c

initial ntfy stuff - UNTESTED
2025-01-12 10:17:27 +02:00 · 2025-01-12 10:16:13 +02:00
21 changed files with 177 additions and 904 deletions
--- a/adyya-pkgs/adyya_pkgs.mod.nix
+++ b/adyya-pkgs/adyya_pkgs.mod.nix
@ -54,21 +54,17 @@
        ];
      }
    )
-  ];
-  fructose.modules = [
+    /*
      ({
-      pkgs,
-      lib,
-      ...
-    }: {
      nixpkgs.overlays = [
        (final: prev: {
          gts = final.callPackage ./gts.nix {};
        })
      ];
    })
+    */
+    # not needed right now. One: gts is now on fructose Two: The latest version of gts is now on nixpkgs
  ];
-
  personal.modules = [
    {
      nixpkgs.overlays = [
--- a/adyya-pkgs/gts.nix
+++ b/adyya-pkgs/gts.nix
@ -8,11 +8,11 @@
  owner = "superseriousbusiness";
  repo = "gotosocial";

-  version = "0.17.4";
+  version = "0.17.3";

  web-assets = fetchurl {
    url = "https://github.com/${owner}/${repo}/releases/download/v${version}/${repo}_${version}_web-assets.tar.gz";
-    hash = "sha256-esip1xGB0NroYRlKLNEs/o3J2G2nQyOIZTdDpVuY5Ag=";
+    hash = "sha256-85CmcWjcX8a+hZxkyRTfXErmkIx64R2scaaS2Fpf668=";
  };
 in
  buildGoModule rec {
@ -22,7 +22,7 @@ in
    src = fetchFromGitHub {
      inherit owner repo;
      rev = "refs/tags/v${version}";
-      hash = "sha256-OikJkTc2UK74eGy8AjEAk8cyRL57QReM0J6tXr9EAjw=";
+      hash = "sha256-ql0tDaMc/1NgsLUpPHZB6GoXJj9DwUpadTX3AYufR/o=";
    };

    vendorHash = null;
--- a/apps.mod.nix
+++ b/apps.mod.nix
@ -42,11 +42,6 @@
    (
      {pkgs, ...}: {
        users.users.emv.extraGroups = ["video"];
-        nixpkgs.config.permittedInsecurePackages = [
-          "fluffychat-linux-1.23.0" # it uses an insecure implementation of olm. but the devs are allegedly trying to move to vodozemac (which is an implementation that is not (at least publically announced as) insecure) . Using it instead of element because 1) i don't think the vulnerability is very relevant to our current threat model (as far as we're aware, it requires network or even hardware access, at which point you can already beat me with a baseball bat) and 2) out of the desktop clients, this seems to be one of the only ones with proper multi-account support??
-          "olm-3.2.16" # tbh i still find it funny that a cryptographic library with a vuln known for several years before this is still used.
-          # "Note that these are not cryptographically secure implementations. They have no resistence to side-channel attacks and should not be used in contexts that need cryptographically secure implementations. These algorithms are not optimized for speed or space. They are primarily designed to be easy to read, although some basic optimization techniques have been employed."
-        ];
      }
    )
  ];
@ -59,11 +54,8 @@
          vlc
          signal-desktop
          discord
-          element-desktop
-          fluffychat
          obsidian
          mumble
-          wasistlos # this is just whatsapp
          #  calibre # still borked apparently, what the hell # still!!!
          libreoffice
        ];
--- a/cluster/virtualisation.mod.nix
+++ b/cluster/virtualisation.mod.nix
@ -18,7 +18,7 @@
          containers.enable = true;
          podman = {
            enable = true;
-            dockerCompat = true;
+            dockerCompat = false;
            defaultNetwork.settings.dns_enabled = config.networking.hostName == "glucose"; # TODO: fix this stupid shit ssometime -e
          };
          oci-containers.backend = "podman";
--- a/dev.mod.nix
+++ b/dev.mod.nix
@ -29,17 +29,16 @@
        programs.vscode = {
          enable = true;
          package = pkgs.vscodium;
-          mutableExtensionsDir = false; # turning this one makes it not build.
+          mutableExtensionsDir = false;
          extensions = with pkgs.vscode-extensions; [
            rust-lang.rust-analyzer
            tuttieee.emacs-mcx
            tamasfe.even-better-toml
-            #   vadimcn.vscode-lldb# currently doesn't work
+            vadimcn.vscode-lldb
            jnoortheen.nix-ide
            mkhl.direnv
            matthewpi.caddyfile-support
            vue.volar
-            zxh404.vscode-proto3
          ];
        };
      }
--- a/emacs.mod.nix
+++ b/emacs.mod.nix
@ -12,7 +12,6 @@
            epkgs.auctex # latex
            epkgs.preview-dvisvgm # in-line latex preview
            epkgs.latex-preview-pane
-            epkgs.good-scroll
            epkgs.pdf-tools
            epkgs.obsidian
            epkgs.hydra # should be fun
@ -63,9 +62,6 @@

