flake update

Switch to conduwuit
ssh agent proper setup
2025-03-27 15:53:48 -04:00 · 2025-03-27 15:52:42 -04:00 · 2025-03-27 14:58:38 -04:00 · 2025-03-27 03:16:41 -04:00 · 2025-03-27 02:55:22 -04:00 · 2025-03-27 02:39:35 -04:00
7 changed files with 211 additions and 34 deletions
--- a/flake.lock
+++ b/flake.lock
@ -5,11 +5,11 @@
        "nixpkgs": "nixpkgs"
      },
      "locked": {
-        "lastModified": 1735644329,
+        "lastModified": 1741473158,
-        "narHash": "sha256-tO3HrHriyLvipc4xr+Ewtdlo7wM1OjXNjlWRgmM7peY=",
+        "narHash": "sha256-kWNaq6wQUbUMlPgw8Y+9/9wP0F8SHkjy24/mN3UAppg=",
        "owner": "numtide",
        "repo": "devshell",
-        "rev": "f7795ede5b02664b57035b3b757876703e2c3eac",
+        "rev": "7c9e793ebe66bcba8292989a68c0419b737a22a0",
        "type": "github"
      },
      "original": {
@ -39,11 +39,11 @@
        "nixpkgs-lib": "nixpkgs-lib"
      },
      "locked": {
-        "lastModified": 1740872218,
+        "lastModified": 1741352980,
-        "narHash": "sha256-ZaMw0pdoUKigLpv9HiNDH2Pjnosg7NBYMJlHTIsHEUo=",
+        "narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "3876f6b87db82f33775b1ef5ea343986105db764",
+        "rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9",
        "type": "github"
      },
      "original": {
@ -92,11 +92,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1739757849,
+        "lastModified": 1742655702,
-        "narHash": "sha256-Gs076ot1YuAAsYVcyidLKUMIc4ooOaRGO0PqTY7sBzA=",
+        "narHash": "sha256-jbqlw4sPArFtNtA1s3kLg7/A4fzP4GLk9bGbtUJg0JQ=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "9d3d080aec2a35e05a15cedd281c2384767c2cfe",
+        "rev": "0948aeedc296f964140d9429223c7e4a0702a1ff",
        "type": "github"
      },
      "original": {
@ -143,11 +143,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1740646007,
+        "lastModified": 1742806253,
-        "narHash": "sha256-dMReDQobS3kqoiUCQIYI9c0imPXRZnBubX20yX/G5LE=",
+        "narHash": "sha256-zvQ4GsCJT6MTOzPKLmlFyM+lxo0JGQ0cSFaZSACmWfY=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "009b764ac98a3602d41fc68072eeec5d24fc0e49",
+        "rev": "ecaa2d911e77c265c2a5bac8b583c40b0f151726",
        "type": "github"
      },
      "original": {
@ -163,11 +163,11 @@
        "nixpkgs": "nixpkgs_2"
      },
      "locked": {
-        "lastModified": 1740567864,
+        "lastModified": 1742999260,
-        "narHash": "sha256-eTS2wrC1jKR6PKXC9jZqQy5PwqbIOBLSLF3dwLiFJ8M=",
+        "narHash": "sha256-wgeb7kSod9MAGm39MsVLsy2zxSbtCtckCkgfbjg6TLM=",
        "owner": "nix-community",
        "repo": "NixOS-WSL",
-        "rev": "1f40b43d01626ce994eb47150afa0d7215f396ca",
+        "rev": "64d679540fa4d7e2afdbbb53ea63e3e5019c1f52",
        "type": "github"
      },
      "original": {
@ -195,23 +195,26 @@
    },
    "nixpkgs-lib": {
      "locked": {
-        "lastModified": 1740872140,
+        "lastModified": 1740877520,
-        "narHash": "sha256-3wHafybyRfpUCLoE8M+uPVZinImg3xX+Nm6gEfN3G8I=",
+        "narHash": "sha256-oiwv/ZK/2FhGxrCkQkB83i7GnWXPPLzoqFHpDD3uYpk=",
-        "type": "tarball",
+        "owner": "nix-community",
-        "url": "https://github.com/NixOS/nixpkgs/archive/6d3702243441165a03f699f64416f635220f4f15.tar.gz"
+        "repo": "nixpkgs.lib",
        "rev": "147dee35aab2193b174e4c0868bd80ead5ce755c",
        "type": "github"
      },
      "original": {
-        "type": "tarball",
+        "owner": "nix-community",
