From c8c127619979c1381b6b5950be23a835357d2cb3 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Mon, 1 Dec 2025 14:30:02 +0100 Subject: [PATCH 01/12] feat: adds mullvad script --- modules/home/waybar/scripts.nix | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/modules/home/waybar/scripts.nix b/modules/home/waybar/scripts.nix index 4932a4d..aea4c1a 100644 --- a/modules/home/waybar/scripts.nix +++ b/modules/home/waybar/scripts.nix @@ -1,5 +1,7 @@ { pkgs, username, ... }: - +let + externalIPv4 = ""; +in { home.file = { "/home/${username}/.local/bin/waybar-yubikey" = { @@ -213,6 +215,7 @@ ''; }; "/home/${username}/.local/bin/waybar-vpn" = { + # unused nowadays executable = true; text = '' #!/usr/bin/env bash @@ -222,6 +225,23 @@ || echo '{"text":"Disconnected","class":"disconnected","percentage":0}' ''; }; + "/home/${username}/.local/bin/waybar-mullvad" = { + executable = true; + text = '' + #!/usr/bin/env bash + + STATUS="$(mullvad status | grep -Eio 'connected|connecting|disconnected' | tr '[:upper:]' '[:lower:]')" + NODE="$(mullvad status | grep -Ei 'relay' | awk '{print $2}' | tr '[:upper:]' '[:lower:]')" + LOCATION="$(mullvad status | grep -Ei 'location' | cut -d':' -f2 | cut -d'.' -f1 | sed 's/ //g')" + IPV4="$(mullvad status | grep 'IPv4' | cut -d':' -f3 | sed 's/ //g')" + echo "$IPV4" | grep -q "${externalIPv4}" && LOCATION="home" + + echo "$STATUS" | grep -Eioq 'connected|connecting' && TEXT="{\"text\":\"$STATUS ($LOCATION)\",\"location\":\"$LOCATION\",\"node\":\"$NODE\"}" || ip address show tailscale0 | grep "global tailscale0" -q && TEXT="{\"text\":\"tailscale ($LOCATION)\",\"location\":\"$LOCATION\",\"node\":\"$NODE\"}" + echo "$STATUS" | grep -Eioq 'disconnected' && TEXT="{\"text\":\"$STATUS\",\"location\":\"$LOCATION\",\"node\":\"$NODE\"}" + + echo "$TEXT" + ''; + }; }; home.packages = with pkgs; [ wf-recorder From 01c228dbc42faa48979839363d98729f6657e182 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Mon, 1 Dec 2025 14:32:16 +0100 Subject: [PATCH 02/12] feat: enable `mullvad` --- modules/services/mullvad.nix | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 modules/services/mullvad.nix diff --git a/modules/services/mullvad.nix b/modules/services/mullvad.nix new file mode 100644 index 0000000..85b77bf --- /dev/null +++ b/modules/services/mullvad.nix @@ -0,0 +1,3 @@ +{ + services.mullvad-vpn.enable = true; +} From 8657c126097803468e04e4170a1f4f26bc313b2a Mon Sep 17 00:00:00 2001 From: Ahwx Date: Mon, 1 Dec 2025 14:32:36 +0100 Subject: [PATCH 03/12] chore: update `minisign_key`; should automate this somehow? --- modules/security/dnscrypt.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/security/dnscrypt.nix b/modules/security/dnscrypt.nix index ca5e4da..2d8abf2 100644 --- a/modules/security/dnscrypt.nix +++ b/modules/security/dnscrypt.nix @@ -25,7 +25,7 @@ in "https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md" "https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md" ]; - minisign_key = "sha256-LRw8acNa39MUv7XmA0GuheugECcejbN8+GJl2Ra7lpg="; # See https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v3/public-resolvers.md + minisign_key = "sha256-cM9AYkf1ORyDmwN4oE4CNG8sepdzQi3XT968SDsOtCY="; # See https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v3/public-resolvers.md cache_file = "/var/lib/dnscrypt/public-resolvers.md"; }; From f64508f439f934b2c79d410aa830d8dcaf2028ef Mon Sep 17 00:00:00 2001 From: Ahwx Date: Mon, 1 Dec 2025 14:32:56 +0100 Subject: [PATCH 04/12] feat: make `nsxiv` start in fullscreen mode --- modules/home/hyprland/config.