Compare commits

..

1 Commits

Author SHA1 Message Date
5801da97f3 feeds: import econlib 2023-01-11 10:47:27 +00:00
132 changed files with 367 additions and 1828 deletions

44
flake.lock generated
View File

@@ -60,38 +60,37 @@
},
"locked": {
"lastModified": 1,
"narHash": "sha256-5zCxdHGOS0OOP7vbgTA1iwv9GVr5JSiths7QmgUsU84=",
"path": "/nix/store/9a5k9pfawxzz1sng17si26sc9af39jr1-source/nixpatches",
"narHash": "sha256-5eJxyBRYQCoRt92ZFUOdT237Z0VscuNRd0pktDYWJYE=",
"path": "nixpatches",
"type": "path"
},
"original": {
"path": "/nix/store/9a5k9pfawxzz1sng17si26sc9af39jr1-source/nixpatches",
"path": "nixpatches",
"type": "path"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1673800717,
"narHash": "sha256-SFHraUqLSu5cC6IxTprex/nTsI81ZQAtDvlBvGDWfnA=",
"owner": "nixos",
"lastModified": 1673163619,
"narHash": "sha256-B33PFBL64ZgTWgMnhFL3jgheAN/DjHPsZ1Ih3z0VE5I=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "2f9fd351ec37f5d479556cd48be4ca340da59b8f",
"rev": "8c54d842d9544361aac5f5b212ba04e4089e8efe",
"type": "github"
},
"original": {
"owner": "nixos",
"id": "nixpkgs",
"ref": "nixos-22.11",
"repo": "nixpkgs",
"type": "github"
"type": "indirect"
}
},
"nixpkgs-stable_2": {
"locked": {
"lastModified": 1673740915,
"narHash": "sha256-MMH8zONfqahgHly3K8/A++X34800rajA/XgZ2DzNL/M=",
"lastModified": 1673100377,
"narHash": "sha256-mT76pTd0YFxT6CwtPhDgHJhuIgLY+ZLSMiQpBufwMG4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "7c65528c3f8462b902e09d1ccca23bb9034665c2",
"rev": "9f11a2df77cb945c115ae2a65f53f38121597d73",
"type": "github"
},
"original": {
@@ -103,18 +102,17 @@
},
"nixpkgs-unpatched": {
"locked": {
"lastModified": 1673796341,
"narHash": "sha256-1kZi9OkukpNmOaPY7S5/+SlCDOuYnP3HkXHvNDyLQcc=",
"owner": "nixos",
"lastModified": 1673226411,
"narHash": "sha256-b6cGb5Ln7Zy80YO66+cbTyGdjZKtkoqB/iIIhDX9gRA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "6dccdc458512abce8d19f74195bb20fdb067df50",
"rev": "aa1d74709f5dac623adb4d48fdfb27cc2c92a4d4",
"type": "github"
},
"original": {
"owner": "nixos",
"id": "nixpkgs",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
"type": "indirect"
}
},
"root": {
@@ -136,11 +134,11 @@
"nixpkgs-stable": "nixpkgs-stable_2"
},
"locked": {
"lastModified": 1673752321,
"narHash": "sha256-EFfXY1ZHJq4FNaNQA9x0djtu/jiOhBbT0Xi+BT06cJw=",
"lastModified": 1673147300,
"narHash": "sha256-gR9OEfTzWfL6vG0qkbn1TlBAOlg4LuW8xK/u0V41Ihc=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "e18eefd2b133a58309475298052c341c08470717",
"rev": "2253120d2a6147e57bafb5c689e086221df8032f",
"type": "github"
},
"original": {

View File

@@ -1,44 +1,24 @@
# FLAKE FEEDBACK:
# - if flake inputs are meant to be human-readable, a human should be able to easily track them down given the URL.
# - this is not the case with registry URLs, like `nixpkgs/nixos-22.11`.
# - this is marginally the case with schemes like `github:nixos/nixpkgs`.
# - given the *existing* `git+https://` scheme, i propose expressing github URLs similarly:
# - `github+https://github.com/nixos/nixpkgs/tree/nixos-22.11`
# - need some way to apply local patches to inputs.
#
#
# DEVELOPMENT DOCS:
# - Flake docs: <https://nixos.wiki/wiki/Flakes>
# - Flake RFC: <https://github.com/tweag/rfcs/blob/flakes/rfcs/0049-flakes.md>
# - Discussion: <https://github.com/NixOS/rfcs/pull/49>
# docs:
# - <https://nixos.wiki/wiki/Flakes>
# - <https://serokell.io/blog/practical-nix-flakes>
{
# XXX: use the `github:` scheme instead of the more readable git+https: because it's *way* more efficient
# preferably, i would rewrite the human-readable https URLs to nix-specific github: URLs with a helper,
# but `inputs` is required to be a strict attrset: not an expression.
inputs = {
# <https://github.com/nixos/nixpkgs/tree/nixos-22.11>
nixpkgs-stable.url = "github:nixos/nixpkgs?ref=nixos-22.11";
# <https://github.com/nixos/nixpkgs/tree/nixos-unstable>
nixpkgs-unpatched.url = "github:nixos/nixpkgs?ref=nixos-unstable";
nixpkgs-stable.url = "nixpkgs/nixos-22.11";
nixpkgs-unpatched.url = "nixpkgs/nixos-unstable";
nixpkgs = {
url = "./nixpatches";
url = "path:nixpatches";
inputs.nixpkgs.follows = "nixpkgs-unpatched";
};
mobile-nixos = {
# <https://github.com/nixos/mobile-nixos>
url = "github:nixos/mobile-nixos";
flake = false;
};
home-manager = {
# <https://github.com/nix-community/home-manager/tree/release-22.05>
url = "github:nix-community/home-manager?ref=release-22.05";
url = "github:nix-community/home-manager/release-22.05";
inputs.nixpkgs.follows = "nixpkgs";
};
sops-nix = {
# <https://github.com/Mic92/sops-nix>
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
@@ -63,12 +43,10 @@
evalHost = { name, local, target }:
let
# XXX: we'd prefer to use `nixosSystem = (nixpkgsCompiledBy target).nixos`
# XXX: we'd prefer to use `nixosSystem = (nixpkgsCompiledBy local).nixos`
# but it doesn't propagate config to the underlying pkgs, meaning it doesn't let you use
# non-free packages even after setting nixpkgs.allowUnfree.
# XXX: patch using the target -- not local -- otherwise the target will
# need to emulate the host in order to rebuild!
nixosSystem = import ((nixpkgsCompiledBy target).path + "/nixos/lib/eval-config.nix");
nixosSystem = import ((nixpkgsCompiledBy local).path + "/nixos/lib/eval-config.nix");
in
(nixosSystem {
# we use pkgs built for and *by* the target, i.e. emulation, by default.
@@ -82,7 +60,6 @@
nixpkgs.overlays = [
self.overlays.default
self.overlays.passthru
self.overlays.pins
];
}
];
@@ -119,12 +96,11 @@
overlays = rec {
default = pkgs;
pkgs = import ./overlays/pkgs.nix;
pins = import ./overlays/pins.nix; # TODO: move to `nixpatches/` input
pkgs = import ./pkgs/overlay.nix;
passthru =
let
stable = next: prev: {
stable = nixpkgs-stable.legacyPackages."${prev.stdenv.hostPlatform.system}";
stable = nixpkgs-stable.legacyPackages."${prev.stdenv.hostPlatform}";
};
mobile = (import "${mobile-nixos}/overlay/overlay.nix");
uninsane = uninsane-dot-org.overlay;

View File

@@ -1,41 +0,0 @@
{ ... }:
{
sops.secrets."ddns_afraid" = {
sopsFile = ../../../secrets/servo.yaml;
};
sops.secrets."ddns_he" = {
sopsFile = ../../../secrets/servo.yaml;
};
sops.secrets."dovecot_passwd" = {
sopsFile = ../../../secrets/servo.yaml;
};
sops.secrets."duplicity_passphrase" = {
sopsFile = ../../../secrets/servo.yaml;
};
sops.secrets."freshrss_passwd" = {
sopsFile = ../../../secrets/servo.yaml;
};
sops.secrets."matrix_synapse_secrets" = {
sopsFile = ../../../secrets/servo.yaml;
};
sops.secrets."mautrix_signal_env" = {
sopsFile = ../../../secrets/servo/mautrix_signal_env.bin;
};
sops.secrets."mediawiki_pw" = {
sopsFile = ../../../secrets/servo.yaml;
};
sops.secrets."pleroma_secrets" = {
sopsFile = ../../../secrets/servo.yaml;
};
sops.secrets."wg_ovpns_privkey" = {
sopsFile = ../../../secrets/servo.yaml;
};
}

