repomaa/nixos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: repomaa:main
Branches Tags
repomaa:main repomaa:tech/native-immich-module repomaa:refactor
..
compare: repomaa:d6cb5fa99b0f5d65e19117c1b26a7d6cc30442fe
Branches Tags
repomaa:main repomaa:tech/native-immich-module repomaa:refactor

1 Commits
main ... d6cb5fa99b

Author SHA1 Message Date
Joakim Repomaa
d6cb5fa99b fix push image step
Some checks failed
Check / check (push) Successful in 3m35s
Details
Build Images / build (push) Failing after 1m4s
Details
2026-02-22 17:44:44 +02:00
77 changed files with 660 additions and 2378 deletions
Expand all files Collapse all files

17
.gitea/workflows/build-images.yml
View File

@@ -19,6 +19,8 @@ jobs:
- name: Push to Gitea Registry - name: Push to Gitea Registry
if: github.event_name == 'push' && github.ref == 'refs/heads/main' if: github.event_name == 'push' && github.ref == 'refs/heads/main'
env:
GITEA_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: | run: |
REGISTRY="${{ github.server_url }}" REGISTRY="${{ github.server_url }}"
REGISTRY="${REGISTRY#https://}" REGISTRY="${REGISTRY#https://}"
@@ -27,12 +29,13 @@ jobs:
# Push aarch64 image # Push aarch64 image
skopeo copy \ skopeo copy \
--insecure-policy \ --insecure-policy \
--dest-creds "${{ github.repository_owner }}:${{ secrets.REGISTRY_TOKEN }}" \ --dest-creds "${{ github.actor }}:${GITEA_TOKEN}" \
"docker-archive:./image-aarch64.tar.gz" \
"docker://${REGISTRY}/${{ github.repository }}/node:latest"
skopeo copy \
--insecure-policy \
--dest-creds "${{ github.repository_owner }}:${{ secrets.REGISTRY_TOKEN }}" \
"docker-archive:./image-aarch64.tar.gz" \ "docker-archive:./image-aarch64.tar.gz" \
"docker://${REGISTRY}/${{ github.repository }}/node:latest-arm64" "docker://${REGISTRY}/${{ github.repository }}/node:latest-arm64"
# Create and push manifest for arm64
skopeo manifest create \
--insecure-policy \
--dest-creds "${{ github.actor }}:${GITEA_TOKEN}" \
"docker://${REGISTRY}/${{ github.repository }}/node:latest" \
"docker://${REGISTRY}/${{ github.repository }}/node:latest-arm64"

14
.zed/tasks.json
View File

@@ -6,7 +6,7 @@
"allow_concurrent_runs": true, "allow_concurrent_runs": true,
"reveal": "no_focus", "reveal": "no_focus",
"reveal_target": "dock", "reveal_target": "dock",
"hide": "on_success", "hide": "on_success"
}, },
{ {
"label": "Apply remote", "label": "Apply remote",
@@ -16,26 +16,26 @@
"allow_concurrent_runs": true, "allow_concurrent_runs": true,
"reveal": "no_focus", "reveal": "no_focus",
"reveal_target": "dock", "reveal_target": "dock",
"hide": "on_success", "hide": "on_success"
}, },
{ {
"label": "Apply on freun-dev", "label": "Apply on freun-dev",
"command": "apply", "command": "apply",
"args": ["--on", "freun-dev"], "args": ["--build-on-target", "--on", "freun-dev"],
"use_new_terminal": false, "use_new_terminal": false,
"allow_concurrent_runs": true, "allow_concurrent_runs": true,
"reveal": "no_focus", "reveal": "no_focus",
"reveal_target": "dock", "reveal_target": "dock",
"hide": "on_success", "hide": "on_success"
}, },
{ {
"label": "Apply on apu", "label": "Apply on apu",
"command": "apply", "command": "apply",
"args": ["--on", "apu"], "args": ["--build-on-target", "--on", "apu"],
"use_new_terminal": false, "use_new_terminal": false,
"allow_concurrent_runs": true, "allow_concurrent_runs": true,
"reveal": "no_focus", "reveal": "no_focus",
"reveal_target": "dock", "reveal_target": "dock",
"hide": "on_success", "hide": "on_success"
}, }
] ]

2
README.md
View File

@@ -1,3 +1,3 @@
# My NixOS Configurations # My NixOS Configurations
[![check workflow status](https://git.freun.dev/repomaa/nixos/actions/workflows/check.yml/badge.svg)](https://git.freun.dev/repomaa/nixos/actions?workflow=check.yml) [![build images workflow status](https://git.freun.dev/repomaa/nixos/actions/workflows/build-images.yml/badge.svg)](https://git.freun.dev/repomaa/nixos/actions?workflow=build-images.yml) [![builds.sr.ht status](https://builds.sr.ht/~repomaa/NixOS.svg)](https://builds.sr.ht/~repomaa/NixOS?)

1
custom-pkgs/crystal/default.nix Normal file
View File

@@ -0,0 +1 @@
{ util, ... }: util.package { }

14
custom-pkgs/crystal/package.nix Normal file
View File

@@ -0,0 +1,14 @@
{ pkgs, ... }:
let
inherit (pkgs) crystal libffi;
in
crystal.overrideAttrs (oldAttrs: {
makeFlags = oldAttrs.makeFlags ++ [
"interpreter=1"
];
buildInputs = oldAttrs.buildInputs ++ [
libffi
];
FLAGS = [ "--single-module" ];
doCheck = false;
})

536
flake.lock generated
View File

@@ -23,64 +23,6 @@
"type": "github" "type": "github"
} }
}, },
"blueprint": {
"inputs": {
"nixpkgs": [
"llm-agents",
"nixpkgs"
],
"systems": [
"llm-agents",
"systems"
]
},
"locked": {
"lastModified": 1776249299,
"narHash": "sha256-Dt9t1TGRmJFc0xVYhttNBD6QsAgHOHCArqGa0AyjrJY=",
"owner": "numtide",
"repo": "blueprint",
"rev": "56131e8628f173d24a27f6d27c0215eff57e40dd",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "blueprint",
"type": "github"
}
},
"bun2nix": {
"inputs": {
"flake-parts": [
"llm-agents",
"flake-parts"
],
"nixpkgs": [
"llm-agents",
"nixpkgs"
],
"systems": [
"llm-agents",
"systems"
],
"treefmt-nix": [
"llm-agents",
"treefmt-nix"
]
},
"locked": {
"lastModified": 1778446047,
"narHash": "sha256-oQvcadh2BCkrog+SGrG6YffKJrveYpjj3TdQJWaKhaM=",
"owner": "nix-community",
"repo": "bun2nix",
"rev": "f2bc12af1a6369648aac41041ceeaa0b866599c6",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "bun2nix",
"type": "github"
}
},
"colmena": { "colmena": {
"inputs": { "inputs": {
"flake-compat": "flake-compat", "flake-compat": "flake-compat",
@@ -107,11 +49,11 @@
}, },
"crane": { "crane": {
"locked": { "locked": {
"lastModified": 1779130139, "lastModified": 1771121070,
"narHash": "sha256-BLrtr42azquO7MdGFU5a7KiMl3YpFlTeIXqy1fT5GlQ=", "narHash": "sha256-aIlv7FRXF9q70DNJPI237dEDAznSKaXmL5lfK/Id/bI=",
"owner": "ipetkov", "owner": "ipetkov",
"repo": "crane", "repo": "crane",
"rev": "edb38893982a3338972bb4a2ec7ce7c29ba10fd9", "rev": "a2812c19f1ed2e5ed5ce2ef7109798b575c180e1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -145,11 +87,11 @@
"dnote": { "dnote": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1774496111, "lastModified": 1765604939,
"narHash": "sha256-F7sP/QtZhfoNJX7LAZRmL/MjRByzJFNPUQBNpifSimQ=", "narHash": "sha256-5+grN/dsqRRFzUkz6ksvuEhgi4lYq64Rd0fejqzz8/Y=",
"owner": "dnote", "owner": "dnote",
"repo": "dnote", "repo": "dnote",
"rev": "1610b41e18a814b7aa7f4f784ba283794150853f", "rev": "9fa312e3fc6139788533ca6cd1ada8c16a10519c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -195,11 +137,11 @@
"nixpkgs-lib": "nixpkgs-lib" "nixpkgs-lib": "nixpkgs-lib"
}, },
"locked": { "locked": {
"lastModified": 1778716662, "lastModified": 1769996383,
"narHash": "sha256-m1Yf0wZ8j1OHjTc2UwHwyQRSnNeSgLJOd7q5Y45hzi4=", "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "f7c1a2d347e4c52d5fb8d10cb4d94b5884e546fb", "rev": "57928607ea566b5db3ad13af0e57e921e6b12381",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -244,27 +186,6 @@
"type": "github" "type": "github"
} }
}, },
"flake-parts_4": {
"inputs": {
"nixpkgs-lib": [
"llm-agents",
"nixpkgs"
]
},
"locked": {
"lastModified": 1778716662,
"narHash": "sha256-m1Yf0wZ8j1OHjTc2UwHwyQRSnNeSgLJOd7q5Y45hzi4=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "f7c1a2d347e4c52d5fb8d10cb4d94b5884e546fb",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": { "flake-utils": {
"locked": { "locked": {
"lastModified": 1659877975, "lastModified": 1659877975,
@@ -336,25 +257,7 @@
}, },
"flake-utils_5": { "flake-utils_5": {
"inputs": { "inputs": {
"systems": "systems_7" "systems": "systems_5"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_6": {
"inputs": {
"systems": "systems_8"
}, },
"locked": { "locked": {
"lastModified": 1731533236, "lastModified": 1731533236,
@@ -483,11 +386,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1779506708, "lastModified": 1770260404,
"narHash": "sha256-QOD/CNm196nCJRheux/URi4/HE66fthdOMqCJoPP1Y0=", "narHash": "sha256-3iVX1+7YUIt23hBx1WZsUllhbmP2EnXrV8tCRbLxHc8=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "3ee51fbdac8c8bdfe1e7e1fcaba6520a563f394f", "rev": "0d782ee42c86b196acff08acfbf41bb7d13eed5b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -537,18 +440,16 @@
"lanzaboote": { "lanzaboote": {
"inputs": { "inputs": {
"crane": "crane", "crane": "crane",
"nixpkgs": [ "nixpkgs": "nixpkgs_3",
"nixpkgs"
],
"pre-commit": "pre-commit", "pre-commit": "pre-commit",
"rust-overlay": "rust-overlay" "rust-overlay": "rust-overlay"
}, },
"locked": { "locked": {
"lastModified": 1779865172, "lastModified": 1771492583,
"narHash": "sha256-QZuox/4ww6vOmUu9lCpKlQbU3MER1kmgnJmXP1LO1K0=", "narHash": "sha256-nQzvnU4BGu8dA6BsPPCqmVcab/3ebVmHtX3ZWbW3Hxc=",
"owner": "nix-community", "owner": "nix-community",
"repo": "lanzaboote", "repo": "lanzaboote",
"rev": "f42b84f9fb03db98dee2073e932010f3a76eeb9a", "rev": "5e9380994665ef66c87ab8e22c913ff837174ce4",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -557,121 +458,6 @@
"type": "github" "type": "github"
} }
}, },
"llm-agents": {
"inputs": {
"blueprint": "blueprint",
"bun2nix": "bun2nix",
"flake-parts": "flake-parts_4",
"nixpkgs": [
"nixpkgs-unstable"
],
"systems": "systems_5",
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1780050433,
"narHash": "sha256-90mQY7VUvn6WoNh+m4LSqS+XTcofWOBLgYYmSJVyr98=",
"owner": "numtide",
"repo": "llm-agents.nix",
"rev": "0fb42103f93cd5c1152254856d7eccb3e91c8bf6",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "llm-agents.nix",
"type": "github"
}
},
"models-dev": {
"flake": false,
"locked": {
"lastModified": 1780068026,
"narHash": "sha256-OkMHzM1//oPQFbQTyi3a09HdTZyLstR+Lamhoje+tpU=",
"owner": "anomalyco",
"repo": "models.dev",
"rev": "277ac8577eb6d5543fc65193974228dcb0d021ef",
"type": "github"
},
"original": {
"owner": "anomalyco",
"repo": "models.dev",
"type": "github"
}
},
"niri-flake": {
"inputs": {
"niri-stable": "niri-stable",
"niri-unstable": "niri-unstable",
"nixpkgs": [
"nixpkgs-unstable"
],
"nixpkgs-stable": "nixpkgs-stable",
"xwayland-satellite-stable": "xwayland-satellite-stable",
"xwayland-satellite-unstable": "xwayland-satellite-unstable"
},
"locked": {
"lastModified": 1780062130,
"narHash": "sha256-3XF+oy0PX4aajJw2RNB8rlMpyu0eXCG4pGH7fe94yBg=",
"owner": "sodiboo",
"repo": "niri-flake",
"rev": "3cb351d73c357a4e413f59c4551d219118791c14",
"type": "github"
},
"original": {
"owner": "sodiboo",
"repo": "niri-flake",
"type": "github"
}
},
"niri-stable": {
"flake": false,
"locked": {
"lastModified": 1756556321,
"narHash": "sha256-RLD89dfjN0RVO86C/Mot0T7aduCygPGaYbog566F0Qo=",
"owner": "YaLTeR",
"repo": "niri",
"rev": "01be0e65f4eb91a9cd624ac0b76aaeab765c7294",
"type": "github"
},
"original": {
"owner": "YaLTeR",
"ref": "v25.08",
"repo": "niri",
"type": "github"
}
},
"niri-unstable": {
"flake": false,
"locked": {
"lastModified": 1780056110,
"narHash": "sha256-t7lKVshV/srD0G06j4r5P5qj9zaDeZ9JYFCxHDGROZU=",
"owner": "YaLTeR",
"repo": "niri",
"rev": "f9f43d826ab4014a7c302be28d7da33e12f5be37",
"type": "github"
},
"original": {
"owner": "YaLTeR",
"repo": "niri",
"type": "github"
}
},
"nix-flatpak": {
"locked": {
"lastModified": 1767983141,
"narHash": "sha256-7ZCulYUD9RmJIDULTRkGLSW1faMpDlPKcbWJLYHoXcs=",
"owner": "gmodena",
"repo": "nix-flatpak",
"rev": "440818969ac2cbd77bfe025e884d0aa528991374",
"type": "github"
},
"original": {
"owner": "gmodena",
"ref": "latest",
"repo": "nix-flatpak",
"type": "github"
}
},
"nix-github-actions": { "nix-github-actions": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -694,17 +480,12 @@
} }
}, },
"nixos-hardware": { "nixos-hardware": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": { "locked": {
"lastModified": 1780065812, "lastModified": 1771423359,
"narHash": "sha256-SCSLUKBmwlSLGQ8Xbr8PjRFtiHNk0l9ktqkcmqdBkfE=", "narHash": "sha256-yRKJ7gpVmXbX2ZcA8nFi6CMPkJXZGjie2unsiMzj3Ig=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "b76b5639c0593e0aeb0b5879ad62d4b30596c144", "rev": "740a22363033e9f1bb6270fbfb5a9574067af15b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -732,11 +513,11 @@
}, },
"nixpkgs-lib": { "nixpkgs-lib": {
"locked": { "locked": {
"lastModified": 1777168982, "lastModified": 1769909678,
"narHash": "sha256-GOkGPcboWE9BmGCRMLX3worL4EMnsnG8MyKmXNeYuhQ=", "narHash": "sha256-cBEymOf4/o3FD5AZnzC3J9hLbiZ+QDT/KDuyHXVJOpM=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixpkgs.lib", "repo": "nixpkgs.lib",
"rev": "f5901329dade4a6ea039af1433fb087bd9c1fe14", "rev": "72716169fe93074c333e8d0173151350670b824c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -769,29 +550,13 @@
"url": "https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz" "url": "https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz"
} }
}, },
"nixpkgs-stable": {
"locked": {
"lastModified": 1779796641,
"narHash": "sha256-ZsIrKmhp4vbBXoXXmR/tBXA/UCsAQiJL9vsgZEduhVY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "25f538306313eae3927264466c70d7001dcea1df",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1779560665, "lastModified": 1771369470,
"narHash": "sha256-tpyBcxPpcQb8ukyNF7DoCwfSY3VPsxHoYwj00Cayv5o=", "narHash": "sha256-0NBlEBKkN3lufyvFegY4TYv5mCNHbi5OmBDrzihbBMQ=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "64c08a7ca051951c8eae34e3e3cb1e202fe36786", "rev": "0182a361324364ae3f436a63005877674cf45efb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -819,11 +584,27 @@
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1779796641, "lastModified": 1771008912,
"narHash": "sha256-ZsIrKmhp4vbBXoXXmR/tBXA/UCsAQiJL9vsgZEduhVY=", "narHash": "sha256-gf2AmWVTs8lEq7z/3ZAsgnZDhWIckkb+ZnAo5RzSxJg=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "25f538306313eae3927264466c70d7001dcea1df", "rev": "a82ccc39b39b621151d6732718e3e250109076fa",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1771419570,
"narHash": "sha256-bxAlQgre3pcQcaRUm/8A0v/X8d2nhfraWSFqVmMcBcU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "6d41bc27aaf7b6a3ba6b169db3bd5d6159cfaa47",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -833,50 +614,6 @@
"type": "github" "type": "github"
} }
}, },
"noctalia": {
"inputs": {
"nixpkgs": [
"nixpkgs-unstable"
],
"noctalia-qs": "noctalia-qs"
},
"locked": {
"lastModified": 1779763713,
"narHash": "sha256-as2Vo4PitnWfXezfkQB2H3Rsr/DXJPp4Oe+dE+dZ0Xo=",
"owner": "noctalia-dev",
"repo": "noctalia-shell",
"rev": "272cd91408b5ff6e329e6397eed042fe422069e7",
"type": "github"
},
"original": {
"owner": "noctalia-dev",
"repo": "noctalia-shell",
"type": "github"
}
},
"noctalia-qs": {
"inputs": {
"nixpkgs": [
"noctalia",
"nixpkgs"
],
"systems": "systems_6",
"treefmt-nix": "treefmt-nix_2"
},
"locked": {
"lastModified": 1779588472,
"narHash": "sha256-CVonDVo41DqdqS/kNeXFatwEuTltyXcppm9zkVOnrsM=",
"owner": "noctalia-dev",
"repo": "noctalia-qs",
"rev": "70fea8a39a908e395de63024a4dfdb829bff1ffe",
"type": "github"
},
"original": {
"owner": "noctalia-dev",
"repo": "noctalia-qs",
"type": "github"
}
},
"pnpm2nix": { "pnpm2nix": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_3", "flake-utils": "flake-utils_3",
@@ -906,11 +643,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1778507602, "lastModified": 1770726378,
"narHash": "sha256-kTwur1wV+01SdqskVMSo6JMEpg71ps3HpbFY2GsflKs=", "narHash": "sha256-kck+vIbGOaM/dHea7aTBxdFYpeUl/jHOy5W3eyRvVx8=",
"owner": "cachix", "owner": "cachix",
"repo": "pre-commit-hooks.nix", "repo": "pre-commit-hooks.nix",
"rev": "61ab0e80d9c7ab14c256b5b453d8b3fb0189ba0a", "rev": "5eaaedde414f6eb1aea8b8525c466dc37bba95ae",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -931,20 +668,13 @@
"ketchup": "ketchup", "ketchup": "ketchup",
"ksoloti-pr": "ksoloti-pr", "ksoloti-pr": "ksoloti-pr",
"lanzaboote": "lanzaboote", "lanzaboote": "lanzaboote",
"llm-agents": "llm-agents",
"models-dev": "models-dev",
"niri-flake": "niri-flake",
"nix-flatpak": "nix-flatpak",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_3", "nixpkgs": "nixpkgs_4",
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",
"noctalia": "noctalia",
"syntax-renderer": "syntax-renderer", "syntax-renderer": "syntax-renderer",
"tonearm": "tonearm", "tonearm": "tonearm",
"tree_hugger": "tree_hugger",
"turny": "turny", "turny": "turny",
"voidauth": "voidauth", "voidauth": "voidauth",
"voxtype": "voxtype",
"workout-sync": "workout-sync" "workout-sync": "workout-sync"
} }
}, },
@@ -956,11 +686,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1779592685, "lastModified": 1771125043,
"narHash": "sha256-p9d56GezhHRf4QfANxwa1d+fvwShvjB5XUhdIl7WEd0=", "narHash": "sha256-ldf/s49n6rOAxl7pYLJGGS1N/assoHkCOWdEdLyNZkc=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "3a58b199e7c83a80b85c28044f808085ba7e941c", "rev": "4912f951a26dc8142b176be2c2ad834319dc06e8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1076,51 +806,6 @@
"type": "github" "type": "github"
} }
}, },
"systems_6": {
"locked": {
"lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
"owner": "nix-systems",
"repo": "default-linux",
"rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default-linux",
"type": "github"
}
},
"systems_7": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_8": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"tonearm": { "tonearm": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_5", "flake-utils": "flake-utils_5",
@@ -1140,69 +825,6 @@
"url": "https://codeberg.org/dergs/Tonearm/archive/v1.0.0.tar.gz" "url": "https://codeberg.org/dergs/Tonearm/archive/v1.0.0.tar.gz"
} }
}, },
"tree_hugger": {
"inputs": {
"nixpkgs": [
"nixpkgs-unstable"
]
},
"locked": {
"lastModified": 1774531531,
"narHash": "sha256-v4zPHfGQw79uyOUeqWAlOE0A7ZjQVYhpfyibnsUe1k4=",
"ref": "refs/heads/main",
"rev": "af16fcdcfcfc17f2be03879b7d8e858976936619",
"revCount": 67,
"type": "git",
"url": "ssh://git@github.com/everii-Group/tree_hugger"
},
"original": {
"type": "git",
"url": "ssh://git@github.com/everii-Group/tree_hugger"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"llm-agents",
"nixpkgs"
]
},
"locked": {
"lastModified": 1775636079,
"narHash": "sha256-pc20NRoMdiar8oPQceQT47UUZMBTiMdUuWrYu2obUP0=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "790751ff7fd3801feeaf96d7dc416a8d581265ba",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"treefmt-nix_2": {
"inputs": {
"nixpkgs": [
"noctalia",
"noctalia-qs",
"nixpkgs"
]
},
"locked": {
"lastModified": 1775636079,
"narHash": "sha256-pc20NRoMdiar8oPQceQT47UUZMBTiMdUuWrYu2obUP0=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "790751ff7fd3801feeaf96d7dc416a8d581265ba",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"turny": { "turny": {
"inputs": { "inputs": {
"flake-parts": [ "flake-parts": [
@@ -1250,27 +872,6 @@
"type": "github" "type": "github"
} }
}, },
"voxtype": {
"inputs": {
"flake-utils": "flake-utils_6",
"nixpkgs": [
"nixpkgs-unstable"
]
},
"locked": {
"lastModified": 1780001111,
"narHash": "sha256-zsOG1mBTXN4gdsTb1pUPKXATfhV5ZjgEsIUk07asaGo=",
"owner": "peteonrails",
"repo": "voxtype",
"rev": "56b04aa142150f1d503e62f3c6125df38a42840f",
"type": "github"
},
"original": {
"owner": "peteonrails",
"repo": "voxtype",
"type": "github"
}
},
"workout-sync": { "workout-sync": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -1290,39 +891,6 @@
"repo": "workout-sync", "repo": "workout-sync",
"type": "sourcehut" "type": "sourcehut"
} }
},
"xwayland-satellite-stable": {
"flake": false,
"locked": {
"lastModified": 1755491097,
"narHash": "sha256-m+9tUfsmBeF2Gn4HWa6vSITZ4Gz1eA1F5Kh62B0N4oE=",
"owner": "Supreeeme",
"repo": "xwayland-satellite",
"rev": "388d291e82ffbc73be18169d39470f340707edaa",
"type": "github"
},
"original": {
"owner": "Supreeeme",
"ref": "v0.7",
"repo": "xwayland-satellite",
"type": "github"
}
},
"xwayland-satellite-unstable": {
"flake": false,
"locked": {
"lastModified": 1779745227,
"narHash": "sha256-yqY7RtEJGJiENzR0GwL6q69tSAy6xAAmAcLuIhLjPf8=",
"owner": "Supreeeme",
"repo": "xwayland-satellite",
"rev": "5d1efbc9dc3ab1c10160b656e0247f3325daf0f2",
"type": "github"
},
"original": {
"owner": "Supreeeme",
"repo": "xwayland-satellite",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

