* Tasks
These are general life tasks that I need to do, which don't depend on a specific time or date.
-** TODO [#B] ToughNix
-I need to work on my monorepo flake which builds all my systems, and should accommodate future
-systems and also should be relatively abstractable (i.e. identifiers tied to me should be easily
-removed from the flake).
-*** TODO [#B] Migration
+** TODO [#B] NixOS VPS Migration
Migrate all my services to NixOS.
-** TODO [#B] CSS
-I need to update my CSS for my website to look better.
** TODO [#B] Nullring
Update the nullring to be in org mode, and also include a couple more sites.
** TODO [#B] Umami
* Scheduled tasks
These are one-time tasks that are scheduled at a particular date, and that don't require regular
schedules.
+** TODO [#A] Clean House
+I need to clean my house very soon.
** Friends
These are tasks related to seeing my friends. There will be tasks listed here when I schedule
something.
* Habits
These are some habits I want to track. They are repeated according to a calendar schedule in
general.
+** TODO Run
+SCHEDULED: <2025-02-11 Tue .+1d>
+I want to be able to run or bike every day so that I get my exercise in.
** TODO Stretch
SCHEDULED: <2025-02-12 Wed .+1d>
:PROPERTIES:
(org-latex-preview-image-directory (expand-file-name "~/.cache/ltximg/") "don't use weird cache location")
(org-preview-latex-image-directory (expand-file-name "~/.cache/ltximg/") "don't use weird cache location")
(TeX-PDF-mode t)
- (org-latex-compiler "xelatex")
+ (org-latex-compiler "xelatex" "Use latex as default")
(org-latex-pdf-process '("xelatex -interaction=nonstopmode -output-directory=%o %f") "set xelatex as default")
(TeX-engine 'xetex "set xelatex as default engine")
(preview-default-option-list '("displaymath" "textmath" "graphics") "preview latex")
** SSH
My SSH daemon configuration.
#+begin_src nix :tangle ../nix/modules/ssh.nix
-{ config, ... }:
-{
- services.openssh = {
- enable = true;
- settings = {
- PasswordAuthentication = true;
- AllowUsers = [ config.monorepo.vars.userName ];
- PermitRootLogin = "prohibit-password";
- KbdInteractiveAuthentication = false;
+ { config, lib, ... }:
+ {
+ services.openssh = {
+ enable = true;
+ settings = {
+ PasswordAuthentication = lib.mkDefault (! config.monorepo.profiles.server.enable);
+ AllowUsers = [ config.monorepo.vars.userName "root" "git" ];
+ PermitRootLogin = "yes";
+ KbdInteractiveAuthentication = false;
+ };
};
- };
-}
+ }
#+end_src
** Tor
This is my tor configuration, used for my cryptocurrency wallets and whatever else I want
services.gitDaemon = {
enable = lib.mkDefault config.monorepo.profiles.server.enable;
exportAll = true;
- listenAddress = "0.0.0.0";
basePath = "/srv/git";
};
}
{
services.nginx = {
enable = lib.mkDefault config.monorepo.profiles.server.enable;
-
+ user = "nginx";
# Use recommended settings
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedTlsSettings = true;
# Only allow PFS-enabled ciphers with AES256
- sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
+ # sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
- appendHttpConfig = ''
- # Add HSTS header with preloading to HTTPS requests.
- # Adding this header to HTTP requests is discouraged
- map $scheme $hsts_header {
- https "max-age=31536000; includeSubdomains; preload";
- }
- add_header Strict-Transport-Security $hsts_header;
-
- # Enable CSP for your services.
