as well as writing a lot of things with a literate config. To see more, see my
[[file:config/emacs.org][emacs configuration]] and my [[file:config/nix.org][NixOS configuration]].
** So, where is this website of yours located?
-https://ret2pop.nullring.xyz, it is the road to enlightenment.
+https://ret2pop.net, it is the road to enlightenment.
* Wait, so where are your dotfiles?
To use my dotfiles, download the ISO image for the installer, log in, and run:
#+begin_src bash
- SYSTEM=continuity DRIVE=sda-simple nix_installer
+ nix_installer
#+end_src
then reboot, and run:
#+begin_src bash
cd $HOME/monorepo && git pull
#+end_src
+That's all! Note that if you install with an encrypted disk, you will have to run:
+#+begin_src bash
+ echo "password123" > /tmp/secret.key
+#+end_src
+first.
** Post-setup
In emacs, run ~M-x all-the-icons-install-fonts, ~~M-x nerd-icons-install-fonts~, and ~M-x org-roam-db-sync~. Install your music to ~$HOME/music~ for
-emms.
+emms. In firefox, go to the three-bar menu and enable all the add-ons that were automatically installed. Set up the ~mu~ program in order to
+send and receive email, along with modifying the corresponding mbsync and msmtp commands. Change ~nix/flakevars.nix~ to your liking, and add
+new systems if you want.
* License
-See the [[file:LICENSE.org][license]]. The style.css has its own license.
+See the [[file:LICENSE][license]] The style.css has its own license.
* Scheduled tasks
These are one-time tasks that are scheduled at a particular date, and that don't require regular
schedules.
+** Appointments
+These are tasks related to my appointments which have to be at a specific time.
+*** TODO Appointment Call
+I have an appointment in a couple days.
+SCHEDULED: <2025-09-16 Tue 15:45>
+*** TODO Friends Stay a Night
+SCHEDULED: <2025-09-23 Tue>
+*** TODO Covet Concert
+SCHEDULED: <2025-10-10 Fri>
+Exciting!
+*** TODO Optometry appointment
+SCHEDULED: <2025-09-29 Mon 16:45>
+For eye health @ Mount Pleasant Optometry.
+*** TODO Magbay Concert
+SCHEDULED: <2025-09-30 Tue>
+Exciting!
** Friends
These are tasks related to seeing my friends. There will be tasks listed here when I schedule
something.
These are some habits I want to track. They are repeated according to a calendar schedule in
general.
** TODO Supplements
-SCHEDULED: <2025-09-11 Thu .+1d>
+SCHEDULED: <2025-09-18 Thu .+1d>
:PROPERTIES:
-:LAST_REPEAT: [2025-09-10 Wed 03:23]
+:LAST_REPEAT: [2025-09-17 Wed 03:40]
:STYLE: habit
:END:
+- State "DONE" from "TODO" [2025-09-17 Wed 03:40]
+- State "DONE" from "TODO" [2025-09-16 Tue 03:13]
+- State "DONE" from "TODO" [2025-09-14 Sun 18:33]
+- State "DONE" from "TODO" [2025-09-14 Sun 02:17]
+- State "DONE" from "TODO" [2025-09-12 Fri 23:48]
+- State "DONE" from "TODO" [2025-09-12 Fri 23:47]
- State "DONE" from "TODO" [2025-09-10 Wed 03:23]
- State "DONE" from "TODO" [2025-09-09 Tue 02:39]
- State "DONE" from "TODO" [2025-09-08 Mon 15:39]
- Iron
- Vitamin D3
- EPA/DHA
-** TODO Pushups
-SCHEDULED: <2025-09-11 Thu .+1d>
+- Creatine Monohydrate
+** TODO Strength Training
+SCHEDULED: <2025-09-18 Thu .+1d>
:PROPERTIES:
-:LAST_REPEAT: [2025-09-10 Wed 03:23]
+:LAST_REPEAT: [2025-09-17 Wed 03:40]
:STYLE: habit
:END:
+- State "DONE" from "TODO" [2025-09-17 Wed 03:40]
+- State "DONE" from "TODO" [2025-09-14 Sun 02:26]
- State "DONE" from "TODO" [2025-09-10 Wed 03:23]
- State "DONE" from "TODO" [2025-09-09 Tue 02:42]
- State "DONE" from "TODO" [2025-09-08 Mon 04:35]
- State "DONE" from "TODO" [2025-06-26 Thu 23:22]
I want to be able to run or bike every day so that I get my exercise in.
** TODO Stretch
-SCHEDULED: <2025-09-10 Wed .+1d>
+SCHEDULED: <2025-09-18 Thu .+1d>
:PROPERTIES:
-:LAST_REPEAT: [2025-09-09 Tue 02:42]
+:LAST_REPEAT: [2025-09-17 Wed 03:40]
:STYLE: habit
:END:
+- State "DONE" from "TODO" [2025-09-17 Wed 03:40]
+- State "DONE" from "TODO" [2025-09-16 Tue 03:14]
+- State "DONE" from "TODO" [2025-09-14 Sun 02:20]
- State "DONE" from "TODO" [2025-09-09 Tue 02:42]
- State "DONE" from "TODO" [2025-09-08 Mon 04:47]
- State "DONE" from "TODO" [2025-02-11 Tue 04:01]
- State "DONE" from "TODO" [2025-01-11 Sat 02:26]
I want to stretch every day so that I can become more flexible.
** TODO Journal
-SCHEDULED: <2025-09-10 Wed .+1d>
+SCHEDULED: <2025-09-18 Thu .+1d>
:PROPERTIES:
-:LAST_REPEAT: [2025-09-09 Tue 02:40]
+:LAST_REPEAT: [2025-09-17 Wed 03:40]
:STYLE: habit
:END:
+- State "DONE" from "TODO" [2025-09-17 Wed 03:40]
+- State "DONE" from "TODO" [2025-09-16 Tue 03:14]
+- State "DONE" from "TODO" [2025-09-14 Sun 02:18]
+- State "DONE" from "TODO" [2025-09-12 Fri 23:47]
- State "DONE" from "TODO" [2025-09-09 Tue 02:40]
- State "DONE" from "TODO" [2025-09-08 Mon 04:35]
- State "DONE" from "TODO" [2025-07-20 Sun 21:28]
#+author: Preston Pan
#+date: <2023-06-09 Fri>
#+description: My list of blogs, news sites, and channels.
-
#+html_head: <link rel="stylesheet" type="text/css" href="../style.css" />
* Feed :elfeed:
This is the feed I use for Elfeed, and the elfeed-org package allows me to publish
them here in an automated fashion. This is why Emacs is so great!
-** Blogs :blog:
-Here are some interesting blogs, many of which are from substack.
-*** [[https://graymirror.substack.com/feed][Gray Mirror]]
-Curtis Yarvin is quite the interesting person.
-*** [[https://lukesmith.xyz/index.xml][Luke Smith]] :lukesmith:
-Luke Smith is quite the interesting person.
-*** [[https://terrytao.wordpress.com/feed/][Terence Tao]]
-I like math.
** News :news:
These are the news articles that I subscribe to. Some of these are politics related
but I mostly just want to inform myself about technology subjects.
-*** [[https://www.wired.com/feed/tag/ai/latest/rss][Wired AI News]]
-Wired isn't too bad at covering science and technology.
-*** [[https://www.wired.com/feed/category/science/latest/rss][Wired Science]]
-Look above.
-*** [[https://feeds.washingtonpost.com/rss/politics?itid=lk_inline_manual_2][Washington Post Politics]]
-Politics is almost useless, but it helps with understanding what people are saying around me.
*** [[https://news.ycombinator.com/rss][Hacker News]]
Hacker News!
+*** [[https://www.propublica.org/feeds/propublica/main][Propublica]]
+Free news!
*** [[https://api.quantamagazine.org/feed/][Quanta Magazine]]
Credibility: misreported on ER EPR correspondence
** Podcasts :podcast:
I like to get new information about recent studies related to technology.
*** [[http://www.nature.com/nmat/current_issue/rss/][Nature]]
Nature is a prestigious journal with a good bit of good content.
+*** NASA :nasa:
+This is a list of NASA feeds:
+**** [[https://www.nasa.gov/technology/feed/][NASA Tech]]
+**** [[https://www.nasa.gov/aeronautics/feed/][NASA Aeronautics]]
+**** [[https://www.nasa.gov/missions/station/feed/][NASA Station]]
+**** [[https://www.nasa.gov/missions/artemis/feed/][NASA Artemis]]
** YouTube :youtube:
These are YouTube channels that I find interesting enough to keep up with. Note that I keep
up with a variety of thinkers that I may or may not disagree with, but they are nonetheless
the most intellectual version of what their general cohort say:
+*** [[https://www.youtube.com/feeds/videos.xml?channel_id=UC1yNl2E66ZzKApQdRuTQ4tw][Sabine Hossenfelder]]
+Youtube channel about mostly physics related content (I do not endorse her views on string theory).
*** [[https://www.youtube.com/feeds/videos.xml?channel_id=UC7_gcs09iThXybpVgjHZ_7g][PBS Space Time]]
PBS space time is a channel that discusses various (sometimes cutting edge) topics in Physics in an expert manner.
I find that they are highly accurate, and the host is highly educated in Physics.
Linux videos.
*** [[https://www.youtube.com/feeds/videos.xml?channel_id=UCU1oodg2ptN51N5rwevwnng][Unlearning Economics]]
Videos about economics from a Marxist perspective.
-** Misc.
-This is a section dedicated to everything that does not fit the above categories
-or is newly added from [[file:qutebrowser.org][Qutebrowser]] with the xr keybinding.
+** Blogs :blog:
+Here are some interesting blogs, many of which are from substack.
+*** [[https://terrytao.wordpress.com/feed/][Terence Tao]]
+I like math.
+*** [[https://graymirror.substack.com/feed][Gray Mirror]]
+Curtis Yarvin is quite the interesting person.
+*** [[https://www.richardhanania.com/feed][Richard Hanania]]
+Richard is a political commentator.
+*** [[https://lukesmith.xyz/index.xml][Luke Smith]] :lukesmith:
+Luke Smith is quite the interesting person.
-(setq system-email "ret2pop@gmail.com")
-(setq system-username "ret2pop")
-(setq system-fullname "Preston Pan")
-
(use-package emacs
:custom
;; global defaults
;; load theme, fonts, and transparency. Prettify symbols.
(global-prettify-symbols-mode 1)
- (load-theme 'catppuccin :no-confirm)
(set-face-attribute 'default nil :font "Iosevka Nerd Font" :height 130)
(set-frame-parameter nil 'alpha-background 90)
(add-to-list 'default-frame-alist '(alpha-background . 90)))
(org-agenda-files (list "~/monorepo/agenda.org" "~/org/notes.org" "~/org/agenda.org") "set default org files")
(org-default-notes-file (concat org-directory "/notes.org") "Notes file")
(org-publish-project-alist
- '(("website-org"
- :base-directory "~/monorepo"
- :base-extension "org"
- :publishing-directory "~/website_html"
- :recursive t
- :publishing-function org-html-publish-to-html
- :headline-levels 4
- :html-preamble t
-
:html-preamble-format (("en" "<p class=\"preamble\"><a href=\"/index.html\">home</a> | <a href=\"./index.html\">section main page</a></p><hr>")))
- ("website-static"
- :base-directory "~/monorepo"
- :base-extension "css\\|js\\|png\\|jpg\\|gif\\|pdf\\|mp3\\|ogg\\|swf\\|ico\\|asc\\|pub\\|webmanifest\\|xml\\|svg"
- :publishing-directory "~/website_html/"
- :recursive t
- :publishing-function org-publish-attachment)
- ("website" :auto-sitemap t :components ("website-org" "website-static"))) "functions to publish website")
- (org-html-postamble "Copyright © 2024 Preston Pan" "set copyright notice on bottom of site")
+ '(("website-org"
+ :base-directory "~/monorepo"
+ :base-extension "org"
+ :publishing-directory "~/website_html"
+ :recursive t
+ :publishing-function org-html-publish-to-html
+ :headline-levels 4
+ :html-preamble t
+ :html-preamble-format (("en" "<p class=\"preamble\"><a href=\"/index.html\">home</a> | <a href=\"./index.html\">section main page</a></p><hr>")))
+ ("website-static"
+ :base-directory "~/monorepo"
+ :base-extension "css\\|js\\|png\\|jpg\\|gif\\|pdf\\|mp3\\|ogg\\|swf\\|ico\\|asc\\|pub\\|webmanifest\\|xml\\|svg"
+ :publishing-directory "~/website_html/"
+ :recursive t
+ :publishing-function org-publish-attachment)
+ ("website" :auto-sitemap t :components ("website-org" "website-static"))) "functions to publish website")
+ (org-html-postamble (concat "Copyright © 2024 " system-fullname) "set copyright notice on bottom of site")
:config
(require 'ox-publish)
(require 'org-tempo)
(require 'org-habit)
(org-babel-do-load-languages 'org-babel-load-languages
- '((shell . t)
- (python . t)
- (latex . t))))
-
-;; (with-eval-after-load 'org
-;; ;; stop electric-pair from pairing < in org-mode
-;; (add-hook 'org-mode-hook
-;; (lambda ()
-;; (setq-local electric-pair-inhibit-predicate
-;; (lambda (c)
-;; (if (eq c ?<) t (electric-pair-default-inhibit c)))))))
+ '((shell . t)
+ (python . t)
+ (latex . t))))
(use-package unicode-fonts
:init (unicode-fonts-setup))
(use-package wgrep
:after grep)
-(use-package lyrics-fetcher
- :after (emms)
- :custom
- (lyrics-fetcher-genius-access-token (password-store-get "genius_api") "Use genius for backend")
- :config
- (lyrics-fetcher-use-backend 'genius))
-
(defun insert-urandom-password (&optional length)
(interactive "P")
(let ((length (or length 32))
:config
(doom-modeline-mode 1))
+(use-package doom-themes
+ :ensure t
+ :custom
+ (doom-themes-enable-bold t)
+ (doom-themes-enable-italic t)
+ (doom-themes-treemacs-theme "doom-rouge")
+ :config
+ (load-theme 'doom-rouge t)
+
+ (doom-themes-visual-bell-config)
+ (doom-themes-treemacs-config)
+ (doom-themes-org-config))
+
(use-package writegood-mode
:hook (text-mode . writegood-mode))
(use-package erc
:custom
- (erc-nick system-username "Set erc nick to username")
- (erc-user-full-name system-fullname "Use real name for full name"))
+ (erc-nick system-username "sets erc username to the one set in nix config")
+ (erc-user-full-name system-fullname "sets erc fullname to the one set in nix config"))
(use-package general
:init
"h i" '(info :wk "Info")
"s i p" '(insert-urandom-password :wk "insert random password to buffer (for sops)")
- "u w" '((lambda () (interactive) (shell-command "rsync -azvP ~/website_html/ root@nullring.xyz:/usr/share/nginx/ret2pop/")) :wk "rsync website update")
"h r r" '(lambda () (interactive) (org-babel-load-file (expand-file-name "~/monorepo/config/emacs.org")))))
(message-kill-buffer-on-exit t "Kill buffer when I exit mu4e")
(mu4e-compose-dont-reply-to-self t "Don't include self in replies")
(mu4e-change-filenames-when-moving t)
- (mu4e-get-mail-command "mbsync ret2pop" "Use mbsync for imap")
+ (mu4e-get-mail-command (concat "mbsync " system-username) "Use mbsync for imap")
(mu4e-compose-reply-ignore-address (list "no-?reply" system-email) "ignore my own address and noreply")
(mu4e-html2text-command "w3m -T text/html" "Use w3m to convert html to text")
(mu4e-update-interval 300 "Update duration")
reason, you will not see :ensure t inside any use-package declaration, for emacs packages
are all compiled natively and reproducibly on the NixOS side. This configuration uses the
emacs-lisp language only to configure variables for said packages, for the most part.