-        "url": "https://github.com/NixOS/nixpkgs/archive/6d3702243441165a03f699f64416f635220f4f15.tar.gz"
+        "repo": "nixpkgs.lib",
        "type": "github"
      }
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1741010256,
+        "lastModified": 1742889210,
-        "narHash": "sha256-WZNlK/KX7Sni0RyqLSqLPbK8k08Kq7H7RijPJbq9KHM=",
+        "narHash": "sha256-hw63HnwnqU3ZQfsMclLhMvOezpM7RSB0dMAtD5/sOiw=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "ba487dbc9d04e0634c64e3b1f0d25839a0a68246",
+        "rev": "698214a32beb4f4c8e3942372c694f40848b360d",
        "type": "github"
      },
      "original": {
@ -223,11 +226,11 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1740463929,
+        "lastModified": 1740865531,
-        "narHash": "sha256-4Xhu/3aUdCKeLfdteEHMegx5ooKQvwPHNkOgNCXQrvc=",
+        "narHash": "sha256-h00vGIh/jxcGl8aWdfnVRD74KuLpyY3mZgMFMy7iKIc=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "5d7db4668d7a0c6cc5fc8cf6ef33b008b2b1ed8b",
+        "rev": "5ef6c425980847c78a80d759abc476e941a9bf42",
        "type": "github"
      },
      "original": {
@ -239,11 +242,11 @@
    },
    "nixpkgs_3": {
      "locked": {
-        "lastModified": 1740932899,
+        "lastModified": 1742937945,
-        "narHash": "sha256-F0qDu2egq18M3edJwEOAE+D+VQ+yESK6YWPRQBfOqq8=",
+        "narHash": "sha256-lWc+79eZRyvHp/SqMhHTMzZVhpxkRvthsP1Qx6UCq0E=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "1546c45c538633ae40b93e2d14e0bb6fd8f13347",
+        "rev": "d02d88f8de5b882ccdde0465d8fa2db3aa1169f7",
        "type": "github"
      },
      "original": {
--- a/home-manager/machines/crash/home.nix
+++ b/home-manager/machines/crash/home.nix
@ -32,6 +32,7 @@
                ../../modules/programs/core.nix
                ../../modules/programs/devel.nix
                ../../modules/programs/ssh.nix
                ../../modules/programs/ssh-agent.nix
                (import ../../modules/programs/emacs.nix {})
                ../../modules/programs/fonts.nix
                ../../modules/programs/desktop.nix
--- a/home-manager/modules/programs/ssh-agent.nix
+++ b/home-manager/modules/programs/ssh-agent.nix
@ -0,0 +1,17 @@
 {
  config,
  lib,
  pkgs,
  ...
 }: {
  # Enable the agent
  services.ssh-agent = {
    enable = true;
  };
  # Setup fish init
  programs.fish.shellInit =
    ''
    set -x SSH_AUTH_SOCK $XDG_RUNTIME_DIR/ssh-agent
    ssh-add
 '';
 }
--- a/home-manager/modules/programs/ssh.nix
+++ b/home-manager/modules/programs/ssh.nix
@ -18,9 +18,21 @@
    controlPersist = "10m";
    # Configure known hosts
    matchBlocks = {
      # rsync.net
      "de1955" = {
        hostname = "de1955.rsync.net";
        user = "de1955";
      };
      # my nixos machines
      "tides" = {
        hostname = "150.136.87.190";
        forwardAgent = true;
      };
      "driftwood" = {
        hostname = "driftwood.stranger.systems";
        forwardAgent = true;
      };
      # Other Machines
      "static.stranger.systems" = {
        hostname = "129.153.226.221";
        user = "ubuntu";
--- a/nixos/machines/driftwood/configuration.nix
+++ b/nixos/machines/driftwood/configuration.nix
@ -1,10 +1,12 @@
 # Edit this configuration file to define what should be installed on
 # your system. Help is available in the configuration.nix(5) man page, on
 # https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
 { config, lib, pkgs, ... }:
 {
  config,
  lib,
  pkgs,
  ...