35
flake.nix
View File

@@ -7,14 +7,8 @@
url = "github:gtrackmap/gtrackmap"; url = "github:gtrackmap/gtrackmap";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
lanzaboote = { lanzaboote.url = "github:nix-community/lanzaboote";
url = "github:nix-community/lanzaboote"; nixos-hardware.url = "github:NixOS/nixos-hardware/master";
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-hardware = {
url = "github:NixOS/nixos-hardware/master";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager = { home-manager = {
url = "github:nix-community/home-manager/release-25.11"; url = "github:nix-community/home-manager/release-25.11";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@@ -62,31 +56,6 @@
inputs.nixpkgs.follows = "nixpkgs-unstable"; inputs.nixpkgs.follows = "nixpkgs-unstable";
inputs.flake-parts.follows = "flake-parts"; inputs.flake-parts.follows = "flake-parts";
}; };
voxtype = {
url = "github:peteonrails/voxtype";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
tree_hugger = {
url = "git+ssh://git@github.com/everii-Group/tree_hugger";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
models-dev = {
url = "github:anomalyco/models.dev";
flake = false;
};
noctalia = {
url = "github:noctalia-dev/noctalia-shell";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
niri-flake = {
url = "github:sodiboo/niri-flake";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
nix-flatpak.url = "github:gmodena/nix-flatpak/?ref=latest";
llm-agents = {
url = "github:numtide/llm-agents.nix";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
}; };
outputs = outputs =
{ {

