From 7c36f878608151c2011cbabddd7af1a431b7fefb Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Sun, 23 Mar 2025 14:47:35 +1100 Subject: [PATCH 001/363] user/catppuccin: use pink accent for latte --- modules/user/catppuccin.nix | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/modules/user/catppuccin.nix b/modules/user/catppuccin.nix index ece7f62..a7e778c 100644 --- a/modules/user/catppuccin.nix +++ b/modules/user/catppuccin.nix @@ -14,7 +14,7 @@ config = { catppuccin = { - accent = "maroon"; + accent = lib.mkDefault "maroon"; flavor = lib.mkDefault "mocha"; kitty.enable = true; gtk.enable = true; @@ -23,8 +23,14 @@ }; specialisation = { - light.configuration.catppuccin.flavor = "latte"; - dark.configuration.catppuccin.flavor = "mocha"; + light.configuration.catppuccin = { + accent = "pink"; + flavor = "latte"; + }; + dark.configuration.catppuccin = { + accent = "maroon"; + flavor = "mocha"; + }; }; home.packages = [(pkgs.writeShellScriptBin "theme" '' From 0ae63f2c723de6098009ff2428227880660f7966 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Sun, 23 Mar 2025 16:53:26 +1100 Subject: [PATCH 002/363] user/eww: add box-shadow around widgets --- res/eww/eww.scss | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/res/eww/eww.scss b/res/eww/eww.scss index fda0ae1..99942c8 100644 --- a/res/eww/eww.scss +++ b/res/eww/eww.scss @@ -11,7 +11,7 @@ window { } .bar { - margin: 5px 20px 0px 20px; + margin: 5px 20px 5px 20px; } .widget { @@ -22,6 +22,7 @@ window { font-size: 15px; padding: 5px 15px; border-radius: 50px; + box-shadow: $accent 0px 0px 2px; } .title { From ae26fd9a0979fdab143316e44848fab554031dc9 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Sun, 23 Mar 2025 16:58:28 +1100 Subject: [PATCH 003/363] user/catppuccin: use pink accent for both schemes --- modules/user/catppuccin.nix | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/modules/user/catppuccin.nix b/modules/user/catppuccin.nix index a7e778c..44973e6 100644 --- a/modules/user/catppuccin.nix +++ b/modules/user/catppuccin.nix @@ -14,7 +14,7 @@ config = { catppuccin = { - accent = lib.mkDefault "maroon"; + accent = lib.mkDefault "pink"; flavor = lib.mkDefault "mocha"; kitty.enable = true; gtk.enable = true; @@ -23,14 +23,8 @@ }; specialisation = { - light.configuration.catppuccin = { - accent = "pink"; - flavor = "latte"; - }; - dark.configuration.catppuccin = { - accent = "maroon"; - flavor = "mocha"; - }; + light.configuration.catppuccin.flavor = "latte"; + dark.configuration.catppuccin.flavor = "mocha"; }; home.packages = [(pkgs.writeShellScriptBin "theme" '' From 7284f81fd4f70d0151c7edc2d53f24a8da53b5e8 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Thu, 3 Apr 2025 22:23:55 +1100 Subject: [PATCH 004/363] users/rin: add to dialout group --- users/rin/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/users/rin/default.nix b/users/rin/default.nix index e645ea8..3737b18 100644 --- a/users/rin/default.nix +++ b/users/rin/default.nix @@ -2,7 +2,7 @@ programs.zsh.enable = true; users.users.rin = { isNormalUser = true; - extraGroups = [ "adbusers" "audio" "corectrl" "libvirtd" "networkmanager" "video" "wheel" "wireshark" ]; + extraGroups = [ "adbusers" "audio" "corectrl" "dialout" "libvirtd" "networkmanager" "video" "wheel" "wireshark" ]; shell = pkgs.zsh; uid = 1001; hashedPasswordFile = config.age.secrets.passwd.path; From 2421602b88981a11169bac292857498da663f8c9 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 8 Apr 2025 01:45:33 +0000 Subject: [PATCH 005/363] flake: bump inputs --- flake.lock | 72 +++++++++++++++++++++++++++--------------------------- 1 file changed, 36 insertions(+), 36 deletions(-) diff --git a/flake.lock b/flake.lock index 2657ea9..dd8d136 100644 --- a/flake.lock +++ b/flake.lock @@ -246,11 +246,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1741352980, - "narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=", + "lastModified": 1743550720, + "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9", + "rev": "c621e8422220273271f52058f618c94e405bb0f5", "type": "github" }, "original": { @@ -415,11 +415,11 @@ ] }, "locked": { - "lastModified": 1743639371, - "narHash": "sha256-eywYn8ayhVUzFFvIiAIIHn+00Irmhyjqe2cNdyPCLNE=", + "lastModified": 1744038920, + "narHash": "sha256-9a4V1wQXS8hXZtc7mRtz0qINkGW+C99aDrmXY6oYBFg=", "owner": "nix-community", "repo": "home-manager", - "rev": "579a71b948533667c6c65e603f18990bdffc8530", + "rev": "a4d8020820a85b47f842eae76ad083b0ec2a886a", "type": "github" }, "original": { @@ -459,11 +459,11 @@ "linux-tkg": { "flake": false, "locked": { - "lastModified": 1743252716, - "narHash": "sha256-ckctv6qK8xsoIRbEzB0zyGcOvkNw90sndHXF77Ej36s=", + "lastModified": 1743967062, + "narHash": "sha256-K1wwqfhi1a4ufXYultiJBW1z9G4VU4A5Ws8e129UU4o=", "owner": "Frogging-Family", "repo": "linux-tkg", - "rev": "050e5450698c3e816b72ef8cfcf7e60f2907e6d3", + "rev": "840bf847ab58d7b65847c8f41d4c0d5f8f84d6be", "type": "github" }, "original": { @@ -485,11 +485,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1743574307, - "narHash": "sha256-bT8RG639HtF8he+5sjmR83oIgimAxFBNCrCuU5V10A8=", + "lastModified": 1744003175, + "narHash": "sha256-b0b/qxiqf2G2/UrmcyP9aYr0Ni5NpdCY6GEF8KgnmCU=", "owner": "nix-community", "repo": "neovim-nightly-overlay", - "rev": "8c23e99e8ebfe6c4edc8ff4ff3f5a5f650c5193a", + "rev": "f7f5a474c38e3e41827b067f741e12ecbbe5cf18", "type": "github" }, "original": { @@ -501,11 +501,11 @@ "neovim-src": { "flake": false, "locked": { - "lastModified": 1743511785, - "narHash": "sha256-oXIT9GcwX/G1L4M3OgYh+R17g8JKdSip4FAYo6idb/c=", + "lastModified": 1743931206, + "narHash": "sha256-Dl6kHmsN6AZBWEgEbQGpKYy+qvg+oPbBrK/CFQsWmZM=", "owner": "neovim", "repo": "neovim", - "rev": "9b239a6a86ed0caaaf7522cfc600da4b35d94d04", + "rev": "2d11b981bfbb7816d88a69b43b758f3a3f515b96", "type": "github" }, "original": { @@ -520,11 +520,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1743558543, - "narHash": "sha256-vhlOe9N8AGuc3vb3Cz1Cbmxxivy+yj3MVIoIjXe7ceY=", + "lastModified": 1743990663, + "narHash": "sha256-n7bzOLVlYvxgawlIl8fXIxaDjATKhYOhp2OyP61DxdI=", "owner": "fufexan", "repo": "nix-gaming", - "rev": "ec15a8c89528c4b70b761c371ebb3dcf53f8773b", + "rev": "35e3aef6ebb7b27195586130175f1409cd71d7f7", "type": "github" }, "original": { @@ -551,11 +551,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1740877520, - "narHash": "sha256-oiwv/ZK/2FhGxrCkQkB83i7GnWXPPLzoqFHpDD3uYpk=", + "lastModified": 1743296961, + "narHash": "sha256-b1EdN3cULCqtorQ4QeWgLMrd5ZGOjLSLemfa00heasc=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "147dee35aab2193b174e4c0868bd80ead5ce755c", + "rev": "e4822aea2a6d1cdd36653c134cacfd64c97ff4fa", "type": "github" }, "original": { @@ -582,11 +582,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1743076231, - "narHash": "sha256-yQugdVfi316qUfqzN8JMaA2vixl+45GxNm4oUfXlbgw=", + "lastModified": 1743689281, + "narHash": "sha256-y7Hg5lwWhEOgflEHRfzSH96BOt26LaYfrYWzZ+VoVdg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6c5963357f3c1c840201eda129a99d455074db04", + "rev": "2bfc080955153be0be56724be6fa5477b4eefabb", "type": "github" }, "original": { @@ -598,11 +598,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1743583204, - "narHash": "sha256-F7n4+KOIfWrwoQjXrL2wD9RhFYLs2/GGe/MQY1sSdlE=", + "lastModified": 1743964447, + "narHash": "sha256-nEo1t3Q0F+0jQ36HJfbJtiRU4OI+/0jX/iITURKe3EE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2c8d3f48d33929642c1c12cd243df4cc7d2ce434", + "rev": "063dece00c5a77e4a0ea24e5e5a5bd75232806f8", "type": "github" }, "original": { @@ -638,11 +638,11 @@ "nvim-treesitter": { "flake": false, "locked": { - "lastModified": 1743586811, - "narHash": "sha256-Ed6FNWVt/LmcUgqaHiy0s0kTgGcYHNxMlX9qzwEtCfo=", + "lastModified": 1744052902, + "narHash": "sha256-gCCxRnWMSd/GZzAGpTau4nwWM/bI/lbhhvShEv5anak=", "owner": "nvim-treesitter", "repo": "nvim-treesitter", - "rev": "30654ee72a69e7c76a54b66d748dae088429e863", + "rev": "0e21ee8df6235511c02bab4a5b391d18e165a58d", "type": "github" }, "original": { @@ -697,11 +697,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1743595372, - "narHash": "sha256-e3x1mhpPpYgyyin9j/VbrBpOT5PFpEfx2hkxVZuJZhg=", + "lastModified": 1744076033, + "narHash": "sha256-BLPPPtkTH+gKab1m5Wf6Q6pedNEV++k9rh3t4E+4ISA=", "owner": "Gerg-L", "repo": "spicetify-nix", - "rev": "543f12dd14c62ddee79ab79fbfd8726f312b89ff", + "rev": "8e24ec6ffd117cb1c42b8a594134a44db12e9765", "type": "github" }, "original": { @@ -795,11 +795,11 @@ ] }, "locked": { - "lastModified": 1743081648, - "narHash": "sha256-WRAylyYptt6OX5eCEBWyTwOEqEtD6zt33rlUkr6u3cE=", + "lastModified": 1743748085, + "narHash": "sha256-uhjnlaVTWo5iD3LXics1rp9gaKgDRQj6660+gbUU3cE=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "29a3d7b768c70addce17af0869f6e2bd8f5be4b7", + "rev": "815e4121d6a5d504c0f96e5be2dd7f871e4fd99d", "type": "github" }, "original": { From fd45845bdf741722fb7d21b084ac2dc6547de661 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 8 Apr 2025 01:45:34 +0000 Subject: [PATCH 006/363] packages/linux-lava: bump to 6.14.1 --- packages/linux-lava/sources.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/linux-lava/sources.nix b/packages/linux-lava/sources.nix index b285865..b1ef6dd 100644 --- a/packages/linux-lava/sources.nix +++ b/packages/linux-lava/sources.nix @@ -1,8 +1,8 @@ { fetchFromGitHub, inputs, lib }: let - version = "6.14"; + version = "6.14.1"; kernelHash = "0w3nqh02vl8f2wsx3fmsvw1pdsnjs5zfqcmv2w2vnqdiwy1vd552"; - kernelPatchHash = "0vv8njki6gbkzdsvmbhf6lr3i6ipnyf88xzxkk0cx8f4gc63rl9g"; + kernelPatchHash = "01d9vnhrv95jfhjf9y2mh5ybkv3rgm23r1gcqv2i58g0v9b6sm3v"; mm = lib.versions.majorMinor version; hasPatch = (builtins.length (builtins.splitVersion version)) == 3; From f724467c76d99e40c7f8d28fc5878f9a0be93273 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Tue, 8 Apr 2025 15:02:47 +1000 Subject: [PATCH 007/363] hosts/anemone: add android-studio --- users/rin/packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/users/rin/packages.nix b/users/rin/packages.nix index 33f690f..4d3e41b 100644 --- a/users/rin/packages.nix +++ b/users/rin/packages.nix @@ -26,6 +26,7 @@ in { nodePackages_latest.pnpm ] ++ lib.optionals config.me.gui [ + android-studio drawio element-desktop eww From c0a054c937b6d64f36e15503c2e890cd645d79e1 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Tue, 8 Apr 2025 16:37:23 +1000 Subject: [PATCH 008/363] overlays/android-studio: unpatch --- overlays/android-studio.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/overlays/android-studio.nix b/overlays/android-studio.nix index 413dfad..ef9ca5e 100644 --- a/overlays/android-studio.nix +++ b/overlays/android-studio.nix @@ -21,7 +21,7 @@ let ${fhsEnv}/bin/${drvName}-fhs-env ${super.android-studio.passthru.unwrapped}/bin/studio.sh "$@" ''; in { - android-studio = super.android-studio.overrideAttrs(_: { + android-studio-patched = super.android-studio.overrideAttrs(_: { inherit startScript; }); } From 90febfba6e953b025316c6e54a1cbafea9303f28 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Tue, 15 Apr 2025 12:51:55 +1000 Subject: [PATCH 009/363] user/neovim: add ts-java, kotlin, swift, xml --- modules/user/neovim.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/user/neovim.nix b/modules/user/neovim.nix index e1636b7..0c1df3a 100644 --- a/modules/user/neovim.nix +++ b/modules/user/neovim.nix @@ -56,8 +56,10 @@ in { tree-sitter-c-sharp tree-sitter-cpp tree-sitter-html + tree-sitter-java tree-sitter-javascript tree-sitter-json + tree-sitter-kotlin tree-sitter-lua tree-sitter-markdown tree-sitter-nix @@ -66,11 +68,13 @@ in { tree-sitter-query tree-sitter-regex tree-sitter-rust + tree-sitter-swift tree-sitter-toml tree-sitter-tsx tree-sitter-typescript tree-sitter-vim tree-sitter-vimdoc + tree-sitter-xml tree-sitter-yaml ])) ]; From e7724c02128d52fc1f437db034bd383f06e173bd Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Tue, 15 Apr 2025 21:15:16 +1000 Subject: [PATCH 010/363] anemone/kernel: disable suspend-then-hibernate really buggy, couldn't ever get it working properly system goes to sleep, but never wakes up to hibernate when waking up from sleep after the specified time, only then will it start to hibernate, which takes like a minute that I have to wait for not to mention it has a bug where after hibernation the machine stays on, so i have to force it off and restart it..... bruh --- hosts/anemone/kernel.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/anemone/kernel.nix b/hosts/anemone/kernel.nix index 45fa976..361b30e 100644 --- a/hosts/anemone/kernel.nix +++ b/hosts/anemone/kernel.nix @@ -28,12 +28,14 @@ size = 16 * 1024; }]; + /* services.logind.lidSwitch = "suspend-then-hibernate"; systemd.sleep.extraConfig = '' HibernateDelaySec=14400 SuspendEstimationSec=3600 HibernateOnACPower=true ''; + */ powerManagement.cpufreq.min = 400000; From ffb3659357242b9a44ddd6699f4ffe3efb0ae8a5 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Mon, 21 Apr 2025 00:48:09 +1000 Subject: [PATCH 011/363] rin/packages: add cisco packet tracer --- users/rin/packages.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/users/rin/packages.nix b/users/rin/packages.nix index 4d3e41b..67bcb3b 100644 --- a/users/rin/packages.nix +++ b/users/rin/packages.nix @@ -26,7 +26,8 @@ in { nodePackages_latest.pnpm ] ++ lib.optionals config.me.gui [ - android-studio + android-studio + ciscoPacketTracer8 drawio element-desktop eww From 9f525a8756b71ebbe367c81fbfd82d5f66d47ec0 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Mon, 21 Apr 2025 00:49:22 +1000 Subject: [PATCH 012/363] anemone/kernel: fix hibernation not shutting down --- hosts/anemone/kernel.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hosts/anemone/kernel.nix b/hosts/anemone/kernel.nix index 361b30e..cbee34c 100644 --- a/hosts/anemone/kernel.nix +++ b/hosts/anemone/kernel.nix @@ -28,6 +28,9 @@ size = 16 * 1024; }]; + systemd.sleep.extraConfig = '' + HibernateMode=shutdown + ''; /* services.logind.lidSwitch = "suspend-then-hibernate"; systemd.sleep.extraConfig = '' From c54fa3c517db5e8e309aadf08ce81d6887c01701 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Wed, 23 Apr 2025 17:31:21 +1000 Subject: [PATCH 013/363] rin/packages: add bitwarden-desktop --- overlays/bitwarden-desktop.nix | 19 +++++++++++++++++++ overlays/default.nix | 1 + .../firefox-native-messaging-host.json | 7 +++++++ users/rin/packages.nix | 1 + 4 files changed, 28 insertions(+) create mode 100644 overlays/bitwarden-desktop.nix create mode 100644 overlays/patches/firefox-native-messaging-host.json diff --git a/overlays/bitwarden-desktop.nix b/overlays/bitwarden-desktop.nix new file mode 100644 index 0000000..2d7be24 --- /dev/null +++ b/overlays/bitwarden-desktop.nix @@ -0,0 +1,19 @@ +# https://github.com/NixOS/nixpkgs/pull/374068 +self: super: { + bitwarden-desktop = super.bitwarden-desktop.overrideAttrs (o: { + preBuild = o.preBuild + '' + pushd apps/desktop/desktop_native/proxy + cargo build --offline --bin desktop_proxy --release + popd + ''; + installPhase = builtins.replaceStrings ["runHook preInstall"] ['' + runHook preInstall + + install -Dm755 -t $out/bin apps/desktop/desktop_native/target/release/desktop_proxy + + mkdir -p $out/lib/mozilla/native-messaging-hosts + substituteAll ${./patches/firefox-native-messaging-host.json} $out/lib/mozilla/native-messaging-hosts/com.8bit.bitwarden.json + + ''] o.installPhase; + }); +} diff --git a/overlays/default.nix b/overlays/default.nix index d8f5dbd..d6cc660 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -1,5 +1,6 @@ builtins.map (path: import path) [ ./android-studio.nix + ./bitwarden-desktop.nix ./cascadia-code.nix ./ccache.nix ./eww.nix diff --git a/overlays/patches/firefox-native-messaging-host.json b/overlays/patches/firefox-native-messaging-host.json new file mode 100644 index 0000000..e9f5f99 --- /dev/null +++ b/overlays/patches/firefox-native-messaging-host.json @@ -0,0 +1,7 @@ +{ + "name": "com.8bit.bitwarden", + "description": "Bitwarden desktop <-> browser bridge", + "path": "@out@/bin/desktop_proxy", + "type": "stdio", + "allowed_extensions": ["{446900e4-71c2-419f-a6a7-df9c091e268b}"] +} diff --git a/users/rin/packages.nix b/users/rin/packages.nix index 67bcb3b..56f02a3 100644 --- a/users/rin/packages.nix +++ b/users/rin/packages.nix @@ -27,6 +27,7 @@ in { nodePackages_latest.pnpm ] ++ lib.optionals config.me.gui [ android-studio + bitwarden-desktop ciscoPacketTracer8 drawio element-desktop From b310b4e69121f027ea57b8c464e1b9c26d241dbb Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Wed, 23 Apr 2025 17:46:08 +1000 Subject: [PATCH 014/363] rin/packages: add bitwarden messaginghost to firefox --- users/rin/packages.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/users/rin/packages.nix b/users/rin/packages.nix index 56f02a3..4cf1146 100644 --- a/users/rin/packages.nix +++ b/users/rin/packages.nix @@ -7,7 +7,10 @@ let aspnetcore_9_0-bin ]); in { - programs.firefox.enable = true; + programs.firefox = { + enable = true; + nativeMessagingHosts = [ pkgs.bitwarden-desktop ]; + }; home.packages = with pkgs; [ dconf From a6b826f089c75998a1330112e9f74dada160b31b Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Wed, 23 Apr 2025 18:15:18 +1000 Subject: [PATCH 015/363] system/packages-gui: add bitwarden for polkit actions --- modules/system/packages-gui.nix | 1 + users/rin/packages.nix | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/packages-gui.nix b/modules/system/packages-gui.nix index a03a92e..757b501 100644 --- a/modules/system/packages-gui.nix +++ b/modules/system/packages-gui.nix @@ -1,6 +1,7 @@ { config, lib, pkgs, ... }: { config = lib.mkIf config.me.gui { environment.systemPackages = with pkgs; [ + bitwarden-desktop gparted nautilus ]; diff --git a/users/rin/packages.nix b/users/rin/packages.nix index 4cf1146..51b2e2e 100644 --- a/users/rin/packages.nix +++ b/users/rin/packages.nix @@ -30,7 +30,6 @@ in { nodePackages_latest.pnpm ] ++ lib.optionals config.me.gui [ android-studio - bitwarden-desktop ciscoPacketTracer8 drawio element-desktop From c3368f7ec54230808d03fe90098bc8d1e36f7af8 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Thu, 24 Apr 2025 01:32:02 +1000 Subject: [PATCH 016/363] system/nix: try out nixos-rebuild-ng --- modules/system/nix.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/system/nix.nix b/modules/system/nix.nix index ca74901..e520205 100644 --- a/modules/system/nix.nix +++ b/modules/system/nix.nix @@ -23,4 +23,5 @@ ''; }; nixpkgs.config.allowUnfree = true; + system.rebuild.enableNg = true; } From 78c578b7ca77def910ccd84d107831f33ab33937 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Sun, 23 Mar 2025 19:11:58 +1100 Subject: [PATCH 017/363] hosts/hyacinth: remove postgres --- hosts/hyacinth/default.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/hosts/hyacinth/default.nix b/hosts/hyacinth/default.nix index ea385b8..be9ee49 100644 --- a/hosts/hyacinth/default.nix +++ b/hosts/hyacinth/default.nix @@ -31,8 +31,6 @@ snapper virtualisation - modules.services.postgres - ./filesystem.nix ./kernel.nix ./networking.nix @@ -40,7 +38,6 @@ ../../users/rin ]; - services.postgresql.ensureDatabases = [ "barista" "barista-dev" ]; systemd.services.nix-daemon.environment.TMPDIR = "/nix/tmp"; # For steam fhs-env From cdae556af4d6458fc4caac71307585d0cee677f9 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Sun, 23 Mar 2025 19:15:35 +1100 Subject: [PATCH 018/363] user/hyprlock: scale based on new hidpi option --- hosts/anemone/default.nix | 1 + modules/options.nix | 5 ++++ modules/user/hyprlock.nix | 56 ++++++++++++++++++++++++--------------- 3 files changed, 41 insertions(+), 21 deletions(-) diff --git a/hosts/anemone/default.nix b/hosts/anemone/default.nix index 05366ae..b6825b7 100644 --- a/hosts/anemone/default.nix +++ b/hosts/anemone/default.nix @@ -39,6 +39,7 @@ batteryDevice = "BATT"; kbBacklightDevice = "asus::kbd_backlight"; hasFingerprint = true; + hidpi = true; }; # For steam fhs-env diff --git a/modules/options.nix b/modules/options.nix index 573c0ee..b522127 100644 --- a/modules/options.nix +++ b/modules/options.nix @@ -39,5 +39,10 @@ in { type = types.bool; default = config.me.environment == "laptop"; }; + + hidpi = mkOption { + type = types.bool; + default = false; + }; }; } diff --git a/modules/user/hyprlock.nix b/modules/user/hyprlock.nix index f7ef851..529c522 100644 --- a/modules/user/hyprlock.nix +++ b/modules/user/hyprlock.nix @@ -1,4 +1,17 @@ -{ config, lib, ... }: { +{ config, lib, ... }: +let + scaling = if config.me.hidpi then 1 else 0.5; + s = value: if builtins.isInt value || builtins.isFloat value + then + builtins.floor (value * scaling) + else if builtins.isList value + then + lib.strings.concatMapStringsSep "," (v: builtins.toString (scaling * v)) value + else + builtins.throw "invalid scaled value type ${builtins.typeOf value} for ${value}"; + sn = value: s (builtins.map (v: (-v)) value); +in +{ programs.hyprlock = { enable = true; settings = { @@ -16,26 +29,27 @@ monitor = ""; color = "$base"; }; - shape = [ + shape = lib.optionals (config.me.batteryDevice != null) [ # Battery pill { monitor = ""; - size = "165, 65"; + size = s [165 65]; color = "$crust"; rounding = -1; halign = "right"; valign = "top"; - position = "-595,-10"; + position = sn [595 10]; } + ] ++ [ # Time pill { monitor = ""; - size = "545, 65"; + size = s [545 65]; color = "$crust"; rounding = -1; halign = "right"; valign = "top"; - position = "-40,-10"; + position = sn [40 10]; } ]; label = lib.optionals config.me.hasFingerprint [ @@ -44,10 +58,10 @@ monitor = ""; color = "$text"; font_family = "Material Symbols Outlined"; - font_size = 64; + font_size = s 64; halign = "center"; valign = "top"; - position = "0, -100"; + position = sn [0 100]; text = ""; } # Fingerprint text @@ -55,9 +69,9 @@ monitor = ""; color = "$text"; text = "$FPRINTPROMPT"; - font_size = 25; + font_size = s 25; font_family = "Open Sans"; - position = "0, -235"; + position = sn [0 235]; halign = "center"; valign = "top"; } @@ -68,8 +82,8 @@ text = ""; color = "$accent"; font_family = "Material Symbols Outlined"; - font_size = 27; - position = "-695, -20"; + font_size = s 27; + position = sn [695 20]; halign = "right"; valign = "top"; } @@ -78,9 +92,9 @@ monitor = ""; text = ''cmd[update:60000] echo "$(cat /sys/class/power_supply/${config.me.batteryDevice}/capacity)%"''; color = "$text"; - font_size = 23; + font_size = s 23; font_family = "Open Sans"; - position = "-625, -20"; + position = sn [625 20]; halign = "right"; valign = "top"; } @@ -90,10 +104,10 @@ monitor = ""; color = "$text"; font_family = "Open Sans"; - font_size = 23; + font_size = s 23; halign = "right"; valign = "top"; - position = "-70, -20"; + position = sn [70 20]; text = ''cmd[update:1000] echo "$(date '+%A, %d %B %Y') $(date +%H:%M)$(date +:%S)"''; } @@ -102,17 +116,17 @@ monitor = ""; color = "$red"; font_family = "Open Sans"; - font_size = 25; + font_size = s 25; text = "$FAIL $ATTEMPTS[]"; - position = "0, -200"; + position = sn [0 200]; halign = "center"; valign = "center"; } ]; input-field = { monitor = ""; - size = "600, 120"; - outline_thickness = 4; + size = s [600 120]; + outline_thickness = s 4; check_color = "$peach"; dots_size = 0.2; dots_spacing = 0.2; @@ -125,7 +139,7 @@ fade_on_empty = false; hide_input = false; capslock_color = "$yellow"; - position = "0, -47"; + position = sn [0 47]; halign = "center"; valign = "center"; }; From c8f4410d94c3793d25a58dc5c376c1e65b1ec060 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Tue, 25 Mar 2025 21:59:14 +1100 Subject: [PATCH 019/363] user/eww: use lighter text for shadow --- res/eww/eww.scss | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/res/eww/eww.scss b/res/eww/eww.scss index 99942c8..763e6fd 100644 --- a/res/eww/eww.scss +++ b/res/eww/eww.scss @@ -22,7 +22,7 @@ window { font-size: 15px; padding: 5px 15px; border-radius: 50px; - box-shadow: $accent 0px 0px 2px; + box-shadow: rgba($foreground, .7) 0px 0px 2px; } .title { From b9681ed9256cb641116defd878add15c5100e99f Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Tue, 25 Mar 2025 22:17:23 +1100 Subject: [PATCH 020/363] overlays/wpa-supplicant: init, makes it not spam journal --- overlays/default.nix | 1 + overlays/patches/wpa-supplicant.patch | 13 +++++++++++++ overlays/wpa-supplicant.nix | 6 ++++++ 3 files changed, 20 insertions(+) create mode 100644 overlays/patches/wpa-supplicant.patch create mode 100644 overlays/wpa-supplicant.nix diff --git a/overlays/default.nix b/overlays/default.nix index 1f34ee1..d8f5dbd 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -7,4 +7,5 @@ builtins.map (path: import path) [ ./rofi.nix ./steam.nix ./utillinux.nix + ./wpa-supplicant.nix ] diff --git a/overlays/patches/wpa-supplicant.patch b/overlays/patches/wpa-supplicant.patch new file mode 100644 index 0000000..7c27be4 --- /dev/null +++ b/overlays/patches/wpa-supplicant.patch @@ -0,0 +1,13 @@ +diff --git a/wpa_supplicant/systemd/wpa_supplicant.service.in b/wpa_supplicant/systemd/wpa_supplicant.service.in +index 58a6228..fbe7de3 100644 +--- a/wpa_supplicant/systemd/wpa_supplicant.service.in ++++ b/wpa_supplicant/systemd/wpa_supplicant.service.in +@@ -7,7 +7,7 @@ Wants=network.target + [Service] + Type=dbus + BusName=fi.w1.wpa_supplicant1 +-ExecStart=@BINDIR@/wpa_supplicant -u ++ExecStart=@BINDIR@/wpa_supplicant -u -q + + [Install] + WantedBy=multi-user.target diff --git a/overlays/wpa-supplicant.nix b/overlays/wpa-supplicant.nix new file mode 100644 index 0000000..1a2cf86 --- /dev/null +++ b/overlays/wpa-supplicant.nix @@ -0,0 +1,6 @@ +self: super: { + # Thanks https://discourse.nixos.org/t/journal-logs-spammed-with-ctrl-event-scan-failed/56316/5 + wpa_supplicant = super.wpa_supplicant.overrideAttrs(o: { + patches = o.patches ++ [ ./patches/wpa-supplicant.patch ]; + }); +} From 04d695c77a0c0fea5a31244b4667b3b7f75c0b1e Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Fri, 28 Mar 2025 00:06:56 +1100 Subject: [PATCH 021/363] packages/linux-lava: ignore patch when it's a new release --- packages/linux-lava/sources.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/packages/linux-lava/sources.nix b/packages/linux-lava/sources.nix index fad3ed0..d8c5bc4 100644 --- a/packages/linux-lava/sources.nix +++ b/packages/linux-lava/sources.nix @@ -5,6 +5,7 @@ let kernelPatchHash = "0akxqc8fdf6gkiy967crp7m1ikidd3rlhx804y3da1jl75dgqcrw"; mm = lib.versions.majorMinor version; + patchVer = lib.versions.patch version; tkgPatches = [ "0002-clear-patches" "0003-glitched-base" @@ -34,7 +35,7 @@ in { sha256 = kernelHash; }; - kernelPatches = [ + kernelPatches = lib.optionals (patchVer != 0) [ kernelPatchSrc ] ++ builtins.map (name: { From fd146250741c9f8aa8ce5c08de915991d409233c Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Fri, 28 Mar 2025 00:13:47 +1100 Subject: [PATCH 022/363] packages/linux-lava: use alternative logic to fix error --- packages/linux-lava/sources.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/linux-lava/sources.nix b/packages/linux-lava/sources.nix index d8c5bc4..7f69a21 100644 --- a/packages/linux-lava/sources.nix +++ b/packages/linux-lava/sources.nix @@ -5,7 +5,7 @@ let kernelPatchHash = "0akxqc8fdf6gkiy967crp7m1ikidd3rlhx804y3da1jl75dgqcrw"; mm = lib.versions.majorMinor version; - patchVer = lib.versions.patch version; + hasPatch = (builtins.length (builtins.splitVersion version)) == 3; tkgPatches = [ "0002-clear-patches" "0003-glitched-base" @@ -35,7 +35,7 @@ in { sha256 = kernelHash; }; - kernelPatches = lib.optionals (patchVer != 0) [ + kernelPatches = lib.optionals hasPatch [ kernelPatchSrc ] ++ builtins.map (name: { From ba15ebcf4c238b16a7ee506d8460d71d89d375f8 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 27 Mar 2025 13:15:46 +0000 Subject: [PATCH 023/363] flake: bump inputs --- flake.lock | 78 +++++++++++++++++++++++++++--------------------------- 1 file changed, 39 insertions(+), 39 deletions(-) diff --git a/flake.lock b/flake.lock index 9a7f278..57e1087 100644 --- a/flake.lock +++ b/flake.lock @@ -6,11 +6,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1740876632, - "narHash": "sha256-u695YUS3R5HI1VQp7feCifWYOn3Gh6yGde1vp5rKqTg=", + "lastModified": 1742237177, + "narHash": "sha256-SZO34S9RKyp0Vub/7JFyNrpxtS/i+2q6Vqi4NIF5NH0=", "owner": "ezKEa", "repo": "aagl-gtk-on-nix", - "rev": "5505af25160f16ad26f9107aebee9ea7713b59d9", + "rev": "796472887bd6362917f26f3ceac019ef21a39e75", "type": "github" }, "original": { @@ -72,11 +72,11 @@ "catppuccin-palette": { "flake": false, "locked": { - "lastModified": 1741520281, - "narHash": "sha256-SVF1fNFdvWxZq5vZWiA5WL1VT2qFxuZ5l0ncCwGiy4E=", + "lastModified": 1742245182, + "narHash": "sha256-R52Q1FVAclvBk7xNgj/Jl+GPCIbORNf6YbJ1nxH3Gzs=", "owner": "catppuccin", "repo": "palette", - "rev": "1d13846d736bdd96ca84e8406209c834ed9f8fc6", + "rev": "0df7db6fe201b437d91e7288fa22807bb0e44701", "type": "github" }, "original": { @@ -287,11 +287,11 @@ ] }, "locked": { - "lastModified": 1742058297, - "narHash": "sha256-b4SZc6TkKw8WQQssbN5O2DaCEzmFfvSTPYHlx/SFW9Y=", + "lastModified": 1742649964, + "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "59f17850021620cd348ad2e9c0c64f4e6325ce2a", + "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82", "type": "github" }, "original": { @@ -415,11 +415,11 @@ ] }, "locked": { - "lastModified": 1741955947, - "narHash": "sha256-2lbURKclgKqBNm7hVRtWh0A7NrdsibD0EaWhahUVhhY=", + "lastModified": 1742996658, + "narHash": "sha256-snxgTLVq6ooaD3W3mPHu7LVWpoZKczhxHAUZy2ea4oA=", "owner": "nix-community", "repo": "home-manager", - "rev": "4e12151c9e014e2449e0beca2c0e9534b96a26b4", + "rev": "693840c01b9bef9e54100239cef937e53d4661bf", "type": "github" }, "original": { @@ -459,11 +459,11 @@ "linux-tkg": { "flake": false, "locked": { - "lastModified": 1741917569, - "narHash": "sha256-53CtqldMcB7R8Zx/xoLA+5ks6V2bGAGNHpJc4eGfUJc=", + "lastModified": 1742868191, + "narHash": "sha256-R9wllC7PMd/R4HZsfEGyIUNz2qhiYN6XfvxvO+bDhps=", "owner": "Frogging-Family", "repo": "linux-tkg", - "rev": "ea7470efe0d98ddccdee7d80bb422a5cbd8402ba", + "rev": "5ded60f5107bc1b78dc733c52ff7ed7cb5050422", "type": "github" }, "original": { @@ -485,11 +485,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1742205116, - "narHash": "sha256-u8Nq1jptSJnjwSvuWf/DIbNK++Kqnee9WPCgjEdz2H0=", + "lastModified": 1743033980, + "narHash": "sha256-GLIYPMI/4m0IIl4Hx2l2q6y2PNmt+vpE6GwjeSkaDvA=", "owner": "nix-community", "repo": "neovim-nightly-overlay", - "rev": "acd0f86437b2aeb4f5fab804d6addf951d03f48d", + "rev": "89c0f3b8389c6ad65fcbb5f893cdbaad7dfcbd29", "type": "github" }, "original": { @@ -501,11 +501,11 @@ "neovim-src": { "flake": false, "locked": { - "lastModified": 1742165799, - "narHash": "sha256-cv6TDPYQe5mQUqY5p0KDXO1W4CPeJ5Jw277LeXoJW7c=", + "lastModified": 1743015383, + "narHash": "sha256-Rgl2A73IxKYFkqKwQvYrVdkMd/OrZuJZz+WxuN3YSNI=", "owner": "neovim", "repo": "neovim", - "rev": "502324a7b5f875ba61d65444cee34146f47c8f74", + "rev": "9acb52c8f386ea0a026ba4e314e1294da66f8e79", "type": "github" }, "original": { @@ -520,11 +520,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1742176115, - "narHash": "sha256-gWZhY2Il5aGL2lxwwHaOQ1jPF4ZEW/eQLAPzqpO/xmQ=", + "lastModified": 1742998728, + "narHash": "sha256-WOJEfqNrgvUFgGlA70S3h9iHIJtT6qhwxVwbiUdVhXs=", "owner": "fufexan", "repo": "nix-gaming", - "rev": "7a5e1f3c5ed63bcf047103d1edd9276e77b4f684", + "rev": "5f44cf346870efd1c6300d81d03a132a8834e0e4", "type": "github" }, "original": { @@ -582,11 +582,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1741865919, - "narHash": "sha256-4thdbnP6dlbdq+qZWTsm4ffAwoS8Tiq1YResB+RP6WE=", + "lastModified": 1742800061, + "narHash": "sha256-oDJGK1UMArK52vcW9S5S2apeec4rbfNELgc50LqiPNs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "573c650e8a14b2faa0041645ab18aed7e60f0c9a", + "rev": "1750f3c1c89488e2ffdd47cab9d05454dddfb734", "type": "github" }, "original": { @@ -598,11 +598,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1742069588, - "narHash": "sha256-C7jVfohcGzdZRF6DO+ybyG/sqpo1h6bZi9T56sxLy+k=", + "lastModified": 1742889210, + "narHash": "sha256-hw63HnwnqU3ZQfsMclLhMvOezpM7RSB0dMAtD5/sOiw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c80f6a7e10b39afcc1894e02ef785b1ad0b0d7e5", + "rev": "698214a32beb4f4c8e3942372c694f40848b360d", "type": "github" }, "original": { @@ -638,11 +638,11 @@ "nvim-treesitter": { "flake": false, "locked": { - "lastModified": 1742194526, - "narHash": "sha256-/VEZSYkaSZrKSkNDFb58njvQM/uf129t8Xr0/r4m0ac=", + "lastModified": 1743063375, + "narHash": "sha256-4ePU57Zgyi6NZbD8zLWotQ6yfnjZX4jjACtxR/31YZI=", "owner": "nvim-treesitter", "repo": "nvim-treesitter", - "rev": "d76a8b6e1b67fd3bcffec4a5d45fd9dee4dbbee8", + "rev": "da5825bf70cc2ea7eacd1e60c32c07baf19adeba", "type": "github" }, "original": { @@ -697,11 +697,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1742098581, - "narHash": "sha256-c8pnJi/Y8+whPi5aOs5qKshfh4vvRUqczaJIOc6Xdv8=", + "lastModified": 1742854930, + "narHash": "sha256-yry0JTKn3TotaCIgBjIl8rSsnqqxqT01rtJQUc0PeOA=", "owner": "Gerg-L", "repo": "spicetify-nix", - "rev": "4b285681a73e73c4f961fb69163c0daa36a18d30", + "rev": "32663bb5e4dce31d252b1ba02deb3631d220d74e", "type": "github" }, "original": { @@ -795,11 +795,11 @@ ] }, "locked": { - "lastModified": 1739829690, - "narHash": "sha256-mL1szCeIsjh6Khn3nH2cYtwO5YXG6gBiTw1A30iGeDU=", + "lastModified": 1742982148, + "narHash": "sha256-aRA6LSxjlbMI6MmMzi/M5WH/ynd8pK+vACD9za3MKLQ=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "3d0579f5cc93436052d94b73925b48973a104204", + "rev": "61c88349bf6dff49fa52d7dfc39b21026c2a8881", "type": "github" }, "original": { From 74501e3c39f0354ccbe3dccfaeb03799fc220565 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 27 Mar 2025 13:15:47 +0000 Subject: [PATCH 024/363] packages/linux-lava: bump to 6.14 --- packages/linux-lava/sources.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/linux-lava/sources.nix b/packages/linux-lava/sources.nix index 7f69a21..4fb92b8 100644 --- a/packages/linux-lava/sources.nix +++ b/packages/linux-lava/sources.nix @@ -1,8 +1,8 @@ { fetchFromGitHub, inputs, lib }: let - version = "6.13.7"; - kernelHash = "0vhdz1as27kxav81rkf6fm85sqrbj5hjhz5hpyxcd5b6p1pcr7g7"; - kernelPatchHash = "0akxqc8fdf6gkiy967crp7m1ikidd3rlhx804y3da1jl75dgqcrw"; + version = "6.14"; + kernelHash = "0w3nqh02vl8f2wsx3fmsvw1pdsnjs5zfqcmv2w2vnqdiwy1vd552"; + kernelPatchHash = "0vv8njki6gbkzdsvmbhf6lr3i6ipnyf88xzxkk0cx8f4gc63rl9g"; mm = lib.versions.majorMinor version; hasPatch = (builtins.length (builtins.splitVersion version)) == 3; From cffbc858f736fe416179f34bd528b617012c67ab Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Fri, 28 Mar 2025 00:42:19 +1100 Subject: [PATCH 025/363] packages/linux-lava: remove ntsync patch now upstreamed as part of 6.14 --- packages/linux-lava/sources.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/packages/linux-lava/sources.nix b/packages/linux-lava/sources.nix index 4fb92b8..b285865 100644 --- a/packages/linux-lava/sources.nix +++ b/packages/linux-lava/sources.nix @@ -12,7 +12,6 @@ let "0003-glitched-eevdf-additions" "0003-glitched-cfs" "0007-v${mm}-fsync_legacy_via_futex_waitv" - "0007-v${mm}-ntsync" "0012-misc-additions" ]; From 21b7184b6540cc0d7d0deb6c908261360b63be8b Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Sat, 29 Mar 2025 13:09:33 +1100 Subject: [PATCH 026/363] user/neovim: remove prisma --- modules/user/neovim.nix | 2 -- res/config.lua | 2 +- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/modules/user/neovim.nix b/modules/user/neovim.nix index 4c74919..e1636b7 100644 --- a/modules/user/neovim.nix +++ b/modules/user/neovim.nix @@ -20,7 +20,6 @@ in { extraPackages = with pkgs; [ rust-analyzer - nodePackages."@prisma/language-server" nodePackages.diagnostic-languageserver nodePackages.eslint_d nodePackages.typescript-language-server @@ -63,7 +62,6 @@ in { tree-sitter-markdown tree-sitter-nix tree-sitter-php - tree-sitter-prisma tree-sitter-python tree-sitter-query tree-sitter-regex diff --git a/res/config.lua b/res/config.lua index 4e02a70..7899bda 100644 --- a/res/config.lua +++ b/res/config.lua @@ -139,7 +139,7 @@ local capabilities = vim.lsp.protocol.make_client_capabilities() capabilities.textDocument.completion.completionItem.snippetSupport = true capabilities = require('cmp_nvim_lsp').default_capabilities(capabilities) -local servers = { 'cssls', 'html', 'nil_ls', 'prismals', 'ts_ls', 'yamlls' } +local servers = { 'cssls', 'html', 'nil_ls', 'ts_ls', 'yamlls' } for _, lsp in ipairs(servers) do nvim_lsp[lsp].setup { capabilities = capabilities, From 1e2850dd3857cd410fbdad3c9306f6dc5716528e Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 3 Apr 2025 01:44:45 +0000 Subject: [PATCH 027/363] flake: bump inputs --- flake.lock | 78 +++++++++++++++++++++++++++--------------------------- 1 file changed, 39 insertions(+), 39 deletions(-) diff --git a/flake.lock b/flake.lock index 57e1087..2657ea9 100644 --- a/flake.lock +++ b/flake.lock @@ -6,11 +6,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1742237177, - "narHash": "sha256-SZO34S9RKyp0Vub/7JFyNrpxtS/i+2q6Vqi4NIF5NH0=", + "lastModified": 1743475805, + "narHash": "sha256-H3T9CQ1qBwtEW8M+v5noSpRej6YNJRC5cpU0fO4oH/0=", "owner": "ezKEa", "repo": "aagl-gtk-on-nix", - "rev": "796472887bd6362917f26f3ceac019ef21a39e75", + "rev": "d57ccce285ce6fc5e970420c31b49d9cef62d0bc", "type": "github" }, "original": { @@ -207,11 +207,11 @@ ] }, "locked": { - "lastModified": 1741352980, - "narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=", + "lastModified": 1743550720, + "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9", + "rev": "c621e8422220273271f52058f618c94e405bb0f5", "type": "github" }, "original": { @@ -415,11 +415,11 @@ ] }, "locked": { - "lastModified": 1742996658, - "narHash": "sha256-snxgTLVq6ooaD3W3mPHu7LVWpoZKczhxHAUZy2ea4oA=", + "lastModified": 1743639371, + "narHash": "sha256-eywYn8ayhVUzFFvIiAIIHn+00Irmhyjqe2cNdyPCLNE=", "owner": "nix-community", "repo": "home-manager", - "rev": "693840c01b9bef9e54100239cef937e53d4661bf", + "rev": "579a71b948533667c6c65e603f18990bdffc8530", "type": "github" }, "original": { @@ -459,11 +459,11 @@ "linux-tkg": { "flake": false, "locked": { - "lastModified": 1742868191, - "narHash": "sha256-R9wllC7PMd/R4HZsfEGyIUNz2qhiYN6XfvxvO+bDhps=", + "lastModified": 1743252716, + "narHash": "sha256-ckctv6qK8xsoIRbEzB0zyGcOvkNw90sndHXF77Ej36s=", "owner": "Frogging-Family", "repo": "linux-tkg", - "rev": "5ded60f5107bc1b78dc733c52ff7ed7cb5050422", + "rev": "050e5450698c3e816b72ef8cfcf7e60f2907e6d3", "type": "github" }, "original": { @@ -485,11 +485,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1743033980, - "narHash": "sha256-GLIYPMI/4m0IIl4Hx2l2q6y2PNmt+vpE6GwjeSkaDvA=", + "lastModified": 1743574307, + "narHash": "sha256-bT8RG639HtF8he+5sjmR83oIgimAxFBNCrCuU5V10A8=", "owner": "nix-community", "repo": "neovim-nightly-overlay", - "rev": "89c0f3b8389c6ad65fcbb5f893cdbaad7dfcbd29", + "rev": "8c23e99e8ebfe6c4edc8ff4ff3f5a5f650c5193a", "type": "github" }, "original": { @@ -501,11 +501,11 @@ "neovim-src": { "flake": false, "locked": { - "lastModified": 1743015383, - "narHash": "sha256-Rgl2A73IxKYFkqKwQvYrVdkMd/OrZuJZz+WxuN3YSNI=", + "lastModified": 1743511785, + "narHash": "sha256-oXIT9GcwX/G1L4M3OgYh+R17g8JKdSip4FAYo6idb/c=", "owner": "neovim", "repo": "neovim", - "rev": "9acb52c8f386ea0a026ba4e314e1294da66f8e79", + "rev": "9b239a6a86ed0caaaf7522cfc600da4b35d94d04", "type": "github" }, "original": { @@ -520,11 +520,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1742998728, - "narHash": "sha256-WOJEfqNrgvUFgGlA70S3h9iHIJtT6qhwxVwbiUdVhXs=", + "lastModified": 1743558543, + "narHash": "sha256-vhlOe9N8AGuc3vb3Cz1Cbmxxivy+yj3MVIoIjXe7ceY=", "owner": "fufexan", "repo": "nix-gaming", - "rev": "5f44cf346870efd1c6300d81d03a132a8834e0e4", + "rev": "ec15a8c89528c4b70b761c371ebb3dcf53f8773b", "type": "github" }, "original": { @@ -535,11 +535,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1740560979, - "narHash": "sha256-Vr3Qi346M+8CjedtbyUevIGDZW8LcA1fTG0ugPY/Hic=", + "lastModified": 1743315132, + "narHash": "sha256-6hl6L/tRnwubHcA4pfUUtk542wn2Om+D4UnDhlDW9BE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5135c59491985879812717f4c9fea69604e7f26f", + "rev": "52faf482a3889b7619003c0daec593a1912fddc1", "type": "github" }, "original": { @@ -582,11 +582,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1742800061, - "narHash": "sha256-oDJGK1UMArK52vcW9S5S2apeec4rbfNELgc50LqiPNs=", + "lastModified": 1743076231, + "narHash": "sha256-yQugdVfi316qUfqzN8JMaA2vixl+45GxNm4oUfXlbgw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1750f3c1c89488e2ffdd47cab9d05454dddfb734", + "rev": "6c5963357f3c1c840201eda129a99d455074db04", "type": "github" }, "original": { @@ -598,11 +598,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1742889210, - "narHash": "sha256-hw63HnwnqU3ZQfsMclLhMvOezpM7RSB0dMAtD5/sOiw=", + "lastModified": 1743583204, + "narHash": "sha256-F7n4+KOIfWrwoQjXrL2wD9RhFYLs2/GGe/MQY1sSdlE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "698214a32beb4f4c8e3942372c694f40848b360d", + "rev": "2c8d3f48d33929642c1c12cd243df4cc7d2ce434", "type": "github" }, "original": { @@ -638,11 +638,11 @@ "nvim-treesitter": { "flake": false, "locked": { - "lastModified": 1743063375, - "narHash": "sha256-4ePU57Zgyi6NZbD8zLWotQ6yfnjZX4jjACtxR/31YZI=", + "lastModified": 1743586811, + "narHash": "sha256-Ed6FNWVt/LmcUgqaHiy0s0kTgGcYHNxMlX9qzwEtCfo=", "owner": "nvim-treesitter", "repo": "nvim-treesitter", - "rev": "da5825bf70cc2ea7eacd1e60c32c07baf19adeba", + "rev": "30654ee72a69e7c76a54b66d748dae088429e863", "type": "github" }, "original": { @@ -697,11 +697,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1742854930, - "narHash": "sha256-yry0JTKn3TotaCIgBjIl8rSsnqqxqT01rtJQUc0PeOA=", + "lastModified": 1743595372, + "narHash": "sha256-e3x1mhpPpYgyyin9j/VbrBpOT5PFpEfx2hkxVZuJZhg=", "owner": "Gerg-L", "repo": "spicetify-nix", - "rev": "32663bb5e4dce31d252b1ba02deb3631d220d74e", + "rev": "543f12dd14c62ddee79ab79fbfd8726f312b89ff", "type": "github" }, "original": { @@ -795,11 +795,11 @@ ] }, "locked": { - "lastModified": 1742982148, - "narHash": "sha256-aRA6LSxjlbMI6MmMzi/M5WH/ynd8pK+vACD9za3MKLQ=", + "lastModified": 1743081648, + "narHash": "sha256-WRAylyYptt6OX5eCEBWyTwOEqEtD6zt33rlUkr6u3cE=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "61c88349bf6dff49fa52d7dfc39b21026c2a8881", + "rev": "29a3d7b768c70addce17af0869f6e2bd8f5be4b7", "type": "github" }, "original": { From a4a38b4a8b870a6db131da708c406a33ad0eee96 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Thu, 3 Apr 2025 22:20:16 +1100 Subject: [PATCH 028/363] system/nix: use nixVersions.latest --- modules/system/nix.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/nix.nix b/modules/system/nix.nix index b3ebc41..ca74901 100644 --- a/modules/system/nix.nix +++ b/modules/system/nix.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: { nix = { - package = pkgs.nixVersions.git; + package = pkgs.nixVersions.latest; settings = rec { extra-sandbox-paths = [ config.programs.ccache.cacheDir ]; From 3502a31065e11072ae84647e3f2c2e8db9ba1be6 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Sat, 5 Apr 2025 12:13:19 +1100 Subject: [PATCH 029/363] user/neovim-minimal: further minimise --- modules/user/neovim-minimal.nix | 10 +------ res/config-minimal.lua | 52 +++------------------------------ 2 files changed, 5 insertions(+), 57 deletions(-) diff --git a/modules/user/neovim-minimal.nix b/modules/user/neovim-minimal.nix index e319e38..a7d3f8c 100644 --- a/modules/user/neovim-minimal.nix +++ b/modules/user/neovim-minimal.nix @@ -11,9 +11,8 @@ withNodeJs = false; plugins = with pkgs.vimPlugins; [ - ctrlp-vim + fzf-vim lualine-nvim - nerdtree tokyonight-nvim vim-fugitive vim-nix @@ -21,14 +20,7 @@ vim-signify vim-surround - nvim-cmp - nvim-lspconfig - cmp-nvim-lsp - cmp_luasnip - luasnip - (nvim-treesitter.withPlugins (p: with p; [ - tree-sitter-comment tree-sitter-json tree-sitter-lua tree-sitter-nix diff --git a/res/config-minimal.lua b/res/config-minimal.lua index 7aade79..f941c9e 100644 --- a/res/config-minimal.lua +++ b/res/config-minimal.lua @@ -5,11 +5,14 @@ map('n', '', 'j', { noremap = true }) map('n', '', 'k', { noremap = true }) map('n', '', 'l', { noremap = true }) map('n', '', ':q', { noremap = true }) +map('n', '', ':Files', { noremap = true }) -- Autocommands vim.cmd('au BufEnter * set noro') +vim.cmd('au CursorHold * lua vim.diagnostic.open_float(0, { scope = "line", focusable = false })') -- Settings +vim.opt.mouse = "" vim.opt.relativenumber = true vim.opt.number = true vim.opt.cursorline = true @@ -43,56 +46,9 @@ vim.g.signify_sign_delete_first_line = '┏━' vim.g.signify_sign_change = vim.g.signify_sign_add vim.g.signify_sign_change_delete = vim.g.signify_sign_delete --- Theming -vim.g.tokyonight_style = 'night' -vim.cmd[[ - syntax enable - colorscheme tokyonight -]] -local colors = require("tokyonight.colors").setup {} -vim.cmd("highlight SignifySignAdd guifg="..colors.green) -vim.cmd("highlight SignifySignChange guifg="..colors.orange) -vim.cmd("highlight SignifySignDelete guifg="..colors.red) -vim.cmd("highlight SignifySignDeleteFirstLine guifg="..colors.red) -vim.cmd("highlight SignifySignChangeDelete guifg="..colors.red) - -- Plugins require('nvim-treesitter.configs').setup { highlight = { enable = true }, indent = { enable = false } } -require('lualine').setup { - options = { - theme = 'tokyonight' - } -} - --- LSP -local nvim_lsp = require('lspconfig') - -local on_attach = function(client, bufnr) - local function buf_set_keymap(...) vim.api.nvim_buf_set_keymap(bufnr, ...) end - local function buf_set_option(...) vim.api.nvim_buf_set_option(bufnr, ...) end - - buf_set_option('omnifunc', 'v:lua.vim.lsp.omnifunc') - - local opts = { noremap = true, silent = true } - - buf_set_keymap('n', 'gD', 'lua vim.lsp.buf.declaration()', opts) - buf_set_keymap('n', 'gd', 'lua vim.lsp.buf.definition()', opts) - buf_set_keymap('n', 'K', 'lua vim.lsp.buf.hover()', opts) - buf_set_keymap('n', 'gi', 'lua vim.lsp.buf.implementation()', opts) - buf_set_keymap('n', '', 'lua vim.lsp.buf.signature_help()', opts) - buf_set_keymap('n', 'wa', 'lua vim.lsp.buf.add_workspace_folder()', opts) - buf_set_keymap('n', 'wr', 'lua vim.lsp.buf.remove_workspace_folder()', opts) - buf_set_keymap('n', 'wl', 'lua print(vim.inspect(vim.lsp.buf.list_workspace_folders()))', opts) - buf_set_keymap('n', 'D', 'lua vim.lsp.buf.type_definition()', opts) - buf_set_keymap('n', 'rn', 'lua vim.lsp.buf.rename()', opts) - buf_set_keymap('n', 'ca', 'lua vim.lsp.buf.code_action()', opts) - buf_set_keymap('n', 'gr', 'lua vim.lsp.buf.references()', opts) - buf_set_keymap('n', 'e', 'lua vim.diagnostic.open_float(0, { scope = "line" })', opts) - buf_set_keymap('n', '[d', 'lua vim.lsp.diagnostic.goto_prev()', opts) - buf_set_keymap('n', ']d', 'lua vim.lsp.diagnostic.goto_next()', opts) - buf_set_keymap('n', 'q', 'lua vim.lsp.diagnostic.set_loclist()', opts) - buf_set_keymap('n', 'f', 'lua vim.lsp.buf.formatting()', opts) -end +require('lualine').setup { } From 4d751d72b3fddba9a2ba499c7fab049113908127 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Sat, 5 Apr 2025 13:05:59 +1100 Subject: [PATCH 030/363] hosts/hazel: init --- flake.nix | 15 +++++--- hosts/hazel/default.nix | 22 +++++++++++ hosts/hazel/filesystem.nix | 53 ++++++++++++++++++++++++++ hosts/hazel/fs-decrypt.nix | 0 hosts/hazel/kernel.nix | 10 +++++ hosts/hazel/networking.nix | 5 +++ modules/system/home-manager-stable.nix | 19 +++++++++ users/hana/default.nix | 5 +-- 8 files changed, 121 insertions(+), 8 deletions(-) create mode 100644 hosts/hazel/default.nix create mode 100644 hosts/hazel/filesystem.nix create mode 100644 hosts/hazel/fs-decrypt.nix create mode 100644 hosts/hazel/kernel.nix create mode 100644 hosts/hazel/networking.nix create mode 100644 modules/system/home-manager-stable.nix diff --git a/flake.nix b/flake.nix index db61e01..a65dbc4 100644 --- a/flake.nix +++ b/flake.nix @@ -2,15 +2,19 @@ inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; home-manager.url = "github:nix-community/home-manager"; - neovim-nightly.url = "github:nix-community/neovim-nightly-overlay"; - agenix.url = "github:ryantm/agenix"; + home-manager.inputs.nixpkgs.follows = "nixpkgs"; - aagl.url = "github:ezKEa/aagl-gtk-on-nix"; + nixpkgs-vicuna.url = "github:NixOS/nixpkgs/release-24.11"; + home-manager-vicuna.url = "github:nix-community/home-manager/release-24.11"; + home-manager-vicuna.inputs.nixpkgs.follows = "nixpkgs-vicuna"; + + agenix.url = "github:ryantm/agenix"; agenix.inputs.nixpkgs.follows = "nixpkgs"; + aagl.url = "github:ezKEa/aagl-gtk-on-nix"; catppuccin.url = "github:catppuccin/nix/8eada392fd6571a747e1c5fc358dd61c14c8704e"; catppuccin.inputs.nixpkgs.follows = "nixpkgs"; catppuccin-palette = { url = "github:catppuccin/palette"; flake = false; }; - home-manager.inputs.nixpkgs.follows = "nixpkgs"; + neovim-nightly.url = "github:nix-community/neovim-nightly-overlay"; neovim-nightly.inputs.nixpkgs.follows = "nixpkgs"; nix-gaming.url = "github:fufexan/nix-gaming"; @@ -35,7 +39,7 @@ wine-discord-ipc-bridge = { url = "github:0e4ef622/wine-discord-ipc-bridge"; flake = false; }; }; - outputs = { self, agenix, catppuccin, nixpkgs, ... } @ inputs: + outputs = { self, agenix, catppuccin, nixpkgs, nixpkgs-vicuna, ... } @ inputs: let overlays = (import ./overlays) ++ [(final: prev: { @@ -69,6 +73,7 @@ in { nixosConfigurations."anemone" = mkSystem nixpkgs "anemone" "x86_64-linux" []; + nixosConfigurations."hazel" = mkSystem nixpkgs-vicuna "hazel" "x86_64-linux" []; nixosConfigurations."hyacinth" = mkSystem nixpkgs "hyacinth" "x86_64-linux" []; packages."x86_64-linux" = diff --git a/hosts/hazel/default.nix b/hosts/hazel/default.nix new file mode 100644 index 0000000..94a4764 --- /dev/null +++ b/hosts/hazel/default.nix @@ -0,0 +1,22 @@ +{ modules, ... }: { + networking.hostName = "hazel"; + system.stateVersion = "24.11"; + time.timeZone = "Australia/Melbourne"; + + imports = with modules.system; [ + home-manager + + base + kernel + nix-stable + packages + security + + ./filesystem.nix + ./kernel.nix + ./networking.nix + ./packages.nix + + ../../users/hana + ]; +} diff --git a/hosts/hazel/filesystem.nix b/hosts/hazel/filesystem.nix new file mode 100644 index 0000000..525bb4a --- /dev/null +++ b/hosts/hazel/filesystem.nix @@ -0,0 +1,53 @@ +{ ... }: +let + mkLabelMount = label: type: options: { + device = "/dev/disk/by-label/${label}"; + fsType = type; + options = options; + }; + mkBtrfsMount = name: ext: subvol: atime: mkLabelMount name "btrfs" + [ + "autodefrag" + "compress=zstd:4" + "compress-force=zstd:4" + "defaults" + "nossd" + "space_cache=v2" + "subvol=${subvol}" + (if atime then "relatime" else "noatime") + ] ++ ext; + + mkHazelMount = mkBtrfsMount "HAZEL" [ "noauto" ]; +in +{ + boot.supportedFilesystems = [ "btrfs" ]; + fileSystems = { + "/" = { + device = "rootfs"; + fsType = "tmpfs"; + options = [ "defaults" "mode=755" ]; + }; + "/boot" = mkLabelMount "ROOT" "vfat" []; + + "/flower" = mkHazelMount "/current/flower" true; + "/persist" = mkHazelMount "/current/persist" true; + "/var" = mkHazelMount "/current/var" true; + "/nix" = mkHazelMount "/current/nix" false; + + "/mnt" = mkHazelMount "/" true; + }; + + services.snapper.cleanupInterval = "1h"; + services.snapper.configs.flower = { + FSTYPE = "btrfs"; + SUBVOLUME = "/mnt/current/flower"; + TIMELINE_CLEANUP = true; + TIMELINE_CREATE = true; + TIMELINE_MIN_AGE = "1800"; + TIMELINE_LIMIT_HOURLY = "5"; + TIMELINE_LIMIT_DAILY = "7"; + TIMELINE_LIMIT_WEEKLY = "0"; + TIMELINE_LIMIT_MONTHLY = "0"; + TIMELINE_LIMIT_YEARLY = "0"; + }; +} diff --git a/hosts/hazel/fs-decrypt.nix b/hosts/hazel/fs-decrypt.nix new file mode 100644 index 0000000..e69de29 diff --git a/hosts/hazel/kernel.nix b/hosts/hazel/kernel.nix new file mode 100644 index 0000000..20be1ed --- /dev/null +++ b/hosts/hazel/kernel.nix @@ -0,0 +1,10 @@ +{ ... }: { + boot = { + loader = { + efi.canTouchEfiVariables = true; + systemd-boot.enable = true; + }; + initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; + kernelModules = [ "kvm-amd" ]; + }; +} diff --git a/hosts/hazel/networking.nix b/hosts/hazel/networking.nix new file mode 100644 index 0000000..1dd932a --- /dev/null +++ b/hosts/hazel/networking.nix @@ -0,0 +1,5 @@ +{ config, ... }: { + networking = { + useDHCP = true; + }; +} diff --git a/modules/system/home-manager-stable.nix b/modules/system/home-manager-stable.nix new file mode 100644 index 0000000..6f9f9cc --- /dev/null +++ b/modules/system/home-manager-stable.nix @@ -0,0 +1,19 @@ +{ config, inputs, modules, ... }: { + imports = [ + inputs.home-manager-vicuna.nixosModules.home-manager + ]; + home-manager = { + useGlobalPkgs = true; + useUserPackages = true; + extraSpecialArgs = { + inherit inputs modules; + sysConfig = config; + }; + sharedModules = [ + { + imports = [ modules.options ]; + config.me = config.me; + } + ]; + }; +} diff --git a/users/hana/default.nix b/users/hana/default.nix index 25cfc8b..a895181 100644 --- a/users/hana/default.nix +++ b/users/hana/default.nix @@ -7,8 +7,7 @@ uid = 1002; hashedPassword = "$y$j9T$3xCNDudmfrIu5VfQQoDkj/$ugzJWq0gORN9jnhDsREu31CkL3zwniQu6KoLbmg6Wr/"; openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPru5eTBvHJ4ZmrrzPRHCGM09wQP/ZHSaKYalDuBVO15 rin@blossom" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ5l9t8dc6mPsKKYqZlPKvhOdyqz+DS5UOcvHuh3uVGt @strawberry" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPru5eTBvHJ4ZmrrzPRHCGM09wQP/ZHSaKYalDuBVO15 rin@anemone" ]; }; @@ -16,7 +15,7 @@ home = { username = "hana"; homeDirectory = "/home/hana"; - stateVersion = "23.11"; + stateVersion = "24.11"; }; imports = with modules.user; [ From 5be539a686a98a7ed20a120fb0c2088f6faf2cf8 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Sat, 5 Apr 2025 13:14:43 +1100 Subject: [PATCH 031/363] flake: lock inputs --- flake.lock | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/flake.lock b/flake.lock index 2657ea9..ab8ed03 100644 --- a/flake.lock +++ b/flake.lock @@ -387,6 +387,27 @@ "type": "github" } }, + "home-manager-vicuna": { + "inputs": { + "nixpkgs": [ + "nixpkgs-vicuna" + ] + }, + "locked": { + "lastModified": 1743808813, + "narHash": "sha256-2lDQBOmlz9ggPxcS7/GvcVdzXMIiT+PpMao6FbLJSr0=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "a9f8b3db211b4609ddd83683f9db89796c7f6ac6", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-24.11", + "repo": "home-manager", + "type": "github" + } + }, "home-manager_2": { "inputs": { "nixpkgs": [ @@ -580,6 +601,22 @@ "type": "github" } }, + "nixpkgs-vicuna": { + "locked": { + "lastModified": 1743813633, + "narHash": "sha256-BgkBz4NpV6Kg8XF7cmHDHRVGZYnKbvG0Y4p+jElwxaM=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "7819a0d29d1dd2bc331bec4b327f0776359b1fa6", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs_2": { "locked": { "lastModified": 1743076231, @@ -675,10 +712,12 @@ "catppuccin-palette": "catppuccin-palette", "fast-syntax-highlighting": "fast-syntax-highlighting", "home-manager": "home-manager_3", + "home-manager-vicuna": "home-manager-vicuna", "linux-tkg": "linux-tkg", "neovim-nightly": "neovim-nightly", "nix-gaming": "nix-gaming", "nixpkgs": "nixpkgs_3", + "nixpkgs-vicuna": "nixpkgs-vicuna", "nvim-treesitter": "nvim-treesitter", "pure": "pure", "spicetify-nix": "spicetify-nix", From 548c2f868f7ca89db0c2b09c7501b1bfc8fbbf7e Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Sat, 5 Apr 2025 13:16:08 +1100 Subject: [PATCH 032/363] hosts/hazel: remove packages module --- hosts/hazel/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/hosts/hazel/default.nix b/hosts/hazel/default.nix index 94a4764..d0b6960 100644 --- a/hosts/hazel/default.nix +++ b/hosts/hazel/default.nix @@ -15,7 +15,6 @@ ./filesystem.nix ./kernel.nix ./networking.nix - ./packages.nix ../../users/hana ]; From f535775b773f8bb4d0a1214f4ff029e8abf4e255 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Sat, 5 Apr 2025 13:18:05 +1100 Subject: [PATCH 033/363] hazel/filesystem: fix syntax --- hosts/hazel/filesystem.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hosts/hazel/filesystem.nix b/hosts/hazel/filesystem.nix index 525bb4a..d93a43b 100644 --- a/hosts/hazel/filesystem.nix +++ b/hosts/hazel/filesystem.nix @@ -6,7 +6,7 @@ let options = options; }; mkBtrfsMount = name: ext: subvol: atime: mkLabelMount name "btrfs" - [ + ([ "autodefrag" "compress=zstd:4" "compress-force=zstd:4" @@ -15,7 +15,7 @@ let "space_cache=v2" "subvol=${subvol}" (if atime then "relatime" else "noatime") - ] ++ ext; + ] ++ ext); mkHazelMount = mkBtrfsMount "HAZEL" [ "noauto" ]; in From e6f0a356af7bba64831191eb3b04949207c24938 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Sat, 5 Apr 2025 13:19:34 +1100 Subject: [PATCH 034/363] hosts/hazel: use hm-stable --- hosts/hazel/default.nix | 2 +- modules/default.nix | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/hosts/hazel/default.nix b/hosts/hazel/default.nix index d0b6960..14e6645 100644 --- a/hosts/hazel/default.nix +++ b/hosts/hazel/default.nix @@ -4,7 +4,7 @@ time.timeZone = "Australia/Melbourne"; imports = with modules.system; [ - home-manager + home-manager-stable base kernel diff --git a/modules/default.nix b/modules/default.nix index ef69bad..27a81d0 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -36,6 +36,7 @@ in { ./system/greetd.nix ./system/gui.nix ./system/home-manager.nix + ./system/home-manager-stable.nix ./system/input.nix ./system/kernel.nix ./system/nix.nix From 9212de3ab24e620ad64408aaab26e6e2571316ba Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Sat, 5 Apr 2025 13:21:09 +1100 Subject: [PATCH 035/363] hosts/hazel: set env to headless --- hosts/hazel/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/hazel/default.nix b/hosts/hazel/default.nix index 14e6645..5bd3ed4 100644 --- a/hosts/hazel/default.nix +++ b/hosts/hazel/default.nix @@ -18,4 +18,6 @@ ../../users/hana ]; + + me.environment = "headless"; } From 7d50fa4b7577a876b0fafe30335f9e918f90e204 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Sat, 5 Apr 2025 13:22:12 +1100 Subject: [PATCH 036/363] hazel/filesystem: fix empty option --- hosts/hazel/filesystem.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/hazel/filesystem.nix b/hosts/hazel/filesystem.nix index d93a43b..35bac65 100644 --- a/hosts/hazel/filesystem.nix +++ b/hosts/hazel/filesystem.nix @@ -3,7 +3,7 @@ let mkLabelMount = label: type: options: { device = "/dev/disk/by-label/${label}"; fsType = type; - options = options; + options = [ "defaults" ] ++ options; }; mkBtrfsMount = name: ext: subvol: atime: mkLabelMount name "btrfs" ([ From 7f3df40afec448b0b06982606519ac03164c240c Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Sat, 5 Apr 2025 13:24:31 +1100 Subject: [PATCH 037/363] system/base: remove nixpkgs registry --- modules/system/base.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/system/base.nix b/modules/system/base.nix index c924309..143728f 100644 --- a/modules/system/base.nix +++ b/modules/system/base.nix @@ -21,6 +21,5 @@ }; }; nix.registry.config.flake = inputs.self; - nix.registry.nixpkgs.flake = inputs.nixpkgs; nix.registry.shells.flake = inputs.self; } From a411469b2bb4205fc6cdbaa5711f987c2b2589aa Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Sat, 5 Apr 2025 13:39:00 +1100 Subject: [PATCH 038/363] system/packages: add kitty.terminfo --- modules/system/packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/system/packages.nix b/modules/system/packages.nix index d13ac73..2b6b12d 100644 --- a/modules/system/packages.nix +++ b/modules/system/packages.nix @@ -7,6 +7,7 @@ git htop jq + kitty.terminfo libarchive lf msr-tools From dbbd96c274f4b9dfb3a638753db93f0775492e4d Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Sat, 5 Apr 2025 13:42:08 +1100 Subject: [PATCH 039/363] hazel/filesystem: remove noauto --- hosts/hazel/filesystem.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/hazel/filesystem.nix b/hosts/hazel/filesystem.nix index 35bac65..2a60898 100644 --- a/hosts/hazel/filesystem.nix +++ b/hosts/hazel/filesystem.nix @@ -17,7 +17,7 @@ let (if atime then "relatime" else "noatime") ] ++ ext); - mkHazelMount = mkBtrfsMount "HAZEL" [ "noauto" ]; + mkHazelMount = mkBtrfsMount "HAZEL" []; in { boot.supportedFilesystems = [ "btrfs" ]; From 7a6aa37647cf95d00b6323512d91658affa3ae4d Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Sat, 5 Apr 2025 14:09:28 +1100 Subject: [PATCH 040/363] secrets: rekey --- secrets.nix | 16 +++++++--------- secrets/acme_dns.age | 12 ++++++------ secrets/passwd.age | Bin 751 -> 531 bytes secrets/warden_admin.age | Bin 399 -> 289 bytes secrets/wg_blossom.age | 13 ++++++------- secrets/wg_caramel.age | 10 ++++------ secrets/wg_sugarcane.age | 10 ++++------ secrets/wpa_conf.age | Bin 530 -> 420 bytes 8 files changed, 27 insertions(+), 34 deletions(-) diff --git a/secrets.nix b/secrets.nix index 7a1ea24..ed7bde5 100644 --- a/secrets.nix +++ b/secrets.nix @@ -1,18 +1,16 @@ let anemone = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEPFifSAybe97xDP/cq6AAjy7Fm0go0dtQ9ICK6JRUgc"; blossom = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA5wfPCcpkNR3ubr7cBV0UwVCDo/sMmV0aI/JOJTIxQj"; - caramel = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIPFJT1XYyjDZFHYT/8RdxAReKkeU8QfpLrmMjEeW/80"; - sugarcane = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIImymDDLSOdLcsox8wxS9Z84fsbsz6Mi58OU0od2p/ZQ"; - dandelion = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFUk99ku7+eiIO7Q9sIPlPx3GiUljLv7W404W/zwrtzI"; + hazel = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ6mi50ecrrMIn5C4QUyCjPHfSElz0mhevvFCznUzIrK"; rin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPru5eTBvHJ4ZmrrzPRHCGM09wQP/ZHSaKYalDuBVO15"; in { - "secrets/passwd.age".publicKeys = [ anemone blossom caramel sugarcane rin ]; - "secrets/wpa_conf.age".publicKeys = [ blossom caramel rin ]; + "secrets/passwd.age".publicKeys = [ anemone blossom rin ]; + "secrets/wpa_conf.age".publicKeys = [ blossom rin ]; - "secrets/acme_dns.age".publicKeys = [ dandelion rin ]; - "secrets/warden_admin.age".publicKeys = [ caramel rin ]; + "secrets/acme_dns.age".publicKeys = [ hazel rin ]; + "secrets/warden_admin.age".publicKeys = [ rin ]; "secrets/wg_blossom.age".publicKeys = [ blossom rin ]; - "secrets/wg_caramel.age".publicKeys = [ caramel rin ]; - "secrets/wg_sugarcane.age".publicKeys = [ sugarcane rin ]; + "secrets/wg_caramel.age".publicKeys = [ rin ]; + "secrets/wg_sugarcane.age".publicKeys = [ rin ]; } diff --git a/secrets/acme_dns.age b/secrets/acme_dns.age index 96eb63c..2c7d78f 100644 --- a/secrets/acme_dns.age +++ b/secrets/acme_dns.age @@ -1,7 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 bRFqeQ KWUiFdB5Lpd1BYGdmO/IcX0Cj9SUowY5sfwWH/FVyAU -hJKgLSMy/yLfoRtIDVmK71cDoHALXp2rgmJuagpqJ1I --> ssh-ed25519 U9FXlg bgY7WWmCyMWJzLSAnyZwCN5Lm29WVUILVkOUDFKgryo -AZzW/A/rQEmSiy89ixBZHH9TbuLKlyAlWKLNDZj69+k ---- EoGAYXy1ggHHKrcZqHz4ugM2Biil4BCpFzVjEClsoKY -Iz淣ZAvXwh|ݧOXduҠ(nk , >5tu(ܸwlp[\/srpkۧFR \ No newline at end of file +-> ssh-ed25519 ZAcXHw X9WY0FdUMu85iMn7JOdsDxJsKH0wIApPyCWyAWiIB1U +ktEphBxUDaFsrwdomf4TTBeUy3RF7acMMmF0gwYIKWI +-> ssh-ed25519 U9FXlg MnvQHRu9SKFGmuX9niiDG2SuUrf2nNO2x7uFqnebVQk +qDZ/yRn70+xMnE2m/KWfA1ORQ+ssSm/k+MLBIwV5iqA +--- 7M1OahbR167KzlN5SiBKBRUEsq3hgjFWa/pmWfCjD+E +4 •aEyCz[@qsobp}/Ɖ?Jp+bm>.PqB{_fۭ6 Vs )/ \ No newline at end of file diff --git a/secrets/passwd.age b/secrets/passwd.age index 7d2a22449bce6d1b4351487b311a26e2c4412171..207417cd4e0ac24a12c5459a79be18e57f5b49b5 100644 GIT binary patch delta 479 zcmaFQI+IRz#peT6(6jSDw zxJS6FkDFUQS5QDeMTWn7gUS1v+NuJJ5^uhZUxq7PZE_&T`yhRu{MR%bZ1qdz!Cb`O0y9O6S_? zR$XB}s>>8--Y7F(epqnk-rlFJQ4LqUPW{Z6KB_m_nw?eu=IIRz#qJSz(pAkB_UPwt2phMU-QiNqt0;fp(~+Z+U95YhqDia!zqs zps#s`o1t?gS6Gr!WM)*3n^(Glc9ywwX;iLTXqA6TQe|XBrEfq%nYXD&u}4ZlQECc? zb=gIcsilDmzGcbAE>*cMzUICGc|m0X{>5q9=5BsjRrwZ02E~aPS-JHYX?d2OW?{jR zTrQSr0s8rlWd^|>NzMl0<-wjtnI=)mS!N#D0s5KlKHi0X;o2^R$wn@&=)Uu)Fg8yv zS4cBV@(4~h4K(%(G)b+j^03sdG;xVY3kpjMb2JI5O3$l|3=4NO%`3{V;PN)HOf9cW zS1}JQ_sA_Saf}QJGjS}@&&Um|D5)^cGVv=iF1APt)_1b>3Y_>+ygu2}!#gZJ$Wz}i z&!fmK&CJX4=b&D6^{*fY<^q$n^rkjuHsrK-eT+bB0bIVv#BBrn4& z&@&<_&@ClD(ZC?hA}l}I!^0!X&@s6xluK7vS3x@`)!8^V($^=#&B)xsSKA{b+{`mG zq_8B%B;2RGEX*i5xjv^Pq9Q9%-(jk zzoC4FQ?0W=b4u>&c~!rgSa!UdZEIE1b10sTt2jcmYyS_8#|Pdfwk|lJ@SrT@-t_t} zvy;m=vfcgeq7al_+IiBB;r2zB>rvhE#}Y4A|M0Ror4y=uDY55}-?1n+&_5%>!!JCL zOIKG{!89Z}v(!8!BPT1}ElNMw$v4f>GB4OU*wooAur@g~#Vf@rAuJ5w9zvQ#1TT52vis^S{r!neX*!jpV MU(;u$e2;Pm07^|_Bme*a delta 371 zcmZ3;)XzLYwLZHjGPN{NA`JxHv;MHO0u()X-8P)Y2^?CtV>d#MGstvNSV2yWY{qEU6^L+0?hhq^!)jw94Pf zydtYKO+QaREz;l7$IXDtC(pRRDA}^Oyx89_yec3#yEIZizpTvI!`&h{N8dQbqrjsu z$ip)^yC{@PS65e|*eTf5+cexgs4O|XsMyjuC?YDWtR&Udv@ozJAj4Nbq$oEd**qy! zJ0+c~EoW|t)JG15X2!JtSHD?4^1k&X!&pe^&Y3IACw0ABk?iv!#?@iJ?u8S1Sv*M- zw4FSyxjt$H9{IPm=72#~k^JG@bsc*=76$5NoQYD-c`{@7cSA ssh-ed25519 CUCjXQ iM2w01v4y0Q3DVbpGtt6f3HiHMRw7Xr08JgTB6fe8x4 -WiBMVRZr1edBVfLAPAFT4GSEGoyn9jWzO92yysNM9Mo --> ssh-ed25519 U9FXlg Bvlaqu4nEbjfBGgBFKDmD1cBbxH2+dyz1BHzegz1AS4 -+sf3rC0J2Ik1SNtpr52GxV6G6tzGLiwlvjXFWE3qrSw ---- yaZjH1jeXqPGiw1lIkH9uz6QJo/nM1lBezbpVlJDNUM -cgj" -U"^ *ADvl2cRq).NLtZjCB5l^0)䥆. \ No newline at end of file +-> ssh-ed25519 CUCjXQ mqquiRe6H9yHqO6lEs+V5J1AVMEerJ3fvHsyqZQPcG4 +C/oLdx+x56uwtCKHz8Et/dhEsY3OVgU4EN8QMGLqlhk +-> ssh-ed25519 U9FXlg W1WAEuZWAUmPgFNMVHe4QFvyg8JB7KVCSY3G4NIqCm4 +oCC5ygrI2NX7A3RoS/0ec1xkxaNdpI+7mAD7rP1pbVY +--- gY/ClncwSlIhONgOsaSsNXHQvIJSUFyskJ9op3ZmzbU +q9&ױԥ'^ B&3C[&R1m[uB|H{P>}W3*89}X݀ \ No newline at end of file diff --git a/secrets/wg_caramel.age b/secrets/wg_caramel.age index 37276ac..dced6d8 100644 --- a/secrets/wg_caramel.age +++ b/secrets/wg_caramel.age @@ -1,7 +1,5 @@ age-encryption.org/v1 --> ssh-ed25519 krYeuQ vlK9Aa/Fhkj1jTAcccxKnSzj0jNfEoX5ymPhlaqIVSs -Vb7lRsCmKM0Fvfb+NyNnNCjqCAQsndLNdA1nXFkiOrA --> ssh-ed25519 U9FXlg H9ivqARf7cdfyBd4QnlqLiPNpfk2X/eK60K5//+7l1g -oYgaHVWJ8xc+fmMTMvrXSt1DsVfbNF0z4V+N/C1vwXY ---- jtu3xxWFDWBtme5eM52EsMmOwKDss8EctnY7FpfQcI4 -`sE+XVHGɯIZH{8Ƣݙۅo3c=9B:gtl ёvJ> +-> ssh-ed25519 U9FXlg XAfjch0Ys155BWD6jaQKUb8xTUg2Y1oPiAjWBHH08CM +wgp//+xP+U1Brbn2Wm/wLDFTDIqfp9rK5S21DeoEjaI +--- XsNFAF201zpqjyqi3gKJyMU4UY+AzTu8BxTBXb0GDEM +e*J#J+\llR fƞw~3G]E"NahP ЀV8[xA&\5RN \ No newline at end of file diff --git a/secrets/wg_sugarcane.age b/secrets/wg_sugarcane.age index ef79954..d07a6bd 100644 --- a/secrets/wg_sugarcane.age +++ b/secrets/wg_sugarcane.age @@ -1,7 +1,5 @@ age-encryption.org/v1 --> ssh-ed25519 Hx37cw 6W7QYggFHAuAPxCBoTWdwSRxmJhtGHDgg3C2UJ73qgM -Af4Gpj2kQsNWrMt4ZQ1ItmKsuSq7McE9Ckc9mAkotms --> ssh-ed25519 U9FXlg +snitv62lCxu4sMz/iS8mz8I+5KUwtLO0jyAY1epr0s -ePqUSmK3P3PVLo+IdWK3Gq+7b2kMkbJmpsyXqcWFAf8 ---- oA8Y59o/iow4m2TjmFx5BvClendD1fpi2sRNtxnXz3Y -(Gdm6i>>(~B{b3HG7֟[qB:٬'I92ЅJd} \ No newline at end of file +-> ssh-ed25519 U9FXlg nANUFeShFwM9GPwCsfUjQre6FJ3KD42uwM2veyJKqVY +qn17BM6j3alTyTdWslWyGhyRKHR9/jdczTPr9i6ZzyE +--- mY/i+wgNV7nDRSJDJkJG1TdOno+ARZcrvRMJiBLy8EI +=!n\21;,O+/x*\ Q57Tq5bS=úF!SL$iwB70zZ{!SB< \ No newline at end of file diff --git a/secrets/wpa_conf.age b/secrets/wpa_conf.age index 17e93a9e7aecee8096bb02f3eea576b17cdd583a..7ee2ed7ed867b64e1b616cc405eec048babf0cda 100644 GIT binary patch delta 366 zcmbQlvV?hpPPnImZ@#OafkCQoV4-oES#gDs^(k%! z5f$#?E+t0kQJIw%K7JnV&c=y(xuwQAnT4T6xmlUvLAf50<=Mu*TxG`QC6-?LE>2~R z`9=j6hJo2(>H3Bdx9Q zG|kM)slEO}G{nQ;ZPL!RIR`$SWj>J|oc&X0j(2$N?Vlq0*?I*M%)d|0);@M1qaZOT zi~nK!#4Er1XCKN@X`a7zc7p8B&@}y3ckW9_<<)#jZ%vN4X1MgF|H&_#Ux=*Ii)G+R QnOn2Ye7ADC+KDT_0bMwe9smFU delta 496 zcmZ3&Jc(t3PJK#Hkc)4XX>Mt-X=J!_Mu=B{QGRJfctLo%Us9ThUv5-hc~OLCL1?f` zI#-^FWm1@5ZepHezGJR-N`#ARRiUqIL6l#fqobdfrJ+YzVwRmuph4UqFCcK~YY!sX>0KML=+dp;J|;OJSIEXik_X zx^Da*IToS0&UppNUI9hv8RlX2F3AR|rr|l| zzFgi(xygPdsm`fYj%7y9c^>($0TyA&p~j`<=?0Nb{skGy+4>=shQYZ>pe``z9~UDS?0lpwgM!y8+C{z}+i<`cYd4gdr3xw8NO From 28cca81e69b843c8c38ad85ccf84232284417bbd Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Sat, 5 Apr 2025 14:10:13 +1100 Subject: [PATCH 041/363] hazel: add nextcloud --- hosts/hazel/default.nix | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/hosts/hazel/default.nix b/hosts/hazel/default.nix index 5bd3ed4..79a6b2a 100644 --- a/hosts/hazel/default.nix +++ b/hosts/hazel/default.nix @@ -1,4 +1,4 @@ -{ modules, ... }: { +{ modules, pkgs, ... }: { networking.hostName = "hazel"; system.stateVersion = "24.11"; time.timeZone = "Australia/Melbourne"; @@ -8,6 +8,7 @@ base kernel + nginx nix-stable packages security @@ -20,4 +21,15 @@ ]; me.environment = "headless"; + + services.nextcloud = { + enable = true; + package = pkgs.nextcloud31; + hostName = "cloud.lava.moe"; + database.createLocally = true; + config = { + dbtype = "pgsql"; + adminpassFile = "/persist/nextcloud-admin-pass"; + }; + }; } From 27edd08727815d74fa3d551e4c1c88768636951f Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Sat, 5 Apr 2025 14:11:08 +1100 Subject: [PATCH 042/363] hosts/hazel: fix nginx module --- hosts/hazel/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/hazel/default.nix b/hosts/hazel/default.nix index 79a6b2a..c487e5e 100644 --- a/hosts/hazel/default.nix +++ b/hosts/hazel/default.nix @@ -3,7 +3,7 @@ system.stateVersion = "24.11"; time.timeZone = "Australia/Melbourne"; - imports = with modules.system; [ + imports = with modules.system; with modules.services; [ home-manager-stable base From a224191007f7f4f34867295cbe7d5334a8761e06 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Thu, 10 Apr 2025 23:27:40 +1000 Subject: [PATCH 043/363] hyacinth/packages: remove android-studio --- hosts/hyacinth/packages.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/hosts/hyacinth/packages.nix b/hosts/hyacinth/packages.nix index 555a414..a1288ca 100644 --- a/hosts/hyacinth/packages.nix +++ b/hosts/hyacinth/packages.nix @@ -1,6 +1,5 @@ { pkgs, ... }: { environment.systemPackages = with pkgs; [ - android-studio jetbrains.idea-community-bin texliveFull ]; From 5a834de1dd8061a1bd898ace08f99095875b5cc3 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Thu, 24 Apr 2025 23:49:37 +1000 Subject: [PATCH 044/363] hosts/hyacinth: enable jenkins --- hosts/hyacinth/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/hyacinth/default.nix b/hosts/hyacinth/default.nix index be9ee49..3c8c23b 100644 --- a/hosts/hyacinth/default.nix +++ b/hosts/hyacinth/default.nix @@ -40,6 +40,8 @@ ]; systemd.services.nix-daemon.environment.TMPDIR = "/nix/tmp"; + services.jenkins.enable = true; + # For steam fhs-env nixpkgs.config.permittedInsecurePackages = [ "openssl-1.1.1w" From 95b3116fa8f3959be6274709b9da3d21c7cadf60 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Fri, 25 Apr 2025 00:02:55 +1000 Subject: [PATCH 045/363] user/neovim: add ts-groovy --- modules/user/neovim.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/user/neovim.nix b/modules/user/neovim.nix index 0c1df3a..cc01311 100644 --- a/modules/user/neovim.nix +++ b/modules/user/neovim.nix @@ -55,6 +55,7 @@ in { tree-sitter-c tree-sitter-c-sharp tree-sitter-cpp + tree-sitter-groovy tree-sitter-html tree-sitter-java tree-sitter-javascript From 16a8c3e1865fc4ff662a21122e105cc70657b1b2 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Thu, 24 Apr 2025 22:40:09 +1000 Subject: [PATCH 046/363] services/syncthing: init --- hosts/hyacinth/default.nix | 2 ++ modules/default.nix | 1 + modules/services/syncthing.nix | 22 ++++++++++++++++++++++ 3 files changed, 25 insertions(+) create mode 100644 modules/services/syncthing.nix diff --git a/hosts/hyacinth/default.nix b/hosts/hyacinth/default.nix index 3c8c23b..9ea9a4c 100644 --- a/hosts/hyacinth/default.nix +++ b/hosts/hyacinth/default.nix @@ -31,6 +31,8 @@ snapper virtualisation + modules.services.syncthing + ./filesystem.nix ./kernel.nix ./networking.nix diff --git a/modules/default.nix b/modules/default.nix index ef69bad..fb3ab68 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -21,6 +21,7 @@ in { ./services/postgres.nix ./services/sonarr.nix ./services/synapse.nix + ./services/syncthing.nix ./services/tmptsync.nix ./services/unbound.nix ./services/vaultwarden.nix diff --git a/modules/services/syncthing.nix b/modules/services/syncthing.nix new file mode 100644 index 0000000..4586d84 --- /dev/null +++ b/modules/services/syncthing.nix @@ -0,0 +1,22 @@ +{ ... }: { + systemd.services.syncthing.environment.STNODEFAULTFOLDER = "true"; + services.syncthing = { + enable = true; + openDefaultPorts = true; + user = "rin"; + group = "users"; + dataDir = "/persist/shared/.syncthing/data"; + configDir = "/persist/shared/.syncthing/config"; + settings = { + devices = { + #"anemone".id = ""; + }; + # folders = { + # "Obby" = { + # path = "/home/rin/Documents/Obby/Obby"; + # devices = []; + # }; + # }; + }; + }; +} From ed5e0e405dfde331afdd177504f798ac87a0358a Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 29 Apr 2025 01:49:45 +0000 Subject: [PATCH 047/363] flake: bump inputs --- flake.lock | 102 ++++++++++++++++++++++++++--------------------------- 1 file changed, 51 insertions(+), 51 deletions(-) diff --git a/flake.lock b/flake.lock index dd8d136..9fefaf2 100644 --- a/flake.lock +++ b/flake.lock @@ -6,11 +6,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1743475805, - "narHash": "sha256-H3T9CQ1qBwtEW8M+v5noSpRej6YNJRC5cpU0fO4oH/0=", + "lastModified": 1744234873, + "narHash": "sha256-lQOQNEU1z4/oVBpWDjTXidMdelaafNR3jecj6n0hCIU=", "owner": "ezKEa", "repo": "aagl-gtk-on-nix", - "rev": "d57ccce285ce6fc5e970420c31b49d9cef62d0bc", + "rev": "8f45b51942618a16e2027a67f054400a32a4b534", "type": "github" }, "original": { @@ -29,11 +29,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1736955230, - "narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=", + "lastModified": 1745630506, + "narHash": "sha256-bHCFgGeu8XjWlVuaWzi3QONjDW3coZDqSHvnd4l7xus=", "owner": "ryantm", "repo": "agenix", - "rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c", + "rev": "96e078c646b711aee04b82ba01aefbff87004ded", "type": "github" }, "original": { @@ -121,11 +121,11 @@ ] }, "locked": { - "lastModified": 1700795494, - "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", + "lastModified": 1744478979, + "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", + "rev": "43975d782b418ebf4969e9ccba82466728c2851b", "type": "github" }, "original": { @@ -229,11 +229,11 @@ ] }, "locked": { - "lastModified": 1741352980, - "narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=", + "lastModified": 1743550720, + "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9", + "rev": "c621e8422220273271f52058f618c94e405bb0f5", "type": "github" }, "original": { @@ -331,11 +331,11 @@ ] }, "locked": { - "lastModified": 1742014779, - "narHash": "sha256-I6fG1zrfdLFcp/imGZElig0BJO3YU0QEXLgvwWoOpJ8=", + "lastModified": 1744693102, + "narHash": "sha256-1Z4WPGVky4w3lrhrgs89OKsLzPdtkbi1bPLNFWsoLfY=", "owner": "hercules-ci", "repo": "hercules-ci-effects", - "rev": "524637ef84c177661690b924bf64a1ce18072a2c", + "rev": "5b6cec51c9ec095a0d3fd4c8eeb53eb5c59ae33e", "type": "github" }, "original": { @@ -352,11 +352,11 @@ ] }, "locked": { - "lastModified": 1703113217, - "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", + "lastModified": 1745494811, + "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=", "owner": "nix-community", "repo": "home-manager", - "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", + "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be", "type": "github" }, "original": { @@ -415,11 +415,11 @@ ] }, "locked": { - "lastModified": 1744038920, - "narHash": "sha256-9a4V1wQXS8hXZtc7mRtz0qINkGW+C99aDrmXY6oYBFg=", + "lastModified": 1745858959, + "narHash": "sha256-B1FQwPCFLL3cbHc2nxT3/UI1uprHp2h1EA6M2JVe0oQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "a4d8020820a85b47f842eae76ad083b0ec2a886a", + "rev": "d0d9d0a1454d5a0200693570618084d80a8b336c", "type": "github" }, "original": { @@ -459,11 +459,11 @@ "linux-tkg": { "flake": false, "locked": { - "lastModified": 1743967062, - "narHash": "sha256-K1wwqfhi1a4ufXYultiJBW1z9G4VU4A5Ws8e129UU4o=", + "lastModified": 1745806569, + "narHash": "sha256-jgtx8EPKrk/nerg9vC1EFafZP4ECqISFQuFdIbLZBA4=", "owner": "Frogging-Family", "repo": "linux-tkg", - "rev": "840bf847ab58d7b65847c8f41d4c0d5f8f84d6be", + "rev": "2600d0f399e83e54a337263aca6ed8792773b115", "type": "github" }, "original": { @@ -485,11 +485,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1744003175, - "narHash": "sha256-b0b/qxiqf2G2/UrmcyP9aYr0Ni5NpdCY6GEF8KgnmCU=", + "lastModified": 1745798752, + "narHash": "sha256-0jiImtQNvlDqf0eWqWFGugNjhazNmaXMi2fM7/B/cd8=", "owner": "nix-community", "repo": "neovim-nightly-overlay", - "rev": "f7f5a474c38e3e41827b067f741e12ecbbe5cf18", + "rev": "31a7206bdf9e0c01db2165e20a6082690c60b9c9", "type": "github" }, "original": { @@ -501,11 +501,11 @@ "neovim-src": { "flake": false, "locked": { - "lastModified": 1743931206, - "narHash": "sha256-Dl6kHmsN6AZBWEgEbQGpKYy+qvg+oPbBrK/CFQsWmZM=", + "lastModified": 1745795730, + "narHash": "sha256-7sPk1jScMqsTwXYYFKYILrE9xLk7CK+yCBqcK46HTv8=", "owner": "neovim", "repo": "neovim", - "rev": "2d11b981bfbb7816d88a69b43b758f3a3f515b96", + "rev": "ce097c5091eab3550e1534fd111752577b5813ea", "type": "github" }, "original": { @@ -520,11 +520,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1743990663, - "narHash": "sha256-n7bzOLVlYvxgawlIl8fXIxaDjATKhYOhp2OyP61DxdI=", + "lastModified": 1745718727, + "narHash": "sha256-Q+8ki5/0doymTb/6yZyB1IgKy7vIkWG5IILIzw9Vz1U=", "owner": "fufexan", "repo": "nix-gaming", - "rev": "35e3aef6ebb7b27195586130175f1409cd71d7f7", + "rev": "f42092f4379fe71bf810a71c1c33f1f807b97746", "type": "github" }, "original": { @@ -582,11 +582,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1743689281, - "narHash": "sha256-y7Hg5lwWhEOgflEHRfzSH96BOt26LaYfrYWzZ+VoVdg=", + "lastModified": 1745377448, + "narHash": "sha256-jhZDfXVKdD7TSEGgzFJQvEEZ2K65UMiqW5YJ2aIqxMA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2bfc080955153be0be56724be6fa5477b4eefabb", + "rev": "507b63021ada5fee621b6ca371c4fca9ca46f52c", "type": "github" }, "original": { @@ -598,11 +598,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1743964447, - "narHash": "sha256-nEo1t3Q0F+0jQ36HJfbJtiRU4OI+/0jX/iITURKe3EE=", + "lastModified": 1745526057, + "narHash": "sha256-ITSpPDwvLBZBnPRS2bUcHY3gZSwis/uTe255QgMtTLA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "063dece00c5a77e4a0ea24e5e5a5bd75232806f8", + "rev": "f771eb401a46846c1aebd20552521b233dd7e18b", "type": "github" }, "original": { @@ -638,11 +638,11 @@ "nvim-treesitter": { "flake": false, "locked": { - "lastModified": 1744052902, - "narHash": "sha256-gCCxRnWMSd/GZzAGpTau4nwWM/bI/lbhhvShEv5anak=", + "lastModified": 1745744694, + "narHash": "sha256-6yOzYxw7mGS1rYCFUL7e/l1NJuBa0oCLApM2IaSn07U=", "owner": "nvim-treesitter", "repo": "nvim-treesitter", - "rev": "0e21ee8df6235511c02bab4a5b391d18e165a58d", + "rev": "3b308861a8d7d7bfbe9be51d52e54dcfd9fe3d38", "type": "github" }, "original": { @@ -654,11 +654,11 @@ "pure": { "flake": false, "locked": { - "lastModified": 1723068801, - "narHash": "sha256-TbOrnhLHgOvcfsgmL0l3bWY33yLIhG1KSi4ITIPq1+A=", + "lastModified": 1745571677, + "narHash": "sha256-m4vCfX/IwByQN0OvcwDs+fy6LYndhGbNDQueOCREVx8=", "owner": "sindresorhus", "repo": "pure", - "rev": "92b8e9057988566b37ff695e70e2e9bbeb7196c8", + "rev": "5c2158096cd992ad73ae4b42aa43ee618383e092", "type": "github" }, "original": { @@ -697,11 +697,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1744076033, - "narHash": "sha256-BLPPPtkTH+gKab1m5Wf6Q6pedNEV++k9rh3t4E+4ISA=", + "lastModified": 1745876380, + "narHash": "sha256-rn8LzSWtOpcvIB8JJ+UX5YtIAkH0vjF9EZfo7U9QGyQ=", "owner": "Gerg-L", "repo": "spicetify-nix", - "rev": "8e24ec6ffd117cb1c42b8a594134a44db12e9765", + "rev": "8e05ca5d733b41d9f576076bd268a79ce3f975ee", "type": "github" }, "original": { @@ -795,11 +795,11 @@ ] }, "locked": { - "lastModified": 1743748085, - "narHash": "sha256-uhjnlaVTWo5iD3LXics1rp9gaKgDRQj6660+gbUU3cE=", + "lastModified": 1745780832, + "narHash": "sha256-jGzkZoJWx+nJnPe0Z2xQBUOqMKuR1slVFQrMjFTKgeM=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "815e4121d6a5d504c0f96e5be2dd7f871e4fd99d", + "rev": "b2b6c027d708fbf4b01c9c11f6e80f2800b5a624", "type": "github" }, "original": { From cc57b59ff276e24850cc0ed34787d7d89fbbf15e Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 29 Apr 2025 01:49:46 +0000 Subject: [PATCH 048/363] packages/linux-lava: bump to 6.14.4 --- packages/linux-lava/sources.