diff --git a/flake.lock b/flake.lock index ea31a69..e0b87b2 100644 --- a/flake.lock +++ b/flake.lock @@ -27,20 +27,14 @@ }, "catppuccin": { "inputs": { - "catppuccin-v1_1": "catppuccin-v1_1", - "catppuccin-v1_2": "catppuccin-v1_2", - "home-manager": "home-manager", - "home-manager-stable": "home-manager-stable", - "nixpkgs": "nixpkgs", - "nixpkgs-stable": "nixpkgs-stable", - "nuscht-search": "nuscht-search" + "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1736957255, - "narHash": "sha256-qZZ/K5XheRMjCNYgle90QESuys0PIFJNPJJswMJ0GEA=", + "lastModified": 1741732420, + "narHash": "sha256-szO/TCc+UrjEtxi4K3GyoAv5/DKDkUeRtpTZTJY+zI4=", "owner": "catppuccin", "repo": "nix", - "rev": "f06fcadf9a61b6581b392e72f230fa6783fe36e4", + "rev": "a3f70463fb5e3df32d2d52a2705606db03843de2", "type": "github" }, "original": { @@ -49,34 +43,6 @@ "type": "github" } }, - "catppuccin-v1_1": { - "locked": { - "lastModified": 1734055249, - "narHash": "sha256-pCWJgwo77KD7EJpwynwKrWPZ//dwypHq2TfdzZWqK68=", - "rev": "7221d6ca17ac36ed20588e1c3a80177ac5843fa7", - "revCount": 326, - "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/catppuccin/nix/1.1.1/0193bdc0-b045-7eed-bbec-95611a8ecdf5/source.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://flakehub.com/f/catppuccin/nix/1.1.%2A.tar.gz" - } - }, - "catppuccin-v1_2": { - "locked": { - "lastModified": 1734734291, - "narHash": "sha256-CFX4diEQHKvZYjnhf7TLg20m3ge1O4vqgplsk/Kuaek=", - "rev": "1e4c3803b8da874ff75224ec8512cb173036bbd8", - "revCount": 344, - "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/catppuccin/nix/1.2.1/0193e646-1107-7f69-a402-f2a3988ecf1d/source.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://flakehub.com/f/catppuccin/nix/1.2.%2A.tar.gz" - } - }, "deploy-rs": { "inputs": { "flake-compat": "flake-compat", @@ -209,7 +175,7 @@ }, "flake-utils": { "inputs": { - "systems": "systems_2" + "systems": "systems_3" }, "locked": { "lastModified": 1731533236, @@ -227,7 +193,7 @@ }, "flake-utils-plus": { "inputs": { - "flake-utils": "flake-utils_3" + "flake-utils": "flake-utils_2" }, "locked": { "lastModified": 1715533576, @@ -248,24 +214,6 @@ "inputs": { "systems": "systems_4" }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_3": { - "inputs": { - "systems": "systems_5" - }, "locked": { "lastModified": 1694529238, "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", @@ -334,58 +282,15 @@ "home-manager": { "inputs": { "nixpkgs": [ - "catppuccin", "nixpkgs" ] }, "locked": { - "lastModified": 1736508663, - "narHash": "sha256-ZOaGwa+WnB7Zn3YXimqjmIugAnHePdXCmNu+AHkq808=", + "lastModified": 1741701235, + "narHash": "sha256-gBlb8R9gnjUAT5XabJeel3C2iEUiBHx3+91651y3Sqo=", "owner": "nix-community", "repo": "home-manager", - "rev": "2532b500c3ed2b8940e831039dcec5a5ea093afc", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "home-manager", - "type": "github" - } - }, - "home-manager-stable": { - "inputs": { - "nixpkgs": [ - "catppuccin", - "nixpkgs-stable" - ] - }, - "locked": { - "lastModified": 