commit 77fed96f39c5bab1680b6eef53fee2b1015ea41c
parent 430c89f728e24d46ca015fdf09e9498594a36499
Author: Katja Ramona Sophie Kwast (zaphyra) <git@zaphyra.eu>
Date: Wed, 15 Oct 2025 11:30:30 +0200
parent 430c89f728e24d46ca015fdf09e9498594a36499
Author: Katja Ramona Sophie Kwast (zaphyra) <git@zaphyra.eu>
Date: Wed, 15 Oct 2025 11:30:30 +0200
hosts/morio: replace matrix-homeserver (`grapevine` -> `continuwuity`)
13 files changed, 502 insertions(+), 354 deletions(-)
A
|
77
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
A
|
120
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
M
|
66
+++++++++++++++++++++++++++++++++---------------------------------
A
|
125
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
A
|
90
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
diff --git a/config/nixos/modules/presets/zaphyra/mautrixBridges/signal.nix b/config/nixos/modules/presets/zaphyra/mautrixBridges/signal.nix @@ -20,8 +20,8 @@ in config = lib.mkIf cfg.enable { assertions = [ { - assertion = config.modules.websites."grapevine.zaphyra.eu".enable == true; - message = "The option 'modules.websites.\"grapevine.zaphyra.eu\"' must be enabled in order to use this module."; + assertion = config.modules.websites."continuwuity.zaphyra.eu".enable == true; + message = "The option 'modules.websites.\"continuwuity.zaphyra.eu\"' must be enabled in order to use this module."; } ]; @@ -31,7 +31,7 @@ in enable = true; package = pkgs.mautrix-signal.override { withGoolm = true; }; environmentFile = config.sops.secrets."environments/mautrixBridges/signal".path; - serviceDependencies = [ "grapevine.service" ]; + serviceDependencies = [ "continuwuity.service" ]; settings = rec { network.device_name = "Mautix-Signal (on ${homeserver.domain})"; network.displayname_template = "{{or .ProfileName .PhoneNumber \"Unknown user\"}} (Signal)"; @@ -49,7 +49,7 @@ in relay.enabled = false; backfill.enabled = true; - # double_puppet.secrets."${homeserver.domain}" = "as_token:$MAUTRIX_DOUBLE_PUPPET_SHARED_SECRET"; + double_puppet.secrets."${homeserver.domain}" = "as_token:$MAUTRIX_DOUBLE_PUPPET_SHARED_SECRET"; appservice = { id = "signal"; @@ -65,16 +65,15 @@ in permissions."${homeserver.domain}" = "admin"; - cleanup_on_logout = - { - enabled = true; - } - // (lib.genAttrs [ "manual" "bad_credentials" ] (name: { - shared_has_users = "delete"; - shared_no_users = "delete"; - relayed = "delete"; - private = "delete"; - })); + cleanup_on_logout = { + enabled = true; + } + // (lib.genAttrs [ "manual" "bad_credentials" ] (name: { + shared_has_users = "delete"; + shared_no_users = "delete"; + relayed = "delete"; + private = "delete"; + })); }; }; };
diff --git a/config/nixos/modules/presets/zaphyra/mautrixBridges/telegram.nix b/config/nixos/modules/presets/zaphyra/mautrixBridges/telegram.nix @@ -21,8 +21,8 @@ in config = lib.mkIf cfg.enable { assertions = [ { - assertion = config.modules.websites."grapevine.zaphyra.eu".enable == true; - message = "The option 'modules.websites.\"grapevine.zaphyra.eu\"' must be enabled in order to use this module."; + assertion = config.modules.websites."continuwuity.zaphyra.eu".enable == true; + message = "The option 'modules.websites.\"continuwuity.zaphyra.eu\"' must be enabled in order to use this module."; } ]; @@ -32,7 +32,7 @@ in enable = true; package = pkgs.tgc.mautrix-telegramgo; environmentFile = config.sops.secrets."environments/mautrixBridges/telegram".path; - serviceDependencies = [ "grapevine.service" ]; + serviceDependencies = [ "continuwuity.service" ]; settings = rec { network.device_info.device_model = "Mautix-TelegramGO (on ${homeserver.domain})"; network.api_id = "$TELEGRAM_API_ID"; @@ -52,7 +52,7 @@ in backfill.enabled = true; backfill.max_initial_messages = 400; - # double_puppet.secrets."${homeserver.domain}" = "as_token:$MAUTRIX_DOUBLE_PUPPET_SHARED_SECRET"; + double_puppet.secrets."${homeserver.domain}" = "as_token:$MAUTRIX_DOUBLE_PUPPET_SHARED_SECRET"; appservice = { id = "telegram"; @@ -68,16 +68,15 @@ in permissions."${homeserver.domain}" = "admin"; - cleanup_on_logout = - { - enabled = true; - } - // (lib.genAttrs [ "manual" "bad_credentials" ] (name: { - shared_has_users = "delete"; - shared_no_users = "delete"; - relayed = "delete"; - private = "delete"; - })); + cleanup_on_logout = { + enabled = true; + } + // (lib.genAttrs [ "manual" "bad_credentials" ] (name: { + shared_has_users = "delete"; + shared_no_users = "delete"; + relayed = "delete"; + private = "delete"; + })); }; }; };
