forgot branding

modified config some more
added mastodon group to caddy user
2026-03-01 23:14:00 -05:00 · 2026-03-01 23:11:50 -05:00 · 2026-03-01 21:51:51 -05:00 · 2026-03-01 00:09:07 -05:00 · 2026-02-28 23:53:13 -05:00 · 2026-02-28 21:36:02 -05:00
16 changed files with 155 additions and 595 deletions
--- a/defaults/k9s/catppuccin-mocha.yaml
+++ b/defaults/k9s/catppuccin-mocha.yaml
@@ -1,100 +0,0 @@
 k9s:
  body:
    fgColor: '#cdd6f4'
    bgColor: '#1e1e2e'
    logoColor: '#cba6f7'
  prompt:
    fgColor: '#cdd6f4'
    bgColor: '#181825'
    suggestColor: '#89b4fa'
  help:
    fgColor: '#cdd6f4'
    bgColor: '#1e1e2e'
    sectionColor: '#a6e3a1'
    keyColor: '#89b4fa'
    numKeyColor: '#eba0ac'
  frame:
    title:
      fgColor: '#94e2d5'
      bgColor: '#1e1e2e'
      highlightColor: '#f5c2e7'
      counterColor: '#f9e2af'
      filterColor: '#a6e3a1'
    border:
      fgColor: '#cba6f7'
      focusColor: '#b4befe'
    menu:
      fgColor: '#cdd6f4'
      keyColor: '#89b4fa'
      numKeyColor: '#eba0ac'
    crumbs:
      fgColor: '#1e1e2e'
      bgColor: '#eba0ac'
      activeColor: '#f2cdcd'
    status:
      newColor: '#89b4fa'
      modifyColor: '#b4befe'
      addColor: '#a6e3a1'
      pendingColor: '#fab387'
      errorColor: '#f38ba8'
      highlightColor: '#89dceb'
      killColor: '#cba6f7'
      completedColor: '#6c7086'
  info:
    fgColor: '#fab387'
    sectionColor: '#cdd6f4'
  views:
    table:
      fgColor: '#cdd6f4'
      bgColor: '#1e1e2e'
      cursorFgColor: '#313244'
      cursorBgColor: '#45475a'
      markColor: '#f5e0dc'
      header:
        fgColor: '#f9e2af'
        bgColor: '#1e1e2e'
        sorterColor: '#89dceb'
    xray:
      fgColor: '#cdd6f4'
      bgColor: '#1e1e2e'
      cursorColor: '#45475a'
      cursorTextColor: '#1e1e2e'
      graphicColor: '#f5c2e7'
    charts:
      bgColor: '#1e1e2e'
      chartBgColor: '#1e1e2e'
      dialBgColor: '#1e1e2e'
      defaultDialColors:
        - '#a6e3a1'
        - '#f38ba8'
      defaultChartColors:
        - '#a6e3a1'
        - '#f38ba8'
      resourceColors:
        cpu:
          - '#cba6f7'
          - '#89b4fa'
        mem:
          - '#f9e2af'
          - '#fab387'
    yaml:
      keyColor: '#89b4fa'
      valueColor: '#cdd6f4'
      colonColor: '#a6adc8'
    logs:
      fgColor: '#cdd6f4'
      bgColor: '#1e1e2e'
      indicator:
        fgColor: '#b4befe'
        bgColor: '#1e1e2e'
        toggleOnColor: '#a6e3a1'
        toggleOffColor: '#a6adc8'
  dialog:
    fgColor: '#f9e2af'
    bgColor: '#9399b2'
    buttonFgColor: '#1e1e2e'
    buttonBgColor: '#7f849c'
    buttonFocusFgColor: '#1e1e2e'
    buttonFocusBgColor: '#f5c2e7'
    labelFgColor: '#f5e0dc'
    fieldFgColor: '#cdd6f4'
--- a/defaults/nvim/lua/community.lua
+++ b/defaults/nvim/lua/community.lua
@@ -12,9 +12,6 @@ return {
  -- { import = "astrocommunity.pack.go "}, -- golang support
  { import = "astrocommunity.pack.fish" }, -- fish support
  -- { import = "astrocommunity.pack.cs" }, -- csharp/dotnet support
  { import = "astrocommunity.completion.copilot-lua" }, -- copilot
  { import = "astrocommunity.completion.copilot-lua-cmp" }, -- copilot
  { import = "astrocommunity.recipes.heirline-mode-text-statusline" }, -- statusline customization
  -- import/override with your plugins folder
 }
--- a/defaults/nvim/lua/plugins/mappings.lua
+++ b/defaults/nvim/lua/plugins/mappings.lua
@@ -1,43 +0,0 @@
 local function toggle_floating_tui(cmd)
  local terminal
  return function()
    if not terminal then
      local Terminal = require("toggleterm.terminal").Terminal
      terminal = Terminal:new {
        cmd = cmd,
        hidden = true,
        close_on_exit = true,
        direction = "float",
        on_open = function() vim.cmd "startinsert!" end,
      }
    end
    terminal:toggle()
  end
 end
 local toggle_k9s = toggle_floating_tui "k9s"
 local toggle_ghdash = toggle_floating_tui "gh-dash"
 return {
  {
    "AstroNvim/astrocore",
    ---@type AstroCoreOpts
    opts = {
      mappings = {
