WIP mautrix-telegram

2024-09-27 21:35:23 -07:00
12 changed files with 316 additions and 568 deletions
--- a/flake.lock
+++ b/flake.lock
--- a/flake.nix
+++ b/flake.nix
@@ -2,7 +2,7 @@
  description = "Nettika's NixOS Configurations";

  inputs = {
-    nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11";
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05";
    shelvacu.url = "git+https://git.uninsane.org/shelvacu/nix-stuff";
  };

--- a/hosts/marauder/backup.nix
+++ b/hosts/marauder/backup.nix
@@ -1,5 +1,11 @@
 { pkgs, config, secrets, ... }:
 {
+  environment.systemPackages = with pkgs; [
+    restic
+    libnotify
+    backblaze-b2
+  ];
+
  systemd.services = {
    notify-backup-b2-failed = {
      description = "Notify on failed backup to B2";
@@ -20,8 +26,8 @@

  environment.etc = {
    "restic-env".text = ''
-      B2_ACCOUNT_ID="${secrets.b2.accountId}"
-      B2_ACCOUNT_KEY="${secrets.b2.accountKey}"
+      export B2_ACCOUNT_ID="${secrets.b2.accountId}"
+      export B2_ACCOUNT_KEY="${secrets.b2.accountKey}"
    '';
    "restic-password".text = secrets.restic.password;
  };
@@ -33,12 +39,9 @@
      repository = "b2:marauder-backup";
      passwordFile = "/etc/restic-password";
      paths = [
-        "${config.users.users.nettika.home}/Artwork"
        "${config.users.users.nettika.home}/Documents"
-        "${config.users.users.nettika.home}/Music"
-        "${config.users.users.nettika.home}/Pictures"
+        "${config.users.users.nettika.home}/Artwork"
        "${config.users.users.nettika.home}/Projects"
-        "${config.users.users.nettika.home}/Videos"
      ];
      pruneOpts = [
        "--keep-daily 7"
--- a/hosts/marauder/default.nix
+++ b/hosts/marauder/default.nix
@@ -9,10 +9,7 @@
    ./printing.nix
  ];

-  networking = {
-    hostName = "marauder";
-    firewall.enable = false;
-  };
+  networking.hostName = "marauder";

  fileSystems = {
    "/" = {
@@ -48,21 +45,18 @@
  hardware = {
    enableRedistributableFirmware = true;
    cpu.amd.updateMicrocode = true;
-    graphics = {
+    opengl = {
      enable = true;
-      enable32Bit = true;
+      driSupport32Bit = true;
      extraPackages = [ pkgs.vaapiVdpau ];
    };
-    nvidia = {
-      open = true;
-      prime = {
-        offload = {
-          enable = true;
-          enableOffloadCmd = true;
-        };
-        amdgpuBusId = "PCI:05:00:0";
-        nvidiaBusId = "PCI:01:00:0";
+    nvidia.prime = {
+      offload = {
+        enable = true;
+        enableOffloadCmd = true;
      };
+      amdgpuBusId = "PCI:05:00:0";
+      nvidiaBusId = "PCI:01:00:0";
    };
  };

@@ -86,20 +80,14 @@
      krita
      openscad-unstable
      bambu-studio
-      orca-slicer

      # Multimedia
      vlc
      ffmpeg
      (callPackage ./ffcheck.nix { })

-      # Misc
+      # Productivity
      obsidian
-      intiface-central
-      prismlauncher
-      blender
-      mullvad-vpn
-      qbittorrent
    ]);
  };

@@ -109,23 +97,6 @@
    dedicatedServer.openFirewall = true;
  };

-  programs.ssh.extraConfig = ''
-    Host quasar
-      HostName consortium.chat
-      IdentityFile ~/.ssh/LightsailDefaultKey-us-west-2.pem
-
-    Host monolith
-      HostName 10.243.210.154
-
-    Host fennbox
-      HostName 10.243.109.199
-      User fenn
-  '';
-
-  programs.nix-ld = {
-    enable = true;
-  };
-
  services.xserver = {
    enable = true;
    videoDrivers = [ "nvidia" ];
--- a/hosts/marauder/printing.nix
+++ b/hosts/marauder/printing.nix
--- a/hosts/monolith/default.nix
+++ b/hosts/monolith/default.nix
@@ -1,4 +1,4 @@
-{ self, pkgs, ... }:
+{ self, ... }:
 {
  imports = [
    self.nixosModules.common
@@ -6,13 +6,11 @@
    self.nixosModules.server
    self.nixosModules.zerotier
    ./dns.nix
-    ./vault.nix
  ];

  networking = {
    hostName = "monolith";
    hostId = "44551c32";
-    firewall.allowedTCPPorts = [ 8000 ];
  };

  fileSystems = {
@@ -41,52 +39,6 @@
    supportedFilesystems = [ "zfs" ];
  };

