diff options
Diffstat (limited to 'nixos')
23 files changed, 0 insertions, 1393 deletions
diff --git a/nixos/.sops.yaml b/nixos/.sops.yaml index 030fefe..f6cb8c7 100644 --- a/nixos/.sops.yaml +++ b/nixos/.sops.yaml @@ -1,15 +1,9 @@ keys: - &sefidel 387E2BF0402610B00A9CB7E689C80C5BD6DBE2B2 - &host_alpha c62b0336ff6e444e5f2041e8074ca855641a5b7f - - &host_cobalt 9794c486d5673ff6613f6cde774d4895eb911703 creation_rules: - path_regex: alpha/secrets/[^/]+\.yaml$ key_groups: - pgp: - *sefidel - *host_alpha - - path_regex: cobalt/secrets/[^/]+\.yaml$ - key_groups: - - pgp: - - *sefidel - - *host_cobalt diff --git a/nixos/cobalt/configuration.nix b/nixos/cobalt/configuration.nix deleted file mode 100644 index a3c77da..0000000 --- a/nixos/cobalt/configuration.nix +++ /dev/null @@ -1,145 +0,0 @@ -{ config, pkgs, lib, ... }: -let - ipv4 = { - address = "95.216.74.104"; - gateway = "95.216.74.65"; - netmask = "255.255.255.192"; - prefixLength = 26; # https://www.pawprint.net/designresources/netmask-converter.php - }; - ipv6 = { - address = "2a01:4f9:2b:a98::"; - gateway = "fe80::1"; - prefixLength = 64; - }; - networkInterface = "eth0"; - hostName = "cobalt"; - hostId = "712ae82a"; -in -{ - imports = - [ - ./hardware-configuration.nix - - ./services/acme.nix - ./services/nginx.nix - ./services/fail2ban.nix - ./services/soju.nix - ./services/gitolite.nix - ./services/git-daemon.nix - ./services/cgit.nix - ./services/dendrite.nix - ./services/akkoma.nix - ]; - - boot.supportedFilesystems = [ "zfs" ]; - networking.hostId = hostId; - - boot.loader.grub.enable = true; - # boot.loader.grub.version = 2; - boot.loader.grub.efiSupport = false; - # boot.loader.grub.device = "nodev"; - - # This should be done automatically, but explicitly declare it just in case. - boot.loader.grub.copyKernels = true; - # Make sure that you've listed all of the boot partitions here. - boot.loader.grub.mirroredBoots = [ - { path = "/boot"; devices = [ "/dev/disk/by-id/ata-ST4000NM0245-1Z2107_ZC17GW7G" ]; } - { path = "/boot-fallback"; devices = [ "/dev/disk/by-id/ata-ST4000NM0245-1Z2107_ZC17GWB2" ]; } - ]; - - # Boot normally when one of the boot partitions are missing - fileSystems."/boot".options = [ "nofail" ]; - fileSystems."/boot-fallback".options = [ "nofail" ]; - - # Erase your darlings - boot.initrd.postDeviceCommands = lib.mkAfter '' - zfs rollback -r rpool/local/root@blank - ''; - - # NOTE: replace these to boot.initrd.availableKernelModules? - boot.kernelModules = [ "e1000e" ]; - boot.initrd.kernelModules = [ "e1000e" ]; - - boot.kernelParams = [ - # See <https:#www.kernel.org/doc/Documentation/filesystems/nfs/nfsroot.txt> for documentation. - # ip=<client-ip>:<server-ip>:<gw-ip>:<netmask>:<hostname>:<device>:<autoconf>:<dns0-ip>:<dns1-ip>:<ntp0-ip> - # The server ip refers to the NFS server -- not needed in this case. - "ip=${ipv4.address}::${ipv4.gateway}:${ipv4.netmask}:${hostName}-initrd:${networkInterface}:off:8.8.8.8" - ]; - - boot.initrd.network.enable = true; - boot.initrd.network.ssh = { - enable = true; - - # Using the same port as the actual SSH will cause clients to throw errors - # related to host key mismatch. - port = 2222; - - # This takes 'path's, not 'string's. - hostKeys = [ - /boot/initrd-ssh-key - /boot-fallback/initrd-ssh-key - ]; - - # Public ssh key to log into the initrd ssh - authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDi7GGOGVj1Y5Sc1EW6zEdrp78dS6hvmS348pqu9dUsB openpgp:0x6BE7BD6F" ]; - }; - boot.initrd.network.postCommands = '' - cat <<EOF > /root/.profile - if pgrep -x "zfs" > /dev/null - then - zfs load-key -a - killall zfs - else - echo "ZFS is not running -- this could be a sign of failure." - fi - EOF - ''; - - - networking.hostName = hostName; - - networking.useDHCP = false; - networking.interfaces.