Add tea to cli commands

Add a bunch of compression tools
Update stateVersion for my home machine
2023-05-17 13:42:31 +02:00 · 2023-05-14 16:45:00 +02:00 · 2023-05-09 20:44:00 +02:00 · 2023-05-09 20:41:28 +02:00 · 2023-05-07 17:04:11 +02:00 · 2023-05-07 15:44:24 +02:00
20 changed files with 551 additions and 37 deletions
--- a/flake.lock
+++ b/flake.lock
@ -404,16 +404,16 @@
    "nixos-m1": {
      "inputs": {
        "nixpkgs": [
-          "nixpkgs-unstable-asahi"
+          "nixpkgs-unstable"
        ],
        "rust-overlay": "rust-overlay_2"
      },
      "locked": {
-        "lastModified": 1679451428,
-        "narHash": "sha256-Xk3WBlejWUpnuOnMZzTH7mV/bTRxKIrln871ba3uQjI=",
+        "lastModified": 1683434835,
+        "narHash": "sha256-idBmY6LKkB5hTcTFroUi1oQdCK1/fDfJA+qNaivl1Wk=",
        "owner": "tpwrules",
        "repo": "nixos-apple-silicon",
-        "rev": "696d7b4ac7ca05684a3cceedd44acfd0d1c5f1e3",
+        "rev": "ef6f0de57ef175e0de8c7e846a95481ac6f4ce58",
        "type": "github"
      },
      "original": {
@ -456,11 +456,11 @@
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1681753173,
-        "narHash": "sha256-MrGmzZWLUqh2VstoikKLFFIELXm/lsf/G9U9zR96VD4=",
+        "lastModified": 1683442750,
+        "narHash": "sha256-IiJ0WWW6OcCrVFl1ijE+gTaP0ChFfV6dNkJR05yStmw=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "0a4206a51b386e5cda731e8ac78d76ad924c7125",
+        "rev": "eb751d65225ec53de9cf3d88acbf08d275882389",
        "type": "github"
      },
      "original": {
@ -470,22 +470,6 @@
        "type": "github"
      }
    },
-    "nixpkgs-unstable-asahi": {
-      "locked": {
-        "lastModified": 1681740123,
-        "narHash": "sha256-RrcHEqm+f04nFpQQSnsGsUhJb2mNuqfdcGWL2DREEaY=",
-        "owner": "natsukagami",
-        "repo": "nixpkgs",
-        "rev": "55325c13e8f5c06a57a210b30a19b2fbebe185f1",
-        "type": "github"
-      },
-      "original": {
-        "owner": "natsukagami",
-        "ref": "nixpkgs-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
    "nixpkgs-unstable_2": {
      "locked": {
        "lastModified": 1665934222,
@ -616,7 +600,6 @@
        "nixos-m1": "nixos-m1",
        "nixpkgs": "nixpkgs_4",
        "nixpkgs-unstable": "nixpkgs-unstable",
-        "nixpkgs-unstable-asahi": "nixpkgs-unstable-asahi",
        "nur": "nur",
        "rnix-lsp": "rnix-lsp",
        "secrets": "secrets",
--- a/flake.nix
+++ b/flake.nix
@ -4,7 +4,6 @@
  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/nixos-22.11";
    nixpkgs-unstable.url = "github:nixos/nixpkgs/nixpkgs-unstable";
-    nixpkgs-unstable-asahi.url = "github:natsukagami/nixpkgs/nixpkgs-unstable";
    # nixpkgs-unstable.follows = "nixos-m1/nixpkgs";
    darwin.url = "github:lnl7/nix-darwin/master";
    darwin.inputs.nixpkgs.follows = "nixpkgs-unstable";
@ -45,7 +44,7 @@
    kak-lsp.url = github:kak-lsp/kak-lsp;
    kak-lsp.flake = false;
    nixos-m1.url = github:tpwrules/nixos-apple-silicon;
-    nixos-m1.inputs.nixpkgs.follows = "nixpkgs-unstable-asahi";
+    nixos-m1.inputs.nixpkgs.follows = "nixpkgs-unstable";

    # ---
    # DEPLOYMENT ONLY! secrets
@ -172,10 +171,10 @@
      #   ];
      # };
      # macbook nixos
-      nixosConfigurations."kagami-air-m1" = inputs.nixpkgs-unstable-asahi.lib.nixosSystem rec {
+      nixosConfigurations."kagami-air-m1" = inputs.nixpkgs-unstable.lib.nixosSystem rec {
        system = "aarch64-linux";
        modules = [
-          (common-nixos inputs.nixpkgs-unstable-asahi)
+          (common-nixos inputs.nixpkgs-unstable)
          inputs.nixos-m1.nixosModules.apple-silicon-support
          ./kagami-air-m1/configuration.nix
          inputs.home-manager-unstable.nixosModules.home-manager
--- a/home/common.nix
+++ b/home/common.nix
@ -50,6 +50,7 @@
    ripgrep
    fossil
    openssh
+    tea # gitea CLI (gh-like)
    ## File Manager
    nnn
    ## PDF Processors
@ -58,6 +59,11 @@
    htop-vim
    ## Bitwarden
    rbw
+    ## File compression stuff
+    zip
+    unzip
+    zstd
+    atool

    ## To do tunneling with cloudflare
    pkgs.cloudflared
--- a/home/modules/linux/graphical/default.nix
+++ b/home/modules/linux/graphical/default.nix
@ -42,6 +42,7 @@ in
      cinnamon.nemo # File manager

      zotero
+      libreoffice

      ## CLI stuff
      dex # .desktop file management, startup
@ -69,6 +70,7 @@ in

    xdg.mimeApps.associations.added = {
      "x-scheme-handler/mailto" = [ "org.gnome.Evolution.desktop" ];
+      "application/pdf" = [ "org.gnome.Evince.desktop" ];
      "text/plain" = [ "kakoune.desktop" ];
    };
    xdg.mimeApps.defaultApplications = {
@ -90,6 +92,7 @@ in

