jet/extremist-software
jet/extremist-software
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: jet:188b75242065425820f3c41159668bb5d15ab7fb
Branches Tags
jet:main
..
compare: jet:5dc8fce5ae86262f0565a9706d57d82e66ad17e0
Branches Tags
jet:main

3 commits
188b752420 ... 5dc8fce5ae

Author SHA1 Message Date
Jet Pham
5dc8fce5ae feat: add custom forgejo logo 2026-03-15 17:02:59 -07:00
Jet Pham
efe21d9734 fix: make builds faster 2026-03-15 17:02:50 -07:00
Jet Pham
5ecfb04abe
feat: add noisebell module and all secrets 
:wq
 2026-03-12 17:01:12 -07:00
12 changed files with 422 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

5
agenix.nix
View file

@ -10,4 +10,9 @@ in {
"secrets/matrix-macaroon.age".publicKeys = [ server jet ];
"secrets/ntfy-admin-hash.age".publicKeys = [ server jet ];
"secrets/mymx-webhook.age".publicKeys = [ server jet ];
"secrets/noisebell-pi-api-key.age".publicKeys = [ server jet ];
"secrets/noisebell-inbound-api-key.age".publicKeys = [ server jet ];
"secrets/noisebell-discord-token.age".publicKeys = [ server jet ];
"secrets/noisebell-discord-webhook-secret.age".publicKeys = [ server jet ];
"secrets/noisebell-rss-webhook-secret.age".publicKeys = [ server jet ];
}

3
configuration.nix
View file

@ -11,6 +11,7 @@
./modules/monitoring.nix
./modules/ntfy.nix
./modules/uptime-kuma.nix
./modules/noisebell.nix
# mymx module is imported via flake input in flake.nix
];
@ -93,6 +94,8 @@
# System
system.stateVersion = "24.05";
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nix.settings.max-jobs = "auto";
nix.settings.cores = 0;
services.postgresql.package = pkgs.postgresql_15;
nixpkgs.config.allowUnfree = true; # Allow unfree packages (Minecraft, etc.)

243
flake.lock generated
View file

@ -23,6 +23,51 @@
"type": "github"
}
},
"crane": {
"locked": {
"lastModified": 1773115265,
"narHash": "sha256-5fDkKTYEgue2klksd52WvcXfZdY1EIlbk0QggAwpFog=",
"owner": "ipetkov",
"repo": "crane",
"rev": "27711550d109bf6236478dc9f53b9e29c1a374c5",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"crane_2": {
"locked": {
"lastModified": 1773115265,
"narHash": "sha256-5fDkKTYEgue2klksd52WvcXfZdY1EIlbk0QggAwpFog=",
"owner": "ipetkov",
"repo": "crane",
"rev": "27711550d109bf6236478dc9f53b9e29c1a374c5",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"crane_3": {
"locked": {
"lastModified": 1773115265,
"narHash": "sha256-5fDkKTYEgue2klksd52WvcXfZdY1EIlbk0QggAwpFog=",
"owner": "ipetkov",
"repo": "crane",
"rev": "27711550d109bf6236478dc9f53b9e29c1a374c5",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
@ -142,6 +187,54 @@
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1772963539,
"narHash": "sha256-9jVDGZnvCckTGdYT53d/EfznygLskyLQXYwJLKMPsZs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9dcb002ca1690658be4a04645215baea8b95f31d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1772963539,
"narHash": "sha256-9jVDGZnvCckTGdYT53d/EfznygLskyLQXYwJLKMPsZs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9dcb002ca1690658be4a04645215baea8b95f31d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1772963539,
"narHash": "sha256-9jVDGZnvCckTGdYT53d/EfznygLskyLQXYwJLKMPsZs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9dcb002ca1690658be4a04645215baea8b95f31d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1744536153,
"narHash": "sha256-awS2zRgF4uTwrOKwwiJcByDzDOdo3Q1rPZbiHQg/N38=",
@ -157,12 +250,92 @@
"type": "github"
}
},
"noisebell": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"noisebell-cache": "noisebell-cache",
"noisebell-discord": "noisebell-discord",
"noisebell-rss": "noisebell-rss"
},
"locked": {
"dir": "remote",
"lastModified": 1773188969,
"narHash": "sha256-jJUjd8f8yw68DdN5UF4n51lYm0kpihkaDZZKuj9VmP4=",
"ref": "refs/heads/main",
"rev": "a74e5753fafcfe0a9f20ac2e2c625e458c4dc329",
"revCount": 29,
"type": "git",
"url": "https://git.extremist.software/jet/noisebell"
},
"original": {
"dir": "remote",
"type": "git",
"url": "https://git.extremist.software/jet/noisebell"
}
},
"noisebell-cache": {
"inputs": {
"crane": "crane",
"nixpkgs": "nixpkgs_2",
"rust-overlay": "rust-overlay_2"
},
"locked": {
"path": "./cache-service",
"type": "path"
},
"original": {
"path": "./cache-service",
"type": "path"
},
"parent": [
"noisebell"
]
},
"noisebell-discord": {
"inputs": {
"crane": "crane_2",
"nixpkgs": "nixpkgs_3",
"rust-overlay": "rust-overlay_3"
},
"locked": {
"path": "./discord-bot",
"type": "path"
},
"original": {
"path": "./discord-bot",
"type": "path"
},
"parent": [
"noisebell"
]
},
"noisebell-rss": {
"inputs": {
"crane": "crane_3",
"nixpkgs": "nixpkgs_4",
"rust-overlay": "rust-overlay_4"
},
"locked": {
"path": "./rss-service",
"type": "path"
},
"original": {
"path": "./rss-service",
"type": "path"
},
"parent": [
"noisebell"
]
},
"root": {
"inputs": {
"agenix": "agenix",
"disko": "disko",
"mymx": "mymx",
"nixpkgs": "nixpkgs",
"noisebell": "noisebell",
"website": "website"
}
},
@ -189,7 +362,73 @@
},
"rust-overlay_2": {
"inputs": {
"nixpkgs": "nixpkgs_2"
"nixpkgs": [
"noisebell",
"noisebell-cache",
"nixpkgs"
]
},
"locked": {
"lastModified": 1773115373,
"narHash": "sha256-bfK9FJFcQth6f3ydYggS5m0z2NRGF/PY6Y2XgZDJ6pg=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "1924b4672a2b8e4aee6e6652ec2e59a8d3c5648e",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"rust-overlay_3": {
"inputs": {
"nixpkgs": [
"noisebell",
"noisebell-discord",
"nixpkgs"
]
},
"locked": {
"lastModified": 1773115373,
"narHash": "sha256-bfK9FJFcQth6f3ydYggS5m0z2NRGF/PY6Y2XgZDJ6pg=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "1924b4672a2b8e4aee6e6652ec2e59a8d3c5648e",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"rust-overlay_4": {
"inputs": {
"nixpkgs": [
"noisebell",
"noisebell-rss",
"nixpkgs"
]
},
"locked": {
"lastModified": 1773115373,
"narHash": "sha256-bfK9FJFcQth6f3ydYggS5m0z2NRGF/PY6Y2XgZDJ6pg=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "1924b4672a2b8e4aee6e6652ec2e59a8d3c5648e",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"rust-overlay_5": {
"inputs": {
"nixpkgs": "nixpkgs_5"
},
"locked": {
"lastModified": 1772679930,
@ -241,7 +480,7 @@
"nixpkgs": [
"nixpkgs"
],
"rust-overlay": "rust-overlay_2"
"rust-overlay": "rust-overlay_5"
},
"locked": {
"lastModified": 1773113843,

