diff --git a/flake.lock b/flake.lock
index 4df3563..886e6f0 100644
--- a/flake.lock
+++ b/flake.lock
@@ -883,7 +883,7 @@
"oisd": {
"flake": false,
"locked": {
- "narHash": "sha256-BimlCciIYi63B1KGZzUzlpduFmj0jtjASH+QORYWoww=",
+ "narHash": "sha256-g4tRuibVyOwPMAhJ1RLCBLkuSRo0eWC0HSe227NMd4E=",
"type": "file",
"url": "https://big.oisd.nl/domainswild"
},
diff --git a/hosts/sakura/default.nix b/hosts/sakura/default.nix
index 22418e6..d374749 100644
--- a/hosts/sakura/default.nix
+++ b/hosts/sakura/default.nix
@@ -16,9 +16,10 @@ in
./../../modules/services/tailscale.nix
./../../modules/services/mpd.nix
./../../modules/services/smart-monitoring.nix
+ ./../../modules/services/mullvad.nix
inputs.nixos-hardware.nixosModules.framework-13-7040-amd
- ./../../modules/security/dnscrypt.nix
- ./../../modules/security/syslogd.nix
+ ./../../modules/home/steam.nix
+ # ./../../modules/services/automount.nix
];
# install some system-utilities; set hosts to be editable by the user.
diff --git a/modules/core/sops.nix b/modules/core/sops.nix
index cbd6db1..97bc5b7 100644
--- a/modules/core/sops.nix
+++ b/modules/core/sops.nix
@@ -32,6 +32,7 @@
"systemMailerPassword" = { };
"dandelionSyncthingId" = { };
"sakuraSyncthingId" = { };
+ "homeExternalIPv4" = { };
}
else if (host == "dandelion") then
{
diff --git a/modules/home/hyprland/config.nix b/modules/home/hyprland/config.nix
index 4f09651..11607e7 100644
--- a/modules/home/hyprland/config.nix
+++ b/modules/home/hyprland/config.nix
@@ -317,6 +317,12 @@
"idleinhibit focus, class:^(mpv)$"
"idleinhibit fullscreen, class:^(librewolf)$"
"float,class:^(pavucontrol-qt)$"
+ "fullscreen,class:Nsxiv"
+ "fullscreen,title:^(*nsxiv*)$"
+ "fullscreen,title:^(nsxiv)$"
+ "fullscreen,class:swiv"
+ "fullscreen,title:^(*swiv*)$"
+ "fullscreen,title:^(swiv)$"
"float,class:^(pavucontrol)$"
"float,class:^(SoundWireServer)$"
"float,class:^(.sameboy-wrapped)$"
diff --git a/modules/home/packages.nix b/modules/home/packages.nix
index 84d23cc..be26407 100644
--- a/modules/home/packages.nix
+++ b/modules/home/packages.nix
@@ -29,6 +29,7 @@
gcc
gnumake
python3
+ nautilus
# CLI shit
bitwarden-cli
diff --git a/modules/home/waybar/default.nix b/modules/home/waybar/default.nix
index 2ee9979..dec5655 100644
--- a/modules/home/waybar/default.nix
+++ b/modules/home/waybar/default.nix
@@ -27,11 +27,11 @@
"position": "top",
"modules-left": [
+ "custom/devices",
"privacy",
"network",
"custom/music",
"custom/vpn",
- "custom/devices",
"sway/mode",
"tray",
],
@@ -98,12 +98,14 @@
},
"custom/vpn": {
- "format": "{icon}",
- "tooltip-format": "{text}",
- "format-icons": [ "","" ],
+ "format": "VPN: {text}", // ({location})",
+ // "format": "{text}",
+ // "format-icons": [ "","" ],
+ // "tooltip": true,
+ // "tooltip-format": "{node}",
"return-type": "json",
- "exec": "~/.local/bin/waybar-vpn",
- "interval": 30
+ "exec": "~/.local/bin/waybar-mullvad",
+ "interval": 10
},
"custom/music": {
diff --git a/modules/home/waybar/scripts.nix b/modules/home/waybar/scripts.nix
index 4932a4d..7db02b1 100644
--- a/modules/home/waybar/scripts.nix
+++ b/modules/home/waybar/scripts.nix
@@ -1,5 +1,13 @@
-{ pkgs, username, ... }:
-
+{
+ pkgs,
+ username,
+ config,
+ ...
