf+yW5dLBSXe/1zEdUhmgoReceZ0dqszMI12g=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "be8287851a1db30cb19f112f6ef61a8ebc44c28e",
+ "rev": "b08e86e19fadad4bb0a610eec7213f14b80afb21",
"type": "github"
},
"original": {
@@ -819,107 +763,59 @@
},
"nixpkgs-stable_3": {
"locked": {
- "lastModified": 1735563628,
- "narHash": "sha256-OnSAY7XDSx7CtDoqNh8jwVwh4xNL/2HaJxGjryLWzX8=",
+ "lastModified": 1746422338,
+ "narHash": "sha256-NTtKOTLQv6dPfRe00OGSywg37A1FYqldS6xiNmqBUYc=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "b134951a4c9f3c995fd7be05f3243f8ecd65d798",
+ "rev": "5b35d248e9206c1f3baf8de6a7683fee126364aa",
"type": "github"
},
"original": {
"owner": "NixOS",
- "ref": "nixos-24.05",
- "repo": "nixpkgs",
- "type": "github"
- }
- },
- "nixpkgs_10": {
- "locked": {
- "lastModified": 1745526057,
- "narHash": "sha256-ITSpPDwvLBZBnPRS2bUcHY3gZSwis/uTe255QgMtTLA=",
- "owner": "NixOS",
- "repo": "nixpkgs",
- "rev": "f771eb401a46846c1aebd20552521b233dd7e18b",
- "type": "github"
- },
- "original": {
- "owner": "NixOS",
- "ref": "nixos-unstable",
- "repo": "nixpkgs",
- "type": "github"
- }
- },
- "nixpkgs_11": {
- "locked": {
- "lastModified": 1734119587,
- "narHash": "sha256-AKU6qqskl0yf2+JdRdD0cfxX4b9x3KKV5RqA6wijmPM=",
- "owner": "nixos",
- "repo": "nixpkgs",
- "rev": "3566ab7246670a43abd2ffa913cc62dad9cdf7d5",
- "type": "github"
- },
- "original": {
- "owner": "nixos",
- "ref": "nixos-unstable",
- "repo": "nixpkgs",
- "type": "github"
- }
- },
- "nixpkgs_12": {
- "locked": {
- "lastModified": 1744868846,
- "narHash": "sha256-5RJTdUHDmj12Qsv7XOhuospjAjATNiTMElplWnJE9Hs=",
- "owner": "NixOS",
- "repo": "nixpkgs",
- "rev": "ebe4301cbd8f81c4f8d3244b3632338bbeb6d49c",
- "type": "github"
- },
- "original": {
- "owner": "NixOS",
- "ref": "nixpkgs-unstable",
+ "ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
- "lastModified": 1741379970,
- "narHash": "sha256-Wh7esNh7G24qYleLvgOSY/7HlDUzWaL/n4qzlBePpiw=",
+ "lastModified": 1702539185,
+ "narHash": "sha256-KnIRG5NMdLIpEkZTnN5zovNYc0hhXjAgv6pfd5Z4c7U=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "36fd87baa9083f34f7f5027900b62ee6d09b1f2f",
+ "rev": "aa9d4729cbc99dabacb50e3994dcefb3ea0f7447",
"type": "github"
},
"original": {
"owner": "NixOS",
- "ref": "nixos-unstable",
+ "ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
- "lastModified": 1731763621,
- "narHash": "sha256-ddcX4lQL0X05AYkrkV2LMFgGdRvgap7Ho8kgon3iWZk=",
+ "lastModified": 1709479366,
+ "narHash": "sha256-n6F0n8UV6lnTZbYPl1A9q1BS0p4hduAv1mGAP17CVd0=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "c69a9bffbecde46b4b939465422ddc59493d3e4d",
+ "rev": "b8697e57f10292a6165a20f03d2f42920dfaf973",
"type": "github"
},
"original": {
"owner": "NixOS",
- "ref": "nixpkgs-unstable",
+ "ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
- "lastModified": 1702539185,
- "narHash": "sha256-KnIRG5NMdLIpEkZTnN5zovNYc0hhXjAgv6pfd5Z4c7U=",
+ "lastModified": 1726042813,
+ "narHash": "sha256-LnNKCCxnwgF+575y0pxUdlGZBO/ru1CtGHIqQVfvjlA=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "aa9d4729cbc99dabacb50e3994dcefb3ea0f7447",
+ "rev": "159be5db480d1df880a0135ca0bfed84c2f88353",
"type": "github"
},
"original": {
@@ -931,11 +827,11 @@
},
"nixpkgs_5": {
"locked": {
- "lastModified": 1709479366,
