From 3502a31065e11072ae84647e3f2c2e8db9ba1be6 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Sat, 5 Apr 2025 12:13:19 +1100 Subject: [PATCH 01/14] user/neovim-minimal: further minimise --- modules/user/neovim-minimal.nix | 10 +------ res/config-minimal.lua | 52 +++------------------------------ 2 files changed, 5 insertions(+), 57 deletions(-) diff --git a/modules/user/neovim-minimal.nix b/modules/user/neovim-minimal.nix index e319e38..a7d3f8c 100644 --- a/modules/user/neovim-minimal.nix +++ b/modules/user/neovim-minimal.nix @@ -11,9 +11,8 @@ withNodeJs = false; plugins = with pkgs.vimPlugins; [ - ctrlp-vim + fzf-vim lualine-nvim - nerdtree tokyonight-nvim vim-fugitive vim-nix @@ -21,14 +20,7 @@ vim-signify vim-surround - nvim-cmp - nvim-lspconfig - cmp-nvim-lsp - cmp_luasnip - luasnip - (nvim-treesitter.withPlugins (p: with p; [ - tree-sitter-comment tree-sitter-json tree-sitter-lua tree-sitter-nix diff --git a/res/config-minimal.lua b/res/config-minimal.lua index 7aade79..f941c9e 100644 --- a/res/config-minimal.lua +++ b/res/config-minimal.lua @@ -5,11 +5,14 @@ map('n', '', 'j', { noremap = true }) map('n', '', 'k', { noremap = true }) map('n', '', 'l', { noremap = true }) map('n', '', ':q', { noremap = true }) +map('n', '', ':Files', { noremap = true }) -- Autocommands vim.cmd('au BufEnter * set noro') +vim.cmd('au CursorHold * lua vim.diagnostic.open_float(0, { scope = "line", focusable = false })') -- Settings +vim.opt.mouse = "" vim.opt.relativenumber = true vim.opt.number = true vim.opt.cursorline = true @@ -43,56 +46,9 @@ vim.g.signify_sign_delete_first_line = '┏━' vim.g.signify_sign_change = vim.g.signify_sign_add vim.g.signify_sign_change_delete = vim.g.signify_sign_delete --- Theming -vim.g.tokyonight_style = 'night' -vim.cmd[[ - syntax enable - colorscheme tokyonight -]] -local colors = require("tokyonight.colors").setup {} -vim.cmd("highlight SignifySignAdd guifg="..colors.green) -vim.cmd("highlight SignifySignChange guifg="..colors.orange) -vim.cmd("highlight SignifySignDelete guifg="..colors.red) -vim.cmd("highlight SignifySignDeleteFirstLine guifg="..colors.red) -vim.cmd("highlight SignifySignChangeDelete guifg="..colors.red) - -- Plugins require('nvim-treesitter.configs').setup { highlight = { enable = true }, indent = { enable = false } } -require('lualine').setup { - options = { - theme = 'tokyonight' - } -} - --- LSP -local nvim_lsp = require('lspconfig') - -local on_attach = function(client, bufnr) - local function buf_set_keymap(...) vim.api.nvim_buf_set_keymap(bufnr, ...) end - local function buf_set_option(...) vim.api.nvim_buf_set_option(bufnr, ...) end - - buf_set_option('omnifunc', 'v:lua.vim.lsp.omnifunc') - - local opts = { noremap = true, silent = true } - - buf_set_keymap('n', 'gD', 'lua vim.lsp.buf.declaration()', opts) - buf_set_keymap('n', 'gd', 'lua vim.lsp.buf.definition()', opts) - buf_set_keymap('n', 'K', 'lua vim.lsp.buf.hover()', opts) - buf_set_keymap('n', 'gi', 'lua vim.lsp.buf.implementation()', opts) - buf_set_keymap('n', '', 'lua vim.lsp.buf.signature_help()', opts) - buf_set_keymap('n', 'wa', 'lua vim.lsp.buf.add_workspace_folder()', opts) - buf_set_keymap('n', 'wr', 'lua vim.lsp.buf.remove_workspace_folder()', opts) - buf_set_keymap('n', 'wl', 'lua