View File

@@ -1,34 +0,0 @@
# config options:
# - <https://github.com/mautrix/signal/blob/master/mautrix_signal/example-config.yaml>
{ config, pkgs, ... }:
{
services.signald.enable = true;
services.mautrix-signal.enable = true;
services.mautrix-signal.environmentFile =
config.sops.secrets.mautrix_signal_env.path;
services.mautrix-signal.settings.signal.socket_path = "/run/signald/signald.sock";
services.mautrix-signal.settings.homeserver.domain = "uninsane.org";
services.mautrix-signal.settings.bridge.permissions."@colin:uninsane.org" = "admin";
services.matrix-synapse.settings.app_service_config_files = [
# auto-created by mautrix-signal service
"/var/lib/mautrix-signal/signal-registration.yaml"
];
systemd.services.mautrix-signal.serviceConfig = {
# allow communication to signald
SupplementaryGroups = [ "signald" ];
ReadWritePaths = [ "/run/signald" ];
};
sane.persist.sys.plaintext = [
{ user = "mautrix-signal"; group = "mautrix-signal"; directory = "/var/lib/mautrix-signal"; }
];
sops.secrets."mautrix_signal_env" = {
format = "binary";
mode = "0440";
owner = config.users.users.mautrix-signal.name;
group = config.users.users.matrix-synapse.name;
};
}

View File

@@ -0,0 +1,16 @@
{ lib, pkgs, ... }:
{
# persist external pairings by default
sane.persist.sys.plaintext = [ "/var/lib/bluetooth" ];
sane.fs."/var/lib/bluetooth".generated.acl.mode = "0700";
sane.fs."/var/lib/bluetooth/.secrets.stamp" = {
wantedBeforeBy = [ "bluetooth.service" ];
# XXX: install-bluetooth uses sed, but that's part of the default systemd unit path, it seems
generated.script.script = builtins.readFile ../../scripts/install-bluetooth + ''
touch "/var/lib/bluetooth/.secrets.stamp"
'';
generated.script.scriptArgs = [ "/run/secrets/bt" ];
};
}

View File

@@ -1,12 +1,5 @@
{ config, ... }:
{ ... }:
let
mkCrossFrom = localSystem: pkgs: import pkgs.path {
inherit localSystem;
crossSystem = pkgs.stdenv.hostPlatform.system;
inherit (config.nixpkgs) config overlays;
};
in
{
# the configuration of which specific package set `pkgs.cross` refers to happens elsewhere;
# here we just define them all.
@@ -15,8 +8,8 @@ in
# non-emulated packages build *from* local *for* target.
# for large packages like the linux kernel which are expensive to build under emulation,
# the config can explicitly pull such packages from `pkgs.cross` to do more efficient cross-compilation.
crossFrom."x86_64-linux" = mkCrossFrom "x86_64-linux" next;
crossFrom."aarch64-linux" = mkCrossFrom "aarch64-linux" next;
crossFrom."x86_64-linux" = (prev.forceSystem "x86_64-linux" null).appendOverlays next.overlays;
crossFrom."aarch64-linux" = (prev.forceSystem "aarch64-linux" null).appendOverlays next.overlays;
})
];
}

View File

@@ -1,10 +1,11 @@
{ pkgs, ... }:
{
imports = [
./bluetooth.nix
./cross.nix
./feeds.nix
./fs.nix
./hardware.nix
./hardware
./i2p.nix
./ids.nix
./machine-id.nix
@@ -29,9 +30,6 @@
"/var/lib/machines" # maybe not needed, but would be painful to add a VM and forget.
];
# some services which use private directories error if the parent (/var/lib/private) isn't 700.
sane.fs."/var/lib/private".dir.acl.mode = "0700";
nixpkgs.config.allowUnfree = true;
# time.timeZone = "America/Los_Angeles";
@@ -41,11 +39,6 @@
nix.extraOptions = ''
experimental-features = nix-command flakes
'';
# allow `nix-shell` (and probably nix-index?) to locate our patched and custom packages
nix.nixPath = [
"nixpkgs=${pkgs.path}"
"nixpkgs-overlays=${../..}/overlays"
];
# TODO: move this into home-manager?
fonts = {

View File

@@ -1,4 +1,4 @@
{ lib, sane-data, ... }:
{ ... }:
let
hourly = { freq = "hourly"; };
daily = { freq = "daily"; };
@@ -12,8 +12,6 @@ let
tech = { cat = "tech"; };
uncat = { cat = "uncat"; };
text = { format = "text"; };
mkRss = format: url: { inherit url format; } // uncat // infrequent;
# format-specific helpers
mkText = mkRss "text";
@@ -23,74 +21,48 @@ let
# host-specific helpers
mkSubstack = subdomain: { substack = subdomain; };
fromDb = name:
let
raw = sane-data.feeds."${name}";
in {
url = raw.url;
# not sure the exact mapping with velocity here: entries per day?
freq = lib.mkDefault (
if raw.velocity or 0 > 2 then
"hourly"
else if raw.velocity or 0 > 0.5 then
"daily"
else if raw.velocity or 0 > 0.1 then
"weekly"
else
"infrequent"
);
} // lib.optionalAttrs (raw.is_podcast or false) {
format = "podcast";
} // lib.optionalAttrs (raw.title or "" != "") {
title = lib.mkDefault raw.title;
};
podcasts = [
(fromDb "lexfridman.com/podcast" // rat)
# (mkPod "https://lexfridman.com/feed/podcast/" // rat // weekly)
(mkPod "https://lexfridman.com/feed/podcast/" // rat // weekly)
## Astral Codex Ten
(fromDb "sscpodcast.libsyn.com" // rat)
(mkPod "http://feeds.libsyn.com/108018/rss" // rat // daily)
## Econ Talk
(fromDb "feeds.simplecast.com/wgl4xEgL" // rat)
## Cory Doctorow -- both podcast & text entries
(fromDb "craphound.com" // pol)
(mkPod "https://feeds.simplecast.com/wgl4xEgL" // rat // daily)
## Cory Doctorow
(mkPod "https://feeds.feedburner.com/doctorow_podcast" // pol // infrequent)
(mkPod "https://congressionaldish.libsyn.com/rss" // pol // infrequent)
## Civboot -- https://anchor.fm/civboot
(fromDb "anchor.fm/s/34c7232c/podcast/rss" // tech)
(fromDb "feeds.feedburner.com/80000HoursPodcast" // rat)
(fromDb "allinchamathjason.libsyn.com" // pol)
(fromDb "acquired.libsyn.com" // tech)
# The Intercept - Deconstructed; also available: <rss.acast.com/deconstructed>
(fromDb "rss.prod.firstlook.media/deconstructed/podcast.rss" // pol)
## Civboot
(mkPod "https://anchor.fm/s/34c7232c/podcast/rss" // tech // infrequent)
(mkPod "https://feeds.feedburner.com/80000HoursPodcast" // rat // weekly)
(mkPod "https://allinchamathjason.libsyn.com/rss" // pol // weekly)
(mkPod "https://acquired.libsyn.com/rss" // tech // infrequent)
(mkPod "https://rss.acast.com/deconstructed" // pol // infrequent)
## The Daily
(mkPod "https://feeds.simplecast.com/54nAGcIl" // pol // daily)
# The Intercept - Intercepted; also available: <https://rss.acast.com/intercepted-with-jeremy-scahill>
(fromDb "rss.prod.firstlook.media/intercepted/podcast.rss" // pol)
(fromDb "podcast.posttv.com/itunes/post-reports.xml" // pol)
(mkPod "https://rss.acast.com/intercepted-with-jeremy-scahill" // pol // weekly)
(mkPod "https://podcast.posttv.com/itunes/post-reports.xml" // pol // weekly)
## Eric Weinstein
(fromDb "rss.art19.com/the-portal" // rat)
(fromDb "darknetdiaries.com" // tech)
## Radiolab -- also available here, but ONLY OVER HTTP: <http://feeds.wnyc.org/radiolab>
(fromDb "feeds.feedburner.com/radiolab" // pol)
## Sam Harris
(fromDb "wakingup.libsyn.com" // pol)
## 99% Invisible -- also available here: <https://feeds.simplecast.com/BqbsxVfO>
(fromDb "feeds.99percentinvisible.org/99percentinvisible" // pol)
(fromDb "rss.acast.com/ft-tech-tonic" // tech)
(fromDb "feeds.feedburner.com/dancarlin/history" // rat)
(fromDb "rss.art19.com/60-minutes" // pol)
(mkPod "https://rss.art19.com/the-portal" // rat // infrequent)
(mkPod "https://feeds.megaphone.fm/darknetdiaries" // tech // infrequent)
(mkPod "http://feeds.wnyc.org/radiolab" // pol // infrequent)
(mkPod "https://wakingup.libsyn.com/rss" // pol // infrequent)
## 99% Invisible
(mkPod "https://feeds.simplecast.com/BqbsxVfO" // pol // infrequent)
(mkPod "https://rss.acast.com/ft-tech-tonic" // tech // infrequent)
(mkPod "https://feeds.feedburner.com/dancarlin/history?format=xml" // rat // infrequent)
## 60 minutes (NB: this features more than *just* audio?)
(mkPod "https://www.cbsnews.com/latest/rss/60-minutes" // pol // infrequent)
## The Verge - Decoder
(fromDb "feeds.megaphone.fm/recodedecode" // tech)
(mkPod "https://feeds.megaphone.fm/recodedecode" // tech // weekly)
## Matrix (chat) Live
(fromDb "feed.podbean.com/matrixlive/feed.xml" // tech)
## Michael Malice - Your Welcome -- also available here: <https://origin.podcastone.com/podcast?categoryID2=2232>
(fromDb "rss.art19.com/your-welcome" // pol)
(mkPod "https://feed.podbean.com/matrixlive/feed.xml" // tech // weekly)
## Michael Malice - Your Welcome
(mkPod "https://www.podcastone.com/podcast?categoryID2=2232" // pol // weekly)
];
texts = [
# AGGREGATORS (> 1 post/day)
(fromDb "lesswrong.com" // rat)
(fromDb "econlib.org" // pol)
(mkText "https://www.lesswrong.com/feed.xml" // rat // hourly)
(mkText "http://www.econlib.org/index.xml" // pol // hourly)
# AGGREGATORS (< 1 post/day)
(mkText "https://palladiummag.com/feed" // uncat // weekly)
@@ -103,10 +75,10 @@ let
(mkText "https://www.rifters.com/crawl/?feed=rss2" // uncat // weekly)
# DEVELOPERS
(fromDb "uninsane.org" // tech)
(fromDb "mg.lol" // tech)
(mkText "https://uninsane.org/atom.xml" // infrequent // tech)
(mkText "https://mg.lol/blog/rss/" // infrequent // tech)
## Ken Shirriff
(fromDb "righto.com" // tech)
(mkText "https://www.righto.com/feeds/posts/default" // tech // infrequent)
## Vitalik Buterin
(mkText "https://vitalik.ca/feed.xml" // tech // infrequent)
## ian (Sanctuary)
@@ -122,7 +94,7 @@ let
(mkText "https://pomeroyb.com/feed.xml" // tech // infrequent)
# (TECH; POL) COMMENTATORS
(fromDb "edwardsnowden.substack.com" // pol // text)
(mkSubstack "edwardsnowden" // pol // infrequent)
(mkText "http://benjaminrosshoffman.com/feed" // pol // weekly)
## Ben Thompson
(mkText "https://www.stratechery.com/rss" // pol // weekly)
@@ -176,11 +148,4 @@ let
in
{
sane.feeds = texts ++ images ++ podcasts;
assertions = builtins.map
(p: {
assertion = p.format or "unknown" == "podcast";
message = ''${p.url} is not a podcast: ${p.format or "unknown"}'';
})
podcasts;
}