- "narHash": "sha256-n6F0n8UV6lnTZbYPl1A9q1BS0p4hduAv1mGAP17CVd0=",
+ "lastModified": 1742889210,
+ "narHash": "sha256-hw63HnwnqU3ZQfsMclLhMvOezpM7RSB0dMAtD5/sOiw=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "b8697e57f10292a6165a20f03d2f42920dfaf973",
+ "rev": "698214a32beb4f4c8e3942372c694f40848b360d",
"type": "github"
},
"original": {
@@ -947,27 +843,27 @@
},
"nixpkgs_6": {
"locked": {
- "lastModified": 1726042813,
- "narHash": "sha256-LnNKCCxnwgF+575y0pxUdlGZBO/ru1CtGHIqQVfvjlA=",
+ "lastModified": 1746232882,
+ "narHash": "sha256-MHmBH2rS8KkRRdoU/feC/dKbdlMkcNkB5mwkuipVHeQ=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "159be5db480d1df880a0135ca0bfed84c2f88353",
+ "rev": "7a2622e2c0dbad5c4493cb268aba12896e28b008",
"type": "github"
},
"original": {
"owner": "NixOS",
- "ref": "nixpkgs-unstable",
+ "ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_7": {
"locked": {
- "lastModified": 1742889210,
- "narHash": "sha256-hw63HnwnqU3ZQfsMclLhMvOezpM7RSB0dMAtD5/sOiw=",
+ "lastModified": 1746328495,
+ "narHash": "sha256-uKCfuDs7ZM3QpCE/jnfubTg459CnKnJG/LwqEVEdEiw=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "698214a32beb4f4c8e3942372c694f40848b360d",
+ "rev": "979daf34c8cacebcd917d540070b52a3c2b9b16e",
"type": "github"
},
"original": {
@@ -979,15 +875,15 @@
},
"nixpkgs_8": {
"locked": {
- "lastModified": 1745234285,
- "narHash": "sha256-GfpyMzxwkfgRVN0cTGQSkTC0OHhEkv3Jf6Tcjm//qZ0=",
- "owner": "NixOS",
+ "lastModified": 1734119587,
+ "narHash": "sha256-AKU6qqskl0yf2+JdRdD0cfxX4b9x3KKV5RqA6wijmPM=",
+ "owner": "nixos",
"repo": "nixpkgs",
- "rev": "c11863f1e964833214b767f4a369c6e6a7aba141",
+ "rev": "3566ab7246670a43abd2ffa913cc62dad9cdf7d5",
"type": "github"
},
"original": {
- "owner": "NixOS",
+ "owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
@@ -995,27 +891,27 @@
},
"nixpkgs_9": {
"locked": {
- "lastModified": 1742937945,
- "narHash": "sha256-lWc+79eZRyvHp/SqMhHTMzZVhpxkRvthsP1Qx6UCq0E=",
+ "lastModified": 1744868846,
+ "narHash": "sha256-5RJTdUHDmj12Qsv7XOhuospjAjATNiTMElplWnJE9Hs=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "d02d88f8de5b882ccdde0465d8fa2db3aa1169f7",
+ "rev": "ebe4301cbd8f81c4f8d3244b3632338bbeb6d49c",
"type": "github"
},
"original": {
"owner": "NixOS",
- "ref": "nixos-24.11",
+ "ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"ooye": {
"inputs": {
- "nixpkgs": "nixpkgs_11"
+ "nixpkgs": "nixpkgs_8"
},
"locked": {
"lastModified": 1737779835,
- "narHash": "sha256-iZ/kQ/XFqIx053AuSHhCwu3HA8627ognYiJl/LRNpD0=",
+ "narHash": "sha256-TY7cnYqhgxIXZCltcFxYuKQ6Hpt3gouuYn0rj9URsp4=",
"ref": "refs/heads/master",
"rev": "11cc65efa2909bdc7e3e978bf1f56f6d141bf82a",
"revCount": 11,
@@ -1052,20 +948,19 @@
"draupnirSrc": "draupnirSrc",
"flake-utils": "flake-utils_4",
"grapevine": "grapevine",
- "home-manager": "home-manager_2",
+ "home-manager": "home-manager",
"lix-module": "lix-module",
"matrixSpecSrc": "matrixSpecSrc",
"mtxclientSrc": "mtxclientSrc",
"nhekoSrc": "nhekoSrc",
- "nixos-wsl": "nixos-wsl",
- "nixpkgs": "nixpkgs_10",
+ "nixpkgs": "nixpkgs_7",
"nixpkgs-Draupnir": "nixpkgs-Draupnir",
"nixpkgs-RoryNix": "nixpkgs-RoryNix",
"nixpkgs-keydb": "nixpkgs-keydb",
"nixpkgs-master": "nixpkgs-master",
"nixpkgs-stable": "nixpkgs-stable_3",
"ooye": "ooye",
