diff --git a/flake.lock b/flake.lock
new file mode 100644
index 0000000..f77ac7e
--- /dev/null
+++ b/flake.lock
@@ -0,0 +1,299 @@
+{
+ "nodes": {
+ "flake-compat": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1767039857,
+ "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=",
+ "owner": "NixOS",
+ "repo": "flake-compat",
+ "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "repo": "flake-compat",
+ "type": "github"
+ }
+ },
+ "flake-utils": {
+ "inputs": {
+ "systems": "systems"
+ },
+ "locked": {
+ "lastModified": 1731533236,
+ "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "flake-utils_2": {
+ "inputs": {
+ "systems": "systems_2"
+ },
+ "locked": {
+ "lastModified": 1731533236,
+ "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+ "type": "github"
+ },
+ "original": {
+ "id": "flake-utils",
+ "type": "indirect"
+ }
+ },
+ "flake-utils_3": {
+ "inputs": {
+ "systems": "systems_3"
+ },
+ "locked": {
+ "lastModified": 1731533236,
+ "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "flakey-profile": {
+ "locked": {
+ "lastModified": 1712898590,
+ "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=",
+ "owner": "lf-",
+ "repo": "flakey-profile",
+ "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d",
+ "type": "github"
+ },
+ "original": {
+ "owner": "lf-",
+ "repo": "flakey-profile",
+ "type": "github"
+ }
+ },
+ "git-hooks": {
+ "inputs": {
+ "flake-compat": "flake-compat",
+ "gitignore": "gitignore",
+ "nixpkgs": [
+ "nom",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1767281941,
+ "narHash": "sha256-6MkqajPICgugsuZ92OMoQcgSHnD6sJHwk8AxvMcIgTE=",
+ "owner": "cachix",
+ "repo": "git-hooks.nix",
+ "rev": "f0927703b7b1c8d97511c4116eb9b4ec6645a0fa",
+ "type": "github"
+ },
+ "original": {
+ "owner": "cachix",
+ "repo": "git-hooks.nix",
+ "type": "github"
+ }
+ },
+ "gitignore": {
+ "inputs": {
+ "nixpkgs": [
+ "nom",
+ "git-hooks",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1709087332,
+ "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
+ "owner": "hercules-ci",
+ "repo": "gitignore.nix",
+ "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
+ "type": "github"
+ },
+ "original": {
+ "owner": "hercules-ci",
+ "repo": "gitignore.nix",
+ "type": "github"
+ }
+ },
+ "lix": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1768229765,
+ "narHash": "sha256-rcXdr5TN9aCVKVuT8eDvyV/eweI4W+5k2pBJ4m/eqbs=",
+ "rev": "f4314643828a013aa84a52959786e53729e58a5a",
+ "type": "tarball",
+ "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/f4314643828a013aa84a52959786e53729e58a5a.tar.gz?rev=f4314643828a013aa84a52959786e53729e58a5a"
+ },
+ "original": {
+ "type": "tarball",
+ "url": "https://git.lix.systems/lix-project/lix/archive/main.tar.gz"
+ }
+ },
+ "lix-module": {
+ "inputs": {
+ "flake-utils": "flake-utils",
+ "flakey-profile": "flakey-profile",
+ "lix": [
+ "lix"
+ ],
+ "nixpkgs": [
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1767364176,
+ "narHash": "sha256-l6YdEBYQxXjD8ujqvc0tKdwWc3K8UQOi+E4Y3DKQ318=",
+ "rev": "1688100bba140492658d597f6b307c327f35c780",
+ "type": "tarball",
+ "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/1688100bba140492658d597f6b307c327f35c780.tar.gz?rev=1688100bba140492658d597f6b307c327f35c780"
+ },
+ "original": {
+ "type": "tarball",
+ "url": "https://git.lix.systems/lix-project/nixos-module/archive/main.tar.gz"
+ }
+ },
+ "nixpkgs": {
+ "locked": {
+ "lastModified": 1768127708,
+ "narHash": "sha256-1Sm77VfZh3mU0F5OqKABNLWxOuDeHIlcFjsXeeiPazs=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "ffbc9f8cbaacfb331b6017d5a5abb21a492c9a38",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "ref": "nixos-unstable",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs_2": {
+ "locked": {
+ "lastModified": 1768564909,
+ "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "ref": "nixos-unstable",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nom": {
+ "inputs": {
+ "flake-utils": "flake-utils_2",
+ "git-hooks": "git-hooks",
+ "nixpkgs": [
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1767934960,
+ "narHash": "sha256-37J2rFSXwcoB40BDBP4pbGOaeByzYlLs3fzAg7rtBbs=",
+ "owner": "maralorn",
+ "repo": "nix-output-monitor",
+ "rev": "407f0d21bb0360a0d6fd21978be115fcc300b2d4",
+ "type": "github"
+ },
+ "original": {
+ "owner": "maralorn",
+ "repo": "nix-output-monitor",
+ "type": "github"
+ }
+ },
+ "root": {
+ "inputs": {
+ "lix": "lix",
+ "lix-module": "lix-module",
+ "nixpkgs": "nixpkgs",
+ "nom": "nom",
+ "spacebar": "spacebar"
+ }
+ },
+ "spacebar": {
+ "inputs": {
+ "flake-utils": "flake-utils_3",
