servius/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: servius:matrix-rtc
Branches Tags
servius:master servius:matrix-rtc
..
compare: servius:81ea7f695e018549511f0457bf8a642344fa4455
Branches Tags
servius:master servius:matrix-rtc

7 Commits
matrix-rtc ... 81ea7f695e

Author SHA1 Message Date
servius
81ea7f695e feat: Update cinny to use hashRouter and update caddy reverse proxy
All checks were successful
Flake checker / Build Nix targets (push) Successful in 9m22s
Details
2026-02-24 13:50:59 +05:30
servius
ea7707d050 feat: Use Grafana secretKey 2026-02-24 13:24:30 +05:30
servius
30a54caa03 refactor(matrix): update matrix config to Cinny
All checks were successful
Flake checker / Build Nix targets (push) Successful in 9m32s
Details
2026-02-24 13:06:04 +05:30
servius
3ed6781ae1 chore: enable zen-browser flake on all devices
All checks were successful
Flake checker / Build Nix targets (push) Successful in 9m29s
Details
2026-02-24 11:11:11 +05:30
servius
3418e577c5 docs(AGENTS.md): update build & deploy commands and example IP 2026-02-24 10:29:37 +05:30
servius
2741e25585 feat: enable stuff
All checks were successful
Flake checker / Build Nix targets (push) Successful in 9m23s
Details
2026-02-23 18:42:31 +05:30
Servius
e9aed100af Merge pull request 'feat: add matrix-rtc' (#1) from matrix-rtc into master
All checks were successful
Flake checker / Build Nix targets (push) Successful in 9m28s
Details 
Reviewed-on: #1
 2026-02-23 19:42:06 +08:00
7 changed files with 61 additions and 58 deletions
Expand all files Collapse all files