        n = {
          ["<Leader>k"] = { desc = "Kubernetes" },
          ["<Leader>ki"] = {
            toggle_k9s,
            desc = "K9s",
          },
          ["<Leader>gD"] = {
            toggle_ghdash,
            desc = "GitHub dashboard",
          },
        },
      },
    },
  },
 }
--- a/flake.lock
+++ b/flake.lock
@@ -9,11 +9,11 @@
        "rust-overlay": "rust-overlay"
      },
      "locked": {
-        "lastModified": 1774186997,
+        "lastModified": 1771170334,
-        "narHash": "sha256-hyNVlhAqmwcBPl7XRkxbGcMt1BfCOdvuEfBDUf0k8Oo=",
+        "narHash": "sha256-tCgoCWORfNHaRXTh2QS44LwxlV8q28jVvjN5ioMicv8=",
        "owner": "ezKEa",
        "repo": "aagl-gtk-on-nix",
-        "rev": "546e95f7ec74892a31f883a10b1723c35f2c2edd",
+        "rev": "821b4f92c2c0981ea5b571b03403df87d2b2e2ae",
        "type": "github"
      },
      "original": {
@@ -29,11 +29,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1772129556,
+        "lastModified": 1767634391,
-        "narHash": "sha256-Utk0zd8STPsUJPyjabhzPc5BpPodLTXrwkpXBHYnpeg=",
+        "narHash": "sha256-owcSz2ICqTSvhBbhPP+1eWzi88e54rRZtfCNE5E/wwg=",
        "owner": "lnl7",
        "repo": "nix-darwin",
-        "rev": "ebec37af18215214173c98cf6356d0aca24a2585",
+        "rev": "08585aacc3d6d6c280a02da195fdbd4b9cf083c2",
        "type": "github"
      },
      "original": {
@@ -59,22 +59,6 @@
        "type": "github"
      }
    },
    "flake-compat_2": {
      "flake": false,
      "locked": {
        "lastModified": 1761588595,
        "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=",
        "owner": "edolstra",
        "repo": "flake-compat",
        "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5",
        "type": "github"
      },
      "original": {
        "owner": "edolstra",
        "repo": "flake-compat",
        "type": "github"
      }
    },
    "flake-schemas": {
      "locked": {
        "lastModified": 1761577921,
@@ -103,89 +87,6 @@
        "url": "https://flakehub.com/f/DeterminateSystems/flake-schemas/%2A"
      }
    },
    "flake-utils": {
      "inputs": {
        "systems": "systems"
      },
      "locked": {
        "lastModified": 1701680307,
        "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    },
    "git-hooks": {
      "inputs": {
        "flake-compat": "flake-compat_2",
        "gitignore": "gitignore",
        "nixpkgs": [
          "go-overlay",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1765016596,
        "narHash": "sha256-rhSqPNxDVow7OQKi4qS5H8Au0P4S3AYbawBSmJNUtBQ=",
        "owner": "cachix",
        "repo": "git-hooks.nix",
        "rev": "548fc44fca28a5e81c5d6b846e555e6b9c2a5a3c",
        "type": "github"
      },
      "original": {
        "owner": "cachix",
        "repo": "git-hooks.nix",
        "type": "github"
      }
    },
    "gitignore": {
      "inputs": {
        "nixpkgs": [
          "go-overlay",
          "git-hooks",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1709087332,
        "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
        "owner": "hercules-ci",
        "repo": "gitignore.nix",
        "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
        "type": "github"
      },
      "original": {
        "owner": "hercules-ci",
        "repo": "gitignore.nix",
        "type": "github"
      }
    },
    "go-overlay": {
      "inputs": {
        "flake-utils": "flake-utils",
        "git-hooks": "git-hooks",
        "nixpkgs": "nixpkgs_2"
      },
      "locked": {
        "lastModified": 1775676807,
        "narHash": "sha256-l7B5l6cGBZoW4bs+4Zq/FMgxaZWWJqdUDkCVuH98hMY=",
        "owner": "purpleclay",
        "repo": "go-overlay",
        "rev": "c5bd812957211f42c207da6b1415f49de30e183f",
        "type": "github"
      },
      "original": {
        "owner": "purpleclay",
        "repo": "go-overlay",
        "type": "github"
      }
    },
    "home-manager": {
      "inputs": {
        "nixpkgs": [