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/linux-lava/sources.nix b/packages/linux-lava/sources.nix index b1ef6dd..f91202b 100644 --- a/packages/linux-lava/sources.nix +++ b/packages/linux-lava/sources.nix @@ -1,8 +1,8 @@ { fetchFromGitHub, inputs, lib }: let - version = "6.14.1"; + version = "6.14.4"; kernelHash = "0w3nqh02vl8f2wsx3fmsvw1pdsnjs5zfqcmv2w2vnqdiwy1vd552"; - kernelPatchHash = "01d9vnhrv95jfhjf9y2mh5ybkv3rgm23r1gcqv2i58g0v9b6sm3v"; + kernelPatchHash = "0axc23wm9m51f7cq1908i0gwzgkq1cm3aq9ndl3hm3wgbvi5rkb4"; mm = lib.versions.majorMinor version; hasPatch = (builtins.length (builtins.splitVersion version)) == 3; From dfdb1afe39e9fb04ed319182e3c7ba80e8013dcc Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Tue, 29 Apr 2025 20:23:13 +1000 Subject: [PATCH 049/363] rin/packages: use latest nodejs, 18 is eol --- users/rin/packages.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/users/rin/packages.nix b/users/rin/packages.nix index 51b2e2e..3b4a496 100644 --- a/users/rin/packages.nix +++ b/users/rin/packages.nix @@ -19,7 +19,7 @@ in { gnupg kitty nil - nodejs-18_x + nodejs_latest pamixer qmk ripgrep From f957be17d0c304a882041cf9d0352ded5d131681 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Tue, 29 Apr 2025 20:28:32 +1000 Subject: [PATCH 050/363] user/zsh: switch to new initcontent --- modules/user/zsh.nix | 38 ++++++++++++++++++++------------------ 1 file changed, 20 insertions(+), 18 deletions(-) diff --git a/modules/user/zsh.nix b/modules/user/zsh.nix index 9f4b920..54533b9 100644 --- a/modules/user/zsh.nix +++ b/modules/user/zsh.nix @@ -117,14 +117,6 @@ in { }; enableCompletion = true; - initExtraBeforeCompInit = '' - fpath+=(/run/current-system/sw/share/zsh/site-functions) - zstyle ':completion:*' completer _complete - zstyle ':completion:*' matcher-list "" 'm:{[:lower:][:upper:]-_}={[:upper:][:lower:]_-}' '+l:|=* r:|=*' - zstyle ':completion:*' menu select - _comp_options+=(globdots) - zmodload zsh/complist - ''; localVariables = { KEYTIMEOUT = "1"; @@ -138,16 +130,26 @@ in { ls = "ls --color=auto --group-directories-first -v"; diff = "diff -Naur --color=auto"; }; - initExtraFirst = '' - autoload -U colors && colors - ''; - initExtra = lib.concatStringsSep "\n" [ - pure - cursorShape - direnv - genAbbrs - viExtraNav - disableExecute + initContent = lib.mkMerge [ + (lib.mkBefore '' + autoload -U colors && colors + '') + (lib.mkOrder 550 '' + fpath+=(/run/current-system/sw/share/zsh/site-functions) + zstyle ':completion:*' completer _complete + zstyle ':completion:*' matcher-list "" 'm:{[:lower:][:upper:]-_}={[:upper:][:lower:]_-}' '+l:|=* r:|=*' + zstyle ':completion:*' menu select + _comp_options+=(globdots) + zmodload zsh/complist + '') + (lib.concatStringsSep "\n" [ + pure + cursorShape + direnv + genAbbrs + viExtraNav + disableExecute + ]) ]; plugins = builtins.map (e: pluginFromInput e) [ From cc2adb3aa803350b9fb6ae9f041f19b96a2feee3 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Mon, 5 May 2025 17:26:44 +1000 Subject: [PATCH 051/363] services/syncthing: use tmpfile rules to create data directories --- modules/services/syncthing.nix | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/modules/services/syncthing.nix b/modules/services/syncthing.nix index 4586d84..2316f9f 100644 --- a/modules/services/syncthing.nix +++ b/modules/services/syncthing.nix @@ -1,4 +1,14 @@ -{ ... }: { +{ config, ... }: +let + dir = "/persist/shared/.syncthing"; + uid = toString config.users.users.rin.uid; + gid = toString config.users.groups.users.gid; +in +{ + systemd.tmpfiles.rules = [ + "d ${dir}/config 700 ${uid} ${gid}" + "d ${dir}/data 700 ${uid} ${gid}" + ]; systemd.services.syncthing.environment.STNODEFAULTFOLDER = "true"; services.syncthing = { enable = true; @@ -7,16 +17,5 @@ group = "users"; dataDir = "/persist/shared/.syncthing/data"; configDir = "/persist/shared/.syncthing/config"; - settings = { - devices = { - #"anemone".id = ""; - }; - # folders = { - # "Obby" = { - # path = "/home/rin/Documents/Obby/Obby"; - # devices = []; - # }; - # }; - }; }; } From f85f39f7fa5bdf27ff8223287f29482c94598c88 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Sat, 10 May 2025 14:59:25 +1000 Subject: [PATCH 052/363] rin/packages: switch to gimp3 --- users/rin/packages.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/users/rin/packages.nix b/users/rin/packages.nix index 3b4a496..a434cb3 100644 --- a/users/rin/packages.nix +++ b/users/rin/packages.nix @@ -37,7 +37,7 @@ in { feh file-roller gamescope - gimp + gimp3 grim #kotatogram-desktop krita From 631d3408875998bce6d7d90b45d3f04010a7afae Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Tue, 13 May 2025 10:00:22 +1000 Subject: [PATCH 053/363] anemone: add syncthing --- hosts/anemone/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/anemone/default.nix b/hosts/anemone/default.nix index b6825b7..c0c31c7 100644 --- a/hosts/anemone/default.nix +++ b/hosts/anemone/default.nix @@ -32,6 +32,8 @@ ./networking.nix ../../users/rin + + modules.services.syncthing ]; me = { From e82fcc0c4c4271d227e69fe8cadf575f2bead3f3 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 19 May 2025 01:57:23 +0000 Subject: [PATCH 054/363] flake: bump inputs --- flake.lock | 96 +++++++++++++++++++++++++++--------------------------- 1 file changed, 48 insertions(+), 48 deletions(-) diff --git a/flake.lock b/flake.lock index 9fefaf2..adc268d 100644 --- a/flake.lock +++ b/flake.lock @@ -6,11 +6,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1744234873, - "narHash": "sha256-lQOQNEU1z4/oVBpWDjTXidMdelaafNR3jecj6n0hCIU=", + "lastModified": 1747604854, + "narHash": "sha256-hV6LbeBnXYlxaJ1t/CZQUM0U16mAT4F0WrvuxObJwDo=", "owner": "ezKEa", "repo": "aagl-gtk-on-nix", - "rev": "8f45b51942618a16e2027a67f054400a32a4b534", + "rev": "c975050923763f4239a6f8a3a1c76125346b95f8", "type": "github" }, "original": { @@ -29,11 +29,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1745630506, - "narHash": "sha256-bHCFgGeu8XjWlVuaWzi3QONjDW3coZDqSHvnd4l7xus=", + "lastModified": 1747575206, + "narHash": "sha256-NwmAFuDUO/PFcgaGGr4j3ozG9Pe5hZ/ogitWhY+D81k=", "owner": "ryantm", "repo": "agenix", - "rev": "96e078c646b711aee04b82ba01aefbff87004ded", + "rev": "4835b1dc898959d8547a871ef484930675cb47f1", "type": "github" }, "original": { @@ -170,11 +170,11 @@ "flake-compat_2": { "flake": false, "locked": { - "lastModified": 1733328505, - "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", "owner": "edolstra", "repo": "flake-compat", - "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", "type": "github" }, "original": { @@ -287,11 +287,11 @@ ] }, "locked": { - "lastModified": 1742649964, - "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=", + "lastModified": 1747372754, + "narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82", + "rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46", "type": "github" }, "original": { @@ -331,11 +331,11 @@ ] }, "locked": { - "lastModified": 1744693102, - "narHash": "sha256-1Z4WPGVky4w3lrhrgs89OKsLzPdtkbi1bPLNFWsoLfY=", + "lastModified": 1747284884, + "narHash": "sha256-lTSKhRrassMcJ1ZsuUVunyl/F04vvCKY80HB/4rvvm4=", "owner": "hercules-ci", "repo": "hercules-ci-effects", - "rev": "5b6cec51c9ec095a0d3fd4c8eeb53eb5c59ae33e", + "rev": "7168f6002a6b48a9b6151e1e97e974a0722ecfdc", "type": "github" }, "original": { @@ -415,11 +415,11 @@ ] }, "locked": { - "lastModified": 1745858959, - "narHash": "sha256-B1FQwPCFLL3cbHc2nxT3/UI1uprHp2h1EA6M2JVe0oQ=", + "lastModified": 1747565775, + "narHash": "sha256-B6jmKHUEX1jxxcdoYHl7RVaeohtAVup8o3nuVkzkloA=", "owner": "nix-community", "repo": "home-manager", - "rev": "d0d9d0a1454d5a0200693570618084d80a8b336c", + "rev": "97118a310eb8e13bc1b9b12d67267e55b7bee6c8", "type": "github" }, "original": { @@ -459,11 +459,11 @@ "linux-tkg": { "flake": false, "locked": { - "lastModified": 1745806569, - "narHash": "sha256-jgtx8EPKrk/nerg9vC1EFafZP4ECqISFQuFdIbLZBA4=", + "lastModified": 1747584459, + "narHash": "sha256-E07Co94EpSchJ5fwH/i8Hs7SyWIvrb8dYcVu0HVXbv4=", "owner": "Frogging-Family", "repo": "linux-tkg", - "rev": "2600d0f399e83e54a337263aca6ed8792773b115", + "rev": "be60339c0df7483b00d91e750e6742635e0a593a", "type": "github" }, "original": { @@ -485,11 +485,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1745798752, - "narHash": "sha256-0jiImtQNvlDqf0eWqWFGugNjhazNmaXMi2fM7/B/cd8=", + "lastModified": 1747554936, + "narHash": "sha256-LBFEVTt3JISA/HDHznJanvlNvKllNfILr1nfI8KZmVM=", "owner": "nix-community", "repo": "neovim-nightly-overlay", - "rev": "31a7206bdf9e0c01db2165e20a6082690c60b9c9", + "rev": "5a732bf3edb47767a25c3b05436e4c21f91edf91", "type": "github" }, "original": { @@ -501,11 +501,11 @@ "neovim-src": { "flake": false, "locked": { - "lastModified": 1745795730, - "narHash": "sha256-7sPk1jScMqsTwXYYFKYILrE9xLk7CK+yCBqcK46HTv8=", + "lastModified": 1747523215, + "narHash": "sha256-55RIMak4EwDaLdNTkM+4d3LjC90wlkNRaaG8DupK3AM=", "owner": "neovim", "repo": "neovim", - "rev": "ce097c5091eab3550e1534fd111752577b5813ea", + "rev": "5661f74ab2a6ef0c497ef2ea49bc58ea89b6ab6b", "type": "github" }, "original": { @@ -520,11 +520,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1745718727, - "narHash": "sha256-Q+8ki5/0doymTb/6yZyB1IgKy7vIkWG5IILIzw9Vz1U=", + "lastModified": 1747594704, + "narHash": "sha256-IAUIY96BaMM4o+BeMLcviBji/Xais7WfU5TIPjgPEEQ=", "owner": "fufexan", "repo": "nix-gaming", - "rev": "f42092f4379fe71bf810a71c1c33f1f807b97746", + "rev": "1c04e472eafbd37d82af17769d45932e39b37b76", "type": "github" }, "original": { @@ -535,11 +535,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1743315132, - "narHash": "sha256-6hl6L/tRnwubHcA4pfUUtk542wn2Om+D4UnDhlDW9BE=", + "lastModified": 1745930157, + "narHash": "sha256-y3h3NLnzRSiUkYpnfvnS669zWZLoqqI6NprtLQ+5dck=", "owner": "nixos", "repo": "nixpkgs", - "rev": "52faf482a3889b7619003c0daec593a1912fddc1", + "rev": "46e634be05ce9dc6d4db8e664515ba10b78151ae", "type": "github" }, "original": { @@ -582,11 +582,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1745377448, - "narHash": "sha256-jhZDfXVKdD7TSEGgzFJQvEEZ2K65UMiqW5YJ2aIqxMA=", + "lastModified": 1747426788, + "narHash": "sha256-N4cp0asTsJCnRMFZ/k19V9akkxb7J/opG+K+jU57JGc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "507b63021ada5fee621b6ca371c4fca9ca46f52c", + "rev": "12a55407652e04dcf2309436eb06fef0d3713ef3", "type": "github" }, "original": { @@ -598,11 +598,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1745526057, - "narHash": "sha256-ITSpPDwvLBZBnPRS2bUcHY3gZSwis/uTe255QgMtTLA=", + "lastModified": 1747542820, + "narHash": "sha256-GaOZntlJ6gPPbbkTLjbd8BMWaDYafhuuYRNrxCGnPJw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f771eb401a46846c1aebd20552521b233dd7e18b", + "rev": "292fa7d4f6519c074f0a50394dbbe69859bb6043", "type": "github" }, "original": { @@ -638,11 +638,11 @@ "nvim-treesitter": { "flake": false, "locked": { - "lastModified": 1745744694, - "narHash": "sha256-6yOzYxw7mGS1rYCFUL7e/l1NJuBa0oCLApM2IaSn07U=", + "lastModified": 1747068210, + "narHash": "sha256-bYbwIVii2mxFyro91ogCVLkIyrMNP4QJRSGNVcZPVEU=", "owner": "nvim-treesitter", "repo": "nvim-treesitter", - "rev": "3b308861a8d7d7bfbe9be51d52e54dcfd9fe3d38", + "rev": "066fd6505377e3fd4aa219e61ce94c2b8bdb0b79", "type": "github" }, "original": { @@ -697,11 +697,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1745876380, - "narHash": "sha256-rn8LzSWtOpcvIB8JJ+UX5YtIAkH0vjF9EZfo7U9QGyQ=", + "lastModified": 1747607404, + "narHash": "sha256-xj2Ji+rE+oYjf0BsTDT7K/StnYuZQK9MTbX8U1DUcC0=", "owner": "Gerg-L", "repo": "spicetify-nix", - "rev": "8e05ca5d733b41d9f576076bd268a79ce3f975ee", + "rev": "8c1be0e5e9a7f35ccd6f7b10bcfa08f2734dad91", "type": "github" }, "original": { @@ -795,11 +795,11 @@ ] }, "locked": { - "lastModified": 1745780832, - "narHash": "sha256-jGzkZoJWx+nJnPe0Z2xQBUOqMKuR1slVFQrMjFTKgeM=", + "lastModified": 1747469671, + "narHash": "sha256-bo1ptiFoNqm6m1B2iAhJmWCBmqveLVvxom6xKmtuzjg=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "b2b6c027d708fbf4b01c9c11f6e80f2800b5a624", + "rev": "ab0378b61b0d85e73a8ab05d5c6029b5bd58c9fb", "type": "github" }, "original": { From 88b4fca28a000011879b14f15f13fa57594b4f45 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 19 May 2025 01:57:24 +0000 Subject: [PATCH 055/363] packages/linux-lava: bump to 6.14.7 --- packages/linux-lava/sources.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/linux-lava/sources.nix b/packages/linux-lava/sources.nix index f91202b..903fe81 100644 --- a/packages/linux-lava/sources.nix +++ b/packages/linux-lava/sources.nix @@ -1,8 +1,8 @@ { fetchFromGitHub, inputs, lib }: let - version = "6.14.4"; + version = "6.14.7"; kernelHash = "0w3nqh02vl8f2wsx3fmsvw1pdsnjs5zfqcmv2w2vnqdiwy1vd552"; - kernelPatchHash = "0axc23wm9m51f7cq1908i0gwzgkq1cm3aq9ndl3hm3wgbvi5rkb4"; + kernelPatchHash = "05a5srmb27gqyv49mxy3rmlxgiinacwbyzmig1hk313m0wl88av3"; mm = lib.versions.majorMinor version; hasPatch = (builtins.length (builtins.splitVersion version)) == 3; From 2b6b616dbfec740727b3f04e942729150c0fc580 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Mon, 19 May 2025 13:18:06 +1000 Subject: [PATCH 056/363] overlays/rofi: remove --- overlays/default.nix | 1 - overlays/rofi.nix | 13 ------------- 2 files changed, 14 deletions(-) delete mode 100644 overlays/rofi.nix diff --git a/overlays/default.nix b/overlays/default.nix index d6cc660..752a2c8 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -5,7 +5,6 @@ builtins.map (path: import path) [ ./ccache.nix ./eww.nix ./material-icons.nix - ./rofi.nix ./steam.nix ./utillinux.nix ./wpa-supplicant.nix diff --git a/overlays/rofi.nix b/overlays/rofi.nix deleted file mode 100644 index 028cd9a..0000000 --- a/overlays/rofi.nix +++ /dev/null @@ -1,13 +0,0 @@ -self: super: { - rofi-unwrapped = super.rofi-unwrapped.overrideAttrs (_: rec { - version = "1.7.2"; - - src = super.fetchFromGitHub { - owner = "davatorium"; - repo = "rofi"; - rev = version; - fetchSubmodules = true; - sha256 = "0yarkzhn7vxqxafmz196kvklzwdxygbhd0d29gxm7lrfba8brdxy"; - }; - }); -} From 23693d726806bc3c6995fc7ccaca6a930e552fc4 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Mon, 19 May 2025 13:19:42 +1000 Subject: [PATCH 057/363] overlays/steam: remove openssl 1.1.1 --- hosts/anemone/default.nix | 5 ----- hosts/hyacinth/default.nix | 5 ----- overlays/steam.nix | 4 ---- 3 files changed, 14 deletions(-) diff --git a/hosts/anemone/default.nix b/hosts/anemone/default.nix index c0c31c7..77b07a7 100644 --- a/hosts/anemone/default.nix +++ b/hosts/anemone/default.nix @@ -44,11 +44,6 @@ hidpi = true; }; - # For steam fhs-env - nixpkgs.config.permittedInsecurePackages = [ - "openssl-1.1.1w" - ]; - programs.wireshark = { enable = true; package = pkgs.wireshark; diff --git a/hosts/hyacinth/default.nix b/hosts/hyacinth/default.nix index 9ea9a4c..ff21b6b 100644 --- a/hosts/hyacinth/default.nix +++ b/hosts/hyacinth/default.nix @@ -43,9 +43,4 @@ systemd.services.nix-daemon.environment.TMPDIR = "/nix/tmp"; services.jenkins.enable = true; - - # For steam fhs-env - nixpkgs.config.permittedInsecurePackages = [ - "openssl-1.1.1w" - ]; } diff --git a/overlays/steam.nix b/overlays/steam.nix index 5478dba..d3514f5 100644 --- a/overlays/steam.nix +++ b/overlays/steam.nix @@ -5,9 +5,5 @@ self: super: { keyutils gamescope ]; - - extraLibraries = pkgs: with pkgs; [ - openssl_1_1 - ]; }; } From ba2c4f9f3323045556aa6c7fa609468adfc1ed9a Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Mon, 19 May 2025 13:21:01 +1000 Subject: [PATCH 058/363] rin/packages,system/packages-gui: remove bitwarden couldn't get polkit working, remove for now --- modules/system/packages-gui.nix | 3 +-- users/rin/packages.nix | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/modules/system/packages-gui.nix b/modules/system/packages-gui.nix index 757b501..9e6e946 100644 --- a/modules/system/packages-gui.nix +++ b/modules/system/packages-gui.nix @@ -1,8 +1,7 @@ { config, lib, pkgs, ... }: { config = lib.mkIf config.me.gui { environment.systemPackages = with pkgs; [ - bitwarden-desktop - gparted + gparted nautilus ]; programs.adb.enable = true; diff --git a/users/rin/packages.nix b/users/rin/packages.nix index a434cb3..b679b35 100644 --- a/users/rin/packages.nix +++ b/users/rin/packages.nix @@ -9,7 +9,7 @@ let in { programs.firefox = { enable = true; - nativeMessagingHosts = [ pkgs.bitwarden-desktop ]; + nativeMessagingHosts = []; }; home.packages = with pkgs; [ From 03859cf8c754366540657ceb334eec1c74ae3a6d Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Mon, 19 May 2025 18:41:33 +1000 Subject: [PATCH 059/363] git-crypt: init --- .git-crypt/.gitattributes | 4 ++++ .../059F098EBF0E9A13E10A46BF6500251E087653C9.gpg | Bin 0 -> 726 bytes .gitattributes | 1 + 3 files changed, 5 insertions(+) create mode 100644 .git-crypt/.gitattributes create mode 100644 .git-crypt/keys/default/0/059F098EBF0E9A13E10A46BF6500251E087653C9.gpg create mode 100644 .gitattributes diff --git a/.git-crypt/.gitattributes b/.git-crypt/.gitattributes new file mode 100644 index 0000000..665b10e --- /dev/null +++ b/.git-crypt/.gitattributes @@ -0,0 +1,4 @@ +# Do not edit this file. To specify the files to encrypt, create your own +# .gitattributes file in the directory where your files are. +* !filter !diff +*.gpg binary diff --git a/.git-crypt/keys/default/0/059F098EBF0E9A13E10A46BF6500251E087653C9.gpg b/.git-crypt/keys/default/0/059F098EBF0E9A13E10A46BF6500251E087653C9.gpg new file mode 100644 index 0000000000000000000000000000000000000000..8164576e4000049ec60befe82ec19e46599914b8 GIT binary patch literal 726 zcmZo=;$eQY{YAv4J1-A1^8Xd|n>)8lSmRf2)8#{E>=o^-K~nyQU%kx^{t_eLb7blz z)0~{;##N`46rDFQIc`l;6c*3puRY?s>G_R~*A#;|#G~^ti~r6{o5dxYkYim~-++#6|C4hBpc}oY-XY=zUsm z%&VvyN}mq@+F%)!8mauKcw$D<>z|$nY)-8{#&Sr_bMD%Yn*V3YE;z0{>pbJ>nrF^d z((k4gPnfqS$v6FJ`XjH)r!(HA6wG|D?P!pj%-ry7vXbcA_$Gm`-5)ALpNhoT>w12f zyhPPj@0Ia%f!2yCtL%XK;_rzr0X zHM+t&f76nTtoc8UIcu9wimhy4Fr9Z*%;(#+^FO|m+oSp|IqLM06MS<|EIuWD+-I`g zC0!YQzCQN-#Wqv7W{DPXu5%Gd7TDVP%i{RN<4=n}+MbZG`|8vl{ghv6SJS=HlnXI( zih-4m9dm+~+;&Y?6qx+{OnSjH$r&FDt6CTDJ1r->?!q(UkI8qMro8xZ@89)RH)ieY z+RH83(iuF>&0_UVwOOwwT>e>ouB+;XU03tnz@2-=4oL4+e12CVZc>6q*LS`qSJSC} z&NZ&*=U2V$i*Gx>=;i#3PE-D%#4AU7+7s@${$Jl(diu%h|H)Yn%E;b`|uPk@_&KC0<3CtC)yC!Lz?kagXNig7$ndU~@E|$C} zt=W+iUl>X-A2N7edFM(|@?+b&@LTzkOS9W=W*hB0nY_f=^ii4KA(5HP&-`C})X$jv tq4P!dp%b4ZE&l%S%Q-MHsc((-YYX-NGe5j}&V79A42$q;-330r{s6y*Z>j(Q literal 0 HcmV?d00001 diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..7e0e7cf --- /dev/null +++ b/.gitattributes @@ -0,0 +1 @@ +secrets.gcrypt/** filter=git-crypt diff=git-crypt From ee0a768c037ee7b21d4fc595ffd68df9b0fa1ec1 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Mon, 19 May 2025 19:51:05 +1000 Subject: [PATCH 060/363] flake: bump stable nixpkgs and hm --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 5010c27..2c606b0 100644 --- a/flake.lock +++ b/flake.lock @@ -394,11 +394,11 @@ ] }, "locked": { - "lastModified": 1743808813, - "narHash": "sha256-2lDQBOmlz9ggPxcS7/GvcVdzXMIiT+PpMao6FbLJSr0=", + "lastModified": 1747331121, + "narHash": "sha256-3MmiUN/jOHBHQUnjqzg6qKArc17j2OS6jisEppDY4g8=", "owner": "nix-community", "repo": "home-manager", - "rev": "a9f8b3db211b4609ddd83683f9db89796c7f6ac6", + "rev": "1eec32f0efe3b830927989767a9e6ece0d82d608", "type": "github" }, "original": { @@ -603,11 +603,11 @@ }, "nixpkgs-vicuna": { "locked": { - "lastModified": 1743813633, - "narHash": "sha256-BgkBz4NpV6Kg8XF7cmHDHRVGZYnKbvG0Y4p+jElwxaM=", + "lastModified": 1747635552, + "narHash": "sha256-2wAd20JLiHzcqSt7MGza4hN4rdV/c6Ed/13gN7HZJ9U=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7819a0d29d1dd2bc331bec4b327f0776359b1fa6", + "rev": "74b4de8529c4ce6f17b80c97728fddd627097809", "type": "github" }, "original": { From 3bacc817a2048cab500483efc3b7d43a4d7551d5 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Mon, 19 May 2025 19:43:57 +1000 Subject: [PATCH 061/363] hosts/dandelion: re-init --- flake.nix | 2 + hosts/dandelion/default.nix | 32 +++++++++++ hosts/dandelion/filesystem.nix | 34 ++++++++++++ hosts/dandelion/kernel.nix | 14 +++++ hosts/dandelion/networking.nix | 3 + hosts/dandelion/packages.nix | 14 +++++ hosts/dandelion/transmission-container.nix | 61 +++++++++++++++++++++ modules/system/transmission.nix | 7 --- secrets.gcrypt/shared.json | Bin 0 -> 154 bytes 9 files changed, 160 insertions(+), 7 deletions(-) create mode 100644 hosts/dandelion/default.nix create mode 100644 hosts/dandelion/filesystem.nix create mode 100644 hosts/dandelion/kernel.nix create mode 100644 hosts/dandelion/networking.nix create mode 100644 hosts/dandelion/packages.nix create mode 100644 hosts/dandelion/transmission-container.nix create mode 100644 secrets.gcrypt/shared.json diff --git a/flake.nix b/flake.nix index a65dbc4..207c094 100644 --- a/flake.nix +++ b/flake.nix @@ -68,11 +68,13 @@ specialArgs = { inherit inputs; modules = import ./modules { lib = nixpkgs.lib; }; + gcSecrets = builtins.fromJSON (builtins.readFile "${self}/secrets.gcrypt/shared.json"); }; }; in { nixosConfigurations."anemone" = mkSystem nixpkgs "anemone" "x86_64-linux" []; + nixosConfigurations."dandelion" = mkSystem nixpkgs-vicuna "dandelion" "aarch64-linux" []; nixosConfigurations."hazel" = mkSystem nixpkgs-vicuna "hazel" "x86_64-linux" []; nixosConfigurations."hyacinth" = mkSystem nixpkgs "hyacinth" "x86_64-linux" []; diff --git a/hosts/dandelion/default.nix b/hosts/dandelion/default.nix new file mode 100644 index 0000000..5f13e44 --- /dev/null +++ b/hosts/dandelion/default.nix @@ -0,0 +1,32 @@ +{ modules, modulesPath, ... }: { + networking.hostName = "dandelion"; + system.stateVersion = "23.11"; + time.timeZone = "Australia/Melbourne"; + + age.secrets = { + acme_dns.file = ../../secrets/acme_dns.age; + }; + + imports = with modules.system; [ + (modulesPath + "/profiles/qemu-guest.nix") + home-manager-stable + + base + kernel + nix-stable + packages + security + + modules.services.nginx + modules.services.postgres + + ./filesystem.nix + ./kernel.nix + ./networking.nix + ./transmission-container.nix + + ../../users/hana + ]; + + me.environment = "headless"; +} diff --git a/hosts/dandelion/filesystem.nix b/hosts/dandelion/filesystem.nix new file mode 100644 index 0000000..4dd6a55 --- /dev/null +++ b/hosts/dandelion/filesystem.nix @@ -0,0 +1,34 @@ +{ ... }: +let + bind = src: { + depends = [ "/nix" ]; + device = src; + fsType = "none"; + neededForBoot = true; + options = [ "bind" ]; + }; + + mkLabelMount = label: type: { + device = "/dev/disk/by-label/${label}"; + fsType = type; + options = [ "defaults" "relatime" ]; + }; + mkBtrfsMount = name: subvol: atime: mkLabelMount name "btrfs" // { + options = [ "autodefrag" "compress=zstd:3" "defaults" "discard=async" "space_cache=v2" "ssd" "subvol=${subvol}" (if atime then "relatime" else "noatime") ]; + }; + submount = mkBtrfsMount "DANDELION"; +in { + fileSystems = { + "/" = { + device = "rootfs"; + fsType = "tmpfs"; + options = [ "defaults" "size=12G" "mode=755" ]; + }; + "/boot" = mkLabelMount "UEFI" "vfat"; + + "/nix" = submount "/@/nix" false; + "/persist" = (submount "/@/persist" true) // { neededForBoot = true; }; + "/persist/.snapshots" = submount "/snap/persist" false; + "/var/log/journal" = bind "/persist/journal"; + }; +} diff --git a/hosts/dandelion/kernel.nix b/hosts/dandelion/kernel.nix new file mode 100644 index 0000000..17e8c13 --- /dev/null +++ b/hosts/dandelion/kernel.nix @@ -0,0 +1,14 @@ +{ ... }: { + boot = { + loader = { + efi.canTouchEfiVariables = true; + systemd-boot.enable = true; + }; + initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" ]; + initrd.kernelModules = [ "nvme" ]; + kernel.sysctl = { + "kernel.core_pattern" = "|/bin/false"; + "kernel.sysrq" = 1; + }; + }; +} diff --git a/hosts/dandelion/networking.nix b/hosts/dandelion/networking.nix new file mode 100644 index 0000000..ee27faf --- /dev/null +++ b/hosts/dandelion/networking.nix @@ -0,0 +1,3 @@ +{ ... }: { + networking.useDHCP = true; +} diff --git a/hosts/dandelion/packages.nix b/hosts/dandelion/packages.nix new file mode 100644 index 0000000..2d4bd30 --- /dev/null +++ b/hosts/dandelion/packages.nix @@ -0,0 +1,14 @@ +{ pkgs, ... }: { + environment.systemPackages = with pkgs; [ + git + htop + jq + neovim + rsync + sshfs + wget + + kitty.terminfo + ]; + environment.variables.EDITOR = "nvim"; +} diff --git a/hosts/dandelion/transmission-container.nix b/hosts/dandelion/transmission-container.nix new file mode 100644 index 0000000..93a6639 --- /dev/null +++ b/hosts/dandelion/transmission-container.nix @@ -0,0 +1,61 @@ +{ lib, modules, pkgs, gcSecrets, ... }: { + networking.nat = { + enable = true; + internalInterfaces = [ "ve-+" ]; + externalInterface = "enp0s6"; + }; + + networking.firewall = { + extraCommands = '' + ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -d 10.25.0.11 -p tcp -m tcp --dport 9091 -j MASQUERADE + ''; + extraStopCommands = '' + ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -d 10.25.0.11 -p tcp -m tcp --dport 9091 -j MASQUERADE || true + ''; + }; + + services.nginx.virtualHosts."tr.dandelion.gw.lava.moe" = { + locations."/".proxyPass = "http://10.25.0.11:9091"; + }; + + containers.transmission = { + autoStart = true; + privateNetwork = true; + hostAddress = "10.25.0.10"; + localAddress = "10.25.0.11"; + bindMounts."vpn" = { + hostPath = "/persist/aus.conf"; + mountPoint = "/vpn.conf"; + isReadOnly = true; + }; + bindMounts."transmission" = { + hostPath = "/persist/transmission"; + mountPoint = "/persist/transmission"; + isReadOnly = false; + }; + config = { + system.stateVersion = "23.11"; + networking.wg-quick.interfaces.wg0 = { + configFile = "/vpn.conf"; + preUp = '' + # Try to access the DNS for up to 300s + for i in {1..60}; do + ${pkgs.iputils}/bin/ping -c1 'google.com' && break + echo "Attempt $i: DNS still not available" + sleep 5s + done + ''; + }; + + networking.firewall.enable = false; + systemd.services.transmission.serviceConfig.BindReadOnlyPaths = lib.mkForce [ builtins.storeDir "/etc" ]; + imports = [ modules.services.transmission ]; + services.transmission.settings = { + rpc-host-whitelist-enabled = false; + rpc-whitelist = "10.100.0.*,10.0.0.*,10.25.0.*,192.168.100.*"; + rpc-username = gcSecrets.transmission.username; + rpc-password = gcSecrets.transmission.password; + }; + }; + }; +} diff --git a/modules/system/transmission.nix b/modules/system/transmission.nix index 202b5ae..7540d68 100644 --- a/modules/system/transmission.nix +++ b/modules/system/transmission.nix @@ -5,13 +5,6 @@ downloadDirPermissions = "775"; openFirewall = true; settings = { - alt-speed-down = 512; - alt-speed-enabled = true; - alt-speed-time-begin = 360; - alt-speed-time-day = 127; - alt-speed-time-enabled = true; - alt-speed-time-end = 1380; - alt-speed-up = 256; download-dir = "/persist/transmission/Downloads"; incomplete-dir = "/persist/transmission/.incomplete"; ratio-limit-enabled = true; diff --git a/secrets.gcrypt/shared.json b/secrets.gcrypt/shared.json new file mode 100644 index 0000000000000000000000000000000000000000..f3f2e36d2778be04f048a6e5eb65f207471e1a6c GIT binary patch literal 154 zcmZQ@_Y83kiVO&0h`aFN$gR^?B;?)n_{^gBo_VjOdx}YuSGm+I;+|RNZ^^j~+n;3a zNttjZJXrJ7sWbPaLT9fla9kff^}<@+FMs`vJVNTP)-BlEWpQ?i-G&=HyAIk#r`7aM zUiB$|%J2KXUe5F~4C35-)%xrG`i Date: Mon, 19 May 2025 20:04:38 +1000 Subject: [PATCH 062/363] secrets: rekey for dandelion --- secrets.nix | 3 ++- secrets/acme_dns.age | Bin 382 -> 492 bytes secrets/passwd.age | Bin 531 -> 531 bytes secrets/warden_admin.age | Bin 289 -> 289 bytes secrets/wg_blossom.age | 12 ++++++------ secrets/wg_caramel.age | 8 ++++---- secrets/wg_sugarcane.age | 8 ++++---- secrets/wpa_conf.age | Bin 420 -> 420 bytes 8 files changed, 16 insertions(+), 15 deletions(-) diff --git a/secrets.nix b/secrets.nix index ed7bde5..8f55589 100644 --- a/secrets.nix +++ b/secrets.nix @@ -1,6 +1,7 @@ let anemone = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEPFifSAybe97xDP/cq6AAjy7Fm0go0dtQ9ICK6JRUgc"; blossom = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA5wfPCcpkNR3ubr7cBV0UwVCDo/sMmV0aI/JOJTIxQj"; + dandelion = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFUk99ku7+eiIO7Q9sIPlPx3GiUljLv7W404W/zwrtzI"; hazel = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ6mi50ecrrMIn5C4QUyCjPHfSElz0mhevvFCznUzIrK"; rin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPru5eTBvHJ4ZmrrzPRHCGM09wQP/ZHSaKYalDuBVO15"; @@ -8,7 +9,7 @@ in { "secrets/passwd.age".publicKeys = [ anemone blossom rin ]; "secrets/wpa_conf.age".publicKeys = [ blossom rin ]; - "secrets/acme_dns.age".publicKeys = [ hazel rin ]; + "secrets/acme_dns.age".publicKeys = [ dandelion hazel rin ]; "secrets/warden_admin.age".publicKeys = [ rin ]; "secrets/wg_blossom.age".publicKeys = [ blossom rin ]; "secrets/wg_caramel.age".publicKeys = [ rin ]; diff --git a/secrets/acme_dns.age b/secrets/acme_dns.age index 2c7d78ff9cb7f9fd32f323945ec000c7f52ff5e3..56ad6f68176662662c901579111cc81c1b10a33a 100644 GIT binary patch delta 465 zcmeyz^oDtYYJF0WTVZOTLYjqlwv&@(nv-KyX_cadC!jYKoDmsiCDplw)#)N4bKNc7~C;zHf+UM7?>swn18mzJ7SNNxHA2zISGr zv7dQBieZ_Dn{%>ufm0+`RF!*?K|q12QIUtIvxRR?qM5dragwvMfxB_3w|AnqSx~59 zp@p+ocxEWNb)lAS5jp7!u5N{uRe?VKMaET5!TuH{?!lE_$;n3ArN$}sg^_-x;r`B{ z`Jp*Ri6(C4T$WBHMydMYDW;i)q2?Zj*-7EX1tpz(t7$^uZ#1dtqk05RTy$!?=%r&Sy*o7zj zhGyp8RXKj9!I@6pPC=or#f8Qh=~-^!iTVYpx#4NfSuWbHT=Pu0uSrih^yA5)sgo03 zE1f4)O<5NGegAV7hrS8yg~jIRz#qJzoSW+OI41)ySrz)ccx3evs+PFNO)4Jk85$BTauqaWv;VN zdSZD_S*b@lSAM#Wey&AOc(_?=wz)xuOQgR^V7OOcL{70mdbwp~k!w^^j;Et`Xi0wH z#E;_jmYJd9{`nS(1!k$pVZvNUCkuLg1t^rx*mfrbkm4-!ODdnLSE=eVBRe9zGCKaw+y1Kdw*&%+;euf3f z$&t>cDS?g=rp2lLQK{)3C2oZg`9>KoF5yM>W?rSf9!`PzT-z4aYD#YUJ|&~IPMNXj zTWP;AL$HJWmMGDdb$@fYZg@HFmkWG$Fz~(5oQE~X)*bJhSidaRFF!@7+SIRz#peT6(6jSDw zxJS6FkDFUQS5QDeMTWn7gX&QDH6ysU=>9!G`(f!6x~+e!kijRqmci*&#_e zm078VIl<1Mj=mO-d1lF$A!ROJULF=np3YA7VUgj%LD>}+T+ERQyesTNvbSu#C%dLx zFz3Lmr)R2p|1t%A`NQbAc;3>76{edOwZ^>8a@=B87q|7xoJEFvny+8^%5i;4=i2F3 zU12_|%M@qcC^KGuSa9av-lwfm4OhKR{mhp>syEr1omKzl?;QOZ-+iyixM YOJ@EW@q{zPGV)brBQySetL35UXXckcvP5? z30I}LWpZg~ghf`qQLv$rvrDPJb3sm7fPSS%n5UVqw!ULgZlHfggoj^vAeXMLu7YVu za%QP{NJdUpx?7Zfu#<0^qh(&ObFitiTVQf%idTwzW?5dQah98_dn6b0w<7lRbj$hI zm^SGBUKJ((MeS~?nNh@b2IFgaOfJW^a@Fo?n=&D*QRq+KQ*ZH{OIw~f1$(P52$Jrb zKecG`S*5`Ji~NsfoDgPsz$g1buw36|Z-2>WQMZ ssh-ed25519 CUCjXQ mqquiRe6H9yHqO6lEs+V5J1AVMEerJ3fvHsyqZQPcG4 -C/oLdx+x56uwtCKHz8Et/dhEsY3OVgU4EN8QMGLqlhk --> ssh-ed25519 U9FXlg W1WAEuZWAUmPgFNMVHe4QFvyg8JB7KVCSY3G4NIqCm4 -oCC5ygrI2NX7A3RoS/0ec1xkxaNdpI+7mAD7rP1pbVY ---- gY/ClncwSlIhONgOsaSsNXHQvIJSUFyskJ9op3ZmzbU -q9&ױԥ'^ B&3C[&R1m[uB|H{P>}W3*89}X݀ \ No newline at end of file +-> ssh-ed25519 CUCjXQ hLTFE9rxZfhOZ2rELykmG54pxJMCjTkzBvLasvgSN24 +wDbW0X7bItmMEDfGRVAw+wHycHDI/2OYAb5jFyd8f6s +-> ssh-ed25519 U9FXlg juuKBMw9hX559zK6f2ERuBMl27ypQ6Ky5xlFEJxApXc +Gb6/rTwqMINqiojoIWcFEAQCEuQ6bQQHrOXChkthb4A +--- OEQ8ALTXcJKvpf0rJe6x2VHSAsTi1yFhz3eU0CZDjqE +ٓPΘ~Fdwi ]h//4ڰN7LaQ= v@oB*48 D=򪋅 \ No newline at end of file diff --git a/secrets/wg_caramel.age b/secrets/wg_caramel.age index dced6d8..1a3b16e 100644 --- a/secrets/wg_caramel.age +++ b/secrets/wg_caramel.age @@ -1,5 +1,5 @@ age-encryption.org/v1 --> ssh-ed25519 U9FXlg XAfjch0Ys155BWD6jaQKUb8xTUg2Y1oPiAjWBHH08CM -wgp//+xP+U1Brbn2Wm/wLDFTDIqfp9rK5S21DeoEjaI ---- XsNFAF201zpqjyqi3gKJyMU4UY+AzTu8BxTBXb0GDEM -e*J#J+\llR fƞw~3G]E"NahP ЀV8[xA&\5RN \ No newline at end of file +-> ssh-ed25519 U9FXlg qEy0vaHPPr9EUDjC3FveSk/xcnW/rtHVmx9o7cH7JFA +WAzEfa7T82vbkwMv/JIOASIjZ3gr1TRNfVzOWdWBVkQ +--- AoVNbcEOrFU5jcQ8geP5e4Lo3RxOyP9p4BG3BNsgiIQ +ٳ'XoYfů!/ "p; ssh-ed25519 U9FXlg nANUFeShFwM9GPwCsfUjQre6FJ3KD42uwM2veyJKqVY -qn17BM6j3alTyTdWslWyGhyRKHR9/jdczTPr9i6ZzyE ---- mY/i+wgNV7nDRSJDJkJG1TdOno+ARZcrvRMJiBLy8EI -=!n\21;,O+/x*\ Q57Tq5bS=úF!SL$iwB70zZ{!SB< \ No newline at end of file +-> ssh-ed25519 U9FXlg 7YXsTcRa8pco9Ic9fDSygCjNXrxFi5pHADtUqwOBPhg +0BYvRAhcQQ36kAXOW2QaS4S9rhenUx8xwbNozNdDpLM +--- V1E/2n1Ae5hlWhjAEziHA2J072a20GeKM+EtG+pT8cI +窴zWT좾G{"\ʖse>%)o|z!ēז2ࢨEs \ No newline at end of file diff --git a/secrets/wpa_conf.age b/secrets/wpa_conf.age index 7ee2ed7ed867b64e1b616cc405eec048babf0cda..068d35295d6e3cc190d9f31cf0f52a9861ba516a 100644 GIT binary patch delta 385 zcmZ3&yo7mzPJKZ^US3I5vA<_}W{6Lbg-NJEhGn92vP*itwxMTedRVzhT7G(&mtlH% zI#*z+w}pvefp@+^s#~g|d7*(>fSYS^VQ#j5W?H0nMs|5+a!z1XfqzkiFPE;JLUD11 zZfc5=si~o*La3!%L{7SbnOBgHm#KSpmVtIsu%~`mWqnamPKifEnM;^cp;KqHnmDiD6QzXMUn%s#!`P zm#(g^LP2VEnlthvtTBtU2(S6R+Bd64H0ezm+GHgpD48h06OHA%>V!Z delta 385 zcmZ3&yo7mzPQ9mrZ@#OafkCQoV4-oES#gDNlvwr{CfaZ+YLP^PIX zm#(g^f=61ElW#<7X?}rArCXR|SfOuB|o3yiS&Vf&7nNMT~XaCfh;~idm z`=^M0wqAh*^Y4?hwT~UhC`b&-;(ypa@yhT1*@tpen&)qwogn)&G);fio%<3}c{QKX jTazQM87_V4fAY)b7b2_lVi{8A)~qw%t(>lQ;>vFThrX4| From ccf3fa2f4ae23f48ba8aa27409e51a7347cbfabb Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Mon, 19 May 2025 20:17:58 +1000 Subject: [PATCH 063/363] flake: bump stable to 25.05 required because of home-manager zsh changes --- flake.lock | 26 +++++++++++++------------- flake.nix | 12 ++++++------ modules/system/home-manager-stable.nix | 2 +- 3 files changed, 20 insertions(+), 20 deletions(-) diff --git a/flake.lock b/flake.lock index 2c606b0..5bdfdc7 100644 --- a/flake.lock +++ b/flake.lock @@ -387,23 +387,23 @@ "type": "github" } }, - "home-manager-vicuna": { + "home-manager-stable_2": { "inputs": { "nixpkgs": [ - "nixpkgs-vicuna" + "nixpkgs-stable" ] }, "locked": { - "lastModified": 1747331121, - "narHash": "sha256-3MmiUN/jOHBHQUnjqzg6qKArc17j2OS6jisEppDY4g8=", + "lastModified": 1747556831, + "narHash": "sha256-Qb84nbYFFk0DzFeqVoHltS2RodAYY5/HZQKE8WnBDsc=", "owner": "nix-community", "repo": "home-manager", - "rev": "1eec32f0efe3b830927989767a9e6ece0d82d608", + "rev": "d0bbd221482c2713cccb80220f3c9d16a6e20a33", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-24.11", + "ref": "release-25.05", "repo": "home-manager", "type": "github" } @@ -601,18 +601,18 @@ "type": "github" } }, - "nixpkgs-vicuna": { + "nixpkgs-stable_2": { "locked": { - "lastModified": 1747635552, - "narHash": "sha256-2wAd20JLiHzcqSt7MGza4hN4rdV/c6Ed/13gN7HZJ9U=", + "lastModified": 1747647032, + "narHash": "sha256-gkWAK0I1k2Y0y8KOvXC6S0uBaduOguLs1Pxn5DpWwYc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "74b4de8529c4ce6f17b80c97728fddd627097809", + "rev": "dae513c187abfe679f67b99a6e256fbe8c3f79d0", "type": "github" }, "original": { "owner": "NixOS", - "ref": "release-24.11", + "ref": "release-25.05", "repo": "nixpkgs", "type": "github" } @@ -712,12 +712,12 @@ "catppuccin-palette": "catppuccin-palette", "fast-syntax-highlighting": "fast-syntax-highlighting", "home-manager": "home-manager_3", - "home-manager-vicuna": "home-manager-vicuna", + "home-manager-stable": "home-manager-stable_2", "linux-tkg": "linux-tkg", "neovim-nightly": "neovim-nightly", "nix-gaming": "nix-gaming", "nixpkgs": "nixpkgs_3", - "nixpkgs-vicuna": "nixpkgs-vicuna", + "nixpkgs-stable": "nixpkgs-stable_2", "nvim-treesitter": "nvim-treesitter", "pure": "pure", "spicetify-nix": "spicetify-nix", diff --git a/flake.nix b/flake.nix index 207c094..bbcf402 100644 --- a/flake.nix +++ b/flake.nix @@ -4,9 +4,9 @@ home-manager.url = "github:nix-community/home-manager"; home-manager.inputs.nixpkgs.follows = "nixpkgs"; - nixpkgs-vicuna.url = "github:NixOS/nixpkgs/release-24.11"; - home-manager-vicuna.url = "github:nix-community/home-manager/release-24.11"; - home-manager-vicuna.inputs.nixpkgs.follows = "nixpkgs-vicuna"; + nixpkgs-stable.url = "github:NixOS/nixpkgs/release-25.05"; + home-manager-stable.url = "github:nix-community/home-manager/release-25.05"; + home-manager-stable.inputs.nixpkgs.follows = "nixpkgs-stable"; agenix.url = "github:ryantm/agenix"; agenix.inputs.nixpkgs.follows = "nixpkgs"; @@ -39,7 +39,7 @@ wine-discord-ipc-bridge = { url = "github:0e4ef622/wine-discord-ipc-bridge"; flake = false; }; }; - outputs = { self, agenix, catppuccin, nixpkgs, nixpkgs-vicuna, ... } @ inputs: + outputs = { self, agenix, catppuccin, nixpkgs, nixpkgs-stable, ... } @ inputs: let overlays = (import ./overlays) ++ [(final: prev: { @@ -74,8 +74,8 @@ in { nixosConfigurations."anemone" = mkSystem nixpkgs "anemone" "x86_64-linux" []; - nixosConfigurations."dandelion" = mkSystem nixpkgs-vicuna "dandelion" "aarch64-linux" []; - nixosConfigurations."hazel" = mkSystem nixpkgs-vicuna "hazel" "x86_64-linux" []; + nixosConfigurations."dandelion" = mkSystem nixpkgs-stable "dandelion" "aarch64-linux" []; + nixosConfigurations."hazel" = mkSystem nixpkgs-stable "hazel" "x86_64-linux" []; nixosConfigurations."hyacinth" = mkSystem nixpkgs "hyacinth" "x86_64-linux" []; packages."x86_64-linux" = diff --git a/modules/system/home-manager-stable.nix b/modules/system/home-manager-stable.nix index 6f9f9cc..43842d7 100644 --- a/modules/system/home-manager-stable.nix +++ b/modules/system/home-manager-stable.nix @@ -1,6 +1,6 @@ { config, inputs, modules, ... }: { imports = [ - inputs.home-manager-vicuna.nixosModules.home-manager + inputs.home-manager-stable.nixosModules.home-manager ]; home-manager = { useGlobalPkgs = true; From 7f4d9a5e690418ac481e5b5d5fa8fe2e34f4ea3a Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Mon, 19 May 2025 20:20:09 +1000 Subject: [PATCH 064/363] flake: re-add website input for dandelion --- flake.lock | 18 ++++++++++++++++++ flake.nix | 2 +- 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/flake.lock b/flake.lock index 5bdfdc7..e6a52d4 100644 --- a/flake.lock +++ b/flake.lock @@ -723,6 +723,7 @@ "spicetify-nix": "spicetify-nix", "spotify-adblock": "spotify-adblock", "tree-sitter-jsonc": "tree-sitter-jsonc", + "website": "website", "wine-discord-ipc-bridge": "wine-discord-ipc-bridge", "zsh-abbr": "zsh-abbr", "zsh-history-substring-search": "zsh-history-substring-search" @@ -847,6 +848,23 @@ "type": "github" } }, + "website": { + "flake": false, + "locked": { + "lastModified": 1668017714, + "narHash": "sha256-ywy/7xeT6FHkF7lcs+stW1WPV+piE8ztSwcQ161iico=", + "owner": "LavaDesu", + "repo": "lavadesu.github.io", + "rev": "4e30c50be520a0a1bbecf408f056e6aaf135df67", + "type": "github" + }, + "original": { + "owner": "LavaDesu", + "ref": "master", + "repo": "lavadesu.github.io", + "type": "github" + } + }, "wine-discord-ipc-bridge": { "flake": false, "locked": { diff --git a/flake.nix b/flake.nix index bbcf402..9f5e51d 100644 --- a/flake.nix +++ b/flake.nix @@ -23,7 +23,7 @@ # services # hosts-blocklists = { url = "github:notracking/hosts-blocklists"; flake = false; }; - # website = { url = "github:LavaDesu/lavadesu.github.io/master"; flake = false; }; + website = { url = "github:LavaDesu/lavadesu.github.io/master"; flake = false; }; # zsh plugins zsh-abbr = { url = "git+https://github.com/olets/zsh-abbr?submodules=1"; flake = false; }; From a3bb553f14f13586c5b2ac0ae780763bb8ad9a3a Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Mon, 19 May 2025 20:21:16 +1000 Subject: [PATCH 065/363] system/transmission: move to services --- modules/default.nix | 2 +- modules/{system => services}/transmission.nix | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename modules/{system => services}/transmission.nix (100%) diff --git a/modules/default.nix b/modules/default.nix index 25ee864..8a66d93 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -23,6 +23,7 @@ in { ./services/synapse.nix ./services/syncthing.nix ./services/tmptsync.nix + ./services/transmission.nix ./services/unbound.nix ./services/vaultwarden.nix ]; @@ -46,7 +47,6 @@ in { ./system/printing.nix ./system/security.nix ./system/snapper.nix - ./system/transmission.nix ./system/virtualisation.nix ./system/wireguard.nix ]; diff --git a/modules/system/transmission.nix b/modules/services/transmission.nix similarity index 100% rename from modules/system/transmission.nix rename to modules/services/transmission.nix From b2ae6493d954ea2f6231ed27d9aec506315df739 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Mon, 19 May 2025 20:22:39 +1000 Subject: [PATCH 066/363] dandelion/transmission-container: force config --- hosts/dandelion/transmission-container.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/dandelion/transmission-container.nix b/hosts/dandelion/transmission-container.nix index 93a6639..b9a8203 100644 --- a/hosts/dandelion/transmission-container.nix +++ b/hosts/dandelion/transmission-container.nix @@ -52,7 +52,7 @@ imports = [ modules.services.transmission ]; services.transmission.settings = { rpc-host-whitelist-enabled = false; - rpc-whitelist = "10.100.0.*,10.0.0.*,10.25.0.*,192.168.100.*"; + rpc-whitelist = lib.mkForce "10.100.0.*,10.0.0.*,10.25.0.*,192.168.100.*"; rpc-username = gcSecrets.transmission.username; rpc-password = gcSecrets.transmission.password; }; From 4bc19ed87e8420b0eb2f868093b60ab8d55da7d0 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Mon, 19 May 2025 20:24:01 +1000 Subject: [PATCH 067/363] dandelion/kernel: remove duplicate sysctl --- hosts/dandelion/kernel.nix | 4 ---- 1 file changed, 4 deletions(-) diff --git a/hosts/dandelion/kernel.nix b/hosts/dandelion/kernel.nix index 17e8c13..7ea7d43 100644 --- a/hosts/dandelion/kernel.nix +++ b/hosts/dandelion/kernel.nix @@ -6,9 +6,5 @@ }; initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" ]; initrd.kernelModules = [ "nvme" ]; - kernel.sysctl = { - "kernel.core_pattern" = "|/bin/false"; - "kernel.sysrq" = 1; - }; }; } From 37f2453f170399bf8d7de8e269a69a0ef61304a1 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Mon, 19 May 2025 20:41:41 +1000 Subject: [PATCH 068/363] system/base: add en_GB to locales for postgres --- modules/system/base.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/system/base.nix b/modules/system/base.nix index 143728f..e514ffd 100644 --- a/modules/system/base.nix +++ b/modules/system/base.nix @@ -11,6 +11,7 @@ environment.pathsToLink = [ "/share/zsh" ]; i18n.defaultLocale = "en_AU.UTF-8"; + i18n.supportedLocales = [ "en_GB.UTF-8" ]; users.mutableUsers = false; system = { From 9787ed26364ddac80a51f808edd0b67e64cf8b2e Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Mon, 19 May 2025 20:43:18 +1000 Subject: [PATCH 069/363] system/base: fix locale name --- modules/system/base.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/base.nix b/modules/system/base.nix index e514ffd..fdfd91a 100644 --- a/modules/system/base.nix +++ b/modules/system/base.nix @@ -11,7 +11,7 @@ environment.pathsToLink = [ "/share/zsh" ]; i18n.defaultLocale = "en_AU.UTF-8"; - i18n.supportedLocales = [ "en_GB.UTF-8" ]; + i18n.supportedLocales = [ "en_GB.UTF-8/UTF-8" ]; users.mutableUsers = false; system = { From b1f4fcc223d5dbb32cd19c8c89757828affaebcb Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Mon, 19 May 2025 20:46:50 +1000 Subject: [PATCH 070/363] system/base: use extraLocales --- modules/system/base.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/base.nix b/modules/system/base.nix index fdfd91a..518baee 100644 --- a/modules/system/base.nix +++ b/modules/system/base.nix @@ -11,7 +11,7 @@ environment.pathsToLink = [ "/share/zsh" ]; i18n.defaultLocale = "en_AU.UTF-8"; - i18n.supportedLocales = [ "en_GB.UTF-8/UTF-8" ]; + i18n.extraLocales = [ "en_GB.UTF-8" ]; users.mutableUsers = false; system = { From 315d4806019dcb2ada993b895fb4f1adbd1d3d35 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Mon, 19 May 2025 23:04:39 +1000 Subject: [PATCH 071/363] system/packages: add git-crypt, and move fd and rg from rin/packages --- modules/system/packages.nix | 5 ++++- users/rin/packages.nix | 2 -- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/modules/system/packages.nix b/modules/system/packages.nix index 2b6b12d..baae1cc 100644 --- a/modules/system/packages.nix +++ b/modules/system/packages.nix @@ -4,7 +4,9 @@ comma ecryptfs efibootmgr + fd git + git-crypt htop jq kitty.terminfo @@ -15,8 +17,9 @@ neovim nfs-utils ntfs3g - sshfs + ripgrep rsync + sshfs wget ]; environment.variables.EDITOR = "nvim"; diff --git a/users/rin/packages.nix b/users/rin/packages.nix index b679b35..0860f4a 100644 --- a/users/rin/packages.nix +++ b/users/rin/packages.nix @@ -14,7 +14,6 @@ in { home.packages = with pkgs; [ dconf - fd ffmpeg gnupg kitty @@ -22,7 +21,6 @@ in { nodejs_latest pamixer qmk - ripgrep unrar weechat yt-dlp From a915e57d34c7d99fe238a660832e701d8d237dfc Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Tue, 20 May 2025 01:16:15 +1000 Subject: [PATCH 072/363] overlays/oci-cli: init --- overlays/default.nix | 1 + overlays/oci-cli.nix | 5 +++++ overlays/patches/oci.patch | 30 ++++++++++++++++++++++++++++++ 3 files changed, 36 insertions(+) create mode 100644 overlays/oci-cli.nix create mode 100644 overlays/patches/oci.patch diff --git a/overlays/default.nix b/overlays/default.nix index 752a2c8..220fd11 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -5,6 +5,7 @@ builtins.map (path: import path) [ ./ccache.nix ./eww.nix ./material-icons.nix + ./oci-cli.nix ./steam.nix ./utillinux.nix ./wpa-supplicant.nix diff --git a/overlays/oci-cli.nix b/overlays/oci-cli.nix new file mode 100644 index 0000000..78a8a23 --- /dev/null +++ b/overlays/oci-cli.nix @@ -0,0 +1,5 @@ +self: super: { + oci-cli = super.oci-cli.overrideAttrs(o: { + patches = (o.patches or []) ++ [ ./patches/oci.patch ]; + }); +} diff --git a/overlays/patches/oci.patch b/overlays/patches/oci.patch new file mode 100644 index 0000000..bdc80f7 --- /dev/null +++ b/overlays/patches/oci.patch @@ -0,0 +1,30 @@ +diff --git a/services/core/src/oci_cli_virtual_network/virtualnetwork_cli_extended.py b/services/core/src/oci_cli_virtual_network/virtualnetwork_cli_extended.py +index 44562fd9780..ae426944a47 100644 +--- a/services/core/src/oci_cli_virtual_network/virtualnetwork_cli_extended.py ++++ b/services/core/src/oci_cli_virtual_network/virtualnetwork_cli_extended.py +@@ -285,13 +285,13 @@ def unassign_private_ip(ctx, from_json, vnic_id, ip_address): + click.echo('Unassigned IP address {} from VNIC {}'.format(ip_address, vnic_id), err=True) + + +-@cli_util.copy_params_from_generated_command(virtualnetwork_cli.create_ipv6, params_to_exclude=['wait_for_state', 'max_wait_seconds', 'wait_interval_seconds']) ++@cli_util.copy_params_from_generated_command(virtualnetwork_cli.create_ipv6, params_to_exclude=['wait_for_state', 'max_wait_seconds', 'wait_interval_seconds', 'subnet_id']) + @virtualnetwork_cli.vnic_group.command(name='assign-ipv6', help=virtualnetwork_cli.create_ipv6.help) + @cli_util.option('--unassign-if-already-assigned', is_flag=True, default=False, help="""Force reassignment of the IP address if it's already assigned to another VNIC in the subnet. This is only relevant if an IP address is associated with this command.""") + @click.pass_context + @json_skeleton_utils.json_skeleton_generation_handler(input_params_to_complex_types={'defined-tags': {'module': 'core', 'class': 'dict(str, dict(str, object))'}, 'freeform-tags': {'module': 'core', 'class': 'dict(str, string)'}}, output_type={'module': 'core', 'class': 'PrivateIp'}) + @cli_util.wrap_exceptions +-def assign_ipv6(ctx, from_json, vnic_id, defined_tags, display_name, freeform_tags, ip_address, unassign_if_already_assigned, ipv6_subnet_cidr, route_table_id): ++def assign_ipv6(ctx, from_json, vnic_id, defined_tags, display_name, freeform_tags, ip_address, unassign_if_already_assigned, ipv6_subnet_cidr, route_table_id, lifetime): + networking_client = cli_util.build_client('core', 'virtual_network', ctx) + + # First we get the VNIC because we need to know the subnet OCID for the ListIpv6s call +@@ -348,6 +348,9 @@ def assign_ipv6(ctx, from_json, vnic_id, defined_tags, display_name, freeform_ta + if route_table_id is not None: + assign_ip_request_body['routeTableId'] = route_table_id + ++ if lifetime is not None: ++ assign_ip_request_body['lifetime'] = lifetime ++ + # If we are here then either the IP address does not exist or it is a candidate to be moved + if not is_ip_reassignment: + if ip_address is not None: From 8b0dfd5661297def629d392d002c95f0e77876c6 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Tue, 20 May 2025 01:17:17 +1000 Subject: [PATCH 073/363] system/packages: add oci-cli --- modules/system/packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/system/packages.nix b/modules/system/packages.nix index baae1cc..b257880 100644 --- a/modules/system/packages.nix +++ b/modules/system/packages.nix @@ -17,6 +17,7 @@ neovim nfs-utils ntfs3g + oci-cli ripgrep rsync sshfs From 9217ce6e916bfa270c46afda14aada000cdd391f Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Tue, 20 May 2025 02:34:18 +1000 Subject: [PATCH 074/363] system/wireguard: bring back, with ipv6 support --- hosts/dandelion/default.nix | 1 + modules/system/wireguard.nix | 56 ++++++++++++++++------------------- secrets.gcrypt/shared.json | Bin 154 -> 263 bytes secrets.nix | 5 ++-- secrets/acme_dns.age | Bin 492 -> 492 bytes secrets/passwd.age | Bin 531 -> 531 bytes secrets/warden_admin.age | Bin 289 -> 289 bytes secrets/wg_anemone.age | Bin 0 -> 367 bytes secrets/wg_blossom.age | 7 ----- secrets/wg_caramel.age | 9 +++--- secrets/wg_dandelion.age | 7 +++++ secrets/wg_hyacinth.age | 7 +++++ secrets/wg_sugarcane.age | 5 ---- secrets/wpa_conf.age | Bin 420 -> 420 bytes 14 files changed, 49 insertions(+), 48 deletions(-) create mode 100644 secrets/wg_anemone.age delete mode 100644 secrets/wg_blossom.age create mode 100644 secrets/wg_dandelion.age create mode 100644 secrets/wg_hyacinth.age delete mode 100644 secrets/wg_sugarcane.age diff --git a/hosts/dandelion/default.nix b/hosts/dandelion/default.nix index 5f13e44..4268910 100644 --- a/hosts/dandelion/default.nix +++ b/hosts/dandelion/default.nix @@ -16,6 +16,7 @@ nix-stable packages security + wireguard modules.services.nginx modules.services.postgres diff --git a/modules/system/wireguard.nix b/modules/system/wireguard.nix index 2684d65..9e5ef15 100644 --- a/modules/system/wireguard.nix +++ b/modules/system/wireguard.nix @@ -1,14 +1,12 @@ -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, gcSecrets, ... }: let port = 51820; - serverName = "sugarcane"; - serverInterface = "ens3"; - serverIp = "51.79.240.130"; + serverName = "dandelion"; + serverInterface = "enp0s6"; + serverIp = gcSecrets.wireguard.gateway; forwarding = { - "80" = [ "10.100.0.2" "80" ]; - "443" = [ "10.100.0.2" "443" ]; - "22727" = [ "10.100.0.3" "7777" ]; +# "22727" = [ "10.100.0.3" "7777" ]; }; mapForwards = type: @@ -24,45 +22,39 @@ let ); routeBypass = { - caramel = { - gateway = "192.168.100.1"; - interface = "wlan0"; - routes = [ - serverIp - ]; + anemone = { + interface = "wlp1s0"; + routes = [ serverIp ]; }; hyacinth = { - gateway = "192.168.100.1"; interface = "enp5s0"; - routes = [ - serverIp - ]; + routes = [ serverIp ]; }; }; clients = { - caramel = { - publicKey = "VDqcpS0lJzFgwikj61MJ1xc9P8Cuq0NXa+Hc+etn2iA="; - allowedIPs = [ "10.100.0.2/32" ]; - }; + # caramel = { + # publicKey = "VDqcpS0lJzFgwikj61MJ1xc9P8Cuq0NXa+Hc+etn2iA="; + # allowedIPs = [ "10.100.0.2/32" ]; + # }; hyacinth = { publicKey = "6nVhazYdmC15A/nke9VrqIg3sOBVOmqj4GEsyBq7MVo="; - allowedIPs = [ "10.100.0.3/32" ]; + allowedIPs = [ "10.100.0.3/32" "${gcSecrets.wireguard.ipv6Subnet}:3"]; }; - strawberry = { + anemone = { publicKey = "Fkcp/VSN4Dkhly8V4hskF4lnDviA7VZHCnWf7OliFCg="; - allowedIPs = [ "10.100.0.4/32" ]; + allowedIPs = [ "10.100.0.4/32" "${gcSecrets.wireguard.ipv6Subnet}:4" ]; }; - maple = { - publicKey = "kPw8hpANygfz83Oi/l+iCVYalV2zfs7fhkccjoGG2Do="; - allowedIPs = [ "10.100.0.5/32" ]; + hibiscus = { + publicKey = "vQ5a2KMrwi7RCRsD0yvog+n35vQYFuvwiPn+W4lbRBw="; + allowedIPs = [ "10.100.0.5/32" "${gcSecrets.wireguard.ipv6Subnet}:5" ]; }; }; clientPeers = builtins.attrValues clients; serverPeer = { publicKey = "3ugIk2tQZXjAH9/95s63ld2WNUHQrd4Mz5jzbln6oj0="; - allowedIPs = [ "0.0.0.0/0" ]; + allowedIPs = [ "0.0.0.0/0" "::/0" ]; endpoint = "${serverIp}:${toString port}"; persistentKeepalive = 25; }; @@ -79,7 +71,7 @@ let }; wireguard.interfaces.wg0 = { - ips = [ "10.100.0.1/24" ]; + ips = [ "10.100.0.1/24" "${gcSecrets.wireguard.ipv6Subnet}:1" ]; listenPort = port; postSetup = '' @@ -101,7 +93,7 @@ let let client = clients."${config.networking.hostName}"; routes = routeBypass."${config.networking.hostName}"; - mapRoutes = type: lib.concatMapStringsSep "\n" (r: "${pkgs.iproute2}/bin/ip route ${type} ${r} via ${routes.gateway} dev ${routes.interface}") routes.routes; + mapRoutes = type: lib.concatMapStringsSep "\n" (r: "${pkgs.iproute2}/bin/ip route ${type} ${r} dev ${routes.interface}") routes.routes; in { ips = client.allowedIPs; listenPort = port; @@ -121,6 +113,10 @@ let }; }; in { + boot.kernel.sysctl = lib.mkIf (config.networking.hostName == serverName) ({ + "net.ipv6.conf.all.forwarding" = true; + "net.ipv6.conf.default.forwarding" = true; + }); networking = lib.mkMerge [ (lib.mkIf (config.networking.hostName == serverName) serverConfig) diff --git a/secrets.gcrypt/shared.json b/secrets.gcrypt/shared.json index f3f2e36d2778be04f048a6e5eb65f207471e1a6c..ea6ffecfb3884847eb6dd9b9087f240144f88387 100644 GIT binary patch literal 263 zcmZQ@_Y83kiVO&0csO@&`0|=N^Q;*y*DCNIiLKA7boWqQUGnchS8>-9#y{pu)^8~8 zdtMn)yYJ_VYsW4*^Zt;#P^x#OPBnSDh_i)2kXlVeL(JPSan5;f!ZTeSD%x;9o2Kub z<6Uw29@nYX1#!<8^$DFXwRVv|HM1pTCQr1K!JF#`CMTK5JMDdPgURTy?4RzV)3$CD z{g@^CBg;ZmW~S5B_}?l8;ra`YXJpn z(|m6A83K|8XSg48ZtRd0tY*oZ*#Fh9_5XJ3mwx}>h^W0g{BF^m!~eS&J>8Z?9$LVv X+`L3@_1QwlX)^P;USx8;W-kQ*DQJ6k literal 154 zcmZQ@_Y83kiVO&0h`aFN$gR^?B;?)n_{^gBo_VjOdx}YuSGm+I;+|RNZ^^j~+n;3a zNttjZJXrJ7sWbPaLT9fla9kff^}<@+FMs`vJVNTP)-BlEWpQ?i-G&=HyAIk#r`7aM zUiB$|%J2KXUe5F~4C35-)%xrG`iF1m&ZQBa+1loXDNgBJL4NK9 zSrwt_X;oqRsfLb8`hLld7LEp0RTae%p$29ZxnW5@1@6Wb+L@kQy1KdwxvANisa}48 z{y8RP$?4h|#lil8#cs~#xnZGEY5Ms=Ir=H7A?A*$Awk~hT)Wu6dAwQHubKVvp0cWO z@~S|QbGLTwKhHLG-U~zfd5I}CO+0Tlx7?h*N#JWfvr!kL{6a1vrw^L@p4k46$`t)P i!}57S(1d00I8S;DGUv>dotOSwgh%1(yh$$^GkO46ubuq> delta 438 zcmaFE{DyggPJNn%ceaz0Wtx*?RcV=pM@XrUQ@XENX;npqzDseYX>O`PS)y5xNt$0} zC|6ZjcvYfzd5VQoK}kh^SdNQ#j-`22h>N>fo}sz6t5=DmK|pD^r$Jby374*&LUD11 zZfc5=si~o*LX=~2gh#o8lXixYxxR0RXM}mWwn18mzMFn{wn@6LqrP`$n6aOEK#F0R zhnsVlAVWEYyS9oUV z#E;_ju5N{uRe?VKMaET5!TuH{?!lE_$;n3ArN$|Rk$$D&{?4KKp*cp0CT`_imQE!` zsrun5rkRDI<{pOGN#Vu?C80(}z z(t7&ai}Rwb4BT#27;;|kG!bH1SZ?OPeQDDV!#lD!F1*=yQD-~LnY~B3_NI!wv8}q& jA*i(Bj@!c1e?MGHHd24~Vy||h-9 zHdj$$zJ8XeTdJo;cx8%3NxoT;b496}X@qfZaEhU~X=X~PSze`apl_r>GMBEMLUD11 zZfc5=si~o*f^(>IRz#pexJz1LaiE#2p{0JgOP+U{v0G`Rc4$SGZ$PeLfN!{$VL^7f zv4MG7W^SM(S4z6Eca*oMVPa}#dWgA&zmJDyj(K^wM`=)6U`a$)u9s;@j(&P+qLYis z#E;_jCC+YMPLZVnmM&3=UdH9x#W}ui8Low<-e!R*kxo&L1}Q$;fx(uhk3$ZDUR4EYCYcqMr3R5)y1Kdweg%1!i558- zK1JHW+FmBw<%#8yegP(CCdr9;CN6%V`N`(>N#@}Jt|g%+To*((7~f_+q00A8b`fLh zp}Xt*if!Dl#T{c2E_hU5lHW2pfMsudL!P8U<-)y>#9xJKr5oAp;QEw$;d8I0!J~Up zO?>m(ioP9UQxcqbdDVFa?#j+-DXlZDYLD)8&D4Iu%zD>h!HX%(zs|p!7N2uW{HitM Y>x2#5(|Mgg3b4yeK7Ppl$Cj<;03*q)!2kdN delta 478 zcmbQtGMQz9PQ9nAwxzeXabdQnx2JEYi*{6DZh%XryGL@cd1`QwvuCAIaDjGaN@i|^ zFPF1HsDX!JT2-cdw!4S9e??w_nRY;CSU{Rrj(eteq=AL8QD|7cepIf3374*&LUD11 zZfc5=si~o*f^(>IRz#qJzoSW+OI41)ySrz)ccx3evs+PFNO)4Jk85$BTauqaWv;VN zdSZD_S*b@lSAM#Wey&AOc(_?=wz)xuOQgR^V7OOcL{70mdbwp~k!w^^j;Et`Xi0wH z#E;_jmYJd9{`nS(1!k$pVZvNUCkuLg1t^rx*mfrbkm4-!ODdnLSE=eVBRe9zGCKaw+y1Kdw*&%+;euf3f z$&t>cDS?g=rp2lLQK{)3C2oZg`9>KoF5yM>W?rSf9!`PzT-z4aYD#YUJ|&~IPMNXj zTWP;AL$HJWmMGDdb$@fYZg@HFmkWG$Fz~(5oQE~X)*bJhSidaRFF!@7+SZb?#QXmY7nYGp}OX<(^-U{YaDQMsj|kEL(6M~+W!K9{bpu0lm* zlxK#aQ9-d+NN%O2VY-D!da!|4qKmhMX+(IWr*E=_e_5KFwtqxowh7mp&AUG>oU*9> zrR~r49WT0hbbOw4y^jA~CtJJyr2Z$1{PJu0o`U_?b1yTnJLzpojNs$AR?IMKzwE7z zy-eGUL*J&K_w{>sP)TYln}A9iyXuC6iRbGUue6=3xM0ZxfvT@5THHZCsc&DcKfJ&4 G!6yL66=drG delta 253 zcmZ3;w2*0nPJOXsg|?T4U%8u+XSi`zNl03TNvfwoSVX8xVQ`*jVWg{fk$z@`Wl?5T zB$sn=V1;j`w?#@~rF*J@V^nfpZa_d%il?c2mZyP-kBL!Yabm7ZifdJVGMBEdu0pnP zzFVQQUx`6rVV0wjenfdupu3TqpQle@WO+qiUZ_h|N||SpOS(s8RXW!vn-yDsaz48) zW$JnLn_ID+w)2BCx&PjVSRQ5lKAoS_Ng&*$a);O9w|3j@w}=TcZE(BMI_-|S=S;1+ zOJtmuSJim_&5hxo?#!HTHnX5nFYfsVPyJYKp8&o3;AqC)&#SkD8~-_5bVp|1;wym- FmH^RsVjchh diff --git a/secrets/wg_anemone.age b/secrets/wg_anemone.age new file mode 100644 index 0000000000000000000000000000000000000000..3ed5b37ae79ff5824c2654a6597d944b0882572b GIT binary patch literal 367 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCU7&!`M8aa1sm@=7Yt z^a{;24KWRO&nvMkEiyI<33V&a$ns8ew#f1JDNc-V)^_x8jN}UPjdV#22~W-|NOUes z&r6KT%1H@#DGblGFbgV9HLG$Bii)U+ax#q!$VRs<)Y2^?CtblOpv0mw$*?FrsnF6d zIX}eP*U7-s*B~#_!o@$mAm742JEGLYBrzbuFp|r{FVryC+bqa2(8JlS+&9a-LO&_0 zI5i;CFuXEX+qBFiFIYc2!!)Nb(11%uLnPxn}2^G%y#yQV*txxlb-+l-Fd;wJ4!x9RLZSvKbE5h0BTEv ACIA2c literal 0 HcmV?d00001 diff --git a/secrets/wg_blossom.age b/secrets/wg_blossom.age deleted file mode 100644 index 494761f..0000000 --- a/secrets/wg_blossom.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 CUCjXQ hLTFE9rxZfhOZ2rELykmG54pxJMCjTkzBvLasvgSN24 -wDbW0X7bItmMEDfGRVAw+wHycHDI/2OYAb5jFyd8f6s --> ssh-ed25519 U9FXlg juuKBMw9hX559zK6f2ERuBMl27ypQ6Ky5xlFEJxApXc -Gb6/rTwqMINqiojoIWcFEAQCEuQ6bQQHrOXChkthb4A ---- OEQ8ALTXcJKvpf0rJe6x2VHSAsTi1yFhz3eU0CZDjqE -ٓPΘ~Fdwi ]h//4ڰN7LaQ= v@oB*48 D=򪋅 \ No newline at end of file diff --git a/secrets/wg_caramel.age b/secrets/wg_caramel.age index 1a3b16e..a85d63f 100644 --- a/secrets/wg_caramel.age +++ b/secrets/wg_caramel.age @@ -1,5 +1,6 @@ age-encryption.org/v1 --> ssh-ed25519 U9FXlg qEy0vaHPPr9EUDjC3FveSk/xcnW/rtHVmx9o7cH7JFA -WAzEfa7T82vbkwMv/JIOASIjZ3gr1TRNfVzOWdWBVkQ ---- AoVNbcEOrFU5jcQ8geP5e4Lo3RxOyP9p4BG3BNsgiIQ -ٳ'XoYfů!/ "p; ssh-ed25519 U9FXlg VpFnvpTVZFSkKRpEgcmuT/WDLIP1ZySFLq2lRvrjq20 +7zQoSoIs1URmAYn2AdjvDTIY8GDYROcSxFq1bcl24Og +--- iaQQUE1/Xj1vxto3d+Llyl6XGrSff5MGPxdCHW9EI40 +Ʀ`t \  +bpeHX3!$3]X32t~V.=>$xBKJAL:DD}5 \ No newline at end of file diff --git a/secrets/wg_dandelion.age b/secrets/wg_dandelion.age new file mode 100644 index 0000000..0229699 --- /dev/null +++ b/secrets/wg_dandelion.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 bRFqeQ swv/p+w9+aytIkQ/6Yk1jouA+0M3rJabuiOz2rlpyAs +wt+wnM1EEKAyDNefr9K4+DtZvHcOzz9Y1EBRFkA5Nv4 +-> ssh-ed25519 U9FXlg xxV/8JoorO4YWPbwSG7p306Pb2+aT10u9eNR69PhZAA +rjOOuapa/h1tMYbdOc3Y/fPPzkNcYiamSk6rS/tbhtE +--- UKvt/4aAyYHOk5bhAP55yxPhkxTE94/xEqIqpGF3yiE +5; _EDB ssh-ed25519 CUCjXQ ptHKlNvz+AmnB/Wt9XBBNyfOGeoPG5TbyrXv5993PDQ +P0C17K+Kz8ocn0vzLf02aaYnxvRM/yjfRLMsBaJhsok +-> ssh-ed25519 U9FXlg /M8ryJjXAdlWhvNHbQgKUxe/UtL7HqEs9RqNDQBW3SM +p2d9OnOkU2Hx7+Kn+Z66qElFvczd3F4zVm5KXbOzYWY +--- PVd8mrRk/t6qv/U32/AZk9YssRU1yn3CLPeyaEPBXi0 +:Dx[cyyۙc4ɥ/އ^.=†ȯoGVQdXf^@TRegn 9UT \ No newline at end of file diff --git a/secrets/wg_sugarcane.age b/secrets/wg_sugarcane.age deleted file mode 100644 index fe26054..0000000 --- a/secrets/wg_sugarcane.age +++ /dev/null @@ -1,5 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 U9FXlg 7YXsTcRa8pco9Ic9fDSygCjNXrxFi5pHADtUqwOBPhg -0BYvRAhcQQ36kAXOW2QaS4S9rhenUx8xwbNozNdDpLM ---- V1E/2n1Ae5hlWhjAEziHA2J072a20GeKM+EtG+pT8cI -窴zWT좾G{"\ʖse>%)o|z!ēז2ࢨEs \ No newline at end of file diff --git a/secrets/wpa_conf.age b/secrets/wpa_conf.age index 068d35295d6e3cc190d9f31cf0f52a9861ba516a..2b6862e53af790780d4fcfd88e1ef7ed6cc3f47c 100644 GIT binary patch delta 385 zcmZ3&yo7mzPJN_VL9$1FU~Z&aZhmo?nXyZxYhrn1zFSm&zI&Ega=L4PhhJHqc~p*j zF_&S6S7m9XPl}0~Nn)g>M@E&QMMzZES!Ps7PJLN+dTO3iqGM*Ut50N3R+4LO zVp4IMvx{Rgmz#S)V76&xwyC3sqgO<_K~zvuo^NGnzJ5?dRIayvX{B$XPq=fYQC6BO zm#(g^LO_Udp>ar1maC6RR$zd;qhqGCV|jp4QD}~Ps84=jfTdw&en5buwx>%m*J*)g z9cyOKv##P{?a4`2l2*RD@>b=?v+9R#o%`ie{ozmdtrxpC%-`K*Qh6%a-^zB+GWEmW zDKbJ%$}T<*tp7RR{JyyFX3wOVRssokG$IOgr)y+c+hn|!Hu|h`{`>Bh=Q_3Aq7QF6 jzT(g?=J@sLLGOD9gEWROsSEP=SnT*??b06l(=!ABLeiAu delta 385 zcmZ3&yo7mzPJKZ^US3I5vA<_}W{6Lbg-NJEhGn92vP*itwxMTedRVzhT7G(&mtlH% zI#*z+w}pvefp@+^s#~g|d7*(>fSYS^VQ#j5W?H0nMs|5+a!z1XfqzkiFPE;JLUD11 zZfc5=si~o*La3!%L{7SbnOBgHm#KSpmVtIsu%~`mWqnamPKifEnM;^cp;KqHnmDiD6QzXMUn%s#!`P zm#(g^LP2VEnlthvtTBtU2(S6R+Bd64H0ezm+GHgpD48h06OHA%>V!Z From ffa71a694a453bff1507dd259f642765c8885ac7 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Tue, 20 May 2025 02:35:07 +1000 Subject: [PATCH 075/363] hosts/dandelion: add wg secret --- hosts/dandelion/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/dandelion/default.nix b/hosts/dandelion/default.nix index 4268910..55a46bc 100644 --- a/hosts/dandelion/default.nix +++ b/hosts/dandelion/default.nix @@ -5,6 +5,7 @@ age.secrets = { acme_dns.file = ../../secrets/acme_dns.age; + wg_dandelion.file = ../../secrets/wg_dandelion.age; }; imports = with modules.system; [ From d86285cdf95edce0fbbeb2114a88a9139ecad491 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Tue, 20 May 2025 02:36:00 +1000 Subject: [PATCH 076/363] secrets: fix wireguard json --- secrets.gcrypt/shared.json | Bin 263 -> 262 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/secrets.gcrypt/shared.json b/secrets.gcrypt/shared.json index ea6ffecfb3884847eb6dd9b9087f240144f88387..2e9e87662b9425f3d1dad08780f8004b72875c4a 100644 GIT binary patch literal 262 zcmZQ@_Y83kiVO&0czt{7Ob@g4)6;A{D^;28jY}j;jBi|i{a|n0?dV5*Z;qO?wI8^(Kh<@ugS(qq9e=Ldv%NWK%eL=% zxg*zkak$xuXAkF<+fTT1(||LdXZAo9fmDrOeYZy1L(TonX=d*TZwg zJ$=e6g)>F;f4pP8e!NvrbpEb#!B*E4&JCv?UgAIAM3Md z4@u41RL631@$R)I&#yZz&(RZcX_uVCR@}45pLuU_LvbI&{k_7j{#E;9)gxDaj!yo0 WPAKW*n)#A1FT@ttZ_$lB;|Bog5q@I; literal 263 zcmZQ@_Y83kiVO&0csO@&`0|=N^Q;*y*DCNIiLKA7boWqQUGnchS8>-9#y{pu)^8~8 zdtMn)yYJ_VYsW4*^Zt;#P^x#OPBnSDh_i)2kXlVeL(JPSan5;f!ZTeSD%x;9o2Kub z<6Uw29@nYX1#!<8^$DFXwRVv|HM1pTCQr1K!JF#`CMTK5JMDdPgURTy?4RzV)3$CD z{g@^CBg;ZmW~S5B_}?l8;ra`YXJpn z(|m6A83K|8XSg48ZtRd0tY*oZ*#Fh9_5XJ3mwx}>h^W0g{BF^m!~eS&J>8Z?9$LVv X+`L3@_1QwlX)^P;USx8;W-kQ*DQJ6k From eb91ab1540c975ad927f605de9bd402f7db08964 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Tue, 20 May 2025 02:42:24 +1000 Subject: [PATCH 077/363] hosts/anemone: wg --- hosts/anemone/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/anemone/default.nix b/hosts/anemone/default.nix index 77b07a7..dda36f5 100644 --- a/hosts/anemone/default.nix +++ b/hosts/anemone/default.nix @@ -5,6 +5,7 @@ nixpkgs.overlays = [ inputs.neovim-nightly.overlays.default ]; age.secrets = { + wg_anemone.file = ../../secrets/wg_anemone.age; passwd.file = ../../secrets/passwd.age; }; @@ -26,6 +27,7 @@ printing security snapper + wireguard ./filesystem.nix ./kernel.nix From 0fe62078fae470a17efb6a6789a41c96079c529a Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Tue, 20 May 2025 02:50:41 +1000 Subject: [PATCH 078/363] system/wireguard: use new anemone key --- modules/system/wireguard.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/wireguard.nix b/modules/system/wireguard.nix index 9e5ef15..ccdf5be 100644 --- a/modules/system/wireguard.nix +++ b/modules/system/wireguard.nix @@ -42,7 +42,7 @@ let allowedIPs = [ "10.100.0.3/32" "${gcSecrets.wireguard.ipv6Subnet}:3"]; }; anemone = { - publicKey = "Fkcp/VSN4Dkhly8V4hskF4lnDviA7VZHCnWf7OliFCg="; + publicKey = "px5+JNdAmqBvUC++DhiJrUBRAr+BYP6iYVt4sbhPTWY="; allowedIPs = [ "10.100.0.4/32" "${gcSecrets.wireguard.ipv6Subnet}:4" ]; }; hibiscus = { From 3ebd082be227a2c93913c5445958c3caa7595f28 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Tue, 20 May 2025 11:51:42 +1000 Subject: [PATCH 079/363] system/wireguard: use wg-quick for clients --- modules/system/wireguard.nix | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/modules/system/wireguard.nix b/modules/system/wireguard.nix index ccdf5be..621e8db 100644 --- a/modules/system/wireguard.nix +++ b/modules/system/wireguard.nix @@ -112,6 +112,20 @@ let peers = [ serverPeer ]; }; }; + + clientQuickConfig = { + wg-quick.interfaces = + let + client = clients."${config.networking.hostName}"; + in { + wg0 = { + address = client.allowedIPs; + privateKeyFile = config.age.secrets."wg_${config.networking.hostName}".path; + + peers = [ serverPeer ]; + }; + }; + }; in { boot.kernel.sysctl = lib.mkIf (config.networking.hostName == serverName) ({ "net.ipv6.conf.all.forwarding" = true; @@ -120,6 +134,7 @@ in { networking = lib.mkMerge [ (lib.mkIf (config.networking.hostName == serverName) serverConfig) - (lib.mkIf (builtins.hasAttr config.networking.hostName clients) clientConfig) + #(lib.mkIf (builtins.hasAttr config.networking.hostName clients) clientConfig) + (lib.mkIf (builtins.hasAttr config.networking.hostName clients) clientQuickConfig) ]; } From 203bc2ab53af43c868aeffee71ab843e5d44ccfc Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Tue, 20 May 2025 12:32:36 +1000 Subject: [PATCH 080/363] system/wireguard: use cloudflare dns --- modules/system/wireguard.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/system/wireguard.nix b/modules/system/wireguard.nix index 621e8db..ada49dc 100644 --- a/modules/system/wireguard.nix +++ b/modules/system/wireguard.nix @@ -120,6 +120,7 @@ let in { wg0 = { address = client.allowedIPs; + dns = [ "2606:4700:4700::1111" "2606:4700:4700::1001" "1.1.1.1" "1.0.0.1" ]; privateKeyFile = config.age.secrets."wg_${config.networking.hostName}".path; peers = [ serverPeer ]; From bdbb5fe0deb822211e0167706785238f9e67f776 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Tue, 20 May 2025 14:11:47 +1000 Subject: [PATCH 081/363] dandelion/transmission-container: fix systemd container issues --- hosts/dandelion/transmission-container.nix | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/hosts/dandelion/transmission-container.nix b/hosts/dandelion/transmission-container.nix index b9a8203..e3ee5ae 100644 --- a/hosts/dandelion/transmission-container.nix +++ b/hosts/dandelion/transmission-container.nix @@ -48,7 +48,14 @@ }; networking.firewall.enable = false; - systemd.services.transmission.serviceConfig.BindReadOnlyPaths = lib.mkForce [ builtins.storeDir "/etc" ]; + # https://github.com/NixOS/nixpkgs/issues/258793 + systemd.services.transmission.serviceConfig = { + BindReadOnlyPaths = lib.mkForce [ builtins.storeDir "/etc" ]; + RootDirectoryStartOnly = lib.mkForce false; + RootDirectory = lib.mkForce ""; + PrivateMounts = lib.mkForce false; + PrivateUsers = lib.mkForce false; + }; imports = [ modules.services.transmission ]; services.transmission.settings = { rpc-host-whitelist-enabled = false; From 1ecec117278653b11b9b7f880ea66e38950c309a Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Thu, 22 May 2025 22:10:52 +1000 Subject: [PATCH 082/363] system/wireguard: add and default to an ipv6-only tunnel --- modules/system/wireguard.nix | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/modules/system/wireguard.nix b/modules/system/wireguard.nix index ada49dc..7a3828f 100644 --- a/modules/system/wireguard.nix +++ b/modules/system/wireguard.nix @@ -58,6 +58,12 @@ let endpoint = "${serverIp}:${toString port}"; persistentKeepalive = 25; }; + server6OnlyPeer = { + publicKey = "3ugIk2tQZXjAH9/95s63ld2WNUHQrd4Mz5jzbln6oj0="; + allowedIPs = [ "::/0" ]; + endpoint = "${serverIp}:${toString port}"; + persistentKeepalive = 25; + }; serverConfig = { nat = { @@ -123,7 +129,15 @@ let dns = [ "2606:4700:4700::1111" "2606:4700:4700::1001" "1.1.1.1" "1.0.0.1" ]; privateKeyFile = config.age.secrets."wg_${config.networking.hostName}".path; + peers = [ server6OnlyPeer ]; + }; + wg1 = { + address = client.allowedIPs; + dns = [ "2606:4700:4700::1111" "2606:4700:4700::1001" "1.1.1.1" "1.0.0.1" ]; + privateKeyFile = config.age.secrets."wg_${config.networking.hostName}".path; + peers = [ serverPeer ]; + autostart = false; }; }; }; From 17164b05b9b04ce2ac161454bf5357c875e29f08 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Thu, 22 May 2025 22:57:47 +1000 Subject: [PATCH 083/363] services/unbound: bring back --- flake.lock | 17 +++++++++++++++++ flake.nix | 2 +- hosts/dandelion/default.nix | 1 + modules/services/unbound.nix | 15 +++++++++++---- 4 files changed, 30 insertions(+), 5 deletions(-) diff --git a/flake.lock b/flake.lock index e6a52d4..e69dca7 100644 --- a/flake.lock +++ b/flake.lock @@ -722,6 +722,7 @@ "pure": "pure", "spicetify-nix": "spicetify-nix", "spotify-adblock": "spotify-adblock", + "stevenblack-hosts": "stevenblack-hosts", "tree-sitter-jsonc": "tree-sitter-jsonc", "website": "website", "wine-discord-ipc-bridge": "wine-discord-ipc-bridge", @@ -766,6 +767,22 @@ "type": "github" } }, + "stevenblack-hosts": { + "flake": false, + "locked": { + "lastModified": 1747792192, + "narHash": "sha256-HeWotX8CVc3vDlvAGq99FaeAT9JRSWtx4N/NhtjPwtg=", + "owner": "StevenBlack", + "repo": "hosts", + "rev": "dbdcb032706dfe548745266218501afa93c14ad5", + "type": "github" + }, + "original": { + "owner": "StevenBlack", + "repo": "hosts", + "type": "github" + } + }, "systems": { "locked": { "lastModified": 1681028828, diff --git a/flake.nix b/flake.nix index 9f5e51d..98a4505 100644 --- a/flake.nix +++ b/flake.nix @@ -22,7 +22,7 @@ spicetify-nix.inputs.nixpkgs.follows = "nixpkgs"; # services - # hosts-blocklists = { url = "github:notracking/hosts-blocklists"; flake = false; }; + stevenblack-hosts = { url = "github:StevenBlack/hosts"; flake = false; }; website = { url = "github:LavaDesu/lavadesu.github.io/master"; flake = false; }; # zsh plugins diff --git a/hosts/dandelion/default.nix b/hosts/dandelion/default.nix index 55a46bc..2e915a3 100644 --- a/hosts/dandelion/default.nix +++ b/hosts/dandelion/default.nix @@ -21,6 +21,7 @@ modules.services.nginx modules.services.postgres + modules.services.unbound ./filesystem.nix ./kernel.nix diff --git a/modules/services/unbound.nix b/modules/services/unbound.nix index a9cf3bc..5ee9cc7 100644 --- a/modules/services/unbound.nix +++ b/modules/services/unbound.nix @@ -1,8 +1,12 @@ -{ inputs, ... }: +{ inputs, pkgs, gcSecrets, ... }: let dir = "/persist/unbound"; + + converted = pkgs.runCommand "stevenblack-hosts-unbound" {} '' + grep '^0\.0\.0\.0' "${inputs.stevenblack-hosts}/hosts" | awk '{print "local-zone: \""$2"\" always_refuse"}' > "$out" + ''; in { - networking.firewall.interfaces.wlan0 = { + networking.firewall.interfaces.wg0 = { allowedUDPPorts = [ 53 853 ]; allowedTCPPorts = [ 53 853 ]; }; @@ -16,17 +20,20 @@ in { name = "."; forward-tls-upstream = true; forward-addr = [ + "2606:4700:4700::1111@853#cloudflare-dns.com" + "2606:4700:4700::1001@853#cloudflare-dns.com" "1.1.1.1@853#cloudflare-dns.com" "1.0.0.1@853#cloudflare-dns.com" ]; }]; server = { - interface = [ "0.0.0.0" ]; + interface = [ "0.0.0.0" "::0" ]; access-control = [ "127.0.0.1/8 allow" "10.0.0.0/8 allow" "192.168.100.0/24 allow" + "${gcSecrets.wireguard.ipv6Subnet}/80 allow" ]; domain-insecure = [ "\"local.lava.moe\"" ]; local-zone = [ "\"warden.local.lava.moe.\" redirect" ]; @@ -35,7 +42,7 @@ in { ]; }; - include = "${inputs.hosts-blocklists}/unbound/unbound.blacklist.conf"; + include = "${converted}"; }; }; From f87dfa314e87d34b0bf7b1afc3d2bdb35dd1b589 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Thu, 22 May 2025 23:03:17 +1000 Subject: [PATCH 084/363] system/unbound: remove first line of stevenblack hosts --- modules/services/unbound.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/services/unbound.nix b/modules/services/unbound.nix index 5ee9cc7..b7737c3 100644 --- a/modules/services/unbound.nix +++ b/modules/services/unbound.nix @@ -3,7 +3,7 @@ let dir = "/persist/unbound"; converted = pkgs.runCommand "stevenblack-hosts-unbound" {} '' - grep '^0\.0\.0\.0' "${inputs.stevenblack-hosts}/hosts" | awk '{print "local-zone: \""$2"\" always_refuse"}' > "$out" + grep '^0\.0\.0\.0' "${inputs.stevenblack-hosts}/hosts" | awk '{print "local-zone: \""$2"\" always_refuse"}' | tail -n +2 > "$out" ''; in { networking.firewall.interfaces.wg0 = { From 44a3d4473fd7331245e9a69e31087fea2d7a3fdd Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Thu, 22 May 2025 23:09:50 +1000 Subject: [PATCH 085/363] services/unbound: fix syntax error --- modules/services/unbound.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/services/unbound.nix b/modules/services/unbound.nix index b7737c3..34eefe0 100644 --- a/modules/services/unbound.nix +++ b/modules/services/unbound.nix @@ -3,7 +3,8 @@ let dir = "/persist/unbound"; converted = pkgs.runCommand "stevenblack-hosts-unbound" {} '' - grep '^0\.0\.0\.0' "${inputs.stevenblack-hosts}/hosts" | awk '{print "local-zone: \""$2"\" always_refuse"}' | tail -n +2 > "$out" + echo "server:" > "$out" + grep '^0\.0\.0\.0' "${inputs.stevenblack-hosts}/hosts" | awk '{print "local-zone: \""$2"\" always_refuse"}' | tail -n +2 >> "$out" ''; in { networking.firewall.interfaces.wg0 = { From 1db10b5b9db330c3adba5e8c40643545827ec48f Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Thu, 22 May 2025 23:11:05 +1000 Subject: [PATCH 086/363] services/unbound: fix subnet ip --- modules/services/unbound.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/services/unbound.nix b/modules/services/unbound.nix index 34eefe0..62732c9 100644 --- a/modules/services/unbound.nix +++ b/modules/services/unbound.nix @@ -34,7 +34,7 @@ in { "127.0.0.1/8 allow" "10.0.0.0/8 allow" "192.168.100.0/24 allow" - "${gcSecrets.wireguard.ipv6Subnet}/80 allow" + "${gcSecrets.wireguard.ipv6Subnet}:/80 allow" ]; domain-insecure = [ "\"local.lava.moe\"" ]; local-zone = [ "\"warden.local.lava.moe.\" redirect" ]; From 5f5412f433f2c121b3888400d283fb70effe32f0 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Sat, 5 Apr 2025 14:11:56 +1100 Subject: [PATCH 087/363] services/nginx: remove hosts --- modules/services/nginx.nix | 23 ----------------------- 1 file changed, 23 deletions(-) diff --git a/modules/services/nginx.nix b/modules/services/nginx.nix index c58f2ee..eb4767b 100644 --- a/modules/services/nginx.nix +++ b/modules/services/nginx.nix @@ -21,28 +21,5 @@ recommendedOptimisation = true; recommendedGzipSettings = true; recommendedProxySettings = true; - - virtualHosts = { - "lava.moe" = { - useACMEHost = "lava.moe"; - forceSSL = true; - root = inputs.website.outPath; - }; - "cdn.lava.moe" = { - useACMEHost = "lava.moe"; - forceSSL = true; - root = "/persist/cdn"; - }; - "_" = { - default = true; - addSSL = true; - # TODO generate this somewhere - sslCertificate = "/persist/fakeCerts/fake.crt"; - sslCertificateKey = "/persist/fakeCerts/fake.key"; - extraConfig = '' - return 444; - ''; - }; - }; }; } From cc76cdf00d6cd54647371be64e696530f6f2586a Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Sat, 5 Apr 2025 14:13:05 +1100 Subject: [PATCH 088/363] hosts/hazel: add acme_dns secret --- hosts/hazel/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hosts/hazel/default.nix b/hosts/hazel/default.nix index c487e5e..1904423 100644 --- a/hosts/hazel/default.nix +++ b/hosts/hazel/default.nix @@ -3,6 +3,10 @@ system.stateVersion = "24.11"; time.timeZone = "Australia/Melbourne"; + age.secrets = { + acme_dns.file = ../../secrets/acme_dns.age; + }; + imports = with modules.system; with modules.services; [ home-manager-stable From e90ebf622006688044f6be84e93513f7cfad829c Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Sat, 5 Apr 2025 14:17:51 +1100 Subject: [PATCH 089/363] hosts/hazel: enable https --- hosts/hazel/default.nix | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/hosts/hazel/default.nix b/hosts/hazel/default.nix index 1904423..a36bc67 100644 --- a/hosts/hazel/default.nix +++ b/hosts/hazel/default.nix @@ -1,4 +1,4 @@ -{ modules, pkgs, ... }: { +{ config, modules, pkgs, ... }: { networking.hostName = "hazel"; system.stateVersion = "24.11"; time.timeZone = "Australia/Melbourne"; @@ -35,5 +35,11 @@ dbtype = "pgsql"; adminpassFile = "/persist/nextcloud-admin-pass"; }; + https = true; + }; + + services.nginx.virtualHosts.${config.services.nextcloud.hostName} = { + forceSSL = true; + enableACME = true; }; } From e7a7b39d411d4bcf95b92f2dd0326466c39de3a8 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Sat, 5 Apr 2025 14:33:57 +1100 Subject: [PATCH 090/363] hosts/hazel: init immich --- hosts/hazel/default.nix | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/hosts/hazel/default.nix b/hosts/hazel/default.nix index a36bc67..9926c7f 100644 --- a/hosts/hazel/default.nix +++ b/hosts/hazel/default.nix @@ -42,4 +42,27 @@ forceSSL = true; enableACME = true; }; + + services.immich = { + enable = true; + port = 2283; + }; + + users.users.immich.extraGroups = [ "video" "render" ]; + hardware.opengl.enable = true; + services.nginx.virtualHosts."photos.lava.moe" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://[::1]:${toString config.services.immich.port}"; + proxyWebsockets = true; + recommendedProxySettings = true; + extraConfig = '' + client_max_body_size 50000M; + proxy_read_timeout 600s; + proxy_send_timeout 600s; + send_timeout 600s; + ''; + }; + }; } From 5f5aa86ce21ad8f2c1ac8d50e7d262720e0a2ce2 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Mon, 7 Apr 2025 00:46:43 +1000 Subject: [PATCH 091/363] hosts/hazel: move services data to /flower --- hosts/hazel/default.nix | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/hosts/hazel/default.nix b/hosts/hazel/default.nix index 9926c7f..7f4d1cc 100644 --- a/hosts/hazel/default.nix +++ b/hosts/hazel/default.nix @@ -1,4 +1,24 @@ -{ config, modules, pkgs, ... }: { +{ config, modules, pkgs, ... }: +let + dirs = [ + ["immich" "immich"] + ["nextcloud" "nextcloud"] + ["postgresql" "postgres"] + ["redis-immich" "redis-immich"] + ]; + + rules = builtins.map (d: "d /flower/${builtins.elemAt d 0} 750 ${builtins.elemAt d 1} ${builtins.elemAt d 1}") dirs; + mounts = builtins.listToAttrs (builtins.map (d: { + name = "/var/lib/${builtins.elemAt d 0}"; + value = { + depends = [ "/flower" ]; + device = "/flower/${builtins.elemAt d 0}"; + fsType = "none"; + options = [ "bind" ]; + }; + }) dirs); +in +{ networking.hostName = "hazel"; system.stateVersion = "24.11"; time.timeZone = "Australia/Melbourne"; @@ -65,4 +85,7 @@ ''; }; }; + + systemd.tmpfiles.rules = rules; + fileSystems = mounts; } From 69c13bc50e24ec2556f701a50f09477e18c6913a Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Mon, 7 Apr 2025 12:38:22 +1000 Subject: [PATCH 092/363] users/hana: add dandelion to authorized keys --- users/hana/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/users/hana/default.nix b/users/hana/default.nix index a895181..489517a 100644 --- a/users/hana/default.nix +++ b/users/hana/default.nix @@ -8,6 +8,7 @@ hashedPassword = "$y$j9T$3xCNDudmfrIu5VfQQoDkj/$ugzJWq0gORN9jnhDsREu31CkL3zwniQu6KoLbmg6Wr/"; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPru5eTBvHJ4ZmrrzPRHCGM09wQP/ZHSaKYalDuBVO15 rin@anemone" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILhP8yi/CdACtql3I4j0xI+r0KV4AVCb265Bd/RTFBu4 hana@dandelion" ]; }; From 19ed50cc9db4bfe86c1c351afabdb51509203a0c Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Wed, 30 Apr 2025 00:29:00 +1000 Subject: [PATCH 093/363] users/hana: add hibiscus to authorized keys --- users/hana/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/users/hana/default.nix b/users/hana/default.nix index 489517a..ed7a464 100644 --- a/users/hana/default.nix +++ b/users/hana/default.nix @@ -9,6 +9,7 @@ openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPru5eTBvHJ4ZmrrzPRHCGM09wQP/ZHSaKYalDuBVO15 rin@anemone" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILhP8yi/CdACtql3I4j0xI+r0KV4AVCb265Bd/RTFBu4 hana@dandelion" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ5l9t8dc6mPsKKYqZlPKvhOdyqz+DS5UOcvHuh3uVGt cilly@hibiscus" ]; }; From 945eb34e6042778692f885954d8058dc6da6ac8b Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Mon, 19 May 2025 14:14:42 +1000 Subject: [PATCH 094/363] hazel/networking: add ipv6 address --- hosts/hazel/networking.