1 # kernelpanic.cafe service node
3 ## hi from your syslog.
5 MarigoldOS/0x00 is an experimental operating system that attempts to explore what a sustainable computer system might look like. kernelpanic.cafe runs a clearnet fork of MarigoldOS.
7 It is equally happy as a desktop or server specialisation and can switch on-the-fly. Although the public instance is a service node on the yggdrasil network, it is perfectly capable of working on the public internet, as demonstrated by kernelpanic.cafe running many of the profiles in this repository.
9 Nerdfonts are available for purchase. See ./profiles/fonts.nix .
11 Several advanced features are in various stages of implementation, including custom android builds that are preconfigured to use your node and native yggdrasil with alfis support.
13 # NOT INTENDED FOR PUBLIC RELEASE
15 The repository is made public to send snippets to others that may be intersted in the project, but it should currently be considered pre-alpha and is not currently intended for public release. Documentation is zero and it should currently be considered unstable as development happens on the public server so some services listed below (or the entire server) may have intermittent availability.
17 That said the developer uses it on his daily-driver and it should run fine with only a minimal amount of manual configuration. Feel free to contact me on email `echo "sy@Xiuliejblrs.sbni" | tr subterminalXjoy crablikefunkpow` or matrix `echo "@sy:Xiuliejblrs.sbni" | tr subterminalXjoy crablikefunkpow` and I can help you get running quickly.
19 # Using this node (lol)
21 **TL;DR From after connecting to the yggdrasil network, set your DNS to `200:6713:b624:259:9729:86d5:3233:fa9b`.**
23 Currently 0x00 requires a DNS resolver that resolves the [Alfis](https://github.com/Revertron/Alfis/) name system and a connection to the yggdrasil network. This server runs an Alfis/OpenDNS/ICANN resolver at `200:6713:b624:259:9729:86d5:3233:fa9b` port 53, but you knew that.
25 Several more DNS resolvers that support Alfis are listed on the yggdrasil [services page](http://[319:3cf0:dd1d:47b9:20c:29ff:fe2c:39be]/).
27 Services not being accessible directly by IP is considered a bug and is tracked by http://gitea.0x00.ygg/syntaXerror/0x00/issues/4
33 kernelpanic.cafe is hosted from a shared server, so consider these all best effort. Please be nice, this isn't a very powerful machine.
35 - [Homepage](https://kernelpanic.cafe)
36 Homepage for the server. Maybe it's a blog maybe it's a wiki maybe it's maybelline.
38 DNS server resolves GitNS, OpenNIC, Alfis, and ICANN names, also includes adblocker.
39 - [gitea](https://gitea.kernelpanic.cafe)
40 Git forge. You are here, probably.
41 - [searx](https://searx.kernelpanic.cafe)
42 Configurable metasearch engine. Be sure to try my [smallweb metasearch](https://searx.kernelpanic.cafe/search?category_smolweb=on) out.
43 - [mumble](https://mumble.kernelpanic.cafe)
44 Low-latency high-quality voice chat. High-bitrate enabled.
45 - [jitsi](https://jitsi.kernelpanic.cafe)
46 Voice and Video chat, supports end to end encryption.
47 - [Gemini capsule](gemini://kernelpanic.cafe)
48 Gemini is a new internet protocol which:
49 - Is heavier than gopher
50 - Is lighter than the web
51 - Will not replace either
52 - Strives for maximum power to weight ratio
53 - Takes user privacy very seriously
54 - [Fileserver](https://warez.kernelpanic.cafe)
56 - [invidious](https://invidious.kernelpanic.cafe)
57 Alternative youtube frontend
58 - [nitter](https://nitter.kernelpanic.cafe)
59 Alternative twitter frontend
60 - [libreddit](https://libreddit.kernelpanic.cafe)
61 Alternative reddit frontend
63 `matrix.kernelpanic.cafe`
64 - [element-web](https://element.kernelpanic.cafe)
66 - [plik](https://plik.kernelpanic.cafe)
67 Temporary file uploads. Supports many features and `curl` upload/downloads.
68 - [twtxt](https://twtxt.kernelpanic.cafe)
69 Distributed microblogging. [GH-twtxt](https://github.com/buckket/twtxt)
71 Feel free to peer. No uptime guarantees.
72 - [yoshiki mirror](https://yoshiki.kernelpanic.cafe)
73 My backup of a github archive.
75 ## Authenticated Services
77 Only the cool kids get to use these.
79 - kernelpanic.cafe mailserver
80 Email addresses defined in ./profiles/mail.nix
81 - [jellyfin](https://jellyfin.kernelpanic.cafe)
82 Jellyfin is a suite of multimedia applications designed to organize, manage, and share digital media files to networked devices.
