2025-12-05 07:05:40 +01:00
10 changed files with 88 additions and 92 deletions
--- a/hosts/sakura/hardware-configuration.nix
+++ b/hosts/sakura/hardware-configuration.nix
@ -1,44 +1,29 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{
-  config,
-  lib,
-  pkgs,
-  modulesPath,
-  ...
-}:
+{ config, lib, pkgs, modulesPath, ... }:

 {
-  imports = [
-    (modulesPath + "/installer/scan/not-detected.nix")
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
    ];

-  boot.initrd.availableKernelModules = [
-    "nvme"
-    "xhci_pci"
-    "thunderbolt"
-    "usb_storage"
-    "sd_mod"
-  ];
+  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-amd" ];
  boot.extraModulePackages = [ ];

-  fileSystems."/" = {
-    device = "/dev/disk/by-uuid/24035f97-746a-4aec-b1d8-696bc32d3c97";
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/24035f97-746a-4aec-b1d8-696bc32d3c97";
      fsType = "ext4";
    };

-  boot.initrd.luks.devices."luks-root".device = "/dev/nvme0n1p3";
+  boot.initrd.luks.devices."luks-156453ac-bbad-452c-ad92-4fc569db9347".device = "/dev/disk/by-uuid/156453ac-bbad-452c-ad92-4fc569db9347";

-  fileSystems."/boot" = {
-    device = "/dev/disk/by-uuid/0EFD-4B3F";
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/0EFD-4B3F";
      fsType = "vfat";
-    options = [
-      "fmask=0022"
-      "dmask=0022"
-    ];
+      options = [ "fmask=0022" "dmask=0022" ];
    };

  swapDevices = [ ];
--- a/modules/core/printing.nix
+++ b/modules/core/printing.nix
@ -1,7 +1,7 @@
 { pkgs, ... }:
 {
  services.avahi = {
-    enable = false;
+    enable = true;
    nssmdns4 = true;
    openFirewall = true;
  };
--- a/modules/core/sshd.nix
+++ b/modules/core/sshd.nix
@ -2,7 +2,7 @@
 {
  services.openssh = {
    enable = true;
-    ports = [ 9123 ];
+    ports = [ 22 ];
    settings = {
      PasswordAuthentication = lib.mkDefault false;
      AllowUsers = null;
--- a/modules/home/waybar/scripts.nix
+++ b/modules/home/waybar/scripts.nix
@ -155,24 +155,27 @@
    "/home/${username}/.local/bin/waybar-music" = {
      executable = true;
      text = ''
-        #!/usr/bin/env sh
+        #!/usr/bin/env bash

-        META="{{ trunc(artist,17) }} - {{ trunc(title,17) }}"
-        PLAYERS="spotify ncspot mpv mpd"
+        class=$(playerctl metadata --player=ncspot --format '{{lc(status)}}')

-        for PLAYER in $PLAYERS; do
-        	# if the player is not playing, continue to the next player, until we find one that is playing
-        	[ "$(playerctl --player=$PLAYER status 2>/dev/null)" != "Playing" ] && continue
-        	text=$(playerctl metadata --player $PLAYER --format "$META")
-        	echo -e "{\"text\":\""$text"\", \"class\":\"Playing\"}"
-        	exit 0
-        done
+        if [[ $class == "playing" ]]; then
+          info=$(playerctl metadata --player=ncspot --format '{{artist}} - {{title}}')
+          if [[ $\{#info} > 40 ]]; then
+            info=$(echo $info | cut -c1-40)"..."
+          fi
+          text="$info"
+        elif [[ $class == "paused" ]]; then
+          info=$(playerctl metadata --player=ncspot --format '{{artist}} - {{title}}')
+          if [[ $\{#info} > 40 ]]; then
+            info=$(echo $info | cut -c1-40)"..."
+          fi
+          text=" $info"
+        elif [[ $class == "stopped" ]]; then
+          text=""
+        fi

-        ICON="❚❚ "
-        PAUSERS="spotify ncspot mpd"
-        for PAUSER in $PAUSERS; do
-        	[ "$(playerctl --player=$PAUSER status 2>/dev/null)" == "Paused" ] || [ "$(playerctl --player=$PAUSER status 2>/dev/null)" == "Stopped" ] && text="$ICON"$(playerctl metadata --player $PAUSER --format "$META") && echo -e "{\"text\":\""$text"\", \"class\":\""paused"\"}" && exit 0
-        done
+        echo -e "{\"text\":\""$text"\", \"class\":\""$class"\"}"
      '';
    };
    "/home/${username}/.local/bin/waybar-devices" = {
--- a/modules/home/zsh.nix
+++ b/modules/home/zsh.nix
@ -111,12 +111,12 @@

        export export PATH="''${PATH}:''${HOME}/.local/bin/:''${HOME}/.cargo/bin/:''${HOME}/.fzf/bin/"

