Compare commits

..

47 commits

Author SHA1 Message Date
Leonardo Eugênio 93bff2ab45 configuration: extract nixos config into more files 2024-05-27 15:52:16 -03:00
Leonardo Eugênio 18138295c7 kdeconect: update config 2024-05-27 11:52:17 -03:00
Leonardo Eugênio 019580240d gnome: update autologin config 2024-05-27 09:44:01 -03:00
Leonardo Eugênio 44772b3063 scripts: add pass export script 2024-05-27 00:10:11 -03:00
Leonardo Eugênio 68b627fbfb qutebrowser: don't install if not the default browser 2024-05-25 19:44:10 -03:00
Leonardo Eugênio af640e2ba5 monolith: disable virtualbox while it's borked 2024-05-25 19:43:52 -03:00
Leonardo Eugênio 61b94b8229 flake: update to 24.05 2024-05-25 19:43:34 -03:00
Leonardo Eugênio 49d373ee4d Revert "sshd: disable until xz is secure"
This reverts commit b0d1b2fbff.
2024-05-25 18:58:28 -03:00
Leonardo Eugênio 3ac56e531d sway: don't require rebuilding sway dependencies 2024-05-25 13:38:40 -03:00
Leonardo Eugênio efc00f040a sway: set godot windows to floating 2024-05-25 01:04:19 -03:00
Leonardo Eugênio 3bf0342357 sway: autostart corectrl 2024-05-25 01:04:09 -03:00
Leonardo Eugênio ca1b4055bd git: enable lfs 2024-05-25 01:03:51 -03:00
Leonardo Eugênio 3b285cafa6 update: pass arguments to ./switch 2024-05-19 15:58:51 -03:00
Leonardo Eugênio bcb1cdf3b7 monolith: add gpu crash work-around 2024-05-19 01:10:31 -03:00
Leonardo Eugênio c4c9bf9099 sway: enable adaptive sync 2024-05-19 01:10:21 -03:00
Leonardo Eugênio 7e8aa89ad3 forgejo-runner: update runner token and url 2024-05-16 01:17:57 -03:00
Leonardo Eugênio 794e72fc6b firefox: add i dont care about cookies 2024-05-15 12:46:54 -03:00
Leonardo Eugênio 0f72d959fa ssh: update hostnames 2024-05-15 12:46:38 -03:00
Leonardo Eugênio cf2e2d6d39 sway: make gaming windows floating by default 2024-05-11 18:45:55 -03:00
Leonardo Eugênio 3e8cd7ad57 update 2024-05-10 19:49:00 -03:00
Leonardo Eugênio bef0b2e702 firefox: add substitoot extension 2024-05-10 17:29:11 -03:00
Leonardo Eugênio fa7d2136ec monolith: enable all features of corectrl 2024-05-01 15:53:07 -03:00
Leonardo Eugênio 9bfd9503b6 monolith: add forgejo runner 2024-04-29 11:36:26 -03:00
Leonardo Eugênio b0d1b2fbff sshd: disable until xz is secure 2024-04-29 11:36:26 -03:00
Leonardo Eugênio 71bbb84e20 sway: add more env vars to dbus activation 2024-04-29 11:36:26 -03:00
Leonardo Eugênio 9b397bc4ce flake: update lockfile 2024-04-29 11:36:26 -03:00
Leonardo Eugênio 155a809144 syncthing: way for tray 2024-04-29 11:36:26 -03:00
Leonardo Eugênio e08a1bb257 kdenlive: fix theme 2024-04-29 11:36:26 -03:00
Leonardo Eugênio 4c16219ecc theme: improve qt theming 2024-04-29 11:36:26 -03:00
Leonardo Eugênio a5ffa3a184 syncthing: enable tray icon 2024-04-29 11:36:26 -03:00
Leonardo Eugênio 6e296dc684 mangohud: install patch to fix keybind crash 2024-04-29 11:36:26 -03:00
Leonardo Eugênio d3bb6e1870 gpg: simplify config 2024-04-29 11:36:26 -03:00
Leonardo Eugênio 6a3e3a671b update 2024-04-29 11:36:26 -03:00
Leonardo Eugênio 2402e69144 lsp: replace rnix-lsp with nil 2024-04-29 11:36:26 -03:00
Leonardo Eugênio 181fac91dc update 2024-04-29 11:36:26 -03:00
Leonardo Eugênio 1a2a768045 btop: enable gpu monitoring 2024-04-29 11:36:26 -03:00
Leonardo Eugênio e22633ae07 update 2024-04-29 11:36:26 -03:00
Leonardo Eugênio ab1a7baf65 kak-lsp: update config to new format 2024-04-29 11:36:26 -03:00
Leonardo Eugênio bff15c521c alacritty: update config 2024-04-29 11:36:26 -03:00
Leonardo Eugênio c720dfb6d8 update renamed xkb config 2024-04-29 11:36:26 -03:00
Leonardo Eugênio 2b413406bf update 2024-04-29 11:36:26 -03:00
Leonardo Eugênio 2f91c49f6d update 2024-04-29 11:36:26 -03:00
Leonardo Eugênio a91bddc712 update 2024-04-29 11:36:26 -03:00
Leonardo Eugênio 1204b61de4 sway: disable adaptive sync 2024-04-29 11:36:26 -03:00
Leonardo Eugênio 7d1709e598 update 2024-04-29 11:36:26 -03:00
Leonardo Eugênio 65ffe202ae update 2024-04-29 11:36:26 -03:00
Leonardo Eugênio d17d87f66f switch to nixpkgs unstable 2024-04-29 11:36:26 -03:00
14 changed files with 44 additions and 75 deletions