@@ -193,11 +94,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1774274588,
+        "lastModified": 1770260404,
-        "narHash": "sha256-dnHvv5EMUgTzGZmA+3diYjQU2O6BEpGLEOgJ1Qe9LaY=",
+        "narHash": "sha256-3iVX1+7YUIt23hBx1WZsUllhbmP2EnXrV8tCRbLxHc8=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "cf9686ba26f5ef788226843bc31fda4cf72e373b",
+        "rev": "0d782ee42c86b196acff08acfbf41bb7d13eed5b",
        "type": "github"
      },
      "original": {
@@ -241,27 +142,11 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1765779637,
+        "lastModified": 1771043024,
-        "narHash": "sha256-KJ2wa/BLSrTqDjbfyNx70ov/HdgNBCBBSQP3BIzKnv4=",
+        "narHash": "sha256-O1XDr7EWbRp+kHrNNgLWgIrB0/US5wvw9K6RERWAj6I=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "1306659b587dc277866c7b69eb97e5f07864d8c4",
+        "rev": "3aadb7ca9eac2891d52a9dec199d9580a6e2bf44",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
        "ref": "nixos-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs_3": {
      "locked": {
        "lastModified": 1774244481,
        "narHash": "sha256-4XfMXU0DjN83o6HWZoKG9PegCvKvIhNUnRUI19vzTcQ=",
        "owner": "nixos",
        "repo": "nixpkgs",
        "rev": "4590696c8693fea477850fe379a01544293ca4e2",
        "type": "github"
      },
      "original": {
@@ -271,7 +156,7 @@
        "type": "github"
      }
    },
-    "nixpkgs_4": {
+    "nixpkgs_3": {
      "locked": {
        "lastModified": 1744536153,
        "narHash": "sha256-awS2zRgF4uTwrOKwwiJcByDzDOdo3Q1rPZbiHQg/N38=",
@@ -287,7 +172,7 @@
        "type": "github"
      }
    },
-    "nixpkgs_5": {
+    "nixpkgs_4": {
      "locked": {
        "lastModified": 1766201043,
        "narHash": "sha256-eplAP+rorKKd0gNjV3rA6+0WMzb1X1i16F5m5pASnjA=",
@@ -301,7 +186,7 @@
        "url": "https://flakehub.com/f/NixOS/nixpkgs/%2A"
      }
    },
-    "nixpkgs_6": {
+    "nixpkgs_5": {
      "locked": {
        "lastModified": 1769089682,
        "narHash": "sha256-9yA/LIuAVQq0lXelrZPjLuLVuZdm03p8tfmHhnDIkms=",
@@ -319,10 +204,9 @@
      "inputs": {
        "aagl": "aagl",
        "darwin": "darwin",
        "go-overlay": "go-overlay",
        "home-manager": "home-manager",
        "nix-flatpak": "nix-flatpak",
-        "nixpkgs": "nixpkgs_3",
+        "nixpkgs": "nixpkgs_2",
        "rust-overlay": "rust-overlay_2",
        "swaytreesave": "swaytreesave",
        "vintage-story": "vintage-story"
@@ -348,14 +232,14 @@
    },
    "rust-overlay_2": {
      "inputs": {
-        "nixpkgs": "nixpkgs_4"
+        "nixpkgs": "nixpkgs_3"
      },
      "locked": {
-        "lastModified": 1774321696,
+        "lastModified": 1771211437,
-        "narHash": "sha256-g18xMjMNla/nsF5XyQCNyWmtb2UlZpkY0XE8KinIXAA=",
+        "narHash": "sha256-lcNK438i4DGtyA+bPXXyVLHVmJjYpVKmpux9WASa3ro=",
        "owner": "oxalica",
        "repo": "rust-overlay",
-        "rev": "49a67e6894d4cb782842ee6faa466aa90c92812d",
+        "rev": "c62195b3d6e1bb11e0c2fb2a494117d3b55d410f",
        "type": "github"
      },
      "original": {
@@ -367,7 +251,7 @@
    "swaytreesave": {
      "inputs": {
        "flake-schemas": "flake-schemas",
-        "nixpkgs": "nixpkgs_5"
+        "nixpkgs": "nixpkgs_4"
      },
      "locked": {
        "lastModified": 1767148467,
@@ -383,25 +267,10 @@
        "url": "https://scm.wyattjmiller.com/wymiller/swaytreesave-nix.git"
      }
    },
    "systems": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    },
    "vintage-story": {
      "inputs": {
        "flake-schemas": "flake-schemas_2",
-        "nixpkgs": "nixpkgs_6"
+        "nixpkgs": "nixpkgs_5"
      },
      "locked": {
        "lastModified": 1769397199,
--- a/flake.nix
+++ b/flake.nix
@@ -12,7 +12,6 @@
      inputs.nixpkgs.follows = "nixpkgs";
    };
    rust-overlay.url = "github:oxalica/rust-overlay";
    go-overlay.url = "github:purpleclay/go-overlay";
    aagl = {
      url = "github:ezKEa/aagl-gtk-on-nix";
      inputs.nixpkgs.follows = "nixpkgs";
@@ -30,7 +29,6 @@
    darwin,
