e

Signed-off-by: Alex Stan <alex.stan.2010@proton.me>

.gitignore

@@ -1,2 +1,6 @@
 result
 hosts/titan/services/lemmy_credentials.txt
+hosts/titan/services/Sharkey/.config/*
+hosts/titan/services/Sharkey/files
+hosts/titan/services/Sharkey/db
+hosts/titan/services/Sharkey/redis

flake.lock

@@ -68,11 +68,11 @@
         "rust-overlay": "rust-overlay"
       },
       "locked": {
-        "lastModified": 1703102678,
-        "narHash": "sha256-MR91Ytt9Jf63dshn7LX64LWAVygbZgQYkcTIKhfVNXI=",
+        "lastModified": 1708778800,
+        "narHash": "sha256-CCwOEyCtn/y9IxhY64OTr1iDyPl2XjrF2u93Z2ex56E=",
         "owner": "elkowar",
         "repo": "eww",
-        "rev": "65d622c81f2e753f462d23121fa1939b0a84a3e0",
+        "rev": "7bfd47eb8130f02f2a8f695c255df2f5302636b4",
         "type": "github"
       },
       "original": {
@@ -84,11 +84,11 @@
     "flake-compat": {
       "flake": false,
       "locked": {
-        "lastModified": 1650374568,
-        "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
+        "lastModified": 1696426674,
+        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
         "owner": "edolstra",
         "repo": "flake-compat",
-        "rev": "b4a34015c698c7793d592d66adbab377907a2be8",
+        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
         "type": "github"
       },
       "original": {
@@ -132,12 +132,15 @@
       }
     },
     "flake-utils": {
+      "inputs": {
+        "systems": "systems"
+      },
       "locked": {
-        "lastModified": 1656928814,
-        "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=",
+        "lastModified": 1705309234,
+        "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249",
+        "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
         "type": "github"
       },
       "original": {
@@ -148,7 +151,7 @@
     },
     "flake-utils_2": {
       "inputs": {
-        "systems": "systems"
+        "systems": "systems_2"
       },
       "locked": {
         "lastModified": 1694529238,
@@ -174,11 +177,11 @@
         "rust-overlay": "rust-overlay_2"
       },
       "locked": {
-        "lastModified": 1706459685,
-        "narHash": "sha256-/OaxGhNJrBZcOBGKvEC7KFDShtMJOIpny5+N9G/qRkE=",
+        "lastModified": 1709150117,
+        "narHash": "sha256-AXtrpQnbdtUlwnvbZSLkW2+Wlf4RhUj3S8J9pnchl90=",
         "owner": "helix-editor",
         "repo": "helix",
-        "rev": "87a720c3a13ccc7245f5b0befc008db5bd039032",
+        "rev": "f03b91d1b7907e78a4242c5b525e47c997f4457d",
         "type": "github"
       },
       "original": {
@@ -195,11 +198,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1706435589,
-        "narHash": "sha256-yhEYJxMv5BkfmUuNe4QELKo+V5eq1pwhtVs6kEziHfE=",
+        "lastModified": 1708988456,
+        "narHash": "sha256-RCz7Xe64tN2zgWk+MVHkzg224znwqknJ1RnB7rVqUWw=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "4d54c29bce71f8c261513e0662cc573d30f3e33e",
+        "rev": "1d085ea4444d26aa52297758b333b449b2aa6fca",
         "type": "github"
       },
       "original": {
@@ -231,19 +234,20 @@
     "hyprland": {
       "inputs": {
         "hyprland-protocols": "hyprland-protocols",
+        "hyprlang": "hyprlang",
         "nixpkgs": [
           "nixpkgs"
         ],
-        "systems": "systems_2",
+        "systems": "systems_3",
         "wlroots": "wlroots",
         "xdph": "xdph"
       },
       "locked": {
-        "lastModified": 1706524231,