print(vim.inspect(vim.lsp.buf.list_workspace_folders()))', opts) - buf_set_keymap('n', 'D', 'lua vim.lsp.buf.type_definition()', opts) - buf_set_keymap('n', 'rn', 'lua vim.lsp.buf.rename()', opts) - buf_set_keymap('n', 'ca', 'lua vim.lsp.buf.code_action()', opts) - buf_set_keymap('n', 'gr', 'lua vim.lsp.buf.references()', opts) - buf_set_keymap('n', 'e', 'lua vim.diagnostic.open_float(0, { scope = "line" })', opts) - buf_set_keymap('n', '[d', 'lua vim.lsp.diagnostic.goto_prev()', opts) - buf_set_keymap('n', ']d', 'lua vim.lsp.diagnostic.goto_next()', opts) - buf_set_keymap('n', 'q', 'lua vim.lsp.diagnostic.set_loclist()', opts) - buf_set_keymap('n', 'f', 'lua vim.lsp.buf.formatting()', opts) -end +require('lualine').setup { } From 4d751d72b3fddba9a2ba499c7fab049113908127 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Sat, 5 Apr 2025 13:05:59 +1100 Subject: [PATCH 02/14] hosts/hazel: init --- flake.nix | 15 +++++--- hosts/hazel/default.nix | 22 +++++++++++ hosts/hazel/filesystem.nix | 53 ++++++++++++++++++++++++++ hosts/hazel/fs-decrypt.nix | 0 hosts/hazel/kernel.nix | 10 +++++ hosts/hazel/networking.nix | 5 +++ modules/system/home-manager-stable.nix | 19 +++++++++ users/hana/default.nix | 5 +-- 8 files changed, 121 insertions(+), 8 deletions(-) create mode 100644 hosts/hazel/default.nix create mode 100644 hosts/hazel/filesystem.nix create mode 100644 hosts/hazel/fs-decrypt.nix create mode 100644 hosts/hazel/kernel.nix create mode 100644 hosts/hazel/networking.nix create mode 100644 modules/system/home-manager-stable.nix diff --git a/flake.nix b/flake.nix index db61e01..a65dbc4 100644 --- a/flake.nix +++ b/flake.nix @@ -2,15 +2,19 @@ inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; home-manager.url = "github:nix-community/home-manager"; - neovim-nightly.url = "github:nix-community/neovim-nightly-overlay"; - agenix.url = "github:ryantm/agenix"; + home-manager.inputs.nixpkgs.follows = "nixpkgs"; - aagl.url = "github:ezKEa/aagl-gtk-on-nix"; + nixpkgs-vicuna.url = "github:NixOS/nixpkgs/release-24.11"; + home-manager-vicuna.url = "github:nix-community/home-manager/release-24.11"; + home-manager-vicuna.inputs.nixpkgs.follows = "nixpkgs-vicuna"; + + agenix.url = "github:ryantm/agenix"; agenix.inputs.nixpkgs.follows = "nixpkgs"; + aagl.url = "github:ezKEa/aagl-gtk-on-nix"; catppuccin.url = "github:catppuccin/nix/8eada392fd6571a747e1c5fc358dd61c14c8704e"; catppuccin.inputs.nixpkgs.follows = "nixpkgs"; catppuccin-palette = { url = "github:catppuccin/palette"; flake = false; }; - home-manager.inputs.nixpkgs.follows = "nixpkgs"; + neovim-nightly.url = "github:nix-community/neovim-nightly-overlay"; neovim-nightly.inputs.nixpkgs.follows = "nixpkgs"; nix-gaming.url = "github:fufexan/nix-gaming"; @@ -35,7 +39,7 @@ wine-discord-ipc-bridge = { url = "github:0e4ef622/wine-discord-ipc-bridge"; flake = false; }; }; - outputs = { self, agenix, catppuccin, nixpkgs, ... } @ inputs: + outputs = { self, agenix, catppuccin, nixpkgs, nixpkgs-vicuna, ... } @ inputs: let overlays = (import ./overlays) ++ [(final: prev: { @@ -69,6 +73,7 @@ in { nixosConfigurations."anemone" = mkSystem nixpkgs "anemone" "x86_64-linux" []; + nixosConfigurations."hazel" = mkSystem nixpkgs-vicuna "hazel" "x86_64-linux" []; nixosConfigurations."hyacinth" = mkSystem