diff --git a/flake.nix b/flake.nix index 884ce2e..7247682 100644 --- a/flake.nix +++ b/flake.nix @@ -136,6 +136,10 @@ host = "oldie"; stable = true; }; + valkyrie = makeSystem { + host = "valkyrie"; + stable = true; + }; }; homeConfigurations = { @@ -149,6 +153,11 @@ host = "oldie"; stable = true; }; + "materus@valkyrie" = makeHome { + user = "materus"; + host = "valkyrie"; + stable = true; + }; }; }; diff --git a/nix-config/host/materusPC/configuration.nix b/nix-config/host/materusPC/configuration.nix index fabe199..b2474ad 100644 --- a/nix-config/host/materusPC/configuration.nix +++ b/nix-config/host/materusPC/configuration.nix @@ -51,7 +51,7 @@ in mesa-demos libvdpau-va-gl nss - materusArgs.inputs.nixerus.packages.x86_64-linux.polymc + mkk.nixerus.pkgs.polymc ]; extraCompatPackages = [ pkgs.proton-ge-bin diff --git a/nix-config/host/materusPC/home-manager/materus.nix b/nix-config/host/materusPC/home-manager/materus.nix index 3dce13e..ee7ed25 100644 --- a/nix-config/host/materusPC/home-manager/materus.nix +++ b/nix-config/host/materusPC/home-manager/materus.nix @@ -30,7 +30,7 @@ in eza wezterm - materusArgs.inputs.nixerus.packages.x86_64-linux.polymc + mkk.nixerus.pkgs.polymc neovide curl diff --git a/nix-config/host/materusPC/services.nix b/nix-config/host/materusPC/services.nix index 8b54b4b..5d63614 100644 --- a/nix-config/host/materusPC/services.nix +++ b/nix-config/host/materusPC/services.nix @@ -1,6 +1,42 @@ -{ pkgs, materusArgs, ... }: +{ pkgs, mkk, ... }: { imports = [ + #region Suspend/sleep + { + systemd.services.pre-suspend = { + description = "Service description here"; + wantedBy = [ "suspend.target" "sleep.target" ]; + before = [ + "suspend.target" + "sleep.target" + ]; + script = '' + if [ $(systemctl is-active systemd-nspawn@archlinux) = "active" ]; then + systemctl stop systemd-nspawn@archlinux; + sleep 1s; + while [ $(systemctl is-active systemd-nspawn@archlinux) = "active" ]; do sleep 1s; done; + fi + if [ $(systemctl is-active windows-share-mount.service) = "active" ]; then + systemctl stop windows-share-mount.service + fi + ''; + serviceConfig.Type = "oneshot"; + }; + + systemd.services.post-suspend = { + description = "Service description here"; + wantedBy = [ "suspend.target" "sleep.target" ]; + after = [ + "suspend.target" + "sleep.target" + ]; + script = '' + systemctl start windows-share-mount.service + ''; + serviceConfig.Type = "oneshot"; + }; + } + #endregion #region KDE { services.displayManager = { @@ -80,7 +116,7 @@ capSysAdmin = true; openFirewall = true; autoStart = false; - package = materusArgs.inputs.nixerus.packages.x86_64-linux.sunshine; + package = mkk.nixerus.pkgs.sunshine; }; #endregion #region Syncthing diff --git a/nix-config/host/oldie/configuration.nix b/nix-config/host/oldie/configuration.nix index dc64e5e..0efcd31 100644 --- a/nix-config/host/oldie/configuration.nix +++ b/nix-config/host/oldie/configuration.nix @@ -225,7 +225,7 @@ mesa-demos libvdpau-va-gl nss - materusArgs.inputs.nixerus.packages.x86_64-linux.polymc + mkk.nixerus.pkgs.polymc ]; extraCompatPackages = [ pkgs.proton-ge-bin diff --git a/nix-config/host/valkyrie/default.nix b/nix-config/host/valkyrie/default.nix new file mode 100644 index 0000000..269d551 --- /dev/null +++ b/nix-config/host/valkyrie/default.nix @@ -0,0 +1,180 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running `nixos-help`). + +{ lib, pkgs, materusArgs, config, ... }: + +{ + imports = + [ + # Include the results of the hardware scan. + ./hardware-configuration.nix + ./services + ./private + ]; + + programs.zsh.enable = true; + environment.etc."current-flake".source = materusArgs.self; + + # Use the GRUB 2 boot loader. + boot.loader.grub.enable = true; + # boot.loader.grub.efiSupport = true; + # boot.loader.grub.efiInstallAsRemovable = true; + # boot.loader.efi.efiSysMountPoint = "/boot/efi"; + # Define on which hard drive you want to install Grub. + boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only + + networking.hostName = "valkyrie"; # Define your hostname. + # Pick only one of the below networking options. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + networking.networkmanager.enable = false; + + # Set your time zone. + time.timeZone = "Europe/Warsaw"; + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # Select internationalisation properties. + i18n.defaultLocale = "pl_PL.UTF-8"; + console = { + font = "lat2-16"; + keyMap = "pl"; + useXkbConfig = false; # use xkbOptions in tty. + }; + + # Enable the X11 windowing system. + # services.xserver.enable = true; + + + + + # Configure keymap in X11 + # services.xserver.layout = "us"; + # services.xserver.xkbOptions = "eurosign:e,caps:escape"; + + # Enable CUPS to print documents. + # services.printing.enable = true; + + # Enable sound. + # sound.enable = true; + # hardware.pulseaudio.enable = true; + + # Enable touchpad support (enabled default in most desktopManager). + services.libinput.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.materus = { + isNormalUser = true; + extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. + packages = [ + ]; + openssh.authorizedKeys.keyFiles = [ "${materusArgs.files.ssh-keys.materus}" ]; + shell = pkgs.zsh; + }; + users.users.acme.openssh.authorizedKeys.keyFiles = [ "${materusArgs.files.ssh-keys.waffentrager}" ]; + users.users.acme.shell = pkgs.scponly; + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + wget + nano + git + ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + services.openssh.openFirewall = false; + services.openssh.settings.PermitRootLogin = "no"; + services.openssh.settings.PasswordAuthentication = false; + + + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + networking.firewall.enable = true; + + # Copy the NixOS configuration file and link it from the resulting system + # (/run/current-system/configuration.nix). This is useful in case you + # accidentally delete configuration.nix. + # system.copySystemConfiguration = true; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It's perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.05"; # Did you read the comment? + + + services.nginx = { + enable = true; + package = pkgs.tengine; + recommendedTlsSettings = true; + recommendedOptimisation = true; + recommendedGzipSettings = true; + }; + + virtualisation.podman.autoPrune.enable = true; + virtualisation.podman.autoPrune.dates = "daily"; + virtualisation.oci-containers.backend = "podman"; + + nix.settings = { + experimental-features = lib.mkMerge [ + [ + "nix-command" + "flakes" + ] + ]; + auto-optimise-store = true; + trusted-users = [ + "root" + "@wheel" + ]; + + substituters = [ + "https://nix-community.cachix.org" + "https://cache.nixos.org/" + "https://nixerus.cachix.org/" + ]; + trusted-public-keys = [ + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + "nixerus.cachix.org-1:2x7sIG7y1vAoxc8BNRJwsfapZsiX4hIl4aTi9V5ZDdE=" + ]; + }; + + security.acme.acceptTerms = true; + security.acme.defaults.email = "materus+acme@podkos.pl"; + security.acme.defaults.credentialFiles.OVH_FILE = config.sops.secrets.certs.path; + security.acme.defaults.dnsResolver = "9.9.9.9:53"; + security.acme.certs."materus.pl" = { + domain = "materus.pl"; + group = "nginx"; + extraDomainNames = [ "*.materus.pl" ]; + dnsProvider = "ovh"; + }; + + security.acme.certs."podkos.pl" = { + domain = "podkos.pl"; + group = "nginx"; + extraDomainNames = [ "*.podkos.pl" ]; + dnsProvider = "ovh"; + }; + +} + diff --git a/nix-config/host/valkyrie/hardware-configuration.nix b/nix-config/host/valkyrie/hardware-configuration.nix new file mode 100644 index 0000000..51d0051 --- /dev/null +++ b/nix-config/host/valkyrie/hardware-configuration.nix @@ -0,0 +1,47 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ lib, modulesPath, ... }: + +{ + imports = + [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "floppy" "sr_mod" "virtio_blk" ]; + boot.initrd.kernelModules = [ ]; + boot.kernel.sysctl = { "net.ipv4.ip_forward" = 1; "net.ipv6.conf.all.forwarding" = 1; }; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + boot.tmp.useTmpfs = true; + + fileSystems."/" = + { + device = "/dev/disk/by-uuid/924b1a69-2256-444f-baf6-d2d9405e451d"; + fsType = "ext4"; + }; + + fileSystems."/etc/nixos" = + { + device = "/materus/config/nixos-config"; + fsType = "none"; + options = [ "bind" ]; + }; + + swapDevices = [ + { + device = "/swapfile"; + size = 4 * 1024; + } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = false; + networking.nameservers = [ "9.9.9.9" "1.1.1.1" "8.8.8.8" ]; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/nix-config/host/valkyrie/home-manager/materus.nix b/nix-config/host/valkyrie/home-manager/materus.nix new file mode 100644 index 0000000..8dc78c4 --- /dev/null +++ b/nix-config/host/valkyrie/home-manager/materus.nix @@ -0,0 +1,5 @@ +{ ... }: +{ + home.stateVersion = "23.05"; + home.homeDirectory = "/home/materus"; +} diff --git a/nix-config/host/valkyrie/private/default.nix b/nix-config/host/valkyrie/private/default.nix new file mode 100644 index 0000000..f3fe10d Binary files /dev/null and b/nix-config/host/valkyrie/private/default.nix differ diff --git a/nix-config/host/valkyrie/private/forwarding.nix b/nix-config/host/valkyrie/private/forwarding.nix new file mode 100644 index 0000000..504fe58 Binary files /dev/null and b/nix-config/host/valkyrie/private/forwarding.nix differ diff --git a/nix-config/host/valkyrie/private/secrets.yaml b/nix-config/host/valkyrie/private/secrets.yaml new file mode 100644 index 0000000..03696ff Binary files /dev/null and b/nix-config/host/valkyrie/private/secrets.yaml differ diff --git a/nix-config/host/valkyrie/private/tosave.nix b/nix-config/host/valkyrie/private/tosave.nix new file mode 100644 index 0000000..784fd9a Binary files /dev/null and b/nix-config/host/valkyrie/private/tosave.nix differ diff --git a/nix-config/host/valkyrie/services/dcbot.nix b/nix-config/host/valkyrie/services/dcbot.nix new file mode 100644 index 0000000..05e5cf7 --- /dev/null +++ b/nix-config/host/valkyrie/services/dcbot.nix @@ -0,0 +1,38 @@ +{ + config, + pkgs, + lib, + mkk, + ... +}: +{ + options.valkyrieService.dcbot.enable = mkk.lib.mkBoolOpt false "Enable muse bot"; + + config = + let + cfg = config.valkyrieService.dcbot; + in + lib.mkIf cfg.enable { + sops.templates."muse.env".content = '' + CACHE_LIMIT=512MB + BOT_STATUS=online + BOT_ACTIVITY_TYPE=LISTENING + BOT_ACTIVITY=Coś + DISCORD_TOKEN=${config.sops.placeholder.discord-token} + YOUTUBE_API_KEY=${config.sops.placeholder.youtube-api} + SPOTIFY_CLIENT_ID=${config.sops.placeholder.spotify-client-id} + SPOTIFY_CLIENT_SECRET=${config.sops.placeholder.spotify-client-secret} + ''; + + systemd.tmpfiles.rules = [ + "d /var/lib/muse 0776 root root -" + ]; + virtualisation.oci-containers.containers.dcbot = { + image = "sl33ping/muse:pr-1195"; + volumes = [ "/var/lib/muse:/data" ]; + environmentFiles = [ config.sops.templates."muse.env".path ]; + }; + + }; + +} diff --git a/nix-config/host/valkyrie/services/default.nix b/nix-config/host/valkyrie/services/default.nix new file mode 100644 index 