flake.nix

@@ -28,46 +28,46 @@
     };
   };
 
-  outputs = flakes @ {
+  outputs =
-    self,
+    flakes@{ self
-    nixpkgs,
+    , nixpkgs
-    unstable,
+    , unstable
-    home-manager,
+    , home-manager
-    impermanence,
+    , impermanence
-    flake-utils,
+    , flake-utils
-    vpsadminos,
+    , vpsadminos
-    homepage,
+    , homepage
-    conduwuit,
+    , conduwuit
-    mediawikiSkinCitizen,
+    , mediawikiSkinCitizen
-  }: let
+    }:
-    system = "x86_64-linux";
+    let
+      system = "x86_64-linux";
 
-    pkgs = importPkgs nixpkgs;
+      pkgs = importPkgs nixpkgs;
 
-    importPkgs = flake:
+      importPkgs = flake: import flake {
-      import flake {
         inherit system;
 
         config = import ./pkgs/config nixpkgs.lib;
-        overlays = [self.overlays.default];
+        overlays = [ self.overlays.default ];
       };
 
-    local = import ./pkgs;
+      local = import ./pkgs;
-  in
+    in
     with pkgs.lib; {
-      formatter.${system} = pkgs.alejandra;
+      formatter.${system} = pkgs.nixpkgs-fmt;
       packages.${system} = pkgs.local;
 
-      overlays.default = final: prev: let
+      overlays.default = final: prev:
-        locals = local {
+        let
-          inherit final prev flakes;
+          locals = local {
-        };
+            inherit final prev flakes;
-      in
+          };
+        in
         {
           local = locals;
           unstable = importPkgs unstable;
-        }
+        } // locals.override;
-        // locals.override;
 
       nixosConfigurations.vps = makeOverridable nixpkgs.lib.nixosSystem {
         inherit pkgs system;
@@ -80,3 +80,4 @@
       };
     };
 }
+

pkgs/config/default.nix

@@ -1 +1 @@
-lib: {}
+lib: { }

pkgs/default.nix

@@ -1,9 +1,5 @@
-{
+{ final, prev, flakes }: {
-  final,
-  prev,
-  flakes,
-}: {
   homepage = flakes.homepage.packages.${final.system}.default;
 
-  override = {};
+  override = { };
 }

sys/default.nix

@@ -1,11 +1,6 @@
+{ config, pkgs, lib, flakes, ... }:
+with lib;
 {
-  config,
-  pkgs,
-  lib,
-  flakes,
-  ...
-}:
-with lib; {
   imports = [
     flakes.vpsadminos.nixosConfigurations.container
     flakes.home-manager.nixosModules.home-manager
@@ -27,7 +22,7 @@ with lib; {
     useGlobalPkgs = true;
     useUserPackages = true;
 
-    extraSpecialArgs = {inherit flakes;};
+    extraSpecialArgs = { inherit flakes; };
 
     users.fabian = {
       imports = [
@@ -61,8 +56,8 @@ with lib; {
       uid = 1000;
       group = "fabian";
       shell = pkgs.zsh;
-      extraGroups = ["users" "wheel" "networkmanager" "dialout" "libvirtd"];
+      extraGroups = [ "users" "wheel" "networkmanager" "dialout" "libvirtd" ];
-      openssh.authorizedKeys.keyFiles = [../pki/fabian.pub];
+      openssh.authorizedKeys.keyFiles = [ "${flakes.self}/pki/fabian.pub" ];
     };
     groups.fabian.gid = 1000;
   };
@@ -80,13 +75,13 @@ with lib; {
     "/mnt/export2008" = {
       device = "172.16.129.19:/nas/5876";
       fsType = "nfs";
-      options = ["nofail" "noatime"];
+      options = [ "nofail" "noatime" ];
     };
 
     "/mnt/export2011" = {
       device = "172.16.129.151:/nas/5876/bepasty";
       fsType = "nfs";
-      options = ["nofail" "noatime" "noexec"];
+      options = [ "nofail" "noatime" "noexec" ];
     };
   };
 

sys/home/cli.nix

@@ -1,9 +1,6 @@
+{ lib, pkgs, ... }:
+with lib;
 {
-  lib,
-  pkgs,
-  ...
-}:
-with lib; {
   programs = {
     zsh = {
       enable = true;
@@ -16,14 +13,15 @@ with lib; {
     };
     neovim.enable = true;
   };
-  home.packages = with pkgs; [
+  home.packages = with pkgs;
-    file
+    [
-    htop
+      file
-    killall
+      htop
-    man-pages
+      killall
-    man-pages-posix
+      man-pages
-    tree
+      man-pages-posix
-    zip
+      tree
-    unzip
+      zip
-  ];
+      unzip
+    ];
 }

