From fc15a9605bb87eeb8516ac18999c06e860e3af41 Mon Sep 17 00:00:00 2001 From: alejandro-angulo Date: Sat, 20 Sep 2025 21:56:51 -0700 Subject: [PATCH 01/10] Update lockfile --- flake.lock | 49 ++++++++++++++++++++++++++----------------------- 1 file changed, 26 insertions(+), 23 deletions(-) diff --git a/flake.lock b/flake.lock index a3ae358..8aaeecf 100644 --- a/flake.lock +++ b/flake.lock @@ -62,11 +62,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1757320803, - "narHash": "sha256-7PUIQOMQSJLkNtV42SAYUDw0mRdbBNl6q8pLN8GViwM=", + "lastModified": 1758270360, + "narHash": "sha256-yqh6EEhlpVWRoKl85o1s+QZ72UHWTvornnc3C0Ls484=", "owner": "catppuccin", "repo": "nix", - "rev": "d75e3fe67f49728cb5035bc791f4b9065ff3a2c9", + "rev": "2e0aacdd6abbecd1b1c0511a2fcd1460a6bc6645", "type": "github" }, "original": { @@ -101,6 +101,7 @@ "inputs": { "cachix": "cachix", "flake-compat": "flake-compat_2", + "flake-parts": "flake-parts", "git-hooks": "git-hooks", "nix": "nix", "nixpkgs": [ @@ -108,11 +109,11 @@ ] }, "locked": { - "lastModified": 1757570236, - "narHash": "sha256-Gy15+KtKc/MyT4L9Ad/2wkXQvDiMkhtKy9Tnn3+kPww=", + "lastModified": 1758366037, + "narHash": "sha256-5PK0eHAWMtwaexQ7PR68gzpeo5WjMY9hq2BcEBHjSLA=", "owner": "cachix", "repo": "devenv", - "rev": "c57bded76fa6a885ab1dee2c75216cc23d58b311", + "rev": "ebb56bfe1aa0936de2f8a68c616dabff1285e905", "type": "github" }, "original": { @@ -173,16 +174,15 @@ "inputs": { "nixpkgs-lib": [ "devenv", - "nix", "nixpkgs" ] }, "locked": { - "lastModified": 1733312601, - "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", + "lastModified": 1756770412, + "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", + "rev": "4524271976b625a4a605beefd893f270620fd751", "type": "github" }, "original": { @@ -341,11 +341,11 @@ ] }, "locked": { - "lastModified": 1757784838, - "narHash": "sha256-6aHo1++bAFdW1z+0tfuxM9EmxHvon90mHo8/+izXMcY=", + "lastModified": 1758375677, + "narHash": "sha256-BLtD+6qWz7fQjPk2wpwyXQLGI0E30Ikgf2ppn2nVadI=", "owner": "nix-community", "repo": "home-manager", - "rev": "6e28513cf2ee9a985c339fcef24d44f43d23456b", + "rev": "edc7468e12be92e926847cb02418e649b02b59dd", "type": "github" }, "original": { @@ -391,7 +391,10 @@ "devenv", "flake-compat" ], - "flake-parts": "flake-parts", + "flake-parts": [ + "devenv", + "flake-parts" + ], "git-hooks-nix": [ "devenv", "git-hooks" @@ -460,11 +463,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1757775351, - "narHash": "sha256-xWsxmNHwt9jV/yFJqzsNeilpH4BR8MPe44Yt0eaGAIM=", + "lastModified": 1757943327, + "narHash": "sha256-w6cDExPBqbq7fTLo4dZ1ozDGeq3yV6dSN4n/sAaS6OM=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "f89c620d3d6e584d98280b48f0af7be4f8506ab5", + "rev": "67a709cfe5d0643dafd798b0b613ed579de8be05", "type": "github" }, "original": { @@ -476,11 +479,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1756266583, - "narHash": "sha256-cr748nSmpfvnhqSXPiCfUPxRz2FJnvf/RjJGvFfaCsM=", + "lastModified": 1758035966, + "narHash": "sha256-qqIJ3yxPiB0ZQTT9//nFGQYn8X/PBoJbofA7hRKZnmE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8a6d5427d99ec71c64f0b93d45778c889005d9c2", + "rev": "8d4ddb19d03c65a36ad8d189d001dc32ffb0306b", "type": "github" }, "original": { @@ -507,11 +510,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1757487488, - "narHash": "sha256-zwE/e7CuPJUWKdvvTCB7iunV4E/+G0lKfv4kk/5Izdg=", + "lastModified": 1758277210, + "narHash": "sha256-iCGWf/LTy+aY0zFu8q12lK8KuZp7yvdhStehhyX1v8w=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ab0f3607a6c7486ea22229b92ed2d355f1482ee0", + "rev": "8eaee110344796db060382e15d3af0a9fc396e0e", "type": "github" }, "original": { From d5128d7d1037f90e1868857fa67489ac020dd117 Mon Sep 17 00:00:00 2001 From: alejandro-angulo Date: Wed, 24 Sep 2025 18:39:20 -0700 Subject: [PATCH 02/10] Update lockfile --- flake.lock | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/flake.lock b/flake.lock index 8aaeecf..b5805e6 100644 --- a/flake.lock +++ b/flake.lock @@ -43,11 +43,11 @@ ] }, "locked": { - "lastModified": 1748883665, - "narHash": "sha256-R0W7uAg+BLoHjMRMQ8+oiSbTq8nkGz5RDpQ+ZfxxP3A=", + "lastModified": 1752264895, + "narHash": "sha256-1zBPE/PNAkPNUsOWFET4J0cjlvziH8DOekesDmjND+w=", "owner": "cachix", "repo": "cachix", - "rev": "f707778d902af4d62d8dd92c269f8e70de09acbe", + "rev": "47053aef762f452e816e44eb9a23fbc3827b241a", "type": "github" }, "original": { @@ -109,11 +109,11 @@ ] }, "locked": { - "lastModified": 1758366037, - "narHash": "sha256-5PK0eHAWMtwaexQ7PR68gzpeo5WjMY9hq2BcEBHjSLA=", + "lastModified": 1758758270, + "narHash": "sha256-VTRgRGbr2lIMWSujokhySjFn8VGHCxXfQstxUsCaw6Y=", "owner": "cachix", "repo": "devenv", - "rev": "ebb56bfe1aa0936de2f8a68c616dabff1285e905", + "rev": "bcd30a9f7f70375a684c29c019e5a5c224c10718", "type": "github" }, "original": { @@ -299,11 +299,11 @@ ] }, "locked": { - "lastModified": 1750779888, - "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=", + "lastModified": 1758108966, + "narHash": "sha256-ytw7ROXaWZ7OfwHrQ9xvjpUWeGVm86pwnEd1QhzawIo=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d", + "rev": "54df955a695a84cd47d4a43e08e1feaf90b1fd9b", "type": "github" }, "original": { @@ -341,11 +341,11 @@ ] }, "locked": { - "lastModified": 1758375677, - "narHash": "sha256-BLtD+6qWz7fQjPk2wpwyXQLGI0E30Ikgf2ppn2nVadI=", + "lastModified": 