From 25310fe8b94544544af76f8535dfe33852a187b8 Mon Sep 17 00:00:00 2001 From: Kris Date: Mon, 23 Feb 2026 18:40:12 +0200 Subject: [PATCH] works maybe --- flake.lock | 211 ++++++++++++++++++++++++++++++--- flake.nix | 181 +++++++++++++++------------- hosts/server/configuration.nix | 20 +++- hosts/server/modules/wafrn.nix | 32 +++++ hosts/server/slop/openclaw.nix | 46 +++++++ 5 files changed, 388 insertions(+), 102 deletions(-) create mode 100644 hosts/server/modules/wafrn.nix create mode 100644 hosts/server/slop/openclaw.nix diff --git a/flake.lock b/flake.lock index 36bec1b..976eb20 100644 --- a/flake.lock +++ b/flake.lock @@ -297,7 +297,25 @@ }, "flake-utils_4": { "inputs": { - "systems": "systems_9" + "systems": "systems_8" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_5": { + "inputs": { + "systems": "systems_10" }, "locked": { "lastModified": 1681202837, @@ -359,7 +377,7 @@ }, "gomod2nix": { "inputs": { - "flake-utils": "flake-utils_3", + "flake-utils": "flake-utils_4", "nixpkgs": [ "tangled", "nixpkgs" @@ -419,6 +437,27 @@ } }, "home-manager_3": { + "inputs": { + "nixpkgs": [ + "openclaw", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1767909183, + "narHash": "sha256-u/bcU0xePi5bgNoRsiqSIwaGBwDilKKFTz3g0hqOBAo=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "cd6e96d56ed4b2a779ac73a1227e0bb1519b3509", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_4": { "inputs": { "nixpkgs": [ "zen-browser", @@ -1145,6 +1184,24 @@ "type": "github" } }, + "nix-steipete-tools": { + "inputs": { + "nixpkgs": "nixpkgs_10" + }, + "locked": { + "lastModified": 1771639217, + "narHash": "sha256-eidzES1s+0/Ngkw0fmLGdZ+NSN6P7RwKD0lPLYGqZoU=", + "owner": "openclaw", + "repo": "nix-steipete-tools", + "rev": "95ebfa73f4421144173f7060433c510a7d2d014a", + "type": "github" + }, + "original": { + "owner": "openclaw", + "repo": "nix-steipete-tools", + "type": "github" + } + }, "nixos-hardware": { "locked": { "lastModified": 1762847253, @@ -1178,6 +1235,38 @@ } }, "nixpkgs_10": { + "locked": { + "lastModified": 1767364772, + "narHash": "sha256-fFUnEYMla8b7UKjijLnMe+oVFOz6HjijGGNS1l7dYaQ=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "16c7794d0a28b5a37904d55bcca36003b9109aaa", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_11": { + "locked": { + "lastModified": 1767767207, + "narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "5912c1772a44e31bf1c63c0390b90501e5026886", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_12": { "locked": { "lastModified": 1766070988, "narHash": "sha256-G/WVghka6c4bAzMhTwT2vjLccg/awmHkdKSd2JrycLc=", @@ -1193,7 +1282,7 @@ "type": "github" } }, - "nixpkgs_11": { + "nixpkgs_13": { "locked": { "lastModified": 1754725699, "narHash": "sha256-iAcj9T/Y+3DBy2J0N+yF9XQQQ8IEb5swLFzs23CdP88=", @@ -1209,7 +1298,7 @@ "type": "github" } }, - "nixpkgs_12": { + "nixpkgs_14": { "locked": { "lastModified": 1682134069, "narHash": "sha256-TnI/ZXSmRxQDt2sjRYK/8j8iha4B4zP2cnQCZZ3vp7k=", @@ -1223,7 +1312,23 @@ "type": "indirect" } }, - "nixpkgs_13": { + "nixpkgs_15": { + "locked": { + "lastModified": 1771419570, + "narHash": "sha256-bxAlQgre3pcQcaRUm/8A0v/X8d2nhfraWSFqVmMcBcU=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "6d41bc27aaf7b6a3ba6b169db3bd5d6159cfaa47", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-25.