Compare commits
7 Commits
matrix-rtc
...
81ea7f695e
| Author | SHA1 | Date | |
|---|---|---|---|
| 81ea7f695e | |||
| ea7707d050 | |||
| 30a54caa03 | |||
| 3ed6781ae1 | |||
| 3418e577c5 | |||
| 2741e25585 | |||
| e9aed100af |
43
AGENTS.md
43
AGENTS.md
@@ -4,28 +4,8 @@ This repository contains NixOS, nix-darwin, and Home Manager configurations in N
|
||||
|
||||
## Build, Test, and Deployment Commands
|
||||
|
||||
### Build and Apply Configurations
|
||||
|
||||
**Linux (NixOS):**
|
||||
```bash
|
||||
just build # Build configuration
|
||||
just install cores='32' # Apply with 32 cores
|
||||
sudo nixos-rebuild test --fast --flake . # Test without activation
|
||||
sudo nixos-rebuild switch --rollback --flake . # Rollback
|
||||
```
|
||||
|
||||
**macOS (nix-darwin):**
|
||||
```bash
|
||||
just build # Build configuration
|
||||
just install # Apply configuration
|
||||
```
|
||||
|
||||
**Home Manager:**
|
||||
```bash
|
||||
just home
|
||||
```
|
||||
|
||||
### Deploy to Remote Machines (deploy-rs)
|
||||
### Build and Apply Configurations & Deploy to Remote Machines
|
||||
Can use deploy for both local and remote hosts
|
||||
|
||||
```bash
|
||||
deploy -s .#ryu # Desktop (x86_64-linux)
|
||||
@@ -35,6 +15,23 @@ deploy -s .#kuro # MacBook M4 Pro (aarch64-darwin)
|
||||
deploy -s .#shiro # Mac Mini M4 (aarch64-darwin)
|
||||
```
|
||||
|
||||
**Linux (NixOS):**
|
||||
```bash
|
||||
deploy -s .#ryu
|
||||
deploy -s .#tako
|
||||
deploy -s .#tako --builders '' --cores 32 # with no other builders and 32 cores
|
||||
deploy -s .#ryu --max-jobs 4 --cores 32 # use 32 cores and 4 parallel derivations
|
||||
sudo nixos-rebuild test --fast --flake . # Test without activation
|
||||
sudo nixos-rebuild switch --rollback --flake . # Rollback
|
||||
```
|
||||
|
||||
**macOS (nix-darwin):**
|
||||
```bash
|
||||
deploy -s .#kuro
|
||||
deploy -s .#shiro
|
||||
sudo nix-darwin test --fast --flake .
|
||||
```
|
||||
|
||||
### Validation and Formatting
|
||||
|
||||
```bash
|
||||
@@ -164,7 +161,7 @@ just add program myprogram # Creates home/programs/myprogram.nix and adds impor
|
||||
|
||||
### Adding a new dns entry
|
||||
```bash
|
||||
cfcli add --type A foobar.bazbar.biz 192.168.0.1
|
||||
cfcli add --type A foobar.bazbar.biz 100.102.64.19
|
||||
```
|
||||
|
||||
### Creating a Module
|
||||
|
||||
@@ -9,7 +9,7 @@
|
||||
inputs.zen-browser.homeModules.beta
|
||||
];
|
||||
programs.zen-browser = {
|
||||
enable = device.isLinux;
|
||||
enable = true;
|
||||
profiles.default = {
|
||||
containersForce = true;