871
home/common/default.nix
View File

@@ -7,34 +7,14 @@
self, self,
... ...
}: }:
let
noctalia-package = inputs.noctalia.packages.${pkgs.stdenv.hostPlatform.system}.default.override {
calendarSupport = true;
};
ns = lib.getExe noctalia-package;
ns-ipc =
args:
[
ns
"ipc"
"call"
]
++ args;
in
{ {
imports = [ imports = [
../gnome ../gnome
./dnote.nix ./dnote.nix
../modules/zed ../modules/zed
../modules/voxtype
../modules/elephant
./secrets.nix ./secrets.nix
inputs.hastebin.nixosModules.hm inputs.hastebin.nixosModules.hm
inputs.agenix.homeManagerModules.default inputs.agenix.homeManagerModules.default
inputs.voxtype.homeManagerModules.default
inputs.noctalia.homeModules.default
inputs.niri-flake.homeModules.niri
inputs.nix-flatpak.homeManagerModules.nix-flatpak
]; ];
# This value determines the Home Manager release that your configuration is # This value determines the Home Manager release that your configuration is
@@ -46,221 +26,77 @@ in
# release notes. # release notes.
home.stateVersion = "23.11"; # Please read the comment before changing. home.stateVersion = "23.11"; # Please read the comment before changing.
home.packages = home.packages = with pkgs; [
with pkgs; htop
[ gnupg
atool pkgs-unstable.yubioath-flutter
unzip pkgs-unstable.yubikey-manager
htop gcc
gnupg sqlite
pkgs-unstable.yubioath-flutter noto-fonts
pkgs-unstable.yubikey-manager noto-fonts-cjk-sans
gcc noto-fonts-color-emoji
sqlite source-sans-pro
noto-fonts mosh
noto-fonts-cjk-sans docker-compose
noto-fonts-color-emoji signal-desktop
source-sans-pro cargo
mosh blanket
docker-compose wl-clipboard
(signal-desktop.override { gnumeric
commandLineArgs = "--password-store=gnome-libsecret"; gh
}) neovim-remote
cargo pkgs-unstable.gradia
blanket crystal
wl-clipboard shards
gnumeric moreutils
gh keymapp
neovim-remote gnumake
pkgs-unstable.gradia tig
crystal jq
shards yt-dlp
moreutils ffmpeg
keymapp otp
gnumake manix
tig (writeShellScriptBin "fd" ''
jq ${fd}/bin/fd -H "$@"
yt-dlp '')
ffmpeg pkgs-unstable.rpi-imager
otp picocom
manix imagemagick
(writeShellScriptBin "fd" '' ghostscript
${fd}/bin/fd -H "$@" inkscape
'') jless
pkgs-unstable.rpi-imager scribus
picocom dnscontrol
imagemagick protonmail-bridge
ghostscript hydroxide
inkscape imapsync
jless nixfmt-rfc-style
scribus tree
dnscontrol virt-manager
protonmail-bridge pkgs-unstable.ncspot
hydroxide pkgs-unstable.devbox
imapsync pkgs-unstable.feishin
nixfmt-rfc-style openscad
tree pkgs-unstable.walker
virt-manager pkgs-unstable.shairport-sync-airplay2
pkgs-unstable.ncspot (writeShellScriptBin "pw" ''
pkgs-unstable.devbox ${lib.getExe rbw} ls --fields 'id,folder,name' | \
pkgs-unstable.feishin ${lib.getExe gawk} -F '\t' '{print $1 "\t" ($2 == "" ? "" : $2 "/") $3}' | \
openscad ${lib.getExe pkgs-unstable.walker} -d -l 2 | \
pkgs-unstable.shairport-sync-airplay2 xargs ${lib.getExe rbw} get "$@" | ${lib.getExe' wl-clipboard "wl-copy"}
(writeShellScriptBin "pw" '' '')
${lib.getExe rbw} ls --fields 'id,folder,name' | \ (google-fonts.override { fonts = [ "Tajawal" ]; })
${lib.getExe gawk} -F '\t' '{print $1 "\t" ($2 == "" ? "" : $2 "/") $3}' | \ pkgs-unstable.opencode
${lib.getExe config.services.walker.package} -d -l 2 | \ (writeShellScriptBin "nr" ''
xargs ${lib.getExe rbw} get "$@" | ${lib.getExe' wl-clipboard "wl-copy"} ${lib.getExe nix} run "nixpkgs#''${1}" "$@"
'') '')
(google-fonts.override { fonts = [ "Tajawal" ]; }) pkgs-unstable.tidal-hifi
(writeShellScriptBin "nr" '' inputs.tonearm.packages.${pkgs.stdenv.hostPlatform.system}.tonearm
${lib.getExe nix} run "nixpkgs#''${1}" "$@" ];
'')
blueman
pavucontrol
(writeShellScriptBin "voxtoggle" ''
status=$(${lib.getExe config.programs.voxtype.package} status)
pid=$(cat ''${XDG_RUNTIME_DIR}/voxtype/pid)
if [[ "$status" == "stopped" ]]; then
exit 1
elif [[ "$status" == "recording" ]]; then
kill -SIGUSR2 "$pid"
else
kill -SIGUSR1 "$pid"
fi
'')
(writeShellScriptBin "scrot" ''
set -eo pipefail
${lib.getExe grim} -t ppm -g "$(${lib.getExe slurp} -o -d -F monospace)" - | ${lib.getExe gradia}
'')
inputs.tree_hugger.packages.${stdenv.hostPlatform.system}.default
(writeShellScriptBin "ns" "${lib.join " " (ns-ipc [ ''"$@"'' ])}")
]
++ (with inputs.llm-agents.packages.${pkgs.stdenv.hostPlatform.system}; [
pi
opencode
crush
]);
programs = { programs = {
noctalia-shell = {
enable = true;
settings = {
bar = {
density = "compact";
position = "top";
showCapsule = false;
widgets = {
left = [
{
id = "Workspace";
hideUnoccupied = true;
labelMode = "none";
}
];
center = [
{
id = "Clock";
formatHorizontal = "HH:mm";
formatVertical = "HH mm";
usePrimaryColor = true;
}
];
right = [
{
id = "plugin:privacy-indicator";
}
{
id = "Battery";
warningThreshold = 20;
}
{
id = "NotificationHistory";
}
{
id = "Network";
}
{
id = "Bluetooth";
}
{
id = "VPN";
}
{
id = "ControlCenter";
useDistroLogo = true;
}
];
};
};
audio.visualizerType = "linear";
wallpaper = {
overviewEnabled = true;
directory = "~/Pictures/Wallpapers";
automationEnabled = true;
};
controlCenter.shortcuts = {
right = [
{ id = "PowerProfile"; }
{ id = "KeepAwake"; }
{ id = "NightLight"; }
{ id = "DarkMode"; }
];
};
sessionMenu = {
countdownDuration = 5000;
powerOptions =
let
powerOption =
action: options:
{
inherit action;
enabled = true;
}
// options;
in
[
(powerOption "lock" {
keybind = "1";
countdownEnabled = false;
})
(powerOption "suspend" {
keybind = "2";
countdownEnabled = false;
})
(powerOption "hibernate" { keybind = "3"; })
(powerOption "reboot" { keybind = "4"; })
(powerOption "logout" { keybind = "5"; })
(powerOption "shutdown" { keybind = "6"; })
(powerOption "rebootToUefi" { keybind = "7"; })
];
};
colorSchemes.useWallpaperColors = true;
nightLight.enabled = true;
idle.enabled = true;
general = {
avatarImage = "~/.face";
radiusRatio = 0.2;
clockStyle = "analog";
};
location = {
monthBeforeDay = false;
analogClockInCalendar = true;
firstDayOfWeek = 0;
showWeekNumberInCalendar = true;
autoLocate = true;
};
package = noctalia-package;
};
};
nh = { nh = {
enable = true; enable = true;
flake = self; flake = self;
@@ -465,11 +301,6 @@ in
gh pr checkout {{.Form.pr | quote}} gh pr checkout {{.Form.pr | quote}}
''; '';
} }
{
key = "D";
context = "localBranches";
command = "th prune {{.SelectedLocalBranch.Name}}";
}
]; ];
}; };
}; };
@@ -494,6 +325,7 @@ in
}; };
}; };
"apu" = { "apu" = {
hostname = "apu.tempel-vibes.ts.net";
user = "root"; user = "root";
}; };
}; };
@@ -595,50 +427,6 @@ in
enable = true; enable = true;
defaultEditor = true; defaultEditor = true;
}; };
voxtype = {
enable = true;
package = inputs.voxtype.packages.${pkgs.stdenv.hostPlatform.system}.vulkan;
model.name = "large-v3-turbo";
service.enable = true;
settings = {
hotkey.enabled = false;
whisper.language = "auto";
output.notification = {
on_recording_start = false;
on_recording_stop = false;
on_transcription = false;
};
};
postProcessing = {
enable = true;
settings = {
model = "qwen3:4b-instruct";
commonInstructions = "no quotes, no emojis, no explanations";
prompts = [
{
title = "Clean up";
instructions = "First identify what language this is, then respond in that language. Clean up: remove filler words, fix grammar and punctuation. Preserve all nuances of the original dictation. Output ONLY the cleaned text";
}
{
title = "Make a title";
instructions = "First identify what language this is, then respond in that language. Create a concise and descriptive title";
}
{
title = "Summarize";
instructions = "First identify what language this is, then respond in that language. Summarize in a few sentences";
}
{
title = "Commit message";
instructions = "Write a concise and descriptive git commit message for this dictation in English";
}
{
title = "Translate to English";
instructions = "Translate this dictation. Remove filler words, fix grammar and punctuation. Output ONLY the translation";
}
];
};
};
};
}; };
gnome = { gnome = {
@@ -786,20 +574,15 @@ in
# #
# /etc/profiles/per-user/jokke/etc/profile.d/hm-session-vars.sh # /etc/profiles/per-user/jokke/etc/profile.d/hm-session-vars.sh
# #
systemd.user.sessionVariables = {
home.sessionVariables = {
NIXOS_OZONE_WL = 1; NIXOS_OZONE_WL = 1;
NVIM_LISTEN_ADDRESS = "$XDG_RUNTIME_DIR/nvimsocket"; NVIM_LISTEN_ADDRESS = "$XDG_RUNTIME_DIR/nvimsocket";
PAGER = "bat --paging=always --style=plain"; PAGER = "bat --paging=always --style=plain";
MANPAGER = "sh -c 'col -bx | bat -l man -p'"; MANPAGER = "sh -c 'col -bx | bat -l man -p'";
MANROFFOPT = "-c"; MANROFFOPT = "-c";
DO_NOT_TRACK = 1; DO_NOT_TRACK = 1;
DOCKER_HOST = "unix://$XDG_RUNTIME_DIR/podman/podman.sock";
}; };
systemd.user.sessionVariables = lib.mapAttrs (_: v: toString v) config.home.sessionVariables;
programs.zsh.sessionVariables = config.home.sessionVariables;
home.shellAliases = { home.shellAliases = {
_ = "sudo"; _ = "sudo";
icr = "crystal i"; icr = "crystal i";
@@ -810,52 +593,12 @@ in
ls = "ls --color=auto"; ls = "ls --color=auto";
}; };
services = { services.gpg-agent = with pkgs; {
gpg-agent = with pkgs; {
enable = true;
enableSshSupport = true;
pinentry.package = pinentry-gnome3;
};
};
services.flatpak = {
update.onActivation = true;
packages = [
"dev.diegovsky.Riff"
];
};
services.walker = {
enable = true; enable = true;
package = pkgs.symlinkJoin { enableSshSupport = true;
inherit (pkgs-unstable.walker) name meta; pinentry.package = pinentry-gnome3;
paths = [ pkgs-unstable.walker ];
nativeBuildInputs = [ pkgs.makeBinaryWrapper ];
postBuild = ''
wrapProgram $out/bin/walker \
--prefix PATH : ${lib.makeBinPath [ config.services.elephant.package ]}
'';
};
systemd = {
enable = true;
};
settings = {
providers = {
default = [
"desktopapplications"
"calc"
"websearch"
"bitwarden"
];
};
};
}; };
services.elephant.enable = true;
systemd.user.services.walker.Install.WantedBy = lib.mkForce [ "graphical-session.target" ];
systemd.user.services.shairport-sync = { systemd.user.services.shairport-sync = {
Unit = { Unit = {
Description = "AirPlay audio server"; Description = "AirPlay audio server";
@@ -883,12 +626,11 @@ in
xdg.configFile."opencode/opencode.jsonc".text = builtins.toJSON { xdg.configFile."opencode/opencode.jsonc".text = builtins.toJSON {
"$schema" = "https://opencode.ai/config.json"; "$schema" = "https://opencode.ai/config.json";
model = "firepass/accounts/fireworks/routers/kimi-k2p6-turbo"; model = "opencode/kimi-k2.5";
small_model = "firepass/accounts/fireworks/routers/kimi-k2p6-turbo"; small_model = "opencode/minimax-m2.1";
agent = { agent = {
explore.model = "firepass/accounts/fireworks/routers/kimi-k2p6-turbo"; explore.model = "opencode/minimax-m2.1";
}; };
theme = "system";
lsp = { lsp = {
ruby-lsp = { ruby-lsp = {
initialization = { initialization = {
@@ -923,6 +665,7 @@ in
"bundle" "bundle"
"exec" "exec"
"ruby-lsp" "ruby-lsp"
"--lsp"
]; ];
}; };
rubocop = { rubocop = {
@@ -938,20 +681,27 @@ in
".haml" ".haml"
]; ];
}; };
nil = {
command = [
(lib.getExe pkgs.nil)
];
extensions = [ ".nix" ];
};
ameba-ls = {
command = [
(lib.getExe pkgs-unstable.ameba-ls)
];
extensions = [ ".cr" ];
};
}; };
mcp = { mcp = {
memory = {
type = "local";
command = [
"npx"
"-y"
"@modelcontextprotocol/server-memory"
];
};
browser = {
type = "local";
command = [
"npx"
"-y"
"@agent-infra/mcp-server-browser"
"--headless"
"--executable-path"
(lib.getExe pkgs-unstable.chromium)
];
};
context7 = { context7 = {
type = "remote"; type = "remote";
url = "https://mcp.context7.com/mcp"; url = "https://mcp.context7.com/mcp";
@@ -963,433 +713,6 @@ in
}; };
}; };
programs.niri =
let
bind =
{
modifiers,
key,
action,
args ? [ ],
}:
{
${lib.join "+" (modifiers ++ [ key ])}.action.${action} = args;
};
in
{
enable = true;
package = pkgs-unstable.niri;
settings = {
input = {
keyboard = {
xkb = {
layout = "us";
variant = "altgr-intl";
};
numlock = true;
};
touchpad = {
tap = true;
dwt = true;
dwtp = true;
natural-scroll = true;
};
focus-follows-mouse = {
enable = true;
max-scroll-amount = "10%";
};
};
outputs = {
"eDP-1" = {
scale = 1.5;
};
"DP-5" = {
scale = 1.0;
};
"DP-3" = {
scale = 1.2;
};
};
layout = {
gaps = 5;
center-focused-column = "never";
preset-column-widths = [
{ proportion = 1.0 / 3.0; }
{ proportion = 1.0 / 2.0; }
{ proportion = 2.0 / 3.0; }
];
default-column-width = {
proportion = 1.0 / 2.0;
};
focus-ring = {
enable = true;
width = 4;
active.color = "#7fc8ff";
inactive.color = "#505050";
};
border = {
enable = false;
width = 4;
active.color = "#ffc87f";
inactive.color = "#505050";
urgent.color = "#9b0000";
};
shadow = {
enable = true;
softness = 30;
spread = 5;
offset = {
x = 0;
y = 5;
};
color = "#0007";
};
};
spawn-at-startup = [
{ argv = [ ns ]; }
];
hotkey-overlay.skip-at-startup = true;
screenshot-path = "~/Pictures/Screenshots/Screenshot from %Y-%m-%d %H-%M-%S.png";
debug.honor-xdg-activation-with-invalid-serial = true;
layer-rules = [
{
matches = [ { namespace = "^noctalia-overview*"; } ];
place-within-backdrop = true;
}
];
window-rules = [
{
matches = [
{
app-id = "firefox$";
title = "^Picture-in-Picture$";
}
];
open-floating = true;
}
{
geometry-corner-radius = {
top-left = 14.;
top-right = 14.;
bottom-left = 14.;
bottom-right = 14.;
};
clip-to-geometry = true;
}
#{
# background-effect = {
# blur = true;
# xray = false;
# };
#}
];
binds = lib.foldl' (acc: x: acc // x) { } (
[
{
"Mod+Shift+Slash" = {
action.show-hotkey-overlay = [ ];
};
"Mod+Return" = {
hotkey-overlay.title = "Open a Terminal: kitty";
action.spawn = "kitty";
};
"Mod+Z" = {
hotkey-overlay.title = "Open a launcher: walker";
action.spawn = "walker";
};
"Mod+Space" = {
action.spawn = "voxtoggle";
};
"Mod+Alt+L" = {
hotkey-overlay.title = "Lock the Screen: hyprlock";
action.spawn = ns-ipc [
"lockScreen"
"lock"
];
};
"XF86AudioRaiseVolume" = {
allow-when-locked = true;
action.spawn = ns-ipc [
"volume"
"increase"
];
};
"XF86AudioLowerVolume" = {
allow-when-locked = true;
action.spawn = ns-ipc [
"volume"
"decrease"
];
};
"XF86AudioMute" = {
allow-when-locked = true;
action.spawn = ns-ipc [
"volume"
"muteOutput"
];
};
"XF86AudioMicMute" = {
allow-when-locked = true;
action.spawn = ns-ipc [
"volume"
"muteInput"
];
};
"XF86AudioPlay" = {
allow-when-locked = true;
action.spawn = ns-ipc [
"media"
"playPause"
];
};
"XF86AudioPrev" = {
allow-when-locked = true;
action.spawn = ns-ipc [
"media"
"previous"
];
};
"XF86AudioNext" = {
allow-when-locked = true;
action.spawn = ns-ipc [
"media"
"next"
];
};
"XF86MonBrightnessUp" = {
allow-when-locked = true;
action.spawn = ns-ipc [
"brightness"
"increase"
];
};
"XF86MonBrightnessDown" = {
allow-when-locked = true;
action.spawn = ns-ipc [
"brightness"
"decrease"
];
};
"Mod+O" = {
repeat = false;
action.toggle-overview = [ ];
};
"Mod+Backspace" = {
repeat = false;
action.close-window = [ ];
};
"Mod+BracketLeft".action.consume-or-expel-window-left = [ ];
"Mod+BracketRight".action.consume-or-expel-window-right = [ ];
"Mod+Comma".action.consume-window-into-column = [ ];
"Mod+Period".action.expel-window-from-column = [ ];
"Mod+R".action.switch-preset-column-width = [ ];
"Mod+Ctrl+R".action.switch-preset-window-height = [ ];
"Mod+Shift+R".action.reset-window-height = [ ];
"Mod+F".action.maximize-column = [ ];
"Mod+Shift+F".action.fullscreen-window = [ ];
"Mod+M".action.maximize-window-to-edges = [ ];
"Mod+Ctrl+F".action.expand-column-to-available-width = [ ];
"Mod+C".action.center-column = [ ];
"Mod+Ctrl+C".action.center-visible-columns = [ ];
"Mod+Minus".action.set-column-width = "-10%";
"Mod+Equal".action.set-column-width = "+10%";
"Mod+Shift+Minus".action.set-window-height = "-10%";
"Mod+Shift+Equal".action.set-window-height = "+10%";
"Mod+V".action.toggle-window-floating = [ ];
"Mod+Shift+V".action.switch-focus-between-floating-and-tiling = [ ];
"Mod+W".action.toggle-column-tabbed-display = [ ];
"Print".action.spawn = "scrot";
"Mod+Escape" = {
allow-inhibiting = true;
action.toggle-keyboard-shortcuts-inhibit = [ ];
};
"Mod+Shift+E".action.quit = [ ];
"Ctrl+Alt+Delete".action.quit = [ ];
"Mod+Shift+P".action.power-off-monitors = [ ];
}
]
++ (map
(
{
dir,
keys,
}:
(lib.mergeAttrsList (
map
(
{ modifiers, action }: (lib.mergeAttrsList (map (key: bind { inherit modifiers key action; }) keys))
)
[
{
modifiers = [ "Mod" ];
action = "focus-column-${dir}";
}
{
modifiers = [
"Mod"
"Shift"
];
action = "move-column-${dir}";
}
{
modifiers = [
"Mod"
"Ctrl"
];
action = "focus-monitor-${dir}";
}
{
modifiers = [
"Mod"
"Shift"
"Ctrl"
];
action = "move-column-to-monitor-${dir}";
}
]
))
)
[
{
dir = "left";
keys = [
"Left"
"H"
];
}
{
dir = "right";
keys = [
"Right"
"L"
];
}
]
)
++ (map
(
{
dir,
keys,
}:
(lib.mergeAttrsList (
map
(
{ modifiers, action }: (lib.mergeAttrsList (map (key: bind { inherit modifiers key action; }) keys))
)
[
{
modifiers = [ "Mod" ];
action = "focus-window-or-workspace-${dir}";
}
{
modifiers = [
"Mod"
"Shift"
];
action = "move-window-${dir}-or-to-workspace-${dir}";
}
{
modifiers = [
"Mod"
"Ctrl"
];
action = "focus-monitor-${dir}";
}
{
modifiers = [
"Mod"
"Shift"
"Ctrl"
];
action = "move-column-to-monitor-${dir}";
}
]
))
)
[
{
dir = "up";
keys = [
"Up"
"K"
];
}
{
dir = "down";
keys = [
"Down"
"J"
];
}
]
)
++ [
{
"Mod+Home".action.focus-column-first = [ ];
"Mod+End".action.focus-column-last = [ ];
"Mod+Shift+Home".action.move-column-to-first = [ ];
"Mod+Shift+End".action.move-column-to-last = [ ];
"Mod+Page_Down".action.focus-workspace-down = [ ];
"Mod+Page_Up".action.focus-workspace-up = [ ];
"Mod+U".action.focus-workspace-down = [ ];
"Mod+I".action.focus-workspace-up = [ ];
"Mod+Ctrl+Page_Down".action.move-column-to-workspace-down = [ ];
"Mod+Ctrl+Page_Up".action.move-column-to-workspace-up = [ ];
"Mod+Ctrl+U".action.move-column-to-workspace-down = [ ];
"Mod+Ctrl+I".action.move-column-to-workspace-up = [ ];
"Mod+Shift+Page_Down".action.move-workspace-down = [ ];
"Mod+Shift+Page_Up".action.move-workspace-up = [ ];
"Mod+Shift+U".action.move-workspace-down = [ ];
"Mod+Shift+I".action.move-workspace-up = [ ];
"Mod+WheelScrollDown" = {
cooldown-ms = 150;
action.focus-workspace-down = [ ];
};
"Mod+WheelScrollUp" = {
cooldown-ms = 150;
action.focus-workspace-up = [ ];
};
"Mod+Ctrl+WheelScrollDown" = {
cooldown-ms = 150;
action.move-column-to-workspace-down = [ ];
};
"Mod+Ctrl+WheelScrollUp" = {
cooldown-ms = 150;
action.move-column-to-workspace-up = [ ];
};
"Mod+WheelScrollRight".action.focus-column-right = [ ];
"Mod+WheelScrollLeft".action.focus-column-left = [ ];
"Mod+Ctrl+WheelScrollRight".action.move-column-right = [ ];
"Mod+Ctrl+WheelScrollLeft".action.move-column-left = [ ];
"Mod+Shift+WheelScrollDown".action.focus-column-right = [ ];
"Mod+Shift+WheelScrollUp".action.focus-column-left = [ ];
"Mod+Ctrl+Shift+WheelScrollDown".action.move-column-right = [ ];
"Mod+Ctrl+Shift+WheelScrollUp".action.move-column-left = [ ];
}
]
++ (map (number: {
"Mod+${toString number}".action.focus-workspace = number;
"Mod+Shift+${toString number}".action.move-column-to-workspace = number;
}) (lib.range 1 9))
);
};
};
gnome.automaticTimeZone = true; gnome.automaticTimeZone = true;
gtk.enable = true; gtk.enable = true;

1
home/jokke/default.nix
View File

@@ -14,6 +14,7 @@
ffmpeg ffmpeg
mediainfo mediainfo
git-lfs git-lfs
telegram-desktop
shards shards
deno deno
virt-manager virt-manager