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/hosts/hazel/networking.nix b/hosts/hazel/networking.nix index 1dd932a..60064b5 100644 --- a/hosts/hazel/networking.nix +++ b/hosts/hazel/networking.nix @@ -1,5 +1,15 @@ { config, ... }: { networking = { useDHCP = true; + interfaces.enp8s0.ipv6.addresses = [ + { + address = "2a01:4f9:4a:2694::11"; + prefixLength = 64; + } + ]; + defaultGateway6 = { + address = "fe80::1"; + interface = "enp8s0"; + }; }; } From a6348c833ee724664e5cdecf1ed51051945edbc7 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Thu, 22 May 2025 23:38:13 +1000 Subject: [PATCH 095/363] system/wireguard: cleanup, create local ipv6 subnet, and use unbound dns --- modules/system/wireguard.nix | 55 +++++------------------------------- 1 file changed, 7 insertions(+), 48 deletions(-) diff --git a/modules/system/wireguard.nix b/modules/system/wireguard.nix index 7a3828f..ca47ddb 100644 --- a/modules/system/wireguard.nix +++ b/modules/system/wireguard.nix @@ -21,33 +21,18 @@ let '') forwarding ); - routeBypass = { - anemone = { - interface = "wlp1s0"; - routes = [ serverIp ]; - }; - hyacinth = { - interface = "enp5s0"; - routes = [ serverIp ]; - }; - }; - clients = { - # caramel = { - # publicKey = "VDqcpS0lJzFgwikj61MJ1xc9P8Cuq0NXa+Hc+etn2iA="; - # allowedIPs = [ "10.100.0.2/32" ]; - # }; hyacinth = { publicKey = "6nVhazYdmC15A/nke9VrqIg3sOBVOmqj4GEsyBq7MVo="; - allowedIPs = [ "10.100.0.3/32" "${gcSecrets.wireguard.ipv6Subnet}:3"]; + allowedIPs = [ "10.100.0.3/32" "${gcSecrets.wireguard.ipv6Subnet}:3" "fd0d::3" ]; }; anemone = { publicKey = "px5+JNdAmqBvUC++DhiJrUBRAr+BYP6iYVt4sbhPTWY="; - allowedIPs = [ "10.100.0.4/32" "${gcSecrets.wireguard.ipv6Subnet}:4" ]; + allowedIPs = [ "10.100.0.4/32" "${gcSecrets.wireguard.ipv6Subnet}:4" "fd0d::4" ]; }; hibiscus = { publicKey = "vQ5a2KMrwi7RCRsD0yvog+n35vQYFuvwiPn+W4lbRBw="; - allowedIPs = [ "10.100.0.5/32" "${gcSecrets.wireguard.ipv6Subnet}:5" ]; + allowedIPs = [ "10.100.0.5/32" "${gcSecrets.wireguard.ipv6Subnet}:5" "fd0d::5" ]; }; }; @@ -77,7 +62,7 @@ let }; wireguard.interfaces.wg0 = { - ips = [ "10.100.0.1/24" "${gcSecrets.wireguard.ipv6Subnet}:1" ]; + ips = [ "10.100.0.1/24" "${gcSecrets.wireguard.ipv6Subnet}:1" "fd0d::1" ]; listenPort = port; postSetup = '' @@ -95,45 +80,20 @@ let }; clientConfig = { - wireguard.interfaces.wg0 = - let - client = clients."${config.networking.hostName}"; - routes = routeBypass."${config.networking.hostName}"; - mapRoutes = type: lib.concatMapStringsSep "\n" (r: "${pkgs.iproute2}/bin/ip route ${type} ${r} dev ${routes.interface}") routes.routes; - in { - ips = client.allowedIPs; - listenPort = port; - - postSetup = '' - ${mapRoutes "add"} - ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o ${serverInterface} -j MASQUERADE - ''; - - postShutdown = '' - ${mapRoutes "del"} - ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o ${serverInterface} -j MASQUERADE - ''; - - privateKeyFile = config.age.secrets."wg_${config.networking.hostName}".path; - peers = [ serverPeer ]; - }; - }; - - clientQuickConfig = { wg-quick.interfaces = let client = clients."${config.networking.hostName}"; in { wg0 = { address = client.allowedIPs; - dns = [ "2606:4700:4700::1111" "2606:4700:4700::1001" "1.1.1.1" "1.0.0.1" ]; + dns = [ "fd0d::1" "10.100.0.1" ]; privateKeyFile = config.age.secrets."wg_${config.networking.hostName}".path; peers = [ server6OnlyPeer ]; }; wg1 = { address = client.allowedIPs; - dns = [ "2606:4700:4700::1111" "2606:4700:4700::1001" "1.1.1.1" "1.0.0.1" ]; + dns = [ "fd0d::1" "10.100.0.1" ]; privateKeyFile = config.age.secrets."wg_${config.networking.hostName}".path; peers = [ serverPeer ]; @@ -149,7 +109,6 @@ in { networking = lib.mkMerge [ (lib.mkIf (config.networking.hostName == serverName) serverConfig) - #(lib.mkIf (builtins.hasAttr config.networking.hostName clients) clientConfig) - (lib.mkIf (builtins.hasAttr config.networking.hostName clients) clientQuickConfig) + (lib.mkIf (builtins.hasAttr config.networking.hostName clients) clientConfig) ]; } From f35d104f84c3edab3e636b2633e7048eccf6fdd6 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Thu, 22 May 2025 23:38:50 +1000 Subject: [PATCH 096/363] services/unbound: allow wireguard clients --- modules/services/unbound.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/services/unbound.nix b/modules/services/unbound.nix index 62732c9..e6ec4ad 100644 --- a/modules/services/unbound.nix +++ b/modules/services/unbound.nix @@ -34,6 +34,7 @@ in { "127.0.0.1/8 allow" "10.0.0.0/8 allow" "192.168.100.0/24 allow" + "fd0d::/16 allow" "${gcSecrets.wireguard.ipv6Subnet}:/80 allow" ]; domain-insecure = [ "\"local.lava.moe\"" ]; From 93279eb6e61b303c6a82c7338cd27c0a23e595a9 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Thu, 22 May 2025 23:42:08 +1000 Subject: [PATCH 097/363] services/website: init --- hosts/dandelion/default.nix | 1 + modules/default.nix | 1 + modules/services/nginx.nix | 2 +- modules/services/website.nix | 24 ++++++++++++++++++++++++ 4 files changed, 27 insertions(+), 1 deletion(-) create mode 100644 modules/services/website.nix diff --git a/hosts/dandelion/default.nix b/hosts/dandelion/default.nix index 2e915a3..b9f5e42 100644 --- a/hosts/dandelion/default.nix +++ b/hosts/dandelion/default.nix @@ -22,6 +22,7 @@ modules.services.nginx modules.services.postgres modules.services.unbound + modules.services.website ./filesystem.nix ./kernel.nix diff --git a/modules/default.nix b/modules/default.nix index 8a66d93..9a1898a 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -26,6 +26,7 @@ in { ./services/transmission.nix ./services/unbound.nix ./services/vaultwarden.nix + ./services/website.nix ]; system = mkAttrsFromPaths [ ./system/aagl.nix diff --git a/modules/services/nginx.nix b/modules/services/nginx.nix index eb4767b..be8adaf 100644 --- a/modules/services/nginx.nix +++ b/modules/services/nginx.nix @@ -1,4 +1,4 @@ -{ config, inputs, ... }: { +{ config, ... }: { networking.firewall.allowedTCPPorts = [ 80 443 ]; security.acme = { acceptTerms = true; diff --git a/modules/services/website.nix b/modules/services/website.nix new file mode 100644 index 0000000..5e7a223 --- /dev/null +++ b/modules/services/website.nix @@ -0,0 +1,24 @@ +{ inputs, ... }: { + services.nginx.virtualHosts = { + "lava.moe" = { + useACMEHost = "lava.moe"; + forceSSL = true; + root = inputs.website.outPath; + }; + "cdn.lava.moe" = { + useACMEHost = "lava.moe"; + forceSSL = true; + root = "/persist/cdn"; + }; + "_" = { + default = true; + addSSL = true; + # TODO generate this somewhere + sslCertificate = "/persist/fakeCerts/fake.crt"; + sslCertificateKey = "/persist/fakeCerts/fake.key"; + extraConfig = '' + return 444; + ''; + }; + }; +} From 718437153feb37727e7354cab2da02a969028544 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Thu, 22 May 2025 23:43:56 +1000 Subject: [PATCH 098/363] hosts/hyacinth: fix wg filepath --- hosts/hyacinth/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/hyacinth/default.nix b/hosts/hyacinth/default.nix index ff21b6b..c60951a 100644 --- a/hosts/hyacinth/default.nix +++ b/hosts/hyacinth/default.nix @@ -7,7 +7,7 @@ nixpkgs.overlays = [ inputs.neovim-nightly.overlays.default ]; age.secrets = { passwd.file = ../../secrets/passwd.age; - wg_hyacinth.file = ../../secrets/wg_blossom.age; + wg_hyacinth.file = ../../secrets/wg_hyacinth.age; wpa_conf.file = ../../secrets/wpa_conf.age; }; imports = with modules.system; [ From 7aa3a988fea98ca8b98ef5733accdb153fcbe323 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Fri, 23 May 2025 00:03:52 +1000 Subject: [PATCH 099/363] system/wireguard: refactor, and add hazel --- modules/system/wireguard.nix | 50 +++++++++++++++++++----------------- 1 file changed, 27 insertions(+), 23 deletions(-) diff --git a/modules/system/wireguard.nix b/modules/system/wireguard.nix index ca47ddb..186367f 100644 --- a/modules/system/wireguard.nix +++ b/modules/system/wireguard.nix @@ -25,30 +25,45 @@ let hyacinth = { publicKey = "6nVhazYdmC15A/nke9VrqIg3sOBVOmqj4GEsyBq7MVo="; allowedIPs = [ "10.100.0.3/32" "${gcSecrets.wireguard.ipv6Subnet}:3" "fd0d::3" ]; + interfaces = { + wg0 = { peers = [ server6OnlyPeer ]; }; + wg1 = { peers = [ serverPeer ]; autostart = false; }; + }; }; anemone = { publicKey = "px5+JNdAmqBvUC++DhiJrUBRAr+BYP6iYVt4sbhPTWY="; allowedIPs = [ "10.100.0.4/32" "${gcSecrets.wireguard.ipv6Subnet}:4" "fd0d::4" ]; + interfaces = { + wg0 = { peers = [ server6OnlyPeer ]; }; + wg1 = { peers = [ serverPeer ]; autostart = false; }; + }; }; hibiscus = { publicKey = "vQ5a2KMrwi7RCRsD0yvog+n35vQYFuvwiPn+W4lbRBw="; allowedIPs = [ "10.100.0.5/32" "${gcSecrets.wireguard.ipv6Subnet}:5" "fd0d::5" ]; + interfaces = { + wg0 = { peers = [ server6OnlyPeer ]; }; + wg1 = { peers = [ serverPeer ]; autostart = false; }; + }; + }; + hazel = { + publicKey = "vQ5a2KMrwi7RCRsD0yvog+n35vQYFuvwiPn+W4lbRBw="; + allowedIPs = [ "10.100.0.21/32" "${gcSecrets.wireguard.ipv6Subnet}:21" "fd0d::21" ]; + interfaces = { + wg0 = { peers = [ (serverPeerWith [ "10.100.0.0/24" "fd0d::/16" ]) ]; }; + }; }; }; clientPeers = builtins.attrValues clients; - serverPeer = { + serverPeerWith = ips: { publicKey = "3ugIk2tQZXjAH9/95s63ld2WNUHQrd4Mz5jzbln6oj0="; - allowedIPs = [ "0.0.0.0/0" "::/0" ]; - endpoint = "${serverIp}:${toString port}"; - persistentKeepalive = 25; - }; - server6OnlyPeer = { - publicKey = "3ugIk2tQZXjAH9/95s63ld2WNUHQrd4Mz5jzbln6oj0="; - allowedIPs = [ "::/0" ]; + allowedIPs = ips; endpoint = "${serverIp}:${toString port}"; persistentKeepalive = 25; }; + serverPeer = serverPeerWith [ "0.0.0.0/0" "::/0" ]; + server6OnlyPeer = serverPeerWith [ "10.100.0.0/24" "::/0" ]; serverConfig = { nat = { @@ -83,23 +98,12 @@ let wg-quick.interfaces = let client = clients."${config.networking.hostName}"; - in { - wg0 = { + in + builtins.mapAttrs (interface: conf: { address = client.allowedIPs; dns = [ "fd0d::1" "10.100.0.1" ]; privateKeyFile = config.age.secrets."wg_${config.networking.hostName}".path; - - peers = [ server6OnlyPeer ]; - }; - wg1 = { - address = client.allowedIPs; - dns = [ "fd0d::1" "10.100.0.1" ]; - privateKeyFile = config.age.secrets."wg_${config.networking.hostName}".path; - - peers = [ serverPeer ]; - autostart = false; - }; - }; + } // conf) client.interfaces; }; in { boot.kernel.sysctl = lib.mkIf (config.networking.hostName == serverName) ({ @@ -109,6 +113,6 @@ in { networking = lib.mkMerge [ (lib.mkIf (config.networking.hostName == serverName) serverConfig) - (lib.mkIf (builtins.hasAttr config.networking.hostName clients) clientConfig) + (lib.mkIf (config.networking.hostName != serverName) clientConfig) ]; } From 616db337736be81dba96db56f7ee188ff496ae56 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Fri, 23 May 2025 00:06:27 +1000 Subject: [PATCH 100/363] hosts/hazel: add unbound --- hosts/hazel/default.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/hosts/hazel/default.nix b/hosts/hazel/default.nix index 7f4d1cc..0d5356d 100644 --- a/hosts/hazel/default.nix +++ b/hosts/hazel/default.nix @@ -32,11 +32,13 @@ in base kernel - nginx nix-stable packages security + nginx + unbound + ./filesystem.nix ./kernel.nix ./networking.nix From bd4affdea0e953bcf4376545aca4be5b95aa44ed Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Fri, 23 May 2025 00:07:28 +1000 Subject: [PATCH 101/363] system/wireguard: use local dns for hazel --- modules/system/wireguard.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/modules/system/wireguard.nix b/modules/system/wireguard.nix index 186367f..a60ff7e 100644 --- a/modules/system/wireguard.nix +++ b/modules/system/wireguard.nix @@ -50,7 +50,10 @@ let publicKey = "vQ5a2KMrwi7RCRsD0yvog+n35vQYFuvwiPn+W4lbRBw="; allowedIPs = [ "10.100.0.21/32" "${gcSecrets.wireguard.ipv6Subnet}:21" "fd0d::21" ]; interfaces = { - wg0 = { peers = [ (serverPeerWith [ "10.100.0.0/24" "fd0d::/16" ]) ]; }; + wg0 = { + dns = [ "::1" "127.0.0.1" ]; + peers = [ (serverPeerWith [ "10.100.0.0/24" "fd0d::/16" ]) ]; + }; }; }; }; From b8ad7638ef8dcea815f17c6275c8804b01705801 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Fri, 23 May 2025 00:13:30 +1000 Subject: [PATCH 102/363] hazel/networking: move address to secrets --- hosts/hazel/networking.nix | 4 ++-- secrets.gcrypt/shared.json | Bin 262 -> 327 bytes 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/hosts/hazel/networking.nix b/hosts/hazel/networking.nix index 60064b5..42656e4 100644 --- a/hosts/hazel/networking.nix +++ b/hosts/hazel/networking.nix @@ -1,9 +1,9 @@ -{ config, ... }: { +{ gcSecrets, ... }: { networking = { useDHCP = true; interfaces.enp8s0.ipv6.addresses = [ { - address = "2a01:4f9:4a:2694::11"; + address = gcSecrets.hazel.ipv6Addr; prefixLength = 64; } ]; diff --git a/secrets.gcrypt/shared.json b/secrets.gcrypt/shared.json index 2e9e87662b9425f3d1dad08780f8004b72875c4a..21378e76b52316e7dbd9edcc0a2a90ede9921f9a 100644 GIT binary patch literal 327 zcmZQ@_Y83kiVO&0_-MD?v94TLzmv~XzvA7TJKAs7P1tNDXux}FvgnSbmEU>%*3R)i zDs)(HWwnO#^F`}2;`^WfTh8}(!jjjsbJ%&xmWuoin&Edm%O%st^?=`&xf~L=dHwwq z9sludnZDYsXRmA9X}gpy-92j0njXt3e+#UV-*qB%{(b)$hy9oN_Dt5Au|+KI^bd*6 zEqA=`-%)fqK3o2EALrGCJ^r*V((Q^;^pjctI5#f+$~4EqRZ#ZQj%O>^EMwlp_r*zqAHIE7=GJtstopT-;r*kA{w+T{D^;28jY}j;jBi|i{a|n0?dV5*Z;qO?wI8^(Kh<@ugS(qq9e=Ldv%NWK%eL=% zxg*zkak$xuXAkF<+fTT1(||LdXZAo9fmDrOeYZy1L(TonX=d*TZwg zJ$=e6g)>F;f4pP8e!NvrbpEb#!B*E4&JCv?UgAIAM3Md z4@u41RL631@$R)I&#yZz&(RZcX_uVCR@}45pLuU_LvbI&{k_7j{#E;9)gxDaj!yo0 WPAKW*n)#A1FT@ttZ_$lB;|Bog5q@I; From 817371bf0177986ac7c7f071e5d9f25d15b410f3 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Fri, 23 May 2025 00:21:09 +1000 Subject: [PATCH 103/363] workflows/cachix: unlock git crypt secrets --- .github/workflows/cachix.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/cachix.yml b/.github/workflows/cachix.yml index 2112f8d..e9be9a3 100644 --- a/.github/workflows/cachix.yml +++ b/.github/workflows/cachix.yml @@ -12,6 +12,10 @@ jobs: - uses: actions/checkout@v4 with: fetch-depth: 0 + - name: Unlock secrets + uses: sliteteam/github-action-git-crypt-unlock@1.2.0 + env: + GIT_CRYPT_KEY: ${{ secrets.GIT_CRYPT_KEY }} - uses: cachix/install-nix-action@v31 - uses: cachix/cachix-action@v14 with: From 93c91d5a6b3c91e803a5c97f9cf724aafba3b1fa Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Fri, 23 May 2025 00:30:41 +1000 Subject: [PATCH 104/363] system/wireguard: fix dandelion config --- modules/system/wireguard.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/wireguard.nix b/modules/system/wireguard.nix index a60ff7e..dd2e96d 100644 --- a/modules/system/wireguard.nix +++ b/modules/system/wireguard.nix @@ -58,7 +58,7 @@ let }; }; - clientPeers = builtins.attrValues clients; + clientPeers = builtins.removeAttrs (builtins.attrValues clients) [ "interfaces" ]; serverPeerWith = ips: { publicKey = "3ugIk2tQZXjAH9/95s63ld2WNUHQrd4Mz5jzbln6oj0="; allowedIPs = ips; From 5ef6a68587e3479a857a3fc0b0cea00ffbde1133 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Fri, 23 May 2025 00:47:27 +1000 Subject: [PATCH 105/363] system/wireguard: fix dandelion again --- modules/system/wireguard.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/wireguard.nix b/modules/system/wireguard.nix index dd2e96d..01afc75 100644 --- a/modules/system/wireguard.nix +++ b/modules/system/wireguard.nix @@ -58,7 +58,7 @@ let }; }; - clientPeers = builtins.removeAttrs (builtins.attrValues clients) [ "interfaces" ]; + clientPeers = builtins.attrValues (builtins.removeAttrs clients [ "interfaces" ]); serverPeerWith = ips: { publicKey = "3ugIk2tQZXjAH9/95s63ld2WNUHQrd4Mz5jzbln6oj0="; allowedIPs = ips; From 9512dd2e417fc6714e15f47b764b62d6a69acedb Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Fri, 23 May 2025 00:48:36 +1000 Subject: [PATCH 106/363] system/wireguard: actually fix it this time.. --- modules/system/wireguard.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/wireguard.nix b/modules/system/wireguard.nix index 01afc75..ecbcc81 100644 --- a/modules/system/wireguard.nix +++ b/modules/system/wireguard.nix @@ -58,7 +58,7 @@ let }; }; - clientPeers = builtins.attrValues (builtins.removeAttrs clients [ "interfaces" ]); + clientPeers = builtins.map (client: builtins.removeAttrs client [ "interfaces" ]) (builtins.attrValues clients); serverPeerWith = ips: { publicKey = "3ugIk2tQZXjAH9/95s63ld2WNUHQrd4Mz5jzbln6oj0="; allowedIPs = ips; From 3061733e46a30693024e73967d03f7e410c87e17 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Fri, 23 May 2025 01:03:12 +1000 Subject: [PATCH 107/363] workflows/cachix: try to make secret unlocking more consistent --- .github/workflows/cachix.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/cachix.yml b/.github/workflows/cachix.yml index e9be9a3..e02595b 100644 --- a/.github/workflows/cachix.yml +++ b/.github/workflows/cachix.yml @@ -16,6 +16,11 @@ jobs: uses: sliteteam/github-action-git-crypt-unlock@1.2.0 env: GIT_CRYPT_KEY: ${{ secrets.GIT_CRYPT_KEY }} + - name: Wait.. + run: + sleep 2 + git checkout master + sleep 2 - uses: cachix/install-nix-action@v31 - uses: cachix/cachix-action@v14 with: From 0253d64b96643a6b4103a92f891e6470f77fb577 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Fri, 23 May 2025 01:03:32 +1000 Subject: [PATCH 108/363] hosts/hazel: use wireguard --- hosts/hazel/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/hazel/default.nix b/hosts/hazel/default.nix index 0d5356d..5204ebe 100644 --- a/hosts/hazel/default.nix +++ b/hosts/hazel/default.nix @@ -38,6 +38,7 @@ in nginx unbound + wireguard ./filesystem.nix ./kernel.nix From 1fadd257f3c4f090e4b421fcb4016ed57b64f137 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Fri, 23 May 2025 01:04:57 +1000 Subject: [PATCH 109/363] workflows/cachix: fix script --- .github/workflows/cachix.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/cachix.yml b/.github/workflows/cachix.yml index e02595b..40ac795 100644 --- a/.github/workflows/cachix.yml +++ b/.github/workflows/cachix.yml @@ -18,9 +18,9 @@ jobs: GIT_CRYPT_KEY: ${{ secrets.GIT_CRYPT_KEY }} - name: Wait.. run: - sleep 2 - git checkout master - sleep 2 + sleep 2; + git checkout master; + sleep 2; - uses: cachix/install-nix-action@v31 - uses: cachix/cachix-action@v14 with: From adf5409e323f714edab06be1d7ca3f93ad83811d Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Fri, 23 May 2025 01:06:18 +1000 Subject: [PATCH 110/363] workflows/cachix: fix script, again.. --- .github/workflows/cachix.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/cachix.yml b/.github/workflows/cachix.yml index 40ac795..73ccc4d 100644 --- a/.github/workflows/cachix.yml +++ b/.github/workflows/cachix.yml @@ -18,9 +18,7 @@ jobs: GIT_CRYPT_KEY: ${{ secrets.GIT_CRYPT_KEY }} - name: Wait.. run: - sleep 2; - git checkout master; - sleep 2; + sleep 5; - uses: cachix/install-nix-action@v31 - uses: cachix/cachix-action@v14 with: From 74e7f5435f904780f44054621ce9af7342bb6e85 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Fri, 23 May 2025 01:08:14 +1000 Subject: [PATCH 111/363] system/wireguard: use new keys for hazel --- modules/system/wireguard.nix | 2 +- secrets.nix | 1 + secrets/wg_hazel.age | 7 +++++++ 3 files changed, 9 insertions(+), 1 deletion(-) create mode 100644 secrets/wg_hazel.age diff --git a/modules/system/wireguard.nix b/modules/system/wireguard.nix index ecbcc81..6126da8 100644 --- a/modules/system/wireguard.nix +++ b/modules/system/wireguard.nix @@ -47,7 +47,7 @@ let }; }; hazel = { - publicKey = "vQ5a2KMrwi7RCRsD0yvog+n35vQYFuvwiPn+W4lbRBw="; + publicKey = "0zruTndObzHo+b1rbOuTsxCU97epygZycxXS/lgUHUc="; allowedIPs = [ "10.100.0.21/32" "${gcSecrets.wireguard.ipv6Subnet}:21" "fd0d::21" ]; interfaces = { wg0 = { diff --git a/secrets.nix b/secrets.nix index e24da84..4fc6c4a 100644 --- a/secrets.nix +++ b/secrets.nix @@ -13,6 +13,7 @@ in { "secrets/warden_admin.age".publicKeys = [ rin ]; "secrets/wg_anemone.age".publicKeys = [ anemone rin ]; "secrets/wg_dandelion.age".publicKeys = [ dandelion rin ]; + "secrets/wg_hazel.age".publicKeys = [ hazel rin ]; "secrets/wg_hyacinth.age".publicKeys = [ blossom rin ]; "secrets/wg_caramel.age".publicKeys = [ rin ]; } diff --git a/secrets/wg_hazel.age b/secrets/wg_hazel.age new file mode 100644 index 0000000..fa7fbb8 --- /dev/null +++ b/secrets/wg_hazel.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 ZAcXHw eEKOjQqzqL9npB+C/wUahKJg58fedM6oxPKuKlMHpRo +obx/pnoSM0uXYR7EC/yHYVs8gM/W74zoMijdWRpnYv8 +-> ssh-ed25519 U9FXlg o8QW/BHBKLHhahpcHf5ZrYIbCzilWVZvXr1nEChAqFM +fgmtkUzJs2Oeq85JVl0HrHwBg/gjDQfzT5J+9Wyk8Kw +--- yXs0fQOQfJ1NyPAPSr+1nm5/hVds5dhxW4WZagtMna0 +;ǓוZI=Z[cϏ7&.HFkJUDN i_NTȊ"l_Go)fs9& \ No newline at end of file From 8cb9905098ae72ae421fac914dbf6f0607912477 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Fri, 23 May 2025 01:09:46 +1000 Subject: [PATCH 112/363] hosts/hazel: add wg_hazel secret aaaaaaaaaaaa --- hosts/hazel/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/hazel/default.nix b/hosts/hazel/default.nix index 5204ebe..7e22154 100644 --- a/hosts/hazel/default.nix +++ b/hosts/hazel/default.nix @@ -25,6 +25,7 @@ in age.secrets = { acme_dns.file = ../../secrets/acme_dns.age; + wg_hazel.file = ../../secrets/wg_hazel.age; }; imports = with modules.system; with modules.services; [ From 3f52fc1e810ba604e3a2a8da227a7077fda50f74 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Fri, 23 May 2025 01:15:55 +1000 Subject: [PATCH 113/363] workflows/cachix: lengthen sleep --- .github/workflows/cachix.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cachix.yml b/.github/workflows/cachix.yml index 73ccc4d..fb6a2ef 100644 --- a/.github/workflows/cachix.yml +++ b/.github/workflows/cachix.yml @@ -18,7 +18,7 @@ jobs: GIT_CRYPT_KEY: ${{ secrets.GIT_CRYPT_KEY }} - name: Wait.. run: - sleep 5; + sleep 20; - uses: cachix/install-nix-action@v31 - uses: cachix/cachix-action@v14 with: From fe8d26a860d16ad80477436b42110507101caf16 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Fri, 23 May 2025 01:31:42 +1000 Subject: [PATCH 114/363] workflows/cachix: some more advanced waiting i hope this works i have no idea why git-crypt does this it also happens on local computers sometimes jalsdfjasoigrjoi --- .github/workflows/cachix.yml | 12 +++++++++++- flake.nix | 2 ++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/.github/workflows/cachix.yml b/.github/workflows/cachix.yml index fb6a2ef..6e0d877 100644 --- a/.github/workflows/cachix.yml +++ b/.github/workflows/cachix.yml @@ -18,7 +18,17 @@ jobs: GIT_CRYPT_KEY: ${{ secrets.GIT_CRYPT_KEY }} - name: Wait.. run: - sleep 20; + for s in {1..10}; do + nix eval .#checks.x86_64-linux.is_dirty; + if [ $? -eq 0 ]; then + break; + else + if [ $s -eq 10 ]; then + exit 1 + fi + sleep 5; + fi + done - uses: cachix/install-nix-action@v31 - uses: cachix/cachix-action@v14 with: diff --git a/flake.nix b/flake.nix index 98a4505..98ffdac 100644 --- a/flake.nix +++ b/flake.nix @@ -78,6 +78,8 @@ nixosConfigurations."hazel" = mkSystem nixpkgs-stable "hazel" "x86_64-linux" []; nixosConfigurations."hyacinth" = mkSystem nixpkgs "hyacinth" "x86_64-linux" []; + checks."x86_64-linux".is_dirty = if !(self ? rev) then throw "Dirty git tree detected." else self.rev; + packages."x86_64-linux" = let pkgs = import nixpkgs rec { From c2cf093a725365daceecac69a91d9404760e4a0b Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Fri, 23 May 2025 01:33:29 +1000 Subject: [PATCH 115/363] workflows/cachix: fix syntax --- .github/workflows/cachix.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/.github/workflows/cachix.yml b/.github/workflows/cachix.yml index 6e0d877..d2be2bf 100644 --- a/.github/workflows/cachix.yml +++ b/.github/workflows/cachix.yml @@ -22,12 +22,11 @@ jobs: nix eval .#checks.x86_64-linux.is_dirty; if [ $? -eq 0 ]; then break; - else - if [ $s -eq 10 ]; then - exit 1 + elif [ $s -eq 10 ]; then + exit 1; fi sleep 5; - fi + fi; done - uses: cachix/install-nix-action@v31 - uses: cachix/cachix-action@v14 From efb2a241180f0070244e51dbf497204b30b9a20b Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Fri, 23 May 2025 01:35:10 +1000 Subject: [PATCH 116/363] workflows/cachix: fix syntax again --- .github/workflows/cachix.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/cachix.yml b/.github/workflows/cachix.yml index d2be2bf..0d7fb00 100644 --- a/.github/workflows/cachix.yml +++ b/.github/workflows/cachix.yml @@ -23,10 +23,9 @@ jobs: if [ $? -eq 0 ]; then break; elif [ $s -eq 10 ]; then - exit 1; - fi - sleep 5; + exit 1; fi; + sleep 5; done - uses: cachix/install-nix-action@v31 - uses: cachix/cachix-action@v14 From 18b66630d0e88b9bef54fc9eaff5f842397304a7 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Fri, 23 May 2025 01:35:59 +1000 Subject: [PATCH 117/363] workflows/cachix: wait after nix is installed --- .github/workflows/cachix.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/cachix.yml b/.github/workflows/cachix.yml index 0d7fb00..b0bc057 100644 --- a/.github/workflows/cachix.yml +++ b/.github/workflows/cachix.yml @@ -16,6 +16,11 @@ jobs: uses: sliteteam/github-action-git-crypt-unlock@1.2.0 env: GIT_CRYPT_KEY: ${{ secrets.GIT_CRYPT_KEY }} + - uses: cachix/install-nix-action@v31 + - uses: cachix/cachix-action@v14 + with: + name: lava + authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' - name: Wait.. run: for s in {1..10}; do @@ -27,11 +32,6 @@ jobs: fi; sleep 5; done - - uses: cachix/install-nix-action@v31 - - uses: cachix/cachix-action@v14 - with: - name: lava - authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' - run: nix flake check --keep-going --verbose build: From 0f1271badb39214b534e15de936cc4d6b318bab8 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Sat, 24 May 2025 20:22:32 +1000 Subject: [PATCH 118/363] hyacinth/networking: update ip address --- hosts/hyacinth/networking.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hosts/hyacinth/networking.nix b/hosts/hyacinth/networking.nix index 7796639..696e98d 100644 --- a/hosts/hyacinth/networking.nix +++ b/hosts/hyacinth/networking.nix @@ -5,10 +5,10 @@ interfaces.enp5s0.useDHCP = false; interfaces.enp5s0.ipv4.addresses = [{ - address = "192.168.0.151"; + address = "192.168.1.201"; prefixLength = 24; }]; - defaultGateway = "192.168.0.1"; + defaultGateway = "192.168.1.1"; nameservers = [ "8.8.8.8" "8.8.4.4" ]; extraHosts = '' From a0053fe9ee21edc3e0c6be32348ef53ddb634ebd Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Mon, 26 May 2025 14:34:48 +1000 Subject: [PATCH 119/363] hyacinth/networking: enable wakeOnLan --- hosts/hyacinth/networking.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/hyacinth/networking.nix b/hosts/hyacinth/networking.nix index 696e98d..0f6035a 100644 --- a/hosts/hyacinth/networking.nix +++ b/hosts/hyacinth/networking.nix @@ -3,6 +3,7 @@ networking = { useDHCP = true; interfaces.enp5s0.useDHCP = false; + interfaces.enp5s0.wakeOnLan.enable = false; interfaces.enp5s0.ipv4.addresses = [{ address = "192.168.1.201"; From c66e8d73076346a798ab295642550ac3c3fad87d Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Mon, 26 May 2025 15:22:29 +1000 Subject: [PATCH 120/363] rin/packages: move cisco packet tracer to anemone --- hosts/anemone/default.nix | 2 ++ users/rin/packages.nix | 1 - 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/hosts/anemone/default.nix b/hosts/anemone/default.nix index dda36f5..d96253a 100644 --- a/hosts/anemone/default.nix +++ b/hosts/anemone/default.nix @@ -51,6 +51,8 @@ package = pkgs.wireshark; }; + environment.systemPackages = with pkgs; [ ciscoPacketTracer8 ]; + services.fprintd.enable = true; services.tlp.enable = true; } diff --git a/users/rin/packages.nix b/users/rin/packages.nix index 0860f4a..197e333 100644 --- a/users/rin/packages.nix +++ b/users/rin/packages.nix @@ -28,7 +28,6 @@ in { nodePackages_latest.pnpm ] ++ lib.optionals config.me.gui [ android-studio - ciscoPacketTracer8 drawio element-desktop eww From 071fad3bcbb67ab01364e9a55638b20f79ba31e4 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Mon, 26 May 2025 15:30:52 +1000 Subject: [PATCH 121/363] hosts/hyacinth: remove virtualisation and binfmt --- hosts/hyacinth/default.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/hosts/hyacinth/default.nix b/hosts/hyacinth/default.nix index c60951a..98b6f01 100644 --- a/hosts/hyacinth/default.nix +++ b/hosts/hyacinth/default.nix @@ -3,7 +3,6 @@ system.stateVersion = "21.11"; time.timeZone = "Australia/Melbourne"; - boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; nixpkgs.overlays = [ inputs.neovim-nightly.overlays.default ]; age.secrets = { passwd.file = ../../secrets/passwd.age; @@ -29,7 +28,6 @@ printing security snapper - virtualisation modules.services.syncthing From 3ead5d12c582b4aecb8e913fbaec123dc12b2caf Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Mon, 26 May 2025 17:22:24 +1000 Subject: [PATCH 122/363] hosts/hyacinth: enable wireguard --- hosts/hyacinth/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/hyacinth/default.nix b/hosts/hyacinth/default.nix index 98b6f01..326daad 100644 --- a/hosts/hyacinth/default.nix +++ b/hosts/hyacinth/default.nix @@ -28,6 +28,7 @@ printing security snapper + wireguard modules.services.syncthing From 83ac77b864644d423a40a40fd7d2a70dfc5e414f Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Mon, 26 May 2025 17:36:16 +1000 Subject: [PATCH 123/363] workflows/cachix: cd out and in, to hopefully fix git-crypt problem --- .github/workflows/cachix.yml | 14 +++----------- flake.nix | 2 -- 2 files changed, 3 insertions(+), 13 deletions(-) diff --git a/.github/workflows/cachix.yml b/.github/workflows/cachix.yml index b0bc057..aa9e67d 100644 --- a/.github/workflows/cachix.yml +++ b/.github/workflows/cachix.yml @@ -21,17 +21,9 @@ jobs: with: name: lava authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' - - name: Wait.. - run: - for s in {1..10}; do - nix eval .#checks.x86_64-linux.is_dirty; - if [ $? -eq 0 ]; then - break; - elif [ $s -eq 10 ]; then - exit 1; - fi; - sleep 5; - done + - run: + cd / + cd - - run: nix flake check --keep-going --verbose build: diff --git a/flake.nix b/flake.nix index 98ffdac..98a4505 100644 --- a/flake.nix +++ b/flake.nix @@ -78,8 +78,6 @@ nixosConfigurations."hazel" = mkSystem nixpkgs-stable "hazel" "x86_64-linux" []; nixosConfigurations."hyacinth" = mkSystem nixpkgs "hyacinth" "x86_64-linux" []; - checks."x86_64-linux".is_dirty = if !(self ? rev) then throw "Dirty git tree detected." else self.rev; - packages."x86_64-linux" = let pkgs = import nixpkgs rec { From e801f91435e811127f77f22d1d751ce93e0d07e6 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Sat, 31 May 2025 23:29:36 +1000 Subject: [PATCH 124/363] workflows/cachix: fix run command --- .github/workflows/cachix.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/cachix.yml b/.github/workflows/cachix.yml index aa9e67d..c8745d2 100644 --- a/.github/workflows/cachix.yml +++ b/.github/workflows/cachix.yml @@ -21,9 +21,9 @@ jobs: with: name: lava authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' - - run: - cd / - cd - + - run: | + cd / + cd - - run: nix flake check --keep-going --verbose build: From b04c649e537f4e39ac39e62d4620d2341ce90f99 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Sun, 29 Jun 2025 02:07:15 +0000 Subject: [PATCH 125/363] flake: bump inputs --- flake.lock | 138 ++++++++++++++++++++++++++--------------------------- 1 file changed, 69 insertions(+), 69 deletions(-) diff --git a/flake.lock b/flake.lock index e69dca7..fd30fae 100644 --- a/flake.lock +++ b/flake.lock @@ -6,11 +6,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1747604854, - "narHash": "sha256-hV6LbeBnXYlxaJ1t/CZQUM0U16mAT4F0WrvuxObJwDo=", + "lastModified": 1750597689, + "narHash": "sha256-3ComII0BkmdohISrshICQiAB6TU+VHHIRnWK0ckA0/s=", "owner": "ezKEa", "repo": "aagl-gtk-on-nix", - "rev": "c975050923763f4239a6f8a3a1c76125346b95f8", + "rev": "ec2ec4ec3f908ed9b125ea4afd52627bed60f183", "type": "github" }, "original": { @@ -29,11 +29,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1747575206, - "narHash": "sha256-NwmAFuDUO/PFcgaGGr4j3ozG9Pe5hZ/ogitWhY+D81k=", + "lastModified": 1750173260, + "narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=", "owner": "ryantm", "repo": "agenix", - "rev": "4835b1dc898959d8547a871ef484930675cb47f1", + "rev": "531beac616433bac6f9e2a19feb8e99a22a66baf", "type": "github" }, "original": { @@ -138,11 +138,11 @@ "fast-syntax-highlighting": { "flake": false, "locked": { - "lastModified": 1688591419, - "narHash": "sha256-RVX9ZSzjBW3LpFs2W86lKI6vtcvDWP6EPxzeTcRZua4=", + "lastModified": 1750837465, + "narHash": "sha256-9itq8Pq/+1Yflo7b31eHEVOFrbO9b1CAMr988xYyNLI=", "owner": "zdharma-continuum", "repo": "fast-syntax-highlighting", - "rev": "cf318e06a9b7c9f2219d78f41b46fa6e06011fd9", + "rev": "dcee72bb99b422bb8e4510f5087af9c1721392e4", "type": "github" }, "original": { @@ -154,11 +154,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1733328505, - "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", "owner": "edolstra", "repo": "flake-compat", - "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", "type": "github" }, "original": { @@ -207,11 +207,11 @@ ] }, "locked": { - "lastModified": 1743550720, - "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", + "lastModified": 1749398372, + "narHash": "sha256-tYBdgS56eXYaWVW3fsnPQ/nFlgWi/Z2Ymhyu21zVM98=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "c621e8422220273271f52058f618c94e405bb0f5", + "rev": "9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569", "type": "github" }, "original": { @@ -246,11 +246,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1743550720, - "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", + "lastModified": 1749398372, + "narHash": "sha256-tYBdgS56eXYaWVW3fsnPQ/nFlgWi/Z2Ymhyu21zVM98=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "c621e8422220273271f52058f618c94e405bb0f5", + "rev": "9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569", "type": "github" }, "original": { @@ -287,11 +287,11 @@ ] }, "locked": { - "lastModified": 1747372754, - "narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=", + "lastModified": 1750779888, + "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46", + "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d", "type": "github" }, "original": { @@ -331,11 +331,11 @@ ] }, "locked": { - "lastModified": 1747284884, - "narHash": "sha256-lTSKhRrassMcJ1ZsuUVunyl/F04vvCKY80HB/4rvvm4=", + "lastModified": 1748000383, + "narHash": "sha256-EaAJhwfJGBncgIV/0NlJviid2DP93cTMc9h0q6P6xXk=", "owner": "hercules-ci", "repo": "hercules-ci-effects", - "rev": "7168f6002a6b48a9b6151e1e97e974a0722ecfdc", + "rev": "231726642197817d20310b9d39dd4afb9e899489", "type": "github" }, "original": { @@ -394,11 +394,11 @@ ] }, "locked": { - "lastModified": 1747556831, - "narHash": "sha256-Qb84nbYFFk0DzFeqVoHltS2RodAYY5/HZQKE8WnBDsc=", + "lastModified": 1750792728, + "narHash": "sha256-Lh3dopA8DdY+ZoaAJPrtkZOZaFEJGSYjOdAYYgOPgE4=", "owner": "nix-community", "repo": "home-manager", - "rev": "d0bbd221482c2713cccb80220f3c9d16a6e20a33", + "rev": "366f00797b1efb70f2882d3da485e3c10fd3d557", "type": "github" }, "original": { @@ -436,11 +436,11 @@ ] }, "locked": { - "lastModified": 1747565775, - "narHash": "sha256-B6jmKHUEX1jxxcdoYHl7RVaeohtAVup8o3nuVkzkloA=", + "lastModified": 1751146119, + "narHash": "sha256-gvjG95TCnUVJkvQvLMlnC4NqiqFyBdJk3o8/RwuHeaU=", "owner": "nix-community", "repo": "home-manager", - "rev": "97118a310eb8e13bc1b9b12d67267e55b7bee6c8", + "rev": "76d0c31fce2aa0c71409de953e2f9113acd5b656", "type": "github" }, "original": { @@ -480,11 +480,11 @@ "linux-tkg": { "flake": false, "locked": { - "lastModified": 1747584459, - "narHash": "sha256-E07Co94EpSchJ5fwH/i8Hs7SyWIvrb8dYcVu0HVXbv4=", + "lastModified": 1751079238, + "narHash": "sha256-l6Ds5kCHrQi5WfJPc3+j8LhxYA5ADPxtW8wdKGr6mcI=", "owner": "Frogging-Family", "repo": "linux-tkg", - "rev": "be60339c0df7483b00d91e750e6742635e0a593a", + "rev": "25d48394a841195ed7d18306c227f72f814559db", "type": "github" }, "original": { @@ -506,11 +506,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1747554936, - "narHash": "sha256-LBFEVTt3JISA/HDHznJanvlNvKllNfILr1nfI8KZmVM=", + "lastModified": 1751116785, + "narHash": "sha256-r/BSxxQQGrBOLrYZK1H8lt5cu8ixj4Qhh72yFHvvQbc=", "owner": "nix-community", "repo": "neovim-nightly-overlay", - "rev": "5a732bf3edb47767a25c3b05436e4c21f91edf91", + "rev": "46f5c7d06d14d94d50310217a65f941dde17a5d8", "type": "github" }, "original": { @@ -522,11 +522,11 @@ "neovim-src": { "flake": false, "locked": { - "lastModified": 1747523215, - "narHash": "sha256-55RIMak4EwDaLdNTkM+4d3LjC90wlkNRaaG8DupK3AM=", + "lastModified": 1751062437, + "narHash": "sha256-AB1YNofZXobee7VojC0olhmWeKXch9IhCB3RWCgv8js=", "owner": "neovim", "repo": "neovim", - "rev": "5661f74ab2a6ef0c497ef2ea49bc58ea89b6ab6b", + "rev": "c75201697638f0c861d8fc4b9e2bcdba6b5a76d6", "type": "github" }, "original": { @@ -541,11 +541,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1747594704, - "narHash": "sha256-IAUIY96BaMM4o+BeMLcviBji/Xais7WfU5TIPjgPEEQ=", + "lastModified": 1751162718, + "narHash": "sha256-aSr/wDR+8Uo2Gr6VQoktqV7kk8rZMzPRJSprCriQDRg=", "owner": "fufexan", "repo": "nix-gaming", - "rev": "1c04e472eafbd37d82af17769d45932e39b37b76", + "rev": "2a720fd2db187100b04554f9ed28410128d5157a", "type": "github" }, "original": { @@ -556,11 +556,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1745930157, - "narHash": "sha256-y3h3NLnzRSiUkYpnfvnS669zWZLoqqI6NprtLQ+5dck=", + "lastModified": 1748460289, + "narHash": "sha256-7doLyJBzCllvqX4gszYtmZUToxKvMUrg45EUWaUYmBg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "46e634be05ce9dc6d4db8e664515ba10b78151ae", + "rev": "96ec055edbe5ee227f28cdbc3f1ddf1df5965102", "type": "github" }, "original": { @@ -572,11 +572,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1743296961, - "narHash": "sha256-b1EdN3cULCqtorQ4QeWgLMrd5ZGOjLSLemfa00heasc=", + "lastModified": 1748740939, + "narHash": "sha256-rQaysilft1aVMwF14xIdGS3sj1yHlI6oKQNBRTF40cc=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "e4822aea2a6d1cdd36653c134cacfd64c97ff4fa", + "rev": "656a64127e9d791a334452c6b6606d17539476e2", "type": "github" }, "original": { @@ -603,11 +603,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1747647032, - "narHash": "sha256-gkWAK0I1k2Y0y8KOvXC6S0uBaduOguLs1Pxn5DpWwYc=", + "lastModified": 1751150243, + "narHash": "sha256-Qjrzrdxe/qq0FQVGR0vT52LgW1mtL5I0C4TjWKSsDfc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "dae513c187abfe679f67b99a6e256fbe8c3f79d0", + "rev": "dca05f7a67a1fb122d1f37274f7d41da9dd95573", "type": "github" }, "original": { @@ -619,11 +619,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1747426788, - "narHash": "sha256-N4cp0asTsJCnRMFZ/k19V9akkxb7J/opG+K+jU57JGc=", + "lastModified": 1750994206, + "narHash": "sha256-3u6rEbIX9CN/5A5/mc3u0wIO1geZ0EhjvPBXmRDHqWM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "12a55407652e04dcf2309436eb06fef0d3713ef3", + "rev": "80d50fc87924c2a0d346372d242c27973cf8cdbf", "type": "github" }, "original": { @@ -635,11 +635,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1747542820, - "narHash": "sha256-GaOZntlJ6gPPbbkTLjbd8BMWaDYafhuuYRNrxCGnPJw=", + "lastModified": 1751011381, + "narHash": "sha256-krGXKxvkBhnrSC/kGBmg5MyupUUT5R6IBCLEzx9jhMM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "292fa7d4f6519c074f0a50394dbbe69859bb6043", + "rev": "30e2e2857ba47844aa71991daa6ed1fc678bcbb7", "type": "github" }, "original": { @@ -675,11 +675,11 @@ "nvim-treesitter": { "flake": false, "locked": { - "lastModified": 1747068210, - "narHash": "sha256-bYbwIVii2mxFyro91ogCVLkIyrMNP4QJRSGNVcZPVEU=", + "lastModified": 1748094813, + "narHash": "sha256-CVs9FTdg3oKtRjz2YqwkMr0W5qYLGfVyxyhE3qnGYbI=", "owner": "nvim-treesitter", "repo": "nvim-treesitter", - "rev": "066fd6505377e3fd4aa219e61ce94c2b8bdb0b79", + "rev": "42fc28ba918343ebfd5565147a42a26580579482", "type": "github" }, "original": { @@ -738,11 +738,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1747607404, - "narHash": "sha256-xj2Ji+rE+oYjf0BsTDT7K/StnYuZQK9MTbX8U1DUcC0=", + "lastModified": 1750567035, + "narHash": "sha256-GVNXxMZynKZt+83QQQEVXscqtkJbScvaBrwianovUW4=", "owner": "Gerg-L", "repo": "spicetify-nix", - "rev": "8c1be0e5e9a7f35ccd6f7b10bcfa08f2734dad91", + "rev": "e32285f5d1dfc184b039a813644e226c3914e7d7", "type": "github" }, "original": { @@ -770,11 +770,11 @@ "stevenblack-hosts": { "flake": false, "locked": { - "lastModified": 1747792192, - "narHash": "sha256-HeWotX8CVc3vDlvAGq99FaeAT9JRSWtx4N/NhtjPwtg=", + "lastModified": 1750903025, + "narHash": "sha256-zpMyirfb+94mEVj7IUvT8iAWtg2v6uwKYXkftZfldiA=", "owner": "StevenBlack", "repo": "hosts", - "rev": "dbdcb032706dfe548745266218501afa93c14ad5", + "rev": "3ba25afdbea34239c4925285a2ac3379c760b181", "type": "github" }, "original": { @@ -852,11 +852,11 @@ ] }, "locked": { - "lastModified": 1747469671, - "narHash": "sha256-bo1ptiFoNqm6m1B2iAhJmWCBmqveLVvxom6xKmtuzjg=", + "lastModified": 1750931469, + "narHash": "sha256-0IEdQB1nS+uViQw4k3VGUXntjkDp7aAlqcxdewb/hAc=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "ab0378b61b0d85e73a8ab05d5c6029b5bd58c9fb", + "rev": "ac8e6f32e11e9c7f153823abc3ab007f2a65d3e1", "type": "github" }, "original": { From 38e624851b0995482a15530f1559a2d08487b23d Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Sun, 29 Jun 2025 02:07:17 +0000 Subject: [PATCH 126/363] packages/linux-lava: bump to 6.15.4 --- packages/linux-lava/sources.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/linux-lava/sources.nix b/packages/linux-lava/sources.nix index 903fe81..48478d5 100644 --- a/packages/linux-lava/sources.nix +++ b/packages/linux-lava/sources.nix @@ -1,8 +1,8 @@ { fetchFromGitHub, inputs, lib }: let - version = "6.14.7"; - kernelHash = "0w3nqh02vl8f2wsx3fmsvw1pdsnjs5zfqcmv2w2vnqdiwy1vd552"; - kernelPatchHash = "05a5srmb27gqyv49mxy3rmlxgiinacwbyzmig1hk313m0wl88av3"; + version = "6.15.4"; + kernelHash = "0r4ppfd5kwvj24bjig92hxa18lmjgy9gqvh5qknfffw08wjrd1km"; + kernelPatchHash = "0babwlbmjxh9sv2qnh6s5d06965gdbk7v5dmaq7428sps9dyvmb4"; mm = lib.versions.majorMinor version; hasPatch = (builtins.length (builtins.splitVersion version)) == 3; From 72eca4fb05fc9e840b6654d5fbe07dd061819c8a Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Tue, 17 Jun 2025 18:34:50 +1000 Subject: [PATCH 127/363] packages/linux-lava: remove deleted patch, and switch to bore --- packages/linux-lava/default.nix | 4 ++++ packages/linux-lava/sources.nix | 3 +-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/packages/linux-lava/default.nix b/packages/linux-lava/default.nix index 0287a51..aa288f5 100644 --- a/packages/linux-lava/default.nix +++ b/packages/linux-lava/default.nix @@ -56,6 +56,10 @@ let INIT_STACK_ALL_ZERO = yes; INIT_STACK_NONE = no; + # bore + SCHED_BORE = yes; + MIN_BASE_SLICE_NS = freeform "2000000"; + # tickless timers HZ_PERIODIC = no; NO_HZ = yes; diff --git a/packages/linux-lava/sources.nix b/packages/linux-lava/sources.nix index 48478d5..d9a2cbb 100644 --- a/packages/linux-lava/sources.nix +++ b/packages/linux-lava/sources.nix @@ -9,9 +9,8 @@ let tkgPatches = [ "0002-clear-patches" "0003-glitched-base" - "0003-glitched-eevdf-additions" + "0001-bore" "0003-glitched-cfs" - "0007-v${mm}-fsync_legacy_via_futex_waitv" "0012-misc-additions" ]; From 718de94655df6d39e0040381161cb59e938168f0 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Tue, 17 Jun 2025 19:59:37 +1000 Subject: [PATCH 128/363] system/base: fix locale --- modules/system/base.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/system/base.nix b/modules/system/base.nix index 518baee..36c9993 100644 --- a/modules/system/base.nix +++ b/modules/system/base.nix @@ -11,7 +11,8 @@ environment.pathsToLink = [ "/share/zsh" ]; i18n.defaultLocale = "en_AU.UTF-8"; - i18n.extraLocales = [ "en_GB.UTF-8" ]; + i18n.extraLocales = [ "en_GB.UTF-8/UTF-8" ]; + users.mutableUsers = false; system = { From ea07a839ae8f5bb5751a55c17e325cb90ba237ff Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Tue, 17 Jun 2025 21:20:20 +1000 Subject: [PATCH 129/363] packages/spotify-adblock: update cargo hash --- packages/spotify-adblock/0001-cargo.patch | 141 ---------------------- packages/spotify-adblock/default.nix | 2 +- 2 files changed, 1 insertion(+), 142 deletions(-) delete mode 100644 packages/spotify-adblock/0001-cargo.patch diff --git a/packages/spotify-adblock/0001-cargo.patch b/packages/spotify-adblock/0001-cargo.patch deleted file mode 100644 index 84031b5..0000000 --- a/packages/spotify-adblock/0001-cargo.patch +++ /dev/null @@ -1,141 +0,0 @@ -From 002a25dd56233d599adda61b298d612a46267407 Mon Sep 17 00:00:00 2001 -From: LavaDesu -Date: Tue, 14 Sep 2021 08:34:05 +0700 -Subject: [PATCH] cargo - ---- - Cargo.lock | 122 +++++++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 122 insertions(+) - create mode 100644 Cargo.lock - -diff --git a/Cargo.lock b/Cargo.lock -new file mode 100644 -index 00000000000..b952e17ca90 ---- /dev/null -+++ b/Cargo.lock -@@ -0,0 +1,122 @@ -+# This file is automatically @generated by Cargo. -+# It is not intended for manual editing. -+version = 3 -+ -+[[package]] -+name = "aho-corasick" -+version = "0.7.18" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "1e37cfd5e7657ada45f742d6e99ca5788580b5c529dc78faf11ece6dc702656f" -+dependencies = [ -+ "memchr", -+] -+ -+[[package]] -+name = "lazy_static" -+version = "1.4.0" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" -+ -+[[package]] -+name = "libc" -+version = "0.2.101" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "3cb00336871be5ed2c8ed44b60ae9959dc5b9f08539422ed43f09e34ecaeba21" -+ -+[[package]] -+name = "memchr" -+version = "2.4.1" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "308cc39be01b73d0d18f82a0e7b2a3df85245f84af96fdddc5d202d27e47b86a" -+ -+[[package]] -+name = "proc-macro2" -+version = "1.0.29" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "b9f5105d4fdaab20335ca9565e106a5d9b82b6219b5ba735731124ac6711d23d" -+dependencies = [ -+ "unicode-xid", -+] -+ -+[[package]] -+name = "quote" -+version = "1.0.9" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "c3d0b9745dc2debf507c8422de05d7226cc1f0644216dfdfead988f9b1ab32a7" -+dependencies = [ -+ "proc-macro2", -+] -+ -+[[package]] -+name = "regex" -+version = "1.5.4" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "d07a8629359eb56f1e2fb1652bb04212c072a87ba68546a04065d525673ac461" -+dependencies = [ -+ "aho-corasick", -+ "memchr", -+ "regex-syntax", -+] -+ -+[[package]] -+name = "regex-syntax" -+version = "0.6.25" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "f497285884f3fcff424ffc933e56d7cbca511def0c9831a7f9b5f6153e3cc89b" -+ -+[[package]] -+name = "serde" -+version = "1.0.130" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "f12d06de37cf59146fbdecab66aa99f9fe4f78722e3607577a5375d66bd0c913" -+dependencies = [ -+ "serde_derive", -+] -+ -+[[package]] -+name = "serde_derive" -+version = "1.0.130" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "d7bc1a1ab1961464eae040d96713baa5a724a8152c1222492465b54322ec508b" -+dependencies = [ -+ "proc-macro2", -+ "quote", -+ "syn", -+] -+ -+[[package]] -+name = "spotify-adblock" -+version = "1.0.0" -+dependencies = [ -+ "lazy_static", -+ "libc", -+ "regex", -+ "serde", -+ "toml", -+] -+ -+[[package]] -+name = "syn" -+version = "1.0.76" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "c6f107db402c2c2055242dbf4d2af0e69197202e9faacbef9571bbe47f5a1b84" -+dependencies = [ -+ "proc-macro2", -+ "quote", -+ "unicode-xid", -+] -+ -+[[package]] -+name = "toml" -+version = "0.5.8" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "a31142970826733df8241ef35dc040ef98c679ab14d7c3e54d827099b3acecaa" -+dependencies = [ -+ "serde", -+] -+ -+[[package]] -+name = "unicode-xid" -+version = "0.2.2" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "8ccb82d61f80a663efe1f787a51b16b5a51e3314d6ac365b08639f52387b33f3" --- -2.32.0 - diff --git a/packages/spotify-adblock/default.nix b/packages/spotify-adblock/default.nix index 89161f0..57992de 100644 --- a/packages/spotify-adblock/default.nix +++ b/packages/spotify-adblock/default.nix @@ -7,7 +7,7 @@ rustPlatform.buildRustPackage { version = "1.0"; src = inputs.spotify-adblock; - cargoHash = "sha256-yxumYGAMObgl1u6GlbEQOKOn1DWxXN8bbT7BjiWT96o="; + cargoHash = "sha256-oGpe+kBf6kBboyx/YfbQBt1vvjtXd1n2pOH6FNcbF8M="; patches = [ ./0002-allow-setting-config-from-environment-variable.patch ]; From 0b138f3148b806af5cea97e6ccc3ef19853d57ed Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 17 Jul 2025 02:03:35 +0000 Subject: [PATCH 130/363] flake: bump inputs --- flake.lock | 116 ++++++++++++++++++++++++++--------------------------- 1 file changed, 58 insertions(+), 58 deletions(-) diff --git a/flake.lock b/flake.lock index fd30fae..f277760 100644 --- a/flake.lock +++ b/flake.lock @@ -138,11 +138,11 @@ "fast-syntax-highlighting": { "flake": false, "locked": { - "lastModified": 1750837465, - "narHash": "sha256-9itq8Pq/+1Yflo7b31eHEVOFrbO9b1CAMr988xYyNLI=", + "lastModified": 1752660993, + "narHash": "sha256-ZihUL4JAVk9V+IELSakytlb24BvEEJ161CQEHZYYoSA=", "owner": "zdharma-continuum", "repo": "fast-syntax-highlighting", - "rev": "dcee72bb99b422bb8e4510f5087af9c1721392e4", + "rev": "3d574ccf48804b10dca52625df13da5edae7f553", "type": "github" }, "original": { @@ -207,11 +207,11 @@ ] }, "locked": { - "lastModified": 1749398372, - "narHash": "sha256-tYBdgS56eXYaWVW3fsnPQ/nFlgWi/Z2Ymhyu21zVM98=", + "lastModified": 1751413152, + "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569", + "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5", "type": "github" }, "original": { @@ -229,11 +229,11 @@ ] }, "locked": { - "lastModified": 1743550720, - "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", + "lastModified": 1751413152, + "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "c621e8422220273271f52058f618c94e405bb0f5", + "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5", "type": "github" }, "original": { @@ -246,11 +246,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1749398372, - "narHash": "sha256-tYBdgS56eXYaWVW3fsnPQ/nFlgWi/Z2Ymhyu21zVM98=", + "lastModified": 1751413152, + "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569", + "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5", "type": "github" }, "original": { @@ -331,11 +331,11 @@ ] }, "locked": { - "lastModified": 1748000383, - "narHash": "sha256-EaAJhwfJGBncgIV/0NlJviid2DP93cTMc9h0q6P6xXk=", + "lastModified": 1752595130, + "narHash": "sha256-CNBgr4OZSuklGtNOa9CnTNo9+Xceqn/EDAC1Tc43fH8=", "owner": "hercules-ci", "repo": "hercules-ci-effects", - "rev": "231726642197817d20310b9d39dd4afb9e899489", + "rev": "5f2e09654b2e70ba643e41609d9f9b6640f22113", "type": "github" }, "original": { @@ -394,11 +394,11 @@ ] }, "locked": { - "lastModified": 1750792728, - "narHash": "sha256-Lh3dopA8DdY+ZoaAJPrtkZOZaFEJGSYjOdAYYgOPgE4=", + "lastModified": 1752544374, + "narHash": "sha256-ReX0NG6nIAEtQQjLqeu1vUU2jjZuMlpymNtb4VQYeus=", "owner": "nix-community", "repo": "home-manager", - "rev": "366f00797b1efb70f2882d3da485e3c10fd3d557", + "rev": "2e00ed310c218127e02ffcf28ddd4e0f669fde3e", "type": "github" }, "original": { @@ -436,11 +436,11 @@ ] }, "locked": { - "lastModified": 1751146119, - "narHash": "sha256-gvjG95TCnUVJkvQvLMlnC4NqiqFyBdJk3o8/RwuHeaU=", + "lastModified": 1752603129, + "narHash": "sha256-S+wmHhwNQ5Ru689L2Gu8n1OD6s9eU9n9mD827JNR+kw=", "owner": "nix-community", "repo": "home-manager", - "rev": "76d0c31fce2aa0c71409de953e2f9113acd5b656", + "rev": "e8c19a3cec2814c754f031ab3ae7316b64da085b", "type": "github" }, "original": { @@ -480,11 +480,11 @@ "linux-tkg": { "flake": false, "locked": { - "lastModified": 1751079238, - "narHash": "sha256-l6Ds5kCHrQi5WfJPc3+j8LhxYA5ADPxtW8wdKGr6mcI=", + "lastModified": 1752695267, + "narHash": "sha256-KzMPl+ZmP5yI5HhatqCy1O2S0tqclANjfTV2X06ojz8=", "owner": "Frogging-Family", "repo": "linux-tkg", - "rev": "25d48394a841195ed7d18306c227f72f814559db", + "rev": "4182e62eab63a197b2cf6de9bb118658e954d196", "type": "github" }, "original": { @@ -506,11 +506,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1751116785, - "narHash": "sha256-r/BSxxQQGrBOLrYZK1H8lt5cu8ixj4Qhh72yFHvvQbc=", + "lastModified": 1752684829, + "narHash": "sha256-thWm3+ZDnnWK65bR6UmxZQMHpYqf65kfh0vEIr4+nLU=", "owner": "nix-community", "repo": "neovim-nightly-overlay", - "rev": "46f5c7d06d14d94d50310217a65f941dde17a5d8", + "rev": "c4046ad801abcc7576f0cf71944410d3690ecc50", "type": "github" }, "original": { @@ -522,11 +522,11 @@ "neovim-src": { "flake": false, "locked": { - "lastModified": 1751062437, - "narHash": "sha256-AB1YNofZXobee7VojC0olhmWeKXch9IhCB3RWCgv8js=", + "lastModified": 1752617716, + "narHash": "sha256-Qths6FmwFQVcE/ZtNuGMixa+5vlvYpXVkB0RoUa1pJk=", "owner": "neovim", "repo": "neovim", - "rev": "c75201697638f0c861d8fc4b9e2bcdba6b5a76d6", + "rev": "9789a3b854d7f670dd231bdffe1bce0098509539", "type": "github" }, "original": { @@ -541,11 +541,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1751162718, - "narHash": "sha256-aSr/wDR+8Uo2Gr6VQoktqV7kk8rZMzPRJSprCriQDRg=", + "lastModified": 1752631802, + "narHash": "sha256-t65TV28ZatEKVyFoTmExQgb8LECvrj/3Wuogn5PxfYI=", "owner": "fufexan", "repo": "nix-gaming", - "rev": "2a720fd2db187100b04554f9ed28410128d5157a", + "rev": "b8834a847dee8875e06e218830f33a3486f0185e", "type": "github" }, "original": { @@ -572,11 +572,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1748740939, - "narHash": "sha256-rQaysilft1aVMwF14xIdGS3sj1yHlI6oKQNBRTF40cc=", + "lastModified": 1751159883, + "narHash": "sha256-urW/Ylk9FIfvXfliA1ywh75yszAbiTEVgpPeinFyVZo=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "656a64127e9d791a334452c6b6606d17539476e2", + "rev": "14a40a1d7fb9afa4739275ac642ed7301a9ba1ab", "type": "github" }, "original": { @@ -603,11 +603,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1751150243, - "narHash": "sha256-Qjrzrdxe/qq0FQVGR0vT52LgW1mtL5I0C4TjWKSsDfc=", + "lastModified": 1752710483, + "narHash": "sha256-lPwVWOD2OMf7X2T6Umh2gm5NfNz3AcobcPbCnB4r9g4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "dca05f7a67a1fb122d1f37274f7d41da9dd95573", + "rev": "cd4d0287ee12705c5e2890141809d252cd26c6e6", "type": "github" }, "original": { @@ -619,11 +619,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1750994206, - "narHash": "sha256-3u6rEbIX9CN/5A5/mc3u0wIO1geZ0EhjvPBXmRDHqWM=", + "lastModified": 1752012998, + "narHash": "sha256-Q82Ms+FQmgOBkdoSVm+FBpuFoeUAffNerR5yVV7SgT8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "80d50fc87924c2a0d346372d242c27973cf8cdbf", + "rev": "2a2130494ad647f953593c4e84ea4df839fbd68c", "type": "github" }, "original": { @@ -635,11 +635,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1751011381, - "narHash": "sha256-krGXKxvkBhnrSC/kGBmg5MyupUUT5R6IBCLEzx9jhMM=", + "lastModified": 1752480373, + "narHash": "sha256-JHQbm+OcGp32wAsXTE/FLYGNpb+4GLi5oTvCxwSoBOA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "30e2e2857ba47844aa71991daa6ed1fc678bcbb7", + "rev": "62e0f05ede1da0d54515d4ea8ce9c733f12d9f08", "type": "github" }, "original": { @@ -738,11 +738,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1750567035, - "narHash": "sha256-GVNXxMZynKZt+83QQQEVXscqtkJbScvaBrwianovUW4=", + "lastModified": 1752381641, + "narHash": "sha256-R2iDZb94RosuCeuIukacZVVXxzWYr4jn/QI/ax15nW8=", "owner": "Gerg-L", "repo": "spicetify-nix", - "rev": "e32285f5d1dfc184b039a813644e226c3914e7d7", + "rev": "8f9fd947c52aa6adb6bafe72516eccf186708954", "type": "github" }, "original": { @@ -770,11 +770,11 @@ "stevenblack-hosts": { "flake": false, "locked": { - "lastModified": 1750903025, - "narHash": "sha256-zpMyirfb+94mEVj7IUvT8iAWtg2v6uwKYXkftZfldiA=", + "lastModified": 1752716696, + "narHash": "sha256-L6dHdZQJvfooem2TQtalnxuYxJKbm05xs/5YN/bnlSA=", "owner": "StevenBlack", "repo": "hosts", - "rev": "3ba25afdbea34239c4925285a2ac3379c760b181", + "rev": "9db4bfd5a227f7fc9184898baece641591f3896c", "type": "github" }, "original": { @@ -852,11 +852,11 @@ ] }, "locked": { - "lastModified": 1750931469, - "narHash": "sha256-0IEdQB1nS+uViQw4k3VGUXntjkDp7aAlqcxdewb/hAc=", + "lastModified": 1752055615, + "narHash": "sha256-19m7P4O/Aw/6+CzncWMAJu89JaKeMh3aMle1CNQSIwM=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "ac8e6f32e11e9c7f153823abc3ab007f2a65d3e1", + "rev": "c9d477b5d5bd7f26adddd3f96cfd6a904768d4f9", "type": "github" }, "original": { @@ -901,11 +901,11 @@ "zsh-abbr": { "flake": false, "locked": { - "lastModified": 1740172038, - "narHash": "sha256-idwCtAwXa7qNZlKE8KdS9cUgEOCSdf6tec0YuXINcl8=", + "lastModified": 1752017132, + "narHash": "sha256-jumrUkz8L2UETKSipcDPkjstrPsHx4cwPH9sOXKnd0k=", "ref": "refs/heads/main", - "rev": "f9e43d78110db0a8bf8ec75ca5b101a06b1d5ce8", - "revCount": 1041, + "rev": "1e97c6fcc680186f32791cb7c51e95808d7c7c1b", + "revCount": 1058, "submodules": true, "type": "git", "url": "https://github.com/olets/zsh-abbr" From b05012d8c95989ead574eeb22d41d61f95b40115 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 17 Jul 2025 02:03:38 +0000 Subject: [PATCH 131/363] packages/linux-lava: bump to 6.15.6 --- packages/linux-lava/sources.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/linux-lava/sources.nix b/packages/linux-lava/sources.nix index d9a2cbb..a245f79 100644 --- a/packages/linux-lava/sources.nix +++ b/packages/linux-lava/sources.nix @@ -1,8 +1,8 @@ { fetchFromGitHub, inputs, lib }: let - version = "6.15.4"; + version = "6.15.6"; kernelHash = "0r4ppfd5kwvj24bjig92hxa18lmjgy9gqvh5qknfffw08wjrd1km"; - kernelPatchHash = "0babwlbmjxh9sv2qnh6s5d06965gdbk7v5dmaq7428sps9dyvmb4"; + kernelPatchHash = "1cc7y3llnf50fb0vqa4689hybfgpyzd93s2w3lxyaxbpvll71snv"; mm = lib.versions.majorMinor version; hasPatch = (builtins.length (builtins.splitVersion version)) == 3; From c556f63ebe59bf7a52c4beffa06857c0f25a7521 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Thu, 17 Jul 2025 17:41:55 +1000 Subject: [PATCH 132/363] user/spicetify: remove skipStats extension --- modules/user/spicetify.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/user/spicetify.nix b/modules/user/spicetify.nix index 6249895..ec854c4 100644 --- a/modules/user/spicetify.nix +++ b/modules/user/spicetify.nix @@ -40,7 +40,6 @@ in shuffle hidePodcasts - skipStats songStats history volumePercentage From 09830a0aa8e4ba784b7c6fd2d6676c9eede03d16 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Thu, 17 Jul 2025 17:42:43 +1000 Subject: [PATCH 133/363] user/neovim: setup tex --- modules/user/neovim.nix | 2 ++ res/config.lua | 2 +- users/rin/packages.nix | 2 ++ 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/modules/user/neovim.nix b/modules/user/neovim.nix index cc01311..1949d2f 100644 --- a/modules/user/neovim.nix +++ b/modules/user/neovim.nix @@ -35,6 +35,7 @@ in { plenary-nvim tokyonight-nvim vim-fugitive + vim-latex-live-preview vim-nix vim-repeat vim-signify @@ -61,6 +62,7 @@ in { tree-sitter-javascript tree-sitter-json tree-sitter-kotlin + tree-sitter-latex tree-sitter-lua tree-sitter-markdown tree-sitter-nix diff --git a/res/config.lua b/res/config.lua index 7899bda..10d2ec1 100644 --- a/res/config.lua +++ b/res/config.lua @@ -139,7 +139,7 @@ local capabilities = vim.lsp.protocol.make_client_capabilities() capabilities.textDocument.completion.completionItem.snippetSupport = true capabilities = require('cmp_nvim_lsp').default_capabilities(capabilities) -local servers = { 'cssls', 'html', 'nil_ls', 'ts_ls', 'yamlls' } +local servers = { 'cssls', 'html', 'nil_ls', 'texlab', 'ts_ls', 'yamlls' } for _, lsp in ipairs(servers) do nvim_lsp[lsp].setup { capabilities = capabilities, diff --git a/users/rin/packages.nix b/users/rin/packages.nix index 197e333..2299028 100644 --- a/users/rin/packages.nix +++ b/users/rin/packages.nix @@ -30,6 +30,7 @@ in { android-studio drawio element-desktop + evince eww feh file-roller @@ -55,6 +56,7 @@ in { slurp swaybg (tetrio-desktop.override { withTetrioPlus = true; }) + texliveFull tor-browser-bundle-bin transmission-remote-gtk vesktop From 843aacb6d308ef709d289e9fb8555e5d7334a356 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Thu, 17 Jul 2025 17:49:13 +1000 Subject: [PATCH 134/363] hosts/anemone: remove cisco packet tracer uses an old insecure library. also cpt is cursed --- hosts/anemone/default.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/hosts/anemone/default.nix b/hosts/anemone/default.nix index d96253a..dda36f5 100644 --- a/hosts/anemone/default.nix +++ b/hosts/anemone/default.nix @@ -51,8 +51,6 @@ package = pkgs.wireshark; }; - environment.systemPackages = with pkgs; [ ciscoPacketTracer8 ]; - services.fprintd.enable = true; services.tlp.enable = true; } From 92a7023ba0609517b61c9e309e9a6daa6aadec1d Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Thu, 17 Jul 2025 18:06:16 +1000 Subject: [PATCH 135/363] overlays/oci-cli: remove, patch merged --- overlays/default.nix | 1 - overlays/oci-cli.nix | 5 ----- overlays/patches/oci.patch | 30 ------------------------------ 3 files changed, 36 deletions(-) delete mode 100644 overlays/oci-cli.nix delete mode 100644 overlays/patches/oci.patch diff --git a/overlays/default.nix b/overlays/default.nix index 220fd11..752a2c8 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -5,7 +5,6 @@ builtins.map (path: import path) [ ./ccache.nix ./eww.nix ./material-icons.nix - ./oci-cli.nix ./steam.nix ./utillinux.nix ./wpa-supplicant.nix diff --git a/overlays/oci-cli.nix b/overlays/oci-cli.nix deleted file mode 100644 index 78a8a23..0000000 --- a/overlays/oci-cli.nix +++ /dev/null @@ -1,5 +0,0 @@ -self: super: { - oci-cli = super.oci-cli.overrideAttrs(o: { - patches = (o.patches or []) ++ [ ./patches/oci.patch ]; - }); -} diff --git a/overlays/patches/oci.patch b/overlays/patches/oci.patch deleted file mode 100644 index bdc80f7..0000000 --- a/overlays/patches/oci.patch +++ /dev/null @@ -1,30 +0,0 @@ -diff --git a/services/core/src/oci_cli_virtual_network/virtualnetwork_cli_extended.py b/services/core/src/oci_cli_virtual_network/virtualnetwork_cli_extended.py -index 44562fd9780..ae426944a47 100644 ---- a/services/core/src/oci_cli_virtual_network/virtualnetwork_cli_extended.py -+++ b/services/core/src/oci_cli_virtual_network/virtualnetwork_cli_extended.py -@@ -285,13 +285,13 @@ def unassign_private_ip(ctx, from_json, vnic_id, ip_address): - click.echo('Unassigned IP address {} from VNIC {}'.format(ip_address, vnic_id), err=True) - - --@cli_util.copy_params_from_generated_command(virtualnetwork_cli.create_ipv6, params_to_exclude=['wait_for_state', 'max_wait_seconds', 'wait_interval_seconds']) -+@cli_util.copy_params_from_generated_command(virtualnetwork_cli.create_ipv6, params_to_exclude=['wait_for_state', 'max_wait_seconds', 'wait_interval_seconds', 'subnet_id']) - @virtualnetwork_cli.vnic_group.command(name='assign-ipv6', help=virtualnetwork_cli.create_ipv6.help) - @cli_util.option('--unassign-if-already-assigned', is_flag=True, default=False, help="""Force reassignment of the IP address if it's already assigned to another VNIC in the subnet. This is only relevant if an IP address is associated with this command.""") - @click.pass_context - @json_skeleton_utils.json_skeleton_generation_handler(input_params_to_complex_types={'defined-tags': {'module': 'core', 'class': 'dict(str, dict(str, object))'}, 'freeform-tags': {'module': 'core', 'class': 'dict(str, string)'}}, output_type={'module': 'core', 'class': 'PrivateIp'}) - @cli_util.wrap_exceptions --def assign_ipv6(ctx, from_json, vnic_id, defined_tags, display_name, freeform_tags, ip_address, unassign_if_already_assigned, ipv6_subnet_cidr, route_table_id): -+def assign_ipv6(ctx, from_json, vnic_id, defined_tags, display_name, freeform_tags, ip_address, unassign_if_already_assigned, ipv6_subnet_cidr, route_table_id, lifetime): - networking_client = cli_util.build_client('core', 'virtual_network', ctx) - - # First we get the VNIC because we need to know the subnet OCID for the ListIpv6s call -@@ -348,6 +348,9 @@ def assign_ipv6(ctx, from_json, vnic_id, defined_tags, display_name, freeform_ta - if route_table_id is not None: - assign_ip_request_body['routeTableId'] = route_table_id - -+ if lifetime is not None: -+ assign_ip_request_body['lifetime'] = lifetime -+ - # If we are here then either the IP address does not exist or it is a candidate to be moved - if not is_ip_reassignment: - if ip_address is not None: From ed43feb5b61ab4ff70a0cc850337e5cf7411b080 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Thu, 17 Jul 2025 19:39:10 +1000 Subject: [PATCH 136/363] overlays/android-studio: remove --- overlays/android-studio.nix | 27 --------------------------- overlays/default.nix | 1 - 2 files changed, 28 deletions(-) delete mode 100644 overlays/android-studio.nix diff --git a/overlays/android-studio.nix b/overlays/android-studio.nix deleted file mode 100644 index ef9ca5e..0000000 --- a/overlays/android-studio.nix +++ /dev/null @@ -1,27 +0,0 @@ -self: { bash, buildFHSEnv, cacert, ncurses5, runCommand, ... } @ super: -let - drvName = super.android-studio.name; - fhsEnv = buildFHSEnv { - name = "${drvName}-fhs-env"; - # google's analytics calls jdk's getOperatingSystemMXBean which tries to parse cgroups and ultimately fails for whatever reason with an npe - unshareCgroup = false; - multiPkgs = pkgs: [ - ncurses5 - - (runCommand "fedoracert" {} - '' - mkdir -p $out/etc/pki/tls/ - ln -s ${cacert}/etc/ssl/certs $out/etc/pki/tls/certs - '') - ]; - }; - - startScript = '' - #!${bash}/bin/bash - ${fhsEnv}/bin/${drvName}-fhs-env ${super.android-studio.passthru.unwrapped}/bin/studio.sh "$@" - ''; -in { - android-studio-patched = super.android-studio.overrideAttrs(_: { - inherit startScript; - }); -} diff --git a/overlays/default.nix b/overlays/default.nix index 752a2c8..31648cc 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -1,5 +1,4 @@ builtins.map (path: import path) [ - ./android-studio.nix ./bitwarden-desktop.nix ./cascadia-code.nix ./ccache.nix From cc066cd0f01d7cd4a9506f924c58e8d0b2011200 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Sat, 19 Jul 2025 21:33:30 +1000 Subject: [PATCH 137/363] flake: bump inputs --- flake.lock | 54 +++++++++++++++++++++++++++--------------------------- 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/flake.lock b/flake.lock index f277760..6935a8b 100644 --- a/flake.lock +++ b/flake.lock @@ -394,11 +394,11 @@ ] }, "locked": { - "lastModified": 1752544374, - "narHash": "sha256-ReX0NG6nIAEtQQjLqeu1vUU2jjZuMlpymNtb4VQYeus=", + "lastModified": 1752780124, + "narHash": "sha256-5dn97vIYxn6VozKePOQSDxVCsrl38nDdMJXx86KIJH0=", "owner": "nix-community", "repo": "home-manager", - "rev": "2e00ed310c218127e02ffcf28ddd4e0f669fde3e", + "rev": "c718918222bdb104397762dea67e6b397a7927fe", "type": "github" }, "original": { @@ -436,11 +436,11 @@ ] }, "locked": { - "lastModified": 1752603129, - "narHash": "sha256-S+wmHhwNQ5Ru689L2Gu8n1OD6s9eU9n9mD827JNR+kw=", + "lastModified": 1752814804, + "narHash": "sha256-irfg7lnfEpJY+3Cffkluzp2MTVw1Uq9QGxFp6qadcXI=", "owner": "nix-community", "repo": "home-manager", - "rev": "e8c19a3cec2814c754f031ab3ae7316b64da085b", + "rev": "d0300c8808e41da81d6edfc202f3d3833c157daf", "type": "github" }, "original": { @@ -480,11 +480,11 @@ "linux-tkg": { "flake": false, "locked": { - "lastModified": 1752695267, - "narHash": "sha256-KzMPl+ZmP5yI5HhatqCy1O2S0tqclANjfTV2X06ojz8=", + "lastModified": 1752805881, + "narHash": "sha256-D4OlmKGe9PcTIIaAgeyrBk2QKZLGbolcDyJBAlSrYy0=", "owner": "Frogging-Family", "repo": "linux-tkg", - "rev": "4182e62eab63a197b2cf6de9bb118658e954d196", + "rev": "0d81f32aca45461e67da8fc2f1b57dd7fc2cd789", "type": "github" }, "original": { @@ -506,11 +506,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1752684829, - "narHash": "sha256-thWm3+ZDnnWK65bR6UmxZQMHpYqf65kfh0vEIr4+nLU=", + "lastModified": 1752753780, + "narHash": "sha256-EiCUyqaoTdXDMBFb30hBKB9Sx3eY9mrqhgGriIsKuIU=", "owner": "nix-community", "repo": "neovim-nightly-overlay", - "rev": "c4046ad801abcc7576f0cf71944410d3690ecc50", + "rev": "053ea16d7d94f21ee6ed0b70007cd4378c8e4825", "type": "github" }, "original": { @@ -522,11 +522,11 @@ "neovim-src": { "flake": false, "locked": { - "lastModified": 1752617716, - "narHash": "sha256-Qths6FmwFQVcE/ZtNuGMixa+5vlvYpXVkB0RoUa1pJk=", + "lastModified": 1752707870, + "narHash": "sha256-h/td8ApD44htLyMnue39Y882fs1VpV/oy21WiySmXDE=", "owner": "neovim", "repo": "neovim", - "rev": "9789a3b854d7f670dd231bdffe1bce0098509539", + "rev": "fcec1610e7ba501be812f636dabc7d9f4c8f436f", "type": "github" }, "original": { @@ -541,11 +541,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1752631802, - "narHash": "sha256-t65TV28ZatEKVyFoTmExQgb8LECvrj/3Wuogn5PxfYI=", + "lastModified": 1752832532, + "narHash": "sha256-YvQ6sjTxS+cw+w8fhEL41vAC28q4sB0vT77uhzQ1eOA=", "owner": "fufexan", "repo": "nix-gaming", - "rev": "b8834a847dee8875e06e218830f33a3486f0185e", + "rev": "4e113d7f833a78a54a35dfc5514a89e5e7c78d4f", "type": "github" }, "original": { @@ -603,11 +603,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1752710483, - "narHash": "sha256-lPwVWOD2OMf7X2T6Umh2gm5NfNz3AcobcPbCnB4r9g4=", + "lastModified": 1752876120, + "narHash": "sha256-i6IbLwI+d4Mv8UemSV/DRLnKHh/0+CWrdt3HemufMWA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "cd4d0287ee12705c5e2890141809d252cd26c6e6", + "rev": "4e7849a5dbd1b1becd5be9a4b8a4ee9d38a10186", "type": "github" }, "original": { @@ -635,11 +635,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1752480373, - "narHash": "sha256-JHQbm+OcGp32wAsXTE/FLYGNpb+4GLi5oTvCxwSoBOA=", + "lastModified": 1752687322, + "narHash": "sha256-RKwfXA4OZROjBTQAl9WOZQFm7L8Bo93FQwSJpAiSRvo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "62e0f05ede1da0d54515d4ea8ce9c733f12d9f08", + "rev": "6e987485eb2c77e5dcc5af4e3c70843711ef9251", "type": "github" }, "original": { @@ -770,11 +770,11 @@ "stevenblack-hosts": { "flake": false, "locked": { - "lastModified": 1752716696, - "narHash": "sha256-L6dHdZQJvfooem2TQtalnxuYxJKbm05xs/5YN/bnlSA=", + "lastModified": 1752874173, + "narHash": "sha256-E4+FdFdc7TNIJ3f2aeo7TkxS1D7KcqNdN8ILfo4T0eA=", "owner": "StevenBlack", "repo": "hosts", - "rev": "9db4bfd5a227f7fc9184898baece641591f3896c", + "rev": "85aeab65b5579810b8ebdf1c0aa0148640ea95f9", "type": "github" }, "original": { From fdf6a3ce627793e66ab9188b4660fecbc1ef0c96 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Sat, 19 Jul 2025 21:34:30 +1000 Subject: [PATCH 138/363] packages/linux-lava: bump to 6.15.7 --- packages/linux-lava/sources.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/linux-lava/sources.nix b/packages/linux-lava/sources.nix index a245f79..40a7b9d 100644 --- a/packages/linux-lava/sources.nix +++ b/packages/linux-lava/sources.nix @@ -1,8 +1,8 @@ { fetchFromGitHub, inputs, lib }: let - version = "6.15.6"; + version = "6.15.7"; kernelHash = "0r4ppfd5kwvj24bjig92hxa18lmjgy9gqvh5qknfffw08wjrd1km"; - kernelPatchHash = "1cc7y3llnf50fb0vqa4689hybfgpyzd93s2w3lxyaxbpvll71snv"; + kernelPatchHash = "1qri57dd6r8sagm2vag9vp8jf70wf9bbjm5bhx5w05s8x56rrrf9"; mm = lib.versions.majorMinor version; hasPatch = (builtins.length (builtins.splitVersion version)) == 3; From 3ef987f8d9b585d6a9c8d53373c649929f100ed9 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Fri, 8 Aug 2025 22:34:56 +1000 Subject: [PATCH 139/363] system/wireguard: use port 123 --- modules/system/wireguard.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/wireguard.nix b/modules/system/wireguard.nix index 6126da8..04770ee 100644 --- a/modules/system/wireguard.nix +++ b/modules/system/wireguard.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, gcSecrets, ... }: let - port = 51820; + port = 123; serverName = "dandelion"; serverInterface = "enp0s6"; serverIp = gcSecrets.wireguard.gateway; From c0b9ed6b007ce583cab9bac44ddc4afd23de8552 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Fri, 8 Aug 2025 22:35:28 +1000 Subject: [PATCH 140/363] user/git: change name --- modules/user/git.