3 Commits

Author SHA1 Message Date
a1d4948bb3 Add nerdfonts 2024-03-09 21:35:42 +00:00
5d21d262fa Remove unused variable 2024-03-09 21:17:54 +00:00
1926dda49d Switch to lunarvim 2024-03-03 23:17:42 +00:00
16 changed files with 49 additions and 478 deletions

View File

@ -9,47 +9,16 @@ System and user configuration for NixOS-based systems.
| **Theme:** | adwaita | | **Theme:** | adwaita |
| **Terminal:** | Console | | **Terminal:** | Console |
## Provisioning a new host ## Provisioning
> [nixos-anywhere](https://github.com/nix-community/nixos-anywhere) is the module used > [nixos-anywhere](https://github.com/nix-community/nixos-anywhere) is the module used for provisioning
> for provisioning
Generate a new SSH host key in "$temp/etc/ssh" as per [this guide](https://nix-community.github.io/nixos-anywhere/howtos/secrets.html#example-decrypting-an-openssh-host-key-with-pass). Generate a new SSH host key in "$temp/etc/ssh" as per [this guide](https://nix-community.github.io/nixos-anywhere/howtos/secrets.html#example-decrypting-an-openssh-host-key-with-pass).
```
ssh-keygen -t ed25519 -f /tmp/ssh_host_ed25519_key
```
Update [nix-secrets](/jordan/nix-secrets) with the new host key to enable the system to decrypt Then run;
any relevant secrets.
In order to use the borgmatic module for backups, go to [borgbase.com](https://borgbase.com).
Add the generated SSH host key and create a new repository for the system.
Create a new directory under `hosts/` with a system configuration and disk layout.
Boot the NixOS installer (or any Linux distribution) on the target.
Then run:
``` ```
nix run github:nix-community/nixos-anywhere -- \ nix run github:nix-community/nixos-anywhere -- \
--disk-encryption-keys /tmp/secret.key /tmp/secret.key \ --disk-encryption-keys /tmp/secret.key /tmp/secret.key \
--extra-files "$temp" \ --extra-files "$temp" \
--flake .#<hostname> \ --flake .#<hostname> \
root@<target-ip> root@<ip>
``` ```
### Post install
If backups are configured, you'll need to run:
```
borgmatic init --encryption repokey-blake2
```
then restart `borgmatic`.
To join the Tailscale network, run:
```
tailscale up --login-server https://headscale.vimium.net
```
then visit the URL, SSH onto `vps1` and run `headscale --user mesh nodes register --key <key>`.
The new node can optionally be given a friendly name with `headscale node rename -i <index> <hostname>`.

