Compare commits

..

5 Commits

Author SHA1 Message Date
ff8fdccc05
fix add stuff 2023-05-08 23:09:44 +03:00
d8bb7cd045
add secrets 2023-05-05 03:50:25 +03:00
30bafe174e
wip 2023-05-05 03:30:46 +03:00
cef3293400
wip 2023-05-05 03:09:46 +03:00
93cd9620dd
wip 2023-05-05 01:54:16 +03:00
43 changed files with 863 additions and 28 deletions

View File

@ -1,5 +1,26 @@
{ {
"nodes": { "nodes": {
"agenix": {
"inputs": {
"darwin": "darwin",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1682101079,
"narHash": "sha256-MdAhtjrLKnk2uiqun1FWABbKpLH090oeqCSiWemtuck=",
"owner": "ryantm",
"repo": "agenix",
"rev": "2994d002dcff5353ca1ac48ec584c7f6589fe447",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"all-cabal-json": { "all-cabal-json": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -189,6 +210,44 @@
"type": "github" "type": "github"
} }
}, },
"crane_4": {
"flake": false,
"locked": {
"lastModified": 1670900067,
"narHash": "sha256-VXVa+KBfukhmWizaiGiHRVX/fuk66P8dgSFfkVN4/MY=",
"owner": "ipetkov",
"repo": "crane",
"rev": "59b31b41a589c0a65e4a1f86b0e5eac68081468b",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1673295039,
"narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "87b9d090ad39b25b2400029c64825fc2a8868943",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"devshell": { "devshell": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -336,6 +395,77 @@
"type": "github" "type": "github"
} }
}, },
"dream2nix_3": {
"inputs": {
"all-cabal-json": [
"musikquad",
"nci"
],
"crane": "crane_4",
"devshell": [
"musikquad",
"nci"
],
"drv-parts": "drv-parts_2",
"flake-compat": "flake-compat_3",
"flake-parts": [
"musikquad",
"nci",
"parts"
],
"flake-utils-pre-commit": [
"musikquad",
"nci"
],
"ghc-utils": [
"musikquad",
"nci"
],
"gomod2nix": [
"musikquad",
"nci"
],
"mach-nix": [
"musikquad",
"nci"
],
"nix-pypi-fetcher": [
"musikquad",
"nci"
],
"nixpkgs": [
"musikquad",
"nci",
"nixpkgs"
],
"nixpkgsV1": "nixpkgsV1_2",
"poetry2nix": [
"musikquad",
"nci"
],
"pre-commit-hooks": [
"musikquad",
"nci"
],
"pruned-racket-catalog": [
"musikquad",
"nci"
]
},
"locked": {
"lastModified": 1680605243,
"narHash": "sha256-dUrxj653kcLvjNKRI7NoTJoj+Q7G+vOYsl4iuwtnIWo=",
"owner": "nix-community",
"repo": "dream2nix",
"rev": "34a80ab215f1f24068ea9c76f3a7e5bc19478653",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "dream2nix",
"type": "github"
}
},
"drv-parts": { "drv-parts": {
"inputs": { "inputs": {
"flake-compat": [ "flake-compat": [
@ -371,6 +501,41 @@
"type": "github" "type": "github"
} }
}, },
"drv-parts_2": {
"inputs": {
"flake-compat": [
"musikquad",
"nci",
"dream2nix",
"flake-compat"
],
"flake-parts": [
"musikquad",
"nci",
"dream2nix",
"flake-parts"
],
"nixpkgs": [
"musikquad",
"nci",
"dream2nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1680172861,
"narHash": "sha256-QMyI338xRxaHFDlCXdLCtgelGQX2PdlagZALky4ZXJ8=",
"owner": "davhau",
"repo": "drv-parts",
"rev": "ced8a52f62b0a94244713df2225c05c85b416110",
"type": "github"
},
"original": {
"owner": "davhau",
"repo": "drv-parts",
"type": "github"
}
},
"fenix": { "fenix": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -457,6 +622,22 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat_5": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": { "flake-utils": {
"locked": { "locked": {
"lastModified": 1678901627, "lastModified": 1678901627,
@ -611,6 +792,82 @@
"type": "github" "type": "github"
} }
}, },
"mk-naked-shell_2": {
"flake": false,
"locked": {
"lastModified": 1681286841,
"narHash": "sha256-3XlJrwlR0nBiREnuogoa5i1b4+w/XPe0z8bbrJASw0g=",
"owner": "yusdacra",
"repo": "mk-naked-shell",
"rev": "7612f828dd6f22b7fb332cc69440e839d7ffe6bd",
"type": "github"
},
"original": {
"owner": "yusdacra",
"repo": "mk-naked-shell",
"type": "github"
}
},
"musikquad": {
"inputs": {
"nci": "nci_3",
"nixpkgs": [
"nixpkgs"
],
"parts": "parts_5"
},
"locked": {
"lastModified": 1683296163,
"narHash": "sha256-pOdVitwRl8gUNMxInXwJJtXffSYYsAc0EWkFSFGvrRk=",
"owner": "yusdacra",
"repo": "musikquadrupled",
"rev": "e259740d501d00fb3548b0be145817ef8fdc35ae",
"type": "github"
},
"original": {
"owner": "yusdacra",
"repo": "musikquadrupled",
"type": "github"
}
},
"musikspider": {
"inputs": {
"naked-shell": "naked-shell",
"nixpkgs": [
"nixpkgs"
],
"parts": "parts_6",
"systems": "systems"
},
"locked": {
"lastModified": 1683276540,
"narHash": "sha256-JiuT8wmMH+vNVyBS18i/RNLDBUDEUCNdeqkwPQYsMDM=",
"owner": "yusdacra",
"repo": "musikspider",
"rev": "913b0df0b0a5ed78aa761584d9c6f87eff0e781d",
"type": "github"
},
"original": {
"owner": "yusdacra",
"repo": "musikspider",
"type": "github"
}
},
"naked-shell": {
"locked": {
"lastModified": 1681286841,
"narHash": "sha256-3XlJrwlR0nBiREnuogoa5i1b4+w/XPe0z8bbrJASw0g=",
"owner": "yusdacra",
"repo": "mk-naked-shell",
"rev": "7612f828dd6f22b7fb332cc69440e839d7ffe6bd",
"type": "github"
},
"original": {
"owner": "yusdacra",
"repo": "mk-naked-shell",
"type": "github"
}
},
"nci": { "nci": {
"inputs": { "inputs": {
"devshell": "devshell", "devshell": "devshell",
@ -663,13 +920,38 @@
"type": "github" "type": "github"
} }
}, },
"nci_3": {
"inputs": {
"dream2nix": "dream2nix_3",
"mk-naked-shell": "mk-naked-shell_2",
"nixpkgs": [
"musikquad",
