diff --git a/config/default.nix b/config/default.nix index fb5b9dd9..dcbb6a74 100644 --- a/config/default.nix +++ b/config/default.nix @@ -95,4 +95,8 @@ "nas.int.chir.rs".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDhao1I1Kd1gK5bERUdjMxP9yHDrSHYZsTN2TcSk0K/U"; "backup.int.chir.rs".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDhao1I1Kd1gK5bERUdjMxP9yHDrSHYZsTN2TcSk0K/U"; }; + + nixpkgs.config.permittedInsecurePackages = [ + "openssl-1.1.1t" # used by cinny + ]; } diff --git a/config/desktop.nix b/config/desktop.nix index 0d3ee0de..a07d1418 100644 --- a/config/desktop.nix +++ b/config/desktop.nix @@ -142,4 +142,9 @@ in { "i686-linux" ] else []; + + virtualisation = { + waydroid.enable = true; + lxd.enable = true; + }; } diff --git a/config/games/default.nix b/config/games/default.nix index 7e528f1a..24f55f43 100644 --- a/config/games/default.nix +++ b/config/games/default.nix @@ -5,9 +5,6 @@ args: { }: let x86_64-linux-pkgs = import nixpkgs {system = "x86_64-linux";}; in { - imports = [ - (import ./grapejuice.nix args) - ]; home.packages = [ x86_64-linux-pkgs.wineWowPackages.staging pkgs.prismlauncher diff --git a/config/games/grapejuice.nix b/config/games/grapejuice.nix deleted file mode 100644 index e6643e0d..00000000 --- a/config/games/grapejuice.nix +++ /dev/null @@ -1,59 +0,0 @@ -args: { - lib, - config, - pkgs, - nixpkgs, - ... -}: let - x86_64-linux-pkgs = import nixpkgs {system = "x86_64-linux";}; - grapejuice_config = { - __version__ = 2; - __hardware_profiles__ = null; - show_fast_flag_warning = true; - no_daemon_mode = true; - release_channel = "master"; - disable_updates = false; - ignore_wine_version = false; - try_profiling_hardware = false; - wineprefixes = [ - { - id = "ec33b6a3-8b44-4179-baec-54cb5bc888cb"; - priority = 0; - name_on_disk = "player"; - display_name = "Player"; - wine_home = "${x86_64-linux-pkgs.wineWowPackages.staging}"; - dll_overrides = "dxdiagn=;winemenubuilder.exe="; - prime_offload_sink = -1; - use_mesa_gl_override = false; - enable_winedebug = false; - winedebug_string = ""; - roblox_renderer = "OpenGL"; - env = {}; - hints = [ - "player" - "app" - ]; - fast_flags = { - roblox_studio = {}; - roblox_player = {}; - roblox_app = {}; - }; - third_party = { - fps_unlocker = false; - dxvk = false; - }; - } - ]; - }; - grapejuiceJson = pkgs.writeText "grapejuice.json" (builtins.toJSON grapejuice_config); -in { - home.packages = [ - x86_64-linux-pkgs.grapejuice - ]; - home.activation.grapejuiceSettings = lib.hm.dag.entryAfter ["writeBoundary"] '' - $DRY_RUN_CMD mkdir $VERBOSE_ARG -p $HOME/.config/brinkervii/grapejuice - $DRY_RUN_CMD rm $VERBOSE_ARG -f $HOME/.config/brinkervii/grapejuice/user_settings.json - $DRY_RUN_CMD cp $VERBOSE_ARG ${grapejuiceJson} $HOME/.config/brinkervii/grapejuice/user_settings.json - $DRY_RUN_CMD chmod +w $VERBOSE_ARG $HOME/.config/brinkervii/grapejuice/user_settings.json - ''; -} diff --git a/config/home-manager/darkkirb.nix b/config/home-manager/darkkirb.nix index 6ca8674a..b5bcad4b 100644 --- a/config/home-manager/darkkirb.nix +++ b/config/home-manager/darkkirb.nix @@ -27,6 +27,7 @@ ../programs/keybase.nix ../programs/keepass.nix ../programs/kicad.nix + ../programs/vscode ../programs/misc.nix ../programs/kitty.nix ../programs/zk.nix diff --git a/config/instance-20221213-1915.nix b/config/instance-20221213-1915.nix index f62ede70..d832c2f2 100644 --- a/config/instance-20221213-1915.nix +++ b/config/instance-20221213-1915.nix @@ -1,6 +1,5 @@ { config, - pkgs, lib, modulesPath, ... @@ -25,6 +24,7 @@ ./services/mautrix-telegram.nix ./services/mautrix-whatsapp.nix ./services/mautrix-signal.nix + ./services/kubo.nix ]; boot.initrd.availableKernelModules = ["xhci_pci" "virtio_pci" "usbhid"]; diff --git a/config/nas.nix b/config/nas.nix index aa6a1855..6a74b232 100644 --- a/config/nas.nix +++ b/config/nas.nix @@ -33,54 +33,45 @@ ]; hardware.cpu.amd.updateMicrocode = true; - boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usb_storage" "sd_mod"]; + boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usb_storage" "sd_mod" "bcache"]; boot.initrd.kernelModules = ["igb"]; boot.kernelModules = ["kvm-amd"]; boot.extraModulePackages = [ config.boot.kernelPackages.zenpower ]; + services.btrfs.autoScrub = { + enable = true; + fileSystems = ["/"]; + }; + services.snapper.configs.main = { + SUBVOLUME = "/"; + TIMELINE_LIMIT_HOURLY = "5"; + TIMELINE_LIMIT_DAILY = "7"; + TIMELINE_LIMIT_WEEKLY = "4"; + TIMELINE_LIMIT_MONTHLY = "12"; + TIMELINE_LIMIT_YEARLY = "0"; + }; + services.beesd.filesystems.root = { + spec = "LABEL=root"; + hashTableSizeMB = 2048; + verbosity = "crit"; + extraOptions = ["--loadavg-target" "5.0"]; + }; + boot.kernelPackages = lib.mkForce pkgs.linuxPackages_testing_bcachefs; - boot.supportedFilesystems = lib.mkForce ["bcachefs" "vfat"]; + boot.supportedFilesystems = lib.mkForce ["btrfs" "vfat"]; fileSystems."/" = { - device = "/dev/nvme0n1p2:/dev/sda1:/dev/sdb1:/dev/sdc1"; - fsType = "bcachefs"; + device = "/dev/bcache0"; + fsType = "btrfs"; }; fileSystems."/boot" = { device = "/dev/nvme0n1p1"; fsType = "vfat"; }; - fileSystems."/boot1" = { - device = "/dev/disk/by-partuuid/b50f9cff-552d-4c6e-bda2-104723ee638e"; - fsType = "vfat"; - }; - fileSystems."/boot2" = { - device = "/dev/disk/by-partuuid/6f365c6a-63a2-4fb9-976b-ec9e04c9cb13"; - fsType = "vfat"; - }; - fileSystems."/boot3" = { - device = "/dev/disk/by-partuuid/324146ea-edb6-4f2e-b260-af8eddfb1eca"; - fsType = "vfat"; - }; - /* - swapDevices = [ - { - device = "/dev/disk/by-partuuid/3b652a7e-a550-4342-a0d7-d2ae47b3e9d1"; - randomEncryption = true; - } - { - device = "/dev/disk/by-partuuid/59de36d4-6613-4b50-9643-8824e9a9b1f9"; - randomEncryption = true; - } - { - device = "/dev/disk/by-partuuid/f6260d75-2b96-4f55-ba0f-050c58b84b78"; - randomEncryption = true; - } - ]; - */ networking.interfaces.br0 = { ipv4 = { addresses = [ @@ -109,7 +100,6 @@ nix.settings.cores = 12; boot.binfmt.emulatedSystems = [ "armv7l-linux" - "aarch64-linux" "powerpc-linux" "powerpc64-linux" "powerpc64le-linux" @@ -173,4 +163,5 @@ }; services.tailscale.useRoutingFeatures = "both"; hardware.sane.brscan4.enable = true; + system.autoUpgrade.allowReboot = true; } diff --git a/config/nix.nix b/config/nix.nix index 1aaebbf8..78a4877f 100644 --- a/config/nix.nix +++ b/config/nix.nix @@ -52,51 +52,58 @@ in { dates = "weekly"; options = "--delete-older-than 7d"; }; - buildMachines = [ - { - hostName = "build-nas"; - systems = [ - "armv7l-linux" - "powerpc-linux" - "powerpc64-linux" - "powerpc64le-linux" - "riscv32-linux" - "riscv64-linux" - "wasm32-wasi" - "x86_64-linux" - "i686-linux" - ]; - maxJobs = 12; - speedFactor = 1; - supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark" "gccarch-znver1" "gccarch-skylake" "ca-derivations"]; - } - { - hostName = "build-pc"; - systems = [ - "armv7l-linux" - "powerpc-linux" - "powerpc64-linux" - "powerpc64le-linux" - "riscv32-linux" - "riscv64-linux" - "wasm32-wasi" - "x86_64-linux" - "i686-linux" - ]; - maxJobs = 16; - speedFactor = 2; - supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark" "gccarch-znver2" "gccarch-znver1" "gccarch-skylake" "ca-derivations"]; - } - { - hostName = "build-aarch64"; - systems = [ - "aarch64-linux" - ]; - maxJobs = 4; - speedFactor = 1; - supportedFeatures = ["nixos-test" "benchmark" "ca-derivations" "gccarch-armv8-a" "gccarch-armv8.1-a" "gccarch-armv8.2-a" "big-parallel"]; - } - ]; + buildMachines = with lib; + mkMerge [ + (mkIf (config.networking.hostName != "nas") [ + { + hostName = "build-nas"; + systems = [ + "armv7l-linux" + "powerpc-linux" + "powerpc64-linux" + "powerpc64le-linux" + "riscv32-linux" + "riscv64-linux" + "wasm32-wasi" + "x86_64-linux" + "i686-linux" + ]; + maxJobs = 12; + speedFactor = 1; + supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark" "gccarch-znver1" "gccarch-skylake" "ca-derivations"]; + } + ]) + (mkIf (config.networking.hostName != "nutty-noon") [ + { + hostName = "build-pc"; + systems = [ + "armv7l-linux" + "powerpc-linux" + "powerpc64-linux" + "powerpc64le-linux" + "riscv32-linux" + "riscv64-linux" + "wasm32-wasi" + "x86_64-linux" + "i686-linux" + ]; + maxJobs = 16; + speedFactor = 2; + supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark" "gccarch-znver2" "gccarch-znver1" "gccarch-skylake" "ca-derivations"]; + } + ]) + (mkIf (config.networking.hostName != "instance-20221213-1915") [ + { + hostName = "build-aarch64"; + systems = [ + "aarch64-linux" + ]; + maxJobs = 4; + speedFactor = 1; + supportedFeatures = ["nixos-test" "benchmark" "ca-derivations" "gccarch-armv8-a" "gccarch-armv8.1-a" "gccarch-armv8.2-a" "big-parallel"]; + } + ]) + ]; distributedBuilds = true; }; system.autoUpgrade = { diff --git a/config/nixos-8gb-fsn1-1.nix b/config/nixos-8gb-fsn1-1.nix index 734097c4..16cfa45e 100644 --- a/config/nixos-8gb-fsn1-1.nix +++ b/config/nixos-8gb-fsn1-1.nix @@ -1,6 +1,4 @@ { - config, - pkgs, lib, modulesPath, ... @@ -33,6 +31,7 @@ ./services/chir.rs ./services/atticd.nix ./services/wordpress.nix + ./services/initrd-ssh.nix ]; boot.initrd.availableKernelModules = ["ata_piix" "virtio_pci" "virtio_scsi" "xhci_pci" "sd_mod" "sr_mod"]; diff --git a/config/programs/ims.nix b/config/programs/ims.nix index 6723f49e..bf7570ae 100644 --- a/config/programs/ims.nix +++ b/config/programs/ims.nix @@ -1,26 +1,5 @@ -{ - config, - pkgs, - lib, - nixpkgs, - ... -}: let - x86_64-linux-pkgs = import nixpkgs { - system = "x86_64-linux"; - config.allowUnfree = true; - }; - firefox-wrapped = x86_64-linux-pkgs.firefox; #config.programs.firefox.package; - firefox = firefox-wrapped.unwrapped; - nss = pkgs.lib.lists.findFirst (x: x.pname or x.name == "nss") null firefox.buildInputs; -in { +{pkgs, ...}: { home.packages = with pkgs; [ - (x86_64-linux-pkgs.discord.override {inherit nss;}) - tdesktop - element-desktop - nheko cinny-desktop ]; - home.activation.betterDiscord = lib.hm.dag.entryAfter ["writeBoundary"] '' - $DRY_RUN_CMD ${pkgs.betterdiscordctl}/bin/betterdiscordctl install $VERBOSE_ARG || true - ''; } diff --git a/config/programs/theming.nix b/config/programs/theming.nix index ee04124e..efa9466a 100644 --- a/config/programs/theming.nix +++ b/config/programs/theming.nix @@ -471,4 +471,35 @@ in { color sidebar_new color10 default # Mailboxes with new mail are Green ''; home.file.".local/share/mc/skins/catppuccin.ini".source = ../../extra/mc-catppuccin.ini; + programs.vscode.userSettings = { + "catppuccin.colorOverrides".all = { + rosewater = color 1; + flamingo = color 2; + pink = color 3; + mauve = color 4; + red = color 5; + maroon = color 6; + peach = color 7; + yellow = color 8; + green = color 9; + teal = color 10; + sky = color 11; + sapphire = color 12; + blue = color 13; + lavender = color 14; + text = color 15; + base = color 0; + surface0 = color 0; + surface1 = color 0; + surface2 = color 0; + mantle = color 0; + crust = color 0; + }; + "catppuccin.customUIColors".all = { + "editor.selectionBackground" = "rosewater"; + "editor.selectionHighlightBackground" = "rosewater"; + }; + "glassit.alpha" = 220; + "glassit.force_sway" = true; + }; } diff --git a/config/programs/vscode/default.nix b/config/programs/vscode/default.nix new file mode 100644 index 00000000..1e58b928 --- /dev/null +++ b/config/programs/vscode/default.nix @@ -0,0 +1,291 @@ +{ + pkgs, + nixpkgs, + lib, + ... +}: let + x86_64-linux-pkgs = import nixpkgs { + system = "x86_64-linux"; + config.allowUnfree = true; + }; +in { + home.activation.vscode-server = lib.hm.dag.entryAfter ["write-boundary"] '' + if test -f ~/.vscode-server; then + if test -f "~/.vscode/extensions"; then + if ! test -L "~/.vscode-server/extensions"; then + $DRY_RUN_CMD ln -s $VERBOSE_ARG ~/.vscode/extensions ~/.vscode-server/ + fi + fi + if test -f "~/vscode-server/bin"; then + for f in ~/.vscode-server/bin/*/node; do + if ! test -L $f; then + $DRY_RUN_CMD ln -sf $VERBOSE_ARG ${pkgs.nodejs}/bin/node $f + fi + done + fi + fi + ''; + programs.vscode = { + enable = true; + enableUpdateCheck = false; + userSettings = { + "workbench.iconTheme" = "material-icon-theme"; + "cmake.configureOnOpen" = true; + "[c]" = { + "editor.defaultFormatter" = "xaver.clang-format"; + }; + "[cpp]" = { + "editor.defaultFormatter" = "xaver.clang-format"; + }; + "editor.suggestSelection" = "first"; + "vsintellicode.modify.editor.suggestSelection" = "automaticallyOverrodeDefaultValue"; + "[rust]" = { + "editor.defaultFormatter" = "statiolake.vscode-rustfmt"; + }; + "git.enableSmartCommit" = true; + "workbench.editorAssociations" = { + "*.ipynb" = "jupyter.notebook.ipynb"; + }; + "editor.inlineSuggest.enabled" = true; + "files.exclude" = { + "**/.classpath" = true; + "**/.project" = true; + "**/.settings" = true; + "**/.factorypath" = true; + }; + "latex-workshop.view.pdf.viewer" = "tab"; + "latex-workshop.latex.tools" = [ + { + "name" = "latexmk"; + "command" = "${pkgs.texlive.combined.scheme-medium}/bin/latexmk"; + "args" = [ + "-synctex=1" + "-interaction=nonstopmode" + "-file-line-error" + "-xelatex" + "-shell-escape" + "-outdir=%OUTDIR%" + "%DOC%" + ]; + "env" = {}; + } + { + "name" = "lualatexmk"; + "command" = "${pkgs.texlive.combined.scheme-medium}/bin/latexmk"; + "args" = [ + "-synctex=1" + "-interaction=nonstopmode" + "-file-line-error" + "-lualatex" + "-outdir=%OUTDIR%" + "%DOC%" + ]; + "env" = {}; + } + { + "name" = "latexmk_rconly"; + "command" = "${pkgs.texlive.combined.scheme-medium}/bin/latexmk"; + "args" = ["%DOC%"]; + "env" = {}; + } + { + "name" = "pdflatex"; + "command" = "${pkgs.texlive.combined.scheme-medium}/bin/pdflatex"; + "args" = [ + "-synctex=1" + "-interaction=nonstopmode" + "-file-line-error" + "%DOC%" + ]; + "env" = {}; + } + { + "name" = "bibtex"; + "command" = "${pkgs.texlive.combined.scheme-medium}/bin/bibtex"; + "args" = ["%DOCFILE%"]; + "env" = {}; + } + ]; + "security.workspace.trust.untrustedFiles" = "open"; + "latex-workshop.message.update.show" = false; + "editor.codeLensFontFamily" = "\"FiraCode Nerd Font Mono\", \"Noto Sans Mono CJK JP\", monospace"; + "editor.fontFamily" = "\"FiraCode Nerd Font Mono\", \"Noto Sans Mono CJK JP\", monospace"; + "rust-analyzer.checkOnSave.command" = "clippy"; + "ledger.binary" = "${pkgs.hledger}/bin/hledger"; + "workbench.colorTheme" = "Catppuccin Mocha"; + "window.titleBarStyle" = "custom"; + "rust-analyzer.hoverActions.references" = true; + "rust-analyzer.lens.methodReferences" = true; + "rust-analyzer.workspace.symbol.search.scope" = "workspace_and_dependencies"; + "rust-analyzer.workspace.symbol.search.kind" = "all_symbols"; + "rust-analyzer.lens.references" = true; + "rust-analyzer.lens.enumVariantReferences" = true; + "editor.bracketPairColorization.enabled" = true; + "C_Cpp.experimentalFeatures" = "Enabled"; + "C_Cpp.dimInactiveRegions" = false; + "git.confirmSync" = false; + "files.watcherExclude" = { + "**/.bloop" = true; + "**/.metals" = true; + "**/.ammonite" = true; + }; + "editor.formatOnSave" = true; + "rust-analyzer.checkOnSave.extraArgs" = [ + "--" + "-Wabsolute_paths_not_starting_with_crate" + "-Welided_lifetimes_in_paths" + "-Wexplicit_outlives_requirements" + "-Wkeyword_idents" + "-Wmacro_use_extern_crate" + "-Wmeta_variable_misuse" + "-Wmissing_abi" + "-Wmissing_copy_implementations" + "-Wmissing_debug_implementations" + "-Wmissing_docs" + "-Wnon_ascii_idents" + "-Wnoop_method_call" + "-Wpointer_structural_match" + "-Wsingle_use_lifetimes" + "-Wtrivial_casts" + "-Wtrivial_numeric_casts" + "-Wunreachable_pub" + "-Wunused_extern_crates" + "-Wunused_import_braces" + "-Wunused_lifetimes" + "-Wunused_qualifications" + "-Wvariant_size_differences" + "-Wclippy::pedantic" + "-Wclippy::nursery" + "-Wclippy::all" + ]; + "github.copilot.enable" = { + "*" = true; + "yaml" = true; + "plaintext" = true; + "markdown" = true; + }; + "rust-analyzer.cargo.allFeatures" = true; + "rust-analyzer.cargo.unsetTest" = []; + "redhat.telemetry.enabled" = false; + "openapi.approvedHostnames" = ["raw.githubusercontent.com"]; + "liveServer.settings.donotShowInfoMsg" = true; + "[typescript]" = { + "editor.defaultFormatter" = "vscode.typescript-language-features"; + }; + "[javascript]" = { + "editor.defaultFormatter" = "vscode.typescript-language-features"; + }; + "go.toolsManagement.autoUpdate" = true; + "nix.serverPath" = "${pkgs.rnix-lsp}/bin/rnix-lsp"; + "python.analysis.typeCheckingMode" = "strict"; + "tabnine.experimentalAutoImports" = true; + "editor.autoClosingBrackets" = "always"; + "editor.autoClosingDelete" = "always"; + "editor.autoClosingOvertype" = "always"; + "editor.autoClosingQuotes" = "always"; + "editor.definitionLinkOpensInPeek" = true; + "editor.experimental.pasteActions.enabled" = true; + "editor.foldingImportsByDefault" = true; + "editor.linkedEditing" = true; + "editor.renderWhitespace" = "boundary"; + "editor.rulers" = [72 80 100 120]; + "editor.smoothScrolling" = true; + "editor.stickyTabStops" = true; + "editor.stickyScroll.enabled" = true; + "editor.tabCompletion" = "on"; + "editor.unicodeHighlight.ambiguousCharacters" = false; + "editor.wordWrapColumn" = 120; + "editor.cursorSmoothCaretAnimation" = "on"; + "editor.cursorSurroundingLines" = 5; + "editor.find.autoFindInSelection" = "multiline"; + "editor.fontLigatures" = true; + "editor.formatOnPaste" = true; + "editor.formatOnType" = true; + "diffEditor.codeLens" = true; + "diffEditor.diffAlgorithm" = "experimental"; + "editor.minimap.renderCharacters" = false; + "editor.suggest.preview" = true; + "editor.suggest.shareSuggestSelections" = true; + "files.enableTrash" = false; + "files.eol" = "\n"; + "files.insertFinalNewline" = true; + "files.trimFinalNewlines" = true; + "files.trimTrailingWhitespace" = true; + "workbench.experimental.editSessions.partialMatches.enabled" = true; + "workbench.experimental.settingsProfiles.enabled" = true; + "workbench.list.smoothScrolling" = true; + "workbench.startupEditor" = "none"; + "workbench.editor.closeOnFileDelete" = true; + "explorer.excludeGitIgnore" = true; + "explorer.fileNesting.enabled" = true; + "explorer.fileNesting.patterns" = { + "Cargo.toml" = "Cargo.*"; + "flake.nix" = "flake.lock"; + "*.ts" = "\${capture}.js, \${capture}.d.ts"; + "*.js" = "\${capture}.js.map, \${capture}.min.js, \${capture}.d.ts"; + "*.jsx" = "\${capture}.js"; + "*.tsx" = "\${capture}.ts"; + "tsconfig.json" = "tsconfig.*.json"; + "package.json" = "package-lock.json, .npmrc, yarn.lock, .yarnrc"; + }; + "search.quickOpen.includeSymbols" = true; + "search.smartCase" = true; + "search.showLineNumbers" = true; + "search.seedOnFocus" = true; + "search.seedWithNearestWord" = true; + "search.useGlobalIgnoreFiles" = true; + "search.useParentIgnoreFiles" = true; + "debug.allowBreakpointsEverywhere" = true; + "debug.autoExpandLazyVariables" = true; + "testing.alwaysRevealTestOnStateChange" = true; + "scm.alwaysShowActions" = true; + "scm.alwaysShowRepositories" = true; + "telemetry.telemetryLevel" = "off"; + "better-comments.highlightPlainText" = true; + "C_Cpp.inlayHints.autoDeclarationTypes.enabled" = true; + "C_Cpp.inlayHints.autoDeclarationTypes.showOnLeft" = true; + "C_Cpp.inlayHints.parameterNames.enabled" = true; + "C_Cpp.inlayHints.referenceOperator.enabled" = true; + "C_Cpp.inlayHints.referenceOperator.showSpace" = true; + "csharp.inlayHints.parameters.enabled" = true; + "csharp.inlayHints.parameters.forIndexerParameters" = true; + "csharp.inlayHints.parameters.forLiteralParameters" = true; + "csharp.inlayHints.parameters.forObjectCreationParameters" = true; + "csharp.inlayHints.parameters.forOtherParameters" = true; + "csharp.inlayHints.parameters.suppressForParametersThatDifferOnlyBySuffix" = true; + "csharp.inlayHints.parameters.suppressForParametersThatMatchArgumentName" = true; + "csharp.inlayHints.parameters.suppressForParametersThatMatchMethodIntent" = true; + "csharp.inlayHints.types.enabled" = true; + "csharp.inlayHints.types.forImplicitObjectCreation" = true; + "csharp.inlayHints.types.forImplicitVariableTypes" = true; + "csharp.inlayHints.types.forLambdaParameterTypes" = true; + "cSpell.language" = "en,en-GB"; + "conventionalCommits.emojiFormat" = "emoji"; + "conventionalCommits.showEditor" = true; + "git.allowForcePush" = true; + "git.autofetch" = "all"; + "git.autofetchPeriod" = 60; + "github.gitProtocol" = "ssh"; + "gitlens.showWelcomeOnInstall" = false; + "gitlens.defaultGravatarsStyle" = "monsterid"; + "vsintellicode.features.python.deepLearning" = "enabled"; + "merge-conflict.autoNavigateNextConflict.enabled" = true; + "projectManager.git.baseFolders" = ["/home/darkkirb/sources"]; + "projectManager.hg.maxDepthRecursion" = 1; + "rust-analyzer.assist.emitMustUse" = true; + "rust-analyzer.diagnostics.experimental.enable" = true; + "rust-analyzer.lens.references.enumVariant.enable" = true; + "rust-analyzer.lens.references.method.enable" = true; + "rust-analyzer.lens.references.trait.enable" = true; + "rust-analyzer.lens.references.adt.enable" = true; + "editor.accessibilitySupport" = "off"; + "[jsonc]" = { + "editor.defaultFormatter" = "esbenp.prettier-vscode"; + }; + "nix.formatterPath" = "${pkgs.alejandra}/bin/alejandra"; + "nix.enableLanguageServer" = true; + }; + extensions = with x86_64-linux-pkgs.vscode-extensions; [ + ]; + }; +} diff --git a/config/server.nix b/config/server.nix index 8b84ffaa..a01b74a4 100644 --- a/config/server.nix +++ b/config/server.nix @@ -4,7 +4,6 @@ ./services/caddy ./services/acme.nix ./services/fail2ban.nix - ./services/initrd-ssh.nix ]; environment.systemPackages = with pkgs; [ pinentry-curses diff --git a/config/services/akkoma/default.nix b/config/services/akkoma/default.nix index b16a5164..8fc47ba4 100644 --- a/config/services/akkoma/default.nix +++ b/config/services/akkoma/default.nix @@ -111,6 +111,20 @@ sign_object_fetches = true; authorized_fetch_mode = true; }; + ":mrf_hellthread" = { + delist_threshold = 8; + }; + ":mrf_keyword" = { + reject = [ + "usdtenm.com" + (mkRaw "~r/Hi \\w+! New account: .* Do not share with anyone, official website:/i") + "dogeai.farm" + "ARB Doge" + "new meme token created by the latest neural network" + (mkRaw "~r/dogecoin.*airdrop/i") + (mkRaw "~r/airdrop.*dogecoin/i") + ]; + }; ":mrf_simple" = let processMap = m: map (k: mkTuple [k m.