Compare commits

..

56 commits

Author SHA1 Message Date
Leonardo Eugênio 056899d344 configuration: extract nixos config into more files 2024-05-28 00:38:37 -03:00
Leonardo Eugênio 276658b73c kdeconect: update config 2024-05-28 00:38:37 -03:00
Leonardo Eugênio 884e2dcf89 gnome: update autologin config 2024-05-28 00:38:37 -03:00
Leonardo Eugênio 82e5246293 scripts: add pass export script 2024-05-28 00:38:37 -03:00
Leonardo Eugênio ae6354806e qutebrowser: don't install if not the default browser 2024-05-28 00:38:37 -03:00
Leonardo Eugênio 337df8cc99 monolith: disable virtualbox while it's borked 2024-05-28 00:38:37 -03:00
Leonardo Eugênio 6c34b71580 flake: update to 24.05 2024-05-28 00:38:37 -03:00
Leonardo Eugênio 7a5f26cca5 Revert "sshd: disable until xz is secure"
This reverts commit b0d1b2fbff.
2024-05-28 00:38:37 -03:00
Leonardo Eugênio 29e5b92702 sway: don't require rebuilding sway dependencies 2024-05-28 00:38:37 -03:00
Leonardo Eugênio d795d1fc6b sway: set godot windows to floating 2024-05-28 00:38:37 -03:00
Leonardo Eugênio 7232b41cf6 sway: autostart corectrl 2024-05-28 00:38:37 -03:00
Leonardo Eugênio 518f075e79 git: enable lfs 2024-05-28 00:38:37 -03:00
Leonardo Eugênio 92d4323155 update: pass arguments to ./switch 2024-05-28 00:38:37 -03:00
Leonardo Eugênio 952b367f22 monolith: add gpu crash work-around 2024-05-28 00:38:37 -03:00
Leonardo Eugênio 405bbee2bf sway: enable adaptive sync 2024-05-28 00:38:37 -03:00
Leonardo Eugênio 9632aba595 forgejo-runner: update runner token and url 2024-05-28 00:38:37 -03:00
Leonardo Eugênio a7f5a40a43 firefox: add i dont care about cookies 2024-05-28 00:38:37 -03:00
Leonardo Eugênio 56e0f9230e ssh: update hostnames 2024-05-28 00:38:37 -03:00
Leonardo Eugênio e8a24dcbe7 sway: make gaming windows floating by default 2024-05-28 00:38:37 -03:00
Leonardo Eugênio 12d91be692 update 2024-05-28 00:38:37 -03:00
Leonardo Eugênio b2354df152 firefox: add substitoot extension 2024-05-28 00:38:37 -03:00
Leonardo Eugênio 02f6f2c5d9 monolith: enable all features of corectrl 2024-05-28 00:38:37 -03:00
Leonardo Eugênio 4f29961c4c monolith: add forgejo runner 2024-05-28 00:38:37 -03:00
Leonardo Eugênio a2d3fc0667 sshd: disable until xz is secure 2024-05-28 00:38:37 -03:00
Leonardo Eugênio fc60ae8fed sway: add more env vars to dbus activation 2024-05-28 00:38:37 -03:00
Leonardo Eugênio 42b554c87f flake: update lockfile 2024-05-28 00:38:37 -03:00
