diff --git a/flake.lock b/flake.lock index 45978b3..a9f6b66 100644 --- a/flake.lock +++ b/flake.lock @@ -210,6 +210,22 @@ "type": "github" } }, + "crane_4": { + "flake": false, + "locked": { + "lastModified": 1670900067, + "narHash": "sha256-VXVa+KBfukhmWizaiGiHRVX/fuk66P8dgSFfkVN4/MY=", + "owner": "ipetkov", + "repo": "crane", + "rev": "59b31b41a589c0a65e4a1f86b0e5eac68081468b", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, "darwin": { "inputs": { "nixpkgs": [ @@ -379,6 +395,77 @@ "type": "github" } }, + "dream2nix_3": { + "inputs": { + "all-cabal-json": [ + "musikquad", + "nci" + ], + "crane": "crane_4", + "devshell": [ + "musikquad", + "nci" + ], + "drv-parts": "drv-parts_2", + "flake-compat": "flake-compat_3", + "flake-parts": [ + "musikquad", + "nci", + "parts" + ], + "flake-utils-pre-commit": [ + "musikquad", + "nci" + ], + "ghc-utils": [ + "musikquad", + "nci" + ], + "gomod2nix": [ + "musikquad", + "nci" + ], + "mach-nix": [ + "musikquad", + "nci" + ], + "nix-pypi-fetcher": [ + "musikquad", + "nci" + ], + "nixpkgs": [ + "musikquad", + "nci", + "nixpkgs" + ], + "nixpkgsV1": "nixpkgsV1_2", + "poetry2nix": [ + "musikquad", + "nci" + ], + "pre-commit-hooks": [ + "musikquad", + "nci" + ], + "pruned-racket-catalog": [ + "musikquad", + "nci" + ] + }, + "locked": { + "lastModified": 1680605243, + "narHash": "sha256-dUrxj653kcLvjNKRI7NoTJoj+Q7G+vOYsl4iuwtnIWo=", + "owner": "nix-community", + "repo": "dream2nix", + "rev": "34a80ab215f1f24068ea9c76f3a7e5bc19478653", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "dream2nix", + "type": "github" + } + }, "drv-parts": { "inputs": { "flake-compat": [ @@ -414,6 +501,41 @@ "type": "github" } }, + "drv-parts_2": { + "inputs": { + "flake-compat": [ + "musikquad", + "nci", + "dream2nix", + "flake-compat" + ], + "flake-parts": [ + "musikquad", + "nci", + "dream2nix", + "flake-parts" + ], + "nixpkgs": [ + "musikquad", + "nci", + "dream2nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1680172861, + "narHash": "sha256-QMyI338xRxaHFDlCXdLCtgelGQX2PdlagZALky4ZXJ8=", + "owner": "davhau", + "repo": "drv-parts", + "rev": "ced8a52f62b0a94244713df2225c05c85b416110", + "type": "github" + }, + "original": { + "owner": "davhau", + "repo": "drv-parts", + "type": "github" + } + }, "fenix": { "inputs": { "nixpkgs": [ @@ -500,6 +622,22 @@ "type": "github" } }, + "flake-compat_5": { + "flake": false, + "locked": { + "lastModified": 1673956053, + "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-utils": { "locked": { "lastModified": 1678901627, @@ -654,6 +792,82 @@ "type": "github" } }, + "mk-naked-shell_2": { + "flake": false, + "locked": { + "lastModified": 1681286841, + "narHash": "sha256-3XlJrwlR0nBiREnuogoa5i1b4+w/XPe0z8bbrJASw0g=", + "owner": "yusdacra", + "repo": "mk-naked-shell", + "rev": "7612f828dd6f22b7fb332cc69440e839d7ffe6bd", + "type": "github" + }, + "original": { + "owner": "yusdacra", + "repo": "mk-naked-shell", + "type": "github" + } + }, + "musikquad": { + "inputs": { + "nci": "nci_3", + "nixpkgs": [ + "nixpkgs" + ], + "parts": "parts_5" + }, + "locked": { + "lastModified": 