21
home/moco/default.nix
View File

@@ -1,18 +1,6 @@
{ { pkgs, pkgs-unstable, ... }:
pkgs,
pkgs-unstable,
lib,
...
}:
let let
homeDirectory = "/home/moco"; homeDirectory = "/home/moco";
nmcli = lib.getExe' pkgs.networkmanager "nmcli";
ykman = lib.getExe pkgs.yubikey-manager;
isMocoVpnActive = lib.getExe (
pkgs.writeShellScriptBin "is-moco-vpn-active" ''
${nmcli} -t -f NAME connection show --active | grep -q '^moco$'
''
);
in in
{ {
# Home Manager needs a bit of information about you and the paths it should # Home Manager needs a bit of information about you and the paths it should
@@ -45,13 +33,6 @@ in
(writeShellScriptBin "moco-reto-otp" '' (writeShellScriptBin "moco-reto-otp" ''
ykman oath accounts code -s 'MOCO Reto' | wl-copy -n ykman oath accounts code -s 'MOCO Reto' | wl-copy -n
'') '')
(writeShellScriptBin "toggle-moco-vpn" ''
if ${isMocoVpnActive}; then
${nmcli} c down moco
else
${ykman} oath accounts code -s 'MOCO Reto' | ${nmcli} c up moco --ask
fi
'')
]; ];
}; };

43
home/modules/elephant/default.nix
View File

@@ -1,43 +0,0 @@
{
config,
lib,
pkgs,
pkgs-unstable,
...
}:
let
cfg = config.services.elephant;
wrappedPackage = pkgs.symlinkJoin {
inherit (cfg.package) name meta;
paths = [ cfg.package ];
nativeBuildInputs = [ pkgs.makeBinaryWrapper ];
postBuild = ''
wrapProgram $out/bin/elephant \
--prefix PATH : ${lib.makeBinPath [ pkgs.bash ]}
'';
};
in
{
options.services.elephant = {
enable = lib.mkEnableOption "Enable Elephant";
package = lib.mkOption {
type = lib.types.package;
default = pkgs-unstable.elephant;
};
};
config = lib.mkIf cfg.enable {
systemd.user.services.elephant = {
Unit = {
Description = "Elephant";
After = [ "niri.service" ];
Wants = [ "niri.service" ];
};
Service = {
ExecStart = lib.getExe wrappedPackage;
Restart = "on-failure";
};
Install.WantedBy = [ "graphical-session.target" ];
};
};
}

100
home/modules/voxtype/default.nix
View File

@@ -1,100 +0,0 @@
{
config,
osConfig,
lib,
pkgs,
pkgs-unstable,
...
}:
let
cfg = config.programs.voxtype;
postProcessUnwrapped =
pkgs.runCommand "voxtype-post-process-unwrapped"
{
code = ./post-process.cr;
nativeBuildInputs = [
pkgs-unstable.crystal
];
}
''
mkdir -p $out/bin
crystal build $code -o $out/bin/voxtype-post-process
'';
postProcess = pkgs.symlinkJoin {
name = "voxtype-post-process";
paths = [ postProcessUnwrapped ];
nativeBuildInputs = [ pkgs.makeBinaryWrapper ];
postBuild = ''
wrapProgram $out/bin/voxtype-post-process \
--set OLLAMA_PORT ${toString osConfig.services.ollama.port} \
--set WALKER_BIN ${lib.getExe config.services.walker.package}
'';
meta.mainProgram = "voxtype-post-process";
};
postProcessingConfig = pkgs.writeText "voxtype-post-processing.json" (
builtins.toJSON cfg.postProcessing.settings
);
in
{
options.programs.voxtype = {
postProcessing = lib.mkOption {
type = lib.types.submodule {
options = {
enable = lib.mkEnableOption "Enable post-processing of transcriptions";
settings = lib.mkOption {
type = lib.types.submodule {
options = {
model = lib.mkOption {
type = lib.types.str;
description = "The ollama model to use for post-processing";
};
commonInstructions = lib.mkOption {
type = lib.types.str;
default = "no quotes, no emojis, no explanations";
description = "Instructions to include in every post-processing prompt";
};
prompts = lib.mkOption {
type = lib.types.listOf (
lib.types.submodule {
options = {
title = lib.mkOption {
type = lib.types.str;
description = "A title for this prompt, used in the selector";
};
instructions = lib.mkOption {
type = lib.types.str;
description = "Instructions to include in the post-processing prompt, in addition to the common instructions";
};
};
}
);
default = [
{
title = "Clean up";
instructions = "Clean up this dictation. Remove filler words, fix grammar and punctuation. Output ONLY the cleaned text";
}
];
};
};
};
default = { };
};
};
};
};
};
config = lib.mkIf cfg.postProcessing.enable {
xdg.configFile."voxtype/post-processing.json".source = postProcessingConfig;
programs.voxtype.settings.output.post_process = {
command = lib.getExe postProcess;
timeout_ms = 5 * 60 * 1000; # 5 minutes
};
systemd.user.services.voxtype.Service.X-Reload-If-Changed = [
postProcess
];
};
}

54
home/modules/voxtype/post-process.cr
View File

@@ -1,54 +0,0 @@
require "json"
require "http/client"
struct OllamaResponse
include JSON::Serializable
getter response : String
end
struct Prompt
include JSON::Serializable
getter title : String
getter instructions : String
end
struct Config
include JSON::Serializable
getter model : String
getter prompts : Array(Prompt)
@[JSON::Field(key: "commonInstructions")]
getter common_instructions : String
end
config_path = "#{ENV.fetch("XDG_CONFIG_HOME", "~/.config")}/voxtype/post-processing.json"
config = File.open(config_path) { |file| Config.from_json(file) }
client = HTTP::Client.new("localhost", ENV.fetch("OLLAMA_PORT", "11434").to_i)
prompt_selection = Process.run(ENV["WALKER_BIN"], ["--dmenu"]) do |process|
config.prompts.each do |prompt|
process.input.puts prompt.title
end
process.input.close
process.output.gets_to_end.chomp
end
instructions = config.prompts.find { |prompt| prompt.title == prompt_selection }.try(&.instructions) || prompt_selection
payload = {
model: config.model,
prompt: "#{instructions} - #{config.common_instructions}:\n\n#{STDIN.gets_to_end.chomp}",
think: false,
stream: false,
}
client.post("/api/generate", body: payload.to_json) do |response|
if response.status_code == 200
puts OllamaResponse.from_json(response.body_io).response.strip
else
abort "Ollama API error: #{response.status_code} #{response.body}"
end
end

260
home/modules/zed/default.nix
View File

@@ -3,71 +3,10 @@
lib, lib,
pkgs, pkgs,
pkgs-unstable, pkgs-unstable,
inputs,
... ...
}: }:
let let
cfg = config.programs.zed-editor; cfg = config.programs.zed-editor;
models-dev = inputs.models-dev;
getModelsFromProvider =
provider:
let
providerPath = "${models-dev}/providers/${provider}";
modelsPath = "${providerPath}/models";
providerToml = builtins.fromTOML (builtins.readFile "${providerPath}/provider.toml");
findAllTomlFiles =
path:
let
entries = builtins.readDir path;
files = builtins.filter (name: builtins.match ".*\\.toml$" name != null) (
builtins.attrNames (lib.filterAttrs (_: type: type == "regular") entries)
);
dirs = builtins.attrNames (lib.filterAttrs (_: type: type == "directory") entries);
nestedFiles = builtins.concatMap (
dir:
let
nestedPath = "${path}/${dir}";
nestedTomlFiles = findAllTomlFiles nestedPath;
in
map (file: "${dir}/${file}") nestedTomlFiles
) dirs;
in
files ++ nestedFiles;
modelFiles = findAllTomlFiles modelsPath;
modelEntries = map (
file:
let
filePath = "${modelsPath}/${file}";
parsed = builtins.fromTOML (builtins.readFile filePath);
modelName = builtins.substring 0 (builtins.stringLength file - 5) file;
in
{
name = modelName;
display_name = parsed.name or modelName;
max_tokens = parsed.limit.context or parsed.limit.output or 128000;
}
) modelFiles;
in
{
api_url = providerToml.api;
available_models = builtins.sort (a: b: a.name < b.name) modelEntries;
name = providerToml.name;
};
opencodeProviders = map getModelsFromProvider [
"opencode"
"opencode-go"
"fireworks-ai"
"firepass"
];
openaiCompatibleProviders = builtins.listToAttrs (
map (p: lib.nameValuePair p.name p) opencodeProviders
);
ameba-ls = pkgs.stdenv.mkDerivation rec { ameba-ls = pkgs.stdenv.mkDerivation rec {
pname = "ameba-ls"; pname = "ameba-ls";
version = "0.1.0"; version = "0.1.0";
@@ -142,15 +81,8 @@ in
agent = { agent = {
enabled = true; enabled = true;
default_model = { default_model = {
provider = "opencode-go"; provider = "openai";
model = "glm-5"; model = "kimi-k2.5";
};
};
agent_servers = {
OpenCode = {
command = "opencode";
args = [ "acp" ];
type = "custom";
}; };
}; };
auto_update = false; auto_update = false;
@@ -209,10 +141,6 @@ in
]; ];
}; };
}; };
TypeScript.language_servers = [
"tsgo"
"vtsls"
];
}; };
lsp = with pkgs; { lsp = with pkgs; {
nixd.binary.path = lib.getExe nixd; nixd.binary.path = lib.getExe nixd;
@@ -276,6 +204,7 @@ in
font_family = "IosevkaTerm Nerd Font"; font_family = "IosevkaTerm Nerd Font";
}; };
edit_predictions = { edit_predictions = {
enabled = true;
mode = "eager"; mode = "eager";
provider = "copilot"; provider = "copilot";
}; };
@@ -290,7 +219,173 @@ in
]; ];
}; };
language_models = { language_models = {
openai_compatible = openaiCompatibleProviders; openai = {
api_url = "https://opencode.ai/zen/v1";
available_models = [
# Claude models
{
name = "claude-opus-4-6";
display_name = "OpenCode Zen - Claude Opus 4.6";
max_tokens = 1048576;
}
{
name = "claude-opus-4-5";
display_name = "OpenCode Zen - Claude Opus 4.5";
max_tokens = 200000;
}
{
name = "claude-opus-4-1";
display_name = "OpenCode Zen - Claude Opus 4.1";
max_tokens = 200000;
}
{
name = "claude-sonnet-4";
display_name = "OpenCode Zen - Claude Sonnet 4";
max_tokens = 1048576;
}
{
name = "claude-sonnet-4-5";
display_name = "OpenCode Zen - Claude Sonnet 4.5";
max_tokens = 1048576;
}
{
name = "claude-3-5-haiku";
display_name = "OpenCode Zen - Claude 3.5 Haiku";
max_tokens = 200000;
}
{
name = "claude-haiku-4-5";
display_name = "OpenCode Zen - Claude Haiku 4.5";
max_tokens = 200000;
}
# GPT models
{
name = "gpt-5.2";
display_name = "OpenCode Zen - GPT 5.2";
max_tokens = 400000;
}
{
name = "gpt-5.2-codex";
display_name = "OpenCode Zen - GPT 5.2 Codex";
max_tokens = 400000;
}
{
name = "gpt-5.1";
display_name = "OpenCode Zen - GPT 5.1";
max_tokens = 400000;
}
{
name = "gpt-5.1-codex-max";
display_name = "OpenCode Zen - GPT 5.1 Codex Max";
max_tokens = 400000;
}
{
name = "gpt-5.1-codex";
display_name = "OpenCode Zen - GPT 5.1 Codex";
max_tokens = 400000;
}
{
name = "gpt-5.1-codex-mini";
display_name = "OpenCode Zen - GPT 5.1 Codex Mini";
max_tokens = 400000;
}
{
name = "gpt-5";
display_name = "OpenCode Zen - GPT 5";
max_tokens = 400000;
}
{
name = "gpt-5-codex";
display_name = "OpenCode Zen - GPT 5 Codex";
max_tokens = 400000;
}
{
name = "gpt-5-nano";
display_name = "OpenCode Zen - GPT 5 Nano";
max_tokens = 400000;
}
# Gemini models
{
name = "gemini-3-pro";
display_name = "OpenCode Zen - Gemini 3 Pro";
max_tokens = 1048576;
}
{
name = "gemini-3-flash";
display_name = "OpenCode Zen - Gemini 3 Flash";
max_tokens = 1048576;
}
# GLM models
{
name = "glm-4.7";
display_name = "OpenCode Zen - GLM 4.7";
max_tokens = 205000;
}
{
name = "glm-4.6";
display_name = "OpenCode Zen - GLM 4.6";
max_tokens = 205000;
}
{
name = "glm-4.7-free";
display_name = "OpenCode Zen - GLM 4.7 Free";
max_tokens = 205000;
}
# Kimi models
{
name = "kimi-k2.5";
display_name = "OpenCode Zen - Kimi K2.5";
max_tokens = 262000;
}
{
name = "kimi-k2.5-free";
display_name = "OpenCode Zen - Kimi K2.5 Free";
max_tokens = 262000;
}
{
name = "kimi-k2";
display_name = "OpenCode Zen - Kimi K2";
max_tokens = 262000;
}
{
name = "kimi-k2-thinking";
display_name = "OpenCode Zen - Kimi K2 Thinking";
max_tokens = 262000;
}
# MiniMax models
{
name = "minimax-m2.1";
display_name = "OpenCode Zen - MiniMax M2.1";
max_tokens = 205000;
}
{
name = "minimax-m2.5-free";
display_name = "OpenCode Zen - MiniMax M2.5 Free";
max_tokens = 205000;
}
{
name = "minimax-m2.1-free";
display_name = "OpenCode Zen - MiniMax M2.1 Free";
max_tokens = 205000;
}
# Other models
{
name = "trinity-large-preview-free";
display_name = "OpenCode Zen - Trinity Large Preview Free";
max_tokens = 131000;
}
{
name = "big-pickle";
display_name = "OpenCode Zen - Big Pickle";
max_tokens = 200000;
}
{
name = "alpha-g5";
display_name = "OpenCode Zen - Alpha G5";
max_tokens = 200000;
}
];
};
}; };
}; };
userKeymaps = [ userKeymaps = [
@@ -304,13 +399,6 @@ in
reveal_target = "center"; reveal_target = "center";
} }
]; ];
"space o" = [
"task::Spawn"
{
task_name = "opencode";
reveal_target = "center";
}
];
"space r" = "pane::DeploySearch"; "space r" = "pane::DeploySearch";
"space f" = [ "space f" = [
"file_finder::Toggle" "file_finder::Toggle"
@@ -356,14 +444,6 @@ in
use_new_terminal = false; use_new_terminal = false;
hide = "on_success"; hide = "on_success";
} }
{
label = "opencode";
command = "opencode";
reveal = "always";
allow_concurrent_runs = true;
use_new_terminal = false;
hide = "on_success";
}
]; ];
}; };

54
hosts/apu/configuration.nix
View File

@@ -258,25 +258,61 @@
openFirewall = true; openFirewall = true;
}; };
services.invidious-companion = { services.home-assistant = {
enable = true; enable = true;
host = "0.0.0.0"; extraComponents = [
port = 8282; # Components required to complete the onboarding
secretKeyFile = config.age.secrets.invidious-companion.path; "esphome"
binaryHash = "sha256-nZXKpExKCc2zgSdVT3qo05NyFdpM9H9NJB5UWo+MVWI="; "met"
"radio_browser"
"yeelight"
"xiaomi_aqara"
"shelly"
];
subdomain = "home";
extraPackages =
python3Packages: with python3Packages; [
gtts
numpy
];
config = {
homeassistant = {
name = "Koti";
unit_system = "metric";
time_zone = "Europe/Helsinki";
};
http = {
use_x_forwarded_for = true;
trusted_proxies = "127.0.0.1";
};
default_config = { };
};
}; };
networking.firewall = { services = {
enable = true; webserver = {
interfaces.tailscale0.allowedTCPPorts = [ 8282 ]; enable = true;
acme.dnsChallenge = true;
vHosts."koti.repomaa.com" = {
proxyBuffering = false;
locations."/".proxyPort = 8123;
};
};
invidious = {
enable = true;
subdomain = "vid";
};
}; };
security.acme.defaults.environmentFile = config.age.secrets.hetzner.path; security.acme.defaults.environmentFile = config.age.secrets.hetzner.path;
networking = { networking = {
nftables.enable = true; nftables.enable = true;
firewall.enable = true;
useDHCP = false; useDHCP = false;
domain = "apu.home.arpa"; domain = "repomaa.com";
}; };
system.stateVersion = "24.05"; system.stateVersion = "24.05";

1
hosts/apu/secrets.nix
View File

@@ -10,7 +10,6 @@
}) })
[ [
"hetzner" "hetzner"
"invidious-companion"
] ]
); );
} }

