* Habits
These are some habits I want to track. They are repeated according to a calendar schedule in
general.
+** TODO Supplements
+SCHEDULED: <2025-03-22 Sat .+1d>
+:PROPERTIES:
+:LAST_REPEAT: [2025-03-21 Fri 04:48]
+:END:
+- State "DONE" from "TODO" [2025-03-21 Fri 04:48]
+- State "DONE" from "TODO" [2025-03-13 Thu 09:52]
+- State "DONE" from "TODO" [2025-03-11 Tue 00:34]
+- State "DONE" from "TODO" [2025-03-10 Mon 23:23]
+- State "DONE" from "TODO" [2025-03-10 Mon 01:08]
+Current stack:
+- Iron
+- Vitamin D3
+- EPA/DHA
+** TODO Pushups
+SCHEDULED: <2025-03-22 Sat .+1d>
+:PROPERTIES:
+:LAST_REPEAT: [2025-03-21 Fri 04:49]
+:END:
+- State "DONE" from "TODO" [2025-03-21 Fri 04:49]
+- State "DONE" from "TODO" [2025-03-11 Tue 00:16]
+I want to be healthy.
** TODO Run
SCHEDULED: <2025-02-11 Tue .+1d>
I want to be able to run or bike every day so that I get my exercise in.
- State "DONE" from "TODO" [2025-01-11 Sat 02:26]
I want to stretch every day so that I can become more flexible.
** TODO Journal
-SCHEDULED: <2025-03-03 Mon .+1d>
+SCHEDULED: <2025-03-22 Sat .+1d>
:PROPERTIES:
-:LAST_REPEAT: [2025-03-02 Sun 05:38]
+:LAST_REPEAT: [2025-03-21 Fri 04:49]
:END:
+- State "DONE" from "TODO" [2025-03-21 Fri 04:49]
+- State "DONE" from "TODO" [2025-03-13 Thu 09:55]
+- State "DONE" from "TODO" [2025-03-11 Tue 00:57]
- State "DONE" from "TODO" [2025-03-02 Sun 05:38]
- State "DONE" from "TODO" [2025-02-20 Thu 22:07]
- State "DONE" from "TODO" [2025-02-18 Tue 01:44]
institutions for guidance historically. We have given them unchecked
cultural power. These people set trends -- and what's in fashion 20
years from now isn't decided in elections. It's decided in a Harvard
-thesis today. But this begs the question -- if they're so wrong
+thesis today. But this begs the question: if they're so wrong
about communism, what else could they be so wrong about? If we can't
trust them on the worst idea in history, why must we trust them on
anything at all?
(setq system-email "ret2pop@gmail.com")
-(setq system-username "prestonpan")
+(setq system-username "ret2pop")
(setq system-fullname "Preston Pan")
(use-package emacs
(defun matrix-org ()
(interactive)
(ement-connect))
+ (defun gimp-org ()
+ (interactive)
+ (erc-tls :server "irc.gimp.org"
+ :port "6697"))
:config
(general-create-definer leader-key :prefix "SPC")
(leader-key 'normal
"i p c" '(prestonpan :wk "Connect to my IRC server")
"i l c" '(liberachat :wk "Connect to libera chat server")
"i e c" '(efnet :wk "Connect to efnet chat server")
+ "i g c" '(gimp-org :wk "Connect to gimp chat server")
"h" '(:ignore t :wk "Documentation")
"h v" '(counsel-describe-variable :wk "Describe variable")
"h f" '(counsel-describe-function :wk "Describe function")
Change these variables:
#+begin_src emacs-lisp
(setq system-email "ret2pop@gmail.com")
- (setq system-username "prestonpan")
+ (setq system-username "ret2pop")
(setq system-fullname "Preston Pan")
#+end_src
** Emacs
(defun matrix-org ()
(interactive)
(ement-connect))
+ (defun gimp-org ()
+ (interactive)
+ (erc-tls :server "irc.gimp.org"
+ :port "6697"))
:config
(general-create-definer leader-key :prefix "SPC")
(leader-key 'normal
"i p c" '(prestonpan :wk "Connect to my IRC server")
"i l c" '(liberachat :wk "Connect to libera chat server")
"i e c" '(efnet :wk "Connect to efnet chat server")
+ "i g c" '(gimp-org :wk "Connect to gimp chat server")
"h" '(:ignore t :wk "Documentation")
"h v" '(counsel-describe-variable :wk "Describe variable")
"h f" '(counsel-describe-function :wk "Describe function")
};
zones = {
"ret2pop.net." = nixos-dns.utils.octodns.generateZoneAttrs [ "cloudflare" ];
+ "nullring.xyz." = nixos-dns.utils.octodns.generateZoneAttrs [ "cloudflare" ];
};
};
};
linux-manual
man-pages
man-pages-posix
+ iproute2
]);
boot.loader.grub = lib.mkIf config.monorepo.profiles.grub.enable {
enable = true;
configuration. NixOS might be moving to IPFS for binary cache distribution and package
distribution soon, and I'm waiting on that.
#+begin_src nix :tangle ../nix/modules/kubo.nix
-{ config, pkgs, ... }:
+{ config, pkgs, lib, ... }:
{
services.kubo = {
- enable = true;
+ enable = lib.mkDefault config.monorepo.profiles.workstation.enable;
};
}
#+end_src
+** Murmur
+#+begin_src nix :tangle ../nix/modules/murmur.nix
+ { lib, config, ... }:
+ {
+ services.murmur = {
+ enable = lib.mkDefault config.monorepo.profiles.server.enable;
+ logFile = "/var/log/murmur.log";
+ openFirewall = true;
+ hostName = "0.0.0.0";
+ welcometext = "Wecome to the Null Murmur instance!";
+ registerName = "nullring";
+ registerHostname = "nullring.xyz";
+ sslCert = "/var/lib/acme/nullring.xyz/fullchain.pem";
+ sslKey = "/var/lib/acme/nullring.xyz/sslKey.pem";
+ };
+ }
+#+end_src
** i2pd
I use i2p for some p2p connections. We enable it with the server profile:
#+begin_src nix :tangle ../nix/modules/i2pd.nix
};
}
#+end_src
+** Icecast
+This is an internet radio which will host a ton of music.
+#+begin_src nix :tangle ../nix/modules/icecast.nix
+ { lib, config, ... }:
+ {
+ services.icecast = {
+ enable = lib.mkDefault config.monorepo.profiles.server.enable;
+ listen.address = "0.0.0.0";
+ extraConfig = ''
+ <mount type="default">
+ <public>0</public>
+ <intro>/stream.m3u</intro>
+ <max-listener-duration>3600</max-listener-duration>
+ <authentication type="url">
+ <option name="mount_add" value="http://auth.example.org/stream_start.php"/>
+ </authentication>
+ <http-headers>
+ <header name="foo" value="bar" />
+ </http-headers>
+ </mount>
+ '';
+ };
+ admin.password = "changeme";
+ }
+#+end_src
+** IRC
+A great protocol. It's the most widely usable by any netizen, as it is
+just pure plaintext and the operating costs are trivial.
+*** NgIRCD
+I run my own IRC server to bridge with my Matrix server and my discord guild.
+#+begin_src nix :tangle ../nix/modules/ngircd.nix
+ { lib, config, ... }:
+ {
+ services.ngircd = {
+ enable = lib.mkDefault config.monorepo.profiles.server.enable;
+ config = ''
+ [Global]
+ Name = nullring.xyz
+ Info = NullRing IRC Instance
+ Listen = 0.0.0.0
+ MotdFile = /etc/motd.txt
+ Network = NullRing
+ Ports = 6667
+ [Options]
+ PAM = no
+ [SSL]
+ CertFile = /var/lib/acme/nullring.xyz/fullchain.pem
+ CipherList = HIGH:!aNULL:@STRENGTH:!SSLv3
+ KeyFile = /var/lib/acme/nullring.xyz/key.pem
+ Ports = 6697
+ '';
+ };
+ environment.etc."motd.txt" = {
+ source = ../data/motd.txt;
+ mode = "644";
+ user = "ngircd";
+ group = "ngircd";
+ };
+ }
+#+end_src
+*** MOTD
+I also have a MOTD file that I want to add, which displays when users
+connect to the server:
+#+begin_src fundamental :tangle ../nix/data/motd.txt
+ Welcome to the NullRing experience!