Leonardo Eugênio 85ec5290d0 syncthing: way for tray 2024-05-28 00:38:37 -03:00
Leonardo Eugênio 9740163109 kdenlive: fix theme 2024-05-28 00:38:37 -03:00
Leonardo Eugênio 01a3efdd1d theme: improve qt theming 2024-05-28 00:38:37 -03:00
Leonardo Eugênio f6d8c5e76b syncthing: enable tray icon 2024-05-28 00:38:37 -03:00
Leonardo Eugênio 07d7f551f9 mangohud: install patch to fix keybind crash 2024-05-28 00:38:37 -03:00
Leonardo Eugênio 51524ccd8a gpg: simplify config 2024-05-28 00:38:37 -03:00
Leonardo Eugênio c26cea6183 update 2024-05-28 00:38:37 -03:00
Leonardo Eugênio 2433d75e85 lsp: replace rnix-lsp with nil 2024-05-28 00:38:37 -03:00
Leonardo Eugênio ea25b5d28e update 2024-05-28 00:38:37 -03:00
Leonardo Eugênio 5c5bff3a65 btop: enable gpu monitoring 2024-05-28 00:38:37 -03:00
Leonardo Eugênio 45448b8102 update 2024-05-28 00:38:37 -03:00
Leonardo Eugênio 80e84121dd kak-lsp: update config to new format 2024-05-28 00:38:37 -03:00
Leonardo Eugênio 13f31c1b8e alacritty: update config 2024-05-28 00:38:37 -03:00
Leonardo Eugênio fad53f2613 update renamed xkb config 2024-05-28 00:38:37 -03:00
Leonardo Eugênio bffb3a75cc update 2024-05-28 00:38:37 -03:00
Leonardo Eugênio 5975c82fd8 update 2024-05-28 00:38:37 -03:00
Leonardo Eugênio 7aa4ccbc7e update 2024-05-28 00:38:37 -03:00
Leonardo Eugênio 6d08d7b0f1 sway: disable adaptive sync 2024-05-28 00:38:37 -03:00
Leonardo Eugênio 83a7ce70b5 update 2024-05-28 00:38:37 -03:00
Leonardo Eugênio 487adbf911 update 2024-05-28 00:38:37 -03:00
Leonardo Eugênio 12cfafeb3e switch to nixpkgs unstable 2024-05-28 00:38:37 -03:00
Leonardo Eugênio 0397a4e166 nginx: redirect syncthing. to .com 2024-05-16 11:19:02 -03:00
lelgenio f8e48e7fa0 nginx: redirect git. to .com 2024-05-15 15:54:04 -03:00
Leonardo Eugênio c40cbf74f3 nginx: add .xyz -> .com redirect 2024-05-14 16:56:09 -03:00
Leonardo Eugênio 2516836026 mastodon: configure noreply email 2024-05-11 22:21:35 -03:00
Leonardo Eugênio 0f10937be8 phantom: move from .xyz to .com 2024-05-11 18:32:26 -03:00
Leonardo Eugênio de26e20ed4 phandom: remove wiki 2024-05-11 18:32:26 -03:00
lelgenio 30ea33079a kak: name clipboard sync hook 2024-05-08 16:28:59 -03:00
Leonardo Eugênio 4f54c31dc5 email: disable ipv6 smtp 2024-05-03 12:32:45 -03:00
Leonardo Eugênio 3c8caa0a17 fixup! switch: don't show git diff pager 2024-05-03 12:32:38 -03:00
14 changed files with 75 additions and 44 deletions