166
flake.lock generated
View File

@ -8,11 +8,11 @@
"systems": "systems" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1712079060, "lastModified": 1707830867,
"narHash": "sha256-/JdiT9t+zzjChc5qQiF+jhrVhRt8figYH29rZO7pFe4=", "narHash": "sha256-PAdwm5QqdlwIqGrfzzvzZubM+FXtilekQ/FA0cI49/o=",
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"rev": "1381a759b205dff7a6818733118d02253340fd5e", "rev": "8cb01a0e717311680e0cbca06a76cbceba6f3ed6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -21,22 +21,6 @@
"type": "github" "type": "github"
} }
}, },
"blobs": {
"flake": false,
"locked": {
"lastModified": 1604995301,
"narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=",
"owner": "simple-nixos-mailserver",
"repo": "blobs",
"rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265",
"type": "gitlab"
},
"original": {
"owner": "simple-nixos-mailserver",
"repo": "blobs",
"type": "gitlab"
}
},
"darwin": { "darwin": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -66,11 +50,11 @@
"utils": "utils" "utils": "utils"
}, },
"locked": { "locked": {
"lastModified": 1711973905, "lastModified": 1708091384,
"narHash": "sha256-UFKME/N1pbUtn+2Aqnk+agUt8CekbpuqwzljivfIme8=", "narHash": "sha256-dTGGw2y8wvfjr+J9CjQbfdulOq72hUG17HXVNxpH1yE=",
"owner": "serokell", "owner": "serokell",
"repo": "deploy-rs", "repo": "deploy-rs",
"rev": "88b3059b020da69cbe16526b8d639bd5e0b51c8b", "rev": "0a0187794ac7f7a1e62cda3dabf8dc041f868790",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -86,11 +70,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1712947906, "lastModified": 1709439398,
"narHash": "sha256-T0eT2lMbcK7RLelkx0qx4SiFpOS/0dt0aSfLB+WsGV8=", "narHash": "sha256-MW0zp3ta7SvdpjvhVCbtP20ewRwQZX2vRFn14gTc4Kg=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "8d4ae698eaac8bd717e23507da2ca8b345bec4b5", "rev": "1f76b318aa11170c8ca8c225a9b4c458a5fcbb57",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -102,11 +86,11 @@
"firefox-gnome-theme": { "firefox-gnome-theme": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1712590130, "lastModified": 1708965002,
"narHash": "sha256-NOfsWKOLifmRLIySbjlJFFLuRT8UVyLeZItuLCjvIno=", "narHash": "sha256-gIBZCPB0sA8Gagrxd8w4+y9uUkWBnXJBmq9Ur5BYTQU=",
"owner": "rafaelmardojai", "owner": "rafaelmardojai",
"repo": "firefox-gnome-theme", "repo": "firefox-gnome-theme",
"rev": "a95be99b28fdf1c33f1399a387eb594cf9bffc99", "rev": "4e966509c180f93ba8665cd73cad8456bf44baab",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -131,22 +115,6 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1668681692,
"narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "009399224d5e398d03b22badca40a37ac85412a1",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -175,11 +143,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1712386041, "lastModified": 1706981411,
"narHash": "sha256-dA82pOMQNnCJMAsPG7AXG35VmCSMZsJHTFlTHizpKWQ=", "narHash": "sha256-cLbLPTL1CDmETVh4p0nQtvoF+FSEjsnJTFpTxhXywhQ=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "d6bb9f934f2870e5cbc5b94c79e9db22246141ff", "rev": "652fda4ca6dafeb090943422c34ae9145787af37",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -191,11 +159,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1712909959, "lastModified": 1709410583,
"narHash": "sha256-7/5ubuwdEbQ7Z+Vqd4u0mM5L2VMNDsBh54visp27CtQ=", "narHash": "sha256-esOSUoQ7mblwcsSea0K17McZuwAIjoS6dq/4b83+lvw=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "f58b25254be441cd2a9b4b444ed83f1e51244f1f", "rev": "59e37017b9ed31dee303dbbd4531c594df95cfbc",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -204,32 +172,6 @@
"type": "github" "type": "github"
} }
}, },
"nixos-mailserver": {
"inputs": {
"blobs": "blobs",
"flake-compat": "flake-compat_2",
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-23_05": "nixpkgs-23_05",
"nixpkgs-23_11": "nixpkgs-23_11",
"utils": "utils_2"