- #add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
-
- # Minimize information leaked to other domains
- add_header 'Referrer-Policy' 'origin-when-cross-origin';
-
- # Disable embedding as a frame
- add_header X-Frame-Options DENY;
+ appendHttpConfig = '''';
- # Prevent injection of code in other mime types (XSS Attacks)
- add_header X-Content-Type-Options nosniff;
-
- # This might create errors
- proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
- '';
+ gitweb = {
+ enable = true;
+ virtualHost = "ret2pop.net";
+ };
virtualHosts = {
- "ret2pop.nullring.xyz" = {
- # addSSL = true;
- # enableACME = true;
- root = "/home/preston/ret2pop-website/";
+ "matrix.ret2pop.net" = {
+ enableACME = true;
+ forceSSL = true;
+ listen = [
+ {
+ addr = "0.0.0.0";
+ port = 443;
+ ssl = true;
+ }
+ {
+ addr = "[::]";
+ port = 443;
+ ssl = true;
+ } {
+ addr = "0.0.0.0";
+ port = 8448;
+ ssl = true;
+ }
+ {
+ addr = "[::]";
+ port = 8448;
+ ssl = true;
+ }
+ ];
+ locations."/_matrix/" = {
+ proxyPass = "http://127.0.0.1:6167";
+ extraConfig = ''
+ proxy_set_header Host $host;
+ proxy_buffers 32 16k;
+ proxy_read_timeout 5m;
+ '';
+ };
+
+ extraConfig = ''
+ merge_slashes off;
+ '';
+ };
+ "ret2pop.net" = {
+ serverName = "ret2pop.net";
+ root = "/var/www/ret2pop-website/";
+ addSSL = true;
+ enableACME = true;
};
};
};
}
#+end_src
+** Git Web Interface
+#+begin_src nix :tangle ../nix/modules/gitweb.nix
+ { lib, config, ... }:
+ {
+ services.gitweb = {
+ gitwebTheme = true;
+ projectroot = "/srv/git/";
+ };
+ }
+#+end_src
+** Conduit
+#+begin_src nix :tangle ../nix/modules/conduit.nix
+ { config, lib, ... }:
+ {
+ services.matrix-conduit = {
+ enable = lib.mkDefault config.monorepo.profiles.server.enable;
+ # random comment
+ settings.global = {
+ server_name = "matrix.ret2pop.net";
+ address = "0.0.0.0";
+ port = 6167;
+ };
+ };
+ }
+#+end_src
** Nvidia
#+begin_src nix :tangle ../nix/modules/nvidia.nix
{ config, lib, pkgs, ... }:
./dovecot.nix
./ollama.nix
./i2pd.nix
+ ./gitweb.nix
+ ./conduit.nix
];
documentation = {
};
security = {
+ acme = {
+ acceptTerms = true;
+ defaults.email = "ret2pop@gmail.com";
+ };
apparmor = {
enable = true;
killUnconfinedConfinables = true;
config.common.default = "*";
};
+ environment.etc."gitconfig".text = ''
+ [init]
+ defaultBranch = main
+ '';
+ environment.extraInit = ''
+ umask 0022
+ '';
environment.systemPackages = with pkgs; [
restic
sbctl
git
vim
curl
+ nmap
+ (writeShellScriptBin "new-repo"
+ ''
+ #!/bin/bash
+ cd /srv/git
+ git init --bare "$1"
+ vim "$1/description"
+ chown -R git:git "$1"
+ ''
+ )
];
- users.groups.git = {};
+ users.groups.nginx = lib.mkDefault {};
+ users.groups.git = lib.mkDefault {};
users.users = {
+ nginx.group = "nginx";
+ nginx.isSystemUser = lib.mkDefault true;
+ nginx.extraGroups = [
+ "acme"
+ ];
root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICts6+MQiMwpA+DfFQxjIN214Jn0pCw/2BDvOzPhR/H2 preston@continuity-dell"
];
home = "/srv/git";
shell = "${pkgs.git}/bin/git-shell";
group = "git";
+ openssh.authorizedKeys.keys = [
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICts6+MQiMwpA+DfFQxjIN214Jn0pCw/2BDvOzPhR/H2 preston@continuity-dell"
+ ];
};
"${config.monorepo.vars.userName}" = {
+ openssh.authorizedKeys.keys = [
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICts6+MQiMwpA+DfFQxjIN214Jn0pCw/2BDvOzPhR/H2 preston@continuity-dell"
+ ];
initialPassword = "${config.monorepo.vars.userName}";
isNormalUser = true;
description = config.monorepo.vars.fullName;
"olm-3.2.16"
];
- nix.settings.experimental-features = "nix-command flakes";
+ nix = {
+ settings = {
+ experimental-features = "nix-command flakes";
+ trusted-users = [ "@wheel" ];
+ };
+ };
time.timeZone = config.monorepo.vars.timeZone;
i18n.defaultLocale = "en_CA.UTF-8";
system.stateVersion = "24.11";
programs.zsh = {
enable = true;
initExtra = ''
- umask 0077
+ umask 0022
export EXTRA_CCFLAGS="-I/usr/include"
source ${pkgs.zsh-vi-mode}/share/zsh-vi-mode/zsh-vi-mode.plugin.zsh
export QT_QPA_PLATFORM="wayland"
(writeShellScriptBin "remote-build"
''
#!/bin/bash
- nixos-rebuild --target-host "$1" switch --flake .#spontaneity
+ cd ~/monorepo/nix
+ nixos-rebuild --use-remote-sudo --target-host "$1" switch --flake .#spontaneity
''
)
(writeShellScriptBin "install-vps"
grub.enable = true;
};
};
+ config.networking.firewall.allowedTCPPorts = [
+ 80
+ 443
+ ];
}
#+end_src
*** Home
enable = true;
ports = [ 22 ];
settings = {
- PasswordAuthentication = true;
+ PasswordAuthentication = false;
AllowUsers = null;
UseDns = true;
PermitRootLogin = lib.mkForce "prohibit-password";
outputs automatically. This was a kind of miserable task but I did it
anyways. I'm going to maybe try to write some form of javascript CDN
for my NullRing webring so that I'm not manually updating everything.
