From 7b8005c867dd7006805da3198625e629ee0c9925 Mon Sep 17 00:00:00 2001 From: laniakea Date: Fri, 10 Apr 2026 18:50:25 +0300 Subject: [PATCH] nix dotfiles --- README.md | 1 + navi/configuration.nix | 123 +++++++++++ navi/flake.lock | 163 +++++++++++++++ navi/flake.nix | 32 +++ navi/hardware-configuration.nix | 31 +++ navi/laniakea/anyrun.nix | 20 ++ navi/laniakea/eww.nix | 41 ++++ navi/laniakea/eww/eww.scss | 81 ++++++++ navi/laniakea/eww/eww.yuck | 108 ++++++++++ navi/laniakea/eww/get_layout.sh | 6 + navi/laniakea/eww/get_volume.sh | 2 + navi/laniakea/eww/get_wifi.sh | 14 ++ navi/laniakea/eww/toggle_layout.sh | 2 + navi/laniakea/eww/volume_scroll.sh | 6 + navi/laniakea/fnott.nix | 23 +++ navi/laniakea/home.nix | 126 ++++++++++++ navi/laniakea/hyprland.nix | 142 +++++++++++++ navi/laniakea/kitty.nix | 19 ++ navi/laniakea/librewolf.nix | 316 +++++++++++++++++++++++++++++ navi/laniakea/neovim.nix | 69 +++++++ navi/laniakea/starship.nix | 14 ++ navi/laniakea/vesktop.nix | 17 ++ server/configuration.nix | 49 +++++ server/element.nix | 35 ++++ server/forgejo.nix | 66 ++++++ server/hardware-configuration.nix | 27 +++ server/matrix.nix | 195 ++++++++++++++++++ 27 files changed, 1728 insertions(+) create mode 100644 README.md create mode 100644 navi/configuration.nix create mode 100644 navi/flake.lock create mode 100644 navi/flake.nix create mode 100644 navi/hardware-configuration.nix create mode 100644 navi/laniakea/anyrun.nix create mode 100644 navi/laniakea/eww.nix create mode 100644 navi/laniakea/eww/eww.scss create mode 100644 navi/laniakea/eww/eww.yuck create mode 100755 navi/laniakea/eww/get_layout.sh create mode 100755 navi/laniakea/eww/get_volume.sh create mode 100755 navi/laniakea/eww/get_wifi.sh create mode 100755 navi/laniakea/eww/toggle_layout.sh create mode 100755 navi/laniakea/eww/volume_scroll.sh create mode 100644 navi/laniakea/fnott.nix create mode 100644 navi/laniakea/home.nix create mode 100644 navi/laniakea/hyprland.nix create mode 100644 navi/laniakea/kitty.nix create mode 100644 navi/laniakea/librewolf.nix create mode 100644 navi/laniakea/neovim.nix create mode 100644 navi/laniakea/starship.nix create mode 100644 navi/laniakea/vesktop.nix create mode 100644 server/configuration.nix create mode 100644 server/element.nix create mode 100644 server/forgejo.nix create mode 100644 server/hardware-configuration.nix create mode 100644 server/matrix.nix diff --git a/README.md b/README.md new file mode 100644 index 0000000..f4d3840 --- /dev/null +++ b/README.md @@ -0,0 +1 @@ +messy server and home machine dotfiles diff --git a/navi/configuration.nix b/navi/configuration.nix new file mode 100644 index 0000000..187355d --- /dev/null +++ b/navi/configuration.nix @@ -0,0 +1,123 @@ +{ + pkgs, + lib, + ... +}: { + imports = [ + ./hardware-configuration.nix + ]; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + boot.kernelParams = ["transparent_hugepage=never"]; + + networking.hostName = "navi"; + networking.networkmanager.enable = true; + + services.mullvad-vpn = { + enable = true; + package = pkgs.mullvad-vpn; + }; + services.resolved.enable = true; + + virtualisation.vmware.host.enable = true; + + time.timeZone = "Asia/Jerusalem"; + i18n.defaultLocale = "en_US.UTF-8"; + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + }; + + programs.bash = { + enable = true; + completion.enable = true; + interactiveShellInit = '' + eval "$(${pkgs.starship}/bin/starship init bash)" + ''; + }; + + services.desktopManager.gnome.enable = true; + + programs.hyprland = { + enable = true; + withUWSM = true; + xwayland.enable = true; + }; + + xdg.portal = { + enable = true; + extraPortals = with pkgs; [ + xdg-desktop-portal-hyprland + xdg-desktop-portal-gtk + ]; + }; + + programs.regreet.enable = true; + + services.greetd = { + enable = true; + settings.default_session = { + command = "${pkgs.greetd.regreet}/bin/regreet"; + user = "greeter"; + }; + }; + + services.xserver.xkb = { + layout = "us,il"; + variant = ""; + }; + + services.pulseaudio.enable = false; + programs.dconf.enable = true; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + }; + + users.users.laniakea = { + isNormalUser = true; + description = "laniakea"; + extraGroups = ["networkmanager" "wheel" "input" "adbusers" "plugdev"]; + }; + + programs.firefox.enable = true; + + nixpkgs.config.allowUnfree = true; + + nix.settings.experimental-features = ["nix-command" "flakes"]; + + programs.nh = { + enable = true; + clean.enable = true; + clean.extraArgs = "--keep-since 4d --keep 3"; + flake = "/etc/nixos"; + }; + + programs.gnupg.agent = { + enable = true; + pinentryPackage = pkgs.pinentry-gnome3; + }; + + services.udev.extraRules = '' + KERNEL=="hidraw*", ATTRS{idVendor}=="fc32", ATTRS{idProduct}=="0287", MODE="0666", GROUP="input" + SUBSYSTEM=="usb", ATTRS{idVendor}=="fc32", ATTRS{idProduct}=="0287", MODE="0666", GROUP="input" + ''; + + services.udev.packages = with pkgs; [ + vial + via + ]; + + system.stateVersion = "24.11"; +} diff --git a/navi/flake.lock b/navi/flake.lock new file mode 100644 index 0000000..9ae19dd --- /dev/null +++ b/navi/flake.lock @@ -0,0 +1,163 @@ +{ + "nodes": { + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1751685974, + "narHash": "sha256-NKw96t+BgHIYzHUjkTK95FqYRVKB8DHpVhefWSz/kTw=", + "ref": "refs/heads/main", + "rev": "549f2762aebeff29a2e5ece7a7dc0f955281a1d1", + "revCount": 