From b2f9db3148b3efc5c4f0119c5824f325fc10540c Mon Sep 17 00:00:00 2001 From: Emile Clark-Boman Date: Thu, 12 Feb 2026 13:25:40 +1000 Subject: [PATCH] idk a bunch of things got the merge working --- groups/all/default.nix | 5 ++ groups/cryde/default.nix | 8 +-- groups/cryde/programs.nix | 6 +- groups/server/default.nix | 26 +++++--- hosts/butterfly/default.nix | 16 ++--- hosts/hyrule/default.nix | 54 ++-------------- hosts/hyrule/services/default.nix | 7 --- hosts/hyrule/services/nginx.nix | 83 ------------------------- hosts/modules/colmena.nix | 20 ------ hosts/modules/steam.nix | 1 - hosts/myputer/default.nix | 25 +------- overlays/default.nix | 4 ++ packages/sddm-theme-corners/default.nix | 31 ++++----- 13 files changed, 65 insertions(+), 221 deletions(-) create mode 100644 groups/all/default.nix delete mode 100644 hosts/hyrule/services/default.nix delete mode 100644 hosts/hyrule/services/nginx.nix delete mode 100644 hosts/modules/colmena.nix diff --git a/groups/all/default.nix b/groups/all/default.nix new file mode 100644 index 0000000..225997d --- /dev/null +++ b/groups/all/default.nix @@ -0,0 +1,5 @@ +{lib, ...}: { + # NOTE: mkDefault is 1000 and mkForce is 50 + # NOTE: so this is like a second mkDefault + security.sudo.wheelNeedsPassword = lib.mkOverride 900 true; +} diff --git a/groups/cryde/default.nix b/groups/cryde/default.nix index daadfc0..3a75daa 100644 --- a/groups/cryde/default.nix +++ b/groups/cryde/default.nix @@ -12,7 +12,7 @@ ../../hosts/modules/steam.nix ../../hosts/modules/obsidian.nix - inputs.nix-flatpak.nixosModules.nix-flatpak + # inputs.nix-flatpak.nixosModules.nix-flatpak ]; boot.loader.grub2-theme = { @@ -110,10 +110,10 @@ NIXOS_OZONE_WL = "1"; }; systemPackages = with pkgs; [ - (callPackage ../sddm-theme-corners.nix {}).sddm-theme-corners + sddm-theme-corners # dependencies for my sddm theme: # XXX: add these as a buildInput - pkgs.libsForQt5.qt5.qtgraphicaleffects + # pkgs.libsForQt5.qt5.qtgraphicaleffects ]; }; @@ -130,8 +130,6 @@ nitch starfetch - colmena-latest - gitkraken ]; }; diff --git a/groups/cryde/programs.nix b/groups/cryde/programs.nix index dbfe31e..8d8ba86 100644 --- a/groups/cryde/programs.nix +++ b/groups/cryde/programs.nix @@ -1,4 +1,8 @@ -{pkgs, ...}: { +{ + pkgs, + upkgs, + ... +}: { # ---- SYSTEM PACKAGES ----- environment.systemPackages = with pkgs; [ # User Environment diff --git a/groups/server/default.nix b/groups/server/default.nix index 4092412..e9ad3ac 100644 --- a/groups/server/default.nix +++ b/groups/server/default.nix @@ -1,8 +1,4 @@ -{ - lib, - sshPort ? 22, - ... -}: { +{lib, ...