repomaa/nixos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: repomaa:b4caf86628942c7ecd3dfecd60fe7ec2f8e6c10e
Branches Tags
repomaa:main repomaa:tech/native-immich-module repomaa:refactor
...
compare: repomaa:main
Branches Tags
repomaa:main repomaa:tech/native-immich-module repomaa:refactor

12 Commits
b4caf86628 ... main

Author SHA1 Message Date
Joakim Repomaa
1fd39f6c3f remove unused inputs
Some checks failed
Build Images / build (push) Failing after 11s
Details
Check / check (push) Successful in 4m21s
Details
2026-03-07 13:33:52 +02:00
Joakim Repomaa
86ebfee8e4 setup podman 2026-03-07 13:33:52 +02:00
Joakim Repomaa
182459dd24 fix gitea image registry 2026-03-07 13:33:52 +02:00
Joakim Repomaa
a833701fdb remove home assistant 2026-03-07 13:33:52 +02:00
Joakim Repomaa
8aa474ff08 fix gitea runner 2026-03-07 13:33:52 +02:00
Joakim Repomaa
9db214a1c5 fix invidious 2026-03-07 13:33:52 +02:00
Joakim Repomaa
76b7065493 allow x86 emulation on freun-dev 2026-03-07 13:33:52 +02:00
Joakim Repomaa
efe6863358 fix synthing 2026-03-07 13:33:52 +02:00
Joakim Repomaa
e0c1a457b0 update flake inputs 2026-03-07 13:33:51 +02:00
Joakim Repomaa
e3dfbf251f rekey secrets 2026-03-07 13:33:51 +02:00
Joakim Repomaa
2358ea6dcd apu local dhcp lease dns and invidious 2026-03-07 13:33:51 +02:00
Joakim Repomaa
88246d0b0a setup niri 2026-03-07 13:33:51 +02:00
51 changed files with 1362 additions and 402 deletions
Expand all files Collapse all files

107
flake.lock generated
View File

@@ -49,11 +49,11 @@
},
"crane": {
"locked": {
"lastModified": 1771121070,
"narHash": "sha256-aIlv7FRXF9q70DNJPI237dEDAznSKaXmL5lfK/Id/bI=",
"lastModified": 1771796463,
"narHash": "sha256-9bCDuUzpwJXcHMQYMS1yNuzYMmKO/CCwCexpjWOl62I=",
"owner": "ipetkov",
"repo": "crane",
"rev": "a2812c19f1ed2e5ed5ce2ef7109798b575c180e1",
"rev": "3d3de3313e263e04894f284ac18177bd26169bad",
"type": "github"
},
"original": {
@@ -87,11 +87,11 @@
"dnote": {
"flake": false,
"locked": {
"lastModified": 1765604939,
"narHash": "sha256-5+grN/dsqRRFzUkz6ksvuEhgi4lYq64Rd0fejqzz8/Y=",
"lastModified": 1772691105,
"narHash": "sha256-RC18Gi3/dagBitZIRIuPwIokk6pwwv+ZpawLTXSJ18c=",
"owner": "dnote",
"repo": "dnote",
"rev": "9fa312e3fc6139788533ca6cd1ada8c16a10519c",
"rev": "f34a96abbe47e8b516ea7cac2bdec06c64c01493",
"type": "github"
},
"original": {
@@ -137,11 +137,11 @@
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1769996383,
"narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=",
"lastModified": 1772408722,
"narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "57928607ea566b5db3ad13af0e57e921e6b12381",
"rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3",
"type": "github"
},
"original": {
@@ -273,6 +273,24 @@
"type": "github"
}
},
"flake-utils_6": {
"inputs": {
"systems": "systems_6"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"frontend": {
"inputs": {
"flake-utils": "flake-utils_2",
@@ -386,11 +404,11 @@
]
},
"locked": {
"lastModified": 1770260404,
"narHash": "sha256-3iVX1+7YUIt23hBx1WZsUllhbmP2EnXrV8tCRbLxHc8=",
"lastModified": 1772633058,
"narHash": "sha256-SO7JapRy2HPhgmqiLbfnW1kMx5rakPMKZ9z3wtRLQjI=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "0d782ee42c86b196acff08acfbf41bb7d13eed5b",
"rev": "080657a04188aca25f8a6c70a0fb2ea7e37f1865",
"type": "github"
},
"original": {
@@ -445,11 +463,11 @@
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1771492583,
"narHash": "sha256-nQzvnU4BGu8dA6BsPPCqmVcab/3ebVmHtX3ZWbW3Hxc=",
"lastModified": 1772216104,
"narHash": "sha256-1TnGN26vnCEQk5m4AavJZxGZTb/6aZyphemRPRwFUfs=",
"owner": "nix-community",
"repo": "lanzaboote",
"rev": "5e9380994665ef66c87ab8e22c913ff837174ce4",
"rev": "dbe5112de965bbbbff9f0729a9789c20a65ab047",
"type": "github"
},
"original": {
@@ -481,11 +499,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1771423359,
"narHash": "sha256-yRKJ7gpVmXbX2ZcA8nFi6CMPkJXZGjie2unsiMzj3Ig=",
"lastModified": 1771969195,
"narHash": "sha256-qwcDBtrRvJbrrnv1lf/pREQi8t2hWZxVAyeMo7/E9sw=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "740a22363033e9f1bb6270fbfb5a9574067af15b",
"rev": "41c6b421bdc301b2624486e11905c9af7b8ec68e",
"type": "github"
},
"original": {
@@ -513,11 +531,11 @@
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1769909678,
"narHash": "sha256-cBEymOf4/o3FD5AZnzC3J9hLbiZ+QDT/KDuyHXVJOpM=",
"lastModified": 1772328832,
"narHash": "sha256-e+/T/pmEkLP6BHhYjx6GmwP5ivonQQn0bJdH9YrRB+Q=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "72716169fe93074c333e8d0173151350670b824c",
"rev": "c185c7a5e5dd8f9add5b2f8ebeff00888b070742",
"type": "github"
},
"original": {
@@ -552,11 +570,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1771369470,
"narHash": "sha256-0NBlEBKkN3lufyvFegY4TYv5mCNHbi5OmBDrzihbBMQ=",
"lastModified": 1772624091,
"narHash": "sha256-QKyJ0QGWBn6r0invrMAK8dmJoBYWoOWy7lN+UHzW1jc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "0182a361324364ae3f436a63005877674cf45efb",
"rev": "80bdc1e5ce51f56b19791b52b2901187931f5353",
"type": "github"
},
"original": {
@@ -584,11 +602,11 @@
},
"nixpkgs_3": {
"locked": {
"lastModified": 1771008912,
"narHash": "sha256-gf2AmWVTs8lEq7z/3ZAsgnZDhWIckkb+ZnAo5RzSxJg=",
"lastModified": 1771848320,
"narHash": "sha256-0MAd+0mun3K/Ns8JATeHT1sX28faLII5hVLq0L3BdZU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a82ccc39b39b621151d6732718e3e250109076fa",
"rev": "2fc6539b481e1d2569f25f8799236694180c0993",
"type": "github"
},
"original": {
@@ -600,11 +618,11 @@
},
"nixpkgs_4": {
"locked": {
"lastModified": 1771419570,
"narHash": "sha256-bxAlQgre3pcQcaRUm/8A0v/X8d2nhfraWSFqVmMcBcU=",
"lastModified": 1772598333,
"narHash": "sha256-YaHht/C35INEX3DeJQNWjNaTcPjYmBwwjFJ2jdtr+5U=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "6d41bc27aaf7b6a3ba6b169db3bd5d6159cfaa47",
"rev": "fabb8c9deee281e50b1065002c9828f2cf7b2239",
"type": "github"
},
"original": {
@@ -643,11 +661,11 @@
]
},
"locked": {
"lastModified": 1770726378,
"narHash": "sha256-kck+vIbGOaM/dHea7aTBxdFYpeUl/jHOy5W3eyRvVx8=",
"lastModified": 1771858127,
"narHash": "sha256-Gtre9YoYl3n25tJH2AoSdjuwcqij5CPxL3U3xysYD08=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "5eaaedde414f6eb1aea8b8525c466dc37bba95ae",
"rev": "49bbbfc218bf3856dfa631cead3b052d78248b83",
"type": "github"
},
"original": {
@@ -687,11 +705,11 @@
]
},
"locked": {
"lastModified": 1771125043,
"narHash": "sha256-ldf/s49n6rOAxl7pYLJGGS1N/assoHkCOWdEdLyNZkc=",
"lastModified": 1771988922,
"narHash": "sha256-Fc6FHXtfEkLtuVJzd0B6tFYMhmcPLuxr90rWfb/2jtQ=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "4912f951a26dc8142b176be2c2ad834319dc06e8",
"rev": "f4443dc3f0b6c5e6b77d923156943ce816d1fcb9",
"type": "github"
},
"original": {
@@ -807,6 +825,21 @@
"type": "github"
}
},
"systems_6": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"tonearm": {
"inputs": {
"flake-utils": "flake-utils_5",
@@ -875,7 +908,7 @@
},
"voxtype": {
"inputs": {
"flake-utils": "flake-utils_7",
"flake-utils": "flake-utils_6",
"nixpkgs": [
"nixpkgs-unstable"
]