View file

@ -10,12 +10,11 @@
./syncthing.nix ./syncthing.nix
./users.nix ./users.nix
./writefreely.nix ./writefreely.nix
./renawiki.nix
./email.nix ./email.nix
./forgejo.nix ./forgejo.nix
]; ];
services.nginx.virtualHosts."lelgenio.xyz" = { services.nginx.virtualHosts."lelgenio.com" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
root = pkgs.runCommand "www-dir" { } '' root = pkgs.runCommand "www-dir" { } ''
@ -51,7 +50,7 @@
dates = "04:40"; dates = "04:40";
operation = "switch"; operation = "switch";
flags = [ "--update-input" "nixpkgs" "--no-write-lock-file" "-L" ]; flags = [ "--update-input" "nixpkgs" "--no-write-lock-file" "-L" ];
flake = "git+https://git.lelgenio.xyz/lelgenio/nixos-config#phantom"; flake = "git+https://git.lelgenio.com/lelgenio/nixos-config#phantom";
}; };
system.stateVersion = "23.05"; # Never change this system.stateVersion = "23.05"; # Never change this

View file

@ -1,4 +1,4 @@
{ pkgs, inputs, ... }: { { pkgs, inputs, config, ... }: {
# It's important to let Digital Ocean set the hostname so we get rDNS to work # It's important to let Digital Ocean set the hostname so we get rDNS to work
networking.hostName = ""; networking.hostName = "";
@ -8,32 +8,47 @@
mailserver = { mailserver = {
enable = true; enable = true;
fqdn = "lelgenio.xyz"; fqdn = "lelgenio.com";
domains = [ domains = [
"lelgenio.xyz" "lelgenio.xyz"
"git.lelgenio.xyz" "git.lelgenio.xyz"
"lelgenio.com"
"git.lelgenio.com"
"social.lelgenio.com"
]; ];
certificateScheme = "acme-nginx"; certificateScheme = "acme-nginx";
# Create passwords with # Create passwords with
# nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt' # nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
loginAccounts = { loginAccounts = {
"lelgenio@lelgenio.com" = {
hashedPassword = "$2y$05$z5s7QCXcs5uTFsfyYpwNJeWzb3RmzgWxNgcPCr0zjSytkLFF/qZmS";
aliases = [ "postmaster@lelgenio.com" ];
};
"lelgenio@lelgenio.xyz" = { "lelgenio@lelgenio.xyz" = {
hashedPassword = "$2y$05$z5s7QCXcs5uTFsfyYpwNJeWzb3RmzgWxNgcPCr0zjSytkLFF/qZmS"; hashedPassword = "$2y$05$z5s7QCXcs5uTFsfyYpwNJeWzb3RmzgWxNgcPCr0zjSytkLFF/qZmS";
aliases = [ "postmaster@lelgenio.xyz" ]; aliases = [ "postmaster@lelgenio.xyz" ];
}; };
"noreply@git.lelgenio.xyz" = { "noreply@git.lelgenio.com" = {
hashedPassword = "$2b$05$TmR1R7ZwXfec7yrOfeBL7u3ZtyXf0up5dEO6uMWSvb/O7LPEm.j0."; hashedPassword = "$2b$05$TmR1R7ZwXfec7yrOfeBL7u3ZtyXf0up5dEO6uMWSvb/O7LPEm.j0.";
}; };
"noreply@social.lelgenio.com" = {
hashedPassword = "$2b$05$DcA9xMdvHqqQMZw2.zybI.vfKsQAJtaQ/JB.t9AHu6psstWq97m2C";
};
}; };
}; };
# Prefer ipv4 and use main ipv6 to avoid reverse DNS issues
services.postfix.extraConfig = ''
smtp_address_preference = ipv4
'';
# Webmail # Webmail
services.roundcube = rec { services.roundcube = {
enable = true; enable = true;
package = pkgs.roundcube.withPlugins (p: [ p.carddav ]); package = pkgs.roundcube.withPlugins (p: [ p.carddav ]);
hostName = "mail.lelgenio.xyz"; hostName = "mail.lelgenio.com";
extraConfig = '' extraConfig = ''
$config['smtp_host'] = "tls://${hostName}:587"; $config['smtp_host'] = "tls://${config.mailserver.fqdn}:587";
$config['smtp_user'] = "%u"; $config['smtp_user'] = "%u";
$config['smtp_pass'] = "%p"; $config['smtp_pass'] = "%p";
$config['plugins'] = [ "carddav", "archive" ]; $config['plugins'] = [ "carddav", "archive" ];

View file

@ -26,15 +26,15 @@ in
DEFAULT_ACTIONS_URL = "github"; DEFAULT_ACTIONS_URL = "github";
}; };
server = { server = {
DOMAIN = "git.lelgenio.xyz"; DOMAIN = "git.lelgenio.com";
HTTP_PORT = 3000; HTTP_PORT = 3000;
ROOT_URL = "https://${srv.DOMAIN}/"; ROOT_URL = "https://${srv.DOMAIN}/";
}; };
mailer = { mailer = {
ENABLED = true; ENABLED = true;
SMTP_ADDR = "mail.lelgenio.xyz"; SMTP_ADDR = "mail.lelgenio.com";
FROM = "noreply@git.lelgenio.xyz"; FROM = "noreply@git.lelgenio.com";
USER = "noreply@git.lelgenio.xyz"; USER = "noreply@git.lelgenio.com";
}; };
}; };
mailerPasswordFile = config.age.secrets.phantom-forgejo-mailer-password.path; mailerPasswordFile = config.age.secrets.phantom-forgejo-mailer-password.path;

