diff --git a/flake.lock b/flake.lock index b5805e6..0d07390 100644 --- a/flake.lock +++ b/flake.lock @@ -12,11 +12,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1754433428, - "narHash": "sha256-NA/FT2hVhKDftbHSwVnoRTFhes62+7dxZbxj5Gxvghs=", + "lastModified": 1760836749, + "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", "owner": "ryantm", "repo": "agenix", - "rev": "9edb1787864c4f59ae5074ad498b6272b3ec308d", + "rev": "2f0f812f69f3eb4140157fe15e12739adf82e32a", "type": "github" }, "original": { @@ -62,11 +62,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1758270360, - "narHash": "sha256-yqh6EEhlpVWRoKl85o1s+QZ72UHWTvornnc3C0Ls484=", + "lastModified": 1760953099, + "narHash": "sha256-sOKx2YcHa+lWEvaEOIGqLN2WWk1Wf5z6KM02tdfhMtw=", "owner": "catppuccin", "repo": "nix", - "rev": "2e0aacdd6abbecd1b1c0511a2fcd1460a6bc6645", + "rev": "f5b21876888265d2fee7fb0640d1b66a1c1c6503", "type": "github" }, "original": { @@ -109,11 +109,11 @@ ] }, "locked": { - "lastModified": 1758758270, - "narHash": "sha256-VTRgRGbr2lIMWSujokhySjFn8VGHCxXfQstxUsCaw6Y=", + "lastModified": 1761091275, + "narHash": "sha256-SIiugXvSuI2WFedt1NyDj8yHsSDntsO/JWKyEZ+mI50=", "owner": "cachix", "repo": "devenv", - "rev": "bcd30a9f7f70375a684c29c019e5a5c224c10718", + "rev": "a795c32dc826b51d12706f27fb344f966bb2b084", "type": "github" }, "original": { @@ -341,11 +341,11 @@ ] }, "locked": { - "lastModified": 1758748290, - "narHash": "sha256-/U2axzLmPgJb/0J+vQ4XmS++72VZWxJnDblwqTyGmEk=", + "lastModified": 1761081701, + "narHash": "sha256-IwpfaKg5c/WWQiy8b5QGaVPMvoEQ2J6kpwRFdpVpBNQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "2e260431fca7a782e0d0591985f2040944b43541", + "rev": "9b4a2a7c4fbd75b422f00794af02d6edb4d9d315", "type": "github" }, "original": { @@ -411,16 +411,16 @@ ] }, "locked": { - "lastModified": 1755029779, - "narHash": "sha256-3+GHIYGg4U9XKUN4rg473frIVNn8YD06bjwxKS1IPrU=", + "lastModified": 1758763079, + "narHash": "sha256-Bx1A+lShhOWwMuy3uDzZQvYiBKBFcKwy6G6NEohhv6A=", "owner": "cachix", "repo": "nix", - "rev": "b0972b0eee6726081d10b1199f54de6d2917f861", + "rev": "6f0140527c2b0346df4afad7497baa08decb929f", "type": "github" }, "original": { "owner": "cachix", - "ref": "devenv-2.30.4", + "ref": "devenv-2.30.5", "repo": "nix", "type": "github" } @@ -463,11 +463,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1758663926, - "narHash": "sha256-6CFdj7Xs616t1W4jLDH7IohAAvl5Dyib3qEv/Uqw1rk=", + "lastModified": 1760958188, + "narHash": "sha256-2m1S4jl+GEDtlt2QqeHil8Ny456dcGSKJAM7q3j/BFU=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "170ff93c860b2a9868ed1e1102d4e52cb3d934e1", + "rev": "d6645c340ef7d821602fd2cd199e8d1eed10afbc", "type": "github" }, "original": { @@ -479,11 +479,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1758035966, - "narHash": "sha256-qqIJ3yxPiB0ZQTT9//nFGQYn8X/PBoJbofA7hRKZnmE=", + "lastModified": 1760524057, + "narHash": "sha256-EVAqOteLBFmd7pKkb0+FIUyzTF61VKi7YmvP1tw4nEw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8d4ddb19d03c65a36ad8d189d001dc32ffb0306b", + "rev": "544961dfcce86422ba200ed9a0b00dd4b1486ec5", "type": "github" }, "original": { @@ -510,11 +510,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1758427187, - "narHash": "sha256-pHpxZ/IyCwoTQPtFIAG2QaxuSm8jWzrzBGjwQZIttJc=", + "lastModified": 1760878510, + "narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "554be6495561ff07b6c724047bdd7e0716aa7b46", + "rev": "5e2a59a5b1a82f89f2c7e598302a9cacebb72a67", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 54d9710..b6034d8 100644 --- a/flake.nix +++ b/flake.nix @@ -81,7 +81,7 @@ profiles.system = { user = "root"; sshUser = "alejandro"; - path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos inputs.self.nixosConfigurations.node; + path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos inputs.self.nixosConfigurations.gospel; sshOpts = [ "-A" ]; }; }; diff --git a/homes/aarch64-linux/alejandro@pi4/default.nix b/homes/aarch64-linux/alejandro@pi4/default.nix index e1ad605..08f9e99 100644 --- a/homes/aarch64-linux/alejandro@pi4/default.nix +++ b/homes/aarch64-linux/alejandro@pi4/default.nix @@ -1,4 +1,4 @@ -{ ... }: +{ lib, ... }: { aa = { apps = { @@ -22,6 +22,6 @@ # misc utils without custom config programs = { - fzf.enable = true; + fzf.enable = lib.mkForce false; }; } diff --git a/modules/home/tools/git/default.nix b/modules/home/tools/git/default.nix index 393438b..2cc1d9f 100644 --- a/modules/home/tools/git/default.nix +++ b/modules/home/tools/git/default.nix @@ -36,35 +36,48 @@ in }; catppuccin.delta.enable = true; - programs.git = { - delta = { - enable = true; - options = { - line-numbers = true; - navigate = true; - }; - }; - + programs.delta = { enable = true; - userName = cfg.userName; - userEmail = cfg.userEmail; + enableGitIntegration = true; + options = { + line-numbers = true; + navigate = true; + }; + }; - aliases = { - # Prettier log - lol = "log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit --date=relative"; - # Find log and grab its hash - lof = '' - !${pkgs.git}/bin/git log --pretty=oneline \ - | ${pkgs.fzf}/bin/fzf --scheme history \ - | ${pkgs.gawk}/bin/awk '{print $1}' - ''; - # Push up a new branch with the same as local - pushup = "push -u origin HEAD"; + programs.git = { + enable = true; + settings = { + alias = { + # Prettier log + lol = "log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit --date=relative"; + # Find log and grab its hash + lof = '' + !${pkgs.git}/bin/git log --pretty=oneline \ + | ${pkgs.fzf}/bin/fzf --scheme history \ + | ${pkgs.gawk}/bin/awk '{print $1}' + ''; + # Push up a new branch with the same as local + pushup = "push -u origin HEAD"; + }; + + user = { + name = cfg.userName; + email = cfg.userEmail; + }; + + init = { + defaultBranch = "main"; + }; + + pull = { + rebase = true; + }; }; signing = { key = cfg.signingKey; - signByDefault = mkDefault true; + signByDefault = mkDefault false; }; ignores = [ @@ -83,16 +96,6 @@ in ".envrc" ".direnv" ]; - - extraConfig = { - init = { - defaultBranch = "main"; - }; - - pull = { - rebase = true; - }; - }; }; catppuccin.lazygit.enable = true; diff --git a/modules/nixos/nix/default.nix b/modules/nixos/nix/default.nix index 5c57368..3f02e2c 100644 --- a/modules/nixos/nix/default.nix +++ b/modules/nixos/nix/default.nix @@ -20,7 +20,7 @@ in enable = mkEnableOption "manage nix configuration."; package = mkOption { type = types.package; - default = pkgs.nixVersions.latest; + default = pkgs.nixVersions.nix_2_31; description = "Which nix package to use."; }; diff --git a/modules/nixos/services/mosquitto/default.nix b/modules/nixos/services/mosquitto/default.nix index eed3c7b..ab521a3 100644 --- a/modules/nixos/services/mosquitto/default.nix +++ b/modules/nixos/services/mosquitto/default.nix @@ -15,6 +15,7 @@ in hass_mqtt.file = ../../../../secrets/hass_mqtt.age; theengs_ble_mqtt.file = ../../../../secrets/theengs_ble_mqtt.age; teslamate_mqtt.file = ../../../../secrets/teslamate_mqtt.age; + zigbee2mqtt_mqtt.file = ../../../../secrets/zigbee2mqtt_mqtt.age; }; services.mosquitto = { @@ -41,6 +42,13 @@ in acl = [ "readwrite teslamate/#" ]; passwordFile = config.age.secrets.teslamate_mqtt.path; }; + zigbee2mqtt = { + acl = [ + "readwrite zigbee2mqtt/#" + "readwrite homeassistant/#" + ]; + passwordFile = config.age.secrets.zigbee2mqtt_mqtt.path; + }; }; } ]; diff --git a/modules/nixos/services/zigbee2mqtt/default.nix b/modules/nixos/services/zigbee2mqtt/default.nix new file mode 100644 index 0000000..664a7c9 --- /dev/null +++ b/modules/nixos/services/zigbee2mqtt/default.nix @@ -0,0 +1,75 @@ +{ + config, + lib, + namespace, + ... +}: +let + cfg = config.${namespace}.services.zigbee2mqtt; +in +{ + options.