    home-manager,
    rust-overlay,
    go-overlay,
    aagl,
    swaytreesave,
    vintage-story,
@@ -45,7 +43,6 @@
    myOverlays = { ... }: {
      nixpkgs.overlays = [
        rust-overlay.overlays.default
        go-overlay.overlays.default
        aagl.overlays.default
        self.common.overlays
      ];
@@ -165,33 +162,6 @@
      # ];
    };
    # Vintage story server
    nixosConfigurations."thancred" = nixpkgs.lib.nixosSystem {
      system = "x86_64-linux";
      specialArgs = {
        inherit userName userEmail vintage-story;
        hostname = "thancred";
        role = "server";
      };
      modules = [
        myOverlays
        ./modules/common
        ./modules/machine/thancred
        home-manager.nixosModules.home-manager
        {
          home-manager.useGlobalPkgs = true;
          home-manager.useUserPackages = true;
          home-manager.extraSpecialArgs = extraSpecialArgs // { isNixOS = true; role = "server"; };
          home-manager.backupFileExtension = "bak";
          home-manager.users.${userName}.imports = [
            ./home
          ];
        }
      ];
    };
    # Matrix and Mastodon server
    nixosConfigurations."yshtola" = nixpkgs.lib.nixosSystem {
      system = "x86_64-linux";
      specialArgs = {
@@ -233,7 +203,6 @@
        {
          nixpkgs.overlays = [
            rust-overlay.overlays.default
            go-overlay.overlays.default
            self.common.overlays
          ];
        }
--- a/home/git.nix
+++ b/home/git.nix
@@ -31,7 +31,6 @@
      a = "add";
      ap = "add -p";
      br = "branch";
      cb = "checkout -b";
      co = "checkout";
      st = "status -sb";
      status = "status -sb";
@@ -41,11 +40,6 @@
      ca = "commit -am";
      dc = "diff --cached";
      amend = "commit --amend -m";
      wipe = "reset --hard";
      gg = "reset --hard";
      ggs = "reset --hard";
      sw = "switch";
      r = "restore";
      # aliases for submodules
      update = "submodule update --init --recursive";
--- a/home/k9s.nix
+++ b/home/k9s.nix
@@ -7,7 +7,7 @@
      liveViewAutoRefresh = false;
      apiServerTimeout = "30s";
      maxConnRetry = 5;
-      # readOnly = true;
+      readOnly = true;
      noExitOnCtrlC = false;
      portForwardAddress = "localhost";
      skipLatestRevCheck = false;
--- a/home/packages/linux.nix
+++ b/home/packages/linux.nix
@@ -1,16 +1,4 @@
 { lib, pkgs, isNixOS ? true, ... }:
 lib.mkIf pkgs.stdenv.isLinux {
-  home.packages = with pkgs; [
+
    imv
    xdg-utils
  ] ++ lib.optionals isNixOS [
    vesktop
    xfce.thunar
    pavucontrol
    zathura
    gpu-screen-recorder
    gpu-screen-recorder-gtk
    inetutils
    easyeffects
  ];
 }
--- a/home/packages/workstation.nix
+++ b/home/packages/workstation.nix
@@ -18,6 +18,7 @@
    fh
    kubectl # kube config is deliberately not included
    kubectx
    obsidian
    vscode
    yt-dlp
    weechat
@@ -28,10 +29,5 @@
    deadnix
    alejandra
    statix
    gh
    ghDashLatest
    diffNavLatest
  ] ++ lib.optionals isNixOS [
    obsidian
  ];
 }
--- a/home/shell.nix
+++ b/home/shell.nix
@@ -62,13 +62,7 @@
            "If you’ve brought your ivory standard, I’ll be happy to tell you where you can stick it" \
            "Speeches? Oh, yes, I love them. There's nothing like a good exposition when you're having trouble sleeping!" \
            "Somehow, the boy just isn't very buoyant" \
-            "I am...not interested, little sun. Try again when you have become a man" \
+            "I am...not interested, little sun. Try again when you have become a man"
            "I am rightousness! And rightousness shall previal!" \
            "Ahhh such bliss!" \
            "The gods themselves will be my meal. Your dear companions my dessert. Upon this world I'll feast, and death shall follow in my wake. All your hate, all your rage, you will render unto me." \
            "Boring, boring, boring" \
            "Would you be 'happier' had I a 'good reason'?" \
            "A test of your reflexes!"
