Enable arch64 emulation on marauder

Add various apps to marauder
Remove winboat from marauder
2025-10-16 07:21:05 -07:00 · 2025-10-15 22:07:26 -07:00 · 2025-10-15 22:05:17 -07:00 · 2025-10-15 17:43:36 -07:00 · 2025-10-15 14:29:17 -07:00
9 changed files with 70 additions and 77 deletions
--- a/flake.lock
+++ b/flake.lock
@ -98,22 +98,6 @@
        "type": "github"
      }
    },
-    "nixpkgs_2": {
-      "locked": {
-        "lastModified": 1758690382,
-        "narHash": "sha256-NY3kSorgqE5LMm1LqNwGne3ZLMF2/ILgLpFr1fS4X3o=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "e643668fd71b949c53f8626614b21ff71a07379d",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
    "phps": {
      "inputs": {
        "flake-compat": "flake-compat",
@ -140,8 +124,7 @@
      "inputs": {
        "agenix": "agenix",
        "nixpkgs": "nixpkgs",
-        "phps": "phps",
-        "winboat": "winboat"
+        "phps": "phps"
      }
    },
    "systems": {
@ -191,24 +174,6 @@
        "repo": "flake-utils",
        "type": "github"
      }
-    },
-    "winboat": {
-      "inputs": {
-        "nixpkgs": "nixpkgs_2"
-      },
-      "locked": {
-        "lastModified": 1760183562,
-        "narHash": "sha256-lauscAI61WXjLTuGiRDMUAEeTqvOTSWhRoHDaor5sfE=",
-        "owner": "TibixDev",
-        "repo": "winboat",
-        "rev": "ae60de6c2cba7a2001fef1027d5c2e06614e6904",
-        "type": "github"
-      },
-      "original": {
-        "owner": "TibixDev",
-        "repo": "winboat",
-        "type": "github"
-      }
    }
  },
  "root": "root",
--- a/flake.nix
+++ b/flake.nix
@ -11,7 +11,6 @@
      url = "github:ryantm/agenix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
-    winboat.url = "github:TibixDev/winboat";
  };

  outputs = inputs: {
--- a/hosts/astral/default.nix
+++ b/hosts/astral/default.nix
@ -7,6 +7,7 @@
    agenix.nixosModules.default
    ./forgejo.nix
    ./links.nix
+    ./radicale.nix
    ./vaultwarden.nix
  ];

