From: Preston Pan Date: Sat, 13 Sep 2025 02:32:06 +0000 (-0700) Subject: update before new lock file, working on VPS X-Git-Url: https://ret2pop.net/gitweb/%22./%22https:/polyfill.io/static/git-logo.png?a=commitdiff_plain;h=cae70df061d9fc4f33a2da66a21c86eb3eb1fa3b;p=monorepo.git update before new lock file, working on VPS --- diff --git a/.env b/.env index aef133e..589055a 100644 --- a/.env +++ b/.env @@ -1,3 +1,4 @@ OPENAI_API_KEY=nothing OPENAI_BASE_URL="http://localhost:11434/v1" -OPENAI_MODEL=qwen3-coder-noloop:latest +OPENAI_MODEL=renchris/qwen3-coder:30b-gguf-unsloth +TAVILY_API_KEY=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 diff --git a/.gitignore b/.gitignore index b836c13..dff3927 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ ./website/** -nix/result \ No newline at end of file +nix/result +.env diff --git a/QWEN.md b/QWEN.md new file mode 100644 index 0000000..08c0605 --- /dev/null +++ b/QWEN.md @@ -0,0 +1,6 @@ +* Git Branch +The main branch for this repo is `main`. +* Updating +When testing if the NixOS configuration builds, test with command `eval ` +* Project +This project mainly deals with nix files and elisp. Otherwise it is emacs org mode. diff --git a/config/emacs.el b/config/emacs.el index 8cb788e..7aa4517 100644 --- a/config/emacs.el +++ b/config/emacs.el @@ -187,6 +187,18 @@ :config (lyrics-fetcher-use-backend 'genius)) +(defun insert-urandom-password (&optional length) + (interactive "P") + (let ((length (or length 32)) + (chars "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*()-_=+[]{};:,.<>?")) + (insert + (with-temp-buffer + (call-process "head" nil t nil "-c" (number-to-string length) "/dev/urandom") + (let ((bytes (buffer-string))) + (mapconcat (lambda (c) + (string (elt chars (mod (string-to-char (char-to-string c)) (length chars))))) + bytes "")))))) + (use-package org-fragtog :hook (org-mode . org-fragtog-mode)) (use-package yasnippet @@ -415,12 +427,12 @@ ;; Programming Projects "." '(counsel-find-file :wk "find file") - "p I" '(projectile-add-known-project :wk "Add to project list") + "p a" '(projectile-add-known-project :wk "Add to project list") "N f" '(nix-flake :wk "nix flake menu") "f" '(:ignore t :wk "file operations") "f p" '(projectile-switch-project :wk "find project to switch to") - "f f" '(projectile-find-file :wk "find file in project") + "f f" '(counsel-fzf :wk "find file in project") "f s" '(counsel-rg :wk "find string in project") "y n s" '(yas-new-snippet :wk "Create new snippet") @@ -468,6 +480,7 @@ "h m" '(woman :wk "Manual") "h i" '(info :wk "Info") + "s i p" '(insert-urandom-password :wk "insert random password to buffer (for sops)") "u w" '((lambda () (interactive) (shell-command "rsync -azvP ~/website_html/ root@nullring.xyz:/usr/share/nginx/ret2pop/")) :wk "rsync website update") "h r r" '(lambda () (interactive) (org-babel-load-file (expand-file-name "~/monorepo/config/emacs.org"))))) @@ -631,3 +644,8 @@ (add-to-list 'emms-info-functions 'emms-info-mpd) (add-to-list 'emms-player-list 'emms-player-mpd) :config (emms-player-mpd-connect)) + +(use-package lean4-mode + :commands lean4-mode + :vc (:url "https://github.com/leanprover-community/lean4-mode.git" + :rev "76895d8939111654a472cfc617cfd43fbf5f1eb6")) diff --git a/config/emacs.org b/config/emacs.org index 609873f..c4bb4d9 100644 --- a/config/emacs.org +++ b/config/emacs.org @@ -234,6 +234,21 @@ This currently doesn't work I'm pretty sure, but it's supposed to fetch lyrics f :config (lyrics-fetcher-use-backend 'genius)) #+end_src +* Passwords +This is a function that inserts a random password into the buffer. I use this to manage sops-nix. +#+begin_src emacs-lisp + (defun insert-urandom-password (&optional length) + (interactive "P") + (let ((length (or length 32)) + (chars "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*()-_=+[]{};:,.