Merge branch 'main' of git.sealight.xyz:aynish/helm

hosts/darwin/casks/default.nix

@@ -22,6 +22,7 @@
     "wireshark"
     "1password"
     "orbstack"
+    # "aerospace"
 
     # Communication Tools
     # Already installed manually

hosts/darwin/default.nix

@@ -3,7 +3,7 @@
 {
   imports = [
     ./sketchybar
-    ./yabai
+    # ./yabai # Now using aerospace
     # ./casks
     # ../../modules/darwin/home-manager.nix
     # ../../modules/shared
@@ -45,7 +45,7 @@
   };
 
   # Auto upgrade nix package and the daemon service.
-  services.nix-daemon.enable = true;
+  # services.nix-daemon.enable = true; # removed in newer nix-darwin
   nixpkgs.hostPlatform = "aarch64-darwin";
   programs.zsh.enable = true;
 
@@ -55,7 +55,7 @@
     settings.trusted-users = [ "@admin" "anishlakhwara" ];
 
     gc = {
-      user = "root";
+      # user = "root"; # removed in newer nix-darwin
       automatic = true;
       interval = { Weekday = 0; Hour = 2; Minute = 0; };
       options = "--delete-older-than 30d";
@@ -85,11 +85,14 @@
     siji
     font-awesome
     proggyfonts
-    (nerdfonts.override { fonts = [ "FiraCode" "DroidSansMono" "Iosevka" ]; })
+    nerd-fonts.fira-code
+    nerd-fonts.droid-sans-mono
+    nerd-fonts.iosevka
   ];
 
   system = {
     stateVersion = 4;
+    primaryUser = "anishlakhwara";  # required for newer nix-darwin
 
     keyboard = {
       enableKeyMapping = true;

hosts/deck/configuration.nix

@@ -73,8 +73,9 @@
   # };
 
   # Enable automatic login for the user.
-  services.xserver.displayManager.autoLogin.enable = true;
-  services.xserver.displayManager.autoLogin.user = "anish";
+  # Disabled: jovian.steam.autoStart handles this
+  # services.xserver.displayManager.autoLogin.enable = true;
+  # services.xserver.displayManager.autoLogin.user = "anish";
 
   # Workaround for GNOME autologin: https://github.com/NixOS/nixpkgs/issues/103746#issuecomment-945091229
   systemd.services."getty@tty1".enable = false;

hosts/deck/default.nix

@@ -1,4 +1,4 @@
-{ self, pkgs, config, ... }:
+{ self, pkgs, config, lib, ... }:
 {
   imports = [
     ./configuration.nix
@@ -37,6 +37,9 @@
   jovian.steam.autoStart = true;
   jovian.steam.desktopSession = "gamescope-wayland";
 
+  # Disable lightdm from desktop profile
+  services.xserver.displayManager.lightdm.enable = lib.mkForce false;
+
   # Install XR drivers
   # environment.systemPackages = with pkgs; [
   #   xrlinuxdriver

