feat: enable tailscale for dandelion

chore: merge remote-tracking branch 'refs/remotes/origin/master'
chore: disable avahi as it doesn't work anyways
2025-12-05 15:15:39 +01:00 · 2025-06-03 21:52:35 +02:00 · 2025-06-03 21:52:21 +02:00 · 2025-06-03 21:02:38 +02:00 · 2025-06-03 21:02:24 +02:00 · 2025-06-03 21:01:54 +02:00
10 changed files with 92 additions and 88 deletions
--- a/hosts/sakura/hardware-configuration.nix
+++ b/hosts/sakura/hardware-configuration.nix
@ -1,29 +1,44 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}:

 {
-  imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
  ];

-  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" ];
+  boot.initrd.availableKernelModules = [
+    "nvme"
+    "xhci_pci"
+    "thunderbolt"
+    "usb_storage"
+    "sd_mod"
+  ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-amd" ];
  boot.extraModulePackages = [ ];

-  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/24035f97-746a-4aec-b1d8-696bc32d3c97";
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/24035f97-746a-4aec-b1d8-696bc32d3c97";
    fsType = "ext4";
  };

-  boot.initrd.luks.devices."luks-156453ac-bbad-452c-ad92-4fc569db9347".device = "/dev/disk/by-uuid/156453ac-bbad-452c-ad92-4fc569db9347";
+  boot.initrd.luks.devices."luks-root".device = "/dev/nvme0n1p3";

-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/0EFD-4B3F";
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/0EFD-4B3F";
    fsType = "vfat";
-      options = [ "fmask=0022" "dmask=0022" ];
+    options = [
+      "fmask=0022"
+      "dmask=0022"
+    ];
  };

  swapDevices = [ ];
--- a/modules/core/printing.nix
+++ b/modules/core/printing.nix
@ -1,7 +1,7 @@
 { pkgs, ... }:
 {
  services.avahi = {
-    enable = true;
+    enable = false;
    nssmdns4 = true;
    openFirewall = true;
  };
--- a/modules/core/sshd.nix
+++ b/modules/core/sshd.nix
@ -2,7 +2,7 @@
 {
  services.openssh = {
    enable = true;
-    ports = [ 22 ];
+    ports = [ 9123 ];
    settings = {
      PasswordAuthentication = lib.mkDefault false;
      AllowUsers = null;
--- a/modules/home/waybar/scripts.nix
+++ b/modules/home/waybar/scripts.nix
@ -155,27 +155,24 @@
    "/home/${username}/.local/bin/waybar-music" = {
      executable = true;
      text = ''
-        #!/usr/bin/env bash
+        #!/usr/bin/env sh

-        class=$(playerctl metadata --player=ncspot --format '{{lc(status)}}')
+        META="{{ trunc(artist,17) }} - {{ trunc(title,17) }}"
+        PLAYERS="spotify ncspot mpv mpd"

-        if [[ $class == "playing" ]]; then
-          info=$(playerctl metadata --player=ncspot --format '{{artist}} - {{title}}')
-          if [[ $\{#info} > 40 ]]; then
-            info=$(echo $info | cut -c1-40)"..."
-          fi
-          text="$info"
-        elif [[ $class == "paused" ]]; then
-          info=$(playerctl metadata --player=ncspot --format '{{artist}} - {{title}}')
-          if [[ $\{#info} > 40 ]]; then
-            info=$(echo $info | cut -c1-40)"..."
-          fi
-          text=" $info"
-        elif [[ $class == "stopped" ]]; then
-          text=""
-        fi
+        for PLAYER in $PLAYERS; do
+        	# if the player is not playing, continue to the next player, until we find one that is playing
+        	[ "$(playerctl --player=$PLAYER status 2>/dev/null)" != "Playing" ] && continue
+        	text=$(playerctl metadata --player $PLAYER --format "$META")
+        	echo -e "{\"text\":\""$text"\", \"class\":\"Playing\"}"
+        	exit 0
+        done