+ The main channel is #nullring; we're glad to have you!
+
+ Rules:
+ 1. Don't be annoying.
+ 2. No illegal content.
+ And if you're here to have constructive, philisophical and theoretical
+ conversations, this is the place for you!
+#+end_src
+*** ZNC
+I want to be able to create some sort of identity persistence on IRC
+for users:
+#+begin_src nix :tangle ../nix/modules/znc.nix
+ { lib, config, ... }:
+ {
+ services.znc = {
+ enable = lib.mkDefault config.monorepo.profiles.server.enable;
+ openFirewall = true;
+ confOptions = {
+ useSSL = true;
+ passBlock = ''
+ <Pass password>
+ Method = sha256
+ Hash = d4abdd69aa24de69693885c5bd83a4a0e9ee989e1a69a905041b0dad9abc06ea
+ Salt = sDY,?H5AxC-!gH3a.:)D
+ </Pass>
+ '';
+ modules = [
+ "partyline"
+ "webadmin"
+ "adminlog"
+ "log"
+ ];
+ networks = {
+ "libera" = {
+ server = "irc.libera.chat";
+ port = 6697;
+ useSSL = true;
+ modules = [ "simple_away" ];
+ };
+ };
+ };
+ };
+ }
+#+end_src
+Note that the password hash and whatnot is completely random so there
+is almost no point to cracking it with hashcat.
+** Conduit
+This is a modern matrix server that is meant to be lightweight while
+still federating and hosting the same protocol.
+#+begin_src nix :tangle ../nix/modules/conduit.nix
+ { config, lib, ... }:
+ {
+ services.matrix-conduit = {
+ enable = lib.mkDefault config.monorepo.profiles.server.enable;
+ settings.global = {
+ server_name = "matrix.${config.monorepo.vars.remoteHost}";
+ trusted_servers = [
+ "matrix.org"
+ "nixos.org"
+ ];
+ address = "0.0.0.0";
+ port = 6167;
+ allow_registration = true;
+ };
+ };
+ }
+#+end_src
+** Matterbridge
+Then I want to connect all these servers together with Matterbridge:
+#+begin_src nix :tangle ../nix/modules/matterbridge.nix
+ { lib, config, ... }:
+ {
+ services.matterbridge = {
+ enable = lib.mkDefault config.monorepo.profiles.server.enable;
+ configPath = "/etc/matterbridge.toml";
+ };
+ }
+#+end_src
** Ollama
Use ollama for serving large language models to my other computers.
#+begin_src nix :tangle ../nix/modules/ollama.nix
};
}
#+end_src
-** Dovecot
-My server sets up dovecot in order to use imaps.
-#+begin_src nix :tangle ../nix/modules/dovecot.nix
- { config, lib, ... }:
- {
- services.dovecot2 = {
- enable = lib.mkDefault config.monorepo.profiles.server.enable;
- enableImap = true;
- enablePop3 = true;
- };
- }
-#+end_src
-** Postfix
-Use postfix as an smtps server.
-#+begin_src nix :tangle ../nix/modules/postfix.nix
- { config, lib, ... }:
- {
- services.postfix = {
- enable = lib.mkDefault config.monorepo.profiles.server.enable;
- config = {
- };
- };
- }
-#+end_src
** Git Server
+I run my own git server in order to have a mirror in case github goes down.
#+begin_src nix :tangle ../nix/modules/git-daemon.nix
{ config, lib, ... }:
{
}
#+end_src
** Nginx
+These are all my virtual hosts. For many of these servers we have to
+have a reverse proxy in order to expose the locally running instances
+to the outside world under a domain.
#+begin_src nix :tangle ../nix/modules/nginx.nix
{ config, lib, services, ... }:
{
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
-
- # Only allow PFS-enabled ciphers with AES256
- # sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
-
appendHttpConfig = '''';
gitweb = {
};
"${config.monorepo.vars.remoteHost}" = {
serverName = "${config.monorepo.vars.remoteHost}";
+ serverAliases = [ "ret2pop.nullring.xyz" ];
root = "/var/www/ret2pop-website/";
addSSL = true;
enableACME = true;
};
+
+ "nullring.xyz" = {
+ serverName = "nullring.xyz";
+ root = "/var/www/nullring/";
+ addSSL = true;
+ enableACME = true;
+ };
+
+ "mail.${config.monorepo.vars.remoteHost}" = {
+ serverName = "mail.${config.monorepo.vars.remoteHost}";
+ root = "/var/www/dummy";
+ addSSL = true;
+ enableACME = true;
+ };
};
};
}
#+end_src
** Git Web Interface
+I enable the git web interface to show off my git repos to the
+world. This was the easiest frontend to set up on NixOS.
#+begin_src nix :tangle ../nix/modules/gitweb.nix
{ lib, config, ... }:
{
};
}
#+end_src
-** Conduit
-#+begin_src nix :tangle ../nix/modules/conduit.nix
- { config, lib, ... }:
- {
- services.matrix-conduit = {
- enable = lib.mkDefault config.monorepo.profiles.server.enable;
- settings.global = {
- server_name = "matrix.${config.monorepo.vars.remoteHost}";
- trusted_servers = [
- "matrix.org"
- "nixos.org"
- ];
- address = "0.0.0.0";
- port = 6167;
- allow_registration = true;
- };
- };
- }
-#+end_src
** Nvidia
#+begin_src nix :tangle ../nix/modules/nvidia.nix
{ config, lib, pkgs, ... }:
] else []);
}
#+end_src
+** Maddy
+#+begin_src nix :tangle ../nix/modules/maddy.nix
+ { lib, config, options, ... }:
+ {
+ services.maddy = {
+ enable = lib.mkDefault config.monorepo.profiles.server.enable;
+ openFirewall = true;
+ primaryDomain = "ret2pop.net";
+ tls = {
+ loader = "acme";
+ };
+ config = builtins.replaceStrings [
+ "imap tcp://0.0.0.0:143"
+ "submission tcp://0.0.0.0:587"
+ ] [
+ "imap tls://0.0.0.0:993 tcp://0.0.0.0:143"
+ "submission tls://0.0.0.0:465 tcp://0.0.0.0:587"
+ ] options.services.maddy.config.default;
+ };
+ }
+#+end_src
** Main Configuration
This is the backbone of the all the NixOS configurations, with all these options being shared
because they enhance security.
{ config, pkgs, lib, ... }:
{
imports = [
+ ./matterbridge.nix
./xserver.nix
./ssh.nix
./pipewire.nix
./cuda.nix
./nginx.nix
./git-daemon.nix
- ./postfix.nix
- ./dovecot.nix
./ollama.nix
./i2pd.nix
./gitweb.nix
./conduit.nix
./bitcoin.nix
+ ./murmur.nix
+ ./ngircd.nix
+ ./znc.nix
];
documentation = {
users.groups.nginx = lib.mkDefault {};
users.groups.git = lib.mkDefault {};
+ users.groups.ircd = lib.mkDefault {};
+
users.users = {
- nginx.group = "nginx";
- nginx.isSystemUser = lib.mkDefault true;
- nginx.extraGroups = [
- "acme"
- ];
+ ngircd = {
+ isSystemUser = lib.mkDefault true;
+ extraGroups = [ "acme" "nginx" ];
+ };
+
+ ircd = {
+ isSystemUser = lib.mkDefault true;
+ group = "ircd";
+ home = "/home/ircd";
+ };
+
+ nginx = {
+ group = "nginx";
+ isSystemUser = lib.mkDefault true;
+ extraGroups = [
+ "acme"
+ ];
+ };
+
root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICts6+MQiMwpA+DfFQxjIN214Jn0pCw/2BDvOzPhR/H2 preston@continuity-dell"
];
bear
clang-tools
]) else [])
- ++
+ ++
+ (if config.monorepo.profiles.workstation.enable then (with pkgs; [
+ open-webui
+ mumble
+ ]) else [])
+ ++
(if config.monorepo.profiles.lang-js.enable then (with pkgs; [
nodejs
bun
kdenlive
kicad
reaper
+ murmur
]) else []);
monorepo.profiles = {
programs.emacs =
{
enable = lib.mkDefault config.monorepo.profiles.graphics.enable;
- package = pkgs.emacs29-pgtk;
+ package = pkgs.emacs30-pgtk;
extraConfig = ''
(setq debug-on-error t)
(org-babel-load-file
This mpd configuration uses pipewire by default, and it should just work if you place music
in the ~~/music~ directory and then run ~mpc add /~ afterwards.