+}:
+let
+ # homeExternalIPv4 = "${pkgs.coreutils}/bin/cat ${config.sops.secrets.homeExternalIPv4.path}";
+ homeExternalIPv4 = "92.118.0.69";
+in
{
home.file = {
"/home/${username}/.local/bin/waybar-yubikey" = {
@@ -213,6 +221,7 @@
'';
};
"/home/${username}/.local/bin/waybar-vpn" = {
+ # unused nowadays
executable = true;
text = ''
#!/usr/bin/env bash
@@ -222,6 +231,23 @@
|| echo '{"text":"Disconnected","class":"disconnected","percentage":0}'
'';
};
+ "/home/${username}/.local/bin/waybar-mullvad" = {
+ executable = true;
+ text = ''
+ #!/usr/bin/env bash
+
+ STATUS="$(mullvad status | grep -Eio 'connected|connecting|disconnected' | tr '[:upper:]' '[:lower:]')"
+ NODE="$(mullvad status | grep -Ei 'relay' | awk '{print $2}' | tr '[:upper:]' '[:lower:]')"
+ LOCATION="$(mullvad status | grep -Ei 'location' | cut -d':' -f2 | cut -d'.' -f1 | sed 's/ //g')"
+ IPV4="$(mullvad status | grep 'IPv4' | cut -d':' -f3 | sed 's/ //g')"
+ echo "$IPV4" | grep -q "${homeExternalIPv4}" && LOCATION="home"
+
+ echo "$STATUS" | grep -Eioq 'connected|connecting' && TEXT="{\"text\":\"$STATUS ($LOCATION)\",\"location\":\"$LOCATION\",\"node\":\"$NODE\"}" # || ip address show tailscale0 | grep "global tailscale0" && TEXT="{\"text\":\"tailscale ($LOCATION)\",\"location\":\"$LOCATION\",\"node\":\"$NODE\"}"
+ echo "$STATUS" | grep -Eioq 'disconnected' && TEXT="{\"text\":\"$STATUS\",\"location\":\"$LOCATION\",\"node\":\"$NODE\"}"
+
+ echo "$TEXT"
+ '';
+ };
};
home.packages = with pkgs; [
wf-recorder
diff --git a/modules/security/dnscrypt.nix b/modules/security/dnscrypt.nix
index ca5e4da..5484f5a 100644
--- a/modules/security/dnscrypt.nix
+++ b/modules/security/dnscrypt.nix
@@ -25,7 +25,7 @@ in
"https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md"
"https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
];
- minisign_key = "sha256-LRw8acNa39MUv7XmA0GuheugECcejbN8+GJl2Ra7lpg="; # See https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v3/public-resolvers.md
+ minisign_key = "sha256-g4tRuibVyOwPMAhJ1RLCBLkuSRo0eWC0HSe227NMd4E="; # See https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v3/public-resolvers.md
cache_file = "/var/lib/dnscrypt/public-resolvers.md";
};
