WIP

flake.nix

@@ -2,8 +2,9 @@
   description = "Nettika's NixOS Configurations";
 
   inputs = {
-    nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05";
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11";
     shelvacu.url = "git+https://git.uninsane.org/shelvacu/nix-stuff";
+    phps.url = "github:fossar/nix-phps";
   };
 
   outputs = { self, nixpkgs, ... }@inputs:

hosts/marauder/backup.nix

@@ -33,9 +33,12 @@
       repository = "b2:marauder-backup";
       passwordFile = "/etc/restic-password";
       paths = [
-        "${config.users.users.nettika.home}/Documents"
         "${config.users.users.nettika.home}/Artwork"
+        "${config.users.users.nettika.home}/Documents"
+        "${config.users.users.nettika.home}/Music"
+        "${config.users.users.nettika.home}/Pictures"
         "${config.users.users.nettika.home}/Projects"
+        "${config.users.users.nettika.home}/Videos"
       ];
       pruneOpts = [
         "--keep-daily 7"

hosts/marauder/default.nix

@@ -6,6 +6,7 @@
     self.nixosModules.zerotier
     ./backup.nix
     ./dev.nix
+    ./www.nix
     ./printing.nix
   ];
 
@@ -48,18 +49,21 @@
   hardware = {
     enableRedistributableFirmware = true;
     cpu.amd.updateMicrocode = true;
-    opengl = {
+    graphics = {
       enable = true;
-      driSupport32Bit = true;
+      enable32Bit = true;
       extraPackages = [ pkgs.vaapiVdpau ];
     };
-    nvidia.prime = {
-      offload = {
-        enable = true;
-        enableOffloadCmd = true;
+    nvidia = {
+      open = true;
+      prime = {
+        offload = {
+          enable = true;
+          enableOffloadCmd = true;
+        };
+        amdgpuBusId = "PCI:05:00:0";
+        nvidiaBusId = "PCI:01:00:0";
       };
-      amdgpuBusId = "PCI:05:00:0";
-      nvidiaBusId = "PCI:01:00:0";
     };
   };
 
@@ -72,12 +76,13 @@
       slack
       element-desktop
       telegram-desktop
+      signal-desktop
 
       # Browsers
       firefox
       filezilla
 
-      # Art and 3D
+      # Creative
       inkscape
       gimp
       krita
@@ -93,6 +98,9 @@
       obsidian
       intiface-central
       prismlauncher
+      blender
+      mullvad-vpn
+      qbittorrent
     ]);
   };
 
@@ -102,6 +110,19 @@
     dedicatedServer.openFirewall = true;
   };
 
+  programs.ssh.extraConfig = ''
+    Host quasar
+      HostName consortium.chat
+      IdentityFile ~/.ssh/LightsailDefaultKey-us-west-2.pem
+
+    Host monolith
+      HostName 10.243.210.154
+
+    Host fennbox
+      HostName 10.243.109.199
+      User fenn
+  '';
+
   programs.nix-ld = {
     enable = true;
   };

hosts/marauder/dev.nix

@@ -5,16 +5,30 @@
   };
 
   environment.systemPackages = with pkgs; [
+    # Code Editors
     vscode
-    kotlin
-    rustup
-    pyenv
-    gcc
+    arduino-ide
+
+    # Dev Tools
     nixd
     nixpkgs-fmt
+    pyenv
+    rustup
+    electron-fiddle
+    electron
+
+    # Languages
+    gcc
+    kotlin
+    nodejs
+    php
   ];
 
   programs.direnv = {
     enable = true;
   };
+
+  nixpkgs.config.permittedInsecurePackages = [
+    "electron-24.8.6"
+  ];
 }

hosts/marauder/www.nix

@@ -0,0 +1,26 @@
+{ pkgs, inputs, ... }:
+let
+  fortune = pkgs.writeShellScript "cgi" ''
+    echo "Content-type: text/html"
+    echo ""
+    ${pkgs.fortune}/bin/fortune
+  '';
+in {
+  services.mysql = {
+    enable = true;
+    package = pkgs.mariadb;
+  };
+
+  services.httpd = {
+    enable = true;
+    enablePHP = true;
+    phpPackage = inputs.phps.packages.x86_64-linux.php80;
+    extraConfig = ''
+      ScriptAlias /fortune ${fortune}/bin/fortune
+    '';
+    virtualHosts."localhost" = {
+      documentRoot = "/var/www";
+      locations."/".index = "index.html index.php";
+    };
+  };
+}

hosts/monolith/default.nix

@@ -6,11 +6,14 @@
     self.nixosModules.server
     self.nixosModules.zerotier
     ./dns.nix
+    ./memos.nix
+    ./vault.nix
   ];
 
   networking = {
     hostName = "monolith";
     hostId = "44551c32";
+    firewall.allowedTCPPorts = [ 8000 ];
   };
 
   fileSystems = {
@@ -44,7 +47,10 @@
     beets
     flac
     screen
+    rustup
+    gcc
     (callPackage ../marauder/ffcheck.nix { })
+    mp3val
   ];
 
   services.jellyfin = {
@@ -63,6 +69,24 @@
     };
   };
 