-        "narHash": "sha256-05UcsoN4x1pXqoPzHTPcSRZ6W2uCTqRwXfhR0Ls3f4c=",
+        "lastModified": 1709149324,
+        "narHash": "sha256-s/guGSAvqhwQ1WM/hp5iuGUteBkJtMKqg5VVGi5VAVQ=",
         "owner": "hyprwm",
         "repo": "Hyprland",
-        "rev": "91e8c428431deac1e5eb8e537f002ab960777174",
+        "rev": "097f561e41e5660333492c1f188199e837742efe",
         "type": "github"
       },
       "original": {
@@ -281,16 +285,19 @@
       "inputs": {
         "nixpkgs": [
           "hyprland",
-          "xdph",
           "nixpkgs"
+        ],
+        "systems": [
+          "hyprland",
+          "systems"
         ]
       },
       "locked": {
-        "lastModified": 1704287638,
-        "narHash": "sha256-TuRXJGwtK440AXQNl5eiqmQqY4LZ/9+z/R7xC0ie3iA=",
+        "lastModified": 1708787654,
+        "narHash": "sha256-7ACgM3ZuAhPqurXHUvR2nWMRcnmzGGPjLK6q4DSTelI=",
         "owner": "hyprwm",
         "repo": "hyprlang",
-        "rev": "6624f2bb66d4d27975766e81f77174adbe58ec97",
+        "rev": "0fce791ba2334aca183f2ed42399518947550d0d",
         "type": "github"
       },
       "original": {
@@ -311,11 +318,11 @@
         "utils": "utils"
       },
       "locked": {
-        "lastModified": 1706219574,
-        "narHash": "sha256-qO+8UErk+bXCq2ybHU4GzXG4Ejk4Tk0rnnTPNyypW4g=",
+        "lastModified": 1706742486,
+        "narHash": "sha256-sv/MISTeD0rqeVivpZJpynboMWJp6i62OmrZX1rGl38=",
         "owner": "simple-nixos-mailserver",
         "repo": "nixos-mailserver",
-        "rev": "e47f3719f1db3e0961a4358d4cb234a0acaa7baf",
+        "rev": "9e36323ae3dde787f761420465c3ae560f3dbf29",
         "type": "gitlab"
       },
       "original": {
@@ -331,11 +338,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1705251288,
-        "narHash": "sha256-TwCR7tZvrjsvz6SmgjWYOne7Qz7J2jn4Cr4Er0Yj+LA=",
+        "lastModified": 1708335499,
+        "narHash": "sha256-ZOAhp3hiJsWdNDSs/SF2EPylluAx5PiZv9aAUwZrKOI=",
         "owner": "viperML",
         "repo": "nh",
-        "rev": "36eba281576afe0f67e5aafb4e7a414f256dba31",
+        "rev": "aa4df097654cdeb15aa74aabd72863a6fb30c7e6",
         "type": "github"
       },
       "original": {
@@ -366,11 +373,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1706411424,
-        "narHash": "sha256-BzziJYucEZvdCE985vjPoo3ztWcmUiSQ1wJ2CoT6jCc=",
+        "lastModified": 1708830466,
+        "narHash": "sha256-nGKe3Y1/jkLR2eh1aRSVBtKadMBNv8kOnB52UXqRy6A=",
         "owner": "nix-community",
         "repo": "nix-index-database",
-        "rev": "c782f2a4f6fc94311ab5ef31df2f1149a1856181",
+        "rev": "f070c7eeec3bde8c8c8baa9c02b6d3d5e114d73b",
         "type": "github"
       },
       "original": {
@@ -402,11 +409,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1706182238,
-        "narHash": "sha256-Ti7CerGydU7xyrP/ow85lHsOpf+XMx98kQnPoQCSi1g=",
+        "lastModified": 1709147990,
+        "narHash": "sha256-vpXMWoaCtMYJ7lisJedCRhQG9BSsInEyZnnG5GfY9tQ=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "f84eaffc35d1a655e84749228cde19922fcf55f1",
+        "rev": "33a97b5814d36ddd65ad678ad07ce43b1a67f159",
         "type": "github"
       },
       "original": {
@@ -417,11 +424,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1706191920,
-        "narHash": "sha256-eLihrZAPZX0R6RyM5fYAWeKVNuQPYjAkCUBr+JNvtdE=",
+        "lastModified": 1708984720,
+        "narHash": "sha256-gJctErLbXx4QZBBbGp78PxtOOzsDaQ+yw1ylNQBuSUY=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "ae5c332cbb5827f6b1f02572496b141021de335f",
