repomaa/nixos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: repomaa:main
Branches Tags
repomaa:main repomaa:tech/native-immich-module repomaa:refactor
..
compare: repomaa:d6cb5fa99b0f5d65e19117c1b26a7d6cc30442fe
Branches Tags
repomaa:main repomaa:tech/native-immich-module repomaa:refactor

1 Commits
main ... d6cb5fa99b

Author SHA1 Message Date
Joakim Repomaa
d6cb5fa99b fix push image step
Some checks failed
Check / check (push) Successful in 3m35s
Details
Build Images / build (push) Failing after 1m4s
Details
2026-02-22 17:44:44 +02:00
60 changed files with 438 additions and 1732 deletions
Expand all files Collapse all files

17
.gitea/workflows/build-images.yml
View File

@@ -19,6 +19,8 @@ jobs:
- name: Push to Gitea Registry - name: Push to Gitea Registry
if: github.event_name == 'push' && github.ref == 'refs/heads/main' if: github.event_name == 'push' && github.ref == 'refs/heads/main'
env:
GITEA_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: | run: |
REGISTRY="${{ github.server_url }}" REGISTRY="${{ github.server_url }}"
REGISTRY="${REGISTRY#https://}" REGISTRY="${REGISTRY#https://}"
@@ -27,12 +29,13 @@ jobs:
# Push aarch64 image # Push aarch64 image
skopeo copy \ skopeo copy \
--insecure-policy \ --insecure-policy \
--dest-creds "${{ github.repository_owner }}:${{ secrets.REGISTRY_TOKEN }}" \ --dest-creds "${{ github.actor }}:${GITEA_TOKEN}" \
"docker-archive:./image-aarch64.tar.gz" \
"docker://${REGISTRY}/${{ github.repository }}/node:latest"
skopeo copy \
--insecure-policy \
--dest-creds "${{ github.repository_owner }}:${{ secrets.REGISTRY_TOKEN }}" \
"docker-archive:./image-aarch64.tar.gz" \ "docker-archive:./image-aarch64.tar.gz" \
"docker://${REGISTRY}/${{ github.repository }}/node:latest-arm64" "docker://${REGISTRY}/${{ github.repository }}/node:latest-arm64"
# Create and push manifest for arm64
skopeo manifest create \
--insecure-policy \
--dest-creds "${{ github.actor }}:${GITEA_TOKEN}" \
"docker://${REGISTRY}/${{ github.repository }}/node:latest" \
"docker://${REGISTRY}/${{ github.repository }}/node:latest-arm64"

14
.zed/tasks.json
View File

@@ -6,7 +6,7 @@
"allow_concurrent_runs": true, "allow_concurrent_runs": true,
"reveal": "no_focus", "reveal": "no_focus",
"reveal_target": "dock", "reveal_target": "dock",
"hide": "on_success", "hide": "on_success"
}, },
{ {
"label": "Apply remote", "label": "Apply remote",
@@ -16,26 +16,26 @@
"allow_concurrent_runs": true, "allow_concurrent_runs": true,
"reveal": "no_focus", "reveal": "no_focus",
"reveal_target": "dock", "reveal_target": "dock",
"hide": "on_success", "hide": "on_success"
}, },
{ {
"label": "Apply on freun-dev", "label": "Apply on freun-dev",
"command": "apply", "command": "apply",
"args": ["--on", "freun-dev"], "args": ["--build-on-target", "--on", "freun-dev"],
"use_new_terminal": false, "use_new_terminal": false,
"allow_concurrent_runs": true, "allow_concurrent_runs": true,
"reveal": "no_focus", "reveal": "no_focus",
"reveal_target": "dock", "reveal_target": "dock",
"hide": "on_success", "hide": "on_success"
}, },
{ {
"label": "Apply on apu", "label": "Apply on apu",
"command": "apply", "command": "apply",
"args": ["--on", "apu"], "args": ["--build-on-target", "--on", "apu"],
"use_new_terminal": false, "use_new_terminal": false,
"allow_concurrent_runs": true, "allow_concurrent_runs": true,
"reveal": "no_focus", "reveal": "no_focus",
"reveal_target": "dock", "reveal_target": "dock",
"hide": "on_success", "hide": "on_success"
}, }
] ]

2
README.md
View File

@@ -1,3 +1,3 @@
# My NixOS Configurations # My NixOS Configurations
[![check workflow status](https://git.freun.dev/repomaa/nixos/actions/workflows/check.yml/badge.svg)](https://git.freun.dev/repomaa/nixos/actions?workflow=check.yml) [![build images workflow status](https://git.freun.dev/repomaa/nixos/actions/workflows/build-images.yml/badge.svg)](https://git.freun.dev/repomaa/nixos/actions?workflow=build-images.yml) [![builds.sr.ht status](https://builds.sr.ht/~repomaa/NixOS.svg)](https://builds.sr.ht/~repomaa/NixOS?)

127
flake.lock generated
View File

@@ -49,11 +49,11 @@
}, },
"crane": { "crane": {
"locked": { "locked": {
"lastModified": 1771796463, "lastModified": 1771121070,
"narHash": "sha256-9bCDuUzpwJXcHMQYMS1yNuzYMmKO/CCwCexpjWOl62I=", "narHash": "sha256-aIlv7FRXF9q70DNJPI237dEDAznSKaXmL5lfK/Id/bI=",
"owner": "ipetkov", "owner": "ipetkov",
"repo": "crane", "repo": "crane",
"rev": "3d3de3313e263e04894f284ac18177bd26169bad", "rev": "a2812c19f1ed2e5ed5ce2ef7109798b575c180e1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -87,11 +87,11 @@
"dnote": { "dnote": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1772691105, "lastModified": 1765604939,
"narHash": "sha256-RC18Gi3/dagBitZIRIuPwIokk6pwwv+ZpawLTXSJ18c=", "narHash": "sha256-5+grN/dsqRRFzUkz6ksvuEhgi4lYq64Rd0fejqzz8/Y=",
"owner": "dnote", "owner": "dnote",
"repo": "dnote", "repo": "dnote",
"rev": "f34a96abbe47e8b516ea7cac2bdec06c64c01493", "rev": "9fa312e3fc6139788533ca6cd1ada8c16a10519c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -137,11 +137,11 @@
"nixpkgs-lib": "nixpkgs-lib" "nixpkgs-lib": "nixpkgs-lib"
}, },
"locked": { "locked": {
"lastModified": 1772408722, "lastModified": 1769996383,
"narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=", "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3", "rev": "57928607ea566b5db3ad13af0e57e921e6b12381",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -273,24 +273,6 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_6": {
"inputs": {
"systems": "systems_6"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"frontend": { "frontend": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_2", "flake-utils": "flake-utils_2",
@@ -404,11 +386,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1772633058, "lastModified": 1770260404,
"narHash": "sha256-SO7JapRy2HPhgmqiLbfnW1kMx5rakPMKZ9z3wtRLQjI=", "narHash": "sha256-3iVX1+7YUIt23hBx1WZsUllhbmP2EnXrV8tCRbLxHc8=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "080657a04188aca25f8a6c70a0fb2ea7e37f1865", "rev": "0d782ee42c86b196acff08acfbf41bb7d13eed5b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -463,11 +445,11 @@
"rust-overlay": "rust-overlay" "rust-overlay": "rust-overlay"
}, },
"locked": { "locked": {
"lastModified": 1772216104, "lastModified": 1771492583,
"narHash": "sha256-1TnGN26vnCEQk5m4AavJZxGZTb/6aZyphemRPRwFUfs=", "narHash": "sha256-nQzvnU4BGu8dA6BsPPCqmVcab/3ebVmHtX3ZWbW3Hxc=",
"owner": "nix-community", "owner": "nix-community",
"repo": "lanzaboote", "repo": "lanzaboote",
"rev": "dbe5112de965bbbbff9f0729a9789c20a65ab047", "rev": "5e9380994665ef66c87ab8e22c913ff837174ce4",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -499,11 +481,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1771969195, "lastModified": 1771423359,
"narHash": "sha256-qwcDBtrRvJbrrnv1lf/pREQi8t2hWZxVAyeMo7/E9sw=", "narHash": "sha256-yRKJ7gpVmXbX2ZcA8nFi6CMPkJXZGjie2unsiMzj3Ig=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "41c6b421bdc301b2624486e11905c9af7b8ec68e", "rev": "740a22363033e9f1bb6270fbfb5a9574067af15b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -531,11 +513,11 @@
}, },
"nixpkgs-lib": { "nixpkgs-lib": {
"locked": { "locked": {
"lastModified": 1772328832, "lastModified": 1769909678,
"narHash": "sha256-e+/T/pmEkLP6BHhYjx6GmwP5ivonQQn0bJdH9YrRB+Q=", "narHash": "sha256-cBEymOf4/o3FD5AZnzC3J9hLbiZ+QDT/KDuyHXVJOpM=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixpkgs.lib", "repo": "nixpkgs.lib",
"rev": "c185c7a5e5dd8f9add5b2f8ebeff00888b070742", "rev": "72716169fe93074c333e8d0173151350670b824c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -570,11 +552,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1772624091, "lastModified": 1771369470,
"narHash": "sha256-QKyJ0QGWBn6r0invrMAK8dmJoBYWoOWy7lN+UHzW1jc=", "narHash": "sha256-0NBlEBKkN3lufyvFegY4TYv5mCNHbi5OmBDrzihbBMQ=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "80bdc1e5ce51f56b19791b52b2901187931f5353", "rev": "0182a361324364ae3f436a63005877674cf45efb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -602,11 +584,11 @@
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1771848320, "lastModified": 1771008912,
"narHash": "sha256-0MAd+0mun3K/Ns8JATeHT1sX28faLII5hVLq0L3BdZU=", "narHash": "sha256-gf2AmWVTs8lEq7z/3ZAsgnZDhWIckkb+ZnAo5RzSxJg=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "2fc6539b481e1d2569f25f8799236694180c0993", "rev": "a82ccc39b39b621151d6732718e3e250109076fa",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -618,11 +600,11 @@
}, },
"nixpkgs_4": { "nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1772598333, "lastModified": 1771419570,
"narHash": "sha256-YaHht/C35INEX3DeJQNWjNaTcPjYmBwwjFJ2jdtr+5U=", "narHash": "sha256-bxAlQgre3pcQcaRUm/8A0v/X8d2nhfraWSFqVmMcBcU=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "fabb8c9deee281e50b1065002c9828f2cf7b2239", "rev": "6d41bc27aaf7b6a3ba6b169db3bd5d6159cfaa47",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -661,11 +643,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1771858127, "lastModified": 1770726378,
"narHash": "sha256-Gtre9YoYl3n25tJH2AoSdjuwcqij5CPxL3U3xysYD08=", "narHash": "sha256-kck+vIbGOaM/dHea7aTBxdFYpeUl/jHOy5W3eyRvVx8=",
"owner": "cachix", "owner": "cachix",
"repo": "pre-commit-hooks.nix", "repo": "pre-commit-hooks.nix",
"rev": "49bbbfc218bf3856dfa631cead3b052d78248b83", "rev": "5eaaedde414f6eb1aea8b8525c466dc37bba95ae",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -693,7 +675,6 @@
"tonearm": "tonearm", "tonearm": "tonearm",
"turny": "turny", "turny": "turny",
"voidauth": "voidauth", "voidauth": "voidauth",
"voxtype": "voxtype",
"workout-sync": "workout-sync" "workout-sync": "workout-sync"
} }
}, },
@@ -705,11 +686,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1771988922, "lastModified": 1771125043,
"narHash": "sha256-Fc6FHXtfEkLtuVJzd0B6tFYMhmcPLuxr90rWfb/2jtQ=", "narHash": "sha256-ldf/s49n6rOAxl7pYLJGGS1N/assoHkCOWdEdLyNZkc=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "f4443dc3f0b6c5e6b77d923156943ce816d1fcb9", "rev": "4912f951a26dc8142b176be2c2ad834319dc06e8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -825,21 +806,6 @@
"type": "github" "type": "github"
} }
}, },
"systems_6": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"tonearm": { "tonearm": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_5", "flake-utils": "flake-utils_5",
@@ -906,27 +872,6 @@
"type": "github" "type": "github"
} }
}, },
"voxtype": {
"inputs": {
"flake-utils": "flake-utils_6",
"nixpkgs": [
"nixpkgs-unstable"
]
},
"locked": {
"lastModified": 1772443545,
"narHash": "sha256-oD3lameQXilKcgxQORR2l0+iDbnCO61+mjYD3MEVbuQ=",
"owner": "peteonrails",
"repo": "voxtype",
"rev": "d011f3ff074a6a14c14e75fefb375a408e9e8887",
"type": "github"
},
"original": {
"owner": "peteonrails",
"repo": "voxtype",
"type": "github"
}
},
"workout-sync": { "workout-sync": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [

4
flake.nix
View File

@@ -56,10 +56,6 @@
inputs.nixpkgs.follows = "nixpkgs-unstable"; inputs.nixpkgs.follows = "nixpkgs-unstable";
inputs.flake-parts.follows = "flake-parts"; inputs.flake-parts.follows = "flake-parts";
}; };
voxtype = {
url = "github:peteonrails/voxtype";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
}; };
outputs = outputs =
{ {