92, + "type": "git", + "url": "https://git.lix.systems/lix-project/flake-compat.git" + }, + "original": { + "type": "git", + "url": "https://git.lix.systems/lix-project/flake-compat.git" + } + }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "nvf", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1769996383, + "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "57928607ea566b5db3ad13af0e57e921e6b12381", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1775360939, + "narHash": "sha256-XUBlSgUFdvTh6+K5LcI5mJu5F5L8scmJDMRiZM484TM=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "2097a5c82bdc099c6135eae4b111b78124604554", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "mnw": { + "locked": { + "lastModified": 1770419553, + "narHash": "sha256-b1XqsH7AtVf2dXmq2iyRr2NC1yG7skY7Z6N2MpWHlK4=", + "owner": "Gerg-L", + "repo": "mnw", + "rev": "2aaffa8030d0b262176146adbb6b0e6374ce2957", + "type": "github" + }, + "original": { + "owner": "Gerg-L", + "repo": "mnw", + "type": "github" + } + }, + "ndg": { + "inputs": { + "nixpkgs": [ + "nvf", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1768214250, + "narHash": "sha256-hnBZDQWUxJV3KbtvyGW5BKLO/fAwydrxm5WHCWMQTbw=", + "owner": "feel-co", + "repo": "ndg", + "rev": "a6bd3c1ce2668d096e4fdaaa03ad7f03ba1fbca8", + "type": "github" + }, + "original": { + "owner": "feel-co", + "ref": "refs/tags/v2.6.0", + "repo": "ndg", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1775036866, + "narHash": "sha256-ZojAnPuCdy657PbTq5V0Y+AHKhZAIwSIT2cb8UgAz/U=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "6201e203d09599479a3b3450ed24fa81537ebc4e", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nvf": { + "inputs": { + "flake-compat": "flake-compat", + "flake-parts": "flake-parts", + "mnw": "mnw", + "ndg": "ndg", + "nixpkgs": [ + "nixpkgs" + ], + "systems": "systems" + }, + "locked": { + "lastModified": 1775122065, + "narHash": "sha256-ZlowJNkQOhpsXDuWbHgB1xY6W8kyzYn9coK9nJsqqNg=", + "owner": "NotAShelf", + "repo": "nvf", + "rev": "d3304af3d5771e8d5bac6ee9bbdbce56086d54f7", + "type": "github" + }, + "original": { + "owner": "NotAShelf", + "repo": "nvf", + "type": "github" + } + }, + "root": { + "inputs": { + "home-manager": "home-manager", + "nixpkgs": "nixpkgs", + "nvf": "nvf" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/navi/flake.nix b/navi/flake.nix new file mode 100644 index 0000000..ea70436 --- /dev/null +++ b/navi/flake.nix @@ -0,0 +1,32 @@ +{ + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + + home-manager = { + url = "github:nix-community/home-manager"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + nvf = { + url = "github:NotAShelf/nvf"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + outputs = { self, nixpkgs, home-manager, nvf, ... }: { + nixosConfigurations.navi = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + ./configuration.nix + ./hardware-configuration.nix + home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.laniakea = import ./laniakea/home.nix; + home-manager.extraSpecialArgs = { inherit nvf; }; + } + ]; + }; + }; +} diff --git a/navi/hardware-configuration.nix b/navi/hardware-configuration.nix new file mode 100644 index 0000000..89dee72 --- /dev/null +++ b/navi/hardware-configuration.nix @@ -0,0 +1,31 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/19cf3af9-df0f-46e7-ab26-f29dad2e5a63"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/80BA-5D8C"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + + swapDevices = [ ]; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/navi/laniakea/anyrun.nix b/navi/laniakea/anyrun.nix new file mode 100644 index 0000000..00a25ff --- /dev/null +++ b/navi/laniakea/anyrun.nix @@ -0,0 +1,20 @@ +{pkgs, ...}: { + programs.anyrun = { + enable = true; + config = { + hideIcons = false; + ignoreExclusiveZones = false; + layer = "overlay"; + hidePluginInfo = false; + closeOnClick = false; + showResultsImmediately = false; + maxEntries = null; + + plugins = [ + "${pkgs.anyrun}/lib/libapplications.so" + "${pkgs.anyrun}/lib/libsymbols.so" + "${pkgs.anyrun}/lib/libactions.so" + ]; + }; + }; +} diff --git a/navi/laniakea/eww.nix b/navi/laniakea/eww.nix new file mode 100644 index 0000000..3e66ef0 --- /dev/null +++ b/navi/laniakea/eww.nix @@ -0,0 +1,41 @@ +{pkgs, ...}: { + programs.eww = { + enable = true; + enableBashIntegration = true; + configDir = ./eww; + }; + + home.file.".config/eww/get_volume.sh" = { + source = ./eww/get_volume.sh; + executable = true; + }; + + home.file.".config/eww/volume_scroll.sh" = { + source = ./eww/volume_scroll.sh; + executable = true; + }; + + home.file.".config/eww/get_wifi.sh" = { + source = ./eww/get_wifi.sh; + executable = true; + }; + + home.file.".config/eww/get_layout.sh" = { + source = ./eww/get_layout.sh; + executable = true; + }; + + home.file.".config/eww/toggle_layout.sh" = { + source = ./eww/toggle_layout.sh; + executable = true; + }; + + services.playerctld = { + enable = true; + }; + + home.packages = with pkgs; [ + pavucontrol + libnotify + ]; +} diff --git a/navi/laniakea/eww/eww.scss b/navi/laniakea/eww/eww.scss new file mode 100644 index 0000000..781f58a --- /dev/null +++ b/navi/laniakea/eww/eww.scss @@ -0,0 +1,81 @@ +* { + all: unset; + font-family: IosevkaTerm Nerd Font; +} + +.workspaces button { + border-radius: 5px; + padding: 4px; + padding-left: 8px; + padding-right: 8px; +} + +.inactive { + background-color: #181825; +} + +.active_workspace { + color: #181926; + background-color: #b7bdf8; + font-weight: 900; +} + +.music { + border-radius: 10px; + padding-left: 10px; + padding-right: 10px; + color: #b4befe; + font-weight: bold; +} + +.bar { + background-color: #11111b; + border-radius: 16px; + color: #cdd6f4; + margin: 10px; +} + +.time { + color: #b4befe; + font-weight: 900; +} + +.battery { + color: #cba6f7; + font-weight: 800; +} + +.volume { + color: #cba6f7; + font-weight: 800; +} + +.wifi { + color: #89dceb; + font-weight: 800; +} + +.layout { + color: #a6e3a1; + font-weight: 800; +} + +tooltip { + padding: 3px 7px; + border-radius: 10px; + background-color: #11111b; + color: white; + border-color: #b4befe; + border-width: 2px; + border-style: solid; +} + +menu { + padding: 3px 7px; + border-radius: 10px; + background-color: #11111b; + color: white; + border-color: #b4befe; + border-width: 2px; + border-style: solid; +} diff --git a/navi/laniakea/eww/eww.yuck b/navi/laniakea/eww/eww.yuck new file mode 100644 index 0000000..7a2b4b9 --- /dev/null +++ b/navi/laniakea/eww/eww.yuck @@ -0,0 +1,108 @@ +(defwidget bar [] + (centerbox :orientation "h" + (workspaces) + (music) + (status) + ) +) + +(defwidget workspaces [] + (box :class "workspaces" + :orientation "h" + :halign "start" + :spacing 10 + (button + :class {active_workspace == 1 ? "active_workspace" : "inactive"} + :onclick "hyprctl dispatch workspace 1" 1 + ) + (button + :class {active_workspace == 2 ? "active_workspace" : "inactive"} + :onclick "hyprctl dispatch workspace 2" 2) + (button + :class {active_workspace == 3 ? "active_workspace" : "inactive"} + :onclick "hyprctl dispatch workspace 3" 3) + (button + :class {active_workspace == 4 ? "active_workspace" : "inactive"} + :onclick "hyprctl dispatch workspace 4" 4) + (button + :class {active_workspace == 5 ? "active_workspace" : "inactive"} + :onclick "hyprctl dispatch workspace 5" "") + (button + :class {active_workspace == 6 ? "active_workspace" : "inactive"} + :onclick "hyprctl dispatch workspace 6" "󰭹 ") + ) +) + +(defpoll active_workspace :interval "1s" :initial 1 + "hyprctl activeworkspace -j | jq .id" +) + +(defwidget music [] + (eventbox :class "music" + :orientation "h" + :halign "center" + :onclick "playerctl play-pause" + {music != "" ? " ${music}" : ""} + ) +) + +(deflisten music :initial "" + "playerctl --follow metadata --format '{{ artist }} - {{ title }}' || true" +) + +(defwidget status [] + (box :class "status" :orientation "h" :halign "end" :space-evenly false :spacing 20 + (systray :orientation "h" :space-evenly false :spacing 10 + ) + (eventbox :class "layout" + :onclick "./toggle_layout.sh" + "${layout}" + ) + (box :class "wifi" :tooltip wifi + "${wifi}" + ) + (eventbox + :class "volume" + :timeout "1000ms" + :onclick "pavucontrol" + :onscroll "./volume_scroll.sh {}" + "${volume}%" + ) + (box :class "battery" :tooltip {EWW_BATTERY.BAT0.status} + { "󱐋 ${EWW_BATTERY.BAT0.capacity}%"} + ) + (box :class "time" + :tooltip date + {formattime(EWW_TIME, "%H:%M")} + ) + ) +) + +(defpoll volume :interval "100ms" + "./get_volume.sh" +) + +(defpoll wifi :interval "5s" :initial "󰤭 ..." + "./get_wifi.sh" +) + +(defpoll layout :interval "1s" :initial "󰌌 EN" + "./get_layout.sh" +) + +(defpoll date :interval "5m" + "date +'%A, %d %B %Y'" +) + +(defwindow bar + :monitor 0 + :windowtype "dock" + :geometry (geometry :x "0%" + :y "9px" + :width "98%" + :height "30px" + :anchor "top center" + ) + :exclusive true + (bar) +) diff --git a/navi/laniakea/eww/get_layout.sh b/navi/laniakea/eww/get_layout.sh new file mode 100755 index 0000000..4a067f7 --- /dev/null +++ b/navi/laniakea/eww/get_layout.sh @@ -0,0 +1,6 @@ +#!/bin/sh +layout=$(hyprctl devices -j | jq -r '.keyboards[] | select(.name == "josefadamcik-sofle") | .active_keymap') +case "$layout" in + *Hebrew*) echo "󰊿 HE" ;; + *) echo "󰌌 EN" ;; +esac diff --git a/navi/laniakea/eww/get_volume.sh b/navi/laniakea/eww/get_volume.sh new file mode 100755 index 0000000..1a1ea6a --- /dev/null +++ b/navi/laniakea/eww/get_volume.sh @@ -0,0 +1,2 @@ +#! /bin/sh +wpctl get-volume @DEFAULT_AUDIO_SINK@ | sed -r 's/Volume: //g' | xargs -n1 | awk '{print $1*100}' | xargs -n 1 echo "󰎇$1" diff --git a/navi/laniakea/eww/get_wifi.sh b/navi/laniakea/eww/get_wifi.sh new file mode 100755 index 0000000..abf476a --- /dev/null +++ b/navi/laniakea/eww/get_wifi.sh @@ -0,0 +1,14 @@ +#!/bin/sh +iface=$(ip link | awk '/state UP/ && !/lo/ {print $2}' | tr -d ':' | grep -v eth | head -1) +ssid=$(iwgetid "$iface" -r 2>/dev/null) +strength=$(awk "/$iface/ {print int(\$3 * 100 / 70)}" /proc/net/wireless 2>/dev/null) +if [ -z "$ssid" ]; then + echo "󰤭 disconnected" +else + if [ "$strength" -ge 75 ]; then icon="󰤨" + elif [ "$strength" -ge 50 ]; then icon="󰤥" + elif [ "$strength" -ge 25 ]; then icon="󰤢" + else icon="󰤟" + fi + echo "$icon $ssid $strength%" +fi diff --git a/navi/laniakea/eww/toggle_layout.sh b/navi/laniakea/eww/toggle_layout.sh new file mode 100755 index 0000000..45c9086 --- /dev/null +++ b/navi/laniakea/eww/toggle_layout.sh @@ -0,0 +1,2 @@ +#!/bin/sh +hyprctl switchxkblayout josefadamcik-sofle next diff --git a/navi/laniakea/eww/volume_scroll.sh b/navi/laniakea/eww/volume_scroll.sh new file mode 100755 index 0000000..10cffb8 --- /dev/null +++ b/navi/laniakea/eww/volume_scroll.sh @@ -0,0 +1,6 @@ +#!