| Age | Commit message (Collapse) | Author |
|---|
|
This commit configures Nginx as a reverse proxy for the Syncthing web
interface, making it accessible via syncthing.bensima.com with SSL
encryption. The configuration includes proper header forwarding and
WebSocket support for the Syncthing GUI.
Additionally, this commit explicitly opens the required firewall ports
for Syncthing's operation, including the GUI port, sync port (22000),
and discovery broadcast port (21027).
|
|
Moved Syncthing configuration from Lithium's configuration file to a
dedicated module in Cloud directory. This change improves organization
by placing the service with other cloud-related configurations.
The new module includes comprehensive Syncthing setup with proper user
configuration, firewall rules, and default settings. It's now imported
in Cloud.nix to make it available to the cloud infrastructure.
|
|
Having this in its own file makes it easier to work on. Then I was able to
figure out (with lots of debugging and trial+error with Claude) the actual
permissions settings that result in a shared calendar. It's very fiddly because
it is matching on usernames and directories using regex, and I think it's
order-dependent as well.
|
|
This does the full transition: web server, mail server, xmpp. I expect some
disruption, but hopefully this is everything and it just switches over without
any problem.
|
|
I prefer et over mosh, so I tend to reach for it. Might as well just enable it
everywhere, at the Os/Base.nix level rather than individual systems.
|
|
Added header checks for optaltechtld.com domain to block incoming spam
emails claiming to be from MetaMask. The configuration includes checks
for Received, From, Return-Path, and Sender headers containing this
domain, rejecting any matching messages at the mail server level.
|
|
These are broken in upstream nixpkgs. Updating didn't fix them, so I'm just
gonna disable them for now. I'm using pipx to install aider anyway.
Also: Remove _ literal from GLOBIGNORE. I think it was causing the **/* glob to
include stuff in the cabdir, idk why.
|
|
This is just so I can run gemma3. Ollama has more than just a src hash, it needs
the godeps hash as well, so I can't simply track it with `deps` unfortunately.
|
|
This commit adds the novastells.com.es domain to our mail server's
blocklist by configuring Postfix header checks to reject messages
from this domain. The implementation checks for the domain in
multiple mail headers (Received, From, Return-Path, and Sender)
to ensure comprehensive blocking.
The commit also improves the comment above the headerChecks section
to better reflect its purpose of blocking multiple unwanted domains.
|
|
Configure Postfix to reject all emails from perfora.net by adding
header_checks rules that inspect both From and Received headers.
Implementation includes:
1. Adding header_checks configuration to Postfix
2. Creating a regexp file with rules to block the domain
3. Setting up an activation script to ensure proper file linking
This change helps prevent unwanted messages from this specific domain
while maintaining normal mail service for all other senders.
|
|
Configure Monica on Omni/Cloud. I had to setup PHP FastCGI so that nginx handles
the PHP requests properly, and setup an email address for the service.
|
|
This seems more complete than gptme so I'll test itnout for a while.
|
|
This was actually really easy to setup (with the help of Claude) and now I can
block bad sites on my tailnet. And no more ads either, haha the web is readable
again.
|
|
This changed when I setup my new router.
|
|
I really need a better way of setting this port rather than manually updating it
when I reconfigure emby.
|
|
Because tv.simatime.com is easier to type and remember than the feralhosting URL
with the port and everything.
|
|
For use with termux.
|
|
Some things got through the CI system, probably during updates. So I had more
stupid little fixes to do. I should really improve bild to the point that these
won't happen anymore and builds don't take so long.
|
|
I got this from the upstream branch jd/zx2c4-deployment, which does have the
below commit implementing dark mode. I first cherry-picked the commit to master
but it wouldn't build. Then I realized that the last cut release was v1.2.3 from
5 years ago, and that's what nixpkgs has pinned, so I cherry-picked it onto
v1.2.3 and it went cleanly and built okay. So that's what I landed on. Maybe it
would be better to use a patch instead of pushing my own fork like this, but
whatever this works just fine. I can always switch to the patch method later.
https://git.zx2c4.com/cgit/commit/?h=jd/zx2c4-deployment&id=8ed1bef90f631989c0cadc326a163b874a64e02d
|
|
I couldn't use llm-ollama because it required some package upgrades, so I
started going down that rabbit hole and ended up 1) realizing that these
packages are way out of date now, and 2) fiddling with overrides to get
everything to work. I finally figured it out, the `postPatch` in ollama-python
was throwing me off for like half a day.
