whitespace

appearance.org

@@ -115,13 +115,13 @@ This calculates the DPI of external displays, assuming they report their physica
 (defun cce/refresh-display-scale ()
   (interactive)
   (cond ((not (cce/has-display-frames)) nil)
+        ((equal (system-name) "rose-quine") (cce/set-font-scale 125))
         ((cce/external-display-connected) (-> (cce/external-display-dpis)
                                               (first)
                                               (cdr)
                                               (floor)
                                               (cce/set-font-scale)))
         ((equal (system-name) "window-smoke") (cce/set-font-scale 110))
-        ((equal (system-name) "rose-quine") (cce/set-font-scale 125))
         ((equal (system-name) "virtuous-cassette") (cce/set-font-scale 125))
         ((equal (system-name) "tres-ebow") (cce/set-font-scale 125))
         ((equal (system-name) "solitary-living") (cce/set-font-scale 105))

clight.org

@@ -13,10 +13,20 @@
 #+ARROYO_NIXOS_MODULE: nixos/clight.nix
 #+ARROYO_SYSTEM_ROLE: endpoint
 #+begin_src nix :tangle ~/arroyo-nix/nixos/clight.nix
-{ ... }:
+{ pkgs, lib, ... }:
 
 {
-  services.clight.enable = true;
+  # https://github.com/FedeDP/Clightd/pull/109 this is gonna be a bit of a pain to integrate lol, disable clight for now...
+  # clightd = clightd.overrideAttrs (old: {
+  #   patches = [
+  #     (fetchpatch {
+  #       name = "kwin_output-management_wayland_protocol.patch";
+  #       url = "https://github.com/FedeDP/Clightd/commit/8d6853a98b0edf06f10d5fad1eaaa7b3727f36e3.patch";
+  #       sha256 = "sha256-4FCn+MOdbJGINq0lRtQFS7iGZP0k5nvNRWVHjEmrZKI=";
+  #     })
+  #   ];
+  # });
+  services.clight.enable = false;
   services.clight.settings = {
     inhibit.inhibit_docked = true;
 

drawingbot-v3.org

@@ -21,7 +21,7 @@ DrawingBotV3 is a software for converting images to line drawings for Plotters /
 #+ARROYO_SYSTEM_ROLE: endpoint
 #+AUTO_TANGLE: t
 
-DrawingBot uses JavaFX and is distributed as a JAR, rpm, deb, windows... The Premium version is just shoved in to my [[id:cce/syncthing][Syncthing]] directory and is provided in an override in [[id:20221021T121120.541960][rixpkgs]]. It should work just fine with the free/libre version which is =lib.license.gplv3=, but I use the proprietary version.
+DrawingBot uses JavaFX and is distributed as a rpm, deb, or windows MSI... The Premium version is just shoved in to my [[id:cce/syncthing][Syncthing]] directory and is provided in an override in [[id:20221021T121120.541960][rixpkgs]]. It should work just fine with the free/libre version which is =lib.license.gplv3=, but I use the proprietary version and so this is actually untested. This package declaration takes a =deb= file and extracts it and repackages it.
 
 #+begin_src nix :tangle ~/arroyo-nix/pkgs/drawingbot.nix
 { pkgs,
@@ -29,38 +29,44 @@ DrawingBot uses JavaFX and is distributed as a JAR, rpm, deb, windows... The Pre
   ... }:
 
 with pkgs;
+let
+  jdkWithJavaFX = jdk.override { enableJavaFX = true; };
+in
 stdenv.mkDerivation rec {
   inherit name;
-  version = "1.5.0-beta";
+  version = "1.6.9-beta";
 
   src = fetchurl {
-    url = "https://github.com/SonarSonic/DrawingBotV3/releases/download/v${version}-free/DrawingBotV3-Free-${version}-all.jar";
+    url = "https://github.com/SonarSonic/DrawingBotV3/releases/download/v${version}-free/DrawingBotV3-Free-${version}-linux.deb";
     sha256 = lib.fakeSha256;
   };
-  nativeBuildInputs = [ wrapGAppsHook gtk3 ];
-
-  dontUnpack = true;
+  nativeBuildInputs = [ dpkg wrapGAppsHook autoPatchelfHook makeWrapper ];
+  buildInputs = [ xorg.libXtst alsa-lib opencv gtk2 ];
 
+  unpackPhase = "dpkg -x $src ./";
   installPhase = ''
-    runHook preInstall
+    mkdir -p $out/lib/ $out/bin/ $out/share/icons
 
-    mkdir -p $out/share/java/
-    cp $src $out/share/java/${name}-${version}.jar
+    mv opt/drawingbotv3/bin/DrawingBotV3-Premium $out/bin/${name}
+    mv opt/drawingbotv3/lib/{app,libapplauncher.so} $out/lib/
+    # mv opt/drawingbotv3/lib/runtime $out/lib/
+    ln -s ${jdkWithJavaFX}/lib/openjdk $out/lib/runtime
+    mv opt/drawingbotv3/lib/DrawingBotV3-Premium.png $out/share/icons
 