},
"locked": {
"lastModified": 1706219574,
"narHash": "sha256-qO+8UErk+bXCq2ybHU4GzXG4Ejk4Tk0rnnTPNyypW4g=",
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
"rev": "e47f3719f1db3e0961a4358d4cb234a0acaa7baf",
"type": "gitlab"
},
"original": {
"owner": "simple-nixos-mailserver",
"ref": "nixos-23.11",
"repo": "nixos-mailserver",
"type": "gitlab"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1703013332, "lastModified": 1703013332,
@ -246,43 +188,13 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-23_05": {
"locked": {
"lastModified": 1704290814,
"narHash": "sha256-LWvKHp7kGxk/GEtlrGYV68qIvPHkU9iToomNFGagixU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "70bdadeb94ffc8806c0570eb5c2695ad29f0e421",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-23.05",
"type": "indirect"
}
},
"nixpkgs-23_11": {
"locked": {
"lastModified": 1706098335,
"narHash": "sha256-r3dWjT8P9/Ah5m5ul4WqIWD8muj5F+/gbCdjiNVBKmU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a77ab169a83a4175169d78684ddd2e54486ac651",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-23.11",
"type": "indirect"
}
},
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1712791164, "lastModified": 1709237383,
"narHash": "sha256-3sbWO1mbpWsLepZGbWaMovSO7ndZeFqDSdX0hZ9nVyw=", "narHash": "sha256-cy6ArO4k5qTx+l5o+0mL9f5fa86tYUX3ozE1S+Txlds=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "1042fd8b148a9105f3c0aca3a6177fd1d9360ba5", "rev": "1536926ef5621b09bba54035ae2bb6d806d72ac8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -309,11 +221,11 @@
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1712867921, "lastModified": 1709309926,
"narHash": "sha256-edTFV4KldkCMdViC/rmpJa7oLIU8SE/S35lh/ukC7bg=", "narHash": "sha256-VZFBtXGVD9LWTecGi6eXrE0hJ/mVB3zGUlHImUs2Qak=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "51651a540816273b67bc4dedea2d37d116c5f7fe", "rev": "79baff8812a0d68e24a836df0a364c678089e2c7",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -330,7 +242,6 @@
"firefox-gnome-theme": "firefox-gnome-theme", "firefox-gnome-theme": "firefox-gnome-theme",
"home-manager": "home-manager_2", "home-manager": "home-manager_2",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixos-mailserver": "nixos-mailserver",
"nixpkgs": "nixpkgs_3", "nixpkgs": "nixpkgs_3",
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",
"secrets": "secrets", "secrets": "secrets",
@ -340,11 +251,11 @@
"secrets": { "secrets": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1712006510, "lastModified": 1709495020,
"narHash": "sha256-JQ3ZcSwIB6d3gDcx/nZCUlSfZGwaI55WNmD9mK2uTPA=", "narHash": "sha256-eiz0qUjUbdeb6m28XPY7OVnrGMZ45JiT2dZZ0Bmq2X0=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "f350d35d7651c415fa4c0d6a7cff378ba5650f93", "rev": "d135b4d6d5f0079999188895f8b5f35e821b0d4b",
"revCount": 17, "revCount": 14,
"type": "git", "type": "git",
"url": "ssh://git@git.vimium.com/jordan/nix-secrets.git" "url": "ssh://git@git.vimium.com/jordan/nix-secrets.git"
}, },
@ -386,11 +297,11 @@
"thunderbird-gnome-theme": { "thunderbird-gnome-theme": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1710774977, "lastModified": 1701889124,
"narHash": "sha256-nQBz2PW3YF3+RTflPzDoAcs6vH1PTozESIYUGAwvSdA=", "narHash": "sha256-K+6oh7+J6RDBFkxphY/pzf0B+q5+IY54ZMKZrFSKXlc=",
"owner": "rafaelmardojai", "owner": "rafaelmardojai",
"repo": "thunderbird-gnome-theme", "repo": "thunderbird-gnome-theme",
"rev": "65d5c03fc9172d549a3ea72fd366d544981a002b", "rev": "966e9dd54bd2ce9d36d51cd6af8c3bac7a764a68",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -416,21 +327,6 @@
"repo": "flake-utils", "repo": "flake-utils",
"type": "github" "type": "github"
} }
},
"utils_2": {
"locked": {
"lastModified": 1605370193,
"narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5021eac20303a61fafe17224c087f5519baed54d",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