nixpkgs "hyacinth" "x86_64-linux" []; packages."x86_64-linux" = diff --git a/hosts/hazel/default.nix b/hosts/hazel/default.nix new file mode 100644 index 0000000..94a4764 --- /dev/null +++ b/hosts/hazel/default.nix @@ -0,0 +1,22 @@ +{ modules, ... }: { + networking.hostName = "hazel"; + system.stateVersion = "24.11"; + time.timeZone = "Australia/Melbourne"; + + imports = with modules.system; [ + home-manager + + base + kernel + nix-stable + packages + security + + ./filesystem.nix + ./kernel.nix + ./networking.nix + ./packages.nix + + ../../users/hana + ]; +} diff --git a/hosts/hazel/filesystem.nix b/hosts/hazel/filesystem.nix new file mode 100644 index 0000000..525bb4a --- /dev/null +++ b/hosts/hazel/filesystem.nix @@ -0,0 +1,53 @@ +{ ... }: +let + mkLabelMount = label: type: options: { + device = "/dev/disk/by-label/${label}"; + fsType = type; + options = options; + }; + mkBtrfsMount = name: ext: subvol: atime: mkLabelMount name "btrfs" + [ + "autodefrag" + "compress=zstd:4" + "compress-force=zstd:4" + "defaults" + "nossd" + "space_cache=v2" + "subvol=${subvol}" + (if atime then "relatime" else "noatime") + ] ++ ext; + + mkHazelMount = mkBtrfsMount "HAZEL" [ "noauto" ]; +in +{ + boot.supportedFilesystems = [ "btrfs" ]; + fileSystems = { + "/" = { + device = "rootfs"; + fsType = "tmpfs"; + options = [ "defaults" "mode=755" ]; + }; + "/boot" = mkLabelMount "ROOT" "vfat" []; + + "/flower" = mkHazelMount "/current/flower" true; + "/persist" = mkHazelMount "/current/persist" true; + "/var" = mkHazelMount "/current/var" true; + "/nix" = mkHazelMount "/current/nix" false; + + "/mnt" = mkHazelMount "/" true; + }; + + services.snapper.cleanupInterval = "1h"; + services.snapper.configs.flower = { + FSTYPE = "btrfs"; + SUBVOLUME = "/mnt/current/flower"; + TIMELINE_CLEANUP = true; + TIMELINE_CREATE = true; + TIMELINE_MIN_AGE = "1800"; + TIMELINE_LIMIT_HOURLY = "5"; + TIMELINE_LIMIT_DAILY = "7"; + TIMELINE_LIMIT_WEEKLY = "0"; + TIMELINE_LIMIT_MONTHLY = "0"; + TIMELINE_LIMIT_YEARLY = "0"; + }; +} diff --git a/hosts/hazel/fs-decrypt.nix b/hosts/hazel/fs-decrypt.nix new file mode 100644 index 0000000..e69de29 diff --git a/hosts/hazel/kernel.nix b/hosts/hazel/kernel.nix new file mode 100644 index 0000000..20be1ed --- /dev/null +++ b/hosts/hazel/kernel.nix @@ -0,0 +1,10 @@ +{ ... }: { + boot = { + loader = { + efi.canTouchEfiVariables = true; + systemd-boot.enable = true; + }; + initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; + kernelModules = [ "kvm-amd" ]; + }; +} diff --git a/hosts/hazel/networking.nix b/hosts/hazel/networking.nix new file mode 100644 index 0000000..1dd932a --- /dev/null +++ b/hosts/hazel/networking.nix @@ -0,0 +1,5 @@ +{ config, ... }: { + networking = { + useDHCP = true; + }; +} diff --git a/modules/system/home-manager-stable.nix b/modules/system/home-manager-stable.nix new file mode 100644 index 0000000..6f9f9cc --- /dev/null +++ b/modules/system/home-manager-stable.nix @@ -0,0 +1,19 @@ +{ config, inputs, modules, ... }: { + imports = [ + inputs.home-manager-vicuna.nixosModules.home-manager + ]; + home-manager = { + useGlobalPkgs = true; + useUserPackages = true; + extraSpecialArgs = { + inherit inputs modules; + sysConfig = config; + }; + sharedModules = [ + { + imports = [ modules.options ]; + config.me = config.me; + } + ]; + }; +} diff --git a/users/hana/default.nix b/users/hana/default.nix index 25cfc8b..a895181 100644 --- a/users/hana/default.nix +++ b/users/hana/default.nix @@ -7,8 +7,7 @@ uid = 1002; hashedPassword = "$y$j9T$3xCNDudmfrIu5VfQQoDkj/$ugzJWq0gORN9jnhDsREu31CkL3zwniQu6KoLbmg6Wr/"; openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPru5eTBvHJ4ZmrrzPRHCGM09wQP/ZHSaKYalDuBVO15 rin@blossom" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ5l9t8dc6mPsKKYqZlPKvhOdyqz+DS5UOcvHuh3uVGt @strawberry" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPru5eTBvHJ4ZmrrzPRHCGM09wQP/ZHSaKYalDuBVO15 rin@anemone" ]; }; @@ -16,7 +15,7 @@ home = { username = "hana"; homeDirectory = "/home/hana"; - stateVersion = "23.11"; + stateVersion = "24.11"; }; imports = with modules.user; [ From 5be539a686a98a7ed20a120fb0c2088f6faf2cf8 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Sat, 5 Apr 2025 13:14:43 +1100 Subject: [PATCH 03/14] flake: lock inputs --- flake.lock | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/flake.lock b/flake.lock index 2657ea9..ab8ed03 100644 --- a/flake.lock +++ b/flake.lock @@ -387,6 +387,27 @@ "type": "github" } }, + "home-manager-vicuna": { + "inputs": { + "nixpkgs": [ + "nixpkgs-vicuna" + ] + }, + "locked": { + "lastModified": 1743808813, + "narHash": "sha256-2lDQBOmlz9ggPxcS7/GvcVdzXMIiT+PpMao6FbLJSr0=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "a9f8b3db211b4609ddd83683f9db89796c7f6ac6", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-24.11", + "repo": "home-manager", + "type": "github" + } + }, "home-manager_2": { "inputs": { "nixpkgs": [ @@ -580,6 +601,22 @@ "type": "github" } }, + "nixpkgs-vicuna": { + "locked": { + "lastModified": 1743813633, + "narHash": "sha256-BgkBz4NpV6Kg8XF7cmHDHRVGZYnKbvG0Y4p+jElwxaM=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "7819a0d29d1dd2bc331bec4b327f0776359b1fa6", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs_2": { "locked": { "lastModified": 1743076231, @@ -675,10 +712,12 @@ "catppuccin-palette": "catppuccin-palette", "fast-syntax-highlighting": "fast-syntax-highlighting", "home-manager": "home-manager_3", + "home-manager-vicuna": "home-manager-vicuna", "linux-tkg": "linux-tkg", "neovim-nightly": "neovim-nightly", "nix-gaming": "nix-gaming", "nixpkgs": "nixpkgs_3", + "nixpkgs-vicuna": "nixpkgs-vicuna", "nvim-treesitter": "nvim-treesitter", "pure": "pure", "spicetify-nix": "spicetify-nix", From 548c2f868f7ca89db0c2b09c7501b1bfc8fbbf7e Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Sat, 5 Apr 2025 13:16:08 +1100 Subject: [PATCH 04/14] hosts/hazel: remove packages module --- hosts/hazel/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/hosts/hazel/default.nix b/hosts/hazel/default.nix index 94a4764..d0b6960 100644 --- a/hosts/hazel/default.nix +++ b/hosts/hazel/default.nix @@ -15,7 +15,6 @@ ./filesystem.nix ./kernel.nix ./networking.nix - ./packages.nix ../../users/hana ]; From f535775b773f8bb4d0a1214f4ff029e8abf4e255 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Sat, 5 Apr 2025 13:18:05 +1100 Subject: [PATCH 05/14] hazel/filesystem: fix syntax --- hosts/hazel/filesystem.