+        "rev": "13aff9b34cc32e59d35c62ac9356e4a41198a538",
         "type": "github"
       },
       "original": {
@@ -481,11 +488,11 @@
     },
     "nixpkgs-master": {
       "locked": {
-        "lastModified": 1706522777,
-        "narHash": "sha256-xQ43gN2qNCUZ7PX1IrRsOAWT2OIRTXnIZ2IYmvT8c5c=",
+        "lastModified": 1709152152,
+        "narHash": "sha256-cG6oGCdIQah3VFNlSJGkbM4f4fXb3ibmmqWgmzm5qq8=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "df2f1a85106a52596eaf152dfcd9225bf674dcf2",
+        "rev": "b7535c47327d70e49f619c075570d4130def1874",
         "type": "github"
       },
       "original": {
@@ -521,11 +528,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1661655464,
-        "narHash": "sha256-by9Hb0mNVdiCR7TBvUHIgDb0QIv3znp8VMGh7Bl35VQ=",
+        "lastModified": 1708395022,
+        "narHash": "sha256-pxHZbfDsLAAcyWz+snbudxhQPlAnK2nWGAqRx11veac=",
         "owner": "oxalica",
         "repo": "rust-overlay",
-        "rev": "0c4c1432353e12b325d1472bea99e364871d2cb3",
+        "rev": "b4ae18c03af976549a0b6e396b2b5be56d275f8b",
         "type": "github"
       },
       "original": {
@@ -575,6 +582,21 @@
       }
     },
     "systems_2": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
+    "systems_3": {
       "locked": {
         "lastModified": 1689347949,
         "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
@@ -589,7 +611,7 @@
         "type": "github"
       }
     },
-    "systems_3": {
+    "systems_4": {
       "locked": {
         "lastModified": 1681028828,
         "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
@@ -621,7 +643,7 @@
     },
     "utils_2": {
       "inputs": {
-        "systems": "systems_3"
+        "systems": "systems_4"
       },
       "locked": {
         "lastModified": 1689068808,
@@ -641,18 +663,18 @@
       "flake": false,
       "locked": {
         "host": "gitlab.freedesktop.org",
-        "lastModified": 1706359063,
-        "narHash": "sha256-5HUTG0p+nCJv3cn73AmFHRZdfRV5AD5N43g8xAePSKM=",
+        "lastModified": 1708558866,
+        "narHash": "sha256-Mz6hCtommq7RQfcPnxLINigO4RYSNt23HeJHC6mVmWI=",
         "owner": "wlroots",
         "repo": "wlroots",
-        "rev": "00b869c1a96f300a8f25da95d624524895e0ddf2",
+        "rev": "0cb091f1a2d345f37d2ee445f4ffd04f7f4ec9e5",
         "type": "gitlab"
       },
       "original": {
         "host": "gitlab.freedesktop.org",
         "owner": "wlroots",
         "repo": "wlroots",
-        "rev": "00b869c1a96f300a8f25da95d624524895e0ddf2",
+        "rev": "0cb091f1a2d345f37d2ee445f4ffd04f7f4ec9e5",
         "type": "gitlab"
       }
     },
@@ -662,7 +684,10 @@
           "hyprland",
           "hyprland-protocols"
         ],
-        "hyprlang": "hyprlang",
+        "hyprlang": [
+          "hyprland",
+          "hyprlang"
+        ],
         "nixpkgs": [
           "hyprland",
           "nixpkgs"
@@ -673,11 +698,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1706145785,
-        "narHash": "sha256-j9MP4fv2U/vdRKAXXc2gyMTmYwVnHP6kHx1/y6jprrU=",
+        "lastModified": 1708696469,
+        "narHash": "sha256-shh5wmpeYy3MmsBfkm4f76yPsBDGk6OLYRVG+ARy2F0=",
         "owner": "hyprwm",
         "repo": "xdg-desktop-portal-hyprland",
-        "rev": "5a592647587cd20b9692a347df6939b6d371b3bb",
+        "rev": "1b713911c2f12b96c2574474686e4027ac4bf826",
         "type": "github"
       },
       "original": {