View File

@ -20,10 +20,6 @@
flake = false; flake = false;
}; };
nixos-hardware.url = "github:NixOS/nixos-hardware"; nixos-hardware.url = "github:NixOS/nixos-hardware";
nixos-mailserver = {
url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.11";
inputs.nixpkgs.follows = "nixpkgs";
};
secrets = { secrets = {
url = "git+ssh://git@git.vimium.com/jordan/nix-secrets.git"; url = "git+ssh://git@git.vimium.com/jordan/nix-secrets.git";
flake = false; flake = false;
@ -34,7 +30,7 @@
}; };
}; };
outputs = inputs @ { self, nixpkgs, nixpkgs-unstable, agenix, deploy-rs, disko, home-manager, nixos-hardware, nixos-mailserver, secrets, ... }: outputs = inputs @ { self, nixpkgs, nixpkgs-unstable, agenix, deploy-rs, disko, home-manager, nixos-hardware, secrets, ... }:
let let
mkPkgsForSystem = system: inputs.nixpkgs; mkPkgsForSystem = system: inputs.nixpkgs;
overlays = [ overlays = [
@ -50,7 +46,6 @@
commonModules = [ commonModules = [
agenix.nixosModules.age agenix.nixosModules.age
disko.nixosModules.disko disko.nixosModules.disko
nixos-mailserver.nixosModule
home-manager.nixosModule home-manager.nixosModule
./modules ./modules
]; ];
@ -83,7 +78,6 @@
helios = mkNixosSystem { system = "x86_64-linux"; name = "helios"; }; helios = mkNixosSystem { system = "x86_64-linux"; name = "helios"; };
hypnos = mkNixosSystem { system = "x86_64-linux"; name = "hypnos"; }; hypnos = mkNixosSystem { system = "x86_64-linux"; name = "hypnos"; };
library = mkNixosSystem { system = "x86_64-linux"; name = "library"; }; library = mkNixosSystem { system = "x86_64-linux"; name = "library"; };
mail = mkNixosSystem { system = "x86_64-linux"; name = "mail"; };
odyssey = mkNixosSystem { system = "x86_64-linux"; name = "odyssey"; }; odyssey = mkNixosSystem { system = "x86_64-linux"; name = "odyssey"; };
pi = mkNixosSystem { system = "aarch64-linux"; name = "pi"; extraModules = [ nixos-hardware.nixosModules.raspberry-pi-4 ]; }; pi = mkNixosSystem { system = "aarch64-linux"; name = "pi"; extraModules = [ nixos-hardware.nixosModules.raspberry-pi-4 ]; };
vps1 = mkNixosSystem { system = "x86_64-linux"; name = "vps1"; }; vps1 = mkNixosSystem { system = "x86_64-linux"; name = "vps1"; };
@ -100,14 +94,6 @@
autoRollback = true; autoRollback = true;
sshUser = "root"; sshUser = "root";
nodes = { nodes = {
mail = {
hostname = "mail.mesh.vimium.net";
profiles.system = {
user = "root";
path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.mail;
};
};
vps1 = { vps1 = {
hostname = "vps1.mesh.vimium.net"; hostname = "vps1.mesh.vimium.net";

View File

@ -36,6 +36,7 @@
}; };
editors = { editors = {
neovim.enable = true; neovim.enable = true;
vscode.enable = true;
}; };
security = { security = {
gpg.enable = true; gpg.enable = true;

View File

@ -49,7 +49,6 @@
max-free = 1000000000; max-free = 1000000000;
fallback = true; fallback = true;
allowed-users = [ "@wheel" ]; allowed-users = [ "@wheel" ];
trusted-users = [ "@wheel" ];
auto-optimise-store = true; auto-optimise-store = true;
substituters = [ substituters = [
"http://odyssey.mesh.vimium.net" "http://odyssey.mesh.vimium.net"

View File

@ -1,18 +0,0 @@
# Mail server
## Overview
Mail server hosted in OVH.
## Specs
* CPU - ??
* Memory - ??
### Disks
Device | Partitions _(filesystem, usage)_
--- | ---
NVMe | `/dev/sda1` (ext4, NixOS Root)
### Networks
- DHCP on `10.0.1.0/24` subnet.
- Tailscale on `100.64.0.0/10` subnet. FQDN: `mail.mesh.vimium.net`.