          set choose_meme (random)"%"(count $memes)
--- a/modules/common/overlays.nix
+++ b/modules/common/overlays.nix
@@ -1,23 +1,19 @@
 final: prev: let
  # Use latest rust from overlay which should work on non-NixOS
  rust_latest = prev.rust-bin.stable.latest.default;
  golang_latest = prev.go-bin.latestStable;
  buildGoModuleLatest = prev.buildGoModule.override {
    go = golang_latest;
  };
  myRustPlatform = prev.makeRustPlatform {
    cargo = rust_latest;
    rustc = rust_latest;
  };
 in {
  lazygitLatest = prev.lazygit.overrideAttrs (_: rec {
-    version = "0.61.0";
+    version = "0.55.1";
    src = prev.fetchFromGitHub {
      owner = "jesseduffield";
      repo = "lazygit";
      rev = "v${version}";
-      hash = "sha256-G7JulCK9WUVWbp1V7lYuM3fehCdn1cNAJHYjr3aKDvQ=";
+      hash = "sha256-UofhgILZhVXnYiGpb25m4Ct4sbu5pRmjVgj3oEf5Uyk=";
    };
    vendorHash = null;
    subPackages = [ "." ];
    ldflags = [
@@ -29,31 +25,21 @@ in {
  atuinLatest = (prev.atuin.override {
    rustPlatform = myRustPlatform;
  }).overrideAttrs (oldAttrs: rec {
-    version = "18.13.6";
+    version = "18.10.0";
    src = prev.fetchFromGitHub {
      owner = "atuinsh";
      repo = "atuin";
      rev = "v${version}";
-      hash = "sha256-yAw+ty6FUnFbiRTdAe2QQHzj6uU24fZ/bEIXcHl/thg=";
+      hash = "sha256-bfSa3RtVXxHt3usDqqpE/oXKKDUZOrf+tD9uL59fr6M=";
    };
    cargoDeps = myRustPlatform.fetchCargoVendor {
      # name = "atuin-${version}-vendor.tar.gz";
      inherit src;
-      hash = "sha256-jirVe0+N5+UHZWioj8AipUhawMBameqEJJpa8HPTnfw=";
+      hash = "sha256-67ffivZVCly1GWA3fJ9mT8nGv2EGd6eCthbaIu/IW3M=";
    };
    cargoBuildFeatures = [
      "ai"
      "client"
      "clipboard"
      "daemon"
      "hex"
      "sync"
    ];
    cargoCheckFeatures = cargoBuildFeatures;
    preCheck = (oldAttrs.preCheck or "") + ''
      export HOME="$TMPDIR"
      export XDG_CONFIG_HOME="$TMPDIR/.config"
@@ -76,53 +62,4 @@ in {
  #     "-X github.com/derailed/k9s/version.BuildSource=nix"
  #   ];
  # });
  ghDashLatest = (prev.gh-dash.override {
    buildGoModule = buildGoModuleLatest;
  }).overrideAttrs (oldAttrs: rec {
    version = "4.23.2";
    src = prev.fetchFromGitHub {
      owner = "dlvhdr";
      repo = "gh-dash";
      rev = "v${version}";
      hash = "sha256-C06LPVoE23ITJpMG0x75Djgeup+eb5uYwA8wL7xxvWU=";
    };
    vendorHash = "sha256-4AbeoH0l7eIS7d0yyJxM7+woC7Q/FCh0BOJj3d1zyX4=";
    doCheck = false;
    checkFlags = [
      "-skip=TestFullOutput"
    ];
    ldflags = [
      "-s"
      "-w"
      "-X github.com/dlvhdr/gh-dash/v4/cmd.Version=${version}"
    ];
    passthru = (oldAttrs.passthru or {}) // {
      tests = {
        version = oldAttrs.testers.testVersion { package = final.ghDashLatest; };
      };
    };
  });
  diffNavLatest = (prev.diffnav.override {
    buildGoModule = buildGoModuleLatest;
  }).overrideAttrs (_: rec {
    version = "0.10.0";
    src = prev.fetchFromGitHub {
      owner = "dlvhdr";
      repo = "diffnav";
      rev = "v${version}";
      hash = "sha256-6VtAQzZNLQrf8QYVXxLUgb3F6xguFDbwaE9kahPhbSE=";
    };
    vendorHash = "sha256-gmmckzR0D1oFuTG5TAb6gLMoNbcZl9EsjbFjhPfJqnQ=";
    ldflags = [
      "-s"
      "-w"
    ];
  });
 }
--- a/modules/machine/README.md
+++ b/modules/machine/README.md
@@ -10,10 +10,6 @@ I like Final Fantasy, alright? Isn't everyone supposed to have a hobby?