-** User
-Change these variables:
-#+begin_src emacs-lisp
-(setq system-email "ret2pop@gmail.com")
-(setq system-username "ret2pop")
-(setq system-fullname "Preston Pan")
-#+end_src
** Emacs
These are all the options that need to be set at the start of the program. Because use-package
is largely declarative, the order of many of these options should not matter. However, there
;; load theme, fonts, and transparency. Prettify symbols.
(global-prettify-symbols-mode 1)
- (load-theme 'catppuccin :no-confirm)
(set-face-attribute 'default nil :font "Iosevka Nerd Font" :height 130)
(set-frame-parameter nil 'alpha-background 90)
(add-to-list 'default-frame-alist '(alpha-background . 90)))
(org-agenda-files (list "~/monorepo/agenda.org" "~/org/notes.org" "~/org/agenda.org") "set default org files")
(org-default-notes-file (concat org-directory "/notes.org") "Notes file")
(org-publish-project-alist
- '(("website-org"
- :base-directory "~/monorepo"
- :base-extension "org"
- :publishing-directory "~/website_html"
- :recursive t
- :publishing-function org-html-publish-to-html
- :headline-levels 4
- :html-preamble t
-
:html-preamble-format (("en" "<p class=\"preamble\"><a href=\"/index.html\">home</a> | <a href=\"./index.html\">section main page</a></p><hr>")))
- ("website-static"
- :base-directory "~/monorepo"
- :base-extension "css\\|js\\|png\\|jpg\\|gif\\|pdf\\|mp3\\|ogg\\|swf\\|ico\\|asc\\|pub\\|webmanifest\\|xml\\|svg"
- :publishing-directory "~/website_html/"
- :recursive t
- :publishing-function org-publish-attachment)
- ("website" :auto-sitemap t :components ("website-org" "website-static"))) "functions to publish website")
- (org-html-postamble "Copyright © 2024 Preston Pan" "set copyright notice on bottom of site")
+ '(("website-org"
+ :base-directory "~/monorepo"
+ :base-extension "org"
+ :publishing-directory "~/website_html"
+ :recursive t
+ :publishing-function org-html-publish-to-html
+ :headline-levels 4
+ :html-preamble t
+ :html-preamble-format (("en" "<p class=\"preamble\"><a href=\"/index.html\">home</a> | <a href=\"./index.html\">section main page</a></p><hr>")))
+ ("website-static"
+ :base-directory "~/monorepo"
+ :base-extension "css\\|js\\|png\\|jpg\\|gif\\|pdf\\|mp3\\|ogg\\|swf\\|ico\\|asc\\|pub\\|webmanifest\\|xml\\|svg"
+ :publishing-directory "~/website_html/"
+ :recursive t
+ :publishing-function org-publish-attachment)
+ ("website" :auto-sitemap t :components ("website-org" "website-static"))) "functions to publish website")
+ (org-html-postamble (concat "Copyright © 2024 " system-fullname) "set copyright notice on bottom of site")
:config
(require 'ox-publish)
(require 'org-tempo)
(require 'org-habit)
(org-babel-do-load-languages 'org-babel-load-languages
- '((shell . t)
- (python . t)
- (latex . t))))
-
- ;; (with-eval-after-load 'org
- ;; ;; stop electric-pair from pairing < in org-mode
- ;; (add-hook 'org-mode-hook
- ;; (lambda ()
- ;; (setq-local electric-pair-inhibit-predicate
- ;; (lambda (c)
- ;; (if (eq c ?<) t (electric-pair-default-inhibit c)))))))
+ '((shell . t)
+ (python . t)
+ (latex . t))))
#+end_src
As you can see, I only have one real entry in config here (I don't count requires even though
they have to be on the top)
(org-mode . (lambda () (setq-local electric-pair-inhibit-predicate (lambda (c) (if (eq c ?<) t (electric-pair-default-inhibit c))))))))
#+end_src
* Search and Replace
+wgrep is a program that allows you to do more intelligent search and replace.
#+begin_src emacs-lisp
(use-package wgrep
:after grep)
#+end_src
-* Lyrics
-This currently doesn't work I'm pretty sure, but it's supposed to fetch lyrics from mpd.
-#+begin_src emacs-lisp
- (use-package lyrics-fetcher
- :after (emms)
- :custom
- (lyrics-fetcher-genius-access-token (password-store-get "genius_api") "Use genius for backend")
- :config
- (lyrics-fetcher-use-backend 'genius))
-#+end_src
* Passwords
This is a function that inserts a random password into the buffer. I use this to manage sops-nix.
#+begin_src emacs-lisp
:config
(doom-modeline-mode 1))
#+end_src
+*** Doom Theme
+I used to use catppuccin, but the doom themes are so good that I am willing to break some theme consistency with my desktop in order
+to use doom themes. I mean it looks better anyways if emacs is a distinct theme.
+#+begin_src emacs-lisp
+ (use-package doom-themes
+ :ensure t
+ :custom
+ (doom-themes-enable-bold t)
+ (doom-themes-enable-italic t)
+ (doom-themes-treemacs-theme "doom-rouge")
+ :config
+ (load-theme 'doom-rouge t)
+
+ (doom-themes-visual-bell-config)
+ (doom-themes-treemacs-config)
+ (doom-themes-org-config))
+#+end_src
** Grammar
I want to write good! I grammar good too.
#+begin_src emacs-lisp
#+begin_src emacs-lisp
(use-package erc
:custom
- (erc-nick system-username "Set erc nick to username")
- (erc-user-full-name system-fullname "Use real name for full name"))
+ (erc-nick system-username "sets erc username to the one set in nix config")
+ (erc-user-full-name system-fullname "sets erc fullname to the one set in nix config"))
#+end_src
** Keybindings
Global keybindings for everything that I care about globally. It's all here! I use general
"h i" '(info :wk "Info")
"s i p" '(insert-urandom-password :wk "insert random password to buffer (for sops)")
- "u w" '((lambda () (interactive) (shell-command "rsync -azvP ~/website_html/ root@nullring.xyz:/usr/share/nginx/ret2pop/")) :wk "rsync website update")
"h r r" '(lambda () (interactive) (org-babel-load-file (expand-file-name "~/monorepo/config/emacs.org")))))
#+end_src
(message-kill-buffer-on-exit t "Kill buffer when I exit mu4e")
(mu4e-compose-dont-reply-to-self t "Don't include self in replies")
(mu4e-change-filenames-when-moving t)
- (mu4e-get-mail-command "mbsync ret2pop" "Use mbsync for imap")
+ (mu4e-get-mail-command (concat "mbsync " system-username) "Use mbsync for imap")
(mu4e-compose-reply-ignore-address (list "no-?reply" system-email) "ignore my own address and noreply")
(mu4e-html2text-command "w3m -T text/html" "Use w3m to convert html to text")
(mu4e-update-interval 300 "Update duration")
:rev "76895d8939111654a472cfc617cfd43fbf5f1eb6"))
#+end_src
and actually pull something from the internet instead of pinning. Thankfully this reproduction issue is probably localized to lean files. Also,
-we're pulling a specific commit so it is still pinned.
+we're pulling a specific commit so it is still pinned. If it fails to fetch, lean4 is broken I guess.
Hence, my monorepo serves a dual purpose, as do many of the files within my monorepo. They are
often data files used in my configuration (i.e. emacs, elfeed, org-roam, agenda, journal, etc...)
and they are webpages as well. This page is one such example of this concept.
+
+* Configurables
+We start with some configurable variables (you can change these if you want to use this configuration yourself):
+#+begin_src nix :tangle ../nix/flakevars.nix
+ let
+ # I'm ret2pop! What's your name?
+ internetName = "ret2pop";
+ in
+ {
+ # Name of spontaneity box
+ remoteHost = "${internetName}.net";
+
+ # Your internet name
+ internetName = internetName;
+
+ # Name of your organization
+ orgHost = "nullring.xyz";
+
+ # Hostnames of my systems
+ hostnames = [
+ "affinity"
+ "continuity"
+ "spontaneity"
+ "installer"
+ ];
+ }
+#+end_src
+
* Flake.nix
The flake is the entry point of the NixOS configuration. Here, I have a list of all the systems
that I use with all the modules that they use. My NixOS configuration is heavily modularized,
so that adding new configurations that add modifications is made simple.
+
+and now for the main flake:
#+begin_src nix :tangle ../nix/flake.nix
{
description = "Emacs centric configurations for a complete networked system";
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nur.url = "github:nix-community/NUR";
sops-nix.url = "github:Mic92/sops-nix";
+
scripts.url = "github:ret2pop/scripts";
wallpapers.url = "github:ret2pop/wallpapers";
sounds.url = "github:ret2pop/sounds";
+ deep-research.url = "github:ret2pop/ollama-deep-researcher";
+ impermanence.url = "github:nix-community/impermanence";
+
nix-topology = {
url = "github:oddlama/nix-topology";
inputs.nixpkgs.follows = "nixpkgs";
};
- deep-research = {
- url = "github:ret2pop/ollama-deep-researcher";
- };
+
home-manager = {
url = "github:nix-community/home-manager/release-25.05";
inputs.nixpkgs.follows = "nixpkgs";
};
+
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
+
lanzaboote = {
url = "github:nix-community/lanzaboote/v0.4.1";
inputs.nixpkgs.follows = "nixpkgs";
};
+
nixos-dns = {
url = "github:Janik-Haag/nixos-dns";
inputs.nixpkgs.follows = "nixpkgs";
};
};
- outputs = { self, nixpkgs, home-manager, nur, disko, lanzaboote, sops-nix, nix-topology, nixos-dns, deep-research, ... }@attrs:
+ outputs = {
+ self,
+ nixpkgs,
+ home-manager,
+ nur,
+ disko,
+ lanzaboote,
+ sops-nix,
+ nix-topology,
+ nixos-dns,
+ deep-research,
+ impermanence,
+ ...