179
home/common/default.nix
View File

@@ -1,5 +1,6 @@
{
config,
osConfig,
lib,
pkgs,
pkgs-unstable,
@@ -29,7 +30,9 @@
# release notes.
home.stateVersion = "23.11"; # Please read the comment before changing.
home.packages = with pkgs; [
home.packages =
with pkgs;
[
htop
gnupg
pkgs-unstable.yubioath-flutter
@@ -42,7 +45,9 @@
source-sans-pro
mosh
docker-compose
signal-desktop
(signal-desktop.override {
commandLineArgs = "--password-store=gnome-libsecret";
})
cargo
blanket
wl-clipboard
@@ -96,6 +101,8 @@
'')
pkgs-unstable.tidal-hifi
inputs.tonearm.packages.${pkgs.stdenv.hostPlatform.system}.tonearm
blueman
pavucontrol
(writeShellScriptBin "voxtoggle" ''
status=$(${lib.getExe config.programs.voxtype.package} status)
pid=$(cat ''${XDG_RUNTIME_DIR}/voxtype/pid)
@@ -108,9 +115,87 @@
kill -SIGUSR1 "$pid"
fi
'')
];
]
++ lib.optional osConfig.programs.niri.enable (
pkgs.writeShellScriptBin "handle-lid-close" ''
alias niri=${lib.getExe osConfig.programs.niri.package}
output_count=$(niri outputs | ${lib.getExe jq} -r 'length')
if [ "$output_count" -eq 1 ]; then
niri msg action spawn hyprlock
systemctl suspend
fi
''
);
programs = {
ashell = {
enable = true;
package = pkgs-unstable.ashell;
systemd = {
enable = true;
target = "graphical-session.target";
};
settings = {
modules = {
left = [ "Workspaces" ];
center = [ "WindowTitle" ];
right = [
"CustomNotifications"
"SystemInfo"
[
"Clock"
"Privacy"
"Settings"
]
];
};
settings = {
lock_cmd = "hyprlock &";
logout_cmd = "niri msg action quit";
audio_sinks_more_cmd = "pavucontrol -t 3";
audio_sources_more_cmd = "pavucontrol -t 4";
bluetooth_more_cmd = "blueman-manager";
CustomButton =
let
isDark = lib.getExe (
pkgs.writeShellScriptBin "is-dark" ''
gsettings get org.gnome.desktop.interface color-scheme | grep -q dark
''
);
toggleDark = lib.getExe (
pkgs.writeShellScriptBin "toggle-dark" ''
if ${isDark}; then
gsettings set org.gnome.desktop.interface color-scheme 'prefer-light'
else
gsettings set org.gnome.desktop.interface color-scheme 'prefer-dark'
fi
''
);
in
[
{
name = "Dark Mode";
icon = " ";
command = toggleDark;
status_command = isDark;
}
];
};
CustomModule = [
{
name = "CustomNotifications";
type = "Button";
icon = " ";
command = "swaync-client -t -sw";
listen_cmd = "swaync-client -swb";
icons."dnd.*" = " ";
alert = ".*notification";
}
];
};
};
nh = {
enable = true;
flake = self;
@@ -339,7 +424,6 @@
};
};
"apu" = {
hostname = "apu.tempel-vibes.ts.net";
user = "root";
};
};
@@ -441,6 +525,36 @@
enable = true;
defaultEditor = true;
};
hyprlock = {
enable = true;
package = pkgs-unstable.hyprlock;
settings = {
general = {
hide_cursor = true;
ignore_empty_input = true;
};
background = {
monitor = "";
path = "screenshot";
blur_passes = 3;
};
input-field = {
size = "20%, 5%";
monitor = "";
dots_center = true;
fade_on_empty = false;
rounding = 15;
shadow_passes = 2;
outline_thickness = 2;
placeholder_text = "Password...";
fail_text = "$PAMFAIL";
dots_spacing = "0.3";
position = "0, -20";
halign = "center";
valign = "center";
};
};
};
voxtype = {
enable = true;
@@ -633,7 +747,8 @@
#
# /etc/profiles/per-user/jokke/etc/profile.d/hm-session-vars.sh
#
systemd.user.sessionVariables = {
home.sessionVariables = {
NIXOS_OZONE_WL = 1;
NVIM_LISTEN_ADDRESS = "$XDG_RUNTIME_DIR/nvimsocket";
PAGER = "bat --paging=always --style=plain";
@@ -642,6 +757,9 @@
DO_NOT_TRACK = 1;
};
systemd.user.sessionVariables = lib.mapAttrs (_: v: toString v) config.home.sessionVariables;
programs.zsh.sessionVariables = config.home.sessionVariables;
home.shellAliases = {
_ = "sudo";
icr = "crystal i";
@@ -652,7 +770,54 @@
ls = "ls --color=auto";
};
services.gpg-agent = with pkgs; {
services = {
swaync = {
enable = true;
package = pkgs-unstable.swaynotificationcenter;
settings = {
scripts = {
focus-window =
let
jq = lib.getExe pkgs.jq;
niri = lib.getExe osConfig.programs.niri.package;
script = pkgs.writeShellScriptBin "swaync-focus-window" ''
set -e
APP_NAME="''${SWAYNC_APP_NAME:-}"
DESKTOP_ENTRY="''${SWAYNC_DESKTOP_ENTRY:-}"
APP_ID=""
if [[ -n "$DESKTOP_ENTRY" ]]; then
APP_ID="$DESKTOP_ENTRY"
elif [[ -n "$APP_NAME" ]]; then
APP_ID=$(echo "$APP_NAME" | tr '[:upper:]' '[:lower:]' | sed 's/ //g')
fi
[[ -z "$APP_ID" ]] && exit
# Find window ID for this app in niri and focus it
${jq} -r --arg app_id "$APP_ID" '.[] | select(.app_id | ascii_downcase | contains($app_id)) | .id' \
<(${niri} msg --json windows 2>/dev/null) | head -n1 | while read -r WINDOW_ID; do
if [[ -n "$WINDOW_ID" && "$WINDOW_ID" != "null" ]]; then
${niri} msg action focus-window --id "$WINDOW_ID"
fi
done
'';
in
{
exec = lib.getExe script;
run-on = "action";
};
};
};
};
gpg-agent = with pkgs; {
enable = true;
enableSshSupport = true;
pinentry.package = pinentry-gnome3;
};
};
services.walker = {
enable = true;
@@ -791,6 +956,8 @@
};
};
xdg.configFile."niri/config.kdl".source = ./dotfiles/niri.kdl;
gnome.automaticTimeZone = true;
gtk.enable = true;