307
home/common/default.nix
View File

@@ -1,6 +1,5 @@
{ {
config, config,
osConfig,
lib, lib,
pkgs, pkgs,
pkgs-unstable, pkgs-unstable,
@@ -13,12 +12,9 @@
../gnome ../gnome
./dnote.nix ./dnote.nix
../modules/zed ../modules/zed
../modules/voxtype
../modules/elephant
./secrets.nix ./secrets.nix
inputs.hastebin.nixosModules.hm inputs.hastebin.nixosModules.hm
inputs.agenix.homeManagerModules.default inputs.agenix.homeManagerModules.default
inputs.voxtype.homeManagerModules.default
]; ];
# This value determines the Home Manager release that your configuration is # This value determines the Home Manager release that your configuration is
@@ -30,9 +26,7 @@
# release notes. # release notes.
home.stateVersion = "23.11"; # Please read the comment before changing. home.stateVersion = "23.11"; # Please read the comment before changing.
home.packages = home.packages = with pkgs; [
with pkgs;
[
htop htop
gnupg gnupg
pkgs-unstable.yubioath-flutter pkgs-unstable.yubioath-flutter
@@ -45,9 +39,7 @@
source-sans-pro source-sans-pro
mosh mosh
docker-compose docker-compose
(signal-desktop.override { signal-desktop
commandLineArgs = "--password-store=gnome-libsecret";
})
cargo cargo
blanket blanket
wl-clipboard wl-clipboard
@@ -87,11 +79,12 @@
pkgs-unstable.devbox pkgs-unstable.devbox
pkgs-unstable.feishin pkgs-unstable.feishin
openscad openscad
pkgs-unstable.walker
pkgs-unstable.shairport-sync-airplay2 pkgs-unstable.shairport-sync-airplay2
(writeShellScriptBin "pw" '' (writeShellScriptBin "pw" ''
${lib.getExe rbw} ls --fields 'id,folder,name' | \ ${lib.getExe rbw} ls --fields 'id,folder,name' | \
${lib.getExe gawk} -F '\t' '{print $1 "\t" ($2 == "" ? "" : $2 "/") $3}' | \ ${lib.getExe gawk} -F '\t' '{print $1 "\t" ($2 == "" ? "" : $2 "/") $3}' | \
${lib.getExe config.services.walker.package} -d -l 2 | \ ${lib.getExe pkgs-unstable.walker} -d -l 2 | \
xargs ${lib.getExe rbw} get "$@" | ${lib.getExe' wl-clipboard "wl-copy"} xargs ${lib.getExe rbw} get "$@" | ${lib.getExe' wl-clipboard "wl-copy"}
'') '')
(google-fonts.override { fonts = [ "Tajawal" ]; }) (google-fonts.override { fonts = [ "Tajawal" ]; })
@@ -101,101 +94,9 @@
'') '')
pkgs-unstable.tidal-hifi pkgs-unstable.tidal-hifi
inputs.tonearm.packages.${pkgs.stdenv.hostPlatform.system}.tonearm inputs.tonearm.packages.${pkgs.stdenv.hostPlatform.system}.tonearm
blueman ];
pavucontrol
(writeShellScriptBin "voxtoggle" ''
status=$(${lib.getExe config.programs.voxtype.package} status)
pid=$(cat ''${XDG_RUNTIME_DIR}/voxtype/pid)
if [[ "$status" == "stopped" ]]; then
exit 1
elif [[ "$status" == "recording" ]]; then
kill -SIGUSR2 "$pid"
else
kill -SIGUSR1 "$pid"
fi
'')
]
++ lib.optional osConfig.programs.niri.enable (
pkgs.writeShellScriptBin "handle-lid-close" ''
alias niri=${lib.getExe osConfig.programs.niri.package}
output_count=$(niri outputs | ${lib.getExe jq} -r 'length')
if [ "$output_count" -eq 1 ]; then
niri msg action spawn hyprlock
systemctl suspend
fi
''
);
programs = { programs = {
ashell = {
enable = true;
package = pkgs-unstable.ashell;
systemd = {
enable = true;
target = "graphical-session.target";
};
settings = {
modules = {
left = [ "Workspaces" ];
center = [ "WindowTitle" ];
right = [
"CustomNotifications"
"SystemInfo"
[
"Clock"
"Privacy"
"Settings"
]
];
};
settings = {
lock_cmd = "hyprlock &";
logout_cmd = "niri msg action quit";
audio_sinks_more_cmd = "pavucontrol -t 3";
audio_sources_more_cmd = "pavucontrol -t 4";
bluetooth_more_cmd = "blueman-manager";
CustomButton =
let
isDark = lib.getExe (
pkgs.writeShellScriptBin "is-dark" ''
gsettings get org.gnome.desktop.interface color-scheme | grep -q dark
''
);
toggleDark = lib.getExe (
pkgs.writeShellScriptBin "toggle-dark" ''
if ${isDark}; then
gsettings set org.gnome.desktop.interface color-scheme 'prefer-light'
else
gsettings set org.gnome.desktop.interface color-scheme 'prefer-dark'
fi
''
);
in
[
{
name = "Dark Mode";
icon = " ";
command = toggleDark;
status_command = isDark;
}
];
};
CustomModule = [
{
name = "CustomNotifications";
type = "Button";
icon = " ";
command = "swaync-client -t -sw";
listen_cmd = "swaync-client -swb";
icons."dnd.*" = " ";
alert = ".*notification";
}
];
};
};
nh = { nh = {
enable = true; enable = true;
flake = self; flake = self;
@@ -424,6 +325,7 @@
}; };
}; };
"apu" = { "apu" = {
hostname = "apu.tempel-vibes.ts.net";
user = "root"; user = "root";
}; };
}; };
@@ -525,81 +427,6 @@
enable = true; enable = true;
defaultEditor = true; defaultEditor = true;
}; };
hyprlock = {
enable = true;
package = pkgs-unstable.hyprlock;
settings = {
general = {
hide_cursor = true;
ignore_empty_input = true;
};
background = {
monitor = "";
path = "screenshot";
blur_passes = 3;
};
input-field = {
size = "20%, 5%";
monitor = "";
dots_center = true;
fade_on_empty = false;
rounding = 15;
shadow_passes = 2;
outline_thickness = 2;
placeholder_text = "Password...";
fail_text = "$PAMFAIL";
dots_spacing = "0.3";
position = "0, -20";
halign = "center";
valign = "center";
};
};
};
voxtype = {
enable = true;
package = inputs.voxtype.packages.${pkgs.stdenv.hostPlatform.system}.vulkan;
model.name = "large-v3-turbo";
service.enable = true;
settings = {
hotkey.enabled = false;
whisper.language = "auto";
output.notification = {
on_recording_start = false;
on_recording_stop = false;
on_transcription = false;
};
};
postProcessing = {
enable = true;
settings = {
model = "qwen3:4b-instruct";
commonInstructions = "no quotes, no emojis, no explanations";
prompts = [
{
title = "Clean up";
instructions = "Clean up this dictation. Remove filler words, fix grammar and punctuation. Output ONLY the cleaned text";
}
{
title = "Make a title";
instructions = "Make a concise and descriptive title for this dictation. Output ONLY the title";
}
{
title = "Summarize";
instructions = "Summarize this dictation in a few sentences. Output ONLY the summary";
}
{
title = "Commit message";
instructions = "Write a concise and descriptive git commit message for this dictation. Output ONLY the commit message";
}
{
title = "Translate to English";
instructions = "Translate this dictation to English. Remove filler words, fix grammar and punctuation. Output ONLY the translation";
}
];
};
};
};
}; };
gnome = { gnome = {
@@ -747,8 +574,7 @@
# #
# /etc/profiles/per-user/jokke/etc/profile.d/hm-session-vars.sh # /etc/profiles/per-user/jokke/etc/profile.d/hm-session-vars.sh
# #
systemd.user.sessionVariables = {
home.sessionVariables = {
NIXOS_OZONE_WL = 1; NIXOS_OZONE_WL = 1;
NVIM_LISTEN_ADDRESS = "$XDG_RUNTIME_DIR/nvimsocket"; NVIM_LISTEN_ADDRESS = "$XDG_RUNTIME_DIR/nvimsocket";
PAGER = "bat --paging=always --style=plain"; PAGER = "bat --paging=always --style=plain";
@@ -757,9 +583,6 @@
DO_NOT_TRACK = 1; DO_NOT_TRACK = 1;
}; };
systemd.user.sessionVariables = lib.mapAttrs (_: v: toString v) config.home.sessionVariables;
programs.zsh.sessionVariables = config.home.sessionVariables;
home.shellAliases = { home.shellAliases = {
_ = "sudo"; _ = "sudo";
icr = "crystal i"; icr = "crystal i";
@@ -770,84 +593,11 @@
ls = "ls --color=auto"; ls = "ls --color=auto";
}; };
services = { services.gpg-agent = with pkgs; {
swaync = {
enable = true;
package = pkgs-unstable.swaynotificationcenter;
settings = {
scripts = {
focus-window =
let
jq = lib.getExe pkgs.jq;
niri = lib.getExe osConfig.programs.niri.package;
script = pkgs.writeShellScriptBin "swaync-focus-window" ''
set -e
APP_NAME="''${SWAYNC_APP_NAME:-}"
DESKTOP_ENTRY="''${SWAYNC_DESKTOP_ENTRY:-}"
APP_ID=""
if [[ -n "$DESKTOP_ENTRY" ]]; then
APP_ID="$DESKTOP_ENTRY"
elif [[ -n "$APP_NAME" ]]; then
APP_ID=$(echo "$APP_NAME" | tr '[:upper:]' '[:lower:]' | sed 's/ //g')
fi
[[ -z "$APP_ID" ]] && exit
# Find window ID for this app in niri and focus it
${jq} -r --arg app_id "$APP_ID" '.[] | select(.app_id | ascii_downcase | contains($app_id)) | .id' \
<(${niri} msg --json windows 2>/dev/null) | head -n1 | while read -r WINDOW_ID; do
if [[ -n "$WINDOW_ID" && "$WINDOW_ID" != "null" ]]; then
${niri} msg action focus-window --id "$WINDOW_ID"
fi
done
'';
in
{
exec = lib.getExe script;
run-on = "action";
};
};
};
};
gpg-agent = with pkgs; {
enable = true; enable = true;
enableSshSupport = true; enableSshSupport = true;
pinentry.package = pinentry-gnome3; pinentry.package = pinentry-gnome3;
}; };
};
services.walker = {
enable = true;
package = pkgs.symlinkJoin {
inherit (pkgs-unstable.walker) name meta;
paths = [ pkgs-unstable.walker ];
nativeBuildInputs = [ pkgs.makeBinaryWrapper ];
postBuild = ''
wrapProgram $out/bin/walker \
--prefix PATH : ${lib.makeBinPath [ config.services.elephant.package ]}
'';
};
systemd = {
enable = true;
};
settings = {
providers = {
default = [
"desktopapplications"
"calc"
"websearch"
"bitwarden"
];
};
};
};
services.elephant.enable = true;
systemd.user.services.walker.Install.WantedBy = lib.mkForce [ "graphical-session.target" ];
systemd.user.services.shairport-sync = { systemd.user.services.shairport-sync = {
Unit = { Unit = {
@@ -876,12 +626,11 @@
xdg.configFile."opencode/opencode.jsonc".text = builtins.toJSON { xdg.configFile."opencode/opencode.jsonc".text = builtins.toJSON {
"$schema" = "https://opencode.ai/config.json"; "$schema" = "https://opencode.ai/config.json";
model = "opencode-go/glm-5"; model = "opencode/kimi-k2.5";
small_model = "opencode-go/kimi-k2.5"; small_model = "opencode/minimax-m2.1";
agent = { agent = {
explore.model = "opencode-go/kimi-k2.5"; explore.model = "opencode/minimax-m2.1";
}; };
theme = "system";
lsp = { lsp = {
ruby-lsp = { ruby-lsp = {
initialization = { initialization = {
@@ -916,6 +665,7 @@
"bundle" "bundle"
"exec" "exec"
"ruby-lsp" "ruby-lsp"
"--lsp"
]; ];
}; };
rubocop = { rubocop = {
@@ -931,20 +681,27 @@
".haml" ".haml"
]; ];
}; };
nil = {
command = [
(lib.getExe pkgs.nil)
];
extensions = [ ".nix" ];
};
ameba-ls = {
command = [
(lib.getExe pkgs-unstable.ameba-ls)
];
extensions = [ ".cr" ];
};
}; };
mcp = { mcp = {
memory = {
type = "local";
command = [
"npx"
"-y"
"@modelcontextprotocol/server-memory"
];
};
browser = {
type = "local";
command = [
"npx"
"-y"
"@agent-infra/mcp-server-browser"
"--headless"
"--executable-path"
(lib.getExe pkgs-unstable.chromium)
];
};
context7 = { context7 = {
type = "remote"; type = "remote";
url = "https://mcp.context7.com/mcp"; url = "https://mcp.context7.com/mcp";
@@ -956,8 +713,6 @@
}; };
}; };
xdg.configFile."niri/config.kdl".source = ./dotfiles/niri.kdl;
gnome.automaticTimeZone = true; gnome.automaticTimeZone = true;
gtk.enable = true; gtk.enable = true;