83 - [navidrome](https://navidrome.kernelpanic.cafe)
84 Subsonic compatible music server.
85 - [syncthing](https://syncthing.kernelpanic.cafe)
86 Magical p2p cloud thing "it just works" whatever you know what syncthing is and if not then [lmstfy](https://searx.kernelpanic.cafe/search?q=syncthing).
88 [GH-charm](https://github.com/charmbracelet/charm)/[GH-skate](https://github.com/charmbracelet/skate)
89 Charm is a set of tools that makes adding a backend to your terminal-based applications fun and easy. Quickly build modern CLI applications without worrying about user accounts, data storage and encryption.
90 - [magnetico](https://magnetico.kernelpanic.cafe)
91 Watches the bittorrent DHT to see what torrents people are searching for.
92 - [jackett](https://jackett.kernelpanic.cafe)
93 bittorrent metasearch engine.
95 Six unlisted websites/wikis hosted here. You know who you are.
99 Disabled to make room for others. TBH without matrix I'd be able to turn all of these back on. New computer coming soon (tm)
101 - [peertube](https://peertube.kernelpanic.cafe)
102 Federated video uploads
103 - [calibre](https://calibre.kernelpanic.cafe)
104 ebook library and reader
106 NNCP (Node to Node copy) is a collection of utilities simplifying secure store-and-forward files, mail and command exchanging. This utilities are intended to help build up small size (dozens of nodes) ad-hoc friend-to-friend (F2F) statically routed darknet delay-tolerant networks for fire-and-forget secure reliable files, file requests, Internet mail and commands transmission. All packets are integrity checked, end-to-end encrypted, explicitly authenticated by known participants public keys. Onion encryption is applied to relayed packets. Each node acts both as a client and server, can use push and poll behaviour model. Also there is multicasting areas support.
107 - [archivebox](https://archivebox.kernelpanic.cafe)
108 Takes URLs/browser history/bookmarks/Pocket/Pinboard/etc., saves WARC, HTML, JS, PDFs, media, and more...
109 - [netdata](https://netdata.kernelpanic.cafe)
110 Numbers and graphs are l33t
111 - [white board online](https://whiteboard.kernelpanic.cafe)
112 Collaborative whiteboard. Public/Private boards.
113 - [transmission](https://transmission.kernelpanic.cafe)
115 - [radarr](https://radarr.kernelpanic.cafe)
116 Movie library management
117 - [sonarr](https://sonarr.kernelpanic.cafe)
118 TV library management
119 - [lidarr](https://lidarr.kernelpanic.cafe)
120 Music library management
121 - [bazarr](https://bazarr.kernelpanic.cafe)
122 Automatic subtitle downloader
123 - [prowlarr](https://prowlarr.kernelpanic.cafe)
124 Bittorrent tracker management and syncrhonization
125 - [gotify](https://gotify.kernelpanic.cafe)
126 a simple server for sending and receiving messages
127 - [icecast](https://icecast.kernelpanic.cafe)
128 internet radio server
130 Bot that plays music in [mumble](mumble://mumble.kernelpanic.cafe).
135 UI levels: How much manual configuration is required.
136 Sensible defaults should push most services towards a 0 UI level.
138 0: Zero configuration. Uncomment profile, get service.
140 1: Optional configuration. Defaults will work, but may be suboptimal. For example the remote server may be far away or overloaded.
142 2: Minimal configuration. A few simple items. Username, domain name, etc.
144 3: Extra configuration. Simple, but with a larger number of items than minimal. Should be easy, but may take some time.
146 4: Greybeard configuration. Service may require technical knowledge, search engines, and a free afternoon.
149 Purity: How much configuration is done outside of version controlled files. Otherwise known as state.
151 0: Nix or nothing. Boot your system directly from git.
