beep

2025-08-11 19:37:52 +02:00 · 2025-08-11 19:37:52 +02:00 · 6dd6a4021f
commit 6dd6a4021f
parent a701e6ead9
7 changed files with 95 additions and 84 deletions
--- a/flake.lock
+++ b/flake.lock
@ -167,11 +167,11 @@
        "systems": "systems_2"
      },
      "locked": {
-        "lastModified": 1726560853,
-        "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
        "owner": "numtide",
        "repo": "flake-utils",
-        "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
        "type": "github"
      },
      "original": {
@ -319,15 +319,15 @@
    "lix": {
      "flake": false,
      "locked": {
-        "lastModified": 1729298361,
-        "narHash": "sha256-hiGtfzxFkDc9TSYsb96Whg0vnqBVV7CUxyscZNhed0U=",
-        "rev": "ad9d06f7838a25beec425ff406fe68721fef73be",
+        "lastModified": 1753223229,
+        "narHash": "sha256-tkT4aCZZE6IEmjYotOzKKa2rV3pGpH3ZREeQn7ACgdU=",
+        "rev": "7ac20fc47cf2f1b7469c7a2f379e5a3a51a6789a",
        "type": "tarball",
-        "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/ad9d06f7838a25beec425ff406fe68721fef73be.tar.gz?rev=ad9d06f7838a25beec425ff406fe68721fef73be"
+        "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/7ac20fc47cf2f1b7469c7a2f379e5a3a51a6789a.tar.gz?rev=7ac20fc47cf2f1b7469c7a2f379e5a3a51a6789a"
      },
      "original": {
        "type": "tarball",
-        "url": "https://git.lix.systems/lix-project/lix/archive/2.91.1.tar.gz"
+        "url": "https://git.lix.systems/lix-project/lix/archive/release-2.93.tar.gz"
      }
    },
    "lix-module": {
@ -340,15 +340,15 @@
        ]
      },
      "locked": {
-        "lastModified": 1732605668,
-        "narHash": "sha256-DN5/166jhiiAW0Uw6nueXaGTueVxhfZISAkoxasmz/g=",
-        "rev": "f19bd752910bbe3a861c9cad269bd078689d50fe",
+        "lastModified": 1753282722,
+        "narHash": "sha256-KYMUrTV7H/RR5/HRnjV5R3rRIuBXMemyJzTLi50NFTs=",
+        "rev": "46a9e8fcfe4be72b4c7c8082ee11d2c42da1e873",
        "type": "tarball",
-        "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/f19bd752910bbe3a861c9cad269bd078689d50fe.tar.gz"
+        "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/46a9e8fcfe4be72b4c7c8082ee11d2c42da1e873.tar.gz"
      },
      "original": {
        "type": "tarball",
-        "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-2.tar.gz"
+        "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.93.3-1.tar.gz"
      }
    },
    "miro": {
@ -450,11 +450,11 @@
    },
    "nixpkgs-master": {
      "locked": {
-        "lastModified": 1754931599,
-        "narHash": "sha256-wmhQI99Cbg/JYGScSkSwWDbjc6Mfuvxfx16HLf2HNeQ=",
+        "lastModified": 1754936341,
+        "narHash": "sha256-7S5tCdS1vWtpLbnRGDdd4OxM5AqSqzKH4qFDa2DChbI=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "b8ca88d4cbb6b636734aba10a6e1aba8cb5ceb45",
+        "rev": "69034f60c492a39891848ba906fef1081a5e933b",
        "type": "github"
      },
      "original": {
@ -482,16 +482,16 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1751274312,
-        "narHash": "sha256-/bVBlRpECLVzjV19t5KMdMFWSwKLtb5RyXdjz3LJT+g=",
+        "lastModified": 1754767907,
+        "narHash": "sha256-8OnUzRQZkqtUol9vuUuQC30hzpMreKptNyET2T9lB6g=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "50ab793786d9de88ee30ec4e4c24fb4236fc2674",
+        "rev": "c5f08b62ed75415439d48152c2a784e36909b1bc",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
-        "ref": "nixos-24.11",
+        "ref": "nixos-25.05",
        "repo": "nixpkgs",
        "type": "github"
      }
@ -577,6 +577,7 @@
        "pandoc-latex-template": "pandoc-latex-template",
        "quadlet-nix": "quadlet-nix",
        "spoons": "spoons",
+        "synapse": "synapse",
        "utils": "utils",
        "wired": "wired",
        "x": "x",
@ -639,6 +640,23 @@
        "type": "github"
      }
    },
+    "synapse": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1754934810,
+        "narHash": "sha256-4HAA9Xq4C3DHxz0BgqBitfM4wZwPSEu+IO/OPfHzLVw=",
+        "owner": "element-hq",
+        "repo": "synapse",
+        "rev": "4054d956f75056ace9edc729ee488edcbf00d1a2",
+        "type": "github"
+      },
+      "original": {
+        "owner": "element-hq",
+        "repo": "synapse",
+        "rev": "4054d956f75056ace9edc729ee488edcbf00d1a2",
+        "type": "github"
+      }
+    },
    "systems": {
      "locked": {
        "lastModified": 1681028828,
--- a/flake.nix
+++ b/flake.nix
@ -5,7 +5,7 @@
    utils.url = "github:numtide/flake-utils";