641
home/common/dotfiles/niri.kdl
View File

@@ -1,641 +0,0 @@
// This config is in the KDL format: https://kdl.dev
// "/-" comments out the following node.
// Check the wiki for a full description of the configuration:
// https://niri-wm.github.io/niri/Configuration:-Introduction
// Input device configuration.
// Find the full list of options on the wiki:
// https://niri-wm.github.io/niri/Configuration:-Input
input {
keyboard {
xkb {
// You can set rules, model, layout, variant and options.
// For more information, see xkeyboard-config(7).
layout "us"
variant "altgr-intl"
// For example:
// layout "us,ru"
// options "grp:win_space_toggle,compose:ralt,ctrl:nocaps"
// If this section is empty, niri will fetch xkb settings
// from org.freedesktop.locale1. You can control these using
// localectl set-x11-keymap.
}
// Enable numlock on startup, omitting this setting disables it.
numlock
}
// Next sections include libinput settings.
// Omitting settings disables them, or leaves them at their default values.
// All commented-out settings here are examples, not defaults.
touchpad {
// off
tap
dwt
dwtp
// drag false
// drag-lock
natural-scroll
// accel-speed 0.2
// accel-profile "flat"
// scroll-method "two-finger"
// disabled-on-external-mouse
}
mouse {
// off
// natural-scroll
// accel-speed 0.2
// accel-profile "flat"
// scroll-method "no-scroll"
}
trackpoint {
// off
// natural-scroll
// accel-speed 0.2
// accel-profile "flat"
// scroll-method "on-button-down"
// scroll-button 273
// scroll-button-lock
// middle-emulation
}
// Uncomment this to make the mouse warp to the center of newly focused windows.
// warp-mouse-to-focus
// Focus windows and outputs automatically when moving the mouse into them.
// Setting max-scroll-amount="0%" makes it work only on windows already fully on screen.
focus-follows-mouse max-scroll-amount="10%"
}
// You can configure outputs by their name, which you can find
// by running `niri msg outputs` while inside a niri instance.
// The built-in laptop monitor is usually called "eDP-1".
// Find more information on the wiki:
// https://niri-wm.github.io/niri/Configuration:-Outputs
// Remember to uncomment the node by removing "/-"!
output "eDP-1" {
// Uncomment this line to disable this output.
// off
// Resolution and, optionally, refresh rate of the output.
// The format is "<width>x<height>" or "<width>x<height>@<refresh rate>".
// If the refresh rate is omitted, niri will pick the highest refresh rate
// for the resolution.
// If the mode is omitted altogether or is invalid, niri will pick one automatically.
// Run `niri msg outputs` while inside a niri instance to list all outputs and their modes.
// mode "1920x1080@120.030"
// You can use integer or fractional scale, for example use 1.5 for 150% scale.
scale 1.5
// Transform allows to rotate the output counter-clockwise, valid values are:
// normal, 90, 180, 270, flipped, flipped-90, flipped-180 and flipped-270.
// transform "normal"
// Position of the output in the global coordinate space.
// This affects directional monitor actions like "focus-monitor-left", and cursor movement.
// The cursor can only move between directly adjacent outputs.
// Output scale and rotation has to be taken into account for positioning:
// outputs are sized in logical, or scaled, pixels.
// For example, a 3840×2160 output with scale 2.0 will have a logical size of 1920×1080,
// so to put another output directly adjacent to it on the right, set its x to 1920.
// If the position is unset or results in an overlap, the output is instead placed
// automatically.
// position x=1280 y=0
}
output "DP-5" {
scale 1
}
output "DP-3" {
scale 1.2
}
// Settings that influence how windows are positioned and sized.
// Find more information on the wiki:
// https://niri-wm.github.io/niri/Configuration:-Layout
layout {
// Set gaps around windows in logical pixels.
gaps 5
// When to center a column when changing focus, options are:
// - "never", default behavior, focusing an off-screen column will keep at the left
// or right edge of the screen.
// - "always", the focused column will always be centered.
// - "on-overflow", focusing a column will center it if it doesn't fit
// together with the previously focused column.
center-focused-column "never"
// You can customize the widths that "switch-preset-column-width" (Mod+R) toggles between.
preset-column-widths {
// Proportion sets the width as a fraction of the output width, taking gaps into account.
// For example, you can perfectly fit four windows sized "proportion 0.25" on an output.
// The default preset widths are 1/3, 1/2 and 2/3 of the output.
proportion 0.33333
proportion 0.5
proportion 0.66667
// Fixed sets the width in logical pixels exactly.
// fixed 1920
}
// You can also customize the heights that "switch-preset-window-height" (Mod+Shift+R) toggles between.
// preset-window-heights { }
// You can change the default width of the new windows.
default-column-width { proportion 0.5; }
// If you leave the brackets empty, the windows themselves will decide their initial width.
// default-column-width {}
// By default focus ring and border are rendered as a solid background rectangle
// behind windows. That is, they will show up through semitransparent windows.
// This is because windows using client-side decorations can have an arbitrary shape.
//
// If you don't like that, you should uncomment `prefer-no-csd` below.
// Niri will draw focus ring and border *around* windows that agree to omit their
// client-side decorations.
//
// Alternatively, you can override it with a window rule called
// `draw-border-with-background`.
// You can change how the focus ring looks.
focus-ring {
// Uncomment this line to disable the focus ring.
// off
// How many logical pixels the ring extends out from the windows.
width 4
// Colors can be set in a variety of ways:
// - CSS named colors: "red"
// - RGB hex: "#rgb", "#rgba", "#rrggbb", "#rrggbbaa"
// - CSS-like notation: "rgb(255, 127, 0)", rgba(), hsl() and a few others.
// Color of the ring on the active monitor.
active-color "#7fc8ff"
// Color of the ring on inactive monitors.
//
// The focus ring only draws around the active window, so the only place
// where you can see its inactive-color is on other monitors.
inactive-color "#505050"
// You can also use gradients. They take precedence over solid colors.
// Gradients are rendered the same as CSS linear-gradient(angle, from, to).
// The angle is the same as in linear-gradient, and is optional,
// defaulting to 180 (top-to-bottom gradient).
// You can use any CSS linear-gradient tool on the web to set these up.
// Changing the color space is also supported, check the wiki for more info.
//
// active-gradient from="#80c8ff" to="#c7ff7f" angle=45
// You can also color the gradient relative to the entire view
// of the workspace, rather than relative to just the window itself.
// To do that, set relative-to="workspace-view".
//
// inactive-gradient from="#505050" to="#808080" angle=45 relative-to="workspace-view"
}
// You can also add a border. It's similar to the focus ring, but always visible.
border {
// The settings are the same as for the focus ring.
// If you enable the border, you probably want to disable the focus ring.
off
width 4
active-color "#ffc87f"
inactive-color "#505050"
// Color of the border around windows that request your attention.
urgent-color "#9b0000"
// Gradients can use a few different interpolation color spaces.
// For example, this is a pastel rainbow gradient via in="oklch longer hue".
//
// active-gradient from="#e5989b" to="#ffb4a2" angle=45 relative-to="workspace-view" in="oklch longer hue"
// inactive-gradient from="#505050" to="#808080" angle=45 relative-to="workspace-view"
}
// You can enable drop shadows for windows.
shadow {
// Uncomment the next line to enable shadows.
// on
// By default, the shadow draws only around its window, and not behind it.
// Uncomment this setting to make the shadow draw behind its window.
//
// Note that niri has no way of knowing about the CSD window corner
// radius. It has to assume that windows have square corners, leading to
// shadow artifacts inside the CSD rounded corners. This setting fixes
// those artifacts.
//
// However, instead you may want to set prefer-no-csd and/or
// geometry-corner-radius. Then, niri will know the corner radius and
// draw the shadow correctly, without having to draw it behind the
// window. These will also remove client-side shadows if the window
// draws any.
//
// draw-behind-window true
// You can change how shadows look. The values below are in logical
// pixels and match the CSS box-shadow properties.
// Softness controls the shadow blur radius.
softness 30
// Spread expands the shadow.
spread 5
// Offset moves the shadow relative to the window.
offset x=0 y=5
// You can also change the shadow color and opacity.
color "#0007"
}
// Struts shrink the area occupied by windows, similarly to layer-shell panels.
// You can think of them as a kind of outer gaps. They are set in logical pixels.
// Left and right struts will cause the next window to the side to always be visible.
// Top and bottom struts will simply add outer gaps in addition to the area occupied by
// layer-shell panels and regular gaps.
struts {
// left 64
// right 64
// top 64
// bottom 64
}
}
// Add lines like this to spawn processes at startup.
// Note that running niri as a session supports xdg-desktop-autostart,
// which may be more convenient to use.
// See the binds section below for more spawn examples.
//spawn-at-startup "systemctl start --user niri-session.target"
// To run a shell command (with variables, pipes, etc.), use spawn-sh-at-startup:
// spawn-sh-at-startup "qs -c ~/source/qs/MyAwesomeShell"
hotkey-overlay {
// Uncomment this line to disable the "Important Hotkeys" pop-up at startup.
skip-at-startup
}
// Uncomment this line to ask the clients to omit their client-side decorations if possible.
// If the client will specifically ask for CSD, the request will be honored.
// Additionally, clients will be informed that they are tiled, removing some client-side rounded corners.
// This option will also fix border/focus ring drawing behind some semitransparent windows.
// After enabling or disabling this, you need to restart the apps for this to take effect.
// prefer-no-csd
// You can change the path where screenshots are saved.
// A ~ at the front will be expanded to the home directory.
// The path is formatted with strftime(3) to give you the screenshot date and time.
screenshot-path "~/Pictures/Screenshots/Screenshot from %Y-%m-%d %H-%M-%S.png"
// You can also set this to null to disable saving screenshots to disk.
// screenshot-path null
// Animation settings.
// The wiki explains how to configure individual animations:
// https://niri-wm.github.io/niri/Configuration:-Animations
animations {
// Uncomment to turn off all animations.
// off
// Slow down all animations by this factor. Values below 1 speed them up instead.
// slowdown 3.0
}
// Window rules let you adjust behavior for individual windows.
// Find more information on the wiki:
// https://niri-wm.github.io/niri/Configuration:-Window-Rules
// Work around WezTerm's initial configure bug
// by setting an empty default-column-width.
window-rule {
// This regular expression is intentionally made as specific as possible,
// since this is the default config, and we want no false positives.
// You can get away with just app-id="wezterm" if you want.
match app-id=r#"^org\.wezfurlong\.wezterm$"#
default-column-width {}
}
// Open the Firefox picture-in-picture player as floating by default.
window-rule {
// This app-id regular expression will work for both:
// - host Firefox (app-id is "firefox")
// - Flatpak Firefox (app-id is "org.mozilla.firefox")
match app-id=r#"firefox$"# title="^Picture-in-Picture$"
open-floating true
}
// Example: block out two password managers from screen capture.
// (This example rule is commented out with a "/-" in front.)
/-window-rule {
match app-id=r#"^org\.keepassxc\.KeePassXC$"#
match app-id=r#"^org\.gnome\.World\.Secrets$"#
block-out-from "screen-capture"
// Use this instead if you want them visible on third-party screenshot tools.
// block-out-from "screencast"
}
// Example: enable rounded corners for all windows.
// (This example rule is commented out with a "/-" in front.)
window-rule {
geometry-corner-radius 14
clip-to-geometry true
}
binds {
// Keys consist of modifiers separated by + signs, followed by an XKB key name
// in the end. To find an XKB name for a particular key, you may use a program
// like wev.
//
// "Mod" is a special modifier equal to Super when running on a TTY, and to Alt
// when running as a winit window.
//
// Most actions that you can bind here can also be invoked programmatically with
// `niri msg action do-something`.
// Mod-Shift-/, which is usually the same as Mod-?,
// shows a list of important hotkeys.
Mod+Shift+Slash { show-hotkey-overlay; }
// Suggested binds for running programs: terminal, app launcher, screen locker.
Mod+Return hotkey-overlay-title="Open a Terminal: kitty" { spawn "kitty"; }
Mod+Z hotkey-overlay-title="Open a launcher: walker" { spawn "walker"; }
Mod+Space { spawn "voxtoggle"; }
Mod+Alt+L hotkey-overlay-title="Lock the Screen: hyprlock" { spawn "hyprlock"; }
// Use spawn-sh to run a shell command. Do this if you need pipes, multiple commands, etc.
// Note: the entire command goes as a single argument. It's passed verbatim to `sh -c`.
// For example, this is a standard bind to toggle the screen reader (orca).
// Super+Alt+S allow-when-locked=true hotkey-overlay-title=null { spawn-sh "pkill orca || exec orca"; }
// Example volume keys mappings for PipeWire & WirePlumber.
// The allow-when-locked=true property makes them work even when the session is locked.
// Using spawn-sh allows to pass multiple arguments together with the command.
// "-l 1.0" limits the volume to 100%.
XF86AudioRaiseVolume allow-when-locked=true { spawn-sh "wpctl set-volume @DEFAULT_AUDIO_SINK@ 0.1+ -l 1.0"; }
XF86AudioLowerVolume allow-when-locked=true { spawn-sh "wpctl set-volume @DEFAULT_AUDIO_SINK@ 0.1-"; }
XF86AudioMute allow-when-locked=true { spawn-sh "wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle"; }
XF86AudioMicMute allow-when-locked=true { spawn-sh "wpctl set-mute @DEFAULT_AUDIO_SOURCE@ toggle"; }
// Example media keys mapping using playerctl.
// This will work with any MPRIS-enabled media player.
XF86AudioPlay allow-when-locked=true { spawn-sh "playerctl play-pause"; }
XF86AudioStop allow-when-locked=true { spawn-sh "playerctl stop"; }
XF86AudioPrev allow-when-locked=true { spawn-sh "playerctl previous"; }
XF86AudioNext allow-when-locked=true { spawn-sh "playerctl next"; }
// Example brightness key mappings for brightnessctl.
// You can use regular spawn with multiple arguments too (to avoid going through "sh"),
// but you need to manually put each argument in separate "" quotes.
XF86MonBrightnessUp allow-when-locked=true { spawn "brightnessctl" "--class=backlight" "set" "+10%"; }
XF86MonBrightnessDown allow-when-locked=true { spawn "brightnessctl" "--class=backlight" "set" "10%-"; }
// Open/close the Overview: a zoomed-out view of workspaces and windows.
// You can also move the mouse into the top-left hot corner,
// or do a four-finger swipe up on a touchpad.
Mod+O repeat=false { toggle-overview; }
Mod+Backspace repeat=false { close-window; }
Mod+Left { focus-column-left; }
Mod+Down { focus-window-down; }
Mod+Up { focus-window-up; }
Mod+Right { focus-column-right; }
Mod+H { focus-column-left; }
Mod+J { focus-window-or-workspace-down; }
Mod+K { focus-window-or-workspace-up; }
Mod+L { focus-column-right; }
Mod+Shift+Left { move-column-left; }
Mod+Shift+Down { move-window-down; }
Mod+Shift+Up { move-window-up; }
Mod+Shift+Right { move-column-right; }
Mod+Shift+H { move-column-left; }
Mod+Shift+J { move-window-down-or-to-workspace-down; }
Mod+Shift+K { move-window-up-or-to-workspace-up; }
Mod+Shift+L { move-column-right; }
Mod+Home { focus-column-first; }
Mod+End { focus-column-last; }
Mod+Shift+Home { move-column-to-first; }
Mod+Shift+End { move-column-to-last; }
Mod+Ctrl+Left { focus-monitor-left; }
Mod+Ctrl+Down { focus-monitor-down; }
Mod+Ctrl+Up { focus-monitor-up; }
Mod+Ctrl+Right { focus-monitor-right; }
Mod+Ctrl+H { focus-monitor-left; }
Mod+Ctrl+J { focus-monitor-down; }
Mod+Ctrl+K { focus-monitor-up; }
Mod+Ctrl+L { focus-monitor-right; }
Mod+Shift+Ctrl+Left { move-column-to-monitor-left; }
Mod+Shift+Ctrl+Down { move-column-to-monitor-down; }
Mod+Shift+Ctrl+Up { move-column-to-monitor-up; }
Mod+Shift+Ctrl+Right { move-column-to-monitor-right; }
Mod+Shift+Ctrl+H { move-column-to-monitor-left; }
Mod+Shift+Ctrl+J { move-column-to-monitor-down; }
Mod+Shift+Ctrl+K { move-column-to-monitor-up; }
Mod+Shift+Ctrl+L { move-column-to-monitor-right; }
// Alternatively, there are commands to move just a single window:
// Mod+Shift+Ctrl+Left { move-window-to-monitor-left; }
// ...
// And you can also move a whole workspace to another monitor:
// Mod+Shift+Ctrl+Left { move-workspace-to-monitor-left; }
// ...
Mod+Page_Down { focus-workspace-down; }
Mod+Page_Up { focus-workspace-up; }
Mod+U { focus-workspace-down; }
Mod+I { focus-workspace-up; }
Mod+Ctrl+Page_Down { move-column-to-workspace-down; }
Mod+Ctrl+Page_Up { move-column-to-workspace-up; }
Mod+Ctrl+U { move-column-to-workspace-down; }
Mod+Ctrl+I { move-column-to-workspace-up; }
// Alternatively, there are commands to move just a single window:
// Mod+Ctrl+Page_Down { move-window-to-workspace-down; }
// ...
Mod+Shift+Page_Down { move-workspace-down; }
Mod+Shift+Page_Up { move-workspace-up; }
Mod+Shift+U { move-workspace-down; }
Mod+Shift+I { move-workspace-up; }
// You can bind mouse wheel scroll ticks using the following syntax.
// These binds will change direction based on the natural-scroll setting.
//
// To avoid scrolling through workspaces really fast, you can use
// the cooldown-ms property. The bind will be rate-limited to this value.
// You can set a cooldown on any bind, but it's most useful for the wheel.
Mod+WheelScrollDown cooldown-ms=150 { focus-workspace-down; }
Mod+WheelScrollUp cooldown-ms=150 { focus-workspace-up; }
Mod+Ctrl+WheelScrollDown cooldown-ms=150 { move-column-to-workspace-down; }
Mod+Ctrl+WheelScrollUp cooldown-ms=150 { move-column-to-workspace-up; }
Mod+WheelScrollRight { focus-column-right; }
Mod+WheelScrollLeft { focus-column-left; }
Mod+Ctrl+WheelScrollRight { move-column-right; }
Mod+Ctrl+WheelScrollLeft { move-column-left; }
// Usually scrolling up and down with Shift in applications results in
// horizontal scrolling; these binds replicate that.
Mod+Shift+WheelScrollDown { focus-column-right; }
Mod+Shift+WheelScrollUp { focus-column-left; }
Mod+Ctrl+Shift+WheelScrollDown { move-column-right; }
Mod+Ctrl+Shift+WheelScrollUp { move-column-left; }
// Similarly, you can bind touchpad scroll "ticks".
// Touchpad scrolling is continuous, so for these binds it is split into
// discrete intervals.
// These binds are also affected by touchpad's natural-scroll, so these
// example binds are "inverted", since we have natural-scroll enabled for
// touchpads by default.
// Mod+TouchpadScrollDown { spawn-sh "wpctl set-volume @DEFAULT_AUDIO_SINK@ 0.02+"; }
// Mod+TouchpadScrollUp { spawn-sh "wpctl set-volume @DEFAULT_AUDIO_SINK@ 0.02-"; }
// You can refer to workspaces by index. However, keep in mind that
// niri is a dynamic workspace system, so these commands are kind of
// "best effort". Trying to refer to a workspace index bigger than
// the current workspace count will instead refer to the bottommost
// (empty) workspace.
//
// For example, with 2 workspaces + 1 empty, indices 3, 4, 5 and so on
// will all refer to the 3rd workspace.
Mod+1 { focus-workspace 1; }
Mod+2 { focus-workspace 2; }
Mod+3 { focus-workspace 3; }
Mod+4 { focus-workspace 4; }
Mod+5 { focus-workspace 5; }
Mod+6 { focus-workspace 6; }
Mod+7 { focus-workspace 7; }
Mod+8 { focus-workspace 8; }
Mod+9 { focus-workspace 9; }
Mod+Shift+1 { move-column-to-workspace 1; }
Mod+Shift+2 { move-column-to-workspace 2; }
Mod+Shift+3 { move-column-to-workspace 3; }
Mod+Shift+4 { move-column-to-workspace 4; }
Mod+Shift+5 { move-column-to-workspace 5; }
Mod+Shift+6 { move-column-to-workspace 6; }
Mod+Shift+7 { move-column-to-workspace 7; }
Mod+Shift+8 { move-column-to-workspace 8; }
Mod+Shift+9 { move-column-to-workspace 9; }
// Alternatively, there are commands to move just a single window:
// Mod+Ctrl+1 { move-window-to-workspace 1; }
// Switches focus between the current and the previous workspace.
// Mod+Tab { focus-workspace-previous; }
// The following binds move the focused window in and out of a column.
// If the window is alone, they will consume it into the nearby column to the side.
// If the window is already in a column, they will expel it out.
Mod+BracketLeft { consume-or-expel-window-left; }
Mod+BracketRight { consume-or-expel-window-right; }
// Consume one window from the right to the bottom of the focused column.
Mod+Comma { consume-window-into-column; }
// Expel the bottom window from the focused column to the right.
Mod+Period { expel-window-from-column; }
Mod+R { switch-preset-column-width; }
// Cycling through the presets in reverse order is also possible.
// Mod+R { switch-preset-column-width-back; }
Mod+Ctrl+R { switch-preset-window-height; }
Mod+Shift+R { reset-window-height; }
Mod+F { maximize-column; }
Mod+Shift+F { fullscreen-window; }
// While maximize-column leaves gaps and borders around the window,
// maximize-window-to-edges doesn't: the window expands to the edges of the screen.
// This bind corresponds to normal window maximizing,
// e.g. by double-clicking on the titlebar.
Mod+M { maximize-window-to-edges; }
// Expand the focused column to space not taken up by other fully visible columns.
// Makes the column "fill the rest of the space".
Mod+Ctrl+F { expand-column-to-available-width; }
Mod+C { center-column; }
// Center all fully visible columns on screen.
Mod+Ctrl+C { center-visible-columns; }
// Finer width adjustments.
// This command can also:
// * set width in pixels: "1000"
// * adjust width in pixels: "-5" or "+5"
// * set width as a percentage of screen width: "25%"
// * adjust width as a percentage of screen width: "-10%" or "+10%"
// Pixel sizes use logical, or scaled, pixels. I.e. on an output with scale 2.0,
// set-column-width "100" will make the column occupy 200 physical screen pixels.
Mod+Minus { set-column-width "-10%"; }
Mod+Equal { set-column-width "+10%"; }
// Finer height adjustments when in column with other windows.
Mod+Shift+Minus { set-window-height "-10%"; }
Mod+Shift+Equal { set-window-height "+10%"; }
// Move the focused window between the floating and the tiling layout.
Mod+V { toggle-window-floating; }
Mod+Shift+V { switch-focus-between-floating-and-tiling; }
// Toggle tabbed column display mode.
// Windows in this column will appear as vertical tabs,
// rather than stacked on top of each other.
Mod+W { toggle-column-tabbed-display; }
// Actions to switch layouts.
// Note: if you uncomment these, make sure you do NOT have
// a matching layout switch hotkey configured in xkb options above.
// Having both at once on the same hotkey will break the switching,
// since it will switch twice upon pressing the hotkey (once by xkb, once by niri).
// Mod+Space { switch-layout "next"; }
// Mod+Shift+Space { switch-layout "prev"; }
Print { screenshot; }
Ctrl+Print { screenshot-screen; }
Alt+Print { screenshot-window; }
// Applications such as remote-desktop clients and software KVM switches may
// request that niri stops processing the keyboard shortcuts defined here
// so they may, for example, forward the key presses as-is to a remote machine.
// It's a good idea to bind an escape hatch to toggle the inhibitor,
// so a buggy application can't hold your session hostage.
//
// The allow-inhibiting=false property can be applied to other binds as well,
// which ensures niri always processes them, even when an inhibitor is active.
Mod+Escape allow-inhibiting=false { toggle-keyboard-shortcuts-inhibit; }
// The quit action will show a confirmation dialog to avoid accidental exits.
Mod+Shift+E { quit; }
Ctrl+Alt+Delete { quit; }
// Powers off the monitors. To turn them back on, do any input like
// moving the mouse or pressing any other key.
Mod+Shift+P { power-off-monitors; }
}
switch-events {
lid-close {
spawn "handle-lid-close";
}
}

