From aa8db509d5428b75627e1b880632a27996deca9b Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Tue, 20 May 2025 01:16:15 +1000 Subject: [PATCH 001/301] overlays/oci-cli: init --- overlays/default.nix | 1 + overlays/oci-cli.nix | 5 +++++ overlays/patches/oci.patch | 30 ++++++++++++++++++++++++++++++ 3 files changed, 36 insertions(+) create mode 100644 overlays/oci-cli.nix create mode 100644 overlays/patches/oci.patch diff --git a/overlays/default.nix b/overlays/default.nix index 752a2c8..220fd11 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -5,6 +5,7 @@ builtins.map (path: import path) [ ./ccache.nix ./eww.nix ./material-icons.nix + ./oci-cli.nix ./steam.nix ./utillinux.nix ./wpa-supplicant.nix diff --git a/overlays/oci-cli.nix b/overlays/oci-cli.nix new file mode 100644 index 0000000..4e780dd --- /dev/null +++ b/overlays/oci-cli.nix @@ -0,0 +1,5 @@ +self: super: { + oci-cli = super.oci-cli.overrideAttrs(o: { + patches = o.patches ++ [ ./patches/oci.patch ]; + }); +} diff --git a/overlays/patches/oci.patch b/overlays/patches/oci.patch new file mode 100644 index 0000000..bdc80f7 --- /dev/null +++ b/overlays/patches/oci.patch @@ -0,0 +1,30 @@ +diff --git a/services/core/src/oci_cli_virtual_network/virtualnetwork_cli_extended.py b/services/core/src/oci_cli_virtual_network/virtualnetwork_cli_extended.py +index 44562fd9780..ae426944a47 100644 +--- a/services/core/src/oci_cli_virtual_network/virtualnetwork_cli_extended.py ++++ b/services/core/src/oci_cli_virtual_network/virtualnetwork_cli_extended.py +@@ -285,13 +285,13 @@ def unassign_private_ip(ctx, from_json, vnic_id, ip_address): + click.echo('Unassigned IP address {} from VNIC {}'.format(ip_address, vnic_id), err=True) + + +-@cli_util.copy_params_from_generated_command(virtualnetwork_cli.create_ipv6, params_to_exclude=['wait_for_state', 'max_wait_seconds', 'wait_interval_seconds']) ++@cli_util.copy_params_from_generated_command(virtualnetwork_cli.create_ipv6, params_to_exclude=['wait_for_state', 'max_wait_seconds', 'wait_interval_seconds', 'subnet_id']) + @virtualnetwork_cli.vnic_group.command(name='assign-ipv6', help=virtualnetwork_cli.create_ipv6.help) + @cli_util.option('--unassign-if-already-assigned', is_flag=True, default=False, help="""Force reassignment of the IP address if it's already assigned to another VNIC in the subnet. This is only relevant if an IP address is associated with this command.""") + @click.pass_context + @json_skeleton_utils.json_skeleton_generation_handler(input_params_to_complex_types={'defined-tags': {'module': 'core', 'class': 'dict(str, dict(str, object))'}, 'freeform-tags': {'module': 'core', 'class': 'dict(str, string)'}}, output_type={'module': 'core', 'class': 'PrivateIp'}) + @cli_util.wrap_exceptions +-def assign_ipv6(ctx, from_json, vnic_id, defined_tags, display_name, freeform_tags, ip_address, unassign_if_already_assigned, ipv6_subnet_cidr, route_table_id): ++def assign_ipv6(ctx, from_json, vnic_id, defined_tags, display_name, freeform_tags, ip_address, unassign_if_already_assigned, ipv6_subnet_cidr, route_table_id, lifetime): + networking_client = cli_util.build_client('core', 'virtual_network', ctx) + + # First we get the VNIC because we need to know the subnet OCID for the ListIpv6s call +@@ -348,6 +348,9 @@ def assign_ipv6(ctx, from_json, vnic_id, defined_tags, display_name, freeform_ta + if route_table_id is not None: + assign_ip_request_body['routeTableId'] = route_table_id + ++ if lifetime is not None: ++ assign_ip_request_body['lifetime'] = lifetime ++ + # If we are here then either the IP address does not exist or it is a candidate to be moved + if not is_ip_reassignment: + if ip_address is not None: From a915e57d34c7d99fe238a660832e701d8d237dfc Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Tue, 20 May 2025 01:16:15 +1000 Subject: [PATCH 002/301] overlays/oci-cli: init --- overlays/default.nix | 1 + overlays/oci-cli.nix | 5 +++++ overlays/patches/oci.patch | 30 ++++++++++++++++++++++++++++++ 3 files changed, 36 insertions(+) create mode 100644 overlays/oci-cli.nix create mode 100644 overlays/patches/oci.patch diff --git a/overlays/default.nix b/overlays/default.nix index 752a2c8..220fd11 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -5,6 +5,7 @@ builtins.map (path: import path) [ ./ccache.nix ./eww.nix ./material-icons.nix + ./oci-cli.nix ./steam.nix ./utillinux.nix ./wpa-supplicant.nix diff --git a/overlays/oci-cli.nix b/overlays/oci-cli.nix new file mode 100644 index 0000000..78a8a23 --- /dev/null +++ b/overlays/oci-cli.nix @@ -0,0 +1,5 @@ +self: super: { + oci-cli = super.oci-cli.overrideAttrs(o: { + patches = (o.patches or []) ++ [ ./patches/oci.patch ]; + }); +} diff --git a/overlays/patches/oci.patch b/overlays/patches/oci.patch new file mode 100644 index 0000000..bdc80f7 --- /dev/null +++ b/overlays/patches/oci.patch @@ -0,0 +1,30 @@ +diff --git a/services/core/src/oci_cli_virtual_network/virtualnetwork_cli_extended.py b/services/core/src/oci_cli_virtual_network/virtualnetwork_cli_extended.py +index 44562fd9780..ae426944a47 100644 +--- a/services/core/src/oci_cli_virtual_network/virtualnetwork_cli_extended.py ++++ b/services/core/src/oci_cli_virtual_network/virtualnetwork_cli_extended.py +@@ -285,13 +285,13 @@ def unassign_private_ip(ctx, from_json, vnic_id, ip_address): + click.echo('Unassigned IP address {} from VNIC {}'.format(ip_address, vnic_id), err=True) + + +-@cli_util.copy_params_from_generated_command(virtualnetwork_cli.create_ipv6, params_to_exclude=['wait_for_state', 'max_wait_seconds', 'wait_interval_seconds']) ++@cli_util.copy_params_from_generated_command(virtualnetwork_cli.create_ipv6, params_to_exclude=['wait_for_state', 'max_wait_seconds', 'wait_interval_seconds', 'subnet_id']) + @virtualnetwork_cli.vnic_group.command(name='assign-ipv6', help=virtualnetwork_cli.create_ipv6.help) + @cli_util.option('--unassign-if-already-assigned', is_flag=True, default=False, help="""Force reassignment of the IP address if it's already assigned to another VNIC in the subnet. This is only relevant if an IP address is associated with this command.""") + @click.pass_context + @json_skeleton_utils.json_skeleton_generation_handler(input_params_to_complex_types={'defined-tags': {'module': 'core', 'class': 'dict(str, dict(str, object))'}, 'freeform-tags': {'module': 'core', 'class': 'dict(str, string)'}}, output_type={'module': 'core', 'class': 'PrivateIp'}) + @cli_util.wrap_exceptions +-def assign_ipv6(ctx, from_json, vnic_id, defined_tags, display_name, freeform_tags, ip_address, unassign_if_already_assigned, ipv6_subnet_cidr, route_table_id): ++def assign_ipv6(ctx, from_json, vnic_id, defined_tags, display_name, freeform_tags, ip_address, unassign_if_already_assigned, ipv6_subnet_cidr, route_table_id, lifetime): + networking_client = cli_util.build_client('core', 'virtual_network', ctx) + + # First we get the VNIC because we need to know the subnet OCID for the ListIpv6s call +@@ -348,6 +348,9 @@ def assign_ipv6(ctx, from_json, vnic_id, defined_tags, display_name, freeform_ta + if route_table_id is not None: + assign_ip_request_body['routeTableId'] = route_table_id + ++ if lifetime is not None: ++ assign_ip_request_body['lifetime'] = lifetime ++ + # If we are here then either the IP address does not exist or it is a candidate to be moved + if not is_ip_reassignment: + if ip_address is not None: From 5c94de54e76c4820918e76347d3199adb9abdeeb Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Tue, 20 May 2025 01:17:17 +1000 Subject: [PATCH 003/301] system/packages: add oci-cli --- modules/system/packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/system/packages.nix b/modules/system/packages.nix index baae1cc..b257880 100644 --- a/modules/system/packages.nix +++ b/modules/system/packages.nix @@ -17,6 +17,7 @@ neovim nfs-utils ntfs3g + oci-cli ripgrep rsync sshfs From 8b0dfd5661297def629d392d002c95f0e77876c6 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Tue, 20 May 2025 01:17:17 +1000 Subject: [PATCH 004/301] system/packages: add oci-cli --- modules/system/packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/system/packages.nix b/modules/system/packages.nix index baae1cc..b257880 100644 --- a/modules/system/packages.nix +++ b/modules/system/packages.nix @@ -17,6 +17,7 @@ neovim nfs-utils ntfs3g + oci-cli ripgrep rsync sshfs From a4b2db236a4dd7481656e7b707e7ed84f37834dd Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Tue, 20 May 2025 01:18:42 +1000 Subject: [PATCH 005/301] patch --- overlays/oci-cli.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/overlays/oci-cli.nix b/overlays/oci-cli.nix index 4e780dd..78a8a23 100644 --- a/overlays/oci-cli.nix +++ b/overlays/oci-cli.nix @@ -1,5 +1,5 @@ self: super: { oci-cli = super.oci-cli.overrideAttrs(o: { - patches = o.patches ++ [ ./patches/oci.patch ]; + patches = (o.patches or []) ++ [ ./patches/oci.patch ]; }); } From de2e9d41f04ec4ac0b6bd6c833b9830c7e169a1f Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Tue, 20 May 2025 02:34:18 +1000 Subject: [PATCH 006/301] wg test --- hosts/dandelion/default.nix | 1 + modules/system/wireguard.nix | 56 ++++++++++++++++------------------- secrets.gcrypt/shared.json | Bin 154 -> 263 bytes secrets.nix | 5 ++-- secrets/acme_dns.age | Bin 492 -> 492 bytes secrets/passwd.age | Bin 531 -> 531 bytes secrets/warden_admin.age | Bin 289 -> 289 bytes secrets/wg_anemone.age | Bin 0 -> 367 bytes secrets/wg_blossom.age | 7 ----- secrets/wg_caramel.age | 9 +++--- secrets/wg_dandelion.age | 7 +++++ secrets/wg_hyacinth.age | 7 +++++ secrets/wg_sugarcane.age | 5 ---- secrets/wpa_conf.age | Bin 420 -> 420 bytes 14 files changed, 49 insertions(+), 48 deletions(-) create mode 100644 secrets/wg_anemone.age delete mode 100644 secrets/wg_blossom.age create mode 100644 secrets/wg_dandelion.age create mode 100644 secrets/wg_hyacinth.age delete mode 100644 secrets/wg_sugarcane.age diff --git a/hosts/dandelion/default.nix b/hosts/dandelion/default.nix index 5f13e44..4268910 100644 --- a/hosts/dandelion/default.nix +++ b/hosts/dandelion/default.nix @@ -16,6 +16,7 @@ nix-stable packages security + wireguard modules.services.nginx modules.services.postgres diff --git a/modules/system/wireguard.nix b/modules/system/wireguard.nix index 2684d65..9e5ef15 100644 --- a/modules/system/wireguard.nix +++ b/modules/system/wireguard.nix @@ -1,14 +1,12 @@ -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, gcSecrets, ... }: let port = 51820; - serverName = "sugarcane"; - serverInterface = "ens3"; - serverIp = "51.79.240.130"; + serverName = "dandelion"; + serverInterface = "enp0s6"; + serverIp = gcSecrets.wireguard.gateway; forwarding = { - "80" = [ "10.100.0.2" "80" ]; - "443" = [ "10.100.0.2" "443" ]; - "22727" = [ "10.100.0.3" "7777" ]; +# "22727" = [ "10.100.0.3" "7777" ]; }; mapForwards = type: @@ -24,45 +22,39 @@ let ); routeBypass = { - caramel = { - gateway = "192.168.100.1"; - interface = "wlan0"; - routes = [ - serverIp - ]; + anemone = { + interface = "wlp1s0"; + routes = [ serverIp ]; }; hyacinth = { - gateway = "192.168.100.1"; interface = "enp5s0"; - routes = [ - serverIp - ]; + routes = [ serverIp ]; }; }; clients = { - caramel = { - publicKey = "VDqcpS0lJzFgwikj61MJ1xc9P8Cuq0NXa+Hc+etn2iA="; - allowedIPs = [ "10.100.0.2/32" ]; - }; + # caramel = { + # publicKey = "VDqcpS0lJzFgwikj61MJ1xc9P8Cuq0NXa+Hc+etn2iA="; + # allowedIPs = [ "10.100.0.2/32" ]; + # }; hyacinth = { publicKey = "6nVhazYdmC15A/nke9VrqIg3sOBVOmqj4GEsyBq7MVo="; - allowedIPs = [ "10.100.0.3/32" ]; + allowedIPs = [ "10.100.0.3/32" "${gcSecrets.wireguard.ipv6Subnet}:3"]; }; - strawberry = { + anemone = { publicKey = "Fkcp/VSN4Dkhly8V4hskF4lnDviA7VZHCnWf7OliFCg="; - allowedIPs = [ "10.100.0.4/32" ]; + allowedIPs = [ "10.100.0.4/32" "${gcSecrets.wireguard.ipv6Subnet}:4" ]; }; - maple = { - publicKey = "kPw8hpANygfz83Oi/l+iCVYalV2zfs7fhkccjoGG2Do="; - allowedIPs = [ "10.100.0.5/32" ]; + hibiscus = { + publicKey = "vQ5a2KMrwi7RCRsD0yvog+n35vQYFuvwiPn+W4lbRBw="; + allowedIPs = [ "10.100.0.5/32" "${gcSecrets.wireguard.ipv6Subnet}:5" ]; }; }; clientPeers = builtins.attrValues clients; serverPeer = { publicKey = "3ugIk2tQZXjAH9/95s63ld2WNUHQrd4Mz5jzbln6oj0="; - allowedIPs = [ "0.0.0.0/0" ]; + allowedIPs = [ "0.0.0.0/0" "::/0" ]; endpoint = "${serverIp}:${toString port}"; persistentKeepalive = 25; }; @@ -79,7 +71,7 @@ let }; wireguard.interfaces.wg0 = { - ips = [ "10.100.0.1/24" ]; + ips = [ "10.100.0.1/24" "${gcSecrets.wireguard.ipv6Subnet}:1" ]; listenPort = port; postSetup = '' @@ -101,7 +93,7 @@ let let client = clients."${config.networking.hostName}"; routes = routeBypass."${config.networking.hostName}"; - mapRoutes = type: lib.concatMapStringsSep "\n" (r: "${pkgs.iproute2}/bin/ip route ${type} ${r} via ${routes.gateway} dev ${routes.interface}") routes.routes; + mapRoutes = type: lib.concatMapStringsSep "\n" (r: "${pkgs.iproute2}/bin/ip route ${type} ${r} dev ${routes.interface}") routes.routes; in { ips = client.allowedIPs; listenPort = port; @@ -121,6 +113,10 @@ let }; }; in { + boot.kernel.sysctl = lib.mkIf (config.networking.hostName == serverName) ({ + "net.ipv6.conf.all.forwarding" = true; + "net.ipv6.conf.default.forwarding" = true; + }); networking = lib.mkMerge [ (lib.mkIf (config.networking.hostName == serverName) serverConfig) diff --git a/secrets.gcrypt/shared.json b/secrets.gcrypt/shared.json index f3f2e36d2778be04f048a6e5eb65f207471e1a6c..ea6ffecfb3884847eb6dd9b9087f240144f88387 100644 GIT binary patch literal 263 zcmZQ@_Y83kiVO&0csO@&`0|=N^Q;*y*DCNIiLKA7boWqQUGnchS8>-9#y{pu)^8~8 zdtMn)yYJ_VYsW4*^Zt;#P^x#OPBnSDh_i)2kXlVeL(JPSan5;f!ZTeSD%x;9o2Kub z<6Uw29@nYX1#!<8^$DFXwRVv|HM1pTCQr1K!JF#`CMTK5JMDdPgURTy?4RzV)3$CD z{g@^CBg;ZmW~S5B_}?l8;ra`YXJpn z(|m6A83K|8XSg48ZtRd0tY*oZ*#Fh9_5XJ3mwx}>h^W0g{BF^m!~eS&J>8Z?9$LVv X+`L3@_1QwlX)^P;USx8;W-kQ*DQJ6k literal 154 zcmZQ@_Y83kiVO&0h`aFN$gR^?B;?)n_{^gBo_VjOdx}YuSGm+I;+|RNZ^^j~+n;3a zNttjZJXrJ7sWbPaLT9fla9kff^}<@+FMs`vJVNTP)-BlEWpQ?i-G&=HyAIk#r`7aM zUiB$|%J2KXUe5F~4C35-)%xrG`iF1m&ZQBa+1loXDNgBJL4NK9 zSrwt_X;oqRsfLb8`hLld7LEp0RTae%p$29ZxnW5@1@6Wb+L@kQy1KdwxvANisa}48 z{y8RP$?4h|#lil8#cs~#xnZGEY5Ms=Ir=H7A?A*$Awk~hT)Wu6dAwQHubKVvp0cWO z@~S|QbGLTwKhHLG-U~zfd5I}CO+0Tlx7?h*N#JWfvr!kL{6a1vrw^L@p4k46$`t)P i!}57S(1d00I8S;DGUv>dotOSwgh%1(yh$$^GkO46ubuq> delta 438 zcmaFE{DyggPJNn%ceaz0Wtx*?RcV=pM@XrUQ@XENX;npqzDseYX>O`PS)y5xNt$0} zC|6ZjcvYfzd5VQoK}kh^SdNQ#j-`22h>N>fo}sz6t5=DmK|pD^r$Jby374*&LUD11 zZfc5=si~o*LX=~2gh#o8lXixYxxR0RXM}mWwn18mzMFn{wn@6LqrP`$n6aOEK#F0R zhnsVlAVWEYyS9oUV z#E;_ju5N{uRe?VKMaET5!TuH{?!lE_$;n3ArN$|Rk$$D&{?4KKp*cp0CT`_imQE!` zsrun5rkRDI<{pOGN#Vu?C80(}z z(t7&ai}Rwb4BT#27;;|kG!bH1SZ?OPeQDDV!#lD!F1*=yQD-~LnY~B3_NI!wv8}q& jA*i(Bj@!c1e?MGHHd24~Vy||h-9 zHdj$$zJ8XeTdJo;cx8%3NxoT;b496}X@qfZaEhU~X=X~PSze`apl_r>GMBEMLUD11 zZfc5=si~o*f^(>IRz#pexJz1LaiE#2p{0JgOP+U{v0G`Rc4$SGZ$PeLfN!{$VL^7f zv4MG7W^SM(S4z6Eca*oMVPa}#dWgA&zmJDyj(K^wM`=)6U`a$)u9s;@j(&P+qLYis z#E;_jCC+YMPLZVnmM&3=UdH9x#W}ui8Low<-e!R*kxo&L1}Q$;fx(uhk3$ZDUR4EYCYcqMr3R5)y1Kdweg%1!i558- zK1JHW+FmBw<%#8yegP(CCdr9;CN6%V`N`(>N#@}Jt|g%+To*((7~f_+q00A8b`fLh zp}Xt*if!Dl#T{c2E_hU5lHW2pfMsudL!P8U<-)y>#9xJKr5oAp;QEw$;d8I0!J~Up zO?>m(ioP9UQxcqbdDVFa?#j+-DXlZDYLD)8&D4Iu%zD>h!HX%(zs|p!7N2uW{HitM Y>x2#5(|Mgg3b4yeK7Ppl$Cj<;03*q)!2kdN delta 478 zcmbQtGMQz9PQ9nAwxzeXabdQnx2JEYi*{6DZh%XryGL@cd1`QwvuCAIaDjGaN@i|^ zFPF1HsDX!JT2-cdw!4S9e??w_nRY;CSU{Rrj(eteq=AL8QD|7cepIf3374*&LUD11 zZfc5=si~o*f^(>IRz#qJzoSW+OI41)ySrz)ccx3evs+PFNO)4Jk85$BTauqaWv;VN zdSZD_S*b@lSAM#Wey&AOc(_?=wz)xuOQgR^V7OOcL{70mdbwp~k!w^^j;Et`Xi0wH z#E;_jmYJd9{`nS(1!k$pVZvNUCkuLg1t^rx*mfrbkm4-!ODdnLSE=eVBRe9zGCKaw+y1Kdw*&%+;euf3f z$&t>cDS?g=rp2lLQK{)3C2oZg`9>KoF5yM>W?rSf9!`PzT-z4aYD#YUJ|&~IPMNXj zTWP;AL$HJWmMGDdb$@fYZg@HFmkWG$Fz~(5oQE~X)*bJhSidaRFF!@7+SZb?#QXmY7nYGp}OX<(^-U{YaDQMsj|kEL(6M~+W!K9{bpu0lm* zlxK#aQ9-d+NN%O2VY-D!da!|4qKmhMX+(IWr*E=_e_5KFwtqxowh7mp&AUG>oU*9> zrR~r49WT0hbbOw4y^jA~CtJJyr2Z$1{PJu0o`U_?b1yTnJLzpojNs$AR?IMKzwE7z zy-eGUL*J&K_w{>sP)TYln}A9iyXuC6iRbGUue6=3xM0ZxfvT@5THHZCsc&DcKfJ&4 G!6yL66=drG delta 253 zcmZ3;w2*0nPJOXsg|?T4U%8u+XSi`zNl03TNvfwoSVX8xVQ`*jVWg{fk$z@`Wl?5T zB$sn=V1;j`w?#@~rF*J@V^nfpZa_d%il?c2mZyP-kBL!Yabm7ZifdJVGMBEdu0pnP zzFVQQUx`6rVV0wjenfdupu3TqpQle@WO+qiUZ_h|N||SpOS(s8RXW!vn-yDsaz48) zW$JnLn_ID+w)2BCx&PjVSRQ5lKAoS_Ng&*$a);O9w|3j@w}=TcZE(BMI_-|S=S;1+ zOJtmuSJim_&5hxo?#!HTHnX5nFYfsVPyJYKp8&o3;AqC)&#SkD8~-_5bVp|1;wym- FmH^RsVjchh diff --git a/secrets/wg_anemone.age b/secrets/wg_anemone.age new file mode 100644 index 0000000000000000000000000000000000000000..3ed5b37ae79ff5824c2654a6597d944b0882572b GIT binary patch literal 367 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCU7&!`M8aa1sm@=7Yt z^a{;24KWRO&nvMkEiyI<33V&a$ns8ew#f1JDNc-V)^_x8jN}UPjdV#22~W-|NOUes z&r6KT%1H@#DGblGFbgV9HLG$Bii)U+ax#q!$VRs<)Y2^?CtblOpv0mw$*?FrsnF6d zIX}eP*U7-s*B~#_!o@$mAm742JEGLYBrzbuFp|r{FVryC+bqa2(8JlS+&9a-LO&_0 zI5i;CFuXEX+qBFiFIYc2!!)Nb(11%uLnPxn}2^G%y#yQV*txxlb-+l-Fd;wJ4!x9RLZSvKbE5h0BTEv ACIA2c literal 0 HcmV?d00001 diff --git a/secrets/wg_blossom.age b/secrets/wg_blossom.age deleted file mode 100644 index 494761f..0000000 --- a/secrets/wg_blossom.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 CUCjXQ hLTFE9rxZfhOZ2rELykmG54pxJMCjTkzBvLasvgSN24 -wDbW0X7bItmMEDfGRVAw+wHycHDI/2OYAb5jFyd8f6s --> ssh-ed25519 U9FXlg juuKBMw9hX559zK6f2ERuBMl27ypQ6Ky5xlFEJxApXc -Gb6/rTwqMINqiojoIWcFEAQCEuQ6bQQHrOXChkthb4A ---- OEQ8ALTXcJKvpf0rJe6x2VHSAsTi1yFhz3eU0CZDjqE -ٓPΘ~Fdwi ]h//4ڰN7LaQ= v@oB*48 D=򪋅 \ No newline at end of file diff --git a/secrets/wg_caramel.age b/secrets/wg_caramel.age index 1a3b16e..a85d63f 100644 --- a/secrets/wg_caramel.age +++ b/secrets/wg_caramel.age @@ -1,5 +1,6 @@ age-encryption.org/v1 --> ssh-ed25519 U9FXlg qEy0vaHPPr9EUDjC3FveSk/xcnW/rtHVmx9o7cH7JFA -WAzEfa7T82vbkwMv/JIOASIjZ3gr1TRNfVzOWdWBVkQ ---- AoVNbcEOrFU5jcQ8geP5e4Lo3RxOyP9p4BG3BNsgiIQ -ٳ'XoYfů!/ "p; ssh-ed25519 U9FXlg VpFnvpTVZFSkKRpEgcmuT/WDLIP1ZySFLq2lRvrjq20 +7zQoSoIs1URmAYn2AdjvDTIY8GDYROcSxFq1bcl24Og +--- iaQQUE1/Xj1vxto3d+Llyl6XGrSff5MGPxdCHW9EI40 +Ʀ`t \  +bpeHX3!$3]X32t~V.=>$xBKJAL:DD}5 \ No newline at end of file diff --git a/secrets/wg_dandelion.age b/secrets/wg_dandelion.age new file mode 100644 index 0000000..0229699 --- /dev/null +++ b/secrets/wg_dandelion.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 bRFqeQ swv/p+w9+aytIkQ/6Yk1jouA+0M3rJabuiOz2rlpyAs +wt+wnM1EEKAyDNefr9K4+DtZvHcOzz9Y1EBRFkA5Nv4 +-> ssh-ed25519 U9FXlg xxV/8JoorO4YWPbwSG7p306Pb2+aT10u9eNR69PhZAA +rjOOuapa/h1tMYbdOc3Y/fPPzkNcYiamSk6rS/tbhtE +--- UKvt/4aAyYHOk5bhAP55yxPhkxTE94/xEqIqpGF3yiE +5; _EDB ssh-ed25519 CUCjXQ ptHKlNvz+AmnB/Wt9XBBNyfOGeoPG5TbyrXv5993PDQ +P0C17K+Kz8ocn0vzLf02aaYnxvRM/yjfRLMsBaJhsok +-> ssh-ed25519 U9FXlg /M8ryJjXAdlWhvNHbQgKUxe/UtL7HqEs9RqNDQBW3SM +p2d9OnOkU2Hx7+Kn+Z66qElFvczd3F4zVm5KXbOzYWY +--- PVd8mrRk/t6qv/U32/AZk9YssRU1yn3CLPeyaEPBXi0 +:Dx[cyyۙc4ɥ/އ^.=†ȯoGVQdXf^@TRegn 9UT \ No newline at end of file diff --git a/secrets/wg_sugarcane.age b/secrets/wg_sugarcane.age deleted file mode 100644 index fe26054..0000000 --- a/secrets/wg_sugarcane.age +++ /dev/null @@ -1,5 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 U9FXlg 7YXsTcRa8pco9Ic9fDSygCjNXrxFi5pHADtUqwOBPhg -0BYvRAhcQQ36kAXOW2QaS4S9rhenUx8xwbNozNdDpLM ---- V1E/2n1Ae5hlWhjAEziHA2J072a20GeKM+EtG+pT8cI -窴zWT좾G{"\ʖse>%)o|z!ēז2ࢨEs \ No newline at end of file diff --git a/secrets/wpa_conf.age b/secrets/wpa_conf.age index 068d35295d6e3cc190d9f31cf0f52a9861ba516a..2b6862e53af790780d4fcfd88e1ef7ed6cc3f47c 100644 GIT binary patch delta 385 zcmZ3&yo7mzPJN_VL9$1FU~Z&aZhmo?nXyZxYhrn1zFSm&zI&Ega=L4PhhJHqc~p*j zF_&S6S7m9XPl}0~Nn)g>M@E&QMMzZES!Ps7PJLN+dTO3iqGM*Ut50N3R+4LO zVp4IMvx{Rgmz#S)V76&xwyC3sqgO<_K~zvuo^NGnzJ5?dRIayvX{B$XPq=fYQC6BO zm#(g^LO_Udp>ar1maC6RR$zd;qhqGCV|jp4QD}~Ps84=jfTdw&en5buwx>%m*J*)g z9cyOKv##P{?a4`2l2*RD@>b=?v+9R#o%`ie{ozmdtrxpC%-`K*Qh6%a-^zB+GWEmW zDKbJ%$}T<*tp7RR{JyyFX3wOVRssokG$IOgr)y+c+hn|!Hu|h`{`>Bh=Q_3Aq7QF6 jzT(g?=J@sLLGOD9gEWROsSEP=SnT*??b06l(=!ABLeiAu delta 385 zcmZ3&yo7mzPJKZ^US3I5vA<_}W{6Lbg-NJEhGn92vP*itwxMTedRVzhT7G(&mtlH% zI#*z+w}pvefp@+^s#~g|d7*(>fSYS^VQ#j5W?H0nMs|5+a!z1XfqzkiFPE;JLUD11 zZfc5=si~o*La3!%L{7SbnOBgHm#KSpmVtIsu%~`mWqnamPKifEnM;^cp;KqHnmDiD6QzXMUn%s#!`P zm#(g^LP2VEnlthvtTBtU2(S6R+Bd64H0ezm+GHgpD48h06OHA%>V!Z From 9865322522a75fb3992dfaaf8b22f4abae2dd031 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Tue, 20 May 2025 02:35:07 +1000 Subject: [PATCH 007/301] hosts/dandelion: add wg secret --- hosts/dandelion/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/dandelion/default.nix b/hosts/dandelion/default.nix index 4268910..55a46bc 100644 --- a/hosts/dandelion/default.nix +++ b/hosts/dandelion/default.nix @@ -5,6 +5,7 @@ age.secrets = { acme_dns.file = ../../secrets/acme_dns.age; + wg_dandelion.file = ../../secrets/wg_dandelion.age; }; imports = with modules.system; [ From c1c3b43a0f118fd373ae424f24af7d1a08162c8f Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Tue, 20 May 2025 02:36:00 +1000 Subject: [PATCH 008/301] secrets: fix wireguard json --- secrets.gcrypt/shared.json | Bin 263 -> 262 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/secrets.gcrypt/shared.json b/secrets.gcrypt/shared.json index ea6ffecfb3884847eb6dd9b9087f240144f88387..2e9e87662b9425f3d1dad08780f8004b72875c4a 100644 GIT binary patch literal 262 zcmZQ@_Y83kiVO&0czt{7Ob@g4)6;A{D^;28jY}j;jBi|i{a|n0?dV5*Z;qO?wI8^(Kh<@ugS(qq9e=Ldv%NWK%eL=% zxg*zkak$xuXAkF<+fTT1(||LdXZAo9fmDrOeYZy1L(TonX=d*TZwg zJ$=e6g)>F;f4pP8e!NvrbpEb#!B*E4&JCv?UgAIAM3Md z4@u41RL631@$R)I&#yZz&(RZcX_uVCR@}45pLuU_LvbI&{k_7j{#E;9)gxDaj!yo0 WPAKW*n)#A1FT@ttZ_$lB;|Bog5q@I; literal 263 zcmZQ@_Y83kiVO&0csO@&`0|=N^Q;*y*DCNIiLKA7boWqQUGnchS8>-9#y{pu)^8~8 zdtMn)yYJ_VYsW4*^Zt;#P^x#OPBnSDh_i)2kXlVeL(JPSan5;f!ZTeSD%x;9o2Kub z<6Uw29@nYX1#!<8^$DFXwRVv|HM1pTCQr1K!JF#`CMTK5JMDdPgURTy?4RzV)3$CD z{g@^CBg;ZmW~S5B_}?l8;ra`YXJpn z(|m6A83K|8XSg48ZtRd0tY*oZ*#Fh9_5XJ3mwx}>h^W0g{BF^m!~eS&J>8Z?9$LVv X+`L3@_1QwlX)^P;USx8;W-kQ*DQJ6k From 01793b84f64d82605a8d403170335e9cd7eaa2db Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Tue, 20 May 2025 02:42:24 +1000 Subject: [PATCH 009/301] hosts/anemone: wg --- hosts/anemone/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/anemone/default.nix b/hosts/anemone/default.nix index 77b07a7..dda36f5 100644 --- a/hosts/anemone/default.nix +++ b/hosts/anemone/default.nix @@ -5,6 +5,7 @@ nixpkgs.overlays = [ inputs.neovim-nightly.overlays.default ]; age.secrets = { + wg_anemone.file = ../../secrets/wg_anemone.age; passwd.file = ../../secrets/passwd.age; }; @@ -26,6 +27,7 @@ printing security snapper + wireguard ./filesystem.nix ./kernel.nix From 97ff0698af9ea94f6e02fbe376c40df9fe794d41 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Tue, 20 May 2025 02:44:15 +1000 Subject: [PATCH 010/301] welp --- modules/system/wireguard.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/wireguard.nix b/modules/system/wireguard.nix index 9e5ef15..774a652 100644 --- a/modules/system/wireguard.nix +++ b/modules/system/wireguard.nix @@ -93,7 +93,7 @@ let let client = clients."${config.networking.hostName}"; routes = routeBypass."${config.networking.hostName}"; - mapRoutes = type: lib.concatMapStringsSep "\n" (r: "${pkgs.iproute2}/bin/ip route ${type} ${r} dev ${routes.interface}") routes.routes; + mapRoutes = type: lib.concatMapStringsSep "\n" (r: "${pkgs.iproute2}/bin/ip route ${type} ${r} via 192.168.1.1 dev ${routes.interface}") routes.routes; in { ips = client.allowedIPs; listenPort = port; From 2fbf2dbb7b7e767e43b71adcbb01abb071c464ad Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Tue, 20 May 2025 02:50:41 +1000 Subject: [PATCH 011/301] wireguard: use new anemone key --- modules/system/wireguard.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/wireguard.nix b/modules/system/wireguard.nix index 774a652..458b879 100644 --- a/modules/system/wireguard.nix +++ b/modules/system/wireguard.nix @@ -42,7 +42,7 @@ let allowedIPs = [ "10.100.0.3/32" "${gcSecrets.wireguard.ipv6Subnet}:3"]; }; anemone = { - publicKey = "Fkcp/VSN4Dkhly8V4hskF4lnDviA7VZHCnWf7OliFCg="; + publicKey = "px5+JNdAmqBvUC++DhiJrUBRAr+BYP6iYVt4sbhPTWY="; allowedIPs = [ "10.100.0.4/32" "${gcSecrets.wireguard.ipv6Subnet}:4" ]; }; hibiscus = { From 9217ce6e916bfa270c46afda14aada000cdd391f Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Tue, 20 May 2025 02:34:18 +1000 Subject: [PATCH 012/301] system/wireguard: bring back, with ipv6 support --- hosts/dandelion/default.nix | 1 + modules/system/wireguard.nix | 56 ++++++++++++++++------------------- secrets.gcrypt/shared.json | Bin 154 -> 263 bytes secrets.nix | 5 ++-- secrets/acme_dns.age | Bin 492 -> 492 bytes secrets/passwd.age | Bin 531 -> 531 bytes secrets/warden_admin.age | Bin 289 -> 289 bytes secrets/wg_anemone.age | Bin 0 -> 367 bytes secrets/wg_blossom.age | 7 ----- secrets/wg_caramel.age | 9 +++--- secrets/wg_dandelion.age | 7 +++++ secrets/wg_hyacinth.age | 7 +++++ secrets/wg_sugarcane.age | 5 ---- secrets/wpa_conf.age | Bin 420 -> 420 bytes 14 files changed, 49 insertions(+), 48 deletions(-) create mode 100644 secrets/wg_anemone.age delete mode 100644 secrets/wg_blossom.age create mode 100644 secrets/wg_dandelion.age create mode 100644 secrets/wg_hyacinth.age delete mode 100644 secrets/wg_sugarcane.age diff --git a/hosts/dandelion/default.nix b/hosts/dandelion/default.nix index 5f13e44..4268910 100644 --- a/hosts/dandelion/default.nix +++ b/hosts/dandelion/default.nix @@ -16,6 +16,7 @@ nix-stable packages security + wireguard modules.services.nginx modules.services.postgres diff --git a/modules/system/wireguard.nix b/modules/system/wireguard.nix index 2684d65..9e5ef15 100644 --- a/modules/system/wireguard.nix +++ b/modules/system/wireguard.nix @@ -1,14 +1,12 @@ -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, gcSecrets, ... }: let port = 51820; - serverName = "sugarcane"; - serverInterface = "ens3"; - serverIp = "51.79.240.130"; + serverName = "dandelion"; + serverInterface = "enp0s6"; + serverIp = gcSecrets.wireguard.gateway; forwarding = { - "80" = [ "10.100.0.2" "80" ]; - "443" = [ "10.100.0.2" "443" ]; - "22727" = [ "10.100.0.3" "7777" ]; +# "22727" = [ "10.100.0.3" "7777" ]; }; mapForwards = type: @@ -24,45 +22,39 @@ let ); routeBypass = { - caramel = { - gateway = "192.168.100.1"; - interface = "wlan0"; - routes = [ - serverIp - ]; + anemone = { + interface = "wlp1s0"; + routes = [ serverIp ]; }; hyacinth = { - gateway = "192.168.100.1"; interface = "enp5s0"; - routes = [ - serverIp - ]; + routes = [ serverIp ]; }; }; clients = { - caramel = { - publicKey = "VDqcpS0lJzFgwikj61MJ1xc9P8Cuq0NXa+Hc+etn2iA="; - allowedIPs = [ "10.100.0.2/32" ]; - }; + # caramel = { + # publicKey = "VDqcpS0lJzFgwikj61MJ1xc9P8Cuq0NXa+Hc+etn2iA="; + # allowedIPs = [ "10.100.0.2/32" ]; + # }; hyacinth = { publicKey = "6nVhazYdmC15A/nke9VrqIg3sOBVOmqj4GEsyBq7MVo="; - allowedIPs = [ "10.100.0.3/32" ]; + allowedIPs = [ "10.100.0.3/32" "${gcSecrets.wireguard.ipv6Subnet}:3"]; }; - strawberry = { + anemone = { publicKey = "Fkcp/VSN4Dkhly8V4hskF4lnDviA7VZHCnWf7OliFCg="; - allowedIPs = [ "10.100.0.4/32" ]; + allowedIPs = [ "10.100.0.4/32" "${gcSecrets.wireguard.ipv6Subnet}:4" ]; }; - maple = { - publicKey = "kPw8hpANygfz83Oi/l+iCVYalV2zfs7fhkccjoGG2Do="; - allowedIPs = [ "10.100.0.5/32" ]; + hibiscus = { + publicKey = "vQ5a2KMrwi7RCRsD0yvog+n35vQYFuvwiPn+W4lbRBw="; + allowedIPs = [ "10.100.0.5/32" "${gcSecrets.wireguard.ipv6Subnet}:5" ]; }; }; clientPeers = builtins.attrValues clients; serverPeer = { publicKey = "3ugIk2tQZXjAH9/95s63ld2WNUHQrd4Mz5jzbln6oj0="; - allowedIPs = [ "0.0.0.0/0" ]; + allowedIPs = [ "0.0.0.0/0" "::/0" ]; endpoint = "${serverIp}:${toString port}"; persistentKeepalive = 25; }; @@ -79,7 +71,7 @@ let }; wireguard.interfaces.wg0 = { - ips = [ "10.100.0.1/24" ]; + ips = [ "10.100.0.1/24" "${gcSecrets.wireguard.ipv6Subnet}:1" ]; listenPort = port; postSetup = '' @@ -101,7 +93,7 @@ let let client = clients."${config.networking.hostName}"; routes = routeBypass."${config.networking.hostName}"; - mapRoutes = type: lib.concatMapStringsSep "\n" (r: "${pkgs.iproute2}/bin/ip route ${type} ${r} via ${routes.gateway} dev ${routes.interface}") routes.routes; + mapRoutes = type: lib.concatMapStringsSep "\n" (r: "${pkgs.iproute2}/bin/ip route ${type} ${r} dev ${routes.interface}") routes.routes; in { ips = client.allowedIPs; listenPort = port; @@ -121,6 +113,10 @@ let }; }; in { + boot.kernel.sysctl = lib.mkIf (config.networking.hostName == serverName) ({ + "net.ipv6.conf.all.forwarding" = true; + "net.ipv6.conf.default.forwarding" = true; + }); networking = lib.mkMerge [ (lib.mkIf (config.networking.hostName == serverName) serverConfig) diff --git a/secrets.gcrypt/shared.json b/secrets.gcrypt/shared.json index f3f2e36d2778be04f048a6e5eb65f207471e1a6c..ea6ffecfb3884847eb6dd9b9087f240144f88387 100644 GIT binary patch literal 263 zcmZQ@_Y83kiVO&0csO@&`0|=N^Q;*y*DCNIiLKA7boWqQUGnchS8>-9#y{pu)^8~8 zdtMn)yYJ_VYsW4*^Zt;#P^x#OPBnSDh_i)2kXlVeL(JPSan5;f!ZTeSD%x;9o2Kub z<6Uw29@nYX1#!<8^$DFXwRVv|HM1pTCQr1K!JF#`CMTK5JMDdPgURTy?4RzV)3$CD z{g@^CBg;ZmW~S5B_}?l8;ra`YXJpn z(|m6A83K|8XSg48ZtRd0tY*oZ*#Fh9_5XJ3mwx}>h^W0g{BF^m!~eS&J>8Z?9$LVv X+`L3@_1QwlX)^P;USx8;W-kQ*DQJ6k literal 154 zcmZQ@_Y83kiVO&0h`aFN$gR^?B;?)n_{^gBo_VjOdx}YuSGm+I;+|RNZ^^j~+n;3a zNttjZJXrJ7sWbPaLT9fla9kff^}<@+FMs`vJVNTP)-BlEWpQ?i-G&=HyAIk#r`7aM zUiB$|%J2KXUe5F~4C35-)%xrG`iF1m&ZQBa+1loXDNgBJL4NK9 zSrwt_X;oqRsfLb8`hLld7LEp0RTae%p$29ZxnW5@1@6Wb+L@kQy1KdwxvANisa}48 z{y8RP$?4h|#lil8#cs~#xnZGEY5Ms=Ir=H7A?A*$Awk~hT)Wu6dAwQHubKVvp0cWO z@~S|QbGLTwKhHLG-U~zfd5I}CO+0Tlx7?h*N#JWfvr!kL{6a1vrw^L@p4k46$`t)P i!}57S(1d00I8S;DGUv>dotOSwgh%1(yh$$^GkO46ubuq> delta 438 zcmaFE{DyggPJNn%ceaz0Wtx*?RcV=pM@XrUQ@XENX;npqzDseYX>O`PS)y5xNt$0} zC|6ZjcvYfzd5VQoK}kh^SdNQ#j-`22h>N>fo}sz6t5=DmK|pD^r$Jby374*&LUD11 zZfc5=si~o*LX=~2gh#o8lXixYxxR0RXM}mWwn18mzMFn{wn@6LqrP`$n6aOEK#F0R zhnsVlAVWEYyS9oUV z#E;_ju5N{uRe?VKMaET5!TuH{?!lE_$;n3ArN$|Rk$$D&{?4KKp*cp0CT`_imQE!` zsrun5rkRDI<{pOGN#Vu?C80(}z z(t7&ai}Rwb4BT#27;;|kG!bH1SZ?OPeQDDV!#lD!F1*=yQD-~LnY~B3_NI!wv8}q& jA*i(Bj@!c1e?MGHHd24~Vy||h-9 zHdj$$zJ8XeTdJo;cx8%3NxoT;b496}X@qfZaEhU~X=X~PSze`apl_r>GMBEMLUD11 zZfc5=si~o*f^(>IRz#pexJz1LaiE#2p{0JgOP+U{v0G`Rc4$SGZ$PeLfN!{$VL^7f zv4MG7W^SM(S4z6Eca*oMVPa}#dWgA&zmJDyj(K^wM`=)6U`a$)u9s;@j(&P+qLYis z#E;_jCC+YMPLZVnmM&3=UdH9x#W}ui8Low<-e!R*kxo&L1}Q$;fx(uhk3$ZDUR4EYCYcqMr3R5)y1Kdweg%1!i558- zK1JHW+FmBw<%#8yegP(CCdr9;CN6%V`N`(>N#@}Jt|g%+To*((7~f_+q00A8b`fLh zp}Xt*if!Dl#T{c2E_hU5lHW2pfMsudL!P8U<-)y>#9xJKr5oAp;QEw$;d8I0!J~Up zO?>m(ioP9UQxcqbdDVFa?#j+-DXlZDYLD)8&D4Iu%zD>h!HX%(zs|p!7N2uW{HitM Y>x2#5(|Mgg3b4yeK7Ppl$Cj<;03*q)!2kdN delta 478 zcmbQtGMQz9PQ9nAwxzeXabdQnx2JEYi*{6DZh%XryGL@cd1`QwvuCAIaDjGaN@i|^ zFPF1HsDX!JT2-cdw!4S9e??w_nRY;CSU{Rrj(eteq=AL8QD|7cepIf3374*&LUD11 zZfc5=si~o*f^(>IRz#qJzoSW+OI41)ySrz)ccx3evs+PFNO)4Jk85$BTauqaWv;VN zdSZD_S*b@lSAM#Wey&AOc(_?=wz)xuOQgR^V7OOcL{70mdbwp~k!w^^j;Et`Xi0wH z#E;_jmYJd9{`nS(1!k$pVZvNUCkuLg1t^rx*mfrbkm4-!ODdnLSE=eVBRe9zGCKaw+y1Kdw*&%+;euf3f z$&t>cDS?g=rp2lLQK{)3C2oZg`9>KoF5yM>W?rSf9!`PzT-z4aYD#YUJ|&~IPMNXj zTWP;AL$HJWmMGDdb$@fYZg@HFmkWG$Fz~(5oQE~X)*bJhSidaRFF!@7+SZb?#QXmY7nYGp}OX<(^-U{YaDQMsj|kEL(6M~+W!K9{bpu0lm* zlxK#aQ9-d+NN%O2VY-D!da!|4qKmhMX+(IWr*E=_e_5KFwtqxowh7mp&AUG>oU*9> zrR~r49WT0hbbOw4y^jA~CtJJyr2Z$1{PJu0o`U_?b1yTnJLzpojNs$AR?IMKzwE7z zy-eGUL*J&K_w{>sP)TYln}A9iyXuC6iRbGUue6=3xM0ZxfvT@5THHZCsc&DcKfJ&4 G!6yL66=drG delta 253 zcmZ3;w2*0nPJOXsg|?T4U%8u+XSi`zNl03TNvfwoSVX8xVQ`*jVWg{fk$z@`Wl?5T zB$sn=V1;j`w?#@~rF*J@V^nfpZa_d%il?c2mZyP-kBL!Yabm7ZifdJVGMBEdu0pnP zzFVQQUx`6rVV0wjenfdupu3TqpQle@WO+qiUZ_h|N||SpOS(s8RXW!vn-yDsaz48) zW$JnLn_ID+w)2BCx&PjVSRQ5lKAoS_Ng&*$a);O9w|3j@w}=TcZE(BMI_-|S=S;1+ zOJtmuSJim_&5hxo?#!HTHnX5nFYfsVPyJYKp8&o3;AqC)&#SkD8~-_5bVp|1;wym- FmH^RsVjchh diff --git a/secrets/wg_anemone.age b/secrets/wg_anemone.age new file mode 100644 index 0000000000000000000000000000000000000000..3ed5b37ae79ff5824c2654a6597d944b0882572b GIT binary patch literal 367 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCU7&!`M8aa1sm@=7Yt z^a{;24KWRO&nvMkEiyI<33V&a$ns8ew#f1JDNc-V)^_x8jN}UPjdV#22~W-|NOUes z&r6KT%1H@#DGblGFbgV9HLG$Bii)U+ax#q!$VRs<)Y2^?CtblOpv0mw$*?FrsnF6d zIX}eP*U7-s*B~#_!o@$mAm742JEGLYBrzbuFp|r{FVryC+bqa2(8JlS+&9a-LO&_0 zI5i;CFuXEX+qBFiFIYc2!!)Nb(11%uLnPxn}2^G%y#yQV*txxlb-+l-Fd;wJ4!x9RLZSvKbE5h0BTEv ACIA2c literal 0 HcmV?d00001 diff --git a/secrets/wg_blossom.age b/secrets/wg_blossom.age deleted file mode 100644 index 494761f..0000000 --- a/secrets/wg_blossom.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 CUCjXQ hLTFE9rxZfhOZ2rELykmG54pxJMCjTkzBvLasvgSN24 -wDbW0X7bItmMEDfGRVAw+wHycHDI/2OYAb5jFyd8f6s --> ssh-ed25519 U9FXlg juuKBMw9hX559zK6f2ERuBMl27ypQ6Ky5xlFEJxApXc -Gb6/rTwqMINqiojoIWcFEAQCEuQ6bQQHrOXChkthb4A ---- OEQ8ALTXcJKvpf0rJe6x2VHSAsTi1yFhz3eU0CZDjqE -ٓPΘ~Fdwi ]h//4ڰN7LaQ= v@oB*48 D=򪋅 \ No newline at end of file diff --git a/secrets/wg_caramel.age b/secrets/wg_caramel.age index 1a3b16e..a85d63f 100644 --- a/secrets/wg_caramel.age +++ b/secrets/wg_caramel.age @@ -1,5 +1,6 @@ age-encryption.org/v1 --> ssh-ed25519 U9FXlg qEy0vaHPPr9EUDjC3FveSk/xcnW/rtHVmx9o7cH7JFA -WAzEfa7T82vbkwMv/JIOASIjZ3gr1TRNfVzOWdWBVkQ ---- AoVNbcEOrFU5jcQ8geP5e4Lo3RxOyP9p4BG3BNsgiIQ -ٳ'XoYfů!/ "p; ssh-ed25519 U9FXlg VpFnvpTVZFSkKRpEgcmuT/WDLIP1ZySFLq2lRvrjq20 +7zQoSoIs1URmAYn2AdjvDTIY8GDYROcSxFq1bcl24Og +--- iaQQUE1/Xj1vxto3d+Llyl6XGrSff5MGPxdCHW9EI40 +Ʀ`t \  +bpeHX3!$3]X32t~V.=>$xBKJAL:DD}5 \ No newline at end of file diff --git a/secrets/wg_dandelion.age b/secrets/wg_dandelion.age new file mode 100644 index 0000000..0229699 --- /dev/null +++ b/secrets/wg_dandelion.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 bRFqeQ swv/p+w9+aytIkQ/6Yk1jouA+0M3rJabuiOz2rlpyAs +wt+wnM1EEKAyDNefr9K4+DtZvHcOzz9Y1EBRFkA5Nv4 +-> ssh-ed25519 U9FXlg xxV/8JoorO4YWPbwSG7p306Pb2+aT10u9eNR69PhZAA +rjOOuapa/h1tMYbdOc3Y/fPPzkNcYiamSk6rS/tbhtE +--- UKvt/4aAyYHOk5bhAP55yxPhkxTE94/xEqIqpGF3yiE +5; _EDB ssh-ed25519 CUCjXQ ptHKlNvz+AmnB/Wt9XBBNyfOGeoPG5TbyrXv5993PDQ +P0C17K+Kz8ocn0vzLf02aaYnxvRM/yjfRLMsBaJhsok +-> ssh-ed25519 U9FXlg /M8ryJjXAdlWhvNHbQgKUxe/UtL7HqEs9RqNDQBW3SM +p2d9OnOkU2Hx7+Kn+Z66qElFvczd3F4zVm5KXbOzYWY +--- PVd8mrRk/t6qv/U32/AZk9YssRU1yn3CLPeyaEPBXi0 +:Dx[cyyۙc4ɥ/އ^.=†ȯoGVQdXf^@TRegn 9UT \ No newline at end of file diff --git a/secrets/wg_sugarcane.age b/secrets/wg_sugarcane.age deleted file mode 100644 index fe26054..0000000 --- a/secrets/wg_sugarcane.age +++ /dev/null @@ -1,5 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 U9FXlg 7YXsTcRa8pco9Ic9fDSygCjNXrxFi5pHADtUqwOBPhg -0BYvRAhcQQ36kAXOW2QaS4S9rhenUx8xwbNozNdDpLM ---- V1E/2n1Ae5hlWhjAEziHA2J072a20GeKM+EtG+pT8cI -窴zWT좾G{"\ʖse>%)o|z!ēז2ࢨEs \ No newline at end of file diff --git a/secrets/wpa_conf.age b/secrets/wpa_conf.age index 068d35295d6e3cc190d9f31cf0f52a9861ba516a..2b6862e53af790780d4fcfd88e1ef7ed6cc3f47c 100644 GIT binary patch delta 385 zcmZ3&yo7mzPJN_VL9$1FU~Z&aZhmo?nXyZxYhrn1zFSm&zI&Ega=L4PhhJHqc~p*j zF_&S6S7m9XPl}0~Nn)g>M@E&QMMzZES!Ps7PJLN+dTO3iqGM*Ut50N3R+4LO zVp4IMvx{Rgmz#S)V76&xwyC3sqgO<_K~zvuo^NGnzJ5?dRIayvX{B$XPq=fYQC6BO zm#(g^LO_Udp>ar1maC6RR$zd;qhqGCV|jp4QD}~Ps84=jfTdw&en5buwx>%m*J*)g z9cyOKv##P{?a4`2l2*RD@>b=?v+9R#o%`ie{ozmdtrxpC%-`K*Qh6%a-^zB+GWEmW zDKbJ%$}T<*tp7RR{JyyFX3wOVRssokG$IOgr)y+c+hn|!Hu|h`{`>Bh=Q_3Aq7QF6 jzT(g?=J@sLLGOD9gEWROsSEP=SnT*??b06l(=!ABLeiAu delta 385 zcmZ3&yo7mzPJKZ^US3I5vA<_}W{6Lbg-NJEhGn92vP*itwxMTedRVzhT7G(&mtlH% zI#*z+w}pvefp@+^s#~g|d7*(>fSYS^VQ#j5W?H0nMs|5+a!z1XfqzkiFPE;JLUD11 zZfc5=si~o*La3!%L{7SbnOBgHm#KSpmVtIsu%~`mWqnamPKifEnM;^cp;KqHnmDiD6QzXMUn%s#!`P zm#(g^LP2VEnlthvtTBtU2(S6R+Bd64H0ezm+GHgpD48h06OHA%>V!Z From ffa71a694a453bff1507dd259f642765c8885ac7 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Tue, 20 May 2025 02:35:07 +1000 Subject: [PATCH 013/301] hosts/dandelion: add wg secret --- hosts/dandelion/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/dandelion/default.nix b/hosts/dandelion/default.nix index 4268910..55a46bc 100644 --- a/hosts/dandelion/default.nix +++ b/hosts/dandelion/default.nix @@ -5,6 +5,7 @@ age.secrets = { acme_dns.file = ../../secrets/acme_dns.age; + wg_dandelion.file = ../../secrets/wg_dandelion.age; }; imports = with modules.system; [ From d86285cdf95edce0fbbeb2114a88a9139ecad491 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Tue, 20 May 2025 02:36:00 +1000 Subject: [PATCH 014/301] secrets: fix wireguard json --- secrets.gcrypt/shared.json | Bin 263 -> 262 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/secrets.gcrypt/shared.json b/secrets.gcrypt/shared.json index ea6ffecfb3884847eb6dd9b9087f240144f88387..2e9e87662b9425f3d1dad08780f8004b72875c4a 100644 GIT binary patch literal 262 zcmZQ@_Y83kiVO&0czt{7Ob@g4)6;A{D^;28jY}j;jBi|i{a|n0?dV5*Z;qO?wI8^(Kh<@ugS(qq9e=Ldv%NWK%eL=% zxg*zkak$xuXAkF<+fTT1(||LdXZAo9fmDrOeYZy1L(TonX=d*TZwg zJ$=e6g)>F;f4pP8e!NvrbpEb#!B*E4&JCv?UgAIAM3Md z4@u41RL631@$R)I&#yZz&(RZcX_uVCR@}45pLuU_LvbI&{k_7j{#E;9)gxDaj!yo0 WPAKW*n)#A1FT@ttZ_$lB;|Bog5q@I; literal 263 zcmZQ@_Y83kiVO&0csO@&`0|=N^Q;*y*DCNIiLKA7boWqQUGnchS8>-9#y{pu)^8~8 zdtMn)yYJ_VYsW4*^Zt;#P^x#OPBnSDh_i)2kXlVeL(JPSan5;f!ZTeSD%x;9o2Kub z<6Uw29@nYX1#!<8^$DFXwRVv|HM1pTCQr1K!JF#`CMTK5JMDdPgURTy?4RzV)3$CD z{g@^CBg;ZmW~S5B_}?l8;ra`YXJpn z(|m6A83K|8XSg48ZtRd0tY*oZ*#Fh9_5XJ3mwx}>h^W0g{BF^m!~eS&J>8Z?9$LVv X+`L3@_1QwlX)^P;USx8;W-kQ*DQJ6k From eb91ab1540c975ad927f605de9bd402f7db08964 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Tue, 20 May 2025 02:42:24 +1000 Subject: [PATCH 015/301] hosts/anemone: wg --- hosts/anemone/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/anemone/default.nix b/hosts/anemone/default.nix index 77b07a7..dda36f5 100644 --- a/hosts/anemone/default.nix +++ b/hosts/anemone/default.nix @@ -5,6 +5,7 @@ nixpkgs.overlays = [ inputs.neovim-nightly.overlays.default ]; age.secrets = { + wg_anemone.file = ../../secrets/wg_anemone.age; passwd.file = ../../secrets/passwd.age; }; @@ -26,6 +27,7 @@ printing security snapper + wireguard ./filesystem.nix ./kernel.nix From 0fe62078fae470a17efb6a6789a41c96079c529a Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Tue, 20 May 2025 02:50:41 +1000 Subject: [PATCH 016/301] system/wireguard: use new anemone key --- modules/system/wireguard.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/wireguard.nix b/modules/system/wireguard.nix index 9e5ef15..ccdf5be 100644 --- a/modules/system/wireguard.nix +++ b/modules/system/wireguard.nix @@ -42,7 +42,7 @@ let allowedIPs = [ "10.100.0.3/32" "${gcSecrets.wireguard.ipv6Subnet}:3"]; }; anemone = { - publicKey = "Fkcp/VSN4Dkhly8V4hskF4lnDviA7VZHCnWf7OliFCg="; + publicKey = "px5+JNdAmqBvUC++DhiJrUBRAr+BYP6iYVt4sbhPTWY="; allowedIPs = [ "10.100.0.4/32" "${gcSecrets.wireguard.ipv6Subnet}:4" ]; }; hibiscus = { From 3ebd082be227a2c93913c5445958c3caa7595f28 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Tue, 20 May 2025 11:51:42 +1000 Subject: [PATCH 017/301] system/wireguard: use wg-quick for clients --- modules/system/wireguard.nix | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/modules/system/wireguard.nix b/modules/system/wireguard.nix index ccdf5be..621e8db 100644 --- a/modules/system/wireguard.nix +++ b/modules/system/wireguard.nix @@ -112,6 +112,20 @@ let peers = [ serverPeer ]; }; }; + + clientQuickConfig = { + wg-quick.interfaces = + let + client = clients."${config.networking.hostName}"; + in { + wg0 = { + address = client.allowedIPs; + privateKeyFile = config.age.secrets."wg_${config.networking.hostName}".path; + + peers = [ serverPeer ]; + }; + }; + }; in { boot.kernel.sysctl = lib.mkIf (config.networking.hostName == serverName) ({ "net.ipv6.conf.all.forwarding" = true; @@ -120,6 +134,7 @@ in { networking = lib.mkMerge [ (lib.mkIf (config.networking.hostName == serverName) serverConfig) - (lib.mkIf (builtins.hasAttr config.networking.hostName clients) clientConfig) + #(lib.mkIf (builtins.hasAttr config.networking.hostName clients) clientConfig) + (lib.mkIf (builtins.hasAttr config.networking.hostName clients) clientQuickConfig) ]; } From 203bc2ab53af43c868aeffee71ab843e5d44ccfc Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Tue, 20 May 2025 12:32:36 +1000 Subject: [PATCH 018/301] system/wireguard: use cloudflare dns --- modules/system/wireguard.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/system/wireguard.nix b/modules/system/wireguard.nix index 621e8db..ada49dc 100644 --- a/modules/system/wireguard.nix +++ b/modules/system/wireguard.nix @@ -120,6 +120,7 @@ let in { wg0 = { address = client.allowedIPs; + dns = [ "2606:4700:4700::1111" "2606:4700:4700::1001" "1.1.1.1" "1.0.0.1" ]; privateKeyFile = config.age.secrets."wg_${config.networking.hostName}".path; peers = [ serverPeer ]; From bdbb5fe0deb822211e0167706785238f9e67f776 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Tue, 20 May 2025 14:11:47 +1000 Subject: [PATCH 019/301] dandelion/transmission-container: fix systemd container issues --- hosts/dandelion/transmission-container.nix | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/hosts/dandelion/transmission-container.nix b/hosts/dandelion/transmission-container.nix index b9a8203..e3ee5ae 100644 --- a/hosts/dandelion/transmission-container.nix +++ b/hosts/dandelion/transmission-container.nix @@ -48,7 +48,14 @@ }; networking.firewall.enable = false; - systemd.services.transmission.serviceConfig.BindReadOnlyPaths = lib.mkForce [ builtins.storeDir "/etc" ]; + # https://github.com/NixOS/nixpkgs/issues/258793 + systemd.services.transmission.serviceConfig = { + BindReadOnlyPaths = lib.mkForce [ builtins.storeDir "/etc" ]; + RootDirectoryStartOnly = lib.mkForce false; + RootDirectory = lib.mkForce ""; + PrivateMounts = lib.mkForce false; + PrivateUsers = lib.mkForce false; + }; imports = [ modules.services.transmission ]; services.transmission.settings = { rpc-host-whitelist-enabled = false; From 1ecec117278653b11b9b7f880ea66e38950c309a Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Thu, 22 May 2025 22:10:52 +1000 Subject: [PATCH 020/301] system/wireguard: add and default to an ipv6-only tunnel --- modules/system/wireguard.nix | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/modules/system/wireguard.nix b/modules/system/wireguard.nix index ada49dc..7a3828f 100644 --- a/modules/system/wireguard.nix +++ b/modules/system/wireguard.nix @@ -58,6 +58,12 @@ let endpoint = "${serverIp}:${toString port}"; persistentKeepalive = 25; }; + server6OnlyPeer = { + publicKey = "3ugIk2tQZXjAH9/95s63ld2WNUHQrd4Mz5jzbln6oj0="; + allowedIPs = [ "::/0" ]; + endpoint = "${serverIp}:${toString port}"; + persistentKeepalive = 25; + }; serverConfig = { nat = { @@ -123,7 +129,15 @@ let dns = [ "2606:4700:4700::1111" "2606:4700:4700::1001" "1.1.1.1" "1.0.0.1" ]; privateKeyFile = config.age.secrets."wg_${config.networking.hostName}".path; + peers = [ server6OnlyPeer ]; + }; + wg1 = { + address = client.allowedIPs; + dns = [ "2606:4700:4700::1111" "2606:4700:4700::1001" "1.1.1.1" "1.0.0.1" ]; + privateKeyFile = config.age.secrets."wg_${config.networking.hostName}".path; + peers = [ serverPeer ]; + autostart = false; }; }; }; From 17164b05b9b04ce2ac161454bf5357c875e29f08 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Thu, 22 May 2025 22:57:47 +1000 Subject: [PATCH 021/301] services/unbound: bring back --- flake.lock | 17 +++++++++++++++++ flake.nix | 2 +- hosts/dandelion/default.nix | 1 + modules/services/unbound.nix | 15 +++++++++++---- 4 files changed, 30 insertions(+), 5 deletions(-) diff --git a/flake.lock b/flake.lock index e6a52d4..e69dca7 100644 --- a/flake.lock +++ b/flake.lock @@ -722,6 +722,7 @@ "pure": "pure", "spicetify-nix": "spicetify-nix", "spotify-adblock": "spotify-adblock", + "stevenblack-hosts": "stevenblack-hosts", "tree-sitter-jsonc": "tree-sitter-jsonc", "website": "website", "wine-discord-ipc-bridge": "wine-discord-ipc-bridge", @@ -766,6 +767,22 @@ "type": "github" } }, + "stevenblack-hosts": { + "flake": false, + "locked": { + "lastModified": 1747792192, + "narHash": "sha256-HeWotX8CVc3vDlvAGq99FaeAT9JRSWtx4N/NhtjPwtg=", + "owner": "StevenBlack", + "repo": "hosts", + "rev": "dbdcb032706dfe548745266218501afa93c14ad5", + "type": "github" + }, + "original": { + "owner": "StevenBlack", + "repo": "hosts", + "type": "github" + } + }, "systems": { "locked": { "lastModified": 1681028828, diff --git a/flake.nix b/flake.nix index 9f5e51d..98a4505 100644 --- a/flake.nix +++ b/flake.nix @@ -22,7 +22,7 @@ spicetify-nix.inputs.nixpkgs.follows = "nixpkgs"; # services - # hosts-blocklists = { url = "github:notracking/hosts-blocklists"; flake = false; }; + stevenblack-hosts = { url = "github:StevenBlack/hosts"; flake = false; }; website = { url = "github:LavaDesu/lavadesu.github.io/master"; flake = false; }; # zsh plugins diff --git a/hosts/dandelion/default.nix b/hosts/dandelion/default.nix index 55a46bc..2e915a3 100644 --- a/hosts/dandelion/default.nix +++ b/hosts/dandelion/default.nix @@ -21,6 +21,7 @@ modules.services.nginx modules.services.postgres + modules.services.unbound ./filesystem.nix ./kernel.nix diff --git a/modules/services/unbound.nix b/modules/services/unbound.nix index a9cf3bc..5ee9cc7 100644 --- a/modules/services/unbound.nix +++ b/modules/services/unbound.nix @@ -1,8 +1,12 @@ -{ inputs, ... }: +{ inputs, pkgs, gcSecrets, ... }: let dir = "/persist/unbound"; + + converted = pkgs.runCommand "stevenblack-hosts-unbound" {} '' + grep '^0\.0\.0\.0' "${inputs.stevenblack-hosts}/hosts" | awk '{print "local-zone: \""$2"\" always_refuse"}' > "$out" + ''; in { - networking.firewall.interfaces.wlan0 = { + networking.firewall.interfaces.wg0 = { allowedUDPPorts = [ 53 853 ]; allowedTCPPorts = [ 53 853 ]; }; @@ -16,17 +20,20 @@ in { name = "."; forward-tls-upstream = true; forward-addr = [ + "2606:4700:4700::1111@853#cloudflare-dns.com" + "2606:4700:4700::1001@853#cloudflare-dns.com" "1.1.1.1@853#cloudflare-dns.com" "1.0.0.1@853#cloudflare-dns.com" ]; }]; server = { - interface = [ "0.0.0.0" ]; + interface = [ "0.0.0.0" "::0" ]; access-control = [ "127.0.0.1/8 allow" "10.0.0.0/8 allow" "192.168.100.0/24 allow" + "${gcSecrets.wireguard.ipv6Subnet}/80 allow" ]; domain-insecure = [ "\"local.lava.moe\"" ]; local-zone = [ "\"warden.local.lava.moe.\" redirect" ]; @@ -35,7 +42,7 @@ in { ]; }; - include = "${inputs.hosts-blocklists}/unbound/unbound.blacklist.conf"; + include = "${converted}"; }; }; From f87dfa314e87d34b0bf7b1afc3d2bdb35dd1b589 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Thu, 22 May 2025 23:03:17 +1000 Subject: [PATCH 022/301] system/unbound: remove first line of stevenblack hosts --- modules/services/unbound.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/services/unbound.nix b/modules/services/unbound.nix index 5ee9cc7..b7737c3 100644 --- a/modules/services/unbound.nix +++ b/modules/services/unbound.nix @@ -3,7 +3,7 @@ let dir = "/persist/unbound"; converted = pkgs.runCommand "stevenblack-hosts-unbound" {} '' - grep '^0\.0\.0\.0' "${inputs.stevenblack-hosts}/hosts" | awk '{print "local-zone: \""$2"\" always_refuse"}' > "$out" + grep '^0\.0\.0\.0' "${inputs.stevenblack-hosts}/hosts" | awk '{print "local-zone: \""$2"\" always_refuse"}' | tail -n +2 > "$out" ''; in { networking.firewall.interfaces.wg0 = { From 44a3d4473fd7331245e9a69e31087fea2d7a3fdd Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Thu, 22 May 2025 23:09:50 +1000 Subject: [PATCH 023/301] services/unbound: fix syntax error --- modules/services/unbound.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/services/unbound.nix b/modules/services/unbound.nix index b7737c3..34eefe0 100644 --- a/modules/services/unbound.nix +++ b/modules/services/unbound.nix @@ -3,7 +3,8 @@ let dir = "/persist/unbound"; converted = pkgs.runCommand "stevenblack-hosts-unbound" {} '' - grep '^0\.0\.0\.0' "${inputs.stevenblack-hosts}/hosts" | awk '{print "local-zone: \""$2"\" always_refuse"}' | tail -n +2 > "$out" + echo "server:" > "$out" + grep '^0\.0\.0\.0' "${inputs.stevenblack-hosts}/hosts" | awk '{print "local-zone: \""$2"\" always_refuse"}' | tail -n +2 >> "$out" ''; in { networking.firewall.interfaces.wg0 = { From 1db10b5b9db330c3adba5e8c40643545827ec48f Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Thu, 22 May 2025 23:11:05 +1000 Subject: [PATCH 024/301] services/unbound: fix subnet ip --- modules/services/unbound.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/services/unbound.nix b/modules/services/unbound.nix index 34eefe0..62732c9 100644 --- a/modules/services/unbound.nix +++ b/modules/services/unbound.nix @@ -34,7 +34,7 @@ in { "127.0.0.1/8 allow" "10.0.0.0/8 allow" "192.168.100.0/24 allow" - "${gcSecrets.wireguard.ipv6Subnet}/80 allow" + "${gcSecrets.wireguard.ipv6Subnet}:/80 allow" ]; domain-insecure = [ "\"local.lava.moe\"" ]; local-zone = [ "\"warden.local.lava.moe.\" redirect" ]; From 5f5412f433f2c121b3888400d283fb70effe32f0 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Sat, 5 Apr 2025 14:11:56 +1100 Subject: [PATCH 025/301] services/nginx: remove hosts --- modules/services/nginx.nix | 23 ----------------------- 1 file changed, 23 deletions(-) diff --git a/modules/services/nginx.nix b/modules/services/nginx.nix index c58f2ee..eb4767b 100644 --- a/modules/services/nginx.nix +++ b/modules/services/nginx.nix @@ -21,28 +21,5 @@ recommendedOptimisation = true; recommendedGzipSettings = true; recommendedProxySettings = true; - - virtualHosts = { - "lava.moe" = { - useACMEHost = "lava.moe"; - forceSSL = true; - root = inputs.website.outPath; - }; - "cdn.lava.moe" = { - useACMEHost = "lava.moe"; - forceSSL = true; - root = "/persist/cdn"; - }; - "_" = { - default = true; - addSSL = true; - # TODO generate this somewhere - sslCertificate = "/persist/fakeCerts/fake.crt"; - sslCertificateKey = "/persist/fakeCerts/fake.key"; - extraConfig = '' - return 444; - ''; - }; - }; }; } From cc76cdf00d6cd54647371be64e696530f6f2586a Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Sat, 5 Apr 2025 14:13:05 +1100 Subject: [PATCH 026/301] hosts/hazel: add acme_dns secret --- hosts/hazel/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hosts/hazel/default.nix b/hosts/hazel/default.nix index c487e5e..1904423 100644 --- a/hosts/hazel/default.nix +++ b/hosts/hazel/default.nix @@ -3,6 +3,10 @@ system.stateVersion = "24.11"; time.timeZone = "Australia/Melbourne"; + age.secrets = { + acme_dns.file = ../../secrets/acme_dns.age; + }; + imports = with modules.system; with modules.services; [ home-manager-stable From e90ebf622006688044f6be84e93513f7cfad829c Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Sat, 5 Apr 2025 14:17:51 +1100 Subject: [PATCH 027/301] hosts/hazel: enable https --- hosts/hazel/default.nix | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/hosts/hazel/default.nix b/hosts/hazel/default.nix index 1904423..a36bc67 100644 --- a/hosts/hazel/default.nix +++ b/hosts/hazel/default.nix @@ -1,4 +1,4 @@ -{ modules, pkgs, ... }: { +{ config, modules, pkgs, ... }: { networking.hostName = "hazel"; system.stateVersion = "24.11"; time.timeZone = "Australia/Melbourne"; @@ -35,5 +35,11 @@ dbtype = "pgsql"; adminpassFile = "/persist/nextcloud-admin-pass"; }; + https = true; + }; + + services.nginx.virtualHosts.${config.services.nextcloud.hostName} = { + forceSSL = true; + enableACME = true; }; } From e7a7b39d411d4bcf95b92f2dd0326466c39de3a8 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Sat, 5 Apr 2025 14:33:57 +1100 Subject: [PATCH 028/301] hosts/hazel: init immich --- hosts/hazel/default.nix | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/hosts/hazel/default.nix b/hosts/hazel/default.nix index a36bc67..9926c7f 100644 --- a/hosts/hazel/default.nix +++ b/hosts/hazel/default.nix @@ -42,4 +42,27 @@ forceSSL = true; enableACME = true; }; + + services.immich = { + enable = true; + port = 2283; + }; + + users.users.immich.extraGroups = [ "video" "render" ]; + hardware.opengl.enable = true; + services.nginx.virtualHosts."photos.lava.moe" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://[::1]:${toString config.services.immich.port}"; + proxyWebsockets = true; + recommendedProxySettings = true; + extraConfig = '' + client_max_body_size 50000M; + proxy_read_timeout 600s; + proxy_send_timeout 600s; + send_timeout 600s; + ''; + }; + }; } From 5f5aa86ce21ad8f2c1ac8d50e7d262720e0a2ce2 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Mon, 7 Apr 2025 00:46:43 +1000 Subject: [PATCH 029/301] hosts/hazel: move services data to /flower --- hosts/hazel/default.nix | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/hosts/hazel/default.nix b/hosts/hazel/default.nix index 9926c7f..7f4d1cc 100644 --- a/hosts/hazel/default.nix +++ b/hosts/hazel/default.nix @@ -1,4 +1,24 @@ -{ config, modules, pkgs, ... }: { +{ config, modules, pkgs, ... }: +let + dirs = [ + ["immich" "immich"] + ["nextcloud" "nextcloud"] + ["postgresql" "postgres"] + ["redis-immich" "redis-immich"] + ]; + + rules = builtins.map (d: "d /flower/${builtins.elemAt d 0} 750 ${builtins.elemAt d 1} ${builtins.elemAt d 1}") dirs; + mounts = builtins.listToAttrs (builtins.map (d: { + name = "/var/lib/${builtins.elemAt d 0}"; + value = { + depends = [ "/flower" ]; + device = "/flower/${builtins.elemAt d 0}"; + fsType = "none"; + options = [ "bind" ]; + }; + }) dirs); +in +{ networking.hostName = "hazel"; system.stateVersion = "24.11"; time.timeZone = "Australia/Melbourne"; @@ -65,4 +85,7 @@ ''; }; }; + + systemd.tmpfiles.rules = rules; + fileSystems = mounts; } From 69c13bc50e24ec2556f701a50f09477e18c6913a Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Mon, 7 Apr 2025 12:38:22 +1000 Subject: [PATCH 030/301] users/hana: add dandelion to authorized keys --- users/hana/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/users/hana/default.nix b/users/hana/default.nix index a895181..489517a 100644 --- a/users/hana/default.nix +++ b/users/hana/default.nix @@ -8,6 +8,7 @@ hashedPassword = "$y$j9T$3xCNDudmfrIu5VfQQoDkj/$ugzJWq0gORN9jnhDsREu31CkL3zwniQu6KoLbmg6Wr/"; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPru5eTBvHJ4ZmrrzPRHCGM09wQP/ZHSaKYalDuBVO15 rin@anemone" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILhP8yi/CdACtql3I4j0xI+r0KV4AVCb265Bd/RTFBu4 hana@dandelion" ]; }; From 19ed50cc9db4bfe86c1c351afabdb51509203a0c Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Wed, 30 Apr 2025 00:29:00 +1000 Subject: [PATCH 031/301] users/hana: add hibiscus to authorized keys --- users/hana/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/users/hana/default.nix b/users/hana/default.nix index 489517a..ed7a464 100644 --- a/users/hana/default.nix +++ b/users/hana/default.nix @@ -9,6 +9,7 @@ openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPru5eTBvHJ4ZmrrzPRHCGM09wQP/ZHSaKYalDuBVO15 rin@anemone" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILhP8yi/CdACtql3I4j0xI+r0KV4AVCb265Bd/RTFBu4 hana@dandelion" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ5l9t8dc6mPsKKYqZlPKvhOdyqz+DS5UOcvHuh3uVGt cilly@hibiscus" ]; }; From 945eb34e6042778692f885954d8058dc6da6ac8b Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Mon, 19 May 2025 14:14:42 +1000 Subject: [PATCH 032/301] hazel/networking: add ipv6 address --- hosts/hazel/networking.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/hosts/hazel/networking.nix b/hosts/hazel/networking.nix index 1dd932a..60064b5 100644 --- a/hosts/hazel/networking.nix +++ b/hosts/hazel/networking.nix @@ -1,5 +1,15 @@ { config, ... }: { networking = { useDHCP = true; + interfaces.enp8s0.ipv6.addresses = [ + { + address = "2a01:4f9:4a:2694::11"; + prefixLength = 64; + } + ]; + defaultGateway6 = { + address = "fe80::1"; + interface = "enp8s0"; + }; }; } From a6348c833ee724664e5cdecf1ed51051945edbc7 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Thu, 22 May 2025 23:38:13 +1000 Subject: [PATCH 033/301] system/wireguard: cleanup, create local ipv6 subnet, and use unbound dns --- modules/system/wireguard.nix | 55 +++++------------------------------- 1 file changed, 7 insertions(+), 48 deletions(-) diff --git a/modules/system/wireguard.nix b/modules/system/wireguard.nix index 7a3828f..ca47ddb 100644 --- a/modules/system/wireguard.nix +++ b/modules/system/wireguard.nix @@ -21,33 +21,18 @@ let '') forwarding ); - routeBypass = { - anemone = { - interface = "wlp1s0"; - routes = [ serverIp ]; - }; - hyacinth = { - interface = "enp5s0"; - routes = [ serverIp ]; - }; - }; - clients = { - # caramel = { - # publicKey = "VDqcpS0lJzFgwikj61MJ1xc9P8Cuq0NXa+Hc+etn2iA="; - # allowedIPs = [ "10.100.0.2/32" ]; - # }; hyacinth = { publicKey = "6nVhazYdmC15A/nke9VrqIg3sOBVOmqj4GEsyBq7MVo="; - allowedIPs = [ "10.100.0.3/32" "${gcSecrets.wireguard.ipv6Subnet}:3"]; + allowedIPs = [ "10.100.0.3/32" "${gcSecrets.wireguard.ipv6Subnet}:3" "fd0d::3" ]; }; anemone = { publicKey = "px5+JNdAmqBvUC++DhiJrUBRAr+BYP6iYVt4sbhPTWY="; - allowedIPs = [ "10.100.0.4/32" "${gcSecrets.wireguard.ipv6Subnet}:4" ]; + allowedIPs = [ "10.100.0.4/32" "${gcSecrets.wireguard.ipv6Subnet}:4" "fd0d::4" ]; }; hibiscus = { publicKey = "vQ5a2KMrwi7RCRsD0yvog+n35vQYFuvwiPn+W4lbRBw="; - allowedIPs = [ "10.100.0.5/32" "${gcSecrets.wireguard.ipv6Subnet}:5" ]; + allowedIPs = [ "10.100.0.5/32" "${gcSecrets.wireguard.ipv6Subnet}:5" "fd0d::5" ]; }; }; @@ -77,7 +62,7 @@ let }; wireguard.interfaces.wg0 = { - ips = [ "10.100.0.1/24" "${gcSecrets.wireguard.ipv6Subnet}:1" ]; + ips = [ "10.100.0.1/24" "${gcSecrets.wireguard.ipv6Subnet}:1" "fd0d::1" ]; listenPort = port; postSetup = '' @@ -95,45 +80,20 @@ let }; clientConfig = { - wireguard.interfaces.wg0 = - let - client = clients."${config.networking.hostName}"; - routes = routeBypass."${config.networking.hostName}"; - mapRoutes = type: lib.concatMapStringsSep "\n" (r: "${pkgs.iproute2}/bin/ip route ${type} ${r} dev ${routes.interface}") routes.routes; - in { - ips = client.allowedIPs; - listenPort = port; - - postSetup = '' - ${mapRoutes "add"} - ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o ${serverInterface} -j MASQUERADE - ''; - - postShutdown = '' - ${mapRoutes "del"} - ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o ${serverInterface} -j MASQUERADE - ''; - - privateKeyFile = config.age.secrets."wg_${config.networking.hostName}".path; - peers = [ serverPeer ]; - }; - }; - - clientQuickConfig = { wg-quick.interfaces = let client = clients."${config.networking.hostName}"; in { wg0 = { address = client.allowedIPs; - dns = [ "2606:4700:4700::1111" "2606:4700:4700::1001" "1.1.1.1" "1.0.0.1" ]; + dns = [ "fd0d::1" "10.100.0.1" ]; privateKeyFile = config.age.secrets."wg_${config.networking.hostName}".path; peers = [ server6OnlyPeer ]; }; wg1 = { address = client.allowedIPs; - dns = [ "2606:4700:4700::1111" "2606:4700:4700::1001" "1.1.1.1" "1.0.0.1" ]; + dns = [ "fd0d::1" "10.100.0.1" ]; privateKeyFile = config.age.secrets."wg_${config.networking.hostName}".path; peers = [ serverPeer ]; @@ -149,7 +109,6 @@ in { networking = lib.mkMerge [ (lib.mkIf (config.networking.hostName == serverName) serverConfig) - #(lib.mkIf (builtins.hasAttr config.networking.hostName clients) clientConfig) - (lib.mkIf (builtins.hasAttr config.networking.hostName clients) clientQuickConfig) + (lib.mkIf (builtins.hasAttr config.networking.hostName clients) clientConfig) ]; } From f35d104f84c3edab3e636b2633e7048eccf6fdd6 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Thu, 22 May 2025 23:38:50 +1000 Subject: [PATCH 034/301] services/unbound: allow wireguard clients --- modules/services/unbound.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/services/unbound.nix b/modules/services/unbound.nix index 62732c9..e6ec4ad 100644 --- a/modules/services/unbound.nix +++ b/modules/services/unbound.nix @@ -34,6 +34,7 @@ in { "127.0.0.1/8 allow" "10.0.0.0/8 allow" "192.168.100.0/24 allow" + "fd0d::/16 allow" "${gcSecrets.wireguard.ipv6Subnet}:/80 allow" ]; domain-insecure = [ "\"local.lava.moe\"" ]; From 93279eb6e61b303c6a82c7338cd27c0a23e595a9 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Thu, 22 May 2025 23:42:08 +1000 Subject: [PATCH 035/301] services/website: init --- hosts/dandelion/default.nix | 1 + modules/default.nix | 1 + modules/services/nginx.nix | 2 +- modules/services/website.nix | 24 ++++++++++++++++++++++++ 4 files changed, 27 insertions(+), 1 deletion(-) create mode 100644 modules/services/website.nix diff --git a/hosts/dandelion/default.nix b/hosts/dandelion/default.nix index 2e915a3..b9f5e42 100644 --- a/hosts/dandelion/default.nix +++ b/hosts/dandelion/default.nix @@ -22,6 +22,7 @@ modules.services.nginx modules.services.postgres modules.services.unbound + modules.services.website ./filesystem.nix ./kernel.nix diff --git a/modules/default.nix b/modules/default.nix index 8a66d93..9a1898a 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -26,6 +26,7 @@ in { ./services/transmission.nix ./services/unbound.nix ./services/vaultwarden.nix + ./services/website.nix ]; system = mkAttrsFromPaths [ ./system/aagl.nix diff --git a/modules/services/nginx.nix b/modules/services/nginx.nix index eb4767b..be8adaf 100644 --- a/modules/services/nginx.nix +++ b/modules/services/nginx.nix @@ -1,4 +1,4 @@ -{ config, inputs, ... }: { +{ config, ... }: { networking.firewall.allowedTCPPorts = [ 80 443 ]; security.acme = { acceptTerms = true; diff --git a/modules/services/website.nix b/modules/services/website.nix new file mode 100644 index 0000000..5e7a223 --- /dev/null +++ b/modules/services/website.nix @@ -0,0 +1,24 @@ +{ inputs, ... }: { + services.nginx.virtualHosts = { + "lava.moe" = { + useACMEHost = "lava.moe"; + forceSSL = true; + root = inputs.website.outPath; + }; + "cdn.lava.moe" = { + useACMEHost = "lava.moe"; + forceSSL = true; + root = "/persist/cdn"; + }; + "_" = { + default = true; + addSSL = true; + # TODO generate this somewhere + sslCertificate = "/persist/fakeCerts/fake.crt"; + sslCertificateKey = "/persist/fakeCerts/fake.key"; + extraConfig = '' + return 444; + ''; + }; + }; +} From 718437153feb37727e7354cab2da02a969028544 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Thu, 22 May 2025 23:43:56 +1000 Subject: [PATCH 036/301] hosts/hyacinth: fix wg filepath --- hosts/hyacinth/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/hyacinth/default.nix b/hosts/hyacinth/default.nix index ff21b6b..c60951a 100644 --- a/hosts/hyacinth/default.nix +++ b/hosts/hyacinth/default.nix @@ -7,7 +7,7 @@ nixpkgs.overlays = [ inputs.neovim-nightly.overlays.default ]; age.secrets = { passwd.file = ../../secrets/passwd.age; - wg_hyacinth.file = ../../secrets/wg_blossom.age; + wg_hyacinth.file = ../../secrets/wg_hyacinth.age; wpa_conf.file = ../../secrets/wpa_conf.age; }; imports = with modules.system; [ From 7aa3a988fea98ca8b98ef5733accdb153fcbe323 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Fri, 23 May 2025 00:03:52 +1000 Subject: [PATCH 037/301] system/wireguard: refactor, and add hazel --- modules/system/wireguard.nix | 50 +++++++++++++++++++----------------- 1 file changed, 27 insertions(+), 23 deletions(-) diff --git a/modules/system/wireguard.nix b/modules/system/wireguard.nix index ca47ddb..186367f 100644 --- a/modules/system/wireguard.nix +++ b/modules/system/wireguard.nix @@ -25,30 +25,45 @@ let hyacinth = { publicKey = "6nVhazYdmC15A/nke9VrqIg3sOBVOmqj4GEsyBq7MVo="; allowedIPs = [ "10.100.0.3/32" "${gcSecrets.wireguard.ipv6Subnet}:3" "fd0d::3" ]; + interfaces = { + wg0 = { peers = [ server6OnlyPeer ]; }; + wg1 = { peers = [ serverPeer ]; autostart = false; }; + }; }; anemone = { publicKey = "px5+JNdAmqBvUC++DhiJrUBRAr+BYP6iYVt4sbhPTWY="; allowedIPs = [ "10.100.0.4/32" "${gcSecrets.wireguard.ipv6Subnet}:4" "fd0d::4" ]; + interfaces = { + wg0 = { peers = [ server6OnlyPeer ]; }; + wg1 = { peers = [ serverPeer ]; autostart = false; }; + }; }; hibiscus = { publicKey = "vQ5a2KMrwi7RCRsD0yvog+n35vQYFuvwiPn+W4lbRBw="; allowedIPs = [ "10.100.0.5/32" "${gcSecrets.wireguard.ipv6Subnet}:5" "fd0d::5" ]; + interfaces = { + wg0 = { peers = [ server6OnlyPeer ]; }; + wg1 = { peers = [ serverPeer ]; autostart = false; }; + }; + }; + hazel = { + publicKey = "vQ5a2KMrwi7RCRsD0yvog+n35vQYFuvwiPn+W4lbRBw="; + allowedIPs = [ "10.100.0.21/32" "${gcSecrets.wireguard.ipv6Subnet}:21" "fd0d::21" ]; + interfaces = { + wg0 = { peers = [ (serverPeerWith [ "10.100.0.0/24" "fd0d::/16" ]) ]; }; + }; }; }; clientPeers = builtins.attrValues clients; - serverPeer = { + serverPeerWith = ips: { publicKey = "3ugIk2tQZXjAH9/95s63ld2WNUHQrd4Mz5jzbln6oj0="; - allowedIPs = [ "0.0.0.0/0" "::/0" ]; - endpoint = "${serverIp}:${toString port}"; - persistentKeepalive = 25; - }; - server6OnlyPeer = { - publicKey = "3ugIk2tQZXjAH9/95s63ld2WNUHQrd4Mz5jzbln6oj0="; - allowedIPs = [ "::/0" ]; + allowedIPs = ips; endpoint = "${serverIp}:${toString port}"; persistentKeepalive = 25; }; + serverPeer = serverPeerWith [ "0.0.0.0/0" "::/0" ]; + server6OnlyPeer = serverPeerWith [ "10.100.0.0/24" "::/0" ]; serverConfig = { nat = { @@ -83,23 +98,12 @@ let wg-quick.interfaces = let client = clients."${config.networking.hostName}"; - in { - wg0 = { + in + builtins.mapAttrs (interface: conf: { address = client.allowedIPs; dns = [ "fd0d::1" "10.100.0.1" ]; privateKeyFile = config.age.secrets."wg_${config.networking.hostName}".path; - - peers = [ server6OnlyPeer ]; - }; - wg1 = { - address = client.allowedIPs; - dns = [ "fd0d::1" "10.100.0.1" ]; - privateKeyFile = config.age.secrets."wg_${config.networking.hostName}".path; - - peers = [ serverPeer ]; - autostart = false; - }; - }; + } // conf) client.interfaces; }; in { boot.kernel.sysctl = lib.mkIf (config.networking.hostName == serverName) ({ @@ -109,6 +113,6 @@ in { networking = lib.mkMerge [ (lib.mkIf (config.networking.hostName == serverName) serverConfig) - (lib.mkIf (builtins.hasAttr config.networking.hostName clients) clientConfig) + (lib.mkIf (config.networking.hostName != serverName) clientConfig) ]; } From 616db337736be81dba96db56f7ee188ff496ae56 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Fri, 23 May 2025 00:06:27 +1000 Subject: [PATCH 038/301] hosts/hazel: add unbound --- hosts/hazel/default.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/hosts/hazel/default.nix b/hosts/hazel/default.nix index 7f4d1cc..0d5356d 100644 --- a/hosts/hazel/default.nix +++ b/hosts/hazel/default.nix @@ -32,11 +32,13 @@ in base kernel - nginx nix-stable packages security + nginx + unbound + ./filesystem.nix ./kernel.nix ./networking.nix From bd4affdea0e953bcf4376545aca4be5b95aa44ed Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Fri, 23 May 2025 00:07:28 +1000 Subject: [PATCH 039/301] system/wireguard: use local dns for hazel --- modules/system/wireguard.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/modules/system/wireguard.nix b/modules/system/wireguard.nix index 186367f..a60ff7e 100644 --- a/modules/system/wireguard.nix +++ b/modules/system/wireguard.nix @@ -50,7 +50,10 @@ let publicKey = "vQ5a2KMrwi7RCRsD0yvog+n35vQYFuvwiPn+W4lbRBw="; allowedIPs = [ "10.100.0.21/32" "${gcSecrets.wireguard.ipv6Subnet}:21" "fd0d::21" ]; interfaces = { - wg0 = { peers = [ (serverPeerWith [ "10.100.0.0/24" "fd0d::/16" ]) ]; }; + wg0 = { + dns = [ "::1" "127.0.0.1" ]; + peers = [ (serverPeerWith [ "10.100.0.0/24" "fd0d::/16" ]) ]; + }; }; }; }; From b8ad7638ef8dcea815f17c6275c8804b01705801 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Fri, 23 May 2025 00:13:30 +1000 Subject: [PATCH 040/301] hazel/networking: move address to secrets --- hosts/hazel/networking.nix | 4 ++-- secrets.gcrypt/shared.json | Bin 262 -> 327 bytes 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/hosts/hazel/networking.nix b/hosts/hazel/networking.nix index 60064b5..42656e4 100644 --- a/hosts/hazel/networking.nix +++ b/hosts/hazel/networking.nix @@ -1,9 +1,9 @@ -{ config, ... }: { +{ gcSecrets, ... }: { networking = { useDHCP = true; interfaces.enp8s0.ipv6.addresses = [ { - address = "2a01:4f9:4a:2694::11"; + address = gcSecrets.hazel.ipv6Addr; prefixLength = 64; } ]; diff --git a/secrets.gcrypt/shared.json b/secrets.gcrypt/shared.json index 2e9e87662b9425f3d1dad08780f8004b72875c4a..21378e76b52316e7dbd9edcc0a2a90ede9921f9a 100644 GIT binary patch literal 327 zcmZQ@_Y83kiVO&0_-MD?v94TLzmv~XzvA7TJKAs7P1tNDXux}FvgnSbmEU>%*3R)i zDs)(HWwnO#^F`}2;`^WfTh8}(!jjjsbJ%&xmWuoin&Edm%O%st^?=`&xf~L=dHwwq z9sludnZDYsXRmA9X}gpy-92j0njXt3e+#UV-*qB%{(b)$hy9oN_Dt5Au|+KI^bd*6 zEqA=`-%)fqK3o2EALrGCJ^r*V((Q^;^pjctI5#f+$~4EqRZ#ZQj%O>^EMwlp_r*zqAHIE7=GJtstopT-;r*kA{w+T{D^;28jY}j;jBi|i{a|n0?dV5*Z;qO?wI8^(Kh<@ugS(qq9e=Ldv%NWK%eL=% zxg*zkak$xuXAkF<+fTT1(||LdXZAo9fmDrOeYZy1L(TonX=d*TZwg zJ$=e6g)>F;f4pP8e!NvrbpEb#!B*E4&JCv?UgAIAM3Md z4@u41RL631@$R)I&#yZz&(RZcX_uVCR@}45pLuU_LvbI&{k_7j{#E;9)gxDaj!yo0 WPAKW*n)#A1FT@ttZ_$lB;|Bog5q@I; From 817371bf0177986ac7c7f071e5d9f25d15b410f3 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Fri, 23 May 2025 00:21:09 +1000 Subject: [PATCH 041/301] workflows/cachix: unlock git crypt secrets --- .github/workflows/cachix.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/cachix.yml b/.github/workflows/cachix.yml index 2112f8d..e9be9a3 100644 --- a/.github/workflows/cachix.yml +++ b/.github/workflows/cachix.yml @@ -12,6 +12,10 @@ jobs: - uses: actions/checkout@v4 with: fetch-depth: 0 + - name: Unlock secrets + uses: sliteteam/github-action-git-crypt-unlock@1.2.0 + env: + GIT_CRYPT_KEY: ${{ secrets.GIT_CRYPT_KEY }} - uses: cachix/install-nix-action@v31 - uses: cachix/cachix-action@v14 with: From 93c91d5a6b3c91e803a5c97f9cf724aafba3b1fa Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Fri, 23 May 2025 00:30:41 +1000 Subject: [PATCH 042/301] system/wireguard: fix dandelion config --- modules/system/wireguard.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/wireguard.nix b/modules/system/wireguard.nix index a60ff7e..dd2e96d 100644 --- a/modules/system/wireguard.nix +++ b/modules/system/wireguard.nix @@ -58,7 +58,7 @@ let }; }; - clientPeers = builtins.attrValues clients; + clientPeers = builtins.removeAttrs (builtins.attrValues clients) [ "interfaces" ]; serverPeerWith = ips: { publicKey = "3ugIk2tQZXjAH9/95s63ld2WNUHQrd4Mz5jzbln6oj0="; allowedIPs = ips; From 5ef6a68587e3479a857a3fc0b0cea00ffbde1133 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Fri, 23 May 2025 00:47:27 +1000 Subject: [PATCH 043/301] system/wireguard: fix dandelion again --- modules/system/wireguard.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/wireguard.nix b/modules/system/wireguard.nix index dd2e96d..01afc75 100644 --- a/modules/system/wireguard.nix +++ b/modules/system/wireguard.nix @@ -58,7 +58,7 @@ let }; }; - clientPeers = builtins.removeAttrs (builtins.attrValues clients) [ "interfaces" ]; + clientPeers = builtins.attrValues (builtins.removeAttrs clients [ "interfaces" ]); serverPeerWith = ips: { publicKey = "3ugIk2tQZXjAH9/95s63ld2WNUHQrd4Mz5jzbln6oj0="; allowedIPs = ips; From 9512dd2e417fc6714e15f47b764b62d6a69acedb Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Fri, 23 May 2025 00:48:36 +1000 Subject: [PATCH 044/301] system/wireguard: actually fix it this time.. --- modules/system/wireguard.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/wireguard.nix b/modules/system/wireguard.nix index 01afc75..ecbcc81 100644 --- a/modules/system/wireguard.nix +++ b/modules/system/wireguard.nix @@ -58,7 +58,7 @@ let }; }; - clientPeers = builtins.attrValues (builtins.removeAttrs clients [ "interfaces" ]); + clientPeers = builtins.map (client: builtins.removeAttrs client [ "interfaces" ]) (builtins.attrValues clients); serverPeerWith = ips: { publicKey = "3ugIk2tQZXjAH9/95s63ld2WNUHQrd4Mz5jzbln6oj0="; allowedIPs = ips; From 3061733e46a30693024e73967d03f7e410c87e17 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Fri, 23 May 2025 01:03:12 +1000 Subject: [PATCH 045/301] workflows/cachix: try to make secret unlocking more consistent --- .github/workflows/cachix.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/cachix.yml b/.github/workflows/cachix.yml index e9be9a3..e02595b 100644 --- a/.github/workflows/cachix.yml +++ b/.github/workflows/cachix.yml @@ -16,6 +16,11 @@ jobs: uses: sliteteam/github-action-git-crypt-unlock@1.2.0 env: GIT_CRYPT_KEY: ${{ secrets.GIT_CRYPT_KEY }} + - name: Wait.. + run: + sleep 2 + git checkout master + sleep 2 - uses: cachix/install-nix-action@v31 - uses: cachix/cachix-action@v14 with: From 0253d64b96643a6b4103a92f891e6470f77fb577 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Fri, 23 May 2025 01:03:32 +1000 Subject: [PATCH 046/301] hosts/hazel: use wireguard --- hosts/hazel/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/hazel/default.nix b/hosts/hazel/default.nix index 0d5356d..5204ebe 100644 --- a/hosts/hazel/default.nix +++ b/hosts/hazel/default.nix @@ -38,6 +38,7 @@ in nginx unbound + wireguard ./filesystem.nix ./kernel.nix From 1fadd257f3c4f090e4b421fcb4016ed57b64f137 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Fri, 23 May 2025 01:04:57 +1000 Subject: [PATCH 047/301] workflows/cachix: fix script --- .github/workflows/cachix.