|
||||
containers = {
|
||||
|
||||
@@ -21,9 +21,9 @@
|
||||
# ./headscale.nix
|
||||
./immich.nix
|
||||
./kellnr.nix
|
||||
# ./llms.nix
|
||||
./llms.nix
|
||||
./matrix
|
||||
# ./monitoring.nix
|
||||
./monitoring.nix
|
||||
# ./paperless.nix
|
||||
./prowlarr.nix
|
||||
# ./searxng.nix
|
||||
|
||||
@@ -198,19 +198,19 @@
|
||||
reverse_proxy localhost:${builtins.toString config.services.homepage-dashboard.listenPort}
|
||||
'';
|
||||
};
|
||||
# authelia = {
|
||||
# instances.darksailor = {
|
||||
# settings = {
|
||||
# access_control = {
|
||||
# rules = [
|
||||
# {
|
||||
# domain = "dashboard.darksailor.dev";
|
||||
# policy = "one_factor";
|
||||
# }
|
||||
# ];
|
||||
# };
|
||||
# };
|
||||
# };
|
||||
# };
|
||||
authelia = {
|
||||
instances.darksailor = {
|
||||
settings = {
|
||||
access_control = {
|
||||
rules = [
|
||||
{
|
||||
domain = "dashboard.darksailor.dev";
|
||||
policy = "one_factor";
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
@@ -8,19 +8,16 @@
|
||||
client_id = "tuwunel";
|
||||
rtc_domain = "matrix-rtc.${base_domain}";
|
||||
jwt_port = 8081;
|
||||
elementConfig = builtins.toJSON {
|
||||
default_server_config = {
|
||||
"m.homeserver" = {
|
||||
base_url = "https://matrix.${base_domain}";
|
||||
};
|
||||
};
|
||||
sso_redirect_options = {
|
||||
immediate = false;
|
||||
on_welcome_page = true;
|
||||
on_login_page = true;
|
||||
cinnyConfig = builtins.toJSON {
|
||||
defaultHomeserver = 0;
|
||||
homeserverList = ["darksailor.dev" "matrix.org"];
|
||||
allowCustomHomeservers = false;
|
||||
hashRouter = {
|
||||
enabled = true;
|
||||
basename = "/";
|
||||
};
|
||||
};
|
||||
elementConfigFile = pkgs.writeText "element-config.json" elementConfig;
|
||||
cinnyConfigFile = pkgs.writeText "cinny-config.json" cinnyConfig;
|
||||
in {
|
||||
sops = {
|
||||
secrets."tuwunel/client_id" = {
|
||||
@@ -75,13 +72,18 @@ in {
|
||||
};
|
||||
services.caddy.virtualHosts = {
|
||||
"matrix.${base_domain}".extraConfig = ''
|
||||
reverse_proxy /_matrix/* localhost:${toString port}
|
||||
handle /_matrix/* {
|
||||
reverse_proxy /_matrix/* localhost:${toString port}
|
||||
}
|
||||
handle_path /config.json {
|
||||
file_server
|
||||
root ${elementConfigFile}
|
||||
root ${cinnyConfigFile}
|
||||
}
|
||||
handle {
|
||||
root * ${pkgs.cinny}
|
||||
try_files {path} /index.html
|
||||
file_server
|
||||
}
|
||||
root * ${pkgs.element-web}
|
||||
file_server
|
||||
'';
|
||||
"${base_domain}".extraConfig = ''
|
||||
reverse_proxy /.well-known/* localhost:${toString port}
