alejandro-angulo/dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Misc updates (lockfile, zigbee2mqtt)

Browse source
This commit is contained in:
alejandro-angulo 2025-10-22 17:44:51 -07:00
parent b77e23bdf3
commit b385cf3bee
12 changed files with 175 additions and 62 deletions
Download patch file Download diff file Expand all files Collapse all files

50
flake.lock generated
View file

@ -12,11 +12,11 @@
"systems": "systems" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1754433428, "lastModified": 1760836749,
"narHash": "sha256-NA/FT2hVhKDftbHSwVnoRTFhes62+7dxZbxj5Gxvghs=", "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=",
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"rev": "9edb1787864c4f59ae5074ad498b6272b3ec308d", "rev": "2f0f812f69f3eb4140157fe15e12739adf82e32a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -62,11 +62,11 @@
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs"
}, },
"locked": { "locked": {
"lastModified": 1758270360, "lastModified": 1760953099,
"narHash": "sha256-yqh6EEhlpVWRoKl85o1s+QZ72UHWTvornnc3C0Ls484=", "narHash": "sha256-sOKx2YcHa+lWEvaEOIGqLN2WWk1Wf5z6KM02tdfhMtw=",
"owner": "catppuccin", "owner": "catppuccin",
"repo": "nix", "repo": "nix",
"rev": "2e0aacdd6abbecd1b1c0511a2fcd1460a6bc6645", "rev": "f5b21876888265d2fee7fb0640d1b66a1c1c6503",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -109,11 +109,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1758758270, "lastModified": 1761091275,
"narHash": "sha256-VTRgRGbr2lIMWSujokhySjFn8VGHCxXfQstxUsCaw6Y=", "narHash": "sha256-SIiugXvSuI2WFedt1NyDj8yHsSDntsO/JWKyEZ+mI50=",
"owner": "cachix", "owner": "cachix",
"repo": "devenv", "repo": "devenv",
"rev": "bcd30a9f7f70375a684c29c019e5a5c224c10718", "rev": "a795c32dc826b51d12706f27fb344f966bb2b084",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -341,11 +341,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1758748290, "lastModified": 1761081701,
"narHash": "sha256-/U2axzLmPgJb/0J+vQ4XmS++72VZWxJnDblwqTyGmEk=", "narHash": "sha256-IwpfaKg5c/WWQiy8b5QGaVPMvoEQ2J6kpwRFdpVpBNQ=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "2e260431fca7a782e0d0591985f2040944b43541", "rev": "9b4a2a7c4fbd75b422f00794af02d6edb4d9d315",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -411,16 +411,16 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1755029779, "lastModified": 1758763079,
"narHash": "sha256-3+GHIYGg4U9XKUN4rg473frIVNn8YD06bjwxKS1IPrU=", "narHash": "sha256-Bx1A+lShhOWwMuy3uDzZQvYiBKBFcKwy6G6NEohhv6A=",
"owner": "cachix", "owner": "cachix",
"repo": "nix", "repo": "nix",
"rev": "b0972b0eee6726081d10b1199f54de6d2917f861", "rev": "6f0140527c2b0346df4afad7497baa08decb929f",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "cachix", "owner": "cachix",
"ref": "devenv-2.30.4", "ref": "devenv-2.30.5",
"repo": "nix", "repo": "nix",
"type": "github" "type": "github"
} }
@ -463,11 +463,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1758663926, "lastModified": 1760958188,
"narHash": "sha256-6CFdj7Xs616t1W4jLDH7IohAAvl5Dyib3qEv/Uqw1rk=", "narHash": "sha256-2m1S4jl+GEDtlt2QqeHil8Ny456dcGSKJAM7q3j/BFU=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "170ff93c860b2a9868ed1e1102d4e52cb3d934e1", "rev": "d6645c340ef7d821602fd2cd199e8d1eed10afbc",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -479,11 +479,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1758035966, "lastModified": 1760524057,
"narHash": "sha256-qqIJ3yxPiB0ZQTT9//nFGQYn8X/PBoJbofA7hRKZnmE=", "narHash": "sha256-EVAqOteLBFmd7pKkb0+FIUyzTF61VKi7YmvP1tw4nEw=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "8d4ddb19d03c65a36ad8d189d001dc32ffb0306b", "rev": "544961dfcce86422ba200ed9a0b00dd4b1486ec5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -510,11 +510,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1758427187, "lastModified": 1760878510,
"narHash": "sha256-pHpxZ/IyCwoTQPtFIAG2QaxuSm8jWzrzBGjwQZIttJc=", "narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "554be6495561ff07b6c724047bdd7e0716aa7b46", "rev": "5e2a59a5b1a82f89f2c7e598302a9cacebb72a67",
"type": "github" "type": "github"
}, },
"original": { "original": {