View File

@@ -2,6 +2,7 @@
{
imports = [
./all.nix
./x86_64.nix
];
}

View File

@@ -1,7 +1,8 @@
{ lib, pkgs, ... }:
with lib;
{
config = lib.mkIf (pkgs.system == "x86_64-linux") {
config = mkIf (pkgs.system == "x86_64-linux") {
boot.initrd.availableKernelModules = [
"xhci_pci" "ahci" "sd_mod" "sdhci_pci" # nixos-generate-config defaults
"usb_storage" # rpi needed this to boot from usb storage, i think.

View File

@@ -21,10 +21,6 @@
sane.ids.freshrss.uid = 2401;
sane.ids.freshrss.gid = 2401;
sane.ids.mediawiki.uid = 2402;
sane.ids.signald.uid = 2403;
sane.ids.signald.gid = 2403;
sane.ids.mautrix-signal.uid = 2404;
sane.ids.mautrix-signal.gid = 2404;
sane.ids.colin.uid = 1000;
sane.ids.guest.uid = 1100;

View File

@@ -1,6 +1,16 @@
{ config, lib, pkgs, ... }:
{
# if using router's DNS, these mappings will already exist.
# if using a different DNS provider (which servo does), then we need to explicity provide them.
# ugly hack. would be better to get servo to somehow use the router's DNS
networking.hosts = {
"192.168.0.5" = [ "servo" ];
"192.168.0.20" = [ "lappy" ];
"192.168.0.22" = [ "desko" ];
"192.168.0.48" = [ "moby" ];
};
# the default backend is "wpa_supplicant".
# wpa_supplicant reliably picks weak APs to connect to.
# see: <https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/474>
@@ -20,4 +30,14 @@
General.RoamThreshold = "-52"; # default -70
General.RoamThreshold5G = "-52"; # default -76
};
sane.fs."/var/lib/iwd/.secrets.psk.stamp" = {
wantedBeforeBy = [ "iwd.service" ];
generated.acl.mode = "0600";
# XXX: install-iwd uses sed, but that's part of the default systemd unit path, it seems
generated.script.script = builtins.readFile ../../scripts/install-iwd + ''
touch "/var/lib/iwd/.secrets.psk.stamp"
'';
generated.script.scriptArgs = [ "/run/secrets/iwd" "/var/lib/iwd" ];
};
}

View File

@@ -1,33 +1,24 @@
{ config, lib, sane-data, sane-lib, ... }:
let
inherit (builtins) head map mapAttrs tail;
inherit (lib) concatStringsSep mkMerge reverseList;
in
{
sane.ssh.pubkeys =
let
# path is a DNS-style path like [ "org" "uninsane" "root" ]
keyNameForPath = path:
let
rev = reverseList path;
name = head rev;
host = concatStringsSep "." (tail rev);
rev = lib.reverseList path;
name = builtins.head rev;
host = lib.concatStringsSep "." (builtins.tail rev);
in
"${name}@${host}";
# [{ path :: [String], value :: String }] for the keys we want to install
globalKeys = sane-lib.flattenAttrs sane-data.keys;
domainKeys = sane-lib.flattenAttrs (
mapAttrs (host: cfg: {
colin = cfg.ssh.user_pubkey;
root = cfg.ssh.host_pubkey;
}) config.sane.hosts.by-name
);
in mkMerge (map
localKeys = sane-lib.flattenAttrs sane-data.keys.org.uninsane.local;
in lib.mkMerge (builtins.map
({ path, value }: {
"${keyNameForPath path}" = lib.mkIf (value != null) value;
"${keyNameForPath path}" = value;
})
(globalKeys ++ domainKeys)
(globalKeys ++ localKeys)
);
}

View File

@@ -86,7 +86,6 @@ in
"Pictures"
"Videos"
".cache/nix"
".cargo"
".rustup"
];

View File

@@ -6,16 +6,12 @@
# sane.packages.enableDevPkgs = true;
sane.roles.client = true;
sane.services.wg-home.enable = true;
sane.services.wg-home.ip = config.sane.hosts.by-name."desko".wg-home.ip;
sane.gui.sway.enable = true;
sane.services.duplicity.enable = true;
sane.services.nixserve.enable = true;
sane.services.nixserve.sopsFile = ../../../secrets/desko.yaml;
sane.services.nixserve.sopsFile = ../../secrets/desko.yaml;
sane.persist.enable = true;
sane.gui.sway.enable = true;
boot.loader.efi.canTouchEfiVariables = false;
sane.image.extraBootFiles = [ pkgs.bootpart-uefi-x86_64 ];
@@ -23,7 +19,7 @@
services.usbmuxd.enable = true;
sops.secrets.colin-passwd = {
sopsFile = ../../../secrets/desko.yaml;
sopsFile = ../../secrets/desko.yaml;
neededForUsers = true;
};
@@ -45,7 +41,7 @@
};
sops.secrets.duplicity_passphrase = {
sopsFile = ../../../secrets/desko.yaml;
sopsFile = ../../secrets/desko.yaml;
};
programs.steam = {

View File

@@ -1,16 +1,12 @@
# trampoline from flake.nix into the specific host definition, while doing a tiny bit of common setup
# args from flake-level `import`
{ hostName, localSystem }:
# module args
{ config, ... }:
{ ... }:
{
imports = [
./by-name/${hostName}
./${hostName}
./common
./modules
];
networking.hostName = hostName;

View File

@@ -1,13 +1,9 @@
{ config, pkgs, ... }:
{ pkgs, ... }:
{
imports = [
./fs.nix
];
sane.roles.client = true;
sane.services.wg-home.enable = true;
sane.services.wg-home.ip = config.sane.hosts.by-name."lappy".wg-home.ip;
# sane.packages.enableDevPkgs = true;
# sane.users.guest.enable = true;
@@ -18,7 +14,7 @@
sane.image.extraBootFiles = [ pkgs.bootpart-uefi-x86_64 ];
sops.secrets.colin-passwd = {
sopsFile = ../../../secrets/lappy.yaml;
sopsFile = ../../secrets/lappy.yaml;
neededForUsers = true;
};

View File

@@ -6,11 +6,6 @@
./kernel.nix
];
sane.roles.client = true;
# TODO
# sane.services.wg-home.enable = true;
# sane.services.wg-home.ip = config.sane.hosts.by-name."moby".wg-home.ip;
# cross-compiled documentation is *slow*.
# no obvious way to natively compile docs (2022/09/29).
# entrypoint is nixos/modules/misc/documentation.nix
@@ -24,7 +19,7 @@
services.getty.autologinUser = "root"; # allows for emergency maintenance?
sops.secrets.colin-passwd = {
sopsFile = ../../../secrets/moby.yaml;
sopsFile = ../../secrets/moby.yaml;
neededForUsers = true;
};

View File

@@ -125,9 +125,6 @@ in
# aarch64-unknown-linux-gnu-gcc: error: unrecognized command line option '-mfpu=neon'
# make[3]: *** [../scripts/Makefile.build:289: drivers/video/fbdev/sun5i-eink-neon.o] Error 1
FB_SUN5I_EINK = no;
# used by the pinephone pro, but fails to compile with:
# ../drivers/media/i2c/ov8858.c:1834:27: error: implicit declaration of function 'compat_ptr'
VIDEO_OV8858 = no;
})
))
];