"nixpkgs"
],
"parts": "parts_4",
"rust-overlay": "rust-overlay_4"
},
"locked": {
"lastModified": 1681711895,
"narHash": "sha256-/EeP+RRIw68/0C7CaOAElYQ2pXZAQCWnnU/qjO8OKKM=",
"owner": "yusdacra",
"repo": "nix-cargo-integration",
"rev": "cee5dba8ca34ccb0829ae3812d23afbea1fd9d5d",
"type": "github"
},
"original": {
"owner": "yusdacra",
"repo": "nix-cargo-integration",
"type": "github"
}
},
"nil": { "nil": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_3", "flake-utils": "flake-utils_3",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"rust-overlay": "rust-overlay_4" "rust-overlay": "rust-overlay_5"
}, },
"locked": { "locked": {
"lastModified": 1680544266, "lastModified": 1680544266,
@ -787,6 +1069,40 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-lib_3": {
"locked": {
"dir": "lib",
"lastModified": 1680213900,
"narHash": "sha256-cIDr5WZIj3EkKyCgj/6j3HBH4Jj1W296z7HTcWj1aMA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e3652e0735fbec227f342712f180f4f21f0594f2",
"type": "github"
},
"original": {
"dir": "lib",
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-master": {
"locked": {
"lastModified": 1683296009,
"narHash": "sha256-qc9IVP773bE1mEygZx70OGQQ23loAOwgiED86mRVfMk=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "00c0a2333ff02d1f4a7dbf2080648c9d969e0236",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "master",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-wayland": { "nixpkgs-wayland": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -818,6 +1134,21 @@
"type": "indirect" "type": "indirect"
} }
}, },
"nixpkgsV1_2": {
"locked": {
"lastModified": 1678500271,
"narHash": "sha256-tRBLElf6f02HJGG0ZR7znMNFv/Uf7b2fFInpTHiHaSE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "5eb98948b66de29f899c7fe27ae112a47964baf8",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-22.11",
"type": "indirect"
}
},
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1680213900, "lastModified": 1680213900,
@ -923,19 +1254,84 @@
"type": "github" "type": "github"
} }
}, },
"parts_4": {
"inputs": {
"nixpkgs-lib": [
"musikquad",
"nci",
"nixpkgs"
]
},
"locked": {
"lastModified": 1680392223,
"narHash": "sha256-n3g7QFr85lDODKt250rkZj2IFS3i4/8HBU2yKHO3tqw=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "dcc36e45d054d7bb554c9cdab69093debd91a0b5",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"parts_5": {
"inputs": {
"nixpkgs-lib": [
"musikquad",
"nixpkgs"
]
},
"locked": {
"lastModified": 1680392223,
"narHash": "sha256-n3g7QFr85lDODKt250rkZj2IFS3i4/8HBU2yKHO3tqw=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "dcc36e45d054d7bb554c9cdab69093debd91a0b5",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"parts_6": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib_3"
},
"locked": {
"lastModified": 1680392223,
"narHash": "sha256-n3g7QFr85lDODKt250rkZj2IFS3i4/8HBU2yKHO3tqw=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "dcc36e45d054d7bb554c9cdab69093debd91a0b5",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"agenix": "agenix",
"bernbot": "bernbot", "bernbot": "bernbot",
"blender-bin": "blender-bin", "blender-bin": "blender-bin",
"blog": "blog", "blog": "blog",
"conduit": "conduit", "conduit": "conduit",
"helix": "helix", "helix": "helix",
"home": "home", "home": "home",
"musikquad": "musikquad",
"musikspider": "musikspider",
"nil": "nil", "nil": "nil",
"nixinate": "nixinate", "nixinate": "nixinate",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixos-persistence": "nixos-persistence", "nixos-persistence": "nixos-persistence",
"nixpkgs": "nixpkgs_3", "nixpkgs": "nixpkgs_3",
"nixpkgs-master": "nixpkgs-master",
"nixpkgs-wayland": "nixpkgs-wayland", "nixpkgs-wayland": "nixpkgs-wayland",
"nur": "nur", "nur": "nur",
"stylix": "stylix", "stylix": "stylix",
@ -1025,6 +1421,22 @@
} }
}, },
"rust-overlay_4": { "rust-overlay_4": {
"flake": false,
"locked": {
"lastModified": 1681697975,
"narHash": "sha256-47DFtN5PX05eD8ObImkSu2W0hyyZ5cK1Tl9EvmW2NnU=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "ffe47b90076067ad5dc25fe739d95a463bdf3c59",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"rust-overlay_5": {
"inputs": { "inputs": {
"flake-utils": [ "flake-utils": [
"nil", "nil",
@ -1052,7 +1464,7 @@
"stylix": { "stylix": {
"inputs": { "inputs": {
"base16": "base16", "base16": "base16",
"flake-compat": "flake-compat_3", "flake-compat": "flake-compat_4",
"home-manager": [ "home-manager": [
"home" "home"
], ],
@ -1075,6 +1487,21 @@
"type": "github" "type": "github"
} }
}, },
"systems": {
"locked": {
"lastModified": 1680978846,
"narHash": "sha256-Gtqg8b/v49BFDpDetjclCYXm8mAnTrUzR0JnE2nv5aw=",
"owner": "nix-systems",
"repo": "x86_64-linux",
"rev": "2ecfcac5e15790ba6ce360ceccddb15ad16d08a8",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "x86_64-linux",
"type": "github"
}
},
"utils": { "utils": {
"locked": { "locked": {
"lastModified": 1678901627, "lastModified": 1678901627,
@ -1092,7 +1519,7 @@
}, },
"vscode-extensions": { "vscode-extensions": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_4", "flake-compat": "flake-compat_5",
"flake-utils": "flake-utils_4", "flake-utils": "flake-utils_4",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"