}: { networking = { networkmanager.enable = true; @@ -15,7 +11,7 @@ firewall = { enable = lib.mkDefault true; allowedTCPPorts = [ - sshPort + 22 ]; }; }; @@ -41,7 +37,7 @@ services = { openssh = { enable = true; - ports = [sshPort]; + ports = [22]; settings = { PasswordAuthentication = false; PermitRootLogin = "no"; @@ -51,4 +47,20 @@ }; }; }; + + users = { + users = { + # primary user + cry = { + isNormalUser = true; + home = "/home/cry"; + extraGroups = ["wheel"]; + openssh.authorizedKeys.keys = lib.mkOverride 900 [ + (throw '' + Hosts in the `server` group must set `users.users.cry.openssh.authorizedKeys.keys = [ ... ]`. + '') + ]; + }; + }; + }; } diff --git a/hosts/butterfly/default.nix b/hosts/butterfly/default.nix index cc00dd3..83ff46d 100755 --- a/hosts/butterfly/default.nix +++ b/hosts/butterfly/default.nix @@ -57,18 +57,10 @@ # }; }; - users = { - users = { - # primary user - cry = { - isNormalUser = true; - home = "/home/cry"; - extraGroups = ["wheel"]; - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCsUZY45rgezi+8iROdcR5vPeacJ2fbMjlDijfUrH9hRX2FzCsg/4e3aFKhi2seZMmyTfbstxmDrrH8paUS5TibFgLFBGNngaF3CTjg85i5pm25Hr4IVo31oziBnTWaG6j3buYKtz5e1qSPzXywinJR+5+FCUJU7Fxa+EWTZcOX4wYgArSj4q73rZmvk5N0X44Mudt4nvpD2chvxygsdTzD6ph92qCuaJ/AbfmOoC7b/xvOaOVydUfgDLpHi9VZbd3akvvKxRfW6ZklldgXEzPXKMuastN0mwcBxvIb5G1Vkj8jtSVtKPc5psZ9/NWA5l38xH4qZ6z7eib6thtEMdtcKmTZEEWDADjqTea5Gj61c1n18cr6f3Tff+0bn/cxsl4Y0esi+aDeuCXYiIYNmeKBx0ttDNIxpk4J5Fdh6Xs+AZif5lnJErtu8TPy2aC0bc9wehTjMyvilTHfyerOD1ZJXhN2XwRVDGN7t7leAJZISJlPjqTDcw3Vfvzte/5JqS+FR+hbpG4uz2ix8kUa20u5YF2oSdGl8+zsdozVsdQm10Iv9WSXBV7t4m+oyodgtfzydBpmXq7aBXudCiEKw+7TC7F+1a4YFrVrCNXKFgKUpd1MiVLl7DIbzm5U9MD2BB3Fy7BPCzr3tW6/ExOhhpBWY+HnzVGQfkNr7dRcqfipKw== ae@dobutterfliescry.net" - ]; - }; - }; + users.users.cry = { + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCsUZY45rgezi+8iROdcR5vPeacJ2fbMjlDijfUrH9hRX2FzCsg/4e3aFKhi2seZMmyTfbstxmDrrH8paUS5TibFgLFBGNngaF3CTjg85i5pm25Hr4IVo31oziBnTWaG6j3buYKtz5e1qSPzXywinJR+5+FCUJU7Fxa+EWTZcOX4wYgArSj4q73rZmvk5N0X44Mudt4nvpD2chvxygsdTzD6ph92qCuaJ/AbfmOoC7b/xvOaOVydUfgDLpHi9VZbd3akvvKxRfW6ZklldgXEzPXKMuastN0mwcBxvIb5G1Vkj8jtSVtKPc5psZ9/NWA5l38xH4qZ6z7eib6thtEMdtcKmTZEEWDADjqTea5Gj61c1n18cr6f3Tff+0bn/cxsl4Y0esi+aDeuCXYiIYNmeKBx0ttDNIxpk4J5Fdh6Xs+AZif5lnJErtu8TPy2aC0bc9wehTjMyvilTHfyerOD1ZJXhN2XwRVDGN7t7leAJZISJlPjqTDcw3Vfvzte/5JqS+FR+hbpG4uz2ix8kUa20u5YF2oSdGl8+zsdozVsdQm10Iv9WSXBV7t4m+oyodgtfzydBpmXq7aBXudCiEKw+7TC7F+1a4YFrVrCNXKFgKUpd1MiVLl7DIbzm5U9MD2BB3Fy7BPCzr3tW6/ExOhhpBWY+HnzVGQfkNr7dRcqfipKw== ae@dobutterfliescry.net" + ]; }; virtualisation.docker.enable = true; diff --git a/hosts/hyrule/default.nix b/hosts/hyrule/default.nix index 6684f58..9690354 100755 --- a/hosts/hyrule/default.nix +++ b/hosts/hyrule/default.nix @@ -1,8 +1,6 @@ -{pkgs, ...}: { +{...