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/cachix.yml b/.github/workflows/cachix.yml index e02595b..40ac795 100644 --- a/.github/workflows/cachix.yml +++ b/.github/workflows/cachix.yml @@ -18,9 +18,9 @@ jobs: GIT_CRYPT_KEY: ${{ secrets.GIT_CRYPT_KEY }} - name: Wait.. run: - sleep 2 - git checkout master - sleep 2 + sleep 2; + git checkout master; + sleep 2; - uses: cachix/install-nix-action@v31 - uses: cachix/cachix-action@v14 with: From adf5409e323f714edab06be1d7ca3f93ad83811d Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Fri, 23 May 2025 01:06:18 +1000 Subject: [PATCH 048/301] workflows/cachix: fix script, again.. --- .github/workflows/cachix.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/cachix.yml b/.github/workflows/cachix.yml index 40ac795..73ccc4d 100644 --- a/.github/workflows/cachix.yml +++ b/.github/workflows/cachix.yml @@ -18,9 +18,7 @@ jobs: GIT_CRYPT_KEY: ${{ secrets.GIT_CRYPT_KEY }} - name: Wait.. run: - sleep 2; - git checkout master; - sleep 2; + sleep 5; - uses: cachix/install-nix-action@v31 - uses: cachix/cachix-action@v14 with: From 74e7f5435f904780f44054621ce9af7342bb6e85 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Fri, 23 May 2025 01:08:14 +1000 Subject: [PATCH 049/301] system/wireguard: use new keys for hazel --- modules/system/wireguard.nix | 2 +- secrets.nix | 1 + secrets/wg_hazel.age | 7 +++++++ 3 files changed, 9 insertions(+), 1 deletion(-) create mode 100644 secrets/wg_hazel.age diff --git a/modules/system/wireguard.nix b/modules/system/wireguard.nix index ecbcc81..6126da8 100644 --- a/modules/system/wireguard.nix +++ b/modules/system/wireguard.nix @@ -47,7 +47,7 @@ let }; }; hazel = { - publicKey = "vQ5a2KMrwi7RCRsD0yvog+n35vQYFuvwiPn+W4lbRBw="; + publicKey = "0zruTndObzHo+b1rbOuTsxCU97epygZycxXS/lgUHUc="; allowedIPs = [ "10.100.0.21/32" "${gcSecrets.wireguard.ipv6Subnet}:21" "fd0d::21" ]; interfaces = { wg0 = { diff --git a/secrets.nix b/secrets.nix index e24da84..4fc6c4a 100644 --- a/secrets.nix +++ b/secrets.nix @@ -13,6 +13,7 @@ in { "secrets/warden_admin.age".publicKeys = [ rin ]; "secrets/wg_anemone.age".publicKeys = [ anemone rin ]; "secrets/wg_dandelion.age".publicKeys = [ dandelion rin ]; + "secrets/wg_hazel.age".publicKeys = [ hazel rin ]; "secrets/wg_hyacinth.age".publicKeys = [ blossom rin ]; "secrets/wg_caramel.age".publicKeys = [ rin ]; } diff --git a/secrets/wg_hazel.age b/secrets/wg_hazel.age new file mode 100644 index 0000000..fa7fbb8 --- /dev/null +++ b/secrets/wg_hazel.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 ZAcXHw eEKOjQqzqL9npB+C/wUahKJg58fedM6oxPKuKlMHpRo +obx/pnoSM0uXYR7EC/yHYVs8gM/W74zoMijdWRpnYv8 +-> ssh-ed25519 U9FXlg o8QW/BHBKLHhahpcHf5ZrYIbCzilWVZvXr1nEChAqFM +fgmtkUzJs2Oeq85JVl0HrHwBg/gjDQfzT5J+9Wyk8Kw +--- yXs0fQOQfJ1NyPAPSr+1nm5/hVds5dhxW4WZagtMna0 +;ǓוZI=Z[cϏ7&.HFkJUDN i_NTȊ"l_Go)fs9& \ No newline at end of file From 8cb9905098ae72ae421fac914dbf6f0607912477 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Fri, 23 May 2025 01:09:46 +1000 Subject: [PATCH 050/301] hosts/hazel: add wg_hazel secret aaaaaaaaaaaa --- hosts/hazel/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/hazel/default.nix b/hosts/hazel/default.nix index 5204ebe..7e22154 100644 --- a/hosts/hazel/default.nix +++ b/hosts/hazel/default.nix @@ -25,6 +25,7 @@ in age.secrets = { acme_dns.file = ../../secrets/acme_dns.age; + wg_hazel.file = ../../secrets/wg_hazel.age; }; imports = with modules.system; with modules.services; [ From 3f52fc1e810ba604e3a2a8da227a7077fda50f74 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Fri, 23 May 2025 01:15:55 +1000 Subject: [PATCH 051/301] workflows/cachix: lengthen sleep --- .github/workflows/cachix.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cachix.yml b/.github/workflows/cachix.yml index 73ccc4d..fb6a2ef 100644 --- a/.github/workflows/cachix.yml +++ b/.github/workflows/cachix.yml @@ -18,7 +18,7 @@ jobs: GIT_CRYPT_KEY: ${{ secrets.GIT_CRYPT_KEY }} - name: Wait.. run: - sleep 5; + sleep 20; - uses: cachix/install-nix-action@v31 - uses: cachix/cachix-action@v14 with: From fe8d26a860d16ad80477436b42110507101caf16 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Fri, 23 May 2025 01:31:42 +1000 Subject: [PATCH 052/301] workflows/cachix: some more advanced waiting i hope this works i have no idea why git-crypt does this it also happens on local computers sometimes jalsdfjasoigrjoi --- .github/workflows/cachix.yml | 12 +++++++++++- flake.nix | 2 ++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/.github/workflows/cachix.yml b/.github/workflows/cachix.yml index fb6a2ef..6e0d877 100644 --- a/.github/workflows/cachix.yml +++ b/.github/workflows/cachix.yml @@ -18,7 +18,17 @@ jobs: GIT_CRYPT_KEY: ${{ secrets.GIT_CRYPT_KEY }} - name: Wait.. run: - sleep 20; + for s in {1..10}; do + nix eval .#checks.x86_64-linux.is_dirty; + if [ $? -eq 0 ]; then + break; + else + if [ $s -eq 10 ]; then + exit 1 + fi + sleep 5; + fi + done - uses: cachix/install-nix-action@v31 - uses: cachix/cachix-action@v14 with: diff --git a/flake.nix b/flake.nix index 98a4505..98ffdac 100644 --- a/flake.nix +++ b/flake.nix @@ -78,6 +78,8 @@ nixosConfigurations."hazel" = mkSystem nixpkgs-stable "hazel" "x86_64-linux" []; nixosConfigurations."hyacinth" = mkSystem nixpkgs "hyacinth" "x86_64-linux" []; + checks."x86_64-linux".is_dirty = if !(self ? rev) then throw "Dirty git tree detected." else self.rev; + packages."x86_64-linux" = let pkgs = import nixpkgs rec { From c2cf093a725365daceecac69a91d9404760e4a0b Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Fri, 23 May 2025 01:33:29 +1000 Subject: [PATCH 053/301] workflows/cachix: fix syntax --- .github/workflows/cachix.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/.github/workflows/cachix.yml b/.github/workflows/cachix.yml index 6e0d877..d2be2bf 100644 --- a/.github/workflows/cachix.yml +++ b/.github/workflows/cachix.yml @@ -22,12 +22,11 @@ jobs: nix eval .#checks.x86_64-linux.is_dirty; if [ $? -eq 0 ]; then break; - else - if [ $s -eq 10 ]; then - exit 1 + elif [ $s -eq 10 ]; then + exit 1; fi sleep 5; - fi + fi; done - uses: cachix/install-nix-action@v31 - uses: cachix/cachix-action@v14 From efb2a241180f0070244e51dbf497204b30b9a20b Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Fri, 23 May 2025 01:35:10 +1000 Subject: [PATCH 054/301] workflows/cachix: fix syntax again --- .github/workflows/cachix.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/cachix.yml b/.github/workflows/cachix.yml index d2be2bf..0d7fb00 100644 --- a/.github/workflows/cachix.yml +++ b/.github/workflows/cachix.yml @@ -23,10 +23,9 @@ jobs: if [ $? -eq 0 ]; then break; elif [ $s -eq 10 ]; then - exit 1; - fi - sleep 5; + exit 1; fi; + sleep 5; done - uses: cachix/install-nix-action@v31 - uses: cachix/cachix-action@v14 From 18b66630d0e88b9bef54fc9eaff5f842397304a7 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Fri, 23 May 2025 01:35:59 +1000 Subject: [PATCH 055/301] workflows/cachix: wait after nix is installed --- .github/workflows/cachix.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/cachix.yml b/.github/workflows/cachix.yml index 0d7fb00..b0bc057 100644 --- a/.github/workflows/cachix.yml +++ b/.github/workflows/cachix.yml @@ -16,6 +16,11 @@ jobs: uses: sliteteam/github-action-git-crypt-unlock@1.2.0 env: GIT_CRYPT_KEY: ${{ secrets.GIT_CRYPT_KEY }} + - uses: cachix/install-nix-action@v31 + - uses: cachix/cachix-action@v14 + with: + name: lava + authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' - name: Wait.. run: for s in {1..10}; do @@ -27,11 +32,6 @@ jobs: fi; sleep 5; done - - uses: cachix/install-nix-action@v31 - - uses: cachix/cachix-action@v14 - with: - name: lava - authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' - run: nix flake check --keep-going --verbose build: From 0f1271badb39214b534e15de936cc4d6b318bab8 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Sat, 24 May 2025 20:22:32 +1000 Subject: [PATCH 056/301] hyacinth/networking: update ip address --- hosts/hyacinth/networking.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hosts/hyacinth/networking.nix b/hosts/hyacinth/networking.nix index 7796639..696e98d 100644 --- a/hosts/hyacinth/networking.nix +++ b/hosts/hyacinth/networking.nix @@ -5,10 +5,10 @@ interfaces.enp5s0.useDHCP = false; interfaces.enp5s0.ipv4.addresses = [{ - address = "192.168.0.151"; + address = "192.168.1.201"; prefixLength = 24; }]; - defaultGateway = "192.168.0.1"; + defaultGateway = "192.168.1.1"; nameservers = [ "8.8.8.8" "8.8.4.4" ]; extraHosts = '' From a0053fe9ee21edc3e0c6be32348ef53ddb634ebd Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Mon, 26 May 2025 14:34:48 +1000 Subject: [PATCH 057/301] hyacinth/networking: enable wakeOnLan --- hosts/hyacinth/networking.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/hyacinth/networking.nix b/hosts/hyacinth/networking.nix index 696e98d..0f6035a 100644 --- a/hosts/hyacinth/networking.nix +++ b/hosts/hyacinth/networking.nix @@ -3,6 +3,7 @@ networking = { useDHCP = true; interfaces.enp5s0.useDHCP = false; + interfaces.enp5s0.wakeOnLan.enable = false; interfaces.enp5s0.ipv4.addresses = [{ address = "192.168.1.201"; From c66e8d73076346a798ab295642550ac3c3fad87d Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Mon, 26 May 2025 15:22:29 +1000 Subject: [PATCH 058/301] rin/packages: move cisco packet tracer to anemone --- hosts/anemone/default.nix | 2 ++ users/rin/packages.nix | 1 - 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/hosts/anemone/default.nix b/hosts/anemone/default.nix index dda36f5..d96253a 100644 --- a/hosts/anemone/default.nix +++ b/hosts/anemone/default.nix @@ -51,6 +51,8 @@ package = pkgs.wireshark; }; + environment.systemPackages = with pkgs; [ ciscoPacketTracer8 ]; + services.fprintd.enable = true; services.tlp.enable = true; } diff --git a/users/rin/packages.nix b/users/rin/packages.nix index 0860f4a..197e333 100644 --- a/users/rin/packages.nix +++ b/users/rin/packages.nix @@ -28,7 +28,6 @@ in { nodePackages_latest.pnpm ] ++ lib.optionals config.me.gui [ android-studio - ciscoPacketTracer8 drawio element-desktop eww From 071fad3bcbb67ab01364e9a55638b20f79ba31e4 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Mon, 26 May 2025 15:30:52 +1000 Subject: [PATCH 059/301] hosts/hyacinth: remove virtualisation and binfmt --- hosts/hyacinth/default.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/hosts/hyacinth/default.nix b/hosts/hyacinth/default.nix index c60951a..98b6f01 100644 --- a/hosts/hyacinth/default.nix +++ b/hosts/hyacinth/default.nix @@ -3,7 +3,6 @@ system.stateVersion = "21.11"; time.timeZone = "Australia/Melbourne"; - boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; nixpkgs.overlays = [ inputs.neovim-nightly.overlays.default ]; age.secrets = { passwd.file = ../../secrets/passwd.age; @@ -29,7 +28,6 @@ printing security snapper - virtualisation modules.services.syncthing From 3ead5d12c582b4aecb8e913fbaec123dc12b2caf Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Mon, 26 May 2025 17:22:24 +1000 Subject: [PATCH 060/301] hosts/hyacinth: enable wireguard --- hosts/hyacinth/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/hyacinth/default.nix b/hosts/hyacinth/default.nix index 98b6f01..326daad 100644 --- a/hosts/hyacinth/default.nix +++ b/hosts/hyacinth/default.nix @@ -28,6 +28,7 @@ printing security snapper + wireguard modules.services.syncthing From 83ac77b864644d423a40a40fd7d2a70dfc5e414f Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Mon, 26 May 2025 17:36:16 +1000 Subject: [PATCH 061/301] workflows/cachix: cd out and in, to hopefully fix git-crypt problem --- .github/workflows/cachix.yml | 14 +++----------- flake.nix | 2 -- 2 files changed, 3 insertions(+), 13 deletions(-) diff --git a/.github/workflows/cachix.yml b/.github/workflows/cachix.yml index b0bc057..aa9e67d 100644 --- a/.github/workflows/cachix.yml +++ b/.github/workflows/cachix.yml @@ -21,17 +21,9 @@ jobs: with: name: lava authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' - - name: Wait.. - run: - for s in {1..10}; do - nix eval .#checks.x86_64-linux.is_dirty; - if [ $? -eq 0 ]; then - break; - elif [ $s -eq 10 ]; then - exit 1; - fi; - sleep 5; - done + - run: + cd / + cd - - run: nix flake check --keep-going --verbose build: diff --git a/flake.nix b/flake.nix index 98ffdac..98a4505 100644 --- a/flake.nix +++ b/flake.nix @@ -78,8 +78,6 @@ nixosConfigurations."hazel" = mkSystem nixpkgs-stable "hazel" "x86_64-linux" []; nixosConfigurations."hyacinth" = mkSystem nixpkgs "hyacinth" "x86_64-linux" []; - checks."x86_64-linux".is_dirty = if !(self ? rev) then throw "Dirty git tree detected." else self.rev; - packages."x86_64-linux" = let pkgs = import nixpkgs rec { From e801f91435e811127f77f22d1d751ce93e0d07e6 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Sat, 31 May 2025 23:29:36 +1000 Subject: [PATCH 062/301] workflows/cachix: fix run command --- .github/workflows/cachix.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/cachix.yml b/.github/workflows/cachix.yml index aa9e67d..c8745d2 100644 --- a/.github/workflows/cachix.yml +++ b/.github/workflows/cachix.yml @@ -21,9 +21,9 @@ jobs: with: name: lava authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' - - run: - cd / - cd - + - run: | + cd / + cd - - run: nix flake check --keep-going --verbose build: From b04c649e537f4e39ac39e62d4620d2341ce90f99 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Sun, 29 Jun 2025 02:07:15 +0000 Subject: [PATCH 063/301] flake: bump inputs --- flake.lock | 138 ++++++++++++++++++++++++++--------------------------- 1 file changed, 69 insertions(+), 69 deletions(-) diff --git a/flake.lock b/flake.lock index e69dca7..fd30fae 100644 --- a/flake.lock +++ b/flake.lock @@ -6,11 +6,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1747604854, - "narHash": "sha256-hV6LbeBnXYlxaJ1t/CZQUM0U16mAT4F0WrvuxObJwDo=", + "lastModified": 1750597689, + "narHash": "sha256-3ComII0BkmdohISrshICQiAB6TU+VHHIRnWK0ckA0/s=", "owner": "ezKEa", "repo": "aagl-gtk-on-nix", - "rev": "c975050923763f4239a6f8a3a1c76125346b95f8", + "rev": "ec2ec4ec3f908ed9b125ea4afd52627bed60f183", "type": "github" }, "original": { @@ -29,11 +29,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1747575206, - "narHash": "sha256-NwmAFuDUO/PFcgaGGr4j3ozG9Pe5hZ/ogitWhY+D81k=", + "lastModified": 1750173260, + "narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=", "owner": "ryantm", "repo": "agenix", - "rev": "4835b1dc898959d8547a871ef484930675cb47f1", + "rev": "531beac616433bac6f9e2a19feb8e99a22a66baf", "type": "github" }, "original": { @@ -138,11 +138,11 @@ "fast-syntax-highlighting": { "flake": false, "locked": { - "lastModified": 1688591419, - "narHash": "sha256-RVX9ZSzjBW3LpFs2W86lKI6vtcvDWP6EPxzeTcRZua4=", + "lastModified": 1750837465, + "narHash": "sha256-9itq8Pq/+1Yflo7b31eHEVOFrbO9b1CAMr988xYyNLI=", "owner": "zdharma-continuum", "repo": "fast-syntax-highlighting", - "rev": "cf318e06a9b7c9f2219d78f41b46fa6e06011fd9", + "rev": "dcee72bb99b422bb8e4510f5087af9c1721392e4", "type": "github" }, "original": { @@ -154,11 +154,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1733328505, - "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", "owner": "edolstra", "repo": "flake-compat", - "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", "type": "github" }, "original": { @@ -207,11 +207,11 @@ ] }, "locked": { - "lastModified": 1743550720, - "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", + "lastModified": 1749398372, + "narHash": "sha256-tYBdgS56eXYaWVW3fsnPQ/nFlgWi/Z2Ymhyu21zVM98=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "c621e8422220273271f52058f618c94e405bb0f5", + "rev": "9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569", "type": "github" }, "original": { @@ -246,11 +246,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1743550720, - "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", + "lastModified": 1749398372, + "narHash": "sha256-tYBdgS56eXYaWVW3fsnPQ/nFlgWi/Z2Ymhyu21zVM98=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "c621e8422220273271f52058f618c94e405bb0f5", + "rev": "9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569", "type": "github" }, "original": { @@ -287,11 +287,11 @@ ] }, "locked": { - "lastModified": 1747372754, - "narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=", + "lastModified": 1750779888, + "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46", + "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d", "type": "github" }, "original": { @@ -331,11 +331,11 @@ ] }, "locked": { - "lastModified": 1747284884, - "narHash": "sha256-lTSKhRrassMcJ1ZsuUVunyl/F04vvCKY80HB/4rvvm4=", + "lastModified": 1748000383, + "narHash": "sha256-EaAJhwfJGBncgIV/0NlJviid2DP93cTMc9h0q6P6xXk=", "owner": "hercules-ci", "repo": "hercules-ci-effects", - "rev": "7168f6002a6b48a9b6151e1e97e974a0722ecfdc", + "rev": "231726642197817d20310b9d39dd4afb9e899489", "type": "github" }, "original": { @@ -394,11 +394,11 @@ ] }, "locked": { - "lastModified": 1747556831, - "narHash": "sha256-Qb84nbYFFk0DzFeqVoHltS2RodAYY5/HZQKE8WnBDsc=", + "lastModified": 1750792728, + "narHash": "sha256-Lh3dopA8DdY+ZoaAJPrtkZOZaFEJGSYjOdAYYgOPgE4=", "owner": "nix-community", "repo": "home-manager", - "rev": "d0bbd221482c2713cccb80220f3c9d16a6e20a33", + "rev": "366f00797b1efb70f2882d3da485e3c10fd3d557", "type": "github" }, "original": { @@ -436,11 +436,11 @@ ] }, "locked": { - "lastModified": 1747565775, - "narHash": "sha256-B6jmKHUEX1jxxcdoYHl7RVaeohtAVup8o3nuVkzkloA=", + "lastModified": 1751146119, + "narHash": "sha256-gvjG95TCnUVJkvQvLMlnC4NqiqFyBdJk3o8/RwuHeaU=", "owner": "nix-community", "repo": "home-manager", - "rev": "97118a310eb8e13bc1b9b12d67267e55b7bee6c8", + "rev": "76d0c31fce2aa0c71409de953e2f9113acd5b656", "type": "github" }, "original": { @@ -480,11 +480,11 @@ "linux-tkg": { "flake": false, "locked": { - "lastModified": 1747584459, - "narHash": "sha256-E07Co94EpSchJ5fwH/i8Hs7SyWIvrb8dYcVu0HVXbv4=", + "lastModified": 1751079238, + "narHash": "sha256-l6Ds5kCHrQi5WfJPc3+j8LhxYA5ADPxtW8wdKGr6mcI=", "owner": "Frogging-Family", "repo": "linux-tkg", - "rev": "be60339c0df7483b00d91e750e6742635e0a593a", + "rev": "25d48394a841195ed7d18306c227f72f814559db", "type": "github" }, "original": { @@ -506,11 +506,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1747554936, - "narHash": "sha256-LBFEVTt3JISA/HDHznJanvlNvKllNfILr1nfI8KZmVM=", + "lastModified": 1751116785, + "narHash": "sha256-r/BSxxQQGrBOLrYZK1H8lt5cu8ixj4Qhh72yFHvvQbc=", "owner": "nix-community", "repo": "neovim-nightly-overlay", - "rev": "5a732bf3edb47767a25c3b05436e4c21f91edf91", + "rev": "46f5c7d06d14d94d50310217a65f941dde17a5d8", "type": "github" }, "original": { @@ -522,11 +522,11 @@ "neovim-src": { "flake": false, "locked": { - "lastModified": 1747523215, - "narHash": "sha256-55RIMak4EwDaLdNTkM+4d3LjC90wlkNRaaG8DupK3AM=", + "lastModified": 1751062437, + "narHash": "sha256-AB1YNofZXobee7VojC0olhmWeKXch9IhCB3RWCgv8js=", "owner": "neovim", "repo": "neovim", - "rev": "5661f74ab2a6ef0c497ef2ea49bc58ea89b6ab6b", + "rev": "c75201697638f0c861d8fc4b9e2bcdba6b5a76d6", "type": "github" }, "original": { @@ -541,11 +541,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1747594704, - "narHash": "sha256-IAUIY96BaMM4o+BeMLcviBji/Xais7WfU5TIPjgPEEQ=", + "lastModified": 1751162718, + "narHash": "sha256-aSr/wDR+8Uo2Gr6VQoktqV7kk8rZMzPRJSprCriQDRg=", "owner": "fufexan", "repo": "nix-gaming", - "rev": "1c04e472eafbd37d82af17769d45932e39b37b76", + "rev": "2a720fd2db187100b04554f9ed28410128d5157a", "type": "github" }, "original": { @@ -556,11 +556,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1745930157, - "narHash": "sha256-y3h3NLnzRSiUkYpnfvnS669zWZLoqqI6NprtLQ+5dck=", + "lastModified": 1748460289, + "narHash": "sha256-7doLyJBzCllvqX4gszYtmZUToxKvMUrg45EUWaUYmBg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "46e634be05ce9dc6d4db8e664515ba10b78151ae", + "rev": "96ec055edbe5ee227f28cdbc3f1ddf1df5965102", "type": "github" }, "original": { @@ -572,11 +572,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1743296961, - "narHash": "sha256-b1EdN3cULCqtorQ4QeWgLMrd5ZGOjLSLemfa00heasc=", + "lastModified": 1748740939, + "narHash": "sha256-rQaysilft1aVMwF14xIdGS3sj1yHlI6oKQNBRTF40cc=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "e4822aea2a6d1cdd36653c134cacfd64c97ff4fa", + "rev": "656a64127e9d791a334452c6b6606d17539476e2", "type": "github" }, "original": { @@ -603,11 +603,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1747647032, - "narHash": "sha256-gkWAK0I1k2Y0y8KOvXC6S0uBaduOguLs1Pxn5DpWwYc=", + "lastModified": 1751150243, + "narHash": "sha256-Qjrzrdxe/qq0FQVGR0vT52LgW1mtL5I0C4TjWKSsDfc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "dae513c187abfe679f67b99a6e256fbe8c3f79d0", + "rev": "dca05f7a67a1fb122d1f37274f7d41da9dd95573", "type": "github" }, "original": { @@ -619,11 +619,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1747426788, - "narHash": "sha256-N4cp0asTsJCnRMFZ/k19V9akkxb7J/opG+K+jU57JGc=", + "lastModified": 1750994206, + "narHash": "sha256-3u6rEbIX9CN/5A5/mc3u0wIO1geZ0EhjvPBXmRDHqWM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "12a55407652e04dcf2309436eb06fef0d3713ef3", + "rev": "80d50fc87924c2a0d346372d242c27973cf8cdbf", "type": "github" }, "original": { @@ -635,11 +635,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1747542820, - "narHash": "sha256-GaOZntlJ6gPPbbkTLjbd8BMWaDYafhuuYRNrxCGnPJw=", + "lastModified": 1751011381, + "narHash": "sha256-krGXKxvkBhnrSC/kGBmg5MyupUUT5R6IBCLEzx9jhMM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "292fa7d4f6519c074f0a50394dbbe69859bb6043", + "rev": "30e2e2857ba47844aa71991daa6ed1fc678bcbb7", "type": "github" }, "original": { @@ -675,11 +675,11 @@ "nvim-treesitter": { "flake": false, "locked": { - "lastModified": 1747068210, - "narHash": "sha256-bYbwIVii2mxFyro91ogCVLkIyrMNP4QJRSGNVcZPVEU=", + "lastModified": 1748094813, + "narHash": "sha256-CVs9FTdg3oKtRjz2YqwkMr0W5qYLGfVyxyhE3qnGYbI=", "owner": "nvim-treesitter", "repo": "nvim-treesitter", - "rev": "066fd6505377e3fd4aa219e61ce94c2b8bdb0b79", + "rev": "42fc28ba918343ebfd5565147a42a26580579482", "type": "github" }, "original": { @@ -738,11 +738,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1747607404, - "narHash": "sha256-xj2Ji+rE+oYjf0BsTDT7K/StnYuZQK9MTbX8U1DUcC0=", + "lastModified": 1750567035, + "narHash": "sha256-GVNXxMZynKZt+83QQQEVXscqtkJbScvaBrwianovUW4=", "owner": "Gerg-L", "repo": "spicetify-nix", - "rev": "8c1be0e5e9a7f35ccd6f7b10bcfa08f2734dad91", + "rev": "e32285f5d1dfc184b039a813644e226c3914e7d7", "type": "github" }, "original": { @@ -770,11 +770,11 @@ "stevenblack-hosts": { "flake": false, "locked": { - "lastModified": 1747792192, - "narHash": "sha256-HeWotX8CVc3vDlvAGq99FaeAT9JRSWtx4N/NhtjPwtg=", + "lastModified": 1750903025, + "narHash": "sha256-zpMyirfb+94mEVj7IUvT8iAWtg2v6uwKYXkftZfldiA=", "owner": "StevenBlack", "repo": "hosts", - "rev": "dbdcb032706dfe548745266218501afa93c14ad5", + "rev": "3ba25afdbea34239c4925285a2ac3379c760b181", "type": "github" }, "original": { @@ -852,11 +852,11 @@ ] }, "locked": { - "lastModified": 1747469671, - "narHash": "sha256-bo1ptiFoNqm6m1B2iAhJmWCBmqveLVvxom6xKmtuzjg=", + "lastModified": 1750931469, + "narHash": "sha256-0IEdQB1nS+uViQw4k3VGUXntjkDp7aAlqcxdewb/hAc=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "ab0378b61b0d85e73a8ab05d5c6029b5bd58c9fb", + "rev": "ac8e6f32e11e9c7f153823abc3ab007f2a65d3e1", "type": "github" }, "original": { From 38e624851b0995482a15530f1559a2d08487b23d Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Sun, 29 Jun 2025 02:07:17 +0000 Subject: [PATCH 064/301] packages/linux-lava: bump to 6.15.4 --- packages/linux-lava/sources.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/linux-lava/sources.nix b/packages/linux-lava/sources.nix index 903fe81..48478d5 100644 --- a/packages/linux-lava/sources.nix +++ b/packages/linux-lava/sources.nix @@ -1,8 +1,8 @@ { fetchFromGitHub, inputs, lib }: let - version = "6.14.7"; - kernelHash = "0w3nqh02vl8f2wsx3fmsvw1pdsnjs5zfqcmv2w2vnqdiwy1vd552"; - kernelPatchHash = "05a5srmb27gqyv49mxy3rmlxgiinacwbyzmig1hk313m0wl88av3"; + version = "6.15.4"; + kernelHash = "0r4ppfd5kwvj24bjig92hxa18lmjgy9gqvh5qknfffw08wjrd1km"; + kernelPatchHash = "0babwlbmjxh9sv2qnh6s5d06965gdbk7v5dmaq7428sps9dyvmb4"; mm = lib.versions.majorMinor version; hasPatch = (builtins.length (builtins.splitVersion version)) == 3; From 72eca4fb05fc9e840b6654d5fbe07dd061819c8a Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Tue, 17 Jun 2025 18:34:50 +1000 Subject: [PATCH 065/301] packages/linux-lava: remove deleted patch, and switch to bore --- packages/linux-lava/default.nix | 4 ++++ packages/linux-lava/sources.nix | 3 +-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/packages/linux-lava/default.nix b/packages/linux-lava/default.nix index 0287a51..aa288f5 100644 --- a/packages/linux-lava/default.nix +++ b/packages/linux-lava/default.nix @@ -56,6 +56,10 @@ let INIT_STACK_ALL_ZERO = yes; INIT_STACK_NONE = no; + # bore + SCHED_BORE = yes; + MIN_BASE_SLICE_NS = freeform "2000000"; + # tickless timers HZ_PERIODIC = no; NO_HZ = yes; diff --git a/packages/linux-lava/sources.nix b/packages/linux-lava/sources.nix index 48478d5..d9a2cbb 100644 --- a/packages/linux-lava/sources.nix +++ b/packages/linux-lava/sources.nix @@ -9,9 +9,8 @@ let tkgPatches = [ "0002-clear-patches" "0003-glitched-base" - "0003-glitched-eevdf-additions" + "0001-bore" "0003-glitched-cfs" - "0007-v${mm}-fsync_legacy_via_futex_waitv" "0012-misc-additions" ]; From 718de94655df6d39e0040381161cb59e938168f0 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Tue, 17 Jun 2025 19:59:37 +1000 Subject: [PATCH 066/301] system/base: fix locale --- modules/system/base.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/system/base.nix b/modules/system/base.nix index 518baee..36c9993 100644 --- a/modules/system/base.nix +++ b/modules/system/base.nix @@ -11,7 +11,8 @@ environment.pathsToLink = [ "/share/zsh" ]; i18n.defaultLocale = "en_AU.UTF-8"; - i18n.extraLocales = [ "en_GB.UTF-8" ]; + i18n.extraLocales = [ "en_GB.UTF-8/UTF-8" ]; + users.mutableUsers = false; system = { From ea07a839ae8f5bb5751a55c17e325cb90ba237ff Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Tue, 17 Jun 2025 21:20:20 +1000 Subject: [PATCH 067/301] packages/spotify-adblock: update cargo hash --- packages/spotify-adblock/0001-cargo.patch | 141 ---------------------- packages/spotify-adblock/default.nix | 2 +- 2 files changed, 1 insertion(+), 142 deletions(-) delete mode 100644 packages/spotify-adblock/0001-cargo.patch diff --git a/packages/spotify-adblock/0001-cargo.patch b/packages/spotify-adblock/0001-cargo.patch deleted file mode 100644 index 84031b5..0000000 --- a/packages/spotify-adblock/0001-cargo.patch +++ /dev/null @@ -1,141 +0,0 @@ -From 002a25dd56233d599adda61b298d612a46267407 Mon Sep 17 00:00:00 2001 -From: LavaDesu -Date: Tue, 14 Sep 2021 08:34:05 +0700 -Subject: [PATCH] cargo - ---- - Cargo.lock | 122 +++++++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 122 insertions(+) - create mode 100644 Cargo.lock - -diff --git a/Cargo.lock b/Cargo.lock -new file mode 100644 -index 00000000000..b952e17ca90 ---- /dev/null -+++ b/Cargo.lock -@@ -0,0 +1,122 @@ -+# This file is automatically @generated by Cargo. -+# It is not intended for manual editing. -+version = 3 -+ -+[[package]] -+name = "aho-corasick" -+version = "0.7.18" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "1e37cfd5e7657ada45f742d6e99ca5788580b5c529dc78faf11ece6dc702656f" -+dependencies = [ -+ "memchr", -+] -+ -+[[package]] -+name = "lazy_static" -+version = "1.4.0" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" -+ -+[[package]] -+name = "libc" -+version = "0.2.101" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "3cb00336871be5ed2c8ed44b60ae9959dc5b9f08539422ed43f09e34ecaeba21" -+ -+[[package]] -+name = "memchr" -+version = "2.4.1" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "308cc39be01b73d0d18f82a0e7b2a3df85245f84af96fdddc5d202d27e47b86a" -+ -+[[package]] -+name = "proc-macro2" -+version = "1.0.29" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "b9f5105d4fdaab20335ca9565e106a5d9b82b6219b5ba735731124ac6711d23d" -+dependencies = [ -+ "unicode-xid", -+] -+ -+[[package]] -+name = "quote" -+version = "1.0.9" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "c3d0b9745dc2debf507c8422de05d7226cc1f0644216dfdfead988f9b1ab32a7" -+dependencies = [ -+ "proc-macro2", -+] -+ -+[[package]] -+name = "regex" -+version = "1.5.4" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "d07a8629359eb56f1e2fb1652bb04212c072a87ba68546a04065d525673ac461" -+dependencies = [ -+ "aho-corasick", -+ "memchr", -+ "regex-syntax", -+] -+ -+[[package]] -+name = "regex-syntax" -+version = "0.6.25" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "f497285884f3fcff424ffc933e56d7cbca511def0c9831a7f9b5f6153e3cc89b" -+ -+[[package]] -+name = "serde" -+version = "1.0.130" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "f12d06de37cf59146fbdecab66aa99f9fe4f78722e3607577a5375d66bd0c913" -+dependencies = [ -+ "serde_derive", -+] -+ -+[[package]] -+name = "serde_derive" -+version = "1.0.130" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "d7bc1a1ab1961464eae040d96713baa5a724a8152c1222492465b54322ec508b" -+dependencies = [ -+ "proc-macro2", -+ "quote", -+ "syn", -+] -+ -+[[package]] -+name = "spotify-adblock" -+version = "1.0.0" -+dependencies = [ -+ "lazy_static", -+ "libc", -+ "regex", -+ "serde", -+ "toml", -+] -+ -+[[package]] -+name = "syn" -+version = "1.0.76" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "c6f107db402c2c2055242dbf4d2af0e69197202e9faacbef9571bbe47f5a1b84" -+dependencies = [ -+ "proc-macro2", -+ "quote", -+ "unicode-xid", -+] -+ -+[[package]] -+name = "toml" -+version = "0.5.8" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "a31142970826733df8241ef35dc040ef98c679ab14d7c3e54d827099b3acecaa" -+dependencies = [ -+ "serde", -+] -+ -+[[package]] -+name = "unicode-xid" -+version = "0.2.2" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "8ccb82d61f80a663efe1f787a51b16b5a51e3314d6ac365b08639f52387b33f3" --- -2.32.0 - diff --git a/packages/spotify-adblock/default.nix b/packages/spotify-adblock/default.nix index 89161f0..57992de 100644 --- a/packages/spotify-adblock/default.nix +++ b/packages/spotify-adblock/default.nix @@ -7,7 +7,7 @@ rustPlatform.buildRustPackage { version = "1.0"; src = inputs.spotify-adblock; - cargoHash = "sha256-yxumYGAMObgl1u6GlbEQOKOn1DWxXN8bbT7BjiWT96o="; + cargoHash = "sha256-oGpe+kBf6kBboyx/YfbQBt1vvjtXd1n2pOH6FNcbF8M="; patches = [ ./0002-allow-setting-config-from-environment-variable.patch ]; From 0b138f3148b806af5cea97e6ccc3ef19853d57ed Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 17 Jul 2025 02:03:35 +0000 Subject: [PATCH 068/301] flake: bump inputs --- flake.lock | 116 ++++++++++++++++++++++++++--------------------------- 1 file changed, 58 insertions(+), 58 deletions(-) diff --git a/flake.lock b/flake.lock index fd30fae..f277760 100644 --- a/flake.lock +++ b/flake.lock @@ -138,11 +138,11 @@ "fast-syntax-highlighting": { "flake": false, "locked": { - "lastModified": 1750837465, - "narHash": "sha256-9itq8Pq/+1Yflo7b31eHEVOFrbO9b1CAMr988xYyNLI=", + "lastModified": 1752660993, + "narHash": "sha256-ZihUL4JAVk9V+IELSakytlb24BvEEJ161CQEHZYYoSA=", "owner": "zdharma-continuum", "repo": "fast-syntax-highlighting", - "rev": "dcee72bb99b422bb8e4510f5087af9c1721392e4", + "rev": "3d574ccf48804b10dca52625df13da5edae7f553", "type": "github" }, "original": { @@ -207,11 +207,11 @@ ] }, "locked": { - "lastModified": 1749398372, - "narHash": "sha256-tYBdgS56eXYaWVW3fsnPQ/nFlgWi/Z2Ymhyu21zVM98=", + "lastModified": 1751413152, + "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569", + "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5", "type": "github" }, "original": { @@ -229,11 +229,11 @@ ] }, "locked": { - "lastModified": 1743550720, - "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", + "lastModified": 1751413152, + "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "c621e8422220273271f52058f618c94e405bb0f5", + "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5", "type": "github" }, "original": { @@ -246,11 +246,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1749398372, - "narHash": "sha256-tYBdgS56eXYaWVW3fsnPQ/nFlgWi/Z2Ymhyu21zVM98=", + "lastModified": 1751413152, + "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569", + "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5", "type": "github" }, "original": { @@ -331,11 +331,11 @@ ] }, "locked": { - "lastModified": 1748000383, - "narHash": "sha256-EaAJhwfJGBncgIV/0NlJviid2DP93cTMc9h0q6P6xXk=", + "lastModified": 1752595130, + "narHash": "sha256-CNBgr4OZSuklGtNOa9CnTNo9+Xceqn/EDAC1Tc43fH8=", "owner": "hercules-ci", "repo": "hercules-ci-effects", - "rev": "231726642197817d20310b9d39dd4afb9e899489", + "rev": "5f2e09654b2e70ba643e41609d9f9b6640f22113", "type": "github" }, "original": { @@ -394,11 +394,11 @@ ] }, "locked": { - "lastModified": 1750792728, - "narHash": "sha256-Lh3dopA8DdY+ZoaAJPrtkZOZaFEJGSYjOdAYYgOPgE4=", + "lastModified": 1752544374, + "narHash": "sha256-ReX0NG6nIAEtQQjLqeu1vUU2jjZuMlpymNtb4VQYeus=", "owner": "nix-community", "repo": "home-manager", - "rev": "366f00797b1efb70f2882d3da485e3c10fd3d557", + "rev": "2e00ed310c218127e02ffcf28ddd4e0f669fde3e", "type": "github" }, "original": { @@ -436,11 +436,11 @@ ] }, "locked": { - "lastModified": 1751146119, - "narHash": "sha256-gvjG95TCnUVJkvQvLMlnC4NqiqFyBdJk3o8/RwuHeaU=", + "lastModified": 1752603129, + "narHash": "sha256-S+wmHhwNQ5Ru689L2Gu8n1OD6s9eU9n9mD827JNR+kw=", "owner": "nix-community", "repo": "home-manager", - "rev": "76d0c31fce2aa0c71409de953e2f9113acd5b656", + "rev": "e8c19a3cec2814c754f031ab3ae7316b64da085b", "type": "github" }, "original": { @@ -480,11 +480,11 @@ "linux-tkg": { "flake": false, "locked": { - "lastModified": 1751079238, - "narHash": "sha256-l6Ds5kCHrQi5WfJPc3+j8LhxYA5ADPxtW8wdKGr6mcI=", + "lastModified": 1752695267, + "narHash": "sha256-KzMPl+ZmP5yI5HhatqCy1O2S0tqclANjfTV2X06ojz8=", "owner": "Frogging-Family", "repo": "linux-tkg", - "rev": "25d48394a841195ed7d18306c227f72f814559db", + "rev": "4182e62eab63a197b2cf6de9bb118658e954d196", "type": "github" }, "original": { @@ -506,11 +506,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1751116785, - "narHash": "sha256-r/BSxxQQGrBOLrYZK1H8lt5cu8ixj4Qhh72yFHvvQbc=", + "lastModified": 1752684829, + "narHash": "sha256-thWm3+ZDnnWK65bR6UmxZQMHpYqf65kfh0vEIr4+nLU=", "owner": "nix-community", "repo": "neovim-nightly-overlay", - "rev": "46f5c7d06d14d94d50310217a65f941dde17a5d8", + "rev": "c4046ad801abcc7576f0cf71944410d3690ecc50", "type": "github" }, "original": { @@ -522,11 +522,11 @@ "neovim-src": { "flake": false, "locked": { - "lastModified": 1751062437, - "narHash": "sha256-AB1YNofZXobee7VojC0olhmWeKXch9IhCB3RWCgv8js=", + "lastModified": 1752617716, + "narHash": "sha256-Qths6FmwFQVcE/ZtNuGMixa+5vlvYpXVkB0RoUa1pJk=", "owner": "neovim", "repo": "neovim", - "rev": "c75201697638f0c861d8fc4b9e2bcdba6b5a76d6", + "rev": "9789a3b854d7f670dd231bdffe1bce0098509539", "type": "github" }, "original": { @@ -541,11 +541,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1751162718, - "narHash": "sha256-aSr/wDR+8Uo2Gr6VQoktqV7kk8rZMzPRJSprCriQDRg=", + "lastModified": 1752631802, + "narHash": "sha256-t65TV28ZatEKVyFoTmExQgb8LECvrj/3Wuogn5PxfYI=", "owner": "fufexan", "repo": "nix-gaming", - "rev": "2a720fd2db187100b04554f9ed28410128d5157a", + "rev": "b8834a847dee8875e06e218830f33a3486f0185e", "type": "github" }, "original": { @@ -572,11 +572,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1748740939, - "narHash": "sha256-rQaysilft1aVMwF14xIdGS3sj1yHlI6oKQNBRTF40cc=", + "lastModified": 1751159883, + "narHash": "sha256-urW/Ylk9FIfvXfliA1ywh75yszAbiTEVgpPeinFyVZo=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "656a64127e9d791a334452c6b6606d17539476e2", + "rev": "14a40a1d7fb9afa4739275ac642ed7301a9ba1ab", "type": "github" }, "original": { @@ -603,11 +603,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1751150243, - "narHash": "sha256-Qjrzrdxe/qq0FQVGR0vT52LgW1mtL5I0C4TjWKSsDfc=", + "lastModified": 1752710483, + "narHash": "sha256-lPwVWOD2OMf7X2T6Umh2gm5NfNz3AcobcPbCnB4r9g4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "dca05f7a67a1fb122d1f37274f7d41da9dd95573", + "rev": "cd4d0287ee12705c5e2890141809d252cd26c6e6", "type": "github" }, "original": { @@ -619,11 +619,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1750994206, - "narHash": "sha256-3u6rEbIX9CN/5A5/mc3u0wIO1geZ0EhjvPBXmRDHqWM=", + "lastModified": 1752012998, + "narHash": "sha256-Q82Ms+FQmgOBkdoSVm+FBpuFoeUAffNerR5yVV7SgT8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "80d50fc87924c2a0d346372d242c27973cf8cdbf", + "rev": "2a2130494ad647f953593c4e84ea4df839fbd68c", "type": "github" }, "original": { @@ -635,11 +635,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1751011381, - "narHash": "sha256-krGXKxvkBhnrSC/kGBmg5MyupUUT5R6IBCLEzx9jhMM=", + "lastModified": 1752480373, + "narHash": "sha256-JHQbm+OcGp32wAsXTE/FLYGNpb+4GLi5oTvCxwSoBOA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "30e2e2857ba47844aa71991daa6ed1fc678bcbb7", + "rev": "62e0f05ede1da0d54515d4ea8ce9c733f12d9f08", "type": "github" }, "original": { @@ -738,11 +738,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1750567035, - "narHash": "sha256-GVNXxMZynKZt+83QQQEVXscqtkJbScvaBrwianovUW4=", + "lastModified": 1752381641, + "narHash": "sha256-R2iDZb94RosuCeuIukacZVVXxzWYr4jn/QI/ax15nW8=", "owner": "Gerg-L", "repo": "spicetify-nix", - "rev": "e32285f5d1dfc184b039a813644e226c3914e7d7", + "rev": "8f9fd947c52aa6adb6bafe72516eccf186708954", "type": "github" }, "original": { @@ -770,11 +770,11 @@ "stevenblack-hosts": { "flake": false, "locked": { - "lastModified": 1750903025, - "narHash": "sha256-zpMyirfb+94mEVj7IUvT8iAWtg2v6uwKYXkftZfldiA=", + "lastModified": 1752716696, + "narHash": "sha256-L6dHdZQJvfooem2TQtalnxuYxJKbm05xs/5YN/bnlSA=", "owner": "StevenBlack", "repo": "hosts", - "rev": "3ba25afdbea34239c4925285a2ac3379c760b181", + "rev": "9db4bfd5a227f7fc9184898baece641591f3896c", "type": "github" }, "original": { @@ -852,11 +852,11 @@ ] }, "locked": { - "lastModified": 1750931469, - "narHash": "sha256-0IEdQB1nS+uViQw4k3VGUXntjkDp7aAlqcxdewb/hAc=", + "lastModified": 1752055615, + "narHash": "sha256-19m7P4O/Aw/6+CzncWMAJu89JaKeMh3aMle1CNQSIwM=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "ac8e6f32e11e9c7f153823abc3ab007f2a65d3e1", + "rev": "c9d477b5d5bd7f26adddd3f96cfd6a904768d4f9", "type": "github" }, "original": { @@ -901,11 +901,11 @@ "zsh-abbr": { "flake": false, "locked": { - "lastModified": 1740172038, - "narHash": "sha256-idwCtAwXa7qNZlKE8KdS9cUgEOCSdf6tec0YuXINcl8=", + "lastModified": 1752017132, + "narHash": "sha256-jumrUkz8L2UETKSipcDPkjstrPsHx4cwPH9sOXKnd0k=", "ref": "refs/heads/main", - "rev": "f9e43d78110db0a8bf8ec75ca5b101a06b1d5ce8", - "revCount": 1041, + "rev": "1e97c6fcc680186f32791cb7c51e95808d7c7c1b", + "revCount": 1058, "submodules": true, "type": "git", "url": "https://github.com/olets/zsh-abbr" From b05012d8c95989ead574eeb22d41d61f95b40115 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 17 Jul 2025 02:03:38 +0000 Subject: [PATCH 069/301] packages/linux-lava: bump to 6.15.6 --- packages/linux-lava/sources.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/linux-lava/sources.nix b/packages/linux-lava/sources.nix index d9a2cbb..a245f79 100644 --- a/packages/linux-lava/sources.nix +++ b/packages/linux-lava/sources.nix @@ -1,8 +1,8 @@ { fetchFromGitHub, inputs, lib }: let - version = "6.15.4"; + version = "6.15.6"; kernelHash = "0r4ppfd5kwvj24bjig92hxa18lmjgy9gqvh5qknfffw08wjrd1km"; - kernelPatchHash = "0babwlbmjxh9sv2qnh6s5d06965gdbk7v5dmaq7428sps9dyvmb4"; + kernelPatchHash = "1cc7y3llnf50fb0vqa4689hybfgpyzd93s2w3lxyaxbpvll71snv"; mm = lib.versions.majorMinor version; hasPatch = (builtins.length (builtins.splitVersion version)) == 3; From c556f63ebe59bf7a52c4beffa06857c0f25a7521 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Thu, 17 Jul 2025 17:41:55 +1000 Subject: [PATCH 070/301] user/spicetify: remove skipStats extension --- modules/user/spicetify.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/user/spicetify.nix b/modules/user/spicetify.nix index 6249895..ec854c4 100644 --- a/modules/user/spicetify.nix +++ b/modules/user/spicetify.nix @@ -40,7 +40,6 @@ in shuffle hidePodcasts - skipStats songStats history volumePercentage From 09830a0aa8e4ba784b7c6fd2d6676c9eede03d16 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Thu, 17 Jul 2025 17:42:43 +1000 Subject: [PATCH 071/301] user/neovim: setup tex --- modules/user/neovim.nix | 2 ++ res/config.lua | 2 +- users/rin/packages.nix | 2 ++ 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/modules/user/neovim.nix b/modules/user/neovim.nix index cc01311..1949d2f 100644 --- a/modules/user/neovim.nix +++ b/modules/user/neovim.nix @@ -35,6 +35,7 @@ in { plenary-nvim tokyonight-nvim vim-fugitive + vim-latex-live-preview vim-nix vim-repeat vim-signify @@ -61,6 +62,7 @@ in { tree-sitter-javascript tree-sitter-json tree-sitter-kotlin + tree-sitter-latex tree-sitter-lua tree-sitter-markdown tree-sitter-nix diff --git a/res/config.lua b/res/config.lua index 7899bda..10d2ec1 100644 --- a/res/config.lua +++ b/res/config.lua @@ -139,7 +139,7 @@ local capabilities = vim.lsp.protocol.make_client_capabilities() capabilities.textDocument.completion.completionItem.snippetSupport = true capabilities = require('cmp_nvim_lsp').default_capabilities(capabilities) -local servers = { 'cssls', 'html', 'nil_ls', 'ts_ls', 'yamlls' } +local servers = { 'cssls', 'html', 'nil_ls', 'texlab', 'ts_ls', 'yamlls' } for _, lsp in ipairs(servers) do nvim_lsp[lsp].setup { capabilities = capabilities, diff --git a/users/rin/packages.nix b/users/rin/packages.nix index 197e333..2299028 100644 --- a/users/rin/packages.nix +++ b/users/rin/packages.nix @@ -30,6 +30,7 @@ in { android-studio drawio element-desktop + evince eww feh file-roller @@ -55,6 +56,7 @@ in { slurp swaybg (tetrio-desktop.override { withTetrioPlus = true; }) + texliveFull tor-browser-bundle-bin transmission-remote-gtk vesktop From 843aacb6d308ef709d289e9fb8555e5d7334a356 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Thu, 17 Jul 2025 17:49:13 +1000 Subject: [PATCH 072/301] hosts/anemone: remove cisco packet tracer uses an old insecure library. also cpt is cursed --- hosts/anemone/default.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/hosts/anemone/default.nix b/hosts/anemone/default.nix index d96253a..dda36f5 100644 --- a/hosts/anemone/default.nix +++ b/hosts/anemone/default.nix @@ -51,8 +51,6 @@ package = pkgs.wireshark; }; - environment.systemPackages = with pkgs; [ ciscoPacketTracer8 ]; - services.fprintd.enable = true; services.tlp.enable = true; } From 92a7023ba0609517b61c9e309e9a6daa6aadec1d Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Thu, 17 Jul 2025 18:06:16 +1000 Subject: [PATCH 073/301] overlays/oci-cli: remove, patch merged --- overlays/default.nix | 1 - overlays/oci-cli.nix | 5 ----- overlays/patches/oci.patch | 30 ------------------------------ 3 files changed, 36 deletions(-) delete mode 100644 overlays/oci-cli.nix delete mode 100644 overlays/patches/oci.patch diff --git a/overlays/default.nix b/overlays/default.nix index 220fd11..752a2c8 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -5,7 +5,6 @@ builtins.map (path: import path) [ ./ccache.nix ./eww.nix ./material-icons.nix - ./oci-cli.nix ./steam.nix ./utillinux.nix ./wpa-supplicant.nix diff --git a/overlays/oci-cli.nix b/overlays/oci-cli.nix deleted file mode 100644 index 78a8a23..0000000 --- a/overlays/oci-cli.nix +++ /dev/null @@ -1,5 +0,0 @@ -self: super: { - oci-cli = super.oci-cli.overrideAttrs(o: { - patches = (o.patches or []) ++ [ ./patches/oci.patch ]; - }); -} diff --git a/overlays/patches/oci.patch b/overlays/patches/oci.patch deleted file mode 100644 index bdc80f7..0000000 --- a/overlays/patches/oci.patch +++ /dev/null @@ -1,30 +0,0 @@ -diff --git a/services/core/src/oci_cli_virtual_network/virtualnetwork_cli_extended.py b/services/core/src/oci_cli_virtual_network/virtualnetwork_cli_extended.py -index 44562fd9780..ae426944a47 100644 ---- a/services/core/src/oci_cli_virtual_network/virtualnetwork_cli_extended.py -+++ b/services/core/src/oci_cli_virtual_network/virtualnetwork_cli_extended.py -@@ -285,13 +285,13 @@ def unassign_private_ip(ctx, from_json, vnic_id, ip_address): - click.echo('Unassigned IP address {} from VNIC {}'.format(ip_address, vnic_id), err=True) - - --@cli_util.copy_params_from_generated_command(virtualnetwork_cli.create_ipv6, params_to_exclude=['wait_for_state', 'max_wait_seconds', 'wait_interval_seconds']) -+@cli_util.copy_params_from_generated_command(virtualnetwork_cli.create_ipv6, params_to_exclude=['wait_for_state', 'max_wait_seconds', 'wait_interval_seconds', 'subnet_id']) - @virtualnetwork_cli.vnic_group.command(name='assign-ipv6', help=virtualnetwork_cli.create_ipv6.help) - @cli_util.option('--unassign-if-already-assigned', is_flag=True, default=False, help="""Force reassignment of the IP address if it's already assigned to another VNIC in the subnet. This is only relevant if an IP address is associated with this command.""") - @click.pass_context - @json_skeleton_utils.json_skeleton_generation_handler(input_params_to_complex_types={'defined-tags': {'module': 'core', 'class': 'dict(str, dict(str, object))'}, 'freeform-tags': {'module': 'core', 'class': 'dict(str, string)'}}, output_type={'module': 'core', 'class': 'PrivateIp'}) - @cli_util.wrap_exceptions --def assign_ipv6(ctx, from_json, vnic_id, defined_tags, display_name, freeform_tags, ip_address, unassign_if_already_assigned, ipv6_subnet_cidr, route_table_id): -+def assign_ipv6(ctx, from_json, vnic_id, defined_tags, display_name, freeform_tags, ip_address, unassign_if_already_assigned, ipv6_subnet_cidr, route_table_id, lifetime): - networking_client = cli_util.build_client('core', 'virtual_network', ctx) - - # First we get the VNIC because we need to know the subnet OCID for the ListIpv6s call -@@ -348,6 +348,9 @@ def assign_ipv6(ctx, from_json, vnic_id, defined_tags, display_name, freeform_ta - if route_table_id is not None: - assign_ip_request_body['routeTableId'] = route_table_id - -+ if lifetime is not None: -+ assign_ip_request_body['lifetime'] = lifetime -+ - # If we are here then either the IP address does not exist or it is a candidate to be moved - if not is_ip_reassignment: - if ip_address is not None: From ed43feb5b61ab4ff70a0cc850337e5cf7411b080 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Thu, 17 Jul 2025 19:39:10 +1000 Subject: [PATCH 074/301] overlays/android-studio: remove --- overlays/android-studio.nix | 27 --------------------------- overlays/default.nix | 1 - 2 files changed, 28 deletions(-) delete mode 100644 overlays/android-studio.nix diff --git a/overlays/android-studio.nix b/overlays/android-studio.nix deleted file mode 100644 index ef9ca5e..0000000 --- a/overlays/android-studio.nix +++ /dev/null @@ -1,27 +0,0 @@ -self: { bash, buildFHSEnv, cacert, ncurses5, runCommand, ... } @ super: -let - drvName = super.android-studio.name; - fhsEnv = buildFHSEnv { - name = "${drvName}-fhs-env"; - # google's analytics calls jdk's getOperatingSystemMXBean which tries to parse cgroups and ultimately fails for whatever reason with an npe - unshareCgroup = false; - multiPkgs = pkgs: [ - ncurses5 - - (runCommand "fedoracert" {} - '' - mkdir -p $out/etc/pki/tls/ - ln -s ${cacert}/etc/ssl/certs $out/etc/pki/tls/certs - '') - ]; - }; - - startScript = '' - #!${bash}/bin/bash - ${fhsEnv}/bin/${drvName}-fhs-env ${super.android-studio.passthru.unwrapped}/bin/studio.sh "$@" - ''; -in { - android-studio-patched = super.android-studio.overrideAttrs(_: { - inherit startScript; - }); -} diff --git a/overlays/default.nix b/overlays/default.nix index 752a2c8..31648cc 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -1,5 +1,4 @@ builtins.map (path: import path) [ - ./android-studio.nix ./bitwarden-desktop.nix ./cascadia-code.nix ./ccache.nix From cc066cd0f01d7cd4a9506f924c58e8d0b2011200 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Sat, 19 Jul 2025 21:33:30 +1000 Subject: [PATCH 075/301] flake: bump inputs --- flake.lock | 54 +++++++++++++++++++++++++++--------------------------- 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/flake.lock b/flake.lock index f277760..6935a8b 100644 --- a/flake.lock +++ b/flake.lock @@ -394,11 +394,11 @@ ] }, "locked": { - "lastModified": 1752544374, - "narHash": "sha256-ReX0NG6nIAEtQQjLqeu1vUU2jjZuMlpymNtb4VQYeus=", + "lastModified": 1752780124, + "narHash": "sha256-5dn97vIYxn6VozKePOQSDxVCsrl38nDdMJXx86KIJH0=", "owner": "nix-community", "repo": "home-manager", - "rev": "2e00ed310c218127e02ffcf28ddd4e0f669fde3e", + "rev": "c718918222bdb104397762dea67e6b397a7927fe", "type": "github" }, "original": { @@ -436,11 +436,11 @@ ] }, "locked": { - "lastModified": 1752603129, - "narHash": "sha256-S+wmHhwNQ5Ru689L2Gu8n1OD6s9eU9n9mD827JNR+kw=", + "lastModified": 1752814804, + "narHash": "sha256-irfg7lnfEpJY+3Cffkluzp2MTVw1Uq9QGxFp6qadcXI=", "owner": "nix-community", "repo": "home-manager", - "rev": "e8c19a3cec2814c754f031ab3ae7316b64da085b", + "rev": "d0300c8808e41da81d6edfc202f3d3833c157daf", "type": "github" }, "original": { @@ -480,11 +480,11 @@ "linux-tkg": { "flake": false, "locked": { - "lastModified": 1752695267, - "narHash": "sha256-KzMPl+ZmP5yI5HhatqCy1O2S0tqclANjfTV2X06ojz8=", + "lastModified": 1752805881, + "narHash": "sha256-D4OlmKGe9PcTIIaAgeyrBk2QKZLGbolcDyJBAlSrYy0=", "owner": "Frogging-Family", "repo": "linux-tkg", - "rev": "4182e62eab63a197b2cf6de9bb118658e954d196", + "rev": "0d81f32aca45461e67da8fc2f1b57dd7fc2cd789", "type": "github" }, "original": { @@ -506,11 +506,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1752684829, - "narHash": "sha256-thWm3+ZDnnWK65bR6UmxZQMHpYqf65kfh0vEIr4+nLU=", + "lastModified": 1752753780, + "narHash": "sha256-EiCUyqaoTdXDMBFb30hBKB9Sx3eY9mrqhgGriIsKuIU=", "owner": "nix-community", "repo": "neovim-nightly-overlay", - "rev": "c4046ad801abcc7576f0cf71944410d3690ecc50", + "rev": "053ea16d7d94f21ee6ed0b70007cd4378c8e4825", "type": "github" }, "original": { @@ -522,11 +522,11 @@ "neovim-src": { "flake": false, "locked": { - "lastModified": 1752617716, - "narHash": "sha256-Qths6FmwFQVcE/ZtNuGMixa+5vlvYpXVkB0RoUa1pJk=", + "lastModified": 1752707870, + "narHash": "sha256-h/td8ApD44htLyMnue39Y882fs1VpV/oy21WiySmXDE=", "owner": "neovim", "repo": "neovim", - "rev": "9789a3b854d7f670dd231bdffe1bce0098509539", + "rev": "fcec1610e7ba501be812f636dabc7d9f4c8f436f", "type": "github" }, "original": { @@ -541,11 +541,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1752631802, - "narHash": "sha256-t65TV28ZatEKVyFoTmExQgb8LECvrj/3Wuogn5PxfYI=", + "lastModified": 1752832532, + "narHash": "sha256-YvQ6sjTxS+cw+w8fhEL41vAC28q4sB0vT77uhzQ1eOA=", "owner": "fufexan", "repo": "nix-gaming", - "rev": "b8834a847dee8875e06e218830f33a3486f0185e", + "rev": "4e113d7f833a78a54a35dfc5514a89e5e7c78d4f", "type": "github" }, "original": { @@ -603,11 +603,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1752710483, - "narHash": "sha256-lPwVWOD2OMf7X2T6Umh2gm5NfNz3AcobcPbCnB4r9g4=", + "lastModified": 1752876120, + "narHash": "sha256-i6IbLwI+d4Mv8UemSV/DRLnKHh/0+CWrdt3HemufMWA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "cd4d0287ee12705c5e2890141809d252cd26c6e6", + "rev": "4e7849a5dbd1b1becd5be9a4b8a4ee9d38a10186", "type": "github" }, "original": { @@ -635,11 +635,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1752480373, - "narHash": "sha256-JHQbm+OcGp32wAsXTE/FLYGNpb+4GLi5oTvCxwSoBOA=", + "lastModified": 1752687322, + "narHash": "sha256-RKwfXA4OZROjBTQAl9WOZQFm7L8Bo93FQwSJpAiSRvo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "62e0f05ede1da0d54515d4ea8ce9c733f12d9f08", + "rev": "6e987485eb2c77e5dcc5af4e3c70843711ef9251", "type": "github" }, "original": { @@ -770,11 +770,11 @@ "stevenblack-hosts": { "flake": false, "locked": { - "lastModified": 1752716696, - "narHash": "sha256-L6dHdZQJvfooem2TQtalnxuYxJKbm05xs/5YN/bnlSA=", + "lastModified": 1752874173, + "narHash": "sha256-E4+FdFdc7TNIJ3f2aeo7TkxS1D7KcqNdN8ILfo4T0eA=", "owner": "StevenBlack", "repo": "hosts", - "rev": "9db4bfd5a227f7fc9184898baece641591f3896c", + "rev": "85aeab65b5579810b8ebdf1c0aa0148640ea95f9", "type": "github" }, "original": { From fdf6a3ce627793e66ab9188b4660fecbc1ef0c96 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Sat, 19 Jul 2025 21:34:30 +1000 Subject: [PATCH 076/301] packages/linux-lava: bump to 6.15.7 --- packages/linux-lava/sources.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/linux-lava/sources.nix b/packages/linux-lava/sources.nix index a245f79..40a7b9d 100644 --- a/packages/linux-lava/sources.nix +++ b/packages/linux-lava/sources.nix @@ -1,8 +1,8 @@ { fetchFromGitHub, inputs, lib }: let - version = "6.15.6"; + version = "6.15.7"; kernelHash = "0r4ppfd5kwvj24bjig92hxa18lmjgy9gqvh5qknfffw08wjrd1km"; - kernelPatchHash = "1cc7y3llnf50fb0vqa4689hybfgpyzd93s2w3lxyaxbpvll71snv"; + kernelPatchHash = "1qri57dd6r8sagm2vag9vp8jf70wf9bbjm5bhx5w05s8x56rrrf9"; mm = lib.versions.majorMinor version; hasPatch = (builtins.length (builtins.splitVersion version)) == 3; From 3ef987f8d9b585d6a9c8d53373c649929f100ed9 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Fri, 8 Aug 2025 22:34:56 +1000 Subject: [PATCH 077/301] system/wireguard: use port 123 --- modules/system/wireguard.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/wireguard.nix b/modules/system/wireguard.nix index 6126da8..04770ee 100644 --- a/modules/system/wireguard.nix +++ b/modules/system/wireguard.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, gcSecrets, ... }: let - port = 51820; + port = 123; serverName = "dandelion"; serverInterface = "enp0s6"; serverIp = gcSecrets.wireguard.gateway; From c0b9ed6b007ce583cab9bac44ddc4afd23de8552 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Fri, 8 Aug 2025 22:35:28 +1000 Subject: [PATCH 078/301] user/git: change name --- modules/user/git.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/user/git.nix b/modules/user/git.nix index b64492e..16a2cdd 100644 --- a/modules/user/git.nix +++ b/modules/user/git.nix @@ -1,7 +1,7 @@ { ... }: { programs.git = { enable = true; - userName = "LavaDesu"; + userName = "Cilly Leang"; userEmail = "me@lava.moe"; signing = { key = "059F098EBF0E9A13E10A46BF6500251E087653C9"; From e94d04ab1f7373bf19351465092820d4be6f0cbe Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Tue, 12 Aug 2025 12:17:36 +1000 Subject: [PATCH 079/301] flake: bump inputs --- flake.lock | 169 ++++++++++++++++++++++++++++++++--------------------- 1 file changed, 102 insertions(+), 67 deletions(-) diff --git a/flake.lock b/flake.lock index 6935a8b..d0fd43b 100644 --- a/flake.lock +++ b/flake.lock @@ -3,14 +3,15 @@ "aagl": { "inputs": { "flake-compat": "flake-compat", - "nixpkgs": "nixpkgs" + "nixpkgs": "nixpkgs", + "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1750597689, - "narHash": "sha256-3ComII0BkmdohISrshICQiAB6TU+VHHIRnWK0ckA0/s=", + "lastModified": 1754711681, + "narHash": "sha256-cYsUwcr7dQ/enDG+sHVqGopwgbPRajhVXi+dTt8OQ2c=", "owner": "ezKEa", "repo": "aagl-gtk-on-nix", - "rev": "ec2ec4ec3f908ed9b125ea4afd52627bed60f183", + "rev": "7a6e7cce4c9c8bfc5bf25a96d66ede2c0379a6f1", "type": "github" }, "original": { @@ -29,11 +30,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1750173260, - "narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=", + "lastModified": 1754433428, + "narHash": "sha256-NA/FT2hVhKDftbHSwVnoRTFhes62+7dxZbxj5Gxvghs=", "owner": "ryantm", "repo": "agenix", - "rev": "531beac616433bac6f9e2a19feb8e99a22a66baf", + "rev": "9edb1787864c4f59ae5074ad498b6272b3ec308d", "type": "github" }, "original": { @@ -186,11 +187,11 @@ "flake-compat_3": { "flake": false, "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", "owner": "edolstra", "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", "type": "github" }, "original": { @@ -207,11 +208,11 @@ ] }, "locked": { - "lastModified": 1751413152, - "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=", + "lastModified": 1754487366, + "narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5", + "rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18", "type": "github" }, "original": { @@ -246,11 +247,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1751413152, - "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=", + "lastModified": 1754487366, + "narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5", + "rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18", "type": "github" }, "original": { @@ -287,11 +288,11 @@ ] }, "locked": { - "lastModified": 1750779888, - "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=", + "lastModified": 1754416808, + "narHash": "sha256-c6yg0EQ9xVESx6HGDOCMcyRSjaTpNJP10ef+6fRcofA=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d", + "rev": "9c52372878df6911f9afc1e2a1391f55e4dfc864", "type": "github" }, "original": { @@ -394,11 +395,11 @@ ] }, "locked": { - "lastModified": 1752780124, - "narHash": "sha256-5dn97vIYxn6VozKePOQSDxVCsrl38nDdMJXx86KIJH0=", + "lastModified": 1753592768, + "narHash": "sha256-oV695RvbAE4+R9pcsT9shmp6zE/+IZe6evHWX63f2Qg=", "owner": "nix-community", "repo": "home-manager", - "rev": "c718918222bdb104397762dea67e6b397a7927fe", + "rev": "fc3add429f21450359369af74c2375cb34a2d204", "type": "github" }, "original": { @@ -436,11 +437,11 @@ ] }, "locked": { - "lastModified": 1752814804, - "narHash": "sha256-irfg7lnfEpJY+3Cffkluzp2MTVw1Uq9QGxFp6qadcXI=", + "lastModified": 1754842705, + "narHash": "sha256-2vvncPLsBWV6dRM5LfGHMGYZ+vzqRDqSPBzxPAS0R/A=", "owner": "nix-community", "repo": "home-manager", - "rev": "d0300c8808e41da81d6edfc202f3d3833c157daf", + "rev": "91586008a23c01cc32894ee187dca8c0a7bd20a4", "type": "github" }, "original": { @@ -480,11 +481,11 @@ "linux-tkg": { "flake": false, "locked": { - "lastModified": 1752805881, - "narHash": "sha256-D4OlmKGe9PcTIIaAgeyrBk2QKZLGbolcDyJBAlSrYy0=", + "lastModified": 1754707367, + "narHash": "sha256-c4kr9yDWeT6u4pmWva/RoMf06W3OsOOxVf2GLzV4MCw=", "owner": "Frogging-Family", "repo": "linux-tkg", - "rev": "0d81f32aca45461e67da8fc2f1b57dd7fc2cd789", + "rev": "6742817d970e38c1cfc747a8a83ab3cea95a43d5", "type": "github" }, "original": { @@ -506,11 +507,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1752753780, - "narHash": "sha256-EiCUyqaoTdXDMBFb30hBKB9Sx3eY9mrqhgGriIsKuIU=", + "lastModified": 1754641381, + "narHash": "sha256-eMoujl/X1lbdjRbC/HHCpZmUb5tqTAYSL1hocy+o7nc=", "owner": "nix-community", "repo": "neovim-nightly-overlay", - "rev": "053ea16d7d94f21ee6ed0b70007cd4378c8e4825", + "rev": "83aaf3085f808dec9ea1b5d16b216875a8081b37", "type": "github" }, "original": { @@ -522,11 +523,11 @@ "neovim-src": { "flake": false, "locked": { - "lastModified": 1752707870, - "narHash": "sha256-h/td8ApD44htLyMnue39Y882fs1VpV/oy21WiySmXDE=", + "lastModified": 1754610154, + "narHash": "sha256-ORfF40X4BGiFxnLNQbdsQbUTW4TkUHfPqyZWHaYL5NE=", "owner": "neovim", "repo": "neovim", - "rev": "fcec1610e7ba501be812f636dabc7d9f4c8f436f", + "rev": "038eb01b41b66379f75164507571497929f8847c", "type": "github" }, "original": { @@ -538,14 +539,14 @@ "nix-gaming": { "inputs": { "flake-parts": "flake-parts_3", - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1752832532, - "narHash": "sha256-YvQ6sjTxS+cw+w8fhEL41vAC28q4sB0vT77uhzQ1eOA=", + "lastModified": 1754791758, + "narHash": "sha256-XlyhRNYVItOE9IHi+loJBHnZ8c6ZbdV9lr6KFXPUpbY=", "owner": "fufexan", "repo": "nix-gaming", - "rev": "4e113d7f833a78a54a35dfc5514a89e5e7c78d4f", + "rev": "c7043951476c524a8dafa241158f7cb30079cdad", "type": "github" }, "original": { @@ -556,11 +557,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1748460289, - "narHash": "sha256-7doLyJBzCllvqX4gszYtmZUToxKvMUrg45EUWaUYmBg=", + "lastModified": 1754498491, + "narHash": "sha256-erbiH2agUTD0Z30xcVSFcDHzkRvkRXOQ3lb887bcVrs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "96ec055edbe5ee227f28cdbc3f1ddf1df5965102", + "rev": "c2ae88e026f9525daf89587f3cbee584b92b6134", "type": "github" }, "original": { @@ -572,11 +573,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1751159883, - "narHash": "sha256-urW/Ylk9FIfvXfliA1ywh75yszAbiTEVgpPeinFyVZo=", + "lastModified": 1753579242, + "narHash": "sha256-zvaMGVn14/Zz8hnp4VWT9xVnhc8vuL3TStRqwk22biA=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "14a40a1d7fb9afa4739275ac642ed7301a9ba1ab", + "rev": "0f36c44e01a6129be94e3ade315a5883f0228a6e", "type": "github" }, "original": { @@ -603,11 +604,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1752876120, - "narHash": "sha256-i6IbLwI+d4Mv8UemSV/DRLnKHh/0+CWrdt3HemufMWA=", + "lastModified": 1754863774, + "narHash": "sha256-OOkhunEjy+t5xP3oMxD9ezDZ3j3PYfOsT9aro/WcBGA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4e7849a5dbd1b1becd5be9a4b8a4ee9d38a10186", + "rev": "a84e756ad67fa42311e2d22cbc8f566ee46a04fd", "type": "github" }, "original": { @@ -619,11 +620,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1752012998, - "narHash": "sha256-Q82Ms+FQmgOBkdoSVm+FBpuFoeUAffNerR5yVV7SgT8=", + "lastModified": 1744536153, + "narHash": "sha256-awS2zRgF4uTwrOKwwiJcByDzDOdo3Q1rPZbiHQg/N38=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2a2130494ad647f953593c4e84ea4df839fbd68c", + "rev": "18dd725c29603f582cf1900e0d25f9f1063dbf11", "type": "github" }, "original": { @@ -635,11 +636,27 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1752687322, - "narHash": "sha256-RKwfXA4OZROjBTQAl9WOZQFm7L8Bo93FQwSJpAiSRvo=", + "lastModified": 1754711617, + "narHash": "sha256-WrZ280bT6NzNbBo+CKeJA/NW1rhvN/RUPZczqCpu2mI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6e987485eb2c77e5dcc5af4e3c70843711ef9251", + "rev": "00b574b1ba8a352f0601c4dde4faff4b534ebb1e", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { + "locked": { + "lastModified": 1754725699, + "narHash": "sha256-iAcj9T/Y+3DBy2J0N+yF9XQQQ8IEb5swLFzs23CdP88=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "85dbfc7aaf52ecb755f87e577ddbe6dbbdbc1054", "type": "github" }, "original": { @@ -716,7 +733,7 @@ "linux-tkg": "linux-tkg", "neovim-nightly": "neovim-nightly", "nix-gaming": "nix-gaming", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_4", "nixpkgs-stable": "nixpkgs-stable_2", "nvim-treesitter": "nvim-treesitter", "pure": "pure", @@ -730,6 +747,24 @@ "zsh-history-substring-search": "zsh-history-substring-search" } }, + "rust-overlay": { + "inputs": { + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "lastModified": 1754575663, + "narHash": "sha256-afOx8AG0KYtw7mlt6s6ahBBy7eEHZwws3iCRoiuRQS4=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "6db0fb0e9cec2e9729dc52bf4898e6c135bb8a0f", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, "spicetify-nix": { "inputs": { "nixpkgs": [ @@ -738,11 +773,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1752381641, - "narHash": "sha256-R2iDZb94RosuCeuIukacZVVXxzWYr4jn/QI/ax15nW8=", + "lastModified": 1754801101, + "narHash": "sha256-oxWjZ/SfhCvHFNePZcUu+LcE5j4xxuIt/yaoaSvMZk0=", "owner": "Gerg-L", "repo": "spicetify-nix", - "rev": "8f9fd947c52aa6adb6bafe72516eccf186708954", + "rev": "fcbfc21572518c68317df992929b28df9a1d8468", "type": "github" }, "original": { @@ -770,11 +805,11 @@ "stevenblack-hosts": { "flake": false, "locked": { - "lastModified": 1752874173, - "narHash": "sha256-E4+FdFdc7TNIJ3f2aeo7TkxS1D7KcqNdN8ILfo4T0eA=", + "lastModified": 1754759508, + "narHash": "sha256-D//sryXk4tiPB6pBrFz3+rA68JQRR+8IAicEA5h7CWQ=", "owner": "StevenBlack", "repo": "hosts", - "rev": "85aeab65b5579810b8ebdf1c0aa0148640ea95f9", + "rev": "a11705bff29cdf2744dfdf7463a4000ee67d2ba4", "type": "github" }, "original": { @@ -852,11 +887,11 @@ ] }, "locked": { - "lastModified": 1752055615, - "narHash": "sha256-19m7P4O/Aw/6+CzncWMAJu89JaKeMh3aMle1CNQSIwM=", + "lastModified": 1754492133, + "narHash": "sha256-B+3g9+76KlGe34Yk9za8AF3RL+lnbHXkLiVHLjYVOAc=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "c9d477b5d5bd7f26adddd3f96cfd6a904768d4f9", + "rev": "1298185c05a56bff66383a20be0b41a307f52228", "type": "github" }, "original": { @@ -901,11 +936,11 @@ "zsh-abbr": { "flake": false, "locked": { - "lastModified": 1752017132, - "narHash": "sha256-jumrUkz8L2UETKSipcDPkjstrPsHx4cwPH9sOXKnd0k=", + "lastModified": 1752982673, + "narHash": "sha256-9Tv64JFWG6yZnH16b8y80Q/Vk8wesxGpWG6JHiot70g=", "ref": "refs/heads/main", - "rev": "1e97c6fcc680186f32791cb7c51e95808d7c7c1b", - "revCount": 1058, + "rev": "2fd354de4d21be6c91ad2ea71af08525f3e76b39", + "revCount": 1061, "submodules": true, "type": "git", "url": "https://github.com/olets/zsh-abbr" From f140929d9c80ad4910cf6dbb11d47555057712af Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Tue, 12 Aug 2025 12:17:43 +1000 Subject: [PATCH 080/301] packages/linux-lava: bump to 6.16 --- packages/linux-lava/sources.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/linux-lava/sources.nix b/packages/linux-lava/sources.nix index 40a7b9d..4c9c4e3 100644 --- a/packages/linux-lava/sources.nix +++ b/packages/linux-lava/sources.nix @@ -1,8 +1,8 @@ { fetchFromGitHub, inputs, lib }: let - version = "6.15.7"; - kernelHash = "0r4ppfd5kwvj24bjig92hxa18lmjgy9gqvh5qknfffw08wjrd1km"; - kernelPatchHash = "1qri57dd6r8sagm2vag9vp8jf70wf9bbjm5bhx5w05s8x56rrrf9"; + version = "6.16"; + kernelHash = "10ydzfzc3g0nhns6md08gpfshhjcyd58lylqr15alijjdgzf4jqs"; + kernelPatchHash = "00wkvlpb5idmnjml86jmdp0fnqs08r3ykafhw5k702952dlyg5ws"; mm = lib.versions.majorMinor version; hasPatch = (builtins.length (builtins.splitVersion version)) == 3; From 1c2f3eb1c6570a765aa7c225c05835cffbb50642 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Thu, 14 Aug 2025 11:18:11 +1000 Subject: [PATCH 081/301] system/wireguard: add local-only peer --- modules/system/wireguard.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/modules/system/wireguard.nix b/modules/system/wireguard.nix index 04770ee..dbc8938 100644 --- a/modules/system/wireguard.nix +++ b/modules/system/wireguard.nix @@ -28,6 +28,7 @@ let interfaces = { wg0 = { peers = [ server6OnlyPeer ]; }; wg1 = { peers = [ serverPeer ]; autostart = false; }; + wg2 = { peers = [ serverLocalOnlyPeer ]; autostart = false; }; }; }; anemone = { @@ -36,6 +37,7 @@ let interfaces = { wg0 = { peers = [ server6OnlyPeer ]; }; wg1 = { peers = [ serverPeer ]; autostart = false; }; + wg2 = { peers = [ serverLocalOnlyPeer ]; autostart = false; }; }; }; hibiscus = { @@ -44,6 +46,7 @@ let interfaces = { wg0 = { peers = [ server6OnlyPeer ]; }; wg1 = { peers = [ serverPeer ]; autostart = false; }; + wg2 = { peers = [ serverLocalOnlyPeer ]; autostart = false; }; }; }; hazel = { @@ -52,7 +55,7 @@ let interfaces = { wg0 = { dns = [ "::1" "127.0.0.1" ]; - peers = [ (serverPeerWith [ "10.100.0.0/24" "fd0d::/16" ]) ]; + peers = [ serverLocalOnlyPeer ]; }; }; }; @@ -67,6 +70,7 @@ let }; serverPeer = serverPeerWith [ "0.0.0.0/0" "::/0" ]; server6OnlyPeer = serverPeerWith [ "10.100.0.0/24" "::/0" ]; + serverLocalOnlyPeer = serverPeerWith [ "10.100.0.0/24" "fd0d::/16" ]; serverConfig = { nat = { From 1cfcd112e85079394248ca53232191957e8ec152 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 17 Aug 2025 22:24:54 +1000 Subject: [PATCH 082/301] hosts/hyacinth: remove jenkins, and enable bluetooth --- hosts/hyacinth/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/hyacinth/default.nix b/hosts/hyacinth/default.nix index 326daad..620798b 100644 --- a/hosts/hyacinth/default.nix +++ b/hosts/hyacinth/default.nix @@ -41,5 +41,5 @@ ]; systemd.services.nix-daemon.environment.TMPDIR = "/nix/tmp"; - services.jenkins.enable = true; + me.hasBluetooth = true; } From 633d781a25bd170ab49ef02810b7d72065974e81 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 17 Aug 2025 23:06:33 +1000 Subject: [PATCH 083/301] user/neovim: add astro and tailwind --- modules/user/neovim.nix | 3 +++ res/config.lua | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/modules/user/neovim.nix b/modules/user/neovim.nix index 1949d2f..0120227 100644 --- a/modules/user/neovim.nix +++ b/modules/user/neovim.nix @@ -20,6 +20,8 @@ in { extraPackages = with pkgs; [ rust-analyzer + nodePackages."@astrojs/language-server" + nodePackages."