WIP

WIP RomRaider derivation
2025-06-15 02:09:03 -07:00 · 2024-09-23 20:35:51 -07:00
17 changed files with 368 additions and 820 deletions
--- a/flake.lock
+++ b/flake.lock
--- a/flake.nix
+++ b/flake.nix
@@ -2,9 +2,8 @@
  description = "Nettika's NixOS Configurations";

  inputs = {
-    nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11";
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05";
    shelvacu.url = "git+https://git.uninsane.org/shelvacu/nix-stuff";
-    phps.url = "github:fossar/nix-phps";
  };

  outputs = { self, nixpkgs, ... }@inputs:
@@ -16,7 +15,6 @@
        common = import ./modules/common.nix;
        prompt = import ./modules/prompt.nix;
        server = import ./modules/server.nix;
-        zerotier = import ./modules/zerotier.nix;
      };

      nixosConfigurations = {
@@ -30,11 +28,6 @@
          modules = [ ./hosts/monolith ];
          specialArgs = { inherit self inputs secrets; };
        };
-        quasar = nixpkgs.lib.nixosSystem {
-          system = "x86_64-linux";
-          modules = [ ./hosts/quasar ];
-          specialArgs = { inherit self inputs secrets; };
-        };
      };
    };
 }
--- a/hosts/marauder/backup.nix
+++ b/hosts/marauder/backup.nix
@@ -1,5 +1,11 @@
 { pkgs, config, secrets, ... }:
 {
+  environment.systemPackages = with pkgs; [
+    restic
+    libnotify
+    backblaze-b2
+  ];
+
  systemd.services = {
    notify-backup-b2-failed = {
      description = "Notify on failed backup to B2";
@@ -20,8 +26,8 @@

  environment.etc = {
    "restic-env".text = ''
-      B2_ACCOUNT_ID="${secrets.b2.accountId}"
-      B2_ACCOUNT_KEY="${secrets.b2.accountKey}"
+      export B2_ACCOUNT_ID="${secrets.b2.accountId}"
+      export B2_ACCOUNT_KEY="${secrets.b2.accountKey}"
    '';
    "restic-password".text = secrets.restic.password;
  };
@@ -33,12 +39,9 @@
      repository = "b2:marauder-backup";
      passwordFile = "/etc/restic-password";
      paths = [
-        "${config.users.users.nettika.home}/Artwork"
        "${config.users.users.nettika.home}/Documents"
-        "${config.users.users.nettika.home}/Music"
-        "${config.users.users.nettika.home}/Pictures"
+        "${config.users.users.nettika.home}/Artwork"
        "${config.users.users.nettika.home}/Projects"
-        "${config.users.users.nettika.home}/Videos"
      ];
      pruneOpts = [
        "--keep-daily 7"
--- a/hosts/marauder/default.nix
+++ b/hosts/marauder/default.nix
@@ -3,17 +3,11 @@
  imports = [
    self.nixosModules.common
    self.nixosModules.prompt
-    self.nixosModules.zerotier
    ./backup.nix
    ./dev.nix
-    ./www.nix
-    ./printing.nix
  ];

-  networking = {
-    hostName = "marauder";
-    firewall.enable = false;
-  };
+  networking.hostName = "marauder";

  fileSystems = {
    "/" = {
@@ -49,21 +43,18 @@
  hardware = {
    enableRedistributableFirmware = true;
    cpu.amd.updateMicrocode = true;
-    graphics = {
+    opengl = {
      enable = true;
-      enable32Bit = true;
+      driSupport32Bit = true;
      extraPackages = [ pkgs.vaapiVdpau ];
    };
-    nvidia = {
-      open = true;
-      prime = {
-        offload = {
-          enable = true;
-          enableOffloadCmd = true;
-        };
-        amdgpuBusId = "PCI:05:00:0";
-        nvidiaBusId = "PCI:01:00:0";
+    nvidia.prime = {
+      offload = {
+        enable = true;
+        enableOffloadCmd = true;
      };
+      amdgpuBusId = "PCI:05:00:0";
+      nvidiaBusId = "PCI:01:00:0";
    };
  };

@@ -76,13 +67,12 @@
      slack
      element-desktop
      telegram-desktop
-      signal-desktop

      # Browsers
      firefox
      filezilla

-      # Creative
+      # Art and 3D
      inkscape
      gimp
      krita
@@ -96,11 +86,7 @@