-    makeWrapper ${jre}/bin/java $out/bin/${name} \
-      ''${gappsWrapperArgs[@]} \
-      --add-flags "-jar $out/share/java/${name}-${version}.jar"
+    ln -s $out/lib/app/DrawingBotV3-Premium.cfg $out/lib/app/..drawingbotv3-premium-wrapped-wrapped.cfg
 
-    runHook postInstall
+    wrapProgram "$out/bin/${name}" \
+      --prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath buildInputs}" 
   '';
 
   desktopItems = [
     (makeDesktopItem {
-      inherit name;
+      name = "drawingbotv3-premium";
+      desktopName = "DrawingBotV3-Premium";
+      type = "Application";
       exec = name;
-      comment = "Software for converting images to line drawings for Plotters / Drawing Machines / 3D printers";
-      desktopName = "DrawingBot V3";
-      categories = [ "Graphics" ];
+      icon = "DrawingBotV3-Premium.png";
+      categories = ["Graphics"];
     })
   ];
 

evil_mode.org

@@ -25,9 +25,9 @@ Context switching is unproductive. Modal editing is not. Those are at odds. Any
 Vim modal commands are by no means perfect. It's not perfect in any respect, but it works well enough, and it's a set of portable idioms. The Evil project provides an additional set of libraries [[[https://github.com/emacs-evil/evil-collection][Evil Collection]]], which I use below:
 
 #+begin_src emacs-lisp :noweb yes
+(setq evil-want-keybinding nil)
 (use-package evil
   :init
-  (setq evil-want-keybinding nil)
   <<evil-respect-visual-line>>
   :config
   (evil-mode 1))

exwm.org

@@ -49,7 +49,8 @@ It's configured with some simple quality-of-life improvements, outlined in short
   (exwm-input-set-key (kbd "s-k") #'other-window)
   (exwm-input-set-key (kbd "s-r") #'exwm-reset)
   (exwm-input-set-key (kbd "s-w") #'exwm-workspace-switch)
-  (exwm-input-set-key (kbd "s-o") #'evil-window-rotate-downwards)
+  ; (exwm-input-set-key (kbd "s-o") #'evil-window-rotate-downwards)
+  (exwm-input-set-key (kbd "s-o") #'other-window)
   (push (kbd "s-j") exwm-input-prefix-keys)
   (push (kbd "s-k") exwm-input-prefix-keys)
   (push (kbd "s-r") exwm-input-prefix-keys)
@@ -76,9 +77,14 @@ It's configured with some simple quality-of-life improvements, outlined in short
   ;; manage configurations
   <<exwm-manage-configurations>>
   ;; startup handling
-  (defvar cce-start-exwm nil)
+  (defcustom cce-start-exwm nil
+    "Whether Emacs should try to start EXWM on startup"
+    :type 'boolean)
   (defun cce/exwm-init-command-line-args ()
     "hook for command-line-functions" 
+    (if (setq command-line-args (delete command-line-args "--no-exwm"))
+        (setq cce-start-exwm nil)
+      (setq cce-start-exwm t))
     (if (setq command-line-args (delete command-line-args "--exwm"))
         (setq cce-start-exwm t)
       (setq cce-start-exwm nil)))

flyspell_mode.org

@@ -10,9 +10,8 @@
 #+PROPERTY: header-args:yaml       :tangle roles/endpoint/tasks/flyspell.yml
 
 #+ARROYO_EMACS_MODULE: flyspell
+#+ARROYO_MODULE_WANTS: cce/evil_mode.org
 #+ARCOLOGY_KEY: cce/flyspell
-#+CCE_PRIORITY: 15
-#+CCE_PREDICATE: t
 #+ARCOLOGY_ALLOW_CRAWL: t
 
 I use =flyspell-correct= for spell-checking my buffers. 

gnus_evil_mode.org

@@ -5,13 +5,14 @@
 #+filetags: :Emacs:CCE:Communcations:
 #+PROPERTY: header-args            :mkdirp yes :results none
 #+PROPERTY: header-args:emacs-lisp :tangle gnus-evil-mode.el
-#+ARROYO_EMACS_MODULE: gnus-evil-mode
+
 #+ARCOLOGY_KEY: cce/gnus-evil-mode
-#+CCE_PRIORITY: 71
-#+ARROYO_MODULE_WANTS: cce/configure_packaging.org
-#+ARROYO_MODULE_WANTS: 	cce/evil_mode.org
 #+ARCOLOGY_ALLOW_CRAWL: t
 
+#+ARROYO_EMACS_MODULE: gnus-evil-mode
+#+ARROYO_MODULE_WANTS: cce/configure_packaging.org
+#+ARROYO_MODULE_WANTS: cce/evil_mode.org
+
 I provide custom [[id:cce/evil_mode][Evil Mode]] bindings here to control [[id:cce/gnus][Gnus]] in the =summary= and =group= buffer, they're pretty straightforward, and I think this presentation is fairly legible. [[id:cce/evil_mode][Evil Mode]]'s =motion= state is very useful for light modes like this
 