}: { imports = [ ./hardware-configuration.nix - - ./services ]; # super duper minimum grub2 config @@ -15,59 +13,19 @@ hostName = "hyrule"; firewall = { allowedTCPPorts = [ - 80 # nginx - 443 # nginx ]; allowedUDPPorts = [ - 54231 # Wireguard ]; }; - - # wg-quick.interfaces = { - # wg0 = { - # address = [ - # "10.10.10.4/24" - # ]; - # dns = ["10.10.10.1"]; - # privateKeyFile = "/root/wg_agrivpn_hyrule"; - # peers = [ - # { - # # peer's public key - # publicKey = "iZ4aqYjbT8O8tfUHEuV+yWLtdoQbdBb6Nt0M4usMSiY="; - - # # choose which traffic to forward - # allowedIPs = [ - # "10.0.51.0/24" - # "10.10.10.0/24" - # ]; - # endpoint = "150.242.34.33:54231"; - # } - # ]; - # }; - # }; }; - users = { - users = { - # primary user - cry = { - isNormalUser = true; - extraGroups = ["wheel"]; - shell = pkgs.bash; - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCsUZY45rgezi+8iROdcR5vPeacJ2fbMjlDijfUrH9hRX2FzCsg/4e3aFKhi2seZMmyTfbstxmDrrH8paUS5TibFgLFBGNngaF3CTjg85i5pm25Hr4IVo31oziBnTWaG6j3buYKtz5e1qSPzXywinJR+5+FCUJU7Fxa+EWTZcOX4wYgArSj4q73rZmvk5N0X44Mudt4nvpD2chvxygsdTzD6ph92qCuaJ/AbfmOoC7b/xvOaOVydUfgDLpHi9VZbd3akvvKxRfW6ZklldgXEzPXKMuastN0mwcBxvIb5G1Vkj8jtSVtKPc5psZ9/NWA5l38xH4qZ6z7eib6thtEMdtcKmTZEEWDADjqTea5Gj61c1n18cr6f3Tff+0bn/cxsl4Y0esi+aDeuCXYiIYNmeKBx0ttDNIxpk4J5Fdh6Xs+AZif5lnJErtu8TPy2aC0bc9wehTjMyvilTHfyerOD1ZJXhN2XwRVDGN7t7leAJZISJlPjqTDcw3Vfvzte/5JqS+FR+hbpG4uz2ix8kUa20u5YF2oSdGl8+zsdozVsdQm10Iv9WSXBV7t4m+oyodgtfzydBpmXq7aBXudCiEKw+7TC7F+1a4YFrVrCNXKFgKUpd1MiVLl7DIbzm5U9MD2BB3Fy7BPCzr3tW6/ExOhhpBWY+HnzVGQfkNr7dRcqfipKw== ae@dobutterfliescry.net" - ]; - }; - - friends = { - isNormalUser = true; - shell = pkgs.fish; - home = "/home/friends"; - }; - }; + users.users.cry = { + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCsUZY45rgezi+8iROdcR5vPeacJ2fbMjlDijfUrH9hRX2FzCsg/4e3aFKhi2seZMmyTfbstxmDrrH8paUS5TibFgLFBGNngaF3CTjg85i5pm25Hr4IVo31oziBnTWaG6j3buYKtz5e1qSPzXywinJR+5+FCUJU7Fxa+EWTZcOX4wYgArSj4q73rZmvk5N0X44Mudt4nvpD2chvxygsdTzD6ph92qCuaJ/AbfmOoC7b/xvOaOVydUfgDLpHi9VZbd3akvvKxRfW6ZklldgXEzPXKMuastN0mwcBxvIb5G1Vkj8jtSVtKPc5psZ9/NWA5l38xH4qZ6z7eib6thtEMdtcKmTZEEWDADjqTea5Gj61c1n18cr6f3Tff+0bn/cxsl4Y0esi+aDeuCXYiIYNmeKBx0ttDNIxpk4J5Fdh6Xs+AZif5lnJErtu8TPy2aC0bc9wehTjMyvilTHfyerOD1ZJXhN2XwRVDGN7t7leAJZISJlPjqTDcw3Vfvzte/5JqS+FR+hbpG4uz2ix8kUa20u5YF2oSdGl8+zsdozVsdQm10Iv9WSXBV7t4m+oyodgtfzydBpmXq7aBXudCiEKw+7TC7F+1a4YFrVrCNXKFgKUpd1MiVLl7DIbzm5U9MD2BB3Fy7BPCzr3tW6/ExOhhpBWY+HnzVGQfkNr7dRcqfipKw== ae@dobutterfliescry.net" + ]; }; virtualisation.docker.enable = true; - system.stateVersion = "24.11"; # DO NOT MODIFY + system.stateVersion = "25.11"; # DO NOT MODIFY } diff --git a/hosts/hyrule/services/default.nix b/hosts/hyrule/services/default.nix deleted file mode 100644 index 1f3c874..0000000 --- a/hosts/hyrule/services/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{...