View File

@@ -1,12 +0,0 @@
{ ... }:
{
imports = [
./derived-secrets.nix
./hardware
./hostnames.nix
./hosts.nix
./roles
./wg-home.nix
];
}

View File

@@ -1,47 +0,0 @@
{ config, lib, ... }:
let
inherit (builtins) toString;
inherit (lib) mapAttrs mkOption types;
cfg = config.sane.derived-secrets;
secret = types.submodule {
options = {
len = mkOption {
type = types.int;
};
encoding = mkOption {
type = types.enum [ "base64" ];
};
};
};
in
{
options = {
sane.derived-secrets = mkOption {
type = types.attrsOf secret;
default = {};
description = ''
fs path => secret options.
for each entry, we create an item at the given path whose value is deterministic,
but also pseudo-random and not predictable by anyone without root access to the machine.
as PRNG source we use the host ssh key, and derived secrets are salted based on the destination path.
'';
};
};
config = {
sane.fs = mapAttrs (path: c: {
generated.script.script = ''
echo "$1" | cat /dev/stdin /etc/ssh/host_keys/ssh_host_ed25519_key \
| sha512sum \
| cut -c 1-${toString (c.len * 2)} \
| tr a-z A-Z \
| basenc -d --base16 \
| basenc --${c.encoding} \
> "$1"
'';
generated.script.scriptArgs = [ path ];
generated.acl.mode = "0600";
}) cfg;
};
}

View File

@@ -1,11 +0,0 @@
{ config, lib, ... }:
{
# if using router's DNS, these mappings will already exist.
# if using a different DNS provider (which servo does), then we need to explicity provide them.
# ugly hack. would be better to get servo to somehow use the router's DNS
networking.hosts = lib.mapAttrs' (host: cfg: {
name = cfg.lan-ip;
value = [ host ];
}) config.sane.hosts.by-name;
}

View File

@@ -1,98 +0,0 @@
{ config, lib, ... }:
let
inherit (lib) attrValues filterAttrs mkMerge mkOption types;
cfg = config.sane.hosts;
host = types.submodule ({ config, ... }: {
options = {
ssh.user_pubkey = mkOption {
type = types.str;
description = ''
ssh pubkey that the primary user of this machine will use when connecting to other machines.
e.g. "ssh-ed25519 AAAA<base64>".
'';
};
ssh.host_pubkey = mkOption {
type = types.str;
description = ''
ssh pubkey which this host will present to connections initiated against it.
e.g. "ssh-ed25519 AAAA<base64>".
'';
};
wg-home.pubkey = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
wireguard public key for the wg-home VPN.
e.g. "pWtnKW7f7sNIZQ2M83uJ7cHg3IL1tebE3IoVkCgjkXM=".
'';
};
wg-home.ip = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
IP address to use on the wg-home VPN.
e.g. "10.0.10.5";
'';
};
wg-home.endpoint = mkOption {
type = types.nullOr types.str;
default = null;
};
lan-ip = mkOption {
type = types.str;
description = ''
ip address when on the lan.
e.g. "192.168.0.5";
'';
};
};
});
in
{
options = {
sane.hosts.by-name = mkOption {
type = types.attrsOf host;
default = {};
description = ''
map of hostname => attrset of information specific to that host,
like its ssh pubkey, etc.
'';
};
};
config = {
# TODO: this should be populated per-host
sane.hosts.by-name."desko" = {
ssh.user_pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPU5GlsSfbaarMvDA20bxpSZGWviEzXGD8gtrIowc1pX";
ssh.host_pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFw9NoRaYrM6LbDd3aFBc4yyBlxGQn8HjeHd/dZ3CfHk";
wg-home.pubkey = "17PMZssYi0D4t2d0vbmhjBKe1sGsE8kT8/dod0Q2CXc=";
wg-home.ip = "10.0.10.22";
lan-ip = "192.168.0.22";
};
sane.hosts.by-name."lappy" = {
ssh.user_pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDpmFdNSVPRol5hkbbCivRhyeENzb9HVyf9KutGLP2Zu";
ssh.host_pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILSJnqmVl9/SYQ0btvGb0REwwWY8wkdkGXQZfn/1geEc";
wg-home.pubkey = "FTUWGw2p4/cEcrrIE86PWVnqctbv8OYpw8Gt3+dC/lk=";
wg-home.ip = "10.0.10.20";
lan-ip = "192.168.0.20";
};
sane.hosts.by-name."moby" = {
ssh.user_pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICrR+gePnl0nV/vy7I5BzrGeyVL+9eOuXHU1yNE3uCwU";
ssh.host_pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1N/IT3nQYUD+dBlU1sTEEVMxfOyMkrrDeyHcYgnJvw";
lan-ip = "192.168.0.48";
};
sane.hosts.by-name."servo" = {
ssh.user_pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPS1qFzKurAdB9blkWomq8gI1g0T3sTs9LsmFOj5VtqX";
ssh.host_pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOfdSmFkrVT6DhpgvFeQKm3Fh9VKZ9DbLYOPOJWYQ0E8";
wg-home.pubkey = "roAw+IUFVtdpCcqa4khB385Qcv9l5JAB//730tyK4Wk=";
wg-home.ip = "10.0.10.5";
wg-home.endpoint = "uninsane.org:51820";
lan-ip = "192.168.0.5";
};
};
}

View File

@@ -1,18 +0,0 @@
{ config, lib, pkgs, ... }:
{
config = lib.mkIf config.sane.roles.client {
# persist external pairings by default
sane.persist.sys.plaintext = [ "/var/lib/bluetooth" ];
sane.fs."/var/lib/bluetooth".generated.acl.mode = "0700";
sane.fs."/var/lib/bluetooth/.secrets.stamp" = {
wantedBeforeBy = [ "bluetooth.service" ];
# XXX: install-bluetooth uses sed, but that's part of the default systemd unit path, it seems
generated.script.script = builtins.readFile ../../../../scripts/install-bluetooth + ''
touch "/var/lib/bluetooth/.secrets.stamp"
'';
generated.script.scriptArgs = [ "/run/secrets/bt" ];
};
};
}

View File

@@ -1,17 +0,0 @@
{ config, lib, ... }:
let
inherit (lib) mkIf mkOption types;
in
{
imports = [
./bluetooth-pairings.nix
./wifi-pairings.nix
];
# option is consumed by the other imports in this dir
options.sane.roles.client = mkOption {
type = types.bool;
default = false;
};
}

View File

@@ -1,15 +0,0 @@
{ config, lib, pkgs, ... }:
{
config = lib.mkIf config.sane.roles.client {
sane.fs."/var/lib/iwd/.secrets.psk.stamp" = {
wantedBeforeBy = [ "iwd.service" ];
generated.acl.mode = "0600";
# XXX: install-iwd uses sed, but that's part of the default systemd unit path, it seems
generated.script.script = builtins.readFile ../../../../scripts/install-iwd + ''
touch "/var/lib/iwd/.secrets.psk.stamp"
'';
generated.script.scriptArgs = [ "/run/secrets/iwd" "/var/lib/iwd" ];
};
};
}

View File

@@ -1,6 +0,0 @@
{ ... }:
{
imports = [
./client
];
}

View File

@@ -1,80 +0,0 @@
{ config, lib, pkgs, ... }:
let
inherit (builtins) filter map;
inherit (lib) concatMap mapAttrsToList mkIf mkMerge mkOption optionalAttrs types;
cfg = config.sane.services.wg-home;
server-cfg = config.sane.hosts.by-name."servo".wg-home;
mkPeer = { ips, pubkey, endpoint }: {
publicKey = pubkey;
allowedIPs = map (k: "${k}/32") ips;
} // (optionalAttrs (endpoint != null) {
inherit endpoint;
# send keepalives every 25 seconds to keep NAT routes live.
# only need to do this from client -> server though, i think.
persistentKeepalive = 25;
# allows wireguard to notice DNS/hostname changes, with this much effective TTL.
dynamicEndpointRefreshSeconds = 600;
});
# make separate peers to route each given host
mkClientPeers = hosts: map (p: mkPeer {
inherit (p) pubkey endpoint;
ips = [ p.ip ];
}) hosts;
# make a single peer which routes all the given hosts
mkServerPeer = hosts: mkPeer {
inherit (server-cfg) pubkey endpoint;
ips = map (h: h.ip) hosts;
};
in
{
options = {
sane.services.wg-home.enable = mkOption {
type = types.bool;
default = false;
};
sane.services.wg-home.ip = mkOption {
type = types.str;
};
};
config = mkIf cfg.enable {
# generate a (deterministic) wireguard private key
sane.derived-secrets."/run/wg-home.priv" = {
len = 32;
encoding = "base64";
};
# wireguard VPN which allows everything on my domain to speak to each other even when
# not behind a shared LAN.
# this config defines both the endpoint (server) and client configs
# for convenience, have both the server and client use the same port for their wireguard connections.
networking.firewall.allowedUDPPorts = [ 51820 ];
networking.wireguard.interfaces.wg-home = {
listenPort = 51820;
privateKeyFile = "/run/wg-home.priv";
preSetup =
let
gen-key = config.sane.fs."/run/wg-home.priv".unit;
in
"${pkgs.systemd}/bin/systemctl start '${gen-key}'";
ips = [
"${cfg.ip}/24"
];
peers =
let
all-peers = mapAttrsToList (_: hostcfg: hostcfg.wg-home) config.sane.hosts.by-name;
peer-list = filter (p: p.ip != null && p.ip != cfg.ip && p.pubkey != null) all-peers;
in
if cfg.ip == server-cfg.ip then
# if we're the server, then we maintain the entire client list
mkClientPeers peer-list
else
# but if we're a client, we maintain a single peer -- the server -- which does the actual routing
[ (mkServerPeer peer-list) ];
};
};
}