      # Text
      "text/plain" = [ "kakoune.desktop" ];
+      "application/pdf" = [ "org.gnome.Evince.desktop" ];

      # Files
      "inode/directory" = [ "nemo.desktop" ];
--- a/modules/cloud/gotosocial/default.nix
+++ b/modules/cloud/gotosocial/default.nix
@ -0,0 +1,114 @@
+{ pkgs, config, lib, ... }:
+with lib;
+let
+  cfg = config.cloud.gotosocial;
+
+  dbUser = "gotosocial";
+
+  configFile = pkgs.writeText "config.yml" (generators.toYAML { } {
+    # General
+    host = cfg.host;
+    account-domain = cfg.accountDomain;
+    bind-address = "localhost";
+    port = cfg.port;
+    # Database
+    db-port = 0; # Use socket
+    db-user = dbUser;
+    db-database = dbUser;
+    # Web
+    web-template-base-dir = "${cfg.package}/share/web/template";
+    web-asset-base-dir = "${cfg.package}/share/web/assets";
+    # OIDC
+    oidc-enabled = true;
+    oidc-idp-name = "DTTH";
+    oidc-scopes = [ "openid" "email" "profile" ];
+  });
+in
+{
+  options.cloud.gotosocial = {
+    enable = mkEnableOption "Enable our local GtS server";
+    package = mkPackageOption pkgs "gotosocial-bin" { };
+    host = mkOption {
+      type = types.str;
+      description = "The GtS host";
+      default = "gts.dtth.ch";
+    };
+    accountDomain = mkOption {
+      type = types.str;
+      description = "The GtS account domain";
+      default = "dtth.ch";
+    };
+    port = mkOption {
+      type = types.int;
+      description = "The port to listen to";
+      default = 10010;
+    };
+    envFile = mkOption {
+      type = types.str;
+      description = "Additional environment variables to pass, as a file";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    # System user
+    users.users."${dbUser}" = {
+      group = "${dbUser}";
+      isSystemUser = true;
+    };
+    users.groups."${dbUser}" = { };
+    # Postgres
+    cloud.postgresql.databases = [ dbUser ];
+    # Traefik
+    cloud.traefik.hosts = { gotosocial = { inherit (cfg) host port; }; } //
+      (if cfg.accountDomain != cfg.host && cfg.accountDomain != "" then {
+        gotosocial-wellknown = {
+          inherit (cfg) port;
+          filter = "Host(`${cfg.accountDomain}`) && (PathPrefix(`/.well-known/webfinger`) || PathPrefix(`/.well-known/nodeinfo`) || PathPrefix(`/.well-known/host-meta`))";
+        };
+      } else { });
+    # The service itself
+    systemd.services.gotosocial = {
+      after = [ "network.target" ];
+      serviceConfig = {
+        User = dbUser;
+        Group = dbUser;
+        ExecStart = "${cfg.package}/bin/gotosocial --config-path ${configFile} server start";
+        EnvironmentFile = cfg.envFile;
+        # Sandboxing options to harden security
+        # Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
+        NoNewPrivileges = "yes";
+        PrivateTmp = "yes";
+        PrivateDevices = "yes";
+        RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6";
+        RestrictNamespaces = "yes";
+        RestrictRealtime = "yes";
+        DevicePolicy = "closed";
+        ProtectSystem = "full";
+        ProtectControlGroups = "yes";
+        ProtectKernelModules = "yes";
+        ProtectKernelTunables = "yes";
+        LockPersonality = "yes";
+        SystemCallFilter = "~@clock @debug @module @mount @obsolete @reboot @setuid @swap";
+
+        # Denying access to capabilities that should not be relevant
+        # Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
+        CapabilityBoundingSet = strings.concatStringsSep " " [
+          "CAP_RAWIO CAP_MKNOD"
+          "CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE"
+          "CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT"
+          "CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK"
+          "CAP_BLOCK_SUSPEND CAP_WAKE_ALARM"
+          "CAP_SYS_TTY_CONFIG"
+          "CAP_MAC_ADMIN CAP_MAC_OVERRIDE"
+          "CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW"
+          "CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG "
+        ];
+        # You might need this if you are running as non-root on a privileged port (below 1024)
+        #AmbientCapabilities=CAP_NET_BIND_SERVICE
+        StateDirectory = "gotosocial";
+        WorkingDirectory = "/var/lib/gotosocial";
+      };
+      wantedBy = [ "multi-user.target" ];
+    };
+  };
+}
--- a/modules/cloud/postgresql/default.nix
+++ b/modules/cloud/postgresql/default.nix
@ -28,15 +28,52 @@ in
  # PostgreSQL settings.
  config.services.postgresql = {
    enable = true;
-    package = pkgs.postgresql_13;
+    package = pkgs.postgresql_15;

    ensureDatabases = cfg.databases;

-    ensureUsers = map userFromDatabase cfg.databases;
+    ensureUsers = (map userFromDatabase cfg.databases) ++ [{
+      name = "root";
+      ensurePermissions = { "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES"; };
+    }];
  };

  # Backup settings
  config.services.postgresqlBackup = {
    enable = true;
  };
+
+  # Upgrade
+  config.environment.systemPackages = [
+    (
+      let
+        # XXX specify the postgresql package you'd like to upgrade to.
+        # Do not forget to list the extensions you need.
+        newPostgres = pkgs.postgresql_15.withPackages (pp: [
+          # pp.plv8
+        ]);
+      in
+      pkgs.writeScriptBin "upgrade-pg-cluster" ''
+        set -eux
+        # XXX it's perhaps advisable to stop all services that depend on postgresql
+        systemctl stop postgresql
+
+        export NEWDATA="/var/lib/postgresql/${newPostgres.psqlSchema}"
+
+        export NEWBIN="${newPostgres}/bin"
+
+        export OLDDATA="${config.services.postgresql.dataDir}"
+        export OLDBIN="${config.services.postgresql.package}/bin"
+
+        install -d -m 0700 -o postgres -g postgres "$NEWDATA"
+        cd "$NEWDATA"
+        sudo -u postgres $NEWBIN/initdb -D "$NEWDATA"
+
+        sudo -u postgres $NEWBIN/pg_upgrade \
+          --old-datadir "$OLDDATA" --new-datadir "$NEWDATA" \
+          --old-bindir $OLDBIN --new-bindir $NEWBIN \
+          "$@"
+      ''
+    )
+  ];
 }
--- a/modules/common/linux/default.nix
+++ b/modules/common/linux/default.nix
@ -37,7 +37,7 @@ let
      virtualisation.podman = {
        enable = true;
        dockerCompat = true;
-        defaultNetwork.settings.dns_enabled = true;
+        # defaultNetwork.settings.dns_enabled = true;
      };

      virtualisation.oci-containers.backend = "podman";
@ -172,6 +172,8 @@ in
    # Firewall: only open to SSH now
    networking.firewall.allowedTCPPorts = [ 22 ];
    networking.firewall.allowedUDPPorts = [ 22 ];
+    # Enable tailscale
+    services.tailscale.enable = true;

    ## Time and Region
    time.timeZone = "Europe/Zurich";
@ -206,7 +208,7 @@ in
      qt5.qtwayland
    ];
    # Add a reliable terminal
-    programs.gnome-terminal.enable = true;
+    # programs.gnome-terminal.enable = true;
    # KDEConnect is just based
    programs.kdeconnect.enable = true;
    # Flatpaks are useful... sometimes...
--- a/nki-home/configuration.nix
+++ b/nki-home/configuration.nix
@ -108,7 +108,7 @@ with lib;
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "21.05"; # Did you read the comment?
+  system.stateVersion = "22.11"; # Did you read the comment?