@tailwindcss/language-server" nodePackages.diagnostic-languageserver nodePackages.eslint_d nodePackages.typescript-language-server @@ -52,6 +54,7 @@ in { #(pkgs.me.nvim-treesitter-nightly.withPlugins (p: with p; [ (nvim-treesitter.withPlugins (p: with p; [ + tree-sitter-astro tree-sitter-bash tree-sitter-c tree-sitter-c-sharp diff --git a/res/config.lua b/res/config.lua index 10d2ec1..286b03d 100644 --- a/res/config.lua +++ b/res/config.lua @@ -139,7 +139,7 @@ local capabilities = vim.lsp.protocol.make_client_capabilities() capabilities.textDocument.completion.completionItem.snippetSupport = true capabilities = require('cmp_nvim_lsp').default_capabilities(capabilities) -local servers = { 'cssls', 'html', 'nil_ls', 'texlab', 'ts_ls', 'yamlls' } +local servers = { 'astro', 'cssls', 'html', 'nil_ls', 'tailwindcss', 'texlab', 'ts_ls', 'yamlls' } for _, lsp in ipairs(servers) do nvim_lsp[lsp].setup { capabilities = capabilities, From d9df212560157f31c11dbac3efda6619fbf89206 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 17 Aug 2025 23:09:58 +1000 Subject: [PATCH 084/301] user/neovim: add nvim-highlight-colors --- modules/user/neovim.nix | 1 + res/config.lua | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/modules/user/neovim.nix b/modules/user/neovim.nix index 0120227..774feea 100644 --- a/modules/user/neovim.nix +++ b/modules/user/neovim.nix @@ -47,6 +47,7 @@ in { nvim-cmp nvim-dap + nvim-highlight-colors nvim-lspconfig cmp-nvim-lsp cmp_luasnip diff --git a/res/config.lua b/res/config.lua index 286b03d..4237b16 100644 --- a/res/config.lua +++ b/res/config.lua @@ -18,6 +18,7 @@ vim.opt.number = true vim.opt.cursorline = true vim.opt.signcolumn = "yes:3" vim.opt.title = true +vim.opt.termguicolors = true vim.opt.updatetime = 0 vim.opt.clipboard:prepend('unnamedplus') @@ -94,6 +95,9 @@ end vim.cmd('au FileType javascript setlocal indentexpr=v:lua.javascript_indent()') +-- nvim-highlight-colors +require('nvim-highlight-colors').setup {} + -- LSP local nvim_lsp = require('lspconfig') From b06bb7009c8dd9766c4802ddd333a24706a40b89 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 17 Aug 2025 23:25:30 +1000 Subject: [PATCH 085/301] user/neovim: add autoclose-nvim and update lualine config --- modules/user/neovim.nix | 2 ++ res/config.lua | 15 +++++++++++---- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/modules/user/neovim.nix b/modules/user/neovim.nix index 774feea..9e6877c 100644 --- a/modules/user/neovim.nix +++ b/modules/user/neovim.nix @@ -30,10 +30,12 @@ in { ]; plugins = with pkgs.vimPlugins; [ + autoclose-nvim flutter-tools-nvim fzf-vim fzf-lsp-nvim lualine-nvim + nvim-web-devicons plenary-nvim tokyonight-nvim vim-fugitive diff --git a/res/config.lua b/res/config.lua index 4237b16..3632c15 100644 --- a/res/config.lua +++ b/res/config.lua @@ -65,13 +65,23 @@ vim.cmd("highlight SignifySignChangeDelete guifg="..colors.red) vim.cmd("au FileType rust highlight DiagnosticUnderlineHint ctermfg=14 gui=italic guifg="..colors.overlay2) -- Plugins +require('autoclose').setup {} +require('nvim-highlight-colors').setup {} require('nvim-treesitter.configs').setup { highlight = { enable = true }, indent = { enable = false } } require('lualine').setup { options = { - theme = 'tokyonight' + theme = 'catppuccin' + }, + sections = { + lualine_c = { + { + "filename", + path = 1, + } + } } } @@ -95,9 +105,6 @@ end vim.cmd('au FileType javascript setlocal indentexpr=v:lua.javascript_indent()') --- nvim-highlight-colors -require('nvim-highlight-colors').setup {} - -- LSP local nvim_lsp = require('lspconfig') From 240ff865388fbec6ca073c166f195e8f2ca28c09 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 17 Aug 2025 23:32:23 +1000 Subject: [PATCH 086/301] user/neovim: add nvim-ts-autotag --- modules/user/neovim.nix | 1 + res/config.lua | 1 + 2 files changed, 2 insertions(+) diff --git a/modules/user/neovim.nix b/modules/user/neovim.nix index 9e6877c..cc5d271 100644 --- a/modules/user/neovim.nix +++ b/modules/user/neovim.nix @@ -35,6 +35,7 @@ in { fzf-vim fzf-lsp-nvim lualine-nvim + nvim-ts-autotag nvim-web-devicons plenary-nvim tokyonight-nvim diff --git a/res/config.lua b/res/config.lua index 3632c15..aa3355a 100644 --- a/res/config.lua +++ b/res/config.lua @@ -66,6 +66,7 @@ vim.cmd("au FileType rust highlight DiagnosticUnderlineHint ctermfg=14 gui=itali -- Plugins require('autoclose').setup {} +require('nvim-ts-autotag').setup {} require('nvim-highlight-colors').setup {} require('nvim-treesitter.configs').setup { highlight = { enable = true }, From 5989fc4e70e30a92408c690e5b06d8d8f3ea3c02 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 17 Aug 2025 23:50:52 +1000 Subject: [PATCH 087/301] user/neovim: add bindings for commenting --- res/config.lua | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/res/config.lua b/res/config.lua index aa3355a..b173216 100644 --- a/res/config.lua +++ b/res/config.lua @@ -1,11 +1,13 @@ -- Keybindings -local map = vim.api.nvim_set_keymap -map('n', '', 'h', { noremap = true }) -map('n', '', 'j', { noremap = true }) -map('n', '', 'k', { noremap = true }) -map('n', '', 'l', { noremap = true }) -map('n', '', ':q', { noremap = true }) -map('n', '', ':Files', { noremap = true }) +local map = vim.keymap.set +map('n', '', 'h', { remap = false }) +map('n', '', 'j', { remap = false }) +map('n', '', 'k', { remap = false }) +map('n', '', 'l', { remap = false }) +map('n', '', ':q', { remap = false }) +map('n', '', ':Files', { remap = false }) +map('n', '', 'gcc', { remap = true, silent = true }) +map('v', '', 'gc', { remap = true, silent = true }) -- Autocommands vim.cmd('au BufEnter * set noro') From 6fabeecd1d329f52d54aa761a2841ce7d38abb91 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Mon, 18 Aug 2025 00:11:28 +1000 Subject: [PATCH 088/301] user/neovim: add auto-save.nvim --- modules/user/neovim.nix | 1 + res/config.lua | 13 +++++++++++++ 2 files changed, 14 insertions(+) diff --git a/modules/user/neovim.nix b/modules/user/neovim.nix index cc5d271..e8ba07a 100644 --- a/modules/user/neovim.nix +++ b/modules/user/neovim.nix @@ -31,6 +31,7 @@ in { plugins = with pkgs.vimPlugins; [ autoclose-nvim + auto-save-nvim flutter-tools-nvim fzf-vim fzf-lsp-nvim diff --git a/res/config.lua b/res/config.lua index b173216..f69e13b 100644 --- a/res/config.lua +++ b/res/config.lua @@ -68,6 +68,19 @@ vim.cmd("au FileType rust highlight DiagnosticUnderlineHint ctermfg=14 gui=itali -- Plugins require('autoclose').setup {} +local function autosavecond(buf) + if vim.tbl_contains({"astro"}, vim.fn.getbufvar(buf, "&filetype")) then + return true + end + return false +end +require('auto-save').setup { + trigger_events = { + defer = { "InsertLeave", "TextChanged", "TextChangedI" }, + }, + debounce_delay = 250, + condition = autosavecond, +} require('nvim-ts-autotag').setup {} require('nvim-highlight-colors').setup {} require('nvim-treesitter.configs').setup { From f8dc09565f5e473e3e4ce269777270ac6167d9a1 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Mon, 18 Aug 2025 01:36:36 +1000 Subject: [PATCH 089/301] user/neovim: use virtual color highlight --- res/config.lua | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/res/config.lua b/res/config.lua index f69e13b..06aaffc 100644 --- a/res/config.lua +++ b/res/config.lua @@ -82,7 +82,9 @@ require('auto-save').setup { condition = autosavecond, } require('nvim-ts-autotag').setup {} -require('nvim-highlight-colors').setup {} +require('nvim-highlight-colors').setup { + render = "virtual", +} require('nvim-treesitter.configs').setup { highlight = { enable = true }, indent = { enable = false } From d0fdbe88222e31eb9cffa7129c0c7ba64491aafe Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Mon, 18 Aug 2025 17:23:37 +1000 Subject: [PATCH 090/301] hyacinth/filesystem: increase tmpfs size to 24G --- hosts/hyacinth/filesystem.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/hyacinth/filesystem.nix b/hosts/hyacinth/filesystem.nix index c85d7be..2757182 100644 --- a/hosts/hyacinth/filesystem.nix +++ b/hosts/hyacinth/filesystem.nix @@ -15,7 +15,7 @@ in "/" = { device = "rootfs"; fsType = "tmpfs"; - options = [ "defaults" "size=8G" "mode=755" ]; + options = [ "defaults" "size=24G" "mode=755" ]; }; "/boot" = mkLabelMount "CUP" "vfat"; From c9520a5bc86ff937bd9f2038ff93c92f5c63e940 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Mon, 18 Aug 2025 17:25:21 +1000 Subject: [PATCH 091/301] packages/linux-lava: add bluetooth patch --- packages/linux-lava/bluetooth.patch | 13 +++++++++++++ packages/linux-lava/sources.nix | 1 + 2 files changed, 14 insertions(+) create mode 100644 packages/linux-lava/bluetooth.patch diff --git a/packages/linux-lava/bluetooth.patch b/packages/linux-lava/bluetooth.patch new file mode 100644 index 0000000..87e198c --- /dev/null +++ b/packages/linux-lava/bluetooth.patch @@ -0,0 +1,13 @@ +diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c +index ef9689f8776..aabbc031b5f 100644 +--- a/drivers/bluetooth/btusb.c ++++ b/drivers/bluetooth/btusb.c +@@ -759,6 +759,8 @@ static const struct usb_device_id quirks_table[] = { + BTUSB_WIDEBAND_SPEECH }, + { USB_DEVICE(0x2b89, 0x8761), .driver_info = BTUSB_REALTEK | + BTUSB_WIDEBAND_SPEECH }, ++ { USB_DEVICE(0x2c4e, 0x0115), .driver_info = BTUSB_REALTEK | ++ BTUSB_WIDEBAND_SPEECH }, + + /* Additional Realtek 8821AE Bluetooth devices */ + { USB_DEVICE(0x0b05, 0x17dc), .driver_info = BTUSB_REALTEK }, diff --git a/packages/linux-lava/sources.nix b/packages/linux-lava/sources.nix index 4c9c4e3..caaa4f7 100644 --- a/packages/linux-lava/sources.nix +++ b/packages/linux-lava/sources.nix @@ -35,6 +35,7 @@ in { kernelPatches = lib.optionals hasPatch [ kernelPatchSrc + (patch ./bluetooth.patch) ] ++ builtins.map (name: { inherit name; From e7d5efd169de117550bcba3d8b0add00cdcc206b Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Mon, 18 Aug 2025 17:26:33 +1000 Subject: [PATCH 092/301] packages/linux-lava: bump to 6.16.1 --- packages/linux-lava/sources.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/linux-lava/sources.nix b/packages/linux-lava/sources.nix index caaa4f7..b8f408a 100644 --- a/packages/linux-lava/sources.nix +++ b/packages/linux-lava/sources.nix @@ -1,8 +1,8 @@ { fetchFromGitHub, inputs, lib }: let - version = "6.16"; + version = "6.16.1"; kernelHash = "10ydzfzc3g0nhns6md08gpfshhjcyd58lylqr15alijjdgzf4jqs"; - kernelPatchHash = "00wkvlpb5idmnjml86jmdp0fnqs08r3ykafhw5k702952dlyg5ws"; + kernelPatchHash = "0qg6jcbjwik2xzz26zbiz495ig03znaf0s4xp2qrl36lpsbjcr7a"; mm = lib.versions.majorMinor version; hasPatch = (builtins.length (builtins.splitVersion version)) == 3; From 2d85d6635b1ed3be13eaf2630635ddda3f963241 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Mon, 18 Aug 2025 17:46:13 +1000 Subject: [PATCH 093/301] overlays/linux-lava: get rid of --target warning --- overlays/linux-lava.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/overlays/linux-lava.nix b/overlays/linux-lava.nix index 4cfa1a4..321532f 100644 --- a/overlays/linux-lava.nix +++ b/overlays/linux-lava.nix @@ -1,12 +1,16 @@ self: super: let llvmPackages = super.llvmPackages_19; clangVersion = super.lib.versions.major llvmPackages.libclang.version; + addFlagsScript = "$out/nix-support/add-local-cc-cflags-before.sh"; cc = llvmPackages.stdenv.cc.override { # :sob: see https://github.com/NixOS/nixpkgs/issues/142901 bintools = llvmPackages.bintools; + + # https://github.com/NixOS/nixpkgs/issues/368850 extraBuildCommands = '' + cat <(echo "NIX_CC_WRAPPER_SUPPRESS_TARGET_WARNING=1") "${addFlagsScript}" > "${addFlagsScript}.new" + mv "${addFlagsScript}.new" "${addFlagsScript}" substituteInPlace "$out/nix-support/cc-cflags" --replace " -nostdlibinc" "" - substituteInPlace "$out/nix-support/add-local-cc-cflags-before.sh" --replace 'echo "Warning: supplying the --target argument to a nix-wrapped compiler may not work correctly - cc-wrapper is currently not designed with multi-target compilers in mind. You may want to use an un-wrapped compiler instead." >&2' "" echo " -resource-dir=${llvmPackages.libclang.lib}/lib/clang/${clangVersion}" >> $out/nix-support/cc-cflags ''; }; From c4bf653e1495193f499f8ce5f84c2862f93448d2 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 27 Aug 2025 17:28:29 +1000 Subject: [PATCH 094/301] user/neovim: add texlab --- modules/user/neovim.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/user/neovim.nix b/modules/user/neovim.nix index e8ba07a..4dc4830 100644 --- a/modules/user/neovim.nix +++ b/modules/user/neovim.nix @@ -20,6 +20,7 @@ in { extraPackages = with pkgs; [ rust-analyzer + texlab nodePackages."@astrojs/language-server" nodePackages."@tailwindcss/language-server" nodePackages.diagnostic-languageserver From 6a3e5c147b0be6fd220fa3ebb43e91901dfe54e8 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Tue, 2 Sep 2025 14:30:50 +1000 Subject: [PATCH 095/301] user/neovim: add clangd --- res/config.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/res/config.lua b/res/config.lua index 06aaffc..38f6a66 100644 --- a/res/config.lua +++ b/res/config.lua @@ -168,7 +168,7 @@ local capabilities = vim.lsp.protocol.make_client_capabilities() capabilities.textDocument.completion.completionItem.snippetSupport = true capabilities = require('cmp_nvim_lsp').default_capabilities(capabilities) -local servers = { 'astro', 'cssls', 'html', 'nil_ls', 'tailwindcss', 'texlab', 'ts_ls', 'yamlls' } +local servers = { 'astro', 'clangd', 'cssls', 'html', 'nil_ls', 'tailwindcss', 'texlab', 'ts_ls', 'yamlls' } for _, lsp in ipairs(servers) do nvim_lsp[lsp].setup { capabilities = capabilities, From c17c9873b9951d8d52bfcc938300b02742340a8d Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Tue, 2 Sep 2025 14:39:38 +1000 Subject: [PATCH 096/301] user/catppuccin: fix theme script it just kept reusing old generations because nix/profiles/home-manager isn't.. consistently updated? idk how long this has been happening or if they changed something ughhhhhh --- modules/user/catppuccin.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/user/catppuccin.nix b/modules/user/catppuccin.nix index 44973e6..176b42c 100644 --- a/modules/user/catppuccin.nix +++ b/modules/user/catppuccin.nix @@ -53,7 +53,7 @@ echo "invalid theme, valid values: [dark, light, restore]" exit 1 fi - current="$HOME/.local/state/nix/profiles/home-manager" + current="$HOME/.local/state/home-manager/gcroots/current-home/" cached="$HOME/.local/state/last-parent-specialisation" if [ -d "$current/specialisation" ]; then if [ -d "$cached" ]; then From 870fc4e2d7251cd6ba3960b97c38e3858b04cf01 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Thu, 21 Aug 2025 02:40:27 +1000 Subject: [PATCH 097/301] hyacinth/networking: enable wakeonlan --- hosts/hyacinth/networking.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/hyacinth/networking.nix b/hosts/hyacinth/networking.nix index 0f6035a..0b2eb03 100644 --- a/hosts/hyacinth/networking.nix +++ b/hosts/hyacinth/networking.nix @@ -3,7 +3,7 @@ networking = { useDHCP = true; interfaces.enp5s0.useDHCP = false; - interfaces.enp5s0.wakeOnLan.enable = false; + interfaces.enp5s0.wakeOnLan.enable = true; interfaces.enp5s0.ipv4.addresses = [{ address = "192.168.1.201"; From 480208b7186bf3d747148532a34599e060d8373f Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Fri, 5 Sep 2025 23:53:39 +1000 Subject: [PATCH 098/301] user/neovim: autosave tex, and autosave while in insert --- res/config.lua | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/res/config.lua b/res/config.lua index 38f6a66..55b991e 100644 --- a/res/config.lua +++ b/res/config.lua @@ -69,14 +69,14 @@ vim.cmd("au FileType rust highlight DiagnosticUnderlineHint ctermfg=14 gui=itali -- Plugins require('autoclose').setup {} local function autosavecond(buf) - if vim.tbl_contains({"astro"}, vim.fn.getbufvar(buf, "&filetype")) then + if vim.tbl_contains({"astro", "tex"}, vim.fn.getbufvar(buf, "&filetype")) then return true end return false end require('auto-save').setup { trigger_events = { - defer = { "InsertLeave", "TextChanged", "TextChangedI" }, + defer_save = { "InsertLeave", "TextChanged", "TextChangedI" }, }, debounce_delay = 250, condition = autosavecond, From c85d5d21506b968ee07e32a3bc54e37d7d7745cd Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Sat, 25 Oct 2025 01:44:58 +0000 Subject: [PATCH 099/301] flake: bump inputs --- flake.lock | 168 ++++++++++++++++++++++++----------------------------- 1 file changed, 75 insertions(+), 93 deletions(-) diff --git a/flake.lock b/flake.lock index d0fd43b..ff2042e 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1754711681, - "narHash": "sha256-cYsUwcr7dQ/enDG+sHVqGopwgbPRajhVXi+dTt8OQ2c=", + "lastModified": 1759319421, + "narHash": "sha256-45yE92tDGtCX/vdyUuD3ckCqyZ3pwP0yrTorjvL80fc=", "owner": "ezKEa", "repo": "aagl-gtk-on-nix", - "rev": "7a6e7cce4c9c8bfc5bf25a96d66ede2c0379a6f1", + "rev": "37bf87881ae7a68bccdd383fef345c748a23d3b7", "type": "github" }, "original": { @@ -30,11 +30,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1754433428, - "narHash": "sha256-NA/FT2hVhKDftbHSwVnoRTFhes62+7dxZbxj5Gxvghs=", + "lastModified": 1760836749, + "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", "owner": "ryantm", "repo": "agenix", - "rev": "9edb1787864c4f59ae5074ad498b6272b3ec308d", + "rev": "2f0f812f69f3eb4140157fe15e12739adf82e32a", "type": "github" }, "original": { @@ -208,11 +208,11 @@ ] }, "locked": { - "lastModified": 1754487366, - "narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=", + "lastModified": 1760948891, + "narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18", + "rev": "864599284fc7c0ba6357ed89ed5e2cd5040f0c04", "type": "github" }, "original": { @@ -222,36 +222,15 @@ } }, "flake-parts_2": { - "inputs": { - "nixpkgs-lib": [ - "neovim-nightly", - "hercules-ci-effects", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1751413152, - "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5", - "type": "github" - }, - "original": { - "id": "flake-parts", - "type": "indirect" - } - }, - "flake-parts_3": { "inputs": { "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1754487366, - "narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=", + "lastModified": 1760813311, + "narHash": "sha256-lbHQ7FXGzt6/IygWvJ1lCq+Txcut3xYYd6VIpF1ojkg=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18", + "rev": "4e627ac2e1b8f1de7f5090064242de9a259dbbc8", "type": "github" }, "original": { @@ -288,11 +267,11 @@ ] }, "locked": { - "lastModified": 1754416808, - "narHash": "sha256-c6yg0EQ9xVESx6HGDOCMcyRSjaTpNJP10ef+6fRcofA=", + "lastModified": 1760663237, + "narHash": "sha256-BflA6U4AM1bzuRMR8QqzPXqh8sWVCNDzOdsxXEguJIc=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "9c52372878df6911f9afc1e2a1391f55e4dfc864", + "rev": "ca5b894d3e3e151ffc1db040b6ce4dcc75d31c37", "type": "github" }, "original": { @@ -325,18 +304,21 @@ }, "hercules-ci-effects": { "inputs": { - "flake-parts": "flake-parts_2", + "flake-parts": [ + "neovim-nightly", + "flake-parts" + ], "nixpkgs": [ "neovim-nightly", "nixpkgs" ] }, "locked": { - "lastModified": 1752595130, - "narHash": "sha256-CNBgr4OZSuklGtNOa9CnTNo9+Xceqn/EDAC1Tc43fH8=", + "lastModified": 1761230615, + "narHash": "sha256-pLE7U5gOtlA/2wbKCsVRYf5DqMQ5TWBCrCfZGytDDeo=", "owner": "hercules-ci", "repo": "hercules-ci-effects", - "rev": "5f2e09654b2e70ba643e41609d9f9b6640f22113", + "rev": "7db2b867219a26781437d840ce457b75b7645154", "type": "github" }, "original": { @@ -395,11 +377,11 @@ ] }, "locked": { - "lastModified": 1753592768, - "narHash": "sha256-oV695RvbAE4+R9pcsT9shmp6zE/+IZe6evHWX63f2Qg=", + "lastModified": 1758463745, + "narHash": "sha256-uhzsV0Q0I9j2y/rfweWeGif5AWe0MGrgZ/3TjpDYdGA=", "owner": "nix-community", "repo": "home-manager", - "rev": "fc3add429f21450359369af74c2375cb34a2d204", + "rev": "3b955f5f0a942f9f60cdc9cacb7844335d0f21c3", "type": "github" }, "original": { @@ -437,11 +419,11 @@ ] }, "locked": { - "lastModified": 1754842705, - "narHash": "sha256-2vvncPLsBWV6dRM5LfGHMGYZ+vzqRDqSPBzxPAS0R/A=", + "lastModified": 1761344779, + "narHash": "sha256-6LNSptFYhiAd0M/maJoixJw7V0Kp5BSoMRtIahcfu3M=", "owner": "nix-community", "repo": "home-manager", - "rev": "91586008a23c01cc32894ee187dca8c0a7bd20a4", + "rev": "c644cb018f9fdec55f5ac2afb4713a8c7beb757c", "type": "github" }, "original": { @@ -481,11 +463,11 @@ "linux-tkg": { "flake": false, "locked": { - "lastModified": 1754707367, - "narHash": "sha256-c4kr9yDWeT6u4pmWva/RoMf06W3OsOOxVf2GLzV4MCw=", + "lastModified": 1761271248, + "narHash": "sha256-x90r+HsgZ9z47LoFW6lz+NDX0BqLRSXqc/U0ab1uCUY=", "owner": "Frogging-Family", "repo": "linux-tkg", - "rev": "6742817d970e38c1cfc747a8a83ab3cea95a43d5", + "rev": "7870dc8a170d975ac31f5814d645f1c1757a8798", "type": "github" }, "original": { @@ -507,11 +489,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1754641381, - "narHash": "sha256-eMoujl/X1lbdjRbC/HHCpZmUb5tqTAYSL1hocy+o7nc=", + "lastModified": 1761350724, + "narHash": "sha256-ogJgZWLclKE10H7xw+jBjmnhg8U/2OpJZTaIulMr7Rw=", "owner": "nix-community", "repo": "neovim-nightly-overlay", - "rev": "83aaf3085f808dec9ea1b5d16b216875a8081b37", + "rev": "cd02956a1f6376f524a10b94893bc9408b476322", "type": "github" }, "original": { @@ -523,11 +505,11 @@ "neovim-src": { "flake": false, "locked": { - "lastModified": 1754610154, - "narHash": "sha256-ORfF40X4BGiFxnLNQbdsQbUTW4TkUHfPqyZWHaYL5NE=", + "lastModified": 1761346084, + "narHash": "sha256-bhbEqOGNBD52bb5ZUXyd/Ua67hCpzgidOjkWOwJO1iw=", "owner": "neovim", "repo": "neovim", - "rev": "038eb01b41b66379f75164507571497929f8847c", + "rev": "520568f40f22d77e623ddda77cf751031774384b", "type": "github" }, "original": { @@ -538,15 +520,15 @@ }, "nix-gaming": { "inputs": { - "flake-parts": "flake-parts_3", + "flake-parts": "flake-parts_2", "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1754791758, - "narHash": "sha256-XlyhRNYVItOE9IHi+loJBHnZ8c6ZbdV9lr6KFXPUpbY=", + "lastModified": 1761184286, + "narHash": "sha256-yK/XQSwkOlgljcxNhlu08Zyp96DzF4eIU1leyWjyNZE=", "owner": "fufexan", "repo": "nix-gaming", - "rev": "c7043951476c524a8dafa241158f7cb30079cdad", + "rev": "8ac5469d67b8c197832575db87f6bde38032a947", "type": "github" }, "original": { @@ -557,11 +539,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1754498491, - "narHash": "sha256-erbiH2agUTD0Z30xcVSFcDHzkRvkRXOQ3lb887bcVrs=", + "lastModified": 1759036355, + "narHash": "sha256-0m27AKv6ka+q270dw48KflE0LwQYrO7Fm4/2//KCVWg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c2ae88e026f9525daf89587f3cbee584b92b6134", + "rev": "e9f00bd893984bc8ce46c895c3bf7cac95331127", "type": "github" }, "original": { @@ -573,11 +555,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1753579242, - "narHash": "sha256-zvaMGVn14/Zz8hnp4VWT9xVnhc8vuL3TStRqwk22biA=", + "lastModified": 1754788789, + "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "0f36c44e01a6129be94e3ade315a5883f0228a6e", + "rev": "a73b9c743612e4244d865a2fdee11865283c04e6", "type": "github" }, "original": { @@ -604,11 +586,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1754863774, - "narHash": "sha256-OOkhunEjy+t5xP3oMxD9ezDZ3j3PYfOsT9aro/WcBGA=", + "lastModified": 1761346166, + "narHash": "sha256-bJvQiPY1dnu3lTV7w61n4Opx6kcRcU6egJovDV+6/H4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a84e756ad67fa42311e2d22cbc8f566ee46a04fd", + "rev": "810ffa7c371a24bdc286cdf322e1ebcf4b196b6b", "type": "github" }, "original": { @@ -636,11 +618,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1754711617, - "narHash": "sha256-WrZ280bT6NzNbBo+CKeJA/NW1rhvN/RUPZczqCpu2mI=", + "lastModified": 1760596604, + "narHash": "sha256-J/i5K6AAz/y5dBePHQOuzC7MbhyTOKsd/GLezSbEFiM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "00b574b1ba8a352f0601c4dde4faff4b534ebb1e", + "rev": "3cbe716e2346710d6e1f7c559363d14e11c32a43", "type": "github" }, "original": { @@ -652,11 +634,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1754725699, - "narHash": "sha256-iAcj9T/Y+3DBy2J0N+yF9XQQQ8IEb5swLFzs23CdP88=", + "lastModified": 1761114652, + "narHash": "sha256-f/QCJM/YhrV/lavyCVz8iU3rlZun6d+dAiC3H+CDle4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "85dbfc7aaf52ecb755f87e577ddbe6dbbdbc1054", + "rev": "01f116e4df6a15f4ccdffb1bcd41096869fb385c", "type": "github" }, "original": { @@ -708,11 +690,11 @@ "pure": { "flake": false, "locked": { - "lastModified": 1745571677, - "narHash": "sha256-m4vCfX/IwByQN0OvcwDs+fy6LYndhGbNDQueOCREVx8=", + "lastModified": 1760326343, + "narHash": "sha256-LfrZUv0UMVyygPd1RAv2EIWEvds2n0iEG8G2q7h5izM=", "owner": "sindresorhus", "repo": "pure", - "rev": "5c2158096cd992ad73ae4b42aa43ee618383e092", + "rev": "58fe1ac501df94f5458b8c7d08fbea8e5bd86426", "type": "github" }, "original": { @@ -752,11 +734,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1754575663, - "narHash": "sha256-afOx8AG0KYtw7mlt6s6ahBBy7eEHZwws3iCRoiuRQS4=", + "lastModified": 1759199574, + "narHash": "sha256-w24RYly3VSVKp98rVfCI1nFYfQ0VoWmShtKPCbXgK6A=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "6db0fb0e9cec2e9729dc52bf4898e6c135bb8a0f", + "rev": "381776b12d0d125edd7c1930c2041a1471e586c0", "type": "github" }, "original": { @@ -773,11 +755,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1754801101, - "narHash": "sha256-oxWjZ/SfhCvHFNePZcUu+LcE5j4xxuIt/yaoaSvMZk0=", + "lastModified": 1760848035, + "narHash": "sha256-H3MFH8+i4wFagkebtHPcosQdkmxQ4a6fl1lMbLb+RkA=", "owner": "Gerg-L", "repo": "spicetify-nix", - "rev": "fcbfc21572518c68317df992929b28df9a1d8468", + "rev": "cde9f78ae705343a38f5d1d19ab34858b5e9caa9", "type": "github" }, "original": { @@ -805,11 +787,11 @@ "stevenblack-hosts": { "flake": false, "locked": { - "lastModified": 1754759508, - "narHash": "sha256-D//sryXk4tiPB6pBrFz3+rA68JQRR+8IAicEA5h7CWQ=", + "lastModified": 1760670453, + "narHash": "sha256-KQx4CWPfKBJwuBONYSE7AIKa7UBXBvtNVcrOmkPrjkY=", "owner": "StevenBlack", "repo": "hosts", - "rev": "a11705bff29cdf2744dfdf7463a4000ee67d2ba4", + "rev": "5da10a61afc297307c489903bfc35b1eb8dac674", "type": "github" }, "original": { @@ -887,11 +869,11 @@ ] }, "locked": { - "lastModified": 1754492133, - "narHash": "sha256-B+3g9+76KlGe34Yk9za8AF3RL+lnbHXkLiVHLjYVOAc=", + "lastModified": 1761311587, + "narHash": "sha256-Msq86cR5SjozQGCnC6H8C+0cD4rnx91BPltZ9KK613Y=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "1298185c05a56bff66383a20be0b41a307f52228", + "rev": "2eddae033e4e74bf581c2d1dfa101f9033dbd2dc", "type": "github" }, "original": { @@ -936,11 +918,11 @@ "zsh-abbr": { "flake": false, "locked": { - "lastModified": 1752982673, - "narHash": "sha256-9Tv64JFWG6yZnH16b8y80Q/Vk8wesxGpWG6JHiot70g=", + "lastModified": 1755632519, + "narHash": "sha256-vu17UAainZDD+8y/t+vBdGUe2NTF5XZdnHy5T15pNUE=", "ref": "refs/heads/main", - "rev": "2fd354de4d21be6c91ad2ea71af08525f3e76b39", - "revCount": 1061, + "rev": "13b34cdc29d8b22323fa2079193ea1529723747c", + "revCount": 1065, "submodules": true, "type": "git", "url": "https://github.com/olets/zsh-abbr" From a9f5d4da4d485744b2c502bb6d09a53a15d114b3 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Sat, 25 Oct 2025 01:45:00 +0000 Subject: [PATCH 100/301] packages/linux-lava: bump to 6.17.5 --- packages/linux-lava/sources.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/linux-lava/sources.nix b/packages/linux-lava/sources.nix index b8f408a..5e16c02 100644 --- a/packages/linux-lava/sources.nix +++ b/packages/linux-lava/sources.nix @@ -1,8 +1,8 @@ { fetchFromGitHub, inputs, lib }: let - version = "6.16.1"; - kernelHash = "10ydzfzc3g0nhns6md08gpfshhjcyd58lylqr15alijjdgzf4jqs"; - kernelPatchHash = "0qg6jcbjwik2xzz26zbiz495ig03znaf0s4xp2qrl36lpsbjcr7a"; + version = "6.17.5"; + kernelHash = "19spyyknps9dzb6mz5sk685a505hzqi144lqc0rdi6f9l5k72q4v"; + kernelPatchHash = "1fl72ykgj6bvcx7k6dx6g1v0fdka9m9nim5kj4cpnva6jyx2lgbv"; mm = lib.versions.majorMinor version; hasPatch = (builtins.length (builtins.splitVersion version)) == 3; From 84ddc3b6ec38fc27f04ec00904b852c99ee93ae5 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sat, 25 Oct 2025 18:50:01 +1100 Subject: [PATCH 101/301] user/rofi: switch to upstream rofi from wayland fork --- modules/user/rofi.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/user/rofi.nix b/modules/user/rofi.nix index 19e569e..1f11d06 100644 --- a/modules/user/rofi.nix +++ b/modules/user/rofi.nix @@ -16,7 +16,6 @@ let in { programs.rofi = { enable = true; - package = pkgs.rofi-wayland; theme = "theme"; }; xdg.configFile."rofi/theme.rasi".source = theme; From 03bfa7da93aeba903aa721d094c810e6109601a3 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sat, 25 Oct 2025 18:50:34 +1100 Subject: [PATCH 102/301] system/greed: greetd.tuigreet -> tuigreet --- modules/system/greetd.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/greetd.nix b/modules/system/greetd.nix index ad4a2d6..f220847 100644 --- a/modules/system/greetd.nix +++ b/modules/system/greetd.nix @@ -3,7 +3,7 @@ enable = true; settings = { default_session = { - command = "${pkgs.greetd.tuigreet}/bin/tuigreet --remember --asterisks --time --cmd 'zsh -c \"source $HOME/.config/zsh/.zshrc && Hyprland > $XDG_RUNTIME_DIR/Hyprland.out\"'"; + command = "${pkgs.tuigreet}/bin/tuigreet --remember --asterisks --time --cmd 'zsh -c \"source $HOME/.config/zsh/.zshrc && Hyprland > $XDG_RUNTIME_DIR/Hyprland.out\"'"; user = "greeter"; }; From 6d356be1f0502e29f72a4908a41665784648ffb3 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sat, 25 Oct 2025 18:53:12 +1100 Subject: [PATCH 103/301] services/nginx: acme.email -> acme.defaults.email --- modules/services/nginx.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/services/nginx.nix b/modules/services/nginx.nix index be8adaf..10a2d84 100644 --- a/modules/services/nginx.nix +++ b/modules/services/nginx.nix @@ -2,7 +2,7 @@ networking.firewall.allowedTCPPorts = [ 80 443 ]; security.acme = { acceptTerms = true; - email = "me@lava.moe"; + defaults.email = "me@lava.moe"; certs."lava.moe" = { group = "nginx"; domain = "lava.moe"; From 892f9bfe73a5b9f05668e5f026a8baf1adb15bd4 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sat, 25 Oct 2025 18:54:03 +1100 Subject: [PATCH 104/301] hosts/hazel: hardware.opengl -> hardware.graphics --- hosts/hazel/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/hazel/default.nix b/hosts/hazel/default.nix index 7e22154..cd568c3 100644 --- a/hosts/hazel/default.nix +++ b/hosts/hazel/default.nix @@ -73,7 +73,7 @@ in }; users.users.immich.extraGroups = [ "video" "render" ]; - hardware.opengl.enable = true; + hardware.graphics.enable = true; services.nginx.virtualHosts."photos.lava.moe" = { enableACME = true; forceSSL = true; From 45a8eadeda1bf5a90eb7e24e1bf448500fe00d4c Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Mon, 3 Nov 2025 13:43:06 +1100 Subject: [PATCH 105/301] user/neovim: migrate to new lsp config syntax --- res/config.lua | 75 +++++++++++++++++++++++++++----------------------- 1 file changed, 40 insertions(+), 35 deletions(-) diff --git a/res/config.lua b/res/config.lua index 55b991e..97fa58f 100644 --- a/res/config.lua +++ b/res/config.lua @@ -124,32 +124,37 @@ end vim.cmd('au FileType javascript setlocal indentexpr=v:lua.javascript_indent()') -- LSP -local nvim_lsp = require('lspconfig') +vim.api.nvim_create_autocmd("LspAttach", { + callback = function(args) + local client = vim.lsp.get_client_by_id(args.data.client_id) + if not client then + return + end -local on_attach = function(client, bufnr) - local function buf_set_keymap(...) vim.api.nvim_buf_set_keymap(bufnr, ...) end - local function buf_set_option(...) vim.api.nvim_buf_set_option(bufnr, ...) end + local function buf_set_keymap(...) vim.api.nvim_buf_set_keymap(args.buf, ...) end + local function buf_set_option(...) vim.api.nvim_buf_set_option(args.buf, ...) end - local opts = { noremap = true, silent = true } + local opts = { noremap = true, silent = true } - buf_set_keymap('n', 'gD', 'lua vim.lsp.buf.declaration()', opts) - buf_set_keymap('n', 'gd', 'lua vim.lsp.buf.definition()', opts) - buf_set_keymap('n', 'K', 'lua vim.lsp.buf.hover()', opts) - buf_set_keymap('n', 'gi', 'lua vim.lsp.buf.implementation()', opts) - buf_set_keymap('n', '', 'lua vim.lsp.buf.signature_help()', opts) - buf_set_keymap('n', 'wa', 'lua vim.lsp.buf.add_workspace_folder()', opts) - buf_set_keymap('n', 'wr', 'lua vim.lsp.buf.remove_workspace_folder()', opts) - buf_set_keymap('n', 'wl', 'lua print(vim.inspect(vim.lsp.buf.list_workspace_folders()))', opts) - buf_set_keymap('n', 'D', 'lua vim.lsp.buf.type_definition()', opts) - buf_set_keymap('n', 'rn', 'lua vim.lsp.buf.rename()', opts) - buf_set_keymap('n', 'ca', 'lua vim.lsp.buf.code_action()', opts) - buf_set_keymap('n', 'gr', 'lua vim.lsp.buf.references()', opts) - buf_set_keymap('n', 'e', 'lua vim.diagnostic.open_float(0, { scope = "line" })', opts) - buf_set_keymap('n', '[d', 'lua vim.lsp.diagnostic.goto_prev()', opts) - buf_set_keymap('n', ']d', 'lua vim.lsp.diagnostic.goto_next()', opts) - buf_set_keymap('n', 'q', 'lua vim.lsp.diagnostic.set_loclist()', opts) - buf_set_keymap('n', 'f', 'lua vim.lsp.buf.formatting()', opts) -end + buf_set_keymap('n', 'gD', 'lua vim.lsp.buf.declaration()', opts) + buf_set_keymap('n', 'gd', 'lua vim.lsp.buf.definition()', opts) + buf_set_keymap('n', 'K', 'lua vim.lsp.buf.hover()', opts) + buf_set_keymap('n', 'gi', 'lua vim.lsp.buf.implementation()', opts) + buf_set_keymap('n', '', 'lua vim.lsp.buf.signature_help()', opts) + buf_set_keymap('n', 'wa', 'lua vim.lsp.buf.add_workspace_folder()', opts) + buf_set_keymap('n', 'wr', 'lua vim.lsp.buf.remove_workspace_folder()', opts) + buf_set_keymap('n', 'wl', 'lua print(vim.inspect(vim.lsp.buf.list_workspace_folders()))', opts) + buf_set_keymap('n', 'D', 'lua vim.lsp.buf.type_definition()', opts) + buf_set_keymap('n', 'rn', 'lua vim.lsp.buf.rename()', opts) + buf_set_keymap('n', 'ca', 'lua vim.lsp.buf.code_action()', opts) + buf_set_keymap('n', 'gr', 'lua vim.lsp.buf.references()', opts) + buf_set_keymap('n', 'e', 'lua vim.diagnostic.open_float(0, { scope = "line" })', opts) + buf_set_keymap('n', '[d', 'lua vim.lsp.diagnostic.goto_prev()', opts) + buf_set_keymap('n', ']d', 'lua vim.lsp.diagnostic.goto_next()', opts) + buf_set_keymap('n', 'q', 'lua vim.lsp.diagnostic.set_loclist()', opts) + buf_set_keymap('n', 'f', 'lua vim.lsp.buf.formatting()', opts) + end +}) vim.lsp.handlers["textDocument/publishDiagnostics"] = vim.lsp.with( vim.lsp.diagnostic.on_publish_diagnostics, { @@ -164,17 +169,15 @@ vim.lsp.handlers["textDocument/signatureHelp"] = vim.lsp.with( vim.lsp.handlers.signature_help, { focusable = false } ) -local capabilities = vim.lsp.protocol.make_client_capabilities() -capabilities.textDocument.completion.completionItem.snippetSupport = true capabilities = require('cmp_nvim_lsp').default_capabilities(capabilities) local servers = { 'astro', 'clangd', 'cssls', 'html', 'nil_ls', 'tailwindcss', 'texlab', 'ts_ls', 'yamlls' } for _, lsp in ipairs(servers) do - nvim_lsp[lsp].setup { + vim.lsp.config(lsp, { capabilities = capabilities, - on_attach = on_attach, flags = { debounce_text_changes = 150 } - } + }) + vim.lsp.enable(lsp) end -- nvim-cmp @@ -224,15 +227,16 @@ cmp.setup { -- LSP/Omnisharp local pid = vim.fn.getpid() -nvim_lsp.omnisharp.setup { +vim.lsp.config("omnisharp", { capabilities = capabilities, on_attach = on_attach, flags = { debounce_text_changes = 150 }, cmd = { "{{OMNISHARP_PATH}}", "--languageserver", "--hostPID", tostring(pid) } -} +}) +vim.lsp.enable("omnisharp") -- LSP/rust_analyzer -nvim_lsp.rust_analyzer.setup { +vim.lsp.config("rust_analyzer", { capabilities = capabilities, on_attach = on_attach, flags = { debounce_text_changes = 150 }, @@ -249,11 +253,11 @@ nvim_lsp.rust_analyzer.setup { } } } -} - +}) +vim.lsp.enable("rust_analyzer") -- LSP/Diagnostics -nvim_lsp.diagnosticls.setup { +vim.lsp.config("diagnosticls", { capabilities = capabilities, on_attach = on_attach, flags = { debounce_text_changes = 150 }, @@ -289,7 +293,8 @@ nvim_lsp.diagnosticls.setup { vue = 'eslint' } } -} +}) +vim.lsp.enable("diagnosticls") -- LSP/Signatures require("lsp_signature").setup { From b4e6a9bc049556559301a5067e1a1c7289d8af0d Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Fri, 21 Nov 2025 22:43:33 +1100 Subject: [PATCH 106/301] flake: bump inputs --- flake.lock | 241 +++++++++++++---------------------------------------- 1 file changed, 57 insertions(+), 184 deletions(-) diff --git a/flake.lock b/flake.lock index ff2042e..2b37612 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1759319421, - "narHash": "sha256-45yE92tDGtCX/vdyUuD3ckCqyZ3pwP0yrTorjvL80fc=", + "lastModified": 1762958586, + "narHash": "sha256-1MryKS54NVQld+xDvCN0OBmAC8Jk+HmplqWbuerrhlk=", "owner": "ezKEa", "repo": "aagl-gtk-on-nix", - "rev": "37bf87881ae7a68bccdd383fef345c748a23d3b7", + "rev": "0d212e20bebe63b49b588323d37c0cc46bd7000f", "type": "github" }, "original": { @@ -30,11 +30,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1760836749, + "lastModified": 1762618334, "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", "owner": "ryantm", "repo": "agenix", - "rev": "2f0f812f69f3eb4140157fe15e12739adf82e32a", + "rev": "fcdea223397448d35d9b31f798479227e80183f6", "type": "github" }, "original": { @@ -155,43 +155,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "lastModified": 1761588595, + "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=", "owner": "edolstra", "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_2": { - "flake": false, - "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_3": { - "flake": false, - "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5", "type": "github" }, "original": { @@ -208,11 +176,11 @@ ] }, "locked": { - "lastModified": 1760948891, - "narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=", + "lastModified": 1762980239, + "narHash": "sha256-8oNVE8TrD19ulHinjaqONf9QWCKK+w4url56cdStMpM=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "864599284fc7c0ba6357ed89ed5e2cd5040f0c04", + "rev": "52a2caecc898d0b46b2b905f058ccc5081f842da", "type": "github" }, "original": { @@ -226,11 +194,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1760813311, - "narHash": "sha256-lbHQ7FXGzt6/IygWvJ1lCq+Txcut3xYYd6VIpF1ojkg=", + "lastModified": 1762980239, + "narHash": "sha256-8oNVE8TrD19ulHinjaqONf9QWCKK+w4url56cdStMpM=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "4e627ac2e1b8f1de7f5090064242de9a259dbbc8", + "rev": "52a2caecc898d0b46b2b905f058ccc5081f842da", "type": "github" }, "original": { @@ -257,76 +225,6 @@ "type": "github" } }, - "git-hooks": { - "inputs": { - "flake-compat": "flake-compat_3", - "gitignore": "gitignore", - "nixpkgs": [ - "neovim-nightly", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1760663237, - "narHash": "sha256-BflA6U4AM1bzuRMR8QqzPXqh8sWVCNDzOdsxXEguJIc=", - "owner": "cachix", - "repo": "git-hooks.nix", - "rev": "ca5b894d3e3e151ffc1db040b6ce4dcc75d31c37", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "git-hooks.nix", - "type": "github" - } - }, - "gitignore": { - "inputs": { - "nixpkgs": [ - "neovim-nightly", - "git-hooks", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1709087332, - "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", - "owner": "hercules-ci", - "repo": "gitignore.nix", - "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "gitignore.nix", - "type": "github" - } - }, - "hercules-ci-effects": { - "inputs": { - "flake-parts": [ - "neovim-nightly", - "flake-parts" - ], - "nixpkgs": [ - "neovim-nightly", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1761230615, - "narHash": "sha256-pLE7U5gOtlA/2wbKCsVRYf5DqMQ5TWBCrCfZGytDDeo=", - "owner": "hercules-ci", - "repo": "hercules-ci-effects", - "rev": "7db2b867219a26781437d840ce457b75b7645154", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "hercules-ci-effects", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -419,11 +317,11 @@ ] }, "locked": { - "lastModified": 1761344779, - "narHash": "sha256-6LNSptFYhiAd0M/maJoixJw7V0Kp5BSoMRtIahcfu3M=", + "lastModified": 1763416652, + "narHash": "sha256-8EBEEvtzQ11LCxpQHMNEBQAGtQiCu/pqP9zSovDSbNM=", "owner": "nix-community", "repo": "home-manager", - "rev": "c644cb018f9fdec55f5ac2afb4713a8c7beb757c", + "rev": "ea164b7c9ccdc2321379c2ff78fd4317b4c41312", "type": "github" }, "original": { @@ -463,11 +361,11 @@ "linux-tkg": { "flake": false, "locked": { - "lastModified": 1761271248, - "narHash": "sha256-x90r+HsgZ9z47LoFW6lz+NDX0BqLRSXqc/U0ab1uCUY=", + "lastModified": 1763432202, + "narHash": "sha256-6eGh8gEh2Ch3cjpb0Vet2TldlXKvhkI8gkde6sabP3U=", "owner": "Frogging-Family", "repo": "linux-tkg", - "rev": "7870dc8a170d975ac31f5814d645f1c1757a8798", + "rev": "9b47ccaef1f98d1e5c0d48b9429442ae6894c191", "type": "github" }, "original": { @@ -478,22 +376,18 @@ }, "neovim-nightly": { "inputs": { - "flake-compat": "flake-compat_2", "flake-parts": "flake-parts", - "git-hooks": "git-hooks", - "hercules-ci-effects": "hercules-ci-effects", "neovim-src": "neovim-src", "nixpkgs": [ "nixpkgs" - ], - "treefmt-nix": "treefmt-nix" + ] }, "locked": { - "lastModified": 1761350724, - "narHash": "sha256-ogJgZWLclKE10H7xw+jBjmnhg8U/2OpJZTaIulMr7Rw=", + "lastModified": 1763683496, + "narHash": "sha256-k20voxbsi+899PeXlvWpKU5tcgNYfNqC52rgrh+MOto=", "owner": "nix-community", "repo": "neovim-nightly-overlay", - "rev": "cd02956a1f6376f524a10b94893bc9408b476322", + "rev": "1ddc8e956c8165df29735202b76bb0cfa827916d", "type": "github" }, "original": { @@ -505,11 +399,11 @@ "neovim-src": { "flake": false, "locked": { - "lastModified": 1761346084, - "narHash": "sha256-bhbEqOGNBD52bb5ZUXyd/Ua67hCpzgidOjkWOwJO1iw=", + "lastModified": 1763682595, + "narHash": "sha256-/dUf5I0DyLvPgFzjJj0/lUHKZ2M1sVlbYCgudDabxIo=", "owner": "neovim", "repo": "neovim", - "rev": "520568f40f22d77e623ddda77cf751031774384b", + "rev": "a8b9660ca3452a27b68bf914f618df2d78b64180", "type": "github" }, "original": { @@ -524,11 +418,11 @@ "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1761184286, - "narHash": "sha256-yK/XQSwkOlgljcxNhlu08Zyp96DzF4eIU1leyWjyNZE=", + "lastModified": 1763517349, + "narHash": "sha256-QgAbzE/1imXSQX8ZlLgxV/eCzl0aAr+UZRVKBWDS138=", "owner": "fufexan", "repo": "nix-gaming", - "rev": "8ac5469d67b8c197832575db87f6bde38032a947", + "rev": "b13a918dae392cd84191c55448ecd7ffca6cf7d0", "type": "github" }, "original": { @@ -539,11 +433,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1759036355, - "narHash": "sha256-0m27AKv6ka+q270dw48KflE0LwQYrO7Fm4/2//KCVWg=", + "lastModified": 1761672384, + "narHash": "sha256-o9KF3DJL7g7iYMZq9SWgfS1BFlNbsm6xplRjVlOCkXI=", "owner": "nixos", "repo": "nixpkgs", - "rev": "e9f00bd893984bc8ce46c895c3bf7cac95331127", + "rev": "08dacfca559e1d7da38f3cf05f1f45ee9bfd213c", "type": "github" }, "original": { @@ -555,11 +449,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1754788789, - "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=", + "lastModified": 1761765539, + "narHash": "sha256-b0yj6kfvO8ApcSE+QmA6mUfu8IYG6/uU28OFn4PaC8M=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "a73b9c743612e4244d865a2fdee11865283c04e6", + "rev": "719359f4562934ae99f5443f20aa06c2ffff91fc", "type": "github" }, "original": { @@ -586,11 +480,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1761346166, - "narHash": "sha256-bJvQiPY1dnu3lTV7w61n4Opx6kcRcU6egJovDV+6/H4=", + "lastModified": 1763682598, + "narHash": "sha256-1vlouRdKg6PF8dzTbiT1BB+VwLGkaVUgrDt9NKoiisY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "810ffa7c371a24bdc286cdf322e1ebcf4b196b6b", + "rev": "70fca9810d7049ec65e7aae5b885d7bde224f966", "type": "github" }, "original": { @@ -618,11 +512,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1760596604, - "narHash": "sha256-J/i5K6AAz/y5dBePHQOuzC7MbhyTOKsd/GLezSbEFiM=", + "lastModified": 1763312402, + "narHash": "sha256-3YJkOBrFpmcusnh7i8GXXEyh7qZG/8F5z5+717550Hk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3cbe716e2346710d6e1f7c559363d14e11c32a43", + "rev": "85a6c4a07faa12aaccd81b36ba9bfc2bec974fa1", "type": "github" }, "original": { @@ -634,11 +528,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1761114652, - "narHash": "sha256-f/QCJM/YhrV/lavyCVz8iU3rlZun6d+dAiC3H+CDle4=", + "lastModified": 1763421233, + "narHash": "sha256-Stk9ZYRkGrnnpyJ4eqt9eQtdFWRRIvMxpNRf4sIegnw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "01f116e4df6a15f4ccdffb1bcd41096869fb385c", + "rev": "89c2b2330e733d6cdb5eae7b899326930c2c0648", "type": "github" }, "original": { @@ -690,11 +584,11 @@ "pure": { "flake": false, "locked": { - "lastModified": 1760326343, - "narHash": "sha256-LfrZUv0UMVyygPd1RAv2EIWEvds2n0iEG8G2q7h5izM=", + "lastModified": 1763198167, + "narHash": "sha256-AZSxP2g6BWoxyiSQH7yzbbbfGcwD8jgnXPPfcYwJUL0=", "owner": "sindresorhus", "repo": "pure", - "rev": "58fe1ac501df94f5458b8c7d08fbea8e5bd86426", + "rev": "54bd501c802283dee0940457da6eb3e642bd1453", "type": "github" }, "original": { @@ -734,11 +628,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1759199574, - "narHash": "sha256-w24RYly3VSVKp98rVfCI1nFYfQ0VoWmShtKPCbXgK6A=", + "lastModified": 1761791894, + "narHash": "sha256-myRIDh+PxaREz+z9LzbqBJF+SnTFJwkthKDX9zMyddY=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "381776b12d0d125edd7c1930c2041a1471e586c0", + "rev": "59c45eb69d9222a4362673141e00ff77842cd219", "type": "github" }, "original": { @@ -755,11 +649,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1760848035, - "narHash": "sha256-H3MFH8+i4wFagkebtHPcosQdkmxQ4a6fl1lMbLb+RkA=", + "lastModified": 1763267524, + "narHash": "sha256-CywB4iCpGr4CYZAD+WboFwBQ7Wnc7LdfSemFWuH/1Ro=", "owner": "Gerg-L", "repo": "spicetify-nix", - "rev": "cde9f78ae705343a38f5d1d19ab34858b5e9caa9", + "rev": "cf33e39bd1a21993a28ffee8be433e212ecf346a", "type": "github" }, "original": { @@ -787,11 +681,11 @@ "stevenblack-hosts": { "flake": false, "locked": { - "lastModified": 1760670453, - "narHash": "sha256-KQx4CWPfKBJwuBONYSE7AIKa7UBXBvtNVcrOmkPrjkY=", + "lastModified": 1763488188, + "narHash": "sha256-sJ6JT8GSmUUUAi8Ylhp6vE6OKmQxNfHye0FiJbZwoo4=", "owner": "StevenBlack", "repo": "hosts", - "rev": "5da10a61afc297307c489903bfc35b1eb8dac674", + "rev": "c66c4aa05a95669943eb3b8f68ba3d359825c4b9", "type": "github" }, "original": { @@ -861,27 +755,6 @@ "type": "gitlab" } }, - "treefmt-nix": { - "inputs": { - "nixpkgs": [ - "neovim-nightly", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1761311587, - "narHash": "sha256-Msq86cR5SjozQGCnC6H8C+0cD4rnx91BPltZ9KK613Y=", - "owner": "numtide", - "repo": "treefmt-nix", - "rev": "2eddae033e4e74bf581c2d1dfa101f9033dbd2dc", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "treefmt-nix", - "type": "github" - } - }, "website": { "flake": false, "locked": { From 8ae384686ca64255d8ca8829ee579fcf9603dc37 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Fri, 21 Nov 2025 22:43:43 +1100 Subject: [PATCH 107/301] packages/linux-lava: bump to 6.17.8 --- packages/linux-lava/sources.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/linux-lava/sources.nix b/packages/linux-lava/sources.nix index 5e16c02..44a30ee 100644 --- a/packages/linux-lava/sources.nix +++ b/packages/linux-lava/sources.nix @@ -1,8 +1,8 @@ { fetchFromGitHub, inputs, lib }: let - version = "6.17.5"; + version = "6.17.8"; kernelHash = "19spyyknps9dzb6mz5sk685a505hzqi144lqc0rdi6f9l5k72q4v"; - kernelPatchHash = "1fl72ykgj6bvcx7k6dx6g1v0fdka9m9nim5kj4cpnva6jyx2lgbv"; + kernelPatchHash = "0f1apr8wrsddik48mwsfq8d22x9019f1b023gvdzkpn2s58ja74n"; mm = lib.versions.majorMinor version; hasPatch = (builtins.length (builtins.splitVersion version)) == 3; From c5dd3e4f5e5a19f75acef2c01fa23f2a6cfac926 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Fri, 21 Nov 2025 23:14:31 +1100 Subject: [PATCH 108/301] treewide: change deprecated and renamed option and package names --- hosts/hyacinth/kernel.nix | 4 ++++ modules/system/corectrl.nix | 4 ---- modules/system/gui.nix | 1 - modules/system/packages-gui.nix | 4 ++-- modules/user/direnv.nix | 2 +- modules/user/git.nix | 6 +++--- modules/user/gpg.nix | 2 +- modules/user/zsh.nix | 2 +- users/rin/packages.nix | 2 +- 9 files changed, 13 insertions(+), 14 deletions(-) diff --git a/hosts/hyacinth/kernel.nix b/hosts/hyacinth/kernel.nix index 3e2d8d1..f410014 100644 --- a/hosts/hyacinth/kernel.nix +++ b/hosts/hyacinth/kernel.nix @@ -13,4 +13,8 @@ ]; kernelPackages = lib.mkForce (pkgs.linuxPackagesFor pkgs.me.linux-lava); }; + hardware.amdgpu.overdrive = { + enable = true; + ppfeaturemask = "0xffffffff"; + }; } diff --git a/modules/system/corectrl.nix b/modules/system/corectrl.nix index c2ec98d..6f6ca01 100644 --- a/modules/system/corectrl.nix +++ b/modules/system/corectrl.nix @@ -1,9 +1,5 @@ { ... }: { programs.corectrl = { enable = true; - gpuOverclock = { - enable = true; - ppfeaturemask = "0xffffffff"; - }; }; } diff --git a/modules/system/gui.nix b/modules/system/gui.nix index e9443ab..7028dac 100644 --- a/modules/system/gui.nix +++ b/modules/system/gui.nix @@ -15,7 +15,6 @@ hanazono noto-fonts noto-fonts-cjk-sans - noto-fonts-extra open-sans twemoji-color-font unifont diff --git a/modules/system/packages-gui.nix b/modules/system/packages-gui.nix index 9e6e946..78e778b 100644 --- a/modules/system/packages-gui.nix +++ b/modules/system/packages-gui.nix @@ -6,8 +6,8 @@ ]; programs.adb.enable = true; hardware.graphics.extraPackages = with pkgs; [ - vaapiIntel - vaapiVdpau + intel-vaapi-driver + libva-vdpau-driver libvdpau-va-gl ]; programs.light.enable = true; diff --git a/modules/user/direnv.nix b/modules/user/direnv.nix index 3f54b94..2329800 100644 --- a/modules/user/direnv.nix +++ b/modules/user/direnv.nix @@ -5,7 +5,7 @@ enable = true; }; }; - programs.git.extraConfig.core.excludesFile = ".envrc"; + programs.git.settings.core.excludesFile = ".envrc"; # We can't use .source since hm manages this file too xdg.configFile."direnv/direnvrc".text = builtins.readFile ../../res/direnvrc; home.activation = { diff --git a/modules/user/git.nix b/modules/user/git.nix index 16a2cdd..adadf7e 100644 --- a/modules/user/git.nix +++ b/modules/user/git.nix @@ -1,13 +1,13 @@ { ... }: { programs.git = { enable = true; - userName = "Cilly Leang"; - userEmail = "me@lava.moe"; signing = { key = "059F098EBF0E9A13E10A46BF6500251E087653C9"; signByDefault = true; }; - extraConfig = { + settings = { + user.name = "Cilly Leang"; + user.email = "me@lava.moe"; core.abbrev = 11; safe.directory = "/home/rin/Projects/flakes"; }; diff --git a/modules/user/gpg.nix b/modules/user/gpg.nix index 768c5d9..dba731f 100644 --- a/modules/user/gpg.nix +++ b/modules/user/gpg.nix @@ -5,6 +5,6 @@ }; services.gpg-agent = { enable = true; - pinentryPackage = pkgs.pinentry-gnome3; + pinentry.package = pkgs.pinentry-gnome3; }; } diff --git a/modules/user/zsh.nix b/modules/user/zsh.nix index 54533b9..3fefce6 100644 --- a/modules/user/zsh.nix +++ b/modules/user/zsh.nix @@ -104,7 +104,7 @@ in { programs.command-not-found.enable = true; programs.zsh = { enable = true; - dotDir = ".config/zsh"; + dotDir = "${config.xdg.configHome}/zsh"; autocd = true; defaultKeymap = "viins"; diff --git a/users/rin/packages.nix b/users/rin/packages.nix index 2299028..6e4d84a 100644 --- a/users/rin/packages.nix +++ b/users/rin/packages.nix @@ -57,7 +57,7 @@ in { swaybg (tetrio-desktop.override { withTetrioPlus = true; }) texliveFull - tor-browser-bundle-bin + tor-browser transmission-remote-gtk vesktop virt-manager From 4bd188cc644fc96e2ad4afdd4a99520091c7aa4f Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Fri, 21 Nov 2025 23:15:01 +1100 Subject: [PATCH 109/301] workflows/cachix: bump cachix action fixes a bug where the latest store path doesn't get pushed (so all the kernel builds never gets pushed) --- .github/workflows/cachix.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cachix.yml b/.github/workflows/cachix.yml index c8745d2..2a4d902 100644 --- a/.github/workflows/cachix.yml +++ b/.github/workflows/cachix.yml @@ -17,7 +17,7 @@ jobs: env: GIT_CRYPT_KEY: ${{ secrets.GIT_CRYPT_KEY }} - uses: cachix/install-nix-action@v31 - - uses: cachix/cachix-action@v14 + - uses: cachix/cachix-action@v16 with: name: lava authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' @@ -42,7 +42,7 @@ jobs: with: fetch-depth: 0 - uses: cachix/install-nix-action@v31 - - uses: cachix/cachix-action@v14 + - uses: cachix/cachix-action@v16 with: name: lava authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' From 57afed24ed3f14e937e9c090b911e3870fa61a98 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Thu, 29 Jan 2026 00:37:01 +1100 Subject: [PATCH 110/301] anemone/kernel: disable swapfile and hibernation --- hosts/anemone/kernel.nix | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/hosts/anemone/kernel.nix b/hosts/anemone/kernel.nix index cbee34c..d959b37 100644 --- a/hosts/anemone/kernel.nix +++ b/hosts/anemone/kernel.nix @@ -23,14 +23,14 @@ ]; }; - swapDevices = [{ - device = "/persist/swapfile"; - size = 16 * 1024; - }]; - - systemd.sleep.extraConfig = '' - HibernateMode=shutdown - ''; + # swapDevices = [{ + # device = "/persist/swapfile"; + # size = 16 * 1024; + # }]; + # + # systemd.sleep.extraConfig = '' + # HibernateMode=shutdown + # ''; /* services.logind.lidSwitch = "suspend-then-hibernate"; systemd.sleep.extraConfig = '' From 58efa5527ce2fb5b07a3e4e2dae146c8910ee6aa Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Tue, 3 Feb 2026 23:18:45 +1100 Subject: [PATCH 111/301] user/git: update git email --- modules/user/git.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/user/git.nix b/modules/user/git.nix index adadf7e..6c21f20 100644 --- a/modules/user/git.nix +++ b/modules/user/git.nix @@ -7,7 +7,7 @@ }; settings = { user.name = "Cilly Leang"; - user.email = "me@lava.moe"; + user.email = "mini@cilly.moe"; core.abbrev = 11; safe.directory = "/home/rin/Projects/flakes"; }; From 3af1ad12fda037274587baafd44991f687320531 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sat, 22 Nov 2025 15:37:16 +1100 Subject: [PATCH 112/301] system/nix: add nh --- modules/system/nix.nix | 1 + users/rin/default.nix | 1 + 2 files changed, 2 insertions(+) diff --git a/modules/system/nix.nix b/modules/system/nix.nix index e520205..ba671aa 100644 --- a/modules/system/nix.nix +++ b/modules/system/nix.nix @@ -23,5 +23,6 @@ ''; }; nixpkgs.config.allowUnfree = true; + programs.nh.enable = true; system.rebuild.enableNg = true; } diff --git a/users/rin/default.nix b/users/rin/default.nix index 3737b18..e8d6f5c 100644 --- a/users/rin/default.nix +++ b/users/rin/default.nix @@ -1,4 +1,5 @@ { config, modules, pkgs, ... }: { + programs.nh.flake = "/home/rin/Projects/flakes"; programs.zsh.enable = true; users.users.rin = { isNormalUser = true; From bcbebb0d46e956d0eeb556397e998486b2ba497c Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 6 Feb 2026 02:31:34 +0000 Subject: [PATCH 113/301] flake: bump inputs --- flake.lock | 134 ++++++++++++++++++++++++++--------------------------- 1 file changed, 67 insertions(+), 67 deletions(-) diff --git a/flake.lock b/flake.lock index 2b37612..ec50bf4 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1762958586, - "narHash": "sha256-1MryKS54NVQld+xDvCN0OBmAC8Jk+HmplqWbuerrhlk=", + "lastModified": 1770327417, + "narHash": "sha256-WNS+wDUeqfegOXf5emDRnNs2bPiJ7rhdARo4jyd3+Yw=", "owner": "ezKEa", "repo": "aagl-gtk-on-nix", - "rev": "0d212e20bebe63b49b588323d37c0cc46bd7000f", + "rev": "26670347cca9feddb31e075d23b474149d8902e1", "type": "github" }, "original": { @@ -30,11 +30,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1762618334, - "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", + "lastModified": 1770165109, + "narHash": "sha256-9VnK6Oqai65puVJ4WYtCTvlJeXxMzAp/69HhQuTdl/I=", "owner": "ryantm", "repo": "agenix", - "rev": "fcdea223397448d35d9b31f798479227e80183f6", + "rev": "b027ee29d959fda4b60b57566d64c98a202e0feb", "type": "github" }, "original": { @@ -176,11 +176,11 @@ ] }, "locked": { - "lastModified": 1762980239, - "narHash": "sha256-8oNVE8TrD19ulHinjaqONf9QWCKK+w4url56cdStMpM=", + "lastModified": 1769996383, + "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "52a2caecc898d0b46b2b905f058ccc5081f842da", + "rev": "57928607ea566b5db3ad13af0e57e921e6b12381", "type": "github" }, "original": { @@ -194,11 +194,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1762980239, - "narHash": "sha256-8oNVE8TrD19ulHinjaqONf9QWCKK+w4url56cdStMpM=", + "lastModified": 1768135262, + "narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "52a2caecc898d0b46b2b905f058ccc5081f842da", + "rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac", "type": "github" }, "original": { @@ -275,11 +275,11 @@ ] }, "locked": { - "lastModified": 1758463745, - "narHash": "sha256-uhzsV0Q0I9j2y/rfweWeGif5AWe0MGrgZ/3TjpDYdGA=", + "lastModified": 1763992789, + "narHash": "sha256-WHkdBlw6oyxXIra/vQPYLtqY+3G8dUVZM8bEXk0t8x4=", "owner": "nix-community", "repo": "home-manager", - "rev": "3b955f5f0a942f9f60cdc9cacb7844335d0f21c3", + "rev": "44831a7eaba4360fb81f2acc5ea6de5fde90aaa3", "type": "github" }, "original": { @@ -317,11 +317,11 @@ ] }, "locked": { - "lastModified": 1763416652, - "narHash": "sha256-8EBEEvtzQ11LCxpQHMNEBQAGtQiCu/pqP9zSovDSbNM=", + "lastModified": 1770318660, + "narHash": "sha256-yFVde8QZK7Dc0Xa8eQDsmxLX4NJNfL1NKfctSyiQgMY=", "owner": "nix-community", "repo": "home-manager", - "rev": "ea164b7c9ccdc2321379c2ff78fd4317b4c41312", + "rev": "471e6a065f9efed51488d7c51a9abbd387df91b8", "type": "github" }, "original": { @@ -361,11 +361,11 @@ "linux-tkg": { "flake": false, "locked": { - "lastModified": 1763432202, - "narHash": "sha256-6eGh8gEh2Ch3cjpb0Vet2TldlXKvhkI8gkde6sabP3U=", + "lastModified": 1770227718, + "narHash": "sha256-Z6KOxPD/ZesQ85SknAHAYBwro17KSSm0nRxcIJ5/vuE=", "owner": "Frogging-Family", "repo": "linux-tkg", - "rev": "9b47ccaef1f98d1e5c0d48b9429442ae6894c191", + "rev": "90ad8407cefc81a44571043c5d7e7717ea07a19a", "type": "github" }, "original": { @@ -383,11 +383,11 @@ ] }, "locked": { - "lastModified": 1763683496, - "narHash": "sha256-k20voxbsi+899PeXlvWpKU5tcgNYfNqC52rgrh+MOto=", + "lastModified": 1770336287, + "narHash": "sha256-czvrg8uyf2VWRmbobsthTAIJCg1GH4mEekyW01AvHco=", "owner": "nix-community", "repo": "neovim-nightly-overlay", - "rev": "1ddc8e956c8165df29735202b76bb0cfa827916d", + "rev": "1cd999cdf20536ac6a6d1aa17ba0242eefd2312b", "type": "github" }, "original": { @@ -399,11 +399,11 @@ "neovim-src": { "flake": false, "locked": { - "lastModified": 1763682595, - "narHash": "sha256-/dUf5I0DyLvPgFzjJj0/lUHKZ2M1sVlbYCgudDabxIo=", + "lastModified": 1770334851, + "narHash": "sha256-FvT3T0l8eNr1Hv+D1Sj1jM/2vLkonLxpadTk6gdYHAo=", "owner": "neovim", "repo": "neovim", - "rev": "a8b9660ca3452a27b68bf914f618df2d78b64180", + "rev": "db133879b2a115cdf982b2899f154f1851d59a60", "type": "github" }, "original": { @@ -418,11 +418,11 @@ "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1763517349, - "narHash": "sha256-QgAbzE/1imXSQX8ZlLgxV/eCzl0aAr+UZRVKBWDS138=", + "lastModified": 1769914377, + "narHash": "sha256-8wH3ZYNs36V0A3f/ikraqdoVE++BfnXg9Ql8nAuUkHw=", "owner": "fufexan", "repo": "nix-gaming", - "rev": "b13a918dae392cd84191c55448ecd7ffca6cf7d0", + "rev": "f7d17740ed90663b11ae907d33b3fed9fc9e15a9", "type": "github" }, "original": { @@ -433,11 +433,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1761672384, - "narHash": "sha256-o9KF3DJL7g7iYMZq9SWgfS1BFlNbsm6xplRjVlOCkXI=", + "lastModified": 1764242076, + "narHash": "sha256-sKoIWfnijJ0+9e4wRvIgm/HgE27bzwQxcEmo2J/gNpI=", "owner": "nixos", "repo": "nixpkgs", - "rev": "08dacfca559e1d7da38f3cf05f1f45ee9bfd213c", + "rev": "2fad6eac6077f03fe109c4d4eb171cf96791faa4", "type": "github" }, "original": { @@ -449,11 +449,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1761765539, - "narHash": "sha256-b0yj6kfvO8ApcSE+QmA6mUfu8IYG6/uU28OFn4PaC8M=", + "lastModified": 1765674936, + "narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "719359f4562934ae99f5443f20aa06c2ffff91fc", + "rev": "2075416fcb47225d9b68ac469a5c4801a9c4dd85", "type": "github" }, "original": { @@ -480,11 +480,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1763682598, - "narHash": "sha256-1vlouRdKg6PF8dzTbiT1BB+VwLGkaVUgrDt9NKoiisY=", + "lastModified": 1768649915, + "narHash": "sha256-jc21hKogFnxU7KXSVTRmxC7u5D4RHwm9BAvDf5/Z1Uo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "70fca9810d7049ec65e7aae5b885d7bde224f966", + "rev": "3e3f3c7f9977dc123c23ee21e8085ed63daf8c37", "type": "github" }, "original": { @@ -512,11 +512,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1763312402, - "narHash": "sha256-3YJkOBrFpmcusnh7i8GXXEyh7qZG/8F5z5+717550Hk=", + "lastModified": 1769740369, + "narHash": "sha256-xKPyJoMoXfXpDM5DFDZDsi9PHArf2k5BJjvReYXoFpM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "85a6c4a07faa12aaccd81b36ba9bfc2bec974fa1", + "rev": "6308c3b21396534d8aaeac46179c14c439a89b8a", "type": "github" }, "original": { @@ -528,11 +528,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1763421233, - "narHash": "sha256-Stk9ZYRkGrnnpyJ4eqt9eQtdFWRRIvMxpNRf4sIegnw=", + "lastModified": 1770197578, + "narHash": "sha256-AYqlWrX09+HvGs8zM6ebZ1pwUqjkfpnv8mewYwAo+iM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "89c2b2330e733d6cdb5eae7b899326930c2c0648", + "rev": "00c21e4c93d963c50d4c0c89bfa84ed6e0694df2", "type": "github" }, "original": { @@ -568,11 +568,11 @@ "nvim-treesitter": { "flake": false, "locked": { - "lastModified": 1748094813, - "narHash": "sha256-CVs9FTdg3oKtRjz2YqwkMr0W5qYLGfVyxyhE3qnGYbI=", + "lastModified": 1770279356, + "narHash": "sha256-NgocMrn3I4bJW37BtVvEYGkPraEC5TU/gb3ibJcG3wA=", "owner": "nvim-treesitter", "repo": "nvim-treesitter", - "rev": "42fc28ba918343ebfd5565147a42a26580579482", + "rev": "70a9fecaf5aeae70c765d4c51a8038165a91aa06", "type": "github" }, "original": { @@ -628,11 +628,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1761791894, - "narHash": "sha256-myRIDh+PxaREz+z9LzbqBJF+SnTFJwkthKDX9zMyddY=", + "lastModified": 1764470739, + "narHash": "sha256-sa9f81B1dWO16QtgDTWHX8DQbiHKzHndpaunY5EQtwE=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "59c45eb69d9222a4362673141e00ff77842cd219", + "rev": "3bfa664055e1a09c6aedab5533c5fc8d6ca5741a", "type": "github" }, "original": { @@ -649,11 +649,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1763267524, - "narHash": "sha256-CywB4iCpGr4CYZAD+WboFwBQ7Wnc7LdfSemFWuH/1Ro=", + "lastModified": 1769986820, + "narHash": "sha256-O9OQ44dk9TJdtRIG828DUI54XdkfZET7AlN1RgTsPis=", "owner": "Gerg-L", "repo": "spicetify-nix", - "rev": "cf33e39bd1a21993a28ffee8be433e212ecf346a", + "rev": "68de6434cfaa8983f3775b858b8b76e7c5dbd29c", "type": "github" }, "original": { @@ -681,11 +681,11 @@ "stevenblack-hosts": { "flake": false, "locked": { - "lastModified": 1763488188, - "narHash": "sha256-sJ6JT8GSmUUUAi8Ylhp6vE6OKmQxNfHye0FiJbZwoo4=", + "lastModified": 1770244988, + "narHash": "sha256-DT9HK9iYTmXUfjKcTxLRMZOeCLb9CAoFEpBiDpEku3g=", "owner": "StevenBlack", "repo": "hosts", - "rev": "c66c4aa05a95669943eb3b8f68ba3d359825c4b9", + "rev": "7ea67ed353b27e1dbe36363074d1b6c3ca6be46b", "type": "github" }, "original": { @@ -742,11 +742,11 @@ "tree-sitter-jsonc": { "flake": false, "locked": { - "lastModified": 1615145540, - "narHash": "sha256-iWc2ePRiQnZ0FEdMAaAwa3iYt/SY0bEjQrZyqE9EhlU=", + "lastModified": 1769637052, + "narHash": "sha256-V38tvBHJsSHJbj8QrMbt5hz2q8WLf4jtKsTiAo98/Vo=", "owner": "WhyNotHugo", "repo": "tree-sitter-jsonc", - "rev": "02b01653c8a1c198ae7287d566efa86a135b30d5", + "rev": "f7890ba894d885d1b2b721cfae759b07d53c8886", "type": "gitlab" }, "original": { @@ -791,11 +791,11 @@ "zsh-abbr": { "flake": false, "locked": { - "lastModified": 1755632519, - "narHash": "sha256-vu17UAainZDD+8y/t+vBdGUe2NTF5XZdnHy5T15pNUE=", + "lastModified": 1770340936, + "narHash": "sha256-AyJRQbMw4l4D/26WLNoysxtUmPdvSgdzE1HcldQ0GYY=", "ref": "refs/heads/main", - "rev": "13b34cdc29d8b22323fa2079193ea1529723747c", - "revCount": 1065, + "rev": "50988e246dab86bc5701932f64e9fe9b1df23cb9", + "revCount": 1124, "submodules": true, "type": "git", "url": "https://github.com/olets/zsh-abbr" @@ -809,11 +809,11 @@ "zsh-history-substring-search": { "flake": false, "locked": { - "lastModified": 1717563893, - "narHash": "sha256-1+w0AeVJtu1EK5iNVwk3loenFuIyVlQmlw8TWliHZGI=", + "lastModified": 1768499095, + "narHash": "sha256-KHujL1/TM5R3m4uQh2nGVC98D6MOyCgQpyFf+8gjKR0=", "owner": "zsh-users", "repo": "zsh-history-substring-search", - "rev": "87ce96b1862928d84b1afe7c173316614b30e301", + "rev": "14c8d2e0ffaee98f2df9850b19944f32546fdea5", "type": "github" }, "original": { From 0c882eb783b756d33aa7b971db2e745ce5c8dabc Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 6 Feb 2026 02:31:36 +0000 Subject: [PATCH 114/301] packages/linux-lava: bump to 6.18.8 --- packages/linux-lava/sources.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/linux-lava/sources.nix b/packages/linux-lava/sources.nix index 44a30ee..4b25d1e 100644 --- a/packages/linux-lava/sources.nix +++ b/packages/linux-lava/sources.nix @@ -1,8 +1,8 @@ { fetchFromGitHub, inputs, lib }: let - version = "6.17.8"; - kernelHash = "19spyyknps9dzb6mz5sk685a505hzqi144lqc0rdi6f9l5k72q4v"; - kernelPatchHash = "0f1apr8wrsddik48mwsfq8d22x9019f1b023gvdzkpn2s58ja74n"; + version = "6.18.8"; + kernelHash = "0jzdvk3xdai1xsq0739hmf8rapw15dw5inarfvqizqx9bmha81li"; + kernelPatchHash = "0zwjsig10xkdzr87l25z5ici6kakbjl8jl02ryrpj6xn31bk7vwz"; mm = lib.versions.majorMinor version; hasPatch = (builtins.length (builtins.splitVersion version)) == 3; From 0245b680ef2f22158eb6d2ce1e97bf6e7287fbd9 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Fri, 6 Feb 2026 21:16:08 +1100 Subject: [PATCH 115/301] system: remove deleted options --- modules/system/nix.nix | 1 - modules/system/packages-gui.nix | 4 ++-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/modules/system/nix.nix b/modules/system/nix.nix index ba671aa..6a6fd04 100644 --- a/modules/system/nix.nix +++ b/modules/system/nix.nix @@ -24,5 +24,4 @@ }; nixpkgs.config.allowUnfree = true; programs.nh.enable = true; - system.rebuild.enableNg = true; } diff --git a/modules/system/packages-gui.nix b/modules/system/packages-gui.nix index 78e778b..77eb510 100644 --- a/modules/system/packages-gui.nix +++ b/modules/system/packages-gui.nix @@ -1,10 +1,10 @@ { config, lib, pkgs, ... }: { config = lib.mkIf config.me.gui { environment.systemPackages = with pkgs; [ - gparted + android-tools + gparted nautilus ]; - programs.adb.enable = true; hardware.graphics.extraPackages = with pkgs; [ intel-vaapi-driver libva-vdpau-driver From c76de11041823c6bc7af903ff3084efed8d0d418 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Fri, 6 Feb 2026 21:19:54 +1100 Subject: [PATCH 116/301] user/mpv: update config after breaking change --- modules/user/mpv.nix | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/modules/user/mpv.nix b/modules/user/mpv.nix index 1b1899c..6ef3da4 100644 --- a/modules/user/mpv.nix +++ b/modules/user/mpv.nix @@ -1,8 +1,7 @@ -{ config, pkgs, ... }: { +{ pkgs, ... }: { programs.mpv = { enable = true; - package = pkgs.mpv-unwrapped.wrapper { - mpv = pkgs.mpv-unwrapped; + package = pkgs.mpv.override { youtubeSupport = true; scripts = [ pkgs.mpvScripts.mpris ]; }; From 2b9a772959b42fc3896f59c69511a554d569657c Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Fri, 6 Feb 2026 21:20:48 +1100 Subject: [PATCH 117/301] rin/packages: remove tetrio plus (marked as broken) --- users/rin/packages.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/users/rin/packages.nix b/users/rin/packages.nix index 6e4d84a..5715dd4 100644 --- a/users/rin/packages.nix +++ b/users/rin/packages.nix @@ -55,7 +55,7 @@ in { screenkey slurp swaybg - (tetrio-desktop.override { withTetrioPlus = true; }) + tetrio-desktop texliveFull tor-browser transmission-remote-gtk From adea95e039b8f1ee6cd38e7dc73fb863d6d2537c Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Fri, 6 Feb 2026 21:22:10 +1100 Subject: [PATCH 118/301] hyacinth/packages: use new idea package name --- hosts/hyacinth/packages.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/hyacinth/packages.nix b/hosts/hyacinth/packages.nix index a1288ca..f4e4fe4 100644 --- a/hosts/hyacinth/packages.nix +++ b/hosts/hyacinth/packages.nix @@ -1,6 +1,6 @@ { pkgs, ... }: { environment.systemPackages = with pkgs; [ - jetbrains.idea-community-bin + jetbrains.idea texliveFull ]; } From 0772dca431e07bc278df31670906ea77f7ae4c86 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Fri, 6 Feb 2026 21:25:40 +1100 Subject: [PATCH 119/301] system/packages: remove ecryptfs --- modules/system/packages.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/packages.nix b/modules/system/packages.nix index b257880..8670e6e 100644 --- a/modules/system/packages.nix +++ b/modules/system/packages.nix @@ -2,7 +2,7 @@ imports = [ ./packages-gui.nix ]; environment.systemPackages = with pkgs; [ comma - ecryptfs + # ecryptfs efibootmgr fd git From 85f53fbc859e2191b7c24c1737514d430d597fcc Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Fri, 6 Feb 2026 22:31:16 +1100 Subject: [PATCH 120/301] rin/packages: remove wine-osu --- users/rin/packages.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/users/rin/packages.nix b/users/rin/packages.nix index 5715dd4..3b07cab 100644 --- a/users/rin/packages.nix +++ b/users/rin/packages.nix @@ -46,7 +46,7 @@ in { mangohud me.psensor inputs.nix-gaming.packages.x86_64-linux.osu-lazer-bin - inputs.nix-gaming.packages.x86_64-linux.wine-osu + # inputs.nix-gaming.packages.x86_64-linux.wine-osu obsidian pavucontrol prismlauncher From bada516463e85483367381c288b29c6bdca8e318 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Mon, 9 Feb 2026 21:56:30 +1100 Subject: [PATCH 121/301] user/neovim: update nvim-treesitter import --- res/config.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/res/config.lua b/res/config.lua index 97fa58f..ef10504 100644 --- a/res/config.lua +++ b/res/config.lua @@ -85,7 +85,7 @@ require('nvim-ts-autotag').setup {} require('nvim-highlight-colors').setup { render = "virtual", } -require('nvim-treesitter.configs').setup { +require('nvim-treesitter').setup { highlight = { enable = true }, indent = { enable = false } } From 83b68d30347229200cf15a4cc98cf93caf64dd86 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 12 Feb 2026 02:40:14 +0000 Subject: [PATCH 122/301] flake: bump inputs --- flake.lock | 80 +++++++++++++++++++++++++++--------------------------- 1 file changed, 40 insertions(+), 40 deletions(-) diff --git a/flake.lock b/flake.lock index ec50bf4..4eeaaa3 100644 --- a/flake.lock +++ b/flake.lock @@ -194,11 +194,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1768135262, - "narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=", + "lastModified": 1769996383, + "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac", + "rev": "57928607ea566b5db3ad13af0e57e921e6b12381", "type": "github" }, "original": { @@ -317,11 +317,11 @@ ] }, "locked": { - "lastModified": 1770318660, - "narHash": "sha256-yFVde8QZK7Dc0Xa8eQDsmxLX4NJNfL1NKfctSyiQgMY=", + "lastModified": 1770818644, + "narHash": "sha256-DYS4jIRpRoKOzJjnR/QqEd/MlT4OZZpt8CrBLv+cjsE=", "owner": "nix-community", "repo": "home-manager", - "rev": "471e6a065f9efed51488d7c51a9abbd387df91b8", + "rev": "0acbd1180697de56724821184ad2c3e6e7202cd7", "type": "github" }, "original": { @@ -361,11 +361,11 @@ "linux-tkg": { "flake": false, "locked": { - "lastModified": 1770227718, - "narHash": "sha256-Z6KOxPD/ZesQ85SknAHAYBwro17KSSm0nRxcIJ5/vuE=", + "lastModified": 1770607339, + "narHash": "sha256-/j7IEdwbaaN4SGKAl5gE3vRdKIdIw8f7RNMrM9Lc28M=", "owner": "Frogging-Family", "repo": "linux-tkg", - "rev": "90ad8407cefc81a44571043c5d7e7717ea07a19a", + "rev": "9498fb9bc0c3323d1c291667d8cb16cb2a37bcee", "type": "github" }, "original": { @@ -383,11 +383,11 @@ ] }, "locked": { - "lastModified": 1770336287, - "narHash": "sha256-czvrg8uyf2VWRmbobsthTAIJCg1GH4mEekyW01AvHco=", + "lastModified": 1770857573, + "narHash": "sha256-pSeFA1qRAdivDrrKoybJ1DOcbkXx2v/ExIc6n0DbT4U=", "owner": "nix-community", "repo": "neovim-nightly-overlay", - "rev": "1cd999cdf20536ac6a6d1aa17ba0242eefd2312b", + "rev": "31e79c73c444b2e51eb34f2305792809839c58e8", "type": "github" }, "original": { @@ -399,11 +399,11 @@ "neovim-src": { "flake": false, "locked": { - "lastModified": 1770334851, - "narHash": "sha256-FvT3T0l8eNr1Hv+D1Sj1jM/2vLkonLxpadTk6gdYHAo=", + "lastModified": 1770810897, + "narHash": "sha256-6F/Z/UQxalaSoqewSQ4fL8zSws3Vy4wgA5DgyTaeqTo=", "owner": "neovim", "repo": "neovim", - "rev": "db133879b2a115cdf982b2899f154f1851d59a60", + "rev": "6b4ec2264e1d8ba027b85f3883d532c5068be92a", "type": "github" }, "original": { @@ -418,11 +418,11 @@ "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1769914377, - "narHash": "sha256-8wH3ZYNs36V0A3f/ikraqdoVE++BfnXg9Ql8nAuUkHw=", + "lastModified": 1770778188, + "narHash": "sha256-KZHPn3L6veRgRwOyfhaeM5ZTJfpkoY9EICIzUcQn4w8=", "owner": "fufexan", "repo": "nix-gaming", - "rev": "f7d17740ed90663b11ae907d33b3fed9fc9e15a9", + "rev": "59e3b8189047bc591635645d2c682020c13eeac5", "type": "github" }, "original": { @@ -449,11 +449,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1765674936, - "narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=", + "lastModified": 1769909678, + "narHash": "sha256-cBEymOf4/o3FD5AZnzC3J9hLbiZ+QDT/KDuyHXVJOpM=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "2075416fcb47225d9b68ac469a5c4801a9c4dd85", + "rev": "72716169fe93074c333e8d0173151350670b824c", "type": "github" }, "original": { @@ -512,11 +512,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1769740369, - "narHash": "sha256-xKPyJoMoXfXpDM5DFDZDsi9PHArf2k5BJjvReYXoFpM=", + "lastModified": 1770537093, + "narHash": "sha256-pF1quXG5wsgtyuPOHcLfYg/ft/QMr8NnX0i6tW2187s=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6308c3b21396534d8aaeac46179c14c439a89b8a", + "rev": "fef9403a3e4d31b0a23f0bacebbec52c248fbb51", "type": "github" }, "original": { @@ -528,11 +528,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1770197578, - "narHash": "sha256-AYqlWrX09+HvGs8zM6ebZ1pwUqjkfpnv8mewYwAo+iM=", + "lastModified": 1770562336, + "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "00c21e4c93d963c50d4c0c89bfa84ed6e0694df2", + "rev": "d6c71932130818840fc8fe9509cf50be8c64634f", "type": "github" }, "original": { @@ -568,11 +568,11 @@ "nvim-treesitter": { "flake": false, "locked": { - "lastModified": 1770279356, - "narHash": "sha256-NgocMrn3I4bJW37BtVvEYGkPraEC5TU/gb3ibJcG3wA=", + "lastModified": 1770808440, + "narHash": "sha256-paM9v2DKiHEwN0fTXuX9eY0KwVsB+9Bv6mOX9u/eyAI=", "owner": "nvim-treesitter", "repo": "nvim-treesitter", - "rev": "70a9fecaf5aeae70c765d4c51a8038165a91aa06", + "rev": "9f2dad22ef8bb14fd1e0a3aa8859cdc88170668b", "type": "github" }, "original": { @@ -584,11 +584,11 @@ "pure": { "flake": false, "locked": { - "lastModified": 1763198167, - "narHash": "sha256-AZSxP2g6BWoxyiSQH7yzbbbfGcwD8jgnXPPfcYwJUL0=", + "lastModified": 1770811375, + "narHash": "sha256-Fhk4nlVPS09oh0coLsBnjrKncQGE6cUEynzDO2Skiq8=", "owner": "sindresorhus", "repo": "pure", - "rev": "54bd501c802283dee0940457da6eb3e642bd1453", + "rev": "dbefd0dcafaa3ac7d7222ca50890d9d0c97f7ca2", "type": "github" }, "original": { @@ -649,11 +649,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1769986820, - "narHash": "sha256-O9OQ44dk9TJdtRIG828DUI54XdkfZET7AlN1RgTsPis=", + "lastModified": 1770846656, + "narHash": "sha256-wdYpo8++TqKp3GdRgLFykjuIVW1m9GlUnxID2FG74cE=", "owner": "Gerg-L", "repo": "spicetify-nix", - "rev": "68de6434cfaa8983f3775b858b8b76e7c5dbd29c", + "rev": "40e65cfc4608402674e1efaac3fccce20d2a72d3", "type": "github" }, "original": { @@ -791,11 +791,11 @@ "zsh-abbr": { "flake": false, "locked": { - "lastModified": 1770340936, - "narHash": "sha256-AyJRQbMw4l4D/26WLNoysxtUmPdvSgdzE1HcldQ0GYY=", + "lastModified": 1770748719, + "narHash": "sha256-RvdMEk1bQ/mCbcTneg8mMJJh6j60km0/wchBBQQ+Ugo=", "ref": "refs/heads/main", - "rev": "50988e246dab86bc5701932f64e9fe9b1df23cb9", - "revCount": 1124, + "rev": "2de4a08c5e0d9dbe8447e11e0a177b59b5b6d6ea", + "revCount": 1137, "submodules": true, "type": "git", "url": "https://github.com/olets/zsh-abbr" From 4c933a598c89048575e8c52c39eb769bc8a8f9a7 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 12 Feb 2026 02:40:17 +0000 Subject: [PATCH 123/301] packages/linux-lava: bump to 6.19 --- packages/linux-lava/sources.