1736373539, - "narHash": "sha256-dinzAqCjenWDxuy+MqUQq0I4zUSfaCvN9rzuCmgMZJY=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "bd65bc3cde04c16755955630b344bc9e35272c56", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "release-24.11", - "repo": "home-manager", - "type": "github" - } - }, - "home-manager_2": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1737188535, - "narHash": "sha256-O2ttwW1/dUc/Y+Rf48Njtr4tZpRJhy8FhafikekIjMY=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "1e36429705f9af2d00a517ba46a4f21ef8a8194f", + "rev": "c630dfa8abcc65984cc1e47fb25d4552c81dd37e", "type": "github" }, "original": { @@ -395,7 +300,7 @@ "type": "github" } }, - "home-manager_3": { + "home-manager_2": { "inputs": { "nixpkgs": [ "nixvim", @@ -418,34 +323,6 @@ } }, "ixx": { - "inputs": { - "flake-utils": [ - "catppuccin", - "nuscht-search", - "flake-utils" - ], - "nixpkgs": [ - "catppuccin", - "nuscht-search", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1729958008, - "narHash": "sha256-EiOq8jF4Z/zQe0QYVc3+qSKxRK//CFHMB84aYrYGwEs=", - "owner": "NuschtOS", - "repo": "ixx", - "rev": "9fd01aad037f345350eab2cd45e1946cc66da4eb", - "type": "github" - }, - "original": { - "owner": "NuschtOS", - "ref": "v0.0.6", - "repo": "ixx", - "type": "github" - } - }, - "ixx_2": { "inputs": { "flake-utils": [ "nixvim", @@ -520,11 +397,11 @@ ] }, "locked": { - "lastModified": 1737057290, - "narHash": "sha256-3Pe0yKlCc7EOeq1X/aJVDH0CtNL+tIBm49vpepwL1MQ=", + "lastModified": 1740947705, + "narHash": "sha256-Co2kAD2SZalOm+5zoxmzEVZNvZ17TyafuFsD46BwSdY=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "d002ce9b6e7eb467cd1c6bb9aef9c35d191b5453", + "rev": "507911df8c35939050ae324caccc7cf4ffb76565", "type": "github" }, "original": { @@ -535,11 +412,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1736978406, - "narHash": "sha256-oMr3PVIQ8XPDI8/x6BHxsWEPBRU98Pam6KGVwUh8MPk=", + "lastModified": 1741325094, + "narHash": "sha256-RUAdT8dZ6k/486vnu3tiNRrNW6+Q8uSD2Mq7gTX4jlo=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "b678606690027913f3434dea3864e712b862dde5", + "rev": "b48cc4dab0f9711af296fc367b6108cf7b8ccb16", "type": "github" }, "original": { @@ -551,11 +428,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1736012469, - "narHash": "sha256-/qlNWm/IEVVH7GfgAIyP6EsVZI6zjAx1cV5zNyrs+rI=", + "lastModified": 1741246872, + "narHash": "sha256-Q6pMP4a9ed636qilcYX8XUguvKl/0/LGXhHcRI91p0U=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8f3e1f807051e32d8c95cd12b9b421623850a34d", + "rev": "10069ef4cf863633f57238f179a0297de84bd8d3", "type": "github" }, "original": { @@ -577,29 +454,13 @@ "url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz" } }, - "nixpkgs-stable": { - "locked": { - "lastModified": 1736061677, - "narHash": "sha256-DjkQPnkAfd7eB522PwnkGhOMuT9QVCZspDpJJYyOj60=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "cbd8ec4de4469333c82ff40d057350c30e9f7d36", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-24.11", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_2": { "locked": { - "lastModified": 1737062831, - "narHash": "sha256-Tbk1MZbtV2s5aG+iM99U8FqwxU/YNArMcWAv6clcsBc=", + "lastModified": 1741513245, + "narHash": "sha256-7rTAMNTY1xoBwz0h7ZMtEcd8LELk9R5TzBPoHuhNSCk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5df43628fdf08d642be8ba5b3625a6c70731c19c", + "rev": "e3e32b642a31e6714ec1b712de8c91a3352ce7e1", "type": "github" }, "original": { @@ -654,7 +515,7 @@ "flake-compat": "flake-compat_2", "flake-parts": "flake-parts_2", "git-hooks": "git-hooks", - "home-manager": "home-manager_3", + "home-manager": "home-manager_2", "nix-darwin": "nix-darwin", "nixpkgs": "nixpkgs_3", "nuschtosSearch": "nuschtosSearch", @@ -674,33 +535,10 @@ "type": "github" } }, - "nuscht-search": { + "nuschtosSearch": { "inputs": { "flake-utils": "flake-utils", "ixx": "ixx", - "nixpkgs": [ - "catppuccin", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1735854821, - "narHash": "sha256-Iv59gMDZajNfezTO0Fw6LHE7uKAShxbvMidmZREit7c=", - "owner": "NuschtOS", - "repo": "search", - "rev": "836908e3bddd837ae0f13e215dd48767aee355f0", - "type": "github" - }, - "original": { - "owner": "NuschtOS", - "repo": "search", - "type": "github" - } - }, - "nuschtosSearch": { - "inputs": { - "flake-utils": "flake-utils_2", - "ixx": "ixx_2", "nixpkgs": [ "nixvim", "nixvim", @@ -724,11 +562,11 @@ "powerlevel10k": { "flake": false, "locked": { - "lastModified": 1736162665, - "narHash": "sha256-6tWuayZgQd9pUrD3xKlUSmOFQCgZ96G3DB8ojgZ/a78=", + "lastModified": 1738157299, + "narHash": "sha256-isxgLWpbBuNoETXCOlJ4nwGSxMwCjoVF5D0dMZWtM5s=", "owner": "romkatv", "repo": "powerlevel10k", - "rev": "3e2053a9341fe4cf5ab69909d3f39d53b1dfe772", + "rev": "8fa10f43a0f65a5e15417128be63e68e1d5b1f66", "type": "github" }, "original": { @@ -743,7 +581,7 @@ "agenix": "agenix", "catppuccin": "catppuccin", "deploy-rs": "deploy-rs", - "home-manager": "home-manager_2", + "home-manager": "home-manager", "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_2", @@ -835,21 +673,6 @@ "type": "github" } }, - "systems_5": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "treefmt-nix": { "inputs": { "nixpkgs": [ @@ -874,7 +697,7 @@ }, "utils": { "inputs": { - "systems": "systems_3" + "systems": "systems_2" }, "locked": { "lastModified": 1701680307, diff --git a/modules/nixos/services/homeassistant/default.nix b/modules/nixos/services/homeassistant/default.nix index 43b0ee7..366d9c0 100644 --- a/modules/nixos/services/homeassistant/default.nix +++ b/modules/nixos/services/homeassistant/default.nix @@ -4,12 +4,19 @@ pkgs, namespace, ... -}: let - inherit (lib) mkIf mkEnableOption mkOption types; +}: +let + inherit (lib) + mkIf + mkEnableOption + mkOption + types + ; cfg = config.${namespace}.services.homeassistant; hass_cfg = config.services.home-assistant; -in { +in +{ options.${namespace}.services.homeassistant = { enable = mkEnableOption "home assistant"; acmeCertName = mkOption { @@ -25,14 +32,24 @@ in { config = mkIf cfg.enable { services.home-assistant = { enable = true; - extraPackages = python3packages: - with python3packages; [ + extraPackages = + python3packages: with python3packages; [ # postgresql support psycopg2 + + # homekit support + hap-python ]; extraComponents = [ + "3_day_blinds" + "motion_blinds" + + "opower" + "smud" + "cast" + "homekit_controller" "hue" "met" "mqtt" @@ -46,10 +63,10 @@ in { ]; config = { - default_config = {}; + default_config = { }; http = { use_x_forwarded_for = true; - trusted_proxies = ["127.0.0.1"]; + trusted_proxies = [ "127.0.0.1" ]; }; recorder.db_url = "postgresql://@/hass"; @@ -75,7 +92,7 @@ in { }; services.postgresql = { - ensureDatabases = ["hass"]; + ensureDatabases = [ "hass" ]; ensureUsers = [ { name = "hass"; diff --git a/modules/nixos/services/nextcloud/default.nix b/modules/nixos/services/nextcloud/default.nix index dd23c61..3d32b97 100644 --- a/modules/nixos/services/nextcloud/default.nix +++ b/modules/nixos/services/nextcloud/default.nix @@ -3,7 +3,8 @@ lib, pkgs, ... -}: let +}: +let cfg = config.aa.services.nextcloud; secrets = config.age.secrets; @@ -15,7 +16,8 @@ group = "nextcloud"; }; }; -in { +in +{ options.aa.services.nextcloud = with lib; { enable = mkEnableOption "nextcloud"; acmeCertName = mkOption { @@ -29,28 +31,30 @@ in { }; config = lib.mkIf cfg.enable { - age.secrets = builtins.listToAttrs (builtins.map (attrs: mkNextcloudSecret attrs) [ - { - name = "restic/password"; - path = ../../../../secrets/nextcloud_restic_password.age; - } - { - name = "restic/env"; - path = ../../../../secrets/nextcloud_restic_env.age; - } - { - name = "restic/repo"; - path = ../../../../secrets/nextcloud_restic_repo.age; - } - { - name = "nextcloud_admin"; - path = ../../../../secrets/nextcloud_admin.age; - } - ]); + age.secrets = builtins.listToAttrs ( + builtins.map (attrs: mkNextcloudSecret attrs) [ + { + name = "restic/password"; + path = ../../../../secrets/nextcloud_restic_password.age; + } + { + name = "restic/env"; + path = ../../../../secrets/nextcloud_restic_env.age; + } + { + name = "restic/repo"; + path = ../../../../secrets/nextcloud_restic_repo.age; + } + { + name = "nextcloud_admin"; + path = ../../../../secrets/nextcloud_admin.age; + } + ] + ); services.nextcloud = { enable = true; - package = pkgs.nextcloud30; + package = pkgs.nextcloud31; hostName = "nextcloud.kilonull.com"; https = true; database.createLocally = true; @@ -75,16 +79,18 @@ in { }; # nextcloud module configures nginx, just need to specify SSL stuffs here - services.nginx.virtualHosts.${config.services.nextcloud.hostName} = lib.mkIf (cfg.acmeCertName != "") { - forceSSL = true; - useACMEHost = cfg.acmeCertName; - }; + services.nginx.virtualHosts.${config.services.nextcloud.hostName} = + lib.mkIf (cfg.acmeCertName != "") + { + forceSSL = true; + useACMEHost = cfg.acmeCertName; + }; services.restic.backups = { nextcloud = { user = "nextcloud"; initialize = true; - paths = [config.services.nextcloud.datadir]; + paths = [ config.services.nextcloud.datadir ]; environmentFile = secrets."restic/env".path; repositoryFile = secrets."restic/repo".path; passwordFile = secrets."restic/password".path; @@ -93,10 +99,18 @@ in { Persistent = true; RandomizedDelaySec = "5h"; }; - pruneOpts = ["--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12" "--keep-yearly 9001"]; + pruneOpts = [ + "--keep-daily 7" + "--keep-weekly 5" + "--keep-monthly 12" + "--keep-yearly 9001" + ]; }; }; - networking.firewall.allowedTCPPorts = [80 443]; + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; }; } diff --git a/systems/x86_64-linux/gospel/default.nix b/systems/x86_64-linux/gospel/default.nix index 1aa48cd..21e508a 100644 --- a/systems/x86_64-linux/gospel/default.nix +++ b/systems/x86_64-linux/gospel/default.nix @@ -2,7 +2,8 @@ config, pkgs, ... -}: { +}: +{ imports = [ ./hardware-configuration.nix ./zfs.nix @@ -62,7 +63,10 @@ system.zfs.enable = true; system.monitoring.enable = true; - user.extraGroups = ["dialout" "libvirtd"]; + user.extraGroups = [ + "dialout" + "libvirtd" + ]; }; services.udev.packages = [ @@ -110,12 +114,18 @@ programs.virt-manager.enable = true; - boot.binfmt.emulatedSystems = ["aarch64-linux" "armv6l-linux"]; + boot.binfmt.emulatedSystems = [ + "aarch64-linux" + "armv6l-linux" + ]; networking = { hostName = "gospel"; - useDHCP = false; defaultGateway = "192.168.113.1"; - nameservers = ["192.168.113.13" "1.1.1.1"]; + networkmanager.enable = true; + nameservers = [ + "192.168.113.1" + "1.1.1.1" + ]; interfaces.eno1.ipv4.addresses = [ { address = "192.168.113.69"; # nice @@ -123,6 +133,11 @@ } ]; }; + programs.winbox = { + enable = true; + openFirewall = true; + }; + programs.nm-applet.enable = true; time.timeZone = "America/Los_Angeles"; diff --git a/systems/x86_64-linux/node/default.nix b/systems/x86_64-linux/node/default.nix index 57bd407..563a0ea 100644 --- a/systems/x86_64-linux/node/default.nix +++ b/systems/x86_64-linux/node/default.nix @@ -3,7 +3,8 @@ pkgs, lib, ... -}: { +}: +{ imports = [ ./hardware-configuration.nix ./zfs.nix @@ -24,10 +25,6 @@ configureServerRouting = true; }; services.openssh.enable = true; - services.adguardhome = { - enable = true; - acmeCertName = "kilonull.com"; - }; services.nextcloud = { enable = true; acmeCertName = "kilonull.com"; @@ -75,32 +72,16 @@ apps.yubikey.enable = true; }; - # Rewrite specific to this machine (didn't want to put this in my adguardhome - # module incase I want to reuse it for something else later) - services.adguardhome.settings.filtering.rewrites = [ - { - domain = "octoprint.kilonull.com"; - answer = "192.168.113.42"; - } - { - domain = "hydra.kilonull.com"; - answer = "192.168.113.69"; - } - { - domain = "cache.kilonull.com"; - answer = "192.168.113.69"; - } - { - domain = "*.kilonull.com"; - answer = "192.168.113.13"; - } - ]; + services.avahi = { + enable = true; + nssmdns4 = true; + }; security.pam.sshAgentAuth = { enable = true; # Addresses issue 31611 # See: https://github.com/NixOS/nixpkgs/issues/31611 - authorizedKeysFiles = lib.mkForce ["/etc/ssh/authorized_keys.d/%u"]; + authorizedKeysFiles = lib.mkForce [ "/etc/ssh/authorized_keys.d/%u" ]; }; security.pam.services.${config.aa.user.name}.sshAgentAuth = true; @@ -115,7 +96,10 @@ hostName = "node"; useDHCP = false; defaultGateway = "192.168.113.1"; - nameservers = ["127.0.0.1" "1.1.1.1"]; + nameservers = [ + "192.168.113.1" + "1.1.1.1" + ]; interfaces.enp7s0.ipv4.addresses = [ { address = "192.168.113.13"; @@ -124,20 +108,6 @@ ]; }; - # Running own DNS resolver on same system. This prevents DNS issues with ACME - systemd.services = let - dependency = ["adguardhome.service"]; - in - lib.mapAttrs' - (name: _: - lib.nameValuePair "acme-${name}" { - after = dependency; - preStart = '' - sleep 10 - ''; - }) - config.security.acme.certs; - # List packages installed in system profile. To search, run: # $ nix search wget environment.systemPackages = with pkgs; [