View File

@@ -1,29 +1,29 @@
{ config, pkgs, ... }:
{ pkgs, ... }:
{
imports = [
./fs.nix
./net.nix
./users.nix
./secrets.nix
./services
];
sane.packages.extraUserPkgs = with pkgs; [
sane.packages.extraUserPkgs = [
# for administering services
freshrss
matrix-synapse
signaldctl
pkgs.matrix-synapse
pkgs.freshrss
];
sane.persist.enable = true;
sane.services.dyn-dns.enable = true;
sane.services.wg-home.enable = true;
sane.services.wg-home.ip = config.sane.hosts.by-name."servo".wg-home.ip;
# sane.services.duplicity.enable = true; # TODO: re-enable after HW upgrade
boot.loader.efi.canTouchEfiVariables = false;
sane.image.extraBootFiles = [ pkgs.bootpart-uefi-x86_64 ];
sops.secrets.duplicity_passphrase = {
sopsFile = ../../secrets/servo.yaml;
};
# both transmission and ipfs try to set different net defaults.
# we just use the most aggressive of the two here:
boot.kernel.sysctl = {

View File

@@ -52,18 +52,18 @@
# services.resolved.extraConfig = ''
# # docs: `man resolved.conf`
# # DNS servers to use via the `wg-ovpns` interface.
# # DNS servers to use via the `wg0` interface.
# # i hope that from the root ns, these aren't visible.
# DNS=46.227.67.134%wg-ovpns 192.165.9.158%wg-ovpns
# DNS=46.227.67.134%wg0 192.165.9.158%wg0
# FallbackDNS=1.1.1.1 9.9.9.9
# '';
# OVPN CONFIG (https://www.ovpn.com):
# DOCS: https://nixos.wiki/wiki/WireGuard
# if you `systemctl restart wireguard-wg-ovpns`, make sure to also restart any other services in `NetworkNamespacePath = .../ovpns`.
# if you `systemctl restart wireguard-wg0`, make sure to also restart any other services in `NetworkNamespacePath = .../ovpns`.
# TODO: why not create the namespace as a seperate operation (nix config for that?)
networking.wireguard.enable = true;
networking.wireguard.interfaces.wg-ovpns = let
networking.wireguard.interfaces.wg0 = let
ip = "${pkgs.iproute2}/bin/ip";
in-ns = "${ip} netns exec ovpns";
iptables = "${pkgs.iptables}/bin/iptables";
@@ -159,10 +159,13 @@
# create a new routing table that we can use to proxy traffic out of the root namespace
# through the ovpns namespace, and to the WAN via VPN.
networking.iproute2.rttablesExtraConfig = ''
5 ovpns
5 ovpns
'';
networking.iproute2.enable = true;
sops.secrets."wg_ovpns_privkey" = {
sopsFile = ../../secrets/servo.yaml;
};
# HURRICANE ELECTRIC CONFIG:
# networking.sits = {

View File

@@ -24,4 +24,8 @@ lib.mkIf false
OnUnitActiveSec = "10min";
};
};
sops.secrets."ddns_afraid" = {
sopsFile = ../../../secrets/servo.yaml;
};
}

View File

@@ -27,4 +27,8 @@ lib.mkIf false
OnUnitActiveSec = "10min";
};
};
sops.secrets."ddns_he" = {
sopsFile = ../../../secrets/servo.yaml;
};
}

View File

@@ -46,8 +46,6 @@
}];
# provide access to certs
# TODO: this should just be `acme`. then we also add nginx to the `acme` group.
# why is /var/lib/acme/* owned by `nginx` group??
users.users.ejabberd.extraGroups = [ "nginx" ];
security.acme.certs."uninsane.org".extraDomainNames = [

View File

@@ -11,7 +11,8 @@
{ config, lib, pkgs, sane-lib, ... }:
{
sops.secrets."freshrss_passwd" = {
sops.secrets.freshrss_passwd = {
sopsFile = ../../../secrets/servo.yaml;
owner = config.users.users.freshrss.name;
mode = "0400";
};

View File

@@ -7,8 +7,8 @@
];
services.jackett.enable = true;
systemd.services.jackett.after = [ "wireguard-wg-ovpns.service" ];
systemd.services.jackett.partOf = [ "wireguard-wg-ovpns.service" ];
systemd.services.jackett.after = [ "wireguard-wg0.service" ];
systemd.services.jackett.partOf = [ "wireguard-wg0.service" ];
systemd.services.jackett.serviceConfig = {
# run this behind the OVPN static VPN
NetworkNamespacePath = "/run/netns/ovpns";

View File

@@ -6,12 +6,8 @@
imports = [
./discord-puppet.nix
# ./irc.nix
./signal.nix
];
# allow synapse to read the registration files of its appservices
users.users.matrix-synapse.extraGroups = [ "mautrix-signal" ];
sane.persist.sys.plaintext = [
{ user = "matrix-synapse"; group = "matrix-synapse"; directory = "/var/lib/matrix-synapse"; }
];
@@ -131,7 +127,8 @@
};
sops.secrets."matrix_synapse_secrets" = {
sops.secrets.matrix_synapse_secrets = {
sopsFile = ../../../../secrets/servo.yaml;
owner = config.users.users.matrix-synapse.name;
};
}

View File

@@ -43,7 +43,6 @@
};
};
# TODO: should use a dedicated user
systemd.services.mx-puppet-discord.serviceConfig = {
# fix up to not use /var/lib/private, but just /var/lib
DynamicUser = lib.mkForce false;

View File

@@ -17,5 +17,5 @@
sane.services.trust-dns.zones."uninsane.org".inet.CNAME."nixcache" = "native";
sane.services.nixserve.enable = true;
sane.services.nixserve.sopsFile = ../../../../secrets/servo.yaml;
sane.services.nixserve.sopsFile = ../../../secrets/servo.yaml;
}

View File

@@ -179,7 +179,8 @@
sane.services.trust-dns.zones."uninsane.org".inet.CNAME."fed" = "native";
sops.secrets."pleroma_secrets" = {
sops.secrets.pleroma_secrets = {
sopsFile = ../../../secrets/servo.yaml;
owner = config.users.users.pleroma.name;
};
}

View File

@@ -110,8 +110,8 @@ in
services.postfix.enableSubmissions = true;
services.postfix.submissionsOptions = submissionOptions;
systemd.services.postfix.after = [ "wireguard-wg-ovpns.service" ];
systemd.services.postfix.partOf = [ "wireguard-wg-ovpns.service" ];
systemd.services.postfix.after = [ "wireguard-wg0.service" ];
systemd.services.postfix.partOf = [ "wireguard-wg0.service" ];
systemd.services.postfix.serviceConfig = {
# run this behind the OVPN static VPN
NetworkNamespacePath = "/run/netns/ovpns";
@@ -132,8 +132,8 @@ in
# keeping this the same as the hostname seems simplest
services.opendkim.selector = "mx";
systemd.services.opendkim.after = [ "wireguard-wg-ovpns.service" ];
systemd.services.opendkim.partOf = [ "wireguard-wg-ovpns.service" ];
systemd.services.opendkim.after = [ "wireguard-wg0.service" ];
systemd.services.opendkim.partOf = [ "wireguard-wg0.service" ];
systemd.services.opendkim.serviceConfig = {
# run this behind the OVPN static VPN
NetworkNamespacePath = "/run/netns/ovpns";
@@ -197,7 +197,8 @@ in
# }
];
sops.secrets."dovecot_passwd" = {
sops.secrets.dovecot_passwd = {
sopsFile = ../../../secrets/servo.yaml;
owner = config.users.users.dovecot2.name;
# TODO: debug why mail can't be sent without this being world-readable
mode = "0444";

View File

@@ -40,8 +40,8 @@
# transmission will by default not allow the world to read its files.
services.transmission.downloadDirPermissions = "775";
systemd.services.transmission.after = [ "wireguard-wg-ovpns.service" ];
systemd.services.transmission.partOf = [ "wireguard-wg-ovpns.service" ];
systemd.services.transmission.after = [ "wireguard-wg0.service" ];
systemd.services.transmission.partOf = [ "wireguard-wg0.service" ];
systemd.services.transmission.serviceConfig = {
# run this behind the OVPN static VPN
NetworkNamespacePath = "/run/netns/ovpns";

View File

@@ -8,6 +8,7 @@ lib.mkIf false
{
sops.secrets."mediawiki_pw" = {
owner = config.users.users.mediawiki.name;
sopsFile = ../../../secrets/servo.yaml;
};
services.mediawiki.enable = true;