153 1: Minimally impure. May require the first/admin user to be created.
155 2: Allergic to config files and command line flags. Requires significant imperitave configuration of the service.
159 A goal is to reduce manual configuration and impurities to zero, so even though a module may be listed as "complete", work won't stop until UX/Purity are at 0/0.
161 Additionally, many profiles with a high purity and low UX may have the ability to run from configuration files or command-line flags but this hasn't been implemented in nix yet. Feel free to submit PRs.
164 Status: Exploratory. Service running at adguard.${fqdn}, not integrated with DNS stack.
165 Profile: ./profiles/adguard.nix
168 Source: [https://github.com/AdguardTeam/AdGuardHome/](https://github.com/AdguardTeam/AdGuardHome/)
170 Ad and tracking blackhole. Looks to be highly impure, may have to just download the blackhole lists without using the whole adguard service. Full-network blocking is a nice to have but focusing on local resolution first. This probably isn't the correct place to run your network-wide nameserver, anyway.
174 Profile: ./profiles/alfis.nix
177 Source: [https://github.com/Revertron/Alfis/](https://github.com/Revertron/Alfis/)
179 Lightweight peer-to-peer DNS service. Open GUI, get domain name. This one is really cool, don't miss it. Mining your initial key may take 1-2 days on older hardware, but subsequent updates have a much lower difficulty level.
183 Profile: ./profiles/alias.nix
186 Source: [./profiles/alias.nix](./profiles/alias.nix)
188 Many aliases to save keystrokes or add more sensible defaults are available, see [./profiles/alias.nix](./profiles/alias.nix) for details.
192 Profile: ./profiles/android.nix
195 ADB is a debugger for android.
196 Source: [https://source.android.com/](https://source.android.com/)
200 Profile: ./robotnix/bonito.nix
203 Source: [https://github.com/danielfullmer/robotnix](https://github.com/danielfullmer/robotnix)
205 Custom android build for your node, thanks to [robotnix](https://github.com/danielfullmer/robotnix). Big plans for this.
209 Profile: ./profiles/avahi.nix
212 Source: [/home/cw/0x00/profiles/avahi.nix](/home/cw/0x00/profiles/avahi.nix)
214 WIP. Broadcast your domain names on the local network. Not sure if it works at all for non-".local" domains. Needs experimentation.
216 ## Cryptocurrency Wallets
218 Profile: ./profiles/cryptocurrency.nix
221 Source: [/home/cw/0x00/profiles/cryptocurrency.nix](/home/cw/0x00/profiles/cryptocurrency.nix)
223 Too many bitcoin wallets, need to trim a few off. Supports Trezor (open source hardware wallet), bitcoin(+cash), monero, and namecoin.
227 Profile: ./profiles/calibre.nix
230 Source: [https://github.com/janeczku/calibre-web](https://github.com/janeczku/calibre-web)
232 Ebook reader/manager with webserver.
235 Status: Server done, client needs a wrapper for the binary that points at the server.
236 Profile: ./profiles/charm.nix
239 Source: [https://github.com/charmbracelet/charm](https://github.com/charmbracelet/charm)
241 "Charm is a set of tools that makes adding a backend to your terminal-based applications fun and easy. Quickly build modern CLI applications without worrying about user accounts, data storage and encryption."
243 It's a pretty slick tool. Check it (and skate) on Github
245 [Charm](https://github.com/charmbracelet/charm)
246 [Skate](https://github.com/charmbracelet/skate)
249 Profile: ./profiles/fonts.nix
251 We got em. Nerdfonts are huge (~2G) and inevitably require upload/download from horrible connections and/or at the worst time.
254 Status: Clients Complete, Server WIP.
255 Profile: ./profiles/gemini.nix
258 Source: [https://gemini.circumlunar.space](https://gemini.circumlunar.space)
260 CLI, TUI, GUI clients are available.
262 Gemini is a new internet protocol which:
263 - Is heavier than gopher
264 - Is lighter than the web
265 - Will not replace either
266 - Strives for maximum power to weight ratio
267 - Takes user privacy very seriously
271 Profile: ./profiles/gitea.nix
274 Source: [https://github.com/go-gitea/gitea](https://github.com/go-gitea/gitea)
276 Probably where you're reading this. Lightweight, but still familiar.
278 ## Encrypted pastebin
282 There's a bunch of these types of things. 0bin, hedgedoc, and many others. A few of them kinda work but none have been evaluated on their merits.
