From fd4e5435599b862d34b14b92592429cdd9fd5fc4 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sun, 26 Oct 2025 15:22:37 +0100 Subject: [PATCH 01/17] feat: adds `funkwhale` flake --- flake.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/flake.nix b/flake.nix index 793edef..e522734 100644 --- a/flake.nix +++ b/flake.nix @@ -17,6 +17,7 @@ sops-nix.url = "github:Mic92/sops-nix"; disko.url = "github:nix-community/disko/latest"; spicetify-nix.url = "github:Gerg-L/spicetify-nix"; + funkwhale.url = "github:mmai/funkwhale-flake"; }; outputs = From 0b3d3e8356399ce95fd164d021db3ffdf90fbd27 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sun, 26 Oct 2025 15:23:19 +0100 Subject: [PATCH 02/17] sops: update secrets --- secrets/violet/secrets.yaml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/secrets/violet/secrets.yaml b/secrets/violet/secrets.yaml index 57aabc9..6c30384 100644 --- a/secrets/violet/secrets.yaml +++ b/secrets/violet/secrets.yaml @@ -1,9 +1,11 @@ systemMailerPassword: ENC[AES256_GCM,data:b1fvCLZMiA9xDu/9BKQGnCTbwj46uixlo37qer66DK09U7CEB8ZBqe+Y+DqjcOJUHHHSo8Qk1XGvGQWypkGICxmxNP8KWvmY42Woh3677APvotUdjW5fVKTgB+Y1m/6/cvXKicJFjbw5LOzZ2/JcXP01KPSkRxWb/X4xzvawSMY=,iv:vbchTqHaH2PB9Mll/s8q4zLhN6ThAsCVvhoggOhj7H4=,tag:6b+TiV1YYHWOn0P9qJZ/bQ==,type:str] -forgejoWorkerSecret: ENC[AES256_GCM,data:kmUjukTJ9SP6nJvfhIMFVTu5vAc9TIfZidUgejC7FSNBDJiP/lVlHw==,iv:jF9LpWLxtBi5i5NCC5nkLeLqJQzOAIY7H1z2NfHqUQI=,tag:3mtTcn+LQEbCESlt34nf9g==,type:str] +forgejoWorkerSecret: ENC[AES256_GCM,data:AEWtWSjEPMbArrPYa6sTjiYp0GiePcTQ4gXKk1LP6UDK7auX1y7eOQ==,iv:TGEerZVCfL0TMka4/vBGb0ejhqxA5GbUpQIRbXnuCNs=,tag:IUKoyT9dmq65oWu/D7K1ag==,type:str] matrixRegistrationSecret: ENC[AES256_GCM,data:xDFYVpBJa+FHWjmLlZspJAzJcoav53nWPoctQ5+gAnDYMurtSCkmoQn8r5j6fOmiy56KQyk8AD2/kT1HeFFNKA==,iv:82eIoh1ePc0VxfTbBPxpwGhYrcdRMI6WjFhlUJhxuHk=,tag:FAYUXUy0lEQU56ni2dxvbg==,type:str] minioRootCredentials: ENC[AES256_GCM,data:/IrpspB6Puy+6scHheBSBp6zQVh8uwpu4nFPLSkueuohSUESPHbRb0w1XAp4V5HraMtOThFqlm0JeBW0XbhY4E8L1P+S3/aMLKjp2voA928l9AjF6sTaSKsO7qh6LEmo90qm9Jo0nDo=,iv:M5NOGfSsl+LggLyEjV49vcWCaYmbG0eJcgwI2v7AKcI=,tag:A+CrDTL+TkEayOqBUII4aQ==,type:str] smbLoginDetails: ENC[AES256_GCM,data:Puv+Vewv0TDpiYM+Uym180CLT+vXKoeSW/uNxAX7f9y0NvG2Uqqglj/HcCMhyQn9GpCIQyb+xidlLWn3Ywdg6ybaf4WN5EdAEXMK/FRQyVIvvOcCcwG+IeUc1Wc5NmM2qEbxLqLNDWxiH8/QsrT9rWWxxx4c4eD1HOpIv9LCuavXXLmKy6JvtxYwtOv4u8ukp+e0uP7pLN7d,iv:XH+6soi7lZiGz9ZGlQb49f44API715ib/Y7Zh3hFnDM=,tag:iz8RYRSwNxrMxy+rqeM07Q==,type:str] syncplay: ENC[AES256_GCM,data:Vrn1GmmUnIikiTKIQtP3qBfZIZRW2Za2Xhhegp7PAulujxumLGMAz9lBnTPBy3uofpayP8NJuU9v8cpU4a4w5A==,iv:s4RFaZwftqmI3BhpO1msvpfO2u3AGlPik7nMX2hjnyE=,tag:13zft7dmd85udoi7CnfWYg==,type:str] +atticdEnvironment: ENC[AES256_GCM,data:ddsrYQn49C5j+lkaTHVBZp2Q4yR6KMTeoYE8wdoBdjQz+7+d0FZTMQagDriNv0nIazNBS/5WrDJ2/L+BOieUuHUfGLLIMICgpo2zzbChTT4Ox63cH/Bkonx09jkAvKEZ9xW7o/L+OTwCsMH7wULFzEFvUdp3m339qk5GEGnjTqgWAiglQHLbaMtEQHnt6IJh1Q3g/h0g+faN2seHSijGzIMIMCBsk7yC54HmuyCl8BhmBNERmJ1s/4X/QXVpKy0pu7be+Ydby80LO8IPyl8+M3PR3DL+q+zOH0LWO55yuVGwAXS/H1ljVz8dThbVLWoTkudn9YB8l4dhXty0exDLyyhqe3dKaCbmN9whR6URfXP20Pn0eYlogXHNBNtdHO7Au9kVOE2m6XvaA1Q14FQqi/ZEQVhwNVTPlvmXGOp6yk7Qj/Z5W8XED1oq/Cx72TK75JQtYRKYVFaGWLB5J4EjaD7ypRURUQTK9+U0MMldXlscucsRIBQeKglgPyWvo9IZeqML6Zn815rVa/pv9Z/SJTgAruqJyJq7q8a6a6RR/m7hfHA0s3te2SvFbPiRYKpy70plCD/u+VxaXtMsmMBIV6iIdS4NjEjVm4OqpOg20KSv2Iq0oYa/UxnbgcGdp0c0zNUYM+POrnIYqosfobQFys3HxIfsD3TawofVJ+p3LFVfnmO83O+n3LbYNvuzBgkeR1rryY4pJBJkNbxPCCQUIhHtuibdI5I+yHwRzPTRvEiRok+vvfS//JKJ6BaUwzkS7ZnwXiU4QcvC4F3yR5d/ADF9MxPoezXuC5Oet9Tw1n2zRlJAs/heZXoE9GXAzrICjeAK1ZdkomJ3n8TnHYpfTPO6n3AnaJ+u0RFZJtbd20JWd1i+jcFQc1xMNkQXCzRL22WJHKQJnJiNGlqqn+V+8L5TkElaubrqzR0KHE9SE5RLzVDrFrAiTFd1/jOE82K/Vaeh0UyVZpNqJxhMV1wg6A3EKeOe/WRSbPOEoqxSjYUImyX6trX5zK5IgsGL0bk1BGMbDfrcOCRGd4qYZxvJ5JAJiWDjkRHrWK5q1peA5c7mEC/VEX02BZqxlHQap0+d4puheRqEEJBrLXgCbOGorxFeoUDQZvBMnMzCowGi3pAsgJRVUqyoB84CtH2joPZVBigjApRRspyEfNjUKUfuNtRXsLnunmqhTlZnCX2JvaDPzSTr/XgxOTJO/PQPACnLtZEL8xWUJV8iM10aUv93eKalro1c6hcAKrPrn/qJ9yawzG23GU6Gouro1PSnf0O9fuPuxw90hssKnGO99QTGMp8wv26OdeqD4iOsyyh/65bYMPwxfL2nS8/GWPvJ8ZyXGALrkkFWZ8PFEEUu29g3T12f7wPqie3RiKtczk1PLFABNErSSOuTySfEDYQJiUH1dKCijhoQztEb4TMqAS/nvPO8tVQgeWIQX6yZBchrLtJ2hM8ZG25TiOooVTXF9HW6G1MMsL/AAhfR/YJFM3aMV6Q1rYBDOf5dFE+U0cjHAl7rtJEEUyl+LxPp+FRO9MrCNsuRm2IsgbhrZ1fe95nUB2VM6vAhsaQbuLoxFUm1LcxuaGbAmbf/EFvwMQXFe1NeoVfBKJpOuBH/b+u8oBwmqGUI0dE8snwKYHtcwF2xD9H8WSkWmF3UtPa4vhtf3BOAPkKlTu0Ouy3QiTfQ6hRhpf4DA90MhwgltNO1Zc6pO3uIaqOK49zvMlb65kbZm14j/CvbRC7Y4h43xIauT/Xc4ynVJdRhYYrZi7tF6QrPNyJ7Xa7veHbxkKXStNH4Xs0vYRPopjctEZa1jOlePO5KCEvyBu3yi5TBtz1OtjI/rZfjG9X4240uKg1vrvBrKQLh1Z7UsPO9AT2NXPyxgxRWTLybiyAl8hoin+47Lwzo3HZLG07PeCCl0oQUpdGYuGPuE/aAwO92QqcQNk234IyehGFcZdthaXXSj5gRimh7W103awzENxop0SQ7HYAY76g29DVH0DDiCa4K8GqyC5ewvuLbbJw24ekK4RU/59pNfOqAD6p1RBJz9gd3lbw0KTcyzf1tbhzAZVK9szenNQESaI9eoGc/2U4rslcPWE8UnJ/sB8LDHnqDYNoAq2U1BW4MF7q9/ZJGD62FCQohNJ/rxQSih4w7mNvtkjW/4KIcXv5lFuSBmB1gkxJvPZTGXGzKfYUDS6juHYWK1MGnteRX5Ium9sScGpwjFV/6qbsiuhmW3rk84vzexX3QEOZcxATAg6mXifdG69dnwAo4U8rAPkMv69Y5okREzzJ79/Shf2JDbdgiY9hs3nBtY721ZcBn5RtAAdFtIci/OS8RZYjnqgrkTAspIigZ+Jj/zlSG4vc5hIrx82BCKYEKzyB8KvfnhgC8AxA//jgZkDTiKcLabvaUSh+9pjpavwGMf6sCswLgCcvmTFNaL3RRrEAL5l3UVKfZg+ZBv4Qr2VVyECvvhnL8+nGae5ujpM5r3M7b6CSRSP0X0bBZAVxTiv+/qkHSZlPivO9YrhnXeoYnwGQKvp/WdVmb9OH/02FDxqSNuLUhSEVb4oRjnmYFchHTIWiXzktOYX1eQV1RQ4v028PuD3h1LGgZ5AeYPvgdRXgdTcPWSwhiznbIUo1mU1dZtiJfpACdwTamtluFWtOU+/gyp0xoEFGKYS+HsFm2Zg5p/Jr7ioQMkNguI5al2XCR0Q0StN53NJYlGy8hudh6f9wHDk/ASEfOlYI20th2VhEk/zA1bdi2xmIYMGYfNN1Iz5MGrvWetEmEoQ4cwJ6AKJdqY1rYnvwybZTN4J24ckxoX2/XEiiRDo4K9X8pJYuCq1jCVO8jfOZ9Xoy+DbPDqLPDsTBWGBcKaSJAZQGgW/YKlM+Hrxpz789reKeMKNJYyHwkFb5/U2eBjzW5jbLZQ1g0VByNOrKHW3hHxezt1jaEageKPiq6kMlqtWK+NOH9OjCs9UJuCgo3WtskSvMrJj4b8IdkGKv2tiu+I6c1U8mGbfntjUHkkMjbN72HTdsADyNZA5TWaqbdaKTxHomWaOgBq7L8h0rCdzEpERO+zJhu5lLi2xP61O+9ZaVMzaDZGUin3Z7D7tUOklU+7NXil4IAD2ZLX+prPIOxrZ9uYACweUOPwWd5PKU9SH6z6tfwleOjLkbdqbxD882sFI73Y4aSxHA/PRBbhN9OnLcGK/VWDzGh/BZo9tSQ+wuQddkmJhKZBxk2bKhDSZVLCYbMyQazTz4Hu8ICtz8aRgvPwGmoMNhcxrtWOPDOCg7WroHzowjcIn3NWK/LAN4L2ENQwYN5zD9HWQR/+gx4yQabPXFZ5WunL5PYWoUcGkWOsCuLjj6H9nvgeKKHZLmY8gO+7+UcTDrzx8bSS0O5Ti6OL34dP3sNFehlI5YBNRnaYOctUT4gbgbZtgDaAxMhZgpP4mMLHfTXagfYpTqP0HG13u20m6LKwe2O9RSNQ6j4beNHhPvcOsKE4XCi1XBfggH+ERSiIdpIlvSp1V4JmcxPfIlCqrOZqk/v575h+RmJoML+r+mDi6VaW6IKNcFUzpVHQz4QGnMf3UzC+MstRquXCXNBN7QAOez5Z6uiDEjTS1U5hH5D6Gpxp8DZCTL4pThIQtzL4aAa5jNE77qrFfdMXbgGtRf3kAEae8mB6NAFoThkbxhL9BT//7w67M0N94nVLp8g3UzGl9ojH7wnxmj/HFXVXuBi9U+PtfMXFWlZmL0SG7ETfJNl5P60FBIfotLVy86hagVEL+ayA0IW+c9ButaLzzXML0z/dniou+vRMchQLbGuTWnFnoh+hhJDkTMVbKrEG5zCm3iHQsl9FTrVa0qfVC5KUalTsu2ueF5BQ3aQTZoWxmf8CeiztxNmLYinNXCxLn5HakmvkNxyt3LRYhiKga28ppP3N8MOLkuTvB+VXA/TA/K5KkJlycATdEFYEfSt/nGHRb2LVztOyVYC9mG6oS0N5dLjToVnpa6BA+Dr9iYT1zIYATgvk3syw7laeqsg88KdofaHUt4NjaPy6BL3r2T1RLQKSoWM9AGTrSQvoqkTjk42bTFWsOtv+3jRQNTj6OT4VDfjWEJ4/UcfzGtJLQsqz7vYm9YAKQOHVTuYG8cU3MZwRcTuCeE0pEcGOT/07ZjM7/y86s2p9f8QCfPr74HPNB6kHLa6tt47jl+wNcBraMSVILsTC2CwC1u8X39KrmyNAprZtPJWC6uzhpO+priWMn6VgdKV9F916FxnX0lg/C/t3/tM5pvsPOEdsp6rrWU6dWXVAniiDEaZmwxK+MRAmLyjZTXNolZ6j7eCW4jRO6s0dwa5FT6Vq8oFv8Gehb5musrVH5so7Ar/rZTDKWXfrUwESIJOcKF/wjBDrliqg4IYQma3dDig4SZOht5X81OzbkbBPG6/3QZGHpz4FhUJlrY3ynoxuMhXzPG5WScIv6our31InTuO7IF6Uh7uM14YldG6eCK5yaAzZrFnSjK0oR8Qcqt/otl5xQc3SqauodXweHiAq5m8VFy2Aqv4vayjAzQ9ce9hE2GCbubAjFY9RSqmaVyNGUrJlnJXCkKmaGWGkdWMn+qs2Y1xX10ffT5dIy9sMVvwLTX056T3uEJEdcAxEUG+Syr6m5nxpqaABVXPfn9oesyzVRh8vAWq2Y9YI4LHMMLg1BB1cg3LM2N8XZl7RdpF4jTf9c7QkzGv/E0LtzvO+UJTNY6V0klvoEP3vrMFqouYJryFsdMFdo0OfZNZFmq6lPQY8DcIa9InI7qqPGB+sbtG6SDpe1VjypF4iJ8iLH9mLHIQN632KaoMaVLO7J3X6jXFNHlzwORYIlzsBeO9VnMTtOKg2o+G25eXb4vGHRBd+PNbGxh1C6R2vsnzMmK4MYuME7BbCDMMcYxCaoq1UnqF3mhzlbj2Uw3mB37EBNHe2zx6d7hKIO28He8skyT0efSspktMZB9XU/2Z9rnJEnSgFKu65UnHT31wvpUg+O8uzdU6/5IfjOZcZL9XJh1cZ0T5JDOizB4A/42CwT8jg0VOVOCMcZx2jhc2GZO+MxU8Uq7wqq3Ov8yQfuI43Yp8fHsWnomX/Y/49oPL//+UnVZGrHCTwjgowjSk2veRthz6b3e3fG9CkXGf9WpYTwofQRsAHs8u7Im8m2DqxNNsasFfR91jbM8/GpeCn0dzFdJlyxXSLyH4H60POUHNGhayory9SiYc8RFjVimGYg9MZ+dKvX+Zy7SJ7oDasoIhN2EOV/2eBSce8caqgShTbCSAC3whEKu37WAKZ3dP5fQiRpkfonockuTliR3pz1Bdpp7Q6SHg+2agwUTuIWDGd3I0jpty5i5s9fgsejJNx+6iZYSlpX2RCz/9Sz0Ks0lZ4bC58urhkcNA19Ogb2jEy1pWLb8/VD3UeEXxnU7OzT6bLmJKH3Jxt5N9e4Y8CSC4DpJygH6dyxR5qkuTRHz8vLtYE8Nmc9Ny42NnhXif+rHi0fn3SrlNtD10bJrKXu0RIuu6vmOGfFjSvibreSzjICgXop27wYFRa5xOCfI4rCaosLs6t8JYklLGyhErLU8WlbPDelEDjhJvPnX+ucrSkVBiJu3Bxet42FG/u94/CYR2gWbjGJzdR09rtt/lADcMh5ZVSsMZviqMFoqEaU0fHIArz2EvcrRR00kuFPeTFIu5eFwxzZ368m4jU+8heg0MBdQKLe5gaQ9tTSdSPX9JxcXgZ0ry4xsOErtzZCODxWKwH0BP5H0p8NXMz0n8E5Cw1YF11v4YjnZlGZZRpSGzh505KkrvLWhjty4WHu2u620wfltJC8iqVCS0AZscT/hK3B1jpxpwtFGulm1gFttOK8usB/uyzw==,iv:EcWY/Msbns1O6Cm4cZQDRZbdDCWr6+QRH9X3/Wl/jAM=,tag:+Iwec3h+bP9r6RVv7GIqOA==,type:str] +funkwhaleDjangoSecret: ENC[AES256_GCM,data:5IQC3gN7nGMaquV/xuIUU/vk64QQ9WQ4nrBUe/I1uulqW9J8c/nM/cPCS9gFRdp7I42LRFObo+sc23OnK3IBxuNBGEk2ZJwdf1/NVY4=,iv:BYqE6LsC7BXe3HH5Iq9LDDnx4vGZdVlugxbZuKHfUyE=,tag:Fyjwkq8Nd9/MSlNCHky38g==,type:str] sops: age: - recipient: age1yzapmznelujajfyrpw5mxmy86ckg377494w5ap4yej39jatewursfxls9w @@ -24,7 +26,7 @@ sops: S3pjSjlhZjZiSDBNakhLVzNKMjd3bWsKC2geLVXFp190lkjxtmZKq8aLN0XMNeAI VqbwIY3a30iuWAaxqf8h1ZuCGJvbAZZBevFZraj9yktRHc54JV3Aww== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-09-19T10:22:44Z" - mac: ENC[AES256_GCM,data:aJcXcdCR9nKbiaGEcGIQxr0kW7D8p2OzC2YDh18AFinWhdUSUDh6B8vkHR3ScIgUOYWc70/vSVsn3+M5JmtH3+mKMwMwSKF2plhicSBGdRELkeeowy6tCZGOVUvRsBhUpynd86qxxvWbJO4Q6mCSNbBQ/cr8493OZWenzB/fedQ=,iv:UqgIWA4ZK3cVn0iepeBPF8KuNREuGKNnijo/oGd4/q0=,tag:CT2uFz+flsZyNAM6SnhveA==,type:str] + lastmodified: "2025-10-24T11:13:12Z" + mac: ENC[AES256_GCM,data:dIGc4xkSmahgewnMRVL+Hox+fcGPMZ1lKRRHve11gQbZpiuRMOjJL+7fhBYtybsr6Tf7NZtToY8HlXap2U+geE4hjNmYbJplqIKIVjdngw5mIMQaAuXqcF+5zOW3LgjwJ5JBM9OX+kp0p5IgD4uTP0iteGJ4BST0e7F7sndHnL4=,iv:cdOz/3vUXaZxsWn7obDsezZ/k8XPOZyoVvoRzjWLDCY=,tag:MCWAN4UPEPQP/iBTequOfA==,type:str] unencrypted_suffix: _unencrypted - version: 3.10.2 + version: 3.11.0 From 55ec6c66835d3cb2102be0084cc1631d153e165c Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sat, 8 Nov 2025 16:59:39 +0100 Subject: [PATCH 03/17] feat: add rocm and davinci resolve to iris --- hosts/iris/default.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/hosts/iris/default.nix b/hosts/iris/default.nix index 3dec566..238bc21 100644 --- a/hosts/iris/default.nix +++ b/hosts/iris/default.nix @@ -46,6 +46,13 @@ gui.enable = true; }; + # Enable ROCM support + hardware.amdgpu.opencl.enable = true; + + environment.systemPackages = with pkgs; [ + pkgs.davinci-resolve + ]; + boot = { kernelParams = [ ]; kernelModules = [ "acpi_call" ]; From 7fa7706d4305a7d7b676a2c69b7972a44040513c Mon Sep 17 00:00:00 2001 From: Ahwx Date: Tue, 11 Nov 2025 11:36:29 +0100 Subject: [PATCH 04/17] chore: comment out actions worker as it didn't connect --- modules/services/forgejo.nix | 35 ++++++++++++++++++++++------------- 1 file changed, 22 insertions(+), 13 deletions(-) diff --git a/modules/services/forgejo.nix b/modules/services/forgejo.nix index 38e10dd..942a874 100644 --- a/modules/services/forgejo.nix +++ b/modules/services/forgejo.nix @@ -46,19 +46,28 @@ in }; secrets.mailer.PASSWD = config.sops.secrets.systemMailerPassword.path; }; - gitea-actions-runner = { - package = pkgs.forgejo-runner; - instances.code-liv-town = { - enable = true; - name = "forgejo-01"; - tokenFile = "${config.sops.secrets.forgejoWorkerSecret.path}"; - url = "https://code.liv.town"; - labels = [ - "node-22:docker://node:22-bookworm" - "nixos-latest:docker://nixos/nix" - ]; - }; - }; + # gitea-actions-runner = { + # package = pkgs.forgejo-runner; + # instances.forgejo-01 = { + # enable = true; + # name = "forgejo-01"; + # tokenFile = "${config.sops.secrets.forgejoWorkerSecret.path}"; + # url = "https://code.liv.town"; + # labels = [ + # "node-22:docker://node:22-bookworm" + # "nixos-latest:docker://nixos/nix" + # # "docker:docker://node:24-alpine" + # # "alpine-latest:docker://node:24-alpine" + # ]; + # settings = { + # log.level = "info"; + # runner = { + # file = ".runner"; + # timeout = "3h"; + # }; + # }; + # }; + # }; anubis.instances.forgejo = { settings = { TARGET = "http://localhost:3050"; From f47ac18dab6e36be4ad6de39bc1aee1365dedeb5 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Tue, 11 Nov 2025 11:36:50 +0100 Subject: [PATCH 05/17] feat: create module for atticd --- modules/services/attic.nix | 52 +++++++++++++++++++++++++++++++++++++ modules/services/violet.nix | 2 ++ 2 files changed, 54 insertions(+) create mode 100644 modules/services/attic.nix diff --git a/modules/services/attic.nix b/modules/services/attic.nix new file mode 100644 index 0000000..ca91497 --- /dev/null +++ b/modules/services/attic.nix @@ -0,0 +1,52 @@ +{ config, ... }: +{ + services = { + atticd = { + enable = true; + + # File containing the server token in the following format: + # ATTIC_SERVER_TOKEN_RS256_SECRET_BASE64=<...