+ "nixpkgs": "nixpkgs_2"
+ },
+ "locked": {
+ "lastModified": 1769067066,
+ "narHash": "sha256-5z7fdquflqJIPlcQxordFL8wMHXp0UXO5y1fswNI7g8=",
+ "owner": "spacebarchat",
+ "repo": "server",
+ "rev": "b3a595f25d0a99fcd440e3a7c2013abaf1a07074",
+ "type": "github"
+ },
+ "original": {
+ "owner": "spacebarchat",
+ "repo": "server",
+ "type": "github"
+ }
+ },
+ "systems": {
+ "locked": {
+ "lastModified": 1681028828,
+ "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+ "owner": "nix-systems",
+ "repo": "default",
+ "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-systems",
+ "repo": "default",
+ "type": "github"
+ }
+ },
+ "systems_2": {
+ "locked": {
+ "lastModified": 1681028828,
+ "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+ "owner": "nix-systems",
+ "repo": "default",
+ "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-systems",
+ "repo": "default",
+ "type": "github"
+ }
+ },
+ "systems_3": {
+ "locked": {
+ "lastModified": 1681028828,
+ "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+ "owner": "nix-systems",
+ "repo": "default",
+ "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-systems",
+ "repo": "default",
+ "type": "github"
+ }
+ }
+ },
+ "root": "root",
+ "version": 7
+}
diff --git a/flake.nix b/flake.nix
new file mode 100755
index 0000000..75cafe0
--- /dev/null
+++ b/flake.nix
@@ -0,0 +1,59 @@
+{
+ description = "Rory&'s services flake";
+
+ nixConfig = {
+ extra-substituters = [
+ "https://nix-bincache.rory.gay"
+ ];
+ extra-trusted-public-keys = [
+ "nix-bincache.rory.gay:663PIW8xxgIImxLcsokODWI2PHFWXvzJEfjX6TaIjxQ="
+ ];
+ };
+
+ inputs = {
+ # Different nixpkgs versions
+ nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+
+ lix = {
+ url = "https://git.lix.systems/lix-project/lix/archive/main.tar.gz";
+ flake = false;
+ };
+
+ lix-module = {
+ url = "https://git.lix.systems/lix-project/nixos-module/archive/main.tar.gz";
+ inputs.nixpkgs.follows = "nixpkgs";
+ inputs.lix.follows = "lix";
+ };
+
+ nom = {
+ url = "github:maralorn/nix-output-monitor";
+ inputs.nixpkgs.follows = "nixpkgs";
+ };
+
+ # Own projects/custom modules
+ spacebar = {
+ url = "github:spacebarchat/server";
+ };
+ };
+
+ outputs =
+ inputs:
+ with inputs;
+ {
+ nixosConfigurations = {
+ Rory-ovh = nixpkgs.lib.nixosSystem {
+ system = "x86_64-linux";
+ modules = [
+ ./host/Rory-ovh/configuration.nix
+ #./hardware-configuration.nix
+
+ lix-module.nixosModules.default
+ ];
+ specialArgs = {
+ inherit spacebar;
+ inherit (inputs) nom;
+ };
+ };
+ };
+ };
+}
diff --git a/host/Rory-ovh/configuration.nix b/host/Rory-ovh/configuration.nix
new file mode 100755
index 0000000..ec2dc13
--- /dev/null
+++ b/host/Rory-ovh/configuration.nix
@@ -0,0 +1,96 @@
+{
+ pkgs,
+ lib,
+ nixpkgs-master,
+ matrix-synapse-unwrapped-patched,
+ draupnir,
+ spacebar,
+ ...
+}:
+
+{
+ imports = [
+ ../../modules/base-server.nix
+
+ ./services/nginx/nginx.nix
+ ./services/postgres.nix
+ ./vm.nix
+ ];
+ boot.loader.grub.devices = lib.mkForce [ "nodev" ];
+
+ networking = {
+ hostName = "Rory-ovh";
+ nat = {
+ enable = true;
+ internalInterfaces = [
+ "ve-+"
+ "vb-+"
+ ];
+ externalInterface = "enp98s0f0";
+ enableIPv6 = false;
+ };
+ enableIPv6 = lib.mkForce false;
+ nameservers = lib.mkForce [ "1.1.1.1" ];
+ firewall.enable = lib.mkForce true;
+ resolvconf.enable = false;
+ defaultGateway = lib.mkForce null;
+ defaultGateway6 = lib.mkForce null;
+ firewall.allowedTCPPorts = [
+ 25565
+ ];
+ };
+
+ systemd.network = {
+ enable = true;
+ networks.enp98s0f0 = {
+ name = "enp98s0f0";
+ DHCP = "no";
+ #gateway = [ "51.210.113.254" ];
+ routes = [
+ {
+ Gateway = "51.210.113.254";
+ GatewayOnLink = true;
+ }
+ ];
+ address = [ "51.210.113.110/32" ];
+ };
+ };
+
+ nixpkgs.config.permittedInsecurePackages = [
+ "olm-3.2.16"
+ "dotnet-runtime-wrapped-7.0.20"
+ "dotnet-runtime-7.0.20"
+ "dotnet-sdk-7.0.20"
+ ];
+ services.irqbalance.enable = true;
+
+ environment.memoryAllocator.provider = "jemalloc";
+
+ networking.firewall.interfaces."ve-spacebar".allowedTCPPorts = [ 5432 ];
+ containers."spacebar" = import ./services/containers/spacebar/container.nix {
+ inherit
+ pkgs
+ lib
+ spacebar
+ ;
+ };
+
+ # prevent a hang on rebuild with forgotten shells...
+ systemd.services."container@spacebar" = {
+ # dependency on postgres for good measure...
+ after = [ "postgresql.service" ];
+ wants = [ "postgresql.service" ];
+ # preStop = ''
+ # for pid in $(pgrep -f "nixos-container root-login spacebar"); do
+ # echo "Killing shell with PID $pid"
+ # kill -9 "$pid"
+ # done
+ # '';
+ };
+
+ system.stateVersion = "22.11"; # DO NOT EDIT!