    ## nixos/nix-darwin dependencies
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";
    nixpkgs-darwin.url = "github:NixOS/nixpkgs/nixpkgs-24.05-darwin";
    nixpkgs-master.url = "github:NixOS/nixpkgs/master";
    agenix.url = "github:ryantm/agenix/main";
@ -20,7 +20,7 @@
    quadlet-nix.inputs.nixpkgs.follows = "nixpkgs";

    lix-module = {
-      url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-2.tar.gz";
+      url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.3-1.tar.gz";
      inputs.nixpkgs.follows = "nixpkgs";
    };

@ -36,6 +36,8 @@
    attic.url = "github:zhaofengli/attic";
    attic.inputs.nixpkgs.follows = "nixpkgs";

+    synapse.url = "github:element-hq/synapse?rev=4054d956f75056ace9edc729ee488edcbf00d1a2";
+    synapse.flake = false;

    kmonad = {
      url = "git+https://github.com/jokesper/kmonad?dir=nix&ref=feat-tap-overlap";
--- a/hosts/picard/default.nix
+++ b/hosts/picard/default.nix
@ -109,6 +109,13 @@
      }
    '';
    virtualHosts."*.hailsatan.eu".extraConfig = ''
+      tls ssl@xyno.systems {
+        propagation_delay 1m
+      ca https://acme-v02.api.letsencrypt.org/directory # hard coded so zerossl doesn't get used
+      dns desec {
+        token "{$TOKEN}"
+      }
+      }
      reverse_proxy https://ds9.kangaroo-galaxy.ts.net {
        transport http {
          tls_server_name {host}
@ -118,29 +125,6 @@
    virtualHosts."l621.net".extraConfig = ''
      reverse_proxy http://127.0.0.1:8186
    '';
-    virtualHosts."*.ragon.xyz".extraConfig = ''
-      # @8081 host 8081.ragon.xyz
-      # handle @8081 {
-      #   reverse_proxy http://[::1]:8081
-      # }
-      # @files host files.ragon.xyz
-      # handle @files {
-      #   encode zstd gzip
-      #   root * /srv/www
-      #   file_server browse
-      #   basicauth * {
-      #     {$BAUSER} {$BAPASSWD}
-      #   }
-      # }
-      @bw host bw.ragon.xyz
-      handle @bw {
-        reverse_proxy http://${config.services.vaultwarden.config.rocketAddress}:${toString config.services.vaultwarden.config.rocketPort}
-      }
-
-      handle {
-        abort
-      }
-    '';
    virtualHosts."xyno.space".extraConfig =
      let
        fqdn = "matrix.xyno.space";
@ -227,6 +211,11 @@
      handle @ntfy {
        reverse_proxy http://127.0.0.1:15992
      }
+      @bw host bw.xyno.systems
+      handle @bw {
+        reverse_proxy http://${config.services.vaultwarden.config.rocketAddress}:${toString config.services.vaultwarden.config.rocketPort}
+      }
+

      handle {
        abort
--- a/hosts/picard/plausible.nix
+++ b/hosts/picard/plausible.nix
@ -15,51 +15,48 @@ in {
    IP_GEOLOCATION_DB = "${pkgs.unstable.dbip-country-lite}/share/dbip/dbip-country-lite.mmdb";
    DATABASE_URL = "postgresql:///plausible?host=/run/postgresql";
  };
-  systemd.services.plausible.script =
-  let cfg = config.services.plausible; in lib.mkForce ''
-                # Elixir does not start up if `RELEASE_COOKIE` is not set,
-            # even though we set `RELEASE_DISTRIBUTION=none` so the cookie should be unused.
-            # Thus, make a random one, which should then be ignored.
-            export RELEASE_COOKIE=$(tr -dc A-Za-z0-9 < /dev/urandom | head -c 20)
-            export ADMIN_USER_PWD="$(< $CREDENTIALS_DIRECTORY/ADMIN_USER_PWD )"
-            export SECRET_KEY_BASE="$(< $CREDENTIALS_DIRECTORY/SECRET_KEY_BASE )"
+  # systemd.services.plausible.script =
+  # let cfg = config.services.plausible; in lib.mkForce ''
+  #               # Elixir does not start up if `RELEASE_COOKIE` is not set,
+  #           # even though we set `RELEASE_DISTRIBUTION=none` so the cookie should be unused.
+  #           # Thus, make a random one, which should then be ignored.
+  #           export RELEASE_COOKIE=$(tr -dc A-Za-z0-9 < /dev/urandom | head -c 20)
+  #           export ADMIN_USER_PWD="$(< $CREDENTIALS_DIRECTORY/ADMIN_USER_PWD )"
+  #           export SECRET_KEY_BASE="$(< $CREDENTIALS_DIRECTORY/SECRET_KEY_BASE )"