View File

@ -2,6 +2,7 @@
description = "config!!!"; description = "config!!!";
inputs = { inputs = {
nixpkgs-master.url = "github:nixos/nixpkgs/master";
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nur.url = "github:nix-community/NUR"; nur.url = "github:nix-community/NUR";
@ -41,6 +42,15 @@
vscode-extensions.url = "github:nix-community/nix-vscode-extensions"; vscode-extensions.url = "github:nix-community/nix-vscode-extensions";
vscode-extensions.inputs.nixpkgs.follows = "nixpkgs"; vscode-extensions.inputs.nixpkgs.follows = "nixpkgs";
agenix.url = "github:ryantm/agenix";
agenix.inputs.nixpkgs.follows = "nixpkgs";
musikquad.url = "github:yusdacra/musikquadrupled";
musikquad.inputs.nixpkgs.follows = "nixpkgs";
musikspider.url = "github:yusdacra/musikspider";
musikspider.inputs.nixpkgs.follows = "nixpkgs";
# needed for hyprland setup # needed for hyprland setup
# hyprland.url = "github:hyprwm/Hyprland"; # hyprland.url = "github:hyprwm/Hyprland";
# hyprland.inputs.nixpkgs.follows = "nixpkgs"; # hyprland.inputs.nixpkgs.follows = "nixpkgs";

View File

@ -6,7 +6,6 @@
}: let }: let
baseModules = [ baseModules = [
../modules ../modules
../secrets
../locale ../locale
inputs.home.nixosModule inputs.home.nixosModule
]; ];

View File

@ -9,6 +9,7 @@
imports = with inputs; imports = with inputs;
with nixos-hardware.nixosModules; with nixos-hardware.nixosModules;
[ [
inputs.agenix.nixosModules.default
nixpkgs.nixosModules.notDetected nixpkgs.nixosModules.notDetected
nixos-persistence.nixosModule nixos-persistence.nixosModule
common-pc-ssd common-pc-ssd
@ -114,6 +115,7 @@
}; };
networking.firewall.allowedUDPPorts = [49152]; networking.firewall.allowedUDPPorts = [49152];
networking.firewall.allowedTCPPorts = [7905 7906];
# for tailscale # for tailscale
networking.firewall.checkReversePath = "loose"; networking.firewall.checkReversePath = "loose";

View File

@ -0,0 +1,5 @@
{config, ...}: {
nix.extraOptions = ''
!include ${config.age.secrets.nixGithubAccessToken.path}
'';
}

View File

@ -0,0 +1,11 @@
{
age.identityPaths = ["/persist/keys/ssh_key"];
age.secrets.nixGithubAccessToken.file = ../../../secrets/nixGithubAccessToken.age;
age.secrets.wgTkarontoKey = {
file = ../../../secrets/wgTkarontoKey.age;
mode = "600";
owner = "systemd-network";
group = "systemd-network";
};
}

View File

@ -0,0 +1 @@
23.88.101.188

View File

@ -0,0 +1 @@
wua7uoPmmz0nXop3TKJOEUJ++LSmJdQxCRk9rNbPaAg=

View File

@ -0,0 +1,36 @@
{config, ...}: {
systemd.network.enable = true;
systemd.network.netdevs."wg0" = {
enable = true;
netdevConfig = {
Name = "wg0";
Kind = "wireguard";
};
wireguardConfig = {
PrivateKeyFile = config.age.secrets.wgTkarontoKey.path;
};
wireguardPeers = [
{
wireguardPeerConfig = {
PublicKey = builtins.readFile ./wgWolumondeKey.pub;
AllowedIPs = ["10.99.0.1/32"];
Endpoint = "${builtins.readFile ./wgWolumondeIp}:51820";
PersistentKeepalive = 25;
};
}
];
};
systemd.network.networks."wg0" = {
matchConfig.Name = "wg0";
networkConfig.Address = "10.99.0.2/24";
# routes = [
# {
# routeConfig = {
# Gateway = "10.99.0.1";
# Destination = "10.99.0.0/24";
# GatewayOnLink = true;
# };
# }
# ];
};
}

View File

@ -1,12 +1,13 @@
{ {
inputs, inputs,
pkgs,
config,
lib,
tlib, tlib,
... ...
}: { }: {
imports = tlib.importFolder (toString ./modules); imports =
[
inputs.agenix.nixosModules.default
]
++ (tlib.importFolder (toString ./modules));
boot.cleanTmpDir = true; boot.cleanTmpDir = true;
zramSwap.enable = true; zramSwap.enable = true;
@ -14,7 +15,7 @@
# firewall stuffs # firewall stuffs
networking.firewall = { networking.firewall = {
enable = true; enable = true;
allowedTCPPorts = [22 80 443]; allowedTCPPorts = [22 80 443 5005];
allowedUDPPortRanges = []; allowedUDPPortRanges = [];
}; };