+ }
+ @attrs:
let
- hostnames = [
- "affinity"
- "continuity"
- "installer"
- "spontaneity"
- # add hostnames here
- ];
-
+ vars = import ./flakevars.nix;
system = "x86_64-linux";
-
pkgs = import nixpkgs { inherit system; };
-
generate = nixos-dns.utils.generate nixpkgs.legacyPackages."${system}";
dnsConfig = {
# function that generates all systems from hostnames
mkConfigs = map (hostname: {name = "${hostname}";
- value = nixpkgs.lib.nixosSystem {
- inherit system;
- specialArgs = attrs;
- modules = if (hostname == "installer") then [
- (./. + "/systems/${hostname}/default.nix")
- { networking.hostName = "${hostname}"; }
- nix-topology.nixosModules.default
- ] else [
- {
- environment.systemPackages = with nixpkgs.lib; [
- deep-research.packages."${system}".deep-research
- ];
- }
- nix-topology.nixosModules.default
- lanzaboote.nixosModules.lanzaboote
- disko.nixosModules.disko
- home-manager.nixosModules.home-manager
- sops-nix.nixosModules.sops
- nixos-dns.nixosModules.dns
- {
- nixpkgs.overlays = [ nur.overlays.default ];
- home-manager.extraSpecialArgs = attrs // { systemHostName = "${hostname}"; };
- networking.hostName = "${hostname}";
- }
- (./. + "/systems/${hostname}/default.nix")
- ];
- };
- });
+ value = nixpkgs.lib.nixosSystem {
+ inherit system;
+ specialArgs = attrs;
+ modules = if (hostname == "installer") then [
+ (./. + "/systems/${hostname}/default.nix")
+ { networking.hostName = "${hostname}"; }
+ nix-topology.nixosModules.default
+ ] else [
+ {
+ environment.systemPackages = with nixpkgs.lib; [
+ deep-research.packages."${system}".deep-research
+ ];
+ }
+ impermanence.nixosModules.impermanence
+ nix-topology.nixosModules.default
+ lanzaboote.nixosModules.lanzaboote
+ disko.nixosModules.disko
+ home-manager.nixosModules.home-manager
+ sops-nix.nixosModules.sops
+ nixos-dns.nixosModules.dns
+ {
+ nixpkgs.overlays = [ nur.overlays.default ];
+ home-manager.extraSpecialArgs = attrs // { systemHostName = "${hostname}"; };
+ networking.hostName = "${hostname}";
+ }
+ (./. + "/systems/${hostname}/default.nix")
+ ];
+ };
+ });
mkDiskoFiles = map (hostname: {
name = "${hostname}";
value = self.nixosConfigurations."${hostname}".config.monorepo.vars.diskoSpec;
});
+ in
+ {
+ nixosConfigurations = builtins.listToAttrs (mkConfigs vars.hostnames);
- in {
- nixosConfigurations = builtins.listToAttrs (mkConfigs hostnames);
-
- evalDisko = builtins.listToAttrs (mkDiskoFiles (builtins.filter (x: x != "installer") hostnames));
+ evalDisko = builtins.listToAttrs (mkDiskoFiles (builtins.filter (x: x != "installer") vars.hostnames));
- topology."${system}" = import nix-topology {
- pkgs = import nixpkgs {
- inherit system;
- overlays = [ nix-topology.overlays.default ];
+ topology."${system}" = import nix-topology {
+ pkgs = import nixpkgs {
+ inherit system;
+ overlays = [ nix-topology.overlays.default ];
+ };
+ modules = [
+ ./topology/default.nix
+ { nixosConfigurations = self.nixosConfigurations; }
+ ];
};
- modules = [
- ./topology/default.nix
- { nixosConfigurations = self.nixosConfigurations; }
- ];
- };
- devShell."${system}" = with pkgs; mkShell {
- buildInputs = [
- fira-code
- python3
- poetry
- statix
- deadnix
- ];
- };
+ devShell."${system}" = with pkgs; mkShell {
+ buildInputs = [
+ fira-code
+ python3
+ poetry
+ statix
+ deadnix
+ ];
+ };
- packages."${system}" = {
- zoneFiles = generate.zoneFiles dnsConfig;
- octodns = generate.octodnsConfig {
- inherit dnsConfig;
-
- config = {
- providers = {
- cloudflare = {
- class = "octodns_cloudflare.CloudflareProvider";
- token = "env/CLOUDFLARE_TOKEN";
- };
- config = {
- check_origin = false;
+ packages."${system}" = {
+ zoneFiles = generate.zoneFiles dnsConfig;
+ octodns = generate.octodnsConfig {
+ inherit dnsConfig;
+
+ config = {
+ providers = {
+ cloudflare = {
+ class = "octodns_cloudflare.CloudflareProvider";
+ token = "env/CLOUDFLARE_TOKEN";
+ };
+ config = {
+ check_origin = false;
+ };
};
};
- };
- zones = {
- "ret2pop.net." = nixos-dns.utils.octodns.generateZoneAttrs [ "cloudflare" ];
- "nullring.xyz." = nixos-dns.utils.octodns.generateZoneAttrs [ "cloudflare" ];
+ zones = {
+ "${vars.remoteHost}." = nixos-dns.utils.octodns.generateZoneAttrs [ "cloudflare" ];
+ "${vars.orgHost}." = nixos-dns.utils.octodns.generateZoneAttrs [ "cloudflare" ];
+ };
};
};
};
- };
}
#+end_src
-Note that the configurations are automatically generated with he
-mkConfigs function.
+Note that the configurations are automatically generated with he mkConfigs function, and the final disko output is automatically generated
+with mkDiskoFiles.
* Sops Configuration
In order to use the sops configuration, you must change the age public key to the one that
you own:
largely self-documenting.
#+begin_src nix :tangle ../nix/modules/vars.nix
{ lib, ... }:
+ let
+ vars = import ../flakevars.nix;
+ in
{
options.monorepo.vars = {
device = lib.mkOption {
description = "device that NixOS is installed to";
};
+ internetName = lib.mkOption {
+ type = lib.types.str;
+ default = "${vars.internetName}";
+ example = "myinternetname";
+ description = "Internet name to be used for internet usernames";
+ };
+
+ repoName = lib.mkOption {
+ type = lib.types.str;
+ default = "monorepo";
+ example = "myreponame";
+ description = "Name of this repository";
+ };
+
fileSystem = lib.mkOption {
type = lib.types.str;
default = "ext4";
remoteHost = lib.mkOption {
type = lib.types.str;
- default = "ret2pop.net";
+ default = "${vars.remoteHost}";
example = "example.com";
description = "Address to push to and pull from for website and git repos";
};
+ orgHost = lib.mkOption {
+ type = lib.types.str;
+ default = "${vars.orgHost}";
+ example = "orgname.org";
+ description = "Domain name of your organization";
+ };
+
timeZone = lib.mkOption {
type = lib.types.str;
default = "America/Vancouver";
ttyonly.enable = lib.mkEnableOption "TTY only, no xserver";
grub.enable = lib.mkEnableOption "Enables grub instead of systemd-boot";
workstation.enable = lib.mkEnableOption "Enables workstation services";
+ impermanence.enable = lib.mkEnableOption "Enables imperamanence";
};
};
};
config = {
- environment.systemPackages = lib.mkIf config.monorepo.profiles.documentation.enable (with pkgs; [
+ environment.systemPackages = lib.mkIf config.monorepo.profiles.documentation.enable ((with pkgs; [
linux-manual
man-pages
man-pages-posix
iproute2
silver-searcher
ripgrep
- ]);
+ ]) ++
+ (if (config.monorepo.vars.fileSystem == "btrfs") then with pkgs; [
+ btrfs-progs
+ btrfs-snap
+ btrfs-list
+ btrfs-heatmap
+ ] else []));
+
boot.loader.grub = lib.mkIf config.monorepo.profiles.grub.enable {
enable = true;
};
pipewire.enable = lib.mkDefault true;
tor.enable = lib.mkDefault true;
home.enable = lib.mkDefault true;
+ impermanence.enable = lib.mkDefault false;
};
};
};
hostName = "0.0.0.0";
welcometext = "Wecome to the Null Murmur instance!";
registerName = "nullring";
- registerHostname = "nullring.xyz";
- sslCert = "/var/lib/acme/nullring.xyz/fullchain.pem";
- sslKey = "/var/lib/acme/nullring.xyz/sslKey.pem";
+ registerHostname = "${config.monorepo.vars.orgHost}";
+ sslCert = "/var/lib/acme/${config.monorepo.vars.orgHost}/fullchain.pem";
+ sslKey = "/var/lib/acme/${config.monorepo.vars.orgHost}/sslKey.pem";
};
}
#+end_src
enable = lib.mkDefault config.monorepo.profiles.server.enable;
config = ''
[Global]
- Name = nullring.xyz
+ Name = ${config.monorepo.vars.orgHost}
Info = NullRing IRC Instance
Listen = 0.0.0.0
MotdFile = /etc/motd.txt
[Options]
PAM = no
[SSL]
- CertFile = /var/lib/acme/nullring.xyz/fullchain.pem
+ CertFile = /var/lib/acme/${config.monorepo.vars.orgHost}/fullchain.pem
CipherList = HIGH:!aNULL:@STRENGTH:!SSLv3
- KeyFile = /var/lib/acme/nullring.xyz/key.pem
+ KeyFile = /var/lib/acme/${config.monorepo.vars.orgHost}/key.pem
Ports = 6697
'';
};
services.matrix-conduit = {
enable = lib.mkDefault config.monorepo.profiles.server.enable;
settings.global = {
- server_name = "matrix.${config.monorepo.vars.remoteHost}";
+ server_name = "matrix.${config.monorepo.vars.orgHost}";
trusted_servers = [
"matrix.org"
"nixos.org"
+ "conduit.rs"
];
address = "0.0.0.0";
port = 6167;
};
}
#+end_src
+** Honk
+In order to connect to activitypub:
+#+begin_src nix :tangle ../nix/modules/honk.nix
+ { lib, config, ... }:
+ {
+ services.honk = {
+ enable = config.monorepo.vars.ttyonly;
+ servername = "ret2pop.net";
+ username = "ret2pop";
+ };
+ }
+#+end_src
** Matterbridge
-Then I want to connect all these servers together with Matterbridge:
+I want to connect IRC to discord with matterbridge.
#+begin_src nix :tangle ../nix/modules/matterbridge.nix
{ lib, config, ... }:
{
};
}
#+end_src
+*** Mautrix
+I use this bridge to bridge myself from Matrix to Discord and vise versa, because Matterbridge is not maintained very well and therefore
+does not support conduit at the moment. Note that this is not fully declarative and requires that you add
+~/var/lib/mautrix-discord/discord-registration.yaml~ as an appservice to conduit.
+#+begin_src nix :tangle ../nix/modules/mautrix.nix
+ { lib, config, ... }:
+ {
+ services.mautrix-discord = {
+ enable = lib.mkDefault config.monorepo.profiles.server.enable;
+ environmentFile = "/etc/mautrix";
+ settings = {
+ bridge = {
+ animated_sticker = {
+ args = {
+ fps = 25;
+ height = 320;
+ width = 320;
+ };
+ target = "webp";
+ };
+ autojoin_thread_on_open = true;
+ avatar_proxy_key = "generate";
+ backfill = {
+ forward_limits = {
+ initial = {
+ channel = 0;
+ dm = 0;
+ thread = 0;
+ };
+ max_guild_members = -1;
+ missed = {
+ channel = 0;
+ dm = 0;
+ thread = 0;
+ };
+ };
+ };
+ cache_media = "unencrypted";
+ channel_name_template = "{{if or (eq .Type 3) (eq .Type 4)}}{{.Name}}{{else}}#{{.Name}}{{end}}";
+ command_prefix = "!discord";
+ custom_emoji_reactions = true;
+ delete_guild_on_leave = true;
+ delete_portal_on_channel_delete = false;
+ delivery_receipts = false;
+ direct_media = {
+ allow_proxy = true;
+ enabled = false;
+ server_key = "generate";
+ };
+ displayname_template = "{{if .Webhook}}Webhook{{else}}{{or .GlobalName .Username}}{{if .Bot}} (bot){{end}}{{end}}";
+ double_puppet_allow_discovery = true;
+ double_puppet_server_map = { };
+ embed_fields_as_tables = true;
+ enable_webhook_avatars = true;
+ encryption = {
+ allow = false;
+ allow_key_sharing = false;
+ appservice = false;
+ default = false;
+ delete_keys = {
+ delete_fully_used_on_decrypt = false;
+ delete_on_device_delete = false;
+ delete_outbound_on_ack = false;
+ delete_outdated_inbound = false;
+ delete_prev_on_new_session = false;
+ dont_store_outbound = false;
+ periodically_delete_expired = false;
+ ratchet_on_decrypt = false;
+ };
+ msc4190 = false;
+ plaintext_mentions = false;
+ require = false;
+ rotation = {
+ disable_device_change_key_rotation = false;
+ enable_custom = false;
+ messages = 100;
+ milliseconds = 604800000;
+ };
+ verification_levels = {
+ receive = "unverified";
+ send = "unverified";
+ share = "cross-signed-tofu";
+ };
+ };
+ federate_rooms = true;
+ guild_name_template = "{{.Name}}";
+ login_shared_secret_map = { };
+ management_room_text = {
+ additional_help = "";
+ welcome = "Hello, I'm a Discord bridge bot.";
+ welcome_connected = "Use `help` for help.";
+ welcome_unconnected = "Use `help` for help or `login` to log in.";
+ };
+ message_error_notices = true;
+ message_status_events = false;
+ mute_channels_on_create = false;
+ permissions = {
+ "@${config.monorepo.vars.internetName}:matrix.${config.monorepo.vars.orgHost}" = "admin";
+ "*" = "user";
+ };
+ portal_message_buffer = 128;
+ prefix_webhook_messages = true;
+ private_chat_portal_meta = "default";
+ provisioning = {
+ debug_endpoints = false;
+ prefix = "/_matrix/provision";
+ shared_secret = "generate";
+ };
+ public_address = null;
+ resend_bridge_info = false;
+ restricted_rooms = false;
+ startup_private_channel_create_limit = 5;
+ sync_direct_chat_list = false;
+ use_discord_cdn_upload = true;
+ username_template = "discord_{{.}}";
+ };
+
+ appservice = {
+ address = "http://localhost:29334";
+ hostname = "0.0.0.0";
+ port = 29334;
+ id = "discord";
+ bot = {
+ username = "discordbot";
+ displayname = "Discord bridge bot";
+ avatar = "mxc://maunium.net/nIdEykemnwdisvHbpxflpDlC";
+ };
+ ephemeral_events = true;
+ async_transactions = false;
+ database = {
+ type = "sqlite3";
+ uri = "file:${config.services.mautrix-discord.dataDir}/mautrix-discord.db?_txlock=immediate";
+ max_open_conns = 20;
+ max_idle_conns = 2;
+ max_conn_idle_time = null;
+ max_conn_lifetime = null;
+ };
+ as_token = "$MAUTRIX_DISCORD_APPSERVICE_AS_TOKEN";
+ hs_token = "$MAUTRIX_DISCORD_APPSERVICE_HS_TOKEN";
+ };
+
+ dataDir = "/var/lib/mautrix-discord";
+ homeserver = {
+ async_media = false;
+ message_send_checkpoint_endpoint = null;
+ ping_interval_seconds = 0;
+ software = "standard";
+ status_endpoint = null;
+ websocket = false;
+ domain = "matrix.${config.monorepo.vars.orgHost}";
+ address = "http://localhost:6167";
+ };
+ };
+ };
+ }
+#+end_src
** Ollama
Use ollama for serving large language models to my other computers.