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/user/git.nix b/modules/user/git.nix index b64492e..16a2cdd 100644 --- a/modules/user/git.nix +++ b/modules/user/git.nix @@ -1,7 +1,7 @@ { ... }: { programs.git = { enable = true; - userName = "LavaDesu"; + userName = "Cilly Leang"; userEmail = "me@lava.moe"; signing = { key = "059F098EBF0E9A13E10A46BF6500251E087653C9"; From e94d04ab1f7373bf19351465092820d4be6f0cbe Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Tue, 12 Aug 2025 12:17:36 +1000 Subject: [PATCH 141/363] flake: bump inputs --- flake.lock | 169 ++++++++++++++++++++++++++++++++--------------------- 1 file changed, 102 insertions(+), 67 deletions(-) diff --git a/flake.lock b/flake.lock index 6935a8b..d0fd43b 100644 --- a/flake.lock +++ b/flake.lock @@ -3,14 +3,15 @@ "aagl": { "inputs": { "flake-compat": "flake-compat", - "nixpkgs": "nixpkgs" + "nixpkgs": "nixpkgs", + "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1750597689, - "narHash": "sha256-3ComII0BkmdohISrshICQiAB6TU+VHHIRnWK0ckA0/s=", + "lastModified": 1754711681, + "narHash": "sha256-cYsUwcr7dQ/enDG+sHVqGopwgbPRajhVXi+dTt8OQ2c=", "owner": "ezKEa", "repo": "aagl-gtk-on-nix", - "rev": "ec2ec4ec3f908ed9b125ea4afd52627bed60f183", + "rev": "7a6e7cce4c9c8bfc5bf25a96d66ede2c0379a6f1", "type": "github" }, "original": { @@ -29,11 +30,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1750173260, - "narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=", + "lastModified": 1754433428, + "narHash": "sha256-NA/FT2hVhKDftbHSwVnoRTFhes62+7dxZbxj5Gxvghs=", "owner": "ryantm", "repo": "agenix", - "rev": "531beac616433bac6f9e2a19feb8e99a22a66baf", + "rev": "9edb1787864c4f59ae5074ad498b6272b3ec308d", "type": "github" }, "original": { @@ -186,11 +187,11 @@ "flake-compat_3": { "flake": false, "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", "owner": "edolstra", "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", "type": "github" }, "original": { @@ -207,11 +208,11 @@ ] }, "locked": { - "lastModified": 1751413152, - "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=", + "lastModified": 1754487366, + "narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5", + "rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18", "type": "github" }, "original": { @@ -246,11 +247,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1751413152, - "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=", + "lastModified": 1754487366, + "narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5", + "rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18", "type": "github" }, "original": { @@ -287,11 +288,11 @@ ] }, "locked": { - "lastModified": 1750779888, - "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=", + "lastModified": 1754416808, + "narHash": "sha256-c6yg0EQ9xVESx6HGDOCMcyRSjaTpNJP10ef+6fRcofA=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d", + "rev": "9c52372878df6911f9afc1e2a1391f55e4dfc864", "type": "github" }, "original": { @@ -394,11 +395,11 @@ ] }, "locked": { - "lastModified": 1752780124, - "narHash": "sha256-5dn97vIYxn6VozKePOQSDxVCsrl38nDdMJXx86KIJH0=", + "lastModified": 1753592768, + "narHash": "sha256-oV695RvbAE4+R9pcsT9shmp6zE/+IZe6evHWX63f2Qg=", "owner": "nix-community", "repo": "home-manager", - "rev": "c718918222bdb104397762dea67e6b397a7927fe", + "rev": "fc3add429f21450359369af74c2375cb34a2d204", "type": "github" }, "original": { @@ -436,11 +437,11 @@ ] }, "locked": { - "lastModified": 1752814804, - "narHash": "sha256-irfg7lnfEpJY+3Cffkluzp2MTVw1Uq9QGxFp6qadcXI=", + "lastModified": 1754842705, + "narHash": "sha256-2vvncPLsBWV6dRM5LfGHMGYZ+vzqRDqSPBzxPAS0R/A=", "owner": "nix-community", "repo": "home-manager", - "rev": "d0300c8808e41da81d6edfc202f3d3833c157daf", + "rev": "91586008a23c01cc32894ee187dca8c0a7bd20a4", "type": "github" }, "original": { @@ -480,11 +481,11 @@ "linux-tkg": { "flake": false, "locked": { - "lastModified": 1752805881, - "narHash": "sha256-D4OlmKGe9PcTIIaAgeyrBk2QKZLGbolcDyJBAlSrYy0=", + "lastModified": 1754707367, + "narHash": "sha256-c4kr9yDWeT6u4pmWva/RoMf06W3OsOOxVf2GLzV4MCw=", "owner": "Frogging-Family", "repo": "linux-tkg", - "rev": "0d81f32aca45461e67da8fc2f1b57dd7fc2cd789", + "rev": "6742817d970e38c1cfc747a8a83ab3cea95a43d5", "type": "github" }, "original": { @@ -506,11 +507,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1752753780, - "narHash": "sha256-EiCUyqaoTdXDMBFb30hBKB9Sx3eY9mrqhgGriIsKuIU=", + "lastModified": 1754641381, + "narHash": "sha256-eMoujl/X1lbdjRbC/HHCpZmUb5tqTAYSL1hocy+o7nc=", "owner": "nix-community", "repo": "neovim-nightly-overlay", - "rev": "053ea16d7d94f21ee6ed0b70007cd4378c8e4825", + "rev": "83aaf3085f808dec9ea1b5d16b216875a8081b37", "type": "github" }, "original": { @@ -522,11 +523,11 @@ "neovim-src": { "flake": false, "locked": { - "lastModified": 1752707870, - "narHash": "sha256-h/td8ApD44htLyMnue39Y882fs1VpV/oy21WiySmXDE=", + "lastModified": 1754610154, + "narHash": "sha256-ORfF40X4BGiFxnLNQbdsQbUTW4TkUHfPqyZWHaYL5NE=", "owner": "neovim", "repo": "neovim", - "rev": "fcec1610e7ba501be812f636dabc7d9f4c8f436f", + "rev": "038eb01b41b66379f75164507571497929f8847c", "type": "github" }, "original": { @@ -538,14 +539,14 @@ "nix-gaming": { "inputs": { "flake-parts": "flake-parts_3", - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1752832532, - "narHash": "sha256-YvQ6sjTxS+cw+w8fhEL41vAC28q4sB0vT77uhzQ1eOA=", + "lastModified": 1754791758, + "narHash": "sha256-XlyhRNYVItOE9IHi+loJBHnZ8c6ZbdV9lr6KFXPUpbY=", "owner": "fufexan", "repo": "nix-gaming", - "rev": "4e113d7f833a78a54a35dfc5514a89e5e7c78d4f", + "rev": "c7043951476c524a8dafa241158f7cb30079cdad", "type": "github" }, "original": { @@ -556,11 +557,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1748460289, - "narHash": "sha256-7doLyJBzCllvqX4gszYtmZUToxKvMUrg45EUWaUYmBg=", + "lastModified": 1754498491, + "narHash": "sha256-erbiH2agUTD0Z30xcVSFcDHzkRvkRXOQ3lb887bcVrs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "96ec055edbe5ee227f28cdbc3f1ddf1df5965102", + "rev": "c2ae88e026f9525daf89587f3cbee584b92b6134", "type": "github" }, "original": { @@ -572,11 +573,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1751159883, - "narHash": "sha256-urW/Ylk9FIfvXfliA1ywh75yszAbiTEVgpPeinFyVZo=", + "lastModified": 1753579242, + "narHash": "sha256-zvaMGVn14/Zz8hnp4VWT9xVnhc8vuL3TStRqwk22biA=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "14a40a1d7fb9afa4739275ac642ed7301a9ba1ab", + "rev": "0f36c44e01a6129be94e3ade315a5883f0228a6e", "type": "github" }, "original": { @@ -603,11 +604,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1752876120, - "narHash": "sha256-i6IbLwI+d4Mv8UemSV/DRLnKHh/0+CWrdt3HemufMWA=", + "lastModified": 1754863774, + "narHash": "sha256-OOkhunEjy+t5xP3oMxD9ezDZ3j3PYfOsT9aro/WcBGA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4e7849a5dbd1b1becd5be9a4b8a4ee9d38a10186", + "rev": "a84e756ad67fa42311e2d22cbc8f566ee46a04fd", "type": "github" }, "original": { @@ -619,11 +620,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1752012998, - "narHash": "sha256-Q82Ms+FQmgOBkdoSVm+FBpuFoeUAffNerR5yVV7SgT8=", + "lastModified": 1744536153, + "narHash": "sha256-awS2zRgF4uTwrOKwwiJcByDzDOdo3Q1rPZbiHQg/N38=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2a2130494ad647f953593c4e84ea4df839fbd68c", + "rev": "18dd725c29603f582cf1900e0d25f9f1063dbf11", "type": "github" }, "original": { @@ -635,11 +636,27 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1752687322, - "narHash": "sha256-RKwfXA4OZROjBTQAl9WOZQFm7L8Bo93FQwSJpAiSRvo=", + "lastModified": 1754711617, + "narHash": "sha256-WrZ280bT6NzNbBo+CKeJA/NW1rhvN/RUPZczqCpu2mI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6e987485eb2c77e5dcc5af4e3c70843711ef9251", + "rev": "00b574b1ba8a352f0601c4dde4faff4b534ebb1e", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { + "locked": { + "lastModified": 1754725699, + "narHash": "sha256-iAcj9T/Y+3DBy2J0N+yF9XQQQ8IEb5swLFzs23CdP88=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "85dbfc7aaf52ecb755f87e577ddbe6dbbdbc1054", "type": "github" }, "original": { @@ -716,7 +733,7 @@ "linux-tkg": "linux-tkg", "neovim-nightly": "neovim-nightly", "nix-gaming": "nix-gaming", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_4", "nixpkgs-stable": "nixpkgs-stable_2", "nvim-treesitter": "nvim-treesitter", "pure": "pure", @@ -730,6 +747,24 @@ "zsh-history-substring-search": "zsh-history-substring-search" } }, + "rust-overlay": { + "inputs": { + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "lastModified": 1754575663, + "narHash": "sha256-afOx8AG0KYtw7mlt6s6ahBBy7eEHZwws3iCRoiuRQS4=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "6db0fb0e9cec2e9729dc52bf4898e6c135bb8a0f", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, "spicetify-nix": { "inputs": { "nixpkgs": [ @@ -738,11 +773,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1752381641, - "narHash": "sha256-R2iDZb94RosuCeuIukacZVVXxzWYr4jn/QI/ax15nW8=", + "lastModified": 1754801101, + "narHash": "sha256-oxWjZ/SfhCvHFNePZcUu+LcE5j4xxuIt/yaoaSvMZk0=", "owner": "Gerg-L", "repo": "spicetify-nix", - "rev": "8f9fd947c52aa6adb6bafe72516eccf186708954", + "rev": "fcbfc21572518c68317df992929b28df9a1d8468", "type": "github" }, "original": { @@ -770,11 +805,11 @@ "stevenblack-hosts": { "flake": false, "locked": { - "lastModified": 1752874173, - "narHash": "sha256-E4+FdFdc7TNIJ3f2aeo7TkxS1D7KcqNdN8ILfo4T0eA=", + "lastModified": 1754759508, + "narHash": "sha256-D//sryXk4tiPB6pBrFz3+rA68JQRR+8IAicEA5h7CWQ=", "owner": "StevenBlack", "repo": "hosts", - "rev": "85aeab65b5579810b8ebdf1c0aa0148640ea95f9", + "rev": "a11705bff29cdf2744dfdf7463a4000ee67d2ba4", "type": "github" }, "original": { @@ -852,11 +887,11 @@ ] }, "locked": { - "lastModified": 1752055615, - "narHash": "sha256-19m7P4O/Aw/6+CzncWMAJu89JaKeMh3aMle1CNQSIwM=", + "lastModified": 1754492133, + "narHash": "sha256-B+3g9+76KlGe34Yk9za8AF3RL+lnbHXkLiVHLjYVOAc=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "c9d477b5d5bd7f26adddd3f96cfd6a904768d4f9", + "rev": "1298185c05a56bff66383a20be0b41a307f52228", "type": "github" }, "original": { @@ -901,11 +936,11 @@ "zsh-abbr": { "flake": false, "locked": { - "lastModified": 1752017132, - "narHash": "sha256-jumrUkz8L2UETKSipcDPkjstrPsHx4cwPH9sOXKnd0k=", + "lastModified": 1752982673, + "narHash": "sha256-9Tv64JFWG6yZnH16b8y80Q/Vk8wesxGpWG6JHiot70g=", "ref": "refs/heads/main", - "rev": "1e97c6fcc680186f32791cb7c51e95808d7c7c1b", - "revCount": 1058, + "rev": "2fd354de4d21be6c91ad2ea71af08525f3e76b39", + "revCount": 1061, "submodules": true, "type": "git", "url": "https://github.com/olets/zsh-abbr" From f140929d9c80ad4910cf6dbb11d47555057712af Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Tue, 12 Aug 2025 12:17:43 +1000 Subject: [PATCH 142/363] packages/linux-lava: bump to 6.16 --- packages/linux-lava/sources.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/linux-lava/sources.nix b/packages/linux-lava/sources.nix index 40a7b9d..4c9c4e3 100644 --- a/packages/linux-lava/sources.nix +++ b/packages/linux-lava/sources.nix @@ -1,8 +1,8 @@ { fetchFromGitHub, inputs, lib }: let - version = "6.15.7"; - kernelHash = "0r4ppfd5kwvj24bjig92hxa18lmjgy9gqvh5qknfffw08wjrd1km"; - kernelPatchHash = "1qri57dd6r8sagm2vag9vp8jf70wf9bbjm5bhx5w05s8x56rrrf9"; + version = "6.16"; + kernelHash = "10ydzfzc3g0nhns6md08gpfshhjcyd58lylqr15alijjdgzf4jqs"; + kernelPatchHash = "00wkvlpb5idmnjml86jmdp0fnqs08r3ykafhw5k702952dlyg5ws"; mm = lib.versions.majorMinor version; hasPatch = (builtins.length (builtins.splitVersion version)) == 3; From 1c2f3eb1c6570a765aa7c225c05835cffbb50642 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Thu, 14 Aug 2025 11:18:11 +1000 Subject: [PATCH 143/363] system/wireguard: add local-only peer --- modules/system/wireguard.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/modules/system/wireguard.nix b/modules/system/wireguard.nix index 04770ee..dbc8938 100644 --- a/modules/system/wireguard.nix +++ b/modules/system/wireguard.nix @@ -28,6 +28,7 @@ let interfaces = { wg0 = { peers = [ server6OnlyPeer ]; }; wg1 = { peers = [ serverPeer ]; autostart = false; }; + wg2 = { peers = [ serverLocalOnlyPeer ]; autostart = false; }; }; }; anemone = { @@ -36,6 +37,7 @@ let interfaces = { wg0 = { peers = [ server6OnlyPeer ]; }; wg1 = { peers = [ serverPeer ]; autostart = false; }; + wg2 = { peers = [ serverLocalOnlyPeer ]; autostart = false; }; }; }; hibiscus = { @@ -44,6 +46,7 @@ let interfaces = { wg0 = { peers = [ server6OnlyPeer ]; }; wg1 = { peers = [ serverPeer ]; autostart = false; }; + wg2 = { peers = [ serverLocalOnlyPeer ]; autostart = false; }; }; }; hazel = { @@ -52,7 +55,7 @@ let interfaces = { wg0 = { dns = [ "::1" "127.0.0.1" ]; - peers = [ (serverPeerWith [ "10.100.0.0/24" "fd0d::/16" ]) ]; + peers = [ serverLocalOnlyPeer ]; }; }; }; @@ -67,6 +70,7 @@ let }; serverPeer = serverPeerWith [ "0.0.0.0/0" "::/0" ]; server6OnlyPeer = serverPeerWith [ "10.100.0.0/24" "::/0" ]; + serverLocalOnlyPeer = serverPeerWith [ "10.100.0.0/24" "fd0d::/16" ]; serverConfig = { nat = { From 1cfcd112e85079394248ca53232191957e8ec152 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 17 Aug 2025 22:24:54 +1000 Subject: [PATCH 144/363] hosts/hyacinth: remove jenkins, and enable bluetooth --- hosts/hyacinth/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/hyacinth/default.nix b/hosts/hyacinth/default.nix index 326daad..620798b 100644 --- a/hosts/hyacinth/default.nix +++ b/hosts/hyacinth/default.nix @@ -41,5 +41,5 @@ ]; systemd.services.nix-daemon.environment.TMPDIR = "/nix/tmp"; - services.jenkins.enable = true; + me.hasBluetooth = true; } From 633d781a25bd170ab49ef02810b7d72065974e81 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 17 Aug 2025 23:06:33 +1000 Subject: [PATCH 145/363] user/neovim: add astro and tailwind --- modules/user/neovim.nix | 3 +++ res/config.lua | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/modules/user/neovim.nix b/modules/user/neovim.nix index 1949d2f..0120227 100644 --- a/modules/user/neovim.nix +++ b/modules/user/neovim.nix @@ -20,6 +20,8 @@ in { extraPackages = with pkgs; [ rust-analyzer + nodePackages."@astrojs/language-server" + nodePackages."@tailwindcss/language-server" nodePackages.diagnostic-languageserver nodePackages.eslint_d nodePackages.typescript-language-server @@ -52,6 +54,7 @@ in { #(pkgs.me.nvim-treesitter-nightly.withPlugins (p: with p; [ (nvim-treesitter.withPlugins (p: with p; [ + tree-sitter-astro tree-sitter-bash tree-sitter-c tree-sitter-c-sharp diff --git a/res/config.lua b/res/config.lua index 10d2ec1..286b03d 100644 --- a/res/config.lua +++ b/res/config.lua @@ -139,7 +139,7 @@ local capabilities = vim.lsp.protocol.make_client_capabilities() capabilities.textDocument.completion.completionItem.snippetSupport = true capabilities = require('cmp_nvim_lsp').default_capabilities(capabilities) -local servers = { 'cssls', 'html', 'nil_ls', 'texlab', 'ts_ls', 'yamlls' } +local servers = { 'astro', 'cssls', 'html', 'nil_ls', 'tailwindcss', 'texlab', 'ts_ls', 'yamlls' } for _, lsp in ipairs(servers) do nvim_lsp[lsp].setup { capabilities = capabilities, From d9df212560157f31c11dbac3efda6619fbf89206 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 17 Aug 2025 23:09:58 +1000 Subject: [PATCH 146/363] user/neovim: add nvim-highlight-colors --- modules/user/neovim.nix | 1 + res/config.lua | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/modules/user/neovim.nix b/modules/user/neovim.nix index 0120227..774feea 100644 --- a/modules/user/neovim.nix +++ b/modules/user/neovim.nix @@ -47,6 +47,7 @@ in { nvim-cmp nvim-dap + nvim-highlight-colors nvim-lspconfig cmp-nvim-lsp cmp_luasnip diff --git a/res/config.lua b/res/config.lua index 286b03d..4237b16 100644 --- a/res/config.lua +++ b/res/config.lua @@ -18,6 +18,7 @@ vim.opt.number = true vim.opt.cursorline = true vim.opt.signcolumn = "yes:3" vim.opt.title = true +vim.opt.termguicolors = true vim.opt.updatetime = 0 vim.opt.clipboard:prepend('unnamedplus') @@ -94,6 +95,9 @@ end vim.cmd('au FileType javascript setlocal indentexpr=v:lua.javascript_indent()') +-- nvim-highlight-colors +require('nvim-highlight-colors').setup {} + -- LSP local nvim_lsp = require('lspconfig') From b06bb7009c8dd9766c4802ddd333a24706a40b89 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 17 Aug 2025 23:25:30 +1000 Subject: [PATCH 147/363] user/neovim: add autoclose-nvim and update lualine config --- modules/user/neovim.nix | 2 ++ res/config.lua | 15 +++++++++++---- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/modules/user/neovim.nix b/modules/user/neovim.nix index 774feea..9e6877c 100644 --- a/modules/user/neovim.nix +++ b/modules/user/neovim.nix @@ -30,10 +30,12 @@ in { ]; plugins = with pkgs.vimPlugins; [ + autoclose-nvim flutter-tools-nvim fzf-vim fzf-lsp-nvim lualine-nvim + nvim-web-devicons plenary-nvim tokyonight-nvim vim-fugitive diff --git a/res/config.lua b/res/config.lua index 4237b16..3632c15 100644 --- a/res/config.lua +++ b/res/config.lua @@ -65,13 +65,23 @@ vim.cmd("highlight SignifySignChangeDelete guifg="..colors.red) vim.cmd("au FileType rust highlight DiagnosticUnderlineHint ctermfg=14 gui=italic guifg="..colors.overlay2) -- Plugins +require('autoclose').setup {} +require('nvim-highlight-colors').setup {} require('nvim-treesitter.configs').setup { highlight = { enable = true }, indent = { enable = false } } require('lualine').setup { options = { - theme = 'tokyonight' + theme = 'catppuccin' + }, + sections = { + lualine_c = { + { + "filename", + path = 1, + } + } } } @@ -95,9 +105,6 @@ end vim.cmd('au FileType javascript setlocal indentexpr=v:lua.javascript_indent()') --- nvim-highlight-colors -require('nvim-highlight-colors').setup {} - -- LSP local nvim_lsp = require('lspconfig') From 240ff865388fbec6ca073c166f195e8f2ca28c09 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 17 Aug 2025 23:32:23 +1000 Subject: [PATCH 148/363] user/neovim: add nvim-ts-autotag --- modules/user/neovim.nix | 1 + res/config.lua | 1 + 2 files changed, 2 insertions(+) diff --git a/modules/user/neovim.nix b/modules/user/neovim.nix index 9e6877c..cc5d271 100644 --- a/modules/user/neovim.nix +++ b/modules/user/neovim.nix @@ -35,6 +35,7 @@ in { fzf-vim fzf-lsp-nvim lualine-nvim + nvim-ts-autotag nvim-web-devicons plenary-nvim tokyonight-nvim diff --git a/res/config.lua b/res/config.lua index 3632c15..aa3355a 100644 --- a/res/config.lua +++ b/res/config.lua @@ -66,6 +66,7 @@ vim.cmd("au FileType rust highlight DiagnosticUnderlineHint ctermfg=14 gui=itali -- Plugins require('autoclose').setup {} +require('nvim-ts-autotag').setup {} require('nvim-highlight-colors').setup {} require('nvim-treesitter.configs').setup { highlight = { enable = true }, From 5989fc4e70e30a92408c690e5b06d8d8f3ea3c02 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 17 Aug 2025 23:50:52 +1000 Subject: [PATCH 149/363] user/neovim: add bindings for commenting --- res/config.lua | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/res/config.lua b/res/config.lua index aa3355a..b173216 100644 --- a/res/config.lua +++ b/res/config.lua @@ -1,11 +1,13 @@ -- Keybindings -local map = vim.api.nvim_set_keymap -map('n', '', 'h', { noremap = true }) -map('n', '', 'j', { noremap = true }) -map('n', '', 'k', { noremap = true }) -map('n', '', 'l', { noremap = true }) -map('n', '', ':q', { noremap = true }) -map('n', '', ':Files', { noremap = true }) +local map = vim.keymap.set +map('n', '', 'h', { remap = false }) +map('n', '', 'j', { remap = false }) +map('n', '', 'k', { remap = false }) +map('n', '', 'l', { remap = false }) +map('n', '', ':q', { remap = false }) +map('n', '', ':Files', { remap = false }) +map('n', '', 'gcc', { remap = true, silent = true }) +map('v', '', 'gc', { remap = true, silent = true }) -- Autocommands vim.cmd('au BufEnter * set noro') From 6fabeecd1d329f52d54aa761a2841ce7d38abb91 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Mon, 18 Aug 2025 00:11:28 +1000 Subject: [PATCH 150/363] user/neovim: add auto-save.nvim --- modules/user/neovim.nix | 1 + res/config.lua | 13 +++++++++++++ 2 files changed, 14 insertions(+) diff --git a/modules/user/neovim.nix b/modules/user/neovim.nix index cc5d271..e8ba07a 100644 --- a/modules/user/neovim.nix +++ b/modules/user/neovim.nix @@ -31,6 +31,7 @@ in { plugins = with pkgs.vimPlugins; [ autoclose-nvim + auto-save-nvim flutter-tools-nvim fzf-vim fzf-lsp-nvim diff --git a/res/config.lua b/res/config.lua index b173216..f69e13b 100644 --- a/res/config.lua +++ b/res/config.lua @@ -68,6 +68,19 @@ vim.cmd("au FileType rust highlight DiagnosticUnderlineHint ctermfg=14 gui=itali -- Plugins require('autoclose').setup {} +local function autosavecond(buf) + if vim.tbl_contains({"astro"}, vim.fn.getbufvar(buf, "&filetype")) then + return true + end + return false +end +require('auto-save').setup { + trigger_events = { + defer = { "InsertLeave", "TextChanged", "TextChangedI" }, + }, + debounce_delay = 250, + condition = autosavecond, +} require('nvim-ts-autotag').setup {} require('nvim-highlight-colors').setup {} require('nvim-treesitter.configs').setup { From f8dc09565f5e473e3e4ce269777270ac6167d9a1 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Mon, 18 Aug 2025 01:36:36 +1000 Subject: [PATCH 151/363] user/neovim: use virtual color highlight --- res/config.lua | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/res/config.lua b/res/config.lua index f69e13b..06aaffc 100644 --- a/res/config.lua +++ b/res/config.lua @@ -82,7 +82,9 @@ require('auto-save').setup { condition = autosavecond, } require('nvim-ts-autotag').setup {} -require('nvim-highlight-colors').setup {} +require('nvim-highlight-colors').setup { + render = "virtual", +} require('nvim-treesitter.configs').setup { highlight = { enable = true }, indent = { enable = false } From d0fdbe88222e31eb9cffa7129c0c7ba64491aafe Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Mon, 18 Aug 2025 17:23:37 +1000 Subject: [PATCH 152/363] hyacinth/filesystem: increase tmpfs size to 24G --- hosts/hyacinth/filesystem.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/hyacinth/filesystem.nix b/hosts/hyacinth/filesystem.nix index c85d7be..2757182 100644 --- a/hosts/hyacinth/filesystem.nix +++ b/hosts/hyacinth/filesystem.nix @@ -15,7 +15,7 @@ in "/" = { device = "rootfs"; fsType = "tmpfs"; - options = [ "defaults" "size=8G" "mode=755" ]; + options = [ "defaults" "size=24G" "mode=755" ]; }; "/boot" = mkLabelMount "CUP" "vfat"; From c9520a5bc86ff937bd9f2038ff93c92f5c63e940 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Mon, 18 Aug 2025 17:25:21 +1000 Subject: [PATCH 153/363] packages/linux-lava: add bluetooth patch --- packages/linux-lava/bluetooth.patch | 13 +++++++++++++ packages/linux-lava/sources.nix | 1 + 2 files changed, 14 insertions(+) create mode 100644 packages/linux-lava/bluetooth.patch diff --git a/packages/linux-lava/bluetooth.patch b/packages/linux-lava/bluetooth.patch new file mode 100644 index 0000000..87e198c --- /dev/null +++ b/packages/linux-lava/bluetooth.patch @@ -0,0 +1,13 @@ +diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c +index ef9689f8776..aabbc031b5f 100644 +--- a/drivers/bluetooth/btusb.c ++++ b/drivers/bluetooth/btusb.c +@@ -759,6 +759,8 @@ static const struct usb_device_id quirks_table[] = { + BTUSB_WIDEBAND_SPEECH }, + { USB_DEVICE(0x2b89, 0x8761), .driver_info = BTUSB_REALTEK | + BTUSB_WIDEBAND_SPEECH }, ++ { USB_DEVICE(0x2c4e, 0x0115), .driver_info = BTUSB_REALTEK | ++ BTUSB_WIDEBAND_SPEECH }, + + /* Additional Realtek 8821AE Bluetooth devices */ + { USB_DEVICE(0x0b05, 0x17dc), .driver_info = BTUSB_REALTEK }, diff --git a/packages/linux-lava/sources.nix b/packages/linux-lava/sources.nix index 4c9c4e3..caaa4f7 100644 --- a/packages/linux-lava/sources.nix +++ b/packages/linux-lava/sources.nix @@ -35,6 +35,7 @@ in { kernelPatches = lib.optionals hasPatch [ kernelPatchSrc + (patch ./bluetooth.patch) ] ++ builtins.map (name: { inherit name; From e7d5efd169de117550bcba3d8b0add00cdcc206b Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Mon, 18 Aug 2025 17:26:33 +1000 Subject: [PATCH 154/363] packages/linux-lava: bump to 6.16.1 --- packages/linux-lava/sources.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/linux-lava/sources.nix b/packages/linux-lava/sources.nix index caaa4f7..b8f408a 100644 --- a/packages/linux-lava/sources.nix +++ b/packages/linux-lava/sources.nix @@ -1,8 +1,8 @@ { fetchFromGitHub, inputs, lib }: let - version = "6.16"; + version = "6.16.1"; kernelHash = "10ydzfzc3g0nhns6md08gpfshhjcyd58lylqr15alijjdgzf4jqs"; - kernelPatchHash = "00wkvlpb5idmnjml86jmdp0fnqs08r3ykafhw5k702952dlyg5ws"; + kernelPatchHash = "0qg6jcbjwik2xzz26zbiz495ig03znaf0s4xp2qrl36lpsbjcr7a"; mm = lib.versions.majorMinor version; hasPatch = (builtins.length (builtins.splitVersion version)) == 3; From 2d85d6635b1ed3be13eaf2630635ddda3f963241 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Mon, 18 Aug 2025 17:46:13 +1000 Subject: [PATCH 155/363] overlays/linux-lava: get rid of --target warning --- overlays/linux-lava.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/overlays/linux-lava.nix b/overlays/linux-lava.nix index 4cfa1a4..321532f 100644 --- a/overlays/linux-lava.nix +++ b/overlays/linux-lava.nix @@ -1,12 +1,16 @@ self: super: let llvmPackages = super.llvmPackages_19; clangVersion = super.lib.versions.major llvmPackages.libclang.version; + addFlagsScript = "$out/nix-support/add-local-cc-cflags-before.sh"; cc = llvmPackages.stdenv.cc.override { # :sob: see https://github.com/NixOS/nixpkgs/issues/142901 bintools = llvmPackages.bintools; + + # https://github.com/NixOS/nixpkgs/issues/368850 extraBuildCommands = '' + cat <(echo "NIX_CC_WRAPPER_SUPPRESS_TARGET_WARNING=1") "${addFlagsScript}" > "${addFlagsScript}.new" + mv "${addFlagsScript}.new" "${addFlagsScript}" substituteInPlace "$out/nix-support/cc-cflags" --replace " -nostdlibinc" "" - substituteInPlace "$out/nix-support/add-local-cc-cflags-before.sh" --replace 'echo "Warning: supplying the --target argument to a nix-wrapped compiler may not work correctly - cc-wrapper is currently not designed with multi-target compilers in mind. You may want to use an un-wrapped compiler instead." >&2' "" echo " -resource-dir=${llvmPackages.libclang.lib}/lib/clang/${clangVersion}" >> $out/nix-support/cc-cflags ''; }; From c4bf653e1495193f499f8ce5f84c2862f93448d2 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 27 Aug 2025 17:28:29 +1000 Subject: [PATCH 156/363] user/neovim: add texlab --- modules/user/neovim.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/user/neovim.nix b/modules/user/neovim.nix index e8ba07a..4dc4830 100644 --- a/modules/user/neovim.nix +++ b/modules/user/neovim.nix @@ -20,6 +20,7 @@ in { extraPackages = with pkgs; [ rust-analyzer + texlab nodePackages."@astrojs/language-server" nodePackages."@tailwindcss/language-server" nodePackages.diagnostic-languageserver From 6a3e5c147b0be6fd220fa3ebb43e91901dfe54e8 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Tue, 2 Sep 2025 14:30:50 +1000 Subject: [PATCH 157/363] user/neovim: add clangd --- res/config.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/res/config.lua b/res/config.lua index 06aaffc..38f6a66 100644 --- a/res/config.lua +++ b/res/config.lua @@ -168,7 +168,7 @@ local capabilities = vim.lsp.protocol.make_client_capabilities() capabilities.textDocument.completion.completionItem.snippetSupport = true capabilities = require('cmp_nvim_lsp').default_capabilities(capabilities) -local servers = { 'astro', 'cssls', 'html', 'nil_ls', 'tailwindcss', 'texlab', 'ts_ls', 'yamlls' } +local servers = { 'astro', 'clangd', 'cssls', 'html', 'nil_ls', 'tailwindcss', 'texlab', 'ts_ls', 'yamlls' } for _, lsp in ipairs(servers) do nvim_lsp[lsp].setup { capabilities = capabilities, From c17c9873b9951d8d52bfcc938300b02742340a8d Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Tue, 2 Sep 2025 14:39:38 +1000 Subject: [PATCH 158/363] user/catppuccin: fix theme script it just kept reusing old generations because nix/profiles/home-manager isn't.. consistently updated? idk how long this has been happening or if they changed something ughhhhhh --- modules/user/catppuccin.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/user/catppuccin.nix b/modules/user/catppuccin.nix index 44973e6..176b42c 100644 --- a/modules/user/catppuccin.nix +++ b/modules/user/catppuccin.nix @@ -53,7 +53,7 @@ echo "invalid theme, valid values: [dark, light, restore]" exit 1 fi - current="$HOME/.local/state/nix/profiles/home-manager" + current="$HOME/.local/state/home-manager/gcroots/current-home/" cached="$HOME/.local/state/last-parent-specialisation" if [ -d "$current/specialisation" ]; then if [ -d "$cached" ]; then From 870fc4e2d7251cd6ba3960b97c38e3858b04cf01 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Thu, 21 Aug 2025 02:40:27 +1000 Subject: [PATCH 159/363] hyacinth/networking: enable wakeonlan --- hosts/hyacinth/networking.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/hyacinth/networking.nix b/hosts/hyacinth/networking.nix index 0f6035a..0b2eb03 100644 --- a/hosts/hyacinth/networking.nix +++ b/hosts/hyacinth/networking.nix @@ -3,7 +3,7 @@ networking = { useDHCP = true; interfaces.enp5s0.useDHCP = false; - interfaces.enp5s0.wakeOnLan.enable = false; + interfaces.enp5s0.wakeOnLan.enable = true; interfaces.enp5s0.ipv4.addresses = [{ address = "192.168.1.201"; From 480208b7186bf3d747148532a34599e060d8373f Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Fri, 5 Sep 2025 23:53:39 +1000 Subject: [PATCH 160/363] user/neovim: autosave tex, and autosave while in insert --- res/config.lua | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/res/config.lua b/res/config.lua index 38f6a66..55b991e 100644 --- a/res/config.lua +++ b/res/config.lua @@ -69,14 +69,14 @@ vim.cmd("au FileType rust highlight DiagnosticUnderlineHint ctermfg=14 gui=itali -- Plugins require('autoclose').setup {} local function autosavecond(buf) - if vim.tbl_contains({"astro"}, vim.fn.getbufvar(buf, "&filetype")) then + if vim.tbl_contains({"astro", "tex"}, vim.fn.getbufvar(buf, "&filetype")) then return true end return false end require('auto-save').setup { trigger_events = { - defer = { "InsertLeave", "TextChanged", "TextChangedI" }, + defer_save = { "InsertLeave", "TextChanged", "TextChangedI" }, }, debounce_delay = 250, condition = autosavecond, From c85d5d21506b968ee07e32a3bc54e37d7d7745cd Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Sat, 25 Oct 2025 01:44:58 +0000 Subject: [PATCH 161/363] flake: bump inputs --- flake.lock | 168 ++++++++++++++++++++++++----------------------------- 1 file changed, 75 insertions(+), 93 deletions(-) diff --git a/flake.lock b/flake.lock index d0fd43b..ff2042e 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1754711681, - "narHash": "sha256-cYsUwcr7dQ/enDG+sHVqGopwgbPRajhVXi+dTt8OQ2c=", + "lastModified": 1759319421, + "narHash": "sha256-45yE92tDGtCX/vdyUuD3ckCqyZ3pwP0yrTorjvL80fc=", "owner": "ezKEa", "repo": "aagl-gtk-on-nix", - "rev": "7a6e7cce4c9c8bfc5bf25a96d66ede2c0379a6f1", + "rev": "37bf87881ae7a68bccdd383fef345c748a23d3b7", "type": "github" }, "original": { @@ -30,11 +30,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1754433428, - "narHash": "sha256-NA/FT2hVhKDftbHSwVnoRTFhes62+7dxZbxj5Gxvghs=", + "lastModified": 1760836749, + "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", "owner": "ryantm", "repo": "agenix", - "rev": "9edb1787864c4f59ae5074ad498b6272b3ec308d", + "rev": "2f0f812f69f3eb4140157fe15e12739adf82e32a", "type": "github" }, "original": { @@ -208,11 +208,11 @@ ] }, "locked": { - "lastModified": 1754487366, - "narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=", + "lastModified": 1760948891, + "narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18", + "rev": "864599284fc7c0ba6357ed89ed5e2cd5040f0c04", "type": "github" }, "original": { @@ -222,36 +222,15 @@ } }, "flake-parts_2": { - "inputs": { - "nixpkgs-lib": [ - "neovim-nightly", - "hercules-ci-effects", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1751413152, - "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5", - "type": "github" - }, - "original": { - "id": "flake-parts", - "type": "indirect" - } - }, - "flake-parts_3": { "inputs": { "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1754487366, - "narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=", + "lastModified": 1760813311, + "narHash": "sha256-lbHQ7FXGzt6/IygWvJ1lCq+Txcut3xYYd6VIpF1ojkg=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18", + "rev": "4e627ac2e1b8f1de7f5090064242de9a259dbbc8", "type": "github" }, "original": { @@ -288,11 +267,11 @@ ] }, "locked": { - "lastModified": 1754416808, - "narHash": "sha256-c6yg0EQ9xVESx6HGDOCMcyRSjaTpNJP10ef+6fRcofA=", + "lastModified": 1760663237, + "narHash": "sha256-BflA6U4AM1bzuRMR8QqzPXqh8sWVCNDzOdsxXEguJIc=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "9c52372878df6911f9afc1e2a1391f55e4dfc864", + "rev": "ca5b894d3e3e151ffc1db040b6ce4dcc75d31c37", "type": "github" }, "original": { @@ -325,18 +304,21 @@ }, "hercules-ci-effects": { "inputs": { - "flake-parts": "flake-parts_2", + "flake-parts": [ + "neovim-nightly", + "flake-parts" + ], "nixpkgs": [ "neovim-nightly", "nixpkgs" ] }, "locked": { - "lastModified": 1752595130, - "narHash": "sha256-CNBgr4OZSuklGtNOa9CnTNo9+Xceqn/EDAC1Tc43fH8=", + "lastModified": 1761230615, + "narHash": "sha256-pLE7U5gOtlA/2wbKCsVRYf5DqMQ5TWBCrCfZGytDDeo=", "owner": "hercules-ci", "repo": "hercules-ci-effects", - "rev": "5f2e09654b2e70ba643e41609d9f9b6640f22113", + "rev": "7db2b867219a26781437d840ce457b75b7645154", "type": "github" }, "original": { @@ -395,11 +377,11 @@ ] }, "locked": { - "lastModified": 1753592768, - "narHash": "sha256-oV695RvbAE4+R9pcsT9shmp6zE/+IZe6evHWX63f2Qg=", + "lastModified": 1758463745, + "narHash": "sha256-uhzsV0Q0I9j2y/rfweWeGif5AWe0MGrgZ/3TjpDYdGA=", "owner": "nix-community", "repo": "home-manager", - "rev": "fc3add429f21450359369af74c2375cb34a2d204", + "rev": "3b955f5f0a942f9f60cdc9cacb7844335d0f21c3", "type": "github" }, "original": { @@ -437,11 +419,11 @@ ] }, "locked": { - "lastModified": 1754842705, - "narHash": "sha256-2vvncPLsBWV6dRM5LfGHMGYZ+vzqRDqSPBzxPAS0R/A=", + "lastModified": 1761344779, + "narHash": "sha256-6LNSptFYhiAd0M/maJoixJw7V0Kp5BSoMRtIahcfu3M=", "owner": "nix-community", "repo": "home-manager", - "rev": "91586008a23c01cc32894ee187dca8c0a7bd20a4", + "rev": "c644cb018f9fdec55f5ac2afb4713a8c7beb757c", "type": "github" }, "original": { @@ -481,11 +463,11 @@ "linux-tkg": { "flake": false, "locked": { - "lastModified": 1754707367, - "narHash": "sha256-c4kr9yDWeT6u4pmWva/RoMf06W3OsOOxVf2GLzV4MCw=", + "lastModified": 1761271248, + "narHash": "sha256-x90r+HsgZ9z47LoFW6lz+NDX0BqLRSXqc/U0ab1uCUY=", "owner": "Frogging-Family", "repo": "linux-tkg", - "rev": "6742817d970e38c1cfc747a8a83ab3cea95a43d5", + "rev": "7870dc8a170d975ac31f5814d645f1c1757a8798", "type": "github" }, "original": { @@ -507,11 +489,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1754641381, - "narHash": "sha256-eMoujl/X1lbdjRbC/HHCpZmUb5tqTAYSL1hocy+o7nc=", + "lastModified": 1761350724, + "narHash": "sha256-ogJgZWLclKE10H7xw+jBjmnhg8U/2OpJZTaIulMr7Rw=", "owner": "nix-community", "repo": "neovim-nightly-overlay", - "rev": "83aaf3085f808dec9ea1b5d16b216875a8081b37", + "rev": "cd02956a1f6376f524a10b94893bc9408b476322", "type": "github" }, "original": { @@ -523,11 +505,11 @@ "neovim-src": { "flake": false, "locked": { - "lastModified": 1754610154, - "narHash": "sha256-ORfF40X4BGiFxnLNQbdsQbUTW4TkUHfPqyZWHaYL5NE=", + "lastModified": 1761346084, + "narHash": "sha256-bhbEqOGNBD52bb5ZUXyd/Ua67hCpzgidOjkWOwJO1iw=", "owner": "neovim", "repo": "neovim", - "rev": "038eb01b41b66379f75164507571497929f8847c", + "rev": "520568f40f22d77e623ddda77cf751031774384b", "type": "github" }, "original": { @@ -538,15 +520,15 @@ }, "nix-gaming": { "inputs": { - "flake-parts": "flake-parts_3", + "flake-parts": "flake-parts_2", "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1754791758, - "narHash": "sha256-XlyhRNYVItOE9IHi+loJBHnZ8c6ZbdV9lr6KFXPUpbY=", + "lastModified": 1761184286, + "narHash": "sha256-yK/XQSwkOlgljcxNhlu08Zyp96DzF4eIU1leyWjyNZE=", "owner": "fufexan", "repo": "nix-gaming", - "rev": "c7043951476c524a8dafa241158f7cb30079cdad", + "rev": "8ac5469d67b8c197832575db87f6bde38032a947", "type": "github" }, "original": { @@ -557,11 +539,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1754498491, - "narHash": "sha256-erbiH2agUTD0Z30xcVSFcDHzkRvkRXOQ3lb887bcVrs=", + "lastModified": 1759036355, + "narHash": "sha256-0m27AKv6ka+q270dw48KflE0LwQYrO7Fm4/2//KCVWg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c2ae88e026f9525daf89587f3cbee584b92b6134", + "rev": "e9f00bd893984bc8ce46c895c3bf7cac95331127", "type": "github" }, "original": { @@ -573,11 +555,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1753579242, - "narHash": "sha256-zvaMGVn14/Zz8hnp4VWT9xVnhc8vuL3TStRqwk22biA=", + "lastModified": 1754788789, + "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "0f36c44e01a6129be94e3ade315a5883f0228a6e", + "rev": "a73b9c743612e4244d865a2fdee11865283c04e6", "type": "github" }, "original": { @@ -604,11 +586,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1754863774, - "narHash": "sha256-OOkhunEjy+t5xP3oMxD9ezDZ3j3PYfOsT9aro/WcBGA=", + "lastModified": 1761346166, + "narHash": "sha256-bJvQiPY1dnu3lTV7w61n4Opx6kcRcU6egJovDV+6/H4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a84e756ad67fa42311e2d22cbc8f566ee46a04fd", + "rev": "810ffa7c371a24bdc286cdf322e1ebcf4b196b6b", "type": "github" }, "original": { @@ -636,11 +618,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1754711617, - "narHash": "sha256-WrZ280bT6NzNbBo+CKeJA/NW1rhvN/RUPZczqCpu2mI=", + "lastModified": 1760596604, + "narHash": "sha256-J/i5K6AAz/y5dBePHQOuzC7MbhyTOKsd/GLezSbEFiM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "00b574b1ba8a352f0601c4dde4faff4b534ebb1e", + "rev": "3cbe716e2346710d6e1f7c559363d14e11c32a43", "type": "github" }, "original": { @@ -652,11 +634,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1754725699, - "narHash": "sha256-iAcj9T/Y+3DBy2J0N+yF9XQQQ8IEb5swLFzs23CdP88=", + "lastModified": 1761114652, + "narHash": "sha256-f/QCJM/YhrV/lavyCVz8iU3rlZun6d+dAiC3H+CDle4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "85dbfc7aaf52ecb755f87e577ddbe6dbbdbc1054", + "rev": "01f116e4df6a15f4ccdffb1bcd41096869fb385c", "type": "github" }, "original": { @@ -708,11 +690,11 @@ "pure": { "flake": false, "locked": { - "lastModified": 1745571677, - "narHash": "sha256-m4vCfX/IwByQN0OvcwDs+fy6LYndhGbNDQueOCREVx8=", + "lastModified": 1760326343, + "narHash": "sha256-LfrZUv0UMVyygPd1RAv2EIWEvds2n0iEG8G2q7h5izM=", "owner": "sindresorhus", "repo": "pure", - "rev": "5c2158096cd992ad73ae4b42aa43ee618383e092", + "rev": "58fe1ac501df94f5458b8c7d08fbea8e5bd86426", "type": "github" }, "original": { @@ -752,11 +734,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1754575663, - "narHash": "sha256-afOx8AG0KYtw7mlt6s6ahBBy7eEHZwws3iCRoiuRQS4=", + "lastModified": 1759199574, + "narHash": "sha256-w24RYly3VSVKp98rVfCI1nFYfQ0VoWmShtKPCbXgK6A=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "6db0fb0e9cec2e9729dc52bf4898e6c135bb8a0f", + "rev": "381776b12d0d125edd7c1930c2041a1471e586c0", "type": "github" }, "original": { @@ -773,11 +755,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1754801101, - "narHash": "sha256-oxWjZ/SfhCvHFNePZcUu+LcE5j4xxuIt/yaoaSvMZk0=", + "lastModified": 1760848035, + "narHash": "sha256-H3MFH8+i4wFagkebtHPcosQdkmxQ4a6fl1lMbLb+RkA=", "owner": "Gerg-L", "repo": "spicetify-nix", - "rev": "fcbfc21572518c68317df992929b28df9a1d8468", + "rev": "cde9f78ae705343a38f5d1d19ab34858b5e9caa9", "type": "github" }, "original": { @@ -805,11 +787,11 @@ "stevenblack-hosts": { "flake": false, "locked": { - "lastModified": 1754759508, - "narHash": "sha256-D//sryXk4tiPB6pBrFz3+rA68JQRR+8IAicEA5h7CWQ=", + "lastModified": 1760670453, + "narHash": "sha256-KQx4CWPfKBJwuBONYSE7AIKa7UBXBvtNVcrOmkPrjkY=", "owner": "StevenBlack", "repo": "hosts", - "rev": "a11705bff29cdf2744dfdf7463a4000ee67d2ba4", + "rev": "5da10a61afc297307c489903bfc35b1eb8dac674", "type": "github" }, "original": { @@ -887,11 +869,11 @@ ] }, "locked": { - "lastModified": 1754492133, - "narHash": "sha256-B+3g9+76KlGe34Yk9za8AF3RL+lnbHXkLiVHLjYVOAc=", + "lastModified": 1761311587, + "narHash": "sha256-Msq86cR5SjozQGCnC6H8C+0cD4rnx91BPltZ9KK613Y=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "1298185c05a56bff66383a20be0b41a307f52228", + "rev": "2eddae033e4e74bf581c2d1dfa101f9033dbd2dc", "type": "github" }, "original": { @@ -936,11 +918,11 @@ "zsh-abbr": { "flake": false, "locked": { - "lastModified": 1752982673, - "narHash": "sha256-9Tv64JFWG6yZnH16b8y80Q/Vk8wesxGpWG6JHiot70g=", + "lastModified": 1755632519, + "narHash": "sha256-vu17UAainZDD+8y/t+vBdGUe2NTF5XZdnHy5T15pNUE=", "ref": "refs/heads/main", - "rev": "2fd354de4d21be6c91ad2ea71af08525f3e76b39", - "revCount": 1061, + "rev": "13b34cdc29d8b22323fa2079193ea1529723747c", + "revCount": 1065, "submodules": true, "type": "git", "url": "https://github.com/olets/zsh-abbr" From a9f5d4da4d485744b2c502bb6d09a53a15d114b3 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Sat, 25 Oct 2025 01:45:00 +0000 Subject: [PATCH 162/363] packages/linux-lava: bump to 6.17.5 --- packages/linux-lava/sources.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/linux-lava/sources.nix b/packages/linux-lava/sources.nix index b8f408a..5e16c02 100644 --- a/packages/linux-lava/sources.nix +++ b/packages/linux-lava/sources.nix @@ -1,8 +1,8 @@ { fetchFromGitHub, inputs, lib }: let - version = "6.16.1"; - kernelHash = "10ydzfzc3g0nhns6md08gpfshhjcyd58lylqr15alijjdgzf4jqs"; - kernelPatchHash = "0qg6jcbjwik2xzz26zbiz495ig03znaf0s4xp2qrl36lpsbjcr7a"; + version = "6.17.5"; + kernelHash = "19spyyknps9dzb6mz5sk685a505hzqi144lqc0rdi6f9l5k72q4v"; + kernelPatchHash = "1fl72ykgj6bvcx7k6dx6g1v0fdka9m9nim5kj4cpnva6jyx2lgbv"; mm = lib.versions.majorMinor version; hasPatch = (builtins.length (builtins.splitVersion version)) == 3; From 84ddc3b6ec38fc27f04ec00904b852c99ee93ae5 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sat, 25 Oct 2025 18:50:01 +1100 Subject: [PATCH 163/363] user/rofi: switch to upstream rofi from wayland fork --- modules/user/rofi.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/user/rofi.nix b/modules/user/rofi.nix index 19e569e..1f11d06 100644 --- a/modules/user/rofi.nix +++ b/modules/user/rofi.nix @@ -16,7 +16,6 @@ let in { programs.rofi = { enable = true; - package = pkgs.rofi-wayland; theme = "theme"; }; xdg.configFile."rofi/theme.rasi".source = theme; From 03bfa7da93aeba903aa721d094c810e6109601a3 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sat, 25 Oct 2025 18:50:34 +1100 Subject: [PATCH 164/363] system/greed: greetd.tuigreet -> tuigreet --- modules/system/greetd.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/greetd.nix b/modules/system/greetd.nix index ad4a2d6..f220847 100644 --- a/modules/system/greetd.nix +++ b/modules/system/greetd.nix @@ -3,7 +3,7 @@ enable = true; settings = { default_session = { - command = "${pkgs.greetd.tuigreet}/bin/tuigreet --remember --asterisks --time --cmd 'zsh -c \"source $HOME/.config/zsh/.zshrc && Hyprland > $XDG_RUNTIME_DIR/Hyprland.out\"'"; + command = "${pkgs.tuigreet}/bin/tuigreet --remember --asterisks --time --cmd 'zsh -c \"source $HOME/.config/zsh/.zshrc && Hyprland > $XDG_RUNTIME_DIR/Hyprland.out\"'"; user = "greeter"; }; From 6d356be1f0502e29f72a4908a41665784648ffb3 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sat, 25 Oct 2025 18:53:12 +1100 Subject: [PATCH 165/363] services/nginx: acme.email -> acme.defaults.email --- modules/services/nginx.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/services/nginx.nix b/modules/services/nginx.nix index be8adaf..10a2d84 100644 --- a/modules/services/nginx.nix +++ b/modules/services/nginx.nix @@ -2,7 +2,7 @@ networking.firewall.allowedTCPPorts = [ 80 443 ]; security.acme = { acceptTerms = true; - email = "me@lava.moe"; + defaults.email = "me@lava.moe"; certs."lava.moe" = { group = "nginx"; domain = "lava.moe"; From 892f9bfe73a5b9f05668e5f026a8baf1adb15bd4 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sat, 25 Oct 2025 18:54:03 +1100 Subject: [PATCH 166/363] hosts/hazel: hardware.opengl -> hardware.graphics --- hosts/hazel/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/hazel/default.nix b/hosts/hazel/default.nix index 7e22154..cd568c3 100644 --- a/hosts/hazel/default.nix +++ b/hosts/hazel/default.nix @@ -73,7 +73,7 @@ in }; users.users.immich.extraGroups = [ "video" "render" ]; - hardware.opengl.enable = true; + hardware.graphics.enable = true; services.nginx.virtualHosts."photos.lava.moe" = { enableACME = true; forceSSL = true; From 45a8eadeda1bf5a90eb7e24e1bf448500fe00d4c Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Mon, 3 Nov 2025 13:43:06 +1100 Subject: [PATCH 167/363] user/neovim: migrate to new lsp config syntax --- res/config.lua | 75 +++++++++++++++++++++++++++----------------------- 1 file changed, 40 insertions(+), 35 deletions(-) diff --git a/res/config.lua b/res/config.lua index 55b991e..97fa58f 100644 --- a/res/config.lua +++ b/res/config.lua @@ -124,32 +124,37 @@ end vim.cmd('au FileType javascript setlocal indentexpr=v:lua.javascript_indent()') -- LSP -local nvim_lsp = require('lspconfig') +vim.api.nvim_create_autocmd("LspAttach", { + callback = function(args) + local client = vim.lsp.get_client_by_id(args.data.client_id) + if not client then + return + end -local on_attach = function(client, bufnr) - local function buf_set_keymap(...) vim.api.nvim_buf_set_keymap(bufnr, ...) end - local function buf_set_option(...) vim.api.nvim_buf_set_option(bufnr, ...) end + local function buf_set_keymap(...) vim.api.nvim_buf_set_keymap(args.buf, ...) end + local function buf_set_option(...) vim.api.nvim_buf_set_option(args.buf, ...) end - local opts = { noremap = true, silent = true } + local opts = { noremap = true, silent = true } - buf_set_keymap('n', 'gD', 'lua vim.lsp.buf.declaration()', opts) - buf_set_keymap('n', 'gd', 'lua vim.lsp.buf.definition()', opts) - buf_set_keymap('n', 'K', 'lua vim.lsp.buf.hover()', opts) - buf_set_keymap('n', 'gi', 'lua vim.lsp.buf.implementation()', opts) - buf_set_keymap('n', '', 'lua vim.lsp.buf.signature_help()', opts) - buf_set_keymap('n', 'wa', 'lua vim.lsp.buf.add_workspace_folder()', opts) - buf_set_keymap('n', 'wr', 'lua vim.lsp.buf.remove_workspace_folder()', opts) - buf_set_keymap('n', 'wl', 'lua print(vim.inspect(vim.lsp.buf.list_workspace_folders()))', opts) - buf_set_keymap('n', 'D', 'lua vim.lsp.buf.type_definition()', opts) - buf_set_keymap('n', 'rn', 'lua vim.lsp.buf.rename()', opts) - buf_set_keymap('n', 'ca', 'lua vim.lsp.buf.code_action()', opts) - buf_set_keymap('n', 'gr', 'lua vim.lsp.buf.references()', opts) - buf_set_keymap('n', 'e', 'lua vim.diagnostic.open_float(0, { scope = "line" })', opts) - buf_set_keymap('n', '[d', 'lua vim.lsp.diagnostic.goto_prev()', opts) - buf_set_keymap('n', ']d', 'lua vim.lsp.diagnostic.goto_next()', opts) - buf_set_keymap('n', 'q', 'lua vim.lsp.diagnostic.set_loclist()', opts) - buf_set_keymap('n', 'f', 'lua vim.lsp.buf.formatting()', opts) -end + buf_set_keymap('n', 'gD', 'lua vim.lsp.buf.declaration()', opts) + buf_set_keymap('n', 'gd', 'lua vim.lsp.buf.definition()', opts) + buf_set_keymap('n', 'K', 'lua vim.lsp.buf.hover()', opts) + buf_set_keymap('n', 'gi', 'lua vim.lsp.buf.implementation()', opts) + buf_set_keymap('n', '', 'lua vim.lsp.buf.signature_help()', opts) + buf_set_keymap('n', 'wa', 'lua vim.lsp.buf.add_workspace_folder()', opts) + buf_set_keymap('n', 'wr', 'lua vim.lsp.buf.remove_workspace_folder()', opts) + buf_set_keymap('n', 'wl', 'lua print(vim.inspect(vim.lsp.buf.list_workspace_folders()))', opts) + buf_set_keymap('n', 'D', 'lua vim.lsp.buf.type_definition()', opts) + buf_set_keymap('n', 'rn', 'lua vim.lsp.buf.rename()', opts) + buf_set_keymap('n', 'ca', 'lua vim.lsp.buf.code_action()', opts) + buf_set_keymap('n', 'gr', 'lua vim.lsp.buf.references()', opts) + buf_set_keymap('n', 'e', 'lua vim.diagnostic.open_float(0, { scope = "line" })', opts) + buf_set_keymap('n', '[d', 'lua vim.lsp.diagnostic.goto_prev()', opts) + buf_set_keymap('n', ']d', 'lua vim.lsp.diagnostic.goto_next()', opts) + buf_set_keymap('n', 'q', 'lua vim.lsp.diagnostic.set_loclist()', opts) + buf_set_keymap('n', 'f', 'lua vim.lsp.buf.formatting()', opts) + end +}) vim.lsp.handlers["textDocument/publishDiagnostics"] = vim.lsp.with( vim.lsp.diagnostic.on_publish_diagnostics, { @@ -164,17 +169,15 @@ vim.lsp.handlers["textDocument/signatureHelp"] = vim.lsp.with( vim.lsp.handlers.signature_help, { focusable = false } ) -local capabilities = vim.lsp.protocol.make_client_capabilities() -capabilities.textDocument.completion.completionItem.snippetSupport = true capabilities = require('cmp_nvim_lsp').default_capabilities(capabilities) local servers = { 'astro', 'clangd', 'cssls', 'html', 'nil_ls', 'tailwindcss', 'texlab', 'ts_ls', 'yamlls' } for _, lsp in ipairs(servers) do - nvim_lsp[lsp].setup { + vim.lsp.config(lsp, { capabilities = capabilities, - on_attach = on_attach, flags = { debounce_text_changes = 150 } - } + }) + vim.lsp.enable(lsp) end -- nvim-cmp @@ -224,15 +227,16 @@ cmp.setup { -- LSP/Omnisharp local pid = vim.fn.getpid() -nvim_lsp.omnisharp.setup { +vim.lsp.config("omnisharp", { capabilities = capabilities, on_attach = on_attach, flags = { debounce_text_changes = 150 }, cmd = { "{{OMNISHARP_PATH}}", "--languageserver", "--hostPID", tostring(pid) } -} +}) +vim.lsp.enable("omnisharp") -- LSP/rust_analyzer -nvim_lsp.rust_analyzer.setup { +vim.lsp.config("rust_analyzer", { capabilities = capabilities, on_attach = on_attach, flags = { debounce_text_changes = 150 }, @@ -249,11 +253,11 @@ nvim_lsp.rust_analyzer.setup { } } } -} - +}) +vim.lsp.enable("rust_analyzer") -- LSP/Diagnostics -nvim_lsp.diagnosticls.setup { +vim.lsp.config("diagnosticls", { capabilities = capabilities, on_attach = on_attach, flags = { debounce_text_changes = 150 }, @@ -289,7 +293,8 @@ nvim_lsp.diagnosticls.setup { vue = 'eslint' } } -} +}) +vim.lsp.enable("diagnosticls") -- LSP/Signatures require("lsp_signature").setup { From b4e6a9bc049556559301a5067e1a1c7289d8af0d Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Fri, 21 Nov 2025 22:43:33 +1100 Subject: [PATCH 168/363] flake: bump inputs --- flake.lock | 241 +++++++++++++---------------------------------------- 1 file changed, 57 insertions(+), 184 deletions(-) diff --git a/flake.lock b/flake.lock index ff2042e..2b37612 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1759319421, - "narHash": "sha256-45yE92tDGtCX/vdyUuD3ckCqyZ3pwP0yrTorjvL80fc=", + "lastModified": 1762958586, + "narHash": "sha256-1MryKS54NVQld+xDvCN0OBmAC8Jk+HmplqWbuerrhlk=", "owner": "ezKEa", "repo": "aagl-gtk-on-nix", - "rev": "37bf87881ae7a68bccdd383fef345c748a23d3b7", + "rev": "0d212e20bebe63b49b588323d37c0cc46bd7000f", "type": "github" }, "original": { @@ -30,11 +30,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1760836749, + "lastModified": 1762618334, "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", "owner": "ryantm", "repo": "agenix", - "rev": "2f0f812f69f3eb4140157fe15e12739adf82e32a", + "rev": "fcdea223397448d35d9b31f798479227e80183f6", "type": "github" }, "original": { @@ -155,43 +155,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "lastModified": 1761588595, + "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=", "owner": "edolstra", "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_2": { - "flake": false, - "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_3": { - "flake": false, - "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5", "type": "github" }, "original": { @@ -208,11 +176,11 @@ ] }, "locked": { - "lastModified": 1760948891, - "narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=", + "lastModified": 1762980239, + "narHash": "sha256-8oNVE8TrD19ulHinjaqONf9QWCKK+w4url56cdStMpM=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "864599284fc7c0ba6357ed89ed5e2cd5040f0c04", + "rev": "52a2caecc898d0b46b2b905f058ccc5081f842da", "type": "github" }, "original": { @@ -226,11 +194,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1760813311, - "narHash": "sha256-lbHQ7FXGzt6/IygWvJ1lCq+Txcut3xYYd6VIpF1ojkg=", + "lastModified": 1762980239, + "narHash": "sha256-8oNVE8TrD19ulHinjaqONf9QWCKK+w4url56cdStMpM=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "4e627ac2e1b8f1de7f5090064242de9a259dbbc8", + "rev": "52a2caecc898d0b46b2b905f058ccc5081f842da", "type": "github" }, "original": { @@ -257,76 +225,6 @@ "type": "github" } }, - "git-hooks": { - "inputs": { - "flake-compat": "flake-compat_3", - "gitignore": "gitignore", - "nixpkgs": [ - "neovim-nightly", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1760663237, - "narHash": "sha256-BflA6U4AM1bzuRMR8QqzPXqh8sWVCNDzOdsxXEguJIc=", - "owner": "cachix", - "repo": "git-hooks.nix", - "rev": "ca5b894d3e3e151ffc1db040b6ce4dcc75d31c37", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "git-hooks.nix", - "type": "github" - } - }, - "gitignore": { - "inputs": { - "nixpkgs": [ - "neovim-nightly", - "git-hooks", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1709087332, - "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", - "owner": "hercules-ci", - "repo": "gitignore.nix", - "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "gitignore.nix", - "type": "github" - } - }, - "hercules-ci-effects": { - "inputs": { - "flake-parts": [ - "neovim-nightly", - "flake-parts" - ], - "nixpkgs": [ - "neovim-nightly", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1761230615, - "narHash": "sha256-pLE7U5gOtlA/2wbKCsVRYf5DqMQ5TWBCrCfZGytDDeo=", - "owner": "hercules-ci", - "repo": "hercules-ci-effects", - "rev": "7db2b867219a26781437d840ce457b75b7645154", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "hercules-ci-effects", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -419,11 +317,11 @@ ] }, "locked": { - "lastModified": 1761344779, - "narHash": "sha256-6LNSptFYhiAd0M/maJoixJw7V0Kp5BSoMRtIahcfu3M=", + "lastModified": 1763416652, + "narHash": "sha256-8EBEEvtzQ11LCxpQHMNEBQAGtQiCu/pqP9zSovDSbNM=", "owner": "nix-community", "repo": "home-manager", - "rev": "c644cb018f9fdec55f5ac2afb4713a8c7beb757c", + "rev": "ea164b7c9ccdc2321379c2ff78fd4317b4c41312", "type": "github" }, "original": { @@ -463,11 +361,11 @@ "linux-tkg": { "flake": false, "locked": { - "lastModified": 1761271248, - "narHash": "sha256-x90r+HsgZ9z47LoFW6lz+NDX0BqLRSXqc/U0ab1uCUY=", + "lastModified": 1763432202, + "narHash": "sha256-6eGh8gEh2Ch3cjpb0Vet2TldlXKvhkI8gkde6sabP3U=", "owner": "Frogging-Family", "repo": "linux-tkg", - "rev": "7870dc8a170d975ac31f5814d645f1c1757a8798", + "rev": "9b47ccaef1f98d1e5c0d48b9429442ae6894c191", "type": "github" }, "original": { @@ -478,22 +376,18 @@ }, "neovim-nightly": { "inputs": { - "flake-compat": "flake-compat_2", "flake-parts": "flake-parts", - "git-hooks": "git-hooks", - "hercules-ci-effects": "hercules-ci-effects", "neovim-src": "neovim-src", "nixpkgs": [ "nixpkgs" - ], - "treefmt-nix": "treefmt-nix" + ] }, "locked": { - "lastModified": 1761350724, - "narHash": "sha256-ogJgZWLclKE10H7xw+jBjmnhg8U/2OpJZTaIulMr7Rw=", + "lastModified": 1763683496, + "narHash": "sha256-k20voxbsi+899PeXlvWpKU5tcgNYfNqC52rgrh+MOto=", "owner": "nix-community", "repo": "neovim-nightly-overlay", - "rev": "cd02956a1f6376f524a10b94893bc9408b476322", + "rev": "1ddc8e956c8165df29735202b76bb0cfa827916d", "type": "github" }, "original": { @@ -505,11 +399,11 @@ "neovim-src": { "flake": false, "locked": { - "lastModified": 1761346084, - "narHash": "sha256-bhbEqOGNBD52bb5ZUXyd/Ua67hCpzgidOjkWOwJO1iw=", + "lastModified": 1763682595, + "narHash": "sha256-/dUf5I0DyLvPgFzjJj0/lUHKZ2M1sVlbYCgudDabxIo=", "owner": "neovim", "repo": "neovim", - "rev": "520568f40f22d77e623ddda77cf751031774384b", + "rev": "a8b9660ca3452a27b68bf914f618df2d78b64180", "type": "github" }, "original": { @@ -524,11 +418,11 @@ "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1761184286, - "narHash": "sha256-yK/XQSwkOlgljcxNhlu08Zyp96DzF4eIU1leyWjyNZE=", + "lastModified": 1763517349, + "narHash": "sha256-QgAbzE/1imXSQX8ZlLgxV/eCzl0aAr+UZRVKBWDS138=", "owner": "fufexan", "repo": "nix-gaming", - "rev": "8ac5469d67b8c197832575db87f6bde38032a947", + "rev": "b13a918dae392cd84191c55448ecd7ffca6cf7d0", "type": "github" }, "original": { @@ -539,11 +433,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1759036355, - "narHash": "sha256-0m27AKv6ka+q270dw48KflE0LwQYrO7Fm4/2//KCVWg=", + "lastModified": 1761672384, + "narHash": "sha256-o9KF3DJL7g7iYMZq9SWgfS1BFlNbsm6xplRjVlOCkXI=", "owner": "nixos", "repo": "nixpkgs", - "rev": "e9f00bd893984bc8ce46c895c3bf7cac95331127", + "rev": "08dacfca559e1d7da38f3cf05f1f45ee9bfd213c", "type": "github" }, "original": { @@ -555,11 +449,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1754788789, - "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=", + "lastModified": 1761765539, + "narHash": "sha256-b0yj6kfvO8ApcSE+QmA6mUfu8IYG6/uU28OFn4PaC8M=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "a73b9c743612e4244d865a2fdee11865283c04e6", + "rev": "719359f4562934ae99f5443f20aa06c2ffff91fc", "type": "github" }, "original": { @@ -586,11 +480,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1761346166, - "narHash": "sha256-bJvQiPY1dnu3lTV7w61n4Opx6kcRcU6egJovDV+6/H4=", + "lastModified": 1763682598, + "narHash": "sha256-1vlouRdKg6PF8dzTbiT1BB+VwLGkaVUgrDt9NKoiisY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "810ffa7c371a24bdc286cdf322e1ebcf4b196b6b", + "rev": "70fca9810d7049ec65e7aae5b885d7bde224f966", "type": "github" }, "original": { @@ -618,11 +512,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1760596604, - "narHash": "sha256-J/i5K6AAz/y5dBePHQOuzC7MbhyTOKsd/GLezSbEFiM=", + "lastModified": 1763312402, + "narHash": "sha256-3YJkOBrFpmcusnh7i8GXXEyh7qZG/8F5z5+717550Hk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3cbe716e2346710d6e1f7c559363d14e11c32a43", + "rev": "85a6c4a07faa12aaccd81b36ba9bfc2bec974fa1", "type": "github" }, "original": { @@ -634,11 +528,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1761114652, - "narHash": "sha256-f/QCJM/YhrV/lavyCVz8iU3rlZun6d+dAiC3H+CDle4=", + "lastModified": 1763421233, + "narHash": "sha256-Stk9ZYRkGrnnpyJ4eqt9eQtdFWRRIvMxpNRf4sIegnw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "01f116e4df6a15f4ccdffb1bcd41096869fb385c", + "rev": "89c2b2330e733d6cdb5eae7b899326930c2c0648", "type": "github" }, "original": { @@ -690,11 +584,11 @@ "pure": { "flake": false, "locked": { - "lastModified": 1760326343, - "narHash": "sha256-LfrZUv0UMVyygPd1RAv2EIWEvds2n0iEG8G2q7h5izM=", + "lastModified": 1763198167, + "narHash": "sha256-AZSxP2g6BWoxyiSQH7yzbbbfGcwD8jgnXPPfcYwJUL0=", "owner": "sindresorhus", "repo": "pure", - "rev": "58fe1ac501df94f5458b8c7d08fbea8e5bd86426", + "rev": "54bd501c802283dee0940457da6eb3e642bd1453", "type": "github" }, "original": { @@ -734,11 +628,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1759199574, - "narHash": "sha256-w24RYly3VSVKp98rVfCI1nFYfQ0VoWmShtKPCbXgK6A=", + "lastModified": 1761791894, + "narHash": "sha256-myRIDh+PxaREz+z9LzbqBJF+SnTFJwkthKDX9zMyddY=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "381776b12d0d125edd7c1930c2041a1471e586c0", + "rev": "59c45eb69d9222a4362673141e00ff77842cd219", "type": "github" }, "original": { @@ -755,11 +649,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1760848035, - "narHash": "sha256-H3MFH8+i4wFagkebtHPcosQdkmxQ4a6fl1lMbLb+RkA=", + "lastModified": 1763267524, + "narHash": "sha256-CywB4iCpGr4CYZAD+WboFwBQ7Wnc7LdfSemFWuH/1Ro=", "owner": "Gerg-L", "repo": "spicetify-nix", - "rev": "cde9f78ae705343a38f5d1d19ab34858b5e9caa9", + "rev": "cf33e39bd1a21993a28ffee8be433e212ecf346a", "type": "github" }, "original": { @@ -787,11 +681,11 @@ "stevenblack-hosts": { "flake": false, "locked": { - "lastModified": 1760670453, - "narHash": "sha256-KQx4CWPfKBJwuBONYSE7AIKa7UBXBvtNVcrOmkPrjkY=", + "lastModified": 1763488188, + "narHash": "sha256-sJ6JT8GSmUUUAi8Ylhp6vE6OKmQxNfHye0FiJbZwoo4=", "owner": "StevenBlack", "repo": "hosts", - "rev": "5da10a61afc297307c489903bfc35b1eb8dac674", + "rev": "c66c4aa05a95669943eb3b8f68ba3d359825c4b9", "type": "github" }, "original": { @@ -861,27 +755,6 @@ "type": "gitlab" } }, - "treefmt-nix": { - "inputs": { - "nixpkgs": [ - "neovim-nightly", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1761311587, - "narHash": "sha256-Msq86cR5SjozQGCnC6H8C+0cD4rnx91BPltZ9KK613Y=", - "owner": "numtide", - "repo": "treefmt-nix", - "rev": "2eddae033e4e74bf581c2d1dfa101f9033dbd2dc", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "treefmt-nix", - "type": "github" - } - }, "website": { "flake": false, "locked": { From 8ae384686ca64255d8ca8829ee579fcf9603dc37 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Fri, 21 Nov 2025 22:43:43 +1100 Subject: [PATCH 169/363] packages/linux-lava: bump to 6.17.8 --- packages/linux-lava/sources.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/linux-lava/sources.nix b/packages/linux-lava/sources.nix index 5e16c02..44a30ee 100644 --- a/packages/linux-lava/sources.nix +++ b/packages/linux-lava/sources.nix @@ -1,8 +1,8 @@ { fetchFromGitHub, inputs, lib }: let - version = "6.17.5"; + version = "6.17.8"; kernelHash = "19spyyknps9dzb6mz5sk685a505hzqi144lqc0rdi6f9l5k72q4v"; - kernelPatchHash = "1fl72ykgj6bvcx7k6dx6g1v0fdka9m9nim5kj4cpnva6jyx2lgbv"; + kernelPatchHash = "0f1apr8wrsddik48mwsfq8d22x9019f1b023gvdzkpn2s58ja74n"; mm = lib.versions.majorMinor version; hasPatch = (builtins.length (builtins.splitVersion version)) == 3; From c5dd3e4f5e5a19f75acef2c01fa23f2a6cfac926 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Fri, 21 Nov 2025 23:14:31 +1100 Subject: [PATCH 170/363] treewide: change deprecated and renamed option and package names --- hosts/hyacinth/kernel.nix | 4 ++++ modules/system/corectrl.nix | 4 ---- modules/system/gui.nix | 1 - modules/system/packages-gui.nix | 4 ++-- modules/user/direnv.nix | 2 +- modules/user/git.nix | 6 +++--- modules/user/gpg.nix | 2 +- modules/user/zsh.nix | 2 +- users/rin/packages.nix | 2 +- 9 files changed, 13 insertions(+), 14 deletions(-) diff --git a/hosts/hyacinth/kernel.nix b/hosts/hyacinth/kernel.nix index 3e2d8d1..f410014 100644 --- a/hosts/hyacinth/kernel.nix +++ b/hosts/hyacinth/kernel.nix @@ -13,4 +13,8 @@ ]; kernelPackages = lib.mkForce (pkgs.linuxPackagesFor pkgs.me.linux-lava); }; + hardware.amdgpu.overdrive = { + enable = true; + ppfeaturemask = "0xffffffff"; + }; } diff --git a/modules/system/corectrl.nix b/modules/system/corectrl.nix index c2ec98d..6f6ca01 100644 --- a/modules/system/corectrl.nix +++ b/modules/system/corectrl.nix @@ -1,9 +1,5 @@ { ... }: { programs.corectrl = { enable = true; - gpuOverclock = { - enable = true; - ppfeaturemask = "0xffffffff"; - }; }; } diff --git a/modules/system/gui.nix b/modules/system/gui.nix index e9443ab..7028dac 100644 --- a/modules/system/gui.nix +++ b/modules/system/gui.nix @@ -15,7 +15,6 @@ hanazono noto-fonts noto-fonts-cjk-sans - noto-fonts-extra open-sans twemoji-color-font unifont diff --git a/modules/system/packages-gui.nix b/modules/system/packages-gui.nix index 9e6e946..78e778b 100644 --- a/modules/system/packages-gui.nix +++ b/modules/system/packages-gui.nix @@ -6,8 +6,8 @@ ]; programs.adb.enable = true; hardware.graphics.extraPackages = with pkgs; [ - vaapiIntel - vaapiVdpau + intel-vaapi-driver + libva-vdpau-driver libvdpau-va-gl ]; programs.light.enable = true; diff --git a/modules/user/direnv.nix b/modules/user/direnv.nix index 3f54b94..2329800 100644 --- a/modules/user/direnv.nix +++ b/modules/user/direnv.nix @@ -5,7 +5,7 @@ enable = true; }; }; - programs.git.extraConfig.core.excludesFile = ".envrc"; + programs.git.settings.core.excludesFile = ".envrc"; # We can't use .source since hm manages this file too xdg.configFile."direnv/direnvrc".text = builtins.readFile ../../res/direnvrc; home.activation = { diff --git a/modules/user/git.nix b/modules/user/git.nix index 16a2cdd..adadf7e 100644 --- a/modules/user/git.nix +++ b/modules/user/git.nix @@ -1,13 +1,13 @@ { ... }: { programs.git = { enable = true; - userName = "Cilly Leang"; - userEmail = "me@lava.moe"; signing = { key = "059F098EBF0E9A13E10A46BF6500251E087653C9"; signByDefault = true; }; - extraConfig = { + settings = { + user.name = "Cilly Leang"; + user.email = "me@lava.moe"; core.abbrev = 11; safe.directory = "/home/rin/Projects/flakes"; }; diff --git a/modules/user/gpg.nix b/modules/user/gpg.nix index 768c5d9..dba731f 100644 --- a/modules/user/gpg.nix +++ b/modules/user/gpg.nix @@ -5,6 +5,6 @@ }; services.gpg-agent = { enable = true; - pinentryPackage = pkgs.pinentry-gnome3; + pinentry.package = pkgs.pinentry-gnome3; }; } diff --git a/modules/user/zsh.nix b/modules/user/zsh.nix index 54533b9..3fefce6 100644 --- a/modules/user/zsh.nix +++ b/modules/user/zsh.nix @@ -104,7 +104,7 @@ in { programs.command-not-found.enable = true; programs.zsh = { enable = true; - dotDir = ".config/zsh"; + dotDir = "${config.xdg.configHome}/zsh"; autocd = true; defaultKeymap = "viins"; diff --git a/users/rin/packages.nix b/users/rin/packages.nix index 2299028..6e4d84a 100644 --- a/users/rin/packages.nix +++ b/users/rin/packages.nix @@ -57,7 +57,7 @@ in { swaybg (tetrio-desktop.override { withTetrioPlus = true; }) texliveFull - tor-browser-bundle-bin + tor-browser transmission-remote-gtk vesktop virt-manager From 4bd188cc644fc96e2ad4afdd4a99520091c7aa4f Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Fri, 21 Nov 2025 23:15:01 +1100 Subject: [PATCH 171/363] workflows/cachix: bump cachix action fixes a bug where the latest store path doesn't get pushed (so all the kernel builds never gets pushed) --- .github/workflows/cachix.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cachix.yml b/.github/workflows/cachix.yml index c8745d2..2a4d902 100644 --- a/.github/workflows/cachix.yml +++ b/.github/workflows/cachix.yml @@ -17,7 +17,7 @@ jobs: env: GIT_CRYPT_KEY: ${{ secrets.GIT_CRYPT_KEY }} - uses: cachix/install-nix-action@v31 - - uses: cachix/cachix-action@v14 + - uses: cachix/cachix-action@v16 with: name: lava authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' @@ -42,7 +42,7 @@ jobs: with: fetch-depth: 0 - uses: cachix/install-nix-action@v31 - - uses: cachix/cachix-action@v14 + - uses: cachix/cachix-action@v16 with: name: lava authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' From 57afed24ed3f14e937e9c090b911e3870fa61a98 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Thu, 29 Jan 2026 00:37:01 +1100 Subject: [PATCH 172/363] anemone/kernel: disable swapfile and hibernation --- hosts/anemone/kernel.nix | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/hosts/anemone/kernel.nix b/hosts/anemone/kernel.nix index cbee34c..d959b37 100644 --- a/hosts/anemone/kernel.nix +++ b/hosts/anemone/kernel.nix @@ -23,14 +23,14 @@ ]; }; - swapDevices = [{ - device = "/persist/swapfile"; - size = 16 * 1024; - }]; - - systemd.sleep.extraConfig = '' - HibernateMode=shutdown - ''; + # swapDevices = [{ + # device = "/persist/swapfile"; + # size = 16 * 1024; + # }]; + # + # systemd.sleep.extraConfig = '' + # HibernateMode=shutdown + # ''; /* services.logind.lidSwitch = "suspend-then-hibernate"; systemd.sleep.extraConfig = '' From 58efa5527ce2fb5b07a3e4e2dae146c8910ee6aa Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Tue, 3 Feb 2026 23:18:45 +1100 Subject: [PATCH 173/363] user/git: update git email --- modules/user/git.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/user/git.nix b/modules/user/git.nix index adadf7e..6c21f20 100644 --- a/modules/user/git.nix +++ b/modules/user/git.nix @@ -7,7 +7,7 @@ }; settings = { user.name = "Cilly Leang"; - user.email = "me@lava.moe"; + user.email = "mini@cilly.moe"; core.abbrev = 11; safe.directory = "/home/rin/Projects/flakes"; }; From 3af1ad12fda037274587baafd44991f687320531 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sat, 22 Nov 2025 15:37:16 +1100 Subject: [PATCH 174/363] system/nix: add nh --- modules/system/nix.nix | 1 + users/rin/default.nix | 1 + 2 files changed, 2 insertions(+) diff --git a/modules/system/nix.nix b/modules/system/nix.nix index e520205..ba671aa 100644 --- a/modules/system/nix.nix +++ b/modules/system/nix.nix @@ -23,5 +23,6 @@ ''; }; nixpkgs.config.allowUnfree = true; + programs.nh.enable = true; system.rebuild.enableNg = true; } diff --git a/users/rin/default.nix b/users/rin/default.nix index 3737b18..e8d6f5c 100644 --- a/users/rin/default.nix +++ b/users/rin/default.nix @@ -1,4 +1,5 @@ { config, modules, pkgs, ... }: { + programs.nh.flake = "/home/rin/Projects/flakes"; programs.zsh.enable = true; users.users.rin = { isNormalUser = true; From bcbebb0d46e956d0eeb556397e998486b2ba497c Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 6 Feb 2026 02:31:34 +0000 Subject: [PATCH 175/363] flake: bump inputs --- flake.lock | 134 ++++++++++++++++++++++++++--------------------------- 1 file changed, 67 insertions(+), 67 deletions(-) diff --git a/flake.lock b/flake.lock index 2b37612..ec50bf4 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1762958586, - "narHash": "sha256-1MryKS54NVQld+xDvCN0OBmAC8Jk+HmplqWbuerrhlk=", + "lastModified": 1770327417, + "narHash": "sha256-WNS+wDUeqfegOXf5emDRnNs2bPiJ7rhdARo4jyd3+Yw=", "owner": "ezKEa", "repo": "aagl-gtk-on-nix", - "rev": "0d212e20bebe63b49b588323d37c0cc46bd7000f", + "rev": "26670347cca9feddb31e075d23b474149d8902e1", "type": "github" }, "original": { @@ -30,11 +30,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1762618334, - "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", + "lastModified": 1770165109, + "narHash": "sha256-9VnK6Oqai65puVJ4WYtCTvlJeXxMzAp/69HhQuTdl/I=", "owner": "ryantm", "repo": "agenix", - "rev": "fcdea223397448d35d9b31f798479227e80183f6", + "rev": "b027ee29d959fda4b60b57566d64c98a202e0feb", "type": "github" }, "original": { @@ -176,11 +176,11 @@ ] }, "locked": { - "lastModified": 1762980239, - "narHash": "sha256-8oNVE8TrD19ulHinjaqONf9QWCKK+w4url56cdStMpM=", + "lastModified": 1769996383, + "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "52a2caecc898d0b46b2b905f058ccc5081f842da", + "rev": "57928607ea566b5db3ad13af0e57e921e6b12381", "type": "github" }, "original": { @@ -194,11 +194,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1762980239, - "narHash": "sha256-8oNVE8TrD19ulHinjaqONf9QWCKK+w4url56cdStMpM=", + "lastModified": 1768135262, + "narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "52a2caecc898d0b46b2b905f058ccc5081f842da", + "rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac", "type": "github" }, "original": { @@ -275,11 +275,11 @@ ] }, "locked": { - "lastModified": 1758463745, - "narHash": "sha256-uhzsV0Q0I9j2y/rfweWeGif5AWe0MGrgZ/3TjpDYdGA=", + "lastModified": 1763992789, + "narHash": "sha256-WHkdBlw6oyxXIra/vQPYLtqY+3G8dUVZM8bEXk0t8x4=", "owner": "nix-community", "repo": "home-manager", - "rev": "3b955f5f0a942f9f60cdc9cacb7844335d0f21c3", + "rev": "44831a7eaba4360fb81f2acc5ea6de5fde90aaa3", "type": "github" }, "original": { @@ -317,11 +317,11 @@ ] }, "locked": { - "lastModified": 1763416652, - "narHash": "sha256-8EBEEvtzQ11LCxpQHMNEBQAGtQiCu/pqP9zSovDSbNM=", + "lastModified": 1770318660, + "narHash": "sha256-yFVde8QZK7Dc0Xa8eQDsmxLX4NJNfL1NKfctSyiQgMY=", "owner": "nix-community", "repo": "home-manager", - "rev": "ea164b7c9ccdc2321379c2ff78fd4317b4c41312", + "rev": "471e6a065f9efed51488d7c51a9abbd387df91b8", "type": "github" }, "original": { @@ -361,11 +361,11 @@ "linux-tkg": { "flake": false, "locked": { - "lastModified": 1763432202, - "narHash": "sha256-6eGh8gEh2Ch3cjpb0Vet2TldlXKvhkI8gkde6sabP3U=", + "lastModified": 1770227718, + "narHash": "sha256-Z6KOxPD/ZesQ85SknAHAYBwro17KSSm0nRxcIJ5/vuE=", "owner": "Frogging-Family", "repo": "linux-tkg", - "rev": "9b47ccaef1f98d1e5c0d48b9429442ae6894c191", + "rev": "90ad8407cefc81a44571043c5d7e7717ea07a19a", "type": "github" }, "original": { @@ -383,11 +383,11 @@ ] }, "locked": { - "lastModified": 1763683496, - "narHash": "sha256-k20voxbsi+899PeXlvWpKU5tcgNYfNqC52rgrh+MOto=", + "lastModified": 1770336287, + "narHash": "sha256-czvrg8uyf2VWRmbobsthTAIJCg1GH4mEekyW01AvHco=", "owner": "nix-community", "repo": "neovim-nightly-overlay", - "rev": "1ddc8e956c8165df29735202b76bb0cfa827916d", + "rev": "1cd999cdf20536ac6a6d1aa17ba0242eefd2312b", "type": "github" }, "original": { @@ -399,11 +399,11 @@ "neovim-src": { "flake": false, "locked": { - "lastModified": 1763682595, - "narHash": "sha256-/dUf5I0DyLvPgFzjJj0/lUHKZ2M1sVlbYCgudDabxIo=", + "lastModified": 1770334851, + "narHash": "sha256-FvT3T0l8eNr1Hv+D1Sj1jM/2vLkonLxpadTk6gdYHAo=", "owner": "neovim", "repo": "neovim", - "rev": "a8b9660ca3452a27b68bf914f618df2d78b64180", + "rev": "db133879b2a115cdf982b2899f154f1851d59a60", "type": "github" }, "original": { @@ -418,11 +418,11 @@ "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1763517349, - "narHash": "sha256-QgAbzE/1imXSQX8ZlLgxV/eCzl0aAr+UZRVKBWDS138=", + "lastModified": 1769914377, + "narHash": "sha256-8wH3ZYNs36V0A3f/ikraqdoVE++BfnXg9Ql8nAuUkHw=", "owner": "fufexan", "repo": "nix-gaming", - "rev": "b13a918dae392cd84191c55448ecd7ffca6cf7d0", + "rev": "f7d17740ed90663b11ae907d33b3fed9fc9e15a9", "type": "github" }, "original": { @@ -433,11 +433,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1761672384, - "narHash": "sha256-o9KF3DJL7g7iYMZq9SWgfS1BFlNbsm6xplRjVlOCkXI=", + "lastModified": 1764242076, + "narHash": "sha256-sKoIWfnijJ0+9e4wRvIgm/HgE27bzwQxcEmo2J/gNpI=", "owner": "nixos", "repo": "nixpkgs", - "rev": "08dacfca559e1d7da38f3cf05f1f45ee9bfd213c", + "rev": "2fad6eac6077f03fe109c4d4eb171cf96791faa4", "type": "github" }, "original": { @@ -449,11 +449,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1761765539, - "narHash": "sha256-b0yj6kfvO8ApcSE+QmA6mUfu8IYG6/uU28OFn4PaC8M=", + "lastModified": 1765674936, + "narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "719359f4562934ae99f5443f20aa06c2ffff91fc", + "rev": "2075416fcb47225d9b68ac469a5c4801a9c4dd85", "type": "github" }, "original": { @@ -480,11 +480,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1763682598, - "narHash": "sha256-1vlouRdKg6PF8dzTbiT1BB+VwLGkaVUgrDt9NKoiisY=", + "lastModified": 1768649915, + "narHash": "sha256-jc21hKogFnxU7KXSVTRmxC7u5D4RHwm9BAvDf5/Z1Uo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "70fca9810d7049ec65e7aae5b885d7bde224f966", + "rev": "3e3f3c7f9977dc123c23ee21e8085ed63daf8c37", "type": "github" }, "original": { @@ -512,11 +512,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1763312402, - "narHash": "sha256-3YJkOBrFpmcusnh7i8GXXEyh7qZG/8F5z5+717550Hk=", + "lastModified": 1769740369, + "narHash": "sha256-xKPyJoMoXfXpDM5DFDZDsi9PHArf2k5BJjvReYXoFpM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "85a6c4a07faa12aaccd81b36ba9bfc2bec974fa1", + "rev": "6308c3b21396534d8aaeac46179c14c439a89b8a", "type": "github" }, "original": { @@ -528,11 +528,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1763421233, - "narHash": "sha256-Stk9ZYRkGrnnpyJ4eqt9eQtdFWRRIvMxpNRf4sIegnw=", + "lastModified": 1770197578, + "narHash": "sha256-AYqlWrX09+HvGs8zM6ebZ1pwUqjkfpnv8mewYwAo+iM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "89c2b2330e733d6cdb5eae7b899326930c2c0648", + "rev": "00c21e4c93d963c50d4c0c89bfa84ed6e0694df2", "type": "github" }, "original": { @@ -568,11 +568,11 @@ "nvim-treesitter": { "flake": false, "locked": { - "lastModified": 1748094813, - "narHash": "sha256-CVs9FTdg3oKtRjz2YqwkMr0W5qYLGfVyxyhE3qnGYbI=", + "lastModified": 1770279356, + "narHash": "sha256-NgocMrn3I4bJW37BtVvEYGkPraEC5TU/gb3ibJcG3wA=", "owner": "nvim-treesitter", "repo": "nvim-treesitter", - "rev": "42fc28ba918343ebfd5565147a42a26580579482", + "rev": "70a9fecaf5aeae70c765d4c51a8038165a91aa06", "type": "github" }, "original": { @@ -628,11 +628,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1761791894, - "narHash": "sha256-myRIDh+PxaREz+z9LzbqBJF+SnTFJwkthKDX9zMyddY=", + "lastModified": 1764470739, + "narHash": "sha256-sa9f81B1dWO16QtgDTWHX8DQbiHKzHndpaunY5EQtwE=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "59c45eb69d9222a4362673141e00ff77842cd219", + "rev": "3bfa664055e1a09c6aedab5533c5fc8d6ca5741a", "type": "github" }, "original": { @@ -649,11 +649,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1763267524, - "narHash": "sha256-CywB4iCpGr4CYZAD+WboFwBQ7Wnc7LdfSemFWuH/1Ro=", + "lastModified": 1769986820, + "narHash": "sha256-O9OQ44dk9TJdtRIG828DUI54XdkfZET7AlN1RgTsPis=", "owner": "Gerg-L", "repo": "spicetify-nix", - "rev": "cf33e39bd1a21993a28ffee8be433e212ecf346a", + "rev": "68de6434cfaa8983f3775b858b8b76e7c5dbd29c", "type": "github" }, "original": { @@ -681,11 +681,11 @@ "stevenblack-hosts": { "flake": false, "locked": { - "lastModified": 1763488188, - "narHash": "sha256-sJ6JT8GSmUUUAi8Ylhp6vE6OKmQxNfHye0FiJbZwoo4=", + "lastModified": 1770244988, + "narHash": "sha256-DT9HK9iYTmXUfjKcTxLRMZOeCLb9CAoFEpBiDpEku3g=", "owner": "StevenBlack", "repo": "hosts", - "rev": "c66c4aa05a95669943eb3b8f68ba3d359825c4b9", + "rev": "7ea67ed353b27e1dbe36363074d1b6c3ca6be46b", "type": "github" }, "original": { @@ -742,11 +742,11 @@ "tree-sitter-jsonc": { "flake": false, "locked": { - "lastModified": 1615145540, - "narHash": "sha256-iWc2ePRiQnZ0FEdMAaAwa3iYt/SY0bEjQrZyqE9EhlU=", + "lastModified": 1769637052, + "narHash": "sha256-V38tvBHJsSHJbj8QrMbt5hz2q8WLf4jtKsTiAo98/Vo=", "owner": "WhyNotHugo", "repo": "tree-sitter-jsonc", - "rev": "02b01653c8a1c198ae7287d566efa86a135b30d5", + "rev": "f7890ba894d885d1b2b721cfae759b07d53c8886", "type": "gitlab" }, "original": { @@ -791,11 +791,11 @@ "zsh-abbr": { "flake": false, "locked": { - "lastModified": 1755632519, - "narHash": "sha256-vu17UAainZDD+8y/t+vBdGUe2NTF5XZdnHy5T15pNUE=", + "lastModified": 1770340936, + "narHash": "sha256-AyJRQbMw4l4D/26WLNoysxtUmPdvSgdzE1HcldQ0GYY=", "ref": "refs/heads/main", - "rev": "13b34cdc29d8b22323fa2079193ea1529723747c", - "revCount": 1065, + "rev": "50988e246dab86bc5701932f64e9fe9b1df23cb9", + "revCount": 1124, "submodules": true, "type": "git", "url": "https://github.com/olets/zsh-abbr" @@ -809,11 +809,11 @@ "zsh-history-substring-search": { "flake": false, "locked": { - "lastModified": 1717563893, - "narHash": "sha256-1+w0AeVJtu1EK5iNVwk3loenFuIyVlQmlw8TWliHZGI=", + "lastModified": 1768499095, + "narHash": "sha256-KHujL1/TM5R3m4uQh2nGVC98D6MOyCgQpyFf+8gjKR0=", "owner": "zsh-users", "repo": "zsh-history-substring-search", - "rev": "87ce96b1862928d84b1afe7c173316614b30e301", + "rev": "14c8d2e0ffaee98f2df9850b19944f32546fdea5", "type": "github" }, "original": { From 0c882eb783b756d33aa7b971db2e745ce5c8dabc Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 6 Feb 2026 02:31:36 +0000 Subject: [PATCH 176/363] packages/linux-lava: bump to 6.18.8 --- packages/linux-lava/sources.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/linux-lava/sources.nix b/packages/linux-lava/sources.nix index 44a30ee..4b25d1e 100644 --- a/packages/linux-lava/sources.nix +++ b/packages/linux-lava/sources.nix @@ -1,8 +1,8 @@ { fetchFromGitHub, inputs, lib }: let - version = "6.17.8"; - kernelHash = "19spyyknps9dzb6mz5sk685a505hzqi144lqc0rdi6f9l5k72q4v"; - kernelPatchHash = "0f1apr8wrsddik48mwsfq8d22x9019f1b023gvdzkpn2s58ja74n"; + version = "6.18.8"; + kernelHash = "0jzdvk3xdai1xsq0739hmf8rapw15dw5inarfvqizqx9bmha81li"; + kernelPatchHash = "0zwjsig10xkdzr87l25z5ici6kakbjl8jl02ryrpj6xn31bk7vwz"; mm = lib.versions.majorMinor version; hasPatch = (builtins.length (builtins.splitVersion version)) == 3; From 0245b680ef2f22158eb6d2ce1e97bf6e7287fbd9 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Fri, 6 Feb 2026 21:16:08 +1100 Subject: [PATCH 177/363] system: remove deleted options --- modules/system/nix.nix | 1 - modules/system/packages-gui.nix | 4 ++-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/modules/system/nix.nix b/modules/system/nix.nix index ba671aa..6a6fd04 100644 --- a/modules/system/nix.nix +++ b/modules/system/nix.nix @@ -24,5 +24,4 @@ }; nixpkgs.config.allowUnfree = true; programs.nh.enable = true; - system.rebuild.enableNg = true; } diff --git a/modules/system/packages-gui.nix b/modules/system/packages-gui.nix index 78e778b..77eb510 100644 --- a/modules/system/packages-gui.nix +++ b/modules/system/packages-gui.nix @@ -1,10 +1,10 @@ { config, lib, pkgs, ... }: { config = lib.mkIf config.me.gui { environment.systemPackages = with pkgs; [ - gparted + android-tools + gparted nautilus ]; - programs.adb.enable = true; hardware.graphics.extraPackages = with pkgs; [ intel-vaapi-driver libva-vdpau-driver From c76de11041823c6bc7af903ff3084efed8d0d418 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Fri, 6 Feb 2026 21:19:54 +1100 Subject: [PATCH 178/363] user/mpv: update config after breaking change --- modules/user/mpv.nix | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/modules/user/mpv.nix b/modules/user/mpv.nix index 1b1899c..6ef3da4 100644 --- a/modules/user/mpv.nix +++ b/modules/user/mpv.nix @@ -1,8 +1,7 @@ -{ config, pkgs, ... }: { +{ pkgs, ... }: { programs.mpv = { enable = true; - package = pkgs.mpv-unwrapped.wrapper { - mpv = pkgs.mpv-unwrapped; + package = pkgs.mpv.override { youtubeSupport = true; scripts = [ pkgs.mpvScripts.mpris ]; }; From 2b9a772959b42fc3896f59c69511a554d569657c Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Fri, 6 Feb 2026 21:20:48 +1100 Subject: [PATCH 179/363] rin/packages: remove tetrio plus (marked as broken) --- users/rin/packages.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/users/rin/packages.nix b/users/rin/packages.nix index 6e4d84a..5715dd4 100644 --- a/users/rin/packages.nix +++ b/users/rin/packages.nix @@ -55,7 +55,7 @@ in { screenkey slurp swaybg - (tetrio-desktop.override { withTetrioPlus = true; }) + tetrio-desktop texliveFull tor-browser transmission-remote-gtk From adea95e039b8f1ee6cd38e7dc73fb863d6d2537c Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Fri, 6 Feb 2026 21:22:10 +1100 Subject: [PATCH 180/363] hyacinth/packages: use new idea package name --- hosts/hyacinth/packages.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/hyacinth/packages.nix b/hosts/hyacinth/packages.nix index a1288ca..f4e4fe4 100644 --- a/hosts/hyacinth/packages.nix +++ b/hosts/hyacinth/packages.nix @@ -1,6 +1,6 @@ { pkgs, ... }: { environment.systemPackages = with pkgs; [ - jetbrains.idea-community-bin + jetbrains.idea texliveFull ]; } From 0772dca431e07bc278df31670906ea77f7ae4c86 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Fri, 6 Feb 2026 21:25:40 +1100 Subject: [PATCH 181/363] system/packages: remove ecryptfs --- modules/system/packages.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/packages.nix b/modules/system/packages.nix index b257880..8670e6e 100644 --- a/modules/system/packages.nix +++ b/modules/system/packages.nix @@ -2,7 +2,7 @@ imports = [ ./packages-gui.nix ]; environment.systemPackages = with pkgs; [ comma - ecryptfs + # ecryptfs efibootmgr fd git From 85f53fbc859e2191b7c24c1737514d430d597fcc Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Fri, 6 Feb 2026 22:31:16 +1100 Subject: [PATCH 182/363] rin/packages: remove wine-osu --- users/rin/packages.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/users/rin/packages.nix b/users/rin/packages.nix index 5715dd4..3b07cab 100644 --- a/users/rin/packages.nix +++ b/users/rin/packages.nix @@ -46,7 +46,7 @@ in { mangohud me.psensor inputs.nix-gaming.packages.x86_64-linux.osu-lazer-bin - inputs.nix-gaming.packages.x86_64-linux.wine-osu + # inputs.nix-gaming.packages.x86_64-linux.wine-osu obsidian pavucontrol prismlauncher From bada516463e85483367381c288b29c6bdca8e318 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Mon, 9 Feb 2026 21:56:30 +1100 Subject: [PATCH 183/363] user/neovim: update nvim-treesitter import --- res/config.