View File

@ -1,4 +1,5 @@
{ {
config,
inputs, inputs,
pkgs, pkgs,
lib, lib,
@ -17,7 +18,7 @@ in {
Restart = "on-failure"; Restart = "on-failure";
RestartSec = 5; RestartSec = 5;
WorkingDirectory = "/var/lib/bernbot"; WorkingDirectory = "/var/lib/bernbot";
EnvironmentFile = "${inputs.self}/secrets/bernbot_token"; EnvironmentFile = config.age.secrets.bernbotToken.path;
} }
]; ];
}; };

View File

@ -4,7 +4,7 @@
... ...
}: { }: {
services.nginx.virtualHosts."gaze.systems" = { services.nginx.virtualHosts."gaze.systems" = {
enableACME = true; useACMEHost = "gaze.systems";
forceSSL = true; forceSSL = true;
root = "${inputs.blog.packages.${pkgs.system}.site}"; root = "${inputs.blog.packages.${pkgs.system}.site}";
locations."/".extraConfig = '' locations."/".extraConfig = ''

View File

@ -32,7 +32,7 @@ in {
}; };
services.nginx.virtualHosts."matrix.gaze.systems" = { services.nginx.virtualHosts."matrix.gaze.systems" = {
enableACME = true; useACMEHost = "gaze.systems";
forceSSL = true; forceSSL = true;
locations."/".proxyPass = "http://localhost:${toString config.services.matrix-conduit.settings.global.port}"; locations."/".proxyPass = "http://localhost:${toString config.services.matrix-conduit.settings.global.port}";
}; };

View File

@ -11,7 +11,7 @@
}; };
services.nginx.virtualHosts."git.gaze.systems" = { services.nginx.virtualHosts."git.gaze.systems" = {
enableACME = true; useACMEHost = "gaze.systems";
forceSSL = true; forceSSL = true;
locations."/".proxyPass = "http://localhost:3001"; locations."/".proxyPass = "http://localhost:3001";
}; };

View File

@ -0,0 +1,37 @@
{
config,
inputs,
pkgs,
...
}: let
pkg = inputs.musikquad.packages.${pkgs.system}.default;
in {
users.users.musikquad = {
isSystemUser = true;
group = "musikquad";
};
users.groups.musikquad = {};
systemd.services.musikquadrupled = {
description = "musikquadrupled";
wantedBy = ["multi-user.target"];
after = ["network.target"];
serviceConfig = {
User = "musikquad";
ExecStart = "${pkg}/bin/musikquadrupled";
Restart = "on-failure";
RestartSec = 5;
WorkingDirectory = "/var/lib/musikquad";
EnvironmentFile = config.age.secrets.musikquadConfig.path;
};
};
services.nginx.virtualHosts."mq.gaze.systems" = {
useACMEHost = "gaze.systems";
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:5005";
proxyWebsockets = true;
};
};
}

View File

@ -0,0 +1,11 @@
{
pkgs,
inputs,
...
}: {
services.nginx.virtualHosts."ms.gaze.systems" = {
useACMEHost = "gaze.systems";
forceSSL = true;
root = "${inputs.musikspider.packages.${pkgs.system}.musikspider}";
};
}

View File

@ -6,8 +6,20 @@
recommendedGzipSettings = true; recommendedGzipSettings = true;
recommendedProxySettings = true; recommendedProxySettings = true;
}; };
users.users.nginx.extraGroups = ["acme"];
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
defaults.email = (import "${inputs.self}/personal.nix").emails.primary; defaults.email = (import "${inputs.self}/personal.nix").emails.primary;
certs."gaze.systems" = {
webroot = "/var/lib/acme/acme-challenge";
extraDomainNames = [
"git.gaze.systems"
"matrix.gaze.systems"
"ms.gaze.systems"
"mq.gaze.systems"
];
};
}; };
} }

View File

@ -0,0 +1,10 @@
{
age.secrets.bernbotToken.file = ../../../secrets/bernbotToken.age;
age.secrets.wgWolumondeKey = {
file = ../../../secrets/wgWolumondeKey.age;
mode = "600";
owner = "systemd-network";
group = "systemd-network";
};
age.secrets.musikquadConfig.file = ../../../secrets/musikquadConfig.age;
}

View File

@ -5,6 +5,6 @@
passwordAuthentication = false; passwordAuthentication = false;
}; };
users.users.root.openssh.authorizedKeys.keys = [ users.users.root.openssh.authorizedKeys.keys = [
(builtins.readFile "${inputs.self}/secrets/ssh-key.pub") (builtins.readFile "${inputs.self}/secrets/yusdacra.key.pub")
]; ];
} }

View File

@ -0,0 +1 @@
IPz9tX4jsDOYcujU5B2KVuPaPVG2JaYA1FqLsZzky0Q=

View File

@ -0,0 +1,46 @@
{
config,
pkgs,
...
}: {
environment.systemPackages = [pkgs.wireguard-tools];
systemd.network.enable = true;
systemd.network.netdevs."wg0" = {
enable = true;
netdevConfig = {
Name = "wg0";
Kind = "wireguard";
};
wireguardConfig = {
ListenPort = 51820;
PrivateKeyFile = config.age.secrets.wgWolumondeKey.path;
};
wireguardPeers = [
{
wireguardPeerConfig = {
PublicKey = builtins.readFile ./wgTkarontoKey.pub;
AllowedIPs = ["10.99.0.2/32"];
};
}
];
};
systemd.network.networks."wg0" = {
matchConfig.Name = "wg0";
networkConfig.Address = "10.99.0.1/24";
# routes = [
# {
# routeConfig = {
# Gateway = "10.99.0.1";
# Destination = "10.99.0.0/24";
# };
# }
# ];
};
boot.kernel.sysctl = {
"net.ipv4.ip_forward" = 1;
};
networking.firewall.allowedUDPPorts = [51820];
}