${k}]) (builtins.attrNames m); in { @@ -149,7 +163,7 @@ }; }; ":mrf" = { - policies = map (v: mkRaw ("Pleroma.Web.ActivityPub.MRF." + v)) ["SimplePolicy" "EnsureRePrepended" "MediaProxyWarmingPolicy" "ForceBotUnlistedPolicy" "AntiFollowbotPolicy" "ObjectAgePolicy" "TagPolicy" "RequireImageDescription" "BlockInvalidDatetime"]; + policies = map (v: mkRaw ("Pleroma.Web.ActivityPub.MRF." + v)) ["SimplePolicy" "EnsureRePrepended" "MediaProxyWarmingPolicy" "ForceBotUnlistedPolicy" "AntiFollowbotPolicy" "ObjectAgePolicy" "KeywordPolicy" "TagPolicy" "RequireImageDescription" "BlockInvalidDatetime" "HellthreadPolicy"]; transparency = true; }; ":http_security" = { diff --git a/config/services/kubo-local.nix b/config/services/kubo-local.nix new file mode 100644 index 00000000..d00ffecc --- /dev/null +++ b/config/services/kubo-local.nix @@ -0,0 +1,35 @@ +{ + pkgs, + config, + lib, + ... +}: { + services.kubo = { + autoMigrate = true; + emptyRepo = true; + enable = true; + enableGC = true; + settings = { + Addresses = { + API = "/ip4/127.0.0.1/tcp/36307"; + Gateway = "/ip4/127.0.0.1/tcp/41876"; + }; + Experimental = { + FilestoreEnabled = true; + UrlstoreEnabled = true; + }; + Gateway.PublicGateways."ipfs.chir.rs" = { + Paths = ["/ipfs" "/ipns"]; + UseSubdomains = false; + }; + }; + }; + + networking.firewall.allowedTCPPorts = [ + 4001 + 4002 + ]; + networking.firewall.allowedUDPPorts = [ + 4001 + ]; +} diff --git a/config/services/kubo.nix b/config/services/kubo.nix new file mode 100644 index 00000000..0218586e --- /dev/null +++ b/config/services/kubo.nix @@ -0,0 +1,91 @@ +{ + pkgs, + config, + lib, + ... +}: { + imports = [../../modules/kubo.nix]; + services.kubo = { + autoMigrate = true; + emptyRepo = true; + enable = true; + enableGC = true; + settings = { + Addresses = { + API = [ + "/ip4/0.0.0.0/tcp/36307" + "/ip6/::1/tcp/36307" + ]; # Only exposed over the tailed scale + Gateway = "/ip4/127.0.0.1/tcp/41876"; + }; + API.HTTPHeaders = { + Access-Control-Allow-Origin = [ + "http://bafybeic4gops3d3lyrisqku37uio33nvt6fqxvkxihrwlqsuvf76yln4fm.ipfs.localhost:41876" + "http://localhost:3000" + "http://127.0.0.1:5001" + "https://webui.ipfs.io" + ]; + Access-Control-Allow-Methods = ["PUT" "POST"]; + }; + Datastore = { + Spec = { + mounts = [ + { + child = { + type = "storjds"; + dbURI = "postgres:///kubo_storjds?sslmode=disable&host=/run/postgresql"; + bucket = "ipfs"; + nodeConnectionPoolCapacity = "100"; + nodeConnectionPoolKeyCapacity = "5"; + nodeConnectionPoolIdleExpiration = "2m"; + satelliteConnectionPoolCapacity = "10"; + satelliteConnectionPoolKeyCapacity = "0"; + satelliteConnectionPoolIdleExpiration = "2m"; + }; + mountpoint = "/"; + prefix = "storj.datastore"; + type = "measure"; + } + ]; + type = "mount"; + }; + }; + Experimental = { + FilestoreEnabled = true; + UrlstoreEnabled = true; + }; + Gateway.PublicGateways."ipfs.chir.rs" = { + Paths = ["/ipfs" "/ipns"]; + UseSubdomains = false; + }; + }; + }; + + sops.secrets."services/ipfs/access_grant".owner = "ipfs"; + services.postgresql.ensureDatabases = [ + "kubo_storjds" + ]; + services.postgresql.ensureUsers = [ + { + name = "ipfs"; + ensurePermissions = { + "DATABASE kubo_storjds" = "ALL PRIVILEGES"; + }; + } + ]; + networking.firewall.allowedTCPPorts = [ + 4001 + 4002 + ]; + networking.firewall.allowedUDPPorts = [ + 4001 + ]; + services.caddy.virtualHosts."ipfs-nocdn.chir.rs" = { + useACMEHost = "chir.rs"; + logFormat = pkgs.lib.mkForce ""; + extraConfig = '' + import baseConfig + reverse_proxy http://127.0.0.1:41876 + ''; + }; +} diff --git a/config/services/peertube/default.nix b/config/services/peertube/default.nix index 8edbd535..fb449a6b 100644 --- a/config/services/peertube/default.nix +++ b/config/services/peertube/default.nix @@ -14,6 +14,7 @@ secrets.secretsFile = config.sops.secrets."services/peertube/secret".path; settings = { object_storage = { + upload_acl.public = "private"; enabled = true; endpoint = "s3.us-west-000.backblazeb2.com"; videos = { diff --git a/config/services/router.nix b/config/services/router.nix index 18ed9a18..ac59d587 100644 --- a/config/services/router.nix +++ b/config/services/router.nix @@ -67,7 +67,7 @@ in { iptables -A FORWARD -i br0 -j ACCEPT iptables -t nat -A POSTROUTING -o enp2s0f0u4 -s 192.168.2.0/24 -j MASQUERADE ''; - networking.interfaces.enp1s0f0u4.macAddress = "00:d8:61:d0:de:1e"; # fucking ISP + networking.interfaces.enp2s0f0u4.macAddress = "00:d8:61:d0:de:1e"; # fucking ISP boot.kernel.sysctl = { "net.ipv4.conf.all.forwarding" = true; "net.ipv6.conf.all.forwarding" = true; diff --git a/config/thinkrac.nix b/config/thinkrac.nix index 0014335f..414cbae2 100644 --- a/config/thinkrac.nix +++ b/config/thinkrac.nix @@ -19,6 +19,7 @@ nixos-hardware.nixosModules.common-cpu-intel-kaby-lake nixos-hardware.nixosModules.common-pc-ssd ./services/postgres.nix + ./services/kubo-local.nix ]; hardware.cpu.intel.updateMicrocode = true; diff --git a/flake.lock b/flake.lock index 25dc709c..4a269c9c 100644 --- a/flake.lock +++ b/flake.lock @@ -214,11 +214,11 @@ ] }, "locked": { - "lastModified": 1678614024, - "narHash": "sha256-8d34JfTHKDfe+eNX5zOy3V9bbOCrRRtNNNDW9uL+WaY=", + "lastModified": 1683272040, + "narHash": "sha256-U2B9detx7EoR+ow5VS1p22syNQXXjPfnD5352bkVLiE=", "owner": "DarkKirb", "repo": "chir.rs", - "rev": "81adc7e92be05c2cac10e50c29c96e77b11a017f", + "rev": "62061a4981252bf456573d3eee1643d830203bee", "type": "github" }, "original": { @@ -631,38 +631,6 @@ "type": "github" } }, - "flake-compat_12": { - "flake": false, - "locked": { - "lastModified": 1673956053, - "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_13": { - "flake": false, - "locked": { - "lastModified": 1673956053, - "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "flake-compat_2": { "flake": false, "locked": { @@ -798,11 +766,11 @@ ] }, "locked": { - "lastModified": 1682984683, - "narHash": "sha256-fSMthG+tp60AHhNmaHc4StT3ltfHkQsJtN8GhfLWmtI=", + "lastModified": 1683560683, + "narHash": "sha256-XAygPMN5Xnk/W2c1aW0jyEa6lfMDZWlQgiNtmHXytPc=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "86684881e184f41aa322e653880e497b66429f3e", + "rev": "006c75898cf814ef9497252b022e91c946ba8e17", "type": "github" }, "original": { @@ -910,21 +878,6 @@ "type": "github" } }, - "flake-utils_4": { - "locked": { - "lastModified": 1676283394, - "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "gitignore": { "inputs": { "nixpkgs": [ @@ -948,28 +901,6 @@ "type": "github" } }, - "gitignore_2": { - "inputs": { - "nixpkgs": [ - "prismlauncher", - "pre-commit-hooks", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1660459072, - "narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=", - "owner": "hercules-ci", - "repo": "gitignore.nix", - "rev": "a20de23b925fd8264fd7fad6454652e142fd7f73", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "gitignore.nix", - "type": "github" - } - }, "gomod2nix": { "inputs": { "nixpkgs": [ @@ -982,26 +913,26 @@ ] }, "locked": { - "lastModified": 1677459247, - "narHash": "sha256-JbakfAiPYmCCV224yAMq/XO0udN5coWv/oazblMKdoY=", - "owner": "nix-community", + "lastModified": 1683648237, + "narHash": "sha256-j8LGSx2B2TRnt29Sx4R8T/KM/Bgkf6S+bIHmWUl6Yvc=", + "owner": "DarkKirb", "repo": "gomod2nix", - "rev": "3cbf3a51fe32e2f57af4c52744e7228bab22983d", + "rev": "c8a28f781346c18882f3988bf5cfd691b0055369", "type": "github" }, "original": { - "owner": "nix-community", + "owner": "DarkKirb", "repo": "gomod2nix", "type": "github" } }, "haskell-flake": { "locked": { - "lastModified": 