feat: wsl: some things

2026-03-15 10:59:19 +00:00
parent b9730784ba
commit f23720e151
12 changed files with 190 additions and 63 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -3,7 +3,7 @@ keys:
  - &yukkop         age1r25zdeqq8nac6dgca9en28r57ffyz9u9d8z5yc25gc8xqz747vaqmdtk0h
  - &bfs-server     age15yzgmsvl3ku2w863h6gw2vpmw37m9aruv6xrj4fue6n2jpm7pyuqk9xjmj
  - &bfs-pol-server age1fpytf05sg9n6ywpwkmn09lhpfvgtud9h75h76jhxha475zpnasqq952rpu
-  - &neuro-server age15yzgmsvl3ku2w863h6gw2vpmw37m9aruv6xrj4fue6n2jpm7pyuqk9xjmj
+  - &neuro-server   age1ak7heljpr0pjr4m0rcwxgn3sp0jjxw03lxyf33r8lcemqh2u2sgqx0aplq
  - &games-server   age15yzgmsvl3ku2w863h6gw2vpmw37m9aruv6xrj4fue6n2jpm7pyuqk9xjmj

 creation_rules:
--- a/nixos/module/hectic/archetype/base.nix
+++ b/nixos/module/hectic/archetype/base.nix
@@ -17,8 +17,12 @@ in {
  options.hectic.archetype.base.enable = lib.mkEnableOption "Enable archetupe.dev";

  config = lib.mkIf cfg.enable {
-    programs.zsh.shellAliases = self.lib.sharedShellAliases;
-    programs.zsh.enable = true;
+    hectic = {
+      program.zsh.enable    = lib.mkDefault true;
+      program.tmux.enable   = lib.mkDefault true;
+      program.nixvim.enable = lib.mkDefault true;
+    };
+
    users.defaultUserShell = pkgs.zsh;

    # Enable flakes and new 'nix' command
--- a/nixos/module/hectic/archetype/dev.nix
+++ b/nixos/module/hectic/archetype/dev.nix
@@ -11,6 +11,7 @@
 }: let
  cfg = config.hectic.archetype.dev;
 in {
+  # necessary imports:
  imports = [
    (modulesPath + "/profiles/qemu-guest.nix")
  ];
@@ -19,8 +20,6 @@ in {

  config = lib.mkIf cfg.enable {
    hectic.archetype.base.enable = true;
-    hectic.program.zsh.enable    = true;
-    hectic.program.nixvim.enable = true;

    services.getty.autologinUser = "root";

