WIP

flake.lock

@@ -177,11 +177,11 @@
     "flake-compat": {
       "flake": false,
       "locked": {
-        "lastModified": 1696426674,
-        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
+        "lastModified": 1733328505,
+        "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
         "owner": "edolstra",
         "repo": "flake-compat",
-        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
+        "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
         "type": "github"
       },
       "original": {
@@ -209,11 +209,11 @@
     "flake-compat_3": {
       "flake": false,
       "locked": {
-        "lastModified": 1673956053,
-        "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
+        "lastModified": 1696426674,
+        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
         "owner": "edolstra",
         "repo": "flake-compat",
-        "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
+        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
         "type": "github"
       },
       "original": {
@@ -239,6 +239,22 @@
       }
     },
     "flake-compat_5": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1673956053,
+        "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
+    "flake-compat_6": {
       "locked": {
         "lastModified": 1688025799,
         "narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=",
@@ -253,7 +269,7 @@
         "type": "github"
       }
     },
-    "flake-compat_6": {
+    "flake-compat_7": {
       "locked": {
         "lastModified": 1696426674,
         "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
@@ -267,7 +283,7 @@
         "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
       }
     },
-    "flake-compat_7": {
+    "flake-compat_8": {
       "locked": {
         "lastModified": 1696426674,
         "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
@@ -327,7 +343,7 @@
     },
     "flake-utils": {
       "inputs": {
-        "systems": "systems"
+        "systems": "systems_2"
       },
       "locked": {
         "lastModified": 1731533236,
@@ -345,7 +361,7 @@
     },
     "flake-utils_2": {
       "inputs": {
-        "systems": "systems_2"
+        "systems": "systems_3"
       },
       "locked": {
         "lastModified": 1731533236,
@@ -363,7 +379,7 @@
     },
     "flake-utils_3": {
       "inputs": {
-        "systems": "systems_3"
+        "systems": "systems_4"
       },
       "locked": {
         "lastModified": 1731533236,
@@ -931,7 +947,7 @@
     },
     "nix-search-cli": {
       "inputs": {
-        "flake-compat": "flake-compat_3",
+        "flake-compat": "flake-compat_4",
         "flake-utils": [
           "shelvacu",
           "flake-utils"
@@ -958,7 +974,7 @@
     },
     "nix-search-cli-unstable": {
       "inputs": {
-        "flake-compat": "flake-compat_4",
+        "flake-compat": "flake-compat_5",
         "flake-utils": [
           "shelvacu",
           "flake-utils"
@@ -985,7 +1001,7 @@
     },
     "nixos-apple-silicon-unstable": {
       "inputs": {
-        "flake-compat": "flake-compat_5",
+        "flake-compat": "flake-compat_6",
         "nixpkgs": [
           "shelvacu",
           "nixpkgs-unstable"
@@ -1085,6 +1101,22 @@
       }
     },
     "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1744502386,
+        "narHash": "sha256-QAd1L37eU7ktL2WeLLLTmI6P9moz9+a/ONO8qNBYJgM=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "f6db44a8daa59c40ae41ba6e5823ec77fe0d2124",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_3": {
       "locked": {
         "lastModified": 1733348545,
         "narHash": "sha256-b4JrUmqT0vFNx42aEN9LTWOHomkTKL/ayLopflVf81U=",
@@ -1102,7 +1134,7 @@
     "nixvim": {
       "inputs": {
         "devshell": "devshell",
-        "flake-compat": "flake-compat_6",
+        "flake-compat": "flake-compat_7",
         "flake-parts": "flake-parts",
         "git-hooks": "git-hooks",
         "home-manager": [
@@ -1135,7 +1167,7 @@
     "nixvim-unstable": {
       "inputs": {
         "devshell": "devshell_2",
-        "flake-compat": "flake-compat_7",
+        "flake-compat": "flake-compat_8",
         "flake-parts": "flake-parts_2",
         "git-hooks": "git-hooks_2",
         "home-manager": [
@@ -1362,9 +1394,29 @@
         "type": "github"
       }
     },
-    "purescript-overlay": {
+    "phps": {
       "inputs": {
         "flake-compat": "flake-compat",
+        "nixpkgs": "nixpkgs_2",
+        "utils": "utils"
+      },
+      "locked": {
+        "lastModified": 1744610086,
+        "narHash": "sha256-weX7WoOM/Gn8aIO81dgA94Msalch6nUpjssIJOPuWK8=",
+        "owner": "fossar",
+        "repo": "nix-phps",
+        "rev": "931af19caf5fbe50ea8b568c2fbfa1c8b35174e8",
+        "type": "github"
+      },
+      "original": {
+        "owner": "fossar",
+        "repo": "nix-phps",
+        "type": "github"
+      }
+    },
+    "purescript-overlay": {
+      "inputs": {
+        "flake-compat": "flake-compat_2",
         "nixpkgs": [
           "shelvacu",
           "nix-inspect",
@@ -1390,7 +1442,7 @@
     },
     "purescript-overlay_2": {
       "inputs": {
-        "flake-compat": "flake-compat_2",
+        "flake-compat": "flake-compat_3",
         "nixpkgs": [
           "shelvacu",
           "nix-inspect-unstable",
@@ -1451,6 +1503,7 @@
     "root": {
       "inputs": {
         "nixpkgs": "nixpkgs",
+        "phps": "phps",
         "shelvacu": "shelvacu"
       }
     },
@@ -1548,7 +1601,7 @@
         "nix-search-cli-unstable": "nix-search-cli-unstable",
         "nixos-apple-silicon-unstable": "nixos-apple-silicon-unstable",
         "nixos-hardware": "nixos-hardware",
-        "nixpkgs": "nixpkgs_2",
+        "nixpkgs": "nixpkgs_3",
         "nixpkgs-unstable": "nixpkgs-unstable",
         "nixvim": "nixvim",
         "nixvim-unstable": "nixvim-unstable",
@@ -1704,6 +1757,21 @@
         "type": "github"
       }
     },
+    "systems_4": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
     "treefmt": {
       "inputs": {
         "nixpkgs": [
@@ -1815,6 +1883,24 @@
         "type": "github"
       }
     },
+    "utils": {
+      "inputs": {
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
     "vscode-server": {
       "inputs": {
         "flake-utils": [

