msyds/sydnix
1
0
Fork 0
Code Issues 6 Pull Requests 2 Actions Packages Projects Releases Wiki Activity

Compare commits

base: msyds:f0ff7b5c510d855d226f1cf8884196172614a34e
Branches Tags
msyds:main msyds:fix-zotero msyds:attic
...
compare: msyds:attic
Branches Tags
msyds:main msyds:fix-zotero msyds:attic

12 Commits
f0ff7b5c51 ... attic

Author SHA1 Message Date
Madeleine Sydney Ślaga
4c1ccd22ff wip: attic
All checks were successful
build / build-sydpc (push) Successful in 33s
Details
build / build-fruitbook (push) Successful in 30s
Details
build / build-deertopia (push) Successful in 40s
Details
2026-03-05 11:29:12 -07:00
Madeleine Sydney Ślaga
70068bf0d9 feat(vaultwarden): init
All checks were successful
build / build-sydpc (push) Successful in 1m52s
Details
build / build-fruitbook (push) Successful in 23s
Details
build / build-deertopia (push) Successful in 49s
Details
2026-03-03 21:42:02 -07:00
Madeleine Sydney Ślaga
165806ba2c feat: build action
All checks were successful
build / build-sydpc (push) Successful in 51s
Details
build / build-fruitbook (push) Successful in 47s
Details
build / build-deertopia (push) Successful in 55s
Details
2026-03-01 02:54:00 -07:00
Madeleine Sydney Ślaga
76605c04b9 fix(gitea-actions-runner): add nix to path 2026-03-01 02:42:40 -07:00
Madeleine Sydney Ślaga
e0506fc3e0 feat(gitea-actions-runner): init 2026-03-01 02:11:40 -07:00
Madeleine Sydney Ślaga
93e801c332 chore(fcitx5): bump syd-fcitx5-tables 2026-02-20 12:23:30 -07:00
Madeleine Sydney Ślaga
2b85764f11 chore(fruitbook): enable kdeconnect 2026-02-18 16:43:42 -07:00
Madeleine Sydney Ślaga
f22ccc40a0 fix(lldap): warning 2026-02-18 16:43:42 -07:00
Madeleine Sydney Ślaga
f1e239b13b fix(emacs): keep custom out of init.el 2026-02-18 16:43:42 -07:00
Madeleine Sydney Ślaga
6c7c1f1b17 fix(emacs): keep bookmarks and transient out of vc 2026-02-18 16:43:02 -07:00
Madeleine Sydney Ślaga
8c083dfc17 fix: typo io'm such a fat fucking chud god i know no words at all 2026-02-16 19:40:53 -07:00
Madeleine Sydney Ślaga
aea4a3da97 fix(emacs): load lsp 2026-02-14 10:22:24 -07:00
16 changed files with 270 additions and 17 deletions
Expand all files Collapse all files

29
.gitea/workflows/build.yaml Normal file
View File

@@ -0,0 +1,29 @@
name: build
run-name: ${{ gitea.actor }} is testing out Gitea Actions 🚀
on: [push]
jobs:
build-sydpc:
runs-on: nixos
steps:
- name: Check out repository code
uses: actions/checkout@v4
- name: build sydpc
run: nix build -L .#nixosConfigurations.sydpc.config.system.build.toplevel
build-fruitbook:
runs-on: nixos
steps:
- name: Check out repository code
uses: actions/checkout@v4
- name: build fruitbook
run: nix build -L .#nixosConfigurations.fruitbook.config.system.build.toplevel
build-deertopia:
runs-on: nixos
steps:
- name: Check out repository code
uses: actions/checkout@v4
- name: build deertopia
run: nix build -L .#nixosConfigurations.deertopia.config.system.build.toplevel

18
flake.lock generated
View File

@@ -782,17 +782,17 @@
"nixpkgs": "nixpkgs_9"
},
"locked": {
"lastModified": 1762339715,
"narHash": "sha256-rzEJjyZat0juOF133YPSJMgOSeuBlk92PTOu22W1B6w=",
"owner": "msyds",
"repo": "syd-fcitx5-tables",
"rev": "2b66c43dcc524030a45ab6fdd5aab69c229dd290",
"type": "gitlab"
"lastModified": 1771615370,
"narHash": "sha256-UD/9fs1GYuwDGqrpKunrwOPrvkahLQ/6eeRy/0ejHNA=",
"ref": "refs/heads/main",
"rev": "41111bead687315ca1f55a826509234ca2f0e0ce",
"revCount": 8,
"type": "git",
"url": "https://git.deertopia.net/msyds/syd-fcitx5-tables"
},
"original": {
"owner": "msyds",
"repo": "syd-fcitx5-tables",
"type": "gitlab"
"type": "git",
"url": "https://git.deertopia.net/msyds/syd-fcitx5-tables"
}
},
"sydpkgs": {