|
||||
|
||||
@@ -23,6 +23,9 @@
|
||||
caddy = 2019;
|
||||
};
|
||||
in {
|
||||
sops.secrets."grafana/secret_key" = {
|
||||
owner = "grafana";
|
||||
};
|
||||
# Grafana configuration with Authelia integration
|
||||
services.grafana = {
|
||||
enable = true;
|
||||
@@ -54,6 +57,7 @@ in {
|
||||
security = {
|
||||
disable_gravatar = true;
|
||||
cookie_secure = true;
|
||||
secret_key = ''$__file{${config.sops.secrets."grafana/secret_key".path}}'';
|
||||
};
|
||||
|
||||
analytics = {
|
||||
|
||||
@@ -79,7 +79,7 @@ minecraft:
|
||||
modded: ENC[AES256_GCM,data:6itrol9NObR3TczEeOa7wkykgqkpDus0VkHBRpU6VdQ=,iv:F56uYdHozJvkJ+m18aviTWzCrLfW2VcxkbOqpnRiniA=,tag:WLKA+uIJJtlDfMMOn0ak7Q==,type:str]
|
||||
grafana:
|
||||
adminPassword: ENC[AES256_GCM,data:im6FJVlVUoZg+9W6KmsqtloH4nB6AhXOcia5waRyFKj2DoQlt4jhPH1CFvw=,iv://D6aD/fGl7h4KmtQcQ0TQLWLfKdIs4+EMg2LWjPHvg=,tag:6gHu/V0V0a8GpcgA/hUwXg==,type:str]
|
||||
secretKey: ENC[AES256_GCM,data:LD0x8Fa6SU1+6mwxLkKa/o+ZqeuRIr7o/AKS7EmrDYj0vzrA3/FjViVJNfkOJDch9TbVyjIpk2ZLwxHXOZx7MA==,iv:t6UwZj2JZpMIDsDDeJ4rZah4aBoMIKaoiu9VU2VhViE=,tag:MIz/b8JWYtOpUCcg6gYhJg==,type:str]
|
||||
secret_key: ENC[AES256_GCM,data:QkNTWQyQGgD/zJ0C0nkqTuxJXCx/hqwFH1XrJEGcIB7U3PUNdMpvTYrazgGRUcfEUjMeCIbUgYcamrPJJgaBsA==,iv:RZa79OtDS74JErBk/j5wg/p02Rd4zCXLi4LQGffHLmU=,tag:sbsovzFXj3xmDIF+ACwPgQ==,type:str]
|
||||
discord:
|
||||
token: ENC[AES256_GCM,data:M6TayHpIa0J1w3zVRKPPU0P/f18UXOpxzU7fjKNCx8YxzSAaQfY52S5XpiqDgjPWfWdSxzG2VVDqu1708Vwofa8IRKwWafam,iv:x0ySoaS68aLRVUcQin096RoeQGRELvNwdFJxezPj/cA=,tag:Omv5uL97y7ZTI8juVJFNug==,type:str]
|
||||
lastfm:
|
||||
@@ -119,7 +119,7 @@ sops:
|
||||
VGZKdHpVeFRpQUxtSEkyaEhLMlBJcGsKLb0DvPNZosPBUuiX6qz1s5IO5INQh8CK
|
||||
ZtXTVClwMSmaUYhdSB2gKFrKVZHXTJZ4oAL5t/BpC0pOHyr+o96T3Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2026-02-19T21:23:49Z"
|
||||
mac: ENC[AES256_GCM,data:Pey0VPpH1lZazbAqHrrwuoEHZL2Pi7uMV/tR8aLGI958JHDxuHZK41YEOsMa+aiOtiJclgRvO8iOb0oDESsVO5hDTCou7/sJe2Epk62lEclTiho+QnjhnEmP2qYcuWfR1PVwk/n/wkPWm+rBsYGH7PpQZeYUznWQaHPZPFNnIPw=,iv:KTe0Quu/MJA17BivQDCTnBi5IAGtq6x0GKaqm4MuUUo=,tag:IPehj8blXzuEr0HN85y4eg==,type:str]
|
||||
lastmodified: "2026-02-24T08:02:58Z"
|
||||
mac: ENC[AES256_GCM,data:JzKh6k1nzp2sTDXFG0/bJbBSksCri2WIcXU0C+cyCg6hHzQMsKc36xSRfyrytW8r6rCooJRlC46nPYvFH9JhG/1uIAx4QU/PAvgzEKvXOQi2xXULajpEeCAdmU8TERl3to9JCTAhCbV7oibzOalC6WbVOfhQvqBYWN2JamwCHwc=,iv:oMmpcadFUZT5mdMQ8BzGoKKdpV2PvtaoXhOsKSYUGII=,tag:cdBim93M98OcSNZsmPQ57A==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.11.0
|
||||
|
||||
Reference in New Issue
Block a user