View File

@ -1,55 +0,0 @@
{ config, lib, pkgs, inputs, ... }:
{
imports = [
./hardware-configuration.nix
./disko-config.nix
../server.nix
];
networking = {
hostId = "08ac2f14";
domain = "mesh.vimium.net";
firewall = {
enable = true;
allowedTCPPorts = [
22 # SSH
];
};
};
users = {
users = {
root = {
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILVHTjsyMIV4THNw6yz0OxAxGnC+41gX72UrPqTzR+OS jordan@vimium.com"
];
};
};
};
services.openssh.settings.PermitRootLogin = lib.mkForce "prohibit-password";
security.acme.defaults = {
email = "hostmaster@vimium.com";
group = "nginx";
webroot = "/var/lib/acme/acme-challenge";
};
modules = {
services = {
borgmatic = {
enable = true;
directories = [
"/var/dkim"
"/var/lib"
"/var/vmail"
];
repoPath = "ssh://kg2mpt28@kg2mpt28.repo.borgbase.com/./repo";
};
mail.enable = true;
};
};
system.stateVersion = "22.11";
}

View File

@ -1,55 +0,0 @@
{ lib, ... }:
{
disko.devices = {
disk.disk1 = {
device = lib.mkDefault "/dev/sda";
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
name = "boot";
size = "2M";
type = "EF02";
};
esp = {
name = "ESP";
size = "300M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
name = "root";
size = "100%";
content = {
type = "lvm_pv";
vg = "pool";
};
};
};
};
};
lvm_vg = {
pool = {
type = "lvm_vg";
lvs = {
root = {
size = "100%FREE";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
mountOptions = [
"defaults"
];
};
};
};
};
};
};
}

View File

@ -1,22 +0,0 @@
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot = {
initrd = {
availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
kernelModules = [ "nvme" ];
};
loader.grub = {
efiSupport = true;
efiInstallAsRemovable = true;
};
tmp.cleanOnBoot = true;
};
zramSwap.enable = true;
}

View File

@ -70,6 +70,7 @@
}; };
editors = { editors = {
neovim.enable = true; neovim.enable = true;
vscode.enable = true;
}; };
hardware.presonus-studio.enable = true; hardware.presonus-studio.enable = true;
security = { security = {

View File

@ -62,7 +62,6 @@
headscale.enable = true; headscale.enable = true;
matrix-synapse.enable = true; matrix-synapse.enable = true;
nginx.enable = true; nginx.enable = true;
photoprism.enable = true;
}; };
}; };

View File

@ -34,10 +34,8 @@
./services/coturn ./services/coturn
./services/gitea ./services/gitea
./services/headscale ./services/headscale
./services/mail
./services/matrix-synapse ./services/matrix-synapse
./services/nginx ./services/nginx
./services/photoprism
./shell/git ./shell/git
./shell/zsh ./shell/zsh
]; ];

View File

@ -54,11 +54,11 @@ in {
}; };
config = { config = {
user.packages = with pkgs; [ user.packages = with pkgs.unstable; [
(lib.mkIf cfg.ps1.enable duckstation) (lib.mkIf cfg.ps1.enable duckstation)
(lib.mkIf cfg.ps2.enable unstable.pcsx2) (lib.mkIf cfg.ps2.enable pcsx2)
(lib.mkIf cfg.ps3.enable rpcs3) (lib.mkIf cfg.ps3.enable rpcs3)
(lib.mkIf cfg.psp.enable unstable.ppsspp) (lib.mkIf cfg.psp.enable ppsspp)
(lib.mkIf cfg.ds.enable desmume) (lib.mkIf cfg.ds.enable desmume)
(lib.mkIf (cfg.gba.enable || (lib.mkIf (cfg.gba.enable ||
cfg.gb.enable || cfg.gb.enable ||
@ -68,7 +68,7 @@ in {
(lib.mkIf (cfg.wii.enable || (lib.mkIf (cfg.wii.enable ||
cfg.gamecube.enable) cfg.gamecube.enable)
dolphin-emu) dolphin-emu)
(lib.mkIf cfg.xbox.enable unstable.xemu) (lib.mkIf cfg.xbox.enable xemu)
]; ];
}; };
} }

