wip: attic

}:3 ♥

.gitea/workflows/build.yaml

@@ -0,0 +1,29 @@
+name: build
+run-name: ${{ gitea.actor }} is testing out Gitea Actions 🚀
+on: [push]
+
+jobs:
+
+  build-sydpc:
+    runs-on: nixos
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v4
+      - name: build sydpc
+        run: nix build -L .#nixosConfigurations.sydpc.config.system.build.toplevel
+
+  build-fruitbook:
+    runs-on: nixos
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v4
+      - name: build fruitbook
+        run: nix build -L .#nixosConfigurations.fruitbook.config.system.build.toplevel
+
+  build-deertopia:
+    runs-on: nixos
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v4
+      - name: build deertopia
+        run: nix build -L .#nixosConfigurations.deertopia.config.system.build.toplevel

README.org

@@ -1,20 +1,4 @@
 #+title: Sydnix
 #+author: Madeleine Sydney Ślaga
 
-Hello! These are my dotfiles for all my software and Nix machines. My TODO lists and READMEs tend to share a file, so I've moved it out of version-control. A link will be here soon enough.
-
-* Overview
-
-** Modules
-
-Nix modules are Sydnix's primary mode of organisation. The modules in this repository are categorised by the scope of their applicability, be it user-specific, machine-specific, Sydnix-specific, or releasable. These sum of these categories resembles a hierarchy wherein modules become less generally-applicable as they build off one another. This all goes to say, in a very roundabout fashion, that we are using the [[https://www.nayuki.io/pe/designing-better-file-organization-around-tags-not-hierarchies][accursed]] hierarchical file-system as god intended:
-
-#+begin_example
-«TODO: Annotated diagram explaining the structore of modules/» 
-#+end_example
-
-User modules may be configurations using a host-specific module, which itself may be a configuration of a Sydnix-specific module.
-
-# Local Variables:
-# jinx-local-words: "dotfiles"
-# End:
+these are my disgusting undocumented dotfiles. someday they'll be documented. maybe. }:)

flake.lock

@@ -782,17 +782,17 @@
         "nixpkgs": "nixpkgs_9"
       },
       "locked": {
-        "lastModified": 1762339715,
-        "narHash": "sha256-rzEJjyZat0juOF133YPSJMgOSeuBlk92PTOu22W1B6w=",
-        "owner": "msyds",
-        "repo": "syd-fcitx5-tables",
-        "rev": "2b66c43dcc524030a45ab6fdd5aab69c229dd290",
-        "type": "gitlab"
+        "lastModified": 1771615370,
+        "narHash": "sha256-UD/9fs1GYuwDGqrpKunrwOPrvkahLQ/6eeRy/0ejHNA=",
+        "ref": "refs/heads/main",
+        "rev": "41111bead687315ca1f55a826509234ca2f0e0ce",
+        "revCount": 8,
+        "type": "git",
+        "url": "https://git.deertopia.net/msyds/syd-fcitx5-tables"
       },
       "original": {
-        "owner": "msyds",
-        "repo": "syd-fcitx5-tables",
-        "type": "gitlab"
+        "type": "git",
+        "url": "https://git.deertopia.net/msyds/syd-fcitx5-tables"
       }
     },
     "sydpkgs": {

flake.nix

@@ -27,7 +27,8 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
     tf2-nix.url = "gitlab:msyds/tf2-nix";
-    syd-fcitx5-tables.url = "gitlab:msyds/syd-fcitx5-tables";
+    syd-fcitx5-tables.url =
+      "git+https://git.deertopia.net/msyds/syd-fcitx5-tables";
     sydpkgs.url = "github:msyds/sydpkgs";
   };
 

hosts/deertopia/configuration.nix

@@ -49,6 +49,7 @@
 
     deertopia = {
       authelia.enable = true;
+      atticd.enable = true;
       gitea.enable = true;
       quiver.enable = true;
       www.enable = true;
@@ -66,6 +67,7 @@
       # umurmur.enable = true;
       murmur.enable = true;
       anki-sync-server.enable = true;
+      vaultwarden.enable = true;
       servarr = {
         enable = true;
         prowlarr.enable = true;