View File

@@ -1,21 +0,0 @@
{
"bozo": 0,
"content_length": 1369733,
"content_type": "application/rss+xml; charset=utf-8",
"description": "Every company has a story. Learn the playbooks that built the worlds greatest companies — and how you can apply them as a founder, operator, or investor.",
"favicon": null,
"hubs": [],
"is_podcast": true,
"is_push": false,
"item_count": 173,
"last_seen": "2023-01-11T15:26:37.515527+00:00",
"last_updated": "2022-12-19T07:22:28+00:00",
"score": 18,
"self_url": "https://acquired.libsyn.com/rss",
"site_name": null,
"site_url": null,
"title": "Acquired",
"url": "https://acquired.libsyn.com/rss",
"velocity": 0.066,
"version": "rss20"
}

View File

@@ -1,21 +0,0 @@
{
"bozo": 0,
"content_length": 1030773,
"content_type": "application/rss+xml; charset=utf-8",
"description": "Industry veterans, degenerate gamblers & besties Chamath Palihapitiya, Jason Calacanis, David Sacks & David Friedberg cover all things economic, tech, political, social & poker.",
"favicon": null,
"hubs": [],
"is_podcast": true,
"is_push": false,
"item_count": 124,
"last_seen": "2023-01-11T12:44:53.606606+00:00",
"last_updated": "2023-01-06T10:51:00+00:00",
"score": 18,
"self_url": "https://allinchamathjason.libsyn.com/rss",
"site_name": "All-In with Chamath, Jason, Sacks & Friedberg",
"site_url": "https://allinchamathjason.libsyn.com",
"title": "All-In with Chamath, Jason, Sacks & Friedberg",
"url": "https://allinchamathjason.libsyn.com/rss",
"velocity": 0.12,
"version": "rss20"
}

View File

@@ -1,23 +0,0 @@
{
"bozo": 0,
"content_length": 13316,
"content_type": "application/rss+xml; charset=utf-8",
"description": "A podcast around the idea of creating a Civilizational Bootstrapper, a set of tools and technology that can be used to replicate the foundations of civilization along with itself.",
"favicon": null,
"hubs": [
"https://pubsubhubbub.appspot.com/"
],
"is_podcast": true,
"is_push": true,
"item_count": 6,
"last_seen": "2023-01-11T16:11:01.720399+00:00",
"last_updated": "2022-04-13T19:37:17+00:00",
"score": 22,
"self_url": "https://anchor.fm/s/34c7232c/podcast/rss",
"site_name": "Anchor",
"site_url": "https://anchor.fm",
"title": "Civboot",
"url": "https://anchor.fm/s/34c7232c/podcast/rss",
"velocity": 0.009,
"version": "rss20"
}

View File

@@ -1,21 +0,0 @@
{
"bozo": 0,
"content_length": 12669,
"content_type": "application/rss+xml; charset=utf-8",
"description": "The territory is a map of the map.",
"favicon": "http://benjaminrosshoffman.com/favicon.ico",
"hubs": [],
"is_podcast": false,
"is_push": false,
"item_count": 10,
"last_seen": "2023-01-11T12:32:52.176940+00:00",
"last_updated": "2023-01-09T04:33:31+00:00",
"score": -15,
"self_url": "http://benjaminrosshoffman.com/comments/feed/",
"site_name": "Compass Rose",
"site_url": "http://benjaminrosshoffman.com",
"title": "Comments for Compass Rose",
"url": "http://benjaminrosshoffman.com/comments/feed/",
"velocity": 0.312,
"version": "rss20"
}

View File

@@ -1,21 +0,0 @@
{
"bozo": 0,
"content_length": 56666,
"content_type": "application/rss+xml; charset=utf-8",
"description": "Cory Doctorow's Literary Works",
"favicon": "https://craphound.com/favicon.ico",
"hubs": [],
"is_podcast": true,
"is_push": false,
"item_count": 20,
"last_seen": "2023-01-11T12:55:10.545856+00:00",
"last_updated": "2022-12-12T14:46:35+00:00",
"score": 12,
"self_url": "https://craphound.com/feed/",
"site_name": "Cory Doctorow's craphound.com | Cory Doctorow's Literary Works",
"site_url": "https://craphound.com",
"title": "Cory Doctorow's craphound.com",
"url": "https://craphound.com/feed/",
"velocity": 0.069,
"version": "rss20"
}

View File

@@ -1,21 +0,0 @@
{
"bozo": 0,
"content_length": 227480,
"content_type": "application/xml; charset=utf-8",
"description": "True stories from the dark side of the Internet",
"favicon": "https://darknetdiaries.com/imgs/favicon.png",
"hubs": [],
"is_podcast": true,
"is_push": false,
"item_count": 131,
"last_seen": "2023-01-11T14:49:53.136566+00:00",
"last_updated": "2022-12-27T08:00:00+00:00",
"score": 20,
"self_url": "https://darknetdiaries.com/feedfree.xml",
"site_name": "Darknet Diaries True stories from the dark side of the Internet.",
"site_url": "https://darknetdiaries.com",
"title": "Darknet Diaries (ad free)",
"url": "https://darknetdiaries.com/feedfree.xml",
"velocity": 0.067,
"version": "rss20"
}

View File

@@ -1,6 +1,6 @@
{
"bozo": 0,
"content_length": 66775,
"content_length": 27184,
"content_type": "application/rss+xml; charset=utf-8",
"description": "The Library of Economics and Liberty",
"favicon": null,
@@ -9,13 +9,13 @@
"is_push": false,
"item_count": 10,
"last_seen": "2023-01-11T10:46:38.526754+00:00",
"last_updated": "2023-01-10T05:21:31+00:00",
"score": 14,
"self_url": "https://www.econlib.org/feed/",
"site_name": "Econlib",
"site_url": "https://www.econlib.org",
"title": "Econlib",
"url": "https://www.econlib.org/feed/",
"velocity": 2.549,
"last_updated": "2023-01-09T11:30:25+00:00",
"score": -18,
"self_url": "http://www.econtalk.org/feed/",
"site_name": null,
"site_url": null,
"title": "EconTalk Podcast Econlib",
"url": "http://www.econtalk.org/feed/",
"velocity": 0.143,
"version": "rss20"
}

View File

@@ -1,21 +0,0 @@
{
"bozo": 0,
"content_length": 27185,
"content_type": "application/rss+xml; charset=utf-8",
"description": "The Library of Economics and Liberty",
"favicon": null,
"hubs": [],
"is_podcast": false,
"is_push": false,
"item_count": 10,
"last_seen": "2023-01-11T13:05:47.318206+00:00",
"last_updated": "2023-01-09T11:30:25+00:00",
"score": 14,
"self_url": "https://www.econtalk.org/feed/",
"site_name": null,
"site_url": null,
"title": "EconTalk Podcast Econlib",
"url": "https://www.econtalk.org/feed",
"velocity": 0.143,
"version": "rss20"
}

View File

@@ -1,21 +0,0 @@
{
"bozo": 0,
"content_length": 429348,
"content_type": "application/rss+xml; charset=utf-8",
"description": "The world's most famous whistleblower writes from exile on the intersection of technology, humanity, and power.",
"favicon": "https://bucketeer-e05bbc84-baa3-437e-9518-adb32be77984.s3.amazonaws.com/public/images/2a7d3aa2-3c2f-4196-ab7c-31541be1272e/favicon.ico",
"hubs": [],
"is_podcast": true,
"is_push": false,
"item_count": 16,
"last_seen": "2023-01-11T12:32:02.320483+00:00",
"last_updated": "2022-09-20T13:03:59+00:00",
"score": 14,
"self_url": "https://edwardsnowden.substack.com/feed",
"site_name": "Continuing Ed — with Edward Snowden",
"site_url": "https://edwardsnowden.substack.com",
"title": "Continuing Ed — with Edward Snowden",
"url": "https://edwardsnowden.substack.com/feed",
"velocity": 0.032,
"version": "rss20"
}

View File

@@ -1,21 +0,0 @@
{
"bozo": 0,
"content_length": 281377,
"content_type": "text/xml; charset=utf-8",
"description": "Matrix Live, now as an audio podcast",
"favicon": "https://feed.podbean.com/favicon.ico",
"hubs": [],
"is_podcast": true,
"is_push": false,
"item_count": 100,
"last_seen": "2023-01-11T15:54:24.440541+00:00",
"last_updated": "2023-01-06T16:45:00+00:00",
"score": 18,
"self_url": "https://feed.podbean.com/matrixlive/feed.xml",
"site_name": null,
"site_url": "https://feed.podbean.com",
"title": "Matrix Live",
"url": "https://feed.podbean.com/matrixlive/feed.xml",
"velocity": 0.12,
"version": "rss20"
}

View File

@@ -1,23 +0,0 @@
{
"bozo": 0,
"content_length": 1600578,
"content_type": "application/xml; charset=utf-8",
"description": "Design is everywhere in our lives, perhaps most importantly in the places where we've just stopped noticing. 99% Invisible is a weekly exploration of the process and power of design and architecture. From award winning producer Roman Mars. Learn more at 99percentinvisible.org.",
"favicon": null,
"hubs": [
"https://simplecast.superfeedr.com/"
],
"is_podcast": true,
"is_push": true,
"item_count": 577,
"last_seen": "2023-01-11T15:25:01.536556+00:00",
"last_updated": "2023-01-10T23:46:05+00:00",
"score": 4,
"self_url": "https://feeds.simplecast.com/BqbsxVfO",
"site_name": null,
"site_url": null,
"title": "99% Invisible",
"url": "https://feeds.simplecast.com/BqbsxVfO",
"velocity": 0.128,
"version": "rss20"
}