+
+ environment.systemPackages = with pkgs; [ waypipe ];
+
+ nix.nrBuildUsers = 128;
+}
diff --git a/host/Rory-ovh/services/containers/shared.nix b/host/Rory-ovh/services/containers/shared.nix
new file mode 100644
index 0000000..543e92a
--- /dev/null
+++ b/host/Rory-ovh/services/containers/shared.nix
@@ -0,0 +1,42 @@
+{ pkgs, lib, config, ... }:
+{
+ environment.systemPackages = with pkgs; [
+ lnav
+ lsd
+ htop
+ btop
+ duf
+ kitty.terminfo
+ neovim
+ jq
+ dig
+ ];
+
+ networking.resolvconf.enable = false;
+ networking.nameservers = [
+ "1.1.1.1"
+ "1.0.0.1"
+ "8.8.8.8"
+ "8.4.4.8"
+ ];
+
+ environment.etc."resolv.conf" = lib.mkDefault {
+ text = lib.concatStringsSep "\n" (
+ lib.optionals (config.networking ? nameservers) (map (nameserver: "nameserver ${nameserver}") (config.networking.nameservers))
+ #++ lib.optionals (config.networking ? enableIPv6 && !config.networking.enableIPv6) [ "options no-aaaa" ]
+ ++ lib.optionals (config.networking ? enableIPv6 && config.networking.enableIPv6) [
+ "options single-request"
+ "options single-request-reopen"
+ "options inet6"
+ ]
+ );
+ };
+
+ services.resolved = {
+ enable = lib.mkForce false;
+ dnssec = lib.mkForce "false";
+ dnsovertls = lib.mkForce "false";
+ };
+
+ systemd.oomd.enable = false; # Kinda useless in a container, lol
+}
diff --git a/host/Rory-ovh/services/containers/spacebar/container.nix b/host/Rory-ovh/services/containers/spacebar/container.nix
new file mode 100644
index 0000000..841a663
--- /dev/null
+++ b/host/Rory-ovh/services/containers/spacebar/container.nix
@@ -0,0 +1,35 @@
+{
+ spacebar,
+ ...
+}:
+
+{
+ privateNetwork = true;
+ autoStart = true;
+ specialArgs = {
+ inherit spacebar;
+ };
+ config =
+ { lib, pkgs, ... }:
+ {
+ imports = [
+ ../shared.nix
+ ./root.nix
+ ./services/spacebar.nix
+ ];
+ };
+ hostAddress = "192.168.100.1";
+ localAddress = "192.168.100.22";
+
+ #bindMounts."spacebar-storage" = {
+ # hostPath = "/data/dedicated/spacebar-storage";
+ # mountPoint = "/storage";
+ # isReadOnly = false;
+ #};
+
+ #bindMounts."spacebar-secrets" = {
+ # hostPath = "/data/secrets/spacebar";
+ # mountPoint = "/run/secrets/spacebar";
+ # isReadOnly = true;
+ #};
+}
diff --git a/host/Rory-ovh/services/containers/spacebar/root.nix b/host/Rory-ovh/services/containers/spacebar/root.nix
new file mode 100644
index 0000000..cb7d3cd
--- /dev/null
+++ b/host/Rory-ovh/services/containers/spacebar/root.nix
@@ -0,0 +1,33 @@
+{ pkgs, ... }:
+
+{
+ networking.useHostResolvConf = true;
+
+ networking.hosts = {
+ "192.168.100.1" = [
+ "matrix.rory.gay"
+ "rory.gay"
+ ];
+ };
+
+ networking.firewall = {
+ enable = true;
+ allowedTCPPorts = [
+ 3001
+ 3002
+ 3003
+ ];
+ };
+
+ # check that we can reach the database server before starting the service
+ #systemd.services."spacebar-apply-migrations" =
+ # let
+ # address = "192.168.100.1";
+ # in
+ # {
+ # path = [ pkgs.netcat pkgs.bash ];
+ # serviceConfig = {
+ # ExecStartPre = "${pkgs.bash}/bin/sh -c 'until ${pkgs.netcat}/bin/nc -z ${address} 5432; do echo \"Waiting for database server...\"; sleep 0.2; done'";
+ # };
+ # };
+}
diff --git a/host/Rory-ovh/services/containers/spacebar/services/spacebar.nix b/host/Rory-ovh/services/containers/spacebar/services/spacebar.nix
new file mode 100644
index 0000000..0c1b37c
--- /dev/null
+++ b/host/Rory-ovh/services/containers/spacebar/services/spacebar.nix
@@ -0,0 +1,181 @@
+{ spacebar, ... }:
+
+let
+ sb = import "${spacebar}/nix/modules/default/lib.nix";
+in
+{
+ imports = [ spacebar.nixosModules.default ];
+ services.spacebarchat-server = {
+ enable = true;
+ serverName = "spacebar.chat";
+ apiEndpoint = sb.mkEndpoint "api.rory.server.spacebar.chat" 3001 true;
+ gatewayEndpoint = sb.mkEndpoint "gateway.rory.server.spacebar.chat" 3002 true;
+ cdnEndpoint = sb.mkEndpoint "cdn.rory.server.spacebar.chat" 3003 true;
+ #cdnPath = "/storage";
+
+ #cdnSignaturePath = "/run/secrets/spacebar/cdnSignature";
+ #legacyJwtSecretPath = "/run/secrets/spacebar/legacyJwtSecret";
+ #mailjetApiKeyPath = "/run/secrets/spacebar/mailjetApiKey";
+ #mailjetApiSecretPath = "/run/secrets/spacebar/mailjetApiSecret";
+ ## smtpPasswordPath = "/run/secrets/spacebar/smtpPassword";
+ #gifApiKeyPath = "/run/secrets/spacebar/gifApiKey";
+ ## rabbitmqHostPath = "/run/secrets/spacebar/rabbitmqHost";
+ #abuseIpDbApiKeyPath = "/run/secrets/spacebar/abuseIpDbApiKey";
+ #captchaSecretKeyPath = "/run/secrets/spacebar/captchaSecretKey";
+ #captchaSiteKeyPath = "/run/secrets/spacebar/captchaSiteKey";