View file

@ -2,10 +2,22 @@
services.mastodon = { services.mastodon = {
enable = true; enable = true;
configureNginx = true; configureNginx = true;
localDomain = "social.lelgenio.xyz"; localDomain = "social.lelgenio.com";
smtp.fromAddress = "lelgenio@disroot.org"; smtp = {
authenticate = true;
host = "lelgenio.com";
fromAddress = "noreply@social.lelgenio.com";
user = "noreply@social.lelgenio.com";
passwordFile = config.age.secrets.phantom-mastodon-mailer-password.path;
};
streamingProcesses = 2; streamingProcesses = 2;
extraConfig.SINGLE_USER_MODE = "true"; extraConfig.SINGLE_USER_MODE = "true";
mediaAutoRemove.olderThanDays = 10; mediaAutoRemove.olderThanDays = 10;
}; };
age.secrets.phantom-mastodon-mailer-password = {
file = ../../secrets/phantom-mastodon-mailer-password.age;
mode = "400";
owner = "mastodon";
};
} }

View file

@ -2,7 +2,7 @@
services.nextcloud = { services.nextcloud = {
enable = true; enable = true;
package = pkgs.nextcloud27; package = pkgs.nextcloud27;
hostName = "cloud.lelgenio.xyz"; hostName = "cloud.lelgenio.com";
https = true; https = true;
config = { config = {
adminpassFile = config.age.secrets.phantom-nextcloud.path; adminpassFile = config.age.secrets.phantom-nextcloud.path;

View file

@ -1,10 +1,23 @@
{ config, pkgs, inputs, ... }: { { config, pkgs, lib, ... }: {
services.nginx = { services.nginx = {
enable = true; enable = true;
recommendedProxySettings = true; recommendedProxySettings = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
}; };
# Redirect *lelgenio.xyz -> *lelgenio.com
services.nginx.virtualHosts = lib.mapAttrs'
(key: value: lib.nameValuePair "${key}lelgenio.xyz" value)
(
lib.genAttrs [ "" "social." "blog." "cloud." "mail." "git." "syncthing." ] (name: {
enableACME = true;
forceSSL = true;
locations."/".return = "301 $scheme://${name}lelgenio.com$request_uri";
})
);
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
defaults.email = "lelgenio@disroot.org"; defaults.email = "lelgenio@disroot.org";

View file

@ -1,23 +0,0 @@
{ config, pkgs, inputs, ... }: {
services.mediawiki = {
enable = true;
name = "Rena Wiki";
webserver = "nginx";
nginx.hostName = "renawiki.lelgenio.xyz";
passwordFile = config.age.secrets.phantom-renawiki.path;
extensions.VisualEditor = null;
};
services.nginx.virtualHosts."renawiki.lelgenio.xyz" = {
enableACME = true;
forceSSL = true;
};
age.secrets.phantom-renawiki = {
file = ../../secrets/phantom-renawiki.age;
mode = "400";
owner = "mediawiki";
};
}

View file

@ -7,7 +7,7 @@
openDefaultPorts = true; openDefaultPorts = true;
}; };
services.nginx.virtualHosts."syncthing.lelgenio.xyz" = { services.nginx.virtualHosts."syncthing.lelgenio.com" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {

View file

@ -4,7 +4,7 @@
acme.enable = true; acme.enable = true;
nginx.enable = true; nginx.enable = true;
nginx.forceSSL = true; nginx.forceSSL = true;
host = "blog.lelgenio.xyz"; host = "blog.lelgenio.com";
admin.name = "lelgenio"; admin.name = "lelgenio";
admin.initialPasswordFile = config.age.secrets.phantom-writefreely.path; admin.initialPasswordFile = config.age.secrets.phantom-writefreely.path;
settings.app = { settings.app = {