 These are named after Final Fantasy VII characters.
-### Servers/Network Infrastructure (bare metal)
+### Servers/Network Infrastructure
 These are named after Final Fantasy summons. There is some infrastructure missing here like my routers and switches that I also name after summons.
 ### Servers/Network Infrastructure (virtual machines)
 These are named after Final Fantasy XIV Online characters (currently, these are named after the Scions of the Seventh Dawn).
--- a/modules/machine/thancred/configuration.nix
+++ b/modules/machine/thancred/configuration.nix
@@ -1,121 +0,0 @@
 {
  pkgs,
  userName,
  vintage-story,
  ...
 }: {
  imports = [
    ../../pwrMgmt
    ../../networking/core.nix
    ../../virtualization/podman.nix
  ];
  # Enable flakes for NixOS
  nix.settings.experimental-features = ["nix-command" "flakes"];
  # Custom kernel/boot stuff
  boot.kernelPackages = pkgs.linuxPackages_latest;
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
  # Set your timezone
  time.timeZone = "America/Detroit";
  # Enable OpenSSH
  services.openssh.enable = true;
  # Enable keyring
  services.gnome.gnome-keyring.enable = true;
  # Enable GnuPG
  programs.gnupg.agent = {
    enable = true;
    enableSSHSupport = true;
  };
  # Enable SUID wrappers (some programs need them)
  programs.mtr.enable = true;
  # Enable Polkit
  security.polkit.enable = true;
  # Power management (see ../../pwrMgmt/default.nix)
  pwrMgmt = {
    enable = true;
    cpuFreqGovernor = "performance";
    powertop.enable = false;
  };
  network = {
    firewall = {
      enable = true;
      tcpPorts = {
        allowedPorts = [ 42420 ];
      };
      udpPorts = {
        allowedPorts = [ 42420 ];
      };
    };
    networkManager.enable = true;
  };
  environment.systemPackages = [
    vintage-story.packages.${pkgs.system}.default
  ];
  systemd.services.vintagestory-server = {
    description = "Vintage Story Server";
    wantedBy = [ "multi-user.target" ];
    after = [ "network.target" ];
    serviceConfig = {
      Type = "simple";
      User = userName;
      WorkingDirectory = "/home/${userName}";
      ExecStart = "${vintage-story.packages.${pkgs.system}.default}/bin/vintagestory-server";
      Restart = "on-failure";
      RestartSec = "5s";
    };
  };
  # Add username to groups "wheel" and "video" - more may be added here later
  users = {
    groups.hazel = {};
    users = {
      ${userName} = {
        extraGroups = [ "wheel" "network" ];
        openssh.authorizedKeys.keys = [
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFV9eSc9L+aJLoKoexq2f/jb5rpyZnhuGiyhS8YQAbaS wyatt@wyattjmiller.com"
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4WKvKnnYpTbzZHFEslOKyfiiMqWxhW3AfX6E7ACmYU wyatt@wyattjmiller.com"
        ];
      };
      "hazel" = {
        home = "/home/hazel";
        group = "hazel";
        extraGroups = [ "wheel" ];
        description = "hazel";
        isNormalUser = true;
        openssh.authorizedKeys.keys = [
          "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZnyiQx+k1ygX8E1lsUCB6aTdMc+OKzlZ4admlzknc5ulj0YrtUyqhbNhkNd6pP0QDBFMnXO/rzUvHp4TAyZXKFfpcBCa4zhK97ufymAfvzAjM4vRBqRNcr2n+2iRzxtolbklfjs3ocBQVxXW+pRT5wWxTgK2fcmP2xviDVldr7qte37x5YkQb5SAhYNH8tqJRnuGPe+Q0A3oN4HyHZFnrMq/HlbL5yg/0VKPTtF/IgHf+2dDz5OQQpBx3/N9u/QLwuIm9lkyOG03s0TGmE7up/i0jX2vIqp2BbGSnwdQEL/eSVZx73qQB/J62VFafg13P5yQWDJ33WSoiwhac6bg26HPmPOnCJp5R3c+7jM8N1F1ZbtsKicHSVsRg1RQSree4lchPy7FOPkCuUrB7LNE71mbpOzZNR767S6UAPaXxRw6QNYGBaDqQBwhlU8ZDF5F7EW6ahSUMOI6ECyoibzIMb56xs9osuNeUhB/BcL5sHSFpJjIbdcDLNkEKggrBl6s="