> + # You can generate the token by running the following command: + # openssl genrsa -traditional 4096 | base64 -w0 + environmentFile = config.sops.secrets.atticdEnvironment.path; + settings = { + # Listen on some port. Replace it! + listen = "[::]:8060"; + # The two lines below should be set to the URL where your Attic cache will be available. + allowed-hosts = [ "cache.liv.town" ]; + # Apparently it's very important this ends in a "/" + api-endpoint = "https://cache.liv.town/"; + jwt = { }; + database = { + # I used Postgres here, but if you leave it empty + # it will use an in-memory SQLite DB instead. + # url = "postgresql://atticd@127.0.0.1/atticd"; + # heartbeat = true; + }; + storage = { + # You could also use S3 here. But nah lol shit's expensive. + type = "local"; + # Leave this empty to use the default path, + # or change it to some path that Attic can write to. + path = "/mnt/nfs/violet/nix"; + }; + }; + }; + anubis.instances.atticd = { + settings = { + TARGET = "http://localhost:8060"; + BIND = ":8061"; + BIND_NETWORK = "tcp"; + }; + }; + nginx.virtualHosts."cache.liv.town" = { + forceSSL = true; + sslCertificate = "/var/lib/acme/liv.town/cert.pem"; + sslCertificateKey = "/var/lib/acme/liv.town/key.pem"; + locations."/" = { + proxyPass = "http://localhost${toString config.services.anubis.instances.atticd.settings.BIND}"; + proxyWebsockets = true; + }; + }; + }; +} diff --git a/modules/services/violet.nix b/modules/services/violet.nix index 4cf4b48..6705874 100644 --- a/modules/services/violet.nix +++ b/modules/services/violet.nix @@ -3,12 +3,14 @@ imports = [ (import ./invidious.nix) ] ++ [ (import ./anubis.nix) ] + ++ [ (import ./attic.nix) ] ++ [ (import ./borg.nix) ] ++ [ (import ./binternet-proxy.nix) ] ++ [ (import ./bluemap-proxy.nix) ] ++ [ (import ./docker.nix) ] ++ [ (import ./email.nix) ] ++ [ (import ./forgejo.nix) ] + # ++ [ (import ./funkwhale.nix) ] ++ [ (import ./grafana.nix) ] ++ [ (import ./guacamole.nix) ] ++ [ (import ./gokapi.nix) ] From d8d894ddaf303130097c6050dc92f8318ebcf7d0 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Tue, 11 Nov 2025 11:38:22 +0100 Subject: [PATCH 06/17] chore: create more secrets --- modules/core/sops.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/core/sops.nix b/modules/core/sops.nix index 91bd2f0..cbd6db1 100644 --- a/modules/core/sops.nix +++ b/modules/core/sops.nix @@ -19,11 +19,13 @@ "systemMailerPassword" = { }; "forgejoWorkerSecret" = { }; "minioRootCredentials" = { }; + "atticdEnvironment" = { }; "matrixRegistrationSecret" = { owner = "matrix-synapse"; }; "smbLoginDetails" = { }; "syncplay" = { }; + "funkwhaleDjangoSecret" = { }; } else if (host == "sakura") then { From 3d30c7dc01a032e8542016324cf8aee00b7d34d3 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Tue, 11 Nov 2025 11:39:26 +0100 Subject: [PATCH 07/17] feat: write funkwhale module --- modules/services/funkwhale.nix | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 modules/services/funkwhale.nix diff --git a/modules/services/funkwhale.nix b/modules/services/funkwhale.nix new file mode 100644 index 0000000..247f9cc --- /dev/null +++ b/modules/services/funkwhale.nix @@ -0,0 +1,16 @@ +{ config, inputs, ... }: +{ + nixpkgs.overlays = [ inputs.funkwhale.overlay ]; + services = { + funkwhale = { + enable = true; + hostname = "music.liv.town"; + defaultFromEmail = "notifications@liv.town"; + protocol = "https"; + forceSSL = true; # uncomment when LetsEncrypt needs to access "http:" in order to check domain + api = { + djangoSecretKeyFile = config.sops.secrets.funkwhaleDjangoSecret.path; + }; + }; + }; +} From a2a52a1309f911e0b6aea26479eb209bf1140880 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Tue, 11 Nov 2025 11:47:23 +0100 Subject: [PATCH 08/17] flake: update --- flake.lock | 363 +++++++++++++++++++++++++++++++---------------------- 1 file changed, 214 insertions(+), 149 deletions(-) diff --git a/flake.lock b/flake.lock index fa411eb..e401d03 100644 --- a/flake.lock +++ b/flake.lock @@ -41,11 +41,11 @@ ] }, "locked": { - "lastModified": 1760101617, - "narHash": "sha256-8jf/3ZCi+B7zYpIyV04+3wm72BD7Z801IlOzsOACR7I=", + "lastModified": 1762356719, + "narHash": "sha256-qwd/xdoOya1m8FENle+4hWnydCtlXUWLAW/Auk6WL7s=", "owner": "hyprwm", "repo": "aquamarine", - "rev": "1826a9923881320306231b1c2090379ebf9fa4f8", + "rev": "6d0b3567584691bf9d8fedb5d0093309e2f979c7", "type": "github" }, "original": { @@ -206,6 +206,24 @@ "type": "github" } }, + "funkwhale": { + "inputs": { + "nixpkgs": "nixpkgs_3" + }, + "locked": { + "lastModified": 1715161072, + "narHash": "sha256-idIdylmqPibBVePO2T67X4y6b9EZoAQq5w1hZZn38rY=", + "owner": "mmai", + "repo": "funkwhale-flake", + "rev": "4a744ac59a55323eefc6a0f263aa55ebdc61146e", + "type": "github" + }, + "original": { + "owner": "mmai", + "repo": "funkwhale-flake", + "type": "github" + } + }, "gitignore": { "inputs": { "nixpkgs": [ @@ -235,11 +253,11 @@ ] }, "locked": { - "lastModified": 1762183399, - "narHash": "sha256-vr2aL1QLfERYTfYBgK8cW3T9eSdSEThH462wKaGlmEU=", + "lastModified": 