--- a/nixos/module/hectic/program/tmux.nix
+++ b/nixos/module/hectic/program/tmux.nix
@@ -0,0 +1,61 @@
+{
+  inputs,
+  flake,
+  self,
+}: {
+  pkgs,
+  lib,
+  config,
+  ...
+}: let
+  cfg = config.hectic.program.tmux;
+in {
+  imports = [
+    inputs.home-manager.nixosModules.home-manager
+  ];
+
+  options.hectic.program.tmux.enable = lib.mkEnableOption "Enable hectic tmux config";
+
+  config = lib.mkIf cfg.enable {
+    programs.tmux.enable = true;
+
+    # alias depends on newSession = true (auto-creates session on attach)
+    programs.zsh.shellAliases.tmux = "tmux a";
+    programs.bash.shellAliases.tmux = "tmux a";
+
+    home-manager.sharedModules = [
+      {
+        programs.tmux = {
+          enable = true;
+          plugins = with pkgs.tmuxPlugins; [ resurrect continuum ];
+          keyMode = "vi";
+          escapeTime = 500;
+          historyLimit = 50000;
+          newSession = true;
+          extraConfig = ''
+            # resurrect
+            set -g @resurrect-strategy-vim 'session'
+            set -g @resurrect-strategy-nvim 'session'
+            set -g @resurrect-capture-pane-contents 'on'
+
+            resurrect_dir="$HOME/.tmux/resurrect"
+            set -g @resurrect-dir $resurrect_dir
+            set -g @resurrect-hook-post-save-all 'target=$(readlink -f $resurrect_dir/last); sed "s| --cmd .*-vim-pack-dir||g; s|/etc/profiles/per-user/$USER/bin/||g; s|/home/$USER/.nix-profile/bin/||g" $target | sponge $target'
+
+            # continuum
+            set -g @continuum-restore 'on'
+            set -g @continuum-boot 'on'
+            set -g @continuum-save-interval '10'
+
+            bind-key    -T copy-mode-vi v                  send-keys -X begin-selection
+            bind-key    -T copy-mode-vi C-v                send-keys -X rectangle-toggle
+
+            bind-key O select-pane -t :.-
+          '';
+        };
+      }
+    ];
+
+    home-manager.users.root.home.stateVersion = lib.mkDefault "25.05";
+  };
+}
--- a/nixos/module/hectic/service/element-rtc.nix
+++ b/nixos/module/hectic/service/element-rtc.nix
@@ -1,7 +1,17 @@
-{ pkgs, lib, config, ... }: let
-  cfg = config.currentServer.matrix;
+{
+  inputs,
+  flake,
+  self,
+}:
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}: let
+  cfg = config.hectic.services.matrix;
 in {
-  config  = let 
+  config = lib.mkIf cfg.enable (let
    keyFile = "/run/livekit.key";
  in {
    services.livekit = {
@@ -94,5 +104,5 @@ in {
        7881
      ];
    };
-  };
+  });
 }
--- a/nixos/module/hectic/service/element.nix
+++ b/nixos/module/hectic/service/element.nix
@@ -1,7 +1,17 @@
-{ config, lib, pkgs, ... }: let
-  cfg = config.currentServer.matrix;
+{
+  inputs,
+  flake,
+  self,
+}:
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}: let
+  cfg = config.hectic.services.matrix;
 in {
-  config = {
+  config = lib.mkIf cfg.enable {
    services.nginx.virtualHosts."element.${cfg.matrixDomain}" = {
      enableACME = true;
      forceSSL = true;
--- a/nixos/module/hectic/service/matrix.nix
+++ b/nixos/module/hectic/service/matrix.nix
@@ -1,8 +1,19 @@
-{ pkgs, lib, config, ... }: let
-  cfg = config.currentServer.matrix;
+{
+  inputs,
+  flake,
+  self,
+}:
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}: let
+  cfg = config.hectic.services.matrix;
 in {
  options = {
-    currentServer.matrix = {
+    hectic.services.matrix = {
+      enable = lib.mkEnableOption "Matrix Synapse homeserver with PostgreSQL and nginx";
      secretsFile = lib.mkOption {
        type = lib.types.path;
        description = ''
@@ -40,7 +51,7 @@ in {
      };
    };
  };
-  config  = {
+  config = lib.mkIf cfg.enable {
    services.matrix-synapse = {
      enable = true;
      settings = {
--- a/nixos/module/hectic/service/voice-tune.nix
+++ b/nixos/module/hectic/service/voice-tune.nix
@@ -1,9 +1,17 @@
-{ lib, config, ... }: let
-  cfg = config.currentServer.matrix;
-  shared_secret = "secret";
+{
+  inputs,
+  flake,
+  self,
+}:
+{
+  lib,
+  config,
+  ...
+}: let
+  cfg = config.hectic.services.matrix;
 in {
  options = {
-    currentServer.matrix = {
+    hectic.services.matrix = {
      turnSecretFile = lib.mkOption {
        type = lib.types.path;
        description = ''
@@ -12,9 +20,16 @@ in {
          just raw secret
        '';
      };
+      publicIp = lib.mkOption {
+        type = lib.types.str;
+        description = ''
+          public IP address of the server, used by coturn for
+          listening and relay
+        '';
      };
    };
-  config = {
+  };
+  config = lib.mkIf cfg.enable {
    services.coturn = rec {
      enable = true;
      realm = cfg.matrixDomain;
@@ -22,9 +37,9 @@ in {
      static-auth-secret-file = cfg.turnSecretFile;
      cert = "${config.security.acme.certs.${realm}.directory}/full.pem";
      pkey = "${config.security.acme.certs.${realm}.directory}/key.pem";
-      listening-ips = ["188.137.254.58"];
+      listening-ips = [cfg.publicIp];
      no-tcp-relay = true;
-      relay-ips = ["188.137.254.58"];
+      relay-ips = [cfg.publicIp];
      listening-port = 3478;
      tls-listening-port = 5349;
      no-cli = true;
--- a/nixos/system/bfs/bfs.nix
+++ b/nixos/system/bfs/bfs.nix
@@ -10,7 +10,6 @@
  ...
 }: let
  xrayPort = 10086;
-  matrixDomain = "accord.tube";
 in {
  # TODO:
  # white list
@@ -21,22 +20,18 @@ in {
  imports = [
    self.nixosModules.hectic
    inputs.sops-nix.nixosModules.sops
-    #./voice-tune.nix
-    #./matrix.nix
-    #./element-rtc.nix
-    #./element.nix
  ];

-  #currentServer = {
-  #  matrix = {
+  #hectic.services.matrix = {
+  #  enable           = true;
  #  secretsFile      = config.sops.secrets."matrix/secrets".path;
  #  turnSecretFile   = config.sops.secrets."matrix/turn-secret".path;
+  #  publicIp         = "188.137.254.58";
  #  postgresql = {
  #    port           = 5432;
  #    initialEnvFile = config.sops.secrets."init-postgresql".path;
  #  };
  #  matrixDomain     = "accord.tube";
-  #  };
  #};

  services.xray = {
--- a/nixos/system/neuro/neuro.nix
+++ b/nixos/system/neuro/neuro.nix
@@ -51,6 +51,17 @@
  #   };
  # };