-            ${lib.optionalString (
-              cfg.mail.smtp.passwordFile != null
-            ) ''export SMTP_USER_PWD="$(< $CREDENTIALS_DIRECTORY/SMTP_USER_PWD )"''}
+  #           ${lib.optionalString (
+  #             cfg.mail.smtp.passwordFile != null
+  #           ) ''export SMTP_USER_PWD="$(< $CREDENTIALS_DIRECTORY/SMTP_USER_PWD )"''}

-            echo setup
-            ${lib.optionalString cfg.database.postgres.setup ''
-              # setup
-              ${cfg.package}/createdb.sh
-            ''}
+  #           echo setup
+  #           ${lib.optionalString cfg.database.postgres.setup ''
+  #             # setup
+  #             ${cfg.package}/createdb.sh
+  #           ''}

-            echo migrate
-            ${cfg.package}/migrate.sh
-            export IP_GEOLOCATION_DB=${pkgs.dbip-country-lite}/share/dbip/dbip-country-lite.mmdb
-            # ${cfg.package}/bin/plausible eval "(Plausible.Release.prepare() ; Plausible.Auth.create_user(\"$ADMIN_USER_NAME\", \"$ADMIN_USER_EMAIL\", \"$ADMIN_USER_PWD\"))"
-            ${lib.optionalString cfg.adminUser.activate ''
-              psql -d plausible <<< "UPDATE users SET email_verified=true where email = '$ADMIN_USER_EMAIL';"
-            ''}
+  #           echo migrate
+  #           ${cfg.package}/migrate.sh
+  #           export IP_GEOLOCATION_DB=${pkgs.dbip-country-lite}/share/dbip/dbip-country-lite.mmdb
+  #           # ${cfg.package}/bin/plausible eval "(Plausible.Release.prepare() ; Plausible.Auth.create_user(\"$ADMIN_USER_NAME\", \"$ADMIN_USER_EMAIL\", \"$ADMIN_USER_PWD\"))"

-            echo start
-            exec plausible start
+  #           echo start
+  #           exec plausible start
      
-    '';
+  #   '';
  services.plausible = {
    enable = true;
    package = pkgs.unstable.plausible;
    # releaseCookiePath = config.age.secrets.plausibleSecretKeybase.path;

-    adminUser = {
-      # activate is used to skip the email verification of the admin-user that's
-      # automatically created by plausible. This is only supported if
-      # postgresql is configured by the module. This is done by default, but
-      # can be turned off with services.plausible.database.postgres.setup.
-      activate = true;
-      email = "plausible@xyno.space";
-      passwordFile = config.age.secrets.plausibleAdminPw.path;
-    };
+    # adminUser = {
+    #   # activate is used to skip the email verification of the admin-user that's
+    #   # automatically created by plausible. This is only supported if
+    #   # postgresql is configured by the module. This is done by default, but
+    #   # can be turned off with services.plausible.database.postgres.setup.
+    #   activate = true;
+    #   email = "plausible@xyno.space";
+    #   passwordFile = config.age.secrets.plausibleAdminPw.path;
+    # };

    server = {
      baseUrl = "https://${domain}";
--- a/hosts/picard/xynospace-matrix.nix
+++ b/hosts/picard/xynospace-matrix.nix
@ -1,4 +1,4 @@
-{ config, pkgs, lib, ... }:
+{ config, pkgs, lib,inputs, ... }:
 let
  fqdn = "matrix.xyno.space";
  serverName = "xyno.space";
@ -62,7 +62,12 @@ in
  containers.xynospace-matrix = let ms = config.age.secrets.matrixSecrets.path; unst = pkgs.unstable; in {
    config = { config, pkgs, ... }: {
      nixpkgs.overlays = [(self: super: {
-        matrix-synapse-unwrapped = unst.matrix-synapse-unwrapped;
+        matrix-synapse-unwrapped = super.matrix-synapse-unwrapped.overrideAttrs (super: self: {
+          src = inputs.synapse;
+          # cargoHash = "sha256-XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX=";
+
+          
+        });
      })];
      system.stateVersion = stateVer;
      networking.firewall.allowedTCPPorts = [ 8008 ];
--- a/nixos-modules/services/bitwarden.nix
+++ b/nixos-modules/services/bitwarden.nix
@ -7,7 +7,7 @@ in
  options.ragon.services.bitwarden.domain =
    lib.mkOption {
      type = lib.types.str;
-      default = "bw.ragon.xyz";
+      default = "bw.xyno.systems";
    };
  config = lib.mkIf cfg.enable {
    services.vaultwarden = {
--- a/nixos-modules/services/caddy/custom-caddy.nix
+++ b/nixos-modules/services/caddy/custom-caddy.nix
@ -37,7 +37,7 @@ caddy.override {
        cp -r --reflink=auto . $out
      '';

-      outputHash = "sha256-ZNimtuxtSz1mRZ9V0h/0jAyvwGb+OvfZSzHRaySTEWU=";
+      outputHash = "sha256-r4+WK8UhGLAuIvdV6uiH2bMh/SjTfY4CzKcpHU0Gu5s=";
      outputHashMode = "recursive";
    };