286 Profile: ./profiles/warez.nix
289 Source: [/home/cw/0x00/profiles/warez.nix](/home/cw/0x00/profiles/warez.nix)
291 Users in group 'warez' can drop files in /var/www/warez/ to make them available at warez.${fqdn}.
292 Next step is giving users their own subdomain for files.
296 Profile: ./profiles/u2f.nix
299 Source: [/home/cw/spacenix/profiles/u2f.nix](/home/cw/spacenix/profiles/u2f.nix)
301 Supports using U2F/Fido2/webauthn tokens such as the trezor to log into your system, ssh, sudo, and as 2fa for webservices (gitea).
305 Profile: ./profiles/invidious.nix
308 Source: [https://github.com/iv-org/invidious](https://github.com/iv-org/invidious)
310 Alternate youtube frontend. Lightweight, ad-free, tracking free, javascript not required, audio only mode, and much more. Can subscribe to channels independent from google. Supported by the sponsorblock firefox plugin. It's available at invidious.${fqdn}, don't miss it.
314 Profile: ./profiles/jellyfin.nix
317 Source: [https://github.com/jellyfin/jellyfin](https://github.com/jellyfin/jellyfin)
319 Powerful media player with remote control and android clients. Supports synced playback with other clients over LAN or internet. Looks really nice, but playback/transcoding can be finnicky. Maybe [ffmpegfs](https://github.com/nschlia/ffmpegfs) can help smooth things out.
323 Profile: ./profiles/jitsi.nix
326 Source: [https://github.com/jitsi/jitsi-meet](https://github.com/jitsi/jitsi-meet)
328 Video chat service supporting end-to-end encryption. Zoom alternative.
332 Profile: ./profiles/libreddit.nix
335 Source: [https://github.com/spikecodes/libreddit](https://github.com/spikecodes/libreddit)
337 Alternative reddit frontend. Lightweight, JS not required, and no trackers/ads. Eliminates the reddit.com dark patterns.
340 Status: Server complete, webmail and desktop clients WIP.
341 Profile: ./profiles/mail.nix
344 Source: [/home/cw/0x00/profiles/mail.nix](/home/cw/0x00/profiles/mail.nix)
346 Email server. May require DNS configuration. Doesn't automatically update alfis... yet.
349 Status: Needs ezstreamer or sth
350 Profile: ./profiles/icecast.nix
358 Profile: ./profiles/matrix.nix
361 Source: [https://github.com/matrix-org/synapse](https://github.com/matrix-org/synapse)
363 Matrix is an eventually-consistent system for federated state exhange. Or a chat/voip system. New apps like forums/social media/webpage commenting(a la disqus) are being built on matrix backends, and bridging to other messaging services are first-class here.
365 Synapse is a first-generation homeserver for matrix. It needs PAM integration via [https://github.com/14mRh4X0r/matrix-synapse-pam](https://github.com/14mRh4X0r/matrix-synapse-pam) so that system users can be created with nixos-magic, but this isn't implemented yet.
369 Profile: ./profiles/mumble.nix
373 Mumble is a low-latency voice chat service. Included is a radio bot to play music from your music library.
377 Profile: ./profiles/nncp.nix
380 Source: [http://www.nncpgo.org/Tarballs.html](http://www.nncpgo.org/Tarballs.html)
382 Node to Node copy is a collection of utilities simplifying secure store-and-forward files, mail and command exchanging.
383 This utilities are intended to help build up small size (dozens of nodes) ad-hoc friend-to-friend (F2F) statically routed darknet delay-tolerant networks for fire-and-forget secure reliable files, file requests, Internet mail and commands transmission. All packets are integrity checked, end-to-end encrypted, explicitly authenticated by known participants public keys. Onion encryption is applied to relayed packets. Each node acts both as a client and server, can use push and poll behaviour model. Also there is multicasting areas support.
385 Out-of-box offline sneakernet/floppynet, dead drops, sequential and append-only CD-ROM/tape storages, air-gapped computers support. But online TCP daemon with full-duplex resumable data transmission exists.
