From 3150d29e1a82fee7d7b8f892d88404f15293853c Mon Sep 17 00:00:00 2001 From: primary Date: Sat, 18 Apr 2026 01:05:45 -0400 Subject: [PATCH] phase 3: delete legacy/ subtree workspaces Histories remain reachable via the subtree merge commits (dc481c2, 6448a04). The old flake.nix, flake.lock, AGENTS.md, .gitea/, and .gitattributes are superseded by the unified versions at the repo root. --- legacy/dotfiles/.git-crypt/.gitattributes | 4 - ...5E4754FE1AEDA15A6D47029AB28AC10ECE533D.gpg | Bin 736 -> 0 bytes legacy/dotfiles/.gitattributes | 2 - legacy/dotfiles/.gitea/workflows/deploy.yml | 38 - legacy/dotfiles/.gitignore | 1 - legacy/dotfiles/AGENTS.md | 168 ---- legacy/dotfiles/README.md | 21 - legacy/dotfiles/deploy.sh | 8 - legacy/dotfiles/flake.lock | 918 ------------------ legacy/dotfiles/flake.nix | 155 --- .../server-config/.git-crypt/.gitattributes | 4 - ...5E4754FE1AEDA15A6D47029AB28AC10ECE533D.gpg | Bin 735 -> 0 bytes legacy/server-config/.gitattributes | 3 - .../server-config/.gitea/workflows/deploy.yml | 60 -- legacy/server-config/.gitignore | 1 - legacy/server-config/AGENTS.md | 144 --- legacy/server-config/flake.lock | 837 ---------------- legacy/server-config/flake.nix | 281 ------ 18 files changed, 2645 deletions(-) delete mode 100644 legacy/dotfiles/.git-crypt/.gitattributes delete mode 100644 legacy/dotfiles/.git-crypt/keys/default/0/D15E4754FE1AEDA15A6D47029AB28AC10ECE533D.gpg delete mode 100644 legacy/dotfiles/.gitattributes delete mode 100644 legacy/dotfiles/.gitea/workflows/deploy.yml delete mode 100644 legacy/dotfiles/.gitignore delete mode 100644 legacy/dotfiles/AGENTS.md delete mode 100644 legacy/dotfiles/README.md delete mode 100755 legacy/dotfiles/deploy.sh delete mode 100644 legacy/dotfiles/flake.lock delete mode 100644 legacy/dotfiles/flake.nix delete mode 100644 legacy/server-config/.git-crypt/.gitattributes delete mode 100644 legacy/server-config/.git-crypt/keys/default/0/D15E4754FE1AEDA15A6D47029AB28AC10ECE533D.gpg delete mode 100644 legacy/server-config/.gitattributes delete mode 100644 legacy/server-config/.gitea/workflows/deploy.yml delete mode 100644 legacy/server-config/.gitignore delete mode 100644 legacy/server-config/AGENTS.md delete mode 100644 legacy/server-config/flake.lock delete mode 100644 legacy/server-config/flake.nix diff --git a/legacy/dotfiles/.git-crypt/.gitattributes b/legacy/dotfiles/.git-crypt/.gitattributes deleted file mode 100644 index 665b10e..0000000 --- a/legacy/dotfiles/.git-crypt/.gitattributes +++ /dev/null @@ -1,4 +0,0 @@ -# Do not edit this file. To specify the files to encrypt, create your own -# .gitattributes file in the directory where your files are. -* !filter !diff -*.gpg binary diff --git a/legacy/dotfiles/.git-crypt/keys/default/0/D15E4754FE1AEDA15A6D47029AB28AC10ECE533D.gpg b/legacy/dotfiles/.git-crypt/keys/default/0/D15E4754FE1AEDA15A6D47029AB28AC10ECE533D.gpg deleted file mode 100644 index 5b8cf6f4548731c0b709f46ec196113e6065c58b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 736 zcmZo=;$fb(sp}x$xnNsH{{NoO`${KXUpHN9V`t>PCvi*nWgw`m#o%upX!-6^h4*}`T05b^ywhRXxWFyj2+t#J^ZFTAyr_qR&QHzcgY>* zAd!$28ZyScarZ+auRrK$5BpyHIryaY#U)DYdkhk!&T(4tW-xGk=H3^tCLF=MLS;U|I1j%e&KDL*4LQW#EE-KWe8^8qxbGA%5az$k6 z0_~!-_1mB1o<6gov$5>`?ZZctqCd{sQhYe3K=HAxYh!rZUpKu+BJFHjUN5^|q*_ur zU(>6+{O$DpEBR+<@8{aRc)`+)eLG8dMJhE~|3AF$`+h}SRHLOfpZV{IzVqu1XZUlU zSaMDE?cd2UXOcxk;`C;|{_*L6veU=#>xB<`pDsUlulV1bfM*U#R}Szoaxw{IUewYG zQrW7^@FrP^@eb$m`w>r7{&opYJ!W0>=;rxU9!Aya@{>P`Ij{GUG}7=WH^;`C9e3^E`@g|@0ESHUF~{w(j=2DpJteO /var/lib/dotfiles-deploy/yarn - nix-store --add-root /var/lib/dotfiles-deploy/yarn-gcroot -r "$(readlink -f result)" - - - name: Build NixOS configuration (mreow) - run: | - nix build .#nixosConfigurations.mreow.config.system.build.toplevel -L - - - name: Record mreow store path - continue-on-error: true - run: | - mkdir -p /var/lib/dotfiles-deploy - readlink -f result > /var/lib/dotfiles-deploy/mreow - nix-store --add-root /var/lib/dotfiles-deploy/mreow-gcroot -r "$(readlink -f result)" diff --git a/legacy/dotfiles/.gitignore b/legacy/dotfiles/.gitignore deleted file mode 100644 index c4a847d..0000000 --- a/legacy/dotfiles/.gitignore +++ /dev/null @@ -1 +0,0 @@ -/result diff --git a/legacy/dotfiles/AGENTS.md b/legacy/dotfiles/AGENTS.md deleted file mode 100644 index b069751..0000000 --- a/legacy/dotfiles/AGENTS.md +++ /dev/null @@ -1,168 +0,0 @@ -# AGENTS.md - -## Project Overview - -NixOS dotfiles for two hosts using Nix flakes + home-manager: -- **mreow** — Framework 13 AMD AI 300 laptop, niri WM, greetd, swaylock -- **yarn** — Desktop, Jovian-NixOS (Steam deck mode), impermanence, sddm, pull-based updates from CI - -Secrets in `system/secrets/` and `home-manager/secrets/` are encrypted with git-crypt. **Never read or write files in those directories.** - -## Build & Deploy Commands - -```sh -# Build and apply (default: boot, or pass switch/test/build) -./deploy.sh # nixos-rebuild boot --flake . --use-remote-sudo -./deploy.sh switch # apply immediately -./deploy.sh test # apply without adding boot entry -./deploy.sh build # build only, no activation - -# Build a specific host without deploying -nix build .#nixosConfigurations.mreow.config.system.build.toplevel -L -nix build .#nixosConfigurations.yarn.config.system.build.toplevel -L - -# yarn pulls updates automatically on boot from the binary cache. -# CI builds the yarn closure, records the store path, and Harmonia serves it. -# To manually trigger the pull on yarn: -systemctl start pull-update - -# Format all Nix files (uses nixfmt-tree, declared in flake.nix) -nix fmt - -# Evaluate without building (quick syntax/type check) -nix eval .#nixosConfigurations.mreow.config.system.build.toplevel --no-build 2>&1 | head -5 -nix eval .#nixosConfigurations.yarn.config.system.build.toplevel --no-build 2>&1 | head -5 - -# Update flake inputs -nix flake update -nix flake update --input-name nixpkgs # update a single input -``` - -There are no tests. Validation is done by building the system configuration (`nix build -L`). -Always append `-L` to `nix build` for verbose build logs. -If nix complains a file isn't found, `git add` the file first — Nix flakes only see tracked files. - -## Repository Structure - -``` -flake.nix # Root flake: inputs, outputs, host definitions -deploy.sh # Wrapper around nixos-rebuild -system/ - common.nix # Shared system config (boot, audio, users, etc.) - system-mreow.nix # Laptop-specific system config - system-yarn.nix # Desktop-specific system config - networking.nix # NetworkManager, DNS - impermanence.nix # Ephemeral root for yarn - disk_mreow.nix / disk_yarn.nix # Disko disk layouts - vm.nix # Virtualization (libvirt, waydroid) - vr.nix / no-rgb.nix / steam.nix # Feature modules - secrets/ # git-crypt encrypted, DO NOT READ -home-manager/ - home-mreow.nix # Laptop home-manager entry point - home-yarn.nix # Desktop home-manager entry point - gui.nix # GUI packages + theming (imports no-gui.nix) - no-gui.nix # CLI tools, dev toolchains, git config - desktop.nix # Desktop environment (niri, dunst, swaylock, noctalia) - wallpaper.png # Shared wallpaper - progs/ # One file per program - fish.nix, alacritty.nix, emacs.nix, helix.nix, niri.nix, ... - zen/ # Zen Browser (multi-file: default.nix, ublock.nix, dark-reader.nix) - opencode.nix # AI coding tools config - util/ # Helper derivations (blur.nix, inverse_color.nix) - secrets/ # git-crypt encrypted, DO NOT READ -``` - -## Import Hierarchy - -``` -flake.nix - ├─ system/system-{host}.nix → common.nix → networking.nix, vm.nix, steam.nix - └─ home-manager/home-{host}.nix → gui.nix → no-gui.nix - → desktop.nix → niri.nix, dunst.nix, swaylock.nix, noctalia.nix -``` - -Adding a new program: create `home-manager/progs/myprog.nix`, import it from the appropriate layer (`gui.nix` for GUI apps, `no-gui.nix` for CLI tools, or `home-{host}.nix` for host-specific). - -## Nix Code Style - -**Formatter**: `nixfmt-tree` — run `nix fmt` before committing. All style below conforms to what nixfmt-tree produces. - -### Module Structure -```nix -# Function arguments: destructured attrset, alphabetical-ish, always end with `...