- "sops-nix": "sops-nix_2"
+ "sops-nix": "sops-nix"
}
},
"rust-analyzer-src": {
@@ -1104,25 +999,7 @@
},
"sops-nix": {
"inputs": {
- "nixpkgs": "nixpkgs_3"
- },
- "locked": {
- "lastModified": 1741644481,
- "narHash": "sha256-E0RrMykMtEv15V3QhpsFutgoSKhL1JBhidn+iZajOyg=",
- "owner": "Mic92",
- "repo": "sops-nix",
- "rev": "e653d71e82575a43fe9d228def8eddb73887b866",
- "type": "github"
- },
- "original": {
- "owner": "Mic92",
- "repo": "sops-nix",
- "type": "github"
- }
- },
- "sops-nix_2": {
- "inputs": {
- "nixpkgs": "nixpkgs_12"
+ "nixpkgs": "nixpkgs_9"
},
"locked": {
"lastModified": 1745310711,
diff --git a/flake.nix b/flake.nix
index 2c06f4e..679d867 100755
--- a/flake.nix
+++ b/flake.nix
@@ -13,7 +13,7 @@
};
nixpkgs-stable = {
- url = "github:NixOS/nixpkgs/nixos-24.05";
+ url = "github:NixOS/nixpkgs/nixos-24.11";
};
nixpkgs-master = {
@@ -88,6 +88,12 @@
outputs =
inputs:
with inputs;
+ let
+ pkgs-stable = system: import nixpkgs-stable {
+ inherit system;
+ config.allowUnfree = true;
+ };
+ in
{
nixosConfigurations = {
Module-dev = nixpkgs.lib.nixosSystem {
@@ -197,6 +203,17 @@
};
}
)
+
+ (
+ { pkgs, ... }:
+ {
+ nixpkgs.overlays = [
+ (final: prev: {
+ jetbrains = (pkgs-stable pkgs.stdenv.hostPlatform.system).jetbrains;
+ })
+ ];
+ }
+ )
];
specialArgs = {
inherit home-manager;
diff --git a/host/Rory-desktop/configuration.nix b/host/Rory-desktop/configuration.nix
index de58678..d93b66d 100644
--- a/host/Rory-desktop/configuration.nix
+++ b/host/Rory-desktop/configuration.nix
@@ -27,7 +27,7 @@ args@{
#./optional/gui/x11.nix
./optional/gui/wayland.nix
- ./printing.nix
+# ./printing.nix
# ./ollama.nix
];
@@ -105,6 +105,7 @@ args@{
'';
settings.PermitRootLogin = "yes";
};
+ pulseaudio.enable = false;
pipewire = {
enable = true;
audio.enable = true;
@@ -129,9 +130,9 @@ args@{
# - IDEs
#jetbrains-toolbox
- #jetbrains.rider
(jetbrains.plugins.addPlugins jetbrains.webstorm [ "github-copilot" ])
- (jetbrains.plugins.addPlugins jetbrains.clion [ "github-copilot" "string-manipulation" "nixidea" "visual-studio-keymap" ])
+ (jetbrains.plugins.addPlugins jetbrains.clion [ "github-copilot" "nixidea" "visual-studio-keymap" ]) #"string-manipulation"
+ #jetbrains.rider
#jetbrains.clion
#github-copilot-intellij-agent
@@ -264,10 +265,6 @@ args@{
sudo.wheelNeedsPassword = false;
};
- hardware = {
- pulseaudio.enable = false;
- };
-
programs.dconf.enable = true;
#networking.wireguard.interfaces = {
diff --git a/host/Rory-nginx/configuration.nix b/host/Rory-nginx/configuration.nix
index d6873ee..9448569 100644
--- a/host/Rory-nginx/configuration.nix
+++ b/host/Rory-nginx/configuration.nix
@@ -90,20 +90,6 @@
# conduit = conduit;
#};
- services.pgadmin = {
- enable = false;
- initialEmail = "root@localhost.localdomain";
- initialPasswordFile = "/etc/matrix-user-pass";
- };
- containers."draupnir-cme" = import ./services/containers/draupnir-cme/container.nix {
- inherit pkgs lib nixpkgs-Draupnir;
- };
- containers."draupnir-fedora" = import ./services/containers/draupnir-fedora/container.nix {
- inherit pkgs lib nixpkgs-Draupnir;
- };
-
- #containers."draupnir-linux-mint" = import ./services/containers/draupnir-linux-mint/container.nix { inherit pkgs lib nixpkgs-Draupnir; };
-
system.stateVersion = "22.11"; # DO NOT EDIT!