<>?")) + (insert + (with-temp-buffer + (call-process "head" nil t nil "-c" (number-to-string length) "/dev/urandom") + (let ((bytes (buffer-string))) + (mapconcat (lambda (c) + (string (elt chars (mod (string-to-char (char-to-string c)) (length chars))))) + bytes "")))))) +#+end_src * Fragtog This package is used to generate previews automatically when your cursor hovers over a latex snippet. @@ -521,12 +536,12 @@ emacs keybindings. ;; Programming Projects "." '(counsel-find-file :wk "find file") - "p I" '(projectile-add-known-project :wk "Add to project list") + "p a" '(projectile-add-known-project :wk "Add to project list") "N f" '(nix-flake :wk "nix flake menu") "f" '(:ignore t :wk "file operations") "f p" '(projectile-switch-project :wk "find project to switch to") - "f f" '(projectile-find-file :wk "find file in project") + "f f" '(counsel-fzf :wk "find file in project") "f s" '(counsel-rg :wk "find string in project") "y n s" '(yas-new-snippet :wk "Create new snippet") @@ -574,6 +589,7 @@ emacs keybindings. "h m" '(woman :wk "Manual") "h i" '(info :wk "Info") + "s i p" '(insert-urandom-password :wk "insert random password to buffer (for sops)") "u w" '((lambda () (interactive) (shell-command "rsync -azvP ~/website_html/ root@nullring.xyz:/usr/share/nginx/ret2pop/")) :wk "rsync website update") "h r r" '(lambda () (interactive) (org-babel-load-file (expand-file-name "~/monorepo/config/emacs.org"))))) @@ -775,3 +791,14 @@ Set up emms in order to play music from my music directory: (add-to-list 'emms-player-list 'emms-player-mpd) :config (emms-player-mpd-connect)) #+end_src +* Unpinned +** Lean4 +For some reason, lean4-mode is not in MELPA currently so I have to do this ugly thing: +#+begin_src emacs-lisp + (use-package lean4-mode + :commands lean4-mode + :vc (:url "https://github.com/leanprover-community/lean4-mode.git" + :rev "76895d8939111654a472cfc617cfd43fbf5f1eb6")) +#+end_src +and actually pull something from the internet instead of pinning. Thankfully this reproduction issue is probably localized to lean files. Also, +we're pulling a specific commit so it is still pinned. diff --git a/config/nix.org b/config/nix.org index c19fa15..117ad20 100644 --- a/config/nix.org +++ b/config/nix.org @@ -258,6 +258,13 @@ largely self-documenting. description = "device that NixOS is installed to"; }; + fileSystem = lib.mkOption { + type = lib.types.str; + default = "ext4"; + example = "btrfs"; + description = "filesystem to install with disko"; + }; + diskoSpec = lib.mkOption { type = lib.types.attrs; description = "retains a copy of the disko spec for reflection"; @@ -409,7 +416,6 @@ In order to run docker containers, I need this file: virtualisation.docker.enable = true; } #+end_src - ** Pipewire My low latency pipewire configuration is used for music production, as well as for regular desktop usage. Pipewire is much better than pulseaudio because it supports jack with the same @@ -511,7 +517,7 @@ distribution soon, and I'm waiting on that. }; } #+end_src -** Murmur +** TODO Murmur #+begin_src nix :tangle ../nix/modules/murmur.nix { lib, config, ... }: { @@ -528,7 +534,7 @@ distribution soon, and I'm waiting on that. }; } #+end_src -** i2pd +** TODO i2pd I use i2p for some p2p connections. We enable it with the server profile: #+begin_src nix :tangle ../nix/modules/i2pd.nix { config, lib, ... }: @@ -543,7 +549,7 @@ I use i2p for some