` -{ pkgs, lib, inputs, config, ... }: - -# Optional let bindings for local values -let - myThing = "value"; -in -{ - imports = [ - ./other-module.nix - ]; - - # Configuration here -} -``` - -### Conventions -- **Indentation**: 2 spaces (enforced by nixfmt-tree) -- **Imports**: relative paths (`./progs/fish.nix`), one per line in a list -- **Package references**: use `lib.getExe pkgs.foo` for bin paths, not `${pkgs.foo}/bin/foo` -- **Package lists**: group thematically with comments, use `with pkgs;` or `lib.concatLists` for multiple groups -- **Unfree packages**: explicitly allowlisted per-file via `nixpkgs.config.allowUnfreePredicate` -- **Comments**: lowercase, informal, `#` style. Use `# BUG!` or `# TODO!` prefixes for known issues -- **No trailing commas**: Nix syntax does not support them -- **Attribute sets**: opening brace on same line, closing brace aligned with the key -- **Overlays**: imported inline within the module that needs them via `nixpkgs.overlays` -- **Special args**: passed through `specialArgs` (system) or `extraSpecialArgs` (home-manager) in flake.nix — includes `inputs`, `username`, `hostname`, `niri-package`, `homeDirectory`, `stateVersion` - -### Patterns Used - -```nix -# Package path references -lib.getExe pkgs.swaylock # preferred -"${pkgs.avizo}/bin/volumectl" # acceptable when lib.getExe doesn't work - -# Conditional/host-specific overrides -lib.mkForce false # override inherited values -lib.mkDefault "value" # set overridable defaults - -# Helper derivations (see home-manager/util/) -pkgs.callPackage ../util/blur.nix # for derivations that take { stdenv, ... }: - -# Combining package lists -home.packages = with pkgs; lib.concatLists [ - [ pkg1 pkg2 ] # group 1 - [ pkg3 pkg4 ] # group 2 - someList # from let binding -]; -``` - -### Naming -- **Host configs**: `system-{hostname}.nix`, `home-{hostname}.nix`, `disk_{hostname}.nix` -- **Program modules**: `progs/{program-name}.nix` (one program per file) -- **Utility derivations**: `util/{descriptive-name}.nix` -- **Variables**: `snake_case` or `camelCase` (no strict rule, follow local context) - -## Key Technical Details - -- **nixpkgs channel**: unstable (`nixos-unstable`) -- **Secure boot**: lanzaboote with keys extracted from `system/secrets/secureboot.tar` -- **Disk management**: disko -- **Privilege escalation**: doas (sudo is disabled), shim at `doas-sudo-shim` -- **Shell**: fish (bash redirects to fish via `programs.bash.interactiveShellInit`) -- **Wayland**: niri compositor, xwayland-satellite for X11 compat -- **Desktop shell**: noctalia-shell (bar, launcher, notifications) -- **Git**: GPG signing enabled (`signByDefault = true`), default branch `main` -- **Impermanence** (yarn only): root is ephemeral, `/persistent` holds state, home is bind-mounted - -## Agent-Specific Instructions - -- If instructed to commit, **disable GPG signing** (`git commit --no-gpg-sign`). -- Use `nix-shell -p ` if a tool is not available in the environment. -- For `nix build`, always append `-L` for verbose logs. -- If nix reports a missing file, run `git add ` first — flakes only see git-tracked files. -- Do not read files under `system/secrets/` or `home-manager/secrets/`. -- Run `nix fmt` after editing any `.nix` file. -- Validate changes with `nix build .#nixosConfigurations.{host}.config.system.build.toplevel -L`. diff --git a/legacy/dotfiles/README.md b/legacy/dotfiles/README.md deleted file mode 100644 index 97f0b80..0000000 --- a/legacy/dotfiles/README.md +++ /dev/null @@ -1,21 +0,0 @@ -# My Dotfiles ✨ -These are my dotfiles for my laptop and desktop (which I use [NixOS](https://nixos.org/) and [home-manager](https://github.com/nix-community/home-manager) on). - -## What do I use? -Browser: Firefox 🦊 (actually [Zen Browser](https://github.com/zen-browser/desktop) :p) - -Text Editor: [Doom Emacs](https://github.com/doomemacs/doomemacs) - -Terminal: [alacritty](https://github.com/alacritty/alacritty) - -Shell: [fish](https://fishshell.com/) with the [pure](https://github.com/pure-fish/pure) prompt - -WM: [niri](https://github.com/YaLTeR/niri) (KDE on my desktop) - -There is more that I'm using, but those are the main ones! Read my configs to get more into the specifics. - -### Background - - Got my background from [here](https://old.reddit.com/r/celestegame/comments/11dtgwg/all_most_of_the_backgrounds_in_celeste_edited/) and used the command `magick input.png -filter Point -resize 2880x1920! output.png` to upscale it bilinearly - -## TODO! -- [ ] Seperate out common shell utilities into a module or some sort (could be used on other machines) diff --git a/legacy/dotfiles/deploy.sh b/legacy/dotfiles/deploy.sh deleted file mode 100755 index 76a0e9a..0000000 --- a/legacy/dotfiles/deploy.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh - -ARG="$*" -if [ "$ARG" = "" ]; then - ARG="boot" -fi - -nixos-rebuild "$ARG" --flake . --use-remote-sudo diff --git a/legacy/dotfiles/flake.lock b/legacy/dotfiles/flake.lock deleted file mode 100644 index 1a1fb5c..0000000 --- a/legacy/dotfiles/flake.lock +++ /dev/null @@ -1,918 +0,0 @@ -{ - "nodes": { - "blueprint": { - "inputs": { - "nixpkgs": [ - "llm-agents", - "nixpkgs" - ], - "systems": [ - "llm-agents", - "systems" - ] - }, - "locked": { - "lastModified": 1776249299, - "narHash": "sha256-Dt9t1TGRmJFc0xVYhttNBD6QsAgHOHCArqGa0AyjrJY=", - "owner": "numtide", - "repo": "blueprint", - "rev": "56131e8628f173d24a27f6d27c0215eff57e40dd", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "blueprint", - "type": "github" - } - }, - "bun2nix": { - "inputs": { - "flake-parts": [ - "llm-agents", - "flake-parts" - ], - "import-tree": "import-tree", - "nixpkgs": [ - "llm-agents", - "nixpkgs" - ], - "systems": [ - "llm-agents", - "systems" - ], - "treefmt-nix": [ - "llm-agents", - "treefmt-nix" - ] - }, - "locked": { - "lastModified": 1776182890, - "narHash": "sha256-+/VOe8XGq5klpU+I19D+3TcaR7o+Cwbq67KNF7mcFak=", - "owner": "Mic92", - "repo": "bun2nix", - "rev": "648d293c51e981aec9cb07ba4268bc19e7a8c575", - "type": "github" - }, - "original": { - "owner": "Mic92", - "ref": "catalog-support", - "repo": "bun2nix", - "type": "github" - } - }, - "cachyos-kernel": { - "flake": false, - "locked": { - "lastModified": 1776183001, - "narHash": "sha256-lvLKB5dTqjO1S/YonS9ZyWemEjO6QXtN4D76rYEYy4s=", - "owner": "CachyOS", - "repo": "linux-cachyos", - "rev": "4224303b6d7a50dd1cc3ffa78864050cc9536eec", - "type": "github" - }, - "original": { - "owner": "CachyOS", - "repo": "linux-cachyos", - "type": "github" - } - }, - "cachyos-kernel-patches": { - "flake": false, - "locked": { - "lastModified": 1776355454, - "narHash": "sha256-b9Hc0sTxjEzDbphzS9yQqxVha/7bsPIs2cQQQvaG45E=", - "owner": "CachyOS", - "repo": "kernel-patches", - "rev": "b5e029226df5cc30c103651072d49a7af2878202", - "type": "github" - }, - "original": { - "owner": "CachyOS", - "repo": "kernel-patches", - "type": "github" - } - }, - "crane": { - "locked": { - "lastModified": 1773189535, - "narHash": "sha256-E1G/Or6MWeP+L6mpQ0iTFLpzSzlpGrITfU2220Gq47g=", - "owner": "ipetkov", - "repo": "crane", - "rev": "6fa2fb4cf4a89ba49fc9dd5a3eb6cde99d388269", - "type": "github" - }, - "original": { - "owner": "ipetkov", - "repo": "crane", - "type": "github" - } - }, - "disko": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1768920986, - "narHash": "sha256-CNzzBsRhq7gg4BMBuTDObiWDH/rFYHEuDRVOwCcwXw4=", - "owner": "nix-community", - "repo": "disko", - "rev": "de5708739256238fb912c62f03988815db89ec9a", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "latest", - "repo": "disko", - "type": "github" - } - }, - "doomemacs": { - "flake": false, - "locked": { - "lastModified": 1776400245, - "narHash": "sha256-RuQB1PxazI4DOw3O+rEVU2FPT0vP0Xb+Gp/M6Yqer20=", - "owner": "doomemacs", - "repo": "doomemacs", - "rev": "860a91aaac235701f30b70fdc74259d438818968", - "type": "github" - }, - "original": { - "owner": "doomemacs", - "repo": "doomemacs", - "type": "github" - } - }, - "emacs-overlay": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ], - "nixpkgs-stable": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1776478519, - "narHash": "sha256-4TWCOVYe0iWEKuW7OH93nRI4Z7u68wNT6k9UJn0FZ5w=", - "owner": "nix-community", - "repo": "emacs-overlay", - "rev": "513e332b074507e1b46992952e7d83f329f2c22c", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "emacs-overlay", - "type": "github" - } - }, - "firefox-addons": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "dir": "pkgs/firefox-addons", - "lastModified": 1776398575, - "narHash": "sha256-WArU6WOdWxzbzGqYk4w1Mucg+bw/SCl6MoSp+/cZMio=", - "owner": "rycee", - "repo": "nur-expressions", - "rev": "05815686caf4e3678f5aeb5fd36e567886ab0d30", - "type": "gitlab" - }, - "original": { - "dir": "pkgs/firefox-addons", - "owner": "rycee", - "repo": "nur-expressions", - "type": "gitlab" - } - }, - "flake-compat": { - "flake": false, - "locked": { - "lastModified": 