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/modules/home/hyprland/config.nix b/modules/home/hyprland/config.nix index 4f09651..8f35b29 100644 --- a/modules/home/hyprland/config.nix +++ b/modules/home/hyprland/config.nix @@ -317,6 +317,9 @@ "idleinhibit focus, class:^(mpv)$" "idleinhibit fullscreen, class:^(librewolf)$" "float,class:^(pavucontrol-qt)$" + "fullscreen,class:Nsxiv" + "fullscreen,title:^(*nsxiv*)$" + "fullscreen,title:^(nsxiv)$" "float,class:^(pavucontrol)$" "float,class:^(SoundWireServer)$" "float,class:^(.sameboy-wrapped)$" From 53a275cebc2d7e913edffe7e29d2ad01e5f13c01 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Mon, 1 Dec 2025 14:33:32 +0100 Subject: [PATCH 05/12] feat: make `swiv` start in fullscreen mode too --- modules/home/hyprland/config.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/modules/home/hyprland/config.nix b/modules/home/hyprland/config.nix index 8f35b29..11607e7 100644 --- a/modules/home/hyprland/config.nix +++ b/modules/home/hyprland/config.nix @@ -320,6 +320,9 @@ "fullscreen,class:Nsxiv" "fullscreen,title:^(*nsxiv*)$" "fullscreen,title:^(nsxiv)$" + "fullscreen,class:swiv" + "fullscreen,title:^(*swiv*)$" + "fullscreen,title:^(swiv)$" "float,class:^(pavucontrol)$" "float,class:^(SoundWireServer)$" "float,class:^(.sameboy-wrapped)$" From f355b64cb493d3460ef9ac68b790fe2a3c585433 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Mon, 1 Dec 2025 14:33:48 +0100 Subject: [PATCH 06/12] feat: adds `waybar-mullvad` script to bar --- modules/home/waybar/default.nix | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/modules/home/waybar/default.nix b/modules/home/waybar/default.nix index 2ee9979..dec5655 100644 --- a/modules/home/waybar/default.nix +++ b/modules/home/waybar/default.nix @@ -27,11 +27,11 @@ "position": "top", "modules-left": [ + "custom/devices", "privacy", "network", "custom/music", "custom/vpn", - "custom/devices", "sway/mode", "tray", ], @@ -98,12 +98,14 @@ }, "custom/vpn": { - "format": "{icon}", - "tooltip-format": "{text}", - "format-icons": [ "","" ], + "format": "VPN: {text}", // ({location})", + // "format": "{text}", + // "format-icons": [ "","" ], + // "tooltip": true, + // "tooltip-format": "{node}", "return-type": "json", - "exec": "~/.local/bin/waybar-vpn", - "interval": 30 + "exec": "~/.local/bin/waybar-mullvad", + "interval": 10 }, "custom/music": { From 8ab7198f3f8a306307c194aabf5e54465a708ba4 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Mon, 1 Dec 2025 14:34:07 +0100 Subject: [PATCH 07/12] feat: installs `nautilus` (gnome files) as i want to switch --- modules/home/packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/home/packages.nix b/modules/home/packages.nix index 84d23cc..be26407 100644 --- a/modules/home/packages.nix +++ b/modules/home/packages.nix @@ -29,6 +29,7 @@ gcc gnumake python3 + nautilus # CLI shit bitwarden-cli From 6e74d36d23760f2ddb4ca7536a5214855a09fb85 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Mon, 1 Dec 2025 17:46:43 +0100 Subject: [PATCH 08/12] flake: update (oisd) --- flake.