diff --git a/flake.lock b/flake.lock index df445a5..5c57f18 100644 --- a/flake.lock +++ b/flake.lock @@ -23,6 +23,27 @@ "type": "github" } }, + "androidPkgs": { + "inputs": { + "devshell": "devshell", + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs_3" + }, + "locked": { + "lastModified": 1750710155, + "narHash": "sha256-2lBEwXgclOrSsrhubSfifU91+sXqikC8qbiZ6yFeaEY=", + "owner": "tadfisher", + "repo": "android-nixpkgs", + "rev": "0846fab1f060f646e1017053077ad38dedc5207b", + "type": "github" + }, + "original": { + "owner": "tadfisher", + "ref": "stable", + "repo": "android-nixpkgs", + "type": "github" + } + }, "base16": { "inputs": { "fromYaml": "fromYaml" @@ -129,6 +150,28 @@ "type": "github" } }, + "devshell": { + "inputs": { + "nixpkgs": [ + "robotnix", + "androidPkgs", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1741473158, + "narHash": "sha256-kWNaq6wQUbUMlPgw8Y+9/9wP0F8SHkjy24/mN3UAppg=", + "owner": "numtide", + "repo": "devshell", + "rev": "7c9e793ebe66bcba8292989a68c0419b737a22a0", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, "disko": { "inputs": { "nixpkgs": [ @@ -198,6 +241,21 @@ "url": "https://git.lix.systems/lix-project/flake-compat.git" } }, + "flake-compat_3": { + "locked": { + "lastModified": 1746162366, + "narHash": "sha256-5SSSZ/oQkwfcAz/o/6TlejlVGqeK08wyREBQ5qFFPhM=", + "owner": "nix-community", + "repo": "flake-compat", + "rev": "0f158086a2ecdbb138cd0429410e44994f1b7e4b", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "flake-compat", + "type": "github" + } + }, "flake-parts": { "inputs": { "nixpkgs-lib": [ @@ -261,6 +319,24 @@ "type": "github" } }, + "flake-utils": { + "inputs": { + "systems": "systems_3" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "fromYaml": { "flake": false, "locked": { @@ -608,6 +684,38 @@ "type": "github" } }, + "nixpkgs_3": { + "locked": { + "lastModified": 1750506804, + "narHash": "sha256-VLFNc4egNjovYVxDGyBYTrvVCgDYgENp5bVi9fPTDYc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "4206c4cb56751df534751b058295ea61357bbbaa", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { + "locked": { + "lastModified": 1767313136, + "narHash": "sha256-16KkgfdYqjaeRGBaYsNrhPRRENs0qzkQVUooNHtoy2w=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "ac62194c3917d5f474c1a844b6fd6da2db95077d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" + } + }, "nmd": { "inputs": { "nixpkgs": [ @@ -737,6 +845,27 @@ "type": "github" } }, + "robotnix": { + "inputs": { + "androidPkgs": "androidPkgs", + "flake-compat": "flake-compat_3", + "nixpkgs": "nixpkgs_4", + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1768481330, + "narHash": "sha256-hYKnwFBPI0IyH8YbW3kqci8AS6ZtV7QSEa0E5Wt401M=", + "owner": "nix-community", + "repo": "robotnix", + "rev": "4ee0f9c86c3ae076bcbc41cbeebff054fe3d11a8", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "robotnix", + "type": "github" + } + }, "root": { "inputs": { "agenix": "agenix", @@ -750,6 +879,7 @@ "noshell": "noshell", "nur": "nur", "nvf": "nvf", + "robotnix": "robotnix", "stylix": "stylix" } }, @@ -782,7 +912,7 @@ "nixpkgs" ], "nur": "nur_2", - "systems": "systems_3", + "systems": "systems_4", "tinted-foot": "tinted-foot", "tinted-kitty": "tinted-kitty", "tinted-schemes": "tinted-schemes", @@ -848,6 +978,21 @@ "type": "github" } }, + "systems_4": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "tinted-foot": { "flake": false, "locked": { @@ -928,6 +1073,27 @@ "repo": "base16-zed", "type": "github" } + }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "robotnix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1766000401, + "narHash": "sha256-+cqN4PJz9y0JQXfAK5J1drd0U05D5fcAGhzhfVrDlsI=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "42d96e75aa56a3f70cab7e7dc4a32868db28e8fd", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 6a0a5ec..90c1ebd 100644 --- a/flake.nix +++ b/flake.nix @@ -38,6 +38,7 @@ url = "github:notashelf/nvf"; inputs.nixpkgs.follows = "nixpkgs"; }; + robotnix.url = "github:nix-community/robotnix"; stylix = { url = "github:nix-community/stylix"; inputs.nixpkgs.follows = "nixpkgs"; @@ -55,6 +56,7 @@ noshell, nur, nvf, + robotnix, stylix, ... }: let @@ -117,6 +119,7 @@ builtins.mapAttrs (hostname: value: configurationWithHomeManager value) machines; + robotnixConfigurations.payton = robotnix.lib.robotnixSystem ./robotnix/payton.nix; nixOnDroidConfigurations.default = nix-on-droid.lib.nixOnDroidConfiguration { pkgs = import nixpkgs {system = "aarch64-linux";}; modules = [ diff --git a/machines.nix b/machines.nix index 88c7b98..7315d95 100644 --- a/machines.nix +++ b/machines.nix @@ -11,6 +11,7 @@ # hardware configuration # includes `system.stateVersion` ./modules/nixos/machines/lenovo.nix + ./modules/nixos/zram.nix # boot process # systemd-boot @@ -75,20 +76,16 @@ # matrix homeserver # matrix.domain - # ./modules/nixos/matrix-conduit.nix - - # matrix homeserver - ./modules/nixos/matrix-synapse.nix + ./modules/nixos/matrix-continuwuity.nix # BROKEN # forgejo # git.domain # ./modules/nixos/forgejo.nix - # BROKEN # zulip chat client # chat.domain - ./modules/nixos/zulip.nix + # ./modules/nixos/zulip.nix ]; }; } diff --git a/modules/nixos/matrix-conduit.nix b/modules/nixos/matrix-conduit.nix deleted file mode 100644 index d0fdf63..0000000 --- a/modules/nixos/matrix-conduit.nix +++ /dev/null @@ -1,82 +0,0 @@ -{ - config, - pkgs, - ... -}: let - well_known_server = pkgs.writeText "well-known-matrix-server" '' - { - "m.server": "matrix.${config.services.matrix-conduit.settings.global.server_name}" - } - ''; - well_known_client = pkgs.writeText "well-known-matrix-client" '' - { - "m.homeserver": { - "base_url": "https://matrix.${config.services.matrix-conduit.settings.global.server_name}" - } - ''; -in { - services.matrix-conduit = { - enable = true; - settings.global = { - server_name = "${config.networking.domain}"; - }; - }; - services.nginx = { - enable = true; - virtualHosts = { - "matrix.${config.services.matrix-conduit.settings.global.server_name}" = { - forceSSL = true; - enableACME = true; - listen = [ - { - addr = "0.0.0.0"; - port = 443; - ssl = true; - } - { - addr = "0.0.0.0"; - port = 8448; - ssl = true; - } - ]; - locations."/_matrix/" = { - proxyPass = "http://backend_conduit$request_uri"; - proxyWebsockets = true; - extraConfig = '' - proxy_set_header Host $host; - proxy_buffering off; - ''; - }; - extraConfig = '' - merge_slashes off; - ''; - }; - "${config.services.matrix-conduit.settings.global.server_name}" = { - forceSSL = true; - enableACME = true; - locations."/.well-known/matrix/server/" = { - alias = "${well_known_server}"; - extraConfig = '' - default_type application/json; - ''; - }; - locations."