View File

@ -14,8 +14,11 @@ lib.makeExtensible (self: {
importFolder = modules: let importFolder = modules: let
b = builtins; b = builtins;
files = b.readDir modules; files = b.readDir modules;
fileNames = b.attrNames files;
filesToImport = filesToImport =
b.map (name: "${modules}/${name}") (b.attrNames files); b.map
(name: "${modules}/${name}")
(b.filter (name: b.match ".*\.nix" name != null) fileNames);
in in
filesToImport; filesToImport;

View File

@ -2,7 +2,6 @@
pkgs, pkgs,
lib, lib,
inputs, inputs,
config,
... ...
}: { }: {
nix = { nix = {
@ -20,7 +19,6 @@
fallback = true fallback = true
extra-experimental-features = nix-command flakes extra-experimental-features = nix-command flakes
builders-use-substitutes = true builders-use-substitutes = true
netrc-file = /etc/nix/netrc
''; '';
nixPath = ["nixpkgs=${inputs.nixpkgs}" "home-manager=${inputs.home}"]; nixPath = ["nixpkgs=${inputs.nixpkgs}" "home-manager=${inputs.home}"];
}; };

View File

@ -1,6 +1,6 @@
{ {lib, ...}: {
networking.resolvconf.useLocalResolver = true; networking.resolvconf.useLocalResolver = true;
networking.networkmanager.dns = "none"; networking.networkmanager.dns = lib.mkForce "none";
services.dnscrypt-proxy2 = { services.dnscrypt-proxy2 = {
enable = true; enable = true;
settings = { settings = {

View File

@ -0,0 +1,3 @@
{inputs}: final: prev: {
agenix = inputs.agenix.packages."${final.system}".agenix;
}

View File

@ -0,0 +1,3 @@
{inputs}: final: prev: {
musikcube = inputs.nixpkgs-master.legacyPackages.${final.system}.musikcube;
}

View File

@ -1,4 +0,0 @@
* filter=git-crypt diff=git-crypt
ssh-key.pub !filter !diff
.gitattributes !filter !diff
README.md !filter !diff

19
secrets/bernbotToken.age Normal file
View File

@ -0,0 +1,19 @@
age-encryption.org/v1
-> ssh-ed25519 KjIL7g 9zqnchTxa2RNHh6dA3ywXt7kkdP7PIT09IDW5S5NBQU
kBvwfU6jyBgPkjww8mm7aKjDeC/te9AySRQhWW8zDkA
-> ssh-rsa Abmvag
CK5dRW3YSK7sSZoYqxuolfjHQkIKEKbzX4Z6PjaRaF5l5+/JPQnFhi+/AvhjAD5T
kdgUw6NjWRRRz8oxRfdXezDv+ilFT1SomYvvbc0BtVm1MSoSrw8mwvcP10E1Ufet
B5SgfGR1RCKrzUxG+zD7iXRfnpvpC7RURSRqSFoLZOEiHYE+yRaEWsL7bq5jrIqt
OOH7OP+g+ScReyaTz02ReHqCNnKl4YqM5V1EfCEgrchwMbEFZji7cqmoTQcG0Dbd
c16kdGwzTJrqKkcTGnGn+MwQb5WrSvWmE5JTliq+ksC8Mujot+ufZa1UFPz3uPJh
j2UIc4sWTRba7Jz/nqL2Ef5d8LeXtus/TqNszRBW3AIffXl5I04kQTb+sAv8WPTx
fH34li8Dd2RZdK/iPlJMqsUJhnb/4QpvDQaqigAzX9WLQy4sllsXQdjSwgm8Chen
0peoZsFiPkQrQ3qs9tm0JI8xFbFOnvaso0o9iMGi6JZfc1Xx1P1l533yJjm6BOAl
h7rX7ocLi8kfTmXAIzo80Ux0WfHyWkqvMbE6E59T5tVwcTyJQwg3F8UFs+HB7zY9
NajjyLZP7FnLFyEY9OkdZ+TmTERu7EssHWVVnm7y3YdglUbGI7dvNrYXEfK35HEN
kAofFoIKRIEx/EJfcqFksb3ghIg+d3TzfMSJlefhJXg
-> ~am?#^s~-grease
TZj9QCRRKFXA4zbN86Hc88WzEJGSfhfdiylgXgsVqmgdevbrs+Yek0NpdA
--- TI12rWP+DxEO/4ynIKZLXUraDINwjquPe27/MLbF+ws
Žû=úWùgÕÞ¦­|ã.ÍÙU<6æJ­]^8!s¸QØ$psÇÖëÕa™±4Êq?!#üfô  Ò¿œøü®ŸJ<4F>^çFçTwgh@뺡֨P˜‡“ô —ƒ Évwð`Ô`4;ÿ£3 ÖG\Œ

Binary file not shown.

Binary file not shown.

BIN
secrets/musikquadConfig.age Normal file

Binary file not shown.

