diff --git a/containers/emerald/configuration.nix b/containers/emerald/configuration.nix index 421ddb0..f69a4c6 100644 --- a/containers/emerald/configuration.nix +++ b/containers/emerald/configuration.nix @@ -16,8 +16,7 @@ ShareURL = "https://${shareFqdn}"; EnableSharing = true; DataFolder = "/persist/navidrome"; - MusicFolder = "/binds/music/main"; + MusicFolder = "/binds/music"; }; }; - systemd.services.navidrome.serviceConfig.BindReadOnlyPaths = ["/binds/music"]; } diff --git a/containers/emerald/flake.nix b/containers/emerald/flake.nix index 5ee69e4..9c9acdc 100644 --- a/containers/emerald/flake.nix +++ b/containers/emerald/flake.nix @@ -9,11 +9,11 @@ shareFqdn = "muse.lava.moe"; subnetId = "5"; - subnet = x: "fd0d:2::${subnetId}:${toString x}"; + subnet = x: "fd0d:1::${subnetId}:${toString x}"; host = subnet 1; client = subnet 2; - subnet4 = x: "10.32.${subnetId}.${toString x}"; + subnet4 = x: "10.30.${subnetId}.${toString x}"; host4 = subnet4 1; client4 = subnet4 2; @@ -39,7 +39,13 @@ useACMEHost = "lava.moe"; forceSSL = true; locations."/".proxyPass = "http://[${client}]:4533"; - listenAddresses = [ "100.67.2.1" ]; + listenAddresses = [ "10.0.0.1" "[fd0d::1]" "100.67.1.1" ]; + }; + services.nginx.virtualHosts."${shareFqdn}" = { + useACMEHost = "lava.moe"; + forceSSL = true; + locations."/".return = "404"; + locations."/share/".proxyPass = "http://[${client}]:4533"; }; systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ]; @@ -62,7 +68,7 @@ isReadOnly = false; }; bindMounts."music" = { - hostPath = "/flower/media/music"; + hostPath = "/persist/media/music"; mountPoint = "/binds/music"; isReadOnly = true; }; diff --git a/hosts/alyssum/default.nix b/hosts/alyssum/default.nix index 06c415f..3eb7289 100644 --- a/hosts/alyssum/default.nix +++ b/hosts/alyssum/default.nix @@ -5,8 +5,6 @@ age.secrets = { acme_dns.file = ../../secrets/acme_dns.age; - passwd.file = ../../secrets/passwd.age; - navidrome_env.file = ../../secrets/navidrome_env.age; wpa_conf = { file = ../../secrets/wpa_conf.age; path = "/etc/wpa_supplicant/imperative.conf"; @@ -28,14 +26,11 @@ modules.services.nginx modules.services.syncthing - inputs.c-emerald.nixosModule inputs.c-garnet.nixosModule ./filesystem.nix ./kernel.nix ./networking.nix - ./home.syncthing.nix - ./samba.nix ../../users/hana ]; diff --git a/hosts/alyssum/home.syncthing.nix b/hosts/alyssum/home.syncthing.nix deleted file mode 100644 index 8d5a1cc..0000000 --- a/hosts/alyssum/home.syncthing.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ config, lib, ... }: -let - configOn = user: port: { - me.binds."/home/${user}/.config/syncthing" = "${user}/syncthing/config"; - me.binds."/home/${user}/.local/state/syncthing" = "${user}/syncthing/state"; - - systemd.tmpfiles.rules = [ "d /flower/syncthing/${user} 700 ${user} users" ]; - - users.users.${user} = { - hashedPasswordFile = config.age.secrets.passwd.path; - isNormalUser = true; - linger = true; - }; - home-manager.users.