 #+begin_src emacs-lisp

gpd-pocket-3.org

@@ -29,15 +29,12 @@ Things were working well before then, like the thing worked quite nicely, but in
 {
 #+END_SRC
 
-Forcing 6.2 kernel and (unfortunately) ZFS Unstable will get everything working but I'm confused how it worked last week. Kernel 6.1 and 6.2 have working deep sleep, and 5.15 had some backlight control problems. Unless I am far from home, I can bootstrap a new system quickly enough in theory with [[id:cce/morph][Morph]] and [[id:cce/syncthing][Syncthing]], in theory. I sort of just played out that scenario I suppose.  5.15 is still a fuck and 6.2 is EOL, so I am carrying [[https://github.com/NixOS/nixpkgs/pull/236637][this open backport commit]] which bumps ZFS stable to a version which supports 6.3
+Keeping ZFS and Linux playing well together on NixOS stable is sometimes a pain in the ass; for now, it works, but sometimes I have to =enableUnstable= or pull in a =nixpkgs-unstable= patch to enable a version of ZFS which works with a kernel that isn't EOL and works with my device.
 
 #+begin_src nix :tangle ~/arroyo-nix/nixos/gpd-pocket-3.nix
   # === gpd pocket 3 specific hax
-  # boot.zfs.enableUnstable = true;
-  # boot.kernelPackages = lib.mkForce pkgs.zfsUnstable.latestCompatibleLinuxPackages;
-  # git cherry-pick 900c093
   boot.zfs.enableUnstable = false;
-  boot.kernelPackages = lib.mkForce pkgs.linuxPackages_6_3;
+  boot.kernelPackages = lib.mkForce pkgs.zfs.latestCompatibleLinuxPackages;
 #+END_SRC
 
 The display, as with all GPD Pockets is an 8 inch tablet display rotated 90° counter-clockwise, and so some work has to be done to rotate all of this, and the stylus coordinates and the accelerometer and whatnot. I had some real problems getting X11 to look decently without fractional scaling and I was having trouble getting the X11 config working, so this is my first machine running Wayland. I have a few things commented here for if upgrading my kernel or whatever breaks the display again during modesetting or whatever..

jellyfin.org

@@ -17,7 +17,43 @@
   services.nginx.virtualHosts."media.whatthefuck.computer" = {
     locations."/" = {
       proxyPass = "http://127.0.0.1:8096";
+      extraConfig = ''
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Protocol $scheme;
+        proxy_set_header X-Forwarded-Host $http_host;
+
+        # Disable buffering when the nginx proxy gets very resource heavy upon streaming
+        proxy_buffering off;
+
+        # COOP/COEP. Disable if you use external plugins/images/assets
+        add_header Cross-Origin-Opener-Policy "same-origin" always;
+        add_header Cross-Origin-Embedder-Policy "require-corp" always;
+        add_header Cross-Origin-Resource-Policy "same-origin" always;
+  
+        # Permissions policy. May cause issues on some clients
+        add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), battery=(), bluetooth=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), payment=(), publickey-credentials-get=(), serial=(), sync-xhr=(), usb=(), xr-spatial-tracking=()" always;
+      '';
+    };
+
+    locations."/socket" = {
+      proxyPass = "http://127.0.0.1:8096";
+      extraConfig = ''
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Protocol $scheme;
+        proxy_set_header X-Forwarded-Host $http_host;
+      '';
     };
   };
+  # XXX: when this is not double-proxied this can be removed
+  networking.firewall.allowedTCPPorts = [ 8096 ];
 }
 #+end_src

matrix.org

@@ -3,7 +3,7 @@
 :ROAM_ALIASES: "Matrix on the Wobserver" "Matrix Server"
 :END:
 #+TITLE: Matrix Synapse
-#+FILETAGS: :CCE:Wobserver:
+#+FILETAGS: :Project:CCE:Wobserver:
 
 #+ARCOLOGY_ALLOW_CRAWL: t
 #+ARCOLOGY_KEY: cce/wobserver/matrix
@@ -36,9 +36,13 @@ let useSSL = false; # for VM testing... should make this an option...
     '';
 in {
   imports = [
-    <arroyo/nixos/matrix-puppet-discord.nix>
-    <arroyo/nixos/heisenbridge.nix>
-    <arroyo/nixos/matrix-prometheus.nix>
+
+    ./mautrix-discord-svc.nix
+    ./matrix-puppet-discord.nix
+
+    ./heisenbridge.nix
+
+    ./matrix-prometheus.nix
   ];
 
   services.postgresql.ensureDatabases = ["matrix-synapse"];
@@ -116,6 +120,13 @@ in {
         allowed_liftetime_max = "1y";
       };
 