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_16": { "locked": { "lastModified": 1762977756, "narHash": "sha256-4PqRErxfe+2toFJFgcRKZ0UI9NSIOJa+7RXVtBhy4KE=", @@ -1331,11 +1436,11 @@ }, "nixpkgs_8": { "locked": { - "lastModified": 1763835633, - "narHash": "sha256-HzxeGVID5MChuCPESuC0dlQL1/scDKu+MmzoVBJxulM=", + "lastModified": 1771369470, + "narHash": "sha256-0NBlEBKkN3lufyvFegY4TYv5mCNHbi5OmBDrzihbBMQ=", "owner": "nixos", "repo": "nixpkgs", - "rev": "050e09e091117c3d7328c7b2b7b577492c43c134", + "rev": "0182a361324364ae3f436a63005877674cf45efb", "type": "github" }, "original": { @@ -1383,6 +1488,27 @@ "type": "github" } }, + "openclaw": { + "inputs": { + "flake-utils": "flake-utils_2", + "home-manager": "home-manager_3", + "nix-steipete-tools": "nix-steipete-tools", + "nixpkgs": "nixpkgs_11" + }, + "locked": { + "lastModified": 1771657318, + "narHash": "sha256-xFDNFFN5U9wtMcj1iACmoL6W4PWJeg9C0Pk2+BoY09s=", + "owner": "openclaw", + "repo": "nix-openclaw", + "rev": "fbef2087190ccfca375b351cdaad49bcbaea721a", + "type": "github" + }, + "original": { + "owner": "openclaw", + "repo": "nix-openclaw", + "type": "github" + } + }, "pre-commit-hooks": { "inputs": { "flake-compat": "flake-compat_2", @@ -1419,10 +1545,12 @@ "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_8", "nvf": "nvf", + "openclaw": "openclaw", "spacebar": "spacebar", "tangled": "tangled", "tuxstrap": "tuxstrap", "vscode-server": "vscode-server", + "wafrn": "wafrn", "zen-browser": "zen-browser" } }, @@ -1449,7 +1577,7 @@ }, "spacebar": { "inputs": { - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils_3", "nixpkgs": [ "nixpkgs" ] @@ -1496,6 +1624,21 @@ "type": "github" } }, + "systems_10": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "systems_2": { "locked": { "lastModified": 1689347949, @@ -1627,7 +1770,7 @@ "indigo": "indigo", "inter-fonts-src": "inter-fonts-src", "lucide-src": "lucide-src", - "nixpkgs": "nixpkgs_10", + "nixpkgs": "nixpkgs_12", "sqlite-lib-src": "sqlite-lib-src" }, "locked": { @@ -1669,8 +1812,8 @@ "tuxstrap": { "inputs": { "bun2nix": "bun2nix", - "nixpkgs": "nixpkgs_11", - "systems": "systems_8" + "nixpkgs": "nixpkgs_13", + "systems": "systems_9" }, "locked": { "lastModified": 1764446863, @@ -1688,8 +1831,8 @@ }, "vscode-server": { "inputs": { - "flake-utils": "flake-utils_4", - "nixpkgs": "nixpkgs_12" + "flake-utils": "flake-utils_5", + "nixpkgs": "nixpkgs_14" }, "locked": { "lastModified": 1753541826, @@ -1705,6 +1848,42 @@ "type": "github" } }, + "wafrn": { + "inputs": { + "nixpkgs": "nixpkgs_15", + "wafrn-src": "wafrn-src" + }, + "locked": { + "lastModified": 1771530828, + "narHash": "sha256-U9gTyZILNGjK4kbSKsR6xPGFV/sjvzDFRreDXWyg5hE=", + "ref": "refs/heads/main", + "rev": "715d83e0a1730b2bb4e649941863ed67d964ad65", + "revCount": 11, + "type": "git", + "url": "https://git.ocbwoy3.dev/kris/wafrn-nix" + }, + "original": { + "type": "git", + "url": "https://git.ocbwoy3.dev/kris/wafrn-nix" + } + }, + "wafrn-src": { + "flake": false, + "locked": { + "lastModified": 