/bin/sh +if [ "$1" == "up" ]; then + wpctl set-volume @DEFAULT_SINK@ 5%+ -l 1.0 +else + wpctl set-volume @DEFAULT_SINK@ 5%- -l 1.0 +fi diff --git a/navi/laniakea/fnott.nix b/navi/laniakea/fnott.nix new file mode 100644 index 0000000..405064f --- /dev/null +++ b/navi/laniakea/fnott.nix @@ -0,0 +1,23 @@ +{ + services.fnott = { + enable = true; + settings = { + main = { + border-radius = 5; + border-size = 2; + dpi-aware = "yes"; + + title-color = "a6adc8ff"; + summary-color = "cdd6f4ff"; + body-color = "cdd6f4ff"; + background = "1e1e2eff"; + border-color = "89b4faff"; + progress-bar-color = "6c7086ff"; + }; + + critical = { + border-color = "fab387ff"; + }; + }; + }; +} diff --git a/navi/laniakea/home.nix b/navi/laniakea/home.nix new file mode 100644 index 0000000..b7d79e6 --- /dev/null +++ b/navi/laniakea/home.nix @@ -0,0 +1,126 @@ +{ + config, + pkgs, + ... +}: +{ + imports = [ + ./hyprland.nix + ./neovim.nix + ./librewolf.nix + ./kitty.nix + ./starship.nix + ./fnott.nix + ./anyrun.nix + ./eww.nix + ./vesktop.nix + ]; + + home = { + username = "laniakea"; + homeDirectory = "/home/laniakea"; + + packages = with pkgs; [ + wl-clipboard + grimblast + maple-mono.NL-NF + jq + qmk + brave + qbittorrent + chromium + htop + + obs-studio + gnupg + kdePackages.kleopatra + cava + pfetch + fastfetch + tidal-hifi + nerd-fonts.iosevka-term + wirelesstools + signal-desktop + element-desktop + idris2 + sage + python3 + vscode + nim + ghc + gcc + gnumake + gdb + zig + rustup + spotify + ]; + + pointerCursor = { + gtk.enable = true; + package = pkgs.rose-pine-cursor; + name = "BreezeX-RosePineDawn"; + size = 16; + }; + + sessionVariables = { + GTK_USE_PORTAL = "1"; + }; + }; + + xdg.mimeApps = { + enable = true; + defaultApplications = { + "text/html" = "librewolf.desktop"; + "x-scheme-handler/http" = "librewolf.desktop"; + "x-scheme-handler/https" = "librewolf.desktop"; + "x-scheme-handler/about" = "librewolf.desktop"; + "x-scheme-handler/unknown" = "librewolf.desktop"; + }; + }; + + programs = { + git = { + enable = true; + userName = "laniakea"; + userEmail = "itamar@itamar.site"; + + # SSH signing configuration + signing = { + key = "${config.home.homeDirectory}/.ssh/id_ed25519.pub"; + signByDefault = true; + }; + + extraConfig = { + gpg.format = "ssh"; + gpg.ssh.allowedSignersFile = "${config.home.homeDirectory}/.ssh/allowed_signers"; + }; + }; + + ssh = { + enable = true; + enableDefaultConfig = false; + matchBlocks."*".addKeysToAgent = "yes"; + }; + }; + + home.file.".ssh/allowed_signers".text = "* ${builtins.readFile /home/laniakea/.ssh/id_ed25519.pub}"; + + dconf = { + enable = true; + settings."org/gnome/desktop/interface".color-scheme = "prefer-dark"; + }; + + gtk = { + enable = true; + colorScheme = "dark"; + gtk3.colorScheme = "dark"; + gtk4.colorScheme = "dark"; + theme = { + package = pkgs.adw-gtk3; + name = "adw-gtk3-dark"; + }; + }; + + home.stateVersion = "26.05"; +} diff --git a/navi/laniakea/hyprland.nix b/navi/laniakea/hyprland.nix new file mode 100644 index 0000000..c27ac88 --- /dev/null +++ b/navi/laniakea/hyprland.nix @@ -0,0 +1,142 @@ +{pkgs, ...}: { + home.packages = with pkgs; [ + rose-pine-hyprcursor + wpaperd + ]; + + home.file.".config/wpaperd/config.toml".text = '' + [any] + path = "/home/laniakea/.glitch.png" + ''; + + wayland.windowManager.hyprland = { + enable = true; + systemd.enable = false; + + settings = { + "$mod" = "SUPER"; + + "$terminal" = "kitty"; + "$filemanager" = "nautilus"; + "$launcher" = "anyrun"; + + monitor = [ + "eDP-1,1920x1080@60,2560x0,1" + ]; + + exec-once = [ + "hyprctl setcursor rose-pine-hyprcursor 24" + "wpaperd -d" + "eww daemon" + "eww open bar" + ]; + + input = { + kb_layout = "us,il"; + }; + + general = { + gaps_in = "5"; + gaps_out = "20"; + border_size = "2"; + "col.active_border" = "rgb(b4befe)"; + "col.inactive_border" = "rgb(6c7086)"; + layout = "dwindle"; + }; + + dwindle = { + preserve_split = "true"; + }; + + decoration = { + rounding = "5"; + rounding_power = "2"; + active_opacity = "0.95"; + inactive_opacity = "0.80"; + blur = { + enabled = "true"; + size = "10"; + passes = "3"; + vibrancy = "0.0"; + }; + }; + + animations = { + enabled = "true"; + }; + + layerrule = [ + "no_anim on, match:namespace anyrun" + "blur on, ignore_alpha 1, match:namespace gtk-layer-shell" + ]; + + windowrule = [ + "float on, center on, match:class .*" + "size 800 500, match:class kitty" + "size 1000 650, match:class firefox" + "size 900 600, match:class org.gnome.Nautilus" + "workspace 5, match:class tidal-hifi" + "workspace 6, match:class vesktop" + ]; + + bind = + [ + "$mod, RETURN, exec, $terminal" + "$mod, E, exec, $filemanager" + ", Print, exec, grimblast copy area" + "$mod, SPACE, exec, $launcher" + "$mod, M, exec, uwsm stop" + "$mod, Q, killactive" + "$mod, F, togglefloating" + "$mod, S, exec, grimblast copy area" + # Focus with arrows + "$mod, left, movefocus, l" + "$mod, right, movefocus, r" + "$mod, up, movefocus, u" + "$mod, down, movefocus, d" + + "$mod, h, movefocus, l" + "$mod, l, movefocus, r" + "$mod, k, movefocus, u" + "$mod, j, movefocus, d" + + "$mod SHIFT, h, resizeactive, -30 0" + "$mod SHIFT, l, resizeactive, 30 0" + "$mod SHIFT, k, resizeactive, 0 -30" + "$mod SHIFT, j, resizeactive, 0 30" + + "$mod, mouse_down, workspace, e+1" + "$mod, mouse_up, workspace, e-1" + "$mod, escape, exec, hyprctl switchxkblayout josefadamcik-sofle next" + ] + ++ ( + builtins.concatLists (builtins.genList ( + i: let + ws = i + 1; + in [ + "$mod, code:1${toString i}, workspace, ${toString ws}" + "$mod SHIFT, code:1${toString