diff --git a/.gitignore b/.gitignore
new file mode 100755
index 0000000..9a4d05c
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,4 @@
+hardware-configuration.nix
+.vscode/
+secrets/
+result
\ No newline at end of file
diff --git a/build.sh b/build.sh
new file mode 100755
index 0000000..901d857
--- /dev/null
+++ b/build.sh
@@ -0,0 +1,22 @@
+#!/usr/bin/env sh
+if [ $# -ne 2 ]; then
+ echo "Usage: $0 <root> <config>"
+ echo "NOTE: hardware config will be generated from root!"
+ echo "Defined configs:"
+ cat flake.nix | grep 'nixpkgs.lib.nixosSystem' | sed 's/ =.*//' | sed 's/^[ \t]*//;s/[ \t]*$//' | while read cfg; do echo " - $cfg"; done
+ exit 1
+fi
+if [ "$1" = "/" ]; then
+ nixos-generate-config --show-hardware-config > hardware-configuration.nix
+ git add -f hardware-configuration.nix
+ nixos-rebuild switch --flake ".#${2}" -j`nproc` --upgrade-all
+ git rm --cached hardware-configuration.nix
+ exit
+else
+ nixos-generate-config --show-hardware-config --root "${1}" > hardware-configuration.nix
+ git add -f hardware-configuration.nix
+ nixos-install --root "${1}" --flake ".#${2}"
+ git rm --cached hardware-configuration.nix
+ cp . "${1}/Spacebar-Open-Architecture" -r
+ exit
+fi
diff --git a/flake.nix b/flake.nix
new file mode 100755
index 0000000..7c51186
--- /dev/null
+++ b/flake.nix
@@ -0,0 +1,28 @@
+{
+ description = "Spacebar's services";
+
+ inputs = {
+ nixpkgs = {
+ url = "github:NixOS/nixpkgs/nixos-unstable";
+ };
+ home-manager = {
+ url = "github:nix-community/home-manager/master";
+ };
+ };
+
+ outputs = { self, nixpkgs, home-manager }: {
+ nixosConfigurations = {
+ Spacebar-nginx = nixpkgs.lib.nixosSystem {
+ system = "x86_64-linux";
+ modules = [
+ ./host/Spacebar-nginx/configuration.nix
+ ./hardware-configuration.nix
+ home-manager.nixosModules.home-manager
+ ];
+ specialArgs = {
+ inherit home-manager;
+ };
+ };
+ };
+ };
+}
diff --git a/host/Rory-postgres/configuration.nix b/host/Rory-postgres/configuration.nix
new file mode 100755
index 0000000..33e4f6b
--- /dev/null
+++ b/host/Rory-postgres/configuration.nix
@@ -0,0 +1,51 @@
+{ config, pkgs, lib, ... }:
+
+{
+ imports =
+ [
+ ../../modules/base.nix
+ ];
+
+ networking = {
+ hostName = "Spacebar-postgres";
+ interfaces.ens18.ipv4.addresses = [ {
+ address = "192.168.1.3";
+ prefixLength = 24;
+ } ];
+ interfaces.ens19.ipv4.addresses = [ {
+ address = "10.10.11.3";
+ prefixLength = 16;
+ } ];
+ };
+
+ systemd.tmpfiles.rules = [ "d /data/pg 0750 postgres postgres" ];
+
+ services.postgresql = {
+ enable = true;
+ package = pkgs.postgresql_14;
+ enableTCPIP = true;
+ authentication = pkgs.lib.mkOverride 10 ''
+ # TYPE, DATABASE, USER, ADDRESS, METHOD
+ local all all trust
+ host all all 127.0.0.1/32 trust
+ host all all ::1/128 trust
+ host matrix-synapse-spacebar-chat matrix-synapse-spacebar-chat 192.168.1.5/32 trust
+ host all all 0.0.0.0/0 md5
+ '';
+ initialScript = pkgs.writeText "backend-initScript" ''
+ CREATE ROLE matrix-synapse-spacebar-chat WITH LOGIN PASSWORD '${pkgs.postgresql_14}' CREATEDB;
+ CREATE DATABASE matrix-synapse-spacebar-chat;
+ GRANT ALL PRIVILEGES ON DATABASE matrix-synapse-spacebar-chat TO matrix-synapse-spacebar-chat;
+ '';
+ dataDir = "/data/pg";
+ settings = {
+ "max_connections" = "100";
+ "shared_buffers" = "128MB";
+ "max_wal_size" = "1GB";
+ "min_wal_size" = "80MB";
+ };
+ };
+
+ system.stateVersion = "22.11"; # DO NOT EDIT!