1767039857, - "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", - "owner": "NixOS", - "repo": "flake-compat", - "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", - "type": "github" - }, - "original": { - "owner": "NixOS", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_2": { - "flake": false, - "locked": { - "lastModified": 1767039857, - "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", - "owner": "NixOS", - "repo": "flake-compat", - "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", - "type": "github" - }, - "original": { - "owner": "NixOS", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-parts": { - "inputs": { - "nixpkgs-lib": [ - "llm-agents", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1775087534, - "narHash": "sha256-91qqW8lhL7TLwgQWijoGBbiD4t7/q75KTi8NxjVmSmA=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "3107b77cd68437b9a76194f0f7f9c55f2329ca5b", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-parts_2": { - "inputs": { - "nixpkgs-lib": "nixpkgs-lib" - }, - "locked": { - "lastModified": 1775087534, - "narHash": "sha256-91qqW8lhL7TLwgQWijoGBbiD4t7/q75KTi8NxjVmSmA=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "3107b77cd68437b9a76194f0f7f9c55f2329ca5b", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-utils": { - "inputs": { - "systems": "systems" - }, - "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "gitignore": { - "inputs": { - "nixpkgs": [ - "lanzaboote", - "pre-commit", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1709087332, - "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", - "owner": "hercules-ci", - "repo": "gitignore.nix", - "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "gitignore.nix", - "type": "github" - } - }, - "home-manager": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1776454077, - "narHash": "sha256-7zSUFWsU0+jlD7WB3YAxQ84Z/iJurA5hKPm8EfEyGJk=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "565e5349208fe7d0831ef959103c9bafbeac0681", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "home-manager", - "type": "github" - } - }, - "impermanence": { - "inputs": { - "home-manager": [ - "home-manager" - ], - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1769548169, - "narHash": "sha256-03+JxvzmfwRu+5JafM0DLbxgHttOQZkUtDWBmeUkN8Y=", - "owner": "nix-community", - "repo": "impermanence", - "rev": "7b1d382faf603b6d264f58627330f9faa5cba149", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "impermanence", - "type": "github" - } - }, - "import-tree": { - "locked": { - "lastModified": 1763762820, - "narHash": "sha256-ZvYKbFib3AEwiNMLsejb/CWs/OL/srFQ8AogkebEPF0=", - "owner": "vic", - "repo": "import-tree", - "rev": "3c23749d8013ec6daa1d7255057590e9ca726646", - "type": "github" - }, - "original": { - "owner": "vic", - "repo": "import-tree", - "type": "github" - } - }, - "jovian-nixos": { - "inputs": { - "nix-github-actions": "nix-github-actions", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1776428236, - "narHash": "sha256-+0SyQglnT2xUiyY07155G+O7aUWISELwqtTnfURufRU=", - "owner": "Jovian-Experiments", - "repo": "Jovian-NixOS", - "rev": "eac78fc379ca47f7e21be8539c405e5fb489a857", - "type": "github" - }, - "original": { - "owner": "Jovian-Experiments", - "repo": "Jovian-NixOS", - "type": "github" - } - }, - "json2steamshortcut": { - "inputs": { - "flake-utils": "flake-utils", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1763116114, - "narHash": "sha256-0gI7PnQUDZTFjhHgg0eP1SCJOvW5gw3sQ2UAMspipnQ=", - "owner": "ChrisOboe", - "repo": "json2steamshortcut", - "rev": "b829fe2871fd1736d2406724e4abbb492527cb08", - "type": "github" - }, - "original": { - "owner": "ChrisOboe", - "repo": "json2steamshortcut", - "type": "github" - } - }, - "lanzaboote": { - "inputs": { - "crane": "crane", - "nixpkgs": [ - "nixpkgs" - ], - "pre-commit": "pre-commit", - "rust-overlay": [ - "rust-overlay" - ] - }, - "locked": { - "lastModified": 1776248416, - "narHash": "sha256-TC6yzbCAex1pDfqUZv9u8fVm8e17ft5fNrcZ0JRDOIQ=", - "owner": "nix-community", - "repo": "lanzaboote", - "rev": "18e9e64bae15b828c092658335599122a6db939b", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "lanzaboote", - "type": "github" - } - }, - "llm-agents": { - "inputs": { - "blueprint": "blueprint", - "bun2nix": "bun2nix", - "flake-parts": "flake-parts", - "nixpkgs": [ - "nixpkgs" - ], - "systems": "systems_2", - "treefmt-nix": "treefmt-nix" - }, - "locked": { - "lastModified": 1776482297, - "narHash": "sha256-KmsWPwtbO8vrlH/R9stIun0LKZ4PFSCCEdqWDeLgbTE=", - "owner": "numtide", - "repo": "llm-agents.nix", - "rev": "66c76393570f8fc4730caa2dc2d2c470fe33a3c9", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "llm-agents.nix", - "type": "github" - } - }, - "niri": { - "inputs": { - "niri-stable": "niri-stable", - "niri-unstable": "niri-unstable", - "nixpkgs": [ - "nixpkgs" - ], - "nixpkgs-stable": [ - "nixpkgs" - ], - "xwayland-satellite-stable": "xwayland-satellite-stable", - "xwayland-satellite-unstable": "xwayland-satellite-unstable" - }, - "locked": { - "lastModified": 1776435348, - "narHash": "sha256-qsZnMThxTqxCJZ7DEKu3DD3KjIPcuUBvZ0C9a2uIvaQ=", - "owner": "sodiboo", - "repo": "niri-flake", - "rev": "55b5b1fc9481ab267603a1099e5d4b4ebc7394d7", - "type": "github" - }, - "original": { - "owner": "sodiboo", - "repo": "niri-flake", - "type": "github" - } - }, - "niri-stable": { - "flake": false, - "locked": { - "lastModified": 1756556321, - "narHash": "sha256-RLD89dfjN0RVO86C/Mot0T7aduCygPGaYbog566F0Qo=", - "owner": "YaLTeR", - "repo": "niri", - "rev": "01be0e65f4eb91a9cd624ac0b76aaeab765c7294", - "type": "github" - }, - "original": { - "owner": "YaLTeR", - "ref": "v25.08", - "repo": "niri", - "type": "github" - } - }, - "niri-unstable": { - "flake": false, - "locked": { - "lastModified": 1776432730, - "narHash": "sha256-Pq1ZVvRGq/IFiFH6vkNwMfZEpWk23NjgGdX50COdj/c=", - "owner": "YaLTeR", - "repo": "niri", - "rev": "c814c656c53ea9d69f5afb45c88f4dc4d25338cd", - "type": "github" - }, - "original": { - "owner": "YaLTeR", - "repo": "niri", - "type": "github" - } - }, - "nix-cachyos-kernel": { - "inputs": { - "cachyos-kernel": "cachyos-kernel", - "cachyos-kernel-patches": "cachyos-kernel-patches", - "flake-compat": "flake-compat_2", - "flake-parts": "flake-parts_2", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1776386586, - "narHash": "sha256-eVAUaL/6n8mnmBiPpEVW1NDNVSKLWhYVfycG+P0SvWU=", - "owner": "xddxdd", - "repo": "nix-cachyos-kernel", - "rev": "c65c3faf90ae07bae101c15ef502f0bcb06c5d74", - "type": "github" - }, - "original": { - "owner": "xddxdd", - "ref": "release", - "repo": "nix-cachyos-kernel", - "type": "github" - } - }, - "nix-doom-emacs-unstraightened": { - "inputs": { - "doomemacs": "doomemacs", - "emacs-overlay": [ - "emacs-overlay" - ], - "nixpkgs": [ - "nixpkgs" - ], - "systems": "systems_3" - }, - "locked": { - "lastModified": 1776419397, - "narHash": "sha256-vmWJwNYtQFexLG6r/v8Dlou/5z8FbFCLo3QqZ/stLYQ=", - "owner": "marienz", - "repo": "nix-doom-emacs-unstraightened", - "rev": "7623dd4adbdf5f8a8464ecc5fd089e5c5cb5dada", - "type": "github" - }, - "original": { - "owner": "marienz", - "repo": "nix-doom-emacs-unstraightened", - "type": "github" - } - }, - "nix-flatpak": { - "locked": { - "lastModified": 1768656715, - "narHash": "sha256-Sbh037scxKFm7xL0ahgSCw+X2/5ZKeOwI2clqrYr9j4=", - "owner": "gmodena", - "repo": "nix-flatpak", - "rev": "123fe29340a5b8671367055b75a6e7c320d6f89a", - "type": "github" - }, - "original": { - "owner": "gmodena", - "repo": "nix-flatpak", - "type": "github" - } - }, - "nix-github-actions": { - "inputs": { - "nixpkgs": [ - "jovian-nixos", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1729697500, - "narHash": "sha256-VFTWrbzDlZyFHHb1AlKRiD/qqCJIripXKiCSFS8fAOY=", - "owner": "zhaofengli", - "repo": "nix-github-actions", - "rev": "e418aeb728b6aa5ca8c5c71974e7159c2df1d8cf", - "type": "github" - }, - "original": { - "owner": "zhaofengli", - "ref": "matrix-name", - "repo": "nix-github-actions", - "type": "github" - } - }, - "nixos-hardware": { - "locked": { - "lastModified": 1775490113, - "narHash": "sha256-2ZBhDNZZwYkRmefK5XLOusCJHnoeKkoN95hoSGgMxWM=", - "owner": "NixOS", - "repo": "nixos-hardware", - "rev": "c775c2772ba56e906cbeb4e0b2db19079ef11ff7", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "master", - "repo": "nixos-hardware", - "type": "github" - } - }, - "nixpkgs": { - "locked": { - "lastModified": 