Enable arch64 emulation on marauder

Add various apps to marauder
Remove winboat from marauder
2025-10-16 07:21:05 -07:00 · 2025-10-15 22:07:26 -07:00 · 2025-10-15 22:05:17 -07:00 · 2025-10-15 17:43:36 -07:00 · 2025-10-15 14:29:17 -07:00
9 changed files with 43 additions and 173 deletions
--- a/flake.lock
+++ b/flake.lock
@ -98,22 +98,6 @@
        "type": "github"
      }
    },
    "nixpkgs_2": {
      "locked": {
        "lastModified": 1758690382,
        "narHash": "sha256-NY3kSorgqE5LMm1LqNwGne3ZLMF2/ILgLpFr1fS4X3o=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "e643668fd71b949c53f8626614b21ff71a07379d",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixos-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "phps": {
      "inputs": {
        "flake-compat": "flake-compat",
@ -140,8 +124,7 @@
      "inputs": {
        "agenix": "agenix",
        "nixpkgs": "nixpkgs",
-        "phps": "phps",
+        "phps": "phps"
        "winboat": "winboat"
      }
    },
    "systems": {
@ -191,24 +174,6 @@
        "repo": "flake-utils",
        "type": "github"
      }
    },
    "winboat": {
      "inputs": {
        "nixpkgs": "nixpkgs_2"
      },
      "locked": {
        "lastModified": 1760183562,
        "narHash": "sha256-lauscAI61WXjLTuGiRDMUAEeTqvOTSWhRoHDaor5sfE=",
        "owner": "TibixDev",
        "repo": "winboat",
        "rev": "ae60de6c2cba7a2001fef1027d5c2e06614e6904",
        "type": "github"
      },
      "original": {
        "owner": "TibixDev",
        "repo": "winboat",
        "type": "github"
      }
    }
  },
  "root": "root",
--- a/flake.nix
+++ b/flake.nix
@ -11,7 +11,6 @@
      url = "github:ryantm/agenix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    winboat.url = "github:TibixDev/winboat";
  };
  outputs = inputs: {
--- a/hosts/astral/links.nix
+++ b/hosts/astral/links.nix
@ -1,39 +1,21 @@
-{ pkgs, ... }:
+{ pkgs, lib, ... }:
 let
  domain = "nettika.leaf.ninja";
  root = "/srv/links";
  webhookHandler = pkgs.writeScript "webhook-handler.py" ''
    #!${pkgs.python3}/bin/python3
    import http.server
    import socketserver
    import subprocess
    import os
    class WebhookHandler(http.server.SimpleHTTPRequestHandler):
        def do_POST(self):
            os.chdir('${root}')
            subprocess.run(['${pkgs.git}/bin/git', 'pull'], check=True)
            self.send_response(200)
            self.end_headers()
            self.wfile.write(b'OK')
    with socketserver.TCPServer(("127.0.0.1", 8081), WebhookHandler) as httpd:
        httpd.serve_forever()
  '';
 in {
-  # systemd.services.links-webhook = {
+  services.caddy.virtualHosts = {
-  #   wantedBy = [ "multi-user.target" ];
+    ${domain}.extraConfig = ''
-  #   after = [ "network.target" ];
+      root * ${root}
-  #   serviceConfig = {
+      file_server
-  #     Type = "simple";
+    '';
-  #     ExecStart = "${pkgs.python3}/bin/python3 ${webhookHandler}";
+    "http://localhost:8081".extraConfig = let git = lib.getExe pkgs.git;
-  #     Restart = "always";
+    in ''
-  #   };
+      route {
-  # };
+        exec {
-
+          command ${git} pull --rebase 
-  services.caddy.virtualHosts.${domain}.extraConfig = ''
+          directory ${root}
-    root * ${root}