${networkInterface} = { - ipv4 = { addresses = [{ address = ipv4.address; prefixLength = ipv4.prefixLength; }]; }; - ipv6 = { addresses = [{ address = ipv6.address; prefixLength = ipv6.prefixLength; }]; }; - }; - networking.defaultGateway = ipv4.gateway; - networking.defaultGateway6 = { address = ipv6.gateway; interface = networkInterface; }; - networking.nameservers = [ "8.8.8.8" ]; - - networking.firewall.enable = true; - - time.timeZone = "UTC"; - - users.users.root.initialHashedPassword = ""; - users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDi7GGOGVj1Y5Sc1EW6zEdrp78dS6hvmS348pqu9dUsB openpgp:0x6BE7BD6F" ]; - services.openssh.enable = true; - services.openssh.permitRootLogin = "prohibit-password"; - - services.openssh.hostKeys = [ - { - path = "/persist/ssh/ssh_host_ed25519_key"; - type = "ed25519"; - } - { - path = "/persist/ssh/ssh_host_rsa_key"; - type = "rsa"; - bits = 4096; - } - ]; - - # impermanence requirement - fileSystems."/persist".neededForBoot = true; - - sops.defaultSopsFile = ./secrets/secrets.yaml; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "23.05"; # Did you read the comment? -} - diff --git a/nixos/cobalt/hardware-configuration.nix b/nixos/cobalt/hardware-configuration.nix deleted file mode 100644 index 95ecb96..0000000 --- a/nixos/cobalt/hardware-configuration.nix +++ /dev/null @@ -1,65 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { - device = "rpool/local/root"; - fsType = "zfs"; - }; - - fileSystems."/boot" = - { - device = "/dev/disk/by-uuid/445A-0C55"; - fsType = "vfat"; - }; - - fileSystems."/boot-fallback" = - { - device = "/dev/disk/by-uuid/445C-198F"; - fsType = "vfat"; - }; - - fileSystems."/nix" = - { - device = "rpool/local/nix"; - fsType = "zfs"; - }; - - fileSystems."/home" = - { - device = "rpool/safe/home"; - fsType = "zfs"; - }; - - fileSystems."/persist" = - { - device = "rpool/safe/persist"; - fsType = "zfs"; - }; - - swapDevices = [ ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. - networking.useDHCP = lib.mkDefault false; - # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/nixos/cobalt/modules/git-daemon.nix b/nixos/cobalt/modules/git-daemon.nix deleted file mode 100644 index 76b395e..0000000 --- a/nixos/cobalt/modules/git-daemon.nix +++ /dev/null @@ -1,137 +0,0 @@ -{ config, lib, pkgs, ... }: -with lib; -let - - cfg = config.services.gitDaemon; - -in -{ - - ###### interface - - options = { - services.gitDaemon = { - - enable = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc '' - Enable Git daemon, which allows public hosting of git repositories - without any access controls. This is mostly intended for read-only access. - - You can allow write access by setting daemon.receivepack configuration - item of the repository to true. This is solely meant for a closed LAN setting - where everybody is friendly. - - If you need any access controls, use something else. - ''; - }; - - basePath = mkOption { - type = types.str; - default = ""; - example = "/srv/git/"; - description = lib.mdDoc '' - Remap all the path requests as relative to the given path. For example, - if you set base-path to /srv/git, then if you later try to pull - git://example.com/hello.git, Git daemon will interpret the path as /srv/git/hello.git. - ''; - }; - - exportAll = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc '' - Publish all directories that look like Git repositories (have the objects - and refs subdirectories), even if they do not have the git-daemon-export-ok file. - - If disabled, you need to touch .git/git-daemon-export-ok in each repository - you want the daemon to publish. - - Warning: enabling this without a repository whitelist or basePath - publishes every git repository you have. - ''; - }; - - repositories = mkOption { - type = types.listOf types.str; - default = [ ]; - example = [ "/srv/git" "/home/user/git/repo2" ]; - description = lib.mdDoc '' - A whitelist of paths of git repositories, or directories containing repositories - all of which would be published. Paths must not end in "/". - - Warning: leaving this empty and enabling exportAll publishes all - repositories in your filesystem or basePath if specified. - ''; - }; - - listenAddress = mkOption { - type = types.str; - default = ""; - example = "example.com"; - description = lib.mdDoc "Listen on a specific IP address or hostname."; - }; - - port = mkOption { - type = types.port; - default = 9418; - description = lib.mdDoc "Port to listen on."; - }; - - options = mkOption { - type = types.str; - default = ""; - description = lib.mdDoc "Extra configuration options to be passed to Git daemon."; - }; - - user = mkOption { - type = types.str; - default = "git"; - description = lib.mdDoc "User under which Git daemon would be running."; - }; - - group = mkOption { - type = types.str; - default = "git"; - description = lib.mdDoc "Group under which Git daemon would be running."; - }; - - createUserAndGroup = mkOption { - type = types.bool; - default = true; - description = lib.mdDoc '' - Create the specified group and user. - Disable this option if you want to use the existing user - ''; - }; - }; - }; - - ###### implementation - - config = mkIf cfg.enable { - - users.users.${cfg.user} = optionalAttrs (cfg.createUserAndGroup == true) { - uid = config.ids.uids.git; - group = cfg.group; - description = "Git daemon user"; - }; - - users.groups.${cfg.group} = optionalAttrs (cfg.createUserAndGroup == true) { - gid = config.ids.gids.git; - }; - - systemd.services.git-daemon = { - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - script = "${pkgs.git}/bin/git daemon --reuseaddr " - + (optionalString (cfg.basePath != "") "--base-path=${cfg.basePath} ") - + (optionalString (cfg.listenAddress != "") "--listen=${cfg.listenAddress} ") - + "--port=${toString cfg.port} --user=${cfg.user} --group=${cfg.group} ${cfg.options} " - + "--verbose " + (optionalString cfg.exportAll "--export-all ") + concatStringsSep " " cfg.repositories; - }; - - }; - -} diff --git a/nixos/cobalt/modules/soju.nix b/nixos/cobalt/modules/soju.nix deleted file mode 100644 index d14082c..0000000 --- a/nixos/cobalt/modules/soju.nix +++ /dev/null @@ -1,132 +0,0 @@ -# Not an overlay, module replacement -{ config, lib, pkgs, ... }: - -with lib; - -let - cfg = config.services.soju; - stateDir = "/var/lib/soju"; - listenCfg = concatMapStringsSep "\n" (l: "listen ${l}") cfg.listen; - tlsCfg = optionalString (cfg.tlsCertificate != null) - "tls ${cfg.tlsCertificate} ${cfg.tlsCertificateKey}"; - logCfg = optionalString cfg.enableMessageLogging - "log fs ${stateDir}/logs"; - - configFile = pkgs.writeText "soju.conf" '' - ${listenCfg} - hostname ${cfg.hostName} - ${tlsCfg} - db sqlite3 ${stateDir}/soju.db - ${logCfg} - http-origin ${concatStringsSep " " cfg.httpOrigins} - accept-proxy-ip ${concatStringsSep " " cfg.acceptProxyIP} - - ${cfg.extraConfig} - ''; -in -{ - ###### interface - - options.services.soju = { - enable = mkEnableOption (lib.mdDoc "soju"); - - listen = mkOption { - type = types.listOf types.str; - default = [ ":6697" ]; - description = lib.mdDoc '' - Where soju should listen for incoming connections. See the - `listen` directive in - {manpage}`soju(1)`. - ''; - }; - - hostName = mkOption { - type = types.str; - default = config.networking.hostName; - defaultText = literalExpression "config.networking.hostName"; - description = lib.mdDoc "Server hostname."; - }; - - tlsCertificate = mkOption { - type = types.nullOr types.path; - default = null; - example = "/var/host.cert"; - description = lib.mdDoc "Path to server TLS certificate."; - }; - - tlsCertificateKey = mkOption { - type = types.nullOr types.path; - default = null; - example = "/var/host.key"; - description = lib.mdDoc "Path to server TLS certificate key."; - }; - - enableMessageLogging = mkOption { - type = types.bool; - default = true; - description = lib.mdDoc "Whether to enable message logging."; - }; - - httpOrigins = mkOption { - type = types.listOf types.str; - default = [ ]; - description = lib.mdDoc '' - List of allowed HTTP origins for WebSocket listeners. The parameters are - interpreted as shell patterns, see - {manpage}`glob(7)`. - ''; - }; - - acceptProxyIP = mkOption { - type = types.listOf types.str; - default = [ ]; - description = lib.mdDoc '' - Allow the specified IPs to act as a proxy. Proxys have the ability to - overwrite the remote and local connection addresses (via the X-Forwarded-\* - HTTP header fields). The special name "localhost" accepts the loopback - addresses 127.0.0.0/8 and ::1/128. By default, all IPs are rejected. - ''; - }; - - extraConfig = mkOption { - type = types.lines; - default = ""; - description = lib.mdDoc "Lines added verbatim to the configuration file."; - }; - - extraGroups = mkOption { - type = types.listOf types.str; - default = [ ]; - description = lib.mdDoc "Extra groups for the dynamic user."; - }; - }; - - ###### implementation - - config = mkIf cfg.enable { - assertions = [ - { - assertion = (cfg.tlsCertificate != null) == (cfg.tlsCertificateKey != null); - message = '' - services.soju.tlsCertificate and services.soju.tlsCertificateKey - must both be specified to enable TLS. - ''; - } - ]; - - systemd.services.soju = { - description = "soju IRC bouncer"; - wantedBy = [ "multi-user.target" ]; - after = [ "network-online.target" ]; - serviceConfig = { - DynamicUser = true; - SupplementaryGroups = cfg.extraGroups; - Restart = "always"; - ExecStart = "${pkgs.soju}/bin/soju -config ${configFile}"; - StateDirectory = "soju"; - }; - }; - }; - - meta.maintainers = with maintainers; [ malvo ]; -} diff --git a/nixos/cobalt/secrets/secrets.yaml