641
home/common/dotfiles/niri.kdl Normal file
View File

@@ -0,0 +1,641 @@
// This config is in the KDL format: https://kdl.dev
// "/-" comments out the following node.
// Check the wiki for a full description of the configuration:
// https://niri-wm.github.io/niri/Configuration:-Introduction
// Input device configuration.
// Find the full list of options on the wiki:
// https://niri-wm.github.io/niri/Configuration:-Input
input {
keyboard {
xkb {
// You can set rules, model, layout, variant and options.
// For more information, see xkeyboard-config(7).
layout "us"
variant "altgr-intl"
// For example:
// layout "us,ru"
// options "grp:win_space_toggle,compose:ralt,ctrl:nocaps"
// If this section is empty, niri will fetch xkb settings
// from org.freedesktop.locale1. You can control these using
// localectl set-x11-keymap.
}
// Enable numlock on startup, omitting this setting disables it.
numlock
}
// Next sections include libinput settings.
// Omitting settings disables them, or leaves them at their default values.
// All commented-out settings here are examples, not defaults.
touchpad {
// off
tap
dwt
dwtp
// drag false
// drag-lock
natural-scroll
// accel-speed 0.2
// accel-profile "flat"
// scroll-method "two-finger"
// disabled-on-external-mouse
}
mouse {
// off
// natural-scroll
// accel-speed 0.2
// accel-profile "flat"
// scroll-method "no-scroll"
}
trackpoint {
// off
// natural-scroll
// accel-speed 0.2
// accel-profile "flat"
// scroll-method "on-button-down"
// scroll-button 273
// scroll-button-lock
// middle-emulation
}
// Uncomment this to make the mouse warp to the center of newly focused windows.
// warp-mouse-to-focus
// Focus windows and outputs automatically when moving the mouse into them.
// Setting max-scroll-amount="0%" makes it work only on windows already fully on screen.
focus-follows-mouse max-scroll-amount="10%"
}
// You can configure outputs by their name, which you can find
// by running `niri msg outputs` while inside a niri instance.
// The built-in laptop monitor is usually called "eDP-1".
// Find more information on the wiki:
// https://niri-wm.github.io/niri/Configuration:-Outputs
// Remember to uncomment the node by removing "/-"!
output "eDP-1" {
// Uncomment this line to disable this output.
// off
// Resolution and, optionally, refresh rate of the output.
// The format is "<width>x<height>" or "<width>x<height>@<refresh rate>".
// If the refresh rate is omitted, niri will pick the highest refresh rate
// for the resolution.
// If the mode is omitted altogether or is invalid, niri will pick one automatically.
// Run `niri msg outputs` while inside a niri instance to list all outputs and their modes.
// mode "1920x1080@120.030"
// You can use integer or fractional scale, for example use 1.5 for 150% scale.
scale 1.5
// Transform allows to rotate the output counter-clockwise, valid values are:
// normal, 90, 180, 270, flipped, flipped-90, flipped-180 and flipped-270.
// transform "normal"
// Position of the output in the global coordinate space.
// This affects directional monitor actions like "focus-monitor-left", and cursor movement.
// The cursor can only move between directly adjacent outputs.
// Output scale and rotation has to be taken into account for positioning:
// outputs are sized in logical, or scaled, pixels.
// For example, a 3840×2160 output with scale 2.0 will have a logical size of 1920×1080,
// so to put another output directly adjacent to it on the right, set its x to 1920.
// If the position is unset or results in an overlap, the output is instead placed
// automatically.
// position x=1280 y=0
}
output "DP-5" {
scale 1
}
output "DP-3" {
scale 1.2
}
// Settings that influence how windows are positioned and sized.
// Find more information on the wiki:
// https://niri-wm.github.io/niri/Configuration:-Layout
layout {
// Set gaps around windows in logical pixels.
gaps 5
// When to center a column when changing focus, options are:
// - "never", default behavior, focusing an off-screen column will keep at the left
// or right edge of the screen.
// - "always", the focused column will always be centered.
// - "on-overflow", focusing a column will center it if it doesn't fit
// together with the previously focused column.
center-focused-column "never"
// You can customize the widths that "switch-preset-column-width" (Mod+R) toggles between.
preset-column-widths {
// Proportion sets the width as a fraction of the output width, taking gaps into account.
// For example, you can perfectly fit four windows sized "proportion 0.25" on an output.
// The default preset widths are 1/3, 1/2 and 2/3 of the output.
proportion 0.33333
proportion 0.5
proportion 0.66667
// Fixed sets the width in logical pixels exactly.
// fixed 1920
}
// You can also customize the heights that "switch-preset-window-height" (Mod+Shift+R) toggles between.
// preset-window-heights { }
// You can change the default width of the new windows.
default-column-width { proportion 0.5; }
// If you leave the brackets empty, the windows themselves will decide their initial width.
// default-column-width {}
// By default focus ring and border are rendered as a solid background rectangle
// behind windows. That is, they will show up through semitransparent windows.
// This is because windows using client-side decorations can have an arbitrary shape.
//
// If you don't like that, you should uncomment `prefer-no-csd` below.
// Niri will draw focus ring and border *around* windows that agree to omit their
// client-side decorations.
//
// Alternatively, you can override it with a window rule called
// `draw-border-with-background`.
// You can change how the focus ring looks.
focus-ring {
// Uncomment this line to disable the focus ring.
// off
// How many logical pixels the ring extends out from the windows.
width 4
// Colors can be set in a variety of ways:
// - CSS named colors: "red"
// - RGB hex: "#rgb", "#rgba", "#rrggbb", "#rrggbbaa"
// - CSS-like notation: "rgb(255, 127, 0)", rgba(), hsl() and a few others.
// Color of the ring on the active monitor.
active-color "#7fc8ff"
// Color of the ring on inactive monitors.
//
// The focus ring only draws around the active window, so the only place
// where you can see its inactive-color is on other monitors.
inactive-color "#505050"
// You can also use gradients. They take precedence over solid colors.
// Gradients are rendered the same as CSS linear-gradient(angle, from, to).
// The angle is the same as in linear-gradient, and is optional,
// defaulting to 180 (top-to-bottom gradient).
// You can use any CSS linear-gradient tool on the web to set these up.
// Changing the color space is also supported, check the wiki for more info.
//
// active-gradient from="#80c8ff" to="#c7ff7f" angle=45
// You can also color the gradient relative to the entire view
// of the workspace, rather than relative to just the window itself.
// To do that, set relative-to="workspace-view".
//
// inactive-gradient from="#505050" to="#808080" angle=45 relative-to="workspace-view"
}
// You can also add a border. It's similar to the focus ring, but always visible.
border {
// The settings are the same as for the focus ring.
// If you enable the border, you probably want to disable the focus ring.
off
width 4
active-color "#ffc87f"
inactive-color "#505050"
// Color of the border around windows that request your attention.
urgent-color "#9b0000"
// Gradients can use a few different interpolation color spaces.
// For example, this is a pastel rainbow gradient via in="oklch longer hue".
//
// active-gradient from="#e5989b" to="#ffb4a2" angle=45 relative-to="workspace-view" in="oklch longer hue"
// inactive-gradient from="#505050" to="#808080" angle=45 relative-to="workspace-view"
}
// You can enable drop shadows for windows.
shadow {
// Uncomment the next line to enable shadows.
// on
// By default, the shadow draws only around its window, and not behind it.
// Uncomment this setting to make the shadow draw behind its window.
//
// Note that niri has no way of knowing about the CSD window corner
// radius. It has to assume that windows have square corners, leading to
// shadow artifacts inside the CSD rounded corners. This setting fixes
// those artifacts.
//
// However, instead you may want to set prefer-no-csd and/or
// geometry-corner-radius. Then, niri will know the corner radius and
// draw the shadow correctly, without having to draw it behind the
// window. These will also remove client-side shadows if the window
// draws any.
//
// draw-behind-window true
// You can change how shadows look. The values below are in logical
// pixels and match the CSS box-shadow properties.
// Softness controls the shadow blur radius.
softness 30
// Spread expands the shadow.
spread 5
// Offset moves the shadow relative to the window.
offset x=0 y=5
// You can also change the shadow color and opacity.
color "#0007"
}
// Struts shrink the area occupied by windows, similarly to layer-shell panels.
// You can think of them as a kind of outer gaps. They are set in logical pixels.
// Left and right struts will cause the next window to the side to always be visible.
// Top and bottom struts will simply add outer gaps in addition to the area occupied by
// layer-shell panels and regular gaps.
struts {
// left 64
// right 64
// top 64
// bottom 64
}
}
// Add lines like this to spawn processes at startup.
// Note that running niri as a session supports xdg-desktop-autostart,
// which may be more convenient to use.
// See the binds section below for more spawn examples.
//spawn-at-startup "systemctl start --user niri-session.target"
// To run a shell command (with variables, pipes, etc.), use spawn-sh-at-startup:
// spawn-sh-at-startup "qs -c ~/source/qs/MyAwesomeShell"
hotkey-overlay {
// Uncomment this line to disable the "Important Hotkeys" pop-up at startup.
skip-at-startup
}
// Uncomment this line to ask the clients to omit their client-side decorations if possible.
// If the client will specifically ask for CSD, the request will be honored.
// Additionally, clients will be informed that they are tiled, removing some client-side rounded corners.
// This option will also fix border/focus ring drawing behind some semitransparent windows.
// After enabling or disabling this, you need to restart the apps for this to take effect.
// prefer-no-csd
// You can change the path where screenshots are saved.
// A ~ at the front will be expanded to the home directory.
// The path is formatted with strftime(3) to give you the screenshot date and time.
screenshot-path "~/Pictures/Screenshots/Screenshot from %Y-%m-%d %H-%M-%S.png"
// You can also set this to null to disable saving screenshots to disk.
// screenshot-path null
// Animation settings.
// The wiki explains how to configure individual animations:
// https://niri-wm.github.io/niri/Configuration:-Animations
animations {
// Uncomment to turn off all animations.
// off
// Slow down all animations by this factor. Values below 1 speed them up instead.
// slowdown 3.0
}
// Window rules let you adjust behavior for individual windows.
// Find more information on the wiki:
// https://niri-wm.github.io/niri/Configuration:-Window-Rules
// Work around WezTerm's initial configure bug
// by setting an empty default-column-width.
window-rule {
// This regular expression is intentionally made as specific as possible,
// since this is the default config, and we want no false positives.
// You can get away with just app-id="wezterm" if you want.
match app-id=r#"^org\.wezfurlong\.wezterm$"#
default-column-width {}
}
// Open the Firefox picture-in-picture player as floating by default.
window-rule {
// This app-id regular expression will work for both:
// - host Firefox (app-id is "firefox")
// - Flatpak Firefox (app-id is "org.mozilla.firefox")
match app-id=r#"firefox$"# title="^Picture-in-Picture$"
open-floating true
}
// Example: block out two password managers from screen capture.
// (This example rule is commented out with a "/-" in front.)
/-window-rule {
match app-id=r#"^org\.keepassxc\.KeePassXC$"#
match app-id=r#"^org\.gnome\.World\.Secrets$"#
block-out-from "screen-capture"
// Use this instead if you want them visible on third-party screenshot tools.
// block-out-from "screencast"
}
// Example: enable rounded corners for all windows.
// (This example rule is commented out with a "/-" in front.)
window-rule {
geometry-corner-radius 14
clip-to-geometry true
}
binds {
// Keys consist of modifiers separated by + signs, followed by an XKB key name
// in the end. To find an XKB name for a particular key, you may use a program
// like wev.
//
// "Mod" is a special modifier equal to Super when running on a TTY, and to Alt
// when running as a winit window.
//
// Most actions that you can bind here can also be invoked programmatically with
// `niri msg action do-something`.
// Mod-Shift-/, which is usually the same as Mod-?,
// shows a list of important hotkeys.
Mod+Shift+Slash { show-hotkey-overlay; }
// Suggested binds for running programs: terminal, app launcher, screen locker.
Mod+Return hotkey-overlay-title="Open a Terminal: kitty" { spawn "kitty"; }
Mod+Z hotkey-overlay-title="Open a launcher: walker" { spawn "walker"; }
Mod+Space { spawn "voxtoggle"; }
Mod+Alt+L hotkey-overlay-title="Lock the Screen: hyprlock" { spawn "hyprlock"; }
// Use spawn-sh to run a shell command. Do this if you need pipes, multiple commands, etc.
// Note: the entire command goes as a single argument. It's passed verbatim to `sh -c`.
// For example, this is a standard bind to toggle the screen reader (orca).
// Super+Alt+S allow-when-locked=true hotkey-overlay-title=null { spawn-sh "pkill orca || exec orca"; }
// Example volume keys mappings for PipeWire & WirePlumber.
// The allow-when-locked=true property makes them work even when the session is locked.
// Using spawn-sh allows to pass multiple arguments together with the command.
// "-l 1.0" limits the volume to 100%.
XF86AudioRaiseVolume allow-when-locked=true { spawn-sh "wpctl set-volume @DEFAULT_AUDIO_SINK@ 0.1+ -l 1.0"; }
XF86AudioLowerVolume allow-when-locked=true { spawn-sh "wpctl set-volume @DEFAULT_AUDIO_SINK@ 0.1-"; }
XF86AudioMute allow-when-locked=true { spawn-sh "wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle"; }
XF86AudioMicMute allow-when-locked=true { spawn-sh "wpctl set-mute @DEFAULT_AUDIO_SOURCE@ toggle"; }
// Example media keys mapping using playerctl.
// This will work with any MPRIS-enabled media player.
XF86AudioPlay allow-when-locked=true { spawn-sh "playerctl play-pause"; }
XF86AudioStop allow-when-locked=true { spawn-sh "playerctl stop"; }
XF86AudioPrev allow-when-locked=true { spawn-sh "playerctl previous"; }
XF86AudioNext allow-when-locked=true { spawn-sh "playerctl next"; }
// Example brightness key mappings for brightnessctl.
// You can use regular spawn with multiple arguments too (to avoid going through "sh"),
// but you need to manually put each argument in separate "" quotes.
XF86MonBrightnessUp allow-when-locked=true { spawn "brightnessctl" "--class=backlight" "set" "+10%"; }
XF86MonBrightnessDown allow-when-locked=true { spawn "brightnessctl" "--class=backlight" "set" "10%-"; }
// Open/close the Overview: a zoomed-out view of workspaces and windows.
// You can also move the mouse into the top-left hot corner,
// or do a four-finger swipe up on a touchpad.
Mod+O repeat=false { toggle-overview; }
Mod+Backspace repeat=false { close-window; }
Mod+Left { focus-column-left; }
Mod+Down { focus-window-down; }
Mod+Up { focus-window-up; }
Mod+Right { focus-column-right; }
Mod+H { focus-column-left; }
Mod+J { focus-window-or-workspace-down; }
Mod+K { focus-window-or-workspace-up; }
Mod+L { focus-column-right; }
Mod+Shift+Left { move-column-left; }
Mod+Shift+Down { move-window-down; }
Mod+Shift+Up { move-window-up; }
Mod+Shift+Right { move-column-right; }
Mod+Shift+H { move-column-left; }
Mod+Shift+J { move-window-down-or-to-workspace-down; }
Mod+Shift+K { move-window-up-or-to-workspace-up; }
Mod+Shift+L { move-column-right; }
Mod+Home { focus-column-first; }
Mod+End { focus-column-last; }
Mod+Shift+Home { move-column-to-first; }
Mod+Shift+End { move-column-to-last; }
Mod+Ctrl+Left { focus-monitor-left; }
Mod+Ctrl+Down { focus-monitor-down; }
Mod+Ctrl+Up { focus-monitor-up; }
Mod+Ctrl+Right { focus-monitor-right; }
Mod+Ctrl+H { focus-monitor-left; }
Mod+Ctrl+J { focus-monitor-down; }
Mod+Ctrl+K { focus-monitor-up; }
Mod+Ctrl+L { focus-monitor-right; }
Mod+Shift+Ctrl+Left { move-column-to-monitor-left; }
Mod+Shift+Ctrl+Down { move-column-to-monitor-down; }
Mod+Shift+Ctrl+Up { move-column-to-monitor-up; }
Mod+Shift+Ctrl+Right { move-column-to-monitor-right; }
Mod+Shift+Ctrl+H { move-column-to-monitor-left; }
Mod+Shift+Ctrl+J { move-column-to-monitor-down; }
Mod+Shift+Ctrl+K { move-column-to-monitor-up; }
Mod+Shift+Ctrl+L { move-column-to-monitor-right; }
// Alternatively, there are commands to move just a single window:
// Mod+Shift+Ctrl+Left { move-window-to-monitor-left; }
// ...
// And you can also move a whole workspace to another monitor:
// Mod+Shift+Ctrl+Left { move-workspace-to-monitor-left; }
// ...
Mod+Page_Down { focus-workspace-down; }
Mod+Page_Up { focus-workspace-up; }
Mod+U { focus-workspace-down; }
Mod+I { focus-workspace-up; }
Mod+Ctrl+Page_Down { move-column-to-workspace-down; }
Mod+Ctrl+Page_Up { move-column-to-workspace-up; }
Mod+Ctrl+U { move-column-to-workspace-down; }
Mod+Ctrl+I { move-column-to-workspace-up; }
// Alternatively, there are commands to move just a single window:
// Mod+Ctrl+Page_Down { move-window-to-workspace-down; }
// ...
Mod+Shift+Page_Down { move-workspace-down; }
Mod+Shift+Page_Up { move-workspace-up; }
Mod+Shift+U { move-workspace-down; }
Mod+Shift+I { move-workspace-up; }
// You can bind mouse wheel scroll ticks using the following syntax.
// These binds will change direction based on the natural-scroll setting.
//
// To avoid scrolling through workspaces really fast, you can use
// the cooldown-ms property. The bind will be rate-limited to this value.
// You can set a cooldown on any bind, but it's most useful for the wheel.
Mod+WheelScrollDown cooldown-ms=150 { focus-workspace-down; }
Mod+WheelScrollUp cooldown-ms=150 { focus-workspace-up; }
Mod+Ctrl+WheelScrollDown cooldown-ms=150 { move-column-to-workspace-down; }
Mod+Ctrl+WheelScrollUp cooldown-ms=150 { move-column-to-workspace-up; }
Mod+WheelScrollRight { focus-column-right; }
Mod+WheelScrollLeft { focus-column-left; }
Mod+Ctrl+WheelScrollRight { move-column-right; }
Mod+Ctrl+WheelScrollLeft { move-column-left; }
// Usually scrolling up and down with Shift in applications results in
// horizontal scrolling; these binds replicate that.
Mod+Shift+WheelScrollDown { focus-column-right; }
Mod+Shift+WheelScrollUp { focus-column-left; }
Mod+Ctrl+Shift+WheelScrollDown { move-column-right; }
Mod+Ctrl+Shift+WheelScrollUp { move-column-left; }
// Similarly, you can bind touchpad scroll "ticks".
// Touchpad scrolling is continuous, so for these binds it is split into
// discrete intervals.
// These binds are also affected by touchpad's natural-scroll, so these
// example binds are "inverted", since we have natural-scroll enabled for
// touchpads by default.
// Mod+TouchpadScrollDown { spawn-sh "wpctl set-volume @DEFAULT_AUDIO_SINK@ 0.02+"; }
// Mod+TouchpadScrollUp { spawn-sh "wpctl set-volume @DEFAULT_AUDIO_SINK@ 0.02-"; }
// You can refer to workspaces by index. However, keep in mind that
// niri is a dynamic workspace system, so these commands are kind of
// "best effort". Trying to refer to a workspace index bigger than
// the current workspace count will instead refer to the bottommost
// (empty) workspace.
//
// For example, with 2 workspaces + 1 empty, indices 3, 4, 5 and so on
// will all refer to the 3rd workspace.
Mod+1 { focus-workspace 1; }
Mod+2 { focus-workspace 2; }
Mod+3 { focus-workspace 3; }
Mod+4 { focus-workspace 4; }
Mod+5 { focus-workspace 5; }
Mod+6 { focus-workspace 6; }
Mod+7 { focus-workspace 7; }
Mod+8 { focus-workspace 8; }
Mod+9 { focus-workspace 9; }
Mod+Shift+1 { move-column-to-workspace 1; }
Mod+Shift+2 { move-column-to-workspace 2; }
Mod+Shift+3 { move-column-to-workspace 3; }
Mod+Shift+4 { move-column-to-workspace 4; }
Mod+Shift+5 { move-column-to-workspace 5; }
Mod+Shift+6 { move-column-to-workspace 6; }
Mod+Shift+7 { move-column-to-workspace 7; }
Mod+Shift+8 { move-column-to-workspace 8; }
Mod+Shift+9 { move-column-to-workspace 9; }
// Alternatively, there are commands to move just a single window:
// Mod+Ctrl+1 { move-window-to-workspace 1; }
// Switches focus between the current and the previous workspace.
// Mod+Tab { focus-workspace-previous; }
// The following binds move the focused window in and out of a column.
// If the window is alone, they will consume it into the nearby column to the side.
// If the window is already in a column, they will expel it out.
Mod+BracketLeft { consume-or-expel-window-left; }
Mod+BracketRight { consume-or-expel-window-right; }
// Consume one window from the right to the bottom of the focused column.
Mod+Comma { consume-window-into-column; }
// Expel the bottom window from the focused column to the right.
Mod+Period { expel-window-from-column; }
Mod+R { switch-preset-column-width; }
// Cycling through the presets in reverse order is also possible.
// Mod+R { switch-preset-column-width-back; }
Mod+Ctrl+R { switch-preset-window-height; }
Mod+Shift+R { reset-window-height; }
Mod+F { maximize-column; }
Mod+Shift+F { fullscreen-window; }
// While maximize-column leaves gaps and borders around the window,
// maximize-window-to-edges doesn't: the window expands to the edges of the screen.
// This bind corresponds to normal window maximizing,
// e.g. by double-clicking on the titlebar.
Mod+M { maximize-window-to-edges; }
// Expand the focused column to space not taken up by other fully visible columns.
// Makes the column "fill the rest of the space".
Mod+Ctrl+F { expand-column-to-available-width; }
Mod+C { center-column; }
// Center all fully visible columns on screen.
Mod+Ctrl+C { center-visible-columns; }
// Finer width adjustments.
// This command can also:
// * set width in pixels: "1000"
// * adjust width in pixels: "-5" or "+5"
// * set width as a percentage of screen width: "25%"
// * adjust width as a percentage of screen width: "-10%" or "+10%"
// Pixel sizes use logical, or scaled, pixels. I.e. on an output with scale 2.0,
// set-column-width "100" will make the column occupy 200 physical screen pixels.
Mod+Minus { set-column-width "-10%"; }
Mod+Equal { set-column-width "+10%"; }
// Finer height adjustments when in column with other windows.
Mod+Shift+Minus { set-window-height "-10%"; }
Mod+Shift+Equal { set-window-height "+10%"; }
// Move the focused window between the floating and the tiling layout.
Mod+V { toggle-window-floating; }
Mod+Shift+V { switch-focus-between-floating-and-tiling; }
// Toggle tabbed column display mode.
// Windows in this column will appear as vertical tabs,
// rather than stacked on top of each other.
Mod+W { toggle-column-tabbed-display; }
// Actions to switch layouts.
// Note: if you uncomment these, make sure you do NOT have
// a matching layout switch hotkey configured in xkb options above.
// Having both at once on the same hotkey will break the switching,
// since it will switch twice upon pressing the hotkey (once by xkb, once by niri).
// Mod+Space { switch-layout "next"; }
// Mod+Shift+Space { switch-layout "prev"; }
Print { screenshot; }
Ctrl+Print { screenshot-screen; }
Alt+Print { screenshot-window; }
// Applications such as remote-desktop clients and software KVM switches may
// request that niri stops processing the keyboard shortcuts defined here
// so they may, for example, forward the key presses as-is to a remote machine.
// It's a good idea to bind an escape hatch to toggle the inhibitor,
// so a buggy application can't hold your session hostage.
//
// The allow-inhibiting=false property can be applied to other binds as well,
// which ensures niri always processes them, even when an inhibitor is active.
Mod+Escape allow-inhibiting=false { toggle-keyboard-shortcuts-inhibit; }
// The quit action will show a confirmation dialog to avoid accidental exits.
Mod+Shift+E { quit; }
Ctrl+Alt+Delete { quit; }
// Powers off the monitors. To turn them back on, do any input like
// moving the mouse or pressing any other key.
Mod+Shift+P { power-off-monitors; }
}
switch-events {
lid-close {
spawn "handle-lid-close";
}
}

