From 1e47d47dbd6495362a79ff893f06403abf936680 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Wed, 28 May 2025 10:59:58 +0200 Subject: [PATCH 1/9] feat: move partitions (1) --- hosts/sakura/hardware-configuration.nix | 45 ++++++++++++++++--------- 1 file changed, 30 insertions(+), 15 deletions(-) diff --git a/hosts/sakura/hardware-configuration.nix b/hosts/sakura/hardware-configuration.nix index 19346a2..e0d299a 100644 --- a/hosts/sakura/hardware-configuration.nix +++ b/hosts/sakura/hardware-configuration.nix @@ -1,30 +1,45 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" ]; + boot.initrd.availableKernelModules = [ + "nvme" + "xhci_pci" + "thunderbolt" + "usb_storage" + "sd_mod" + ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-amd" ]; boot.extraModulePackages = [ ]; - fileSystems."/" = - { device = "/dev/disk/by-uuid/24035f97-746a-4aec-b1d8-696bc32d3c97"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/24035f97-746a-4aec-b1d8-696bc32d3c97"; + fsType = "ext4"; + }; - boot.initrd.luks.devices."luks-156453ac-bbad-452c-ad92-4fc569db9347".device = "/dev/disk/by-uuid/156453ac-bbad-452c-ad92-4fc569db9347"; + boot.initrd.luks.devices."luks-root".device = "/dev/nvme0n1p3"; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/0EFD-4B3F"; - fsType = "vfat"; - options = [ "fmask=0022" "dmask=0022" ]; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/0EFD-4B3F"; + fsType = "vfat"; + options = [ + "fmask=0022" + "dmask=0022" + ]; + }; swapDevices = [ ]; From 59678dc58a6124e7b01da75139d5347524595a1f Mon Sep 17 00:00:00 2001 From: Ahwx Date: Tue, 3 Jun 2025 16:14:23 +0200 Subject: [PATCH 2/9] feat: adds `freecad` to creative group --- roles/creative.nix | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/roles/creative.nix b/roles/creative.nix index 9546198..37a9200 100644 --- a/roles/creative.nix +++ b/roles/creative.nix @@ -1,8 +1,16 @@ -{ lib, pkgs, config, username, home-manager, ... }: +{ + lib, + pkgs, + config, + username, + home-manager, + ... +}: with lib; let cfg = config.liv.creative; -in { +in +{ options.liv.creative = { enable = mkEnableOption "Enable creative workflow"; }; @@ -17,6 +25,7 @@ in { obs-studio kdePackages.kdenlive orca-slicer + freecad ]; }; }; From 6dc8ddcfc9313d13eaf9a53f8f2d8f36800d1814 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Tue, 3 Jun 2025 16:14:31 +0200 Subject: [PATCH 3/9] fix: music player script --- modules/home/waybar/scripts.nix | 33 +++++++++++++++------------------ 1 file changed, 15 insertions(+), 18 deletions(-) diff --git a/modules/home/waybar/scripts.nix b/modules/home/waybar/scripts.nix index fff7b18..c24b8d3 100644 --- a/modules/home/waybar/scripts.nix +++ b/modules/home/waybar/scripts.nix @@ -155,27 +155,24 @@ "/home/${username}/.local/bin/waybar-music" = { executable = true; text = '' - #!/usr/bin/env bash + #!/usr/bin/env sh - class=$(playerctl metadata --player=ncspot --format '{{lc(status)}}') + META="{{ trunc(artist,17) }} - {{ trunc(title,17) }}" + PLAYERS="spotify ncspot mpv mpd" - if [[ $class == "playing" ]]; then - info=$(playerctl metadata --player=ncspot --format '{{artist}} - {{title}}') - if [[ $\{#info} > 40 ]]; then - info=$(echo $info | cut -c1-40)"..." - fi - text="$info" - elif [[ $class == "paused" ]]; then - info=$(playerctl metadata --player=ncspot --format '{{artist}} - {{title}}') - if [[ $\{#info} > 40 ]]; then - info=$(echo $info | cut -c1-40)"..." - fi - text=" $info" - elif [[ $class == "stopped" ]]; then - text="" - fi + for PLAYER