environment.systemPackages = with pkgs; [ waypipe ];
diff --git a/host/Rory-nginx/hooks/post-rebuild.sh b/host/Rory-nginx/hooks/post-rebuild.sh
index 9b0c17c..198b7e6 100755
--- a/host/Rory-nginx/hooks/post-rebuild.sh
+++ b/host/Rory-nginx/hooks/post-rebuild.sh
@@ -1,6 +1,7 @@
#!/usr/bin/env nix-shell
#!nix-shell -i bash -p curl gnused nix coreutils jq openssl
#set -x
+exit
REG_KEY=`cat /var/lib/matrix-synapse/registration_shared_secret.txt`
LOCALPART='rory.gay'
REACHABLE_DOMAIN='http://localhost:8008'
diff --git a/host/Rory-nginx/services/containers/draupnir-cme/container.nix b/host/Rory-nginx/services/containers/draupnir-cme/container.nix
deleted file mode 100644
index 7b87264..0000000
--- a/host/Rory-nginx/services/containers/draupnir-cme/container.nix
+++ /dev/null
@@ -1,32 +0,0 @@
-{ nixpkgs-Draupnir, ... }:
-
-{
- privateNetwork = true;
- autoStart = true;
- specialArgs = {
- inherit nixpkgs-Draupnir;
- };
- config =
- { lib, pkgs, ... }:
- {
- imports = [
- ../shared.nix
- ./root.nix
- ./services/draupnir.nix
- "${nixpkgs-Draupnir}/nixos/modules/services/matrix/draupnir.nix"
- ];
- nixpkgs.overlays = [
- (final: prev: {
- draupnir = nixpkgs-Draupnir.legacyPackages.${pkgs.stdenv.hostPlatform.system}.draupnir;
- })
- ];
- };
- hostAddress = "192.168.100.1";
- localAddress = "192.168.100.17";
-
- bindMounts."draupnir-access-token" = {
- hostPath = "/etc/draupnir-cme-access-token";
- mountPoint = "/etc/draupnir-access-token";
- isReadOnly = true;
- };
-}
diff --git a/host/Rory-nginx/services/containers/draupnir-cme/root.nix b/host/Rory-nginx/services/containers/draupnir-cme/root.nix
deleted file mode 100644
index 0ebce9e..0000000
--- a/host/Rory-nginx/services/containers/draupnir-cme/root.nix
+++ /dev/null
@@ -1,16 +0,0 @@
-{ ... }:
-
-{
- networking.useHostResolvConf = true;
-
- networking.hosts = {
- "192.168.100.1" = [
- "matrix.rory.gay"
- "rory.gay"
- ];
- };
-
- networking.firewall = {
- enable = true;
- };
-}
diff --git a/host/Rory-nginx/services/containers/draupnir-cme/services/draupnir.nix b/host/Rory-nginx/services/containers/draupnir-cme/services/draupnir.nix
deleted file mode 100644
index cf59809..0000000
--- a/host/Rory-nginx/services/containers/draupnir-cme/services/draupnir.nix
+++ /dev/null
@@ -1,23 +0,0 @@
-{ ... }:
-
-{
- services.draupnir = {
- enable = true;
- accessTokenFile = "/etc/draupnir-access-token";
- homeserverUrl = "https://matrix.rory.gay";
-
- settings = {
- managementRoom = "#draupnir-cme:rory.gay";
- recordIgnoredInvites = true; # We want to be aware of invites
- autojoinOnlyIfManager = true; # ... but we don't want the bot to be invited to eg. Matrix HQ...
- automaticallyRedactForReasons = [ "*" ]; # Always autoredact
- fasterMembershipChecks = true;
-
- backgroundDelayMS = 10; # delay isn't needed, I don't mind the performance hit
- pollReports = false;
-
- admin.enableMakeRoomAdminCommand = false;
- commands.ban.defaultReasons = [ "spam" ];
- };
- };
-}
diff --git a/host/Rory-nginx/services/containers/draupnir-fedora/container.nix b/host/Rory-nginx/services/containers/draupnir-fedora/container.nix
deleted file mode 100644
index 82683d7..0000000
--- a/host/Rory-nginx/services/containers/draupnir-fedora/container.nix
+++ /dev/null
@@ -1,32 +0,0 @@
-{ nixpkgs-Draupnir, ... }:
-
-{
- privateNetwork = true;
- autoStart = true;
- specialArgs = {
- inherit nixpkgs-Draupnir;
- };
- config =
- { lib, pkgs, ... }:
- {
- imports = [
- ../shared.nix
- ./root.nix
- ./services/draupnir.nix
- "${nixpkgs-Draupnir}/nixos/modules/services/matrix/draupnir.nix"
- ];
- nixpkgs.overlays = [
- (final: prev: {
- draupnir = nixpkgs-Draupnir.legacyPackages.${pkgs.stdenv.hostPlatform.system}.draupnir;
- })
- ];
- };
- hostAddress = "192.168.100.1";
- localAddress = "192.168.100.18";
-
- bindMounts."draupnir-access-token" = {
- hostPath = "/etc/draupnir-fedora-access-token";
- mountPoint = "/etc/draupnir-access-token";
- isReadOnly = true;
- };
-}
diff --git a/host/Rory-nginx/services/containers/draupnir-fedora/root.nix b/host/Rory-nginx/services/containers/draupnir-fedora/root.nix
deleted file mode 100644
index 0ebce9e..0000000
--- a/host/Rory-nginx/services/containers/draupnir-fedora/root.nix
+++ /dev/null
@@ -1,16 +0,0 @@
-{ ... }:
-
-{
- networking.useHostResolvConf = true;
-
- networking.hosts = {
- "192.168.100.1" = [
- "matrix.rory.gay"
- "rory.gay"
- ];
- };
-
- networking.firewall = {
- enable = true;
- };
-}
diff --git a/host/Rory-nginx/services/containers/draupnir-fedora/services/draupnir.nix b/host/Rory-nginx/services/containers/draupnir-fedora/services/draupnir.nix
deleted file mode 100644
index 6573f4c..0000000
--- a/host/Rory-nginx/services/containers/draupnir-fedora/services/draupnir.nix
+++ /dev/null
@@ -1,23 +0,0 @@
-{ ... }:
-
-{
- services.draupnir = {
- enable = true;
- accessTokenFile = "/etc/draupnir-access-token";
- homeserverUrl = "https://matrix.rory.gay";
-
- settings = {
- managementRoom = "#draupnir-fedora-mgmt:rory.gay";
- recordIgnoredInvites = true; # We want to be aware of invites
- autojoinOnlyIfManager = true; # ... but we don't want the bot to be invited to eg. Matrix HQ...
