From 51a67d039fefdf08f9fc45b84e842783cff918b4 Mon Sep 17 00:00:00 2001 From: Emile Clark-Boman Date: Thu, 29 Jan 2026 14:39:15 +1000 Subject: [PATCH 01/19] add nix-unit --- hosts/lolcathost/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/lolcathost/default.nix b/hosts/lolcathost/default.nix index 1c9c270..f3c5943 100755 --- a/hosts/lolcathost/default.nix +++ b/hosts/lolcathost/default.nix @@ -321,6 +321,7 @@ in { nixd # lsp for nix nix-prefetch-git nix-index + nix-unit deploy-rs # Python From ba1a3fe07e3af0c56527b1f8123371e2cd4519d3 Mon Sep 17 00:00:00 2001 From: Emile Clark-Boman Date: Thu, 29 Jan 2026 14:39:59 +1000 Subject: [PATCH 02/19] helix module remove redudancy --- homes/modules/editor/helix.nix | 117 ++++++++++++++++++++------------- hosts/lolcathost/default.nix | 8 +-- hosts/myputer/default.nix | 15 ----- 3 files changed, 74 insertions(+), 66 deletions(-) diff --git a/homes/modules/editor/helix.nix b/homes/modules/editor/helix.nix index 30dad17..81f7959 100755 --- a/homes/modules/editor/helix.nix +++ b/homes/modules/editor/helix.nix @@ -1,5 +1,55 @@ -{pkgs, ...}: { - # read https://docs.helix-editor.com/editor.html +{ + pkgs, + pkgs-unstable, + ... +}: let + lsps = let + mkLsp = pkg: path: {inherit pkg path;}; + in { + bash-language-server = + mkLsp + pkgs.bash-language-server + "/bin/bash-language-server"; + + clangd = + mkLsp + pkgs.clang-tools + "/bin/clangd"; + + haskell-language-server = + mkLsp + pkgs.haskell-language-server + "/bin/haskell-language-server-wrapper"; + + # TODO: once upgraded past Nix-24.07 this line won't be necessary (I think) + # helix will support nixd by default + # SOURCE: https://github.com/nix-community/nixd/blob/main/nixd/docs/editor-setup.md#Helix + nixd = + mkLsp + pkgs.nixd + "/bin/nixd"; + + OmniSharp = + mkLsp + pkgs.omnisharp-roslyn + "/bin/OmniSharp"; + + rust-analyzer = + mkLsp + pkgs.rust-analyzer + "/bin/rust-analyzer"; + + ty = + mkLsp + pkgs.ty + "/bin/ty"; + }; +in { + environment.systemPackages = + lsps + |> map (lsp: lsp.pkg); + + # REF: https://docs.helix-editor.com/editor.html programs.helix = { enable = true; settings = { @@ -128,11 +178,12 @@ }; auto-format = false; # my python is beautiful ^_^ rulers = [80]; + language-servers = ["ty"]; } { name = "c"; file-types = ["c" "h"]; # use .hpp for C++ - auto-format = false; + auto-format = true; formatter.command = "${pkgs.clang-tools}/bin/clang-format"; language-servers = ["clangd"]; } @@ -152,49 +203,27 @@ formatter.command = "${pkgs.rustfmt}/bin/rustfmt"; language-servers = ["rust-analyzer"]; } - # { - # name = "c-sharp"; - # source = "source.cs"; - # file-types = ["cs"]; - # indent = { - # tab-width = 4; - # unit = " "; - # }; - # block-comment-tokens = { - # start = "/*"; - # end = "*/"; - # }; - # # auto-format = false; - # # formatter.command = "${pkgs.omnisharp-roslyn}/bin/OmniSharp"; - # # language-servers = ["OmniSharp"]; - # } + { + name = "c-sharp"; + source = "source.cs"; + file-types = ["cs"]; + indent = { + tab-width = 4; + unit = " "; + }; + block-comment-tokens = { + start = "/*"; + end = "*/"; + }; + # auto-format = false; + # formatter.command = "${pkgs.omnisharp-roslyn}/bin/OmniSharp"; + # language-servers = ["OmniSharp"]; + } ]; - language-server = { - # use nixd as default nix lsp (I haven't tried nil yet) - # NOTE: nixd will be supported by default after nix 24.07 - # SOURCE: https://github.com/nix-community/nixd/blob/main/nixd/docs/editor-setup.md#Helix - nixd = { - command = "${pkgs.nixd}/bin/nixd"; - }; - # clangd for C - clangd = { - command = "${pkgs.clang-tools}/bin/clangd"; - }; - - haskell-language-server = { - command = "${pkgs.haskell-language-server}/bin/haskell-language-server-wrapper"; - }; - - rust-analyzer = { - command = "${pkgs.rust-analyzer}/bin/rust-analyzer"; - }; - - # C# language services - OmniSharp = { - command = "${pkgs.omnisharp-roslyn}/bin/OmniSharp"; - }; - }; + language-server = + lsps + |> builtins.mapAttrs (_: lsp: "${lsp.pkg}${lsp.path}"); }; }; } diff --git a/hosts/lolcathost/default.nix b/hosts/lolcathost/default.nix index f3c5943..4119d78 100755 --- a/hosts/lolcathost/default.nix +++ b/hosts/lolcathost/default.nix @@ -296,13 +296,12 @@ in { # C Family gcc clang - clang-tools + # Rust cargo rustc rustfmt - rust-analyzer # Go go # Nim @@ -311,14 +310,9 @@ in { # Haskell ghc ghcid - haskell-language-server ormolu # Nix - # TODO: once upgraded past Nix-24.07 this line won't be necessary (I think) - # helix will support nixd by default - # SOURCE: https://github.com/nix-community/nixd/blob/main/nixd/docs/editor-setup.md#Helix - nixd # lsp for nix nix-prefetch-git nix-index nix-unit diff --git a/hosts/myputer/default.nix b/hosts/myputer/default.nix index aecd7ce..60098b1 100755 --- a/hosts/myputer/default.nix +++ b/hosts/myputer/default.nix @@ -307,19 +307,9 @@ in { # Haskell ghc ghcid - haskell-language-server ormolu # Java - # jdk17 - # (jre8.overrideAttrs - # (oldAttrs: { - # enableJavaFX = true; - # })) - # (jdk8.overrideAttrs - # (oldAttrs: { - # enableJavaFX = true; - # })) visualvm # Python @@ -357,11 +347,6 @@ in { tesseract # for my work with Agribit - # TODO: once upgraded past Nix-24.07 this line won't be necessary (I think) - # helix will support nixd by default - # SOURCE: https://github.com/nix-community/nixd/blob/main/nixd/docs/editor-setup.md#Helix - # nixd # lsp for nix # DEBUG - # Pretty necessary git git-filter-repo From 3a5e6dcbed3d815992af5b9621b73ef85d2024e2 Mon Sep 17 00:00:00 2001 From: Emile Clark-Boman Date: Thu, 29 Jan 2026 14:40:18 +1000 Subject: [PATCH 03/19] ./deploy use --intend-to-add on call to `git add` --- deploy | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/deploy b/deploy index 911d054..08b95d0 100755 --- a/deploy +++ b/deploy @@ -19,7 +19,8 @@ collect_garbage () { rebuild_flake () { # make sure all changes are visible to nixos - git add . --verbose + # (--intent-to-add tracks files but DOES NOT stage them) + git add . --intent-to-add --verbose local FLAGS= if [ "$1" = "reinstall-bootloader" ]; then FLAGS="--install-bootloader" From 7d4353bffeb5740f4b76aef1b1222d6a8bcc84d1 Mon Sep 17 00:00:00 2001 From: Emile Clark-Boman Date: Sat, 31 Jan 2026 08:36:10 +1000 Subject: [PATCH 04/19] major buff to the helix module --- homes/modules/editor/helix.nix | 59 ++++++++++++++++++---------------- 1 file changed, 32 insertions(+), 27 deletions(-) diff --git a/homes/modules/editor/helix.nix b/homes/modules/editor/helix.nix index 81f7959..3d831c1 100755 --- a/homes/modules/editor/helix.nix +++ b/homes/modules/editor/helix.nix @@ -3,50 +3,56 @@ pkgs-unstable, ... }: let - lsps = let - mkLsp = pkg: path: {inherit pkg path;}; - in { + lsps = { bash-language-server = - mkLsp - pkgs.bash-language-server - "/bin/bash-language-server"; + { + pkg = pkgs.bash-language-server; + cmd = "bash-language-server"; + }; clangd = - mkLsp - pkgs.clang-tools - "/bin/clangd"; + { + pkg = pkgs.clang-tools; + cmd = "clangd"; + }; haskell-language-server = - mkLsp - pkgs.haskell-language-server - "/bin/haskell-language-server-wrapper"; + { + pkg = pkgs.haskell-language-server; + cmd = "haskell-language-server-wrapper"; + }; # TODO: once upgraded past Nix-24.07 this line won't be necessary (I think) # helix will support nixd by default # SOURCE: https://github.com/nix-community/nixd/blob/main/nixd/docs/editor-setup.md#Helix nixd = - mkLsp - pkgs.nixd - "/bin/nixd"; + { + pkg = pkgs.nixd; + cmd = "nixd"; + }; OmniSharp = - mkLsp - pkgs.omnisharp-roslyn - "/bin/OmniSharp"; + { + pkg = pkgs.omnisharp-roslyn; + cmd = "OmniSharp"; + }; rust-analyzer = - mkLsp - pkgs.rust-analyzer - "/bin/rust-analyzer"; + { + pkg = pkgs.rust-analyzer; + cmd = "rust-analyzer"; + }; ty = - mkLsp - pkgs.ty - "/bin/ty"; + { + pkg = pkgs-unstable.ty; + cmd = "ty"; + }; }; in { - environment.systemPackages = + home.packages = lsps + |> builtins.attrValues |> map (lsp: lsp.pkg); # REF: https://docs.helix-editor.com/editor.html @@ -205,7 +211,6 @@ in { } { name = "c-sharp"; - source = "source.cs"; file-types = ["cs"]; indent = { tab-width = 4; @@ -223,7 +228,7 @@ in { language-server = lsps - |> builtins.mapAttrs (_: lsp: "${lsp.pkg}${lsp.path}"); + |> builtins.mapAttrs (_: lsp: { command = "${lsp.pkg}/bin/${lsp.cmd}"; }); }; }; } From 6b6ce26c66e849096d5f06d828151216ad926184 Mon Sep 17 00:00:00 2001 From: Emile Clark-Boman Date: Sat, 31 Jan 2026 08:36:33 +1000 Subject: [PATCH 05/19] move hyrule services to services/ --- hosts/hyrule/{ => services}/mailserver.nix | 1 + hosts/hyrule/{ => services}/minecraft-server.nix | 0 2 files changed, 1 insertion(+) rename hosts/hyrule/{ => services}/mailserver.nix (95%) rename hosts/hyrule/{ => services}/minecraft-server.nix (100%) diff --git a/hosts/hyrule/mailserver.nix b/hosts/hyrule/services/mailserver.nix similarity index 95% rename from hosts/hyrule/mailserver.nix rename to hosts/hyrule/services/mailserver.nix index 49274f2..cd2adfc 100644 --- a/hosts/hyrule/mailserver.nix +++ b/hosts/hyrule/services/mailserver.nix @@ -28,6 +28,7 @@ aliases = ["emile@imbored.dev"]; hashedPasswordFile = let CWD = builtins.getEnv "PWD"; + # XXX: TODO: use a secrets manager! in "${CWD}/secrets/passwd/me"; }; }; diff --git a/hosts/hyrule/minecraft-server.nix b/hosts/hyrule/services/minecraft-server.nix similarity index 100% rename from hosts/hyrule/minecraft-server.nix rename to hosts/hyrule/services/minecraft-server.nix From 83e9a001db75d37742612958c27407294c527fab Mon Sep 17 00:00:00 2001 From: Emile Clark-Boman Date: Sat, 31 Jan 2026 08:37:39 +1000 Subject: [PATCH 06/19] hyrule use bashistrans.nix --- hosts/hyrule/default.nix | 29 ++--------------------------- hosts/modules/bashistrans.nix | 32 ++++++++++++++++++-------------- 2 files changed, 20 insertions(+), 41 deletions(-) diff --git a/hosts/hyrule/default.nix b/hosts/hyrule/default.nix index 72cf59f..c87d1ba 100755 --- a/hosts/hyrule/default.nix +++ b/hosts/hyrule/default.nix @@ -1,8 +1,6 @@ { pkgs, pkgs-unstable, - inputs, - lib, ... }: let home-manager = builtins.fetchTarball { @@ -20,6 +18,7 @@ in { #../modules/server/nginx.nix #../modules/server/ssh.nix #../modules/server/fail2ban.nix + ../modules/bashistrans.nix ]; nix.settings = { @@ -33,15 +32,6 @@ in { ]; }; - # nixpkgs.config.allowUnfreePredicate = let - # whitelist = map lib.getName [ - # "minecraft-server" - # pkgs.minecraft-server - # pkgs-unstable.minecraft-server - # ]; - # in - # pkg: builtins.elem (lib.getName pkg) whitelist; - time.timeZone = "Australia/Brisbane"; i18n.defaultLocale = "en_US.UTF-8"; @@ -480,6 +470,7 @@ in { }; }; }; + security = { # accept Lets Encrypt's security policy (for nginx) acme = { @@ -507,21 +498,5 @@ in { helix ]; - programs = { - fish.enable = true; - - bash = { - completion.enable = true; - - interactiveShellInit = '' - if [[ $(${pkgs.procps}/bin/ps --no-header --pid=$PPID --format=comm) != "fish" && -z ''${BASH_EXECUTION_STRING} ]] - then - shopt -q login_shell && LOGIN_OPTION='--login' || LOGIN_OPTION="" - exec ${pkgs.fish}/bin/fish $LOGIN_OPTION - fi - ''; - }; - }; - system.stateVersion = "24.11"; # DO NOT MODIFY } diff --git a/hosts/modules/bashistrans.nix b/hosts/modules/bashistrans.nix index d3b285c..e9d74ae 100644 --- a/hosts/modules/bashistrans.nix +++ b/hosts/modules/bashistrans.nix @@ -2,22 +2,26 @@ # I want to use fish as my login shell but it always goes terrible # cause it isn't POSIX compliant, so instead Bash is my login and # will just exec fish (^-^) - programs.bash = { - blesh.enable = false; # ble.sh replacement for GNU readline - completion.enable = true; + programs = { + fish.enable = true; - interactiveShellInit = '' - # help bash transition into a beautiful fish! - if [[ -z $CRY_BASH_IS_TRANS ]] - then - if [[ $(${pkgs.procps}/bin/ps --no-header --pid=$PPID --format=comm) != "fish" && -z ''${BASH_EXECUTION_STRING} ]] + bash = { + blesh.enable = false; # ble.sh replacement for GNU readline + completion.enable = true; + + interactiveShellInit = '' + # help bash transition into a beautiful fish! + if [[ -z $CRY_BASH_IS_TRANS ]] then - shopt -q login_shell && LOGIN_OPTION='--login' || LOGIN_OPTION="" - exec ${pkgs.fish}/bin/fish $LOGIN_OPTION + if [[ $(${pkgs.procps}/bin/ps --no-header --pid=$PPID --format=comm) != "fish" && -z ''${BASH_EXECUTION_STRING} ]] + then + shopt -q login_shell && LOGIN_OPTION='--login' || LOGIN_OPTION="" + exec ${pkgs.fish}/bin/fish $LOGIN_OPTION + fi fi - fi - # bash is trans now! (no more transitioning required) - export CRY_BASH_IS_TRANS=true - ''; + # bash is trans now! (no more transitioning required) + export CRY_BASH_IS_TRANS=true + ''; + }; }; } From 56af3c8919a817ea06f3613ef692f7a03567a93a Mon Sep 17 00:00:00 2001 From: Emile Clark-Boman Date: Sat, 31 Jan 2026 08:38:36 +1000 Subject: [PATCH 07/19] split hyrule config --- hosts/hyrule/default.nix | 324 +------------------------- hosts/hyrule/services/forgejo.nix | 150 ++++++++++++ hosts/hyrule/services/nginx.nix | 99 ++++++++ hosts/hyrule/services/vaultwarden.nix | 25 ++ 4 files