hosts/lituus/block-storage.nix

@@ -0,0 +1,53 @@
+{ config, lib, pkgs, ... }:
+
+{
+  # Block storage mount
+  fileSystems."/srv/sealight" = {
+    device = "/dev/disk/by-id/virtio-mel-3b1f60a89cd649";
+    fsType = "ext4";
+    options = [ "noatime" ];
+  };
+
+  # Bind mounts for service data
+  # PostgreSQL moved to NVMe for performance - data lives directly on /var/lib/postgresql
+  # fileSystems."/var/lib/postgresql" = {
+  #   device = "/srv/sealight/postgresql";
+  #   fsType = "none";
+  #   options = [ "bind" "x-systemd.requires-mounts-for=/srv/sealight" ];
+  # };
+
+  fileSystems."/var/lib/matrix-synapse" = {
+    device = "/srv/sealight/matrix-synapse";
+    fsType = "none";
+    options = [ "bind" "x-systemd.requires-mounts-for=/srv/sealight" ];
+  };
+
+  fileSystems."/var/lib/matrix-as-discord" = {
+    device = "/srv/sealight/matrix-as-discord";
+    fsType = "none";
+    options = [ "bind" "x-systemd.requires-mounts-for=/srv/sealight" ];
+  };
+
+  fileSystems."/var/lib/mautrix-telegram" = {
+    device = "/srv/sealight/mautrix-telegram";
+    fsType = "none";
+    options = [ "bind" "x-systemd.requires-mounts-for=/srv/sealight" ];
+  };
+
+  fileSystems."/var/lib/wireguard" = {
+    device = "/srv/sealight/wireguard";
+    fsType = "none";
+    options = [ "bind" "x-systemd.requires-mounts-for=/srv/sealight" ];
+  };
+
+  fileSystems."/var/www" = {
+    device = "/srv/sealight/www";
+    fsType = "none";
+    options = [ "bind" "x-systemd.requires-mounts-for=/srv/sealight" ];
+  };
+
+  # Ensure services wait for mounts
+  # PostgreSQL no longer needs to wait for /srv/sealight mount
+  # systemd.services.postgresql.unitConfig.RequiresMountsFor = [ "/srv/sealight" ];
+  systemd.services.matrix-synapse.unitConfig.RequiresMountsFor = [ "/srv/sealight" ];
+}

hosts/lituus/default.nix

@@ -1,7 +1,9 @@
 { self, profiles, suites, ... }:
 {
   imports = [
+    ./hardware-configuration.nix
     ./configuration.nix
+    ./block-storage.nix
     ../profiles/core
     ../profiles/server
     ../profiles/metrics

hosts/lituus/hardware-configuration.nix

@@ -1,27 +1,22 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 
 {
-  imports =
-    [
-      (modulesPath + "/profiles/qemu-guest.nix")
-    ];
+  imports = [ ];
 
-  boot.initrd.availableKernelModules = [ "ata_piix" "floppy" "virtio_pci" "sr_mod" "virtio_blk" ];
+  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ];
   boot.initrd.kernelModules = [ ];
   boot.kernelModules = [ ];
   boot.extraModulePackages = [ ];
 
-  fileSystems."/" =
-    {
-      device = "/dev/disk/by-uuid/3b8b2c4b-835e-4822-8ac8-0effdc8270d6";
-      fsType = "btrfs";
-    };
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/f9e9468f-ff3b-430d-9ecf-ba275cf2f716";
+    fsType = "ext4";
+  };
 
   swapDevices = [ ];
 
-  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-  nixpkgs.hostPlatform = "x86_64-linux";
+  networking.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  virtualisation.hypervGuest.enable = true;
 }

hosts/profiles/matrix/default.nix

@@ -17,11 +17,14 @@
   age.secrets.synapse-config.file = "${self}/secrets/synapse-config.age";
   age.secrets.synapse-config.owner = "matrix-synapse";
 
+  systemd.services.matrix-synapse.serviceConfig.TimeoutStartSec = "10min";
+  
   services.matrix-synapse = {
     enable = true;
     settings = {
       max_upload_size = "100M";
       server_name = "sealight.xyz";
+      federation_sender_instances = [];
       listeners = [
         {
           port = 8448;
@@ -210,7 +213,12 @@
           root = "/var/www/sealight.xyz";
         };
         locations."/_matrix" = {
-          proxyPass = "http://localhost:8448";
+          proxyPass = "http://127.0.0.1:8448";
+          extraConfig = ''
+            proxy_read_timeout 300s;
+            proxy_connect_timeout 300s;
+            proxy_send_timeout 300s;
+          '';
         };
         # locations."/slackbridge" = {
         #   proxyPass = "http://localhost:9899";
@@ -222,6 +230,11 @@
         enableACME = true;
         locations."/" = {
           proxyPass = "http://localhost:8448";
+          extraConfig = ''
+            proxy_read_timeout 300s;
+            proxy_connect_timeout 300s;
+            proxy_send_timeout 300s;
+          '';
         };
       };
       ## virtual host for Riot/Web