the unfuckening

hm-modules/cli.nix

@@ -28,6 +28,7 @@
     vim = "nvim";
     gpl = "git pull";
     gp = "git push";
+    gpf = "git push --force-with-lease";
     gd = "git diff";
     lg = "lazygit";
     gc = "git commit -v";

hm-modules/xonsh/default.nix

@@ -28,6 +28,8 @@ let
         })
       ];
     };
+
+    aliasesJson = pkgs.writeText "shell-aliases.json" (builtins.toJSON config.home.shellAliases);
 in
 {
   options.ragon.xonsh.enable = lib.mkOption { default = false; };
@@ -42,6 +44,11 @@ in
       $PROMPT = '{gitstatus:{RESET}[{}{RESET}] }{sshhostname:{} }{BOLD_GREEN}{short_cwd}{RED}{last_return_code_if_nonzero: [{BOLD_INTENSE_RED}{}{RED}] }{RESET}{BOLD_BLUE}{RESET}> '
       $VI_MODE = True
 
+
+      with open("${aliasesJson}") as f_in:
+        import json
+        aliases |= json.load(f_in)
+
       # https://xon.sh/xonshrc.html?highlight=nix#use-the-nix-package-manager-with-xonsh
       import os.path
       if os.path.exists(f"{$HOME}/.nix-profile") and not __xonsh__.env.get("NIX_PATH"):

hosts/ds9/default.nix

@@ -6,10 +6,11 @@ in
 {
   imports =
     [
-      # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+
       ./backup.nix
       ./plex.nix
-      ./hardware-configuration.nix
+      ./samba.nix
 
       ../../nixos-modules/networking/tailscale.nix
       ../../nixos-modules/services/docker.nix
@@ -45,7 +46,6 @@ in
   networking.bridges."br0".interfaces = [ ];
   networking.hostId = "7b4c2932";
   networking.firewall.allowedTCPPorts = [ 9000 25565 ];
-  boot.binfmt.emulatedSystems = [ "aarch64-linux" "armv7l-linux" ];
   boot.initrd.network = {
     enable = true;
     postCommands = ''
@@ -67,50 +67,9 @@ in
   };
   boot.kernel.sysctl."fs.inotify.max_user_instances" = 512;
 
-  services.avahi.enable = true;
-  services.avahi.nssmdns = true;
-  services.avahi.publish.enable = true;
-  services.avahi.extraServiceFiles.smb = ''
-    <?xml version="1.0" standalone='no'?>
-    <!DOCTYPE service-group SYSTEM "avahi-service.dtd">
-    <service-group>
-      <name replace-wildcards="yes">%h</name>
-      <service>
-        <type>_smb._tcp</type>
-        <port>445</port>
-        <host-name>ds9.kangaroo-galaxy.ts.net</host-name>
-      </service>
-      <service>
-        <type>_device-info._tcp</type>
-        <port>0</port>
-        <txt-record>model=MacPro7,1@ECOLOR=226,226,224</txt-record>
-      </service>
-      <service>
-        <type>_adisk._tcp</type>
-        <txt-record>sys=waMa=0,adVF=0x100</txt-record>
-        <txt-record>dk0=adVN=TimeMachine,adVF=0x82</txt-record>
-        <host-name>ds9.kangaroo-galaxy.ts.net</host-name>
-      </service>
-    </service-group>
-  '';
-
   # Immutable users due to tmpfs
   users.mutableUsers = false;
 
-  services.samba.extraConfig = ''
-    min protocol = SMB3
-    vfs objects = acl_xattr catia fruit streams_xattr
-    fruit:nfs_aces = no
-    inherit permissions = yes
-    fruit:posix_rename = yes
-    fruit:resource = xattr
-    fruit:model = MacSamba
-    fruit:veto_appledouble = no
-    fruit:wipe_intentionally_left_blank_rfork = yes 
-    fruit:delete_empty_adfiles = yes 
-    fruit:metadata = stream
-  '';
-
   users.users.bzzt = {
     description = "bzzt server service user";
     home = "/var/lib/bzzt";
@@ -209,26 +168,6 @@ in
 
     services = {
       caddy.enable = true;
-      samba.enable = true;
-      samba.shares = {
-        TimeMachine = {
-          path = "/backups/DaedalusTimeMachine";
-          comment = "DaedalusTimeMachine";
-          "write list" = "@wheel";
-          "read only" = "no";
-          "writable" = "yes";
-          "browseable" = "yes";
-          "fruit:time machine" = "yes";
-          "fruit:time machine max size" = "2050G";
-          "vfs objects" = "acl_xattr fruit streams_xattr";
-          "inherit acls" = "yes";
-        };
-        data = {
-          path = "/data";
-          comment = "some data for the people";
-          "write list" = "@wheel";
-        };
-      };
       docker.enable = true;
       ssh.enable = true;
       msmtp.enable = true;