diff --git a/config/nixos/modules/presets/zaphyra/mautrixBridges/whatsapp.nix b/config/nixos/modules/presets/zaphyra/mautrixBridges/whatsapp.nix @@ -21,8 +21,8 @@ in config = lib.mkIf cfg.enable { assertions = [ { - assertion = config.modules.websites."grapevine.zaphyra.eu".enable == true; - message = "The option 'modules.websites.\"grapevine.zaphyra.eu\"' must be enabled in order to use this module."; + assertion = config.modules.websites."continuwuity.zaphyra.eu".enable == true; + message = "The option 'modules.websites.\"continuwuity.zaphyra.eu\"' must be enabled in order to use this module."; } ]; @@ -31,7 +31,7 @@ in tgc.services.mautrixBridge.whatsapp = { enable = true; package = pkgs.mautrix-whatsapp.override { withGoolm = true; }; - serviceDependencies = [ "grapevine.service" ]; + serviceDependencies = [ "continuwuity.service" ]; environmentFile = config.sops.secrets."environments/mautrixBridges/whatsapp".path; settings = rec { network = { @@ -61,7 +61,7 @@ in backfill.enabled = true; backfill.max_initial_messages = 100; - # double_puppet.secrets."${homeserver.domain}" = "as_token:$MAUTRIX_DOUBLE_PUPPET_SHARED_SECRET"; + double_puppet.secrets."${homeserver.domain}" = "as_token:$MAUTRIX_DOUBLE_PUPPET_SHARED_SECRET"; appservice = { id = "whatsapp"; @@ -77,16 +77,15 @@ in permissions."${homeserver.domain}" = "admin"; - cleanup_on_logout = - { - enabled = true; - } - // (lib.genAttrs [ "manual" "bad_credentials" ] (name: { - shared_has_users = "delete"; - shared_no_users = "delete"; - relayed = "delete"; - private = "delete"; - })); + cleanup_on_logout = { + enabled = true; + } + // (lib.genAttrs [ "manual" "bad_credentials" ] (name: { + shared_has_users = "delete"; + shared_no_users = "delete"; + relayed = "delete"; + private = "delete"; + })); }; }; };
diff --git a/config/nixos/modules/websites/continuwuity-migration.zaphyra.eu.nix b/config/nixos/modules/websites/continuwuity-migration.zaphyra.eu.nix @@ -0,0 +1,77 @@ +{ + hostConfig, + povSelf, + config, + lib, + pkgs, + ... +}: + +let + inherit (lib) types; + cfg = lib.getAttrFromPath povSelf config; + +in +{ + + options = { + enable = { + type = types.bool; + default = false; + }; + subdomain = { + type = types.str; + default = "continuwuity-migration"; + }; + domain = { + type = types.str; + default = "zaphyra.eu"; + }; + }; + + config = lib.mkIf cfg.enable { + dns.zones = { + "${cfg.domain}".subdomains."${cfg.subdomain}".CNAME = [ + "${config.networking.fqdn}." + ]; + }; + + modules.filesystem.impermanence.system.dirs = [ + { + directory = "/var/lib/continuwuity"; + mode = "0700"; + user = "continuwuity"; + group = "continuwuity"; + } + ]; + + services.matrix-continuwuity = { + enable = true; + settings = { + global = { + address = [ "::1" ]; + trusted_servers = [ + "matrix.org" + "tchncs.de" + ]; + server_name = "${cfg.subdomain}.${cfg.domain}"; + allow_registration = false; + yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse = false; + well_known.server = "${cfg.subdomain}.${cfg.domain}:443"; + }; + }; + }; + + services.nginx = { + enable = true; + virtualHosts."${cfg.subdomain}.${cfg.domain}" = { + enableACME = true; + forceSSL = true; + kTLS = true; + locations."/".proxyPass = + "http://[::1]:${toString config.services.matrix-continuwuity.settings.global.port}/"; + }; + }; + }; + +}