i}, movetoworkspace, ${toString ws}" + ] + ) + 9) + ); + + bindm = [ + "$mod, mouse:272, movewindow" + "$mod, mouse:273, resizewindow" + ]; + + bindl = [ + ", XF86AudioNext, exec, playerctl next" + ", XF86AudioPrev, exec, playerctl previous" + ", XF86AudioPlay, exec, playerctl play-pause" + ", XF86AudioMute, exec, wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle" + ]; + + bindel = [ + ", XF86AudioRaiseVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+" + ", XF86AudioLowerVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%-" + ]; + }; + }; +} diff --git a/navi/laniakea/kitty.nix b/navi/laniakea/kitty.nix new file mode 100644 index 0000000..b09a601 --- /dev/null +++ b/navi/laniakea/kitty.nix @@ -0,0 +1,19 @@ +{ + programs.kitty = { + enable = true; + settings = { + confirm_os_window_close = 0; + background_opacity = "0.9"; + enable_audio_bell = false; + mouse_map = "right press ungrabbed paste_from_clipboard"; + cursor_shape = "underline"; + }; + + font = { + name = "IosevkaTerm Nerd Font"; + }; + + themeFile = "Carbonfox"; + shellIntegration.enableBashIntegration = true; + }; +} diff --git a/navi/laniakea/librewolf.nix b/navi/laniakea/librewolf.nix new file mode 100644 index 0000000..b5b6ee0 --- /dev/null +++ b/navi/laniakea/librewolf.nix @@ -0,0 +1,316 @@ +{ ... }: { + programs.librewolf = { + enable = true; + + profiles.default = { + isDefault = true; + + settings = { + "toolkit.telemetry.enabled" = false; + "toolkit.telemetry.unified" = false; + "toolkit.telemetry.server" = ""; + "toolkit.telemetry.archive.enabled" = false; + "toolkit.telemetry.newProfilePing.enabled" = false; + "toolkit.telemetry.shutdownPingSender.enabled" = false; + "toolkit.telemetry.updatePing.enabled" = false; + "toolkit.telemetry.bhrPing.enabled" = false; + "toolkit.telemetry.firstShutdownPing.enabled" = false; + "toolkit.telemetry.coverage.opt-out" = true; + "toolkit.coverage.opt-out" = true; + "toolkit.coverage.endpoint.base" = ""; + "browser.ping-centre.telemetry" = false; + "browser.newtabpage.activity-stream.feeds.telemetry" = false; + "browser.newtabpage.activity-stream.telemetry" = false; + + "breakpad.reportURL" = ""; + "browser.tabs.crashReporting.sendReport" = false; + "browser.crashReports.unsubmittedCheck.autoSubmit2" = false; + + "app.shield.optoutstudies.enabled" = false; + "app.normandy.enabled" = false; + "app.normandy.api_url" = ""; + "browser.safebrowsing.malware.enabled" = false; + "browser.safebrowsing.phishing.enabled" = false; + "browser.safebrowsing.blockedURIs.enabled" = false; + "browser.safebrowsing.provider.google4.gethashURL" = ""; + "browser.safebrowsing.provider.google4.updateURL" = ""; + "browser.safebrowsing.provider.google.gethashURL" = ""; + "browser.safebrowsing.provider.google.updateURL" = ""; + "browser.safebrowsing.downloads.remote.enabled" = false; + + "geo.enabled" = false; + "geo.provider.network.url" = ""; + + "captivedetect.canonicalURL" = ""; + "network.captive-portal-service.enabled" = false; + "network.connectivity-service.enabled" = false; + + "privacy.resistFingerprinting" = true; + "privacy.resistFingerprinting.block_mozAddonManager" = true; + "privacy.window.maxInnerWidth" = 1600; + "privacy.window.maxInnerHeight" = 900; + "webgl.disabled" = true; + "webgl.enable-webgl2" = false; + "media.navigator.enabled" = false; + "media.navigator.video.enabled" = false; + + "media.peerconnection.enabled" = false; + "media.peerconnection.ice.no_host" = true; + "media.peerconnection.ice.proxy_only_if_behind_proxy" = true; + "media.peerconnection.ice.default_address_only" = true; + + "privacy.trackingprotection.enabled" = true; + "privacy.trackingprotection.pbmode.enabled" = true; + "privacy.trackingprotection.emailtracking.enabled" = true; + "privacy.trackingprotection.socialtracking.enabled" = true; + "privacy.trackingprotection.cryptomining.enabled" = true; + "privacy.trackingprotection.fingerprinting.enabled" = true; + "privacy.firstparty.isolate" = true; + "privacy.partition.network_state" = true; + "privacy.partition.serviceWorkers" = true; + + "network.cookie.cookieBehavior" = 1; + "network.cookie.lifetimePolicy" = 0; + "browser.privatebrowsing.autostart" = false; + + "signon.rememberSignons" = true; + "signon.autofillForms" = true; + "signon.generation.enabled" = true; + + "network.trr.mode" = 3; + "network.trr.uri" = "https://dns.quad9.net/dns-query"; + "network.trr.bootstrapAddress" = "9.9.9.9"; + "network.dns.disableIPv6" = true; + "network.prefetch-next" = false; + "network.dns.disablePrefetch" = true; + "network.predictor.enabled" = false; + "network.http.speculative-parallel-limit" = 0; + "browser.places.speculativeConnect.enabled" = false; + "network.proxy.socks_remote_dns" = true; + + "dom.security.https_only_mode" = true; + "dom.security.https_only_mode.upgrade_local" = true; + "security.mixed_content.block_display_content" = true; + "security.mixed_content.block_active_content" = true; + + "security.tls.version.min" = 3; + "security.tls.version.max" = 4; + "security.tls.enable_0rtt_data" = false; + "security.OCSP.enabled" = 1; + "security.OCSP.require" = true; + "security.cert_pinning.enforcement_level" = 2; + "security.remote_settings.crlite_filters.enabled" = true; + "security.pki.crlite_mode" = 