+      caches = {
+        sync_response_cache_duration = "60m";
+        cache_autotuning.max_cache_memory_usage = "2048M";
+        cache_autotuning.target_cache_memory_usage = "1024M";
+        cache_autotuning.min_cache_ttl = "15m";
+      };
+
       presence.enabled = false;
 
       thumbnail_sizes = [
@@ -157,11 +168,14 @@ in {
 }
 #+end_src
 
-* mx-puppet-discord
+* CANCELLED mx-puppet-discord
 :PROPERTIES:
 :ID:       20220218T215648.615157
 :ROAM_REFS: https://github.com/matrix-discord/mx-puppet-discord
 :END:
+:LOGBOOK:
+- State "CANCELLED"  from              [2024-01-11 Thu 16:15]
+:END:
 
 =mx-puppet-discord= allows a savvy Discord user to log in to their discord guilds and chat in them through a Matrix client. Definitely don't [[https://github.com/matrix-discord/mx-puppet-discord#linking-your-discord-account][do a crimes]] with it, I'm sure I'll be banned for this indiscretion some day but this bridging is the core value proposition of Matrix for me.
 
@@ -169,26 +183,199 @@ It's primarily operated via chat commands. I am mostly trusting the default [[id
 
 One thing I had to do to make this configuration work is to manually move that =app_service_config_file= from =/var/lib/mx-puppet-discord/discord-registration.yaml=. Since it's written by a [[https://0pointer.net/blog/dynamic-users-with-systemd.html][SystemD =DynamicUser=]], it's not clear to me how to write this file with a group ID that Synapse shares..
 
-#+begin_src nix :tangle ~/arroyo-nix/nixos/matrix-puppet-discord.nix
-{ ... }:
+This isn't used any more, see below.
+
+#+begin_src nix 
+{ options, ... }:
 
 {
-  services.mx-puppet-discord.enable = true;
+  services.mx-puppet-discord.enable = false;
   # services.matrix-synapse.extraConfig = ''
   # '';
-  services.matrix-synapse.settings.app_service_config_files = ["/srv/matrix-synapse/discord-registration.yaml"];
-  services.mx-puppet-discord.settings = {
-    bridge = {
-      port = 8091;
-      bindAddress = "0.0.0.0";
-      domain = "kickass.systems";
-      homeserverUrl = "http://127.0.0.1:8008";
-    };
-    provisioning.whitelist = ["@rrix:kickass\\.systems"];
-  };
+  # services.matrix-synapse.settings.app_service_config_files = ["/srv/matrix-synapse/discord-registration.yaml"];
+  # services.mx-puppet-discord.settings = {
+  #   bridge = {
+  #     port = 8091;
+  #     bindAddress = "0.0.0.0";
+  #     domain = "kickass.systems";
+  #     homeserverUrl = "http://127.0.0.1:8008";
+  #   };
+  #   provisioning.whitelist = ["@rrix:kickass\\.systems"];
+  # };
 }
 #+end_src
 
