Enable arch64 emulation on marauder

Add various apps to marauder
Remove winboat from marauder
2025-10-16 07:21:05 -07:00 · 2025-10-15 22:07:26 -07:00 · 2025-10-15 22:05:17 -07:00 · 2025-10-15 17:43:36 -07:00 · 2025-10-15 14:29:17 -07:00
9 changed files with 70 additions and 77 deletions
--- a/flake.lock
+++ b/flake.lock
@ -98,22 +98,6 @@
        "type": "github"
      }
    },
    "nixpkgs_2": {
      "locked": {
        "lastModified": 1758690382,
        "narHash": "sha256-NY3kSorgqE5LMm1LqNwGne3ZLMF2/ILgLpFr1fS4X3o=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "e643668fd71b949c53f8626614b21ff71a07379d",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixos-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "phps": {
      "inputs": {
        "flake-compat": "flake-compat",
@ -140,8 +124,7 @@
      "inputs": {
        "agenix": "agenix",
        "nixpkgs": "nixpkgs",
-        "phps": "phps",
+        "phps": "phps"
        "winboat": "winboat"
      }
    },
    "systems": {
@ -191,24 +174,6 @@
        "repo": "flake-utils",
        "type": "github"
      }
    },
    "winboat": {
      "inputs": {
        "nixpkgs": "nixpkgs_2"
      },
      "locked": {
        "lastModified": 1760183562,
        "narHash": "sha256-lauscAI61WXjLTuGiRDMUAEeTqvOTSWhRoHDaor5sfE=",
        "owner": "TibixDev",
        "repo": "winboat",
        "rev": "ae60de6c2cba7a2001fef1027d5c2e06614e6904",
        "type": "github"
      },
      "original": {
        "owner": "TibixDev",
        "repo": "winboat",
        "type": "github"
      }
    }
  },
  "root": "root",
--- a/flake.nix
+++ b/flake.nix
@ -11,7 +11,6 @@
      url = "github:ryantm/agenix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    winboat.url = "github:TibixDev/winboat";
  };
  outputs = inputs: {
--- a/hosts/astral/default.nix
+++ b/hosts/astral/default.nix
@ -7,6 +7,7 @@
    agenix.nixosModules.default
    ./forgejo.nix
    ./links.nix
    ./radicale.nix
    ./vaultwarden.nix
  ];
@ -35,6 +36,11 @@
  services.caddy = {
    enable = true;
    package = pkgs.caddy.withPlugins {
      plugins =
        [ "github.com/abiosoft/caddy-exec@v0.0.0-20240914124740-521d8736cb4d" ];
      hash = "sha256-ef6/x7wjKk0axjX6MfAzTTwPM2FTOTSSyI9zLLrczV0=";
    };
    virtualHosts = {
      "astral.leaf.ninja".extraConfig = ''
        respond "astral is online"
--- a/hosts/astral/links.nix
+++ b/hosts/astral/links.nix
@ -1,39 +1,21 @@
-{ pkgs, ... }:
+{ pkgs, lib, ... }:
 let
  domain = "nettika.leaf.ninja";
  root = "/srv/links";
  webhookHandler = pkgs.writeScript "webhook-handler.py" ''
    #!${pkgs.python3}/bin/python3
    import http.server
    import socketserver
    import subprocess
    import os
    class WebhookHandler(http.server.SimpleHTTPRequestHandler):
        def do_POST(self):
            os.chdir('${root}')
            subprocess.run(['${pkgs.git}/bin/git', 'pull'], check=True)
            self.send_response(200)
            self.end_headers()
            self.wfile.write(b'OK')
    with socketserver.TCPServer(("127.0.0.1", 8081), WebhookHandler) as httpd:
        httpd.serve_forever()
  '';
 in {
-  systemd.services.links-webhook = {
+  services.caddy.virtualHosts = {
-    wantedBy = [ "multi-user.target" ];
+    ${domain}.extraConfig = ''
-    after = [ "network.target" ];
+      root * ${root}
-    serviceConfig = {
+      file_server
-      Type = "simple";
+    '';
-      ExecStart = "${pkgs.python3}/bin/python3 ${webhookHandler}";
+    "http://localhost:8081".extraConfig = let git = lib.getExe pkgs.git;
-      Restart = "always";
+    in ''
-    };
+      route {
        exec {
          command ${git} pull --rebase 
          directory ${root}