1776169885, - "narHash": "sha256-l/iNYDZ4bGOAFQY2q8y5OAfBBtrDAaPuRQqWaFHVRXM=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "4bd9165a9165d7b5e33ae57f3eecbcb28fb231c9", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-lib": { - "locked": { - "lastModified": 1774748309, - "narHash": "sha256-+U7gF3qxzwD5TZuANzZPeJTZRHS29OFQgkQ2kiTJBIQ=", - "owner": "nix-community", - "repo": "nixpkgs.lib", - "rev": "333c4e0545a6da976206c74db8773a1645b5870a", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixpkgs.lib", - "type": "github" - } - }, - "noctalia": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ], - "noctalia-qs": "noctalia-qs" - }, - "locked": { - "lastModified": 1776302695, - "narHash": "sha256-xZc9o1JLQpmWn2Dqui323+Tq2Ai4sSdtdvbFZCs4qLo=", - "owner": "noctalia-dev", - "repo": "noctalia-shell", - "rev": "a7c724181fca5d1aff2d47b18fa733504cfdbda2", - "type": "github" - }, - "original": { - "owner": "noctalia-dev", - "repo": "noctalia-shell", - "type": "github" - } - }, - "noctalia-qs": { - "inputs": { - "nixpkgs": [ - "noctalia", - "nixpkgs" - ], - "systems": "systems_4", - "treefmt-nix": "treefmt-nix_2" - }, - "locked": { - "lastModified": 1775957204, - "narHash": "sha256-d4CVRtAty2GzDYXx4xYQmR+nlOjjKovyprQfZhgLckU=", - "owner": "noctalia-dev", - "repo": "noctalia-qs", - "rev": "68e82fe34c68ee839a9c37e3466820e266af0c86", - "type": "github" - }, - "original": { - "owner": "noctalia-dev", - "repo": "noctalia-qs", - "type": "github" - } - }, - "pre-commit": { - "inputs": { - "flake-compat": "flake-compat", - "gitignore": "gitignore", - "nixpkgs": [ - "lanzaboote", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1772893680, - "narHash": "sha256-JDqZMgxUTCq85ObSaFw0HhE+lvdOre1lx9iI6vYyOEs=", - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "rev": "8baab586afc9c9b57645a734c820e4ac0a604af9", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "type": "github" - } - }, - "root": { - "inputs": { - "disko": "disko", - "emacs-overlay": "emacs-overlay", - "firefox-addons": "firefox-addons", - "home-manager": "home-manager", - "impermanence": "impermanence", - "jovian-nixos": "jovian-nixos", - "json2steamshortcut": "json2steamshortcut", - "lanzaboote": "lanzaboote", - "llm-agents": "llm-agents", - "niri": "niri", - "nix-cachyos-kernel": "nix-cachyos-kernel", - "nix-doom-emacs-unstraightened": "nix-doom-emacs-unstraightened", - "nix-flatpak": "nix-flatpak", - "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs", - "noctalia": "noctalia", - "rust-overlay": "rust-overlay", - "zen-browser": "zen-browser" - } - }, - "rust-overlay": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1776481912, - "narHash": "sha256-Xq7p+Ex3YHFAd+fFFLOYw2Wv67582X7SAmrEDtIDZQ4=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "e611106c527e8ab0adbb641183cda284411d575c", - "type": "github" - }, - "original": { - "owner": "oxalica", - "repo": "rust-overlay", - "type": "github" - } - }, - "systems": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_3": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_4": { - "locked": { - "lastModified": 1689347949, - "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", - "owner": "nix-systems", - "repo": "default-linux", - "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default-linux", - "type": "github" - } - }, - "treefmt-nix": { - "inputs": { - "nixpkgs": [ - "llm-agents", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1775636079, - "narHash": "sha256-pc20NRoMdiar8oPQceQT47UUZMBTiMdUuWrYu2obUP0=", - "owner": "numtide", - "repo": "treefmt-nix", - "rev": "790751ff7fd3801feeaf96d7dc416a8d581265ba", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "treefmt-nix", - "type": "github" - } - }, - "treefmt-nix_2": { - "inputs": { - "nixpkgs": [ - "noctalia", - "noctalia-qs", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1775636079, - "narHash": "sha256-pc20NRoMdiar8oPQceQT47UUZMBTiMdUuWrYu2obUP0=", - "owner": "numtide", - "repo": "treefmt-nix", - "rev": "790751ff7fd3801feeaf96d7dc416a8d581265ba", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "treefmt-nix", - "type": "github" - } - }, - "xwayland-satellite-stable": { - "flake": false, - "locked": { - "lastModified": 1755491097, - "narHash": "sha256-m+9tUfsmBeF2Gn4HWa6vSITZ4Gz1eA1F5Kh62B0N4oE=", - "owner": "Supreeeme", - "repo": "xwayland-satellite", - "rev": "388d291e82ffbc73be18169d39470f340707edaa", - "type": "github" - }, - "original": { - "owner": "Supreeeme", - "ref": "v0.7", - "repo": "xwayland-satellite", - "type": "github" - } - }, - "xwayland-satellite-unstable": { - "flake": false, - "locked": { - "lastModified": 1773622265, - "narHash": "sha256-wToKwH7IgWdGLMSIWksEDs4eumR6UbbsuPQ42r0oTXQ=", - "owner": "Supreeeme", - "repo": "xwayland-satellite", - "rev": "a879e5e0896a326adc79c474bf457b8b99011027", - "type": "github" - }, - "original": { - "owner": "Supreeeme", - "repo": "xwayland-satellite", - "type": "github" - } - }, - "zen-browser": { - "inputs": { - "home-manager": [ - "home-manager" - ], - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1776403742, - "narHash": "sha256-ZmGY9XiOsuMS/THsSNkgp2fnc3asXQX/xRrQpWnY9nA=", - "owner": "0xc000022070", - "repo": "zen-browser-flake", - "rev": "ca7077bea5c830470437ea878da2a1940773324c", - "type": "github" - }, - "original": { - "owner": "0xc000022070", - "repo": "zen-browser-flake", - "type": "github" - } - } - }, - "root": "root", - "version": 7 -} diff --git a/legacy/dotfiles/flake.nix b/legacy/dotfiles/flake.nix deleted file mode 100644 index 16f4aa3..0000000 --- a/legacy/dotfiles/flake.nix +++ /dev/null @@ -1,155 +0,0 @@ -{ - description = "System nixOS flake"; - - inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; - - lanzaboote = { - url = "github:nix-community/lanzaboote"; - inputs.nixpkgs.follows = "nixpkgs"; - inputs.rust-overlay.follows = "rust-overlay"; - }; - - nixos-hardware.url = "github:NixOS/nixos-hardware/master"; - - home-manager = { - url = "github:nix-community/home-manager"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - - disko = { - url = "github:nix-community/disko/latest"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - - rust-overlay = { - url = "github:oxalica/rust-overlay"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - - zen-browser = { - url = "github:0xc000022070/zen-browser-flake"; - inputs.nixpkgs.follows = "nixpkgs"; - inputs.home-manager.follows = "home-manager"; - }; - - firefox-addons = { - url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - - niri = { - url = "github:sodiboo/niri-flake"; - inputs.nixpkgs.follows = "nixpkgs"; - inputs.nixpkgs-stable.follows = "nixpkgs"; - }; - - emacs-overlay = { - url = "github:nix-community/emacs-overlay"; - inputs.nixpkgs.follows = "nixpkgs"; - inputs.nixpkgs-stable.follows = "nixpkgs"; - }; - - nix-flatpak.url = "github:gmodena/nix-flatpak/"; - - nix-doom-emacs-unstraightened = { - url = "github:marienz/nix-doom-emacs-unstraightened"; - inputs.nixpkgs.follows = "nixpkgs"; - inputs.emacs-overlay.follows = "emacs-overlay"; - }; - - impermanence = { - url = "github:nix-community/impermanence"; - inputs.nixpkgs.follows = "nixpkgs"; - inputs.home-manager.follows = "home-manager"; - }; - jovian-nixos = { - url = "github:Jovian-Experiments/Jovian-NixOS"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - - noctalia = { - url = "github:noctalia-dev/noctalia-shell"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - - nix-cachyos-kernel = { - url = "github:xddxdd/nix-cachyos-kernel/release"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - llm-agents = { - url = "github:numtide/llm-agents.nix"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - - json2steamshortcut = { - url = "github:ChrisOboe/json2steamshortcut"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - }; - - outputs = - { - self, - nixpkgs, - lanzaboote, - nixos-hardware, - home-manager, - jovian-nixos, - ... - }@inputs: - let - username = "primary"; - system = "x86_64-linux"; - hostnames = [ - "mreow" - "yarn" - ]; - niri-package = inputs.niri.packages.${system}.niri-unstable; - in - { - formatter.${system} = nixpkgs.legacyPackages.