- automaticallyRedactForReasons = [ "*" ]; # Always autoredact
- fasterMembershipChecks = true;
-
- backgroundDelayMS = 10; # delay isn't needed, I don't mind the performance hit
- pollReports = false;
-
- admin.enableMakeRoomAdminCommand = false;
- commands.ban.defaultReasons = [ "spam" ];
- };
- };
-}
diff --git a/host/Rory-nginx/services/containers/draupnir-linux-mint/container.nix b/host/Rory-nginx/services/containers/draupnir-linux-mint/container.nix
deleted file mode 100644
index 41d25c5..0000000
--- a/host/Rory-nginx/services/containers/draupnir-linux-mint/container.nix
+++ /dev/null
@@ -1,32 +0,0 @@
-{ nixpkgs-Draupnir, ... }:
-
-{
- privateNetwork = true;
- autoStart = true;
- specialArgs = {
- inherit nixpkgs-Draupnir;
- };
- config =
- { lib, pkgs, ... }:
- {
- imports = [
- ../shared.nix
- ./root.nix
- ./services/draupnir.nix
- "${nixpkgs-Draupnir}/nixos/modules/services/matrix/draupnir.nix"
- ];
- nixpkgs.overlays = [
- (final: prev: {
- draupnir = nixpkgs-Draupnir.legacyPackages.${pkgs.stdenv.hostPlatform.system}.draupnir;
- })
- ];
- };
- hostAddress = "192.168.100.1";
- localAddress = "192.168.100.19";
-
- bindMounts."draupnir-access-token" = {
- hostPath = "/etc/draupnir-linux-mint-access-token";
- mountPoint = "/etc/draupnir-access-token";
- isReadOnly = true;
- };
-}
diff --git a/host/Rory-nginx/services/containers/draupnir-linux-mint/root.nix b/host/Rory-nginx/services/containers/draupnir-linux-mint/root.nix
deleted file mode 100644
index 2adac62..0000000
--- a/host/Rory-nginx/services/containers/draupnir-linux-mint/root.nix
+++ /dev/null
@@ -1,16 +0,0 @@
-{ pkgs, ... }:
-
-{
- networking.useHostResolvConf = true;
-
- networking.hosts = {
- "192.168.100.18" = [
- "matrix.rory.gay"
- "rory.gay"
- ];
- };
-
- networking.firewall = {
- enable = true;
- };
-}
diff --git a/host/Rory-nginx/services/containers/draupnir-linux-mint/services/draupnir.nix b/host/Rory-nginx/services/containers/draupnir-linux-mint/services/draupnir.nix
deleted file mode 100644
index 042651a..0000000
--- a/host/Rory-nginx/services/containers/draupnir-linux-mint/services/draupnir.nix
+++ /dev/null
@@ -1,26 +0,0 @@
-{ ... }:
-
-{
- services.draupnir = {
- enable = true;
- accessTokenFile = "/etc/draupnir-access-token";
- homeserverUrl = "https://matrix.rory.gay";
-
- settings = {
- managementRoom = "#draupnir-linux-mint:rory.gay";
- recordIgnoredInvites = true; # We want to be aware of invites
- autojoinOnlyIfManager = true; # ... but we don't want the bot to be invited to eg. Matrix HQ...