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/res/config.lua b/res/config.lua index 97fa58f..ef10504 100644 --- a/res/config.lua +++ b/res/config.lua @@ -85,7 +85,7 @@ require('nvim-ts-autotag').setup {} require('nvim-highlight-colors').setup { render = "virtual", } -require('nvim-treesitter.configs').setup { +require('nvim-treesitter').setup { highlight = { enable = true }, indent = { enable = false } } From 83b68d30347229200cf15a4cc98cf93caf64dd86 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 12 Feb 2026 02:40:14 +0000 Subject: [PATCH 184/363] flake: bump inputs --- flake.lock | 80 +++++++++++++++++++++++++++--------------------------- 1 file changed, 40 insertions(+), 40 deletions(-) diff --git a/flake.lock b/flake.lock index ec50bf4..4eeaaa3 100644 --- a/flake.lock +++ b/flake.lock @@ -194,11 +194,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1768135262, - "narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=", + "lastModified": 1769996383, + "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac", + "rev": "57928607ea566b5db3ad13af0e57e921e6b12381", "type": "github" }, "original": { @@ -317,11 +317,11 @@ ] }, "locked": { - "lastModified": 1770318660, - "narHash": "sha256-yFVde8QZK7Dc0Xa8eQDsmxLX4NJNfL1NKfctSyiQgMY=", + "lastModified": 1770818644, + "narHash": "sha256-DYS4jIRpRoKOzJjnR/QqEd/MlT4OZZpt8CrBLv+cjsE=", "owner": "nix-community", "repo": "home-manager", - "rev": "471e6a065f9efed51488d7c51a9abbd387df91b8", + "rev": "0acbd1180697de56724821184ad2c3e6e7202cd7", "type": "github" }, "original": { @@ -361,11 +361,11 @@ "linux-tkg": { "flake": false, "locked": { - "lastModified": 1770227718, - "narHash": "sha256-Z6KOxPD/ZesQ85SknAHAYBwro17KSSm0nRxcIJ5/vuE=", + "lastModified": 1770607339, + "narHash": "sha256-/j7IEdwbaaN4SGKAl5gE3vRdKIdIw8f7RNMrM9Lc28M=", "owner": "Frogging-Family", "repo": "linux-tkg", - "rev": "90ad8407cefc81a44571043c5d7e7717ea07a19a", + "rev": "9498fb9bc0c3323d1c291667d8cb16cb2a37bcee", "type": "github" }, "original": { @@ -383,11 +383,11 @@ ] }, "locked": { - "lastModified": 1770336287, - "narHash": "sha256-czvrg8uyf2VWRmbobsthTAIJCg1GH4mEekyW01AvHco=", + "lastModified": 1770857573, + "narHash": "sha256-pSeFA1qRAdivDrrKoybJ1DOcbkXx2v/ExIc6n0DbT4U=", "owner": "nix-community", "repo": "neovim-nightly-overlay", - "rev": "1cd999cdf20536ac6a6d1aa17ba0242eefd2312b", + "rev": "31e79c73c444b2e51eb34f2305792809839c58e8", "type": "github" }, "original": { @@ -399,11 +399,11 @@ "neovim-src": { "flake": false, "locked": { - "lastModified": 1770334851, - "narHash": "sha256-FvT3T0l8eNr1Hv+D1Sj1jM/2vLkonLxpadTk6gdYHAo=", + "lastModified": 1770810897, + "narHash": "sha256-6F/Z/UQxalaSoqewSQ4fL8zSws3Vy4wgA5DgyTaeqTo=", "owner": "neovim", "repo": "neovim", - "rev": "db133879b2a115cdf982b2899f154f1851d59a60", + "rev": "6b4ec2264e1d8ba027b85f3883d532c5068be92a", "type": "github" }, "original": { @@ -418,11 +418,11 @@ "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1769914377, - "narHash": "sha256-8wH3ZYNs36V0A3f/ikraqdoVE++BfnXg9Ql8nAuUkHw=", + "lastModified": 1770778188, + "narHash": "sha256-KZHPn3L6veRgRwOyfhaeM5ZTJfpkoY9EICIzUcQn4w8=", "owner": "fufexan", "repo": "nix-gaming", - "rev": "f7d17740ed90663b11ae907d33b3fed9fc9e15a9", + "rev": "59e3b8189047bc591635645d2c682020c13eeac5", "type": "github" }, "original": { @@ -449,11 +449,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1765674936, - "narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=", + "lastModified": 1769909678, + "narHash": "sha256-cBEymOf4/o3FD5AZnzC3J9hLbiZ+QDT/KDuyHXVJOpM=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "2075416fcb47225d9b68ac469a5c4801a9c4dd85", + "rev": "72716169fe93074c333e8d0173151350670b824c", "type": "github" }, "original": { @@ -512,11 +512,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1769740369, - "narHash": "sha256-xKPyJoMoXfXpDM5DFDZDsi9PHArf2k5BJjvReYXoFpM=", + "lastModified": 1770537093, + "narHash": "sha256-pF1quXG5wsgtyuPOHcLfYg/ft/QMr8NnX0i6tW2187s=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6308c3b21396534d8aaeac46179c14c439a89b8a", + "rev": "fef9403a3e4d31b0a23f0bacebbec52c248fbb51", "type": "github" }, "original": { @@ -528,11 +528,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1770197578, - "narHash": "sha256-AYqlWrX09+HvGs8zM6ebZ1pwUqjkfpnv8mewYwAo+iM=", + "lastModified": 1770562336, + "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "00c21e4c93d963c50d4c0c89bfa84ed6e0694df2", + "rev": "d6c71932130818840fc8fe9509cf50be8c64634f", "type": "github" }, "original": { @@ -568,11 +568,11 @@ "nvim-treesitter": { "flake": false, "locked": { - "lastModified": 1770279356, - "narHash": "sha256-NgocMrn3I4bJW37BtVvEYGkPraEC5TU/gb3ibJcG3wA=", + "lastModified": 1770808440, + "narHash": "sha256-paM9v2DKiHEwN0fTXuX9eY0KwVsB+9Bv6mOX9u/eyAI=", "owner": "nvim-treesitter", "repo": "nvim-treesitter", - "rev": "70a9fecaf5aeae70c765d4c51a8038165a91aa06", + "rev": "9f2dad22ef8bb14fd1e0a3aa8859cdc88170668b", "type": "github" }, "original": { @@ -584,11 +584,11 @@ "pure": { "flake": false, "locked": { - "lastModified": 1763198167, - "narHash": "sha256-AZSxP2g6BWoxyiSQH7yzbbbfGcwD8jgnXPPfcYwJUL0=", + "lastModified": 1770811375, + "narHash": "sha256-Fhk4nlVPS09oh0coLsBnjrKncQGE6cUEynzDO2Skiq8=", "owner": "sindresorhus", "repo": "pure", - "rev": "54bd501c802283dee0940457da6eb3e642bd1453", + "rev": "dbefd0dcafaa3ac7d7222ca50890d9d0c97f7ca2", "type": "github" }, "original": { @@ -649,11 +649,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1769986820, - "narHash": "sha256-O9OQ44dk9TJdtRIG828DUI54XdkfZET7AlN1RgTsPis=", + "lastModified": 1770846656, + "narHash": "sha256-wdYpo8++TqKp3GdRgLFykjuIVW1m9GlUnxID2FG74cE=", "owner": "Gerg-L", "repo": "spicetify-nix", - "rev": "68de6434cfaa8983f3775b858b8b76e7c5dbd29c", + "rev": "40e65cfc4608402674e1efaac3fccce20d2a72d3", "type": "github" }, "original": { @@ -791,11 +791,11 @@ "zsh-abbr": { "flake": false, "locked": { - "lastModified": 1770340936, - "narHash": "sha256-AyJRQbMw4l4D/26WLNoysxtUmPdvSgdzE1HcldQ0GYY=", + "lastModified": 1770748719, + "narHash": "sha256-RvdMEk1bQ/mCbcTneg8mMJJh6j60km0/wchBBQQ+Ugo=", "ref": "refs/heads/main", - "rev": "50988e246dab86bc5701932f64e9fe9b1df23cb9", - "revCount": 1124, + "rev": "2de4a08c5e0d9dbe8447e11e0a177b59b5b6d6ea", + "revCount": 1137, "submodules": true, "type": "git", "url": "https://github.com/olets/zsh-abbr" From 4c933a598c89048575e8c52c39eb769bc8a8f9a7 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 12 Feb 2026 02:40:17 +0000 Subject: [PATCH 185/363] packages/linux-lava: bump to 6.19 --- packages/linux-lava/sources.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/linux-lava/sources.nix b/packages/linux-lava/sources.nix index 4b25d1e..dc198a6 100644 --- a/packages/linux-lava/sources.nix +++ b/packages/linux-lava/sources.nix @@ -1,8 +1,8 @@ { fetchFromGitHub, inputs, lib }: let - version = "6.18.8"; - kernelHash = "0jzdvk3xdai1xsq0739hmf8rapw15dw5inarfvqizqx9bmha81li"; - kernelPatchHash = "0zwjsig10xkdzr87l25z5ici6kakbjl8jl02ryrpj6xn31bk7vwz"; + version = "6.19"; + kernelHash = "0mqka8ii7bvmx9hvfjdiyva9ib0j7m390gxhh8gki3qb4nl7jc1h"; + kernelPatchHash = "0w36sxwwhfqpc1if9d52rg0g1k20xjl2cairlyiyk10ns17mjxlb"; mm = lib.versions.majorMinor version; hasPatch = (builtins.length (builtins.splitVersion version)) == 3; From 4e49291a403244cb99d928d1b8279d18615457c5 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Mon, 16 Feb 2026 15:43:23 +1100 Subject: [PATCH 186/363] rin/packages: add jetbrains gateway --- users/rin/packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/users/rin/packages.nix b/users/rin/packages.nix index 3b07cab..e3db022 100644 --- a/users/rin/packages.nix +++ b/users/rin/packages.nix @@ -37,6 +37,7 @@ in { gamescope gimp3 grim + jetbrains.gateway #kotatogram-desktop krita lm_sensors From 3b73bd8f14b051790e2b0bd5592ebca82476df98 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Mon, 16 Feb 2026 16:00:25 +1100 Subject: [PATCH 187/363] overlays/jetbrains: init --- overlays/default.nix | 1 + overlays/jetbrains.nix | 22 ++++++++++++++++++++++ 2 files changed, 23 insertions(+) create mode 100644 overlays/jetbrains.nix diff --git a/overlays/default.nix b/overlays/default.nix index 31648cc..a84cba5 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -3,6 +3,7 @@ builtins.map (path: import path) [ ./cascadia-code.nix ./ccache.nix ./eww.nix + ./jetbrains.nix ./material-icons.nix ./steam.nix ./utillinux.nix diff --git a/overlays/jetbrains.nix b/overlays/jetbrains.nix new file mode 100644 index 0000000..dd1d1ad --- /dev/null +++ b/overlays/jetbrains.nix @@ -0,0 +1,22 @@ +# https://github.com/NixOS/nixpkgs/issues/375254 +self: super: { + jetbrains = super.jetbrains // { + gateway = let + unwrapped = super.jetbrains.gateway; + in super.buildFHSEnv { + name = "gateway"; + inherit (unwrapped) version; + + runScript = super.writeScript "gateway-wrapper" '' + unset JETBRAINS_CLIENT_JDK + exec ${unwrapped}/bin/gateway "$@" + ''; + + meta = unwrapped.meta; + + passthru = { + inherit unwrapped; + }; + }; + }; +} From cf47ffc5267e8104ce121b75eed9eccf92465b95 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Tue, 24 Feb 2026 17:26:26 +1100 Subject: [PATCH 188/363] workflow: remove check job SHUTUPSHUTUPSHUTUPSHOUSHTOSHTOUSTHSROUTSHJSBUJFSBHIDh --- .github/workflows/cachix.yml | 21 --------------------- 1 file changed, 21 deletions(-) diff --git a/.github/workflows/cachix.yml b/.github/workflows/cachix.yml index 2a4d902..06bed3e 100644 --- a/.github/workflows/cachix.yml +++ b/.github/workflows/cachix.yml @@ -5,27 +5,6 @@ on: workflow_dispatch: jobs: - check: - name: Check flake - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - name: Unlock secrets - uses: sliteteam/github-action-git-crypt-unlock@1.2.0 - env: - GIT_CRYPT_KEY: ${{ secrets.GIT_CRYPT_KEY }} - - uses: cachix/install-nix-action@v31 - - uses: cachix/cachix-action@v16 - with: - name: lava - authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' - - run: | - cd / - cd - - - run: nix flake check --keep-going --verbose - build: name: Build linux-lava for x86_64-linux runs-on: ubuntu-latest From 1fd2ebedb0dfa4742a77024b017576d7691a0ef4 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Mon, 2 Mar 2026 13:17:36 +1100 Subject: [PATCH 189/363] anemone/networking: disable wpa_supplicant hardening --- hosts/anemone/networking.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/anemone/networking.nix b/hosts/anemone/networking.nix index 8b6bdf9..18c0d87 100644 --- a/hosts/anemone/networking.nix +++ b/hosts/anemone/networking.nix @@ -3,6 +3,7 @@ #nameservers = [ "8.8.8.8" "8.8.4.4" ]; #wg-quick.interfaces.wg0.configFile = "/persist/vpn.conf"; + wireless.enableHardening = false; networkmanager = { enable = true; From e73f9d612ce7010b5a4d5e37d82064eadcb22fcd Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Tue, 3 Mar 2026 13:37:03 +1100 Subject: [PATCH 190/363] rin/packages: use dotnet10 --- users/rin/packages.nix | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/users/rin/packages.nix b/users/rin/packages.nix index e3db022..77e8a2e 100644 --- a/users/rin/packages.nix +++ b/users/rin/packages.nix @@ -1,10 +1,8 @@ { config, inputs, pkgs, ... }: let dotnet-combined = (with pkgs.dotnetCorePackages; combinePackages [ - dotnet_8.sdk - dotnet_9.sdk - aspnetcore_8_0-bin - aspnetcore_9_0-bin + dotnet_10.sdk + aspnetcore_10_0-bin ]); in { programs.firefox = { From 09aceb18f4da7714e515ca302f08d880e202b64c Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Fri, 6 Mar 2026 21:07:12 +1100 Subject: [PATCH 191/363] user/eww: display multiple bluetooth devices in one line --- res/eww/eww.yuck | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/res/eww/eww.yuck b/res/eww/eww.yuck index c153154..2598788 100644 --- a/res/eww/eww.yuck +++ b/res/eww/eww.yuck @@ -43,6 +43,8 @@ `nmcli -f IN-USE,SIGNAL device wifi | grep '*' | tr -d -c 0-9`) (defpoll bluetooth_device :interval "1s" :run-while bt-enabled `bluetoothctl devices Connected | grep Device | cut -d" " -f3-`) +(defpoll bluetooth_device_count :interval "1s" :run-while bt-enabled + `bluetoothctl devices Connected | wc -l`) (deflisten lnetwork :initial "" :run-while wifi-enabled "./scripts/network.sh") (deflisten ltitle :initial "" "./scripts/title.sh") @@ -99,7 +101,7 @@ (revealer :transition "slideleft" :reveal {bluetooth-extended && bluetooth_device != ""} :duration 150 - (label :text bluetooth_device + (label :text { bluetooth_device_count == "1" ? bluetooth_device : (bluetooth_device_count + " devices") } :class "base"))))) (defwidget network [] From 12a18435873419e4257ad7124daa177e01afbebb Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 8 Mar 2026 18:12:28 +1100 Subject: [PATCH 192/363] system/docker: init --- hosts/anemone/default.nix | 1 + modules/default.nix | 1 + modules/system/docker.nix | 13 +++++++++++++ 3 files changed, 15 insertions(+) create mode 100644 modules/system/docker.nix diff --git a/hosts/anemone/default.nix b/hosts/anemone/default.nix index dda36f5..a630d81 100644 --- a/hosts/anemone/default.nix +++ b/hosts/anemone/default.nix @@ -17,6 +17,7 @@ bluetooth ccache corectrl + docker flatpak greetd gui diff --git a/modules/default.nix b/modules/default.nix index 9a1898a..8237922 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -35,6 +35,7 @@ in { ./system/bluetooth.nix ./system/ccache.nix ./system/corectrl.nix + ./system/docker.nix ./system/flatpak.nix ./system/greetd.nix ./system/gui.nix diff --git a/modules/system/docker.nix b/modules/system/docker.nix new file mode 100644 index 0000000..08dfe23 --- /dev/null +++ b/modules/system/docker.nix @@ -0,0 +1,13 @@ +{ pkgs, ... }: { + virtualisation.docker = { + enable = true; + storageDriver = "btrfs"; + rootless = { + enable = true; + setSocketVariable = true; + }; + }; + environment.systemPackages = [ + pkgs.docker-compose + ]; +} From 2f1ca6402571369273a04a561df6f28cec899237 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 8 Mar 2026 18:12:59 +1100 Subject: [PATCH 193/363] user/zsh: update nix abbrs --- modules/user/zsh.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/user/zsh.nix b/modules/user/zsh.nix index 3fefce6..6e8db74 100644 --- a/modules/user/zsh.nix +++ b/modules/user/zsh.nix @@ -38,7 +38,8 @@ let jf = "doas journalctl -f"; fl = "cd ~/Projects/flakes"; - nr = "doas nixos-rebuild switch --flake .#${sysConfig.networking.hostName} -v -L"; + nr = "nh os switch"; + nb = "nh os boot"; gs = "git status"; ga = "git add"; From 2baffcb7a5506338d6fdc80f0676a421118ab9f3 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 8 Mar 2026 23:58:32 +1100 Subject: [PATCH 194/363] hosts/anemone: enable kde connect --- hosts/anemone/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/anemone/default.nix b/hosts/anemone/default.nix index a630d81..aa4c81b 100644 --- a/hosts/anemone/default.nix +++ b/hosts/anemone/default.nix @@ -54,4 +54,6 @@ services.fprintd.enable = true; services.tlp.enable = true; + + programs.kdeconnect.enable = true; } From 12681f2087b9e3ea22772c2fd09d2be0f72783b7 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Mon, 9 Mar 2026 00:39:07 +1100 Subject: [PATCH 195/363] system/docker: disable rootless --- modules/system/docker.nix | 8 ++++---- users/rin/default.nix | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/modules/system/docker.nix b/modules/system/docker.nix index 08dfe23..1ebd190 100644 --- a/modules/system/docker.nix +++ b/modules/system/docker.nix @@ -2,10 +2,10 @@ virtualisation.docker = { enable = true; storageDriver = "btrfs"; - rootless = { - enable = true; - setSocketVariable = true; - }; + # rootless = { + # enable = true; + # setSocketVariable = true; + # }; }; environment.systemPackages = [ pkgs.docker-compose diff --git a/users/rin/default.nix b/users/rin/default.nix index e8d6f5c..91166ed 100644 --- a/users/rin/default.nix +++ b/users/rin/default.nix @@ -3,7 +3,7 @@ programs.zsh.enable = true; users.users.rin = { isNormalUser = true; - extraGroups = [ "adbusers" "audio" "corectrl" "dialout" "libvirtd" "networkmanager" "video" "wheel" "wireshark" ]; + extraGroups = [ "adbusers" "audio" "corectrl" "dialout" "docker" "libvirtd" "networkmanager" "video" "wheel" "wireshark" ]; shell = pkgs.zsh; uid = 1001; hashedPasswordFile = config.age.secrets.passwd.path; From e2832de9684d7f3fbd8e6f44f73a5e40bab9f2dd Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 15 Mar 2026 15:53:14 +1100 Subject: [PATCH 196/363] containers/amethyst: init --- containers/amethyst/configuration.nix | 47 +++++++++++++++++++++++++++ containers/amethyst/flake.lock | 27 +++++++++++++++ containers/amethyst/flake.nix | 38 ++++++++++++++++++++++ flake.lock | 37 +++++++++++++++++++-- flake.nix | 3 ++ hosts/anemone/default.nix | 2 ++ 6 files changed, 151 insertions(+), 3 deletions(-) create mode 100644 containers/amethyst/configuration.nix create mode 100644 containers/amethyst/flake.lock create mode 100644 containers/amethyst/flake.nix diff --git a/containers/amethyst/configuration.nix b/containers/amethyst/configuration.nix new file mode 100644 index 0000000..b9d496d --- /dev/null +++ b/containers/amethyst/configuration.nix @@ -0,0 +1,47 @@ +{ lib, pkgs, ... }: { + system.stateVersion = "23.11"; + systemd.tmpfiles.rules = [ + "d /persist/transmission 755 transmission transmission" + "d /persist/transmission/.config/transmission-daemon 750 transmission transmission" + "d /persist/transmission/.incomplete 750 transmission transmission" + "d /persist/transmission/Downloads 755 transmission transmission" + "d /persist/transmission/watchdir 755 transmission transmission" + ]; + networking.wg-quick.interfaces.wg0 = { + configFile = "/persist/vpn.conf"; + preUp = '' + # Try to access the DNS for up to 300s + for i in {1..60}; do + ${pkgs.iputils}/bin/ping -c1 'google.com' && break + echo "Attempt $i: DNS still not available" + sleep 5s + done + ''; + }; + + # https://github.com/NixOS/nixpkgs/issues/258793 + systemd.services.transmission.serviceConfig = { + BindReadOnlyPaths = lib.mkForce [ builtins.storeDir "/etc" ]; + RootDirectoryStartOnly = lib.mkForce false; + RootDirectory = lib.mkForce ""; + PrivateMounts = lib.mkForce false; + PrivateUsers = lib.mkForce false; + }; + + networking.firewall.allowedTCPPorts = [ 9091 ]; + services.transmission = { + enable = true; + package = pkgs.transmission_4; + downloadDirPermissions = "775"; + openFirewall = true; + home = "/persist/transmission"; + settings = { + ratio-limit-enabled = true; + rpc-bind-address = "0.0.0.0"; + rpc-enabled = true; + rpc-port = 9091; + rpc-host-whitelist-enabled = false; + rpc-whitelist-enabled = false; + }; + }; +} diff --git a/containers/amethyst/flake.lock b/containers/amethyst/flake.lock new file mode 100644 index 0000000..88ab73f --- /dev/null +++ b/containers/amethyst/flake.lock @@ -0,0 +1,27 @@ +{ + "nodes": { + "nixpkgs": { + "locked": { + "lastModified": 1773282481, + "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/containers/amethyst/flake.nix b/containers/amethyst/flake.nix new file mode 100644 index 0000000..e025a5b --- /dev/null +++ b/containers/amethyst/flake.nix @@ -0,0 +1,38 @@ +{ + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + }; + outputs = { nixpkgs, ... }: { + nixosConfigurations.container = nixpkgs.lib.nixosSystem { + modules = [ ./configuration.nix ]; + }; + nixosModule = { ... }: { + networking.nat = { + enable = true; + enableIPv6 = true; + internalInterfaces = [ "ve-+" ]; + }; + + systemd.tmpfiles.rules = [ "d /persist/containers/amethyst 755 root users" ]; + containers.amethyst = { + autoStart = true; + privateNetwork = true; + hostAddress = "10.30.1.1"; + localAddress = "10.30.1.2"; + hostAddress6 = "fd0d:1::1:1"; + localAddress6 = "fd0d:1::1:2"; + # privateUsers = "pick"; + nixpkgs = nixpkgs; + ephemeral = true; + config = { imports = [ ./configuration.nix ]; }; + + bindMounts."persist" = { + hostPath = "/persist/containers/amethyst"; + mountPoint = "/persist"; + isReadOnly = false; + }; + # flake = "path:" + ./.; + }; + }; + }; +} diff --git a/flake.lock b/flake.lock index 4eeaaa3..4d2cc7a 100644 --- a/flake.lock +++ b/flake.lock @@ -43,6 +43,20 @@ "type": "github" } }, + "c-amethyst": { + "inputs": { + "nixpkgs": "nixpkgs_3" + }, + "locked": { + "path": "./containers/amethyst", + "type": "path" + }, + "original": { + "path": "./containers/amethyst", + "type": "path" + }, + "parent": [] + }, "catppuccin": { "inputs": { "catppuccin-v1_1": "catppuccin-v1_1", @@ -415,7 +429,7 @@ "nix-gaming": { "inputs": { "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs_3" + "nixpkgs": "nixpkgs_4" }, "locked": { "lastModified": 1770778188, @@ -511,6 +525,22 @@ } }, "nixpkgs_3": { + "locked": { + "lastModified": 1773282481, + "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { "locked": { "lastModified": 1770537093, "narHash": "sha256-pF1quXG5wsgtyuPOHcLfYg/ft/QMr8NnX0i6tW2187s=", @@ -526,7 +556,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_5": { "locked": { "lastModified": 1770562336, "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", @@ -601,6 +631,7 @@ "inputs": { "aagl": "aagl", "agenix": "agenix", + "c-amethyst": "c-amethyst", "catppuccin": "catppuccin", "catppuccin-palette": "catppuccin-palette", "fast-syntax-highlighting": "fast-syntax-highlighting", @@ -609,7 +640,7 @@ "linux-tkg": "linux-tkg", "neovim-nightly": "neovim-nightly", "nix-gaming": "nix-gaming", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_5", "nixpkgs-stable": "nixpkgs-stable_2", "nvim-treesitter": "nvim-treesitter", "pure": "pure", diff --git a/flake.nix b/flake.nix index 98a4505..3ee112e 100644 --- a/flake.nix +++ b/flake.nix @@ -37,6 +37,9 @@ spotify-adblock = { url = "github:abba23/spotify-adblock"; flake = false; }; tree-sitter-jsonc = { url = "gitlab:WhyNotHugo/tree-sitter-jsonc"; flake = false; }; wine-discord-ipc-bridge = { url = "github:0e4ef622/wine-discord-ipc-bridge"; flake = false; }; + + # containers + c-amethyst.url = "path:./containers/amethyst"; }; outputs = { self, agenix, catppuccin, nixpkgs, nixpkgs-stable, ... } @ inputs: diff --git a/hosts/anemone/default.nix b/hosts/anemone/default.nix index aa4c81b..ee08a68 100644 --- a/hosts/anemone/default.nix +++ b/hosts/anemone/default.nix @@ -37,6 +37,8 @@ ../../users/rin modules.services.syncthing + + inputs.c-amethyst.nixosModule ]; me = { From acc4d31f467d4403aa87f499270156a366c20ef5 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 15 Mar 2026 19:27:29 +1100 Subject: [PATCH 197/363] containers/beryllium: init --- containers/beryllium/configuration.nix | 15 +++++++++ containers/beryllium/flake.lock | 27 +++++++++++++++++ containers/beryllium/flake.nix | 42 ++++++++++++++++++++++++++ flake.lock | 37 +++++++++++++++++++++-- flake.nix | 1 + hosts/anemone/default.nix | 1 + 6 files changed, 120 insertions(+), 3 deletions(-) create mode 100644 containers/beryllium/configuration.nix create mode 100644 containers/beryllium/flake.lock create mode 100644 containers/beryllium/flake.nix diff --git a/containers/beryllium/configuration.nix b/containers/beryllium/configuration.nix new file mode 100644 index 0000000..d877f3b --- /dev/null +++ b/containers/beryllium/configuration.nix @@ -0,0 +1,15 @@ +{ ... }: { + system.stateVersion = "25.11"; + fileSystems."/var/lib/private" = { + device = "/persist"; + fsType = "none"; + options = [ "bind" ]; + }; + + services.matrix-continuwuity = { + enable = true; + settings.global = { + server_name = "lava.moe"; + }; + }; +} diff --git a/containers/beryllium/flake.lock b/containers/beryllium/flake.lock new file mode 100644 index 0000000..88ab73f --- /dev/null +++ b/containers/beryllium/flake.lock @@ -0,0 +1,27 @@ +{ + "nodes": { + "nixpkgs": { + "locked": { + "lastModified": 1773282481, + "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/containers/beryllium/flake.nix b/containers/beryllium/flake.nix new file mode 100644 index 0000000..af3d7aa --- /dev/null +++ b/containers/beryllium/flake.nix @@ -0,0 +1,42 @@ +{ + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + }; + outputs = { nixpkgs, ... }: { + nixosConfigurations.container = nixpkgs.lib.nixosSystem { + modules = [ ./configuration.nix ]; + }; + nixosModule = { ... }: + let + name = "beryllium"; + subnet = "2"; + in { + networking.nat = { + enable = true; + enableIPv6 = true; + internalInterfaces = [ "ve-+" ]; + }; + + systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ]; + containers.${name} = { + autoStart = true; + privateNetwork = true; + hostAddress = "10.30.${subnet}.1"; + localAddress = "10.30.${subnet}.2"; + hostAddress6 = "fd0d:1::${subnet}:1"; + localAddress6 = "fd0d:1::${subnet}:2"; + # privateUsers = "pick"; + nixpkgs = nixpkgs; + ephemeral = true; + config = { imports = [ ./configuration.nix ]; }; + + bindMounts."persist" = { + hostPath = "/persist/containers/${name}"; + mountPoint = "/persist"; + isReadOnly = false; + }; + # flake = "path:" + ./.; + }; + }; + }; +} diff --git a/flake.lock b/flake.lock index 4d2cc7a..c3e63fc 100644 --- a/flake.lock +++ b/flake.lock @@ -57,6 +57,20 @@ }, "parent": [] }, + "c-beryllium": { + "inputs": { + "nixpkgs": "nixpkgs_4" + }, + "locked": { + "path": "./containers/beryllium", + "type": "path" + }, + "original": { + "path": "./containers/beryllium", + "type": "path" + }, + "parent": [] + }, "catppuccin": { "inputs": { "catppuccin-v1_1": "catppuccin-v1_1", @@ -429,7 +443,7 @@ "nix-gaming": { "inputs": { "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs_4" + "nixpkgs": "nixpkgs_5" }, "locked": { "lastModified": 1770778188, @@ -541,6 +555,22 @@ } }, "nixpkgs_4": { + "locked": { + "lastModified": 1773282481, + "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_5": { "locked": { "lastModified": 1770537093, "narHash": "sha256-pF1quXG5wsgtyuPOHcLfYg/ft/QMr8NnX0i6tW2187s=", @@ -556,7 +586,7 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_6": { "locked": { "lastModified": 1770562336, "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", @@ -632,6 +662,7 @@ "aagl": "aagl", "agenix": "agenix", "c-amethyst": "c-amethyst", + "c-beryllium": "c-beryllium", "catppuccin": "catppuccin", "catppuccin-palette": "catppuccin-palette", "fast-syntax-highlighting": "fast-syntax-highlighting", @@ -640,7 +671,7 @@ "linux-tkg": "linux-tkg", "neovim-nightly": "neovim-nightly", "nix-gaming": "nix-gaming", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_6", "nixpkgs-stable": "nixpkgs-stable_2", "nvim-treesitter": "nvim-treesitter", "pure": "pure", diff --git a/flake.nix b/flake.nix index 3ee112e..03840e1 100644 --- a/flake.nix +++ b/flake.nix @@ -40,6 +40,7 @@ # containers c-amethyst.url = "path:./containers/amethyst"; + c-beryllium.url = "path:./containers/beryllium"; }; outputs = { self, agenix, catppuccin, nixpkgs, nixpkgs-stable, ... } @ inputs: diff --git a/hosts/anemone/default.nix b/hosts/anemone/default.nix index ee08a68..65e9d43 100644 --- a/hosts/anemone/default.nix +++ b/hosts/anemone/default.nix @@ -39,6 +39,7 @@ modules.services.syncthing inputs.c-amethyst.nixosModule + inputs.c-beryllium.nixosModule ]; me = { From 5a24bf690f85e9d306bc78ec1c7a3b5cdf68ac21 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 15 Mar 2026 19:32:34 +1100 Subject: [PATCH 198/363] containers/amethyst: refactor --- containers/amethyst/flake.nix | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/containers/amethyst/flake.nix b/containers/amethyst/flake.nix index e025a5b..a8bbeee 100644 --- a/containers/amethyst/flake.nix +++ b/containers/amethyst/flake.nix @@ -6,28 +6,32 @@ nixosConfigurations.container = nixpkgs.lib.nixosSystem { modules = [ ./configuration.nix ]; }; - nixosModule = { ... }: { + nixosModule = { ... }: + let + name = "amethyst"; + subnet = "1"; + in { networking.nat = { enable = true; enableIPv6 = true; internalInterfaces = [ "ve-+" ]; }; - systemd.tmpfiles.rules = [ "d /persist/containers/amethyst 755 root users" ]; - containers.amethyst = { + systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ]; + containers.${name} = { autoStart = true; privateNetwork = true; - hostAddress = "10.30.1.1"; - localAddress = "10.30.1.2"; - hostAddress6 = "fd0d:1::1:1"; - localAddress6 = "fd0d:1::1:2"; + hostAddress = "10.30.${subnet}.1"; + localAddress = "10.30.${subnet}.2"; + hostAddress6 = "fd0d:1::${subnet}:1"; + localAddress6 = "fd0d:1::${subnet}:2"; # privateUsers = "pick"; nixpkgs = nixpkgs; ephemeral = true; config = { imports = [ ./configuration.nix ]; }; bindMounts."persist" = { - hostPath = "/persist/containers/amethyst"; + hostPath = "/persist/containers/${name}"; mountPoint = "/persist"; isReadOnly = false; }; From 6bea3918586612998bce927478f1827718aa5ab9 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 15 Mar 2026 19:41:44 +1100 Subject: [PATCH 199/363] hosts/dandelion: pull changes --- flake.lock | 132 ++++++++++++++++++++++++++++++++++- flake.nix | 3 +- hosts/dandelion/default.nix | 1 + modules/default.nix | 1 + modules/services/banksia.nix | 11 +++ modules/services/nginx.nix | 13 ++-- modules/services/website.nix | 14 +++- 7 files changed, 165 insertions(+), 10 deletions(-) create mode 100644 modules/services/banksia.nix diff --git a/flake.lock b/flake.lock index c3e63fc..2afebb7 100644 --- a/flake.lock +++ b/flake.lock @@ -253,6 +253,42 @@ "type": "github" } }, + "flake-utils_2": { + "inputs": { + "systems": "systems_3" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_3": { + "inputs": { + "systems": "systems_4" + }, + "locked": { + "lastModified": 1701680307, + "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -602,6 +638,22 @@ "type": "github" } }, + "nixpkgs_7": { + "locked": { + "lastModified": 1770019141, + "narHash": "sha256-VKS4ZLNx4PNrABoB0L8KUpc1fE7CLpQXQs985tGfaCU=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "cb369ef2efd432b3cdf8622b0ffc0a97a02f3137", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nuscht-search": { "inputs": { "flake-utils": "flake-utils", @@ -641,6 +693,49 @@ "type": "github" } }, + "pastel": { + "inputs": { + "flake-utils": "flake-utils_2", + "nixpkgs": "nixpkgs_7", + "pnpm2nix": "pnpm2nix" + }, + "locked": { + "lastModified": 1772103435, + "narHash": "sha256-dtsWJl+DBigaZlszH4UVI8JZltJl9O6MESDyH4RepNI=", + "owner": "cillynder", + "repo": "pastel", + "rev": "8e2b1b80d711eaf41c010949bef0a512db9e4452", + "type": "github" + }, + "original": { + "owner": "cillynder", + "repo": "pastel", + "type": "github" + } + }, + "pnpm2nix": { + "inputs": { + "flake-utils": "flake-utils_3", + "nixpkgs": [ + "pastel", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1717937937, + "narHash": "sha256-bKoHjG5P15vCVpDndIXFfoJC65XhrBPQ9GWcXtXNuDA=", + "owner": "wrvsrx", + "repo": "pnpm2nix-nzbr", + "rev": "a2d285ad5718cb202f45e98a4f839a5b2608c4b1", + "type": "github" + }, + "original": { + "owner": "wrvsrx", + "ref": "adapt-to-v9", + "repo": "pnpm2nix-nzbr", + "type": "github" + } + }, "pure": { "flake": false, "locked": { @@ -674,6 +769,7 @@ "nixpkgs": "nixpkgs_6", "nixpkgs-stable": "nixpkgs-stable_2", "nvim-treesitter": "nvim-treesitter", + "pastel": "pastel", "pure": "pure", "spicetify-nix": "spicetify-nix", "spotify-adblock": "spotify-adblock", @@ -708,7 +804,7 @@ "nixpkgs": [ "nixpkgs" ], - "systems": "systems_3" + "systems": "systems_5" }, "locked": { "lastModified": 1770846656, @@ -801,6 +897,36 @@ "type": "github" } }, + "systems_4": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_5": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "tree-sitter-jsonc": { "flake": false, "locked": { @@ -822,13 +948,13 @@ "locked": { "lastModified": 1668017714, "narHash": "sha256-ywy/7xeT6FHkF7lcs+stW1WPV+piE8ztSwcQ161iico=", - "owner": "LavaDesu", + "owner": "cillynder", "repo": "lavadesu.github.io", "rev": "4e30c50be520a0a1bbecf408f056e6aaf135df67", "type": "github" }, "original": { - "owner": "LavaDesu", + "owner": "cillynder", "ref": "master", "repo": "lavadesu.github.io", "type": "github" diff --git a/flake.nix b/flake.nix index 03840e1..9719bd8 100644 --- a/flake.nix +++ b/flake.nix @@ -22,8 +22,9 @@ spicetify-nix.inputs.nixpkgs.follows = "nixpkgs"; # services + pastel.url = "github:cillynder/pastel"; stevenblack-hosts = { url = "github:StevenBlack/hosts"; flake = false; }; - website = { url = "github:LavaDesu/lavadesu.github.io/master"; flake = false; }; + website = { url = "github:cillynder/lavadesu.github.io/master"; flake = false; }; # zsh plugins zsh-abbr = { url = "git+https://github.com/olets/zsh-abbr?submodules=1"; flake = false; }; diff --git a/hosts/dandelion/default.nix b/hosts/dandelion/default.nix index b9f5e42..ee386bf 100644 --- a/hosts/dandelion/default.nix +++ b/hosts/dandelion/default.nix @@ -19,6 +19,7 @@ security wireguard + modules.services.banksia modules.services.nginx modules.services.postgres modules.services.unbound diff --git a/modules/default.nix b/modules/default.nix index 8237922..014a61a 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -16,6 +16,7 @@ let in { options = ./options.nix; services = mkAttrsFromPaths [ + ./services/banksia.nix ./services/jellyfin.nix ./services/nginx.nix ./services/postgres.nix diff --git a/modules/services/banksia.nix b/modules/services/banksia.nix new file mode 100644 index 0000000..d6532f6 --- /dev/null +++ b/modules/services/banksia.nix @@ -0,0 +1,11 @@ +# TODO ^^ +{ ... }: { + services.nginx.virtualHosts = { + "banksia.lava.moe" = { + useACMEHost = "lava.moe"; + forceSSL = true; + locations."/".return = "302 https://github.com/cillynder/Banksia"; + locations."/api".proxyPass = "http://localhost:8080/"; + }; + }; +} diff --git a/modules/services/nginx.nix b/modules/services/nginx.nix index 10a2d84..51641b4 100644 --- a/modules/services/nginx.nix +++ b/modules/services/nginx.nix @@ -2,17 +2,20 @@ networking.firewall.allowedTCPPorts = [ 80 443 ]; security.acme = { acceptTerms = true; - defaults.email = "me@lava.moe"; - certs."lava.moe" = { + defaults = { + email = "me@lava.moe"; group = "nginx"; - domain = "lava.moe"; + dnsProvider = "cloudflare"; + credentialsFile = config.age.secrets."acme_dns".path; + }; + certs."lava.moe" = { extraDomainNames = [ "*.lava.moe" "*.local.lava.moe" ]; - dnsProvider = "cloudflare"; - credentialsFile = config.age.secrets."acme_dns".path; }; + certs."cilly.moe" = {}; + certs."cilly.dev" = {}; }; services.nginx = { diff --git a/modules/services/website.nix b/modules/services/website.nix index 5e7a223..2ef679b 100644 --- a/modules/services/website.nix +++ b/modules/services/website.nix @@ -1,5 +1,17 @@ -{ inputs, ... }: { +{ inputs, pkgs, ... }: let + pastel = inputs.pastel.packages.${pkgs.system}.default; +in { services.nginx.virtualHosts = { + "cilly.moe" = { + useACMEHost = "cilly.moe"; + forceSSL = true; + root = pastel.outPath; + }; + "cilly.dev" = { + useACMEHost = "cilly.dev"; + forceSSL = true; + root = pastel.outPath; + }; "lava.moe" = { useACMEHost = "lava.moe"; forceSSL = true; From 5c5579313444a2a7ea93c4f470b06cc9ca594fa8 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 15 Mar 2026 19:47:08 +1100 Subject: [PATCH 200/363] hosts/dandelion: follow unstable nixpkgs --- flake.nix | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/flake.nix b/flake.nix index 9719bd8..57befbc 100644 --- a/flake.nix +++ b/flake.nix @@ -4,10 +4,6 @@ home-manager.url = "github:nix-community/home-manager"; home-manager.inputs.nixpkgs.follows = "nixpkgs"; - nixpkgs-stable.url = "github:NixOS/nixpkgs/release-25.05"; - home-manager-stable.url = "github:nix-community/home-manager/release-25.05"; - home-manager-stable.inputs.nixpkgs.follows = "nixpkgs-stable"; - agenix.url = "github:ryantm/agenix"; agenix.inputs.nixpkgs.follows = "nixpkgs"; aagl.url = "github:ezKEa/aagl-gtk-on-nix"; @@ -44,7 +40,7 @@ c-beryllium.url = "path:./containers/beryllium"; }; - outputs = { self, agenix, catppuccin, nixpkgs, nixpkgs-stable, ... } @ inputs: + outputs = { self, agenix, catppuccin, nixpkgs, ... } @ inputs: let overlays = (import ./overlays) ++ [(final: prev: { @@ -79,8 +75,8 @@ in { nixosConfigurations."anemone" = mkSystem nixpkgs "anemone" "x86_64-linux" []; - nixosConfigurations."dandelion" = mkSystem nixpkgs-stable "dandelion" "aarch64-linux" []; - nixosConfigurations."hazel" = mkSystem nixpkgs-stable "hazel" "x86_64-linux" []; + nixosConfigurations."dandelion" = mkSystem nixpkgs "dandelion" "aarch64-linux" []; + nixosConfigurations."hazel" = mkSystem nixpkgs "hazel" "x86_64-linux" []; nixosConfigurations."hyacinth" = mkSystem nixpkgs "hyacinth" "x86_64-linux" []; packages."x86_64-linux" = From f84e8c1013bdbbc4592da2f774aef71cd9b7e47b Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 15 Mar 2026 19:48:08 +1100 Subject: [PATCH 201/363] hosts/hazel: decommission --- flake.nix | 1 - hosts/hazel/default.nix | 95 -------------------------------------- hosts/hazel/filesystem.nix | 53 --------------------- hosts/hazel/fs-decrypt.nix | 0 hosts/hazel/kernel.nix | 10 ---- hosts/hazel/networking.nix | 15 ------ 6 files changed, 174 deletions(-) delete mode 100644 hosts/hazel/default.nix delete mode 100644 hosts/hazel/filesystem.nix delete mode 100644 hosts/hazel/fs-decrypt.nix delete mode 100644 hosts/hazel/kernel.nix delete mode 100644 hosts/hazel/networking.nix diff --git a/flake.nix b/flake.nix index 57befbc..c359c93 100644 --- a/flake.nix +++ b/flake.nix @@ -76,7 +76,6 @@ { nixosConfigurations."anemone" = mkSystem nixpkgs "anemone" "x86_64-linux" []; nixosConfigurations."dandelion" = mkSystem nixpkgs "dandelion" "aarch64-linux" []; - nixosConfigurations."hazel" = mkSystem nixpkgs "hazel" "x86_64-linux" []; nixosConfigurations."hyacinth" = mkSystem nixpkgs "hyacinth" "x86_64-linux" []; packages."x86_64-linux" = diff --git a/hosts/hazel/default.nix b/hosts/hazel/default.nix deleted file mode 100644 index cd568c3..0000000 --- a/hosts/hazel/default.nix +++ /dev/null @@ -1,95 +0,0 @@ -{ config, modules, pkgs, ... }: -let - dirs = [ - ["immich" "immich"] - ["nextcloud" "nextcloud"] - ["postgresql" "postgres"] - ["redis-immich" "redis-immich"] - ]; - - rules = builtins.map (d: "d /flower/${builtins.elemAt d 0} 750 ${builtins.elemAt d 1} ${builtins.elemAt d 1}") dirs; - mounts = builtins.listToAttrs (builtins.map (d: { - name = "/var/lib/${builtins.elemAt d 0}"; - value = { - depends = [ "/flower" ]; - device = "/flower/${builtins.elemAt d 0}"; - fsType = "none"; - options = [ "bind" ]; - }; - }) dirs); -in -{ - networking.hostName = "hazel"; - system.stateVersion = "24.11"; - time.timeZone = "Australia/Melbourne"; - - age.secrets = { - acme_dns.file = ../../secrets/acme_dns.age; - wg_hazel.file = ../../secrets/wg_hazel.age; - }; - - imports = with modules.system; with modules.services; [ - home-manager-stable - - base - kernel - nix-stable - packages - security - - nginx - unbound - wireguard - - ./filesystem.nix - ./kernel.nix - ./networking.nix - - ../../users/hana - ]; - - me.environment = "headless"; - - services.nextcloud = { - enable = true; - package = pkgs.nextcloud31; - hostName = "cloud.lava.moe"; - database.createLocally = true; - config = { - dbtype = "pgsql"; - adminpassFile = "/persist/nextcloud-admin-pass"; - }; - https = true; - }; - - services.nginx.virtualHosts.${config.services.nextcloud.hostName} = { - forceSSL = true; - enableACME = true; - }; - - services.immich = { - enable = true; - port = 2283; - }; - - users.users.immich.extraGroups = [ "video" "render" ]; - hardware.graphics.enable = true; - services.nginx.virtualHosts."photos.lava.moe" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://[::1]:${toString config.services.immich.port}"; - proxyWebsockets = true; - recommendedProxySettings = true; - extraConfig = '' - client_max_body_size 50000M; - proxy_read_timeout 600s; - proxy_send_timeout 600s; - send_timeout 600s; - ''; - }; - }; - - systemd.tmpfiles.rules = rules; - fileSystems = mounts; -} diff --git a/hosts/hazel/filesystem.nix b/hosts/hazel/filesystem.nix deleted file mode 100644 index 2a60898..0000000 --- a/hosts/hazel/filesystem.nix +++ /dev/null @@ -1,53 +0,0 @@ -{ ... }: -let - mkLabelMount = label: type: options: { - device = "/dev/disk/by-label/${label}"; - fsType = type; - options = [ "defaults" ] ++ options; - }; - mkBtrfsMount = name: ext: subvol: atime: mkLabelMount name "btrfs" - ([ - "autodefrag" - "compress=zstd:4" - "compress-force=zstd:4" - "defaults" - "nossd" - "space_cache=v2" - "subvol=${subvol}" - (if atime then "relatime" else "noatime") - ] ++ ext); - - mkHazelMount = mkBtrfsMount "HAZEL" []; -in -{ - boot.supportedFilesystems = [ "btrfs" ]; - fileSystems = { - "/" = { - device = "rootfs"; - fsType = "tmpfs"; - options = [ "defaults" "mode=755" ]; - }; - "/boot" = mkLabelMount "ROOT" "vfat" []; - - "/flower" = mkHazelMount "/current/flower" true; - "/persist" = mkHazelMount "/current/persist" true; - "/var" = mkHazelMount "/current/var" true; - "/nix" = mkHazelMount "/current/nix" false; - - "/mnt" = mkHazelMount "/" true; - }; - - services.snapper.cleanupInterval = "1h"; - services.snapper.configs.flower = { - FSTYPE = "btrfs"; - SUBVOLUME = "/mnt/current/flower"; - TIMELINE_CLEANUP = true; - TIMELINE_CREATE = true; - TIMELINE_MIN_AGE = "1800"; - TIMELINE_LIMIT_HOURLY = "5"; - TIMELINE_LIMIT_DAILY = "7"; - TIMELINE_LIMIT_WEEKLY = "0"; - TIMELINE_LIMIT_MONTHLY = "0"; - TIMELINE_LIMIT_YEARLY = "0"; - }; -} diff --git a/hosts/hazel/fs-decrypt.nix b/hosts/hazel/fs-decrypt.nix deleted file mode 100644 index e69de29..0000000 diff --git a/hosts/hazel/kernel.nix b/hosts/hazel/kernel.nix deleted file mode 100644 index 20be1ed..0000000 --- a/hosts/hazel/kernel.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ ... }: { - boot = { - loader = { - efi.canTouchEfiVariables = true; - systemd-boot.enable = true; - }; - initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; - kernelModules = [ "kvm-amd" ]; - }; -} diff --git a/hosts/hazel/networking.nix b/hosts/hazel/networking.nix deleted file mode 100644 index 42656e4..0000000 --- a/hosts/hazel/networking.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ gcSecrets, ... }: { - networking = { - useDHCP = true; - interfaces.enp8s0.ipv6.addresses = [ - { - address = gcSecrets.hazel.ipv6Addr; - prefixLength = 64; - } - ]; - defaultGateway6 = { - address = "fe80::1"; - interface = "enp8s0"; - }; - }; -} From 1a8e042be5aa94edf28606cae589cd86c9b75b1d Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 15 Mar 2026 19:48:37 +1100 Subject: [PATCH 202/363] flake: lock --- flake.lock | 39 --------------------------------------- 1 file changed, 39 deletions(-) diff --git a/flake.lock b/flake.lock index 2afebb7..a5f3b81 100644 --- a/flake.lock +++ b/flake.lock @@ -332,27 +332,6 @@ "type": "github" } }, - "home-manager-stable_2": { - "inputs": { - "nixpkgs": [ - "nixpkgs-stable" - ] - }, - "locked": { - "lastModified": 1763992789, - "narHash": "sha256-WHkdBlw6oyxXIra/vQPYLtqY+3G8dUVZM8bEXk0t8x4=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "44831a7eaba4360fb81f2acc5ea6de5fde90aaa3", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "release-25.05", - "repo": "home-manager", - "type": "github" - } - }, "home-manager_2": { "inputs": { "nixpkgs": [ @@ -542,22 +521,6 @@ "type": "github" } }, - "nixpkgs-stable_2": { - "locked": { - "lastModified": 1768649915, - "narHash": "sha256-jc21hKogFnxU7KXSVTRmxC7u5D4RHwm9BAvDf5/Z1Uo=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "3e3f3c7f9977dc123c23ee21e8085ed63daf8c37", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "release-25.05", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_2": { "locked": { "lastModified": 1744536153, @@ -762,12 +725,10 @@ "catppuccin-palette": "catppuccin-palette", "fast-syntax-highlighting": "fast-syntax-highlighting", "home-manager": "home-manager_3", - "home-manager-stable": "home-manager-stable_2", "linux-tkg": "linux-tkg", "neovim-nightly": "neovim-nightly", "nix-gaming": "nix-gaming", "nixpkgs": "nixpkgs_6", - "nixpkgs-stable": "nixpkgs-stable_2", "nvim-treesitter": "nvim-treesitter", "pastel": "pastel", "pure": "pure", From e78c666635e0abbff39f3964da5fd5308abf80a1 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 15 Mar 2026 19:50:47 +1100 Subject: [PATCH 203/363] system/home-manager-stable: remove --- hosts/dandelion/default.nix | 2 +- modules/default.nix | 1 - modules/system/home-manager-stable.nix | 19 ------------------- 3 files changed, 1 insertion(+), 21 deletions(-) delete mode 100644 modules/system/home-manager-stable.nix diff --git a/hosts/dandelion/default.nix b/hosts/dandelion/default.nix index ee386bf..eefe5db 100644 --- a/hosts/dandelion/default.nix +++ b/hosts/dandelion/default.nix @@ -10,7 +10,7 @@ imports = with modules.system; [ (modulesPath + "/profiles/qemu-guest.nix") - home-manager-stable + home-manager base kernel diff --git a/modules/default.nix b/modules/default.nix index 014a61a..93b3c88 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -41,7 +41,6 @@ in { ./system/greetd.nix ./system/gui.nix ./system/home-manager.nix - ./system/home-manager-stable.nix ./system/input.nix ./system/kernel.nix ./system/nix.nix diff --git a/modules/system/home-manager-stable.nix b/modules/system/home-manager-stable.nix deleted file mode 100644 index 43842d7..0000000 --- a/modules/system/home-manager-stable.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ config, inputs, modules, ... }: { - imports = [ - inputs.home-manager-stable.nixosModules.home-manager - ]; - home-manager = { - useGlobalPkgs = true; - useUserPackages = true; - extraSpecialArgs = { - inherit inputs modules; - sysConfig = config; - }; - sharedModules = [ - { - imports = [ modules.options ]; - config.me = config.me; - } - ]; - }; -} From c0679f7e7969fcc76c45e8adbb91802da0d26289 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 15 Mar 2026 19:53:38 +1100 Subject: [PATCH 204/363] hosts/dandelion: remove postgres not sure why it's still there, hopefully nothing breaks :) --- hosts/dandelion/default.nix | 1 - modules/services/postgres.nix | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/dandelion/default.nix b/hosts/dandelion/default.nix index eefe5db..a3b2e88 100644 --- a/hosts/dandelion/default.nix +++ b/hosts/dandelion/default.nix @@ -21,7 +21,6 @@ modules.services.banksia modules.services.nginx - modules.services.postgres modules.services.unbound modules.services.website diff --git a/modules/services/postgres.nix b/modules/services/postgres.nix index bffdcee..bbbeaa1 100644 --- a/modules/services/postgres.nix +++ b/modules/services/postgres.nix @@ -8,6 +8,7 @@ in { services.postgresql = { enable = true; dataDir = dir; + # TODO: broken :3 package = pkgs.postgresql_13; authentication = lib.mkOverride 10 '' #type database DBuser origin-address auth-method From dfd00aad38db6415981b876715e86558d372f7f4 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 15 Mar 2026 20:03:07 +1100 Subject: [PATCH 205/363] hosts/dandelion: use new containers --- hosts/anemone/default.nix | 3 --- hosts/dandelion/default.nix | 6 ++++-- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/hosts/anemone/default.nix b/hosts/anemone/default.nix index 65e9d43..aa4c81b 100644 --- a/hosts/anemone/default.nix +++ b/hosts/anemone/default.nix @@ -37,9 +37,6 @@ ../../users/rin modules.services.syncthing - - inputs.c-amethyst.nixosModule - inputs.c-beryllium.nixosModule ]; me = { diff --git a/hosts/dandelion/default.nix b/hosts/dandelion/default.nix index a3b2e88..7500d21 100644 --- a/hosts/dandelion/default.nix +++ b/hosts/dandelion/default.nix @@ -1,4 +1,4 @@ -{ modules, modulesPath, ... }: { +{ inputs, modules, modulesPath, ... }: { networking.hostName = "dandelion"; system.stateVersion = "23.11"; time.timeZone = "Australia/Melbourne"; @@ -24,10 +24,12 @@ modules.services.unbound modules.services.website + inputs.c-amethyst.nixosModule + inputs.c-beryllium.nixosModule + ./filesystem.nix ./kernel.nix ./networking.nix - ./transmission-container.nix ../../users/hana ]; From a9e9ae41acfcddfe20930620234e68e63fe9de05 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 15 Mar 2026 20:52:24 +1100 Subject: [PATCH 206/363] containers/amethyst: expose under local nginx --- containers/amethyst/flake.nix | 5 ++ hosts/dandelion/transmission-container.nix | 68 ---------------------- 2 files changed, 5 insertions(+), 68 deletions(-) delete mode 100644 hosts/dandelion/transmission-container.nix diff --git a/containers/amethyst/flake.nix b/containers/amethyst/flake.nix index a8bbeee..7ee705a 100644 --- a/containers/amethyst/flake.nix +++ b/containers/amethyst/flake.nix @@ -17,6 +17,11 @@ internalInterfaces = [ "ve-+" ]; }; + services.nginx.virtualHosts."amethyst.local.lava.moe" = { + locations."/".proxyPass = "http://10.30.${subnet}.2:9091"; + listenAddresses = [ "10.0.0.0/24" "fd0d::/16" ]; + }; + systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ]; containers.${name} = { autoStart = true; diff --git a/hosts/dandelion/transmission-container.nix b/hosts/dandelion/transmission-container.nix deleted file mode 100644 index e3ee5ae..0000000 --- a/hosts/dandelion/transmission-container.nix +++ /dev/null @@ -1,68 +0,0 @@ -{ lib, modules, pkgs, gcSecrets, ... }: { - networking.nat = { - enable = true; - internalInterfaces = [ "ve-+" ]; - externalInterface = "enp0s6"; - }; - - networking.firewall = { - extraCommands = '' - ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -d 10.25.0.11 -p tcp -m tcp --dport 9091 -j MASQUERADE - ''; - extraStopCommands = '' - ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -d 10.25.0.11 -p tcp -m tcp --dport 9091 -j MASQUERADE || true - ''; - }; - - services.nginx.virtualHosts."tr.dandelion.gw.lava.moe" = { - locations."/".proxyPass = "http://10.25.0.11:9091"; - }; - - containers.transmission = { - autoStart = true; - privateNetwork = true; - hostAddress = "10.25.0.10"; - localAddress = "10.25.0.11"; - bindMounts."vpn" = { - hostPath = "/persist/aus.conf"; - mountPoint = "/vpn.conf"; - isReadOnly = true; - }; - bindMounts."transmission" = { - hostPath = "/persist/transmission"; - mountPoint = "/persist/transmission"; - isReadOnly = false; - }; - config = { - system.stateVersion = "23.11"; - networking.wg-quick.interfaces.wg0 = { - configFile = "/vpn.conf"; - preUp = '' - # Try to access the DNS for up to 300s - for i in {1..60}; do - ${pkgs.iputils}/bin/ping -c1 'google.com' && break - echo "Attempt $i: DNS still not available" - sleep 5s - done - ''; - }; - - networking.firewall.enable = false; - # https://github.com/NixOS/nixpkgs/issues/258793 - systemd.services.transmission.serviceConfig = { - BindReadOnlyPaths = lib.mkForce [ builtins.storeDir "/etc" ]; - RootDirectoryStartOnly = lib.mkForce false; - RootDirectory = lib.mkForce ""; - PrivateMounts = lib.mkForce false; - PrivateUsers = lib.mkForce false; - }; - imports = [ modules.services.transmission ]; - services.transmission.settings = { - rpc-host-whitelist-enabled = false; - rpc-whitelist = lib.mkForce "10.100.0.*,10.0.0.*,10.25.0.*,192.168.100.*"; - rpc-username = gcSecrets.transmission.username; - rpc-password = gcSecrets.transmission.password; - }; - }; - }; -} From 54fd3373d02adec4834dd0f9776d78bb36d2ca34 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 15 Mar 2026 20:53:08 +1100 Subject: [PATCH 207/363] system/nix-stable: enable nh --- modules/system/nix-stable.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/system/nix-stable.nix b/modules/system/nix-stable.nix index a88612a..fcd1662 100644 --- a/modules/system/nix-stable.nix +++ b/modules/system/nix-stable.nix @@ -17,4 +17,5 @@ ''; }; nixpkgs.config.allowUnfree = true; + programs.nh.enable = true; } From 2f4cbd382c4436ffe06afbad8f671fdbc226fdab Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 15 Mar 2026 21:06:20 +1100 Subject: [PATCH 208/363] user/comma: init --- flake.lock | 21 +++++++++++++++++++++ flake.nix | 2 ++ modules/default.nix | 1 + modules/system/packages.nix | 1 - modules/user/comma.nix | 7 +++++++ modules/user/zsh.nix | 1 - users/hana/default.nix | 1 + users/rin/default.nix | 1 + 8 files changed, 33 insertions(+), 2 deletions(-) create mode 100644 modules/user/comma.nix diff --git a/flake.lock b/flake.lock index a5f3b81..3099d30 100644 --- a/flake.lock +++ b/flake.lock @@ -474,6 +474,26 @@ "type": "github" } }, + "nix-index-database": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1773552174, + "narHash": "sha256-mHSRNrT1rjeYBgkAlj07dW3+1nFEgAd8Gu6lgyfT9DU=", + "owner": "nix-community", + "repo": "nix-index-database", + "rev": "8faeb68130df077450451b6734a221ba0d6cde42", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-index-database", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1764242076, @@ -728,6 +748,7 @@ "linux-tkg": "linux-tkg", "neovim-nightly": "neovim-nightly", "nix-gaming": "nix-gaming", + "nix-index-database": "nix-index-database", "nixpkgs": "nixpkgs_6", "nvim-treesitter": "nvim-treesitter", "pastel": "pastel", diff --git a/flake.nix b/flake.nix index c359c93..407c4fa 100644 --- a/flake.nix +++ b/flake.nix @@ -14,6 +14,8 @@ neovim-nightly.inputs.nixpkgs.follows = "nixpkgs"; nix-gaming.url = "github:fufexan/nix-gaming"; + nix-index-database.url = "github:nix-community/nix-index-database"; + nix-index-database.inputs.nixpkgs.follows = "nixpkgs"; spicetify-nix.url = "github:Gerg-L/spicetify-nix"; spicetify-nix.inputs.nixpkgs.follows = "nixpkgs"; diff --git a/modules/default.nix b/modules/default.nix index 93b3c88..f47d4ee 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -54,6 +54,7 @@ in { ]; user = mkAttrsFromPaths [ ./user/catppuccin.nix + ./user/comma.nix ./user/direnv.nix ./user/dunst.nix ./user/eww.nix diff --git a/modules/system/packages.nix b/modules/system/packages.nix index 8670e6e..afeef4e 100644 --- a/modules/system/packages.nix +++ b/modules/system/packages.nix @@ -1,7 +1,6 @@ { pkgs, ... }: { imports = [ ./packages-gui.nix ]; environment.systemPackages = with pkgs; [ - comma # ecryptfs efibootmgr fd diff --git a/modules/user/comma.nix b/modules/user/comma.nix new file mode 100644 index 0000000..5ae7f03 --- /dev/null +++ b/modules/user/comma.nix @@ -0,0 +1,7 @@ +{ inputs, ... }: { + imports = [ + inputs.nix-index-database.homeModules.default + ]; + programs.nix-index.enable = true; + programs.nix-index-database.comma.enable = true; +} diff --git a/modules/user/zsh.nix b/modules/user/zsh.nix index 6e8db74..1eb736c 100644 --- a/modules/user/zsh.nix +++ b/modules/user/zsh.nix @@ -102,7 +102,6 @@ let bindkey -a -r ':' ''; in { - programs.command-not-found.enable = true; programs.zsh = { enable = true; dotDir = "${config.xdg.configHome}/zsh"; diff --git a/users/hana/default.nix b/users/hana/default.nix index ed7a464..da2022a 100644 --- a/users/hana/default.nix +++ b/users/hana/default.nix @@ -21,6 +21,7 @@ }; imports = with modules.user; [ + comma direnv git neovim-minimal diff --git a/users/rin/default.nix b/users/rin/default.nix index 91166ed..a70d716 100644 --- a/users/rin/default.nix +++ b/users/rin/default.nix @@ -21,6 +21,7 @@ sessionVariables catppuccin + comma direnv git gpg From e0f148251199d8168f15e52f0fa28c3e29f0391c Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 15 Mar 2026 21:17:35 +1100 Subject: [PATCH 209/363] containers/amethyst: fix nginx listen address --- containers/amethyst/flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/amethyst/flake.nix b/containers/amethyst/flake.nix index 7ee705a..b332f23 100644 --- a/containers/amethyst/flake.nix +++ b/containers/amethyst/flake.nix @@ -19,7 +19,7 @@ services.nginx.virtualHosts."amethyst.local.lava.moe" = { locations."/".proxyPass = "http://10.30.${subnet}.2:9091"; - listenAddresses = [ "10.0.0.0/24" "fd0d::/16" ]; + listenAddresses = [ "10.0.0.1" "fd0d::1" ]; }; systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ]; From 42eeba3a9fb8a2dc0cb25aaa2e00694c1b9461c9 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 15 Mar 2026 21:18:24 +1100 Subject: [PATCH 210/363] system/nix-stable: use latest nix --- modules/system/nix-stable.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/system/nix-stable.nix b/modules/system/nix-stable.nix index fcd1662..1884c04 100644 --- a/modules/system/nix-stable.nix +++ b/modules/system/nix-stable.nix @@ -1,5 +1,7 @@ { config, lib, pkgs, ... }: { nix = { + package = pkgs.nixVersions.latest; + settings = rec { substituters = [ "https://cache.nixos.org?priority=10" From f8d4e05080b510ada8685427c82df603ff4f9227 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 15 Mar 2026 21:31:54 +1100 Subject: [PATCH 211/363] containers/amethyst: fix nginx ipv6 listenaddr --- containers/amethyst/flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/amethyst/flake.nix b/containers/amethyst/flake.nix index b332f23..8bea1ff 100644 --- a/containers/amethyst/flake.nix +++ b/containers/amethyst/flake.nix @@ -19,7 +19,7 @@ services.nginx.virtualHosts."amethyst.local.lava.moe" = { locations."/".proxyPass = "http://10.30.${subnet}.2:9091"; - listenAddresses = [ "10.0.0.1" "fd0d::1" ]; + listenAddresses = [ "10.0.0.1" "[fd0d::1]" ]; }; systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ]; From d4768ea7bfc4bc7d40e4d11a7b51b935aa9e0547 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 15 Mar 2026 21:34:04 +1100 Subject: [PATCH 212/363] users/hana: add nh flake path --- users/hana/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/users/hana/default.nix b/users/hana/default.nix index da2022a..69558ea 100644 --- a/users/hana/default.nix +++ b/users/hana/default.nix @@ -1,4 +1,5 @@ { config, lib, modules, pkgs, ... }: { + programs.nh.flake = "/persist/hana/flakes"; programs.zsh.enable = true; users.users.hana = { isNormalUser = true; From 2a4a4c5d47d787fa79990ccf9b3b23deb7743f9a Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 15 Mar 2026 21:38:10 +1100 Subject: [PATCH 213/363] containers/amethyst: enable ssl --- containers/amethyst/flake.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/containers/amethyst/flake.nix b/containers/amethyst/flake.nix index 8bea1ff..23d3ab6 100644 --- a/containers/amethyst/flake.nix +++ b/containers/amethyst/flake.nix @@ -18,6 +18,8 @@ }; services.nginx.virtualHosts."amethyst.local.lava.moe" = { + useACMEHost = "lava.moe"; + forceSSL = true; locations."/".proxyPass = "http://10.30.${subnet}.2:9091"; listenAddresses = [ "10.0.0.1" "[fd0d::1]" ]; }; From 52a3e8557e70d4cbc27550bfff15409be69f3753 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 15 Mar 2026 22:27:47 +1100 Subject: [PATCH 214/363] containers/amethyst: use ipv6 for proxy --- containers/amethyst/flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/amethyst/flake.nix b/containers/amethyst/flake.nix index 23d3ab6..ff70120 100644 --- a/containers/amethyst/flake.nix +++ b/containers/amethyst/flake.nix @@ -20,7 +20,7 @@ services.nginx.virtualHosts."amethyst.local.lava.moe" = { useACMEHost = "lava.moe"; forceSSL = true; - locations."/".proxyPass = "http://10.30.${subnet}.2:9091"; + locations."/".proxyPass = "http://[fd0d:1::${subnet}:2]:9091"; listenAddresses = [ "10.0.0.1" "[fd0d::1]" ]; }; From c42fdb7940de4a319c09a1651ab179b2a237a77c Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 15 Mar 2026 22:33:23 +1100 Subject: [PATCH 215/363] containers/beryllium: add nginx configuration --- containers/beryllium/configuration.nix | 2 ++ containers/beryllium/flake.nix | 7 +++++++ 2 files changed, 9 insertions(+) diff --git a/containers/beryllium/configuration.nix b/containers/beryllium/configuration.nix index d877f3b..057ae8f 100644 --- a/containers/beryllium/configuration.nix +++ b/containers/beryllium/configuration.nix @@ -9,6 +9,8 @@ services.matrix-continuwuity = { enable = true; settings.global = { + # TODO: link this with outer container's address + address = [ "fd0d:1::2:2" ]; server_name = "lava.moe"; }; }; diff --git a/containers/beryllium/flake.nix b/containers/beryllium/flake.nix index af3d7aa..4e7cb5b 100644 --- a/containers/beryllium/flake.nix +++ b/containers/beryllium/flake.nix @@ -17,6 +17,13 @@ internalInterfaces = [ "ve-+" ]; }; + services.nginx.virtualHosts."beryllium.lava.moe" = { + useACMEHost = "lava.moe"; + forceSSL = true; + locations."/".proxyPass = "http://[fd0d:1::${subnet}:2]:6167"; + listenAddresses = [ "10.0.0.1" "[fd0d::1]" ]; + }; + systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ]; containers.${name} = { autoStart = true; From 16703bade1f45d09b21e96c3e4e608eea81555a6 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 15 Mar 2026 22:38:53 +1100 Subject: [PATCH 216/363] containers/beryllium: open firewall --- containers/beryllium/configuration.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/containers/beryllium/configuration.nix b/containers/beryllium/configuration.nix index 057ae8f..752b5a3 100644 --- a/containers/beryllium/configuration.nix +++ b/containers/beryllium/configuration.nix @@ -5,6 +5,8 @@ fsType = "none"; options = [ "bind" ]; }; + networking.firewall.allowedTCPPorts = [ 6167 ]; + networking.firewall.allowedUDPPorts = [ 6167 ]; services.matrix-continuwuity = { enable = true; From 1486058b905f0967dd13783177f538a11ee5387a Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 15 Mar 2026 22:48:04 +1100 Subject: [PATCH 217/363] containers/beryllium: configure proper delegation --- containers/beryllium/flake.nix | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/containers/beryllium/flake.nix b/containers/beryllium/flake.nix index 4e7cb5b..e1799ac 100644 --- a/containers/beryllium/flake.nix +++ b/containers/beryllium/flake.nix @@ -20,10 +20,36 @@ services.nginx.virtualHosts."beryllium.lava.moe" = { useACMEHost = "lava.moe"; forceSSL = true; + # locations."/".extraConfig = "return 302 'https://lava.moe'"; locations."/".proxyPass = "http://[fd0d:1::${subnet}:2]:6167"; + # locations."/_matrix".proxyPass = "http://[::1]:8008"; + locations."/_matrix".proxyPass = "http://[fd0d:1::${subnet}:2]:6167"; + locations."/_conduwuit".proxyPass = "http://[fd0d:1::${subnet}:2]:6167"; + locations."/_continuwuity".proxyPass = "http://[fd0d:1::${subnet}:2]:6167"; listenAddresses = [ "10.0.0.1" "[fd0d::1]" ]; }; + services.nginx.virtualHosts."lava.moe" = { + locations."= /.well-known/matrix/server".extraConfig = + let + server = { "m.server" = "beryllium.lava.moe:443"; }; + in '' + add_header Content-Type application/json; + return 200 '${builtins.toJSON server}'; + ''; + locations."= /.well-known/matrix/client".extraConfig = + let + client = { + "m.homeserver" = { "base_url" = "https://beryllium.lava.moe"; }; + # "m.identity_server" = { "base_url" = "https://vector.im"; }; + }; + in '' + add_header Content-Type application/json; + add_header Access-Control-Allow-Origin *; + return 200 '${builtins.toJSON client}'; + ''; + }; + systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ]; containers.${name} = { autoStart = true; From d02d1dbb337da59d182f444ec33593b7ff490864 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 15 Mar 2026 22:54:24 +1100 Subject: [PATCH 218/363] containers/beryllium: listen on all addresses --- containers/beryllium/flake.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/containers/beryllium/flake.nix b/containers/beryllium/flake.nix index e1799ac..8dfa150 100644 --- a/containers/beryllium/flake.nix +++ b/containers/beryllium/flake.nix @@ -26,7 +26,6 @@ locations."/_matrix".proxyPass = "http://[fd0d:1::${subnet}:2]:6167"; locations."/_conduwuit".proxyPass = "http://[fd0d:1::${subnet}:2]:6167"; locations."/_continuwuity".proxyPass = "http://[fd0d:1::${subnet}:2]:6167"; - listenAddresses = [ "10.0.0.1" "[fd0d::1]" ]; }; services.nginx.virtualHosts."lava.moe" = { From a2337566da87cbc78d84fa3625f49203528a9e3d Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 15 Mar 2026 22:57:49 +1100 Subject: [PATCH 219/363] containers/beryllium: redirect root to website --- containers/beryllium/flake.nix | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/containers/beryllium/flake.nix b/containers/beryllium/flake.nix index 8dfa150..f857406 100644 --- a/containers/beryllium/flake.nix +++ b/containers/beryllium/flake.nix @@ -20,9 +20,7 @@ services.nginx.virtualHosts."beryllium.lava.moe" = { useACMEHost = "lava.moe"; forceSSL = true; - # locations."/".extraConfig = "return 302 'https://lava.moe'"; - locations."/".proxyPass = "http://[fd0d:1::${subnet}:2]:6167"; - # locations."/_matrix".proxyPass = "http://[::1]:8008"; + locations."/".extraConfig = "return 302 'https://lava.moe'"; locations."/_matrix".proxyPass = "http://[fd0d:1::${subnet}:2]:6167"; locations."/_conduwuit".proxyPass = "http://[fd0d:1::${subnet}:2]:6167"; locations."/_continuwuity".proxyPass = "http://[fd0d:1::${subnet}:2]:6167"; From 3bbaf8785c2477fe697936290c0a7a526918bf45 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 15 Mar 2026 23:01:21 +1100 Subject: [PATCH 220/363] containers/beryllium: add missing semicolon --- containers/beryllium/flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/beryllium/flake.nix b/containers/beryllium/flake.nix index f857406..46d3428 100644 --- a/containers/beryllium/flake.nix +++ b/containers/beryllium/flake.nix @@ -20,7 +20,7 @@ services.nginx.virtualHosts."beryllium.lava.moe" = { useACMEHost = "lava.moe"; forceSSL = true; - locations."/".extraConfig = "return 302 'https://lava.moe'"; + locations."/".extraConfig = "return 302 'https://lava.moe';"; locations."/_matrix".proxyPass = "http://[fd0d:1::${subnet}:2]:6167"; locations."/_conduwuit".proxyPass = "http://[fd0d:1::${subnet}:2]:6167"; locations."/_continuwuity".proxyPass = "http://[fd0d:1::${subnet}:2]:6167"; From a06d0d86fc61bafbac8f99a8425a8b705b1cd5ab Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 15 Mar 2026 23:23:16 +1100 Subject: [PATCH 221/363] containers/beryllium: properly set dns resolver --- containers/beryllium/configuration.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/containers/beryllium/configuration.nix b/containers/beryllium/configuration.nix index 752b5a3..8c01248 100644 --- a/containers/beryllium/configuration.nix +++ b/containers/beryllium/configuration.nix @@ -7,6 +7,8 @@ }; networking.firewall.allowedTCPPorts = [ 6167 ]; networking.firewall.allowedUDPPorts = [ 6167 ]; + # TODO: this should be generically set + networking.nameservers = [ "fd0d:1::2:1" ]; services.matrix-continuwuity = { enable = true; From a2f82bc7d5b521ab8a5719ea1dc2fc0349909401 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 15 Mar 2026 23:31:20 +1100 Subject: [PATCH 222/363] containers/beryllium: don't use host resolvconf --- containers/beryllium/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/containers/beryllium/configuration.nix b/containers/beryllium/configuration.nix index 8c01248..07740d2 100644 --- a/containers/beryllium/configuration.nix +++ b/containers/beryllium/configuration.nix @@ -8,6 +8,7 @@ networking.firewall.allowedTCPPorts = [ 6167 ]; networking.firewall.allowedUDPPorts = [ 6167 ]; # TODO: this should be generically set + networking.useHostResolvConf = false; networking.nameservers = [ "fd0d:1::2:1" ]; services.matrix-continuwuity = { From 5722249dd2046398bd0657748016d09f46fb92ab Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 15 Mar 2026 23:34:58 +1100 Subject: [PATCH 223/363] services/unbound: open firewall for dns from containers --- modules/services/unbound.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/services/unbound.nix b/modules/services/unbound.nix index e6ec4ad..349f9e8 100644 --- a/modules/services/unbound.nix +++ b/modules/services/unbound.nix @@ -7,6 +7,10 @@ let grep '^0\.0\.0\.0' "${inputs.stevenblack-hosts}/hosts" | awk '{print "local-zone: \""$2"\" always_refuse"}' | tail -n +2 >> "$out" ''; in { + networking.firewall.interfaces."ve-+" = { + allowedUDPPorts = [ 53 853 ]; + allowedTCPPorts = [ 53 853 ]; + }; networking.firewall.interfaces.wg0 = { allowedUDPPorts = [ 53 853 ]; allowedTCPPorts = [ 53 853 ]; From 249942280d9ac010633eb110a42f21412487c9f0 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Mon, 16 Mar 2026 00:45:05 +1100 Subject: [PATCH 224/363] containers: don't use wildcard nat interfaces --- containers/amethyst/flake.nix | 4 ++-- containers/beryllium/flake.nix | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/containers/amethyst/flake.nix b/containers/amethyst/flake.nix index ff70120..4865e29 100644 --- a/containers/amethyst/flake.nix +++ b/containers/amethyst/flake.nix @@ -14,10 +14,10 @@ networking.nat = { enable = true; enableIPv6 = true; - internalInterfaces = [ "ve-+" ]; + internalInterfaces = [ "ve-${name}" ]; }; - services.nginx.virtualHosts."amethyst.local.lava.moe" = { + services.nginx.virtualHosts."${name}.local.lava.moe" = { useACMEHost = "lava.moe"; forceSSL = true; locations."/".proxyPass = "http://[fd0d:1::${subnet}:2]:9091"; diff --git a/containers/beryllium/flake.nix b/containers/beryllium/flake.nix index 46d3428..adab4f0 100644 --- a/containers/beryllium/flake.nix +++ b/containers/beryllium/flake.nix @@ -14,10 +14,10 @@ networking.nat = { enable = true; enableIPv6 = true; - internalInterfaces = [ "ve-+" ]; + internalInterfaces = [ "ve-${name}" ]; }; - services.nginx.virtualHosts."beryllium.lava.moe" = { + services.nginx.virtualHosts."${name}.lava.moe" = { useACMEHost = "lava.moe"; forceSSL = true; locations."/".extraConfig = "return 302 'https://lava.moe';"; From 36f214f2a464ec16395893a06cae66cb6e57128d Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Mon, 16 Mar 2026 00:48:51 +1100 Subject: [PATCH 225/363] containers/citrine: init --- containers/citrine/configuration.nix | 19 +++++++++++ containers/citrine/flake.lock | 27 ++++++++++++++++ containers/citrine/flake.nix | 48 ++++++++++++++++++++++++++++ flake.lock | 41 +++++++++++++++++++++--- flake.nix | 1 + hosts/anemone/default.nix | 2 ++ 6 files changed, 133 insertions(+), 5 deletions(-) create mode 100644 containers/citrine/configuration.nix create mode 100644 containers/citrine/flake.lock create mode 100644 containers/citrine/flake.nix diff --git a/containers/citrine/configuration.nix b/containers/citrine/configuration.nix new file mode 100644 index 0000000..90cdb0d --- /dev/null +++ b/containers/citrine/configuration.nix @@ -0,0 +1,19 @@ +{ ... }: { + system.stateVersion = "25.11"; + networking.firewall.allowedTCPPorts = [ 3000 ]; + networking.firewall.allowedUDPPorts = [ 3000 ]; + + services.forgejo = { + enable = true; + lfs.enable = true; + settings = { + server = { + DOMAIN = "garden.lava.moe"; + ROOT_URL = "https://garden.lava.moe/"; + HTTP_PORT = 3000; + }; + service.DISABLE_REGISTRATION = false; + }; + stateDir = "/persist/forgejo"; + }; +} diff --git a/containers/citrine/flake.lock b/containers/citrine/flake.lock new file mode 100644 index 0000000..88ab73f --- /dev/null +++ b/containers/citrine/flake.lock @@ -0,0 +1,27 @@ +{ + "nodes": { + "nixpkgs": { + "locked": { + "lastModified": 1773282481, + "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/containers/citrine/flake.nix b/containers/citrine/flake.nix new file mode 100644 index 0000000..bd6ccdf --- /dev/null +++ b/containers/citrine/flake.nix @@ -0,0 +1,48 @@ +{ + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + }; + outputs = { nixpkgs, ... }: { + nixosConfigurations.container = nixpkgs.lib.nixosSystem { + modules = [ ./configuration.nix ]; + }; + nixosModule = { ... }: + let + name = "citrine"; + subnet = "3"; + in { + # networking.nat = { + # enable = true; + # enableIPv6 = true; + # internalInterfaces = [ "ve-${name}" ]; + # }; + + services.nginx.virtualHosts."garden.lava.moe" = { + useACMEHost = "lava.moe"; + forceSSL = true; + locations."/".proxyPass = "http://[fd0d:1::${subnet}:2]:3000"; + }; + + systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ]; + containers.${name} = { + autoStart = true; + privateNetwork = true; + hostAddress = "10.30.${subnet}.1"; + localAddress = "10.30.${subnet}.2"; + hostAddress6 = "fd0d:1::${subnet}:1"; + localAddress6 = "fd0d:1::${subnet}:2"; + # privateUsers = "pick"; + nixpkgs = nixpkgs; + ephemeral = true; + config = { imports = [ ./configuration.nix ]; }; + + bindMounts."persist" = { + hostPath = "/persist/containers/${name}"; + mountPoint = "/persist"; + isReadOnly = false; + }; + # flake = "path:" + ./.; + }; + }; + }; +} diff --git a/flake.lock b/flake.lock index 3099d30..cd62ccb 100644 --- a/flake.lock +++ b/flake.lock @@ -71,6 +71,20 @@ }, "parent": [] }, + "c-citrine": { + "inputs": { + "nixpkgs": "nixpkgs_5" + }, + "locked": { + "path": "./containers/citrine", + "type": "path" + }, + "original": { + "path": "./containers/citrine", + "type": "path" + }, + "parent": [] + }, "catppuccin": { "inputs": { "catppuccin-v1_1": "catppuccin-v1_1", @@ -458,7 +472,7 @@ "nix-gaming": { "inputs": { "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs_5" + "nixpkgs": "nixpkgs_6" }, "locked": { "lastModified": 1770778188, @@ -590,6 +604,22 @@ } }, "nixpkgs_5": { + "locked": { + "lastModified": 1773282481, + "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_6": { "locked": { "lastModified": 1770537093, "narHash": "sha256-pF1quXG5wsgtyuPOHcLfYg/ft/QMr8NnX0i6tW2187s=", @@ -605,7 +635,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_7": { "locked": { "lastModified": 1770562336, "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", @@ -621,7 +651,7 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_8": { "locked": { "lastModified": 1770019141, "narHash": "sha256-VKS4ZLNx4PNrABoB0L8KUpc1fE7CLpQXQs985tGfaCU=", @@ -679,7 +709,7 @@ "pastel": { "inputs": { "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs_7", + "nixpkgs": "nixpkgs_8", "pnpm2nix": "pnpm2nix" }, "locked": { @@ -741,6 +771,7 @@ "agenix": "agenix", "c-amethyst": "c-amethyst", "c-beryllium": "c-beryllium", + "c-citrine": "c-citrine", "catppuccin": "catppuccin", "catppuccin-palette": "catppuccin-palette", "fast-syntax-highlighting": "fast-syntax-highlighting", @@ -749,7 +780,7 @@ "neovim-nightly": "neovim-nightly", "nix-gaming": "nix-gaming", "nix-index-database": "nix-index-database", - "nixpkgs": "nixpkgs_6", + "nixpkgs": "nixpkgs_7", "nvim-treesitter": "nvim-treesitter", "pastel": "pastel", "pure": "pure", diff --git a/flake.nix b/flake.nix index 407c4fa..f8866db 100644 --- a/flake.nix +++ b/flake.nix @@ -40,6 +40,7 @@ # containers c-amethyst.url = "path:./containers/amethyst"; c-beryllium.url = "path:./containers/beryllium"; + c-citrine.url = "path:./containers/citrine"; }; outputs = { self, agenix, catppuccin, nixpkgs, ... } @ inputs: diff --git a/hosts/anemone/default.nix b/hosts/anemone/default.nix index aa4c81b..367e975 100644 --- a/hosts/anemone/default.nix +++ b/hosts/anemone/default.nix @@ -37,6 +37,8 @@ ../../users/rin modules.services.syncthing + + inputs.c-citrine.nixosModule ]; me = { From 18c6cb6773947ef80f23d2dbb42fe282bb8d0823 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Mon, 16 Mar 2026 01:02:28 +1100 Subject: [PATCH 226/363] containers/citrine: add cli to packages --- containers/citrine/configuration.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/containers/citrine/configuration.nix b/containers/citrine/configuration.nix index 90cdb0d..35d4e8b 100644 --- a/containers/citrine/configuration.nix +++ b/containers/citrine/configuration.nix @@ -1,4 +1,4 @@ -{ ... }: { +{ config, ... }: { system.stateVersion = "25.11"; networking.firewall.allowedTCPPorts = [ 3000 ]; networking.firewall.allowedUDPPorts = [ 3000 ]; @@ -16,4 +16,6 @@ }; stateDir = "/persist/forgejo"; }; + + environment.systemPackages = [ config.services.forgejo.package ]; } From fd3e877d3d5093bac8244c195c15ff246553d830 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Mon, 16 Mar 2026 01:12:40 +1100 Subject: [PATCH 227/363] containers/citrine: simplify networking --- containers/citrine/flake.nix | 8 -------- 1 file changed, 8 deletions(-) diff --git a/containers/citrine/flake.nix b/containers/citrine/flake.nix index bd6ccdf..bb4c1f4 100644 --- a/containers/citrine/flake.nix +++ b/containers/citrine/flake.nix @@ -11,12 +11,6 @@ name = "citrine"; subnet = "3"; in { - # networking.nat = { - # enable = true; - # enableIPv6 = true; - # internalInterfaces = [ "ve-${name}" ]; - # }; - services.nginx.virtualHosts."garden.lava.moe" = { useACMEHost = "lava.moe"; forceSSL = true; @@ -27,8 +21,6 @@ containers.${name} = { autoStart = true; privateNetwork = true; - hostAddress = "10.30.${subnet}.1"; - localAddress = "10.30.${subnet}.2"; hostAddress6 = "fd0d:1::${subnet}:1"; localAddress6 = "fd0d:1::${subnet}:2"; # privateUsers = "pick"; From 2a27838974be5a23f399a37d0d9a529da9e88237 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Mon, 16 Mar 2026 01:13:36 +1100 Subject: [PATCH 228/363] hosts/dandelion: move citrine from anemone --- hosts/anemone/default.nix | 2 -- hosts/dandelion/default.nix | 1 + 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/hosts/anemone/default.nix b/hosts/anemone/default.nix index 367e975..aa4c81b 100644 --- a/hosts/anemone/default.nix +++ b/hosts/anemone/default.nix @@ -37,8 +37,6 @@ ../../users/rin modules.services.syncthing - - inputs.c-citrine.nixosModule ]; me = { diff --git a/hosts/dandelion/default.nix b/hosts/dandelion/default.nix index 7500d21..3f87d87 100644 --- a/hosts/dandelion/default.nix +++ b/hosts/dandelion/default.nix @@ -26,6 +26,7 @@ inputs.c-amethyst.nixosModule inputs.c-beryllium.nixosModule + inputs.c-citrine.nixosModule ./filesystem.nix ./kernel.nix From d57703089247253842032ddfd7ce383e14587619 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Mon, 16 Mar 2026 02:04:31 +1100 Subject: [PATCH 229/363] containers/citrine: customise homepage and disable registrations --- containers/citrine/configuration.nix | 7 ++++++- containers/citrine/templates/home.tmpl | 19 +++++++++++++++++++ 2 files changed, 25 insertions(+), 1 deletion(-) create mode 100644 containers/citrine/templates/home.tmpl diff --git a/containers/citrine/configuration.nix b/containers/citrine/configuration.nix index 35d4e8b..b7106a1 100644 --- a/containers/citrine/configuration.nix +++ b/containers/citrine/configuration.nix @@ -3,16 +3,21 @@ networking.firewall.allowedTCPPorts = [ 3000 ]; networking.firewall.allowedUDPPorts = [ 3000 ]; + systemd.tmpfiles.rules = [ + "L+ /persist/forgejo/custom/templates - - - - ${./templates}" + ]; + services.forgejo = { enable = true; lfs.enable = true; settings = { + DEFAULT.APP_NAME = "Garden"; server = { DOMAIN = "garden.lava.moe"; ROOT_URL = "https://garden.lava.moe/"; HTTP_PORT = 3000; }; - service.DISABLE_REGISTRATION = false; + service.DISABLE_REGISTRATION = true; }; stateDir = "/persist/forgejo"; }; diff --git a/containers/citrine/templates/home.tmpl b/containers/citrine/templates/home.tmpl new file mode 100644 index 0000000..853077a --- /dev/null +++ b/containers/citrine/templates/home.tmpl @@ -0,0 +1,19 @@ +{{template "base/head" .}} +{{if not .IsSigned}} + +{{end}} +
+
+
+ +
+

