Merge remote-tracking branch 'refs/remotes/origin/master'

hosts/dandelion/default.nix

@@ -27,6 +27,19 @@
 
   time.timeZone = "Europe/Amsterdam";
 
+  systemd.network.networks."99-local" = {
+    matchConfig.name = "ens3s1";
+    address = [
+      "192.168.1.100/24"
+    ];
+    routes = [
+      {
+        Gateway = "172.16.10.1";
+        GatewayOnLink = false;
+      }
+    ];
+  };
+
   environment.systemPackages = with pkgs; [
     kitty.terminfo
     zfs

hosts/sakura/default.nix

@@ -11,6 +11,7 @@
     ./../../modules/core
     ./../../modules/core/virtualization.nix
     ./../../modules/services/tailscale.nix
+    ./../../modules/services/mpd.nix
     inputs.nixos-hardware.nixosModules.framework-13-7040-amd
   ];
 

hosts/yoshino/default.nix

@@ -11,6 +11,7 @@
     ./../../modules/core
     # ./../../modules/home/nfs.nix
     ./../../modules/core/virtualization.nix
+    ./../../modules/services/tailscale.nix
   ];
 
   powerManagement = {

modules/core/sshd.nix

@@ -17,5 +17,6 @@
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGXi00z/rxVrWLKgYr+tWIsbHsSQO75hUMSTThNm5wUw liv@sakura" # main laptop
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ2nsQHyWnrmuQway0ehoMUcYYfhD8Ph/vpD0Tzip1b1 liv@meow" # main phone
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHv2zxCy22KU1tZOH2hA1p8fWVpOSrTYF68+3E5r330O liv@ichiyo" # 2nd laptop
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGm9dLpj13r+Iso5SuHSCSQbriumwW1Fs7TkgaBmmXeo liv@azalea" # linux phone
   ];
 }

modules/home/hyprland/config.nix

@@ -226,6 +226,7 @@
         "$mainMod SHIFT, W, exec, wdisplays"
         "$mainMod SHIFT, T, exec, thunderbird"
         "$mainMod SHIFT, E, exec, element-desktop"
+        "$mainMod SHIFT, X, exec, gajim"
         "$mainMod SHIFT, P, exec, pavucontrol-qt"
         "$mainMod SHIFT, N ,exec, notes"
         "$mainMod, N,exec, swaync-client -t"

modules/home/packages.nix

@@ -59,6 +59,7 @@
 
     # GUI shit
     element-desktop
+    gajim
     signal-desktop
     anki-bin
     obs-studio

modules/services/borg.nix

@@ -1,7 +1,12 @@
-{ pkgs, config, ... }:
+{
+  pkgs,
+  config,
+  username,
+  ...
+}:
 let
   hostname = "violet";
-  repo = "ssh://dandelion.booping.local:${toString config.services.openssh.ports}/spinners/rootvol/backups/${hostname}";
+  baseRepo = "ssh://liv@dandelion:9123/spinners/rootvol/backups/${hostname}";
 in
 {
   services.borgbackup.jobs = {
@@ -9,55 +14,41 @@ in
       paths = [
         "/home/liv/MinecraftDocker"
       ];
-      repo = "${repo}/MinecraftDocker-tulip";
-      compression = "auto,zstd";
-      startAt = "daily";
+      repo = "ssh://liv@dandelion:9123/spinners/rootvol/backups/violet/MinecraftDocker-tulip";
+      encryption.mode = "none";
+      compression = "auto,zstd,10";
+      startAt = [ "3:00" ];
       postHook = ''
         if [ $exitStatus -eq 2 ]; then
-          ${pkgs.ntfy-sh}/bin/ntfy send https://ntfy.liv.town/${hostname} "borgbackup: ${hostname} backup (violet-minecraft) failed with errors"
+          ${pkgs.ntfy-sh}/bin/ntfy send https://notify.liv.town/${hostname} "borgbackup: ${hostname} backup (violet-minecraft) failed with errors"
         else
-          ${pkgs.ntfy-sh}/bin/ntfy send https://ntfy.liv.town/${hostname} "borgbackup: ${hostname} backup (violet-minecraft) completed succesfully with exit status $exitStatus"
+          ${pkgs.ntfy-sh}/bin/ntfy send https://notify.liv.town/${hostname} "borgbackup: ${hostname} backup (violet-minecraft) completed succesfully with exit status $exitStatus"
         fi
       '';
+      user = "${username}";
+      environment = {
+        BORG_RSH = "ssh -p 9123 -i /home/liv/.ssh/id_ed25519";
+      };
     };
     "violet-lib" = {
       paths = [
         "/var/lib"
       ];
-      repo = "${repo}/var-lib";
+      repo = "${baseRepo}/var-lib";
+      encryption.mode = "none";
       compression = "auto,zstd";
       startAt = "daily";
       postHook = ''
         if [ $exitStatus -eq 2 ]; then
-          ${pkgs.ntfy-sh}/bin/ntfy send https://ntfy.liv.town/${hostname} "borgbackup: ${hostname} backup (violet-lib) failed with errors"
+          ${pkgs.ntfy-sh}/bin/ntfy send https://notify.liv.town/${hostname} "borgbackup: ${hostname} backup (violet-lib) failed with errors"
         else
-          ${pkgs.ntfy-sh}/bin/ntfy send https://ntfy.liv.town/${hostname} "borgbackup: ${hostname} backup (violet-lib) completed succesfully with exit status $exitStatus"
+          ${pkgs.ntfy-sh}/bin/ntfy send https://notify.liv.town/${hostname} "borgbackup: ${hostname} backup (violet-lib) completed succesfully with exit status $exitStatus"
         fi
       '';
+      # user = "${username}";
+      environment = {
+        BORG_RSH = "ssh -p 9123 -i /home/liv/.ssh/id_ed25519";
+      };
     };
-    # "violet-random" = {
-    #   paths = [
-    #     "/random"
-    #   ];
-    #   exclude = [
-    #     "/random/a"
-    #     "/random/a"
-    #   ];
-    #  encryption = {
-    #    mode = "";
-    #    passCommand = "";
-    #  };
-    #  environment.BORG_RSH = "ssh -i ${config.sops.secrets."ssh_private_key_violet".path}";
-    #  repo = "${repo}/violet/random";
-    #  compression = "auto,zstd";
-    #  startAt = "daily";
-    #  postHook = ''
-    #    if [ $exitStatus -eq 2 ]; then
-    #      ${pkgs.ntfy-sh}/bin/ntfy send https://ntfy.${domain}/nixbox "BorgBackup: nixbox backup failed with errors"
-    #    else
-    #      ${pkgs.ntfy-sh}/bin/ntfy send https://ntfy.${domain}/nixbox "BorgBackup: nixbox backup completed succesfully with exit status $exitStatus"
-    #    fi
-    #  '';
-    # };
   };
 }

