WIP mautrix-telegram

flake.nix

@@ -2,9 +2,8 @@
   description = "Nettika's NixOS Configurations";
 
   inputs = {
-    nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11";
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05";
     shelvacu.url = "git+https://git.uninsane.org/shelvacu/nix-stuff";
-    phps.url = "github:fossar/nix-phps";
   };
 
   outputs = { self, nixpkgs, ... }@inputs:

hosts/marauder/backup.nix

@@ -1,5 +1,11 @@
 { pkgs, config, secrets, ... }:
 {
+  environment.systemPackages = with pkgs; [
+    restic
+    libnotify
+    backblaze-b2
+  ];
+
   systemd.services = {
     notify-backup-b2-failed = {
       description = "Notify on failed backup to B2";
@@ -20,8 +26,8 @@
 
   environment.etc = {
     "restic-env".text = ''
-      B2_ACCOUNT_ID="${secrets.b2.accountId}"
+      export B2_ACCOUNT_ID="${secrets.b2.accountId}"
-      B2_ACCOUNT_KEY="${secrets.b2.accountKey}"
+      export B2_ACCOUNT_KEY="${secrets.b2.accountKey}"
     '';
     "restic-password".text = secrets.restic.password;
   };
@@ -33,12 +39,9 @@
       repository = "b2:marauder-backup";
       passwordFile = "/etc/restic-password";
       paths = [
-        "${config.users.users.nettika.home}/Artwork"
         "${config.users.users.nettika.home}/Documents"
-        "${config.users.users.nettika.home}/Music"
+        "${config.users.users.nettika.home}/Artwork"
-        "${config.users.users.nettika.home}/Pictures"
         "${config.users.users.nettika.home}/Projects"
-        "${config.users.users.nettika.home}/Videos"
       ];
       pruneOpts = [
         "--keep-daily 7"

hosts/marauder/default.nix

@@ -6,14 +6,10 @@
     self.nixosModules.zerotier
     ./backup.nix
     ./dev.nix
-    ./www.nix
     ./printing.nix
   ];
 
-  networking = {
+  networking.hostName = "marauder";
-    hostName = "marauder";
-    firewall.enable = false;
-  };
 
   fileSystems = {
     "/" = {
@@ -49,14 +45,12 @@
   hardware = {
     enableRedistributableFirmware = true;
     cpu.amd.updateMicrocode = true;
-    graphics = {
+    opengl = {
       enable = true;
-      enable32Bit = true;
+      driSupport32Bit = true;
       extraPackages = [ pkgs.vaapiVdpau ];
     };
-    nvidia = {
+    nvidia.prime = {
-      open = true;
-      prime = {
       offload = {
         enable = true;
         enableOffloadCmd = true;
@@ -65,7 +59,6 @@
       nvidiaBusId = "PCI:01:00:0";
     };
   };
-  };
 
   environment = {
     systemPackages = [
@@ -76,13 +69,12 @@
       slack
       element-desktop
       telegram-desktop
-      signal-desktop
 
       # Browsers
       firefox
       filezilla
 
-      # Creative
+      # Art and 3D
       inkscape
       gimp
       krita
@@ -94,13 +86,8 @@
       ffmpeg
       (callPackage ./ffcheck.nix { })
 
-      # Misc
+      # Productivity
       obsidian
-      intiface-central
-      prismlauncher
-      blender
-      mullvad-vpn
-      qbittorrent
     ]);
   };
 
@@ -110,23 +97,6 @@
     dedicatedServer.openFirewall = true;
   };
 