1762787259, + "narHash": "sha256-t2U/GLLXHa2+kJkwnFNRVc2fEJ/lUfyZXBE5iKzJdcs=", "owner": "nix-community", "repo": "home-manager", - "rev": "a5fee077929ae2f2800c3087dce5e1abb4edfbc6", + "rev": "37a3d97f2873e0f68711117c34d04b7c7ead8f4e", "type": "github" }, "original": { @@ -250,7 +268,7 @@ }, "hypr-contrib": { "inputs": { - "nixpkgs": "nixpkgs_3" + "nixpkgs": "nixpkgs_4" }, "locked": { "lastModified": 1759613406, @@ -311,11 +329,11 @@ ] }, "locked": { - "lastModified": 1760445448, - "narHash": "sha256-fXGjL6dw31FPFRrmIemzGiNSlfvEJTJNsmadZi+qNhI=", + "lastModified": 1762462052, + "narHash": "sha256-6roLYzcDf4V38RUMSqycsOwAnqfodL6BmhRkUtwIgdA=", "owner": "hyprwm", "repo": "hyprgraphics", - "rev": "50fb9f069219f338a11cf0bcccb9e58357d67757", + "rev": "ffc999d980c7b3bca85d3ebd0a9fbadf984a8162", "type": "github" }, "original": { @@ -329,8 +347,8 @@ "aquamarine": "aquamarine", "hyprcursor": "hyprcursor", "hyprgraphics": "hyprgraphics", + "hyprland-guiutils": "hyprland-guiutils", "hyprland-protocols": "hyprland-protocols", - "hyprland-qtutils": "hyprland-qtutils", "hyprlang": "hyprlang", "hyprutils": "hyprutils", "hyprwayland-scanner": "hyprwayland-scanner", @@ -342,11 +360,11 @@ "xdph": "xdph" }, "locked": { - "lastModified": 1761869718, - "narHash": "sha256-CiKN7TRaCk3MF/FAwCMEO91TKFWS6bONhF8mhYPKhAU=", + "lastModified": 1762755326, + "narHash": "sha256-lXEBpx5Q2LdGZCXKTa1v7NhlaSxOvcvnepRi0r38+jg=", "ref": "refs/heads/main", - "rev": "8e9add2afda58d233a75e4c5ce8503b24fa59ceb", - "revCount": 6549, + "rev": "0b1d690676589503f0addece30e936a240733699", + "revCount": 6564, "submodules": true, "type": "git", "url": "https://github.com/hyprwm/Hyprland" @@ -357,6 +375,52 @@ "url": "https://github.com/hyprwm/Hyprland" } }, + "hyprland-guiutils": { + "inputs": { + "aquamarine": [ + "hyprland", + "aquamarine" + ], + "hyprgraphics": [ + "hyprland", + "hyprgraphics" + ], + "hyprlang": [ + "hyprland", + "hyprlang" + ], + "hyprtoolkit": "hyprtoolkit", + "hyprutils": [ + "hyprland", + "hyprutils" + ], + "hyprwayland-scanner": [ + "hyprland", + "hyprwayland-scanner" + ], + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1762755186, + "narHash": "sha256-ZjjETUHtoEhVN7JI1Cbt3p/KcXpK8ZQaPHx7UkG1OgA=", + "owner": "hyprwm", + "repo": "hyprland-guiutils", + "rev": "66356e20a8ed348aa49c1b9ceace786e224225b3", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprland-guiutils", + "type": "github" + } + }, "hyprland-protocols": { "inputs": { "nixpkgs": [ @@ -407,74 +471,6 @@ "type": "github" } }, - "hyprland-qt-support": { - "inputs": { - "hyprlang": [ - "hyprland", - "hyprland-qtutils", - "hyprlang" - ], - "nixpkgs": [ - "hyprland", - "hyprland-qtutils", - "nixpkgs" - ], - "systems": [ - "hyprland", - "hyprland-qtutils", - "systems" - ] - }, - "locked": { - "lastModified": 1749154592, - "narHash": "sha256-DO7z5CeT/ddSGDEnK9mAXm1qlGL47L3VAHLlLXoCjhE=", - "owner": "hyprwm", - "repo": "hyprland-qt-support", - "rev": "4c8053c3c888138a30c3a6c45c2e45f5484f2074", - "type": "github" - }, - "original": { - "owner": "hyprwm", - "repo": "hyprland-qt-support", - "type": "github" - } - }, - "hyprland-qtutils": { - "inputs": { - "hyprland-qt-support": "hyprland-qt-support", - "hyprlang": [ - "hyprland", - "hyprlang" - ], - "hyprutils": [ - "hyprland", - "hyprland-qtutils", - "hyprlang", - "hyprutils" - ], - "nixpkgs": [ - "hyprland", - "nixpkgs" - ], - "systems": [ - "hyprland", - "systems" - ] - }, - "locked": { - "lastModified": 1759080228, - "narHash": "sha256-RgDoAja0T1hnF0pTc56xPfLfFOO8Utol2iITwYbUhTk=", - "owner": "hyprwm", - "repo": "hyprland-qtutils", - "rev": "629b15c19fa4082e4ce6be09fdb89e8c3312aed7", - "type": "github" - }, - "original": { - "owner": "hyprwm", - "repo": "hyprland-qtutils", - "type": "github" - } - }, "hyprlang": { "inputs": { "hyprutils": [ @@ -537,15 +533,15 @@ "inputs": { "hyprutils": "hyprutils_2", "hyprwayland-scanner": "hyprwayland-scanner_2", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_5", "systems": "systems_2" }, "locked": { - "lastModified": 1761923011, - "narHash": "sha256-7wjem/IGv2+El/JWMm9c5amTU7ifX72ALK8XgmZRoiQ=", + "lastModified": 1762388741, + "narHash": "sha256-4PKO/B0C53Qb60UIXB6QjXTvWX3ap34WdcnMoH6+ng0=", "owner": "hyprwm", "repo": "hyprpicker", - "rev": "b645b892b14d0f55be7636555044836ec57c6d06", + "rev": "5ab0e1aaa489ceb807c884a73b4948d395d9e229", "type": "github" }, "original": { @@ -560,7 +556,7 @@ "hyprlang": "hyprlang_2", "hyprutils": "hyprutils_3", "hyprwayland-scanner": "hyprwayland-scanner_3", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_6", "systems": "systems_3" }, "locked": { @@ -577,6 +573,58 @@ "type": "github" } }, + "hyprtoolkit": { + "inputs": { + "aquamarine": [ + "hyprland", + "hyprland-guiutils", + "aquamarine" + ], + "hyprgraphics": [ + "hyprland", + "hyprland-guiutils", + "hyprgraphics" + ], + "hyprlang": [ + "hyprland", + "hyprland-guiutils", + "hyprlang" + ], + "hyprutils": [ + "hyprland", + "hyprland-guiutils", + "hyprutils" + ], + "hyprwayland-scanner": [ + "hyprland", + "hyprland-guiutils", + "hyprwayland-scanner" + ], + "nixpkgs": [ + "hyprland", + "hyprland-guiutils", + "nixpkgs" + ], + "systems": [ + "hyprland", + "hyprland-guiutils", + "systems" + ] + }, + "locked": { + "lastModified": 1762463729, + "narHash": "sha256-2fYkU/mdz8WKY3dkDPlE/j6hTxIwqultsx4gMMsMns0=", + "owner": "hyprwm", + "repo": "hyprtoolkit", + "rev": "88483bdee5329ec985f0c8f834c519cd18cfe532", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprtoolkit", + "type": "github" + } + }, "hyprutils": { "inputs": { "nixpkgs": [ @@ -589,11 +637,11 @@ ] }, "locked": { - "lastModified": 1759619523, - "narHash": "sha256-r1ed7AR2ZEb2U8gy321/Xcp1ho2tzn+gG1te/Wxsj1A=", + "lastModified": 1762387740, + "narHash": "sha256-gQ9zJ+pUI4o+Gh4Z6jhJll7jjCSwi8ZqJIhCE2oqwhQ=", "owner": "hyprwm", "repo": "hyprutils", - "rev": "3df7bde01efb3a3e8e678d1155f2aa3f19e177ef", + "rev": "926689ddb9c0a8787e58c02c765a62e32d63d1f7", "type": "github" }, "original": { @@ -759,11 +807,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1762179181, - "narHash": "sha256-T4+TNfXlF/gHbcNCC2HY7sMGBKgqNzyYeMBWmcbH7/o=", + "lastModified": 