 }: {
  # Use the systemd-boot EFI boot loader.
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
@ -15,6 +17,37 @@
  i18n.defaultLocale = "en_US.UTF-8";
  system.stateVersion = "24.11"; # Did you read the comment?
  networking.nat = {
    enable = true;
    internalInterfaces = ["ve-+"];
    externalInterface = "enp5s0f0";
    # Lazy IPv6 connectivity for the container
    enableIPv6 = true;
  };
  # Nginx configuration
  # Configure automated TLS acquisition/renewal
  security.acme = {
    acceptTerms = true;
    defaults = {
      email = "admin@stranger.systems";
    };
  };
  # ACME data must be readable by the NGINX user
  users.users.nginx.extraGroups = [
    "acme"
  ];
  # Enable nginx
  services.nginx = {
    enable = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;
    recommendedOptimisation = true;
  };
  # Open firewall ports for HTTP, HTTPS, and Matrix federation
  networking.firewall.allowedTCPPorts = [80 443 8448];
  networking.firewall.allowedUDPPorts = [80 443 8448];
 }
--- a/nixos/machines/driftwood/containers/conduit.nix
+++ b/nixos/machines/driftwood/containers/conduit.nix
@ -0,0 +1,110 @@
 {
  config,
  lib,
  pkgs,
  inputs,
  ...
 }: {
  containers.conduit-stranger-systems = {
    autoStart = true;
    privateNetwork = true;
    hostAddress = "192.168.100.10";
    localAddress = "192.168.100.11";
    hostAddress6 = "fc00::1";
    localAddress6 = "fc00::2";
    bindMounts = {
      "/var/lib/" = {
        hostPath = "/var/containers/conduit";
        isReadOnly = false;
      };
    };
    nixpkgs = inputs.nixpkgs-unstable.outPath;
    config = {
      config,
      lib,
      pkgs,
      ...
    }: {
      # Conduit proper
      services.conduwuit = {
        enable = true;
        settings.global = {
          server_name = "stranger.systems";
          rocksdb_optimize_for_spinning_disks = true;
 new_user_displayname_suffix = "";
          allow_registration = true;
          registration_token_file = "/var/lib/conduwuit/reg_token";
          port = [6167];
          address = ["0.0.0.0"];
        };
      };
      # Open the port
      networking.firewall.allowedTCPPorts = [6167];
      system.stateVersion = "24.11";
    };
  };
  services.nginx = {
    virtualHosts = {
      "matrix.stranger.systems" = {
        forceSSL = true;
        enableACME = true;
        listen = [
          {
            addr = "0.0.0.0";
            port = 443;
            ssl = true;
          }
          {
            addr = "[::]";
            port = 443;
            ssl = true;
          }
          {
            addr = "0.0.0.0";
            port = 80;
            ssl = false;
          }
          {
            addr = "[::]";
            port = 80;
            ssl = false;
          }
          {
            addr = "0.0.0.0";
            port = 8448;
            ssl = true;
          }
          {
            addr = "[::]";
            port = 8448;
            ssl = true;
          }
        ];
        locations."/_matrix/" = {
          proxyPass = "http://backend_conduit$request_uri";
          proxyWebsockets = true;
          extraConfig = ''
            proxy_set_header Host $host;
            proxy_buffering off;
          '';
        };
        extraConfig = ''
          merge_slashes off;
        '';
      };
    };
    upstreams = {
      "backend_conduit" = {
        servers = {
          "192.168.100.11:6167" = {};
        };
      };
    };
  };
 }
--- a/nixos/machines/driftwood/machine.nix
+++ b/nixos/machines/driftwood/machine.nix
@ -38,6 +38,7 @@
                  mutableUsers = false;
                })
                (import ../../modules/ssh.nix)
                (import ./containers/conduit.nix)
              ];
              nix.settings.experimental-features = [
Author	SHA1	Message	Date
Nathan McCarty	ff0b40544a	flake update	2025-03-27 15:53:48 -04:00
Nathan McCarty	32e433123c	Switch to conduwuit	2025-03-27 15:52:42 -04:00
Nathan McCarty	582602fe82	ssh agent proper setup	2025-03-27 14:58:38 -04:00
Nathan McCarty	95feab33ad	Get conduit properly setup	2025-03-27 03:16:41 -04:00
Nathan McCarty	1baa1ce671	ngnix for conduit	2025-03-27 02:55:22 -04:00
Nathan McCarty	974de549bc	ssh-agent setup	2025-03-27 02:39:35 -04:00
Nathan McCarty	8dfd30b333	Initial conduit container setup	2025-03-27 02:36:18 -04:00