View File

@ -0,0 +1,20 @@
age-encryption.org/v1
-> ssh-rsa Abmvag
f0TCb9mYA+pCLmnD+OrOCeXn4rZLQauDPctBDjw2OR8t5fRp+WMSp/dW8MmFO9iF
WMSpF/ga4DO3VnvsVtJ21tbekknoZqGMoIXQUL7ROYqbqWuJu0Oq63n0bJWI+Q8d
ugCJAhGgAkLADddneLNPLS6Fs/eO1ABGdgWBatreA32MZYHGarML1tpsCVy2s8z+
elfcNyGKKmjQHauvlkDYmPuRWoH7PX0Ef9fSSppYoVExwOmQxj18P7sIa5X4GSN3
BPSWEViUA6jO+bXsj+DLu6t9ReloFkYynamRsLtnKrGzMlJTnqCp9PAqOiOMXK9I
w5gC6ViD/2vPgkfogBbsFhUrGwAhrdeRJ5z+uacOq6I1mn3nZs5DnPs6BVBDKidc
KVEHNTwpLpEbaS6cOnXfSYuJd5UNJbnKi75cCI8I5fe0Bd5g2rJTsd3EZQOKE/34
3veDcCcWNL1ZykeUsUUj4V4vzSiWS5//nyFum54y3ihtvZIeFbtm2Jh403YuQHKn
ltFgYnIS5KjdfeQ11LOfDaHFbzIjqIWULJ6KV9zRqPmmb08diuiJ3LvXHxTVQ1/N
K1742vDJucMuSLhFIVq/lufCSg3DMXVJUs8U5VhaFCNTPXBWR3ZaS1AwZgm4bhW2
FQx+YDv5E2z0RSbqDUK07SPh33xu2XWkXEPH8KwB8d4
-> "J,lTC+-grease p ,
TRD6pwBJQ9U
--- uAglxAkrcJdg7FPLhAin6AUGoYQQ9O071OIZptp9790
†[†óð!!Ôüxº"¬œç`Y£IÂö Ö<>šG
(¥F:dq©EÎChl˜ùìÕä ±¤ù}]`Ý6wñm`X
•Ãy±t@qµ
lýçÅ[¿RúúÝ<C3BA>(š~tù£M±^zÆý

10
secrets/secrets.nix Normal file
View File

@ -0,0 +1,10 @@
let
yusdacra = builtins.readFile ./yusdacra.key.pub;
wolumonde = builtins.readFile ./wolumonde.key.pub;
in {
"wgWolumondeKey.age".publicKeys = [yusdacra wolumonde];
"wgTkarontoKey.age".publicKeys = [yusdacra];
"bernbotToken.age".publicKeys = [yusdacra wolumonde];
"musikquadConfig.age".publicKeys = [yusdacra wolumonde];
"nixGithubAccessToken.age".publicKeys = [yusdacra];
}

17
secrets/wgTkarontoKey.age Normal file
View File

@ -0,0 +1,17 @@
age-encryption.org/v1
-> ssh-rsa Abmvag
fO3lQR63PmOPCObw33ZW6wydazNyiY4DMELKcb+ScKsbWqv++DzZy9rhTAzIWy0L
mV5H06XQKrN8JxzC8S6KHKBiyFZBwMw4Q9HXQAj+GsKy9Ts8mT9Eydq2dVYlceBl
6U31EO1EkKh5wGbQztSc52uEIKwfskNM7pgF9FQkChFX3Fju7CDxQaJwtQQ9/6Fz
HikmDoK9EHdSyEowGFLzOSN+8nuI+QgH0e9p8NUGkZZt02V3KTZBgoSkeCwlqr3I
F8fr8mkmHmBq3X1AdDushorCHJioh9ZTcLhCd+WZwG8G+gtlnyLNNENEqcFO08yR
1KbCpr4wxmMGPs+vnE0PjFSZpvbT0qegauM0e/yGmZI7SjR8NfkN4Yah+lfgHgU6
ThsHav2FeDDKVocJrRMfyuMn0DB3wMv5XMBD41PQP9te3URQhrg9DptTUbtvcgBm
UQs83DL7UB5beNuku4pdb5ihXmmIu+UBXWRjbVXcdwVwTeUYSi+FzRKGeHN8Q6zB
Sq6OUQVtRoGKLyqnH05JzrnOKLP+YvAnfn95AjZu1fvxOLen6tTxiP1Hy0/IRWJ9
lCiDLJzueQqVU7APPNJ+mkco/9dBguuwqmjwj/0IopFLGGAXdq4xsPS6q4kmlUAb
s0PS2XoefHyliTZaeJN4m/rA8kxrEQ+A8TG8Iq0jhrQ
-> ImuX-grease ?
jDl7okapM3YiqfppSi0z4/g
--- 8OjxSYdr+L5qWxb5SyvjZ/exgFOwtiaHdHdvhMSV2CQ
ÇŸ0¥íçbú~†¦ý§bÔ?ì”îÆö¦ƒ6Ï úÀ+W,nÌŠŽ<C5A0>ƒ&ÈjQuËÏU<C38F>ªßmø£BâÁS}lˆ¦ôKª]H