3
flake.nix
View File

@@ -27,7 +27,8 @@
inputs.nixpkgs.follows = "nixpkgs";
};
tf2-nix.url = "gitlab:msyds/tf2-nix";
syd-fcitx5-tables.url = "gitlab:msyds/syd-fcitx5-tables";
syd-fcitx5-tables.url =
"git+https://git.deertopia.net/msyds/syd-fcitx5-tables";
sydpkgs.url = "github:msyds/sydpkgs";
};

2
hosts/deertopia/configuration.nix
View File

@@ -49,6 +49,7 @@
deertopia = {
authelia.enable = true;
atticd.enable = true;
gitea.enable = true;
quiver.enable = true;
www.enable = true;
@@ -66,6 +67,7 @@
# umurmur.enable = true;
murmur.enable = true;
anki-sync-server.enable = true;
vaultwarden.enable = true;
servarr = {
enable = true;
prowlarr.enable = true;

1
hosts/fruitbook/configuration.nix
View File

@@ -17,6 +17,7 @@
openssh.enable = true;
sydpkgs.overlay.enable = true;
dank-material-shell.enable = true;
kdeconnect.enable = true;
users.users = [
"crumb"

6
hosts/sydpc/configuration.nix
View File

@@ -26,6 +26,12 @@
sydpkgs.overlay.enable = true;
dank-material-shell.enable = true;
kdeconnect.enable = true;
gitea-actions-runner.enable = true;
sops = {
enable = true;
keyFile = "/persist/private-keys/age/deertopia";
};
steam = {
enable = true;

6
modules/home/users/crumb/emacs/modules/syd-autosave.el
View File

@@ -71,9 +71,11 @@ the unwritable tidbits."
(setq-local register-alist
(cl-remove-if-not #'savehist-printable register-alist)))))
(with-eval-after-load 'bookmark
;; Stay out of my config dir!
(setq bookmark-default-file (file-name-concat syd-data-dir "bookmarks")))
(setq bookmark-default-file
(file-name-concat syd-data-dir "bookmarks")
transient-history-file
(file-name-concat syd-data-dir "transient/history.el"))
(provide 'syd-autosave)

4
modules/home/users/msyds/emacs/init.el
View File

@@ -62,4 +62,6 @@
syd/agda
syd/eshell
syd/treesit
syd/grammatical-framework))
syd/grammatical-framework
syd/lsp
syd/custom))

8
modules/home/users/msyds/emacs/lisp/syd/custom.el Normal file
View File

@@ -0,0 +1,8 @@
;;; -*- lexical-binding: t -*-
(require 'syd/base)
;; Stay out of version-control!!!!!
(setq custom-file (file-name-concat syd-data-dir "custom.el"))
(provide 'syd/custom)

40
modules/nixos/deertopia/atticd.nix Normal file
View File

@@ -0,0 +1,40 @@
{ config, lib, pkgs, ... }:
let cfg = config.sydnix.deertopia.atticd;
in {
options.sydnix.deertopia.atticd = {
enable = lib.mkEnableOption "Atticd";
port = lib.mkOption {
default = 8012;
type = lib.types.port;
};
};
# sudo atticd-atticadm make-token --sub msyds --validity '1 year' --pull 'msyds-*' --push 'msyds-*' --create-cache 'msyds-*' --configure-cache 'msyds-*'
config = lib.mkIf cfg.enable {
sydnix.sops.secrets.atticd-environment-file = {
# owner = config.services.atticd.user;
# group = config.services.atticd.group;
};
services.atticd = {
enable = true;
environmentFile =
config.sops.secrets.atticd-environment-file.path;
settings = {
api-endpoint = "https://attic.deertopia.net/";
listen = "[::]:${toString cfg.port}";
garbage-collection = {
default-retention-period = "3 months";
};
};
};
sydnix.deertopia.nginx.vhosts."attic".vhost = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass =
"http://127.0.0.1:${toString cfg.port}";
};
};
}

1
modules/nixos/deertopia/lldap.nix
View File

@@ -62,6 +62,7 @@ in {
ldap_base_dn = cfg.baseDN;
ldap_user_dn = "lain";
ldap_user_email = "lain@deertopia.net";
force_ldap_user_pass_reset = "always";
ldaps_options = {
enabled = true;
port = 6360;

45
modules/nixos/deertopia/vaultwarden.nix Normal file
View File

@@ -0,0 +1,45 @@
{ config, lib, pkgs, ... }:
let cfg = config.sydnix.deertopia.vaultwarden;
in {
options.sydnix.deertopia.vaultwarden = {
enable = lib.mkEnableOption "Vaultwarden";
};
config = lib.mkIf cfg.enable {
services.vaultwarden = {
enable = true;
config = {
ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = 8222;
DOMAIN = "https://vault.deertopia.net";
};
};
sydnix.impermanence.directories = [
"/var/backup/vaultwarden"
];
services.nginx.upstreams.vaultwarden.servers =
let port = toString config.services.vaultwarden.config.ROCKET_PORT;
in {
"127.0.0.1:${port}" = { };
};
sydnix.deertopia.nginx.vhosts."vault".vhost = {
forceSSL = true;
enableACME = true;
locations = {
"/".proxyPass = "http://vaultwarden";
"= /notifications/anonymous-hub" = {
proxyPass = "http://vaultwarden";
proxyWebsockets = true;
};
"= /notifications/hub" = {
proxyPass = "http://vaultwarden";
proxyWebsockets = true;
};
};
};
};
}