35
home/moco/default.nix
View File

@@ -1,9 +1,4 @@
{ { pkgs, pkgs-unstable, ... }:
pkgs,
pkgs-unstable,
lib,
...
}:
let let
homeDirectory = "/home/moco"; homeDirectory = "/home/moco";
in in
@@ -62,34 +57,6 @@ in
}; };
}; };
programs.ashell.settings.settings.CustomButton =
let
nmcli = lib.getExe' pkgs.networkmanager "nmcli";
ykman = lib.getExe pkgs.yubikey-manager;
isMocoVpnActive = lib.getExe (
pkgs.writeShellScriptBin "is-moco-vpn-active" ''
${nmcli} -t -f NAME connection show --active | grep -q '^moco$'
''
);
toggleMocoVpn = lib.getExe (
pkgs.writeShellScriptBin "toggle-moco-vpn" ''
if ${isMocoVpnActive}; then
${nmcli} c down moco
else
${ykman} oath accounts code -s 'MOCO Reto' | ${nmcli} c up moco --ask
fi
''
);
in
[
{
name = "MOCO VPN";
icon = "󰖂";
command = toggleMocoVpn;
status_command = isMocoVpnActive;
}
];
programs.zsh = { programs.zsh = {
cdpath = [ cdpath = [
"${homeDirectory}/Code/mocoapp" "${homeDirectory}/Code/mocoapp"

43
home/modules/elephant/default.nix
View File

@@ -1,43 +0,0 @@
{
config,
lib,
pkgs,
pkgs-unstable,
...
}:
let
cfg = config.services.elephant;
wrappedPackage = pkgs.symlinkJoin {
inherit (cfg.package) name meta;
paths = [ cfg.package ];
nativeBuildInputs = [ pkgs.makeBinaryWrapper ];
postBuild = ''
wrapProgram $out/bin/elephant \
--prefix PATH : ${lib.makeBinPath [ pkgs.bash ]}
'';
};
in
{
options.services.elephant = {
enable = lib.mkEnableOption "Enable Elephant";
package = lib.mkOption {
type = lib.types.package;
default = pkgs-unstable.elephant;
};
};
config = lib.mkIf cfg.enable {
systemd.user.services.elephant = {
Unit = {
Description = "Elephant";
After = [ "niri.service" ];
Wants = [ "niri.service" ];
};
Service = {
ExecStart = lib.getExe wrappedPackage;
Restart = "on-failure";
};
Install.WantedBy = [ "graphical-session.target" ];
};
};
}

92
home/modules/voxtype/default.nix
View File

@@ -1,92 +0,0 @@
{
config,
osConfig,
lib,
pkgs,
pkgs-unstable,
...
}:
let
cfg = config.programs.voxtype;
postProcessUnwrapped =
pkgs.runCommand "voxtype-post-process-unwrapped"
{
code = ./post-process.cr;
nativeBuildInputs = [
pkgs-unstable.crystal
];
}
''
mkdir -p $out/bin
crystal build $code -o $out/bin/voxtype-post-process
'';
postProcess = pkgs.symlinkJoin {
name = "voxtype-post-process";
paths = [ postProcessUnwrapped ];
nativeBuildInputs = [ pkgs.makeBinaryWrapper ];
postBuild = ''
wrapProgram $out/bin/voxtype-post-process \
--set OLLAMA_PORT ${toString osConfig.services.ollama.port} \
--set WALKER_BIN ${lib.getExe config.services.walker.package}
'';
meta.mainProgram = "voxtype-post-process";
};
in
{
options.programs.voxtype = {
postProcessing = lib.mkOption {
type = lib.types.submodule {
options = {
enable = lib.mkEnableOption "Enable post-processing of transcriptions";
settings = lib.mkOption {
type = lib.types.submodule {
options = {
model = lib.mkOption {
type = lib.types.str;
description = "The ollama model to use for post-processing";
};
commonInstructions = lib.mkOption {
type = lib.types.str;
default = "no quotes, no emojis, no explanations";
description = "Instructions to include in every post-processing prompt";
};
prompts = lib.mkOption {
type = lib.types.listOf (
lib.types.submodule {
options = {
title = lib.mkOption {
type = lib.types.str;
description = "A title for this prompt, used in the selector";
};
instructions = lib.mkOption {
type = lib.types.str;
description = "Instructions to include in the post-processing prompt, in addition to the common instructions";
};
};
}
);
default = [
{
title = "Clean up";
instructions = "Clean up this dictation. Remove filler words, fix grammar and punctuation. Output ONLY the cleaned text";
}
];
};
};
};
default = { };
};
};
};
};
};
config = lib.mkIf cfg.postProcessing.enable {
xdg.configFile."voxtype/post-processing.json".text = builtins.toJSON cfg.postProcessing.settings;
programs.voxtype.settings.output.post_process = {
command = lib.getExe postProcess;
timeout_ms = 5 * 60 * 1000; # 5 minutes
};
};
}