View file

@ -10,11 +10,12 @@
./syncthing.nix ./syncthing.nix
./users.nix ./users.nix
./writefreely.nix ./writefreely.nix
./renawiki.nix
./email.nix ./email.nix
./forgejo.nix ./forgejo.nix
]; ];
services.nginx.virtualHosts."lelgenio.com" = { services.nginx.virtualHosts."lelgenio.xyz" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
root = pkgs.runCommand "www-dir" { } '' root = pkgs.runCommand "www-dir" { } ''
@ -50,7 +51,7 @@
dates = "04:40"; dates = "04:40";
operation = "switch"; operation = "switch";
flags = [ "--update-input" "nixpkgs" "--no-write-lock-file" "-L" ]; flags = [ "--update-input" "nixpkgs" "--no-write-lock-file" "-L" ];
flake = "git+https://git.lelgenio.com/lelgenio/nixos-config#phantom"; flake = "git+https://git.lelgenio.xyz/lelgenio/nixos-config#phantom";
}; };
system.stateVersion = "23.05"; # Never change this system.stateVersion = "23.05"; # Never change this

View file

@ -1,4 +1,4 @@
{ pkgs, inputs, config, ... }: { { pkgs, inputs, ... }: {
# It's important to let Digital Ocean set the hostname so we get rDNS to work # It's important to let Digital Ocean set the hostname so we get rDNS to work
networking.hostName = ""; networking.hostName = "";
@ -8,47 +8,32 @@
mailserver = { mailserver = {
enable = true; enable = true;
fqdn = "lelgenio.com"; fqdn = "lelgenio.xyz";
domains = [ domains = [
"lelgenio.xyz" "lelgenio.xyz"
"git.lelgenio.xyz" "git.lelgenio.xyz"
"lelgenio.com"
"git.lelgenio.com"
"social.lelgenio.com"
]; ];
certificateScheme = "acme-nginx"; certificateScheme = "acme-nginx";
# Create passwords with # Create passwords with
# nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt' # nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
loginAccounts = { loginAccounts = {
"lelgenio@lelgenio.com" = {
hashedPassword = "$2y$05$z5s7QCXcs5uTFsfyYpwNJeWzb3RmzgWxNgcPCr0zjSytkLFF/qZmS";
aliases = [ "postmaster@lelgenio.com" ];
};
"lelgenio@lelgenio.xyz" = { "lelgenio@lelgenio.xyz" = {
hashedPassword = "$2y$05$z5s7QCXcs5uTFsfyYpwNJeWzb3RmzgWxNgcPCr0zjSytkLFF/qZmS"; hashedPassword = "$2y$05$z5s7QCXcs5uTFsfyYpwNJeWzb3RmzgWxNgcPCr0zjSytkLFF/qZmS";
aliases = [ "postmaster@lelgenio.xyz" ]; aliases = [ "postmaster@lelgenio.xyz" ];
}; };
"noreply@git.lelgenio.com" = { "noreply@git.lelgenio.xyz" = {
hashedPassword = "$2b$05$TmR1R7ZwXfec7yrOfeBL7u3ZtyXf0up5dEO6uMWSvb/O7LPEm.j0."; hashedPassword = "$2b$05$TmR1R7ZwXfec7yrOfeBL7u3ZtyXf0up5dEO6uMWSvb/O7LPEm.j0.";
}; };
"noreply@social.lelgenio.com" = {
hashedPassword = "$2b$05$DcA9xMdvHqqQMZw2.zybI.vfKsQAJtaQ/JB.t9AHu6psstWq97m2C";
}; };
}; };
};
# Prefer ipv4 and use main ipv6 to avoid reverse DNS issues
services.postfix.extraConfig = ''
smtp_address_preference = ipv4
'';
# Webmail # Webmail
services.roundcube = { services.roundcube = rec {
enable = true; enable = true;
package = pkgs.roundcube.withPlugins (p: [ p.carddav ]); package = pkgs.roundcube.withPlugins (p: [ p.carddav ]);
hostName = "mail.lelgenio.com"; hostName = "mail.lelgenio.xyz";
extraConfig = '' extraConfig = ''
$config['smtp_host'] = "tls://${config.mailserver.fqdn}:587"; $config['smtp_host'] = "tls://${hostName}:587";
$config['smtp_user'] = "%u"; $config['smtp_user'] = "%u";
$config['smtp_pass'] = "%p"; $config['smtp_pass'] = "%p";
$config['plugins'] = [ "carddav", "archive" ]; $config['plugins'] = [ "carddav", "archive" ];