35
home/moco/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, pkgs-unstable, ... }:
{
pkgs,
pkgs-unstable,
lib,
...
}:
let
homeDirectory = "/home/moco";
in
@@ -57,6 +62,34 @@ in
};
};
programs.ashell.settings.settings.CustomButton =
let
nmcli = lib.getExe' pkgs.networkmanager "nmcli";
ykman = lib.getExe pkgs.yubikey-manager;
isMocoVpnActive = lib.getExe (
pkgs.writeShellScriptBin "is-moco-vpn-active" ''
${nmcli} -t -f NAME connection show --active | grep -q '^moco$'
''
);
toggleMocoVpn = lib.getExe (
pkgs.writeShellScriptBin "toggle-moco-vpn" ''
if ${isMocoVpnActive}; then
${nmcli} c down moco
else
${ykman} oath accounts code -s 'MOCO Reto' | ${nmcli} c up moco --ask
fi
''
);
in
[
{
name = "MOCO VPN";
icon = "󰖂";
command = toggleMocoVpn;
status_command = isMocoVpnActive;
}
];
programs.zsh = {
cdpath = [
"${homeDirectory}/Code/mocoapp"

52
hosts/apu/configuration.nix
View File

@@ -258,61 +258,25 @@
openFirewall = true;
};
services.home-assistant = {
services.invidious-companion = {
enable = true;
extraComponents = [
# Components required to complete the onboarding
"esphome"
"met"
"radio_browser"
"yeelight"
"xiaomi_aqara"
"shelly"
];
subdomain = "home";
extraPackages =
python3Packages: with python3Packages; [
gtts
numpy
];
config = {
homeassistant = {
name = "Koti";
unit_system = "metric";
time_zone = "Europe/Helsinki";
};
http = {
use_x_forwarded_for = true;
trusted_proxies = "127.0.0.1";
};
default_config = { };
};
host = "0.0.0.0";
port = 8282;
secretKeyFile = config.age.secrets.invidious-companion.path;
binaryHash = "sha256-nZXKpExKCc2zgSdVT3qo05NyFdpM9H9NJB5UWo+MVWI=";
};
services = {
webserver = {
networking.firewall = {
enable = true;
acme.dnsChallenge = true;
vHosts."koti.repomaa.com" = {
proxyBuffering = false;
locations."/".proxyPort = 8123;
};
};
invidious = {
enable = true;
subdomain = "vid";
};
interfaces.tailscale0.allowedTCPPorts = [ 8282 ];
};
security.acme.defaults.environmentFile = config.age.secrets.hetzner.path;
networking = {
nftables.enable = true;
firewall.enable = true;
useDHCP = false;
domain = "repomaa.com";
domain = "apu.home.arpa";
};
system.stateVersion = "24.05";

1
hosts/apu/secrets.nix
View File

@@ -10,6 +10,7 @@
})
[
"hetzner"
"invidious-companion"
]
);
}

1
hosts/freun-dev/configuration.nix
View File

@@ -30,6 +30,7 @@ in
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.binfmt.emulatedSystems = [ "x86_64-linux" ];
networking.hostName = "freun-dev"; # Define your hostname.
networking.domain = "freun.dev";

4
hosts/freun-dev/secrets.nix
View File

@@ -51,5 +51,9 @@
file = ../../secrets/hledger-basic-auth.age;
owner = if (config.services.hledger-web.enable) then "nginx" else "root";
};
invidious = lib.mkIf config.services.invidious.enable {
file = ../../secrets/invidious.age;
owner = config.systemd.services.invidious.serviceConfig.User;
};
};
}

92
hosts/freun-dev/services.nix
View File

@@ -3,6 +3,7 @@
pkgs-unstable,
config,
inputs,
lib,
...
}:
let
@@ -133,14 +134,21 @@ in
};
invidious = {
enable = false;
enable = true;
subdomain = "vid";
extraSettingsFile = secrets.invidious.path;
settings = {
invidious_companion = [
{ private_url = "http://apu:8282/companion"; }
];
};
};
syncthing = {
enable = true;
subdomain = "sync";
dataDir = syncthingDataDir;
configDir = "/var/lib/syncthing";
};
tailscale.enable = true;
@@ -295,86 +303,6 @@ in
};
};
home-assistant = {
enable = false;
subdomain = "home";
config = {
homeassistant = {
name = "Koti";
unit_system = "metric";
time_zone = "Europe/Helsinki";
};
http = {
server_port = 8123;
use_x_forwarded_for = true;
trusted_proxies = [
"127.0.0.1"
"::1"
];
};
mqtt = [
{
climate = {
unique_id = "nappula";
name = "Nappula";
current_humidity_topic = "homie/nappula/humidity/value";
current_humidity_template = "{{ value | float }}";
current_temperature_topic = "homie/nappula/temperature/value";
current_temperature_template = "{{ value | float }}";
mode_state_topic = "homie/nappula/ac/trigger";
mode_state_template = "{% if value == 'true' %}heat{% else %}off{% endif %}";
availability = {
topic = "homie/nappula/$online";
payload_available = "true";
payload_not_available = "false";
};
modes = [
"off"
"heat"
];
};
}
{
button = {
unique_id = "nappula_button";
name = "Nappula anschalten";
command_topic = "homie/nappula/button/trigger/set";
payload_press = "true";
availability = {
topic = "homie/nappula/$online";
payload_available = "true";
payload_not_available = "false";
};
icon = "mdi:power";
};
}
{
sensor = {
unique_id = "nappula_pressure";
name = "Luftdruck";
state_topic = "homie/nappula/pressure/value";
device_class = "atmospheric_pressure";
unit_of_measurement = "hPa";
state_class = "measurement";
value_template = "{{ value | float // 100 }}";
};
}
];
};
extraComponents = [
"default_config"
"esphome"
"met"
"radio_browser"
"mqtt"
];
extraPackages = (
python3Packages: with python3Packages; [
paho-mqtt
]
);
};
weechat = {
enable = true;
subdomain = "irc";
@@ -451,7 +379,7 @@ in
labels = [
"linux_arm64"
"ubuntu-latest:docker://node:latest"
"nixos-latest:docker://repomaa/node:latest"
"nixos-latest:docker://git.freun.dev/repomaa/nixos/node:latest"
];
tokenFile = secrets.gitea-actions-runner.path;
url = "https://${config.services.gitea.subdomain}.${config.networking.domain}";