1683296163, + "narHash": "sha256-pOdVitwRl8gUNMxInXwJJtXffSYYsAc0EWkFSFGvrRk=", + "owner": "yusdacra", + "repo": "musikquadrupled", + "rev": "e259740d501d00fb3548b0be145817ef8fdc35ae", + "type": "github" + }, + "original": { + "owner": "yusdacra", + "repo": "musikquadrupled", + "type": "github" + } + }, + "musikspider": { + "inputs": { + "naked-shell": "naked-shell", + "nixpkgs": [ + "nixpkgs" + ], + "parts": "parts_6", + "systems": "systems" + }, + "locked": { + "lastModified": 1683276540, + "narHash": "sha256-JiuT8wmMH+vNVyBS18i/RNLDBUDEUCNdeqkwPQYsMDM=", + "owner": "yusdacra", + "repo": "musikspider", + "rev": "913b0df0b0a5ed78aa761584d9c6f87eff0e781d", + "type": "github" + }, + "original": { + "owner": "yusdacra", + "repo": "musikspider", + "type": "github" + } + }, + "naked-shell": { + "locked": { + "lastModified": 1681286841, + "narHash": "sha256-3XlJrwlR0nBiREnuogoa5i1b4+w/XPe0z8bbrJASw0g=", + "owner": "yusdacra", + "repo": "mk-naked-shell", + "rev": "7612f828dd6f22b7fb332cc69440e839d7ffe6bd", + "type": "github" + }, + "original": { + "owner": "yusdacra", + "repo": "mk-naked-shell", + "type": "github" + } + }, "nci": { "inputs": { "devshell": "devshell", @@ -706,13 +920,38 @@ "type": "github" } }, + "nci_3": { + "inputs": { + "dream2nix": "dream2nix_3", + "mk-naked-shell": "mk-naked-shell_2", + "nixpkgs": [ + "musikquad", + "nixpkgs" + ], + "parts": "parts_4", + "rust-overlay": "rust-overlay_4" + }, + "locked": { + "lastModified": 1681711895, + "narHash": "sha256-/EeP+RRIw68/0C7CaOAElYQ2pXZAQCWnnU/qjO8OKKM=", + "owner": "yusdacra", + "repo": "nix-cargo-integration", + "rev": "cee5dba8ca34ccb0829ae3812d23afbea1fd9d5d", + "type": "github" + }, + "original": { + "owner": "yusdacra", + "repo": "nix-cargo-integration", + "type": "github" + } + }, "nil": { "inputs": { "flake-utils": "flake-utils_3", "nixpkgs": [ "nixpkgs" ], - "rust-overlay": "rust-overlay_4" + "rust-overlay": "rust-overlay_5" }, "locked": { "lastModified": 1680544266, @@ -830,6 +1069,40 @@ "type": "github" } }, + "nixpkgs-lib_3": { + "locked": { + "dir": "lib", + "lastModified": 1680213900, + "narHash": "sha256-cIDr5WZIj3EkKyCgj/6j3HBH4Jj1W296z7HTcWj1aMA=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "e3652e0735fbec227f342712f180f4f21f0594f2", + "type": "github" + }, + "original": { + "dir": "lib", + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-master": { + "locked": { + "lastModified": 1683296009, + "narHash": "sha256-qc9IVP773bE1mEygZx70OGQQ23loAOwgiED86mRVfMk=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "00c0a2333ff02d1f4a7dbf2080648c9d969e0236", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "master", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs-wayland": { "flake": false, "locked": { @@ -861,6 +1134,21 @@ "type": "indirect" } }, + "nixpkgsV1_2": { + "locked": { + "lastModified": 1678500271, + "narHash": "sha256-tRBLElf6f02HJGG0ZR7znMNFv/Uf7b2fFInpTHiHaSE=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "5eb98948b66de29f899c7fe27ae112a47964baf8", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-22.11", + "type": "indirect" + } + }, "nixpkgs_2": { "locked": { "lastModified": 