-        echo -e "{\"text\":\""$text"\", \"class\":\""$class"\"}"
+        ICON="❚❚ "
+        PAUSERS="spotify ncspot mpd"
+        for PAUSER in $PAUSERS; do
+        	[ "$(playerctl --player=$PAUSER status 2>/dev/null)" == "Paused" ] || [ "$(playerctl --player=$PAUSER status 2>/dev/null)" == "Stopped" ] && text="$ICON"$(playerctl metadata --player $PAUSER --format "$META") && echo -e "{\"text\":\""$text"\", \"class\":\""paused"\"}" && exit 0
+        done
      '';
    };
    "/home/${username}/.local/bin/waybar-devices" = {
--- a/modules/home/zsh.nix
+++ b/modules/home/zsh.nix
@ -111,12 +111,12 @@

        export export PATH="''${PATH}:''${HOME}/.local/bin/:''${HOME}/.cargo/bin/:''${HOME}/.fzf/bin/"

-        if [[ $(which sxiv&>/dev/null && echo 1) == "1" ]]; then
-          alias imv="sxiv"
-        elif [[ $(which nsxiv&>/dev/null && echo 1) == "1" ]]; then
-          alias imv="nsxiv"
-          alias sxiv="nsxiv"
-        fi
+        # if [[ $(which sxiv&>/dev/null && echo 1) == "1" ]]; then
+        #   alias imv="sxiv"
+        # elif [[ $(which nsxiv&>/dev/null && echo 1) == "1" ]]; then
+        #   alias imv="nsxiv"
+        #   alias sxiv="nsxiv"
+        # fi
      '';

      zsh-abbr = {
@ -173,6 +173,7 @@
        # nvim = "nix run /home/liv/Development/nixvim --";
        vim = "nvim";
        doas = "sudo";
+        sxiv = "nsxiv";

        # NixOS
        ns = "nix-shell --run zsh";
--- a/modules/services/dandelion.nix
+++ b/modules/services/dandelion.nix
@ -7,5 +7,6 @@
    ++ [ (import ./home-assistant.nix) ]
    ++ [ (import ./monitoring.nix) ]
    ++ [ (import ./smart-monitoring.nix) ]
+    ++ [ (import ./tailscale.nix) ]
    ++ [ (import ./hd-idle.nix) ];
 }
--- a/modules/services/monitoring.nix
+++ b/modules/services/monitoring.nix
@ -23,9 +23,9 @@
      ];
    };
  };
-  networking.firewall = {
-    allowedTCPPorts = [
-      9001
-    ];
-  };
+  # networking.firewall = {
+  # allowedTCPPorts = [
+  # 9001
+  # ];
+  # };
 }
--- a/modules/services/mumble.nix
+++ b/modules/services/mumble.nix
@ -2,6 +2,6 @@
 {
  services.murmur = {
    enable = true;
-    openFirewall = true;
+    openFirewall = false;
  };
 }
--- a/modules/services/nginx.nix
+++ b/modules/services/nginx.nix
@ -37,41 +37,35 @@
    recommendedProxySettings = true;
    clientMaxBodySize = lib.mkDefault "10G";

-    defaultListen =
-      let
-        listen = [
-          {
-            addr = "[::]";
-            port = 80;
-            extraParameters = [ "proxy_protocol" ];
-          }
-          {
-            addr = "[::]";
-            port = 443;
-            ssl = true;
-            extraParameters = [ "proxy_protocol" ];
-          }
-        ];
-      in
-      map (x: (x // { addr = "0.0.0.0"; })) listen ++ listen;
+    #defaultListen =
+    #  let
+    #    listen = [
+    #      {
+    #        addr = "[::]";
+    #        port = 80;
+    #        extraParameters = [ "proxy_protocol" ];
+    #      }
+    #      {
+    #        addr = "[::]";
+    #        port = 443;
+    #        ssl = true;
+    #        extraParameters = [ "proxy_protocol" ];
+    #      }
+    #    ];
+    #  in
+    #  map (x: (x // { addr = "0.0.0.0"; })) listen ++ listen;