}: { - imports = [ - ./services/forgejo.nix - ./services/vaultwarden.nix - ./services/nginx.nix - ]; -} diff --git a/hosts/hyrule/services/nginx.nix b/hosts/hyrule/services/nginx.nix deleted file mode 100644 index 6d0205d..0000000 --- a/hosts/hyrule/services/nginx.nix +++ /dev/null @@ -1,83 +0,0 @@ -{ - inputs, - pkgs, - ... -}: { - nixpkgs.overlays = [ - (self: super: { - # in wake of CVE-2022-3602/CVE-2022-3786 - nginxStable = super.nginxStable.override {openssl = pkgs.libressl;}; - }) - inputs.dobutterfliescry-net.overlays.default - ]; - - # simple nginx instance to host static construction page - # TODO: I want sshd and forgejo's ssh server to both be bound to port 22 - # So change sshd to listen on a different address/port (ie 2222 or 127.0.0.3:22, etc) - # and change forgejo to use 127.0.0.2:22 (use port 22, ONLY change loopback address) - services.nginx = { - enable = true; - # XXX: TODO: this should auto use the nginxStable overlay no? - # in wake of CVE-2022-3602/CVE-2022-3786 - # package = pkgs.nginxStable.override {openssl = pkgs.libressl;}; - - recommendedGzipSettings = true; - recommendedZstdSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - - # streamConfig = '' - # server { - # listen 127.0.0.1:53 udp reuseport; - # proxy_timeout 20s; - # proxy_pass 192.168.0.1:53535; - # } - # ''; - - virtualHosts = let - localhost = "http://127.0.0.1"; - std = { - # TODO: should I run over QUIC+HTTP3? (experimental) - # quic = true; - # http3 = true; - enableACME = true; - # kTLS = true; # offload TLS to the linux kernel - }; - - vault = - { - forceSSL = true; - locations."/".proxyPass = "${localhost}:8222"; - } - // std; - forge = - { - forceSSL = true; - extraConfig = '' - client_max_body_size 512M; - ''; - locations."/".proxyPass = "${localhost}:3000"; - } - // std; - in { - "dobutterfliescry.net" = - { - default = true; - addSSL = true; # not strictly enforced <3 - # root = "/var/www/cry"; - root = "${pkgs.dobutterfliescry-net}/www"; - # extraConfig = '' - # error_page 404 /custom_404.html; - # ''; - } - // std; - # Route "vault" subdomain to vaultwarden - "vault.imbored.dev" = vault; - # Route "forge" subdomain to forgejo - # TODO: use `forgejo.settings.server.ENABLE_ACME` instead? - # "tearforge.net" = forge; - "forge.dobutterfliescry.net" = forge; - }; - }; -} diff --git a/hosts/modules/colmena.nix b/hosts/modules/colmena.nix deleted file mode 100644 index 5756901..0000000 --- a/hosts/modules/colmena.nix +++ /dev/null @@ -1,20 +0,0 @@ -{}: { - # Colmena's latest stable version is - # unusable so get latest unstable version. - colmena = let - src = pkgsBuild.fetchFromGitHub { - owner = "zhaofengli"; - repo = "colmena"; - rev = "47b6414d800c8471e98ca072bc0835345741a56a"; - sha256 = "rINodqeUuezuCWOnpJgrH7u9vJ86fYT+Dj8Mu8T/IBc="; - }; - flake = - pkgsBuild.callPackage "${src}/flake.nix" { - }; - in - flake.packages."