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/linux-lava/sources.nix b/packages/linux-lava/sources.nix index 4b25d1e..dc198a6 100644 --- a/packages/linux-lava/sources.nix +++ b/packages/linux-lava/sources.nix @@ -1,8 +1,8 @@ { fetchFromGitHub, inputs, lib }: let - version = "6.18.8"; - kernelHash = "0jzdvk3xdai1xsq0739hmf8rapw15dw5inarfvqizqx9bmha81li"; - kernelPatchHash = "0zwjsig10xkdzr87l25z5ici6kakbjl8jl02ryrpj6xn31bk7vwz"; + version = "6.19"; + kernelHash = "0mqka8ii7bvmx9hvfjdiyva9ib0j7m390gxhh8gki3qb4nl7jc1h"; + kernelPatchHash = "0w36sxwwhfqpc1if9d52rg0g1k20xjl2cairlyiyk10ns17mjxlb"; mm = lib.versions.majorMinor version; hasPatch = (builtins.length (builtins.splitVersion version)) == 3; From 4e49291a403244cb99d928d1b8279d18615457c5 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Mon, 16 Feb 2026 15:43:23 +1100 Subject: [PATCH 124/301] rin/packages: add jetbrains gateway --- users/rin/packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/users/rin/packages.nix b/users/rin/packages.nix index 3b07cab..e3db022 100644 --- a/users/rin/packages.nix +++ b/users/rin/packages.nix @@ -37,6 +37,7 @@ in { gamescope gimp3 grim + jetbrains.gateway #kotatogram-desktop krita lm_sensors From 3b73bd8f14b051790e2b0bd5592ebca82476df98 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Mon, 16 Feb 2026 16:00:25 +1100 Subject: [PATCH 125/301] overlays/jetbrains: init --- overlays/default.nix | 1 + overlays/jetbrains.nix | 22 ++++++++++++++++++++++ 2 files changed, 23 insertions(+) create mode 100644 overlays/jetbrains.nix diff --git a/overlays/default.nix b/overlays/default.nix index 31648cc..a84cba5 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -3,6 +3,7 @@ builtins.map (path: import path) [ ./cascadia-code.nix ./ccache.nix ./eww.nix + ./jetbrains.nix ./material-icons.nix ./steam.nix ./utillinux.nix diff --git a/overlays/jetbrains.nix b/overlays/jetbrains.nix new file mode 100644 index 0000000..dd1d1ad --- /dev/null +++ b/overlays/jetbrains.nix @@ -0,0 +1,22 @@ +# https://github.com/NixOS/nixpkgs/issues/375254 +self: super: { + jetbrains = super.jetbrains // { + gateway = let + unwrapped = super.jetbrains.gateway; + in super.buildFHSEnv { + name = "gateway"; + inherit (unwrapped) version; + + runScript = super.writeScript "gateway-wrapper" '' + unset JETBRAINS_CLIENT_JDK + exec ${unwrapped}/bin/gateway "$@" + ''; + + meta = unwrapped.meta; + + passthru = { + inherit unwrapped; + }; + }; + }; +} From cf47ffc5267e8104ce121b75eed9eccf92465b95 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Tue, 24 Feb 2026 17:26:26 +1100 Subject: [PATCH 126/301] workflow: remove check job SHUTUPSHUTUPSHUTUPSHOUSHTOSHTOUSTHSROUTSHJSBUJFSBHIDh --- .github/workflows/cachix.yml | 21 --------------------- 1 file changed, 21 deletions(-) diff --git a/.github/workflows/cachix.yml b/.github/workflows/cachix.yml index 2a4d902..06bed3e 100644 --- a/.github/workflows/cachix.yml +++ b/.github/workflows/cachix.yml @@ -5,27 +5,6 @@ on: workflow_dispatch: jobs: - check: - name: Check flake - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - name: Unlock secrets - uses: sliteteam/github-action-git-crypt-unlock@1.2.0 - env: - GIT_CRYPT_KEY: ${{ secrets.GIT_CRYPT_KEY }} - - uses: cachix/install-nix-action@v31 - - uses: cachix/cachix-action@v16 - with: - name: lava - authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' - - run: | - cd / - cd - - - run: nix flake check --keep-going --verbose - build: name: Build linux-lava for x86_64-linux runs-on: ubuntu-latest From 1fd2ebedb0dfa4742a77024b017576d7691a0ef4 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Mon, 2 Mar 2026 13:17:36 +1100 Subject: [PATCH 127/301] anemone/networking: disable wpa_supplicant hardening --- hosts/anemone/networking.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/anemone/networking.nix b/hosts/anemone/networking.nix index 8b6bdf9..18c0d87 100644 --- a/hosts/anemone/networking.nix +++ b/hosts/anemone/networking.nix @@ -3,6 +3,7 @@ #nameservers = [ "8.8.8.8" "8.8.4.4" ]; #wg-quick.interfaces.wg0.configFile = "/persist/vpn.conf"; + wireless.enableHardening = false; networkmanager = { enable = true; From e73f9d612ce7010b5a4d5e37d82064eadcb22fcd Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Tue, 3 Mar 2026 13:37:03 +1100 Subject: [PATCH 128/301] rin/packages: use dotnet10 --- users/rin/packages.nix | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/users/rin/packages.nix b/users/rin/packages.nix index e3db022..77e8a2e 100644 --- a/users/rin/packages.nix +++ b/users/rin/packages.nix @@ -1,10 +1,8 @@ { config, inputs, pkgs, ... }: let dotnet-combined = (with pkgs.dotnetCorePackages; combinePackages [ - dotnet_8.sdk - dotnet_9.sdk - aspnetcore_8_0-bin - aspnetcore_9_0-bin + dotnet_10.sdk + aspnetcore_10_0-bin ]); in { programs.firefox = { From 09aceb18f4da7714e515ca302f08d880e202b64c Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Fri, 6 Mar 2026 21:07:12 +1100 Subject: [PATCH 129/301] user/eww: display multiple bluetooth devices in one line --- res/eww/eww.yuck | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/res/eww/eww.yuck b/res/eww/eww.yuck index c153154..2598788 100644 --- a/res/eww/eww.yuck +++ b/res/eww/eww.yuck @@ -43,6 +43,8 @@ `nmcli -f IN-USE,SIGNAL device wifi | grep '*' | tr -d -c 0-9`) (defpoll bluetooth_device :interval "1s" :run-while bt-enabled `bluetoothctl devices Connected | grep Device | cut -d" " -f3-`) +(defpoll bluetooth_device_count :interval "1s" :run-while bt-enabled + `bluetoothctl devices Connected | wc -l`) (deflisten lnetwork :initial "" :run-while wifi-enabled "./scripts/network.sh") (deflisten ltitle :initial "" "./scripts/title.sh") @@ -99,7 +101,7 @@ (revealer :transition "slideleft" :reveal {bluetooth-extended && bluetooth_device != ""} :duration 150 - (label :text bluetooth_device + (label :text { bluetooth_device_count == "1" ? bluetooth_device : (bluetooth_device_count + " devices") } :class "base"))))) (defwidget network [] From 12a18435873419e4257ad7124daa177e01afbebb Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 8 Mar 2026 18:12:28 +1100 Subject: [PATCH 130/301] system/docker: init --- hosts/anemone/default.nix | 1 + modules/default.nix | 1 + modules/system/docker.nix | 13 +++++++++++++ 3 files changed, 15 insertions(+) create mode 100644 modules/system/docker.nix diff --git a/hosts/anemone/default.nix b/hosts/anemone/default.nix index dda36f5..a630d81 100644 --- a/hosts/anemone/default.nix +++ b/hosts/anemone/default.nix @@ -17,6 +17,7 @@ bluetooth ccache corectrl + docker flatpak greetd gui diff --git a/modules/default.nix b/modules/default.nix index 9a1898a..8237922 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -35,6 +35,7 @@ in { ./system/bluetooth.nix ./system/ccache.nix ./system/corectrl.nix + ./system/docker.nix ./system/flatpak.nix ./system/greetd.nix ./system/gui.nix diff --git a/modules/system/docker.nix b/modules/system/docker.nix new file mode 100644 index 0000000..08dfe23 --- /dev/null +++ b/modules/system/docker.nix @@ -0,0 +1,13 @@ +{ pkgs, ... }: { + virtualisation.docker = { + enable = true; + storageDriver = "btrfs"; + rootless = { + enable = true; + setSocketVariable = true; + }; + }; + environment.systemPackages = [ + pkgs.docker-compose + ]; +} From 2f1ca6402571369273a04a561df6f28cec899237 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 8 Mar 2026 18:12:59 +1100 Subject: [PATCH 131/301] user/zsh: update nix abbrs --- modules/user/zsh.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/user/zsh.nix b/modules/user/zsh.nix index 3fefce6..6e8db74 100644 --- a/modules/user/zsh.nix +++ b/modules/user/zsh.nix @@ -38,7 +38,8 @@ let jf = "doas journalctl -f"; fl = "cd ~/Projects/flakes"; - nr = "doas nixos-rebuild switch --flake .#${sysConfig.networking.hostName} -v -L"; + nr = "nh os switch"; + nb = "nh os boot"; gs = "git status"; ga = "git add"; From 2baffcb7a5506338d6fdc80f0676a421118ab9f3 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 8 Mar 2026 23:58:32 +1100 Subject: [PATCH 132/301] hosts/anemone: enable kde connect --- hosts/anemone/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/anemone/default.nix b/hosts/anemone/default.nix index a630d81..aa4c81b 100644 --- a/hosts/anemone/default.nix +++ b/hosts/anemone/default.nix @@ -54,4 +54,6 @@ services.fprintd.enable = true; services.tlp.enable = true; + + programs.kdeconnect.enable = true; } From 12681f2087b9e3ea22772c2fd09d2be0f72783b7 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Mon, 9 Mar 2026 00:39:07 +1100 Subject: [PATCH 133/301] system/docker: disable rootless --- modules/system/docker.nix | 8 ++++---- users/rin/default.nix | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/modules/system/docker.nix b/modules/system/docker.nix index 08dfe23..1ebd190 100644 --- a/modules/system/docker.nix +++ b/modules/system/docker.nix @@ -2,10 +2,10 @@ virtualisation.docker = { enable = true; storageDriver = "btrfs"; - rootless = { - enable = true; - setSocketVariable = true; - }; + # rootless = { + # enable = true; + # setSocketVariable = true; + # }; }; environment.systemPackages = [ pkgs.docker-compose diff --git a/users/rin/default.nix b/users/rin/default.nix index e8d6f5c..91166ed 100644 --- a/users/rin/default.nix +++ b/users/rin/default.nix @@ -3,7 +3,7 @@ programs.zsh.enable = true; users.users.rin = { isNormalUser = true; - extraGroups = [ "adbusers" "audio" "corectrl" "dialout" "libvirtd" "networkmanager" "video" "wheel" "wireshark" ]; + extraGroups = [ "adbusers" "audio" "corectrl" "dialout" "docker" "libvirtd" "networkmanager" "video" "wheel" "wireshark" ]; shell = pkgs.zsh; uid = 1001; hashedPasswordFile = config.age.secrets.passwd.path; From e2832de9684d7f3fbd8e6f44f73a5e40bab9f2dd Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 15 Mar 2026 15:53:14 +1100 Subject: [PATCH 134/301] containers/amethyst: init --- containers/amethyst/configuration.nix | 47 +++++++++++++++++++++++++++ containers/amethyst/flake.lock | 27 +++++++++++++++ containers/amethyst/flake.nix | 38 ++++++++++++++++++++++ flake.lock | 37 +++++++++++++++++++-- flake.nix | 3 ++ hosts/anemone/default.nix | 2 ++ 6 files changed, 151 insertions(+), 3 deletions(-) create mode 100644 containers/amethyst/configuration.nix create mode 100644 containers/amethyst/flake.lock create mode 100644 containers/amethyst/flake.nix diff --git a/containers/amethyst/configuration.nix b/containers/amethyst/configuration.nix new file mode 100644 index 0000000..b9d496d --- /dev/null +++ b/containers/amethyst/configuration.nix @@ -0,0 +1,47 @@ +{ lib, pkgs, ... }: { + system.stateVersion = "23.11"; + systemd.tmpfiles.rules = [ + "d /persist/transmission 755 transmission transmission" + "d /persist/transmission/.config/transmission-daemon 750 transmission transmission" + "d /persist/transmission/.incomplete 750 transmission transmission" + "d /persist/transmission/Downloads 755 transmission transmission" + "d /persist/transmission/watchdir 755 transmission transmission" + ]; + networking.wg-quick.interfaces.wg0 = { + configFile = "/persist/vpn.conf"; + preUp = '' + # Try to access the DNS for up to 300s + for i in {1..60}; do + ${pkgs.iputils}/bin/ping -c1 'google.com' && break + echo "Attempt $i: DNS still not available" + sleep 5s + done + ''; + }; + + # https://github.com/NixOS/nixpkgs/issues/258793 + systemd.services.transmission.serviceConfig = { + BindReadOnlyPaths = lib.mkForce [ builtins.storeDir "/etc" ]; + RootDirectoryStartOnly = lib.mkForce false; + RootDirectory = lib.mkForce ""; + PrivateMounts = lib.mkForce false; + PrivateUsers = lib.mkForce false; + }; + + networking.firewall.allowedTCPPorts = [ 9091 ]; + services.transmission = { + enable = true; + package = pkgs.transmission_4; + downloadDirPermissions = "775"; + openFirewall = true; + home = "/persist/transmission"; + settings = { + ratio-limit-enabled = true; + rpc-bind-address = "0.0.0.0"; + rpc-enabled = true; + rpc-port = 9091; + rpc-host-whitelist-enabled = false; + rpc-whitelist-enabled = false; + }; + }; +} diff --git a/containers/amethyst/flake.lock b/containers/amethyst/flake.lock new file mode 100644 index 0000000..88ab73f --- /dev/null +++ b/containers/amethyst/flake.lock @@ -0,0 +1,27 @@ +{ + "nodes": { + "nixpkgs": { + "locked": { + "lastModified": 1773282481, + "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/containers/amethyst/flake.nix b/containers/amethyst/flake.nix new file mode 100644 index 0000000..e025a5b --- /dev/null +++ b/containers/amethyst/flake.nix @@ -0,0 +1,38 @@ +{ + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + }; + outputs = { nixpkgs, ... }: { + nixosConfigurations.container = nixpkgs.lib.nixosSystem { + modules = [ ./configuration.nix ]; + }; + nixosModule = { ... }: { + networking.nat = { + enable = true; + enableIPv6 = true; + internalInterfaces = [ "ve-+" ]; + }; + + systemd.tmpfiles.rules = [ "d /persist/containers/amethyst 755 root users" ]; + containers.amethyst = { + autoStart = true; + privateNetwork = true; + hostAddress = "10.30.1.1"; + localAddress = "10.30.1.2"; + hostAddress6 = "fd0d:1::1:1"; + localAddress6 = "fd0d:1::1:2"; + # privateUsers = "pick"; + nixpkgs = nixpkgs; + ephemeral = true; + config = { imports = [ ./configuration.nix ]; }; + + bindMounts."persist" = { + hostPath = "/persist/containers/amethyst"; + mountPoint = "/persist"; + isReadOnly = false; + }; + # flake = "path:" + ./.; + }; + }; + }; +} diff --git a/flake.lock b/flake.lock index 4eeaaa3..4d2cc7a 100644 --- a/flake.lock +++ b/flake.lock @@ -43,6 +43,20 @@ "type": "github" } }, + "c-amethyst": { + "inputs": { + "nixpkgs": "nixpkgs_3" + }, + "locked": { + "path": "./containers/amethyst", + "type": "path" + }, + "original": { + "path": "./containers/amethyst", + "type": "path" + }, + "parent": [] + }, "catppuccin": { "inputs": { "catppuccin-v1_1": "catppuccin-v1_1", @@ -415,7 +429,7 @@ "nix-gaming": { "inputs": { "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs_3" + "nixpkgs": "nixpkgs_4" }, "locked": { "lastModified": 1770778188, @@ -511,6 +525,22 @@ } }, "nixpkgs_3": { + "locked": { + "lastModified": 1773282481, + "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { "locked": { "lastModified": 1770537093, "narHash": "sha256-pF1quXG5wsgtyuPOHcLfYg/ft/QMr8NnX0i6tW2187s=", @@ -526,7 +556,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_5": { "locked": { "lastModified": 1770562336, "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", @@ -601,6 +631,7 @@ "inputs": { "aagl": "aagl", "agenix": "agenix", + "c-amethyst": "c-amethyst", "catppuccin": "catppuccin", "catppuccin-palette": "catppuccin-palette", "fast-syntax-highlighting": "fast-syntax-highlighting", @@ -609,7 +640,7 @@ "linux-tkg": "linux-tkg", "neovim-nightly": "neovim-nightly", "nix-gaming": "nix-gaming", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_5", "nixpkgs-stable": "nixpkgs-stable_2", "nvim-treesitter": "nvim-treesitter", "pure": "pure", diff --git a/flake.nix b/flake.nix index 98a4505..3ee112e 100644 --- a/flake.nix +++ b/flake.nix @@ -37,6 +37,9 @@ spotify-adblock = { url = "github:abba23/spotify-adblock"; flake = false; }; tree-sitter-jsonc = { url = "gitlab:WhyNotHugo/tree-sitter-jsonc"; flake = false; }; wine-discord-ipc-bridge = { url = "github:0e4ef622/wine-discord-ipc-bridge"; flake = false; }; + + # containers + c-amethyst.url = "path:./containers/amethyst"; }; outputs = { self, agenix, catppuccin, nixpkgs, nixpkgs-stable, ... } @ inputs: diff --git a/hosts/anemone/default.nix b/hosts/anemone/default.nix index aa4c81b..ee08a68 100644 --- a/hosts/anemone/default.nix +++ b/hosts/anemone/default.nix @@ -37,6 +37,8 @@ ../../users/rin modules.services.syncthing + + inputs.c-amethyst.nixosModule ]; me = { From acc4d31f467d4403aa87f499270156a366c20ef5 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 15 Mar 2026 19:27:29 +1100 Subject: [PATCH 135/301] containers/beryllium: init --- containers/beryllium/configuration.nix | 15 +++++++++ containers/beryllium/flake.lock | 27 +++++++++++++++++ containers/beryllium/flake.nix | 42 ++++++++++++++++++++++++++ flake.lock | 37 +++++++++++++++++++++-- flake.nix | 1 + hosts/anemone/default.nix | 1 + 6 files changed, 120 insertions(+), 3 deletions(-) create mode 100644 containers/beryllium/configuration.nix create mode 100644 containers/beryllium/flake.lock create mode 100644 containers/beryllium/flake.nix diff --git a/containers/beryllium/configuration.nix b/containers/beryllium/configuration.nix new file mode 100644 index 0000000..d877f3b --- /dev/null +++ b/containers/beryllium/configuration.nix @@ -0,0 +1,15 @@ +{ ... }: { + system.stateVersion = "25.11"; + fileSystems."/var/lib/private" = { + device = "/persist"; + fsType = "none"; + options = [ "bind" ]; + }; + + services.matrix-continuwuity = { + enable = true; + settings.global = { + server_name = "lava.moe"; + }; + }; +} diff --git a/containers/beryllium/flake.lock b/containers/beryllium/flake.lock new file mode 100644 index 0000000..88ab73f --- /dev/null +++ b/containers/beryllium/flake.lock @@ -0,0 +1,27 @@ +{ + "nodes": { + "nixpkgs": { + "locked": { + "lastModified": 1773282481, + "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/containers/beryllium/flake.nix b/containers/beryllium/flake.nix new file mode 100644 index 0000000..af3d7aa --- /dev/null +++ b/containers/beryllium/flake.nix @@ -0,0 +1,42 @@ +{ + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + }; + outputs = { nixpkgs, ... }: { + nixosConfigurations.container = nixpkgs.lib.nixosSystem { + modules = [ ./configuration.nix ]; + }; + nixosModule = { ... }: + let + name = "beryllium"; + subnet = "2"; + in { + networking.nat = { + enable = true; + enableIPv6 = true; + internalInterfaces = [ "ve-+" ]; + }; + + systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ]; + containers.${name} = { + autoStart = true; + privateNetwork = true; + hostAddress = "10.30.${subnet}.1"; + localAddress = "10.30.${subnet}.2"; + hostAddress6 = "fd0d:1::${subnet}:1"; + localAddress6 = "fd0d:1::${subnet}:2"; + # privateUsers = "pick"; + nixpkgs = nixpkgs; + ephemeral = true; + config = { imports = [ ./configuration.nix ]; }; + + bindMounts."persist" = { + hostPath = "/persist/containers/${name}"; + mountPoint = "/persist"; + isReadOnly = false; + }; + # flake = "path:" + ./.; + }; + }; + }; +} diff --git a/flake.lock b/flake.lock index 4d2cc7a..c3e63fc 100644 --- a/flake.lock +++ b/flake.lock @@ -57,6 +57,20 @@ }, "parent": [] }, + "c-beryllium": { + "inputs": { + "nixpkgs": "nixpkgs_4" + }, + "locked": { + "path": "./containers/beryllium", + "type": "path" + }, + "original": { + "path": "./containers/beryllium", + "type": "path" + }, + "parent": [] + }, "catppuccin": { "inputs": { "catppuccin-v1_1": "catppuccin-v1_1", @@ -429,7 +443,7 @@ "nix-gaming": { "inputs": { "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs_4" + "nixpkgs": "nixpkgs_5" }, "locked": { "lastModified": 1770778188, @@ -541,6 +555,22 @@ } }, "nixpkgs_4": { + "locked": { + "lastModified": 1773282481, + "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_5": { "locked": { "lastModified": 1770537093, "narHash": "sha256-pF1quXG5wsgtyuPOHcLfYg/ft/QMr8NnX0i6tW2187s=", @@ -556,7 +586,7 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_6": { "locked": { "lastModified": 1770562336, "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", @@ -632,6 +662,7 @@ "aagl": "aagl", "agenix": "agenix", "c-amethyst": "c-amethyst", + "c-beryllium": "c-beryllium", "catppuccin": "catppuccin", "catppuccin-palette": "catppuccin-palette", "fast-syntax-highlighting": "fast-syntax-highlighting", @@ -640,7 +671,7 @@ "linux-tkg": "linux-tkg", "neovim-nightly": "neovim-nightly", "nix-gaming": "nix-gaming", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_6", "nixpkgs-stable": "nixpkgs-stable_2", "nvim-treesitter": "nvim-treesitter", "pure": "pure", diff --git a/flake.nix b/flake.nix index 3ee112e..03840e1 100644 --- a/flake.nix +++ b/flake.nix @@ -40,6 +40,7 @@ # containers c-amethyst.url = "path:./containers/amethyst"; + c-beryllium.url = "path:./containers/beryllium"; }; outputs = { self, agenix, catppuccin, nixpkgs, nixpkgs-stable, ... } @ inputs: diff --git a/hosts/anemone/default.nix b/hosts/anemone/default.nix index ee08a68..65e9d43 100644 --- a/hosts/anemone/default.nix +++ b/hosts/anemone/default.nix @@ -39,6 +39,7 @@ modules.services.syncthing inputs.c-amethyst.nixosModule + inputs.c-beryllium.nixosModule ]; me = { From 5a24bf690f85e9d306bc78ec1c7a3b5cdf68ac21 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 15 Mar 2026 19:32:34 +1100 Subject: [PATCH 136/301] containers/amethyst: refactor --- containers/amethyst/flake.nix | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/containers/amethyst/flake.nix b/containers/amethyst/flake.nix index e025a5b..a8bbeee 100644 --- a/containers/amethyst/flake.nix +++ b/containers/amethyst/flake.nix @@ -6,28 +6,32 @@ nixosConfigurations.container = nixpkgs.lib.nixosSystem { modules = [ ./configuration.nix ]; }; - nixosModule = { ... }: { + nixosModule = { ... }: + let + name = "amethyst"; + subnet = "1"; + in { networking.nat = { enable = true; enableIPv6 = true; internalInterfaces = [ "ve-+" ]; }; - systemd.tmpfiles.rules = [ "d /persist/containers/amethyst 755 root users" ]; - containers.amethyst = { + systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ]; + containers.${name} = { autoStart = true; privateNetwork = true; - hostAddress = "10.30.1.1"; - localAddress = "10.30.1.2"; - hostAddress6 = "fd0d:1::1:1"; - localAddress6 = "fd0d:1::1:2"; + hostAddress = "10.30.${subnet}.1"; + localAddress = "10.30.${subnet}.2"; + hostAddress6 = "fd0d:1::${subnet}:1"; + localAddress6 = "fd0d:1::${subnet}:2"; # privateUsers = "pick"; nixpkgs = nixpkgs; ephemeral = true; config = { imports = [ ./configuration.nix ]; }; bindMounts."persist" = { - hostPath = "/persist/containers/amethyst"; + hostPath = "/persist/containers/${name}"; mountPoint = "/persist"; isReadOnly = false; }; From 6bea3918586612998bce927478f1827718aa5ab9 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 15 Mar 2026 19:41:44 +1100 Subject: [PATCH 137/301] hosts/dandelion: pull changes --- flake.lock | 132 ++++++++++++++++++++++++++++++++++- flake.nix | 3 +- hosts/dandelion/default.nix | 1 + modules/default.nix | 1 + modules/services/banksia.nix | 11 +++ modules/services/nginx.nix | 13 ++-- modules/services/website.nix | 14 +++- 7 files changed, 165 insertions(+), 10 deletions(-) create mode 100644 modules/services/banksia.nix diff --git a/flake.lock b/flake.lock index c3e63fc..2afebb7 100644 --- a/flake.lock +++ b/flake.lock @@ -253,6 +253,42 @@ "type": "github" } }, + "flake-utils_2": { + "inputs": { + "systems": "systems_3" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_3": { + "inputs": { + "systems": "systems_4" + }, + "locked": { + "lastModified": 1701680307, + "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -602,6 +638,22 @@ "type": "github" } }, + "nixpkgs_7": { + "locked": { + "lastModified": 1770019141, + "narHash": "sha256-VKS4ZLNx4PNrABoB0L8KUpc1fE7CLpQXQs985tGfaCU=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "cb369ef2efd432b3cdf8622b0ffc0a97a02f3137", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nuscht-search": { "inputs": { "flake-utils": "flake-utils", @@ -641,6 +693,49 @@ "type": "github" } }, + "pastel": { + "inputs": { + "flake-utils": "flake-utils_2", + "nixpkgs": "nixpkgs_7", + "pnpm2nix": "pnpm2nix" + }, + "locked": { + "lastModified": 1772103435, + "narHash": "sha256-dtsWJl+DBigaZlszH4UVI8JZltJl9O6MESDyH4RepNI=", + "owner": "cillynder", + "repo": "pastel", + "rev": "8e2b1b80d711eaf41c010949bef0a512db9e4452", + "type": "github" + }, + "original": { + "owner": "cillynder", + "repo": "pastel", + "type": "github" + } + }, + "pnpm2nix": { + "inputs": { + "flake-utils": "flake-utils_3", + "nixpkgs": [ + "pastel", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1717937937, + "narHash": "sha256-bKoHjG5P15vCVpDndIXFfoJC65XhrBPQ9GWcXtXNuDA=", + "owner": "wrvsrx", + "repo": "pnpm2nix-nzbr", + "rev": "a2d285ad5718cb202f45e98a4f839a5b2608c4b1", + "type": "github" + }, + "original": { + "owner": "wrvsrx", + "ref": "adapt-to-v9", + "repo": "pnpm2nix-nzbr", + "type": "github" + } + }, "pure": { "flake": false, "locked": { @@ -674,6 +769,7 @@ "nixpkgs": "nixpkgs_6", "nixpkgs-stable": "nixpkgs-stable_2", "nvim-treesitter": "nvim-treesitter", + "pastel": "pastel", "pure": "pure", "spicetify-nix": "spicetify-nix", "spotify-adblock": "spotify-adblock", @@ -708,7 +804,7 @@ "nixpkgs": [ "nixpkgs" ], - "systems": "systems_3" + "systems": "systems_5" }, "locked": { "lastModified": 1770846656, @@ -801,6 +897,36 @@ "type": "github" } }, + "systems_4": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_5": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "tree-sitter-jsonc": { "flake": false, "locked": { @@ -822,13 +948,13 @@ "locked": { "lastModified": 1668017714, "narHash": "sha256-ywy/7xeT6FHkF7lcs+stW1WPV+piE8ztSwcQ161iico=", - "owner": "LavaDesu", + "owner": "cillynder", "repo": "lavadesu.github.io", "rev": "4e30c50be520a0a1bbecf408f056e6aaf135df67", "type": "github" }, "original": { - "owner": "LavaDesu", + "owner": "cillynder", "ref": "master", "repo": "lavadesu.github.io", "type": "github" diff --git a/flake.nix b/flake.nix index 03840e1..9719bd8 100644 --- a/flake.nix +++ b/flake.nix @@ -22,8 +22,9 @@ spicetify-nix.inputs.nixpkgs.follows = "nixpkgs"; # services + pastel.url = "github:cillynder/pastel"; stevenblack-hosts = { url = "github:StevenBlack/hosts"; flake = false; }; - website = { url = "github:LavaDesu/lavadesu.github.io/master"; flake = false; }; + website = { url = "github:cillynder/lavadesu.github.io/master"; flake = false; }; # zsh plugins zsh-abbr = { url = "git+https://github.com/olets/zsh-abbr?submodules=1"; flake = false; }; diff --git a/hosts/dandelion/default.nix b/hosts/dandelion/default.nix index b9f5e42..ee386bf 100644 --- a/hosts/dandelion/default.nix +++ b/hosts/dandelion/default.nix @@ -19,6 +19,7 @@ security wireguard + modules.services.banksia modules.services.nginx modules.services.postgres modules.services.unbound diff --git a/modules/default.nix b/modules/default.nix index 8237922..014a61a 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -16,6 +16,7 @@ let in { options = ./options.nix; services = mkAttrsFromPaths [ + ./services/banksia.nix ./services/jellyfin.nix ./services/nginx.nix ./services/postgres.nix diff --git a/modules/services/banksia.nix b/modules/services/banksia.nix new file mode 100644 index 0000000..d6532f6 --- /dev/null +++ b/modules/services/banksia.nix @@ -0,0 +1,11 @@ +# TODO ^^ +{ ... }: { + services.nginx.virtualHosts = { + "banksia.lava.moe" = { + useACMEHost = "lava.moe"; + forceSSL = true; + locations."/".return = "302 https://github.com/cillynder/Banksia"; + locations."/api".proxyPass = "http://localhost:8080/"; + }; + }; +} diff --git a/modules/services/nginx.nix b/modules/services/nginx.nix index 10a2d84..51641b4 100644 --- a/modules/services/nginx.nix +++ b/modules/services/nginx.nix @@ -2,17 +2,20 @@ networking.firewall.allowedTCPPorts = [ 80 443 ]; security.acme = { acceptTerms = true; - defaults.email = "me@lava.moe"; - certs."lava.moe" = { + defaults = { + email = "me@lava.moe"; group = "nginx"; - domain = "lava.moe"; + dnsProvider = "cloudflare"; + credentialsFile = config.age.secrets."acme_dns".path; + }; + certs."lava.moe" = { extraDomainNames = [ "*.lava.moe" "*.local.lava.moe" ]; - dnsProvider = "cloudflare"; - credentialsFile = config.age.secrets."acme_dns".path; }; + certs."cilly.moe" = {}; + certs."cilly.dev" = {}; }; services.nginx = { diff --git a/modules/services/website.nix b/modules/services/website.nix index 5e7a223..2ef679b 100644 --- a/modules/services/website.nix +++ b/modules/services/website.nix @@ -1,5 +1,17 @@ -{ inputs, ... }: { +{ inputs, pkgs, ... }: let + pastel = inputs.pastel.packages.${pkgs.system}.default; +in { services.nginx.virtualHosts = { + "cilly.moe" = { + useACMEHost = "cilly.moe"; + forceSSL = true; + root = pastel.outPath; + }; + "cilly.dev" = { + useACMEHost = "cilly.dev"; + forceSSL = true; + root = pastel.outPath; + }; "lava.moe" = { useACMEHost = "lava.moe"; forceSSL = true; From 5c5579313444a2a7ea93c4f470b06cc9ca594fa8 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 15 Mar 2026 19:47:08 +1100 Subject: [PATCH 138/301] hosts/dandelion: follow unstable nixpkgs --- flake.nix | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/flake.nix b/flake.nix index 9719bd8..57befbc 100644 --- a/flake.nix +++ b/flake.nix @@ -4,10 +4,6 @@ home-manager.url = "github:nix-community/home-manager"; home-manager.inputs.nixpkgs.follows = "nixpkgs"; - nixpkgs-stable.url = "github:NixOS/nixpkgs/release-25.05"; - home-manager-stable.url = "github:nix-community/home-manager/release-25.05"; - home-manager-stable.inputs.nixpkgs.follows = "nixpkgs-stable"; - agenix.url = "github:ryantm/agenix"; agenix.inputs.nixpkgs.follows = "nixpkgs"; aagl.url = "github:ezKEa/aagl-gtk-on-nix"; @@ -44,7 +40,7 @@ c-beryllium.url = "path:./containers/beryllium"; }; - outputs = { self, agenix, catppuccin, nixpkgs, nixpkgs-stable, ... } @ inputs: + outputs = { self, agenix, catppuccin, nixpkgs, ... } @ inputs: let overlays = (import ./overlays) ++ [(final: prev: { @@ -79,8 +75,8 @@ in { nixosConfigurations."anemone" = mkSystem nixpkgs "anemone" "x86_64-linux" []; - nixosConfigurations."dandelion" = mkSystem nixpkgs-stable "dandelion" "aarch64-linux" []; - nixosConfigurations."hazel" = mkSystem nixpkgs-stable "hazel" "x86_64-linux" []; + nixosConfigurations."dandelion" = mkSystem nixpkgs "dandelion" "aarch64-linux" []; + nixosConfigurations."hazel" = mkSystem nixpkgs "hazel" "x86_64-linux" []; nixosConfigurations."hyacinth" = mkSystem nixpkgs "hyacinth" "x86_64-linux" []; packages."x86_64-linux" = From f84e8c1013bdbbc4592da2f774aef71cd9b7e47b Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 15 Mar 2026 19:48:08 +1100 Subject: [PATCH 139/301] hosts/hazel: decommission --- flake.nix | 1 - hosts/hazel/default.nix | 95 -------------------------------------- hosts/hazel/filesystem.nix | 53 --------------------- hosts/hazel/fs-decrypt.nix | 0 hosts/hazel/kernel.nix | 10 ---- hosts/hazel/networking.nix | 15 ------ 6 files changed, 174 deletions(-) delete mode 100644 hosts/hazel/default.nix delete mode 100644 hosts/hazel/filesystem.nix delete mode 100644 hosts/hazel/fs-decrypt.nix delete mode 100644 hosts/hazel/kernel.nix delete mode 100644 hosts/hazel/networking.nix diff --git a/flake.nix b/flake.nix index 57befbc..c359c93 100644 --- a/flake.nix +++ b/flake.nix @@ -76,7 +76,6 @@ { nixosConfigurations."anemone" = mkSystem nixpkgs "anemone" "x86_64-linux" []; nixosConfigurations."dandelion" = mkSystem nixpkgs "dandelion" "aarch64-linux" []; - nixosConfigurations."hazel" = mkSystem nixpkgs "hazel" "x86_64-linux" []; nixosConfigurations."hyacinth" = mkSystem nixpkgs "hyacinth" "x86_64-linux" []; packages."x86_64-linux" = diff --git a/hosts/hazel/default.nix b/hosts/hazel/default.nix deleted file mode 100644 index cd568c3..0000000 --- a/hosts/hazel/default.nix +++ /dev/null @@ -1,95 +0,0 @@ -{ config, modules, pkgs, ... }: -let - dirs = [ - ["immich" "immich"] - ["nextcloud" "nextcloud"] - ["postgresql" "postgres"] - ["redis-immich" "redis-immich"] - ]; - - rules = builtins.map (d: "d /flower/${builtins.elemAt d 0} 750 ${builtins.elemAt d 1} ${builtins.elemAt d 1}") dirs; - mounts = builtins.listToAttrs (builtins.map (d: { - name = "/var/lib/${builtins.elemAt d 0}"; - value = { - depends = [ "/flower" ]; - device = "/flower/${builtins.elemAt d 0}"; - fsType = "none"; - options = [ "bind" ]; - }; - }) dirs); -in -{ - networking.hostName = "hazel"; - system.stateVersion = "24.11"; - time.timeZone = "Australia/Melbourne"; - - age.secrets = { - acme_dns.file = ../../secrets/acme_dns.age; - wg_hazel.file = ../../secrets/wg_hazel.age; - }; - - imports = with modules.system; with modules.services; [ - home-manager-stable - - base - kernel - nix-stable - packages - security - - nginx - unbound - wireguard - - ./filesystem.nix - ./kernel.nix - ./networking.nix - - ../../users/hana - ]; - - me.environment = "headless"; - - services.nextcloud = { - enable = true; - package = pkgs.nextcloud31; - hostName = "cloud.lava.moe"; - database.createLocally = true; - config = { - dbtype = "pgsql"; - adminpassFile = "/persist/nextcloud-admin-pass"; - }; - https = true; - }; - - services.nginx.virtualHosts.${config.services.nextcloud.hostName} = { - forceSSL = true; - enableACME = true; - }; - - services.immich = { - enable = true; - port = 2283; - }; - - users.users.immich.extraGroups = [ "video" "render" ]; - hardware.graphics.enable = true; - services.nginx.virtualHosts."photos.lava.moe" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://[::1]:${toString config.services.immich.port}"; - proxyWebsockets = true; - recommendedProxySettings = true; - extraConfig = '' - client_max_body_size 50000M; - proxy_read_timeout 600s; - proxy_send_timeout 600s; - send_timeout 600s; - ''; - }; - }; - - systemd.tmpfiles.rules = rules; - fileSystems = mounts; -} diff --git a/hosts/hazel/filesystem.nix b/hosts/hazel/filesystem.nix deleted file mode 100644 index 2a60898..0000000 --- a/hosts/hazel/filesystem.nix +++ /dev/null @@ -1,53 +0,0 @@ -{ ... }: -let - mkLabelMount = label: type: options: { - device = "/dev/disk/by-label/${label}"; - fsType = type; - options = [ "defaults" ] ++ options; - }; - mkBtrfsMount = name: ext: subvol: atime: mkLabelMount name "btrfs" - ([ - "autodefrag" - "compress=zstd:4" - "compress-force=zstd:4" - "defaults" - "nossd" - "space_cache=v2" - "subvol=${subvol}" - (if atime then "relatime" else "noatime") - ] ++ ext); - - mkHazelMount = mkBtrfsMount "HAZEL" []; -in -{ - boot.supportedFilesystems = [ "btrfs" ]; - fileSystems = { - "/" = { - device = "rootfs"; - fsType = "tmpfs"; - options = [ "defaults" "mode=755" ]; - }; - "/boot" = mkLabelMount "ROOT" "vfat" []; - - "/flower" = mkHazelMount "/current/flower" true; - "/persist" = mkHazelMount "/current/persist" true; - "/var" = mkHazelMount "/current/var" true; - "/nix" = mkHazelMount "/current/nix" false; - - "/mnt" = mkHazelMount "/" true; - }; - - services.snapper.cleanupInterval = "1h"; - services.snapper.configs.flower = { - FSTYPE = "btrfs"; - SUBVOLUME = "/mnt/current/flower"; - TIMELINE_CLEANUP = true; - TIMELINE_CREATE = true; - TIMELINE_MIN_AGE = "1800"; - TIMELINE_LIMIT_HOURLY = "5"; - TIMELINE_LIMIT_DAILY = "7"; - TIMELINE_LIMIT_WEEKLY = "0"; - TIMELINE_LIMIT_MONTHLY = "0"; - TIMELINE_LIMIT_YEARLY = "0"; - }; -} diff --git a/hosts/hazel/fs-decrypt.nix b/hosts/hazel/fs-decrypt.nix deleted file mode 100644 index e69de29..0000000 diff --git a/hosts/hazel/kernel.nix b/hosts/hazel/kernel.nix deleted file mode 100644 index 20be1ed..0000000 --- a/hosts/hazel/kernel.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ ... }: { - boot = { - loader = { - efi.canTouchEfiVariables = true; - systemd-boot.enable = true; - }; - initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; - kernelModules = [ "kvm-amd" ]; - }; -} diff --git a/hosts/hazel/networking.nix b/hosts/hazel/networking.nix deleted file mode 100644 index 42656e4..0000000 --- a/hosts/hazel/networking.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ gcSecrets, ... }: { - networking = { - useDHCP = true; - interfaces.enp8s0.ipv6.addresses = [ - { - address = gcSecrets.hazel.ipv6Addr; - prefixLength = 64; - } - ]; - defaultGateway6 = { - address = "fe80::1"; - interface = "enp8s0"; - }; - }; -} From 1a8e042be5aa94edf28606cae589cd86c9b75b1d Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 15 Mar 2026 19:48:37 +1100 Subject: [PATCH 140/301] flake: lock --- flake.lock | 39 --------------------------------------- 1 file changed, 39 deletions(-) diff --git a/flake.lock b/flake.lock index 2afebb7..a5f3b81 100644 --- a/flake.lock +++ b/flake.lock @@ -332,27 +332,6 @@ "type": "github" } }, - "home-manager-stable_2": { - "inputs": { - "nixpkgs": [ - "nixpkgs-stable" - ] - }, - "locked": { - "lastModified": 1763992789, - "narHash": "sha256-WHkdBlw6oyxXIra/vQPYLtqY+3G8dUVZM8bEXk0t8x4=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "44831a7eaba4360fb81f2acc5ea6de5fde90aaa3", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "release-25.05", - "repo": "home-manager", - "type": "github" - } - }, "home-manager_2": { "inputs": { "nixpkgs": [ @@ -542,22 +521,6 @@ "type": "github" } }, - "nixpkgs-stable_2": { - "locked": { - "lastModified": 1768649915, - "narHash": "sha256-jc21hKogFnxU7KXSVTRmxC7u5D4RHwm9BAvDf5/Z1Uo=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "3e3f3c7f9977dc123c23ee21e8085ed63daf8c37", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "release-25.05", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_2": { "locked": { "lastModified": 1744536153, @@ -762,12 +725,10 @@ "catppuccin-palette": "catppuccin-palette", "fast-syntax-highlighting": "fast-syntax-highlighting", "home-manager": "home-manager_3", - "home-manager-stable": "home-manager-stable_2", "linux-tkg": "linux-tkg", "neovim-nightly": "neovim-nightly", "nix-gaming": "nix-gaming", "nixpkgs": "nixpkgs_6", - "nixpkgs-stable": "nixpkgs-stable_2", "nvim-treesitter": "nvim-treesitter", "pastel": "pastel", "pure": "pure", From e78c666635e0abbff39f3964da5fd5308abf80a1 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 15 Mar 2026 19:50:47 +1100 Subject: [PATCH 141/301] system/home-manager-stable: remove --- hosts/dandelion/default.nix | 2 +- modules/default.nix | 1 - modules/system/home-manager-stable.nix | 19 ------------------- 3 files changed, 1 insertion(+), 21 deletions(-) delete mode 100644 modules/system/home-manager-stable.nix diff --git a/hosts/dandelion/default.nix b/hosts/dandelion/default.nix index ee386bf..eefe5db 100644 --- a/hosts/dandelion/default.nix +++ b/hosts/dandelion/default.nix @@ -10,7 +10,7 @@ imports = with modules.system; [ (modulesPath + "/profiles/qemu-guest.nix") - home-manager-stable + home-manager base kernel diff --git a/modules/default.nix b/modules/default.nix index 014a61a..93b3c88 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -41,7 +41,6 @@ in { ./system/greetd.nix ./system/gui.nix ./system/home-manager.nix - ./system/home-manager-stable.nix ./system/input.nix ./system/kernel.nix ./system/nix.nix diff --git a/modules/system/home-manager-stable.nix b/modules/system/home-manager-stable.nix deleted file mode 100644 index 43842d7..0000000 --- a/modules/system/home-manager-stable.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ config, inputs, modules, ... }: { - imports = [ - inputs.home-manager-stable.nixosModules.home-manager - ]; - home-manager = { - useGlobalPkgs = true; - useUserPackages = true; - extraSpecialArgs = { - inherit inputs modules; - sysConfig = config; - }; - sharedModules = [ - { - imports = [ modules.options ]; - config.me = config.me; - } - ]; - }; -} From c0679f7e7969fcc76c45e8adbb91802da0d26289 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 15 Mar 2026 19:53:38 +1100 Subject: [PATCH 142/301] hosts/dandelion: remove postgres not sure why it's still there, hopefully nothing breaks :) --- hosts/dandelion/default.nix | 1 - modules/services/postgres.nix | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/dandelion/default.nix b/hosts/dandelion/default.nix index eefe5db..a3b2e88 100644 --- a/hosts/dandelion/default.nix +++ b/hosts/dandelion/default.nix @@ -21,7 +21,6 @@ modules.services.banksia modules.services.nginx - modules.services.postgres modules.services.unbound modules.services.website diff --git a/modules/services/postgres.nix b/modules/services/postgres.nix index bffdcee..bbbeaa1 100644 --- a/modules/services/postgres.nix +++ b/modules/services/postgres.nix @@ -8,6 +8,7 @@ in { services.postgresql = { enable = true; dataDir = dir; + # TODO: broken :3 package = pkgs.postgresql_13; authentication = lib.mkOverride 10 '' #type database DBuser origin-address auth-method From dfd00aad38db6415981b876715e86558d372f7f4 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 15 Mar 2026 20:03:07 +1100 Subject: [PATCH 143/301] hosts/dandelion: use new containers --- hosts/anemone/default.nix | 3 --- hosts/dandelion/default.nix | 6 ++++-- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/hosts/anemone/default.nix b/hosts/anemone/default.nix index 65e9d43..aa4c81b 100644 --- a/hosts/anemone/default.nix +++ b/hosts/anemone/default.nix @@ -37,9 +37,6 @@ ../../users/rin modules.services.syncthing - - inputs.c-amethyst.nixosModule - inputs.c-beryllium.nixosModule ]; me = { diff --git a/hosts/dandelion/default.nix b/hosts/dandelion/default.nix index a3b2e88..7500d21 100644 --- a/hosts/dandelion/default.nix +++ b/hosts/dandelion/default.nix @@ -1,4 +1,4 @@ -{ modules, modulesPath, ... }: { +{ inputs, modules, modulesPath, ... }: { networking.hostName = "dandelion"; system.stateVersion = "23.11"; time.timeZone = "Australia/Melbourne"; @@ -24,10 +24,12 @@ modules.services.unbound modules.services.website + inputs.c-amethyst.nixosModule + inputs.c-beryllium.nixosModule + ./filesystem.nix ./kernel.nix ./networking.nix - ./transmission-container.nix ../../users/hana ]; From a9e9ae41acfcddfe20930620234e68e63fe9de05 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 15 Mar 2026 20:52:24 +1100 Subject: [PATCH 144/301] containers/amethyst: expose under local nginx --- containers/amethyst/flake.nix | 5 ++ hosts/dandelion/transmission-container.nix | 68 ---------------------- 2 files changed, 5 insertions(+), 68 deletions(-) delete mode 100644 hosts/dandelion/transmission-container.nix diff --git a/containers/amethyst/flake.nix b/containers/amethyst/flake.nix index a8bbeee..7ee705a 100644 --- a/containers/amethyst/flake.nix +++ b/containers/amethyst/flake.nix @@ -17,6 +17,11 @@ internalInterfaces = [ "ve-+" ]; }; + services.nginx.virtualHosts."amethyst.local.lava.moe" = { + locations."/".proxyPass = "http://10.30.${subnet}.2:9091"; + listenAddresses = [ "10.0.0.0/24" "fd0d::/16" ]; + }; + systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ]; containers.${name} = { autoStart = true; diff --git a/hosts/dandelion/transmission-container.nix b/hosts/dandelion/transmission-container.nix deleted file mode 100644 index e3ee5ae..0000000 --- a/hosts/dandelion/transmission-container.nix +++ /dev/null @@ -1,68 +0,0 @@ -{ lib, modules, pkgs, gcSecrets, ... }: { - networking.nat = { - enable = true; - internalInterfaces = [ "ve-+" ]; - externalInterface = "enp0s6"; - }; - - networking.firewall = { - extraCommands = '' - ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -d 10.25.0.11 -p tcp -m tcp --dport 9091 -j MASQUERADE - ''; - extraStopCommands = '' - ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -d 10.25.0.11 -p tcp -m tcp --dport 9091 -j MASQUERADE || true - ''; - }; - - services.nginx.virtualHosts."tr.dandelion.gw.lava.moe" = { - locations."/".proxyPass = "http://10.25.0.11:9091"; - }; - - containers.transmission = { - autoStart = true; - privateNetwork = true; - hostAddress = "10.25.0.10"; - localAddress = "10.25.0.11"; - bindMounts."vpn" = { - hostPath = "/persist/aus.conf"; - mountPoint = "/vpn.conf"; - isReadOnly = true; - }; - bindMounts."transmission" = { - hostPath = "/persist/transmission"; - mountPoint = "/persist/transmission"; - isReadOnly = false; - }; - config = { - system.stateVersion = "23.11"; - networking.wg-quick.interfaces.wg0 = { - configFile = "/vpn.conf"; - preUp = '' - # Try to access the DNS for up to 300s - for i in {1..60}; do - ${pkgs.iputils}/bin/ping -c1 'google.com' && break - echo "Attempt $i: DNS still not available" - sleep 5s - done - ''; - }; - - networking.firewall.enable = false; - # https://github.com/NixOS/nixpkgs/issues/258793 - systemd.services.transmission.serviceConfig = { - BindReadOnlyPaths = lib.mkForce [ builtins.storeDir "/etc" ]; - RootDirectoryStartOnly = lib.mkForce false; - RootDirectory = lib.mkForce ""; - PrivateMounts = lib.mkForce false; - PrivateUsers = lib.mkForce false; - }; - imports = [ modules.services.transmission ]; - services.transmission.settings = { - rpc-host-whitelist-enabled = false; - rpc-whitelist = lib.mkForce "10.100.0.*,10.0.0.*,10.25.0.*,192.168.100.*"; - rpc-username = gcSecrets.transmission.username; - rpc-password = gcSecrets.transmission.password; - }; - }; - }; -} From 54fd3373d02adec4834dd0f9776d78bb36d2ca34 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 15 Mar 2026 20:53:08 +1100 Subject: [PATCH 145/301] system/nix-stable: enable nh --- modules/system/nix-stable.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/system/nix-stable.nix b/modules/system/nix-stable.nix index a88612a..fcd1662 100644 --- a/modules/system/nix-stable.nix +++ b/modules/system/nix-stable.nix @@ -17,4 +17,5 @@ ''; }; nixpkgs.config.allowUnfree = true; + programs.nh.enable = true; } From 2f4cbd382c4436ffe06afbad8f671fdbc226fdab Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 15 Mar 2026 21:06:20 +1100 Subject: [PATCH 146/301] user/comma: init --- flake.lock | 21 +++++++++++++++++++++ flake.nix | 2 ++ modules/default.nix | 1 + modules/system/packages.nix | 1 - modules/user/comma.nix | 7 +++++++ modules/user/zsh.nix | 1 - users/hana/default.nix | 1 + users/rin/default.nix | 1 + 8 files changed, 33 insertions(+), 2 deletions(-) create mode 100644 modules/user/comma.nix diff --git a/flake.lock b/flake.lock index a5f3b81..3099d30 100644 --- a/flake.lock +++ b/flake.lock @@ -474,6 +474,26 @@ "type": "github" } }, + "nix-index-database": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1773552174, + "narHash": "sha256-mHSRNrT1rjeYBgkAlj07dW3+1nFEgAd8Gu6lgyfT9DU=", + "owner": "nix-community", + "repo": "nix-index-database", + "rev": "8faeb68130df077450451b6734a221ba0d6cde42", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-index-database", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1764242076, @@ -728,6 +748,7 @@ "linux-tkg": "linux-tkg", "neovim-nightly": "neovim-nightly", "nix-gaming": "nix-gaming", + "nix-index-database": "nix-index-database", "nixpkgs": "nixpkgs_6", "nvim-treesitter": "nvim-treesitter", "pastel": "pastel", diff --git a/flake.nix b/flake.nix index c359c93..407c4fa 100644 --- a/flake.nix +++ b/flake.nix @@ -14,6 +14,8 @@ neovim-nightly.inputs.nixpkgs.follows = "nixpkgs"; nix-gaming.url = "github:fufexan/nix-gaming"; + nix-index-database.url = "github:nix-community/nix-index-database"; + nix-index-database.inputs.nixpkgs.follows = "nixpkgs"; spicetify-nix.url = "github:Gerg-L/spicetify-nix"; spicetify-nix.inputs.nixpkgs.follows = "nixpkgs"; diff --git a/modules/default.nix b/modules/default.nix index 93b3c88..f47d4ee 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -54,6 +54,7 @@ in { ]; user = mkAttrsFromPaths [ ./user/catppuccin.nix + ./user/comma.nix ./user/direnv.nix ./user/dunst.nix ./user/eww.nix diff --git a/modules/system/packages.nix b/modules/system/packages.nix index 8670e6e..afeef4e 100644 --- a/modules/system/packages.nix +++ b/modules/system/packages.nix @@ -1,7 +1,6 @@ { pkgs, ... }: { imports = [ ./packages-gui.nix ]; environment.systemPackages = with pkgs; [ - comma # ecryptfs efibootmgr fd diff --git a/modules/user/comma.nix b/modules/user/comma.nix new file mode 100644 index 0000000..5ae7f03 --- /dev/null +++ b/modules/user/comma.nix @@ -0,0 +1,7 @@ +{ inputs, ... }: { + imports = [ + inputs.nix-index-database.homeModules.default + ]; + programs.nix-index.enable = true; + programs.nix-index-database.comma.enable = true; +} diff --git a/modules/user/zsh.nix b/modules/user/zsh.nix index 6e8db74..1eb736c 100644 --- a/modules/user/zsh.nix +++ b/modules/user/zsh.nix @@ -102,7 +102,6 @@ let bindkey -a -r ':' ''; in { - programs.command-not-found.enable = true; programs.zsh = { enable = true; dotDir = "${config.xdg.configHome}/zsh"; diff --git a/users/hana/default.nix b/users/hana/default.nix index ed7a464..da2022a 100644 --- a/users/hana/default.nix +++ b/users/hana/default.nix @@ -21,6 +21,7 @@ }; imports = with modules.user; [ + comma direnv git neovim-minimal diff --git a/users/rin/default.nix b/users/rin/default.nix index 91166ed..a70d716 100644 --- a/users/rin/default.nix +++ b/users/rin/default.nix @@ -21,6 +21,7 @@ sessionVariables catppuccin + comma direnv git gpg From e0f148251199d8168f15e52f0fa28c3e29f0391c Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 15 Mar 2026 21:17:35 +1100 Subject: [PATCH 147/301] containers/amethyst: fix nginx listen address --- containers/amethyst/flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/amethyst/flake.nix b/containers/amethyst/flake.nix index 7ee705a..b332f23 100644 --- a/containers/amethyst/flake.nix +++ b/containers/amethyst/flake.nix @@ -19,7 +19,7 @@ services.nginx.virtualHosts."amethyst.local.lava.moe" = { locations."/".proxyPass = "http://10.30.${subnet}.2:9091"; - listenAddresses = [ "10.0.0.0/24" "fd0d::/16" ]; + listenAddresses = [ "10.0.0.1" "fd0d::1" ]; }; systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ]; From 42eeba3a9fb8a2dc0cb25aaa2e00694c1b9461c9 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 15 Mar 2026 21:18:24 +1100 Subject: [PATCH 148/301] system/nix-stable: use latest nix --- modules/system/nix-stable.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/system/nix-stable.nix b/modules/system/nix-stable.nix index fcd1662..1884c04 100644 --- a/modules/system/nix-stable.nix +++ b/modules/system/nix-stable.nix @@ -1,5 +1,7 @@ { config, lib, pkgs, ... }: { nix = { + package = pkgs.nixVersions.latest; + settings = rec { substituters = [ "https://cache.nixos.org?priority=10" From f8d4e05080b510ada8685427c82df603ff4f9227 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 15 Mar 2026 21:31:54 +1100 Subject: [PATCH 149/301] containers/amethyst: fix nginx ipv6 listenaddr --- containers/amethyst/flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/amethyst/flake.nix b/containers/amethyst/flake.nix index b332f23..8bea1ff 100644 --- a/containers/amethyst/flake.nix +++ b/containers/amethyst/flake.nix @@ -19,7 +19,7 @@ services.nginx.virtualHosts."amethyst.local.lava.moe" = { locations."/".proxyPass = "http://10.30.${subnet}.2:9091"; - listenAddresses = [ "10.0.0.1" "fd0d::1" ]; + listenAddresses = [ "10.0.0.1" "[fd0d::1]" ]; }; systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ]; From d4768ea7bfc4bc7d40e4d11a7b51b935aa9e0547 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 15 Mar 2026 21:34:04 +1100 Subject: [PATCH 150/301] users/hana: add nh flake path --- users/hana/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/users/hana/default.nix b/users/hana/default.nix index da2022a..69558ea 100644 --- a/users/hana/default.nix +++ b/users/hana/default.nix @@ -1,4 +1,5 @@ { config, lib, modules, pkgs, ... }: { + programs.nh.flake = "/persist/hana/flakes"; programs.zsh.enable = true; users.users.hana = { isNormalUser = true; From 2a4a4c5d47d787fa79990ccf9b3b23deb7743f9a Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 15 Mar 2026 21:38:10 +1100 Subject: [PATCH 151/301] containers/amethyst: enable ssl --- containers/amethyst/flake.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/containers/amethyst/flake.nix b/containers/amethyst/flake.nix index 8bea1ff..23d3ab6 100644 --- a/containers/amethyst/flake.nix +++ b/containers/amethyst/flake.nix @@ -18,6 +18,8 @@ }; services.nginx.virtualHosts."amethyst.local.lava.moe" = { + useACMEHost = "lava.moe"; + forceSSL = true; locations."/".proxyPass = "http://10.30.${subnet}.2:9091"; listenAddresses = [ "10.0.0.1" "[fd0d::1]" ]; }; From 52a3e8557e70d4cbc27550bfff15409be69f3753 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 15 Mar 2026 22:27:47 +1100 Subject: [PATCH 152/301] containers/amethyst: use ipv6 for proxy --- containers/amethyst/flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/amethyst/flake.nix b/containers/amethyst/flake.nix index 23d3ab6..ff70120 100644 --- a/containers/amethyst/flake.nix +++ b/containers/amethyst/flake.nix @@ -20,7 +20,7 @@ services.nginx.virtualHosts."amethyst.local.lava.moe" = { useACMEHost = "lava.moe"; forceSSL = true; - locations."/".proxyPass = "http://10.30.${subnet}.2:9091"; + locations."/".proxyPass = "http://[fd0d:1::${subnet}:2]:9091"; listenAddresses = [ "10.0.0.1" "[fd0d::1]" ]; }; From c42fdb7940de4a319c09a1651ab179b2a237a77c Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 15 Mar 2026 22:33:23 +1100 Subject: [PATCH 153/301] containers/beryllium: add nginx configuration --- containers/beryllium/configuration.nix | 2 ++ containers/beryllium/flake.nix | 7 +++++++ 2 files changed, 9 insertions(+) diff --git a/containers/beryllium/configuration.nix b/containers/beryllium/configuration.nix index d877f3b..057ae8f 100644 --- a/containers/beryllium/configuration.nix +++ b/containers/beryllium/configuration.nix @@ -9,6 +9,8 @@ services.matrix-continuwuity = { enable = true; settings.global = { + # TODO: link this with outer container's address + address = [ "fd0d:1::2:2" ]; server_name = "lava.moe"; }; }; diff --git a/containers/beryllium/flake.nix b/containers/beryllium/flake.nix index af3d7aa..4e7cb5b 100644 --- a/containers/beryllium/flake.nix +++ b/containers/beryllium/flake.nix @@ -17,6 +17,13 @@ internalInterfaces = [ "ve-+" ]; }; + services.nginx.virtualHosts."beryllium.lava.moe" = { + useACMEHost = "lava.moe"; + forceSSL = true; + locations."/".proxyPass = "http://[fd0d:1::${subnet}:2]:6167"; + listenAddresses = [ "10.0.0.1" "[fd0d::1]" ]; + }; + systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ]; containers.${name} = { autoStart = true; From 16703bade1f45d09b21e96c3e4e608eea81555a6 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 15 Mar 2026 22:38:53 +1100 Subject: [PATCH 154/301] containers/beryllium: open firewall --- containers/beryllium/configuration.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/containers/beryllium/configuration.nix b/containers/beryllium/configuration.nix index 057ae8f..752b5a3 100644 --- a/containers/beryllium/configuration.nix +++ b/containers/beryllium/configuration.nix @@ -5,6 +5,8 @@ fsType = "none"; options = [ "bind" ]; }; + networking.firewall.allowedTCPPorts = [ 6167 ]; + networking.firewall.allowedUDPPorts = [ 6167 ]; services.matrix-continuwuity = { enable = true; From 1486058b905f0967dd13783177f538a11ee5387a Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 15 Mar 2026 22:48:04 +1100 Subject: [PATCH 155/301] containers/beryllium: configure proper delegation --- containers/beryllium/flake.nix | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/containers/beryllium/flake.nix b/containers/beryllium/flake.nix index 4e7cb5b..e1799ac 100644 --- a/containers/beryllium/flake.nix +++ b/containers/beryllium/flake.nix @@ -20,10 +20,36 @@ services.nginx.virtualHosts."beryllium.lava.moe" = { useACMEHost = "lava.moe"; forceSSL = true; + # locations."/".extraConfig = "return 302 'https://lava.moe'"; locations."/".proxyPass = "http://[fd0d:1::${subnet}:2]:6167"; + # locations."/_matrix".proxyPass = "http://[::1]:8008"; + locations."/_matrix".proxyPass = "http://[fd0d:1::${subnet}:2]:6167"; + locations."/_conduwuit".proxyPass = "http://[fd0d:1::${subnet}:2]:6167"; + locations."/_continuwuity".proxyPass = "http://[fd0d:1::${subnet}:2]:6167"; listenAddresses = [ "10.0.0.1" "[fd0d::1]" ]; }; + services.nginx.virtualHosts."lava.moe" = { + locations."= /.well-known/matrix/server".extraConfig = + let + server = { "m.server" = "beryllium.lava.moe:443"; }; + in '' + add_header Content-Type application/json; + return 200 '${builtins.toJSON server}'; + ''; + locations."= /.well-known/matrix/client".extraConfig = + let + client = { + "m.homeserver" = { "base_url" = "https://beryllium.lava.moe"; }; + # "m.identity_server" = { "base_url" = "https://vector.im"; }; + }; + in '' + add_header Content-Type application/json; + add_header Access-Control-Allow-Origin *; + return 200 '${builtins.toJSON client}'; + ''; + }; + systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ]; containers.${name} = { autoStart = true; From d02d1dbb337da59d182f444ec33593b7ff490864 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 15 Mar 2026 22:54:24 +1100 Subject: [PATCH 156/301] containers/beryllium: listen on all addresses --- containers/beryllium/flake.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/containers/beryllium/flake.nix b/containers/beryllium/flake.nix index e1799ac..8dfa150 100644 --- a/containers/beryllium/flake.nix +++ b/containers/beryllium/flake.nix @@ -26,7 +26,6 @@ locations."/_matrix".proxyPass = "http://[fd0d:1::${subnet}:2]:6167"; locations."/_conduwuit".proxyPass = "http://[fd0d:1::${subnet}:2]:6167"; locations."/_continuwuity".proxyPass = "http://[fd0d:1::${subnet}:2]:6167"; - listenAddresses = [ "10.0.0.1" "[fd0d::1]" ]; }; services.nginx.virtualHosts."lava.moe" = { From a2337566da87cbc78d84fa3625f49203528a9e3d Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 15 Mar 2026 22:57:49 +1100 Subject: [PATCH 157/301] containers/beryllium: redirect root to website --- containers/beryllium/flake.nix | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/containers/beryllium/flake.nix b/containers/beryllium/flake.nix index 8dfa150..f857406 100644 --- a/containers/beryllium/flake.nix +++ b/containers/beryllium/flake.nix @@ -20,9 +20,7 @@ services.nginx.virtualHosts."beryllium.lava.moe" = { useACMEHost = "lava.moe"; forceSSL = true; - # locations."/".extraConfig = "return 302 'https://lava.moe'"; - locations."/".proxyPass = "http://[fd0d:1::${subnet}:2]:6167"; - # locations."/_matrix".proxyPass = "http://[::1]:8008"; + locations."/".extraConfig = "return 302 'https://lava.moe'"; locations."/_matrix".proxyPass = "http://[fd0d:1::${subnet}:2]:6167"; locations."/_conduwuit".proxyPass = "http://[fd0d:1::${subnet}:2]:6167"; locations."/_continuwuity".proxyPass = "http://[fd0d:1::${subnet}:2]:6167"; From 3bbaf8785c2477fe697936290c0a7a526918bf45 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 15 Mar 2026 23:01:21 +1100 Subject: [PATCH 158/301] containers/beryllium: add missing semicolon --- containers/beryllium/flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/beryllium/flake.nix b/containers/beryllium/flake.nix index f857406..46d3428 100644 --- a/containers/beryllium/flake.nix +++ b/containers/beryllium/flake.nix @@ -20,7 +20,7 @@ services.nginx.virtualHosts."beryllium.lava.moe" = { useACMEHost = "lava.moe"; forceSSL = true; - locations."/".extraConfig = "return 302 'https://lava.moe'"; + locations."/".extraConfig = "return 302 'https://lava.moe';"; locations."/_matrix".proxyPass = "http://[fd0d:1::${subnet}:2]:6167"; locations."/_conduwuit".proxyPass = "http://[fd0d:1::${subnet}:2]:6167"; locations."/_continuwuity".proxyPass = "http://[fd0d:1::${subnet}:2]:6167"; From a06d0d86fc61bafbac8f99a8425a8b705b1cd5ab Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 15 Mar 2026 23:23:16 +1100 Subject: [PATCH 159/301] containers/beryllium: properly set dns resolver --- containers/beryllium/configuration.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/containers/beryllium/configuration.nix b/containers/beryllium/configuration.nix index 752b5a3..8c01248 100644 --- a/containers/beryllium/configuration.nix +++ b/containers/beryllium/configuration.nix @@ -7,6 +7,8 @@ }; networking.firewall.allowedTCPPorts = [ 6167 ]; networking.firewall.allowedUDPPorts = [ 6167 ]; + # TODO: this should be generically set + networking.nameservers = [ "fd0d:1::2:1" ]; services.matrix-continuwuity = { enable = true; From a2f82bc7d5b521ab8a5719ea1dc2fc0349909401 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 15 Mar 2026 23:31:20 +1100 Subject: [PATCH 160/301] containers/beryllium: don't use host resolvconf --- containers/beryllium/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/containers/beryllium/configuration.nix b/containers/beryllium/configuration.nix index 8c01248..07740d2 100644 --- a/containers/beryllium/configuration.nix +++ b/containers/beryllium/configuration.nix @@ -8,6 +8,7 @@ networking.firewall.allowedTCPPorts = [ 6167 ]; networking.firewall.allowedUDPPorts = [ 6167 ]; # TODO: this should be generically set + networking.useHostResolvConf = false; networking.nameservers = [ "fd0d:1::2:1" ]; services.matrix-continuwuity = { From 5722249dd2046398bd0657748016d09f46fb92ab Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 15 Mar 2026 23:34:58 +1100 Subject: [PATCH 161/301] services/unbound: open firewall for dns from containers --- modules/services/unbound.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/services/unbound.nix b/modules/services/unbound.nix index e6ec4ad..349f9e8 100644 --- a/modules/services/unbound.nix +++ b/modules/services/unbound.nix @@ -7,6 +7,10 @@ let grep '^0\.0\.0\.0' "${inputs.stevenblack-hosts}/hosts" | awk '{print "local-zone: \""$2"\" always_refuse"}' | tail -n +2 >> "$out" ''; in { + networking.firewall.interfaces."ve-+" = { + allowedUDPPorts = [ 53 853 ]; + allowedTCPPorts = [ 53 853 ]; + }; networking.firewall.interfaces.wg0 = { allowedUDPPorts = [ 53 853 ]; allowedTCPPorts = [ 53 853 ]; From 249942280d9ac010633eb110a42f21412487c9f0 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Mon, 16 Mar 2026 00:45:05 +1100 Subject: [PATCH 162/301] containers: don't use wildcard nat interfaces --- containers/amethyst/flake.nix | 4 ++-- containers/beryllium/flake.nix | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/containers/amethyst/flake.nix b/containers/amethyst/flake.nix index ff70120..4865e29 100644 --- a/containers/amethyst/flake.nix +++ b/containers/amethyst/flake.nix @@ -14,10 +14,10 @@ networking.nat = { enable = true; enableIPv6 = true; - internalInterfaces = [ "ve-+" ]; + internalInterfaces = [ "ve-${name}" ]; }; - services.nginx.virtualHosts."amethyst.local.lava.moe" = { + services.nginx.virtualHosts."${name}.local.lava.moe" = { useACMEHost = "lava.moe"; forceSSL = true; locations."/".proxyPass = "http://[fd0d:1::${subnet}:2]:9091"; diff --git a/containers/beryllium/flake.nix b/containers/beryllium/flake.nix index 46d3428..adab4f0 100644 --- a/containers/beryllium/flake.nix +++ b/containers/beryllium/flake.nix @@ -14,10 +14,10 @@ networking.nat = { enable = true; enableIPv6 = true; - internalInterfaces = [ "ve-+" ]; + internalInterfaces = [ "ve-${name}" ]; }; - services.nginx.virtualHosts."beryllium.lava.moe" = { + services.nginx.virtualHosts."${name}.lava.moe" = { useACMEHost = "lava.moe"; forceSSL = true; locations."/".extraConfig = "return 302 'https://lava.moe';"; From 36f214f2a464ec16395893a06cae66cb6e57128d Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Mon, 16 Mar 2026 00:48:51 +1100 Subject: [PATCH 163/301] containers/citrine: init --- containers/citrine/configuration.nix | 19 +++++++++++ containers/citrine/flake.lock | 27 ++++++++++++++++ containers/citrine/flake.nix | 48 ++++++++++++++++++++++++++++ flake.lock | 41 +++++++++++++++++++++--- flake.nix | 1 + hosts/anemone/default.nix | 2 ++ 6 files changed, 133 insertions(+), 5 deletions(-) create mode 100644 containers/citrine/configuration.nix create mode 100644 containers/citrine/flake.lock create mode 100644 containers/citrine/flake.nix diff --git a/containers/citrine/configuration.nix b/containers/citrine/configuration.nix new file mode 100644 index 0000000..90cdb0d --- /dev/null +++ b/containers/citrine/configuration.nix @@ -0,0 +1,19 @@ +{ ... }: { + system.stateVersion = "25.11"; + networking.firewall.allowedTCPPorts = [ 3000 ]; + networking.firewall.allowedUDPPorts = [ 3000 ]; + + services.forgejo = { + enable = true; + lfs.enable = true; + settings = { + server = { + DOMAIN = "garden.lava.moe"; + ROOT_URL = "https://garden.lava.moe/"; + HTTP_PORT = 3000; + }; + service.DISABLE_REGISTRATION = false; + }; + stateDir = "/persist/forgejo"; + }; +} diff --git a/containers/citrine/flake.lock b/containers/citrine/flake.lock new file mode 100644 index 0000000..88ab73f --- /dev/null +++ b/containers/citrine/flake.lock @@ -0,0 +1,27 @@ +{ + "nodes": { + "nixpkgs": { + "locked": { + "lastModified": 1773282481, + "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/containers/citrine/flake.nix b/containers/citrine/flake.nix new file mode 100644 index 0000000..bd6ccdf --- /dev/null +++ b/containers/citrine/flake.nix @@ -0,0 +1,48 @@ +{ + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + }; + outputs = { nixpkgs, ... }: { + nixosConfigurations.container = nixpkgs.lib.nixosSystem { + modules = [ ./configuration.nix ]; + }; + nixosModule = { ... }: + let + name = "citrine"; + subnet = "3"; + in { + # networking.nat = { + # enable = true; + # enableIPv6 = true; + # internalInterfaces = [ "ve-${name}" ]; + # }; + + services.nginx.virtualHosts."garden.lava.moe" = { + useACMEHost = "lava.moe"; + forceSSL = true; + locations."/".proxyPass = "http://[fd0d:1::${subnet}:2]:3000"; + }; + + systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ]; + containers.${name} = { + autoStart = true; + privateNetwork = true; + hostAddress = "10.30.${subnet}.1"; + localAddress = "10.30.${subnet}.2"; + hostAddress6 = "fd0d:1::${subnet}:1"; + localAddress6 = "fd0d:1::${subnet}:2"; + # privateUsers = "pick"; + nixpkgs = nixpkgs; + ephemeral = true; + config = { imports = [ ./configuration.nix ]; }; + + bindMounts."persist" = { + hostPath = "/persist/containers/${name}"; + mountPoint = "/persist"; + isReadOnly = false; + }; + # flake = "path:" + ./.; + }; + }; + }; +} diff --git a/flake.lock b/flake.lock index 3099d30..cd62ccb 100644 --- a/flake.lock +++ b/flake.lock @@ -71,6 +71,20 @@ }, "parent": [] }, + "c-citrine": { + "inputs": { + "nixpkgs": "nixpkgs_5" + }, + "locked": { + "path": "./containers/citrine", + "type": "path" + }, + "original": { + "path": "./containers/citrine", + "type": "path" + }, + "parent": [] + }, "catppuccin": { "inputs": { "catppuccin-v1_1": "catppuccin-v1_1", @@ -458,7 +472,7 @@ "nix-gaming": { "inputs": { "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs_5" + "nixpkgs": "nixpkgs_6" }, "locked": { "lastModified": 1770778188, @@ -590,6 +604,22 @@ } }, "nixpkgs_5": { + "locked": { + "lastModified": 1773282481, + "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_6": { "locked": { "lastModified": 1770537093, "narHash": "sha256-pF1quXG5wsgtyuPOHcLfYg/ft/QMr8NnX0i6tW2187s=", @@ -605,7 +635,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_7": { "locked": { "lastModified": 1770562336, "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", @@ -621,7 +651,7 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_8": { "locked": { "lastModified": 1770019141, "narHash": "sha256-VKS4ZLNx4PNrABoB0L8KUpc1fE7CLpQXQs985tGfaCU=", @@ -679,7 +709,7 @@ "pastel": { "inputs": { "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs_7", + "nixpkgs": "nixpkgs_8", "pnpm2nix": "pnpm2nix" }, "locked": { @@ -741,6 +771,7 @@ "agenix": "agenix", "c-amethyst": "c-amethyst", "c-beryllium": "c-beryllium", + "c-citrine": "c-citrine", "catppuccin": "catppuccin", "catppuccin-palette": "catppuccin-palette", "fast-syntax-highlighting": "fast-syntax-highlighting", @@ -749,7 +780,7 @@ "neovim-nightly": "neovim-nightly", "nix-gaming": "nix-gaming", "nix-index-database": "nix-index-database", - "nixpkgs": "nixpkgs_6", + "nixpkgs": "nixpkgs_7", "nvim-treesitter": "nvim-treesitter", "pastel": "pastel", "pure": "pure", diff --git a/flake.nix b/flake.nix index 407c4fa..f8866db 100644 --- a/flake.nix +++ b/flake.nix @@ -40,6 +40,7 @@ # containers c-amethyst.url = "path:./containers/amethyst"; c-beryllium.url = "path:./containers/beryllium"; + c-citrine.url = "path:./containers/citrine"; }; outputs = { self, agenix, catppuccin, nixpkgs, ... } @ inputs: diff --git a/hosts/anemone/default.nix b/hosts/anemone/default.nix index aa4c81b..367e975 100644 --- a/hosts/anemone/default.nix +++ b/hosts/anemone/default.nix @@ -37,6 +37,8 @@ ../../users/rin modules.services.syncthing + + inputs.c-citrine.nixosModule ]; me = { From 18c6cb6773947ef80f23d2dbb42fe282bb8d0823 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Mon, 16 Mar 2026 01:02:28 +1100 Subject: [PATCH 164/301] containers/citrine: add cli to packages --- containers/citrine/configuration.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/containers/citrine/configuration.nix b/containers/citrine/configuration.nix index 90cdb0d..35d4e8b 100644 --- a/containers/citrine/configuration.nix +++ b/containers/citrine/configuration.nix @@ -1,4 +1,4 @@ -{ ... }: { +{ config, ... }: { system.stateVersion = "25.11"; networking.firewall.allowedTCPPorts = [ 3000 ]; networking.firewall.allowedUDPPorts = [ 3000 ]; @@ -16,4 +16,6 @@ }; stateDir = "/persist/forgejo"; }; + + environment.systemPackages = [ config.services.forgejo.package ]; } From fd3e877d3d5093bac8244c195c15ff246553d830 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Mon, 16 Mar 2026 01:12:40 +1100 Subject: [PATCH 165/301] containers/citrine: simplify networking --- containers/citrine/flake.nix | 8 -------- 1 file changed, 8 deletions(-) diff --git a/containers/citrine/flake.nix b/containers/citrine/flake.nix index bd6ccdf..bb4c1f4 100644 --- a/containers/citrine/flake.nix +++ b/containers/citrine/flake.nix @@ -11,12 +11,6 @@ name = "citrine"; subnet = "3"; in { - # networking.nat = { - # enable = true; - # enableIPv6 = true; - # internalInterfaces = [ "ve-${name}" ]; - # }; - services.nginx.virtualHosts."garden.lava.moe" = { useACMEHost = "lava.moe"; forceSSL = true; @@ -27,8 +21,6 @@ containers.${name} = { autoStart = true; privateNetwork = true; - hostAddress = "10.30.${subnet}.1"; - localAddress = "10.30.${subnet}.2"; hostAddress6 = "fd0d:1::${subnet}:1"; localAddress6 = "fd0d:1::${subnet}:2"; # privateUsers = "pick"; From 2a27838974be5a23f399a37d0d9a529da9e88237 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Mon, 16 Mar 2026 01:13:36 +1100 Subject: [PATCH 166/301] hosts/dandelion: move citrine from anemone --- hosts/anemone/default.nix | 2 -- hosts/dandelion/default.nix | 1 + 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/hosts/anemone/default.nix b/hosts/anemone/default.nix index 367e975..aa4c81b 100644 --- a/hosts/anemone/default.nix +++ b/hosts/anemone/default.nix @@ -37,8 +37,6 @@ ../../users/rin modules.services.syncthing - - inputs.c-citrine.nixosModule ]; me = { diff --git a/hosts/dandelion/default.nix b/hosts/dandelion/default.nix index 7500d21..3f87d87 100644 --- a/hosts/dandelion/default.nix +++ b/hosts/dandelion/default.nix @@ -26,6 +26,7 @@ inputs.c-amethyst.nixosModule inputs.c-beryllium.nixosModule + inputs.c-citrine.nixosModule ./filesystem.nix ./kernel.nix From d57703089247253842032ddfd7ce383e14587619 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Mon, 16 Mar 2026 02:04:31 +1100 Subject: [PATCH 167/301] containers/citrine: customise homepage and disable registrations --- containers/citrine/configuration.nix | 7 ++++++- containers/citrine/templates/home.tmpl | 19 +++++++++++++++++++ 2 files changed, 25 insertions(+), 1 deletion(-) create mode 100644 containers/citrine/templates/home.tmpl diff --git a/containers/citrine/configuration.nix b/containers/citrine/configuration.nix index 35d4e8b..b7106a1 100644 --- a/containers/citrine/configuration.nix +++ b/containers/citrine/configuration.nix @@ -3,16 +3,21 @@ networking.firewall.allowedTCPPorts = [ 3000 ]; networking.firewall.allowedUDPPorts = [ 3000 ]; + systemd.tmpfiles.rules = [ + "L+ /persist/forgejo/custom/templates - - - - ${./templates}" + ]; + services.forgejo = { enable = true; lfs.enable = true; settings = { + DEFAULT.APP_NAME = "Garden"; server = { DOMAIN = "garden.lava.moe"; ROOT_URL = "https://garden.lava.moe/"; HTTP_PORT = 3000; }; - service.DISABLE_REGISTRATION = false; + service.DISABLE_REGISTRATION = true; }; stateDir = "/persist/forgejo"; }; diff --git a/containers/citrine/templates/home.tmpl b/containers/citrine/templates/home.tmpl new file mode 100644 index 0000000..853077a --- /dev/null +++ b/containers/citrine/templates/home.tmpl @@ -0,0 +1,19 @@ +{{template "base/head" .}} +{{if not .IsSigned}} + +{{end}} +
+
+
+ +
+