1762847253, + "narHash": "sha256-BWWnUUT01lPwCWUvS0p6Px5UOBFeXJ8jR+ZdLX8IbrU=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "256770618502d2eda892af3ae91da5e386ce9586", + "rev": "899dc449bc6428b9ee6b3b8f771ca2b0ef945ab9", "type": "github" }, "original": { @@ -805,11 +853,27 @@ }, "nixpkgs_10": { "locked": { - "lastModified": 1760596604, - "narHash": "sha256-J/i5K6AAz/y5dBePHQOuzC7MbhyTOKsd/GLezSbEFiM=", + "lastModified": 1762596750, + "narHash": "sha256-rXXuz51Bq7DHBlfIjN7jO8Bu3du5TV+3DSADBX7/9YQ=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "b6a8526db03f735b89dd5ff348f53f752e7ddc8e", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_11": { + "locked": { + "lastModified": 1762361079, + "narHash": "sha256-lz718rr1BDpZBYk7+G8cE6wee3PiBUpn8aomG/vLLiY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3cbe716e2346710d6e1f7c559363d14e11c32a43", + "rev": "ffcdcf99d65c61956d882df249a9be53e5902ea5", "type": "github" }, "original": { @@ -819,13 +883,13 @@ "type": "github" } }, - "nixpkgs_11": { + "nixpkgs_12": { "locked": { - "lastModified": 1761907660, - "narHash": "sha256-kJ8lIZsiPOmbkJypG+B5sReDXSD1KGu2VEPNqhRa/ew=", + "lastModified": 1762363567, + "narHash": "sha256-YRqMDEtSMbitIMj+JLpheSz0pwEr0Rmy5mC7myl17xs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15", + "rev": "ae814fd3904b621d8ab97418f1d0f2eb0d3716f4", "type": "github" }, "original": { @@ -853,27 +917,27 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1712163089, - "narHash": "sha256-Um+8kTIrC19vD4/lUCN9/cU9kcOsD1O1m+axJqQPyMM=", + "lastModified": 1704290814, + "narHash": "sha256-LWvKHp7kGxk/GEtlrGYV68qIvPHkU9iToomNFGagixU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fd281bd6b7d3e32ddfa399853946f782553163b5", + "rev": "70bdadeb94ffc8806c0570eb5c2695ad29f0e421", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-unstable", + "ref": "nixos-23.05", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_4": { "locked": { - "lastModified": 1748929857, - "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=", + "lastModified": 1712163089, + "narHash": "sha256-Um+8kTIrC19vD4/lUCN9/cU9kcOsD1O1m+axJqQPyMM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4", + "rev": "fd281bd6b7d3e32ddfa399853946f782553163b5", "type": "github" }, "original": { @@ -901,11 +965,11 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1761907660, - "narHash": "sha256-kJ8lIZsiPOmbkJypG+B5sReDXSD1KGu2VEPNqhRa/ew=", + "lastModified": 1748929857, + "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15", + "rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4", "type": "github" }, "original": { @@ -916,6 +980,22 @@ } }, "nixpkgs_7": { + "locked": { + "lastModified": 1762596750, + "narHash": "sha256-rXXuz51Bq7DHBlfIjN7jO8Bu3du5TV+3DSADBX7/9YQ=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "b6a8526db03f735b89dd5ff348f53f752e7ddc8e", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_8": { "locked": { "lastModified": 1743315132, "narHash": "sha256-6hl6L/tRnwubHcA4pfUUtk542wn2Om+D4UnDhlDW9BE=", @@ -931,7 +1011,7 @@ "type": "github" } }, - "nixpkgs_8": { + "nixpkgs_9": { "locked": { "lastModified": 1742800061, "narHash": "sha256-oDJGK1UMArK52vcW9S5S2apeec4rbfNELgc50LqiPNs=", @@ -947,26 +1027,10 @@ "type": "github" } }, - "nixpkgs_9": { - "locked": { - "lastModified": 1761907660, - "narHash": "sha256-kJ8lIZsiPOmbkJypG+B5sReDXSD1KGu2VEPNqhRa/ew=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixvim": { "inputs": { "flake-parts": "flake-parts", - "nixpkgs": "nixpkgs_7", + "nixpkgs": "nixpkgs_8", "nixvim": "nixvim_2" }, "locked": { @@ -986,7 +1050,7 @@ "nixvim_2": { "inputs": { "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs_8", + "nixpkgs": "nixpkgs_9", "nuschtosSearch": "nuschtosSearch" }, "locked": { @@ -1006,14 +1070,14 @@ "nur": { "inputs": { "flake-parts": "flake-parts_3", - "nixpkgs": "nixpkgs_9" + "nixpkgs": "nixpkgs_10" }, "locked": { - "lastModified": 1762180725, - "narHash": "sha256-Lrh11WTceP1e1AG7t2o8lNdvmiTijAZfkxD9gntpIjU=", + "lastModified": 1762856806, + "narHash": "sha256-amezM/CNkaIWbmfzPJi4A4zH1k7t+3552SNpy9Doh34=", "owner": "nix-community", "repo": "NUR", - "rev": "4ca815f76d28487bd3cca3de56a4777fab95525f", + "rev": "27b24a13d45b022bcf2b0fe29f3c8a11af342f47", "type": "github" }, "original": { @@ -1056,11 +1120,11 @@ ] }, "locked": { - "lastModified": 1760663237, - "narHash": "sha256-BflA6U4AM1bzuRMR8QqzPXqh8sWVCNDzOdsxXEguJIc=", + "lastModified": 1762441963, + "narHash": "sha256-j+rNQ119ffYUkYt2YYS6rnd6Jh/crMZmbqpkGLXaEt0=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "ca5b894d3e3e151ffc1db040b6ce4dcc75d31c37", + "rev": "8e7576e79b88c16d7ee3bbd112c8d90070832885", "type": "github" }, "original": { @@ -1073,13 +1137,14 @@ "inputs": { "alejandra": "alejandra", "disko": "disko", + "funkwhale": "funkwhale", "home-manager": "home-manager", "hypr-contrib": "hypr-contrib", "hyprland": "hyprland", "hyprpicker": "hyprpicker", "hyprsunset": "hyprsunset", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_6", + "nixpkgs": "nixpkgs_7", "nixvim": "nixvim", "nur": "nur", "sops-nix": "sops-nix", @@ -1105,14 +1170,14 @@ }, "sops-nix": { "inputs": { - "nixpkgs": "nixpkgs_10" + "nixpkgs": "nixpkgs_11" }, "locked": { - "lastModified": 1760998189, - "narHash": "sha256-ee2e1/AeGL5X8oy/HXsZQvZnae6XfEVdstGopKucYLY=", + "lastModified": 1762812535, + "narHash": "sha256-A91a+K0Q9wfdPLwL06e/kbHeAWSzPYy2EGdTDsyfb+s=", "owner": "Mic92", "repo": "sops-nix", - "rev": "5a7d18b5c55642df5c432aadb757140edfeb70b3", + "rev": "d75e4f89e58fdda39e4809f8c52013caa22483b7", "type": "github" }, "original": { @@ -1123,15 +1188,15 @@ }, "spicetify-nix": { "inputs": { - "nixpkgs": "nixpkgs_11", + "nixpkgs": "nixpkgs_12", "systems": "systems_5" }, "locked": { - "lastModified": 1762057664, - "narHash": "sha256-mdEEvepIi8ebpGP1WWOHNvNQyd8rF0mUrKAiU6mwHCk=", + "lastModified": 1762718300, + "narHash": "sha256-oOQimZTaV1jCw0OBmmK2g7Rdj3E8YGVpkJYD32BWKRQ=", "owner": "Gerg-L", "repo": "spicetify-nix", - "rev": "4aa6e43d29e3c8acf544aa6782a1963a11369208", + "rev": "c7175bd485ed5052df5075fcdde395b631316e94", "type": "github" }, "original": { @@ -1243,11 +1308,11 @@ ] }, "locked": { - "lastModified": 1760713634, - "narHash": "sha256-5HXelmz2x/uO26lvW7MudnadbAfoBnve4tRBiDVLtOM=", + "lastModified": 1761431178, + "narHash": "sha256-xzjC1CV3+wpUQKNF+GnadnkeGUCJX+vgaWIZsnz9tzI=", "owner": "hyprwm", "repo": "xdg-desktop-portal-hyprland", - "rev": "753bbbdf6a052994da94062e5b753288cef28dfb", + "rev": "4b8801228ff958d028f588f0c2b911dbf32297f9", "type": "github" }, "original": { From 5fe53697d477aa34f4a6912cb923a8464fb4f221 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sat, 15 Nov 2025 20:51:14 +0100 Subject: [PATCH 09/17] fix: ollama things --- modules/services/ollama.