flake.nix

@@ -83,11 +83,11 @@
                     }
                 ];
             };
-            ultrapi = nixpkgs.lib.nixosSystem {
+            hypnos = nixpkgs.lib.nixosSystem {
                 system = "aarch64-linux";
                 specialArgs = { inherit inputs; };
                 modules = [
-                    ./hosts/ultrapi/configuration.nix
+                    ./hosts/hypnos/configuration.nix
                     {
                         environment.etc."nix/inputs/nixpkgs".source = nixpkgs.outPath;
                         nix.nixPath = [ "nixpkgs=/etc/nix/inputs/nixpkgs" ];

hosts/hypnos/configuration.nix

@@ -0,0 +1,104 @@
+
+  { config, pkgs, lib, inputs, ... }:
+
+  let
+    user = "graphite";
+    hashedPassword = "$6$OBjnSQhhJgHsr5LE$jFtUz.2qv0l2viv86exXmfHWC0fDFXKD3rqH41NmqgkdoBrwY2rPkDBCPjdq7PSoeudYcQ0nXxJvh1N7EIUs90";
+    hostname = "hypnos";
+
+    helix = inputs.helix.packages.${pkgs.system}.default;
+
+
+/*
+    nixosHardware = pkgs.fetchFromGitHub {
+          owner = "NixOS";
+          repo = "nixos-hardware";
+          rev = "51559e691f1493a26f94f1df1aaf516bb507e78b";
+          sha256 = "0spswivyk006h5xr0a0yhr7wr9fh0kg7cfyxqmk521svf3x1pnr8";
+    };
+*/
+  in {
+
+    # imports = ["${fetchTarball "https://github.com/NixOS/nixos-hardware/archive/936e4649098d6a5e0762058cb7687be1b2d90550.tar.gz" }/raspberry-pi/4"];
+
+    imports = [
+      # "${nixosHardware}/raspberry-pi/4"
+      ./hardware-configuration.nix
+      "${inputs.nixos-hardware}/raspberry-pi/4"
+    ];
+    boot.loader.grub.enable = false;
+    boot.loader.generic-extlinux-compatible.enable = true;
+
+    fileSystems = {
+      "/" = {
+        device = "/dev/disk/by-label/NIXOS-SD";
+        fsType = "ext4";
+        options = [ "noatime" ];
+      };
+    };
+
+    networking = {
+      hostName = hostname;
+    };
+
+    environment.systemPackages = with pkgs; [
+      vim
+      helix
+      docker
+      git
+    ];
+
+    services = {
+       openssh.enable = true;
+    };
+
+    users = {
+      mutableUsers = false;
+      users."${user}" = {
+        isNormalUser = true;
+        hashedPassword = "${hashedPassword}";
+        extraGroups = [ "wheel" ];
+      };
+    };
+
+    # Enable GPU acceleration
+    hardware.raspberry-pi."4".fkms-3d.enable = true;
+
+    services.xserver = {
+      enable = false;
+    };
+
+    virtualisation = {
+      docker = {
+        enable = true;
+        enableOnBoot = true;
+        rootless = {
+          enable = true;
+        };
+      };
+    };
+
+
+    security = { 
+      sudo = {
+        extraConfig = ''
+          Defaults insults,pwfeedback
+        '';
+      };
+     };
+
+    nixpkgs = { 
+      config = { 
+        allowUnfree = true;
+      };
+      hostPlatform = "aarch64-linux";
+    };
+
+    system = { 
+      stateVersion = "24.05"; # Do NOT change.
+    };
+
+    networking = {
+      nameservers = [ "8.8.8.8" ];
+    };
+  }

hosts/hypnos/hardware-configuration.nix

@@ -0,0 +1,32 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+ 
+  fileSystems."/" =
+    { device = "/dev/disk/by-label/NIXOS-SD";
+      fsType = "ext4";
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.end0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
+}

