From f23720e1511def6cf974b402b6a7d3a8255f5a7d Mon Sep 17 00:00:00 2001 From: yukkop Date: Sun, 15 Mar 2026 10:59:19 +0000 Subject: [PATCH] feat: `wsl`: some things --- .sops.yaml | 10 +-- nixos/module/hectic/archetype/base.nix | 8 ++- nixos/module/hectic/archetype/dev.nix | 3 +- nixos/module/hectic/program/tmux.nix | 61 +++++++++++++++++++ .../hectic/service}/element-rtc.nix | 18 ++++-- .../bfs => module/hectic/service}/element.nix | 16 ++++- .../bfs => module/hectic/service}/matrix.nix | 29 ++++++--- .../hectic/service}/voice-tune.nix | 29 ++++++--- nixos/system/bfs/bfs.nix | 23 +++---- nixos/system/neuro/neuro.nix | 21 ++++++- nixos/system/wsl/wsl.nix | 4 +- sus/neuro.yaml | 31 +++++----- 12 files changed, 190 insertions(+), 63 deletions(-) create mode 100644 nixos/module/hectic/program/tmux.nix rename nixos/{system/bfs => module/hectic/service}/element-rtc.nix (94%) rename nixos/{system/bfs => module/hectic/service}/element.nix (76%) rename nixos/{system/bfs => module/hectic/service}/matrix.nix (90%) rename nixos/{system/bfs => module/hectic/service}/voice-tune.nix (71%) diff --git a/.sops.yaml b/.sops.yaml index 5321930..9814c09 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,10 +1,10 @@ keys: - - &snuff age1w4hw2ntxrtfqhht63s9lf7nhjxjmdcc927hndn5ygcqqj532qssq4m2m6p - - &yukkop age1r25zdeqq8nac6dgca9en28r57ffyz9u9d8z5yc25gc8xqz747vaqmdtk0h - - &bfs-server age15yzgmsvl3ku2w863h6gw2vpmw37m9aruv6xrj4fue6n2jpm7pyuqk9xjmj + - &snuff age1w4hw2ntxrtfqhht63s9lf7nhjxjmdcc927hndn5ygcqqj532qssq4m2m6p + - &yukkop age1r25zdeqq8nac6dgca9en28r57ffyz9u9d8z5yc25gc8xqz747vaqmdtk0h + - &bfs-server age15yzgmsvl3ku2w863h6gw2vpmw37m9aruv6xrj4fue6n2jpm7pyuqk9xjmj - &bfs-pol-server age1fpytf05sg9n6ywpwkmn09lhpfvgtud9h75h76jhxha475zpnasqq952rpu - - &neuro-server age15yzgmsvl3ku2w863h6gw2vpmw37m9aruv6xrj4fue6n2jpm7pyuqk9xjmj - - &games-server age15yzgmsvl3ku2w863h6gw2vpmw37m9aruv6xrj4fue6n2jpm7pyuqk9xjmj + - &neuro-server age1ak7heljpr0pjr4m0rcwxgn3sp0jjxw03lxyf33r8lcemqh2u2sgqx0aplq + - &games-server age15yzgmsvl3ku2w863h6gw2vpmw37m9aruv6xrj4fue6n2jpm7pyuqk9xjmj creation_rules: - path_regex: sus/home.xray.yaml$ diff --git a/nixos/module/hectic/archetype/base.nix b/nixos/module/hectic/archetype/base.nix index c77bd08..52cc6fc 100644 --- a/nixos/module/hectic/archetype/base.nix +++ b/nixos/module/hectic/archetype/base.nix @@ -17,8 +17,12 @@ in { options.hectic.archetype.base.enable = lib.mkEnableOption "Enable archetupe.dev"; config = lib.mkIf cfg.enable { - programs.zsh.shellAliases = self.lib.sharedShellAliases; - programs.zsh.enable = true; + hectic = { + program.zsh.enable = lib.mkDefault true; + program.tmux.enable = lib.mkDefault true; + program.nixvim.enable = lib.mkDefault true; + }; + users.defaultUserShell = pkgs.zsh; # Enable flakes and new 'nix' command diff --git a/nixos/module/hectic/archetype/dev.nix b/nixos/module/hectic/archetype/dev.nix index b5cee69..a890d15 100644 --- a/nixos/module/hectic/archetype/dev.nix +++ b/nixos/module/hectic/archetype/dev.nix @@ -11,6 +11,7 @@ }: let cfg = config.hectic.archetype.dev; in { + # necessary