2; + + "dom.battery.enabled" = false; + "dom.vr.enabled" = false; + "dom.vibrator.enabled" = false; + "dom.gamepad.enabled" = false; + "dom.netinfo.enabled" = false; + "dom.telephony.enabled" = false; + "dom.push.enabled" = false; + "dom.push.connection.enabled" = false; + "dom.push.serverURL" = ""; + + "browser.send_pings" = false; + "browser.sessionstore.privacy_level" = 2; + "browser.urlbar.speculativeConnect.enabled" = false; + "browser.urlbar.suggest.searches" = false; + "browser.search.suggest.enabled" = false; + "browser.formfill.enable" = false; + + "toolkit.legacyUserProfileCustomizations.stylesheets" = true; + }; + + userChrome = '' + /* ============================================= + Windows 95/98 Theme for LibreWolf + ============================================= */ + + @import url("chrome://userchrome/content/userChrome.css"); + + * { + font-family: "W95FA", "Pixelated MS Sans Serif", "Arial", sans-serif !important; + font-size: 11px !important; + } + + /* ---- Window chrome background ---- */ + :root { + --win95-bg: #c0c0c0; + --win95-dark: #808080; + --win95-darker: #404040; + --win95-light: #ffffff; + --win95-highlight: #000080; + --win95-highlight-text: #ffffff; + --win95-border-light: #dfdfdf; + --win95-border-dark: #808080; + --win95-border-darker: #404040; + } + + /* ---- Toolbar background ---- */ + #navigator-toolbox, + #toolbar-menubar, + #TabsToolbar, + #nav-bar, + #PersonalToolbar { + background-color: var(--win95-bg) !important; + border-bottom: 1px solid var(--win95-dark) !important; + padding: 2px !important; + } + + /* ---- Tab bar ---- */ + #TabsToolbar { + background-color: var(--win95-bg) !important; + } + + /* Active tab — raised bevel */ + .tab-background:is([selected], [multiselected]) { + background-color: var(--win95-bg) !important; + border-top: 2px solid var(--win95-light) !important; + border-left: 2px solid var(--win95-light) !important; + border-right: 2px solid var(--win95-darker) !important; + border-bottom: none !important; + border-radius: 0 !important; + margin-bottom: -1px !important; + } + + /* Inactive tab — sunken */ + .tab-background:not([selected]) { + background-color: var(--win95-bg) !important; + border-top: 2px solid var(--win95-dark) !important; + border-left: 2px solid var(--win95-dark) !important; + border-right: 2px solid var(--win95-light) !important; + border-bottom: 1px solid var(--win95-dark) !important; + border-radius: 0 !important; + } + + .tab-label { + color: #000000 !important; + } + + .tab-background:is([selected]) .tab-label { + font-weight: bold !important; + } + + /* ---- URL bar — sunken inset look ---- */ + #urlbar, + #urlbar-background { + background-color: #ffffff !important; + border-top: 2px solid var(--win95-dark) !important; + border-left: 2px solid var(--win95-dark) !important; + border-right: 2px solid var(--win95-light) !important; + border-bottom: 2px solid var(--win95-light) !important; + border-radius: 0 !important; + color: #000000 !important; + } + + #urlbar:focus-within #urlbar-background { + border-color: var(--win95-darker) !important; + outline: none !important; + } + + /* ---- Buttons — raised bevel ---- */ + toolbarbutton, + .toolbarbutton-1 { + background-color: var(--win95-bg) !important; + border-top: 2px solid var(--win95-light) !important; + border-left: 2px solid var(--win95-light) !important; + border-right: 2px solid var(--win95-darker) !important; + border-bottom: 2px solid var(--win95-darker) !important; + border-radius: 0 !important; + padding: 3px 5px !important; + color: #000000 !important; + } + + toolbarbutton:hover, + .toolbarbutton-1:hover { + background-color: var(--win95-bg) !important; + } + + toolbarbutton:active, + toolbarbutton[open="true"], + .toolbarbutton-1:active { + border-top: 2px solid var(--win95-darker) !important; + border-left: 2px solid var(--win95-darker) !important; + border-right: 2px solid var(--win95-light) !important; + border-bottom: 2px solid var(--win95-light) !important; + padding: 4px 4px 2px 6px !important; + } + + /* ---- Title bar — classic Windows blue gradient ---- */ + #titlebar { + background: linear-gradient(to right, #000080, #1084d0) !important; + color: #ffffff !important; + } + + /* ---- Menu bar ---- */ + #toolbar-menubar { + background-color: var(--win95-bg) !important; + } + + menubar > menu { + color: #000000 !important; + border-radius: 0 !important; + padding: 2px 6px !important; + } + + menubar > menu:hover, + menubar > menu[_moz-menuactive="true"] { + background-color: var(--win95-highlight) !important; + color: var(--win95-highlight-text) !important; + } + + /* ---- Bookmarks toolbar ---- */ + #PersonalToolbar toolbarbutton { + border: 1px solid transparent !important; + } + + #PersonalToolbar toolbarbutton:hover { + border-top: 2px solid var(--win95-light) !important; + border-left: 2px solid var(--win95-light) !important; + border-right: 2px solid var(--win95-darker) !important; + border-bottom: 2px solid var(--win95-darker) !important; + } + + /* ---- Sidebar ---- */ + #sidebar-box { + background-color: var(--win95-bg) !important; + border-right: 2px solid var(--win95-dark) !important; + } + + /* ---- Find bar ---- */ + #FindToolbar { + background-color: var(--win95-bg) !important; + border-top: 2px solid var(--win95-dark) !important; + } + + /* ---- Scrollbars ---- */ + scrollbar { + background-color: var(--win95-bg) !important; + width: 16px !important; + } + + scrollbar thumb { + background-color: var(--win95-bg) !important; + border-top: 2px solid var(--win95-light) !important; + border-left: 2px solid