hosts/ds9/samba.nix

@@ -0,0 +1,66 @@
+{ config, pkgs, lib, ... }: {
+  services.samba.extraConfig = ''
+    min protocol = SMB3
+    vfs objects = acl_xattr catia fruit streams_xattr
+    fruit:nfs_aces = no
+    inherit permissions = yes
+    fruit:posix_rename = yes
+    fruit:resource = xattr
+    fruit:model = MacSamba
+    fruit:veto_appledouble = no
+    fruit:wipe_intentionally_left_blank_rfork = yes 
+    fruit:delete_empty_adfiles = yes 
+    fruit:metadata = stream
+  '';
+
+  services.avahi.enable = true;
+  services.avahi.nssmdns = true;
+  services.avahi.publish.enable = true;
+  services.avahi.extraServiceFiles.smb = ''
+    <?xml version="1.0" standalone='no'?>
+    <!DOCTYPE service-group SYSTEM "avahi-service.dtd">
+    <service-group>
+      <name replace-wildcards="yes">%h</name>
+      <service>
+        <type>_smb._tcp</type>
+        <port>445</port>
+        <host-name>ds9.kangaroo-galaxy.ts.net</host-name>
+      </service>
+      <service>
+        <type>_device-info._tcp</type>
+        <port>0</port>
+        <txt-record>model=MacPro7,1@ECOLOR=226,226,224</txt-record>
+      </service>
+      <service>
+        <type>_adisk._tcp</type>
+        <txt-record>sys=waMa=0,adVF=0x100</txt-record>
+        <txt-record>dk0=adVN=TimeMachine,adVF=0x82</txt-record>
+        <host-name>ds9.kangaroo-galaxy.ts.net</host-name>
+      </service>
+    </service-group>
+  '';
+
+  ragon.services = {
+      samba.enable = true;
+      samba.shares = {
+        TimeMachine = {
+          path = "/backups/DaedalusTimeMachine";
+          comment = "DaedalusTimeMachine";
+          "write list" = "@wheel";
+          "read only" = "no";
+          "writable" = "yes";
+          "browseable" = "yes";
+          "fruit:time machine" = "yes";
+          "fruit:time machine max size" = "2050G";
+          "vfs objects" = "acl_xattr fruit streams_xattr";
+          "inherit acls" = "yes";
+        };
+        data = {
+          path = "/data";
+          comment = "some data for the people";
+          "write list" = "@wheel";
+        };
+      };
+  };
+
+}

hosts/picard/custom-caddy.nix

@@ -1,107 +0,0 @@
-# see https://github.com/NixOS/nixpkgs/pull/259275
-{ lib
-, buildGoModule
-, fetchFromGitHub
-, gnused
-, nixosTests
-, caddy
-, testers
-, installShellFiles
-, externalPlugins ? [ ]
-, vendorHash ? "sha256-YNcQtjPGQ0XMSog+sWlH4lG/QdbdI0Lyh/fUGqQUFaY="
-}:
-
-let
-  attrsToModules = attrs:
-    builtins.map ({ name, repo, version }: "${repo}") attrs;
-  attrsToSources = attrs:
-    builtins.map ({ name, repo, version }: "${repo}@${version}") attrs;
-in
-buildGoModule rec {
-  pname = "caddy";
-  version = "2.7.5";
-
-  dist = fetchFromGitHub {
-    owner = "caddyserver";
-    repo = "dist";
-    rev = "v${version}";
-    hash = "sha256-aZ7hdAZJH1PvrX9GQLzLquzzZG3LZSKOvt7sWQhTiR8=";
-  };
-
-  src = fetchFromGitHub {
-    owner = "caddyserver";
-    repo = "caddy";
-    rev = "v${version}";
-    hash = "sha256-0IZZ7mkEzZI2Y8ed//m0tbBQZ0YcCXA0/b10ntNIXUk=";
-  };
-
-  inherit vendorHash;
-
-  subPackages = [ "cmd/caddy" ];
-
-  ldflags = [
-    "-s"
-    "-w"
-    "-X github.com/caddyserver/caddy/v2.CustomVersion=${version}"
-  ];
-
-  nativeBuildInputs = [ gnused installShellFiles ];
-
-  modBuildPhase = ''
-    for module in ${builtins.toString (attrsToModules externalPlugins)}; do
-      sed -i "/standard/a _ \"$module\"" ./cmd/caddy/main.go
-    done
-    for plugin in ${builtins.toString (attrsToSources externalPlugins)}; do
-      go get $plugin
-    done
-
-    go generate
-    go mod vendor
-  '';
-
-  modInstallPhase = ''
-    mv -t vendor go.mod go.sum
-    cp -r --reflink=auto vendor "$out"
-  '';
-
-  preBuild = ''
-    chmod -R u+w vendor
-    [ -f vendor/go.mod ] && mv -t . vendor/go.{mod,sum}
-    go generate
-
-    for module in ${builtins.toString (attrsToModules externalPlugins)}; do
-      sed -i "/standard/a _ \"$module\"" ./cmd/caddy/main.go
-    done
-  '';
-
-  postInstall = ''
-    install -Dm644 ${dist}/init/caddy.service ${dist}/init/caddy-api.service -t $out/lib/systemd/system
-
-    substituteInPlace $out/lib/systemd/system/caddy.service --replace "/usr/bin/caddy" "$out/bin/caddy"
-    substituteInPlace $out/lib/systemd/system/caddy-api.service --replace "/usr/bin/caddy" "$out/bin/caddy"
-
-    $out/bin/caddy manpage --directory manpages
-    installManPage manpages/*
-
-    installShellCompletion --cmd caddy \
-      --bash <($out/bin/caddy completion bash) \
-      --fish <($out/bin/caddy completion fish) \
-      --zsh <($out/bin/caddy completion zsh)
-  '';
-
-  passthru.tests = {
-    inherit (nixosTests) caddy;
-    version = testers.testVersion {
-      command = "${caddy}/bin/caddy version";
-      package = caddy;
-    };
-  };
-
-  meta = with lib; {
-    homepage = "https://caddyserver.com";
-    description = "Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS";
-    license = licenses.asl20;
-    mainProgram = "caddy";
-    maintainers = with maintainers; [ Br1ght0ne emilylange techknowlogick ];
-  };
-}