${user} = { ... }: { - home = { - username = "${user}"; - homeDirectory = "/home/${user}"; - stateVersion = "26.05"; - }; - services.syncthing = { - enable = true; - guiAddress = "[::]:${toString port}"; - overrideDevices = false; - overrideFolders = false; - settings = { - options.listenAddresses = [ - "tcp://0.0.0.0:2${toString port}" - "quic://0.0.0.0:2${toString port}" - "dynamic+https://relays.syncthing.net/endpoint" - ]; - defaults.folder.path = "/flower/syncthing/${user}"; - }; - }; - }; - }; -in lib.mkMerge [ - (configOn "kujira" 8385) - (configOn "cilly" 8386) -] diff --git a/hosts/alyssum/samba.nix b/hosts/alyssum/samba.nix deleted file mode 100644 index d876981..0000000 --- a/hosts/alyssum/samba.nix +++ /dev/null @@ -1,84 +0,0 @@ -{ config, lib, pkgs, ... }: -let - configOn = user: let - passwd_fname = "passwd_smb${user}"; - in { - age.secrets.${passwd_fname}.file = ../../secrets/${passwd_fname}.age; - me.binds."/flower/smb/${user}/music" = "/flower/media/music/${user}"; - me.binds."/flower/smb/${user}/syncthing" = "/flower/syncthing/${user}"; - - users.users.${user} = { - hashedPasswordFile = config.age.secrets.passwd.path; - isNormalUser = true; - }; - - system.activationScripts = { - init_smbpasswd.text = let - smbpasswd = "${config.services.samba.package}/bin/smbpasswd"; - in '' - printf "$(cat ${config.age.secrets.${passwd_fname}.path})\n$(cat ${config.age.secrets.${passwd_fname}.path})\n" | ${smbpasswd} -sa ${user} - ''; - }; - services.samba.settings."${user}" = { - "path" = "/flower/smb/${user}"; - "browseable" = "yes"; - "read only" = "no"; - "guest ok" = "no"; - "create mask" = "0644"; - "directory mask" = "0755"; - "force user" = user; - "force group" = "users"; - "valid users" = user; - }; - }; -in lib.mkMerge [ - (configOn "cilly") - (configOn "kujira") - { - me.binds."/flower/smb/kujira/opencloud" = "/flower/opencloud/data/storage/users/users/a8e29fc0-673c-4c67-be00-2442904acb43"; - - networking.firewall.allowPing = true; - - services.samba = { - enable = true; - package = pkgs.samba4Full; - openFirewall = true; - settings = { - global = { - "server smb encrypt" = "required"; - "workgroup" = "WORKGROUP"; - "server string" = "smbnix"; - "netbios name" = "smbnix"; - "security" = "user"; - "hosts allow" = "100.64.0.0/10 127.0.0.1 alyssum localhost"; - "hosts deny" = "0.0.0.0/0"; - "guest account" = "nobody"; - "map to guest" = "bad user"; - }; - "public" = { - "path" = "/flower/smb/public"; - "browseable" = "yes"; - "read only" = "no"; - "guest ok" = "yes"; - "create mask" = "0644"; - "directory mask" = "0755"; - "force user" = "hana"; - "force group" = "users"; - }; - }; - }; - - services.samba-wsdd = { - enable = true; - openFirewall = true; - }; - - services.avahi = { - enable = true; - openFirewall = true; - nssmdns4 = true; - publish.enable = true; - publish.userServices = true; - }; - } -] diff --git a/hosts/dandelion/default.nix b/hosts/dandelion/default.nix index f65dfd1..33b6eec 100644 --- a/hosts/dandelion/default.nix +++ b/hosts/dandelion/default.nix @@ -5,6 +5,7 @@ age.secrets = { acme_dns.file = ../../secrets/acme_dns.age; + navidrome_env.file = ../../secrets/navidrome_env.age; slskd_env.file = ../../secrets/slskd_env.age; wg_dandelion.file = ../../secrets/wg_dandelion.age; }; @@ -30,12 +31,12 @@ inputs.c-beryllium.nixosModule inputs.c-citrine.nixosModule inputs.c-diamond.nixosModule + inputs.c-emerald.nixosModule inputs.c-fluorite.nixosModule ./filesystem.nix ./kernel.nix ./networking.nix - ./nginx.nix ../../users/hana ]; diff --git a/hosts/dandelion/filesystem.nix b/hosts/dandelion/filesystem.nix index 861bc15..4dd6a55 100644 --- a/hosts/dandelion/filesystem.nix +++ b/hosts/dandelion/filesystem.nix @@ -22,7 +22,7 @@ in { "/" = { device = "rootfs"; fsType = "tmpfs"; - options = [ "defaults" "size=6G" "mode=755" ]; + options = [ "defaults" "size=12G" "mode=755" ]; }; "/boot" = mkLabelMount "UEFI" "vfat"; diff --git a/hosts/dandelion/nginx.nix b/hosts/dandelion/nginx.nix deleted file mode 100644 index c29de38..0000000 --- a/hosts/dandelion/nginx.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ ... }: { - services.nginx.virtualHosts."muse.lava.moe" = { - useACMEHost = "lava.moe"; - forceSSL = true; - locations."/".return = "404"; - locations."/share/".proxyPass = "http://[fd0d:2::5:2]:4533"; - }; -} diff --git a/modules/binds.nix b/modules/binds.nix index c9ffe18..9c7d4ad 100644 --- a/modules/binds.nix +++ b/modules/binds.nix @@ -1,12 +1,8 @@ { config, lib, ...}: { imports = [ ./options.nix ]; - fileSystems = lib.mapAttrs (dest: key: let - target = if (lib.strings.hasPrefix "/" key) - then key - else "/persist/binds/${key}"; - in { + fileSystems = lib.mapAttrs (dest: key: { depends = [ "/persist" ]; - device = target; + device = "/persist/binds/${key}"; fsType = "none"; options = [ "bind" ]; }) config.me.binds; diff --git a/modules/system/nix.nix b/modules/system/nix.nix index eb14f73..6a6fd04 100644 --- a/modules/system/nix.nix +++ b/modules/system/nix.nix @@ -1,6 +1,5 @@ -{ config, inputs, pkgs, ... }: { +{ config, lib, pkgs, ... }: { nix = { - nixPath = [ "nixpkgs=${inputs.nixpkgs}" ]; package = pkgs.nixVersions.latest; settings = rec { diff --git a/modules/user/neovim.nix b/modules/user/neovim.nix index 2b8d4c1..d691c61 100644 --- a/modules/user/neovim.nix +++ b/modules/user/neovim.nix @@ -1,9 +1,9 @@ -{ config, lib, pkgs, sysConfig, ... }: +{ config, lib, pkgs, ... }: let luaconf = pkgs.writeText "config.lua" (lib.replaceStrings - ["{{OMNISHARP_PATH}}" "{{DART_PATH}}" "{{CATPPUCCIN_FLAVOUR}}" "{{USERNAME}}" "{{HOSTNAME}}"] - ["${pkgs.omnisharp-roslyn}/bin/OmniSharp" "${pkgs.dart}/bin/dart" config.catppuccin.nvim.flavor config.home.username sysConfig.networking.hostName] + ["{{OMNISHARP_PATH}}" "{{DART_PATH}}" "{{CATPPUCCIN_FLAVOUR}}"] + ["${pkgs.omnisharp-roslyn}/bin/OmniSharp" "${pkgs.dart}/bin/dart" config.catppuccin.nvim.flavor] (builtins.readFile ../../res/config.lua)); in { systemd.user.tmpfiles.rules = [ @@ -21,7 +21,6 @@ in { withRuby = false; extraPackages = with pkgs; [ - nixd rust-analyzer texlab astro-language-server diff --git a/res/config.lua b/res/config.lua index c0b5dad..3e91e28 100644 --- a/res/config.lua +++ b/res/config.lua @@ -167,7 +167,7 @@ vim.diagnostic.config({ capabilities = require('cmp_nvim_lsp').default_capabilities(capabilities) -local servers = { 'astro', 'clangd', 'cssls', 'html', 'tailwindcss', 'texlab', 'ts_ls', 'yamlls' } +local servers = { 'astro', 'clangd', 'cssls', 'html', 'nil_ls', 'tailwindcss', 'texlab', 'ts_ls', 'yamlls' } for _, lsp in ipairs(servers) do vim.lsp.config(lsp, { capabilities = capabilities, @@ -292,32 +292,6 @@ vim.lsp.config("diagnosticls", { }) vim.lsp.enable("diagnosticls") --- LSP/nixd -vim.lsp.config("nixd", { - cmd = { "nixd" }, - filetypes = { "nix" }, - root_markers = { "flake.nix", ".git" }, - settings = { - nixd = { - nixpkgs = { - expr = "import { }", - }, - formatting = { - command = { "nixfmt" }, - }, - options = { - nixos = { - expr = '(builtins.getFlake (toString ./.)).nixosConfigurations.