View File

@@ -1,23 +0,0 @@
{
"bozo": 0,
"content_length": 1505641,
"content_type": "text/xml; charset=utf-8",
"description": "<p>Unusually in-depth conversations about the world's most pressing problems and what you can do to solve them.<br /></p>",
"favicon": null,
"hubs": [
"https://pubsubhubbub.appspot.com/"
],
"is_podcast": true,
"is_push": true,
"item_count": 181,
"last_seen": "2023-01-11T13:29:43.501516+00:00",
"last_updated": "2023-01-09T22:57:00+00:00",
"score": 14,
"self_url": "https://feeds.backtracks.fm/feeds/80000hours/80000-hours-podcast-with-rob-wiblin/feed.xml",
"site_name": null,
"site_url": null,
"title": "80,000 Hours Podcast with Rob Wiblin",
"url": "https://feeds.feedburner.com/80000HoursPodcast",
"velocity": 0.087,
"version": "rss20"
}

View File

@@ -1,21 +0,0 @@
{
"bozo": 0,
"content_length": 23712,
"content_type": "text/xml; charset=utf-8",
"description": "This isn't academic history (and Carlin isn't a historian) but the podcast's unique blend of high drama, masterful narration and Twilight Zone-style twists has entertained millions of listeners.",
"favicon": null,
"hubs": [],
"is_podcast": true,
"is_push": false,
"item_count": 13,
"last_seen": "2023-01-11T15:05:34.359948+00:00",
"last_updated": "2022-03-06T19:08:44+00:00",
"score": 2,
"self_url": "https://feeds.feedburner.com/dancarlin/history?format=xml",
"site_name": null,
"site_url": null,
"title": "Dan Carlin's Hardcore History",
"url": "https://feeds.feedburner.com/dancarlin/history",
"velocity": 0.005,
"version": "rss20"
}

View File

@@ -1,21 +0,0 @@
{
"bozo": 0,
"content_length": 62633,
"content_type": "text/xml; charset=utf-8",
"description": "Articles, speeches, stories and novels by an award-winning science fiction writer, read aloud in small regular chunks",
"favicon": null,
"hubs": [],
"is_podcast": true,
"is_push": false,
"item_count": 20,
"last_seen": "2023-01-11T12:57:50.103797+00:00",
"last_updated": "2022-12-12T14:46:35+00:00",
"score": 4,
"self_url": "https://craphound.com/category/podcast/feed/",
"site_name": null,
"site_url": null,
"title": "Podcast Cory Doctorow's craphound.com",
"url": "https://feeds.feedburner.com/doctorow_podcast",
"velocity": 0.068,
"version": "rss20"
}

View File

@@ -1,21 +0,0 @@
{
"bozo": 0,
"content_length": 1315558,
"content_type": "text/xml; charset=utf-8",
"description": "Radiolab",
"favicon": null,
"hubs": [],
"is_podcast": true,
"is_push": false,
"item_count": 150,
"last_seen": "2023-01-11T15:01:17.273650+00:00",
"last_updated": "2023-01-06T15:00:00+00:00",
"score": 4,
"self_url": "https://www.wnycstudios.org/feeds/series/podcasts",
"site_name": null,
"site_url": null,
"title": "Radiolab",
"url": "https://feeds.feedburner.com/radiolab",
"velocity": 0.139,
"version": "rss20"
}

View File

@@ -1,21 +0,0 @@
{
"bozo": 0,
"content_length": 2976783,
"content_type": "application/xml; charset=utf-8",
"description": "A business show about big ideas — and other problems.",
"favicon": null,
"hubs": [],
"is_podcast": true,
"is_push": false,
"item_count": 660,
"last_seen": "2023-01-11T15:51:13.652417+00:00",
"last_updated": "2023-01-10T10:00:00+00:00",
"score": 14,
"self_url": "https://feeds.megaphone.fm/recodedecode",
"site_name": null,
"site_url": null,
"title": "Decoder with Nilay Patel",
"url": "https://feeds.megaphone.fm/recodedecode",
"velocity": 0.24,
"version": "rss20"
}

View File

@@ -1,23 +0,0 @@
{
"bozo": 0,
"content_length": 2940192,
"content_type": "application/xml; charset=utf-8",
"description": "EconTalk: Conversations for the Curious is an award-winning weekly podcast hosted by Russ Roberts of Shalem College in Jerusalem and Stanford's Hoover Institution. The eclectic guest list includes authors, doctors, psychologists, historians, philosophers, economists, and more. Learn how the health care system really works, the serenity that comes from humility, the challenge of interpreting data, how potato chips are made, what it's like to run an upscale Manhattan restaurant, what caused the 2008 financial crisis, the nature of consciousness, and more. EconTalk has been taking the Monday out of Mondays since 2006. All 800+ episodes are available in the archive. Go to EconTalk.org for transcripts, related resources, and comments.",
"favicon": null,
"hubs": [
"https://simplecast.superfeedr.com/"
],
"is_podcast": true,
"is_push": true,
"item_count": 875,
"last_seen": "2023-01-11T14:31:49.308489+00:00",
"last_updated": "2023-01-09T11:30:00+00:00",
"score": 24,
"self_url": "https://feeds.simplecast.com/wgl4xEgL",
"site_name": null,
"site_url": null,
"title": "EconTalk",
"url": "https://feeds.simplecast.com/wgl4xEgL",
"velocity": 0.142,
"version": "rss20"
}

View File

@@ -10,7 +10,7 @@
"is_podcast": true,
"is_push": true,
"item_count": 300,
"last_seen": "2023-01-11T12:40:59.343327+00:00",
"last_seen": "2023-01-08T23:41:32.928322+00:00",
"last_updated": "2022-12-29T17:35:50+00:00",
"score": 20,
"self_url": "https://lexfridman.com/feed/podcast/",

View File

@@ -1,21 +0,0 @@
{
"bozo": 0,
"content_length": 83074,
"content_type": "text/xml; charset=utf-8",
"description": "projects & research",
"favicon": null,
"hubs": [],
"is_podcast": false,
"is_push": false,
"item_count": 14,
"last_seen": "2023-01-11T12:28:34.383284+00:00",
"last_updated": "2021-07-29T05:10:05+00:00",
"score": 14,
"self_url": "https://mg.lol/blog/rss/",
"site_name": null,
"site_url": "https://mg.lol",
"title": "MG",
"url": "https://mg.lol/blog/rss/",
"velocity": 0.004,
"version": "rss20"
}

View File

@@ -1,21 +0,0 @@
{
"bozo": 0,
"content_length": 3568150,
"content_type": "application/rss+xml; charset=utf-8",
"description": "Post Reports",
"favicon": null,
"hubs": [],
"is_podcast": true,
"is_push": false,
"item_count": 1070,
"last_seen": "2023-01-11T14:37:23.650030+00:00",
"last_updated": "2023-01-10T21:40:40+00:00",
"score": 14,
"self_url": "https://podcast.posttv.com/itunes/post-reports.xml",
"site_name": null,
"site_url": null,
"title": "Post Reports",
"url": "https://podcast.posttv.com/itunes/post-reports.xml",
"velocity": 0.711,
"version": "rss20"
}

View File

@@ -1,23 +0,0 @@
{
"bozo": 0,
"content_length": 862917,
"content_type": "application/atom+xml; charset=utf-8",
"description": "Computer history, restoring vintage computers, IC reverse engineering, and whatever",
"favicon": "https://www.blogger.com/about/favicon/favicon.ico",
"hubs": [
"http://pubsubhubbub.appspot.com/"
],
"is_podcast": false,
"is_push": true,
"item_count": 25,
"last_seen": "2023-01-11T12:29:19.820378+00:00",
"last_updated": "2023-01-10T18:21:20.265000+00:00",
"score": -2,
"self_url": "https://www.blogger.com/feeds/6264947694886887540/posts/default",
"site_name": "Blogger.com - Create a unique and beautiful blog easily.",
"site_url": "https://www.blogger.com",
"title": "Ken Shirriff's blog",
"url": "https://www.blogger.com/feeds/6264947694886887540/posts/default",
"velocity": 0.12,
"version": "atom10"
}

View File

@@ -1,21 +0,0 @@
{
"bozo": 0,
"content_length": 550915,
"content_type": "application/xml; charset=utf-8",
"description": "The show that looks at the way technology is changing our economies, societies and daily lives.",
"favicon": null,
"hubs": [],
"is_podcast": true,
"is_push": false,
"item_count": 160,
"last_seen": "2023-01-11T15:31:40.303733+00:00",
"last_updated": "2022-11-22T05:00:36+00:00",
"score": 10,
"self_url": "https://feeds.acast.com/public/shows/125ef5a6-6c61-4024-b70e-3487a971a26c",
"site_name": null,
"site_url": null,
"title": "FT Tech Tonic",
"url": "https://feeds.acast.com/public/shows/125ef5a6-6c61-4024-b70e-3487a971a26c",
"velocity": 0.072,
"version": "rss20"
}