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hosts/hazel/filesystem.nix b/hosts/hazel/filesystem.nix index 525bb4a..d93a43b 100644 --- a/hosts/hazel/filesystem.nix +++ b/hosts/hazel/filesystem.nix @@ -6,7 +6,7 @@ let options = options; }; mkBtrfsMount = name: ext: subvol: atime: mkLabelMount name "btrfs" - [ + ([ "autodefrag" "compress=zstd:4" "compress-force=zstd:4" @@ -15,7 +15,7 @@ let "space_cache=v2" "subvol=${subvol}" (if atime then "relatime" else "noatime") - ] ++ ext; + ] ++ ext); mkHazelMount = mkBtrfsMount "HAZEL" [ "noauto" ]; in From e6f0a356af7bba64831191eb3b04949207c24938 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Sat, 5 Apr 2025 13:19:34 +1100 Subject: [PATCH 06/14] hosts/hazel: use hm-stable --- hosts/hazel/default.nix | 2 +- modules/default.nix | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/hosts/hazel/default.nix b/hosts/hazel/default.nix index d0b6960..14e6645 100644 --- a/hosts/hazel/default.nix +++ b/hosts/hazel/default.nix @@ -4,7 +4,7 @@ time.timeZone = "Australia/Melbourne"; imports = with modules.system; [ - home-manager + home-manager-stable base kernel diff --git a/modules/default.nix b/modules/default.nix index ef69bad..27a81d0 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -36,6 +36,7 @@ in { ./system/greetd.nix ./system/gui.nix ./system/home-manager.nix + ./system/home-manager-stable.nix ./system/input.nix ./system/kernel.nix ./system/nix.nix From 9212de3ab24e620ad64408aaab26e6e2571316ba Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Sat, 5 Apr 2025 13:21:09 +1100 Subject: [PATCH 07/14] hosts/hazel: set env to headless --- hosts/hazel/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/hazel/default.nix b/hosts/hazel/default.nix index 14e6645..5bd3ed4 100644 --- a/hosts/hazel/default.nix +++ b/hosts/hazel/default.nix @@ -18,4 +18,6 @@ ../../users/hana ]; + + me.environment = "headless"; } From 7d50fa4b7577a876b0fafe30335f9e918f90e204 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Sat, 5 Apr 2025 13:22:12 +1100 Subject: [PATCH 08/14] hazel/filesystem: fix empty option --- hosts/hazel/filesystem.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/hazel/filesystem.nix b/hosts/hazel/filesystem.nix index d93a43b..35bac65 100644 --- a/hosts/hazel/filesystem.nix +++ b/hosts/hazel/filesystem.nix @@ -3,7 +3,7 @@ let mkLabelMount = label: type: options: { device = "/dev/disk/by-label/${label}"; fsType = type; - options = options; + options = [ "defaults" ] ++ options; }; mkBtrfsMount = name: ext: subvol: atime: mkLabelMount name "btrfs" ([ From 7f3df40afec448b0b06982606519ac03164c240c Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Sat, 5 Apr 2025 13:24:31 +1100 Subject: [PATCH 09/14] system/base: remove nixpkgs registry --- modules/system/base.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/system/base.nix b/modules/system/base.nix index c924309..143728f 100644 --- a/modules/system/base.nix +++ b/modules/system/base.nix @@ -21,6 +21,5 @@ }; }; nix.registry.config.flake = inputs.self; - nix.registry.nixpkgs.flake = inputs.nixpkgs; nix.registry.shells.flake = inputs.self; } From a411469b2bb4205fc6cdbaa5711f987c2b2589aa Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Sat, 5 Apr 2025 13:39:00 +1100 Subject: [PATCH 10/14] system/packages: add kitty.terminfo --- modules/system/packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/system/packages.nix b/modules/system/packages.nix index d13ac73..2b6b12d 100644 --- a/modules/system/packages.nix +++ b/modules/system/packages.nix @@ -7,6 +7,7 @@ git htop jq + kitty.terminfo libarchive lf msr-tools From dbbd96c274f4b9dfb3a638753db93f0775492e4d Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Sat, 5 Apr 2025 13:42:08 +1100 Subject: [PATCH 11/14] hazel/filesystem: remove noauto --- hosts/hazel/filesystem.