b/nixos/cobalt/secrets/secrets.yaml deleted file mode 100644 index bbc771a..0000000 --- a/nixos/cobalt/secrets/secrets.yaml +++ /dev/null @@ -1,44 +0,0 @@ -hetzner-dns-key: ENC[AES256_GCM,data:Ir3gRLc8XXIOC8Vjm43gLAmuhyDw5wysOsTCXlJfBQTcpingEbCENc4+eziStyF6,iv:5R4k9Yb8AJjavSivhs19RWrNh7r3rtkrbB6HdZZudqc=,tag:2tFXwQOXKZKYt/qwfsRr7A==,type:str] -matrix-server-key: ENC[AES256_GCM,data:QZD2CkgHco86GQBb3dQKjBX8oRQ44R7lsK+ZOPzCjtE5Su338b8Tzj5NoKepuodRsdprUPO62yTSIbRFA79E34y4T5oXoq4UyFXX32MfsThVaqxPgyGh369jYfTx405RFGCfxLTXwLTrsHeR3oPm3q9QTWOWRwPQw3NWznq0b+0SJLbA8wQx/cE=,iv:wv93ER7yhvNg87EhmMSR3QoK6ThTrBhhhe2f5zGS3mU=,tag:NV8TvGTnTTF0U4LiRAlFcQ==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: [] - lastmodified: "2023-02-06T09:17:19Z" - mac: ENC[AES256_GCM,data:MvOZ8lkcuULUa82fL7DqT2Qkl89+z42O+CivmD1iuFroYQ2NUtLAf5Nn58Ta/Lj8YhI4Y/RiMM8l/1Kbn/FbC6oLMLhj+5P7n3s/4W5tW+OlXgd0qLorZHqdx/WTra84QmoII9KA/F4UHcJML2xbRPGZDZ5m9VkIfgMd3s4r+ps=,iv:z8nx0yqvY1bXOJ2APh6wVyITXOOzpuyZuiHt/PrYDKI=,tag:0pJLyfY8U8tCj2IUFQmz2g==,type:str] - pgp: - - created_at: "2023-02-05T09:56:11Z" - enc: | - -----BEGIN PGP MESSAGE----- - - hF4Dr9flwPWa1q8SAQdAtFIasB4kQZqTb7d1+2X6i3W7xHM/BnU87nUBzjgARwAw - cDezIZDi9L0IKZt/pui44uCJHBQKLZ9rGHuVKqY3R0Hsv06D2Lmgm6z9agano1JZ - 0l4BUstc9knAl/dqAoNcLs+0Ehb84EYUxPfJowAnZaDbH5oaB0ke24Ug6gpHnejc - 2eilh+Gnu4hEtrob//BQ0FSEn/PlLHjedqKJuJG0+w19sTZD5BPPj2ydbWLU6DYL - =3baE - -----END PGP MESSAGE----- - fp: 387E2BF0402610B00A9CB7E689C80C5BD6DBE2B2 - - created_at: "2023-02-05T09:56:11Z" - enc: | - -----BEGIN PGP MESSAGE----- - - hQIMA3dNSJXrkRcDAQ/8DD0yVDj+CfykNQ6GupMBfKpNrEByupAijeMQKrPGSLAi - TKI0vi7Bh5UwxbhS9DZWnZqDnApba0/0S4t7oeRNTGjDusZJ4C1pglQY022hRvzh - AGvWwVnilg57ccqWW42eScqGL9ohtRTc2nFjWEXr2rc9w4CyjxzT46ZmYUo1zV7B - XXTn5TdpcRiFx81rvriW+L2BLE4Bd0nUeNxnL7FWG9mO+yaJtuv0lXtO5A3cGTn1 - 0hERax7VyCxzV78PHHtYVzkSY5ZVfpLH8su/Wg3dgMa6goMFmufnXPFr1l3HCQMH - oF2qEaWu3mP8efpSgstCDFMlH+i8wAbhPMFVwcN8kxPox9JACGmlqIvbCgOOwfKQ - eoQKkZPRpNuuK3e/+NddFqf+Eex5lh7v+iFk6PXZWqxzdOAjenWR53Gww5gFBJj+ - bt6qvS/8Z7Hq8zNWD1eHhUj+ywazxuUrtUz7TOMRbfcGqaeFTAJntTc1pIu4GNcA - ut0fSyQr/xoTxv4J1Zyz4GnAzuJKE4fB4LCeonXLwIEU/MsV0sNKwUcgRL4oimYO - xDJ44rbKzHNX1cmmh3bVrdezJSqTNiG/5DCdYi8iqGcUzvUfkhhzT44VcUI7MIgI - VhLLk21M3eITbXKNPbOvkbXm/y1EeDeVNLg1JeqcXA43V5RBOKw3qKFheD+Se3bS - WAHZQxWslmuEvXVgWiewK+sh0x3uY7dCHN3Tcs1dggonAZBD1MIaKNutmPT1h8Nx - NtXsIaXB23oTv5xZ7R6b5B0NnVUFFok4VzYwSZBxPDBX9RQp9ErYX/o= - =uD2V - -----END PGP MESSAGE----- - fp: 9794c486d5673ff6613f6cde774d4895eb911703 - unencrypted_suffix: _unencrypted - version: 3.7.3 diff --git a/nixos/cobalt/services/README.md b/nixos/cobalt/services/README.md deleted file mode 100644 index 89d9ca5..0000000 --- a/nixos/cobalt/services/README.md +++ /dev/null @@ -1,5 +0,0 @@ -# colmena/cobalt/services - -A list of 'pluggable' services. -TODO: this should be moved to /modules/ and -converted to modules. diff --git a/nixos/cobalt/services/acme.nix b/nixos/cobalt/services/acme.nix deleted file mode 100644 index f8816d4..0000000 --- a/nixos/cobalt/services/acme.