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/services/ollama.nix b/modules/services/ollama.nix index 8676727..03dd175 100644 --- a/modules/services/ollama.nix +++ b/modules/services/ollama.nix @@ -3,7 +3,7 @@ enable = true; # Optional: preload models, see https://ollama.com/library # loadModels = [ "llama3.2:3b" "deepseek-r1:1.5b"]; - # acceleration = "rocm"; # nope, 5700XT is too old for this + acceleration = "rocm"; # nope, 5700XT is too old for this }; - services.open-webui.enable = false; + services.open-webui.enable = true; } From 072efd4076d02b49aada47285a866bf32c260e9d Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sat, 15 Nov 2025 21:19:30 +0100 Subject: [PATCH 10/17] feat: adds ssh key for myrtle to `sshd.nix` --- modules/core/sshd.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/core/sshd.nix b/modules/core/sshd.nix index 1401c15..40edffe 100644 --- a/modules/core/sshd.nix +++ b/modules/core/sshd.nix @@ -20,6 +20,7 @@ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKQtG69zrMFsoHForwZEi66y1tPvctqg1OgjQFrF3OI+ liv@iris" # iris "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINKI2KQn97mykFLIaMUWMftA1txJec9qW56hAMj5/MhE liv@dandelion" # dandelion "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILwDS8tXjGjUtk3eQAaPf0S0f9JgwEGPlNYQ7OvACX1Z liv@imilia" # imilia + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN7Qlz0vKb8EtqiyRRz1PLmcWR9mxq39BaAcUU4Ls2pM liv@myrtle" # myrtle "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7mHVQp99G0osUAtnVoq5TARR8x5wjCkdbe7ChnzLRa liv@azalea" # linux phone "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ2nsQHyWnrmuQway0ehoMUcYYfhD8Ph/vpD0Tzip1b1 liv@meow" # xz1c From da55dac3d52d0100e66769bc34e469fff7ebecfc Mon Sep 17 00:00:00 2001 From: Ahwx Date: Tue, 18 Nov 2025 10:45:36 +0100 Subject: [PATCH 11/17] feat: add compose key to `ralt`; adds lock shortcut and lock on lid switch --- modules/home/hyprland/config.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/modules/home/hyprland/config.nix b/modules/home/hyprland/config.nix index 2652a51..ceaf21d 100644 --- a/modules/home/hyprland/config.nix +++ b/modules/home/hyprland/config.nix @@ -40,7 +40,7 @@ input = { kb_layout = "us,jp"; - kb_options = "caps:ctrl_modifier"; + kb_options = "caps:ctrl_modifier,compose:ralt"; numlock_by_default = true; follow_mouse = 1; sensitivity = 0; @@ -171,6 +171,7 @@ "$mainMod, Space, togglefloating," "$mainMod, D, exec, bemenu-run -l 5 --ignorecase" "SUPER SHIFT, L, exec, swaylock --image /home/${username}/.local/share/bg.png" + "SUPER, L, exec, swaylock --image /home/${username}/.local/share/bg.png" "$mainMod, E, exec, thunar" "$mainMod SHIFT, B, exec, pkill -SIGUSR1 .waybar-wrapped" "$mainMod, C,exec, hyprpicker -a" @@ -269,6 +270,10 @@ "$mainMod, XF86MonBrightnessDown, exec, brightnessctl set 100%-" ]; + bindl = [ + ",switch:[Lid Switch], exec, hyprlock" + ]; + # mouse binding bindm = [ "$mainMod, mouse:272, movewindow" From 438351a8745be8d8f6e6ec5a6fdfa8d84c33193d Mon Sep 17 00:00:00 2001 From: Ahwx Date: Tue, 18 Nov 2025 10:46:06 +0100 Subject: [PATCH 12/17] feat: adds hyprsunset --- modules/home/hyprsunset.nix | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 modules/home/hyprsunset.nix diff --git a/modules/home/hyprsunset.nix b/modules/home/hyprsunset.nix new file mode 100644 index 0000000..d78d0ea --- /dev/null +++ b/modules/home/hyprsunset.nix @@ -0,0 +1,16 @@ +{ + services.hyprsunset.enable = true; + + home.file.".config/hypr/hyprsunset.conf".text = '' + max-gamma = 200; + profile { + time = 06:00; + identity = true; + } + profile { + time = 21:00; + temperature = 5500; + gamma = 0.8; + } + ''; +} From fbdb0ba6b8fae65de007efa9d664edbd2d7bee16 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Tue, 18 Nov 2025 10:47:28 +0100 Subject: [PATCH 13/17] feat: adds `gsettings` dark mode --- modules/home/hyprland/config.nix | 1 + modules/home/sway/default.nix | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/home/hyprland/config.nix b/modules/home/hyprland/config.nix index ceaf21d..4f09651 100644 --- a/modules/home/hyprland/config.nix +++ b/modules/home/hyprland/config.nix @@ -36,6 +36,7 @@ "mpDris2 &" "foot --server &" "hyprfloat &" + "gsettings set org.gnome.desktop.interface color-scheme 'prefer-dark' &" ]; input = { diff --git a/modules/home/sway/default.nix b/modules/home/sway/default.nix index 157ec74..03727c2 100644 --- a/modules/home/sway/default.nix +++ b/modules/home/sway/default.nix @@ -198,11 +198,12 @@ in { command = "swaycons &"; } # { command = "wlsunset -S '06:30' -s '19:30' -d 1800 "; } { command = "foot --server &"; } + { command = "gsettings set org.gnome.desktop.interface color-scheme 'prefer-dark'"; } { command = "footclient"; } ]; workspaceAutoBackAndForth = false; }; - # systemd.enable = true; # ??? + # systemd.enable = true; # why would anyone do this??? wrapperFeatures = { gtk = true; }; From d578167e42ba4da58511f687c8633059668ec503 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Tue, 18 Nov 2025 10:47:46 +0100 Subject: [PATCH 14/17] feat: adds `hyprlock` and `hyprsunset` --- modules/home/hyprland/default.nix | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/modules/home/hyprland/default.nix