p2p connections. We enable it with the server profile: }; } #+end_src -** Icecast +** TODO Icecast This is an internet radio which will host a ton of music. #+begin_src nix :tangle ../nix/modules/icecast.nix { lib, config, ... }: @@ -632,8 +638,6 @@ for users: Method = sha256 Hash = d4abdd69aa24de69693885c5bd83a4a0e9ee989e1a69a905041b0dad9abc06ea Salt = sDY,?H5AxC-!gH3a.:)D - Hash = ${config.sops.secrets.znc_password_hash} - Salt = ${config.sops.secrets.znc_password_salt} ''; modules = [ @@ -672,7 +676,7 @@ still federating and hosting the same protocol. ]; address = "0.0.0.0"; port = 6167; - allow_registration = true; + allow_registration = false; }; }; } @@ -864,14 +868,15 @@ world. This was the easiest frontend to set up on NixOS. ] else []); } #+end_src -** Maddy +** TODO Maddy #+begin_src nix :tangle ../nix/modules/maddy.nix { lib, config, options, ... }: { services.maddy = { enable = lib.mkDefault config.monorepo.profiles.server.enable; openFirewall = true; - primaryDomain = "ret2pop.net"; + hostName = "${config.monorepo.vars.remoteHost}"; + primaryDomain = "mail.${config.monorepo.vars.remoteHost}"; tls = { loader = "acme"; }; @@ -882,6 +887,11 @@ world. This was the easiest frontend to set up on NixOS. "imap tls://0.0.0.0:993 tcp://0.0.0.0:143" "submission tls://0.0.0.0:465 tcp://0.0.0.0:587" ] options.services.maddy.config.default; + ensureCredentials = { + "preston@localhost" = { + passwordFile = "/secrets/preston-localhost"; + }; + }; }; } #+end_src @@ -1175,7 +1185,7 @@ because they enhance security. xdg.portal = { enable = (! config.monorepo.profiles.ttyonly.enable); - wlr.enable = true; + wlr.enable = (! config.monorepo.profiles.ttyonly.enable); extraPortals = with pkgs; if (! config.monorepo.profiles.ttyonly.enable) then [ xdg-desktop-portal-gtk xdg-desktop-portal @@ -1281,6 +1291,56 @@ because they enhance security. ** Disko This is the disko configuration for my continuity system. It features a boot and ext4 partition, with configurable disk. +*** Btrfs +#+begin_src nix :tangle ../nix/disko/btrfs-simple.nix + { lib, config, ... }: + let + spec = { + disko.devices = { + disk = { + main = { + type = "disk"; + device = config.monorepo.vars.device; + content = { + type = "gpt"; + partitions = { + ESP = { + priority = 1; + name = "ESP"; + start = "1M"; + end = "128M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + root = { + size = "100%"; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; # Override existing partition + mountpoint = "/"; + mountOptions = [ + "compress=zstd" + "noatime" + ]; + }; + }; + }; + }; + }; + }; + }; + }; + in + { + monorepo.vars.diskoSpec = spec; + disko.devices = spec.disko.devices; + } +#+end_src *** Simple This configuration is used for simple partitioning schemes with EFI. #+begin_src nix :tangle ../nix/disko/drive-simple.nix @@ -1999,30 +2059,33 @@ the timezone. My git configuration uses information set in the ~vars.nix~ in order to set configuration options. Make sure those are set correctly. I've set it to sign by default. #+begin_src nix :tangle ../nix/modules/home/git.nix -{ lib, config, ... }: -{ - programs.git = { - enable = lib.mkDefault config.monorepo.profiles.graphics.enable; - userName = config.monorepo.vars.fullName; - userEmail = config.monorepo.profiles.email.email; - signing = { - key = config.monorepo.vars.gpgKey; - signByDefault = true; - }; + { lib, config, ... }: + { + programs.git = { + enable = lib.mkDefault config.monorepo.profiles.graphics.enable; + userName = config.monorepo.vars.fullName; + userEmail = config.monorepo.profiles.email.email; + signing = { + key = config.monorepo.vars.gpgKey; + signByDefault = true; + }; - extraConfig = { - init.defaultBranch = "main"; - }; + extraConfig = { + init.defaultBranch = "main"; + }; - aliases = { - co = "checkout"; - c = "commit"; - a = "add"; - s = "switch"; - b = "branch"; + aliases = { + pl = "pull"; + ps = "push"; + co = "checkout"; + c = "commit"; + a = "add"; + st = "status"; + sw = "switch"; + b = "branch"; + }; }; - }; -} + } #+end_src *** Hyprland My compositor/window manager. This automatically starts on startup. Instructions on how @@ -2952,6 +3015,9 @@ standard. }; shellAliases = { + se = "sops edit"; + f = "vim $(fzf)"; + e = "cd $(find . -type d -print | fzf)"; c = "clear"; g = "git"; v = "vim"; @@ -3030,6 +3096,7 @@ for these configurations. mupdf zathura + fzf # passwords age sops @@ -3065,6 +3132,44 @@ for these configurations. pfetch libnotify htop + + (pkgs.writeShellScriptBin "help" + '' + #!/usr/bin/env sh + # Portable, colored, nicely aligned alias list + + # Generate uncolored alias pairs + aliases=$(cat <<'EOF' + ${let aliases = config.programs.zsh.shellAliases; + in lib.concatStringsSep "\n" (lib.mapAttrsToList (name: value: + "${name} -> ${value}" + ) aliases)} + EOF + ) + + # Align and color using awk + echo "$aliases" | awk ' + BEGIN { + GREEN="\033[0;32m"; + YELLOW="\033[0;33m"; + RESET="\033[0m"; + maxlen=0; + } + { + # Split line on " -> " + split($0, parts, / -> /); + name[NR]=parts[1]; + cmd[NR]=parts[2]; + if(length(parts[1])>maxlen) maxlen=length(parts[1]); + } + END { + for(i=1;i<=NR;i++) { + # printf with fixed width for alias name + printf "%s%-*s%s -> %s%s%s\n", GREEN, maxlen, name[i], RESET, YELLOW, cmd[i], RESET; + } + }' + '') + (writeShellScriptBin "remote-build" '' #!/bin/bash @@ -3222,14 +3327,22 @@ Spontaneity is my VPS instance. boot.loader.grub.device = "nodev"; networking = { + interfaces.ens3.ipv6.addresses = [ + { + address = "2001:19f0:5401:10d0:5400:5ff:fe4a:7794"; + prefixLength = 64; + } + ]; firewall.allowedTCPPorts = [ 80 + 143 443 465 + 587 993 - 8448 6697 6667 + 8448 ]; domains = { enable = true; @@ -3247,7 +3360,9 @@ Spontaneity is my VPS instance. "${config.monorepo.vars.remoteHost}" = {}; "matrix.${config.monorepo.vars.remoteHost}" = {}; "www.${config.monorepo.vars.remoteHost}" = {}; - "mail.${config.monorepo.vars.remoteHost}" = {}; + "mail.${config.monorepo.vars.remoteHost}" = { + mx.data = "10 mail.${config.monorepo.vars.remoteHost}."; + }; "nullring.xyz" = {}; "git.nullring.xyz" = {}; diff --git a/journal/index.org b/journal/index.org index 6183061..2c2fc6c 100644 --- a/journal/index.org +++ b/journal/index.org @@ -36,6 +36,28 @@ done #+end_src #+RESULTS: +- [[file:20250909.org][20250909.org]] +- [[file:20250908.org][20250908.org]] +- [[file:20250826.org][20250826.org]] +- [[file:20250723.org][20250723.org]] +- [[file:20250720.org][20250720.org]] +- [[file:20250703.org][20250703.org]] +- [[file:20250626.org][20250626.org]] +- [[file:20250602.org][20250602.org]] +- [[file:20250321.org][20250321.org]] +- [[file:20250317.org][20250317.org]] +- [[file:20250313.org][20250313.org]] +- [[file:20250311.org][20250311.org]] +- [[file:20250310.org][20250310.org]] +- [[file:20250308.org][20250308.org]] +- [[file:20250305.org][20250305.org]] +- [[file:20250302.org][20250302.org]] +- [[file:20250222.org][20250222.org]] +- [[file:20250220.org][20250220.org]] +- [[file:20250218.org][20250218.org]] +- [[file:20250214.org][20250214.org]] +- [[file:20250211.org][20250211.org]] +- [[file:20250203.org][20250203.org]] - [[file:20250201.org][20250201.org]] - [[file:20250123.org][20250123.org]] - [[file:20250119.org][20250119.org]] diff --git