0000000..81436a1 --- /dev/null +++ b/nix-config/host/valkyrie/services/default.nix @@ -0,0 +1,17 @@ +{ config, pkgs, ... }: +{ + imports = + [ + ./pleroma.nix + ./pihole.nix + ./dcbot.nix + ./secureyoursoul.nix + ]; + services.adguardhome.enable = true; + + valkyrieService.pihole.enable = false; + valkyrieService.pleroma.enable = false; + valkyrieService.dcbot.enable = true; + valkyrieService.secureyoursoul.enable = true; + +} diff --git a/nix-config/host/valkyrie/services/pihole.nix b/nix-config/host/valkyrie/services/pihole.nix new file mode 100644 index 0000000..d025eb3 --- /dev/null +++ b/nix-config/host/valkyrie/services/pihole.nix @@ -0,0 +1,56 @@ +{ config, pkgs, lib, mkk, ... }: +{ + options.valkyrieService.pihole.enable = mkk.lib.mkBoolOpt false "Enable pihole"; + options.valkyrieService.pihole.dnsIP = lib.mkOption { default = "127.0.0.1"; }; + options.valkyrieService.pihole.webIP = lib.mkOption { default = "127.0.0.1"; }; + + + + config = + let + cfg = config.valkyrieService.pihole; + dnsmasqConf = pkgs.writeText "02-dnsmasq-custom.conf" '' + no-hosts + ''; + + in + lib.mkIf config.valkyrieService.pihole.enable { + systemd.tmpfiles.rules = [ + "d /var/lib/dnsmasq.d 0776 root root -" + "d /var/lib/pihole 0776 root root -" + "L+ /var/lib/dnsmasq.d/02-dnsmasq-custom.conf 0776 root root - ${dnsmasqConf}" + ]; + + virtualisation.oci-containers.containers.pihole = { + image = "pihole/pihole:latest"; + ports = + [ + "${cfg.dnsIP}:53:53/tcp" + "${cfg.dnsIP}:53:53/udp" + "${cfg.webIP}:3000:80" + ]; + environment = { + TZ = "Europe/Warsaw"; + FTLCONF_LOCAL_IPV4 = "127.0.0.1"; + DNSMASQ_USER = "root"; + VIRTUAL_HOST = "pi.hole"; + PROXY_LOCATION = "pi.hole"; + }; + volumes = [ + "/var/lib/pihole/:/etc/pihole/" + "/var/lib/dnsmasq.d:/etc/dnsmasq.d/" + "/nix/store:/nix/store" + ]; + extraOptions = + [ + "--cap-add=NET_ADMIN" + "--dns=127.0.0.1" + "--dns=9.9.9.9" + "--hostname=pi.hole" + ]; + }; + + }; + + +} diff --git a/nix-config/host/valkyrie/services/pleroma.nix b/nix-config/host/valkyrie/services/pleroma.nix new file mode 100644 index 0000000..efb964e --- /dev/null +++ b/nix-config/host/valkyrie/services/pleroma.nix @@ -0,0 +1,149 @@ +{ config, pkgs, lib, mkk, ... }: +let + + socketPath = "/run/pleroma/http.sock"; + + + socketChmod = with pkgs; with lib; pkgs.writers.writeBashBin "pleroma-socket" + '' + coproc { + ${inotify-tools}/bin/inotifywait -q -m -e create ${escapeShellArg (dirOf socketPath)} + } + + trap 'kill "$COPROC_PID"' EXIT TERM + + until ${pkgs.coreutils}/bin/test -S ${escapeShellArg socketPath} + do read -r -u "''${COPROC[0]}" + done + + ${pkgs.coreutils}/bin/chmod 0666 ${socketPath} + ''; + + soapbox = pkgs.stdenv.mkDerivation rec { + pname = "soapbox"; + version = "v3.2.0"; + dontBuild = true; + dontConfigure = true; + src = pkgs.fetchurl { + name = "soapbox"; + url = "https://gitlab.com/soapbox-pub/soapbox/-/jobs/artifacts/${version}/download?job=build-production"; + sha256 = "sha256-AdW6JK7JkIKLZ8X+N9STeOHqmGNUdhcXyC9jsQPTa9o="; + }; + nativeBuildInputs = [ pkgs.unzip ]; + unpackPhase = '' + unzip $src -d . + ''; + installPhase = '' + mv ./static $out + ''; + + }; + +in +{ + options.valkyrieService.pleroma.enable = mkk.lib.mkBoolOpt false "Enable pleroma"; + config = lib.mkIf config.valkyrieService.pleroma.enable { + systemd.tmpfiles.rules = [ + "d /var/lib/pleroma 0766 pleroma pleroma -" + "d /var/lib/pleroma/static 0766 pleroma pleroma -" + "d /var/lib/pleroma/uploads 0766 pleroma pleroma -" + "L+ /var/lib/pleroma/static/frontends/soapbox/${soapbox.version} 0766 pleroma pleroma - ${soapbox}" + ]; + + services.nginx.virtualHosts."podkos.xyz" = { + http2 = true; + useACMEHost = "podkos.xyz"; + forceSSL = true; + locations."