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/hazel/filesystem.nix b/hosts/hazel/filesystem.nix index 35bac65..2a60898 100644 --- a/hosts/hazel/filesystem.nix +++ b/hosts/hazel/filesystem.nix @@ -17,7 +17,7 @@ let (if atime then "relatime" else "noatime") ] ++ ext); - mkHazelMount = mkBtrfsMount "HAZEL" [ "noauto" ]; + mkHazelMount = mkBtrfsMount "HAZEL" []; in { boot.supportedFilesystems = [ "btrfs" ]; From 7a6aa37647cf95d00b6323512d91658affa3ae4d Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Sat, 5 Apr 2025 14:09:28 +1100 Subject: [PATCH 12/14] secrets: rekey --- secrets.nix | 16 +++++++--------- secrets/acme_dns.age | 12 ++++++------ secrets/passwd.age | Bin 751 -> 531 bytes secrets/warden_admin.age | Bin 399 -> 289 bytes secrets/wg_blossom.age | 13 ++++++------- secrets/wg_caramel.age | 10 ++++------ secrets/wg_sugarcane.age | 10 ++++------ secrets/wpa_conf.age | Bin 530 -> 420 bytes 8 files changed, 27 insertions(+), 34 deletions(-) diff --git a/secrets.nix b/secrets.nix index 7a1ea24..ed7bde5 100644 --- a/secrets.nix +++ b/secrets.nix @@ -1,18 +1,16 @@ let anemone = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEPFifSAybe97xDP/cq6AAjy7Fm0go0dtQ9ICK6JRUgc"; blossom = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA5wfPCcpkNR3ubr7cBV0UwVCDo/sMmV0aI/JOJTIxQj"; - caramel = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIPFJT1XYyjDZFHYT/8RdxAReKkeU8QfpLrmMjEeW/80"; - sugarcane = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIImymDDLSOdLcsox8wxS9Z84fsbsz6Mi58OU0od2p/ZQ"; - dandelion = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFUk99ku7+eiIO7Q9sIPlPx3GiUljLv7W404W/zwrtzI"; + hazel = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ6mi50ecrrMIn5C4QUyCjPHfSElz0mhevvFCznUzIrK"; rin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPru5eTBvHJ4ZmrrzPRHCGM09wQP/ZHSaKYalDuBVO15"; in { - "secrets/passwd.age".publicKeys = [ anemone blossom caramel sugarcane rin ]; - "secrets/wpa_conf.age".publicKeys = [ blossom caramel rin ]; + "secrets/passwd.age".publicKeys = [ anemone blossom rin ]; + "secrets/wpa_conf.age".publicKeys = [ blossom rin ]; - "secrets/acme_dns.age".publicKeys = [ dandelion rin ]; - "secrets/warden_admin.age".publicKeys = [ caramel rin ]; + "secrets/acme_dns.age".publicKeys = [ hazel rin ]; + "secrets/warden_admin.age".publicKeys = [ rin ]; "secrets/wg_blossom.age".publicKeys = [ blossom rin ]; - "secrets/wg_caramel.age".publicKeys = [ caramel rin ]; - "secrets/wg_sugarcane.age".publicKeys = [ sugarcane rin ]; + "secrets/wg_caramel.age".publicKeys = [ rin ]; + "secrets/wg_sugarcane.age".publicKeys = [ rin ]; } diff --git a/secrets/acme_dns.age b/secrets/acme_dns.age index 96eb63c..2c7d78f 100644 --- a/secrets/acme_dns.age +++ b/secrets/acme_dns.age @@ -1,7 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 bRFqeQ KWUiFdB5Lpd1BYGdmO/IcX0Cj9SUowY5sfwWH/FVyAU -hJKgLSMy/yLfoRtIDVmK71cDoHALXp2rgmJuagpqJ1I --> ssh-ed25519 U9FXlg bgY7WWmCyMWJzLSAnyZwCN5Lm29WVUILVkOUDFKgryo -AZzW/A/rQEmSiy89ixBZHH9TbuLKlyAlWKLNDZj69+k ---- EoGAYXy1ggHHKrcZqHz4ugM2Biil4BCpFzVjEClsoKY -Iz淣ZAvXwh|ݧOXduҠ(nk , >5tu(ܸwlp[\/srpkۧFR \ No newline at end of file +-> ssh-ed25519 ZAcXHw X9WY0FdUMu85iMn7JOdsDxJsKH0wIApPyCWyAWiIB1U +ktEphBxUDaFsrwdomf4TTBeUy3RF7acMMmF0gwYIKWI +-> ssh-ed25519 U9FXlg MnvQHRu9SKFGmuX9niiDG2SuUrf2nNO2x7uFqnebVQk +qDZ/yRn70+xMnE2m/KWfA1ORQ+ssSm/k+MLBIwV5iqA +--- 7M1OahbR167KzlN5SiBKBRUEsq3hgjFWa/pmWfCjD+E +4 •aEyCz[@qsobp}/Ɖ?Jp+bm>.PqB{_fۭ6 Vs )/ \ No newline at end of file diff --git a/secrets/passwd.age b/secrets/passwd.age index 7d2a22449bce6d1b4351487b311a26e2c4412171..207417cd4e0ac24a12c5459a79be18e57f5b49b5 100644 GIT binary patch delta 479 zcmaFQI+IRz#peT6(6jSDw zxJS6FkDFUQS5QDeMTWn7gUS1v+NuJJ5^uhZUxq7PZE_&T`yhRu{MR%bZ1qdz!Cb`O0y9O6S_? zR$XB}s>>8--Y7F(epqnk-rlFJQ4LqUPW{Z6KB_m_nw?eu=IIRz#qJSz(pAkB_UPwt2phMU-QiNqt0;fp(~+Z+U95YhqDia!zqs zps#s`o1t?gS6Gr!WM)*3n^(Glc9ywwX;iLTXqA6TQe|XBrEfq%nYXD&u}4ZlQECc? zb=gIcsilDmzGcbAE>*cMzUICGc|m0X{>5q9=5BsjRrwZ02E~aPS-JHYX?d2OW?{jR zTrQSr0s8rlWd^|>NzMl0<-wjtnI=)mS!N#D0s5KlKHi0X;o2^R$wn@&=)Uu)Fg8yv zS4cBV@(4~h4K(%(G)b+j^03sdG;xVY3kpjMb2JI5O3$l|3=4NO%`3{V;PN)HOf9cW zS1}JQ_sA_Saf}QJGjS}@&&Um|D5)^cGVv=iF1APt)_1b>3Y_>+ygu2}!#gZJ$Wz}i z&!fmK&CJX4=b&D6^{*fY<^q$n^rkjuHsrK-eT+bB0bIVv#BBrn4& z&@&<_&@ClD(ZC?hA}l}I!^0!X&@s6xluK7vS3x@`)!8^V($^=#&B)xsSKA{b+{`mG zq_8B%B;2RGEX*i5xjv^Pq9Q9%-(jk zzoC4FQ?0W=b4u>&c~!rgSa!UdZEIE1b10sTt2jcmYyS_8#|Pdfwk|lJ@SrT@-t_t} zvy;m=vfcgeq7al_+IiBB;r2zB>rvhE#}Y4A|M0Ror4y=uDY55}-?1n+&_5%>!!JCL zOIKG{!89Z}v(!8!BPT1}ElNMw$v4f>GB4OU*wooAur@g~#Vf@rAuJ5w9zvQ#1TT52vis^S{r!neX*!jpV MU(;u$e2;Pm07^|_Bme*a delta 371 zcmZ3;)XzLYwLZHjGPN{NA`JxHv;MHO0u()X-8P)Y2^?CtV>d#MGstvNSV2yWY{qEU6^L+0?hhq^!)jw94Pf zydtYKO+QaREz;l7$IXDtC(pRRDA}^Oyx89_yec3#yEIZizpTvI!`&h{N8dQbqrjsu z$ip)^yC{@PS65e|*eTf5+cexgs4O|XsMyjuC?YDWtR&Udv@ozJAj4Nbq$oEd**qy! zJ0+c~EoW|t)JG15X2!JtSHD?4^1k&X!&pe^&Y3IACw0ABk?iv!#?@iJ?u8S1Sv*M- zw4FSyxjt$H9{IPm=72#~k^JG@bsc*=76$5NoQYD-c`{@7cSA ssh-ed25519 CUCjXQ iM2w01v4y0Q3DVbpGtt6f3HiHMRw7Xr08JgTB6fe8x4 -WiBMVRZr1edBVfLAPAFT4GSEGoyn9jWzO92yysNM9Mo --> ssh-ed25519 U9FXlg Bvlaqu4nEbjfBGgBFKDmD1cBbxH2+dyz1BHzegz1AS4 -+sf3rC0J2Ik1SNtpr52GxV6G6tzGLiwlvjXFWE3qrSw ---- yaZjH1jeXqPGiw1lIkH9uz6QJo/nM1lBezbpVlJDNUM -cgj" -U"^ *ADvl2cRq).NLtZjCB5l^0)䥆. \ No newline at end of file +-> ssh-ed25519 CUCjXQ mqquiRe6H9yHqO6lEs+V5J1AVMEerJ3fvHsyqZQPcG4 +C/oLdx+x56uwtCKHz8Et/dhEsY3OVgU4EN8QMGLqlhk +-> ssh-ed25519 U9FXlg W1WAEuZWAUmPgFNMVHe4QFvyg8JB7KVCSY3G4NIqCm4 +oCC5ygrI2NX7A3RoS/0ec1xkxaNdpI+7mAD7rP1pbVY +--- gY/ClncwSlIhONgOsaSsNXHQvIJSUFyskJ9op3ZmzbU +q9&ױԥ'^ B&3C[&R1m[uB|H{P>}W3*89}X݀ \ No newline at end of file diff --git a/secrets/wg_caramel.age b/secrets/wg_caramel.age index 37276ac..dced6d8 100644 --- a/secrets/wg_caramel.age +++ b/secrets/wg_caramel.age @@ -1,7 +1,5 @@ age-encryption.org/v1 --> ssh-ed25519 krYeuQ vlK9Aa/Fhkj1jTAcccxKnSzj0jNfEoX5ymPhlaqIVSs -Vb7lRsCmKM0Fvfb+NyNnNCjqCAQsndLNdA1nXFkiOrA --> ssh-ed25519 U9FXlg H9ivqARf7cdfyBd4QnlqLiPNpfk2X/eK60K5//+7l1g -oYgaHVWJ8xc+fmMTMvrXSt1DsVfbNF0z4V+N/C1vwXY ---- jtu3xxWFDWBtme5eM52EsMmOwKDss8EctnY7FpfQcI4 -`sE+XVHGɯIZH{8Ƣݙۅo3c=9B:gtl