2
flake.nix
View file

@ -81,7 +81,7 @@
profiles.system = { profiles.system = {
user = "root"; user = "root";
sshUser = "alejandro"; sshUser = "alejandro";
path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos inputs.self.nixosConfigurations.node; path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos inputs.self.nixosConfigurations.gospel;
sshOpts = [ "-A" ]; sshOpts = [ "-A" ];
}; };
}; };

4
homes/aarch64-linux/alejandro@pi4/default.nix
View file

@ -1,4 +1,4 @@
{ ... }: { lib, ... }:
{ {
aa = { aa = {
apps = { apps = {
@ -22,6 +22,6 @@
# misc utils without custom config # misc utils without custom config
programs = { programs = {
fzf.enable = true; fzf.enable = lib.mkForce false;
}; };
} }

69
modules/home/tools/git/default.nix
View file

@ -36,35 +36,48 @@ in
}; };
catppuccin.delta.enable = true; catppuccin.delta.enable = true;
programs.git = { programs.delta = {
delta = {
enable = true;
options = {
line-numbers = true;
navigate = true;
};
};
enable = true; enable = true;
userName = cfg.userName; enableGitIntegration = true;
userEmail = cfg.userEmail; options = {
line-numbers = true;
navigate = true;
};
};
aliases = { programs.git = {
# Prettier log enable = true;
lol = "log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit --date=relative"; settings = {
# Find log and grab its hash alias = {
lof = '' # Prettier log
!${pkgs.git}/bin/git log --pretty=oneline \ lol = "log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit --date=relative";
| ${pkgs.fzf}/bin/fzf --scheme history \ # Find log and grab its hash
| ${pkgs.gawk}/bin/awk '{print $1}' lof = ''
''; !${pkgs.git}/bin/git log --pretty=oneline \
# Push up a new branch with the same as local | ${pkgs.fzf}/bin/fzf --scheme history \
pushup = "push -u origin HEAD"; | ${pkgs.gawk}/bin/awk '{print $1}'
'';
# Push up a new branch with the same as local
pushup = "push -u origin HEAD";
};
user = {
name = cfg.userName;
email = cfg.userEmail;
};
init = {
defaultBranch = "main";
};
pull = {
rebase = true;
};
}; };
signing = { signing = {
key = cfg.signingKey; key = cfg.signingKey;
signByDefault = mkDefault true; signByDefault = mkDefault false;
}; };
ignores = [ ignores = [
@ -83,16 +96,6 @@ in
".envrc" ".envrc"
".direnv" ".direnv"
]; ];
extraConfig = {
init = {
defaultBranch = "main";
};
pull = {
rebase = true;
};
};
}; };
catppuccin.lazygit.enable = true; catppuccin.lazygit.enable = true;

2
modules/nixos/nix/default.nix
View file

@ -20,7 +20,7 @@ in
enable = mkEnableOption "manage nix configuration."; enable = mkEnableOption "manage nix configuration.";
package = mkOption { package = mkOption {
type = types.package; type = types.package;
default = pkgs.nixVersions.latest; default = pkgs.nixVersions.nix_2_31;
description = "Which nix package to use."; description = "Which nix package to use.";
}; };

8
modules/nixos/services/mosquitto/default.nix
View file

@ -15,6 +15,7 @@ in
hass_mqtt.file = ../../../../secrets/hass_mqtt.age; hass_mqtt.file = ../../../../secrets/hass_mqtt.age;
theengs_ble_mqtt.file = ../../../../secrets/theengs_ble_mqtt.age; theengs_ble_mqtt.file = ../../../../secrets/theengs_ble_mqtt.age;
teslamate_mqtt.file = ../../../../secrets/teslamate_mqtt.age; teslamate_mqtt.file = ../../../../secrets/teslamate_mqtt.age;
zigbee2mqtt_mqtt.file = ../../../../secrets/zigbee2mqtt_mqtt.age;
}; };
services.mosquitto = { services.mosquitto = {
@ -41,6 +42,13 @@ in
acl = [ "readwrite teslamate/#" ]; acl = [ "readwrite teslamate/#" ];
passwordFile = config.age.secrets.teslamate_mqtt.path; passwordFile = config.age.secrets.teslamate_mqtt.path;
}; };
zigbee2mqtt = {
acl = [
"readwrite zigbee2mqtt/#"
"readwrite homeassistant/#"
];
passwordFile = config.age.secrets.zigbee2mqtt_mqtt.path;
};
}; };
} }
]; ];

75
modules/nixos/services/zigbee2mqtt/default.nix Normal file
View file

@ -0,0 +1,75 @@
{
config,
lib,
namespace,
...
}:
let
cfg = config.${namespace}.services.zigbee2mqtt;
in
{
options.${namespace}.services.zigbee2mqtt = {
enable = lib.mkEnableOption "zigbee2mqtt";
acmeCertName = lib.mkOption {
type = lib.types.str;
default = "";
description = ''
If set to a non-empty string, forces SSL with the supplied acme
certificate.
'';
};
};
config = lib.mkIf cfg.enable {
age.secrets.zigbee2mqtt_creds = {
file = ../../../../secrets/zigbee2mqtt_creds.age;
path = "/var/lib/zigbee2mqtt/secret.yaml";
owner = "zigbee2mqtt";
group = "zigbee2mqtt";
mode = "0400";
};
services.zigbee2mqtt = {
enable = true;
settings = {
version = 4;
mqtt = {
base_topic = "zigbee2mqtt";
server = "mqtt://192.168.113.13:1833";
# TODO: Write secret.yaml file
user = "!secret.yaml user";
password = "!secret.yaml password";
};
serial = {
port = "tcp://192.168.113.130:6638";
adapter = "zstack";
};
advanced = {
channel = 11;
network_key = "GENERATE";
pan_id = "GENERATE";
ext_pan_id = "GENERATE";
};
frontend = {
enabled = true;
port = 8080;
};
homeassistant = {
enabled = true;
};
};
};
services.nginx = {
enable = true;
recommendedProxySettings = true;
virtualHosts."zigbee2mqtt.kilonull.com" = {
locations."/".proxyPass = "http://127.0.0.1:8080";
}
// lib.optionalAttrs (cfg.acmeCertName != "") {
forceSSL = true;
useACMEHost = cfg.acmeCertName;
};
};
};
}

12
secrets/secrets.nix
View file

@ -2,6 +2,8 @@ let
# Remember to pass '--identity identities/me.txt` when using this key # Remember to pass '--identity identities/me.txt` when using this key
users.me = "age1yubikey1qdwgvfqrcqmyw56ux7azuvqr6f8nanszu27nztvxmn4utmplgxctzt90g25"; users.me = "age1yubikey1qdwgvfqrcqmyw56ux7azuvqr6f8nanszu27nztvxmn4utmplgxctzt90g25";
tmp = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICJ7IsNxP/wa3X8isEp8Js7yVgk3gX2ud7EClvZClDpS";
machines = { machines = {
gospel = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGDzjXVoQEfO9JIcFbp56EvQ0oBdr9Cmhxp4z0ih+ZEZ"; gospel = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGDzjXVoQEfO9JIcFbp56EvQ0oBdr9Cmhxp4z0ih+ZEZ";
node = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIETLBnc8kJokmFiA28BaSYpeE7flY1W0SM5C1pWv/tOv"; node = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIETLBnc8kJokmFiA28BaSYpeE7flY1W0SM5C1pWv/tOv";
@ -70,4 +72,14 @@ in
machines.pi4 machines.pi4
machines.gospel machines.gospel
]; ];
"zigbee2mqtt_mqtt.age".publicKeys = [
users.me
tmp
machines.pi4
];
"zigbee2mqtt_creds.age".publicKeys = [
users.me
tmp
machines.node
];
} }

9
secrets/zigbee2mqtt_creds.age Normal file
View file

@ -0,0 +1,9 @@
age-encryption.org/v1
-> piv-p256 UIEGzg Ai9Ksp5u8wvOwiHy2wyH97mm6Pf0rcbuB4R8wotlG6xR
REDbwR5Kqc2Y10j9HnPlHEqOORVMnlhTH/JySz7nVDo
-> ssh-ed25519 PZKfOQ N2nxHXlO0ZvqbSQLVT1l0ivTxGgkMxsuuO7pMMHzyC8
5fSbG09zq6VrFxW4lCQHczvYF8ldfPenl1uEbQZq1g8
-> ssh-ed25519 Yk7ehg vtLVcIkOX3SwD64gm9Jlgg+pDpdR920/Aldck5v+oTk
J8n4fgLOZ8LA4CFuT3O8+U1b9d7RFlG3P87PMrX3aok
--- X/MHaeT+EReR45PXmvXG1p3bFIip2OBva4/X2/GRhxM
ˆs aÜ)ŽŸdùã®OèöýT8k7ù…ý§àâ ö h04V¹uûºB/U¿Óö5W“>‡Ÿ¸¼à©SäÂh©õØp 2§¹G5 hlÌl—ë

BIN
secrets/zigbee2mqtt_mqtt.age Normal file
View file

Binary file not shown.

1
systems/x86_64-linux/carbon/default.nix
View file

@ -66,6 +66,7 @@
signal-desktop-bin signal-desktop-bin
]; ];
programs.adb.enable = true;
programs.light.enable = true; programs.light.enable = true;
# This value determines the NixOS release from which the default # This value determines the NixOS release from which the default

5
systems/x86_64-linux/node/default.nix
View file

@ -62,6 +62,11 @@
acmeCertName = "kilonull.com"; acmeCertName = "kilonull.com";
}; };
services.zigbee2mqtt = {
enable = true;
acmeCertName = "kilonull.com";
};
security.acme = { security.acme = {
enable = true; enable = true;
domainName = "kilonull.com"; domainName = "kilonull.com";