+}
+
diff --git a/host/Spacebar-nginx/configuration.nix b/host/Spacebar-nginx/configuration.nix
new file mode 100755
index 0000000..19b8dc0
--- /dev/null
+++ b/host/Spacebar-nginx/configuration.nix
@@ -0,0 +1,37 @@
+{ config, pkgs, lib, ... }:
+
+{
+ imports =
+ [
+ ../../modules/base-server.nix
+ ];
+
+ networking = {
+ hostName = "Spacebar-nginx";
+ interfaces.ens18.ipv4.addresses = [ {
+ address = "192.168.1.2";
+ prefixLength = 24;
+ } ];
+ interfaces.ens19.ipv4.addresses = [ {
+ address = "10.10.11.2";
+ prefixLength = 16;
+ } ];
+ };
+
+ services = {
+ nginx = {
+ enable = true;
+ package = pkgs.nginxQuic;
+ recommendedProxySettings = true;
+ recommendedTlsSettings = true;
+ virtualHosts = {
+ "mail.spacebar.chat" = import ./hosts/spacebar.chat/mail.nix;
+ };
+ };
+ };
+ systemd.services.nginx.requires = [ "data.mount" ];
+ security.acme.acceptTerms = true;
+ security.acme.defaults.email = "chris@spacebar.chat";
+
+ system.stateVersion = "22.11"; # DO NOT EDIT!
+}
diff --git a/host/Spacebar-nginx/hosts/spacebar.chat/root.nix b/host/Spacebar-nginx/hosts/spacebar.chat/root.nix
new file mode 100755
index 0000000..a859950
--- /dev/null
+++ b/host/Spacebar-nginx/hosts/spacebar.chat/root.nix
@@ -0,0 +1,10 @@
+{
+ root = "/data/nginx/html_boorunav";
+ enableACME = true;
+ addSSL = true;
+ locations = {
+ "/" = {
+ index = "index.html";
+ };
+ };
+}
\ No newline at end of file
diff --git a/host/Spacebar-synapse/configuration.nix b/host/Spacebar-synapse/configuration.nix
new file mode 100755
index 0000000..a06a83d
--- /dev/null
+++ b/host/Spacebar-synapse/configuration.nix
@@ -0,0 +1,121 @@
+{ config, pkgs, lib, ... }:
+
+{
+ imports =
+ [
+ ../../modules/base-server.nix
+ ];
+
+ networking = {
+ hostName = "Spacebar-synapse";
+ interfaces.ens18.ipv4.addresses = [ {
+ address = "192.168.1.5";
+ prefixLength = 24;
+ } ];
+ interfaces.ens19.ipv4.addresses = [ {
+ address = "10.10.11.5";
+ prefixLength = 16;
+ } ];
+ };
+
+ # Discord bridge
+ services.matrix-appservice-discord = {
+ enable = false; # Alicia - figure out secret first...
+ environmentFile = /etc/keyring/matrix-appservice-discord/tokens.env;
+ settings = {
+ bridge = {
+ domain = "spacebar.chat";
+ homeserverUrl = "https://matrix.spacebar.chat";
+ };
+ database = {
+ connString = "postgres://postgres@192.168.1.3/matrix-appservice-discord";
+ };
+ };
+ };
+
+ services.matrix-synapse = {
+ enable = true;
+ settings = {
+ server_name = "spacebar.chat";
+ enable_registration = false;
+ registration_shared_secret_path = "/var/lib/matrix-synapse/registration_shared_secret.txt";
+ # Alicia - types: https://github.com/NixOS/nixpkgs/blob/release-22.11/nixos/modules/services/matrix/synapse.nix#L410
+ listeners = [
+ {
+ port = 8008;
+ bind_addresses = [ "192.168.1.5" "127.0.0.1" ];
+ type = "http";
+ tls = false;
+ x_forwarded = true;
+ resources = [ {
+ names = [ "client" "federation" ];
+ compress = true;
+ } ];
+ }
+ ];
+ dynamic_thumbnails = true;
+ presence = {
+ enable = true;
+ update_interval = 60;
+ };
+ url_preview_enabled = true;
+
+ database = {
+ name = "psycopg2";
+ args = {
+ user = "matrix-synapse-spacebar-chat";
+ password = "somepassword";
+ database = "matrix-synapse-spacebar-chat";
+ host = "192.168.1.3";
+ };
+ };
+ app_service_config_files = [ ];
+ };
+
+ plugins = with pkgs.matrix-synapse-plugins; [ ];
+ };
+
+ # Alicia - doesnt work yet... until in nixpkgs...