1758748290, + "narHash": "sha256-/U2axzLmPgJb/0J+vQ4XmS++72VZWxJnDblwqTyGmEk=", "owner": "nix-community", "repo": "home-manager", - "rev": "edc7468e12be92e926847cb02418e649b02b59dd", + "rev": "2e260431fca7a782e0d0591985f2040944b43541", "type": "github" }, "original": { @@ -420,7 +420,7 @@ }, "original": { "owner": "cachix", - "ref": "devenv-2.30", + "ref": "devenv-2.30.4", "repo": "nix", "type": "github" } @@ -463,11 +463,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1757943327, - "narHash": "sha256-w6cDExPBqbq7fTLo4dZ1ozDGeq3yV6dSN4n/sAaS6OM=", + "lastModified": 1758663926, + "narHash": "sha256-6CFdj7Xs616t1W4jLDH7IohAAvl5Dyib3qEv/Uqw1rk=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "67a709cfe5d0643dafd798b0b613ed579de8be05", + "rev": "170ff93c860b2a9868ed1e1102d4e52cb3d934e1", "type": "github" }, "original": { @@ -510,11 +510,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1758277210, - "narHash": "sha256-iCGWf/LTy+aY0zFu8q12lK8KuZp7yvdhStehhyX1v8w=", + "lastModified": 1758427187, + "narHash": "sha256-pHpxZ/IyCwoTQPtFIAG2QaxuSm8jWzrzBGjwQZIttJc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8eaee110344796db060382e15d3af0a9fc396e0e", + "rev": "554be6495561ff07b6c724047bdd7e0716aa7b46", "type": "github" }, "original": { From 6059bbb7325f4e895f77339a9c51d2e81fd24dbd Mon Sep 17 00:00:00 2001 From: alejandro-angulo Date: Wed, 24 Sep 2025 18:41:20 -0700 Subject: [PATCH 03/10] Add wrapper for signal This fixes some issues I saw running with wayland --- systems/x86_64-linux/carbon/default.nix | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/systems/x86_64-linux/carbon/default.nix b/systems/x86_64-linux/carbon/default.nix index 45727d7..151a64e 100644 --- a/systems/x86_64-linux/carbon/default.nix +++ b/systems/x86_64-linux/carbon/default.nix @@ -63,7 +63,13 @@ hugo nixos-generators vlc - signal-desktop-bin + (signal-desktop-bin.overrideAttrs (oldAttrs: { + nativeBuildInputs = oldAttrs.nativeBuildInputs ++ [ pkgs.makeWrapper ]; + postInstall = oldAttrs.postInstall or "" + '' + wrapProgram $out/bin/signal-desktop \ + --add-flags "--enable-features=UseOzonePlatform --ozone-platform=wayland" + ''; + })) ]; programs.light.enable = true; From b77e23bdf37ec78b3568609c6f6f303a8317c0e9 Mon Sep 17 00:00:00 2001 From: alejandro-angulo Date: Wed, 24 Sep 2025 18:55:43 -0700 Subject: [PATCH 04/10] Move signal-desktop-bin override to an overlay --- overlays/signal-desktop-bin/default.nix | 10 ++++++++++ systems/x86_64-linux/carbon/default.nix | 8 +------- 2 files changed, 11 insertions(+), 7 deletions(-) create mode 100644 overlays/signal-desktop-bin/default.nix diff --git a/overlays/signal-desktop-bin/default.nix b/overlays/signal-desktop-bin/default.nix new file mode 100644 index 0000000..be1b4c3 --- /dev/null +++ b/overlays/signal-desktop-bin/default.nix @@ -0,0 +1,10 @@ +{ ... }: +(final: prev: { + signal-desktop-bin = prev.signal-desktop-bin.overrideAttrs (oldAttrs: { + nativeBuildInputs = oldAttrs.nativeBuildInputs ++ [ prev.makeWrapper ]; + postInstall = oldAttrs.postInstall or "" + '' + wrapProgram $out/bin/signal-desktop \ + --add-flags "--enable-features=UseOzonePlatform --ozone-platform=wayland" + ''; + }); +}) diff --git a/systems/x86_64-linux/carbon/default.nix b/systems/x86_64-linux/carbon/default.nix index 151a64e..45727d7 100644 --- a/systems/x86_64-linux/carbon/default.nix +++ b/systems/x86_64-linux/carbon/default.nix @@ -63,13 +63,7 @@ hugo nixos-generators vlc - (signal-desktop-bin.overrideAttrs (oldAttrs: { - nativeBuildInputs = oldAttrs.nativeBuildInputs ++ [ pkgs.makeWrapper ]; - postInstall = oldAttrs.postInstall or "" + '' - wrapProgram $out/bin/signal-desktop \ - --add-flags "--enable-features=UseOzonePlatform --ozone-platform=wayland" - ''; - })) + signal-desktop-bin ]; programs.light.enable = true; From b385cf3bee3b520c9063aaa3c8c01ac86e680c7c Mon Sep 17 00:00:00 2001 From: alejandro-angulo Date: Wed, 22 Oct 2025 17:44:51 -0700 Subject: [PATCH 05/10] Misc updates (lockfile, zigbee2mqtt) --- flake.lock | 50 ++++++------ flake.nix | 2 +- homes/aarch64-linux/alejandro@pi4/default.nix | 4 +- modules/home/tools/git/default.nix | 69 ++++++++-------- modules/nixos/nix/default.nix | 2 +- modules/nixos/services/mosquitto/default.nix | 8 ++ .../nixos/services/zigbee2mqtt/default.nix | 75 ++++++++++++++++++ secrets/secrets.nix | 12 +++ secrets/zigbee2mqtt_creds.age | 9 +++ secrets/zigbee2mqtt_mqtt.age | Bin 0 -> 447 bytes systems/x86_64-linux/carbon/default.nix | 1 + systems/x86_64-linux/node/default.nix | 5 ++ 12 files changed, 175 insertions(+), 62 deletions(-) create mode 100644 modules/nixos/services/zigbee2mqtt/default.nix create mode 100644 secrets/zigbee2mqtt_creds.age create mode 100644 secrets/zigbee2mqtt_mqtt.age diff --git a/flake.lock b/flake.lock index b5805e6..0d07390 100644 --- a/flake.lock +++ b/flake.lock @@ -12,11 +12,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1754433428, - "narHash": "sha256-NA/FT2hVhKDftbHSwVnoRTFhes62+7dxZbxj5Gxvghs=", + "lastModified": 1760836749, + "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", "owner": "ryantm", "repo": "agenix", - "rev": "9edb1787864c4f59ae5074ad498b6272b3ec308d", + "rev": "2f0f812f69f3eb4140157fe15e12739adf82e32a", "type": "github" }, "original": { @@ -62,11 +62,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1758270360, - "narHash": "sha256-yqh6EEhlpVWRoKl85o1s+QZ72UHWTvornnc3C0Ls484=", + "lastModified": 