+  systemd = {
+    services.reboot = {
+      description = "Reboot the system";
+      serviceConfig = {
+        Type = "oneshot";
+        ExecStart = "${pkgs.systemd}/bin/systemctl reboot";
+      };
+    };
+    timers.reboot = {
+      description = "Reboot the system every two hours";
+      wantedBy = [ "timers.target" ];
+      timerConfig = {
+        OnBootSec = "6h";
+        Persistent = true;
+      };
+    };
+  };
+
   promptEmoji = "🏰";
 
   time.timeZone = "America/Los_Angeles";

hosts/monolith/memos.nix

@@ -0,0 +1,45 @@
+{ pkgs, ... }:
+{
+  users.users = {
+    memos = {
+      isSystemUser = true;
+      group = "memos";
+    };
+  };
+
+  users.groups = {
+    memos = { };
+  };
+
+  environment.systemPackages = [ pkgs.memos ];
+
+  systemd.tmpfiles.settings = {
+    memosDirs = {
+      "/var/opt/memos".d = {
+        mode = "700";
+        user = "memos";
+        group = "memos";
+      };
+    };
+  };
+
+  # systemd.services = {
+  #   memos = {
+  #     description = "Memos Note-taking Server";
+  #     wantedBy = [ "multi-user.target" ];
+  #     after = [ "network.target" ];
+  #     serviceConfig = {
+  #       Type = "simple";
+  #       User = "memos";
+  #       WorkingDirectory = "/var/opt/memos";
+  #       ExecStart = "${pkgs.memos}/bin/memos --data /var/opt/memos --port 5230";
+  #       Restart = "on-failure";
+  #       TimeoutSec = 15;
+  #     };
+  #   };
+  # };
+
+  networking.firewall = {
+    allowedTCPPorts = [ 5230 ];
+  };
+}

hosts/monolith/vault.nix

@@ -0,0 +1,20 @@
+{ secrets, ... }:
+{
+  services.vaultwarden = {
+    enable = true;
+    config = {
+      domain = "https://vault.leaf.ninja";
+      signupsAllowed = false;
+      rocketAddress = "0.0.0.0";
+      rocketPort = 8222;
+      smtpHost = "smtp.migadu.com";
+      smtpFrom = "vaultwarden@leaf.ninja";
+      smtpPort = 587;
+      smtpSecurity = "starttls";
+      smtpUsername = "vaultwarden@leaf.ninja";
+      smtpPassword = secrets.vaultwarden.smtpPassword;
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [ 8222 ];
+}

modules/common.nix

@@ -4,14 +4,27 @@
 
   nix.settings = {
     experimental-features = [ "nix-command" "flakes" ];
-    substituters = [ "https://nixcache.shelvacu.com" ];
-    trusted-public-keys = [ "nixcache.shelvacu.com:73u5ZGBpPRoVZfgNJQKYYBt9K9Io/jPwgUfuOLsJbsM=" ];
+    substituters = [
+      "https://nixcache.shelvacu.com"
+      "https://fossar.cachix.org"
+    ];
+    trusted-public-keys = [
+      "fossar.cachix.org-1:Zv6FuqIboeHPWQS7ysLCJ7UT7xExb4OE8c4LyGb5AsE="
+      "nixcache.shelvacu.com:73u5ZGBpPRoVZfgNJQKYYBt9K9Io/jPwgUfuOLsJbsM="
+    ];
     trusted-users = [ "@wheel" ];
   };
 
+  nix.gc = {
+    automatic = true;
+    dates = "weekly";
+    options = "--delete-older-than 30d";
+  };
+
   users.users.nettika = {
     isNormalUser = true;
     extraGroups = [ "wheel" "networkmanager" ];
+    shell = pkgs.fish;
   };
 
   security.sudo.wheelNeedsPassword = false;
@@ -41,8 +54,13 @@
     '';
   };
 
+  programs.fish = {
+    enable = true;
+  };
+
   environment.systemPackages = with pkgs; [
     git-crypt
+    htop
     jq
   ];
 }

modules/prompt.nix

@@ -7,4 +7,24 @@
   config.programs.bash.promptInit = ''
     PS1="\[\e]0;\u@\h: \w\a\]\n${config.promptEmoji} \[\033[1;$((UID ? 32 : 31))m\]\w \\$\[\033[0m\] "
   '';
+
+  config.programs.fish = {
+    promptInit = ''
+      function fish_prompt
+        echo -n '${config.promptEmoji} '
+        set_color brgreen
+        echo -n (prompt_pwd)
+        set_color normal
+        echo -n ' > '
+      end
+      function fish_right_prompt
+        set_color bryellow
+        echo -n (git branch --show-current 2>/dev/null)
+      end
+    '';
+    shellInit = ''
+      set -g fish_greeting
+      set -g fish_prompt_pwd_full_dirs 999
+    '';
+  };
 }