darkkirb/nixos-config
1
0
Fork 0
Code Issues 1 Pull requests 2 Projects Releases Packages Wiki Activity Actions

Merge pull request 'Update flake' (#48) from update-flake into main

Browse source 
Reviewed-on: #48
This commit is contained in:
Charlotte 🦝 Delenk 2023-05-22 13:26:46 +00:00
commit 09915da84a
Signed by: gitea-bot
GPG key ID: C9974EDF9932B558
27 changed files with 1054 additions and 398 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
config/default.nix
View file

@ -95,4 +95,8 @@
"nas.int.chir.rs".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDhao1I1Kd1gK5bERUdjMxP9yHDrSHYZsTN2TcSk0K/U";
"backup.int.chir.rs".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDhao1I1Kd1gK5bERUdjMxP9yHDrSHYZsTN2TcSk0K/U";
};
nixpkgs.config.permittedInsecurePackages = [
"openssl-1.1.1t" # used by cinny
];
}

5
config/desktop.nix
View file

@ -142,4 +142,9 @@ in {
"i686-linux"
]
else [];
virtualisation = {
waydroid.enable = true;
lxd.enable = true;
};
}

3
config/games/default.nix
View file

@ -5,9 +5,6 @@ args: {
}: let
x86_64-linux-pkgs = import nixpkgs {system = "x86_64-linux";};
in {
imports = [
(import ./grapejuice.nix args)
];
home.packages = [
x86_64-linux-pkgs.wineWowPackages.staging
pkgs.prismlauncher

59
config/games/grapejuice.nix
View file

@ -1,59 +0,0 @@
args: {
lib,
config,
pkgs,
nixpkgs,
...
}: let
x86_64-linux-pkgs = import nixpkgs {system = "x86_64-linux";};
grapejuice_config = {
__version__ = 2;
__hardware_profiles__ = null;
show_fast_flag_warning = true;
no_daemon_mode = true;
release_channel = "master";
disable_updates = false;
ignore_wine_version = false;
try_profiling_hardware = false;
wineprefixes = [
{
id = "ec33b6a3-8b44-4179-baec-54cb5bc888cb";
priority = 0;
name_on_disk = "player";
display_name = "Player";
wine_home = "${x86_64-linux-pkgs.wineWowPackages.staging}";
dll_overrides = "dxdiagn=;winemenubuilder.exe=";
prime_offload_sink = -1;
use_mesa_gl_override = false;
enable_winedebug = false;
winedebug_string = "";
roblox_renderer = "OpenGL";
env = {};
hints = [
"player"
"app"
];
fast_flags = {
roblox_studio = {};
roblox_player = {};
roblox_app = {};
};
third_party = {
fps_unlocker = false;
dxvk = false;
};
}
];
};
grapejuiceJson = pkgs.writeText "grapejuice.json" (builtins.toJSON grapejuice_config);
in {
home.packages = [
x86_64-linux-pkgs.grapejuice
];
home.activation.grapejuiceSettings = lib.hm.dag.entryAfter ["writeBoundary"] ''
$DRY_RUN_CMD mkdir $VERBOSE_ARG -p $HOME/.config/brinkervii/grapejuice
$DRY_RUN_CMD rm $VERBOSE_ARG -f $HOME/.config/brinkervii/grapejuice/user_settings.json
$DRY_RUN_CMD cp $VERBOSE_ARG ${grapejuiceJson} $HOME/.config/brinkervii/grapejuice/user_settings.json
$DRY_RUN_CMD chmod +w $VERBOSE_ARG $HOME/.config/brinkervii/grapejuice/user_settings.json
'';
}

1
config/home-manager/darkkirb.nix
View file

@ -27,6 +27,7 @@
../programs/keybase.nix
../programs/keepass.nix
../programs/kicad.nix
../programs/vscode
../programs/misc.nix
../programs/kitty.nix
../programs/zk.nix

2
config/instance-20221213-1915.nix
View file

@ -1,6 +1,5 @@
{
config,
pkgs,
lib,
modulesPath,
...
@ -25,6 +24,7 @@
./services/mautrix-telegram.nix
./services/mautrix-whatsapp.nix
./services/mautrix-signal.nix
./services/kubo.nix
];
boot.initrd.availableKernelModules = ["xhci_pci" "virtio_pci" "usbhid"];

57
config/nas.nix
View file

@ -33,54 +33,45 @@
];
hardware.cpu.amd.updateMicrocode = true;
boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usb_storage" "sd_mod"];
boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usb_storage" "sd_mod" "bcache"];
boot.initrd.kernelModules = ["igb"];
boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = [
config.boot.kernelPackages.zenpower
];
services.btrfs.autoScrub = {
enable = true;
fileSystems = ["/"];
};
services.snapper.configs.main = {
SUBVOLUME = "/";
TIMELINE_LIMIT_HOURLY = "5";
TIMELINE_LIMIT_DAILY = "7";
TIMELINE_LIMIT_WEEKLY = "4";
TIMELINE_LIMIT_MONTHLY = "12";
TIMELINE_LIMIT_YEARLY = "0";
};
services.beesd.filesystems.root = {
spec = "LABEL=root";
hashTableSizeMB = 2048;
verbosity = "crit";
extraOptions = ["--loadavg-target" "5.0"];
};
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_testing_bcachefs;
boot.supportedFilesystems = lib.mkForce ["bcachefs" "vfat"];
boot.supportedFilesystems = lib.mkForce ["btrfs" "vfat"];
fileSystems."/" = {
device = "/dev/nvme0n1p2:/dev/sda1:/dev/sdb1:/dev/sdc1";
fsType = "bcachefs";
device = "/dev/bcache0";
fsType = "btrfs";
};
fileSystems."/boot" = {
device = "/dev/nvme0n1p1";
fsType = "vfat";
};
fileSystems."/boot1" = {
device = "/dev/disk/by-partuuid/b50f9cff-552d-4c6e-bda2-104723ee638e";
fsType = "vfat";
};
fileSystems."/boot2" = {
device = "/dev/disk/by-partuuid/6f365c6a-63a2-4fb9-976b-ec9e04c9cb13";
fsType = "vfat";
};
fileSystems."/boot3" = {
device = "/dev/disk/by-partuuid/324146ea-edb6-4f2e-b260-af8eddfb1eca";
fsType = "vfat";
};
/*
swapDevices = [
{
device = "/dev/disk/by-partuuid/3b652a7e-a550-4342-a0d7-d2ae47b3e9d1";
randomEncryption = true;
}
{
device = "/dev/disk/by-partuuid/59de36d4-6613-4b50-9643-8824e9a9b1f9";
randomEncryption = true;
}
{
device = "/dev/disk/by-partuuid/f6260d75-2b96-4f55-ba0f-050c58b84b78";
randomEncryption = true;
}
];
*/
networking.interfaces.br0 = {
ipv4 = {
addresses = [
@ -109,7 +100,6 @@
nix.settings.cores = 12;
boot.binfmt.emulatedSystems = [
"armv7l-linux"
"aarch64-linux"
"powerpc-linux"
"powerpc64-linux"
"powerpc64le-linux"
@ -173,4 +163,5 @@
};
services.tailscale.useRoutingFeatures = "both";
hardware.sane.brscan4.enable = true;
system.autoUpgrade.allowReboot = true;
}

97
config/nix.nix
View file

@ -52,51 +52,58 @@ in {
dates = "weekly";
options = "--delete-older-than 7d";
};
buildMachines = [
{
hostName = "build-nas";
systems = [
"armv7l-linux"
"powerpc-linux"
"powerpc64-linux"
"powerpc64le-linux"
"riscv32-linux"
"riscv64-linux"
"wasm32-wasi"
"x86_64-linux"
"i686-linux"
];
maxJobs = 12;
speedFactor = 1;
supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark" "gccarch-znver1" "gccarch-skylake" "ca-derivations"];
}
{
hostName = "build-pc";
systems = [
"armv7l-linux"
"powerpc-linux"
"powerpc64-linux"
"powerpc64le-linux"
"riscv32-linux"
"riscv64-linux"
"wasm32-wasi"
"x86_64-linux"
"i686-linux"
];
maxJobs = 16;
speedFactor = 2;
supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark" "gccarch-znver2" "gccarch-znver1" "gccarch-skylake" "ca-derivations"];
}
{
hostName = "build-aarch64";
systems = [
"aarch64-linux"
];
maxJobs = 4;
speedFactor = 1;
supportedFeatures = ["nixos-test" "benchmark" "ca-derivations" "gccarch-armv8-a" "gccarch-armv8.1-a" "gccarch-armv8.2-a" "big-parallel"];
}
];
buildMachines = with lib;
mkMerge [
(mkIf (config.networking.hostName != "nas") [
{
hostName = "build-nas";
systems = [
"armv7l-linux"
"powerpc-linux"
"powerpc64-linux"
"powerpc64le-linux"
"riscv32-linux"
"riscv64-linux"
"wasm32-wasi"
"x86_64-linux"
"i686-linux"
];
maxJobs = 12;
speedFactor = 1;
supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark" "gccarch-znver1" "gccarch-skylake" "ca-derivations"];
}
])
(mkIf (config.networking.hostName != "nutty-noon") [
{
hostName = "build-pc";
systems = [
"armv7l-linux"
"powerpc-linux"
"powerpc64-linux"
"powerpc64le-linux"
"riscv32-linux"
"riscv64-linux"
"wasm32-wasi"
"x86_64-linux"
"i686-linux"
];
maxJobs = 16;
speedFactor = 2;
supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark" "gccarch-znver2" "gccarch-znver1" "gccarch-skylake" "ca-derivations"];
}
])
(mkIf (config.networking.hostName != "instance-20221213-1915") [
{
hostName = "build-aarch64";
systems = [
"aarch64-linux"
];
maxJobs = 4;
speedFactor = 1;
supportedFeatures = ["nixos-test" "benchmark" "ca-derivations" "gccarch-armv8-a" "gccarch-armv8.1-a" "gccarch-armv8.2-a" "big-parallel"];
}
])
];
distributedBuilds = true;
};
system.autoUpgrade = {