+ {{AppDisplayName}} +

+

{{ctx.Locale.Tr "startpage.app_desc"}}

+
+
+
+ {{template "home_forgejo" .}} +
+{{template "base/footer" .}} From 15c4e4fc51553e6cec7b36a5ba9d925b8b49c3bb Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Mon, 16 Mar 2026 02:32:09 +1100 Subject: [PATCH 168/301] containers/citrine: catppuccin theming --- containers/citrine/configuration.nix | 17 +++- containers/citrine/flake.lock | 37 ++++++++- containers/citrine/flake.nix | 13 +++- .../templates/base/footer_content.tmpl | 31 ++++++++ containers/citrine/templates/home.tmpl | 24 +++--- flake.lock | 77 ++++++++++++++----- hosts/anemone/default.nix | 2 + 7 files changed, 163 insertions(+), 38 deletions(-) create mode 100644 containers/citrine/templates/base/footer_content.tmpl diff --git a/containers/citrine/configuration.nix b/containers/citrine/configuration.nix index b7106a1..fccb236 100644 --- a/containers/citrine/configuration.nix +++ b/containers/citrine/configuration.nix @@ -1,4 +1,4 @@ -{ config, ... }: { +{ config, lib, ... }: { system.stateVersion = "25.11"; networking.firewall.allowedTCPPorts = [ 3000 ]; networking.firewall.allowedUDPPorts = [ 3000 ]; @@ -17,10 +17,25 @@ ROOT_URL = "https://garden.lava.moe/"; HTTP_PORT = 3000; }; + ui = lib.mkForce { + DEFAULT_THEME = "catppuccin-maroon-auto"; + THEMES = lib.strings.concatMapStringsSep "," (x: "${x}-auto") [ + "catppuccin-pink" + "catppuccin-maroon" + "catppuccin-flamingo" + "catppuccin-rosewater" + "forgejo" + "gitea" + ]; + }; + api.ENABLE_SWAGGER = false; + other.SHOW_FOOTER_TEMPLATE_LOAD_TIME = false; service.DISABLE_REGISTRATION = true; }; stateDir = "/persist/forgejo"; }; + catppuccin.forgejo.enable = true; + environment.systemPackages = [ config.services.forgejo.package ]; } diff --git a/containers/citrine/flake.lock b/containers/citrine/flake.lock index 88ab73f..d627614 100644 --- a/containers/citrine/flake.lock +++ b/containers/citrine/flake.lock @@ -1,6 +1,40 @@ { "nodes": { + "catppuccin": { + "inputs": { + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1773403535, + "narHash": "sha256-47MZaFrHxNO8tVUAmtVnerXUw2WWVluBOiU9MulN/yM=", + "owner": "catppuccin", + "repo": "nix", + "rev": "d45b5665cc638bad1b794350de02f4dd41b0bb47", + "type": "github" + }, + "original": { + "owner": "catppuccin", + "repo": "nix", + "type": "github" + } + }, "nixpkgs": { + "locked": { + "lastModified": 1773122722, + "narHash": "sha256-FIqHByVqxCprNjor1NqF80F2QQoiiyqanNNefdlvOg4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "62dc67aa6a52b4364dd75994ec00b51fbf474e50", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { "locked": { "lastModified": 1773282481, "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=", @@ -18,7 +52,8 @@ }, "root": { "inputs": { - "nixpkgs": "nixpkgs" + "catppuccin": "catppuccin", + "nixpkgs": "nixpkgs_2" } } }, diff --git a/containers/citrine/flake.nix b/containers/citrine/flake.nix index bb4c1f4..72ff573 100644 --- a/containers/citrine/flake.nix +++ b/containers/citrine/flake.nix @@ -1,10 +1,17 @@ { inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + catppuccin.url = "github:catppuccin/nix"; }; - outputs = { nixpkgs, ... }: { + outputs = { nixpkgs, catppuccin, ... }: + let + modules = [ + ./configuration.nix + catppuccin.nixosModules.catppuccin + ]; + in { nixosConfigurations.container = nixpkgs.lib.nixosSystem { - modules = [ ./configuration.nix ]; + inherit modules; }; nixosModule = { ... }: let @@ -26,7 +33,7 @@ # privateUsers = "pick"; nixpkgs = nixpkgs; ephemeral = true; - config = { imports = [ ./configuration.nix ]; }; + config = { imports = modules; }; bindMounts."persist" = { hostPath = "/persist/containers/${name}"; diff --git a/containers/citrine/templates/base/footer_content.tmpl b/containers/citrine/templates/base/footer_content.tmpl new file mode 100644 index 0000000..a9238c3 --- /dev/null +++ b/containers/citrine/templates/base/footer_content.tmpl @@ -0,0 +1,31 @@ +
+ +
+
+ {{svg "octicon-globe" 14}} {{ctx.Locale.LangName}} +
+ {{range .AllLangs}} + {{.Name}} + {{end}} +
+
+ {{ctx.Locale.Tr "licenses"}} + {{if .EnableSwagger}}API{{end}} + {{template "custom/extra_links_footer" .}} +
+
diff --git a/containers/citrine/templates/home.tmpl b/containers/citrine/templates/home.tmpl index 853077a..d460caf 100644 --- a/containers/citrine/templates/home.tmpl +++ b/containers/citrine/templates/home.tmpl @@ -3,17 +3,17 @@ {{end}}
-
-
- -
-

- {{AppDisplayName}} -

-

{{ctx.Locale.Tr "startpage.app_desc"}}

-
-
-
- {{template "home_forgejo" .}} +
+
+ +
+

+ {{AppDisplayName}} +

+

{{ctx.Locale.Tr "startpage.app_desc"}}

+
+
+
+ {{template "home_forgejo" .}}
{{template "base/footer" .}} diff --git a/flake.lock b/flake.lock index cd62ccb..1484f08 100644 --- a/flake.lock +++ b/flake.lock @@ -73,7 +73,8 @@ }, "c-citrine": { "inputs": { - "nixpkgs": "nixpkgs_5" + "catppuccin": "catppuccin", + "nixpkgs": "nixpkgs_6" }, "locked": { "path": "./containers/citrine", @@ -87,28 +88,19 @@ }, "catppuccin": { "inputs": { - "catppuccin-v1_1": "catppuccin-v1_1", - "catppuccin-v1_2": "catppuccin-v1_2", - "home-manager": "home-manager_2", - "home-manager-stable": "home-manager-stable", - "nixpkgs": [ - "nixpkgs" - ], - "nixpkgs-stable": "nixpkgs-stable", - "nuscht-search": "nuscht-search" + "nixpkgs": "nixpkgs_5" }, "locked": { - "lastModified": 1736069220, - "narHash": "sha256-76MaB3COao55nlhWmSmq9PKgu2iGIs54C1cAE0E5J6Y=", + "lastModified": 1773403535, + "narHash": "sha256-47MZaFrHxNO8tVUAmtVnerXUw2WWVluBOiU9MulN/yM=", "owner": "catppuccin", "repo": "nix", - "rev": "8eada392fd6571a747e1c5fc358dd61c14c8704e", + "rev": "d45b5665cc638bad1b794350de02f4dd41b0bb47", "type": "github" }, "original": { "owner": "catppuccin", "repo": "nix", - "rev": "8eada392fd6571a747e1c5fc358dd61c14c8704e", "type": "github" } }, @@ -156,6 +148,33 @@ "url": "https://flakehub.com/f/catppuccin/nix/1.2.%2A.tar.gz" } }, + "catppuccin_2": { + "inputs": { + "catppuccin-v1_1": "catppuccin-v1_1", + "catppuccin-v1_2": "catppuccin-v1_2", + "home-manager": "home-manager_2", + "home-manager-stable": "home-manager-stable", + "nixpkgs": [ + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable", + "nuscht-search": "nuscht-search" + }, + "locked": { + "lastModified": 1736069220, + "narHash": "sha256-76MaB3COao55nlhWmSmq9PKgu2iGIs54C1cAE0E5J6Y=", + "owner": "catppuccin", + "repo": "nix", + "rev": "8eada392fd6571a747e1c5fc358dd61c14c8704e", + "type": "github" + }, + "original": { + "owner": "catppuccin", + "repo": "nix", + "rev": "8eada392fd6571a747e1c5fc358dd61c14c8704e", + "type": "github" + } + }, "darwin": { "inputs": { "nixpkgs": [ @@ -472,7 +491,7 @@ "nix-gaming": { "inputs": { "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs_6" + "nixpkgs": "nixpkgs_7" }, "locked": { "lastModified": 1770778188, @@ -604,6 +623,22 @@ } }, "nixpkgs_5": { + "locked": { + "lastModified": 1773122722, + "narHash": "sha256-FIqHByVqxCprNjor1NqF80F2QQoiiyqanNNefdlvOg4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "62dc67aa6a52b4364dd75994ec00b51fbf474e50", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_6": { "locked": { "lastModified": 1773282481, "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=", @@ -619,7 +654,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_7": { "locked": { "lastModified": 1770537093, "narHash": "sha256-pF1quXG5wsgtyuPOHcLfYg/ft/QMr8NnX0i6tW2187s=", @@ -635,7 +670,7 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_8": { "locked": { "lastModified": 1770562336, "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", @@ -651,7 +686,7 @@ "type": "github" } }, - "nixpkgs_8": { + "nixpkgs_9": { "locked": { "lastModified": 1770019141, "narHash": "sha256-VKS4ZLNx4PNrABoB0L8KUpc1fE7CLpQXQs985tGfaCU=", @@ -709,7 +744,7 @@ "pastel": { "inputs": { "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs_8", + "nixpkgs": "nixpkgs_9", "pnpm2nix": "pnpm2nix" }, "locked": { @@ -772,7 +807,7 @@ "c-amethyst": "c-amethyst", "c-beryllium": "c-beryllium", "c-citrine": "c-citrine", - "catppuccin": "catppuccin", + "catppuccin": "catppuccin_2", "catppuccin-palette": "catppuccin-palette", "fast-syntax-highlighting": "fast-syntax-highlighting", "home-manager": "home-manager_3", @@ -780,7 +815,7 @@ "neovim-nightly": "neovim-nightly", "nix-gaming": "nix-gaming", "nix-index-database": "nix-index-database", - "nixpkgs": "nixpkgs_7", + "nixpkgs": "nixpkgs_8", "nvim-treesitter": "nvim-treesitter", "pastel": "pastel", "pure": "pure", diff --git a/hosts/anemone/default.nix b/hosts/anemone/default.nix index aa4c81b..1d0bdab 100644 --- a/hosts/anemone/default.nix +++ b/hosts/anemone/default.nix @@ -30,6 +30,8 @@ snapper wireguard + inputs.c-citrine.nixosModule + ./filesystem.nix ./kernel.nix ./networking.nix From fa3872647d0f514942f449ffd0cb4cb4aa888423 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Mon, 16 Mar 2026 03:40:35 +1100 Subject: [PATCH 169/301] containers/citrine: forward ssh --- containers/citrine/flake.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/containers/citrine/flake.nix b/containers/citrine/flake.nix index 72ff573..4326ff7 100644 --- a/containers/citrine/flake.nix +++ b/containers/citrine/flake.nix @@ -18,6 +18,16 @@ name = "citrine"; subnet = "3"; in { + # TODO: this is likely dandelion specific + networking.firewall.extraCommands = '' + ip6tables -t nat -A PREROUTING -d fd0d::1:1003 -p tcp --dport 22 -j DNAT --to-destination fd0d:1::${subnet}:2 + ip6tables -t nat -A POSTROUTING -d fd0d:1::${subnet}:2 -p tcp --dport 22 -j SNAT --to-source fd0d::1:1003 + ''; + networking.firewall.extraStopCommands = '' + ip6tables -t nat -D PREROUTING -d fd0d::1:1003 -p tcp --dport 22 -j DNAT --to-destination fd0d:1::${subnet}:2 || true + ip6tables -t nat -D POSTROUTING -d fd0d:1::${subnet}:2 -p tcp --dport 22 -j SNAT --to-source fd0d::1:1003 || true + ''; + services.nginx.virtualHosts."garden.lava.moe" = { useACMEHost = "lava.moe"; forceSSL = true; From 49c161e8abb84cb267650173f00513247bcd769d Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Mon, 16 Mar 2026 03:43:07 +1100 Subject: [PATCH 170/301] hosts/anemone: remove citrine --- hosts/anemone/default.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/hosts/anemone/default.nix b/hosts/anemone/default.nix index 1d0bdab..aa4c81b 100644 --- a/hosts/anemone/default.nix +++ b/hosts/anemone/default.nix @@ -30,8 +30,6 @@ snapper wireguard - inputs.c-citrine.nixosModule - ./filesystem.nix ./kernel.nix ./networking.nix From 27cf526c4760667e07ce6618194150294e3fee78 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Mon, 16 Mar 2026 16:07:08 +1100 Subject: [PATCH 171/301] containers/citrine: fix forwarding --- containers/citrine/configuration.nix | 13 +++++++++++-- containers/citrine/flake.nix | 10 ---------- 2 files changed, 11 insertions(+), 12 deletions(-) diff --git a/containers/citrine/configuration.nix b/containers/citrine/configuration.nix index fccb236..f84f8b6 100644 --- a/containers/citrine/configuration.nix +++ b/containers/citrine/configuration.nix @@ -1,7 +1,7 @@ { config, lib, ... }: { system.stateVersion = "25.11"; - networking.firewall.allowedTCPPorts = [ 3000 ]; - networking.firewall.allowedUDPPorts = [ 3000 ]; + networking.firewall.allowedTCPPorts = [ 22 3000 ]; + networking.firewall.allowedUDPPorts = [ 22 3000 ]; systemd.tmpfiles.rules = [ "L+ /persist/forgejo/custom/templates - - - - ${./templates}" @@ -16,6 +16,9 @@ DOMAIN = "garden.lava.moe"; ROOT_URL = "https://garden.lava.moe/"; HTTP_PORT = 3000; + START_SSH_SERVER = true; + BUILTIN_SSH_SERVER_USER = "git"; + SSH_DOMAIN = "git.lava.moe"; }; ui = lib.mkForce { DEFAULT_THEME = "catppuccin-maroon-auto"; @@ -35,6 +38,12 @@ stateDir = "/persist/forgejo"; }; + systemd.services.forgejo.serviceConfig = { + AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ]; + CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ]; + PrivateUsers = lib.mkForce false; + }; + catppuccin.forgejo.enable = true; environment.systemPackages = [ config.services.forgejo.package ]; diff --git a/containers/citrine/flake.nix b/containers/citrine/flake.nix index 4326ff7..72ff573 100644 --- a/containers/citrine/flake.nix +++ b/containers/citrine/flake.nix @@ -18,16 +18,6 @@ name = "citrine"; subnet = "3"; in { - # TODO: this is likely dandelion specific - networking.firewall.extraCommands = '' - ip6tables -t nat -A PREROUTING -d fd0d::1:1003 -p tcp --dport 22 -j DNAT --to-destination fd0d:1::${subnet}:2 - ip6tables -t nat -A POSTROUTING -d fd0d:1::${subnet}:2 -p tcp --dport 22 -j SNAT --to-source fd0d::1:1003 - ''; - networking.firewall.extraStopCommands = '' - ip6tables -t nat -D PREROUTING -d fd0d::1:1003 -p tcp --dport 22 -j DNAT --to-destination fd0d:1::${subnet}:2 || true - ip6tables -t nat -D POSTROUTING -d fd0d:1::${subnet}:2 -p tcp --dport 22 -j SNAT --to-source fd0d::1:1003 || true - ''; - services.nginx.virtualHosts."garden.lava.moe" = { useACMEHost = "lava.moe"; forceSSL = true; From ffcd5c93d2258e6d719bbd9077332b36267ca6b9 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Mon, 16 Mar 2026 16:18:41 +1100 Subject: [PATCH 172/301] containers/citrine: enable nat --- containers/citrine/flake.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/containers/citrine/flake.nix b/containers/citrine/flake.nix index 72ff573..5f6c381 100644 --- a/containers/citrine/flake.nix +++ b/containers/citrine/flake.nix @@ -18,6 +18,12 @@ name = "citrine"; subnet = "3"; in { + networking.nat = { + enable = true; + enableIPv6 = true; + internalInterfaces = [ "ve-${name}" ]; + }; + services.nginx.virtualHosts."garden.lava.moe" = { useACMEHost = "lava.moe"; forceSSL = true; From a7afbda1091c85eb012aa6495f13b91bf632db9f Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Mon, 16 Mar 2026 16:24:12 +1100 Subject: [PATCH 173/301] containers/citrine: refactor networking and use proper nameservers --- containers/citrine/flake.nix | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/containers/citrine/flake.nix b/containers/citrine/flake.nix index 5f6c381..1a2573e 100644 --- a/containers/citrine/flake.nix +++ b/containers/citrine/flake.nix @@ -5,19 +5,25 @@ }; outputs = { nixpkgs, catppuccin, ... }: let + name = "citrine"; + subnetId = "3"; + subnet = x: "fd0d:1::${subnetId}:${x}"; + host = subnet 1; + client = subnet 2; + modules = [ ./configuration.nix catppuccin.nixosModules.catppuccin + { + networking.useHostResolvConf = false; + networking.nameservers = [ host ]; + } ]; in { nixosConfigurations.container = nixpkgs.lib.nixosSystem { inherit modules; }; - nixosModule = { ... }: - let - name = "citrine"; - subnet = "3"; - in { + nixosModule = { ... }: { networking.nat = { enable = true; enableIPv6 = true; @@ -27,15 +33,15 @@ services.nginx.virtualHosts."garden.lava.moe" = { useACMEHost = "lava.moe"; forceSSL = true; - locations."/".proxyPass = "http://[fd0d:1::${subnet}:2]:3000"; + locations."/".proxyPass = "http://[${client}]:3000"; }; systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ]; containers.${name} = { autoStart = true; privateNetwork = true; - hostAddress6 = "fd0d:1::${subnet}:1"; - localAddress6 = "fd0d:1::${subnet}:2"; + hostAddress6 = host; + localAddress6 = client; # privateUsers = "pick"; nixpkgs = nixpkgs; ephemeral = true; From 1936294ea4a67602aada8f3369c26bb95af4ff95 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Mon, 16 Mar 2026 16:25:25 +1100 Subject: [PATCH 174/301] containers/citrine: oops --- containers/citrine/flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/citrine/flake.nix b/containers/citrine/flake.nix index 1a2573e..5ac3fe3 100644 --- a/containers/citrine/flake.nix +++ b/containers/citrine/flake.nix @@ -7,7 +7,7 @@ let name = "citrine"; subnetId = "3"; - subnet = x: "fd0d:1::${subnetId}:${x}"; + subnet = x: "fd0d:1::${subnetId}:${toString x}"; host = subnet 1; client = subnet 2; From 7226266c30a4a57051a049767787187e7f425f70 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Mon, 16 Mar 2026 16:31:58 +1100 Subject: [PATCH 175/301] containers/citrine: enable ipv4 bc ipv6 is broken and i cba :sob: --- containers/citrine/flake.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/containers/citrine/flake.nix b/containers/citrine/flake.nix index 5ac3fe3..17eef3e 100644 --- a/containers/citrine/flake.nix +++ b/containers/citrine/flake.nix @@ -7,10 +7,15 @@ let name = "citrine"; subnetId = "3"; + subnet = x: "fd0d:1::${subnetId}:${toString x}"; host = subnet 1; client = subnet 2; + subnet4 = x: "10.30.${subnetId}.${toString x}"; + host4 = subnet4 1; + client4 = subnet4 2; + modules = [ ./configuration.nix catppuccin.nixosModules.catppuccin @@ -40,6 +45,8 @@ containers.${name} = { autoStart = true; privateNetwork = true; + hostAddress = host4; + localAddress = client4; hostAddress6 = host; localAddress6 = client; # privateUsers = "pick"; From c4bd8d3fa15d7af8a47e287db0526536e36b973f Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Mon, 16 Mar 2026 16:36:46 +1100 Subject: [PATCH 176/301] containers/citrine: use pq kex algorithms for ssh --- containers/citrine/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/containers/citrine/configuration.nix b/containers/citrine/configuration.nix index f84f8b6..05a099a 100644 --- a/containers/citrine/configuration.nix +++ b/containers/citrine/configuration.nix @@ -19,6 +19,7 @@ START_SSH_SERVER = true; BUILTIN_SSH_SERVER_USER = "git"; SSH_DOMAIN = "git.lava.moe"; + SSH_SERVER_KEY_EXCHANGES = "mlkem768x25519-sha256,sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256"; }; ui = lib.mkForce { DEFAULT_THEME = "catppuccin-maroon-auto"; From 3a45f85c37507ef234782f2c2606e28f69ebb161 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Tue, 17 Mar 2026 02:10:11 +1100 Subject: [PATCH 177/301] dandelion/networking: disable dhcp on enp2s0 --- hosts/dandelion/networking.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/dandelion/networking.nix b/hosts/dandelion/networking.nix index ee27faf..322719e 100644 --- a/hosts/dandelion/networking.nix +++ b/hosts/dandelion/networking.nix @@ -1,3 +1,4 @@ { ... }: { networking.useDHCP = true; + networking.interfaces.enp2s0.useDHCP = false; } From 66332a980a14ac976ac5c88db79b8eaaf7a10bce Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Tue, 17 Mar 2026 14:37:36 +1100 Subject: [PATCH 178/301] containers/diamond: init --- containers/diamond/configuration.nix | 18 +++++ containers/diamond/flake.lock | 27 +++++++ containers/diamond/flake.nix | 48 +++++++++++++ .../templates/base/footer_content.tmpl | 31 ++++++++ containers/diamond/templates/home.tmpl | 19 +++++ flake.lock | 71 +++++++++++++------ flake.nix | 1 + hosts/dandelion/default.nix | 1 + 8 files changed, 196 insertions(+), 20 deletions(-) create mode 100644 containers/diamond/configuration.nix create mode 100644 containers/diamond/flake.lock create mode 100644 containers/diamond/flake.nix create mode 100644 containers/diamond/templates/base/footer_content.tmpl create mode 100644 containers/diamond/templates/home.tmpl diff --git a/containers/diamond/configuration.nix b/containers/diamond/configuration.nix new file mode 100644 index 0000000..60a98d0 --- /dev/null +++ b/containers/diamond/configuration.nix @@ -0,0 +1,18 @@ +{ config, lib, ... }: { + system.stateVersion = "25.11"; + systemd.tmpfiles.rules = [ + "d /persist/vaultwarden 755 vaultwarden vaultwarden" + ]; + fileSystems."/var/lib/vaultwarden" = { + device = "/persist/vaultwarden"; + fsType = "none"; + options = [ "bind" ]; + }; + networking.firewall.allowedTCPPorts = [ 8000 ]; + networking.firewall.allowedUDPPorts = [ 8000 ]; + + services.vaultwarden = { + enable = true; + domain = "diamond.local.lava.moe"; + }; +} diff --git a/containers/diamond/flake.lock b/containers/diamond/flake.lock new file mode 100644 index 0000000..88ab73f --- /dev/null +++ b/containers/diamond/flake.lock @@ -0,0 +1,27 @@ +{ + "nodes": { + "nixpkgs": { + "locked": { + "lastModified": 1773282481, + "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/containers/diamond/flake.nix b/containers/diamond/flake.nix new file mode 100644 index 0000000..d22af24 --- /dev/null +++ b/containers/diamond/flake.nix @@ -0,0 +1,48 @@ +{ + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + }; + outputs = { nixpkgs, ... }: + let + name = "diamond"; + subnetId = "4"; + + subnet = x: "fd0d:1::${subnetId}:${toString x}"; + host = subnet 1; + client = subnet 2; + + modules = [ + ./configuration.nix + ]; + in { + nixosConfigurations.container = nixpkgs.lib.nixosSystem { + inherit modules; + }; + nixosModule = { ... }: { + services.nginx.virtualHosts."diamond.local.lava.moe" = { + useACMEHost = "lava.moe"; + forceSSL = true; + locations."/".proxyPass = "http://[${client}]:8000"; + }; + + systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ]; + containers.${name} = { + autoStart = true; + privateNetwork = true; + hostAddress6 = host; + localAddress6 = client; + # privateUsers = "pick"; + nixpkgs = nixpkgs; + ephemeral = true; + config = { imports = modules; }; + + bindMounts."persist" = { + hostPath = "/persist/containers/${name}"; + mountPoint = "/persist"; + isReadOnly = false; + }; + # flake = "path:" + ./.; + }; + }; + }; +} diff --git a/containers/diamond/templates/base/footer_content.tmpl b/containers/diamond/templates/base/footer_content.tmpl new file mode 100644 index 0000000..a9238c3 --- /dev/null +++ b/containers/diamond/templates/base/footer_content.tmpl @@ -0,0 +1,31 @@ +
+ +
+
+ {{svg "octicon-globe" 14}} {{ctx.Locale.LangName}} +
+ {{range .AllLangs}} + {{.Name}} + {{end}} +
+
+ {{ctx.Locale.Tr "licenses"}} + {{if .EnableSwagger}}API{{end}} + {{template "custom/extra_links_footer" .}} +
+
diff --git a/containers/diamond/templates/home.tmpl b/containers/diamond/templates/home.tmpl new file mode 100644 index 0000000..d460caf --- /dev/null +++ b/containers/diamond/templates/home.tmpl @@ -0,0 +1,19 @@ +{{template "base/head" .}} +{{if not .IsSigned}} + +{{end}} +
+
+
+ +
+