+ services.draupnir = {
+ enable = true;
+
+ pantalaimon = {
+ enable = true;
+ username = "draupnir";
+ passwordFile = "/etc/draupnir-password";
+ options = {
+ homeserver = "http://localhost:8008";
+ ssl = false;
+ };
+ };
+ managementRoom = "#draupnir-mgmt:spacebar.chat";
+ homeserverUrl = "http://localhost:8008";
+ verboseLogging = false;
+ settings = {
+ recordIgnoredInvites = false;
+ automaticallyRedactForReasons = [ "*" ];
+ fasterMembershipChecks = true;
+ backgroundDelayMS = 100;
+ pollReports = true;
+ admin.enableMakeRoomAdminCommand = true;
+ commands.ban.defaultReasons = [
+ "spam"
+ "harassment"
+ "transphobia"
+ "scam"
+ ];
+ protections = {
+ wordlist = {
+ words = [
+ "tranny"
+ "faggot"
+ ];
+ minutesBeforeTrusting = 0;
+ };
+ };
+ };
+ };
+
+ system.stateVersion = "22.11"; # DO NOT EDIT!
+}
+
diff --git a/host/Spacebar-synapse/post-rebuild.sh b/host/Spacebar-synapse/post-rebuild.sh
new file mode 100755
index 0000000..8dc0e7d
--- /dev/null
+++ b/host/Spacebar-synapse/post-rebuild.sh
@@ -0,0 +1,30 @@
+#!/usr/bin/env nix-shell
+#!nix-shell -i bash -p curl gnused nix coreutils jq openssl
+#set -x
+REG_KEY=`cat /var/lib/matrix-synapse/registration_shared_secret.txt`
+LOCALPART='rory.gay'
+REACHABLE_DOMAIN='http://localhost:8008'
+
+# -- LICENSE: CNPL v7+ - https://thufie.lain.haus/files/CNPLv7.md
+# Modified from Nyaaori (https://nyaaori.cat) <+@nyaaori.cat>
+# Explicit authorisation to use the code has been granted by the original author
+# for use by members of the Rory system (https://rory.gay)
+
+# the magic function:
+register(){
+ echo "Registering $1 with password $2"
+ _nonce=`curl http://localhost:8008/_synapse/admin/v1/register | jq -r .nonce`
+ #data: nonce, domain, username, password
+ _hmac=`printf '%s\0%s\0%s\0%s' "$_nonce" "$1" "$2" "admin" | openssl dgst -sha1 -hmac "$REG_KEY" | awk '{print $2}'`
+ curl -XPOST -d '{"nonce": "'"$_nonce"'", "username": "'"$1"'", "displayname": "'"$1"'", "password": "'"$2"'", "admin": true, "mac": "'"$_hmac"'"}' $REACHABLE_DOMAIN/_synapse/admin/v1/register | tee -a matrix-user-tokens.txt
+}
+
+# -- END OF LICENSED CODE
+
+
+
+PASSWD=`cat /etc/matrix-user-pass`
+for u in {draupnir,rory,chris,maddy,cat}
+do
+ register $u $PASSWD
+done
diff --git a/host/Spacebar-synapse/pre-rebuild.sh b/host/Spacebar-synapse/pre-rebuild.sh
new file mode 100755
index 0000000..32905e3
--- /dev/null
+++ b/host/Spacebar-synapse/pre-rebuild.sh
@@ -0,0 +1,9 @@
+#!/usr/bin/env sh
+set -x
+mkdir -p /var/lib/matrix-synapse
+if [ ! -f "/var/lib/matrix-synapse/registration_shared_secret.txt" ]
+then
+ cat /dev/urandom | tr -dc a-zA-Z0-9 | fold -w 256 | head -n 1 | tee /var/lib/matrix-synapse/registration_shared_secret.txt
+else
+ echo Not generating key, key exists
+fi
\ No newline at end of file
diff --git a/modules/base.nix b/modules/base.nix
new file mode 100755
index 0000000..268ddda
--- /dev/null
+++ b/modules/base.nix
@@ -0,0 +1,76 @@
+{ config, pkgs, lib, ... }:
+
+{
+ imports =
+ [
+ ./monitoring.nix
+ ./users/Rory.nix
+ ./users/chris.nix
+ ];
+ boot = {
+ kernelPackages = pkgs.linuxPackages_latest;
+ kernelParams = [ "memory_hotplug.memmap_on_memory=1" "memhp_default_state=online" ];
+ loader = {
+ grub = {
+ enable = true;
+ version = 2;
+ devices = [ "/dev/sda" ]; # nodev for EFI only
+ # EFI
+ efiSupport = false;
+ efiInstallAsRemovable = false;
+ };
+ timeout = 1;
+ };
+ };
+
+ networking = {
+ hostName = lib.mkDefault "Spacebar-nix-base-server";
+ firewall = {
+ enable = false;
+ # allowedTCPPorts = [ ... ];
+ # allowedUDPPorts = [ ... ];
+ };
+
+ networkmanager.enable = false;
+ wireless.enable = false;
+ enableIPv6 = false;
+
+ useDHCP = false;
+ nameservers = [ "1.1.1.1" ];
+ defaultGateway = "192.168.1.1";
+ };
+
+ services = {
+ openssh = {
+ enable = true;
+ };
+ };
+
+
+ environment.systemPackages = with pkgs; [
+ wget
+ neofetch
+ lnav
+ git
+ lsd
+ htop
+ btop
+ duf
+ kitty.terminfo
+ neovim
+ ];
+
+ systemd.coredump.extraConfig = lib.mkDefault ''
+ Storage=none
+ '';
+
+ documentation.nixos.enable = false;
+ hardware.pulseaudio.enable = false;
+ i18n.defaultLocale = "en_US.UTF-8";
+ nix.settings.experimental-features = [ "nix-command" "flakes" ];
+ nixpkgs.config.allowUnfree = true;
+ security.sudo.wheelNeedsPassword = false;
+ security.polkit.enable = true;
+ sound.enable = false;
+ system.stateVersion = "22.11"; # DO NOT EDIT!