#+begin_src nix :tangle ../nix/modules/home/mpd.nix
-{ lib, config, ... }:
-{
- services.mpd = {
- enable = lib.mkDefault config.monorepo.profiles.music.enable;
- dbFile = "/home/${config.monorepo.vars.userName}/.config/mpd/db";
- dataDir = "/home/${config.monorepo.vars.userName}/.config/mpd/";
- network.port = 6600;
- musicDirectory = "/home/${config.monorepo.vars.userName}/music";
- playlistDirectory = "/home/${config.monorepo.vars.userName}/.config/mpd/playlists";
- network.listenAddress = "0.0.0.0";
- extraConfig = ''
- audio_output {
- type "pipewire"
- name "pipewire output"
- }
- audio_output {
- type "httpd"
- name "My HTTP Stream"
- encoder "opus" # optional
- port "8000"
- # quality "5.0" # do not define if bitrate is defined
- bitrate "128000" # do not define if quality is defined
- format "48000:16:1"
- always_on "yes" # prevent MPD from disconnecting all listeners when playback is stopped.
- tags "yes" # httpd supports sending tags to listening streams.
- }
- '';
- };
-}
+ { lib, config, ... }:
+ {
+ services.mpd = {
+ enable = lib.mkDefault config.monorepo.profiles.music.enable;
+ dbFile = "/home/${config.monorepo.vars.userName}/.config/mpd/db";
+ dataDir = "/home/${config.monorepo.vars.userName}/.config/mpd/";
+ network.port = 6600;
+ musicDirectory = "/home/${config.monorepo.vars.userName}/music";
+ playlistDirectory = "/home/${config.monorepo.vars.userName}/.config/mpd/playlists";
+ network.listenAddress = "0.0.0.0";
+ extraConfig = ''
+ audio_output {
+ type "pipewire"
+ name "pipewire output"
+ }
+ audio_output {
+ type "httpd"
+ name "My HTTP Stream"
+ encoder "opus" # optional
+ port "8000"
+ # quality "5.0" # do not define if bitrate is defined
+ bitrate "128000" # do not define if quality is defined
+ format "48000:16:1"
+ always_on "yes" # prevent MPD from disconnecting all listeners when playback is stopped.
+ tags "yes" # httpd supports sending tags to listening streams.
+ }
+ audio_output {
+ type "shout"
+ encoding "ogg"
+ name "my cool stream"
+ host "localhost"
+ port "8000"
+ mount "/example.ogg"
+ user "source"
+ password "<source-password>"
+
+ bitrate "64"
+ format "44100:16:1"
+ description "Nullring public radio"
+ }
+ '';
+ };
+ }
#+end_src
*** MPV
I have some emacs + yt-dlp integrations with mpv with my rss feed, and therefore we need it
firewall.allowedTCPPorts = [
80
443
+ 465
+ 993
8448
+ 6697
+ 6667
];
domains = {
enable = true;
a.data = "66.42.84.130";
aaaa.data = "2001:19f0:5401:10d0:5400:5ff:fe4a:7794";
};
+ "nullring.xyz" = {
+ a.data = "66.42.84.130";
+ aaaa.data = "2001:19f0:5401:10d0:5400:5ff:fe4a:7794";
+ };
};
subDomains = {
- "${config.monorepo.vars.remoteHost}" = {};
+ "${config.monorepo.vars.remoteHost}" = {};
"matrix.${config.monorepo.vars.remoteHost}" = {};
"www.${config.monorepo.vars.remoteHost}" = {};
+ "mail.${config.monorepo.vars.remoteHost}" = {};
+
+ "nullring.xyz" = {};
+ "matrix.nullring.xyz" = {};
+ "talk.nullring.xyz" = {};
+ "mail.nullring.xyz" = {};
+ "ret2pop.nullring.xyz" = {};
};
};
};
--- /dev/null
+#+TITLE: Daily Journal
+#+STARTUP: showeverything
+#+DESCRIPTION: My daily journal entry
+#+AUTHOR: Preston Pan
+#+HTML_HEAD: <link rel="stylesheet" type="text/css" href="../style.css" />
+#+html_head: <script src="https://polyfill.io/v3/polyfill.min.js?features=es6"></script>
+#+html_head: <script id="MathJax-script" async src="https://cdn.jsdelivr.net/npm/mathjax@3/es5/tex-mml-chtml.js"></script>
+#+options: broken-links:t
+* Thursday, 13 March 2025
+** 09:52
+I slept three hours only. Yesterday I set up a mumble server, and I'm
+going to set up more of the mumble config and probably update my DNS
+records to reflect it. Also, I'm going to probably update my DNS
+records to point to my new VPS soon, hopefully after I migrate all my
+services over.
--- /dev/null
+#+TITLE: Daily Journal
+#+STARTUP: showeverything
+#+DESCRIPTION: My daily journal entry
+#+AUTHOR: Preston Pan
+#+HTML_HEAD: <link rel="stylesheet" type="text/css" href="../style.css" />
+#+html_head: <script src="https://polyfill.io/v3/polyfill.min.js?features=es6"></script>
+#+html_head: <script id="MathJax-script" async src="https://cdn.jsdelivr.net/npm/mathjax@3/es5/tex-mml-chtml.js"></script>
+#+options: broken-links:t
+* Monday, 17 March 2025
+** 01:43
+I just saw Matthew today at UBC and we talked for a bit about things
+that we had already talked about for some time; I got a 3d printed box
+and discussed the possibility of 3d printing a bell siphon for my
+future aquaponics setup; Ainslie messaged someone on facebook
+marketplace for a 55 Gallon blue barrel for my aquaponics setup and
+I'm planning on having the cycling mechanism done in a couple
+weeks. I'm going to need a saw of some kind in order to cut pieces out
+of these barrels, but that, and a hand drill, are the only tools I
+will need (most likely), as well as some supports in order to suspend
+the barrels.
+
+I'm considering starting a vlog, and I really should start making
+videos, and I really should start making music and whatnot.
+** 22:23
+I am currently refactoring some of my NixOS VPS configs and I will
+eventually have all the servers that I want hosted done in NixOS.
--- /dev/null
+#+TITLE: Daily Journal
+#+STARTUP: showeverything
+#+DESCRIPTION: My daily journal entry
+#+AUTHOR: Preston Pan
+#+HTML_HEAD: <link rel="stylesheet" type="text/css" href="../style.css" />
+#+html_head: <script src="https://polyfill.io/v3/polyfill.min.js?features=es6"></script>
+#+html_head: <script id="MathJax-script" async src="https://cdn.jsdelivr.net/npm/mathjax@3/es5/tex-mml-chtml.js"></script>
+#+options: broken-links:t
+* Friday, 21 March 2025
+** 04:27
+Journaling again. I've been on a roll! Except not really. I haven't
+been brushing my teeth like I should and I need to do the dishes. I
+also need to keep my physical health in order by doing pushups and
+cardio, which I haven't been doing. Though, the aquaponics setup is
+going to be done soon as I've already ordered everything for it. Sans
+the plants and the fish, of course. I need to cycle the system until
+there are bacteria growing in the bed that actually fixes ammonia. I
+think in order to do this I will need these bacteria from other setups
+and I will need to seed it. However this shouldn't be too much of an
+issue and worst case they occur naturally.
+
+I want to work on a section of my website that's dedicated to naming
+all my services, and I want to work on the mindmap more
+also. Hopefully that will be fruitful.
+** 04:47
+I forgot to mention that Asimov needs a front and back rack. I ordered
+the front rack but it turns out that I actually need this other part
+in order for it to mount. That's fine though -- I ordered that too.
* Introduction
This is my journal. It's basically my everyday life, or at least the part that I can make public
(not many personal details although there will be some). I will also be posting some TODOs that
-I have throughout time.
+I have throughout time. I use the following [[file:../names.org][object names]] when I
+reference my system, so that may be confusing for some, though it is
+clearly documented in the above.