diff --git a/modules/services/mullvad.nix b/modules/services/mullvad.nix
new file mode 100644
index 0000000..85b77bf
--- /dev/null
+++ b/modules/services/mullvad.nix
@@ -0,0 +1,3 @@
+{
+ services.mullvad-vpn.enable = true;
+}
diff --git a/secrets/sakura/secrets.yaml b/secrets/sakura/secrets.yaml
index b6ee715..79906d4 100644
--- a/secrets/sakura/secrets.yaml
+++ b/secrets/sakura/secrets.yaml
@@ -1,6 +1,7 @@
systemMailerPassword: ENC[AES256_GCM,data:fdCLxxQOPw00kSGrddcr/ZsYWJ9xYPkfxUeS52jA+MNM4dNNfeQ2rhvWKLYpH/6D3/J7CND0UNUVuRLtPdEnU8ct8jkAmYX5nGDm9HAnVScDvbn5dMvaNxg+0o34Fz7E0XbmRM3B6zpzL4T6Odmmd2iRh/cRiz7WBwmKUpcCV3Q=,iv:ddPxnK6f1wEH+xxQLLADO5SdG8YZkbSVlNfan+AA4vs=,tag:WLrQzVsok6dtxSSQH3HHsw==,type:str]
dandelionSyncthingId: ENC[AES256_GCM,data:crzT7Ph2gDYm/LAyEM2yw/THzu+Dv5SBrw17NF42j2jCvGMLaDgdlMAhkJlr7bonnpjII+9/TLjEXtcEIhcd,iv:6e94tT8rCLFxwDWLNj2T/Fx+0yAuhfS2AdjAKJKt/k0=,tag:Ai44ZvRZps4lQ4gLBbfUDw==,type:str]
sakuraSyncthingId: ENC[AES256_GCM,data:/4MQEcCYVsw2ad2WmUn8Y2f/9mUcyjU9l7Z7PorexQfwaIucmfNH1+Z/FF+0wRj4uaUQLqpR29bRl3EQr/ve,iv:FsiLQYuLZ9YvkfqyF3mAV6jW7csZ5+yXx0sN8f768BE=,tag:U/OTuSnjkOeVT6Vdz96bOw==,type:str]
+homeExternalIPv4: ENC[AES256_GCM,data:dn9FTTAUBB23N58=,iv:ktRZexN+P2jDUngN+5hlGB14SgiR/DxQ8ybqFiRTYbo=,tag:d6q9OsBl0218YPvuLMHGyA==,type:str]
sops:
age:
- recipient: age1yzapmznelujajfyrpw5mxmy86ckg377494w5ap4yej39jatewursfxls9w
@@ -12,7 +13,7 @@ sops:
bjBJd2RtdDhkSFlaUzVRTkQyTVpVSDgKoZ7S/izFqmPw3qHT37ws8m2Cmmb8prC/
JaVn8U57G4aRgp1BqXQvpnKA98HT3BwEsMce5LeNvX7kAtdqkU5eRQ==
-----END AGE ENCRYPTED FILE-----
- lastmodified: "2025-08-04T12:32:56Z"
- mac: ENC[AES256_GCM,data:so7buQVx6nUTRYBfCPdITDccVWOjEmfPslkG8+Z0RKkDgIgwH4Aa/GnTkX0WxmB2bbI6/GQ1PhILE4UXTo8O7W0OO10+PWV2AWwngMcog+ggbH7qpd1395Tw0A8KiiXdPXwxFBEZqrYkKmYVyw314H02+h5+Qd3irH0bWqmpGOg=,iv:Sy4wR3GdSJCR1tlAxV2lau7cpLox/CoiGTC5eZoNVos=,tag:W2pv//unvIE0HBuJ0v35GA==,type:str]
+ lastmodified: "2025-12-01T13:34:49Z"
+ mac: ENC[AES256_GCM,data:XldUv7jmveRET1kM2YEFztQeRqyy533YbR80NpLDUkWBOvU03zaFxdkDlbWmReSASdDc/0W/e06IKz8tlR67Fo+yQFTvf8Uie46xMGLFBtsx9gZIPMZr6Kqvn2JyZO4m/O8y6tYDgans5MlHlJH/Hm4LpDKXmKSp8fQLHIpFJuM=,iv:hyovgfW11kLA1/pkg//q4AJBi7U6k06J1AnvVUMFn1Q=,tag:oCKy73zRgYAtk9pf6O4HWQ==,type:str]
unencrypted_suffix: _unencrypted
- version: 3.10.2
+ version: 3.11.0