+* =mautrix-discord=
+:PROPERTIES:
+:ID:       20240111T161523.732094
+:ROAM_REFS: https://docs.mau.fi/bridges/go/discord/index.html
+:END:
+
+i'm using a different matrix-discord bridge now, the same one the beeper folks use. Still have to do the song-and-dance moving the registration file out of the private =/var/lib= state directory, but that's fine. Deploy this once, it'll fail to start but it'll write the =/var/lib/mautrix-discord/discord-registration.yaml= file which you'll just =cp /var/lib/mautrix-discord/discord-registration.yaml /var/lib/matrix-synapse/or/whatever/discord-registration.yaml= and make sure it makes the location below, and deploy again! Then just start a chat with =@discordbot:example.com= and set up the bridge.
+
+#+begin_src nix :tangle ~/arroyo-nix/nixos/matrix-puppet-discord.nix
+{ options, ... }:
+
+{
+  services.mx-puppet-discord.enable = false;
+
+  services.mautrix-discord.enable = true;
+  services.mautrix-discord.settings = options.services.mautrix-discord.settings.default // {
+    homeserver.address = "http://localhost:8008";
+    homeserver.domain = "kickass.systems";
+
+    bridge.delivery_receipts = true;
+    bridge.federate_rooms = false;
+    bridge.permissions."*" = "relay";
+    bridge.permissions."kickass.systems" = "user";
+    bridge.permissions."@rrix:kickass.systems" = "admin";
+  };
+  services.matrix-synapse.settings.app_service_config_files = ["/srv/matrix-synapse/discord-registration.yaml"];
+}
+#+end_src
+
+** This NixOS Module
+:PROPERTIES:
+:ID:       20240122T100247.845520
+:END:
+
+
+
+#+begin_src nix :tangle ~/arroyo-nix/nixos/mautrix-discord-svc.nix
+{ config, pkgs, lib, ... }:
+
+with lib;
+
+let
+  cfg = config.services.mautrix-discord;
+  dataDir = "/var/lib/mautrix-discord";
+  registrationFile = "${dataDir}/discord-registration.yaml";
+  settingsFormat = pkgs.formats.yaml { };
+  settingsFile = settingsFormat.generate "mautrix-discord-config.yaml" cfg.settings;
+  runtimeSettingsFile = "${dataDir}/config.yaml";
+in {
+  options = {
+    services.mautrix-discord = {
+      enable = mkEnableOption (mdDoc "Matrix to Discord hybrid puppeting/relaybot bridge");
+
+      package = mkOption {
+        type = types.package;
+        default = pkgs.mautrix-discord;
+        defaultText = literalExpression "pkgs.mautrix-discord";
+        description = mdDoc ''
+          The mautrix-discord package to use.
+        '';
+      };
+
+      settings = mkOption rec {
+        apply = recursiveUpdate default;
+        inherit (settingsFormat) type;
+        default = {
+          homeserver = {
+            software = "standard";
+          };
+
+          appservice = rec {
+            database = {
+              type = "sqlite3";
+              uri = "file:${dataDir}/mautrix-discord.db";
+            };
+            port = 8080;
+            address = "http://localhost:${toString port}";
+          };
+
+          bridge = {
+            permissions."*" = "relay";
+            double_puppet_server_map = {};
+            login_shared_secret_map = {};
+          };
+
+          logging = {
+            directory = "";
+            file_name_format = ""; # Disable file logging
+            file_date_format = "2006-01-02";
+            file_mode = 384;
+            timestamp_format = "Jan _2, 2006 15:04:05";
+            print_level = "warn";
+            print_json = false;
+            file_json = false;
+          };
+        };
+        description = mdDoc ''
+          Bridge configuration as a Nix attribute set.
+
+          Configuration options should match those described in
+          [example-config.yaml](https://github.com/mautrix/discord/blob/main/example-config.yaml).
+        '';
+      };
+
+      serviceDependencies = mkOption {
+        type = with types; listOf str;
+        default = optional config.services.matrix-synapse.enable "matrix-synapse.service";
+        defaultText = literalExpression ''
+          optional config.services.matrix-synapse.enable "matrix-synapse.service"
+        '';
+        description = mdDoc ''
+          List of Systemd services to require and wait for when starting the application service.
+        '';
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+    systemd.services.mautrix-discord = {
+      description = "Matrix to Discord hybrid puppeting/relaybot bridge";
+
+      wantedBy = [ "multi-user.target" ];
+      wants = [ "network-online.target" ] ++ cfg.serviceDependencies;
+      after = [ "network-online.target" ] ++ cfg.serviceDependencies;
+
+      preStart = ''
+        # Generate the appservice's registration file if absent
+        if [ ! -f '${registrationFile}' ]; then
+          ${cfg.package}/bin/mautrix-discord \
+            --config '${settingsFile}' \
+            --registration '${registrationFile}' \
+            --generate-registration
+        fi
+
+        old_umask=$(umask)
+        umask 0177
+        # Extract the AS and HS tokens from the registration and add them to the settings file
+        ${pkgs.yq}/bin/yq -y ".appservice.as_token = $(${pkgs.yq}/bin/yq .as_token ${registrationFile}) | .appservice.hs_token = $(${pkgs.yq}/bin/yq .hs_token ${registrationFile})" ${settingsFile} > ${runtimeSettingsFile}
+        umask $old_umask
+      '';
+
+      serviceConfig = {
+        Type = "simple";
+        Restart = "always";
+
+        ProtectSystem = "strict";
+        ProtectHome = true;
+        ProtectKernelTunables = true;
+        ProtectKernelModules = true;
+        ProtectControlGroups = true;
+
+        DynamicUser = true;
+        PrivateTmp = true;
+        WorkingDirectory = cfg.package;
+        StateDirectory = baseNameOf dataDir;
+        UMask = "0027";
+
+        ExecStart = ''
+          ${cfg.package}/bin/mautrix-discord \
+            --config ${runtimeSettingsFile} \
+            --no-update
+        '';
+      };
+    };
+  };
+
+  meta.maintainers = with maintainers; [ robin ];
+}
+
+#+end_src
+
 * Heisenbridge
 :PROPERTIES:
 :ID:       20220218T215521.617327
@@ -334,6 +521,7 @@ groups:
       type: PDU
 #+end_src
 