b/modules/home/hyprland/default.nix index 500dd39..5497e22 100644 --- a/modules/home/hyprland/default.nix +++ b/modules/home/hyprland/default.nix @@ -1,9 +1,11 @@ -{ inputs, ... }: +{ inputs, ... }: { - imports = [ (import ./hyprland.nix) ] + imports = + [ (import ./hyprland.nix) ] ++ [ (import ./config.nix) ] ++ [ (import ./scripts.nix) ] ++ [ (import ./variables.nix) ] - # ++ [ (import ./hyprlock.nix) ] + ++ [ (import ./../hyprsunset.nix) ] + ++ [ (import ./../hyprlock.nix) ] ++ [ inputs.hyprland.homeManagerModules.default ]; } From 439fee719ef8c69247908c4468693f795c741f94 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Thu, 20 Nov 2025 22:01:32 +0100 Subject: [PATCH 15/17] chore: delete `lily` host because it is no longer running nixos --- hosts/lily/default.nix | 265 -------------------------- hosts/lily/dns.nix | 31 --- hosts/lily/hardware-configuration.nix | 37 ---- hosts/lily/variables.nix | 19 -- hosts/lily/wireguard.nix | 3 - 5 files changed, 355 deletions(-) delete mode 100644 hosts/lily/default.nix delete mode 100644 hosts/lily/dns.nix delete mode 100644 hosts/lily/hardware-configuration.nix delete mode 100644 hosts/lily/variables.nix delete mode 100644 hosts/lily/wireguard.nix diff --git a/hosts/lily/default.nix b/hosts/lily/default.nix deleted file mode 100644 index b6d57ce..0000000 --- a/hosts/lily/default.nix +++ /dev/null @@ -1,265 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: -let - externalInterface = "wan0"; - # networks = config.homelab.networks.local; - # internalInterfaces = lib.mapAttrsToList (_: val: val.interface) networks; - # internalIPs = lib.mapAttrsToList ( - # _: val: lib.strings.removeSuffix ".1" val.cidr + ".0/24" - # ) networks; - commonDhcpOptions = [ - { - name = "domain-name-servers"; - data = "9.9.9.9"; - } - { - name = "time-servers"; - data = "172.16.1.1"; - } - { - name = "domain-name"; - data = "beeping.local"; - } - { - name = "domain-search"; - data = "beeping.local"; - } - ]; -in -{ - imports = [ - ./hardware-configuration.nix - ./variables.nix - ./dns.nix - ./wireguard.nix - ./../../modules/core/default.router.nix - ./../../modules/services/lily.nix - ]; - - liv = { - server.enable = true; - router.enable = true; - }; - - boot = { - loader.grub = { - enable = true; - device = "/dev/sda"; - useOSProber = true; - }; - kernel = { - sysctl = { - # Forward both IPv4 and IPv6 on all interfaces - "net.ipv4.conf.all.forwarding" = true; - "net.ipv6.conf.all.forwarding" = false; - - # By default, do not automatically configure any IPv6 addresses. - # "net.ipv6.conf.all.accept_ra" = 0; - # "net.ipv6.conf.all.autoconf" = 0; - # "net.ipv6.conf.all.use_tempaddr" = 0; - - # Allow IPv6 autoconfiguration and tempory address use on WAN. - "net.ipv6.conf.${externalInterface}.accept_ra" = 2; - "net.ipv6.conf.${externalInterface}.autoconf" = 1; - }; - }; - }; - - # label network interfaces - services.udev.extraRules = '' - SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:25:90:47:67:6e", ATTR{type}=="1", NAME="wan0" - SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:25:90:47:67:6f", ATTR{type}=="1", NAME="lan0" - SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:25:90:63:0f:80", ATTR{type}=="1", NAME="lan1" - SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:25:90:63:0f:81", ATTR{type}=="1", NAME="lan2" - ''; - - networking = { - nameservers = [ - "9.9.9.9" - "149.112.112.112" - ]; - interfaces = { - wan0.useDHCP = true; - lan0.useDHCP = false; - lan1.useDHCP = false; - lan2.useDHCP = false; - }; - - firewall = { - enable = false; - allowPing = true; - - # allow ssh on *all* interfaces, even wan. - allowedTCPPorts = lib.mkForce [ 22 ]; - allowedUDPPorts = lib.mkForce [ 22 ]; - - # interface-specific rules - interfaces = { - "lan0" = { - allowedTCPPorts = [ - 22 - 53 - ]; - allowedUDPPorts = [ - 22 - 53 - ]; - }; - }; - }; - - # <100 is trusted; =>100 is untrusted. - vlans = { - lan = { - id = 1; - interface = "lan1"; - }; - servers = { - id = 10; - interface = "lan1"; - }; - management = { - id = 21; - interface = "lan1"; - }; - iot = { - id = 100; - interface = "lan1"; - }; - guest = { - id = 110; - interface = "lan1"; - }; - }; - }; - - services = { - kea.dhcp4 = { - enable = true; - settings = { - lease-database = { - name = "/var/lib/kea/dhcp4.leases"; - persist = true; - type = "memfile"; - }; - interfaces-config = { - interfaces = [ - "lan" - "servers" - "management" - "iot" - "guest" - ]; - }; - option-data = [ - { - name = "domain-name-servers"; - data = ""; - always-send = true; - } - { - name = "routers"; - data = ""; - } - { - name = "domain-name"; - data = "beeping.local"; - } - ]; - - rebind-timer = 2000; - renew-timer = 1000; - valid-lifetime = 43200; - - # option domain-name-servers 9.9.9.9, 149.112.112.112; - # TODO: these should be dynamically generated based on ${config.networking.vlans} - subnet4 = [ - ({ - id = 1; - interface = "lan"; - subnet = "172.16.1.0/24"; - pools = [ { pool = "172.16.1.50 - 172.16.1.254"; } ]; - option-data = [ - { - name = "routers"; - data = "172.16.1.1"; - } - ] ++ commonDhcpOptions; - }) - ({ - id = 10; - interface = "servers"; - subnet = "172.16.10.0/24"; - pools = [ { pool = "172.16.10.50 - 172.16.10.254"; } ]; - option-data = [ - { - name = "routers"; - data = "172.16.10.1"; - } - ] ++ commonDhcpOptions; - }) - ({ - id = 21; - interface = "management"; - subnet = "172.16.21.0/24"; - pools = [ { pool = "172.16.21.50 - 172.16.21.254"; } ]; - option-data = [ - { - name = "routers"; - data = "172.16.21.1"; - } - ] ++ commonDhcpOptions; - }) - ({ - id = 100; - interface = "iot"; - subnet = "172.16.100.0/24"; - pools = [ { pool = "172.16.100.50 - 172.16.100.254"; } ]; - option-data = [ - { - name = "routers"; - data = "172.16.100.1"; - } - ] ++ commonDhcpOptions; - }) - ({ - id = 110; - interface = "guest"; - subnet = "172.16.110.0/24"; - pools = [ { pool = "172.16.110.50 - 172.16.110.254"; } ]; - option-data = [ - { - name = "routers"; - data = "172.16.110.1"; - } - ] ++ commonDhcpOptions; - }) - ]; - }; - }; - avahi = { - enable = true; - reflector = true; - interfaces = [ - "lan" - "iot" - ]; - }; - }; - - networking.hostName = "lily"; - - time.timeZone = "Europe/Amsterdam"; - - environment.systemPackages = with pkgs; [ - kitty.terminfo - tcpdump - dnsutils - bind - ethtool - ]; -} diff --git a/hosts/lily/dns.nix b/hosts/lily/dns.nix deleted file mode 100644 index e92df27..0000000 --- a/hosts/lily/dns.