ёvJ> +-> ssh-ed25519 U9FXlg XAfjch0Ys155BWD6jaQKUb8xTUg2Y1oPiAjWBHH08CM +wgp//+xP+U1Brbn2Wm/wLDFTDIqfp9rK5S21DeoEjaI +--- XsNFAF201zpqjyqi3gKJyMU4UY+AzTu8BxTBXb0GDEM +e*J#J+\llR fƞw~3G]E"NahP ЀV8[xA&\5RN \ No newline at end of file diff --git a/secrets/wg_sugarcane.age b/secrets/wg_sugarcane.age index ef79954..d07a6bd 100644 --- a/secrets/wg_sugarcane.age +++ b/secrets/wg_sugarcane.age @@ -1,7 +1,5 @@ age-encryption.org/v1 --> ssh-ed25519 Hx37cw 6W7QYggFHAuAPxCBoTWdwSRxmJhtGHDgg3C2UJ73qgM -Af4Gpj2kQsNWrMt4ZQ1ItmKsuSq7McE9Ckc9mAkotms --> ssh-ed25519 U9FXlg +snitv62lCxu4sMz/iS8mz8I+5KUwtLO0jyAY1epr0s -ePqUSmK3P3PVLo+IdWK3Gq+7b2kMkbJmpsyXqcWFAf8 ---- oA8Y59o/iow4m2TjmFx5BvClendD1fpi2sRNtxnXz3Y -(Gdm6i>>(~B{b3HG7֟[qB:٬'I92ЅJd} \ No newline at end of file +-> ssh-ed25519 U9FXlg nANUFeShFwM9GPwCsfUjQre6FJ3KD42uwM2veyJKqVY +qn17BM6j3alTyTdWslWyGhyRKHR9/jdczTPr9i6ZzyE +--- mY/i+wgNV7nDRSJDJkJG1TdOno+ARZcrvRMJiBLy8EI +=!n\21;,O+/x*\ Q57Tq5bS=úF!SL$iwB70zZ{!SB< \ No newline at end of file diff --git a/secrets/wpa_conf.age b/secrets/wpa_conf.age index 17e93a9e7aecee8096bb02f3eea576b17cdd583a..7ee2ed7ed867b64e1b616cc405eec048babf0cda 100644 GIT binary patch delta 366 zcmbQlvV?hpPPnImZ@#OafkCQoV4-oES#gDs^(k%! z5f$#?E+t0kQJIw%K7JnV&c=y(xuwQAnT4T6xmlUvLAf50<=Mu*TxG`QC6-?LE>2~R z`9=j6hJo2(>H3Bdx9Q zG|kM)slEO}G{nQ;ZPL!RIR`$SWj>J|oc&X0j(2$N?Vlq0*?I*M%)d|0);@M1qaZOT zi~nK!#4Er1XCKN@X`a7zc7p8B&@}y3ckW9_<<)#jZ%vN4X1MgF|H&_#Ux=*Ii)G+R QnOn2Ye7ADC+KDT_0bMwe9smFU delta 496 zcmZ3&Jc(t3PJK#Hkc)4XX>Mt-X=J!_Mu=B{QGRJfctLo%Us9ThUv5-hc~OLCL1?f` zI#-^FWm1@5ZepHezGJR-N`#ARRiUqIL6l#fqobdfrJ+YzVwRmuph4UqFCcK~YY!sX>0KML=+dp;J|;OJSIEXik_X zx^Da*IToS0&UppNUI9hv8RlX2F3AR|rr|l| zzFgi(xygPdsm`fYj%7y9c^>($0TyA&p~j`<=?0Nb{skGy+4>=shQYZ>pe``z9~UDS?0lpwgM!y8+C{z}+i<`cYd4gdr3xw8NO From 28cca81e69b843c8c38ad85ccf84232284417bbd Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Sat, 5 Apr 2025 14:10:13 +1100 Subject: [PATCH 13/14] hazel: add nextcloud --- hosts/hazel/default.nix | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/hosts/hazel/default.nix b/hosts/hazel/default.nix index 5bd3ed4..79a6b2a 100644 --- a/hosts/hazel/default.nix +++ b/hosts/hazel/default.nix @@ -1,4 +1,4 @@ -{ modules, ... }: { +{ modules, pkgs, ... }: { networking.hostName = "hazel"; system.stateVersion = "24.11"; time.timeZone = "Australia/Melbourne"; @@ -8,6 +8,7 @@ base kernel + nginx nix-stable packages security @@ -20,4 +21,15 @@ ]; me.environment = "headless"; + + services.nextcloud = { + enable = true; + package = pkgs.nextcloud31; + hostName = "cloud.lava.moe"; + database.createLocally = true; + config = { + dbtype = "pgsql"; + adminpassFile = "/persist/nextcloud-admin-pass"; + }; + }; } From 27edd08727815d74fa3d551e4c1c88768636951f Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Sat, 5 Apr 2025 14:11:08 +1100 Subject: [PATCH 14/14] hosts/hazel: fix nginx module --- hosts/hazel/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/hazel/default.nix b/hosts/hazel/default.nix index 79a6b2a..c487e5e 100644 --- a/hosts/hazel/default.nix +++ b/hosts/hazel/default.nix @@ -3,7 +3,7 @@ system.stateVersion = "24.11"; time.timeZone = "Australia/Melbourne"; - imports = with modules.system; [ + imports = with modules.system; with modules.services; [ home-manager-stable base