hosts/titan/configuration.nix

@@ -4,7 +4,7 @@
 
 inputs: { config, pkgs, lib, ... }:
 let
-    nix-software-center = inputs.nix-software-center.packages.${pkgs.system}.nix-software-center;
+    # nix-software-center = inputs.nix-software-center.packages.${pkgs.system}.nix-software-center;
     # doom-emacs = inputs.nix-doom-emacs.packages.${pkgs.system}.default;
     nh = inputs.nix-but-gigachad.packages.${pkgs.system}.default;
 in {
@@ -17,6 +17,8 @@ in {
             ( import ./services/cloud.nix inputs )
             ( import ./services/vaultwarden.nix inputs )
             ( import ./services/matrix.nix inputs )
+#            ( import ./services/office.nix inputs )
+#            ( import ./services/Sharkey inputs )
             # ( import ./services/caddy.nix inputs ) # doesn't work
             # ( import ./services/dnsmasq.nix inputs ) # borks my DNS
             # ( import ./services/mail-server.nix inputs ) # needs a lot of DNS configs from cloudflaer, I only have 3 rules
@@ -68,13 +70,16 @@ in {
         # Enable networking
         networkmanager.enable = true;
 
-        # hosts = {
+        hosts = {
           # "192.168.0.221" = [ "pi" "pi-master" ];
-        # };
-
-        # nameservers = [
-        #    "192.168.1.221"
-        # ];
+          "65.108.48.233" = [ "queer.af" ];  
+        };
+/*
+        nameservers = [
+           "8.8.8.8"
+            "94.16.114.254"
+        ];
+*/
     };
     # networking.wireless.enable = true;    # Enables wireless support via wpa_supplicant.
 
@@ -176,6 +181,8 @@ in {
             sddm-kcm
             wooting-udev-rules
             wootility
+            docker-compose
+            qflipper
         ];
         variables = {
             NIX_AUTO_RUN = "!";
@@ -370,7 +377,7 @@ in {
     };
 
 
-hardware = {
+  hardware = {
     
     
 
@@ -381,6 +388,19 @@ hardware = {
 
       wooting.enable = true;
       xpadneo.enable = true;
-};
+      flipperzero.enable = true;
+  };
 
+  security = {
+    pam = {
+      loginLimits = [
+        {
+          domain = "*";
+          item = "nproc";
+          type = "soft";
+          value = "10000";
+        }
+      ];
+    };
+  };
 }

hosts/titan/hardware/nvidia.nix

@@ -9,10 +9,10 @@ inputs: { config, pkgs, lib, ... }: {
     };
     
     nvidia = {
-        package = config.boot.kernelPackages.nvidiaPackages.stable;
+        package = config.boot.kernelPackages.nvidiaPackages.latest;
         modesetting.enable = true;
         powerManagement.enable = true;
-        open = true;
+        #open = true;
         nvidiaSettings = true;
     };
   };

hosts/titan/services/Sharkey/default.nix

@@ -0,0 +1,59 @@
+inputs: { lib, pkgs ? import <nixpkgs>, ... }:
+let
+ storeDirectory = dir:
+    let
+      dirName = builtins.baseNameOf dir;
+      drv = derivation {
+        name = dirName;
+        src = dir;
+        builder = pkgs.writeShellScript "builder.sh" ''
+          ${pkgs.coreutils}/bin/mkdir -p $out/${dirName}
+          ${pkgs.coreutils}/bin/cp -rf $src/* $out/${dirName}
+          ${pkgs.coreutils}/bin/cp -rf $src/.* $out/${dirName}
+        '';
+        system = pkgs.system;
+      };
+    in
+    "${drv}/${dirName}";
+ # nixos oci-containers fucking suck, so we just do a one-shot 
+  # systemd service that invokes docker-compose
+  #
+  # not very reproducible nor declarative, but compatible with pretty much
+  # anything, which is (imo) more important for a home server
+  mkDockerComposeContainer =
+    { directory
+    , name ? builtins.baseNameOf directory
+    , autoStart ? true
+    , extraConfig ? { }
+    , env ? { }
+    , envFiles ? [ ]
+    , extraFlags ? [ ]
+    }:
+    let
+      # referencing the file directly would make the service dependant
+      # on the entire flake, resulting in the container being restarted
+      # every time we change anything at all
+      storeDir = storeDirectory directory;
+
+      cmdline = [
+        "--build"
+        "--remove-orphans"
+      ] ++ map (env: "--env-file ${env}") envFiles
+      ++ map (name: "-e ${name}=${lib.escapeShellArg env.${name}}") (builtins.attrNames env)
+      ++ extraFlags;
+    in
+    {
+      systemd.services."docker-compose-${name}" = {
+        wantedBy = if autoStart then [ "multi-user.target" ] else [ ];
+        after = [ "docker.service" "docker.socket" ];
+        serviceConfig = {
+          WorkingDirectory = storeDir;
+          ExecStart = "${pkgs.docker}/bin/docker compose up ${builtins.concatStringsSep " " cmdline}";
+          ExecStopPost = "${pkgs.docker}/bin/docker compose down";
+        } // (extraConfig.serviceConfig or { });
+      } // (builtins.removeAttrs extraConfig [ "serviceConfig" ]);
+    };
+in
+ mkDockerComposeContainer {
+  directory = ./.;
+ }