1680213900, @@ -966,6 +1254,67 @@ "type": "github" } }, + "parts_4": { + "inputs": { + "nixpkgs-lib": [ + "musikquad", + "nci", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1680392223, + "narHash": "sha256-n3g7QFr85lDODKt250rkZj2IFS3i4/8HBU2yKHO3tqw=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "dcc36e45d054d7bb554c9cdab69093debd91a0b5", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "parts_5": { + "inputs": { + "nixpkgs-lib": [ + "musikquad", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1680392223, + "narHash": "sha256-n3g7QFr85lDODKt250rkZj2IFS3i4/8HBU2yKHO3tqw=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "dcc36e45d054d7bb554c9cdab69093debd91a0b5", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "parts_6": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib_3" + }, + "locked": { + "lastModified": 1680392223, + "narHash": "sha256-n3g7QFr85lDODKt250rkZj2IFS3i4/8HBU2yKHO3tqw=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "dcc36e45d054d7bb554c9cdab69093debd91a0b5", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "root": { "inputs": { "agenix": "agenix", @@ -975,11 +1324,14 @@ "conduit": "conduit", "helix": "helix", "home": "home", + "musikquad": "musikquad", + "musikspider": "musikspider", "nil": "nil", "nixinate": "nixinate", "nixos-hardware": "nixos-hardware", "nixos-persistence": "nixos-persistence", "nixpkgs": "nixpkgs_3", + "nixpkgs-master": "nixpkgs-master", "nixpkgs-wayland": "nixpkgs-wayland", "nur": "nur", "stylix": "stylix", @@ -1069,6 +1421,22 @@ } }, "rust-overlay_4": { + "flake": false, + "locked": { + "lastModified": 1681697975, + "narHash": "sha256-47DFtN5PX05eD8ObImkSu2W0hyyZ5cK1Tl9EvmW2NnU=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "ffe47b90076067ad5dc25fe739d95a463bdf3c59", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "rust-overlay_5": { "inputs": { "flake-utils": [ "nil", @@ -1096,7 +1464,7 @@ "stylix": { "inputs": { "base16": "base16", - "flake-compat": "flake-compat_3", + "flake-compat": "flake-compat_4", "home-manager": [ "home" ], @@ -1119,6 +1487,21 @@ "type": "github" } }, + "systems": { + "locked": { + "lastModified": 1680978846, + "narHash": "sha256-Gtqg8b/v49BFDpDetjclCYXm8mAnTrUzR0JnE2nv5aw=", + "owner": "nix-systems", + "repo": "x86_64-linux", + "rev": "2ecfcac5e15790ba6ce360ceccddb15ad16d08a8", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "x86_64-linux", + "type": "github" + } + }, "utils": { "locked": { "lastModified": 1678901627, @@ -1136,7 +1519,7 @@ }, "vscode-extensions": { "inputs": { - "flake-compat": "flake-compat_4", + "flake-compat": "flake-compat_5", "flake-utils": "flake-utils_4", "nixpkgs": [ "nixpkgs" diff --git a/flake.nix b/flake.nix index e392703..d12b80e 100644 --- a/flake.nix +++ b/flake.nix @@ -2,6 +2,7 @@ description = "config!!!"; inputs = { + nixpkgs-master.url = "github:nixos/nixpkgs/master"; nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nur.url = "github:nix-community/NUR"; @@ -44,6 +45,12 @@ agenix.url = "github:ryantm/agenix"; agenix.inputs.nixpkgs.follows = "nixpkgs"; + musikquad.url = "github:yusdacra/musikquadrupled"; + musikquad.inputs.nixpkgs.follows = "nixpkgs"; + + musikspider.url = "github:yusdacra/musikspider"; + musikspider.inputs.nixpkgs.follows = "nixpkgs"; + # needed for hyprland setup # hyprland.url = "github:hyprwm/Hyprland"; # hyprland.inputs.nixpkgs.follows = "nixpkgs"; diff --git a/hosts/tkaronto/default.nix b/hosts/tkaronto/default.nix index 05dcf0f..0187db3 100644 --- a/hosts/tkaronto/default.nix +++ b/hosts/tkaronto/default.nix @@ -115,6 +115,7 @@ }; networking.firewall.allowedUDPPorts = [49152]; + networking.firewall.allowedTCPPorts = [7905 7906]; # for tailscale networking.firewall.checkReversePath = "loose"; diff --git a/hosts/tkaronto/modules/secrets.nix b/hosts/tkaronto/modules/secrets.nix index 12311e5..305c1ec 100644 --- a/hosts/tkaronto/modules/secrets.nix +++ b/hosts/tkaronto/modules/secrets.nix @@ -1,6 +1,11 @@ { - age.identityPaths = ["/etc/nixos/keys/ssh_key"]; + age.identityPaths = ["/persist/keys/ssh_key"]; age.secrets.nixGithubAccessToken.file = ../../../secrets/nixGithubAccessToken.age; - age.secrets.wgTkarontoKey.file = ../../../secrets/wgTkarontoKey.age; + age.secrets.wgTkarontoKey = { + file = ../../../secrets/wgTkarontoKey.age; + mode = "600"; + owner = "systemd-network"; + group = "systemd-network"; + }; } diff --git a/hosts/tkaronto/modules/wireguard.nix b/hosts/tkaronto/modules/wireguard.nix index 3b0f7a3..c70a649 100644 --- a/hosts/tkaronto/modules/wireguard.nix +++ b/hosts/tkaronto/modules/wireguard.nix @@ -1,11 +1,36 @@ {config, ...}: { - networking.wireguard.enable = true; - networking.wireguard.interfaces."wg0" = { - privateKeyFile = config.age.secrets.wgTkarontoKey.path; - peers = [{ - publicKey = builtins.readFile ./wgWolumondeKey.pub; - allowedIPs = ["10.99.0.1/32"]; - endpoint = "${builtins.readFile ./wgWolumondeIp}:51820"; - }]; + systemd.network.enable = true; + systemd.network.netdevs."wg0" = { + enable = true; + netdevConfig = { + Name = "wg0"; + Kind = "wireguard"; + }; + wireguardConfig = { + PrivateKeyFile = config.age.secrets.wgTkarontoKey.path; + }; + wireguardPeers = [ + { + wireguardPeerConfig = { + PublicKey = builtins.readFile ./wgWolumondeKey.pub; + AllowedIPs = ["10.99.0.1/32"]; + Endpoint = "${builtins.readFile ./wgWolumondeIp}:51820"; + PersistentKeepalive = 25; + }; + } + ]; }; -} \ No newline at end of file + systemd.network.networks."wg0" = { + matchConfig.Name = "wg0"; + networkConfig.Address = "10.99.0.2/24"; + # routes = [ + # { + # routeConfig = { + # Gateway = "10.99.0.1"; + # Destination = "10.99.0.0/24"; + # GatewayOnLink = true; + # }; + # } + # ]; + }; +} diff --git a/hosts/wolumonde/default.nix b/hosts/wolumonde/default.nix index 8a41124..4da8c90 100644 --- a/hosts/wolumonde/default.nix +++ b/hosts/wolumonde/default.nix @@ -2,10 +2,12 @@ inputs, tlib, ... -}: { - imports = [ - inputs.agenix.nixosModules.default - ] ++ (tlib.importFolder (toString ./modules)); +}: { + imports = + [ + inputs.agenix.nixosModules.default + ] + ++ (tlib.importFolder (toString ./modules)); boot.cleanTmpDir = true; zramSwap.enable = true; @@ -13,7 +15,7 @@ # firewall stuffs networking.firewall = { enable = true; - allowedTCPPorts = [22 80 443]; + allowedTCPPorts = [22 80 443 5005]; allowedUDPPortRanges = []; }; diff --git a/hosts/wolumonde/modules/bernbot.nix b/hosts/wolumonde/modules/bernbot.nix index b28fe49..1f9e3c0 100644 --- a/hosts/wolumonde/modules/bernbot.nix +++ b/hosts/wolumonde/modules/bernbot.nix @@ -1,4 +1,5 @@ { + config, inputs, pkgs, lib, @@ -17,7 +18,7 @@ in { Restart = "on-failure"; RestartSec = 5; WorkingDirectory = "/var/lib/bernbot"; - EnvironmentFile = "${inputs.self}/secrets/bernbot_token"; + EnvironmentFile = config.age.secrets.bernbotToken.path; } ]; }; diff --git a/hosts/wolumonde/modules/blog.nix b/hosts/wolumonde/modules/blog.nix index 3de46e3..db013c8 100644 --- a/hosts/wolumonde/modules/blog.nix +++ b/hosts/wolumonde/modules/blog.nix @@ -4,7 +4,7 @@ ... }: { services.nginx.virtualHosts."gaze.systems" = { - enableACME = true; + useACMEHost = "gaze.systems"; forceSSL = true; root = "${inputs.blog.packages.${pkgs.system}.site}"; locations."/".extraConfig = '' diff --git a/hosts/wolumonde/modules/conduit.nix b/hosts/wolumonde/modules/conduit.nix index 32a2917..aa78dcd 100644 --- a/hosts/wolumonde/modules/conduit.nix +++ b/hosts/wolumonde/modules/conduit.nix @@ -32,7 +32,7 @@ in { }; services.nginx.virtualHosts."matrix.gaze.systems" = { - enableACME = true; + useACMEHost = "gaze.systems"; forceSSL = true; locations."/".proxyPass = "http://localhost:${toString config.services.matrix-conduit.settings.global.port}"; }; diff --git a/hosts/wolumonde/modules/gitea.nix b/hosts/wolumonde/modules/gitea.nix index c9709b2..a8aee1e 100644 --- a/hosts/wolumonde/modules/gitea.nix +++ b/hosts/wolumonde/modules/gitea.nix @@ -11,7 +11,7 @@ }; services.nginx.virtualHosts."git.gaze.systems" = { - enableACME = true; + useACMEHost = "gaze.systems"; forceSSL = true; locations."/".proxyPass = "http://localhost:3001"; }; diff --git a/hosts/wolumonde/modules/musikquadrupled.nix b/hosts/wolumonde/modules/musikquadrupled.nix new file mode 100644 index 0000000..f270d8e --- /dev/null +++ b/hosts/wolumonde/modules/musikquadrupled.nix @@ -0,0 +1,37 @@ +{ + config, + inputs, + pkgs, + ... +}: let + pkg = inputs.musikquad.packages.${pkgs.system}.default; +in { + users.users.musikquad = { + isSystemUser = true; + group = "musikquad"; + }; + users.groups.musikquad = {}; + + systemd.services.musikquadrupled = { + description = "musikquadrupled"; + wantedBy = ["multi-user.target"]; + after = ["network.target"]; + serviceConfig = { + User = "musikquad"; + ExecStart = "${pkg}/bin/musikquadrupled"; + Restart = "on-failure"; + RestartSec = 5; + WorkingDirectory = "/var/lib/musikquad"; + EnvironmentFile = config.age.secrets.musikquadConfig.path; + }; + }; + + services.nginx.virtualHosts."mq.gaze.systems" = { + useACMEHost = "gaze.systems"; + forceSSL = true; + locations."