4
flake.nix
View file

@ -13,6 +13,9 @@
website.url = "git+https://git.extremist.software/jet/website";
website.inputs.nixpkgs.follows = "nixpkgs";
noisebell.url = "git+https://git.extremist.software/jet/noisebell?dir=remote";
noisebell.inputs.nixpkgs.follows = "nixpkgs";
agenix.url = "github:ryantm/agenix";
agenix.inputs.nixpkgs.follows = "nixpkgs";
};
@ -26,6 +29,7 @@
inputs.mymx.nixosModules.default
inputs.website.nixosModules.default
inputs.agenix.nixosModules.default
inputs.noisebell.nixosModules.default
./disk-config.nix
./configuration.nix

79
modules/forgejo-logo.svg Normal file
View file

File diff suppressed because one or more lines are too long
Side by side

After

Width:  |  Height:  |  Size: 40 KiB

7
modules/forgejo.nix
View file

@ -3,6 +3,7 @@
let
customDir = "/var/lib/forgejo/custom";
themeCSS = ./forgejo-theme-gh-hc.css;
logoSVG = ./forgejo-logo.svg;
in
{
services.forgejo = {
@ -45,7 +46,10 @@ in
};
other = {
SHOW_FOOTER_BRANDING = false;
SHOW_FOOTER_VERSION = false;
SHOW_FOOTER_TEMPLATE_LOAD_TIME = false;
ENABLE_SWAGGER = false;
};
openid = {
@ -65,5 +69,8 @@ in
"d ${customDir}/public/assets 0755 forgejo forgejo -"
"d ${customDir}/public/assets/css 0755 forgejo forgejo -"
"C+ ${customDir}/public/assets/css/theme-gh-hc.css 0644 forgejo forgejo - ${themeCSS}"
"d ${customDir}/public/assets/img 0755 forgejo forgejo -"
"C+ ${customDir}/public/assets/img/logo.svg 0644 forgejo forgejo - ${logoSVG}"
"C+ ${customDir}/public/assets/img/favicon.svg 0644 forgejo forgejo - ${logoSVG}"
];
}