View File

@@ -1,21 +0,0 @@
{
"bozo": 0,
"content_length": 1041745,
"content_type": "application/rss+xml; charset=utf-8",
"description": "<p>Get the best reporting and storytelling on television from 60 Minutes - on your schedule. Now you can listen to the show in its entirety every week. 60 Minutes is the most successful broadcast in television history with more than 80 Emmys under its belt. 60 Minutes offers unbiased reporting on politics, in-depth investigations and important adventures from around the world- like no one else. </p>",
"favicon": "https://rss.art19.com/favicon.ico",
"hubs": [],
"is_podcast": true,
"is_push": false,
"item_count": 374,
"last_seen": "2023-01-11T15:45:07.189940+00:00",
"last_updated": "2023-01-09T03:00:00+00:00",
"score": 18,
"self_url": "https://rss.art19.com/60-minutes",
"site_name": null,
"site_url": "https://rss.art19.com",
"title": "60 Minutes",
"url": "https://rss.art19.com/60-minutes",
"velocity": 0.082,
"version": "rss20"
}

View File

@@ -1,21 +0,0 @@
{
"bozo": 0,
"content_length": 235911,
"content_type": "application/xml; charset=utf-8",
"description": "<p>The Portal is an exploration into discovery, including conversations with thought leaders. Host Eric Weinstein, Managing Director of Thiel Capital, brings his unique expertise and diverse roster of guests for a wide range of discussions, including science, culture, business, and capitalism. The show will feature people whose lives demonstrate that portals into what we would normally consider impossible, are indeed possible.&nbsp;&nbsp;Guests include presidential candidate Andrew Yang, NY Times bestselling author Sam Harris, and retired Navy Seal and creator of the hit business podcast Jocko Willink.</p>",
"favicon": null,
"hubs": [],
"is_podcast": true,
"is_push": false,
"item_count": 44,
"last_seen": "2023-01-11T14:47:44.995855+00:00",
"last_updated": "2020-12-02T07:50:55+00:00",
"score": -12,
"self_url": "https://www.omnycontent.com/d/playlist/9b7dacdf-a925-4f95-84dc-ac46003451ff/1713c520-edb6-43a3-b1b9-acb8002fdae7/58e33a0c-f86b-41c5-a11c-acb8002fdaf5/podcast.rss",
"site_name": null,
"site_url": null,
"title": "The Portal",
"url": "https://www.omnycontent.com/d/playlist/9b7dacdf-a925-4f95-84dc-ac46003451ff/1713c520-edb6-43a3-b1b9-acb8002fdae7/58e33a0c-f86b-41c5-a11c-acb8002fdaf5/podcast.rss",
"velocity": 0.082,
"version": "rss20"
}

View File

@@ -1,21 +0,0 @@
{
"bozo": 0,
"content_length": 1462485,
"content_type": "text/xml; charset=utf-8",
"description": "Michael Malice brings his unique perspective and plenty of sick burns as he discusses everything from north Korea to American politics and culture with a bevy of guests.",
"favicon": null,
"hubs": [],
"is_podcast": true,
"is_push": false,
"item_count": 238,
"last_seen": "2023-01-11T15:58:45.264936+00:00",
"last_updated": "2023-01-04T10:40:00+00:00",
"score": -10,
"self_url": "http://origin.podcastone.com/podcast?categoryID2=2232",
"site_name": null,
"site_url": null,
"title": "\"YOUR WELCOME\" with Michael Malice",
"url": "https://www.podcastone.com/podcast?categoryID2=2232",
"velocity": 0.141,
"version": "rss20"
}

View File

@@ -1,21 +0,0 @@
{
"bozo": 0,
"content_length": 809084,
"content_type": "application/xml+rss; charset=utf-8",
"description": "A show that cuts through all the political drivel and media misinformation to give you a straight take on one big news story of the week.",
"favicon": null,
"hubs": [],
"is_podcast": true,
"is_push": false,
"item_count": 217,
"last_seen": "2023-01-11T13:40:50.240217+00:00",
"last_updated": "2023-01-06T10:37:50+00:00",
"score": 16,
"self_url": "https://feeds.acast.com/public/shows/1d1223a2-9d05-473b-9e79-c2b65b71d676",
"site_name": null,
"site_url": null,
"title": "Deconstructed",
"url": "https://rss.prod.firstlook.media/deconstructed/podcast.rss",
"velocity": 0.122,
"version": "rss20"
}

View File

@@ -1,21 +0,0 @@
{
"bozo": 0,
"content_length": 1034995,
"content_type": "application/xml+rss; charset=utf-8",
"description": "The people behind The Intercepts fearless reporting and incisive commentary discuss the crucial issues of our time.",
"favicon": null,
"hubs": [],
"is_podcast": true,
"is_push": false,
"item_count": 243,
"last_seen": "2023-01-11T14:04:41.283509+00:00",
"last_updated": "2022-12-21T10:30:43+00:00",
"score": 16,
"self_url": "https://feeds.acast.com/public/shows/f5b64019-68c3-57d4-b70b-043e63e5cbf6",
"site_name": null,
"site_url": null,
"title": "Intercepted",
"url": "https://rss.prod.firstlook.media/intercepted/podcast.rss",
"velocity": 0.112,
"version": "rss20"
}

View File

@@ -1,21 +0,0 @@
{
"bozo": 0,
"content_length": 3905927,
"content_type": "application/rss+xml; charset=utf-8",
"description": "The official audio version of Astral Codex Ten, with an archive of posts from Slate Star Codex. It's just me reading Scott Alexander's blog posts.",
"favicon": null,
"hubs": [],
"is_podcast": true,
"is_push": false,
"item_count": 739,
"last_seen": "2023-01-11T11:05:40.604126+00:00",
"last_updated": "2023-01-11T05:13:00+00:00",
"score": 18,
"self_url": "https://sscpodcast.libsyn.com/rss",
"site_name": "Astral Codex Ten Podcast",
"site_url": "https://sscpodcast.libsyn.com",
"title": "Astral Codex Ten Podcast",
"url": "https://sscpodcast.libsyn.com/rss",
"velocity": 0.384,
"version": "rss20"
}

View File

@@ -1,21 +0,0 @@
{
"bozo": 1,
"content_length": 178687,
"content_type": "text/xml; charset=utf-8",
"description": null,
"favicon": null,
"hubs": [],
"is_podcast": false,
"is_push": false,
"item_count": 6,
"last_seen": "2023-01-11T10:51:13.435393+00:00",
"last_updated": "2022-10-13T00:00:00+00:00",
"score": -4,
"self_url": "https://uninsane.org/atom.xml",
"site_name": "Perfectly Sane",
"site_url": "https://uninsane.org",
"title": "Perfectly Sane",
"url": "https://uninsane.org/atom.xml",
"velocity": 0.025,
"version": "atom10"
}

View File

@@ -1,21 +0,0 @@
{
"bozo": 0,
"content_length": 825822,
"content_type": "application/rss+xml; charset=utf-8",
"description": "Join neuroscientist, philosopher, and best-selling author Sam Harris as he explores questions about the human mind, society, and current events.",
"favicon": null,
"hubs": [],
"is_podcast": true,
"is_push": false,
"item_count": 326,
"last_seen": "2023-01-11T15:13:28.154435+00:00",
"last_updated": "2023-01-05T18:36:25+00:00",
"score": 18,
"self_url": "https://wakingup.libsyn.com/rss",
"site_name": "Making Sense with Sam Harris",
"site_url": "https://wakingup.libsyn.com",
"title": "Making Sense with Sam Harris",
"url": "https://wakingup.libsyn.com/rss",
"velocity": 0.096,
"version": "rss20"
}

View File

@@ -5,11 +5,20 @@
org.uninsane = rec {
root = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOfdSmFkrVT6DhpgvFeQKm3Fh9VKZ9DbLYOPOJWYQ0E8";
git.root = root;
};
com.github = {
# documented here: <https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/githubs-ssh-key-fingerprints>
# Github actually uses multiple keys -- one per format
root = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl";
local = {
# machine aliases i specify on my lan; not actually asserted as DNS
desko.colin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPU5GlsSfbaarMvDA20bxpSZGWviEzXGD8gtrIowc1pX";
desko.root = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFw9NoRaYrM6LbDd3aFBc4yyBlxGQn8HjeHd/dZ3CfHk";
lappy.colin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDpmFdNSVPRol5hkbbCivRhyeENzb9HVyf9KutGLP2Zu";
lappy.root = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILSJnqmVl9/SYQ0btvGb0REwwWY8wkdkGXQZfn/1geEc";
moby.colin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICrR+gePnl0nV/vy7I5BzrGeyVL+9eOuXHU1yNE3uCwU";
moby.root = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1N/IT3nQYUD+dBlU1sTEEVMxfOyMkrrDeyHcYgnJvw";
servo.colin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPS1qFzKurAdB9blkWomq8gI1g0T3sTs9LsmFOj5VtqX";
servo.root = root;
};
};
}

View File

@@ -1,4 +1,4 @@
{ lib, sane-data, ... }:
{ lib, ... }:
with lib;
let
@@ -16,10 +16,6 @@ let
type = types.enum [ "text" "image" "podcast" ];
default = "text";
};
title = mkOption {
type = types.nullOr types.str;
default = null;
};
url = mkOption {
type = types.str;
description = ''

Some files were not shown because too many files have changed in this diff Show More