      # Misc
      obsidian
-      intiface-central
-      prismlauncher
-      blender
-      mullvad-vpn
-      qbittorrent
+      (callPackage ./romraider.nix { })
    ]);
  };

@@ -110,23 +96,6 @@
    dedicatedServer.openFirewall = true;
  };

-  programs.ssh.extraConfig = ''
-    Host quasar
-      HostName consortium.chat
-      IdentityFile ~/.ssh/LightsailDefaultKey-us-west-2.pem
-
-    Host monolith
-      HostName 10.243.210.154
-
-    Host fennbox
-      HostName 10.243.109.199
-      User fenn
-  '';
-
-  programs.nix-ld = {
-    enable = true;
-  };
-
  services.xserver = {
    enable = true;
    videoDrivers = [ "nvidia" ];
--- a/hosts/marauder/dev.nix
+++ b/hosts/marauder/dev.nix
@@ -5,30 +5,16 @@
  };

  environment.systemPackages = with pkgs; [
-    # Code Editors
    vscode
-    arduino-ide
-
-    # Dev Tools
+    kotlin
+    rustup
+    pyenv
+    gcc
    nixd
    nixpkgs-fmt
-    pyenv
-    rustup
-    electron-fiddle
-    electron
-
-    # Languages
-    gcc
-    kotlin
-    nodejs
-    php
  ];

  programs.direnv = {
    enable = true;
  };
-
-  nixpkgs.config.permittedInsecurePackages = [
-    "electron-24.8.6"
-  ];
 }
--- a/hosts/marauder/printing.nix
+++ b/hosts/marauder/printing.nix
@@ -1,16 +0,0 @@
-{ pkgs, ... }:
-{
-  environment.systemPackages = with pkgs; [
-    system-config-printer
-  ];
-
-  services.printing = {
-    enable = true;
-  };
-
-  services.avahi = {
-    enable = true;
-    nssmdns4 = true;
-    openFirewall = true;
-  };
-}
--- a/hosts/marauder/romraider.nix
+++ b/hosts/marauder/romraider.nix
@@ -0,0 +1,24 @@
+{ stdenv, fetchFromGitHub, ant, jdk11, makeWrapper, jre }: stdenv.mkDerivation {
+  pname = "romraider";
+  version = "1.0.0";
+
+  src = fetchFromGitHub {
+    owner = "Romraider";
+    repo = "Romraider";
+    rev = "1.0.0-DEC01-2023";
+    hash = "sha256-KCG6D/+yupGahzPtZk1l9FK826MHZKdTuWoTCLC0ngY=";
+  };
+
+  JRE_DIR = jdk11;
+
+  nativeBuildInputs = [ ant jdk11 makeWrapper ];
+
+  buildPhase = "ant build-linux";
+
+  installPhase = ''
+    mkdir -p $out/{bin,share/java}
+    install build/linux/lib/RomRaider.jar $out/share/java/romraider.jar
+    makeWrapper ${jdk11}/bin/java $out/bin/romraider \
+      --add-flags "-jar $out/share/java/romraider.jar"
+  '';
+}
--- a/hosts/marauder/www.nix
+++ b/hosts/marauder/www.nix
@@ -1,26 +0,0 @@
-{ pkgs, inputs, ... }:
-let
-  fortune = pkgs.writeShellScript "cgi" ''
-    echo "Content-type: text/html"
-    echo ""
-    ${pkgs.fortune}/bin/fortune
-  '';
-in {
-  services.mysql = {
-    enable = true;
-    package = pkgs.mariadb;
-  };
-
-  services.httpd = {
-    enable = true;
-    enablePHP = true;
-    # phpPackage = inputs.phps.packages.x86_64-linux.php74;
-    extraConfig = ''
-      ScriptAlias /fortune ${fortune}/bin/fortune
-    '';
-    virtualHosts."localhost" = {
-      documentRoot = "/var/www";
-      locations."/".index = "index.html index.php";
-    };
-  };
-}
--- a/hosts/monolith/default.nix
+++ b/hosts/monolith/default.nix
@@ -1,18 +1,15 @@
-{ self, pkgs, ... }:
+{ self, ... }:
 {
  imports = [
    self.nixosModules.common
    self.nixosModules.prompt
    self.nixosModules.server
-    self.nixosModules.zerotier
    ./dns.nix
-    ./vault.nix
  ];

  networking = {
    hostName = "monolith";
    hostId = "44551c32";
-    firewall.allowedTCPPorts = [ 8000 ];
  };

  fileSystems = {
@@ -41,51 +38,6 @@
    supportedFilesystems = [ "zfs" ];
  };