+* NEXT mautrix-signal
 * NEXT matrix-dimension
 * NEXT mx-puppet-slack
 * NEXT validate database setup

navigating_projects_with_projectile.org

@@ -3,16 +3,18 @@
 :END:
 #+TITLE: Navigating Projects With Projectile
 #+filetags: :Emacs:CCE:Coding:
+
 #+PROPERTY: header-args            :mkdirp yes :results none
 #+PROPERTY: header-args:emacs-lisp :tangle projectile.el
-#+ARROYO_EMACS_MODULE: projectile
+
 #+ARCOLOGY_KEY: cce/projectile
 #+ARCOLOGY_ALLOW_CRAWL: t
-#+CCE_PRIORITY: 60
-#+ARROYO_MODULE_WANTS: 	cce/deadgrep.org
-#+ARROYO_MODULE_WANTS: 	cce/selectrum_etc.org
-#+ARROYO_MODULE_WANTS: 	cce/hydra.org
-#+ARROYO_MODULE_WANTS: 	cce/emacs_and_the_language_server_protocol.org
+
+#+ARROYO_EMACS_MODULE: projectile
+#+ARROYO_MODULE_WANTS: cce/deadgrep.org
+#+ARROYO_MODULE_WANTS: cce/selectrum_etc.org
+#+ARROYO_MODULE_WANTS: cce/hydra.org
+#+ARROYO_MODULE_WANTS: cce/emacs_and_the_language_server_protocol.org
 
 Projectile, and =hydra-projectile= are the tools I use to move around a project's source code. Projectile defines a wealth of [[id:a7420bb9-395f-4afa-92fb-8eaa0b8a4cd8][Tool]]s to enable [[id:cce/emacs][Emacs]] to work with all sorts of different code projects, I can't really stress how useful this package is. My hydra uses a lot of functionality from other places, for example [[id:cce/deadgrep][Deadgrep]] and [[id:cce/selectrum_etc][Selectrum, etc]].
 

nginx.org

@@ -20,7 +20,7 @@ Nginx is fine, I guess. I use it to host my sites and proxy my apps. This is the
 {
   imports = [
     ./nginx-staticsites.nix
-    # ./wobserver-acme.nix
+    ./wobserver-acme.nix
   ];
 
   services.nginx = {
@@ -60,8 +60,6 @@ Nginx is fine, I guess. I use it to host my sites and proxy my apps. This is the
       ];
     };
   };
-
-  # <<security.acme>>
 }
 #+end_src
 
@@ -71,47 +69,62 @@ Nginx is fine, I guess. I use it to host my sites and proxy my apps. This is the
 :ROAM_ALIASES: "Let's Encrypt on NixOS" "ACME on NixOS"
 :END:
 
-I use [[https://letsencrypt.org/][Lets Encrypt]] for my DNS, I really like 'em.
+I use [[https://letsencrypt.org/][Lets Encrypt]] for my SSL, I really like 'em.
 
 #+begin_src nix :tangle ~/arroyo-nix/nixos/wobserver-acme.nix
 { ... }:
 
-{
+rec {
   security.acme = {
     defaults.email = "acme@rix.si";
     acceptTerms = true;
   };
+
+  # temporary forward hosts
+  # security.acme.certs."media.whatthefuck.copmuter" = {
+  #   webroot = "/var/lib/acme/acme-challenge";
+  #   extraDomainNames = [
+  #     "notes.whatthefuck.computer"
+  #   ];
+  # };
+  services.nginx.virtualHosts."media.whatthefuck.computer" = {
+    addSSL = true;
+    sslCertificate = "/var/lib/nginx/certs/fontkeming.fail_cert.pem";
+    sslCertificateKey = "/var/lib/nginx/certs/fontkeming.fail_key.pem";
+  };
+  services.nginx.virtualHosts."notes.whatthefuck.computer" = services.nginx.virtualHosts."media.whatthefuck.computer";
+
   # 'internal' hosts
-  security.acme.certs."fontkeming.fail" = {
-    webroot = "/var/lib/acme/acme-challenge";
-    extraDomainNames = [
-      "home.rix.si"
-      "dns.fontkeming.fail"
-    ];
-  };
+  # security.acme.certs."fontkeming.fail" = {
+  #   webroot = "/var/lib/acme/acme-challenge";
+  #   extraDomainNames = [
+  #     "home.rix.si"
+  #     "dns.fontkeming.fail"
+  #   ];
+  # };
 
-  # site hosts
-  security.acme.certs."rix.si" = {
-    webroot = "/var/lib/acme/acme-challenge";
-    extraDomainNames = [
-      "whatthefuck.computer" "notes.whatthefuck.computer" 
-      "afd.fontkeming.fail" "dev.arcology.garden"
-      "dongiverse.com" "kickass.systems"
-      "ring.whatthefuck.computer"
-      "lionsrear.com" "arcology.garden" "cce.arcology.garden"
-    ];
-  };
+  # # site hosts
+  # security.acme.certs."rix.si" = {
+  #   webroot = "/var/lib/acme/acme-challenge";
+  #   extraDomainNames = [
+  #     "whatthefuck.computer" "notes.whatthefuck.computer" 
+  #     "afd.fontkeming.fail" "dev.arcology.garden"
+  #     "dongiverse.com" "kickass.systems"
+  #     "ring.whatthefuck.computer"
+  #     "lionsrear.com" "arcology.garden" "cce.arcology.garden"
+  #   ];
+  # };
 