+ #ipdataApiKeyPath = "/run/secrets/spacebar/ipdataApiKey";
+ #requestSignaturePath = "/run/secrets/spacebar/requestSignature";
+
+ settings = {
+ security = {
+ forwardedFor = "X-Forwarded-For";
+ trustedProxies = "192.168.100.1, linklocal";
+ cdnSignUrls = true;
+ cdnSignatureIncludeIp = true;
+ cdnSignatureIncludeUserAgent = true;
+ cdnSignatureDuration = "5m";
+ };
+ general = {
+ frontPage = "https://spacebar.chat";
+ instanceDescription = "The official testing for Spacebar";
+ instanceId = "1007550087590649856";
+ instanceName = "Spacebar Staging Official";
+ publicUrl = "https://rory.server.spacebar.chat";
+ tosPage = "https://docs.spacebar.chat/contributing/conduct/";
+ correspondenceUserID = "1006598230156341276";
+ correspondenceEmail = "root@rory.gay";
+ };
+ guild = {
+ autoJoin = {
+ bots = false;
+ canLeave = true;
+ enabled = true;
+ guilds = [ "1006649183970562092" ];
+ };
+ };
+ limits = {
+ guild = {
+ maxMembers = 25000000;
+ maxEmojis = 2000;
+ maxChannelsInCategory = 65535;
+ maxChannels = 250;
+ maxRoles = 250;
+ maxBulkBanUsers = 200;
+ maxStickers = 500;
+ };
+ message = {
+ maxCharacters = 1048576;
+ maxTTSCharacters = 160;
+ maxReactions = 2048;
+ maxAttachmentSize = 1073741824;
+ maxEmbedDownloadSize = 5242880;
+ maxBulkDelete = 1000;
+ maxPreloadCount = 100;
+ };
+ channel = {
+ maxPins = 500;
+ maxTopic = 1024;
+ maxWebhooks = 100;
+ };
+ rate = {
+ ip = {
+ window = 5;
+ count = 500;
+ };
+ global = {
+ count = 250;
+ window = 5;
+ };
+ error = {
+ window = 5;
+ count = 10;
+ };
+ routes = {
+ guild = {
+ window = 5;
+ count = 5;
+ };
+ webhook = {
+ count = 10;
+ window = 5;
+ };
+ channel = {
+ count = 10;
+ window = 5;
+ };
+ auth = {
+ login = {
+ window = 60;
+ count = 5;
+ };
+ register = {
+ count = 2;
+ window = 43200;
+ };
+ };
+ };
+ enabled = false;
+ };
+ user = {
+ maxGuilds = 1000;
+ maxUsername = 64;
+ maxFriends = 2000;
+ maxBio = 500;
+ };
+ absoluteRate = {
+ register = {
+ limit = 25;
+ window = 3600000;
+ enabled = false;
+ };
+ sendMessage = {
+ limit = 120;
+ window = 60000;
+ enabled = false;
+ };
+ };
+ };
+ user = {
+ blockedContains = [
+ "discord"
+ "clyde"
+ "mail.ru"
+ "penis"
+ "child"
+ "admin"
+ "owner"
+ "moderator"
+ "Noruya"
+ "𝖞𝖔𝖗𝖚𝖟𝖆"
+ "spacebar"
+ "1488"
+ "hitler"
+ "nigger"
+ "nitro"
+ "monero"
+ "gmail.com"
+ "outlook.com"
+ "steam"
+ ];
+ };
+ };
+ extraEnvironment = {
+ DATABASE = "postgres://postgres:postgres@192.168.100.1/spacebar";
+ #WEBRTC_PORT_RANGE=60000-61000;
+ #PUBLIC_IP=216.230.228.60;
+ LOG_REQUESTS = "-200,204,304";
+ LOG_VALIDATION_ERRORS = true;
+ #DB_LOGGING=true;
+ #LOG_GATEWAY_TRACES=true;
+ #LOG_PROTO_UPDATES=true;
+ #LOG_PROTO_FRECENCY_UPDATES=true;
+ #LOG_PROTO_SETTINGS_UPDATES=true;
+ #WRTC_PUBLIC_IP=webrtc.old.server.spacebar.chat;
+ WRTC_PUBLIC_IP = "216.230.228.19";
+ WRTC_PORT_MIN = 60000;
+ WRTC_PORT_MAX = 65000;
+ WRTC_LIBRARY = "@spacebarchat/medooze-webrtc";
+ #WRTC_LIBRARY=mediasoup-spacebar-wrtc;
+ };
+ };
+}
diff --git a/host/Rory-ovh/services/nginx/nginx.nix b/host/Rory-ovh/services/nginx/nginx.nix
new file mode 100755
index 0000000..d3ba2f5
--- /dev/null
+++ b/host/Rory-ovh/services/nginx/nginx.nix
@@ -0,0 +1,65 @@
+{ config, pkgs, ... }:
+let
+ serveDir = config: {
+ enableACME = if config ? ssl then config.ssl else !config.virtualisation.isVmVariant;
+ addSSL = if config ? ssl then config.ssl else true;
+ root = if config ? path then config.path else builtins.throw "path is required";
+ locations = {
+ "/" = {
+ index = "index.html";
+ };
+ };
+ };
+in
+{
+ services = {
+ nginx = {
+ enable = true;
+ recommendedProxySettings = true;
+ recommendedTlsSettings = true;
+ experimentalZstdSettings = true;
+ #recommendedGzipSettings = true;
+ recommendedBrotliSettings = true;
+ recommendedOptimisation = true;
+ #defaultMimeTypes = ../../../../packages/nginx/mime.types;
+ appendConfig = ''
+ worker_processes 16;
+ '';
+ eventsConfig = ''
+ #use kqueue;
+ worker_connections 512;
+ '';
+ appendHttpConfig = ''
+ #sendfile on;
+ disable_symlinks off;
+ log_format combined_vhosts '$remote_addr - $remote_user [$time_local] {host="$host",server_name="$server_name",upstream=$upstream_addr,t=$request_time[u_conn=$upstream_connect_time,u_hdr=$upstream_header_time,u_resp=$upstream_response_time]} "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"';
+ access_log /var/log/nginx/access.log combined_vhosts;
+ '';
+ additionalModules = with pkgs.nginxModules; [ moreheaders ];
+ virtualHosts = {
+ #spacebar...
