diff --git a/flake.lock b/flake.lock index 6723954..646bb5e 100644 --- a/flake.lock +++ b/flake.lock @@ -5,11 +5,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1741473158, - "narHash": "sha256-kWNaq6wQUbUMlPgw8Y+9/9wP0F8SHkjy24/mN3UAppg=", + "lastModified": 1735644329, + "narHash": "sha256-tO3HrHriyLvipc4xr+Ewtdlo7wM1OjXNjlWRgmM7peY=", "owner": "numtide", "repo": "devshell", - "rev": "7c9e793ebe66bcba8292989a68c0419b737a22a0", + "rev": "f7795ede5b02664b57035b3b757876703e2c3eac", "type": "github" }, "original": { @@ -39,11 +39,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1741352980, - "narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=", + "lastModified": 1740872218, + "narHash": "sha256-ZaMw0pdoUKigLpv9HiNDH2Pjnosg7NBYMJlHTIsHEUo=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9", + "rev": "3876f6b87db82f33775b1ef5ea343986105db764", "type": "github" }, "original": { @@ -92,11 +92,11 @@ ] }, "locked": { - "lastModified": 1742655702, - "narHash": "sha256-jbqlw4sPArFtNtA1s3kLg7/A4fzP4GLk9bGbtUJg0JQ=", + "lastModified": 1739757849, + "narHash": "sha256-Gs076ot1YuAAsYVcyidLKUMIc4ooOaRGO0PqTY7sBzA=", "owner": "nix-community", "repo": "home-manager", - "rev": "0948aeedc296f964140d9429223c7e4a0702a1ff", + "rev": "9d3d080aec2a35e05a15cedd281c2384767c2cfe", "type": "github" }, "original": { @@ -143,11 +143,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1742806253, - "narHash": "sha256-zvQ4GsCJT6MTOzPKLmlFyM+lxo0JGQ0cSFaZSACmWfY=", + "lastModified": 1740646007, + "narHash": "sha256-dMReDQobS3kqoiUCQIYI9c0imPXRZnBubX20yX/G5LE=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "ecaa2d911e77c265c2a5bac8b583c40b0f151726", + "rev": "009b764ac98a3602d41fc68072eeec5d24fc0e49", "type": "github" }, "original": { @@ -163,11 +163,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1742999260, - "narHash": "sha256-wgeb7kSod9MAGm39MsVLsy2zxSbtCtckCkgfbjg6TLM=", + "lastModified": 1740567864, + "narHash": "sha256-eTS2wrC1jKR6PKXC9jZqQy5PwqbIOBLSLF3dwLiFJ8M=", "owner": "nix-community", "repo": "NixOS-WSL", - "rev": "64d679540fa4d7e2afdbbb53ea63e3e5019c1f52", + "rev": "1f40b43d01626ce994eb47150afa0d7215f396ca", "type": "github" }, "original": { @@ -195,26 +195,23 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1740877520, - "narHash": "sha256-oiwv/ZK/2FhGxrCkQkB83i7GnWXPPLzoqFHpDD3uYpk=", - "owner": "nix-community", - "repo": "nixpkgs.lib", - "rev": "147dee35aab2193b174e4c0868bd80ead5ce755c", - "type": "github" + "lastModified": 1740872140, + "narHash": "sha256-3wHafybyRfpUCLoE8M+uPVZinImg3xX+Nm6gEfN3G8I=", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/6d3702243441165a03f699f64416f635220f4f15.tar.gz" }, "original": { - "owner": "nix-community", - "repo": "nixpkgs.lib", - "type": "github" + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/6d3702243441165a03f699f64416f635220f4f15.tar.gz" } }, "nixpkgs-unstable": { "locked": { - "lastModified": 1742889210, - "narHash": "sha256-hw63HnwnqU3ZQfsMclLhMvOezpM7RSB0dMAtD5/sOiw=", + "lastModified": 1741010256, + "narHash": "sha256-WZNlK/KX7Sni0RyqLSqLPbK8k08Kq7H7RijPJbq9KHM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "698214a32beb4f4c8e3942372c694f40848b360d", + "rev": "ba487dbc9d04e0634c64e3b1f0d25839a0a68246", "type": "github" }, "original": { @@ -226,11 +223,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1740865531, - "narHash": "sha256-h00vGIh/jxcGl8aWdfnVRD74KuLpyY3mZgMFMy7iKIc=", + "lastModified": 1740463929, + "narHash": "sha256-4Xhu/3aUdCKeLfdteEHMegx5ooKQvwPHNkOgNCXQrvc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5ef6c425980847c78a80d759abc476e941a9bf42", + "rev": "5d7db4668d7a0c6cc5fc8cf6ef33b008b2b1ed8b", "type": "github" }, "original": { @@ -242,11 +239,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1742937945, - "narHash": "sha256-lWc+79eZRyvHp/SqMhHTMzZVhpxkRvthsP1Qx6UCq0E=", + "lastModified": 1740932899, + "narHash": "sha256-F0qDu2egq18M3edJwEOAE+D+VQ+yESK6YWPRQBfOqq8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d02d88f8de5b882ccdde0465d8fa2db3aa1169f7", + "rev": "1546c45c538633ae40b93e2d14e0bb6fd8f13347", "type": "github" }, "original": { diff --git a/home-manager/machines/crash/home.nix b/home-manager/machines/crash/home.nix index f16278b..b57d562 100644 --- a/home-manager/machines/crash/home.nix +++ b/home-manager/machines/crash/home.nix @@ -32,7 +32,6 @@ ../../modules/programs/core.nix ../../modules/programs/devel.nix ../../modules/programs/ssh.nix - ../../modules/programs/ssh-agent.nix (import ../../modules/programs/emacs.nix {}) ../../modules/programs/fonts.nix ../../modules/programs/desktop.nix diff --git a/home-manager/modules/programs/ssh-agent.nix b/home-manager/modules/programs/ssh-agent.nix deleted file mode 100644 index 73d9324..0000000 --- a/home-manager/modules/programs/ssh-agent.