From 87d35346c5765ba9b3b58e376de1a57b18a0ba8f Mon Sep 17 00:00:00 2001 From: Ahwx Date: Fri, 1 Aug 2025 10:13:42 +0200 Subject: [PATCH 1/7] chore: partition disk `sda` with `mbr` so that grub wont be mad --- hosts/hazel/disko.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hosts/hazel/disko.nix b/hosts/hazel/disko.nix index d308f8b..957609b 100644 --- a/hosts/hazel/disko.nix +++ b/hosts/hazel/disko.nix @@ -5,11 +5,11 @@ ]; disko.devices = { disk = { - my-disk = { + sda = { device = "/dev/sda"; type = "disk"; content = { - type = "gpt"; + type = "mbr"; partitions = { ESP = { type = "EF00"; From d07c7417478b6ae2791abde7ba4d372bfdcd6a15 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Fri, 1 Aug 2025 10:13:54 +0200 Subject: [PATCH 2/7] chore: adds winbox --- modules/home/packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/home/packages.nix b/modules/home/packages.nix index ec02ef3..d1ec514 100644 --- a/modules/home/packages.nix +++ b/modules/home/packages.nix @@ -28,6 +28,7 @@ let lxqt.pavucontrol-qt mpv plasma5Packages.kdeconnect-kde + winbox # onthespot-overlay # Gaming From 3c265f96fdbeaa2e56343ae21871197bc4788dfe Mon Sep 17 00:00:00 2001 From: Ahwx Date: Fri, 1 Aug 2025 10:14:09 +0200 Subject: [PATCH 3/7] chore: adds `dandelion` to sops file --- .sops.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.sops.yaml b/.sops.yaml index 071f3c5..ca78916 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,6 +1,7 @@ keys: - &sakura age1yzapmznelujajfyrpw5mxmy86ckg377494w5ap4yej39jatewursfxls9w - &violet age1zegau3chyn53tqvkwud6tuyggpkazc88pdkqv8cknavaudu49enqm2f0h3 + - &dandelion age1dpzajxcx7dcumda55qc3hncxqd43a7k85t2cdwtcvy5qsgp6k5tsugxqmd creation_rules: - path_regex: secrets/secrets.yaml key_groups: @@ -11,3 +12,8 @@ creation_rules: - age: - *sakura - *violet + - path_regex: secrets/dandelion/secrets.yaml + key_groups: + - age: + - *sakura + - *dandelion From 1d735c345a15c65e853aa29d99aeb6281b29f7cf Mon Sep 17 00:00:00 2001 From: Ahwx Date: Fri, 1 Aug 2025 10:19:50 +0200 Subject: [PATCH 4/7] fix: set `avahi.enable` to `lib.mkDefault false` instead of `false` so that individual hosts can override this --- modules/core/network.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/core/network.nix b/modules/core/network.nix index dd950fc..9cb9355 100644 --- a/modules/core/network.nix +++ b/modules/core/network.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ pkgs, lib, ... }: { networking = { networkmanager = { @@ -11,6 +11,6 @@ }; }; services = { - avahi.enable = false; + avahi.enable = lib.mkDefault false; }; } From 7e88abdfc1e458054777659e3dbfbcdcaf3e01a4 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Fri, 1 Aug 2025 10:20:46 +0200 Subject: [PATCH 5/7] chore: set `avahi.enable` to `lib.mkForce true` as it is being disabled by default for all networking-enabled machines --- modules/services/nfs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/services/nfs.nix b/modules/services/nfs.nix index 5391100..f49ee2e 