+ "rory.server.spacebar.chat" = import ./spacebar.chat/server/rory/root.nix { inherit config; };
+ "api.rory.server.spacebar.chat" = import ./spacebar.chat/server/rory/api.nix { inherit config; };
+ "gateway.rory.server.spacebar.chat" = import ./spacebar.chat/server/rory/gateway.nix { inherit config; };
+ "cdn.rory.server.spacebar.chat" = import ./spacebar.chat/server/rory/cdn.nix { inherit config; };
+ # legacy
+ "old.server.spacebar.chat" = import ./spacebar.chat/server/rory/root.nix { inherit config; };
+ "api.old.server.spacebar.chat" = import ./spacebar.chat/server/rory/api.nix { inherit config; };
+ "gateway.old.server.spacebar.chat" = import ./spacebar.chat/server/rory/gateway.nix { inherit config; };
+ "cdn.old.server.spacebar.chat" = import ./spacebar.chat/server/rory/cdn.nix { inherit config; };
+ };
+ };
+ };
+ systemd.services.nginx.serviceConfig = {
+ LimitNOFILE = 5000000;
+ };
+ security.acme.acceptTerms = true;
+ security.acme.defaults.email = "root@rory.gay";
+
+ networking.hosts."127.0.0.1" = builtins.attrNames config.services.nginx.virtualHosts;
+ networking.firewall.allowedTCPPorts = [
+ 80
+ 443
+ ];
+ networking.firewall.allowedUDPPorts = [ 443 ];
+}
diff --git a/host/Rory-ovh/services/nginx/spacebar.chat/server/old/api.nix b/host/Rory-ovh/services/nginx/spacebar.chat/server/old/api.nix
new file mode 100644
index 0000000..8b7df6d
--- /dev/null
+++ b/host/Rory-ovh/services/nginx/spacebar.chat/server/old/api.nix
@@ -0,0 +1,14 @@
+{
+ enableACME = true;
+ forceSSL = true;
+ locations = {
+ "/" = {
+ proxyPass = "http://192.168.1.200:3001";
+ proxyWebsockets = true;
+ extraConfig =
+ "proxy_ssl_server_name on;" +
+ "proxy_pass_header Authorization;"
+ ;
+ };
+ };
+}
diff --git a/host/Rory-ovh/services/nginx/spacebar.chat/server/old/cdn.nix b/host/Rory-ovh/services/nginx/spacebar.chat/server/old/cdn.nix
new file mode 100644
index 0000000..89958fe
--- /dev/null
+++ b/host/Rory-ovh/services/nginx/spacebar.chat/server/old/cdn.nix
@@ -0,0 +1,14 @@
+{
+ enableACME = true;
+ forceSSL = true;
+ locations = {
+ "/" = {
+ proxyPass = "http://192.168.1.200:3003";
+ proxyWebsockets = true;
+ extraConfig =
+ "proxy_ssl_server_name on;" +
+ "proxy_pass_header Authorization;"
+ ;
+ };
+ };
+}
diff --git a/host/Rory-ovh/services/nginx/spacebar.chat/server/old/gateway.nix b/host/Rory-ovh/services/nginx/spacebar.chat/server/old/gateway.nix
new file mode 100644
index 0000000..ff95a5e
--- /dev/null
+++ b/host/Rory-ovh/services/nginx/spacebar.chat/server/old/gateway.nix
@@ -0,0 +1,14 @@
+{
+ enableACME = true;
+ forceSSL = true;
+ locations = {
+ "/" = {
+ proxyPass = "http://192.168.1.200:3002";
+ proxyWebsockets = true;
+ extraConfig =
+ "proxy_ssl_server_name on;" +
+ "proxy_pass_header Authorization;"
+ ;
+ };
+ };
+}
diff --git a/host/Rory-ovh/services/nginx/spacebar.chat/server/old/root.nix b/host/Rory-ovh/services/nginx/spacebar.chat/server/old/root.nix
new file mode 100644
index 0000000..8b7df6d
--- /dev/null
+++ b/host/Rory-ovh/services/nginx/spacebar.chat/server/old/root.nix
@@ -0,0 +1,14 @@
+{
+ enableACME = true;
+ forceSSL = true;
+ locations = {
+ "/" = {
+ proxyPass = "http://192.168.1.200:3001";
+ proxyWebsockets = true;
+ extraConfig =
+ "proxy_ssl_server_name on;" +
+ "proxy_pass_header Authorization;"
+ ;
+ };
+ };
+}
diff --git a/host/Rory-ovh/services/nginx/spacebar.chat/server/rory/api.nix b/host/Rory-ovh/services/nginx/spacebar.chat/server/rory/api.nix
new file mode 100644
index 0000000..00bbc6c
--- /dev/null
+++ b/host/Rory-ovh/services/nginx/spacebar.chat/server/rory/api.nix
@@ -0,0 +1,9 @@
+{ config }:
+{
+ enableACME = !config.virtualisation.isVmVariant;
+ addSSL = !config.virtualisation.isVmVariant;
+ locations."/" = {
+ proxyPass = "http://192.168.100.22:3001";
+ extraConfig = "proxy_ssl_server_name on;" + "proxy_pass_header Authorization;";
+ };
+}
diff --git a/host/Rory-ovh/services/nginx/spacebar.chat/server/rory/cdn.nix b/host/Rory-ovh/services/nginx/spacebar.chat/server/rory/cdn.nix
new file mode 100644
index 0000000..02894d7
--- /dev/null
+++ b/host/Rory-ovh/services/nginx/spacebar.chat/server/rory/cdn.nix
@@ -0,0 +1,9 @@
+{ config }:
+{
+ enableACME = !config.virtualisation.isVmVariant;
+ addSSL = !config.virtualisation.isVmVariant;
+ locations."/" = {
+ proxyPass = "http://192.168.100.22:3003";
+ extraConfig = "proxy_ssl_server_name on;" + "proxy_pass_header Authorization;";
+ };
+}
diff --git a/host/Rory-ovh/services/nginx/spacebar.chat/server/rory/gateway.nix b/host/Rory-ovh/services/nginx/spacebar.chat/server/rory/gateway.nix
new file mode 100644
index 0000000..88a37da
--- /dev/null