var(--win95-light) !important; + border-right: 2px solid var(--win95-darker) !important; + border-bottom: 2px solid var(--win95-darker) !important; + border-radius: 0 !important; + } + + /* ---- Status bar ---- */ + #statuspanel-label { + background-color: var(--win95-bg) !important; + border-top: 2px solid var(--win95-dark) !important; + color: #000000 !important; + border-radius: 0 !important; + } + + * { + border-radius: 0 !important; + } + ''; + }; + }; +} diff --git a/navi/laniakea/neovim.nix b/navi/laniakea/neovim.nix new file mode 100644 index 0000000..1e71990 --- /dev/null +++ b/navi/laniakea/neovim.nix @@ -0,0 +1,69 @@ +{ pkgs, nvf, ... }: +{ + imports = [ nvf.homeManagerModules.default ]; + + home.packages = with pkgs; [ + alejandra + nil + statix + deadnix + ]; + + programs.nvf = { + enable = true; + settings = { + vim = { + opts = { + tabstop = 2; + shiftwidth = 0; + }; + clipboard = { + enable = true; + providers.wl-copy.enable = true; + }; + lsp = { + enable = true; + formatOnSave = true; + inlayHints.enable = true; + trouble.enable = true; + }; + treesitter = { + enable = true; + context.enable = true; + indent.enable = true; + grammars = with pkgs.vimPlugins.nvim-treesitter-parsers; [ + yuck + ]; + }; + diagnostics = { + enable = true; + config.virtual_text = true; + }; + languages = { + nix = { + enable = true; + extraDiagnostics.enable = true; + lsp = { + enable = true; + servers = [ "nil" ]; + }; + treesitter.enable = true; + format = { + enable = true; + type = [ "alejandra" ]; + }; + }; + }; + theme = { + enable = true; + name = "catppuccin"; + style = "mocha"; + transparent = true; + }; + statusline.lualine.enable = true; + autocomplete.blink-cmp.enable = true; + visuals.fidget-nvim.enable = true; + }; + }; + }; +} diff --git a/navi/laniakea/starship.nix b/navi/laniakea/starship.nix new file mode 100644 index 0000000..c0ae6e9 --- /dev/null +++ b/navi/laniakea/starship.nix @@ -0,0 +1,14 @@ +{lib, ...}: { + programs.starship = { + enable = true; + enableBashIntegration = true; + settings = { + add_newline = false; + format = lib.concatStrings [ + "$directory" + "$nix_shell" + "[](fg:purple) " + ]; + }; + }; +} diff --git a/navi/laniakea/vesktop.nix b/navi/laniakea/vesktop.nix new file mode 100644 index 0000000..0ec969f --- /dev/null +++ b/navi/laniakea/vesktop.nix @@ -0,0 +1,17 @@ +{ + programs.vesktop = { + enable = true; + + settings = { + checkUpdates = false; + hardwareAcceleration = true; + discordBranch = "stable"; + }; + + vencord.settings = { + autoUpdate = true; + autoUpdateNotification = true; + notifyAboutUpdates = true; + }; + }; +} diff --git a/server/configuration.nix b/server/configuration.nix new file mode 100644 index 0000000..9c6103b --- /dev/null +++ b/server/configuration.nix @@ -0,0 +1,49 @@ +{ + config, + pkgs, + ... +}: { + imports = [ + ./hardware-configuration.nix + ./matrix.nix + ./element.nix + ./forgejo.nix + ]; + + nixpkgs.config.permittedInsecurePackages = [ + "olm-3.2.16" + ]; + + boot.loader.grub.enable = true; + boot.loader.grub.device = "/dev/sda"; + networking.hostName = "navi"; + + networking.dhcpcd.IPv6rs = true; + networking.dhcpcd.persistent = true; + networking.tempAddresses = "disabled"; + networking.interfaces.ens3.tempAddress = "disabled"; + + services.openssh = { + enable = true; + settings = { + PermitRootLogin = "prohibit-password"; + PasswordAuthentication = false; + PubkeyAuthentication = true; + }; + }; + + users.users.root = { + isNormalUser = false; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHioVSkG7cILl5SQiGm3TaL641BGU00FLSgexBx6xtYy" + ]; + password = null; + }; + + services.cron.enable = true; + services.cron.systemCronJobs = [ + "@reboot root sleep 30 && curl -L -XPOST -q https://portal.servinga.cloud/api/service/v1/cloud-init/callback > /dev/null 2>&1" + ]; + + system.stateVersion = "26.05"; +} diff --git a/server/element.nix b/server/element.nix new file mode 100644 index 0000000..20fa833 --- /dev/null +++ b/server/element.nix @@ -0,0 +1,35 @@ +{ + config, + pkgs, + ... +}: let + domain = "itamar.site"; + matrixDomain = "matrix.${domain}"; + elementDomain = "element.${domain}"; +in { + security.acme.certs."${elementDomain}" = {}; + + services.nginx.virtualHosts."${elementDomain}" = { + enableACME = true; + forceSSL = true; + + root = pkgs.element-web.override { + conf = { + default_server_config = { + "m.homeserver" = { + base_url = "https://${matrixDomain}"; + server_name = domain; + }; + "m.identity_server" = { + base_url = "https://vector.im"; + }; + }; + # Optional: Set default theme and other settings + default_theme = "dark"; + show_labs_settings = true; + disable_guests = false; + disable_3pid_login = false; + }; + }; + }; +} diff --git a/server/forgejo.nix b/server/forgejo.nix new file mode 100644 index 0000000..2e78f1c --- /dev/null +++ b/server/forgejo.nix @@ -0,0 +1,66 @@ +{ + config, + lib, + ... +}: let + cfg = config.services.forgejo; + srv = cfg.settings.server; +in { + services.forgejo = { + enable = true; + appName = "git.itamar.site"; + database.type = "sqlite3"; + lfs.enable = true; + + settings = { + server = { + DOMAIN = "git.itamar.site"; + HTTP_ADDR = "127.0.0.1"; + HTTP_PORT = 3000; + ROOT_URL = "https://git.itamar.site/"; + PROTOCOL = "http"; + + DISABLE_SSH = false; + START_SSH_SERVER = false; + SSH_DOMAIN = "git.itamar.site"; + SSH_PORT = lib.head config.services.openssh.ports; + + DISABLE_HTTP_GIT = true; + }; + + security = { + COOKIE_SECURE = true; + }; + + service = { + DISABLE_REGISTRATION = true; + }; + + log.LEVEL = "Info"; + }; + }; + + services.nginx = { + enable = true; + virtualHosts."git.itamar.site" = { + enableACME = true; + forceSSL = true; + extraConfig = '' + client_max_body_size 512M; + ''; + locations."