Anyway, one thing to note is that these are changing fast and I need to either
move onto nixpkgs unstable for python stuff, or maintain my own builds of all of
these. Not sure which is more appropriate right now.
Oh and I had to fixup some logging stuff in Biz/Storybook.py because ruff
started complaining about something, which is weird because I don't think the
version changed? But it was easy enough to change.
|
|
This is just for conferencing for work stuff, interviews and the like, it seems
to work better as a system package than in a nix-shell or whatever.
|
|
This is a very nice web ui frontend similar to ChatGPT that can use both OpenAI
and Ollama as backends at the same time. Currently I'm just using it locally but
eventually I think I'll expose it over the internet and use it as my go-to LLM
interface.
|
|
Removed the murmur server from Lithium and started broadcasting on bensima.com
rather than simatime.com. Eventually I will move everything over there.
|
|
OBS wouldn't allow me to stream because there was something wrong with `nvenc`,
which I guess is the nvidia encoding library? Anyway searching around I found
this nvidia-patch overlay and it fixed it right away, so that's cool.
|
|
This guards against network failures that may put the system in an unusable
state. It's included in nixos-rebuild, so I should include it here in some form
too.
https://github.com/NixOS/nixpkgs/pull/258571
|
|
Supposedly, running the nix-env command before switch-to-configuration will
result in the grub entry being updated appropriately, and this is how
nixos-rebuild does it.
https://discourse.nixos.org/t/how-to-update-grub-entries-with-nixos-config-built-with-nix-build/1826/2
|
|
Contra d2edf150cf2c876971383a4a484f289ce7e7f680, this module is the one place
that I do need the stupid __main__ thing.
|
|
Like the previous commit, this matches Omni/Test.hs.
|
|
This matches Omni/App.hs, and I'll use it in future projects.
|
|
Apparently the driSupport is no longer needed, so I had to delete that. Anyway
moving the Docker dev stuff to a centralized file should be helpful and ensure
that it continues to work the same way across systems.
|
|
I read that this was desired for nvidia stuff, so I enabled it. Not sure if its
necessary but it doesn't hurt anything I guess.
|
|
This should have been done before as it only pertains to Lithium.
|
|
Slowly moving everything to this domain, it will take a while though.
|
|
I realized I don't need this stupid `__main__` convention anymore because my
build system always calls Python programs like `python -m main`, so I just need
to have a function named `main()`. I also started adding some general coding
conventions to the README and fixed a typo.
|
|
This replaces the manually-curated nixTargets list in Bild.hs. Now any nix file
that has the executable bit set will be built.
I added run.sh shebangs to each of the buildable nix targets as well. When
executing these, they will succeed at building, but they have no 'out' metadata,
and so when run.sh tries to exec them, it will fail. This is fine for now.
How would one go about execing a linux tree anyway? If all of the nix targets
output something standard like a qemu image or a container, then I could have a
standard wrapper that calls the image and starts the system. That might be the
ideal way to have a runnable nix target. But this would require rethinking my
infrastructure and how to deploy things, so I can't quite do that yet.
|
|
I often want to view gitstats but I always forget how to generate and view them,
so this script simply captures this workflow and tests that it continues to
work.
|
|
This was previously implemented in c467f7611f66b6d9b9dcb589ed534374cd7b2e6c but
got lost when I updated nixos at some point. And then I noticed ClaudeBot was
crawling my code while I was working on the previous commit. I don't really like
that, so I'll just add this noindex and see if it stops.
|
|
After the update, the /git endpoint was redirecting in circles and I couldn't
figure out why. Eventually I just moved it to a subdomain, and in the process I
found out that the git-daemon thing doesn't work anymore because of the user
ownership of the repos, as mentioned in the long comment. So I just disabled
that. Now it works, but cloning is only available over ssh, and that's fine I
guess.