+        }
-    file_server
+      }
-  '';
+    '';
  };
 }
--- a/hosts/astral/radicale.nix
+++ b/hosts/astral/radicale.nix
@ -1,24 +1,10 @@
-{ pkgs, config, lib, ... }:
+{ config, ... }:
 let domain = "radicale.leaf.ninja";
 in {
-  users.users.radicale-sync = {
+  age.secrets.radicale-htpasswd = {
-    isSystemUser = true;
+    file = ./secrets/radicale-htpasswd;
-    group = "radicale-sync";
+    mode = "400";
-  };
+    owner = "radicale";
  users.groups.radicale-sync = { };
  age.secrets = {
    radicale-htpasswd = {
      file = ./secrets/radicale-htpasswd;
      mode = "400";
      owner = "radicale";
    };
    radicale-sync-secrets = {
      file = ./secrets/radicale-sync-secrets.fish;
      mode = "400";
      owner = "radicale-sync";
    };
  };
  services.radicale = {
@ -31,70 +17,9 @@ in {
        htpasswd_encryption = "plain";
      };
    };
    rights = {
      root = {
        user = ".+";
        collection = "";
        permissions = "R";
      };
      principal = {
        user = ".+";
        collection = "{user}";
        permissions = "RW";
      };
      calendars = {
        user = ".+";
        collection = "{user}/[^/]+";
        permissions = "rw";
      };
      remote = {
        user = ".+";
        collection = "remote/.+";
        permissions = "r";
      };
    };
  };
  services.caddy.virtualHosts.${domain}.extraConfig = ''
    reverse_proxy localhost:5232
  '';
  systemd.timers.radicale-sync = {
    wantedBy = [ "timers.target" ];
    timerConfig = {
      OnBootSec = "5min";
      OnCalendar = "*-*-* *:0/4:00";
    };
  };
  systemd.services.radicale-sync = let
    radicaleUrl = "http://localhost:5232";
    remoteCollections = [{
      collection = "devhack";
      url = "https://devhack.net/calendar.ics";
    }];
    remoteCollectionsFile = pkgs.writers.writeText "remote-collections"
      (lib.concatMapStringsSep "\n"
        ({ collection, url }: "${collection} ${url}") remoteCollections);
    syncScript = pkgs.writers.writeFish "sync.fish" ''
      alias curl ${lib.getExe pkgs.curl}
      source ${config.age.secrets.radicale-sync-secrets.path}
      while read -l name url
        set tempfile (mktemp)
        curl -sf $url -o $tempfile
        curl -sf -u "remote:$password" \
             -X PUT "${radicaleUrl}/remote/$name" \
             -H 'Content-Type: text/calendar; charset=utf-8' \
             --data-binary @$tempfile
        echo "Uploaded $name"
      end < ${remoteCollectionsFile}
    '';
  in {
    serviceConfig = {
      Type = "oneshot";
      User = "radicale-sync";
      Group = "radicale-sync";
      ExecStart = syncScript;
    };
  };
 }
--- a/hosts/astral/secrets/radicale-htpasswd
+++ b/hosts/astral/secrets/radicale-htpasswd
@ -1,7 +1,9 @@
 age-encryption.org/v1
-> ssh-ed25519 f+PJrQ iGtaCi4amFijPCydakWm6qo6eYPiRHp5Rrr7TpnRLxo
+-> ssh-ed25519 f+PJrQ pKqLrqz0R7kAzNQZ3ChRsoWa63JEN2H2KHtGguF5nSc
-MiFAmPkU9gDBYdNqGA9CdYike2n780nQ7o8nAZ0GGtE
+6Mk1qDWKx26jPdEzaVMh0vgUeVWjAGcmIPpvSU8BFNE
-> ssh-ed25519 nz/vnw FiTGU3HNakVR1VNVyUPdiu+WhEMf9t/ONBgoQRILExA
+-> ssh-ed25519 nz/vnw 0PuVNQ97Qa6iCk4pPf34lgS1aPb4CeDB4Qclk5F24T4
-TjDSkxA6z1ovqu2mA0G1UY1k29f35HFHDZQWA90XSzM
+OwJOYMTlTY9+Pj/BwG09z4q2/QViii710Kh3xPU5FRA
