From 10c3898b0b740e50574569dbcc768d4a4b1ae2b7 Mon Sep 17 00:00:00 2001 From: James Eversole Date: Tue, 18 Nov 2025 13:06:31 -0600 Subject: [PATCH] Updates! --- flake.lock | 171 +++++++-------------------------- nix/application/containers.nix | 4 +- nix/application/nginx.nix | 2 - nix/system/dns.nix | 14 ++- nix/system/hardware.nix | 5 +- nix/system/network.nix | 4 +- nix/user/users.nix | 38 +++++--- 7 files changed, 79 insertions(+), 159 deletions(-) diff --git a/flake.lock b/flake.lock index 54708c3..d87f92a 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1750173260, - "narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=", + "lastModified": 1762618334, + "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", "owner": "ryantm", "repo": "agenix", - "rev": "531beac616433bac6f9e2a19feb8e99a22a66baf", + "rev": "fcdea223397448d35d9b31f798479227e80183f6", "type": "github" }, "original": { @@ -26,11 +26,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1673956053, - "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "lastModified": 1761588595, + "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=", "owner": "edolstra", "repo": "flake-compat", - "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5", "type": "github" }, "original": { @@ -39,59 +39,20 @@ "type": "github" } }, - "flake-compat_2": { - "flake": false, - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "lix": { - "inputs": { - "flake-compat": "flake-compat_2", - "nix2container": "nix2container", - "nixpkgs": "nixpkgs", - "nixpkgs-regression": "nixpkgs-regression", - "pre-commit-hooks": "pre-commit-hooks" - }, - "locked": { - "lastModified": 1737234286, - "narHash": "sha256-CCKIAE84dzkrnlxJCKFyffAxP3yfsOAbdvydUGqq24g=", - "rev": "2837da71ec1588c1187d2e554719b15904a46c8b", - "revCount": 16631, - "type": "git", - "url": "https://git.lix.systems/lix-project/lix" - }, - "original": { - "rev": "2837da71ec1588c1187d2e554719b15904a46c8b", - "type": "git", - "url": "https://git.lix.systems/lix-project/lix" - } - }, "nix-serve-ng": { "inputs": { "flake-compat": "flake-compat", - "lix": "lix", "nixpkgs": [ "nixpkgs" ], "utils": "utils" }, "locked": { - "lastModified": 1748458972, - "narHash": "sha256-N6c3NozYqAGwmjf+k5GHOZzlcquDntrJwsZQ7O2sqtQ=", + "lastModified": 1763069480, + "narHash": "sha256-dbjGP/uD2WeGYf6A5CmLb6z5owleoYXybFbkTcWSvxA=", "owner": "aristanetworks", "repo": "nix-serve-ng", - "rev": "1d21f73a2d563ffbb924a4244c29b35e898caefe", + "rev": "3b9c80f78501813b1a29c5b33a3ccc50a7506f0e", "type": "github" }, "original": { @@ -100,76 +61,13 @@ "type": "github" } }, - "nix2container": { - "flake": false, - "locked": { - "lastModified": 1724996935, - "narHash": "sha256-njRK9vvZ1JJsP8oV2OgkBrpJhgQezI03S7gzskCcHos=", - "owner": "nlewo", - "repo": "nix2container", - "rev": "fa6bb0a1159f55d071ba99331355955ae30b3401", - "type": "github" - }, - "original": { - "owner": "nlewo", - "repo": "nix2container", - "type": "github" - } - }, "nixpkgs": { "locked": { - "lastModified": 1733348545, - "narHash": "sha256-b4JrUmqT0vFNx42aEN9LTWOHomkTKL/ayLopflVf81U=", + "lastModified": 1763334038, + "narHash": "sha256-LBVOyaH6NFzQ3X/c6vfMZ9k4SV2ofhpxeL9YnhHNJQQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9ecb50d2fae8680be74c08bb0a995c5383747f89", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-24.11-small", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-lib": { - "locked": { - "lastModified": 