+** 05:40
+My agenda is also working pretty well. I think I often look to my
+org-agenda as my source of truth now, and that's really been helping
+with keeping track of things.
+** 18:17
+Today I'm showing my brother the monorepo and its abilites.
--- /dev/null
+{ config, lib, ... }:
+{
+ services.cgit = {
+ enable = true;
+ };
+}
--- /dev/null
+{ config, lib, ... }:
+{
+ services.matrix-conduit = {
+ enable = lib.mkDefault config.monorepo.profiles.server.enable;
+ # random comment
+ settings.global = {
+ server_name = "matrix.ret2pop.net";
+ address = "0.0.0.0";
+ port = 6167;
+ };
+ };
+}
./dovecot.nix
./ollama.nix
./i2pd.nix
+ ./gitweb.nix
+ ./conduit.nix
];
documentation = {
};
security = {
+ acme = {
+ acceptTerms = true;
+ defaults.email = "ret2pop@gmail.com";
+ };
apparmor = {
enable = true;
killUnconfinedConfinables = true;
config.common.default = "*";
};
+ environment.etc."gitconfig".text = ''
+ [init]
+ defaultBranch = main
+ '';
+ environment.extraInit = ''
+ umask 0022
+ '';
environment.systemPackages = with pkgs; [
restic
sbctl
git
vim
curl
+ nmap
+ (writeShellScriptBin "new-repo"
+ ''
+ #!/bin/bash
+ cd /srv/git
+ git init --bare "$1"
+ vim "$1/description"
+ chown -R git:git "$1"
+ ''
+ )
];
- users.groups.git = {};
+ users.groups.nginx = lib.mkDefault {};
+ users.groups.git = lib.mkDefault {};
users.users = {
+ nginx.group = "nginx";
+ nginx.isSystemUser = lib.mkDefault true;
+ nginx.extraGroups = [
+ "acme"
+ ];
root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICts6+MQiMwpA+DfFQxjIN214Jn0pCw/2BDvOzPhR/H2 preston@continuity-dell"
];
home = "/srv/git";
shell = "${pkgs.git}/bin/git-shell";
group = "git";
+ openssh.authorizedKeys.keys = [
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICts6+MQiMwpA+DfFQxjIN214Jn0pCw/2BDvOzPhR/H2 preston@continuity-dell"
+ ];
};
"${config.monorepo.vars.userName}" = {
+ openssh.authorizedKeys.keys = [
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICts6+MQiMwpA+DfFQxjIN214Jn0pCw/2BDvOzPhR/H2 preston@continuity-dell"
+ ];
initialPassword = "${config.monorepo.vars.userName}";
isNormalUser = true;
description = config.monorepo.vars.fullName;
"olm-3.2.16"
];
- nix.settings.experimental-features = "nix-command flakes";
+ nix = {
+ settings = {
+ experimental-features = "nix-command flakes";
+ trusted-users = [ "@wheel" ];
+ };
+ };
time.timeZone = config.monorepo.vars.timeZone;
i18n.defaultLocale = "en_CA.UTF-8";
system.stateVersion = "24.11";
services.gitDaemon = {
enable = lib.mkDefault config.monorepo.profiles.server.enable;
exportAll = true;
- listenAddress = "0.0.0.0";
basePath = "/srv/git";
};
}
--- /dev/null
+{ lib, config, ... }:
+{
+ services.gitweb = {
+ gitwebTheme = true;
+ projectroot = "/srv/git/";
+ };
+}
(writeShellScriptBin "remote-build"
''
#!/bin/bash
-nixos-rebuild --target-host "$1" switch --flake .#spontaneity
+cd ~/monorepo/nix
+nixos-rebuild --use-remote-sudo --target-host "$1" switch --flake .#spontaneity
''
)
(writeShellScriptBin "install-vps"
programs.zsh = {
enable = true;
initExtra = ''
- umask 0077
+ umask 0022
export EXTRA_CCFLAGS="-I/usr/include"
source ${pkgs.zsh-vi-mode}/share/zsh-vi-mode/zsh-vi-mode.plugin.zsh
export QT_QPA_PLATFORM="wayland"
{
services.nginx = {