+  hectic.services.matrix = {
+    enable           = true;
+    secretsFile      = config.sops.secrets."matrix/secrets".path;
+    turnSecretFile   = config.sops.secrets."matrix/turn-secret".path;
+    postgresql = {
+      port           = 5432;
+      initialEnvFile = config.sops.secrets."init-postgresql".path;
+    };
+    matrixDomain     = "accord.tube";
+  };
+
  networking = {
    networkmanager.enable = true;
    useDHCP = lib.mkDefault true;
@@ -78,6 +89,14 @@
    gnupg.sshKeyPaths         = [ ];
    age.sshKeyPaths           = [ "/etc/ssh/ssh_host_ed25519_key" ];
    defaultSopsFile           = ../../../sus/neuro.yaml;
+
+    secrets."init-postgresql"     = {};
+    secrets."matrix/secrets"      = {};
+    secrets."matrix/turn-secret"  = {
+      owner = "turnserver";
+      group = "turnserver";
+      mode = "0400";
+    };
  };

  boot.loader.systemd-boot.enable = true;
@@ -128,7 +147,7 @@
      hectic.py3-openai-shap-e  # Uncomment when needed; depends on torch
    ]);
  in [
-    python-ai
+    #python-ai
    git
    neovim
    wget
--- a/nixos/system/wsl/wsl.nix
+++ b/nixos/system/wsl/wsl.nix
@@ -14,8 +14,6 @@

  hectic = {
    archetype.base.enable = true;
-    program.zsh.enable    = true;
-    program.nixvim.enable = true;
    user.yukkop.enable    = true;
  };

@@ -84,6 +82,8 @@
    nrs = "sudo nixos-rebuild switch --flake /home/yukkop/pj/util.nix#wsl";
  };