9
hosts/radish/configuration.nix
View File

@@ -8,7 +8,14 @@
maxJobs = 8;
protocol = "ssh";
sshUser = "builder";
system = "aarch64-linux";
systems = [
"aarch64-linux"
];
supportedFeatures = [
"kvm"
"big-parallel"
"nixos-test"
];
}
];
settings = {

20
hosts/radish/containers.nix
View File

@@ -1,10 +1,26 @@
{ ... }:
{ pkgs-unstable, ... }:
{
virtualisation.docker = {
virtualisation = {
containers = {
enable = true;
storage.settings.storage.driver = "btrfs";
};
oci-containers.backend = "podman";
podman = {
enable = true;
autoPrune.enable = true;
defaultNetwork.settings.dns_enabled = true;
package = pkgs-unstable.podman;
};
docker = {
storageDriver = "btrfs";
enable = true;
autoPrune.enable = true;
};
};
users.users.jokke.extraGroups = [ "docker" ];
users.users.moco.extraGroups = [ "docker" ];

15
hosts/radish/desktop.nix
View File

@@ -2,8 +2,23 @@
{
services.displayManager.gdm.enable = true;
services.desktopManager.gnome.enable = true;
programs.niri.enable = true;
services.printing.enable = true;
services.keyd = {
enable = true;
keyboards.default = {
ids = [ "*" ];
settings = {
global = {
overload_tap_timeout = 200;
};
main = {
leftmeta = "overload(meta, macro(leftmeta+z))";
};
};
};
};
security.rtkit.enable = true;
services.pipewire = {

1
modules/services/default.nix
View File

@@ -32,5 +32,6 @@
./voidauth.nix
./gitea.nix
./dhcp-dns-sync
./invidious-companion.nix
];
}

14
modules/services/dhcp-dns-sync/default.nix
View File

@@ -6,6 +6,11 @@
}:
let
cfg = config.modules.services.dhcp-dns-sync;
ownAddress = (
lib.elemAt (lib.splitString "/"
config.systemd.network.networks."30-${cfg.interface}".networkConfig.Address
) 0
);
dhcp-leases-to-unbound =
pkgs.runCommand "dhcp-leases-to-unbound"
@@ -59,9 +64,10 @@ in
users.groups.dhcp-dns-sync = { };
# Ensure directories and files exist with proper permissions
# Directory needs to be group-writable for unbound group
systemd.tmpfiles.rules = [
"d /var/lib/unbound 0755 unbound unbound -"
"f ${cfg.unboundConfigPath} 0644 dhcp-dns-sync dhcp-dns-sync -"
"d /var/lib/unbound 0775 unbound unbound -"
"f ${cfg.unboundConfigPath} 0644 dhcp-dns-sync unbound -"
];
# Extend Unbound configuration to include generated file
@@ -69,6 +75,8 @@ in
server = {
local-zone = [ "${cfg.domain}. static" ];
include = cfg.unboundConfigPath;
local-data = [ ''"apu.home.arpa. IN A ${ownAddress}"'' ];
local-data-ptr = [ ''"${ownAddress} apu.home.arpa."'' ];
};
};
@@ -88,7 +96,7 @@ in
serviceConfig = {
Type = "oneshot";
User = "dhcp-dns-sync";
Group = "dhcp-dns-sync";
Group = "unbound";
# Allow access to networkctl via D-Bus
SupplementaryGroups = [ "systemd-network" ];
# Read/write paths

43
modules/services/dhcp-dns-sync/dhcp-leases-to-unbound.cr
View File

@@ -58,13 +58,6 @@ def sanitize_hostname(hostname : String) : String?
sanitized
end
def reverse_ptr(ip : String) : String?
parts = ip.split('.')
return nil unless parts.size == 4
"#{parts[3]}.#{parts[2]}.#{parts[1]}.#{parts[0]}.in-addr.arpa."
end
def generate_unbound_config(leases : Array(Lease), domain : String) : String
lines = [] of String
@@ -82,23 +75,30 @@ def generate_unbound_config(leases : Array(Lease), domain : String) : String
# A record
lines << %{local-data: "#{fqdn} IN A #{lease.address}"}
# PTR record
if ptr = reverse_ptr(lease.address)
lines << %{local-data-ptr: "#{ptr} #{fqdn}"}
end
# PTR record - local-data-ptr expects IP in normal form, unbound reverses it
lines << %{local-data-ptr: "#{lease.address} #{fqdn}"}
end
lines.join("\n") + "\n"
end
def get_leases(interface : String, networkctl_path : String? = nil) : Array(Lease)
cmd = networkctl_path ? "#{networkctl_path} status #{interface} --json=short" : "networkctl status #{interface} --json=short"
output = `#{cmd}`
raise "networkctl failed (exit code #{$?.exit_status}): #{output}" unless $?.success?
cmd = networkctl_path ? "#{networkctl_path}" : "networkctl"
args = ["status", interface, "--json=short"]
Process.run(cmd, args, output: Process::Redirect::Pipe, error: Process::Redirect::Pipe) do |process|
result = process.wait
output = process.output.to_s
unless result.success?
error = process.error.to_s
raise "networkctl failed (exit code #{result.exit_code}): #{error.empty? ? output : error}"
end
status = NetworkStatus.from_json(output)
status.dhcp_server.try(&.leases) || [] of Lease
end
end
def write_if_changed(content : String, path : String) : Bool
# Check if content is the same
@@ -151,15 +151,20 @@ OptionParser.parse do |parser|
end
def reload_unbound(unbound_control_path : String?)
cmd = unbound_control_path ? "#{unbound_control_path} reload" : "unbound-control reload"
cmd = unbound_control_path ? "#{unbound_control_path}" : "unbound-control"
puts "Reloading Unbound..."
result = system(cmd)
unless result
# Fallback to systemctl
system("systemctl reload unbound")
Process.run(cmd, ["reload"], output: Process::Redirect::Pipe, error: Process::Redirect::Pipe) do |process|
result = process.wait
unless result.success?
raise "unbound reload failed (exit code #{result.exit_code}): #{process.error}"
end
end
puts "Unbound reloaded successfully."
end
begin
# Get leases from networkd
leases = get_leases(interface, networkctl_path)

5
modules/services/gitea.nix
View File

@@ -46,7 +46,10 @@ in
services = {
webserver = {
enable = lib.mkDefault true;
vHosts.${fqdn}.locations."/".proxyPort = 3008;
vHosts.${fqdn}.locations."/" = {
proxyPort = 3008;
extraConfig = "client_max_body_size 0;";
};
};
postgresql = {
enable = lib.mkDefault true;

99
modules/services/invidious-companion.nix Normal file
View File

@@ -0,0 +1,99 @@
{
config,
lib,
pkgs,
...
}:
let
cfg = config.services.invidious-companion;
companionRelease = "release-master";
hostPlatform = pkgs.stdenv.hostPlatform.system;
# Invidious Companion package - fetches binary release and patches for NixOS
unwrappedCompanion = pkgs.stdenv.mkDerivation {
pname = "unwrapped-invidious-companion";
version = companionRelease;
src =
let
archMap = {
x86_64-linux = "x86_64-unknown-linux-gnu";
aarch64-linux = "aarch64-unknown-linux-gnu";
};
platform = archMap.${hostPlatform} or (throw "Unsupported platform: ${hostPlatform}");
in
pkgs.fetchzip {
url = "https://github.com/iv-org/invidious-companion/releases/download/${companionRelease}/invidious_companion-${platform}.tar.gz";
sha256 = cfg.binaryHash;
};
dontStrip = true;
dontPatchELF = true;
installPhase = ''
mkdir -p $out/bin
cp invidious_companion $out/bin/invidious_companion
chmod +x $out/bin/invidious_companion
'';
};
invidiousCompanion = pkgs.buildFHSEnv {
name = "invidious-companion";
targetPkgs = pkgs: [ unwrappedCompanion ];
runScript = "invidious_companion";
meta = {
description = "Invidious companion for handling video streams";
homepage = "https://github.com/iv-org/invidious-companion";
license = lib.licenses.agpl3Only;
};
};
in
{
options.services.invidious-companion = {
enable = lib.mkEnableOption "Enable Invidious Companion service";
host = lib.mkOption {
type = lib.types.str;
default = "localhost";
};
port = lib.mkOption {
type = lib.types.port;
default = 8282;
description = "Port for Invidious Companion to listen on";
};
secretKeyFile = lib.mkOption {
type = lib.types.str;
description = "Path to file containing the companion secret key";
};
binaryHash = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
description = "SHA256 hash of the invidious companion binary release";
};
};
config = lib.mkIf cfg.enable {
systemd.services.invidious-companion = {
description = "Invidious Companion - video stream handler";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
Type = "simple";
User = "invidious";
Group = "invidious";
DynamicUser = true;
ExecStart = lib.getExe invidiousCompanion;
Environment = [
"HOST=${cfg.host}"
"PORT=${toString cfg.port}"
"TMPDIR=/var/cache/invidious-companion"
];
EnvironmentFile = [ cfg.secretKeyFile ];
CacheDirectory = "invidious-companion";
WorkingDirectory = "%C/invidious-companion";
Restart = "always";
RestartSec = 5;
};
};
};
}

15
modules/services/invidious.nix
View File

@@ -1,4 +1,8 @@
{ config, lib, ... }:
{
config,
lib,
...
}:
let
cfg = config.services.invidious;
fqdn = "${cfg.subdomain}.${config.networking.domain}";
@@ -32,5 +36,14 @@ in
vHosts.${fqdn}.locations."/".proxyPort = cfg.port;
};
};
systemd.services.invidious.serviceConfig.DynamicUser = lib.mkForce false;
users.groups.invidious = { };
users.users.invidious = {
isSystemUser = true;
group = "invidious";
description = "Invidious user";
};
};
}

9
modules/services/syncthing.nix
View File

@@ -27,5 +27,14 @@ in
vHosts.${fqdn}.locations."/".proxyPort = cfg.port;
};
};
systemd.services.syncthing.serviceConfig =
lib.mkIf
(
cfg.dataDir == "/var/lib/syncthing" || cfg.dataDir == null || cfg.configDir == "/var/lib/syncthing"
)
{
StateDirectory = "syncthing";
};
};
}

18
secrets/actual.age
View File

@@ -1,10 +1,10 @@
age-encryption.org/v1
-> ssh-ed25519 osOCZA OPYYw6SBBoMNoJ/DfIyvxLVpZo0n0v08uhrPa2Uk/xw
b9mSzuzgznPl5qu73kJie2PgJGIlxEOR/MSNzp2TZ2A
-> ssh-ed25519 DFiohQ rYD5ueKrIAbtphPZe7BxyHNPdRGCV0o4G3lXGGHFmD0
caGATSGVUaJkTDIHDk40oJnNh8oNRRQYTpKn4jET72c
-> ssh-ed25519 PT7ffg 2HVnNQxY5BubUZGTuwcOHMKDZ7O1f+gji9d2mquLECs
rJzRjFokTzDkn/fjA1eXaZdISEXWtGqLSsYpUYEd0qw
--- U6CH4TvqpEfQg4VuQ3fr7gcqBojVEV2r4+NPfMEVxbA
q5šòú4ÍÝMêÿ<>—Ô³ÏEòx'í6éu<C3A9>§¤eìëŠàÜh4D;óN¿ƒÔ<:P¡)Š."CÞèˆÿ
xgóv˜/ãN%W2™¥ÙPâQÖdA½VêÉ—üœ^_B|Íëío׌àkf¦ÛŠáWÞ~ ³ú̪ϽևÄÖDñõfo
-> ssh-ed25519 osOCZA n8TUqlE5mEfKa7aPdefBjIKAhydL1vrCZK8cLTs+j3w
ayrirgnGn6dTBKShBRDHJAI3t040hf5LEo8ZuHUGNHg
-> ssh-ed25519 DFiohQ +rVCacN11divc55NH2fKsYXa6IJ0ieW18riYz9nkrwo
4qv06+QnvPKYRRkQauDwKfnT1c4/GHDkxHVrgkfrHNw
-> ssh-ed25519 PT7ffg wklac2cEzzfMQaItzsAv6I1az8HxZ15s3ANwxYO59To
abdf65f0BT2sE52T60lnfqY/iDCgLAzgRQlPqjRp6Y4
--- Wi4+L0OzsduT8T7G4+H8pp05EzbTjNlJowwBDWUN1mU
ÛŸþfŽ¹“Íå¸ÁºTL®`ý¬—F„F»‡í$S1†ºqÐv3nÙOu‰Xªf
AþÂn‡e¥Sý©ªEãM_¿ ï^VÀŽä4p.øäBIO¹Ô÷

BIN
secrets/borgbackup-radish.age
View File

Binary file not shown.