7
hosts/freun-dev/configuration.nix
View File

@@ -30,7 +30,6 @@ in
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
boot.binfmt.emulatedSystems = [ "x86_64-linux" ];
networking.hostName = "freun-dev"; # Define your hostname. networking.hostName = "freun-dev"; # Define your hostname.
networking.domain = "freun.dev"; networking.domain = "freun.dev";
@@ -106,12 +105,6 @@ in
}; };
}; };
services.resolved = {
enable = true;
dnsovertls = "opportunistic";
dnssec = "allow-downgrade";
};
services.networkd-dispatcher = { services.networkd-dispatcher = {
enable = true; enable = true;
rules."50-tailscale" = { rules."50-tailscale" = {

7
hosts/freun-dev/secrets.nix
View File

@@ -32,9 +32,6 @@
"voidauth" "voidauth"
"gitea" "gitea"
"gitea-actions-runner" "gitea-actions-runner"
"searx"
"open-webui"
"open-terminal-api-key"
] ]
) )
// { // {
@@ -54,9 +51,5 @@
file = ../../secrets/hledger-basic-auth.age; file = ../../secrets/hledger-basic-auth.age;
owner = if (config.services.hledger-web.enable) then "nginx" else "root"; owner = if (config.services.hledger-web.enable) then "nginx" else "root";
}; };
invidious = lib.mkIf config.services.invidious.enable {
file = ../../secrets/invidious.age;
owner = config.systemd.services.invidious.serviceConfig.User;
};
}; };
} }

173
hosts/freun-dev/services.nix
View File

@@ -3,7 +3,6 @@
pkgs-unstable, pkgs-unstable,
config, config,
inputs, inputs,
lib,
... ...
}: }:
let let
@@ -19,7 +18,6 @@ let
secrets = config.age.secrets; secrets = config.age.secrets;
in in
{ {
nixpkgs.config.allowUnfree = true;
imports = [ imports = [
./glance.nix ./glance.nix
]; ];
@@ -135,21 +133,14 @@ in
}; };
invidious = { invidious = {
enable = true; enable = false;
subdomain = "vid"; subdomain = "vid";
extraSettingsFile = secrets.invidious.path;
settings = {
invidious_companion = [
{ private_url = "http://apu:8282/companion"; }
];
};
}; };
syncthing = { syncthing = {
enable = true; enable = true;
subdomain = "sync"; subdomain = "sync";
dataDir = syncthingDataDir; dataDir = syncthingDataDir;
configDir = "/var/lib/syncthing";
}; };
tailscale.enable = true; tailscale.enable = true;
@@ -247,25 +238,7 @@ in
mosquitto = { mosquitto = {
enable = true; enable = true;
subdomain = "mqtt";
listeners = [ listeners = [
{
users = {
homie = {
acl = [
"readwrite homie/#"
];
hashedPasswordFile = secrets."mosquitto/homie".path;
};
};
port = 8084;
settings = {
protocol = "websockets";
cafile = "/run/credentials/mosquitto.service/fullchain.pem";
certfile = "/run/credentials/mosquitto.service/fullchain.pem";
keyfile = "/run/credentials/mosquitto.service/key.pem";
};
}
{ {
users = { users = {
homie = { homie = {
@@ -322,6 +295,86 @@ in
}; };
}; };
home-assistant = {
enable = false;
subdomain = "home";
config = {
homeassistant = {
name = "Koti";
unit_system = "metric";
time_zone = "Europe/Helsinki";
};
http = {
server_port = 8123;
use_x_forwarded_for = true;
trusted_proxies = [
"127.0.0.1"
"::1"
];
};
mqtt = [
{
climate = {
unique_id = "nappula";
name = "Nappula";
current_humidity_topic = "homie/nappula/humidity/value";
current_humidity_template = "{{ value | float }}";
current_temperature_topic = "homie/nappula/temperature/value";
current_temperature_template = "{{ value | float }}";
mode_state_topic = "homie/nappula/ac/trigger";
mode_state_template = "{% if value == 'true' %}heat{% else %}off{% endif %}";
availability = {
topic = "homie/nappula/$online";
payload_available = "true";
payload_not_available = "false";
};
modes = [
"off"
"heat"
];
};
}
{
button = {
unique_id = "nappula_button";
name = "Nappula anschalten";
command_topic = "homie/nappula/button/trigger/set";
payload_press = "true";
availability = {
topic = "homie/nappula/$online";
payload_available = "true";
payload_not_available = "false";
};
icon = "mdi:power";
};
}
{
sensor = {
unique_id = "nappula_pressure";
name = "Luftdruck";
state_topic = "homie/nappula/pressure/value";
device_class = "atmospheric_pressure";
unit_of_measurement = "hPa";
state_class = "measurement";
value_template = "{{ value | float // 100 }}";
};
}
];
};
extraComponents = [
"default_config"
"esphome"
"met"
"radio_browser"
"mqtt"
];
extraPackages = (
python3Packages: with python3Packages; [
paho-mqtt
]
);
};
weechat = { weechat = {
enable = true; enable = true;
subdomain = "irc"; subdomain = "irc";
@@ -398,7 +451,7 @@ in
labels = [ labels = [
"linux_arm64" "linux_arm64"
"ubuntu-latest:docker://node:latest" "ubuntu-latest:docker://node:latest"
"nixos-latest:docker://git.freun.dev/repomaa/nixos/node:latest" "nixos-latest:docker://repomaa/node:latest"
]; ];
tokenFile = secrets.gitea-actions-runner.path; tokenFile = secrets.gitea-actions-runner.path;
url = "https://${config.services.gitea.subdomain}.${config.networking.domain}"; url = "https://${config.services.gitea.subdomain}.${config.networking.domain}";
@@ -406,73 +459,11 @@ in
}; };
}; };
searx = {
enable = true;
subdomain = "q";
port = 3400;
environmentFile = secrets.searx.path;
settings = {
general = {
instance_name = "freun.dev SearXNG";
};
server = {
public_instance = true;
image_proxy = true;
method = "GET";
secret_key = "$SEARX_SECRET_KEY";
};
engines = lib.mapAttrsToList (name: value: { inherit name; } // value) {
"google".disabled = true;
"duckduckgo".disabled = false;
"duckduckgo images".disabled = false;
"wolframalpha".disabled = false;
};
search = {
formats = [
"html"
"json"
];
};
enabled_plugins = [
"Basic Calculator"
"Hash plugin"
"Open Access DOI rewrite"
"Hostnames plugin"
"Unit converter plugin"
"Tracker URL remover"
];
};
};
open-webui = {
enable = true;
port = 3500;
environmentFile = secrets.open-webui.path;
environment = {
ENABLE_WEB_SEARCH = "True";
ENABLE_OLLAMA_API = "False";
};
subdomain = "owu";
};
webserver = { webserver = {
acme.dnsChallenge = true; acme.dnsChallenge = true;
tailscaleAuth.expectedTailnet = "tempel-vibes.ts.net"; tailscaleAuth.expectedTailnet = "tempel-vibes.ts.net";
}; };
}; };
virtualisation.oci-containers.containers.open-terminal = {
image = "ghcr.io/open-webui/open-terminal:latest";
autoStart = true;
ports = [ "127.0.0.1:3700:8000" ];
environmentFiles = [ config.age.secrets."open-terminal-api-key".path ];
environment = {
OPEN_TERMINAL_MULTI_USER = "true";
};
volumes = [
"open-terminal-data:/home/user"
];
};
virtualisation.docker.autoPrune.enable = true; virtualisation.docker.autoPrune.enable = true;
} }

9
hosts/radish/configuration.nix
View File

@@ -8,14 +8,7 @@
maxJobs = 8; maxJobs = 8;
protocol = "ssh"; protocol = "ssh";
sshUser = "builder"; sshUser = "builder";
systems = [ system = "aarch64-linux";
"aarch64-linux"
];
supportedFeatures = [
"kvm"
"big-parallel"
"nixos-test"
];
} }
]; ];
settings = { settings = {

25
hosts/radish/containers.nix
View File

@@ -1,20 +1,11 @@
{ pkgs-unstable, ... }: { ... }:
{ {
virtualisation = { virtualisation.docker = {
containers = { storageDriver = "btrfs";
enable = true; enable = true;
storage.settings.storage.driver = "btrfs"; autoPrune.enable = true;
containersConf.settings.compose_warning_logs = false;
};
oci-containers.backend = "podman";
podman = {
enable = true;
autoPrune.enable = true;
defaultNetwork.settings.dns_enabled = true;
package = pkgs-unstable.podman;
dockerCompat = true;
};
}; };
users.users.jokke.extraGroups = [ "docker" ];
users.users.moco.extraGroups = [ "docker" ];
} }

17
hosts/radish/desktop.nix
View File

@@ -1,24 +1,9 @@
{ pkgs-unstable, ... }: { ... }:
{ {
services.displayManager.gdm.enable = true; services.displayManager.gdm.enable = true;
services.desktopManager.gnome.enable = true; services.desktopManager.gnome.enable = true;
services.displayManager.sessionPackages = [ pkgs-unstable.niri ];
services.printing.enable = true; services.printing.enable = true;
services.keyd = {
enable = true;
keyboards.default = {
ids = [ "*" ];
settings = {
global = {
overload_tap_timeout = 200;
};
main = {
leftmeta = "overload(meta, macro(leftmeta+z))";
};
};
};
};
security.rtkit.enable = true; security.rtkit.enable = true;
services.pipewire = { services.pipewire = {

52
hosts/radish/hardware.nix
View File

@@ -69,15 +69,9 @@
enable = true; enable = true;
extraPackages = with pkgs; [ rocmPackages.clr.icd ]; extraPackages = with pkgs; [ rocmPackages.clr.icd ];
}; };
services.resolved = {
enable = true;
dnsovertls = "opportunistic";
dnssec = "allow-downgrade";
};
networking.networkmanager = { networking.networkmanager = {
enable = true; enable = true;
wifi.backend = "iwd"; wifi.backend = "iwd";
dns = "systemd-resolved";
plugins = with pkgs; [ plugins = with pkgs; [
networkmanager-openvpn networkmanager-openvpn
]; ];
@@ -92,50 +86,4 @@
} }
]; ];
networking.firewall.allowedUDPPorts = [ 5353 ]; networking.firewall.allowedUDPPorts = [ 5353 ];
networking.wg-quick.interfaces = lib.mkMerge (
lib.map
(
{
region,
ipOctet,
publicKey,
}:
{
"everii-${region}" = {
address = [ "10.${toString ipOctet}.8.48/22" ];
dns = [ "10.${toString ipOctet}.1.1" ];
privateKeyFile = config.age.secrets."everii-vpn/${region}.key".path;
peers = [
{
allowedIPs = [ "10.${toString ipOctet}.0.0/16" ];
endpoint = "vpn.${region}.infra.everii.io:51821";
inherit publicKey;
}
];
postUp = ''
${pkgs.systemd}/bin/resolvectl domain everii-${region} ~${region}.everii ~${toString ipOctet}.10.in-addr.arpa
${pkgs.systemd}/bin/resolvectl dnssec everii-${region} no
'';
};
}
)
[
{
region = "de1";
ipOctet = 13;
publicKey = "uBUgSTZb6WbfE960S3qFP/UUMtdsgNWqtkTaBkp6Xxo=";
}
{
region = "fi1";
ipOctet = 14;
publicKey = "Yoakl0lrL6IK1nT8x5SGpaS39fQxRAsP9Zjpu8/1RRs=";
}
{
region = "ch1";
ipOctet = 15;
publicKey = "gfciqAk+X02zoEKXSvRamx5+TGL3i4GpT7oUvHMD0xo=";
}
]
);
} }

39
hosts/radish/packages.nix
View File

@@ -33,8 +33,6 @@ in
nerd-fonts.iosevka-term nerd-fonts.iosevka-term
]; ];
services = { services = {
gnome.evolution-data-server.enable = true;
flatpak.enable = true;
pcscd = { pcscd = {
enable = true; enable = true;
plugins = [ pkgs.ccid ]; plugins = [ pkgs.ccid ];
@@ -53,12 +51,10 @@ in
ollama = { ollama = {
enable = true; enable = true;
package = pkgs-unstable.ollama-vulkan; acceleration = "rocm";
syncModels = true; environmentVariables = {
loadModels = [ HSA_OVERRIDE_GFX_VERSION = "11.0.3";
"qwen3:4b-instruct" };
"qwen3:8b"
];
}; };
borgbackup.jobs.root = { borgbackup.jobs.root = {
@@ -143,31 +139,4 @@ in
environment.etc."1password/custom_allowed_browsers".text = '' environment.etc."1password/custom_allowed_browsers".text = ''
vivaldi vivaldi
''; '';
systemd.services.ollama-keep-alive =
let
ollamaURL = "http://localhost:${toString config.services.ollama.port}/api/generate";
payload = {
model = lib.elemAt config.services.ollama.loadModels 0;
keep_alive = -1;
};
in
{
enable = true;
description = "Keep Ollama primary model loaded by pinging it";
after = [
"ollama.service"
"network-online.target"
];
wants = [ "network-online.target" ];
bindsTo = [ "ollama.service" ];
wantedBy = [
"multi-user.target"
"ollama.service"
];
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.curl}/bin/curl -s '${ollamaURL}' -d '${builtins.toJSON payload}'";
};
};
} }

3
hosts/radish/secrets.nix
View File

@@ -10,9 +10,6 @@
}) })
[ [
"borgbackup-radish" "borgbackup-radish"
"everii-vpn/de1.key"
"everii-vpn/ch1.key"
"everii-vpn/fi1.key"
] ]
); );
} }

10
hosts/radish/users.nix
View File

@@ -4,10 +4,7 @@
users.users.jokke = { users.users.jokke = {
uid = 1001; uid = 1001;
isNormalUser = true; isNormalUser = true;
extraGroups = [ extraGroups = [ "wheel" ];
"wheel"
"networkmanager"
];
shell = pkgs.zsh; shell = pkgs.zsh;
initialPassword = "changeme"; initialPassword = "changeme";
}; };
@@ -15,10 +12,7 @@
users.users.moco = { users.users.moco = {
uid = 1000; uid = 1000;
isNormalUser = true; isNormalUser = true;
extraGroups = [ extraGroups = [ "wheel" ];
"wheel"
"networkmanager"
];
shell = pkgs.zsh; shell = pkgs.zsh;
initialPassword = "changeme"; initialPassword = "changeme";
subUidRanges = [ subUidRanges = [

13
modules/services/adguardhome.nix
View File

@@ -46,18 +46,7 @@ in
certificate_chain_path = "/run/credentials/adguardhome.service/fullchain.pem"; certificate_chain_path = "/run/credentials/adguardhome.service/fullchain.pem";
private_key_path = "/run/credentials/adguardhome.service/key.pem"; private_key_path = "/run/credentials/adguardhome.service/key.pem";
}; };
dns = { dns.bind_hosts = tailscaleIps;
bind_hosts = tailscaleIps;
upstream_dns = [
"https://dns10.quad9.net/dns-query"
"https://cloudflare-dns.com/dns-query"
"https://dns.google/dns-query"
];
fallback_dns = [
"https://cloudflare-dns.com/dns-query"
"https://dns.google/dns-query"
];
};
}; };
}; };

3
modules/services/default.nix
View File

@@ -32,8 +32,5 @@
./voidauth.nix ./voidauth.nix
./gitea.nix ./gitea.nix
./dhcp-dns-sync ./dhcp-dns-sync
./invidious-companion.nix
./searx.nix
./open-webui.nix
]; ];
} }

14
modules/services/dhcp-dns-sync/default.nix
View File

@@ -6,11 +6,6 @@
}: }:
let let
cfg = config.modules.services.dhcp-dns-sync; cfg = config.modules.services.dhcp-dns-sync;
ownAddress = (
lib.elemAt (lib.splitString "/"
config.systemd.network.networks."30-${cfg.interface}".networkConfig.Address
) 0
);
dhcp-leases-to-unbound = dhcp-leases-to-unbound =
pkgs.runCommand "dhcp-leases-to-unbound" pkgs.runCommand "dhcp-leases-to-unbound"
@@ -64,10 +59,9 @@ in
users.groups.dhcp-dns-sync = { }; users.groups.dhcp-dns-sync = { };
# Ensure directories and files exist with proper permissions # Ensure directories and files exist with proper permissions
# Directory needs to be group-writable for unbound group
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"d /var/lib/unbound 0775 unbound unbound -" "d /var/lib/unbound 0755 unbound unbound -"
"f ${cfg.unboundConfigPath} 0644 dhcp-dns-sync unbound -" "f ${cfg.unboundConfigPath} 0644 dhcp-dns-sync dhcp-dns-sync -"
]; ];
# Extend Unbound configuration to include generated file # Extend Unbound configuration to include generated file
@@ -75,8 +69,6 @@ in
server = { server = {
local-zone = [ "${cfg.domain}. static" ]; local-zone = [ "${cfg.domain}. static" ];
include = cfg.unboundConfigPath; include = cfg.unboundConfigPath;
local-data = [ ''"apu.home.arpa. IN A ${ownAddress}"'' ];
local-data-ptr = [ ''"${ownAddress} apu.home.arpa."'' ];
}; };
}; };
@@ -96,7 +88,7 @@ in
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
User = "dhcp-dns-sync"; User = "dhcp-dns-sync";
Group = "unbound"; Group = "dhcp-dns-sync";
# Allow access to networkctl via D-Bus # Allow access to networkctl via D-Bus
SupplementaryGroups = [ "systemd-network" ]; SupplementaryGroups = [ "systemd-network" ];
# Read/write paths # Read/write paths