imports: imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; @@ -19,8 +20,6 @@ in { config = lib.mkIf cfg.enable { hectic.archetype.base.enable = true; - hectic.program.zsh.enable = true; - hectic.program.nixvim.enable = true; services.getty.autologinUser = "root"; diff --git a/nixos/module/hectic/program/tmux.nix b/nixos/module/hectic/program/tmux.nix new file mode 100644 index 0000000..f7ed037 --- /dev/null +++ b/nixos/module/hectic/program/tmux.nix @@ -0,0 +1,61 @@ +{ + inputs, + flake, + self, +}: { + pkgs, + lib, + config, + ... +}: let + cfg = config.hectic.program.tmux; +in { + imports = [ + inputs.home-manager.nixosModules.home-manager + ]; + + options.hectic.program.tmux.enable = lib.mkEnableOption "Enable hectic tmux config"; + + config = lib.mkIf cfg.enable { + programs.tmux.enable = true; + + # alias depends on newSession = true (auto-creates session on attach) + programs.zsh.shellAliases.tmux = "tmux a"; + programs.bash.shellAliases.tmux = "tmux a"; + + home-manager.sharedModules = [ + { + programs.tmux = { + enable = true; + plugins = with pkgs.tmuxPlugins; [ resurrect continuum ]; + keyMode = "vi"; + escapeTime = 500; + historyLimit = 50000; + newSession = true; + extraConfig = '' + # resurrect + set -g @resurrect-strategy-vim 'session' + set -g @resurrect-strategy-nvim 'session' + set -g @resurrect-capture-pane-contents 'on' + + resurrect_dir="$HOME/.tmux/resurrect" + set -g @resurrect-dir $resurrect_dir + set -g @resurrect-hook-post-save-all 'target=$(readlink -f $resurrect_dir/last); sed "s| --cmd .*-vim-pack-dir||g; s|/etc/profiles/per-user/$USER/bin/||g; s|/home/$USER/.nix-profile/bin/||g" $target | sponge $target' + + # continuum + set -g @continuum-restore 'on' + set -g @continuum-boot 'on' + set -g @continuum-save-interval '10' + + bind-key -T copy-mode-vi v send-keys -X begin-selection + bind-key -T copy-mode-vi C-v send-keys -X rectangle-toggle + + bind-key O select-pane -t :.- + ''; + }; + } + ]; + + home-manager.users.root.home.stateVersion = lib.mkDefault "25.05"; + }; +} diff --git a/nixos/system/bfs/element-rtc.nix b/nixos/module/hectic/service/element-rtc.nix similarity index 94% rename from nixos/system/bfs/element-rtc.nix rename to nixos/module/hectic/service/element-rtc.nix index 742a718..2a4f152 100644 --- a/nixos/system/bfs/element-rtc.nix +++ b/nixos/module/hectic/service/element-rtc.nix @@ -1,7 +1,17 @@ -{ pkgs, lib, config, ... }: let - cfg = config.currentServer.matrix; +{ + inputs, + flake, + self, +}: +{ + pkgs, + lib, + config, + ... +}: let + cfg = config.hectic.services.matrix; in { - config = let + config = lib.mkIf cfg.enable (let keyFile = "/run/livekit.key"; in { services.livekit = { @@ -94,5 +104,5 @@ in { 7881 ]; }; - }; + }); } diff --git a/nixos/system/bfs/element.nix b/nixos/module/hectic/service/element.nix similarity index 76% rename from nixos/system/bfs/element.nix rename to nixos/module/hectic/service/element.nix index cdcf438..cf29873 100644 --- a/nixos/system/bfs/element.nix +++ b/nixos/module/hectic/service/element.nix @@ -1,7 +1,17 @@ -{ config, lib, pkgs, ... }: let - cfg = config.currentServer.matrix; +{ + inputs, + flake, + self, +}: +{ + pkgs, + lib, + config, + ... +}: let + cfg = config.hectic.services.matrix; in { - config = { + config = lib.mkIf cfg.enable { services.nginx.virtualHosts."element.