hosts/picard/default.nix

@@ -11,6 +11,17 @@
       ./hardware-configuration.nix
       ./xynospace-matrix.nix
       ./plausible.nix
+
+      ../../nixos-modules/system/persist.nix
+      ../../nixos-modules/system/fs.nix
+      ../../nixos-modules/system/security.nix
+      ../../nixos-modules/services/ssh.nix
+      ../../nixos-modules/services/msmtp.nix
+      ../../nixos-modules/services/bitwarden.nix
+      ../../nixos-modules/networking/tailscale.nix
+      ../../nixos-modules/services/authelia.nix
+      ../../nixos-modules/services/hedgedoc.nix
+      ../../nixos-modules/services/ts3.nix
     ];
 
   documentation.enable = false;
@@ -48,12 +59,6 @@
   services.caddy = {
     logFormat = "level INFO";
     enable = true;
-    package = (pkgs.callPackage ./custom-caddy.nix {
-      externalPlugins = [
-        { name = "desec"; repo = "github.com/caddy-dns/desec"; version = "e1e64971fe34c29ce3f4176464adb84d6890aa50"; }
-      ];
-      vendorHash = "sha256-WWMR4ZpUcDmIv355LBuN5TqVfiCc0+Byxw8LnYei4fs=";
-    });
     globalConfig = ''
       acme_dns desec {
         token "{$TOKEN}"
@@ -238,24 +243,36 @@
   services.xynoblog.enable = true;
   services.lolpizza2.enable = true;
   programs.mosh.enable = true;
+
+  home-manager.users.ragon = { pkgs, lib, inputs, config, ...}: {
+      imports = [
+        ../../hm-modules/nvim
+        ../../hm-modules/zsh
+        ../../hm-modules/tmux
+        ../../hm-modules/xonsh
+        ../../hm-modules/cli.nix
+        ../../hm-modules/files.nix
+      ];
+      ragon.xonsh.enable = true;
+
+      programs.home-manager.enable = true;
+      home.stateVersion = "23.11";
+  };
+
   ragon = {
-    cli.enable = true;
     user.enable = true;
     persist.enable = true;
     persist.extraDirectories = [ "/srv/www" config.services.caddy.dataDir "/var/lib/syncthing" "/var/lib/${config.services.xynoblog.stateDirectory}" "/var/lib/postgresql" config.services.forgejo.stateDir ];
 
     services = {
+      caddy.enable = true;
       ssh.enable = true;
       msmtp.enable = true;
       bitwarden.enable = true;
-      synapse.enable = false;
       tailscale.enable = true;
       hedgedoc.enable = true;
       authelia.enable = true;
       ts3.enable = true;
-      nginx.enable = false;
-      nginx.domain = "ragon.xyz";
-      nginx.domains = [ "xyno.space" "xyno.systems" "czi.dating" ];
     };
 
   };

hosts/picard/plausible.nix

@@ -7,12 +7,6 @@ in {
   ragon.agenix.secrets."plausibleGoogleClientId" = { };
   ragon.agenix.secrets."plausibleGoogleClientSecret" = { };
   ragon.agenix.secrets."smtpPassword" = { };
-  services.nginx.virtualHosts.${domain} = {
-    forceSSL = true;
-    enableACME = true;
-    locations."/".proxyPass =
-      "http://127.0.0.1:${toString config.services.plausible.server.port}";
-  };
   systemd.services.plausible.serviceConfig.LoadCredential = [
     "GOOGLE_CLIENT_ID:${config.age.secrets.plausibleGoogleClientId.path}"
     "GOOGLE_CLIENT_SECRET:${config.age.secrets.plausibleGoogleClientSecret.path}"