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ config, ... }: - -let - poorObfuscation = y: x: "${x}@${y}"; -in -{ - sops.secrets.hetzner-dns-key = { - owner = "acme"; - }; - - security.acme = { - acceptTerms = true; - defaults.email = poorObfuscation "sefidel.com" "postmaster"; - certs = { - "sefidel.com" = { - domain = "sefidel.com"; - extraDomainNames = [ - "bouncer.sefidel.com" - "git.sefidel.com" - "matrix.sefidel.com" - "social.sefidel.com" - ]; - dnsProvider = "hetzner"; - dnsPropagationCheck = true; - credentialsFile = config.sops.secrets.hetzner-dns-key.path; - }; - }; - }; - - environment.persistence."/persist".directories = [ - "/var/lib/acme" - ]; -} diff --git a/nixos/cobalt/services/akkoma-assets/blocklist.toml b/nixos/cobalt/services/akkoma-assets/blocklist.toml deleted file mode 100644 index e5eac7a..0000000 --- a/nixos/cobalt/services/akkoma-assets/blocklist.toml +++ /dev/null @@ -1,163 +0,0 @@ -[followers_only] - -[media_nsfw] - -[reject] -"*.tk" = "Free TLD" -"*.ml" = "Free TLD" -"*.ga" = "Free TLD" -"*.cf" = "Free TLD" -"*.gq" = "Free TLD" -# Reject list from chaos.social at 2023-02-06 -"activitypub-proxy.cf" = "Only exists to evade instance blocks, details" -"activitypub-troll.cf" = "Spam" -"aethy.com" = "Lolicon" -"bae.st" = "Discrimination, racism, “free speech zone”" -"baraag.net" = "Lolicon" -"banepo.st" = "Homophobia" -"beefyboys.club" = "Discrimination, racism, “free speech zone”" -"beefyboys.win" = "Discrimination, racism, “free speech zone”" -"beta.birdsite.live" = "Twitter crossposter" -"birb.elfenban.de" = "Twitter crossposter" -"bird.evilcyberhacker.net" = "Twitter crossposter" -"bird.froth.zone" = "Twitter crossposter" -"bird.geiger.ee" = "Twitter crossposter" -"bird.im-in.space" = "Twitter crossposter" -"bird.istheguy.com" = "Twitter crossposter" -"bird.karatek.net" = "Twitter crossposter" -"bird.makeup" = "Twitter crossposter" -"bird.nzbr.de" = "Twitter crossposter" -"bird.r669.live" = "Twitter crossposter" -"bird.seafoam.space" = "Twitter crossposter" -"birdbots.leptonics.com" = "Twitter crossposter" -"birdsite.b93.dece.space" = "Twitter crossposter" -"birdsite.blazelights.dev" = "Twitter crossposter" -"birdsite.frog.fashion" = "Twitter crossposter" -"birdsite.gabeappleton.me" = "Twitter crossposter" -"birdsite.james.moody.name" = "Twitter crossposter" -"birdsite.koyu.space" = "Twitter crossposter" -"birdsite.lakedrops.com" = "Twitter crossposter" -"birdsite.link" = "Twitter crossposter" -"birdsite.monster" = "Twitter crossposter" -"birdsite.oliviaappleton.com" = "Twitter crossposter" -"birdsite.platypush.tech" = "Twitter crossposter" -"birdsite.slashdev.space" = "Twitter crossposter" -"birdsite.tcjc.uk" = "Twitter crossposter" -"birdsite.thorlaksson.com" = "Twitter crossposter" -"birdsite.toot.si" = "Twitter crossposter" -"birdsite.wilde.cloud" = "Twitter crossposter" -"birdsitelive.ffvo.dev" = "Twitter crossposter" -"birdsitelive.kevinyank.com" = "Twitter crossposter" -"birdsitelive.peanutlasko.com" = "Twitter crossposter" -"birdsitelive.treffler.cloud" = "Twitter crossposter" -"bridge.birb.space" = "Twitter crossposter" -"brighteon.social" = "“free speech zone”" -"cawfee.club" = "Discrimination, racism, “free speech zone”" -"childpawn.shop" = "Pedophilia" -"chudbuds.lol" = "Discrimination, racism, “free speech zone”" -"club.darknight-coffee.eu" = "“free speech zone”" -"clubcyberia.co" = "Homophobia" -"clube.social" = "Harassment" -"comfyboy.club" = "Discrimination, racism" -"cum.camp" = "Harassment" -"cum.salon" = "Misogynic, pedophilia" -"daishouri.moe" = "Fascism, openly advertises with swastika" -"detroitriotcity.com" = "Discrimination, racism, “free