diff --git a/config/nixos/modules/websites/continuwuity.zaphyra.eu.nix b/config/nixos/modules/websites/continuwuity.zaphyra.eu.nix @@ -0,0 +1,120 @@ +{ + povSelf, + name, + config, + lib, + pkgs, + ... +}: + +let + inherit (lib) types; + cfg = lib.getAttrFromPath povSelf config; + cfgWebsites = lib.getAttrFromPath (lib.remove name povSelf) config; + +in +{ + + options = { + enable = { + type = types.bool; + default = false; + }; + subdomain = { + type = types.str; + default = "continuwuity"; + }; + domain = { + type = types.str; + default = "zaphyra.eu"; + }; + }; + + config = lib.mkIf cfg.enable { + assertions = [ + { + assertion = cfgWebsites."zaphyra.eu".enable == true; + message = "The option 'modules.websites.\"zaphyra.eu\"' must be enabled in order to use this module."; + } + ]; + + dns.zones = { + "${cfg.domain}".subdomains."${cfg.subdomain}".CNAME = [ + "${config.networking.fqdn}." + ]; + }; + + modules.filesystem.impermanence.system.dirs = [ + "/var/lib/private/continuwuity" + ]; + + services.matrix-continuwuity = { + enable = true; + settings = { + global = { + address = [ "::1" ]; + trusted_servers = [ + "matrix.org" + "tchncs.de" + ]; + server_name = cfg.domain; + allow_registration = false; + yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse = false; + }; + }; + }; + + services.nginx = { + enable = true; + virtualHosts = + let + matrixServerConfig = { + "m.server" = "${cfg.subdomain}.${cfg.domain}:443"; + }; + matrixClientConfig = { + "m.homeserver".base_url = "https://${cfg.subdomain}.${cfg.domain}/"; + }; + in + { + "${config.services.matrix-continuwuity.settings.global.server_name}" = { + locations = { + "= /.well-known/matrix/server".extraConfig = '' + add_header Content-Type application/json; + add_header "Access-Control-Allow-Origin" "*"; + add_header "Access-Control-Allow-Methods" "GET, POST, PUT, DELETE, OPTIONS"; + add_header "Access-Control-Allow-Headers" "Origin, X-Requested-With, Content-Type, Accept, Authorization"; + return 200 '${builtins.toJSON matrixServerConfig}'; + ''; + "= /.well-known/matrix/client".extraConfig = '' + add_header Content-Type application/json; + add_header "Access-Control-Allow-Origin" "*"; + add_header "Access-Control-Allow-Methods" "GET, POST, PUT, DELETE, OPTIONS"; + add_header "Access-Control-Allow-Headers" "Origin, X-Requested-With, Content-Type, Accept, Authorization"; + return 200 '${builtins.toJSON matrixClientConfig}'; + ''; + }; + }; + "${cfg.subdomain}.${cfg.domain}" = { + useACMEHost = "${config.networking.fqdn}"; + forceSSL = true; + kTLS = true; + locations = { + "/_matrix" = { + proxyPass = "http://[::1]:${toString config.services.matrix-continuwuity.settings.global.port}"; + proxyWebsockets = true; + }; + "/".root = pkgs.cinny.override { + conf = { + defaultHomeserver = 0; + homeserverList = [ cfg.domain ]; + hashRouter.enabled = true; + allowCustomHomesevrers = false; + }; + }; + }; + }; + }; + }; + }; + +}
diff --git a/config/nixos/modules/websites/grapevine.zaphyra.eu.nix b/config/nixos/modules/websites/grapevine.zaphyra.eu.nix @@ -68,39 +68,39 @@ in ''; }; - services.grapevine = { - enable = true; - - settings = { - server_name = cfg.domain; - max_request_size = 52428800; - - media.allow_unauthenticated_access = true; - - allow_registration = false; - registration_token = "foobar123"; - - database.backend = "rocksdb"; - database.cache_capacity_mb = 128; - - federation.max_concurrent_requests = 10000; - federation.self_test = false; # somehow this fails to unexpected server version - - server_discovery.server.authority = "${cfg.domain}:443"; - server_discovery.client.base_url = "https://${cfg.domain}"; - - observability.logs.format = "pretty"; - - listen = [ - { - type = "tcp"; - address = "::1"; - port = 6167; - } - ]; - }; - }; - + # services.grapevine = { + # enable = true; + # + # settings = { + # server_name = cfg.domain; + # max_request_size = 52428800; + # + # media.allow_unauthenticated_access = true; + # + # allow_registration = false; + # registration_token = "foobar123"; + # + # database.backend = "rocksdb"; + # database.cache_capacity_mb = 128; + # + # federation.max_concurrent_requests = 10000; + # federation.self_test = false; # somehow this fails to unexpected server version + # + # server_discovery.server.authority = "${cfg.domain}:443"; + # server_discovery.client.base_url = "https://${cfg.domain}"; + # + # observability.logs.format = "pretty"; + # + # listen = [ + # { + # type = "tcp"; + # address = "::1"; + # port = 6167; + # } + # ]; + # }; + # }; + # services.nginx = { enable = true; virtualHosts =