  # tinc network
  sops.secrets."tinc/ed25519-private-key" = { };
--- a/nki-personal-do/configuration.nix
+++ b/nki-personal-do/configuration.nix
@ -11,6 +11,10 @@
    ../modules/cloud/mail
    ../modules/cloud/conduit
    ../modules/cloud/writefreely
+    ../modules/cloud/gotosocial
+
+    ./headscale.nix
+    ./gitea.nix
  ];

  common.linux.enable = false; # Don't enable the "common linux" module, this is a special machine.
@ -28,6 +32,7 @@
  networking.hostName = "nki-personal";
  networking.firewall.allowPing = true;
  services.openssh.enable = true;
+  services.openssh.passwordAuthentication = false;
  users.users.root.openssh.authorizedKeys.keys = [
    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDLr1Q+PJuDYJtBAVMSU0U2kZi4V0Z7dE+dpRxa4aEDupSlcPCwSEtcpNME1up7z0yxjcIHHkBYq0RobIaLqwEmntnZzz37jg/iiHwyZsN93jZljId1X0uykcMem4ljiqgmRg3Fs8RKj2+N1ovpIZVDOWINLJJDVJntNvwW/anSCtx27FATVdroHoiyXCwVknG6p3bHU5Nd3idRMn45kZ7Qf1J50XUhtu3ehIWI2/5nYIbi8WDnzY5vcRZEHROyTk2pv/m9rRkCTaGnUdZsv3wfxeeT3223k0mUfRfCsiPtNDGwXn66HcG2cmhrBIeDoZQe4XNkzspaaJ2+SGQfO8Zf natsukagami@gmail.com"
  ];
@ -222,6 +227,13 @@
  cloud.postgresql.databases = [ "outline" ];
  cloud.traefik.hosts.outline = { host = "wiki.dtth.ch"; port = 18729; };

+  # GoToSocial
+  sops.secrets.gts-env = { };
+  cloud.gotosocial = {
+    enable = true;
+    envFile = config.sops.secrets.gts-env.path;
+  };
+
  # Minio
  sops.secrets.minio-credentials = { };
  services.minio = {
@ -232,5 +244,30 @@
  };
  cloud.traefik.hosts.minio = { host = "s3.dtth.ch"; port = 61929; };
  system.stateVersion = "21.11";
+
+  # ntfy
+  cloud.traefik.hosts.ntfy-sh = { host = "ntfy.nkagami.me"; port = 11161; };
+  services.ntfy-sh = {
+    enable = true;
+    settings = {
+      listen-http = "127.0.0.1:11161";
+      cache-file = "/var/lib/ntfy-sh/cache.db";
+      auth-file = "/var/lib/ntfy-sh/auth.db";
+      auth-default-access = "deny-all";
+      behind-proxy = true;
+      base-url = "https://ntfy.nkagami.me";
+      attachment-cache-dir = "/var/lib/ntfy-sh/attachments";
+      enable-login = true;
+      enable-reservations = true;
+      upstream-base-url = "https://ntfy.sh";
+    };
+  };
+  systemd.services.ntfy-sh.serviceConfig = {
+    WorkingDirectory = "/var/lib/ntfy-sh";
+    StateDirectory = "ntfy-sh";
+  };
+  systemd.services.ntfy-sh.preStart = ''
+    mkdir -p /var/lib/ntfy-sh/attachments
+  '';
 }