62
modules/noisebell.nix Normal file
View file

@ -0,0 +1,62 @@
{ config, ... }:
{
users.groups.noisebell = {};
users.users.noisebell-cache.extraGroups = [ "noisebell" ];
users.users.noisebell-discord.extraGroups = [ "noisebell" ];
users.users.noisebell-rss.extraGroups = [ "noisebell" ];
age.secrets.noisebell-pi-api-key = {
file = ../secrets/noisebell-pi-api-key.age;
group = "noisebell";
mode = "0440";
};
age.secrets.noisebell-inbound-api-key = {
file = ../secrets/noisebell-inbound-api-key.age;
group = "noisebell";
mode = "0440";
};
age.secrets.noisebell-discord-token = {
file = ../secrets/noisebell-discord-token.age;
group = "noisebell";
mode = "0440";
};
age.secrets.noisebell-discord-webhook-secret = {
file = ../secrets/noisebell-discord-webhook-secret.age;
group = "noisebell";
mode = "0440";
};
age.secrets.noisebell-rss-webhook-secret = {
file = ../secrets/noisebell-rss-webhook-secret.age;
group = "noisebell";
mode = "0440";
};
services.noisebell-cache = {
enable = true;
port = 3003;
domain = "noisebell.extremist.software";
piAddress = "http://noisebell:80";
piApiKeyFile = config.age.secrets.noisebell-pi-api-key.path;
inboundApiKeyFile = config.age.secrets.noisebell-inbound-api-key.path;
outboundWebhooks = [
{ url = "https://discord.noisebell.extremist.software/webhook"; secretFile = config.age.secrets.noisebell-discord-webhook-secret.path; }
{ url = "https://rss.noisebell.extremist.software/webhook"; secretFile = config.age.secrets.noisebell-rss-webhook-secret.path; }
];
};
services.noisebell-discord = {
enable = true;
port = 3004;
domain = "discord.noisebell.extremist.software";
discordTokenFile = config.age.secrets.noisebell-discord-token.path;
channelId = "1034916379486322718";
webhookSecretFile = config.age.secrets.noisebell-discord-webhook-secret.path;
};
services.noisebell-rss = {
enable = true;
domain = "rss.noisebell.extremist.software";
webhookSecretFile = config.age.secrets.noisebell-rss-webhook-secret.path;
};
}

BIN
secrets/noisebell-discord-token.age Normal file
View file

Binary file not shown.

7
secrets/noisebell-discord-webhook-secret.age Normal file
View file

@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 uKftJg 9Ts1I3lKnIiDlkti3wqLkMd/O5J2X7eu3jjzCqCJZEs
FmoQ/sj9Iyn9mP6WjHAQyNubk5fvl/wq7iV9WmE+Zng
-> ssh-ed25519 Ziw7aw 2n9PloxmkZfOp7CrIlHU8X4gv0FeWqrXzRbuBlurPnU
0OKghn+2VNq0GhkeUAtNFI7MEMs0iLttqw02a7ticZ0
--- In0BcqmKff+nXF3dc1ArM8dznFJkmwWiDaABguHGaBY
<EFBFBD>LÑ»b8v#_Ó„p~À&ÎS³}QF0NƒàÞ1§S~ªå7×Pþ6T¤îuîTªMë)ü§¢Ôï(fÀ0"ÇNƒ¶E¢«Þ; i

7
secrets/noisebell-inbound-api-key.age Normal file
View file

@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 uKftJg 8VicSc9Efje62LAEUo1ceUeHSyfqJ56JgkmetY6W/mY
xixUVxK3vKespUthQG0QmoucnhCgHBDzpIWcnjBj/uY
-> ssh-ed25519 Ziw7aw UpfNqKBiOIM7BDCg9oOQdQ/lXba8vGeKYp00MJTCogs
Js43kbclj+7yIYPb1htOi8StldIgGlKouIKcbOP8R2w
--- 0qkwj31Z31Fuefmm79uIQsPOAMUqAF7/DOdmRsyb2Ks
VgîãËk8årà®*÷Œo¡¡Zi[÷ÆâP<C3A2>ÎѪÿð¯1Ö¶õ ô#–±Òvlr=§Sk/02faÏkk˜3Éc

BIN
secrets/noisebell-pi-api-key.age Normal file
View file

Binary file not shown.

7
secrets/noisebell-rss-webhook-secret.age Normal file
View file

@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 uKftJg DBgu0g/eKqv1JQRVd6AiQ+RHJflWlSubF7bNWlt9On8
cMUFq8ulscBd+bmhSXj5frIkJOgmYZnyNKnGt1Uj7AA
-> ssh-ed25519 Ziw7aw TnB6blUcqs6TLwYvcajWQEqVwd7SsRC4xxRzqAYXf24
jKgj4MNtpfU4PVy1kaxHrFj1KqNzf5Jv8w+RXz26aFU
--- iJ99MLPpbGA8MDHeverizU7cMHyJG958dK+Cy6YqpH4
íö pŒZÜ%8[öAáž`ØíukúÁâ?j/ZíÅçù&ñ=uI)þ`Hz©^õp<C3B5>sSqVu¿<15>`G).µ®âQ8£aLz¾*ø”;