/" = { + proxyPass = "http://localhost:5005"; + proxyWebsockets = true; + }; + }; +} diff --git a/hosts/wolumonde/modules/musikspider.nix b/hosts/wolumonde/modules/musikspider.nix new file mode 100644 index 0000000..3bf5571 --- /dev/null +++ b/hosts/wolumonde/modules/musikspider.nix @@ -0,0 +1,11 @@ +{ + pkgs, + inputs, + ... +}: { + services.nginx.virtualHosts."ms.gaze.systems" = { + useACMEHost = "gaze.systems"; + forceSSL = true; + root = "${inputs.musikspider.packages.${pkgs.system}.musikspider}"; + }; +} diff --git a/hosts/wolumonde/modules/nginx.nix b/hosts/wolumonde/modules/nginx.nix index cf5af7e..9f7b4c1 100644 --- a/hosts/wolumonde/modules/nginx.nix +++ b/hosts/wolumonde/modules/nginx.nix @@ -6,8 +6,20 @@ recommendedGzipSettings = true; recommendedProxySettings = true; }; + + users.users.nginx.extraGroups = ["acme"]; + security.acme = { acceptTerms = true; defaults.email = (import "${inputs.self}/personal.nix").emails.primary; + certs."gaze.systems" = { + webroot = "/var/lib/acme/acme-challenge"; + extraDomainNames = [ + "git.gaze.systems" + "matrix.gaze.systems" + "ms.gaze.systems" + "mq.gaze.systems" + ]; + }; }; } diff --git a/hosts/wolumonde/modules/secrets.nix b/hosts/wolumonde/modules/secrets.nix index eb9e29d..82993d0 100644 --- a/hosts/wolumonde/modules/secrets.nix +++ b/hosts/wolumonde/modules/secrets.nix @@ -1,4 +1,10 @@ { age.secrets.bernbotToken.file = ../../../secrets/bernbotToken.age; - age.secrets.wgWolumondeKey.file = ../../../secrets/wgWolumondeKey.age; + age.secrets.wgWolumondeKey = { + file = ../../../secrets/wgWolumondeKey.age; + mode = "600"; + owner = "systemd-network"; + group = "systemd-network"; + }; + age.secrets.musikquadConfig.file = ../../../secrets/musikquadConfig.age; } diff --git a/hosts/wolumonde/modules/wireguard.nix b/hosts/wolumonde/modules/wireguard.nix index ce8b268..ff94a3e 100644 --- a/hosts/wolumonde/modules/wireguard.nix +++ b/hosts/wolumonde/modules/wireguard.nix @@ -1,11 +1,46 @@ -{config, ...}: { - networking.wireguard.enable = true; - networking.wireguard.interfaces."wg0" = { - listenPort = 51820; - privateKeyFile = config.age.secrets.wgWolumondeKey.path; - peers = [{ - publicKey = builtins.readFile ./wgTkarontoKey.pub; - allowedIPs = ["10.99.0.2/32"]; - }]; +{ + config, + pkgs, + ... +}: { + environment.systemPackages = [pkgs.wireguard-tools]; + + systemd.network.enable = true; + systemd.network.netdevs."wg0" = { + enable = true; + netdevConfig = { + Name = "wg0"; + Kind = "wireguard"; + }; + wireguardConfig = { + ListenPort = 51820; + PrivateKeyFile = config.age.secrets.wgWolumondeKey.path; + }; + wireguardPeers = [ + { + wireguardPeerConfig = { + PublicKey = builtins.readFile ./wgTkarontoKey.pub; + AllowedIPs = ["10.99.0.2/32"]; + }; + } + ]; }; -} \ No newline at end of file + systemd.network.networks."wg0" = { + matchConfig.Name = "wg0"; + networkConfig.Address = "10.99.0.1/24"; + # routes = [ + # { + # routeConfig = { + # Gateway = "10.99.0.1"; + # Destination = "10.99.0.0/24"; + # }; + # } + # ]; + }; + + boot.kernel.sysctl = { + "net.ipv4.ip_forward" = 1; + }; + + networking.firewall.allowedUDPPorts = [51820]; +} diff --git a/modules/network/dns/cloudflare.nix b/modules/network/dns/cloudflare.nix index 1191589..21f78f6 100644 --- a/modules/network/dns/cloudflare.nix +++ b/modules/network/dns/cloudflare.nix @@ -1,6 +1,6 @@ -{ +{lib, ...