16
secrets/context7.age
View File

@@ -1,9 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 osOCZA wDdoFnPs/OUczxmB6WgzSQ0HtguSmIsX1di6gH5guFM
b6PAgnY1Kki92V+ky+/Cuq5UezYdchS3g5MtqtRxDMQ
-> ssh-ed25519 DFiohQ oZmlLt1Em4PnIZAUwqxed5EH1ZG/Bkm3FPiZI9uxVUY
/dAEjEHp9mcygfYj+taalhqjJ6ywkWu45ymwnmtlzaY
-> ssh-ed25519 hRPDBg MKpKkBgl0baf6qJh940ekh1z/0bKbzYTBb9In2yVd3Q
1uX/3y+A/a+vxSl41DlUnZVdh6lpDYFwunzLV3DRblk
--- KQncWqjni5UN+D3I1OSWdKxVf5/UiLBUNBwFMG/1+mg
Š<EFBFBD>­öôó\ÄXã±zÐÿÌ®œ¬Û\~.¼©ûfå•w
-> ssh-ed25519 osOCZA 9ZHiyWiFLySuINTKXSjysD9u7LKyhK2bJo6JmVskDGc
IDUB5fbYwEwZDIRwOAAWdDkHOrmMwlZT+2UhObhHVXg
-> ssh-ed25519 DFiohQ OFE+xiH2zIXccj3axHbN8TBKS927ldBtlC80ZCVH2To
E50Dr6cyllIN66QVGYvonpSRV0nERdstsEGUeXrVDoE
-> ssh-ed25519 hRPDBg Z9ItEkrFay5918/EY2RCl0a9PZx3z8amW4yMyfgEqQI
rEs5eqfdnpwnxzPRlMi1vBrtzsbQCwCupkGEXFs7rVA
--- op5RVwxhxkxflXvoAM7ZcEXLutkF9Op70tUxsJundN4
è$À;Åå1ÒO`bBMÆLŸf“<îã%>1p<31>kvMØ]?x|ù¬zäFƶ~ÖÙÕ¬pL

16
secrets/dnote.age
View File

@@ -1,9 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 osOCZA UCilO75OGmYABIVNjQ7JKdObSSC882S6blT35S8XXBE
CEhIzJeE0Xa9jY1uboPVM1uK+U8N77e6pGsK3SCNBqY
-> ssh-ed25519 DFiohQ aKyq1IPwKvgQniPEDt9tIw6KLeQePctFPY8wnSmcREk
3OQH5iOGFbnJaUXn8JmMDItPfPjXUmuO1OFYw31ftGA
-> ssh-ed25519 PT7ffg 1XzR+XsNLJgf0itst++aN4GWpiUjPvlCPR/KcZzLNT4
Na1BKsjIoFgFbQI4LVppxW53yAQgxQfz5r31HrTNRLI
--- U8B89Fp3JNPBX18P5p3lVLYIz5CsbxldkvnjZ2Cx4+8
º“¨3z®#<Kî*ŽwÁMs! ­Ó2¼Ê<C2BC>bqz>‰&€~u«¹‡Êi𧾘tYv§¾ÁþítÂøÒvÀ¬2Ïd)gfÇÃÙÔ<C399>
-> ssh-ed25519 osOCZA sWXC8tg44GfsKCFIDhvmkSfO1NnQ/GdP7s7yKnn/wwk
tulj+EsIi91rXw7XV0elKyVpamDNnEdy1GikcmPGLlE
-> ssh-ed25519 DFiohQ 8Cxy6QZkviBPw51+3m6JYtcOPTbYy6C7m7uomdFwAgY
4GuwAQKMtKI7cZCg2/yl4IAd98Zeai+/rXScSRRmS9E
-> ssh-ed25519 PT7ffg dnDE79EVRVys94oHOSduzhcyd8oHA8/scK98By5g9FE
RFfMpq56KDvIJcOg5JdaOiEN6wupKFUNbcHYCS/kyp0
--- Tg+Gw0uAEFItHT00VDs9BmhvX2f8afcRwuh8OSqLEh4
È*Í<>¦ciðÜ~P+c÷{p™“²Û…£yé\©â 'a“<x6Xsá¡zógŸ~=´è0¸6=sÞ5ÐÆlØ5BŒÎ3ÌÜ5í»š§

BIN
secrets/donetick.age
View File

Binary file not shown.

17
secrets/gitea-actions-runner.age
View File

@@ -1,10 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 osOCZA WJ1gfKrLBMmFANdArq8g8PQNbUIl+vVtyxTq+bKx93c
JFB9WXTK8/7HRfDRzTIzIpDHHc226YCPfUCqbBQ5N1Y
-> ssh-ed25519 DFiohQ /5FxHaCm+0wGlQ2ZziKYTmD5AWjmoA5PTys3VSOluSU
l6C6LhUaxw/dIUkyzw7pl2vREV7Bzy/FvbM+J6gFzZQ
-> ssh-ed25519 PT7ffg B/mz/9eslfI+VEfEPfT4TWyvLTryDZRjSGxM3x2sQQE
qIQUE4103ilhAhNxekvb3fPYeqZCZ3NGwzfZReMXiU4
--- HzN/P0+Xj3Ep+LthjWEpKKDbjlXkPTtamWIPl9IQ6Ec
C ¨ÇPœÞºãìQ½[<5B>&E"ñTQfë|NÃ!ÅÿÅú#³ZŸ:¼€ïr7È:ùóZè´£<08>Fisˆ€(ãÊɃ~È0>
Œ°ZâŠÁk
-> ssh-ed25519 osOCZA YazzKQ+vILKo3Ep0pktO9iUSeW36Q2UVZpbdLVEfYz0
YgHYF2kjRhmdfMQwgaXPws3nXgCltHukB7Xhm0bkVuo
-> ssh-ed25519 DFiohQ rbNLTZIjzD7n9zKxkbi6fG62B4Mrse1WnPdcw1RWAg8
uzuHv7ekuPl9wRgkhn4Mksk3NAUcg8OCPEM6Vi2GVdw
-> ssh-ed25519 PT7ffg DfvJEgs4wsYTwWXZ6pXXG7v6K+47Dhc5MPS788IZCjg
TId/tqstZaAJIDKav8NOJ/p32BuBO6gE6/B1QISk1cg
--- ezx3Iiga17TxrY0K5HlAbcKBvdhgvnpT8sz4vPrStQ8
Z[“Nl<4E>_ùXì«ú¸ ¨ûGèmP8ç—¥nR0ÙKÕ[+Çsßã÷:o'”‹=}œR<C593>纊õ£:'«ÖG²€Ï£û`ñ

BIN
secrets/gitea.age
View File

Binary file not shown.

BIN
secrets/gitlab-runner/default.age
View File

Binary file not shown.

BIN
secrets/gitlab-runner/docker.age
View File

Binary file not shown.

17
secrets/glance/reddit/app-id.age
View File

@@ -1,9 +1,10 @@
age-encryption.org/v1
-> ssh-ed25519 osOCZA Y7ieflWxf67Jik747FnOu5aKcDjh6hd8OWE88oX7gWc
aQavFEvcW30cer2DutpkfSkKk1NqGzPiP2bYL2MCv+Q
-> ssh-ed25519 DFiohQ J5HO9n4KTQ6cSBGHxrBHORvmYp4WYJZiATekbZvhuEU
QGAhwn6P5ByiNY8bMUI07hHvnA8diVI56Vg+6kVEJb0
-> ssh-ed25519 PT7ffg RpcpdzFtX5VyodX3lXKvjMRxMlpasRqqpjqCacXDcy4
VJQuB8YfhB0DQ4TjwzBhdtl35eyFVLLW8O87mCuH828
--- qJnfQgOyw0CTBhXNSyIw3O33av2cjPxTntLsOW/bevA
-åž
-> ssh-ed25519 osOCZA wVGyI0bVEaVUbXMiumjhqdno2VD6ZHmvJM0NRUoesk0
kW8Zs6KV+KBmyg/imOzVHHPg/K3oHyB05ayMQsT01CQ
-> ssh-ed25519 DFiohQ h+C13tChA1OrCdmJO9rkjW3ER/d8OW7P2IGd5spsd2Y
7LOIjam4k8lmglNEuNs7lkRpt3UbYkxFxXPwkj2Fbc8
-> ssh-ed25519 PT7ffg 33/HLpIkjfw+QC1qm1Tmr4YqMjgtt4bsVoFqUNinhno
8+PGKzffQT2DuM8l9mqgGieHiQCpBsbWbHDIdxFapBk
--- lzyw/qQSELbYc8TWYFGD57JBF4JorTLhBPNdlxYjVqY
lÞHºaEM9ÅóüÀS0(Š¥¦lâJxø-
—sÔ¸éžc¬H EÖ˜Í0_{|Kp2

17
secrets/glance/reddit/app-secret.age
View File

@@ -1,10 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 osOCZA y1DrZWN4jrO6xg7TkFqrjTT/k4L49IAZVf/NLw3jMiM
BB+Aq/80SFQpLJfZxRKFPBw9ylHb+Y6LLuZQAqG3WdQ
-> ssh-ed25519 DFiohQ jPPM8ATBvlXn0F/9pDCsZB15yW+af0b2FQqV2gI8YyQ
8yJjKEvEGKDwtvBWP/yjiDql+HA6l5q+RfEgP8cAIGM
-> ssh-ed25519 PT7ffg +R5KlrnH2gGW2Qc3V+RgYKtAXerbRB5j898+b41/VAU
7Lq3GE9CMGeXAmsf9WgSiJf/o+HyssF4xz94JNjbEgM
--- k2xNMbWr5tntlbOOYLbt6DsWsW2mT/P3pg3IgXYcM58
|ìÍÑ°m7Æy‰z¡¥R©ÔíYê+qî§ü—1>ž‡Y?hHÖžÌÌÈ|ù7àÞþ̃
N¥zÚöØäëøð
-> ssh-ed25519 osOCZA tO/H34qaDDLUWG7ovv4wD8At0v+nRLxgozIHFRCxIG4
AU0szD79hzM5rLSYQhki+Ukc2CbATwdU5uWPNLn1Oa0
-> ssh-ed25519 DFiohQ hwThntCOC9a5eSAay4zWW044NoC4JggBXgh3KAZdGAA
z2EDIRJH9jGTKYuxm++ns1yqFyUYrA091Q22VMNgqec
-> ssh-ed25519 PT7ffg tNGBQvJnGvnGB0Mk24Hyh75ZJAMbZMKk60wkc/PMEiE
ijewL+qajDYN7abihSAvAySqcx3idkstsriVVw9Fj+A
--- HuLF80Z9VHyeMVTyN9CLKIRn0HFUpIhaWC9KgLHXrlI
:™Â3ÿö:ïžéÔRàöó1™Ä„É°ŠBÀo<C380>&Qd1BXU¤ìí¨q Ñ ßšüÙfÂ<66>€êQPÝ—8