changed, 278 insertions(+), 320 deletions(-) create mode 100644 hosts/hyrule/services/forgejo.nix create mode 100644 hosts/hyrule/services/nginx.nix create mode 100644 hosts/hyrule/services/vaultwarden.nix diff --git a/hosts/hyrule/default.nix b/hosts/hyrule/default.nix index c87d1ba..837fc4d 100755 --- a/hosts/hyrule/default.nix +++ b/hosts/hyrule/default.nix @@ -12,12 +12,12 @@ in { ./hardware-configuration.nix (import "${home-manager}/nixos") + ./services/forgejo.nix + ./services/vaultwarden.nix + ./services/nginx.nix # ./mailserver.nix # TEMP: location # ./minecraft-server.nix # TEMP: location - #../modules/server/nginx.nix - #../modules/server/ssh.nix - #../modules/server/fail2ban.nix ../modules/bashistrans.nix ]; @@ -82,30 +82,6 @@ in { ]; }; - # wireguard.interfaces = { - # wg0 = { - # ips = ["10.10.10.4/24"]; # my IP and the subnet (keyword: "AND") - # listenPort = 54231; - # - # privateKeyFile = "/root/wg_agrivpn_hyrule"; - # - # peers = [ - # { - # # peer's public key - # publicKey = "iZ4aqYjbT8O8tfUHEuV+yWLtdoQbdBb6Nt0M4usMSiY="; - # - # # choose which traffic to forward - # allowedIPs = ["10.0.51.0/24" "10.10.10.0/24"]; - # - # # TODO: route to endpoint not automatically configured https://wiki.archlinux.org/index.php/WireGuard#Loop_routing https://discourse.nixos.org/t/solved-minimal-firewall-setup-for-wireguard-client/7577 - # endpoint = "150.242.34.33:54231"; - # - # # send keepalives every 25 seconds. Important to keep NAT tables alive. - # persistentKeepalive = 25; - # } - # ]; - # }; - # }; wg-quick.interfaces = { wg0 = { address = [ @@ -140,7 +116,7 @@ in { extraGroups = ["wheel"]; shell = pkgs.bash; openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCsUZY45rgezi+8iROdcR5vPeacJ2fbMjlDijfUrH9hRX2FzCsg/4e3aFKhi2seZMmyTfbstxmDrrH8paUS5TibFgLFBGNngaF3CTjg85i5pm25Hr4IVo31oziBnTWaG6j3buYKtz5e1qSPzXywinJR+5+FCUJU7Fxa+EWTZcOX4wYgArSj4q73rZmvk5N0X44Mudt4nvpD2chvxygsdTzD6ph92qCuaJ/AbfmOoC7b/xvOaOVydUfgDLpHi9VZbd3akvvKxRfW6ZklldgXEzPXKMuastN0mwcBxvIb5G1Vkj8jtSVtKPc5psZ9/NWA5l38xH4qZ6z7eib6thtEMdtcKmTZEEWDADjqTea5Gj61c1n18cr6f3Tff+0bn/cxsl4Y0esi+aDeuCXYiIYNmeKBx0ttDNIxpk4J5Fdh6Xs+AZif5lnJErtu8TPy2aC0bc9wehTjMyvilTHfyerOD1ZJXhN2XwRVDGN7t7leAJZISJlPjqTDcw3Vfvzte/5JqS+FR+hbpG4uz2ix8kUa20u5YF2oSdGl8+zsdozVsdQm10Iv9WSXBV7t4m+oyodgtfzydBpmXq7aBXudCiEKw+7TC7F+1a4YFrVrCNXKFgKUpd1MiVLl7DIbzm5U9MD2BB3Fy7BPCzr3tW6/ExOhhpBWY+HnzVGQfkNr7dRcqfipKw== ae@imbored.dev" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCsUZY45rgezi+8iROdcR5vPeacJ2fbMjlDijfUrH9hRX2FzCsg/4e3aFKhi2seZMmyTfbstxmDrrH8paUS5TibFgLFBGNngaF3CTjg85i5pm25Hr4IVo31oziBnTWaG6j3buYKtz5e1qSPzXywinJR+5+FCUJU7Fxa+EWTZcOX4wYgArSj4q73rZmvk5N0X44Mudt4nvpD2chvxygsdTzD6ph92qCuaJ/AbfmOoC7b/xvOaOVydUfgDLpHi9VZbd3akvvKxRfW6ZklldgXEzPXKMuastN0mwcBxvIb5G1Vkj8jtSVtKPc5psZ9/NWA5l38xH4qZ6z7eib6thtEMdtcKmTZEEWDADjqTea5Gj61c1n18cr6f3Tff+0bn/cxsl4Y0esi+aDeuCXYiIYNmeKBx0ttDNIxpk4J5Fdh6Xs+AZif5lnJErtu8TPy2aC0bc9wehTjMyvilTHfyerOD1ZJXhN2XwRVDGN7t7leAJZISJlPjqTDcw3Vfvzte/5JqS+FR+hbpG4uz2ix8kUa20u5YF2oSdGl8+zsdozVsdQm10Iv9WSXBV7t4m+oyodgtfzydBpmXq7aBXudCiEKw+7TC7F+1a4YFrVrCNXKFgKUpd1MiVLl7DIbzm5U9MD2BB3Fy7BPCzr3tW6/ExOhhpBWY+HnzVGQfkNr7dRcqfipKw== ae@dobutterfliescry.net" ]; }; @@ -166,70 +142,6 @@ in { }; services = { - # simple nginx instance to host static construction page - # TODO: I want sshd and forgejo's ssh server to both be bound to port 22 - # So change sshd to listen on a different address/port (ie 2222 or 127.0.0.3:22, etc) - # and change forgejo to use 127.0.0.2:22 (use port 22, ONLY change loopback address) - nginx = { - enable = true; - # in wake of CVE-2022-3602/CVE-2022-3786 - package = pkgs.nginxStable.override {openssl = pkgs.libressl;}; - - recommendedGzipSettings = true; - recommendedZstdSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - - # streamConfig = '' - # server { - # listen 127.0.0.1:53 udp reuseport; - # proxy_timeout 20s; - # proxy_pass 192.168.0.1:53535; - # } - # ''; - - virtualHosts = let - localhost = "http://127.0.0.1"; - std = { - # TODO: should I run over QUIC+HTTP3? (experimental) - # quic = true; - # http3 = true; - enableACME = true; - # kTLS = true; # offload TLS to the linux kernel - }; - in { - "imbored.dev" = - { - default = true; - addSSL = true; # not strictly enforced <3 - root = "/var/www/imbored"; - # extraConfig = '' - # error_page 404 /custom_404.html; - # ''; - } - // std; - # Route "vault" subdomain to vaultwarden - "vault.imbored.dev" = - { - forceSSL = true; - locations."/".proxyPass = "${localhost}:8222"; - } - // std; - # Route "forge" subdomain to forgejo - # TODO: use `forgejo.settings.server.ENABLE_ACME` instead? - "forge.imbored.dev" = - { - forceSSL = true; - extraConfig = '' - client_max_body_size 512M; - ''; - locations."/".proxyPass = "${localhost}:3000"; - } - // std; - }; - }; - openssh = { enable = true; ports = [22]; @@ -241,234 +153,6 @@ in { X11Forwarding = false; }; }; - - vaultwarden = { - enable = true; - dbBackend = "sqlite"; - - # backupDir = "/var/backup/vaultwarden"; # disable with null - - # https://mynixos.com/nixpkgs/option/services.vaultwarden.config - config = { - # internal address and port to listen on - ROCKET_ADDRESS = "127.0.0.1"; - ROCKET_PORT = 8222; - - # hostname to listen for - DOMAIN = "https://vault.imbored.dev"; - - # signup policy - SIGNUPS_ALLOWED = false; - SIGNUPS_VERIFY = true; - INVITATIONS_ALLOWED = true; - }; - # https://mynixos.com/nixpkgs/option/services.vaultwarden.environmentFile - environmentFile = "/var/lib/vaultwarden/vaultwarden.env"; - }; - - # stalwart-mail = let - # domain = "imbored.dev"; - # in { - # enable = false; # true; - # # openFirewall = true; # im doing this manually rn - # settings = { - # certificate."${domain}" = { - # cert = "file://${certs.${domain}.cert}"; - # private-key = "file://${certs.