modules/services/dandelion.nix

@@ -8,5 +8,6 @@
     ++ [ (import ./monitoring.nix) ]
     ++ [ (import ./smart-monitoring.nix) ]
     ++ [ (import ./tailscale.nix) ]
+    ++ [ (import ./nfs.nix) ]
     ++ [ (import ./hd-idle.nix) ];
 }

modules/services/frp.nix

@@ -0,0 +1,34 @@
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}:
+{
+  services.frp = {
+    enable = true;
+    role = "client";
+    settings = {
+      serverAddr = "";
+      serverPort = 7000;
+      auth.method = "token";
+      auth.token = "";
+      proxies = [
+        {
+          name = "http";
+          type = "tcp";
+          localIP = "localhost";
+          localPort = 80;
+          remotePort = 80;
+        }
+        {
+          name = "https";
+          type = "tcp";
+          localIP = "localhost";
+          localPort = 443;
+          remotePort = 443;
+        }
+      ];
+    };
+  };
+}

modules/services/immich.nix

@@ -1,9 +1,12 @@
 { config, ... }:
 {
-  services.immich = {
-    enable = true;
-    port = 2283;
-  };
+  # services.immich = {
+  # enable = true;
+  # port = 2283;
+  # mediaLocation = "/spinners/rootvol/immich/";
+  # openFirewall = true;
+  # machine-learning.enable = true;
+  # };
 
   # services.nginx.virtualHosts."" = {
   #   forceSSL = true;

modules/services/mpd.nix

@@ -1,8 +1,13 @@
-{ username, config, ... }:
+{
+  username,
+  config,
+  pkgs,
+  ...
+}:
 {
   services.mpd = {
     enable = true;
-    musicDirectory = "/dandelion/home/liv/music";
+    musicDirectory = "/home/liv/Music";
     extraConfig = ''
       audio_output {
         type "pipewire"
@@ -13,10 +18,14 @@
 
     # Optional:
     # network.listenAddress = "any"; # if you want to allow non-localhost connections
-    network.startWhenNeeded = false; # systemd feature: only start MPD service upon connection to its socket
   };
   systemd.services.mpd.environment = {
     # see: https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/609
-    XDG_RUNTIME_DIR = "/run/user/${toString config.users.users.userRunningPipeWire.uid}"; # User-id must match above user. MPD will look inside this directory for the PipeWire socket.
+    XDG_RUNTIME_DIR = "/run/user/${toString config.users.users.${username}.uid}"; # User-id must match above user. MPD will look inside this directory for the PipeWire socket.
   };
+
+  environment.systemPackages = with pkgs; [
+    mpdris2
+    ncmpcpp
+  ];
 }

