feat: format and fix noisebell config

2026-03-23 00:04:46 -07:00 · 2026-03-23 00:04:46 -07:00 · d0b29c1244
commit d0b29c1244
parent 3e78c835cc
10 changed files with 211 additions and 101 deletions
--- a/agenix.nix
+++ b/agenix.nix
@ -1,13 +1,38 @@
 let
  server = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAING219cDKTDLaZefmqvOHfXvYloA/ErsCGE0pM022vlB";
  jet = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE40ISu3ydCqfdpb26JYD5cIN0Fu0id/FDS+xjB5zpqu";
-in {
+in
-  "secrets/forgejo-db.age".publicKeys = [ server jet ];
+{
-  "secrets/stalwart-admin.age".publicKeys = [ server jet ];
+  "secrets/forgejo-db.age".publicKeys = [
-  "secrets/searx-env.age".publicKeys = [ server jet ];
+    server
-  "secrets/tailscale-key.age".publicKeys = [ server jet ];
+    jet
-  "secrets/grafana-secret.age".publicKeys = [ server jet ];
+  ];
-  "secrets/matrix-macaroon.age".publicKeys = [ server jet ];
+  "secrets/stalwart-admin.age".publicKeys = [
-  "secrets/ntfy-admin-hash.age".publicKeys = [ server jet ];
+    server
-  "secrets/mymx-webhook.age".publicKeys = [ server jet ];
+    jet
  ];
  "secrets/searx-env.age".publicKeys = [
    server
    jet
  ];
  "secrets/tailscale-key.age".publicKeys = [
    server
    jet
  ];
  "secrets/grafana-secret.age".publicKeys = [
    server
    jet
  ];
  "secrets/matrix-macaroon.age".publicKeys = [
    server
    jet
  ];
  "secrets/ntfy-admin-hash.age".publicKeys = [
    server
    jet
  ];
  "secrets/mymx-webhook.age".publicKeys = [
    server
    jet
  ];
 }
--- a/configuration.nix
+++ b/configuration.nix
@ -1,4 +1,9 @@
-{ config, pkgs, modulesPath, ... }:
+{
  config,
  pkgs,
  modulesPath,
  ...
 }:
 {
  imports = [
@ -19,13 +24,25 @@
  # Agenix secrets
  age.secrets = {
    forgejo-db.file = ./secrets/forgejo-db.age;
-    stalwart-admin = { file = ./secrets/stalwart-admin.age; owner = "stalwart-mail"; };
+    stalwart-admin = {
      file = ./secrets/stalwart-admin.age;
      owner = "stalwart-mail";
    };
    searx-env.file = ./secrets/searx-env.age;
    tailscale-key.file = ./secrets/tailscale-key.age;
-    grafana-secret = { file = ./secrets/grafana-secret.age; owner = "grafana"; };
+    grafana-secret = {
-    matrix-macaroon = { file = ./secrets/matrix-macaroon.age; owner = "matrix-synapse"; };
+      file = ./secrets/grafana-secret.age;
      owner = "grafana";
    };
    matrix-macaroon = {
      file = ./secrets/matrix-macaroon.age;
      owner = "matrix-synapse";
    };
    ntfy-admin-hash.file = ./secrets/ntfy-admin-hash.age;
-    mymx-webhook = { file = ./secrets/mymx-webhook.age; owner = "mymx"; };
+    mymx-webhook = {
      file = ./secrets/mymx-webhook.age;
      owner = "mymx";
    };
  };
  # Bootloader
@ -35,8 +52,11 @@
  # Networking
  networking.hostName = "extremist-software";
-  networking.firewall.allowedTCPPorts = [ 22 80 443 ]; # SSH, HTTP, HTTPS
+  networking.firewall.allowedTCPPorts = [
-  
+    22
    80
    443
  ]; # SSH, HTTP, HTTPS
  # Tailscale
  services.tailscale.enable = true;
  # We assume the user will authenticate manually or via a one-time key service
@ -52,10 +72,12 @@
    enable = true;
    settings.PasswordAuthentication = false;
    settings.PermitRootLogin = "prohibit-password";
-    hostKeys = [{
+    hostKeys = [
      {
        path = "/etc/ssh/ssh_host_ed25519_key";
        type = "ed25519";
-    }];
+      }
    ];
  };
  # Fail2ban
@ -94,7 +116,10 @@
  # System
  system.stateVersion = "24.05";
-  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+  nix.settings.experimental-features = [
    "nix-command"
    "flakes"
  ];
  nix.settings.max-jobs = "auto";
  nix.settings.cores = 0;
  services.postgresql.package = pkgs.postgresql_15;
@ -110,8 +135,8 @@
  services.tailscale.authKeyFile = config.age.secrets.tailscale-key.path;
  # MyMX
-  services.jetpham-website.enable = true;
+  services.jetpham-website.enable = false;
-  services.jetpham-website.tor.enable = true;
+  services.jetpham-website.tor.enable = false;
  services.mymx = {
    enable = true;
--- a/flake.nix
+++ b/flake.nix
@ -23,7 +23,14 @@
    agenix.inputs.nixpkgs.follows = "nixpkgs";
  };
-  outputs = { self, nixpkgs, disko, ... }@inputs: {
+  outputs =
    {
      self,
      nixpkgs,
      disko,
      ...