View File

@ -0,0 +1,20 @@
age-encryption.org/v1
-> ssh-rsa Abmvag
VCeXZjRIvdZD1E5Xt/k1uH3j9nrdtGzQ8ydHQDGWUkZpOlBlucujrGuoCuiRZGle
7ctY5Np3lWH6aL9R8DtYmkz0AAKlZ/gK4UNdtFA9J0huNhk1GfWIuVU3yFEg+Mg0
LW7yK3uFvELjbQy5gKLczuMQhQ+CWuCf/4pRVnpLhqrCre4+jj2bEAfICsniSdcO
FuChw1IS7cRSttE9DShjT15Wml7+i5I4w2UY5tosi49dc8Y7FFa5EAnIkO6YbCrF
AV5OukWoASPWlzUIBG+hx1kVGIyOfBGemoeB/xksTGfY+uIdelCzqrAWg4JdnzP3
wgCqCCR/6xOhX4GHiJERwSeyJ54PKp+UwegOI8xPKiPOGk/8VXcpOKIaLQeb+nzW
YwEbPzmqYtzNmQk456PGcC9Ibv9HVZbC+cjKygh4z5lBJPL9/O8tz8AGDBuMaoLD
5DMoa9W/3BCzPW46YFJA5K4IbYfb6mqGnqTeZOq/KlxMydK1+iSgc8/ZTQEdJw80
WrVupR6BJkiu5bvMqCsuYtEbqWNAWFFz61ifQPt4s86B7QAWgNznfcf7nlufWQw4
u8J74WtaPe6K+wDybN3Xv9Hi5ZgwRU8220w8jHkY+986gVQoapkCv0xuxLSeJ1/9
2m5WifiM2lIk/yTtzPosfiMz4CynmKFm17sZcVOzACI
-> ssh-ed25519 KjIL7g jVrj2lq/7hxXvebnw92IOB+sgDt4MQF1HHInzGPrc0M
jPb62GFP+i3Vnw08kDJeD60m2Dnz4xd7Lsgv0LQtdBI
-> QZ=&db*J-grease '
isL9Vjh7E/6SBk2Lcv19W7vaWqjcQRbLgNm0iPx480QpbHC7r66dF7gBrl0TmdRR
zy2Q
--- 1IaQ42FjPe1B/rcWmA5ghfOIN/AOuqUcfXuh7oyOHn4
–ì<øC9LQ˜zÝ#¸P ‰Í5îìUBþÄ®T@Í•O×·÷éF ô7tægÌfjy7/d˶,¦£ôTÞÝ4<Ž3

View File

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFqvIsMes2kz/tbRYuPvM3amJdO0hhdXqofjiwDtiJjs

View File

@ -1 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDUeDBW4hnHgnT0SjVFeGDztht9owObSmiyWXmmIEGQp2IMPqFpCxkOU61osvfCf4ZT92Ok9iJTohLwFBvHJRD/+CH8/b54sgFAx1lLObkJOMLz4iWZ5y4fNtBYuIA2McQSQoMDpDz6TDym7v7HF7zoUyBmfHMT/9WiX/z6Ft9hY63eh9DcF7WVURzeUvXLApt9wUYUxxdC2KZ/VrDPrIOxCcOgj3le+1zTiD8zwfAGhkzRD3IEx0yCYK6oztrh6WTwA5ZW+cLziH2sVEvSHFa2O398gIvZpzsdYTcQt06d/oyZIvftcpxD8IvjpGgHEsN/mAg0ovexyqAVk+TV/1XySKaoPPVCekap0R50CVD9kEk+GlD78XBYi++aAMIq0/D+NOXkgksfODt3yJPPzQx4KH8gcn0dQJM5zeyTwDfclzMRqCwL1eVHY00EbtG9IcLmMsWk/lM6vpHfyHqHlqNJ3CnUuDBccz9p5ORC1cuj4r9CmXPPmh7OYk7gGiQb4oxuqsYClzp93qmU7qMvGwmxBJaVagNIJgBqb5fsne0OMlcer5CH4L31ozszkSkzCXtFWNoTdgQHU1J3DxxL9WQJCfKku4EPJadYOh80USnauOke5CqfsGtf6uMq4l5Ylcc1QcNhRqxpeTLAIZx0EYDhmQ4eGjAZbiv6ddUp9dAdiQ== openpgp:0xDE3C8FCD ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDUeDBW4hnHgnT0SjVFeGDztht9owObSmiyWXmmIEGQp2IMPqFpCxkOU61osvfCf4ZT92Ok9iJTohLwFBvHJRD/+CH8/b54sgFAx1lLObkJOMLz4iWZ5y4fNtBYuIA2McQSQoMDpDz6TDym7v7HF7zoUyBmfHMT/9WiX/z6Ft9hY63eh9DcF7WVURzeUvXLApt9wUYUxxdC2KZ/VrDPrIOxCcOgj3le+1zTiD8zwfAGhkzRD3IEx0yCYK6oztrh6WTwA5ZW+cLziH2sVEvSHFa2O398gIvZpzsdYTcQt06d/oyZIvftcpxD8IvjpGgHEsN/mAg0ovexyqAVk+TV/1XySKaoPPVCekap0R50CVD9kEk+GlD78XBYi++aAMIq0/D+NOXkgksfODt3yJPPzQx4KH8gcn0dQJM5zeyTwDfclzMRqCwL1eVHY00EbtG9IcLmMsWk/lM6vpHfyHqHlqNJ3CnUuDBccz9p5ORC1cuj4r9CmXPPmh7OYk7gGiQb4oxuqsYClzp93qmU7qMvGwmxBJaVagNIJgBqb5fsne0OMlcer5CH4L31ozszkSkzCXtFWNoTdgQHU1J3DxxL9WQJCfKku4EPJadYOh80USnauOke5CqfsGtf6uMq4l5Ylcc1QcNhRqxpeTLAIZx0EYDhmQ4eGjAZbiv6ddUp9dAdiQ==

View File

@ -1,9 +1,23 @@
{tlib, ...}: {tlib, ...}:
tlib.genPkgs (pkgs: { tlib.genPkgs (pkgs: let
agenix-wrapped = pkgs.writeShellApplication {
name = "agenix";
runtimeInputs = [pkgs.agenix];
text = ''
if [ -z "''${1-}" ]; then
agenix
else
RULES="/etc/nixos/secrets/secrets.nix" agenix -i /etc/nixos/keys/ssh_key "$@"
fi
'';
};
in {
default = with pkgs; default = with pkgs;
mkShell { mkShell {
name = "prts"; name = "prts";
buildInputs = [git git-crypt alejandra helix]; buildInputs = [git git-crypt alejandra helix agenix-wrapped rage];
shellHook = "echo \"$(tput bold)welcome to PRTS, $USER$(tput sgr0)\""; shellHook = ''
echo \"$(tput bold)welcome to PRTS, $USER$(tput sgr0)\"
'';
}; };
}) })