19
secrets/gotosocial.age
View File

@@ -1,11 +1,10 @@
age-encryption.org/v1
-> ssh-ed25519 osOCZA 77EDoJKwYm80SsOFMaTeLVKyb60mpVafClV0oDfhnm0
gZ4EtoDbmI2iggyAooqWtd0Yhh5kebvR8vnHGz0Er6Y
-> ssh-ed25519 DFiohQ dYdiyYPtjCH8YFpj4bAwTDSEB+0JjzDIz1jwRPDjAFg
NAdMoMfREupERqZ8t2lu6++Qjgq7LVIo5wsXabXKWU8
-> ssh-ed25519 PT7ffg 6NFOq021rnHwv7BFIw9in6uQR39hgh5qVuPNvxtCd3k
4UK6DCVbSi4yugpY9nLBSoZ7SHLkF3MMIeHVKYH3bkQ
--- 1BNBapkorRybzDSfmHCQjfkN0ss0GXnZGv99Ni/O/VM
wp3IvÄ"ßc}úÀ™W,0VÀÄæÂ<C3A6>mØû±ù´˜ƒv¹„¯jªP#„”$Ž”f¹ÜÌ
v9x["ú¶c ‡y²
~ .€[†/ko'z
-> ssh-ed25519 osOCZA VAbqavKlZzuLT1XwcdWuRX39bNPbuVvsGPXNv5lwd2g
4mMBgBCfnnbY6lo7WAnppqEk8tA1A5MGvXjjZ84cr5k
-> ssh-ed25519 DFiohQ hzICSaoG/iPl1VEm7gF49mXCzhVZypQN00/9dqbAfgI
VM5O8wLvzFyFkttqP4YWQ0bR5iKkAvpYFPsep2nYt7E
-> ssh-ed25519 PT7ffg +FbUxPiTEBDl4QdwYUSuqD0+xzHWe4X9l1cqRePwZzQ
tfKlhCQ0mK67E8UcXki9y4SmgTLsrZwD6kKBQz1NiSI
--- tnLRJm+/eP6KzNV7vD1d2KtDe6SRyo2MoIsow4CDyrU
±lù•þebö±¹D.Û
c‰Y.êÓdÎNáWä݃ξ^®Å´ï©PщSFd.Ú=ýŸ3øA@I9/Ž¼˜læóÍ<E280BA>~;FÒR5[|

17
secrets/hastebin-tokens.age
View File

@@ -1,10 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 osOCZA a3vwn++4v/1tVvde7xQd4qcY10fAmxG+Wd4y76ZqvUA
ljGJxon/rQmsOsu6CW/TDjbPx12wUeObVV9T364YA68
-> ssh-ed25519 DFiohQ +RiL4W374ivb122PSHtfyzF8XaxDSwwVJ3lWq7ezDxU
mHFKG+GIXw0P6FhaFoD+u2QR8HLcnfsO+5100WLDypM
-> ssh-ed25519 PT7ffg CjMjkvJTg7oSgxdFK9rJpzAuv/7TDdAMCl1+fiAlkBY
b32kKKuDoVJuymrtkBcpxo6AdSkMO6UmATgRueZ2fTc
--- yDBelLE3scwefm2+jKFDHPCPj5glMWkehZvJvvq2ssk
1ÊŤÂû?]/r÷y¦` HbîôÄ7$/<2F>ÉÃÚC<C39A>l¹ÐAtÊÅ™Me“f»}óŽ1\¤Nê/9õ4<C3B5>/âfºøˆ<³&õü³°jÜ·À:ž1E^îÝ× ¤d¡Gíÿ¡:;<3B>žUÔ<36>¥[
Þù#2F(0bãîRôkÊàc
-> ssh-ed25519 osOCZA El5iOI/2mf0RUjL6ENefgh0ibqalVciyxpAvmyjZ5Cw
zhZ3WbaMn0Y+FgeZt73mDn+myA+9UYj/73mfwRPA3vw
-> ssh-ed25519 DFiohQ nqMkFuxJ62ZjfWJWZxDOGJk69F1vJJpviRPB2mEONVo
YOiv42eN+VjJvZ1K/V1emni+YwRu3qoTcDI0TV9S6iE
-> ssh-ed25519 PT7ffg LIluEefuruMR3egq8snsIwGVT+4rRy4/40KfMelC9HA
VZKSdePfRZWiy+0lq/QqWHzlzSzo6FGGaTEmbVlTi/4
--- L5dJ1YxPYUifymofD7/kkdinaPhCy4nCWlvuDAOMKQ0
BÊ5øv|}!Ë<>}wÜ^ ÔõÎH»çükcšc²ãµmyO

21
secrets/hetzner.age
View File

@@ -1,12 +1,11 @@
age-encryption.org/v1
-> ssh-ed25519 osOCZA yecY2otHscTma4xjcaaoRmxuUMPNbkv8b4pUBFYLKhg
t7bCDZqi1qzIeAsE58ecTXq85phEo+DVRr5zBfH/wJk
-> ssh-ed25519 DFiohQ 1ZbsKQkh4L6RsFr4R0Rck/7lZ2XsGUC54mmULVZ+PFU
6RtFRqrJTdb8dRZ2IogMl+wGdWyaEo7IBIgQWbCXyVI
-> ssh-ed25519 wU682A SF+XcBZW/XY7tgwyfb1qBJyzSv3X1z4p8RuM34bBeEg
rkJx3bW+bov5nlBVcQt3WGYxCIgsdoaNIj5h46BBG8I
-> ssh-ed25519 PT7ffg Y7OyaYunMQ3LarD4ink3QhKIPL1V5jylcaYrSfOlenM
BF/24w5Aay+GMYcRiVt6Yp2z1+kUnhLjnLZpQccXM3U
--- attYfW8tq8R1PozE1TOGmuRdLqlBzMOo1dpwECgnRjE
ZÅñbtalMd†& ,Èão· 2;Ö/»$T³ÿ‰û<E280B0>3Íþô·móµæ2Ä
{Pî­0ŸsçƒÊ?Cɯaé¦x°Õ^ܵkï¤òf­œÛFSz麠5ñQ¨Ò©B0É9Ël=©ÍîL¹_}È•o
-> ssh-ed25519 osOCZA FKD+qFniA3jgwdCriymcaQ96RGn8F78+XecmYtRCfX8
ENp2WFU2qDz29zOJExCMabQ3WvuMOiERuYuDnXOIjEk
-> ssh-ed25519 DFiohQ JH5/iUT9x2Dtma1opFghd2MMuLdchaU97stGKHVK9m8
MqeiYXMAlyiON8AuNldxsmScKQrHtIPOHq9nT0ZIXdk
-> ssh-ed25519 wU682A V9evWCnHQB4EqccQdDBLQ4GqkbYZOzgc+0Tn9gll6lo
BdUjarUTdhbeG0CCEBWlRTVAHDny8PP4iPvMqe6p62c
-> ssh-ed25519 PT7ffg wTMNgxHNZheXruIUvSw3UD6hNa8AXQQ4Wf9r0IZisWs
LwbrIzC3qtBBUuU66vgMyMDNsF1JjnSlQC//2G24x6w
--- IEOH47m19dLIPugcw91lSPpP8gKX5vFr8pA7vcpcce0
R˜S¦ÒZ#Þ¸GQS]˜ƒ KˆÓ¶ÔJBòò&*<2A>üb<>u†.œ»9B„È$<24><>rzĬ®-¢Æ,2çäP}ütSÏæ1yï}/ªÛ˜—„ûækDý´SR¿®?â4Êö“¯:È$+J?h ˜

18
secrets/hledger-basic-auth.age
View File

@@ -1,10 +1,10 @@
age-encryption.org/v1
-> ssh-ed25519 osOCZA gReLtbgzdbsykLo/OWs/S0CWvvUJr0B/660n5NtQO3Q
lxP6i2EA0ZvM9ShkM7012TLs47fP+sKzOAJehgvZEoU
-> ssh-ed25519 DFiohQ OPP2MdPUYqMuViWTiNavSyXqxfxIRMx+tMKip094ohM
lLxrJF672ZkbY3ynX7Wrx3srJvg1gfFeynZMeIYL4II
-> ssh-ed25519 PT7ffg v0j5GfBvjmf4qNiyVr/foSp2Zw8sJOmjikWa68yoNnI
WwhUOPXdrrs2ezKfYaUdT0EV/b7U3267E5bpy+RGyxU
--- v/hWe76x98rBQgOhANw5wsaE3hlCaFKYSl+x8KjnRNQ
:bl
‰~E¡3ã®éåN<C3A5>"]Œ`´Âª¨ c#Ç;¯vt½=A<>ƒ)ÍÕa¦/<®áŠl#ˆÖUïgfí£„¦ò½RÉ;<<3C>­%á†:!ã$)!Sž¯È<C2AF>
-> ssh-ed25519 osOCZA tPrVq+M1r5ii35AaXmRLeDpcKU7wsHIpBWoQCf6b1RU
fdFRUKYXeK8xYrsMhcSy7ZLi40KpH0pjm6Ul+2ouIMA
-> ssh-ed25519 DFiohQ P8nLAJGmmzmHlydWwygjDAeZ12un00V7Z1Az40nVAWE
sLGVbo6Fx20pCvRCijCD0NyOSeNxNeVRlax67KEUWRM
-> ssh-ed25519 PT7ffg 6khi1DV4frFUUn++NppTG/wN6FCqmOz5egmKuwc+VWk
UHa8RJtkHlh/RrztLANfm96HiOLlseh6pP3iaVOOG5Q
--- k1X/cu9Bozfxsb22rkf8utZkf9hE28Dzvvhs4IEBi3Y
ÎnOóý¼ ¾ê¡€gÄÆbŽ"<>\] nµFí ‰âÓÙ“YÕ6×ûAû9µ‡'8ù
ê§ $žÍj2 %ÂSÞÃ5Ríæj[Ây½™ .1˜ò­+óçΈ¬Ù<2´{+ØPºhdŽ¥È`ã.ôÔR«æ¬ãÔ#€ÊxÑÎhè"ì”kwúe -exÏí¸Ö«»—ƒWUÞç

BIN
secrets/immich.age
View File

Binary file not shown.