diff --git a/flake.lock b/flake.lock @@ -20,30 +20,6 @@ "url": "https://git.zaphyra.eu/airpodsctl" } }, - "attic": { - "inputs": { - "crane": "crane", - "flake-compat": "flake-compat", - "flake-parts": "flake-parts", - "nix-github-actions": "nix-github-actions", - "nixpkgs": "nixpkgs", - "nixpkgs-stable": "nixpkgs-stable" - }, - "locked": { - "lastModified": 1752217044, - "narHash": "sha256-5TomR72rn4q+5poQcN6EnanxeXKqJSqWVAoDAFN0lUc=", - "owner": "zhaofengli", - "repo": "attic", - "rev": "24fad0622fc9404c69e83bab7738359c5be4988e", - "type": "github" - }, - "original": { - "owner": "zhaofengli", - "ref": "main", - "repo": "attic", - "type": "github" - } - }, "blobs": { "flake": false, "locked": { @@ -78,37 +54,6 @@ }, "crane": { "locked": { - "lastModified": 1751562746, - "narHash": "sha256-smpugNIkmDeicNz301Ll1bD7nFOty97T79m4GUMUczA=", - "owner": "ipetkov", - "repo": "crane", - "rev": "aed2020fd3dc26e1e857d4107a5a67a33ab6c1fd", - "type": "github" - }, - "original": { - "owner": "ipetkov", - "repo": "crane", - "type": "github" - } - }, - "crane_2": { - "locked": { - "lastModified": 1752946753, - "narHash": "sha256-g5uP3jIj+STUcfTJDKYopxnSijs2agRg13H0SGL5iE4=", - "owner": "ipetkov", - "repo": "crane", - "rev": "544d09fecc8c2338542c57f3f742f1a0c8c71e13", - "type": "github" - }, - "original": { - "owner": "ipetkov", - "ref": "master", - "repo": "crane", - "type": "github" - } - }, - "crane_3": { - "locked": { "lastModified": 1731098351, "narHash": "sha256-HQkYvKvaLQqNa10KEFGgWHfMAbWBfFp+4cAgkut+NNE=", "owner": "ipetkov", @@ -122,7 +67,7 @@ "type": "github" } }, - "crane_4": { + "crane_2": { "locked": { "lastModified": 1754269165, "narHash": "sha256-0tcS8FHd4QjbCVoxN9jI+PjHgA4vc/IjkUSp+N3zy0U=", @@ -229,7 +174,7 @@ "tgcNUR", "nixpkgs" ], - "nixpkgs-stable": "nixpkgs-stable_3" + "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { "lastModified": 1754361940, @@ -245,29 +190,6 @@ "type": "github" } }, - "fenix": { - "inputs": { - "nixpkgs": [ - "grapevine", - "nixpkgs" - ], - "rust-analyzer-src": "rust-analyzer-src" - }, - "locked": { - "lastModified": 1752993983, - "narHash": "sha256-3YKCySMNhFDdHbFiRS4QbEwk0U5l42NMD1scDtniESY=", - "owner": "nix-community", - "repo": "fenix", - "rev": "62105e0745d7450976b26dbd1497b8cbe15eb9ff", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "main", - "repo": "fenix", - "type": "github" - } - }, "firefoxGnomeTheme": { "flake": false, "locked": { @@ -285,44 +207,6 @@ "type": "github" } }, - "flake-compat": { - "flake": false, - "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-parts": { - "inputs": { - "nixpkgs-lib": [ - "grapevine", - "attic", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1751413152, - "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, "flakeCompat": { "locked": { "lastModified": 1747046372, @@ -551,39 +435,6 @@ "url": "https://git.zaphyra.eu/gpx-map" } }, - "grapevine": { - "inputs": { - "attic": "attic", - "crane": "crane_2", - "fenix": "fenix", - "flake-compat": [ - "flakeCompat" - ], - "flake-utils": [ - "flakeUtils" - ], - "nix-filter": "nix-filter", - "nixpkgs": [ - "nixpkgs" - ], - "rocksdb": "rocksdb" - }, - "locked": { - "host": "gitlab.computer.surgery", - "lastModified": 1756571888, - "narHash": "sha256-NnbMYflrTddWEaD2Wm5dpFIaWG1e0KN0322WeyAmyTI=", - "owner": "matrix", - "repo": "grapevine", - "rev": "c4abca1eb554e1a1edb9b6adb8f968db5f9d53c2", - "type": "gitlab" - }, - "original": { - "host": "gitlab.computer.surgery", - "owner": "matrix", - "repo": "grapevine", - "type": "gitlab" - } - }, "haumea": { "inputs": { "nixpkgs": [ @@ -684,7 +535,7 @@ }, "lanzaboote": { "inputs": { - "crane": "crane_3", + "crane": "crane", "flake-compat": [ "flakeCompat" ], @@ -834,44 +685,6 @@ "type": "github" } }, - "nix-filter": { - "locked": { - "lastModified": 1731533336, - "narHash": "sha256-oRam5PS1vcrr5UPgALW0eo1m/5/pls27Z/pabHNy2Ms=", - "owner": "numtide", - "repo": "nix-filter", - "rev": "f7653272fd234696ae94229839a99b73c9ab7de0", - "type": "github" - }, - "original": { - "owner": "numtide", - "ref": "main", - "repo": "nix-filter", - "type": "github" - } - }, - "nix-github-actions": { - "inputs": { - "nixpkgs": [ - "grapevine", - "attic", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1737420293, - "narHash": "sha256-F1G5ifvqTpJq7fdkT34e/Jy9VCyzd5XfJ9TO8fHhJWE=", - "owner": "nix-community", - "repo": "nix-github-actions", - "rev": "f4158fa080ef4503c8f4c820967d946c2af31ec9", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nix-github-actions", - "type": "github" - } - }, "nixStd": { "locked": { "lastModified": 1710870712, @@ -919,27 +732,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1751949589, - "narHash": "sha256-mgFxAPLWw0Kq+C8P3dRrZrOYEQXOtKuYVlo9xvPntt8=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "9b008d60392981ad674e04016d25619281550a9d", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-stable": { - "locked": { - "lastModified": 1751741127, - "narHash": "sha256-t75Shs76NgxjZSgvvZZ9qOmz5zuBE8buUaYD28BMTxg=", + "lastModified": 1760139962, + "narHash": "sha256-4xggC56Rub3WInz5eD7EZWXuLXpNvJiUPahGtMkwtuc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "29e290002bfff26af1db6f64d070698019460302", + "rev": "7e297ddff44a3cc93673bb38d0374df8d0ad73e4", "type": "github" }, "original": { @@ -949,7 +746,7 @@ "type": "github" } }, - "nixpkgs-stable_2": { + "nixpkgs-stable": { "locked": { "lastModified": 1730741070, "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=", @@ -965,7 +762,7 @@ "type": "github" } }, - "nixpkgs-stable_3": { + "nixpkgs-stable_2": { "locked": { "lastModified": 1751274312, "narHash": "sha256-/bVBlRpECLVzjV19t5KMdMFWSwKLtb5RyXdjz3LJT+g=", @@ -997,22 +794,6 @@ "type": "github" } }, - "nixpkgs_2": { - "locked": { - "lastModified": 1760139962, - "narHash": "sha256-4xggC56Rub3WInz5eD7EZWXuLXpNvJiUPahGtMkwtuc=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "7e297ddff44a3cc93673bb38d0374df8d0ad73e4", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-25.05", - "repo": "nixpkgs", - "type": "github" - } - }, "oeffisearch": { "inputs": { "nixpkgs": [ @@ -1044,7 +825,7 @@ "lanzaboote", "nixpkgs" ], - "nixpkgs-stable": "nixpkgs-stable_2" + "nixpkgs-stable": "nixpkgs-stable" }, "locked": { "lastModified": 1731363552, @@ -1060,23 +841,6 @@ "type": "github" } }, - "rocksdb": { - "flake": false, - "locked": { - "lastModified": 1752084860, - "narHash": "sha256-mKh6zsmxsiUix4LX+npiytmKvLbo6WNA9y4Ns/EY+bE=", - "owner": "facebook", - "repo": "rocksdb", - "rev": "410c5623195ecbe4699b9b5a5f622c7325cec6fe", - "type": "github" - }, - "original": { - "owner": "facebook", - "ref": "v10.4.2", - "repo": "rocksdb", - "type": "github" - } - }, "root": { "inputs": { "airpodsctl": "airpodsctl", @@ -1091,7 +855,6 @@ "flakeyProfile": "flakeyProfile", "flauschehornSexy": "flauschehornSexy", "gpxMap": "gpxMap", - "grapevine": "grapevine", "haumea": "haumea", "homeManager": "homeManager", "homeManagerUnstable": "homeManagerUnstable", @@ -1103,7 +866,7 @@ "nixStd": "nixStd", "nixSystemsDefault": "nixSystemsDefault", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs", "nixpkgsUnstable": "nixpkgsUnstable", "oeffisearch": "oeffisearch", "sherlock": "sherlock", @@ -1116,23 +879,6 @@ "zaphyraWebsite": "zaphyraWebsite" } }, - "rust-analyzer-src": { - "flake": false, - "locked": { - "lastModified": 1752913824, - "narHash": "sha256-kRpDlijAr4p5VmcPSRw2mfhaBZ4cE3EDWzqLDIbASgA=", - "owner": "rust-lang", - "repo": "rust-analyzer", - "rev": "ed193af36937d2fd4bb14a815ec589875c5c7304", - "type": "github" - }, - "original": { - "owner": "rust-lang", - "ref": "nightly", - "repo": "rust-analyzer", - "type": "github" - } - }, "rust-overlay": { "inputs": { "nixpkgs": [ @@ -1177,7 +923,7 @@ }, "sherlock": { "inputs": { - "crane": "crane_4", + "crane": "crane_2", "flake-parts": [ "flakeParts" ],