** Entries
@@html: <div class="links-page">@@
--- /dev/null
+#+title: Sol: A Life OS
+#+author: Preston Pan
+#+description: A technology enhnaced sovereign life operating system for the modern age
+#+html_head: <link rel="stylesheet" type="text/css" href="../style.css" />
+#+html_head: <link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png">
+#+html_head: <link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png">
+#+html_head: <link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png">
+#+html_head: <link rel="manifest" href="/site.webmanifest">
+#+html_head: <link rel="mask-icon" href="/safari-pinned-tab.svg" color="#5bbad5">
+#+html_head: <meta name="msapplication-TileColor" content="#da532c">
+#+html_head: <meta name="theme-color" content="#ffffff">
+#+html_head: <meta name="viewport" content="width=1000;" />
+#+language: en
+#+OPTIONS: broken-links:t
+
+* Introduction
+Sol is the name of my life operating system. It is the aggregation of all notable tools that I use
+in order to impose both structure and meaning on the world. The completed version may feature a
+sailboat along with the tools below. Note that a ton of other stuff is contained within the system,
+but they have no names as of yet. With that being said, here are the names:
+
+* Names
+- Affinity: My desktop configuration
+- Continuity: My laptop configuration
+- Spontaneity: My VPS server configuration
+- Agility: My nix-on-droid flake
+- Curiosity: My robot vacuum
+- Ingenuity: My (future) 3d printer
+- Vitality: My Aquaponics setup, and the name of the Raspberry Pi Zero2 that powers the system.
+- Asimov: My homemade ebike
+- Olive: My folding knife
+- Blueprint: Bryan Johnson's protocol that I am trying to integrate more of
+Note that Asimov will have an amateur radio antenna on it, and perhaps I will also carry a couple of
+solar panels, and a tent and other things needed for shelter whenever I need to go bikepacking with
+an ebike.
--- /dev/null
+set -e # Exit on error
+
+# Ensure required environment variables are set
+#: "${MATTERBRIDGE_DISCORD_TOKEN:?Need to set MATTERBRIDGE_DISCORD_TOKEN}"
+: "${MATTERBRIDGE_MATRIX_PASS:?Need to set MATTERBRIDGE_MATRIX_PASS}"
+
+# Define paths
+TEMPLATE_CONFIG="matterbridge.toml"
+GENERATED_CONFIG="matterbridge.built.toml"
+REMOTE_SERVER="root@nullring.xyz"
+REMOTE_PATH="/etc/matterbridge.toml"
+
+# Generate config file
+sed "s|\${MATTERBRIDGE_MATRIX_PASS}|$MATTERBRIDGE_MATRIX_PASS|g" $TEMPLATE_CONFIG > $GENERATED_CONFIG
+
+# Securely transfer to server
+scp "$GENERATED_CONFIG" "$REMOTE_SERVER:$REMOTE_PATH"
+
+# Restart Matterbridge service
+ssh "$REMOTE_SERVER" "sudo systemctl restart matterbridge"
+
+# delete config file with secrets from repo
+shred -u "$GENERATED_CONFIG"
+
+echo "✅ Matterbridge config deployed successfully!"
--- /dev/null
+[matrix.mymatrix]
+Server="https://matrix.ret2pop.net"
+Login="bridge"
+Password="${MATTERBRIDGE_MATRIX_PASS}"
+RemoteNickFormat="[{PROTOCOL}] <{NICK}> "
+NoHomeServerSuffix=true
+
+[irc.myirc]
+Server="nullring.xyz:6697"
+Nick="bridge"
+RemoteNickFormat="[{PROTOCOL}] <{NICK}> "
+UseTLS=true
+SkipTLSVerify=true
+
+[[gateway]]
+name="gateway1"
+enable=true
+
+[[gateway.inout]]
+account="matrix.mymatrix"
+channel="!BQZli4UPBNC5w6ntXu:matrix.ret2pop.net"
+
+[[gateway.inout]]
+account="irc.myirc"
+channel="#nullring"
\ No newline at end of file
--- /dev/null
+Welcome to the NullRing experience!
+The main channel is #nullring; we're glad to have you!
+
+Rules:
+1. Don't be annoying.
+2. No illegal content.
+And if you're here to have constructive, philisophical and theoretical
+conversations, this is the place for you!
]
},
"locked": {
- "lastModified": 1740485968,
- "narHash": "sha256-WK+PZHbfDjLyveXAxpnrfagiFgZWaTJglewBWniTn2Y=",
+ "lastModified": 1741786315,
+ "narHash": "sha256-VT65AE2syHVj6v/DGB496bqBnu1PXrrzwlw07/Zpllc=",
"owner": "nix-community",
"repo": "disko",
- "rev": "19c1140419c4f1cdf88ad4c1cfb6605597628940",
+ "rev": "0d8c6ad4a43906d14abd5c60e0ffe7b587b213de",
"type": "github"
},
"original": {
},
"nixpkgs": {
"locked": {
- "lastModified": 1740743217,
- "narHash": "sha256-brsCRzLqimpyhORma84c3W2xPbIidZlIc3JGIuQVSNI=",
+ "lastModified": 1741724370,
+ "narHash": "sha256-WsD+8uodhl58jzKKcPH4jH9dLTLFWZpVmGq4W1XDVF4=",
"owner": "nixos",
"repo": "nixpkgs",
- "rev": "b27ba4eb322d9d2bf2dc9ada9fd59442f50c8d7c",
+ "rev": "95600680c021743fd87b3e2fe13be7c290e1cac4",
"type": "github"
},
"original": {
},
"nixpkgs_2": {
"locked": {
- "lastModified": 1740695751,
- "narHash": "sha256-D+R+kFxy1KsheiIzkkx/6L63wEHBYX21OIwlFV8JvDs=",
+ "lastModified": 1741851582,
+ "narHash": "sha256-cPfs8qMccim2RBgtKGF+x9IBCduRvd/N5F4nYpU0TVE=",
"owner": "nixos",
"repo": "nixpkgs",
- "rev": "6313551cd05425cd5b3e63fe47dbc324eabb15e4",
+ "rev": "6607cf789e541e7873d40d3a8f7815ea92204f32",
"type": "github"
},
"original": {
},
"nixpkgs_3": {
"locked": {
- "lastModified": 1731763621,
- "narHash": "sha256-ddcX4lQL0X05AYkrkV2LMFgGdRvgap7Ho8kgon3iWZk=",
+ "lastModified": 1741708242,
+ "narHash": "sha256-cNRqdQD4sZpN7JLqxVOze4+WsWTmv2DGH0wNCOVwrWc=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "c69a9bffbecde46b4b939465422ddc59493d3e4d",
+ "rev": "b62d2a95c72fb068aecd374a7262b37ed92df82b",
"type": "github"
},
"original": {
"treefmt-nix": "treefmt-nix_2"
},
"locked": {
- "lastModified": 1740915906,
- "narHash": "sha256-29HktIztPUFv9MQA9afzVnWnUMdmmu0nqK7z8Q9givY=",
+ "lastModified": 1741887947,
+ "narHash": "sha256-QQojmc7+HVYEZq4Ksim7y8KYobkIhqZ/oivd5Gnr8sA=",
"owner": "nix-community",
"repo": "NUR",
- "rev": "24505e0253c0ea54d50355c53bfd7a8d55c9cf4b",
+ "rev": "2ac2be6a5936459018f10608b723487468a13f56",
"type": "github"
},
"original": {
"nixpkgs": "nixpkgs_3"
},
"locked": {
- "lastModified": 1739262228,
- "narHash": "sha256-7JAGezJ0Dn5qIyA2+T4Dt/xQgAbhCglh6lzCekTVMeU=",
+ "lastModified": 1741861888,
+ "narHash": "sha256-ynOgXAyToeE1UdLNfrUn/hL7MN0OpIS2BtNdLjpjPf0=",
"owner": "Mic92",
"repo": "sops-nix",
- "rev": "07af005bb7d60c7f118d9d9f5530485da5d1e975",
+ "rev": "d016ce0365b87d848a57c12ffcfdc71da7a2b55f",
"type": "github"
},
"original": {
{ config, pkgs, lib, ... }:
{
imports = [
+ ./matterbridge.nix
./xserver.nix
./ssh.nix
./pipewire.nix
./cuda.nix
./nginx.nix
./git-daemon.nix
- ./postfix.nix
- ./dovecot.nix
./ollama.nix
./i2pd.nix
./gitweb.nix
./conduit.nix
./bitcoin.nix
./murmur.nix
+ ./ngircd.nix
+ ./znc.nix
];
documentation = {
users.groups.nginx = lib.mkDefault {};
users.groups.git = lib.mkDefault {};
+ users.groups.ircd = lib.mkDefault {};
+
users.users = {
- nginx.group = "nginx";
- nginx.isSystemUser = lib.mkDefault true;
- nginx.extraGroups = [
- "acme"
- ];
+ ngircd = {
+ isSystemUser = lib.mkDefault true;
+ extraGroups = [ "acme" "nginx" ];
+ };
+
+ ircd = {
+ isSystemUser = lib.mkDefault true;
+ group = "ircd";
+ home = "/home/ircd";
+ };
+
+ nginx = {
+ group = "nginx";
+ isSystemUser = lib.mkDefault true;
+ extraGroups = [
+ "acme"
+ ];
+ };
+
root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICts6+MQiMwpA+DfFQxjIN214Jn0pCw/2BDvOzPhR/H2 preston@continuity-dell"
];
linux-manual
man-pages
man-pages-posix
+ iproute2
]);
boot.loader.grub = lib.mkIf config.monorepo.profiles.grub.enable {
enable = true;
++
(if config.monorepo.profiles.workstation.enable then (with pkgs; [
open-webui
+ mumble
]) else [])
++
(if config.monorepo.profiles.lang-js.enable then (with pkgs; [
programs.emacs =
{
enable = lib.mkDefault config.monorepo.profiles.graphics.enable;
- package = pkgs.emacs29-pgtk;
+ package = pkgs.emacs30-pgtk;
extraConfig = ''
(setq debug-on-error t)
(org-babel-load-file
always_on "yes" # prevent MPD from disconnecting all listeners when playback is stopped.