/" = { + proxyPass = "http://unix:${socketPath}"; + extraConfig = '' + etag on; + gzip on; + + add_header 'Access-Control-Allow-Origin' '*' always; + add_header 'Access-Control-Allow-Methods' 'POST, PUT, DELETE, GET, PATCH, OPTIONS' always; + add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, Idempotency-Key' always; + add_header 'Access-Control-Expose-Headers' 'Link, X-RateLimit-Reset, X-RateLimit-Limit, X-RateLimit-Remaining, X-Request-Id' always; + if ($request_method = OPTIONS) { + return 204; + } + + add_header X-XSS-Protection "1; mode=block"; + add_header X-Permitted-Cross-Domain-Policies none; + add_header X-Frame-Options DENY; + add_header X-Content-Type-Options nosniff; + add_header Referrer-Policy same-origin; + add_header X-Download-Options noopen; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + + client_max_body_size 8m; + + + ''; + }; + + }; + systemd.services.pleroma.serviceConfig = { + RuntimeDirectory = "pleroma"; + RuntimeDirectoryPreserve = true; + + + ExecStartPost = "${socketChmod}/bin/pleroma-socket"; + ExecStopPost = ''${pkgs.coreutils}/bin/rm -f ${socketPath}''; + }; + + + + + services.pleroma = { + enable = true; + secretConfigFile = "/var/lib/pleroma/secrets.exs"; + configs = [ + '' + import Config + + config :pleroma, Pleroma.Web.Endpoint, + url: [host: "podkos.xyz", scheme: "https", port: 443], + http: [ip: {:local, "${socketPath}"}, port: 0] + + config :pleroma, :instance, + name: "Podziemia Kosmosu", + email: "admin@podkos.xyz", + notify_email: "noreply@podkos.xyz", + limit: 5000, + registrations_open: false + + config :pleroma, :media_proxy, + enabled: false, + redirect_on_failure: true + + config :pleroma, Pleroma.Repo, + adapter: Ecto.Adapters.Postgres, + socket: "/run/postgresql/.s.PGSQL.5432", + username: "pleroma", + database: "pleroma" + + + # Configure web push notifications + config :web_push_encryption, :vapid_details, + subject: "mailto:admin@podkos.x yz" + config :pleroma, :frontends, + primary: %{ + "name" => "soapbox", + "ref" => "${soapbox.version}" + } + + config :pleroma, :database, rum_enabled: false + config :pleroma, :instance, static_dir: "/var/lib/pleroma/static" + config :pleroma, Pleroma.Uploaders.Local, uploads: "/var/lib/pleroma/uploads" + + config :pleroma, configurable_from_database: true + config :pleroma, Pleroma.Upload, filters: [Pleroma.Upload.Filter.AnonymizeFilename] + '' + ]; + }; + }; +} diff --git a/nix-config/host/valkyrie/services/secureyoursoul.nix b/nix-config/host/valkyrie/services/secureyoursoul.nix new file mode 100644 index 0000000..5305ed8 --- /dev/null +++ b/nix-config/host/valkyrie/services/secureyoursoul.nix @@ -0,0 +1,141 @@ +{ config, pkgs, lib, mkk, ... }: +{ + options.valkyrieService.secureyoursoul.enable = mkk.lib.mkBoolOpt false "Enable secureyoursoul, web archive"; + + + + + config = + let + cfg = config.valkyrieService.secureyoursoul; + in + lib.mkIf cfg.enable { + systemd.timers.secureyoursoul-steam = { + wantedBy = [ "timers.target" ]; + timerConfig = { + OnCalendar = "*-*-1,7,14,21 3:00:00"; + Persistent = true; + Unit = "secureyoursoul-steam.service"; + }; + }; + systemd.timers.secureyoursoul-p1 = { + wantedBy = [ "timers.target" ]; + timerConfig = { + OnCalendar = "*-*-3,9,16,23 3:00:00"; + Persistent = true; + Unit = "secureyoursoul-p1.service"; + }; + }; + systemd.timers.secureyoursoul-p2 = { + wantedBy = [ "timers.target" ]; + timerConfig = { + OnCalendar = "*-*-5,11,18,25 3:00:00"; + Persistent = true; + Unit = "secureyoursoul-p2.service"; + }; + }; + + systemd.services.secureyoursoul-steam = { + description = "Make curl requests to archive steam related things"; + path = [ pkgs.coreutils