${cfg.matrixDomain}" = { enableACME = true; forceSSL = true; diff --git a/nixos/system/bfs/matrix.nix b/nixos/module/hectic/service/matrix.nix similarity index 90% rename from nixos/system/bfs/matrix.nix rename to nixos/module/hectic/service/matrix.nix index 78bbe27..faff1a0 100644 --- a/nixos/system/bfs/matrix.nix +++ b/nixos/module/hectic/service/matrix.nix @@ -1,8 +1,19 @@ -{ pkgs, lib, config, ... }: let - cfg = config.currentServer.matrix; +{ + inputs, + flake, + self, +}: +{ + pkgs, + lib, + config, + ... +}: let + cfg = config.hectic.services.matrix; in { options = { - currentServer.matrix = { + hectic.services.matrix = { + enable = lib.mkEnableOption "Matrix Synapse homeserver with PostgreSQL and nginx"; secretsFile = lib.mkOption { type = lib.types.path; description = '' @@ -40,7 +51,7 @@ in { }; }; }; - config = { + config = lib.mkIf cfg.enable { services.matrix-synapse = { enable = true; settings = { @@ -53,17 +64,17 @@ in { type = "http"; tls = false; resources = [ - { - names = [ - "client" + { + names = [ + "client" # Ability speak between different matrix servers and get # global id, requires .well-known "federation" ]; - compress = false; + compress = false; } ]; - } + } ]; enable_registration = true; diff --git a/nixos/system/bfs/voice-tune.nix b/nixos/module/hectic/service/voice-tune.nix similarity index 71% rename from nixos/system/bfs/voice-tune.nix rename to nixos/module/hectic/service/voice-tune.nix index ed415db..671aea5 100644 --- a/nixos/system/bfs/voice-tune.nix +++ b/nixos/module/hectic/service/voice-tune.nix @@ -1,9 +1,17 @@ -{ lib, config, ... }: let - cfg = config.currentServer.matrix; - shared_secret = "secret"; +{ + inputs, + flake, + self, +}: +{ + lib, + config, + ... +}: let + cfg = config.hectic.services.matrix; in { options = { - currentServer.matrix = { + hectic.services.matrix = { turnSecretFile = lib.mkOption { type = lib.types.path; description = '' @@ -12,9 +20,16 @@ in { just raw secret ''; }; + publicIp = lib.mkOption { + type = lib.types.str; + description = '' + public IP address of the server, used by coturn for + listening and relay + ''; + }; }; }; - config = { + config = lib.mkIf cfg.enable { services.coturn = rec { enable = true; realm = cfg.matrixDomain; @@ -22,9 +37,9 @@ in { static-auth-secret-file = cfg.turnSecretFile; cert = "${config.security.acme.certs.${realm}.directory}/full.pem"; pkey = "${config.security.acme.certs.