${namespace}.services.zigbee2mqtt = { + enable = lib.mkEnableOption "zigbee2mqtt"; + acmeCertName = lib.mkOption { + type = lib.types.str; + default = ""; + description = '' + If set to a non-empty string, forces SSL with the supplied acme + certificate. + ''; + }; + }; + + config = lib.mkIf cfg.enable { + age.secrets.zigbee2mqtt_creds = { + file = ../../../../secrets/zigbee2mqtt_creds.age; + path = "/var/lib/zigbee2mqtt/secret.yaml"; + owner = "zigbee2mqtt"; + group = "zigbee2mqtt"; + mode = "0400"; + }; + + services.zigbee2mqtt = { + enable = true; + settings = { + version = 4; + mqtt = { + base_topic = "zigbee2mqtt"; + server = "mqtt://192.168.113.13:1833"; + # TODO: Write secret.yaml file + user = "!secret.yaml user"; + password = "!secret.yaml password"; + }; + serial = { + port = "tcp://192.168.113.130:6638"; + adapter = "zstack"; + }; + advanced = { + channel = 11; + network_key = "GENERATE"; + pan_id = "GENERATE"; + ext_pan_id = "GENERATE"; + }; + frontend = { + enabled = true; + port = 8080; + }; + homeassistant = { + enabled = true; + }; + }; + }; + + services.nginx = { + enable = true; + recommendedProxySettings = true; + virtualHosts."zigbee2mqtt.kilonull.com" = { + locations."/".proxyPass = "http://127.0.0.1:8080"; + } + // lib.optionalAttrs (cfg.acmeCertName != "") { + forceSSL = true; + useACMEHost = cfg.acmeCertName; + }; + }; + }; +} diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 900bf64..2fc1e28 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -2,6 +2,8 @@ let # Remember to pass '--identity identities/me.txt` when using this key users.me = "age1yubikey1qdwgvfqrcqmyw56ux7azuvqr6f8nanszu27nztvxmn4utmplgxctzt90g25"; + tmp = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICJ7IsNxP/wa3X8isEp8Js7yVgk3gX2ud7EClvZClDpS"; + machines = { gospel = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGDzjXVoQEfO9JIcFbp56EvQ0oBdr9Cmhxp4z0ih+ZEZ"; node = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIETLBnc8kJokmFiA28BaSYpeE7flY1W0SM5C1pWv/tOv"; @@ -70,4 +72,14 @@ in machines.pi4 machines.gospel ]; + "zigbee2mqtt_mqtt.age".publicKeys = [ + users.me + tmp + machines.pi4 + ]; + "zigbee2mqtt_creds.age".publicKeys = [ + users.me + tmp + machines.node + ]; } diff --git a/secrets/zigbee2mqtt_creds.age b/secrets/zigbee2mqtt_creds.age new file mode 100644 index 0000000..28c9f6d --- /dev/null +++ b/secrets/zigbee2mqtt_creds.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> piv-p256 UIEGzg Ai9Ksp5u8wvOwiHy2wyH97mm6Pf0rcbuB4R8wotlG6xR +REDbwR5Kqc2Y10j9HnPlHEqOORVMnlhTH/JySz7nVDo +-> ssh-ed25519 PZKfOQ N2nxHXlO0ZvqbSQLVT1l0ivTxGgkMxsuuO7pMMHzyC8 +5fSbG09zq6VrFxW4lCQHczvYF8ldfPenl1uEbQZq1g8 +-> ssh-ed25519 Yk7ehg vtLVcIkOX3SwD64gm9Jlgg+pDpdR920/Aldck5v+oTk +J8n4fgLOZ8LA4CFuT3O8+U1b9d7RFlG3P87PMrX3aok +--- X/MHaeT+EReR45PXmvXG1p3bFIip2OBva4/X2/GRhxM +€ˆs aÜ)ŽŸdùã®OèöýT›8k7ù…ý§àâ ö h04V¹uûºB/‹U¿Óö5W“>‡Ÿ¸¼à©SäÂh©õØp 2§¹G5 hlÌl—ë \ No newline at end of file diff --git a/secrets/zigbee2mqtt_mqtt.age b/secrets/zigbee2mqtt_mqtt.age new file mode 100644 index 0000000..35f4ac3 Binary files /dev/null and b/secrets/zigbee2mqtt_mqtt.age differ diff --git a/systems/x86_64-linux/carbon/default.nix b/systems/x86_64-linux/carbon/default.nix index 45727d7..12dfcc7 100644 --- a/systems/x86_64-linux/carbon/default.nix +++ b/systems/x86_64-linux/carbon/default.nix @@ -66,6 +66,7 @@ signal-desktop-bin ]; + programs.adb.enable = true; programs.light.enable = true; # This value determines the NixOS release from which the default diff --git a/systems/x86_64-linux/node/default.nix b/systems/x86_64-linux/node/default.nix index 26f5be6..19aaf97 100644 --- a/systems/x86_64-linux/node/default.nix +++ b/systems/x86_64-linux/node/default.nix @@ -62,6 +62,11 @@ acmeCertName = "kilonull.com"; }; + services.zigbee2mqtt = { + enable = true; + acmeCertName = "kilonull.com"; + }; + security.acme = { enable = true; domainName = "kilonull.com";