tags "yes" # httpd supports sending tags to listening streams.
}
+audio_output {
+ type "shout"
+ encoding "ogg"
+ name "my cool stream"
+ host "localhost"
+ port "8000"
+ mount "/example.ogg"
+ user "source"
+ password "<source-password>"
+
+ bitrate "64"
+ format "44100:16:1"
+ description "Nullring public radio"
+}
'';
};
}
--- /dev/null
+{ lib, config, ... }:
+{
+ services.icecast = {
+ enable = lib.mkDefault config.monorepo.profiles.server.enable;
+ listen.address = "0.0.0.0";
+ extraConfig = ''
+<mount type="default">
+ <public>0</public>
+ <intro>/stream.m3u</intro>
+ <max-listener-duration>3600</max-listener-duration>
+ <authentication type="url">
+ <option name="mount_add" value="http://auth.example.org/stream_start.php"/>
+ </authentication>
+ <http-headers>
+ <header name="foo" value="bar" />
+ </http-headers>
+</mount>
+'';
+ };
+ admin.password = "changeme";
+}
--- /dev/null
+{ lib, config, ... }:
+{
+ services.inspircd = {
+ enable = lib.mkDefault config.monorepo.profiles.server.enable;
+ modules = [ "ssl_openssl" ];
+ config = ''
+<server name="nullring.xyz"
+ description="Nullring IRC Instance"
+ network="NullRing">
+
+<admin
+ name="Preston Pan"
+ nick="prestonp"
+ email="ret2pop@gmail.com">
+
+<bind
+ address="0.0.0.0"
+ port="6697"
+ type="clients"
+ ssl="openssl">
+
+<module name="ssl_openssl">
+<openssl certfile="/var/lib/acme/fullchain.pem" keyfile="/var/lib/acme/key.pem">
+
+<power
+ # hash: what hash these passwords are hashed with.
+ # Requires the module for selected hash (m_md5.so, m_sha256.so
+ # or m_ripemd160.so) be loaded and the password hashing module
+ # (m_password_hash.so) loaded.
+ # Options here are: "md5", "sha256" and "ripemd160", or one of
+ # these prefixed with "hmac-", e.g.: "hmac-sha256".
+ # Optional, but recommended. Create hashed passwords with:
+ # /mkpasswd <hash> <password>
+ #hash="sha256"
+
+ # diepass: Password for opers to use if they need to shutdown (die)
+ # a server.
+ diepass=""
+
+ # restartpass: Password for opers to use if they need to restart
+ # a server.
+ restartpass="">
+
+<connect
+ # name: Name to use for this connect block. Mainly used for
+ # connect class inheriting.
+ name="main"
+
+ # allow: What IP addresses/hosts to allow for this block.
+ allow="*"
+
+ # maxchans: Maximum number of channels a user in this class
+ # be in at one time. This overrides every other maxchans setting.
+ #maxchans="30"
+
+ # timeout: How long (in seconds) the server will wait before
+ # disconnecting a user if they do not do anything on connect.
+ # (Note, this is a client-side thing, if the client does not
+ # send /nick, /user or /pass)
+ timeout="10"
+
+ # pingfreq: How often (in seconds) the server tries to ping connecting clients.
+ pingfreq="120"
+
+ # hardsendq: maximum amount of data allowed in a client's send queue
+ # before they are dropped. Keep this value higher than the length of
+ # your network's /LIST or /WHO output, or you will have lots of
+ # disconnects from sendq overruns!
+ # Setting this to "1M" is equivalent to "1048576", "8K" is 8192, etc.
+ hardsendq="1M"
+
+ # softsendq: amount of data in a client's send queue before the server
+ # begins delaying their commands in order to allow the sendq to drain
+ softsendq="8192"
+
+ # recvq: amount of data allowed in a client's queue before they are dropped.
+ # Entering "8K" is equivalent to "8192", see above.
+ recvq="8K"
+
+ # threshold: This specifies the amount of command penalty a user is allowed to have
+ # before being quit or fakelagged due to flood. Normal commands have a penalty of 1,
+ # ones such as /OPER have penalties up to 10.
+ #
+ # If you are not using fakelag, this should be at least 20 to avoid excess flood kills
+ # from processing some commands.
+ threshold="10"
+
+ # commandrate: This specifies the maximum rate that commands can be processed.
+ # If commands are sent more rapidly, the user's penalty will increase and they will
+ # either be fakelagged or killed when they reach the threshold
+ #
+ # Units are millicommands per second, so 1000 means one line per second.
+ commandrate="1000"
+
+ # fakelag: Use fakelag instead of killing users for excessive flood
+ #
+ # Fake lag stops command processing for a user when a flood is detected rather than
+ # immediately killing them; their commands are held in the recvq and processed later
+ # as the user's command penalty drops. Note that if this is enabled, flooders will
+ # quit with "RecvQ exceeded" rather than "Excess Flood".
+ fakelag="on"
+
+ # localmax: Maximum local connections per IP.
+
+ localmax="200"
+
+ # globalmax: Maximum global (network-wide) connections per IP.
+
+ globalmax="200"
+
+ # useident: Defines if users in this class must respond to a ident query or not.
+ useident="no"
+
+ # limit: How many users are allowed in this class
+ limit="5000"
+
+ # modes: Usermodes that are set on users in this block on connect.
+ # Enabling this option requires that the m_conn_umodes module be loaded.
+ # This entry is highly recommended to use for/with IP Cloaking/masking.
+ # For the example to work, this also requires that the m_cloaking
+ # module be loaded as well.
+ modes="+x">
+
+
+#-#-#-#-#-#-#-#-#-#-#-#- CIDR CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-
+# #
+# CIDR configuration allows detection of clones and applying of #
+# throttle limits across a CIDR range. (A CIDR range is a group of #
+# IPs, for example, the CIDR range 192.168.1.0-192.168.1.255 may be #
+# represented as 192.168.1.0/24). This means that abuse across an ISP #
+# is detected and curtailed much easier. Here is a good chart that #
+# shows how many IPs the different CIDRs correspond to: #
+# http://en.wikipedia.org/wiki/CIDR#Prefix_aggregation #
+# #
+
+<cidr
+ # ipv4clone: specifies how many bits of an IP address should be
+ # looked at for clones. The default only looks for clones on a
+ # single IP address of a user. You do not want to set this
+ # extremely low. (Values are 0-32).
+ ipv4clone="32"
+
+ # ipv6clone: specifies how many bits of an IP address should be
+ # looked at for clones. The default only looks for clones on a
+ # single IP address of a user. You do not want to set this
+ # extremely low. (Values are 0-128).