modules/services/nfs.nix

@@ -0,0 +1,38 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+{
+  services = {
+    # Network shares
+    samba = {
+      package = pkgs.samba4Full;
+      # ^^ `samba4Full` is compiled with avahi, ldap, AD etc support (compared to the default package, `samba`
+      # Required for samba to register mDNS records for auto discovery
+      # See https://github.com/NixOS/nixpkgs/blob/592047fc9e4f7b74a4dc85d1b9f5243dfe4899e3/pkgs/top-level/all-packages.nix#L27268
+      enable = true;
+      openFirewall = true;
+      shares.main = {
+        path = "/spinners/rootvol/nfs";
+        writable = "true";
+        comment = "Hello world!";
+      };
+    };
+    avahi = {
+      publish.enable = true;
+      publish.userServices = true;
+      # ^^ Needed to allow samba to automatically register mDNS records (without the need for an `extraServiceFile`
+      #nssmdns4 = true;
+      # ^^ Not one hundred percent sure if this is needed- if it aint broke, don't fix it
+      enable = true;
+      openFirewall = true;
+    };
+    samba-wsdd = {
+      # This enables autodiscovery on windows since SMB1 (and thus netbios) support was discontinued
+      enable = true;
+      openFirewall = true;
+    };
+  };
+}

modules/services/prosody.nix

@@ -1,29 +0,0 @@
-{
-  services.prosody = {
-    enable = false;
-    user = "acme";
-    modules = {
-      welcome = true;
-      websocket = true;
-      watchregistrations = true;
-    };
-    admins = [ "liv@liv.town" ];
-    allowRegistration = false;
-    ssl.cert = "/var/lib/acme/liv.town/cert.pem";
-    ssl.key = "/var/lib/acme/liv.town/key.pem";
-    virtualHosts."liv.town" = {
-      enabled = true;
-      domain = "liv.town";
-      ssl.cert = "/var/lib/acme/liv.town/fullchain.pem";
-      ssl.key = "/var/lib/acme/liv.town/key.pem";
-    };
-    muc = [
-      {
-        domain = "conference.liv.town";
-      }
-    ];
-    uploadHttp = {
-      domain = "upload.liv.town";
-    };
-  };
-}

modules/services/violet.nix

@@ -3,11 +3,14 @@
   imports =
     [ (import ./invidious.nix) ]
     ++ [ (import ./anubis.nix) ]
+    ++ [ (import ./borg.nix) ]
     ++ [ (import ./binternet-proxy.nix) ]
+    ++ [ (import ./bluemap-proxy.nix) ]
     ++ [ (import ./docker.nix) ]
-    ++ [ (import ./frp.nix) ]
+    # ++ [ (import ./frp.nix) ]
     ++ [ (import ./forgejo.nix) ]
     ++ [ (import ./grafana.nix) ]
+    ++ [ (import ./guacamole.nix) ]
     ++ [ (import ./gokapi.nix) ]
     ++ [ (import ./jellyfin.nix) ]
     ++ [ (import ./librey-proxy.nix) ]
@@ -16,15 +19,13 @@
     ++ [ (import ./mumble.nix) ]
     ++ [ (import ./monitoring.nix) ]
     ++ [ (import ./ntfy.nix) ]
-    ++ [ (import ./bluemap-proxy.nix) ]
-    ++ [ (import ./sharkey-proxy.nix) ]
     ++ [ (import ./nginx.nix) ]
-    # ++ [(import ./komga.nix)]
     ++ [ (import ./radicale.nix) ]
-    ++ [ (import ./prosody.nix) ]
-    ++ [ (import ./tailscale.nix) ]
-    ++ [ (import ./guacamole.nix) ]
-    ++ [ (import ./readarr.nix) ];
-  # ++ [(import ./smart-monitoring.nix)]
-  # ++ [(import ./jitsi-meet.nix)]
+    ++ [ (import ./readarr.nix) ]
+    ++ [ (import ./sharkey-proxy.nix) ]
+    # ++ [ (import ./komga.nix) ]
+    # ++ [ (import ./prosody.nix) ]
+    ++ [ (import ./tailscale.nix) ];
+  # ++ [ (import ./smart-monitoring.nix) ]
+  # ++ [ (import ./jitsi-meet.nix) ]
 }

modules/services/xmpp.nix

@@ -0,0 +1,29 @@
+{
+  # services.prosody = {
+  #   enable = false;
+  #   user = "acme";
+  #   modules = {
+  #     welcome = true;
+  #     websocket = true;
+  #     watchregistrations = true;
+  #   };
+  #   admins = [ "liv@liv.town" ];
+  #   allowRegistration = false;
+  #   ssl.cert = "/var/lib/acme/liv.town/cert.pem";
+  #   ssl.key = "/var/lib/acme/liv.town/key.pem";
+  #   virtualHosts."liv.town" = {
+  #     enabled = true;
+  #     domain = "liv.town";
+  #     ssl.cert = "/var/lib/acme/liv.town/fullchain.pem";
+  #     ssl.key = "/var/lib/acme/liv.town/key.pem";
+  #   };
+  #   muc = [
+  #     {
+  #       domain = "conference.liv.town";
+  #     }
+  #   ];
+  #   uploadHttp = {
+  #     domain = "upload.liv.town";
+  #   };
+  # };
+}