-  # app hosts
-  security.acme.certs."files.fontkeming.fail" = {
-    webroot = "/var/lib/acme/acme-challenge";
-    extraDomainNames = [
-      "code.rix.si"
-      "bag.fontkeming.fail"
-      "matrix.fontkeming.fail" 
-      "dimension.fontkeming.fail"
-    ];
-  };
+  # # app hosts
+  # security.acme.certs."files.fontkeming.fail" = {
+  #   webroot = "/var/lib/acme/acme-challenge";
+  #   extraDomainNames = [
+  #     "code.rix.si"
+  #     "bag.fontkeming.fail"
+  #     "matrix.fontkeming.fail" 
+  #     "dimension.fontkeming.fail"
+  #   ];
+  # };
 }
 #+end_src
 

nixos-laptop-framework.org

@@ -21,17 +21,50 @@ The only other thing to consider is to make sure the kernel is new enough to sup
 
 This can't just be blindly included in all my endpoints since it defines kernel params, but here's how it could be: 
 
-: #+ARROYO_NIXOS_MODULE: nixos/framework-laptop.nix
-: #+ARROYO_SYSTEM_ROLE: endpoint
+* AMD Ryzen 5
 
-It's actually just included directly in the [[id:20211029T115928.954970][Virtuous Cassette]] morph host manifest.
+Don't have to fiddle with powermanagement like I did on the Intel 11th gen below. Upgraded the internals in a 30 minute swap on [2023-12-28 Thu]. Had to run =NIXOS_INSTALL_BOOTLOADER=1 /run/current-system/bin/switch-to-configuration boot= to get grub reinstalled. In theory I could have moved back to =systemd-boot= with =bootctl install= and some configuration changes in [[id:20211029T115928.954970][Virtuous Cassette]] manifest but decided not to.
 
-#+begin_src nix :tangle ~/arroyo-nix/nixos/framework-laptop.nix
+#+begin_src nix :tangle ~/arroyo-nix/nixos/framework-laptop-intel11.nix
 { pkgs, ... }:
 
 {
-  boot.kernelParams = [ "mem_sleep_default=deep" ];
-#  boot.kernelPackages = pkgs.linuxPackages_5_15;
+  powerManagement.powertop.enable = true;
+
+  services.fwupd = {
+    enable = true;
+    extraRemotes = ["lvfs-testing"];
+    # per Frame.work LVFS docs
+    uefiCapsuleSettings = {
+      DisableCapsuleUpdateOnDisk = true;
+    };
+  };
+  hardware.rasdaemon.enable = true;
+  # services.fprintd.enable = true;
+
+  services.xserver.dpi = 204;
+}
+#+end_src
+
+* Intel 11th gen
+
+Okay this is the first incarnation of the Framework, I think I had a batch 4 build, and it was basically fine but also really furstrating since it kept cooking DDR4 and I could never get low power suspend working right. Don't trust these kernel params.
+
+#+begin_src nix :tangle ~/arroyo-nix/nixos/framework-laptop-intel11.nix
+{ pkgs, ... }:
+
+{
+  boot.kernelParams = [
+    # if si0x below doesn't work
+    # "mem_sleep_default=deep"
+    # Fixes a regression in s2idle, making it more power efficient than deep sleep
+    "acpi_osi=\"!Windows 2020\""
+    # For Power consumption
+    # https://community.frame.work/t/linux-battery-life-tuning/6665/156
+    "nvme.noacpi=1"
+  ];
+  powerManagement.powertop.enable = true;
+
   services.fwupd = {
     enable = true;
     extraRemotes = ["lvfs-testing"];
@@ -48,3 +81,29 @@ It's actually just included directly in the [[id:20211029T115928.954970][Virtuou
 #+end_src
 
 I don't use fprintd since i hate configuring PAM and don't feel like figuring out how to configure it in the way i actually want to use a fingerprint reader... Consider instead how easy it was to get this laptop working, it doesn't really need special configuration.
+
+(This page will not be included in tables of content or anything that relies on the Arroyo keywords because it's imported directly in the [[id:20211029T115928.954970][Virtuous Cassette]] morph derivation)
+** Resources for S0ix/Modern Standby
+
+I really would like good low-power suspend... =mem_sleep_default=deep= means it takes like 7 seconds for my laptop to wake up.
+
+*** [[https://wiki.archlinux.org/title/Power_management/Suspend_and_hibernate][Power management/Suspend and hibernate - ArchWiki]] 
+:PROPERTIES:
+:ROAM_REF: [[https://wiki.archlinux.org/title/Power_management/Suspend_and_hibernate]]
+:ID:       20231019T100740.349947
+:END:
+[2023-10-19 Thu 10:07]
+
+*** [[https://web.archive.org/web/20230614200306/https:/01.org/blogs/qwang59/2020/linux-s0ix-troubleshooting][Linux* S0ix Troubleshooting | 01.org]] 
+:PROPERTIES:
+:ROAM_REF: [[https://web.archive.org/web/20230614200306/https:/01.org/blogs/qwang59/2020/linux-s0ix-troubleshooting]]
+:ID:       20231019T101002.158310
+:END:
+[2023-10-19 Thu 10:09]
+
+*** [[https://web.archive.org/web/20230614200816/https:/01.org/blogs/qwang59/2018/how-achieve-s0ix-states-linux][How to achieve S0ix states in Linux* | 01.org]] 
+:PROPERTIES:
+:ROAM_REF: [[https://web.archive.org/web/20230614200816/https:/01.org/blogs/qwang59/2018/how-achieve-s0ix-states-linux]]
+:ID:       20231019T101024.833787
+:END:
+[2023-10-19 Thu 10:10]