+++ b/host/Rory-ovh/services/nginx/spacebar.chat/server/rory/gateway.nix
@@ -0,0 +1,10 @@
+{ config }:
+{
+ enableACME = !config.virtualisation.isVmVariant;
+ addSSL = !config.virtualisation.isVmVariant;
+ locations."/" = {
+ proxyPass = "http://192.168.100.22:3002";
+ proxyWebsockets = true;
+ extraConfig = "proxy_ssl_server_name on;" + "proxy_pass_header Authorization;";
+ };
+}
diff --git a/host/Rory-ovh/services/nginx/spacebar.chat/server/rory/root.nix b/host/Rory-ovh/services/nginx/spacebar.chat/server/rory/root.nix
new file mode 100644
index 0000000..00bbc6c
--- /dev/null
+++ b/host/Rory-ovh/services/nginx/spacebar.chat/server/rory/root.nix
@@ -0,0 +1,9 @@
+{ config }:
+{
+ enableACME = !config.virtualisation.isVmVariant;
+ addSSL = !config.virtualisation.isVmVariant;
+ locations."/" = {
+ proxyPass = "http://192.168.100.22:3001";
+ extraConfig = "proxy_ssl_server_name on;" + "proxy_pass_header Authorization;";
+ };
+}
diff --git a/host/Rory-ovh/services/postgres.nix b/host/Rory-ovh/services/postgres.nix
new file mode 100755
index 0000000..5faf1d3
--- /dev/null
+++ b/host/Rory-ovh/services/postgres.nix
@@ -0,0 +1,103 @@
+{ config, pkgs, ... }:
+
+{
+ #systemd.tmpfiles.rules = [ "d /data/dedicated/postgres 0750 postgres postgres" ];
+
+ services.postgresql = {
+ enable = true;
+ package = pkgs.postgresql_17_jit;
+ enableTCPIP = true;
+ authentication = pkgs.lib.mkOverride 10 ''
+ # TYPE, DATABASE, USER, ADDRESS, METHOD
+ local all all trust
+ host all all 127.0.0.1/32 trust
+ host all all ::1/128 trust
+ host all all 192.168.100.22/32 trust
+ host discordbots discordbots 192.168.1.2/32 trust
+ host matrix-synapse-rory-gay matrix-synapse-rory-gay 192.168.1.5/32 trust
+ host all all 0.0.0.0/0 md5
+ '';
+ # initialScript = pkgs.writeText "backend-initScript" ''
+ # CREATE ROLE nixcloud WITH LOGIN PASSWORD 'nixcloud' CREATEDB;
+ # CREATE DATABASE nixcloud;
+ # GRANT ALL PRIVILEGES ON DATABASE nixcloud TO nixcloud;
+ # '';
+ initialScript = pkgs.writeText "spacebar-initScript" ''
+ CREATE DATABASE spacebar;
+ '';
+ #dataDir = "/data/dedicated/postgres";
+ settings = {
+ # https://pgconfigurator.cybertec.at/
+ max_connections = 2500;
+ superuser_reserved_connections = 3;
+
+ shared_buffers = if config.virtualisation.isVmVariant then "128MB" else "64GB";
+ work_mem = if config.virtualisation.isVmVariant then "64MB" else "32GB";
+ maintenance_work_mem = if config.virtualisation.isVmVariant then "512MB" else "8GB";
+ huge_pages = "try";
+ effective_cache_size = if config.virtualisation.isVmVariant then "1GB" else "64GB"; # was 22
+ effective_io_concurrency = 100;
+ random_page_cost = 1.1;
+
+ # can use this to view stats: SELECT query, total_time, calls, rows FROM pg_stat_statements ORDER BY total_time DESC LIMIT 10;
+ shared_preload_libraries = "pg_stat_statements";
+ track_io_timing = "on";
+ track_functions = "pl";
+ "pg_stat_statements.max" = "10000"; # additional
+ "pg_stat_statements.track" = "all"; # additional
+
+ wal_level = "replica";
+ max_wal_senders = 0;
+ synchronous_commit = "on"; # was ond3
+
+ checkpoint_timeout = "15min";
+ checkpoint_completion_target = "0.9";
+ max_wal_size = "2GB";
+ min_wal_size = "1GB";
+
+ wal_compression = "off";
+ wal_buffers = "-1";
+ wal_writer_delay = "500ms"; # was 100
+ wal_writer_flush_after = "32MB"; # was 1
+ #checkpoint_segments = "64"; # additional
+ default_statistics_target = "250"; # additional
+
+ bgwriter_delay = "200ms";
+ bgwriter_lru_maxpages = "100";
+ bgwriter_lru_multiplier = "2.0";
+ bgwriter_flush_after = "0";
+
+ max_worker_processes = "64"; # was 14
+ max_parallel_workers_per_gather = "32"; # was 7
+ max_parallel_maintenance_workers = "32"; # was 7
+ max_parallel_workers = "64"; # was 14
+ parallel_leader_participation = "on";
+
+ enable_partitionwise_join = "on";
+ enable_partitionwise_aggregate = "on";
+ jit = "on";
+ max_slot_wal_keep_size = "1GB";
+ track_wal_io_timing = "on";
+ maintenance_io_concurrency = "4";
+ wal_recycle = "on";
+
+ };
+ };
+
+ # services.prometheus.exporters.postgres = {
+ # enable = true;
+ # port = 9187;
+ # extraFlags = [
+ # "--collector.database_wraparound"
+ # "--collector.long_running_transactions"
+ # "--collector.postmaster"
+ # "--collector.process_idle"
+ # "--collector.stat_activity_autovacuum"
+ # "--collector.stat_statements"
+ # #"--collector.stat_wal_receiver" #we dont have WAL receivers
+ # "--collector.statio_user_indexes"
+ # "--collector.xlog_location"
+ # ];
+ # };
+
+}
diff --git a/host/Rory-ovh/vm.nix b/host/Rory-ovh/vm.nix
new file mode 100644
index 0000000..7bc237c
--- /dev/null
+++ b/host/Rory-ovh/vm.nix
@@ -0,0 +1,50 @@
+{
+ nixpkgs,
+ modulesPath,
+ pkgs,
+ lib,
+ ...