-        # if [[ $(which sxiv&>/dev/null && echo 1) == "1" ]]; then
-        #   alias imv="sxiv"
-        # elif [[ $(which nsxiv&>/dev/null && echo 1) == "1" ]]; then
-        #   alias imv="nsxiv"
-        #   alias sxiv="nsxiv"
-        # fi
+        if [[ $(which sxiv&>/dev/null && echo 1) == "1" ]]; then
+          alias imv="sxiv"
+        elif [[ $(which nsxiv&>/dev/null && echo 1) == "1" ]]; then
+          alias imv="nsxiv"
+          alias sxiv="nsxiv"
+        fi
      '';

      zsh-abbr = {
@ -173,7 +173,6 @@
        # nvim = "nix run /home/liv/Development/nixvim --";
        vim = "nvim";
        doas = "sudo";
-        sxiv = "nsxiv";

        # NixOS
        ns = "nix-shell --run zsh";
--- a/modules/services/dandelion.nix
+++ b/modules/services/dandelion.nix
@ -7,6 +7,5 @@
    ++ [ (import ./home-assistant.nix) ]
    ++ [ (import ./monitoring.nix) ]
    ++ [ (import ./smart-monitoring.nix) ]
-    ++ [ (import ./tailscale.nix) ]
    ++ [ (import ./hd-idle.nix) ];
 }
--- a/modules/services/monitoring.nix
+++ b/modules/services/monitoring.nix
@ -23,9 +23,9 @@
      ];
    };
  };
-  # networking.firewall = {
-  # allowedTCPPorts = [
-  # 9001
-  # ];
-  # };
+  networking.firewall = {
+    allowedTCPPorts = [
+      9001
+    ];
+  };
 }
--- a/modules/services/mumble.nix
+++ b/modules/services/mumble.nix
@ -2,6 +2,6 @@
 {
  services.murmur = {
    enable = true;
-    openFirewall = false;
+    openFirewall = true;
  };
 }
--- a/modules/services/nginx.nix
+++ b/modules/services/nginx.nix
@ -37,35 +37,41 @@
    recommendedProxySettings = true;
    clientMaxBodySize = lib.mkDefault "10G";

-    #defaultListen =
-    #  let
-    #    listen = [
-    #      {
-    #        addr = "[::]";
-    #        port = 80;
-    #        extraParameters = [ "proxy_protocol" ];
-    #      }
-    #      {
-    #        addr = "[::]";
-    #        port = 443;
-    #        ssl = true;
-    #        extraParameters = [ "proxy_protocol" ];
-    #      }
-    #    ];
-    #  in
-    #  map (x: (x // { addr = "0.0.0.0"; })) listen ++ listen;
+    defaultListen =
+      let
+        listen = [
+          {
+            addr = "[::]";
+            port = 80;
+            extraParameters = [ "proxy_protocol" ];
+          }
+          {
+            addr = "[::]";
+            port = 443;
+            ssl = true;
+            extraParameters = [ "proxy_protocol" ];
+          }
+        ];
+      in
+      map (x: (x // { addr = "0.0.0.0"; })) listen ++ listen;

    # Hardened TLS and HSTS preloading
    appendHttpConfig = ''
      # Proxying
      # real_ip_header proxy_protocol;

+      server {
+        listen 80   proxy_protocol;
+        listen 443  ssl proxy_protocol;
+        # set_real_ip_from 10.7.0.0/24;
+      }
+
      ssl_certificate /var/lib/acme/quack.social/cert.pem;
      ssl_certificate_key /var/lib/acme/quack.social/key.pem;

-      # proxy_set_header Host            $host;
-      # proxy_set_header X-Real-IP       $proxy_protocol_addr;
-      # proxy_set_header X-Forwarded-For $proxy_protocol_addr;
+      proxy_set_header Host            $host;
+      proxy_set_header X-Real-IP       $proxy_protocol_addr;
+      proxy_set_header X-Forwarded-For $proxy_protocol_addr;

      # Add HSTS header with preloading to HTTPS requests.
      # Do not add HSTS header to HTTP requests.
@ -92,6 +98,19 @@
      add_header pronouns "any but neopronouns";
      add_header locale "[en_US, nl_NL]";
    '';
+    appendConfig = ''
+      # https://docs.nginx.com/nginx/admin-guide/load-balancer/using-proxy-protocol/
+      # set_real_ip_from 213.210.34.27;
+
+      # real_ip_header proxy_protocol;
+
+      # proxy_set_header Host               $host;
+      # proxy_set_header X-Real-IP          $proxy_protocol_addr;
+      # proxy_set_header X-Forwarded-For    $proxy_protocol_addr;
+      # proxy_set_header X-Forwarded-Proto  $scheme;
+      # proxy_set_header X-Forwarded-Host   $host;
+      # proxy_set_header X-Forwarded-Server $host;
+    '';
  };
  networking.firewall = {
    allowedTCPPorts = [
--- a/roles/creative.nix
+++ b/roles/creative.nix
@ -1,16 +1,8 @@
-{
-  lib,
-  pkgs,
-  config,
-  username,
-  home-manager,
-  ...
-}:
+{ lib, pkgs, config, username, home-manager, ... }:
 with lib;
 let
  cfg = config.liv.creative;
-in
-{
+in {
  options.liv.creative = {
    enable = mkEnableOption "Enable creative workflow";
  };
@ -25,7 +17,6 @@ in
          obs-studio
          kdePackages.kdenlive
          orca-slicer
-          freecad
        ];
      };
    };