54
home/modules/voxtype/post-process.cr
View File

@@ -1,54 +0,0 @@
require "json"
require "http/client"
struct OllamaResponse
include JSON::Serializable
getter response : String
end
struct Prompt
include JSON::Serializable
getter title : String
getter instructions : String
end
struct Config
include JSON::Serializable
getter model : String
getter prompts : Array(Prompt)
@[JSON::Field(key: "commonInstructions")]
getter common_instructions : String
end
config_path = "#{ENV.fetch("XDG_CONFIG_HOME", "~/.config")}/voxtype/post-processing.json"
config = File.open(config_path) { |file| Config.from_json(file) }
client = HTTP::Client.new("localhost", ENV.fetch("OLLAMA_PORT", "11434").to_i)
prompt_selection = Process.run(ENV["WALKER_BIN"], ["--dmenu"]) do |process|
config.prompts.each do |prompt|
process.input.puts prompt.title
end
process.input.close
process.output.gets_to_end.chomp
end
instructions = config.prompts.find { |prompt| prompt.title == prompt_selection }.try(&.instructions) || prompt_selection
payload = {
model: config.model,
prompt: "#{instructions} - #{config.common_instructions}:\n\n#{STDIN.gets_to_end.chomp}",
think: false,
stream: false,
}
client.post("/api/generate", body: payload.to_json) do |response|
if response.status_code == 200
puts OllamaResponse.from_json(response.body_io).response.strip
else
abort "Ollama API error: #{response.status_code} #{response.body}"
end
end

15
home/modules/zed/default.nix
View File

@@ -399,13 +399,6 @@ in
reveal_target = "center"; reveal_target = "center";
} }
]; ];
"space o" = [
"task::Spawn"
{
task_name = "opencode";
reveal_target = "center";
}
];
"space r" = "pane::DeploySearch"; "space r" = "pane::DeploySearch";
"space f" = [ "space f" = [
"file_finder::Toggle" "file_finder::Toggle"
@@ -451,14 +444,6 @@ in
use_new_terminal = false; use_new_terminal = false;
hide = "on_success"; hide = "on_success";
} }
{
label = "opencode";
command = lib.getExe pkgs-unstable.opencode;
reveal = "always";
allow_concurrent_runs = true;
use_new_terminal = false;
hide = "on_success";
}
]; ];
}; };

52
hosts/apu/configuration.nix
View File

@@ -258,25 +258,61 @@
openFirewall = true; openFirewall = true;
}; };
services.invidious-companion = { services.home-assistant = {
enable = true; enable = true;
host = "0.0.0.0"; extraComponents = [
port = 8282; # Components required to complete the onboarding
secretKeyFile = config.age.secrets.invidious-companion.path; "esphome"
binaryHash = "sha256-nZXKpExKCc2zgSdVT3qo05NyFdpM9H9NJB5UWo+MVWI="; "met"
"radio_browser"
"yeelight"
"xiaomi_aqara"
"shelly"
];
subdomain = "home";
extraPackages =
python3Packages: with python3Packages; [
gtts
numpy
];
config = {
homeassistant = {
name = "Koti";
unit_system = "metric";
time_zone = "Europe/Helsinki";
};
http = {
use_x_forwarded_for = true;
trusted_proxies = "127.0.0.1";
};
default_config = { };
};
}; };
networking.firewall = { services = {
webserver = {
enable = true; enable = true;
interfaces.tailscale0.allowedTCPPorts = [ 8282 ]; acme.dnsChallenge = true;
vHosts."koti.repomaa.com" = {
proxyBuffering = false;
locations."/".proxyPort = 8123;
};
};
invidious = {
enable = true;
subdomain = "vid";
};
}; };
security.acme.defaults.environmentFile = config.age.secrets.hetzner.path; security.acme.defaults.environmentFile = config.age.secrets.hetzner.path;
networking = { networking = {
nftables.enable = true; nftables.enable = true;
firewall.enable = true;
useDHCP = false; useDHCP = false;
domain = "apu.home.arpa"; domain = "repomaa.com";
}; };
system.stateVersion = "24.05"; system.stateVersion = "24.05";

1
hosts/apu/secrets.nix
View File

@@ -10,7 +10,6 @@
}) })
[ [
"hetzner" "hetzner"
"invidious-companion"
] ]
); );
} }

1
hosts/freun-dev/configuration.nix
View File

@@ -30,7 +30,6 @@ in
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
boot.binfmt.emulatedSystems = [ "x86_64-linux" ];
networking.hostName = "freun-dev"; # Define your hostname. networking.hostName = "freun-dev"; # Define your hostname.
networking.domain = "freun.dev"; networking.domain = "freun.dev";

4
hosts/freun-dev/secrets.nix
View File

@@ -51,9 +51,5 @@
file = ../../secrets/hledger-basic-auth.age; file = ../../secrets/hledger-basic-auth.age;
owner = if (config.services.hledger-web.enable) then "nginx" else "root"; owner = if (config.services.hledger-web.enable) then "nginx" else "root";
}; };
invidious = lib.mkIf config.services.invidious.enable {
file = ../../secrets/invidious.age;
owner = config.systemd.services.invidious.serviceConfig.User;
};
}; };
} }

92
hosts/freun-dev/services.nix
View File

@@ -3,7 +3,6 @@
pkgs-unstable, pkgs-unstable,
config, config,
inputs, inputs,
lib,
... ...
}: }:
let let
@@ -134,21 +133,14 @@ in
}; };
invidious = { invidious = {
enable = true; enable = false;
subdomain = "vid"; subdomain = "vid";
extraSettingsFile = secrets.invidious.path;
settings = {
invidious_companion = [
{ private_url = "http://apu:8282/companion"; }
];
};
}; };
syncthing = { syncthing = {
enable = true; enable = true;
subdomain = "sync"; subdomain = "sync";
dataDir = syncthingDataDir; dataDir = syncthingDataDir;
configDir = "/var/lib/syncthing";
}; };
tailscale.enable = true; tailscale.enable = true;
@@ -303,6 +295,86 @@ in
}; };
}; };
home-assistant = {
enable = false;
subdomain = "home";
config = {
homeassistant = {
name = "Koti";
unit_system = "metric";
time_zone = "Europe/Helsinki";
};
http = {
server_port = 8123;
use_x_forwarded_for = true;
trusted_proxies = [
"127.0.0.1"
"::1"
];
};
mqtt = [
{
climate = {
unique_id = "nappula";
name = "Nappula";
current_humidity_topic = "homie/nappula/humidity/value";
current_humidity_template = "{{ value | float }}";
current_temperature_topic = "homie/nappula/temperature/value";
current_temperature_template = "{{ value | float }}";
mode_state_topic = "homie/nappula/ac/trigger";
mode_state_template = "{% if value == 'true' %}heat{% else %}off{% endif %}";
availability = {
topic = "homie/nappula/$online";
payload_available = "true";
payload_not_available = "false";
};
modes = [
"off"
"heat"
];
};
}
{
button = {
unique_id = "nappula_button";
name = "Nappula anschalten";
command_topic = "homie/nappula/button/trigger/set";
payload_press = "true";
availability = {
topic = "homie/nappula/$online";
payload_available = "true";
payload_not_available = "false";
};
icon = "mdi:power";
};
}
{
sensor = {
unique_id = "nappula_pressure";
name = "Luftdruck";
state_topic = "homie/nappula/pressure/value";
device_class = "atmospheric_pressure";
unit_of_measurement = "hPa";
state_class = "measurement";
value_template = "{{ value | float // 100 }}";
};
}
];
};
extraComponents = [
"default_config"
"esphome"
"met"
"radio_browser"
"mqtt"
];
extraPackages = (
python3Packages: with python3Packages; [
paho-mqtt
]
);
};
weechat = { weechat = {
enable = true; enable = true;
subdomain = "irc"; subdomain = "irc";
@@ -379,7 +451,7 @@ in
labels = [ labels = [
"linux_arm64" "linux_arm64"
"ubuntu-latest:docker://node:latest" "ubuntu-latest:docker://node:latest"
"nixos-latest:docker://git.freun.dev/repomaa/nixos/node:latest" "nixos-latest:docker://repomaa/node:latest"
]; ];
tokenFile = secrets.gitea-actions-runner.path; tokenFile = secrets.gitea-actions-runner.path;
url = "https://${config.services.gitea.subdomain}.${config.networking.domain}"; url = "https://${config.services.gitea.subdomain}.${config.networking.domain}";

9
hosts/radish/configuration.nix
View File

@@ -8,14 +8,7 @@
maxJobs = 8; maxJobs = 8;
protocol = "ssh"; protocol = "ssh";
sshUser = "builder"; sshUser = "builder";
systems = [ system = "aarch64-linux";
"aarch64-linux"
];
supportedFeatures = [
"kvm"
"big-parallel"
"nixos-test"
];
} }
]; ];
settings = { settings = {

20
hosts/radish/containers.nix
View File

@@ -1,26 +1,10 @@
{ pkgs-unstable, ... }: { ... }:
{ {
virtualisation = { virtualisation.docker = {
containers = {
enable = true;
storage.settings.storage.driver = "btrfs";
};
oci-containers.backend = "podman";
podman = {
enable = true;
autoPrune.enable = true;
defaultNetwork.settings.dns_enabled = true;
package = pkgs-unstable.podman;
};
docker = {
storageDriver = "btrfs"; storageDriver = "btrfs";
enable = true; enable = true;
autoPrune.enable = true; autoPrune.enable = true;
}; };
};
users.users.jokke.extraGroups = [ "docker" ]; users.users.jokke.extraGroups = [ "docker" ];
users.users.moco.extraGroups = [ "docker" ]; users.users.moco.extraGroups = [ "docker" ];

15
hosts/radish/desktop.nix
View File

@@ -2,23 +2,8 @@
{ {
services.displayManager.gdm.enable = true; services.displayManager.gdm.enable = true;
services.desktopManager.gnome.enable = true; services.desktopManager.gnome.enable = true;
programs.niri.enable = true;
services.printing.enable = true; services.printing.enable = true;
services.keyd = {
enable = true;
keyboards.default = {
ids = [ "*" ];
settings = {
global = {
overload_tap_timeout = 200;
};
main = {
leftmeta = "overload(meta, macro(leftmeta+z))";
};
};
};
};
security.rtkit.enable = true; security.rtkit.enable = true;
services.pipewire = { services.pipewire = {

37
hosts/radish/packages.nix
View File

@@ -51,12 +51,10 @@ in
ollama = { ollama = {
enable = true; enable = true;
package = pkgs-unstable.ollama-vulkan; acceleration = "rocm";
syncModels = true; environmentVariables = {
loadModels = [ HSA_OVERRIDE_GFX_VERSION = "11.0.3";
"qwen3:4b-instruct" };
"qwen3:8b"
];
}; };
borgbackup.jobs.root = { borgbackup.jobs.root = {
@@ -141,31 +139,4 @@ in
environment.etc."1password/custom_allowed_browsers".text = '' environment.etc."1password/custom_allowed_browsers".text = ''
vivaldi vivaldi
''; '';
systemd.services.ollama-keep-alive =
let
ollamaURL = "http://localhost:${toString config.services.ollama.port}/api/generate";
payload = {
model = lib.elemAt config.services.ollama.loadModels 0;
keep_alive = -1;
};
in
{
enable = true;
description = "Keep Ollama primary model loaded by pinging it";
after = [
"ollama.service"
"network-online.target"
];
wants = [ "network-online.target" ];
bindsTo = [ "ollama.service" ];
wantedBy = [
"multi-user.target"
"ollama.service"
];
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.curl}/bin/curl -s '${ollamaURL}' -d '${builtins.toJSON payload}'";
};
};
} }

1
modules/services/default.nix
View File

@@ -32,6 +32,5 @@
./voidauth.nix ./voidauth.nix
./gitea.nix ./gitea.nix
./dhcp-dns-sync ./dhcp-dns-sync
./invidious-companion.nix
]; ];
} }

14
modules/services/dhcp-dns-sync/default.nix
View File

@@ -6,11 +6,6 @@
}: }:
let let
cfg = config.modules.services.dhcp-dns-sync; cfg = config.modules.services.dhcp-dns-sync;
ownAddress = (
lib.elemAt (lib.splitString "/"
config.systemd.network.networks."30-${cfg.interface}".networkConfig.Address
) 0
);
dhcp-leases-to-unbound = dhcp-leases-to-unbound =
pkgs.runCommand "dhcp-leases-to-unbound" pkgs.runCommand "dhcp-leases-to-unbound"
@@ -64,10 +59,9 @@ in
users.groups.dhcp-dns-sync = { }; users.groups.dhcp-dns-sync = { };
# Ensure directories and files exist with proper permissions # Ensure directories and files exist with proper permissions
# Directory needs to be group-writable for unbound group
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"d /var/lib/unbound 0775 unbound unbound -" "d /var/lib/unbound 0755 unbound unbound -"
"f ${cfg.unboundConfigPath} 0644 dhcp-dns-sync unbound -" "f ${cfg.unboundConfigPath} 0644 dhcp-dns-sync dhcp-dns-sync -"
]; ];
# Extend Unbound configuration to include generated file # Extend Unbound configuration to include generated file
@@ -75,8 +69,6 @@ in
server = { server = {
local-zone = [ "${cfg.domain}. static" ]; local-zone = [ "${cfg.domain}. static" ];
include = cfg.unboundConfigPath; include = cfg.unboundConfigPath;
local-data = [ ''"apu.home.arpa. IN A ${ownAddress}"'' ];
local-data-ptr = [ ''"${ownAddress} apu.home.arpa."'' ];
}; };
}; };
@@ -96,7 +88,7 @@ in
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
User = "dhcp-dns-sync"; User = "dhcp-dns-sync";
Group = "unbound"; Group = "dhcp-dns-sync";
# Allow access to networkctl via D-Bus # Allow access to networkctl via D-Bus
SupplementaryGroups = [ "systemd-network" ]; SupplementaryGroups = [ "systemd-network" ];
# Read/write paths # Read/write paths