+ {{AppDisplayName}} +

+

{{ctx.Locale.Tr "startpage.app_desc"}}

+
+
+
+ {{template "home_forgejo" .}} +
+{{template "base/footer" .}} diff --git a/flake.lock b/flake.lock index 1484f08..5215cc5 100644 --- a/flake.lock +++ b/flake.lock @@ -86,6 +86,20 @@ }, "parent": [] }, + "c-diamond": { + "inputs": { + "nixpkgs": "nixpkgs_7" + }, + "locked": { + "path": "./containers/diamond", + "type": "path" + }, + "original": { + "path": "./containers/diamond", + "type": "path" + }, + "parent": [] + }, "catppuccin": { "inputs": { "nixpkgs": "nixpkgs_5" @@ -491,7 +505,7 @@ "nix-gaming": { "inputs": { "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs_7" + "nixpkgs": "nixpkgs_8" }, "locked": { "lastModified": 1770778188, @@ -574,6 +588,22 @@ "type": "github" } }, + "nixpkgs_10": { + "locked": { + "lastModified": 1770019141, + "narHash": "sha256-VKS4ZLNx4PNrABoB0L8KUpc1fE7CLpQXQs985tGfaCU=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "cb369ef2efd432b3cdf8622b0ffc0a97a02f3137", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs_2": { "locked": { "lastModified": 1744536153, @@ -655,6 +685,22 @@ } }, "nixpkgs_7": { + "locked": { + "lastModified": 1773282481, + "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_8": { "locked": { "lastModified": 1770537093, "narHash": "sha256-pF1quXG5wsgtyuPOHcLfYg/ft/QMr8NnX0i6tW2187s=", @@ -670,7 +716,7 @@ "type": "github" } }, - "nixpkgs_8": { + "nixpkgs_9": { "locked": { "lastModified": 1770562336, "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", @@ -686,22 +732,6 @@ "type": "github" } }, - "nixpkgs_9": { - "locked": { - "lastModified": 1770019141, - "narHash": "sha256-VKS4ZLNx4PNrABoB0L8KUpc1fE7CLpQXQs985tGfaCU=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "cb369ef2efd432b3cdf8622b0ffc0a97a02f3137", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nuscht-search": { "inputs": { "flake-utils": "flake-utils", @@ -744,7 +774,7 @@ "pastel": { "inputs": { "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs_9", + "nixpkgs": "nixpkgs_10", "pnpm2nix": "pnpm2nix" }, "locked": { @@ -807,6 +837,7 @@ "c-amethyst": "c-amethyst", "c-beryllium": "c-beryllium", "c-citrine": "c-citrine", + "c-diamond": "c-diamond", "catppuccin": "catppuccin_2", "catppuccin-palette": "catppuccin-palette", "fast-syntax-highlighting": "fast-syntax-highlighting", @@ -815,7 +846,7 @@ "neovim-nightly": "neovim-nightly", "nix-gaming": "nix-gaming", "nix-index-database": "nix-index-database", - "nixpkgs": "nixpkgs_8", + "nixpkgs": "nixpkgs_9", "nvim-treesitter": "nvim-treesitter", "pastel": "pastel", "pure": "pure", diff --git a/flake.nix b/flake.nix index f8866db..db68cbd 100644 --- a/flake.nix +++ b/flake.nix @@ -41,6 +41,7 @@ c-amethyst.url = "path:./containers/amethyst"; c-beryllium.url = "path:./containers/beryllium"; c-citrine.url = "path:./containers/citrine"; + c-diamond.url = "path:./containers/diamond"; }; outputs = { self, agenix, catppuccin, nixpkgs, ... } @ inputs: diff --git a/hosts/dandelion/default.nix b/hosts/dandelion/default.nix index 3f87d87..e7c332a 100644 --- a/hosts/dandelion/default.nix +++ b/hosts/dandelion/default.nix @@ -27,6 +27,7 @@ inputs.c-amethyst.nixosModule inputs.c-beryllium.nixosModule inputs.c-citrine.nixosModule + inputs.c-diamond.nixosModule ./filesystem.nix ./kernel.nix From 518c718a5da01fcf912b218e4bd94c0c37aef043 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Tue, 17 Mar 2026 17:01:15 +1100 Subject: [PATCH 179/301] containers: clean up domain names --- containers/amethyst/flake.nix | 3 ++- containers/beryllium/flake.nix | 9 ++++----- containers/citrine/configuration.nix | 6 +++--- containers/citrine/flake.nix | 4 +++- containers/diamond/configuration.nix | 4 ++-- containers/diamond/flake.nix | 4 +++- 6 files changed, 17 insertions(+), 13 deletions(-) diff --git a/containers/amethyst/flake.nix b/containers/amethyst/flake.nix index 4865e29..5b9817e 100644 --- a/containers/amethyst/flake.nix +++ b/containers/amethyst/flake.nix @@ -9,6 +9,7 @@ nixosModule = { ... }: let name = "amethyst"; + fqdn = "amethyst.lava.moe"; subnet = "1"; in { networking.nat = { @@ -17,7 +18,7 @@ internalInterfaces = [ "ve-${name}" ]; }; - services.nginx.virtualHosts."${name}.local.lava.moe" = { + services.nginx.virtualHosts."${fqdn}" = { useACMEHost = "lava.moe"; forceSSL = true; locations."/".proxyPass = "http://[fd0d:1::${subnet}:2]:9091"; diff --git a/containers/beryllium/flake.nix b/containers/beryllium/flake.nix index adab4f0..c6b6cae 100644 --- a/containers/beryllium/flake.nix +++ b/containers/beryllium/flake.nix @@ -9,6 +9,7 @@ nixosModule = { ... }: let name = "beryllium"; + fqdn = "beryllium.lava.moe"; subnet = "2"; in { networking.nat = { @@ -17,7 +18,7 @@ internalInterfaces = [ "ve-${name}" ]; }; - services.nginx.virtualHosts."${name}.lava.moe" = { + services.nginx.virtualHosts."${fqdn}" = { useACMEHost = "lava.moe"; forceSSL = true; locations."/".extraConfig = "return 302 'https://lava.moe';"; @@ -29,7 +30,7 @@ services.nginx.virtualHosts."lava.moe" = { locations."= /.well-known/matrix/server".extraConfig = let - server = { "m.server" = "beryllium.lava.moe:443"; }; + server = { "m.server" = "${fqdn}:443"; }; in '' add_header Content-Type application/json; return 200 '${builtins.toJSON server}'; @@ -37,7 +38,7 @@ locations."= /.well-known/matrix/client".extraConfig = let client = { - "m.homeserver" = { "base_url" = "https://beryllium.lava.moe"; }; + "m.homeserver" = { "base_url" = "https://${fqdn}"; }; # "m.identity_server" = { "base_url" = "https://vector.im"; }; }; in '' @@ -51,8 +52,6 @@ containers.${name} = { autoStart = true; privateNetwork = true; - hostAddress = "10.30.${subnet}.1"; - localAddress = "10.30.${subnet}.2"; hostAddress6 = "fd0d:1::${subnet}:1"; localAddress6 = "fd0d:1::${subnet}:2"; # privateUsers = "pick"; diff --git a/containers/citrine/configuration.nix b/containers/citrine/configuration.nix index 05a099a..996ffb2 100644 --- a/containers/citrine/configuration.nix +++ b/containers/citrine/configuration.nix @@ -1,4 +1,4 @@ -{ config, lib, ... }: { +{ config, fqdn, lib, ... }: { system.stateVersion = "25.11"; networking.firewall.allowedTCPPorts = [ 22 3000 ]; networking.firewall.allowedUDPPorts = [ 22 3000 ]; @@ -13,8 +13,8 @@ settings = { DEFAULT.APP_NAME = "Garden"; server = { - DOMAIN = "garden.lava.moe"; - ROOT_URL = "https://garden.lava.moe/"; + DOMAIN = fqdn; + ROOT_URL = "https://${fqdn}/"; HTTP_PORT = 3000; START_SSH_SERVER = true; BUILTIN_SSH_SERVER_USER = "git"; diff --git a/containers/citrine/flake.nix b/containers/citrine/flake.nix index 17eef3e..5673c9e 100644 --- a/containers/citrine/flake.nix +++ b/containers/citrine/flake.nix @@ -6,6 +6,7 @@ outputs = { nixpkgs, catppuccin, ... }: let name = "citrine"; + fqdn = "garden.lava.moe"; subnetId = "3"; subnet = x: "fd0d:1::${subnetId}:${toString x}"; @@ -35,7 +36,7 @@ internalInterfaces = [ "ve-${name}" ]; }; - services.nginx.virtualHosts."garden.lava.moe" = { + services.nginx.virtualHosts."${fqdn}" = { useACMEHost = "lava.moe"; forceSSL = true; locations."/".proxyPass = "http://[${client}]:3000"; @@ -53,6 +54,7 @@ nixpkgs = nixpkgs; ephemeral = true; config = { imports = modules; }; + specialArgs = { inherit fqdn; }; bindMounts."persist" = { hostPath = "/persist/containers/${name}"; diff --git a/containers/diamond/configuration.nix b/containers/diamond/configuration.nix index 60a98d0..c002e08 100644 --- a/containers/diamond/configuration.nix +++ b/containers/diamond/configuration.nix @@ -1,4 +1,4 @@ -{ config, lib, ... }: { +{ fqdn, ... }: { system.stateVersion = "25.11"; systemd.tmpfiles.rules = [ "d /persist/vaultwarden 755 vaultwarden vaultwarden" @@ -13,6 +13,6 @@ services.vaultwarden = { enable = true; - domain = "diamond.local.lava.moe"; + domain = fqdn; }; } diff --git a/containers/diamond/flake.nix b/containers/diamond/flake.nix index d22af24..f64f4f9 100644 --- a/containers/diamond/flake.nix +++ b/containers/diamond/flake.nix @@ -5,6 +5,7 @@ outputs = { nixpkgs, ... }: let name = "diamond"; + fqdn = "astransia.lava.moe"; subnetId = "4"; subnet = x: "fd0d:1::${subnetId}:${toString x}"; @@ -19,7 +20,7 @@ inherit modules; }; nixosModule = { ... }: { - services.nginx.virtualHosts."diamond.local.lava.moe" = { + services.nginx.virtualHosts."${fqdn}" = { useACMEHost = "lava.moe"; forceSSL = true; locations."/".proxyPass = "http://[${client}]:8000"; @@ -35,6 +36,7 @@ nixpkgs = nixpkgs; ephemeral = true; config = { imports = modules; }; + specialArgs = { inherit fqdn; }; bindMounts."persist" = { hostPath = "/persist/containers/${name}"; From 55e0d2525169d4e6332e36400a0aaadf7db66731 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Tue, 17 Mar 2026 17:06:49 +1100 Subject: [PATCH 180/301] containers/diamond: listen on ipv6 --- containers/diamond/configuration.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/containers/diamond/configuration.nix b/containers/diamond/configuration.nix index c002e08..01b4311 100644 --- a/containers/diamond/configuration.nix +++ b/containers/diamond/configuration.nix @@ -14,5 +14,9 @@ services.vaultwarden = { enable = true; domain = fqdn; + config = { + DOMAIN = "https://${fqdn}"; + ROCKET_ADDRESS = "::"; + }; }; } From b7665d9bd52226eca5a5ca25bf79b92d213e5143 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Tue, 17 Mar 2026 17:25:35 +1100 Subject: [PATCH 181/301] containers/diamond: only listen on local addresses TIL nginx will only route via amethyst if it's on local address, even if hostname doesn't match --- containers/diamond/flake.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/containers/diamond/flake.nix b/containers/diamond/flake.nix index f64f4f9..13b6b1e 100644 --- a/containers/diamond/flake.nix +++ b/containers/diamond/flake.nix @@ -24,6 +24,7 @@ useACMEHost = "lava.moe"; forceSSL = true; locations."/".proxyPass = "http://[${client}]:8000"; + listenAddresses = [ "10.0.0.1" "[fd0d::1]" ]; }; systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ]; From 0567313fa25c98519c2cc75ea72c0f9f2eacc928 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Tue, 17 Mar 2026 18:13:53 +1100 Subject: [PATCH 182/301] containers/emerald: init --- containers/emerald/configuration.nix | 21 +++++++++ containers/emerald/flake.lock | 27 +++++++++++ containers/emerald/flake.nix | 57 +++++++++++++++++++++++ flake.lock | 69 ++++++++++++++++++++-------- flake.nix | 1 + 5 files changed, 156 insertions(+), 19 deletions(-) create mode 100644 containers/emerald/configuration.nix create mode 100644 containers/emerald/flake.lock create mode 100644 containers/emerald/flake.nix diff --git a/containers/emerald/configuration.nix b/containers/emerald/configuration.nix new file mode 100644 index 0000000..ca7a920 --- /dev/null +++ b/containers/emerald/configuration.nix @@ -0,0 +1,21 @@ +{ fqdn, shareFqdn, ... }: { + system.stateVersion = "25.11"; + systemd.tmpfiles.rules = [ + "d /persist/music 755 navidrome navidrome" + "d /persist/navidrome 755 navidrome navidrome" + ]; + networking.firewall.allowedTCPPorts = [ 4533 ]; + networking.firewall.allowedUDPPorts = [ 4533 ]; + + services.navidrome = { + enable = true; + settings = { + Port = 4533; + Address = "[::]"; + BaseUrl = "https://${fqdn}/"; + ShareURL = shareFqdn; + DataFolder = "/persist/navidrome"; + MusicFolder = "/persist/music"; + }; + }; +} diff --git a/containers/emerald/flake.lock b/containers/emerald/flake.lock new file mode 100644 index 0000000..88ab73f --- /dev/null +++ b/containers/emerald/flake.lock @@ -0,0 +1,27 @@ +{ + "nodes": { + "nixpkgs": { + "locked": { + "lastModified": 1773282481, + "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/containers/emerald/flake.nix b/containers/emerald/flake.nix new file mode 100644 index 0000000..d9fe5d0 --- /dev/null +++ b/containers/emerald/flake.nix @@ -0,0 +1,57 @@ +{ + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + }; + outputs = { nixpkgs, ... }: + let + name = "emerald"; + fqdn = "navia.lava.moe"; + shareFqdn = "share.navia.lava.moe"; + subnetId = "5"; + + subnet = x: "fd0d:1::${subnetId}:${toString x}"; + host = subnet 1; + client = subnet 2; + + modules = [ + ./configuration.nix + ]; + in { + nixosConfigurations.container = nixpkgs.lib.nixosSystem { + inherit modules; + }; + nixosModule = { ... }: { + services.nginx.virtualHosts."${fqdn}" = { + useACMEHost = "lava.moe"; + forceSSL = true; + locations."/".proxyPass = "http://[${client}]:4533"; + listenAddresses = [ "10.0.0.1" "[fd0d::1]" ]; + }; + services.nginx.virtualHosts."${shareFqdn}" = { + useACMEHost = "lava.moe"; + forceSSL = true; + locations."/".proxyPass = "http://[${client}]:4533/share"; + }; + + systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ]; + containers.${name} = { + autoStart = true; + privateNetwork = true; + hostAddress6 = host; + localAddress6 = client; + # privateUsers = "pick"; + nixpkgs = nixpkgs; + ephemeral = true; + config = { imports = modules; }; + specialArgs = { inherit fqdn shareFqdn; }; + + bindMounts."persist" = { + hostPath = "/persist/containers/${name}"; + mountPoint = "/persist"; + isReadOnly = false; + }; + # flake = "path:" + ./.; + }; + }; + }; +} diff --git a/flake.lock b/flake.lock index 5215cc5..305fddb 100644 --- a/flake.lock +++ b/flake.lock @@ -100,6 +100,20 @@ }, "parent": [] }, + "c-emerald": { + "inputs": { + "nixpkgs": "nixpkgs_8" + }, + "locked": { + "path": "./containers/emerald", + "type": "path" + }, + "original": { + "path": "./containers/emerald", + "type": "path" + }, + "parent": [] + }, "catppuccin": { "inputs": { "nixpkgs": "nixpkgs_5" @@ -505,7 +519,7 @@ "nix-gaming": { "inputs": { "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs_8" + "nixpkgs": "nixpkgs_9" }, "locked": { "lastModified": 1770778188, @@ -589,6 +603,22 @@ } }, "nixpkgs_10": { + "locked": { + "lastModified": 1770562336, + "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d6c71932130818840fc8fe9509cf50be8c64634f", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_11": { "locked": { "lastModified": 1770019141, "narHash": "sha256-VKS4ZLNx4PNrABoB0L8KUpc1fE7CLpQXQs985tGfaCU=", @@ -701,6 +731,22 @@ } }, "nixpkgs_8": { + "locked": { + "lastModified": 1773282481, + "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_9": { "locked": { "lastModified": 1770537093, "narHash": "sha256-pF1quXG5wsgtyuPOHcLfYg/ft/QMr8NnX0i6tW2187s=", @@ -716,22 +762,6 @@ "type": "github" } }, - "nixpkgs_9": { - "locked": { - "lastModified": 1770562336, - "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "d6c71932130818840fc8fe9509cf50be8c64634f", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nuscht-search": { "inputs": { "flake-utils": "flake-utils", @@ -774,7 +804,7 @@ "pastel": { "inputs": { "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs_10", + "nixpkgs": "nixpkgs_11", "pnpm2nix": "pnpm2nix" }, "locked": { @@ -838,6 +868,7 @@ "c-beryllium": "c-beryllium", "c-citrine": "c-citrine", "c-diamond": "c-diamond", + "c-emerald": "c-emerald", "catppuccin": "catppuccin_2", "catppuccin-palette": "catppuccin-palette", "fast-syntax-highlighting": "fast-syntax-highlighting", @@ -846,7 +877,7 @@ "neovim-nightly": "neovim-nightly", "nix-gaming": "nix-gaming", "nix-index-database": "nix-index-database", - "nixpkgs": "nixpkgs_9", + "nixpkgs": "nixpkgs_10", "nvim-treesitter": "nvim-treesitter", "pastel": "pastel", "pure": "pure", diff --git a/flake.nix b/flake.nix index db68cbd..3746d08 100644 --- a/flake.nix +++ b/flake.nix @@ -42,6 +42,7 @@ c-beryllium.url = "path:./containers/beryllium"; c-citrine.url = "path:./containers/citrine"; c-diamond.url = "path:./containers/diamond"; + c-emerald.url = "path:./containers/emerald"; }; outputs = { self, agenix, catppuccin, nixpkgs, ... } @ inputs: From 8cf7c1815e104dd0acc94936c750dc62a84540fb Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Tue, 17 Mar 2026 18:57:18 +1100 Subject: [PATCH 183/301] containers/emerald: enable sharing --- containers/emerald/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/containers/emerald/configuration.nix b/containers/emerald/configuration.nix index ca7a920..b2500a4 100644 --- a/containers/emerald/configuration.nix +++ b/containers/emerald/configuration.nix @@ -14,6 +14,7 @@ Address = "[::]"; BaseUrl = "https://${fqdn}/"; ShareURL = shareFqdn; + EnableSharing = true; DataFolder = "/persist/navidrome"; MusicFolder = "/persist/music"; }; From 75c7e7b193e154adb7528e7ac7efa4ce5be81479 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Tue, 17 Mar 2026 18:58:49 +1100 Subject: [PATCH 184/301] hosts/dandelion: add emerald --- hosts/dandelion/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/dandelion/default.nix b/hosts/dandelion/default.nix index e7c332a..5174cc7 100644 --- a/hosts/dandelion/default.nix +++ b/hosts/dandelion/default.nix @@ -28,6 +28,7 @@ inputs.c-beryllium.nixosModule inputs.c-citrine.nixosModule inputs.c-diamond.nixosModule + inputs.c-emerald.nixosModule ./filesystem.nix ./kernel.nix From 4aaeefa97a219c1c886027d478c4bdb82fc5467a Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Tue, 17 Mar 2026 23:43:23 +1100 Subject: [PATCH 185/301] containers/emerald: use alternative share fqdn insane, ssl cert extra domains' wildcard only goes one level deep --- containers/emerald/flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/emerald/flake.nix b/containers/emerald/flake.nix index d9fe5d0..69a66f0 100644 --- a/containers/emerald/flake.nix +++ b/containers/emerald/flake.nix @@ -6,7 +6,7 @@ let name = "emerald"; fqdn = "navia.lava.moe"; - shareFqdn = "share.navia.lava.moe"; + shareFqdn = "muse.lava.moe"; subnetId = "5"; subnet = x: "fd0d:1::${subnetId}:${toString x}"; From ccafbd8ae06146885c4163e0049a7091e0a415b7 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 18 Mar 2026 00:07:52 +1100 Subject: [PATCH 186/301] containers/emerald: use correct shareurl format navidrome always add /share at the end :( --- containers/emerald/configuration.nix | 2 +- containers/emerald/flake.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/containers/emerald/configuration.nix b/containers/emerald/configuration.nix index b2500a4..68b06fa 100644 --- a/containers/emerald/configuration.nix +++ b/containers/emerald/configuration.nix @@ -13,7 +13,7 @@ Port = 4533; Address = "[::]"; BaseUrl = "https://${fqdn}/"; - ShareURL = shareFqdn; + ShareURL = "https://${shareFqdn}"; EnableSharing = true; DataFolder = "/persist/navidrome"; MusicFolder = "/persist/music"; diff --git a/containers/emerald/flake.nix b/containers/emerald/flake.nix index 69a66f0..315194d 100644 --- a/containers/emerald/flake.nix +++ b/containers/emerald/flake.nix @@ -30,7 +30,7 @@ services.nginx.virtualHosts."${shareFqdn}" = { useACMEHost = "lava.moe"; forceSSL = true; - locations."/".proxyPass = "http://[${client}]:4533/share"; + locations."/".proxyPass = "http://[${client}]:4533"; }; systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ]; From 52fbdfe8cfcba27d033d0b459b8682799ccddff8 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 18 Mar 2026 01:11:20 +1100 Subject: [PATCH 187/301] containers/emerald: only allow urls under /share --- containers/emerald/flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/emerald/flake.nix b/containers/emerald/flake.nix index 315194d..6447bf2 100644 --- a/containers/emerald/flake.nix +++ b/containers/emerald/flake.nix @@ -30,7 +30,7 @@ services.nginx.virtualHosts."${shareFqdn}" = { useACMEHost = "lava.moe"; forceSSL = true; - locations."/".proxyPass = "http://[${client}]:4533"; + locations."/share/".proxyPass = "http://[${client}]:4533"; }; systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ]; From 68ae736c2cc2c582007e0cf14009a98475e135f1 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 18 Mar 2026 01:22:07 +1100 Subject: [PATCH 188/301] containers/emerald: return 404 on / --- containers/emerald/flake.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/containers/emerald/flake.nix b/containers/emerald/flake.nix index 6447bf2..276dba4 100644 --- a/containers/emerald/flake.nix +++ b/containers/emerald/flake.nix @@ -30,6 +30,7 @@ services.nginx.virtualHosts."${shareFqdn}" = { useACMEHost = "lava.moe"; forceSSL = true; + locations."/".return = "404"; locations."/share/".proxyPass = "http://[${client}]:4533"; }; From d3ab0012225fc21f2ee877c76a0d125283c7ee14 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 18 Mar 2026 01:52:34 +1100 Subject: [PATCH 189/301] containers/fluorite: init --- containers/fluorite/configuration.nix | 16 +++++++ containers/fluorite/flake.lock | 27 ++++++++++++ containers/fluorite/flake.nix | 62 +++++++++++++++++++++++++++ flake.lock | 47 ++++++++++++++++---- flake.nix | 1 + 5 files changed, 145 insertions(+), 8 deletions(-) create mode 100644 containers/fluorite/configuration.nix create mode 100644 containers/fluorite/flake.lock create mode 100644 containers/fluorite/flake.nix diff --git a/containers/fluorite/configuration.nix b/containers/fluorite/configuration.nix new file mode 100644 index 0000000..09dd485 --- /dev/null +++ b/containers/fluorite/configuration.nix @@ -0,0 +1,16 @@ +{ ... }: { + system.stateVersion = "25.11"; + systemd.tmpfiles.rules = [ + "d /persist/slskd/Downloads 755 slskd slskd" + ]; + networking.firewall.allowedTCPPorts = [ 5030 50300 ]; + networking.firewall.allowedUDPPorts = [ 5030 50300 ]; + + services.slskd = { + enable = true; + settings = { + directories.downloads = "/persist/slskd/Downloads"; + shares.downloads = "/binds/shared/"; + }; + }; +} diff --git a/containers/fluorite/flake.lock b/containers/fluorite/flake.lock new file mode 100644 index 0000000..88ab73f --- /dev/null +++ b/containers/fluorite/flake.lock @@ -0,0 +1,27 @@ +{ + "nodes": { + "nixpkgs": { + "locked": { + "lastModified": 1773282481, + "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/containers/fluorite/flake.nix b/containers/fluorite/flake.nix new file mode 100644 index 0000000..a589f7c --- /dev/null +++ b/containers/fluorite/flake.nix @@ -0,0 +1,62 @@ +{ + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + }; + outputs = { nixpkgs, ... }: + let + name = "fluorite"; + fqdn = "fluorite.lava.moe"; + subnetId = "6"; + + subnet = x: "fd0d:1::${subnetId}:${toString x}"; + host = subnet 1; + client = subnet 2; + + subnet4 = x: "10.30.${subnetId}.${toString x}"; + host4 = subnet4 1; + client4 = subnet4 2; + + modules = [ + ./configuration.nix + ]; + in { + nixosConfigurations.container = nixpkgs.lib.nixosSystem { + inherit modules; + }; + nixosModule = { ... }: { + services.nginx.virtualHosts."${fqdn}" = { + useACMEHost = "lava.moe"; + forceSSL = true; + locations."/".proxyPass = "http://[${client}]:5030"; + listenAddresses = [ "10.0.0.1" "[fd0d::1]" ]; + }; + + systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ]; + containers.${name} = { + autoStart = true; + privateNetwork = true; + hostAddress = host4; + localAddress = client4; + hostAddress6 = host; + localAddress6 = client; + # privateUsers = "pick"; + nixpkgs = nixpkgs; + ephemeral = true; + config = { imports = modules; }; + specialArgs = { inherit fqdn; }; + + bindMounts."persist" = { + hostPath = "/persist/containers/${name}"; + mountPoint = "/persist"; + isReadOnly = false; + }; + bindMounts."shared" = { + hostPath = "/persist/media/music"; + mountPoint = "/binds/shared"; + isReadOnly = true; + }; + # flake = "path:" + ./.; + }; + }; + }; +} diff --git a/flake.lock b/flake.lock index 305fddb..2bd4720 100644 --- a/flake.lock +++ b/flake.lock @@ -114,6 +114,20 @@ }, "parent": [] }, + "c-fluorite": { + "inputs": { + "nixpkgs": "nixpkgs_9" + }, + "locked": { + "path": "./containers/fluorite", + "type": "path" + }, + "original": { + "path": "./containers/fluorite", + "type": "path" + }, + "parent": [] + }, "catppuccin": { "inputs": { "nixpkgs": "nixpkgs_5" @@ -519,7 +533,7 @@ "nix-gaming": { "inputs": { "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs_9" + "nixpkgs": "nixpkgs_10" }, "locked": { "lastModified": 1770778188, @@ -603,6 +617,22 @@ } }, "nixpkgs_10": { + "locked": { + "lastModified": 1770537093, + "narHash": "sha256-pF1quXG5wsgtyuPOHcLfYg/ft/QMr8NnX0i6tW2187s=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "fef9403a3e4d31b0a23f0bacebbec52c248fbb51", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_11": { "locked": { "lastModified": 1770562336, "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", @@ -618,7 +648,7 @@ "type": "github" } }, - "nixpkgs_11": { + "nixpkgs_12": { "locked": { "lastModified": 1770019141, "narHash": "sha256-VKS4ZLNx4PNrABoB0L8KUpc1fE7CLpQXQs985tGfaCU=", @@ -748,16 +778,16 @@ }, "nixpkgs_9": { "locked": { - "lastModified": 1770537093, - "narHash": "sha256-pF1quXG5wsgtyuPOHcLfYg/ft/QMr8NnX0i6tW2187s=", + "lastModified": 1773282481, + "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fef9403a3e4d31b0a23f0bacebbec52c248fbb51", + "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixpkgs-unstable", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } @@ -804,7 +834,7 @@ "pastel": { "inputs": { "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs_11", + "nixpkgs": "nixpkgs_12", "pnpm2nix": "pnpm2nix" }, "locked": { @@ -869,6 +899,7 @@ "c-citrine": "c-citrine", "c-diamond": "c-diamond", "c-emerald": "c-emerald", + "c-fluorite": "c-fluorite", "catppuccin": "catppuccin_2", "catppuccin-palette": "catppuccin-palette", "fast-syntax-highlighting": "fast-syntax-highlighting", @@ -877,7 +908,7 @@ "neovim-nightly": "neovim-nightly", "nix-gaming": "nix-gaming", "nix-index-database": "nix-index-database", - "nixpkgs": "nixpkgs_10", + "nixpkgs": "nixpkgs_11", "nvim-treesitter": "nvim-treesitter", "pastel": "pastel", "pure": "pure", diff --git a/flake.nix b/flake.nix index 3746d08..8b91291 100644 --- a/flake.nix +++ b/flake.nix @@ -43,6 +43,7 @@ c-citrine.url = "path:./containers/citrine"; c-diamond.url = "path:./containers/diamond"; c-emerald.url = "path:./containers/emerald"; + c-fluorite.url = "path:./containers/fluorite"; }; outputs = { self, agenix, catppuccin, nixpkgs, ... } @ inputs: From 3419ab4b775ddedfc5e7c3255ab930a0e28bf8b0 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 18 Mar 2026 01:55:53 +1100 Subject: [PATCH 190/301] containers/fluorite: set domain to null --- containers/fluorite/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/containers/fluorite/configuration.nix b/containers/fluorite/configuration.nix index 09dd485..3bfa0a6 100644 --- a/containers/fluorite/configuration.nix +++ b/containers/fluorite/configuration.nix @@ -8,6 +8,7 @@ services.slskd = { enable = true; + domain = null; settings = { directories.downloads = "/persist/slskd/Downloads"; shares.downloads = "/binds/shared/"; From dd076fab3c7f6ced8ec508f42e01541ff22c317b Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 18 Mar 2026 02:09:54 +1100 Subject: [PATCH 191/301] containers/fluorite: setup env file --- containers/fluorite/configuration.nix | 1 + containers/fluorite/flake.nix | 7 ++++++- hosts/anemone/default.nix | 1 + secrets.nix | 1 + secrets/slskd_env.age | Bin 0 -> 538 bytes 5 files changed, 9 insertions(+), 1 deletion(-) create mode 100644 secrets/slskd_env.age diff --git a/containers/fluorite/configuration.nix b/containers/fluorite/configuration.nix index 3bfa0a6..1163397 100644 --- a/containers/fluorite/configuration.nix +++ b/containers/fluorite/configuration.nix @@ -9,6 +9,7 @@ services.slskd = { enable = true; domain = null; + environmentFile = "/binds/slskd_env"; settings = { directories.downloads = "/persist/slskd/Downloads"; shares.downloads = "/binds/shared/"; diff --git a/containers/fluorite/flake.nix b/containers/fluorite/flake.nix index a589f7c..b6cdd49 100644 --- a/containers/fluorite/flake.nix +++ b/containers/fluorite/flake.nix @@ -23,7 +23,7 @@ nixosConfigurations.container = nixpkgs.lib.nixosSystem { inherit modules; }; - nixosModule = { ... }: { + nixosModule = { config, ... }: { services.nginx.virtualHosts."${fqdn}" = { useACMEHost = "lava.moe"; forceSSL = true; @@ -55,6 +55,11 @@ mountPoint = "/binds/shared"; isReadOnly = true; }; + bindMounts."slskd_env" = { + hostPath = config.age.secrets.slskd_env.path; + mountPoint = "/binds/slskd_env"; + isReadOnly = true; + }; # flake = "path:" + ./.; }; }; diff --git a/hosts/anemone/default.nix b/hosts/anemone/default.nix index aa4c81b..858a33b 100644 --- a/hosts/anemone/default.nix +++ b/hosts/anemone/default.nix @@ -5,6 +5,7 @@ nixpkgs.overlays = [ inputs.neovim-nightly.overlays.default ]; age.secrets = { + slskd_env.file = ../../secrets/slskd_env.age; wg_anemone.file = ../../secrets/wg_anemone.age; passwd.file = ../../secrets/passwd.age; }; diff --git a/secrets.nix b/secrets.nix index 4fc6c4a..bab8c08 100644 --- a/secrets.nix +++ b/secrets.nix @@ -10,6 +10,7 @@ in { "secrets/wpa_conf.age".publicKeys = [ blossom rin ]; "secrets/acme_dns.age".publicKeys = [ dandelion hazel rin ]; + "secrets/slskd_env.age".publicKeys = [ anemone dandelion rin ]; "secrets/warden_admin.age".publicKeys = [ rin ]; "secrets/wg_anemone.age".publicKeys = [ anemone rin ]; "secrets/wg_dandelion.age".publicKeys = [ dandelion rin ]; diff --git a/secrets/slskd_env.age b/secrets/slskd_env.age new file mode 100644 index 0000000000000000000000000000000000000000..f0cb208351ddb960afc68d46a8c5485f4f9fb93e GIT binary patch literal 538 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCU7&!`M8aa8cCEYJ4v zEy~GtHp&Z2cdV*1k1{PyE;sNhPD;#AF)k>|EO0I}PE9S#%je2=^9v0LsdUTB3Meru ziOMOe(hm(wHqXi{C^RrEh|CnDafrbHBiCVt)SR2&o|1_Cnu?_ zsLU)--yT^*gM3y z$|caUs5CLxC@9b`%fd8A-@+icBpcnfP)oOnoOFe#U<*r&2!kXygOqZYpipD82&d9i z14m=$%p~n{Z{P3`zluYzp!=Q};2x-V2$`Z;UxCR=MT81`M|xK*;lq<+rF@+n6@9y|WL`I?W*v$De0 z1^qlv>J!yZFMhN}Y^zS(ty5NKkH?9MPnogb_~fNmw<7;c+55$zXUg}xWubi&U$=)9 F0|2Y6#d-h$ literal 0 HcmV?d00001 From 4932dad23f3f627f127796630d33354b00745b75 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 18 Mar 2026 02:12:41 +1100 Subject: [PATCH 192/301] containers/fluorite: ensure music folder exists --- containers/fluorite/flake.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/containers/fluorite/flake.nix b/containers/fluorite/flake.nix index b6cdd49..6a0116b 100644 --- a/containers/fluorite/flake.nix +++ b/containers/fluorite/flake.nix @@ -31,7 +31,10 @@ listenAddresses = [ "10.0.0.1" "[fd0d::1]" ]; }; - systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ]; + systemd.tmpfiles.rules = [ + "d /persist/containers/${name} 755 root users" + "d /persist/media/music 075 nobody users" + ]; containers.${name} = { autoStart = true; privateNetwork = true; From 215e017cd3d8da92887cb467cc98d62aacf87037 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 18 Mar 2026 02:20:08 +1100 Subject: [PATCH 193/301] containers/fluorite: use correct share directory config name oops tehee --- containers/fluorite/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/fluorite/configuration.nix b/containers/fluorite/configuration.nix index 1163397..14e39ff 100644 --- a/containers/fluorite/configuration.nix +++ b/containers/fluorite/configuration.nix @@ -12,7 +12,7 @@ environmentFile = "/binds/slskd_env"; settings = { directories.downloads = "/persist/slskd/Downloads"; - shares.downloads = "/binds/shared/"; + shares.directories = [ "/binds/shared/" ]; }; }; } From b3ffc41b76a0dc7faf6915666c2815b296e7dc97 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 18 Mar 2026 02:25:27 +1100 Subject: [PATCH 194/301] containers/fluorite: provide internet access --- containers/fluorite/flake.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/containers/fluorite/flake.nix b/containers/fluorite/flake.nix index 6a0116b..2fac909 100644 --- a/containers/fluorite/flake.nix +++ b/containers/fluorite/flake.nix @@ -24,6 +24,12 @@ inherit modules; }; nixosModule = { config, ... }: { + networking.nat = { + enable = true; + enableIPv6 = true; + internalInterfaces = [ "ve-${name}" ]; + }; + services.nginx.virtualHosts."${fqdn}" = { useACMEHost = "lava.moe"; forceSSL = true; From 48db46051dcf37dc49012dfb977d8ed7b468ac79 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 18 Mar 2026 02:59:12 +1100 Subject: [PATCH 195/301] containers/emerald: enable ipv4 and provide internet access --- containers/emerald/flake.nix | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/containers/emerald/flake.nix b/containers/emerald/flake.nix index 276dba4..d8578fc 100644 --- a/containers/emerald/flake.nix +++ b/containers/emerald/flake.nix @@ -13,6 +13,10 @@ host = subnet 1; client = subnet 2; + subnet4 = x: "10.30.${subnetId}.${toString x}"; + host4 = subnet4 1; + client4 = subnet4 2; + modules = [ ./configuration.nix ]; @@ -21,6 +25,12 @@ inherit modules; }; nixosModule = { ... }: { + networking.nat = { + enable = true; + enableIPv6 = true; + internalInterfaces = [ "ve-${name}" ]; + }; + services.nginx.virtualHosts."${fqdn}" = { useACMEHost = "lava.moe"; forceSSL = true; @@ -38,6 +48,8 @@ containers.${name} = { autoStart = true; privateNetwork = true; + hostAddress = host4; + localAddress = client4; hostAddress6 = host; localAddress6 = client; # privateUsers = "pick"; From 7d479007d99fb7b790e52158d1d07f7bb43c7e0f Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 18 Mar 2026 03:08:18 +1100 Subject: [PATCH 196/301] containers/emerald: add navidrome env for lastfm and spotify --- containers/emerald/configuration.nix | 1 + containers/emerald/flake.nix | 7 ++++++- hosts/dandelion/default.nix | 1 + secrets.nix | 1 + secrets/navidrome_env.age | Bin 0 -> 630 bytes 5 files changed, 9 insertions(+), 1 deletion(-) create mode 100644 secrets/navidrome_env.age diff --git a/containers/emerald/configuration.nix b/containers/emerald/configuration.nix index 68b06fa..e3f8c57 100644 --- a/containers/emerald/configuration.nix +++ b/containers/emerald/configuration.nix @@ -9,6 +9,7 @@ services.navidrome = { enable = true; + environmentFile = "/binds/navidrome_env"; settings = { Port = 4533; Address = "[::]"; diff --git a/containers/emerald/flake.nix b/containers/emerald/flake.nix index d8578fc..80f6dac 100644 --- a/containers/emerald/flake.nix +++ b/containers/emerald/flake.nix @@ -24,7 +24,7 @@ nixosConfigurations.container = nixpkgs.lib.nixosSystem { inherit modules; }; - nixosModule = { ... }: { + nixosModule = { config, ... }: { networking.nat = { enable = true; enableIPv6 = true; @@ -63,6 +63,11 @@ mountPoint = "/persist"; isReadOnly = false; }; + bindMounts."navidrome_env" = { + hostPath = config.age.secrets.navidrome_env.path; + mountPoint = "/binds/navidrome_env"; + isReadOnly = true; + }; # flake = "path:" + ./.; }; }; diff --git a/hosts/dandelion/default.nix b/hosts/dandelion/default.nix index 5174cc7..58a0b80 100644 --- a/hosts/dandelion/default.nix +++ b/hosts/dandelion/default.nix @@ -5,6 +5,7 @@ age.secrets = { acme_dns.file = ../../secrets/acme_dns.age; + navidrome_env.file = ../../secrets/navidrome_env.age; wg_dandelion.file = ../../secrets/wg_dandelion.age; }; diff --git a/secrets.nix b/secrets.nix index bab8c08..b2d0d0e 100644 --- a/secrets.nix +++ b/secrets.nix @@ -10,6 +10,7 @@ in { "secrets/wpa_conf.age".publicKeys = [ blossom rin ]; "secrets/acme_dns.age".publicKeys = [ dandelion hazel rin ]; + "secrets/navidrome_env.age".publicKeys = [ anemone dandelion rin ]; "secrets/slskd_env.age".publicKeys = [ anemone dandelion rin ]; "secrets/warden_admin.age".publicKeys = [ rin ]; "secrets/wg_anemone.age".publicKeys = [ anemone rin ]; diff --git a/secrets/navidrome_env.age b/secrets/navidrome_env.age new file mode 100644 index 0000000000000000000000000000000000000000..6cb705c5d12523d7e403ecd2736ad062cc9756fe GIT binary patch literal 630 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCU7&!`M8aa0KO_ASdR zFLTZ>%y$h5$PW$)&5rUbP7e*q4smZDafrbHBiAa)H6IN(b3VUqQE8D zJu+M@Qje`NQ>}_d=syJ?5%V2Uq65L z+%<;phGojs^_|)w>B1*=GYG5O{FhSYc|85sgEfVx`CMb&g!c#RihTWeN3K4PDX&4q z$6eR<-+OGC7ZG|QH2?J9KlYb2+YK(Ioc^_-jfBY|AI7{w~uH)nq>3`2e+Ahq{p0N0X#+Kysg;R~<+l4#%FEQmc ypShYQ9`#3<#qYo0^Z5PR3}2s1-?BZQ`hJCU{jaarEM`=4rt5r7N!FRuR0RN&X85cC literal 0 HcmV?d00001 From 465ec6f2fc6fa970247ca0877e448299c51a7a99 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 18 Mar 2026 03:10:34 +1100 Subject: [PATCH 197/301] hosts/dandelion: add fluorite --- hosts/anemone/default.nix | 1 - hosts/dandelion/default.nix | 2 ++ 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/hosts/anemone/default.nix b/hosts/anemone/default.nix index 858a33b..aa4c81b 100644 --- a/hosts/anemone/default.nix +++ b/hosts/anemone/default.nix @@ -5,7 +5,6 @@ nixpkgs.overlays = [ inputs.neovim-nightly.overlays.default ]; age.secrets = { - slskd_env.file = ../../secrets/slskd_env.age; wg_anemone.file = ../../secrets/wg_anemone.age; passwd.file = ../../secrets/passwd.age; }; diff --git a/hosts/dandelion/default.nix b/hosts/dandelion/default.nix index 58a0b80..92e53be 100644 --- a/hosts/dandelion/default.nix +++ b/hosts/dandelion/default.nix @@ -6,6 +6,7 @@ age.secrets = { acme_dns.file = ../../secrets/acme_dns.age; navidrome_env.file = ../../secrets/navidrome_env.age; + slskd_env.file = ../../secrets/slskd_env.age; wg_dandelion.file = ../../secrets/wg_dandelion.age; }; @@ -30,6 +31,7 @@ inputs.c-citrine.nixosModule inputs.c-diamond.nixosModule inputs.c-emerald.nixosModule + inputs.c-fluorite.nixosModule ./filesystem.nix ./kernel.nix From ecdd594a1bd30357c79f4402429be70d618c8d0f Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 18 Mar 2026 03:14:59 +1100 Subject: [PATCH 198/301] containers/{emerald,fluorite}: fix dns --- containers/emerald/flake.nix | 4 ++++ containers/fluorite/flake.nix | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/containers/emerald/flake.nix b/containers/emerald/flake.nix index 80f6dac..2b3b483 100644 --- a/containers/emerald/flake.nix +++ b/containers/emerald/flake.nix @@ -19,6 +19,10 @@ modules = [ ./configuration.nix + { + networking.useHostResolvConf = false; + networking.nameservers = [ host ]; + } ]; in { nixosConfigurations.container = nixpkgs.lib.nixosSystem { diff --git a/containers/fluorite/flake.nix b/containers/fluorite/flake.nix index 2fac909..3205815 100644 --- a/containers/fluorite/flake.nix +++ b/containers/fluorite/flake.nix @@ -18,6 +18,10 @@ modules = [ ./configuration.nix + { + networking.useHostResolvConf = false; + networking.nameservers = [ host ]; + } ]; in { nixosConfigurations.container = nixpkgs.lib.nixosSystem { From de7402576dd10317d34fd54c84b54d566b543de9 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 18 Mar 2026 03:25:06 +1100 Subject: [PATCH 199/301] secrets/slskd_env: update --- secrets/slskd_env.age | Bin 538 -> 534 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/secrets/slskd_env.age b/secrets/slskd_env.age index f0cb208351ddb960afc68d46a8c5485f4f9fb93e..6c4a42e51010cb8559104ccba60a246deaa160cf 100644 GIT binary patch delta 481 zcmbQmGL2<|PJL*ZXJS}!NP)Shd6i$FMTNh!Q2N`muW;fmxZ~ffq7Y~xu?5{d#ImtzP3STL1?O}bC79TzGb+1xvy!8cDb)tQIL=8 z#E;_jAyNKe;Ra!OC8=&H$=<2ng%y?Ajy_ds+C~;-S;e8H&d%W>1!Z}uej&bGo(4{Z zB?j&WZn*)T$vN77>1HWzd1i)A;X&!Xp~2?4emUNesqXGZX2JPfy1KdwCFzNVuC77l zRmPFYhHjQ#C7CV;`jLr|X4(10ZXTf_mD%p~j+L3^W|5BhT!jy{gtjw3_dY+x>FfKp zSKGtF&t6=3E3Rkb6NMSm+7IkoI9nvbbMrN~>C+n4ZatT&E0kjD;pf@6RbDr&E=DDD zw#o|e=g#voD{s6os`Y5q*Wdl_hqT+5os4^xZ~t0i&>VMSTH^1nN&M>4u0}`nZ!Qtt cSJlHcD^cM7s#D6nkLU6}*cR-0Q|8uV0Q0r8j{pDw delta 485 zcmbQnGK*z`PQ6!UdA5gdQBJP2QC?WOV^x)Tlxb;lxq(-4Qeu9JaY0dLfpeL0YHC?t zK3BGzUuZ~3rCVNBK#5UFR8CQqerQ;-c~)LQp@CsRlzwhdrHP+oj(M4sg9;bez}&~Nq+t&k$EP8X3iE|y1Kdwg^7M9E}7nG zfjRj>1^zCsm7bw#mKKi1Ste;t#-?R~8K%bdky+lBZpFEtT>9bOIdf+Rr?5`*+I=hi z&QxVqn=`Ye^)G68rG0aqmoC%vu4!&!*g4_ko95L)jV{i2dO~$ysIK&L*5FOH)?hH~ zyUKB^WQR%poR8&Gj($9L{CV>=AD3rkg{=$vd7jiKs-Ir`XpPubow!@4tj->f6BVB_ gW54mqOCqmsMgEzx_lrZ%l<#-TLi;AZZVxL40FvLfSO5S3 From 5eef477e0b6230e0a2b7977ab245ac78fb1d7bef Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 18 Mar 2026 03:43:35 +1100 Subject: [PATCH 200/301] containers/fluorite: forward ports --- containers/fluorite/flake.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/containers/fluorite/flake.nix b/containers/fluorite/flake.nix index 3205815..7acbc55 100644 --- a/containers/fluorite/flake.nix +++ b/containers/fluorite/flake.nix @@ -33,6 +33,7 @@ enableIPv6 = true; internalInterfaces = [ "ve-${name}" ]; }; + networking.firewall.allowedTCPPorts = [ 50300 ]; services.nginx.virtualHosts."${fqdn}" = { useACMEHost = "lava.moe"; @@ -58,6 +59,14 @@ config = { imports = modules; }; specialArgs = { inherit fqdn; }; + forwardPorts = [ + { + containerPort = 50300; + hostPort = 50300; + protocol = "tcp"; + } + ]; + bindMounts."persist" = { hostPath = "/persist/containers/${name}"; mountPoint = "/persist"; From 3381630a7ad9098f700e75a9805c96d945275886 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 18 Mar 2026 03:45:26 +1100 Subject: [PATCH 201/301] containers/emerald: bind music media dir --- containers/emerald/configuration.nix | 3 +-- containers/emerald/flake.nix | 5 +++++ 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/containers/emerald/configuration.nix b/containers/emerald/configuration.nix index e3f8c57..f69a4c6 100644 --- a/containers/emerald/configuration.nix +++ b/containers/emerald/configuration.nix @@ -1,7 +1,6 @@ { fqdn, shareFqdn, ... }: { system.stateVersion = "25.11"; systemd.tmpfiles.rules = [ - "d /persist/music 755 navidrome navidrome" "d /persist/navidrome 755 navidrome navidrome" ]; networking.firewall.allowedTCPPorts = [ 4533 ]; @@ -17,7 +16,7 @@ ShareURL = "https://${shareFqdn}"; EnableSharing = true; DataFolder = "/persist/navidrome"; - MusicFolder = "/persist/music"; + MusicFolder = "/binds/music"; }; }; } diff --git a/containers/emerald/flake.nix b/containers/emerald/flake.nix index 2b3b483..5ecf768 100644 --- a/containers/emerald/flake.nix +++ b/containers/emerald/flake.nix @@ -67,6 +67,11 @@ mountPoint = "/persist"; isReadOnly = false; }; + bindMounts."music" = { + hostPath = "/persist/media/music"; + mountPoint = "/binds/music"; + isReadOnly = true; + }; bindMounts."navidrome_env" = { hostPath = config.age.secrets.navidrome_env.path; mountPoint = "/binds/navidrome_env"; From 3a612d3e90279c75e214806febc56897c88e6b27 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 18 Mar 2026 20:11:21 +1100 Subject: [PATCH 202/301] containers/diamond: remove stray templates --- .../templates/base/footer_content.tmpl | 31 ------------------- containers/diamond/templates/home.tmpl | 19 ------------ 2 files changed, 50 deletions(-) delete mode 100644 containers/diamond/templates/base/footer_content.tmpl delete mode 100644 containers/diamond/templates/home.tmpl diff --git a/containers/diamond/templates/base/footer_content.tmpl b/containers/diamond/templates/base/footer_content.tmpl deleted file mode 100644 index a9238c3..0000000 --- a/containers/diamond/templates/base/footer_content.tmpl +++ /dev/null @@ -1,31 +0,0 @@ -
- -
-
- {{svg "octicon-globe" 14}} {{ctx.Locale.LangName}} -
- {{range .AllLangs}} - {{.Name}} - {{end}} -
-
- {{ctx.Locale.Tr "licenses"}} - {{if .EnableSwagger}}API{{end}} - {{template "custom/extra_links_footer" .}} -
-
diff --git a/containers/diamond/templates/home.tmpl b/containers/diamond/templates/home.tmpl deleted file mode 100644 index d460caf..0000000 --- a/containers/diamond/templates/home.tmpl +++ /dev/null @@ -1,19 +0,0 @@ -{{template "base/head" .}} -{{if not .IsSigned}} - -{{end}} -
-
-
- -
-