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: { - # Enable the agent - services.ssh-agent = { - enable = true; - }; - # Setup fish init - programs.fish.shellInit = - '' - set -x SSH_AUTH_SOCK $XDG_RUNTIME_DIR/ssh-agent - ssh-add -''; -} diff --git a/home-manager/modules/programs/ssh.nix b/home-manager/modules/programs/ssh.nix index 65a00bc..386c110 100644 --- a/home-manager/modules/programs/ssh.nix +++ b/home-manager/modules/programs/ssh.nix @@ -18,21 +18,9 @@ controlPersist = "10m"; # Configure known hosts matchBlocks = { - # rsync.net - "de1955" = { - hostname = "de1955.rsync.net"; - user = "de1955"; - }; - # my nixos machines "tides" = { hostname = "150.136.87.190"; - forwardAgent = true; }; - "driftwood" = { - hostname = "driftwood.stranger.systems"; - forwardAgent = true; - }; - # Other Machines "static.stranger.systems" = { hostname = "129.153.226.221"; user = "ubuntu"; diff --git a/nixos/machines/driftwood/configuration.nix b/nixos/machines/driftwood/configuration.nix index 9263ba9..f04a9a0 100644 --- a/nixos/machines/driftwood/configuration.nix +++ b/nixos/machines/driftwood/configuration.nix @@ -1,12 +1,10 @@ # Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page, on # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). + +{ config, lib, pkgs, ... }: + { - config, - lib, - pkgs, - ... -}: { # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; @@ -17,37 +15,6 @@ i18n.defaultLocale = "en_US.UTF-8"; system.stateVersion = "24.11"; # Did you read the comment? - networking.nat = { - enable = true; - internalInterfaces = ["ve-+"]; - externalInterface = "enp5s0f0"; - # Lazy IPv6 connectivity for the container - enableIPv6 = true; - }; - # Nginx configuration - # Configure automated TLS acquisition/renewal - security.acme = { - acceptTerms = true; - defaults = { - email = "admin@stranger.systems"; - }; - }; - - # ACME data must be readable by the NGINX user - users.users.nginx.extraGroups = [ - "acme" - ]; - - # Enable nginx - services.nginx = { - enable = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - recommendedOptimisation = true; - }; - - # Open firewall ports for HTTP, HTTPS, and Matrix federation - networking.firewall.allowedTCPPorts = [80 443 8448]; - networking.firewall.allowedUDPPorts = [80 443 8448]; } + diff --git a/nixos/machines/driftwood/containers/conduit.nix b/nixos/machines/driftwood/containers/conduit.nix deleted file mode 100644 index 7d66cce..0000000 --- a/nixos/machines/driftwood/containers/conduit.nix +++ /dev/null @@ -1,110 +0,0 @@ -{ - config, - lib, - pkgs, - inputs, - ... -}: { - containers.conduit-stranger-systems = { - autoStart = true; - privateNetwork = true; - hostAddress = "192.168.100.10"; - localAddress = "192.168.100.11"; - hostAddress6 = "fc00::1"; - localAddress6 = "fc00::2"; - bindMounts = { - "/var/lib/" = { - hostPath = "/var/containers/conduit"; - isReadOnly = false; - }; - }; - nixpkgs = inputs.nixpkgs-unstable.outPath; - config = { - config, - lib, - pkgs, - ... - }: { - # Conduit proper - services.conduwuit = { - enable = true; - settings.global = { - server_name = "stranger.systems"; - rocksdb_optimize_for_spinning_disks = true; -new_user_displayname_suffix = ""; - allow_registration = true; - registration_token_file = "/var/lib/conduwuit/reg_token"; - port = [6167]; - address = ["0.0.0.0"]; - }; - }; - # Open the port - networking.firewall.allowedTCPPorts = [6167]; - - system.stateVersion = "24.11"; - }; - }; - - services.nginx = { - virtualHosts = { - "matrix.stranger.systems" = { - forceSSL = true; - enableACME = true; - - listen = [ - { - addr = "0.0.0.0"; - port = 443; - ssl = true; - } - { - addr = "[::]"; - port = 443; - ssl = true; - } - { - addr = "0.0.0.0"; - port = 80; - ssl = false; - } - { - addr = "[::]"; - port = 80; - ssl = false; - } - { - addr = "0.0.0.0"; - port = 8448; - ssl = true; - } - { - addr = "[::]"; - port = 8448; - ssl = true; - } - ]; - - locations."/_matrix/" = { - proxyPass = "http://backend_conduit$request_uri"; - proxyWebsockets = true; - extraConfig = '' - proxy_set_header Host $host; - proxy_buffering off; - ''; - }; - - extraConfig = '' - merge_slashes off; - ''; - }; - }; - - upstreams = { - "backend_conduit" = { - servers = { - "192.168.100.11:6167" = {}; - }; - }; - }; - }; -} diff --git a/nixos/machines/driftwood/machine.nix b/nixos/machines/driftwood/machine.nix index 759513b..6530412 100644 --- a/nixos/machines/driftwood/machine.nix +++ b/nixos/machines/driftwood/machine.nix @@ -38,7 +38,6 @@ mutableUsers = false; }) (import ../../modules/ssh.nix) - (import ./containers/conduit.nix) ]; nix.settings.experimental-features = [