View File

@ -135,8 +135,6 @@ in {
}; };
"org/gnome/Console" = { "org/gnome/Console" = {
font-scale = 1.4; font-scale = 1.4;
use-system-font = false;
custom-font = "ComicShannsMono Nerd Font 10";
}; };
"org/gnome/mutter" = { "org/gnome/mutter" = {
center-new-windows = true; center-new-windows = true;
@ -164,23 +162,23 @@ in {
user.packages = with pkgs; [ user.packages = with pkgs; [
authenticator authenticator
# bottles bottles
# bustle bustle
celluloid celluloid
# d-spy d-spy
# drawing drawing
# fragments fragments
gnome.ghex gnome.ghex
# gnome-builder # gnome-builder
gnome-decoder gnome-decoder
gnome-firmware gnome-firmware
gnome-frog gnome-frog
# gnome-obfuscate gnome-obfuscate
gnome-podcasts gnome-podcasts
identity identity
mission-center mission-center
newsflash newsflash
# schemes schemes
shortwave shortwave
]; ];
@ -222,7 +220,6 @@ in {
# gnomeExtensions.workspace-matrix # gnomeExtensions.workspace-matrix
iotop iotop
unstable.morewaita-icon-theme unstable.morewaita-icon-theme
unstable.nix-tree
ripgrep ripgrep
rsync rsync
tcpdump tcpdump

View File

@ -1,68 +0,0 @@
{ config, lib, pkgs, ... }:
let
cfg = config.modules.services.mail;
domains = [
"h0lt.com"
"jdholt.com"
"jordanholt.xyz"
"vimium.co"
"vimium.co.uk"
"vimium.info"
"vimium.net"
"vimium.org"
"vimium.xyz"
];
in {
options.modules.services.mail = {
enable = lib.mkOption {
default = false;
example = true;
};
};
config = lib.mkIf cfg.enable {
services.roundcube = {
enable = true;
hostName = config.mailserver.fqdn;
extraConfig = ''
$config['smtp_server'] = "tls://${config.mailserver.fqdn}";
$config['smtp_user'] = "%u";
$config['smtp_pass'] = "%p";
'';
};
services.nginx.enable = true;
networking.firewall.allowedTCPPorts = [ 80 443 ];
mailserver = {
enable = true;
fqdn = "mail.vimium.com";
domains = domains;
indexDir = "/var/lib/dovecot/indices";
certificateDomains = [
"imap.vimium.com"
"smtp.vimium.com"
];
certificateScheme = "acme-nginx";
fullTextSearch.enable = true;
loginAccounts = {
"jordan@vimium.com" = {
hashedPasswordFile = config.users.users.jordan.hashedPasswordFile;
catchAll = domains;
};
};
extraVirtualAliases = {
"hostmaster@vimium.com" = "jordan@vimium.com";
"postmaster@vimium.com" = "jordan@vimium.com";
"webmaster@vimium.com" = "jordan@vimium.com";
"abuse@vimium.com" = "jordan@vimium.com";
};
};
};
}

View File

@ -1,57 +0,0 @@
{ config, lib, pkgs, inputs, ... }:
with lib;
let cfg = config.modules.services.photoprism;
in {
options.modules.services.photoprism = {
enable = mkOption {
default = false;
example = true;
};
};
config = mkIf cfg.enable {
services.nginx = {
virtualHosts = {
"gallery.vimium.com" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:${toString config.services.photoprism.port}";
extraConfig = ''
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
'';
};
};
};
};
age.secrets."passwords/services/photoprism/admin" = {
file = "${inputs.secrets}/passwords/services/photoprism/admin.age";
};
services.photoprism = {
enable = true;
address = "localhost";
passwordFile = config.age.secrets."passwords/services/photoprism/admin".path;
originalsPath = "${config.services.photoprism.storagePath}/originals";
settings = {
PHOTOPRISM_APP_NAME = "Vimium Gallery";
PHOTOPRISM_SITE_AUTHOR = "Vimium";
PHOTOPRISM_SITE_TITLE = "Vimium Gallery";
PHOTOPRISM_SITE_CAPTION = "See your photos and videos on gallery.vimium.com";
PHOTOPRISM_DISABLE_TLS = "true";
PHOTOPRISM_SPONSOR = "true";
};
};
};
}