{{HOSTNAME}}.options', - }, - home_manager = { - expr = '(builtins.getFlake (builtins.toString ./.)).nixosConfigurations."{{USERNAME}}@{{HOSTNAME}}".options.home-manager.users.type.getSubOptions []', - }, - }, - }, - }, -}) -vim.lsp.enable("nixd") - -- LSP/Signatures require("lsp_signature").setup { hint_enable = false, diff --git a/secrets.nix b/secrets.nix index b1f55e5..d2dbc82 100644 --- a/secrets.nix +++ b/secrets.nix @@ -7,13 +7,11 @@ let rin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPru5eTBvHJ4ZmrrzPRHCGM09wQP/ZHSaKYalDuBVO15"; in { - "secrets/passwd.age".publicKeys = [ alyssum anemone blossom rin ]; - "secrets/passwd_smbcilly.age".publicKeys = [ alyssum rin ]; - "secrets/passwd_smbkujira.age".publicKeys = [ alyssum rin ]; + "secrets/passwd.age".publicKeys = [ anemone blossom rin ]; "secrets/wpa_conf.age".publicKeys = [ alyssum blossom rin ]; "secrets/acme_dns.age".publicKeys = [ alyssum dandelion hazel rin ]; - "secrets/navidrome_env.age".publicKeys = [ alyssum dandelion rin ]; + "secrets/navidrome_env.age".publicKeys = [ anemone dandelion rin ]; "secrets/slskd_env.age".publicKeys = [ anemone dandelion rin ]; "secrets/tailscale_auth.age".publicKeys = [ alyssum anemone blossom dandelion rin ]; "secrets/warden_admin.age".publicKeys = [ rin ]; diff --git a/secrets/navidrome_env.age b/secrets/navidrome_env.age index 7df364f..6cb705c 100644 Binary files a/secrets/navidrome_env.age and b/secrets/navidrome_env.age differ diff --git a/secrets/passwd.age b/secrets/passwd.age index 05ad906..64ec861 100644 Binary files a/secrets/passwd.age and b/secrets/passwd.age differ diff --git a/secrets/passwd_smbcilly.age b/secrets/passwd_smbcilly.age deleted file mode 100644 index 41ad172..0000000 --- a/secrets/passwd_smbcilly.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 kOMSPw CQaXT9/nw3NGD2/H/ctSQGXIoacgjfKQ24wkpEieLSQ -i4xEXgWGQ7xgQyaDQQIeDuiCLjA6Le23qSnv8C1cbcI --> ssh-ed25519 U9FXlg GL4dCSCku/FA6ipb9XI1AxO4lhm2r/1lRAeqaGrB32o -+pPgqwnoPi3wJLobTimVMj0rng+XRapRG6jTYFXSsDM ---- eVgn3ON19pqq+L832bqlbkHUQXdaTI+LfSL4bYfEdew -Æ*Œl\ÈWç!J7E/´»îò"f@%\ìüÏ[¨òj8fÓ¶›ž \ No newline at end of file diff --git a/secrets/passwd_smbkujira.age b/secrets/passwd_smbkujira.age deleted file mode 100644 index 71b6bb8..0000000 --- a/secrets/passwd_smbkujira.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 kOMSPw Kn+LPMoyOrVwI/nrGgnxgVA3D+tVY9Tccg/Yx/jL+E8 -IfWiSBh7KgNvgcHlcDzfdcB9nxm1zy12Ae7AGm39fdE --> ssh-ed25519 U9FXlg 6eIIGEIYDo02FBsgBnwbuOeR8t4xB6jSmLfIL73UCDg -QOc0ddunQQcVEVD20DKKpn3wZWUSveFJSUTBnv+xnNk ---- MjN2i0FNzbUpBGUDNgWGXrRsYl2gtsQX+JlzZV/fYdw -TÎ <ç‘R#d ĆÌŽlLkáN¦½º8´cÃ_N¬)±ŠT \ No newline at end of file diff --git a/users/rin/packages.nix b/users/rin/packages.nix index 3fe0129..afc711b 100644 --- a/users/rin/packages.nix +++ b/users/rin/packages.nix @@ -15,6 +15,7 @@ in { ffmpeg gnupg kitty + nil nodejs_latest pamixer pnpm