--- a/nki-personal-do/gitea.nix
+++ b/nki-personal-do/gitea.nix
@ -0,0 +1,199 @@
+{ pkgs, config, lib, ... }:
+with lib;
+let
+  user = "gitea";
+  host = "git.dtth.ch";
+  port = 61116;
+
+  secrets = config.sops.secrets;
+
+  signingKey = "0x3681E15E5C14A241";
+
+  catppuccinThemes = builtins.fetchurl {
+    url = "https://github.com/catppuccin/gitea/releases/download/v0.2.1/catppuccin-gitea.tar.gz";
+    sha256 = "sha256:18l67whffayrgylsf5j6g7sj95anjcjl0cy7fzqn1wrm0gg2xns0";
+  };
+  themes = strings.concatStringsSep "," [
+    "catppuccin-macchiato-green"
+    "catppuccin-mocha-teal"
+    "catppuccin-macchiato-sky"
+    "catppuccin-mocha-sky"
+    "catppuccin-mocha-yellow"
+    "catppuccin-mocha-lavender"
+    "catppuccin-macchiato-rosewater"
+    "catppuccin-macchiato-lavender"
+    "catppuccin-macchiato-pink"
+    "catppuccin-frappe-lavender"
+    "catppuccin-macchiato-yellow"
+    "catppuccin-frappe-yellow"
+    "catppuccin-latte-red"
+    "catppuccin-frappe-flamingo"
+    "catppuccin-mocha-blue"
+    "catppuccin-macchiato-peach"
+    "catppuccin-macchiato-flamingo"
+    "catppuccin-mocha-pink"
+    "catppuccin-macchiato-mauve"
+    "catppuccin-mocha-rosewater"
+    "catppuccin-latte-rosewater"
+    "catppuccin-mocha-red"
+    "catppuccin-macchiato-sapphire"
+    "catppuccin-latte-teal"
+    "catppuccin-latte-flamingo"
+    "catppuccin-macchiato-blue"
+    "catppuccin-latte-blue"
+    "catppuccin-latte-peach"
+    "catppuccin-frappe-mauve"
+    "catppuccin-frappe-green"
+    "catppuccin-frappe-teal"
+    "catppuccin-latte-mauve"
+    "catppuccin-macchiato-teal"
+    "catppuccin-frappe-red"
+    "catppuccin-latte-yellow"
+    "catppuccin-latte-lavender"
+    "catppuccin-mocha-flamingo"
+    "catppuccin-frappe-sapphire"
+    "catppuccin-frappe-blue"
+    "catppuccin-mocha-green"
+    "catppuccin-frappe-maroon"
+    "catppuccin-latte-green"
+    "catppuccin-frappe-rosewater"
+    "catppuccin-latte-sapphire"
+    "catppuccin-frappe-sky"
+    "catppuccin-mocha-sapphire"
+    "catppuccin-mocha-maroon"
+    "catppuccin-macchiato-red"
+    "catppuccin-latte-pink"
+    "catppuccin-frappe-peach"
+    "catppuccin-frappe-pink"
+    "catppuccin-mocha-mauve"
+    "catppuccin-macchiato-maroon"
+    "catppuccin-mocha-peach"
+    "catppuccin-latte-sky"
+    "catppuccin-latte-maroon"
+  ];
+in
+{
+  sops.secrets."gitea/signing-key".owner = user;
+  sops.secrets."gitea/mailer-password".owner = user;
+  # database
+  cloud.postgresql.databases = [ user ];
+  # traefik
+  cloud.traefik.hosts.gitea = {
+    inherit port host;
+  };
+
+  services.gitea = {
+    enable = true;
+    package = pkgs.unstable.gitea;
+
+    inherit user;
+
+    domain = host;
+    rootUrl = "https://${host}/";
+    httpAddress = "127.0.0.1";
+    httpPort = port;
+
+    appName = "DTTHgit";
+
+    settings = {
+      repository = {
+        DEFAULT_PRIVATE = "private";
+        PREFERRED_LICENSES = strings.concatStringsSep "," [ "AGPL-3.0-or-later" "GPL-3.0-or-later" "Apache-2.0" ];
+        DISABLE_HTTP_GIT = true;
+        DEFAULT_BRANCH = "master";
+        ENABLE_PUSH_CREATE_USER = true;
+      };
+      "repository.pull-request" = {
+        DEFAULT_MERGE_STYLE = "squash";
+      };
+      "repository.signing" = {
+        SIGNING_KEY = signingKey;
+        SIGNING_NAME = "DTTHGit";
+        SIGNING_EMAIL = "dtth-gitea@nkagami.me";
+      };
+      ui.THEMES = "auto,gitea,arc-green," + themes;
+      "ui.meta" = {
+        AUTHOR = "DTTHgit - Gitea instance for GTTH";
+        DESCRIPTION = "DTTHGit is a custom Gitea instance hosted for DTTH members only.";
+        KEYWORDS = "git,gitea,dtth";
+      };
+      service = {
+        DISABLE_REGISTRATION = true;
+        ENABLE_NOTIFY_MAIL = true;
+        ENABLE_BASIC_AUTHENTICATION = false;
+        REGISTER_EMAIL_CONFIRM = true;
+      };
+      "service.explore" = {
+        REQUIRE_SIGNIN_VIEW = true;
+      };
+      session = {
+        COOKIE_SECURE = true;
+      };
+
+      oauth2_client = {
+        REGISTER_EMAIL_CONFIRM = false;
+        ENABLE_AUTO_REGISTRATION = true;
+      };
+
+      mailer = {
+        ENABLED = true;
+        PROTOCOL = "smtps";
+        SMTP_ADDR = "mx1.nkagami.me";
+        SMTP_PORT = 465;
+        USER = "dtth-gitea@nkagami.me";
+        FROM = "DTTHGit <dtth-gitea@nkagami.me>";
+      };
+
+      git = {
+        PATH = "${pkgs.git}/bin/git";
+      };
+
+      federation.ENABLED = true;
+    };
+
+    mailerPasswordFile = secrets."gitea/mailer-password".path;
+
+    database = {
+      inherit user;
+      createDatabase = false;
+      type = "postgres";