flake.nix

@@ -4,6 +4,7 @@
   inputs = {
     nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11";
     shelvacu.url = "git+https://git.uninsane.org/shelvacu/nix-stuff";
+    phps.url = "github:fossar/nix-phps";
   };
 
   outputs = { self, nixpkgs, ... }@inputs:

hosts/marauder/backup.nix

@@ -33,9 +33,12 @@
       repository = "b2:marauder-backup";
       passwordFile = "/etc/restic-password";
       paths = [
-        "${config.users.users.nettika.home}/Documents"
         "${config.users.users.nettika.home}/Artwork"
+        "${config.users.users.nettika.home}/Documents"
+        "${config.users.users.nettika.home}/Music"
+        "${config.users.users.nettika.home}/Pictures"
         "${config.users.users.nettika.home}/Projects"
+        "${config.users.users.nettika.home}/Videos"
       ];
       pruneOpts = [
         "--keep-daily 7"

hosts/marauder/default.nix

@@ -6,6 +6,7 @@
     self.nixosModules.zerotier
     ./backup.nix
     ./dev.nix
+    ./www.nix
     ./printing.nix
   ];
 
@@ -48,18 +49,21 @@
   hardware = {
     enableRedistributableFirmware = true;
     cpu.amd.updateMicrocode = true;
-    opengl = {
+    graphics = {
       enable = true;
-      driSupport32Bit = true;
+      enable32Bit = true;
       extraPackages = [ pkgs.vaapiVdpau ];
     };
-    nvidia.prime = {
-      offload = {
-        enable = true;
-        enableOffloadCmd = true;
+    nvidia = {
+      open = true;
+      prime = {
+        offload = {
+          enable = true;
+          enableOffloadCmd = true;
+        };
+        amdgpuBusId = "PCI:05:00:0";
+        nvidiaBusId = "PCI:01:00:0";
       };
-      amdgpuBusId = "PCI:05:00:0";
-      nvidiaBusId = "PCI:01:00:0";
     };
   };
 
@@ -72,12 +76,13 @@
       slack
       element-desktop
       telegram-desktop
+      signal-desktop
 
       # Browsers
       firefox
       filezilla
 
-      # Art and 3D
+      # Creative
       inkscape
       gimp
       krita

hosts/marauder/dev.nix

@@ -5,16 +5,30 @@
   };
 
   environment.systemPackages = with pkgs; [
+    # Code Editors
     vscode
-    kotlin
-    rustup
-    pyenv
-    gcc
+    arduino-ide
+
+    # Dev Tools
     nixd
     nixpkgs-fmt
+    pyenv
+    rustup
+    electron-fiddle
+    electron
+
+    # Languages
+    gcc
+    kotlin
+    nodejs
+    php
   ];
 
   programs.direnv = {
     enable = true;
   };
+
+  nixpkgs.config.permittedInsecurePackages = [
+    "electron-24.8.6"
+  ];
 }

hosts/marauder/www.nix

@@ -0,0 +1,26 @@
+{ pkgs, inputs, ... }:
+let
+  fortune = pkgs.writeShellScript "cgi" ''
+    echo "Content-type: text/html"
+    echo ""
+    ${pkgs.fortune}/bin/fortune
+  '';
+in {
+  services.mysql = {
+    enable = true;
+    package = pkgs.mariadb;
+  };
+
+  services.httpd = {
+    enable = true;
+    enablePHP = true;
+    phpPackage = inputs.phps.packages.x86_64-linux.php80;
+    extraConfig = ''
+      ScriptAlias /fortune ${fortune}/bin/fortune
+    '';
+    virtualHosts."localhost" = {
+      documentRoot = "/var/www";
+      locations."/".index = "index.html index.php";
+    };
+  };
+}