            ;; obsidian hydra
            (bind-key (kbd "C-c M-o") 'obsidian-hydra/body 'obsidian-mode-map)
-
-            ;; pixel scrolling
-            (good-scroll-mode 1)
          '';
        };
      }
--- a/flake.lock
+++ b/flake.lock
--- a/flake.nix
+++ b/flake.nix
@ -3,7 +3,7 @@

  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
-    nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-24.11";
+    nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-24.05";

    home-manager.url = "github:nix-community/home-manager";
    home-manager.inputs.nixpkgs.follows = "nixpkgs";
@ -21,7 +21,7 @@

    vscode-server.url = "github:nix-community/nixos-vscode-server";

-    conduwuit.url = "github:girlbossceo/conduwuit";
+    #niri.url = "github:sodiboo/niri-flake";
  };

  outputs = {
--- a/fonts.mod.nix
+++ b/fonts.mod.nix
@ -3,9 +3,6 @@
    (
      {pkgs, ...}: {
        fonts.packages = with pkgs; [
-          noto-fonts
-          noto-fonts-cjk-sans
-          noto-fonts-emoji
          dina-font
          wqy_zenhei # this is so that hanzi doesn't look like pixel art
          nerd-fonts.noto
--- a/games.mod.nix
+++ b/games.mod.nix
@ -19,8 +19,6 @@
          lutris
          bottles
          heroic
-          prismlauncher
-          atlauncher
          r2modman
        ];
        programs.mangohud.enable = true;
--- a/hardware.mod.nix
+++ b/hardware.mod.nix
@ -80,7 +80,6 @@ in
        boot.kernelModules = [
          "usbmon"
          "v4l2loopback"
-          "snd-aloop"
        ];
        boot.extraModulePackages = [];
      }
--- a/nerd.mod.nix
+++ b/nerd.mod.nix
@ -3,12 +3,12 @@
    (
      {pkgs, ...}: {
        home.packages = with pkgs; [
-          #  geogebra6 # geogebra5 currently does not work?
+          geogebra6 # geogebra5 currently does not work?
          gimp
          chemtool
          avogadro2
        ];
-        #  programs.sagemath.enable = true;
+        programs.sagemath.enable = true;
      }
    )
  ];
--- a/networking/firewall.mod.nix
+++ b/networking/firewall.mod.nix
@ -37,13 +37,11 @@
          64738 # murmur tcp
          6700 # grafana web
          6750 # prometheus
-          7893 # matrix/conduwuit
        ];
        allowedUDPPorts = [
          64738 # murmur udp
          6700 # grafana web
          6750 # prometheus data ap
-          7893 # matrix/conduwuit
        ];
      };
    }
@ -57,7 +55,6 @@
          80 # http
          222 # forgejo ssh
          443 # https
-          8448 # matrix/conduwuit port, i think ?
          64738 # murmur tcp
        ];
        interfaces.eth0.allowedUDPPorts = [
--- a/nix.mod.nix
+++ b/nix.mod.nix
@ -127,12 +127,6 @@ in {
        nix.settings.trusted-users = ["remote-builder"];
      }
    )
-    {
-      nix.settings = {
-        substituters = ["https://cache.nixos.org?priority=3"];
-        trusted-public-keys = ["cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="];
-      };
-    }
    (
      {
        config,
@ -146,18 +140,11 @@ in {
        )
        {
          nix.settings = {
-            substituters = ["https://cache.collective-conciousness.monster?priority=1"];
+            substituters = ["https://cache.collective-conciousness.monster"];
            trusted-public-keys = ["adyya-flake:PAbC0hnAiNj/kHcm9wIykmKIf25FDeXB6JusqlX2ghs="];
          };
        }
    )
-    {
-      nix.settings = {
-        # binary caches for conduwuit
-        substituters = ["https://attic.kennel.juneis.dog/conduit?priority=5" "https://attic.kennel.juneis.dog/conduwuit?priority=7"];
-        trusted-public-keys = ["conduit:eEKoUwlQGDdYmAI/Q/0slVlegqh/QmAvQd7HBSm21Wk=" "conduwuit:BbycGUgTISsltcmH0qNjFR9dbrQNYgdIAcmViSGoVTE="];
-      };
-    }
  ];
  personal.modules = [
    {
--- a/peripherals.mod.nix
+++ b/peripherals.mod.nix
@ -7,14 +7,5 @@
        services.udev.packages = [pkgs.android-udev-rules];
      }
    )
-    ({
-      pkgs,
-      lib,
-      config,
-      ...
-    }: {
-      programs.droidcam.enable = true;
-      environment.systemPackages = [pkgs.droidcam];
-    })
  ];
 }
--- a/services/caddy/Caddyfile
+++ b/services/caddy/Caddyfile
@ -14,15 +14,11 @@
    }
 }