-  environment.systemPackages = with pkgs; [
-    rclone
-    beets
-    flac
-    screen
-    rustup
-    gcc
-    (callPackage ../marauder/ffcheck.nix { })
-    mp3val
-  ];
-
-  services.jellyfin = {
-    enable = true;
-    openFirewall = true;
-  };
-
-  services.navidrome = {
-    enable = true;
-    openFirewall = true;
-    settings = {
-      Address = "0.0.0.0";
-      MusicFolder = "/library/music";
-      Scanner.GroupAlbumReleases = "true";
-      ScanSchedule = "0";
-    };
-  };
-
-  systemd = {
-    services.reboot = {
-      description = "Reboot the system";
-      serviceConfig = {
-        Type = "oneshot";
-        ExecStart = "${pkgs.systemd}/bin/systemctl reboot";
-      };
-    };
-    timers.reboot = {
-      description = "Reboot the system every two hours";
-      wantedBy = [ "timers.target" ];
-      timerConfig = {
-        OnBootSec = "6h";
-        Persistent = true;
-      };
-    };
-  };
-
  promptEmoji = "🏰";

  time.timeZone = "America/Los_Angeles";
--- a/hosts/monolith/dns.nix
+++ b/hosts/monolith/dns.nix
@@ -3,16 +3,22 @@
  systemd.services.update-dns = {
    serviceConfig.Type = "oneshot";
    description = "Update the leaf.ninja DNS records";
-    path = with pkgs; [ curl ];
+    path = with pkgs; [ curl jq ];
    script = ''
      public_ip=$(curl -s https://ifconfig.me/ip)
      endpoint="https://api.gandi.net/v5/livedns/domains/leaf.ninja/records"
-      curl \
+      curl -s \
        -X PUT \
        -H "Authorization: Bearer ${secrets.gandi.token}" \
        -H "Content-Type: application/json" \
        -d "{\"rrset_values\":[\"$public_ip\"]}" \
-        $endpoint/ostiary/A
+        "$ENDPOINT/%2A/A" | jq
+      curl -s \
+        -X PUT \
+        -H "Authorization: Bearer ${secrets.gandi.token}" \
+        -H "Content-Type: application/json" \
+        -d "{\"rrset_values\":[\"$public_ip\"]}" \
+        "$ENDPOINT/%40/A" | jq
    '';
  };

--- a/hosts/monolith/samba.nix
+++ b/hosts/monolith/samba.nix
@@ -0,0 +1,29 @@
+{ ... }:
+{
+  services.samba = {
+    enable = true;
+    openFirewall = true;
+    settings = {
+      global = {
+        workgroup = "WORKGROUP";
+        "server string" = "monolith";
+        "netbios name" = "monolith";
+        security = "user";
+        "invalid users" = [ "root" ];
+        "guest account" = "nobody";
+        "map to guest" = "bad user";
+      };
+      public = {
+        path = "/library/share";
+        browseable = "yes";
+        "read only" = "no";
+        "guest ok" = "yes";
+      };
+    };
+  };
+
+  services.samba-wsdd = {
+    enable = true;
+    openFirewall = true;
+  };
+}
--- a/hosts/monolith/vault.nix
+++ b/hosts/monolith/vault.nix
@@ -1,20 +0,0 @@
-{ secrets, ... }:
-{
-  services.vaultwarden = {
-    enable = true;
-    config = {
-      domain = "https://vault.leaf.ninja";
-      signupsAllowed = false;
-      rocketAddress = "0.0.0.0";
-      rocketPort = 8222;
-      smtpHost = "smtp.migadu.com";
-      smtpFrom = "vaultwarden@leaf.ninja";
-      smtpPort = 587;
-      smtpSecurity = "starttls";
-      smtpUsername = "vaultwarden@leaf.ninja";
-      smtpPassword = secrets.vaultwarden.smtpPassword;
-    };
-  };
-
-  networking.firewall.allowedTCPPorts = [ 8222 ];
-}
--- a/hosts/quasar/default.nix
+++ b/hosts/quasar/default.nix
@@ -1,54 +0,0 @@
-{ self, modulesPath, pkgs, config, secrets, ... }:
-{
-  imports = [
-    "${modulesPath}/virtualisation/amazon-image.nix"
-    self.nixosModules.common
-    self.nixosModules.prompt
-    self.nixosModules.server
-  ];
-
-  networking = {
-    hostName = "quasar";
-    domain = "consortium.chat";
-    firewall.allowedTCPPorts = [ 80 443 ];
-  };
-
-  services.postgresql = {
-    enable = true;
-  };
-
-  services.caddy = {
-    enable = true;
-    virtualHosts = {
-      "${config.networking.domain}".extraConfig = ''
-        reverse_proxy localhost:8008
-        header Strict-Transport-Security "max-age=63072000; includeSubDomains;"
-      '';
-      "matrix.${config.networking.domain}".extraConfig = ''
-        reverse_proxy /_matrix/* localhost:8008
-        reverse_proxy /_synapse/client/* localhost:8008
-      '';
-      "admin.${config.networking.domain}".extraConfig = ''
-        root * ${pkgs.synapse-admin}
-        file_server
-      '';
-    };
-  };
-
-  services.matrix-synapse = {
-    enable = true;
-    settings = {
-      server_name = config.networking.domain;
-      serve_server_wellknown = true;
-      registration_shared_secret = secrets.synapse."consortium.chat".registration-shared-secret;
-      macaroon_secret_key = secrets.synapse."consortium.chat".macaroon-secret-key;
-      form_secret = secrets.synapse."consortium.chat".form-secret;
-    };
-  };
-
-  promptEmoji = "🌟";
-
-  time.timeZone = "America/Los_Angeles";
-
-  system.stateVersion = "24.05";
-}
--- a/modules/common.nix
+++ b/modules/common.nix
@@ -1,24 +1,17 @@
-{ pkgs, ... }:
+{ pkgs, secrets, ... }:
 {
  nixpkgs.config.allowUnfree = true;