}: { networking.resolvconf.useLocalResolver = true; - networking.networkmanager.dns = "none"; + networking.networkmanager.dns = lib.mkForce "none"; services.dnscrypt-proxy2 = { enable = true; settings = { diff --git a/pkgs-set/overlays/musikcube.nix b/pkgs-set/overlays/musikcube.nix new file mode 100644 index 0000000..8527bc4 --- /dev/null +++ b/pkgs-set/overlays/musikcube.nix @@ -0,0 +1,3 @@ +{inputs}: final: prev: { + musikcube = inputs.nixpkgs-master.legacyPackages.${final.system}.musikcube; +} diff --git a/secrets/musikquadConfig.age b/secrets/musikquadConfig.age new file mode 100644 index 0000000..d5de221 Binary files /dev/null and b/secrets/musikquadConfig.age differ diff --git a/secrets/secrets.nix b/secrets/secrets.nix index fe46942..fd8c250 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -1,10 +1,10 @@ let yusdacra = builtins.readFile ./yusdacra.key.pub; wolumonde = builtins.readFile ./wolumonde.key.pub; -in -{ +in { "wgWolumondeKey.age".publicKeys = [yusdacra wolumonde]; "wgTkarontoKey.age".publicKeys = [yusdacra]; "bernbotToken.age".publicKeys = [yusdacra wolumonde]; + "musikquadConfig.age".publicKeys = [yusdacra wolumonde]; "nixGithubAccessToken.age".publicKeys = [yusdacra]; } diff --git a/users/modules/musikcube/default-config.json b/users/modules/musikcube/default-config.json new file mode 100644 index 0000000..186aeb7 --- /dev/null +++ b/users/modules/musikcube/default-config.json @@ -0,0 +1,45 @@ +{ + "AppQuitKey": "^D", + "AsyncTrackListQueries": true, + "AutoHideCommandBar": false, + "AutoUpdateCheck": true, + "CategoryTrackListSortOrder": 0, + "ColorTheme": "", + "DisableAlbumArtistFallback": false, + "DisableCustomColors": false, + "DisableRatingColumn": false, + "DisableWindowTitleUpdates": true, + "FirstRunSettingsDisplayed": true, + "IndexerLogEnabled": false, + "IndexerThreadCount": 4, + "IndexerTransactionInterval": 300, + "InheritBackgroundColor": false, + "LastAcknowledgedUpdateVersion": "3.0.0", + "LastFmSessionId": "", + "LastFmToken": "", + "LastFmUsername": "", + "LibraryType": 1, + "Locale": "en_US", + "MinimizeToTray": false, + "PiggyEnabled": false, + "PlaybackTrackQueryTimeoutMs": 5000, + "RatingNegativeChar": "·", + "RatingPositiveChar": "★", + "RemoteLibraryHostname": "127.0.0.1", + "RemoteLibraryHttpPort": 7906, + "RemoteLibraryHttpTls": false, + "RemoteLibraryIgnoreVersionMismatch": 0, + "RemoteLibraryLatencyTimeoutMs": 5000, + "RemoteLibraryPassword": "", + "RemoteLibraryTranscoderBitrate": 192, + "RemoteLibraryTranscoderEnabled": false, + "RemoteLibraryTranscoderFormat": "ogg", + "RemoteLibraryWssPort": 7905, + "RemoteLibraryWssTls": false, + "RemoveMissingFiles": true, + "SaveSessionOnExit": true, + "StartMinimized": false, + "SyncOnStartup": true, + "TrackSearchSortOrder": 0, + "UsePaletteColors": true +} \ No newline at end of file diff --git a/users/modules/musikcube/default.nix b/users/modules/musikcube/default.nix new file mode 100644 index 0000000..c2ff4c5 --- /dev/null +++ b/users/modules/musikcube/default.nix @@ -0,0 +1,22 @@ +{config, pkgs, lib, ...