1751159883, - "narHash": "sha256-urW/Ylk9FIfvXfliA1ywh75yszAbiTEVgpPeinFyVZo=", - "owner": "nix-community", - "repo": "nixpkgs.lib", - "rev": "14a40a1d7fb9afa4739275ac642ed7301a9ba1ab", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixpkgs.lib", - "type": "github" - } - }, - "nixpkgs-regression": { - "locked": { - "lastModified": 1643052045, - "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", - "type": "github" - }, - "original": { - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", - "type": "github" - } - }, - "nixpkgs_2": { - "locked": { - "lastModified": 1753115646, - "narHash": "sha256-yLuz5cz5Z+sn8DRAfNkrd2Z1cV6DaYO9JMrEz4KZo/c=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "92c2e04a475523e723c67ef872d8037379073681", + "rev": "4c8cdd5b1a630e8f72c9dd9bf582b1afb3127d2c", "type": "github" }, "original": { @@ -178,16 +76,31 @@ "type": "indirect" } }, + "nixpkgs-lib": { + "locked": { + "lastModified": 1761765539, + "narHash": "sha256-b0yj6kfvO8ApcSE+QmA6mUfu8IYG6/uU28OFn4PaC8M=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "719359f4562934ae99f5443f20aa06c2ffff91fc", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, "parts": { "inputs": { "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1753121425, - "narHash": "sha256-TVcTNvOeWWk1DXljFxVRp+E0tzG1LhrVjOGGoMHuXio=", + "lastModified": 1762980239, + "narHash": "sha256-8oNVE8TrD19ulHinjaqONf9QWCKK+w4url56cdStMpM=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "644e0fc48951a860279da645ba77fe4a6e814c5e", + "rev": "52a2caecc898d0b46b2b905f058ccc5081f842da", "type": "github" }, "original": { @@ -196,27 +109,11 @@ "type": "github" } }, - "pre-commit-hooks": { - "flake": false, - "locked": { - "lastModified": 1733318908, - "narHash": "sha256-SVQVsbafSM1dJ4fpgyBqLZ+Lft+jcQuMtEL3lQWx2Sk=", - "owner": "cachix", - "repo": "git-hooks.nix", - "rev": "6f4e2a2112050951a314d2733a994fbab94864c6", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "git-hooks.nix", - "type": "github" - } - }, "root": { "inputs": { "agenix": "agenix", "nix-serve-ng": "nix-serve-ng", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs", "parts": "parts" } }, @@ -255,11 +152,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1687709756, - "narHash": "sha256-Y5wKlQSkgEK2weWdOu4J3riRd+kV/VCgHsqLNTTWQ/0=", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "owner": "numtide", "repo": "flake-utils", - "rev": "dbabf0ca0c0c4bce6ea5eaf65af5cb694d2082c7", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { diff --git a/nix/application/containers.nix b/nix/application/containers.nix index d1d8be6..ac70133 100644 --- a/nix/application/containers.nix +++ b/nix/application/containers.nix @@ -23,7 +23,7 @@ }; gitea = { - image = "docker.io/gitea/gitea:1.24.0-rc0-rootless"; + image = "docker.io/gitea/gitea:1.25.0-rootless"; volumes = [ "/home/sezycei/srv/containerdata/gitea/data:/var/lib/gitea" "/home/sezycei/srv/containerdata/gitea/config:/etc/gitea" ]; @@ -146,7 +146,7 @@ }; vaultwarden = { - image = "vaultwarden/server:1.33.2"; + image = "vaultwarden/server:1.34.3"; ports = [ "40080:80" ]; volumes = [ "/home/sezycei/srv/containerdata/bitwarden/data:/data" diff --git a/nix/application/nginx.nix b/nix/application/nginx.nix index aabe8da..f7e0976 100644 --- a/nix/application/nginx.nix +++ b/nix/application/nginx.nix @@ -87,7 +87,6 @@ proxy_set_header X-Request-Base "https://hydra.matri.cx"; ''; }; - "jame.su" = static { dir = "/var/www/jame.su"; }; "llm.matri.cx" = proxiedLAN { target = "http://192.168.0.94:11434"; extra = '' @@ -102,7 +101,6 @@ "purr.eversole.co" = proxied { target = "http://127.0.0.1:5195"; }; "pw.eversole.co" = proxied { target = "http://127.0.0.1:40080"; }; "sezycei.com" = static { dir = "/var/www/sezycei.com"; }; - "snakebelmont.com" = static { dir = "/var/www/snakebelmont.com"; }; "transmission.matri.cx" = proxiedLAN { target = "http://127.0.0.1:9091"; }; "vpn.matri.cx" = { forceSSL = true; diff --git a/nix/system/dns.nix b/nix/system/dns.nix index 7937957..adc11db 100644 --- a/nix/system/dns.nix +++ b/nix/system/dns.nix @@ -59,7 +59,7 @@ } } - *.ycombinator.com { + news.ycombinator.com { template IN A { answer "{{ .Name }} 0 IN A 127.0.0.1" } @@ -70,6 +70,18 @@ answer "{{ .Name }} 0 IN A 127.0.0.1" } } + + 4chan.org { + template IN A { + answer "{{ .Name }} 0 IN A 127.0.0.1" + } + } + + *.4chan.org { + template IN A { + answer "{{ .Name }} 0 IN A 127.0.0.1" + } + } ''; }; } diff --git a/nix/system/hardware.nix b/nix/system/hardware.nix index 76a4e8d..65292a1 100644 --- a/nix/system/hardware.nix +++ b/nix/system/hardware.nix @@ -32,7 +32,10 @@ }; }; - swapDevices = [ ]; + swapDevices = [{ + device = "/swap"; + size = (8 * 1024); + }]; networking.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; diff --git a/nix/system/network.nix b/nix/system/network.nix index 5b37a77..a2d87db 100644 --- a/nix/system/network.nix +++ b/nix/system/network.nix @@ -2,8 +2,8 @@ networking = { hostName = "eve-psr-nix0"; firewall = { - allowedTCPPorts = [ 22 80 443 5000 23231 23232 23233 20443 ]; - allowedUDPPorts = [ 53 51820 config.services.tailscale.port 20443 ]; + allowedTCPPorts = [ 22 80 443 4242 5000 23231 23232 23233 20443 ]; + allowedUDPPorts = [ 53 4242 51820 config.services.tailscale.port 20443 ]; extraCommands = '' iptables -t nat -A POSTROUTING -s 100.64.0.0/10 -o enp1s0 -j MASQUERADE ''; diff --git a/nix/user/users.nix b/nix/user/users.nix index c4f9736..490cdda 100644 --- a/nix/user/users.nix +++ b/nix/user/users.nix @@ -2,22 +2,32 @@ programs.bash.promptInit = '' PS1='\u@\h:\w\n-> ' ''; - users.users = { - sezycei = { - isNormalUser = true; - extraGroups = [ "wheel" "nginx" ]; - packages = with pkgs; [ atuin bun byobu purescript stack tmux ]; - }; + users = { + users = { + sezycei = { + isNormalUser = true; + extraGroups = [ "wheel" "nginx" ]; + packages = with pkgs; [ atuin bun byobu purescript stack tmux ]; + }; - cridycei = { - isNormalUser = true; - extraGroups = [ ]; - packages = with pkgs; [ ]; - }; + cridycei = { + isNormalUser = true; + extraGroups = [ ]; + packages = with pkgs; [ ]; + }; - torrent = { - isNormalUser = true; - homeMode = "770"; + torrent = { + isNormalUser = true; + homeMode = "770"; + }; + reticulum = { + isSystemUser = true; + description = "Reticulum daemon user"; + group = "reticulum"; + home = "/var/lib/reticulum"; + createHome = true; + }; }; + groups.reticulum = {}; }; }