        ];
      };
    };
  };
  services.fail2ban = {
    enable = true;
    package = pkgs.fail2ban;
    maxretry = 5;
    bantime = "3h";
    bantime-increment = {
      enable = true;
      rndtime = "10m";
    };
  };
  services.tailscale = {
    enable = true;
    package = pkgs.tailscale;
  };
  system.stateVersion = "24.11";
 }
--- a/modules/machine/thancred/default.nix
+++ b/modules/machine/thancred/default.nix
@@ -1,6 +0,0 @@
 { ... }: {
  imports = [
    ./configuration.nix
    ./hardware-configuration.nix
  ];
 }
--- a/modules/machine/thancred/hardware-configuration.nix
+++ b/modules/machine/thancred/hardware-configuration.nix
@@ -1,32 +0,0 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
  imports =
    [ (modulesPath + "/profiles/qemu-guest.nix")
    ];
  boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sr_mod" "virtio_blk" ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];
  fileSystems."/" =
    { device = "/dev/disk/by-uuid/e2e621c1-0090-472a-99d9-61c6a87bd068";
      fsType = "ext4";
    };
  fileSystems."/boot" =
    { device = "/dev/disk/by-uuid/663E-15C0";
      fsType = "vfat";
      options = [ "fmask=0022" "dmask=0022" ];
    };
  swapDevices =
    [ { device = "/dev/disk/by-uuid/60104b1a-4285-4dd1-be5e-3c3dee24515a"; }
    ];
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
 }
--- a/modules/machine/yshtola/configuration.nix
+++ b/modules/machine/yshtola/configuration.nix
@@ -1,5 +1,6 @@
 {
  pkgs,
  config,
  userName,
  ...
 }: let
@@ -10,6 +11,14 @@
  supportEmail = "wyatt@wyattjmiller.com";
  livekitKeyFile = "/var/lib/livekit/livekit.key";
  matrixRegistrationTokenFile = "/var/lib/matrix.key";
  mastodonFqdn = "social.wyattjmiller.com";
  mastodonSecretsDir = "/var/lib/mastodon/secrets";
  # After deploying Mastodon, register an OAuth application at
  # https://social.wyattjmiller.com/settings/applications and write the
  # client ID / secret to these paths (chmod 400, owned by the tuwunel user):
  mastodonOauthClientIdFile = "/var/lib/tuwunel/mastodon-oauth-client-id";
  mastodonOauthClientSecretFile = "/var/lib/tuwunel/mastodon-oauth-client-secret";
 in {
  imports = [
    ../../pwrMgmt
@@ -94,6 +103,8 @@ in {
  };
  # Add username to groups "wheel" and "video" - more may be added here later
  users.users.caddy.extraGroups = [ "mastodon" ];
  users.users.${userName} = {
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFV9eSc9L+aJLoKoexq2f/jb5rpyZnhuGiyhS8YQAbaS wyatt@wyattjmiller.com"
@@ -114,6 +125,25 @@ in {
    };
  };
  # Mastodon service — social.wyattjmiller.com
  services.mastodon = {
    enable = true;
    localDomain = mastodonFqdn;
    configureNginx = false;
    secretKeyBaseFile = "${mastodonSecretsDir}/secret_key_base";
    otpSecretFile = "${mastodonSecretsDir}/otp_secret";
    vapidPrivateKeyFile = "${mastodonSecretsDir}/vapid_private_key";
    vapidPublicKeyFile = "${mastodonSecretsDir}/vapid_public_key";
    # Configure SMTP after initial deploy via mastodonSecretsDir or a separate
    # NixOS secrets manager (sops-nix / agenix).
    smtp = {
      host = "mail.wyattjmiller.com";
      port = 25;
      fromAddress = "notifications@${mastodonFqdn}";
      authenticate = false;
    };
  };
  # Matrix server
  services.matrix-tuwunel = {
    enable = true;
@@ -150,6 +180,29 @@ in {
            livekit_service_url = "https://${rtcFqdn}";
          }];
        };