1682714267, - "narHash": "sha256-DsGj9AIKqKcWQQOuwbFU77rkehaICzISHhH7aezZ6OQ=", + "lastModified": 1684679610, + "narHash": "sha256-fnPPv4+GtTa9Y0QckTQe+BjM4PWQNCdDw5cYDvbMVRs=", "owner": "srid", "repo": "haskell-flake", - "rev": "a904caac3e4638f84a28102762bf767dd1ae50c0", + "rev": "541f6b82885276c276b63837c0d7ef004126e187", "type": "github" }, "original": { @@ -1032,11 +963,11 @@ ] }, "locked": { - "lastModified": 1682977601, - "narHash": "sha256-F1Va/Uiw2tVNn27FLqWyBkiqDyIm/eCamw9wA/GK8Fw=", + "lastModified": 1684704194, + "narHash": "sha256-k/hFXQxaQmDoI3bbp4K978nrHt7PYnTnIOrIoKpd1MQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "0e4c33d76006c9080d2f228ba1c2308e3e4d7be6", + "rev": "13a74643d72b1891b03f2566983819d451bd4b56", "type": "github" }, "original": { @@ -1070,11 +1001,11 @@ "hosts-list": { "flake": false, "locked": { - "lastModified": 1682883928, - "narHash": "sha256-a4gn7rtIp6Rm+TDKvYUraHP+IjE3ftMvlsER25TjCUM=", + "lastModified": 1684697356, + "narHash": "sha256-9QcW+ewb9ssi7qT6DWKCwHbIibpOxXDA+06++DHsu6Q=", "owner": "StevenBlack", "repo": "hosts", - "rev": "de91e825b0d7a3a2e614e6b46a5895595544505a", + "rev": "9f2ba78232978a20b329ba975fe545521126d9da", "type": "github" }, "original": { @@ -1109,11 +1040,11 @@ ] }, "locked": { - "lastModified": 1679916613, - "narHash": "sha256-Nj9U0V7Zv7XoRDdO7ECphTk6jHfOgeZe6G0x4FQLpJ0=", + "lastModified": 1683550113, + "narHash": "sha256-niw0RHfwpo2/86wvtHrbU/DQYlkkwtrM+qG7GEC0qAo=", "owner": "NixOS", "repo": "hydra", - "rev": "082495e34e094cae1eb49dbfc5648938e23c6355", + "rev": "13ef4e3c5d87bc6f68c91a36d78cdc7d589d8ff2", "type": "github" }, "original": { @@ -1133,11 +1064,11 @@ ] }, "locked": { - "lastModified": 1679916613, - "narHash": "sha256-Nj9U0V7Zv7XoRDdO7ECphTk6jHfOgeZe6G0x4FQLpJ0=", + "lastModified": 1683550113, + "narHash": "sha256-niw0RHfwpo2/86wvtHrbU/DQYlkkwtrM+qG7GEC0qAo=", "owner": "NixOS", "repo": "hydra", - "rev": "082495e34e094cae1eb49dbfc5648938e23c6355", + "rev": "13ef4e3c5d87bc6f68c91a36d78cdc7d589d8ff2", "type": "github" }, "original": { @@ -1186,22 +1117,6 @@ "type": "github" } }, - "libnbtplusplus_2": { - "flake": false, - "locked": { - "lastModified": 1650031308, - "narHash": "sha256-TvVOjkUobYJD9itQYueELJX3wmecvEdCbJ0FinW2mL4=", - "owner": "PrismLauncher", - "repo": "libnbtplusplus", - "rev": "2203af7eeb48c45398139b583615134efd8d407f", - "type": "github" - }, - "original": { - "owner": "PrismLauncher", - "repo": "libnbtplusplus", - "type": "github" - } - }, "lowdown-src": { "flake": false, "locked": { @@ -1381,11 +1296,11 @@ ] }, "locked": { - "lastModified": 1683028005, - "narHash": "sha256-Jb5be6uEf10qZJ5rRoCvJjp656g211O/+ANEng3A6Zg=", + "lastModified": 1684690278, + "narHash": "sha256-PWVgekmSzpjcOr3XwuMxrCucYtnSoJAARIYBBEnE3rk=", "ref": "main", - "rev": "bd34868dbc027a49b49fdb9360c4c74de911fbf2", - "revCount": 813, + "rev": "3ab2405c797886394abe181e536855feb57f5aaa", + "revCount": 847, "type": "git", "url": "https://git.chir.rs/darkkirb/nix-packages.git" }, @@ -1522,11 +1437,11 @@ }, "nixos-hardware_2": { "locked": { - "lastModified": 1683009613, - "narHash": "sha256-jJh8JaoHOLlk7iFLgZk1PlxCCNA2KTKfOLMLCa9mduA=", + "lastModified": 1684169666, + "narHash": "sha256-N5jrykeSxLVgvm3Dd3hZ38/XwM/jU+dltqlXgrGlYxk=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "7dc46304675f4ff2d6be921ef60883efd31363c4", + "rev": "71ce85372a614d418d5e303dd5702a79d1545c04", "type": "github" }, "original": { @@ -1710,22 +1625,6 @@ "type": "github" } }, - "nixpkgs-stable_3": { - "locked": { - "lastModified": 1673800717, - "narHash": "sha256-SFHraUqLSu5cC6IxTprex/nTsI81ZQAtDvlBvGDWfnA=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "2f9fd351ec37f5d479556cd48be4ca340da59b8f", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-22.11", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_2": { "locked": { "lastModified": 1670461440, @@ -1775,31 +1674,16 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1683044705, - "narHash": "sha256-6GM8RVzgmFLF0ABzqLEMLNWjgFkuaQOTHGBuD+DNaxI=", + "lastModified": 1684570954, + "narHash": "sha256-FX5y4Sm87RWwfu9PI71XFvuRpZLowh00FQpIJ1WfXqE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b04b3345f16716f7289724286cdc8474d4758a41", + "rev": "3005f20ce0aaa58169cdee57c8aa12e5f1b6e1b3", "type": "github" }, "original": { "owner": "NixOS", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_6": { - "locked": { - "lastModified": 1678693419, - "narHash": "sha256-bbSv5yqZAW6dz+3f3f3pOUZbxpPN+3OgCljgn7P+nnQ=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "8e3fad82be64c06fbfb9fd43993aec9ef4623936", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixpkgs-unstable", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } @@ -1821,11 +1705,11 @@ }, "nur_2": { "locked": { - "lastModified": 1683042307, - "narHash": "sha256-NzMhWnwDoPbJznqjb7Wa6e/OoMBou8WCNYpimPx2eK0=", + "lastModified": 1684732585, + "narHash": "sha256-xeTNM8f818YzxzLKEUBi9GGFOHkmifJDDUnuokfzy/I=", "owner": "nix-community", "repo": "NUR", - "rev": "771b2b9028b19dfd3e7e1ac0173b35b03cd47053", + "rev": "979b88f90e6a8c9a52aec5416c007392f3296c81", "type": "github" }, "original": { @@ -1864,57 +1748,6 @@ "type": "github" } }, - "pre-commit-hooks_2": { - "inputs": { - "flake-compat": "flake-compat_13", - "flake-utils": [ - "prismlauncher", - "flake-utils" - ], - "gitignore": "gitignore_2", - "nixpkgs": [ - "prismlauncher", - "nixpkgs" - ], - "nixpkgs-stable": "nixpkgs-stable_3" - }, - "locked": { - "lastModified": 1678376203, - "narHash": "sha256-3tyYGyC8h7fBwncLZy5nCUjTJPrHbmNwp47LlNLOHSM=", - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "rev": "1a20b9708962096ec2481eeb2ddca29ed747770a", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "type": "github" - } - }, - "prismlauncher": { - "inputs": { - "flake-compat": "flake-compat_12", - "flake-utils": "flake-utils_4", - "libnbtplusplus": "libnbtplusplus_2", - "nixpkgs": "nixpkgs_6", - "pre-commit-hooks": "pre-commit-hooks_2" - }, - "locked": { - "lastModified": 1678798431, - "narHash": "sha256-+BzvPioU0vwFQny+bdTRcbljA2nt90Mt3wN6hm7rvlU=", - "owner": "PrismLauncher", - "repo": "PrismLauncher", - "rev": "45b0367d14f38d40af5cc8603f7daab05d83af5f", - "type": "github" - }, - "original": { - "owner": "PrismLauncher", - "repo": "PrismLauncher", - "rev": "45b0367d14f38d40af5cc8603f7daab05d83af5f", - "type": "github" - } - }, "prismmc": { "inputs": { "flake-compat": "flake-compat_10", @@ -1964,7 +1797,6 @@ "nixpkgs-for-crane": "nixpkgs-for-crane_2", "nixpkgs-noto-variable": "nixpkgs-noto-variable_2", "nur": "nur_2", - "prismlauncher": "prismlauncher", "rust-overlay": "rust-overlay_4", "sops-nix": "sops-nix_2", "tomlplusplus": "tomlplusplus_2" @@ -2063,11 +1895,11 @@ ] }, "locked": { - "lastModified": 1682993975, - "narHash": "sha256-LlI5vwUw97NLAwcOYHRLRfhICVdp7MK2KFcUSj0Zwdg=", + "lastModified": 1684722198, + "narHash": "sha256-PMi7f6DDR1cTiO0wPu7vwDTvkqsSLykSpcmFcxoS1Ew=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "07f421299826591e2b28e03bbbe19a5292395afe", + "rev": "f526dfe586195f56ba215201f42d05beb965136d", "type": "github" }, "original": { @@ -2111,11 +1943,11 @@ ] }, "locked": { - "lastModified": 1682823324, - "narHash": "sha256-KNu3OAqVyoKwnDP+gqptjQYCnZXxEwXccR89c0r1/8k=", + "lastModified": 