+ {{AppDisplayName}} +

+

{{ctx.Locale.Tr "startpage.app_desc"}}

+
+
+
+ {{template "home_forgejo" .}} +
+{{template "base/footer" .}} From 15c4e4fc51553e6cec7b36a5ba9d925b8b49c3bb Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Mon, 16 Mar 2026 02:32:09 +1100 Subject: [PATCH 230/363] containers/citrine: catppuccin theming --- containers/citrine/configuration.nix | 17 +++- containers/citrine/flake.lock | 37 ++++++++- containers/citrine/flake.nix | 13 +++- .../templates/base/footer_content.tmpl | 31 ++++++++ containers/citrine/templates/home.tmpl | 24 +++--- flake.lock | 77 ++++++++++++++----- hosts/anemone/default.nix | 2 + 7 files changed, 163 insertions(+), 38 deletions(-) create mode 100644 containers/citrine/templates/base/footer_content.tmpl diff --git a/containers/citrine/configuration.nix b/containers/citrine/configuration.nix index b7106a1..fccb236 100644 --- a/containers/citrine/configuration.nix +++ b/containers/citrine/configuration.nix @@ -1,4 +1,4 @@ -{ config, ... }: { +{ config, lib, ... }: { system.stateVersion = "25.11"; networking.firewall.allowedTCPPorts = [ 3000 ]; networking.firewall.allowedUDPPorts = [ 3000 ]; @@ -17,10 +17,25 @@ ROOT_URL = "https://garden.lava.moe/"; HTTP_PORT = 3000; }; + ui = lib.mkForce { + DEFAULT_THEME = "catppuccin-maroon-auto"; + THEMES = lib.strings.concatMapStringsSep "," (x: "${x}-auto") [ + "catppuccin-pink" + "catppuccin-maroon" + "catppuccin-flamingo" + "catppuccin-rosewater" + "forgejo" + "gitea" + ]; + }; + api.ENABLE_SWAGGER = false; + other.SHOW_FOOTER_TEMPLATE_LOAD_TIME = false; service.DISABLE_REGISTRATION = true; }; stateDir = "/persist/forgejo"; }; + catppuccin.forgejo.enable = true; + environment.systemPackages = [ config.services.forgejo.package ]; } diff --git a/containers/citrine/flake.lock b/containers/citrine/flake.lock index 88ab73f..d627614 100644 --- a/containers/citrine/flake.lock +++ b/containers/citrine/flake.lock @@ -1,6 +1,40 @@ { "nodes": { + "catppuccin": { + "inputs": { + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1773403535, + "narHash": "sha256-47MZaFrHxNO8tVUAmtVnerXUw2WWVluBOiU9MulN/yM=", + "owner": "catppuccin", + "repo": "nix", + "rev": "d45b5665cc638bad1b794350de02f4dd41b0bb47", + "type": "github" + }, + "original": { + "owner": "catppuccin", + "repo": "nix", + "type": "github" + } + }, "nixpkgs": { + "locked": { + "lastModified": 1773122722, + "narHash": "sha256-FIqHByVqxCprNjor1NqF80F2QQoiiyqanNNefdlvOg4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "62dc67aa6a52b4364dd75994ec00b51fbf474e50", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { "locked": { "lastModified": 1773282481, "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=", @@ -18,7 +52,8 @@ }, "root": { "inputs": { - "nixpkgs": "nixpkgs" + "catppuccin": "catppuccin", + "nixpkgs": "nixpkgs_2" } } }, diff --git a/containers/citrine/flake.nix b/containers/citrine/flake.nix index bb4c1f4..72ff573 100644 --- a/containers/citrine/flake.nix +++ b/containers/citrine/flake.nix @@ -1,10 +1,17 @@ { inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + catppuccin.url = "github:catppuccin/nix"; }; - outputs = { nixpkgs, ... }: { + outputs = { nixpkgs, catppuccin, ... }: + let + modules = [ + ./configuration.nix + catppuccin.nixosModules.catppuccin + ]; + in { nixosConfigurations.container = nixpkgs.lib.nixosSystem { - modules = [ ./configuration.nix ]; + inherit modules; }; nixosModule = { ... }: let @@ -26,7 +33,7 @@ # privateUsers = "pick"; nixpkgs = nixpkgs; ephemeral = true; - config = { imports = [ ./configuration.nix ]; }; + config = { imports = modules; }; bindMounts."persist" = { hostPath = "/persist/containers/${name}"; diff --git a/containers/citrine/templates/base/footer_content.tmpl b/containers/citrine/templates/base/footer_content.tmpl new file mode 100644 index 0000000..a9238c3 --- /dev/null +++ b/containers/citrine/templates/base/footer_content.tmpl @@ -0,0 +1,31 @@ +
+ +
+
+ {{svg "octicon-globe" 14}} {{ctx.Locale.LangName}} +
+ {{range .AllLangs}} + {{.Name}} + {{end}} +
+
+ {{ctx.Locale.Tr "licenses"}} + {{if .EnableSwagger}}API{{end}} + {{template "custom/extra_links_footer" .}} +
+
diff --git a/containers/citrine/templates/home.tmpl b/containers/citrine/templates/home.tmpl index 853077a..d460caf 100644 --- a/containers/citrine/templates/home.tmpl +++ b/containers/citrine/templates/home.tmpl @@ -3,17 +3,17 @@ {{end}}
-
-
- -
-

- {{AppDisplayName}} -

-

{{ctx.Locale.Tr "startpage.app_desc"}}

-
-
-
- {{template "home_forgejo" .}} +
+
+ +
+

+ {{AppDisplayName}} +

+

{{ctx.Locale.Tr "startpage.app_desc"}}

+
+
+
+ {{template "home_forgejo" .}}
{{template "base/footer" .}} diff --git a/flake.lock b/flake.lock index cd62ccb..1484f08 100644 --- a/flake.lock +++ b/flake.lock @@ -73,7 +73,8 @@ }, "c-citrine": { "inputs": { - "nixpkgs": "nixpkgs_5" + "catppuccin": "catppuccin", + "nixpkgs": "nixpkgs_6" }, "locked": { "path": "./containers/citrine", @@ -87,28 +88,19 @@ }, "catppuccin": { "inputs": { - "catppuccin-v1_1": "catppuccin-v1_1", - "catppuccin-v1_2": "catppuccin-v1_2", - "home-manager": "home-manager_2", - "home-manager-stable": "home-manager-stable", - "nixpkgs": [ - "nixpkgs" - ], - "nixpkgs-stable": "nixpkgs-stable", - "nuscht-search": "nuscht-search" + "nixpkgs": "nixpkgs_5" }, "locked": { - "lastModified": 1736069220, - "narHash": "sha256-76MaB3COao55nlhWmSmq9PKgu2iGIs54C1cAE0E5J6Y=", + "lastModified": 1773403535, + "narHash": "sha256-47MZaFrHxNO8tVUAmtVnerXUw2WWVluBOiU9MulN/yM=", "owner": "catppuccin", "repo": "nix", - "rev": "8eada392fd6571a747e1c5fc358dd61c14c8704e", + "rev": "d45b5665cc638bad1b794350de02f4dd41b0bb47", "type": "github" }, "original": { "owner": "catppuccin", "repo": "nix", - "rev": "8eada392fd6571a747e1c5fc358dd61c14c8704e", "type": "github" } }, @@ -156,6 +148,33 @@ "url": "https://flakehub.com/f/catppuccin/nix/1.2.%2A.tar.gz" } }, + "catppuccin_2": { + "inputs": { + "catppuccin-v1_1": "catppuccin-v1_1", + "catppuccin-v1_2": "catppuccin-v1_2", + "home-manager": "home-manager_2", + "home-manager-stable": "home-manager-stable", + "nixpkgs": [ + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable", + "nuscht-search": "nuscht-search" + }, + "locked": { + "lastModified": 1736069220, + "narHash": "sha256-76MaB3COao55nlhWmSmq9PKgu2iGIs54C1cAE0E5J6Y=", + "owner": "catppuccin", + "repo": "nix", + "rev": "8eada392fd6571a747e1c5fc358dd61c14c8704e", + "type": "github" + }, + "original": { + "owner": "catppuccin", + "repo": "nix", + "rev": "8eada392fd6571a747e1c5fc358dd61c14c8704e", + "type": "github" + } + }, "darwin": { "inputs": { "nixpkgs": [ @@ -472,7 +491,7 @@ "nix-gaming": { "inputs": { "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs_6" + "nixpkgs": "nixpkgs_7" }, "locked": { "lastModified": 1770778188, @@ -604,6 +623,22 @@ } }, "nixpkgs_5": { + "locked": { + "lastModified": 1773122722, + "narHash": "sha256-FIqHByVqxCprNjor1NqF80F2QQoiiyqanNNefdlvOg4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "62dc67aa6a52b4364dd75994ec00b51fbf474e50", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_6": { "locked": { "lastModified": 1773282481, "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=", @@ -619,7 +654,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_7": { "locked": { "lastModified": 1770537093, "narHash": "sha256-pF1quXG5wsgtyuPOHcLfYg/ft/QMr8NnX0i6tW2187s=", @@ -635,7 +670,7 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_8": { "locked": { "lastModified": 1770562336, "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", @@ -651,7 +686,7 @@ "type": "github" } }, - "nixpkgs_8": { + "nixpkgs_9": { "locked": { "lastModified": 1770019141, "narHash": "sha256-VKS4ZLNx4PNrABoB0L8KUpc1fE7CLpQXQs985tGfaCU=", @@ -709,7 +744,7 @@ "pastel": { "inputs": { "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs_8", + "nixpkgs": "nixpkgs_9", "pnpm2nix": "pnpm2nix" }, "locked": { @@ -772,7 +807,7 @@ "c-amethyst": "c-amethyst", "c-beryllium": "c-beryllium", "c-citrine": "c-citrine", - "catppuccin": "catppuccin", + "catppuccin": "catppuccin_2", "catppuccin-palette": "catppuccin-palette", "fast-syntax-highlighting": "fast-syntax-highlighting", "home-manager": "home-manager_3", @@ -780,7 +815,7 @@ "neovim-nightly": "neovim-nightly", "nix-gaming": "nix-gaming", "nix-index-database": "nix-index-database", - "nixpkgs": "nixpkgs_7", + "nixpkgs": "nixpkgs_8", "nvim-treesitter": "nvim-treesitter", "pastel": "pastel", "pure": "pure", diff --git a/hosts/anemone/default.nix b/hosts/anemone/default.nix index aa4c81b..1d0bdab 100644 --- a/hosts/anemone/default.nix +++ b/hosts/anemone/default.nix @@ -30,6 +30,8 @@ snapper wireguard + inputs.c-citrine.nixosModule + ./filesystem.nix ./kernel.nix ./networking.nix From fa3872647d0f514942f449ffd0cb4cb4aa888423 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Mon, 16 Mar 2026 03:40:35 +1100 Subject: [PATCH 231/363] containers/citrine: forward ssh --- containers/citrine/flake.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/containers/citrine/flake.nix b/containers/citrine/flake.nix index 72ff573..4326ff7 100644 --- a/containers/citrine/flake.nix +++ b/containers/citrine/flake.nix @@ -18,6 +18,16 @@ name = "citrine"; subnet = "3"; in { + # TODO: this is likely dandelion specific + networking.firewall.extraCommands = '' + ip6tables -t nat -A PREROUTING -d fd0d::1:1003 -p tcp --dport 22 -j DNAT --to-destination fd0d:1::${subnet}:2 + ip6tables -t nat -A POSTROUTING -d fd0d:1::${subnet}:2 -p tcp --dport 22 -j SNAT --to-source fd0d::1:1003 + ''; + networking.firewall.extraStopCommands = '' + ip6tables -t nat -D PREROUTING -d fd0d::1:1003 -p tcp --dport 22 -j DNAT --to-destination fd0d:1::${subnet}:2 || true + ip6tables -t nat -D POSTROUTING -d fd0d:1::${subnet}:2 -p tcp --dport 22 -j SNAT --to-source fd0d::1:1003 || true + ''; + services.nginx.virtualHosts."garden.lava.moe" = { useACMEHost = "lava.moe"; forceSSL = true; From 49c161e8abb84cb267650173f00513247bcd769d Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Mon, 16 Mar 2026 03:43:07 +1100 Subject: [PATCH 232/363] hosts/anemone: remove citrine --- hosts/anemone/default.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/hosts/anemone/default.nix b/hosts/anemone/default.nix index 1d0bdab..aa4c81b 100644 --- a/hosts/anemone/default.nix +++ b/hosts/anemone/default.nix @@ -30,8 +30,6 @@ snapper wireguard - inputs.c-citrine.nixosModule - ./filesystem.nix ./kernel.nix ./networking.nix From 27cf526c4760667e07ce6618194150294e3fee78 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Mon, 16 Mar 2026 16:07:08 +1100 Subject: [PATCH 233/363] containers/citrine: fix forwarding --- containers/citrine/configuration.nix | 13 +++++++++++-- containers/citrine/flake.nix | 10 ---------- 2 files changed, 11 insertions(+), 12 deletions(-) diff --git a/containers/citrine/configuration.nix b/containers/citrine/configuration.nix index fccb236..f84f8b6 100644 --- a/containers/citrine/configuration.nix +++ b/containers/citrine/configuration.nix @@ -1,7 +1,7 @@ { config, lib, ... }: { system.stateVersion = "25.11"; - networking.firewall.allowedTCPPorts = [ 3000 ]; - networking.firewall.allowedUDPPorts = [ 3000 ]; + networking.firewall.allowedTCPPorts = [ 22 3000 ]; + networking.firewall.allowedUDPPorts = [ 22 3000 ]; systemd.tmpfiles.rules = [ "L+ /persist/forgejo/custom/templates - - - - ${./templates}" @@ -16,6 +16,9 @@ DOMAIN = "garden.lava.moe"; ROOT_URL = "https://garden.lava.moe/"; HTTP_PORT = 3000; + START_SSH_SERVER = true; + BUILTIN_SSH_SERVER_USER = "git"; + SSH_DOMAIN = "git.lava.moe"; }; ui = lib.mkForce { DEFAULT_THEME = "catppuccin-maroon-auto"; @@ -35,6 +38,12 @@ stateDir = "/persist/forgejo"; }; + systemd.services.forgejo.serviceConfig = { + AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ]; + CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ]; + PrivateUsers = lib.mkForce false; + }; + catppuccin.forgejo.enable = true; environment.systemPackages = [ config.services.forgejo.package ]; diff --git a/containers/citrine/flake.nix b/containers/citrine/flake.nix index 4326ff7..72ff573 100644 --- a/containers/citrine/flake.nix +++ b/containers/citrine/flake.nix @@ -18,16 +18,6 @@ name = "citrine"; subnet = "3"; in { - # TODO: this is likely dandelion specific - networking.firewall.extraCommands = '' - ip6tables -t nat -A PREROUTING -d fd0d::1:1003 -p tcp --dport 22 -j DNAT --to-destination fd0d:1::${subnet}:2 - ip6tables -t nat -A POSTROUTING -d fd0d:1::${subnet}:2 -p tcp --dport 22 -j SNAT --to-source fd0d::1:1003 - ''; - networking.firewall.extraStopCommands = '' - ip6tables -t nat -D PREROUTING -d fd0d::1:1003 -p tcp --dport 22 -j DNAT --to-destination fd0d:1::${subnet}:2 || true - ip6tables -t nat -D POSTROUTING -d fd0d:1::${subnet}:2 -p tcp --dport 22 -j SNAT --to-source fd0d::1:1003 || true - ''; - services.nginx.virtualHosts."garden.lava.moe" = { useACMEHost = "lava.moe"; forceSSL = true; From ffcd5c93d2258e6d719bbd9077332b36267ca6b9 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Mon, 16 Mar 2026 16:18:41 +1100 Subject: [PATCH 234/363] containers/citrine: enable nat --- containers/citrine/flake.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/containers/citrine/flake.nix b/containers/citrine/flake.nix index 72ff573..5f6c381 100644 --- a/containers/citrine/flake.nix +++ b/containers/citrine/flake.nix @@ -18,6 +18,12 @@ name = "citrine"; subnet = "3"; in { + networking.nat = { + enable = true; + enableIPv6 = true; + internalInterfaces = [ "ve-${name}" ]; + }; + services.nginx.virtualHosts."garden.lava.moe" = { useACMEHost = "lava.moe"; forceSSL = true; From a7afbda1091c85eb012aa6495f13b91bf632db9f Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Mon, 16 Mar 2026 16:24:12 +1100 Subject: [PATCH 235/363] containers/citrine: refactor networking and use proper nameservers --- containers/citrine/flake.nix | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/containers/citrine/flake.nix b/containers/citrine/flake.nix index 5f6c381..1a2573e 100644 --- a/containers/citrine/flake.nix +++ b/containers/citrine/flake.nix @@ -5,19 +5,25 @@ }; outputs = { nixpkgs, catppuccin, ... }: let + name = "citrine"; + subnetId = "3"; + subnet = x: "fd0d:1::${subnetId}:${x}"; + host = subnet 1; + client = subnet 2; + modules = [ ./configuration.nix catppuccin.nixosModules.catppuccin + { + networking.useHostResolvConf = false; + networking.nameservers = [ host ]; + } ]; in { nixosConfigurations.container = nixpkgs.lib.nixosSystem { inherit modules; }; - nixosModule = { ... }: - let - name = "citrine"; - subnet = "3"; - in { + nixosModule = { ... }: { networking.nat = { enable = true; enableIPv6 = true; @@ -27,15 +33,15 @@ services.nginx.virtualHosts."garden.lava.moe" = { useACMEHost = "lava.moe"; forceSSL = true; - locations."/".proxyPass = "http://[fd0d:1::${subnet}:2]:3000"; + locations."/".proxyPass = "http://[${client}]:3000"; }; systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ]; containers.${name} = { autoStart = true; privateNetwork = true; - hostAddress6 = "fd0d:1::${subnet}:1"; - localAddress6 = "fd0d:1::${subnet}:2"; + hostAddress6 = host; + localAddress6 = client; # privateUsers = "pick"; nixpkgs = nixpkgs; ephemeral = true; From 1936294ea4a67602aada8f3369c26bb95af4ff95 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Mon, 16 Mar 2026 16:25:25 +1100 Subject: [PATCH 236/363] containers/citrine: oops --- containers/citrine/flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/citrine/flake.nix b/containers/citrine/flake.nix index 1a2573e..5ac3fe3 100644 --- a/containers/citrine/flake.nix +++ b/containers/citrine/flake.nix @@ -7,7 +7,7 @@ let name = "citrine"; subnetId = "3"; - subnet = x: "fd0d:1::${subnetId}:${x}"; + subnet = x: "fd0d:1::${subnetId}:${toString x}"; host = subnet 1; client = subnet 2; From 7226266c30a4a57051a049767787187e7f425f70 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Mon, 16 Mar 2026 16:31:58 +1100 Subject: [PATCH 237/363] containers/citrine: enable ipv4 bc ipv6 is broken and i cba :sob: --- containers/citrine/flake.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/containers/citrine/flake.nix b/containers/citrine/flake.nix index 5ac3fe3..17eef3e 100644 --- a/containers/citrine/flake.nix +++ b/containers/citrine/flake.nix @@ -7,10 +7,15 @@ let name = "citrine"; subnetId = "3"; + subnet = x: "fd0d:1::${subnetId}:${toString x}"; host = subnet 1; client = subnet 2; + subnet4 = x: "10.30.${subnetId}.${toString x}"; + host4 = subnet4 1; + client4 = subnet4 2; + modules = [ ./configuration.nix catppuccin.nixosModules.catppuccin @@ -40,6 +45,8 @@ containers.${name} = { autoStart = true; privateNetwork = true; + hostAddress = host4; + localAddress = client4; hostAddress6 = host; localAddress6 = client; # privateUsers = "pick"; From c4bd8d3fa15d7af8a47e287db0526536e36b973f Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Mon, 16 Mar 2026 16:36:46 +1100 Subject: [PATCH 238/363] containers/citrine: use pq kex algorithms for ssh --- containers/citrine/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/containers/citrine/configuration.nix b/containers/citrine/configuration.nix index f84f8b6..05a099a 100644 --- a/containers/citrine/configuration.nix +++ b/containers/citrine/configuration.nix @@ -19,6 +19,7 @@ START_SSH_SERVER = true; BUILTIN_SSH_SERVER_USER = "git"; SSH_DOMAIN = "git.lava.moe"; + SSH_SERVER_KEY_EXCHANGES = "mlkem768x25519-sha256,sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256"; }; ui = lib.mkForce { DEFAULT_THEME = "catppuccin-maroon-auto"; From 3a45f85c37507ef234782f2c2606e28f69ebb161 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Tue, 17 Mar 2026 02:10:11 +1100 Subject: [PATCH 239/363] dandelion/networking: disable dhcp on enp2s0 --- hosts/dandelion/networking.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/dandelion/networking.nix b/hosts/dandelion/networking.nix index ee27faf..322719e 100644 --- a/hosts/dandelion/networking.nix +++ b/hosts/dandelion/networking.nix @@ -1,3 +1,4 @@ { ... }: { networking.useDHCP = true; + networking.interfaces.enp2s0.useDHCP = false; } From 66332a980a14ac976ac5c88db79b8eaaf7a10bce Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Tue, 17 Mar 2026 14:37:36 +1100 Subject: [PATCH 240/363] containers/diamond: init --- containers/diamond/configuration.nix | 18 +++++ containers/diamond/flake.lock | 27 +++++++ containers/diamond/flake.nix | 48 +++++++++++++ .../templates/base/footer_content.tmpl | 31 ++++++++ containers/diamond/templates/home.tmpl | 19 +++++ flake.lock | 71 +++++++++++++------ flake.nix | 1 + hosts/dandelion/default.nix | 1 + 8 files changed, 196 insertions(+), 20 deletions(-) create mode 100644 containers/diamond/configuration.nix create mode 100644 containers/diamond/flake.lock create mode 100644 containers/diamond/flake.nix create mode 100644 containers/diamond/templates/base/footer_content.tmpl create mode 100644 containers/diamond/templates/home.tmpl diff --git a/containers/diamond/configuration.nix b/containers/diamond/configuration.nix new file mode 100644 index 0000000..60a98d0 --- /dev/null +++ b/containers/diamond/configuration.nix @@ -0,0 +1,18 @@ +{ config, lib, ... }: { + system.stateVersion = "25.11"; + systemd.tmpfiles.rules = [ + "d /persist/vaultwarden 755 vaultwarden vaultwarden" + ]; + fileSystems."/var/lib/vaultwarden" = { + device = "/persist/vaultwarden"; + fsType = "none"; + options = [ "bind" ]; + }; + networking.firewall.allowedTCPPorts = [ 8000 ]; + networking.firewall.allowedUDPPorts = [ 8000 ]; + + services.vaultwarden = { + enable = true; + domain = "diamond.local.lava.moe"; + }; +} diff --git a/containers/diamond/flake.lock b/containers/diamond/flake.lock new file mode 100644 index 0000000..88ab73f --- /dev/null +++ b/containers/diamond/flake.lock @@ -0,0 +1,27 @@ +{ + "nodes": { + "nixpkgs": { + "locked": { + "lastModified": 1773282481, + "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/containers/diamond/flake.nix b/containers/diamond/flake.nix new file mode 100644 index 0000000..d22af24 --- /dev/null +++ b/containers/diamond/flake.nix @@ -0,0 +1,48 @@ +{ + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + }; + outputs = { nixpkgs, ... }: + let + name = "diamond"; + subnetId = "4"; + + subnet = x: "fd0d:1::${subnetId}:${toString x}"; + host = subnet 1; + client = subnet 2; + + modules = [ + ./configuration.nix + ]; + in { + nixosConfigurations.container = nixpkgs.lib.nixosSystem { + inherit modules; + }; + nixosModule = { ... }: { + services.nginx.virtualHosts."diamond.local.lava.moe" = { + useACMEHost = "lava.moe"; + forceSSL = true; + locations."/".proxyPass = "http://[${client}]:8000"; + }; + + systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ]; + containers.${name} = { + autoStart = true; + privateNetwork = true; + hostAddress6 = host; + localAddress6 = client; + # privateUsers = "pick"; + nixpkgs = nixpkgs; + ephemeral = true; + config = { imports = modules; }; + + bindMounts."persist" = { + hostPath = "/persist/containers/${name}"; + mountPoint = "/persist"; + isReadOnly = false; + }; + # flake = "path:" + ./.; + }; + }; + }; +} diff --git a/containers/diamond/templates/base/footer_content.tmpl b/containers/diamond/templates/base/footer_content.tmpl new file mode 100644 index 0000000..a9238c3 --- /dev/null +++ b/containers/diamond/templates/base/footer_content.tmpl @@ -0,0 +1,31 @@ +
+ +
+
+ {{svg "octicon-globe" 14}} {{ctx.Locale.LangName}} +
+ {{range .AllLangs}} + {{.Name}} + {{end}} +
+
+ {{ctx.Locale.Tr "licenses"}} + {{if .EnableSwagger}}API{{end}} + {{template "custom/extra_links_footer" .}} +
+
diff --git a/containers/diamond/templates/home.tmpl b/containers/diamond/templates/home.tmpl new file mode 100644 index 0000000..d460caf --- /dev/null +++ b/containers/diamond/templates/home.tmpl @@ -0,0 +1,19 @@ +{{template "base/head" .}} +{{if not .IsSigned}} + +{{end}} +
+
+
+ +
+

+ {{AppDisplayName}} +

+

{{ctx.Locale.Tr "startpage.app_desc"}}

+
+
+
+ {{template "home_forgejo" .}} +
+{{template "base/footer" .}} diff --git a/flake.lock b/flake.lock index 1484f08..5215cc5 100644 --- a/flake.lock +++ b/flake.lock @@ -86,6 +86,20 @@ }, "parent": [] }, + "c-diamond": { + "inputs": { + "nixpkgs": "nixpkgs_7" + }, + "locked": { + "path": "./containers/diamond", + "type": "path" + }, + "original": { + "path": "./containers/diamond", + "type": "path" + }, + "parent": [] + }, "catppuccin": { "inputs": { "nixpkgs": "nixpkgs_5" @@ -491,7 +505,7 @@ "nix-gaming": { "inputs": { "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs_7" + "nixpkgs": "nixpkgs_8" }, "locked": { "lastModified": 1770778188, @@ -574,6 +588,22 @@ "type": "github" } }, + "nixpkgs_10": { + "locked": { + "lastModified": 1770019141, + "narHash": "sha256-VKS4ZLNx4PNrABoB0L8KUpc1fE7CLpQXQs985tGfaCU=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "cb369ef2efd432b3cdf8622b0ffc0a97a02f3137", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs_2": { "locked": { "lastModified": 1744536153, @@ -655,6 +685,22 @@ } }, "nixpkgs_7": { + "locked": { + "lastModified": 1773282481, + "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_8": { "locked": { "lastModified": 1770537093, "narHash": "sha256-pF1quXG5wsgtyuPOHcLfYg/ft/QMr8NnX0i6tW2187s=", @@ -670,7 +716,7 @@ "type": "github" } }, - "nixpkgs_8": { + "nixpkgs_9": { "locked": { "lastModified": 1770562336, "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", @@ -686,22 +732,6 @@ "type": "github" } }, - "nixpkgs_9": { - "locked": { - "lastModified": 1770019141, - "narHash": "sha256-VKS4ZLNx4PNrABoB0L8KUpc1fE7CLpQXQs985tGfaCU=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "cb369ef2efd432b3cdf8622b0ffc0a97a02f3137", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nuscht-search": { "inputs": { "flake-utils": "flake-utils", @@ -744,7 +774,7 @@ "pastel": { "inputs": { "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs_9", + "nixpkgs": "nixpkgs_10", "pnpm2nix": "pnpm2nix" }, "locked": { @@ -807,6 +837,7 @@ "c-amethyst": "c-amethyst", "c-beryllium": "c-beryllium", "c-citrine": "c-citrine", + "c-diamond": "c-diamond", "catppuccin": "catppuccin_2", "catppuccin-palette": "catppuccin-palette", "fast-syntax-highlighting": "fast-syntax-highlighting", @@ -815,7 +846,7 @@ "neovim-nightly": "neovim-nightly", "nix-gaming": "nix-gaming", "nix-index-database": "nix-index-database", - "nixpkgs": "nixpkgs_8", + "nixpkgs": "nixpkgs_9", "nvim-treesitter": "nvim-treesitter", "pastel": "pastel", "pure": "pure", diff --git a/flake.nix b/flake.nix index f8866db..db68cbd 100644 --- a/flake.nix +++ b/flake.nix @@ -41,6 +41,7 @@ c-amethyst.url = "path:./containers/amethyst"; c-beryllium.url = "path:./containers/beryllium"; c-citrine.url = "path:./containers/citrine"; + c-diamond.url = "path:./containers/diamond"; }; outputs = { self, agenix, catppuccin, nixpkgs, ... } @ inputs: diff --git a/hosts/dandelion/default.nix b/hosts/dandelion/default.nix index 3f87d87..e7c332a 100644 --- a/hosts/dandelion/default.nix +++ b/hosts/dandelion/default.nix @@ -27,6 +27,7 @@ inputs.c-amethyst.nixosModule inputs.c-beryllium.nixosModule inputs.c-citrine.nixosModule + inputs.c-diamond.nixosModule ./filesystem.nix ./kernel.nix From 518c718a5da01fcf912b218e4bd94c0c37aef043 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Tue, 17 Mar 2026 17:01:15 +1100 Subject: [PATCH 241/363] containers: clean up domain names --- containers/amethyst/flake.nix | 3 ++- containers/beryllium/flake.nix | 9 ++++----- containers/citrine/configuration.nix | 6 +++--- containers/citrine/flake.nix | 4 +++- containers/diamond/configuration.nix | 4 ++-- containers/diamond/flake.nix | 4 +++- 6 files changed, 17 insertions(+), 13 deletions(-) diff --git a/containers/amethyst/flake.nix b/containers/amethyst/flake.nix index 4865e29..5b9817e 100644 --- a/containers/amethyst/flake.nix +++ b/containers/amethyst/flake.nix @@ -9,6 +9,7 @@ nixosModule = { ... }: let name = "amethyst"; + fqdn = "amethyst.lava.moe"; subnet = "1"; in { networking.nat = { @@ -17,7 +18,7 @@ internalInterfaces = [ "ve-${name}" ]; }; - services.nginx.virtualHosts."${name}.local.lava.moe" = { + services.nginx.virtualHosts."${fqdn}" = { useACMEHost = "lava.moe"; forceSSL = true; locations."/".proxyPass = "http://[fd0d:1::${subnet}:2]:9091"; diff --git a/containers/beryllium/flake.nix b/containers/beryllium/flake.nix index adab4f0..c6b6cae 100644 --- a/containers/beryllium/flake.nix +++ b/containers/beryllium/flake.nix @@ -9,6 +9,7 @@ nixosModule = { ... }: let name = "beryllium"; + fqdn = "beryllium.lava.moe"; subnet = "2"; in { networking.nat = { @@ -17,7 +18,7 @@ internalInterfaces = [ "ve-${name}" ]; }; - services.nginx.virtualHosts."${name}.lava.moe" = { + services.nginx.virtualHosts."${fqdn}" = { useACMEHost = "lava.moe"; forceSSL = true; locations."/".extraConfig = "return 302 'https://lava.moe';"; @@ -29,7 +30,7 @@ services.nginx.virtualHosts."lava.moe" = { locations."= /.well-known/matrix/server".extraConfig = let - server = { "m.server" = "beryllium.lava.moe:443"; }; + server = { "m.server" = "${fqdn}:443"; }; in '' add_header Content-Type application/json; return 200 '${builtins.toJSON server}'; @@ -37,7 +38,7 @@ locations."= /.well-known/matrix/client".extraConfig = let client = { - "m.homeserver" = { "base_url" = "https://beryllium.lava.moe"; }; + "m.homeserver" = { "base_url" = "https://${fqdn}"; }; # "m.identity_server" = { "base_url" = "https://vector.im"; }; }; in '' @@ -51,8 +52,6 @@ containers.${name} = { autoStart = true; privateNetwork = true; - hostAddress = "10.30.${subnet}.1"; - localAddress = "10.30.${subnet}.2"; hostAddress6 = "fd0d:1::${subnet}:1"; localAddress6 = "fd0d:1::${subnet}:2"; # privateUsers = "pick"; diff --git a/containers/citrine/configuration.nix b/containers/citrine/configuration.nix index 05a099a..996ffb2 100644 --- a/containers/citrine/configuration.nix +++ b/containers/citrine/configuration.nix @@ -1,4 +1,4 @@ -{ config, lib, ... }: { +{ config, fqdn, lib, ... }: { system.stateVersion = "25.11"; networking.firewall.allowedTCPPorts = [ 22 3000 ]; networking.firewall.allowedUDPPorts = [ 22 3000 ]; @@ -13,8 +13,8 @@ settings = { DEFAULT.APP_NAME = "Garden"; server = { - DOMAIN = "garden.lava.moe"; - ROOT_URL = "https://garden.lava.moe/"; + DOMAIN = fqdn; + ROOT_URL = "https://${fqdn}/"; HTTP_PORT = 3000; START_SSH_SERVER = true; BUILTIN_SSH_SERVER_USER = "git"; diff --git a/containers/citrine/flake.nix b/containers/citrine/flake.nix index 17eef3e..5673c9e 100644 --- a/containers/citrine/flake.nix +++ b/containers/citrine/flake.nix @@ -6,6 +6,7 @@ outputs = { nixpkgs, catppuccin, ... }: let name = "citrine"; + fqdn = "garden.lava.moe"; subnetId = "3"; subnet = x: "fd0d:1::${subnetId}:${toString x}"; @@ -35,7 +36,7 @@ internalInterfaces = [ "ve-${name}" ]; }; - services.nginx.virtualHosts."garden.lava.moe" = { + services.nginx.virtualHosts."${fqdn}" = { useACMEHost = "lava.moe"; forceSSL = true; locations."/".proxyPass = "http://[${client}]:3000"; @@ -53,6 +54,7 @@ nixpkgs = nixpkgs; ephemeral = true; config = { imports = modules; }; + specialArgs = { inherit fqdn; }; bindMounts."persist" = { hostPath = "/persist/containers/${name}"; diff --git a/containers/diamond/configuration.nix b/containers/diamond/configuration.nix index 60a98d0..c002e08 100644 --- a/containers/diamond/configuration.nix +++ b/containers/diamond/configuration.nix @@ -1,4 +1,4 @@ -{ config, lib, ... }: { +{ fqdn, ... }: { system.stateVersion = "25.11"; systemd.tmpfiles.rules = [ "d /persist/vaultwarden 755 vaultwarden vaultwarden" @@ -13,6 +13,6 @@ services.vaultwarden = { enable = true; - domain = "diamond.local.lava.moe"; + domain = fqdn; }; } diff --git a/containers/diamond/flake.nix b/containers/diamond/flake.nix index d22af24..f64f4f9 100644 --- a/containers/diamond/flake.nix +++ b/containers/diamond/flake.nix @@ -5,6 +5,7 @@ outputs = { nixpkgs, ... }: let name = "diamond"; + fqdn = "astransia.lava.moe"; subnetId = "4"; subnet = x: "fd0d:1::${subnetId}:${toString x}"; @@ -19,7 +20,7 @@ inherit modules; }; nixosModule = { ... }: { - services.nginx.virtualHosts."diamond.local.lava.moe" = { + services.nginx.virtualHosts."${fqdn}" = { useACMEHost = "lava.moe"; forceSSL = true; locations."/".proxyPass = "http://[${client}]:8000"; @@ -35,6 +36,7 @@ nixpkgs = nixpkgs; ephemeral = true; config = { imports = modules; }; + specialArgs = { inherit fqdn; }; bindMounts."persist" = { hostPath = "/persist/containers/${name}"; From 55e0d2525169d4e6332e36400a0aaadf7db66731 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Tue, 17 Mar 2026 17:06:49 +1100 Subject: [PATCH 242/363] containers/diamond: listen on ipv6 --- containers/diamond/configuration.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/containers/diamond/configuration.nix b/containers/diamond/configuration.nix index c002e08..01b4311 100644 --- a/containers/diamond/configuration.nix +++ b/containers/diamond/configuration.nix @@ -14,5 +14,9 @@ services.vaultwarden = { enable = true; domain = fqdn; + config = { + DOMAIN = "https://${fqdn}"; + ROCKET_ADDRESS = "::"; + }; }; } From b7665d9bd52226eca5a5ca25bf79b92d213e5143 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Tue, 17 Mar 2026 17:25:35 +1100 Subject: [PATCH 243/363] containers/diamond: only listen on local addresses TIL nginx will only route via amethyst if it's on local address, even if hostname doesn't match --- containers/diamond/flake.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/containers/diamond/flake.nix b/containers/diamond/flake.nix index f64f4f9..13b6b1e 100644 --- a/containers/diamond/flake.nix +++ b/containers/diamond/flake.nix @@ -24,6 +24,7 @@ useACMEHost = "lava.moe"; forceSSL = true; locations."/".proxyPass = "http://[${client}]:8000"; + listenAddresses = [ "10.0.0.1" "[fd0d::1]" ]; }; systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ]; From 0567313fa25c98519c2cc75ea72c0f9f2eacc928 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Tue, 17 Mar 2026 18:13:53 +1100 Subject: [PATCH 244/363] containers/emerald: init --- containers/emerald/configuration.nix | 21 +++++++++ containers/emerald/flake.lock | 27 +++++++++++ containers/emerald/flake.nix | 57 +++++++++++++++++++++++ flake.lock | 69 ++++++++++++++++++++-------- flake.nix | 1 + 5 files changed, 156 insertions(+), 19 deletions(-) create mode 100644 containers/emerald/configuration.nix create mode 100644 containers/emerald/flake.lock create mode 100644 containers/emerald/flake.nix diff --git a/containers/emerald/configuration.nix b/containers/emerald/configuration.nix new file mode 100644 index 0000000..ca7a920 --- /dev/null +++ b/containers/emerald/configuration.nix @@ -0,0 +1,21 @@ +{ fqdn, shareFqdn, ... }: { + system.stateVersion = "25.11"; + systemd.tmpfiles.rules = [ + "d /persist/music 755 navidrome navidrome" + "d /persist/navidrome 755 navidrome navidrome" + ]; + networking.firewall.allowedTCPPorts = [ 4533 ]; + networking.firewall.allowedUDPPorts = [ 4533 ]; + + services.navidrome = { + enable = true; + settings = { + Port = 4533; + Address = "[::]"; + BaseUrl = "https://${fqdn}/"; + ShareURL = shareFqdn; + DataFolder = "/persist/navidrome"; + MusicFolder = "/persist/music"; + }; + }; +} diff --git a/containers/emerald/flake.lock b/containers/emerald/flake.lock new file mode 100644 index 0000000..88ab73f --- /dev/null +++ b/containers/emerald/flake.lock @@ -0,0 +1,27 @@ +{ + "nodes": { + "nixpkgs": { + "locked": { + "lastModified": 1773282481, + "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/containers/emerald/flake.nix b/containers/emerald/flake.nix new file mode 100644 index 0000000..d9fe5d0 --- /dev/null +++ b/containers/emerald/flake.nix @@ -0,0 +1,57 @@ +{ + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + }; + outputs = { nixpkgs, ... }: + let + name = "emerald"; + fqdn = "navia.lava.moe"; + shareFqdn = "share.navia.lava.moe"; + subnetId = "5"; + + subnet = x: "fd0d:1::${subnetId}:${toString x}"; + host = subnet 1; + client = subnet 2; + + modules = [ + ./configuration.nix + ]; + in { + nixosConfigurations.container = nixpkgs.lib.nixosSystem { + inherit modules; + }; + nixosModule = { ... }: { + services.nginx.virtualHosts."${fqdn}" = { + useACMEHost = "lava.moe"; + forceSSL = true; + locations."/".proxyPass = "http://[${client}]:4533"; + listenAddresses = [ "10.0.0.1" "[fd0d::1]" ]; + }; + services.nginx.virtualHosts."${shareFqdn}" = { + useACMEHost = "lava.moe"; + forceSSL = true; + locations."/".proxyPass = "http://[${client}]:4533/share"; + }; + + systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ]; + containers.${name} = { + autoStart = true; + privateNetwork = true; + hostAddress6 = host; + localAddress6 = client; + # privateUsers = "pick"; + nixpkgs = nixpkgs; + ephemeral = true; + config = { imports = modules; }; + specialArgs = { inherit fqdn shareFqdn; }; + + bindMounts."persist" = { + hostPath = "/persist/containers/${name}"; + mountPoint = "/persist"; + isReadOnly = false; + }; + # flake = "path:" + ./.; + }; + }; + }; +} diff --git a/flake.lock b/flake.lock index 5215cc5..305fddb 100644 --- a/flake.lock +++ b/flake.lock @@ -100,6 +100,20 @@ }, "parent": [] }, + "c-emerald": { + "inputs": { + "nixpkgs": "nixpkgs_8" + }, + "locked": { + "path": "./containers/emerald", + "type": "path" + }, + "original": { + "path": "./containers/emerald", + "type": "path" + }, + "parent": [] + }, "catppuccin": { "inputs": { "nixpkgs": "nixpkgs_5" @@ -505,7 +519,7 @@ "nix-gaming": { "inputs": { "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs_8" + "nixpkgs": "nixpkgs_9" }, "locked": { "lastModified": 1770778188, @@ -589,6 +603,22 @@ } }, "nixpkgs_10": { + "locked": { + "lastModified": 1770562336, + "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d6c71932130818840fc8fe9509cf50be8c64634f", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_11": { "locked": { "lastModified": 1770019141, "narHash": "sha256-VKS4ZLNx4PNrABoB0L8KUpc1fE7CLpQXQs985tGfaCU=", @@ -701,6 +731,22 @@ } }, "nixpkgs_8": { + "locked": { + "lastModified": 1773282481, + "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_9": { "locked": { "lastModified": 1770537093, "narHash": "sha256-pF1quXG5wsgtyuPOHcLfYg/ft/QMr8NnX0i6tW2187s=", @@ -716,22 +762,6 @@ "type": "github" } }, - "nixpkgs_9": { - "locked": { - "lastModified": 1770562336, - "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "d6c71932130818840fc8fe9509cf50be8c64634f", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nuscht-search": { "inputs": { "flake-utils": "flake-utils", @@ -774,7 +804,7 @@ "pastel": { "inputs": { "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs_10", + "nixpkgs": "nixpkgs_11", "pnpm2nix": "pnpm2nix" }, "locked": { @@ -838,6 +868,7 @@ "c-beryllium": "c-beryllium", "c-citrine": "c-citrine", "c-diamond": "c-diamond", + "c-emerald": "c-emerald", "catppuccin": "catppuccin_2", "catppuccin-palette": "catppuccin-palette", "fast-syntax-highlighting": "fast-syntax-highlighting", @@ -846,7 +877,7 @@ "neovim-nightly": "neovim-nightly", "nix-gaming": "nix-gaming", "nix-index-database": "nix-index-database", - "nixpkgs": "nixpkgs_9", + "nixpkgs": "nixpkgs_10", "nvim-treesitter": "nvim-treesitter", "pastel": "pastel", "pure": "pure", diff --git a/flake.nix b/flake.nix index db68cbd..3746d08 100644 --- a/flake.nix +++ b/flake.nix @@ -42,6 +42,7 @@ c-beryllium.url = "path:./containers/beryllium"; c-citrine.url = "path:./containers/citrine"; c-diamond.url = "path:./containers/diamond"; + c-emerald.url = "path:./containers/emerald"; }; outputs = { self, agenix, catppuccin, nixpkgs, ... } @ inputs: From 8cf7c1815e104dd0acc94936c750dc62a84540fb Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Tue, 17 Mar 2026 18:57:18 +1100 Subject: [PATCH 245/363] containers/emerald: enable sharing --- containers/emerald/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/containers/emerald/configuration.nix b/containers/emerald/configuration.nix index ca7a920..b2500a4 100644 --- a/containers/emerald/configuration.nix +++ b/containers/emerald/configuration.nix @@ -14,6 +14,7 @@ Address = "[::]"; BaseUrl = "https://${fqdn}/"; ShareURL = shareFqdn; + EnableSharing = true; DataFolder = "/persist/navidrome"; MusicFolder = "/persist/music"; }; From 75c7e7b193e154adb7528e7ac7efa4ce5be81479 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Tue, 17 Mar 2026 18:58:49 +1100 Subject: [PATCH 246/363] hosts/dandelion: add emerald --- hosts/dandelion/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/dandelion/default.nix b/hosts/dandelion/default.nix index e7c332a..5174cc7 100644 --- a/hosts/dandelion/default.nix +++ b/hosts/dandelion/default.nix @@ -28,6 +28,7 @@ inputs.c-beryllium.nixosModule inputs.c-citrine.nixosModule inputs.c-diamond.nixosModule + inputs.c-emerald.nixosModule ./filesystem.nix ./kernel.nix From 4aaeefa97a219c1c886027d478c4bdb82fc5467a Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Tue, 17 Mar 2026 23:43:23 +1100 Subject: [PATCH 247/363] containers/emerald: use alternative share fqdn insane, ssl cert extra domains' wildcard only goes one level deep --- containers/emerald/flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/emerald/flake.nix b/containers/emerald/flake.nix index d9fe5d0..69a66f0 100644 --- a/containers/emerald/flake.nix +++ b/containers/emerald/flake.nix @@ -6,7 +6,7 @@ let name = "emerald"; fqdn = "navia.lava.moe"; - shareFqdn = "share.navia.lava.moe"; + shareFqdn = "muse.lava.moe"; subnetId = "5"; subnet = x: "fd0d:1::${subnetId}:${toString x}"; From ccafbd8ae06146885c4163e0049a7091e0a415b7 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 18 Mar 2026 00:07:52 +1100 Subject: [PATCH 248/363] containers/emerald: use correct shareurl format navidrome always add /share at the end :( --- containers/emerald/configuration.nix | 2 +- containers/emerald/flake.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/containers/emerald/configuration.nix b/containers/emerald/configuration.nix index b2500a4..68b06fa 100644 --- a/containers/emerald/configuration.nix +++ b/containers/emerald/configuration.nix @@ -13,7 +13,7 @@ Port = 4533; Address = "[::]"; BaseUrl = "https://${fqdn}/"; - ShareURL = shareFqdn; + ShareURL = "https://${shareFqdn}"; EnableSharing = true; DataFolder = "/persist/navidrome"; MusicFolder = "/persist/music"; diff --git a/containers/emerald/flake.nix b/containers/emerald/flake.nix index 69a66f0..315194d 100644 --- a/containers/emerald/flake.nix +++ b/containers/emerald/flake.nix @@ -30,7 +30,7 @@ services.nginx.virtualHosts."${shareFqdn}" = { useACMEHost = "lava.moe"; forceSSL = true; - locations."/".proxyPass = "http://[${client}]:4533/share"; + locations."/".proxyPass = "http://[${client}]:4533"; }; systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ]; From 52fbdfe8cfcba27d033d0b459b8682799ccddff8 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 18 Mar 2026 01:11:20 +1100 Subject: [PATCH 249/363] containers/emerald: only allow urls under /share --- containers/emerald/flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/emerald/flake.nix b/containers/emerald/flake.nix index 315194d..6447bf2 100644 --- a/containers/emerald/flake.nix +++ b/containers/emerald/flake.nix @@ -30,7 +30,7 @@ services.nginx.virtualHosts."${shareFqdn}" = { useACMEHost = "lava.moe"; forceSSL = true; - locations."/".proxyPass = "http://[${client}]:4533"; + locations."/share/".proxyPass = "http://[${client}]:4533"; }; systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ]; From 68ae736c2cc2c582007e0cf14009a98475e135f1 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 18 Mar 2026 01:22:07 +1100 Subject: [PATCH 250/363] containers/emerald: return 404 on / --- containers/emerald/flake.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/containers/emerald/flake.nix b/containers/emerald/flake.nix index 6447bf2..276dba4 100644 --- a/containers/emerald/flake.nix +++ b/containers/emerald/flake.nix @@ -30,6 +30,7 @@ services.nginx.virtualHosts."${shareFqdn}" = { useACMEHost = "lava.moe"; forceSSL = true; + locations."/".return = "404"; locations."/share/".proxyPass = "http://[${client}]:4533"; }; From d3ab0012225fc21f2ee877c76a0d125283c7ee14 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 18 Mar 2026 01:52:34 +1100 Subject: [PATCH 251/363] containers/fluorite: init --- containers/fluorite/configuration.nix | 16 +++++++ containers/fluorite/flake.lock | 27 ++++++++++++ containers/fluorite/flake.nix | 62 +++++++++++++++++++++++++++ flake.lock | 47 ++++++++++++++++---- flake.nix | 1 + 5 files changed, 145 insertions(+), 8 deletions(-) create mode 100644 containers/fluorite/configuration.nix create mode 100644 containers/fluorite/flake.lock create mode 100644 containers/fluorite/flake.nix diff --git a/containers/fluorite/configuration.nix b/containers/fluorite/configuration.nix new file mode 100644 index 0000000..09dd485 --- /dev/null +++ b/containers/fluorite/configuration.nix @@ -0,0 +1,16 @@ +{ ... }: { + system.stateVersion = "25.11"; + systemd.tmpfiles.rules = [ + "d /persist/slskd/Downloads 755 slskd slskd" + ]; + networking.firewall.allowedTCPPorts = [ 5030 50300 ]; + networking.firewall.allowedUDPPorts = [ 5030 50300 ]; + + services.slskd = { + enable = true; + settings = { + directories.downloads = "/persist/slskd/Downloads"; + shares.downloads = "/binds/shared/"; + }; + }; +} diff --git a/containers/fluorite/flake.lock b/containers/fluorite/flake.lock new file mode 100644 index 0000000..88ab73f --- /dev/null +++ b/containers/fluorite/flake.lock @@ -0,0 +1,27 @@ +{ + "nodes": { + "nixpkgs": { + "locked": { + "lastModified": 1773282481, + "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/containers/fluorite/flake.nix b/containers/fluorite/flake.nix new file mode 100644 index 0000000..a589f7c --- /dev/null +++ b/containers/fluorite/flake.nix @@ -0,0 +1,62 @@ +{ + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + }; + outputs = { nixpkgs, ... }: + let + name = "fluorite"; + fqdn = "fluorite.lava.moe"; + subnetId = "6"; + + subnet = x: "fd0d:1::${subnetId}:${toString x}"; + host = subnet 1; + client = subnet 2; + + subnet4 = x: "10.30.${subnetId}.${toString x}"; + host4 = subnet4 1; + client4 = subnet4 2; + + modules = [ + ./configuration.nix + ]; + in { + nixosConfigurations.container = nixpkgs.lib.nixosSystem { + inherit modules; + }; + nixosModule = { ... }: { + services.nginx.virtualHosts."${fqdn}" = { + useACMEHost = "lava.moe"; + forceSSL = true; + locations."/".proxyPass = "http://[${client}]:5030"; + listenAddresses = [ "10.0.0.1" "[fd0d::1]" ]; + }; + + systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ]; + containers.${name} = { + autoStart = true; + privateNetwork = true; + hostAddress = host4; + localAddress = client4; + hostAddress6 = host; + localAddress6 = client; + # privateUsers = "pick"; + nixpkgs = nixpkgs; + ephemeral = true; + config = { imports = modules; }; + specialArgs = { inherit fqdn; }; + + bindMounts."persist" = { + hostPath = "/persist/containers/${name}"; + mountPoint = "/persist"; + isReadOnly = false; + }; + bindMounts."shared" = { + hostPath = "/persist/media/music"; + mountPoint = "/binds/shared"; + isReadOnly = true; + }; + # flake = "path:" + ./.; + }; + }; + }; +} diff --git a/flake.lock b/flake.lock index 305fddb..2bd4720 100644 --- a/flake.lock +++ b/flake.lock @@ -114,6 +114,20 @@ }, "parent": [] }, + "c-fluorite": { + "inputs": { + "nixpkgs": "nixpkgs_9" + }, + "locked": { + "path": "./containers/fluorite", + "type": "path" + }, + "original": { + "path": "./containers/fluorite", + "type": "path" + }, + "parent": [] + }, "catppuccin": { "inputs": { "nixpkgs": "nixpkgs_5" @@ -519,7 +533,7 @@ "nix-gaming": { "inputs": { "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs_9" + "nixpkgs": "nixpkgs_10" }, "locked": { "lastModified": 1770778188, @@ -603,6 +617,22 @@ } }, "nixpkgs_10": { + "locked": { + "lastModified": 1770537093, + "narHash": "sha256-pF1quXG5wsgtyuPOHcLfYg/ft/QMr8NnX0i6tW2187s=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "fef9403a3e4d31b0a23f0bacebbec52c248fbb51", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_11": { "locked": { "lastModified": 1770562336, "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", @@ -618,7 +648,7 @@ "type": "github" } }, - "nixpkgs_11": { + "nixpkgs_12": { "locked": { "lastModified": 1770019141, "narHash": "sha256-VKS4ZLNx4PNrABoB0L8KUpc1fE7CLpQXQs985tGfaCU=", @@ -748,16 +778,16 @@ }, "nixpkgs_9": { "locked": { - "lastModified": 1770537093, - "narHash": "sha256-pF1quXG5wsgtyuPOHcLfYg/ft/QMr8NnX0i6tW2187s=", + "lastModified": 1773282481, + "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fef9403a3e4d31b0a23f0bacebbec52c248fbb51", + "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixpkgs-unstable", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } @@ -804,7 +834,7 @@ "pastel": { "inputs": { "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs_11", + "nixpkgs": "nixpkgs_12", "pnpm2nix": "pnpm2nix" }, "locked": { @@ -869,6 +899,7 @@ "c-citrine": "c-citrine", "c-diamond": "c-diamond", "c-emerald": "c-emerald", + "c-fluorite": "c-fluorite", "catppuccin": "catppuccin_2", "catppuccin-palette": "catppuccin-palette", "fast-syntax-highlighting": "fast-syntax-highlighting", @@ -877,7 +908,7 @@ "neovim-nightly": "neovim-nightly", "nix-gaming": "nix-gaming", "nix-index-database": "nix-index-database", - "nixpkgs": "nixpkgs_10", + "nixpkgs": "nixpkgs_11", "nvim-treesitter": "nvim-treesitter", "pastel": "pastel", "pure": "pure", diff --git a/flake.nix b/flake.nix index 3746d08..8b91291 100644 --- a/flake.nix +++ b/flake.nix @@ -43,6 +43,7 @@ c-citrine.url = "path:./containers/citrine"; c-diamond.url = "path:./containers/diamond"; c-emerald.url = "path:./containers/emerald"; + c-fluorite.url = "path:./containers/fluorite"; }; outputs = { self, agenix, catppuccin, nixpkgs, ... } @ inputs: From 3419ab4b775ddedfc5e7c3255ab930a0e28bf8b0 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 18 Mar 2026 01:55:53 +1100 Subject: [PATCH 252/363] containers/fluorite: set domain to null --- containers/fluorite/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/containers/fluorite/configuration.nix b/containers/fluorite/configuration.nix index 09dd485..3bfa0a6 100644 --- a/containers/fluorite/configuration.nix +++ b/containers/fluorite/configuration.nix @@ -8,6 +8,7 @@ services.slskd = { enable = true; + domain = null; settings = { directories.downloads = "/persist/slskd/Downloads"; shares.downloads = "/binds/shared/"; From dd076fab3c7f6ced8ec508f42e01541ff22c317b Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 18 Mar 2026 02:09:54 +1100 Subject: [PATCH 253/363] containers/fluorite: setup env file --- containers/fluorite/configuration.nix | 1 + containers/fluorite/flake.nix | 7 ++++++- hosts/anemone/default.nix | 1 + secrets.nix | 1 + secrets/slskd_env.age | Bin 0 -> 538 bytes 5 files changed, 9 insertions(+), 1 deletion(-) create mode 100644 secrets/slskd_env.age diff --git a/containers/fluorite/configuration.nix b/containers/fluorite/configuration.nix index 3bfa0a6..1163397 100644 --- a/containers/fluorite/configuration.nix +++ b/containers/fluorite/configuration.nix @@ -9,6 +9,7 @@ services.slskd = { enable = true; domain = null; + environmentFile = "/binds/slskd_env"; settings = { directories.downloads = "/persist/slskd/Downloads"; shares.downloads = "/binds/shared/"; diff --git a/containers/fluorite/flake.nix b/containers/fluorite/flake.nix index a589f7c..b6cdd49 100644 --- a/containers/fluorite/flake.nix +++ b/containers/fluorite/flake.nix @@ -23,7 +23,7 @@ nixosConfigurations.container = nixpkgs.lib.nixosSystem { inherit modules; }; - nixosModule = { ... }: { + nixosModule = { config, ... }: { services.nginx.virtualHosts."${fqdn}" = { useACMEHost = "lava.moe"; forceSSL = true; @@ -55,6 +55,11 @@ mountPoint = "/binds/shared"; isReadOnly = true; }; + bindMounts."slskd_env" = { + hostPath = config.age.secrets.slskd_env.path; + mountPoint = "/binds/slskd_env"; + isReadOnly = true; + }; # flake = "path:" + ./.; }; }; diff --git a/hosts/anemone/default.nix b/hosts/anemone/default.nix index aa4c81b..858a33b 100644 --- a/hosts/anemone/default.nix +++ b/hosts/anemone/default.nix @@ -5,6 +5,7 @@ nixpkgs.overlays = [ inputs.neovim-nightly.overlays.default ]; age.secrets = { + slskd_env.file = ../../secrets/slskd_env.age; wg_anemone.file = ../../secrets/wg_anemone.age; passwd.file = ../../secrets/passwd.age; }; diff --git a/secrets.nix b/secrets.nix index 4fc6c4a..bab8c08 100644 --- a/secrets.nix +++ b/secrets.nix @@ -10,6 +10,7 @@ in { "secrets/wpa_conf.age".publicKeys = [ blossom rin ]; "secrets/acme_dns.age".publicKeys = [ dandelion hazel rin ]; + "secrets/slskd_env.age".publicKeys = [ anemone dandelion rin ]; "secrets/warden_admin.age".publicKeys = [ rin ]; "secrets/wg_anemone.age".publicKeys = [ anemone rin ]; "secrets/wg_dandelion.age".publicKeys = [ dandelion rin ]; diff --git a/secrets/slskd_env.age b/secrets/slskd_env.age new file mode 100644 index 0000000000000000000000000000000000000000..f0cb208351ddb960afc68d46a8c5485f4f9fb93e GIT binary patch literal 538 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCU7&!`M8aa8cCEYJ4v zEy~GtHp&Z2cdV*1k1{PyE;sNhPD;#AF)k>|EO0I}PE9S#%je2=^9v0LsdUTB3Meru ziOMOe(hm(wHqXi{C^RrEh|CnDafrbHBiCVt)SR2&o|1_Cnu?_ zsLU)--yT^*gM3y z$|caUs5CLxC@9b`%fd8A-@+icBpcnfP)oOnoOFe#U<*r&2!kXygOqZYpipD82&d9i z14m=$%p~n{Z{P3`zluYzp!=Q};2x-V2$`Z;UxCR=MT81`M|xK*;lq<+rF@+n6@9y|WL`I?W*v$De0 z1^qlv>J!yZFMhN}Y^zS(ty5NKkH?9MPnogb_~fNmw<7;c+55$zXUg}xWubi&U$=)9 F0|2Y6#d-h$ literal 0 HcmV?d00001 From 4932dad23f3f627f127796630d33354b00745b75 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 18 Mar 2026 02:12:41 +1100 Subject: [PATCH 254/363] containers/fluorite: ensure music folder exists --- containers/fluorite/flake.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/containers/fluorite/flake.nix b/containers/fluorite/flake.nix index b6cdd49..6a0116b 100644 --- a/containers/fluorite/flake.nix +++ b/containers/fluorite/flake.nix @@ -31,7 +31,10 @@ listenAddresses = [ "10.0.0.1" "[fd0d::1]" ]; }; - systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ]; + systemd.tmpfiles.rules = [ + "d /persist/containers/${name} 755 root users" + "d /persist/media/music 075 nobody users" + ]; containers.${name} = { autoStart = true; privateNetwork = true; From 215e017cd3d8da92887cb467cc98d62aacf87037 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 18 Mar 2026 02:20:08 +1100 Subject: [PATCH 255/363] containers/fluorite: use correct share directory config name oops tehee --- containers/fluorite/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/fluorite/configuration.nix b/containers/fluorite/configuration.nix index 1163397..14e39ff 100644 --- a/containers/fluorite/configuration.nix +++ b/containers/fluorite/configuration.nix @@ -12,7 +12,7 @@ environmentFile = "/binds/slskd_env"; settings = { directories.downloads = "/persist/slskd/Downloads"; - shares.downloads = "/binds/shared/"; + shares.directories = [ "/binds/shared/" ]; }; }; } From b3ffc41b76a0dc7faf6915666c2815b296e7dc97 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 18 Mar 2026 02:25:27 +1100 Subject: [PATCH 256/363] containers/fluorite: provide internet access --- containers/fluorite/flake.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/containers/fluorite/flake.nix b/containers/fluorite/flake.nix index 6a0116b..2fac909 100644 --- a/containers/fluorite/flake.nix +++ b/containers/fluorite/flake.nix @@ -24,6 +24,12 @@ inherit modules; }; nixosModule = { config, ... }: { + networking.nat = { + enable = true; + enableIPv6 = true; + internalInterfaces = [ "ve-${name}" ]; + }; + services.nginx.virtualHosts."${fqdn}" = { useACMEHost = "lava.moe"; forceSSL = true; From 48db46051dcf37dc49012dfb977d8ed7b468ac79 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 18 Mar 2026 02:59:12 +1100 Subject: [PATCH 257/363] containers/emerald: enable ipv4 and provide internet access --- containers/emerald/flake.nix | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/containers/emerald/flake.nix b/containers/emerald/flake.nix index 276dba4..d8578fc 100644 --- a/containers/emerald/flake.nix +++ b/containers/emerald/flake.nix @@ -13,6 +13,10 @@ host = subnet 1; client = subnet 2; + subnet4 = x: "10.30.${subnetId}.${toString x}"; + host4 = subnet4 1; + client4 = subnet4 2; + modules = [ ./configuration.nix ]; @@ -21,6 +25,12 @@ inherit modules; }; nixosModule = { ... }: { + networking.nat = { + enable = true; + enableIPv6 = true; + internalInterfaces = [ "ve-${name}" ]; + }; + services.nginx.virtualHosts."${fqdn}" = { useACMEHost = "lava.moe"; forceSSL = true; @@ -38,6 +48,8 @@ containers.${name} = { autoStart = true; privateNetwork = true; + hostAddress = host4; + localAddress = client4; hostAddress6 = host; localAddress6 = client; # privateUsers = "pick"; From 7d479007d99fb7b790e52158d1d07f7bb43c7e0f Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 18 Mar 2026 03:08:18 +1100 Subject: [PATCH 258/363] containers/emerald: add navidrome env for lastfm and spotify --- containers/emerald/configuration.nix | 1 + containers/emerald/flake.nix | 7 ++++++- hosts/dandelion/default.nix | 1 + secrets.nix | 1 + secrets/navidrome_env.age | Bin 0 -> 630 bytes 5 files changed, 9 insertions(+), 1 deletion(-) create mode 100644 secrets/navidrome_env.age diff --git a/containers/emerald/configuration.nix b/containers/emerald/configuration.nix index 68b06fa..e3f8c57 100644 --- a/containers/emerald/configuration.nix +++ b/containers/emerald/configuration.nix @@ -9,6 +9,7 @@ services.navidrome = { enable = true; + environmentFile = "/binds/navidrome_env"; settings = { Port = 4533; Address = "[::]"; diff --git a/containers/emerald/flake.nix b/containers/emerald/flake.nix index d8578fc..80f6dac 100644 --- a/containers/emerald/flake.nix +++ b/containers/emerald/flake.nix @@ -24,7 +24,7 @@ nixosConfigurations.container = nixpkgs.lib.nixosSystem { inherit modules; }; - nixosModule = { ... }: { + nixosModule = { config, ... }: { networking.nat = { enable = true; enableIPv6 = true; @@ -63,6 +63,11 @@ mountPoint = "/persist"; isReadOnly = false; }; + bindMounts."navidrome_env" = { + hostPath = config.age.secrets.navidrome_env.path; + mountPoint = "/binds/navidrome_env"; + isReadOnly = true; + }; # flake = "path:" + ./.; }; }; diff --git a/hosts/dandelion/default.nix b/hosts/dandelion/default.nix index 5174cc7..58a0b80 100644 --- a/hosts/dandelion/default.nix +++ b/hosts/dandelion/default.nix @@ -5,6 +5,7 @@ age.secrets = { acme_dns.file = ../../secrets/acme_dns.age; + navidrome_env.file = ../../secrets/navidrome_env.age; wg_dandelion.file = ../../secrets/wg_dandelion.age; }; diff --git a/secrets.nix b/secrets.nix index bab8c08..b2d0d0e 100644 --- a/secrets.nix +++ b/secrets.nix @@ -10,6 +10,7 @@ in { "secrets/wpa_conf.age".publicKeys = [ blossom rin ]; "secrets/acme_dns.age".publicKeys = [ dandelion hazel rin ]; + "secrets/navidrome_env.age".publicKeys = [ anemone dandelion rin ]; "secrets/slskd_env.age".publicKeys = [ anemone dandelion rin ]; "secrets/warden_admin.age".publicKeys = [ rin ]; "secrets/wg_anemone.age".publicKeys = [ anemone rin ]; diff --git a/secrets/navidrome_env.age b/secrets/navidrome_env.age new file mode 100644 index 0000000000000000000000000000000000000000..6cb705c5d12523d7e403ecd2736ad062cc9756fe GIT binary patch literal 630 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCU7&!`M8aa0KO_ASdR zFLTZ>%y$h5$PW$)&5rUbP7e*q4smZDafrbHBiAa)H6IN(b3VUqQE8D zJu+M@Qje`NQ>}_d=syJ?5%V2Uq65L z+%<;phGojs^_|)w>B1*=GYG5O{FhSYc|85sgEfVx`CMb&g!c#RihTWeN3K4PDX&4q z$6eR<-+OGC7ZG|QH2?J9KlYb2+YK(Ioc^_-jfBY|AI7{w~uH)nq>3`2e+Ahq{p0N0X#+Kysg;R~<+l4#%FEQmc ypShYQ9`#3<#qYo0^Z5PR3}2s1-?BZQ`hJCU{jaarEM`=4rt5r7N!FRuR0RN&X85cC literal 0 HcmV?d00001 From 465ec6f2fc6fa970247ca0877e448299c51a7a99 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 18 Mar 2026 03:10:34 +1100 Subject: [PATCH 259/363] hosts/dandelion: add fluorite --- hosts/anemone/default.nix | 1 - hosts/dandelion/default.nix | 2 ++ 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/hosts/anemone/default.nix b/hosts/anemone/default.nix index 858a33b..aa4c81b 100644 --- a/hosts/anemone/default.nix +++ b/hosts/anemone/default.nix @@ -5,7 +5,6 @@ nixpkgs.overlays = [ inputs.neovim-nightly.overlays.default ]; age.secrets = { - slskd_env.file = ../../secrets/slskd_env.age; wg_anemone.file = ../../secrets/wg_anemone.age; passwd.file = ../../secrets/passwd.age; }; diff --git a/hosts/dandelion/default.nix b/hosts/dandelion/default.nix index 58a0b80..92e53be 100644 --- a/hosts/dandelion/default.nix +++ b/hosts/dandelion/default.nix @@ -6,6 +6,7 @@ age.secrets = { acme_dns.file = ../../secrets/acme_dns.age; navidrome_env.file = ../../secrets/navidrome_env.age; + slskd_env.file = ../../secrets/slskd_env.age; wg_dandelion.file = ../../secrets/wg_dandelion.age; }; @@ -30,6 +31,7 @@ inputs.c-citrine.nixosModule inputs.c-diamond.nixosModule inputs.c-emerald.nixosModule + inputs.c-fluorite.nixosModule ./filesystem.nix ./kernel.nix From ecdd594a1bd30357c79f4402429be70d618c8d0f Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 18 Mar 2026 03:14:59 +1100 Subject: [PATCH 260/363] containers/{emerald,fluorite}: fix dns --- containers/emerald/flake.nix | 4 ++++ containers/fluorite/flake.nix | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/containers/emerald/flake.nix b/containers/emerald/flake.nix index 80f6dac..2b3b483 100644 --- a/containers/emerald/flake.nix +++ b/containers/emerald/flake.nix @@ -19,6 +19,10 @@ modules = [ ./configuration.nix + { + networking.useHostResolvConf = false; + networking.nameservers = [ host ]; + } ]; in { nixosConfigurations.container = nixpkgs.lib.nixosSystem { diff --git a/containers/fluorite/flake.nix b/containers/fluorite/flake.nix index 2fac909..3205815 100644 --- a/containers/fluorite/flake.nix +++ b/containers/fluorite/flake.nix @@ -18,6 +18,10 @@ modules = [ ./configuration.nix + { + networking.useHostResolvConf = false; + networking.nameservers = [ host ]; + } ]; in { nixosConfigurations.container = nixpkgs.lib.nixosSystem { From de7402576dd10317d34fd54c84b54d566b543de9 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 18 Mar 2026 03:25:06 +1100 Subject: [PATCH 261/363] secrets/slskd_env: update --- secrets/slskd_env.age | Bin 538 -> 534 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/secrets/slskd_env.age b/secrets/slskd_env.age index f0cb208351ddb960afc68d46a8c5485f4f9fb93e..6c4a42e51010cb8559104ccba60a246deaa160cf 100644 GIT binary patch delta 481 zcmbQmGL2<|PJL*ZXJS}!NP)Shd6i$FMTNh!Q2N`muW;fmxZ~ffq7Y~xu?5{d#ImtzP3STL1?O}bC79TzGb+1xvy!8cDb)tQIL=8 z#E;_jAyNKe;Ra!OC8=&H$=<2ng%y?Ajy_ds+C~;-S;e8H&d%W>1!Z}uej&bGo(4{Z zB?j&WZn*)T$vN77>1HWzd1i)A;X&!Xp~2?4emUNesqXGZX2JPfy1KdwCFzNVuC77l zRmPFYhHjQ#C7CV;`jLr|X4(10ZXTf_mD%p~j+L3^W|5BhT!jy{gtjw3_dY+x>FfKp zSKGtF&t6=3E3Rkb6NMSm+7IkoI9nvbbMrN~>C+n4ZatT&E0kjD;pf@6RbDr&E=DDD zw#o|e=g#voD{s6os`Y5q*Wdl_hqT+5os4^xZ~t0i&>VMSTH^1nN&M>4u0}`nZ!Qtt cSJlHcD^cM7s#D6nkLU6}*cR-0Q|8uV0Q0r8j{pDw delta 485 zcmbQnGK*z`PQ6!UdA5gdQBJP2QC?WOV^x)Tlxb;lxq(-4Qeu9JaY0dLfpeL0YHC?t zK3BGzUuZ~3rCVNBK#5UFR8CQqerQ;-c~)LQp@CsRlzwhdrHP+oj(M4sg9;bez}&~Nq+t&k$EP8X3iE|y1Kdwg^7M9E}7nG zfjRj>1^zCsm7bw#mKKi1Ste;t#-?R~8K%bdky+lBZpFEtT>9bOIdf+Rr?5`*+I=hi z&QxVqn=`Ye^)G68rG0aqmoC%vu4!&!*g4_ko95L)jV{i2dO~$ysIK&L*5FOH)?hH~ zyUKB^WQR%poR8&Gj($9L{CV>=AD3rkg{=$vd7jiKs-Ir`XpPubow!@4tj->f6BVB_ gW54mqOCqmsMgEzx_lrZ%l<#-TLi;AZZVxL40FvLfSO5S3 From 5eef477e0b6230e0a2b7977ab245ac78fb1d7bef Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 18 Mar 2026 03:43:35 +1100 Subject: [PATCH 262/363] containers/fluorite: forward ports --- containers/fluorite/flake.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/containers/fluorite/flake.nix b/containers/fluorite/flake.nix index 3205815..7acbc55 100644 --- a/containers/fluorite/flake.nix +++ b/containers/fluorite/flake.nix @@ -33,6 +33,7 @@ enableIPv6 = true; internalInterfaces = [ "ve-${name}" ]; }; + networking.firewall.allowedTCPPorts = [ 50300 ]; services.nginx.virtualHosts."${fqdn}" = { useACMEHost = "lava.moe"; @@ -58,6 +59,14 @@ config = { imports = modules; }; specialArgs = { inherit fqdn; }; + forwardPorts = [ + { + containerPort = 50300; + hostPort = 50300; + protocol = "tcp"; + } + ]; + bindMounts."persist" = { hostPath = "/persist/containers/${name}"; mountPoint = "/persist"; From 3381630a7ad9098f700e75a9805c96d945275886 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 18 Mar 2026 03:45:26 +1100 Subject: [PATCH 263/363] containers/emerald: bind music media dir --- containers/emerald/configuration.nix | 3 +-- containers/emerald/flake.nix | 5 +++++ 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/containers/emerald/configuration.nix b/containers/emerald/configuration.nix index e3f8c57..f69a4c6 100644 --- a/containers/emerald/configuration.nix +++ b/containers/emerald/configuration.nix @@ -1,7 +1,6 @@ { fqdn, shareFqdn, ... }: { system.stateVersion = "25.11"; systemd.tmpfiles.rules = [ - "d /persist/music 755 navidrome navidrome" "d /persist/navidrome 755 navidrome navidrome" ]; networking.firewall.allowedTCPPorts = [ 4533 ]; @@ -17,7 +16,7 @@ ShareURL = "https://${shareFqdn}"; EnableSharing = true; DataFolder = "/persist/navidrome"; - MusicFolder = "/persist/music"; + MusicFolder = "/binds/music"; }; }; } diff --git a/containers/emerald/flake.nix b/containers/emerald/flake.nix index 2b3b483..5ecf768 100644 --- a/containers/emerald/flake.nix +++ b/containers/emerald/flake.nix @@ -67,6 +67,11 @@ mountPoint = "/persist"; isReadOnly = false; }; + bindMounts."music" = { + hostPath = "/persist/media/music"; + mountPoint = "/binds/music"; + isReadOnly = true; + }; bindMounts."navidrome_env" = { hostPath = config.age.secrets.navidrome_env.path; mountPoint = "/binds/navidrome_env"; From 3a612d3e90279c75e214806febc56897c88e6b27 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 18 Mar 2026 20:11:21 +1100 Subject: [PATCH 264/363] containers/diamond: remove stray templates --- .../templates/base/footer_content.tmpl | 31 ------------------- containers/diamond/templates/home.tmpl | 19 ------------ 2 files changed, 50 deletions(-) delete mode 100644 containers/diamond/templates/base/footer_content.tmpl delete mode 100644 containers/diamond/templates/home.tmpl diff --git a/containers/diamond/templates/base/footer_content.tmpl b/containers/diamond/templates/base/footer_content.tmpl deleted file mode 100644 index a9238c3..0000000 --- a/containers/diamond/templates/base/footer_content.tmpl +++ /dev/null @@ -1,31 +0,0 @@ -
- -
-
- {{svg "octicon-globe" 14}} {{ctx.Locale.LangName}} -
- {{range .AllLangs}} - {{.Name}} - {{end}} -
-
- {{ctx.Locale.Tr "licenses"}} - {{if .EnableSwagger}}API{{end}} - {{template "custom/extra_links_footer" .}} -
-
diff --git a/containers/diamond/templates/home.tmpl b/containers/diamond/templates/home.tmpl deleted file mode 100644 index d460caf..0000000 --- a/containers/diamond/templates/home.tmpl +++ /dev/null @@ -1,19 +0,0 @@ -{{template "base/head" .}} -{{if not .IsSigned}} - -{{end}} -
-
-
- -
-