${system}.nixfmt-tree; - - nixosConfigurations = nixpkgs.lib.foldl' ( - config: hostname: - config - // { - "${hostname}" = nixpkgs.lib.nixosSystem { - specialArgs = { - inherit - inputs - username - hostname - niri-package - ; - }; - modules = [ - home-manager.nixosModules.home-manager - ( - { config, ... }: - { - # home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.sharedModules = [ - inputs.zen-browser.homeModules.twilight - ]; - home-manager.extraSpecialArgs = { - inherit - inputs - hostname - username - niri-package - ; - homeDirectory = "/home/${username}"; - stateVersion = config.system.stateVersion; - }; - home-manager.users.${username} = import ./home-manager/home-${hostname}.nix; - } - ) - ./system/system-${hostname}.nix - ]; - }; - } - ) { } hostnames; - }; -} diff --git a/legacy/server-config/.git-crypt/.gitattributes b/legacy/server-config/.git-crypt/.gitattributes deleted file mode 100644 index 665b10e..0000000 --- a/legacy/server-config/.git-crypt/.gitattributes +++ /dev/null @@ -1,4 +0,0 @@ -# Do not edit this file. To specify the files to encrypt, create your own -# .gitattributes file in the directory where your files are. -* !filter !diff -*.gpg binary diff --git a/legacy/server-config/.git-crypt/keys/default/0/D15E4754FE1AEDA15A6D47029AB28AC10ECE533D.gpg b/legacy/server-config/.git-crypt/keys/default/0/D15E4754FE1AEDA15A6D47029AB28AC10ECE533D.gpg deleted file mode 100644 index 1d65e96a4b3c019fb865e992ff37d734b430a914..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 735 zcmZo=;$fb(sp}x$xnNsH0fw2^{7*~?5PdH_XRh+@`KOlsedqD#2Cw$Yi!J+Q7qXy(h7)>TTcF+q)N@diE~tLFo+NlXtg%QF*bgIoH}Zjx)eUZRU%!k|7bH%36Gh zoYT)&8&7lA4QuiK?Iy!*U~Xxvx?=8(4~~BoZVBJfZnIB+l>IUILE{OlQ_By`_;b>8 z&gA=mNRVBlQ%eEr!_n&`Rxu1o(qV0WSQfjje(zL#`tQCix0G|1eLk@u%=lr`zFRB0Hg4!$_~0wE zw=Q4svyTic`*eQJ=$;U+e^lO3K3`G7R^`d2Ni&2PR4#PChkjYEAl0gSPbT*CO=V12 zwZY&Z*CBS-c>$lkT(Y0K&2<<5r<>QWezEDWm{7&IBs=kk*7<|Y&s_NXUwG=>h~2&E zyPjTSeLl;jU5aI2%G1iY3bdv$MM1P zx`^Hsan(0BkI!Q@XqA`MvRxY?@yubWMwf diff --git a/legacy/server-config/.gitattributes b/legacy/server-config/.gitattributes deleted file mode 100644 index c41bb62..0000000 --- a/legacy/server-config/.gitattributes +++ /dev/null @@ -1,3 +0,0 @@ -secrets/** filter=git-crypt diff=git-crypt -usb-secrets/usb-secrets-key* filter=git-crypt diff=git-crypt - diff --git a/legacy/server-config/.gitea/workflows/deploy.yml b/legacy/server-config/.gitea/workflows/deploy.yml deleted file mode 100644 index a31cd96..0000000 --- a/legacy/server-config/.gitea/workflows/deploy.yml +++ /dev/null @@ -1,60 +0,0 @@ -name: Build and Deploy -on: - push: - branches: [main] - -jobs: - deploy: - runs-on: nix - env: - GIT_SSH_COMMAND: "ssh -i /run/agenix/ci-deploy-key -o StrictHostKeyChecking=yes -o UserKnownHostsFile=/etc/ci-known-hosts" - steps: - - uses: https://github.com/actions/checkout@v4 - with: - fetch-depth: 0 - - - name: Unlock git-crypt - run: | - git-crypt unlock /run/agenix/git-crypt-key-server-config - - - name: Build NixOS configuration - run: | - nix build .#nixosConfigurations.muffin.config.system.build.toplevel -L - - - name: Deploy via deploy-rs - run: | - eval $(ssh-agent -s) - ssh-add /run/agenix/ci-deploy-key - nix run github:serokell/deploy-rs -- .#muffin --skip-checks --ssh-opts="-o StrictHostKeyChecking=yes -o UserKnownHostsFile=/etc/ci-known-hosts" - - - name: Health check - run: | - sleep 10 - ssh -i /run/agenix/ci-deploy-key -o StrictHostKeyChecking=yes -o UserKnownHostsFile=/etc/ci-known-hosts root@server-public \ - "systemctl is-active gitea && systemctl is-active caddy && systemctl is-active continuwuity && systemctl is-active coturn" - - - name: Notify success - if: success() - run: | - TOPIC=$(cat /run/agenix/ntfy-alerts-topic | tr -d '[:space:]') - TOKEN=$(cat /run/agenix/ntfy-alerts-token | tr -d '[:space:]') - curl -sf -o /dev/null -X POST \ - "https://ntfy.sigkill.computer/$TOPIC" \ - -H "Authorization: Bearer $TOKEN" \ - -H "Title: [muffin] Deploy succeeded" \ - -H "Priority: default" \ - -H "Tags: white_check_mark" \ - -d "server-config deployed from commit ${GITHUB_SHA::8}" - - - name: Notify failure - if: failure() - run: | - TOPIC=$(cat /run/agenix/ntfy-alerts-topic 2>/dev/null | tr -d '[:space:]') - TOKEN=$(cat /run/agenix/ntfy-alerts-token 2>/dev/null | tr -d '[:space:]') - curl -sf -o /dev/null -X POST \ - "https://ntfy.sigkill.computer/$TOPIC" \ - -H "Authorization: Bearer $TOKEN" \ - -H "Title: [muffin] Deploy FAILED" \ - -H "Priority: urgent" \ - -H "Tags: rotating_light" \ - -d "server-config deploy failed at commit ${GITHUB_SHA::8}" || true diff --git a/legacy/server-config/.gitignore b/legacy/server-config/.gitignore deleted file mode 100644 index c4a847d..0000000 --- a/legacy/server-config/.gitignore +++ /dev/null @@ -1 +0,0 @@ -/result diff --git a/legacy/server-config/AGENTS.md b/legacy/server-config/AGENTS.md deleted file mode 100644 index 7172418..0000000 --- a/legacy/server-config/AGENTS.md +++ /dev/null @@ -1,144 +0,0 @@ -# AGENTS.md - server-config (NixOS server "muffin") - -## Overview - -NixOS flake-based server configuration for host **muffin** (deployed to `root@server-public`). -Uses deploy-rs for remote deployment, disko for disk management, impermanence (tmpfs root), -agenix for secrets, lanzaboote for secure boot, and ZFS for data storage. - -## Target Hardware - -- **CPU**: AMD Ryzen 5 5600X (6C/12T, Zen 3 / `znver3`) -- **RAM**: 64 GB DDR4, no swap -- **Motherboard**: ASRock B550M Pro4 -- **Boot drive**: WD_BLACK SN770 1TB NVMe (f2fs: 20G /persistent, 911G /nix; root is tmpfs) -- **SSD pool `tank`**: 4x 2TB SATA SSDs (raidz2) -- services, backups, music, misc -- **HDD pool `hdds`**: 4x 18TB Seagate Exos X18 (raidz1)-- torrents - - Connected via esata to external enclosure -- **USB**: 8GB VFAT drive mounted at /mnt/usb-secrets (agenix identity key) -- **GPU**: Intel (integrated, xe driver) -- used for Jellyfin hardware transcoding -- **NIC**: enp4s0 (static 192.168.1.50/24) - -## Build / Deploy / Test Commands - -```bash -# Format code (nixfmt-tree) -nix fmt - -# Build the system configuration (check for eval errors) -nix build .#nixosConfigurations.muffin.config.system.build.toplevel -L - -# Deploy to server -nix run .#deploy -- .#muffin - -# Run ALL tests (NixOS VM tests, takes a long time) -nix build .#packages.x86_64-linux.tests -L - -# Run a SINGLE test by name (preferred during development) -nix build .#test-zfsTest -L -nix build .#test-testTest -L -nix build .#test-fail2banSshTest -L -nix build .#test-ntfyAlertsTest -L -nix build .#test-filePermsTest -L -# Pattern: nix build .#test- -L -# Test names are defined in tests/tests.nix (keys of the returned attrset) - -# Check flake outputs (list what's available) -nix flake show - -# Evaluate without building (fast syntax/eval check) -nix eval .#nixosConfigurations.muffin.config.system.build.toplevel --no-build 2>&1 | head -5 -``` - -## Code Style - -### Nix Formatting -- **Formatter**: `nixfmt-tree` (declared in flake.nix). Always run `nix fmt` before committing. -- **Indentation**: 2 spaces (enforced by nixfmt-tree). - -### Module Pattern -Every `.nix` file is a function taking an attrset with named args and `...`: -```nix -{ - config, - lib, - pkgs, - service_configs, - ... -}: -{ - # module body -} -``` -- Function args on separate lines, one per line, with trailing comma. -- Opening brace on its own line for multi-line arg lists. -- Use `service_configs` (from `service-configs.nix`) for all ports, paths, domains -- never hardcode. - -### Service File Convention -Each service file in `services/` follows this structure: -1. `imports` block with `lib.serviceMountWithZpool` and optionally `lib.serviceFilePerms` -2. Service configuration (`services. = { ... }`) -3. Caddy reverse proxy vhost (`services.caddy.virtualHosts."subdomain.${service_configs.https.domain}"`) -4. Firewall rules if needed (`networking.firewall.allowed{TCP,UDP}Ports`) -5. fail2ban jail if the service has authentication (`services.fail2ban.jails.`) - -### Custom Lib Functions (modules/lib.nix) -- `lib.serviceMountWithZpool serviceName zpoolName [dirs]` -- ensures ZFS datasets are mounted before service starts, validates pool membership -- `lib.serviceFilePerms serviceName [tmpfilesRules]` -- sets file permissions via systemd-tmpfiles before service starts -- `lib.optimizePackage pkg` -- applies `-O3 -march=znver3 -mtune=znver3` compiler flags -- `lib.vpnNamespaceOpenPort port serviceName` -- confines service to WireGuard VPN namespace - -### Naming Conventions -- **Files**: lowercase with hyphens (`jellyfin-qbittorrent-monitor.nix`) -- **Test names**: camelCase with `Test` suffix in `tests/tests.nix` (`fail2banSshTest`, `zfsTest`) -- **Ports**: all declared in `service-configs.nix` under `ports.