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flake.lock b/flake.lock index 4df3563..886e6f0 100644 --- a/flake.lock +++ b/flake.lock @@ -883,7 +883,7 @@ "oisd": { "flake": false, "locked": { - "narHash": "sha256-BimlCciIYi63B1KGZzUzlpduFmj0jtjASH+QORYWoww=", + "narHash": "sha256-g4tRuibVyOwPMAhJ1RLCBLkuSRo0eWC0HSe227NMd4E=", "type": "file", "url": "https://big.oisd.nl/domainswild" }, From 1ed83ad99fb6ba18464d779590c9cf76d0237ebc Mon Sep 17 00:00:00 2001 From: Ahwx Date: Mon, 1 Dec 2025 17:46:50 +0100 Subject: [PATCH 09/12] chore: update (oisd) --- modules/security/dnscrypt.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/security/dnscrypt.nix b/modules/security/dnscrypt.nix index 2d8abf2..5484f5a 100644 --- a/modules/security/dnscrypt.nix +++ b/modules/security/dnscrypt.nix @@ -25,7 +25,7 @@ in "https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md" "https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md" ]; - minisign_key = "sha256-cM9AYkf1ORyDmwN4oE4CNG8sepdzQi3XT968SDsOtCY="; # See https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v3/public-resolvers.md + minisign_key = "sha256-g4tRuibVyOwPMAhJ1RLCBLkuSRo0eWC0HSe227NMd4E="; # See https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v3/public-resolvers.md cache_file = "/var/lib/dnscrypt/public-resolvers.md"; }; From c8a2c464d9f58ef7ab94c82223297322d72e4a11 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Mon, 1 Dec 2025 17:49:37 +0100 Subject: [PATCH 10/12] secrets: adds things waow --- modules/core/sops.nix | 1 + secrets/sakura/secrets.yaml | 7 ++++--- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/modules/core/sops.nix b/modules/core/sops.nix index cbd6db1..97bc5b7 100644 --- a/modules/core/sops.nix +++ b/modules/core/sops.nix @@ -32,6 +32,7 @@ "systemMailerPassword" = { }; "dandelionSyncthingId" = { }; "sakuraSyncthingId" = { }; + "homeExternalIPv4" = { }; } else if (host == "dandelion") then { diff --git a/secrets/sakura/secrets.yaml b/secrets/sakura/secrets.yaml index b6ee715..79906d4 100644 --- a/secrets/sakura/secrets.yaml +++ b/secrets/sakura/secrets.yaml @@ -1,6 +1,7 @@ systemMailerPassword: ENC[AES256_GCM,data:fdCLxxQOPw00kSGrddcr/ZsYWJ9xYPkfxUeS52jA+MNM4dNNfeQ2rhvWKLYpH/6D3/J7CND0UNUVuRLtPdEnU8ct8jkAmYX5nGDm9HAnVScDvbn5dMvaNxg+0o34Fz7E0XbmRM3B6zpzL4T6Odmmd2iRh/cRiz7WBwmKUpcCV3Q=,iv:ddPxnK6f1wEH+xxQLLADO5SdG8YZkbSVlNfan+AA4vs=,tag:WLrQzVsok6dtxSSQH3HHsw==,type:str] dandelionSyncthingId: ENC[AES256_GCM,data:crzT7Ph2gDYm/LAyEM2yw/THzu+Dv5SBrw17NF42j2jCvGMLaDgdlMAhkJlr7bonnpjII+9/TLjEXtcEIhcd,iv:6e94tT8rCLFxwDWLNj2T/Fx+0yAuhfS2AdjAKJKt/k0=,tag:Ai44ZvRZps4lQ4gLBbfUDw==,type:str] sakuraSyncthingId: ENC[AES256_GCM,data:/4MQEcCYVsw2ad2WmUn8Y2f/9mUcyjU9l7Z7PorexQfwaIucmfNH1+Z/FF+0wRj4uaUQLqpR29bRl3EQr/ve,iv:FsiLQYuLZ9YvkfqyF3mAV6jW7csZ5+yXx0sN8f768BE=,tag:U/OTuSnjkOeVT6Vdz96bOw==,type:str] +homeExternalIPv4: ENC[AES256_GCM,data:dn9FTTAUBB23N58=,iv:ktRZexN+P2jDUngN+5hlGB14SgiR/DxQ8ybqFiRTYbo=,tag:d6q9OsBl0218YPvuLMHGyA==,type:str] sops: age: - recipient: age1yzapmznelujajfyrpw5mxmy86ckg377494w5ap4yej39jatewursfxls9w @@ -12,7 +13,7 @@ sops: bjBJd2RtdDhkSFlaUzVRTkQyTVpVSDgKoZ7S/izFqmPw3qHT37ws8m2Cmmb8prC/ JaVn8U57G4aRgp1BqXQvpnKA98HT3BwEsMce5LeNvX7kAtdqkU5eRQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-08-04T12:32:56Z" - mac: ENC[AES256_GCM,data:so7buQVx6nUTRYBfCPdITDccVWOjEmfPslkG8+Z0RKkDgIgwH4Aa/GnTkX0WxmB2bbI6/GQ1PhILE4UXTo8O7W0OO10+PWV2AWwngMcog+ggbH7qpd1395Tw0A8KiiXdPXwxFBEZqrYkKmYVyw314H02+h5+Qd3irH0bWqmpGOg=,iv:Sy4wR3GdSJCR1tlAxV2lau7cpLox/CoiGTC5eZoNVos=,tag:W2pv//unvIE0HBuJ0v35GA==,type:str] + lastmodified: "2025-12-01T13:34:49Z" + mac: ENC[AES256_GCM,data:XldUv7jmveRET1kM2YEFztQeRqyy533YbR80NpLDUkWBOvU03zaFxdkDlbWmReSASdDc/0W/e06IKz8tlR67Fo+yQFTvf8Uie46xMGLFBtsx9gZIPMZr6Kqvn2JyZO4m/O8y6tYDgans5MlHlJH/Hm4LpDKXmKSp8fQLHIpFJuM=,iv:hyovgfW11kLA1/pkg//q4AJBi7U6k06J1AnvVUMFn1Q=,tag:oCKy73zRgYAtk9pf6O4HWQ==,type:str] unencrypted_suffix: _unencrypted - version: 3.10.2 + version: 3.11.0 From 7d9c4223d86e59e5191dd67307a9217be0be8cc8 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Mon, 1 Dec 2025 17:56:33 +0100 Subject: [PATCH 11/12] feat: enable things for `sakura` --- hosts/sakura/default.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/hosts/sakura/default.nix b/hosts/sakura/default.nix index 22418e6..d374749 100644 --- a/hosts/sakura/default.nix +++ b/hosts/sakura/default.nix @@ -16,9 +16,10 @@ in ./../../modules/services/tailscale.nix ./../../modules/services/mpd.nix ./../../modules/services/smart-monitoring.nix + ./../../modules/services/mullvad.nix inputs.nixos-hardware.nixosModules.framework-13-7040-amd - ./../../modules/security/dnscrypt.nix - ./../../modules/security/syslogd.nix + ./../../modules/home/steam.nix + # ./../../modules/services/automount.nix ]; # install some system-utilities; set hosts to be editable by the user. From 972e13ba0c6470088a010078a9fb60cba3160679 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Mon, 1 Dec 2025 17:56:47 +0100 Subject: [PATCH 12/12] chore: make things work (fix tailscale things later) --- modules/home/waybar/scripts.nix | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/modules/home/waybar/scripts.nix b/modules/home/waybar/scripts.nix index aea4c1a..7db02b1 100644 --- a/modules/home/waybar/scripts.nix +++ b/modules/home/waybar/scripts.nix @@ -1,6 +1,12 @@ -{ pkgs, username, ... }: +{ + pkgs, + username, + config, + ... +}: let - externalIPv4 = ""; + # homeExternalIPv4 = "${pkgs.coreutils}/bin/cat ${config.sops.secrets.homeExternalIPv4.path}"; + homeExternalIPv4 = "92.118.0.69"; in { home.file = { @@ -234,9 +240,9 @@ in NODE="$(mullvad status | grep -Ei 'relay' | awk '{print $2}' | tr '[:upper:]' '[:lower:]')" LOCATION="$(mullvad status | grep -Ei 'location' | cut -d':' -f2 | cut -d'.' -f1 | sed 's/ //g')" IPV4="$(mullvad status | grep 'IPv4' | cut -d':' -f3 | sed 's/ //g')" - echo "$IPV4" | grep -q "${externalIPv4}" && LOCATION="home" + echo "$IPV4" | grep -q "${homeExternalIPv4}" && LOCATION="home" - echo "$STATUS" | grep -Eioq 'connected|connecting' && TEXT="{\"text\":\"$STATUS ($LOCATION)\",\"location\":\"$LOCATION\",\"node\":\"$NODE\"}" || ip address show tailscale0 | grep "global tailscale0" -q && TEXT="{\"text\":\"tailscale ($LOCATION)\",\"location\":\"$LOCATION\",\"node\":\"$NODE\"}" + echo "$STATUS" | grep -Eioq 'connected|connecting' && TEXT="{\"text\":\"$STATUS ($LOCATION)\",\"location\":\"$LOCATION\",\"node\":\"$NODE\"}" # || ip address show tailscale0 | grep "global tailscale0" && TEXT="{\"text\":\"tailscale ($LOCATION)\",\"location\":\"$LOCATION\",\"node\":\"$NODE\"}" echo "$STATUS" | grep -Eioq 'disconnected' && TEXT="{\"text\":\"$STATUS\",\"location\":\"$LOCATION\",\"node\":\"$NODE\"}" echo "$TEXT"