389 Profile: ./profiles/nix-bitcoin.nix
392 Source: [https://github.com/btcpayserver/btcpayserver](https://github.com/btcpayserver/btcpayserver)
394 A self-hosted cryptocurrency payment processor and storefront with lightning network support and hardware wallet integration.
398 Profile: ./profiles/nix-bitcoin.nix
401 Source: [https://github.com/fort-nix/nix-bitcoin](https://github.com/fort-nix/nix-bitcoin)
403 nix-bitcoin is a collection of Nix packages and NixOS modules for easily installing full-featured Bitcoin nodes with an emphasis on security.
405 Check [github](https://github.com/fort-nix/nix-bitcoin) for the long list of features.
409 Profile: ./profiles/nodeinfo.nix
412 Source: [/home/cw/0x00/profiles/nodeinfo.nix](/home/cw/0x00/profiles/nodeinfo.nix)
414 Directory for webservices on your computer. Like a start menu but for things in your browser, built automatically (soon).
418 Profile: ./profiles/peertube.nix
421 Source: [https://github.com/Chocobozzz/PeerTube](https://github.com/Chocobozzz/PeerTube)
423 Federated video server that supports webtorrent for load distribution. Be part of a network of multiple small federated, interoperable video hosting providers. Follow video creators and create videos. No vendor lock-in. All on a platform that is community-owned and ad-free.
425 ## pelican site generator
427 Profile: ./profiles/pelican.nix
431 Pelican is a static site generator that takes markdown and builds something normies care about. The profile automatically rebuilds your site on any updates to the source markdown. It's in syncthing for easy editing from any computer or phone.
435 Profile: ./profiles/plik.nix
438 Source: [https://github.com/root-gg/plik](https://github.com/root-gg/plik)
440 Featureful temporary file upload service that supports command-line (curl) or browser interfaces. Aditional features such as self-destructing files and streaming files directly from uploader to downloader (nothing stored on server). Thunderbird addon for uploading attachments to plik is available [here](https://gitlab.com/joendres/filelink-plik).
450 Power-save mode that includes tlp, upower, throttled, powertop, and cpu frequency governor.
452 ## Installation/Recovery disk
454 Profile: ./profiles/recovery.nix
457 Source: [/home/cw/0x00/profiles/recovery.nix](/home/cw/0x00/profiles/recovery.nix)
459 Disk with a full suite of software to fix a broken computer, intall the operating system, and in general for tech work. Can also be used as a usb-bootable server if you need to temporarily host some services. For the full list of available software, see the profile.
463 Profile: ./profiles/searx.nix
466 Source: [https://github.com/searx/searx](https://github.com/searx/searx)
468 Privacy-respecting, extensible, and configurable metasearch engine.
472 Profile: ./profiles/zsh-starship.nix
475 Source: [/home/cw/0x00/profiles/zsh-starship.nix](/home/cw/0x00/profiles/zsh-starship.nix)
477 zsh+oh-my-zsh+starship is default. [Powerlevel10k](/home/cw/0x00/profiles/zsh-p10k.nix) is also available.
481 Profile: ./profiles/syncthing.nix
484 Source: [https://github.com/syncthing/syncthing](https://github.com/syncthing/syncthing)
486 P2P file sync service. Works imperitavely, but declarative syncthing looks ugly. Need a nix way to generate syncthing IDs from keys.
488 ## Tiling Window Manager
496 Tiling WMs are default. i3/xfce is complete, but I am not a big fan of bismuth for kde.
506 Distributed microblogging.
516 Collaborative online whiteboard.
526 Yggdrasil is an overlay network implementation of a new routing scheme for mesh networks. It is designed to be a future-proof decentralised alternative to the structured routing protocols commonly used today on the Internet and other networks. The highlights of Yggdrasil are that it is:
528 Supports large, complex or even internet-scale topologies
531 Network responds quickly to connection failures or mobility events
534 Traffic sent across the network is always fully end-to-end encrypted
537 Works entirely ad-hoc by design with no built-in points of centralisation
539 - Publicly reachable, static IPs.
540 No NATs or firewalls to interfere with nodes connecting directly to each other. IPs are static regardless of where on the network a node connects.