43
AGENTS.md
View File

@@ -4,28 +4,8 @@ This repository contains NixOS, nix-darwin, and Home Manager configurations in N
## Build, Test, and Deployment Commands
### Build and Apply Configurations
**Linux (NixOS):**
```bash
just build # Build configuration
just install cores='32' # Apply with 32 cores
sudo nixos-rebuild test --fast --flake . # Test without activation
sudo nixos-rebuild switch --rollback --flake . # Rollback
```
**macOS (nix-darwin):**
```bash
just build # Build configuration
just install # Apply configuration
```
**Home Manager:**
```bash
just home
```
### Deploy to Remote Machines (deploy-rs)
### Build and Apply Configurations & Deploy to Remote Machines
Can use deploy for both local and remote hosts
```bash
deploy -s .#ryu # Desktop (x86_64-linux)
@@ -35,6 +15,23 @@ deploy -s .#kuro # MacBook M4 Pro (aarch64-darwin)
deploy -s .#shiro # Mac Mini M4 (aarch64-darwin)
```
**Linux (NixOS):**
```bash
deploy -s .#ryu
deploy -s .#tako
deploy -s .#tako --builders '' --cores 32 # with no other builders and 32 cores
deploy -s .#ryu --max-jobs 4 --cores 32 # use 32 cores and 4 parallel derivations
sudo nixos-rebuild test --fast --flake . # Test without activation
sudo nixos-rebuild switch --rollback --flake . # Rollback
```
**macOS (nix-darwin):**
```bash
deploy -s .#kuro
deploy -s .#shiro
sudo nix-darwin test --fast --flake .
```
### Validation and Formatting
```bash
@@ -164,7 +161,7 @@ just add program myprogram # Creates home/programs/myprogram.nix and adds impor
### Adding a new dns entry
```bash
cfcli add --type A foobar.bazbar.biz 192.168.0.1
cfcli add --type A foobar.bazbar.biz 100.102.64.19
```
### Creating a Module

2
home/apps/zen.nix
View File

@@ -9,7 +9,7 @@
inputs.zen-browser.homeModules.beta
];
programs.zen-browser = {
enable = device.isLinux;
enable = true;
profiles.default = {
containersForce = true;
containers = {

4
nixos/tako/services/default.nix
View File

@@ -21,9 +21,9 @@
# ./headscale.nix
./immich.nix
./kellnr.nix
# ./llms.nix
./llms.nix
./matrix
# ./monitoring.nix
./monitoring.nix
# ./paperless.nix
./prowlarr.nix
# ./searxng.nix

28
nixos/tako/services/homepage.nix
View File

@@ -198,19 +198,19 @@
reverse_proxy localhost:${builtins.toString config.services.homepage-dashboard.listenPort}
'';
};
# authelia = {
# instances.darksailor = {
# settings = {
# access_control = {
# rules = [
# {
# domain = "dashboard.darksailor.dev";
# policy = "one_factor";
# }
# ];
# };
# };
# };
# };
authelia = {
instances.darksailor = {
settings = {
access_control = {
rules = [
{
domain = "dashboard.darksailor.dev";
policy = "one_factor";
}
];
};
};
};
};
};
}

28
nixos/tako/services/matrix/tuwunel.nix
View File

@@ -8,19 +8,16 @@
client_id = "tuwunel";
rtc_domain = "matrix-rtc.${base_domain}";
jwt_port = 8081;
elementConfig = builtins.toJSON {
default_server_config = {
"m.homeserver" = {
base_url = "https://matrix.${base_domain}";
cinnyConfig = builtins.toJSON {
defaultHomeserver = 0;
homeserverList = ["darksailor.dev" "matrix.org"];
allowCustomHomeservers = false;
hashRouter = {
enabled = true;
basename = "/";
};
};
sso_redirect_options = {
immediate = false;
on_welcome_page = true;
on_login_page = true;
};
};
elementConfigFile = pkgs.writeText "element-config.json" elementConfig;
cinnyConfigFile = pkgs.writeText "cinny-config.json" cinnyConfig;
in {
sops = {
secrets."tuwunel/client_id" = {
@@ -75,13 +72,18 @@ in {
};
services.caddy.virtualHosts = {
"matrix.${base_domain}".extraConfig = ''
handle /_matrix/* {
reverse_proxy /_matrix/* localhost:${toString port}
}
handle_path /config.json {
file_server
root ${elementConfigFile}
root ${cinnyConfigFile}
}
root * ${pkgs.element-web}
handle {
root * ${pkgs.cinny}
try_files {path} /index.html
file_server
}
'';
"${base_domain}".extraConfig = ''
reverse_proxy /.well-known/* localhost:${toString port}

4
nixos/tako/services/monitoring.nix
View File

@@ -23,6 +23,9 @@
caddy = 2019;
};
in {
sops.secrets."grafana/secret_key" = {
owner = "grafana";
};
# Grafana configuration with Authelia integration
services.grafana = {
enable = true;
@@ -54,6 +57,7 @@ in {
security = {
disable_gravatar = true;
cookie_secure = true;
secret_key = ''$__file{${config.sops.secrets."grafana/secret_key".path}}'';
};
analytics = {

6
secrets/secrets.yaml
View File

@@ -79,7 +79,7 @@ minecraft:
modded: ENC[AES256_GCM,data:6itrol9NObR3TczEeOa7wkykgqkpDus0VkHBRpU6VdQ=,iv:F56uYdHozJvkJ+m18aviTWzCrLfW2VcxkbOqpnRiniA=,tag:WLKA+uIJJtlDfMMOn0ak7Q==,type:str]
grafana:
adminPassword: ENC[AES256_GCM,data:im6FJVlVUoZg+9W6KmsqtloH4nB6AhXOcia5waRyFKj2DoQlt4jhPH1CFvw=,iv://D6aD/fGl7h4KmtQcQ0TQLWLfKdIs4+EMg2LWjPHvg=,tag:6gHu/V0V0a8GpcgA/hUwXg==,type:str]
secretKey: ENC[AES256_GCM,data:LD0x8Fa6SU1+6mwxLkKa/o+ZqeuRIr7o/AKS7EmrDYj0vzrA3/FjViVJNfkOJDch9TbVyjIpk2ZLwxHXOZx7MA==,iv:t6UwZj2JZpMIDsDDeJ4rZah4aBoMIKaoiu9VU2VhViE=,tag:MIz/b8JWYtOpUCcg6gYhJg==,type:str]
secret_key: ENC[AES256_GCM,data:QkNTWQyQGgD/zJ0C0nkqTuxJXCx/hqwFH1XrJEGcIB7U3PUNdMpvTYrazgGRUcfEUjMeCIbUgYcamrPJJgaBsA==,iv:RZa79OtDS74JErBk/j5wg/p02Rd4zCXLi4LQGffHLmU=,tag:sbsovzFXj3xmDIF+ACwPgQ==,type:str]
discord:
token: ENC[AES256_GCM,data:M6TayHpIa0J1w3zVRKPPU0P/f18UXOpxzU7fjKNCx8YxzSAaQfY52S5XpiqDgjPWfWdSxzG2VVDqu1708Vwofa8IRKwWafam,iv:x0ySoaS68aLRVUcQin096RoeQGRELvNwdFJxezPj/cA=,tag:Omv5uL97y7ZTI8juVJFNug==,type:str]
lastfm:
@@ -119,7 +119,7 @@ sops:
VGZKdHpVeFRpQUxtSEkyaEhLMlBJcGsKLb0DvPNZosPBUuiX6qz1s5IO5INQh8CK
ZtXTVClwMSmaUYhdSB2gKFrKVZHXTJZ4oAL5t/BpC0pOHyr+o96T3Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-02-19T21:23:49Z"
mac: ENC[AES256_GCM,data:Pey0VPpH1lZazbAqHrrwuoEHZL2Pi7uMV/tR8aLGI958JHDxuHZK41YEOsMa+aiOtiJclgRvO8iOb0oDESsVO5hDTCou7/sJe2Epk62lEclTiho+QnjhnEmP2qYcuWfR1PVwk/n/wkPWm+rBsYGH7PpQZeYUznWQaHPZPFNnIPw=,iv:KTe0Quu/MJA17BivQDCTnBi5IAGtq6x0GKaqm4MuUUo=,tag:IPehj8blXzuEr0HN85y4eg==,type:str]
lastmodified: "2026-02-24T08:02:58Z"
mac: ENC[AES256_GCM,data:JzKh6k1nzp2sTDXFG0/bJbBSksCri2WIcXU0C+cyCg6hHzQMsKc36xSRfyrytW8r6rCooJRlC46nPYvFH9JhG/1uIAx4QU/PAvgzEKvXOQi2xXULajpEeCAdmU8TERl3to9JCTAhCbV7oibzOalC6WbVOfhQvqBYWN2JamwCHwc=,iv:oMmpcadFUZT5mdMQ8BzGoKKdpV2PvtaoXhOsKSYUGII=,tag:cdBim93M98OcSNZsmPQ57A==,type:str]
unencrypted_suffix: _unencrypted
version: 3.11.0