+      socket = "/var/run/postgresql";
+      name = user;
+    };
+
+    # LFS
+    lfs.enable = true;
+
+    # Backup
+    # dump.enable = true;
+  };
+
+  # Set up gpg signing key
+  systemd.services.gitea = {
+    path = with pkgs; [ gnupg ];
+    environment.GNUPGHOME = "${config.services.gitea.stateDir}/.gnupg";
+    # https://github.com/NixOS/nixpkgs/commit/93c1d370db28ad4573fb9890c90164ba55391ce7
+    serviceConfig.SystemCallFilter = mkForce "~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @setuid @swap";
+    preStart = ''
+      # Import the signing subkey
+      if cat ${config.services.gitea.stateDir}/.gnupg/gpg.conf | grep -q ${signingKey}; then
+        echo "Keys already imported"
+        # imported
+      else
+        echo "Import your keys!"
+        ${pkgs.gnupg}/bin/gpg --quiet --import ${secrets."gitea/signing-key".path}
+        echo "trusted-key ${signingKey}" >> ${config.services.gitea.stateDir}/.gnupg/gpg.conf
+        exit 1
+      fi
+
+      # Copy icons
+      mkdir -p ${config.services.gitea.stateDir}/custom/public/img
+      install -m 0644 ${./gitea/img}/* ${config.services.gitea.stateDir}/custom/public/img
+
+      # Copy the themes
+      mkdir -p ${config.services.gitea.stateDir}/custom/public/css
+      env PATH=${pkgs.gzip}/bin:${pkgs.gnutar}/bin:$PATH \
+        tar -xvf ${catppuccinThemes} -C ${config.services.gitea.stateDir}/custom/public/css/
+    '';
+  };
+}
--- a/nki-personal-do/gitea/img/apple-touch-icon.png
+++ b/nki-personal-do/gitea/img/apple-touch-icon.png
--- a/nki-personal-do/gitea/img/avatar_default.png
+++ b/nki-personal-do/gitea/img/avatar_default.png
--- a/nki-personal-do/gitea/img/favicon.png
+++ b/nki-personal-do/gitea/img/favicon.png
--- a/nki-personal-do/gitea/img/favicon.svg
+++ b/nki-personal-do/gitea/img/favicon.svg
--- a/nki-personal-do/gitea/img/logo.png
+++ b/nki-personal-do/gitea/img/logo.png
--- a/nki-personal-do/gitea/img/logo.svg
+++ b/nki-personal-do/gitea/img/logo.svg
--- a/nki-personal-do/headscale.nix
+++ b/nki-personal-do/headscale.nix
@ -0,0 +1,86 @@
+{ pkgs, config, lib, ... }:
+let
+  secrets = config.sops.secrets;
+
+  host = "hs.dtth.ch";
+  port = 19876;
+  webuiPort = 19877;
+in
+rec {
+  sops.secrets."headscale/client_secret" = { owner = "headscale"; };
+  sops.secrets."headscale/webui-env" = { };
+  sops.secrets."headscale/derp-servers/vnm" = { owner = "headscale"; name = "headscale/derp-servers/vnm.yaml"; };
+  # database
+  cloud.postgresql.databases = [ "headscale" ];
+  # traefik
+  cloud.traefik.hosts.headscale = {
+    inherit port host;
+    filter = "Host(`hs.dtth.ch`) && !PathPrefix(`/admin`)";
+  };
+  cloud.traefik.hosts.headscale_webui = {
+    inherit host;
+    port = webuiPort;
+    filter = "Host(`hs.dtth.ch`) && PathPrefix(`/admin`)";
+  };
+
+  services.headscale = {
+    enable = true;
+    package = pkgs.unstable.headscale;
+    inherit port;
+
+    settings = {
+      server_url = "https://hs.dtth.ch";
+
+      db_type = "postgres";
+      db_host = "/var/run/postgresql"; # find out yourself
+      db_user = "headscale";
+      db_name = "headscale";
+
+      dns_config = {
+        base_domain = host;
+      };
+
+      noise = {
+        private_key_path = "/var/lib/headscale/noise_private.key";
+      };
+
+      ip_prefixes = [
+        "fd7a:115c:a1e0::/48"
+        "100.64.0.0/10"
+      ];
+
+      derp.paths = [
+        secrets."headscale/derp-servers/vnm".path
+      ];
+
+      oidc = {
+        only_start_if_oidc_is_available = true;
+        client_id = "XgHLi5CC7mbW6xF8wuOHq3xxCPagSUaHt1fFM74M";
+        client_secret_path = secrets."headscale/client_secret".path;
+        issuer = "https://auth.dtth.ch/application/o/headscale/";
+        strip_email_domain = true;
+      };
+    };
+  };
+
+  environment.etc."headscale/config.yaml".mode = "0644";
+  virtualisation.arion.projects.headscale-webui.settings = {
+    services.webui.service = {
+      image = "ghcr.io/ifargle/headscale-webui@sha256:b4f02337281853648b071301af4329b4e4fc9189d77ced2eb2fbb78204321cab";
+      restart = "unless-stopped";
+
+      environment = {
+        TZ = "Europe/Zurich";
+        COLOR = "blue-gray";
+        HS_SERVER = "https://hs.dtth.ch";
+        SCRIPT_NAME = "/admin";
+      };
+      env_file = [ secrets."headscale/webui-env".path ];
+      ports = [ "${toString webuiPort}:5000" ];
+      volumes = [
+        "/var/lib/headscale/webui:/data"
+        "/etc/headscale:/etc/headscale:ro"
+      ];
+    };
+  };
+}
--- a/nki-personal-do/secrets/secrets.yaml
+++ b/nki-personal-do/secrets/secrets.yaml