1760953099, + "narHash": "sha256-sOKx2YcHa+lWEvaEOIGqLN2WWk1Wf5z6KM02tdfhMtw=", "owner": "catppuccin", "repo": "nix", - "rev": "2e0aacdd6abbecd1b1c0511a2fcd1460a6bc6645", + "rev": "f5b21876888265d2fee7fb0640d1b66a1c1c6503", "type": "github" }, "original": { @@ -109,11 +109,11 @@ ] }, "locked": { - "lastModified": 1758758270, - "narHash": "sha256-VTRgRGbr2lIMWSujokhySjFn8VGHCxXfQstxUsCaw6Y=", + "lastModified": 1761091275, + "narHash": "sha256-SIiugXvSuI2WFedt1NyDj8yHsSDntsO/JWKyEZ+mI50=", "owner": "cachix", "repo": "devenv", - "rev": "bcd30a9f7f70375a684c29c019e5a5c224c10718", + "rev": "a795c32dc826b51d12706f27fb344f966bb2b084", "type": "github" }, "original": { @@ -341,11 +341,11 @@ ] }, "locked": { - "lastModified": 1758748290, - "narHash": "sha256-/U2axzLmPgJb/0J+vQ4XmS++72VZWxJnDblwqTyGmEk=", + "lastModified": 1761081701, + "narHash": "sha256-IwpfaKg5c/WWQiy8b5QGaVPMvoEQ2J6kpwRFdpVpBNQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "2e260431fca7a782e0d0591985f2040944b43541", + "rev": "9b4a2a7c4fbd75b422f00794af02d6edb4d9d315", "type": "github" }, "original": { @@ -411,16 +411,16 @@ ] }, "locked": { - "lastModified": 1755029779, - "narHash": "sha256-3+GHIYGg4U9XKUN4rg473frIVNn8YD06bjwxKS1IPrU=", + "lastModified": 1758763079, + "narHash": "sha256-Bx1A+lShhOWwMuy3uDzZQvYiBKBFcKwy6G6NEohhv6A=", "owner": "cachix", "repo": "nix", - "rev": "b0972b0eee6726081d10b1199f54de6d2917f861", + "rev": "6f0140527c2b0346df4afad7497baa08decb929f", "type": "github" }, "original": { "owner": "cachix", - "ref": "devenv-2.30.4", + "ref": "devenv-2.30.5", "repo": "nix", "type": "github" } @@ -463,11 +463,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1758663926, - "narHash": "sha256-6CFdj7Xs616t1W4jLDH7IohAAvl5Dyib3qEv/Uqw1rk=", + "lastModified": 1760958188, + "narHash": "sha256-2m1S4jl+GEDtlt2QqeHil8Ny456dcGSKJAM7q3j/BFU=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "170ff93c860b2a9868ed1e1102d4e52cb3d934e1", + "rev": "d6645c340ef7d821602fd2cd199e8d1eed10afbc", "type": "github" }, "original": { @@ -479,11 +479,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1758035966, - "narHash": "sha256-qqIJ3yxPiB0ZQTT9//nFGQYn8X/PBoJbofA7hRKZnmE=", + "lastModified": 1760524057, + "narHash": "sha256-EVAqOteLBFmd7pKkb0+FIUyzTF61VKi7YmvP1tw4nEw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8d4ddb19d03c65a36ad8d189d001dc32ffb0306b", + "rev": "544961dfcce86422ba200ed9a0b00dd4b1486ec5", "type": "github" }, "original": { @@ -510,11 +510,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1758427187, - "narHash": "sha256-pHpxZ/IyCwoTQPtFIAG2QaxuSm8jWzrzBGjwQZIttJc=", + "lastModified": 1760878510, + "narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "554be6495561ff07b6c724047bdd7e0716aa7b46", + "rev": "5e2a59a5b1a82f89f2c7e598302a9cacebb72a67", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 54d9710..b6034d8 100644 --- a/flake.nix +++ b/flake.nix @@ -81,7 +81,7 @@ profiles.system = { user = "root"; sshUser = "alejandro"; - path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos inputs.self.nixosConfigurations.node; + path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos inputs.self.nixosConfigurations.gospel; sshOpts = [ "-A" ]; }; }; diff --git a/homes/aarch64-linux/alejandro@pi4/default.nix b/homes/aarch64-linux/alejandro@pi4/default.nix index e1ad605..08f9e99 100644 --- a/homes/aarch64-linux/alejandro@pi4/default.nix +++ b/homes/aarch64-linux/alejandro@pi4/default.nix @@ -1,4 +1,4 @@ -{ ... }: +{ lib, ... }: { aa = { apps = { @@ -22,6 +22,6 @@ # misc utils without custom config programs = { - fzf.enable = true; + fzf.enable = lib.mkForce false; }; } diff --git a/modules/home/tools/git/default.nix b/modules/home/tools/git/default.nix index 393438b..2cc1d9f 100644 --- a/modules/home/tools/git/default.nix +++ b/modules/home/tools/git/default.nix @@ -36,35 +36,48 @@ in }; catppuccin.delta.enable = true; - programs.git = { - delta = { - enable = true; - options = { - line-numbers = true; - navigate = true; - }; - }; - + programs.delta = { enable = true; - userName = cfg.userName; - userEmail = cfg.userEmail; + enableGitIntegration = true; + options = { + line-numbers = true; + navigate = true; + }; + }; - aliases = { - # Prettier log - lol = "log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit --date=relative"; - # Find log and grab its hash - lof = '' - !${pkgs.git}/bin/git log --pretty=oneline \ - | ${pkgs.fzf}/bin/fzf --scheme history \ - | ${pkgs.gawk}/bin/awk '{print $1}' - ''; - # Push up a new branch with the same as local - pushup = "push -u origin HEAD"; + programs.git = { + enable = true; + settings = { + alias = { + # Prettier log + lol = "log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit --date=relative"; + # Find log and grab its hash + lof = '' + !