pkgs.util-linux pkgs.curl ]; + serviceConfig.Type = "oneshot"; + serviceConfig.RemainAfterExit = false; + script = '' + STEAM_IDS=( ${ builtins.foldl' (x: y: x +"\""+ y + "\" ") "" mkk.to_save.steamids }) + EXTRA_LINKS=( ${ builtins.foldl' (x: y: x +"\""+ y + "\" ") "" mkk.to_save.extraLinks-steam }) + + steamladder() { + for id in ''${STEAM_IDS[@]}; do + curl -X POST -H "Authorization: Token ''$(cat ${config.sops.secrets.steamladder-api.path})" \ + "https://steamladder.com/api/v1/profile/$id/" + done; + } + + webarchive(){ + for id in ''${STEAM_IDS[@]}; do + curl -X POST -H "Accept: application/json" \ + -H "Authorization: LOW ''$(cat ${config.sops.secrets.webarchive-accesskey.path}):''$(cat ${config.sops.secrets.webarchive-secretkey.path})" \ + -d"url=https://steamcommunity.com/profiles/$id" \ + -d"capture_outlinks=1" \ + -d"capture_screenshot=on" \ + -d"capture_all=on" \ + "https://web.archive.org/save"; + sleep 180; + done; + + + for link in ''${EXTRA_LINKS[@]}; do + curl -X POST -H "Accept: application/json" \ + -H "Authorization: LOW ''$(cat ${config.sops.secrets.webarchive-accesskey.path}):''$(cat ${config.sops.secrets.webarchive-secretkey.path})" \ + -d"url=$link" \ + -d"capture_outlinks=1" \ + -d"capture_screenshot=on" \ + -d"capture_all=on" \ + "https://web.archive.org/save"; + sleep 180; + done; + + } + + + + steamladder & + webarchive + wait + ''; + }; + + + systemd.services.secureyoursoul-p1 = { + description = "Make curl requests to archive related things"; + path = [ pkgs.coreutils pkgs.util-linux pkgs.curl ]; + serviceConfig.Type = "oneshot"; + serviceConfig.RemainAfterExit = false; + script = '' + EXTRA_LINKS=( ${ builtins.foldl' (x: y: x +"\""+ y + "\" ") "" mkk.to_save.extraLinks1 }) + webarchive(){ + for link in ''${EXTRA_LINKS[@]}; do + curl -X POST -H "Accept: application/json" \ + -H "Authorization: LOW ''$(cat ${config.sops.secrets.webarchive-accesskey.path}):''$(cat ${config.sops.secrets.webarchive-secretkey.path})" \ + -d"url=$link" \ + -d"capture_outlinks=1" \ + -d"capture_screenshot=on" \ + -d"capture_all=on" \ + "https://web.archive.org/save"; + sleep 180; + done; + + } + webarchive + ''; + }; + + systemd.services.secureyoursoul-p2 = { + description = "Make curl requests to archive related things - part 2"; + path = [ pkgs.coreutils pkgs.util-linux pkgs.curl ]; + serviceConfig.Type = "oneshot"; + serviceConfig.RemainAfterExit = false; + script = '' + EXTRA_LINKS=( ${ builtins.foldl' (x: y: x +"\""+ y + "\" ") "" mkk.to_save.extraLinks2 }) + webarchive(){ + for link in ''${EXTRA_LINKS[@]}; do + curl -X POST -H "Accept: application/json" \ + -H "Authorization: LOW ''$(cat ${config.sops.secrets.webarchive-accesskey.path}):''$(cat ${config.sops.secrets.webarchive-secretkey.path})" \ + -d"url=$link" \ + -d"capture_outlinks=1" \ + -d"capture_screenshot=on" \ + -d"capture_all=on" \ + "https://web.archive.org/save"; + sleep 180; + done; + + } + webarchive + ''; + }; + + + }; + + +} diff --git a/nix-config/shared/default.nix b/nix-config/shared/default.nix index df203e0..ba78d52 100644 --- a/nix-config/shared/default.nix +++ b/nix-config/shared/default.nix @@ -24,6 +24,9 @@ isHm: ++ lib.optionals (!isHm) [ ./os ]; config.mkk.var = import ./private/variables.nix {}; - config._module.args.mkk = config.mkk.var; + config._module.args.mkk = rec { + nixerus.pkgs = materusArgs.inputs.nixerus.packages."${config.nixpkgs.hostPlatform.system}"; + lib = nixerus.pkgs.lib; + } // config.mkk.var; } diff --git a/nix-config/shared/private/variables.nix b/nix-config/shared/private/variables.nix index 4e787c3..e79c278 100644 Binary files a/nix-config/shared/private/variables.nix and b/nix-config/shared/private/variables.nix differ