548 Yggmail is a single-binary all-in-one mail transfer agent which sends and receives email natively over the Yggdrasil Network.
550 Yggmail runs just about anywhere you like — your inbox is stored right on your own machine;
551 Implements IMAP and SMTP protocols for sending and receiving mail, so you can use your favourite client (hopefully);
552 Mails are exchanged between Yggmail users using built-in Yggdrasil connectivity;
553 All mail exchange traffic between any two Yggmail nodes is always end-to-end encrypted without exception;
554 Yggdrasil and Yggmail nodes on the same network are discovered automatically using multicast or you can configure a static Yggdrasil peer.
566 Implements a yggdrasil hotspot as described [here](https://gitea.kernelpanic.cafe/cw/errata/src/branch/master/yggspot.md).
570 If you aim for the stars, the worst that could happen is that you blow up on the launch pad.
574 Open source from the silicon to the network. Excited about RISC-V.
578 Minimize resource use
582 You should be able to log into your personalized system running locally on any other computer by simply entering user@domain on login.
586 Your system configuration and data, including encrypted data, should be restorable from a single private key like a BIP39 seed on any fresh computer.
590 Usernames and passwords suck. Skip them whenever possible.
594 Plaintext files are extraordinarily powerful for users of your program:
595 - These can be edited by hand or programmatically
596 - searching/indexing local text files happens faster than any web search
597 - You don't need any special software on any platform
601 The client-server paradigm should be migrated to a peer-to-peer model as much as possible. Servers should be able to run on your old computers, instead of throwing them out.
605 Old technologies are worth revisiting or remixing with new technologies. Ex: Yggdrasil gives every computer a public, static, IP with end-to-end encrypted traffic, regardless of where they connect to the network. This plus Alfis allows every computer to run it's own email server on it's own domain name.
607 ## Minimize Manual Configuration
609 Manual configuration should be minimized with sensible defaults, but never at the expense of personalization.
613 Do things differently, but don't cling to them for novelty's sake if they don't work out.
615 # NOT INTENDED FOR PUBLIC RELEASE
617 The repository is made public to send snippets to others that may be intersted in the project, but it should currently be considered pre-alpha and is not currently intended for public release. Documentation is zero and it should currently be considered unstable as development happens on the public server so some services listed below (or the entire server) may have intermittent availability.
619 That said the developer uses it on his daily-driver and it should run fine with only a minimal amount of manual configuration. Feel free to contact me on email `echo "sy@Xiuliejblrs.sbni" | tr subterminalXjoy crablikefunkpow` or matrix `echo "@sy:Xiuliejblrs.sbni" | tr subterminalXjoy crablikefunkpow` and I can help you get running quickly.
621 # Using this node (lol)
623 **TL;DR From after connecting to the yggdrasil network, set your DNS to `200:6713:b624:259:9729:86d5:3233:fa9b`.**
625 Currently 0x00 requires a DNS resolver that resolves the [Alfis](https://github.com/Revertron/Alfis/) name system and a connection to the yggdrasil network. This server runs an Alfis/OpenDNS/ICANN resolver at `200:6713:b624:259:9729:86d5:3233:fa9b` port 53, but you knew that.
627 Several more DNS resolvers that support Alfis are listed on the yggdrasil [services page](http://[319:3cf0:dd1d:47b9:20c:29ff:fe2c:39be]/).
629 Services not being accessible directly by IP is considered a bug and is tracked by http://gitea.0x00.ygg/syntaXerror/0x00/issues/4
633 Several shells are supported including:
635 - zsh+oh-my-zsh+(p10k/starship)
637 You get a load of timesaving aliases in ./profiles/alias.nix.
638 These probably need some pruning, and the functions in ./.alias need nixification.
640 Several DE/WM combos are supported including:
642 - plasma5+bismuth (tiling WM plugin)
646 - [gemget](https://github.com/makeworld-the-better-one/gemget/)
647 Like `curl` for geminispace.
649 - [amfora](https://github.com/makeworld-the-better-one/amfora)
650 TUI browser for gemini.
652 - [lagrange](https://github.com/skyjake/lagrange)
653 Full featured GUI browser for gemini. Lagrange is only built if xserver is enabled.
657 The first user created in gitea is admin, so make that user asap after enabling the service.