in $PLAYERS; do + # if the player is not playing, continue to the next player, until we find one that is playing + [ "$(playerctl --player=$PLAYER status 2>/dev/null)" != "Playing" ] && continue + text=$(playerctl metadata --player $PLAYER --format "$META") + echo -e "{\"text\":\""$text"\", \"class\":\"Playing\"}" + exit 0 + done - echo -e "{\"text\":\""$text"\", \"class\":\""$class"\"}" + ICON="❚❚ " + PAUSERS="spotify ncspot mpd" + for PAUSER in $PAUSERS; do + [ "$(playerctl --player=$PAUSER status 2>/dev/null)" == "Paused" ] || [ "$(playerctl --player=$PAUSER status 2>/dev/null)" == "Stopped" ] && text="$ICON"$(playerctl metadata --player $PAUSER --format "$META") && echo -e "{\"text\":\""$text"\", \"class\":\""paused"\"}" && exit 0 + done ''; }; "/home/${username}/.local/bin/waybar-devices" = { From c07d0c5f9b1a5793679fe9ffc3de9fd68fb71f6d Mon Sep 17 00:00:00 2001 From: Ahwx Date: Tue, 3 Jun 2025 16:14:44 +0200 Subject: [PATCH 4/9] chore: allow to use imv --- modules/home/zsh.nix | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/modules/home/zsh.nix b/modules/home/zsh.nix index b1457dc..82e98d8 100644 --- a/modules/home/zsh.nix +++ b/modules/home/zsh.nix @@ -111,12 +111,12 @@ export export PATH="''${PATH}:''${HOME}/.local/bin/:''${HOME}/.cargo/bin/:''${HOME}/.fzf/bin/" - if [[ $(which sxiv&>/dev/null && echo 1) == "1" ]]; then - alias imv="sxiv" - elif [[ $(which nsxiv&>/dev/null && echo 1) == "1" ]]; then - alias imv="nsxiv" - alias sxiv="nsxiv" - fi + # if [[ $(which sxiv&>/dev/null && echo 1) == "1" ]]; then + # alias imv="sxiv" + # elif [[ $(which nsxiv&>/dev/null && echo 1) == "1" ]]; then + # alias imv="nsxiv" + # alias sxiv="nsxiv" + # fi ''; zsh-abbr = { @@ -173,6 +173,7 @@ # nvim = "nix run /home/liv/Development/nixvim --"; vim = "nvim"; doas = "sudo"; + sxiv = "nsxiv"; # NixOS ns = "nix-shell --run zsh"; From 90bf2a8891e00c83586cdb023f19b8261784e743 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Tue, 3 Jun 2025 21:00:03 +0200 Subject: [PATCH 5/9] chore: switch back to frp since haproxy was causing a lot of issues --- modules/services/nginx.nix | 59 +++++++++++++------------------------- 1 file changed, 20 insertions(+), 39 deletions(-) diff --git a/modules/services/nginx.nix b/modules/services/nginx.nix index 952473a..6e6f98f 100644 --- a/modules/services/nginx.nix +++ b/modules/services/nginx.nix @@ -37,41 +37,35 @@ recommendedProxySettings = true; clientMaxBodySize = lib.mkDefault "10G"; - defaultListen = - let - listen = [ - { - addr = "[::]"; - port = 80; - extraParameters = [ "proxy_protocol" ]; - } - { - addr = "[::]"; - port = 443; - ssl = true; - extraParameters = [ "proxy_protocol" ]; - } - ]; - in - map (x: (x // { addr = "0.0.0.0"; })) listen ++ listen; + #defaultListen = + # let + # listen = [ + # { + # addr = "[::]"; + # port = 80; + # extraParameters = [ "proxy_protocol" ]; + # } + # { + # addr = "[::]"; + # port = 443; + # ssl = true; + # extraParameters = [ "proxy_protocol" ]; + # } + # ]; + # in + # map (x: (x // { addr = "0.0.0.0"; })) listen ++ listen; # Hardened TLS and HSTS preloading appendHttpConfig = '' # Proxying # real_ip_header proxy_protocol; - server { - listen 80 proxy_protocol; - listen 443 ssl proxy_protocol; - # set_real_ip_from 10.7.0.0/24; - } - ssl_certificate /var/lib/acme/quack.social/cert.pem; ssl_certificate_key /var/lib/acme/quack.social/key.pem; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $proxy_protocol_addr; - proxy_set_header X-Forwarded-For $proxy_protocol_addr; + # proxy_set_header Host $host; + # proxy_set_header X-Real-IP $proxy_protocol_addr; + # proxy_set_header X-Forwarded-For $proxy_protocol_addr; # Add HSTS header with preloading to HTTPS requests. # Do not add HSTS header to HTTP requests. @@ -98,19 +92,6 @@ add_header pronouns "any but neopronouns"; add_header locale "[en_US, nl_NL]"; ''; - appendConfig = '' - # https://docs.nginx.com/nginx/admin-guide/load-balancer/using-proxy-protocol/ - # set_real_ip_from 213.210.34.27; - - # real_ip_header proxy_protocol; - - # proxy_set_header Host $host; - # proxy_set_header X-Real-IP $proxy_protocol_addr; - # proxy_set_header X-Forwarded-For $proxy_protocol_addr; - # proxy_set_header X-Forwarded-Proto $scheme; - # proxy_set_header X-Forwarded-Host $host; - # proxy_set_header X-Forwarded-Server $host; - ''; }; networking.firewall = { allowedTCPPorts = [ From 24dce0c042f780ae381735b2106f0f0b93711e77 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Tue, 3 Jun 2025 21:01:54 +0200 Subject: [PATCH 6/9] chore: close firewall more --- modules/services/monitoring.nix | 10 +++++----- modules/services/mumble.nix | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/modules/services/monitoring.nix b/modules/services/monitoring.nix index a22d5f9..43b5319 100644 --- a/modules/services/monitoring.nix +++ b/modules/services/monitoring.nix @@ -23,9 +23,9 @@ ]; }; }; - networking.firewall = { - allowedTCPPorts = [ - 9001 - ]; - }; + # networking.firewall = { + # allowedTCPPorts = [ + # 9001 + # ]; + # }; } diff --git a/modules/services/mumble.nix b/modules/services/mumble.nix index 14c9487..eaa0836 100644 --- a/modules/services/mumble.nix +++ b/modules/services/mumble.nix @@ -2,6 +2,6 @@ { services.murmur = { enable = true; - openFirewall = true; + openFirewall = false; }; } From ae99b36e630ae404b2d1dcd1b6c26d351d054bbb Mon Sep 17 00:00:00 2001 From: Ahwx Date: Tue, 3 Jun 2025 21:02:19 +0200 Subject: [PATCH 7/9] chore: move ssh port --- modules/core/sshd.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/core/sshd.nix b/modules/core/sshd.nix index 6e1a9e8..13fba58 100644 --- a/modules/core/sshd.nix +++ b/modules/core/sshd.nix @@ -2,7 +2,7 @@ { services.openssh = { enable = true; - ports = [ 22 ]; + ports = [ 9123 ]; settings = { PasswordAuthentication = lib.mkDefault false; AllowUsers = null; From 730364b7f82e3045a570c27cb21c79f577f0a7b2 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Tue, 3 Jun 2025 21:02:38 +0200 Subject: [PATCH 8/9] chore: disable avahi as it doesn't work anyways --- modules/core/printing.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/core/printing.nix b/modules/core/printing.nix index 7622bee..0bf8a60 100644 --- a/modules/core/printing.nix +++ b/modules/core/printing.nix @@ -1,7 +1,7 @@ { pkgs, ... }: { services.avahi = { - enable = true; + enable = false; nssmdns4 = true; openFirewall = true; }; From 378029b6bb37527cdde0aa2a5bfe93538d45d024 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Tue, 3 Jun 2025 21:52:35 +0200 Subject: [PATCH 9/9] feat: enable tailscale for dandelion --- modules/services/dandelion.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/services/dandelion.nix b/modules/services/dandelion.nix index 74ad09f..edf193d 100644 --- a/modules/services/dandelion.nix +++ b/modules/services/dandelion.nix @@ -7,5 +7,6 @@ ++ [ (import ./home-assistant.nix) ] ++ [ (import ./monitoring.nix) ] ++ [ (import ./smart-monitoring.nix) ] + ++ [ (import ./tailscale.nix) ] ++ [ (import ./hd-idle.nix) ]; }