${realm}.directory}/key.pem"; - listening-ips = ["188.137.254.58"]; + listening-ips = [cfg.publicIp]; no-tcp-relay = true; - relay-ips = ["188.137.254.58"]; + relay-ips = [cfg.publicIp]; listening-port = 3478; tls-listening-port = 5349; no-cli = true; diff --git a/nixos/system/bfs/bfs.nix b/nixos/system/bfs/bfs.nix index 0df2ab4..dfdc80f 100644 --- a/nixos/system/bfs/bfs.nix +++ b/nixos/system/bfs/bfs.nix @@ -10,7 +10,6 @@ ... }: let xrayPort = 10086; - matrixDomain = "accord.tube"; in { # TODO: # white list @@ -21,22 +20,18 @@ in { imports = [ self.nixosModules.hectic inputs.sops-nix.nixosModules.sops - #./voice-tune.nix - #./matrix.nix - #./element-rtc.nix - #./element.nix ]; - #currentServer = { - # matrix = { - # secretsFile = config.sops.secrets."matrix/secrets".path; - # turnSecretFile = config.sops.secrets."matrix/turn-secret".path; - # postgresql = { - # port = 5432; - # initialEnvFile = config.sops.secrets."init-postgresql".path; - # }; - # matrixDomain = "accord.tube"; + #hectic.services.matrix = { + # enable = true; + # secretsFile = config.sops.secrets."matrix/secrets".path; + # turnSecretFile = config.sops.secrets."matrix/turn-secret".path; + # publicIp = "188.137.254.58"; + # postgresql = { + # port = 5432; + # initialEnvFile = config.sops.secrets."init-postgresql".path; # }; + # matrixDomain = "accord.tube"; #}; services.xray = { diff --git a/nixos/system/neuro/neuro.nix b/nixos/system/neuro/neuro.nix index 9bea8c5..b75edc9 100644 --- a/nixos/system/neuro/neuro.nix +++ b/nixos/system/neuro/neuro.nix @@ -51,6 +51,17 @@ # }; # }; + hectic.services.matrix = { + enable = true; + secretsFile = config.sops.secrets."matrix/secrets".path; + turnSecretFile = config.sops.secrets."matrix/turn-secret".path; + postgresql = { + port = 5432; + initialEnvFile = config.sops.secrets."init-postgresql".path; + }; + matrixDomain = "accord.tube"; + }; + networking = { networkmanager.enable = true; useDHCP = lib.mkDefault true; @@ -78,6 +89,14 @@ gnupg.sshKeyPaths = [ ]; age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; defaultSopsFile = ../../../sus/neuro.yaml; + + secrets."init-postgresql" = {}; + secrets."matrix/secrets" = {}; + secrets."matrix/turn-secret" = { + owner = "turnserver"; + group = "turnserver"; + mode = "0400"; + }; }; boot.loader.systemd-boot.enable = true; @@ -128,7 +147,7 @@ hectic.py3-openai-shap-e # Uncomment when needed; depends on torch ]); in [ - python-ai + #python-ai git neovim wget diff --git a/nixos/system/wsl/wsl.nix b/nixos/system/wsl/wsl.nix index 4fd995a..d748d7e 100644 --- a/nixos/system/wsl/wsl.nix +++ b/nixos/system/wsl/wsl.nix @@ -14,8 +14,6 @@ hectic = { archetype.base.enable = true; - program.zsh.enable = true; - program.nixvim.enable = true; user.yukkop.enable = true; }; @@ -84,6 +82,8 @@ nrs = "sudo nixos-rebuild switch --flake /home/yukkop/pj/util.nix#wsl"; }; + users.users.yukkop.shell = pkgs.zsh; + # WSL: keep imperative stateVersion in the system module system.stateVersion = "25.05"; } diff --git a/sus/neuro.yaml b/sus/neuro.yaml index 592274a..ebf1e02 100644 --- a/sus/neuro.yaml +++ b/sus/neuro.yaml @@ -1,25 +1,28 @@ -wifi-env: ENC[AES256_GCM,data:omeOzokH2ON9tCvWdEAAooVWe1I2,iv:A3J+5iDymR88xwnJNEEVydfiNjnSE1nyx/rBS2xdjQ4=,tag:TFcu2vtVOLG8Vdft3YRvww==,type:str] +init-postgresql: ENC[AES256_GCM,data:JUoZk/A3b3xCDWPKt08Uy7PjSmBd3BQqn+uymiBKTA7RLLMTsLxY+CuDRSCobUWN/Xf1eDG+CLaUESvflu4=,iv:miVa2ptLmB4fSz8UPivZbGODaHaTuU8AbQgiLpzn5os=,tag:P8Ww+w24GHuEnXJSsYe23w==,type:str] +matrix: + secrets: ENC[AES256_GCM,data:vL5opJTCzQMQwhxGZm1a2K4lTFySYHAj92EW4JQSKpt3yWQAu3QHLHdt9YGOvb9/c/0APouoc+NeYWKNC5oYcih2H8z4wGfYPImn+bH7OCzr/fAGNxgOlG27cWRbkzkIpbNE7qtll0GPpEL+BsdAklzbZcgMp9s2LvQKYEovrWronBksuTI5sbOtZtoAY40yuYmnuH/Sjp+6az9KlX3fuCrb/HF6UUsPoRz98cYVPcpGiNImb64WwPGUkvDemDzKSLHB9ClUMLWuWJHumameMAKE236bz+Jqlrz5rVhbL9E1oadyw1JgQWlgeA3axKw3Ju+sThalwxQXiW3pZJPGFAmwOoNY6LiH4WBkXnfPlTY7m5f/+6FjFALUFTKHWr+iZ3S1ykUrwJGxCsK6ARBUH7U1CY6fU+fLRxjuyDogGpe7O+TcntxCKHqB/UpNjX1BDbpakOoa,iv:JR2pVrakbhDakRQDC2dfdtB1C2HneJcAtFuHClTw5gU=,tag:OYQYO22o6eKpyMrfZ/VmvA==,type:str] + turn-secret: ENC[AES256_GCM,data:d2KxHlbeE1dehmbWy9KLKCT6UuC3bu7LaOeEQTIRTSk/etMpNL9gv2rHBmKQ/35en30PIjsAbQr3nMHLuI6uDA==,iv:Cjyb6LfdVbmlKqO16Cn7jSEy2j/7+xAz1y9UJjcpiuo=,tag:pX6RdGMxWLdP5QzqmS4tow==,type:str] sops: age: - recipient: age1r25zdeqq8nac6dgca9en28r57ffyz9u9d8z5yc25gc8xqz747vaqmdtk0h enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3c0FJa3p4TTlFRk01Y2U4 - a2FOWS8rYy9pSzVvNnFvdU1aYkF0QTUwakFZCks4cG9PdE14cVdXa0M3SCtCQWpS - UEc1TVhVc1JBdTJQb0NiWitxRmkrZ2cKLS0tIFhOOUg5THozUHZMZmYzeDlpZE0x - WFhVWWVuUVVXYzhwTWtzamFmSGc5L1kKmkEV+PRreL39DPLDqpiVq18n3DNUZbye - G+GU1Uryll85az9juzztvlyhJxcUnJk1L1HUpfFfONR+ph4VgbC7OA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoanBQUU1tTlR4ZVZzUVpa + c0dIdkFFRmEzTEpDNXZjK2djMkxuaEJtUkRVCmwyWHJOb0Z2Mmk3UDVNOFlsZHRR + TEs4UDUyRURVNlMva0lYN25zTllWNFkKLS0tIEhNbDRPWXJZWXpkR0twUzJpNWJD + UDZLOVVZQkVENnVTeC9VOWQxVTBkVmcKvaoshlHl5ZQ+d/g1jYQvqBw/SucNlpHz + RM3gU0wGOCwtQ1HeX9D5XQUDTO3T+ooao5aaU5zDN3WzBBvFNua2Jg== -----END AGE ENCRYPTED FILE----- - - recipient: age15yzgmsvl3ku2w863h6gw2vpmw37m9aruv6xrj4fue6n2jpm7pyuqk9xjmj + - recipient: age1ak7heljpr0pjr4m0rcwxgn3sp0jjxw03lxyf33r8lcemqh2u2sgqx0aplq enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOM2QxMFNyaGZuWS91MFpD - WUczU3lDbjZiSUpkcC94QW5XdkIvVnBYdzAwCjZqQmRldWFEUUJ6NDBIY2hDeEpv - QjYwRmhNaUNFMzV0V0FRYnVDSllKNncKLS0tIFdYSmNpV1Axb0JsRC9ka2FzdFNp - K3Z0eTVZT0FYTzhiUHUwMnF5NFJxY1kKvPpfuE+3zCs0RnxXLSeuZb11670D7bVT - VObBGfwKYxsjIQBIlzmWZ90oEI874dLjXgvdC0rRexbWQvjEf0bGtw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYSXhSSGlLbGdTUkpHbXdm + Q1B0Y2tVR1M0Zk5IaFlLeVlZU01WN2lZYkJ3CjFHakt3eGNnR2JySkQ3Mzh6NnNX + ajVwK0tNYVRhVC9YNW9YdFJuMHJjaGMKLS0tIEJBU29PVUZrSWNwbFBId1I0dUUr + YWNZWGhKNnF6VUNsYnB6UlZFeis0dGsKVFEdSbZdnJhFrUTFrrXza43GcoCk/6m2 + 2qQyFPc/cQQ2xB7ygLfNDK4xKDkvEbKmmwAIttnDbX13qIWWxvblZw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-12-26T08:50:00Z" - mac: ENC[AES256_GCM,data:7y0VzBoWg2nP6QIOl9xGt+g22r2m/KSJ2ePKTLDDreSieVvEnv5ObwqzS84LyAzw6p9smmvZxiR3BxJrmrdXtoSaFufFgltJ9r41ftYTVSiiCcJXACwAnRX3LIYbooZk48kRqwV68n4+frmuH4oeBWqfwaONV2v2F8TuTJejJIg=,iv:PHqEWTN8dAoUR/Pb2HTGs2Pz96vCgdP5d622fmQC2RM=,tag:MWswXZbSpqDFJ+ZvFQ3jig==,type:str] + lastmodified: "2026-03-02T20:48:15Z" + mac: ENC[AES256_GCM,data:PYuxQRG0VIq6XmsdiH6JeC9XPPE084/keH7j/Os9qCtBZRP2b4d8yUcIFPYXpP3G9uLS55YvAOWMw9zlxpG2QM/TNwRxJ/3kziaA9sB6uA3o1DDxfhwZFiRcB5sGPB5Sh8bHYMMdk/s3KcipJ7FdSYrNn+/dGguDGAlSyruEMME=,iv:MJlGblf/VHvAr3jGRVvt0Nvr2hHRK724PiZ0wqdBtDY=,tag:Pg5mbqLG/nlvuS7Yse9iFg==,type:str] unencrypted_suffix: _unencrypted version: 3.10.2