-  programs.ssh.extraConfig = ''
-    Host quasar
-      HostName consortium.chat
-      IdentityFile ~/.ssh/LightsailDefaultKey-us-west-2.pem
-
-    Host monolith
-      HostName 10.243.210.154
-
-    Host fennbox
-      HostName 10.243.109.199
-      User fenn
-  '';
-
-  programs.nix-ld = {
-    enable = true;
-  };
-
   services.xserver = {
     enable = true;
     videoDrivers = [ "nvidia" ];

hosts/marauder/dev.nix

@@ -5,30 +5,16 @@
   };
 
   environment.systemPackages = with pkgs; [
-    # Code Editors
     vscode
-    arduino-ide
+    kotlin
-
+    rustup
-    # Dev Tools
+    pyenv
+    gcc
     nixd
     nixpkgs-fmt
-    pyenv
-    rustup
-    electron-fiddle
-    electron
-
-    # Languages
-    gcc
-    kotlin
-    nodejs
-    php
   ];
 
   programs.direnv = {
     enable = true;
   };
-
-  nixpkgs.config.permittedInsecurePackages = [
-    "electron-24.8.6"
-  ];
 }

hosts/marauder/www.nix

@@ -1,26 +0,0 @@
-{ pkgs, inputs, ... }:
-let
-  fortune = pkgs.writeShellScript "cgi" ''
-    echo "Content-type: text/html"
-    echo ""
-    ${pkgs.fortune}/bin/fortune
-  '';
-in {
-  services.mysql = {
-    enable = true;
-    package = pkgs.mariadb;
-  };
-
-  services.httpd = {
-    enable = true;
-    enablePHP = true;
-    # phpPackage = inputs.phps.packages.x86_64-linux.php74;
-    extraConfig = ''
-      ScriptAlias /fortune ${fortune}/bin/fortune
-    '';
-    virtualHosts."localhost" = {
-      documentRoot = "/var/www";
-      locations."/".index = "index.html index.php";
-    };
-  };
-}

hosts/monolith/default.nix

@@ -1,4 +1,4 @@
-{ self, pkgs, ... }:
+{ self, ... }:
 {
   imports = [
     self.nixosModules.common
@@ -6,13 +6,11 @@
     self.nixosModules.server
     self.nixosModules.zerotier
     ./dns.nix
-    ./vault.nix
   ];
 
   networking = {
     hostName = "monolith";
     hostId = "44551c32";
-    firewall.allowedTCPPorts = [ 8000 ];
   };
 
   fileSystems = {
@@ -41,51 +39,6 @@
     supportedFilesystems = [ "zfs" ];
   };
 
-  environment.systemPackages = with pkgs; [
-    rclone
-    beets
-    flac
-    screen
-    rustup
-    gcc
-    (callPackage ../marauder/ffcheck.nix { })
-    mp3val
-  ];
-
-  services.jellyfin = {
-    enable = true;
-    openFirewall = true;
-  };
-
-  services.navidrome = {
-    enable = true;
-    openFirewall = true;
-    settings = {
-      Address = "0.0.0.0";
-      MusicFolder = "/library/music";
-      Scanner.GroupAlbumReleases = "true";
-      ScanSchedule = "0";
-    };
-  };
-
-  systemd = {
-    services.reboot = {
-      description = "Reboot the system";
-      serviceConfig = {
-        Type = "oneshot";
-        ExecStart = "${pkgs.systemd}/bin/systemctl reboot";
-      };
-    };
-    timers.reboot = {
-      description = "Reboot the system every two hours";
-      wantedBy = [ "timers.target" ];
-      timerConfig = {
-        OnBootSec = "6h";
-        Persistent = true;
-      };
-    };
-  };
-
   promptEmoji = "🏰";
 
   time.timeZone = "America/Los_Angeles";

hosts/monolith/dns.nix

@@ -3,16 +3,22 @@
   systemd.services.update-dns = {
     serviceConfig.Type = "oneshot";
     description = "Update the leaf.ninja DNS records";
-    path = with pkgs; [ curl ];
+    path = with pkgs; [ curl jq ];
     script = ''
       public_ip=$(curl -s https://ifconfig.me/ip)
       endpoint="https://api.gandi.net/v5/livedns/domains/leaf.ninja/records"
-      curl \
+      curl -s \
         -X PUT \
         -H "Authorization: Bearer ${secrets.gandi.token}" \
         -H "Content-Type: application/json" \
         -d "{\"rrset_values\":[\"$public_ip\"]}" \
-        $endpoint/ostiary/A
+        "$ENDPOINT/%2A/A" | jq
+      curl -s \
+        -X PUT \
+        -H "Authorization: Bearer ${secrets.gandi.token}" \
+        -H "Content-Type: application/json" \
+        -d "{\"rrset_values\":[\"$public_ip\"]}" \
+        "$ENDPOINT/%40/A" | jq
     '';
   };
 

