chore: merge remote-tracking branch 'refs/remotes/origin/master'

2025-12-04 06:50:14 +01:00 · 2025-11-21 11:50:22 +01:00 · 2025-11-21 11:50:22 +01:00 · a83e6f907a
commit a83e6f907a
parent c22b806b15 3fa1cfe043
22 changed files with 142 additions and 451 deletions
--- a/modules/core/sops.nix
+++ b/modules/core/sops.nix
@ -19,11 +19,13 @@
          "systemMailerPassword" = { };
          "forgejoWorkerSecret" = { };
          "minioRootCredentials" = { };
+          "atticdEnvironment" = { };
          "matrixRegistrationSecret" = {
            owner = "matrix-synapse";
          };
          "smbLoginDetails" = { };
          "syncplay" = { };
+          "funkwhaleDjangoSecret" = { };
        }
      else if (host == "sakura") then
        {
--- a/modules/core/sshd.nix
+++ b/modules/core/sshd.nix
@ -20,6 +20,7 @@
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKQtG69zrMFsoHForwZEi66y1tPvctqg1OgjQFrF3OI+ liv@iris" # iris
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINKI2KQn97mykFLIaMUWMftA1txJec9qW56hAMj5/MhE liv@dandelion" # dandelion
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILwDS8tXjGjUtk3eQAaPf0S0f9JgwEGPlNYQ7OvACX1Z liv@imilia" # imilia
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN7Qlz0vKb8EtqiyRRz1PLmcWR9mxq39BaAcUU4Ls2pM liv@myrtle" # myrtle

    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7mHVQp99G0osUAtnVoq5TARR8x5wjCkdbe7ChnzLRa liv@azalea" # linux phone
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ2nsQHyWnrmuQway0ehoMUcYYfhD8Ph/vpD0Tzip1b1 liv@meow" # xz1c
--- a/modules/home/hyprland/config.nix
+++ b/modules/home/hyprland/config.nix
@ -36,11 +36,12 @@
        "mpDris2 &"
        "foot --server &"
        "hyprfloat &"
+        "gsettings set org.gnome.desktop.interface color-scheme 'prefer-dark' &"
      ];

      input = {
        kb_layout = "us,jp";
-        kb_options = "caps:ctrl_modifier";
+        kb_options = "caps:ctrl_modifier,compose:ralt";
        numlock_by_default = true;
        follow_mouse = 1;
        sensitivity = 0;
@ -171,6 +172,7 @@
        "$mainMod, Space, togglefloating,"
        "$mainMod, D, exec, bemenu-run -l 5 --ignorecase"
        "SUPER SHIFT, L, exec, swaylock --image /home/${username}/.local/share/bg.png"
+        "SUPER, L, exec, swaylock --image /home/${username}/.local/share/bg.png"
        "$mainMod, E, exec, thunar"
        "$mainMod SHIFT, B, exec, pkill -SIGUSR1 .waybar-wrapped"
        "$mainMod, C,exec, hyprpicker -a"
@ -269,6 +271,10 @@
        "$mainMod, XF86MonBrightnessDown, exec, brightnessctl set 100%-"
      ];

+      bindl = [
+        ",switch:[Lid Switch], exec, hyprlock"
+      ];
+
      # mouse binding
      bindm = [
        "$mainMod, mouse:272, movewindow"
--- a/modules/home/hyprland/default.nix
+++ b/modules/home/hyprland/default.nix
@ -1,9 +1,11 @@
-{ inputs, ... }: 
+{ inputs, ... }:
 {
-  imports = [ (import ./hyprland.nix) ]
+  imports =
+    [ (import ./hyprland.nix) ]
    ++ [ (import ./config.nix) ]
    ++ [ (import ./scripts.nix) ]
    ++ [ (import ./variables.nix) ]
-    # ++ [ (import ./hyprlock.nix) ]
+    ++ [ (import ./../hyprsunset.nix) ]
+    ++ [ (import ./../hyprlock.nix) ]
    ++ [ inputs.hyprland.homeManagerModules.default ];
 }
--- a/modules/home/hyprsunset.nix
+++ b/modules/home/hyprsunset.nix
@ -0,0 +1,16 @@
+{
+  services.hyprsunset.enable = true;
+
+  home.file.".config/hypr/hyprsunset.conf".text = ''
+    max-gamma = 200;
+    profile {
+      time = 06:00;
+      identity = true;
+    }
+    profile {
+      time = 21:00;
+      temperature = 5500;
+      gamma = 0.8;
+    }
+  '';
+}
--- a/modules/home/sway/default.nix
+++ b/modules/home/sway/default.nix
@ -198,11 +198,12 @@ in
        { command = "swaycons &"; }
        # { command = "wlsunset -S '06:30' -s '19:30' -d 1800 "; }
        { command = "foot --server &"; }
+        { command = "gsettings set org.gnome.desktop.interface color-scheme 'prefer-dark'"; }
        { command = "footclient"; }
      ];
      workspaceAutoBackAndForth = false;
    };
-    # systemd.enable = true; # ???
+    # systemd.enable = true; # why would anyone do this???
    wrapperFeatures = {
      gtk = true;
    };
--- a/modules/home/waybar/default.nix
+++ b/modules/home/waybar/default.nix
@ -295,7 +295,7 @@
          },

