atridad/haschel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixed a bunch of warnings now that I have a working linter
All checks were successful
Deploy NixOS / deploy (push) Successful in 33s
Details

Browse Source
This commit is contained in:
Atridad Lahiji
2026-02-23 14:52:59 -07:00
parent eef3cb387c
commit 8a8df0e9f5
8 changed files with 67 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
configuration.nix
View File

@@ -1,4 +1,4 @@
{ config, pkgs, ... }: { pkgs, ... }:
{ {
imports = [ imports = [
@@ -14,7 +14,10 @@
./modules/fail2ban.nix ./modules/fail2ban.nix
]; ];
nix.settings.experimental-features = [ "nix-command" "flakes" ]; nix.settings.experimental-features = [
"nix-command"
"flakes"
];
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
git git

27
hardware-configuration.nix
View File

@@ -1,27 +1,36 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: { lib, modulesPath, ... }:
{ {
imports = imports = [
[ (modulesPath + "/profiles/qemu-guest.nix") (modulesPath + "/profiles/qemu-guest.nix")
]; ];
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" ]; boot.initrd.availableKernelModules = [
"ata_piix"
"uhci_hcd"
"virtio_pci"
"virtio_scsi"
"sd_mod"
];
boot.initrd.kernelModules = [ "dm-snapshot" ]; boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-uuid/7a81e9fe-a727-4979-b63f-209ec593bd1d"; device = "/dev/disk/by-uuid/7a81e9fe-a727-4979-b63f-209ec593bd1d";
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/boot" = fileSystems."/boot" = {
{ device = "/dev/disk/by-uuid/FFAB-FF4F"; device = "/dev/disk/by-uuid/FFAB-FF4F";
fsType = "vfat"; fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ]; options = [
"fmask=0022"
"dmask=0022"
];
}; };
swapDevices = [ ]; swapDevices = [ ];

2
modules/boot.nix
View File

@@ -1,4 +1,4 @@
{ config, pkgs, ... }: { pkgs, ... }:
{ {
boot.loader.grub = { boot.loader.grub = {

2
modules/hardware.nix
View File

@@ -1,4 +1,4 @@
{ config, pkgs, ... }: { ... }:
{ {
hardware.enableRedistributableFirmware = true; hardware.enableRedistributableFirmware = true;

2
modules/locale.nix
View File

@@ -1,4 +1,4 @@
{ config, pkgs, ... }: { ... }:
let let
settings = import ../settings.nix; settings = import ../settings.nix;

34
modules/matrix.nix
View File

@@ -1,4 +1,4 @@
{ config, pkgs, lib, ... }: { pkgs, ... }:
let let
livekitKeyFile = "/run/livekit.key"; livekitKeyFile = "/run/livekit.key";
@@ -12,13 +12,19 @@ in
settings = { settings = {
global = { global = {
server_name = serverName; server_name = serverName;
address = [ "127.0.0.1" "::1" ]; address = [
"127.0.0.1"
"::1"
];
port = [ 6167 ]; port = [ 6167 ];
max_request_size = 104857600; max_request_size = 104857600;
allow_registration = false; allow_registration = false;
allow_encryption = true; allow_encryption = true;
allow_federation = true; allow_federation = true;
trusted_servers = [ "matrix.org" "chat.blahaj.zone" ]; trusted_servers = [
"matrix.org"
"chat.blahaj.zone"
];
ip_range_denylist = [ ip_range_denylist = [
"127.0.0.0/8" "127.0.0.0/8"
"10.0.0.0/8" "10.0.0.0/8"
@@ -98,9 +104,16 @@ in
systemd.services.livekit.requires = [ "acme-${matrixRtcDomain}.service" ]; systemd.services.livekit.requires = [ "acme-${matrixRtcDomain}.service" ];
systemd.services.livekit-key = { systemd.services.livekit-key = {
before = [ "lk-jwt-service.service" "livekit.service" ]; before = [
"lk-jwt-service.service"
"livekit.service"
];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
path = with pkgs; [ livekit coreutils gawk ]; path = with pkgs; [
livekit
coreutils
gawk
];
script = '' script = ''
echo "Key missing, generating key" echo "Key missing, generating key"
echo "lk-jwt-service: $(livekit-server generate-keys | tail -1 | awk '{print $3}')" > "${livekitKeyFile}" echo "lk-jwt-service: $(livekit-server generate-keys | tail -1 | awk '{print $3}')" > "${livekitKeyFile}"
@@ -110,10 +123,17 @@ in
}; };
networking.firewall = { networking.firewall = {
allowedTCPPorts = [ 7880 7881 5349 ]; allowedTCPPorts = [
7880
7881
5349
];
allowedUDPPorts = [ 3478 ]; allowedUDPPorts = [ 3478 ];
allowedUDPPortRanges = [ allowedUDPPortRanges = [
{ from = 50000; to = 60000; } {
from = 50000;
to = 60000;
}
]; ];
}; };
} }

2
modules/services.nix
View File

@@ -1,4 +1,4 @@
{ config, pkgs, ... }: { ... }:
{ {
services.openssh = { services.openssh = {

10
modules/users.nix
View File

@@ -1,4 +1,4 @@
{ config, pkgs, ... }: { ... }:
let let
settings = import ../settings.nix; settings = import ../settings.nix;
@@ -8,10 +8,14 @@ in
isNormalUser = true; isNormalUser = true;
description = settings.userDescription; description = settings.userDescription;
extraGroups = settings.userGroups; extraGroups = settings.userGroups;
openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMuiXQV7+vtLxoyLojnW/Pkt6ScWQs29KPZe8aJVAvvC" ]; openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMuiXQV7+vtLxoyLojnW/Pkt6ScWQs29KPZe8aJVAvvC"
];
}; };
users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMuiXQV7+vtLxoyLojnW/Pkt6ScWQs29KPZe8aJVAvvC" ]; users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMuiXQV7+vtLxoyLojnW/Pkt6ScWQs29KPZe8aJVAvvC"
];
security.sudo.execWheelOnly = true; security.sudo.execWheelOnly = true;
} }