speech zone”" -"eientei.org" = "Racism, antisemitism" -"eveningzoo.club" = "Discrimination, racism, “free speech zone”" -"f.haeder.net" = "Discrimination" -"freak.university" = "Pedophilia" -"freeatlantis.com" = "Conspiracy theory instance" -"freecumextremist.com" = "Discrimination, racism, “free speech zone”" -"freefedifollowers.ga" = "Follower spam" -"freespeechextremist.com" = "Discrimination, racism, “free speech zone”" -"frennet.link" = "Discrimination, racism, “free speech zone”" -"froth.zone" = "Calls freespeechextremist their local bubble" -"gab.com/.ai, develop.gab.com" = "Discrimination, racism, “free speech zone”" -"gameliberty.club" = "“free speech zone”" -"gegenstimme.tv" = "“free speech zone”" -"genderheretics.xyz" = "Tagline “Now With 41% More Misgendering!”" -"gitmo.life" = "“free speech zone”" -"gleasonator.com" = "Transphobia, TERFs" -"glindr.org" = "Discrimination" -"glowers.club" = "Discrimination, racism, “free speech zone”" -"honkwerx.tech" = "Racism" -"iamterminally.online" = "Discrimination, racism, “free speech zone”" -"iddqd.social" = "Discrimination, racism, “free speech zone”" -"itmslaves.com" = "“free speech zone”, noagenda affiliated" -"jaeger.website" = "Discrimination, racism, “free speech zone”" -"kenfm.quadplay.tv" = "Conspiracy videos" -"kiwifarms.cc" = "Discrimination" -"lgbtfree.zone" = "Racism, transphobia, all that" -"liberdon.com" = "Conspiracy theories, transphobia, racism" -"libre.tube" = "Promotion of violence and murder, multiple other violations of our rules" -"lolicon.rocks" = "Lolicon" -"lolison.top" = "Lolicon, paedophilia" -"mastinator.com" = "Block evasion, unwanted profile mirroring, and more" -"mastodon.network" = "Instance went down, now porn spam" -"mastodon.popps.org" = "Homophobia" -"mastodong.lol" = "Admin maintains and runs activitypub-proxy.cf" -"meta-tube.de" = "Conspiracy, CoVid19 denier videos https://fediblock.org/blocklist/#meta-tube.de" -"midnightride.rs" = "Discrimination" -"misskey-forkbomb.cf" = "Spam" -"morale.ch" = "Antisemitism and more" -"mstdn.foxfam.club" = "Right wing twitter mirror" -"natehiggers.online" = "Racism" -"newjack.city" = "Exclusive to unwanted follow bots" -"nicecrew.digital" = "Discrimination, racism, “free speech zone”" -"noagendasocial.com" = "“free speech zone”, harassment" -"noagendasocial.nl" = "“free speech zone”, harassment" -"noagendatube.com" = "“free speech zone”, harassment" -"ns.auction" = "Racism etc" -"ohai.su" = "Offline" -"pawoo.net" = "Untagged nfsw content, unwanted follow bots, lolicon" -"paypig.org" = "Racism" -"pieville.net" = "Racism, antisemitism" -"pl.serialmay.link" = "Racism, transphobia" -"pl.tkammer.de" = "Transphobia" -"play.xmr.101010.pl" = "Cryptomining" -"pleroma.kitsunemimi.club" = "Discrimination" -"pleroma.narrativerry.xyz" = "Discrimination, racism, “free speech zone”" -"pleroma.nobodyhasthe.biz" = "Doxxing and discrimination" -"pleroma.rareome.ga" = "Doesn’t respect blocks or status privacy, lolicons" -"poa.st" = "Discrimination" -"podcastindex.social" = "noagenda affiliated" -"poster.place" = "Discrimination, racism, “free speech zone”, harassment in response to blocks" -"qoto.org" = "“free speech zone”, harassment" -"rapemeat.solutions" = "Lolicon and also, like, the domain name" -"rdrama.cc" = "Discrimination, “free speech zone”, racism" -"repl.co" = "Spam" -"rojogato.com" = "Harassment, “free