View File

@ -0,0 +1,45 @@
{
"AppQuitKey": "^D",
"AsyncTrackListQueries": true,
"AutoHideCommandBar": false,
"AutoUpdateCheck": true,
"CategoryTrackListSortOrder": 0,
"ColorTheme": "",
"DisableAlbumArtistFallback": false,
"DisableCustomColors": false,
"DisableRatingColumn": false,
"DisableWindowTitleUpdates": true,
"FirstRunSettingsDisplayed": true,
"IndexerLogEnabled": false,
"IndexerThreadCount": 4,
"IndexerTransactionInterval": 300,
"InheritBackgroundColor": false,
"LastAcknowledgedUpdateVersion": "3.0.0",
"LastFmSessionId": "",
"LastFmToken": "",
"LastFmUsername": "",
"LibraryType": 1,
"Locale": "en_US",
"MinimizeToTray": false,
"PiggyEnabled": false,
"PlaybackTrackQueryTimeoutMs": 5000,
"RatingNegativeChar": "·",
"RatingPositiveChar": "★",
"RemoteLibraryHostname": "127.0.0.1",
"RemoteLibraryHttpPort": 7906,
"RemoteLibraryHttpTls": false,
"RemoteLibraryIgnoreVersionMismatch": 0,
"RemoteLibraryLatencyTimeoutMs": 5000,
"RemoteLibraryPassword": "",
"RemoteLibraryTranscoderBitrate": 192,
"RemoteLibraryTranscoderEnabled": false,
"RemoteLibraryTranscoderFormat": "ogg",
"RemoteLibraryWssPort": 7905,
"RemoteLibraryWssTls": false,
"RemoveMissingFiles": true,
"SaveSessionOnExit": true,
"StartMinimized": false,
"SyncOnStartup": true,
"TrackSearchSortOrder": 0,
"UsePaletteColors": true
}

View File

@ -0,0 +1,22 @@
{config, pkgs, lib, ...}: let
cfg = config.programs.musikcube;
in {
options = {
programs.musikcube = {
enable = lib.mkEnableOption "whether to enable musikcube";
package = lib.mkOption {
type = lib.types.package;
default = pkgs.musikcube;
};
settings = lib.mkOption {
type = (pkgs.formats.json {}).type;
default = builtins.fromJSON (builtins.readFile ./default-config.json);
};
};
};
config = lib.mkIf cfg.enable {
home.packages = [cfg.package];
xdg.configFile."musikcube/settings.json".text = builtins.toJSON cfg.settings;
};
}

View File

@ -0,0 +1,13 @@
{
"debug": false,
"http_server_enabled": true,
"http_server_port": 7906,
"password": "",
"transcoder_cache_count": 50,
"transcoder_max_active_count": 4,
"transcoder_synchronous": false,
"transcoder_synchronous_fallback": false,
"use_ipv6": false,
"websocket_server_enabled": true,
"websocket_server_port": 7905
}

View File

@ -0,0 +1,34 @@
{config, lib, pkgs, ...}: let
cfg = config.services.musikcubed;
in {
options = {
services.musikcubed = {
enable = lib.mkEnableOption "whether to enable musikcubed";
package = lib.mkOption {
type = lib.types.package;
default = pkgs.musikcube;
};
settings = lib.mkOption {
type = (pkgs.formats.json {}).type;
default = builtins.fromJSON (builtins.readFile ./default-config.json);
};
};
};
config = lib.mkIf cfg.enable {
systemd.user.services.musikcubed = {
Install = {
WantedBy = ["multi-user.target"];
};
Unit = {
Description = "musikcubed";
After = "network.target";
};
Service = {
ExecStart = "${cfg.package}/bin/musikcubed --foreground";
Restart = "on-failure";
RestartSec = 5;
};
};
xdg.configFile."musikcube/plugin_musikcubeserver(wss,http).json".text = builtins.toJSON cfg.settings;
};
}

View File

@ -112,7 +112,7 @@ in {
["zoxide" "zsh" "fzf" "starship" "direnv"] ["zoxide" "zsh" "fzf" "starship" "direnv"]
# dev stuff # dev stuff
["helix" "code" "git" "ssh"] ["helix" "code" "git" "ssh"]
["lollypop"] ["musikcube" "musikcubed"]
]; ];
in in
l.flatten [ l.flatten [
@ -149,6 +149,7 @@ in {
++ mkPaths ".config" [ ++ mkPaths ".config" [
# "lutris" # "lutris"
"dconf" "dconf"
"musikcube"
]; ];
files = l.flatten [ files = l.flatten [
".config/gnome-initial-setup-done" ".config/gnome-initial-setup-done"
@ -200,6 +201,7 @@ in {
]; ];
}; };
programs = { programs = {
musikcube.enable = true;
command-not-found.enable = command-not-found.enable =
nixosConfig.programs.command-not-found.enable; nixosConfig.programs.command-not-found.enable;
git = { git = {
@ -212,6 +214,10 @@ in {
}; };
}; };
services = { services = {
musikcubed = {
enable = true;
settings.password = "somethingidk";
};
gpg-agent = let gpg-agent = let
defaultCacheTtl = 3600 * 6; defaultCacheTtl = 3600 * 6;
maxCacheTtl = 3600 * 24; maxCacheTtl = 3600 * 24;