3
config/nixos-8gb-fsn1-1.nix
View file

@ -1,6 +1,4 @@
{
config,
pkgs,
lib,
modulesPath,
...
@ -33,6 +31,7 @@
./services/chir.rs
./services/atticd.nix
./services/wordpress.nix
./services/initrd-ssh.nix
];
boot.initrd.availableKernelModules = ["ata_piix" "virtio_pci" "virtio_scsi" "xhci_pci" "sd_mod" "sr_mod"];

23
config/programs/ims.nix
View file

@ -1,26 +1,5 @@
{
config,
pkgs,
lib,
nixpkgs,
...
}: let
x86_64-linux-pkgs = import nixpkgs {
system = "x86_64-linux";
config.allowUnfree = true;
};
firefox-wrapped = x86_64-linux-pkgs.firefox; #config.programs.firefox.package;
firefox = firefox-wrapped.unwrapped;
nss = pkgs.lib.lists.findFirst (x: x.pname or x.name == "nss") null firefox.buildInputs;
in {
{pkgs, ...}: {
home.packages = with pkgs; [
(x86_64-linux-pkgs.discord.override {inherit nss;})
tdesktop
element-desktop
nheko
cinny-desktop
];
home.activation.betterDiscord = lib.hm.dag.entryAfter ["writeBoundary"] ''
$DRY_RUN_CMD ${pkgs.betterdiscordctl}/bin/betterdiscordctl install $VERBOSE_ARG || true
'';
}

31
config/programs/theming.nix
View file

@ -471,4 +471,35 @@ in {
color sidebar_new color10 default # Mailboxes with new mail are Green
'';
home.file.".local/share/mc/skins/catppuccin.ini".source = ../../extra/mc-catppuccin.ini;
programs.vscode.userSettings = {
"catppuccin.colorOverrides".all = {
rosewater = color 1;
flamingo = color 2;
pink = color 3;
mauve = color 4;
red = color 5;
maroon = color 6;
peach = color 7;
yellow = color 8;
green = color 9;
teal = color 10;
sky = color 11;
sapphire = color 12;
blue = color 13;
lavender = color 14;
text = color 15;
base = color 0;
surface0 = color 0;
surface1 = color 0;
surface2 = color 0;
mantle = color 0;
crust = color 0;
};
"catppuccin.customUIColors".all = {
"editor.selectionBackground" = "rosewater";
"editor.selectionHighlightBackground" = "rosewater";
};
"glassit.alpha" = 220;
"glassit.force_sway" = true;
};
}