hosts/fruitbook/configuration.nix

@@ -17,6 +17,7 @@
     openssh.enable = true;
     sydpkgs.overlay.enable = true;
     dank-material-shell.enable = true;
+    kdeconnect.enable = true;
 
     users.users = [
       "crumb"

hosts/sydpc/configuration.nix

@@ -26,6 +26,12 @@
     sydpkgs.overlay.enable = true;
     dank-material-shell.enable = true;
     kdeconnect.enable = true;
+    gitea-actions-runner.enable = true;
+
+    sops = {
+      enable = true;
+      keyFile = "/persist/private-keys/age/deertopia";
+    };
 
     steam = {
       enable = true;

modules/home/users/crumb/emacs/modules/syd-autosave.el

@@ -71,9 +71,11 @@ the unwritable tidbits."
       (setq-local register-alist
                   (cl-remove-if-not #'savehist-printable register-alist)))))
 
-(with-eval-after-load 'bookmark
-  ;; Stay out of my config dir!
-  (setq bookmark-default-file (file-name-concat syd-data-dir "bookmarks")))
+;; Stay out of my config dir!
+(setq bookmark-default-file
+      (file-name-concat syd-data-dir "bookmarks")
+      transient-history-file
+      (file-name-concat syd-data-dir "transient/history.el"))
 
 
 (provide 'syd-autosave)

modules/home/users/msyds/emacs/bookmarks

@@ -1,11 +0,0 @@
-;;;; Emacs Bookmark Format Version 1;;;; -*- coding: utf-8-emacs; mode: lisp-data -*-
-;;; This format is meant to be slightly human-readable;
-;;; nevertheless, you probably don't want to edit it.
-;;; -*- End Of Bookmark File Format Version Stamp -*-
-(("org-capture-last-stored"
- (filename . "~/org/20260207174607-discontinuity_linguistics.org")
- (front-context-string . "\nIn [[id:f140be8")
- (rear-context-string . "y (linguistics)\n")
- (position . 105)
- (last-modified 27015 56580 955383 229000))
-)

modules/home/users/msyds/emacs/init.el

@@ -62,47 +62,6 @@
     syd/agda
     syd/eshell
     syd/treesit
-    syd/grammatical-framework))
-(custom-set-variables
- ;; custom-set-variables was added by Custom.
- ;; If you edit it by hand, you could mess it up, so be careful.
- ;; Your init file should contain only one such instance.
- ;; If there is more than one, they won't work right.
- '(org-latex-preview-mode-display-live t nil nil "Customized with use-package org-latex-preview")
- '(org-latex-preview-mode-update-delay 0.25 nil nil "Customized with use-package org-latex-preview")
- '(safe-local-variable-directories
-   '("/home/msyds/src/deertopia.net/"
-     "/home/msyds/src/net-deertopia/publisher/"
-     "/home/msyds/src/net-deertopia/"))
- '(safe-local-variable-values '((jinx-languages . "en_GB en_US"))))
-(custom-set-faces
- ;; custom-set-faces was added by Custom.
- ;; If you edit it by hand, you could mess it up, so be careful.
- ;; Your init file should contain only one such instance.
- ;; If there is more than one, they won't work right.
- '(comint-highlight-prompt ((t :foreground "#C8C093" :background unspecified :weight bold)))
- '(form-feed-st-line ((t :strike-through "#727169")))
- '(org-block ((t (:inherit fixed-pitch :background "#1a1a22"))))
- '(org-block-begin-line ((t (:foreground unspecified :inherit font-lock-comment-face :extend t :background "#16161D" :height 0.75))))
- '(org-block-end-line ((t (:foreground unspecified :inherit font-lock-comment-face :extend t :background "#16161D" :height 0.75))))
- '(org-checkbox ((t (:inherit fixed-pitch))))
- '(org-code ((t (:inherit (shadow fixed-pitch)))))
- '(org-document-info ((t (:weight bold :height 1.0))))
- '(org-document-info-keyword ((t (:background unspecified :foreground unspecified :inherit (fixed-pitch font-lock-comment-face) :height 0.9))))
- '(org-document-title ((t (:weight bold :height 1.6))))
- '(org-drawer ((t (:foreground unspecified :inherit font-lock-comment-face :extend t :background "#16161D" :height 0.75))))
- '(org-ellipsis ((t (:height 1.0))))
- '(org-indent ((t (:inherit (org-hide syd-alt-fixed-pitch)))))
- '(org-level-1 ((t (:weight bold :height 1.4 :foreground "#957FB8"))))
- '(org-level-2 ((t (:weight bold :height 1.35 :foreground "#7E9CD8"))))
- '(org-level-3 ((t (:weight bold :height 1.3 :foreground "#9CABCA"))))
- '(org-level-4 ((t (:weight bold :height 1.25 :foreground "#A3D4D5"))))
- '(org-level-5 ((t (:weight bold :height 1.2 :foreground "#7AA89F"))))
- '(org-level-6 ((t (:weight bold :height 1.15 :foreground "#98BB6C"))))
- '(org-level-7 ((t (:weight bold :height 1.1 :foreground "#938056"))))
- '(org-level-8 ((t (:weight bold :height 1.05 :foreground "#C0A36E"))))
- '(org-meta-line ((t (:background unspecified :foreground unspecified :inherit (fixed-pitch font-lock-comment-face) :height 0.9))))
- '(org-property-value ((t (:inherit fixed-pitch))))
- '(org-quote ((t (:inherit (variable-pitch org-block)))))
- '(org-special-keyword ((t (:inherit (font-lock-comment-face fixed-pitch)))))
- '(org-table ((t (:inherit fixed-pitch)))))
+    syd/grammatical-framework
+    syd/lsp
+    syd/custom))