*`, referenced as `service_configs.ports.` -- **ZFS datasets**: `tank/services/` for SSD-backed, `hdds/services/` for HDD-backed -- **Commit messages**: terse, lowercase; prefix with service/module name when scoped (`caddy: add redirect`, `zfs: remove unneeded options`). Generic changes use `update` or short description. - -### Secrets -- **git-crypt**: `secrets/` directory and `usb-secrets/usb-secrets-key*` are encrypted (see `.gitattributes`) -- **agenix**: secrets declared in `modules/age-secrets.nix`, decrypted at runtime to `/run/agenix/` -- **Identity**: USB drive at `/mnt/usb-secrets/usb-secrets-key` -- **Encrypting new secrets**: The agenix identity is an SSH private key at `usb-secrets/usb-secrets-key` (git-crypt encrypted). To encrypt a new secret, use the SSH public key directly with `age -R`: - ```bash - age -R <(ssh-keygen -y -f usb-secrets/usb-secrets-key) -o secrets/.age /path/to/plaintext - ``` -- **DO NOT use `ssh-to-age`**. Using `ssh-to-age` to derive a native age public key and then encrypting with `age -r age1...` produces `X25519` recipient stanzas. The SSH private key identity on the server can only decrypt `ssh-ed25519` stanzas. This mismatch causes `age: error: no identity matched any of the recipients` at deploy time. Always use `age -R` with the SSH public key directly. -- Never read or commit plaintext secrets. Never log secret values. - -### Important Patterns -- **Impermanence**: Root `/` is tmpfs. Only `/persistent`, `/nix`, and ZFS mounts survive reboots. Any new persistent state must be declared in `modules/impermanence.nix`. -- **Port uniqueness**: `flake.nix` has an assertion that all ports in `service_configs.ports` are unique. Always add new ports there. Make sure to put them in the specific "Public" and "Private" sections that are seperated by comments. -- **Hugepages**: Services needing large pages declare their budget in `service-configs.nix` under `hugepages_2m.services`. The kernel sysctl is set automatically from the total. -- **Domain**: Primary domain is `sigkill.computer`. Old domain `gardling.com` redirects automatically. -- **Hardened kernel**: Uses `_hardened` kernel. Security-sensitive defaults apply. -- **PostgreSQL as central database**: All services that support PostgreSQL MUST use it instead of embedded databases (H2, SQLite, etc.). Connect via Unix socket with peer auth when possible (JDBC services can use junixsocket). The PostgreSQL instance is declared in `services/postgresql.nix` with ZFS-backed storage. Use `ensureDatabases`/`ensureUsers` to auto-create databases and roles. - -### Test Pattern -Tests use `pkgs.testers.runNixOSTest` (NixOS VM tests): -```nix -{ config, lib, pkgs, ... }: -pkgs.testers.runNixOSTest { - name = "descriptive-test-name"; - nodes.machine = { pkgs, ... }: { - imports = [ /* modules under test */ ]; - # VM config - }; - testScript = '' - start_all() - machine.wait_for_unit("multi-user.target") - # Python test script using machine.succeed/machine.fail - ''; -} -``` -- Register new tests in `tests/tests.nix` with `handleTest ./filename.nix` -- Tests needing the overlay should use `pkgs.appendOverlays [ (import ../modules/overlays.nix) ]` -- Test scripts are Python; use `machine.succeed(...)`, `machine.fail(...)`, `assert`, `subtest` - -## SSH Access - -```bash -ssh root@server-public # deploy user -ssh primary@server-public # normal user (doas instead of sudo) -``` - diff --git a/legacy/server-config/flake.lock b/legacy/server-config/flake.lock deleted file mode 100644 index 39560d9..0000000 --- a/legacy/server-config/flake.lock +++ /dev/null @@ -1,837 +0,0 @@ -{ - "nodes": { - "agenix": { - "inputs": { - "darwin": [], - "home-manager": [ - "home-manager" - ], - "nixpkgs": [ - "nixpkgs" - ], - "systems": "systems" - }, - "locked": { - "lastModified": 1770165109, - "narHash": "sha256-9VnK6Oqai65puVJ4WYtCTvlJeXxMzAp/69HhQuTdl/I=", - "owner": "ryantm", - "repo": "agenix", - "rev": "b027ee29d959fda4b60b57566d64c98a202e0feb", - "type": "github" - }, - "original": { - "owner": "ryantm", - "repo": "agenix", - "type": "github" - } - }, - "arr-init": { - "inputs": { - "flake-utils": "flake-utils", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1776401121, - "narHash": "sha256-BELV1YMBuLL0aQNQ3SLvSLq8YN5h2o1jcrwz1+Zt32Q=", - "ref": "refs/heads/main", - "rev": "6dde2a3e0d087208b8084b61113707c5533c4c2d", - "revCount": 19, - "type": "git", - "url": "ssh://gitea@git.gardling.com/titaniumtown/arr-init" - }, - "original": { - "type": "git", - "url": "ssh://gitea@git.gardling.com/titaniumtown/arr-init" - } - }, - "crane": { - "locked": { - "lastModified": 1773189535, - "narHash": "sha256-E1G/Or6MWeP+L6mpQ0iTFLpzSzlpGrITfU2220Gq47g=", - "owner": "ipetkov", - "repo": "crane", - "rev": "6fa2fb4cf4a89ba49fc9dd5a3eb6cde99d388269", - "type": "github" - }, - "original": { - "owner": "ipetkov", - "repo": "crane", - "type": "github" - } - }, - "deploy-rs": { - "inputs": { - "flake-compat": "flake-compat", - "nixpkgs": [ - "nixpkgs" - ], - "utils": "utils" - }, - "locked": { - "lastModified": 1770019181, - "narHash": "sha256-hwsYgDnby50JNVpTRYlF3UR/Rrpt01OrxVuryF40CFY=", - "owner": "serokell", - "repo": "deploy-rs", - "rev": "77c906c0ba56aabdbc72041bf9111b565cdd6171", - "type": "github" - }, - "original": { - "owner": "serokell", - "repo": "deploy-rs", - "type": "github" - } - }, - "disko": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1773889306, - "narHash": "sha256-PAqwnsBSI9SVC2QugvQ3xeYCB0otOwCacB1ueQj2tgw=", - "owner": "nix-community", - "repo": "disko", - "rev": "5ad85c82cc52264f4beddc934ba57f3789f28347", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "disko", - "type": "github" - } - }, - "fenix": { - "inputs": { - "nixpkgs": [ - "qbittorrent-metrics-exporter", - "naersk", - "nixpkgs" - ], - "rust-analyzer-src": "rust-analyzer-src" - }, - "locked": { - "lastModified": 1752475459, - "narHash": "sha256-z6QEu4ZFuHiqdOPbYss4/Q8B0BFhacR8ts6jO/F/aOU=", - "owner": "nix-community", - "repo": "fenix", - "rev": "bf0d6f70f4c9a9cf8845f992105652173f4b617f", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "fenix", - "type": "github" - } - }, - "flake-compat": { - "flake": false, - "locked": { - "lastModified": 1733328505, - "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_2": { - "flake": false, - "locked": { - "lastModified": 1767039857, - "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", - "owner": "NixOS", - "repo": "flake-compat", - "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", - "type": "github" - }, - "original": { - "owner": "NixOS", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_3": { - "flake": false, - "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-parts": { - "inputs": { - "nixpkgs-lib": "nixpkgs-lib" - }, - "locked": { - "lastModified": 1730504689, - "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "506278e768c2a08bec68eb62932193e341f55c90", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-utils": { - "inputs": { - "systems": "systems_2" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_2": { - "inputs": { - "systems": "systems_6" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "gitignore": { - "inputs": { - "nixpkgs": [ - "lanzaboote", - "pre-commit", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1709087332, - "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", - "owner": "hercules-ci", - "repo": "gitignore.nix", - "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "gitignore.nix", - "type": "github" - } - }, - "home-manager": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1775425411, - "narHash": "sha256-KY6HsebJHEe5nHOWP7ur09mb0drGxYSzE3rQxy62rJo=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "0d02ec1d0a05f88ef9e74b516842900c41f0f2fe", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "release-25.11", - "repo": "home-manager", - "type": "github" - } - }, - "home-manager_2": { - "inputs": { - "nixpkgs": [ - "impermanence", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1768598210, - "narHash": "sha256-kkgA32s/f4jaa4UG+2f8C225Qvclxnqs76mf8zvTVPg=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "c47b2cc64a629f8e075de52e4742de688f930dc6", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "home-manager", - "type": "github" - } - }, - "impermanence": { - "inputs": { - "home-manager": "home-manager_2", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1769548169, - "narHash": "sha256-03+JxvzmfwRu+5JafM0DLbxgHttOQZkUtDWBmeUkN8Y=", - "owner": "nix-community", - "repo": "impermanence", - "rev": "7b1d382faf603b6d264f58627330f9faa5cba149", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "impermanence", - "type": "github" - } - }, - "lanzaboote": { - "inputs": { - "crane": "crane", - "nixpkgs": [ - "nixpkgs" - ], - "pre-commit": "pre-commit", - "rust-overlay": "rust-overlay" - }, - "locked": { - "lastModified": 1776248416, - "narHash": "sha256-TC6yzbCAex1pDfqUZv9u8fVm8e17ft5fNrcZ0JRDOIQ=", - "owner": "nix-community", - "repo": "lanzaboote", - "rev": "18e9e64bae15b828c092658335599122a6db939b", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "lanzaboote", - "type": "github" - } - }, - "llamacpp": { - "inputs": { - "flake-parts": "flake-parts", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1776301820, - "narHash": "sha256-Yr3JRZ05PNmX4sR2Ak7e0jT+oCQgTAAML7FUoyTmitk=", - "owner": "TheTom", - "repo": "llama-cpp-turboquant", - "rev": "1073622985bb68075472474b4b0fdfcdabcfc9d0", - "type": "github" - }, - "original": { - "owner": "TheTom", - "ref": "feature/turboquant-kv-cache", - "repo": "llama-cpp-turboquant", - "type": "github" - } - }, - "naersk": { - "inputs": { - "fenix": "fenix", - "nixpkgs": "nixpkgs_2" - }, - "locked": { - "lastModified": 1763384566, - "narHash": "sha256-r+wgI+WvNaSdxQmqaM58lVNvJYJ16zoq+tKN20cLst4=", - "owner": "nix-community", - "repo": "naersk", - "rev": "d4155d6ebb70fbe2314959842f744aa7cabbbf6a", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "master", - "repo": "naersk", - "type": "github" - } - }, - "nix-minecraft": { - "inputs": { - "flake-compat": "flake-compat_3", - "nixpkgs": [ - "nixpkgs" - ], - "systems": "systems_4" - }, - "locked": { - "lastModified": 1776310483, - "narHash": "sha256-xMFl+umxGmo5VEgcZcXT5Dk9sXU5WyTRz1Olpywr/60=", - "owner": "Infinidoge", - "repo": "nix-minecraft", - "rev": "74abd91054e2655d6c392428a27e5d27edd5e6bf", - "type": "github" - }, - "original": { - "owner": "Infinidoge", - "repo": "nix-minecraft", - "type": "github" - } - }, - "nixos-hardware": { - "locked": { - "lastModified": 1775490113, - "narHash": "sha256-2ZBhDNZZwYkRmefK5XLOusCJHnoeKkoN95hoSGgMxWM=", - "owner": "NixOS", - "repo": "nixos-hardware", - "rev": "c775c2772ba56e906cbeb4e0b2db19079ef11ff7", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "master", - "repo": "nixos-hardware", - "type": "github" - } - }, - "nixpkgs": { - "locked": { - "lastModified": 1776221942, - "narHash": "sha256-FbQAeVNi7G4v3QCSThrSAAvzQTmrmyDLiHNPvTF2qFM=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "1766437c5509f444c1b15331e82b8b6a9b967000", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-25.11", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-lib": { - "locked": { - "lastModified": 1730504152, - "narHash": "sha256-lXvH/vOfb4aGYyvFmZK/HlsNsr/0CVWlwYvo2rxJk3s=", - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz" - } - }, - "nixpkgs-p2pool-module": { - "flake": false, - "locked": { - "lastModified": 1773298780, - "narHash": "sha256-7awJKfaH2uTuuW6gyA/lmPPfSruObm7bIkiYADxZBro=", - "owner": "JacoMalan1", - "repo": "nixpkgs", - "rev": "501e6bb1697590473c87c2ff9d2a92043a8d0e06", - "type": "github" - }, - "original": { - "owner": "JacoMalan1", - "ref": "create-p2pool-service", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_2": { - "locked": { - "lastModified": 1752077645, - "narHash": "sha256-HM791ZQtXV93xtCY+ZxG1REzhQenSQO020cu6rHtAPk=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "be9e214982e20b8310878ac2baa063a961c1bdf6", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { - "locked": { - "lastModified": 1764517877, - "narHash": "sha256-pp3uT4hHijIC8JUK5MEqeAWmParJrgBVzHLNfJDZxg4=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "2d293cbfa5a793b4c50d17c05ef9e385b90edf6c", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "pre-commit": { - "inputs": { - "flake-compat": "flake-compat_2", - "gitignore": "gitignore", - "nixpkgs": [ - "lanzaboote", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1772893680, - "narHash": "sha256-JDqZMgxUTCq85ObSaFw0HhE+lvdOre1lx9iI6vYyOEs=", - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "rev": "8baab586afc9c9b57645a734c820e4ac0a604af9", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "type": "github" - } - }, - "qbittorrent-metrics-exporter": { - "inputs": { - "naersk": "naersk", - "nixpkgs": [ - "nixpkgs" - ], - "systems": "systems_5" - }, - "locked": { - "lastModified": 1771989937, - "narHash": "sha256-bPUV4gVvSbF4VMkbLKYrfwVwzTeS+Sr41wucDj1///g=", - "ref": "refs/heads/main", - "rev": "cb94f866b7a2738532b1cae31d0b9f89adecbd54", - "revCount": 112, - "type": "git", - "url": "https://codeberg.org/anriha/qbittorrent-metrics-exporter" - }, - "original": { - "type": "git", - "url": "https://codeberg.org/anriha/qbittorrent-metrics-exporter" - } - }, - "root": { - "inputs": { - "agenix": "agenix", - "arr-init": "arr-init", - "deploy-rs": "deploy-rs", - "disko": "disko", - "home-manager": "home-manager", - "impermanence": "impermanence", - "lanzaboote": "lanzaboote", - "llamacpp": "llamacpp", - "nix-minecraft": "nix-minecraft", - "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs", - "nixpkgs-p2pool-module": "nixpkgs-p2pool-module", - "qbittorrent-metrics-exporter": "qbittorrent-metrics-exporter", - "senior_project-website": "senior_project-website", - "srvos": "srvos", - "trackerlist": "trackerlist", - "vpn-confinement": "vpn-confinement", - "website": "website", - "ytbn-graphing-software": "ytbn-graphing-software" - } - }, - "rust-analyzer-src": { - "flake": false, - "locked": { - "lastModified": 1752428706, - "narHash": "sha256-EJcdxw3aXfP8Ex1Nm3s0awyH9egQvB2Gu+QEnJn2Sfg=", - "owner": "rust-lang", - "repo": "rust-analyzer", - "rev": "591e3b7624be97e4443ea7b5542c191311aa141d", - "type": "github" - }, - "original": { - "owner": "rust-lang", - "ref": "nightly", - "repo": "rust-analyzer", - "type": "github" - } - }, - "rust-overlay": { - "inputs": { - "nixpkgs": [ - "lanzaboote", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1773544328, - "narHash": "sha256-Iv+qez54LAz+isij4APBk31VWA//Go81hwFOXr5iWTw=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "4f977d776793c8bfbfdd7eca7835847ccc48874e", - "type": "github" - }, - "original": { - "owner": "oxalica", - "repo": "rust-overlay", - "type": "github" - } - }, - "rust-overlay_2": { - "inputs": { - "nixpkgs": [ - "ytbn-graphing-software", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1764729618, - "narHash": "sha256-z4RA80HCWv2los1KD346c+PwNPzMl79qgl7bCVgz8X0=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "52764074a85145d5001bf0aa30cb71936e9ad5b8", - "type": "github" - }, - "original": { - "owner": "oxalica", - "repo": "rust-overlay", - "type": "github" - } - }, - "senior_project-website": { - "flake": false, - "locked": { - "lastModified": 1775019649, - "narHash": "sha256-zVQy5ydiWKnIixf79pmd2LJTPkwyiv4V5piKZETDdwI=", - "owner": "Titaniumtown", - "repo": "senior-project-website", - "rev": "bfd504c77c90524b167158652e1d87a260680120", - "type": "github" - }, - "original": { - "owner": "Titaniumtown", - "repo": "senior-project-website", - "type": "github" - } - }, - "srvos": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1776306894, - "narHash": "sha256-l4N3O1cfXiQCHJGspAkg6WlZyOFBTbLXhi8Anf8jB0g=", - "owner": "nix-community", - "repo": "srvos", - "rev": "01d98209264c78cb323b636d7ab3fe8e7a8b60c7", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "srvos", - "type": "github" - } - }, - "systems": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_3": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_4": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_5": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_6": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "trackerlist": { - "flake": false, - "locked": { - "lastModified": 1776290985, - "narHash": "sha256-eNWDOLBA0vk1TiKqse71siIAgLycjvBFDw35eAtnUPs=", - "owner": "ngosang", - "repo": "trackerslist", - "rev": "9bb380b3c2a641a3289f92dedef97016f2e47f36", - "type": "github" - }, - "original": { - "owner": "ngosang", - "repo": "trackerslist", - "type": "github" - } - }, - "utils": { - "inputs": { - "systems": "systems_3" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "vpn-confinement": { - "locked": { - "lastModified": 