291
config/programs/vscode/default.nix Normal file
View file

@ -0,0 +1,291 @@
{
pkgs,
nixpkgs,
lib,
...
}: let
x86_64-linux-pkgs = import nixpkgs {
system = "x86_64-linux";
config.allowUnfree = true;
};
in {
home.activation.vscode-server = lib.hm.dag.entryAfter ["write-boundary"] ''
if test -f ~/.vscode-server; then
if test -f "~/.vscode/extensions"; then
if ! test -L "~/.vscode-server/extensions"; then
$DRY_RUN_CMD ln -s $VERBOSE_ARG ~/.vscode/extensions ~/.vscode-server/
fi
fi
if test -f "~/vscode-server/bin"; then
for f in ~/.vscode-server/bin/*/node; do
if ! test -L $f; then
$DRY_RUN_CMD ln -sf $VERBOSE_ARG ${pkgs.nodejs}/bin/node $f
fi
done
fi
fi
'';
programs.vscode = {
enable = true;
enableUpdateCheck = false;
userSettings = {
"workbench.iconTheme" = "material-icon-theme";
"cmake.configureOnOpen" = true;
"[c]" = {
"editor.defaultFormatter" = "xaver.clang-format";
};
"[cpp]" = {
"editor.defaultFormatter" = "xaver.clang-format";
};
"editor.suggestSelection" = "first";
"vsintellicode.modify.editor.suggestSelection" = "automaticallyOverrodeDefaultValue";
"[rust]" = {
"editor.defaultFormatter" = "statiolake.vscode-rustfmt";
};
"git.enableSmartCommit" = true;
"workbench.editorAssociations" = {
"*.ipynb" = "jupyter.notebook.ipynb";
};
"editor.inlineSuggest.enabled" = true;
"files.exclude" = {
"**/.classpath" = true;
"**/.project" = true;
"**/.settings" = true;
"**/.factorypath" = true;
};
"latex-workshop.view.pdf.viewer" = "tab";
"latex-workshop.latex.tools" = [
{
"name" = "latexmk";
"command" = "${pkgs.texlive.combined.scheme-medium}/bin/latexmk";
"args" = [
"-synctex=1"
"-interaction=nonstopmode"
"-file-line-error"
"-xelatex"
"-shell-escape"
"-outdir=%OUTDIR%"
"%DOC%"
];
"env" = {};
}
{
"name" = "lualatexmk";
"command" = "${pkgs.texlive.combined.scheme-medium}/bin/latexmk";
"args" = [
"-synctex=1"
"-interaction=nonstopmode"
"-file-line-error"
"-lualatex"
"-outdir=%OUTDIR%"
"%DOC%"
];
"env" = {};
}
{
"name" = "latexmk_rconly";
"command" = "${pkgs.texlive.combined.scheme-medium}/bin/latexmk";
"args" = ["%DOC%"];
"env" = {};
}
{
"name" = "pdflatex";
"command" = "${pkgs.texlive.combined.scheme-medium}/bin/pdflatex";
"args" = [
"-synctex=1"
"-interaction=nonstopmode"
"-file-line-error"
"%DOC%"
];
"env" = {};
}
{
"name" = "bibtex";
"command" = "${pkgs.texlive.combined.scheme-medium}/bin/bibtex";
"args" = ["%DOCFILE%"];
"env" = {};
}
];
"security.workspace.trust.untrustedFiles" = "open";
"latex-workshop.message.update.show" = false;
"editor.codeLensFontFamily" = "\"FiraCode Nerd Font Mono\", \"Noto Sans Mono CJK JP\", monospace";
"editor.fontFamily" = "\"FiraCode Nerd Font Mono\", \"Noto Sans Mono CJK JP\", monospace";
"rust-analyzer.checkOnSave.command" = "clippy";
"ledger.binary" = "${pkgs.hledger}/bin/hledger";
"workbench.colorTheme" = "Catppuccin Mocha";
"window.titleBarStyle" = "custom";
"rust-analyzer.hoverActions.references" = true;
"rust-analyzer.lens.methodReferences" = true;
"rust-analyzer.workspace.symbol.search.scope" = "workspace_and_dependencies";
"rust-analyzer.workspace.symbol.search.kind" = "all_symbols";
"rust-analyzer.lens.references" = true;
"rust-analyzer.lens.enumVariantReferences" = true;
"editor.bracketPairColorization.enabled" = true;
"C_Cpp.experimentalFeatures" = "Enabled";
"C_Cpp.dimInactiveRegions" = false;
"git.confirmSync" = false;
"files.watcherExclude" = {
"**/.bloop" = true;
"**/.metals" = true;
"**/.ammonite" = true;
};
"editor.formatOnSave" = true;
"rust-analyzer.checkOnSave.extraArgs" = [
"--"
"-Wabsolute_paths_not_starting_with_crate"
"-Welided_lifetimes_in_paths"
"-Wexplicit_outlives_requirements"
"-Wkeyword_idents"
"-Wmacro_use_extern_crate"
"-Wmeta_variable_misuse"
"-Wmissing_abi"
"-Wmissing_copy_implementations"
"-Wmissing_debug_implementations"
"-Wmissing_docs"
"-Wnon_ascii_idents"
"-Wnoop_method_call"
"-Wpointer_structural_match"
"-Wsingle_use_lifetimes"
"-Wtrivial_casts"
"-Wtrivial_numeric_casts"
"-Wunreachable_pub"
"-Wunused_extern_crates"
"-Wunused_import_braces"
"-Wunused_lifetimes"
"-Wunused_qualifications"
"-Wvariant_size_differences"
"-Wclippy::pedantic"
"-Wclippy::nursery"
"-Wclippy::all"
];
"github.copilot.enable" = {
"*" = true;
"yaml" = true;
"plaintext" = true;
"markdown" = true;
};
"rust-analyzer.cargo.allFeatures" = true;
"rust-analyzer.cargo.unsetTest" = [];
"redhat.telemetry.enabled" = false;
"openapi.approvedHostnames" = ["raw.githubusercontent.com"];
"liveServer.settings.donotShowInfoMsg" = true;
"[typescript]" = {
"editor.defaultFormatter" = "vscode.typescript-language-features";
};
"[javascript]" = {
"editor.defaultFormatter" = "vscode.typescript-language-features";
};
"go.toolsManagement.autoUpdate" = true;
"nix.serverPath" = "${pkgs.rnix-lsp}/bin/rnix-lsp";
"python.analysis.typeCheckingMode" = "strict";
"tabnine.experimentalAutoImports" = true;
"editor.autoClosingBrackets" = "always";
"editor.autoClosingDelete" = "always";
"editor.autoClosingOvertype" = "always";
"editor.autoClosingQuotes" = "always";
"editor.definitionLinkOpensInPeek" = true;
"editor.experimental.pasteActions.enabled" = true;
"editor.foldingImportsByDefault" = true;
"editor.linkedEditing" = true;
"editor.renderWhitespace" = "boundary";
"editor.rulers" = [72 80 100 120];
"editor.smoothScrolling" = true;
"editor.stickyTabStops" = true;
"editor.stickyScroll.enabled" = true;
"editor.tabCompletion" = "on";
"editor.unicodeHighlight.ambiguousCharacters" = false;
"editor.wordWrapColumn" = 120;
"editor.cursorSmoothCaretAnimation" = "on";
"editor.cursorSurroundingLines" = 5;
"editor.find.autoFindInSelection" = "multiline";
"editor.fontLigatures" = true;
"editor.formatOnPaste" = true;
"editor.formatOnType" = true;
"diffEditor.codeLens" = true;
"diffEditor.diffAlgorithm" = "experimental";
"editor.minimap.renderCharacters" = false;
"editor.suggest.preview" = true;
"editor.suggest.shareSuggestSelections" = true;
"files.enableTrash" = false;
"files.eol" = "\n";
"files.insertFinalNewline" = true;
"files.trimFinalNewlines" = true;
"files.trimTrailingWhitespace" = true;
"workbench.experimental.editSessions.partialMatches.enabled" = true;
"workbench.experimental.settingsProfiles.enabled" = true;
"workbench.list.smoothScrolling" = true;
"workbench.startupEditor" = "none";
"workbench.editor.closeOnFileDelete" = true;
"explorer.excludeGitIgnore" = true;
"explorer.fileNesting.enabled" = true;
"explorer.fileNesting.patterns" = {
"Cargo.toml" = "Cargo.*";
"flake.nix" = "flake.lock";
"*.ts" = "\${capture}.js, \${capture}.d.ts";
"*.js" = "\${capture}.js.map, \${capture}.min.js, \${capture}.d.ts";
"*.jsx" = "\${capture}.js";
"*.tsx" = "\${capture}.ts";
"tsconfig.json" = "tsconfig.*.json";
"package.json" = "package-lock.json, .npmrc, yarn.lock, .yarnrc";
};
"search.quickOpen.includeSymbols" = true;
"search.smartCase" = true;
"search.showLineNumbers" = true;
"search.seedOnFocus" = true;
"search.seedWithNearestWord" = true;
"search.useGlobalIgnoreFiles" = true;
"search.useParentIgnoreFiles" = true;
"debug.allowBreakpointsEverywhere" = true;
"debug.autoExpandLazyVariables" = true;
"testing.alwaysRevealTestOnStateChange" = true;
"scm.alwaysShowActions" = true;
"scm.alwaysShowRepositories" = true;
"telemetry.telemetryLevel" = "off";
"better-comments.highlightPlainText" = true;
"C_Cpp.inlayHints.autoDeclarationTypes.enabled" = true;
"C_Cpp.inlayHints.autoDeclarationTypes.showOnLeft" = true;
"C_Cpp.inlayHints.parameterNames.enabled" = true;
"C_Cpp.inlayHints.referenceOperator.enabled" = true;
"C_Cpp.inlayHints.referenceOperator.showSpace" = true;
"csharp.inlayHints.parameters.enabled" = true;
"csharp.inlayHints.parameters.forIndexerParameters" = true;
"csharp.inlayHints.parameters.forLiteralParameters" = true;
"csharp.inlayHints.parameters.forObjectCreationParameters" = true;
"csharp.inlayHints.parameters.forOtherParameters" = true;
"csharp.inlayHints.parameters.suppressForParametersThatDifferOnlyBySuffix" = true;
"csharp.inlayHints.parameters.suppressForParametersThatMatchArgumentName" = true;
"csharp.inlayHints.parameters.suppressForParametersThatMatchMethodIntent" = true;
"csharp.inlayHints.types.enabled" = true;
"csharp.inlayHints.types.forImplicitObjectCreation" = true;
"csharp.inlayHints.types.forImplicitVariableTypes" = true;
"csharp.inlayHints.types.forLambdaParameterTypes" = true;
"cSpell.language" = "en,en-GB";
"conventionalCommits.emojiFormat" = "emoji";
"conventionalCommits.showEditor" = true;
"git.allowForcePush" = true;
"git.autofetch" = "all";
"git.autofetchPeriod" = 60;
"github.gitProtocol" = "ssh";
"gitlens.showWelcomeOnInstall" = false;
"gitlens.defaultGravatarsStyle" = "monsterid";
"vsintellicode.features.python.deepLearning" = "enabled";
"merge-conflict.autoNavigateNextConflict.enabled" = true;
"projectManager.git.baseFolders" = ["/home/darkkirb/sources"];
"projectManager.hg.maxDepthRecursion" = 1;
"rust-analyzer.assist.emitMustUse" = true;
"rust-analyzer.diagnostics.experimental.enable" = true;
"rust-analyzer.lens.references.enumVariant.enable" = true;
"rust-analyzer.lens.references.method.enable" = true;
"rust-analyzer.lens.references.trait.enable" = true;
"rust-analyzer.lens.references.adt.enable" = true;
"editor.accessibilitySupport" = "off";
"[jsonc]" = {
"editor.defaultFormatter" = "esbenp.prettier-vscode";
};
"nix.formatterPath" = "${pkgs.alejandra}/bin/alejandra";
"nix.enableLanguageServer" = true;
};
extensions = with x86_64-linux-pkgs.vscode-extensions; [
];
};
}

1
config/server.nix
View file

@ -4,7 +4,6 @@
./services/caddy
./services/acme.nix
./services/fail2ban.nix
./services/initrd-ssh.nix
];
environment.systemPackages = with pkgs; [
pinentry-curses

16
config/services/akkoma/default.nix
View file

@ -111,6 +111,20 @@
sign_object_fetches = true;
authorized_fetch_mode = true;
};
":mrf_hellthread" = {
delist_threshold = 8;
};
":mrf_keyword" = {
reject = [
"usdtenm.com"
(mkRaw "~r/Hi \\w+! New account: .* Do not share with anyone, official website:/i")
"dogeai.farm"
"ARB Doge"
"new meme token created by the latest neural network"
(mkRaw "~r/dogecoin.*airdrop/i")
(mkRaw "~r/airdrop.*dogecoin/i")
];
};
":mrf_simple" = let
processMap = m: map (k: mkTuple [k m.${k}]) (builtins.attrNames m);
in {
@ -149,7 +163,7 @@
};
};
":mrf" = {
policies = map (v: mkRaw ("Pleroma.Web.ActivityPub.MRF." + v)) ["SimplePolicy" "EnsureRePrepended" "MediaProxyWarmingPolicy" "ForceBotUnlistedPolicy" "AntiFollowbotPolicy" "ObjectAgePolicy" "TagPolicy" "RequireImageDescription" "BlockInvalidDatetime"];
policies = map (v: mkRaw ("Pleroma.Web.ActivityPub.MRF." + v)) ["SimplePolicy" "EnsureRePrepended" "MediaProxyWarmingPolicy" "ForceBotUnlistedPolicy" "AntiFollowbotPolicy" "ObjectAgePolicy" "KeywordPolicy" "TagPolicy" "RequireImageDescription" "BlockInvalidDatetime" "HellthreadPolicy"];
transparency = true;
};
":http_security" = {

35
config/services/kubo-local.nix Normal file
View file

@ -0,0 +1,35 @@
{
pkgs,
config,
lib,
...
}: {
services.kubo = {
autoMigrate = true;
emptyRepo = true;
enable = true;
enableGC = true;
settings = {
Addresses = {
API = "/ip4/127.0.0.1/tcp/36307";
Gateway = "/ip4/127.0.0.1/tcp/41876";
};
Experimental = {
FilestoreEnabled = true;
UrlstoreEnabled = true;
};
Gateway.PublicGateways."ipfs.chir.rs" = {
Paths = ["/ipfs" "/ipns"];
UseSubdomains = false;
};
};
};
networking.firewall.allowedTCPPorts = [
4001
4002
];
networking.firewall.allowedUDPPorts = [
4001
];
}