@ -7,7 +7,7 @@ minio-secret-key: ENC[AES256_GCM,data:FkF4hFiW7s5gYbMbdemsmhduYDtb/aqMoUgP+CWI3r
 cloudflare-dns-api-token: ENC[AES256_GCM,data:2ny3JehpK30fTUDKrbzHv1QOczriChRyMQn6kNPULpUJ+eVwdptLvg==,iv:8wNAn3oawzLez7sO4ZvhFXcaZIpFVKgKCvTBlszFHn8=,tag:fRaO+u/5MtAWnTiy2Zwh0Q==,type:str]
 #ENC[AES256_GCM,data:KWrVRQg+cLm5MUdfsYrh7hkI4CWkl4Z0sDj0769eebeXDy+veixrQrxh1ZW+ro3WLwoIdU/IH5DPM4TWYn2qoM5aDHjGX764pr1x,iv:uZHBsGvSHv9vd/Wragl1dYNJ+8vCcMit2K3SrMFlz7s=,tag:7z4LyADfQvXsM2vvtWru8w==,type:comment]
 traefik-dashboard-users: ENC[AES256_GCM,data:kviapOq+xzxhjryse+5DaZbXRS/LEYyjqqFbHymXAZVEkWlu0T5pZ2bxSNCbXN+tXnb0u+6YPgGCaRNPLW74AF1hO8W8QqlLDA==,iv:41bwPyFQcuOLILTjLWUu5Kcnct/MaIIJsMbllc+n7Y0=,tag:17HyUjfRUcLGb0FrUm1O2A==,type:str]
-mail-users: ENC[AES256_GCM,data:DXVx2e6MSSSpHfKFD35zHGnGDPoZi7cOqPfAGubxa4gupatYcpI+PDEYwCPUc1ep2RXRXEMQW1BC3AOOEV/HUKfsPXOsx7jdb8Q4uHPb/ZJ7yNucNl3YxGBiP8N4/u4Avc9kGiHVsVlsMbVIMuOj3a/OF0x7g95DDNT4BscTCjKDFX+mMnkKceemUCc4gmmOJNAU3ytssCwdVZho0nzY80hGT2BwFXXE/KDl/Q==,iv:7zf1Av7I9nXxeRFGNBKK//1FqSTHzCavZTknx5lEy4g=,tag:zXUlnNxBi1JybnTlCAKF0g==,type:str]
+mail-users: ENC[AES256_GCM,data:FLmmXKcYLNRCyksuEervvU3HHzbPa4nPyHziF0CAtvB571AilH35KylvVb6YAh66Zacr8aO6CkxgIhcqs4/IFWmqNRSWta3R2r5g6yQE3gUW+HhPra1rRrmB9lRFs8j6lkUza0Rrrr1NmTkf2YqGyAR40+lEcaCQUyDAqUE3GW39YSunWDkvbsBCHK/Pj+Oq46dKr8NrOHqkbN7rdamSdReAKMzk8/lRAkbsxe9kfra/cwxVArEEVX10w2g4zTdPW2QlykvrmBLcjY6NA6FWDPwSUvq87lfKo6svUSN3zgfsgo2F809FdKPazEMQq9QvAoWe5jJ1YJbiquuJpelH6Ip7ShKGGw==,iv:BlhylfpbRfq9e9UOuhwcL2BUuWpynZT46RsprcaEVrI=,tag:g8QVUuNk4TuxgkHrfzqQvQ==,type:str]
 youmubot-env: ENC[AES256_GCM,data:m/NGN8r6Caq2tTHeVWV9y5fol9r36aKYYXLjHaa0AR+0XpVeJdXVZxPfQtzX4uo09rOGAPE4lepO05weo7mvEjI5m5QJ4FWrw0/HkLm4SUWnTnDU6BlK7l4K/2Ayz7jmD6GLWI+KcOSjEmma9GXNkVwDnxVrwaAWYOfDqDJMjMES/1S8OgCe5+74MCgNeefIwgXnmmxVMpl8fAdnOgovh1zRvcKPVrN5T0ia39IatDERwegas+q8t90Jjw==,iv:IEFvaMWzgClbHbsxGTdP5EdGayHQgggOT9CU7oAyMtE=,tag:GoEEcGCNHMimzltDit4kzA==,type:str]
 outline:
    smtp-password: ENC[AES256_GCM,data:zpIi6jVB2Y7ksBOR8SGFgjOD1x3aS6dKa6taLKB8v2l9p92iWDti75qgB1puglmmq8mCzz8KXLrM0Bv7W8GWRg==,iv:6tKINzQcApmNuIbNn0kSzFJtwn3rky/uFG2Ff3lazUk=,tag:kjB6qB87tRQVpy32Pt3D5A==,type:str]
@ -15,6 +15,15 @@ heisenbridge: ENC[AES256_GCM,data:rJY7gpcOY8nODR3KlYW1rEs54mKxr+AjNBeg1/2vTG0Gzp
 matrix-discord-bridge: ENC[AES256_GCM,data:/rlSjD6inKfak7HKKghH5ays5RjKmb9czGsoIOYHyTZC4A5EMucCbfn8DL1gkYXgvRHJ+QglGX/BGo5ebaxSj6nF60+aW87UG31KggOt5kkMuWsPsjvrufoc5IlNfWnXIWmqf8cdC01hmHEp7biUpI8CcfEZiD9OkOxbZcRfYqW+ttnzplFniRBjGPVZfL5g4DBbuJen5MuOrrMDo5CT+78n,iv:r9VBbDCAAElisCaDehrB6PhJHsaaHjdrk3103lmBT7o=,tag:WoNMMfyMifsL56yWq3MUOg==,type:str]
 authentik-env: ENC[AES256_GCM,data:CjxTaqIcpBX7ea9L3tgJDELr8HBPJdxXsrOfhsiH4cXwCEzktsNKHjF7l95ZFgI5O08q4Vlbln5Dg4xPEx33nwUesEbQrT5d+n+2YaAxmm/WInrYzF+jB7HYTXASb3rY9PWgd2C3v+YPBkJetHlTUc/k19Q7lOQRNw==,iv:cG8Bi2eCsS+v94tSJBsqp+bjVLzXZvvwX1QVVSYExL8=,tag:VmbfcxCcfi3IpKjg3f8QPw==,type:str]
 firezone-env: ENC[AES256_GCM,data:Guwc3ovHJyr0m0gsvcJeYDXxOsccv6ZMBJSjWa87F7BZwCXLanMetz8b/GAxe/+0qT8IBKCDvLS7B5v2DM5SYOZD2tQWnrwjU90Pjji2RZhZZy7Pc1kAmhLA6ddpBKGJTLcGxWkTnWOcv8qWEwmfNpgT+kUIDLmjQz2pIMUXiXBpheQyPLWBvIIgrBT8QxkX81LHSUDNG29r7olJv1t4oox58r/PKxnfzUkX7lMhZdIpDMbxdWCU6/F2R483YIaFAaL1BuhCkK/QbuqOPRL7yIGID+W1a0JvKsRc2oPPU7WAWyGA3CLwmJka2sTvHrxosMgY/eZYfCWDtRno6q+OA+LI5ZfFu0weA9dpiUkWLGJ2auSZtiL0Sa5D0VHxZlG2m0iD7o3bcIWUi65cb2olcABn3NikMglw6PCWXxM7E5hqAbpvwcN5JeIkTTesI6xthzT9eoUak5SSvdThrwSlc3dvMqOvmRVGD/wR8T9GcKIZoNT7wOvgltecpDbYPNgwKimHhBloMON/qKXuIaYV1dP1XQ10MMpSM1vUZl/JD24pDjFXH8XkZK6owVI2tRTTRZajQT2uB73oVN8EMPFHPdI3uwyH72NycQojIzXmDvMI/UXNsYWArWZyTwGpHbE0pr+I9rXch78pJYKvlIVFTqicE/NceeOm8bMO1O7qofk1/yiIE8RVjs7YrNNahcBrNI+97lvBNLmk9zpWU0YFtfmyDb/XxBsepwj++QY+3gJ5331ohp9BK5Ypr9pp1WRt9syKv2cwFMBIcHKMCji43NW1MqBj/2bgKGfoNAyCUaJqZ9yRcb1TwHyulvEVhJUAOeUxPHdJeA==,iv:6kPPn4Zl1lhxaEtRqq2BcMW7d1zKy/HUJzXdAgkPv7E=,tag:VaVIWg4RbOE7tnimOuqhGw==,type:str]
+gts-env: ENC[AES256_GCM,data:xnL6FYNQ4Cd1XUsHcgGN0jYBPDViVAi9WsD4ewImk4IxmMyJi50xxfS6X7x5lVJ4FGcI7XvxT4uCEwSVjxKaVaDXHw/1TPaY8xQkXzZNvHI1oQvs7ULUVtQ9Mlyv08CwqJGQbptJvBmlvszuTeEqgZ0uVK8iKBbqnw9FB9v3swyfjr0VZYZt+uFCwUI6KDXSTPzTX1axzBBqdPuGDB0G8ZPMpY9nLgtBzZpj/+ozdmlHiwswdPnvTx8YrkJCurdaBzmW1gQmXpM+1xsj03jOr1bYOQ7gm5KzWhviAPdPFYmIS8GOv1Jh33Y/r1WkMvAp3HGv7OGoY8kCJp21gcbzxMH7UScFN1uQipknxrpSPkAy0I7AZD/tEpaBLObPVt3803LFQEq9neXSap7XZEj6Jcl9NppRwJjXIun5ebuiWcONGsa0XeLNNhBajzpYq217k242h8DTAht6mgS+6AohID4lIESsr2cYrXeb4PTNr2mpG/4JOzhSV/eOxc9i1GQeXX+RHXOfn5lIIbQxLwfaarorXvrgAf7jAoEzMHm9/LhYGHasBNnQoEYe0kGmEPju6Pkq769o5Am2NHeG3y0N0EEHyTBLj3P3gjEatzlBjOveBlbeIzFqnNP8VuM86neYvyhGi2+M42u3QQs/fCrXbZnhumqxPKQqNy9UZClH6gzZYMUBcPXOLDqUrDIGLst/W0KaKx/2bv25vo0d9V/fOwEkw4RGb3hibhDNe5psSsHupwU3T3EZenTiloaExfUK1yzYQJ/wXai5sZHcHK6m0nPTtGxGM8b8G367BsICFraZbW2q4fFHY7XvbGGdv6ydpxhdI69ERS7FSGWgEcJlUcxCsXE2NeLtmLgfUz0zQrEHPYo3kxJYRedmSARvUNJzZWZMb3NQ0QjqGsq1us9uo7LgPF+Ur+oeQyrKWi+4JQRKB16nxUd/HrDIXbAWxub/Fk730kZVdQ8Vus6B2lrSs+hDHoihek40Tfq1CKq8tSI=,iv:fa9Lpq3/ppG3dbYMgWtWI/sReN6bnHvXQSOSnIbpF8A=,tag:i97q7HTGLRdAkC8aF75aPg==,type:str]