- automaticallyRedactForReasons = [ "*" ]; # Always autoredact
- fasterMembershipChecks = true;
-
- backgroundDelayMS = 10; # delay isn't needed, I don't mind the performance hit
- pollReports = false;
-
- admin.enableMakeRoomAdminCommand = false;
- commands.ban.defaultReasons = [
- "spam"
- "code of conduct violation"
- ];
- };
- };
-}
diff --git a/host/Rory-nginx/services/email/autoconfig.nix b/host/Rory-nginx/services/email/autoconfig.nix
deleted file mode 100644
index d258046..0000000
--- a/host/Rory-nginx/services/email/autoconfig.nix
+++ /dev/null
@@ -1,18 +0,0 @@
-{ ... }:
-{
- services.go-autoconfig = {
- enable = true;
- settings = {
- service_addr = ":1323";
- domain = "autoconfig.rory.gay";
- imap = {
- server = "rory.gay";
- port = 993;
- };
- smtp = {
- server = "rory.gay";
- port = 587;
- };
- };
- };
-}
diff --git a/host/Rory-nginx/services/email/maddy.conf b/host/Rory-nginx/services/email/maddy.conf
deleted file mode 100644
index 1d3eb2f..0000000
--- a/host/Rory-nginx/services/email/maddy.conf
+++ /dev/null
@@ -1,124 +0,0 @@
-
-# Minimal configuration with TLS disabled, adapted from upstream example
-# configuration here https://github.com/foxcpp/maddy/blob/master/maddy.conf
-# Do not use this in production!
-
-auth.pass_table local_authdb {
- table sql_table {
- driver sqlite3
- dsn credentials.db
- table_name passwords
- }
-}
-
-storage.imapsql local_mailboxes {
- driver sqlite3
- dsn imapsql.db
-}
-
-table.chain local_rewrites {
- optional_step regexp "(.+)\+(.+)@(.+)" "$1@$3"
- optional_step static {
- entry postmaster root@$(primary_domain)
- }
- optional_step file /etc/maddy/aliases
-}
-
-msgpipeline local_routing {
- destination postmaster $(local_domains) {
- modify {
- replace_rcpt &local_rewrites
- }
- deliver_to &local_mailboxes
- }
- default_destination {
- reject 550 5.1.1 "User doesn't exist"
- }
-}
-
-smtp tcp://0.0.0.0:25 {
- limits {
- all rate 20 1s
- all concurrency 10
- }
- dmarc yes
- check {
- require_mx_record
- dkim
- spf
- }
- source $(local_domains) {
- reject 501 5.1.8 "Use Submission for outgoing SMTP"
- }
- default_source {
- destination postmaster $(local_domains) {
- deliver_to &local_routing
- }
- default_destination {
- reject 550 5.1.1 "User doesn't exist"
- }
- }
-}
-
-submission tls://0.0.0.0:465 tcp://0.0.0.0:587 {
- limits {
- all rate 50 1s
- }
- auth &local_authdb
- source $(local_domains) {
- check {
- authorize_sender {
- prepare_email &local_rewrites
- user_to_email identity
- }
- }
- destination postmaster $(local_domains) {
- deliver_to &local_routing
- }
- default_destination {
- modify {
- dkim $(primary_domain) $(local_domains) default
- }
- deliver_to &remote_queue
- }
- }
- default_source {
- reject 501 5.1.8 "Non-local sender domain"
- }
-}
-
-target.remote outbound_delivery {
- limits {
- destination rate 20 1s
- destination concurrency 10
- }
- mx_auth {
- dane
- mtasts {
- cache fs
- fs_dir mtasts_cache/
- }
- local_policy {
- min_tls_level encrypted
- min_mx_level none
- }
- }
-}
-
-target.queue remote_queue {
- target &outbound_delivery
- autogenerated_msg_domain $(primary_domain)
- bounce {
- destination postmaster $(local_domains) {
- deliver_to &local_routing
- }
- default_destination {
- reject 550 5.0.0 "Refusing to send DSNs to non-local addresses"
- }
- }
-}
-
-imap tls://0.0.0.0:993 tcp://0.0.0.0:143 {
- auth &local_authdb
- storage &local_mailboxes
-}
\ No newline at end of file
diff --git a/host/Rory-nginx/services/email/maddy.nix b/host/Rory-nginx/services/email/maddy.nix
deleted file mode 100644
index 07b6e72..0000000
--- a/host/Rory-nginx/services/email/maddy.nix
+++ /dev/null
@@ -1,49 +0,0 @@
-{
- pkgs,
- options,
- config,
- ...