hosts/monolith/vault.nix

@@ -1,20 +0,0 @@
-{ secrets, ... }:
-{
-  services.vaultwarden = {
-    enable = true;
-    config = {
-      domain = "https://vault.leaf.ninja";
-      signupsAllowed = false;
-      rocketAddress = "0.0.0.0";
-      rocketPort = 8222;
-      smtpHost = "smtp.migadu.com";
-      smtpFrom = "vaultwarden@leaf.ninja";
-      smtpPort = 587;
-      smtpSecurity = "starttls";
-      smtpUsername = "vaultwarden@leaf.ninja";
-      smtpPassword = secrets.vaultwarden.smtpPassword;
-    };
-  };
-
-  networking.firewall.allowedTCPPorts = [ 8222 ];
-}

hosts/quasar/default.nix

@@ -40,12 +40,26 @@
     settings = {
       server_name = config.networking.domain;
       serve_server_wellknown = true;
+      # app_service_config_files = [ ];
       registration_shared_secret = secrets.synapse."consortium.chat".registration-shared-secret;
       macaroon_secret_key = secrets.synapse."consortium.chat".macaroon-secret-key;
       form_secret = secrets.synapse."consortium.chat".form-secret;
     };
   };
 
+  services.mautrix-telegram = {
+    enable = true;
+    settings = {
+      homeserver = {
+        address = "http://localhost:8008";
+        domain = config.networking.domain;
+      };
+      appservice = {
+        id = "telegram";
+      };
+    };
+  };
+
   promptEmoji = "🌟";
 
   time.timeZone = "America/Los_Angeles";

modules/common.nix

@@ -4,21 +4,14 @@
 
   nix.settings = {
     experimental-features = [ "nix-command" "flakes" ];
-    substituters = [
+    substituters = [ "https://nixcache.shelvacu.com" ];
-      "https://fossar.cachix.org"
+    trusted-public-keys = [ "nixcache.shelvacu.com:73u5ZGBpPRoVZfgNJQKYYBt9K9Io/jPwgUfuOLsJbsM=" ];
-      # "https://nixcache.shelvacu.com"
-    ];
-    trusted-public-keys = [
-      "fossar.cachix.org-1:Zv6FuqIboeHPWQS7ysLCJ7UT7xExb4OE8c4LyGb5AsE="
-      "nixcache.shelvacu.com:73u5ZGBpPRoVZfgNJQKYYBt9K9Io/jPwgUfuOLsJbsM="
-    ];
     trusted-users = [ "@wheel" ];
   };
 
   users.users.nettika = {
     isNormalUser = true;
     extraGroups = [ "wheel" "networkmanager" ];
-    shell = pkgs.fish;
   };
 
   security.sudo.wheelNeedsPassword = false;
@@ -48,13 +41,8 @@
     '';
   };
 
-  programs.fish = {
-    enable = true;
-  };
-
   environment.systemPackages = with pkgs; [
     git-crypt
-    htop
     jq
   ];
 }

modules/prompt.nix

@@ -7,24 +7,4 @@
   config.programs.bash.promptInit = ''
     PS1="\[\e]0;\u@\h: \w\a\]\n${config.promptEmoji} \[\033[1;$((UID ? 32 : 31))m\]\w \\$\[\033[0m\] "
   '';
-
-  config.programs.fish = {
-    promptInit = ''
-      function fish_prompt
-        echo -n '${config.promptEmoji} '
-        set_color brgreen
-        echo -n (prompt_pwd)
-        set_color normal
-        echo -n ' > '
-      end
-      function fish_right_prompt
-        set_color bryellow
-        echo -n (git branch --show-current 2>/dev/null)
-      end
-    '';
-    shellInit = ''
-      set -g fish_greeting
-      set -g fish_prompt_pwd_full_dirs 999
-    '';
-  };
 }