+headscale:
+    client_secret: ENC[AES256_GCM,data:MLW0z2stjhXgxb4poAYr7LzrLzTNj5HqJzsyzOvYpKpKbyfx7SEdeZidG+m3ROuaN4PVsdpJblFjsvozzQlDQYRJZo8q+kpPvUPvhU0Ejya/XBO/sFcJKzulpfr4j3rK7FSKh2V6PiB8m9mvLziHfDmgL30le0wDD9uCNWkaHVo=,iv:1hRwI1NG2yO6igBsEGCg2Qn/po97ZhsyAEZOMKP3EZc=,tag:FV+RXBKyq+EJRsKT+DZ6lQ==,type:str]
+    webui-env: ENC[AES256_GCM,data:F4fGd5szjEGYqseq15VF8Emdd5oXKAlj+O7jET7BpD/w0/M162KgXQ/xN/uzO5Bh/euzedMrair0c8SQKO/06Ko9cj35lclaSrnBiwHSDIkFvuoITvLeSVSR4W3dsui91Dh8GCCYO8JAZQnpqClls6kHBOO2FYVwF06zg8Coxli9cKkPdeJKLDEnPGUb2UpLoP0dieanNFc3YNIavlXwkgt4/hxEoKHJplTYrilekBtZjD998SyvubhhVKHTH/VhTgxodXgnbI3sV1a3uJCrUKWt79NwHu5TUd+C2/gZqAniCbo4AX8=,iv:87cme6ToLFR4eF5apZauIm3Q6HR3Z8EM3GkQxo06oNI=,tag:dbXLQhw6qn/DyYJ3/UeDiw==,type:str]
+    derp-servers:
+        vnm: ENC[AES256_GCM,data:zS03SDnCMXW44zfkJORxmgEZ5kwCcfeg4dLUePLJSloP/vjJYcb5KI36lxiJqYsNBWvKvBZBonO+4xD/cJrsETPiTZotaD+xWxht9jtjiWKyJgfGlczh57EaVCDcwqadKgvJrLyNRQhdKrN/axtIh25vv2gVUqHlcf1nfbSFtuTR87k1rtY16WOEsGdoGQn2JMt90ItEGFh7Z7ULPLqDDhKSiAvHFajpuvw1ZM1lewQ8aSmh+UYlbxP0ZbA5sDPxRO7nCRD3SyVyhq1soXvKMld19GYtR8gYxp1XcedZg8FDq3dtm/otfSKEdOkAL14=,iv:tsKVcwKrUW9FReBUZ2Zk3naqjXs77sX3xK7smZE8Sfo=,tag:S1xUhpc2fGxwR08DKOhw3Q==,type:str]
+gitea:
+    mailer-password: ENC[AES256_GCM,data:LDW0bpbfanBa2QjqdgtKu6F+zG84xaGuLg1cs6eTJbg=,iv:Kle+czR9Xqi45qWjYJIjRhq87rG2PNoNF6YQ7tQ+HJA=,tag:WUuPgwdnz8F2WtFsgcrw/Q==,type:str]
+    signing-key: ENC[AES256_GCM,data:64tLU6rVcCq6CSfVGtFfSc8m89gHFHwGQ4JSHw8p7GqlB7ioHrJVu8o+6u6UPERMfkcHsTG2gTwh7wpblF//bk1+TRyYWSuDnIGl1G7+6FVmJbvLyGJBck0NauW4s5Keiqr2qg38i3y9qy7kPaJGz/2J6cYYSQxB9xy8mtdoxwypGf+zxu1teiUnKmWa89i941s2FZZ+FoQvQCZs/7En3YnxNiDM+lXR4wqbPZPROlYHaVDOgeACBgq8GwNdgAFF7qRLdjxMGgjS3jjlD4QCJlEO6UbqVEBEK7pf4Or4kx/RM2A0rgGNUPpwKu/b5xGTUkA0X7TcZNIcLJ2zred0JIEj0bM7MNrkBIQovHEYLT3m33W1zKTTBC2lgPh90I/tPauIOb1hWHzgjM+LpV8bPkGXIk3BmoxW8eCiFmSjfvxdyS6WVJ6lGOIhaFNl59LyKsljyUmYcauig7/T+ylGyWiPViXuYB4fWxWr1t7Tb6DgY2fJdl5KQHLkDoAylHQ6pOb0l2YUGw1+vvHocMA9KTJeTnhTWAPZLOIFbfZL8sxrWRlpuZvvKdXlOjzKwVgCzWudYJ4jUoPSCmvxpnuCpiPbqaoZyA3Vyx7UCTN7UhKRb99jxEqdTrDPwRL0VlVZUQgLDTMPXHjdoOan06wXmDJEDRDBFsrrpna9wY1uvyPGBBpZ+uQZdxPZfXKQ8HRVHS1dKfyvdIaG/eYUrimF9euhYKYGPH02S6UcU+yQXw5B12HBxLDwS0oF3yWXfTMBsgejWFAuyQkQVJJjAi/Zs+9HJ3FQqr4vl/hUclv/X2XURuPc/jjYziNuOAn6yGhXuNC713SzUOnZlDgEcCkm8DHn5hQ/W4rZGUbSq+y/HUk8GA6XSw8u8H7KDQFnV4l4Chg1cKAf0YSXeinJ2x/RA9GXBvC5FVOM/Cx95arxS57vD578Rkdf/c7UQmuH+6X9YTX8MHVgkpHAGJ+bu2UnQ/hjAvGW6kee4jqefybCTxJm7qcSz1JrG6rS+S+9ZFj8BrXLcSIRlvxotg+FmBjdlqJMj5i0w+cR2f2zXPsmeDC0gmSTV7mYNz9+uMv708xwm26e4/rTT0hS+szLzzz/Ygm9yAkLf9lIS3457IWEjF+LCs9SEq3jfkx5zqpWfOpBCQU9rYKJhvjCVK6a1Hb2PfO4klkuwSNFPwyMHDlEqNmIVUf6uM5p8RVEQy07GsE4ycNtgicC32JGpkotcaU1ByQVbqRXlqJqMJnUEbnWH6qf3Em+wi8eBHmPf1BNjdP3f9BOle+H17/SdKssRbA8o4qQAGVkFzfjybMIh0onB1e15Rt5TUrRDxQAZG+uIsrHEiEOCDED846wO9apeV7wuOKXv2USDhybQhIctcuwxFGQEZWtGGrKzWTlK82Qb8FUM44x2HFj1SK7mIQbU20TcL2bd3b1OZ2kQe16CaT9R0BkpRlPLfiA1ZD7+3DdCyOJxTjutCQgaI1ONQuWn47rDOMbyqZhxs+Gj6bormGEWVRXQpV4VTknN/GyFB2aWQmZF8hGpEBl/t8IfOXDs56kN2Z8W2eKzHZz9u11HQ0eJ05LX2xz5DB+22UZT4bGK6Y3vJtB0+27r7G7hh79Fkapggm61xh3+D593epyW6Ix4hN29KrJWz/s93gi/g==,iv:LlUhINacJf7haxl7i0QI9ALdOFLdLJGbsXgszKVJOVg=,tag:ALkAcUmPFHp8wpI7DVYbiw==,type:str]
 sops:
    kms: []
    gcp_kms: []
@ -48,8 +57,8 @@ sops:
            by9kZFlTRVdCZFkxYTVVb0RIRk8zUlkKCqMw9oL9RaYBV5Hhy3o8Nm5xmGrPH8Sd
            hv36sxRFFNZT/DCKaHaSRbT3mfpBZSTXJt1dgl4nZe6whH54t/1KmA==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-04-27T00:35:39Z"
-    mac: ENC[AES256_GCM,data:eUuISaqS6F7SegO6GHygQjkSugPF+WQSvhlhftVEJ6CuOb54SUzAKpTX1/aNWmH5kZBvkXSd/SwNUE0/2iD0ZECw3tP2KMuyVcuMJjnob9KbRgEmoMz7LAmnO6kAmPAxrkxOgYdkjgSi0Du0c2cpSNBxQ/H9S8W9KuzT3dECvH0=,iv:3J8MUa3h9+BfCixDVpwAKIQFMnJMNL8HXg2wslhPQd8=,tag:SREU8gjDTJveiEld9GRlFg==,type:str]
+    lastmodified: "2023-05-07T15:39:19Z"
+    mac: ENC[AES256_GCM,data:5+ORtiY/Ky9uk4eCoqypExNd2EJIi+VPOCVvwJeCXqD+arkAcwt1SGLETUI9Rh16Bs9k+e3q6bu9LBmoNjCBJ39yvDVChwNR7F0Uw0D5leTzDG9uLBFmAxJ+fTp8OL4UNQOwTO4Fmfhe9UC8v5X7wBBNmi5GS1dvDrw8FrfQvK0=,iv:ZFjT48N26e+TO5tjhcPgXmpBT5zjWs8BZfJx5eep24o=,tag:QajcmWss9MwKWmu6Ysy/8A==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.7.3
--- a/overlay.nix
+++ b/overlay.nix
@ -17,12 +17,18 @@ let
    sources = final.lib.attrsets.filterAttrs (name: f: !(builtins.hasAttr "outputs" f)) inputs;
  };