43
modules/services/dhcp-dns-sync/dhcp-leases-to-unbound.cr
View File

@@ -58,6 +58,13 @@ def sanitize_hostname(hostname : String) : String?
sanitized sanitized
end end
def reverse_ptr(ip : String) : String?
parts = ip.split('.')
return nil unless parts.size == 4
"#{parts[3]}.#{parts[2]}.#{parts[1]}.#{parts[0]}.in-addr.arpa."
end
def generate_unbound_config(leases : Array(Lease), domain : String) : String def generate_unbound_config(leases : Array(Lease), domain : String) : String
lines = [] of String lines = [] of String
@@ -75,30 +82,23 @@ def generate_unbound_config(leases : Array(Lease), domain : String) : String
# A record # A record
lines << %{local-data: "#{fqdn} IN A #{lease.address}"} lines << %{local-data: "#{fqdn} IN A #{lease.address}"}
# PTR record - local-data-ptr expects IP in normal form, unbound reverses it # PTR record
lines << %{local-data-ptr: "#{lease.address} #{fqdn}"} if ptr = reverse_ptr(lease.address)
lines << %{local-data-ptr: "#{ptr} #{fqdn}"}
end
end end
lines.join("\n") + "\n" lines.join("\n") + "\n"
end end
def get_leases(interface : String, networkctl_path : String? = nil) : Array(Lease) def get_leases(interface : String, networkctl_path : String? = nil) : Array(Lease)
cmd = networkctl_path ? "#{networkctl_path}" : "networkctl" cmd = networkctl_path ? "#{networkctl_path} status #{interface} --json=short" : "networkctl status #{interface} --json=short"
args = ["status", interface, "--json=short"] output = `#{cmd}`
raise "networkctl failed (exit code #{$?.exit_status}): #{output}" unless $?.success?
Process.run(cmd, args, output: Process::Redirect::Pipe, error: Process::Redirect::Pipe) do |process|
result = process.wait
output = process.output.to_s
unless result.success?
error = process.error.to_s
raise "networkctl failed (exit code #{result.exit_code}): #{error.empty? ? output : error}"
end
status = NetworkStatus.from_json(output) status = NetworkStatus.from_json(output)
status.dhcp_server.try(&.leases) || [] of Lease status.dhcp_server.try(&.leases) || [] of Lease
end end
end
def write_if_changed(content : String, path : String) : Bool def write_if_changed(content : String, path : String) : Bool
# Check if content is the same # Check if content is the same
@@ -151,20 +151,15 @@ OptionParser.parse do |parser|
end end
def reload_unbound(unbound_control_path : String?) def reload_unbound(unbound_control_path : String?)
cmd = unbound_control_path ? "#{unbound_control_path}" : "unbound-control" cmd = unbound_control_path ? "#{unbound_control_path} reload" : "unbound-control reload"
puts "Reloading Unbound..." puts "Reloading Unbound..."
result = system(cmd)
Process.run(cmd, ["reload"], output: Process::Redirect::Pipe, error: Process::Redirect::Pipe) do |process| unless result
result = process.wait # Fallback to systemctl
system("systemctl reload unbound")
unless result.success?
raise "unbound reload failed (exit code #{result.exit_code}): #{process.error}"
end end
end end
puts "Unbound reloaded successfully."
end
begin begin
# Get leases from networkd # Get leases from networkd
leases = get_leases(interface, networkctl_path) leases = get_leases(interface, networkctl_path)

5
modules/services/gitea.nix
View File

@@ -46,10 +46,7 @@ in
services = { services = {
webserver = { webserver = {
enable = lib.mkDefault true; enable = lib.mkDefault true;
vHosts.${fqdn}.locations."/" = { vHosts.${fqdn}.locations."/".proxyPort = 3008;
proxyPort = 3008;
extraConfig = "client_max_body_size 0;";
};
}; };
postgresql = { postgresql = {
enable = lib.mkDefault true; enable = lib.mkDefault true;

99
modules/services/invidious-companion.nix
View File

@@ -1,99 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
cfg = config.services.invidious-companion;
companionRelease = "release-master";
hostPlatform = pkgs.stdenv.hostPlatform.system;
# Invidious Companion package - fetches binary release and patches for NixOS
unwrappedCompanion = pkgs.stdenv.mkDerivation {
pname = "unwrapped-invidious-companion";
version = companionRelease;
src =
let
archMap = {
x86_64-linux = "x86_64-unknown-linux-gnu";
aarch64-linux = "aarch64-unknown-linux-gnu";
};
platform = archMap.${hostPlatform} or (throw "Unsupported platform: ${hostPlatform}");
in
pkgs.fetchzip {
url = "https://github.com/iv-org/invidious-companion/releases/download/${companionRelease}/invidious_companion-${platform}.tar.gz";
sha256 = cfg.binaryHash;
};
dontStrip = true;
dontPatchELF = true;
installPhase = ''
mkdir -p $out/bin
cp invidious_companion $out/bin/invidious_companion
chmod +x $out/bin/invidious_companion
'';
};
invidiousCompanion = pkgs.buildFHSEnv {
name = "invidious-companion";
targetPkgs = pkgs: [ unwrappedCompanion ];
runScript = "invidious_companion";
meta = {
description = "Invidious companion for handling video streams";
homepage = "https://github.com/iv-org/invidious-companion";
license = lib.licenses.agpl3Only;
};
};
in
{
options.services.invidious-companion = {
enable = lib.mkEnableOption "Enable Invidious Companion service";
host = lib.mkOption {
type = lib.types.str;
default = "localhost";
};
port = lib.mkOption {
type = lib.types.port;
default = 8282;
description = "Port for Invidious Companion to listen on";
};
secretKeyFile = lib.mkOption {
type = lib.types.str;
description = "Path to file containing the companion secret key";
};
binaryHash = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
description = "SHA256 hash of the invidious companion binary release";
};
};
config = lib.mkIf cfg.enable {
systemd.services.invidious-companion = {
description = "Invidious Companion - video stream handler";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
Type = "simple";
User = "invidious";
Group = "invidious";
DynamicUser = true;
ExecStart = lib.getExe invidiousCompanion;
Environment = [
"HOST=${cfg.host}"
"PORT=${toString cfg.port}"
"TMPDIR=/var/cache/invidious-companion"
];
EnvironmentFile = [ cfg.secretKeyFile ];
CacheDirectory = "invidious-companion";
WorkingDirectory = "%C/invidious-companion";
Restart = "always";
RestartSec = 5;
};
};
};
}

15
modules/services/invidious.nix
View File

@@ -1,8 +1,4 @@
{ { config, lib, ... }:
config,
lib,
...
}:
let let
cfg = config.services.invidious; cfg = config.services.invidious;
fqdn = "${cfg.subdomain}.${config.networking.domain}"; fqdn = "${cfg.subdomain}.${config.networking.domain}";
@@ -36,14 +32,5 @@ in
vHosts.${fqdn}.locations."/".proxyPort = cfg.port; vHosts.${fqdn}.locations."/".proxyPort = cfg.port;
}; };
}; };
systemd.services.invidious.serviceConfig.DynamicUser = lib.mkForce false;
users.groups.invidious = { };
users.users.invidious = {
isSystemUser = true;
group = "invidious";
description = "Invidious user";
};
}; };
} }

9
modules/services/syncthing.nix
View File

@@ -27,14 +27,5 @@ in
vHosts.${fqdn}.locations."/".proxyPort = cfg.port; vHosts.${fqdn}.locations."/".proxyPort = cfg.port;
}; };
}; };
systemd.services.syncthing.serviceConfig =
lib.mkIf
(
cfg.dataDir == "/var/lib/syncthing" || cfg.dataDir == null || cfg.configDir == "/var/lib/syncthing"
)
{
StateDirectory = "syncthing";
};
}; };
} }

18
secrets/actual.age
View File

@@ -1,10 +1,10 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 osOCZA n8TUqlE5mEfKa7aPdefBjIKAhydL1vrCZK8cLTs+j3w -> ssh-ed25519 osOCZA OPYYw6SBBoMNoJ/DfIyvxLVpZo0n0v08uhrPa2Uk/xw
ayrirgnGn6dTBKShBRDHJAI3t040hf5LEo8ZuHUGNHg b9mSzuzgznPl5qu73kJie2PgJGIlxEOR/MSNzp2TZ2A
-> ssh-ed25519 DFiohQ +rVCacN11divc55NH2fKsYXa6IJ0ieW18riYz9nkrwo -> ssh-ed25519 DFiohQ rYD5ueKrIAbtphPZe7BxyHNPdRGCV0o4G3lXGGHFmD0
4qv06+QnvPKYRRkQauDwKfnT1c4/GHDkxHVrgkfrHNw caGATSGVUaJkTDIHDk40oJnNh8oNRRQYTpKn4jET72c
-> ssh-ed25519 PT7ffg wklac2cEzzfMQaItzsAv6I1az8HxZ15s3ANwxYO59To -> ssh-ed25519 PT7ffg 2HVnNQxY5BubUZGTuwcOHMKDZ7O1f+gji9d2mquLECs
abdf65f0BT2sE52T60lnfqY/iDCgLAzgRQlPqjRp6Y4 rJzRjFokTzDkn/fjA1eXaZdISEXWtGqLSsYpUYEd0qw
--- Wi4+L0OzsduT8T7G4+H8pp05EzbTjNlJowwBDWUN1mU --- U6CH4TvqpEfQg4VuQ3fr7gcqBojVEV2r4+NPfMEVxbA
ÛŸþfŽ¹“Íå¸ÁºTL®`ý¬—F„F»‡í$S1†ºqÐv3nÙOu‰Xªf q5šòú4ÍÝMêÿ<>—Ô³ÏEòx'í6éu<C3A9>§¤eìëŠàÜh4D;óN¿ƒÔ<:P¡)Š."CÞèˆÿ
AþÂn‡e¥Sý©ªEãM_¿ ï^VÀŽä4p.øäBIO¹Ô÷ xgóv˜/ãN%W2™¥ÙPâQÖdA½VêÉ—üœ^_B|Íëío׌àkf¦ÛŠáWÞ~ ³ú̪ϽևÄÖDñõfo

BIN
secrets/borgbackup-radish.age
View File

Binary file not shown.

16
secrets/context7.age
View File

@@ -1,9 +1,9 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 osOCZA 9ZHiyWiFLySuINTKXSjysD9u7LKyhK2bJo6JmVskDGc -> ssh-ed25519 osOCZA wDdoFnPs/OUczxmB6WgzSQ0HtguSmIsX1di6gH5guFM
IDUB5fbYwEwZDIRwOAAWdDkHOrmMwlZT+2UhObhHVXg b6PAgnY1Kki92V+ky+/Cuq5UezYdchS3g5MtqtRxDMQ
-> ssh-ed25519 DFiohQ OFE+xiH2zIXccj3axHbN8TBKS927ldBtlC80ZCVH2To -> ssh-ed25519 DFiohQ oZmlLt1Em4PnIZAUwqxed5EH1ZG/Bkm3FPiZI9uxVUY
E50Dr6cyllIN66QVGYvonpSRV0nERdstsEGUeXrVDoE /dAEjEHp9mcygfYj+taalhqjJ6ywkWu45ymwnmtlzaY
-> ssh-ed25519 hRPDBg Z9ItEkrFay5918/EY2RCl0a9PZx3z8amW4yMyfgEqQI -> ssh-ed25519 hRPDBg MKpKkBgl0baf6qJh940ekh1z/0bKbzYTBb9In2yVd3Q
rEs5eqfdnpwnxzPRlMi1vBrtzsbQCwCupkGEXFs7rVA 1uX/3y+A/a+vxSl41DlUnZVdh6lpDYFwunzLV3DRblk
--- op5RVwxhxkxflXvoAM7ZcEXLutkF9Op70tUxsJundN4 --- KQncWqjni5UN+D3I1OSWdKxVf5/UiLBUNBwFMG/1+mg
è$À;Åå1ÒO`bBMÆLŸf“<îã%>1p<31>kvMØ]?x|ù¬zäFƶ~ÖÙÕ¬pL Š<EFBFBD>­öôó\ÄXã±zÐÿÌ®œ¬Û\~.¼©ûfå•w

16
secrets/dnote.age
View File

@@ -1,9 +1,9 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 osOCZA sWXC8tg44GfsKCFIDhvmkSfO1NnQ/GdP7s7yKnn/wwk -> ssh-ed25519 osOCZA UCilO75OGmYABIVNjQ7JKdObSSC882S6blT35S8XXBE
tulj+EsIi91rXw7XV0elKyVpamDNnEdy1GikcmPGLlE CEhIzJeE0Xa9jY1uboPVM1uK+U8N77e6pGsK3SCNBqY
-> ssh-ed25519 DFiohQ 8Cxy6QZkviBPw51+3m6JYtcOPTbYy6C7m7uomdFwAgY -> ssh-ed25519 DFiohQ aKyq1IPwKvgQniPEDt9tIw6KLeQePctFPY8wnSmcREk
4GuwAQKMtKI7cZCg2/yl4IAd98Zeai+/rXScSRRmS9E 3OQH5iOGFbnJaUXn8JmMDItPfPjXUmuO1OFYw31ftGA
-> ssh-ed25519 PT7ffg dnDE79EVRVys94oHOSduzhcyd8oHA8/scK98By5g9FE -> ssh-ed25519 PT7ffg 1XzR+XsNLJgf0itst++aN4GWpiUjPvlCPR/KcZzLNT4
RFfMpq56KDvIJcOg5JdaOiEN6wupKFUNbcHYCS/kyp0 Na1BKsjIoFgFbQI4LVppxW53yAQgxQfz5r31HrTNRLI
--- Tg+Gw0uAEFItHT00VDs9BmhvX2f8afcRwuh8OSqLEh4 --- U8B89Fp3JNPBX18P5p3lVLYIz5CsbxldkvnjZ2Cx4+8
È*Í<>¦ciðÜ~P+c÷{p™“²Û…£yé\©â 'a“<x6Xsá¡zógŸ~=´è0¸6=sÞ5ÐÆlØ5BŒÎ3ÌÜ5í»š§ º“¨3z®#<Kî*ŽwÁMs! ­Ó2¼Ê<C2BC>bqz>‰&€~u«¹‡Êi𧾘tYv§¾ÁþítÂøÒvÀ¬2Ïd)gfÇÃÙÔ<C399>

BIN
secrets/donetick.age
View File

Binary file not shown.