modules/home/users/msyds/emacs/lisp/syd/custom.el

@@ -0,0 +1,8 @@
+;;; -*- lexical-binding: t -*-
+
+(require 'syd/base)
+
+;; Stay out of version-control!!!!!
+(setq custom-file (file-name-concat syd-data-dir "custom.el"))
+
+(provide 'syd/custom)

modules/home/users/msyds/emacs/lisp/syd/org/roam.el

@@ -77,7 +77,10 @@
                  :target (file ,default-target-file-name))
 		("K" "Today's Korean" plain
 		 (file ,(syd-emacs-file "lisp/syd/org/roam/todays-korean.org"))
-		 :target (file "todays-korean/%<%Y-%m-%d>.org"))))))
+		 :target (file "todays-korean/%<%Y-%m-%d>.org"))
+		("I" "Korean irregularity class" plain
+		 (file ,(syd-emacs-file "lisp/syd/org/roam/irregularity-class.org"))
+		 :target (file ,default-target-file-name))))))
   :config
   (add-to-list 'org-agenda-files org-roam-directory)
   (with-eval-after-load 'org-roam-dailies

modules/home/users/msyds/emacs/lisp/syd/org/roam/irregularity-class.org

@@ -0,0 +1,12 @@
+:PROPERTIES:
+:ROAM_ALIASES: "%^{Irregular ending: } 불규칙"
+:END:
+#+title: %\1-irregularity
+
+In [[id:e4ae4140-b842-4f16-b4da-9306eb3c2c1a][Korean morphology]], a *%\1-irregular verb* (ko: *%\1 불규칙 동사*) is a type of [[id:764f5ddf-472a-4142-9f76-cfb19f462be4][irregular verb]] whose stem ends in %\1.
+
+* Inflection
+
+* Examples
+
+** Non-examples