1767604552, - "narHash": "sha256-FddhMxnc99KYOZ/S3YNqtDSoxisIhVtJ7L4s8XD2u0A=", - "owner": "Maroka-chan", - "repo": "VPN-Confinement", - "rev": "a6b2da727853886876fd1081d6bb2880752937f3", - "type": "github" - }, - "original": { - "owner": "Maroka-chan", - "repo": "VPN-Confinement", - "type": "github" - } - }, - "website": { - "flake": false, - "locked": { - "lastModified": 1773169503, - "narHash": "sha256-P+T2H18k3zmEHxu7ZIDYyTrK5G3KUcZYW1AzVMKyCMs=", - "ref": "refs/heads/main", - "rev": "ae7a7d8325f841c52efb6fd81c4956b84631aa06", - "revCount": 24, - "type": "git", - "url": "https://git.sigkill.computer/titaniumtown/website" - }, - "original": { - "type": "git", - "url": "https://git.sigkill.computer/titaniumtown/website" - } - }, - "ytbn-graphing-software": { - "inputs": { - "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs_3", - "rust-overlay": "rust-overlay_2" - }, - "locked": { - "lastModified": 1765615270, - "narHash": "sha256-12C6LccKRe5ys0iRd+ob+BliswUSmqOKWhMTI8fNpr0=", - "ref": "refs/heads/main", - "rev": "ac6265eae734363f95909df9a3739bf6360fa721", - "revCount": 1130, - "type": "git", - "url": "https://git.sigkill.computer/titaniumtown/YTBN-Graphing-Software" - }, - "original": { - "type": "git", - "url": "https://git.sigkill.computer/titaniumtown/YTBN-Graphing-Software" - } - } - }, - "root": "root", - "version": 7 -} diff --git a/legacy/server-config/flake.nix b/legacy/server-config/flake.nix deleted file mode 100644 index 38833e4..0000000 --- a/legacy/server-config/flake.nix +++ /dev/null @@ -1,281 +0,0 @@ -{ - description = "Flake for server muffin"; - - inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11"; - - lanzaboote = { - url = "github:nix-community/lanzaboote"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - - nixos-hardware.url = "github:NixOS/nixos-hardware/master"; - - nix-minecraft = { - url = "github:Infinidoge/nix-minecraft"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - - vpn-confinement.url = "github:Maroka-chan/VPN-Confinement"; - - home-manager = { - url = "github:nix-community/home-manager/release-25.11"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - - disko = { - url = "github:nix-community/disko"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - - llamacpp = { - url = "github:TheTom/llama-cpp-turboquant/feature/turboquant-kv-cache"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - - srvos = { - url = "github:nix-community/srvos"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - - deploy-rs = { - url = "github:serokell/deploy-rs"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - - impermanence = { - url = "github:nix-community/impermanence"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - - agenix = { - url = "github:ryantm/agenix"; - inputs.nixpkgs.follows = "nixpkgs"; - inputs.home-manager.follows = "home-manager"; - inputs.darwin.follows = ""; - }; - - senior_project-website = { - url = "github:Titaniumtown/senior-project-website"; - flake = false; - }; - - website = { - url = "git+https://git.sigkill.computer/titaniumtown/website"; - flake = false; - }; - - trackerlist = { - url = "github:ngosang/trackerslist"; - flake = false; - }; - - ytbn-graphing-software = { - url = "git+https://git.sigkill.computer/titaniumtown/YTBN-Graphing-Software"; - }; - - arr-init = { - url = "git+ssh://gitea@git.gardling.com/titaniumtown/arr-init"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - - nixpkgs-p2pool-module = { - url = "github:JacoMalan1/nixpkgs/create-p2pool-service"; - flake = false; - }; - - qbittorrent-metrics-exporter = { - url = "git+https://codeberg.org/anriha/qbittorrent-metrics-exporter"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - }; - - outputs = - { - self, - nixpkgs, - nix-minecraft, - nixos-hardware, - vpn-confinement, - home-manager, - lanzaboote, - disko, - srvos, - deploy-rs, - impermanence, - arr-init, - nixpkgs-p2pool-module, - ... - }@inputs: - let - username = "primary"; - hostname = "muffin"; - eth_interface = "enp4s0"; - system = "x86_64-linux"; - - service_configs = import ./service-configs.nix; - - # Bootstrap pkgs used only to apply patches to nixpkgs source. - bootstrapPkgs = import nixpkgs { inherit system; }; - - # Patch nixpkgs to add PostgreSQL backend support for firefox-syncserver. - patchedNixpkgsSrc = bootstrapPkgs.applyPatches { - name = "nixpkgs-patched"; - src = nixpkgs; - patches = [ - ./patches/nixpkgs/0001-firefox-syncserver-add-postgresql-backend-support.patch - ]; - }; - - pkgs = import patchedNixpkgsSrc { - inherit system; - targetPlatform = system; - buildPlatform = builtins.currentSystem; - }; - lib = import ./modules/lib.nix { inherit inputs pkgs service_configs; }; - testSuite = import ./tests/tests.nix { - inherit pkgs lib inputs; - config = self.nixosConfigurations.muffin.config; - }; - in - { - formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt-tree; - nixosConfigurations.${hostname} = lib.nixosSystem { - inherit system; - specialArgs = { - inherit - username - hostname - eth_interface - service_configs - inputs - ; - }; - modules = [ - # SAFETY! port sanity checks - ( - { config, lib, ... }: - let - publicPorts = lib.attrValues service_configs.ports.public; - privatePorts = lib.attrValues service_configs.ports.private; - allPortNumbers = map (p: p.port) (publicPorts ++ privatePorts); - uniquePortNumbers = lib.unique allPortNumbers; - - # Which public ports must be in each firewall list - publicTcp = map (p: p.port) (lib.filter (p: p.proto == "tcp" || p.proto == "both") publicPorts); - publicUdp = map (p: p.port) (lib.filter (p: p.proto == "udp" || p.proto == "both") publicPorts); - - privatePortNumbers = map (p: p.port) privatePorts; - - fwTcp = config.networking.firewall.allowedTCPPorts; - fwUdp = config.networking.firewall.allowedUDPPorts; - - missingTcp = lib.filter (p: !(builtins.elem p fwTcp)) publicTcp; - missingUdp = lib.filter (p: !(builtins.elem p fwUdp)) publicUdp; - leakedTcp = lib.filter (p: builtins.elem p fwTcp) privatePortNumbers; - leakedUdp = lib.filter (p: builtins.elem p fwUdp) privatePortNumbers; - in - { - config.assertions = [ - { - assertion = (lib.length allPortNumbers) == (lib.length uniquePortNumbers); - message = "Duplicate port numbers detected in ports.public / ports.private"; - } - { - assertion = missingTcp == [ ]; - message = "Public ports missing from allowedTCPPorts: ${builtins.toString missingTcp}"; - } - { - assertion = missingUdp == [ ]; - message = "Public ports missing from allowedUDPPorts: ${builtins.toString missingUdp}"; - } - { - assertion = leakedTcp == [ ] && leakedUdp == [ ]; - message = "Private ports leaked into firewall allow-lists — TCP: ${builtins.toString leakedTcp}, UDP: ${builtins.toString leakedUdp}"; - } - ]; - } - ) - - # sets up things like the watchdog - srvos.nixosModules.server - - # diff terminal support - srvos.nixosModules.mixins-terminfo - - ./disk-config.nix - ./configuration.nix - - # Replace upstream firefox-syncserver module + package with patched - # versions that add PostgreSQL backend support. - { - disabledModules = [ "services/networking/firefox-syncserver.nix" ]; - imports = [ - "${patchedNixpkgsSrc}/nixos/modules/services/networking/firefox-syncserver.nix" - ]; - nixpkgs.overlays = [ - nix-minecraft.overlay - (import ./modules/overlays.nix) - (_final: prev: { - syncstorage-rs = - prev.callPackage "${patchedNixpkgsSrc}/pkgs/by-name/sy/syncstorage-rs/package.nix" - { }; - }) - ]; - nixpkgs.config.allowUnfreePredicate = - pkg: - builtins.elem (nixpkgs.lib.getName pkg) [ - "minecraft-server" - ]; - } - - lanzaboote.nixosModules.lanzaboote - - arr-init.nixosModules.default - - (import "${nixpkgs-p2pool-module}/nixos/modules/services/networking/p2pool.nix") - - home-manager.nixosModules.home-manager - ( - { - home-manager, - ... - }: - { - home-manager.users.${username} = import ./modules/home.nix; - } - ) - ] - ++ (with nixos-hardware.nixosModules; [ - common-cpu-amd-pstate - common-cpu-amd-zenpower - common-pc-ssd - common-gpu-intel - ]); - }; - - deploy.nodes.muffin = { - hostname = "server-public"; - profiles.system = { - sshUser = "root"; - user = "root"; - path = deploy-rs.lib.${system}.activate.nixos self.nixosConfigurations.muffin; - }; - }; - - checks.${system} = testSuite; - - packages.${system} = { - tests = pkgs.linkFarm "all-tests" ( - pkgs.lib.mapAttrsToList (name: test: { - name = name; - path = test; - }) testSuite - ); - } - // (pkgs.lib.mapAttrs' (name: test: { - name = "test-${name}"; - value = test; - }) testSuite); - }; -}