91
config/services/kubo.nix Normal file
View file

@ -0,0 +1,91 @@
{
pkgs,
config,
lib,
...
}: {
imports = [../../modules/kubo.nix];
services.kubo = {
autoMigrate = true;
emptyRepo = true;
enable = true;
enableGC = true;
settings = {
Addresses = {
API = [
"/ip4/0.0.0.0/tcp/36307"
"/ip6/::1/tcp/36307"
]; # Only exposed over the tailed scale
Gateway = "/ip4/127.0.0.1/tcp/41876";
};
API.HTTPHeaders = {
Access-Control-Allow-Origin = [
"http://bafybeic4gops3d3lyrisqku37uio33nvt6fqxvkxihrwlqsuvf76yln4fm.ipfs.localhost:41876"
"http://localhost:3000"
"http://127.0.0.1:5001"
"https://webui.ipfs.io"
];
Access-Control-Allow-Methods = ["PUT" "POST"];
};
Datastore = {
Spec = {
mounts = [
{
child = {
type = "storjds";
dbURI = "postgres:///kubo_storjds?sslmode=disable&host=/run/postgresql";
bucket = "ipfs";
nodeConnectionPoolCapacity = "100";
nodeConnectionPoolKeyCapacity = "5";
nodeConnectionPoolIdleExpiration = "2m";
satelliteConnectionPoolCapacity = "10";
satelliteConnectionPoolKeyCapacity = "0";
satelliteConnectionPoolIdleExpiration = "2m";
};
mountpoint = "/";
prefix = "storj.datastore";
type = "measure";
}
];
type = "mount";
};
};
Experimental = {
FilestoreEnabled = true;
UrlstoreEnabled = true;
};
Gateway.PublicGateways."ipfs.chir.rs" = {
Paths = ["/ipfs" "/ipns"];
UseSubdomains = false;
};
};
};
sops.secrets."services/ipfs/access_grant".owner = "ipfs";
services.postgresql.ensureDatabases = [
"kubo_storjds"
];
services.postgresql.ensureUsers = [
{
name = "ipfs";
ensurePermissions = {
"DATABASE kubo_storjds" = "ALL PRIVILEGES";
};
}
];
networking.firewall.allowedTCPPorts = [
4001
4002
];
networking.firewall.allowedUDPPorts = [
4001
];
services.caddy.virtualHosts."ipfs-nocdn.chir.rs" = {
useACMEHost = "chir.rs";
logFormat = pkgs.lib.mkForce "";
extraConfig = ''
import baseConfig
reverse_proxy http://127.0.0.1:41876
'';
};
}

1
config/services/peertube/default.nix
View file

@ -14,6 +14,7 @@
secrets.secretsFile = config.sops.secrets."services/peertube/secret".path;
settings = {
object_storage = {
upload_acl.public = "private";
enabled = true;
endpoint = "s3.us-west-000.backblazeb2.com";
videos = {

2
config/services/router.nix
View file

@ -67,7 +67,7 @@ in {
iptables -A FORWARD -i br0 -j ACCEPT
iptables -t nat -A POSTROUTING -o enp2s0f0u4 -s 192.168.2.0/24 -j MASQUERADE
'';
networking.interfaces.enp1s0f0u4.macAddress = "00:d8:61:d0:de:1e"; # fucking ISP
networking.interfaces.enp2s0f0u4.macAddress = "00:d8:61:d0:de:1e"; # fucking ISP
boot.kernel.sysctl = {
"net.ipv4.conf.all.forwarding" = true;
"net.ipv6.conf.all.forwarding" = true;

1
config/thinkrac.nix
View file

@ -19,6 +19,7 @@
nixos-hardware.nixosModules.common-cpu-intel-kaby-lake
nixos-hardware.nixosModules.common-pc-ssd
./services/postgres.nix
./services/kubo-local.nix
];
hardware.cpu.intel.updateMicrocode = true;