View file

@ -26,15 +26,15 @@ in
DEFAULT_ACTIONS_URL = "github"; DEFAULT_ACTIONS_URL = "github";
}; };
server = { server = {
DOMAIN = "git.lelgenio.com"; DOMAIN = "git.lelgenio.xyz";
HTTP_PORT = 3000; HTTP_PORT = 3000;
ROOT_URL = "https://${srv.DOMAIN}/"; ROOT_URL = "https://${srv.DOMAIN}/";
}; };
mailer = { mailer = {
ENABLED = true; ENABLED = true;
SMTP_ADDR = "mail.lelgenio.com"; SMTP_ADDR = "mail.lelgenio.xyz";
FROM = "noreply@git.lelgenio.com"; FROM = "noreply@git.lelgenio.xyz";
USER = "noreply@git.lelgenio.com"; USER = "noreply@git.lelgenio.xyz";
}; };
}; };
mailerPasswordFile = config.age.secrets.phantom-forgejo-mailer-password.path; mailerPasswordFile = config.age.secrets.phantom-forgejo-mailer-password.path;

View file

@ -2,22 +2,10 @@
services.mastodon = { services.mastodon = {
enable = true; enable = true;
configureNginx = true; configureNginx = true;
localDomain = "social.lelgenio.com"; localDomain = "social.lelgenio.xyz";
smtp = { smtp.fromAddress = "lelgenio@disroot.org";
authenticate = true;
host = "lelgenio.com";
fromAddress = "noreply@social.lelgenio.com";
user = "noreply@social.lelgenio.com";
passwordFile = config.age.secrets.phantom-mastodon-mailer-password.path;
};
streamingProcesses = 2; streamingProcesses = 2;
extraConfig.SINGLE_USER_MODE = "true"; extraConfig.SINGLE_USER_MODE = "true";
mediaAutoRemove.olderThanDays = 10; mediaAutoRemove.olderThanDays = 10;
}; };
age.secrets.phantom-mastodon-mailer-password = {
file = ../../secrets/phantom-mastodon-mailer-password.age;
mode = "400";
owner = "mastodon";
};
} }

View file

@ -2,7 +2,7 @@
services.nextcloud = { services.nextcloud = {
enable = true; enable = true;
package = pkgs.nextcloud27; package = pkgs.nextcloud27;
hostName = "cloud.lelgenio.com"; hostName = "cloud.lelgenio.xyz";
https = true; https = true;
config = { config = {
adminpassFile = config.age.secrets.phantom-nextcloud.path; adminpassFile = config.age.secrets.phantom-nextcloud.path;

View file

@ -1,23 +1,10 @@
{ config, pkgs, lib, ... }: { { config, pkgs, inputs, ... }: {
services.nginx = { services.nginx = {
enable = true; enable = true;
recommendedProxySettings = true; recommendedProxySettings = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
}; };
# Redirect *lelgenio.xyz -> *lelgenio.com
services.nginx.virtualHosts = lib.mapAttrs'
(key: value: lib.nameValuePair "${key}lelgenio.xyz" value)
(
lib.genAttrs [ "" "social." "blog." "cloud." "mail." "git." "syncthing." ] (name: {
enableACME = true;
forceSSL = true;
locations."/".return = "301 $scheme://${name}lelgenio.com$request_uri";
})
);
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
defaults.email = "lelgenio@disroot.org"; defaults.email = "lelgenio@disroot.org";

View file

@ -0,0 +1,23 @@
{ config, pkgs, inputs, ... }: {
services.mediawiki = {
enable = true;
name = "Rena Wiki";
webserver = "nginx";
nginx.hostName = "renawiki.lelgenio.xyz";
passwordFile = config.age.secrets.phantom-renawiki.path;
extensions.VisualEditor = null;
};
services.nginx.virtualHosts."renawiki.lelgenio.xyz" = {
enableACME = true;
forceSSL = true;
};
age.secrets.phantom-renawiki = {
file = ../../secrets/phantom-renawiki.age;
mode = "400";
owner = "mediawiki";
};
}