a/nix/disko/btrfs-simple.nix b/nix/disko/btrfs-simple.nix new file mode 100644 index 0000000..08fafd4 --- /dev/null +++ b/nix/disko/btrfs-simple.nix @@ -0,0 +1,47 @@ +{ lib, config, ... }: +let + spec = { + disko.devices = { + disk = { + main = { + type = "disk"; + device = config.monorepo.vars.device; + content = { + type = "gpt"; + partitions = { + ESP = { + priority = 1; + name = "ESP"; + start = "1M"; + end = "128M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + root = { + size = "100%"; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; # Override existing partition + mountpoint = "/"; + mountOptions = [ + "compress=zstd" + "noatime" + ]; + }; + }; + }; + }; + }; + }; + }; +}; +in +{ + monorepo.vars.diskoSpec = spec; + disko.devices = spec.disko.devices; +} diff --git a/nix/flake.lock b/nix/flake.lock index f90d69b..7f2b3b2 100644 --- a/nix/flake.lock +++ b/nix/flake.lock @@ -378,11 +378,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1757068644, - "narHash": "sha256-NOrUtIhTkIIumj1E/Rsv1J37Yi3xGStISEo8tZm3KW4=", + "lastModified": 1757347588, + "narHash": "sha256-tLdkkC6XnsY9EOZW9TlpesTclELy8W7lL2ClL+nma8o=", "owner": "nixos", "repo": "nixpkgs", - "rev": "8eb28adfa3dc4de28e792e3bf49fcf9007ca8ac9", + "rev": "b599843bad24621dcaa5ab60dac98f9b0eb1cabe", "type": "github" }, "original": { @@ -394,11 +394,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1757068644, - "narHash": "sha256-NOrUtIhTkIIumj1E/Rsv1J37Yi3xGStISEo8tZm3KW4=", + "lastModified": 1757347588, + "narHash": "sha256-tLdkkC6XnsY9EOZW9TlpesTclELy8W7lL2ClL+nma8o=", "owner": "nixos", "repo": "nixpkgs", - "rev": "8eb28adfa3dc4de28e792e3bf49fcf9007ca8ac9", + "rev": "b599843bad24621dcaa5ab60dac98f9b0eb1cabe", "type": "github" }, "original": { @@ -410,11 +410,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1744868846, - "narHash": "sha256-5RJTdUHDmj12Qsv7XOhuospjAjATNiTMElplWnJE9Hs=", + "lastModified": 1757034884, + "narHash": "sha256-PgLSZDBEWUHpfTRfFyklmiiLBE1i1aGCtz4eRA3POao=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ebe4301cbd8f81c4f8d3244b3632338bbeb6d49c", + "rev": "ca77296380960cd497a765102eeb1356eb80fed0", "type": "github" }, "original": { @@ -430,11 +430,11 @@ "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1757367609, - "narHash": "sha256-/sMr7GRnb7Y3i0w+qg/5y1LWB3FL8Wai0tPn9aiUlw4=", + "lastModified": 1757500034, + "narHash": "sha256-27oRr29r98W9/9AFsusHsI3SDtMJtZL2wVbvx/a9dIo=", "owner": "nix-community", "repo": "NUR", - "rev": "6291367b23c38821ca01c64f93c11c5cb56748ad", + "rev": "356f3a0c8a844ca237d144bf8a58cf8ad706cf16", "type": "github" }, "original": { @@ -558,11 +558,11 @@ "nixpkgs": "nixpkgs_4" }, "locked": { - "lastModified": 1754988908, - "narHash": "sha256-t+voe2961vCgrzPFtZxha0/kmFSHFobzF00sT8p9h0U=", + "lastModified": 1757449901, + "narHash": "sha256-qwN8nYdSRnmmyyi+uR6m4gXnVktmy5smG1MOrSFD8PI=", "owner": "Mic92", "repo": "sops-nix", - "rev": "3223c7a92724b5d804e9988c6b447a0d09017d48", + "rev": "3b4a369df9dd6ee171a7ea4448b50e2528faf850", "type": "github" }, "original": { diff --git a/nix/modules/conduit.nix b/nix/modules/conduit.nix index ce2c23e..e47c7a2 100644 --- a/nix/modules/conduit.nix +++ b/nix/modules/conduit.nix @@ -10,7 +10,7 @@ ]; address = "0.0.0.0"; port = 6167; - allow_registration = true; + allow_registration = false; }; }; } diff --git a/nix/modules/configuration.nix b/nix/modules/configuration.nix index 7234333..27002ff 100644 --- a/nix/modules/configuration.nix +++ b/nix/modules/configuration.nix @@ -284,7 +284,7 @@ xdg.portal = { enable = (! config.monorepo.profiles.ttyonly.enable); - wlr.enable = true; + wlr.enable = (! config.monorepo.profiles.ttyonly.enable); extraPortals = with pkgs; if (! config.monorepo.profiles.ttyonly.enable) then [ xdg-desktop-portal-gtk xdg-desktop-portal diff --git a/nix/modules/home/git.nix b/nix/modules/home/git.nix index 9c15aac..0e6e66c 100644 --- a/nix/modules/home/git.nix +++ b/nix/modules/home/git.nix @@ -14,10 +14,13 @@ }; aliases = { + pl = "pull"; + ps = "push"; co = "checkout"; c = "commit"; a = "add"; - s = "switch"; + st = "status"; + sw = "switch"; b = "branch"; }; }; diff --git a/nix/modules/home/user.nix b/nix/modules/home/user.nix index d0cad9a..24b61da 100644 --- a/nix/modules/home/user.nix +++ b/nix/modules/home/user.nix @@ -29,6 +29,7 @@ mupdf zathura + fzf # passwords age sops @@ -64,6 +65,44 @@ pfetch libnotify htop + + (pkgs.writeShellScriptBin "help" + '' +#!/usr/bin/env sh +# Portable, colored, nicely aligned alias list + +# Generate uncolored alias pairs +aliases=$(cat <<'EOF' +${let aliases = config.programs.zsh.shellAliases; + in lib.concatStringsSep "\n" (lib.mapAttrsToList (name: value: + "${name} -> ${value}" + ) aliases)} +EOF + ) + +# Align and color using awk +echo "$aliases" | awk ' +BEGIN { + GREEN="\033[0;32m"; + YELLOW="\033[0;33m"; + RESET="\033[0m"; + maxlen=0; + } +{ + # Split line on " -> " + split($0, parts, / -> /); + name[NR]=parts[1]; + cmd[NR]=parts[2]; + if(length(parts[1])>maxlen) maxlen=length(parts[1]); +} +END { + for(i=1;i<=NR;i++) { + # printf with fixed width for alias name + printf "%s%-*s%s -> %s%s%s\n", GREEN, maxlen, name[i], RESET, YELLOW, cmd[i], RESET; + } +}' +'') + (writeShellScriptBin "remote-build" '' #!/bin/bash diff --git a/nix/modules/home/zsh.nix b/nix/modules/home/zsh.nix index e12a2d8..cb4f1b0 100644 --- a/nix/modules/home/zsh.nix +++ b/nix/modules/home/zsh.nix @@ -21,6 +21,9 @@ }; shellAliases = { + se = "sops edit"; + f = "vim $(fzf)"; + e = "cd $(find . -type d -print | fzf)"; c = "clear"; g = "git"; v = "vim"; diff --git a/nix/modules/maddy.nix b/nix/modules/maddy.nix index 158b6b5..f97ba05 100644 --- a/nix/modules/maddy.nix +++ b/nix/modules/maddy.nix @@ -3,7 +3,7 @@ services.maddy = { enable = lib.mkDefault config.monorepo.profiles.server.enable; openFirewall = true; - primaryDomain = "ret2pop.net"; + primaryDomain = "${config.monorepo.vars.remoteHost}"; tls = { loader = "acme"; }; diff --git a/nix/modules/vars.nix b/nix/modules/vars.nix index 4b7c894..de9736e 100644 --- a/nix/modules/vars.nix +++ b/nix/modules/vars.nix @@ -8,6 +8,13 @@ description = "device that NixOS is installed to"; }; + fileSystem = lib.mkOption { + type = lib.types.str; + default = "ext4"; + example = "btrfs"; + description = "filesystem to install with disko"; + }; + diskoSpec = lib.mkOption { type = lib.types.attrs; description = "retains a copy of the disko spec for reflection"; diff --git a/nix/modules/znc.nix b/nix/modules/znc.nix index d32d564..c2e2079 100644 --- a/nix/modules/znc.nix +++ b/nix/modules/znc.nix @@ -10,8 +10,6 @@ Method = sha256 Hash = d4abdd69aa24de69693885c5bd83a4a0e9ee989e1a69a905041b0dad9abc06ea Salt = sDY,?H5AxC-!gH3a.:)D - Hash = ${config.sops.secrets.znc_password_hash} - Salt = ${config.sops.secrets.znc_password_salt} ''; modules = [ diff --git a/nix/systems/spontaneity/default.nix b/nix/systems/spontaneity/default.nix index 5460428..3ab7a9e 100644 --- a/nix/systems/spontaneity/default.nix +++ b/nix/systems/spontaneity/default.nix @@ -18,6 +18,12 @@ boot.loader.grub.device = "nodev"; networking = { + interfaces.ens3.ipv6.addresses = [ + { + address = "2001:19f0:5401:10d0:5400:5ff:fe4a:7794"; + prefixLength = 64; + } + ]; firewall.allowedTCPPorts = [ 80 443