From e4eb342725b1dbdd241010ce7c01e4f0eac66d11 Mon Sep 17 00:00:00 2001 From: Alejandro Soto Date: Mon, 25 Aug 2025 23:25:25 -0600 Subject: [PATCH 1/5] trivionomicon/flake: make 'mkSystem' available to library users --- flake.nix | 43 +++++++++++++++++++++++++++---------------- 1 file changed, 27 insertions(+), 16 deletions(-) diff --git a/flake.nix b/flake.nix index f2ee049..5fa2d1d 100644 --- a/flake.nix +++ b/flake.nix @@ -164,24 +164,12 @@ } // optionalAttrs (paths ? nixosSource) { nixosConfigurations = let - nixosSystem = {modules}: - lib.makeOverridable nixpkgs.lib.nixosSystem { - inherit modules pkgs system; - - specialArgs = { - inherit flakes; - - doctrine = mkDoctrine { - inherit pkgs; - namespace = "sys"; - }; - }; - }; - hostConfig = platform: - nixosSystem { + self.lib.mkSystem { + inherit flakes pkgs; + doctrine = doctrineNoPkgs; + modules = [ - self.nixosModules.default nixosSourcePath platform ]; @@ -213,6 +201,29 @@ in lib.mapAttrs home (importAll {root = hmPlatformsPath;}); }; + + mkSystem = { + pkgs, + flakes, + doctrine, + modules, + }: + flakes.nixpkgs.lib.makeOverridable flakes.nixpkgs.lib.nixosSystem { + inherit pkgs; + inherit (pkgs) system; + + modules = [self.nixosModules.default] ++ modules; + + specialArgs = { + inherit flakes; + + doctrine = self.lib.mkDoctrine { + inherit pkgs; + inherit (doctrine) prefix; + namespace = "sys"; + }; + }; + }; }; }; } From eb85e815983ae526365460a960d78f0754cd1f0d Mon Sep 17 00:00:00 2001 From: Fabian Montero Date: Tue, 26 Aug 2025 15:02:26 -0600 Subject: [PATCH 2/5] trivionomicon: add motd module --- modules/trivionomiconMotd/default.nix | 10 ++++++++++ modules/trivionomiconMotd/sys.nix | 22 ++++++++++++++++++++++ 2 files changed, 32 insertions(+) create mode 100644 modules/trivionomiconMotd/default.nix create mode 100644 modules/trivionomiconMotd/sys.nix diff --git a/modules/trivionomiconMotd/default.nix b/modules/trivionomiconMotd/default.nix new file mode 100644 index 0000000..0844b5a --- /dev/null +++ b/modules/trivionomiconMotd/default.nix @@ -0,0 +1,10 @@ +{ + config, + doctrine, + ... +}: +doctrine.lib.mkModule { + inherit config; + name = "trivionomiconMotd"; + sys = ./sys.nix; +} diff --git a/modules/trivionomiconMotd/sys.nix b/modules/trivionomiconMotd/sys.nix new file mode 100644 index 0000000..5b38e3d --- /dev/null +++ b/modules/trivionomiconMotd/sys.nix @@ -0,0 +1,22 @@ +{ + config, + lib, + pkgs, + ... +}: { + users.motd = '' + _ _ _ _ + | | | | | | | | + _ __ _____ _____ _ __ ___ __| | | |__ _ _ | |_| |__ ___ + | '_ \ / _ \ \ /\ / / _ \ '__/ _ \/ _` | | '_ \| | | | | __| '_ \ / _ \ + | |_) | (_) \ V V / __/ | | __/ (_| | | |_) | |_| | | |_| | | | __/ + | .__/ \___/ \_/\_/ \___|_| \___|\__,_| |_.__/ \__, | \__|_| |_|\___| + | | __/ | + |_|_____ _____ _______ _______ ____ _ _|___/_ __ __ _____ _____ ____ _ _ + |__ __| __ \|_ _\ \ / /_ _/ __ \| \ | |/ __ \| \/ |_ _/ ____/ __ \| \ | | + | | | |__) | | | \ \ / / | || | | | \| | | | | \ / | | || | | | | | \| | + | | | _ / | | \ \/ / | || | | | . ` | | | | |\/| | | || | | | | | . ` | + | | | | \ \ _| |_ \ / _| || |__| | |\ | |__| | | | |_| || |___| |__| | |\ | + |_| |_| \_\_____| \/ |_____\____/|_| \_|\____/|_| |_|_____\_____\____/|_| \_| + ''; +} From 49dae97575b7204c03fc05e7c4ffb20644546a6f Mon Sep 17 00:00:00 2001 From: Alejandro Soto Date: Sun, 31 Aug 2025 10:38:53 -0600 Subject: [PATCH 3/5] trivionomicon/flake: fix overlay stacking --- flake.