${domain}.key}"; - # }; - # server = { - # hostname = domain; - # tls = { - # certificate = "${domain}"; - # enable = true; - # implicit = false; - # }; - # listener = { - # "smtp-submission" = { - # bind = ["127.0.0.1:587"]; - # protocol = "smtp"; - # }; - # "imap" = { - # bind = ["127.0.0.1:143"]; - # protocol = "imap"; - # }; - # }; - # }; - # session = { - # rcpt.directory = "in-memory"; - # auth = { - # mechanisms = ["PLAIN"]; - # directory = "in-memory"; - # }; - # }; - # jmap.directory = "in-memory"; - # queue.outbound.next-hop = ["local"]; - # directory."in-memory" = { - # type = "memory"; - # users = [ - # { - # name = "me"; - # secret = "foobar"; - # email = ["me@${domain}"]; - # } - # { - # name = "Emile"; - # secret = "foobar"; - # email = ["emile@${domain}"]; - # } - # ]; - # }; - # }; - # }; - - # more options here: https://mynixos.com/nixpkgs/options/services.forgejo - # TODO: set a favicon https://forgejo.org/docs/next/contributor/customization/#changing-the-logo - # (might need me to override settings in the nixpkg) - # TODO: create a custom theme for forgejo (modify the source files most likely) - forgejo = { - enable = true; - # enable support for Git Large File Storage - lfs.enable = true; - database = { - type = "sqlite3"; # postgres - host = "127.0.0.1"; - port = "3306"; # 5432 if postgres - }; - # settings are written directly to the `app.ini` config file - # refer to: https://forgejo.org/docs/latest/admin/config-cheat-sheet/ - settings = { - server = { - # ENABLE_ACME = true; - # ACME_EMAIL = "eclarkboman@gmail.com"; # change this to "me@imbored.dev" - DOMAIN = "forge.imbored.dev"; # should this be "imbored.dev"? - ROOT_URL = "https://forge.imbored.dev"; # full public URL of the Forgejo server - # address and port to listen on - HTTP_ADDR = "127.0.0.1"; - HTTP_PORT = 3000; - PROTOCOL = "http"; # http internally, reverse proxy uses https externally - - START_SSH_SERVER = true; - DISABLE_SSH = false; - SSH_PORT = 2222; - }; - - DEFAULT = { - APP_NAME = "tearforge"; - APP_SLOGIN = "but cozy"; - APP_DISPLAY_NAME_FORMAT = "{APP_NAME} ::{APP_SLOGAN}::"; - }; - - repository = { - DEFAULT_PRIVATE = "private"; # last, private, public - # repo/org created on push to non-existent - ENABLE_PUSH_CREATE_USER = true; - ENABLE_PUSH_CREATE_ORG = false; - DEFAULT_PUSH_CREATE_PRIVATE = true; - MAX_CREATION_LIMIT = -1; - }; - - "repository.upload" = { - # max per-file size in MB - FILE_MAX_SIZE = 50; - # max number of files per upload - MAX_FILES = 5; - }; - - badges = let - # flat, flat-square, plastic, for-the-badge, social - style = "for-the-badge"; - in { - ENABLED = true; - GENERATOR_URL_TEMPLATE = "https://img.shields.io/badge/{{.label}}-{{.text}}-{{.color}}?style=${style}"; - }; - - ui = { - DEFAULT_THEME = "forgejo-dark"; - THEMES = "forgejo-auto,forgejo-light,forgejo-dark"; - }; - "ui.meta" = { - AUTHOR = "Emile Clark-Boman - emileclarkb"; - DESCRIPTION = "This is my personal self-hosted git forge, where I keep and maintain personal projects! PS do butterflies cry when they're sad?"; - KEYWORDS = "emile,clark,boman,clarkboman,emileclarkb,git,forge,forgejo,self-hosted,dobutterfliescry,butterfly,butterflies"; - }; - - markdown = { - ENABLE_HARD_LINE_BREAK_IN_COMMENTS = true; - ENABLE_MATH = true; - }; - - admin = { - DEFAULT_EMAIL_NOTIFICATIONS = "enabled"; - SEND_NOTIFICATION_EMAIL_ON_NEW_USER = true; - }; - - security = { - # Controls access to the installation page. - # When set to “true”, the installation page is not accessible. - #INSTALL_LOCK = false; - - PASSWORD_HASH_ALGO = "argon2"; # ARGON2 BEST ALGO FR!! (default: argon2$2$65536$8$50) - MIN_PASSWORD_LENGTH = 12; - PASSWORD_COMPLEXITY = "lower,upper,digit,spec"; - PASSWORD_CHECK_PWN = true; - }; - - service = { - DISABLE_REGISTRATION = true; # toggle for new users - #DEFAULT_USER_IS_RESTRICTED = true; - # Forbid login with third-party services (ie github) - ALLOW_ONLY_INTERNAL_REGISTRATION = true; - ENABLE_CAPTCHA = true; - REQUIRE_CAPTCHA_FOR_LOGIN = true; - REQUIRE_EXTERNAL_REGISTRATION_CAPTCHA = true; - LOGIN_REMEMBER_DAYS = 365; - ENABLE_NOTIFY_MAIL = true; - }; - "service.explore" = { - REQUIRE_SIGNIN_VIEW = false; - DISABLE_USERS_PAGE = false; - DISABLE_ORGANIZATIONS_PAGE = false; - DISABLE_CODE_PAGE = false; - }; - - cache = { - ADAPTER = "twoqueue"; - HOST = "{\"size\":100, \"recent_ratio\":0.25, \"ghost_ratio\":0.5}"; - ITEM_TTL = "16h"; - }; - - # TODO: fill this in once my mail server is configured - # email.incoming = { ... }; - - # optional - # TODO: fill this in once my mail server is configured - mailer = { - ENABLED = false; - SMTP_ADDR = "mail.imbored.dev"; - FROM = "noreply@imbored.dev"; - USER = "noreply@imbored.dev"; - }; - - log = { - MODE = "file"; - LEVEL = "Info"; # "Trace", "Debug", "Info", "Warn", "Error", "Critical" - ENABLE_SSH_LOG = true; - }; - - cron = { - ENABLED = true; - RUN_AT_START = false; - }; - - other = { - SHOW_FOOTER_VERSION = true; - SHOW_FOOTER_TEMPLATE_LOAD_TIME = true; - SHOW_FOOTER_POWERED_BY = true; - ENABLE_SITEMAP = true; - ENABLE_FEED = true; - }; - }; - }; }; security = { diff --git a/hosts/hyrule/services/forgejo.nix b/hosts/hyrule/services/forgejo.nix new file mode 100644 index 0000000..f228116 --- /dev/null +++ b/hosts/hyrule/services/forgejo.nix @@ -0,0 +1,150 @@ +{...}: { + # more options here: https://mynixos.com/nixpkgs/options/services.forgejo + # TODO: set a favicon https://forgejo.org/docs/next/contributor/customization/#changing-the-logo + # (might need me to override settings in the nixpkg) + # TODO: create a custom theme for forgejo (modify the source files most likely) + services.forgejo = { + enable = true; + # enable support for Git Large File Storage + lfs.enable = true; + database = { + type = "sqlite3"; # postgres + host = "127.0.0.1"; + port = "3306"; # 5432 if postgres + }; + # settings are written directly to the `app.ini` config file + # refer to: https://forgejo.org/docs/latest/admin/config-cheat-sheet/ + settings = { + server = { + # ENABLE_ACME = true; + # ACME_EMAIL = "eclarkboman@gmail.com"; # change this to "me@imbored.dev" + DOMAIN = "forge.imbored.dev"; # should this be "imbored.dev"? + ROOT_URL = "https://forge.imbored.dev"; # full public URL of the Forgejo server + # address and port to listen on + HTTP_ADDR = "127.0.0.1"; + HTTP_PORT = 3000; + PROTOCOL = "http"; # http internally, reverse proxy uses https externally + + START_SSH_SERVER = true; + DISABLE_SSH = false; + SSH_PORT = 2222; + }; + + DEFAULT = { + APP_NAME = "tearforge"; + APP_SLOGIN = "but cozy"; + APP_DISPLAY_NAME_FORMAT = "{APP_NAME} ::{APP_SLOGAN}::"; + }; + + repository = { + DEFAULT_PRIVATE = "private"; # last, private, public + # repo/org created on push to non-existent + ENABLE_PUSH_CREATE_USER = true; + ENABLE_PUSH_CREATE_ORG = false; + DEFAULT_PUSH_CREATE_PRIVATE = true; + MAX_CREATION_LIMIT = -1; + }; + + "repository.upload" = { + # max per-file size in MB + FILE_MAX_SIZE = 50; + # max number of files per upload + MAX_FILES = 5; + }; + + badges = let + # flat, flat-square, plastic, for-the-badge, social + style = "for-the-badge"; + in { + ENABLED = true; + GENERATOR_URL_TEMPLATE = "https://img.shields.io/badge/{{.label}}-{{.text}}-{{.color}}?style=${style}"; + }; + + ui = { + DEFAULT_THEME = "forgejo-dark"; + THEMES = "forgejo-auto,forgejo-light,forgejo-dark"; + }; + "ui.meta" = { + AUTHOR = "Emile Clark-Boman - emileclarkb"; + DESCRIPTION = "This is my personal self-hosted git forge, where I keep and maintain personal projects! PS do butterflies cry when they're sad?"; + KEYWORDS = "emile,clark,boman,clarkboman,emileclarkb,git,forge,forgejo,self-hosted,dobutterfliescry,butterfly,butterflies"; + }; + + markdown = { + ENABLE_HARD_LINE_BREAK_IN_COMMENTS = true; + ENABLE_MATH = true; + }; + + admin = { + DEFAULT_EMAIL_NOTIFICATIONS = "enabled"; + SEND_NOTIFICATION_EMAIL_ON_NEW_USER = true; + }; + + security = { + # Controls access to the installation page. + # When set to “true”, the installation page is not accessible. + #INSTALL_LOCK = false; + + PASSWORD_HASH_ALGO = "argon2"; # ARGON2 BEST ALGO FR!! (default: argon2$2$65536$8$50) + MIN_PASSWORD_LENGTH = 12; + PASSWORD_COMPLEXITY = "lower,upper,digit,spec"; + PASSWORD_CHECK_PWN = true; + }; + + service = { + DISABLE_REGISTRATION = true; # toggle for new users + #DEFAULT_USER_IS_RESTRICTED = true; + # Forbid login with third-party services (ie github) + ALLOW_ONLY_INTERNAL_REGISTRATION = true; + ENABLE_CAPTCHA = true; + REQUIRE_CAPTCHA_FOR_LOGIN = true; + REQUIRE_EXTERNAL_REGISTRATION_CAPTCHA = true; + LOGIN_REMEMBER_DAYS = 365; + ENABLE_NOTIFY_MAIL = true; + }; + "service.explore" = { + REQUIRE_SIGNIN_VIEW = false; + DISABLE_USERS_PAGE = false; + DISABLE_ORGANIZATIONS_PAGE = false; + DISABLE_CODE_PAGE = false; + }; + + cache = { + ADAPTER = "twoqueue"; + HOST = "{\"size\":100, \"recent_ratio\":0.25, \"ghost_ratio\":0.5}"; + ITEM_TTL = "16h"; + }; + + # TODO: fill this in once my mail server is configured + # email.incoming = { ... }; + + # optional + # TODO: fill this in once my mail server is configured + mailer = { + ENABLED = false; + SMTP_ADDR = "mail.dobutterfliescry.net"; + FROM = "iforgor@dobutterfliescry.net"; + USER = "iforgor@dobutterfliescry.net"; + }; + + log = { + MODE = "file"; + LEVEL = "Info"; # "Trace", "Debug", "Info", "Warn", "Error", "Critical" + ENABLE_SSH_LOG = true; + }; + + cron = { + ENABLED = true; + RUN_AT_START = false; + }; + + other = { + SHOW_FOOTER_VERSION = true; + SHOW_FOOTER_TEMPLATE_LOAD_TIME = true; + SHOW_FOOTER_POWERED_BY = true; + ENABLE_SITEMAP = true; + ENABLE_FEED = true; + }; + }; + }; +} diff --git a/hosts/hyrule/services/nginx.nix b/hosts/hyrule/services/nginx.nix new file mode 100644 index 0000000..d719841 --- /dev/null +++ b/hosts/hyrule/services/nginx.nix @@ -0,0 +1,99 @@ +{pkgs, ...}: { + nixpkgs.overlays = [ + (self: super: { + # in wake of CVE-2022-3602/CVE-2022-3786 + nginxStable = super.nginxStable.override {openssl = pkgs.libressl;}; + }) + ]; + + # simple nginx instance to host static construction page + # TODO: I want sshd and forgejo's ssh server to both be bound to port 22 + # So change sshd to listen on a different address/port (ie 2222 or 127.0.0.3:22, etc) + # and change forgejo to use 127.0.0.2:22 (use port 22, ONLY change loopback address) + services.nginx = { + enable = true; + # XXX: TODO: this should auto use the nginxStable overlay no? + # in wake of CVE-2022-3602/CVE-2022-3786 + # package = pkgs.nginxStable.override {openssl = pkgs.libressl;}; + + recommendedGzipSettings = true; + recommendedZstdSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + + # streamConfig = '' + # server { + # listen 127.0.0.1:53 udp reuseport; + # proxy_timeout 20s; + # proxy_pass 192.168.0.1:53535; + # } + # ''; + + virtualHosts = let + localhost = "http://127.0.0.1"; + std = { + # TODO: should I run over QUIC+HTTP3? (experimental) + # quic = true; + # http3 = true; + enableACME = true; + # kTLS = true; # offload TLS to the linux kernel + }; + website = + { + default = true; + addSSL = true; # not strictly enforced <3 + root = "/var/www/imbored"; + # extraConfig = '' + # error_page 404 /custom_404.html; + # ''; + } + // std; + + vault = + { + forceSSL = true; + locations."/".proxyPass = "${localhost}:8222"; + } + // std; + forge = + { + forceSSL = true; + extraConfig = '' + client_max_body_size 512M; + ''; + locations."/".proxyPass = "${localhost}:3000"; + } + // std; + in { + # XXX: TODO: imbored.dev and dobutterfliescry.net can't + # XXX: TODO: be active at the same time??? why?? + # "imbored.dev" = + # { + # default = true; + # addSSL = true; # not strictly enforced <3 + # root = "/var/www/imbored"; + # # extraConfig = '' + # # error_page 404 /custom_404.html; + # # ''; + # } + # // std; + "dobutterfliescry.net" = + { + default = true; + addSSL = true; # not strictly enforced <3 + root = "/var/www/cry"; + # extraConfig = '' + # error_page 404 /custom_404.html; + # ''; + } + // std; + # Route "vault" subdomain to vaultwarden + "vault.imbored.dev" = vault; + # Route "forge" subdomain to forgejo + # TODO: use `forgejo.settings.server.ENABLE_ACME` instead? + "forge.imbored.dev" = forge; + # "forge.dobutterfliescry.net" = forge; + }; + }; +} diff --git a/hosts/hyrule/services/vaultwarden.nix b/hosts/hyrule/services/vaultwarden.nix new file mode 100644 index 0000000..6cde9ab --- /dev/null +++ b/hosts/hyrule/services/vaultwarden.nix @@ -0,0 +1,25 @@ +{...}: { + services.vaultwarden = { + enable = true; + dbBackend = "sqlite"; + + # backupDir = "/var/backup/vaultwarden"; # disable with null + + # https://mynixos.com/nixpkgs/option/services.vaultwarden.config + config = { + # internal address and port to listen on + ROCKET_ADDRESS = "127.0.0.1"; + ROCKET_PORT = 8222; + + # hostname to listen for + DOMAIN = "https://vault.imbored.dev"; + + # signup policy + SIGNUPS_ALLOWED = false; + SIGNUPS_VERIFY = true; + INVITATIONS_ALLOWED = true; + }; + # https://mynixos.com/nixpkgs/option/services.vaultwarden.environmentFile + environmentFile = "/var/lib/vaultwarden/vaultwarden.env"; + }; +} From 964b3b596fc84b6b8f91df5601387d74d206f949 Mon Sep 17 00:00:00 2001 From: Emile Clark-Boman Date: Sat, 31 Jan 2026 09:42:35 +1000 Subject: [PATCH 08/19] ensure flake inputs follow --- flake.nix | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/flake.nix b/flake.nix index e339ce6..91f5a24 100644 --- a/flake.nix +++ b/flake.nix @@ -2,10 +2,19 @@ description = "Emile's Nix Dotfiles"; inputs = { + systems = "github:nix-systems/default"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; - colmena.url = "github:zhaofengli/colmena/?rev=47b6414d800c8471e98ca072bc0835345741a56a"; + colmena = { + url = "github:zhaofengli/colmena/?rev=47b6414d800c8471e98ca072bc0835345741a56a"; + inputs = { + nixpkgs.follows = "nixpkgs-unstable"; + stable.follows = "nixpkgs"; + flake-utils.inputs.systems.follows = "systems"; + }; + }; grub2-themes.url = "github:vinceliuice/grub2-themes"; }; @@ -30,12 +39,15 @@ pkgs-unstable = import nixpkgs-unstable { inherit system; config = { - allowUnfree = true; # TODO: bandaid solution... (for minecraft-server) + # allowUnfree = true; # TODO: bandaid solution... (for minecraft-server) + allowUnfree = false; }; }; # TODO: come back to this its really cool # this is just something I'm experimenting with - # PROJECT_ROOT = builtins.toString ./.; + # ROOT = ./.; + + specialArgs = {inherit inputs pkgs-unstable;}; in { devShells."x86_64-linux".default = pkgs.mkShell { shell = "${pkgs.bash}/bin/bash"; @@ -50,7 +62,7 @@ # i be on my puter fr myputer = nixpkgs.lib.nixosSystem { # nix passes these to every single module - specialArgs = {inherit inputs pkgs-unstable;}; + inherit specialArgs; modules = [ ./hosts/myputer @@ -60,7 +72,7 @@ # my laptop 0w0 lolcathost = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs-unstable;}; + inherit specialArgs; modules = [ ./hosts/lolcathost @@ -73,7 +85,7 @@ colmenaHive = colmena.lib.makeHive { meta = { nixpkgs = pkgs; - specialArgs = {inherit pkgs-unstable;}; + inherit specialArgs; # set nixpkgs per server nodeNixpkgs = { From 7e4959352a3ba725c5482e6434dcf987ac4ad292 Mon Sep 17 00:00:00 2001 From: Emile Clark-Boman Date: Sat, 31 Jan 2026 09:42:44 +1000 Subject: [PATCH 09/19] add dobutterfliescry.net input --- flake.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/flake.nix b/flake.nix index 91f5a24..9667548 100644 --- a/flake.nix +++ b/flake.nix @@ -17,6 +17,15 @@ }; grub2-themes.url = "github:vinceliuice/grub2-themes"; + + dobutterfliescry-net = { + url = "https://forge.imbored.dev/emileclarkb/dobutterfliescry.net"; + inputs = { + nixpkgs.follows = "nixpkgs"; + nixpkgs-unstable.follows = "nixpkgs-unstable"; + systems.follows = "systems"; + }; + }; }; outputs = { From 0eec0a9adeb20c14b56e4f229c138594c9a0d36d Mon Sep 17 00:00:00 2001 From: Emile Clark-Boman Date: Sat, 31 Jan 2026 09:57:24 +1000 Subject: [PATCH 10/19] fix bad inputs --- flake.lock | 112 ++++++++++++++++++++++++++++++++++------------------- flake.nix | 4 +- 2 files changed, 74 insertions(+), 42 deletions(-) diff --git a/flake.lock b/flake.lock index e1ab303..8d37b6f 100644 --- a/flake.lock +++ b/flake.lock @@ -5,8 +5,12 @@ "flake-compat": "flake-compat", "flake-utils": "flake-utils", "nix-github-actions": "nix-github-actions", - "nixpkgs": "nixpkgs", - "stable": "stable" + "nixpkgs": [ + "nixpkgs-unstable" + ], + "stable": [ + "nixpkgs" + ] }, "locked": { "lastModified": 1734374287, @@ -23,6 +27,32 @@ "type": "github" } }, + "dobutterfliescry-net": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ], + "nixpkgs-unstable": [ + "nixpkgs-unstable" + ], + "systems": [ + "systems" + ] + }, + "locked": { + "lastModified": 1769815774, + "narHash": "sha256-77XLfci6EK+zenuJkHuyt8gh0MI2mlJYEPVRPu0Ufcc=", + "ref": "refs/heads/main", + "rev": "c4049313d442538a60edca4aba5e71b963d2bc40", + "revCount": 55, + "type": "git", + "url": "https://forge.imbored.dev/emileclarkb/dobutterfliescry.net" + }, + "original": { + "type": "git", + "url": "https://forge.imbored.dev/emileclarkb/dobutterfliescry.net" + } + }, "flake-compat": { "flake": false, "locked": { @@ -40,23 +70,25 @@ } }, "flake-utils": { + "inputs": { + "systems": "systems" + }, "locked": { - "lastModified": 1659877975, - "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "owner": "numtide", "repo": "flake-utils", - "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" + "id": "flake-utils", + "type": "indirect" } }, "grub2-themes": { "inputs": { - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs" }, "locked": { "lastModified": 1757136219, @@ -95,16 +127,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1734119587, - "narHash": "sha256-AKU6qqskl0yf2+JdRdD0cfxX4b9x3KKV5RqA6wijmPM=", + "lastModified": 1761269590, + "narHash": "sha256-yTr+PCi4wGbOEidrm8XyXBobLxLMqIBsbUyhwsN6wrc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3566ab7246670a43abd2ffa913cc62dad9cdf7d5", + "rev": "d792a6e0cd4ba35c90ea787b717d72410f56dc40", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-unstable", + "ref": "master", "repo": "nixpkgs", "type": "github" } @@ -126,22 +158,6 @@ } }, "nixpkgs_2": { - "locked": { - "lastModified": 1761269590, - "narHash": "sha256-yTr+PCi4wGbOEidrm8XyXBobLxLMqIBsbUyhwsN6wrc=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "d792a6e0cd4ba35c90ea787b717d72410f56dc40", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "master", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { "locked": { "lastModified": 1761016216, "narHash": "sha256-G/iC4t/9j/52i/nm+0/4ybBmAF4hzR8CNHC75qEhjHo=", @@ -160,24 +176,40 @@ "root": { "inputs": { "colmena": "colmena", + "dobutterfliescry-net": "dobutterfliescry-net", "grub2-themes": "grub2-themes", - "nixpkgs": "nixpkgs_3", - "nixpkgs-unstable": "nixpkgs-unstable" + "nixpkgs": "nixpkgs_2", + "nixpkgs-unstable": "nixpkgs-unstable", + "systems": "systems_2" } }, - "stable": { + "systems": { "locked": { - "lastModified": 1730883749, - "narHash": "sha256-mwrFF0vElHJP8X3pFCByJR365Q2463ATp2qGIrDUdlE=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "dba414932936fde69f0606b4f1d87c5bc0003ede", + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", "type": "github" }, "original": { - "owner": "NixOS", - "ref": "nixos-24.05", - "repo": "nixpkgs", + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", "type": "github" } } diff --git a/flake.nix b/flake.nix index 9667548..85de2d0 100644 --- a/flake.nix +++ b/flake.nix @@ -2,7 +2,7 @@ description = "Emile's Nix Dotfiles"; inputs = { - systems = "github:nix-systems/default"; + systems.url = "github:nix-systems/default"; nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; @@ -19,7 +19,7 @@ grub2-themes.url = "github:vinceliuice/grub2-themes"; dobutterfliescry-net = { - url = "https://forge.imbored.dev/emileclarkb/dobutterfliescry.net"; + url = "git+https://forge.imbored.dev/emileclarkb/dobutterfliescry.net"; inputs = { nixpkgs.follows = "nixpkgs"; nixpkgs-unstable.follows = "nixpkgs-unstable"; From e14ebf98ca0b6adb5abdcf87a4caaf7acb07227a Mon Sep 17 00:00:00 2001 From: Emile Clark-Boman Date: Sat, 31 Jan 2026 10:14:46 +1000 Subject: [PATCH 11/19] add --show-flags and EXTRA_FLAGS to ./deploy --- deploy | 24 +++++++++++++++++++----- 1 file changed, 19 insertions(+), 5 deletions(-) diff --git a/deploy b/deploy index 08b95d0..fcd6f85 100755 --- a/deploy +++ b/deploy @@ -9,6 +9,7 @@ Options: -f, --fresh Remove old content in the nixstore (good for debugging) -b, --bootloader Reinstall the bootloader -r, --remote Locally build and remotely deploy Colmena hive + --show-trace Show nix stack trace on error -h, --help Show this message (^_^)" # delete all cached entries @@ -31,7 +32,7 @@ rebuild_flake () { # LOG="$(mktemp /tmp/rebuild-XXXXXXXX)" LOG="./rebuild.log" echo "[*] Logging to $LOG" - sudo nixos-rebuild switch --flake . $FLAGS 2>&1 | tee "$LOG" + sudo nixos-rebuild switch --flake . $FLAGS $EXTRA_FLAGS 2>&1 | tee "$LOG" #nixos-rebuild build --flake .