103
modules/nixos/gitea-actions-runner.nix Normal file
View File

@@ -0,0 +1,103 @@
# Stolen from https://git.neet.dev/zuckerberg/nix-config/src/branch/master/common/server/gitea-actions-runner.nix
{ config, lib, pkgs, ... }:
let
cfg = config.sydnix.gitea-actions-runner;
container-name = "gitea-actions-runner";
gitea-actions-runner-uid = 991;
gitea-actions-runner-gid = 989;
token-file = config.sops.secrets.gitea-actions-runner-token.path;
in {
options.sydnix.gitea-actions-runner = {
enable = lib.mkEnableOption "Gitea actions runner";
};
config = lib.mkIf cfg.enable {
sydnix.sops.secrets.gitea-actions-runner-token = {};
sydnix.impermanence.directories = [ "/var/lib/gitea-actions-runner" ];
containers.${container-name} = {
autoStart = true;
ephemeral = true;
bindMounts = {
${token-file} = {
hostPath = token-file;
isReadOnly = true;
};
"/var/lib/gitea-actions-runner" = {
hostPath = "/var/lib/gitea-actions-runner";
isReadOnly = false;
};
};
config = { config, lib, pkgs, ... }: {
system.stateVersion = "25.11";
services.gitea-actions-runner.instances.sydpc = {
enable = true;
name = "sydpc";
url = "https://git.deertopia.net/";
tokenFile = token-file;
labels = [ "nixos:host" ];
hostPackages = with pkgs; [
bash
coreutils
curl
gawk
gitMinimal
gnused
nodejs
wget
nix
];
};
# Disable dynamic user so runner state persists via bind mount
assertions = [{
assertion = config.systemd.services.gitea-actions-runner-sydpc.enable;
message = ''
Expected systemd service 'gitea-actions-runner-sydpc' is not
enabled the gitea-actions-runner module may have changed
its naming scheme.
'';
}];
systemd.services.gitea-actions-runner-sydpc.serviceConfig.DynamicUser
= lib.mkForce false;
users.users.gitea-actions-runner = {
uid = gitea-actions-runner-uid;
home = "/var/lib/gitea-actions-runner";
group = "gitea-actions-runner";
isSystemUser = true;
createHome = true;
};
users.groups.gitea-actions-runner.gid = gitea-actions-runner-gid;
nix.settings.experimental-features = [ "nix-command" "flakes" ];
environment.systemPackages = with pkgs; [
git
nodejs
jq
attic-client
];
};
};
# Needs to be outside of the container because container uses's
# the host's nix-daemon
nix.settings.trusted-users = [ "gitea-actions-runner" ];
# Matching user on host — the container's gitea-actions-runner UID must be
# recognized by the host's nix-daemon as trusted (shared UID namespace)
users.users.gitea-actions-runner = {
uid = gitea-actions-runner-uid;
home = "/var/lib/gitea-actions-runner";
group = "gitea-actions-runner";
isSystemUser = true;
createHome = true;
};
users.groups.gitea-actions-runner.gid = gitea-actions-runner-gid;
};
}

11
modules/nixos/impermanence.nix
View File

@@ -70,6 +70,10 @@ in {
};
# O_O what the fuck did i write this for.... CONCERNING.
#
# oh because of these types of errors:
# Directory "/var/lib/private" already exists, but has mode 0755
# that is too permissive (0700 was requested), refusing.
systemd.tmpfiles.settings."10-varlibprivate" = {
"/var/lib/private" = {
z.group = "root";
@@ -78,6 +82,13 @@ in {
};
};
# Workaround for https://github.com/nix-community/impermanence/issues/254.
systemd.services."systemd-tmpfiles-resetup" = {
serviceConfig = {
RemainAfterExit = lib.mkForce false;
};
};
# Permit members of `cfg.persistGroupName` to read, write, and execute
# /persist.
systemd.tmpfiles.settings."10-persist" = {

2
modules/nixos/impermanence/rollback.nix
View File

@@ -29,7 +29,7 @@ in {
mkdir -p /btrfs-tmp
mount -t btrfs "${cfg.device}" /btrfs-tmp
# If the moribound subvolume exists, send it do 'death row' (old-roots),
# If the moribund subvolume exists, send it do 'death row' (old-roots),
# where live for about three days before its eventual deletion.
if [[ -e "/btrfs-tmp/${cfg.subvolume}" ]]; then
mkdir -p /btrfs-tmp/old-roots

6
secrets.yaml
View File

File diff suppressed because one or more lines are too long