diff --git a/flake.nix b/flake.nix @@ -117,7 +117,6 @@ inputs.lixModule.nixosModules.default inputs.lanzaboote.nixosModules.lanzaboote inputs.sopsNix.nixosModules.sops - inputs.grapevine.nixosModules.default inputs.tgcNUR.nixosModules.default inputs.things.nixosModules.default @@ -283,13 +282,6 @@ deploy-rs.inputs.utils.follows = "flakeUtils"; deploy-rs.inputs.flake-compat.follows = "flakeCompat"; - grapevine.url = "gitlab:matrix/grapevine?host=gitlab.computer.surgery"; - grapevine.inputs = { - nixpkgs.follows = "nixpkgs"; - flake-compat.follows = "flakeCompat"; - flake-utils.follows = "flakeUtils"; - }; - niriFlake.url = "github:sodiboo/niri-flake"; niriFlake.inputs = { nixpkgs.follows = "nixpkgsUnstable";
diff --git a/hosts/huntii/thinkmorse.nix b/hosts/huntii/thinkmorse.nix @@ -0,0 +1,125 @@ +{ pkgs, lib, config, ... }: +{ + options = { + services.thinkmorse = { + enable = lib.mkEnableOption "Enable morse on the thinkpad led"; + message = lib.mkOption { + type = lib.types.str; + default = "Hello, World!"; + description = "The message to display in morse code"; + }; + devices = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = [ "tpacpi::lid_logo_dot" ]; + description = "The devices to use for morse code"; + }; + speed = lib.mkOption { + type = lib.types.str; + default = "0.1"; + description = "Duration of a dit in seconds"; + }; + }; + }; + config = lib.mkIf config.services.thinkmorse.enable ( + let + ditDelay = config.services.thinkmorse.speed; + thinkmorse = pkgs.writeShellScriptBin "thinkmorse" '' + #!${pkgs.bash}/bin/bash + + modprobe -r ec_sys + modprobe ec_sys write_support=1 + + led(){ + ${lib.concatStringsSep "\n" (builtins.map (device: ''echo $1 | ${pkgs.coreutils}/bin/tee /sys/class/leds/${device}/brightness'' ) config.services.thinkmorse.devices )} + } + + dit(){ + led 1 + sleep ${ditDelay} + led 0 + sleep ${ditDelay} + } + + dah(){ + led 1 + sleep ${ditDelay} + sleep ${ditDelay} + sleep ${ditDelay} + led 0 + sleep ${ditDelay} + } + + morse(){ + case $1 in + "0") dah; dah; dah; dah; dah;; + "1") dit; dah; dah; dah; dah;; + "2") dit; dit; dah; dah; dah;; + "3") dit; dit; dit; dah; dah;; + "4") dit; dit; dit; dit; dah;; + "5") dit; dit; dit; dit; dit;; + "6") dah; dit; dit; dit; dit;; + "7") dah; dah; dit; dit; dit;; + "8") dah; dah; dah; dit; dit;; + "9") dah; dah; dah; dah; dit;; + "a") dit; dah;; + "b") dah; dit; dit; dit;; + "c") dah; dit; dah; dit;; + "d") dah; dit; dit;; + "e") dit;; + "f") dit; dit; dah; dit;; + "g") dah; dah; dit;; + "h") dit; dit; dit; dit;; + "i") dit; dit;; + "j") dit; dah; dah; dah;; + "k") dah; dit; dah;; + "l") dit; dah; dit; dit;; + "m") dah; dah;; + "n") dah; dit;; + "o") dah; dah; dah;; + "p") dit; dah; dah; dit;; + "q") dah; dah; dit; dah;; + "r") dit; dah; dit;; + "s") dit; dit; dit;; + "t") dah;; + "u") dit; dit; dah;; + "v") dit; dit; dit; dah;; + "w") dit; dah; dah;; + "x") dah; dit; dit; dah;; + "y") dah; dit; dah; dah;; + "z") dah; dah; dit; dit;; + " ") sleep ${ditDelay}; sleep ${ditDelay}; sleep ${ditDelay}; sleep ${ditDelay}; sleep ${ditDelay}; sleep ${ditDelay} ;; + #*) echo "done";; + esac + sleep 0.2; + } + + parse(){ + tmp=$1 + for i in $(seq 0 ''${#tmp}) + do + echo "current letter: ''${tmp:$i:1}" + morse ''${tmp:$i:1} + done + } + led 0 + parse "${config.services.thinkmorse.message}" + led 0 + sleep 1 + ''; + in + { + systemd.services.thinkmorse = { + enable = true; + description = "Morse a message on the thinkpad led"; + after = [ "systemd-modules-load.service" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + Restart = "always"; + Type = "simple"; + ExecStart = "${lib.getExe thinkmorse}"; + }; + }; + + } + ); +}
diff --git a/hosts/morio/default.nix b/hosts/morio/default.nix @@ -108,7 +108,7 @@ "bikemap.zaphyra.eu".enable = true; "dav.zaphyra.eu".enable = true; "gts.zaphyra.eu".enable = true; - "grapevine.zaphyra.eu".enable = true; + "continuwuity.zaphyra.eu".enable = true; "gomuks.zaphyra.eu".enable = true; "vault.zaphyra.eu".enable = true; "oeffi.zaphyra.eu".enable = true;