100644 --- a/modules/services/nfs.nix +++ b/modules/services/nfs.nix @@ -26,7 +26,7 @@ # ^^ Needed to allow samba to automatically register mDNS records (without the need for an `extraServiceFile` #nssmdns4 = true; # ^^ Not one hundred percent sure if this is needed- if it aint broke, don't fix it - enable = true; + enable = lib.mkForce true; openFirewall = true; }; samba-wsdd = { From 5cfbf7437d6cb9acd25cd94eba54108665ba8444 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Fri, 1 Aug 2025 10:21:03 +0200 Subject: [PATCH 6/7] feat: adds `secrets.yaml` file for `dandelion` --- secrets/dandelion/secrets.yaml | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 secrets/dandelion/secrets.yaml diff --git a/secrets/dandelion/secrets.yaml b/secrets/dandelion/secrets.yaml new file mode 100644 index 0000000..110de11 --- /dev/null +++ b/secrets/dandelion/secrets.yaml @@ -0,0 +1,25 @@ +systemMailerPassword: ENC[AES256_GCM,data:b9Mmxo3beDpo1pi1Y+5TZn64ZeKJzJXlJwYFs5BjVMngeej+Y0naWmwBdlTEwzPm6OiO/N1haNQUlwT4KdOTx7t8PsZwQ5dOQl1gjWp0T+0ImWLImvINyvDIg6uh9RsvqLIJBvgLAtiUHE3jq7vLwDPaZ69tvjmGACNfNKX8A0A=,iv:BvmZ7GtDsHFWSY+cL10P1e7I75ZwrzjFJ6e5J2IbEic=,tag:g9yqAQtJ9kD3o1cfng0gTA==,type:str] +sops: + age: + - recipient: age1yzapmznelujajfyrpw5mxmy86ckg377494w5ap4yej39jatewursfxls9w + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIcHFGUFltcUVSNnJXNWhI + TU5ySU1SQXVYdUFNOUlXdmZzYTZnZFhWQVJnCmV6T1duSnlGejNMc1hDUHovYTJE + Ri93OURqaEVrd0xCRUZZdWhsKzI1QkEKLS0tIExDeE9BNUxoYjhzWjBrM1FIUzV1 + cGpiNmJ6blQ2c1FiOEFnNllrbWxjWmsKDXsXc2tlmgXHmEveCVq1WMrFRtzLttgc + 0sMlwMFo71eV5JWrDjPbg0WwXonGI9TILJ09FFSTK7FRhwyFpgL6TA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1dpzajxcx7dcumda55qc3hncxqd43a7k85t2cdwtcvy5qsgp6k5tsugxqmd + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxS250MmZyazRFVGMzdzVy + T09EaE1lY1h1d3BiMFRlNWV2SXNXNFBuekRnClRieVJrbGFMRjdCZEFVUjdoa2JQ + K1RzalZBVThOMWl3T2pZakxUTUI5cXcKLS0tIHBPeVdtUmtCUmtOTVVRZlNwUXpO + L1d2bW5tRDhjQ2VaU0xDWWlZYi94TEUKvjD1Pk8/Jq18nCJioeVBYbfaT3rSYr4l + aZ+j21bb7tE3JbUQfGkYo2blJqZsxFxblZlvf6tK2DU39Tl64naUpQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-08-01T08:17:35Z" + mac: ENC[AES256_GCM,data:WrMLYUSjwh0MOPPAjGTzLip5I+4LxrQoSreKANsl6xwakMmDKzENgp3kzsZyAqWaX6OgLWh1YrpnN+9z6n3UDi+LGYj1WZwHeZnBCwnuyq9cyAhLdPxcvqp0bcNaZfI04IUPpMTk/8o14gpTsbCYy+eIUc/19golYN2NKr2B03Y=,iv:Np1OeYCWdnun3QlQ8MAPd2TRMFwdx1l3Ca0JffqCv64=,tag:jTLzww9TKQnmkla2PhCR1Q==,type:str] + unencrypted_suffix: _unencrypted + version: 3.10.2 From 17acf4b2d8527e204e9ca567d63051503622e0da Mon Sep 17 00:00:00 2001 From: Ahwx Date: Fri, 1 Aug 2025 10:24:49 +0200 Subject: [PATCH 7/7] feat: adds `else if` for `dandelion` --- modules/core/sops.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/core/sops.nix b/modules/core/sops.nix index 1e4847a..1ec50d1 100644 --- a/modules/core/sops.nix +++ b/modules/core/sops.nix @@ -26,6 +26,10 @@ { "systemMailerPassword" = { }; } + else if (host == "dandelion") then + { + "systemMailerPassword" = { }; + } else { }; };