266
flake.lock
View file

@ -214,11 +214,11 @@
]
},
"locked": {
"lastModified": 1678614024,
"narHash": "sha256-8d34JfTHKDfe+eNX5zOy3V9bbOCrRRtNNNDW9uL+WaY=",
"lastModified": 1683272040,
"narHash": "sha256-U2B9detx7EoR+ow5VS1p22syNQXXjPfnD5352bkVLiE=",
"owner": "DarkKirb",
"repo": "chir.rs",
"rev": "81adc7e92be05c2cac10e50c29c96e77b11a017f",
"rev": "62061a4981252bf456573d3eee1643d830203bee",
"type": "github"
},
"original": {
@ -631,38 +631,6 @@
"type": "github"
}
},
"flake-compat_12": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_13": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
@ -798,11 +766,11 @@
]
},
"locked": {
"lastModified": 1682984683,
"narHash": "sha256-fSMthG+tp60AHhNmaHc4StT3ltfHkQsJtN8GhfLWmtI=",
"lastModified": 1683560683,
"narHash": "sha256-XAygPMN5Xnk/W2c1aW0jyEa6lfMDZWlQgiNtmHXytPc=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "86684881e184f41aa322e653880e497b66429f3e",
"rev": "006c75898cf814ef9497252b022e91c946ba8e17",
"type": "github"
},
"original": {
@ -910,21 +878,6 @@
"type": "github"
}
},
"flake-utils_4": {
"locked": {
"lastModified": 1676283394,
"narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
@ -948,28 +901,6 @@
"type": "github"
}
},
"gitignore_2": {
"inputs": {
"nixpkgs": [
"prismlauncher",
"pre-commit-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1660459072,
"narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "a20de23b925fd8264fd7fad6454652e142fd7f73",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"gomod2nix": {
"inputs": {
"nixpkgs": [
@ -982,26 +913,26 @@
]
},
"locked": {
"lastModified": 1677459247,
"narHash": "sha256-JbakfAiPYmCCV224yAMq/XO0udN5coWv/oazblMKdoY=",
"owner": "nix-community",
"lastModified": 1683648237,
"narHash": "sha256-j8LGSx2B2TRnt29Sx4R8T/KM/Bgkf6S+bIHmWUl6Yvc=",
"owner": "DarkKirb",
"repo": "gomod2nix",
"rev": "3cbf3a51fe32e2f57af4c52744e7228bab22983d",
"rev": "c8a28f781346c18882f3988bf5cfd691b0055369",
"type": "github"
},
"original": {
"owner": "nix-community",
"owner": "DarkKirb",
"repo": "gomod2nix",
"type": "github"
}
},
"haskell-flake": {
"locked": {
"lastModified": 1682714267,
"narHash": "sha256-DsGj9AIKqKcWQQOuwbFU77rkehaICzISHhH7aezZ6OQ=",
"lastModified": 1684679610,
"narHash": "sha256-fnPPv4+GtTa9Y0QckTQe+BjM4PWQNCdDw5cYDvbMVRs=",
"owner": "srid",
"repo": "haskell-flake",
"rev": "a904caac3e4638f84a28102762bf767dd1ae50c0",
"rev": "541f6b82885276c276b63837c0d7ef004126e187",
"type": "github"
},
"original": {
@ -1032,11 +963,11 @@
]
},
"locked": {
"lastModified": 1682977601,
"narHash": "sha256-F1Va/Uiw2tVNn27FLqWyBkiqDyIm/eCamw9wA/GK8Fw=",
"lastModified": 1684704194,
"narHash": "sha256-k/hFXQxaQmDoI3bbp4K978nrHt7PYnTnIOrIoKpd1MQ=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "0e4c33d76006c9080d2f228ba1c2308e3e4d7be6",
"rev": "13a74643d72b1891b03f2566983819d451bd4b56",
"type": "github"
},
"original": {
@ -1070,11 +1001,11 @@
"hosts-list": {
"flake": false,
"locked": {
"lastModified": 1682883928,
"narHash": "sha256-a4gn7rtIp6Rm+TDKvYUraHP+IjE3ftMvlsER25TjCUM=",
"lastModified": 1684697356,
"narHash": "sha256-9QcW+ewb9ssi7qT6DWKCwHbIibpOxXDA+06++DHsu6Q=",
"owner": "StevenBlack",
"repo": "hosts",
"rev": "de91e825b0d7a3a2e614e6b46a5895595544505a",
"rev": "9f2ba78232978a20b329ba975fe545521126d9da",
"type": "github"
},
"original": {
@ -1109,11 +1040,11 @@
]
},
"locked": {
"lastModified": 1679916613,
"narHash": "sha256-Nj9U0V7Zv7XoRDdO7ECphTk6jHfOgeZe6G0x4FQLpJ0=",
"lastModified": 1683550113,
"narHash": "sha256-niw0RHfwpo2/86wvtHrbU/DQYlkkwtrM+qG7GEC0qAo=",
"owner": "NixOS",
"repo": "hydra",
"rev": "082495e34e094cae1eb49dbfc5648938e23c6355",
"rev": "13ef4e3c5d87bc6f68c91a36d78cdc7d589d8ff2",
"type": "github"
},
"original": {
@ -1133,11 +1064,11 @@
]
},
"locked": {
"lastModified": 1679916613,
"narHash": "sha256-Nj9U0V7Zv7XoRDdO7ECphTk6jHfOgeZe6G0x4FQLpJ0=",
"lastModified": 1683550113,
"narHash": "sha256-niw0RHfwpo2/86wvtHrbU/DQYlkkwtrM+qG7GEC0qAo=",
"owner": "NixOS",
"repo": "hydra",
"rev": "082495e34e094cae1eb49dbfc5648938e23c6355",
"rev": "13ef4e3c5d87bc6f68c91a36d78cdc7d589d8ff2",
"type": "github"
},
"original": {
@ -1186,22 +1117,6 @@
"type": "github"
}
},
"libnbtplusplus_2": {
"flake": false,
"locked": {
"lastModified": 1650031308,
"narHash": "sha256-TvVOjkUobYJD9itQYueELJX3wmecvEdCbJ0FinW2mL4=",
"owner": "PrismLauncher",
"repo": "libnbtplusplus",
"rev": "2203af7eeb48c45398139b583615134efd8d407f",
"type": "github"
},
"original": {
"owner": "PrismLauncher",
"repo": "libnbtplusplus",
"type": "github"
}
},
"lowdown-src": {
"flake": false,
"locked": {
@ -1381,11 +1296,11 @@
]
},
"locked": {
"lastModified": 1683028005,
"narHash": "sha256-Jb5be6uEf10qZJ5rRoCvJjp656g211O/+ANEng3A6Zg=",
"lastModified": 1684690278,
"narHash": "sha256-PWVgekmSzpjcOr3XwuMxrCucYtnSoJAARIYBBEnE3rk=",
"ref": "main",
"rev": "bd34868dbc027a49b49fdb9360c4c74de911fbf2",
"revCount": 813,
"rev": "3ab2405c797886394abe181e536855feb57f5aaa",
"revCount": 847,
"type": "git",
"url": "https://git.chir.rs/darkkirb/nix-packages.git"
},
@ -1522,11 +1437,11 @@
},
"nixos-hardware_2": {
"locked": {
"lastModified": 1683009613,
"narHash": "sha256-jJh8JaoHOLlk7iFLgZk1PlxCCNA2KTKfOLMLCa9mduA=",
"lastModified": 1684169666,
"narHash": "sha256-N5jrykeSxLVgvm3Dd3hZ38/XwM/jU+dltqlXgrGlYxk=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "7dc46304675f4ff2d6be921ef60883efd31363c4",
"rev": "71ce85372a614d418d5e303dd5702a79d1545c04",
"type": "github"
},
"original": {
@ -1710,22 +1625,6 @@
"type": "github"
}
},
"nixpkgs-stable_3": {
"locked": {
"lastModified": 1673800717,
"narHash": "sha256-SFHraUqLSu5cC6IxTprex/nTsI81ZQAtDvlBvGDWfnA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "2f9fd351ec37f5d479556cd48be4ca340da59b8f",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-22.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1670461440,
@ -1775,31 +1674,16 @@
},
"nixpkgs_5": {
"locked": {
"lastModified": 1683044705,
"narHash": "sha256-6GM8RVzgmFLF0ABzqLEMLNWjgFkuaQOTHGBuD+DNaxI=",
"lastModified": 1684570954,
"narHash": "sha256-FX5y4Sm87RWwfu9PI71XFvuRpZLowh00FQpIJ1WfXqE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b04b3345f16716f7289724286cdc8474d4758a41",
"rev": "3005f20ce0aaa58169cdee57c8aa12e5f1b6e1b3",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_6": {
"locked": {
"lastModified": 1678693419,
"narHash": "sha256-bbSv5yqZAW6dz+3f3f3pOUZbxpPN+3OgCljgn7P+nnQ=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "8e3fad82be64c06fbfb9fd43993aec9ef4623936",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixpkgs-unstable",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
@ -1821,11 +1705,11 @@
},
"nur_2": {
"locked": {
"lastModified": 1683042307,
"narHash": "sha256-NzMhWnwDoPbJznqjb7Wa6e/OoMBou8WCNYpimPx2eK0=",
"lastModified": 1684732585,
"narHash": "sha256-xeTNM8f818YzxzLKEUBi9GGFOHkmifJDDUnuokfzy/I=",
"owner": "nix-community",
"repo": "NUR",
"rev": "771b2b9028b19dfd3e7e1ac0173b35b03cd47053",
"rev": "979b88f90e6a8c9a52aec5416c007392f3296c81",
"type": "github"
},
"original": {
@ -1864,57 +1748,6 @@
"type": "github"
}
},
"pre-commit-hooks_2": {
"inputs": {
"flake-compat": "flake-compat_13",
"flake-utils": [
"prismlauncher",
"flake-utils"
],
"gitignore": "gitignore_2",
"nixpkgs": [
"prismlauncher",
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable_3"
},
"locked": {
"lastModified": 1678376203,
"narHash": "sha256-3tyYGyC8h7fBwncLZy5nCUjTJPrHbmNwp47LlNLOHSM=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "1a20b9708962096ec2481eeb2ddca29ed747770a",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"prismlauncher": {
"inputs": {
"flake-compat": "flake-compat_12",
"flake-utils": "flake-utils_4",
"libnbtplusplus": "libnbtplusplus_2",
"nixpkgs": "nixpkgs_6",
"pre-commit-hooks": "pre-commit-hooks_2"
},
"locked": {
"lastModified": 1678798431,
"narHash": "sha256-+BzvPioU0vwFQny+bdTRcbljA2nt90Mt3wN6hm7rvlU=",
"owner": "PrismLauncher",
"repo": "PrismLauncher",
"rev": "45b0367d14f38d40af5cc8603f7daab05d83af5f",
"type": "github"
},
"original": {
"owner": "PrismLauncher",
"repo": "PrismLauncher",
"rev": "45b0367d14f38d40af5cc8603f7daab05d83af5f",
"type": "github"
}
},
"prismmc": {
"inputs": {
"flake-compat": "flake-compat_10",
@ -1964,7 +1797,6 @@
"nixpkgs-for-crane": "nixpkgs-for-crane_2",
"nixpkgs-noto-variable": "nixpkgs-noto-variable_2",
"nur": "nur_2",
"prismlauncher": "prismlauncher",
"rust-overlay": "rust-overlay_4",
"sops-nix": "sops-nix_2",
"tomlplusplus": "tomlplusplus_2"
@ -2063,11 +1895,11 @@
]
},
"locked": {
"lastModified": 1682993975,
"narHash": "sha256-LlI5vwUw97NLAwcOYHRLRfhICVdp7MK2KFcUSj0Zwdg=",
"lastModified": 1684722198,
"narHash": "sha256-PMi7f6DDR1cTiO0wPu7vwDTvkqsSLykSpcmFcxoS1Ew=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "07f421299826591e2b28e03bbbe19a5292395afe",
"rev": "f526dfe586195f56ba215201f42d05beb965136d",
"type": "github"
},
"original": {
@ -2111,11 +1943,11 @@
]
},
"locked": {
"lastModified": 1682823324,
"narHash": "sha256-KNu3OAqVyoKwnDP+gqptjQYCnZXxEwXccR89c0r1/8k=",
"lastModified": 1684637723,
"narHash": "sha256-0vAxL7MVMhGbTkAyvzLvleELHjVsaS43p+PR1h9gzNQ=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "4f308f76633f81253a12b80e7b05b80d325005b2",
"rev": "4ccdfb573f323a108a44c13bb7730e42baf962a9",
"type": "github"
},
"original": {
@ -2173,11 +2005,11 @@
"tomlplusplus_2": {
"flake": false,
"locked": {
"lastModified": 1680550638,
"narHash": "sha256-CEa4cIjFMA1VQg1iZ5cWGy9yzakDjzm01Xn7Z1MKQCo=",
"lastModified": 1684400576,
"narHash": "sha256-oKTRQh2YGkDz9N/y7AWSBjXqoG3QKtlu5e9jljKfUQY=",
"owner": "marzer",
"repo": "tomlplusplus",
"rev": "ad55bae8a11a6eee39e2292b01e95b529b105767",
"rev": "e6d1958f923c16ee2b12510c16d7265d1e2e0d8e",
"type": "github"
},
"original": {