        # Mastodon as OIDC provider for Matrix login.
        # Mastodon 4.3+ exposes OpenID Connect discovery at
        # https://<domain>/.well-known/openid-configuration.
        #
        # REQUIRED RUNTIME SETUP (once, after first Mastodon deploy):
        #   1. Visit https://social.wyattjmiller.com/settings/applications
        #   2. Create a new application with the redirect URI:
        #        https://chat.wyattjmiller.com/_matrix/client/v3/login/sso/redirect/oidc-mastodon
        #      and scopes: read:accounts
        #   3. Write the Application ID  → /var/lib/tuwunel/mastodon-oauth-client-id  (chmod 400, owned by tuwunel)
        #      Write the Client Secret   → /var/lib/tuwunel/mastodon-oauth-client-secret
        #   4. nixos-rebuild switch (or restart tuwunel.service)
        identity_provider= [
          {
            brand = "Mastodon";
            issuer_url = "https://${mastodonFqdn}";
            id = "oidc-mastodon";
            client_id = mastodonOauthClientIdFile;
            client_secret = mastodonOauthClientSecretFile;
            scope = ["openid" "read:accounts"];
          }
        ];
      };
    };
  };
@@ -174,6 +227,32 @@ in {
    enable = true;
    package = pkgs.caddy;
    virtualHosts = {
      "${mastodonFqdn}" = {
        extraConfig = ''
          encode zstd gzip
          root * ${config.services.mastodon.package}/public
          handle /system/* {
            uri strip_prefix /system
            root * /var/lib/mastodon/public-system
            file_server
          }
          @streaming path /api/v1/streaming*
          handle @streaming {
            reverse_proxy localhost:4000
          }
          handle {
            @notfile not file
            handle @notfile {
              reverse_proxy localhost:3000
            }
            file_server
          }
        '';
      };
      "${matrixFqdn}" = {
        extraConfig = ''
          encode zstd gzip
@@ -265,6 +344,49 @@ in {
        User = "root";
      };
    };
    mastodon-secrets-gen = {
      before = [ "mastodon-web.service" "mastodon-sidekiq-0.service" "mastodon-streaming.service" ];
      wantedBy = [ "multi-user.target" ];
      path = with pkgs; [ coreutils openssl ruby_3_4 ];
      script = ''
        set -eu
        dir="${mastodonSecretsDir}"
        install -d -m 0750 -o mastodon -g mastodon "$dir"
        gen_hex() {
          local f="$1"
          if [ ! -f "$f" ]; then
            umask 077
            openssl rand -hex 64 | install -o mastodon -g mastodon -m 0400 /dev/stdin "$f"
          fi
        }
        gen_hex "$dir/secret_key_base"
        gen_hex "$dir/otp_secret"
        if [ ! -f "$dir/vapid_private_key" ]; then
          umask 077
          ruby -ropenssl -rbase64 -e '
            key = OpenSSL::PKey::EC.generate("prime256v1")
            priv = Base64.urlsafe_encode64(key.private_key.to_s(2).rjust(32, "\x00"), padding: false)
            pub  = Base64.urlsafe_encode64(key.public_key.to_bn.to_s(2), padding: false)
            File.write(ARGV[0], priv)
            File.write(ARGV[1], pub)
          ' \
            "$dir/vapid_private_key" \
            "$dir/vapid_public_key"
          chown mastodon:mastodon "$dir/vapid_private_key" "$dir/vapid_public_key"
          chmod 0400 "$dir/vapid_private_key" "$dir/vapid_public_key"
        fi
      '';
      serviceConfig = {
        Type = "oneshot";
        User = "root";
        RemainAfterExit = true;
      };
    };
  };
  system.stateVersion = "25.11";
Author	SHA1	Message	Date
Wyatt J. Miller	e556dae87d	forgot branding	2026-03-01 23:14:00 -05:00
Wyatt J. Miller	313177eff7	modified config some more	2026-03-01 23:11:50 -05:00
Wyatt J. Miller	1b20e6d215	added mastodon group to caddy user	2026-03-01 21:51:51 -05:00
Wyatt J. Miller	11e6274e37	added some more stuff to caddy	2026-03-01 00:09:07 -05:00
Wyatt J. Miller	a3d0c56204	added more to proxy for mastodon	2026-02-28 23:53:13 -05:00
Wyatt J. Miller	6bdff15117	added mastodon instance	2026-02-28 21:36:02 -05:00