/".proxyPass = "http://localhost:${toString srv.HTTP_PORT}"; + }; + }; + + security.acme = { + acceptTerms = true; + defaults.email = "itamar@itamar.site"; + }; + + services.openssh = { + enable = true; + ports = [22]; + }; + + networking.firewall.allowedTCPPorts = [22 80 443]; +} diff --git a/server/hardware-configuration.nix b/server/hardware-configuration.nix new file mode 100644 index 0000000..4ad27a0 --- /dev/null +++ b/server/hardware-configuration.nix @@ -0,0 +1,27 @@ +[root@navi:/etc/nixos]# cat hardware-configuration.nix +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/3afb8070-14f2-4f56-bce2-301eccea108d"; + fsType = "ext4"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/2744bc0a-2684-4952-8ea8-371bd0c09f78"; } + ]; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/server/matrix.nix b/server/matrix.nix new file mode 100644 index 0000000..d29f36f --- /dev/null +++ b/server/matrix.nix @@ -0,0 +1,195 @@ +{ + config, + pkgs, + ... +}: let + domain = "itamar.site"; + matrixDomain = "matrix.${domain}"; +in { + networking.firewall = { + allowedTCPPorts = [80 443 8448]; + allowedUDPPorts = [3478 5349]; + allowedUDPPortRanges = [ + { + from = 49152; + to = 65535; + } + ]; + }; + + security.acme = { + acceptTerms = true; + defaults.email = "admin@${domain}"; + certs = { + "${domain}" = {}; + "${matrixDomain}" = {}; + }; + }; + + services.postgresql = { + enable = true; + ensureDatabases = ["matrix-synapse" "mautrix-whatsapp"]; + ensureUsers = [ + { + name = "matrix-synapse"; + ensureDBOwnership = true; + } + { + name = "mautrix-whatsapp"; + ensureDBOwnership = true; + } + ]; + }; + + services.matrix-synapse = { + enable = true; + settings = { + server_name = domain; + suppress_key_server_warning = true; + database = { + name = "psycopg2"; + allow_unsafe_locale = true; + args = { + database = "matrix-synapse"; + user = "matrix-synapse"; + host = "/run/postgresql"; + }; + }; + enable_registration = false; + registration_shared_secret_path = "/var/lib/matrix-synapse/registration_secret"; + turn_uris = [ + "turns:${domain}:5349?transport=udp" + "turns:${domain}:5349?transport=tcp" + "turn:${domain}:3478?transport=udp" + "turn:${domain}:3478?transport=tcp" + ]; + turn_shared_secret_path = "/var/lib/matrix-synapse/turn_secret"; + turn_user_lifetime = "1d"; + listeners = [ + { + port = 8008; + bind_addresses = ["127.0.0.1" "::1"]; + type = "http"; + tls = false; + x_forwarded = true; + resources = [ + { + names = ["client" "federation"]; + compress = false; + } + ]; + } + ]; + }; + }; + + services.mautrix-whatsapp = { + enable = true; + registerToSynapse = true; + settings = { + homeserver = { + address = "http://localhost:8008"; + domain = domain; + }; + appservice = { + id = "whatsapp"; + bot = { + username = "whatsappbot"; + displayname = "WhatsApp Bridge Bot"; + }; + }; + database = { + type = "postgres"; + uri = "postgres://mautrix-whatsapp@/mautrix-whatsapp?host=/run/postgresql"; + }; + bridge = { + permissions = { + "*" = "relay"; + "*@${domain}" = "user"; + "@itamar:${domain}" = "admin"; + }; + encryption.allow = true; + private_chat_portal_meta = true; + }; + encryption = { + pickle_key = "$ENCRYPTION_PICKLE_KEY"; + }; + provisioning.shared_secret = "disable"; + }; + environmentFile = "/var/lib/mautrix-whatsapp/secrets.env"; + }; + + services.nginx = { + enable = true; + recommendedTlsSettings = true; + recommendedOptimisation = true; + recommendedGzipSettings = true; + recommendedProxySettings = true; + + virtualHosts = { + "${domain}" = { + enableACME = true; + forceSSL = true; + root = "/var/www/${domain}"; + locations."= /.well-known/matrix/server".extraConfig = '' + add_header Content-Type application/json; + return 200 '{"m.server": "${matrixDomain}:443"}'; + ''; + locations."= /.well-known/matrix/client".extraConfig = '' + add_header Content-Type application/json; + add_header Access-Control-Allow-Origin *; + return 200 '{"m.homeserver":{"base_url":"https://${matrixDomain}"},"m.identity_server":{"base_url":"https://vector.im"}}'; + ''; + }; + + "${matrixDomain}" = { + enableACME = true; + forceSSL = true; + listen = [ + { + addr = "0.0.0.0"; + port = 443; + ssl = true; + } + { + addr = "0.0.0.0"; + port = 8448; + ssl = true; + } + ]; + locations."/_matrix" = { + proxyPass = "http://[::1]:8008"; + proxyWebsockets = true; + }; + locations."/_synapse/client" = { + proxyPass = "http://[::1]:8008"; + proxyWebsockets = true; + }; + locations."/".extraConfig = "return 404;"; + }; + }; + }; + + services.coturn = { + enable = true; + realm = domain; + listening-ips = ["0.0.0.0"]; + listening-port = 3478; + tls-listening-port = 5349; + min-port = 49152; + max-port = 65535; + lt-cred-mech = true; + use-auth-secret = true; + static-auth-secret-file = "/var/lib/coturn/static-auth-secret"; + cert = "/var/lib/acme/${domain}/fullchain.pem"; + pkey = "/var/lib/acme/${domain}/key.pem"; + no-cli = true; + no-tcp-relay = true; + secure-stun = true; + }; + + systemd.tmpfiles.rules = [ + "d /var/lib/matrix-synapse 0750 matrix-synapse matrix-synapse -" + "d /var/lib/coturn 0750 turnserver turnserver -" + ]; +}