#+begin_src nix :tangle ../nix/modules/ollama.nix
{ config, lib, ... }:
{
services.ollama = {
- enable = lib.mkDefault (!config.monorepo.profiles.ttyonly.enable);
+ enable = lib.mkDefault (!config.monorepo.profiles.server.enable);
acceleration = if (config.monorepo.profiles.workstation.enable) then "cuda" else null;
- loadModels = [
+ loadModels = if (config.monorepo.profiles.workstation.enable) then [
"qwen3:30b"
"qwen3-coder:latest"
"qwen2.5-coder:latest"
- "qwen2.5-coder:3b"
"gemma3:12b-it-qat"
+ ] else [
+ "qwen3:0.6b"
+ "qwen2.5-coder:0.5b"
];
host = "0.0.0.0";
openFirewall = true;
};
virtualHosts = {
- "matrix.${config.monorepo.vars.remoteHost}" = {
+ "matrix.${config.monorepo.vars.orgHost}" = {
enableACME = true;
forceSSL = true;
listen = [
};
"${config.monorepo.vars.remoteHost}" = {
serverName = "${config.monorepo.vars.remoteHost}";
- serverAliases = [ "ret2pop.nullring.xyz" ];
- root = "/var/www/ret2pop-website/";
+ serverAliases = [ "${config.monorepo.vars.internetName}.${config.monorepo.vars.orgHost}" ];
+ root = "/var/www/${config.monorepo.vars.internetName}-website/";
addSSL = true;
enableACME = true;
};
- "nullring.xyz" = {
- serverName = "nullring.xyz";
+ "${config.monorepo.vars.orgHost}" = {
+ serverName = "${config.monorepo.vars.orgHost}";
root = "/var/www/nullring/";
addSSL = true;
enableACME = true;
}
#+end_src
** Nvidia
+I have an Nvidia GPU on my computer.
#+begin_src nix :tangle ../nix/modules/nvidia.nix
{ config, lib, pkgs, ... }:
{
}
#+end_src
** CUDA
+I need CUDA on some computers because I run local LLMs.
#+begin_src nix :tangle ../nix/modules/cuda.nix
{ config, lib, pkgs, ... }:
{
"submission tls://0.0.0.0:465 tcp://0.0.0.0:587"
] options.services.maddy.config.default;
ensureCredentials = {
- "preston@localhost" = {
- passwordFile = "/secrets/preston-localhost";
+ "${config.monorepo.vars.userName}@localhost" = {
+ passwordFile = "/secrets/${config.monorepo.vars.userName}-localhost";
};
};
};
}
#+end_src
+** Impermanence
+This is my impermanence profile, which removes all files on reboot except for the ones listed below.
+#+begin_src nix :tangle ../nix/modules/impermanence.nix
+ { lib, config, ... }:
+ {
+ assertions = [
+ {
+ assertion = ! (config.monorepo.profiles.impermanence.enable && (! (config.monorepo.vars.filesystem == "btrfs")));
+ message = "Impermanence requires btrfs filesystem.";
+ }
+ ];
+
+ boot.initrd.postResumeCommands = (if config.monorepo.profiles.impermanence.enable then lib.mkAfter ''
+ mkdir /btrfs_tmp
+ mount /dev/root_vg/root /btrfs_tmp
+ if [[ -e /btrfs_tmp/root ]]; then
+ mkdir -p /btrfs_tmp/old_roots
+ timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S")
+ mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
+ fi
+
+ delete_subvolume_recursively() {
+ IFS=$'\n'
+ for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
+ delete_subvolume_recursively "/btrfs_tmp/$i"
+ done
+ btrfs subvolume delete "$1"
+ }
+
+ for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do
+ delete_subvolume_recursively "$i"
+ done
+
+ btrfs subvolume create /btrfs_tmp/root
+ umount /btrfs_tmp
+ '' else "");
+
+ environment.persistence."/persistent" = {
+ enable = config.monorepo.profiles.impermanence.enable;
+ hideMounts = true;
+ directories = [
+ "/var/log"
+ "/var/lib/bluetooth"
+ "/var/lib/nixos"
+ "/var/lib/systemd/coredump"
+ "/etc/NetworkManager/system-connections"
+ ];
+ files = [
+ "/etc/machine-id"
+ "/etc/matterbridge.toml"
+ { file = "/var/keys/secret_file"; parentDirectory = { mode = "u=rwx,g=,o="; }; }
+ ];
+ users."${config.monorepo.vars.userName}" = {
+ directories = [
+ "Downloads"
+ "music"
+ "Pictures"
+ "Documents"
+ "Videos"
+ "Monero"
+ "org"
+ "monorepo"
+ "soundfont"
+ "website_html"
+ "ardour"
+ "audacity"
+ "img"
+ "email"
+ "projects"
+ "secrets"
+
+ ".emacs.d"
+ ".elfeed"
+ ".electrum"
+ ".mozilla"
+ ".bitmonero"
+ ".config"
+ { directory = ".gnupg"; mode = "0700"; }
+ { directory = ".ssh"; mode = "0700"; }
+ { directory = ".local/share/keyrings"; mode = "0700"; }
+ ".local/share/direnv"
+ ];
+ files = [
+ ".emacs"
+ ];
+ };
+ };
+ }
+#+end_src
** Main Configuration
This is the backbone of the all the NixOS configurations, with all these options being shared
because they enhance security.
{
imports = [
./matterbridge.nix
+ ./mautrix.nix
./xserver.nix
./ssh.nix
./pipewire.nix
./ngircd.nix
./znc.nix
./docker.nix
+ ./impermanence.nix
];
documentation = {
"kernel.kptr_restrict" = 2;
# madaidan
- "kernel.smtcontrol" = "on";
+ "kernel.smtcontrol" = "on";
"vm.swappiness" = 1;
"vm.unprivileged_userfaultfd" = 0;
"dev.tty.ldisc_autoload" = 0;
{ lib, config, ... }:
let
spec = {
- disko.devices = {
- disk = {
- main = {
- type = "disk";
- device = config.monorepo.vars.device;
- content = {
- type = "gpt";
- partitions = {
- ESP = {
- priority = 1;
- name = "ESP";
- start = "1M";
- end = "128M";
- type = "EF00";
- content = {
- type = "filesystem";
- format = "vfat";
- mountpoint = "/boot";
- mountOptions = [ "umask=0077" ];
+ disko.devices = {
+ disk = {
+ main = {
+ type = "disk";
+ device = config.monorepo.vars.device;
+ content = {
+ type = "gpt";
+ partitions = {
+ ESP = {
+ size = "512M";
+ type = "EF00";
+ content = {
+ type = "filesystem";
+ format = "vfat";
+ mountpoint = "/boot";
+ mountOptions = [ "umask=0077" ];
+ };
};
- };
- root = {
- size = "100%";
- content = {
- type = "btrfs";
- extraArgs = [ "-f" ]; # Override existing partition
- mountpoint = "/";
- mountOptions = [
- "compress=zstd"
- "noatime"
- ];
+ luks = {
+ size = "100%";
+ content = {
+ type = "luks";
+ name = "crypted";
+ passwordFile = "/tmp/secret.key";
+ content = {
+ type = "btrfs";
+ extraArgs = [ "-f" ];
+ subvolumes = {
+ "/root" = {
+ mountpoint = "/";
+ mountOptions = [
+ "compress=zstd"
+ "noatime"
+ ];
+ };
+
+ "/home" = {
+ mountpoint = "/home";
+ mountOptions = [
+ "compress=zstd"
+ "noatime"
+ ];
+ };
+
+ "/nix" = {
+ mountpoint = "/nix";
+ mountOptions = [
+ "compress=zstd"
+ "noatime"
+ ];
+ };
+
+ "/persistent" = {
+ mountpoint = "/persistent";
+ mountOptions = [
+ "compress=zstd"
+ "noatime"
+ ];
+ };
+ };
+ };
+ };
};
};
};
};
};
};
- };
in
{
monorepo.vars.diskoSpec = spec;
lang-openscad.enable = lib.mkEnableOption "Enables openscad language support";
lang-js.enable = lib.mkEnableOption "Enables javascript language support";
lang-nix.enable = lib.mkEnableOption "Enables nix language support";
+ lang-idris.enable = lib.mkEnableOption "Enables idris language support";
+ lang-agda.enable = lib.mkEnableOption "Enables agda language support";
lang-coq.enable = lib.mkEnableOption "Enables coq language support";
lang-lean.enable = lib.mkEnableOption "Enables lean language support";
lang-haskell.enable = lib.mkEnableOption "Enables haskell language support";
gnumake
bear
clang-tools
+ autotools-language-server
]) else [])
++
(if config.monorepo.profiles.workstation.enable then (with pkgs; [
(if config.monorepo.profiles.lang-lean.enable then (with pkgs; [
lean4
]) else [])
+ ++
+ (if config.monorepo.profiles.lang-agda.enable then (with pkgs; [
+ agda
+ ]) else [])
+ ++
+ (if config.monorepo.profiles.lang-idris.enable then (with pkgs; [
+ idris
+ idris2Packages.idris2Lsp
+ ]) else [])
++
(if config.monorepo.profiles.lang-nix.enable then (with pkgs; [
nil
lang-coq.enable = lib.mkDefault config.monorepo.profiles.enable;
lang-lean.enable = lib.mkDefault config.monorepo.profiles.enable;
lang-haskell.enable = lib.mkDefault config.monorepo.profiles.enable;
+ lang-idris.enable = lib.mkDefault config.monorepo.profiles.enable;
+ lang-agda.enable = lib.mkDefault config.monorepo.profiles.enable;
crypto.enable = lib.mkDefault config.monorepo.profiles.enable;
art.enable = lib.mkDefault config.monorepo.profiles.enable;
enable = lib.mkDefault config.monorepo.profiles.graphics.enable;
package = pkgs.emacs-pgtk;
extraConfig = ''
- (setq debug-on-error t)
- (org-babel-load-file
- (expand-file-name "~/monorepo/config/emacs.org"))'';
+ (setq debug-on-error t)
+ (setq system-email "${config.monorepo.profiles.email.email}")
+ (setq system-username "${config.monorepo.vars.internetName}")
+ (setq system-fullname "${config.monorepo.vars.fullName}")
+ (org-babel-load-file
+ (expand-file-name "~/${config.monorepo.vars.repoName}/config/emacs.org"))'';
extraPackages = epkgs: [
+ epkgs.agda2-mode
epkgs.all-the-icons
epkgs.auctex
epkgs.catppuccin-theme
epkgs.company-solidity
epkgs.counsel
epkgs.dashboard
+ epkgs.doom-themes
epkgs.doom-modeline
epkgs.elfeed
epkgs.elfeed-org
epkgs.gruvbox-theme
epkgs.haskell-mode
epkgs.htmlize
+ epkgs.idris-mode
epkgs.irony-eldoc
epkgs.ivy
epkgs.ivy-pass
epkgs.lsp-mode
epkgs.lsp-haskell
epkgs.lyrics-fetcher
+ epkgs.mastodon
epkgs.magit
epkgs.magit-delta
epkgs.mu4e
"$mod, B, exec, bitcoin-qt"
"$mod, M, exec, monero-wallet-gui"
"$mod, V, exec, vesktop"
+ "$mod, C, exec, fluffychat"
"$mod, D, exec, wofi --show run"
"$mod, P, exec, bash ${scripts}/powermenu.sh"
"$mod, Q, killactive"
programs.mbsync = {
enable = lib.mkDefault config.monorepo.profiles.email.enable;
extraConfig = ''
- IMAPAccount ret2pop
+ IMAPAccount ${config.monorepo.vars.internetName}
Host ${config.monorepo.profiles.email.imapsServer}
User ${config.monorepo.profiles.email.email}
PassCmd "cat ${config.sops.secrets.mail.path}"
AuthMechs *
CertificateFile /etc/ssl/certs/ca-certificates.crt
- IMAPStore ret2pop-remote
- Account ret2pop
+ IMAPStore ${config.monorepo.vars.internetName}-remote
+ Account ${config.monorepo.vars.internetName}
- MaildirStore ret2pop-local
- Path ~/email/ret2pop/
- Inbox ~/email/ret2pop/INBOX
+ MaildirStore ${config.monorepo.vars.internetName}-local
+ Path ~/email/${config.monorepo.vars.internetName}/
+ Inbox ~/email/${config.monorepo.vars.internetName}/INBOX
SubFolders Verbatim
- Channel ret2pop
- Far :ret2pop-remote:
- Near :ret2pop-local:
+ Channel ${config.monorepo.vars.internetName}
+ Far :${config.monorepo.vars.internetName}-remote:
+ Near :${config.monorepo.vars.internetName}-local:
Patterns *
Create Near
Sync All
};
shellAliases = {
+ get-channel-id = "yt-dlp --print \"%(channel_id)s\" --playlist-end 1 \"$1\"";
se = "sops edit";
f = "vim $(fzf)";
e = "cd $(find . -type d -print | fzf)";
py = "python3";
rb = "sudo nixos-rebuild switch --flake $HOME/monorepo/nix#${systemHostName}";
nfu = "cd ~/monorepo/nix && git add . && git commit -m \"new flake lock\" && nix flake update";
- usync = "rsync -azvP --chmod=\"Du=rwx,Dg=rx,Do=rx,Fu=rw,Fg=r,Fo=r\" ~/website_html/ root@${config.monorepo.vars.remoteHost}:/var/www/ret2pop-website/";
+ usync = "rsync -azvP --chmod=\"Du=rwx,Dg=rx,Do=rx,Fu=rw,Fg=r,Fo=r\" ~/website_html/ root@${config.monorepo.vars.remoteHost}:/var/www/${config.monorepo.vars.internetName}-website/";
usite
- = "cd ~/src/publish-org-roam-ui && bash local.sh && rm -rf ~/website_html/graph_view; cp -r ~/src/publish-org-roam-ui/out ~/website_html/graph_view && rsync -azvP --chmod=\"Du=rwx,Dg=rx,Do=rx,Fu=rw,Fg=r,Fo=r\" ~/website_html/ root@${config.monorepo.vars.remoteHost}:/var/www/ret2pop-website/";
+ = "cd ~/src/publish-org-roam-ui && bash local.sh && rm -rf ~/website_html/graph_view; cp -r ~/src/publish-org-roam-ui/out ~/website_html/graph_view && rsync -azvP --chmod=\"Du=rwx,Dg=rx,Do=rx,Fu=rw,Fg=r,Fo=r\" ~/website_html/ root@${config.monorepo.vars.remoteHost}:/var/www/${config.monorepo.vars.internetName}-website/";
sai = "eval \"$(ssh-agent -s)\" && ssh-add ~/.ssh/id_ed25519 && ssh-add -l";
i3 = "exec ${pkgs.i3-gaps}/bin/i3";
};
SSL = true;
};
local-matrix = {
- Homeserver = "https://social.nullring.xyz";
+ Homeserver = "https://matrix.${config.monorepo.vars.orgHost}";
ListenAddress = "127.0.0.1";
ListenPort = "8008";
};
{
home = {
activation.startup-files = lib.hm.dag.entryAfter [ "installPackages" ] ''
- if [ ! -d "/home/${config.monorepo.vars.userName}/email/ret2pop/" ]; then
- mkdir -p /home/${config.monorepo.vars.userName}/email/ret2pop/
+ if [ ! -d "/home/${config.monorepo.vars.userName}/email/${config.monorepo.vars.internetName}/" ]; then
+ mkdir -p /home/${config.monorepo.vars.userName}/email/${config.monorepo.vars.internetName}/
fi
if [ ! -d "/home/${config.monorepo.vars.userName}/music" ]; then
mkdir -p /home/${config.monorepo.vars.userName}/music
# Apps
# octaveFull
- vesktop grim swww vim telegram-desktop qwen-code
+ vesktop grim swww vim telegram-desktop qwen-code fluffychat
# Sound/media
pavucontrol alsa-utils imagemagick ffmpeg helvum
torsocks tor-browser
# fonts
- nerd-fonts.iosevka noto-fonts noto-fonts-cjk-sans noto-fonts-emoji fira-code font-awesome_6
+ nerd-fonts.iosevka noto-fonts noto-fonts-cjk-sans noto-fonts-emoji fira-code font-awesome_6 victor-mono
(aspellWithDicts
(dicts: with dicts; [ en en-computers en-science ]))
{ config, sops-nix, ... }:
{
home-manager = {
-
sharedModules = [
sops-nix.homeManagerModules.sops
];
};
}
#+end_src
-** Includes
+** Common
These are the common includes for each of my systems. This ensures that we don't have to duplicate includes every time we want to add a new
-system.
-#+begin_src nix :tangle ../nix/systems/includes.nix
+system. Also more common configuration can go here.
+#+begin_src nix :tangle ../nix/systems/common.nix
{ config, lib, ... }:
{
imports = [
./home.nix
../modules/default.nix
];
+ # Put configuration (e.g. monorepo variable configuration) common to all configs here
+ }
+#+end_src
+** Home Manager Common
+#+begin_src nix :tangle ../nix/systems/home-common.nix
+ { lib, config, ... }:
+ {
+ imports = [
+ ../modules/home/default.nix
+ ];
+ # Put configuration (e.g. monorepo variable configuration) common to all configs here
}
#+end_src
** Continuity
{
imports = [
../../disko/drive-simple.nix
- ../includes.nix
+ ../common.nix
];
config = {
- # drive to install to
- monorepo.vars.device = "/dev/sda";
+ monorepo = {
+ profiles.impermanence.enable = true;
+ vars = {
+ device = "/dev/sda";
+ fileSystem = "btrfs";
+ };
+ };
};
}
#+end_src
{ lib, config, pkgs, ... }:
{
imports = [
- ../../modules/home/default.nix
+ ../home-common.nix
];
config.monorepo.profiles.workstation.enable = false;
}
{ config, lib, home-manager, ... }:
{
imports = [
- ../includes.nix
+ ../common.nix
../../disko/drive-simple.nix
];
config = {
{ lib, config, pkgs, ... }:
{
imports = [
- ../../modules/home/default.nix
+ ../home-common.nix
];
config.monorepo = {
profiles.cuda.enable = true;
Spontaneity is my VPS instance.
#+begin_src nix :tangle ../nix/systems/spontaneity/default.nix
{ config, lib, ... }:
+ let
+ ipv4addr = "66.42.84.130";
+ ipv6addr = "2001:19f0:5401:10d0:5400:5ff:fe4a:7794";
+ in
{
imports = [
- ../includes.nix
+ ../common.nix
+ ../../disko/drive-bios.nix
+
# nixos-anywhere generates this file
./hardware-configuration.nix
- ../../disko/drive-bios.nix
];
config = {
monorepo = {
networking = {
interfaces.ens3.ipv6.addresses = [
{
- address = "2001:19f0:5401:10d0:5400:5ff:fe4a:7794";
+ address = ipv6addr;
prefixLength = 64;
}
];
enable = true;
baseDomains = {
"${config.monorepo.vars.remoteHost}" = {
- a.data = "66.42.84.130";
- aaaa.data = "2001:19f0:5401:10d0:5400:5ff:fe4a:7794";
+ a.data = ipv4addr;
+ aaaa.data = ipv6addr;
};
- "nullring.xyz" = {
- a.data = "66.42.84.130";
- aaaa.data = "2001:19f0:5401:10d0:5400:5ff:fe4a:7794";
+ "${config.monorepo.vars.orgHost}" = {
+ a.data = ipv4addr;
+ aaaa.data = ipv6addr;
};
};
subDomains = {
mx.data = "10 mail.${config.monorepo.vars.remoteHost}.";
};
- "nullring.xyz" = {};
- "git.nullring.xyz" = {};
- "matrix.nullring.xyz" = {};
- "talk.nullring.xyz" = {};
- "mail.nullring.xyz" = {};
- "ret2pop.nullring.xyz" = {};
+ "${config.monorepo.vars.orgHost}" = {};
+ "git.${config.monorepo.vars.orgHost}" = {};
+ "matrix.${config.monorepo.vars.orgHost}" = {};
+ "talk.${config.monorepo.vars.orgHost}" = {};
+ "mail.${config.monorepo.vars.orgHost}" = {};
+ "${config.monorepo.vars.internetName}.${config.monorepo.vars.orgHost}" = {};
};
};
};
{ lib, config, pkgs, ... }:
{
imports = [
- ../../modules/home/default.nix
+ ../home-common.nix
];
config.monorepo.profiles.enable = false;
}
exit 1
fi
+ gum style --border normal --margin "1" --padding "1 2" "Notice: if using full disk encryption, write to /tmp/secret.key first with your password."
+
+ sleep 3
+
cd "$HOME"
ping -q -c1 google.com &>/dev/null && echo "online! Proceeding with the installation..." || nmtui
gum input --placeholder "Press Enter to continue" >/dev/null
vim "$HOME/monorepo/nix/systems/$SYSTEM/home.nix"
- sed -i "/# add hostnames here/i \ \"$1\"" "$HOME/monorepo/nix/flake.nix"
+ sed -i "/hostnames = \[/,/];/ s/];/ \"$1\"\n ];/" "$HOME/monorepo/nix/flake.nix"
if [ ! -f "$HOME/monorepo/nix/disko/$DRIVE" ]; then
cp "$HOME/monorepo/nix/disko/drive-simple.nix" "$HOME/monorepo/nix/disko/$DRIVE"
};
}
#+end_src
-* Add System Script
-Here is a script to add a new system automatically:
-#+begin_src bash :tangle ../nix/add-system.sh
- #!/usr/bin/env bash
- sed -i "/# add hostnames here/i \ \"$1\"" "$HOME/monorepo/nix/flake.nix"
- sed -i "/# add hostnames here/i \ \"$1\"" "$HOME/monorepo/config/nix.org"
-
- mkdir -p "$HOME/monorepo/nix/systems/$1"
-
- cat > "$HOME/monorepo/nix/systems/$1/default.nix" <<EOF
- { ... }:
- {
- imports = [
- ../includes.nix
- ../../disko/drive-simple.nix
- ];
- # CHANGEME
- config.monorepo.vars.drive = "/dev/sda";
- }
- EOF
-
- cp "$HOME/monorepo/nix/systems/continuity/home.nix" "$HOME/monorepo/nix/systems/$1/home.nix"
-#+end_src
-note that one will have to add some files to this org file afterwards, but this is a fine short term solution.
--- /dev/null
+#+TITLE: Daily Journal
+#+STARTUP: showeverything
+#+DESCRIPTION: My daily journal entry
+#+AUTHOR: Preston Pan
+#+HTML_HEAD: <link rel="stylesheet" type="text/css" href="../style.css" />
+#+html_head: <script src="https://polyfill.io/v3/polyfill.min.js?features=es6"></script>
+#+html_head: <script id="MathJax-script" async src="https://cdn.jsdelivr.net/npm/mathjax@3/es5/tex-mml-chtml.js"></script>
+#+options: broken-links:t
+* Friday, 12 September 2025
+** 23:46
+Charlie Kirk died.
--- /dev/null
+#+TITLE: Daily Journal
+#+STARTUP: showeverything
+#+DESCRIPTION: My daily journal entry
+#+AUTHOR: Preston Pan
+#+HTML_HEAD: <link rel="stylesheet" type="text/css" href="../style.css" />
+#+html_head: <script src="https://polyfill.io/v3/polyfill.min.js?features=es6"></script>
+#+html_head: <script id="MathJax-script" async src="https://cdn.jsdelivr.net/npm/mathjax@3/es5/tex-mml-chtml.js"></script>
+#+options: broken-links:t
+* Sunday, 14 September 2025
+** 02:17
+I'm working on some more topology, specifically relating to product spaces. I also plan on cleaning up my house today.
+A lot of my life is solitary, and in many ways that is nice.
--- /dev/null
+#+TITLE: Daily Journal
+#+STARTUP: showeverything
+#+DESCRIPTION: My daily journal entry
+#+AUTHOR: Preston Pan
+#+HTML_HEAD: <link rel="stylesheet" type="text/css" href="../style.css" />
+#+html_head: <script src="https://polyfill.io/v3/polyfill.min.js?features=es6"></script>
+#+html_head: <script id="MathJax-script" async src="https://cdn.jsdelivr.net/npm/mathjax@3/es5/tex-mml-chtml.js"></script>
+#+options: broken-links:t
+* Monday, 15 September 2025
+** 01:19
+I am currently trying to do the practice problems for this chapter.
--- /dev/null
+#+TITLE: Daily Journal
+#+STARTUP: showeverything
+#+DESCRIPTION: My daily journal entry
+#+AUTHOR: Preston Pan
+#+HTML_HEAD: <link rel="stylesheet" type="text/css" href="../style.css" />
+#+html_head: <script src="https://polyfill.io/v3/polyfill.min.js?features=es6"></script>
+#+html_head: <script id="MathJax-script" async src="https://cdn.jsdelivr.net/npm/mathjax@3/es5/tex-mml-chtml.js"></script>
+#+options: broken-links:t
+* Tuesday, 16 September 2025
+** 03:13
+I am doing more topology, and i'm realizing that these questions related to product spaces are easy.
+Still, I hope that I'm able to complete this fast enough.