1684637723, + "narHash": "sha256-0vAxL7MVMhGbTkAyvzLvleELHjVsaS43p+PR1h9gzNQ=", "owner": "Mic92", "repo": "sops-nix", - "rev": "4f308f76633f81253a12b80e7b05b80d325005b2", + "rev": "4ccdfb573f323a108a44c13bb7730e42baf962a9", "type": "github" }, "original": { @@ -2173,11 +2005,11 @@ "tomlplusplus_2": { "flake": false, "locked": { - "lastModified": 1680550638, - "narHash": "sha256-CEa4cIjFMA1VQg1iZ5cWGy9yzakDjzm01Xn7Z1MKQCo=", + "lastModified": 1684400576, + "narHash": "sha256-oKTRQh2YGkDz9N/y7AWSBjXqoG3QKtlu5e9jljKfUQY=", "owner": "marzer", "repo": "tomlplusplus", - "rev": "ad55bae8a11a6eee39e2292b01e95b529b105767", + "rev": "e6d1958f923c16ee2b12510c16d7265d1e2e0d8e", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index af85e003..88081dc1 100644 --- a/flake.nix +++ b/flake.nix @@ -83,13 +83,10 @@ rec { }; nixos-config-for-netboot.url = "github:DarkKirb/nixos-config/c9c3d16b23042a25f504a6d71e7075318f1137f8"; nixos-hardware.url = "github:NixOS/nixos-hardware"; - nixpkgs.url = "github:NixOS/nixpkgs"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs-for-crane.url = "github:NixOS/nixpkgs/3ae365afb80773c3bb67e52294a82e329a9e5be0"; nixpkgs-noto-variable.url = "github:NixOS/nixpkgs/1988f9a17fc1c2ab11f5817adf34a4eb8d06454d"; nur.url = "github:nix-community/NUR"; - prismlauncher = { - url = "github:PrismLauncher/PrismLauncher/45b0367d14f38d40af5cc8603f7daab05d83af5f"; - }; rust-overlay = { url = "github:oxalica/rust-overlay"; inputs.flake-utils.follows = "flake-utils"; @@ -173,9 +170,6 @@ rec { ({pkgs, ...}: { nixpkgs.overlays = [ nur.overlay - (self: super: { - inherit (args.prismlauncher.packages.${system}) prismlauncher; - }) ]; home-manager.extraSpecialArgs = args // {inherit system;}; }) diff --git a/modules/kubo.nix b/modules/kubo.nix new file mode 100644 index 00000000..a91f9fbe --- /dev/null +++ b/modules/kubo.nix @@ -0,0 +1,434 @@ +{ + config, + lib, + pkgs, + utils, + ... +}: +with lib; let + cfg = config.services.kubo; + + settingsFormat = pkgs.formats.json {}; + + rawDefaultConfig = lib.importJSON (pkgs.runCommand "kubo-default-config" { + nativeBuildInputs = [cfg.package]; + } '' + export IPFS_PATH="$TMPDIR" + ipfs init --empty-repo --profile=${profile} + ipfs --offline config show > "$out" + ''); + + # Remove the PeerID (an attribute of "Identity") of the temporary Kubo repo. + # The "Pinning" section contains the "RemoteServices" section, which would prevent + # the daemon from starting as that setting can't be changed via ipfs config replace. + defaultConfig = builtins.removeAttrs rawDefaultConfig ["Identity" "Pinning"]; + + customizedConfig = lib.recursiveUpdate defaultConfig cfg.settings; + + configFile = settingsFormat.generate "kubo-config.json" customizedConfig; + + # Create a fake repo containing only the file "api". + # $IPFS_PATH will point to this directory instead of the real one. + # For some reason the Kubo CLI tools insist on reading the + # config file when it exists. But the Kubo daemon sets the file + # permissions such that only the ipfs user is allowed to read + # this file. This prevents normal users from talking to the daemon. + # To work around this terrible design, create a fake repo with no + # config file, only an api file and everything should work as expected. + fakeKuboRepo = pkgs.writeTextDir "api" '' + /unix/run/ipfs.sock + ''; + + kuboFlags = utils.escapeSystemdExecArgs ( + optional cfg.autoMount "--mount" + ++ optional cfg.enableGC "--enable-gc" + ++ optional (cfg.serviceFdlimit != null) "--manage-fdlimit=false" + ++ optional (cfg.defaultMode == "offline") "--offline" + ++ optional (cfg.defaultMode == "norouting") "--routing=none" + ++ cfg.extraFlags + ); + + profile = + if cfg.localDiscovery + then "local-discovery" + else "server"; + + splitMulitaddr = addrRaw: lib.tail (lib.splitString "/" addrRaw); + + multiaddrsToListenStreams = addrIn: let + addrs = + if builtins.typeOf addrIn == "list" + then addrIn + else [addrIn]; + unfilteredResult = map multiaddrToListenStream addrs; + in + builtins.filter (addr: addr != null) unfilteredResult; + + multiaddrsToListenDatagrams = addrIn: let + addrs = + if builtins.typeOf addrIn == "list" + then addrIn + else [addrIn]; + unfilteredResult = map multiaddrToListenDatagram addrs; + in + builtins.filter (addr: addr != null) unfilteredResult; + + multiaddrToListenStream = addrRaw: let + addr = splitMulitaddr addrRaw; + s = builtins.elemAt addr; + in + if s 0 == "ip4" && s 2 == "tcp" + then "${s 1}:${s 3}" + else if s 0 == "ip6" && s 2 == "tcp" + then "[${s 1}]:${s 3}" + else if s 0 == "unix" + then "/${lib.concatStringsSep "/" (lib.tail addr)}" + else null; # not valid for listen stream, skip + + multiaddrToListenDatagram = addrRaw: let + addr = splitMulitaddr addrRaw; + s = builtins.elemAt addr; + in + if s 0 == "ip4" && s 2 == "udp" + then "${s 1}:${s 3}" + else if s 0 == "ip6" && s 2 == "udp" + then "[${s 1}]:${s 3}" + else null; # not valid for listen datagram, skip +in { + ###### interface + + options = { + services.kubo = { + enable = mkEnableOption (lib.mdDoc "Interplanetary File System (WARNING: may cause severe network degradation)"); + + package = mkOption { + type = types.package; + default = pkgs.kubo; + defaultText = literalExpression "pkgs.kubo"; + description = lib.mdDoc "Which Kubo package to use."; + }; + + user = mkOption { + type = types.str; + default = "ipfs"; + description = lib.mdDoc "User under which the Kubo daemon runs"; + }; + + group = mkOption { + type = types.str; + default = "ipfs"; + description = lib.mdDoc "Group under which the Kubo daemon runs"; + }; + + dataDir = mkOption { + type = types.str; + default = + if versionAtLeast config.system.stateVersion "17.09" + then "/var/lib/ipfs" + else "/var/lib/ipfs/.ipfs"; + defaultText = literalExpression '' + if versionAtLeast config.system.stateVersion "17.09" + then "/var/lib/ipfs" + else "/var/lib/ipfs/.ipfs" + ''; + description = lib.mdDoc "The data dir for Kubo"; + }; + + defaultMode = mkOption { + type = types.enum ["online" "offline" "norouting"]; + default = "online"; + description = lib.mdDoc "systemd service that is enabled by default"; + }; + + autoMount = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc "Whether Kubo should try to mount /ipfs and /ipns at startup."; + }; + + autoMigrate = mkOption { + type = types.bool; + default = true; + description = lib.mdDoc "Whether Kubo should try to run the fs-repo-migration at startup."; + }; + + ipfsMountDir = mkOption { + type = types.str; + default = "/ipfs"; + description = lib.mdDoc "Where to mount the IPFS namespace to"; + }; + + ipnsMountDir = mkOption { + type = types.str; + default = "/ipns"; + description = lib.mdDoc "Where to mount the IPNS namespace to"; + }; + + enableGC = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc "Whether to enable automatic garbage collection"; + }; + + emptyRepo = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc "If set to true, the repo won't be initialized with help files"; + }; + + settings = mkOption { + type = lib.types.submodule { + freeformType = settingsFormat.type; + + options = { + Addresses.API = mkOption { + type = types.oneOf [types.str (types.listOf types.str)]; + default = []; + description = lib.mdDoc '' + Multiaddr or array of multiaddrs describing the address to serve the local HTTP API on. + In addition to the multiaddrs listed here, the daemon will also listen on a Unix domain socket. + To allow the ipfs CLI