47
modules/services/dhcp-dns-sync/dhcp-leases-to-unbound.cr
View File

@@ -58,6 +58,13 @@ def sanitize_hostname(hostname : String) : String?
sanitized sanitized
end end
def reverse_ptr(ip : String) : String?
parts = ip.split('.')
return nil unless parts.size == 4
"#{parts[3]}.#{parts[2]}.#{parts[1]}.#{parts[0]}.in-addr.arpa."
end
def generate_unbound_config(leases : Array(Lease), domain : String) : String def generate_unbound_config(leases : Array(Lease), domain : String) : String
lines = [] of String lines = [] of String
@@ -75,29 +82,22 @@ def generate_unbound_config(leases : Array(Lease), domain : String) : String
# A record # A record
lines << %{local-data: "#{fqdn} IN A #{lease.address}"} lines << %{local-data: "#{fqdn} IN A #{lease.address}"}
# PTR record - local-data-ptr expects IP in normal form, unbound reverses it # PTR record
lines << %{local-data-ptr: "#{lease.address} #{fqdn}"} if ptr = reverse_ptr(lease.address)
lines << %{local-data-ptr: "#{ptr} #{fqdn}"}
end
end end
lines.join("\n") + "\n" lines.join("\n") + "\n"
end end
def get_leases(interface : String, networkctl_path : String? = nil) : Array(Lease) def get_leases(interface : String, networkctl_path : String? = nil) : Array(Lease)
cmd = networkctl_path ? "#{networkctl_path}" : "networkctl" cmd = networkctl_path ? "#{networkctl_path} status #{interface} --json=short" : "networkctl status #{interface} --json=short"
args = ["status", interface, "--json=short"] output = `#{cmd}`
raise "networkctl failed (exit code #{$?.exit_status}): #{output}" unless $?.success?
Process.run(cmd, args, output: Process::Redirect::Pipe, error: Process::Redirect::Pipe) do |process| status = NetworkStatus.from_json(output)
result = process.wait status.dhcp_server.try(&.leases) || [] of Lease
output = process.output.to_s
unless result.success?
error = process.error.to_s
raise "networkctl failed (exit code #{result.exit_code}): #{error.empty? ? output : error}"
end
status = NetworkStatus.from_json(output)
status.dhcp_server.try(&.leases) || [] of Lease
end
end end
def write_if_changed(content : String, path : String) : Bool def write_if_changed(content : String, path : String) : Bool
@@ -151,18 +151,13 @@ OptionParser.parse do |parser|
end end
def reload_unbound(unbound_control_path : String?) def reload_unbound(unbound_control_path : String?)
cmd = unbound_control_path ? "#{unbound_control_path}" : "unbound-control" cmd = unbound_control_path ? "#{unbound_control_path} reload" : "unbound-control reload"
puts "Reloading Unbound..." puts "Reloading Unbound..."
result = system(cmd)
Process.run(cmd, ["reload"], output: Process::Redirect::Pipe, error: Process::Redirect::Pipe) do |process| unless result
result = process.wait # Fallback to systemctl
system("systemctl reload unbound")
unless result.success?
raise "unbound reload failed (exit code #{result.exit_code}): #{process.error}"
end
end end
puts "Unbound reloaded successfully."
end end
begin begin

23
modules/services/dnote.nix
View File

@@ -37,9 +37,6 @@ let
}; };
immutableEnvironment = { immutableEnvironment = {
HOME = "/var/lib/dnote";
XDG_DATA_HOME = "/var/lib/dnote";
XDG_CONFIG_HOME = "/var/lib/dnote";
GO_ENV = "PRODUCTION"; GO_ENV = "PRODUCTION";
OnPremises = true; OnPremises = true;
DBHost = "/var/run/postgresql"; DBHost = "/var/run/postgresql";
@@ -93,10 +90,26 @@ in
after = [ "postgresql.service" ]; after = [ "postgresql.service" ];
requires = [ "postgresql.service" ]; requires = [ "postgresql.service" ];
serviceConfig = { serviceConfig = {
ExecStart = "${pkgs-unstable.dnote}/bin/dnote-server start --port ${toString cfg.port}"; ExecStart = "${pkgs-unstable.dnote}/bin/dnote-server -port ${toString cfg.port} start";
EnvironmentFile = lib.mkIf (cfg.environmentFile != null) cfg.environmentFile; EnvironmentFile = lib.mkIf (cfg.environmentFile != null) cfg.environmentFile;
User = cfg.user; User = cfg.user;
StateDirectory = "dnote"; BindPaths = [
"/var/run/postgresql"
];
BindReadOnlyPaths = [
/run/systemd/resolve/stub-resolv.conf
/etc/ssl
/etc/static/ssl
/etc/resolv.conf
/etc/static/resolv.conf
/etc/nsswitch.conf
/etc/static/nsswitch.conf
/etc/hosts
];
};
confinement = {
enable = true;
packages = [ pkgs.cacert ];
}; };
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
}; };

5
modules/services/gitea.nix
View File

@@ -46,10 +46,7 @@ in
services = { services = {
webserver = { webserver = {
enable = lib.mkDefault true; enable = lib.mkDefault true;
vHosts.${fqdn}.locations."/" = { vHosts.${fqdn}.locations."/".proxyPort = 3008;
proxyPort = 3008;
extraConfig = "client_max_body_size 0;";
};
}; };
postgresql = { postgresql = {
enable = lib.mkDefault true; enable = lib.mkDefault true;

99
modules/services/invidious-companion.nix
View File

@@ -1,99 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
cfg = config.services.invidious-companion;
companionRelease = "release-master";
hostPlatform = pkgs.stdenv.hostPlatform.system;
# Invidious Companion package - fetches binary release and patches for NixOS
unwrappedCompanion = pkgs.stdenv.mkDerivation {
pname = "unwrapped-invidious-companion";
version = companionRelease;
src =
let
archMap = {
x86_64-linux = "x86_64-unknown-linux-gnu";
aarch64-linux = "aarch64-unknown-linux-gnu";
};
platform = archMap.${hostPlatform} or (throw "Unsupported platform: ${hostPlatform}");
in
pkgs.fetchzip {
url = "https://github.com/iv-org/invidious-companion/releases/download/${companionRelease}/invidious_companion-${platform}.tar.gz";
sha256 = cfg.binaryHash;
};
dontStrip = true;
dontPatchELF = true;
installPhase = ''
mkdir -p $out/bin
cp invidious_companion $out/bin/invidious_companion
chmod +x $out/bin/invidious_companion
'';
};
invidiousCompanion = pkgs.buildFHSEnv {
name = "invidious-companion";
targetPkgs = pkgs: [ unwrappedCompanion ];
runScript = "invidious_companion";
meta = {
description = "Invidious companion for handling video streams";
homepage = "https://github.com/iv-org/invidious-companion";
license = lib.licenses.agpl3Only;
};
};
in
{
options.services.invidious-companion = {
enable = lib.mkEnableOption "Enable Invidious Companion service";
host = lib.mkOption {
type = lib.types.str;
default = "localhost";
};
port = lib.mkOption {
type = lib.types.port;
default = 8282;
description = "Port for Invidious Companion to listen on";
};
secretKeyFile = lib.mkOption {
type = lib.types.str;
description = "Path to file containing the companion secret key";
};
binaryHash = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
description = "SHA256 hash of the invidious companion binary release";
};
};
config = lib.mkIf cfg.enable {
systemd.services.invidious-companion = {
description = "Invidious Companion - video stream handler";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
Type = "simple";
User = "invidious";
Group = "invidious";
DynamicUser = true;
ExecStart = lib.getExe invidiousCompanion;
Environment = [
"HOST=${cfg.host}"
"PORT=${toString cfg.port}"
"TMPDIR=/var/cache/invidious-companion"
];
EnvironmentFile = [ cfg.secretKeyFile ];
CacheDirectory = "invidious-companion";
WorkingDirectory = "%C/invidious-companion";
Restart = "always";
RestartSec = 5;
};
};
};
}

15
modules/services/invidious.nix
View File

@@ -1,8 +1,4 @@
{ { config, lib, ... }:
config,
lib,
...
}:
let let
cfg = config.services.invidious; cfg = config.services.invidious;
fqdn = "${cfg.subdomain}.${config.networking.domain}"; fqdn = "${cfg.subdomain}.${config.networking.domain}";
@@ -36,14 +32,5 @@ in
vHosts.${fqdn}.locations."/".proxyPort = cfg.port; vHosts.${fqdn}.locations."/".proxyPort = cfg.port;
}; };
}; };
systemd.services.invidious.serviceConfig.DynamicUser = lib.mkForce false;
users.groups.invidious = { };
users.users.invidious = {
isSystemUser = true;
group = "invidious";
description = "Invidious user";
};
}; };
} }

33
modules/services/mosquitto.nix
View File

@@ -1,39 +1,14 @@
{ { config, lib, ... }:
config,
lib,
...
}:
let let
cfg = config.services.mosquitto; cfg = config.services.mosquitto;
fqdn = "${cfg.subdomain}.${config.networking.domain}";
acme = config.security.acme;
in in
{ {
options = { options = {
services.mosquitto = { services.mosquitto = {
openFirewall = lib.mkEnableOption "Open firewall port for Mosquitto"; openFirewall = lib.mkEnableOption "Open firewall port for Mosquitto";
subdomain = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
};
}; };
}; };
config = lib.mkIf cfg.enable ( config = lib.mkIf cfg.enable {
lib.mkMerge [ networking.firewall.allowedTCPPorts = map ({ port, ... }: port) cfg.listeners;
{ networking.firewall.allowedTCPPorts = map ({ port, ... }: port) cfg.listeners; } };
(lib.mkIf (cfg.subdomain != null) {
security.acme.certs.${fqdn}.postRun = ''
systemctl restart mosquitto
'';
systemd.services.mosquitto = {
requires = [ "acme-${fqdn}.service" ];
serviceConfig.LoadCredential = [
"fullchain.pem:${acme.certs.${fqdn}.directory}/fullchain.pem"
"key.pem:${acme.certs.${fqdn}.directory}/key.pem"
];
};
})
]
);
} }

1
modules/services/octodns.nix
View File

@@ -204,7 +204,6 @@ let
hetzner = { hetzner = {
class = "octodns_hetzner.HetznerProvider"; class = "octodns_hetzner.HetznerProvider";
token = "env/HETZNER_API_TOKEN"; token = "env/HETZNER_API_TOKEN";
backend = "hcloud";
}; };
}; };

78
modules/services/open-webui.nix
View File

@@ -1,78 +0,0 @@
{
lib,
config,
pkgs-unstable,
...
}:
let
cfg = config.services.open-webui;
fqdn = "${cfg.subdomain}.${config.networking.domain}";
open-webui-pkg = pkgs-unstable.open-webui.overridePythonAttrs (oldAttrs: {
dependencies =
oldAttrs.dependencies
++ (with pkgs-unstable.python3Packages; [
pgvector
psycopg2
])
++ [
pkgs-unstable.ffmpeg
];
});
in
{
options.services.open-webui = {
subdomain = lib.mkOption {
type = lib.types.str;
};
};
config = lib.mkIf cfg.enable {
services = {
open-webui = {
package = open-webui-pkg;
environment = {
ANONYMIZED_TELEMETRY = "False";
DO_NOT_TRACK = "True";
SCARF_NO_ANALYTICS = "True";
WEBUI_URL = "https://${fqdn}";
VECTOR_DB = "pgvector";
PGVECTOR_CREATE_EXTENSION = "False";
DATABASE_URL = "postgresql:///open-webui?host=/var/run/postgresql";
CORS_ALLOW_ORIGIN = "https://${fqdn};http://localhost";
};
};
webserver.vHosts.${fqdn}.locations."/".proxyPort = cfg.port;
postgresql = {
enable = lib.mkDefault true;
ensureDatabases = [ "open-webui" ];
ensureUsers = [
{
name = "open-webui";
ensureDBOwnership = true;
}
];
extensions = ps: with ps; [ pgvector ];
};
};
systemd.services.open-webui-pgvector-setup = {
description = "Ensure pgvector extension exists for open-webui";
wantedBy = [ "open-webui.service" ];
before = [ "open-webui.service" ];
after = [
"postgresql.service"
"postgresql-setup.service"
];
requires = [ "postgresql.service" ];
serviceConfig = {
Type = "oneshot";
User = "postgres";
Group = "postgres";
ExecStart = "${config.services.postgresql.package}/bin/psql -d open-webui -c 'CREATE EXTENSION IF NOT EXISTS vector;'";
RemainAfterExit = true;
};
};
};
}

70
modules/services/searx.nix
View File

@@ -1,70 +0,0 @@
{
pkgs-unstable,
config,
lib,
inputs,
...
}:
let
cfg = config.services.searx;
fqdn = "${cfg.subdomain}.${config.networking.domain}";
in
{
disabledModules = [ "services/networking/searx.nix" ];
imports = [
"${inputs.nixpkgs-unstable}/nixos/modules/services/networking/searx.nix"
];
options.services.searx = {
port = lib.mkOption {
type = lib.types.int;
};
subdomain = lib.mkOption {
type = lib.types.str;
};
};
config = lib.mkIf cfg.enable {
services.searx = {
redisCreateLocally = true;
package = pkgs-unstable.searxng;
limiterSettings = {
botdetection = {
ipv4_prefix = 32;
ipv6_prefix = 56;
ip_limit = {
filter_link_local = true;
link_token = false;
};
ip_lists = {
pass_ip = [
"127.0.0.1/32"
"::1"
];
};
trusted_proxies = [
"127.0.0.0/8"
"::1"
];
};
};
settings = {
server = {
bind_address = "localhost";
port = cfg.port;
limiter = true;
};
};
};
services.webserver.vHosts.${fqdn}.locations."/".proxyPort = cfg.port;
# searx expects limiter.toml in the same directory as settings.yml (/run/searx)
systemd.services.searx-init.script = lib.mkAfter ''
ln -sf /etc/searxng/limiter.toml /run/searx/limiter.toml
'';
users.groups.searx.members = [ "nginx" ];
};
}

9
modules/services/syncthing.nix
View File

@@ -27,14 +27,5 @@ in
vHosts.${fqdn}.locations."/".proxyPort = cfg.port; vHosts.${fqdn}.locations."/".proxyPort = cfg.port;
}; };
}; };
systemd.services.syncthing.serviceConfig =
lib.mkIf
(
cfg.dataDir == "/var/lib/syncthing" || cfg.dataDir == null || cfg.configDir == "/var/lib/syncthing"
)
{
StateDirectory = "syncthing";
};
}; };
} }

18
secrets/actual.age
View File

@@ -1,10 +1,10 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 osOCZA n8TUqlE5mEfKa7aPdefBjIKAhydL1vrCZK8cLTs+j3w -> ssh-ed25519 osOCZA OPYYw6SBBoMNoJ/DfIyvxLVpZo0n0v08uhrPa2Uk/xw
ayrirgnGn6dTBKShBRDHJAI3t040hf5LEo8ZuHUGNHg b9mSzuzgznPl5qu73kJie2PgJGIlxEOR/MSNzp2TZ2A
-> ssh-ed25519 DFiohQ +rVCacN11divc55NH2fKsYXa6IJ0ieW18riYz9nkrwo -> ssh-ed25519 DFiohQ rYD5ueKrIAbtphPZe7BxyHNPdRGCV0o4G3lXGGHFmD0
4qv06+QnvPKYRRkQauDwKfnT1c4/GHDkxHVrgkfrHNw caGATSGVUaJkTDIHDk40oJnNh8oNRRQYTpKn4jET72c
-> ssh-ed25519 PT7ffg wklac2cEzzfMQaItzsAv6I1az8HxZ15s3ANwxYO59To -> ssh-ed25519 PT7ffg 2HVnNQxY5BubUZGTuwcOHMKDZ7O1f+gji9d2mquLECs
abdf65f0BT2sE52T60lnfqY/iDCgLAzgRQlPqjRp6Y4 rJzRjFokTzDkn/fjA1eXaZdISEXWtGqLSsYpUYEd0qw
--- Wi4+L0OzsduT8T7G4+H8pp05EzbTjNlJowwBDWUN1mU --- U6CH4TvqpEfQg4VuQ3fr7gcqBojVEV2r4+NPfMEVxbA
ÛŸþfŽ¹“Íå¸ÁºTL®`ý¬—F„F»‡í$S1†ºqÐv3nÙOu‰Xªf q5šòú4ÍÝMêÿ<>—Ô³ÏEòx'í6éu<C3A9>§¤eìëŠàÜh4D;óN¿ƒÔ<:P¡)Š."CÞèˆÿ
AþÂn‡e¥Sý©ªEãM_¿ ï^VÀŽä4p.øäBIO¹Ô÷ xgóv˜/ãN%W2™¥ÙPâQÖdA½VêÉ—üœ^_B|Íëío׌àkf¦ÛŠáWÞ~ ³ú̪ϽևÄÖDñõfo

BIN
secrets/borgbackup-radish.age
View File

Binary file not shown.