-}:
-{
- services.maddy = {
- enable = true;
- primaryDomain = "rory.gay";
- hostname = "mail.rory.gay";
- ensureAccounts = [
- "root@rory.gay"
- ];
- ensureCredentials = {
- "root@rory.gay".passwordFile = "/var/lib/maddy/passwd/root";
- };
- config = builtins.readFile ./maddy.conf;
- # builtins.replaceStrings
- # [
- # "imap tcp://0.0.0.0:143"
- # "submission tcp://0.0.0.0:587"
- # "entry postmaster postmaster@$(primary_domain)"
- # ]
- # [
- # "imap tls://0.0.0.0:993 tcp://0.0.0.0:143"
- # "submission tls://0.0.0.0:465 tcp://0.0.0.0:587"
- # "entry postmaster root@$(primary_domain)"
- # ]
- # options.services.maddy.config.default;
-
- tls = {
- loader = "file";
- certificates = [
- {
- certPath = "/var/lib/acme/mail.rory.gay/fullchain.pem";
- keyPath = "/var/lib/acme/mail.rory.gay/key.pem";
- }
- ];
- };
- };
-
- networking.firewall.allowedTCPPorts = [
- 993
- 465
- ];
-
- users.users.maddy.extraGroups = [ "nginx" ];
-}
diff --git a/host/Rory-nginx/services/email/nginx.nix b/host/Rory-nginx/services/email/nginx.nix
deleted file mode 100644
index 812993a..0000000
--- a/host/Rory-nginx/services/email/nginx.nix
+++ /dev/null
@@ -1,32 +0,0 @@
-{ config, ... }:
-{
- services.nginx.virtualHosts = {
- "mta-sts.rory.gay" = {
- enableACME = true;
- forceSSL = true;
- locations = {
- "/.well-known/mta-sts.txt" = {
- # age 604800
- return = ''
- 200 "version: STSv1
- mode: enforce
- max_age: 120
- mx: mail.rory.gay
- "'';
- };
- };
- };
- "mail.rory.gay" = {
- enableACME = true;
- forceSSL = true;
- locations = {
- "/".return = "200 'OK'";
- };
- };
- "autoconfig.rory.gay" = {
- enableACME = true;
- forceSSL = true;
- locations."/".proxyPass = "http://localhost:1323";
- };
- };
-}
diff --git a/host/Rory-nginx/services/email/root.nix b/host/Rory-nginx/services/email/root.nix
deleted file mode 100644
index 7db85d8..0000000
--- a/host/Rory-nginx/services/email/root.nix
+++ /dev/null
@@ -1,8 +0,0 @@
-{ ... }:
-{
- imports = [
- ./autoconfig.nix
- ./maddy.nix
- ./nginx.nix
- ];
-}
diff --git a/host/Rory-nginx/services/matrix/coturn.nix b/host/Rory-nginx/services/matrix/coturn.nix
deleted file mode 100644
index 805faa9..0000000
--- a/host/Rory-nginx/services/matrix/coturn.nix
+++ /dev/null
@@ -1,52 +0,0 @@
-{ ... }:
-
-{
- # coturn (WebRTC)
- services.coturn = {
- enable = false; # Alicia - figure out secret first...
- no-cli = true;
- no-tcp-relay = true;
- min-port = 49000;
- max-port = 50000;
- use-auth-secret = true;
- static-auth-secret = "will be world readable for local users :(";
- realm = "turn.example.com";
- # Alicia - figure out how to get this to work, since nginx runs on separate machine...
- #cert = "${config.security.acme.certs.${realm}.directory}/full.pem";
- #pkey = "${config.security.acme.certs.${realm}.directory}/key.pem";
- extraConfig = ''
- # for debugging
- verbose
- # ban private IP ranges
- no-multicast-peers
- denied-peer-ip=0.0.0.0-0.255.255.255
- denied-peer-ip=10.0.0.0-10.255.255.255
- denied-peer-ip=100.64.0.0-100.127.255.255
- denied-peer-ip=127.0.0.0-127.255.255.255
- denied-peer-ip=169.254.0.0-169.254.255.255
- denied-peer-ip=172.16.0.0-172.31.255.255
- denied-peer-ip=192.0.0.0-192.0.0.255
- denied-peer-ip=192.0.2.0-192.0.2.255
- denied-peer-ip=192.88.99.0-192.88.99.255
- denied-peer-ip=192.168.0.0-192.168.255.255
- denied-peer-ip=198.18.0.0-198.19.255.255
- denied-peer-ip=198.51.100.0-198.51.100.255
- denied-peer-ip=203.0.113.0-203.0.113.255
- denied-peer-ip=240.0.0.0-255.255.255.255
- denied-peer-ip=::1
- denied-peer-ip=64:ff9b::-64:ff9b::ffff:ffff
- denied-peer-ip=::ffff:0.0.0.0-::ffff:255.255.255.255
- denied-peer-ip=100::-100::ffff:ffff:ffff:ffff
- denied-peer-ip=2001::-2001:1ff:ffff:ffff:ffff:ffff:ffff:ffff
- denied-peer-ip=2002::-2002:ffff:ffff:ffff:ffff:ffff:ffff:ffff
- denied-peer-ip=fc00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
- denied-peer-ip=fe80::-febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff
- '';
- };
- #services.matrix-synapse = with config.services.coturn; {
- # turn_uris = ["turn:${realm}:3478?transport=udp" "turn:${realm}:3478?transport=tcp"];
- # turn_shared_secret = static-auth-secret;
- # turn_user_lifetime = "1h";
- #};
-
-}
diff --git a/host/Rory-nginx/services/matrix/draupnir.nix b/host/Rory-nginx/services/matrix/draupnir.nix
deleted file mode 100644
index 40d1489..0000000
--- a/host/Rory-nginx/services/matrix/draupnir.nix
+++ /dev/null
@@ -1,55 +0,0 @@
-{ pkgs, draupnirSrc, ... }:
-
-{
- services.draupnir = {
- #package = (pkgs.draupnir.overrideAttrs (oldAttrs: {
- # src = draupnirSrc;
- # version = draupnirSrc.rev;
- #}));
-
- enable = true;
- homeserverUrl = "https://matrix.rory.gay";
- accessTokenFile = "/etc/draupnir-access-token";
-
- #pantalaimon = {
- # enable = false;
- # username = "draupnir";
- # passwordFile = "/etc/draupnir-password";
- # options = {
- #homeserver = "http://localhost:8008";
- #ssl = false;
- # };
- #};
- settings = {
- managementRoom = "#draupnir-mgmt:rory.gay";
- verboseLogging = false;
- recordIgnoredInvites = true; # Let's log ignored invites, just incase
- autojoinOnlyIfManager = true; # Let's not open ourselves up to DoS attacks
- automaticallyRedactForReasons = [ "*" ]; # I always want autoredact
- fasterMembershipChecks = true;
- #roomStateBackingStore.enabled = true; # broken under nix.