- {{AppDisplayName}} -

-

{{ctx.Locale.Tr "startpage.app_desc"}}

-
-
-
- {{template "home_forgejo" .}} -
-{{template "base/footer" .}} From c9c6ef4a167af9c120a0f185c2e22412aeb35c09 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 18 Mar 2026 20:21:33 +1100 Subject: [PATCH 265/363] rin/packages: add feishin --- users/rin/packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/users/rin/packages.nix b/users/rin/packages.nix index 77e8a2e..93608e1 100644 --- a/users/rin/packages.nix +++ b/users/rin/packages.nix @@ -31,6 +31,7 @@ in { evince eww feh + feishin file-roller gamescope gimp3 From 3e56c780dd7b1524790aaee961012b6161caf71a Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 18 Mar 2026 20:43:04 +1100 Subject: [PATCH 266/363] services/website: redirect cdn.lava.moe to sh.lava.moe --- modules/services/website.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/modules/services/website.nix b/modules/services/website.nix index 2ef679b..3fba609 100644 --- a/modules/services/website.nix +++ b/modules/services/website.nix @@ -18,6 +18,13 @@ in { root = inputs.website.outPath; }; "cdn.lava.moe" = { + useACMEHost = "lava.moe"; + forceSSL = true; + extraConfig = '' + return 301 https://sh.lava.moe$request_uri; + ''; + }; + "sh.lava.moe" = { useACMEHost = "lava.moe"; forceSSL = true; root = "/persist/cdn"; From 36a161d1df1f5ea914a338f4cc3375272e10f59a Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 18 Mar 2026 21:39:02 +1100 Subject: [PATCH 267/363] containers/fluorite: store all data --- containers/fluorite/configuration.nix | 8 ++++++-- containers/fluorite/flake.nix | 4 ++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/containers/fluorite/configuration.nix b/containers/fluorite/configuration.nix index 14e39ff..9fcb5f5 100644 --- a/containers/fluorite/configuration.nix +++ b/containers/fluorite/configuration.nix @@ -3,6 +3,11 @@ systemd.tmpfiles.rules = [ "d /persist/slskd/Downloads 755 slskd slskd" ]; + fileSystems."/var/lib/slskd" = { + device = "/persist/slskd"; + fsType = "none"; + options = [ "bind" ]; + }; networking.firewall.allowedTCPPorts = [ 5030 50300 ]; networking.firewall.allowedUDPPorts = [ 5030 50300 ]; @@ -11,8 +16,7 @@ domain = null; environmentFile = "/binds/slskd_env"; settings = { - directories.downloads = "/persist/slskd/Downloads"; - shares.directories = [ "/binds/shared/" ]; + shares.directories = [ "/binds/music/" ]; }; }; } diff --git a/containers/fluorite/flake.nix b/containers/fluorite/flake.nix index 7acbc55..c49e63b 100644 --- a/containers/fluorite/flake.nix +++ b/containers/fluorite/flake.nix @@ -72,9 +72,9 @@ mountPoint = "/persist"; isReadOnly = false; }; - bindMounts."shared" = { + bindMounts."music" = { hostPath = "/persist/media/music"; - mountPoint = "/binds/shared"; + mountPoint = "/binds/music"; isReadOnly = true; }; bindMounts."slskd_env" = { From 6c7393228e842cd24d7df8e1ab5695e305a5a24c Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 18 Mar 2026 21:54:43 +1100 Subject: [PATCH 268/363] containers/fluorite: add description and picture --- containers/fluorite/configuration.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/containers/fluorite/configuration.nix b/containers/fluorite/configuration.nix index 9fcb5f5..f1acc93 100644 --- a/containers/fluorite/configuration.nix +++ b/containers/fluorite/configuration.nix @@ -17,6 +17,8 @@ environmentFile = "/binds/slskd_env"; settings = { shares.directories = [ "/binds/music/" ]; + soulseek.description = "🌸 | sv.sl@lava.moe | slskd"; + soulseek.picture = "/var/lib/slskd/picture.gif"; }; }; } From b06c78285004660477f17f18f3f9e8ade41939f3 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 18 Mar 2026 22:08:23 +1100 Subject: [PATCH 269/363] containers/fluorite: use png picture --- containers/fluorite/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/fluorite/configuration.nix b/containers/fluorite/configuration.nix index f1acc93..2dce952 100644 --- a/containers/fluorite/configuration.nix +++ b/containers/fluorite/configuration.nix @@ -18,7 +18,7 @@ settings = { shares.directories = [ "/binds/music/" ]; soulseek.description = "🌸 | sv.sl@lava.moe | slskd"; - soulseek.picture = "/var/lib/slskd/picture.gif"; + soulseek.picture = "/var/lib/slskd/picture.png"; }; }; } From 2d15fb3a5e216e8787ce5252591de959ee938ff4 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 18 Mar 2026 22:09:04 +1100 Subject: [PATCH 270/363] containers/fluorite: use jpg picture --- containers/fluorite/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/fluorite/configuration.nix b/containers/fluorite/configuration.nix index 2dce952..c83eb25 100644 --- a/containers/fluorite/configuration.nix +++ b/containers/fluorite/configuration.nix @@ -18,7 +18,7 @@ settings = { shares.directories = [ "/binds/music/" ]; soulseek.description = "🌸 | sv.sl@lava.moe | slskd"; - soulseek.picture = "/var/lib/slskd/picture.png"; + soulseek.picture = "/var/lib/slskd/picture.jpg"; }; }; } From f8312bc6f26c5f17094c202d7782c730b8fb74bf Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Thu, 19 Mar 2026 20:42:32 +1100 Subject: [PATCH 271/363] user/neovim-minimal: fix treesitter errors --- res/config-minimal.lua | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/res/config-minimal.lua b/res/config-minimal.lua index f941c9e..c2d3f06 100644 --- a/res/config-minimal.lua +++ b/res/config-minimal.lua @@ -1,5 +1,5 @@ -- Keybindings -local map = vim.api.nvim_set_keymap +local map = vim.keymap.set map('n', '', 'h', { noremap = true }) map('n', '', 'j', { noremap = true }) map('n', '', 'k', { noremap = true }) @@ -18,6 +18,7 @@ vim.opt.number = true vim.opt.cursorline = true vim.opt.signcolumn = "yes:3" vim.opt.title = true +vim.opt.termguicolors = true vim.opt.updatetime = 0 vim.opt.clipboard:prepend('unnamedplus') @@ -47,7 +48,7 @@ vim.g.signify_sign_change = vim.g.signify_sign_add vim.g.signify_sign_change_delete = vim.g.signify_sign_delete -- Plugins -require('nvim-treesitter.configs').setup { +require('nvim-treesitter').setup { highlight = { enable = true }, indent = { enable = false } } From d8c016e933fd885bac2295c69200c5caf3b41231 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Mon, 23 Mar 2026 02:38:48 +1100 Subject: [PATCH 272/363] containers/fluorite: move desc and pic to secrets --- containers/fluorite/configuration.nix | 2 -- secrets/slskd_env.age | Bin 534 -> 853 bytes 2 files changed, 2 deletions(-) diff --git a/containers/fluorite/configuration.nix b/containers/fluorite/configuration.nix index c83eb25..9fcb5f5 100644 --- a/containers/fluorite/configuration.nix +++ b/containers/fluorite/configuration.nix @@ -17,8 +17,6 @@ environmentFile = "/binds/slskd_env"; settings = { shares.directories = [ "/binds/music/" ]; - soulseek.description = "🌸 | sv.sl@lava.moe | slskd"; - soulseek.picture = "/var/lib/slskd/picture.jpg"; }; }; } diff --git a/secrets/slskd_env.age b/secrets/slskd_env.age index 6c4a42e51010cb8559104ccba60a246deaa160cf..7515e1fe0856de4165a345ca9d18941d86466845 100644 GIT binary patch delta 802 zcmbQna+Pg@PJND%L5jOig-c~px{0@;V|YY?V}5y5QbBl`n@ggzv9o!pQF?}VXljaa zK3BeLNo8(9Ns(Kmd1|nKgr9#|dAMVuM@ou^sdi#iieF(^ikYida+E`9R#m=5#KEX-pAudT~*{)uZ83rj%rC9+crtSt@y1KdwJ}DJ>ffgP~ z-emzksh){d5#iYtX(ap9V`X;r?>Wvg`-oiQ*JPCw`&4#&{akq2 zZ}#+WUG?kv?Rms`{`Q}_$#HDEXwi-^?`w9hPq)`F>91^lyIi_`>xFrH*S_X@kharj z%gc$A-ly&<=5kymp44jd`G~j%|G!@K`-UQC^Af}g;@C9#oZeV*KK|kN=%K)7?)P7w ze!R%o*B6j}Aa}yXqe16hT#o#%w(`4Dy>n9WnVOHRRtyGA^_RY{aM+UfhMQr>|edy|_G~?!? zUCrUm+a4{`e80Kr*_`k82OsYe-g4x`Z=v_zPsIbj#ZM4@R`$w7CsD9%Cu<#h=t+O4 zO;*gx8|**Kdmp=!`IqXvz@s2N`muW;fmxZ~ffq7Y~xu?5{d#ImtzP3STL1?O}bC79TzGb+1xvy!8cDb)tQIL=8 z#E;_jAyNKe;Ra!OC8=&H$=<2ng%y?Ajy_ds+C~;-S;e8H&d%W>1!Z}uej&bGo(4{Z zB?j&WZn*)T$vN77>1HWzd1i)A;X&!Xp~2?4emUNesqXGZX2JPfy1KdwCFzNVuC77l zRmPFYhHjQ#C7CV;`jLr|X4(10ZXTf_mD%p~j+L3^W|5BhT!jy{gtjw3_dY+x>FfKp zSKGtF&t6=3E3Rkb6NMSm+7IkoI9nvbbMrN~>C+n4ZatT&E0kjD;pf@6RbDr&E=DDD zw#o|e=g#voD{s6os`Y5q*Wdl_hqT+5os4^xZ~t0i&>VMSTH^1nN&M>4u0}`nZ!Qtt cSJlHcD^cM7s#D6nkLU6}*cR-0Q|8uV0A^pa%m4rY From 9fd117c50ca903589d88595be790b9171b10dfa6 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Fri, 20 Mar 2026 22:08:19 +1100 Subject: [PATCH 273/363] rin/packages: add temurin-25 to prismlauncher --- users/rin/packages.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/users/rin/packages.nix b/users/rin/packages.nix index 93608e1..d29d22b 100644 --- a/users/rin/packages.nix +++ b/users/rin/packages.nix @@ -49,7 +49,12 @@ in { # inputs.nix-gaming.packages.x86_64-linux.wine-osu obsidian pavucontrol - prismlauncher + (prismlauncher.override { + jdks = [ + jdk21 + temurin-bin-25 + ]; + }) qbittorrent rivalcfg screenkey From 576fd7604f5b08c152d0d5960045913a31075400 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 20 Mar 2026 02:31:02 +0000 Subject: [PATCH 274/363] flake: bump inputs --- flake.lock | 176 ++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 119 insertions(+), 57 deletions(-) diff --git a/flake.lock b/flake.lock index 2bd4720..13fbf66 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1770327417, - "narHash": "sha256-WNS+wDUeqfegOXf5emDRnNs2bPiJ7rhdARo4jyd3+Yw=", + "lastModified": 1772290697, + "narHash": "sha256-MyLNx13P+pv1RszO1rMd3144NEeU/oU4iL+xOTpRoaU=", "owner": "ezKEa", "repo": "aagl-gtk-on-nix", - "rev": "26670347cca9feddb31e075d23b474149d8902e1", + "rev": "dcb53a4cb4cb09ef7f08328428ba559be5b9f01b", "type": "github" }, "original": { @@ -258,11 +258,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1761588595, - "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=", + "lastModified": 1767039857, + "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", "owner": "edolstra", "repo": "flake-compat", - "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5", + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", "type": "github" }, "original": { @@ -271,6 +271,22 @@ "type": "github" } }, + "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1767039857, + "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", + "owner": "NixOS", + "repo": "flake-compat", + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "flake-compat", + "type": "github" + } + }, "flake-parts": { "inputs": { "nixpkgs-lib": [ @@ -279,11 +295,11 @@ ] }, "locked": { - "lastModified": 1769996383, - "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=", + "lastModified": 1772408722, + "narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "57928607ea566b5db3ad13af0e57e921e6b12381", + "rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3", "type": "github" }, "original": { @@ -297,11 +313,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1769996383, - "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=", + "lastModified": 1772408722, + "narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "57928607ea566b5db3ad13af0e57e921e6b12381", + "rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3", "type": "github" }, "original": { @@ -364,6 +380,51 @@ "type": "github" } }, + "git-hooks": { + "inputs": { + "flake-compat": "flake-compat_2", + "gitignore": "gitignore", + "nixpkgs": [ + "nix-gaming", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1772893680, + "narHash": "sha256-JDqZMgxUTCq85ObSaFw0HhE+lvdOre1lx9iI6vYyOEs=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "8baab586afc9c9b57645a734c820e4ac0a604af9", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "nix-gaming", + "git-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -435,11 +496,11 @@ ] }, "locked": { - "lastModified": 1770818644, - "narHash": "sha256-DYS4jIRpRoKOzJjnR/QqEd/MlT4OZZpt8CrBLv+cjsE=", + "lastModified": 1773962693, + "narHash": "sha256-nf9pgktDE4E2TCavUT1vh3Nd/tfKixL1BK6P32Zp3hI=", "owner": "nix-community", "repo": "home-manager", - "rev": "0acbd1180697de56724821184ad2c3e6e7202cd7", + "rev": "9d3c1d636e7b8ab10f357cd9bee653cd400437de", "type": "github" }, "original": { @@ -479,11 +540,11 @@ "linux-tkg": { "flake": false, "locked": { - "lastModified": 1770607339, - "narHash": "sha256-/j7IEdwbaaN4SGKAl5gE3vRdKIdIw8f7RNMrM9Lc28M=", + "lastModified": 1773696903, + "narHash": "sha256-OkKN/5waWcPNqq/9tWsR9q4oxSJeMCyeBl1RQGctq9Q=", "owner": "Frogging-Family", "repo": "linux-tkg", - "rev": "9498fb9bc0c3323d1c291667d8cb16cb2a37bcee", + "rev": "e4eabe3978f0e6ed967e5d969487f9335af8062f", "type": "github" }, "original": { @@ -501,11 +562,11 @@ ] }, "locked": { - "lastModified": 1770857573, - "narHash": "sha256-pSeFA1qRAdivDrrKoybJ1DOcbkXx2v/ExIc6n0DbT4U=", + "lastModified": 1773965157, + "narHash": "sha256-u6Ceko/AQ30asd/P68Y7gD0x3LtsjiPwC31TlwVnsac=", "owner": "nix-community", "repo": "neovim-nightly-overlay", - "rev": "31e79c73c444b2e51eb34f2305792809839c58e8", + "rev": "7e711c5abd3b0ca9c0038606edeee6bcf09b055c", "type": "github" }, "original": { @@ -517,11 +578,11 @@ "neovim-src": { "flake": false, "locked": { - "lastModified": 1770810897, - "narHash": "sha256-6F/Z/UQxalaSoqewSQ4fL8zSws3Vy4wgA5DgyTaeqTo=", + "lastModified": 1773942472, + "narHash": "sha256-VRtGTA4WWgrVrjZg+XrnRgMcbAa0EkYkWV5Wcn76/0g=", "owner": "neovim", "repo": "neovim", - "rev": "6b4ec2264e1d8ba027b85f3883d532c5068be92a", + "rev": "06befe1e348bf540bb04a8c0cafe116616e71715", "type": "github" }, "original": { @@ -533,14 +594,15 @@ "nix-gaming": { "inputs": { "flake-parts": "flake-parts_2", + "git-hooks": "git-hooks", "nixpkgs": "nixpkgs_10" }, "locked": { - "lastModified": 1770778188, - "narHash": "sha256-KZHPn3L6veRgRwOyfhaeM5ZTJfpkoY9EICIzUcQn4w8=", + "lastModified": 1773888274, + "narHash": "sha256-PujDYvxi8Hbm/EB706mi+UWRRzoBaAVhpJREH13Gepg=", "owner": "fufexan", "repo": "nix-gaming", - "rev": "59e3b8189047bc591635645d2c682020c13eeac5", + "rev": "6e734655941171e75e64511c7c643f854753f52e", "type": "github" }, "original": { @@ -571,11 +633,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1764242076, - "narHash": "sha256-sKoIWfnijJ0+9e4wRvIgm/HgE27bzwQxcEmo2J/gNpI=", + "lastModified": 1770841267, + "narHash": "sha256-9xejG0KoqsoKEGp2kVbXRlEYtFFcDTHjidiuX8hGO44=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2fad6eac6077f03fe109c4d4eb171cf96791faa4", + "rev": "ec7c70d12ce2fc37cb92aff673dcdca89d187bae", "type": "github" }, "original": { @@ -587,11 +649,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1769909678, - "narHash": "sha256-cBEymOf4/o3FD5AZnzC3J9hLbiZ+QDT/KDuyHXVJOpM=", + "lastModified": 1772328832, + "narHash": "sha256-e+/T/pmEkLP6BHhYjx6GmwP5ivonQQn0bJdH9YrRB+Q=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "72716169fe93074c333e8d0173151350670b824c", + "rev": "c185c7a5e5dd8f9add5b2f8ebeff00888b070742", "type": "github" }, "original": { @@ -618,11 +680,11 @@ }, "nixpkgs_10": { "locked": { - "lastModified": 1770537093, - "narHash": "sha256-pF1quXG5wsgtyuPOHcLfYg/ft/QMr8NnX0i6tW2187s=", + "lastModified": 1773507054, + "narHash": "sha256-Q8U5VXgrcxmCxPtCCJCIZkcAX3FCZwGh1GNVIXxMND0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fef9403a3e4d31b0a23f0bacebbec52c248fbb51", + "rev": "e80236013dc8b77aa49ca90e7a12d86f5d8d64c9", "type": "github" }, "original": { @@ -634,11 +696,11 @@ }, "nixpkgs_11": { "locked": { - "lastModified": 1770562336, - "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", + "lastModified": 1773821835, + "narHash": "sha256-TJ3lSQtW0E2JrznGVm8hOQGVpXjJyXY2guAxku2O9A4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d6c71932130818840fc8fe9509cf50be8c64634f", + "rev": "b40629efe5d6ec48dd1efba650c797ddbd39ace0", "type": "github" }, "original": { @@ -818,11 +880,11 @@ "nvim-treesitter": { "flake": false, "locked": { - "lastModified": 1770808440, - "narHash": "sha256-paM9v2DKiHEwN0fTXuX9eY0KwVsB+9Bv6mOX9u/eyAI=", + "lastModified": 1773768003, + "narHash": "sha256-lQMRGqObOxoESWDD8+RSZAKmevVXzHS3IipBthvi3To=", "owner": "nvim-treesitter", "repo": "nvim-treesitter", - "rev": "9f2dad22ef8bb14fd1e0a3aa8859cdc88170668b", + "rev": "2b50ab5ccbcd9e5708deb351308edd738adbf84c", "type": "github" }, "original": { @@ -927,11 +989,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1764470739, - "narHash": "sha256-sa9f81B1dWO16QtgDTWHX8DQbiHKzHndpaunY5EQtwE=", + "lastModified": 1770952264, + "narHash": "sha256-CjymNrJZWBtpavyuTkfPVPaZkwzIzGaf0E/3WgcwM14=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "3bfa664055e1a09c6aedab5533c5fc8d6ca5741a", + "rev": "ec6a3d5cdf14bb5a1dd03652bd3f6351004d2188", "type": "github" }, "original": { @@ -948,11 +1010,11 @@ "systems": "systems_5" }, "locked": { - "lastModified": 1770846656, - "narHash": "sha256-wdYpo8++TqKp3GdRgLFykjuIVW1m9GlUnxID2FG74cE=", + "lastModified": 1773619901, + "narHash": "sha256-Br8CQy4ht+a2OxyzaRwuP5+oIFfoRvCxYgsmdrgid40=", "owner": "Gerg-L", "repo": "spicetify-nix", - "rev": "40e65cfc4608402674e1efaac3fccce20d2a72d3", + "rev": "6f06ff05cd536b790b7662550a10b61a1ac4619e", "type": "github" }, "original": { @@ -964,11 +1026,11 @@ "spotify-adblock": { "flake": false, "locked": { - "lastModified": 1739206126, + "lastModified": 1773417310, "narHash": "sha256-nwiX2wCZBKRTNPhmrurWQWISQdxgomdNwcIKG2kSQsE=", "owner": "abba23", "repo": "spotify-adblock", - "rev": "8e0312d6085a6e4f9afeb7c2457517a75e8b8f9d", + "rev": "813d3451c53126bf1941baaf8dd37f1152c3f412", "type": "github" }, "original": { @@ -980,11 +1042,11 @@ "stevenblack-hosts": { "flake": false, "locked": { - "lastModified": 1770244988, - "narHash": "sha256-DT9HK9iYTmXUfjKcTxLRMZOeCLb9CAoFEpBiDpEku3g=", + "lastModified": 1773769816, + "narHash": "sha256-OSN3K2lSag5aA58UmfI1JMvmksuEVwlT7TOeBOsEmX8=", "owner": "StevenBlack", "repo": "hosts", - "rev": "7ea67ed353b27e1dbe36363074d1b6c3ca6be46b", + "rev": "5090055e2d36e9fc5539551656e1d8107a84ad7e", "type": "github" }, "original": { @@ -1120,11 +1182,11 @@ "zsh-abbr": { "flake": false, "locked": { - "lastModified": 1770748719, - "narHash": "sha256-RvdMEk1bQ/mCbcTneg8mMJJh6j60km0/wchBBQQ+Ugo=", + "lastModified": 1773890443, + "narHash": "sha256-SVuwDeHIBg8yArKGzDEfsG3fz0UwABQoJkyKTQAPUiw=", "ref": "refs/heads/main", - "rev": "2de4a08c5e0d9dbe8447e11e0a177b59b5b6d6ea", - "revCount": 1137, + "rev": "889f4772c12b9dbe4965bbd56f2572af0a28fa3b", + "revCount": 1139, "submodules": true, "type": "git", "url": "https://github.com/olets/zsh-abbr" From 2239c1cc6496843c079fdfeeb3624d0b362735ce Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 20 Mar 2026 02:31:05 +0000 Subject: [PATCH 275/363] packages/linux-lava: bump to 6.19.9 --- packages/linux-lava/sources.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/linux-lava/sources.nix b/packages/linux-lava/sources.nix index dc198a6..dd2f171 100644 --- a/packages/linux-lava/sources.nix +++ b/packages/linux-lava/sources.nix @@ -1,8 +1,8 @@ { fetchFromGitHub, inputs, lib }: let - version = "6.19"; + version = "6.19.9"; kernelHash = "0mqka8ii7bvmx9hvfjdiyva9ib0j7m390gxhh8gki3qb4nl7jc1h"; - kernelPatchHash = "0w36sxwwhfqpc1if9d52rg0g1k20xjl2cairlyiyk10ns17mjxlb"; + kernelPatchHash = "19pwgvifkadsgfsx3w29mi0ks2vwwk88gw4jsya1gjy0jfk1h6qr"; mm = lib.versions.majorMinor version; hasPatch = (builtins.length (builtins.splitVersion version)) == 3; From d11d080c946853d24f36d9ca832c293d32a5f921 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Fri, 20 Mar 2026 22:43:04 +1100 Subject: [PATCH 276/363] system/packages-gui: move light to brightnessctl in home --- modules/system/packages-gui.nix | 1 - modules/user/hypridle.nix | 12 ++++++------ users/rin/packages.nix | 1 + 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/modules/system/packages-gui.nix b/modules/system/packages-gui.nix index 77eb510..d853c40 100644 --- a/modules/system/packages-gui.nix +++ b/modules/system/packages-gui.nix @@ -10,7 +10,6 @@ libva-vdpau-driver libvdpau-va-gl ]; - programs.light.enable = true; hardware.opentabletdriver.enable = true; hardware.keyboard.qmk.enable = true; programs.steam = { diff --git a/modules/user/hypridle.nix b/modules/user/hypridle.nix index 68203b1..af7af86 100644 --- a/modules/user/hypridle.nix +++ b/modules/user/hypridle.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: let - kblight = "light -s sysfs/leds/${config.me.kbBacklightDevice}"; + kblight = "brightnessctl -d ${config.me.kbBacklightDevice}"; in { home.packages = [ config.services.hypridle.package ]; @@ -16,18 +16,18 @@ in listener = lib.optionals (config.me.kbBacklightDevice != null) [ { timeout = 120; - on-timeout = "${kblight} -O && ${kblight} -S 0"; - on-resume = "${kblight} -I"; + on-timeout = "${kblight} -s && ${kblight} 0"; + on-resume = "${kblight} -r"; } ] ++ [ { timeout = 150; - on-timeout = "light -O && light -T 0.5"; - on-resume = "light -I"; + on-timeout = "brightnessctl -s && brightnessctl 50%-"; + on-resume = "brightnessctl -r"; } { timeout = 180; - on-timeout = "light -I && loginctl lock-session"; + on-timeout = "brightnessctl -r && loginctl lock-session"; } { timeout = 195; diff --git a/users/rin/packages.nix b/users/rin/packages.nix index d29d22b..c2569c7 100644 --- a/users/rin/packages.nix +++ b/users/rin/packages.nix @@ -26,6 +26,7 @@ in { nodePackages_latest.pnpm ] ++ lib.optionals config.me.gui [ android-studio + brightnessctl drawio element-desktop evince From e303fee58d98dcf0056153068d011b42ece25f02 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Mon, 6 Apr 2026 23:16:57 +1000 Subject: [PATCH 277/363] system/wireguard: change port to 51801 --- modules/system/wireguard.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/wireguard.nix b/modules/system/wireguard.nix index dbc8938..bdfe900 100644 --- a/modules/system/wireguard.nix +++ b/modules/system/wireguard.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, gcSecrets, ... }: let - port = 123; + port = 51801; serverName = "dandelion"; serverInterface = "enp0s6"; serverIp = gcSecrets.wireguard.gateway; From 087ed1c323b1f26824858e29df96363d0a69e87a Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sat, 18 Apr 2026 15:10:44 +1000 Subject: [PATCH 278/363] user/neovim: fix logs opening on tex save --- res/config.lua | 1 + 1 file changed, 1 insertion(+) diff --git a/res/config.lua b/res/config.lua index ef10504..5d205d7 100644 --- a/res/config.lua +++ b/res/config.lua @@ -51,6 +51,7 @@ vim.g.signify_sign_change_delete = vim.g.signify_sign_delete -- VimTeX vim.g.vimtex_view_method = "zathura" +vim.g.vimtex_quickfix_open_on_warning = 0 -- Theming vim.api.nvim_command("syntax enable") From 27ba1aaede433225bfc9ad429e76c53c6f865860 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 26 Apr 2026 15:47:39 +1000 Subject: [PATCH 279/363] anemone/networking: switch to iwd --- hosts/anemone/networking.nix | 17 +---------------- 1 file changed, 1 insertion(+), 16 deletions(-) diff --git a/hosts/anemone/networking.nix b/hosts/anemone/networking.nix index 18c0d87..f5a4dc5 100644 --- a/hosts/anemone/networking.nix +++ b/hosts/anemone/networking.nix @@ -1,19 +1,4 @@ { config, ... }: { - networking = { - #nameservers = [ "8.8.8.8" "8.8.4.4" ]; - - #wg-quick.interfaces.wg0.configFile = "/persist/vpn.conf"; - wireless.enableHardening = false; - - networkmanager = { - enable = true; - #dns = "none"; - }; - - extraHosts = '' - 192.168.100.16 hyacinth - ''; - }; - + networking.wireless.iwd.enable = true; environment.etc."NetworkManager/system-connections".source = "/persist/nm_system-connections"; } From 75e0c8f6acefa8d98d5581a3e2d2de9813aee82f Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Sun, 10 May 2026 03:42:00 +0000 Subject: [PATCH 280/363] flake: bump inputs --- flake.lock | 173 +++++++++++++++++++++++++---------------------------- 1 file changed, 80 insertions(+), 93 deletions(-) diff --git a/flake.lock b/flake.lock index 13fbf66..d6070b9 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1772290697, - "narHash": "sha256-MyLNx13P+pv1RszO1rMd3144NEeU/oU4iL+xOTpRoaU=", + "lastModified": 1777475243, + "narHash": "sha256-EiCeDGJewyWq2Mtdt5m8qyo/W5PXVUCacLuZJ/diBQ8=", "owner": "ezKEa", "repo": "aagl-gtk-on-nix", - "rev": "dcb53a4cb4cb09ef7f08328428ba559be5b9f01b", + "rev": "12e7b06163456e4c3685ee83b8fdc277fe03bdc8", "type": "github" }, "original": { @@ -45,7 +45,7 @@ }, "c-amethyst": { "inputs": { - "nixpkgs": "nixpkgs_3" + "nixpkgs": "nixpkgs_2" }, "locked": { "path": "./containers/amethyst", @@ -59,7 +59,7 @@ }, "c-beryllium": { "inputs": { - "nixpkgs": "nixpkgs_4" + "nixpkgs": "nixpkgs_3" }, "locked": { "path": "./containers/beryllium", @@ -74,7 +74,7 @@ "c-citrine": { "inputs": { "catppuccin": "catppuccin", - "nixpkgs": "nixpkgs_6" + "nixpkgs": "nixpkgs_5" }, "locked": { "path": "./containers/citrine", @@ -88,7 +88,7 @@ }, "c-diamond": { "inputs": { - "nixpkgs": "nixpkgs_7" + "nixpkgs": "nixpkgs_6" }, "locked": { "path": "./containers/diamond", @@ -102,7 +102,7 @@ }, "c-emerald": { "inputs": { - "nixpkgs": "nixpkgs_8" + "nixpkgs": "nixpkgs_7" }, "locked": { "path": "./containers/emerald", @@ -116,7 +116,7 @@ }, "c-fluorite": { "inputs": { - "nixpkgs": "nixpkgs_9" + "nixpkgs": "nixpkgs_8" }, "locked": { "path": "./containers/fluorite", @@ -130,7 +130,7 @@ }, "catppuccin": { "inputs": { - "nixpkgs": "nixpkgs_5" + "nixpkgs": "nixpkgs_4" }, "locked": { "lastModified": 1773403535, @@ -149,11 +149,11 @@ "catppuccin-palette": { "flake": false, "locked": { - "lastModified": 1742245182, - "narHash": "sha256-R52Q1FVAclvBk7xNgj/Jl+GPCIbORNf6YbJ1nxH3Gzs=", + "lastModified": 1774131488, + "narHash": "sha256-hsy+GhuM4MSjnwGq1YJSLBFIbVm67SSdPRgObP00mxw=", "owner": "catppuccin", "repo": "palette", - "rev": "0df7db6fe201b437d91e7288fa22807bb0e44701", + "rev": "07d02aa110ef9eb7e7427afca5c73ba9cf7f8ebd", "type": "github" }, "original": { @@ -295,11 +295,11 @@ ] }, "locked": { - "lastModified": 1772408722, - "narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=", + "lastModified": 1777988971, + "narHash": "sha256-qIoWPDs+0/8JecyYgE3gpKQxW/4bLW/gp45vow9ioCQ=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3", + "rev": "0678d8986be1661af6bb555f3489f2fdfc31f6ff", "type": "github" }, "original": { @@ -313,11 +313,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1772408722, - "narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=", + "lastModified": 1777988971, + "narHash": "sha256-qIoWPDs+0/8JecyYgE3gpKQxW/4bLW/gp45vow9ioCQ=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3", + "rev": "0678d8986be1661af6bb555f3489f2fdfc31f6ff", "type": "github" }, "original": { @@ -390,11 +390,11 @@ ] }, "locked": { - "lastModified": 1772893680, - "narHash": "sha256-JDqZMgxUTCq85ObSaFw0HhE+lvdOre1lx9iI6vYyOEs=", + "lastModified": 1776796298, + "narHash": "sha256-PcRvlWayisPSjd0UcRQbhG8Oqw78AcPE6x872cPRHN8=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "8baab586afc9c9b57645a734c820e4ac0a604af9", + "rev": "3cfd774b0a530725a077e17354fbdb87ea1c4aad", "type": "github" }, "original": { @@ -496,11 +496,11 @@ ] }, "locked": { - "lastModified": 1773962693, - "narHash": "sha256-nf9pgktDE4E2TCavUT1vh3Nd/tfKixL1BK6P32Zp3hI=", + "lastModified": 1778365864, + "narHash": "sha256-ImoT/wqmgMImf2dAC+E0MverAdA4QXsedOeES9B7Ezw=", "owner": "nix-community", "repo": "home-manager", - "rev": "9d3c1d636e7b8ab10f357cd9bee653cd400437de", + "rev": "2f419037039a152448c5f4ae9494154753d1b399", "type": "github" }, "original": { @@ -540,11 +540,11 @@ "linux-tkg": { "flake": false, "locked": { - "lastModified": 1773696903, - "narHash": "sha256-OkKN/5waWcPNqq/9tWsR9q4oxSJeMCyeBl1RQGctq9Q=", + "lastModified": 1778301982, + "narHash": "sha256-M8a1VqhhI3Ii0KFY4n1UdzUIFwZbET+G464cCb5ye5U=", "owner": "Frogging-Family", "repo": "linux-tkg", - "rev": "e4eabe3978f0e6ed967e5d969487f9335af8062f", + "rev": "d20b99557a90663a016f741398098d4d7b3ad119", "type": "github" }, "original": { @@ -562,11 +562,11 @@ ] }, "locked": { - "lastModified": 1773965157, - "narHash": "sha256-u6Ceko/AQ30asd/P68Y7gD0x3LtsjiPwC31TlwVnsac=", + "lastModified": 1778371477, + "narHash": "sha256-sVlZeFIds47ABfBbAmBLexCFnkE1GIBTNGjAMRh+BfA=", "owner": "nix-community", "repo": "neovim-nightly-overlay", - "rev": "7e711c5abd3b0ca9c0038606edeee6bcf09b055c", + "rev": "b9ee678fadf59b3c998e180d62f4cee0641d21d9", "type": "github" }, "original": { @@ -578,11 +578,11 @@ "neovim-src": { "flake": false, "locked": { - "lastModified": 1773942472, - "narHash": "sha256-VRtGTA4WWgrVrjZg+XrnRgMcbAa0EkYkWV5Wcn76/0g=", + "lastModified": 1778321961, + "narHash": "sha256-lrPZ0C+uixk+6jx+maWM998GZaj4lAuicAz/dZHFNBk=", "owner": "neovim", "repo": "neovim", - "rev": "06befe1e348bf540bb04a8c0cafe116616e71715", + "rev": "b44c2bdd16226f6caa5324d91f1ae9781ffdc12b", "type": "github" }, "original": { @@ -595,14 +595,14 @@ "inputs": { "flake-parts": "flake-parts_2", "git-hooks": "git-hooks", - "nixpkgs": "nixpkgs_10" + "nixpkgs": "nixpkgs_9" }, "locked": { - "lastModified": 1773888274, - "narHash": "sha256-PujDYvxi8Hbm/EB706mi+UWRRzoBaAVhpJREH13Gepg=", + "lastModified": 1778384395, + "narHash": "sha256-ymn6ivl8RbUK8oevC+aRQ3IY3cB3Jg0dCv7LR5XSBVo=", "owner": "fufexan", "repo": "nix-gaming", - "rev": "6e734655941171e75e64511c7c643f854753f52e", + "rev": "8368f981774ee25774d016e810d426891174a993", "type": "github" }, "original": { @@ -618,11 +618,11 @@ ] }, "locked": { - "lastModified": 1773552174, - "narHash": "sha256-mHSRNrT1rjeYBgkAlj07dW3+1nFEgAd8Gu6lgyfT9DU=", + "lastModified": 1778240325, + "narHash": "sha256-d2HIS7LpfI0lgxiXCXLjxrHl3eIdNvAVexOu0xiM488=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "8faeb68130df077450451b6734a221ba0d6cde42", + "rev": "dd2d0e3f6ba00af01b9498f5697173bdc2524bee", "type": "github" }, "original": { @@ -649,11 +649,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1772328832, - "narHash": "sha256-e+/T/pmEkLP6BHhYjx6GmwP5ivonQQn0bJdH9YrRB+Q=", + "lastModified": 1777168982, + "narHash": "sha256-GOkGPcboWE9BmGCRMLX3worL4EMnsnG8MyKmXNeYuhQ=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "c185c7a5e5dd8f9add5b2f8ebeff00888b070742", + "rev": "f5901329dade4a6ea039af1433fb087bd9c1fe14", "type": "github" }, "original": { @@ -680,27 +680,11 @@ }, "nixpkgs_10": { "locked": { - "lastModified": 1773507054, - "narHash": "sha256-Q8U5VXgrcxmCxPtCCJCIZkcAX3FCZwGh1GNVIXxMND0=", + "lastModified": 1777954456, + "narHash": "sha256-hGdgeU2Nk87RAuZyYjyDjFL6LK7dAZN5RE9+hrDTkDU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e80236013dc8b77aa49ca90e7a12d86f5d8d64c9", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_11": { - "locked": { - "lastModified": 1773821835, - "narHash": "sha256-TJ3lSQtW0E2JrznGVm8hOQGVpXjJyXY2guAxku2O9A4=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "b40629efe5d6ec48dd1efba650c797ddbd39ace0", + "rev": "549bd84d6279f9852cae6225e372cc67fb91a4c1", "type": "github" }, "original": { @@ -710,7 +694,7 @@ "type": "github" } }, - "nixpkgs_12": { + "nixpkgs_11": { "locked": { "lastModified": 1770019141, "narHash": "sha256-VKS4ZLNx4PNrABoB0L8KUpc1fE7CLpQXQs985tGfaCU=", @@ -728,16 +712,16 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1744536153, - "narHash": "sha256-awS2zRgF4uTwrOKwwiJcByDzDOdo3Q1rPZbiHQg/N38=", + "lastModified": 1773282481, + "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "18dd725c29603f582cf1900e0d25f9f1063dbf11", + "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixpkgs-unstable", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } @@ -760,11 +744,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1773282481, - "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=", + "lastModified": 1773122722, + "narHash": "sha256-FIqHByVqxCprNjor1NqF80F2QQoiiyqanNNefdlvOg4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127", + "rev": "62dc67aa6a52b4364dd75994ec00b51fbf474e50", "type": "github" }, "original": { @@ -776,11 +760,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1773122722, - "narHash": "sha256-FIqHByVqxCprNjor1NqF80F2QQoiiyqanNNefdlvOg4=", + "lastModified": 1773282481, + "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "62dc67aa6a52b4364dd75994ec00b51fbf474e50", + "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127", "type": "github" }, "original": { @@ -840,16 +824,16 @@ }, "nixpkgs_9": { "locked": { - "lastModified": 1773282481, - "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=", + "lastModified": 1778274207, + "narHash": "sha256-I4puXmX1iovcCHZlRmztO3vW0mAbbRvq4F8wgIMQ1MM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127", + "rev": "b3da656039dc7a6240f27b2ef8cc6a3ef3bccae7", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-unstable", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } @@ -880,11 +864,11 @@ "nvim-treesitter": { "flake": false, "locked": { - "lastModified": 1773768003, - "narHash": "sha256-lQMRGqObOxoESWDD8+RSZAKmevVXzHS3IipBthvi3To=", + "lastModified": 1775221900, + "narHash": "sha256-PQR6tFt4lCrAZNQG7BLMD1IiCKja9wDS1S4laGJf/HE=", "owner": "nvim-treesitter", "repo": "nvim-treesitter", - "rev": "2b50ab5ccbcd9e5708deb351308edd738adbf84c", + "rev": "4916d6592ede8c07973490d9322f187e07dfefac", "type": "github" }, "original": { @@ -896,15 +880,15 @@ "pastel": { "inputs": { "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs_12", + "nixpkgs": "nixpkgs_11", "pnpm2nix": "pnpm2nix" }, "locked": { - "lastModified": 1772103435, - "narHash": "sha256-dtsWJl+DBigaZlszH4UVI8JZltJl9O6MESDyH4RepNI=", + "lastModified": 1775622883, + "narHash": "sha256-2+7uCRXn+tn4LVaO7hLKPaezdKPW6HGvTr00aO4Tcxs=", "owner": "cillynder", "repo": "pastel", - "rev": "8e2b1b80d711eaf41c010949bef0a512db9e4452", + "rev": "46f6569d5ad41ec1256dbf999d21701f73d6077b", "type": "github" }, "original": { @@ -970,7 +954,7 @@ "neovim-nightly": "neovim-nightly", "nix-gaming": "nix-gaming", "nix-index-database": "nix-index-database", - "nixpkgs": "nixpkgs_11", + "nixpkgs": "nixpkgs_10", "nvim-treesitter": "nvim-treesitter", "pastel": "pastel", "pure": "pure", @@ -986,7 +970,10 @@ }, "rust-overlay": { "inputs": { - "nixpkgs": "nixpkgs_2" + "nixpkgs": [ + "aagl", + "nixpkgs" + ] }, "locked": { "lastModified": 1770952264, @@ -1010,11 +997,11 @@ "systems": "systems_5" }, "locked": { - "lastModified": 1773619901, - "narHash": "sha256-Br8CQy4ht+a2OxyzaRwuP5+oIFfoRvCxYgsmdrgid40=", + "lastModified": 1777789800, + "narHash": "sha256-XHCvLGu/bEEZRzXVKFu1i+2YB102Nr00n8e7xrzsfVs=", "owner": "Gerg-L", "repo": "spicetify-nix", - "rev": "6f06ff05cd536b790b7662550a10b61a1ac4619e", + "rev": "d0e921cc48aab6137d203a3eab19601dc2bdc0c3", "type": "github" }, "original": { @@ -1042,11 +1029,11 @@ "stevenblack-hosts": { "flake": false, "locked": { - "lastModified": 1773769816, - "narHash": "sha256-OSN3K2lSag5aA58UmfI1JMvmksuEVwlT7TOeBOsEmX8=", + "lastModified": 1778258800, + "narHash": "sha256-wTiDXFiBKV4M4jv1JrVLL/kkIyE1FK4qino07BYU5fc=", "owner": "StevenBlack", "repo": "hosts", - "rev": "5090055e2d36e9fc5539551656e1d8107a84ad7e", + "rev": "8ce06e1ed6f063d3d58cf9c980793415085f5d89", "type": "github" }, "original": { From 58d4b60f5b20662b49b28a16e4997268eb6897eb Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Sun, 10 May 2026 03:42:02 +0000 Subject: [PATCH 281/363] packages/linux-lava: bump to 7.0.5 --- packages/linux-lava/sources.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/linux-lava/sources.nix b/packages/linux-lava/sources.nix index dd2f171..c24fa57 100644 --- a/packages/linux-lava/sources.nix +++ b/packages/linux-lava/sources.nix @@ -1,8 +1,8 @@ { fetchFromGitHub, inputs, lib }: let - version = "6.19.9"; - kernelHash = "0mqka8ii7bvmx9hvfjdiyva9ib0j7m390gxhh8gki3qb4nl7jc1h"; - kernelPatchHash = "19pwgvifkadsgfsx3w29mi0ks2vwwk88gw4jsya1gjy0jfk1h6qr"; + version = "7.0.5"; + kernelHash = "1w4i705i0nl1xqv7fdhdbhy7j3xrzhl31fabs6vmgiw7nf06szxv"; + kernelPatchHash = "15a173sx7nw4qkp45f5ksnqd3a1flhpiq3zzsa6gzzcww433hm8d"; mm = lib.versions.majorMinor version; hasPatch = (builtins.length (builtins.splitVersion version)) == 3; From 575a0e96105da68be0c52e5bf20e71cc0c78d94b Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 10 May 2026 22:44:46 +1000 Subject: [PATCH 282/363] treewide: remove nodePackages --- modules/user/neovim.nix | 14 +++++++------- users/rin/packages.nix | 3 +-- 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/modules/user/neovim.nix b/modules/user/neovim.nix index 4dc4830..30ffac9 100644 --- a/modules/user/neovim.nix +++ b/modules/user/neovim.nix @@ -21,13 +21,13 @@ in { extraPackages = with pkgs; [ rust-analyzer texlab - nodePackages."@astrojs/language-server" - nodePackages."@tailwindcss/language-server" - nodePackages.diagnostic-languageserver - nodePackages.eslint_d - nodePackages.typescript-language-server - nodePackages.vscode-langservers-extracted - nodePackages.yaml-language-server + astro-language-server + tailwindcss-language-server + diagnostic-languageserver + eslint_d + typescript-language-server + vscode-langservers-extracted + yaml-language-server ]; plugins = with pkgs.vimPlugins; [ diff --git a/users/rin/packages.nix b/users/rin/packages.nix index c2569c7..8b15c60 100644 --- a/users/rin/packages.nix +++ b/users/rin/packages.nix @@ -18,12 +18,11 @@ in { nil nodejs_latest pamixer + pnpm qmk unrar weechat yt-dlp - - nodePackages_latest.pnpm ] ++ lib.optionals config.me.gui [ android-studio brightnessctl From 4c28a3eecbe91ca12be8559c68c17c9c11d7abf0 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Mon, 11 May 2026 01:05:27 +1000 Subject: [PATCH 283/363] overlays/openldap: skip failing checks for 32-bit --- overlays/default.nix | 1 + overlays/openldap.nix | 9 +++++++++ 2 files changed, 10 insertions(+) create mode 100644 overlays/openldap.nix diff --git a/overlays/default.nix b/overlays/default.nix index a84cba5..cbe3e7e 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -5,6 +5,7 @@ builtins.map (path: import path) [ ./eww.nix ./jetbrains.nix ./material-icons.nix + ./openldap.nix ./steam.nix ./utillinux.nix ./wpa-supplicant.nix diff --git a/overlays/openldap.nix b/overlays/openldap.nix new file mode 100644 index 0000000..f9b2b46 --- /dev/null +++ b/overlays/openldap.nix @@ -0,0 +1,9 @@ +self: super: { + # openldap i686 fails checks + # issue: https://github.com/NixOS/nixpkgs/issues/514113 + # workaround: https://github.com/NixOS/nixpkgs/issues/513245#issuecomment-4320293674 + # fix: https://github.com/NixOS/nixpkgs/pull/515956 + openldap = super.openldap.overrideAttrs { + doCheck = !self.stdenv.hostPlatform.isi686; + }; +} From cc43450dd1d9c57d236ccfaf3a5cbe9e72629ec4 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Thu, 28 May 2026 17:43:08 +1000 Subject: [PATCH 284/363] system/security: enable pam_u2f --- modules/system/security.nix | 32 ++++++++++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) diff --git a/modules/system/security.nix b/modules/system/security.nix index 602f108..3b4e8a7 100644 --- a/modules/system/security.nix +++ b/modules/system/security.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: { +{ config, lib, pkgs, ... }: { networking.firewall = let iptables = "${pkgs.iptables}/bin/iptables"; @@ -49,9 +49,37 @@ { groups = [ "wheel" ]; keepEnv = true; - persist = true; + persist = config.me.environment != "laptop"; } ]; }; + pam = lib.mkIf (config.me.environment != "headless") { + u2f = { + enable = true; + settings = { + cue = true; + pinverification = 1; + }; + }; + services.doas.rules.auth = { + u2f.settings.pinverification = lib.mkForce 0; + u2f_int = lib.mkMerge [ + { + enable = true; + order = config.security.pam.services.doas.rules.auth.u2f.order + 1; + control = "sufficient"; + modulePath = "${pkgs.pam_u2f}/lib/security/pam_u2f.so"; + inherit (config.security.pam.u2f) settings; + } + { + settings = lib.mkForce { + interactive = true; + pinverification = 0; + userpresence = 0; + }; + } + ]; + }; + }; }; } From 0f7393714f61cad82d1c99133416b300eb080331 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Thu, 28 May 2026 18:08:15 +1000 Subject: [PATCH 285/363] hosts/alyssum: init --- flake.nix | 1 + hosts/alyssum/default.nix | 28 ++++++++++++++++++++++++++++ hosts/alyssum/filesystem.nix | 34 ++++++++++++++++++++++++++++++++++ hosts/alyssum/kernel.nix | 10 ++++++++++ hosts/alyssum/networking.nix | 3 +++ hosts/alyssum/packages.nix | 14 ++++++++++++++ 6 files changed, 90 insertions(+) create mode 100644 hosts/alyssum/default.nix create mode 100644 hosts/alyssum/filesystem.nix create mode 100644 hosts/alyssum/kernel.nix create mode 100644 hosts/alyssum/networking.nix create mode 100644 hosts/alyssum/packages.nix diff --git a/flake.nix b/flake.nix index 8b91291..377e601 100644 --- a/flake.nix +++ b/flake.nix @@ -80,6 +80,7 @@ }; in { + nixosConfigurations."alyssum" = mkSystem nixpkgs "alyssum" "x86_64-linux" []; nixosConfigurations."anemone" = mkSystem nixpkgs "anemone" "x86_64-linux" []; nixosConfigurations."dandelion" = mkSystem nixpkgs "dandelion" "aarch64-linux" []; nixosConfigurations."hyacinth" = mkSystem nixpkgs "hyacinth" "x86_64-linux" []; diff --git a/hosts/alyssum/default.nix b/hosts/alyssum/default.nix new file mode 100644 index 0000000..5506e55 --- /dev/null +++ b/hosts/alyssum/default.nix @@ -0,0 +1,28 @@ +{ inputs, modules, modulesPath, ... }: { + networking.hostName = "alyssum"; + system.stateVersion = "25.11"; + time.timeZone = "Australia/Melbourne"; + + age.secrets = { + # acme_dns.file = ../../secrets/acme_dns.age; + }; + + imports = with modules.system; [ + (modulesPath + "/profiles/qemu-guest.nix") + home-manager + + base + kernel + nix-stable + packages + security + + ./filesystem.nix + ./kernel.nix + ./networking.nix + + ../../users/hana + ]; + + me.environment = "headless"; +} diff --git a/hosts/alyssum/filesystem.nix b/hosts/alyssum/filesystem.nix new file mode 100644 index 0000000..205106a --- /dev/null +++ b/hosts/alyssum/filesystem.nix @@ -0,0 +1,34 @@ +{ ... }: +let + bind = src: { + depends = [ "/nix" ]; + device = src; + fsType = "none"; + neededForBoot = true; + options = [ "bind" ]; + }; + + mkLabelMount = label: type: { + device = "/dev/disk/by-label/${label}"; + fsType = type; + options = [ "defaults" "relatime" ]; + }; + mkBtrfsMount = name: subvol: atime: mkLabelMount name "btrfs" // { + options = [ "autodefrag" "compress=zstd:3" "defaults" "discard=async" "space_cache=v2" "ssd" "subvol=${subvol}" (if atime then "relatime" else "noatime") ]; + }; + submount = mkBtrfsMount "alyssum"; +in { + fileSystems = { + "/" = { + device = "rootfs"; + fsType = "tmpfs"; + options = [ "defaults" "size=8G" "mode=755" ]; + }; + "/boot" = mkLabelMount "stem" "vfat"; + + "/nix" = submount "/@/nix" false; + "/persist" = (submount "/@/persist" true) // { neededForBoot = true; }; + "/persist/.snapshots" = submount "/snap/persist" false; + "/var/log/journal" = bind "/persist/journal"; + }; +} diff --git a/hosts/alyssum/kernel.nix b/hosts/alyssum/kernel.nix new file mode 100644 index 0000000..7ea7d43 --- /dev/null +++ b/hosts/alyssum/kernel.nix @@ -0,0 +1,10 @@ +{ ... }: { + boot = { + loader = { + efi.canTouchEfiVariables = true; + systemd-boot.enable = true; + }; + initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" ]; + initrd.kernelModules = [ "nvme" ]; + }; +} diff --git a/hosts/alyssum/networking.nix b/hosts/alyssum/networking.nix new file mode 100644 index 0000000..ee27faf --- /dev/null +++ b/hosts/alyssum/networking.nix @@ -0,0 +1,3 @@ +{ ... }: { + networking.useDHCP = true; +} diff --git a/hosts/alyssum/packages.nix b/hosts/alyssum/packages.nix new file mode 100644 index 0000000..2d4bd30 --- /dev/null +++ b/hosts/alyssum/packages.nix @@ -0,0 +1,14 @@ +{ pkgs, ... }: { + environment.systemPackages = with pkgs; [ + git + htop + jq + neovim + rsync + sshfs + wget + + kitty.terminfo + ]; + environment.variables.EDITOR = "nvim"; +} From 0638cf6f5ff5e3c45d951bc514bcd3a941c9efb1 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Thu, 28 May 2026 18:19:13 +1000 Subject: [PATCH 286/363] alyssum/kernel: update --- hosts/alyssum/kernel.nix | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/hosts/alyssum/kernel.nix b/hosts/alyssum/kernel.nix index 7ea7d43..5e9b300 100644 --- a/hosts/alyssum/kernel.nix +++ b/hosts/alyssum/kernel.nix @@ -1,10 +1,12 @@ -{ ... }: { +{ config, lib, ... }: { boot = { loader = { efi.canTouchEfiVariables = true; systemd-boot.enable = true; }; - initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" ]; - initrd.kernelModules = [ "nvme" ]; + initrd.availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "sd_mod" "rtsx_usb_sdmmc" ]; + initrd.kernelModules = [ ]; + kernelModules = [ "kvm-amd" ]; }; + hardware.cpu.amd.updateMicrocode = true; } From 880316173f1941ae6192420be5c6bf0e41f2fb42 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Thu, 28 May 2026 18:43:52 +1000 Subject: [PATCH 287/363] hosts/alyssum: (temporarily) allow password login --- hosts/alyssum/default.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/hosts/alyssum/default.nix b/hosts/alyssum/default.nix index 5506e55..e5165d8 100644 --- a/hosts/alyssum/default.nix +++ b/hosts/alyssum/default.nix @@ -1,4 +1,4 @@ -{ inputs, modules, modulesPath, ... }: { +{ lib, modules, modulesPath, ... }: { networking.hostName = "alyssum"; system.stateVersion = "25.11"; time.timeZone = "Australia/Melbourne"; @@ -25,4 +25,7 @@ ]; me.environment = "headless"; + + services.openssh.settings.PermitRootLogin = lib.mkForce "yes"; + services.openssh.settings.PasswordAuthentication = lib.mkForce true; } From ae707d33ea89d9ff84e99c770bf9e03c452b723b Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Thu, 28 May 2026 18:55:41 +1000 Subject: [PATCH 288/363] alyssum/networking: use wpa_conf --- hosts/alyssum/default.nix | 2 +- hosts/alyssum/networking.nix | 15 +++++++++++++-- secrets.nix | 3 ++- secrets/wpa_conf.age | Bin 420 -> 538 bytes 4 files changed, 16 insertions(+), 4 deletions(-) diff --git a/hosts/alyssum/default.nix b/hosts/alyssum/default.nix index e5165d8..e6a7e58 100644 --- a/hosts/alyssum/default.nix +++ b/hosts/alyssum/default.nix @@ -4,7 +4,7 @@ time.timeZone = "Australia/Melbourne"; age.secrets = { - # acme_dns.file = ../../secrets/acme_dns.age; + wpa_conf.file = ../../secrets/wpa_conf.age; }; imports = with modules.system; [ diff --git a/hosts/alyssum/networking.nix b/hosts/alyssum/networking.nix index ee27faf..9d1fdf9 100644 --- a/hosts/alyssum/networking.nix +++ b/hosts/alyssum/networking.nix @@ -1,3 +1,14 @@ -{ ... }: { - networking.useDHCP = true; +{ config, ... }: { + environment.etc."wpa_supplicant.conf".source = config.age.secrets.wpa_conf.path; + networking = { + useDHCP = true; + interfaces.wlp1s0.useDHCP = false; + interfaces.wlp1s0.ipv4.addresses = [{ + address = "192.168.1.167"; + prefixLength = 24; + }]; + + defaultGateway = "192.168.1.1"; + nameservers = [ "8.8.8.8" "8.8.4.4" ]; + }; } diff --git a/secrets.nix b/secrets.nix index b2d0d0e..b4d5b2c 100644 --- a/secrets.nix +++ b/secrets.nix @@ -1,4 +1,5 @@ let + alyssum = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAp00i2DTwMk9i2WBEwpNTDA51TQJEqzpyCka6znmRzR"; anemone = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEPFifSAybe97xDP/cq6AAjy7Fm0go0dtQ9ICK6JRUgc"; blossom = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA5wfPCcpkNR3ubr7cBV0UwVCDo/sMmV0aI/JOJTIxQj"; dandelion = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFUk99ku7+eiIO7Q9sIPlPx3GiUljLv7W404W/zwrtzI"; @@ -7,7 +8,7 @@ let rin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPru5eTBvHJ4ZmrrzPRHCGM09wQP/ZHSaKYalDuBVO15"; in { "secrets/passwd.age".publicKeys = [ anemone blossom rin ]; - "secrets/wpa_conf.age".publicKeys = [ blossom rin ]; + "secrets/wpa_conf.age".publicKeys = [ alyssum blossom rin ]; "secrets/acme_dns.age".publicKeys = [ dandelion hazel rin ]; "secrets/navidrome_env.age".publicKeys = [ anemone dandelion rin ]; diff --git a/secrets/wpa_conf.age b/secrets/wpa_conf.age index 2b6862e53af790780d4fcfd88e1ef7ed6cc3f47c..555b5946deead8ef44060e3b0217f4b9c009db03 100644 GIT binary patch delta 511 zcmZ3&Jd0(5YJIl9Z*V}lLU>kqWLQdoqiLSArJ=WZXh^1MPH|FhPFA{MUYNJDdv=9k zMM-#gZjiAfS5#qnQD~xBsIRwgv3XcPK#q@jpm}a;Sy-?|fOnFcadC!jYKoDmsiCEUbEtDxM4*D1UwA>GiAQ*Gc72JnzlB+dzeQkKfTN*tdZ}q( zSiYIBONK>(pL?WdNuCLpk5gfKjzOVmn47+liJ6mMvZ1zbfk~csdVyO?agwi@lfH+3 zijPsMaSn!cp_XnDIq3?O;a(XYfdNHDuKNCEVZk9@l>zx>sh0YwmCp4p{`pm|PN5mW z0R^ruWx>T=8f)qn~#$p87h3xd9;4T zrnNzf|IH582;94@ckd31{D*rc>}FlY*0ss2()?AL_cFU#&y-iXG0H#w8hSt>c-vQ< r#Rt}$ay)eO7W2ddY>%%5GB4jyThSI~5IDjA-Mz;4Xw~%s_N8(Fb4s7MZYAkvWtmYSIc3@Dsd-L`j+w=-K9MaAQ9((0zLlZ*`auy(p|KKD_DpibKDcGPtOnl|3s2Z From 220af6cf157e12bfe447658abfe5d90edf36d2dc Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Thu, 28 May 2026 18:59:38 +1000 Subject: [PATCH 289/363] alyssum/networking: enable wpa_supplicant --- hosts/alyssum/networking.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/alyssum/networking.nix b/hosts/alyssum/networking.nix index 9d1fdf9..64c1bff 100644 --- a/hosts/alyssum/networking.nix +++ b/hosts/alyssum/networking.nix @@ -2,6 +2,8 @@ environment.etc."wpa_supplicant.conf".source = config.age.secrets.wpa_conf.path; networking = { useDHCP = true; + wireless.enable = true; + interfaces.wlp1s0.useDHCP = false; interfaces.wlp1s0.ipv4.addresses = [{ address = "192.168.1.167"; From c323f004f19cf5b1e043a8b6c06f2d1f072b2533 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Thu, 28 May 2026 20:06:36 +1000 Subject: [PATCH 290/363] alyssum/networking: point to wpa_conf correctly --- hosts/alyssum/networking.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/alyssum/networking.nix b/hosts/alyssum/networking.nix index 64c1bff..901c3c4 100644 --- a/hosts/alyssum/networking.nix +++ b/hosts/alyssum/networking.nix @@ -1,8 +1,8 @@ { config, ... }: { - environment.etc."wpa_supplicant.conf".source = config.age.secrets.wpa_conf.path; networking = { useDHCP = true; wireless.enable = true; + wireless.extraConfigFiles = [ config.age.secrets.wpa_conf.path ]; interfaces.wlp1s0.useDHCP = false; interfaces.wlp1s0.ipv4.addresses = [{ From 865b473df7a2135f0e3dd7988723fede4a9cdf02 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Thu, 28 May 2026 20:13:54 +1000 Subject: [PATCH 291/363] alyssum/networking: point to wpa_conf correctly, attempt 2 why was this changed????? --- hosts/alyssum/networking.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/alyssum/networking.nix b/hosts/alyssum/networking.nix index 901c3c4..760e8a5 100644 --- a/hosts/alyssum/networking.nix +++ b/hosts/alyssum/networking.nix @@ -1,8 +1,8 @@ { config, ... }: { + environment.etc."wpa_supplicant/imperative.conf".source = config.age.secrets.wpa_conf.path; networking = { useDHCP = true; wireless.enable = true; - wireless.extraConfigFiles = [ config.age.secrets.wpa_conf.path ]; interfaces.wlp1s0.useDHCP = false; interfaces.wlp1s0.ipv4.addresses = [{ From 0d99bd6015d1dcce8d7ee02bdca434df358bf524 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Thu, 28 May 2026 20:16:59 +1000 Subject: [PATCH 292/363] alyssum/networking: point to wpa_conf correctly, attempt 3 --- hosts/alyssum/default.nix | 6 +++++- hosts/alyssum/networking.nix | 1 - 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/hosts/alyssum/default.nix b/hosts/alyssum/default.nix index e6a7e58..fecf4b3 100644 --- a/hosts/alyssum/default.nix +++ b/hosts/alyssum/default.nix @@ -4,7 +4,11 @@ time.timeZone = "Australia/Melbourne"; age.secrets = { - wpa_conf.file = ../../secrets/wpa_conf.age; + wpa_conf = { + file = ../../secrets/wpa_conf.age; + path = "/etc/wpa_supplicant/imperative.conf"; + symlink = false; + }; }; imports = with modules.system; [ diff --git a/hosts/alyssum/networking.nix b/hosts/alyssum/networking.nix index 760e8a5..281cbb6 100644 --- a/hosts/alyssum/networking.nix +++ b/hosts/alyssum/networking.nix @@ -1,5 +1,4 @@ { config, ... }: { - environment.etc."wpa_supplicant/imperative.conf".source = config.age.secrets.wpa_conf.path; networking = { useDHCP = true; wireless.enable = true; From 59f5913b680665d1e895bc5347c29ad2132687ea Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Thu, 28 May 2026 20:19:04 +1000 Subject: [PATCH 293/363] hosts/alyssum: disable insecure ssh --- hosts/alyssum/default.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/hosts/alyssum/default.nix b/hosts/alyssum/default.nix index fecf4b3..4a6ef0c 100644 --- a/hosts/alyssum/default.nix +++ b/hosts/alyssum/default.nix @@ -29,7 +29,4 @@ ]; me.environment = "headless"; - - services.openssh.settings.PermitRootLogin = lib.mkForce "yes"; - services.openssh.settings.PasswordAuthentication = lib.mkForce true; } From c8c6fb1b5e94b61e5880a8eff8e63417b64309b6 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Thu, 28 May 2026 20:55:11 +1000 Subject: [PATCH 294/363] system/tailscale: init --- hosts/anemone/default.nix | 1 + modules/default.nix | 1 + modules/system/tailscale.nix | 8 ++++++++ secrets.nix | 1 + secrets/tailscale_auth.age | 13 +++++++++++++ 5 files changed, 24 insertions(+) create mode 100644 modules/system/tailscale.nix create mode 100644 secrets/tailscale_auth.age diff --git a/hosts/anemone/default.nix b/hosts/anemone/default.nix index aa4c81b..841e909 100644 --- a/hosts/anemone/default.nix +++ b/hosts/anemone/default.nix @@ -28,6 +28,7 @@ printing security snapper + tailscale wireguard ./filesystem.nix diff --git a/modules/default.nix b/modules/default.nix index f47d4ee..d55b54a 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -49,6 +49,7 @@ in { ./system/printing.nix ./system/security.nix ./system/snapper.nix + ./system/tailscale.nix ./system/virtualisation.nix ./system/wireguard.nix ]; diff --git a/modules/system/tailscale.nix b/modules/system/tailscale.nix new file mode 100644 index 0000000..9de220d --- /dev/null +++ b/modules/system/tailscale.nix @@ -0,0 +1,8 @@ +{ config, ... }: { + age.secrets.tailscale_auth.file = ../../secrets/tailscale_auth.age; + services.tailscale = { + enable = true; + authKeyFile = config.age.secrets.tailscale_auth.path; + openFirewall = true; + }; +} diff --git a/secrets.nix b/secrets.nix index b4d5b2c..5a8bf1b 100644 --- a/secrets.nix +++ b/secrets.nix @@ -13,6 +13,7 @@ in { "secrets/acme_dns.age".publicKeys = [ dandelion hazel rin ]; "secrets/navidrome_env.age".publicKeys = [ anemone dandelion rin ]; "secrets/slskd_env.age".publicKeys = [ anemone dandelion rin ]; + "secrets/tailscale_auth.age".publicKeys = [ alyssum anemone blossom dandelion rin ]; "secrets/warden_admin.age".publicKeys = [ rin ]; "secrets/wg_anemone.age".publicKeys = [ anemone rin ]; "secrets/wg_dandelion.age".publicKeys = [ dandelion rin ]; diff --git a/secrets/tailscale_auth.age b/secrets/tailscale_auth.age new file mode 100644 index 0000000..be7af43 --- /dev/null +++ b/secrets/tailscale_auth.age @@ -0,0 +1,13 @@ +age-encryption.org/v1 +-> ssh-ed25519 kOMSPw judP6VmZDGErkHfUpCp3xTgJtWVmGv3/tZw3WGyhfhM +10jxPIR6Qaf/iWLzbWOrFq9XBsm8OC3mcMrxEt+BYQ8 +-> ssh-ed25519 ohyStA Xc6TjSJYtJkK1VEauNJKn+RcTdwdkyJ0Sr+tbAJ8rGc +vzQt4zMdktY5tNvfu9HsKBgJb52uM7x8bhF+WXwpWZ8 +-> ssh-ed25519 CUCjXQ r8WxaXpWtaBdMJ2ubaAwJ4ipSz/UtnMs0x3+eI8p0VU +CdicUH7AE4E4XVHDAeYzQdsYMYA0sCLlt2P4eR24vvs +-> ssh-ed25519 bRFqeQ E9sknPioO9leKqs8bFJDLrAMuRAJf0ZRyGMvy7O5wVA +KX93oSqGHimM/PaeaoHq1aYVXGG1YsVMO2ihZaM8xVE +-> ssh-ed25519 U9FXlg u7yG7cLylPUgu/Is4xx0BXVhX31vUtgStV5CYa8Cowg +xAuGYZpMPVQpZYASXrMuqNE9wqqEG3kMLUNjLzPmL4g +--- EoeqIMnX5tR3J51Cz2QEyjsgD/7h468bqjRmt3mOEjY +xHQ)k)ĉB~ە֖Zv?%lQx OwZIsۄf4D ǔ*Otݳ 0.m[q_[v \ No newline at end of file From 724d30a092902b27988fc2a3cdc41b18b8023898 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Mon, 23 Mar 2026 02:53:15 +1100 Subject: [PATCH 295/363] containers/fluorite: change slskd env --- secrets/slskd_env.age | Bin 853 -> 847 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/secrets/slskd_env.age b/secrets/slskd_env.age index 7515e1fe0856de4165a345ca9d18941d86466845..eded5d0ff812e08ea3ca7644c655ca94e63b764b 100644 GIT binary patch delta 796 zcmcc0cAjm5PQ9^9zPWF)vr~j+RC<6}foE!VS$0rnv0J*Exk*-`QL=YMQC4WCkzY=R zFPCddnvZ8_wuwPzahjh~q=~b)qk&hJN3u~+qO-5Qk5_J4pjT;Ws&-;zF_*5LLUD11 zZfc5=si~o*LQ;@hVQQd4L~>S&PoZCgqX7{%$5*y1Kdw<$h%$C4m9{ zAr+}5{soCuSxyo8CTT&&A;`h|hzTxtQ@iv_+&ZW8;+-g>`_I)GK5?G)u;;^%dvSUncP_E7^4Z_#vEWINTtZ^D>;JZ(_4hSQCIu<7 z|I^Ajr1*QvaYxCv`*jXsa_)P7uRmk+_p4F&VqI?wkFNoxr;Vhtf|bKBOcC9}{P5P5 z?>Tl3o9hJu)f{%b=8Kd8#)<+ zh5ARLKC3nScdKMSX?k*Bhf`qr<-6bXZzw(6@`K&$bnu&&`WdFP(rSfOoupUo4LGvy z3WpA3QLkHq+!VjuWry>YJHI;IH*<24*W|lj64M?i9Lro|zn*FSbc64ERu)wKPYk;n z{kGwC<>9Q25hm~2zB$}&MQp(rvOv);x4(yF%H&S_r@`3(=>}4) delta 802 zcmX@lc9m^{PJND%L5jOig-c~px{0@;V|YY?V}5y5QbBl`n@ggzv9o!pQF?}VXljaa zK3BeLNo8(9Ns(Kmd1|nKgr9#|dAMVuM@ou^sdi#iieF(^ikYida+E`9R#m=5#KEX-pAudT~*{)uZ83rj%rC9+crtSt@y1KdwJ}DJ>ffgP~ z-emzksh){d5#iYtX(ap9V`X;r?>Wvg`-oiQ*JPCw`&4#&{akq2 zZ}#+WUG?kv?Rms`{`Q}_$#HDEXwi-^?`w9hPq)`F>91^lyIi_`>xFrH*S_X@kharj z%gc$A-ly&<=5kymp44jd`G~j%|G!@K`-UQC^Af}g;@C9#oZeV*KK|kN=%K)7?)P7w ze!R%o*B6j}Aa}yXqe16hT#o#%w(`4Dy>n9WnVOHRRtyGA^_RY{aM+UfhMQr>|edy|_G~?!? zUCrUm+a4{`e80Kr*_`k82OsYe-g4x`Z=v_zPsIbj#ZM4@R`$w7CsD9%Cu<#h=t+O4 zO;*gx8|**Kdmp=!`IqXvz@s Date: Thu, 26 Mar 2026 19:01:45 +1100 Subject: [PATCH 296/363] containers/beryllium: use ipv4 --- containers/beryllium/configuration.nix | 5 +++-- containers/beryllium/flake.nix | 12 +++++------- 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/containers/beryllium/configuration.nix b/containers/beryllium/configuration.nix index 07740d2..6629a31 100644 --- a/containers/beryllium/configuration.nix +++ b/containers/beryllium/configuration.nix @@ -9,14 +9,15 @@ networking.firewall.allowedUDPPorts = [ 6167 ]; # TODO: this should be generically set networking.useHostResolvConf = false; - networking.nameservers = [ "fd0d:1::2:1" ]; + networking.nameservers = [ "8.8.8.8" ]; services.matrix-continuwuity = { enable = true; settings.global = { # TODO: link this with outer container's address - address = [ "fd0d:1::2:2" ]; + address = [ "10.30.2.2" ]; server_name = "lava.moe"; + rocksdb_recovery_mode = 2; }; }; } diff --git a/containers/beryllium/flake.nix b/containers/beryllium/flake.nix index c6b6cae..5805401 100644 --- a/containers/beryllium/flake.nix +++ b/containers/beryllium/flake.nix @@ -22,9 +22,9 @@ useACMEHost = "lava.moe"; forceSSL = true; locations."/".extraConfig = "return 302 'https://lava.moe';"; - locations."/_matrix".proxyPass = "http://[fd0d:1::${subnet}:2]:6167"; - locations."/_conduwuit".proxyPass = "http://[fd0d:1::${subnet}:2]:6167"; - locations."/_continuwuity".proxyPass = "http://[fd0d:1::${subnet}:2]:6167"; + locations."/_matrix".proxyPass = "http://10.30.${subnet}.2:6167"; + locations."/_conduwuit".proxyPass = "http://10.30.${subnet}.2:6167"; + locations."/_continuwuity".proxyPass = "http://10.30.${subnet}.2:6167"; }; services.nginx.virtualHosts."lava.moe" = { @@ -52,9 +52,8 @@ containers.${name} = { autoStart = true; privateNetwork = true; - hostAddress6 = "fd0d:1::${subnet}:1"; - localAddress6 = "fd0d:1::${subnet}:2"; - # privateUsers = "pick"; + hostAddress = "10.30.${subnet}.1"; + localAddress = "10.30.${subnet}.2"; nixpkgs = nixpkgs; ephemeral = true; config = { imports = [ ./configuration.nix ]; }; @@ -64,7 +63,6 @@ mountPoint = "/persist"; isReadOnly = false; }; - # flake = "path:" + ./.; }; }; }; From 52e53ba5b3b877a829c1b445b33167cb7051c48e Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 5 Apr 2026 09:32:33 +1000 Subject: [PATCH 297/363] containers/amethyst: use ipv4 proxy --- containers/amethyst/flake.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/containers/amethyst/flake.nix b/containers/amethyst/flake.nix index 5b9817e..739c3e5 100644 --- a/containers/amethyst/flake.nix +++ b/containers/amethyst/flake.nix @@ -21,7 +21,8 @@ services.nginx.virtualHosts."${fqdn}" = { useACMEHost = "lava.moe"; forceSSL = true; - locations."/".proxyPass = "http://[fd0d:1::${subnet}:2]:9091"; + #locations."/".proxyPass = "http://[fd0d:1::${subnet}:2]:9091"; + locations."/".proxyPass = "http://10.30.${subnet}.2:9091"; listenAddresses = [ "10.0.0.1" "[fd0d::1]" ]; }; From 4a91f8a1652eaabd7bc933428d76aeb86263c0b4 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Fri, 10 Apr 2026 01:02:28 +1000 Subject: [PATCH 298/363] system/wireguard: also forward udp --- modules/system/wireguard.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/system/wireguard.nix b/modules/system/wireguard.nix index bdfe900..71f85ad 100644 --- a/modules/system/wireguard.nix +++ b/modules/system/wireguard.nix @@ -6,7 +6,7 @@ let serverIp = gcSecrets.wireguard.gateway; forwarding = { -# "22727" = [ "10.100.0.3" "7777" ]; + "22727" = [ "10.100.0.3" "7777" ]; }; mapForwards = type: @@ -18,6 +18,8 @@ let in '' ${pkgs.iptables}/bin/iptables -${type} PREROUTING -t nat -i ${serverInterface} -p tcp --dport ${sport} -j DNAT --to ${dest}:${dport} ${pkgs.iptables}/bin/iptables -${type} FORWARD -p tcp -d ${dest} --dport ${dport} -j ACCEPT + ${pkgs.iptables}/bin/iptables -${type} PREROUTING -t nat -i ${serverInterface} -p udp --dport ${sport} -j DNAT --to ${dest}:${dport} + ${pkgs.iptables}/bin/iptables -${type} FORWARD -p udp -d ${dest} --dport ${dport} -j ACCEPT '') forwarding ); From 5680e29cd2ba1572cfcb59d536455f959cecfec9 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sat, 11 Apr 2026 22:47:29 +1000 Subject: [PATCH 299/363] services/unbound: add google to dns --- modules/services/unbound.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/services/unbound.nix b/modules/services/unbound.nix index 349f9e8..a1b4ac4 100644 --- a/modules/services/unbound.nix +++ b/modules/services/unbound.nix @@ -27,8 +27,12 @@ in { forward-addr = [ "2606:4700:4700::1111@853#cloudflare-dns.com" "2606:4700:4700::1001@853#cloudflare-dns.com" + "2001:4860:4860::8888@853#dns.google" + "2001:4860:4860::8844@853#dns.google" "1.1.1.1@853#cloudflare-dns.com" "1.0.0.1@853#cloudflare-dns.com" + "8.8.8.8@853#dns.google" + "8.8.4.4@853#dns.google" ]; }]; From de857dcfbfc60d39161b14257d7661841dc06d13 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Thu, 28 May 2026 21:20:27 +1000 Subject: [PATCH 300/363] services/nginx: credentialsFile -> environmentFile --- modules/services/nginx.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/services/nginx.nix b/modules/services/nginx.nix index 51641b4..a02b7e9 100644 --- a/modules/services/nginx.nix +++ b/modules/services/nginx.nix @@ -6,7 +6,7 @@ email = "me@lava.moe"; group = "nginx"; dnsProvider = "cloudflare"; - credentialsFile = config.age.secrets."acme_dns".path; + environmentFile = config.age.secrets."acme_dns".path; }; certs."lava.moe" = { extraDomainNames = [ From d13f18a1899628e8b9cc2875abe61e1c40be2c67 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Thu, 28 May 2026 21:21:49 +1000 Subject: [PATCH 301/363] user/neovim{,-minimal}: set defaults to suppress warning --- modules/user/neovim-minimal.nix | 2 ++ modules/user/neovim.nix | 2 ++ 2 files changed, 4 insertions(+) diff --git a/modules/user/neovim-minimal.nix b/modules/user/neovim-minimal.nix index a7d3f8c..392097d 100644 --- a/modules/user/neovim-minimal.nix +++ b/modules/user/neovim-minimal.nix @@ -9,6 +9,8 @@ vimAlias = true; vimdiffAlias = true; withNodeJs = false; + withPython3 = false; + withRuby = false; plugins = with pkgs.vimPlugins; [ fzf-vim diff --git a/modules/user/neovim.nix b/modules/user/neovim.nix index 30ffac9..d691c61 100644 --- a/modules/user/neovim.nix +++ b/modules/user/neovim.nix @@ -17,6 +17,8 @@ in { vimdiffAlias = true; #package = pkgs.neovim-nightly; withNodeJs = true; + withPython3 = true; + withRuby = false; extraPackages = with pkgs; [ rust-analyzer From 69717ef92ba8cb0763b17af502c5174d95de65a3 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Thu, 28 May 2026 21:33:57 +1000 Subject: [PATCH 302/363] hosts/dandelion: enable tailscale --- hosts/dandelion/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/dandelion/default.nix b/hosts/dandelion/default.nix index 92e53be..33b6eec 100644 --- a/hosts/dandelion/default.nix +++ b/hosts/dandelion/default.nix @@ -19,6 +19,7 @@ nix-stable packages security + tailscale wireguard modules.services.banksia From e5e608c580e9598d897485f66a14bce0e0740d1d Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Thu, 28 May 2026 21:56:34 +1000 Subject: [PATCH 303/363] services/unbound: allow access from tailscale --- modules/services/unbound.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/services/unbound.nix b/modules/services/unbound.nix index a1b4ac4..8aae0fd 100644 --- a/modules/services/unbound.nix +++ b/modules/services/unbound.nix @@ -41,8 +41,10 @@ in { access-control = [ "127.0.0.1/8 allow" "10.0.0.0/8 allow" + "100.64.0.0/10 allow" "192.168.100.0/24 allow" - "fd0d::/16 allow" + "fd0d::/16 allow" + "fd7a:115c:a1e0::/48 allow" "${gcSecrets.wireguard.ipv6Subnet}:/80 allow" ]; domain-insecure = [ "\"local.lava.moe\"" ]; From d0e090bb6815110376b9bceb40880a9a5ee00ee3 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Thu, 28 May 2026 22:10:44 +1000 Subject: [PATCH 304/363] hosts/alyssum: enable tailscale --- hosts/alyssum/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/alyssum/default.nix b/hosts/alyssum/default.nix index 4a6ef0c..087c77f 100644 --- a/hosts/alyssum/default.nix +++ b/hosts/alyssum/default.nix @@ -20,6 +20,7 @@ nix-stable packages security + tailscale ./filesystem.nix ./kernel.nix From b8a7dfa8a87ea914c99861dfbfcdbfab200de5f3 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Thu, 28 May 2026 22:19:54 +1000 Subject: [PATCH 305/363] system/tailscale: enable routing features --- modules/system/tailscale.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/system/tailscale.nix b/modules/system/tailscale.nix index 9de220d..4bded31 100644 --- a/modules/system/tailscale.nix +++ b/modules/system/tailscale.nix @@ -4,5 +4,6 @@ enable = true; authKeyFile = config.age.secrets.tailscale_auth.path; openFirewall = true; + useRoutingFeatures = if config.me.environment == "headless" then "both" else "client"; }; } From 81c17720eb4858d2c69ba7e79e1e96494f7b40de Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Thu, 28 May 2026 22:40:19 +1000 Subject: [PATCH 306/363] containers/{d,e,f}: listen on tailscale --- containers/diamond/flake.nix | 2 +- containers/emerald/flake.nix | 2 +- containers/fluorite/flake.nix | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/containers/diamond/flake.nix b/containers/diamond/flake.nix index 13b6b1e..71ab4fd 100644 --- a/containers/diamond/flake.nix +++ b/containers/diamond/flake.nix @@ -24,7 +24,7 @@ useACMEHost = "lava.moe"; forceSSL = true; locations."/".proxyPass = "http://[${client}]:8000"; - listenAddresses = [ "10.0.0.1" "[fd0d::1]" ]; + listenAddresses = [ "10.0.0.1" "[fd0d::1]" "100.67.1.1" ]; }; systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ]; diff --git a/containers/emerald/flake.nix b/containers/emerald/flake.nix index 5ecf768..9c9acdc 100644 --- a/containers/emerald/flake.nix +++ b/containers/emerald/flake.nix @@ -39,7 +39,7 @@ useACMEHost = "lava.moe"; forceSSL = true; locations."/".proxyPass = "http://[${client}]:4533"; - listenAddresses = [ "10.0.0.1" "[fd0d::1]" ]; + listenAddresses = [ "10.0.0.1" "[fd0d::1]" "100.67.1.1" ]; }; services.nginx.virtualHosts."${shareFqdn}" = { useACMEHost = "lava.moe"; diff --git a/containers/fluorite/flake.nix b/containers/fluorite/flake.nix index c49e63b..33fcdb1 100644 --- a/containers/fluorite/flake.nix +++ b/containers/fluorite/flake.nix @@ -39,7 +39,7 @@ useACMEHost = "lava.moe"; forceSSL = true; locations."/".proxyPass = "http://[${client}]:5030"; - listenAddresses = [ "10.0.0.1" "[fd0d::1]" ]; + listenAddresses = [ "10.0.0.1" "[fd0d::1]" "100.67.1.1" ]; }; systemd.tmpfiles.rules = [ From 604983800f2b0f072160f4afa65823872bceae07 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sat, 30 May 2026 01:27:12 +1000 Subject: [PATCH 307/363] hyacinth/packages: add discord --- hosts/hyacinth/packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/hyacinth/packages.nix b/hosts/hyacinth/packages.nix index f4e4fe4..69f9ba1 100644 --- a/hosts/hyacinth/packages.nix +++ b/hosts/hyacinth/packages.nix @@ -1,5 +1,6 @@ { pkgs, ... }: { environment.systemPackages = with pkgs; [ + discord jetbrains.idea texliveFull ]; From 4a82035d825230d6ef4f304a61c90f235dd528af Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sat, 30 May 2026 01:45:45 +1000 Subject: [PATCH 308/363] hosts/hyacinth: enable tailscale --- hosts/hyacinth/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/hyacinth/default.nix b/hosts/hyacinth/default.nix index 620798b..c307ce8 100644 --- a/hosts/hyacinth/default.nix +++ b/hosts/hyacinth/default.nix @@ -28,6 +28,7 @@ printing security snapper + tailscale wireguard modules.services.syncthing From 1941deb004910565e1f08ad7736dfa49a22dc452 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 29 May 2026 04:02:18 +0000 Subject: [PATCH 309/363] flake: bump inputs --- flake.lock | 102 ++++++++++++++++++++++++++--------------------------- 1 file changed, 51 insertions(+), 51 deletions(-) diff --git a/flake.lock b/flake.lock index d6070b9..db4bae9 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1777475243, - "narHash": "sha256-EiCeDGJewyWq2Mtdt5m8qyo/W5PXVUCacLuZJ/diBQ8=", + "lastModified": 1779903856, + "narHash": "sha256-uRShMtD6xW3ZKZbCQ6sDzKWEnbBXUg3IGfOARYogKhg=", "owner": "ezKEa", "repo": "aagl-gtk-on-nix", - "rev": "12e7b06163456e4c3685ee83b8fdc277fe03bdc8", + "rev": "50671fc7f29d686f63ef34b603320d44ad7f2d29", "type": "github" }, "original": { @@ -295,11 +295,11 @@ ] }, "locked": { - "lastModified": 1777988971, - "narHash": "sha256-qIoWPDs+0/8JecyYgE3gpKQxW/4bLW/gp45vow9ioCQ=", + "lastModified": 1778716662, + "narHash": "sha256-m1Yf0wZ8j1OHjTc2UwHwyQRSnNeSgLJOd7q5Y45hzi4=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "0678d8986be1661af6bb555f3489f2fdfc31f6ff", + "rev": "f7c1a2d347e4c52d5fb8d10cb4d94b5884e546fb", "type": "github" }, "original": { @@ -313,11 +313,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1777988971, - "narHash": "sha256-qIoWPDs+0/8JecyYgE3gpKQxW/4bLW/gp45vow9ioCQ=", + "lastModified": 1778716662, + "narHash": "sha256-m1Yf0wZ8j1OHjTc2UwHwyQRSnNeSgLJOd7q5Y45hzi4=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "0678d8986be1661af6bb555f3489f2fdfc31f6ff", + "rev": "f7c1a2d347e4c52d5fb8d10cb4d94b5884e546fb", "type": "github" }, "original": { @@ -390,11 +390,11 @@ ] }, "locked": { - "lastModified": 1776796298, - "narHash": "sha256-PcRvlWayisPSjd0UcRQbhG8Oqw78AcPE6x872cPRHN8=", + "lastModified": 1778507602, + "narHash": "sha256-kTwur1wV+01SdqskVMSo6JMEpg71ps3HpbFY2GsflKs=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "3cfd774b0a530725a077e17354fbdb87ea1c4aad", + "rev": "61ab0e80d9c7ab14c256b5b453d8b3fb0189ba0a", "type": "github" }, "original": { @@ -496,11 +496,11 @@ ] }, "locked": { - "lastModified": 1778365864, - "narHash": "sha256-ImoT/wqmgMImf2dAC+E0MverAdA4QXsedOeES9B7Ezw=", + "lastModified": 1779969295, + "narHash": "sha256-HwIJ3tOcwSMiV75L7KqJXciXR9UfT+d7rwOZMX7cTnA=", "owner": "nix-community", "repo": "home-manager", - "rev": "2f419037039a152448c5f4ae9494154753d1b399", + "rev": "61e2c9659324181e0f0ed911958c536333b1d4f6", "type": "github" }, "original": { @@ -540,11 +540,11 @@ "linux-tkg": { "flake": false, "locked": { - "lastModified": 1778301982, - "narHash": "sha256-M8a1VqhhI3Ii0KFY4n1UdzUIFwZbET+G464cCb5ye5U=", + "lastModified": 1779857514, + "narHash": "sha256-dCrVB3cFvv1d/9wuEejYN131b1phyf6SDy1bcEvtWGo=", "owner": "Frogging-Family", "repo": "linux-tkg", - "rev": "d20b99557a90663a016f741398098d4d7b3ad119", + "rev": "c9196dea7ee464f7792f94cd39c32431ad9e25ab", "type": "github" }, "original": { @@ -562,11 +562,11 @@ ] }, "locked": { - "lastModified": 1778371477, - "narHash": "sha256-sVlZeFIds47ABfBbAmBLexCFnkE1GIBTNGjAMRh+BfA=", + "lastModified": 1780013080, + "narHash": "sha256-m984DKbcIeNNuLYFjN3780rPEd55Xe9/cB4BNKkIDvg=", "owner": "nix-community", "repo": "neovim-nightly-overlay", - "rev": "b9ee678fadf59b3c998e180d62f4cee0641d21d9", + "rev": "c6cc238427db8f61b786a66d7e02cf7724b30226", "type": "github" }, "original": { @@ -578,11 +578,11 @@ "neovim-src": { "flake": false, "locked": { - "lastModified": 1778321961, - "narHash": "sha256-lrPZ0C+uixk+6jx+maWM998GZaj4lAuicAz/dZHFNBk=", + "lastModified": 1779979065, + "narHash": "sha256-3uF/oP2D4Jka3DU2G8qqml75UOzPRrK+FIp+jghOq0s=", "owner": "neovim", "repo": "neovim", - "rev": "b44c2bdd16226f6caa5324d91f1ae9781ffdc12b", + "rev": "5d85669a33e10f1f156b086562458cbbc8054438", "type": "github" }, "original": { @@ -598,11 +598,11 @@ "nixpkgs": "nixpkgs_9" }, "locked": { - "lastModified": 1778384395, - "narHash": "sha256-ymn6ivl8RbUK8oevC+aRQ3IY3cB3Jg0dCv7LR5XSBVo=", + "lastModified": 1779768228, + "narHash": "sha256-/dRavNAx/Mp67xcQQ3JBIMyf0cLoXqKedafB1+wksAE=", "owner": "fufexan", "repo": "nix-gaming", - "rev": "8368f981774ee25774d016e810d426891174a993", + "rev": "6e7a8414c0f547a86646eb0b56ebf89e7cc217a2", "type": "github" }, "original": { @@ -618,11 +618,11 @@ ] }, "locked": { - "lastModified": 1778240325, - "narHash": "sha256-d2HIS7LpfI0lgxiXCXLjxrHl3eIdNvAVexOu0xiM488=", + "lastModified": 1779604987, + "narHash": "sha256-ZQ5z+fVhxYKtIFwtqGp5O0PD84BM1riASvqDaN5Xs+s=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "dd2d0e3f6ba00af01b9498f5697173bdc2524bee", + "rev": "8fba98c80b48fa013820e0163c5096922fea4ddd", "type": "github" }, "original": { @@ -633,11 +633,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1770841267, - "narHash": "sha256-9xejG0KoqsoKEGp2kVbXRlEYtFFcDTHjidiuX8hGO44=", + "lastModified": 1777268161, + "narHash": "sha256-bxrdOn8SCOv8tN4JbTF/TXq7kjo9ag4M+C8yzzIRYbE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "ec7c70d12ce2fc37cb92aff673dcdca89d187bae", + "rev": "1c3fe55ad329cbcb28471bb30f05c9827f724c76", "type": "github" }, "original": { @@ -680,11 +680,11 @@ }, "nixpkgs_10": { "locked": { - "lastModified": 1777954456, - "narHash": "sha256-hGdgeU2Nk87RAuZyYjyDjFL6LK7dAZN5RE9+hrDTkDU=", + "lastModified": 1779560665, + "narHash": "sha256-tpyBcxPpcQb8ukyNF7DoCwfSY3VPsxHoYwj00Cayv5o=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "549bd84d6279f9852cae6225e372cc67fb91a4c1", + "rev": "64c08a7ca051951c8eae34e3e3cb1e202fe36786", "type": "github" }, "original": { @@ -824,11 +824,11 @@ }, "nixpkgs_9": { "locked": { - "lastModified": 1778274207, - "narHash": "sha256-I4puXmX1iovcCHZlRmztO3vW0mAbbRvq4F8wgIMQ1MM=", + "lastModified": 1779536132, + "narHash": "sha256-q+fF42iv/geEbHfgSzy3tS0FF/EyD6XTZ98E6yxiBO8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b3da656039dc7a6240f27b2ef8cc6a3ef3bccae7", + "rev": "3d8f0f3f72a6cd4d93d0ad13203f2ea1cb7e1456", "type": "github" }, "original": { @@ -923,11 +923,11 @@ "pure": { "flake": false, "locked": { - "lastModified": 1770811375, - "narHash": "sha256-Fhk4nlVPS09oh0coLsBnjrKncQGE6cUEynzDO2Skiq8=", + "lastModified": 1779255807, + "narHash": "sha256-UQ0hP3qJd4Qxiw1LXPdb9d0Dc4OSD3HJpgYzaCfujno=", "owner": "sindresorhus", "repo": "pure", - "rev": "dbefd0dcafaa3ac7d7222ca50890d9d0c97f7ca2", + "rev": "cc0759a0de620f191510e2e2f9748194a605b54d", "type": "github" }, "original": { @@ -976,11 +976,11 @@ ] }, "locked": { - "lastModified": 1770952264, - "narHash": "sha256-CjymNrJZWBtpavyuTkfPVPaZkwzIzGaf0E/3WgcwM14=", + "lastModified": 1777605393, + "narHash": "sha256-Hjp0VOOHgHcTrX23iVvnfAudPcuCmfkfpQNFwv2v/ks=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "ec6a3d5cdf14bb5a1dd03652bd3f6351004d2188", + "rev": "ff88db34cfa486fc4964a6991cab1678d82eee8c", "type": "github" }, "original": { @@ -997,11 +997,11 @@ "systems": "systems_5" }, "locked": { - "lastModified": 1777789800, - "narHash": "sha256-XHCvLGu/bEEZRzXVKFu1i+2YB102Nr00n8e7xrzsfVs=", + "lastModified": 1779824049, + "narHash": "sha256-dWHVUjP03KSVG1PaLKA6j9EdxWSxSQvipMUIcSyuA/U=", "owner": "Gerg-L", "repo": "spicetify-nix", - "rev": "d0e921cc48aab6137d203a3eab19601dc2bdc0c3", + "rev": "1362178e5f5f7a848c49fe9dee004ef8824f100a", "type": "github" }, "original": { @@ -1029,11 +1029,11 @@ "stevenblack-hosts": { "flake": false, "locked": { - "lastModified": 1778258800, - "narHash": "sha256-wTiDXFiBKV4M4jv1JrVLL/kkIyE1FK4qino07BYU5fc=", + "lastModified": 1779976382, + "narHash": "sha256-wt5NGa4K8/vda669UYUmTUt+BR9X5fPnuTZFfQdpLYo=", "owner": "StevenBlack", "repo": "hosts", - "rev": "8ce06e1ed6f063d3d58cf9c980793415085f5d89", + "rev": "d3e838712512490260f051150e3573eeebecfadb", "type": "github" }, "original": { From 1d9f9f4927fcedfdc810ce98a3f2666f0d7b8ae4 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 29 May 2026 04:02:19 +0000 Subject: [PATCH 310/363] packages/linux-lava: bump to 7.0.10 --- packages/linux-lava/sources.