16
secrets/context7.age
View File

@@ -1,9 +1,9 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 osOCZA 9ZHiyWiFLySuINTKXSjysD9u7LKyhK2bJo6JmVskDGc -> ssh-ed25519 osOCZA wDdoFnPs/OUczxmB6WgzSQ0HtguSmIsX1di6gH5guFM
IDUB5fbYwEwZDIRwOAAWdDkHOrmMwlZT+2UhObhHVXg b6PAgnY1Kki92V+ky+/Cuq5UezYdchS3g5MtqtRxDMQ
-> ssh-ed25519 DFiohQ OFE+xiH2zIXccj3axHbN8TBKS927ldBtlC80ZCVH2To -> ssh-ed25519 DFiohQ oZmlLt1Em4PnIZAUwqxed5EH1ZG/Bkm3FPiZI9uxVUY
E50Dr6cyllIN66QVGYvonpSRV0nERdstsEGUeXrVDoE /dAEjEHp9mcygfYj+taalhqjJ6ywkWu45ymwnmtlzaY
-> ssh-ed25519 hRPDBg Z9ItEkrFay5918/EY2RCl0a9PZx3z8amW4yMyfgEqQI -> ssh-ed25519 hRPDBg MKpKkBgl0baf6qJh940ekh1z/0bKbzYTBb9In2yVd3Q
rEs5eqfdnpwnxzPRlMi1vBrtzsbQCwCupkGEXFs7rVA 1uX/3y+A/a+vxSl41DlUnZVdh6lpDYFwunzLV3DRblk
--- op5RVwxhxkxflXvoAM7ZcEXLutkF9Op70tUxsJundN4 --- KQncWqjni5UN+D3I1OSWdKxVf5/UiLBUNBwFMG/1+mg
è$À;Åå1ÒO`bBMÆLŸf“<îã%>1p<31>kvMØ]?x|ù¬zäFƶ~ÖÙÕ¬pL Š<EFBFBD>­öôó\ÄXã±zÐÿÌ®œ¬Û\~.¼©ûfå•w

16
secrets/dnote.age
View File

@@ -1,9 +1,9 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 osOCZA sWXC8tg44GfsKCFIDhvmkSfO1NnQ/GdP7s7yKnn/wwk -> ssh-ed25519 osOCZA UCilO75OGmYABIVNjQ7JKdObSSC882S6blT35S8XXBE
tulj+EsIi91rXw7XV0elKyVpamDNnEdy1GikcmPGLlE CEhIzJeE0Xa9jY1uboPVM1uK+U8N77e6pGsK3SCNBqY
-> ssh-ed25519 DFiohQ 8Cxy6QZkviBPw51+3m6JYtcOPTbYy6C7m7uomdFwAgY -> ssh-ed25519 DFiohQ aKyq1IPwKvgQniPEDt9tIw6KLeQePctFPY8wnSmcREk
4GuwAQKMtKI7cZCg2/yl4IAd98Zeai+/rXScSRRmS9E 3OQH5iOGFbnJaUXn8JmMDItPfPjXUmuO1OFYw31ftGA
-> ssh-ed25519 PT7ffg dnDE79EVRVys94oHOSduzhcyd8oHA8/scK98By5g9FE -> ssh-ed25519 PT7ffg 1XzR+XsNLJgf0itst++aN4GWpiUjPvlCPR/KcZzLNT4
RFfMpq56KDvIJcOg5JdaOiEN6wupKFUNbcHYCS/kyp0 Na1BKsjIoFgFbQI4LVppxW53yAQgxQfz5r31HrTNRLI
--- Tg+Gw0uAEFItHT00VDs9BmhvX2f8afcRwuh8OSqLEh4 --- U8B89Fp3JNPBX18P5p3lVLYIz5CsbxldkvnjZ2Cx4+8
È*Í<>¦ciðÜ~P+c÷{p™“²Û…£yé\©â 'a“<x6Xsá¡zógŸ~=´è0¸6=sÞ5ÐÆlØ5BŒÎ3ÌÜ5í»š§ º“¨3z®#<Kî*ŽwÁMs! ­Ó2¼Ê<C2BC>bqz>‰&€~u«¹‡Êi𧾘tYv§¾ÁþítÂøÒvÀ¬2Ïd)gfÇÃÙÔ<C399>

BIN
secrets/donetick.age
View File

Binary file not shown.

10
secrets/everii-vpn/ch1.key.age
View File

@@ -1,10 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 osOCZA ynIsrUjxXEYLRtKoiyBKCn83JeZ5rFhGD3xi61ypVBc
ZuKEpntuTCMigOf/jeQ3V6oklmqzuxyDpi4oVhtWsc4
-> ssh-ed25519 DFiohQ /0VJWz6hK+0FNjBciDbPHX+ader97UxCiQYB1BFZh3E
SiqY0KS5wBWHMgEbJMAU1WgvXqEJjBAOQ3l/eMuETdI
-> ssh-ed25519 hRPDBg KSXXiPwj27sKoXMiwW7IqQJvE72lYIgUjiPnpvVSSmE
ioQGtUPSMj4flm9j84PLGm4C/P0sHVmYX38SgB6Yl2c
--- jUadITulpzJjYp3oWxkG0Qk5RwDXisrKgmXYMlcxCss
ç[ ,J"ø$¥Èµå½Mõ.ã0ט½Œcë§~ã,<2C>
‰“s•¤×u1<02>™órDTf­:FtwAÉtÿ„™hE¿„Af

9
secrets/everii-vpn/de1.key.age
View File

@@ -1,9 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 osOCZA sGsltqSPiC3jkgZcpRXobfPgKiuPYzU3XiNptcyniB4
0Q7X+YuaRHT2/1sCrqyhnXCRGIcUKlHQKoo7W8TCwD0
-> ssh-ed25519 DFiohQ o982CBPZ8MYPkm+ngw0WxJKc4vC0yo1poTz3ICnbJVM
Ac600G8Gr8dhPaXxl8k7A7XpaX70iyLTzfFFTc+14Ag
-> ssh-ed25519 hRPDBg Pf8NvKBZy/afSlFjZIySg6aSregAeMtUCj7e90b0qXw
kW4Ph56hKVtR0MUaulZpSS28Kna1Wigcvcf1Uv2ESf8
--- Jbu+08V6cvPbTBjwiZvIRtsdOPOtn/e3VCzQuyrCgLw
®î|xÌ =׺6ú»ÙÄ)ؘ jYy6¤ÊÛØào wÔ¬ËZ€\LLfK,(œØq¸>AŽ_tM£êqŽü°°£Y>Õí

BIN
secrets/everii-vpn/fi1.key.age
View File

Binary file not shown.

17
secrets/gitea-actions-runner.age
View File

@@ -1,9 +1,10 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 osOCZA YazzKQ+vILKo3Ep0pktO9iUSeW36Q2UVZpbdLVEfYz0 -> ssh-ed25519 osOCZA WJ1gfKrLBMmFANdArq8g8PQNbUIl+vVtyxTq+bKx93c
YgHYF2kjRhmdfMQwgaXPws3nXgCltHukB7Xhm0bkVuo JFB9WXTK8/7HRfDRzTIzIpDHHc226YCPfUCqbBQ5N1Y
-> ssh-ed25519 DFiohQ rbNLTZIjzD7n9zKxkbi6fG62B4Mrse1WnPdcw1RWAg8 -> ssh-ed25519 DFiohQ /5FxHaCm+0wGlQ2ZziKYTmD5AWjmoA5PTys3VSOluSU
uzuHv7ekuPl9wRgkhn4Mksk3NAUcg8OCPEM6Vi2GVdw l6C6LhUaxw/dIUkyzw7pl2vREV7Bzy/FvbM+J6gFzZQ
-> ssh-ed25519 PT7ffg DfvJEgs4wsYTwWXZ6pXXG7v6K+47Dhc5MPS788IZCjg -> ssh-ed25519 PT7ffg B/mz/9eslfI+VEfEPfT4TWyvLTryDZRjSGxM3x2sQQE
TId/tqstZaAJIDKav8NOJ/p32BuBO6gE6/B1QISk1cg qIQUE4103ilhAhNxekvb3fPYeqZCZ3NGwzfZReMXiU4
--- ezx3Iiga17TxrY0K5HlAbcKBvdhgvnpT8sz4vPrStQ8 --- HzN/P0+Xj3Ep+LthjWEpKKDbjlXkPTtamWIPl9IQ6Ec
Z[“Nl<4E>_ùXì«ú¸ ¨ûGèmP8ç—¥nR0ÙKÕ[+Çsßã÷:o'”‹=}œR<C593>纊õ£:'«ÖG²€Ï£û`ñ C ¨ÇPœÞºãìQ½[<5B>&E"ñTQfë|NÃ!ÅÿÅú#³ZŸ:¼€ïr7È:ùóZè´£<08>Fisˆ€(ãÊɃ~È0>
Œ°ZâŠÁk

BIN
secrets/gitea.age
View File

Binary file not shown.

BIN
secrets/gitlab-runner/default.age
View File

Binary file not shown.

BIN
secrets/gitlab-runner/docker.age
View File

Binary file not shown.

17
secrets/glance/reddit/app-id.age
View File

@@ -1,10 +1,9 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 osOCZA wVGyI0bVEaVUbXMiumjhqdno2VD6ZHmvJM0NRUoesk0 -> ssh-ed25519 osOCZA Y7ieflWxf67Jik747FnOu5aKcDjh6hd8OWE88oX7gWc
kW8Zs6KV+KBmyg/imOzVHHPg/K3oHyB05ayMQsT01CQ aQavFEvcW30cer2DutpkfSkKk1NqGzPiP2bYL2MCv+Q
-> ssh-ed25519 DFiohQ h+C13tChA1OrCdmJO9rkjW3ER/d8OW7P2IGd5spsd2Y -> ssh-ed25519 DFiohQ J5HO9n4KTQ6cSBGHxrBHORvmYp4WYJZiATekbZvhuEU
7LOIjam4k8lmglNEuNs7lkRpt3UbYkxFxXPwkj2Fbc8 QGAhwn6P5ByiNY8bMUI07hHvnA8diVI56Vg+6kVEJb0
-> ssh-ed25519 PT7ffg 33/HLpIkjfw+QC1qm1Tmr4YqMjgtt4bsVoFqUNinhno -> ssh-ed25519 PT7ffg RpcpdzFtX5VyodX3lXKvjMRxMlpasRqqpjqCacXDcy4
8+PGKzffQT2DuM8l9mqgGieHiQCpBsbWbHDIdxFapBk VJQuB8YfhB0DQ4TjwzBhdtl35eyFVLLW8O87mCuH828
--- lzyw/qQSELbYc8TWYFGD57JBF4JorTLhBPNdlxYjVqY --- qJnfQgOyw0CTBhXNSyIw3O33av2cjPxTntLsOW/bevA
lÞHºaEM9ÅóüÀS0(Š¥¦lâJxø- -åž
—sÔ¸éžc¬H EÖ˜Í0_{|Kp2

17
secrets/glance/reddit/app-secret.age
View File

@@ -1,9 +1,10 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 osOCZA tO/H34qaDDLUWG7ovv4wD8At0v+nRLxgozIHFRCxIG4 -> ssh-ed25519 osOCZA y1DrZWN4jrO6xg7TkFqrjTT/k4L49IAZVf/NLw3jMiM
AU0szD79hzM5rLSYQhki+Ukc2CbATwdU5uWPNLn1Oa0 BB+Aq/80SFQpLJfZxRKFPBw9ylHb+Y6LLuZQAqG3WdQ
-> ssh-ed25519 DFiohQ hwThntCOC9a5eSAay4zWW044NoC4JggBXgh3KAZdGAA -> ssh-ed25519 DFiohQ jPPM8ATBvlXn0F/9pDCsZB15yW+af0b2FQqV2gI8YyQ
z2EDIRJH9jGTKYuxm++ns1yqFyUYrA091Q22VMNgqec 8yJjKEvEGKDwtvBWP/yjiDql+HA6l5q+RfEgP8cAIGM
-> ssh-ed25519 PT7ffg tNGBQvJnGvnGB0Mk24Hyh75ZJAMbZMKk60wkc/PMEiE -> ssh-ed25519 PT7ffg +R5KlrnH2gGW2Qc3V+RgYKtAXerbRB5j898+b41/VAU
ijewL+qajDYN7abihSAvAySqcx3idkstsriVVw9Fj+A 7Lq3GE9CMGeXAmsf9WgSiJf/o+HyssF4xz94JNjbEgM
--- HuLF80Z9VHyeMVTyN9CLKIRn0HFUpIhaWC9KgLHXrlI --- k2xNMbWr5tntlbOOYLbt6DsWsW2mT/P3pg3IgXYcM58
:™Â3ÿö:ïžéÔRàöó1™Ä„É°ŠBÀo<C380>&Qd1BXU¤ìí¨q Ñ ßšüÙfÂ<66>€êQPÝ—8 |ìÍÑ°m7Æy‰z¡¥R©ÔíYê+qî§ü—1>ž‡Y?hHÖžÌÌÈ|ù7àÞþ̃
N¥zÚöØäëøð

19
secrets/gotosocial.age
View File

@@ -1,10 +1,11 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 osOCZA VAbqavKlZzuLT1XwcdWuRX39bNPbuVvsGPXNv5lwd2g -> ssh-ed25519 osOCZA 77EDoJKwYm80SsOFMaTeLVKyb60mpVafClV0oDfhnm0
4mMBgBCfnnbY6lo7WAnppqEk8tA1A5MGvXjjZ84cr5k gZ4EtoDbmI2iggyAooqWtd0Yhh5kebvR8vnHGz0Er6Y
-> ssh-ed25519 DFiohQ hzICSaoG/iPl1VEm7gF49mXCzhVZypQN00/9dqbAfgI -> ssh-ed25519 DFiohQ dYdiyYPtjCH8YFpj4bAwTDSEB+0JjzDIz1jwRPDjAFg
VM5O8wLvzFyFkttqP4YWQ0bR5iKkAvpYFPsep2nYt7E NAdMoMfREupERqZ8t2lu6++Qjgq7LVIo5wsXabXKWU8
-> ssh-ed25519 PT7ffg +FbUxPiTEBDl4QdwYUSuqD0+xzHWe4X9l1cqRePwZzQ -> ssh-ed25519 PT7ffg 6NFOq021rnHwv7BFIw9in6uQR39hgh5qVuPNvxtCd3k
tfKlhCQ0mK67E8UcXki9y4SmgTLsrZwD6kKBQz1NiSI 4UK6DCVbSi4yugpY9nLBSoZ7SHLkF3MMIeHVKYH3bkQ
--- tnLRJm+/eP6KzNV7vD1d2KtDe6SRyo2MoIsow4CDyrU --- 1BNBapkorRybzDSfmHCQjfkN0ss0GXnZGv99Ni/O/VM
±lù•þebö±¹D.Û wp3IvÄ"ßc}úÀ™W,0VÀÄæÂ<C3A6>mØû±ù´˜ƒv¹„¯jªP#„”$Ž”f¹ÜÌ
c‰Y.êÓdÎNáWä݃ξ^®Å´ï©PщSFd.Ú=ýŸ3øA@I9/Ž¼˜læóÍ<E280BA>~;FÒR5[| v9x["ú¶c ‡y²
~ .€[†/ko'z

17
secrets/hastebin-tokens.age
View File

@@ -1,9 +1,10 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 osOCZA El5iOI/2mf0RUjL6ENefgh0ibqalVciyxpAvmyjZ5Cw -> ssh-ed25519 osOCZA a3vwn++4v/1tVvde7xQd4qcY10fAmxG+Wd4y76ZqvUA
zhZ3WbaMn0Y+FgeZt73mDn+myA+9UYj/73mfwRPA3vw ljGJxon/rQmsOsu6CW/TDjbPx12wUeObVV9T364YA68
-> ssh-ed25519 DFiohQ nqMkFuxJ62ZjfWJWZxDOGJk69F1vJJpviRPB2mEONVo -> ssh-ed25519 DFiohQ +RiL4W374ivb122PSHtfyzF8XaxDSwwVJ3lWq7ezDxU
YOiv42eN+VjJvZ1K/V1emni+YwRu3qoTcDI0TV9S6iE mHFKG+GIXw0P6FhaFoD+u2QR8HLcnfsO+5100WLDypM
-> ssh-ed25519 PT7ffg LIluEefuruMR3egq8snsIwGVT+4rRy4/40KfMelC9HA -> ssh-ed25519 PT7ffg CjMjkvJTg7oSgxdFK9rJpzAuv/7TDdAMCl1+fiAlkBY
VZKSdePfRZWiy+0lq/QqWHzlzSzo6FGGaTEmbVlTi/4 b32kKKuDoVJuymrtkBcpxo6AdSkMO6UmATgRueZ2fTc
--- L5dJ1YxPYUifymofD7/kkdinaPhCy4nCWlvuDAOMKQ0 --- yDBelLE3scwefm2+jKFDHPCPj5glMWkehZvJvvq2ssk
BÊ5øv|}!Ë<>}wÜ^ ÔõÎH»çükcšc²ãµmyO 1ÊŤÂû?]/r÷y¦` HbîôÄ7$/<2F>ÉÃÚC<C39A>l¹ÐAtÊÅ™Me“f»}óŽ1\¤Nê/9õ4<C3B5>/âfºøˆ<³&õü³°jÜ·À:ž1E^îÝ× ¤d¡Gíÿ¡:;<3B>žUÔ<36>¥[
Þù#2F(0bãîRôkÊàc

BIN
secrets/hetzner.age
View File

Binary file not shown.