tools to communicate with the daemon over that socket, + add your user to the correct group, e.g. `users.users.alice.extraGroups = [ config.services.kubo.group ];` + ''; + }; + + Addresses.Gateway = mkOption { + type = types.oneOf [types.str (types.listOf types.str)]; + default = "/ip4/127.0.0.1/tcp/8080"; + description = lib.mdDoc "Where the IPFS Gateway can be reached"; + }; + + Addresses.Swarm = mkOption { + type = types.listOf types.str; + default = [ + "/ip4/0.0.0.0/tcp/4001" + "/ip6/::/tcp/4001" + "/ip4/0.0.0.0/udp/4001/quic" + "/ip4/0.0.0.0/udp/4001/quic-v1" + "/ip4/0.0.0.0/udp/4001/quic-v1/webtransport" + "/ip6/::/udp/4001/quic" + "/ip6/::/udp/4001/quic-v1" + "/ip6/::/udp/4001/quic-v1/webtransport" + ]; + description = lib.mdDoc "Where Kubo listens for incoming p2p connections"; + }; + }; + }; + description = lib.mdDoc '' + Attrset of daemon configuration. + See [https://github.com/ipfs/kubo/blob/master/docs/config.md](https://github.com/ipfs/kubo/blob/master/docs/config.md) for reference. + You can't set `Identity` or `Pinning`. + ''; + default = {}; + example = { + Datastore.StorageMax = "100GB"; + Discovery.MDNS.Enabled = false; + Bootstrap = [ + "/ip4/128.199.219.111/tcp/4001/ipfs/QmSoLSafTMBsPKadTEgaXctDQVcqN88CNLHXMkTNwMKPnu" + "/ip4/162.243.248.213/tcp/4001/ipfs/QmSoLueR4xBeUbY9WZ9xGUUxunbKWcrNFTDAadQJmocnWm" + ]; + Swarm.AddrFilters = null; + }; + }; + + extraFlags = mkOption { + type = types.listOf types.str; + description = lib.mdDoc "Extra flags passed to the Kubo daemon"; + default = []; + }; + + localDiscovery = mkOption { + type = types.bool; + description = lib.mdDoc '' Whether to enable local discovery for the Kubo daemon. + This will allow Kubo to scan ports on your local network. Some hosting services will ban you if you do this. + ''; + default = false; + }; + + serviceFdlimit = mkOption { + type = types.nullOr types.int; + default = null; + description = lib.mdDoc "The fdlimit for the Kubo systemd unit or `null` to have the daemon attempt to manage it"; + example = 64 * 1024; + }; + + startWhenNeeded = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc "Whether to use socket activation to start Kubo when needed."; + }; + }; + }; + + ###### implementation + + disabledModules = ["services/network-filesystems/kubo.nix"]; + config = mkIf cfg.enable { + assertions = [ + { + assertion = !builtins.hasAttr "Identity" cfg.settings; + message = '' + You can't set services.kubo.settings.Identity because the ``config replace`` subcommand used at startup does not support modifying any of the Identity settings. + ''; + } + { + assertion = !((builtins.hasAttr "Pinning" cfg.settings) && (builtins.hasAttr "RemoteServices" cfg.settings.Pinning)); + message = '' + You can't set services.kubo.settings.Pinning.RemoteServices because the ``config replace`` subcommand used at startup does not work with it. + ''; + } + ]; + + environment.systemPackages = [cfg.package]; + environment.variables.IPFS_PATH = fakeKuboRepo; + + # https://github.com/lucas-clemente/quic-go/wiki/UDP-Receive-Buffer-Size + boot.kernel.sysctl."net.core.rmem_max" = mkDefault 2500000; + + programs.fuse = mkIf cfg.autoMount { + userAllowOther = true; + }; + + users.users = mkIf (cfg.user == "ipfs") { + ipfs = { + group = cfg.group; + home = cfg.dataDir; + createHome = false; + uid = config.ids.uids.ipfs; + description = "IPFS daemon user"; + packages = [ + pkgs.kubo-migrator + ]; + }; + }; + + users.groups = mkIf (cfg.group == "ipfs") { + ipfs.gid = config.ids.gids.ipfs; + }; + + systemd.tmpfiles.rules = + [ + "d '${cfg.dataDir}' - ${cfg.user} ${cfg.group} - -" + ] + ++ optionals cfg.autoMount [ + "d '${cfg.ipfsMountDir}' - ${cfg.user} ${cfg.group} - -" + "d '${cfg.ipnsMountDir}' - ${cfg.user} ${cfg.group} - -" + ]; + + # The hardened systemd unit breaks the fuse-mount function according to documentation in the unit file itself + systemd.packages = + if cfg.autoMount + then [cfg.package.systemd_unit] + else [cfg.package.systemd_unit_hardened]; + + services.kubo.settings = mkIf cfg.autoMount { + Mounts.FuseAllowOther = lib.mkDefault true; + Mounts.IPFS = lib.mkDefault cfg.ipfsMountDir; + Mounts.IPNS = lib.mkDefault cfg.ipnsMountDir; + }; + + systemd.services.ipfs = + { + path = ["/run/wrappers" cfg.package]; + environment.IPFS_PATH = cfg.dataDir; + + preStart = + '' + if [[ ! -f "$IPFS_PATH/config" ]]; then + ipfs init ${optionalString cfg.emptyRepo "-e"} + else + # After an unclean shutdown this file may exist which will cause the config command to attempt to talk to the daemon. This will hang forever if systemd is holding our sockets open. + rm -vf "$IPFS_PATH/api" + '' + + optionalString cfg.autoMigrate '' + ${pkgs.kubo-migrator}/bin/fs-repo-migrations -to '${cfg.package.repoVersion}' -y + '' + + '' + fi + ipfs --offline config show | + ${pkgs.jq}/bin/jq -s '.[0].Pinning as $Pinning | .[0].Identity as $Identity | .[1] + {$Identity,$Pinning}' - '${configFile}' | + ${pkgs.jq}/bin/jq ".Datastore.Spec.mounts[0].child.accessGrant = \"$(cat ${config.sops.secrets."services/ipfs/access_grant".path})\"" | + + # This command automatically injects the private key and other secrets from + # the old config file back into the new config file. + # Unfortunately, it doesn't keep the original `Identity.PeerID`, + # so we need `ipfs config show` and jq above. + # See https://github.com/ipfs/kubo/issues/8993 for progress on fixing this problem. + # Kubo also wants a specific version of the original "Pinning.RemoteServices" + # section (redacted by `ipfs config show`), such that that section doesn't + # change when the changes are applied. Whyyyyyy..... + ipfs --offline config replace - + ''; + postStop = mkIf cfg.autoMount '' + # After an unclean shutdown the fuse mounts at cfg.ipnsMountDir and cfg.ipfsMountDir are locked + umount --quiet '${cfg.ipnsMountDir}' '${cfg.ipfsMountDir}' || true + ''; + serviceConfig = + { + ExecStart = ["" "${cfg.package}/bin/ipfs daemon ${kuboFlags}"]; + User = cfg.user; + Group = cfg.group; + StateDirectory = ""; + ReadWritePaths = optionals (!cfg.autoMount) ["" cfg.dataDir]; + } + // optionalAttrs (cfg.serviceFdlimit != null) {LimitNOFILE = cfg.serviceFdlimit;}; + } + // optionalAttrs (!cfg.startWhenNeeded) { + wantedBy = ["default.target"]; + }; + + systemd.sockets.ipfs-gateway = { + wantedBy = ["sockets.target"]; + socketConfig = { + ListenStream = + [""] ++ (multiaddrsToListenStreams cfg.settings.Addresses.Gateway); + ListenDatagram = + [""] ++ (multiaddrsToListenDatagrams cfg.settings.Addresses.Gateway); + }; + }; + + systemd.sockets.ipfs-api = { + wantedBy = ["sockets.target"]; + socketConfig = { + # We also include "%t/ipfs.sock" because there is no way to put the "%t" + # in the multiaddr. + ListenStream = + ["" "%t/ipfs.sock"] ++ (multiaddrsToListenStreams cfg.settings.Addresses.API); + SocketMode = "0660"; + SocketUser = cfg.user; + SocketGroup = cfg.group; + }; + }; + }; + + meta = { + maintainers = with lib.maintainers; [Luflosi]; + }; + + imports = [ + (mkRenamedOptionModule ["services" "ipfs" "enable"] ["services" "kubo" "enable"]) + (mkRenamedOptionModule ["services" "ipfs" "package"] ["services" "kubo" "package"]) + (mkRenamedOptionModule ["services" "ipfs" "user"] ["services" "kubo" "user"]) + (mkRenamedOptionModule ["services" "ipfs" "group"] ["services" "kubo" "group"]) + (mkRenamedOptionModule ["services" "ipfs" "dataDir"] ["services" "kubo" "dataDir"]) + (mkRenamedOptionModule ["services" "ipfs" "defaultMode"] ["services" "kubo" "defaultMode"]) + (mkRenamedOptionModule ["services" "ipfs" "autoMount"] ["services" "kubo" "autoMount"]) + (mkRenamedOptionModule ["services" "ipfs" "autoMigrate"] ["services" "kubo" "autoMigrate"]) + (mkRenamedOptionModule ["services" "ipfs" "ipfsMountDir"] ["services" "kubo" "ipfsMountDir"]) + (mkRenamedOptionModule ["services" "ipfs" "ipnsMountDir"] ["services" "kubo" "ipnsMountDir"]) + (mkRenamedOptionModule ["services" "ipfs" "gatewayAddress"] ["services" "kubo" "settings" "Addresses" "Gateway"]) + (mkRenamedOptionModule ["services" "ipfs" "apiAddress"] ["services" "kubo" "settings" "Addresses" "API"]) + (mkRenamedOptionModule ["services" "ipfs" "swarmAddress"] ["services" "kubo" "settings" "Addresses" "Swarm"]) + (mkRenamedOptionModule ["services" "ipfs" "enableGC"] ["services" "kubo" "enableGC"]) + (mkRenamedOptionModule ["services" "ipfs" "emptyRepo"] ["services" "kubo" "emptyRepo"]) + (mkRenamedOptionModule ["services" "ipfs" "extraConfig"] ["services" "kubo" "settings"]) + (mkRenamedOptionModule ["services" "ipfs" "extraFlags"] ["services" "kubo" "extraFlags"]) + (mkRenamedOptionModule ["services" "ipfs" "localDiscovery"] ["services" "kubo" "localDiscovery"]) + (mkRenamedOptionModule ["services" "ipfs" "serviceFdlimit"] ["services" "kubo" "serviceFdlimit"]) + (mkRenamedOptionModule ["services" "ipfs" "startWhenNeeded"] ["services" "kubo" "startWhenNeeded"]) + (mkRenamedOptionModule ["services" "kubo" "extraConfig"] ["services" "kubo" "settings"]) + (mkRenamedOptionModule ["services" "kubo" "gatewayAddress"] ["services" "kubo" "settings" "Addresses" "Gateway"]) + (mkRenamedOptionModule ["services" "kubo" "apiAddress"] ["services" "kubo" "settings" "Addresses" "API"]) + (mkRenamedOptionModule ["services" "kubo" "swarmAddress"] ["services" "kubo" "settings" "Addresses" "Swarm"]) + ]; +} diff --git a/overlays/default.nix b/overlays/default.nix index dc3c4373..3ff48420 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -60,4 +60,9 @@ in checkPhase = ""; installCheckPhase = ""; }); + nodejs-16_x = prev.nodejs-18_x; + neomutt = prev.neomutt.overrideAttrs (super: { + doCheck = false; + doInstallCheck = false; + }); } diff --git a/packages/minecraft/vault.nix b/packages/minecraft/vault.nix index 669a37b9..8894a274 100644 --- a/packages/minecraft/vault.nix +++ b/packages/minecraft/vault.nix @@ -33,7 +33,7 @@ dontFixup = true; outputHashAlgo = "sha256"; outputHashMode = "recursive"; - outputHash = "sha256-vH/bnae6EmbGbgYDzMs1wKyLpFJqE+vNbukYmzrLmW8="; + outputHash = "sha256-KKw9bJ7CefWM2SbnAVy1IhBZ5PU0cgaqVdNH2ooQkSc="; }; in stdenv.mkDerivation { diff --git a/secrets/instance-20221213-1915.yaml b/secrets/instance-20221213-1915.yaml index 9cc2c5c0..6f0383c1 100644 --- a/secrets/instance-20221213-1915.yaml +++ b/secrets/instance-20221213-1915.yaml @@ -8,6 +8,8 @@ security: restic: password: ENC[AES256_GCM,data:80XNExfwBIG3aVNQBc8T2fdN9oA=,iv:JM/HU7vhx28VA9EppxpFc3xRVcAt+kp3JwTuHmFpL78=,tag:pC73+XCsFGTdA+MbTihD7Q==,type:str] services: + ipfs: + access_grant: ENC[AES256_GCM,data:WFWKgRf4VG0fViy9hSvRclwxQxICoV94eOpaVjGv6HJ/SeHLF2FaXG9PPNvU35JsNrWQhovYK33QPqE9IV6rgoo7xtH7FYlr91YYJ6a/x4SQnkIu5aUYIpsTk+I97T/5gfLJZK2Sr05lrnCBth5F2eu+ITILt8AUizrqLLW+KWpeCkzz6G8pJGwnOqp/CIDkTCybgnzM0piF4F0lVukAjnrUhYGR3szi8zpy6ZSQHFvXgz37DfEaTgcJlt/tx/xozkSor+KweXHDA71d1nugQ1p7DhLdP4rpm7PrdfZmwc56p2OkK15jdDPeOTBpOWvFt+wdPKR4PMfwYFHO5adE8ZNkdBafICtrdEV552qkTZ4LDYqY9qCi0tKU3TbuArxKoMPshoiaeqEuP2itPsZonqYVv9CXeOLSlA==,iv:NU4rJgOTg6SPOCiYvOqQH0w9i3aJR8IvfNcm+eykoVI=,tag:/LRTOtGRd/Y9QJlK0X1jvA==,type:str] attic: ENC[AES256_GCM,data:piBIi+r/WKVnGwl00q1lZjdyQz2PqFGrM8xTxf5/0MOv4UTJjw9I/9HdQAKgMH7okiAh94BTyGCM4EzwiHRbErQoQC9OihIgUkvQW6/SzIeSgSw3n8oBe7UKiXIedsjzLoPNjH1gDg8lLDgg5Iq389+AY+qPFfmF61tpcG35bkvKd1XWUL/elTMff+yILndu9fvcmmkDk4IGSdzB2fVcB+1k6JOWiL5Mo42RF2dUu7cvbnrsh/MpC0nzMrkQUBENfhPPuEjMGZ2ZwSqbW2B6FfZI9uCtdmRpXhwytzHBgwxetbKKe61a+mPTjSyItG/bqoSw4v+O8T8UBy2y/aAmZjvw+fhl+sb+ro90sOZMzY9jNVenZqVvTyZk12gD/ljpzRbGpIxE9l0WdLLlB9aNIaRa3EGbe9oNpGg4p6I+kEe4mx1+qhUpNgrCpv1jUORyfbKGNrPp//NiO3C7nrm//5D2U+Y4vg4Xc80RHsHTrHuKdpk=,iv:SoK0B7bf8TiFXCPTWYr2G1+XoFzFIIJzruwXfOjCsxg=,tag:bxsUXluNqqcuOixOz6cSjA==,type:str] ssh: host-key: ENC[AES256_GCM,data:oiy1thPKRVgH0XltFQCKwGMdLZde8zp1Ag1dL/el/2jXp1be1Evtr+kkZv56nhlaJ6KpYi5VsfrfpFVnKUkcYGUMmqVf2lFDu2fPcWB+PW7nol9K+sVRhHgTPP1wz385o5bof4OnbMF9sUbV0PT/pd4yAvluKq9s2vBBb2GEZ+HDBwkurmgVrFqUb66AvCdncXTpK47qpWZQMDTMGKqv5d1hJOoCCIulX3iJ4ko2xDD7qRlFtcdLNFLw3q4R6eP+L0OqoQs8dnjpIQOLVItzHTHTTcQRVoFvD7OMYSyU5RIIxTIOoS9tWzQu/QpHpO4cgjQ/GX09uj+a6/Cy8Itavd88YeSoYEPGwBYEciYLakFpNQ8aFl0yEsEMdZbfHgOUAOlbv28Mv93+RFMs5HrdIup/lZr5PsCBSsrMVkwJNVQKTxbN34LCTGOeCkuzohAwmwEVB/Ysuh23WyFKcdkGWAwlnVvgaNT5/TsNTCCI8Hf6fJecD4imWrJAtlXG7o+mnE+f0LlixxsnMgSnlkX4,iv:mnW23zPiSDoluMjQJEUFHDkVO6IT/4+RgAlaKuie3Qw=,tag:F+KOH/MkjrF1wYCR9OzFkQ==,type:str] @@ -47,8 +49,8 @@ sops: bVJUcDZLWTk3MiszOWp4enRRQmNsajQKF8QJs/Wb0SqnvsQEkRKlS1Ms9xLIdyvZ QCFAPclaOfaTLTiRJWXjDneBkMBduYKkRPiXCR+Bn7i4z8ixLXFmWw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-04-18T18:46:10Z" - mac: ENC[AES256_GCM,data:zhJ4n36vDz+Irjex39KewguKqqbFkQv4z2f8dcJume7+pLjyVvNNPQG/NQl5FhM3xBpRKN/pLIJixGbm5wn3wRY3AlddxAzoU2rTj7ReePMBy7U217ogGFdWrT+ZLZnsWZSKsysCrI7X0uMzFG7LclLe0qkBKhobENHtqCA4Fbo=,iv:9PVUowtactn5wUsiKyu7nwjaRMM+PpUdZoqGvzW/5is=,tag:r5y9IbFMzDjwUgePfH4LDQ==,type:str] + lastmodified: "2023-05-21T15:38:32Z" + mac: ENC[AES256_GCM,data:X1SWQqjJg7sVFr/za6YOPvtCNaPBKy6ZOsHTLQjA+zJlMgddpoyw2z4YvREEo2XIIVpVBR4O3LmilgyATD1I3fliaqLb7YAQUmjWbKLro1AWKT2qMV8N6PRN5EkneBMREB8SQfIdsBjKuX4SEMnvidVuVJ38NFhL+7ir9/pkKhA=,iv:Zg28rBroY9NNFwzEHJfkm67jTeaVG0sPZzg5H5oDK1Q=,tag:9j57KLJ0Zpjpdgz8BYvbxA==,type:str] pgp: - created_at: "2022-12-14T15:34:13Z" enc: | diff --git a/secrets/nixos-8gb-fsn1-1.yaml b/secrets/nixos-8gb-fsn1-1.yaml index 7e5eab53..354a3827 100644 --- a/secrets/nixos-8gb-fsn1-1.yaml +++ b/secrets/nixos-8gb-fsn1-1.yaml @@ -87,8 +87,8 @@ sops: UDRmejBFNTVxeTF6aVFta09OS25uNXcKizOsV9EUukinCAwvpZVrk9x0aXTKQckd gGfdCEU0HZXhZg+ikDFzy52+vPo8+gInjscXiXr/gGn6dJoctLqQXA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-03-25T19:34:07Z" - mac: ENC[AES256_GCM,data:LygAZldFTh49Oj/uZ85cuyis/ctE4octX1dNYAdEdQjfFzRBAN9K5HdWby1NVigBaTiqkmTXNv6ohCpEhkDp6C9dAfZenqDu/s2iR6aGdwQT0uscfI9p6u19yNCVZDo6vpGRO5a7oQuyeasG30HlEHko8AEXIioqPcY3FrjV0W4=,iv:9TAIeHizW1TFGdNXbvbQ8eRJ+uHcsC8CLTsvtpyHOtk=,tag:901jQ7YEp1bLUhaA0zaO3g==,type:str] + lastmodified: "2023-05-21T15:38:17Z" + mac: ENC[AES256_GCM,data:VaHp7F++bzk6inHOZLXQ0rqZ8BESf2uSspKV/IjJDPl+R5rwzmILfXNnscJenHXmtsouRUGoNLo3u+4DH95Ow/WdHiR76vMv4z6pCLQBrLwYg0UQi8w6WqksTSf33AnCow8A1p12AKG3hFzKMijR7G7TivQJSTMsXTy+1/fOtPY=,iv:WWLvVPpZTNP9twcOnNl974UMPkObzNYqM4cfBEQZldk=,tag:9q+PcIf1TMTq9OdG45F/pA==,type:str] pgp: - created_at: "2023-02-18T08:54:32Z" enc: | diff --git a/zones/chir.rs.nix b/zones/chir.rs.nix index 2108e789..5053ef47 100644 --- a/zones/chir.rs.nix +++ b/zones/chir.rs.nix @@ -144,7 +144,7 @@ with dns.lib.combinators; let SOA = { nameServer = "ns1.chir.rs."; adminEmail = "lotte@chir.rs"; - serial = 30; + serial = 32; }; NS = [ "ns1.chir.rs." @@ -247,6 +247,8 @@ with dns.lib.combinators; let attic.CNAME = ["attic-chir-rs.b-cdn.net."]; cloud = createZone oracleBase; lotte = createZone {}; + ipfs-nocdn = createZone oracleBase; + ipfs.CNAME = ["ipfs-chir-rs.b-cdn.net."]; int = delegateTo [