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.nix b/flake.nix index 5fa2d1d..2b53ebd 100644 --- a/flake.nix +++ b/flake.nix @@ -9,11 +9,11 @@ nixpkgs, flake-utils, }: let - mapOverlayOverride = namespace: overlay: final: prev: let + mapOverlayOverride = prefix: overlay: final: prev: let overlayPkgs = overlay final prev; in { - "${namespace}" = builtins.removeAttrs overlayPkgs ["override"]; + "${prefix}" = (prev.${prefix} or {}) // builtins.removeAttrs overlayPkgs ["override"]; } // (overlayPkgs.override or {}); @@ -30,7 +30,7 @@ packages = (import nixpkgs { inherit system; - overlays = [(mapOverlayOverride doctrineNoPkgs.prefix (import ./pkgs))]; + overlays = [self.overlays.default]; }).${ doctrineNoPkgs.prefix }; @@ -121,7 +121,7 @@ } # NB: Preserve the relative order { - overlay = self.overlays.default; + overlay = mapOverlayOverride prefix (import ./pkgs); condition = true; } { From 427a928f6c6482a12c3b24a9dee9bc6d036e88c9 Mon Sep 17 00:00:00 2001 From: Alejandro Soto Date: Sun, 31 Aug 2025 19:20:13 -0600 Subject: [PATCH 4/5] trivionomicon/pkgs: add snapborg --- pkgs/default.nix | 1 + ...Remove-env-arg-from-subprocess-calls.patch | 29 ++++++++++++++++ pkgs/snapborg/default.nix | 34 +++++++++++++++++++ 3 files changed, 64 insertions(+) create mode 100644 pkgs/snapborg/0001-Remove-env-arg-from-subprocess-calls.patch create mode 100644 pkgs/snapborg/default.nix diff --git a/pkgs/default.nix b/pkgs/default.nix index 484ca77..4a275a3 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -5,5 +5,6 @@ in { override = {}; athena-bccr = callPackage ./athena-bccr {}; + snapborg = final.python3Packages.callPackage ./snapborg {}; spliit = callPackage ./spliit {}; } diff --git a/pkgs/snapborg/0001-Remove-env-arg-from-subprocess-calls.patch b/pkgs/snapborg/0001-Remove-env-arg-from-subprocess-calls.patch new file mode 100644 index 0000000..33f7a0c --- /dev/null +++ b/pkgs/snapborg/0001-Remove-env-arg-from-subprocess-calls.patch @@ -0,0 +1,29 @@ +From c363931656938f9cc3354b8e2797fe9abac1b0e3 Mon Sep 17 00:00:00 2001 +From: Alejandro Soto +Date: Sun, 31 Aug 2025 13:30:45 -0600 +Subject: [PATCH] Remove "env" arg from subprocess calls + +--- + snapborg/borg.py | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/snapborg/borg.py b/snapborg/borg.py +index 89a3d84..b74ddf7 100644 +--- a/snapborg/borg.py ++++ b/snapborg/borg.py +@@ -173,11 +173,10 @@ def launch_borg(args, password=None, print_output=False, dryrun=False, cwd=None) + # TODO: parse output from JSON log lines + try: + if print_output: +- subprocess.run(cmd, env=env, check=True, cwd=cwd) ++ subprocess.run(cmd, check=True, cwd=cwd) + else: + subprocess.check_output(cmd, + stderr=subprocess.STDOUT, +- env=env, + cwd=cwd) + except CalledProcessError as e: + if e.returncode == 1: +-- +2.49.0 + diff --git a/pkgs/snapborg/default.nix b/pkgs/snapborg/default.nix new file mode 100644 index 0000000..271be5c --- /dev/null +++ b/pkgs/snapborg/default.nix @@ -0,0 +1,34 @@ +{ + borgbackup, + buildPythonApplication, + fetchFromGitHub, + lib, + packaging, + pyyaml, +}: +buildPythonApplication { + pname = "snapborg"; + version = "0.1.0-unstable-20250331"; + + src = fetchFromGitHub { + repo = "snapborg"; + owner = "enzingerm"; + + rev = "7e860395319f995161a6e0c7954ce47635e3cd59"; + hash = "sha256-RzYL4IHulk1Q/ALWFs6YCTeCO8ohwqXH2NMHRctRVSA="; + }; + + patches = [ + ./0001-Remove-env-arg-from-subprocess-calls.patch # Fixes broken $PATH when calling borg + ]; + + propagatedBuildInputs = [ + borgbackup + packaging + pyyaml + ]; + + preFixup = '' + makeWrapperArgs+=(--prefix PATH : ${lib.makeBinPath [borgbackup]}) + ''; +} From b424cc1c1cf6094aa589646d51500cf542c66c6b Mon Sep 17 00:00:00 2001 From: Fabian Montero Date: Sat, 13 Sep 2025 11:52:18 -0600 Subject: [PATCH 5/5] trivionomicon: soju: add soju to the trivionomicon --- modules/soju/default.nix | 13 +++++++++++ modules/soju/options.nix | 16 ++++++++++++++ modules/soju/sys.nix | 47 ++++++++++++++++++++++++++++++++++++++++ 3 files changed, 76 insertions(+) create mode 100644 modules/soju/default.nix create mode 100644 modules/soju/options.nix create mode 100644 modules/soju/sys.nix diff --git a/modules/soju/default.nix b/modules/soju/default.nix new file mode 100644 index 0000000..2b302f0 --- /dev/null +++ b/modules/soju/default.nix @@ -0,0 +1,13 @@ +{ + config, + lib, + pkgs, + doctrine, + ... +}: +doctrine.lib.mkModule { + inherit config; + name = "soju"; + sys = ./sys.nix; + options = ./options.nix; +} diff --git a/modules/soju/options.nix b/modules/soju/options.nix new file mode 100644 index 0000000..06c3381 --- /dev/null +++ b/modules/soju/options.nix @@ -0,0 +1,16 @@ +{lib, ...}: +with lib.types; { + sys = { + fullyQualifiedDomain = lib.mkOption { + type = str; + example = "soju.trivionomicon.com"; + description = "fully qualified domain name to be used by soju"; + }; + + port = lib.mkOption { + type = port; + default = 6697; + description = "port to be used by soju"; + }; + }; +} diff --git a/modules/soju/sys.nix b/modules/soju/sys.nix new file mode 100644 index 0000000..83c3560 --- /dev/null +++ b/modules/soju/sys.nix @@ -0,0 +1,47 @@ +{ + config, + pkgs, + lib, + cfg, + doctrine, + ... +}: +with lib; { + security.acme.certs."${cfg.fullyQualifiedDomain}" = { + reloadServices = ["soju.service"]; + group = "soju"; + }; + + networking.firewall.allowedTCPPorts = [cfg.port]; + + services.soju = let + sojuCertDir = config.security.acme.certs."${cfg.fullyQualifiedDomain}".directory; + in { + enable = true; + hostName = "${cfg.fullyQualifiedDomain}"; + listen = ["ircs://[::]:${toString cfg.port}"]; + tlsCertificate = "${sojuCertDir}/fullchain.pem"; + tlsCertificateKey = "${sojuCertDir}/key.pem"; + }; + + systemd.services.soju = { + after = ["acme-${cfg.fullyQualifiedDomain}.service"]; + serviceConfig = { + DynamicUser = mkForce false; # fuck dynamic users + User = "soju"; + Group = "soju"; + ProtectSystem = "strict"; + ProtectHome = "read-only"; + PrivateTmp = true; + RemoveIPC = true; + }; + }; + + users = { + users.soju = { + isSystemUser = true; + group = "soju"; + }; + groups.soju = {}; + }; +}