+  users.users.yukkop.shell = pkgs.zsh;
+
  # WSL: keep imperative stateVersion in the system module
  system.stateVersion = "25.05";
 }
--- a/sus/neuro.yaml
+++ b/sus/neuro.yaml
@@ -1,25 +1,28 @@
-wifi-env: ENC[AES256_GCM,data:omeOzokH2ON9tCvWdEAAooVWe1I2,iv:A3J+5iDymR88xwnJNEEVydfiNjnSE1nyx/rBS2xdjQ4=,tag:TFcu2vtVOLG8Vdft3YRvww==,type:str]
+init-postgresql: ENC[AES256_GCM,data:JUoZk/A3b3xCDWPKt08Uy7PjSmBd3BQqn+uymiBKTA7RLLMTsLxY+CuDRSCobUWN/Xf1eDG+CLaUESvflu4=,iv:miVa2ptLmB4fSz8UPivZbGODaHaTuU8AbQgiLpzn5os=,tag:P8Ww+w24GHuEnXJSsYe23w==,type:str]
+matrix:
+    secrets: ENC[AES256_GCM,data:vL5opJTCzQMQwhxGZm1a2K4lTFySYHAj92EW4JQSKpt3yWQAu3QHLHdt9YGOvb9/c/0APouoc+NeYWKNC5oYcih2H8z4wGfYPImn+bH7OCzr/fAGNxgOlG27cWRbkzkIpbNE7qtll0GPpEL+BsdAklzbZcgMp9s2LvQKYEovrWronBksuTI5sbOtZtoAY40yuYmnuH/Sjp+6az9KlX3fuCrb/HF6UUsPoRz98cYVPcpGiNImb64WwPGUkvDemDzKSLHB9ClUMLWuWJHumameMAKE236bz+Jqlrz5rVhbL9E1oadyw1JgQWlgeA3axKw3Ju+sThalwxQXiW3pZJPGFAmwOoNY6LiH4WBkXnfPlTY7m5f/+6FjFALUFTKHWr+iZ3S1ykUrwJGxCsK6ARBUH7U1CY6fU+fLRxjuyDogGpe7O+TcntxCKHqB/UpNjX1BDbpakOoa,iv:JR2pVrakbhDakRQDC2dfdtB1C2HneJcAtFuHClTw5gU=,tag:OYQYO22o6eKpyMrfZ/VmvA==,type:str]
+    turn-secret: ENC[AES256_GCM,data:d2KxHlbeE1dehmbWy9KLKCT6UuC3bu7LaOeEQTIRTSk/etMpNL9gv2rHBmKQ/35en30PIjsAbQr3nMHLuI6uDA==,iv:Cjyb6LfdVbmlKqO16Cn7jSEy2j/7+xAz1y9UJjcpiuo=,tag:pX6RdGMxWLdP5QzqmS4tow==,type:str]
 sops:
    age:
        - recipient: age1r25zdeqq8nac6dgca9en28r57ffyz9u9d8z5yc25gc8xqz747vaqmdtk0h
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3c0FJa3p4TTlFRk01Y2U4
-            a2FOWS8rYy9pSzVvNnFvdU1aYkF0QTUwakFZCks4cG9PdE14cVdXa0M3SCtCQWpS
-            UEc1TVhVc1JBdTJQb0NiWitxRmkrZ2cKLS0tIFhOOUg5THozUHZMZmYzeDlpZE0x
-            WFhVWWVuUVVXYzhwTWtzamFmSGc5L1kKmkEV+PRreL39DPLDqpiVq18n3DNUZbye
-            G+GU1Uryll85az9juzztvlyhJxcUnJk1L1HUpfFfONR+ph4VgbC7OA==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoanBQUU1tTlR4ZVZzUVpa
+            c0dIdkFFRmEzTEpDNXZjK2djMkxuaEJtUkRVCmwyWHJOb0Z2Mmk3UDVNOFlsZHRR
+            TEs4UDUyRURVNlMva0lYN25zTllWNFkKLS0tIEhNbDRPWXJZWXpkR0twUzJpNWJD
+            UDZLOVVZQkVENnVTeC9VOWQxVTBkVmcKvaoshlHl5ZQ+d/g1jYQvqBw/SucNlpHz
+            RM3gU0wGOCwtQ1HeX9D5XQUDTO3T+ooao5aaU5zDN3WzBBvFNua2Jg==
            -----END AGE ENCRYPTED FILE-----
-        - recipient: age15yzgmsvl3ku2w863h6gw2vpmw37m9aruv6xrj4fue6n2jpm7pyuqk9xjmj
+        - recipient: age1ak7heljpr0pjr4m0rcwxgn3sp0jjxw03lxyf33r8lcemqh2u2sgqx0aplq
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOM2QxMFNyaGZuWS91MFpD
-            WUczU3lDbjZiSUpkcC94QW5XdkIvVnBYdzAwCjZqQmRldWFEUUJ6NDBIY2hDeEpv
-            QjYwRmhNaUNFMzV0V0FRYnVDSllKNncKLS0tIFdYSmNpV1Axb0JsRC9ka2FzdFNp
-            K3Z0eTVZT0FYTzhiUHUwMnF5NFJxY1kKvPpfuE+3zCs0RnxXLSeuZb11670D7bVT
-            VObBGfwKYxsjIQBIlzmWZ90oEI874dLjXgvdC0rRexbWQvjEf0bGtw==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYSXhSSGlLbGdTUkpHbXdm
+            Q1B0Y2tVR1M0Zk5IaFlLeVlZU01WN2lZYkJ3CjFHakt3eGNnR2JySkQ3Mzh6NnNX
+            ajVwK0tNYVRhVC9YNW9YdFJuMHJjaGMKLS0tIEJBU29PVUZrSWNwbFBId1I0dUUr
+            YWNZWGhKNnF6VUNsYnB6UlZFeis0dGsKVFEdSbZdnJhFrUTFrrXza43GcoCk/6m2
+            2qQyFPc/cQQ2xB7ygLfNDK4xKDkvEbKmmwAIttnDbX13qIWWxvblZw==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-12-26T08:50:00Z"
-    mac: ENC[AES256_GCM,data:7y0VzBoWg2nP6QIOl9xGt+g22r2m/KSJ2ePKTLDDreSieVvEnv5ObwqzS84LyAzw6p9smmvZxiR3BxJrmrdXtoSaFufFgltJ9r41ftYTVSiiCcJXACwAnRX3LIYbooZk48kRqwV68n4+frmuH4oeBWqfwaONV2v2F8TuTJejJIg=,iv:PHqEWTN8dAoUR/Pb2HTGs2Pz96vCgdP5d622fmQC2RM=,tag:MWswXZbSpqDFJ+ZvFQ3jig==,type:str]
+    lastmodified: "2026-03-02T20:48:15Z"
+    mac: ENC[AES256_GCM,data:PYuxQRG0VIq6XmsdiH6JeC9XPPE084/keH7j/Os9qCtBZRP2b4d8yUcIFPYXpP3G9uLS55YvAOWMw9zlxpG2QM/TNwRxJ/3kziaA9sB6uA3o1DDxfhwZFiRcB5sGPB5Sh8bHYMMdk/s3KcipJ7FdSYrNn+/dGguDGAlSyruEMME=,iv:MJlGblf/VHvAr3jGRVvt0Nvr2hHRK724PiZ0wqdBtDY=,tag:Pg5mbqLG/nlvuS7Yse9iFg==,type:str]
    unencrypted_suffix: _unencrypted
    version: 3.10.2