-  environment.systemPackages = with pkgs; [
-    rclone
-    beets
-    flac
-    screen
-    rustup
-    gcc
-    (callPackage ../marauder/ffcheck.nix { })
-    htop
-    mp3val
-  ];
-
-  services.jellyfin = {
-    enable = true;
-    openFirewall = true;
-  };
-
-  services.navidrome = {
-    enable = true;
-    openFirewall = true;
-    settings = {
-      Address = "0.0.0.0";
-      MusicFolder = "/library/music";
-      Scanner.GroupAlbumReleases = "true";
-      ScanSchedule = "0";
-    };
-  };
-
-  systemd = {
-    services.reboot = {
-      description = "Reboot the system";
-      serviceConfig = {
-        Type = "oneshot";
-        ExecStart = "${pkgs.systemd}/bin/systemctl reboot";
-      };
-    };
-    timers.reboot = {
-      description = "Reboot the system every two hours";
-      wantedBy = [ "timers.target" ];
-      timerConfig = {
-        OnBootSec = "6h";
-        Persistent = true;
-      };
-    };
-  };
-
  promptEmoji = "🏰";

  time.timeZone = "America/Los_Angeles";
--- a/hosts/monolith/dns.nix
+++ b/hosts/monolith/dns.nix
@@ -3,16 +3,22 @@
  systemd.services.update-dns = {
    serviceConfig.Type = "oneshot";
    description = "Update the leaf.ninja DNS records";
-    path = with pkgs; [ curl ];
+    path = with pkgs; [ curl jq ];
    script = ''
      public_ip=$(curl -s https://ifconfig.me/ip)
      endpoint="https://api.gandi.net/v5/livedns/domains/leaf.ninja/records"
-      curl \
+      curl -s \
        -X PUT \
        -H "Authorization: Bearer ${secrets.gandi.token}" \
        -H "Content-Type: application/json" \
        -d "{\"rrset_values\":[\"$public_ip\"]}" \
-        $endpoint/ostiary/A
+        "$ENDPOINT/%2A/A" | jq
+      curl -s \
+        -X PUT \
+        -H "Authorization: Bearer ${secrets.gandi.token}" \
+        -H "Content-Type: application/json" \
+        -d "{\"rrset_values\":[\"$public_ip\"]}" \
+        "$ENDPOINT/%40/A" | jq
    '';
  };

--- a/hosts/monolith/vault.nix
+++ b/hosts/monolith/vault.nix
@@ -1,20 +0,0 @@
-{ secrets, ... }:
-{
-  services.vaultwarden = {
-    enable = true;
-    config = {
-      domain = "https://vault.leaf.ninja";
-      signupsAllowed = false;
-      rocketAddress = "0.0.0.0";
-      rocketPort = 8222;
-      smtpHost = "smtp.migadu.com";
-      smtpFrom = "vaultwarden@leaf.ninja";
-      smtpPort = 587;
-      smtpSecurity = "starttls";
-      smtpUsername = "vaultwarden@leaf.ninja";
-      smtpPassword = secrets.vaultwarden.smtpPassword;
-    };
-  };
-
-  networking.firewall.allowedTCPPorts = [ 8222 ];
-}
--- a/hosts/quasar/default.nix
+++ b/hosts/quasar/default.nix
@@ -40,12 +40,26 @@
    settings = {
      server_name = config.networking.domain;
      serve_server_wellknown = true;
+      # app_service_config_files = [ ];
      registration_shared_secret = secrets.synapse."consortium.chat".registration-shared-secret;
      macaroon_secret_key = secrets.synapse."consortium.chat".macaroon-secret-key;
      form_secret = secrets.synapse."consortium.chat".form-secret;
    };
  };

+  services.mautrix-telegram = {
+    enable = true;
+    settings = {
+      homeserver = {
+        address = "http://localhost:8008";
+        domain = config.networking.domain;
+      };
+      appservice = {
+        id = "telegram";
+      };
+    };
+  };
+
  promptEmoji = "🌟";

  time.timeZone = "America/Los_Angeles";
--- a/modules/prompt.nix
+++ b/modules/prompt.nix
--- a/modules/zerotier.nix
+++ b/modules/zerotier.nix
--- a/secrets.json
+++ b/secrets.json