--- /dev/null
+#+TITLE: Daily Journal
+#+STARTUP: showeverything
+#+DESCRIPTION: My daily journal entry
+#+AUTHOR: Preston Pan
+#+HTML_HEAD: <link rel="stylesheet" type="text/css" href="../style.css" />
+#+html_head: <script src="https://polyfill.io/v3/polyfill.min.js?features=es6"></script>
+#+html_head: <script id="MathJax-script" async src="https://cdn.jsdelivr.net/npm/mathjax@3/es5/tex-mml-chtml.js"></script>
+#+options: broken-links:t
+* Wednesday, 17 September 2025
+** 03:39
+I just set up the discord-matrix bridge, and I ate with my friend today. I have been a bit tired recently;
+I should figure out what's up with that with a blood test at some point.
+++ /dev/null
-#!/usr/bin/env bash
-sed -i "/# add hostnames here/i \ \"$1\"" "$HOME/monorepo/nix/flake.nix"
-sed -i "/# add hostnames here/i \ \"$1\"" "$HOME/monorepo/config/nix.org"
-
-mkdir -p "$HOME/monorepo/nix/systems/$1"
-
-cat > "$HOME/monorepo/nix/systems/$1/default.nix" <<EOF
-{ ... }:
-{
- imports = [
- ../includes.nix
- ../../disko/drive-simple.nix
- ];
- # CHANGEME
- config.monorepo.vars.drive = "/dev/sda";
-}
-EOF
-
-cp "$HOME/monorepo/nix/systems/continuity/home.nix" "$HOME/monorepo/nix/systems/$1/home.nix"
{ lib, config, ... }:
let
spec = {
- disko.devices = {
- disk = {
- main = {
- type = "disk";
- device = config.monorepo.vars.device;
- content = {
- type = "gpt";
- partitions = {
- ESP = {
- priority = 1;
- name = "ESP";
- start = "1M";
- end = "128M";
- type = "EF00";
- content = {
- type = "filesystem";
- format = "vfat";
- mountpoint = "/boot";
- mountOptions = [ "umask=0077" ];
+ disko.devices = {
+ disk = {
+ main = {
+ type = "disk";
+ device = config.monorepo.vars.device;
+ content = {
+ type = "gpt";
+ partitions = {
+ ESP = {
+ size = "512M";
+ type = "EF00";
+ content = {
+ type = "filesystem";
+ format = "vfat";
+ mountpoint = "/boot";
+ mountOptions = [ "umask=0077" ];
+ };
};
- };
- root = {
- size = "100%";
- content = {
- type = "btrfs";
- extraArgs = [ "-f" ]; # Override existing partition
- mountpoint = "/";
- mountOptions = [
- "compress=zstd"
- "noatime"
- ];
+ luks = {
+ size = "100%";
+ content = {
+ type = "luks";
+ name = "crypted";
+ passwordFile = "/tmp/secret.key";
+ content = {
+ type = "btrfs";
+ extraArgs = [ "-f" ];
+ subvolumes = {
+ "/root" = {
+ mountpoint = "/";
+ mountOptions = [
+ "compress=zstd"
+ "noatime"
+ ];
+ };
+
+ "/home" = {
+ mountpoint = "/home";
+ mountOptions = [
+ "compress=zstd"
+ "noatime"
+ ];
+ };
+
+ "/nix" = {
+ mountpoint = "/nix";
+ mountOptions = [
+ "compress=zstd"
+ "noatime"
+ ];
+ };
+
+ "/persistent" = {
+ mountpoint = "/persistent";
+ mountOptions = [
+ "compress=zstd"
+ "noatime"
+ ];
+ };
+ };
+ };
+ };
};
};
};
};
};
};
-};
in
{
monorepo.vars.diskoSpec = spec;
"type": "github"
}
},
+ "impermanence": {
+ "locked": {
+ "lastModified": 1737831083,
+ "narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=",
+ "owner": "nix-community",
+ "repo": "impermanence",
+ "rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-community",
+ "repo": "impermanence",
+ "type": "github"
+ }
+ },
"lanzaboote": {
"inputs": {
"crane": "crane",
"deep-research": "deep-research",
"disko": "disko",
"home-manager": "home-manager",
+ "impermanence": "impermanence",
"lanzaboote": "lanzaboote",
"nix-topology": "nix-topology",
"nixos-dns": "nixos-dns",
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nur.url = "github:nix-community/NUR";
sops-nix.url = "github:Mic92/sops-nix";
+
scripts.url = "github:ret2pop/scripts";
wallpapers.url = "github:ret2pop/wallpapers";
sounds.url = "github:ret2pop/sounds";
+ deep-research.url = "github:ret2pop/ollama-deep-researcher";
+ impermanence.url = "github:nix-community/impermanence";
+
nix-topology = {
url = "github:oddlama/nix-topology";
inputs.nixpkgs.follows = "nixpkgs";
};
- deep-research = {
- url = "github:ret2pop/ollama-deep-researcher";
- };
+
home-manager = {
url = "github:nix-community/home-manager/release-25.05";
inputs.nixpkgs.follows = "nixpkgs";
};
+
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
+
lanzaboote = {
url = "github:nix-community/lanzaboote/v0.4.1";
inputs.nixpkgs.follows = "nixpkgs";
};
+
nixos-dns = {
url = "github:Janik-Haag/nixos-dns";
inputs.nixpkgs.follows = "nixpkgs";
};
};
- outputs = { self, nixpkgs, home-manager, nur, disko, lanzaboote, sops-nix, nix-topology, nixos-dns, deep-research, ... }@attrs:
+ outputs = {
+ self,
+ nixpkgs,
+ home-manager,
+ nur,
+ disko,
+ lanzaboote,
+ sops-nix,
+ nix-topology,
+ nixos-dns,
+ deep-research,
+ impermanence,
+ ...
+ }
+ @attrs:
let
- hostnames = [
- "affinity"
- "continuity"
- "installer"
- "spontaneity"
- # add hostnames here
- ];
-
+ vars = import ./flakevars.nix;
system = "x86_64-linux";
-
pkgs = import nixpkgs { inherit system; };
-
generate = nixos-dns.utils.generate nixpkgs.legacyPackages."${system}";
dnsConfig = {
# function that generates all systems from hostnames
mkConfigs = map (hostname: {name = "${hostname}";
- value = nixpkgs.lib.nixosSystem {
- inherit system;
- specialArgs = attrs;
- modules = if (hostname == "installer") then [
- (./. + "/systems/${hostname}/default.nix")
- { networking.hostName = "${hostname}"; }
- nix-topology.nixosModules.default
- ] else [
- {
- environment.systemPackages = with nixpkgs.lib; [
- deep-research.packages."${system}".deep-research
- ];
- }
- nix-topology.nixosModules.default
- lanzaboote.nixosModules.lanzaboote
- disko.nixosModules.disko
- home-manager.nixosModules.home-manager
- sops-nix.nixosModules.sops
- nixos-dns.nixosModules.dns
- {
- nixpkgs.overlays = [ nur.overlays.default ];
- home-manager.extraSpecialArgs = attrs // { systemHostName = "${hostname}"; };
- networking.hostName = "${hostname}";
- }
- (./. + "/systems/${hostname}/default.nix")
- ];
- };
- });
+ value = nixpkgs.lib.nixosSystem {
+ inherit system;
+ specialArgs = attrs;
+ modules = if (hostname == "installer") then [
+ (./. + "/systems/${hostname}/default.nix")
+ { networking.hostName = "${hostname}"; }
+ nix-topology.nixosModules.default
+ ] else [
+ {
+ environment.systemPackages = with nixpkgs.lib; [
+ deep-research.packages."${system}".deep-research
+ ];
+ }
+ impermanence.nixosModules.impermanence
+ nix-topology.nixosModules.default
+ lanzaboote.nixosModules.lanzaboote
+ disko.nixosModules.disko
+ home-manager.nixosModules.home-manager
+ sops-nix.nixosModules.sops
+ nixos-dns.nixosModules.dns
+ {
+ nixpkgs.overlays = [ nur.overlays.default ];
+ home-manager.extraSpecialArgs = attrs // { systemHostName = "${hostname}"; };
+ networking.hostName = "${hostname}";
+ }
+ (./. + "/systems/${hostname}/default.nix")
+ ];
+ };
+ });
mkDiskoFiles = map (hostname: {
name = "${hostname}";
value = self.nixosConfigurations."${hostname}".config.monorepo.vars.diskoSpec;
});
+ in
+ {
+ nixosConfigurations = builtins.listToAttrs (mkConfigs vars.hostnames);
- in {
- nixosConfigurations = builtins.listToAttrs (mkConfigs hostnames);
-
- evalDisko = builtins.listToAttrs (mkDiskoFiles (builtins.filter (x: x != "installer") hostnames));
+ evalDisko = builtins.listToAttrs (mkDiskoFiles (builtins.filter (x: x != "installer") vars.hostnames));
- topology."${system}" = import nix-topology {
- pkgs = import nixpkgs {
- inherit system;
- overlays = [ nix-topology.overlays.default ];
+ topology."${system}" = import nix-topology {
+ pkgs = import nixpkgs {
+ inherit system;
+ overlays = [ nix-topology.overlays.default ];
+ };
+ modules = [
+ ./topology/default.nix
+ { nixosConfigurations = self.nixosConfigurations; }
+ ];
};
- modules = [
- ./topology/default.nix
- { nixosConfigurations = self.nixosConfigurations; }
- ];
- };
- devShell."${system}" = with pkgs; mkShell {
- buildInputs = [
- fira-code
- python3
- poetry
- statix
- deadnix
- ];
- };
+ devShell."${system}" = with pkgs; mkShell {
+ buildInputs = [
+ fira-code
+ python3
+ poetry
+ statix
+ deadnix
+ ];
+ };
- packages."${system}" = {
- zoneFiles = generate.zoneFiles dnsConfig;
- octodns = generate.octodnsConfig {
- inherit dnsConfig;
-
- config = {
- providers = {
- cloudflare = {
- class = "octodns_cloudflare.CloudflareProvider";
- token = "env/CLOUDFLARE_TOKEN";
- };
- config = {
- check_origin = false;
+ packages."${system}" = {
+ zoneFiles = generate.zoneFiles dnsConfig;
+ octodns = generate.octodnsConfig {
+ inherit dnsConfig;
+
+ config = {
+ providers = {
+ cloudflare = {
+ class = "octodns_cloudflare.CloudflareProvider";
+ token = "env/CLOUDFLARE_TOKEN";
+ };
+ config = {
+ check_origin = false;
+ };
};
};
- };
- zones = {
- "ret2pop.net." = nixos-dns.utils.octodns.generateZoneAttrs [ "cloudflare" ];
- "nullring.xyz." = nixos-dns.utils.octodns.generateZoneAttrs [ "cloudflare" ];
+ zones = {
+ "${vars.remoteHost}." = nixos-dns.utils.octodns.generateZoneAttrs [ "cloudflare" ];
+ "${vars.orgHost}." = nixos-dns.utils.octodns.generateZoneAttrs [ "cloudflare" ];
+ };
};
};
};
- };
}
--- /dev/null
+let
+ # I'm ret2pop! What's your name?