-
- backgroundDelayMS = 10; # delay isn't needed, I don't mind the performance hit
- pollReports = false; # this is a single person homeserver... let's save ourself the work
-
- admin.enableMakeRoomAdminCommand = true;
- commands.ban.defaultReasons = [
- "spam"
- "harassment"
- "transphobia"
- "scam"
- ];
- protections = {
- wordlist = {
- words = [
- "tranny"
- "faggot"
- "ywnbaw"
- "nigger"
- ];
- minutesBeforeTrusting = 0;
- };
- };
- };
- };
-}
diff --git a/host/Rory-nginx/services/matrix/matrix-appservice-discord.nix b/host/Rory-nginx/services/matrix/matrix-appservice-discord.nix
deleted file mode 100644
index 3041aaa..0000000
--- a/host/Rory-nginx/services/matrix/matrix-appservice-discord.nix
+++ /dev/null
@@ -1,25 +0,0 @@
-{ ... }:
-
-{
- # Discord bridge
- services.matrix-appservice-discord = {
- enable = false; # Alicia - figure out secret first...
- environmentFile = /etc/keyring/matrix-appservice-discord/tokens.env;
- # The appservice is pre-configured to use SQLite by default.
- # It's also possible to use PostgreSQL.
- settings = {
- bridge = {
- domain = "rory.gay";
- homeserverUrl = "https://matrix.rory.gay";
- };
-
- # The service uses SQLite by default, but it's also possible to use
- # PostgreSQL instead:
- database = {
- # filename = ""; # empty value to disable sqlite
- connString = "postgres://postgres@127.0.0.1/matrix-appservice-discord";
- };
- };
- };
-
-}
diff --git a/host/Rory-nginx/services/matrix/sliding-sync.nix b/host/Rory-nginx/services/matrix/sliding-sync.nix
deleted file mode 100644
index a8fbd0c..0000000
--- a/host/Rory-nginx/services/matrix/sliding-sync.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{ ... }:
-{
- services.matrix-sliding-sync = {
- enable = true;
- settings = {
- "SYNCV3_SERVER" = "http://matrix.rory.gay";
- "SYNCV3_DB" = "postgresql://%2Frun%2Fpostgresql/syncv3";
- "SYNCV3_BINDADDR" = "0.0.0.0:8100";
- };
- environmentFile = "/etc/sliding-sync.env";
- };
-}
diff --git a/host/Rory-ovh/hooks/post-rebuild.sh b/host/Rory-ovh/hooks/post-rebuild.sh
index fcab049..f4f5896 100755
--- a/host/Rory-ovh/hooks/post-rebuild.sh
+++ b/host/Rory-ovh/hooks/post-rebuild.sh
@@ -1,6 +1,7 @@
#!/usr/bin/env nix-shell
#!nix-shell -i bash -p curl gnused nix coreutils jq openssl
#set -x
+exit
REG_KEY=`cat /var/lib/matrix-synapse/registration_shared_secret.txt`
LOCALPART='rory.gay'
REACHABLE_DOMAIN='http://localhost:8008'
diff --git a/modules/users/Rory.nix b/modules/users/Rory.nix
index 546fdc2..545d2fa 100755
--- a/modules/users/Rory.nix
+++ b/modules/users/Rory.nix
@@ -86,7 +86,7 @@
enableVteIntegration = true;
autocd = true;
- initExtraFirst = ''
+ initContent = lib.mkBefore ''
export EDITOR=nvim
export SYSTEMD_EDITOR=$EDITOR
export GIT_EDITOR=$EDITOR
|