sys/home/default.nix

@@ -1,11 +1,7 @@
+{ config, pkgs, lib, flakes, ... }:
+with lib;
 {
-  config,
+
-  pkgs,
-  lib,
-  flakes,
-  ...
-}:
-with lib; {
   imports = [
     ./cli.nix
   ];

sys/srv/bepasty.nix

@@ -1,10 +1,8 @@
+{ lib, pkgs, ... }:
+with lib;
 {
-  lib,
-  pkgs,
-  ...
-}:
-with lib; {
   services = {
+
     nginx = {
       virtualHosts."send.posixlycorrect.com" = {
         enableACME = true;
@@ -12,10 +10,11 @@ with lib; {
         extraConfig = ''
           proxy_headers_hash_max_size 512;
           proxy_headers_hash_bucket_size 128;
-        '';
+          	    '';
         locations."/" = {
           proxyPass = "http://127.0.0.1:8989";
         };
+
       };
     };
 

sys/srv/default.nix

@@ -1,11 +1,6 @@
+{ config, pkgs, lib, flakes, ... }:
+with lib;
 {
-  config,
-  pkgs,
-  lib,
-  flakes,
-  ...
-}:
-with lib; {
   imports = [
     ./net.nix
     ./mediawiki.nix

sys/srv/forgejo.nix

@@ -1,9 +1,6 @@
+{ config, lib, ... }:
+with lib;
 {
-  config,
-  lib,
-  ...
-}:
-with lib; {
   config = {
     environment.etc."fail2ban/filter.d/gitea.local".text = ''
       [Definition]
@@ -19,7 +16,7 @@ with lib; {
           extraConfig = ''
             proxy_headers_hash_max_size 512;
             proxy_headers_hash_bucket_size 128;
-          '';
+            	    '';
           locations."/".proxyPass = "http://localhost:9170";
         };
       };

sys/srv/jellyfin.nix

@@ -1,10 +1,9 @@
+{ lib, pkgs, ... }:
+with lib;
 {
-  lib,
+
-  pkgs,
-  ...
-}:
-with lib; {
   services = {
+
     nginx = {
       virtualHosts."stream.posixlycorrect.com" = {
         enableACME = true;
@@ -12,7 +11,7 @@ with lib; {
         extraConfig = ''
           proxy_headers_hash_max_size 512;
           proxy_headers_hash_bucket_size 128;
-        '';
+          	    '';
         locations."/" = {
           proxyPass = "http://localhost:8096";
         };

sys/srv/jitsi.nix

@@ -1,10 +1,9 @@
+{ lib, pkgs, flakes, ... }:
+with lib;
 {
-  lib,
+
-  pkgs,
-  ...
-}:
-with lib; {
   services = {
+
     nginx = {
       virtualHosts."meet.posixlycorrect.com" = {
         enableACME = true;
@@ -12,10 +11,10 @@ with lib; {
         extraConfig = ''
           proxy_headers_hash_max_size 512;
           proxy_headers_hash_bucket_size 128;
-
+        
             ssl_verify_depth 1;
             ssl_verify_client on;
-            ssl_client_certificate ${../../pki/gatekeeper_ca.pem};
+            ssl_client_certificate ${flakes.self}/pki/gatekeeper_ca.pem;
             if ($ssl_client_verify != "SUCCESS") {
               return 403;
             }
@@ -23,6 +22,7 @@ with lib; {
       };
     };
 
+
     jitsi-meet = {
       enable = true;
       hostName = "meet.posixlycorrect.com";

sys/srv/kuma.nix

@@ -1,9 +1,6 @@
+{ lib, pkgs, ... }:
+with lib;
 {
-  lib,
-  pkgs,
-  ...
-}:
-with lib; {
   services = {
     nginx = {
       virtualHosts."status.posixlycorrect.com" = {
@@ -12,7 +9,7 @@ with lib; {
         extraConfig = ''
           proxy_headers_hash_max_size 512;
           proxy_headers_hash_bucket_size 128;
-        '';
+          	    '';
         locations."/" = {
           proxyPass = "http://127.0.0.1:4456";
         };

sys/srv/matrix.nix

@@ -1,14 +1,10 @@
-{
+{ lib, pkgs, config, flakes, ... }:
-  lib,
+with lib;
-  pkgs,
+let
-  config,
-  flakes,
-  ...
-}:
-with lib; let
   subdomain = "matrix.posixlycorrect.com";
   baseUrl = "https://${subdomain}";
-in {
+in
+{
   # ver https://nixos.org/manual/nixos/stable/#module-services-matrix
   services = {
     matrix-conduit = {
@@ -27,32 +23,37 @@ in {
       };
     };
 