+}:
+{
+ imports = [
+ # (modulesPath + "/virtualisation/qemu-vm.nix")
+ ];
+
+ networking.firewall.enable = false;
+
+ boot = {
+ initrd = {
+ systemd.enable = true;
+ systemd.emergencyAccess = true;
+ };
+ kernelParams = [
+ "console=ttyS0,115200"
+ "systemd.gpt_auto=0"
+ #"console=tty1"
+ #"quiet"
+ ];
+ loader.timeout = 1;
+ };
+ boot.supportedFilesystems = lib.mkForce [ ];
+ hardware.enableRedistributableFirmware = lib.mkForce false;
+ #environment.systemPackages = lib.mkForce [ ];
+ documentation.enable = lib.mkForce false;
+ documentation.nixos.enable = lib.mkForce false;
+ networking.wireless.enable = lib.mkForce false;
+
+ console = {
+ earlySetup = true;
+ font = "${pkgs.cozette}/share/consolefonts/cozette6x13.psfu";
+ packages = with pkgs; [ cozette ];
+ };
+
+ system = {
+ #activatable = false;
+ copySystemConfiguration = false;
+ includeBuildDependencies = false;
+ disableInstallerTools = lib.mkForce true;
+ build = {
+ separateActivationScript = true;
+ };
+ };
+}
diff --git a/modules/base-server.nix b/modules/base-server.nix
new file mode 100755
index 0000000..cfee9de
--- /dev/null
+++ b/modules/base-server.nix
@@ -0,0 +1,79 @@
+{
+ config,
+ pkgs,
+ lib,
+ ...
+}:
+
+{
+ imports = [
+ ./base.nix
+ ];
+ documentation.nixos.enable = false;
+ documentation.enable = false;
+ documentation.info.enable = false;
+ documentation.man.enable = false;
+
+ environment.variables.BROWSER = "echo";
+
+ time.timeZone = lib.mkDefault "UTC";
+ systemd = {
+ enableEmergencyMode = false;
+ settings = {
+ Manager = {
+ RuntimeWatchdogSec = "20s";
+ RebootWatchdogSec = "30s";
+ };
+ };
+
+ sleep.extraConfig = ''
+ AllowSuspend=no
+ AllowHibernation=no
+ '';
+ };
+
+ #systemd.services.NetworkManager-wait-online.enable = false;
+ #systemd.network.wait-online.enable = false;
+
+ # My servers always use /dev/vda as boot disk...
+ boot = {
+ kernelPackages = pkgs.linuxPackages_latest;
+ loader = {
+ grub = {
+ devices = lib.mkIf (config.fileSystems ? "/boot") [ "nodev" ];
+ # EFI
+ efiSupport = config.fileSystems ? "/boot" && config.fileSystems."/boot".fsType == "vfat";
+ efiInstallAsRemovable = config.fileSystems ? "/boot" && config.fileSystems."/boot".fsType == "vfat";
+ };
+ timeout = 1;
+ };
+ };
+
+ networking = {
+ hostName = lib.mkDefault "Rory-nix-base-server";
+ networkmanager.enable = false;
+ wireless.enable = false;
+ enableIPv6 = false;
+ firewall = {
+ enable = false;
+ allowedTCPPorts = [ 22 ];
+ };
+
+ useDHCP = false;
+ nameservers = [
+ "10.10.0.4"
+ "10.10.0.5"
+ "1.1.1.1"
+ "1.0.0.1"
+ "8.8.8.8"
+ "8.4.4.8"
+ ];
+ defaultGateway = lib.mkDefault "192.168.1.1";
+ };
+
+ services.pulseaudio.enable = false;
+
+ # This shaves off half a gigabyte of disk space...
+ hardware.enableAllFirmware = false;
+ hardware.enableRedistributableFirmware = false;
+}
diff --git a/modules/base.nix b/modules/base.nix
new file mode 100755
index 0000000..b7770c8
--- /dev/null
+++ b/modules/base.nix
@@ -0,0 +1,161 @@
+{
+ pkgs,
+ lib,
+ config,
+ nom,
+ ...