- {{AppDisplayName}} -

-

{{ctx.Locale.Tr "startpage.app_desc"}}

-
-
-
- {{template "home_forgejo" .}} -
-{{template "base/footer" .}} From c9c6ef4a167af9c120a0f185c2e22412aeb35c09 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 18 Mar 2026 20:21:33 +1100 Subject: [PATCH 203/301] rin/packages: add feishin --- users/rin/packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/users/rin/packages.nix b/users/rin/packages.nix index 77e8a2e..93608e1 100644 --- a/users/rin/packages.nix +++ b/users/rin/packages.nix @@ -31,6 +31,7 @@ in { evince eww feh + feishin file-roller gamescope gimp3 From 3e56c780dd7b1524790aaee961012b6161caf71a Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 18 Mar 2026 20:43:04 +1100 Subject: [PATCH 204/301] services/website: redirect cdn.lava.moe to sh.lava.moe --- modules/services/website.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/modules/services/website.nix b/modules/services/website.nix index 2ef679b..3fba609 100644 --- a/modules/services/website.nix +++ b/modules/services/website.nix @@ -18,6 +18,13 @@ in { root = inputs.website.outPath; }; "cdn.lava.moe" = { + useACMEHost = "lava.moe"; + forceSSL = true; + extraConfig = '' + return 301 https://sh.lava.moe$request_uri; + ''; + }; + "sh.lava.moe" = { useACMEHost = "lava.moe"; forceSSL = true; root = "/persist/cdn"; From 36a161d1df1f5ea914a338f4cc3375272e10f59a Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 18 Mar 2026 21:39:02 +1100 Subject: [PATCH 205/301] containers/fluorite: store all data --- containers/fluorite/configuration.nix | 8 ++++++-- containers/fluorite/flake.nix | 4 ++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/containers/fluorite/configuration.nix b/containers/fluorite/configuration.nix index 14e39ff..9fcb5f5 100644 --- a/containers/fluorite/configuration.nix +++ b/containers/fluorite/configuration.nix @@ -3,6 +3,11 @@ systemd.tmpfiles.rules = [ "d /persist/slskd/Downloads 755 slskd slskd" ]; + fileSystems."/var/lib/slskd" = { + device = "/persist/slskd"; + fsType = "none"; + options = [ "bind" ]; + }; networking.firewall.allowedTCPPorts = [ 5030 50300 ]; networking.firewall.allowedUDPPorts = [ 5030 50300 ]; @@ -11,8 +16,7 @@ domain = null; environmentFile = "/binds/slskd_env"; settings = { - directories.downloads = "/persist/slskd/Downloads"; - shares.directories = [ "/binds/shared/" ]; + shares.directories = [ "/binds/music/" ]; }; }; } diff --git a/containers/fluorite/flake.nix b/containers/fluorite/flake.nix index 7acbc55..c49e63b 100644 --- a/containers/fluorite/flake.nix +++ b/containers/fluorite/flake.nix @@ -72,9 +72,9 @@ mountPoint = "/persist"; isReadOnly = false; }; - bindMounts."shared" = { + bindMounts."music" = { hostPath = "/persist/media/music"; - mountPoint = "/binds/shared"; + mountPoint = "/binds/music"; isReadOnly = true; }; bindMounts."slskd_env" = { From 6c7393228e842cd24d7df8e1ab5695e305a5a24c Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 18 Mar 2026 21:54:43 +1100 Subject: [PATCH 206/301] containers/fluorite: add description and picture --- containers/fluorite/configuration.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/containers/fluorite/configuration.nix b/containers/fluorite/configuration.nix index 9fcb5f5..f1acc93 100644 --- a/containers/fluorite/configuration.nix +++ b/containers/fluorite/configuration.nix @@ -17,6 +17,8 @@ environmentFile = "/binds/slskd_env"; settings = { shares.directories = [ "/binds/music/" ]; + soulseek.description = "🌸 | sv.sl@lava.moe | slskd"; + soulseek.picture = "/var/lib/slskd/picture.gif"; }; }; } From b06c78285004660477f17f18f3f9e8ade41939f3 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 18 Mar 2026 22:08:23 +1100 Subject: [PATCH 207/301] containers/fluorite: use png picture --- containers/fluorite/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/fluorite/configuration.nix b/containers/fluorite/configuration.nix index f1acc93..2dce952 100644 --- a/containers/fluorite/configuration.nix +++ b/containers/fluorite/configuration.nix @@ -18,7 +18,7 @@ settings = { shares.directories = [ "/binds/music/" ]; soulseek.description = "🌸 | sv.sl@lava.moe | slskd"; - soulseek.picture = "/var/lib/slskd/picture.gif"; + soulseek.picture = "/var/lib/slskd/picture.png"; }; }; } From 2d15fb3a5e216e8787ce5252591de959ee938ff4 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 18 Mar 2026 22:09:04 +1100 Subject: [PATCH 208/301] containers/fluorite: use jpg picture --- containers/fluorite/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/fluorite/configuration.nix b/containers/fluorite/configuration.nix index 2dce952..c83eb25 100644 --- a/containers/fluorite/configuration.nix +++ b/containers/fluorite/configuration.nix @@ -18,7 +18,7 @@ settings = { shares.directories = [ "/binds/music/" ]; soulseek.description = "🌸 | sv.sl@lava.moe | slskd"; - soulseek.picture = "/var/lib/slskd/picture.png"; + soulseek.picture = "/var/lib/slskd/picture.jpg"; }; }; } From f8312bc6f26c5f17094c202d7782c730b8fb74bf Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Thu, 19 Mar 2026 20:42:32 +1100 Subject: [PATCH 209/301] user/neovim-minimal: fix treesitter errors --- res/config-minimal.lua | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/res/config-minimal.lua b/res/config-minimal.lua index f941c9e..c2d3f06 100644 --- a/res/config-minimal.lua +++ b/res/config-minimal.lua @@ -1,5 +1,5 @@ -- Keybindings -local map = vim.api.nvim_set_keymap +local map = vim.keymap.set map('n', '', 'h', { noremap = true }) map('n', '', 'j', { noremap = true }) map('n', '', 'k', { noremap = true }) @@ -18,6 +18,7 @@ vim.opt.number = true vim.opt.cursorline = true vim.opt.signcolumn = "yes:3" vim.opt.title = true +vim.opt.termguicolors = true vim.opt.updatetime = 0 vim.opt.clipboard:prepend('unnamedplus') @@ -47,7 +48,7 @@ vim.g.signify_sign_change = vim.g.signify_sign_add vim.g.signify_sign_change_delete = vim.g.signify_sign_delete -- Plugins -require('nvim-treesitter.configs').setup { +require('nvim-treesitter').setup { highlight = { enable = true }, indent = { enable = false } } From d8c016e933fd885bac2295c69200c5caf3b41231 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Mon, 23 Mar 2026 02:38:48 +1100 Subject: [PATCH 210/301] containers/fluorite: move desc and pic to secrets --- containers/fluorite/configuration.nix | 2 -- secrets/slskd_env.age | Bin 534 -> 853 bytes 2 files changed, 2 deletions(-) diff --git a/containers/fluorite/configuration.nix b/containers/fluorite/configuration.nix index c83eb25..9fcb5f5 100644 --- a/containers/fluorite/configuration.nix +++ b/containers/fluorite/configuration.nix @@ -17,8 +17,6 @@ environmentFile = "/binds/slskd_env"; settings = { shares.directories = [ "/binds/music/" ]; - soulseek.description = "🌸 | sv.sl@lava.moe | slskd"; - soulseek.picture = "/var/lib/slskd/picture.jpg"; }; }; } diff --git a/secrets/slskd_env.age b/secrets/slskd_env.age index 6c4a42e51010cb8559104ccba60a246deaa160cf..7515e1fe0856de4165a345ca9d18941d86466845 100644 GIT binary patch delta 802 zcmbQna+Pg@PJND%L5jOig-c~px{0@;V|YY?V}5y5QbBl`n@ggzv9o!pQF?}VXljaa zK3BeLNo8(9Ns(Kmd1|nKgr9#|dAMVuM@ou^sdi#iieF(^ikYida+E`9R#m=5#KEX-pAudT~*{)uZ83rj%rC9+crtSt@y1KdwJ}DJ>ffgP~ z-emzksh){d5#iYtX(ap9V`X;r?>Wvg`-oiQ*JPCw`&4#&{akq2 zZ}#+WUG?kv?Rms`{`Q}_$#HDEXwi-^?`w9hPq)`F>91^lyIi_`>xFrH*S_X@kharj z%gc$A-ly&<=5kymp44jd`G~j%|G!@K`-UQC^Af}g;@C9#oZeV*KK|kN=%K)7?)P7w ze!R%o*B6j}Aa}yXqe16hT#o#%w(`4Dy>n9WnVOHRRtyGA^_RY{aM+UfhMQr>|edy|_G~?!? zUCrUm+a4{`e80Kr*_`k82OsYe-g4x`Z=v_zPsIbj#ZM4@R`$w7CsD9%Cu<#h=t+O4 zO;*gx8|**Kdmp=!`IqXvz@s2N`muW;fmxZ~ffq7Y~xu?5{d#ImtzP3STL1?O}bC79TzGb+1xvy!8cDb)tQIL=8 z#E;_jAyNKe;Ra!OC8=&H$=<2ng%y?Ajy_ds+C~;-S;e8H&d%W>1!Z}uej&bGo(4{Z zB?j&WZn*)T$vN77>1HWzd1i)A;X&!Xp~2?4emUNesqXGZX2JPfy1KdwCFzNVuC77l zRmPFYhHjQ#C7CV;`jLr|X4(10ZXTf_mD%p~j+L3^W|5BhT!jy{gtjw3_dY+x>FfKp zSKGtF&t6=3E3Rkb6NMSm+7IkoI9nvbbMrN~>C+n4ZatT&E0kjD;pf@6RbDr&E=DDD zw#o|e=g#voD{s6os`Y5q*Wdl_hqT+5os4^xZ~t0i&>VMSTH^1nN&M>4u0}`nZ!Qtt cSJlHcD^cM7s#D6nkLU6}*cR-0Q|8uV0A^pa%m4rY From 9fd117c50ca903589d88595be790b9171b10dfa6 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Fri, 20 Mar 2026 22:08:19 +1100 Subject: [PATCH 211/301] rin/packages: add temurin-25 to prismlauncher --- users/rin/packages.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/users/rin/packages.nix b/users/rin/packages.nix index 93608e1..d29d22b 100644 --- a/users/rin/packages.nix +++ b/users/rin/packages.nix @@ -49,7 +49,12 @@ in { # inputs.nix-gaming.packages.x86_64-linux.wine-osu obsidian pavucontrol - prismlauncher + (prismlauncher.override { + jdks = [ + jdk21 + temurin-bin-25 + ]; + }) qbittorrent rivalcfg screenkey From 576fd7604f5b08c152d0d5960045913a31075400 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 20 Mar 2026 02:31:02 +0000 Subject: [PATCH 212/301] flake: bump inputs --- flake.lock | 176 ++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 119 insertions(+), 57 deletions(-) diff --git a/flake.lock b/flake.lock index 2bd4720..13fbf66 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1770327417, - "narHash": "sha256-WNS+wDUeqfegOXf5emDRnNs2bPiJ7rhdARo4jyd3+Yw=", + "lastModified": 1772290697, + "narHash": "sha256-MyLNx13P+pv1RszO1rMd3144NEeU/oU4iL+xOTpRoaU=", "owner": "ezKEa", "repo": "aagl-gtk-on-nix", - "rev": "26670347cca9feddb31e075d23b474149d8902e1", + "rev": "dcb53a4cb4cb09ef7f08328428ba559be5b9f01b", "type": "github" }, "original": { @@ -258,11 +258,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1761588595, - "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=", + "lastModified": 1767039857, + "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", "owner": "edolstra", "repo": "flake-compat", - "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5", + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", "type": "github" }, "original": { @@ -271,6 +271,22 @@ "type": "github" } }, + "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1767039857, + "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", + "owner": "NixOS", + "repo": "flake-compat", + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "flake-compat", + "type": "github" + } + }, "flake-parts": { "inputs": { "nixpkgs-lib": [ @@ -279,11 +295,11 @@ ] }, "locked": { - "lastModified": 1769996383, - "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=", + "lastModified": 1772408722, + "narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "57928607ea566b5db3ad13af0e57e921e6b12381", + "rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3", "type": "github" }, "original": { @@ -297,11 +313,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1769996383, - "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=", + "lastModified": 1772408722, + "narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "57928607ea566b5db3ad13af0e57e921e6b12381", + "rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3", "type": "github" }, "original": { @@ -364,6 +380,51 @@ "type": "github" } }, + "git-hooks": { + "inputs": { + "flake-compat": "flake-compat_2", + "gitignore": "gitignore", + "nixpkgs": [ + "nix-gaming", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1772893680, + "narHash": "sha256-JDqZMgxUTCq85ObSaFw0HhE+lvdOre1lx9iI6vYyOEs=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "8baab586afc9c9b57645a734c820e4ac0a604af9", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "nix-gaming", + "git-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -435,11 +496,11 @@ ] }, "locked": { - "lastModified": 1770818644, - "narHash": "sha256-DYS4jIRpRoKOzJjnR/QqEd/MlT4OZZpt8CrBLv+cjsE=", + "lastModified": 1773962693, + "narHash": "sha256-nf9pgktDE4E2TCavUT1vh3Nd/tfKixL1BK6P32Zp3hI=", "owner": "nix-community", "repo": "home-manager", - "rev": "0acbd1180697de56724821184ad2c3e6e7202cd7", + "rev": "9d3c1d636e7b8ab10f357cd9bee653cd400437de", "type": "github" }, "original": { @@ -479,11 +540,11 @@ "linux-tkg": { "flake": false, "locked": { - "lastModified": 1770607339, - "narHash": "sha256-/j7IEdwbaaN4SGKAl5gE3vRdKIdIw8f7RNMrM9Lc28M=", + "lastModified": 1773696903, + "narHash": "sha256-OkKN/5waWcPNqq/9tWsR9q4oxSJeMCyeBl1RQGctq9Q=", "owner": "Frogging-Family", "repo": "linux-tkg", - "rev": "9498fb9bc0c3323d1c291667d8cb16cb2a37bcee", + "rev": "e4eabe3978f0e6ed967e5d969487f9335af8062f", "type": "github" }, "original": { @@ -501,11 +562,11 @@ ] }, "locked": { - "lastModified": 1770857573, - "narHash": "sha256-pSeFA1qRAdivDrrKoybJ1DOcbkXx2v/ExIc6n0DbT4U=", + "lastModified": 1773965157, + "narHash": "sha256-u6Ceko/AQ30asd/P68Y7gD0x3LtsjiPwC31TlwVnsac=", "owner": "nix-community", "repo": "neovim-nightly-overlay", - "rev": "31e79c73c444b2e51eb34f2305792809839c58e8", + "rev": "7e711c5abd3b0ca9c0038606edeee6bcf09b055c", "type": "github" }, "original": { @@ -517,11 +578,11 @@ "neovim-src": { "flake": false, "locked": { - "lastModified": 1770810897, - "narHash": "sha256-6F/Z/UQxalaSoqewSQ4fL8zSws3Vy4wgA5DgyTaeqTo=", + "lastModified": 1773942472, + "narHash": "sha256-VRtGTA4WWgrVrjZg+XrnRgMcbAa0EkYkWV5Wcn76/0g=", "owner": "neovim", "repo": "neovim", - "rev": "6b4ec2264e1d8ba027b85f3883d532c5068be92a", + "rev": "06befe1e348bf540bb04a8c0cafe116616e71715", "type": "github" }, "original": { @@ -533,14 +594,15 @@ "nix-gaming": { "inputs": { "flake-parts": "flake-parts_2", + "git-hooks": "git-hooks", "nixpkgs": "nixpkgs_10" }, "locked": { - "lastModified": 1770778188, - "narHash": "sha256-KZHPn3L6veRgRwOyfhaeM5ZTJfpkoY9EICIzUcQn4w8=", + "lastModified": 1773888274, + "narHash": "sha256-PujDYvxi8Hbm/EB706mi+UWRRzoBaAVhpJREH13Gepg=", "owner": "fufexan", "repo": "nix-gaming", - "rev": "59e3b8189047bc591635645d2c682020c13eeac5", + "rev": "6e734655941171e75e64511c7c643f854753f52e", "type": "github" }, "original": { @@ -571,11 +633,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1764242076, - "narHash": "sha256-sKoIWfnijJ0+9e4wRvIgm/HgE27bzwQxcEmo2J/gNpI=", + "lastModified": 1770841267, + "narHash": "sha256-9xejG0KoqsoKEGp2kVbXRlEYtFFcDTHjidiuX8hGO44=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2fad6eac6077f03fe109c4d4eb171cf96791faa4", + "rev": "ec7c70d12ce2fc37cb92aff673dcdca89d187bae", "type": "github" }, "original": { @@ -587,11 +649,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1769909678, - "narHash": "sha256-cBEymOf4/o3FD5AZnzC3J9hLbiZ+QDT/KDuyHXVJOpM=", + "lastModified": 1772328832, + "narHash": "sha256-e+/T/pmEkLP6BHhYjx6GmwP5ivonQQn0bJdH9YrRB+Q=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "72716169fe93074c333e8d0173151350670b824c", + "rev": "c185c7a5e5dd8f9add5b2f8ebeff00888b070742", "type": "github" }, "original": { @@ -618,11 +680,11 @@ }, "nixpkgs_10": { "locked": { - "lastModified": 1770537093, - "narHash": "sha256-pF1quXG5wsgtyuPOHcLfYg/ft/QMr8NnX0i6tW2187s=", + "lastModified": 1773507054, + "narHash": "sha256-Q8U5VXgrcxmCxPtCCJCIZkcAX3FCZwGh1GNVIXxMND0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fef9403a3e4d31b0a23f0bacebbec52c248fbb51", + "rev": "e80236013dc8b77aa49ca90e7a12d86f5d8d64c9", "type": "github" }, "original": { @@ -634,11 +696,11 @@ }, "nixpkgs_11": { "locked": { - "lastModified": 1770562336, - "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", + "lastModified": 1773821835, + "narHash": "sha256-TJ3lSQtW0E2JrznGVm8hOQGVpXjJyXY2guAxku2O9A4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d6c71932130818840fc8fe9509cf50be8c64634f", + "rev": "b40629efe5d6ec48dd1efba650c797ddbd39ace0", "type": "github" }, "original": { @@ -818,11 +880,11 @@ "nvim-treesitter": { "flake": false, "locked": { - "lastModified": 1770808440, - "narHash": "sha256-paM9v2DKiHEwN0fTXuX9eY0KwVsB+9Bv6mOX9u/eyAI=", + "lastModified": 1773768003, + "narHash": "sha256-lQMRGqObOxoESWDD8+RSZAKmevVXzHS3IipBthvi3To=", "owner": "nvim-treesitter", "repo": "nvim-treesitter", - "rev": "9f2dad22ef8bb14fd1e0a3aa8859cdc88170668b", + "rev": "2b50ab5ccbcd9e5708deb351308edd738adbf84c", "type": "github" }, "original": { @@ -927,11 +989,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1764470739, - "narHash": "sha256-sa9f81B1dWO16QtgDTWHX8DQbiHKzHndpaunY5EQtwE=", + "lastModified": 1770952264, + "narHash": "sha256-CjymNrJZWBtpavyuTkfPVPaZkwzIzGaf0E/3WgcwM14=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "3bfa664055e1a09c6aedab5533c5fc8d6ca5741a", + "rev": "ec6a3d5cdf14bb5a1dd03652bd3f6351004d2188", "type": "github" }, "original": { @@ -948,11 +1010,11 @@ "systems": "systems_5" }, "locked": { - "lastModified": 1770846656, - "narHash": "sha256-wdYpo8++TqKp3GdRgLFykjuIVW1m9GlUnxID2FG74cE=", + "lastModified": 1773619901, + "narHash": "sha256-Br8CQy4ht+a2OxyzaRwuP5+oIFfoRvCxYgsmdrgid40=", "owner": "Gerg-L", "repo": "spicetify-nix", - "rev": "40e65cfc4608402674e1efaac3fccce20d2a72d3", + "rev": "6f06ff05cd536b790b7662550a10b61a1ac4619e", "type": "github" }, "original": { @@ -964,11 +1026,11 @@ "spotify-adblock": { "flake": false, "locked": { - "lastModified": 1739206126, + "lastModified": 1773417310, "narHash": "sha256-nwiX2wCZBKRTNPhmrurWQWISQdxgomdNwcIKG2kSQsE=", "owner": "abba23", "repo": "spotify-adblock", - "rev": "8e0312d6085a6e4f9afeb7c2457517a75e8b8f9d", + "rev": "813d3451c53126bf1941baaf8dd37f1152c3f412", "type": "github" }, "original": { @@ -980,11 +1042,11 @@ "stevenblack-hosts": { "flake": false, "locked": { - "lastModified": 1770244988, - "narHash": "sha256-DT9HK9iYTmXUfjKcTxLRMZOeCLb9CAoFEpBiDpEku3g=", + "lastModified": 1773769816, + "narHash": "sha256-OSN3K2lSag5aA58UmfI1JMvmksuEVwlT7TOeBOsEmX8=", "owner": "StevenBlack", "repo": "hosts", - "rev": "7ea67ed353b27e1dbe36363074d1b6c3ca6be46b", + "rev": "5090055e2d36e9fc5539551656e1d8107a84ad7e", "type": "github" }, "original": { @@ -1120,11 +1182,11 @@ "zsh-abbr": { "flake": false, "locked": { - "lastModified": 1770748719, - "narHash": "sha256-RvdMEk1bQ/mCbcTneg8mMJJh6j60km0/wchBBQQ+Ugo=", + "lastModified": 1773890443, + "narHash": "sha256-SVuwDeHIBg8yArKGzDEfsG3fz0UwABQoJkyKTQAPUiw=", "ref": "refs/heads/main", - "rev": "2de4a08c5e0d9dbe8447e11e0a177b59b5b6d6ea", - "revCount": 1137, + "rev": "889f4772c12b9dbe4965bbd56f2572af0a28fa3b", + "revCount": 1139, "submodules": true, "type": "git", "url": "https://github.com/olets/zsh-abbr" From 2239c1cc6496843c079fdfeeb3624d0b362735ce Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 20 Mar 2026 02:31:05 +0000 Subject: [PATCH 213/301] packages/linux-lava: bump to 6.19.9 --- packages/linux-lava/sources.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/linux-lava/sources.nix b/packages/linux-lava/sources.nix index dc198a6..dd2f171 100644 --- a/packages/linux-lava/sources.nix +++ b/packages/linux-lava/sources.nix @@ -1,8 +1,8 @@ { fetchFromGitHub, inputs, lib }: let - version = "6.19"; + version = "6.19.9"; kernelHash = "0mqka8ii7bvmx9hvfjdiyva9ib0j7m390gxhh8gki3qb4nl7jc1h"; - kernelPatchHash = "0w36sxwwhfqpc1if9d52rg0g1k20xjl2cairlyiyk10ns17mjxlb"; + kernelPatchHash = "19pwgvifkadsgfsx3w29mi0ks2vwwk88gw4jsya1gjy0jfk1h6qr"; mm = lib.versions.majorMinor version; hasPatch = (builtins.length (builtins.splitVersion version)) == 3; From d11d080c946853d24f36d9ca832c293d32a5f921 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Fri, 20 Mar 2026 22:43:04 +1100 Subject: [PATCH 214/301] system/packages-gui: move light to brightnessctl in home --- modules/system/packages-gui.nix | 1 - modules/user/hypridle.nix | 12 ++++++------ users/rin/packages.nix | 1 + 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/modules/system/packages-gui.nix b/modules/system/packages-gui.nix index 77eb510..d853c40 100644 --- a/modules/system/packages-gui.nix +++ b/modules/system/packages-gui.nix @@ -10,7 +10,6 @@ libva-vdpau-driver libvdpau-va-gl ]; - programs.light.enable = true; hardware.opentabletdriver.enable = true; hardware.keyboard.qmk.enable = true; programs.steam = { diff --git a/modules/user/hypridle.nix b/modules/user/hypridle.nix index 68203b1..af7af86 100644 --- a/modules/user/hypridle.nix +++ b/modules/user/hypridle.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: let - kblight = "light -s sysfs/leds/${config.me.kbBacklightDevice}"; + kblight = "brightnessctl -d ${config.me.kbBacklightDevice}"; in { home.packages = [ config.services.hypridle.package ]; @@ -16,18 +16,18 @@ in listener = lib.optionals (config.me.kbBacklightDevice != null) [ { timeout = 120; - on-timeout = "${kblight} -O && ${kblight} -S 0"; - on-resume = "${kblight} -I"; + on-timeout = "${kblight} -s && ${kblight} 0"; + on-resume = "${kblight} -r"; } ] ++ [ { timeout = 150; - on-timeout = "light -O && light -T 0.5"; - on-resume = "light -I"; + on-timeout = "brightnessctl -s && brightnessctl 50%-"; + on-resume = "brightnessctl -r"; } { timeout = 180; - on-timeout = "light -I && loginctl lock-session"; + on-timeout = "brightnessctl -r && loginctl lock-session"; } { timeout = 195; diff --git a/users/rin/packages.nix b/users/rin/packages.nix index d29d22b..c2569c7 100644 --- a/users/rin/packages.nix +++ b/users/rin/packages.nix @@ -26,6 +26,7 @@ in { nodePackages_latest.pnpm ] ++ lib.optionals config.me.gui [ android-studio + brightnessctl drawio element-desktop evince From e303fee58d98dcf0056153068d011b42ece25f02 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Mon, 6 Apr 2026 23:16:57 +1000 Subject: [PATCH 215/301] system/wireguard: change port to 51801 --- modules/system/wireguard.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/wireguard.nix b/modules/system/wireguard.nix index dbc8938..bdfe900 100644 --- a/modules/system/wireguard.nix +++ b/modules/system/wireguard.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, gcSecrets, ... }: let - port = 123; + port = 51801; serverName = "dandelion"; serverInterface = "enp0s6"; serverIp = gcSecrets.wireguard.gateway; From 087ed1c323b1f26824858e29df96363d0a69e87a Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sat, 18 Apr 2026 15:10:44 +1000 Subject: [PATCH 216/301] user/neovim: fix logs opening on tex save --- res/config.lua | 1 + 1 file changed, 1 insertion(+) diff --git a/res/config.lua b/res/config.lua index ef10504..5d205d7 100644 --- a/res/config.lua +++ b/res/config.lua @@ -51,6 +51,7 @@ vim.g.signify_sign_change_delete = vim.g.signify_sign_delete -- VimTeX vim.g.vimtex_view_method = "zathura" +vim.g.vimtex_quickfix_open_on_warning = 0 -- Theming vim.api.nvim_command("syntax enable") From 27ba1aaede433225bfc9ad429e76c53c6f865860 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 26 Apr 2026 15:47:39 +1000 Subject: [PATCH 217/301] anemone/networking: switch to iwd --- hosts/anemone/networking.nix | 17 +---------------- 1 file changed, 1 insertion(+), 16 deletions(-) diff --git a/hosts/anemone/networking.nix b/hosts/anemone/networking.nix index 18c0d87..f5a4dc5 100644 --- a/hosts/anemone/networking.nix +++ b/hosts/anemone/networking.nix @@ -1,19 +1,4 @@ { config, ... }: { - networking = { - #nameservers = [ "8.8.8.8" "8.8.4.4" ]; - - #wg-quick.interfaces.wg0.configFile = "/persist/vpn.conf"; - wireless.enableHardening = false; - - networkmanager = { - enable = true; - #dns = "none"; - }; - - extraHosts = '' - 192.168.100.16 hyacinth - ''; - }; - + networking.wireless.iwd.enable = true; environment.etc."NetworkManager/system-connections".source = "/persist/nm_system-connections"; } From 75e0c8f6acefa8d98d5581a3e2d2de9813aee82f Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Sun, 10 May 2026 03:42:00 +0000 Subject: [PATCH 218/301] flake: bump inputs --- flake.lock | 173 +++++++++++++++++++++++++---------------------------- 1 file changed, 80 insertions(+), 93 deletions(-) diff --git a/flake.lock b/flake.lock index 13fbf66..d6070b9 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1772290697, - "narHash": "sha256-MyLNx13P+pv1RszO1rMd3144NEeU/oU4iL+xOTpRoaU=", + "lastModified": 1777475243, + "narHash": "sha256-EiCeDGJewyWq2Mtdt5m8qyo/W5PXVUCacLuZJ/diBQ8=", "owner": "ezKEa", "repo": "aagl-gtk-on-nix", - "rev": "dcb53a4cb4cb09ef7f08328428ba559be5b9f01b", + "rev": "12e7b06163456e4c3685ee83b8fdc277fe03bdc8", "type": "github" }, "original": { @@ -45,7 +45,7 @@ }, "c-amethyst": { "inputs": { - "nixpkgs": "nixpkgs_3" + "nixpkgs": "nixpkgs_2" }, "locked": { "path": "./containers/amethyst", @@ -59,7 +59,7 @@ }, "c-beryllium": { "inputs": { - "nixpkgs": "nixpkgs_4" + "nixpkgs": "nixpkgs_3" }, "locked": { "path": "./containers/beryllium", @@ -74,7 +74,7 @@ "c-citrine": { "inputs": { "catppuccin": "catppuccin", - "nixpkgs": "nixpkgs_6" + "nixpkgs": "nixpkgs_5" }, "locked": { "path": "./containers/citrine", @@ -88,7 +88,7 @@ }, "c-diamond": { "inputs": { - "nixpkgs": "nixpkgs_7" + "nixpkgs": "nixpkgs_6" }, "locked": { "path": "./containers/diamond", @@ -102,7 +102,7 @@ }, "c-emerald": { "inputs": { - "nixpkgs": "nixpkgs_8" + "nixpkgs": "nixpkgs_7" }, "locked": { "path": "./containers/emerald", @@ -116,7 +116,7 @@ }, "c-fluorite": { "inputs": { - "nixpkgs": "nixpkgs_9" + "nixpkgs": "nixpkgs_8" }, "locked": { "path": "./containers/fluorite", @@ -130,7 +130,7 @@ }, "catppuccin": { "inputs": { - "nixpkgs": "nixpkgs_5" + "nixpkgs": "nixpkgs_4" }, "locked": { "lastModified": 1773403535, @@ -149,11 +149,11 @@ "catppuccin-palette": { "flake": false, "locked": { - "lastModified": 1742245182, - "narHash": "sha256-R52Q1FVAclvBk7xNgj/Jl+GPCIbORNf6YbJ1nxH3Gzs=", + "lastModified": 1774131488, + "narHash": "sha256-hsy+GhuM4MSjnwGq1YJSLBFIbVm67SSdPRgObP00mxw=", "owner": "catppuccin", "repo": "palette", - "rev": "0df7db6fe201b437d91e7288fa22807bb0e44701", + "rev": "07d02aa110ef9eb7e7427afca5c73ba9cf7f8ebd", "type": "github" }, "original": { @@ -295,11 +295,11 @@ ] }, "locked": { - "lastModified": 1772408722, - "narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=", + "lastModified": 1777988971, + "narHash": "sha256-qIoWPDs+0/8JecyYgE3gpKQxW/4bLW/gp45vow9ioCQ=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3", + "rev": "0678d8986be1661af6bb555f3489f2fdfc31f6ff", "type": "github" }, "original": { @@ -313,11 +313,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1772408722, - "narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=", + "lastModified": 1777988971, + "narHash": "sha256-qIoWPDs+0/8JecyYgE3gpKQxW/4bLW/gp45vow9ioCQ=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3", + "rev": "0678d8986be1661af6bb555f3489f2fdfc31f6ff", "type": "github" }, "original": { @@ -390,11 +390,11 @@ ] }, "locked": { - "lastModified": 1772893680, - "narHash": "sha256-JDqZMgxUTCq85ObSaFw0HhE+lvdOre1lx9iI6vYyOEs=", + "lastModified": 1776796298, + "narHash": "sha256-PcRvlWayisPSjd0UcRQbhG8Oqw78AcPE6x872cPRHN8=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "8baab586afc9c9b57645a734c820e4ac0a604af9", + "rev": "3cfd774b0a530725a077e17354fbdb87ea1c4aad", "type": "github" }, "original": { @@ -496,11 +496,11 @@ ] }, "locked": { - "lastModified": 1773962693, - "narHash": "sha256-nf9pgktDE4E2TCavUT1vh3Nd/tfKixL1BK6P32Zp3hI=", + "lastModified": 1778365864, + "narHash": "sha256-ImoT/wqmgMImf2dAC+E0MverAdA4QXsedOeES9B7Ezw=", "owner": "nix-community", "repo": "home-manager", - "rev": "9d3c1d636e7b8ab10f357cd9bee653cd400437de", + "rev": "2f419037039a152448c5f4ae9494154753d1b399", "type": "github" }, "original": { @@ -540,11 +540,11 @@ "linux-tkg": { "flake": false, "locked": { - "lastModified": 1773696903, - "narHash": "sha256-OkKN/5waWcPNqq/9tWsR9q4oxSJeMCyeBl1RQGctq9Q=", + "lastModified": 1778301982, + "narHash": "sha256-M8a1VqhhI3Ii0KFY4n1UdzUIFwZbET+G464cCb5ye5U=", "owner": "Frogging-Family", "repo": "linux-tkg", - "rev": "e4eabe3978f0e6ed967e5d969487f9335af8062f", + "rev": "d20b99557a90663a016f741398098d4d7b3ad119", "type": "github" }, "original": { @@ -562,11 +562,11 @@ ] }, "locked": { - "lastModified": 1773965157, - "narHash": "sha256-u6Ceko/AQ30asd/P68Y7gD0x3LtsjiPwC31TlwVnsac=", + "lastModified": 1778371477, + "narHash": "sha256-sVlZeFIds47ABfBbAmBLexCFnkE1GIBTNGjAMRh+BfA=", "owner": "nix-community", "repo": "neovim-nightly-overlay", - "rev": "7e711c5abd3b0ca9c0038606edeee6bcf09b055c", + "rev": "b9ee678fadf59b3c998e180d62f4cee0641d21d9", "type": "github" }, "original": { @@ -578,11 +578,11 @@ "neovim-src": { "flake": false, "locked": { - "lastModified": 1773942472, - "narHash": "sha256-VRtGTA4WWgrVrjZg+XrnRgMcbAa0EkYkWV5Wcn76/0g=", + "lastModified": 1778321961, + "narHash": "sha256-lrPZ0C+uixk+6jx+maWM998GZaj4lAuicAz/dZHFNBk=", "owner": "neovim", "repo": "neovim", - "rev": "06befe1e348bf540bb04a8c0cafe116616e71715", + "rev": "b44c2bdd16226f6caa5324d91f1ae9781ffdc12b", "type": "github" }, "original": { @@ -595,14 +595,14 @@ "inputs": { "flake-parts": "flake-parts_2", "git-hooks": "git-hooks", - "nixpkgs": "nixpkgs_10" + "nixpkgs": "nixpkgs_9" }, "locked": { - "lastModified": 1773888274, - "narHash": "sha256-PujDYvxi8Hbm/EB706mi+UWRRzoBaAVhpJREH13Gepg=", + "lastModified": 1778384395, + "narHash": "sha256-ymn6ivl8RbUK8oevC+aRQ3IY3cB3Jg0dCv7LR5XSBVo=", "owner": "fufexan", "repo": "nix-gaming", - "rev": "6e734655941171e75e64511c7c643f854753f52e", + "rev": "8368f981774ee25774d016e810d426891174a993", "type": "github" }, "original": { @@ -618,11 +618,11 @@ ] }, "locked": { - "lastModified": 1773552174, - "narHash": "sha256-mHSRNrT1rjeYBgkAlj07dW3+1nFEgAd8Gu6lgyfT9DU=", + "lastModified": 1778240325, + "narHash": "sha256-d2HIS7LpfI0lgxiXCXLjxrHl3eIdNvAVexOu0xiM488=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "8faeb68130df077450451b6734a221ba0d6cde42", + "rev": "dd2d0e3f6ba00af01b9498f5697173bdc2524bee", "type": "github" }, "original": { @@ -649,11 +649,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1772328832, - "narHash": "sha256-e+/T/pmEkLP6BHhYjx6GmwP5ivonQQn0bJdH9YrRB+Q=", + "lastModified": 1777168982, + "narHash": "sha256-GOkGPcboWE9BmGCRMLX3worL4EMnsnG8MyKmXNeYuhQ=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "c185c7a5e5dd8f9add5b2f8ebeff00888b070742", + "rev": "f5901329dade4a6ea039af1433fb087bd9c1fe14", "type": "github" }, "original": { @@ -680,27 +680,11 @@ }, "nixpkgs_10": { "locked": { - "lastModified": 1773507054, - "narHash": "sha256-Q8U5VXgrcxmCxPtCCJCIZkcAX3FCZwGh1GNVIXxMND0=", + "lastModified": 1777954456, + "narHash": "sha256-hGdgeU2Nk87RAuZyYjyDjFL6LK7dAZN5RE9+hrDTkDU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e80236013dc8b77aa49ca90e7a12d86f5d8d64c9", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_11": { - "locked": { - "lastModified": 1773821835, - "narHash": "sha256-TJ3lSQtW0E2JrznGVm8hOQGVpXjJyXY2guAxku2O9A4=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "b40629efe5d6ec48dd1efba650c797ddbd39ace0", + "rev": "549bd84d6279f9852cae6225e372cc67fb91a4c1", "type": "github" }, "original": { @@ -710,7 +694,7 @@ "type": "github" } }, - "nixpkgs_12": { + "nixpkgs_11": { "locked": { "lastModified": 1770019141, "narHash": "sha256-VKS4ZLNx4PNrABoB0L8KUpc1fE7CLpQXQs985tGfaCU=", @@ -728,16 +712,16 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1744536153, - "narHash": "sha256-awS2zRgF4uTwrOKwwiJcByDzDOdo3Q1rPZbiHQg/N38=", + "lastModified": 1773282481, + "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "18dd725c29603f582cf1900e0d25f9f1063dbf11", + "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixpkgs-unstable", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } @@ -760,11 +744,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1773282481, - "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=", + "lastModified": 1773122722, + "narHash": "sha256-FIqHByVqxCprNjor1NqF80F2QQoiiyqanNNefdlvOg4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127", + "rev": "62dc67aa6a52b4364dd75994ec00b51fbf474e50", "type": "github" }, "original": { @@ -776,11 +760,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1773122722, - "narHash": "sha256-FIqHByVqxCprNjor1NqF80F2QQoiiyqanNNefdlvOg4=", + "lastModified": 1773282481, + "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "62dc67aa6a52b4364dd75994ec00b51fbf474e50", + "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127", "type": "github" }, "original": { @@ -840,16 +824,16 @@ }, "nixpkgs_9": { "locked": { - "lastModified": 1773282481, - "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=", + "lastModified": 1778274207, + "narHash": "sha256-I4puXmX1iovcCHZlRmztO3vW0mAbbRvq4F8wgIMQ1MM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127", + "rev": "b3da656039dc7a6240f27b2ef8cc6a3ef3bccae7", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-unstable", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } @@ -880,11 +864,11 @@ "nvim-treesitter": { "flake": false, "locked": { - "lastModified": 1773768003, - "narHash": "sha256-lQMRGqObOxoESWDD8+RSZAKmevVXzHS3IipBthvi3To=", + "lastModified": 1775221900, + "narHash": "sha256-PQR6tFt4lCrAZNQG7BLMD1IiCKja9wDS1S4laGJf/HE=", "owner": "nvim-treesitter", "repo": "nvim-treesitter", - "rev": "2b50ab5ccbcd9e5708deb351308edd738adbf84c", + "rev": "4916d6592ede8c07973490d9322f187e07dfefac", "type": "github" }, "original": { @@ -896,15 +880,15 @@ "pastel": { "inputs": { "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs_12", + "nixpkgs": "nixpkgs_11", "pnpm2nix": "pnpm2nix" }, "locked": { - "lastModified": 1772103435, - "narHash": "sha256-dtsWJl+DBigaZlszH4UVI8JZltJl9O6MESDyH4RepNI=", + "lastModified": 1775622883, + "narHash": "sha256-2+7uCRXn+tn4LVaO7hLKPaezdKPW6HGvTr00aO4Tcxs=", "owner": "cillynder", "repo": "pastel", - "rev": "8e2b1b80d711eaf41c010949bef0a512db9e4452", + "rev": "46f6569d5ad41ec1256dbf999d21701f73d6077b", "type": "github" }, "original": { @@ -970,7 +954,7 @@ "neovim-nightly": "neovim-nightly", "nix-gaming": "nix-gaming", "nix-index-database": "nix-index-database", - "nixpkgs": "nixpkgs_11", + "nixpkgs": "nixpkgs_10", "nvim-treesitter": "nvim-treesitter", "pastel": "pastel", "pure": "pure", @@ -986,7 +970,10 @@ }, "rust-overlay": { "inputs": { - "nixpkgs": "nixpkgs_2" + "nixpkgs": [ + "aagl", + "nixpkgs" + ] }, "locked": { "lastModified": 1770952264, @@ -1010,11 +997,11 @@ "systems": "systems_5" }, "locked": { - "lastModified": 1773619901, - "narHash": "sha256-Br8CQy4ht+a2OxyzaRwuP5+oIFfoRvCxYgsmdrgid40=", + "lastModified": 1777789800, + "narHash": "sha256-XHCvLGu/bEEZRzXVKFu1i+2YB102Nr00n8e7xrzsfVs=", "owner": "Gerg-L", "repo": "spicetify-nix", - "rev": "6f06ff05cd536b790b7662550a10b61a1ac4619e", + "rev": "d0e921cc48aab6137d203a3eab19601dc2bdc0c3", "type": "github" }, "original": { @@ -1042,11 +1029,11 @@ "stevenblack-hosts": { "flake": false, "locked": { - "lastModified": 1773769816, - "narHash": "sha256-OSN3K2lSag5aA58UmfI1JMvmksuEVwlT7TOeBOsEmX8=", + "lastModified": 1778258800, + "narHash": "sha256-wTiDXFiBKV4M4jv1JrVLL/kkIyE1FK4qino07BYU5fc=", "owner": "StevenBlack", "repo": "hosts", - "rev": "5090055e2d36e9fc5539551656e1d8107a84ad7e", + "rev": "8ce06e1ed6f063d3d58cf9c980793415085f5d89", "type": "github" }, "original": { From 58d4b60f5b20662b49b28a16e4997268eb6897eb Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Sun, 10 May 2026 03:42:02 +0000 Subject: [PATCH 219/301] packages/linux-lava: bump to 7.0.5 --- packages/linux-lava/sources.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/linux-lava/sources.nix b/packages/linux-lava/sources.nix index dd2f171..c24fa57 100644 --- a/packages/linux-lava/sources.nix +++ b/packages/linux-lava/sources.nix @@ -1,8 +1,8 @@ { fetchFromGitHub, inputs, lib }: let - version = "6.19.9"; - kernelHash = "0mqka8ii7bvmx9hvfjdiyva9ib0j7m390gxhh8gki3qb4nl7jc1h"; - kernelPatchHash = "19pwgvifkadsgfsx3w29mi0ks2vwwk88gw4jsya1gjy0jfk1h6qr"; + version = "7.0.5"; + kernelHash = "1w4i705i0nl1xqv7fdhdbhy7j3xrzhl31fabs6vmgiw7nf06szxv"; + kernelPatchHash = "15a173sx7nw4qkp45f5ksnqd3a1flhpiq3zzsa6gzzcww433hm8d"; mm = lib.versions.majorMinor version; hasPatch = (builtins.length (builtins.splitVersion version)) == 3; From 575a0e96105da68be0c52e5bf20e71cc0c78d94b Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 10 May 2026 22:44:46 +1000 Subject: [PATCH 220/301] treewide: remove nodePackages --- modules/user/neovim.nix | 14 +++++++------- users/rin/packages.nix | 3 +-- 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/modules/user/neovim.nix b/modules/user/neovim.nix index 4dc4830..30ffac9 100644 --- a/modules/user/neovim.nix +++ b/modules/user/neovim.nix @@ -21,13 +21,13 @@ in { extraPackages = with pkgs; [ rust-analyzer texlab - nodePackages."@astrojs/language-server" - nodePackages."@tailwindcss/language-server" - nodePackages.diagnostic-languageserver - nodePackages.eslint_d - nodePackages.typescript-language-server - nodePackages.vscode-langservers-extracted - nodePackages.yaml-language-server + astro-language-server + tailwindcss-language-server + diagnostic-languageserver + eslint_d + typescript-language-server + vscode-langservers-extracted + yaml-language-server ]; plugins = with pkgs.vimPlugins; [ diff --git a/users/rin/packages.nix b/users/rin/packages.nix index c2569c7..8b15c60 100644 --- a/users/rin/packages.nix +++ b/users/rin/packages.nix @@ -18,12 +18,11 @@ in { nil nodejs_latest pamixer + pnpm qmk unrar weechat yt-dlp - - nodePackages_latest.pnpm ] ++ lib.optionals config.me.gui [ android-studio brightnessctl From 4c28a3eecbe91ca12be8559c68c17c9c11d7abf0 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Mon, 11 May 2026 01:05:27 +1000 Subject: [PATCH 221/301] overlays/openldap: skip failing checks for 32-bit --- overlays/default.nix | 1 + overlays/openldap.nix | 9 +++++++++ 2 files changed, 10 insertions(+) create mode 100644 overlays/openldap.nix diff --git a/overlays/default.nix b/overlays/default.nix index a84cba5..cbe3e7e 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -5,6 +5,7 @@ builtins.map (path: import path) [ ./eww.nix ./jetbrains.nix ./material-icons.nix + ./openldap.nix ./steam.nix ./utillinux.nix ./wpa-supplicant.nix diff --git a/overlays/openldap.nix b/overlays/openldap.nix new file mode 100644 index 0000000..f9b2b46 --- /dev/null +++ b/overlays/openldap.nix @@ -0,0 +1,9 @@ +self: super: { + # openldap i686 fails checks + # issue: https://github.com/NixOS/nixpkgs/issues/514113 + # workaround: https://github.com/NixOS/nixpkgs/issues/513245#issuecomment-4320293674 + # fix: https://github.com/NixOS/nixpkgs/pull/515956 + openldap = super.openldap.overrideAttrs { + doCheck = !self.stdenv.hostPlatform.isi686; + }; +} From cc43450dd1d9c57d236ccfaf3a5cbe9e72629ec4 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Thu, 28 May 2026 17:43:08 +1000 Subject: [PATCH 222/301] system/security: enable pam_u2f --- modules/system/security.nix | 32 ++++++++++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) diff --git a/modules/system/security.nix b/modules/system/security.nix index 602f108..3b4e8a7 100644 --- a/modules/system/security.nix +++ b/modules/system/security.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: { +{ config, lib, pkgs, ... }: { networking.firewall = let iptables = "${pkgs.iptables}/bin/iptables"; @@ -49,9 +49,37 @@ { groups = [ "wheel" ]; keepEnv = true; - persist = true; + persist = config.me.environment != "laptop"; } ]; }; + pam = lib.mkIf (config.me.environment != "headless") { + u2f = { + enable = true; + settings = { + cue = true; + pinverification = 1; + }; + }; + services.doas.rules.auth = { + u2f.settings.pinverification = lib.mkForce 0; + u2f_int = lib.mkMerge [ + { + enable = true; + order = config.security.pam.services.doas.rules.auth.u2f.order + 1; + control = "sufficient"; + modulePath = "${pkgs.pam_u2f}/lib/security/pam_u2f.so"; + inherit (config.security.pam.u2f) settings; + } + { + settings = lib.mkForce { + interactive = true; + pinverification = 0; + userpresence = 0; + }; + } + ]; + }; + }; }; } From 0f7393714f61cad82d1c99133416b300eb080331 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Thu, 28 May 2026 18:08:15 +1000 Subject: [PATCH 223/301] hosts/alyssum: init --- flake.nix | 1 + hosts/alyssum/default.nix | 28 ++++++++++++++++++++++++++++ hosts/alyssum/filesystem.nix | 34 ++++++++++++++++++++++++++++++++++ hosts/alyssum/kernel.nix | 10 ++++++++++ hosts/alyssum/networking.nix | 3 +++ hosts/alyssum/packages.nix | 14 ++++++++++++++ 6 files changed, 90 insertions(+) create mode 100644 hosts/alyssum/default.nix create mode 100644 hosts/alyssum/filesystem.nix create mode 100644 hosts/alyssum/kernel.nix create mode 100644 hosts/alyssum/networking.nix create mode 100644 hosts/alyssum/packages.nix diff --git a/flake.nix b/flake.nix index 8b91291..377e601 100644 --- a/flake.nix +++ b/flake.nix @@ -80,6 +80,7 @@ }; in { + nixosConfigurations."alyssum" = mkSystem nixpkgs "alyssum" "x86_64-linux" []; nixosConfigurations."anemone" = mkSystem nixpkgs "anemone" "x86_64-linux" []; nixosConfigurations."dandelion" = mkSystem nixpkgs "dandelion" "aarch64-linux" []; nixosConfigurations."hyacinth" = mkSystem nixpkgs "hyacinth" "x86_64-linux" []; diff --git a/hosts/alyssum/default.nix b/hosts/alyssum/default.nix new file mode 100644 index 0000000..5506e55 --- /dev/null +++ b/hosts/alyssum/default.nix @@ -0,0 +1,28 @@ +{ inputs, modules, modulesPath, ... }: { + networking.hostName = "alyssum"; + system.stateVersion = "25.11"; + time.timeZone = "Australia/Melbourne"; + + age.secrets = { + # acme_dns.file = ../../secrets/acme_dns.age; + }; + + imports = with modules.system; [ + (modulesPath + "/profiles/qemu-guest.nix") + home-manager + + base + kernel + nix-stable + packages + security + + ./filesystem.nix + ./kernel.nix + ./networking.nix + + ../../users/hana + ]; + + me.environment = "headless"; +} diff --git a/hosts/alyssum/filesystem.nix b/hosts/alyssum/filesystem.nix new file mode 100644 index 0000000..205106a --- /dev/null +++ b/hosts/alyssum/filesystem.nix @@ -0,0 +1,34 @@ +{ ... }: +let + bind = src: { + depends = [ "/nix" ]; + device = src; + fsType = "none"; + neededForBoot = true; + options = [ "bind" ]; + }; + + mkLabelMount = label: type: { + device = "/dev/disk/by-label/${label}"; + fsType = type; + options = [ "defaults" "relatime" ]; + }; + mkBtrfsMount = name: subvol: atime: mkLabelMount name "btrfs" // { + options = [ "autodefrag" "compress=zstd:3" "defaults" "discard=async" "space_cache=v2" "ssd" "subvol=${subvol}" (if atime then "relatime" else "noatime") ]; + }; + submount = mkBtrfsMount "alyssum"; +in { + fileSystems = { + "/" = { + device = "rootfs"; + fsType = "tmpfs"; + options = [ "defaults" "size=8G" "mode=755" ]; + }; + "/boot" = mkLabelMount "stem" "vfat"; + + "/nix" = submount "/@/nix" false; + "/persist" = (submount "/@/persist" true) // { neededForBoot = true; }; + "/persist/.snapshots" = submount "/snap/persist" false; + "/var/log/journal" = bind "/persist/journal"; + }; +} diff --git a/hosts/alyssum/kernel.nix b/hosts/alyssum/kernel.nix new file mode 100644 index 0000000..7ea7d43 --- /dev/null +++ b/hosts/alyssum/kernel.nix @@ -0,0 +1,10 @@ +{ ... }: { + boot = { + loader = { + efi.canTouchEfiVariables = true; + systemd-boot.enable = true; + }; + initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" ]; + initrd.kernelModules = [ "nvme" ]; + }; +} diff --git a/hosts/alyssum/networking.nix b/hosts/alyssum/networking.nix new file mode 100644 index 0000000..ee27faf --- /dev/null +++ b/hosts/alyssum/networking.nix @@ -0,0 +1,3 @@ +{ ... }: { + networking.useDHCP = true; +} diff --git a/hosts/alyssum/packages.nix b/hosts/alyssum/packages.nix new file mode 100644 index 0000000..2d4bd30 --- /dev/null +++ b/hosts/alyssum/packages.nix @@ -0,0 +1,14 @@ +{ pkgs, ... }: { + environment.systemPackages = with pkgs; [ + git + htop + jq + neovim + rsync + sshfs + wget + + kitty.terminfo + ]; + environment.variables.EDITOR = "nvim"; +} From 0638cf6f5ff5e3c45d951bc514bcd3a941c9efb1 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Thu, 28 May 2026 18:19:13 +1000 Subject: [PATCH 224/301] alyssum/kernel: update --- hosts/alyssum/kernel.nix | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/hosts/alyssum/kernel.nix b/hosts/alyssum/kernel.nix index 7ea7d43..5e9b300 100644 --- a/hosts/alyssum/kernel.nix +++ b/hosts/alyssum/kernel.nix @@ -1,10 +1,12 @@ -{ ... }: { +{ config, lib, ... }: { boot = { loader = { efi.canTouchEfiVariables = true; systemd-boot.enable = true; }; - initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" ]; - initrd.kernelModules = [ "nvme" ]; + initrd.availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "sd_mod" "rtsx_usb_sdmmc" ]; + initrd.kernelModules = [ ]; + kernelModules = [ "kvm-amd" ]; }; + hardware.cpu.amd.updateMicrocode = true; } From 880316173f1941ae6192420be5c6bf0e41f2fb42 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Thu, 28 May 2026 18:43:52 +1000 Subject: [PATCH 225/301] hosts/alyssum: (temporarily) allow password login --- hosts/alyssum/default.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/hosts/alyssum/default.nix b/hosts/alyssum/default.nix index 5506e55..e5165d8 100644 --- a/hosts/alyssum/default.nix +++ b/hosts/alyssum/default.nix @@ -1,4 +1,4 @@ -{ inputs, modules, modulesPath, ... }: { +{ lib, modules, modulesPath, ... }: { networking.hostName = "alyssum"; system.stateVersion = "25.11"; time.timeZone = "Australia/Melbourne"; @@ -25,4 +25,7 @@ ]; me.environment = "headless"; + + services.openssh.settings.PermitRootLogin = lib.mkForce "yes"; + services.openssh.settings.PasswordAuthentication = lib.mkForce true; } From ae707d33ea89d9ff84e99c770bf9e03c452b723b Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Thu, 28 May 2026 18:55:41 +1000 Subject: [PATCH 226/301] alyssum/networking: use wpa_conf --- hosts/alyssum/default.nix | 2 +- hosts/alyssum/networking.nix | 15 +++++++++++++-- secrets.nix | 3 ++- secrets/wpa_conf.age | Bin 420 -> 538 bytes 4 files changed, 16 insertions(+), 4 deletions(-) diff --git a/hosts/alyssum/default.nix b/hosts/alyssum/default.nix index e5165d8..e6a7e58 100644 --- a/hosts/alyssum/default.nix +++ b/hosts/alyssum/default.nix @@ -4,7 +4,7 @@ time.timeZone = "Australia/Melbourne"; age.secrets = { - # acme_dns.file = ../../secrets/acme_dns.age; + wpa_conf.file = ../../secrets/wpa_conf.age; }; imports = with modules.system; [ diff --git a/hosts/alyssum/networking.nix b/hosts/alyssum/networking.nix index ee27faf..9d1fdf9 100644 --- a/hosts/alyssum/networking.nix +++ b/hosts/alyssum/networking.nix @@ -1,3 +1,14 @@ -{ ... }: { - networking.useDHCP = true; +{ config, ... }: { + environment.etc."wpa_supplicant.conf".source = config.age.secrets.wpa_conf.path; + networking = { + useDHCP = true; + interfaces.wlp1s0.useDHCP = false; + interfaces.wlp1s0.ipv4.addresses = [{ + address = "192.168.1.167"; + prefixLength = 24; + }]; + + defaultGateway = "192.168.1.1"; + nameservers = [ "8.8.8.8" "8.8.4.4" ]; + }; } diff --git a/secrets.nix b/secrets.nix index b2d0d0e..b4d5b2c 100644 --- a/secrets.nix +++ b/secrets.nix @@ -1,4 +1,5 @@ let + alyssum = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAp00i2DTwMk9i2WBEwpNTDA51TQJEqzpyCka6znmRzR"; anemone = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEPFifSAybe97xDP/cq6AAjy7Fm0go0dtQ9ICK6JRUgc"; blossom = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA5wfPCcpkNR3ubr7cBV0UwVCDo/sMmV0aI/JOJTIxQj"; dandelion = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFUk99ku7+eiIO7Q9sIPlPx3GiUljLv7W404W/zwrtzI"; @@ -7,7 +8,7 @@ let rin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPru5eTBvHJ4ZmrrzPRHCGM09wQP/ZHSaKYalDuBVO15"; in { "secrets/passwd.age".publicKeys = [ anemone blossom rin ]; - "secrets/wpa_conf.age".publicKeys = [ blossom rin ]; + "secrets/wpa_conf.age".publicKeys = [ alyssum blossom rin ]; "secrets/acme_dns.age".publicKeys = [ dandelion hazel rin ]; "secrets/navidrome_env.age".publicKeys = [ anemone dandelion rin ]; diff --git a/secrets/wpa_conf.age b/secrets/wpa_conf.age index 2b6862e53af790780d4fcfd88e1ef7ed6cc3f47c..555b5946deead8ef44060e3b0217f4b9c009db03 100644 GIT binary patch delta 511 zcmZ3&Jd0(5YJIl9Z*V}lLU>kqWLQdoqiLSArJ=WZXh^1MPH|FhPFA{MUYNJDdv=9k zMM-#gZjiAfS5#qnQD~xBsIRwgv3XcPK#q@jpm}a;Sy-?|fOnFcadC!jYKoDmsiCEUbEtDxM4*D1UwA>GiAQ*Gc72JnzlB+dzeQkKfTN*tdZ}q( zSiYIBONK>(pL?WdNuCLpk5gfKjzOVmn47+liJ6mMvZ1zbfk~csdVyO?agwi@lfH+3 zijPsMaSn!cp_XnDIq3?O;a(XYfdNHDuKNCEVZk9@l>zx>sh0YwmCp4p{`pm|PN5mW z0R^ruWx>T=8f)qn~#$p87h3xd9;4T zrnNzf|IH582;94@ckd31{D*rc>}FlY*0ss2()?AL_cFU#&y-iXG0H#w8hSt>c-vQ< r#Rt}$ay)eO7W2ddY>%%5GB4jyThSI~5IDjA-Mz;4Xw~%s_N8(Fb4s7MZYAkvWtmYSIc3@Dsd-L`j+w=-K9MaAQ9((0zLlZ*`auy(p|KKD_DpibKDcGPtOnl|3s2Z From 220af6cf157e12bfe447658abfe5d90edf36d2dc Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Thu, 28 May 2026 18:59:38 +1000 Subject: [PATCH 227/301] alyssum/networking: enable wpa_supplicant --- hosts/alyssum/networking.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/alyssum/networking.nix b/hosts/alyssum/networking.nix index 9d1fdf9..64c1bff 100644 --- a/hosts/alyssum/networking.nix +++ b/hosts/alyssum/networking.nix @@ -2,6 +2,8 @@ environment.etc."wpa_supplicant.conf".source = config.age.secrets.wpa_conf.path; networking = { useDHCP = true; + wireless.enable = true; + interfaces.wlp1s0.useDHCP = false; interfaces.wlp1s0.ipv4.addresses = [{ address = "192.168.1.167"; From c323f004f19cf5b1e043a8b6c06f2d1f072b2533 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Thu, 28 May 2026 20:06:36 +1000 Subject: [PATCH 228/301] alyssum/networking: point to wpa_conf correctly --- hosts/alyssum/networking.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/alyssum/networking.nix b/hosts/alyssum/networking.nix index 64c1bff..901c3c4 100644 --- a/hosts/alyssum/networking.nix +++ b/hosts/alyssum/networking.nix @@ -1,8 +1,8 @@ { config, ... }: { - environment.etc."wpa_supplicant.conf".source = config.age.secrets.wpa_conf.path; networking = { useDHCP = true; wireless.enable = true; + wireless.extraConfigFiles = [ config.age.secrets.wpa_conf.path ]; interfaces.wlp1s0.useDHCP = false; interfaces.wlp1s0.ipv4.addresses = [{ From 865b473df7a2135f0e3dd7988723fede4a9cdf02 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Thu, 28 May 2026 20:13:54 +1000 Subject: [PATCH 229/301] alyssum/networking: point to wpa_conf correctly, attempt 2 why was this changed????? --- hosts/alyssum/networking.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/alyssum/networking.nix b/hosts/alyssum/networking.nix index 901c3c4..760e8a5 100644 --- a/hosts/alyssum/networking.nix +++ b/hosts/alyssum/networking.nix @@ -1,8 +1,8 @@ { config, ... }: { + environment.etc."wpa_supplicant/imperative.conf".source = config.age.secrets.wpa_conf.path; networking = { useDHCP = true; wireless.enable = true; - wireless.extraConfigFiles = [ config.age.secrets.wpa_conf.path ]; interfaces.wlp1s0.useDHCP = false; interfaces.wlp1s0.ipv4.addresses = [{ From 0d99bd6015d1dcce8d7ee02bdca434df358bf524 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Thu, 28 May 2026 20:16:59 +1000 Subject: [PATCH 230/301] alyssum/networking: point to wpa_conf correctly, attempt 3 --- hosts/alyssum/default.nix | 6 +++++- hosts/alyssum/networking.nix | 1 - 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/hosts/alyssum/default.nix b/hosts/alyssum/default.nix index e6a7e58..fecf4b3 100644 --- a/hosts/alyssum/default.nix +++ b/hosts/alyssum/default.nix @@ -4,7 +4,11 @@ time.timeZone = "Australia/Melbourne"; age.secrets = { - wpa_conf.file = ../../secrets/wpa_conf.age; + wpa_conf = { + file = ../../secrets/wpa_conf.age; + path = "/etc/wpa_supplicant/imperative.conf"; + symlink = false; + }; }; imports = with modules.system; [ diff --git a/hosts/alyssum/networking.nix b/hosts/alyssum/networking.nix index 760e8a5..281cbb6 100644 --- a/hosts/alyssum/networking.nix +++ b/hosts/alyssum/networking.nix @@ -1,5 +1,4 @@ { config, ... }: { - environment.etc."wpa_supplicant/imperative.conf".source = config.age.secrets.wpa_conf.path; networking = { useDHCP = true; wireless.enable = true; From 59f5913b680665d1e895bc5347c29ad2132687ea Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Thu, 28 May 2026 20:19:04 +1000 Subject: [PATCH 231/301] hosts/alyssum: disable insecure ssh --- hosts/alyssum/default.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/hosts/alyssum/default.nix b/hosts/alyssum/default.nix index fecf4b3..4a6ef0c 100644 --- a/hosts/alyssum/default.nix +++ b/hosts/alyssum/default.nix @@ -29,7 +29,4 @@ ]; me.environment = "headless"; - - services.openssh.settings.PermitRootLogin = lib.mkForce "yes"; - services.openssh.settings.PasswordAuthentication = lib.mkForce true; } From c8c6fb1b5e94b61e5880a8eff8e63417b64309b6 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Thu, 28 May 2026 20:55:11 +1000 Subject: [PATCH 232/301] system/tailscale: init --- hosts/anemone/default.nix | 1 + modules/default.nix | 1 + modules/system/tailscale.nix | 8 ++++++++ secrets.nix | 1 + secrets/tailscale_auth.age | 13 +++++++++++++ 5 files changed, 24 insertions(+) create mode 100644 modules/system/tailscale.nix create mode 100644 secrets/tailscale_auth.age diff --git a/hosts/anemone/default.nix b/hosts/anemone/default.nix index aa4c81b..841e909 100644 --- a/hosts/anemone/default.nix +++ b/hosts/anemone/default.nix @@ -28,6 +28,7 @@ printing security snapper + tailscale wireguard ./filesystem.nix diff --git a/modules/default.nix b/modules/default.nix index f47d4ee..d55b54a 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -49,6 +49,7 @@ in { ./system/printing.nix ./system/security.nix ./system/snapper.nix + ./system/tailscale.nix ./system/virtualisation.nix ./system/wireguard.nix ]; diff --git a/modules/system/tailscale.nix b/modules/system/tailscale.nix new file mode 100644 index 0000000..9de220d --- /dev/null +++ b/modules/system/tailscale.nix @@ -0,0 +1,8 @@ +{ config, ... }: { + age.secrets.tailscale_auth.file = ../../secrets/tailscale_auth.age; + services.tailscale = { + enable = true; + authKeyFile = config.age.secrets.tailscale_auth.path; + openFirewall = true; + }; +} diff --git a/secrets.nix b/secrets.nix index b4d5b2c..5a8bf1b 100644 --- a/secrets.nix +++ b/secrets.nix @@ -13,6 +13,7 @@ in { "secrets/acme_dns.age".publicKeys = [ dandelion hazel rin ]; "secrets/navidrome_env.age".publicKeys = [ anemone dandelion rin ]; "secrets/slskd_env.age".publicKeys = [ anemone dandelion rin ]; + "secrets/tailscale_auth.age".publicKeys = [ alyssum anemone blossom dandelion rin ]; "secrets/warden_admin.age".publicKeys = [ rin ]; "secrets/wg_anemone.age".publicKeys = [ anemone rin ]; "secrets/wg_dandelion.age".publicKeys = [ dandelion rin ]; diff --git a/secrets/tailscale_auth.age b/secrets/tailscale_auth.age new file mode 100644 index 0000000..be7af43 --- /dev/null +++ b/secrets/tailscale_auth.age @@ -0,0 +1,13 @@ +age-encryption.org/v1 +-> ssh-ed25519 kOMSPw judP6VmZDGErkHfUpCp3xTgJtWVmGv3/tZw3WGyhfhM +10jxPIR6Qaf/iWLzbWOrFq9XBsm8OC3mcMrxEt+BYQ8 +-> ssh-ed25519 ohyStA Xc6TjSJYtJkK1VEauNJKn+RcTdwdkyJ0Sr+tbAJ8rGc +vzQt4zMdktY5tNvfu9HsKBgJb52uM7x8bhF+WXwpWZ8 +-> ssh-ed25519 CUCjXQ r8WxaXpWtaBdMJ2ubaAwJ4ipSz/UtnMs0x3+eI8p0VU +CdicUH7AE4E4XVHDAeYzQdsYMYA0sCLlt2P4eR24vvs +-> ssh-ed25519 bRFqeQ E9sknPioO9leKqs8bFJDLrAMuRAJf0ZRyGMvy7O5wVA +KX93oSqGHimM/PaeaoHq1aYVXGG1YsVMO2ihZaM8xVE +-> ssh-ed25519 U9FXlg u7yG7cLylPUgu/Is4xx0BXVhX31vUtgStV5CYa8Cowg +xAuGYZpMPVQpZYASXrMuqNE9wqqEG3kMLUNjLzPmL4g +--- EoeqIMnX5tR3J51Cz2QEyjsgD/7h468bqjRmt3mOEjY +xHQ)k)ĉB~ە֖Zv?%lQx OwZIsۄf4D ǔ*Otݳ 0.m[q_[v \ No newline at end of file From 724d30a092902b27988fc2a3cdc41b18b8023898 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Mon, 23 Mar 2026 02:53:15 +1100 Subject: [PATCH 233/301] containers/fluorite: change slskd env --- secrets/slskd_env.age | Bin 853 -> 847 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/secrets/slskd_env.age b/secrets/slskd_env.age index 7515e1fe0856de4165a345ca9d18941d86466845..eded5d0ff812e08ea3ca7644c655ca94e63b764b 100644 GIT binary patch delta 796 zcmcc0cAjm5PQ9^9zPWF)vr~j+RC<6}foE!VS$0rnv0J*Exk*-`QL=YMQC4WCkzY=R zFPCddnvZ8_wuwPzahjh~q=~b)qk&hJN3u~+qO-5Qk5_J4pjT;Ws&-;zF_*5LLUD11 zZfc5=si~o*LQ;@hVQQd4L~>S&PoZCgqX7{%$5*y1Kdw<$h%$C4m9{ zAr+}5{soCuSxyo8CTT&&A;`h|hzTxtQ@iv_+&ZW8;+-g>`_I)GK5?G)u;;^%dvSUncP_E7^4Z_#vEWINTtZ^D>;JZ(_4hSQCIu<7 z|I^Ajr1*QvaYxCv`*jXsa_)P7uRmk+_p4F&VqI?wkFNoxr;Vhtf|bKBOcC9}{P5P5 z?>Tl3o9hJu)f{%b=8Kd8#)<+ zh5ARLKC3nScdKMSX?k*Bhf`qr<-6bXZzw(6@`K&$bnu&&`WdFP(rSfOoupUo4LGvy z3WpA3QLkHq+!VjuWry>YJHI;IH*<24*W|lj64M?i9Lro|zn*FSbc64ERu)wKPYk;n z{kGwC<>9Q25hm~2zB$}&MQp(rvOv);x4(yF%H&S_r@`3(=>}4) delta 802 zcmX@lc9m^{PJND%L5jOig-c~px{0@;V|YY?V}5y5QbBl`n@ggzv9o!pQF?}VXljaa zK3BeLNo8(9Ns(Kmd1|nKgr9#|dAMVuM@ou^sdi#iieF(^ikYida+E`9R#m=5#KEX-pAudT~*{)uZ83rj%rC9+crtSt@y1KdwJ}DJ>ffgP~ z-emzksh){d5#iYtX(ap9V`X;r?>Wvg`-oiQ*JPCw`&4#&{akq2 zZ}#+WUG?kv?Rms`{`Q}_$#HDEXwi-^?`w9hPq)`F>91^lyIi_`>xFrH*S_X@kharj z%gc$A-ly&<=5kymp44jd`G~j%|G!@K`-UQC^Af}g;@C9#oZeV*KK|kN=%K)7?)P7w ze!R%o*B6j}Aa}yXqe16hT#o#%w(`4Dy>n9WnVOHRRtyGA^_RY{aM+UfhMQr>|edy|_G~?!? zUCrUm+a4{`e80Kr*_`k82OsYe-g4x`Z=v_zPsIbj#ZM4@R`$w7CsD9%Cu<#h=t+O4 zO;*gx8|**Kdmp=!`IqXvz@s Date: Thu, 26 Mar 2026 19:01:45 +1100 Subject: [PATCH 234/301] containers/beryllium: use ipv4 --- containers/beryllium/configuration.nix | 5 +++-- containers/beryllium/flake.nix | 12 +++++------- 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/containers/beryllium/configuration.nix b/containers/beryllium/configuration.nix index 07740d2..6629a31 100644 --- a/containers/beryllium/configuration.nix +++ b/containers/beryllium/configuration.nix @@ -9,14 +9,15 @@ networking.firewall.allowedUDPPorts = [ 6167 ]; # TODO: this should be generically set networking.useHostResolvConf = false; - networking.nameservers = [ "fd0d:1::2:1" ]; + networking.nameservers = [ "8.8.8.8" ]; services.matrix-continuwuity = { enable = true; settings.global = { # TODO: link this with outer container's address - address = [ "fd0d:1::2:2" ]; + address = [ "10.30.2.2" ]; server_name = "lava.moe"; + rocksdb_recovery_mode = 2; }; }; } diff --git a/containers/beryllium/flake.nix b/containers/beryllium/flake.nix index c6b6cae..5805401 100644 --- a/containers/beryllium/flake.nix +++ b/containers/beryllium/flake.nix @@ -22,9 +22,9 @@ useACMEHost = "lava.moe"; forceSSL = true; locations."/".extraConfig = "return 302 'https://lava.moe';"; - locations."/_matrix".proxyPass = "http://[fd0d:1::${subnet}:2]:6167"; - locations."/_conduwuit".proxyPass = "http://[fd0d:1::${subnet}:2]:6167"; - locations."/_continuwuity".proxyPass = "http://[fd0d:1::${subnet}:2]:6167"; + locations."/_matrix".proxyPass = "http://10.30.${subnet}.2:6167"; + locations."/_conduwuit".proxyPass = "http://10.30.${subnet}.2:6167"; + locations."/_continuwuity".proxyPass = "http://10.30.${subnet}.2:6167"; }; services.nginx.virtualHosts."lava.moe" = { @@ -52,9 +52,8 @@ containers.${name} = { autoStart = true; privateNetwork = true; - hostAddress6 = "fd0d:1::${subnet}:1"; - localAddress6 = "fd0d:1::${subnet}:2"; - # privateUsers = "pick"; + hostAddress = "10.30.${subnet}.1"; + localAddress = "10.30.${subnet}.2"; nixpkgs = nixpkgs; ephemeral = true; config = { imports = [ ./configuration.nix ]; }; @@ -64,7 +63,6 @@ mountPoint = "/persist"; isReadOnly = false; }; - # flake = "path:" + ./.; }; }; }; From 52e53ba5b3b877a829c1b445b33167cb7051c48e Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 5 Apr 2026 09:32:33 +1000 Subject: [PATCH 235/301] containers/amethyst: use ipv4 proxy --- containers/amethyst/flake.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/containers/amethyst/flake.nix b/containers/amethyst/flake.nix index 5b9817e..739c3e5 100644 --- a/containers/amethyst/flake.nix +++ b/containers/amethyst/flake.nix @@ -21,7 +21,8 @@ services.nginx.virtualHosts."${fqdn}" = { useACMEHost = "lava.moe"; forceSSL = true; - locations."/".proxyPass = "http://[fd0d:1::${subnet}:2]:9091"; + #locations."/".proxyPass = "http://[fd0d:1::${subnet}:2]:9091"; + locations."/".proxyPass = "http://10.30.${subnet}.2:9091"; listenAddresses = [ "10.0.0.1" "[fd0d::1]" ]; }; From 4a91f8a1652eaabd7bc933428d76aeb86263c0b4 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Fri, 10 Apr 2026 01:02:28 +1000 Subject: [PATCH 236/301] system/wireguard: also forward udp --- modules/system/wireguard.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/system/wireguard.nix b/modules/system/wireguard.nix index bdfe900..71f85ad 100644 --- a/modules/system/wireguard.nix +++ b/modules/system/wireguard.nix @@ -6,7 +6,7 @@ let serverIp = gcSecrets.wireguard.gateway; forwarding = { -# "22727" = [ "10.100.0.3" "7777" ]; + "22727" = [ "10.100.0.3" "7777" ]; }; mapForwards = type: @@ -18,6 +18,8 @@ let in '' ${pkgs.iptables}/bin/iptables -${type} PREROUTING -t nat -i ${serverInterface} -p tcp --dport ${sport} -j DNAT --to ${dest}:${dport} ${pkgs.iptables}/bin/iptables -${type} FORWARD -p tcp -d ${dest} --dport ${dport} -j ACCEPT + ${pkgs.iptables}/bin/iptables -${type} PREROUTING -t nat -i ${serverInterface} -p udp --dport ${sport} -j DNAT --to ${dest}:${dport} + ${pkgs.iptables}/bin/iptables -${type} FORWARD -p udp -d ${dest} --dport ${dport} -j ACCEPT '') forwarding ); From 5680e29cd2ba1572cfcb59d536455f959cecfec9 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sat, 11 Apr 2026 22:47:29 +1000 Subject: [PATCH 237/301] services/unbound: add google to dns --- modules/services/unbound.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/services/unbound.nix b/modules/services/unbound.nix index 349f9e8..a1b4ac4 100644 --- a/modules/services/unbound.nix +++ b/modules/services/unbound.nix @@ -27,8 +27,12 @@ in { forward-addr = [ "2606:4700:4700::1111@853#cloudflare-dns.com" "2606:4700:4700::1001@853#cloudflare-dns.com" + "2001:4860:4860::8888@853#dns.google" + "2001:4860:4860::8844@853#dns.google" "1.1.1.1@853#cloudflare-dns.com" "1.0.0.1@853#cloudflare-dns.com" + "8.8.8.8@853#dns.google" + "8.8.4.4@853#dns.google" ]; }]; From de857dcfbfc60d39161b14257d7661841dc06d13 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Thu, 28 May 2026 21:20:27 +1000 Subject: [PATCH 238/301] services/nginx: credentialsFile -> environmentFile --- modules/services/nginx.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/services/nginx.nix b/modules/services/nginx.nix index 51641b4..a02b7e9 100644 --- a/modules/services/nginx.nix +++ b/modules/services/nginx.nix @@ -6,7 +6,7 @@ email = "me@lava.moe"; group = "nginx"; dnsProvider = "cloudflare"; - credentialsFile = config.age.secrets."acme_dns".path; + environmentFile = config.age.secrets."acme_dns".path; }; certs."lava.moe" = { extraDomainNames = [ From d13f18a1899628e8b9cc2875abe61e1c40be2c67 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Thu, 28 May 2026 21:21:49 +1000 Subject: [PATCH 239/301] user/neovim{,-minimal}: set defaults to suppress warning --- modules/user/neovim-minimal.nix | 2 ++ modules/user/neovim.nix | 2 ++ 2 files changed, 4 insertions(+) diff --git a/modules/user/neovim-minimal.nix b/modules/user/neovim-minimal.nix index a7d3f8c..392097d 100644 --- a/modules/user/neovim-minimal.nix +++ b/modules/user/neovim-minimal.nix @@ -9,6 +9,8 @@ vimAlias = true; vimdiffAlias = true; withNodeJs = false; + withPython3 = false; + withRuby = false; plugins = with pkgs.vimPlugins; [ fzf-vim diff --git a/modules/user/neovim.nix b/modules/user/neovim.nix index 30ffac9..d691c61 100644 --- a/modules/user/neovim.nix +++ b/modules/user/neovim.nix @@ -17,6 +17,8 @@ in { vimdiffAlias = true; #package = pkgs.neovim-nightly; withNodeJs = true; + withPython3 = true; + withRuby = false; extraPackages = with pkgs; [ rust-analyzer From 69717ef92ba8cb0763b17af502c5174d95de65a3 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Thu, 28 May 2026 21:33:57 +1000 Subject: [PATCH 240/301] hosts/dandelion: enable tailscale --- hosts/dandelion/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/dandelion/default.nix b/hosts/dandelion/default.nix index 92e53be..33b6eec 100644 --- a/hosts/dandelion/default.nix +++ b/hosts/dandelion/default.nix @@ -19,6 +19,7 @@ nix-stable packages security + tailscale wireguard modules.services.banksia From e5e608c580e9598d897485f66a14bce0e0740d1d Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Thu, 28 May 2026 21:56:34 +1000 Subject: [PATCH 241/301] services/unbound: allow access from tailscale --- modules/services/unbound.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/services/unbound.nix b/modules/services/unbound.nix index a1b4ac4..8aae0fd 100644 --- a/modules/services/unbound.nix +++ b/modules/services/unbound.nix @@ -41,8 +41,10 @@ in { access-control = [ "127.0.0.1/8 allow" "10.0.0.0/8 allow" + "100.64.0.0/10 allow" "192.168.100.0/24 allow" - "fd0d::/16 allow" + "fd0d::/16 allow" + "fd7a:115c:a1e0::/48 allow" "${gcSecrets.wireguard.ipv6Subnet}:/80 allow" ]; domain-insecure = [ "\"local.lava.moe\"" ]; From d0e090bb6815110376b9bceb40880a9a5ee00ee3 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Thu, 28 May 2026 22:10:44 +1000 Subject: [PATCH 242/301] hosts/alyssum: enable tailscale --- hosts/alyssum/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/alyssum/default.nix b/hosts/alyssum/default.nix index 4a6ef0c..087c77f 100644 --- a/hosts/alyssum/default.nix +++ b/hosts/alyssum/default.nix @@ -20,6 +20,7 @@ nix-stable packages security + tailscale ./filesystem.nix ./kernel.nix From b8a7dfa8a87ea914c99861dfbfcdbfab200de5f3 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Thu, 28 May 2026 22:19:54 +1000 Subject: [PATCH 243/301] system/tailscale: enable routing features --- modules/system/tailscale.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/system/tailscale.nix b/modules/system/tailscale.nix index 9de220d..4bded31 100644 --- a/modules/system/tailscale.nix +++ b/modules/system/tailscale.nix @@ -4,5 +4,6 @@ enable = true; authKeyFile = config.age.secrets.tailscale_auth.path; openFirewall = true; + useRoutingFeatures = if config.me.environment == "headless" then "both" else "client"; }; } From 81c17720eb4858d2c69ba7e79e1e96494f7b40de Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Thu, 28 May 2026 22:40:19 +1000 Subject: [PATCH 244/301] containers/{d,e,f}: listen on tailscale --- containers/diamond/flake.nix | 2 +- containers/emerald/flake.nix | 2 +- containers/fluorite/flake.nix | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/containers/diamond/flake.nix b/containers/diamond/flake.nix index 13b6b1e..71ab4fd 100644 --- a/containers/diamond/flake.nix +++ b/containers/diamond/flake.nix @@ -24,7 +24,7 @@ useACMEHost = "lava.moe"; forceSSL = true; locations."/".proxyPass = "http://[${client}]:8000"; - listenAddresses = [ "10.0.0.1" "[fd0d::1]" ]; + listenAddresses = [ "10.0.0.1" "[fd0d::1]" "100.67.1.1" ]; }; systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ]; diff --git a/containers/emerald/flake.nix b/containers/emerald/flake.nix index 5ecf768..9c9acdc 100644 --- a/containers/emerald/flake.nix +++ b/containers/emerald/flake.nix @@ -39,7 +39,7 @@ useACMEHost = "lava.moe"; forceSSL = true; locations."/".proxyPass = "http://[${client}]:4533"; - listenAddresses = [ "10.0.0.1" "[fd0d::1]" ]; + listenAddresses = [ "10.0.0.1" "[fd0d::1]" "100.67.1.1" ]; }; services.nginx.virtualHosts."${shareFqdn}" = { useACMEHost = "lava.moe"; diff --git a/containers/fluorite/flake.nix b/containers/fluorite/flake.nix index c49e63b..33fcdb1 100644 --- a/containers/fluorite/flake.nix +++ b/containers/fluorite/flake.nix @@ -39,7 +39,7 @@ useACMEHost = "lava.moe"; forceSSL = true; locations."/".proxyPass = "http://[${client}]:5030"; - listenAddresses = [ "10.0.0.1" "[fd0d::1]" ]; + listenAddresses = [ "10.0.0.1" "[fd0d::1]" "100.67.1.1" ]; }; systemd.tmpfiles.rules = [ From 604983800f2b0f072160f4afa65823872bceae07 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sat, 30 May 2026 01:27:12 +1000 Subject: [PATCH 245/301] hyacinth/packages: add discord --- hosts/hyacinth/packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/hyacinth/packages.nix b/hosts/hyacinth/packages.nix index f4e4fe4..69f9ba1 100644 --- a/hosts/hyacinth/packages.nix +++ b/hosts/hyacinth/packages.nix @@ -1,5 +1,6 @@ { pkgs, ... }: { environment.systemPackages = with pkgs; [ + discord jetbrains.idea texliveFull ]; From 4a82035d825230d6ef4f304a61c90f235dd528af Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sat, 30 May 2026 01:45:45 +1000 Subject: [PATCH 246/301] hosts/hyacinth: enable tailscale --- hosts/hyacinth/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/hyacinth/default.nix b/hosts/hyacinth/default.nix index 620798b..c307ce8 100644 --- a/hosts/hyacinth/default.nix +++ b/hosts/hyacinth/default.nix @@ -28,6 +28,7 @@ printing security snapper + tailscale wireguard modules.services.syncthing From 1941deb004910565e1f08ad7736dfa49a22dc452 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 29 May 2026 04:02:18 +0000 Subject: [PATCH 247/301] flake: bump inputs --- flake.lock | 102 ++++++++++++++++++++++++++--------------------------- 1 file changed, 51 insertions(+), 51 deletions(-) diff --git a/flake.lock b/flake.lock index d6070b9..db4bae9 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1777475243, - "narHash": "sha256-EiCeDGJewyWq2Mtdt5m8qyo/W5PXVUCacLuZJ/diBQ8=", + "lastModified": 1779903856, + "narHash": "sha256-uRShMtD6xW3ZKZbCQ6sDzKWEnbBXUg3IGfOARYogKhg=", "owner": "ezKEa", "repo": "aagl-gtk-on-nix", - "rev": "12e7b06163456e4c3685ee83b8fdc277fe03bdc8", + "rev": "50671fc7f29d686f63ef34b603320d44ad7f2d29", "type": "github" }, "original": { @@ -295,11 +295,11 @@ ] }, "locked": { - "lastModified": 1777988971, - "narHash": "sha256-qIoWPDs+0/8JecyYgE3gpKQxW/4bLW/gp45vow9ioCQ=", + "lastModified": 1778716662, + "narHash": "sha256-m1Yf0wZ8j1OHjTc2UwHwyQRSnNeSgLJOd7q5Y45hzi4=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "0678d8986be1661af6bb555f3489f2fdfc31f6ff", + "rev": "f7c1a2d347e4c52d5fb8d10cb4d94b5884e546fb", "type": "github" }, "original": { @@ -313,11 +313,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1777988971, - "narHash": "sha256-qIoWPDs+0/8JecyYgE3gpKQxW/4bLW/gp45vow9ioCQ=", + "lastModified": 1778716662, + "narHash": "sha256-m1Yf0wZ8j1OHjTc2UwHwyQRSnNeSgLJOd7q5Y45hzi4=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "0678d8986be1661af6bb555f3489f2fdfc31f6ff", + "rev": "f7c1a2d347e4c52d5fb8d10cb4d94b5884e546fb", "type": "github" }, "original": { @@ -390,11 +390,11 @@ ] }, "locked": { - "lastModified": 1776796298, - "narHash": "sha256-PcRvlWayisPSjd0UcRQbhG8Oqw78AcPE6x872cPRHN8=", + "lastModified": 1778507602, + "narHash": "sha256-kTwur1wV+01SdqskVMSo6JMEpg71ps3HpbFY2GsflKs=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "3cfd774b0a530725a077e17354fbdb87ea1c4aad", + "rev": "61ab0e80d9c7ab14c256b5b453d8b3fb0189ba0a", "type": "github" }, "original": { @@ -496,11 +496,11 @@ ] }, "locked": { - "lastModified": 1778365864, - "narHash": "sha256-ImoT/wqmgMImf2dAC+E0MverAdA4QXsedOeES9B7Ezw=", + "lastModified": 1779969295, + "narHash": "sha256-HwIJ3tOcwSMiV75L7KqJXciXR9UfT+d7rwOZMX7cTnA=", "owner": "nix-community", "repo": "home-manager", - "rev": "2f419037039a152448c5f4ae9494154753d1b399", + "rev": "61e2c9659324181e0f0ed911958c536333b1d4f6", "type": "github" }, "original": { @@ -540,11 +540,11 @@ "linux-tkg": { "flake": false, "locked": { - "lastModified": 1778301982, - "narHash": "sha256-M8a1VqhhI3Ii0KFY4n1UdzUIFwZbET+G464cCb5ye5U=", + "lastModified": 1779857514, + "narHash": "sha256-dCrVB3cFvv1d/9wuEejYN131b1phyf6SDy1bcEvtWGo=", "owner": "Frogging-Family", "repo": "linux-tkg", - "rev": "d20b99557a90663a016f741398098d4d7b3ad119", + "rev": "c9196dea7ee464f7792f94cd39c32431ad9e25ab", "type": "github" }, "original": { @@ -562,11 +562,11 @@ ] }, "locked": { - "lastModified": 1778371477, - "narHash": "sha256-sVlZeFIds47ABfBbAmBLexCFnkE1GIBTNGjAMRh+BfA=", + "lastModified": 1780013080, + "narHash": "sha256-m984DKbcIeNNuLYFjN3780rPEd55Xe9/cB4BNKkIDvg=", "owner": "nix-community", "repo": "neovim-nightly-overlay", - "rev": "b9ee678fadf59b3c998e180d62f4cee0641d21d9", + "rev": "c6cc238427db8f61b786a66d7e02cf7724b30226", "type": "github" }, "original": { @@ -578,11 +578,11 @@ "neovim-src": { "flake": false, "locked": { - "lastModified": 1778321961, - "narHash": "sha256-lrPZ0C+uixk+6jx+maWM998GZaj4lAuicAz/dZHFNBk=", + "lastModified": 1779979065, + "narHash": "sha256-3uF/oP2D4Jka3DU2G8qqml75UOzPRrK+FIp+jghOq0s=", "owner": "neovim", "repo": "neovim", - "rev": "b44c2bdd16226f6caa5324d91f1ae9781ffdc12b", + "rev": "5d85669a33e10f1f156b086562458cbbc8054438", "type": "github" }, "original": { @@ -598,11 +598,11 @@ "nixpkgs": "nixpkgs_9" }, "locked": { - "lastModified": 1778384395, - "narHash": "sha256-ymn6ivl8RbUK8oevC+aRQ3IY3cB3Jg0dCv7LR5XSBVo=", + "lastModified": 1779768228, + "narHash": "sha256-/dRavNAx/Mp67xcQQ3JBIMyf0cLoXqKedafB1+wksAE=", "owner": "fufexan", "repo": "nix-gaming", - "rev": "8368f981774ee25774d016e810d426891174a993", + "rev": "6e7a8414c0f547a86646eb0b56ebf89e7cc217a2", "type": "github" }, "original": { @@ -618,11 +618,11 @@ ] }, "locked": { - "lastModified": 1778240325, - "narHash": "sha256-d2HIS7LpfI0lgxiXCXLjxrHl3eIdNvAVexOu0xiM488=", + "lastModified": 1779604987, + "narHash": "sha256-ZQ5z+fVhxYKtIFwtqGp5O0PD84BM1riASvqDaN5Xs+s=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "dd2d0e3f6ba00af01b9498f5697173bdc2524bee", + "rev": "8fba98c80b48fa013820e0163c5096922fea4ddd", "type": "github" }, "original": { @@ -633,11 +633,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1770841267, - "narHash": "sha256-9xejG0KoqsoKEGp2kVbXRlEYtFFcDTHjidiuX8hGO44=", + "lastModified": 1777268161, + "narHash": "sha256-bxrdOn8SCOv8tN4JbTF/TXq7kjo9ag4M+C8yzzIRYbE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "ec7c70d12ce2fc37cb92aff673dcdca89d187bae", + "rev": "1c3fe55ad329cbcb28471bb30f05c9827f724c76", "type": "github" }, "original": { @@ -680,11 +680,11 @@ }, "nixpkgs_10": { "locked": { - "lastModified": 1777954456, - "narHash": "sha256-hGdgeU2Nk87RAuZyYjyDjFL6LK7dAZN5RE9+hrDTkDU=", + "lastModified": 1779560665, + "narHash": "sha256-tpyBcxPpcQb8ukyNF7DoCwfSY3VPsxHoYwj00Cayv5o=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "549bd84d6279f9852cae6225e372cc67fb91a4c1", + "rev": "64c08a7ca051951c8eae34e3e3cb1e202fe36786", "type": "github" }, "original": { @@ -824,11 +824,11 @@ }, "nixpkgs_9": { "locked": { - "lastModified": 1778274207, - "narHash": "sha256-I4puXmX1iovcCHZlRmztO3vW0mAbbRvq4F8wgIMQ1MM=", + "lastModified": 1779536132, + "narHash": "sha256-q+fF42iv/geEbHfgSzy3tS0FF/EyD6XTZ98E6yxiBO8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b3da656039dc7a6240f27b2ef8cc6a3ef3bccae7", + "rev": "3d8f0f3f72a6cd4d93d0ad13203f2ea1cb7e1456", "type": "github" }, "original": { @@ -923,11 +923,11 @@ "pure": { "flake": false, "locked": { - "lastModified": 1770811375, - "narHash": "sha256-Fhk4nlVPS09oh0coLsBnjrKncQGE6cUEynzDO2Skiq8=", + "lastModified": 1779255807, + "narHash": "sha256-UQ0hP3qJd4Qxiw1LXPdb9d0Dc4OSD3HJpgYzaCfujno=", "owner": "sindresorhus", "repo": "pure", - "rev": "dbefd0dcafaa3ac7d7222ca50890d9d0c97f7ca2", + "rev": "cc0759a0de620f191510e2e2f9748194a605b54d", "type": "github" }, "original": { @@ -976,11 +976,11 @@ ] }, "locked": { - "lastModified": 1770952264, - "narHash": "sha256-CjymNrJZWBtpavyuTkfPVPaZkwzIzGaf0E/3WgcwM14=", + "lastModified": 1777605393, + "narHash": "sha256-Hjp0VOOHgHcTrX23iVvnfAudPcuCmfkfpQNFwv2v/ks=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "ec6a3d5cdf14bb5a1dd03652bd3f6351004d2188", + "rev": "ff88db34cfa486fc4964a6991cab1678d82eee8c", "type": "github" }, "original": { @@ -997,11 +997,11 @@ "systems": "systems_5" }, "locked": { - "lastModified": 1777789800, - "narHash": "sha256-XHCvLGu/bEEZRzXVKFu1i+2YB102Nr00n8e7xrzsfVs=", + "lastModified": 1779824049, + "narHash": "sha256-dWHVUjP03KSVG1PaLKA6j9EdxWSxSQvipMUIcSyuA/U=", "owner": "Gerg-L", "repo": "spicetify-nix", - "rev": "d0e921cc48aab6137d203a3eab19601dc2bdc0c3", + "rev": "1362178e5f5f7a848c49fe9dee004ef8824f100a", "type": "github" }, "original": { @@ -1029,11 +1029,11 @@ "stevenblack-hosts": { "flake": false, "locked": { - "lastModified": 1778258800, - "narHash": "sha256-wTiDXFiBKV4M4jv1JrVLL/kkIyE1FK4qino07BYU5fc=", + "lastModified": 1779976382, + "narHash": "sha256-wt5NGa4K8/vda669UYUmTUt+BR9X5fPnuTZFfQdpLYo=", "owner": "StevenBlack", "repo": "hosts", - "rev": "8ce06e1ed6f063d3d58cf9c980793415085f5d89", + "rev": "d3e838712512490260f051150e3573eeebecfadb", "type": "github" }, "original": { From 1d9f9f4927fcedfdc810ce98a3f2666f0d7b8ae4 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 29 May 2026 04:02:19 +0000 Subject: [PATCH 248/301] packages/linux-lava: bump to 7.0.10 --- packages/linux-lava/sources.