+ internetName = "ret2pop";
+in
+{
+ # Name of spontaneity box
+ remoteHost = "${internetName}.net";
+
+ # Your internet name
+ internetName = internetName;
+
+ # Name of your organization
+ orgHost = "nullring.xyz";
+
+ # Hostnames of my systems
+ hostnames = [
+ "affinity"
+ "continuity"
+ "spontaneity"
+ "installer"
+ ];
+}
services.matrix-conduit = {
enable = lib.mkDefault config.monorepo.profiles.server.enable;
settings.global = {
- server_name = "matrix.${config.monorepo.vars.remoteHost}";
+ server_name = "matrix.${config.monorepo.vars.orgHost}";
trusted_servers = [
"matrix.org"
"nixos.org"
+ "conduit.rs"
];
address = "0.0.0.0";
port = 6167;
{
imports = [
./matterbridge.nix
+ ./mautrix.nix
./xserver.nix
./ssh.nix
./pipewire.nix
./ngircd.nix
./znc.nix
./docker.nix
+ ./impermanence.nix
];
documentation = {
"kernel.kptr_restrict" = 2;
# madaidan
- "kernel.smtcontrol" = "on";
+ "kernel.smtcontrol" = "on";
"vm.swappiness" = 1;
"vm.unprivileged_userfaultfd" = 0;
"dev.tty.ldisc_autoload" = 0;
ttyonly.enable = lib.mkEnableOption "TTY only, no xserver";
grub.enable = lib.mkEnableOption "Enables grub instead of systemd-boot";
workstation.enable = lib.mkEnableOption "Enables workstation services";
+ impermanence.enable = lib.mkEnableOption "Enables imperamanence";
};
};
};
config = {
- environment.systemPackages = lib.mkIf config.monorepo.profiles.documentation.enable (with pkgs; [
+ environment.systemPackages = lib.mkIf config.monorepo.profiles.documentation.enable ((with pkgs; [
linux-manual
man-pages
man-pages-posix
iproute2
silver-searcher
ripgrep
- ]);
+ ]) ++
+ (if (config.monorepo.vars.fileSystem == "btrfs") then with pkgs; [
+ btrfs-progs
+ btrfs-snap
+ btrfs-list
+ btrfs-heatmap
+ ] else []));
+
boot.loader.grub = lib.mkIf config.monorepo.profiles.grub.enable {
enable = true;
};
pipewire.enable = lib.mkDefault true;
tor.enable = lib.mkDefault true;
home.enable = lib.mkDefault true;
+ impermanence.enable = lib.mkDefault false;
};
};
};
--- /dev/null
+{ lib, config, ... }:
+{
+ services.heisenbridge = {
+ enable = true;
+ registrationUrl = "http://localhost:6167";
+ owner = "@ret2pop:matrix.nullring.xyz";
+ homeserver = "http://localhost:6167";
+ };
+}
lang-openscad.enable = lib.mkEnableOption "Enables openscad language support";
lang-js.enable = lib.mkEnableOption "Enables javascript language support";
lang-nix.enable = lib.mkEnableOption "Enables nix language support";
+ lang-idris.enable = lib.mkEnableOption "Enables idris language support";
+ lang-agda.enable = lib.mkEnableOption "Enables agda language support";
lang-coq.enable = lib.mkEnableOption "Enables coq language support";
lang-lean.enable = lib.mkEnableOption "Enables lean language support";
lang-haskell.enable = lib.mkEnableOption "Enables haskell language support";
gnumake
bear
clang-tools
+ autotools-language-server
]) else [])
++
(if config.monorepo.profiles.workstation.enable then (with pkgs; [
(if config.monorepo.profiles.lang-lean.enable then (with pkgs; [
lean4
]) else [])
+ ++
+ (if config.monorepo.profiles.lang-agda.enable then (with pkgs; [
+ agda
+ ]) else [])
+ ++
+ (if config.monorepo.profiles.lang-idris.enable then (with pkgs; [
+ idris
+ idris2Packages.idris2Lsp
+ ]) else [])
++
(if config.monorepo.profiles.lang-nix.enable then (with pkgs; [
nil
lang-coq.enable = lib.mkDefault config.monorepo.profiles.enable;
lang-lean.enable = lib.mkDefault config.monorepo.profiles.enable;
lang-haskell.enable = lib.mkDefault config.monorepo.profiles.enable;
+ lang-idris.enable = lib.mkDefault config.monorepo.profiles.enable;
+ lang-agda.enable = lib.mkDefault config.monorepo.profiles.enable;
crypto.enable = lib.mkDefault config.monorepo.profiles.enable;
art.enable = lib.mkDefault config.monorepo.profiles.enable;
enable = lib.mkDefault config.monorepo.profiles.graphics.enable;
package = pkgs.emacs-pgtk;
extraConfig = ''
- (setq debug-on-error t)
- (org-babel-load-file
- (expand-file-name "~/monorepo/config/emacs.org"))'';
+(setq debug-on-error t)
+(setq system-email "${config.monorepo.profiles.email.email}")
+(setq system-username "${config.monorepo.vars.internetName}")
+(setq system-fullname "${config.monorepo.vars.fullName}")
+(org-babel-load-file
+ (expand-file-name "~/${config.monorepo.vars.repoName}/config/emacs.org"))'';
extraPackages = epkgs: [
+ epkgs.agda2-mode
epkgs.all-the-icons
epkgs.auctex
epkgs.catppuccin-theme
epkgs.company-solidity
epkgs.counsel
epkgs.dashboard
+ epkgs.doom-themes
epkgs.doom-modeline
epkgs.elfeed
epkgs.elfeed-org
epkgs.gruvbox-theme
epkgs.haskell-mode
epkgs.htmlize
+ epkgs.idris-mode
epkgs.irony-eldoc
epkgs.ivy
epkgs.ivy-pass
epkgs.lsp-mode
epkgs.lsp-haskell
epkgs.lyrics-fetcher
+ epkgs.mastodon
epkgs.magit
epkgs.magit-delta
epkgs.mu4e
"$mod, B, exec, bitcoin-qt"
"$mod, M, exec, monero-wallet-gui"
"$mod, V, exec, vesktop"
+ "$mod, C, exec, fluffychat"
"$mod, D, exec, wofi --show run"
"$mod, P, exec, bash ${scripts}/powermenu.sh"
"$mod, Q, killactive"
programs.mbsync = {
enable = lib.mkDefault config.monorepo.profiles.email.enable;
extraConfig = ''
- IMAPAccount ret2pop
+ IMAPAccount ${config.monorepo.vars.internetName}
Host ${config.monorepo.profiles.email.imapsServer}
User ${config.monorepo.profiles.email.email}
PassCmd "cat ${config.sops.secrets.mail.path}"
AuthMechs *
CertificateFile /etc/ssl/certs/ca-certificates.crt
- IMAPStore ret2pop-remote
- Account ret2pop
+ IMAPStore ${config.monorepo.vars.internetName}-remote
+ Account ${config.monorepo.vars.internetName}
- MaildirStore ret2pop-local
- Path ~/email/ret2pop/
- Inbox ~/email/ret2pop/INBOX
+ MaildirStore ${config.monorepo.vars.internetName}-local
+ Path ~/email/${config.monorepo.vars.internetName}/
+ Inbox ~/email/${config.monorepo.vars.internetName}/INBOX
SubFolders Verbatim
- Channel ret2pop
- Far :ret2pop-remote:
- Near :ret2pop-local:
+ Channel ${config.monorepo.vars.internetName}
+ Far :${config.monorepo.vars.internetName}-remote:
+ Near :${config.monorepo.vars.internetName}-local:
Patterns *
Create Near
Sync All
SSL = true;
};
local-matrix = {
- Homeserver = "https://social.nullring.xyz";
+ Homeserver = "https://matrix.${config.monorepo.vars.orgHost}";
ListenAddress = "127.0.0.1";
ListenPort = "8008";
};
{
home = {
activation.startup-files = lib.hm.dag.entryAfter [ "installPackages" ] ''
- if [ ! -d "/home/${config.monorepo.vars.userName}/email/ret2pop/" ]; then
- mkdir -p /home/${config.monorepo.vars.userName}/email/ret2pop/
+ if [ ! -d "/home/${config.monorepo.vars.userName}/email/${config.monorepo.vars.internetName}/" ]; then
+ mkdir -p /home/${config.monorepo.vars.userName}/email/${config.monorepo.vars.internetName}/
fi
if [ ! -d "/home/${config.monorepo.vars.userName}/music" ]; then
mkdir -p /home/${config.monorepo.vars.userName}/music
# Apps
# octaveFull
- vesktop grim swww vim telegram-desktop qwen-code
+ vesktop grim swww vim telegram-desktop qwen-code fluffychat
# Sound/media
pavucontrol alsa-utils imagemagick ffmpeg helvum
torsocks tor-browser
# fonts
- nerd-fonts.iosevka noto-fonts noto-fonts-cjk-sans noto-fonts-emoji fira-code font-awesome_6
+ nerd-fonts.iosevka noto-fonts noto-fonts-cjk-sans noto-fonts-emoji fira-code font-awesome_6 victor-mono
(aspellWithDicts
(dicts: with dicts; [ en en-computers en-science ]))
};
shellAliases = {
+ get-channel-id = "yt-dlp --print \"%(channel_id)s\" --playlist-end 1 \"$1\"";
se = "sops edit";
f = "vim $(fzf)";
e = "cd $(find . -type d -print | fzf)";
py = "python3";
rb = "sudo nixos-rebuild switch --flake $HOME/monorepo/nix#${systemHostName}";
nfu = "cd ~/monorepo/nix && git add . && git commit -m \"new flake lock\" && nix flake update";
- usync = "rsync -azvP --chmod=\"Du=rwx,Dg=rx,Do=rx,Fu=rw,Fg=r,Fo=r\" ~/website_html/ root@${config.monorepo.vars.remoteHost}:/var/www/ret2pop-website/";
+ usync = "rsync -azvP --chmod=\"Du=rwx,Dg=rx,Do=rx,Fu=rw,Fg=r,Fo=r\" ~/website_html/ root@${config.monorepo.vars.remoteHost}:/var/www/${config.monorepo.vars.internetName}-website/";
usite
- = "cd ~/src/publish-org-roam-ui && bash local.sh && rm -rf ~/website_html/graph_view; cp -r ~/src/publish-org-roam-ui/out ~/website_html/graph_view && rsync -azvP --chmod=\"Du=rwx,Dg=rx,Do=rx,Fu=rw,Fg=r,Fo=r\" ~/website_html/ root@${config.monorepo.vars.remoteHost}:/var/www/ret2pop-website/";
+ = "cd ~/src/publish-org-roam-ui && bash local.sh && rm -rf ~/website_html/graph_view; cp -r ~/src/publish-org-roam-ui/out ~/website_html/graph_view && rsync -azvP --chmod=\"Du=rwx,Dg=rx,Do=rx,Fu=rw,Fg=r,Fo=r\" ~/website_html/ root@${config.monorepo.vars.remoteHost}:/var/www/${config.monorepo.vars.internetName}-website/";
sai = "eval \"$(ssh-agent -s)\" && ssh-add ~/.ssh/id_ed25519 && ssh-add -l";
i3 = "exec ${pkgs.i3-gaps}/bin/i3";
};
--- /dev/null
+{ lib, config, ... }:
+{
+ services.honk = {
+ enable = config.monorepo.vars.ttyonly;
+ servername = "ret2pop.net";
+ username = "ret2pop";
+ };
+}
--- /dev/null
+{ lib, config, ... }:
+{
+ assertions = [
+ {
+ assertion = ! (config.monorepo.profiles.impermanence.enable && (! (config.monorepo.vars.filesystem == "btrfs")));
+ message = "Impermanence requires btrfs filesystem.";
+ }
+ ];
+
+ boot.initrd.postResumeCommands = (if config.monorepo.profiles.impermanence.enable then lib.mkAfter ''
+ mkdir /btrfs_tmp
+ mount /dev/root_vg/root /btrfs_tmp
+ if [[ -e /btrfs_tmp/root ]]; then
+ mkdir -p /btrfs_tmp/old_roots
+ timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S")
+ mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
+ fi
+
+ delete_subvolume_recursively() {
+ IFS=$'\n'
+ for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
+ delete_subvolume_recursively "/btrfs_tmp/$i"
+ done
+ btrfs subvolume delete "$1"
+ }
+
+ for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do
+ delete_subvolume_recursively "$i"
+ done
+
+ btrfs subvolume create /btrfs_tmp/root
+ umount /btrfs_tmp
+ '' else "");
+
+ environment.persistence."/persistent" = {
+ enable = config.monorepo.profiles.impermanence.enable;
+ hideMounts = true;
+ directories = [
+ "/var/log"
+ "/var/lib/bluetooth"
+ "/var/lib/nixos"
+ "/var/lib/systemd/coredump"
+ "/etc/NetworkManager/system-connections"
+ ];
+ files = [
+ "/etc/machine-id"
+ "/etc/matterbridge.toml"
+ { file = "/var/keys/secret_file"; parentDirectory = { mode = "u=rwx,g=,o="; }; }
+ ];
+ users."${config.monorepo.vars.userName}" = {
+ directories = [
+ "Downloads"
+ "music"
+ "Pictures"
+ "Documents"
+ "Videos"
+ "Monero"
+ "org"
+ "monorepo"
+ "soundfont"
+ "website_html"
+ "ardour"
+ "audacity"
+ "img"
+ "email"
+ "projects"
+ "secrets"
+
+ ".emacs.d"
+ ".elfeed"
+ ".electrum"
+ ".mozilla"
+ ".bitmonero"
+ ".config"
+ { directory = ".gnupg"; mode = "0700"; }
+ { directory = ".ssh"; mode = "0700"; }
+ { directory = ".local/share/keyrings"; mode = "0700"; }
+ ".local/share/direnv"
+ ];
+ files = [
+ ".emacs"
+ ];
+ };
+ };
+}
services.maddy = {
enable = lib.mkDefault config.monorepo.profiles.server.enable;
openFirewall = true;
- primaryDomain = "${config.monorepo.vars.remoteHost}";
+ hostName = "${config.monorepo.vars.remoteHost}";
+ primaryDomain = "mail.${config.monorepo.vars.remoteHost}";
tls = {
loader = "acme";
};
"imap tls://0.0.0.0:993 tcp://0.0.0.0:143"
"submission tls://0.0.0.0:465 tcp://0.0.0.0:587"
] options.services.maddy.config.default;
+ ensureCredentials = {
+ "${config.monorepo.vars.userName}@localhost" = {