${pkgs.git}/bin/git log --pretty=oneline \ + | ${pkgs.fzf}/bin/fzf --scheme history \ + | ${pkgs.gawk}/bin/awk '{print $1}' + ''; + # Push up a new branch with the same as local + pushup = "push -u origin HEAD"; + }; + + user = { + name = cfg.userName; + email = cfg.userEmail; + }; + + init = { + defaultBranch = "main"; + }; + + pull = { + rebase = true; + }; }; signing = { key = cfg.signingKey; - signByDefault = mkDefault true; + signByDefault = mkDefault false; }; ignores = [ @@ -83,16 +96,6 @@ in ".envrc" ".direnv" ]; - - extraConfig = { - init = { - defaultBranch = "main"; - }; - - pull = { - rebase = true; - }; - }; }; catppuccin.lazygit.enable = true; diff --git a/modules/nixos/nix/default.nix b/modules/nixos/nix/default.nix index 5c57368..3f02e2c 100644 --- a/modules/nixos/nix/default.nix +++ b/modules/nixos/nix/default.nix @@ -20,7 +20,7 @@ in enable = mkEnableOption "manage nix configuration."; package = mkOption { type = types.package; - default = pkgs.nixVersions.latest; + default = pkgs.nixVersions.nix_2_31; description = "Which nix package to use."; }; diff --git a/modules/nixos/services/mosquitto/default.nix b/modules/nixos/services/mosquitto/default.nix index eed3c7b..ab521a3 100644 --- a/modules/nixos/services/mosquitto/default.nix +++ b/modules/nixos/services/mosquitto/default.nix @@ -15,6 +15,7 @@ in hass_mqtt.file = ../../../../secrets/hass_mqtt.age; theengs_ble_mqtt.file = ../../../../secrets/theengs_ble_mqtt.age; teslamate_mqtt.file = ../../../../secrets/teslamate_mqtt.age; + zigbee2mqtt_mqtt.file = ../../../../secrets/zigbee2mqtt_mqtt.age; }; services.mosquitto = { @@ -41,6 +42,13 @@ in acl = [ "readwrite teslamate/#" ]; passwordFile = config.age.secrets.teslamate_mqtt.path; }; + zigbee2mqtt = { + acl = [ + "readwrite zigbee2mqtt/#" + "readwrite homeassistant/#" + ]; + passwordFile = config.age.secrets.zigbee2mqtt_mqtt.path; + }; }; } ]; diff --git a/modules/nixos/services/zigbee2mqtt/default.nix b/modules/nixos/services/zigbee2mqtt/default.nix new file mode 100644 index 0000000..664a7c9 --- /dev/null +++ b/modules/nixos/services/zigbee2mqtt/default.nix @@ -0,0 +1,75 @@ +{ + config, + lib, + namespace, + ... +}: +let + cfg = config.${namespace}.services.zigbee2mqtt; +in +{ + options.${namespace}.services.zigbee2mqtt = { + enable = lib.mkEnableOption "zigbee2mqtt"; + acmeCertName = lib.mkOption { + type = lib.types.str; + default = ""; + description = '' + If set to a non-empty string, forces SSL with the supplied acme + certificate. + ''; + }; + }; + + config = lib.mkIf cfg.enable { + age.secrets.zigbee2mqtt_creds = { + file = ../../../../secrets/zigbee2mqtt_creds.age; + path = "/var/lib/zigbee2mqtt/secret.yaml"; + owner = "zigbee2mqtt"; + group = "zigbee2mqtt"; + mode = "0400"; + }; + + services.zigbee2mqtt = { + enable = true; + settings = { + version = 4; + mqtt = { + base_topic = "zigbee2mqtt"; + server = "mqtt://192.168.113.13:1833"; + # TODO: Write secret.yaml file + user = "!secret.yaml user"; + password = "!secret.yaml password"; + }; + serial = { + port = "tcp://192.168.113.130:6638"; + adapter = "zstack"; + }; + advanced = { + channel = 11; + network_key = "GENERATE"; + pan_id = "GENERATE"; + ext_pan_id = "GENERATE"; + }; + frontend = { + enabled = true; + port = 8080; + }; + homeassistant = { + enabled = true; + }; + }; + }; + + services.nginx = { + enable = true; + recommendedProxySettings = true; + virtualHosts."zigbee2mqtt.kilonull.com" = { + locations."/".proxyPass = "http://127.0.0.1:8080"; + } + // lib.optionalAttrs (cfg.acmeCertName != "") { + forceSSL = true; + useACMEHost = cfg.acmeCertName; + }; + }; + }; +} diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 900bf64..2fc1e28 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -2,6 +2,8 @@ let # Remember to pass '--identity identities/me.txt` when using this key users.me = "age1yubikey1qdwgvfqrcqmyw56ux7azuvqr6f8nanszu27nztvxmn4utmplgxctzt90g25"; + tmp = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICJ7IsNxP/wa3X8isEp8Js7yVgk3gX2ud7EClvZClDpS"; + machines = { gospel = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGDzjXVoQEfO9JIcFbp56EvQ0oBdr9Cmhxp4z0ih+ZEZ"; node = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIETLBnc8kJokmFiA28BaSYpeE7flY1W0SM5C1pWv/tOv"; @@ -70,4 +72,14 @@ in machines.pi4 machines.gospel ]; + "zigbee2mqtt_mqtt.age".publicKeys = [ + users.me + tmp + machines.pi4 + ]; + "zigbee2mqtt_creds.age".publicKeys = [ + users.me + tmp + machines.node + ]; } diff --git a/secrets/zigbee2mqtt_creds.age b/secrets/zigbee2mqtt_creds.age new file mode 100644 index 0000000..28c9f6d --- /dev/null +++ b/secrets/zigbee2mqtt_creds.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> piv-p256 UIEGzg Ai9Ksp5u8wvOwiHy2wyH97mm6Pf0rcbuB4R8wotlG6xR +REDbwR5Kqc2Y10j9HnPlHEqOORVMnlhTH/JySz7nVDo +-> ssh-ed25519 PZKfOQ N2nxHXlO0ZvqbSQLVT1l0ivTxGgkMxsuuO7pMMHzyC8 +5fSbG09zq6VrFxW4lCQHczvYF8ldfPenl1uEbQZq1g8 +-> ssh-ed25519 Yk7ehg vtLVcIkOX3SwD64gm9Jlgg+pDpdR920/Aldck5v+oTk +J8n4fgLOZ8LA4CFuT3O8+U1b9d7RFlG3P87PMrX3aok +--- X/MHaeT+EReR45PXmvXG1p3bFIip2OBva4/X2/GRhxM +€ˆs aÜ)ŽŸdùã®OèöýT›8k7ù…ý§àâ ö h04V¹uûºB/‹U¿Óö5W“>‡Ÿ¸¼à©SäÂh©õØp 2§¹G5 hlÌl—ë \ No newline at end of file diff --git a/secrets/zigbee2mqtt_mqtt.age b/secrets/zigbee2mqtt_mqtt.age new file mode 100644 index 0000000000000000000000000000000000000000..35f4ac3e18ed65a2b5b4b8c5533779b00c90e8c3 GIT binary patch literal 447 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14$Sl(>Ffuh$2=#PzuS!>N%q#KK_73t2 zDDX{5%62R*3O07k@^H&4F$yp*GA@dAG;|9NPftoSbW5z@iZIsJjttUv(soMmb1O0P zsHpPKEbw>p%SdrdbT#m*@bpbF$@R<*Pb)D2*;QPep_`gwWNKQov~RqP*RY*rB*8W7}^ZIEqY?BY_)Wtf{~>T2p;9u}1v z=vivv>tf&;mK3U;8tUj~RO}sY7T}&4nq8*v5$T(aZd-|Igr~csLSCRxM1-qLvW10v zRa9D3S+ZYAh(}SBp<8~2levX&qFIJ>xwDIbWs-3*m#>Asi+5OhxMO&pafYi;L|U<# zzh9D%PkLEeUX+tdPDy6Ase5=(YKciUm#(g^LZo(Oc}{6za#^-fp;Mt*PPlepzOQ*$ za6ztNae+~KL4kL;Yei6@PkwMDS5CHMe|M0o;>UNXPuW*yP4Q%pO4^ZEz_ginFZ<@d Y3}FX^@1B?aYdZggP4?