+}:
+
+{
+ imports = [
+ ./expose-vmvariant.nix
+ ./extra-substituters.nix
+ ];
+
+ boot = {
+ initrd.systemd.enable = true;
+ kernelParams = [
+ "memory_hotplug.memmap_on_memory=1"
+ "memhp_default_state=online"
+ "net.core.default_qdisc=fq"
+ "net.ipv4.tcp_congestion_control=bbr"
+ "mitigations=off"
+ "audit=0"
+ "consoleblank=0"
+ "kmemcheck=0"
+ "no_console_suspend"
+ "kernel.core_pattern=/dev/null"
+ "init_on_alloc=0"
+ "kernel.sysrq=1"
+ "kernel.dmesg_restrict=0"
+ "net.ipv4.ip_forward=1"
+ "vm.swappiness=10"
+ "net.core.netdev_max_backlog=16384"
+ "net.core.somaxconn=8192"
+ "net.core.rmem_default=1048576"
+ "net.core.rmem_max=16777216"
+ "net.core.wmem_default=1048576"
+ "net.core.wmem_max=16777216"
+ "net.core.optmem_max=65536"
+ #"net.ipv4.tcp_rmem=4096 1048576 2097152"
+ #"net.ipv4.tcp_wmem=4096 65536 16777216"
+ "net.ipv4.udp_rmem_min=4096"
+ "net.ipv4.udp_wmem_min=4096"
+ "net.ipv4.tcp_fastopen=3"
+ "net.ipv4.tcp_mtu_probing=1"
+ "net.ipv4.tcp_keepalive_time=30"
+ "net.ipv4.tcp_keepalive_intvl=15"
+ "net.ipv4.tcp_keepalive_probes=4"
+ "net.ipv4.tcp_timestamps=0"
+ ];
+ kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
+ loader = {
+ grub = {
+ enable = lib.mkDefault true;
+ };
+ timeout = 1;
+ };
+ };
+
+ networking = {
+ hostName = lib.mkDefault "Rory-nix-base";
+ firewall = {
+ enable = false;
+ };
+ nameservers = lib.mkDefault [
+ "1.1.1.1"
+ "1.0.0.1"
+ "8.8.8.8"
+ "8.4.4.8"
+ ];
+ };
+
+ environment.etc."resolv.conf" = lib.mkDefault {
+ text = lib.concatStringsSep "\n" (
+ lib.optionals (config.networking ? nameservers) (map (nameserver: "nameserver ${nameserver}") (config.networking.nameservers))
+ #++ lib.optionals (config.networking ? enableIPv6 && !config.networking.enableIPv6) [ "options no-aaaa" ]
+ ++ lib.optionals (config.networking ? enableIPv6 && config.networking.enableIPv6) [
+ "options single-request"
+ "options single-request-reopen"
+ "options inet6"
+ ]
+ );
+ };
+
+ i18n.defaultLocale = "en_US.UTF-8";
+
+ services = {
+ openssh = {
+ enable = true;
+ settings.PermitRootLogin = "yes";
+ #allow more logins in cases where i have many ssh keys on a system
+ extraConfig = ''
+ MaxAuthTries 32
+ '';
+ };
+ resolved = {
+ enable = lib.mkForce false;
+ dnssec = lib.mkForce "false";
+ dnsovertls = lib.mkForce "false";
+ };
+ };
+
+ systemd = {
+ sleep.extraConfig = ''
+ AllowSuspend=no
+ AllowHibernation=no
+ '';
+ };
+
+ environment.systemPackages = with pkgs; [
+ nom.packages.${system}.default
+ ];
+
+ systemd.coredump.extraConfig = lib.mkDefault ''
+ Storage=none
+ '';
+ nix = {
+ settings = {
+ experimental-features = [
+ "nix-command"
+ "flakes"
+ ];
+ auto-optimise-store = true;
+ trusted-users = [
+ "@wheel"
+ "root"
+ ];
+ };
+ };
+ nixpkgs = {
+ config.allowUnfree = true;
+ };
+ security = {
+ polkit.enable = true;
+ sudo.wheelNeedsPassword = false;
+ };
+ virtualisation.vmVariant = {
+ services.getty.autologinUser = "root";
+ virtualisation = {
+ memorySize = 8192;
+ cores = 6;
+ msize = 1 * 1024 * 1024;
+ };
+
+ services.xserver.videoDrivers = [ "qxl" ];
+ services.spice-vdagentd.enable = true;
+ virtualisation.qemu.guestAgent.enable = true;
+ services.qemuGuest.enable = true;
+ virtualisation.qemu.options = [
+ "-vga qxl -device virtio-serial-pci -spice port=5930,disable-ticketing=on -device virtserialport,chardev=spicechannel0,name=com.redhat.spice.0 -chardev spicevmc,id=spicechannel0,name=vdagent"
+ "-display gtk,zoom-to-fit=off,show-cursor=on"
+ "-device virtio-balloon"
+ ];
+ virtualisation.forwardPorts = [
+ # { hostPort = 2222; guestPort = 22; } # Probably shouldn't do this with root:root lol
+ { from = "host"; host.port = 8080; guest.port = 80; }
+ ];
+
+ networking.useDHCP = lib.mkOverride 51 true;
+ };
+}
diff --git a/modules/expose-vmvariant.nix b/modules/expose-vmvariant.nix
new file mode 100755
index 0000000..ab1bad0
--- /dev/null
+++ b/modules/expose-vmvariant.nix
@@ -0,0 +1,22 @@
+{
+ pkgs,
+ lib,
+ config,
+ ...
+}:
+
+{
+ options.virtualisation = {
+ isVmVariant = lib.mkOption {
+ default = false;
+ example = true;
+ description = "Whether this build is a VM build.";
+ type = lib.types.bool;
+ };
+ };
+ config = {
+ virtualisation.vmVariant = {
+ virtualisation.isVmVariant = true;
+ };
+ };
+}
diff --git a/modules/extra-substituters.nix b/modules/extra-substituters.nix
new file mode 100644
index 0000000..35efcb7
--- /dev/null
+++ b/modules/extra-substituters.nix
@@ -0,0 +1,16 @@
+{ ... }:
+
+{
+ nix.settings.trusted-substituters = [
+ "https://nix-community.cachix.org"
+ "https://cache.garnix.io"
+ "https://numtide.cachix.org"
+ ];
+
+ nix.settings.trusted-public-keys = [
+ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+ "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
+ "numtide.cachix.org-1:2ps1kLBUWjxIneOy1Ik6cQjb41X0iXVXeHigGmycPPE="
+ ];
+
+}
|