17
secrets/gitea-actions-runner.age
View File

@@ -1,9 +1,10 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 osOCZA YazzKQ+vILKo3Ep0pktO9iUSeW36Q2UVZpbdLVEfYz0 -> ssh-ed25519 osOCZA WJ1gfKrLBMmFANdArq8g8PQNbUIl+vVtyxTq+bKx93c
YgHYF2kjRhmdfMQwgaXPws3nXgCltHukB7Xhm0bkVuo JFB9WXTK8/7HRfDRzTIzIpDHHc226YCPfUCqbBQ5N1Y
-> ssh-ed25519 DFiohQ rbNLTZIjzD7n9zKxkbi6fG62B4Mrse1WnPdcw1RWAg8 -> ssh-ed25519 DFiohQ /5FxHaCm+0wGlQ2ZziKYTmD5AWjmoA5PTys3VSOluSU
uzuHv7ekuPl9wRgkhn4Mksk3NAUcg8OCPEM6Vi2GVdw l6C6LhUaxw/dIUkyzw7pl2vREV7Bzy/FvbM+J6gFzZQ
-> ssh-ed25519 PT7ffg DfvJEgs4wsYTwWXZ6pXXG7v6K+47Dhc5MPS788IZCjg -> ssh-ed25519 PT7ffg B/mz/9eslfI+VEfEPfT4TWyvLTryDZRjSGxM3x2sQQE
TId/tqstZaAJIDKav8NOJ/p32BuBO6gE6/B1QISk1cg qIQUE4103ilhAhNxekvb3fPYeqZCZ3NGwzfZReMXiU4
--- ezx3Iiga17TxrY0K5HlAbcKBvdhgvnpT8sz4vPrStQ8 --- HzN/P0+Xj3Ep+LthjWEpKKDbjlXkPTtamWIPl9IQ6Ec
Z[“Nl<4E>_ùXì«ú¸ ¨ûGèmP8ç—¥nR0ÙKÕ[+Çsßã÷:o'”‹=}œR<C593>纊õ£:'«ÖG²€Ï£û`ñ C ¨ÇPœÞºãìQ½[<5B>&E"ñTQfë|NÃ!ÅÿÅú#³ZŸ:¼€ïr7È:ùóZè´£<08>Fisˆ€(ãÊɃ~È0>
Œ°ZâŠÁk

BIN
secrets/gitea.age
View File

Binary file not shown.

BIN
secrets/gitlab-runner/default.age
View File

Binary file not shown.

BIN
secrets/gitlab-runner/docker.age
View File

Binary file not shown.

17
secrets/glance/reddit/app-id.age
View File

@@ -1,10 +1,9 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 osOCZA wVGyI0bVEaVUbXMiumjhqdno2VD6ZHmvJM0NRUoesk0 -> ssh-ed25519 osOCZA Y7ieflWxf67Jik747FnOu5aKcDjh6hd8OWE88oX7gWc
kW8Zs6KV+KBmyg/imOzVHHPg/K3oHyB05ayMQsT01CQ aQavFEvcW30cer2DutpkfSkKk1NqGzPiP2bYL2MCv+Q
-> ssh-ed25519 DFiohQ h+C13tChA1OrCdmJO9rkjW3ER/d8OW7P2IGd5spsd2Y -> ssh-ed25519 DFiohQ J5HO9n4KTQ6cSBGHxrBHORvmYp4WYJZiATekbZvhuEU
7LOIjam4k8lmglNEuNs7lkRpt3UbYkxFxXPwkj2Fbc8 QGAhwn6P5ByiNY8bMUI07hHvnA8diVI56Vg+6kVEJb0
-> ssh-ed25519 PT7ffg 33/HLpIkjfw+QC1qm1Tmr4YqMjgtt4bsVoFqUNinhno -> ssh-ed25519 PT7ffg RpcpdzFtX5VyodX3lXKvjMRxMlpasRqqpjqCacXDcy4
8+PGKzffQT2DuM8l9mqgGieHiQCpBsbWbHDIdxFapBk VJQuB8YfhB0DQ4TjwzBhdtl35eyFVLLW8O87mCuH828
--- lzyw/qQSELbYc8TWYFGD57JBF4JorTLhBPNdlxYjVqY --- qJnfQgOyw0CTBhXNSyIw3O33av2cjPxTntLsOW/bevA
lÞHºaEM9ÅóüÀS0(Š¥¦lâJxø- -åž
—sÔ¸éžc¬H EÖ˜Í0_{|Kp2

17
secrets/glance/reddit/app-secret.age
View File

@@ -1,9 +1,10 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 osOCZA tO/H34qaDDLUWG7ovv4wD8At0v+nRLxgozIHFRCxIG4 -> ssh-ed25519 osOCZA y1DrZWN4jrO6xg7TkFqrjTT/k4L49IAZVf/NLw3jMiM
AU0szD79hzM5rLSYQhki+Ukc2CbATwdU5uWPNLn1Oa0 BB+Aq/80SFQpLJfZxRKFPBw9ylHb+Y6LLuZQAqG3WdQ
-> ssh-ed25519 DFiohQ hwThntCOC9a5eSAay4zWW044NoC4JggBXgh3KAZdGAA -> ssh-ed25519 DFiohQ jPPM8ATBvlXn0F/9pDCsZB15yW+af0b2FQqV2gI8YyQ
z2EDIRJH9jGTKYuxm++ns1yqFyUYrA091Q22VMNgqec 8yJjKEvEGKDwtvBWP/yjiDql+HA6l5q+RfEgP8cAIGM
-> ssh-ed25519 PT7ffg tNGBQvJnGvnGB0Mk24Hyh75ZJAMbZMKk60wkc/PMEiE -> ssh-ed25519 PT7ffg +R5KlrnH2gGW2Qc3V+RgYKtAXerbRB5j898+b41/VAU
ijewL+qajDYN7abihSAvAySqcx3idkstsriVVw9Fj+A 7Lq3GE9CMGeXAmsf9WgSiJf/o+HyssF4xz94JNjbEgM
--- HuLF80Z9VHyeMVTyN9CLKIRn0HFUpIhaWC9KgLHXrlI --- k2xNMbWr5tntlbOOYLbt6DsWsW2mT/P3pg3IgXYcM58
:™Â3ÿö:ïžéÔRàöó1™Ä„É°ŠBÀo<C380>&Qd1BXU¤ìí¨q Ñ ßšüÙfÂ<66>€êQPÝ—8 |ìÍÑ°m7Æy‰z¡¥R©ÔíYê+qî§ü—1>ž‡Y?hHÖžÌÌÈ|ù7àÞþ̃
N¥zÚöØäëøð

19
secrets/gotosocial.age
View File

@@ -1,10 +1,11 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 osOCZA VAbqavKlZzuLT1XwcdWuRX39bNPbuVvsGPXNv5lwd2g -> ssh-ed25519 osOCZA 77EDoJKwYm80SsOFMaTeLVKyb60mpVafClV0oDfhnm0
4mMBgBCfnnbY6lo7WAnppqEk8tA1A5MGvXjjZ84cr5k gZ4EtoDbmI2iggyAooqWtd0Yhh5kebvR8vnHGz0Er6Y
-> ssh-ed25519 DFiohQ hzICSaoG/iPl1VEm7gF49mXCzhVZypQN00/9dqbAfgI -> ssh-ed25519 DFiohQ dYdiyYPtjCH8YFpj4bAwTDSEB+0JjzDIz1jwRPDjAFg
VM5O8wLvzFyFkttqP4YWQ0bR5iKkAvpYFPsep2nYt7E NAdMoMfREupERqZ8t2lu6++Qjgq7LVIo5wsXabXKWU8
-> ssh-ed25519 PT7ffg +FbUxPiTEBDl4QdwYUSuqD0+xzHWe4X9l1cqRePwZzQ -> ssh-ed25519 PT7ffg 6NFOq021rnHwv7BFIw9in6uQR39hgh5qVuPNvxtCd3k
tfKlhCQ0mK67E8UcXki9y4SmgTLsrZwD6kKBQz1NiSI 4UK6DCVbSi4yugpY9nLBSoZ7SHLkF3MMIeHVKYH3bkQ
--- tnLRJm+/eP6KzNV7vD1d2KtDe6SRyo2MoIsow4CDyrU --- 1BNBapkorRybzDSfmHCQjfkN0ss0GXnZGv99Ni/O/VM
±lù•þebö±¹D.Û wp3IvÄ"ßc}úÀ™W,0VÀÄæÂ<C3A6>mØû±ù´˜ƒv¹„¯jªP#„”$Ž”f¹ÜÌ
c‰Y.êÓdÎNáWä݃ξ^®Å´ï©PщSFd.Ú=ýŸ3øA@I9/Ž¼˜læóÍ<E280BA>~;FÒR5[| v9x["ú¶c ‡y²
~ .€[†/ko'z

17
secrets/hastebin-tokens.age
View File

@@ -1,9 +1,10 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 osOCZA El5iOI/2mf0RUjL6ENefgh0ibqalVciyxpAvmyjZ5Cw -> ssh-ed25519 osOCZA a3vwn++4v/1tVvde7xQd4qcY10fAmxG+Wd4y76ZqvUA
zhZ3WbaMn0Y+FgeZt73mDn+myA+9UYj/73mfwRPA3vw ljGJxon/rQmsOsu6CW/TDjbPx12wUeObVV9T364YA68
-> ssh-ed25519 DFiohQ nqMkFuxJ62ZjfWJWZxDOGJk69F1vJJpviRPB2mEONVo -> ssh-ed25519 DFiohQ +RiL4W374ivb122PSHtfyzF8XaxDSwwVJ3lWq7ezDxU
YOiv42eN+VjJvZ1K/V1emni+YwRu3qoTcDI0TV9S6iE mHFKG+GIXw0P6FhaFoD+u2QR8HLcnfsO+5100WLDypM
-> ssh-ed25519 PT7ffg LIluEefuruMR3egq8snsIwGVT+4rRy4/40KfMelC9HA -> ssh-ed25519 PT7ffg CjMjkvJTg7oSgxdFK9rJpzAuv/7TDdAMCl1+fiAlkBY
VZKSdePfRZWiy+0lq/QqWHzlzSzo6FGGaTEmbVlTi/4 b32kKKuDoVJuymrtkBcpxo6AdSkMO6UmATgRueZ2fTc
--- L5dJ1YxPYUifymofD7/kkdinaPhCy4nCWlvuDAOMKQ0 --- yDBelLE3scwefm2+jKFDHPCPj5glMWkehZvJvvq2ssk
BÊ5øv|}!Ë<>}wÜ^ ÔõÎH»çükcšc²ãµmyO 1ÊŤÂû?]/r÷y¦` HbîôÄ7$/<2F>ÉÃÚC<C39A>l¹ÐAtÊÅ™Me“f»}óŽ1\¤Nê/9õ4<C3B5>/âfºøˆ<³&õü³°jÜ·À:ž1E^îÝ× ¤d¡Gíÿ¡:;<3B>žUÔ<36>¥[
Þù#2F(0bãîRôkÊàc

21
secrets/hetzner.age
View File

@@ -1,11 +1,12 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 osOCZA FKD+qFniA3jgwdCriymcaQ96RGn8F78+XecmYtRCfX8 -> ssh-ed25519 osOCZA yecY2otHscTma4xjcaaoRmxuUMPNbkv8b4pUBFYLKhg
ENp2WFU2qDz29zOJExCMabQ3WvuMOiERuYuDnXOIjEk t7bCDZqi1qzIeAsE58ecTXq85phEo+DVRr5zBfH/wJk
-> ssh-ed25519 DFiohQ JH5/iUT9x2Dtma1opFghd2MMuLdchaU97stGKHVK9m8 -> ssh-ed25519 DFiohQ 1ZbsKQkh4L6RsFr4R0Rck/7lZ2XsGUC54mmULVZ+PFU
MqeiYXMAlyiON8AuNldxsmScKQrHtIPOHq9nT0ZIXdk 6RtFRqrJTdb8dRZ2IogMl+wGdWyaEo7IBIgQWbCXyVI
-> ssh-ed25519 wU682A V9evWCnHQB4EqccQdDBLQ4GqkbYZOzgc+0Tn9gll6lo -> ssh-ed25519 wU682A SF+XcBZW/XY7tgwyfb1qBJyzSv3X1z4p8RuM34bBeEg
BdUjarUTdhbeG0CCEBWlRTVAHDny8PP4iPvMqe6p62c rkJx3bW+bov5nlBVcQt3WGYxCIgsdoaNIj5h46BBG8I
-> ssh-ed25519 PT7ffg wTMNgxHNZheXruIUvSw3UD6hNa8AXQQ4Wf9r0IZisWs -> ssh-ed25519 PT7ffg Y7OyaYunMQ3LarD4ink3QhKIPL1V5jylcaYrSfOlenM
LwbrIzC3qtBBUuU66vgMyMDNsF1JjnSlQC//2G24x6w BF/24w5Aay+GMYcRiVt6Yp2z1+kUnhLjnLZpQccXM3U
--- IEOH47m19dLIPugcw91lSPpP8gKX5vFr8pA7vcpcce0 --- attYfW8tq8R1PozE1TOGmuRdLqlBzMOo1dpwECgnRjE
R˜S¦ÒZ#Þ¸GQS]˜ƒ KˆÓ¶ÔJBòò&*<2A>üb<>u†.œ»9B„È$<24><>rzĬ®-¢Æ,2çäP}ütSÏæ1yï}/ªÛ˜—„ûækDý´SR¿®?â4Êö“¯:È$+J?h ˜ ZÅñbtalMd†& ,Èão· 2;Ö/»$T³ÿ‰û<E280B0>3Íþô·móµæ2Ä
{Pî­0ŸsçƒÊ?Cɯaé¦x°Õ^ܵkï¤òf­œÛFSz麠5ñQ¨Ò©B0É9Ël=©ÍîL¹_}È•o

18
secrets/hledger-basic-auth.age
View File

@@ -1,10 +1,10 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 osOCZA tPrVq+M1r5ii35AaXmRLeDpcKU7wsHIpBWoQCf6b1RU -> ssh-ed25519 osOCZA gReLtbgzdbsykLo/OWs/S0CWvvUJr0B/660n5NtQO3Q
fdFRUKYXeK8xYrsMhcSy7ZLi40KpH0pjm6Ul+2ouIMA lxP6i2EA0ZvM9ShkM7012TLs47fP+sKzOAJehgvZEoU
-> ssh-ed25519 DFiohQ P8nLAJGmmzmHlydWwygjDAeZ12un00V7Z1Az40nVAWE -> ssh-ed25519 DFiohQ OPP2MdPUYqMuViWTiNavSyXqxfxIRMx+tMKip094ohM
sLGVbo6Fx20pCvRCijCD0NyOSeNxNeVRlax67KEUWRM lLxrJF672ZkbY3ynX7Wrx3srJvg1gfFeynZMeIYL4II
-> ssh-ed25519 PT7ffg 6khi1DV4frFUUn++NppTG/wN6FCqmOz5egmKuwc+VWk -> ssh-ed25519 PT7ffg v0j5GfBvjmf4qNiyVr/foSp2Zw8sJOmjikWa68yoNnI
UHa8RJtkHlh/RrztLANfm96HiOLlseh6pP3iaVOOG5Q WwhUOPXdrrs2ezKfYaUdT0EV/b7U3267E5bpy+RGyxU
--- k1X/cu9Bozfxsb22rkf8utZkf9hE28Dzvvhs4IEBi3Y --- v/hWe76x98rBQgOhANw5wsaE3hlCaFKYSl+x8KjnRNQ
ÎnOóý¼ ¾ê¡€gÄÆbŽ"<>\] nµFí ‰âÓÙ“YÕ6×ûAû9µ‡'8ù :bl
ê§ $žÍj2 %ÂSÞÃ5Ríæj[Ây½™ .1˜ò­+óçΈ¬Ù<2´{+ØPºhdŽ¥È`ã.ôÔR«æ¬ãÔ#€ÊxÑÎhè"ì”kwúe -exÏí¸Ö«»—ƒWUÞç ‰~E¡3ã®éåN<C3A5>"]Œ`´Âª¨ c#Ç;¯vt½=A<>ƒ)ÍÕa¦/<®áŠl#ˆÖUïgfí£„¦ò½RÉ;<<3C>­%á†:!ã$)!Sž¯È<C2AF>

BIN
secrets/immich.age
View File

Binary file not shown.