~v^E-N~0AMzhSO5S3 literal 0 HcmV?d00001 diff --git a/systems/x86_64-linux/carbon/default.nix b/systems/x86_64-linux/carbon/default.nix index 45727d7..12dfcc7 100644 --- a/systems/x86_64-linux/carbon/default.nix +++ b/systems/x86_64-linux/carbon/default.nix @@ -66,6 +66,7 @@ signal-desktop-bin ]; + programs.adb.enable = true; programs.light.enable = true; # This value determines the NixOS release from which the default diff --git a/systems/x86_64-linux/node/default.nix b/systems/x86_64-linux/node/default.nix index 26f5be6..19aaf97 100644 --- a/systems/x86_64-linux/node/default.nix +++ b/systems/x86_64-linux/node/default.nix @@ -62,6 +62,11 @@ acmeCertName = "kilonull.com"; }; + services.zigbee2mqtt = { + enable = true; + acmeCertName = "kilonull.com"; + }; + security.acme = { enable = true; domainName = "kilonull.com"; From 934bb345501fd9d1c2156d3c4af9b2f103d7584c Mon Sep 17 00:00:00 2001 From: alejandro-angulo Date: Sun, 30 Nov 2025 19:05:42 -0800 Subject: [PATCH 06/10] misc --- flake.lock | 161 ++++++++++-------- flake.nix | 2 +- modules/home/tools/git/default.nix | 10 +- .../nixos/services/homeassistant/default.nix | 24 +-- modules/nixos/services/mosquitto/default.nix | 2 + modules/nixos/services/nextcloud/default.nix | 2 +- .../nixos/services/zigbee2mqtt/default.nix | 15 +- modules/nixos/suites/utils/default.nix | 2 +- packages/catppuccin-swaync/default.nix | 6 +- 9 files changed, 126 insertions(+), 98 deletions(-) diff --git a/flake.lock b/flake.lock index 0d07390..ef2c255 100644 --- a/flake.lock +++ b/flake.lock @@ -12,11 +12,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1760836749, + "lastModified": 1762618334, "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", "owner": "ryantm", "repo": "agenix", - "rev": "2f0f812f69f3eb4140157fe15e12739adf82e32a", + "rev": "fcdea223397448d35d9b31f798479227e80183f6", "type": "github" }, "original": { @@ -31,7 +31,8 @@ "devenv" ], "flake-compat": [ - "devenv" + "devenv", + "flake-compat" ], "git-hooks": [ "devenv", @@ -43,11 +44,11 @@ ] }, "locked": { - "lastModified": 1752264895, - "narHash": "sha256-1zBPE/PNAkPNUsOWFET4J0cjlvziH8DOekesDmjND+w=", + "lastModified": 1760971495, + "narHash": "sha256-IwnNtbNVrlZIHh7h4Wz6VP0Furxg9Hh0ycighvL5cZc=", "owner": "cachix", "repo": "cachix", - "rev": "47053aef762f452e816e44eb9a23fbc3827b241a", + "rev": "c5bfd933d1033672f51a863c47303fc0e093c2d2", "type": "github" }, "original": { @@ -62,11 +63,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1760953099, - "narHash": "sha256-sOKx2YcHa+lWEvaEOIGqLN2WWk1Wf5z6KM02tdfhMtw=", + "lastModified": 1764325801, + "narHash": "sha256-LQ7tsrXs1wuB6KBwUctL3JlUsG/FWI2pCI6NkoO52dk=", "owner": "catppuccin", "repo": "nix", - "rev": "f5b21876888265d2fee7fb0640d1b66a1c1c6503", + "rev": "a696fed6b9b6aa89ef495842cdca3fc2a7cef0de", "type": "github" }, "original": { @@ -84,11 +85,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1756719547, - "narHash": "sha256-N9gBKUmjwRKPxAafXEk1EGadfk2qDZPBQp4vXWPHINQ=", + "lastModified": 1762286984, + "narHash": "sha256-9I2H9x5We6Pl+DBYHjR1s3UT8wgwcpAH03kn9CqtdQc=", "owner": "serokell", "repo": "deploy-rs", - "rev": "125ae9e3ecf62fb2c0fd4f2d894eb971f1ecaed2", + "rev": "9c870f63e28ec1e83305f7f6cb73c941e699f74f", "type": "github" }, "original": { @@ -109,11 +110,11 @@ ] }, "locked": { - "lastModified": 1761091275, - "narHash": "sha256-SIiugXvSuI2WFedt1NyDj8yHsSDntsO/JWKyEZ+mI50=", + "lastModified": 1764449550, + "narHash": "sha256-7ReZCvkQYKHX6gaQaNioROrpk6rPmIBwlRwWZKlfGvs=", "owner": "cachix", "repo": "devenv", - "rev": "a795c32dc826b51d12706f27fb344f966bb2b084", + "rev": "dfb58ac03bed07b93f629df55034bc50394d3971", "type": "github" }, "original": { @@ -141,11 +142,11 @@ "flake-compat_2": { "flake": false, "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "lastModified": 1761588595, + "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=", "owner": "edolstra", "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5", "type": "github" }, "original": { @@ -178,11 +179,11 @@ ] }, "locked": { - "lastModified": 1756770412, - "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", + "lastModified": 1760948891, + "narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "4524271976b625a4a605beefd893f270620fd751", + "rev": "864599284fc7c0ba6357ed89ed5e2cd5040f0c04", "type": "github" }, "original": { @@ -196,11 +197,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1748821116, - "narHash": "sha256-F82+gS044J1APL0n4hH50GYdPRv/5JWm34oCJYmVKdE=", + "lastModified": 1763759067, + "narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "49f0870db23e8c1ca0b5259734a02cd9e1e371a1", + "rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0", "type": "github" }, "original": { @@ -218,11 +219,11 @@ ] }, "locked": { - "lastModified": 1743550720, - "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", + "lastModified": 1763759067, + "narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "c621e8422220273271f52058f618c94e405bb0f5", + "rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0", "type": "github" }, "original": { @@ -299,11 +300,11 @@ ] }, "locked": { - "lastModified": 1758108966, - "narHash": "sha256-ytw7ROXaWZ7OfwHrQ9xvjpUWeGVm86pwnEd1QhzawIo=", + "lastModified": 1760663237, + "narHash": "sha256-BflA6U4AM1bzuRMR8QqzPXqh8sWVCNDzOdsxXEguJIc=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "54df955a695a84cd47d4a43e08e1feaf90b1fd9b", + "rev": "ca5b894d3e3e151ffc1db040b6ce4dcc75d31c37", "type": "github" }, "original": { @@ -341,11 +342,11 @@ ] }, "locked": { - "lastModified": 1761081701, - "narHash": "sha256-IwpfaKg5c/WWQiy8b5QGaVPMvoEQ2J6kpwRFdpVpBNQ=", + "lastModified": 