enable = lib.mkDefault config.monorepo.profiles.server.enable;
-
+ user = "nginx";
# Use recommended settings
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedTlsSettings = true;
# Only allow PFS-enabled ciphers with AES256
- sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
-
- appendHttpConfig = ''
- # Add HSTS header with preloading to HTTPS requests.
- # Adding this header to HTTP requests is discouraged
- map $scheme $hsts_header {
- https "max-age=31536000; includeSubdomains; preload";
- }
- add_header Strict-Transport-Security $hsts_header;
-
- # Enable CSP for your services.
- #add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
-
- # Minimize information leaked to other domains
- add_header 'Referrer-Policy' 'origin-when-cross-origin';
+ # sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
- # Disable embedding as a frame
- add_header X-Frame-Options DENY;
+ appendHttpConfig = '''';
- # Prevent injection of code in other mime types (XSS Attacks)
- add_header X-Content-Type-Options nosniff;
-
- # This might create errors
- proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
-'';
+ gitweb = {
+ enable = true;
+ virtualHost = "ret2pop.net";
+ };
virtualHosts = {
- "ret2pop.nullring.xyz" = {
- # addSSL = true;
- # enableACME = true;
- root = "/home/preston/ret2pop-website/";
+ "matrix.ret2pop.net" = {
+ enableACME = true;
+ forceSSL = true;
+ listen = [
+ {
+ addr = "0.0.0.0";
+ port = 443;
+ ssl = true;
+ }
+ {
+ addr = "[::]";
+ port = 443;
+ ssl = true;
+ } {
+ addr = "0.0.0.0";
+ port = 8448;
+ ssl = true;
+ }
+ {
+ addr = "[::]";
+ port = 8448;
+ ssl = true;
+ }
+ ];
+ locations."/_matrix/" = {
+ proxyPass = "http://127.0.0.1:6167";
+ extraConfig = ''
+ proxy_set_header Host $host;
+ proxy_buffers 32 16k;
+ proxy_read_timeout 5m;
+ '';
+ };
+
+ extraConfig = ''
+ merge_slashes off;
+ '';
+ };
+ "ret2pop.net" = {
+ serverName = "ret2pop.net";
+ root = "/var/www/ret2pop-website/";
+ addSSL = true;
+ enableACME = true;
};
};
};
-{ config, ... }:
+{ config, lib, ... }:
{
services.openssh = {
enable = true;
settings = {
- PasswordAuthentication = true;
- AllowUsers = [ config.monorepo.vars.userName ];
- PermitRootLogin = "prohibit-password";
+ PasswordAuthentication = lib.mkDefault (! config.monorepo.profiles.server.enable);
+ AllowUsers = [ config.monorepo.vars.userName "root" "git" ];
+ PermitRootLogin = "yes";
KbdInteractiveAuthentication = false;
};
};
enable = true;
ports = [ 22 ];
settings = {
- PasswordAuthentication = true;
+ PasswordAuthentication = false;
AllowUsers = null;
UseDns = true;
PermitRootLogin = lib.mkForce "prohibit-password";
grub.enable = true;
};
};
+ config.networking.firewall.allowedTCPPorts = [
+ 80
+ 443
+ ];
}
-% Created 2025-02-11 Tue 03:12
+% Created 2025-02-11 Tue 18:22
% Intended LaTeX compiler: xelatex
\documentclass[10pt,letterpaper]{article}
\usepackage[rm]{roboto}
\usepackage{microtype}
\sloppy
\date{}
-\title{Preston's Resume}
+\title{My Resume}
\begin{document}
-\section*{Resume -- Preston Pan}
-\label{sec:org2a32c6c}
+\section*{Introduction}
+\label{sec:orgfe25a86}
+This is the HTML form of my resume. There is a \href{resume.pdf}{pdf form} of my resume as well, if that's what you want.