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/linux-lava/sources.nix b/packages/linux-lava/sources.nix index c24fa57..1ea7dcb 100644 --- a/packages/linux-lava/sources.nix +++ b/packages/linux-lava/sources.nix @@ -1,8 +1,8 @@ { fetchFromGitHub, inputs, lib }: let - version = "7.0.5"; + version = "7.0.10"; kernelHash = "1w4i705i0nl1xqv7fdhdbhy7j3xrzhl31fabs6vmgiw7nf06szxv"; - kernelPatchHash = "15a173sx7nw4qkp45f5ksnqd3a1flhpiq3zzsa6gzzcww433hm8d"; + kernelPatchHash = "0h7gxqcnww7sj5cdyblzj04775zhavwdylkm2pm91v6xkjbnz1zj"; mm = lib.versions.majorMinor version; hasPatch = (builtins.length (builtins.splitVersion version)) == 3; From 10fbeac1404f2719437b1d229e128d078ac54694 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sat, 30 May 2026 01:57:08 +1000 Subject: [PATCH 249/301] user/eww: manually set configDir why was this changed??? --- modules/user/eww.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/user/eww.nix b/modules/user/eww.nix index 9d839e0..fa5fd4e 100644 --- a/modules/user/eww.nix +++ b/modules/user/eww.nix @@ -24,6 +24,6 @@ in { home.packages = with pkgs; [ socat ]; programs.eww = { enable = true; - configDir = res; }; + xdg.configFile."eww".source = res; } From 0edeac9f4c06b2dcf20a2338d81dc8ec55643946 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sat, 30 May 2026 19:38:31 +1000 Subject: [PATCH 250/301] user/neovim: remove lsp.with --- res/config.lua | 39 +++++++++++++++++---------------------- 1 file changed, 17 insertions(+), 22 deletions(-) diff --git a/res/config.lua b/res/config.lua index 5d205d7..3e91e28 100644 --- a/res/config.lua +++ b/res/config.lua @@ -108,18 +108,18 @@ require('lualine').setup { -- many thanks to @kristijanhusak -- https://github.com/nvim-treesitter/nvim-treesitter/issues/1167#issuecomment-920824125 function _G.javascript_indent() - local line = vim.fn.getline(vim.v.lnum) - local prev_line = vim.fn.getline(vim.v.lnum - 1) - if line:match('^%s*[%*/]%s*') then - if prev_line:match('^%s*%*%s*') then - return vim.fn.indent(vim.v.lnum - 1) + local line = vim.fn.getline(vim.v.lnum) + local prev_line = vim.fn.getline(vim.v.lnum - 1) + if line:match('^%s*[%*/]%s*') then + if prev_line:match('^%s*%*%s*') then + return vim.fn.indent(vim.v.lnum - 1) + end + if prev_line:match('^%s*/%*%*%s*$') then + return vim.fn.indent(vim.v.lnum - 1) + 1 + end end - if prev_line:match('^%s*/%*%*%s*$') then - return vim.fn.indent(vim.v.lnum - 1) + 1 - end - end - return vim.fn['GetJavascriptIndent']() + return vim.fn['GetJavascriptIndent']() end vim.cmd('au FileType javascript setlocal indentexpr=v:lua.javascript_indent()') @@ -157,18 +157,13 @@ vim.api.nvim_create_autocmd("LspAttach", { end }) -vim.lsp.handlers["textDocument/publishDiagnostics"] = vim.lsp.with( - vim.lsp.diagnostic.on_publish_diagnostics, { - focusable = false, - virtual_text = false, - underline = true, - signs = true, - update_in_insert = true - } -) -vim.lsp.handlers["textDocument/signatureHelp"] = vim.lsp.with( - vim.lsp.handlers.signature_help, { focusable = false } -) +vim.diagnostic.config({ + focusable = false, + virtual_text = false, + underline = true, + signs = true, + update_in_insert = true +}) capabilities = require('cmp_nvim_lsp').default_capabilities(capabilities) From 939d0cc861132ef4f1c6577fcfe4c0ebbf3c7c52 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sat, 30 May 2026 20:37:42 +1000 Subject: [PATCH 251/301] system/tailscale: persist tailscale state --- modules/binds.nix | 9 +++++++++ modules/default.nix | 1 + modules/options.nix | 5 +++++ modules/system/base.nix | 2 +- modules/system/tailscale.nix | 1 + 5 files changed, 17 insertions(+), 1 deletion(-) create mode 100644 modules/binds.nix diff --git a/modules/binds.nix b/modules/binds.nix new file mode 100644 index 0000000..9c7d4ad --- /dev/null +++ b/modules/binds.nix @@ -0,0 +1,9 @@ +{ config, lib, ...}: { + imports = [ ./options.nix ]; + fileSystems = lib.mapAttrs (dest: key: { + depends = [ "/persist" ]; + device = "/persist/binds/${key}"; + fsType = "none"; + options = [ "bind" ]; + }) config.me.binds; +} diff --git a/modules/default.nix b/modules/default.nix index d55b54a..6775c55 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -14,6 +14,7 @@ let }) paths ); in { + binds = ./binds.nix; options = ./options.nix; services = mkAttrsFromPaths [ ./services/banksia.nix diff --git a/modules/options.nix b/modules/options.nix index b522127..e861c12 100644 --- a/modules/options.nix +++ b/modules/options.nix @@ -44,5 +44,10 @@ in { type = types.bool; default = false; }; + + binds = lib.mkOption { + type = with lib.types; attrsOf str; + default = {}; + }; }; } diff --git a/modules/system/base.nix b/modules/system/base.nix index 36c9993..c45eb99 100644 --- a/modules/system/base.nix +++ b/modules/system/base.nix @@ -1,5 +1,5 @@ { config, inputs, modules, ... }: { - imports = [ modules.options ]; + imports = [ modules.binds modules.options ]; environment.etc = { "machine-id".source = "/persist/machine-id"; diff --git a/modules/system/tailscale.nix b/modules/system/tailscale.nix index 4bded31..732a9bb 100644 --- a/modules/system/tailscale.nix +++ b/modules/system/tailscale.nix @@ -1,5 +1,6 @@ { config, ... }: { age.secrets.tailscale_auth.file = ../../secrets/tailscale_auth.age; + me.binds."/var/lib/tailscale" = "tailscale"; services.tailscale = { enable = true; authKeyFile = config.age.secrets.tailscale_auth.path; From babc27c8be3385495c04d8841ec8f94346fa5cc9 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Thu, 28 May 2026 23:01:43 +1000 Subject: [PATCH 252/301] containers/garnet: init --- containers/garnet/configuration.nix | 32 ++++++++++++ containers/garnet/flake.lock | 27 ++++++++++ containers/garnet/flake.nix | 80 +++++++++++++++++++++++++++++ flake.lock | 47 ++++++++++++++--- flake.nix | 1 + 5 files changed, 179 insertions(+), 8 deletions(-) create mode 100644 containers/garnet/configuration.nix create mode 100644 containers/garnet/flake.lock create mode 100644 containers/garnet/flake.nix diff --git a/containers/garnet/configuration.nix b/containers/garnet/configuration.nix new file mode 100644 index 0000000..930ae67 --- /dev/null +++ b/containers/garnet/configuration.nix @@ -0,0 +1,32 @@ +{ ... }: { + system.stateVersion = "25.11"; + fileSystems."/var/lib/opencloud" = { + device = "/persist/opencloud"; + fsType = "none"; + options = [ "bind" ]; + }; + networking.firewall.allowedTCPPorts = [ 9200 ]; + networking.firewall.allowedUDPPorts = [ 9200 ]; + + services.slskd = { + enable = true; + domain = null; + environmentFile = "/binds/slskd_env"; + settings = { + shares.directories = [ "/binds/music/" ]; + }; + }; + environment.etc."opencloud-admin-pass".text = '' + IDM_ADMIN_PASSWORD=supersillysecure + ''; + services.opencloud = { + enable = true; + url = "https://cloud.lava.moe"; + address = "127.0.0.1"; + port = 9200; + environment = { + PROXY_TLS = "false"; + }; + environmentFile = "/etc/opencloud-admin-pass"; + }; +} diff --git a/containers/garnet/flake.lock b/containers/garnet/flake.lock new file mode 100644 index 0000000..4070242 --- /dev/null +++ b/containers/garnet/flake.lock @@ -0,0 +1,27 @@ +{ + "nodes": { + "nixpkgs": { + "locked": { + "lastModified": 1779560665, + "narHash": "sha256-tpyBcxPpcQb8ukyNF7DoCwfSY3VPsxHoYwj00Cayv5o=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "64c08a7ca051951c8eae34e3e3cb1e202fe36786", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/containers/garnet/flake.nix b/containers/garnet/flake.nix new file mode 100644 index 0000000..7cb7559 --- /dev/null +++ b/containers/garnet/flake.nix @@ -0,0 +1,80 @@ +{ + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + }; + outputs = { nixpkgs, ... }: + let + name = "garnet"; + fqdn = "cloud.lava.moe"; + subnetId = "7"; + + subnet = x: "fd0d:1::${subnetId}:${toString x}"; + host = subnet 1; + client = subnet 2; + + subnet4 = x: "10.30.${subnetId}.${toString x}"; + host4 = subnet4 1; + client4 = subnet4 2; + + modules = [ + ./configuration.nix + { + networking.useHostResolvConf = false; + networking.nameservers = [ host ]; + } + ]; + in { + nixosConfigurations.container = nixpkgs.lib.nixosSystem { + inherit modules; + }; + nixosModule = { config, ... }: { + networking.nat = { + enable = true; + enableIPv6 = true; + internalInterfaces = [ "ve-${name}" ]; + }; + + services.nginx.virtualHosts."${fqdn}" = { + useACMEHost = "lava.moe"; + forceSSL = true; + locations."/" = { + proxyPass = "http://[${client}]:9200"; + proxyWebsockets = true; + extraConfig = '' + proxy_set_header Host $host; + ''; + }; + listenAddresses = [ "10.0.0.1" "[fd0d::1]" "100.67.1.1" ]; + }; + + systemd.tmpfiles.rules = [ + "d /persist/containers/${name} 755 root users" + "d /persist/flower 755 root users" + ]; + containers.${name} = { + autoStart = true; + privateNetwork = true; + hostAddress = host4; + localAddress = client4; + hostAddress6 = host; + localAddress6 = client; + # privateUsers = "pick"; + nixpkgs = nixpkgs; + ephemeral = true; + config = { imports = modules; }; + specialArgs = { inherit fqdn; }; + + bindMounts."persist" = { + hostPath = "/persist/containers/${name}"; + mountPoint = "/persist"; + isReadOnly = false; + }; + bindMounts."content" = { + hostPath = "/persist/flower"; + mountPoint = "/flower"; + isReadOnly = false; + }; + }; + }; + }; +} diff --git a/flake.lock b/flake.lock index db4bae9..2578a7e 100644 --- a/flake.lock +++ b/flake.lock @@ -128,6 +128,20 @@ }, "parent": [] }, + "c-garnet": { + "inputs": { + "nixpkgs": "nixpkgs_9" + }, + "locked": { + "path": "./containers/garnet", + "type": "path" + }, + "original": { + "path": "./containers/garnet", + "type": "path" + }, + "parent": [] + }, "catppuccin": { "inputs": { "nixpkgs": "nixpkgs_4" @@ -595,7 +609,7 @@ "inputs": { "flake-parts": "flake-parts_2", "git-hooks": "git-hooks", - "nixpkgs": "nixpkgs_9" + "nixpkgs": "nixpkgs_10" }, "locked": { "lastModified": 1779768228, @@ -679,6 +693,22 @@ } }, "nixpkgs_10": { + "locked": { + "lastModified": 1779536132, + "narHash": "sha256-q+fF42iv/geEbHfgSzy3tS0FF/EyD6XTZ98E6yxiBO8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "3d8f0f3f72a6cd4d93d0ad13203f2ea1cb7e1456", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_11": { "locked": { "lastModified": 1779560665, "narHash": "sha256-tpyBcxPpcQb8ukyNF7DoCwfSY3VPsxHoYwj00Cayv5o=", @@ -694,7 +724,7 @@ "type": "github" } }, - "nixpkgs_11": { + "nixpkgs_12": { "locked": { "lastModified": 1770019141, "narHash": "sha256-VKS4ZLNx4PNrABoB0L8KUpc1fE7CLpQXQs985tGfaCU=", @@ -824,16 +854,16 @@ }, "nixpkgs_9": { "locked": { - "lastModified": 1779536132, - "narHash": "sha256-q+fF42iv/geEbHfgSzy3tS0FF/EyD6XTZ98E6yxiBO8=", + "lastModified": 1779560665, + "narHash": "sha256-tpyBcxPpcQb8ukyNF7DoCwfSY3VPsxHoYwj00Cayv5o=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3d8f0f3f72a6cd4d93d0ad13203f2ea1cb7e1456", + "rev": "64c08a7ca051951c8eae34e3e3cb1e202fe36786", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixpkgs-unstable", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } @@ -880,7 +910,7 @@ "pastel": { "inputs": { "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs_11", + "nixpkgs": "nixpkgs_12", "pnpm2nix": "pnpm2nix" }, "locked": { @@ -946,6 +976,7 @@ "c-diamond": "c-diamond", "c-emerald": "c-emerald", "c-fluorite": "c-fluorite", + "c-garnet": "c-garnet", "catppuccin": "catppuccin_2", "catppuccin-palette": "catppuccin-palette", "fast-syntax-highlighting": "fast-syntax-highlighting", @@ -954,7 +985,7 @@ "neovim-nightly": "neovim-nightly", "nix-gaming": "nix-gaming", "nix-index-database": "nix-index-database", - "nixpkgs": "nixpkgs_10", + "nixpkgs": "nixpkgs_11", "nvim-treesitter": "nvim-treesitter", "pastel": "pastel", "pure": "pure", diff --git a/flake.nix b/flake.nix index 377e601..5cf3457 100644 --- a/flake.nix +++ b/flake.nix @@ -44,6 +44,7 @@ c-diamond.url = "path:./containers/diamond"; c-emerald.url = "path:./containers/emerald"; c-fluorite.url = "path:./containers/fluorite"; + c-garnet.url = "path:./containers/garnet"; }; outputs = { self, agenix, catppuccin, nixpkgs, ... } @ inputs: From 140b12fa5d95ee0a77c6233ba537dc9fab64c0b7 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Thu, 28 May 2026 23:02:40 +1000 Subject: [PATCH 253/301] hosts/alyssum: enable garnet --- hosts/alyssum/default.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/hosts/alyssum/default.nix b/hosts/alyssum/default.nix index 087c77f..1c1db61 100644 --- a/hosts/alyssum/default.nix +++ b/hosts/alyssum/default.nix @@ -1,4 +1,4 @@ -{ lib, modules, modulesPath, ... }: { +{ inputs, modules, modulesPath, ... }: { networking.hostName = "alyssum"; system.stateVersion = "25.11"; time.timeZone = "Australia/Melbourne"; @@ -22,6 +22,8 @@ security tailscale + inputs.c-garnet.nixosModule + ./filesystem.nix ./kernel.nix ./networking.nix From 27e9546327e2d9f2a756f3f65b657ea61e34bfca Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Thu, 28 May 2026 23:04:35 +1000 Subject: [PATCH 254/301] containers/garnet: better ip filtering --- containers/garnet/flake.nix | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/containers/garnet/flake.nix b/containers/garnet/flake.nix index 7cb7559..b5e4ba5 100644 --- a/containers/garnet/flake.nix +++ b/containers/garnet/flake.nix @@ -44,7 +44,13 @@ proxy_set_header Host $host; ''; }; - listenAddresses = [ "10.0.0.1" "[fd0d::1]" "100.67.1.1" ]; + extraConfig = '' + allow 10.0.0.0/8; + allow 100.0.0.0/8; + allow 192.168.1.0/24; + allow fd0d::/8; + deny all; + ''; }; systemd.tmpfiles.rules = [ From a25d214b82c4459e1e71599bf8917cc12090b337 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Thu, 28 May 2026 23:10:40 +1000 Subject: [PATCH 255/301] hosts/alyssum: enable nginx --- hosts/alyssum/default.nix | 3 +++ secrets.nix | 2 +- secrets/acme_dns.age | 19 ++++++++++--------- 3 files changed, 14 insertions(+), 10 deletions(-) diff --git a/hosts/alyssum/default.nix b/hosts/alyssum/default.nix index 1c1db61..9a53926 100644 --- a/hosts/alyssum/default.nix +++ b/hosts/alyssum/default.nix @@ -4,6 +4,7 @@ time.timeZone = "Australia/Melbourne"; age.secrets = { + acme_dns.file = ../../secrets/acme_dns.age; wpa_conf = { file = ../../secrets/wpa_conf.age; path = "/etc/wpa_supplicant/imperative.conf"; @@ -22,6 +23,8 @@ security tailscale + modules.services.nginx + inputs.c-garnet.nixosModule ./filesystem.nix diff --git a/secrets.nix b/secrets.nix index 5a8bf1b..d2dbc82 100644 --- a/secrets.nix +++ b/secrets.nix @@ -10,7 +10,7 @@ in { "secrets/passwd.age".publicKeys = [ anemone blossom rin ]; "secrets/wpa_conf.age".publicKeys = [ alyssum blossom rin ]; - "secrets/acme_dns.age".publicKeys = [ dandelion hazel rin ]; + "secrets/acme_dns.age".publicKeys = [ alyssum dandelion hazel rin ]; "secrets/navidrome_env.age".publicKeys = [ anemone dandelion rin ]; "secrets/slskd_env.age".publicKeys = [ anemone dandelion rin ]; "secrets/tailscale_auth.age".publicKeys = [ alyssum anemone blossom dandelion rin ]; diff --git a/secrets/acme_dns.age b/secrets/acme_dns.age index a573417..c440de6 100644 --- a/secrets/acme_dns.age +++ b/secrets/acme_dns.age @@ -1,10 +1,11 @@ age-encryption.org/v1 --> ssh-ed25519 bRFqeQ trK7wfJ1fObF70yD3a6axuXaZv/EzzFI7he1dvUajH8 -1C5IrwITtma/um0zUo6by0llVTnla7TBdyRD07azTT8 --> ssh-ed25519 ZAcXHw f+n0WJKTViwizwTIgRpbLGqk458SnuAFVVj5FQS0nwA -MRinOTxWGwfeg16VWJYD+1Uta+7xF6G9oyqtYSfEq80 --> ssh-ed25519 U9FXlg 24QGfemIAHZYMwroayNJp91fUkbwUF7ACuXIk+7qdBg -RNGpjxUgfzV/e1Ab/NcA8A0zzxsXU06xmVbLpG3x+iI ---- mekieJNQOl4vcg+hsSOQsFC7mVUZf/oRl/dT7AeTRKg -H즏)k#%3cQں1?ad| 쳄ٗo2 -B)=Zi9pR Klg ՞h \ No newline at end of file +-> ssh-ed25519 kOMSPw vqjZO82kILUQaoD9EwOgnmXKD9IyscgtzP65BVKkGhs +07f0vL5fSq+EVdJ4n3L/q0tGsh0SVLCueTzbrMQC2ok +-> ssh-ed25519 bRFqeQ qZAsyhdIY/fg7weEBYfB/WwFBrr/fDRrjt0J/m+57W4 +FOWjbk7efoVdL9WxjWvaZ/0mJrQ4yj0fN/Fa3zztz84 +-> ssh-ed25519 ZAcXHw UHpAQ4nKoGGaZWXVj4UM6uBanOgDpBvG6XdoBvhz6y8 +xF1orqajQxp2QzU/e1sq8lMxz4AQ2Vr5a3wEU55QqyE +-> ssh-ed25519 U9FXlg n/LPuRDZ7N0VbZYLNr86hH/yRuqd2zFC7Nnpooz8d0o +aZig/wjd5vitGaJwQ89w2M7fj8fAiqTpdDOmLae74sM +--- mXuALIh6k4n0cErsTFnwKemo/r2jFG7mGSTz2M8zXF8 +Zr2. ~MPXŹ1)p9R9S cLzhQO0H7Lj5 \l97ܫn> From 0735ffdb69516426106e51d1a6f7a96b6c50b1fa Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Thu, 28 May 2026 23:22:19 +1000 Subject: [PATCH 256/301] containers/garnet: remove stray sv and set address to local ip --- containers/garnet/configuration.nix | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/containers/garnet/configuration.nix b/containers/garnet/configuration.nix index 930ae67..4f09e34 100644 --- a/containers/garnet/configuration.nix +++ b/containers/garnet/configuration.nix @@ -8,21 +8,13 @@ networking.firewall.allowedTCPPorts = [ 9200 ]; networking.firewall.allowedUDPPorts = [ 9200 ]; - services.slskd = { - enable = true; - domain = null; - environmentFile = "/binds/slskd_env"; - settings = { - shares.directories = [ "/binds/music/" ]; - }; - }; environment.etc."opencloud-admin-pass".text = '' IDM_ADMIN_PASSWORD=supersillysecure ''; services.opencloud = { enable = true; url = "https://cloud.lava.moe"; - address = "127.0.0.1"; + address = "10.30.7.2"; port = 9200; environment = { PROXY_TLS = "false"; From 011ceee498a0c1361b662c4ffc7e01859086cdea Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Thu, 28 May 2026 23:27:19 +1000 Subject: [PATCH 257/301] containers/garnet: use ipv4 for proxy --- containers/garnet/flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/garnet/flake.nix b/containers/garnet/flake.nix index b5e4ba5..e5bdcbc 100644 --- a/containers/garnet/flake.nix +++ b/containers/garnet/flake.nix @@ -38,7 +38,7 @@ useACMEHost = "lava.moe"; forceSSL = true; locations."/" = { - proxyPass = "http://[${client}]:9200"; + proxyPass = "http://${client4}:9200"; proxyWebsockets = true; extraConfig = '' proxy_set_header Host $host; From c4bedfd86e8bdcf9e2a58be5d96d43b4a50677a7 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Thu, 28 May 2026 23:34:25 +1000 Subject: [PATCH 258/301] containers/garnet: move back to listen addrs --- containers/garnet/flake.nix | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/containers/garnet/flake.nix b/containers/garnet/flake.nix index e5bdcbc..c1694a0 100644 --- a/containers/garnet/flake.nix +++ b/containers/garnet/flake.nix @@ -44,13 +44,7 @@ proxy_set_header Host $host; ''; }; - extraConfig = '' - allow 10.0.0.0/8; - allow 100.0.0.0/8; - allow 192.168.1.0/24; - allow fd0d::/8; - deny all; - ''; + listenAddresses = [ "100.67.2.1" ]; }; systemd.tmpfiles.rules = [ From f622d5f5771d6866b7ee3b3c88ed97d4641a5c49 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Thu, 28 May 2026 23:43:07 +1000 Subject: [PATCH 259/301] containers/garnet: try removing host header --- containers/garnet/flake.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/containers/garnet/flake.nix b/containers/garnet/flake.nix index c1694a0..29540db 100644 --- a/containers/garnet/flake.nix +++ b/containers/garnet/flake.nix @@ -40,9 +40,6 @@ locations."/" = { proxyPass = "http://${client4}:9200"; proxyWebsockets = true; - extraConfig = '' - proxy_set_header Host $host; - ''; }; listenAddresses = [ "100.67.2.1" ]; }; From 34e649e6210ced9f692e2cc300e40236c058a994 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Fri, 29 May 2026 00:43:32 +1000 Subject: [PATCH 260/301] alyssum/filesystem: add myosotis --- hosts/alyssum/filesystem.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/alyssum/filesystem.nix b/hosts/alyssum/filesystem.nix index 205106a..bdea423 100644 --- a/hosts/alyssum/filesystem.nix +++ b/hosts/alyssum/filesystem.nix @@ -26,6 +26,7 @@ in { }; "/boot" = mkLabelMount "stem" "vfat"; + "/flower" = mkBtrfsMount "myosotis" "/@" true; "/nix" = submount "/@/nix" false; "/persist" = (submount "/@/persist" true) // { neededForBoot = true; }; "/persist/.snapshots" = submount "/snap/persist" false; From 48513690982288b4e84daf7e05db8681a1fbab4c Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Fri, 29 May 2026 00:44:13 +1000 Subject: [PATCH 261/301] containers/garnet: add hosts and correct bind mounts --- containers/garnet/configuration.nix | 12 +++++++++++- containers/garnet/flake.nix | 4 ++-- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/containers/garnet/configuration.nix b/containers/garnet/configuration.nix index 4f09e34..ff514e8 100644 --- a/containers/garnet/configuration.nix +++ b/containers/garnet/configuration.nix @@ -1,10 +1,20 @@ { ... }: { system.stateVersion = "25.11"; fileSystems."/var/lib/opencloud" = { - device = "/persist/opencloud"; + device = "/flower/data"; fsType = "none"; options = [ "bind" ]; }; + fileSystems."/etc/opencloud" = { + device = "/persist/cfg"; + fsType = "none"; + options = [ "bind" ]; + }; + # TODO: hardcoded address + networking.extraHosts = '' + 100.67.2.1 cloud.lava.moe + ''; + networking.firewall.allowedTCPPorts = [ 9200 ]; networking.firewall.allowedUDPPorts = [ 9200 ]; diff --git a/containers/garnet/flake.nix b/containers/garnet/flake.nix index 29540db..93c3304 100644 --- a/containers/garnet/flake.nix +++ b/containers/garnet/flake.nix @@ -41,12 +41,12 @@ proxyPass = "http://${client4}:9200"; proxyWebsockets = true; }; + # TODO: hardcoded address listenAddresses = [ "100.67.2.1" ]; }; systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" - "d /persist/flower 755 root users" ]; containers.${name} = { autoStart = true; @@ -67,7 +67,7 @@ isReadOnly = false; }; bindMounts."content" = { - hostPath = "/persist/flower"; + hostPath = "/flower/opencloud"; mountPoint = "/flower"; isReadOnly = false; }; From e7588e0be0ec335a262f37f3c96f2af4031b132d Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sat, 30 May 2026 21:24:30 +1000 Subject: [PATCH 262/301] {system,rin}/packages: cleanup --- modules/system/packages.nix | 1 - users/rin/packages.nix | 37 ++++++++++++++++--------------------- 2 files changed, 16 insertions(+), 22 deletions(-) diff --git a/modules/system/packages.nix b/modules/system/packages.nix index afeef4e..d4e2e3c 100644 --- a/modules/system/packages.nix +++ b/modules/system/packages.nix @@ -16,7 +16,6 @@ neovim nfs-utils ntfs3g - oci-cli ripgrep rsync sshfs diff --git a/users/rin/packages.nix b/users/rin/packages.nix index 8b15c60..0916865 100644 --- a/users/rin/packages.nix +++ b/users/rin/packages.nix @@ -19,15 +19,28 @@ in { nodejs_latest pamixer pnpm - qmk unrar - weechat yt-dlp + ] ++ lib.optionals (config.me.environment == "desktop") [ + krita + lutris + mangohud + (prismlauncher.override { + jdks = [ + jdk21 + temurin-bin-25 + ]; + }) + inputs.nix-gaming.packages.x86_64-linux.osu-lazer-bin + qmk + tetrio-desktop + tor-browser + virt-manager + winetricks ] ++ lib.optionals config.me.gui [ android-studio brightnessctl drawio - element-desktop evince eww feh @@ -36,37 +49,19 @@ in { gamescope gimp3 grim - jetbrains.gateway - #kotatogram-desktop - krita lm_sensors - lutris - insomnia maim - mangohud me.psensor - inputs.nix-gaming.packages.x86_64-linux.osu-lazer-bin - # inputs.nix-gaming.packages.x86_64-linux.wine-osu obsidian pavucontrol - (prismlauncher.override { - jdks = [ - jdk21 - temurin-bin-25 - ]; - }) qbittorrent rivalcfg screenkey slurp swaybg - tetrio-desktop texliveFull - tor-browser transmission-remote-gtk vesktop - virt-manager - winetricks zathura zenity From cc2e9d1a90da5b9e16da55a864cd07deec24b727 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 31 May 2026 02:15:37 +1000 Subject: [PATCH 263/301] user/eww: use iwd tools instead of nmcli --- modules/user/eww.nix | 2 +- res/eww/eww.yuck | 28 +++++++++++++++------------- res/eww/scripts/network.sh | 19 ------------------- 3 files changed, 16 insertions(+), 33 deletions(-) delete mode 100755 res/eww/scripts/network.sh diff --git a/modules/user/eww.nix b/modules/user/eww.nix index fa5fd4e..13db70e 100644 --- a/modules/user/eww.nix +++ b/modules/user/eww.nix @@ -21,7 +21,7 @@ let ''; }; in { - home.packages = with pkgs; [ socat ]; + home.packages = with pkgs; [ iw socat ]; programs.eww = { enable = true; }; diff --git a/res/eww/eww.yuck b/res/eww/eww.yuck index 2598788..d72a2cc 100644 --- a/res/eww/eww.yuck +++ b/res/eww/eww.yuck @@ -1,4 +1,5 @@ (defwindow mainbar :monitor 0 + :geometry (geometry :x "0%" :y "0%" :width "100%" @@ -39,14 +40,15 @@ `cat /sys/class/power_supply/_BAT_PATH_/capacity`) (defpoll pbat_status :interval "1s" :run-while bat-enabled `cat /sys/class/power_supply/_BAT_PATH_/status`) -(defpoll network_strength :interval "1s" :run-while wifi-enabled - `nmcli -f IN-USE,SIGNAL device wifi | grep '*' | tr -d -c 0-9`) +(defpoll wifi_ssid :interval "1s" :run-while wifi-enabled + `iwctl station wlan0 show | grep "Connected network" | awk '{print $3}'`) +(defpoll wifi_strength :interval "1s" :run-while wifi-enabled + `iw dev wlan0 link | awk '/signal/ {gsub("-",""); print $2}'`) (defpoll bluetooth_device :interval "1s" :run-while bt-enabled `bluetoothctl devices Connected | grep Device | cut -d" " -f3-`) (defpoll bluetooth_device_count :interval "1s" :run-while bt-enabled `bluetoothctl devices Connected | wc -l`) -(deflisten lnetwork :initial "" :run-while wifi-enabled "./scripts/network.sh") (deflisten ltitle :initial "" "./scripts/title.sh") (deflisten lworkspaces :initial "[]" "./scripts/workspaces.sh") (deflisten lcurrent_workspace :initial "1" "./scripts/active-workspace.sh") @@ -107,22 +109,22 @@ (defwidget network [] (button :onclick `eww update network-extended=${network-extended ? "false" : "true"}` (box :orientation "horizontal" - :class {"widget pill" + ((network-extended && lnetwork != "Disconnected") ? " extended" : "")} - :spacing {(network-extended && lnetwork != "Disconnected") ? 5 : 0} + :class {"widget pill" + ((network-extended && wifi_ssid != "") ? " extended" : "")} + :spacing {(network-extended && wifi_ssid != "") ? 5 : 0} :space-evenly false (label :text { - (lnetwork == "Disconnected") ? "" - : (network_strength == "") ? "" - : (network_strength < 20) ? "" - : (network_strength < 30) ? "" - : (network_strength < 55) ? "" - : (network_strength < 80) ? "" + (wifi_ssid == "") ? "" + : (wifi_strength == "") ? "" + : (wifi_strength < 75) ? "" + : (wifi_strength < 65) ? "" + : (wifi_strength < 60) ? "" + : (wifi_strength < 50) ? "" : ""} :class "base pill-icon") (revealer :transition "slideleft" - :reveal {network-extended && lnetwork != "Disconnected"} + :reveal {network-extended && wifi_ssid != ""} :duration 150 - (label :text lnetwork + (label :text wifi_ssid :class "base"))))) (defwidget battery [] diff --git a/res/eww/scripts/network.sh b/res/eww/scripts/network.sh deleted file mode 100755 index 7d0c2c8..0000000 --- a/res/eww/scripts/network.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/usr/bin/env bash - -init=$(nmcli -t -f name,device connection show --active | grep wlp1s0 | cut -d\: -f1) - -if [[ -z $init ]]; then - echo Disconnected -else - echo $init -fi - -nmcli monitor | while read -r line ; do - if [[ $line == *"is now the primary connection" ]]; then - conn=$(echo $line | cut -d\' -f2) - echo $conn - fi - if [[ $line == "There's no primary connection" ]]; then - echo Disconnected - fi -done From 93354e641927c07672e32cd453be5b4c1394a762 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Tue, 2 Jun 2026 19:50:01 +1000 Subject: [PATCH 264/301] containers/citrine: garden -> lab --- containers/citrine/configuration.nix | 2 +- containers/citrine/flake.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/containers/citrine/configuration.nix b/containers/citrine/configuration.nix index 996ffb2..392062c 100644 --- a/containers/citrine/configuration.nix +++ b/containers/citrine/configuration.nix @@ -11,7 +11,7 @@ enable = true; lfs.enable = true; settings = { - DEFAULT.APP_NAME = "Garden"; + DEFAULT.APP_NAME = "cilly's botanical laboratory"; server = { DOMAIN = fqdn; ROOT_URL = "https://${fqdn}/"; diff --git a/containers/citrine/flake.nix b/containers/citrine/flake.nix index 5673c9e..c2a81b7 100644 --- a/containers/citrine/flake.nix +++ b/containers/citrine/flake.nix @@ -6,7 +6,7 @@ outputs = { nixpkgs, catppuccin, ... }: let name = "citrine"; - fqdn = "garden.lava.moe"; + fqdn = "lab.lava.moe"; subnetId = "3"; subnet = x: "fd0d:1::${subnetId}:${toString x}"; From 91abcbed1984e86981e95b395202e240ed13fbf7 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Tue, 2 Jun 2026 19:54:09 +1000 Subject: [PATCH 265/301] services/banksia: redirect to lab --- modules/services/banksia.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/services/banksia.nix b/modules/services/banksia.nix index d6532f6..2ace618 100644 --- a/modules/services/banksia.nix +++ b/modules/services/banksia.nix @@ -4,7 +4,7 @@ "banksia.lava.moe" = { useACMEHost = "lava.moe"; forceSSL = true; - locations."/".return = "302 https://github.com/cillynder/Banksia"; + locations."/".return = "302 https://lab.lava.moe/cilly/Banksia"; locations."/api".proxyPass = "http://localhost:8080/"; }; }; From ee3e0868a8338ab92d34a434e9c3add7dca3db5d Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sat, 6 Jun 2026 20:14:37 +1000 Subject: [PATCH 266/301] system/tailscale: loosen firewall for tailnet --- modules/system/tailscale.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/system/tailscale.nix b/modules/system/tailscale.nix index 732a9bb..02bce52 100644 --- a/modules/system/tailscale.nix +++ b/modules/system/tailscale.nix @@ -1,6 +1,7 @@ { config, ... }: { age.secrets.tailscale_auth.file = ../../secrets/tailscale_auth.age; me.binds."/var/lib/tailscale" = "tailscale"; + networking.firewall.trustedInterfaces = [ "tailscale0" ]; services.tailscale = { enable = true; authKeyFile = config.age.secrets.tailscale_auth.path; From abe0027e5dc405174f7d8993db14e57cadda7b29 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sat, 6 Jun 2026 20:23:56 +1000 Subject: [PATCH 267/301] hosts/alyssum: add syncthing --- hosts/alyssum/default.nix | 4 +++- modules/services/syncthing.nix | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/hosts/alyssum/default.nix b/hosts/alyssum/default.nix index 9a53926..3eb7289 100644 --- a/hosts/alyssum/default.nix +++ b/hosts/alyssum/default.nix @@ -1,4 +1,4 @@ -{ inputs, modules, modulesPath, ... }: { +{ inputs, lib, modules, modulesPath, ... }: { networking.hostName = "alyssum"; system.stateVersion = "25.11"; time.timeZone = "Australia/Melbourne"; @@ -24,6 +24,7 @@ tailscale modules.services.nginx + modules.services.syncthing inputs.c-garnet.nixosModule @@ -35,4 +36,5 @@ ]; me.environment = "headless"; + services.syncthing.user = lib.mkForce "hana"; } diff --git a/modules/services/syncthing.nix b/modules/services/syncthing.nix index 2316f9f..d27f911 100644 --- a/modules/services/syncthing.nix +++ b/modules/services/syncthing.nix @@ -1,7 +1,7 @@ { config, ... }: let dir = "/persist/shared/.syncthing"; - uid = toString config.users.users.rin.uid; + uid = toString config.services.syncthing.user; gid = toString config.users.groups.users.gid; in { From 72078aad6c6142b84c873ceafbad4a6ea464ede7 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sat, 6 Jun 2026 20:33:19 +1000 Subject: [PATCH 268/301] services/syncthing: listen on all ports for headless --- modules/services/syncthing.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/modules/services/syncthing.nix b/modules/services/syncthing.nix index d27f911..8ec331b 100644 --- a/modules/services/syncthing.nix +++ b/modules/services/syncthing.nix @@ -1,7 +1,8 @@ { config, ... }: let dir = "/persist/shared/.syncthing"; - uid = toString config.services.syncthing.user; + user = if config.me.gui then "rin" else "hana"; + uid = toString config.users.users."${user}".uid; gid = toString config.users.groups.users.gid; in { @@ -13,9 +14,10 @@ in services.syncthing = { enable = true; openDefaultPorts = true; - user = "rin"; + user = user; group = "users"; dataDir = "/persist/shared/.syncthing/data"; configDir = "/persist/shared/.syncthing/config"; + guiAddress = if config.me.gui then "127.0.0.1:8384" else ""; }; } From 1ad05857b7566f15575dd03d09f31da80669744d Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sat, 6 Jun 2026 20:35:10 +1000 Subject: [PATCH 269/301] services/syncthing: setup correct guiAddress --- modules/services/syncthing.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/services/syncthing.nix b/modules/services/syncthing.nix index 8ec331b..db32371 100644 --- a/modules/services/syncthing.nix +++ b/modules/services/syncthing.nix @@ -18,6 +18,6 @@ in group = "users"; dataDir = "/persist/shared/.syncthing/data"; configDir = "/persist/shared/.syncthing/config"; - guiAddress = if config.me.gui then "127.0.0.1:8384" else ""; + guiAddress = if config.me.gui then "127.0.0.1:8384" else ":8384"; }; } From 9a87dc63c3f2cdd80c5918ff61864471e6186cc3 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Fri, 5 Jun 2026 00:12:18 +1000 Subject: [PATCH 270/301] rin/packages: move prism back to shared gui --- users/rin/packages.nix | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/users/rin/packages.nix b/users/rin/packages.nix index 0916865..afc711b 100644 --- a/users/rin/packages.nix +++ b/users/rin/packages.nix @@ -25,12 +25,6 @@ in { krita lutris mangohud - (prismlauncher.override { - jdks = [ - jdk21 - temurin-bin-25 - ]; - }) inputs.nix-gaming.packages.x86_64-linux.osu-lazer-bin qmk tetrio-desktop @@ -54,6 +48,12 @@ in { me.psensor obsidian pavucontrol + (prismlauncher.override { + jdks = [ + jdk21 + temurin-bin-25 + ]; + }) qbittorrent rivalcfg screenkey From 8ca9e393ea1b9d89d49d44d8c2af4bfd4b5aaac0 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Fri, 5 Jun 2026 00:16:15 +1000 Subject: [PATCH 271/301] system/input: swap esc using keyd --- modules/system/input.nix | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/modules/system/input.nix b/modules/system/input.nix index 2ef1eab..44da34b 100644 --- a/modules/system/input.nix +++ b/modules/system/input.nix @@ -6,7 +6,18 @@ "-arinterval 15" ]; }; - xkb.options = "caps:escape"; }; - console.useXkbConfig = true; + services.keyd = { + enable = true; + keyboards = { + default = { + ids = [ "*" ]; + settings = { + main = { + capslock = "overload(control, esc)"; + }; + }; + }; + }; + }; } From 9a6a29831b751dd2a6bb15bf26e6174ebc5ffe8b Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Fri, 5 Jun 2026 00:18:29 +1000 Subject: [PATCH 272/301] system/security: reenable doas persist --- modules/system/security.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/security.nix b/modules/system/security.nix index 3b4e8a7..f1f087b 100644 --- a/modules/system/security.nix +++ b/modules/system/security.nix @@ -49,7 +49,7 @@ { groups = [ "wheel" ]; keepEnv = true; - persist = config.me.environment != "laptop"; + persist = true; } ]; }; From 8a85e25d720376b4e8dc4bcdfcbc39d549ce008e Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Fri, 5 Jun 2026 00:20:29 +1000 Subject: [PATCH 273/301] system/input: don't overload capslock input delay :p --- modules/system/input.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/input.nix b/modules/system/input.nix index 44da34b..67b1a96 100644 --- a/modules/system/input.nix +++ b/modules/system/input.nix @@ -14,7 +14,7 @@ ids = [ "*" ]; settings = { main = { - capslock = "overload(control, esc)"; + capslock = "esc"; }; }; }; From ea17ef30c609d67155a61579a27fac460112feaa Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Fri, 5 Jun 2026 00:22:49 +1000 Subject: [PATCH 274/301] system/input: map esc to capslock --- modules/system/input.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/system/input.nix b/modules/system/input.nix index 67b1a96..a0bf2ff 100644 --- a/modules/system/input.nix +++ b/modules/system/input.nix @@ -15,6 +15,7 @@ settings = { main = { capslock = "esc"; + esc = "capslock"; }; }; }; From 75f9cc9d2bdd32fbcb1e28b7a300d61fc04da2b3 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 10 Jun 2026 15:05:05 +1000 Subject: [PATCH 275/301] system/tailscale: open port 123 on headless --- modules/system/tailscale.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/system/tailscale.nix b/modules/system/tailscale.nix index 02bce52..e7e6e0c 100644 --- a/modules/system/tailscale.nix +++ b/modules/system/tailscale.nix @@ -1,7 +1,9 @@ -{ config, ... }: { +{ config, lib, ... }: { age.secrets.tailscale_auth.file = ../../secrets/tailscale_auth.age; me.binds."/var/lib/tailscale" = "tailscale"; networking.firewall.trustedInterfaces = [ "tailscale0" ]; + networking.firewall.allowedUdpPorts = lib.mkIf config.me.environment == "headless" [ 123 ]; + services.tailscale = { enable = true; authKeyFile = config.age.secrets.tailscale_auth.path; From b705a21478d057b5bcbebd24ac5ffd3652e747c7 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 10 Jun 2026 15:06:38 +1000 Subject: [PATCH 276/301] system/tailscale: fix syntax --- modules/system/tailscale.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/tailscale.nix b/modules/system/tailscale.nix index e7e6e0c..5e3e044 100644 --- a/modules/system/tailscale.nix +++ b/modules/system/tailscale.nix @@ -2,7 +2,7 @@ age.secrets.tailscale_auth.file = ../../secrets/tailscale_auth.age; me.binds."/var/lib/tailscale" = "tailscale"; networking.firewall.trustedInterfaces = [ "tailscale0" ]; - networking.firewall.allowedUdpPorts = lib.mkIf config.me.environment == "headless" [ 123 ]; + networking.firewall.allowedUDPPorts = lib.mkIf (config.me.environment == "headless") [ 123 ]; services.tailscale = { enable = true; From 29909729897e4085370656f6ab19f8d280fafbbf Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 10 Jun 2026 16:01:23 +1000 Subject: [PATCH 277/301] user/git: set default branch name --- modules/user/git.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/user/git.nix b/modules/user/git.nix index 6c21f20..ca2762e 100644 --- a/modules/user/git.nix +++ b/modules/user/git.nix @@ -10,6 +10,7 @@ user.email = "mini@cilly.moe"; core.abbrev = 11; safe.directory = "/home/rin/Projects/flakes"; + init.defaultBranch = "master"; }; }; } From 37f271bed8d08dc44b47620d47f5142e4f81202e Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 10 Jun 2026 16:05:24 +1000 Subject: [PATCH 278/301] containers/citrine: enable push to create --- containers/citrine/configuration.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/containers/citrine/configuration.nix b/containers/citrine/configuration.nix index 392062c..0f4242a 100644 --- a/containers/citrine/configuration.nix +++ b/containers/citrine/configuration.nix @@ -34,6 +34,8 @@ }; api.ENABLE_SWAGGER = false; other.SHOW_FOOTER_TEMPLATE_LOAD_TIME = false; + repository.ENABLE_PUSH_CREATE_USER = true; + repository.ENABLE_PUSH_CREATE_ORG = true; service.DISABLE_REGISTRATION = true; }; stateDir = "/persist/forgejo"; From 6fc74bd778317c578b8c7532056dfcd469514475 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Tue, 9 Jun 2026 18:15:04 +1000 Subject: [PATCH 279/301] hosts/hyacinth: add docker --- hosts/hyacinth/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/hyacinth/default.nix b/hosts/hyacinth/default.nix index c307ce8..a32d4bd 100644 --- a/hosts/hyacinth/default.nix +++ b/hosts/hyacinth/default.nix @@ -18,6 +18,7 @@ bluetooth ccache corectrl + docker flatpak greetd gui From e98a71cd1ed09eb93a39e5cb1be797b620a4f9aa Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sat, 13 Jun 2026 22:12:32 +1000 Subject: [PATCH 280/301] containers/garnet: config nginx to avoid errors --- containers/garnet/flake.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/containers/garnet/flake.nix b/containers/garnet/flake.nix index 93c3304..df835a4 100644 --- a/containers/garnet/flake.nix +++ b/containers/garnet/flake.nix @@ -41,6 +41,13 @@ proxyPass = "http://${client4}:9200"; proxyWebsockets = true; }; + extraConfig = '' + proxy_read_timeout 3600s; + proxy_send_timeout 3600s; + keepalive_requests 100000; + keepalive_timeout 5m; + http2_max_concurrent_streams 512; + ''; # TODO: hardcoded address listenAddresses = [ "100.67.2.1" ]; }; From 2a9e8e6c0372c1eacb9fd91a062acd9c657be694 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sat, 13 Jun 2026 23:44:29 +1000 Subject: [PATCH 281/301] containers/garnet: extend token expiration --- containers/garnet/configuration.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/containers/garnet/configuration.nix b/containers/garnet/configuration.nix index ff514e8..21400c5 100644 --- a/containers/garnet/configuration.nix +++ b/containers/garnet/configuration.nix @@ -28,6 +28,8 @@ port = 9200; environment = { PROXY_TLS = "false"; + IDP_ACCESS_TOKEN_EXPIRATION = "2592000"; + IDP_ID_TOKEN_EXPIRATION = "2592000"; }; environmentFile = "/etc/opencloud-admin-pass"; }; From 402c847f3cd7f457e7946b4b3431a71a47963828 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 14 Jun 2026 20:32:32 +1000 Subject: [PATCH 282/301] dandelion/filesystem: reduce rootfs from 12G to 6G --- hosts/dandelion/filesystem.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/dandelion/filesystem.nix b/hosts/dandelion/filesystem.nix index 4dd6a55..861bc15 100644 --- a/hosts/dandelion/filesystem.nix +++ b/hosts/dandelion/filesystem.nix @@ -22,7 +22,7 @@ in { "/" = { device = "rootfs"; fsType = "tmpfs"; - options = [ "defaults" "size=12G" "mode=755" ]; + options = [ "defaults" "size=6G" "mode=755" ]; }; "/boot" = mkLabelMount "UEFI" "vfat"; From d1a8e7222f0dd930f945a4f101cd885ce6001357 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 17 Jun 2026 18:11:09 +1000 Subject: [PATCH 283/301] alyssum/samba: init --- hosts/alyssum/default.nix | 1 + hosts/alyssum/samba.nix | 81 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 82 insertions(+) create mode 100644 hosts/alyssum/samba.nix diff --git a/hosts/alyssum/default.nix b/hosts/alyssum/default.nix index 3eb7289..d471011 100644 --- a/hosts/alyssum/default.nix +++ b/hosts/alyssum/default.nix @@ -31,6 +31,7 @@ ./filesystem.nix ./kernel.nix ./networking.nix + ./samba.nix ../../users/hana ]; diff --git a/hosts/alyssum/samba.nix b/hosts/alyssum/samba.nix new file mode 100644 index 0000000..9e957e9 --- /dev/null +++ b/hosts/alyssum/samba.nix @@ -0,0 +1,81 @@ +{ config, ... }: { + networking.firewall.allowPing = true; + + users.users.cilly = { + hashedPasswordFile = config.age.secrets.passwd.path; + isNormalUser = true; + }; + users.users.kujira = { + hashedPasswordFile = config.age.secrets.passwd.path; + isNormalUser = true; + }; + system.activationScripts = { + init_smbpasswd.text = '' + /run/current-system/sw/bin/printf "$(/run/current-system/sw/bin/cat ${config.age.secrets.passwd.path})\n$(/run/current-system/sw/bin/cat ${config.age.secrets.passwd.path})\n" | /run/current-system/sw/bin/smbpasswd -sa cilly + + /run/current-system/sw/bin/printf "$(/run/current-system/sw/bin/cat ${config.age.secrets.passwd_kujira.path})\n$(/run/current-system/sw/bin/cat ${config.age.secrets.passwd_kujira.path})\n" | /run/current-system/sw/bin/smbpasswd -sa kujira + ''; + }; + + services.samba = { + enable = true; + openFirewall = true; + settings = { + global = { + "workgroup" = "WORKGROUP"; + "server string" = "smbnix"; + "netbios name" = "smbnix"; + "security" = "user"; + "hosts allow" = "100.67.2.1 127.0.0.1 localhost"; + "hosts deny" = "0.0.0.0/0"; + "guest account" = "nobody"; + "map to guest" = "bad user"; + }; + "public" = { + "path" = "/flower/smb/public"; + "browseable" = "yes"; + "read only" = "no"; + "guest ok" = "yes"; + "create mask" = "0644"; + "directory mask" = "0755"; + "force user" = "hana"; + "force group" = "users"; + }; + "cilly" = { + "path" = "/flower/smb/cilly"; + "browseable" = "yes"; + "read only" = "no"; + "guest ok" = "no"; + "create mask" = "0644"; + "directory mask" = "0755"; + "force user" = "cilly"; + "force group" = "users"; + "valid users" = "cilly"; + }; + "kujira" = { + "path" = "/flower/smb/kujira"; + "browseable" = "yes"; + "read only" = "no"; + "guest ok" = "no"; + "create mask" = "0644"; + "directory mask" = "0755"; + "force user" = "kujira"; + "force group" = "users"; + "valid users" = "kujira"; + }; + }; + }; + + services.samba-wsdd = { + enable = true; + openFirewall = true; + }; + + services.avahi = { + enable = true; + openFirewall = true; + nssmdns4 = true; + publish.enable = true; + publish.userServices = true; + }; +} From 4f8249b780b00add8a8a8d22543a54229faa696d Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 17 Jun 2026 18:16:21 +1000 Subject: [PATCH 284/301] alyssum/samba: use proper credentials --- hosts/alyssum/samba.nix | 7 +++++-- secrets.nix | 2 ++ secrets/passwd_smbcilly.age | 7 +++++++ secrets/passwd_smbkujira.age | 7 +++++++ 4 files changed, 21 insertions(+), 2 deletions(-) create mode 100644 secrets/passwd_smbcilly.age create mode 100644 secrets/passwd_smbkujira.age diff --git a/hosts/alyssum/samba.nix b/hosts/alyssum/samba.nix index 9e957e9..6be8e09 100644 --- a/hosts/alyssum/samba.nix +++ b/hosts/alyssum/samba.nix @@ -1,6 +1,9 @@ { config, ... }: { networking.firewall.allowPing = true; + age.secrets.passwd_smbcilly.file = ../../secrets/passwd_smbcilly.age; + age.secrets.passwd_smbkujira.file = ../../secrets/passwd_smbkujira.age; + users.users.cilly = { hashedPasswordFile = config.age.secrets.passwd.path; isNormalUser = true; @@ -11,9 +14,9 @@ }; system.activationScripts = { init_smbpasswd.text = '' - /run/current-system/sw/bin/printf "$(/run/current-system/sw/bin/cat ${config.age.secrets.passwd.path})\n$(/run/current-system/sw/bin/cat ${config.age.secrets.passwd.path})\n" | /run/current-system/sw/bin/smbpasswd -sa cilly + /run/current-system/sw/bin/printf "$(/run/current-system/sw/bin/cat ${config.age.secrets.passwd_smbcilly.path})\n$(/run/current-system/sw/bin/cat ${config.age.secrets.passwd_smbcilly.path})\n" | /run/current-system/sw/bin/smbpasswd -sa cilly - /run/current-system/sw/bin/printf "$(/run/current-system/sw/bin/cat ${config.age.secrets.passwd_kujira.path})\n$(/run/current-system/sw/bin/cat ${config.age.secrets.passwd_kujira.path})\n" | /run/current-system/sw/bin/smbpasswd -sa kujira + /run/current-system/sw/bin/printf "$(/run/current-system/sw/bin/cat ${config.age.secrets.passwd_smbkujira.path})\n$(/run/current-system/sw/bin/cat ${config.age.secrets.passwd_smbkujira.path})\n" | /run/current-system/sw/bin/smbpasswd -sa kujira ''; }; diff --git a/secrets.nix b/secrets.nix index d2dbc82..ec20648 100644 --- a/secrets.nix +++ b/secrets.nix @@ -8,6 +8,8 @@ let rin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPru5eTBvHJ4ZmrrzPRHCGM09wQP/ZHSaKYalDuBVO15"; in { "secrets/passwd.age".publicKeys = [ anemone blossom rin ]; + "secrets/passwd_smbcilly.age".publicKeys = [ alyssum rin ]; + "secrets/passwd_smbkujira.age".publicKeys = [ alyssum rin ]; "secrets/wpa_conf.age".publicKeys = [ alyssum blossom rin ]; "secrets/acme_dns.age".publicKeys = [ alyssum dandelion hazel rin ]; diff --git a/secrets/passwd_smbcilly.age b/secrets/passwd_smbcilly.age new file mode 100644 index 0000000..41ad172 --- /dev/null +++ b/secrets/passwd_smbcilly.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 kOMSPw CQaXT9/nw3NGD2/H/ctSQGXIoacgjfKQ24wkpEieLSQ +i4xEXgWGQ7xgQyaDQQIeDuiCLjA6Le23qSnv8C1cbcI +-> ssh-ed25519 U9FXlg GL4dCSCku/FA6ipb9XI1AxO4lhm2r/1lRAeqaGrB32o ++pPgqwnoPi3wJLobTimVMj0rng+XRapRG6jTYFXSsDM +--- eVgn3ON19pqq+L832bqlbkHUQXdaTI+LfSL4bYfEdew +*l\W!J7E/"f@%\[j8fӶ \ No newline at end of file diff --git a/secrets/passwd_smbkujira.age b/secrets/passwd_smbkujira.age new file mode 100644 index 0000000..71b6bb8 --- /dev/null +++ b/secrets/passwd_smbkujira.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 kOMSPw Kn+LPMoyOrVwI/nrGgnxgVA3D+tVY9Tccg/Yx/jL+E8 +IfWiSBh7KgNvgcHlcDzfdcB9nxm1zy12Ae7AGm39fdE +-> ssh-ed25519 U9FXlg 6eIIGEIYDo02FBsgBnwbuOeR8t4xB6jSmLfIL73UCDg +QOc0ddunQQcVEVD20DKKpn3wZWUSveFJSUTBnv+xnNk +--- MjN2i0FNzbUpBGUDNgWGXrRsYl2gtsQX+JlzZV/fYdw +T <R#d Ć̎lLkN8c_N)T \ No newline at end of file From c782bd5e5398534f81214e3bced2aa73e08e10b6 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 17 Jun 2026 18:23:10 +1000 Subject: [PATCH 285/301] hosts/alyssum: add passwd age --- hosts/alyssum/default.nix | 1 + secrets.nix | 2 +- secrets/passwd.age | Bin 531 -> 641 bytes 3 files changed, 2 insertions(+), 1 deletion(-) diff --git a/hosts/alyssum/default.nix b/hosts/alyssum/default.nix index d471011..a2eb166 100644 --- a/hosts/alyssum/default.nix +++ b/hosts/alyssum/default.nix @@ -5,6 +5,7 @@ age.secrets = { acme_dns.file = ../../secrets/acme_dns.age; + passwd.file = ../../secrets/passwd.age; wpa_conf = { file = ../../secrets/wpa_conf.age; path = "/etc/wpa_supplicant/imperative.conf"; diff --git a/secrets.nix b/secrets.nix index ec20648..bec70ef 100644 --- a/secrets.nix +++ b/secrets.nix @@ -7,7 +7,7 @@ let rin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPru5eTBvHJ4ZmrrzPRHCGM09wQP/ZHSaKYalDuBVO15"; in { - "secrets/passwd.age".publicKeys = [ anemone blossom rin ]; + "secrets/passwd.age".publicKeys = [ alyssum anemone blossom rin ]; "secrets/passwd_smbcilly.age".publicKeys = [ alyssum rin ]; "secrets/passwd_smbkujira.age".publicKeys = [ alyssum rin ]; "secrets/wpa_conf.age".publicKeys = [ alyssum blossom rin ]; diff --git a/secrets/passwd.age b/secrets/passwd.age index 64ec8611ddf1a1d3f837caf32b53d5843f7b6e07..05ad90670240bfe01391eb8392cd02ad35d1c5bd 100644 GIT binary patch delta 596 zcmbQt(#SeNwLaV5H#neNp(s2%!q_7?$j7C~J=oCKE5oy-BsrwWr64rBz`L|8y{an9 zBFsIqJm0{8D>c(3I5)q`JxHv;MHO0u()X-8PKch0Z#8DyB*uU7sB+Dr%qdv>Az{ywJ$H~awsl?ATEYZ}- zBq+}^uh=leG%DSrIIEm1IU~@_EZfLm-?Yp-P~XEi)LTEepwcm{(l;|J)vYQZF*m9x zwA9fk-OUx93pU|@G%n*z02+xqv4C6e*?2M97@1TsTVAr(597AoN#E=5_%7_xz zi66!5J)J#+EP_p{d>vCFGLt>bjXbKnQd0xd($cd0LNdyNU9#PiEz`1tyaNNda*B*A zTrb|^HnZYzWY=cufpN-;@7gMf=O#Hn1hI;KPb=lf^lIPl6HZS=2L%5*v`cv-> YJkH)xEW9(@zeyiIH`!pOX{Em>0JK!tjsO4v delta 466 zcmZok^FqSVba!Z-*7L(g6wo-1M{@Z+(1XJlyqb7 zC~r^0#MI365OWKE9}mkM^YUg2CC+YMPLZVn zmM&3=UdH9x#W}ui8Low<-e!R*kxo&L1}Q$;fx(uhk3$ZDUR4EYCYcqMr3R5)y1Kdweg%1!i558-K1JHW+FmBw<%#8y zegP(CCdr9;CN6%V`N`(>N#@}Jt|g%+To*((7~f_+q00A8b`fLhp}Xt*if!Dl#T{c2 zE_hU5lHW2pfMsudL!P8U<-)y>#9xJKr5oAp;QEw$;d8I0!J~UpO?>m(ioP9UQxcqb zdDVFa?#j+-DXlZDYLD)8&D4Iu%zD>h!HX%(zs|p!7N2uW{HitM>x2#5(|Mgg3b4ye MK7Ppl$Cj<;0P3%*4gdfE From 509684d0bd094bd96fcef03ceacba6be33446a63 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 17 Jun 2026 18:28:39 +1000 Subject: [PATCH 286/301] alyssum/samba: use proper smbpasswd path --- hosts/alyssum/samba.nix | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/hosts/alyssum/samba.nix b/hosts/alyssum/samba.nix index 6be8e09..ba89a00 100644 --- a/hosts/alyssum/samba.nix +++ b/hosts/alyssum/samba.nix @@ -13,10 +13,12 @@ isNormalUser = true; }; system.activationScripts = { - init_smbpasswd.text = '' - /run/current-system/sw/bin/printf "$(/run/current-system/sw/bin/cat ${config.age.secrets.passwd_smbcilly.path})\n$(/run/current-system/sw/bin/cat ${config.age.secrets.passwd_smbcilly.path})\n" | /run/current-system/sw/bin/smbpasswd -sa cilly + init_smbpasswd.text = let + smbpasswd = "${config.services.samba.package}/bin/smbpasswd"; + in '' + printf "$(cat ${config.age.secrets.passwd_smbcilly.path})\n$(cat ${config.age.secrets.passwd_smbcilly.path})\n" | ${smbpasswd} -sa cilly - /run/current-system/sw/bin/printf "$(/run/current-system/sw/bin/cat ${config.age.secrets.passwd_smbkujira.path})\n$(/run/current-system/sw/bin/cat ${config.age.secrets.passwd_smbkujira.path})\n" | /run/current-system/sw/bin/smbpasswd -sa kujira + printf "$(cat ${config.age.secrets.passwd_smbkujira.path})\n$(cat ${config.age.secrets.passwd_smbkujira.path})\n" | ${smbpasswd} -sa kujira ''; }; From 4bb20124a791bdce70acdd4bdcfe1a2eb4acacb6 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 17 Jun 2026 18:34:34 +1000 Subject: [PATCH 287/301] alyssum/samba: use full package for discovery --- hosts/alyssum/samba.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/hosts/alyssum/samba.nix b/hosts/alyssum/samba.nix index ba89a00..708286a 100644 --- a/hosts/alyssum/samba.nix +++ b/hosts/alyssum/samba.nix @@ -1,4 +1,4 @@ -{ config, ... }: { +{ config, pkgs, ... }: { networking.firewall.allowPing = true; age.secrets.passwd_smbcilly.file = ../../secrets/passwd_smbcilly.age; @@ -24,9 +24,11 @@ services.samba = { enable = true; + package = pkgs.samba4Full; openFirewall = true; settings = { global = { + "server smb encrypt" = "required"; "workgroup" = "WORKGROUP"; "server string" = "smbnix"; "netbios name" = "smbnix"; From 024a6bdbe2f56232d63c2f62b20bf509b65f7fb0 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 17 Jun 2026 18:47:15 +1000 Subject: [PATCH 288/301] alyssum/samba: relax hosts --- hosts/alyssum/samba.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/alyssum/samba.nix b/hosts/alyssum/samba.nix index 708286a..1a32e38 100644 --- a/hosts/alyssum/samba.nix +++ b/hosts/alyssum/samba.nix @@ -33,7 +33,7 @@ "server string" = "smbnix"; "netbios name" = "smbnix"; "security" = "user"; - "hosts allow" = "100.67.2.1 127.0.0.1 localhost"; + "hosts allow" = "100.64.0.0/10 127.0.0.1 alyssum localhost"; "hosts deny" = "0.0.0.0/0"; "guest account" = "nobody"; "map to guest" = "bad user"; From 8157d0d5617bb0780f46c3e0aa1c97e8c9447488 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 17 Jun 2026 19:49:10 +1000 Subject: [PATCH 289/301] alyssum/home.syncthing: init --- hosts/alyssum/default.nix | 1 + hosts/alyssum/home.syncthing.nix | 16 ++++++++++++++++ 2 files changed, 17 insertions(+) create mode 100644 hosts/alyssum/home.syncthing.nix diff --git a/hosts/alyssum/default.nix b/hosts/alyssum/default.nix index a2eb166..661e3d5 100644 --- a/hosts/alyssum/default.nix +++ b/hosts/alyssum/default.nix @@ -32,6 +32,7 @@ ./filesystem.nix ./kernel.nix ./networking.nix + ./home.syncthing.nix ./samba.nix ../../users/hana diff --git a/hosts/alyssum/home.syncthing.nix b/hosts/alyssum/home.syncthing.nix new file mode 100644 index 0000000..3335625 --- /dev/null +++ b/hosts/alyssum/home.syncthing.nix @@ -0,0 +1,16 @@ +{ config, ... }: { + me.binds."/home/kujira/.config/syncthing" = "kujira/syncthing/config"; + me.binds."/home/kujira/.local/state/syncthing" = "kujira/syncthing/state"; + + users.users.kujira = { + hashedPasswordFile = config.age.secrets.passwd.path; + isNormalUser = true; + linger = true; + }; + home-manager.users.kujira = { ... }: { + services.syncthing = { + enable = true; + guiAddress = ":8385"; + }; + }; +} From 9a821fda94f380a741a25e77760571a6aa77761f Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 17 Jun 2026 19:50:02 +1000 Subject: [PATCH 290/301] alyssum/home.syncthing: fixup hm config --- hosts/alyssum/home.syncthing.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/hosts/alyssum/home.syncthing.nix b/hosts/alyssum/home.syncthing.nix index 3335625..5895716 100644 --- a/hosts/alyssum/home.syncthing.nix +++ b/hosts/alyssum/home.syncthing.nix @@ -8,6 +8,11 @@ linger = true; }; home-manager.users.kujira = { ... }: { + home = { + username = "kujira"; + homeDirectory = "/home/kujira"; + stateVersion = "26.05"; + }; services.syncthing = { enable = true; guiAddress = ":8385"; From 63d9d6b0044edd9a520aedbe1ab25dc9e9ec0b2e Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 17 Jun 2026 19:58:03 +1000 Subject: [PATCH 291/301] alyssum/home.syncthing: add host to gui address --- hosts/alyssum/home.syncthing.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/alyssum/home.syncthing.nix b/hosts/alyssum/home.syncthing.nix index 5895716..929436b 100644 --- a/hosts/alyssum/home.syncthing.nix +++ b/hosts/alyssum/home.syncthing.nix @@ -15,7 +15,7 @@ }; services.syncthing = { enable = true; - guiAddress = ":8385"; + guiAddress = "[::]:8385"; }; }; } From bc3269a814934ccd8dfa95462735125cdc5d5762 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 17 Jun 2026 20:29:22 +1000 Subject: [PATCH 292/301] alyssum/home.syncthing: create another instance --- hosts/alyssum/home.syncthing.nix | 40 ++++++++++++++++++-------------- 1 file changed, 23 insertions(+), 17 deletions(-) diff --git a/hosts/alyssum/home.syncthing.nix b/hosts/alyssum/home.syncthing.nix index 929436b..1e20f97 100644 --- a/hosts/alyssum/home.syncthing.nix +++ b/hosts/alyssum/home.syncthing.nix @@ -1,21 +1,27 @@ -{ config, ... }: { - me.binds."/home/kujira/.config/syncthing" = "kujira/syncthing/config"; - me.binds."/home/kujira/.local/state/syncthing" = "kujira/syncthing/state"; +{ config, lib, ... }: +let + configOn = user: port: { + me.binds."/home/${user}/.config/syncthing" = "${user}/syncthing/config"; + me.binds."/home/${user}/.local/state/syncthing" = "${user}/syncthing/state"; - users.users.kujira = { - hashedPasswordFile = config.age.secrets.passwd.path; - isNormalUser = true; - linger = true; - }; - home-manager.users.kujira = { ... }: { - home = { - username = "kujira"; - homeDirectory = "/home/kujira"; - stateVersion = "26.05"; + users.users.${user} = { + hashedPasswordFile = config.age.secrets.passwd.path; + isNormalUser = true; + linger = true; }; - services.syncthing = { - enable = true; - guiAddress = "[::]:8385"; + home-manager.users.${user} = { ... }: { + home = { + username = "${user}"; + homeDirectory = "/home/${user}"; + stateVersion = "26.05"; + }; + services.syncthing = { + enable = true; + guiAddress = "[::]:${toString port}"; + }; }; }; -} +in lib.mkMerge [ + (configOn "kujira" 8385) + (configOn "cilly" 8386) +] From 5c13051b4b291967d070e3d41dae2801bab17819 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 17 Jun 2026 21:05:38 +1000 Subject: [PATCH 293/301] alyssum/samba: bind some directories --- hosts/alyssum/samba.nix | 159 +++++++++++++++++++--------------------- modules/binds.nix | 8 +- 2 files changed, 83 insertions(+), 84 deletions(-) diff --git a/hosts/alyssum/samba.nix b/hosts/alyssum/samba.nix index 1a32e38..f14365b 100644 --- a/hosts/alyssum/samba.nix +++ b/hosts/alyssum/samba.nix @@ -1,88 +1,83 @@ -{ config, pkgs, ... }: { - networking.firewall.allowPing = true; +{ config, lib, pkgs, ... }: +let + configOn = user: let + passwd_fname = "passwd_smb${user}"; + in { + age.secrets.${passwd_fname}.file = ../../secrets/${passwd_fname}.age; + me.binds."/flower/smb/${user}/syncthing" = "/flower/syncthing/${user}"; - age.secrets.passwd_smbcilly.file = ../../secrets/passwd_smbcilly.age; - age.secrets.passwd_smbkujira.file = ../../secrets/passwd_smbkujira.age; + users.users.${user} = { + hashedPasswordFile = config.age.secrets.passwd.path; + isNormalUser = true; + }; - users.users.cilly = { - hashedPasswordFile = config.age.secrets.passwd.path; - isNormalUser = true; - }; - users.users.kujira = { - hashedPasswordFile = config.age.secrets.passwd.path; - isNormalUser = true; - }; - system.activationScripts = { - init_smbpasswd.text = let - smbpasswd = "${config.services.samba.package}/bin/smbpasswd"; - in '' - printf "$(cat ${config.age.secrets.passwd_smbcilly.path})\n$(cat ${config.age.secrets.passwd_smbcilly.path})\n" | ${smbpasswd} -sa cilly - - printf "$(cat ${config.age.secrets.passwd_smbkujira.path})\n$(cat ${config.age.secrets.passwd_smbkujira.path})\n" | ${smbpasswd} -sa kujira - ''; - }; - - services.samba = { - enable = true; - package = pkgs.samba4Full; - openFirewall = true; - settings = { - global = { - "server smb encrypt" = "required"; - "workgroup" = "WORKGROUP"; - "server string" = "smbnix"; - "netbios name" = "smbnix"; - "security" = "user"; - "hosts allow" = "100.64.0.0/10 127.0.0.1 alyssum localhost"; - "hosts deny" = "0.0.0.0/0"; - "guest account" = "nobody"; - "map to guest" = "bad user"; - }; - "public" = { - "path" = "/flower/smb/public"; - "browseable" = "yes"; - "read only" = "no"; - "guest ok" = "yes"; - "create mask" = "0644"; - "directory mask" = "0755"; - "force user" = "hana"; - "force group" = "users"; - }; - "cilly" = { - "path" = "/flower/smb/cilly"; - "browseable" = "yes"; - "read only" = "no"; - "guest ok" = "no"; - "create mask" = "0644"; - "directory mask" = "0755"; - "force user" = "cilly"; - "force group" = "users"; - "valid users" = "cilly"; - }; - "kujira" = { - "path" = "/flower/smb/kujira"; - "browseable" = "yes"; - "read only" = "no"; - "guest ok" = "no"; - "create mask" = "0644"; - "directory mask" = "0755"; - "force user" = "kujira"; - "force group" = "users"; - "valid users" = "kujira"; - }; + system.activationScripts = { + init_smbpasswd.text = let + smbpasswd = "${config.services.samba.package}/bin/smbpasswd"; + in '' + printf "$(cat ${config.age.secrets.${passwd_fname}.path})\n$(cat ${config.age.secrets.${passwd_fname}.path})\n" | ${smbpasswd} -sa ${user} + ''; + }; + services.samba.settings."${user}" = { + "path" = "/flower/smb/${user}"; + "browseable" = "yes"; + "read only" = "no"; + "guest ok" = "no"; + "create mask" = "0644"; + "directory mask" = "0755"; + "force user" = user; + "force group" = "users"; + "valid users" = user; }; }; +in lib.mkMerge [ + (configOn "cilly") + (configOn "kujira") + { + me.binds."/flower/smb/kujira/opencloud" = "/flower/opencloud/data/storage/users/users/a8e29fc0-673c-4c67-be00-2442904acb43"; - services.samba-wsdd = { - enable = true; - openFirewall = true; - }; + networking.firewall.allowPing = true; - services.avahi = { - enable = true; - openFirewall = true; - nssmdns4 = true; - publish.enable = true; - publish.userServices = true; - }; -} + services.samba = { + enable = true; + package = pkgs.samba4Full; + openFirewall = true; + settings = { + global = { + "server smb encrypt" = "required"; + "workgroup" = "WORKGROUP"; + "server string" = "smbnix"; + "netbios name" = "smbnix"; + "security" = "user"; + "hosts allow" = "100.64.0.0/10 127.0.0.1 alyssum localhost"; + "hosts deny" = "0.0.0.0/0"; + "guest account" = "nobody"; + "map to guest" = "bad user"; + }; + "public" = { + "path" = "/flower/smb/public"; + "browseable" = "yes"; + "read only" = "no"; + "guest ok" = "yes"; + "create mask" = "0644"; + "directory mask" = "0755"; + "force user" = "hana"; + "force group" = "users"; + }; + }; + }; + + services.samba-wsdd = { + enable = true; + openFirewall = true; + }; + + services.avahi = { + enable = true; + openFirewall = true; + nssmdns4 = true; + publish.enable = true; + publish.userServices = true; + }; + } +] diff --git a/modules/binds.nix b/modules/binds.nix index 9c7d4ad..c9ffe18 100644 --- a/modules/binds.nix +++ b/modules/binds.nix @@ -1,8 +1,12 @@ { config, lib, ...}: { imports = [ ./options.nix ]; - fileSystems = lib.mapAttrs (dest: key: { + fileSystems = lib.mapAttrs (dest: key: let + target = if (lib.strings.hasPrefix "/" key) + then key + else "/persist/binds/${key}"; + in { depends = [ "/persist" ]; - device = "/persist/binds/${key}"; + device = target; fsType = "none"; options = [ "bind" ]; }) config.me.binds; From 907f2cabcadb6223c28fc6960b542f60bbadc860 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 17 Jun 2026 21:14:47 +1000 Subject: [PATCH 294/301] alyssum/home.syncthing: set proper defaults --- hosts/alyssum/home.syncthing.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/hosts/alyssum/home.syncthing.nix b/hosts/alyssum/home.syncthing.nix index 1e20f97..33545fe 100644 --- a/hosts/alyssum/home.syncthing.nix +++ b/hosts/alyssum/home.syncthing.nix @@ -4,6 +4,8 @@ let me.binds."/home/${user}/.config/syncthing" = "${user}/syncthing/config"; me.binds."/home/${user}/.local/state/syncthing" = "${user}/syncthing/state"; + systemd.tmpfiles.rules = [ "d /flower/syncthing/${user} 700 ${user} users" ]; + users.users.${user} = { hashedPasswordFile = config.age.secrets.passwd.path; isNormalUser = true; @@ -18,6 +20,12 @@ let services.syncthing = { enable = true; guiAddress = "[::]:${toString port}"; + options.listenAddresses = [ + "tcp://0.0.0.0:2${toString port}" + "quic://0.0.0.0:2${toString port}" + "dynamic+https://relays.syncthing.net/endpoint" + ]; + settings.defaults.folder.path = "/flower/syncthing/${user}"; }; }; }; From 6c80606b7ea743fca6ec146ab30cfb378d395d09 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 17 Jun 2026 21:15:22 +1000 Subject: [PATCH 295/301] alyssum/home.syncthing: fixup conf --- hosts/alyssum/home.syncthing.nix | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/hosts/alyssum/home.syncthing.nix b/hosts/alyssum/home.syncthing.nix index 33545fe..4408fb7 100644 --- a/hosts/alyssum/home.syncthing.nix +++ b/hosts/alyssum/home.syncthing.nix @@ -20,12 +20,14 @@ let services.syncthing = { enable = true; guiAddress = "[::]:${toString port}"; - options.listenAddresses = [ - "tcp://0.0.0.0:2${toString port}" - "quic://0.0.0.0:2${toString port}" - "dynamic+https://relays.syncthing.net/endpoint" - ]; - settings.defaults.folder.path = "/flower/syncthing/${user}"; + settings = { + options.listenAddresses = [ + "tcp://0.0.0.0:2${toString port}" + "quic://0.0.0.0:2${toString port}" + "dynamic+https://relays.syncthing.net/endpoint" + ]; + defaults.folder.path = "/flower/syncthing/${user}"; + }; }; }; }; From 21dc584199e72285d0ec07083f604b439aa41b34 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 17 Jun 2026 21:22:03 +1000 Subject: [PATCH 296/301] alyssum/home.syncthing: don't override devices and folders --- hosts/alyssum/home.syncthing.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/alyssum/home.syncthing.nix b/hosts/alyssum/home.syncthing.nix index 4408fb7..8d5a1cc 100644 --- a/hosts/alyssum/home.syncthing.nix +++ b/hosts/alyssum/home.syncthing.nix @@ -20,6 +20,8 @@ let services.syncthing = { enable = true; guiAddress = "[::]:${toString port}"; + overrideDevices = false; + overrideFolders = false; settings = { options.listenAddresses = [ "tcp://0.0.0.0:2${toString port}" From 4dfc89814003566d4fb55dbd84b29c4427b254b0 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Fri, 19 Jun 2026 07:36:13 +1000 Subject: [PATCH 297/301] user/neovim: switch to nixd --- modules/system/nix.nix | 3 ++- modules/user/neovim.nix | 7 ++++--- res/config.lua | 28 +++++++++++++++++++++++++++- users/rin/packages.nix | 1 - 4 files changed, 33 insertions(+), 6 deletions(-) diff --git a/modules/system/nix.nix b/modules/system/nix.nix index 6a6fd04..eb14f73 100644 --- a/modules/system/nix.nix +++ b/modules/system/nix.nix @@ -1,5 +1,6 @@ -{ config, lib, pkgs, ... }: { +{ config, inputs, pkgs, ... }: { nix = { + nixPath = [ "nixpkgs=${inputs.nixpkgs}" ]; package = pkgs.nixVersions.latest; settings = rec { diff --git a/modules/user/neovim.nix b/modules/user/neovim.nix index d691c61..2b8d4c1 100644 --- a/modules/user/neovim.nix +++ b/modules/user/neovim.nix @@ -1,9 +1,9 @@ -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, sysConfig, ... }: let luaconf = pkgs.writeText "config.lua" (lib.replaceStrings - ["{{OMNISHARP_PATH}}" "{{DART_PATH}}" "{{CATPPUCCIN_FLAVOUR}}"] - ["${pkgs.omnisharp-roslyn}/bin/OmniSharp" "${pkgs.dart}/bin/dart" config.catppuccin.nvim.flavor] + ["{{OMNISHARP_PATH}}" "{{DART_PATH}}" "{{CATPPUCCIN_FLAVOUR}}" "{{USERNAME}}" "{{HOSTNAME}}"] + ["${pkgs.omnisharp-roslyn}/bin/OmniSharp" "${pkgs.dart}/bin/dart" config.catppuccin.nvim.flavor config.home.username sysConfig.networking.hostName] (builtins.readFile ../../res/config.lua)); in { systemd.user.tmpfiles.rules = [ @@ -21,6 +21,7 @@ in { withRuby = false; extraPackages = with pkgs; [ + nixd rust-analyzer texlab astro-language-server diff --git a/res/config.lua b/res/config.lua index 3e91e28..c0b5dad 100644 --- a/res/config.lua +++ b/res/config.lua @@ -167,7 +167,7 @@ vim.diagnostic.config({ capabilities = require('cmp_nvim_lsp').default_capabilities(capabilities) -local servers = { 'astro', 'clangd', 'cssls', 'html', 'nil_ls', 'tailwindcss', 'texlab', 'ts_ls', 'yamlls' } +local servers = { 'astro', 'clangd', 'cssls', 'html', 'tailwindcss', 'texlab', 'ts_ls', 'yamlls' } for _, lsp in ipairs(servers) do vim.lsp.config(lsp, { capabilities = capabilities, @@ -292,6 +292,32 @@ vim.lsp.config("diagnosticls", { }) vim.lsp.enable("diagnosticls") +-- LSP/nixd +vim.lsp.config("nixd", { + cmd = { "nixd" }, + filetypes = { "nix" }, + root_markers = { "flake.nix", ".git" }, + settings = { + nixd = { + nixpkgs = { + expr = "import { }", + }, + formatting = { + command = { "nixfmt" }, + }, + options = { + nixos = { + expr = '(builtins.getFlake (toString ./.)).nixosConfigurations.{{HOSTNAME}}.options', + }, + home_manager = { + expr = '(builtins.getFlake (builtins.toString ./.)).nixosConfigurations."{{USERNAME}}@{{HOSTNAME}}".options.home-manager.users.type.getSubOptions []', + }, + }, + }, + }, +}) +vim.lsp.enable("nixd") + -- LSP/Signatures require("lsp_signature").setup { hint_enable = false, diff --git a/users/rin/packages.nix b/users/rin/packages.nix index afc711b..3fe0129 100644 --- a/users/rin/packages.nix +++ b/users/rin/packages.nix @@ -15,7 +15,6 @@ in { ffmpeg gnupg kitty - nil nodejs_latest pamixer pnpm From e1c02d7a91eb1b6c4c25c243fcc861de6611ce39 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Fri, 19 Jun 2026 08:01:17 +1000 Subject: [PATCH 298/301] containers/emerald: move to alyssum --- containers/emerald/flake.nix | 12 +++--------- hosts/alyssum/default.nix | 2 ++ hosts/dandelion/default.nix | 3 +-- hosts/dandelion/nginx.nix | 8 ++++++++ secrets.nix | 2 +- secrets/navidrome_env.age | Bin 630 -> 630 bytes 6 files changed, 15 insertions(+), 12 deletions(-) create mode 100644 hosts/dandelion/nginx.nix diff --git a/containers/emerald/flake.nix b/containers/emerald/flake.nix index 9c9acdc..7e79b23 100644 --- a/containers/emerald/flake.nix +++ b/containers/emerald/flake.nix @@ -9,11 +9,11 @@ shareFqdn = "muse.lava.moe"; subnetId = "5"; - subnet = x: "fd0d:1::${subnetId}:${toString x}"; + subnet = x: "fd0d:2::${subnetId}:${toString x}"; host = subnet 1; client = subnet 2; - subnet4 = x: "10.30.${subnetId}.${toString x}"; + subnet4 = x: "10.32.${subnetId}.${toString x}"; host4 = subnet4 1; client4 = subnet4 2; @@ -39,13 +39,7 @@ useACMEHost = "lava.moe"; forceSSL = true; locations."/".proxyPass = "http://[${client}]:4533"; - listenAddresses = [ "10.0.0.1" "[fd0d::1]" "100.67.1.1" ]; - }; - services.nginx.virtualHosts."${shareFqdn}" = { - useACMEHost = "lava.moe"; - forceSSL = true; - locations."/".return = "404"; - locations."/share/".proxyPass = "http://[${client}]:4533"; + listenAddresses = [ "100.67.2.1" ]; }; systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ]; diff --git a/hosts/alyssum/default.nix b/hosts/alyssum/default.nix index 661e3d5..06c415f 100644 --- a/hosts/alyssum/default.nix +++ b/hosts/alyssum/default.nix @@ -6,6 +6,7 @@ age.secrets = { acme_dns.file = ../../secrets/acme_dns.age; passwd.file = ../../secrets/passwd.age; + navidrome_env.file = ../../secrets/navidrome_env.age; wpa_conf = { file = ../../secrets/wpa_conf.age; path = "/etc/wpa_supplicant/imperative.conf"; @@ -27,6 +28,7 @@ modules.services.nginx modules.services.syncthing + inputs.c-emerald.nixosModule inputs.c-garnet.nixosModule ./filesystem.nix diff --git a/hosts/dandelion/default.nix b/hosts/dandelion/default.nix index 33b6eec..f65dfd1 100644 --- a/hosts/dandelion/default.nix +++ b/hosts/dandelion/default.nix @@ -5,7 +5,6 @@ age.secrets = { acme_dns.file = ../../secrets/acme_dns.age; - navidrome_env.file = ../../secrets/navidrome_env.age; slskd_env.file = ../../secrets/slskd_env.age; wg_dandelion.file = ../../secrets/wg_dandelion.age; }; @@ -31,12 +30,12 @@ inputs.c-beryllium.nixosModule inputs.c-citrine.nixosModule inputs.c-diamond.nixosModule - inputs.c-emerald.nixosModule inputs.c-fluorite.nixosModule ./filesystem.nix ./kernel.nix ./networking.nix + ./nginx.nix ../../users/hana ]; diff --git a/hosts/dandelion/nginx.nix b/hosts/dandelion/nginx.nix new file mode 100644 index 0000000..c29de38 --- /dev/null +++ b/hosts/dandelion/nginx.nix @@ -0,0 +1,8 @@ +{ ... }: { + services.nginx.virtualHosts."muse.lava.moe" = { + useACMEHost = "lava.moe"; + forceSSL = true; + locations."/".return = "404"; + locations."/share/".proxyPass = "http://[fd0d:2::5:2]:4533"; + }; +} diff --git a/secrets.nix b/secrets.nix index bec70ef..b1f55e5 100644 --- a/secrets.nix +++ b/secrets.nix @@ -13,7 +13,7 @@ in { "secrets/wpa_conf.age".publicKeys = [ alyssum blossom rin ]; "secrets/acme_dns.age".publicKeys = [ alyssum dandelion hazel rin ]; - "secrets/navidrome_env.age".publicKeys = [ anemone dandelion rin ]; + "secrets/navidrome_env.age".publicKeys = [ alyssum dandelion rin ]; "secrets/slskd_env.age".publicKeys = [ anemone dandelion rin ]; "secrets/tailscale_auth.age".publicKeys = [ alyssum anemone blossom dandelion rin ]; "secrets/warden_admin.age".publicKeys = [ rin ]; diff --git a/secrets/navidrome_env.age b/secrets/navidrome_env.age index 6cb705c5d12523d7e403ecd2736ad062cc9756fe..7df364f2e273e47d57332c4379af715fc8a5212e 100644 GIT binary patch delta 584 zcmeyy@{MJJYJIl9Z*V}lLa~0SOIE(8PgRsjZmNfANJe2wPNjZ9K&nwvh`)KUw?}|y zah|!8zGG!ES3tUPYCwulX0BsVR8p0bmsfUvPO5&2S!h;hVwzuKWp+uHcVUTTdSRIf zm#&>cadC!jYKoDmsiCDpQjl9=YM_FCWl?sip<%gqwy#lonvqFjKvu9*l%cm%RD_Rz zPH>2SdRe%kae7vjv#~E%MTm2_M@pe-SdoEInPr7bzH3yWbF#aSXG&I7h-I;nrF%|F zewC4Ve!0QKkK*+n8Nr2a7A`?m`eorJM!{*uCTWH4zMkn>mQe-CroO3>ei?;@#Z~5M zPT5>0o>h*aL4~FUMUjSP2Kt4LRrw~C$+;O}=K96i8Rh}*z7`plg`Sq-?yg+Ay1EL9 z!TyHDId0x**{;q$X6{A#7A9%FnJ!TVfj&NdN&ZD?nSS-D>3-hk*~Q6ROqpWpMWV|d z&c4vI?M;r-tE{--Z%Xm=Lj$CDFLGWutD?BcP;&a@f0uoCZ!2GWs`sk3vUqjk;%iK` z+P^Q@zJ8i|WunSt<>I|nf4nn)t!g;n)&0q3m!$nYJ2|(F-vj?sG`WCg#Y;CB32Co4)>MRlf4+kK9tCZCbg>R9kL#Qr5a2&Gw+g7Uxv}q{-wD delta 584 zcmeyy@{MJJYJGl2WpIh3LZG*ASzdXWbADmIYe+zTa7bu&lwWarXh?RTdtpFIpi5Ga zyPJ7%nzx51S5k3cm}RK1et2$DNMw0dR$)$*x3h7Un^R$UQdDSAUSv^ZScPSXPf21r zm#&>cadC!jYKoDmsiCDpQjl9=YM_E;sAqUkqNAfxg>QjNvU_A|X@<7Gt5c+>c4bM4 zVP%kMn1@q%X--9UnMWv>VWC@Qk!gx=Rk&+va#@acqN7(zu7QD1QK@@id8uh~a%ymf zk%fDBQl-VjkK*;YsoG@~9(kUn6<$f6F8(e~-jkrv?<`6gazg)WY{CGJK+mA>^Rd6~u*mEnP0+oFBUOCsE* z3bwpzlgKR$u9$3^^ZVfWqPNN?4)f&tr`cQQ=D&Xa?73?U-wn%@sp~tnL(+v$>}C*F zxA`xn%JX>ouLo-iPxHCPx(V+O*cJKu@s3=59#dX}h>yFj?Z5ZfGA|o$zklp6 zX|@|&xOuuKjLFleVCnh`Z_lSp+>)?)gVX#Q4P6t?pZWIe&UJ&$5F8pXE@ck*9i%4 Date: Fri, 19 Jun 2026 08:57:22 +1000 Subject: [PATCH 299/301] containers/emerald: change mounts --- containers/emerald/configuration.nix | 2 +- containers/emerald/flake.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/containers/emerald/configuration.nix b/containers/emerald/configuration.nix index f69a4c6..7f1f1fc 100644 --- a/containers/emerald/configuration.nix +++ b/containers/emerald/configuration.nix @@ -16,7 +16,7 @@ ShareURL = "https://${shareFqdn}"; EnableSharing = true; DataFolder = "/persist/navidrome"; - MusicFolder = "/binds/music"; + MusicFolder = "/binds/music/main"; }; }; } diff --git a/containers/emerald/flake.nix b/containers/emerald/flake.nix index 7e79b23..5ee69e4 100644 --- a/containers/emerald/flake.nix +++ b/containers/emerald/flake.nix @@ -62,7 +62,7 @@ isReadOnly = false; }; bindMounts."music" = { - hostPath = "/persist/media/music"; + hostPath = "/flower/media/music"; mountPoint = "/binds/music"; isReadOnly = true; }; From 004832fc066bc76a95cbb46d22e9833b5446dbff Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Fri, 19 Jun 2026 09:03:39 +1000 Subject: [PATCH 300/301] containers/emerald: bind music directory --- containers/emerald/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/containers/emerald/configuration.nix b/containers/emerald/configuration.nix index 7f1f1fc..421ddb0 100644 --- a/containers/emerald/configuration.nix +++ b/containers/emerald/configuration.nix @@ -19,4 +19,5 @@ MusicFolder = "/binds/music/main"; }; }; + systemd.services.navidrome.serviceConfig.BindReadOnlyPaths = ["/binds/music"]; } From c0004409d7aa14c8aacf166c7bf21b9cd5431135 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Fri, 19 Jun 2026 09:12:52 +1000 Subject: [PATCH 301/301] alyssum/samba: bind music --- hosts/alyssum/samba.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/alyssum/samba.nix b/hosts/alyssum/samba.nix index f14365b..d876981 100644 --- a/hosts/alyssum/samba.nix +++ b/hosts/alyssum/samba.nix @@ -4,6 +4,7 @@ let passwd_fname = "passwd_smb${user}"; in { age.secrets.${passwd_fname}.file = ../../secrets/${passwd_fname}.age; + me.binds."/flower/smb/${user}/music" = "/flower/media/music/${user}"; me.binds."/flower/smb/${user}/syncthing" = "/flower/syncthing/${user}"; users.users.${user} = {