1770394446, + "narHash": "sha256-yUGn0HjwEDJOLlwcNP+ZfCjU04x9Y6PkmeahdcEP23A=", + "ref": "main", + "rev": "01e89d8fd0ba56d5781e4671a54531563d1a46c6", + "revCount": 6083, + "type": "git", + "url": "https://codeberg.org/wafrn/wafrn" + }, + "original": { + "ref": "main", + "type": "git", + "url": "https://codeberg.org/wafrn/wafrn" + } + }, "xdph": { "inputs": { "hyprland-protocols": [ @@ -1748,8 +1927,8 @@ }, "zen-browser": { "inputs": { - "home-manager": "home-manager_3", - "nixpkgs": "nixpkgs_13" + "home-manager": "home-manager_4", + "nixpkgs": "nixpkgs_16" }, "locked": { "lastModified": 1764007718, diff --git a/flake.nix b/flake.nix index 6287fe3..d9b191f 100644 --- a/flake.nix +++ b/flake.nix @@ -1,97 +1,108 @@ { - description = "Dark World Exclusive Nix Flake (Totally not a Deltarune reference)"; + description = "Dark World Exclusive Nix Flake (Totally not a Deltarune reference)"; - inputs = { - # Core - nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; - nixos-hardware.url = "github:NixOS/nixos-hardware/master"; - home-manager.url = "github:nix-community/home-manager"; + inputs = { + # Core + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + nixos-hardware.url = "github:NixOS/nixos-hardware/master"; + home-manager.url = "github:nix-community/home-manager"; - # Desktop + Theming - catppuccin.url = "github:catppuccin/nix"; - hyprland = { - url = "github:hyprwm/Hyprland"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - hyprlock.url = "github:hyprwm/hyprlock"; - hyprsysteminfo.url = "github:hyprwm/hyprsysteminfo"; - ghostty.url = "github:ghostty-org/ghostty"; - zen-browser.url = "github:0xc000022070/zen-browser-flake"; + # Desktop + Theming + catppuccin.url = "github:catppuccin/nix"; + hyprland = { + url = "github:hyprwm/Hyprland"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + hyprlock.url = "github:hyprwm/hyprlock"; + hyprsysteminfo.url = "github:hyprwm/hyprsysteminfo"; + ghostty.url = "github:ghostty-org/ghostty"; + zen-browser.url = "github:0xc000022070/zen-browser-flake"; - # Programs - tuxstrap.url = "git+https://tangled.org/kris.darkworld.download/tuxstrap"; - - # Package tooling - chaotic.url = "github:chaotic-cx/nyx/nyxpkgs-unstable"; - nix-flatpak.url = "github:gmodena/nix-flatpak/?ref=v0.4.1"; - nvf.url = "github:notashelf/nvf"; + # Programs + tuxstrap.url = "git+https://tangled.org/kris.darkworld.download/tuxstrap"; - # Extras - tangled.url = "git+https://tangled.sh/tangled.sh/core"; - vscode-server.url = "github:nix-community/nixos-vscode-server"; - spacebar = { - url = "github:spacebarchat/server"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - }; + # Package tooling + chaotic.url = "github:chaotic-cx/nyx/nyxpkgs-unstable"; + nix-flatpak.url = "github:gmodena/nix-flatpak/?ref=v0.4.1"; + nvf.url = "github:notashelf/nvf"; - # Required by NixOS: - # ./hardware-configuration.nix + # Extras + tangled.url = "git+https://tangled.sh/tangled.sh/core"; + wafrn.url = "git+https://git.ocbwoy3.dev/kris/wafrn-nix"; + vscode-server.url = "github:nix-community/nixos-vscode-server"; + spacebar = { + url = "github:spacebarchat/server"; + inputs.nixpkgs.follows = "nixpkgs"; + }; - # inputs.home-manager.nixosModules.default - # catppuccin.nixosModules.catppuccin - # nix-flatpak.nixosModules.nix-flatpak + # slop + openclaw.url = "github:openclaw/nix-openclaw"; + }; - outputs = { self, nixpkgs, ... }@inputs: { - nixosConfigurations.default = nixpkgs.lib.nixosSystem { - specialArgs = { - inherit inputs; - }; - modules = [ - # inputs.nixos-hardware.nixosModules.common-gpu-nvidia - inputs.home-manager.nixosModules.default - inputs.catppuccin.nixosModules.catppuccin - inputs.nix-flatpak.nixosModules.nix-flatpak - # inputs.chaotic.nixosModules.default - inputs.chaotic.nixosModules.nyx-cache - inputs.chaotic.nixosModules.nyx-overlay - inputs.chaotic.nixosModules.nyx-registry - # ./hosts/default/hardware-configuration.nix + # Required by NixOS: + # ./hardware-configuration.nix - # lil hack to not use --impure when rebuilding nixos >:3 - "/etc/nixos/hardware-configuration.nix" - - ./hosts/default/configuration.nix - ]; - }; - nixosConfigurations.server = nixpkgs.lib.nixosSystem { - specialArgs = { - inherit inputs; - }; - modules = [ - inputs.catppuccin.nixosModules.catppuccin - inputs.tangled.nixosModules.knot - inputs.tangled.nixosModules.spindle - inputs.vscode-server.nixosModules.default + # inputs.home-manager.nixosModules.default + # catppuccin.nixosModules.catppuccin + # nix-flatpak.nixosModules.nix-flatpak - inputs.chaotic.nixosModules.nyx-cache - inputs.chaotic.nixosModules.nyx-overlay - inputs.chaotic.nixosModules.nyx-registry + outputs = + { self, nixpkgs, ... }@inputs: + { + nixosConfigurations.default = nixpkgs.lib.nixosSystem { + specialArgs = { + inherit inputs; + }; + modules = [ + # inputs.nixos-hardware.nixosModules.common-gpu-nvidia + inputs.home-manager.nixosModules.default + inputs.catppuccin.nixosModules.catppuccin + inputs.nix-flatpak.nixosModules.nix-flatpak + # inputs.chaotic.nixosModules.default + inputs.chaotic.nixosModules.nyx-cache + inputs.chaotic.nixosModules.nyx-overlay + inputs.chaotic.nixosModules.nyx-registry + # ./hosts/default/hardware-configuration.nix - # lil hack to not use --impure when rebuilding nixos >:3 - "/etc/nixos/hardware-configuration.nix" - - ./hosts/server/configuration.nix - ]; - }; - nixosConfigurations.fix_nixpkgs = nixpkgs.lib.nixosSystem { - specialArgs = { - inherit inputs; - }; - modules = [ - ./modules/nixos/nixpkgs.nix - /etc/nixos/configuration.nix - ]; - }; - }; + # lil hack to not use --impure when rebuilding nixos >:3 + "/etc/nixos/hardware-configuration.nix" + + ./hosts/default/configuration.nix + ]; + }; + nixosConfigurations.server = nixpkgs.lib.nixosSystem { + specialArgs = { + inherit inputs; + }; + modules = [ + # inputs.home-manager.nixosModules.default + inputs.catppuccin.nixosModules.catppuccin + inputs.tangled.nixosModules.knot + inputs.wafrn.nixosModules.default + + inputs.tangled.nixosModules.spindle + inputs.vscode-server.nixosModules.default + # inputs.openclaw.nixosModules.openclaw-gateway + # inputs.openclaw.homeManagerModules.openclaw + + inputs.chaotic.nixosModules.nyx-cache + inputs.chaotic.nixosModules.nyx-overlay + inputs.chaotic.nixosModules.nyx-registry + + # lil hack to not use --impure when rebuilding nixos >:3 + "/etc/nixos/hardware-configuration.nix" + + ./hosts/server/configuration.nix + ]; + }; + nixosConfigurations.fix_nixpkgs = nixpkgs.lib.nixosSystem { + specialArgs = { + inherit inputs; + }; + modules = [ + ./modules/nixos/nixpkgs.nix + /etc/nixos/configuration.nix + ]; + }; + }; } diff --git a/hosts/server/configuration.nix b/hosts/server/configuration.nix index a37be07..451cad6 100644 --- a/hosts/server/configuration.nix +++ b/hosts/server/configuration.nix @@ -8,11 +8,13 @@ { imports = [ ./modules/atproto-pds.nix + ./modules/wafrn.nix ./modules/cloudflare.nix ./modules/tangled.nix ../../modules/force.nix ./modules/gitea.nix ./modules/vaultwarden.nix + # ./slop/openclaw.nix ]; # gcc. shit breaks. wtf @@ -57,6 +59,7 @@ hyfetch pm2 steam-run + opencode ]; users.users.ocbwoy3 = { @@ -70,7 +73,22 @@ shell = pkgs.zsh; }; - virtualisation.docker.enable = true; + virtualisation.docker = { + enable = true; + daemon.settings = { + "log-driver" = "local"; + "log-opts" = { + "max-size" = "10m"; + "max-file" = "3"; + }; + "live-restore" = true; + }; + }; + + systemd.services.docker.serviceConfig = { + CPUQuota = "200%"; + MemoryMax = "12G"; + }; services.mongodb = { enable = true; diff --git a/hosts/server/modules/wafrn.nix b/hosts/server/modules/wafrn.nix new file mode 100644 index 0000000..28c290d --- /dev/null +++ b/hosts/server/modules/wafrn.nix @@ -0,0 +1,32 @@ +{ + config, + inputs, + pkgs, + ... +}: + +{ + + # DONT ENABLE YET!! + services.wafrn = { + enable = false; + stateDir = "/var/lib/wafrn"; + secretsFile = "/private/wafrn/secrets.env"; + caddyConfigDir = "/private/wafrn/caddy"; + + # cloudflared doesnt need https + httpPort = 6767; + httpsPort = null; + + environment = { + DOMAIN_NAME = "cyberworld.darkworld.download"; + CACHE_DOMAIN = "cyberworld-cache.darkworld.download"; + MEDIA_DOMAIN = "cyberworld-media.darkworld.download"; + FRONTEND_MEDIA_URL = "https://cyberworld-media.darkworld.download"; + FRONTEND_CACHE_URL = "https://cyberworld-cache.darkworld.download/api/cache?media="; + FRONTEND_FQDN_URL = "https://cyberworld.darkworld.download"; + ACME_EMAIL = "kris@darkworld.download"; + }; + }; + +} diff --git a/hosts/server/slop/openclaw.nix b/hosts/server/slop/openclaw.nix new file mode 100644 index 0000000..4f9bc68 --- /dev/null +++ b/hosts/server/slop/openclaw.nix @@ -0,0 +1,46 @@ +{ + config, + pkgs, + lib, + ... +}: + +{ + + users.openclaw = { + isNormalUser = true; + home = "/openclaw"; + description = "OpenClaw Agent"; + extraGroups = [ "docker" ]; + group = "agents"; + }; + + home-manager.users.openclaw = + { + pkgs, + }: + { + programs.openclaw = { + enable = true; + config = { + gateway = { + mode = "local"; + auth = { + token = ""; # or set OPENCLAW_GATEWAY_TOKEN + }; + }; + + channels.telegram = { + tokenFile = "/run/agenix/telegram-bot-token"; # any file path works + allowFrom = [ 12345678 ]; # your Telegram user ID + }; + }; + + # Built-ins (tools + skills) shipped via nix-steipete-tools. + plugins = [ + { source = "github:openclaw/nix-steipete-tools?dir=tools/summarize"; } + ]; + }; + }; + +}