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ lib, config, ... }: -{ - services = { - dnsmasq = { - enable = false; # try some other options first - settings = { - cache-size = 10000; # Specifies the size of the DNS query cache. It will store up to n cached DNS queries to improve response times for frequently accessed domains. - server = [ - "9.9.9.9" - "149.112.112.112" - ]; - domain-needed = true; # Ensures that DNS queries are only forwarded for domains that are not found in the local configuration. - bogus-priv = true; # Blocks DNS queries for private IP address ranges to prevent accidental exposure of private resources. - no-resolv = true; # Prevents dnsmasq from using /etc/resolv.conf for DNS server configuration. - - # configure DHCP server; get leases by running: `cat /var/lib/dnsmasq/dnsmasq.leases` - dhcp-range = [ "br-lan,172.16.10.50,172.16.10.254,24h" ]; - interface = "br-lan"; - dhcp-host = "172.16.10.1"; - - # local sets the local domain name to "n". Combinded with expand-hosts = true, it will add a .local suffix to any local defined name when trying to resolve it. - local = "/local/"; - domain = "local"; - expand-hosts = true; - - no-hosts = true; # Prevents the use of /etc/hosts. This ensures that the local hosts file is not used to override DNS resolution. - address = "/booping.local/172.16.10.1"; - }; - }; - }; -} diff --git a/hosts/lily/hardware-configuration.nix b/hosts/lily/hardware-configuration.nix deleted file mode 100644 index b0c372b..0000000 --- a/hosts/lily/hardware-configuration.nix +++ /dev/null @@ -1,37 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/75447a73-848e-4b34-a1b3-d5b7a8e804ee"; - fsType = "ext4"; - }; - - swapDevices = - [ { device = "/dev/disk/by-uuid/d4552527-c7c6-4047-929b-aeb3500299e3"; } - ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.eno1.useDHCP = lib.mkDefault true; - # networking.interfaces.eno2.useDHCP = lib.mkDefault true; - # networking.interfaces.enp1s0f0.useDHCP = lib.mkDefault true; - # networking.interfaces.enp1s0f1.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/hosts/lily/variables.nix b/hosts/lily/variables.nix deleted file mode 100644 index 00f986e..0000000 --- a/hosts/lily/variables.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ - lib, - config, - ... -}: -let - inherit (lib) mkOption types; - inherit (config.liv) variables; -in -{ - options.liv.variables.lily = { - thisMachine = mkOption { - default = "lily.srv.${variables.primaryDomain}"; - type = types.str; - readOnly = true; - description = "Domain of this specific machine"; - }; - }; -} diff --git a/hosts/lily/wireguard.nix b/hosts/lily/wireguard.nix deleted file mode 100644 index 0db3279..0000000 --- a/hosts/lily/wireguard.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - -} From 21f93302ccf4ec99d0583725ca1cc39fa1ec1ad6 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Thu, 20 Nov 2025 22:02:06 +0100 Subject: [PATCH 16/17] clean: delete backups script since these are all in different places now --- hosts/violet/backups.nix | 54 ---------------------------------------- 1 file changed, 54 deletions(-) delete mode 100644 hosts/violet/backups.nix diff --git a/hosts/violet/backups.nix b/hosts/violet/backups.nix deleted file mode 100644 index d8183e5..0000000 --- a/hosts/violet/backups.nix +++ /dev/null @@ -1,54 +0,0 @@ -let - borgbackupMonitor = - { - config, - pkgs, - lib, - ... - }: - with lib; - { - key = "borgbackupMonitor"; - _file = "borgbackupMonitor"; - config.systemd.services = - { - "notify-problems@" = { - enable = true; - serviceConfig.User = "liv"; - environment.SERVICE = "%i"; - script = '' - ${pkgs.curl}/bin/curl -d "$SERVICE FAILED! - service $SERVICE on host $(hostname) failed, run journalctl -u $SERVICE for details." - ''; - }; - } - // flip mapAttrs' config.services.borgbackup.jobs ( - name: value: - nameValuePair "borgbackup-job-${name}" { - unitConfig.OnFailure = "notify-problems@%i.service"; - } - ); - - # optional, but this actually forces backup after boot in case laptop was powered off during scheduled event - # for example, if you scheduled backups daily, your laptop should be powered on at 00:00 - config.systemd.timers = flip mapAttrs' config.services.borgbackup.jobs ( - name: value: - nameValuePair "borgbackup-job-${name}" { - timerConfig.Persistent = true; - } - ); - }; - -in -{ - imports = [ borgbackupMonitor ]; - services = { - borgbackup.jobs.liv-violet = { - paths = "/home/liv"; - encryption.mode = "none"; - environment.BORG_RSH = "ssh -i /home/liv/.ssh/id_ed25519"; - repo = "ssh://liv@100.115.178.50:9123/spinners/rootvol/backups/hosts/violet"; - compression = "auto,zstd"; - startAt = "daily"; - }; - }; -} From 3fa1cfe04373b58996db92655d658cfd89c973ba Mon Sep 17 00:00:00 2001 From: Ahwx Date: Thu, 20 Nov 2025 22:02:46 +0100 Subject: [PATCH 17/17] clean: remove unused things --- hosts/dandelion/variables.nix | 17 ----------------- 1 file changed, 17 deletions(-) delete mode 100644 hosts/dandelion/variables.nix diff --git a/hosts/dandelion/variables.nix b/hosts/dandelion/variables.nix deleted file mode 100644 index 241d088..0000000 --- a/hosts/dandelion/variables.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ - lib, - config, - ... -}: let - inherit (lib) mkOption types; - inherit (config.liv) variables; -in { - options.liv.variables.dandelion = { - thisMachine = mkOption { - default = "dandelion.srv.${variables.primaryDomain}"; - type = types.str; - readOnly = true; - description = "Domain of this specific machine"; - }; - }; -}