|
|
The problem was that the ssl cert wasn't renewing. I added the domains to the
nginx config, and cleaned up some other stuff. During debug I also udpated
nixos-mailserver and nixos stable because I thought it would fix something; it
didn't but I might as well use the updated versions of stuff since it seems to
still work fine.
|
|
The idea is for an LLM to read this to understand the repo.
|
|
I mostly wanted a formatter that would format `inherit` blocks
vertically, because otherwise they are super hard to read when diffing
or even just editing. Both alejandra and the new nixos/nixfmt format
verically like this, but alejandra has slightly better format (I guess)
and for some reason nixfmt did not respect my `GLOBIGNORE` setting when
doing `nixfmt **/*.nix` so it was trying to format stuff in `_/nix`, and
failed. So anyway I went with alejandra.
- https://github.com/kamadorueda/alejandra
- https://discourse.nixos.org/t/enforcing-nix-formatting-in-nixpkgs/49506
|
|
It's good to update, I think nixos 24.05 was deprecated anyway. The iPython
dontCheck is because there was a test timeout; I don't even know why iPython is
being pulled in but whatever.
|
|
This is the correct way to publish commits. Previously I was doing the annoying
`git branch -f live HEAD && git push` thing. This is better because its a single
command and doing the subsequent `git sync -u` will update your local `live`
branch.
|
|
With run.sh, we can build and run the file in one go. This means we can also use
it as an interpreter in a shebang line and properly use the Unix executable bit.
This is pretty cool and gives a few advantages: running any executable file is
just `exec file.hs` or even `./file.hs`, finding all executables is `fd -t x`,
you don't need to specify or know an `out` name to run something, execution of a
program is standardized.
There is a hack to get this to work. In C and Common Lisp, `#!` is illegal
syntax, so I had to use shell syntax to invoke run.sh, call it on the current
file, and then exit the shell script. Meanwhile, run.sh takes the file and evals
the whole thing, building and running it. As long as either `//` or `;` is a
comment character in the target language, then this works. Maybe a better thing
to do would be to pre-process the file and remove the `#!` before passing it to
the C compiler, like [ryanmjacobs/c][1] and [tcc][2]? However this won't work in
Lisp because then I can't just load the file directly into the repl, so maybe
the comment hack needs to stay.
[1]: https://github.com/ryanmjacobs/c/tree/master
[2]: https://repo.or.cz/tinycc.git/blob/HEAD:/tccrun.c
|
|
I put the storybook into a new Biz.nix deploy target. The idea here is that any
Biz/* targets should be hosted by this one VM for simplicity. Over time I can
grow this as need be, but this should work to host a few services.
|
|
I need a way to reliably get a NixOS VM provisioned in the cloud, and the
easiest way to do this is to create a qcow2 image, upload it to Digital Ocean,
and use that to start a droplet. This is very much a manual process, but that's
fine, I shouldn't need to do it very often (for now).
|
|
I deleted the tests because they were overspecifying the functionality. My
mistake was to try and build out the objects and endpoints before the end-to-end
sync thing was fully working. And then I misunderstood how to do async with
HTMX, I was overcomplicating it trying to create objects and endpoints for
everything instead of just focusing on the HTML that I should be
generating. This all just led to a clusterfuck of code doing all the wrong
things in the wrong places.
So far this is much better architected. And it turns out that using image n-1
with OpenAI's create_variation function doesn't work very well anyway, so I
scrapped that too; I'll have to look into different image gen services in the
future.
|
|
These were contributed in part by gptme, thanks!
|
|
This adds the Images endpoint and related functions for loading and saving
images to the filesystem.
In the view layer, it also loads the images asynchronously using HTMX, so the
images get lazy-loaded only when they are done generating.
|
|
The cabdir was getting really large and doing a `bild **/*` was actually taking
a long time to just startup. Turns out you can configure bash to ignore certain
patterns for all globs. How convenient!
|