          "battery": {
-            "bat": "BAT0",
+            "bat": "BAT1",
            "interval": 20,
            "states": {
              "warning": 20,
--- a/modules/services/attic.nix
+++ b/modules/services/attic.nix
@ -0,0 +1,52 @@
+{ config, ... }:
+{
+  services = {
+    atticd = {
+      enable = true;
+
+      # File containing the server token in the following format:
+      #   ATTIC_SERVER_TOKEN_RS256_SECRET_BASE64=<...>
+      # You can generate the token by running the following command:
+      #   openssl genrsa -traditional 4096 | base64 -w0
+      environmentFile = config.sops.secrets.atticdEnvironment.path;
+      settings = {
+        # Listen on some port. Replace it!
+        listen = "[::]:8060";
+        # The two lines below should be set to the URL where your Attic cache will be available.
+        allowed-hosts = [ "cache.liv.town" ];
+        # Apparently it's very important this ends in a "/"
+        api-endpoint = "https://cache.liv.town/";
+        jwt = { };
+        database = {
+          # I used Postgres here, but if you leave it empty
+          # it will use an in-memory SQLite DB instead.
+          # url = "postgresql://atticd@127.0.0.1/atticd";
+          # heartbeat = true;
+        };
+        storage = {
+          # You could also use S3 here. But nah lol shit's expensive.
+          type = "local";
+          # Leave this empty to use the default path,
+          # or change it to some path that Attic can write to.
+          path = "/mnt/nfs/violet/nix";
+        };
+      };
+    };
+    anubis.instances.atticd = {
+      settings = {
+        TARGET = "http://localhost:8060";
+        BIND = ":8061";
+        BIND_NETWORK = "tcp";
+      };
+    };
+    nginx.virtualHosts."cache.liv.town" = {
+      forceSSL = true;
+      sslCertificate = "/var/lib/acme/liv.town/cert.pem";
+      sslCertificateKey = "/var/lib/acme/liv.town/key.pem";
+      locations."/" = {
+        proxyPass = "http://localhost${toString config.services.anubis.instances.atticd.settings.BIND}";
+        proxyWebsockets = true;
+      };
+    };
+  };
+}
--- a/modules/services/forgejo.nix
+++ b/modules/services/forgejo.nix
@ -46,19 +46,28 @@ in
      };
      secrets.mailer.PASSWD = config.sops.secrets.systemMailerPassword.path;
    };
-    gitea-actions-runner = {
-      package = pkgs.forgejo-runner;
-      instances.code-liv-town = {
-        enable = true;
-        name = "forgejo-01";
-        tokenFile = "${config.sops.secrets.forgejoWorkerSecret.path}";
-        url = "https://code.liv.town";
-        labels = [
-          "node-22:docker://node:22-bookworm"
-          "nixos-latest:docker://nixos/nix"
-        ];
-      };
-    };
+    # gitea-actions-runner = {
+    #   package = pkgs.forgejo-runner;
+    #   instances.forgejo-01 = {
+    #     enable = true;
+    #     name = "forgejo-01";
+    #     tokenFile = "${config.sops.secrets.forgejoWorkerSecret.path}";
+    #     url = "https://code.liv.town";
+    #     labels = [
+    #       "node-22:docker://node:22-bookworm"
+    #       "nixos-latest:docker://nixos/nix"
+    #       # "docker:docker://node:24-alpine"
+    #       # "alpine-latest:docker://node:24-alpine"
+    #     ];
+    #     settings = {
+    #       log.level = "info";
+    #       runner = {
+    #         file = ".runner";
+    #         timeout = "3h";
+    #       };
+    #     };
+    #   };
+    # };
    anubis.instances.forgejo = {
      settings = {
        TARGET = "http://localhost:3050";
--- a/modules/services/funkwhale.nix
+++ b/modules/services/funkwhale.nix
@ -0,0 +1,16 @@
+{ config, inputs, ... }:
+{
+  nixpkgs.overlays = [ inputs.funkwhale.overlay ];
+  services = {
+    funkwhale = {
+      enable = true;
+      hostname = "music.liv.town";
+      defaultFromEmail = "notifications@liv.town";
+      protocol = "https";
+      forceSSL = true; # uncomment when LetsEncrypt needs to access "http:" in order to check domain
+      api = {
+        djangoSecretKeyFile = config.sops.secrets.funkwhaleDjangoSecret.path;
+      };
+    };
+  };
+}
--- a/modules/services/ollama.nix
+++ b/modules/services/ollama.nix
@ -3,7 +3,7 @@
    enable = true;
    # Optional: preload models, see https://ollama.com/library
    # loadModels = [ "llama3.2:3b" "deepseek-r1:1.5b"];
-    # acceleration = "rocm"; # nope, 5700XT is too old for this
+    acceleration = "rocm"; # nope, 5700XT is too old for this
  };
-  services.open-webui.enable = false;
+  services.open-webui.enable = true;
 }
--- a/modules/services/violet.nix
+++ b/modules/services/violet.nix
@ -3,12 +3,14 @@
  imports =
    [ (import ./invidious.nix) ]
    ++ [ (import ./anubis.nix) ]
+    ++ [ (import ./attic.nix) ]
    ++ [ (import ./borg.nix) ]
    ++ [ (import ./binternet-proxy.nix) ]
    ++ [ (import ./bluemap-proxy.nix) ]
    ++ [ (import ./docker.nix) ]
    ++ [ (import ./email.nix) ]
    ++ [ (import ./forgejo.nix) ]
+    # ++ [ (import ./funkwhale.nix) ]
    ++ [ (import ./grafana.nix) ]
    ++ [ (import ./guacamole.nix) ]
    ++ [ (import ./gokapi.nix) ]