+ ipv6clone="128">
+
+<channels
+ # users: Maximum number of channels a user can be in at once.
+ users="20"
+
+ # opers: Maximum number of channels an oper can be in at once.
+ opers="60">
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-# DNS SERVER -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# If these values are not defined, InspIRCd uses the default DNS resolver
+# of your system.
+
+<dns
+ # server: DNS server to use to attempt to resolve IP's to hostnames.
+ # in most cases, you won't need to change this, as inspircd will
+ # automatically detect the nameserver depending on /etc/resolv.conf
+ # (or, on Windows, your set nameservers in the registry.)
+ # Note that this must be an IP address and not a hostname, because
+ # there is no resolver to resolve the name until this is defined!
+ #
+ # server="127.0.0.1"
+
+ # timeout: seconds to wait to try to resolve DNS/hostname.
+ timeout="5">
+
+# An example of using an IPv6 nameserver
+#<dns server="::1" timeout="5">
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-# PID FILE -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# #
+# Define the path to the PID file here. The PID file can be used to #
+# rehash the ircd from the shell or to terminate the ircd from the #
+# shell using shell scripts, perl scripts, etc... and to monitor the #
+# ircd's state via cron jobs. If this is a relative path, it will be #
+# relative to the configuration directory, and if it is not defined, #
+# the default of 'inspircd.pid' is used. #
+# #
+
+#<pid file="/path/to/inspircd.pid">
+
+#-#-#-#-#-#-#-#-#-#-#-#-#- BANLIST LIMITS #-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# #
+# Use these tags to customise the ban limits on a per channel basis. #
+# The tags are read from top to bottom, and any tag found which #
+# matches the channels name applies the banlimit to that channel. #
+# It is advisable to put an entry with the channel as '*' at the #
+# bottom of the list. If none are specified or no maxbans tag is #
+# matched, the banlist size defaults to 64 entries. #
+# #
+
+<banlist chan="#largechan" limit="128">
+<banlist chan="*" limit="69">
+
+#-#-#-#-#-#-#-#-#-#-#- DISABLED FEATURES -#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# #
+# This tag is optional, and specifies one or more features which are #
+# not available to non-operators. #
+# #
+# For example you may wish to disable NICK and prevent non-opers from #
+# changing their nicknames. #
+# Note that any disabled commands take effect only after the user has #
+# 'registered' (e.g. after the initial USER/NICK/PASS on connection) #
+# so for example disabling NICK will not cripple your network. #
+# #
+# You can also define if you want to disable any channelmodes #
+# or usermodes from your users. #
+# #
+# `fakenonexistant' will make the ircd pretend that nonexistant #
+# commands simply don't exist to non-opers ("no such command"). #
+# #
+#<disabled commands="TOPIC MODE" usermodes="" chanmodes="" fakenonexistant="yes">
+
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#- RTFM LINE -#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# #
+# Just remove this... Its here to make you read ALL of the config #
+# file options ;) #
+
+#<die value="You should probably edit your config *PROPERLY* and try again.">
+
+
+
+#-#-#-#-#-#-#-#-#-#-#-#-#- SERVER OPTIONS -#-#-#-#-#-#-#-#-#-#-#-#-#
+# #
+# Settings to define which features are usable on your server. #
+# #
+
+<options
+ # prefixquit: What (if anything) users' quit messages
+ # should be prefixed with.
+ prefixquit="Quit: "
+
+ # suffixquit: What (if anything) users' quit messages
+ # should be suffixed with.
+ suffixquit=""
+
+ # prefixpart: What (if anything) users' part messages
+ # should be prefixed with.
+ prefixpart="""
+ # NOTE: Use "\"" instead of """ if not using <config format="xml">
+
+ # suffixpart: What (if anything) users' part message
+ # should be suffixed with.
+ suffixpart="""
+
+ # fixedquit: Set all users' quit messages to this value.
+ #fixedquit=""
+
+ # fixedpart: Set all users' part messages in all channels
+ # to this value.
+ #fixedpart=""
+
+ # syntaxhints: If enabled, if a user fails to send the correct parameters
+ # for a command, the ircd will give back some help text of what
+ # the correct parameters are.
+ syntaxhints="no"
+
+ # cyclehosts: If enabled, when a user gets a host set, it will cycle
+ # them in all their channels. If not, it will simply change their host
+ # without cycling them.
+ cyclehosts="yes"
+
+ # cyclehostsfromuser: If enabled, the source of the mode change for
+ # cyclehosts will be the user who cycled. This can look nicer, but
+ # triggers anti-takeover mechanisms of some obsolete bots.
+ cyclehostsfromuser="no"
+
+ # ircumsgprefix: Use undernet-style message prefixing for NOTICE and
+ # PRIVMSG. If enabled, it will add users' prefix to the line, if not,
+ # it will just message the user normally.
+ ircumsgprefix="no"
+
+ # announcets: If set to yes, when the timestamp on a channel changes, all users
+ # in the channel will be sent a NOTICE about it.
+ announcets="yes"
+
+ # allowmismatch: Setting this option to yes will allow servers to link even
+ # if they don't have the same "optionally common" modules loaded. Setting this to
+ # yes may introduce some desyncs and unwanted behaviour.
+ allowmismatch="no"
+
+ # defaultbind: Sets the default for <bind> tags without an address. Choices are
+ # ipv4 or ipv6; if not specified, IPv6 will be used if your system has support,
+ # falling back to IPv4 otherwise.
+ defaultbind="auto"
+
+ # hostintopic: If enabled, channels will show the host of the topic setter
+ # in the topic. If set to no, it will only show the nick of the topic setter.
+ hostintopic="yes"
+
+ # pingwarning: If a server does not respond to a ping within x seconds,
+ # it will send a notice to opers with snomask +l informing that the server
+ # is about to ping timeout.
+ pingwarning="15"
+
+ # serverpingfreq: How often pings are sent between servers (in seconds).
+ serverpingfreq="60"
+
+ # defaultmodes: What modes are set on a empty channel when a user
+ # joins it and it is unregistered.
+ defaultmodes="nt"
+
+ # moronbanner: This is the text that is sent to a user when they are
+ # banned from the server.
+ moronbanner="You're banned! Email abuse@example.com with the ERROR line below for help."
+
+ # exemptchanops: exemptions for channel access restrictions based on prefix.
+ exemptchanops="nonick:v flood:o"
+
+ # invitebypassmodes: This allows /invite to bypass other channel modes.
+ # (Such as +k, +j, +l, etc.)
+ invitebypassmodes="yes"
+
+ # nosnoticestack: This prevents snotices from 'stacking' and giving you
+ # the message saying '(last message repeated X times)'. Defaults to no.
+ nosnoticestack="no"
+
+ # welcomenotice: When turned on, this sends a NOTICE to connecting users
+ # with the text Welcome to <networkname>! after successful registration.
+ # Defaults to yes.
+ welcomenotice="yes">
+
+
+#-#-#-#-#-#-#-#-#-#-#-# PERFORMANCE CONFIGURATION #-#-#-#-#-#-#-#-#-#-#
+# #
+
+<performance
+ # netbuffersize: Size of the buffer used to receive data from clients.
+ # The ircd may only read this amount of text in 1 go at any time.
+ netbuffersize="10240"
+
+ # somaxconn: The maximum number of connections that may be waiting
+ # in the accept queue. This is *NOT* the total maximum number of
+ # connections per server. Some systems may only allow this to be up
+ # to 5, while others (such as Linux and *BSD) default to 128.
+ somaxconn="128"
+
+ # limitsomaxconn: By default, somaxconn (see above) is limited to a
+ # safe maximum value in the 2.0 branch for compatibility reasons.
+ # This setting can be used to disable this limit, forcing InspIRCd
+ # to use the value specified above.
+ limitsomaxconn="true"
+
+ # softlimit: This optional feature allows a defined softlimit for
+ # connections. If defined, it sets a soft max connections value.
+ softlimit="12800"
+
+ # quietbursts: When syncing or splitting from a network, a server
+ # can generate a lot of connect and quit messages to opers with
+ # +C and +Q snomasks. Setting this to yes squelches those messages,
+ # which makes it easier for opers, but degrades the functionality of
+ # bots like BOPM during netsplits.