+}
diff --git a/modules/monitoring.nix b/modules/monitoring.nix
new file mode 100755
index 0000000..ce7bbcd
--- /dev/null
+++ b/modules/monitoring.nix
@@ -0,0 +1,51 @@
+{ config, pkgs, lib, ... }:
+
+{
+ services = {
+ prometheus = {
+ exporters = {
+ node = {
+ enable = true;
+ port = 9100;
+ enabledCollectors = [
+ "logind"
+ "systemd"
+ ];
+ disabledCollectors = [
+ #"textfile"
+ ];
+ };
+ };
+ };
+ promtail = {
+ enable = true;
+ configuration = {
+ server = {
+ http_listen_port = 3031;
+ grpc_listen_port = 0;
+ };
+ positions = {
+ filename = "/tmp/positions.yaml";
+ };
+ clients = [{
+ url = "https://loki.regional.seian.cloud/loki/api/v1/push";
+ }];
+ scrape_configs = [{
+ job_name = "journal";
+ journal = {
+ max_age = "12h";
+ labels = {
+ job = "systemd-journal";
+ host = "${toString config.networking.hostName}";
+ };
+ };
+ relabel_configs = [{
+ source_labels = [ "__journal__systemd_unit" ];
+ target_label = "unit";
+ }];
+ }];
+ };
+ };
+ };
+}
+
diff --git a/modules/users/Rory.nix b/modules/users/Rory.nix
new file mode 100755
index 0000000..fe51acc
--- /dev/null
+++ b/modules/users/Rory.nix
@@ -0,0 +1,29 @@
+{ config, pkgs, home-manager, ... }:
+{
+ users.users.Rory = {
+ isNormalUser = true;
+ extraGroups = [ "wheel" ];
+ packages = with pkgs; [
+ ];
+ initialPassword = "password";
+ openssh.authorizedKeys.keys = [
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILF2IuNu//0DP/wKMuDvBgVT3YBS2uULsipbdrhJCTM7 Rory-desktop"
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN/kNkY/E5b6rvCQLMaSbpLQ/xoyywIwVVu9uo2j/B6p Rory@RoryNix"
+ ];
+ };
+
+ home-manager.users.Rory = {
+ programs.git = {
+ enable = true;
+ userName = "TheArcaneBrony";
+ userEmail = "root@thearcanebrony.net";
+ extraConfig = {
+ safe = {
+ directory = "/";
+ };
+ };
+ };
+ home.stateVersion = "22.11";
+ };
+}
+
diff --git a/modules/users/chris.nix b/modules/users/chris.nix
new file mode 100755
index 0000000..bbb4eba
--- /dev/null
+++ b/modules/users/chris.nix
@@ -0,0 +1,14 @@
+{ config, pkgs, ... }:
+{
+ users.users.chris = {
+ isNormalUser = true;
+ extraGroups = [ "wheel" ];
+ packages = with pkgs; [
+ nano
+ ];
+ openssh.authorizedKeys.keys = [
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMd9U0+wKjBG3Q9Qg249xJY+ybYeRV9/VMPjuwKvFBEI"
+ ];
+ };
+}
+
diff --git a/rebuild.sh b/rebuild.sh
new file mode 100755
index 0000000..0e02eab
--- /dev/null
+++ b/rebuild.sh
@@ -0,0 +1,2 @@
+#!/usr/bin/env sh
+./build.sh / $HOSTNAME
\ No newline at end of file
diff --git a/update.sh b/update.sh
new file mode 100755
index 0000000..cbec982
--- /dev/null
+++ b/update.sh
@@ -0,0 +1,3 @@
+#!/usr/bin/env sh
+nix flake update
+./build.sh / $HOSTNAME
\ No newline at end of file
|