-https://collective-conciousness.monster, http://collective-conciousness.monster {
+https://collective-conciousness.monster {
    encode zstd gzip
    header {
        Strict-Transport-Security "max-age=31536001; includeSubdomains; preload"
    }
-
-	reverse_proxy /_matrix* 10.24.1.4:7893 # allegedly this might not be needed, but it doesn't seem to hurt so
-	respond /.well-known/matrix/server "{\"m.server\": \"matrix.collective-conciousness.monster:443\"}"
-
    root * /var/www/public
    file_server {
        precompressed zstd br gzip
@ -60,6 +56,15 @@ https://grf.collective-conciousness.monster {
    reverse_proxy 10.24.1.4:6700
 }

-http://matrix.collective-conciousness.monster, https://matrix.collective-conciousness.monster, matrix.collective-conciousness.monster, matrix.collective-conciousness.monster:8448, collective-conciousness.monster:8448 {
-	reverse_proxy 10.24.1.4:7893
+ntfy.collective-conciousness.monster {
+    encode zstd gzip
+
+    reverse_proxy 10.24.1.4:32984
+
+    @httpget {
+        protocol http
+        method GET
+        path_regexp ^/([-_a-z0-9]{0,64}$|docs/|static/)
+    }
+    redir @httpget https://{host}{uri}
 }
--- a/services/monitoring/prometheus.mod.nix
+++ b/services/monitoring/prometheus.mod.nix
@ -7,7 +7,7 @@
          enabledCollectors = ["systemd"];
          port = 6703;
        };
-        varnish.enable = false; # this currently throws an error. boo-hoo
+        varnish.enable = true;
      };
    }
  ];
--- a/services/social/conduwuit.mod.nix
+++ b/services/social/conduwuit.mod.nix
@ -1,27 +0,0 @@
-{conduwuit, ...}: {
-  glucose.modules = [
-    ({
-      lib,
-      config,
-      ...
-    }: {
-      services.conduwuit = {
-        enable = true;
-        package = conduwuit.packages.x86_64-linux.default;
-        settings.global = {
-          server_name = "collective-conciousness.monster";
-          max_request_size = 1024 * 1024 * 1024;
-          address = ["0.0.0.0"];
-          port = [7893];
-          /*
-           well-known = {
-            client = "https://matrix.collective-conciousness.monster";
-            server = "collective-conciousness.monster:8448";
-          };
-          */
-          #  database_path = lib.mkForce "/var/services/conduwuit/";
-        };
-      };
-    })
-  ];
-}
--- a/services/social/ntfy.mod.nix
+++ b/services/social/ntfy.mod.nix
@ -0,0 +1,21 @@
+{
+  glucose.modules = [
+    {
+      services.ntfy-sh = {
+        enable = true;
+        settings = {
+          base-url = "https://ntfy.collective-conciousness.monster";
+          behind-proxy = true;
+          enable-singup = false;
+          enable-login = true;
+          enable-reservations = true;
+          listen-http = ":32984";
+          attachment-cache-dir = "/var/services/ntfy/attachments";
+          cache-file = "/var/services/ntfy/cache.db";
+          auth-default-access = "write-only";
+          auth-file = "/var/services/ntfy/auth.db";
+        };
+      };
+    }
+  ];
+}
--- a/sway.mod.nix
+++ b/sway.mod.nix
@ -110,7 +110,7 @@

            ### TODO : Resize mode and automatic floating
            assigns = {
-              "1:说" = [{title = "^Signal$|Discord$|FluffyChat$";}];
+              "1:说" = [{title = "^Signal$|Discord$";}];
              "2:main" = [{title = "VSCodium$";}];
              "3:browsing" = [{title = "LibreWolf$";}];
              "4:misc" = [];
@ -123,12 +123,11 @@
            };

            /*
-               # commented out as they're automagically handled by stylix
            colors = {
              # should probably use a let ... in ... here
              background = "#212121";
              focused = {
-                border = "#2b83a6";
+               # border = "#2b83a6"; # test to see if stylix does magic
                background = "#2b83a6";
                text = "#ffffff";
                indicator = "#dddddd";
--- a/tex.mod.nix
+++ b/tex.mod.nix
@ -12,20 +12,16 @@
              dvisvgm
              dvipng # in-place output
              wrapfig
-              amsmath # METH - I MEAN MATH !!!
+              amsmath
              ulem
              hyperref
              capt-of
              etoolbox # various for the default config from emacs
              latex-uni8
              mlmodern # annoying font stuff
-              asymptote # image things
+              asymptote
              systeme
              xstring
-              tikzfill # dependency of tcolorbox
-              pdfcol #
-              pdfcolfoot # dependencies of tcolorbox
-              tcolorbox # fancy color environments !!!
              ;
            #(setq org-latex-compiler "pdflatex")
            #(setq org-preview-latex-default-process "dvisvgm")
Author	SHA1	Message	Date
Ittihadyya	6eb6fbd51e	c Some checks failed / Check formatting (push) Has been cancelled Details	2025-01-12 10:17:27 +02:00
Ittihadyya	a63e4987c3	initial ntfy stuff - UNTESTED	2025-01-12 10:16:13 +02:00