diff --git a/hosts/pratorum/default.nix b/hosts/pratorum/default.nix @@ -170,6 +170,7 @@ websites = { "music.zaphyra.dn42".enable = true; + "continuwuity-migration.zaphyra.eu".enable = true; }; users.zaphyra.enable = true;
diff --git a/hosts/pratorum/floractl.nix b/hosts/pratorum/floractl.nix @@ -0,0 +1,90 @@ +{ + config, + lib, + pkgs, + ... +}: + +{ + + modules.filesystem.impermanence.system.dirs = [ + { + directory = "/var/lib/zigbee2mqtt"; + mode = "0770"; + user = "zigbee2mqtt"; + group = "zigbee2mqtt"; + } + ]; + + sops.secrets."zigbee2mqttSecrets.yaml" = { + owner = "zigbee2mqtt"; + key = "zigbee2mqttSecrets"; + }; + + systemd.services.zigbee2mqtt = { + # requires = [ "mosquitto.service" ]; + # after = [ "mosquitto.service" ]; + serviceConfig = { + Restart = lib.mkForce "always"; + RuntimeMaxSec = "1d"; + }; + }; + + services = { + udev.extraRules = '' + SUBSYSTEM=="tty", ATTRS{idVendor}=="10c4", ATTRS{serial}=="00_12_4B_00_25_9B_C1_FC", SYMLINK+="zigbee0" + ATTR{idVendor}=="0451", ATTR{idProduct}=="16a8", ENV{ID_MM_DEVICE_IGNORE}="1" + SUBSYSTEM=="tty", ATTRS{idVendor}=="0451", ATTRS{idProduct}=="16a8", SYMLINK+="zigbee0" + ''; + + zigbee2mqtt = { + enable = true; + package = pkgs.zigbee2mqtt; + settings = { + homeassistant = true; + permit_join = false; + + mqtt = { + base_topic = "zigbee2mqtt"; + server = "mqtt://192.168.2.147:1883"; + user = "!${config.sops.secrets."zigbee2mqttSecrets.yaml".path} mqttUser"; + password = "!${config.sops.secrets."zigbee2mqttSecrets.yaml".path} mqttPassword"; + }; + + serial = { + port = "/dev/zigbee0"; + disable_led = true; + }; + + frontend = { + port = 8422; + host = "::1"; + }; + + advanced = { + log_level = "info"; + log_output = [ "console" ]; + channel = 11; + pan_id = 55067; + ext_pan_id = [ + 116 + 73 + 103 + 101 + 20 + 101 + 160 + 9 + ]; + network_key = "!${config.sops.secrets."zigbee2mqttSecrets.yaml".path} network_key"; + }; + + device_options.retain = true; + devices = { + "0x00124b0023ad17f1".friendly_name = "door_buzzer"; + }; + }; + }; + }; + +}
diff --git a/secrets/morio.yaml b/secrets/morio.yaml @@ -20,9 +20,9 @@ gotosocialEnv: ENC[AES256_GCM,data:5hvURqX+EqN8zpjirBmh5TIWWgaCga9QxnAfyW1rwOXEL environments: vaultwarden: ENC[AES256_GCM,data:uKc/1bnfXcxcUyBrvi5eYXpikmJna6hav0P0x4mopMY4VE6vGp/pSyqWXDzdjBYgV69/O2vqbfS4o61B+OjAS/ssYVyLvVHR3CJ+FCZmgA0zjO52C+TcVFYggxKUtcCVgBuNIzIqZ4lRE5T4I8V8WO6czQtmnBqvu27GY94sjyRUdG7hIySRVRbyhyCPFEYh9PKWUBEcdQf3P9dk9O3KKEG7TrngSm6yJtG0H7hc2M+4/xu8r7+j05AI5y2gs1oFN7QZqqSZ4Es4bUUn/SUXaeHnNCG/fr718fBKmvQuwrHjIfHwnxADA6HfklASKwRYm5EfWSW4RcCLKekFFfdR5O3mhQJR/mis46MdFUlhXvMJWQk=,iv:LnxnMS+xqlQuUQ88h9Etzk5IfpZenW/nOfWLYzABl0E=,tag:t10UUaatvmvZD/WEB0eL6g==,type:str] mautrixBridges: - signal: ENC[AES256_GCM,data:PuyUzSf4Xl3eJDDoDSX3gz6B1oXXiMWeECtOs3pmd2n6rJYRWRD7Ve6iz6a9/VdIFNomNSyGVBPJ6y+YZlD3Gq4g+U3a6hsAsBbIU4REVP/9igwLmP+fB3FMNzE9gcN0MSZx5dxSEFuVGgktvGH9Vb7SSHfjhPxfhRd67SS+MFrxwYCpfxlh9PxKBT3EqA8hWgPB7bxBcaW/khf996xdMfHeaxxQAXDyanOgIn5iDtrM9PbHsEpS8xlN1fSVQKYbQgz+WnL+7hudvj/rXeGNVxMXd//7JTsopzslGQ1JtgwN9fJ8uDKytWux54dmSvdUL35cDgmn/4AUSL/hQvOm4i12+9MbOj9/9l6clp+BSS2fI1XhDWEWOqG7/Cb85ABRmQzDlE3EfMPQF4HY4PKh1F+Xy1BgbbWSDoeQEs3jWqO6Qgq3fW8RO06/DU/11IFb0BhSAyUrlB9FnD4mvMY2Sf9Sdw5hUsuJ2psPSLCrjiYoPnOyIuELCctW3SkBeNn1,iv:Min6Y4qEZQAxQ2gTQR5+vZuSeY0YY3Wa6ixr6NnHhPY=,tag:3qB8BHmPCyFLYR7j2HxgVA==,type:str] - whatsapp: ENC[AES256_GCM,data:7vGIEBWX2Pu8y3pb69cOAMRTG37F5Yg82OkJDzpxk86+q5JLYCSjPEUR90OdyguKb8Ru4TMbqRw87pWkV2AA8YUMY6RUKzgeRghXNZQjhLo6eFTYxGILkjw+7CeuwJlzlmvbunvO1iuV8TduGSQSN+9rCyugHeqoMldRIcgHLkTBJ5XwsT/8gGzwlGsGD3GOr3weeAhCCZc4jRKlep3h3oGi3WqabpG8Pjp9FTCpVi7JuFA9cSXbSpiVU7PwG8ACDeZqcGTn3dQhdtYrBvBkiGgMY3Bjn8O73/6m6xJ1TChqPOMiR5xWBA0hdKUQImOo7qEbGqsWew1ucejrP8Skj6BOUDHag1r7eKNtXYxSstAXt3u7UVZbyX641SJ8umezpQtr+A+WiCrZZAOhGf5tgZRh3zCGaMOO8HjpEj0dvpgs73ZPpzPGxvDk7Yvws22Oka7vlBeqLknAFAV7SA7ZqakqPXeFlYt9PMVCPHTZTzDrzwpRyEnTmilPyto0lJX3,iv:7voliAT5vclU+ZPtoYr3+TCOa42eNJ+iEHMn5rwdg4Q=,tag:tDai6Pf1wx6Pt4qGAo7KYw==,type:str] - telegram: ENC[AES256_GCM,data:97fb0qEgYI5wfTshkHkDt28WKh86e7/ymJVE77/D7XUr25g9IGS4vpdZs/UXf6iSPURKQXWFhxfLR4Nbye3EaSF/RWt4J/+21djw5niVFlsH0QSzdSQgnEi630pT8yRYGEAXA4VMQQMseuCJDphbZTusTsRpgZ45hFIvFMXHqKT688N9xTgErca0N6knjDmvELyaeB/IkvNukr1F8Z84MW/9bxcDwLsl/sRgl/vSHTXR9usmT2tJ+p3D7p+DehZaDEhggduCRTvnKIqJBbQwhwNR7/rFCsHz0bMzuwYqpLrGnIoJ5ZigzaZ4j9iaBBgxTKOzJoe8fnQQPeqdemwCTTHndLMzA2ZjlYi2o1a4hYdNUcEd6OAr8j860JWNoTAHI7wq3jLjzvuwV3j4KhPXbGNx2e+Vnasn2TQi6SHsWNK1hW3z3svI7HmMoLB6i4iy7o+YrLISre7spnuISVFquAKR/3GUAoxwLl4abZKxZT9fL1HoTGZC18fDA0jlesCkZSZp7CvuW3LnEjnrWLfhFZMFCVHiKq3crlCVWMxmJ3verWI0fd5XHqg8o+ed47fW1lBd7sewREmN/7u3c/USMOS04kn9604p45IIG00=,iv:MlZa2nMYD9AB/TmY8QDYpArRizyYe732v4CzGB5PB7w=,tag:XijkOhRqrYp+5NlyiHejkg==,type:str] + signal: ENC[AES256_GCM,data:ABrSECh5C3sVmcqE4j/4zwHWfeiym4Iyp2cM6QcxjStF4ZDfs9H5HMssoSLfE2xgUvOiGJvn1LUpBEYoj7vBlVJdjFA43t1fpUzVmtRL/3Nax0tjwkwGBQ0qnL0vPmx4QdG+ioe0Hf9zH2yzPpgzxj4np6t25l1Kgj40eKQ1wiRaX2OBpIO/18WYefFa1Pg+eX9DF4s1q9CKE7bzGMpGJzg2PNOyfMUJT6HET9cGOk0pzk3yJbFtpPVa0ruCuu2i317SbKWkHktwxv06/3BKzSucDXReziQQnvaw3+ap5yM27Ara9Q4MdSTFjZKdcIs2Y5K49FIND9RwS05ps3nZPpuo8/SiephsbM88tLj4Y67lv2XR1G05e55JkfaFOsSCRQMqjgTxUbb1RlN3jXS4MMvGVlaBXtAOAs+o4BBK+XxMp/sdDMa1LP/jrxmafwGotffxpejsoUuwk2p/R9j5NihqAKC87DxYGCnrUfTt73rC9fQZzOtOMJ87IPtY+fue6B5hbNrix+r5DI5VVzeukswlmdD0IYENH05EfpL/JBa5,iv:4WUiRkezdOnsZdVs+FUlQwK4x4JgWXf1e6f/vnZMOGc=,tag:g/9KOX9HrhMsRUUmvS6ZDw==,type:str] + whatsapp: ENC[AES256_GCM,data:BLBI7+Cis6nKrfSwTnOkBY3dk7Urj+add+eYsFsd76T1hX6C8cJ5UI6fgcP5c7LemczQPVBlWf7sF0PBeLNnWDC+yLoK4WBjMHKncdcSsm3wkg55gvJ5Cu6mjt9QS584znwB+q3um+9astRHDw9aF/jaWUWHlOEvGgSlcn0liCWyPhJ2Hrcdqf/dpQlpGKZrwtmiSpwMGFvA0Huvb7iiWL6TqiPzHGWqwaNrFBe8Hw9gxgGolbsKPkid4+zouLbNwrYDwbGzq42BLY2n8Z2Spe0JBQnccIJN6iMU0cdFoIisiyfRA05qUwroQsWEThChlIHxaIzS2WbJ4ULTc0zxc5VEaXTFN+FPNvYUFwYAI+IvmZzOGOyYPtcajC8qm6SjXMV+WbXf0iyiax4ynZ94IxTXJGqoBrioPnl+UECtCWxIgNiz+8mMVdu6XP4RpyvW3dQJ5R+zKZdoaws4gC4D2nT/DCSgPNg9+e8ybxvzvVE1FlU99iHk5FnwqpuFtytOGp7U6kCberrzgvf7wRJAWkxDsUjNyACSgu0+SUXkg1JL,iv:gkHKn+FS9ON4g8PHkvbk51qNKgxgXVqJJtDItMsAAT4=,tag:p9mYd22GMY1ySmcDByM8/Q==,type:str] + telegram: ENC[AES256_GCM,data:iIujpbLEy7rxXiuCJ+T/uylO/obKWq0PCDb0aRkTtrx1wuDhPEg4C7SAm5wTBtHM/aWnHb7dnFah2J+IYMr1xjW0WUkhXRi6hlfDp8vCTKVYFuTp2ewCN7EUdBBO9+gl6d82MbVxGkE05+NVQ8vPw4AMA89lad2hbqPwhXoT+Gs2dITWcoltXwUcInrOyOTqL3P6zWxom4/lQNHEdSMeV8VzGFcaTgrwyAoJqkqf+NF8+EObZiM75xFTQYpUeUhdDC5fXIZ8kAZ6b/gEvv6NdeqtS9GAOWdm6j7+069Xyo1i5swHwD4WfLnAXo1Y9TaLgdEjYoFVsK6DMnBXKwTC7nfcg357uaqSJ3nofyf+ufJX5MhI3jwPJzu5bmonV2EV0GmCMXTfBwqT48gigd2Cqq3w7lTJ69vPEuYaDBFITGGCM3NdAEQLxwjP12DkhvwxBxX5bpVLYqc1cDzdCKr0I+BbaQNiMFgD7ntRUky40oH0okxiwTyIPjAqzBqdF63ptIkUqkXwSBTIz4E02Yp5OB/cQTsyxZl8BcgCQZ5C4NDAKD3ql+JqPovgn0gkC1dSbvf6ZWRM39Yx+XlU7ggv63sxiUMQFtxnzw3jU54f3L1aUShiTwVZK/eOwrvrxrhyG7gZDrj954HlA4q5p+k=,iv:ySsCXIubPZ2fHBuctIOmOPjxnWu8C/MiwcVI0OnKUrg=,tag:2UZw1uro5+1N4zC88AMyCg==,type:str] dn42: wgPrivateKey: ENC[AES256_GCM,data:QunDYyLV85MkkTH8lnT3xdzdEY6WfjfdWwNi3IdqS5Yn7foLWLIZcqryaW0=,iv:hnFZ1yauh9FOkxEfrXBkwgJtAcNRLD9V5K8Ud7b/nHc=,tag:XIdmD9Um+1+KVjfUk+aa7g==,type:str] sops: @@ -36,8 +36,8 @@ sops: Ym5kdER1cTdYM09ydEgwUUlhQ3lXUEEKVjdcjjDXUhmpszI5i3NsjrsF6XRHf1a6 qzqyN7FQTuwy23N9PBdJMTe7aAcw12vbvuY2v7UfmNzxkvggaDXJ0Q== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-09-21T18:06:07Z" - mac: ENC[AES256_GCM,data:zweRo8cjvz3d9af3Wwfkgn79aLxSeyfangKteVCbALjQHlyjtriST0QwlzXz8zQWEBKQzZ2XITR8jyp8Owm2gX/DlRPoY85HpdGMStTkLFXpGgn2xZDxQzccdSRUwue97SfzC1wjwPUcrsg2pnB6aYQgYLkRHDHjqB7xWDG9ixw=,iv:xDgcAWdZNg27cvCTLrBycwD7KjwpvbWni373IGva1Ls=,tag:xPhTNCAj2xcAW3kHx1KXiQ==,type:str] + lastmodified: "2025-10-15T08:58:00Z" + mac: ENC[AES256_GCM,data:A6jC61FAwUQ8pieELbnirhsx8wWrCxnGemnQg6zM98t5ToDZPNoN3T5xmxnUeLw5H5CuY1HII5App8OQ5mDaTUovgrfdxISjjZKzWCswq76+m0I7Yoa3wu4W0yZ+ovNAt7AOsLuFT+ABJ5L0QkQbOhu/f2UudriZErGr0kvdrBQ=,iv:bBbGS3NbR/BvU1rPTEyk7M0UZzCtlz3WYZH1BzAsqRs=,tag:GMgIQvTvadTZWHXMyK7AtA==,type:str] pgp: - created_at: "2025-06-16T13:06:52Z" enc: |-