+ quietbursts="yes"
+
+ # nouserdns: If enabled, no DNS lookups will be performed on
+ # connecting users. This can save a lot of resources on very busy servers.
+ nouserdns="no">
+
+#-#-#-#-#-#-#-#-#-#-#-# SECURITY CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#
+# #
+
+<security
+
+ # announceinvites: This option controls which members of the channel
+ # receive an announcement when someone is INVITEd. Available values:
+ # 'none' - don't send invite announcements
+ # 'all' - send invite announcements to all members
+ # 'ops' - send invite announcements to ops and higher ranked users
+ # 'dynamic' - send invite announcements to halfops (if available) and
+ # higher ranked users. This is the recommended setting.
+ announceinvites="dynamic"
+
+ # hidemodes: If enabled, then the listmodes given will be hidden
+ # from users below halfop. This is not recommended to be set on +b
+ # as it may break some functionality in popular clients such as mIRC.
+ hidemodes="eI"
+
+ # hideulines: If this value is set to yes, U-lined servers will
+ # be hidden from non-opers in /links and /map.
+ hideulines="no"
+
+ # flatlinks: If this value is set to yes, /map and /links will
+ # be flattened when shown to non-opers.
+ flatlinks="no"
+
+ # hidewhois: When defined, the given text will be used in place
+ # of the server a user is on when whoised by a non-oper. Most
+ # networks will want to set this to something like "*.netname.net"
+ # to conceal the actual server a user is on.
+ # Note that enabling this will cause users' idle times to only be
+ # shown when the format /WHOIS <nick> <nick> is used.
+ hidewhois=""
+
+ # hidebans: If this value is set to yes, when a user is banned ([gkz]lined)
+ # only opers will see the ban message when the user is removed
+ # from the server.
+ hidebans="no"
+
+ # hidekills: If defined, replaces who set a /kill with a custom string.
+ hidekills=""
+
+ # hideulinekills: Hide kills from clients of ulined servers from server notices.
+ hideulinekills="yes"
+
+ # hidesplits: If enabled, non-opers will not be able to see which
+ # servers split in a netsplit, they will only be able to see that one
+ # occurred (If their client has netsplit detection).
+ hidesplits="no"
+
+ # maxtargets: Maximum number of targets per command.
+ # (Commands like /notice, /privmsg, /kick, etc)
+ maxtargets="20"
+
+ # customversion: Displays a custom string when a user /version's
+ # the ircd. This may be set for security reasons or vanity reasons.
+ customversion=""
+
+ # operspywhois: show opers (users/auspex) the +s channels a user is in. Values:
+ # splitmsg Split with an explanatory message
+ # yes Split with no explanatory message
+ # no Do not show
+ operspywhois="no"
+
+ # runasuser: If this is set, InspIRCd will attempt to switch
+ # to run as this user, which allows binding of ports under 1024.
+ # You should NOT set this unless you are starting as root.
+ # NOT SUPPORTED/NEEDED UNDER WINDOWS.
+ #runasuser=""
+
+ # runasgroup: If this is set, InspIRCd will attempt to switch
+ # to run as this group, which allows binding of ports under 1024.
+ # You should NOT set this unless you are starting as root.
+ # NOT SUPPORTED/NEEDED UNDER WINDOWS.
+ #runasgroup=""
+
+ # restrictbannedusers: If this is set to yes, InspIRCd will not allow users
+ # banned on a channel to change nickname or message channels they are
+ # banned on.
+ restrictbannedusers="yes"
+
+ # genericoper: Setting this value to yes makes all opers on this server
+ # appear as 'is an IRC operator' in their WHOIS, regardless of their
+ # oper type, however oper types are still used internally. This only
+ # affects the display in WHOIS.
+ genericoper="no"
+
+ # userstats: /stats commands that users can run (opers can run all).
+ userstats="Pu">
+
+<limits
+ # maxnick: Maximum length of a nickname.
+ maxnick="500"
+
+ # maxchan: Maximum length of a channel name.
+ maxchan="500"
+
+ # maxmodes: Maximum number of mode changes per line.
+ maxmodes="20"
+
+ # maxident: Maximum length of a ident/username.
+ maxident="500"
+
+ # maxquit: Maximum length of a quit message.
+ maxquit="255"
+
+ # maxtopic: Maximum length of a channel topic.
+ maxtopic="307"
+
+ # maxkick: Maximum length of a kick message.
+ maxkick="255"
+
+ # maxgecos: Maximum length of a GECOS (realname).
+ maxgecos="128"
+
+ # maxaway: Maximum length of an away message.
+ maxaway="200">
+
+<log method="file" type="* -USERINPUT -USEROUTPUT" level="default" target="logs/ircd.log">
+
+#-#-#-#-#-#-#-#-#-#-#-#-#- WHOWAS OPTIONS -#-#-#-#-#-#-#-#-#-#-#-#-#
+# #
+# This tag lets you define the behaviour of the /whowas command of #
+# your server. #
+# #
+
+<whowas
+ # groupsize: Maximum entries per nick shown when performing
+ # a /whowas nick.
+ groupsize="10"
+
+ # maxgroups: Maximum number of nickgroups that can be added to
+ # the list so that /whowas does not use a lot of resources on
+ # large networks.
+ maxgroups="100000"
+
+ # maxkeep: Maximum time a nick is kept in the whowas list
+ # before being pruned. Time may be specified in seconds,
+ # or in the following format: 1y2w3d4h5m6s. Minimum is
+ # 1 hour.
+ maxkeep="3d">
+
+<badnick
+ # nick: Nick to disallow. Wildcards are supported.
+ nick="ChanServ"
+
+ # reason: Reason to display on /nick.
+ reason="Reserved For Services">
+
+<badnick nick="NickServ" reason="Reserved For Services">
+<badnick nick="OperServ" reason="Reserved For Services">
+<badnick nick="MemoServ" reason="Reserved For Services">
+
+<badhost host="root@*" reason="Don't IRC as root!">
+
+<insane
+ # hostmasks: Allow bans with insane hostmasks. (over-reaching bans)
+ hostmasks="no"
+
+ # ipmasks: Allow bans with insane ipmasks. (over-reaching bans)
+ ipmasks="no"
+
+ # nickmasks: Allow bans with insane nickmasks. (over-reaching bans)
+ nickmasks="no"
+
+ # trigger: What percentage of users on the network to trigger
+ # specifying an insane ban as. The default is 95.5%, which means
+ # if you have a 1000 user network, a ban will not be allowed if it
+ # will be banning 955 or more users.