    }@inputs:
    {
      nixosConfigurations.extremist-software = nixpkgs.lib.nixosSystem {
        system = "x86_64-linux";
        specialArgs = { inherit inputs; };
@ -40,7 +47,8 @@
        ];
      };
-    devShells.x86_64-linux.default = let
+      devShells.x86_64-linux.default =
        let
          pkgs = nixpkgs.legacyPackages.x86_64-linux;
          deploy = pkgs.writeShellScriptBin "nhs" ''
            nh os switch --hostname extremist-software --target-host root@extremist-software path:. "$@"
@ -60,7 +68,8 @@
            fi
            exit $failed
          '';
-    in pkgs.mkShell {
+        in
        pkgs.mkShell {
          packages = [
            pkgs.nh
            inputs.agenix.packages.x86_64-linux.default
--- a/modules/caddy.nix
+++ b/modules/caddy.nix
@ -129,7 +129,6 @@
        '';
      };
      "matrix.extremist.software" = {
        extraConfig = ''
          rate_limit {
--- a/modules/matrix.nix
+++ b/modules/matrix.nix
@ -17,7 +17,10 @@
          x_forwarded = true;
          resources = [
            {
-              names = [ "client" "federation" ];
+              names = [
                "client"
                "federation"
              ];
              compress = false;
            }
          ];
@ -42,10 +45,11 @@
  services.postgresql = {
    enable = true;
    ensureDatabases = [ "matrix-synapse" ];
-    ensureUsers = [{
+    ensureUsers = [
      {
        name = "matrix-synapse";
        ensureDBOwnership = true;
-    }];
+      }
    ];
  };
 }
--- a/modules/monitoring.nix
+++ b/modules/monitoring.nix
@ -15,9 +15,11 @@
    scrapeConfigs = [
      {
        job_name = "node";
-        static_configs = [{
+        static_configs = [
          {
            targets = [ "127.0.0.1:9100" ];
-        }];
+          }
        ];
      }
    ];
  };
--- a/modules/noisebell.nix
+++ b/modules/noisebell.nix
@ -1,4 +1,4 @@
-{ ... }:
+{ config, ... }:
 {
  services.noisebell-cache = {
@ -6,6 +6,12 @@
    port = 3005;
    domain = "noisebell.extremist.software";
    piAddress = "http://noisebell-pi";
    outboundWebhooks = [
      {
        url = "http://127.0.0.1:3004/webhook";
        secretFile = config.age.secrets.noisebell-discord-webhook-secret.path;
      }
    ];
  };
  services.noisebell-discord = {
--- a/modules/ntfy.nix
+++ b/modules/ntfy.nix
@ -1,4 +1,9 @@
-{ config, pkgs, lib, ... }:
+{
  config,
  pkgs,
  lib,
  ...
 }:
 {
  services.ntfy-sh = {
@ -19,13 +24,15 @@
  # Patch the generated config at runtime to inject the admin bcrypt hash
  systemd.services.ntfy-sh = {
    serviceConfig.RuntimeDirectory = "ntfy-sh";
-    serviceConfig.ExecStartPre = let
+    serviceConfig.ExecStartPre =
      let
        script = pkgs.writeShellScript "ntfy-patch-config" ''
          cp /etc/ntfy/server.yml /run/ntfy-sh/server.yml
          HASH=$(cat ${config.age.secrets.ntfy-admin-hash.path})
          printf '\nauth-users:\n  - "jet:%s:admin"\n' "$HASH" >> /run/ntfy-sh/server.yml
        '';
-    in [ "+${script}" ];
+      in
      [ "+${script}" ];
    serviceConfig.ExecStart = lib.mkForce "${pkgs.ntfy-sh}/bin/ntfy serve --config /run/ntfy-sh/server.yml";
  };
 }
--- a/modules/searx.nix
+++ b/modules/searx.nix
@ -16,15 +16,48 @@
        request_timeout = 1.5;
      };
      ui = {
-        categories_as_tabs = [ "general" "images" ];
+        categories_as_tabs = [
          "general"
          "images"
        ];
      };
      engines = [
-        { name = "google"; engine = "google"; categories = "general"; disabled = false; }
+        {
-        { name = "wikipedia"; engine = "wikipedia"; categories = "general"; disabled = false; }
+          name = "google";
-        { name = "google images"; engine = "google_images"; categories = "images"; disabled = false; }
+          engine = "google";
-        { name = "duckduckgo images"; engine = "duckduckgo_images"; categories = "images"; disabled = false; }
+          categories = "general";
-        { name = "bing images"; engine = "bing_images"; categories = "images"; disabled = false; }
+          disabled = false;
-        { name = "qwant images"; engine = "qwant_images"; categories = "images"; disabled = false; }
+        }
        {
          name = "wikipedia";
          engine = "wikipedia";
          categories = "general";
          disabled = false;
        }
        {
          name = "google images";
          engine = "google_images";
          categories = "images";
          disabled = false;
        }
        {
          name = "duckduckgo images";
          engine = "duckduckgo_images";
          categories = "images";
          disabled = false;
        }
        {
          name = "bing images";
          engine = "bing_images";
          categories = "images";
          disabled = false;
        }
        {
          name = "qwant images";
          engine = "qwant_images";
          categories = "images";
          disabled = false;
        }
      ];
    };
  };