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/linux-lava/sources.nix b/packages/linux-lava/sources.nix index c24fa57..1ea7dcb 100644 --- a/packages/linux-lava/sources.nix +++ b/packages/linux-lava/sources.nix @@ -1,8 +1,8 @@ { fetchFromGitHub, inputs, lib }: let - version = "7.0.5"; + version = "7.0.10"; kernelHash = "1w4i705i0nl1xqv7fdhdbhy7j3xrzhl31fabs6vmgiw7nf06szxv"; - kernelPatchHash = "15a173sx7nw4qkp45f5ksnqd3a1flhpiq3zzsa6gzzcww433hm8d"; + kernelPatchHash = "0h7gxqcnww7sj5cdyblzj04775zhavwdylkm2pm91v6xkjbnz1zj"; mm = lib.versions.majorMinor version; hasPatch = (builtins.length (builtins.splitVersion version)) == 3; From 10fbeac1404f2719437b1d229e128d078ac54694 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sat, 30 May 2026 01:57:08 +1000 Subject: [PATCH 311/363] user/eww: manually set configDir why was this changed??? --- modules/user/eww.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/user/eww.nix b/modules/user/eww.nix index 9d839e0..fa5fd4e 100644 --- a/modules/user/eww.nix +++ b/modules/user/eww.nix @@ -24,6 +24,6 @@ in { home.packages = with pkgs; [ socat ]; programs.eww = { enable = true; - configDir = res; }; + xdg.configFile."eww".source = res; } From 0edeac9f4c06b2dcf20a2338d81dc8ec55643946 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sat, 30 May 2026 19:38:31 +1000 Subject: [PATCH 312/363] user/neovim: remove lsp.with --- res/config.lua | 39 +++++++++++++++++---------------------- 1 file changed, 17 insertions(+), 22 deletions(-) diff --git a/res/config.lua b/res/config.lua index 5d205d7..3e91e28 100644 --- a/res/config.lua +++ b/res/config.lua @@ -108,18 +108,18 @@ require('lualine').setup { -- many thanks to @kristijanhusak -- https://github.com/nvim-treesitter/nvim-treesitter/issues/1167#issuecomment-920824125 function _G.javascript_indent() - local line = vim.fn.getline(vim.v.lnum) - local prev_line = vim.fn.getline(vim.v.lnum - 1) - if line:match('^%s*[%*/]%s*') then - if prev_line:match('^%s*%*%s*') then - return vim.fn.indent(vim.v.lnum - 1) + local line = vim.fn.getline(vim.v.lnum) + local prev_line = vim.fn.getline(vim.v.lnum - 1) + if line:match('^%s*[%*/]%s*') then + if prev_line:match('^%s*%*%s*') then + return vim.fn.indent(vim.v.lnum - 1) + end + if prev_line:match('^%s*/%*%*%s*$') then + return vim.fn.indent(vim.v.lnum - 1) + 1 + end end - if prev_line:match('^%s*/%*%*%s*$') then - return vim.fn.indent(vim.v.lnum - 1) + 1 - end - end - return vim.fn['GetJavascriptIndent']() + return vim.fn['GetJavascriptIndent']() end vim.cmd('au FileType javascript setlocal indentexpr=v:lua.javascript_indent()') @@ -157,18 +157,13 @@ vim.api.nvim_create_autocmd("LspAttach", { end }) -vim.lsp.handlers["textDocument/publishDiagnostics"] = vim.lsp.with( - vim.lsp.diagnostic.on_publish_diagnostics, { - focusable = false, - virtual_text = false, - underline = true, - signs = true, - update_in_insert = true - } -) -vim.lsp.handlers["textDocument/signatureHelp"] = vim.lsp.with( - vim.lsp.handlers.signature_help, { focusable = false } -) +vim.diagnostic.config({ + focusable = false, + virtual_text = false, + underline = true, + signs = true, + update_in_insert = true +}) capabilities = require('cmp_nvim_lsp').default_capabilities(capabilities) From 939d0cc861132ef4f1c6577fcfe4c0ebbf3c7c52 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sat, 30 May 2026 20:37:42 +1000 Subject: [PATCH 313/363] system/tailscale: persist tailscale state --- modules/binds.nix | 9 +++++++++ modules/default.nix | 1 + modules/options.nix | 5 +++++ modules/system/base.nix | 2 +- modules/system/tailscale.nix | 1 + 5 files changed, 17 insertions(+), 1 deletion(-) create mode 100644 modules/binds.nix diff --git a/modules/binds.nix b/modules/binds.nix new file mode 100644 index 0000000..9c7d4ad --- /dev/null +++ b/modules/binds.nix @@ -0,0 +1,9 @@ +{ config, lib, ...}: { + imports = [ ./options.nix ]; + fileSystems = lib.mapAttrs (dest: key: { + depends = [ "/persist" ]; + device = "/persist/binds/${key}"; + fsType = "none"; + options = [ "bind" ]; + }) config.me.binds; +} diff --git a/modules/default.nix b/modules/default.nix index d55b54a..6775c55 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -14,6 +14,7 @@ let }) paths ); in { + binds = ./binds.nix; options = ./options.nix; services = mkAttrsFromPaths [ ./services/banksia.nix diff --git a/modules/options.nix b/modules/options.nix index b522127..e861c12 100644 --- a/modules/options.nix +++ b/modules/options.nix @@ -44,5 +44,10 @@ in { type = types.bool; default = false; }; + + binds = lib.mkOption { + type = with lib.types; attrsOf str; + default = {}; + }; }; } diff --git a/modules/system/base.nix b/modules/system/base.nix index 36c9993..c45eb99 100644 --- a/modules/system/base.nix +++ b/modules/system/base.nix @@ -1,5 +1,5 @@ { config, inputs, modules, ... }: { - imports = [ modules.options ]; + imports = [ modules.binds modules.options ]; environment.etc = { "machine-id".source = "/persist/machine-id"; diff --git a/modules/system/tailscale.nix b/modules/system/tailscale.nix index 4bded31..732a9bb 100644 --- a/modules/system/tailscale.nix +++ b/modules/system/tailscale.nix @@ -1,5 +1,6 @@ { config, ... }: { age.secrets.tailscale_auth.file = ../../secrets/tailscale_auth.age; + me.binds."/var/lib/tailscale" = "tailscale"; services.tailscale = { enable = true; authKeyFile = config.age.secrets.tailscale_auth.path; From babc27c8be3385495c04d8841ec8f94346fa5cc9 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Thu, 28 May 2026 23:01:43 +1000 Subject: [PATCH 314/363] containers/garnet: init --- containers/garnet/configuration.nix | 32 ++++++++++++ containers/garnet/flake.lock | 27 ++++++++++ containers/garnet/flake.nix | 80 +++++++++++++++++++++++++++++ flake.lock | 47 ++++++++++++++--- flake.nix | 1 + 5 files changed, 179 insertions(+), 8 deletions(-) create mode 100644 containers/garnet/configuration.nix create mode 100644 containers/garnet/flake.lock create mode 100644 containers/garnet/flake.nix diff --git a/containers/garnet/configuration.nix b/containers/garnet/configuration.nix new file mode 100644 index 0000000..930ae67 --- /dev/null +++ b/containers/garnet/configuration.nix @@ -0,0 +1,32 @@ +{ ... }: { + system.stateVersion = "25.11"; + fileSystems."/var/lib/opencloud" = { + device = "/persist/opencloud"; + fsType = "none"; + options = [ "bind" ]; + }; + networking.firewall.allowedTCPPorts = [ 9200 ]; + networking.firewall.allowedUDPPorts = [ 9200 ]; + + services.slskd = { + enable = true; + domain = null; + environmentFile = "/binds/slskd_env"; + settings = { + shares.directories = [ "/binds/music/" ]; + }; + }; + environment.etc."opencloud-admin-pass".text = '' + IDM_ADMIN_PASSWORD=supersillysecure + ''; + services.opencloud = { + enable = true; + url = "https://cloud.lava.moe"; + address = "127.0.0.1"; + port = 9200; + environment = { + PROXY_TLS = "false"; + }; + environmentFile = "/etc/opencloud-admin-pass"; + }; +} diff --git a/containers/garnet/flake.lock b/containers/garnet/flake.lock new file mode 100644 index 0000000..4070242 --- /dev/null +++ b/containers/garnet/flake.lock @@ -0,0 +1,27 @@ +{ + "nodes": { + "nixpkgs": { + "locked": { + "lastModified": 1779560665, + "narHash": "sha256-tpyBcxPpcQb8ukyNF7DoCwfSY3VPsxHoYwj00Cayv5o=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "64c08a7ca051951c8eae34e3e3cb1e202fe36786", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/containers/garnet/flake.nix b/containers/garnet/flake.nix new file mode 100644 index 0000000..7cb7559 --- /dev/null +++ b/containers/garnet/flake.nix @@ -0,0 +1,80 @@ +{ + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + }; + outputs = { nixpkgs, ... }: + let + name = "garnet"; + fqdn = "cloud.lava.moe"; + subnetId = "7"; + + subnet = x: "fd0d:1::${subnetId}:${toString x}"; + host = subnet 1; + client = subnet 2; + + subnet4 = x: "10.30.${subnetId}.${toString x}"; + host4 = subnet4 1; + client4 = subnet4 2; + + modules = [ + ./configuration.nix + { + networking.useHostResolvConf = false; + networking.nameservers = [ host ]; + } + ]; + in { + nixosConfigurations.container = nixpkgs.lib.nixosSystem { + inherit modules; + }; + nixosModule = { config, ... }: { + networking.nat = { + enable = true; + enableIPv6 = true; + internalInterfaces = [ "ve-${name}" ]; + }; + + services.nginx.virtualHosts."${fqdn}" = { + useACMEHost = "lava.moe"; + forceSSL = true; + locations."/" = { + proxyPass = "http://[${client}]:9200"; + proxyWebsockets = true; + extraConfig = '' + proxy_set_header Host $host; + ''; + }; + listenAddresses = [ "10.0.0.1" "[fd0d::1]" "100.67.1.1" ]; + }; + + systemd.tmpfiles.rules = [ + "d /persist/containers/${name} 755 root users" + "d /persist/flower 755 root users" + ]; + containers.${name} = { + autoStart = true; + privateNetwork = true; + hostAddress = host4; + localAddress = client4; + hostAddress6 = host; + localAddress6 = client; + # privateUsers = "pick"; + nixpkgs = nixpkgs; + ephemeral = true; + config = { imports = modules; }; + specialArgs = { inherit fqdn; }; + + bindMounts."persist" = { + hostPath = "/persist/containers/${name}"; + mountPoint = "/persist"; + isReadOnly = false; + }; + bindMounts."content" = { + hostPath = "/persist/flower"; + mountPoint = "/flower"; + isReadOnly = false; + }; + }; + }; + }; +} diff --git a/flake.lock b/flake.lock index db4bae9..2578a7e 100644 --- a/flake.lock +++ b/flake.lock @@ -128,6 +128,20 @@ }, "parent": [] }, + "c-garnet": { + "inputs": { + "nixpkgs": "nixpkgs_9" + }, + "locked": { + "path": "./containers/garnet", + "type": "path" + }, + "original": { + "path": "./containers/garnet", + "type": "path" + }, + "parent": [] + }, "catppuccin": { "inputs": { "nixpkgs": "nixpkgs_4" @@ -595,7 +609,7 @@ "inputs": { "flake-parts": "flake-parts_2", "git-hooks": "git-hooks", - "nixpkgs": "nixpkgs_9" + "nixpkgs": "nixpkgs_10" }, "locked": { "lastModified": 1779768228, @@ -679,6 +693,22 @@ } }, "nixpkgs_10": { + "locked": { + "lastModified": 1779536132, + "narHash": "sha256-q+fF42iv/geEbHfgSzy3tS0FF/EyD6XTZ98E6yxiBO8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "3d8f0f3f72a6cd4d93d0ad13203f2ea1cb7e1456", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_11": { "locked": { "lastModified": 1779560665, "narHash": "sha256-tpyBcxPpcQb8ukyNF7DoCwfSY3VPsxHoYwj00Cayv5o=", @@ -694,7 +724,7 @@ "type": "github" } }, - "nixpkgs_11": { + "nixpkgs_12": { "locked": { "lastModified": 1770019141, "narHash": "sha256-VKS4ZLNx4PNrABoB0L8KUpc1fE7CLpQXQs985tGfaCU=", @@ -824,16 +854,16 @@ }, "nixpkgs_9": { "locked": { - "lastModified": 1779536132, - "narHash": "sha256-q+fF42iv/geEbHfgSzy3tS0FF/EyD6XTZ98E6yxiBO8=", + "lastModified": 1779560665, + "narHash": "sha256-tpyBcxPpcQb8ukyNF7DoCwfSY3VPsxHoYwj00Cayv5o=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3d8f0f3f72a6cd4d93d0ad13203f2ea1cb7e1456", + "rev": "64c08a7ca051951c8eae34e3e3cb1e202fe36786", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixpkgs-unstable", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } @@ -880,7 +910,7 @@ "pastel": { "inputs": { "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs_11", + "nixpkgs": "nixpkgs_12", "pnpm2nix": "pnpm2nix" }, "locked": { @@ -946,6 +976,7 @@ "c-diamond": "c-diamond", "c-emerald": "c-emerald", "c-fluorite": "c-fluorite", + "c-garnet": "c-garnet", "catppuccin": "catppuccin_2", "catppuccin-palette": "catppuccin-palette", "fast-syntax-highlighting": "fast-syntax-highlighting", @@ -954,7 +985,7 @@ "neovim-nightly": "neovim-nightly", "nix-gaming": "nix-gaming", "nix-index-database": "nix-index-database", - "nixpkgs": "nixpkgs_10", + "nixpkgs": "nixpkgs_11", "nvim-treesitter": "nvim-treesitter", "pastel": "pastel", "pure": "pure", diff --git a/flake.nix b/flake.nix index 377e601..5cf3457 100644 --- a/flake.nix +++ b/flake.nix @@ -44,6 +44,7 @@ c-diamond.url = "path:./containers/diamond"; c-emerald.url = "path:./containers/emerald"; c-fluorite.url = "path:./containers/fluorite"; + c-garnet.url = "path:./containers/garnet"; }; outputs = { self, agenix, catppuccin, nixpkgs, ... } @ inputs: From 140b12fa5d95ee0a77c6233ba537dc9fab64c0b7 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Thu, 28 May 2026 23:02:40 +1000 Subject: [PATCH 315/363] hosts/alyssum: enable garnet --- hosts/alyssum/default.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/hosts/alyssum/default.nix b/hosts/alyssum/default.nix index 087c77f..1c1db61 100644 --- a/hosts/alyssum/default.nix +++ b/hosts/alyssum/default.nix @@ -1,4 +1,4 @@ -{ lib, modules, modulesPath, ... }: { +{ inputs, modules, modulesPath, ... }: { networking.hostName = "alyssum"; system.stateVersion = "25.11"; time.timeZone = "Australia/Melbourne"; @@ -22,6 +22,8 @@ security tailscale + inputs.c-garnet.nixosModule + ./filesystem.nix ./kernel.nix ./networking.nix From 27e9546327e2d9f2a756f3f65b657ea61e34bfca Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Thu, 28 May 2026 23:04:35 +1000 Subject: [PATCH 316/363] containers/garnet: better ip filtering --- containers/garnet/flake.nix | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/containers/garnet/flake.nix b/containers/garnet/flake.nix index 7cb7559..b5e4ba5 100644 --- a/containers/garnet/flake.nix +++ b/containers/garnet/flake.nix @@ -44,7 +44,13 @@ proxy_set_header Host $host; ''; }; - listenAddresses = [ "10.0.0.1" "[fd0d::1]" "100.67.1.1" ]; + extraConfig = '' + allow 10.0.0.0/8; + allow 100.0.0.0/8; + allow 192.168.1.0/24; + allow fd0d::/8; + deny all; + ''; }; systemd.tmpfiles.rules = [ From a25d214b82c4459e1e71599bf8917cc12090b337 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Thu, 28 May 2026 23:10:40 +1000 Subject: [PATCH 317/363] hosts/alyssum: enable nginx --- hosts/alyssum/default.nix | 3 +++ secrets.nix | 2 +- secrets/acme_dns.age | 19 ++++++++++--------- 3 files changed, 14 insertions(+), 10 deletions(-) diff --git a/hosts/alyssum/default.nix b/hosts/alyssum/default.nix index 1c1db61..9a53926 100644 --- a/hosts/alyssum/default.nix +++ b/hosts/alyssum/default.nix @@ -4,6 +4,7 @@ time.timeZone = "Australia/Melbourne"; age.secrets = { + acme_dns.file = ../../secrets/acme_dns.age; wpa_conf = { file = ../../secrets/wpa_conf.age; path = "/etc/wpa_supplicant/imperative.conf"; @@ -22,6 +23,8 @@ security tailscale + modules.services.nginx + inputs.c-garnet.nixosModule ./filesystem.nix diff --git a/secrets.nix b/secrets.nix index 5a8bf1b..d2dbc82 100644 --- a/secrets.nix +++ b/secrets.nix @@ -10,7 +10,7 @@ in { "secrets/passwd.age".publicKeys = [ anemone blossom rin ]; "secrets/wpa_conf.age".publicKeys = [ alyssum blossom rin ]; - "secrets/acme_dns.age".publicKeys = [ dandelion hazel rin ]; + "secrets/acme_dns.age".publicKeys = [ alyssum dandelion hazel rin ]; "secrets/navidrome_env.age".publicKeys = [ anemone dandelion rin ]; "secrets/slskd_env.age".publicKeys = [ anemone dandelion rin ]; "secrets/tailscale_auth.age".publicKeys = [ alyssum anemone blossom dandelion rin ]; diff --git a/secrets/acme_dns.age b/secrets/acme_dns.age index a573417..c440de6 100644 --- a/secrets/acme_dns.age +++ b/secrets/acme_dns.age @@ -1,10 +1,11 @@ age-encryption.org/v1 --> ssh-ed25519 bRFqeQ trK7wfJ1fObF70yD3a6axuXaZv/EzzFI7he1dvUajH8 -1C5IrwITtma/um0zUo6by0llVTnla7TBdyRD07azTT8 --> ssh-ed25519 ZAcXHw f+n0WJKTViwizwTIgRpbLGqk458SnuAFVVj5FQS0nwA -MRinOTxWGwfeg16VWJYD+1Uta+7xF6G9oyqtYSfEq80 --> ssh-ed25519 U9FXlg 24QGfemIAHZYMwroayNJp91fUkbwUF7ACuXIk+7qdBg -RNGpjxUgfzV/e1Ab/NcA8A0zzxsXU06xmVbLpG3x+iI ---- mekieJNQOl4vcg+hsSOQsFC7mVUZf/oRl/dT7AeTRKg -H즏)k#%3cQں1?ad| 쳄ٗo2 -B)=Zi9pR Klg ՞h \ No newline at end of file +-> ssh-ed25519 kOMSPw vqjZO82kILUQaoD9EwOgnmXKD9IyscgtzP65BVKkGhs +07f0vL5fSq+EVdJ4n3L/q0tGsh0SVLCueTzbrMQC2ok +-> ssh-ed25519 bRFqeQ qZAsyhdIY/fg7weEBYfB/WwFBrr/fDRrjt0J/m+57W4 +FOWjbk7efoVdL9WxjWvaZ/0mJrQ4yj0fN/Fa3zztz84 +-> ssh-ed25519 ZAcXHw UHpAQ4nKoGGaZWXVj4UM6uBanOgDpBvG6XdoBvhz6y8 +xF1orqajQxp2QzU/e1sq8lMxz4AQ2Vr5a3wEU55QqyE +-> ssh-ed25519 U9FXlg n/LPuRDZ7N0VbZYLNr86hH/yRuqd2zFC7Nnpooz8d0o +aZig/wjd5vitGaJwQ89w2M7fj8fAiqTpdDOmLae74sM +--- mXuALIh6k4n0cErsTFnwKemo/r2jFG7mGSTz2M8zXF8 +Zr2. ~MPXŹ1)p9R9S cLzhQO0H7Lj5 \l97ܫn> From 0735ffdb69516426106e51d1a6f7a96b6c50b1fa Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Thu, 28 May 2026 23:22:19 +1000 Subject: [PATCH 318/363] containers/garnet: remove stray sv and set address to local ip --- containers/garnet/configuration.nix | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/containers/garnet/configuration.nix b/containers/garnet/configuration.nix index 930ae67..4f09e34 100644 --- a/containers/garnet/configuration.nix +++ b/containers/garnet/configuration.nix @@ -8,21 +8,13 @@ networking.firewall.allowedTCPPorts = [ 9200 ]; networking.firewall.allowedUDPPorts = [ 9200 ]; - services.slskd = { - enable = true; - domain = null; - environmentFile = "/binds/slskd_env"; - settings = { - shares.directories = [ "/binds/music/" ]; - }; - }; environment.etc."opencloud-admin-pass".text = '' IDM_ADMIN_PASSWORD=supersillysecure ''; services.opencloud = { enable = true; url = "https://cloud.lava.moe"; - address = "127.0.0.1"; + address = "10.30.7.2"; port = 9200; environment = { PROXY_TLS = "false"; From 011ceee498a0c1361b662c4ffc7e01859086cdea Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Thu, 28 May 2026 23:27:19 +1000 Subject: [PATCH 319/363] containers/garnet: use ipv4 for proxy --- containers/garnet/flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/garnet/flake.nix b/containers/garnet/flake.nix index b5e4ba5..e5bdcbc 100644 --- a/containers/garnet/flake.nix +++ b/containers/garnet/flake.nix @@ -38,7 +38,7 @@ useACMEHost = "lava.moe"; forceSSL = true; locations."/" = { - proxyPass = "http://[${client}]:9200"; + proxyPass = "http://${client4}:9200"; proxyWebsockets = true; extraConfig = '' proxy_set_header Host $host; From c4bedfd86e8bdcf9e2a58be5d96d43b4a50677a7 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Thu, 28 May 2026 23:34:25 +1000 Subject: [PATCH 320/363] containers/garnet: move back to listen addrs --- containers/garnet/flake.nix | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/containers/garnet/flake.nix b/containers/garnet/flake.nix index e5bdcbc..c1694a0 100644 --- a/containers/garnet/flake.nix +++ b/containers/garnet/flake.nix @@ -44,13 +44,7 @@ proxy_set_header Host $host; ''; }; - extraConfig = '' - allow 10.0.0.0/8; - allow 100.0.0.0/8; - allow 192.168.1.0/24; - allow fd0d::/8; - deny all; - ''; + listenAddresses = [ "100.67.2.1" ]; }; systemd.tmpfiles.rules = [ From f622d5f5771d6866b7ee3b3c88ed97d4641a5c49 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Thu, 28 May 2026 23:43:07 +1000 Subject: [PATCH 321/363] containers/garnet: try removing host header --- containers/garnet/flake.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/containers/garnet/flake.nix b/containers/garnet/flake.nix index c1694a0..29540db 100644 --- a/containers/garnet/flake.nix +++ b/containers/garnet/flake.nix @@ -40,9 +40,6 @@ locations."/" = { proxyPass = "http://${client4}:9200"; proxyWebsockets = true; - extraConfig = '' - proxy_set_header Host $host; - ''; }; listenAddresses = [ "100.67.2.1" ]; }; From 34e649e6210ced9f692e2cc300e40236c058a994 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Fri, 29 May 2026 00:43:32 +1000 Subject: [PATCH 322/363] alyssum/filesystem: add myosotis --- hosts/alyssum/filesystem.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/alyssum/filesystem.nix b/hosts/alyssum/filesystem.nix index 205106a..bdea423 100644 --- a/hosts/alyssum/filesystem.nix +++ b/hosts/alyssum/filesystem.nix @@ -26,6 +26,7 @@ in { }; "/boot" = mkLabelMount "stem" "vfat"; + "/flower" = mkBtrfsMount "myosotis" "/@" true; "/nix" = submount "/@/nix" false; "/persist" = (submount "/@/persist" true) // { neededForBoot = true; }; "/persist/.snapshots" = submount "/snap/persist" false; From 48513690982288b4e84daf7e05db8681a1fbab4c Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Fri, 29 May 2026 00:44:13 +1000 Subject: [PATCH 323/363] containers/garnet: add hosts and correct bind mounts --- containers/garnet/configuration.nix | 12 +++++++++++- containers/garnet/flake.nix | 4 ++-- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/containers/garnet/configuration.nix b/containers/garnet/configuration.nix index 4f09e34..ff514e8 100644 --- a/containers/garnet/configuration.nix +++ b/containers/garnet/configuration.nix @@ -1,10 +1,20 @@ { ... }: { system.stateVersion = "25.11"; fileSystems."/var/lib/opencloud" = { - device = "/persist/opencloud"; + device = "/flower/data"; fsType = "none"; options = [ "bind" ]; }; + fileSystems."/etc/opencloud" = { + device = "/persist/cfg"; + fsType = "none"; + options = [ "bind" ]; + }; + # TODO: hardcoded address + networking.extraHosts = '' + 100.67.2.1 cloud.lava.moe + ''; + networking.firewall.allowedTCPPorts = [ 9200 ]; networking.firewall.allowedUDPPorts = [ 9200 ]; diff --git a/containers/garnet/flake.nix b/containers/garnet/flake.nix index 29540db..93c3304 100644 --- a/containers/garnet/flake.nix +++ b/containers/garnet/flake.nix @@ -41,12 +41,12 @@ proxyPass = "http://${client4}:9200"; proxyWebsockets = true; }; + # TODO: hardcoded address listenAddresses = [ "100.67.2.1" ]; }; systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" - "d /persist/flower 755 root users" ]; containers.${name} = { autoStart = true; @@ -67,7 +67,7 @@ isReadOnly = false; }; bindMounts."content" = { - hostPath = "/persist/flower"; + hostPath = "/flower/opencloud"; mountPoint = "/flower"; isReadOnly = false; }; From e7588e0be0ec335a262f37f3c96f2af4031b132d Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sat, 30 May 2026 21:24:30 +1000 Subject: [PATCH 324/363] {system,rin}/packages: cleanup --- modules/system/packages.nix | 1 - users/rin/packages.nix | 37 ++++++++++++++++--------------------- 2 files changed, 16 insertions(+), 22 deletions(-) diff --git a/modules/system/packages.nix b/modules/system/packages.nix index afeef4e..d4e2e3c 100644 --- a/modules/system/packages.nix +++ b/modules/system/packages.nix @@ -16,7 +16,6 @@ neovim nfs-utils ntfs3g - oci-cli ripgrep rsync sshfs diff --git a/users/rin/packages.nix b/users/rin/packages.nix index 8b15c60..0916865 100644 --- a/users/rin/packages.nix +++ b/users/rin/packages.nix @@ -19,15 +19,28 @@ in { nodejs_latest pamixer pnpm - qmk unrar - weechat yt-dlp + ] ++ lib.optionals (config.me.environment == "desktop") [ + krita + lutris + mangohud + (prismlauncher.override { + jdks = [ + jdk21 + temurin-bin-25 + ]; + }) + inputs.nix-gaming.packages.x86_64-linux.osu-lazer-bin + qmk + tetrio-desktop + tor-browser + virt-manager + winetricks ] ++ lib.optionals config.me.gui [ android-studio brightnessctl drawio - element-desktop evince eww feh @@ -36,37 +49,19 @@ in { gamescope gimp3 grim - jetbrains.gateway - #kotatogram-desktop - krita lm_sensors - lutris - insomnia maim - mangohud me.psensor - inputs.nix-gaming.packages.x86_64-linux.osu-lazer-bin - # inputs.nix-gaming.packages.x86_64-linux.wine-osu obsidian pavucontrol - (prismlauncher.override { - jdks = [ - jdk21 - temurin-bin-25 - ]; - }) qbittorrent rivalcfg screenkey slurp swaybg - tetrio-desktop texliveFull - tor-browser transmission-remote-gtk vesktop - virt-manager - winetricks zathura zenity From cc2e9d1a90da5b9e16da55a864cd07deec24b727 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 31 May 2026 02:15:37 +1000 Subject: [PATCH 325/363] user/eww: use iwd tools instead of nmcli --- modules/user/eww.nix | 2 +- res/eww/eww.yuck | 28 +++++++++++++++------------- res/eww/scripts/network.sh | 19 ------------------- 3 files changed, 16 insertions(+), 33 deletions(-) delete mode 100755 res/eww/scripts/network.sh diff --git a/modules/user/eww.nix b/modules/user/eww.nix index fa5fd4e..13db70e 100644 --- a/modules/user/eww.nix +++ b/modules/user/eww.nix @@ -21,7 +21,7 @@ let ''; }; in { - home.packages = with pkgs; [ socat ]; + home.packages = with pkgs; [ iw socat ]; programs.eww = { enable = true; }; diff --git a/res/eww/eww.yuck b/res/eww/eww.yuck index 2598788..d72a2cc 100644 --- a/res/eww/eww.yuck +++ b/res/eww/eww.yuck @@ -1,4 +1,5 @@ (defwindow mainbar :monitor 0 + :geometry (geometry :x "0%" :y "0%" :width "100%" @@ -39,14 +40,15 @@ `cat /sys/class/power_supply/_BAT_PATH_/capacity`) (defpoll pbat_status :interval "1s" :run-while bat-enabled `cat /sys/class/power_supply/_BAT_PATH_/status`) -(defpoll network_strength :interval "1s" :run-while wifi-enabled - `nmcli -f IN-USE,SIGNAL device wifi | grep '*' | tr -d -c 0-9`) +(defpoll wifi_ssid :interval "1s" :run-while wifi-enabled + `iwctl station wlan0 show | grep "Connected network" | awk '{print $3}'`) +(defpoll wifi_strength :interval "1s" :run-while wifi-enabled + `iw dev wlan0 link | awk '/signal/ {gsub("-",""); print $2}'`) (defpoll bluetooth_device :interval "1s" :run-while bt-enabled `bluetoothctl devices Connected | grep Device | cut -d" " -f3-`) (defpoll bluetooth_device_count :interval "1s" :run-while bt-enabled `bluetoothctl devices Connected | wc -l`) -(deflisten lnetwork :initial "" :run-while wifi-enabled "./scripts/network.sh") (deflisten ltitle :initial "" "./scripts/title.sh") (deflisten lworkspaces :initial "[]" "./scripts/workspaces.sh") (deflisten lcurrent_workspace :initial "1" "./scripts/active-workspace.sh") @@ -107,22 +109,22 @@ (defwidget network [] (button :onclick `eww update network-extended=${network-extended ? "false" : "true"}` (box :orientation "horizontal" - :class {"widget pill" + ((network-extended && lnetwork != "Disconnected") ? " extended" : "")} - :spacing {(network-extended && lnetwork != "Disconnected") ? 5 : 0} + :class {"widget pill" + ((network-extended && wifi_ssid != "") ? " extended" : "")} + :spacing {(network-extended && wifi_ssid != "") ? 5 : 0} :space-evenly false (label :text { - (lnetwork == "Disconnected") ? "" - : (network_strength == "") ? "" - : (network_strength < 20) ? "" - : (network_strength < 30) ? "" - : (network_strength < 55) ? "" - : (network_strength < 80) ? "" + (wifi_ssid == "") ? "" + : (wifi_strength == "") ? "" + : (wifi_strength < 75) ? "" + : (wifi_strength < 65) ? "" + : (wifi_strength < 60) ? "" + : (wifi_strength < 50) ? "" : ""} :class "base pill-icon") (revealer :transition "slideleft" - :reveal {network-extended && lnetwork != "Disconnected"} + :reveal {network-extended && wifi_ssid != ""} :duration 150 - (label :text lnetwork + (label :text wifi_ssid :class "base"))))) (defwidget battery [] diff --git a/res/eww/scripts/network.sh b/res/eww/scripts/network.sh deleted file mode 100755 index 7d0c2c8..0000000 --- a/res/eww/scripts/network.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/usr/bin/env bash - -init=$(nmcli -t -f name,device connection show --active | grep wlp1s0 | cut -d\: -f1) - -if [[ -z $init ]]; then - echo Disconnected -else - echo $init -fi - -nmcli monitor | while read -r line ; do - if [[ $line == *"is now the primary connection" ]]; then - conn=$(echo $line | cut -d\' -f2) - echo $conn - fi - if [[ $line == "There's no primary connection" ]]; then - echo Disconnected - fi -done From 93354e641927c07672e32cd453be5b4c1394a762 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Tue, 2 Jun 2026 19:50:01 +1000 Subject: [PATCH 326/363] containers/citrine: garden -> lab --- containers/citrine/configuration.nix | 2 +- containers/citrine/flake.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/containers/citrine/configuration.nix b/containers/citrine/configuration.nix index 996ffb2..392062c 100644 --- a/containers/citrine/configuration.nix +++ b/containers/citrine/configuration.nix @@ -11,7 +11,7 @@ enable = true; lfs.enable = true; settings = { - DEFAULT.APP_NAME = "Garden"; + DEFAULT.APP_NAME = "cilly's botanical laboratory"; server = { DOMAIN = fqdn; ROOT_URL = "https://${fqdn}/"; diff --git a/containers/citrine/flake.nix b/containers/citrine/flake.nix index 5673c9e..c2a81b7 100644 --- a/containers/citrine/flake.nix +++ b/containers/citrine/flake.nix @@ -6,7 +6,7 @@ outputs = { nixpkgs, catppuccin, ... }: let name = "citrine"; - fqdn = "garden.lava.moe"; + fqdn = "lab.lava.moe"; subnetId = "3"; subnet = x: "fd0d:1::${subnetId}:${toString x}"; From 91abcbed1984e86981e95b395202e240ed13fbf7 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Tue, 2 Jun 2026 19:54:09 +1000 Subject: [PATCH 327/363] services/banksia: redirect to lab --- modules/services/banksia.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/services/banksia.nix b/modules/services/banksia.nix index d6532f6..2ace618 100644 --- a/modules/services/banksia.nix +++ b/modules/services/banksia.nix @@ -4,7 +4,7 @@ "banksia.lava.moe" = { useACMEHost = "lava.moe"; forceSSL = true; - locations."/".return = "302 https://github.com/cillynder/Banksia"; + locations."/".return = "302 https://lab.lava.moe/cilly/Banksia"; locations."/api".proxyPass = "http://localhost:8080/"; }; }; From ee3e0868a8338ab92d34a434e9c3add7dca3db5d Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sat, 6 Jun 2026 20:14:37 +1000 Subject: [PATCH 328/363] system/tailscale: loosen firewall for tailnet --- modules/system/tailscale.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/system/tailscale.nix b/modules/system/tailscale.nix index 732a9bb..02bce52 100644 --- a/modules/system/tailscale.nix +++ b/modules/system/tailscale.nix @@ -1,6 +1,7 @@ { config, ... }: { age.secrets.tailscale_auth.file = ../../secrets/tailscale_auth.age; me.binds."/var/lib/tailscale" = "tailscale"; + networking.firewall.trustedInterfaces = [ "tailscale0" ]; services.tailscale = { enable = true; authKeyFile = config.age.secrets.tailscale_auth.path; From abe0027e5dc405174f7d8993db14e57cadda7b29 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sat, 6 Jun 2026 20:23:56 +1000 Subject: [PATCH 329/363] hosts/alyssum: add syncthing --- hosts/alyssum/default.nix | 4 +++- modules/services/syncthing.nix | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/hosts/alyssum/default.nix b/hosts/alyssum/default.nix index 9a53926..3eb7289 100644 --- a/hosts/alyssum/default.nix +++ b/hosts/alyssum/default.nix @@ -1,4 +1,4 @@ -{ inputs, modules, modulesPath, ... }: { +{ inputs, lib, modules, modulesPath, ... }: { networking.hostName = "alyssum"; system.stateVersion = "25.11"; time.timeZone = "Australia/Melbourne"; @@ -24,6 +24,7 @@ tailscale modules.services.nginx + modules.services.syncthing inputs.c-garnet.nixosModule @@ -35,4 +36,5 @@ ]; me.environment = "headless"; + services.syncthing.user = lib.mkForce "hana"; } diff --git a/modules/services/syncthing.nix b/modules/services/syncthing.nix index 2316f9f..d27f911 100644 --- a/modules/services/syncthing.nix +++ b/modules/services/syncthing.nix @@ -1,7 +1,7 @@ { config, ... }: let dir = "/persist/shared/.syncthing"; - uid = toString config.users.users.rin.uid; + uid = toString config.services.syncthing.user; gid = toString config.users.groups.users.gid; in { From 72078aad6c6142b84c873ceafbad4a6ea464ede7 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sat, 6 Jun 2026 20:33:19 +1000 Subject: [PATCH 330/363] services/syncthing: listen on all ports for headless --- modules/services/syncthing.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/modules/services/syncthing.nix b/modules/services/syncthing.nix index d27f911..8ec331b 100644 --- a/modules/services/syncthing.nix +++ b/modules/services/syncthing.nix @@ -1,7 +1,8 @@ { config, ... }: let dir = "/persist/shared/.syncthing"; - uid = toString config.services.syncthing.user; + user = if config.me.gui then "rin" else "hana"; + uid = toString config.users.users."${user}".uid; gid = toString config.users.groups.users.gid; in { @@ -13,9 +14,10 @@ in services.syncthing = { enable = true; openDefaultPorts = true; - user = "rin"; + user = user; group = "users"; dataDir = "/persist/shared/.syncthing/data"; configDir = "/persist/shared/.syncthing/config"; + guiAddress = if config.me.gui then "127.0.0.1:8384" else ""; }; } From 1ad05857b7566f15575dd03d09f31da80669744d Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sat, 6 Jun 2026 20:35:10 +1000 Subject: [PATCH 331/363] services/syncthing: setup correct guiAddress --- modules/services/syncthing.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/services/syncthing.nix b/modules/services/syncthing.nix index 8ec331b..db32371 100644 --- a/modules/services/syncthing.nix +++ b/modules/services/syncthing.nix @@ -18,6 +18,6 @@ in group = "users"; dataDir = "/persist/shared/.syncthing/data"; configDir = "/persist/shared/.syncthing/config"; - guiAddress = if config.me.gui then "127.0.0.1:8384" else ""; + guiAddress = if config.me.gui then "127.0.0.1:8384" else ":8384"; }; } From 9a87dc63c3f2cdd80c5918ff61864471e6186cc3 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Fri, 5 Jun 2026 00:12:18 +1000 Subject: [PATCH 332/363] rin/packages: move prism back to shared gui --- users/rin/packages.nix | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/users/rin/packages.nix b/users/rin/packages.nix index 0916865..afc711b 100644 --- a/users/rin/packages.nix +++ b/users/rin/packages.nix @@ -25,12 +25,6 @@ in { krita lutris mangohud - (prismlauncher.override { - jdks = [ - jdk21 - temurin-bin-25 - ]; - }) inputs.nix-gaming.packages.x86_64-linux.osu-lazer-bin qmk tetrio-desktop @@ -54,6 +48,12 @@ in { me.psensor obsidian pavucontrol + (prismlauncher.override { + jdks = [ + jdk21 + temurin-bin-25 + ]; + }) qbittorrent rivalcfg screenkey From 8ca9e393ea1b9d89d49d44d8c2af4bfd4b5aaac0 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Fri, 5 Jun 2026 00:16:15 +1000 Subject: [PATCH 333/363] system/input: swap esc using keyd --- modules/system/input.nix | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/modules/system/input.nix b/modules/system/input.nix index 2ef1eab..44da34b 100644 --- a/modules/system/input.nix +++ b/modules/system/input.nix @@ -6,7 +6,18 @@ "-arinterval 15" ]; }; - xkb.options = "caps:escape"; }; - console.useXkbConfig = true; + services.keyd = { + enable = true; + keyboards = { + default = { + ids = [ "*" ]; + settings = { + main = { + capslock = "overload(control, esc)"; + }; + }; + }; + }; + }; } From 9a6a29831b751dd2a6bb15bf26e6174ebc5ffe8b Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Fri, 5 Jun 2026 00:18:29 +1000 Subject: [PATCH 334/363] system/security: reenable doas persist --- modules/system/security.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/security.nix b/modules/system/security.nix index 3b4e8a7..f1f087b 100644 --- a/modules/system/security.nix +++ b/modules/system/security.nix @@ -49,7 +49,7 @@ { groups = [ "wheel" ]; keepEnv = true; - persist = config.me.environment != "laptop"; + persist = true; } ]; }; From 8a85e25d720376b4e8dc4bcdfcbc39d549ce008e Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Fri, 5 Jun 2026 00:20:29 +1000 Subject: [PATCH 335/363] system/input: don't overload capslock input delay :p --- modules/system/input.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/input.nix b/modules/system/input.nix index 44da34b..67b1a96 100644 --- a/modules/system/input.nix +++ b/modules/system/input.nix @@ -14,7 +14,7 @@ ids = [ "*" ]; settings = { main = { - capslock = "overload(control, esc)"; + capslock = "esc"; }; }; }; From ea17ef30c609d67155a61579a27fac460112feaa Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Fri, 5 Jun 2026 00:22:49 +1000 Subject: [PATCH 336/363] system/input: map esc to capslock --- modules/system/input.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/system/input.nix b/modules/system/input.nix index 67b1a96..a0bf2ff 100644 --- a/modules/system/input.nix +++ b/modules/system/input.nix @@ -15,6 +15,7 @@ settings = { main = { capslock = "esc"; + esc = "capslock"; }; }; }; From 75f9cc9d2bdd32fbcb1e28b7a300d61fc04da2b3 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 10 Jun 2026 15:05:05 +1000 Subject: [PATCH 337/363] system/tailscale: open port 123 on headless --- modules/system/tailscale.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/system/tailscale.nix b/modules/system/tailscale.nix index 02bce52..e7e6e0c 100644 --- a/modules/system/tailscale.nix +++ b/modules/system/tailscale.nix @@ -1,7 +1,9 @@ -{ config, ... }: { +{ config, lib, ... }: { age.secrets.tailscale_auth.file = ../../secrets/tailscale_auth.age; me.binds."/var/lib/tailscale" = "tailscale"; networking.firewall.trustedInterfaces = [ "tailscale0" ]; + networking.firewall.allowedUdpPorts = lib.mkIf config.me.environment == "headless" [ 123 ]; + services.tailscale = { enable = true; authKeyFile = config.age.secrets.tailscale_auth.path; From b705a21478d057b5bcbebd24ac5ffd3652e747c7 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 10 Jun 2026 15:06:38 +1000 Subject: [PATCH 338/363] system/tailscale: fix syntax --- modules/system/tailscale.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/tailscale.nix b/modules/system/tailscale.nix index e7e6e0c..5e3e044 100644 --- a/modules/system/tailscale.nix +++ b/modules/system/tailscale.nix @@ -2,7 +2,7 @@ age.secrets.tailscale_auth.file = ../../secrets/tailscale_auth.age; me.binds."/var/lib/tailscale" = "tailscale"; networking.firewall.trustedInterfaces = [ "tailscale0" ]; - networking.firewall.allowedUdpPorts = lib.mkIf config.me.environment == "headless" [ 123 ]; + networking.firewall.allowedUDPPorts = lib.mkIf (config.me.environment == "headless") [ 123 ]; services.tailscale = { enable = true; From 29909729897e4085370656f6ab19f8d280fafbbf Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 10 Jun 2026 16:01:23 +1000 Subject: [PATCH 339/363] user/git: set default branch name --- modules/user/git.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/user/git.nix b/modules/user/git.nix index 6c21f20..ca2762e 100644 --- a/modules/user/git.nix +++ b/modules/user/git.nix @@ -10,6 +10,7 @@ user.email = "mini@cilly.moe"; core.abbrev = 11; safe.directory = "/home/rin/Projects/flakes"; + init.defaultBranch = "master"; }; }; } From 37f271bed8d08dc44b47620d47f5142e4f81202e Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 10 Jun 2026 16:05:24 +1000 Subject: [PATCH 340/363] containers/citrine: enable push to create --- containers/citrine/configuration.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/containers/citrine/configuration.nix b/containers/citrine/configuration.nix index 392062c..0f4242a 100644 --- a/containers/citrine/configuration.nix +++ b/containers/citrine/configuration.nix @@ -34,6 +34,8 @@ }; api.ENABLE_SWAGGER = false; other.SHOW_FOOTER_TEMPLATE_LOAD_TIME = false; + repository.ENABLE_PUSH_CREATE_USER = true; + repository.ENABLE_PUSH_CREATE_ORG = true; service.DISABLE_REGISTRATION = true; }; stateDir = "/persist/forgejo"; From 6fc74bd778317c578b8c7532056dfcd469514475 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Tue, 9 Jun 2026 18:15:04 +1000 Subject: [PATCH 341/363] hosts/hyacinth: add docker --- hosts/hyacinth/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/hyacinth/default.nix b/hosts/hyacinth/default.nix index c307ce8..a32d4bd 100644 --- a/hosts/hyacinth/default.nix +++ b/hosts/hyacinth/default.nix @@ -18,6 +18,7 @@ bluetooth ccache corectrl + docker flatpak greetd gui From e98a71cd1ed09eb93a39e5cb1be797b620a4f9aa Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sat, 13 Jun 2026 22:12:32 +1000 Subject: [PATCH 342/363] containers/garnet: config nginx to avoid errors --- containers/garnet/flake.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/containers/garnet/flake.nix b/containers/garnet/flake.nix index 93c3304..df835a4 100644 --- a/containers/garnet/flake.nix +++ b/containers/garnet/flake.nix @@ -41,6 +41,13 @@ proxyPass = "http://${client4}:9200"; proxyWebsockets = true; }; + extraConfig = '' + proxy_read_timeout 3600s; + proxy_send_timeout 3600s; + keepalive_requests 100000; + keepalive_timeout 5m; + http2_max_concurrent_streams 512; + ''; # TODO: hardcoded address listenAddresses = [ "100.67.2.1" ]; }; From 2a9e8e6c0372c1eacb9fd91a062acd9c657be694 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sat, 13 Jun 2026 23:44:29 +1000 Subject: [PATCH 343/363] containers/garnet: extend token expiration --- containers/garnet/configuration.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/containers/garnet/configuration.nix b/containers/garnet/configuration.nix index ff514e8..21400c5 100644 --- a/containers/garnet/configuration.nix +++ b/containers/garnet/configuration.nix @@ -28,6 +28,8 @@ port = 9200; environment = { PROXY_TLS = "false"; + IDP_ACCESS_TOKEN_EXPIRATION = "2592000"; + IDP_ID_TOKEN_EXPIRATION = "2592000"; }; environmentFile = "/etc/opencloud-admin-pass"; }; From 402c847f3cd7f457e7946b4b3431a71a47963828 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Sun, 14 Jun 2026 20:32:32 +1000 Subject: [PATCH 344/363] dandelion/filesystem: reduce rootfs from 12G to 6G --- hosts/dandelion/filesystem.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/dandelion/filesystem.nix b/hosts/dandelion/filesystem.nix index 4dd6a55..861bc15 100644 --- a/hosts/dandelion/filesystem.nix +++ b/hosts/dandelion/filesystem.nix @@ -22,7 +22,7 @@ in { "/" = { device = "rootfs"; fsType = "tmpfs"; - options = [ "defaults" "size=12G" "mode=755" ]; + options = [ "defaults" "size=6G" "mode=755" ]; }; "/boot" = mkLabelMount "UEFI" "vfat"; From d1a8e7222f0dd930f945a4f101cd885ce6001357 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 17 Jun 2026 18:11:09 +1000 Subject: [PATCH 345/363] alyssum/samba: init --- hosts/alyssum/default.nix | 1 + hosts/alyssum/samba.nix | 81 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 82 insertions(+) create mode 100644 hosts/alyssum/samba.nix diff --git a/hosts/alyssum/default.nix b/hosts/alyssum/default.nix index 3eb7289..d471011 100644 --- a/hosts/alyssum/default.nix +++ b/hosts/alyssum/default.nix @@ -31,6 +31,7 @@ ./filesystem.nix ./kernel.nix ./networking.nix + ./samba.nix ../../users/hana ]; diff --git a/hosts/alyssum/samba.nix b/hosts/alyssum/samba.nix new file mode 100644 index 0000000..9e957e9 --- /dev/null +++ b/hosts/alyssum/samba.nix @@ -0,0 +1,81 @@ +{ config, ... }: { + networking.firewall.allowPing = true; + + users.users.cilly = { + hashedPasswordFile = config.age.secrets.passwd.path; + isNormalUser = true; + }; + users.users.kujira = { + hashedPasswordFile = config.age.secrets.passwd.path; + isNormalUser = true; + }; + system.activationScripts = { + init_smbpasswd.text = '' + /run/current-system/sw/bin/printf "$(/run/current-system/sw/bin/cat ${config.age.secrets.passwd.path})\n$(/run/current-system/sw/bin/cat ${config.age.secrets.passwd.path})\n" | /run/current-system/sw/bin/smbpasswd -sa cilly + + /run/current-system/sw/bin/printf "$(/run/current-system/sw/bin/cat ${config.age.secrets.passwd_kujira.path})\n$(/run/current-system/sw/bin/cat ${config.age.secrets.passwd_kujira.path})\n" | /run/current-system/sw/bin/smbpasswd -sa kujira + ''; + }; + + services.samba = { + enable = true; + openFirewall = true; + settings = { + global = { + "workgroup" = "WORKGROUP"; + "server string" = "smbnix"; + "netbios name" = "smbnix"; + "security" = "user"; + "hosts allow" = "100.67.2.1 127.0.0.1 localhost"; + "hosts deny" = "0.0.0.0/0"; + "guest account" = "nobody"; + "map to guest" = "bad user"; + }; + "public" = { + "path" = "/flower/smb/public"; + "browseable" = "yes"; + "read only" = "no"; + "guest ok" = "yes"; + "create mask" = "0644"; + "directory mask" = "0755"; + "force user" = "hana"; + "force group" = "users"; + }; + "cilly" = { + "path" = "/flower/smb/cilly"; + "browseable" = "yes"; + "read only" = "no"; + "guest ok" = "no"; + "create mask" = "0644"; + "directory mask" = "0755"; + "force user" = "cilly"; + "force group" = "users"; + "valid users" = "cilly"; + }; + "kujira" = { + "path" = "/flower/smb/kujira"; + "browseable" = "yes"; + "read only" = "no"; + "guest ok" = "no"; + "create mask" = "0644"; + "directory mask" = "0755"; + "force user" = "kujira"; + "force group" = "users"; + "valid users" = "kujira"; + }; + }; + }; + + services.samba-wsdd = { + enable = true; + openFirewall = true; + }; + + services.avahi = { + enable = true; + openFirewall = true; + nssmdns4 = true; + publish.enable = true; + publish.userServices = true; + }; +} From 4f8249b780b00add8a8a8d22543a54229faa696d Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 17 Jun 2026 18:16:21 +1000 Subject: [PATCH 346/363] alyssum/samba: use proper credentials --- hosts/alyssum/samba.nix | 7 +++++-- secrets.nix | 2 ++ secrets/passwd_smbcilly.age | 7 +++++++ secrets/passwd_smbkujira.age | 7 +++++++ 4 files changed, 21 insertions(+), 2 deletions(-) create mode 100644 secrets/passwd_smbcilly.age create mode 100644 secrets/passwd_smbkujira.age diff --git a/hosts/alyssum/samba.nix b/hosts/alyssum/samba.nix index 9e957e9..6be8e09 100644 --- a/hosts/alyssum/samba.nix +++ b/hosts/alyssum/samba.nix @@ -1,6 +1,9 @@ { config, ... }: { networking.firewall.allowPing = true; + age.secrets.passwd_smbcilly.file = ../../secrets/passwd_smbcilly.age; + age.secrets.passwd_smbkujira.file = ../../secrets/passwd_smbkujira.age; + users.users.cilly = { hashedPasswordFile = config.age.secrets.passwd.path; isNormalUser = true; @@ -11,9 +14,9 @@ }; system.activationScripts = { init_smbpasswd.text = '' - /run/current-system/sw/bin/printf "$(/run/current-system/sw/bin/cat ${config.age.secrets.passwd.path})\n$(/run/current-system/sw/bin/cat ${config.age.secrets.passwd.path})\n" | /run/current-system/sw/bin/smbpasswd -sa cilly + /run/current-system/sw/bin/printf "$(/run/current-system/sw/bin/cat ${config.age.secrets.passwd_smbcilly.path})\n$(/run/current-system/sw/bin/cat ${config.age.secrets.passwd_smbcilly.path})\n" | /run/current-system/sw/bin/smbpasswd -sa cilly - /run/current-system/sw/bin/printf "$(/run/current-system/sw/bin/cat ${config.age.secrets.passwd_kujira.path})\n$(/run/current-system/sw/bin/cat ${config.age.secrets.passwd_kujira.path})\n" | /run/current-system/sw/bin/smbpasswd -sa kujira + /run/current-system/sw/bin/printf "$(/run/current-system/sw/bin/cat ${config.age.secrets.passwd_smbkujira.path})\n$(/run/current-system/sw/bin/cat ${config.age.secrets.passwd_smbkujira.path})\n" | /run/current-system/sw/bin/smbpasswd -sa kujira ''; }; diff --git a/secrets.nix b/secrets.nix index d2dbc82..ec20648 100644 --- a/secrets.nix +++ b/secrets.nix @@ -8,6 +8,8 @@ let rin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPru5eTBvHJ4ZmrrzPRHCGM09wQP/ZHSaKYalDuBVO15"; in { "secrets/passwd.age".publicKeys = [ anemone blossom rin ]; + "secrets/passwd_smbcilly.age".publicKeys = [ alyssum rin ]; + "secrets/passwd_smbkujira.age".publicKeys = [ alyssum rin ]; "secrets/wpa_conf.age".publicKeys = [ alyssum blossom rin ]; "secrets/acme_dns.age".publicKeys = [ alyssum dandelion hazel rin ]; diff --git a/secrets/passwd_smbcilly.age b/secrets/passwd_smbcilly.age new file mode 100644 index 0000000..41ad172 --- /dev/null +++ b/secrets/passwd_smbcilly.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 kOMSPw CQaXT9/nw3NGD2/H/ctSQGXIoacgjfKQ24wkpEieLSQ +i4xEXgWGQ7xgQyaDQQIeDuiCLjA6Le23qSnv8C1cbcI +-> ssh-ed25519 U9FXlg GL4dCSCku/FA6ipb9XI1AxO4lhm2r/1lRAeqaGrB32o ++pPgqwnoPi3wJLobTimVMj0rng+XRapRG6jTYFXSsDM +--- eVgn3ON19pqq+L832bqlbkHUQXdaTI+LfSL4bYfEdew +*l\W!J7E/"f@%\[j8fӶ \ No newline at end of file diff --git a/secrets/passwd_smbkujira.age b/secrets/passwd_smbkujira.age new file mode 100644 index 0000000..71b6bb8 --- /dev/null +++ b/secrets/passwd_smbkujira.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 kOMSPw Kn+LPMoyOrVwI/nrGgnxgVA3D+tVY9Tccg/Yx/jL+E8 +IfWiSBh7KgNvgcHlcDzfdcB9nxm1zy12Ae7AGm39fdE +-> ssh-ed25519 U9FXlg 6eIIGEIYDo02FBsgBnwbuOeR8t4xB6jSmLfIL73UCDg +QOc0ddunQQcVEVD20DKKpn3wZWUSveFJSUTBnv+xnNk +--- MjN2i0FNzbUpBGUDNgWGXrRsYl2gtsQX+JlzZV/fYdw +T <R#d Ć̎lLkN8c_N)T \ No newline at end of file From c782bd5e5398534f81214e3bced2aa73e08e10b6 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 17 Jun 2026 18:23:10 +1000 Subject: [PATCH 347/363] hosts/alyssum: add passwd age --- hosts/alyssum/default.nix | 1 + secrets.nix | 2 +- secrets/passwd.age | Bin 531 -> 641 bytes 3 files changed, 2 insertions(+), 1 deletion(-) diff --git a/hosts/alyssum/default.nix b/hosts/alyssum/default.nix index d471011..a2eb166 100644 --- a/hosts/alyssum/default.nix +++ b/hosts/alyssum/default.nix @@ -5,6 +5,7 @@ age.secrets = { acme_dns.file = ../../secrets/acme_dns.age; + passwd.file = ../../secrets/passwd.age; wpa_conf = { file = ../../secrets/wpa_conf.age; path = "/etc/wpa_supplicant/imperative.conf"; diff --git a/secrets.nix b/secrets.nix index ec20648..bec70ef 100644 --- a/secrets.nix +++ b/secrets.nix @@ -7,7 +7,7 @@ let rin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPru5eTBvHJ4ZmrrzPRHCGM09wQP/ZHSaKYalDuBVO15"; in { - "secrets/passwd.age".publicKeys = [ anemone blossom rin ]; + "secrets/passwd.age".publicKeys = [ alyssum anemone blossom rin ]; "secrets/passwd_smbcilly.age".publicKeys = [ alyssum rin ]; "secrets/passwd_smbkujira.age".publicKeys = [ alyssum rin ]; "secrets/wpa_conf.age".publicKeys = [ alyssum blossom rin ]; diff --git a/secrets/passwd.age b/secrets/passwd.age index 64ec8611ddf1a1d3f837caf32b53d5843f7b6e07..05ad90670240bfe01391eb8392cd02ad35d1c5bd 100644 GIT binary patch delta 596 zcmbQt(#SeNwLaV5H#neNp(s2%!q_7?$j7C~J=oCKE5oy-BsrwWr64rBz`L|8y{an9 zBFsIqJm0{8D>c(3I5)q`JxHv;MHO0u()X-8PKch0Z#8DyB*uU7sB+Dr%qdv>Az{ywJ$H~awsl?ATEYZ}- zBq+}^uh=leG%DSrIIEm1IU~@_EZfLm-?Yp-P~XEi)LTEepwcm{(l;|J)vYQZF*m9x zwA9fk-OUx93pU|@G%n*z02+xqv4C6e*?2M97@1TsTVAr(597AoN#E=5_%7_xz zi66!5J)J#+EP_p{d>vCFGLt>bjXbKnQd0xd($cd0LNdyNU9#PiEz`1tyaNNda*B*A zTrb|^HnZYzWY=cufpN-;@7gMf=O#Hn1hI;KPb=lf^lIPl6HZS=2L%5*v`cv-> YJkH)xEW9(@zeyiIH`!pOX{Em>0JK!tjsO4v delta 466 zcmZok^FqSVba!Z-*7L(g6wo-1M{@Z+(1XJlyqb7 zC~r^0#MI365OWKE9}mkM^YUg2CC+YMPLZVn zmM&3=UdH9x#W}ui8Low<-e!R*kxo&L1}Q$;fx(uhk3$ZDUR4EYCYcqMr3R5)y1Kdweg%1!i558-K1JHW+FmBw<%#8y zegP(CCdr9;CN6%V`N`(>N#@}Jt|g%+To*((7~f_+q00A8b`fLhp}Xt*if!Dl#T{c2 zE_hU5lHW2pfMsudL!P8U<-)y>#9xJKr5oAp;QEw$;d8I0!J~UpO?>m(ioP9UQxcqb zdDVFa?#j+-DXlZDYLD)8&D4Iu%zD>h!HX%(zs|p!7N2uW{HitM>x2#5(|Mgg3b4ye MK7Ppl$Cj<;0P3%*4gdfE From 509684d0bd094bd96fcef03ceacba6be33446a63 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 17 Jun 2026 18:28:39 +1000 Subject: [PATCH 348/363] alyssum/samba: use proper smbpasswd path --- hosts/alyssum/samba.nix | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/hosts/alyssum/samba.nix b/hosts/alyssum/samba.nix index 6be8e09..ba89a00 100644 --- a/hosts/alyssum/samba.nix +++ b/hosts/alyssum/samba.nix @@ -13,10 +13,12 @@ isNormalUser = true; }; system.activationScripts = { - init_smbpasswd.text = '' - /run/current-system/sw/bin/printf "$(/run/current-system/sw/bin/cat ${config.age.secrets.passwd_smbcilly.path})\n$(/run/current-system/sw/bin/cat ${config.age.secrets.passwd_smbcilly.path})\n" | /run/current-system/sw/bin/smbpasswd -sa cilly + init_smbpasswd.text = let + smbpasswd = "${config.services.samba.package}/bin/smbpasswd"; + in '' + printf "$(cat ${config.age.secrets.passwd_smbcilly.path})\n$(cat ${config.age.secrets.passwd_smbcilly.path})\n" | ${smbpasswd} -sa cilly - /run/current-system/sw/bin/printf "$(/run/current-system/sw/bin/cat ${config.age.secrets.passwd_smbkujira.path})\n$(/run/current-system/sw/bin/cat ${config.age.secrets.passwd_smbkujira.path})\n" | /run/current-system/sw/bin/smbpasswd -sa kujira + printf "$(cat ${config.age.secrets.passwd_smbkujira.path})\n$(cat ${config.age.secrets.passwd_smbkujira.path})\n" | ${smbpasswd} -sa kujira ''; }; From 4bb20124a791bdce70acdd4bdcfe1a2eb4acacb6 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 17 Jun 2026 18:34:34 +1000 Subject: [PATCH 349/363] alyssum/samba: use full package for discovery --- hosts/alyssum/samba.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/hosts/alyssum/samba.nix b/hosts/alyssum/samba.nix index ba89a00..708286a 100644 --- a/hosts/alyssum/samba.nix +++ b/hosts/alyssum/samba.nix @@ -1,4 +1,4 @@ -{ config, ... }: { +{ config, pkgs, ... }: { networking.firewall.allowPing = true; age.secrets.passwd_smbcilly.file = ../../secrets/passwd_smbcilly.age; @@ -24,9 +24,11 @@ services.samba = { enable = true; + package = pkgs.samba4Full; openFirewall = true; settings = { global = { + "server smb encrypt" = "required"; "workgroup" = "WORKGROUP"; "server string" = "smbnix"; "netbios name" = "smbnix"; From 024a6bdbe2f56232d63c2f62b20bf509b65f7fb0 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 17 Jun 2026 18:47:15 +1000 Subject: [PATCH 350/363] alyssum/samba: relax hosts --- hosts/alyssum/samba.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/alyssum/samba.nix b/hosts/alyssum/samba.nix index 708286a..1a32e38 100644 --- a/hosts/alyssum/samba.nix +++ b/hosts/alyssum/samba.nix @@ -33,7 +33,7 @@ "server string" = "smbnix"; "netbios name" = "smbnix"; "security" = "user"; - "hosts allow" = "100.67.2.1 127.0.0.1 localhost"; + "hosts allow" = "100.64.0.0/10 127.0.0.1 alyssum localhost"; "hosts deny" = "0.0.0.0/0"; "guest account" = "nobody"; "map to guest" = "bad user"; From 8157d0d5617bb0780f46c3e0aa1c97e8c9447488 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 17 Jun 2026 19:49:10 +1000 Subject: [PATCH 351/363] alyssum/home.syncthing: init --- hosts/alyssum/default.nix | 1 + hosts/alyssum/home.syncthing.nix | 16 ++++++++++++++++ 2 files changed, 17 insertions(+) create mode 100644 hosts/alyssum/home.syncthing.nix diff --git a/hosts/alyssum/default.nix b/hosts/alyssum/default.nix index a2eb166..661e3d5 100644 --- a/hosts/alyssum/default.nix +++ b/hosts/alyssum/default.nix @@ -32,6 +32,7 @@ ./filesystem.nix ./kernel.nix ./networking.nix + ./home.syncthing.nix ./samba.nix ../../users/hana diff --git a/hosts/alyssum/home.syncthing.nix b/hosts/alyssum/home.syncthing.nix new file mode 100644 index 0000000..3335625 --- /dev/null +++ b/hosts/alyssum/home.syncthing.nix @@ -0,0 +1,16 @@ +{ config, ... }: { + me.binds."/home/kujira/.config/syncthing" = "kujira/syncthing/config"; + me.binds."/home/kujira/.local/state/syncthing" = "kujira/syncthing/state"; + + users.users.kujira = { + hashedPasswordFile = config.age.secrets.passwd.path; + isNormalUser = true; + linger = true; + }; + home-manager.users.kujira = { ... }: { + services.syncthing = { + enable = true; + guiAddress = ":8385"; + }; + }; +} From 9a821fda94f380a741a25e77760571a6aa77761f Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 17 Jun 2026 19:50:02 +1000 Subject: [PATCH 352/363] alyssum/home.syncthing: fixup hm config --- hosts/alyssum/home.syncthing.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/hosts/alyssum/home.syncthing.nix b/hosts/alyssum/home.syncthing.nix index 3335625..5895716 100644 --- a/hosts/alyssum/home.syncthing.nix +++ b/hosts/alyssum/home.syncthing.nix @@ -8,6 +8,11 @@ linger = true; }; home-manager.users.kujira = { ... }: { + home = { + username = "kujira"; + homeDirectory = "/home/kujira"; + stateVersion = "26.05"; + }; services.syncthing = { enable = true; guiAddress = ":8385"; From 63d9d6b0044edd9a520aedbe1ab25dc9e9ec0b2e Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 17 Jun 2026 19:58:03 +1000 Subject: [PATCH 353/363] alyssum/home.syncthing: add host to gui address --- hosts/alyssum/home.syncthing.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/alyssum/home.syncthing.nix b/hosts/alyssum/home.syncthing.nix index 5895716..929436b 100644 --- a/hosts/alyssum/home.syncthing.nix +++ b/hosts/alyssum/home.syncthing.nix @@ -15,7 +15,7 @@ }; services.syncthing = { enable = true; - guiAddress = ":8385"; + guiAddress = "[::]:8385"; }; }; } From bc3269a814934ccd8dfa95462735125cdc5d5762 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 17 Jun 2026 20:29:22 +1000 Subject: [PATCH 354/363] alyssum/home.syncthing: create another instance --- hosts/alyssum/home.syncthing.nix | 40 ++++++++++++++++++-------------- 1 file changed, 23 insertions(+), 17 deletions(-) diff --git a/hosts/alyssum/home.syncthing.nix b/hosts/alyssum/home.syncthing.nix index 929436b..1e20f97 100644 --- a/hosts/alyssum/home.syncthing.nix +++ b/hosts/alyssum/home.syncthing.nix @@ -1,21 +1,27 @@ -{ config, ... }: { - me.binds."/home/kujira/.config/syncthing" = "kujira/syncthing/config"; - me.binds."/home/kujira/.local/state/syncthing" = "kujira/syncthing/state"; +{ config, lib, ... }: +let + configOn = user: port: { + me.binds."/home/${user}/.config/syncthing" = "${user}/syncthing/config"; + me.binds."/home/${user}/.local/state/syncthing" = "${user}/syncthing/state"; - users.users.kujira = { - hashedPasswordFile = config.age.secrets.passwd.path; - isNormalUser = true; - linger = true; - }; - home-manager.users.kujira = { ... }: { - home = { - username = "kujira"; - homeDirectory = "/home/kujira"; - stateVersion = "26.05"; + users.users.${user} = { + hashedPasswordFile = config.age.secrets.passwd.path; + isNormalUser = true; + linger = true; }; - services.syncthing = { - enable = true; - guiAddress = "[::]:8385"; + home-manager.users.${user} = { ... }: { + home = { + username = "${user}"; + homeDirectory = "/home/${user}"; + stateVersion = "26.05"; + }; + services.syncthing = { + enable = true; + guiAddress = "[::]:${toString port}"; + }; }; }; -} +in lib.mkMerge [ + (configOn "kujira" 8385) + (configOn "cilly" 8386) +] From 5c13051b4b291967d070e3d41dae2801bab17819 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 17 Jun 2026 21:05:38 +1000 Subject: [PATCH 355/363] alyssum/samba: bind some directories --- hosts/alyssum/samba.nix | 159 +++++++++++++++++++--------------------- modules/binds.nix | 8 +- 2 files changed, 83 insertions(+), 84 deletions(-) diff --git a/hosts/alyssum/samba.nix b/hosts/alyssum/samba.nix index 1a32e38..f14365b 100644 --- a/hosts/alyssum/samba.nix +++ b/hosts/alyssum/samba.nix @@ -1,88 +1,83 @@ -{ config, pkgs, ... }: { - networking.firewall.allowPing = true; +{ config, lib, pkgs, ... }: +let + configOn = user: let + passwd_fname = "passwd_smb${user}"; + in { + age.secrets.${passwd_fname}.file = ../../secrets/${passwd_fname}.age; + me.binds."/flower/smb/${user}/syncthing" = "/flower/syncthing/${user}"; - age.secrets.passwd_smbcilly.file = ../../secrets/passwd_smbcilly.age; - age.secrets.passwd_smbkujira.file = ../../secrets/passwd_smbkujira.age; + users.users.${user} = { + hashedPasswordFile = config.age.secrets.passwd.path; + isNormalUser = true; + }; - users.users.cilly = { - hashedPasswordFile = config.age.secrets.passwd.path; - isNormalUser = true; - }; - users.users.kujira = { - hashedPasswordFile = config.age.secrets.passwd.path; - isNormalUser = true; - }; - system.activationScripts = { - init_smbpasswd.text = let - smbpasswd = "${config.services.samba.package}/bin/smbpasswd"; - in '' - printf "$(cat ${config.age.secrets.passwd_smbcilly.path})\n$(cat ${config.age.secrets.passwd_smbcilly.path})\n" | ${smbpasswd} -sa cilly - - printf "$(cat ${config.age.secrets.passwd_smbkujira.path})\n$(cat ${config.age.secrets.passwd_smbkujira.path})\n" | ${smbpasswd} -sa kujira - ''; - }; - - services.samba = { - enable = true; - package = pkgs.samba4Full; - openFirewall = true; - settings = { - global = { - "server smb encrypt" = "required"; - "workgroup" = "WORKGROUP"; - "server string" = "smbnix"; - "netbios name" = "smbnix"; - "security" = "user"; - "hosts allow" = "100.64.0.0/10 127.0.0.1 alyssum localhost"; - "hosts deny" = "0.0.0.0/0"; - "guest account" = "nobody"; - "map to guest" = "bad user"; - }; - "public" = { - "path" = "/flower/smb/public"; - "browseable" = "yes"; - "read only" = "no"; - "guest ok" = "yes"; - "create mask" = "0644"; - "directory mask" = "0755"; - "force user" = "hana"; - "force group" = "users"; - }; - "cilly" = { - "path" = "/flower/smb/cilly"; - "browseable" = "yes"; - "read only" = "no"; - "guest ok" = "no"; - "create mask" = "0644"; - "directory mask" = "0755"; - "force user" = "cilly"; - "force group" = "users"; - "valid users" = "cilly"; - }; - "kujira" = { - "path" = "/flower/smb/kujira"; - "browseable" = "yes"; - "read only" = "no"; - "guest ok" = "no"; - "create mask" = "0644"; - "directory mask" = "0755"; - "force user" = "kujira"; - "force group" = "users"; - "valid users" = "kujira"; - }; + system.activationScripts = { + init_smbpasswd.text = let + smbpasswd = "${config.services.samba.package}/bin/smbpasswd"; + in '' + printf "$(cat ${config.age.secrets.${passwd_fname}.path})\n$(cat ${config.age.secrets.${passwd_fname}.path})\n" | ${smbpasswd} -sa ${user} + ''; + }; + services.samba.settings."${user}" = { + "path" = "/flower/smb/${user}"; + "browseable" = "yes"; + "read only" = "no"; + "guest ok" = "no"; + "create mask" = "0644"; + "directory mask" = "0755"; + "force user" = user; + "force group" = "users"; + "valid users" = user; }; }; +in lib.mkMerge [ + (configOn "cilly") + (configOn "kujira") + { + me.binds."/flower/smb/kujira/opencloud" = "/flower/opencloud/data/storage/users/users/a8e29fc0-673c-4c67-be00-2442904acb43"; - services.samba-wsdd = { - enable = true; - openFirewall = true; - }; + networking.firewall.allowPing = true; - services.avahi = { - enable = true; - openFirewall = true; - nssmdns4 = true; - publish.enable = true; - publish.userServices = true; - }; -} + services.samba = { + enable = true; + package = pkgs.samba4Full; + openFirewall = true; + settings = { + global = { + "server smb encrypt" = "required"; + "workgroup" = "WORKGROUP"; + "server string" = "smbnix"; + "netbios name" = "smbnix"; + "security" = "user"; + "hosts allow" = "100.64.0.0/10 127.0.0.1 alyssum localhost"; + "hosts deny" = "0.0.0.0/0"; + "guest account" = "nobody"; + "map to guest" = "bad user"; + }; + "public" = { + "path" = "/flower/smb/public"; + "browseable" = "yes"; + "read only" = "no"; + "guest ok" = "yes"; + "create mask" = "0644"; + "directory mask" = "0755"; + "force user" = "hana"; + "force group" = "users"; + }; + }; + }; + + services.samba-wsdd = { + enable = true; + openFirewall = true; + }; + + services.avahi = { + enable = true; + openFirewall = true; + nssmdns4 = true; + publish.enable = true; + publish.userServices = true; + }; + } +] diff --git a/modules/binds.nix b/modules/binds.nix index 9c7d4ad..c9ffe18 100644 --- a/modules/binds.nix +++ b/modules/binds.nix @@ -1,8 +1,12 @@ { config, lib, ...}: { imports = [ ./options.nix ]; - fileSystems = lib.mapAttrs (dest: key: { + fileSystems = lib.mapAttrs (dest: key: let + target = if (lib.strings.hasPrefix "/" key) + then key + else "/persist/binds/${key}"; + in { depends = [ "/persist" ]; - device = "/persist/binds/${key}"; + device = target; fsType = "none"; options = [ "bind" ]; }) config.me.binds; From 907f2cabcadb6223c28fc6960b542f60bbadc860 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 17 Jun 2026 21:14:47 +1000 Subject: [PATCH 356/363] alyssum/home.syncthing: set proper defaults --- hosts/alyssum/home.syncthing.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/hosts/alyssum/home.syncthing.nix b/hosts/alyssum/home.syncthing.nix index 1e20f97..33545fe 100644 --- a/hosts/alyssum/home.syncthing.nix +++ b/hosts/alyssum/home.syncthing.nix @@ -4,6 +4,8 @@ let me.binds."/home/${user}/.config/syncthing" = "${user}/syncthing/config"; me.binds."/home/${user}/.local/state/syncthing" = "${user}/syncthing/state"; + systemd.tmpfiles.rules = [ "d /flower/syncthing/${user} 700 ${user} users" ]; + users.users.${user} = { hashedPasswordFile = config.age.secrets.passwd.path; isNormalUser = true; @@ -18,6 +20,12 @@ let services.syncthing = { enable = true; guiAddress = "[::]:${toString port}"; + options.listenAddresses = [ + "tcp://0.0.0.0:2${toString port}" + "quic://0.0.0.0:2${toString port}" + "dynamic+https://relays.syncthing.net/endpoint" + ]; + settings.defaults.folder.path = "/flower/syncthing/${user}"; }; }; }; From 6c80606b7ea743fca6ec146ab30cfb378d395d09 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 17 Jun 2026 21:15:22 +1000 Subject: [PATCH 357/363] alyssum/home.syncthing: fixup conf --- hosts/alyssum/home.syncthing.nix | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/hosts/alyssum/home.syncthing.nix b/hosts/alyssum/home.syncthing.nix index 33545fe..4408fb7 100644 --- a/hosts/alyssum/home.syncthing.nix +++ b/hosts/alyssum/home.syncthing.nix @@ -20,12 +20,14 @@ let services.syncthing = { enable = true; guiAddress = "[::]:${toString port}"; - options.listenAddresses = [ - "tcp://0.0.0.0:2${toString port}" - "quic://0.0.0.0:2${toString port}" - "dynamic+https://relays.syncthing.net/endpoint" - ]; - settings.defaults.folder.path = "/flower/syncthing/${user}"; + settings = { + options.listenAddresses = [ + "tcp://0.0.0.0:2${toString port}" + "quic://0.0.0.0:2${toString port}" + "dynamic+https://relays.syncthing.net/endpoint" + ]; + defaults.folder.path = "/flower/syncthing/${user}"; + }; }; }; }; From 21dc584199e72285d0ec07083f604b439aa41b34 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Wed, 17 Jun 2026 21:22:03 +1000 Subject: [PATCH 358/363] alyssum/home.syncthing: don't override devices and folders --- hosts/alyssum/home.syncthing.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/alyssum/home.syncthing.nix b/hosts/alyssum/home.syncthing.nix index 4408fb7..8d5a1cc 100644 --- a/hosts/alyssum/home.syncthing.nix +++ b/hosts/alyssum/home.syncthing.nix @@ -20,6 +20,8 @@ let services.syncthing = { enable = true; guiAddress = "[::]:${toString port}"; + overrideDevices = false; + overrideFolders = false; settings = { options.listenAddresses = [ "tcp://0.0.0.0:2${toString port}" From 4dfc89814003566d4fb55dbd84b29c4427b254b0 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Fri, 19 Jun 2026 07:36:13 +1000 Subject: [PATCH 359/363] user/neovim: switch to nixd --- modules/system/nix.nix | 3 ++- modules/user/neovim.nix | 7 ++++--- res/config.lua | 28 +++++++++++++++++++++++++++- users/rin/packages.nix | 1 - 4 files changed, 33 insertions(+), 6 deletions(-) diff --git a/modules/system/nix.nix b/modules/system/nix.nix index 6a6fd04..eb14f73 100644 --- a/modules/system/nix.nix +++ b/modules/system/nix.nix @@ -1,5 +1,6 @@ -{ config, lib, pkgs, ... }: { +{ config, inputs, pkgs, ... }: { nix = { + nixPath = [ "nixpkgs=${inputs.nixpkgs}" ]; package = pkgs.nixVersions.latest; settings = rec { diff --git a/modules/user/neovim.nix b/modules/user/neovim.nix index d691c61..2b8d4c1 100644 --- a/modules/user/neovim.nix +++ b/modules/user/neovim.nix @@ -1,9 +1,9 @@ -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, sysConfig, ... }: let luaconf = pkgs.writeText "config.lua" (lib.replaceStrings - ["{{OMNISHARP_PATH}}" "{{DART_PATH}}" "{{CATPPUCCIN_FLAVOUR}}"] - ["${pkgs.omnisharp-roslyn}/bin/OmniSharp" "${pkgs.dart}/bin/dart" config.catppuccin.nvim.flavor] + ["{{OMNISHARP_PATH}}" "{{DART_PATH}}" "{{CATPPUCCIN_FLAVOUR}}" "{{USERNAME}}" "{{HOSTNAME}}"] + ["${pkgs.omnisharp-roslyn}/bin/OmniSharp" "${pkgs.dart}/bin/dart" config.catppuccin.nvim.flavor config.home.username sysConfig.networking.hostName] (builtins.readFile ../../res/config.lua)); in { systemd.user.tmpfiles.rules = [ @@ -21,6 +21,7 @@ in { withRuby = false; extraPackages = with pkgs; [ + nixd rust-analyzer texlab astro-language-server diff --git a/res/config.lua b/res/config.lua index 3e91e28..c0b5dad 100644 --- a/res/config.lua +++ b/res/config.lua @@ -167,7 +167,7 @@ vim.diagnostic.config({ capabilities = require('cmp_nvim_lsp').default_capabilities(capabilities) -local servers = { 'astro', 'clangd', 'cssls', 'html', 'nil_ls', 'tailwindcss', 'texlab', 'ts_ls', 'yamlls' } +local servers = { 'astro', 'clangd', 'cssls', 'html', 'tailwindcss', 'texlab', 'ts_ls', 'yamlls' } for _, lsp in ipairs(servers) do vim.lsp.config(lsp, { capabilities = capabilities, @@ -292,6 +292,32 @@ vim.lsp.config("diagnosticls", { }) vim.lsp.enable("diagnosticls") +-- LSP/nixd +vim.lsp.config("nixd", { + cmd = { "nixd" }, + filetypes = { "nix" }, + root_markers = { "flake.nix", ".git" }, + settings = { + nixd = { + nixpkgs = { + expr = "import { }", + }, + formatting = { + command = { "nixfmt" }, + }, + options = { + nixos = { + expr = '(builtins.getFlake (toString ./.)).nixosConfigurations.{{HOSTNAME}}.options', + }, + home_manager = { + expr = '(builtins.getFlake (builtins.toString ./.)).nixosConfigurations."{{USERNAME}}@{{HOSTNAME}}".options.home-manager.users.type.getSubOptions []', + }, + }, + }, + }, +}) +vim.lsp.enable("nixd") + -- LSP/Signatures require("lsp_signature").setup { hint_enable = false, diff --git a/users/rin/packages.nix b/users/rin/packages.nix index afc711b..3fe0129 100644 --- a/users/rin/packages.nix +++ b/users/rin/packages.nix @@ -15,7 +15,6 @@ in { ffmpeg gnupg kitty - nil nodejs_latest pamixer pnpm From e1c02d7a91eb1b6c4c25c243fcc861de6611ce39 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Fri, 19 Jun 2026 08:01:17 +1000 Subject: [PATCH 360/363] containers/emerald: move to alyssum --- containers/emerald/flake.nix | 12 +++--------- hosts/alyssum/default.nix | 2 ++ hosts/dandelion/default.nix | 3 +-- hosts/dandelion/nginx.nix | 8 ++++++++ secrets.nix | 2 +- secrets/navidrome_env.age | Bin 630 -> 630 bytes 6 files changed, 15 insertions(+), 12 deletions(-) create mode 100644 hosts/dandelion/nginx.nix diff --git a/containers/emerald/flake.nix b/containers/emerald/flake.nix index 9c9acdc..7e79b23 100644 --- a/containers/emerald/flake.nix +++ b/containers/emerald/flake.nix @@ -9,11 +9,11 @@ shareFqdn = "muse.lava.moe"; subnetId = "5"; - subnet = x: "fd0d:1::${subnetId}:${toString x}"; + subnet = x: "fd0d:2::${subnetId}:${toString x}"; host = subnet 1; client = subnet 2; - subnet4 = x: "10.30.${subnetId}.${toString x}"; + subnet4 = x: "10.32.${subnetId}.${toString x}"; host4 = subnet4 1; client4 = subnet4 2; @@ -39,13 +39,7 @@ useACMEHost = "lava.moe"; forceSSL = true; locations."/".proxyPass = "http://[${client}]:4533"; - listenAddresses = [ "10.0.0.1" "[fd0d::1]" "100.67.1.1" ]; - }; - services.nginx.virtualHosts."${shareFqdn}" = { - useACMEHost = "lava.moe"; - forceSSL = true; - locations."/".return = "404"; - locations."/share/".proxyPass = "http://[${client}]:4533"; + listenAddresses = [ "100.67.2.1" ]; }; systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ]; diff --git a/hosts/alyssum/default.nix b/hosts/alyssum/default.nix index 661e3d5..06c415f 100644 --- a/hosts/alyssum/default.nix +++ b/hosts/alyssum/default.nix @@ -6,6 +6,7 @@ age.secrets = { acme_dns.file = ../../secrets/acme_dns.age; passwd.file = ../../secrets/passwd.age; + navidrome_env.file = ../../secrets/navidrome_env.age; wpa_conf = { file = ../../secrets/wpa_conf.age; path = "/etc/wpa_supplicant/imperative.conf"; @@ -27,6 +28,7 @@ modules.services.nginx modules.services.syncthing + inputs.c-emerald.nixosModule inputs.c-garnet.nixosModule ./filesystem.nix diff --git a/hosts/dandelion/default.nix b/hosts/dandelion/default.nix index 33b6eec..f65dfd1 100644 --- a/hosts/dandelion/default.nix +++ b/hosts/dandelion/default.nix @@ -5,7 +5,6 @@ age.secrets = { acme_dns.file = ../../secrets/acme_dns.age; - navidrome_env.file = ../../secrets/navidrome_env.age; slskd_env.file = ../../secrets/slskd_env.age; wg_dandelion.file = ../../secrets/wg_dandelion.age; }; @@ -31,12 +30,12 @@ inputs.c-beryllium.nixosModule inputs.c-citrine.nixosModule inputs.c-diamond.nixosModule - inputs.c-emerald.nixosModule inputs.c-fluorite.nixosModule ./filesystem.nix ./kernel.nix ./networking.nix + ./nginx.nix ../../users/hana ]; diff --git a/hosts/dandelion/nginx.nix b/hosts/dandelion/nginx.nix new file mode 100644 index 0000000..c29de38 --- /dev/null +++ b/hosts/dandelion/nginx.nix @@ -0,0 +1,8 @@ +{ ... }: { + services.nginx.virtualHosts."muse.lava.moe" = { + useACMEHost = "lava.moe"; + forceSSL = true; + locations."/".return = "404"; + locations."/share/".proxyPass = "http://[fd0d:2::5:2]:4533"; + }; +} diff --git a/secrets.nix b/secrets.nix index bec70ef..b1f55e5 100644 --- a/secrets.nix +++ b/secrets.nix @@ -13,7 +13,7 @@ in { "secrets/wpa_conf.age".publicKeys = [ alyssum blossom rin ]; "secrets/acme_dns.age".publicKeys = [ alyssum dandelion hazel rin ]; - "secrets/navidrome_env.age".publicKeys = [ anemone dandelion rin ]; + "secrets/navidrome_env.age".publicKeys = [ alyssum dandelion rin ]; "secrets/slskd_env.age".publicKeys = [ anemone dandelion rin ]; "secrets/tailscale_auth.age".publicKeys = [ alyssum anemone blossom dandelion rin ]; "secrets/warden_admin.age".publicKeys = [ rin ]; diff --git a/secrets/navidrome_env.age b/secrets/navidrome_env.age index 6cb705c5d12523d7e403ecd2736ad062cc9756fe..7df364f2e273e47d57332c4379af715fc8a5212e 100644 GIT binary patch delta 584 zcmeyy@{MJJYJIl9Z*V}lLa~0SOIE(8PgRsjZmNfANJe2wPNjZ9K&nwvh`)KUw?}|y zah|!8zGG!ES3tUPYCwulX0BsVR8p0bmsfUvPO5&2S!h;hVwzuKWp+uHcVUTTdSRIf zm#&>cadC!jYKoDmsiCDpQjl9=YM_FCWl?sip<%gqwy#lonvqFjKvu9*l%cm%RD_Rz zPH>2SdRe%kae7vjv#~E%MTm2_M@pe-SdoEInPr7bzH3yWbF#aSXG&I7h-I;nrF%|F zewC4Ve!0QKkK*+n8Nr2a7A`?m`eorJM!{*uCTWH4zMkn>mQe-CroO3>ei?;@#Z~5M zPT5>0o>h*aL4~FUMUjSP2Kt4LRrw~C$+;O}=K96i8Rh}*z7`plg`Sq-?yg+Ay1EL9 z!TyHDId0x**{;q$X6{A#7A9%FnJ!TVfj&NdN&ZD?nSS-D>3-hk*~Q6ROqpWpMWV|d z&c4vI?M;r-tE{--Z%Xm=Lj$CDFLGWutD?BcP;&a@f0uoCZ!2GWs`sk3vUqjk;%iK` z+P^Q@zJ8i|WunSt<>I|nf4nn)t!g;n)&0q3m!$nYJ2|(F-vj?sG`WCg#Y;CB32Co4)>MRlf4+kK9tCZCbg>R9kL#Qr5a2&Gw+g7Uxv}q{-wD delta 584 zcmeyy@{MJJYJGl2WpIh3LZG*ASzdXWbADmIYe+zTa7bu&lwWarXh?RTdtpFIpi5Ga zyPJ7%nzx51S5k3cm}RK1et2$DNMw0dR$)$*x3h7Un^R$UQdDSAUSv^ZScPSXPf21r zm#&>cadC!jYKoDmsiCDpQjl9=YM_E;sAqUkqNAfxg>QjNvU_A|X@<7Gt5c+>c4bM4 zVP%kMn1@q%X--9UnMWv>VWC@Qk!gx=Rk&+va#@acqN7(zu7QD1QK@@id8uh~a%ymf zk%fDBQl-VjkK*;YsoG@~9(kUn6<$f6F8(e~-jkrv?<`6gazg)WY{CGJK+mA>^Rd6~u*mEnP0+oFBUOCsE* z3bwpzlgKR$u9$3^^ZVfWqPNN?4)f&tr`cQQ=D&Xa?73?U-wn%@sp~tnL(+v$>}C*F zxA`xn%JX>ouLo-iPxHCPx(V+O*cJKu@s3=59#dX}h>yFj?Z5ZfGA|o$zklp6 zX|@|&xOuuKjLFleVCnh`Z_lSp+>)?)gVX#Q4P6t?pZWIe&UJ&$5F8pXE@ck*9i%4 Date: Fri, 19 Jun 2026 08:57:22 +1000 Subject: [PATCH 361/363] containers/emerald: change mounts --- containers/emerald/configuration.nix | 2 +- containers/emerald/flake.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/containers/emerald/configuration.nix b/containers/emerald/configuration.nix index f69a4c6..7f1f1fc 100644 --- a/containers/emerald/configuration.nix +++ b/containers/emerald/configuration.nix @@ -16,7 +16,7 @@ ShareURL = "https://${shareFqdn}"; EnableSharing = true; DataFolder = "/persist/navidrome"; - MusicFolder = "/binds/music"; + MusicFolder = "/binds/music/main"; }; }; } diff --git a/containers/emerald/flake.nix b/containers/emerald/flake.nix index 7e79b23..5ee69e4 100644 --- a/containers/emerald/flake.nix +++ b/containers/emerald/flake.nix @@ -62,7 +62,7 @@ isReadOnly = false; }; bindMounts."music" = { - hostPath = "/persist/media/music"; + hostPath = "/flower/media/music"; mountPoint = "/binds/music"; isReadOnly = true; }; From 004832fc066bc76a95cbb46d22e9833b5446dbff Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Fri, 19 Jun 2026 09:03:39 +1000 Subject: [PATCH 362/363] containers/emerald: bind music directory --- containers/emerald/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/containers/emerald/configuration.nix b/containers/emerald/configuration.nix index 7f1f1fc..421ddb0 100644 --- a/containers/emerald/configuration.nix +++ b/containers/emerald/configuration.nix @@ -19,4 +19,5 @@ MusicFolder = "/binds/music/main"; }; }; + systemd.services.navidrome.serviceConfig.BindReadOnlyPaths = ["/binds/music"]; } From c0004409d7aa14c8aacf166c7bf21b9cd5431135 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Fri, 19 Jun 2026 09:12:52 +1000 Subject: [PATCH 363/363] alyssum/samba: bind music --- hosts/alyssum/samba.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/alyssum/samba.nix b/hosts/alyssum/samba.nix index f14365b..d876981 100644 --- a/hosts/alyssum/samba.nix +++ b/hosts/alyssum/samba.nix @@ -4,6 +4,7 @@ let passwd_fname = "passwd_smb${user}"; in { age.secrets.${passwd_fname}.file = ../../secrets/${passwd_fname}.age; + me.binds."/flower/smb/${user}/music" = "/flower/media/music/${user}"; me.binds."/flower/smb/${user}/syncthing" = "/flower/syncthing/${user}"; users.users.${user} = {