  nix.settings = {
    experimental-features = [ "nix-command" "flakes" ];
-    substituters = [
-      "https://fossar.cachix.org"
-      # "https://nixcache.shelvacu.com"
-    ];
-    trusted-public-keys = [
-      "fossar.cachix.org-1:Zv6FuqIboeHPWQS7ysLCJ7UT7xExb4OE8c4LyGb5AsE="
-      "nixcache.shelvacu.com:73u5ZGBpPRoVZfgNJQKYYBt9K9Io/jPwgUfuOLsJbsM="
-    ];
+    substituters = [ "https://nixcache.shelvacu.com" ];
+    trusted-public-keys = [ "nixcache.shelvacu.com:73u5ZGBpPRoVZfgNJQKYYBt9K9Io/jPwgUfuOLsJbsM=" ];
    trusted-users = [ "@wheel" ];
  };

  users.users.nettika = {
    isNormalUser = true;
    extraGroups = [ "wheel" "networkmanager" ];
-    shell = pkgs.fish;
  };

  security.sudo.wheelNeedsPassword = false;
@@ -48,13 +41,13 @@
    '';
  };

-  programs.fish = {
+  services.zerotierone = {
    enable = true;
+    joinNetworks = secrets.zerotier.networks;
  };

  environment.systemPackages = with pkgs; [
    git-crypt
-    htop
    jq
  ];
 }
--- a/modules/prompt.nix
+++ b/modules/prompt.nix
@@ -7,24 +7,4 @@
  config.programs.bash.promptInit = ''
    PS1="\[\e]0;\u@\h: \w\a\]\n${config.promptEmoji} \[\033[1;$((UID ? 32 : 31))m\]\w \\$\[\033[0m\] "
  '';
-
-  config.programs.fish = {
-    promptInit = ''
-      function fish_prompt
-        echo -n '${config.promptEmoji} '
-        set_color brgreen
-        echo -n (prompt_pwd)
-        set_color normal
-        echo -n ' > '
-      end
-      function fish_right_prompt
-        set_color bryellow
-        echo -n (git branch --show-current 2>/dev/null)
-      end
-    '';
-    shellInit = ''
-      set -g fish_greeting
-      set -g fish_prompt_pwd_full_dirs 999
-    '';
-  };
 }
--- a/modules/zerotier.nix
+++ b/modules/zerotier.nix
@@ -1,7 +0,0 @@
-{ secrets, ... }:
-{
-  services.zerotierone = {
-    enable = true;
-    joinNetworks = secrets.zerotier.networks;
-  };
-}
--- a/secrets.json
+++ b/secrets.json
Author	SHA1	Message	Date
Nettika	a274189617	WIP	2025-06-15 02:09:03 -07:00
Nettika	75477b46b4	WIP RomRaider derivation	2024-09-23 20:35:51 -07:00