${system}".colmena; - - nixpkgs.config.packageOverrides = pkgs: { - colmena = pkgs.callPackage - }; -} diff --git a/hosts/modules/steam.nix b/hosts/modules/steam.nix index e554441..1e31d8d 100644 --- a/hosts/modules/steam.nix +++ b/hosts/modules/steam.nix @@ -52,6 +52,5 @@ # lutris bottles - heroic ]; } diff --git a/hosts/myputer/default.nix b/hosts/myputer/default.nix index cd0d683..1b397d4 100755 --- a/hosts/myputer/default.nix +++ b/hosts/myputer/default.nix @@ -1,6 +1,7 @@ { pkgs, upkgs, + lib, ... }: { imports = [ @@ -26,29 +27,7 @@ flatpak.enable = true; }; - # ------- USERS ------- - security.sudo.wheelNeedsPassword = false; - users = { - users = { - # just me fr (personal account) - me = { - isNormalUser = true; - extraGroups = ["wheel" "netdev" "docker"]; - shell = pkgs.bash; - packages = with pkgs; [ - firefox - nitch - starfetch - - colmena-latest - - gitkraken - # NOTE: downloadthing this causes my PC to freak!! ("too many open files" error) - #keyguard # bitwarden client app - ]; - }; - }; - }; + security.sudo.wheelNeedsPassword = lib.mkForce false; # ---- SYSTEM PACKAGES ----- environment.systemPackages = with pkgs; [ diff --git a/overlays/default.nix b/overlays/default.nix index cecd3fc..4865280 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -13,5 +13,9 @@ x86-manpages = import ../packages/x86-manpages { pkgs = super; }; + + sddm-theme-corners = import ../packages/sddm-theme-corners { + pkgs = super; + }; }) ] diff --git a/packages/sddm-theme-corners/default.nix b/packages/sddm-theme-corners/default.nix index e9a755f..da1ebfc 100755 --- a/packages/sddm-theme-corners/default.nix +++ b/packages/sddm-theme-corners/default.nix @@ -1,17 +1,20 @@ -{pkgs}: { - sddm-theme-corners = pkgs.stdenv.mkDerivation { - name = "sddm-theme-corners"; - version = "1.0.0"; +{pkgs}: +pkgs.stdenv.mkDerivation { + name = "sddm-theme-corners"; + version = "1.0.0"; - installPhase = '' - mkdir -p $out/share/sddm/themes - cp -ar $src/corners $out/share/sddm/themes/ - ''; - src = pkgs.fetchFromGitHub { - owner = "aczw"; - repo = "sddm-theme-corners"; - rev = "6ff0ff455261badcae36cd7d151a34479f157a3c"; - sha256 = "0iiasrbl7ciyhq3z02la636as915zk9ph063ac7vm5iwny8vgwh8"; - }; + installPhase = '' + mkdir -p $out/share/sddm/themes + cp -ar $src/corners $out/share/sddm/themes/ + ''; + src = pkgs.fetchFromGitHub { + owner = "aczw"; + repo = "sddm-theme-corners"; + rev = "6ff0ff455261badcae36cd7d151a34479f157a3c"; + sha256 = "0iiasrbl7ciyhq3z02la636as915zk9ph063ac7vm5iwny8vgwh8"; }; + + buildInputs = with pkgs; [ + libsForQt5.qt5.qtgraphicaleffects + ]; }