        }
      }
    '';
  };
  services.caddy.virtualHosts.${domain}.extraConfig = ''
    root * ${root}
    file_server
  '';
 }
--- a/hosts/astral/radicale.nix
+++ b/hosts/astral/radicale.nix
@ -0,0 +1,25 @@
 { config, ... }:
 let domain = "radicale.leaf.ninja";
 in {
  age.secrets.radicale-htpasswd = {
    file = ./secrets/radicale-htpasswd;
    mode = "400";
    owner = "radicale";
  };
  services.radicale = {
    enable = true;
    settings = {
      server.hosts = [ "localhost:5232" ];
      auth = {
        type = "htpasswd";
        htpasswd_filename = config.age.secrets.radicale-htpasswd.path;
        htpasswd_encryption = "plain";
      };
    };
  };
  services.caddy.virtualHosts.${domain}.extraConfig = ''
    reverse_proxy localhost:5232
  '';
 }
--- a/hosts/astral/secrets/radicale-htpasswd
+++ b/hosts/astral/secrets/radicale-htpasswd
@ -0,0 +1,9 @@
 age-encryption.org/v1
 -> ssh-ed25519 f+PJrQ pKqLrqz0R7kAzNQZ3ChRsoWa63JEN2H2KHtGguF5nSc
 6Mk1qDWKx26jPdEzaVMh0vgUeVWjAGcmIPpvSU8BFNE
 -> ssh-ed25519 nz/vnw 0PuVNQ97Qa6iCk4pPf34lgS1aPb4CeDB4Qclk5F24T4
 OwJOYMTlTY9+Pj/BwG09z4q2/QViii710Kh3xPU5FRA
 --- mSdutlC3gFq8lDjeOGqi361i+DUI1Yg6Bpl7hCfznJA
 “ÜtQÆ/í rNeKeíé¸Ñ¥Äè~ˆý¾×Ÿ{_¡o
 y_Ü}‹¸Ã»P*W5<57>»´õFû.ECø¡‘Z©å#;
 £¢ð§Ûli…Ô§±*´Î]yT
--- a/hosts/default.nix
+++ b/hosts/default.nix
@ -1,4 +1,4 @@
-{ self, nixpkgs, phps, agenix, winboat }:
+{ self, nixpkgs, phps, agenix }:
 let
  baseSpecialArgs = {
    inherit (self) nixosModules;
@ -11,7 +11,7 @@ in {
  marauder = nixosSystem {
    system = "x86_64-linux";
    modules = [ ./marauder ];
-    specialArgs = { inherit phps winboat; };
+    specialArgs = { inherit phps; };
  };
  astral = nixosSystem {
    system = "x86_64-linux";
--- a/hosts/marauder/default.nix
+++ b/hosts/marauder/default.nix
@ -1,4 +1,4 @@
-{ pkgs, nixosModules, phps, agenix, winboat, ... }:
+{ pkgs, nixosModules, phps, agenix, ... }:
 let
  fortune = pkgs.writeShellScript "cgi" ''
    echo "Content-type: text/html"
@ -76,6 +76,7 @@ in {
    };
    kernelModules = [ "kvm-amd" ];
    kernelParams = [ "amd_pstate=active" ];
    binfmt.emulatedSystems = [ "aarch64-linux" ];
  };
  hardware = {
@ -102,7 +103,7 @@ in {
  environment.systemPackages = with pkgs; [
    # Chat clients
    discord
-    element-desktop
+    cinny-desktop
    signal-desktop
    slack
    telegram-desktop
@ -119,6 +120,7 @@ in {
    krita
    openscad-unstable
    orca-slicer
    plasticity
    # Multimedia
    ffcheck
@ -132,6 +134,8 @@ in {
    # Dev Tools
    fossil
    just
    kondo
    nixd
    nixfmt-classic
    nixpkgs-fmt
@ -149,7 +153,6 @@ in {
    dig
    htop
    jq
    just
    unzip
    zip
@ -157,14 +160,17 @@ in {
    mullvad-vpn
    qbittorrent
    # Utility Apps
    baobab
    gparted
    system-config-printer
    # Misc
    gcc
    intiface-central
    openssl
    pkg-config
    prismlauncher
    system-config-printer
    winboat.packages.x86_64-linux.winboat
  ];
  programs.git = {
--- a/secrets.nix
+++ b/secrets.nix
@ -13,4 +13,5 @@ in {
  "hosts/astral/secrets/vaultwarden-env.age".publicKeys = [ marauder astral ];
  "hosts/astral/secrets/forgejo-mailer-password.age".publicKeys =
    [ marauder astral ];
  "hosts/astral/secrets/radicale-htpasswd".publicKeys = [ marauder astral ];
 }
Author	SHA1	Message	Date
Nettika	55a68c21da	Enable arch64 emulation on marauder	2025-10-16 07:21:05 -07:00
Nettika	5e6167ece8	Add various apps to marauder	2025-10-15 22:07:26 -07:00
Nettika	d6ef606632	Remove winboat from marauder	2025-10-15 22:05:17 -07:00
Nettika	39f73ef2f2	Use caddy-exec to handling Forgejo webhooks on astral	2025-10-15 17:43:36 -07:00
Nettika	01015c19b9	Setup radicale on astral	2025-10-15 14:29:17 -07:00