modules/home/users/msyds/emacs/transient/history.el

@@ -1 +0,0 @@
-nil

modules/nixos/deertopia/atticd.nix

@@ -0,0 +1,40 @@
+{ config, lib, pkgs, ... }:
+
+let cfg = config.sydnix.deertopia.atticd;
+in {
+  options.sydnix.deertopia.atticd = {
+    enable = lib.mkEnableOption "Atticd";
+    port = lib.mkOption {
+      default = 8012;
+      type = lib.types.port;
+    };
+  };
+
+  # sudo atticd-atticadm make-token --sub msyds --validity '1 year' --pull 'msyds-*' --push 'msyds-*' --create-cache 'msyds-*' --configure-cache 'msyds-*'
+  config = lib.mkIf cfg.enable {
+    sydnix.sops.secrets.atticd-environment-file = {
+      # owner = config.services.atticd.user;
+      # group = config.services.atticd.group;
+    };
+
+    services.atticd = {
+      enable = true;
+      environmentFile =
+	config.sops.secrets.atticd-environment-file.path;
+      settings = {
+	api-endpoint = "https://attic.deertopia.net/";
+	listen = "[::]:${toString cfg.port}";
+	garbage-collection = {
+	  default-retention-period = "3 months";
+	};
+      };
+    };
+
+    sydnix.deertopia.nginx.vhosts."attic".vhost = {
+      forceSSL = true;
+      enableACME = true;
+      locations."/".proxyPass =
+        "http://127.0.0.1:${toString cfg.port}";
+    };
+  };
+}

modules/nixos/deertopia/gitea.nix

@@ -44,6 +44,7 @@ in {
       enable = true;
       user = "git";
       group = "git";
+      appName = "GupHub"; # Name per my darling Colestar ♥
       settings = {
 	server = {
 	  ROOT_URL = "https://git.deertopia.net/";

modules/nixos/deertopia/lldap.nix

@@ -62,6 +62,7 @@ in {
         ldap_base_dn = cfg.baseDN;
         ldap_user_dn = "lain";
         ldap_user_email = "lain@deertopia.net";
+        force_ldap_user_pass_reset = "always";
         ldaps_options = {
           enabled = true;
           port = 6360;

modules/nixos/deertopia/vaultwarden.nix

@@ -0,0 +1,45 @@
+{ config, lib, pkgs, ... }:
+
+let cfg = config.sydnix.deertopia.vaultwarden;
+in {
+  options.sydnix.deertopia.vaultwarden = {
+    enable = lib.mkEnableOption "Vaultwarden";
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.vaultwarden = {
+      enable = true;
+      config = {
+	ROCKET_ADDRESS = "127.0.0.1";
+	ROCKET_PORT = 8222;
+	DOMAIN = "https://vault.deertopia.net";
+      };
+    };
+
+    sydnix.impermanence.directories = [
+      "/var/backup/vaultwarden"
+    ];
+
+    services.nginx.upstreams.vaultwarden.servers =
+      let port = toString config.services.vaultwarden.config.ROCKET_PORT;
+      in {
+	"127.0.0.1:${port}" = { };
+      };
+
+    sydnix.deertopia.nginx.vhosts."vault".vhost = {
+        forceSSL = true;
+        enableACME = true;
+	locations = {
+	  "/".proxyPass = "http://vaultwarden";
+          "= /notifications/anonymous-hub" = {
+            proxyPass = "http://vaultwarden";
+            proxyWebsockets = true;
+          };
+          "= /notifications/hub" = {
+            proxyPass = "http://vaultwarden";
+            proxyWebsockets = true;
+          };
+	};
+      };
+  };
+}