View file

@ -0,0 +1,13 @@
age-encryption.org/v1
-> ssh-rsa BwwxHg
Mnc+/tJ0QqxHkg2nl9gEkz5Oj1RgxtOZnD5gRv66ISUOqZhNm1+F+xVEdKn843/q
/WzH0f1cTF9NXP8vIaEo//bMmp50obJAd+JNovJxV+0gb9L55Nu7ayvK+eyk6j5n
eb8TxUnwh5BPkEyc6akDh/O49GXzLlVoFD6Ik/0f3YCqUDNAYOl2bsssXtevCeK/
WEPoCFGhZfNUrOo/0eAhiujZZ5zVb0CWNqXi8VTe2eWOE20VJULcN13TEyO3ZePx
bAPBmDfS5GgGlV4INWxVLaIMDrzlm0tYozbBNNUbdLFFOhIOrgvay9RWxdk0u2hJ
MPKoKsJ96EFxrbZJdS0W7a+aZk/Q3A3Civ2rtPx+5UANhmlY8e1lUHa26e1vA4K7
ApoMtDyCbuZ9FbLurwl9zO64wWP68aKzuyKOIw+wpy41NQ/PcViSY8KNG9Pt7A2N
CcOkByx+rwz+JdNHbOF8O4FFG4fNSWn7SvVtu5ymGgVi1bOd8PdJpjDR+6Is0SX7
--- DHNyITb7ZseEV58MOD/zHeH5vff0hhlbKg27rlYECGk
ÆJ…¨Úãè·<hUs/¿ïš}ó´Zi`ˆ JŸ°z5ùÃgõãŸ%€ì‡`¤º%/˜‚±<01>ˆ„á-Î<x—íõÉ’|

View file

@ -12,4 +12,5 @@ in
"phantom-writefreely.age".publicKeys = [ main_ssh_public_key ]; "phantom-writefreely.age".publicKeys = [ main_ssh_public_key ];
"phantom-renawiki.age".publicKeys = [ main_ssh_public_key ]; "phantom-renawiki.age".publicKeys = [ main_ssh_public_key ];
"phantom-forgejo-mailer-password.age".publicKeys = [ main_ssh_public_key ]; "phantom-forgejo-mailer-password.age".publicKeys = [ main_ssh_public_key ];
"phantom-mastodon-mailer-password.age".publicKeys = [ main_ssh_public_key ];
} }

View file

@ -2,7 +2,7 @@
nix fmt nix fmt
git diff git --no-pager diff
nixos-rebuild switch --flake .#phantom \ nixos-rebuild switch --flake .#phantom \
--update-input nixpkgs \ --update-input nixpkgs \

View file

@ -17,6 +17,7 @@ in
# enable sway window manager # enable sway window manager
programs.sway = { programs.sway = {
enable = true; enable = true;
package = pkgs.mySway;
wrapperFeatures.gtk = true; wrapperFeatures.gtk = true;
}; };

View file

@ -47,7 +47,7 @@ hook global BufOpenFile .*/COMMIT_EDITMSG %{
hook global RegisterModified '"' %{ nop %sh{ { hook global RegisterModified '"' %{ nop %sh{ {
printf %s "$kak_reg_dquote" | wl-copy -n printf %s "$kak_reg_dquote" | wl-copy -n
printf %s "$kak_reg_dquote" | xclip -i -selection clipboard printf %s "$kak_reg_dquote" | xclip -i -selection clipboard
} > /dev/null 2>&1 < /dev/null & }} } > /dev/null 2>&1 < /dev/null & }} -group sync-clipboard
# Trim trailing whitespace # Trim trailing whitespace
hook global BufWritePre .* %{ try %{ hook global BufWritePre .* %{ try %{