@ -35,6 +36,11 @@

  services.caddy = {
    enable = true;
+    package = pkgs.caddy.withPlugins {
+      plugins =
+        [ "github.com/abiosoft/caddy-exec@v0.0.0-20240914124740-521d8736cb4d" ];
+      hash = "sha256-ef6/x7wjKk0axjX6MfAzTTwPM2FTOTSSyI9zLLrczV0=";
+    };
    virtualHosts = {
      "astral.leaf.ninja".extraConfig = ''
        respond "astral is online"
--- a/hosts/astral/links.nix
+++ b/hosts/astral/links.nix
@ -1,39 +1,21 @@
-{ pkgs, ... }:
+{ pkgs, lib, ... }:
 let
  domain = "nettika.leaf.ninja";
  root = "/srv/links";
-  webhookHandler = pkgs.writeScript "webhook-handler.py" ''
-    #!${pkgs.python3}/bin/python3
-
-    import http.server
-    import socketserver
-    import subprocess
-    import os
-
-    class WebhookHandler(http.server.SimpleHTTPRequestHandler):
-        def do_POST(self):
-            os.chdir('${root}')
-            subprocess.run(['${pkgs.git}/bin/git', 'pull'], check=True)
-            self.send_response(200)
-            self.end_headers()
-            self.wfile.write(b'OK')
-
-    with socketserver.TCPServer(("127.0.0.1", 8081), WebhookHandler) as httpd:
-        httpd.serve_forever()
-  '';
 in {
-  systemd.services.links-webhook = {
-    wantedBy = [ "multi-user.target" ];
-    after = [ "network.target" ];
-    serviceConfig = {
-      Type = "simple";
-      ExecStart = "${pkgs.python3}/bin/python3 ${webhookHandler}";
-      Restart = "always";
-    };
+  services.caddy.virtualHosts = {
+    ${domain}.extraConfig = ''
+      root * ${root}
+      file_server
+    '';
+    "http://localhost:8081".extraConfig = let git = lib.getExe pkgs.git;
+    in ''
+      route {
+        exec {
+          command ${git} pull --rebase 
+          directory ${root}
+        }
+      }
+    '';
  };
-
-  services.caddy.virtualHosts.${domain}.extraConfig = ''
-    root * ${root}
-    file_server
-  '';
 }
--- a/hosts/astral/radicale.nix
+++ b/hosts/astral/radicale.nix
@ -0,0 +1,25 @@
+{ config, ... }:
+let domain = "radicale.leaf.ninja";
+in {
+  age.secrets.radicale-htpasswd = {
+    file = ./secrets/radicale-htpasswd;
+    mode = "400";
+    owner = "radicale";
+  };
+
+  services.radicale = {
+    enable = true;
+    settings = {
+      server.hosts = [ "localhost:5232" ];
+      auth = {
+        type = "htpasswd";
+        htpasswd_filename = config.age.secrets.radicale-htpasswd.path;
+        htpasswd_encryption = "plain";
+      };
+    };
+  };
+
+  services.caddy.virtualHosts.${domain}.extraConfig = ''
+    reverse_proxy localhost:5232
+  '';
+}
--- a/hosts/astral/secrets/radicale-htpasswd
+++ b/hosts/astral/secrets/radicale-htpasswd
@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 f+PJrQ pKqLrqz0R7kAzNQZ3ChRsoWa63JEN2H2KHtGguF5nSc
+6Mk1qDWKx26jPdEzaVMh0vgUeVWjAGcmIPpvSU8BFNE
+-> ssh-ed25519 nz/vnw 0PuVNQ97Qa6iCk4pPf34lgS1aPb4CeDB4Qclk5F24T4
+OwJOYMTlTY9+Pj/BwG09z4q2/QViii710Kh3xPU5FRA
+--- mSdutlC3gFq8lDjeOGqi361i+DUI1Yg6Bpl7hCfznJA
+“ÜtQÆ/í rNeKeíé¸Ñ¥Äè~ˆý¾×Ÿ{_¡o
+y_Ü}‹¸Ã»P*W5<57>»´õFû.ECø¡‘Z©å#;
+£¢ð§Ûli…Ô§±*´Î]yT
--- a/hosts/default.nix
+++ b/hosts/default.nix
@ -1,4 +1,4 @@
-{ self, nixpkgs, phps, agenix, winboat }:
+{ self, nixpkgs, phps, agenix }:
 let
  baseSpecialArgs = {
    inherit (self) nixosModules;
@ -11,7 +11,7 @@ in {
  marauder = nixosSystem {
    system = "x86_64-linux";
    modules = [ ./marauder ];
-    specialArgs = { inherit phps winboat; };
+    specialArgs = { inherit phps; };
  };
  astral = nixosSystem {
    system = "x86_64-linux";
--- a/hosts/marauder/default.nix
+++ b/hosts/marauder/default.nix
@ -1,4 +1,4 @@
-{ pkgs, nixosModules, phps, agenix, winboat, ... }:
+{ pkgs, nixosModules, phps, agenix, ... }:
 let
  fortune = pkgs.writeShellScript "cgi" ''
    echo "Content-type: text/html"
@ -76,6 +76,7 @@ in {
    };
    kernelModules = [ "kvm-amd" ];
    kernelParams = [ "amd_pstate=active" ];
+    binfmt.emulatedSystems = [ "aarch64-linux" ];
  };

  hardware = {
@ -102,7 +103,7 @@ in {
  environment.systemPackages = with pkgs; [
    # Chat clients
    discord
-    element-desktop
+    cinny-desktop
    signal-desktop
    slack
    telegram-desktop
@ -119,6 +120,7 @@ in {
    krita
    openscad-unstable
    orca-slicer
+    plasticity

    # Multimedia
    ffcheck
@ -132,6 +134,8 @@ in {

    # Dev Tools
    fossil
+    just
+    kondo
    nixd
    nixfmt-classic
    nixpkgs-fmt
@ -149,7 +153,6 @@ in {
    dig
    htop
    jq
-    just
    unzip
    zip

@ -157,14 +160,17 @@ in {
    mullvad-vpn
    qbittorrent

+    # Utility Apps
+    baobab
+    gparted
+    system-config-printer
+
    # Misc
    gcc
    intiface-central
    openssl
    pkg-config
    prismlauncher
-    system-config-printer
-    winboat.packages.x86_64-linux.winboat
  ];

  programs.git = {
--- a/secrets.nix
+++ b/secrets.nix
@ -13,4 +13,5 @@ in {
  "hosts/astral/secrets/vaultwarden-env.age".publicKeys = [ marauder astral ];
  "hosts/astral/secrets/forgejo-mailer-password.age".publicKeys =
    [ marauder astral ];
+  "hosts/astral/secrets/radicale-htpasswd".publicKeys = [ marauder astral ];
 }
Author	SHA1	Message	Date
Nettika	55a68c21da	Enable arch64 emulation on marauder	2025-10-16 07:21:05 -07:00
Nettika	5e6167ece8	Add various apps to marauder	2025-10-15 22:07:26 -07:00
Nettika	d6ef606632	Remove winboat from marauder	2025-10-15 22:05:17 -07:00
Nettika	39f73ef2f2	Use caddy-exec to handling Forgejo webhooks on astral	2025-10-15 17:43:36 -07:00
Nettika	01015c19b9	Setup radicale on astral	2025-10-15 14:29:17 -07:00