# --cores 8 -j 1 } @@ -42,19 +43,22 @@ deploy_hive () { git add . --verbose # Deploy to all Colmena hives - colmena build --experimental-flake-eval - colmena apply --experimental-flake-eval + colmena build --experimental-flake-eval $EXTRA_FLAGS + colmena apply --experimental-flake-eval $EXTRA_FLAGS # colmena apply --on hyrule --experimental-flake-eval } # check which flags were given flag_fresh=false flag_bootloader=false +flag_remote=false +flag_trace=false for flag in "$@"; do case "$flag" in -r|--remote) - deploy_hive - exit 0 ;; + flag_remote=true ;; + --show-trace) + flag_trace=true ;; -f|--fresh) flag_fresh=true ;; -b|--bootloader) @@ -68,6 +72,16 @@ for flag in "$@"; do esac done +EXTRA_FLAGS="" +if [ "$flag_trace" = true ]; then + EXTRA_FLAGS="$EXTRA_FLAGS --show-trace" +fi + +if [ "$flag_remote" = true ]; then + deploy_hive + exit 0 +fi + # delete cached items in nixstore if [ "$flag_fresh" = true ]; then collect_garbage From 47bc060da7def6aa54faa5e7cb37fda5306c5139 Mon Sep 17 00:00:00 2001 From: Emile Clark-Boman Date: Sat, 31 Jan 2026 10:26:17 +1000 Subject: [PATCH 12/19] fix nginx bad root --- flake.lock | 8 ++++---- hosts/hyrule/services/nginx.nix | 10 ++++++++-- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 8d37b6f..bfa8133 100644 --- a/flake.lock +++ b/flake.lock @@ -40,11 +40,11 @@ ] }, "locked": { - "lastModified": 1769815774, - "narHash": "sha256-77XLfci6EK+zenuJkHuyt8gh0MI2mlJYEPVRPu0Ufcc=", + "lastModified": 1769819040, + "narHash": "sha256-sFtlxsSXGH3BFkM7REuwntmKQ9f1SeDQIqEK8jTdz34=", "ref": "refs/heads/main", - "rev": "c4049313d442538a60edca4aba5e71b963d2bc40", - "revCount": 55, + "rev": "e001182489cea3e4cb2a461eb83a7c163f38b7e7", + "revCount": 56, "type": "git", "url": "https://forge.imbored.dev/emileclarkb/dobutterfliescry.net" }, diff --git a/hosts/hyrule/services/nginx.nix b/hosts/hyrule/services/nginx.nix index d719841..a923245 100644 --- a/hosts/hyrule/services/nginx.nix +++ b/hosts/hyrule/services/nginx.nix @@ -1,9 +1,14 @@ -{pkgs, ...}: { +{ + inputs, + pkgs, + ... +}: { nixpkgs.overlays = [ (self: super: { # in wake of CVE-2022-3602/CVE-2022-3786 nginxStable = super.nginxStable.override {openssl = pkgs.libressl;}; }) + inputs.dobutterfliescry-net.overlays.default ]; # simple nginx instance to host static construction page @@ -82,7 +87,8 @@ { default = true; addSSL = true; # not strictly enforced <3 - root = "/var/www/cry"; + # root = "/var/www/cry"; + root = "${pkgs.dobutterfliescry-net}/www"; # extraConfig = '' # error_page 404 /custom_404.html; # ''; From de526f42a0a1619ad6ea0a6f735d8869990111a1 Mon Sep 17 00:00:00 2001 From: Emile Clark-Boman Date: Sat, 31 Jan 2026 10:57:49 +1000 Subject: [PATCH 13/19] progress input dobutterfliescry-net --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index bfa8133..6c38971 100644 --- a/flake.lock +++ b/flake.lock @@ -40,11 +40,11 @@ ] }, "locked": { - "lastModified": 1769819040, - "narHash": "sha256-sFtlxsSXGH3BFkM7REuwntmKQ9f1SeDQIqEK8jTdz34=", + "lastModified": 1769819491, + "narHash": "sha256-hMr47pVjBGd9Jk0zlKL66GWBlS6E50Mp4sW0OBvneSk=", "ref": "refs/heads/main", - "rev": "e001182489cea3e4cb2a461eb83a7c163f38b7e7", - "revCount": 56, + "rev": "c0f53e00c1888ff9bd92055f0bdc3fe9f218d387", + "revCount": 57, "type": "git", "url": "https://forge.imbored.dev/emileclarkb/dobutterfliescry.net" }, From f1224c8cf80edc2d1e63cdd8e81b00329ab94cf4 Mon Sep 17 00:00:00 2001 From: Emile Clark-Boman Date: Sat, 31 Jan 2026 10:57:59 +1000 Subject: [PATCH 14/19] add helix js/ts lsp --- homes/modules/editor/helix.nix | 84 +++++++++++++++++++--------------- 1 file changed, 48 insertions(+), 36 deletions(-) diff --git a/homes/modules/editor/helix.nix b/homes/modules/editor/helix.nix index 3d831c1..80ea265 100755 --- a/homes/modules/editor/helix.nix +++ b/homes/modules/editor/helix.nix @@ -4,50 +4,48 @@ ... }: let lsps = { - bash-language-server = - { - pkg = pkgs.bash-language-server; - cmd = "bash-language-server"; - }; + bash-language-server = { + pkg = pkgs.bash-language-server; + cmd = "bash-language-server"; + }; - clangd = - { - pkg = pkgs.clang-tools; - cmd = "clangd"; - }; + clangd = { + pkg = pkgs.clang-tools; + cmd = "clangd"; + }; - haskell-language-server = - { - pkg = pkgs.haskell-language-server; - cmd = "haskell-language-server-wrapper"; - }; + haskell-language-server = { + pkg = pkgs.haskell-language-server; + cmd = "haskell-language-server-wrapper"; + }; # TODO: once upgraded past Nix-24.07 this line won't be necessary (I think) # helix will support nixd by default # SOURCE: https://github.com/nix-community/nixd/blob/main/nixd/docs/editor-setup.md#Helix - nixd = - { - pkg = pkgs.nixd; - cmd = "nixd"; - }; + nixd = { + pkg = pkgs.nixd; + cmd = "nixd"; + }; - OmniSharp = - { - pkg = pkgs.omnisharp-roslyn; - cmd = "OmniSharp"; - }; + OmniSharp = { + pkg = pkgs.omnisharp-roslyn; + cmd = "OmniSharp"; + }; - rust-analyzer = - { - pkg = pkgs.rust-analyzer; - cmd = "rust-analyzer"; - }; + rust-analyzer = { + pkg = pkgs.rust-analyzer; + cmd = "rust-analyzer"; + }; - ty = - { - pkg = pkgs-unstable.ty; - cmd = "ty"; - }; + ty = { + pkg = pkgs-unstable.ty; + cmd = "ty"; + }; + + typescript-language-server = { + pkg = pkgs.typescript-language-server; + cmd = "typescript-language-server"; + }; }; in { home.packages = @@ -224,11 +222,25 @@ in { # formatter.command = "${pkgs.omnisharp-roslyn}/bin/OmniSharp"; # language-servers = ["OmniSharp"]; } + { + name = "javascript"; + file-types = ["js"]; + indent = { + tab-width = 2; + unit = " "; + }; + block-comment-tokens = { + start = "/*"; + end = "*/"; + }; + auto-format = true; + language-servers = ["typescript-language-server"]; + } ]; language-server = lsps - |> builtins.mapAttrs (_: lsp: { command = "${lsp.pkg}/bin/${lsp.cmd}"; }); + |> builtins.mapAttrs (_: lsp: {command = "${lsp.pkg}/bin/${lsp.cmd}";}); }; }; } From e628d59c72d74cfa5caf369bc18912f96fb9d814 Mon Sep 17 00:00:00 2001 From: Emile Clark-Boman Date: Sat, 31 Jan 2026 11:07:09 +1000 Subject: [PATCH 15/19] add helix glsl lsp --- homes/modules/editor/helix.nix | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/homes/modules/editor/helix.nix b/homes/modules/editor/helix.nix index 80ea265..1014cca 100755 --- a/homes/modules/editor/helix.nix +++ b/homes/modules/editor/helix.nix @@ -14,6 +14,11 @@ cmd = "clangd"; }; + glsl_analyzer = { + pkg = pkgs.glsl_analyzer; + cmd = "glsl_analyzer"; + }; + haskell-language-server = { pkg = pkgs.haskell-language-server; cmd = "haskell-language-server-wrapper"; @@ -218,7 +223,7 @@ in { start = "/*"; end = "*/"; }; - # auto-format = false; + # auto-format = true; # formatter.command = "${pkgs.omnisharp-roslyn}/bin/OmniSharp"; # language-servers = ["OmniSharp"]; } @@ -236,6 +241,20 @@ in { auto-format = true; language-servers = ["typescript-language-server"]; } + { + name = "glsl"; + file-types = ["glsl"]; + indent = { + tab-width = 2; + unit = " "; + }; + block-comment-tokens = { + start = "/*"; + end = "*/"; + }; + auto-format = false; + language-servers = ["glsl_analyzer"]; + } ]; language-server = From 42d2e37aedf9763568e8b55831d016327e4f1737 Mon Sep 17 00:00:00 2001 From: Emile Clark-Boman Date: Tue, 3 Feb 2026 12:24:40 +1000 Subject: [PATCH 16/19] add clocktown host --- flake.lock | 8 ++++---- homes/me/default.nix | 6 ++++++ 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 6c38971..b10fff6 100644 --- a/flake.lock +++ b/flake.lock @@ -40,11 +40,11 @@ ] }, "locked": { - "lastModified": 1769819491, - "narHash": "sha256-hMr47pVjBGd9Jk0zlKL66GWBlS6E50Mp4sW0OBvneSk=", + "lastModified": 1769832488, + "narHash": "sha256-mYNFYj3Ed7l6MbuFIMd9ahlyNuav5X8q9siKwVkPxUQ=", "ref": "refs/heads/main", - "rev": "c0f53e00c1888ff9bd92055f0bdc3fe9f218d387", - "revCount": 57, + "rev": "efdedb23b8becfdaf7b43b431007fc369bae318d", + "revCount": 77, "type": "git", "url": "https://forge.imbored.dev/emileclarkb/dobutterfliescry.net" }, diff --git a/homes/me/default.nix b/homes/me/default.nix index a6e5745..2c4e918 100755 --- a/homes/me/default.nix +++ b/homes/me/default.nix @@ -130,6 +130,12 @@ TERM = "linux"; }; }; + clocktown = { + hostname = "clocktown.dobutterfliescry.net"; + user = "root"; + port = 22; + identityFile = "~/.ssh/id_clocktown"; + }; subspace = { hostname = "imbored.dev"; user = "subspace"; From d64357365928ba1d1ecae49ae4501b2716820b26 Mon Sep 17 00:00:00 2001 From: Emile Clark-Boman Date: Tue, 3 Feb 2026 12:24:59 +1000 Subject: [PATCH 17/19] add wl-screenrec, video-trimmer, cmake --- hosts/lolcathost/default.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/hosts/lolcathost/default.nix b/hosts/lolcathost/default.nix index 4119d78..997eb05 100755 --- a/hosts/lolcathost/default.nix +++ b/hosts/lolcathost/default.nix @@ -263,8 +263,10 @@ in { wl-clipboard # clipboard for wayland hyprpicker # color picker hyprshot # screenshot utility + wl-screenrec # screen recording utility qbittorrent # torrenting signal-desktop + video-trimmer (callPackage ../sddm-theme-corners.nix {}).sddm-theme-corners # dependencies for my sddm theme: @@ -280,8 +282,6 @@ in { # Systems Emulation qemu # Fellice Bellard's Quick Emulator - # GNU Utils - gnumake # Binaries binutils strace @@ -297,6 +297,8 @@ in { gcc clang clang-tools + gnumake + cmake # Rust cargo From 502e4a82c0caeef4223fd5b14ea0f6412ea25d4a Mon Sep 17 00:00:00 2001 From: Emile Clark-Boman Date: Tue, 3 Feb 2026 12:25:10 +1000 Subject: [PATCH 18/19] migrate to dobutterfliescry.net --- hosts/hyrule/services/nginx.nix | 25 +------------------------ 1 file changed, 1 insertion(+), 24 deletions(-) diff --git a/hosts/hyrule/services/nginx.nix b/hosts/hyrule/services/nginx.nix index a923245..945724e 100644 --- a/hosts/hyrule/services/nginx.nix +++ b/hosts/hyrule/services/nginx.nix @@ -44,16 +44,6 @@ enableACME = true; # kTLS = true; # offload TLS to the linux kernel }; - website = - { - default = true; - addSSL = true; # not strictly enforced <3 - root = "/var/www/imbored"; - # extraConfig = '' - # error_page 404 /custom_404.html; - # ''; - } - // std; vault = { @@ -71,18 +61,6 @@ } // std; in { - # XXX: TODO: imbored.dev and dobutterfliescry.net can't - # XXX: TODO: be active at the same time??? why?? - # "imbored.dev" = - # { - # default = true; - # addSSL = true; # not strictly enforced <3 - # root = "/var/www/imbored"; - # # extraConfig = '' - # # error_page 404 /custom_404.html; - # # ''; - # } - # // std; "dobutterfliescry.net" = { default = true; @@ -98,8 +76,7 @@ "vault.imbored.dev" = vault; # Route "forge" subdomain to forgejo # TODO: use `forgejo.settings.server.ENABLE_ACME` instead? - "forge.imbored.dev" = forge; - # "forge.dobutterfliescry.net" = forge; + "forge.dobutterfliescry.net" = forge; }; }; } From e7fdc3af6b9eb9c4dfe158c547c5b3764c2f1258 Mon Sep 17 00:00:00 2001 From: Emile Clark-Boman Date: Tue, 3 Feb 2026 22:27:23 +1000 Subject: [PATCH 19/19] update dobutterfliescry-net upstream --- flake.lock | 12 ++++++------ flake.nix | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/flake.lock b/flake.lock index b10fff6..3cf7a06 100644 --- a/flake.lock +++ b/flake.lock @@ -40,17 +40,17 @@ ] }, "locked": { - "lastModified": 1769832488, - "narHash": "sha256-mYNFYj3Ed7l6MbuFIMd9ahlyNuav5X8q9siKwVkPxUQ=", + "lastModified": 1770121583, + "narHash": "sha256-BI9UgaWtIHqyV8L4Vfh5Vrakax65QOG6m0a28L05YzM=", "ref": "refs/heads/main", - "rev": "efdedb23b8becfdaf7b43b431007fc369bae318d", - "revCount": 77, + "rev": "d511138e76f03990da593d1d0129f58c1ec3f570", + "revCount": 100, "type": "git", - "url": "https://forge.imbored.dev/emileclarkb/dobutterfliescry.net" + "url": "https://forge.dobutterfliescry.net/cry/site" }, "original": { "type": "git", - "url": "https://forge.imbored.dev/emileclarkb/dobutterfliescry.net" + "url": "https://forge.dobutterfliescry.net/cry/site" } }, "flake-compat": { diff --git a/flake.nix b/flake.nix index 85de2d0..b6d5a67 100644 --- a/flake.nix +++ b/flake.nix @@ -19,7 +19,7 @@ grub2-themes.url = "github:vinceliuice/grub2-themes"; dobutterfliescry-net = { - url = "git+https://forge.imbored.dev/emileclarkb/dobutterfliescry.net"; + url = "git+https://forge.dobutterfliescry.net/cry/site"; inputs = { nixpkgs.follows = "nixpkgs"; nixpkgs-unstable.follows = "nixpkgs-unstable";