8
flake.nix
View file

@ -83,13 +83,10 @@ rec {
};
nixos-config-for-netboot.url = "github:DarkKirb/nixos-config/c9c3d16b23042a25f504a6d71e7075318f1137f8";
nixos-hardware.url = "github:NixOS/nixos-hardware";
nixpkgs.url = "github:NixOS/nixpkgs";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
nixpkgs-for-crane.url = "github:NixOS/nixpkgs/3ae365afb80773c3bb67e52294a82e329a9e5be0";
nixpkgs-noto-variable.url = "github:NixOS/nixpkgs/1988f9a17fc1c2ab11f5817adf34a4eb8d06454d";
nur.url = "github:nix-community/NUR";
prismlauncher = {
url = "github:PrismLauncher/PrismLauncher/45b0367d14f38d40af5cc8603f7daab05d83af5f";
};
rust-overlay = {
url = "github:oxalica/rust-overlay";
inputs.flake-utils.follows = "flake-utils";
@ -173,9 +170,6 @@ rec {
({pkgs, ...}: {
nixpkgs.overlays = [
nur.overlay
(self: super: {
inherit (args.prismlauncher.packages.${system}) prismlauncher;
})
];
home-manager.extraSpecialArgs = args // {inherit system;};
})

434
modules/kubo.nix Normal file
View file

@ -0,0 +1,434 @@
{
config,
lib,
pkgs,
utils,
...
}:
with lib; let
cfg = config.services.kubo;
settingsFormat = pkgs.formats.json {};
rawDefaultConfig = lib.importJSON (pkgs.runCommand "kubo-default-config" {
nativeBuildInputs = [cfg.package];
} ''
export IPFS_PATH="$TMPDIR"
ipfs init --empty-repo --profile=${profile}
ipfs --offline config show > "$out"
'');
# Remove the PeerID (an attribute of "Identity") of the temporary Kubo repo.
# The "Pinning" section contains the "RemoteServices" section, which would prevent
# the daemon from starting as that setting can't be changed via ipfs config replace.
defaultConfig = builtins.removeAttrs rawDefaultConfig ["Identity" "Pinning"];
customizedConfig = lib.recursiveUpdate defaultConfig cfg.settings;
configFile = settingsFormat.generate "kubo-config.json" customizedConfig;
# Create a fake repo containing only the file "api".
# $IPFS_PATH will point to this directory instead of the real one.
# For some reason the Kubo CLI tools insist on reading the
# config file when it exists. But the Kubo daemon sets the file
# permissions such that only the ipfs user is allowed to read
# this file. This prevents normal users from talking to the daemon.
# To work around this terrible design, create a fake repo with no
# config file, only an api file and everything should work as expected.
fakeKuboRepo = pkgs.writeTextDir "api" ''
/unix/run/ipfs.sock
'';
kuboFlags = utils.escapeSystemdExecArgs (
optional cfg.autoMount "--mount"
++ optional cfg.enableGC "--enable-gc"
++ optional (cfg.serviceFdlimit != null) "--manage-fdlimit=false"
++ optional (cfg.defaultMode == "offline") "--offline"
++ optional (cfg.defaultMode == "norouting") "--routing=none"
++ cfg.extraFlags
);
profile =
if cfg.localDiscovery
then "local-discovery"
else "server";
splitMulitaddr = addrRaw: lib.tail (lib.splitString "/" addrRaw);
multiaddrsToListenStreams = addrIn: let
addrs =
if builtins.typeOf addrIn == "list"
then addrIn
else [addrIn];
unfilteredResult = map multiaddrToListenStream addrs;
in
builtins.filter (addr: addr != null) unfilteredResult;
multiaddrsToListenDatagrams = addrIn: let
addrs =
if builtins.typeOf addrIn == "list"
then addrIn
else [addrIn];
unfilteredResult = map multiaddrToListenDatagram addrs;
in
builtins.filter (addr: addr != null) unfilteredResult;
multiaddrToListenStream = addrRaw: let
addr = splitMulitaddr addrRaw;
s = builtins.elemAt addr;
in
if s 0 == "ip4" && s 2 == "tcp"
then "${s 1}:${s 3}"
else if s 0 == "ip6" && s 2 == "tcp"
then "[${s 1}]:${s 3}"
else if s 0 == "unix"
then "/${lib.concatStringsSep "/" (lib.tail addr)}"
else null; # not valid for listen stream, skip
multiaddrToListenDatagram = addrRaw: let
addr = splitMulitaddr addrRaw;
s = builtins.elemAt addr;
in
if s 0 == "ip4" && s 2 == "udp"
then "${s 1}:${s 3}"
else if s 0 == "ip6" && s 2 == "udp"
then "[${s 1}]:${s 3}"
else null; # not valid for listen datagram, skip
in {
###### interface
options = {
services.kubo = {
enable = mkEnableOption (lib.mdDoc "Interplanetary File System (WARNING: may cause severe network degradation)");
package = mkOption {
type = types.package;
default = pkgs.kubo;
defaultText = literalExpression "pkgs.kubo";
description = lib.mdDoc "Which Kubo package to use.";
};
user = mkOption {
type = types.str;
default = "ipfs";
description = lib.mdDoc "User under which the Kubo daemon runs";
};
group = mkOption {
type = types.str;
default = "ipfs";
description = lib.mdDoc "Group under which the Kubo daemon runs";
};
dataDir = mkOption {
type = types.str;
default =
if versionAtLeast config.system.stateVersion "17.09"
then "/var/lib/ipfs"
else "/var/lib/ipfs/.ipfs";
defaultText = literalExpression ''
if versionAtLeast config.system.stateVersion "17.09"
then "/var/lib/ipfs"
else "/var/lib/ipfs/.ipfs"
'';
description = lib.mdDoc "The data dir for Kubo";
};
defaultMode = mkOption {
type = types.enum ["online" "offline" "norouting"];
default = "online";
description = lib.mdDoc "systemd service that is enabled by default";
};
autoMount = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc "Whether Kubo should try to mount /ipfs and /ipns at startup.";
};
autoMigrate = mkOption {
type = types.bool;
default = true;
description = lib.mdDoc "Whether Kubo should try to run the fs-repo-migration at startup.";
};
ipfsMountDir = mkOption {
type = types.str;
default = "/ipfs";
description = lib.mdDoc "Where to mount the IPFS namespace to";
};
ipnsMountDir = mkOption {
type = types.str;
default = "/ipns";
description = lib.mdDoc "Where to mount the IPNS namespace to";
};
enableGC = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc "Whether to enable automatic garbage collection";
};
emptyRepo = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc "If set to true, the repo won't be initialized with help files";
};
settings = mkOption {
type = lib.types.submodule {
freeformType = settingsFormat.type;
options = {
Addresses.API = mkOption {
type = types.oneOf [types.str (types.listOf types.str)];
default = [];
description = lib.mdDoc ''
Multiaddr or array of multiaddrs describing the address to serve the local HTTP API on.
In addition to the multiaddrs listed here, the daemon will also listen on a Unix domain socket.
To allow the ipfs CLI tools to communicate with the daemon over that socket,
add your user to the correct group, e.g. `users.users.alice.extraGroups = [ config.services.kubo.group ];`
'';
};
Addresses.Gateway = mkOption {
type = types.oneOf [types.str (types.listOf types.str)];
default = "/ip4/127.0.0.1/tcp/8080";
description = lib.mdDoc "Where the IPFS Gateway can be reached";
};
Addresses.Swarm = mkOption {
type = types.listOf types.str;
default = [
"/ip4/0.0.0.0/tcp/4001"
"/ip6/::/tcp/4001"
"/ip4/0.0.0.0/udp/4001/quic"
"/ip4/0.0.0.0/udp/4001/quic-v1"
"/ip4/0.0.0.0/udp/4001/quic-v1/webtransport"
"/ip6/::/udp/4001/quic"
"/ip6/::/udp/4001/quic-v1"
"/ip6/::/udp/4001/quic-v1/webtransport"
];
description = lib.mdDoc "Where Kubo listens for incoming p2p connections";
};
};
};
description = lib.mdDoc ''
Attrset of daemon configuration.
See [https://github.com/ipfs/kubo/blob/master/docs/config.md](https://github.com/ipfs/kubo/blob/master/docs/config.md) for reference.
You can't set `Identity` or `Pinning`.
'';
default = {};
example = {
Datastore.StorageMax = "100GB";
Discovery.MDNS.Enabled = false;
Bootstrap = [
"/ip4/128.199.219.111/tcp/4001/ipfs/QmSoLSafTMBsPKadTEgaXctDQVcqN88CNLHXMkTNwMKPnu"
"/ip4/162.243.248.213/tcp/4001/ipfs/QmSoLueR4xBeUbY9WZ9xGUUxunbKWcrNFTDAadQJmocnWm"
];
Swarm.AddrFilters = null;
};
};
extraFlags = mkOption {
type = types.listOf types.str;
description = lib.mdDoc "Extra flags passed to the Kubo daemon";
default = [];
};
localDiscovery = mkOption {
type = types.bool;
description = lib.mdDoc '' Whether to enable local discovery for the Kubo daemon.