12
secrets/invidious-companion.age
View File

@@ -1,12 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 osOCZA 9wZ3G4vjwJhYungj/utZ/jgnQRD7qGHsMXM51gNFLyY
SvdeK7R1AxveXXFJng21JK1fy+y7lh6OINB4CtUdS1Q
-> ssh-ed25519 DFiohQ 1NIsoZWR4fY+bcROkw7iq+X0cYIE9g5IiWOqO0FvymQ
igfAuxzfUSlhE3jaTMjqCYeF8ccKVyuUW+uD8JdH75c
-> ssh-ed25519 wU682A g5y8TFpeJ0myejb8r7gL96JBk/q21KlDOBE6ZpCqv2A
I/3aFKq2ne3gVeg+/1LmlKoDyg723yyjUdVdzgFzhV4
--- JsRdNjJ285V+RGktIxJv29Alef95kpB2TOnYH66Wr4Q
z¿
n
´²xÇ
Û¸"KAx)ñÑ8 é…

BIN
secrets/invidious.age
View File

Binary file not shown.

BIN
secrets/mealie.age
View File

Binary file not shown.

BIN
secrets/mosquitto/homie.age
View File

Binary file not shown.

16
secrets/mosquitto/mokkimaatti.age
View File

@@ -1,9 +1,9 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 osOCZA rqLqt3IrvBiIXneOWHFLJ3sBz3+dmNsl8LO6whM3Y2s -> ssh-ed25519 osOCZA eWLRpIyRno4qtjjwpXxlwsW4I5a59h+c8W4mJpb7rmg
5MSFsCQoaF97Ve6ossfYA+JezYy5Rod3Se4/y1kl7Go i1LmqRoWZ8wB1EYxNvtqoMSr1lqGbcHHqyAPK1Ldy3Y
-> ssh-ed25519 DFiohQ 33r7cd+b7CKR2rVcPFlRIVwcLfHrEgXgD/bD//86IG4 -> ssh-ed25519 DFiohQ Wn2NMzQBdv6KsZnBUj82FGo3FdOcyZqd1A+KkQy5G1w
Jg/Nripa9RCtbXaS+1vHBwVBG2q3VMi56lnhEnZvqmo ZCrFCEeikNUmG1pO/f0wy7GzTzwCYoNhQBTeofmo98g
-> ssh-ed25519 PT7ffg uEatAaPQspVG41/O6d1oTkvhZUn2Au1TeJOlxBaVsXA -> ssh-ed25519 PT7ffg RnEdUTw4G7dVL/YWr5vls5IEf1BbrdBCjgk+ZTABlQo
0IATY8BEgVuVpYneH12F59Y+wIxnTh4QOTTajbQmWgY G2PEFcmClmcd8Ap6L4VEipULRZuGj3izzeB0l/cI6FU
--- 22zYI0N7UXX09jMLZ6FXgXaeijamAiKWVSv02kF/HKY --- +Jmqn5CDZN3jaexEWZzZvuKvxjZfXfEdyUW3cQIIsnQ
9$éN[”mÞŽòñNfîq)`qgúÐÃnÏÅ?˜ Ô1«õs,´ü°u(x…µf Ŷ¨é[\£vø:ÉákµòƒB1½ƒlš+5ß[Ûò莠 ¹5ðž<æió1gÿ!ÆEµ8SŠ ¶xü.kÔaÒƒ<03>NåáãÍÁìÿN­ ƒ`‡ù€Úô<C39A>ŒÅ¬8\ÃR ØYoç"¾Øó2ö/˜<[ÿ>ÈuÀyÿÉW¥ÝÞ<C39D>`Ç® <¨™V¨Ø-úÌdÇBª*“ï±)n<>( oB7sñ Õs—À¢à)aE)ÆÐ…4½ŠÎ(îÂmQ¹Fy·xj'„<>wX,QµV”ìÈö

16
secrets/mosquitto/openhab.age
View File

@@ -1,9 +1,9 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 osOCZA 5eUNORBIp4Nm9KJYBGsirBGNmJQTw2jjUW6qNzZZ+XU -> ssh-ed25519 osOCZA dkgMfjgrKalX7uGrncrep3rtVZFXUHeqwbPix7ngyFY
kEnw58503E8dVhigC/gq5LdsMCf/cQ6JE7qDVP04Gf4 a9jzF29C7Ltg7tn7Rcoi95847kRhWePylmMU7PGOkdo
-> ssh-ed25519 DFiohQ IGSUfX4LH1HkCI+Na95AK4uoDi9sribs4ViL4B2Xo2Q -> ssh-ed25519 DFiohQ CeZgWwo/TDb89fUVx2ueTArKGPuBjdp2sklqTpkgoj4
X/BG7S7fU5b9K0tgeGJxLaeFUljaMCt8+y7+67M2zH0 7/H9QMGzIBXcSYTnzXfJwlvlKLI4B1miPU+LXzmiHtE
-> ssh-ed25519 PT7ffg OlYiDqfh3auTa8QvOmK3RMmCu3rCnrqxh2tyCwkQcRg -> ssh-ed25519 PT7ffg 456boso/C85lpir1PYUYD1pzb70vQvTrAN3gKy15s1s
/KFTAcZaTgq5Obq+27dTmI1F3gXxuW2leoUeLB+Xptg Sv2hsM/Yx1hUeGWih5zMYXzJaapm767IDzC/4wmKulU
--- 2GuL6Gd+bx/V7KoFwa00YxEFS/WRoKCjYP89i9RoYOY --- /iFmcxXywCLhEOLKLjzrKx/QW93++yzI7tXvn/asMUQ
„Öe44IÕ»3<C2BB>¦Ô¹jóB½”G€9VýïìX¶Ò-ñ[£/… ãà0E®Á8ºøð­8lTF™â¡DCép MßÂNòN¬ªKžP‡ö¦[s{vúØ3QˆùƒöhÇiàÍ0™ç6Š$ÓÍrx/?ÉeØ“áM@˜2FRÖ2˜ÿAB³+sÈÒ ¯`©òˆ:…*ŸÞ¥·œê')»{;tɤ`E¨`ŠØþ„♇  •Ï„šUà::¿h<E28099>Ó<A±É¢”%ä ZgsE¼ol„¿cƒãÈj¾<> ÄuðÔÔÌBÈ-¬³"{iëÒ Iпíe8NÃæ6§çºV<C2BA>÷SðFã$m¸Æ¥æ¼

BIN
secrets/mosquitto/shelly.age
View File

Binary file not shown.

20
secrets/mosquitto/telegraf.age
View File

@@ -1,12 +1,10 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 osOCZA 74EsAOwngM1isJZEh1Z+ObdeAQ058vV4JV6OzL1krB8 -> ssh-ed25519 osOCZA mY+/XDi0aUXqyjMUtw3loj34odb0pTPOXpP3xMaGTy4
uMgHAuHGbVW0geur0j0jtV1bpMSkemrcrzIsSNXAeu4 bpSIdOmSeIvdO4Aw+hpBuNTlZRNYDk8GdbCVfAoJSIc
-> ssh-ed25519 DFiohQ QZP7wkW9rPR11NacImhLK+rOrq4+4BqrUiPiG7VokFU -> ssh-ed25519 DFiohQ Dju2lm9o2KhU965PEAqGt9LI9BtNsV2bldkPbOC9WzE
+TNH8at4QkKKuJTDvYvjtTltZSPHVeOXJtP3s/Oq5dQ v+8qH52YoNUwrSbvlaN0H7VET9UfEecXwoMaLPXQEiw
-> ssh-ed25519 PT7ffg gCIyIxT2gwbeZt3r1cD3o8u3J7YCVWclQHXyeBNmnRQ -> ssh-ed25519 PT7ffg AFg8dFq8hX/RrrjDLYEpBcrIy630iRRYAkLvag4DF0E
+APIPxlAIUeuWk5EwkI356ZTbDZ1mQirN3lRRXpZqYo Moh8lmYzweMiGLrdBd7kqi13/7vxscNEa15/IRfbCOA
--- Z1vjBtt8aIsDlSzXdaIM7CWWZTqKORHsHn4M8PN5Ue4 --- 6Wnopn2zv15ph9bi31fUEafeKzVTZEp2igI8nVW4P84
¢nlü¹dÏ“4îþŽ+«®Ä¬YÙhëkál[QœGA®²MÉü°Ä½ÈØj^òÆ '‡Q„Ýþ»ãFbÇŠæiÁ¶Û²ýolkú*_'w«Ã
{¿w=<¨2öƒYa ²¢´…5 î.íì>Ý\©%(äElÅ¿PÜž"Õ(†bÔNÚ ¢/m×Ë í´\JëêºØxøÀè˜6"jÖ·d%8‰ä¤ˆ°éš bÁÐãäP ˆ<>#0™•çk]s œv».º
J@ðë]©ŽùzuŠºM2þ0¾Ñ0“ɘ<62>Éu¯)-\Y…¾<>À q"a<19>Ä ˆò¥
k<EFBFBD>lwÂ

BIN
secrets/octodns.age
View File

Binary file not shown.

BIN
secrets/readeck.age
View File

Binary file not shown.

2
secrets/secrets.nix
View File

@@ -44,6 +44,4 @@ in
"context7.age".publicKeys = users ++ [ radish ]; "context7.age".publicKeys = users ++ [ radish ];
"gitea.age".publicKeys = users ++ [ freun-dev ]; "gitea.age".publicKeys = users ++ [ freun-dev ];
"gitea-actions-runner.age".publicKeys = users ++ [ freun-dev ]; "gitea-actions-runner.age".publicKeys = users ++ [ freun-dev ];
"invidious-companion.age".publicKeys = users ++ [ apu ];
"invidious.age".publicKeys = users ++ [ freun-dev ];
} }

BIN
secrets/smtp-password.age
View File

Binary file not shown.

16
secrets/storage-box-credentials.age
View File

@@ -1,9 +1,9 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 osOCZA PDFhOJbsfxCd5u8kqaeCMyFkeAYwRZriF1/OaF/4NU4 -> ssh-ed25519 osOCZA Mq3JCuYFasHg3oSpWgGEjs5+cleWPog/eJCx1SqqXVQ
4D63DStz2EiqVqKs75v2WqZb5yFJC6dyNw9g2Ew7flA SiJ8vHCSZoyhvbQQ3AUOGk54oOQZAqyNNvjRjKHm4Fg
-> ssh-ed25519 DFiohQ LedJzIxbcY0X/avsMfMmpFf+bzobyqVQbCJq+EzWiwg -> ssh-ed25519 DFiohQ xEJMTBuU1uMm3goNGUln63rUbddy96+SZR8K+/LkMB4
CNJIzwEETb9fkcnwUD6wSlhVEgXsZCX2vceHVWHC1lA hFWZe+w2h6sxitweJ+dRNb6HY7YFt1k+/XDVNoDVw0Y
-> ssh-ed25519 PT7ffg DdwjbqndzOwW9T8KR3HAWuL11UaGLwBLUl9Xistu8WY -> ssh-ed25519 PT7ffg ErmwKHYuFoIS8rjMeq/5G6SWKaUhHG/N1Uy/KK7yZXU
gBJSXMjqYsebwey4b0gT1Xv0FSsw6cLuQ09fOuOaDJQ /Iz1mQp8mq7xH+kjP4S5m36GjTpzVRv40mcKPT+5rcc
--- mcc4EdBkqiYh1L9QQV3wTQCnZDdxqCOLzkp4eNu3TDQ --- 82a4oeNSWQhUtTJvV+ErC9nmT3YrATezQzY7m8G2JFU
!%ÛH0cSô¨ôÀÈ;¥èÙœCmk…<f¥¶_Yð aë‡*1¾êr¤ÏDwzŸ¨ *ŸÓ‡ê=®^¨ERÕÞ?Ž<08>b¡ô&`i¸˜¼`^lØ6N÷á4¦Œ S½î-‰þÑ¥ Ù

BIN
secrets/vaultwarden.age
View File

Binary file not shown.

BIN
secrets/voidauth.age
View File

Binary file not shown.

BIN
secrets/wpa_supplicant.age
View File

Binary file not shown.