hosts/monolith/default.nix

@@ -6,6 +6,8 @@
     self.nixosModules.server
     self.nixosModules.zerotier
     ./dns.nix
+    ./memos.nix
+    ./vault.nix
   ];
 
   networking = {
@@ -48,7 +50,6 @@
     rustup
     gcc
     (callPackage ../marauder/ffcheck.nix { })
-    htop
     mp3val
   ];
 

hosts/monolith/memos.nix

@@ -0,0 +1,45 @@
+{ pkgs, ... }:
+{
+  users.users = {
+    memos = {
+      isSystemUser = true;
+      group = "memos";
+    };
+  };
+
+  users.groups = {
+    memos = { };
+  };
+
+  environment.systemPackages = [ pkgs.memos ];
+
+  systemd.tmpfiles.settings = {
+    memosDirs = {
+      "/var/opt/memos".d = {
+        mode = "700";
+        user = "memos";
+        group = "memos";
+      };
+    };
+  };
+
+  # systemd.services = {
+  #   memos = {
+  #     description = "Memos Note-taking Server";
+  #     wantedBy = [ "multi-user.target" ];
+  #     after = [ "network.target" ];
+  #     serviceConfig = {
+  #       Type = "simple";
+  #       User = "memos";
+  #       WorkingDirectory = "/var/opt/memos";
+  #       ExecStart = "${pkgs.memos}/bin/memos --data /var/opt/memos --port 5230";
+  #       Restart = "on-failure";
+  #       TimeoutSec = 15;
+  #     };
+  #   };
+  # };
+
+  networking.firewall = {
+    allowedTCPPorts = [ 5230 ];
+  };
+}

hosts/monolith/vault.nix

@@ -0,0 +1,20 @@
+{ secrets, ... }:
+{
+  services.vaultwarden = {
+    enable = true;
+    config = {
+      domain = "https://vault.leaf.ninja";
+      signupsAllowed = false;
+      rocketAddress = "0.0.0.0";
+      rocketPort = 8222;
+      smtpHost = "smtp.migadu.com";
+      smtpFrom = "vaultwarden@leaf.ninja";
+      smtpPort = 587;
+      smtpSecurity = "starttls";
+      smtpUsername = "vaultwarden@leaf.ninja";
+      smtpPassword = secrets.vaultwarden.smtpPassword;
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [ 8222 ];
+}

modules/common.nix

@@ -4,14 +4,27 @@
 
   nix.settings = {
     experimental-features = [ "nix-command" "flakes" ];
-    substituters = [ "https://nixcache.shelvacu.com" ];
-    trusted-public-keys = [ "nixcache.shelvacu.com:73u5ZGBpPRoVZfgNJQKYYBt9K9Io/jPwgUfuOLsJbsM=" ];
+    substituters = [
+      "https://nixcache.shelvacu.com"
+      "https://fossar.cachix.org"
+    ];
+    trusted-public-keys = [
+      "fossar.cachix.org-1:Zv6FuqIboeHPWQS7ysLCJ7UT7xExb4OE8c4LyGb5AsE="
+      "nixcache.shelvacu.com:73u5ZGBpPRoVZfgNJQKYYBt9K9Io/jPwgUfuOLsJbsM="
+    ];
     trusted-users = [ "@wheel" ];
   };
 
+  nix.gc = {
+    automatic = true;
+    dates = "weekly";
+    options = "--delete-older-than 30d";
+  };
+
   users.users.nettika = {
     isNormalUser = true;
     extraGroups = [ "wheel" "networkmanager" ];
+    shell = pkgs.fish;
   };
 
   security.sudo.wheelNeedsPassword = false;
@@ -41,8 +54,13 @@
     '';
   };
 
+  programs.fish = {
+    enable = true;
+  };
+
   environment.systemPackages = with pkgs; [
     git-crypt
+    htop
     jq
   ];
 }

modules/prompt.nix

@@ -7,4 +7,24 @@
   config.programs.bash.promptInit = ''
     PS1="\[\e]0;\u@\h: \w\a\]\n${config.promptEmoji} \[\033[1;$((UID ? 32 : 31))m\]\w \\$\[\033[0m\] "
   '';
+
+  config.programs.fish = {
+    promptInit = ''
+      function fish_prompt
+        echo -n '${config.promptEmoji} '
+        set_color brgreen
+        echo -n (prompt_pwd)
+        set_color normal
+        echo -n ' > '
+      end
+      function fish_right_prompt
+        set_color bryellow
+        echo -n (git branch --show-current 2>/dev/null)
+      end
+    '';
+    shellInit = ''
+      set -g fish_greeting
+      set -g fish_prompt_pwd_full_dirs 999
+    '';
+  };
 }