--- WK1KjkiLaqH1jN3zIgetSHEe5xEddBYjlt3Qu5Z/Bcg
+--- mSdutlC3gFq8lDjeOGqi361i+DUI1Yg6Bpl7hCfznJA
-„™æ¤Ï¹%sçlmaæ†á@OÔ§ë>
K<ç(<28>š†©CoÕ6ªhÓ–LÁëÉ (ö_›h”ð¶R2ð²ÈŠ"®znp/M¿W}—æÕLò‘‰‘Nàe»ª˜%²’ÂCÌº•¡7?#jè3—Ò‹G? Ã<>X{V%Ym¯æ 
lf™Õ
+“ÜtQÆ/í rNeKeíé¸Ñ¥Äè~ˆý¾×Ÿ{_¡o
 y_Ü}‹¸Ã»P*W5<57>»´õFû.ECø¡‘Z©å#;
 £¢ð§Ûli…Ô§±*´Î]yT
--- a/hosts/astral/secrets/radicale-sync-secrets.fish
+++ b/hosts/astral/secrets/radicale-sync-secrets.fish
@ -1,7 +0,0 @@
 age-encryption.org/v1
 -> ssh-ed25519 f+PJrQ f+4sexgdKNmdc7DQe3h6v8CveCiHN+dLFX0vdMzBOBQ
 /nSP3nPNdxKjOUIn0xzH/ht4QC68aMxCLplP8kIeKr4
 -> ssh-ed25519 nz/vnw ejIzeXNfCDxPhho7426oR6WQWlJxDprp1j90lgCGnmM
 yaq9bU726x5xtHhK7ZQc1Onlg681cSQsSxSCRU/GBAU
 --- UT7B9uDmsNJwTLroGj+JQdKbsOHhgSnnlhMru4tY7/M
 uKÒ¿Tiö,®Mß`‚ø“S4<EFBFBD>÷~–š™6Ï’¿jÓÑçÒ«9Õï$H0dô¡?ñ<>ÒpƒXV%ÙIËJØ˜ "Ò¾dËùâÓWO¹ÓÄ
--- a/hosts/default.nix
+++ b/hosts/default.nix
@ -1,4 +1,4 @@
-{ self, nixpkgs, phps, agenix, winboat }:
+{ self, nixpkgs, phps, agenix }:
 let
  baseSpecialArgs = {
    inherit (self) nixosModules;
@ -11,7 +11,7 @@ in {
  marauder = nixosSystem {
    system = "x86_64-linux";
    modules = [ ./marauder ];
-    specialArgs = { inherit phps winboat; };
+    specialArgs = { inherit phps; };
  };
  astral = nixosSystem {
    system = "x86_64-linux";
--- a/hosts/marauder/default.nix
+++ b/hosts/marauder/default.nix
@ -1,4 +1,4 @@
-{ pkgs, nixosModules, phps, agenix, winboat, ... }:
+{ pkgs, nixosModules, phps, agenix, ... }:
 let
  fortune = pkgs.writeShellScript "cgi" ''
    echo "Content-type: text/html"
@ -76,6 +76,7 @@ in {
    };
    kernelModules = [ "kvm-amd" ];
    kernelParams = [ "amd_pstate=active" ];
    binfmt.emulatedSystems = [ "aarch64-linux" ];
  };
  hardware = {
@ -102,7 +103,7 @@ in {
  environment.systemPackages = with pkgs; [
    # Chat clients
    discord
-    element-desktop
+    cinny-desktop
    signal-desktop
    slack
    telegram-desktop
@ -119,6 +120,7 @@ in {
    krita
    openscad-unstable
    orca-slicer
    plasticity
    # Multimedia
    ffcheck
@ -132,6 +134,8 @@ in {
    # Dev Tools
    fossil
    just
    kondo
    nixd
    nixfmt-classic
    nixpkgs-fmt
@ -149,7 +153,6 @@ in {
    dig
    htop
    jq
    just
    unzip
    zip
@ -157,14 +160,17 @@ in {
    mullvad-vpn
    qbittorrent
    # Utility Apps
    baobab
    gparted
    system-config-printer
    # Misc
    gcc
    intiface-central
    openssl
    pkg-config
    prismlauncher
    system-config-printer
    winboat.packages.x86_64-linux.winboat
  ];
  programs.git = {
--- a/secrets.nix
+++ b/secrets.nix
@ -14,6 +14,4 @@ in {
  "hosts/astral/secrets/forgejo-mailer-password.age".publicKeys =
    [ marauder astral ];
  "hosts/astral/secrets/radicale-htpasswd".publicKeys = [ marauder astral ];
  "hosts/astral/secrets/radicale-sync-secrets.fish".publicKeys =
    [ marauder astral ];
 }
Author	SHA1	Message	Date
Nettika	55a68c21da	Enable arch64 emulation on marauder	2025-10-16 07:21:05 -07:00
Nettika	5e6167ece8	Add various apps to marauder	2025-10-15 22:07:26 -07:00
Nettika	d6ef606632	Remove winboat from marauder	2025-10-15 22:05:17 -07:00
Nettika	39f73ef2f2	Use caddy-exec to handling Forgejo webhooks on astral	2025-10-15 17:43:36 -07:00
Nettika	01015c19b9	Setup radicale on astral	2025-10-15 14:29:17 -07:00