18
secrets/hledger-basic-auth.age
View File

@@ -1,10 +1,10 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 osOCZA tPrVq+M1r5ii35AaXmRLeDpcKU7wsHIpBWoQCf6b1RU -> ssh-ed25519 osOCZA gReLtbgzdbsykLo/OWs/S0CWvvUJr0B/660n5NtQO3Q
fdFRUKYXeK8xYrsMhcSy7ZLi40KpH0pjm6Ul+2ouIMA lxP6i2EA0ZvM9ShkM7012TLs47fP+sKzOAJehgvZEoU
-> ssh-ed25519 DFiohQ P8nLAJGmmzmHlydWwygjDAeZ12un00V7Z1Az40nVAWE -> ssh-ed25519 DFiohQ OPP2MdPUYqMuViWTiNavSyXqxfxIRMx+tMKip094ohM
sLGVbo6Fx20pCvRCijCD0NyOSeNxNeVRlax67KEUWRM lLxrJF672ZkbY3ynX7Wrx3srJvg1gfFeynZMeIYL4II
-> ssh-ed25519 PT7ffg 6khi1DV4frFUUn++NppTG/wN6FCqmOz5egmKuwc+VWk -> ssh-ed25519 PT7ffg v0j5GfBvjmf4qNiyVr/foSp2Zw8sJOmjikWa68yoNnI
UHa8RJtkHlh/RrztLANfm96HiOLlseh6pP3iaVOOG5Q WwhUOPXdrrs2ezKfYaUdT0EV/b7U3267E5bpy+RGyxU
--- k1X/cu9Bozfxsb22rkf8utZkf9hE28Dzvvhs4IEBi3Y --- v/hWe76x98rBQgOhANw5wsaE3hlCaFKYSl+x8KjnRNQ
ÎnOóý¼ ¾ê¡€gÄÆbŽ"<>\] nµFí ‰âÓÙ“YÕ6×ûAû9µ‡'8ù :bl
ê§ $žÍj2 %ÂSÞÃ5Ríæj[Ây½™ .1˜ò­+óçΈ¬Ù<2´{+ØPºhdŽ¥È`ã.ôÔR«æ¬ãÔ#€ÊxÑÎhè"ì”kwúe -exÏí¸Ö«»—ƒWUÞç ‰~E¡3ã®éåN<C3A5>"]Œ`´Âª¨ c#Ç;¯vt½=A<>ƒ)ÍÕa¦/<®áŠl#ˆÖUïgfí£„¦ò½RÉ;<<3C>­%á†:!ã$)!Sž¯È<C2AF>

BIN
secrets/immich.age
View File

Binary file not shown.

12
secrets/invidious-companion.age
View File

@@ -1,12 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 osOCZA 9wZ3G4vjwJhYungj/utZ/jgnQRD7qGHsMXM51gNFLyY
SvdeK7R1AxveXXFJng21JK1fy+y7lh6OINB4CtUdS1Q
-> ssh-ed25519 DFiohQ 1NIsoZWR4fY+bcROkw7iq+X0cYIE9g5IiWOqO0FvymQ
igfAuxzfUSlhE3jaTMjqCYeF8ccKVyuUW+uD8JdH75c
-> ssh-ed25519 wU682A g5y8TFpeJ0myejb8r7gL96JBk/q21KlDOBE6ZpCqv2A
I/3aFKq2ne3gVeg+/1LmlKoDyg723yyjUdVdzgFzhV4
--- JsRdNjJ285V+RGktIxJv29Alef95kpB2TOnYH66Wr4Q
z¿
n
´²xÇ
Û¸"KAx)ñÑ8 é…

BIN
secrets/invidious.age
View File

Binary file not shown.

BIN
secrets/mealie.age
View File

Binary file not shown.

BIN
secrets/mosquitto/homie.age
View File

Binary file not shown.

16
secrets/mosquitto/mokkimaatti.age
View File

@@ -1,9 +1,9 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 osOCZA rqLqt3IrvBiIXneOWHFLJ3sBz3+dmNsl8LO6whM3Y2s -> ssh-ed25519 osOCZA eWLRpIyRno4qtjjwpXxlwsW4I5a59h+c8W4mJpb7rmg
5MSFsCQoaF97Ve6ossfYA+JezYy5Rod3Se4/y1kl7Go i1LmqRoWZ8wB1EYxNvtqoMSr1lqGbcHHqyAPK1Ldy3Y
-> ssh-ed25519 DFiohQ 33r7cd+b7CKR2rVcPFlRIVwcLfHrEgXgD/bD//86IG4 -> ssh-ed25519 DFiohQ Wn2NMzQBdv6KsZnBUj82FGo3FdOcyZqd1A+KkQy5G1w
Jg/Nripa9RCtbXaS+1vHBwVBG2q3VMi56lnhEnZvqmo ZCrFCEeikNUmG1pO/f0wy7GzTzwCYoNhQBTeofmo98g
-> ssh-ed25519 PT7ffg uEatAaPQspVG41/O6d1oTkvhZUn2Au1TeJOlxBaVsXA -> ssh-ed25519 PT7ffg RnEdUTw4G7dVL/YWr5vls5IEf1BbrdBCjgk+ZTABlQo
0IATY8BEgVuVpYneH12F59Y+wIxnTh4QOTTajbQmWgY G2PEFcmClmcd8Ap6L4VEipULRZuGj3izzeB0l/cI6FU
--- 22zYI0N7UXX09jMLZ6FXgXaeijamAiKWVSv02kF/HKY --- +Jmqn5CDZN3jaexEWZzZvuKvxjZfXfEdyUW3cQIIsnQ
9$éN[”mÞŽòñNfîq)`qgúÐÃnÏÅ?˜ Ô1«õs,´ü°u(x…µf Ŷ¨é[\£vø:ÉákµòƒB1½ƒlš+5ß[Ûò莠 ¹5ðž<æió1gÿ!ÆEµ8SŠ ¶xü.kÔaÒƒ<03>NåáãÍÁìÿN­ ƒ`‡ù€Úô<C39A>ŒÅ¬8\ÃR ØYoç"¾Øó2ö/˜<[ÿ>ÈuÀyÿÉW¥ÝÞ<C39D>`Ç® <¨™V¨Ø-úÌdÇBª*“ï±)n<>( oB7sñ Õs—À¢à)aE)ÆÐ…4½ŠÎ(îÂmQ¹Fy·xj'„<>wX,QµV”ìÈö

16
secrets/mosquitto/openhab.age
View File

@@ -1,9 +1,9 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 osOCZA 5eUNORBIp4Nm9KJYBGsirBGNmJQTw2jjUW6qNzZZ+XU -> ssh-ed25519 osOCZA dkgMfjgrKalX7uGrncrep3rtVZFXUHeqwbPix7ngyFY
kEnw58503E8dVhigC/gq5LdsMCf/cQ6JE7qDVP04Gf4 a9jzF29C7Ltg7tn7Rcoi95847kRhWePylmMU7PGOkdo
-> ssh-ed25519 DFiohQ IGSUfX4LH1HkCI+Na95AK4uoDi9sribs4ViL4B2Xo2Q -> ssh-ed25519 DFiohQ CeZgWwo/TDb89fUVx2ueTArKGPuBjdp2sklqTpkgoj4
X/BG7S7fU5b9K0tgeGJxLaeFUljaMCt8+y7+67M2zH0 7/H9QMGzIBXcSYTnzXfJwlvlKLI4B1miPU+LXzmiHtE
-> ssh-ed25519 PT7ffg OlYiDqfh3auTa8QvOmK3RMmCu3rCnrqxh2tyCwkQcRg -> ssh-ed25519 PT7ffg 456boso/C85lpir1PYUYD1pzb70vQvTrAN3gKy15s1s
/KFTAcZaTgq5Obq+27dTmI1F3gXxuW2leoUeLB+Xptg Sv2hsM/Yx1hUeGWih5zMYXzJaapm767IDzC/4wmKulU
--- 2GuL6Gd+bx/V7KoFwa00YxEFS/WRoKCjYP89i9RoYOY --- /iFmcxXywCLhEOLKLjzrKx/QW93++yzI7tXvn/asMUQ
„Öe44IÕ»3<C2BB>¦Ô¹jóB½”G€9VýïìX¶Ò-ñ[£/… ãà0E®Á8ºøð­8lTF™â¡DCép MßÂNòN¬ªKžP‡ö¦[s{vúØ3QˆùƒöhÇiàÍ0™ç6Š$ÓÍrx/?ÉeØ“áM@˜2FRÖ2˜ÿAB³+sÈÒ ¯`©òˆ:…*ŸÞ¥·œê')»{;tɤ`E¨`ŠØþ„♇  •Ï„šUà::¿h<E28099>Ó<A±É¢”%ä ZgsE¼ol„¿cƒãÈj¾<> ÄuðÔÔÌBÈ-¬³"{iëÒ Iпíe8NÃæ6§çºV<C2BA>÷SðFã$m¸Æ¥æ¼

BIN
secrets/mosquitto/shelly.age
View File

Binary file not shown.

20
secrets/mosquitto/telegraf.age
View File

@@ -1,12 +1,10 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 osOCZA 74EsAOwngM1isJZEh1Z+ObdeAQ058vV4JV6OzL1krB8 -> ssh-ed25519 osOCZA mY+/XDi0aUXqyjMUtw3loj34odb0pTPOXpP3xMaGTy4
uMgHAuHGbVW0geur0j0jtV1bpMSkemrcrzIsSNXAeu4 bpSIdOmSeIvdO4Aw+hpBuNTlZRNYDk8GdbCVfAoJSIc
-> ssh-ed25519 DFiohQ QZP7wkW9rPR11NacImhLK+rOrq4+4BqrUiPiG7VokFU -> ssh-ed25519 DFiohQ Dju2lm9o2KhU965PEAqGt9LI9BtNsV2bldkPbOC9WzE
+TNH8at4QkKKuJTDvYvjtTltZSPHVeOXJtP3s/Oq5dQ v+8qH52YoNUwrSbvlaN0H7VET9UfEecXwoMaLPXQEiw
-> ssh-ed25519 PT7ffg gCIyIxT2gwbeZt3r1cD3o8u3J7YCVWclQHXyeBNmnRQ -> ssh-ed25519 PT7ffg AFg8dFq8hX/RrrjDLYEpBcrIy630iRRYAkLvag4DF0E
+APIPxlAIUeuWk5EwkI356ZTbDZ1mQirN3lRRXpZqYo Moh8lmYzweMiGLrdBd7kqi13/7vxscNEa15/IRfbCOA
--- Z1vjBtt8aIsDlSzXdaIM7CWWZTqKORHsHn4M8PN5Ue4 --- 6Wnopn2zv15ph9bi31fUEafeKzVTZEp2igI8nVW4P84
¢nlü¹dÏ“4îþŽ+«®Ä¬YÙhëkál[QœGA®²MÉü°Ä½ÈØj^òÆ '‡Q„Ýþ»ãFbÇŠæiÁ¶Û²ýolkú*_'w«Ã
{¿w=<¨2öƒYa ²¢´…5 î.íì>Ý\©%(äElÅ¿PÜž"Õ(†bÔNÚ ¢/m×Ë í´\JëêºØxøÀè˜6"jÖ·d%8‰ä¤ˆ°éš bÁÐãäP ˆ<>#0™•çk]s œv».º
J@ðë]©ŽùzuŠºM2þ0¾Ñ0“ɘ<62>Éu¯)-\Y…¾<>À q"a<19>Ä ˆò¥
k<EFBFBD>lwÂ

BIN
secrets/octodns.age
View File

Binary file not shown.

BIN
secrets/open-terminal-api-key.age
View File

Binary file not shown.

BIN
secrets/open-webui.age
View File

Binary file not shown.

BIN
secrets/readeck.age
View File

Binary file not shown.

BIN
secrets/searx.age
View File

Binary file not shown.

8
secrets/secrets.nix
View File

@@ -44,12 +44,4 @@ in
"context7.age".publicKeys = users ++ [ radish ]; "context7.age".publicKeys = users ++ [ radish ];
"gitea.age".publicKeys = users ++ [ freun-dev ]; "gitea.age".publicKeys = users ++ [ freun-dev ];
"gitea-actions-runner.age".publicKeys = users ++ [ freun-dev ]; "gitea-actions-runner.age".publicKeys = users ++ [ freun-dev ];
"invidious-companion.age".publicKeys = users ++ [ apu ];
"invidious.age".publicKeys = users ++ [ freun-dev ];
"open-webui.age".publicKeys = users ++ [ freun-dev ];
"open-terminal-api-key.age".publicKeys = users ++ [ freun-dev ];
"searx.age".publicKeys = users ++ [ freun-dev ];
"everii-vpn/de1.key.age".publicKeys = users ++ [ radish ];
"everii-vpn/ch1.key.age".publicKeys = users ++ [ radish ];
"everii-vpn/fi1.key.age".publicKeys = users ++ [ radish ];
} }

BIN
secrets/smtp-password.age
View File

Binary file not shown.

16
secrets/storage-box-credentials.age
View File

@@ -1,9 +1,9 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 osOCZA PDFhOJbsfxCd5u8kqaeCMyFkeAYwRZriF1/OaF/4NU4 -> ssh-ed25519 osOCZA Mq3JCuYFasHg3oSpWgGEjs5+cleWPog/eJCx1SqqXVQ
4D63DStz2EiqVqKs75v2WqZb5yFJC6dyNw9g2Ew7flA SiJ8vHCSZoyhvbQQ3AUOGk54oOQZAqyNNvjRjKHm4Fg
-> ssh-ed25519 DFiohQ LedJzIxbcY0X/avsMfMmpFf+bzobyqVQbCJq+EzWiwg -> ssh-ed25519 DFiohQ xEJMTBuU1uMm3goNGUln63rUbddy96+SZR8K+/LkMB4
CNJIzwEETb9fkcnwUD6wSlhVEgXsZCX2vceHVWHC1lA hFWZe+w2h6sxitweJ+dRNb6HY7YFt1k+/XDVNoDVw0Y
-> ssh-ed25519 PT7ffg DdwjbqndzOwW9T8KR3HAWuL11UaGLwBLUl9Xistu8WY -> ssh-ed25519 PT7ffg ErmwKHYuFoIS8rjMeq/5G6SWKaUhHG/N1Uy/KK7yZXU
gBJSXMjqYsebwey4b0gT1Xv0FSsw6cLuQ09fOuOaDJQ /Iz1mQp8mq7xH+kjP4S5m36GjTpzVRv40mcKPT+5rcc
--- mcc4EdBkqiYh1L9QQV3wTQCnZDdxqCOLzkp4eNu3TDQ --- 82a4oeNSWQhUtTJvV+ErC9nmT3YrATezQzY7m8G2JFU
!%ÛH0cSô¨ôÀÈ;¥èÙœCmk…<f¥¶_Yð aë‡*1¾êr¤ÏDwzŸ¨ *ŸÓ‡ê=®^¨ERÕÞ?Ž<08>b¡ô&`i¸˜¼`^lØ6N÷á4¦Œ S½î-‰þÑ¥ Ù

BIN
secrets/vaultwarden.age
View File

Binary file not shown.

BIN
secrets/voidauth.age
View File

Binary file not shown.

BIN
secrets/wpa_supplicant.age
View File

Binary file not shown.