modules/nixos/gitea-actions-runner.nix

@@ -0,0 +1,103 @@
+# Stolen from https://git.neet.dev/zuckerberg/nix-config/src/branch/master/common/server/gitea-actions-runner.nix
+{ config, lib, pkgs, ... }:
+
+let
+  cfg = config.sydnix.gitea-actions-runner;
+  container-name = "gitea-actions-runner";
+  gitea-actions-runner-uid = 991;
+  gitea-actions-runner-gid = 989;
+  token-file = config.sops.secrets.gitea-actions-runner-token.path;
+in {
+  options.sydnix.gitea-actions-runner = {
+    enable = lib.mkEnableOption "Gitea actions runner";
+  };
+
+  config = lib.mkIf cfg.enable {
+    sydnix.sops.secrets.gitea-actions-runner-token = {};
+
+    sydnix.impermanence.directories = [ "/var/lib/gitea-actions-runner" ];
+
+    containers.${container-name} = {
+      autoStart = true;
+      ephemeral = true;
+
+      bindMounts = {
+        ${token-file} = {
+          hostPath = token-file;
+          isReadOnly = true;
+        };
+        "/var/lib/gitea-actions-runner" = {
+          hostPath = "/var/lib/gitea-actions-runner";
+          isReadOnly = false;
+        };
+      };
+
+      config = { config, lib, pkgs, ... }: {
+        system.stateVersion = "25.11";
+
+        services.gitea-actions-runner.instances.sydpc = {
+          enable = true;
+          name = "sydpc";
+          url = "https://git.deertopia.net/";
+          tokenFile = token-file;
+          labels = [ "nixos:host" ];
+	  hostPackages = with pkgs; [
+	    bash
+	    coreutils
+	    curl
+	    gawk
+	    gitMinimal
+	    gnused
+	    nodejs
+	    wget
+	    nix
+	  ];
+        };
+
+        # Disable dynamic user so runner state persists via bind mount
+	assertions = [{
+	  assertion = config.systemd.services.gitea-actions-runner-sydpc.enable;
+	  message = ''
+	    Expected systemd service 'gitea-actions-runner-sydpc' is not
+	    enabled — the gitea-actions-runner module may have changed
+	    its naming scheme.
+	  '';
+	}];
+        systemd.services.gitea-actions-runner-sydpc.serviceConfig.DynamicUser
+	  = lib.mkForce false;
+        users.users.gitea-actions-runner = {
+          uid = gitea-actions-runner-uid;
+          home = "/var/lib/gitea-actions-runner";
+          group = "gitea-actions-runner";
+          isSystemUser = true;
+          createHome = true;
+        };
+        users.groups.gitea-actions-runner.gid = gitea-actions-runner-gid;
+
+        nix.settings.experimental-features = [ "nix-command" "flakes" ];
+
+        environment.systemPackages = with pkgs; [
+          git
+          nodejs
+          jq
+          attic-client
+        ];
+      };
+    };
+
+    # Needs to be outside of the container because container uses's
+    # the host's nix-daemon
+    nix.settings.trusted-users = [ "gitea-actions-runner" ];
+
+    # Matching user on host — the container's gitea-actions-runner UID must be
+    # recognized by the host's nix-daemon as trusted (shared UID namespace)
+    users.users.gitea-actions-runner = {
+      uid = gitea-actions-runner-uid;
+      home = "/var/lib/gitea-actions-runner";
+      group = "gitea-actions-runner";
+      isSystemUser = true;
+      createHome = true;
+    };
+    users.groups.gitea-actions-runner.gid = gitea-actions-runner-gid;
+  };
+}

modules/nixos/impermanence.nix

@@ -70,6 +70,10 @@ in {
     };
 
     # O_O what the fuck did i write this for.... CONCERNING.
+    #
+    # oh because of these types of errors:
+    #   Directory "/var/lib/private" already exists, but has mode 0755
+    #   that is too permissive (0700 was requested), refusing.
     systemd.tmpfiles.settings."10-varlibprivate" = {
       "/var/lib/private" = {
         z.group = "root";
@@ -78,6 +82,13 @@ in {
       };
     };
 
+    # Workaround for https://github.com/nix-community/impermanence/issues/254.
+    systemd.services."systemd-tmpfiles-resetup" = {
+      serviceConfig = {
+        RemainAfterExit = lib.mkForce false;
+      };
+    };
+
     # Permit members of `cfg.persistGroupName` to read, write, and execute
     # /persist.
     systemd.tmpfiles.settings."10-persist" = {

modules/nixos/impermanence/rollback.nix

@@ -29,7 +29,7 @@ in {
       mkdir -p /btrfs-tmp
       mount -t btrfs "${cfg.device}" /btrfs-tmp
 
-      # If the moribound subvolume exists, send it do 'death row' (old-roots),
+      # If the moribund subvolume exists, send it do 'death row' (old-roots),
       # where live for about three days before its eventual deletion.
       if [[ -e "/btrfs-tmp/${cfg.subvolume}" ]]; then
           mkdir -p /btrfs-tmp/old-roots