12
secrets/invidious-companion.age Normal file
View File

@@ -0,0 +1,12 @@
age-encryption.org/v1
-> ssh-ed25519 osOCZA 9wZ3G4vjwJhYungj/utZ/jgnQRD7qGHsMXM51gNFLyY
SvdeK7R1AxveXXFJng21JK1fy+y7lh6OINB4CtUdS1Q
-> ssh-ed25519 DFiohQ 1NIsoZWR4fY+bcROkw7iq+X0cYIE9g5IiWOqO0FvymQ
igfAuxzfUSlhE3jaTMjqCYeF8ccKVyuUW+uD8JdH75c
-> ssh-ed25519 wU682A g5y8TFpeJ0myejb8r7gL96JBk/q21KlDOBE6ZpCqv2A
I/3aFKq2ne3gVeg+/1LmlKoDyg723yyjUdVdzgFzhV4
--- JsRdNjJ285V+RGktIxJv29Alef95kpB2TOnYH66Wr4Q
z¿
n
´²xÇ
Û¸"KAx)ñÑ8 é…

BIN
secrets/invidious.age Normal file
View File

Binary file not shown.

BIN
secrets/mealie.age
View File

Binary file not shown.

BIN
secrets/mosquitto/homie.age
View File

Binary file not shown.

16
secrets/mosquitto/mokkimaatti.age
View File

@@ -1,9 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 osOCZA eWLRpIyRno4qtjjwpXxlwsW4I5a59h+c8W4mJpb7rmg
i1LmqRoWZ8wB1EYxNvtqoMSr1lqGbcHHqyAPK1Ldy3Y
-> ssh-ed25519 DFiohQ Wn2NMzQBdv6KsZnBUj82FGo3FdOcyZqd1A+KkQy5G1w
ZCrFCEeikNUmG1pO/f0wy7GzTzwCYoNhQBTeofmo98g
-> ssh-ed25519 PT7ffg RnEdUTw4G7dVL/YWr5vls5IEf1BbrdBCjgk+ZTABlQo
G2PEFcmClmcd8Ap6L4VEipULRZuGj3izzeB0l/cI6FU
--- +Jmqn5CDZN3jaexEWZzZvuKvxjZfXfEdyUW3cQIIsnQ
ƒ`‡ù€Úô<C39A>ŒÅ¬8\ÃR ØYoç"¾Øó2ö/˜<[ÿ>ÈuÀyÿÉW¥ÝÞ<C39D>`Ç® <¨™V¨Ø-úÌdÇBª*“ï±)n<>( oB7sñ Õs—À¢à)aE)ÆÐ…4½ŠÎ(îÂmQ¹Fy·xj'„<>wX,QµV”ìÈö
-> ssh-ed25519 osOCZA rqLqt3IrvBiIXneOWHFLJ3sBz3+dmNsl8LO6whM3Y2s
5MSFsCQoaF97Ve6ossfYA+JezYy5Rod3Se4/y1kl7Go
-> ssh-ed25519 DFiohQ 33r7cd+b7CKR2rVcPFlRIVwcLfHrEgXgD/bD//86IG4
Jg/Nripa9RCtbXaS+1vHBwVBG2q3VMi56lnhEnZvqmo
-> ssh-ed25519 PT7ffg uEatAaPQspVG41/O6d1oTkvhZUn2Au1TeJOlxBaVsXA
0IATY8BEgVuVpYneH12F59Y+wIxnTh4QOTTajbQmWgY
--- 22zYI0N7UXX09jMLZ6FXgXaeijamAiKWVSv02kF/HKY
9$éN[”mÞŽòñNfîq)`qgúÐÃnÏÅ?˜ Ô1«õs,´ü°u(x…µf Ŷ¨é[\£vø:ÉákµòƒB1½ƒlš+5ß[Ûò莠 ¹5ðž<æió1gÿ!ÆEµ8SŠ ¶xü.kÔaÒƒ<03>NåáãÍÁìÿN­

16
secrets/mosquitto/openhab.age
View File

@@ -1,9 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 osOCZA dkgMfjgrKalX7uGrncrep3rtVZFXUHeqwbPix7ngyFY
a9jzF29C7Ltg7tn7Rcoi95847kRhWePylmMU7PGOkdo
-> ssh-ed25519 DFiohQ CeZgWwo/TDb89fUVx2ueTArKGPuBjdp2sklqTpkgoj4
7/H9QMGzIBXcSYTnzXfJwlvlKLI4B1miPU+LXzmiHtE
-> ssh-ed25519 PT7ffg 456boso/C85lpir1PYUYD1pzb70vQvTrAN3gKy15s1s
Sv2hsM/Yx1hUeGWih5zMYXzJaapm767IDzC/4wmKulU
--- /iFmcxXywCLhEOLKLjzrKx/QW93++yzI7tXvn/asMUQ
¯`©òˆ:…*ŸÞ¥·œê')»{;tɤ`E¨`ŠØþ„♇  •Ï„šUà::¿h<E28099>Ó<A±É¢”%ä ZgsE¼ol„¿cƒãÈj¾<> ÄuðÔÔÌBÈ-¬³"{iëÒ Iпíe8NÃæ6§çºV<C2BA>÷SðFã$m¸Æ¥æ¼
-> ssh-ed25519 osOCZA 5eUNORBIp4Nm9KJYBGsirBGNmJQTw2jjUW6qNzZZ+XU
kEnw58503E8dVhigC/gq5LdsMCf/cQ6JE7qDVP04Gf4
-> ssh-ed25519 DFiohQ IGSUfX4LH1HkCI+Na95AK4uoDi9sribs4ViL4B2Xo2Q
X/BG7S7fU5b9K0tgeGJxLaeFUljaMCt8+y7+67M2zH0
-> ssh-ed25519 PT7ffg OlYiDqfh3auTa8QvOmK3RMmCu3rCnrqxh2tyCwkQcRg
/KFTAcZaTgq5Obq+27dTmI1F3gXxuW2leoUeLB+Xptg
--- 2GuL6Gd+bx/V7KoFwa00YxEFS/WRoKCjYP89i9RoYOY
„Öe44IÕ»3<C2BB>¦Ô¹jóB½”G€9VýïìX¶Ò-ñ[£/… ãà0E®Á8ºøð­8lTF™â¡DCép MßÂNòN¬ªKžP‡ö¦[s{vúØ3QˆùƒöhÇiàÍ0™ç6Š$ÓÍrx/?ÉeØ“áM@˜2FRÖ2˜ÿAB³+sÈÒ

BIN
secrets/mosquitto/shelly.age
View File

Binary file not shown.

20
secrets/mosquitto/telegraf.age
View File

@@ -1,10 +1,12 @@
age-encryption.org/v1
-> ssh-ed25519 osOCZA mY+/XDi0aUXqyjMUtw3loj34odb0pTPOXpP3xMaGTy4
bpSIdOmSeIvdO4Aw+hpBuNTlZRNYDk8GdbCVfAoJSIc
-> ssh-ed25519 DFiohQ Dju2lm9o2KhU965PEAqGt9LI9BtNsV2bldkPbOC9WzE
v+8qH52YoNUwrSbvlaN0H7VET9UfEecXwoMaLPXQEiw
-> ssh-ed25519 PT7ffg AFg8dFq8hX/RrrjDLYEpBcrIy630iRRYAkLvag4DF0E
Moh8lmYzweMiGLrdBd7kqi13/7vxscNEa15/IRfbCOA
--- 6Wnopn2zv15ph9bi31fUEafeKzVTZEp2igI8nVW4P84
'‡Q„Ýþ»ãFbÇŠæiÁ¶Û²ýolkú*_'w«Ã
²¢´…5 î.íì>Ý\©%(äElÅ¿PÜž"Õ(†bÔNÚ ¢/m×Ë í´\JëêºØxøÀè˜6"jÖ·d%8‰ä¤ˆ°éš bÁÐãäP ˆ<>#0™•çk]s œv».º
-> ssh-ed25519 osOCZA 74EsAOwngM1isJZEh1Z+ObdeAQ058vV4JV6OzL1krB8
uMgHAuHGbVW0geur0j0jtV1bpMSkemrcrzIsSNXAeu4
-> ssh-ed25519 DFiohQ QZP7wkW9rPR11NacImhLK+rOrq4+4BqrUiPiG7VokFU
+TNH8at4QkKKuJTDvYvjtTltZSPHVeOXJtP3s/Oq5dQ
-> ssh-ed25519 PT7ffg gCIyIxT2gwbeZt3r1cD3o8u3J7YCVWclQHXyeBNmnRQ
+APIPxlAIUeuWk5EwkI356ZTbDZ1mQirN3lRRXpZqYo
--- Z1vjBtt8aIsDlSzXdaIM7CWWZTqKORHsHn4M8PN5Ue4
¢nlü¹dÏ“4îþŽ+«®Ä¬YÙhëkál[QœGA®²MÉü°Ä½ÈØj^òÆ
{¿w=<¨2öƒYa
J@ðë]©ŽùzuŠºM2þ0¾Ñ0“ɘ<62>Éu¯)-\Y…¾<>À q"a<19>Ä ˆò¥
k<EFBFBD>lwÂ

BIN
secrets/octodns.age
View File

Binary file not shown.

BIN
secrets/readeck.age
View File

Binary file not shown.

2
secrets/secrets.nix
View File

@@ -44,4 +44,6 @@ in
"context7.age".publicKeys = users ++ [ radish ];
"gitea.age".publicKeys = users ++ [ freun-dev ];
"gitea-actions-runner.age".publicKeys = users ++ [ freun-dev ];
"invidious-companion.age".publicKeys = users ++ [ apu ];
"invidious.age".publicKeys = users ++ [ freun-dev ];
}

BIN
secrets/smtp-password.age
View File

Binary file not shown.

16
secrets/storage-box-credentials.age
View File

@@ -1,9 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 osOCZA Mq3JCuYFasHg3oSpWgGEjs5+cleWPog/eJCx1SqqXVQ
SiJ8vHCSZoyhvbQQ3AUOGk54oOQZAqyNNvjRjKHm4Fg
-> ssh-ed25519 DFiohQ xEJMTBuU1uMm3goNGUln63rUbddy96+SZR8K+/LkMB4
hFWZe+w2h6sxitweJ+dRNb6HY7YFt1k+/XDVNoDVw0Y
-> ssh-ed25519 PT7ffg ErmwKHYuFoIS8rjMeq/5G6SWKaUhHG/N1Uy/KK7yZXU
/Iz1mQp8mq7xH+kjP4S5m36GjTpzVRv40mcKPT+5rcc
--- 82a4oeNSWQhUtTJvV+ErC9nmT3YrATezQzY7m8G2JFU
aë‡*1¾êr¤ÏDwzŸ¨ *ŸÓ‡ê=®^¨ERÕÞ?Ž<08>b¡ô&`i¸˜¼`^lØ6N÷á4¦Œ S½î-‰þÑ¥ Ù
-> ssh-ed25519 osOCZA PDFhOJbsfxCd5u8kqaeCMyFkeAYwRZriF1/OaF/4NU4
4D63DStz2EiqVqKs75v2WqZb5yFJC6dyNw9g2Ew7flA
-> ssh-ed25519 DFiohQ LedJzIxbcY0X/avsMfMmpFf+bzobyqVQbCJq+EzWiwg
CNJIzwEETb9fkcnwUD6wSlhVEgXsZCX2vceHVWHC1lA
-> ssh-ed25519 PT7ffg DdwjbqndzOwW9T8KR3HAWuL11UaGLwBLUl9Xistu8WY
gBJSXMjqYsebwey4b0gT1Xv0FSsw6cLuQ09fOuOaDJQ
--- mcc4EdBkqiYh1L9QQV3wTQCnZDdxqCOLzkp4eNu3TDQ
!%ÛH0cSô¨ôÀÈ;¥èÙœCmk…<f¥¶_Yð

BIN
secrets/vaultwarden.age
View File

Binary file not shown.

BIN
secrets/voidauth.age
View File

Binary file not shown.

BIN
secrets/wpa_supplicant.age
View File

Binary file not shown.