View file

@ -7,7 +7,7 @@
openDefaultPorts = true; openDefaultPorts = true;
}; };
services.nginx.virtualHosts."syncthing.lelgenio.com" = { services.nginx.virtualHosts."syncthing.lelgenio.xyz" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {

View file

@ -4,7 +4,7 @@
acme.enable = true; acme.enable = true;
nginx.enable = true; nginx.enable = true;
nginx.forceSSL = true; nginx.forceSSL = true;
host = "blog.lelgenio.com"; host = "blog.lelgenio.xyz";
admin.name = "lelgenio"; admin.name = "lelgenio";
admin.initialPasswordFile = config.age.secrets.phantom-writefreely.path; admin.initialPasswordFile = config.age.secrets.phantom-writefreely.path;
settings.app = { settings.app = {

View file

@ -1,13 +0,0 @@
age-encryption.org/v1
-> ssh-rsa BwwxHg
Mnc+/tJ0QqxHkg2nl9gEkz5Oj1RgxtOZnD5gRv66ISUOqZhNm1+F+xVEdKn843/q
/WzH0f1cTF9NXP8vIaEo//bMmp50obJAd+JNovJxV+0gb9L55Nu7ayvK+eyk6j5n
eb8TxUnwh5BPkEyc6akDh/O49GXzLlVoFD6Ik/0f3YCqUDNAYOl2bsssXtevCeK/
WEPoCFGhZfNUrOo/0eAhiujZZ5zVb0CWNqXi8VTe2eWOE20VJULcN13TEyO3ZePx
bAPBmDfS5GgGlV4INWxVLaIMDrzlm0tYozbBNNUbdLFFOhIOrgvay9RWxdk0u2hJ
MPKoKsJ96EFxrbZJdS0W7a+aZk/Q3A3Civ2rtPx+5UANhmlY8e1lUHa26e1vA4K7
ApoMtDyCbuZ9FbLurwl9zO64wWP68aKzuyKOIw+wpy41NQ/PcViSY8KNG9Pt7A2N
CcOkByx+rwz+JdNHbOF8O4FFG4fNSWn7SvVtu5ymGgVi1bOd8PdJpjDR+6Is0SX7
--- DHNyITb7ZseEV58MOD/zHeH5vff0hhlbKg27rlYECGk
ÆJ…¨Úãè·<hUs/¿ïš}ó´Zi`ˆ JŸ°z5ùÃgõãŸ%€ì‡`¤º%/˜‚±<01>ˆ„á-Î<x—íõÉ’|

View file

@ -12,5 +12,4 @@ in
"phantom-writefreely.age".publicKeys = [ main_ssh_public_key ]; "phantom-writefreely.age".publicKeys = [ main_ssh_public_key ];
"phantom-renawiki.age".publicKeys = [ main_ssh_public_key ]; "phantom-renawiki.age".publicKeys = [ main_ssh_public_key ];
"phantom-forgejo-mailer-password.age".publicKeys = [ main_ssh_public_key ]; "phantom-forgejo-mailer-password.age".publicKeys = [ main_ssh_public_key ];
"phantom-mastodon-mailer-password.age".publicKeys = [ main_ssh_public_key ];
} }

View file

@ -2,7 +2,7 @@
nix fmt nix fmt
git --no-pager diff git diff
nixos-rebuild switch --flake .#phantom \ nixos-rebuild switch --flake .#phantom \
--update-input nixpkgs \ --update-input nixpkgs \

View file

@ -17,7 +17,6 @@ in
# enable sway window manager # enable sway window manager
programs.sway = { programs.sway = {
enable = true; enable = true;
package = pkgs.mySway;
wrapperFeatures.gtk = true; wrapperFeatures.gtk = true;
}; };

View file

@ -47,7 +47,7 @@ hook global BufOpenFile .*/COMMIT_EDITMSG %{
hook global RegisterModified '"' %{ nop %sh{ { hook global RegisterModified '"' %{ nop %sh{ {
printf %s "$kak_reg_dquote" | wl-copy -n printf %s "$kak_reg_dquote" | wl-copy -n
printf %s "$kak_reg_dquote" | xclip -i -selection clipboard printf %s "$kak_reg_dquote" | xclip -i -selection clipboard
} > /dev/null 2>&1 < /dev/null & }} -group sync-clipboard } > /dev/null 2>&1 < /dev/null & }}
# Trim trailing whitespace # Trim trailing whitespace
hook global BufWritePre .* %{ try %{ hook global BufWritePre .* %{ try %{