+ passwordFile = "/secrets/${config.monorepo.vars.userName}-localhost";
+ };
+ };
};
}
--- /dev/null
+{ lib, config, ... }:
+{
+ services.mautrix-discord = {
+ enable = lib.mkDefault config.monorepo.profiles.server.enable;
+ environmentFile = "/etc/mautrix";
+ settings = {
+ bridge = {
+ animated_sticker = {
+ args = {
+ fps = 25;
+ height = 320;
+ width = 320;
+ };
+ target = "webp";
+ };
+ autojoin_thread_on_open = true;
+ avatar_proxy_key = "generate";
+ backfill = {
+ forward_limits = {
+ initial = {
+ channel = 0;
+ dm = 0;
+ thread = 0;
+ };
+ max_guild_members = -1;
+ missed = {
+ channel = 0;
+ dm = 0;
+ thread = 0;
+ };
+ };
+ };
+ cache_media = "unencrypted";
+ channel_name_template = "{{if or (eq .Type 3) (eq .Type 4)}}{{.Name}}{{else}}#{{.Name}}{{end}}";
+ command_prefix = "!discord";
+ custom_emoji_reactions = true;
+ delete_guild_on_leave = true;
+ delete_portal_on_channel_delete = false;
+ delivery_receipts = false;
+ direct_media = {
+ allow_proxy = true;
+ enabled = false;
+ server_key = "generate";
+ };
+ displayname_template = "{{if .Webhook}}Webhook{{else}}{{or .GlobalName .Username}}{{if .Bot}} (bot){{end}}{{end}}";
+ double_puppet_allow_discovery = true;
+ double_puppet_server_map = { };
+ embed_fields_as_tables = true;
+ enable_webhook_avatars = true;
+ encryption = {
+ allow = false;
+ allow_key_sharing = false;
+ appservice = false;
+ default = false;
+ delete_keys = {
+ delete_fully_used_on_decrypt = false;
+ delete_on_device_delete = false;
+ delete_outbound_on_ack = false;
+ delete_outdated_inbound = false;
+ delete_prev_on_new_session = false;
+ dont_store_outbound = false;
+ periodically_delete_expired = false;
+ ratchet_on_decrypt = false;
+ };
+ msc4190 = false;
+ plaintext_mentions = false;
+ require = false;
+ rotation = {
+ disable_device_change_key_rotation = false;
+ enable_custom = false;
+ messages = 100;
+ milliseconds = 604800000;
+ };
+ verification_levels = {
+ receive = "unverified";
+ send = "unverified";
+ share = "cross-signed-tofu";
+ };
+ };
+ federate_rooms = true;
+ guild_name_template = "{{.Name}}";
+ login_shared_secret_map = { };
+ management_room_text = {
+ additional_help = "";
+ welcome = "Hello, I'm a Discord bridge bot.";
+ welcome_connected = "Use `help` for help.";
+ welcome_unconnected = "Use `help` for help or `login` to log in.";
+ };
+ message_error_notices = true;
+ message_status_events = false;
+ mute_channels_on_create = false;
+ permissions = {
+ "@${config.monorepo.vars.internetName}:matrix.${config.monorepo.vars.orgHost}" = "admin";
+ "*" = "user";
+ };
+ portal_message_buffer = 128;
+ prefix_webhook_messages = true;
+ private_chat_portal_meta = "default";
+ provisioning = {
+ debug_endpoints = false;
+ prefix = "/_matrix/provision";
+ shared_secret = "generate";
+ };
+ public_address = null;
+ resend_bridge_info = false;
+ restricted_rooms = false;
+ startup_private_channel_create_limit = 5;
+ sync_direct_chat_list = false;
+ use_discord_cdn_upload = true;
+ username_template = "discord_{{.}}";
+ };
+
+ appservice = {
+ address = "http://localhost:29334";
+ hostname = "0.0.0.0";
+ port = 29334;
+ id = "discord";
+ bot = {
+ username = "discordbot";
+ displayname = "Discord bridge bot";
+ avatar = "mxc://maunium.net/nIdEykemnwdisvHbpxflpDlC";
+ };
+ ephemeral_events = true;
+ async_transactions = false;
+ database = {
+ type = "sqlite3";
+ uri = "file:${config.services.mautrix-discord.dataDir}/mautrix-discord.db?_txlock=immediate";
+ max_open_conns = 20;
+ max_idle_conns = 2;
+ max_conn_idle_time = null;
+ max_conn_lifetime = null;
+ };
+ as_token = "$MAUTRIX_DISCORD_APPSERVICE_AS_TOKEN";
+ hs_token = "$MAUTRIX_DISCORD_APPSERVICE_HS_TOKEN";
+ };
+
+ dataDir = "/var/lib/mautrix-discord";
+ homeserver = {
+ async_media = false;
+ message_send_checkpoint_endpoint = null;
+ ping_interval_seconds = 0;
+ software = "standard";
+ status_endpoint = null;
+ websocket = false;
+ domain = "matrix.${config.monorepo.vars.orgHost}";
+ address = "http://localhost:6167";
+ };
+ };
+ };
+}
hostName = "0.0.0.0";
welcometext = "Wecome to the Null Murmur instance!";
registerName = "nullring";
- registerHostname = "nullring.xyz";
- sslCert = "/var/lib/acme/nullring.xyz/fullchain.pem";
- sslKey = "/var/lib/acme/nullring.xyz/sslKey.pem";
+ registerHostname = "${config.monorepo.vars.orgHost}";
+ sslCert = "/var/lib/acme/${config.monorepo.vars.orgHost}/fullchain.pem";
+ sslKey = "/var/lib/acme/${config.monorepo.vars.orgHost}/sslKey.pem";
};
}
};
virtualHosts = {
- "matrix.${config.monorepo.vars.remoteHost}" = {
+ "matrix.${config.monorepo.vars.orgHost}" = {
enableACME = true;
forceSSL = true;
listen = [
};
"${config.monorepo.vars.remoteHost}" = {
serverName = "${config.monorepo.vars.remoteHost}";
- serverAliases = [ "ret2pop.nullring.xyz" ];
- root = "/var/www/ret2pop-website/";
+ serverAliases = [ "${config.monorepo.vars.internetName}.${config.monorepo.vars.orgHost}" ];
+ root = "/var/www/${config.monorepo.vars.internetName}-website/";
addSSL = true;
enableACME = true;
};
- "nullring.xyz" = {
- serverName = "nullring.xyz";
+ "${config.monorepo.vars.orgHost}" = {
+ serverName = "${config.monorepo.vars.orgHost}";
root = "/var/www/nullring/";
addSSL = true;
enableACME = true;
enable = lib.mkDefault config.monorepo.profiles.server.enable;
config = ''
[Global]
- Name = nullring.xyz
+ Name = ${config.monorepo.vars.orgHost}
Info = NullRing IRC Instance
Listen = 0.0.0.0
MotdFile = /etc/motd.txt
[Options]
PAM = no
[SSL]
- CertFile = /var/lib/acme/nullring.xyz/fullchain.pem
+ CertFile = /var/lib/acme/${config.monorepo.vars.orgHost}/fullchain.pem
CipherList = HIGH:!aNULL:@STRENGTH:!SSLv3
- KeyFile = /var/lib/acme/nullring.xyz/key.pem
+ KeyFile = /var/lib/acme/${config.monorepo.vars.orgHost}/key.pem
Ports = 6697
'';
};
{ config, lib, ... }:
{
services.ollama = {
- enable = lib.mkDefault (!config.monorepo.profiles.ttyonly.enable);
+ enable = lib.mkDefault (!config.monorepo.profiles.server.enable);
acceleration = if (config.monorepo.profiles.workstation.enable) then "cuda" else null;
- loadModels = [
+ loadModels = if (config.monorepo.profiles.workstation.enable) then [
"qwen3:30b"
"qwen3-coder:latest"
"qwen2.5-coder:latest"
- "qwen2.5-coder:3b"
"gemma3:12b-it-qat"
+ ] else [
+ "qwen3:0.6b"
+ "qwen2.5-coder:0.5b"
];
host = "0.0.0.0";
openFirewall = true;
{ lib, ... }:
+let
+ vars = import ../flakevars.nix;
+in
{
options.monorepo.vars = {
device = lib.mkOption {
description = "device that NixOS is installed to";
};
+ internetName = lib.mkOption {
+ type = lib.types.str;
+ default = "${vars.internetName}";
+ example = "myinternetname";
+ description = "Internet name to be used for internet usernames";
+ };
+
+ repoName = lib.mkOption {
+ type = lib.types.str;
+ default = "monorepo";
+ example = "myreponame";
+ description = "Name of this repository";
+ };
+
fileSystem = lib.mkOption {
type = lib.types.str;
default = "ext4";
remoteHost = lib.mkOption {
type = lib.types.str;
- default = "ret2pop.net";
+ default = "${vars.remoteHost}";
example = "example.com";
description = "Address to push to and pull from for website and git repos";
};
+ orgHost = lib.mkOption {
+ type = lib.types.str;
+ default = "${vars.orgHost}";
+ example = "orgname.org";
+ description = "Domain name of your organization";
+ };
+
timeZone = lib.mkOption {
type = lib.types.str;
default = "America/Vancouver";
{ config, lib, home-manager, ... }:
{
imports = [
- ../includes.nix
+ ../common.nix
../../disko/drive-simple.nix
];
config = {
{ lib, config, pkgs, ... }:
{
imports = [
- ../../modules/home/default.nix
+ ../home-common.nix
];
config.monorepo = {
profiles.cuda.enable = true;
--- /dev/null
+{ config, lib, ... }:
+{
+ imports = [
+ ./home.nix
+ ../modules/default.nix
+ ];
+ # Put configuration (e.g. monorepo variable configuration) common to all configs here
+}
{
imports = [
../../disko/drive-simple.nix
- ../includes.nix
+ ../common.nix
];
config = {
- # drive to install to
- monorepo.vars.device = "/dev/sda";
+ monorepo = {
+ profiles.impermanence.enable = true;
+ vars = {
+ device = "/dev/sda";
+ fileSystem = "btrfs";
+ };
+ };
};
}
{ lib, config, pkgs, ... }:
{
imports = [
- ../../modules/home/default.nix
+ ../home-common.nix
];
config.monorepo.profiles.workstation.enable = false;
}
--- /dev/null
+{ lib, config, ... }:
+{
+ imports = [
+ ../modules/home/default.nix
+ ];
+ # Put configuration (e.g. monorepo variable configuration) common to all configs here
+}
{ config, sops-nix, ... }:
{
home-manager = {
-
sharedModules = [
sops-nix.homeManagerModules.sops
];
+++ /dev/null
-{ config, lib, ... }:
-{
- imports = [
- ./home.nix
- ../modules/default.nix
- ];
-}
exit 1
fi
+gum style --border normal --margin "1" --padding "1 2" "Notice: if using full disk encryption, write to /tmp/secret.key first with your password."
+
+sleep 3
+
cd "$HOME"
ping -q -c1 google.com &>/dev/null && echo "online! Proceeding with the installation..." || nmtui
gum input --placeholder "Press Enter to continue" >/dev/null
vim "$HOME/monorepo/nix/systems/$SYSTEM/home.nix"
- sed -i "/# add hostnames here/i \ \"$1\"" "$HOME/monorepo/nix/flake.nix"
+ sed -i "/hostnames = \[/,/];/ s/];/ \"$1\"\n ];/" "$HOME/monorepo/nix/flake.nix"
if [ ! -f "$HOME/monorepo/nix/disko/$DRIVE" ]; then
cp "$HOME/monorepo/nix/disko/drive-simple.nix" "$HOME/monorepo/nix/disko/$DRIVE"
{ config, lib, ... }:
+let
+ ipv4addr = "66.42.84.130";
+ ipv6addr = "2001:19f0:5401:10d0:5400:5ff:fe4a:7794";
+in
{
imports = [
- ../includes.nix
+ ../common.nix
+ ../../disko/drive-bios.nix
+
# nixos-anywhere generates this file
./hardware-configuration.nix
- ../../disko/drive-bios.nix
];
config = {
monorepo = {
networking = {
interfaces.ens3.ipv6.addresses = [
{
- address = "2001:19f0:5401:10d0:5400:5ff:fe4a:7794";
+ address = ipv6addr;
prefixLength = 64;
}
];
firewall.allowedTCPPorts = [
80
+ 143
443
465
+ 587
993
- 8448
6697
6667
+ 8448
];
domains = {
enable = true;
baseDomains = {
"${config.monorepo.vars.remoteHost}" = {
- a.data = "66.42.84.130";
- aaaa.data = "2001:19f0:5401:10d0:5400:5ff:fe4a:7794";
+ a.data = ipv4addr;
+ aaaa.data = ipv6addr;
};
- "nullring.xyz" = {
- a.data = "66.42.84.130";
- aaaa.data = "2001:19f0:5401:10d0:5400:5ff:fe4a:7794";
+ "${config.monorepo.vars.orgHost}" = {
+ a.data = ipv4addr;
+ aaaa.data = ipv6addr;
};
};
subDomains = {
"${config.monorepo.vars.remoteHost}" = {};
"matrix.${config.monorepo.vars.remoteHost}" = {};
"www.${config.monorepo.vars.remoteHost}" = {};
- "mail.${config.monorepo.vars.remoteHost}" = {};
+ "mail.${config.monorepo.vars.remoteHost}" = {
+ mx.data = "10 mail.${config.monorepo.vars.remoteHost}.";
+ };
- "nullring.xyz" = {};
- "git.nullring.xyz" = {};
- "matrix.nullring.xyz" = {};
- "talk.nullring.xyz" = {};
- "mail.nullring.xyz" = {};
- "ret2pop.nullring.xyz" = {};
+ "${config.monorepo.vars.orgHost}" = {};
+ "git.${config.monorepo.vars.orgHost}" = {};
+ "matrix.${config.monorepo.vars.orgHost}" = {};
+ "talk.${config.monorepo.vars.orgHost}" = {};
+ "mail.${config.monorepo.vars.orgHost}" = {};
+ "${config.monorepo.vars.internetName}.${config.monorepo.vars.orgHost}" = {};
};
};
};
{ lib, config, pkgs, ... }:
{
imports = [
- ../../modules/home/default.nix
+ ../home-common.nix
];
config.monorepo.profiles.enable = false;
}
projects / monorepo.git / commitdiff