    # Hardened TLS and HSTS preloading
    appendHttpConfig = ''
      # Proxying
      # real_ip_header proxy_protocol;

-      server {
-        listen 80   proxy_protocol;
-        listen 443  ssl proxy_protocol;
-        # set_real_ip_from 10.7.0.0/24;
-      }
-
      ssl_certificate /var/lib/acme/quack.social/cert.pem;
      ssl_certificate_key /var/lib/acme/quack.social/key.pem;

-      proxy_set_header Host            $host;
-      proxy_set_header X-Real-IP       $proxy_protocol_addr;
-      proxy_set_header X-Forwarded-For $proxy_protocol_addr;
+      # proxy_set_header Host            $host;
+      # proxy_set_header X-Real-IP       $proxy_protocol_addr;
+      # proxy_set_header X-Forwarded-For $proxy_protocol_addr;

      # Add HSTS header with preloading to HTTPS requests.
      # Do not add HSTS header to HTTP requests.
@ -98,19 +92,6 @@
      add_header pronouns "any but neopronouns";
      add_header locale "[en_US, nl_NL]";
    '';
-    appendConfig = ''
-      # https://docs.nginx.com/nginx/admin-guide/load-balancer/using-proxy-protocol/
-      # set_real_ip_from 213.210.34.27;
-
-      # real_ip_header proxy_protocol;
-
-      # proxy_set_header Host               $host;
-      # proxy_set_header X-Real-IP          $proxy_protocol_addr;
-      # proxy_set_header X-Forwarded-For    $proxy_protocol_addr;
-      # proxy_set_header X-Forwarded-Proto  $scheme;
-      # proxy_set_header X-Forwarded-Host   $host;
-      # proxy_set_header X-Forwarded-Server $host;
-    '';
  };
  networking.firewall = {
    allowedTCPPorts = [
--- a/roles/creative.nix
+++ b/roles/creative.nix
@ -1,8 +1,16 @@
-{ lib, pkgs, config, username, home-manager, ... }:
+{
+  lib,
+  pkgs,
+  config,
+  username,
+  home-manager,
+  ...
+}:
 with lib;
 let
  cfg = config.liv.creative;
-in {
+in
+{
  options.liv.creative = {
    enable = mkEnableOption "Enable creative workflow";
  };
@ -17,6 +25,7 @@ in {
          obs-studio
          kdePackages.kdenlive
          orca-slicer
+          freecad
        ];
      };
    };
Author	SHA1	Message	Date
Ahwx	378029b6bb	feat: enable tailscale for dandelion	2025-06-03 21:52:35 +02:00
Ahwx	c9fb9e22f0	chore: merge remote-tracking branch 'refs/remotes/origin/master'	2025-06-03 21:52:21 +02:00
Ahwx	730364b7f8	chore: disable avahi as it doesn't work anyways	2025-06-03 21:02:38 +02:00
Ahwx	ae99b36e63	chore: move ssh port	2025-06-03 21:02:24 +02:00
Ahwx	24dce0c042	chore: close firewall more	2025-06-03 21:01:54 +02:00
Ahwx	90bf2a8891	chore: switch back to frp since haproxy was causing a lot of issues	2025-06-03 21:00:03 +02:00
Ahwx	c07d0c5f9b	chore: allow to use imv	2025-06-03 16:14:44 +02:00
Ahwx	6dc8ddcfc9	fix: music player script	2025-06-03 16:14:31 +02:00
Ahwx	59678dc58a	feat: adds `freecad` to creative group	2025-06-03 16:14:23 +02:00
Ahwx	1e47d47dbd	feat: move partitions (1)	2025-05-28 10:59:58 +02:00