hosts/titan/services/Sharkey/docker-compose.yml

@@ -0,0 +1,83 @@
+version: "3"
+
+services:
+  web:
+#   replace image below with git.joinsharkey.org/sharkey/sharkey:stable on next release
+#    image: git.joinsharkey.org/sharkey/sharkey:latest # - VULNERABLE
+    image: registry.activitypub.software/transfem-org/sharkey:develop
+#    image: ghcr.io/transfem-org/sharkey:stable
+    # build: .
+    restart: always
+#    links:
+#      - db
+#      - redis
+#      - meilisearch
+    depends_on:
+      db:
+        condition: service_healthy
+      redis:
+        condition: service_healthy
+    ports:
+      - "3006:3006"
+    networks:
+      - shonk
+    volumes:
+      - ./files:/sharkey/files
+      - ./.config:/sharkey/.config:ro
+    extra_hosts:
+      - "queer.af:65.108.48.233"
+
+  redis:
+    restart: always
+    image: redis:7-alpine
+    networks:
+      - shonk
+    volumes:
+      - ./redis:/data
+    healthcheck:
+      test: "redis-cli ping"
+      interval: 5s
+      retries: 20
+
+  db:
+    restart: always
+    image: postgres:15-alpine
+    command: >-
+      -c max_connections=200
+      -c shared_buffers=512MB
+      -c effective_cache_size=1536MB
+      -c maintenance_work_mem=128MB
+      -c checkpoint_completion_target=0.9
+      -c wal_buffers=16MB
+      -c default_statistics_target=100
+      -c random_page_cost=1.1
+      -c effective_io_concurrency=200
+      -c work_mem=1310kB
+      -c huge_pages=off
+      -c min_wal_size=1GB
+      -c max_wal_size=4GB
+    networks:
+      - shonk
+    env_file:
+      - .config/docker.env
+    volumes:
+      - ./db:/var/lib/postgresql/data
+    healthcheck:
+      test: "pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB"
+      interval: 5s
+      retries: 20
+
+#  meilisearch:
+#    restart: always
+#    image: getmeili/meilisearch:v1.3.4
+#    environment:
+#      - MEILI_NO_ANALYTICS=true
+#      - MEILI_ENV=production
+#    networks:
+#      - shonk
+#    volumes:
+#      - ./meili_data:/meili_data
+
+
+networks:
+  shonk:

hosts/titan/services/cloud.nix

@@ -11,7 +11,7 @@ inputs: { pkgs, config, ... }: {
       overwriteProtocol = "https";
     };
     extraApps = with config.services.nextcloud.package.packages.apps; {
-      inherit news files_markdown files_texteditor forms maps memories music onlyoffice polls calendar tasks;
+      inherit news files_markdown files_texteditor forms maps memories music onlyoffice polls calendar tasks contacts;
     };
     /*
     extraOptions = {

hosts/titan/services/office.nix

@@ -0,0 +1,8 @@
+inputs: { ... }: {
+  services.onlyoffice = {
+    enable = true;
+    hostname = "localhost";
+    port = 3005;
+  };
+  services.nginx.virtualHosts."localhost".listen = [ { addr = "127.0.0.1"; port = 3005; } ];
+}

users/ultra/home.nix

@@ -187,6 +187,7 @@ in {
         ktailctl
         caddy
         floorp
+        mpris-scrobbler
       ];
     };