+I'm excited to hear from you!
+\section*{Preston Pan}
+\label{sec:org6d476f9}
\begin{minipage}[t]{0.47\textwidth}
\subsection*{CONTACT}
-\label{sec:org846763a}
+\label{sec:org2a864bf}
\begin{itemize}
\item 📧 \textbf{\textbf{Email:}} ret2pop@gmail.com
\item 📍 \textbf{\textbf{Location:}} Vancouver, BC, Canada
\item 🖥️ \textbf{\textbf{GitHub:}} \href{https://github.com/ret2pop}{https://github.com/ret2pop}
\end{itemize}
\subsection*{SKILLS}
-\label{sec:orgdecc8d6}
+\label{sec:org2892f13}
\begin{itemize}
\item \textbf{\textbf{Programming:}} Python, Solidity, Rust, C, x86-64 Assembly, Shell
\item \textbf{\textbf{DevOps:}} Docker, Kubernetes, NixOS, declarative configurations
\vfill
\subsection*{EXPERIENCE}
-\label{sec:orge5307a0}
+\label{sec:org6ef9801}
\subsubsection*{\textbf{Software Engineer} - LayerZero Labs}
-\label{sec:orged9d799}
+\label{sec:org8ea673e}
\begin{itemize}
\item Shipped production-ready smart contract code as part of a world-class blockchain engineering team.
\item Discovered and fixed critical vulnerabilities in TON and Aptos blockchain code, preventing potential losses of millions.
\hfill
\begin{minipage}[t]{0.47\textwidth}
\subsection*{PROJECTS}
-\label{sec:org9cd42b8}
+\label{sec:orge82cd19}
\subsubsection*{Stem}
-\label{sec:orgef7a6a4}
+\label{sec:orgfb19df5}
\begin{itemize}
\item Designed a stack-based programming language, written entirely in C.
\item Reached \#1 on HackerNews; led to an offer at LayerZero.
\end{itemize}
\subsubsection*{Cognition}
-\label{sec:orga262a78}
+\label{sec:org4df69fe}
\begin{itemize}
\item Engineered a stack-based programming language featuring advanced metaprogramming capabilities.
\item Another blog post that reached \#1 on HackerNews
\end{itemize}
\subsubsection*{NoExcess}
-\label{sec:org6fefc71}
+\label{sec:org93f1121}
\begin{itemize}
\item Developed a Lisp-like programming language with scoping, written in C.
\end{itemize}
\subsubsection*{Server/Website}
-\label{sec:org73f6fd4}
+\label{sec:orga313b21}
\begin{itemize}
\item Maintains a website/server with a blog and mindmap — runs a webring (\href{https://nullring.xyz}{nullring.xyz}).
\end{itemize}
\subsubsection*{Snake3}
-\label{sec:orgb89d92d}
+\label{sec:org49e5353}
\begin{itemize}
\item Created a threaded, multiplayer snake game in C.
\item Available at \href{https://git.aberrantflux.xyz/snake3.git}{https://git.aberrantflux.xyz/snake3.git}
\end{itemize}
\subsection*{INTERESTS}
-\label{sec:org844b368}
+\label{sec:org1f6da6e}
\begin{itemize}
\item Cryptography, decentralized governance, Economic systems
\item low-level programming, compiler design
\vfill
\subsection*{Let's Connect}
-\label{sec:org863f885}
+\label{sec:orgc9f3fcc}
I'm open to opportunities in low level programming, blockchain, and cryptography. Feel free to reach out via email or Linkedin!
\end{minipage}
\end{document}
projects / monorepo.git / commitdiff