nixos-laptop.org

@@ -55,11 +55,17 @@ Bits and Bobbins not worth showing anywhere else. This will need a =mkIf= if I e
 
   hardware.opengl = {
     enable = true;
-    extraPackages = [
-      pkgs.vaapiIntel
+    extraPackages = with pkgs; [
+      (if (lib.versionOlder (lib.versions.majorMinor lib.version) "23.11") then vaapiIntel else intel-vaapi-driver)
+      libvdpau-va-gl
+      intel-media-driver
     ];
   };
 
+  environment.variables = {
+    VDPAU_DRIVER = lib.mkIf config.hardware.opengl.enable (lib.mkDefault "va_gl");
+  };
+
   virtualisation.docker = {
     enable = true;
     autoPrune.enable = true;

plasma_browser_integration.org

@@ -5,11 +5,11 @@
 #+filetags: :Emacs:CCE:Web:Browser:
 #+PROPERTY: header-args            :mkdirp yes :results none
 #+PROPERTY: header-args:emacs-lisp :tangle plasma-browser.el
+
 #+ARROYO_EMACS_MODULE: plasma-browser
+#+ARROYO_MODULE_WANTS: cce/evil_mode.org
 #+ARCOLOGY_KEY: cce/plasma-browser
 #+ARCOLOGY_ALLOW_CRAWL: t
-#+CCE_PRIORITY: 50
-#+CCE_PREDICATE: (and (cce/using-linux) (cce/has-display-frames))
 
 #+begin_src emacs-lisp
 (provide 'cce/plasma-browser)

python.org

@@ -57,10 +57,10 @@ in {
 
 #+begin_src emacs-lisp 
 (use-package lsp-pyright
-  :after (python-mode lsp)
-  :hook
-  (python-mode . lsp)
-  (python-mode . company-mode)
+  :after lsp
+  :config
+  (add-hook 'python-mode-hook #'lsp)
+  (add-hook 'python-mode-hook #'company-mode)
   :bind (:map python-mode-map
               ("C-<tab>" . company-lsp)))
 

ruby_on_rails.org

@@ -5,16 +5,17 @@
 #+TITLE: Ruby and Rails in Emacs
 #+filetags: :CCE:Emacs:Coding:
 
-#+ARCOLOGY_KEY: cce/ruby
-#+ARCOLOGY_ALLOW_CRAWL: t
+#+AUTO_TANGLE: t
 
 #+PROPERTY: header-args            :mkdirp yes :results none
 #+PROPERTY: header-args:emacs-lisp :tangle ruby.el
 #+PROPERTY: header-args:yaml       :tangle roles/endpoint/tasks/ruby.yml
 
-#+AUTO_TANGLE: t
+#+ARCOLOGY_KEY: cce/ruby
+#+ARCOLOGY_ALLOW_CRAWL: t
 
 #+ARROYO_EMACS_MODULE: ruby
+#+ARROYO_MODULE_WANTS: cce/evil_mode.org
 
 *Right now this is disabled*: in the future my rails dev projects should "just" ship a =shell.nix= for [[id:c75d20e6-8888-4c5a-ac97-5997e2f1c711][Nix]].
 

syncthing.org

@@ -52,7 +52,8 @@ I have some functions which help deal with conflicts:
 (defun cce/syncthing-deconflict--possible-pairs (dir)
   (->> (f-directories dir)
        (append (list dir))
-       (--map (f-glob "*sync-conflict*.org" it))
+       (--map (or (f-glob "*sync-conflict*.org" it)
+                  (f-glob "*sync-conflict*.nix" it)))
        (-flatten)
        (--map (list it (replace-regexp-in-string (rx (seq (literal ".sync-conflict") (one-or-more (not ".")) )) "" it)))))
 

using_yubikey_as_an_otp_key.org

@@ -8,6 +8,7 @@
 #+PROPERTY: header-args:yaml       :tangle roles/endpoint/tasks/yubikey-otp.yml
 
 #+ARROYO_EMACS_MODULE: yubikey-otp
+#+ARROYO_MODULE_WANTS: cce/evil_mode.org
 
 #+ARCOLOGY_KEY: cce/yubikey-otp
 #+ARCOLOGY_ALLOW_CRAWL: t