This will allow Kubo to scan ports on your local network. Some hosting services will ban you if you do this.
'';
default = false;
};
serviceFdlimit = mkOption {
type = types.nullOr types.int;
default = null;
description = lib.mdDoc "The fdlimit for the Kubo systemd unit or `null` to have the daemon attempt to manage it";
example = 64 * 1024;
};
startWhenNeeded = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc "Whether to use socket activation to start Kubo when needed.";
};
};
};
###### implementation
disabledModules = ["services/network-filesystems/kubo.nix"];
config = mkIf cfg.enable {
assertions = [
{
assertion = !builtins.hasAttr "Identity" cfg.settings;
message = ''
You can't set services.kubo.settings.Identity because the ``config replace`` subcommand used at startup does not support modifying any of the Identity settings.
'';
}
{
assertion = !((builtins.hasAttr "Pinning" cfg.settings) && (builtins.hasAttr "RemoteServices" cfg.settings.Pinning));
message = ''
You can't set services.kubo.settings.Pinning.RemoteServices because the ``config replace`` subcommand used at startup does not work with it.
'';
}
];
environment.systemPackages = [cfg.package];
environment.variables.IPFS_PATH = fakeKuboRepo;
# https://github.com/lucas-clemente/quic-go/wiki/UDP-Receive-Buffer-Size
boot.kernel.sysctl."net.core.rmem_max" = mkDefault 2500000;
programs.fuse = mkIf cfg.autoMount {
userAllowOther = true;
};
users.users = mkIf (cfg.user == "ipfs") {
ipfs = {
group = cfg.group;
home = cfg.dataDir;
createHome = false;
uid = config.ids.uids.ipfs;
description = "IPFS daemon user";
packages = [
pkgs.kubo-migrator
];
};
};
users.groups = mkIf (cfg.group == "ipfs") {
ipfs.gid = config.ids.gids.ipfs;
};
systemd.tmpfiles.rules =
[
"d '${cfg.dataDir}' - ${cfg.user} ${cfg.group} - -"
]
++ optionals cfg.autoMount [
"d '${cfg.ipfsMountDir}' - ${cfg.user} ${cfg.group} - -"
"d '${cfg.ipnsMountDir}' - ${cfg.user} ${cfg.group} - -"
];
# The hardened systemd unit breaks the fuse-mount function according to documentation in the unit file itself
systemd.packages =
if cfg.autoMount
then [cfg.package.systemd_unit]
else [cfg.package.systemd_unit_hardened];
services.kubo.settings = mkIf cfg.autoMount {
Mounts.FuseAllowOther = lib.mkDefault true;
Mounts.IPFS = lib.mkDefault cfg.ipfsMountDir;
Mounts.IPNS = lib.mkDefault cfg.ipnsMountDir;
};
systemd.services.ipfs =
{
path = ["/run/wrappers" cfg.package];
environment.IPFS_PATH = cfg.dataDir;
preStart =
''
if [[ ! -f "$IPFS_PATH/config" ]]; then
ipfs init ${optionalString cfg.emptyRepo "-e"}
else
# After an unclean shutdown this file may exist which will cause the config command to attempt to talk to the daemon. This will hang forever if systemd is holding our sockets open.
rm -vf "$IPFS_PATH/api"
''
+ optionalString cfg.autoMigrate ''
${pkgs.kubo-migrator}/bin/fs-repo-migrations -to '${cfg.package.repoVersion}' -y
''
+ ''
fi
ipfs --offline config show |
${pkgs.jq}/bin/jq -s '.[0].Pinning as $Pinning | .[0].Identity as $Identity | .[1] + {$Identity,$Pinning}' - '${configFile}' |
${pkgs.jq}/bin/jq ".Datastore.Spec.mounts[0].child.accessGrant = \"$(cat ${config.sops.secrets."services/ipfs/access_grant".path})\"" |
# This command automatically injects the private key and other secrets from
# the old config file back into the new config file.
# Unfortunately, it doesn't keep the original `Identity.PeerID`,
# so we need `ipfs config show` and jq above.
# See https://github.com/ipfs/kubo/issues/8993 for progress on fixing this problem.
# Kubo also wants a specific version of the original "Pinning.RemoteServices"
# section (redacted by `ipfs config show`), such that that section doesn't
# change when the changes are applied. Whyyyyyy.....
ipfs --offline config replace -
'';
postStop = mkIf cfg.autoMount ''
# After an unclean shutdown the fuse mounts at cfg.ipnsMountDir and cfg.ipfsMountDir are locked
umount --quiet '${cfg.ipnsMountDir}' '${cfg.ipfsMountDir}' || true
'';
serviceConfig =
{
ExecStart = ["" "${cfg.package}/bin/ipfs daemon ${kuboFlags}"];
User = cfg.user;
Group = cfg.group;
StateDirectory = "";
ReadWritePaths = optionals (!cfg.autoMount) ["" cfg.dataDir];
}
// optionalAttrs (cfg.serviceFdlimit != null) {LimitNOFILE = cfg.serviceFdlimit;};
}
// optionalAttrs (!cfg.startWhenNeeded) {
wantedBy = ["default.target"];
};
systemd.sockets.ipfs-gateway = {
wantedBy = ["sockets.target"];
socketConfig = {
ListenStream =
[""] ++ (multiaddrsToListenStreams cfg.settings.Addresses.Gateway);
ListenDatagram =
[""] ++ (multiaddrsToListenDatagrams cfg.settings.Addresses.Gateway);
};
};
systemd.sockets.ipfs-api = {
wantedBy = ["sockets.target"];
socketConfig = {
# We also include "%t/ipfs.sock" because there is no way to put the "%t"
# in the multiaddr.
ListenStream =
["" "%t/ipfs.sock"] ++ (multiaddrsToListenStreams cfg.settings.Addresses.API);
SocketMode = "0660";
SocketUser = cfg.user;
SocketGroup = cfg.group;
};
};
};
meta = {
maintainers = with lib.maintainers; [Luflosi];
};
imports = [
(mkRenamedOptionModule ["services" "ipfs" "enable"] ["services" "kubo" "enable"])
(mkRenamedOptionModule ["services" "ipfs" "package"] ["services" "kubo" "package"])
(mkRenamedOptionModule ["services" "ipfs" "user"] ["services" "kubo" "user"])
(mkRenamedOptionModule ["services" "ipfs" "group"] ["services" "kubo" "group"])
(mkRenamedOptionModule ["services" "ipfs" "dataDir"] ["services" "kubo" "dataDir"])
(mkRenamedOptionModule ["services" "ipfs" "defaultMode"] ["services" "kubo" "defaultMode"])
(mkRenamedOptionModule ["services" "ipfs" "autoMount"] ["services" "kubo" "autoMount"])
(mkRenamedOptionModule ["services" "ipfs" "autoMigrate"] ["services" "kubo" "autoMigrate"])
(mkRenamedOptionModule ["services" "ipfs" "ipfsMountDir"] ["services" "kubo" "ipfsMountDir"])
(mkRenamedOptionModule ["services" "ipfs" "ipnsMountDir"] ["services" "kubo" "ipnsMountDir"])
(mkRenamedOptionModule ["services" "ipfs" "gatewayAddress"] ["services" "kubo" "settings" "Addresses" "Gateway"])
(mkRenamedOptionModule ["services" "ipfs" "apiAddress"] ["services" "kubo" "settings" "Addresses" "API"])
(mkRenamedOptionModule ["services" "ipfs" "swarmAddress"] ["services" "kubo" "settings" "Addresses" "Swarm"])
(mkRenamedOptionModule ["services" "ipfs" "enableGC"] ["services" "kubo" "enableGC"])
(mkRenamedOptionModule ["services" "ipfs" "emptyRepo"] ["services" "kubo" "emptyRepo"])
(mkRenamedOptionModule ["services" "ipfs" "extraConfig"] ["services" "kubo" "settings"])
(mkRenamedOptionModule ["services" "ipfs" "extraFlags"] ["services" "kubo" "extraFlags"])
(mkRenamedOptionModule ["services" "ipfs" "localDiscovery"] ["services" "kubo" "localDiscovery"])
(mkRenamedOptionModule ["services" "ipfs" "serviceFdlimit"] ["services" "kubo" "serviceFdlimit"])
(mkRenamedOptionModule ["services" "ipfs" "startWhenNeeded"] ["services" "kubo" "startWhenNeeded"])
(mkRenamedOptionModule ["services" "kubo" "extraConfig"] ["services" "kubo" "settings"])
(mkRenamedOptionModule ["services" "kubo" "gatewayAddress"] ["services" "kubo" "settings" "Addresses" "Gateway"])
(mkRenamedOptionModule ["services" "kubo" "apiAddress"] ["services" "kubo" "settings" "Addresses" "API"])
(mkRenamedOptionModule ["services" "kubo" "swarmAddress"] ["services" "kubo" "settings" "Addresses" "Swarm"])
];
}

5
overlays/default.nix
View file

@ -60,4 +60,9 @@ in
checkPhase = "";
installCheckPhase = "";
});
nodejs-16_x = prev.nodejs-18_x;
neomutt = prev.neomutt.overrideAttrs (super: {
doCheck = false;
doInstallCheck = false;
});
}

2
packages/minecraft/vault.nix
View file

@ -33,7 +33,7 @@
dontFixup = true;
outputHashAlgo = "sha256";
outputHashMode = "recursive";
outputHash = "sha256-vH/bnae6EmbGbgYDzMs1wKyLpFJqE+vNbukYmzrLmW8=";
outputHash = "sha256-KKw9bJ7CefWM2SbnAVy1IhBZ5PU0cgaqVdNH2ooQkSc=";
};
in
stdenv.mkDerivation {