speech zone”" -"ryona.agency" = "Alt-right trolls, harassment" -"seal.cafe" = "Discrimination, racism, “free speech zone”" -"shitpost.cloud" = "“Free speech zone”, antisemitism" -"shitposter.club" = "“Free speech zone”" -"shortstackran.ch" = "Racism, homophobia, “free speech zone”" -"shota.house" = "Lolicon" -"skippers-bin.com" = "Same admin as neckbeard.xyz, same behaviour" -"sleepy.cafe" = "Racism, harassment" -"sneak.berlin" = "privacy violation" -"sneed.social" = "Discrimination, racism, “free speech zone”, nationalism, hate speech, completely unmoderated" -"soc.ua-fediland.de" = "Spam" -"social.ancreport.com" = "Discrimination, racism, “free speech zone”" -"social.lovingexpressions.net" = "Transphobia" -"social.teci.world" = "Discrimination, racism, “free speech zone”" -"social.urspringer.de" = "Conspiracy, CoVid19 denier" -"socnet.supes.com" = "Right wing “free speech zone”" -"solagg.com" = "Scammers" -"spinster.xyz" = "Discrimination, TERFs" -"tastingtraffic.net" = "Homophobia" -"truthsocial.co.in" = "Alt-right trolls" -"tube.kenfm.de" = "Right-wing conspiracy videos" -"tube.querdenken-711.de" = "Right-wing onspiracy videos" -"tweet.pasture.moe" = "Twitter crossposter" -"tweetbridge.kogasa.de" = "Twitter crossposter" -"tweets.icu" = "Twitter crossposter" -"twitter.activitypub.actor" = "Twitter crossposter" -"twitter.doesnotexist.club" = "Twitter crossposter" -"twitterbridge.jannis.rocks" = "Twitter crossposter" -"twtr.plus" = "Twitter crossposter" -"varishangout.net" = "Transphobia and racism go unmoderated, aggressive trolling, lolicon permitted in rules" -"wiki-tube.de" = "Right-wing conspiracy videos (initial video welcomes Querdenken and KenFM)" -"wolfgirl.bar" = "Discrimination, homophobia, unmoderated trolling" -"yggdrasil.social" = "Instance rules: “No LGBTQ. Period. No homosexuality. No men who think they’re women or women who think they’re men. No made up genders.”" diff --git a/nixos/cobalt/services/akkoma-assets/logo.png b/nixos/cobalt/services/akkoma-assets/logo.png Binary files differdeleted file mode 100644 index 7744b1a..0000000 --- a/nixos/cobalt/services/akkoma-assets/logo.png +++ /dev/null diff --git a/nixos/cobalt/services/akkoma-assets/logo.svg b/nixos/cobalt/services/akkoma-assets/logo.svg deleted file mode 100644 index 68e647e..0000000 --- a/nixos/cobalt/services/akkoma-assets/logo.svg +++ /dev/null @@ -1,71 +0,0 @@ -<?xml version="1.0" encoding="UTF-8" standalone="no"?> -<svg - xmlns:dc="http://purl.org/dc/elements/1.1/" - xmlns:cc="http://creativecommons.org/ns#" - xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" - xmlns:svg="http://www.w3.org/2000/svg" - xmlns="http://www.w3.org/2000/svg" - xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd" - xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape" - version="1.1" - id="svg4485" - width="512" - height="512" - viewBox="0 0 512 512" - sodipodi:docname="logo.svg" - inkscape:version="1.0.1 (3bc2e813f5, 2020-09-07)"> - <metadata - id="metadata4491"> - <rdf:RDF> - <cc:Work - rdf:about=""> - <dc:format>image/svg+xml</dc:format> - <dc:type - rdf:resource="http://purl.org/dc/dcmitype/StillImage" /> - <dc:title /> - </cc:Work> - </rdf:RDF> - </metadata> - <defs - id="defs4489" /> - <sodipodi:namedview - pagecolor="#ffffff" - bordercolor="#666666" - borderopacity="1" |