+ trigger="95.5">
+'';
+ };
+}
--- /dev/null
+{ lib, config, ... }:
+{
+ services.ircdHybrid = {
+ enable = lib.mkDefault config.monorepo.profiles.server.enable;
+ extraIPs = [ "0.0.0.0" ];
+ extraPort = "6697";
+ adminEmail = "ret2pop@gmail.com";
+ description = "NullRing IRC instance";
+ serverName = "nullring.xyz";
+ certificate = "/var/lib/acme/nullring.xyz/cert.pem";
+ };
+}
--- /dev/null
+{ lib, config, options, ... }:
+{
+ services.maddy = {
+ enable = lib.mkDefault config.monorepo.profiles.server.enable;
+ openFirewall = true;
+ primaryDomain = "ret2pop.net";
+ tls = {
+ loader = "acme";
+ };
+ config = builtins.replaceStrings [
+ "imap tcp://0.0.0.0:143"
+ "submission tcp://0.0.0.0:587"
+ ] [
+ "imap tls://0.0.0.0:993 tcp://0.0.0.0:143"
+ "submission tls://0.0.0.0:465 tcp://0.0.0.0:587"
+ ] options.services.maddy.config.default;
+ };
+}
--- /dev/null
+{ lib, config, ... }:
+{
+ services.matterbridge = {
+ enable = lib.mkDefault config.monorepo.profiles.server.enable;
+ configPath = "/etc/matterbridge.toml";
+ };
+}
enable = lib.mkDefault config.monorepo.profiles.server.enable;
logFile = "/var/log/murmur.log";
openFirewall = true;
- hostName = "talk.nullring.xyz";
+ hostName = "0.0.0.0";
welcometext = "Wecome to the Null Murmur instance!";
registerName = "nullring";
- registerHostname = "talk.nullring.xyz";
+ registerHostname = "nullring.xyz";
+ sslCert = "/var/lib/acme/nullring.xyz/fullchain.pem";
+ sslKey = "/var/lib/acme/nullring.xyz/sslKey.pem";
};
}
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
-
- # Only allow PFS-enabled ciphers with AES256
- # sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
-
appendHttpConfig = '''';
gitweb = {
addSSL = true;
enableACME = true;
};
+
+ "nullring.xyz" = {
+ serverName = "nullring.xyz";
+ root = "/var/www/nullring/";
+ addSSL = true;
+ enableACME = true;
+ };
+
+ "mail.${config.monorepo.vars.remoteHost}" = {
+ serverName = "mail.${config.monorepo.vars.remoteHost}";
+ root = "/var/www/dummy";
+ addSSL = true;
+ enableACME = true;
+ };
};
};
}
--- /dev/null
+{ lib, config, ... }:
+{
+ services.ngircd = {
+ enable = lib.mkDefault config.monorepo.profiles.server.enable;
+ config = ''
+[Global]
+ Name = nullring.xyz
+ Info = NullRing IRC Instance
+ Listen = 0.0.0.0
+ MotdFile = /etc/motd.txt
+ Network = NullRing
+ Ports = 6667
+[Options]
+ PAM = no
+[SSL]
+ CertFile = /var/lib/acme/nullring.xyz/fullchain.pem
+ CipherList = HIGH:!aNULL:@STRENGTH:!SSLv3
+ KeyFile = /var/lib/acme/nullring.xyz/key.pem
+ Ports = 6697
+'';
+ };
+ environment.etc."motd.txt" = {
+ source = ../data/motd.txt;
+ mode = "644";
+ user = "ngircd";
+ group = "ngircd";
+ };
+}
age = {
keyFile = "/home/${config.monorepo.vars.userName}/.ssh/keys.txt";
};
-
secrets = {
mail = {
format = "yaml";
--- /dev/null
+{ lib, config, ... }:
+{
+ services.znc = {
+ enable = lib.mkDefault config.monorepo.profiles.server.enable;
+ openFirewall = true;
+ confOptions = {
+ useSSL = true;
+ passBlock = ''
+<Pass password>
+ Method = sha256
+ Hash = d4abdd69aa24de69693885c5bd83a4a0e9ee989e1a69a905041b0dad9abc06ea
+ Salt = sDY,?H5AxC-!gH3a.:)D
+</Pass>
+'';
+ modules = [
+ "partyline"
+ "webadmin"
+ "adminlog"
+ "log"
+ ];
+ networks = {
+ "libera" = {
+ server = "irc.libera.chat";
+ port = 6697;
+ useSSL = true;
+ modules = [ "simple_away" ];
+ };
+ };
+ };
+ };
+}
-hello: ENC[AES256_GCM,data:SyGz4JsQGWYBSsn59/iy2jtF5LxcLqvuYlJa9Ng30TYHZLjGHLFnFLCN8H1JLg==,iv:DAtgeXT/nnNDGfayt7GrzDI527CawbF7sLAbw6A5bYs=,tag:zQyCdvFekQW3fhsqzV51Fw==,type:str]
mail: ENC[AES256_GCM,data:IFJnuVbshByUh5S3HoSnX5AyOg==,iv:gF0JlnBGAMLduMIG/hZtssdkHVL9/RDmDwBw/WoMDwQ=,tag:adDgcz/VrAN6/kfYTKa5XA==,type:str]
digikey: ENC[AES256_GCM,data:U1c2HYB/YjwlyHvD3XVTqWJdb9/8BeS6,iv:DNsBoaqgUPdfO9knQLCMeJVO8kctQ9XNvcY2xcpI0NM=,tag:kuJ9BYqVx0GeTBSW5EsItg==,type:str]
cloudflare-dns: ENC[AES256_GCM,data:Gztc/M+r/eRO2DwyLxlIBxS7B7MpOXimbFkQwlYhq9SzGG/fLl6Xqw==,iv:aDyNwbc8EyrNyhucULUkeg7VM7BmqNQTndSTh1SWqq0=,tag:HvysjKquD1g2PCrCgX2swg==,type:str]
dn42: ENC[AES256_GCM,data:xSYssg7ReFjmf7LvmqmH/A==,iv:Gj/LZrxzRJLOLbP5rumjmViYWP6ufW3ocngektBW3V8=,tag:SA4f1vAnMFUO5Yk6NTr81Q==,type:str]
+znc: ENC[AES256_GCM,data:EYB9Gk/oZgU=,iv:zxtAFRKGPhfeanhOP6YiXQujWny6XGFvf2op2NNlo78=,tag:jxGNirhEbyYrZ+S3ZjssxA==,type:str]
+matrix_bridge: ENC[AES256_GCM,data:wkfUpMvpoktkUaFr2BopCRo=,iv:gMdF+nnyl9XeJhGvAUKcfK5mvLytt8DvcPLgxMUtOlg=,tag:v06PRV6rM+4a1E3iW3vjnQ==,type:str]
sops:
kms: []
gcp_kms: []
OFFNeEtOTk5FSm9RaDFad0UyeWZ2WDgKIwGoB4a5WAIkE93gzqdUzNlo5vgQ1zLy
yhEFrE1NbhyItnZIg/yRhqFG0dv7D3pEP3pq2Seew6pKJg/s9UTJ8Q==
-----END AGE ENCRYPTED FILE-----
- lastmodified: "2025-03-02T12:09:49Z"
- mac: ENC[AES256_GCM,data:Uk29XBkAVIMiAsVfQ4sMhVE8QKdTFWB1jYCnn7WmjumB9o4GPlNZAIlAn43Ja456/SkGlxaZm7HlqPRD8Rgzu1HdudHHhDgRoO7IDzc/Lu+ick7eR5BtnmotNQLe3vPVwmc8l8O2px5x3xMoYtzhbm5H6Om6s3AeI50hGBdK0EQ=,iv:PQD2APLPY6IiAes76QF1t5YL1ZW4vlnU28XR4D3XfnY=,tag:bZp0wh3+EkByGQ2kIO5BWw==,type:str]
+ lastmodified: "2025-03-19T06:34:16Z"
+ mac: ENC[AES256_GCM,data:5pXwLkFf9N1uafukgPkYpMC5JywdkhCYwH+JCMlCkjGlJedtGagbiqsvceLDD4yo01h9v0KovN4kPS6qrkdTYxOBPkkoTpZzwE6/pGMCRL9tizF2Zi2LmKUsS5uyFQf9KvFkon6bdf9+z/mavnhBhrZSSBSkJiJeQpjkjRJGuVQ=,iv:E+epnNJi/g9MkwxQtcEctC+JKJXkcJvuuFjHGiLbvg4=,tag:50CSytg3EDPDxhrFQjcmeQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4
firewall.allowedTCPPorts = [
80
443
+ 465
+ 993
8448
+ 6697
+ 6667
];
domains = {
enable = true;
aaaa.data = "2001:19f0:5401:10d0:5400:5ff:fe4a:7794";
};
"nullring.xyz" = {
- a.data = "144.202.92.209";
- aaaa.data = "2001:19f0:8000:1c38:5400:04ff:fecf:58cd";
+ a.data = "66.42.84.130";
+ aaaa.data = "2001:19f0:5401:10d0:5400:5ff:fe4a:7794";
};
};
subDomains = {
"${config.monorepo.vars.remoteHost}" = {};
"matrix.${config.monorepo.vars.remoteHost}" = {};
"www.${config.monorepo.vars.remoteHost}" = {};
+ "mail.${config.monorepo.vars.remoteHost}" = {};
"nullring.xyz" = {};
- "git.nullring.xyz" = {};
- "social.nullring.xyz" = {};
- "talk.nullring.xyz" = {
- a.data = "66.42.84.130";
- aaaa.data = "2001:19f0:5401:10d0:5400:5ff:fe4a:7794";
- };
- "ret2pop.nullring.xyz" = {
- a.data = "66.42.84.130";
- aaaa.data = "2001:19f0:5401:10d0:5400:5ff:fe4a:7794";
- };
+ "talk.nullring.xyz" = {};
+ "ret2pop.nullring.xyz" = {};
};
};
};
projects / monorepo.git / commitdiff