1764544324, + "narHash": "sha256-GVBGjO7UsmzLrlOJV8NlKSxukHaHencrJqWkCA6FkqI=", "owner": "nix-community", "repo": "home-manager", - "rev": "9b4a2a7c4fbd75b422f00794af02d6edb4d9d315", + "rev": "e4e25a8c310fa45f2a8339c7972dc43d2845a612", "type": "github" }, "original": { @@ -371,16 +372,16 @@ ] }, "locked": { - "lastModified": 1748294338, - "narHash": "sha256-FVO01jdmUNArzBS7NmaktLdGA5qA3lUMJ4B7a05Iynw=", + "lastModified": 1754860581, + "narHash": "sha256-EM0IE63OHxXCOpDHXaTyHIOk2cNvMCGPqLt/IdtVxgk=", "owner": "NuschtOS", "repo": "ixx", - "rev": "cc5f390f7caf265461d4aab37e98d2292ebbdb85", + "rev": "babfe85a876162c4acc9ab6fb4483df88fa1f281", "type": "github" }, "original": { "owner": "NuschtOS", - "ref": "v0.0.8", + "ref": "v0.1.1", "repo": "ixx", "type": "github" } @@ -411,16 +412,16 @@ ] }, "locked": { - "lastModified": 1758763079, - "narHash": "sha256-Bx1A+lShhOWwMuy3uDzZQvYiBKBFcKwy6G6NEohhv6A=", + "lastModified": 1761648602, + "narHash": "sha256-H97KSB/luq/aGobKRuHahOvT1r7C03BgB6D5HBZsbN8=", "owner": "cachix", "repo": "nix", - "rev": "6f0140527c2b0346df4afad7497baa08decb929f", + "rev": "3e5644da6830ef65f0a2f7ec22830c46285bfff6", "type": "github" }, "original": { "owner": "cachix", - "ref": "devenv-2.30.5", + "ref": "devenv-2.30.6", "repo": "nix", "type": "github" } @@ -448,11 +449,11 @@ ] }, "locked": { - "lastModified": 1751903740, - "narHash": "sha256-PeSkNMvkpEvts+9DjFiop1iT2JuBpyknmBUs0Un0a4I=", + "lastModified": 1764234087, + "narHash": "sha256-NHF7QWa0ZPT8hsJrvijREW3+nifmF2rTXgS2v0tpcEA=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "032decf9db65efed428afd2fa39d80f7089085eb", + "rev": "032a1878682fafe829edfcf5fdfad635a2efe748", "type": "github" }, "original": { @@ -463,11 +464,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1760958188, - "narHash": "sha256-2m1S4jl+GEDtlt2QqeHil8Ny456dcGSKJAM7q3j/BFU=", + "lastModified": 1764440730, + "narHash": "sha256-ZlJTNLUKQRANlLDomuRWLBCH5792x+6XUJ4YdFRjtO4=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "d6645c340ef7d821602fd2cd199e8d1eed10afbc", + "rev": "9154f4569b6cdfd3c595851a6ba51bfaa472d9f3", "type": "github" }, "original": { @@ -479,11 +480,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1760524057, - "narHash": "sha256-EVAqOteLBFmd7pKkb0+FIUyzTF61VKi7YmvP1tw4nEw=", + "lastModified": 1763966396, + "narHash": "sha256-6eeL1YPcY1MV3DDStIDIdy/zZCDKgHdkCmsrLJFiZf0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "544961dfcce86422ba200ed9a0b00dd4b1486ec5", + "rev": "5ae3b07d8d6527c42f17c876e404993199144b6a", "type": "github" }, "original": { @@ -495,11 +496,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1748740939, - "narHash": "sha256-rQaysilft1aVMwF14xIdGS3sj1yHlI6oKQNBRTF40cc=", + "lastModified": 1761765539, + "narHash": "sha256-b0yj6kfvO8ApcSE+QmA6mUfu8IYG6/uU28OFn4PaC8M=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "656a64127e9d791a334452c6b6606d17539476e2", + "rev": "719359f4562934ae99f5443f20aa06c2ffff91fc", "type": "github" }, "original": { @@ -510,11 +511,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1760878510, - "narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=", + "lastModified": 1764242076, + "narHash": "sha256-sKoIWfnijJ0+9e4wRvIgm/HgE27bzwQxcEmo2J/gNpI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5e2a59a5b1a82f89f2c7e598302a9cacebb72a67", + "rev": "2fad6eac6077f03fe109c4d4eb171cf96791faa4", "type": "github" }, "original": { @@ -526,11 +527,27 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1748406211, - "narHash": "sha256-B3BsCRbc+x/d0WiG1f+qfSLUy+oiIfih54kalWBi+/M=", + "lastModified": 1764138170, + "narHash": "sha256-2bCmfCUZyi2yj9FFXYKwsDiaZmizN75cLhI/eWmf3tk=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "bb813de6d2241bcb1b5af2d3059f560c66329967", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { + "locked": { + "lastModified": 1763618868, + "narHash": "sha256-v5afmLjn/uyD9EQuPBn7nZuaZVV9r+JerayK/4wvdWA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3d1f29646e4b57ed468d60f9d286cde23a8d1707", + "rev": "a8d610af3f1a5fb71e23e08434d8d61a466fc942", "type": "github" }, "original": { @@ -543,17 +560,15 @@ "nixvim": { "inputs": { "flake-parts": "flake-parts_2", - "nixpkgs": [ - "nixpkgs" - ], + "nixpkgs": "nixpkgs_3", "nixvim": "nixvim_2" }, "locked": { - "lastModified": 1750264863, - "narHash": "sha256-AA+ORNUBYmeeODwkfqP/JG73B/rpMZjXnpikQ6KWkB4=", + "lastModified": 1764206843, + "narHash": "sha256-ieuOUoc2ZIKR6ZR8HnjnsX9k/3EJr6b/WQ3yZDaxDKg=", "ref": "main", - "rev": "2613c4d8dda028fedffda8f29e52b10cbd0ac13d", - "revCount": 50, + "rev": "926db427f465f44f454a3ac48216ec461b4a42e8", + "revCount": 52, "type": "git", "url": "https://git.alejandr0angul0.dev/alejandro-angulo/nixvim-config" }, @@ -566,16 +581,16 @@ "nixvim_2": { "inputs": { "flake-parts": "flake-parts_3", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_4", "nuschtosSearch": "nuschtosSearch", "systems": "systems_4" }, "locked": { - "lastModified": 1749200997, - "narHash": "sha256-In+NjXI8kfJpamTmtytt+rnBzQ213Y9KW55IXvAAK/4=", + "lastModified": 1764148348, + "narHash": "sha256-C9UobzCvMaLwNtRaFrt26TA/SkQtcDhJFmlVQ6DPHyA=", "owner": "nix-community", "repo": "nixvim", - "rev": "00524c7935f05606fd1b09e8700e9abcc4af7be8", + "rev": "7fe6951bf8c2719f437f74224adf3a2e875d6781", "type": "github" }, "original": { @@ -595,11 +610,11 @@ ] }, "locked": { - "lastModified": 1748298102, - "narHash": "sha256-PP11GVwUt7F4ZZi5A5+99isuq39C59CKc5u5yVisU/U=", + "lastModified": 