/.well-known/matrix/client/" = { - alias = "${well_known_client}"; - extraConfig = '' - default_type application/json; - add_header Access-Control-Allow-Origin ""; - ''; - }; - }; - }; - upstreams = { - backend-conduit = { - servers = { - "localhost:${builtins.toString config.services.matrix-conduit.settings.global.port}" = {}; - }; - }; - }; - }; - networking.firewall.allowedTCPPorts = [8448]; - networking.firewall.allowedUDPPorts = [8448]; -} diff --git a/modules/nixos/matrix-continuwuity.nix b/modules/nixos/matrix-continuwuity.nix new file mode 100644 index 0000000..2b9a785 --- /dev/null +++ b/modules/nixos/matrix-continuwuity.nix @@ -0,0 +1,26 @@ +{config, ...}: { + services = { + matrix-continuwuity = { + enable = true; + settings = { + global = { + server_name = "${config.networking.domain}"; + address = ["127.0.0.1"]; + port = [6167]; + well_known = { + server = "matrix.${config.networking.domain}"; + client = "https://matrix.${config.networking.domain}"; + }; + }; + }; + }; + + nginx = { + upstreams.matrix.servers."127.0.0.1:6167" = {}; + virtualHosts = { + "matrix.${config.networking.domain}".locations."/".proxyPass = "http://matrix"; + "${config.networking.domain}".locations."/.well-known/matrix".proxyPass = "http://matrix"; + }; + }; + }; +} diff --git a/modules/nixos/matrix-synapse.nix b/modules/nixos/matrix-synapse.nix deleted file mode 100644 index f47c4f4..0000000 --- a/modules/nixos/matrix-synapse.nix +++ /dev/null @@ -1,65 +0,0 @@ -{ - pkgs, - lib, - config, - ... -}: let - fqdn = "${config.networking.hostName}.${config.networking.domain}"; - baseUrl = "https://${fqdn}"; - clientConfig."m.homeserver".base_url = baseUrl; - serverConfig."m.server" = "${fqdn}:443"; - mkWellKnown = data: '' - default_type application/json; - add_header Access-Control-Allow-Origin *; - return 200 '${builtins.toJSON data}'; - ''; -in { - services.postgresql.enable = true; - services.nginx = { - enable = true; - recommendedTlsSettings = true; - recommendedOptimisation = true; - recommendedGzipSettings = true; - recommendedProxySettings = true; - virtualHosts = { - "${config.networking.domain}" = { - enableACME = true; - forceSSL = true; - locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig; - locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig; - }; - "${fqdn}" = { - enableACME = true; - forceSSL = true; - locations."/".extraConfig = '' - return 404; - ''; - locations."/_matrix".proxyPass = "http://[::1]:8008"; - locations."/_synapse/client".proxyPass = "http://[::1]:8008"; - }; - }; - }; - services.matrix-synapse = { - enable = true; - settings.server_name = config.networking.domain; - settings.public_baseurl = baseUrl; - settings.listeners = [ - { - port = 8008; - bind_addresses = ["::1"]; - type = "http"; - tls = false; - x_forwarded = true; - resources = [ - { - names = [ - "client" - "federation" - ]; - compress = true; - } - ]; - } - ]; - }; -} diff --git a/modules/nixos/zram.nix b/modules/nixos/zram.nix new file mode 100644 index 0000000..80fc88a --- /dev/null +++ b/modules/nixos/zram.nix @@ -0,0 +1,8 @@ +{ + zramSwap = { + enable = true; + priority = 100; + algorithm = "zstd"; + memoryPercent = 75; + }; +} diff --git a/robotnix/payton.nix b/robotnix/payton.nix new file mode 100644 index 0000000..b0f7786 --- /dev/null +++ b/robotnix/payton.nix @@ -0,0 +1,13 @@ +{...}: { + flavor = "lineageos"; + + # motorola moto x4 (payton) + device = "payton"; + + # latest supported version: + # check https://download.lineageos.org/devices/payton/builds + flavorVersion = "22.2"; + + apps.fdroid.enable = true; + microg.enable = true; +}