-  overlay-versioning = final: prev: { };
+  overlay-versioning = final: prev: {
+    ulauncher = prev.ulauncher.override { webkitgtk = final.webkitgtk_4_1; };
+  };

  overlay-libs = final: prev: {
    libs.crane = inputs.crane.lib.${prev.system};
  };

+  overlay-packages = final: prev: {
+    gotosocial-bin = final.callPackage ./packages/x86_64-linux/gotosocial-bin.nix { };
+  };
+
  overlay-aarch64-linux = final: prev:
    let
      optionalOverride = pkg: alt:
@ -57,6 +63,7 @@ in
  (import ./overlays/openrazer)
  overlay-unstable
  overlay-needs-unstable
+  overlay-packages
  overlay-imported
  overlay-versioning
  overlay-libs
--- a/packages/x86_64-linux/gotosocial-bin.nix
+++ b/packages/x86_64-linux/gotosocial-bin.nix
@ -0,0 +1,30 @@
+{ stdenv, lib, autoPatchelfHook }:
+with lib;
+let
+in
+stdenv.mkDerivation rec {
+  pname = "gotosocial-bin";
+  version = "0.8.1";
+
+  src = builtins.fetchurl {
+    url = "https://github.com/superseriousbusiness/gotosocial/releases/download/v${version}/gotosocial_${version}_linux_amd64.tar.gz";
+    sha256 = "sha256:0vfgz236s4zqcv4a8bylp5znina26nvckdk1vgxbqkdnip3mnirj";
+  };
+
+  nativeBuildInputs = [ autoPatchelfHook ];
+
+  sourceRoot = ".";
+
+  installPhase = ''
+    install -m755 -D gotosocial $out/bin/gotosocial
+    mkdir $out/share
+    cp -r web $out/share/web
+    cp -r example $out/share/example
+  '';
+
+  meta = with lib; {
+    homepage = "https://docs.gotosocial.org";
+    description = "GoToSocial network";
+    platforms = platforms.linux;
+  };
+}
Author	SHA1	Message	Date
Natsu Kagami	f45f45b426	Add tea to cli commands	2023-05-17 13:42:31 +02:00
Natsu Kagami	b91190022f	Add a bunch of compression tools	2023-05-14 16:45:00 +02:00
Natsu Kagami	43b6885983	Update stateVersion for my home machine	2023-05-09 20:44:00 +02:00
Natsu Kagami	f592e1e897	Add a Vietnamese derp server Courtesy of @minhducsun2002	2023-05-09 20:41:28 +02:00
Natsu Kagami	f0ec9c2ad1	Add some graphical stuff	2023-05-07 17:04:11 +02:00
Natsu Kagami	1bc774c24f	Update postgres to 15	2023-05-07 15:44:24 +02:00
Natsu Kagami	137a809232	Add gitea	2023-05-07 15:44:24 +02:00
Natsu Kagami	b485be966a	Add headscale	2023-05-07 15:44:24 +02:00
Natsu Kagami	0e936ee2bb	Set up gotosocial	2023-05-07 15:44:24 +02:00
Natsu Kagami	4554c04549	Update asahi	2023-05-07 15:44:02 +02:00