1761730856, + "narHash": "sha256-t1i5p/vSWwueZSC0Z2BImxx3BjoUDNKyC2mk24krcMY=", "owner": "NuschtOS", "repo": "search", - "rev": "f8a1c221afb8b4c642ed11ac5ee6746b0fe1d32f", + "rev": "e29de6db0cb3182e9aee75a3b1fd1919d995d85b", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index b6034d8..0e5b829 100644 --- a/flake.nix +++ b/flake.nix @@ -26,7 +26,7 @@ nixos-hardware.url = "github:NixOS/nixos-hardware/master"; nixvim.url = "git+https://git.alejandr0angul0.dev/alejandro-angulo/nixvim-config?ref=main"; - nixvim.inputs.nixpkgs.follows = "nixpkgs"; + # nixvim.inputs.nixpkgs.follows = "nixpkgs"; devenv.url = "github:cachix/devenv"; devenv.inputs.nixpkgs.follows = "nixpkgs"; diff --git a/modules/home/tools/git/default.nix b/modules/home/tools/git/default.nix index 2cc1d9f..8c545c6 100644 --- a/modules/home/tools/git/default.nix +++ b/modules/home/tools/git/default.nix @@ -104,10 +104,12 @@ in settings = { quitOnTopLevelReturn = true; gui.nerdFontsVersion = "3"; - git.paging = { - colorArg = "always"; - pager = "${pkgs.delta}/bin/delta --dark --paging=never"; - }; + git.pagers = [ + { + colorArg = "always"; + pager = "${pkgs.delta}/bin/delta --dark --paging=never"; + } + ]; }; }; }; diff --git a/modules/nixos/services/homeassistant/default.nix b/modules/nixos/services/homeassistant/default.nix index 1b218d0..92e268b 100644 --- a/modules/nixos/services/homeassistant/default.nix +++ b/modules/nixos/services/homeassistant/default.nix @@ -49,6 +49,7 @@ in "smud" "cast" + "ecobee" "homekit_controller" "hue" "met" @@ -56,7 +57,9 @@ in "octoprint" "roborock" "shelly" + "smlight" "zeroconf" + "zha" ]; customComponents = with pkgs.home-assistant-custom-components; [ @@ -78,18 +81,17 @@ in services.nginx = { enable = true; - virtualHosts."hass.kilonull.com" = - { - locations."/" = { - recommendedProxySettings = true; - proxyWebsockets = true; - proxyPass = "http://127.0.0.1:${toString hass_cfg.config.http.server_port}"; - }; - } - // lib.optionalAttrs (cfg.acmeCertName != "") { - forceSSL = true; - useACMEHost = cfg.acmeCertName; + virtualHosts."hass.kilonull.com" = { + locations."/" = { + recommendedProxySettings = true; + proxyWebsockets = true; + proxyPass = "http://127.0.0.1:${toString hass_cfg.config.http.server_port}"; }; + } + // lib.optionalAttrs (cfg.acmeCertName != "") { + forceSSL = true; + useACMEHost = cfg.acmeCertName; + }; }; services.postgresql = { diff --git a/modules/nixos/services/mosquitto/default.nix b/modules/nixos/services/mosquitto/default.nix index ab521a3..7c4111e 100644 --- a/modules/nixos/services/mosquitto/default.nix +++ b/modules/nixos/services/mosquitto/default.nix @@ -27,6 +27,7 @@ in acl = [ "readwrite home/#" "readwrite homeassistant/#" + "readwrite zigbee2mqtt/#" "read teslamate/#" ]; passwordFile = config.age.secrets.hass_mqtt.path; @@ -44,6 +45,7 @@ in }; zigbee2mqtt = { acl = [ + # "readwrite" "home/#" "readwrite zigbee2mqtt/#" "readwrite homeassistant/#" ]; diff --git a/modules/nixos/services/nextcloud/default.nix b/modules/nixos/services/nextcloud/default.nix index 3d32b97..0c1b128 100644 --- a/modules/nixos/services/nextcloud/default.nix +++ b/modules/nixos/services/nextcloud/default.nix @@ -54,7 +54,7 @@ in services.nextcloud = { enable = true; - package = pkgs.nextcloud31; + package = pkgs.nextcloud32; hostName = "nextcloud.kilonull.com"; https = true; database.createLocally = true; diff --git a/modules/nixos/services/zigbee2mqtt/default.nix b/modules/nixos/services/zigbee2mqtt/default.nix index 664a7c9..33fbfc2 100644 --- a/modules/nixos/services/zigbee2mqtt/default.nix +++ b/modules/nixos/services/zigbee2mqtt/default.nix @@ -35,14 +35,17 @@ in version = 4; mqtt = { base_topic = "zigbee2mqtt"; - server = "mqtt://192.168.113.13:1833"; + server = "mqtt://192.168.113.42:1883"; # TODO: Write secret.yaml file user = "!secret.yaml user"; password = "!secret.yaml password"; }; serial = { - port = "tcp://192.168.113.130:6638"; - adapter = "zstack"; + port = "tcp://192.168.113.90:6638"; + baudrate = 115200; + adapter = "ember"; + disable_led = false; + advanced.transmit_power = 20; }; advanced = { channel = 11; @@ -64,7 +67,11 @@ in enable = true; recommendedProxySettings = true; virtualHosts."zigbee2mqtt.kilonull.com" = { - locations."/".proxyPass = "http://127.0.0.1:8080"; + locations."/" = { + recommendedProxySettings = true; + proxyWebsockets = true; + proxyPass = "http://127.0.0.1:8080"; + }; } // lib.optionalAttrs (cfg.acmeCertName != "") { forceSSL = true; diff --git a/modules/nixos/suites/utils/default.nix b/modules/nixos/suites/utils/default.nix index 76a3d1f..b587edc 100644 --- a/modules/nixos/suites/utils/default.nix +++ b/modules/nixos/suites/utils/default.nix @@ -22,7 +22,7 @@ in bind # for dig curl deploy-rs - du-dust + dust fd file gnupg diff --git a/packages/catppuccin-swaync/default.nix b/packages/catppuccin-swaync/default.nix index f1ef1b2..c6b7ff3 100644 --- a/packages/catppuccin-swaync/default.nix +++ b/packages/catppuccin-swaync/default.nix @@ -7,11 +7,11 @@ }: stdenv.mkDerivation rec { pname = "catppuccin-swaync"; - version = "1.0.0"; + version = "1.0.1"; src = fetchurl { - url = "https://github.com/catppuccin/swaync/releases/download/v${version}/${flavor}.css"; - hash = "sha256-Hie/vDt15nGCy4XWERGy1tUIecROw17GOoasT97kIfc="; + url = "https://github.com/catppuccin/swaync/releases/download/v${version}/catppuccin-${flavor}.css"; + hash = "sha256-EKTAKCU9HlxrrVjNhyMRq7WGfz8DM9IFPUIEGl3nHbo="; }; donBuild = true; From 