}: let + cfg = config.programs.musikcube; +in { + options = { + programs.musikcube = { + enable = lib.mkEnableOption "whether to enable musikcube"; + package = lib.mkOption { + type = lib.types.package; + default = pkgs.musikcube; + }; + settings = lib.mkOption { + type = (pkgs.formats.json {}).type; + default = builtins.fromJSON (builtins.readFile ./default-config.json); + }; + }; + }; + + config = lib.mkIf cfg.enable { + home.packages = [cfg.package]; + xdg.configFile."musikcube/settings.json".text = builtins.toJSON cfg.settings; + }; +} diff --git a/users/modules/musikcubed/default-config.json b/users/modules/musikcubed/default-config.json new file mode 100644 index 0000000..0844538 --- /dev/null +++ b/users/modules/musikcubed/default-config.json @@ -0,0 +1,13 @@ +{ + "debug": false, + "http_server_enabled": true, + "http_server_port": 7906, + "password": "", + "transcoder_cache_count": 50, + "transcoder_max_active_count": 4, + "transcoder_synchronous": false, + "transcoder_synchronous_fallback": false, + "use_ipv6": false, + "websocket_server_enabled": true, + "websocket_server_port": 7905 +} \ No newline at end of file diff --git a/users/modules/musikcubed/default.nix b/users/modules/musikcubed/default.nix new file mode 100644 index 0000000..d178f10 --- /dev/null +++ b/users/modules/musikcubed/default.nix @@ -0,0 +1,34 @@ +{config, lib, pkgs, ...}: let + cfg = config.services.musikcubed; +in { + options = { + services.musikcubed = { + enable = lib.mkEnableOption "whether to enable musikcubed"; + package = lib.mkOption { + type = lib.types.package; + default = pkgs.musikcube; + }; + settings = lib.mkOption { + type = (pkgs.formats.json {}).type; + default = builtins.fromJSON (builtins.readFile ./default-config.json); + }; + }; + }; + config = lib.mkIf cfg.enable { + systemd.user.services.musikcubed = { + Install = { + WantedBy = ["multi-user.target"]; + }; + Unit = { + Description = "musikcubed"; + After = "network.target"; + }; + Service = { + ExecStart = "${cfg.package}/bin/musikcubed --foreground"; + Restart = "on-failure"; + RestartSec = 5; + }; + }; + xdg.configFile."musikcube/plugin_musikcubeserver(wss,http).json".text = builtins.toJSON cfg.settings; + }; +} diff --git a/users/patriot/default.nix b/users/patriot/default.nix index 084e715..0ba1a5d 100644 --- a/users/patriot/default.nix +++ b/users/patriot/default.nix @@ -112,7 +112,7 @@ in { ["zoxide" "zsh" "fzf" "starship" "direnv"] # dev stuff ["helix" "code" "git" "ssh"] - ["lollypop"] + ["musikcube" "musikcubed"] ]; in l.flatten [ @@ -149,6 +149,7 @@ in { ++ mkPaths ".config" [ # "lutris" "dconf" + "musikcube" ]; files = l.flatten [ ".config/gnome-initial-setup-done" @@ -200,6 +201,7 @@ in { ]; }; programs = { + musikcube.enable = true; command-not-found.enable = nixosConfig.programs.command-not-found.enable; git = { @@ -212,6 +214,10 @@ in { }; }; services = { + musikcubed = { + enable = true; + settings.password = "somethingidk"; + }; gpg-agent = let defaultCacheTtl = 3600 * 6; maxCacheTtl = 3600 * 24;