6
secrets/instance-20221213-1915.yaml
View file

@ -8,6 +8,8 @@ security:
restic:
password: ENC[AES256_GCM,data:80XNExfwBIG3aVNQBc8T2fdN9oA=,iv:JM/HU7vhx28VA9EppxpFc3xRVcAt+kp3JwTuHmFpL78=,tag:pC73+XCsFGTdA+MbTihD7Q==,type:str]
services:
ipfs:
access_grant: ENC[AES256_GCM,data:WFWKgRf4VG0fViy9hSvRclwxQxICoV94eOpaVjGv6HJ/SeHLF2FaXG9PPNvU35JsNrWQhovYK33QPqE9IV6rgoo7xtH7FYlr91YYJ6a/x4SQnkIu5aUYIpsTk+I97T/5gfLJZK2Sr05lrnCBth5F2eu+ITILt8AUizrqLLW+KWpeCkzz6G8pJGwnOqp/CIDkTCybgnzM0piF4F0lVukAjnrUhYGR3szi8zpy6ZSQHFvXgz37DfEaTgcJlt/tx/xozkSor+KweXHDA71d1nugQ1p7DhLdP4rpm7PrdfZmwc56p2OkK15jdDPeOTBpOWvFt+wdPKR4PMfwYFHO5adE8ZNkdBafICtrdEV552qkTZ4LDYqY9qCi0tKU3TbuArxKoMPshoiaeqEuP2itPsZonqYVv9CXeOLSlA==,iv:NU4rJgOTg6SPOCiYvOqQH0w9i3aJR8IvfNcm+eykoVI=,tag:/LRTOtGRd/Y9QJlK0X1jvA==,type:str]
attic: ENC[AES256_GCM,data:piBIi+r/WKVnGwl00q1lZjdyQz2PqFGrM8xTxf5/0MOv4UTJjw9I/9HdQAKgMH7okiAh94BTyGCM4EzwiHRbErQoQC9OihIgUkvQW6/SzIeSgSw3n8oBe7UKiXIedsjzLoPNjH1gDg8lLDgg5Iq389+AY+qPFfmF61tpcG35bkvKd1XWUL/elTMff+yILndu9fvcmmkDk4IGSdzB2fVcB+1k6JOWiL5Mo42RF2dUu7cvbnrsh/MpC0nzMrkQUBENfhPPuEjMGZ2ZwSqbW2B6FfZI9uCtdmRpXhwytzHBgwxetbKKe61a+mPTjSyItG/bqoSw4v+O8T8UBy2y/aAmZjvw+fhl+sb+ro90sOZMzY9jNVenZqVvTyZk12gD/ljpzRbGpIxE9l0WdLLlB9aNIaRa3EGbe9oNpGg4p6I+kEe4mx1+qhUpNgrCpv1jUORyfbKGNrPp//NiO3C7nrm//5D2U+Y4vg4Xc80RHsHTrHuKdpk=,iv:SoK0B7bf8TiFXCPTWYr2G1+XoFzFIIJzruwXfOjCsxg=,tag:bxsUXluNqqcuOixOz6cSjA==,type:str]
ssh:
host-key: ENC[AES256_GCM,data:oiy1thPKRVgH0XltFQCKwGMdLZde8zp1Ag1dL/el/2jXp1be1Evtr+kkZv56nhlaJ6KpYi5VsfrfpFVnKUkcYGUMmqVf2lFDu2fPcWB+PW7nol9K+sVRhHgTPP1wz385o5bof4OnbMF9sUbV0PT/pd4yAvluKq9s2vBBb2GEZ+HDBwkurmgVrFqUb66AvCdncXTpK47qpWZQMDTMGKqv5d1hJOoCCIulX3iJ4ko2xDD7qRlFtcdLNFLw3q4R6eP+L0OqoQs8dnjpIQOLVItzHTHTTcQRVoFvD7OMYSyU5RIIxTIOoS9tWzQu/QpHpO4cgjQ/GX09uj+a6/Cy8Itavd88YeSoYEPGwBYEciYLakFpNQ8aFl0yEsEMdZbfHgOUAOlbv28Mv93+RFMs5HrdIup/lZr5PsCBSsrMVkwJNVQKTxbN34LCTGOeCkuzohAwmwEVB/Ysuh23WyFKcdkGWAwlnVvgaNT5/TsNTCCI8Hf6fJecD4imWrJAtlXG7o+mnE+f0LlixxsnMgSnlkX4,iv:mnW23zPiSDoluMjQJEUFHDkVO6IT/4+RgAlaKuie3Qw=,tag:F+KOH/MkjrF1wYCR9OzFkQ==,type:str]
@ -47,8 +49,8 @@ sops:
bVJUcDZLWTk3MiszOWp4enRRQmNsajQKF8QJs/Wb0SqnvsQEkRKlS1Ms9xLIdyvZ
QCFAPclaOfaTLTiRJWXjDneBkMBduYKkRPiXCR+Bn7i4z8ixLXFmWw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-04-18T18:46:10Z"
mac: ENC[AES256_GCM,data:zhJ4n36vDz+Irjex39KewguKqqbFkQv4z2f8dcJume7+pLjyVvNNPQG/NQl5FhM3xBpRKN/pLIJixGbm5wn3wRY3AlddxAzoU2rTj7ReePMBy7U217ogGFdWrT+ZLZnsWZSKsysCrI7X0uMzFG7LclLe0qkBKhobENHtqCA4Fbo=,iv:9PVUowtactn5wUsiKyu7nwjaRMM+PpUdZoqGvzW/5is=,tag:r5y9IbFMzDjwUgePfH4LDQ==,type:str]
lastmodified: "2023-05-21T15:38:32Z"
mac: ENC[AES256_GCM,data:X1SWQqjJg7sVFr/za6YOPvtCNaPBKy6ZOsHTLQjA+zJlMgddpoyw2z4YvREEo2XIIVpVBR4O3LmilgyATD1I3fliaqLb7YAQUmjWbKLro1AWKT2qMV8N6PRN5EkneBMREB8SQfIdsBjKuX4SEMnvidVuVJ38NFhL+7ir9/pkKhA=,iv:Zg28rBroY9NNFwzEHJfkm67jTeaVG0sPZzg5H5oDK1Q=,tag:9j57KLJ0Zpjpdgz8BYvbxA==,type:str]
pgp:
- created_at: "2022-12-14T15:34:13Z"
enc: |

4
secrets/nixos-8gb-fsn1-1.yaml
View file

@ -87,8 +87,8 @@ sops:
UDRmejBFNTVxeTF6aVFta09OS25uNXcKizOsV9EUukinCAwvpZVrk9x0aXTKQckd
gGfdCEU0HZXhZg+ikDFzy52+vPo8+gInjscXiXr/gGn6dJoctLqQXA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-03-25T19:34:07Z"
mac: ENC[AES256_GCM,data:LygAZldFTh49Oj/uZ85cuyis/ctE4octX1dNYAdEdQjfFzRBAN9K5HdWby1NVigBaTiqkmTXNv6ohCpEhkDp6C9dAfZenqDu/s2iR6aGdwQT0uscfI9p6u19yNCVZDo6vpGRO5a7oQuyeasG30HlEHko8AEXIioqPcY3FrjV0W4=,iv:9TAIeHizW1TFGdNXbvbQ8eRJ+uHcsC8CLTsvtpyHOtk=,tag:901jQ7YEp1bLUhaA0zaO3g==,type:str]
lastmodified: "2023-05-21T15:38:17Z"
mac: ENC[AES256_GCM,data:VaHp7F++bzk6inHOZLXQ0rqZ8BESf2uSspKV/IjJDPl+R5rwzmILfXNnscJenHXmtsouRUGoNLo3u+4DH95Ow/WdHiR76vMv4z6pCLQBrLwYg0UQi8w6WqksTSf33AnCow8A1p12AKG3hFzKMijR7G7TivQJSTMsXTy+1/fOtPY=,iv:WWLvVPpZTNP9twcOnNl974UMPkObzNYqM4cfBEQZldk=,tag:9q+PcIf1TMTq9OdG45F/pA==,type:str]
pgp:
- created_at: "2023-02-18T08:54:32Z"
enc: |

4
zones/chir.rs.nix
View file

@ -144,7 +144,7 @@ with dns.lib.combinators; let
SOA = {
nameServer = "ns1.chir.rs.";
adminEmail = "lotte@chir.rs";
serial = 30;
serial = 32;
};
NS = [
"ns1.chir.rs."
@ -247,6 +247,8 @@ with dns.lib.combinators; let
attic.CNAME = ["attic-chir-rs.b-cdn.net."];
cloud = createZone oracleBase;
lotte = createZone {};
ipfs-nocdn = createZone oracleBase;
ipfs.CNAME = ["ipfs-chir-rs.b-cdn.net."];
int =
delegateTo [