3906603d51fcb1120b0be3c5c8cec8f08c56a566 Mon Sep 17 00:00:00 2001 From: alejandro-angulo Date: Sun, 30 Nov 2025 19:28:23 -0800 Subject: [PATCH 07/10] Disable self-hosted cache --- systems/aarch64-linux/pi4/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/aarch64-linux/pi4/default.nix b/systems/aarch64-linux/pi4/default.nix index 795f62b..573bd6e 100644 --- a/systems/aarch64-linux/pi4/default.nix +++ b/systems/aarch64-linux/pi4/default.nix @@ -24,7 +24,7 @@ aa = { nix.enable = true; - nix.useSelfhostedCache = true; + nix.useSelfhostedCache = false; services.tailscale = { enable = true; From 3cad488ee0d85427494a059ab8d46666eaf68737 Mon Sep 17 00:00:00 2001 From: alejandro-angulo Date: Wed, 3 Dec 2025 19:54:58 -0800 Subject: [PATCH 08/10] misc --- modules/nixos/services/homeassistant/default.nix | 1 + modules/nixos/services/zigbee2mqtt/default.nix | 4 +--- systems/x86_64-linux/carbon/default.nix | 12 ++++++++++-- systems/x86_64-linux/node/default.nix | 2 +- 4 files changed, 13 insertions(+), 6 deletions(-) diff --git a/modules/nixos/services/homeassistant/default.nix b/modules/nixos/services/homeassistant/default.nix index 92e268b..5a8ad26 100644 --- a/modules/nixos/services/homeassistant/default.nix +++ b/modules/nixos/services/homeassistant/default.nix @@ -76,6 +76,7 @@ in recorder.db_url = "postgresql://@/hass"; "automation ui" = "!include automations.yaml"; + "scene ui" = "!include scenes.yaml"; }; }; diff --git a/modules/nixos/services/zigbee2mqtt/default.nix b/modules/nixos/services/zigbee2mqtt/default.nix index 33fbfc2..b634850 100644 --- a/modules/nixos/services/zigbee2mqtt/default.nix +++ b/modules/nixos/services/zigbee2mqtt/default.nix @@ -49,9 +49,6 @@ in }; advanced = { channel = 11; - network_key = "GENERATE"; - pan_id = "GENERATE"; - ext_pan_id = "GENERATE"; }; frontend = { enabled = true; @@ -60,6 +57,7 @@ in homeassistant = { enabled = true; }; + availability.enabled = true; }; }; diff --git a/systems/x86_64-linux/carbon/default.nix b/systems/x86_64-linux/carbon/default.nix index 12dfcc7..248e9db 100644 --- a/systems/x86_64-linux/carbon/default.nix +++ b/systems/x86_64-linux/carbon/default.nix @@ -9,8 +9,8 @@ aa = { nix = { enable = true; - useSelfhostedCache = true; - remoteBuilder.client.enable = true; + useSelfhostedCache = false; + remoteBuilder.client.enable = false; }; archetypes.workstation.enable = true; @@ -27,6 +27,10 @@ system.zfs.enable = true; apps.yubikey.enable = true; + + user.extraGroups = [ + "dialout" + ]; }; networking = { @@ -65,6 +69,10 @@ vlc signal-desktop-bin ]; + environment.pathsToLink = [ + "/share/applications" + "/share/xdg-desktop-portal" + ]; programs.adb.enable = true; programs.light.enable = true; diff --git a/systems/x86_64-linux/node/default.nix b/systems/x86_64-linux/node/default.nix index 19aaf97..eed1849 100644 --- a/systems/x86_64-linux/node/default.nix +++ b/systems/x86_64-linux/node/default.nix @@ -17,7 +17,7 @@ aa = { nix.enable = true; - nix.useSelfhostedCache = true; + nix.useSelfhostedCache = false; services.tailscale = { enable = true; From 3b815a2bb70082d5fc6c686b76f045c79c57e480 Mon Sep 17 00:00:00 2001 From: alejandro-angulo Date: Wed, 3 Dec 2025 20:47:57 -0800 Subject: [PATCH 09/10] Fix deployments to ARM systems --- modules/nixos/suites/utils/default.nix | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/modules/nixos/suites/utils/default.nix b/modules/nixos/suites/utils/default.nix index b587edc..5ceb85d 100644 --- a/modules/nixos/suites/utils/default.nix +++ b/modules/nixos/suites/utils/default.nix @@ -16,8 +16,9 @@ in }; config = mkIf cfg.enable { - environment.systemPackages = - (with pkgs; [ + environment.systemPackages = ( + with pkgs; + [ bat bind # for dig curl @@ -34,12 +35,13 @@ in pre-commit progress python3 + ragenix ripgrep sqlite tcpdump usbutils wget - ]) - ++ [ inputs.agenix.packages.x86_64-linux.default ]; + ] + ); }; } From 5035064e57a319d41d1f5c5272266eaefe90b9cd Mon Sep 17 00:00:00 2001 From: alejandro-angulo Date: Wed, 3 Dec 2025 20:48:05 -0800 Subject: [PATCH 10/10] Update lockfile --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index ef2c255..f11552f 100644 --- a/flake.lock +++ b/flake.lock @@ -110,11 +110,11 @@ ] }, "locked": { - "lastModified": 1764449550, - "narHash": "sha256-7ReZCvkQYKHX6gaQaNioROrpk6rPmIBwlRwWZKlfGvs=", + "lastModified": 1764669403, + "narHash": "sha256-aJCOp0CV/9KIR2LTwSbZZN3j9Avg7umYyaqDFPoOVhI=", "owner": "cachix", "repo": "devenv", - "rev": "dfb58ac03bed07b93f629df55034bc50394d3971", + "rev": "3f2d25e7af748127da0571266054575dd8fec5ab", "type": "github" }, "original": { @@ -342,11 +342,11 @@ ] }, "locked": { - "lastModified": 1764544324, - "narHash": "sha256-GVBGjO7UsmzLrlOJV8NlKSxukHaHencrJqWkCA6FkqI=", + "lastModified": 1764788330, + "narHash": "sha256-hE/gXK+Z0j654T0tsW+KcndRqsgZXe8HyWchjBJgQpw=", "owner": "nix-community", "repo": "home-manager", - "rev": "e4e25a8c310fa45f2a8339c7972dc43d2845a612", + "rev": "fca4cba863e76c26cfe48e5903c2ff4bac2b2d5d", "type": "github" }, "original": { @@ -511,11 +511,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1764242076, - "narHash": "sha256-sKoIWfnijJ0+9e4wRvIgm/HgE27bzwQxcEmo2J/gNpI=", + "lastModified": 1764667669, + "narHash": "sha256-7WUCZfmqLAssbDqwg9cUDAXrSoXN79eEEq17qhTNM/Y=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2fad6eac6077f03fe109c4d4eb171cf96791faa4", + "rev": "418468ac9527e799809c900eda37cbff999199b6", "type": "github" }, "original": {