-    nginx.virtualHosts = let
+    nginx.virtualHosts =
-      clientConfig."m.homeserver".base_url = baseUrl;
+      let
-      serverConfig."m.server" = "${subdomain}:443";
+        clientConfig."m.homeserver".base_url = baseUrl;
-      mkWellKnown = data: ''
+        serverConfig."m.server" = "${subdomain}:443";
-        default_type application/json;
+        mkWellKnown = data: ''
-        add_header Access-Control-Allow-Origin *;
+          default_type application/json;
-        return 200 '${builtins.toJSON data}';
+          add_header Access-Control-Allow-Origin *;
-      '';
+          return 200 '${builtins.toJSON data}';
-    in {
-      "posixlycorrect.com" = {
-        locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
-        locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;
-      };
-      "${subdomain}" = {
-        enableACME = true;
-        forceSSL = true;
-        extraConfig = ''
-          proxy_headers_hash_max_size 512;
-          proxy_headers_hash_bucket_size 128;
         '';
-        locations."/".extraConfig = ''
+      in
-          return 403;
+      {
-        '';
+        "posixlycorrect.com" = {
-        locations."/_matrix".proxyPass = "http://[::1]:6167";
+          locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
-        locations."/_synapse/client".proxyPass = "http://[::1]:6167";
+          locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;
+        };
+        "${subdomain}" = {
+          enableACME = true;
+          forceSSL = true;
+          extraConfig = ''
+            proxy_headers_hash_max_size 512;
+            proxy_headers_hash_bucket_size 128;
+            	    '';
+          locations."/".extraConfig = ''
+            return 403;
+          '';
+          locations."/_matrix".proxyPass = "http://[::1]:6167";
+          locations."/_synapse/client".proxyPass = "http://[::1]:6167";
+
+        };
       };
-    };
+
+
   };
 }

sys/srv/mediawiki.nix

@@ -1,10 +1,6 @@
+{ lib, pkgs, flakes, ... }:
+with lib;
 {
-  lib,
-  pkgs,
-  flakes,
-  ...
-}:
-with lib; {
   services = {
     nginx = {
       virtualHosts."wiki.posixlycorrect.com" = {
@@ -13,7 +9,7 @@ with lib; {
         extraConfig = ''
           proxy_headers_hash_max_size 512;
           proxy_headers_hash_bucket_size 128;
-        '';
+          	    '';
       };
     };
     mediawiki = {

sys/srv/msmtp.nix

@@ -1,12 +1,9 @@
+{ lib, pkgs, ... }:
+with lib;
 {
-  lib,
-  pkgs,
-  ...
-}:
-with lib; {
   users.groups = {
     mailsenders = {
-      members = ["fabian" "mediawiki"];
+      members = [ "fabian" "mediawiki" ];
     };
   };
 

sys/srv/net.nix

@@ -1,14 +1,11 @@
+{ lib, pkgs, ... }:
+with lib;
 {
-  lib,
-  pkgs,
-  ...
-}:
-with lib; {
   networking = {
     nftables.enable = true;
     firewall = {
       enable = true;
-      allowedTCPPorts = [80 443];
+      allowedTCPPorts = [ 80 443 ];
     };
     domain = "posixlycorrect.com";
   };
@@ -39,7 +36,7 @@ with lib; {
     fail2ban = {
       enable = true;
       bantime = "10m";
-      ignoreIP = ["37.205.12.34"]; # Never ban the server's own IP
+      ignoreIP = [ "37.205.12.34" ]; # Never ban the server's own IP
       bantime-increment = {
         enable = true;
         formula = "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)";

sys/srv/vaultwarden.nix

@@ -1,9 +1,6 @@
+{ config, lib, ... }:
+with lib;
 {
-  config,
-  lib,
-  ...
-}:
-with lib; {
   services = {
     nginx = {
       virtualHosts."vault.posixlycorrect.com" = {
@@ -12,7 +9,7 @@ with lib; {
         extraConfig = ''
           proxy_headers_hash_max_size 512;
           proxy_headers_hash_bucket_size 128;
-        '';
+          	    '';
         locations."/".proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}";
       };
     };
@@ -20,13 +17,11 @@ with lib; {
     #fail2ban.jails.gitea.settings = { };
 
     postgresql = {
-      ensureDatabases = ["vaultwarden"];
+      ensureDatabases = [ "vaultwarden" ];
-      ensureUsers = [
+      ensureUsers = [{
-        {
+        name = "vaultwarden";
-          name = "vaultwarden";
+        ensureDBOwnership = true;
-          ensureDBOwnership = true;
+      }];
-        }
-      ];
     };
 
     vaultwarden = {