diff --git a/.git-age.yaml b/.git-age.yaml deleted file mode 100644 index 1ed230c..0000000 --- a/.git-age.yaml +++ /dev/null @@ -1,6 +0,0 @@ -machines/dragonwell/dex.nix: - - age105cm5awxxegyrqthh4vhnxzr0tdy86q8uq52wkkjacfkutp2vprqwseak7 -machines/dragonwell/tandoor.nix: - - age105cm5awxxegyrqthh4vhnxzr0tdy86q8uq52wkkjacfkutp2vprqwseak7 -machines/dragonwell/vikunja.nix: - - age105cm5awxxegyrqthh4vhnxzr0tdy86q8uq52wkkjacfkutp2vprqwseak7 diff --git a/.gitattributes b/.gitattributes deleted file mode 100644 index c835046..0000000 --- a/.gitattributes +++ /dev/null @@ -1,4 +0,0 @@ -# Age -machines/dragonwell/dex.nix filter=git-age diff=git-age -machines/dragonwell/vikunja.nix filter=git-age diff=git-age -machines/dragonwell/tandoor.nix filter=git-age diff=git-age diff --git a/apps/nogui/default.nix b/apps/nogui/default.nix index 61355e1..4b3266f 100644 --- a/apps/nogui/default.nix +++ b/apps/nogui/default.nix @@ -33,12 +33,9 @@ ripgrep usql - jolheiser.gist - jolheiser.git-age tclip templ jolheiser.helix - jolheiser.tmpl jolheiser.gomodinit jolheiser.cfg jolheiser.spectre @@ -49,11 +46,5 @@ stateVersion = "22.11"; }; - xdg.configFile."gist/config.yaml".text = '' - username: jolheiser - password-file: ${config.age.secrets.gist-pw.path} - domain: gist.jojodev.com - ''; - programs.home-manager.enable = true; } diff --git a/apps/nogui/nushell.nix b/apps/nogui/nushell.nix index b9fcbce..660bc92 100644 --- a/apps/nogui/nushell.nix +++ b/apps/nogui/nushell.nix @@ -20,8 +20,6 @@ use ${nu_scripts}/share/nu_scripts/custom-completions/glow/glow-completions.nu * use ${nu_scripts}/share/nu_scripts/custom-completions/just/just-completions.nu * use ${nu_scripts}/share/nu_scripts/custom-completions/nix/nix-completions.nu * - - use ${jolheiser.tmpl}/share/tmpl-completions.nu * ''; extraEnv = '' $env.GOPATH = "${config.xdg.dataHome}/go" diff --git a/flake.lock b/flake.lock index a88e5d4..6ceed49 100644 --- a/flake.lock +++ b/flake.lock @@ -1,25 +1,5 @@ { "nodes": { - "actual": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1733551027, - "narHash": "sha256-nlZWAq4E+cNywCuxpnYcyky4fd+8bVzJHrS2e8QTtVs=", - "ref": "refs/heads/main", - "rev": "7f041ffa7f204deb0fc2e36908b382804f2e108d", - "revCount": 18, - "type": "git", - "url": "https://git.xeno.science/xenofem/actual-nix.git" - }, - "original": { - "type": "git", - "url": "https://git.xeno.science/xenofem/actual-nix.git" - } - }, "agenix": { "inputs": { "darwin": [], @@ -43,49 +23,6 @@ "type": "github" } }, - "bennet": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1720757073, - "narHash": "sha256-URQMDzLPs5kckDybkMqrKZN2aqt0GvAt9V5NT4kpMW8=", - "ref": "refs/heads/main", - "rev": "bd7287aa0d13d5af400f659963655c004789715f", - "revCount": 4, - "type": "git", - "url": "https://git.jolheiser.com/bennet.git" - }, - "original": { - "type": "git", - "url": "https://git.jolheiser.com/bennet.git" - } - }, - "blog": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ], - "templ": [ - "templ" - ] - }, - "locked": { - "lastModified": 1728680363, - "narHash": "sha256-0aJJUY0lKcDnkqLBESOFju8cgIYYrt8jvMwyFTii2Do=", - "ref": "refs/heads/main", - "rev": "03a7f37a42affd2689a72340b8d86731bfd3d28c", - "revCount": 26, - "type": "git", - "url": "https://git.jolheiser.com/blog.git" - }, - "original": { - "type": "git", - "url": "https://git.jolheiser.com/blog.git" - } - }, "cfg": { "inputs": { "nixpkgs": [ @@ -106,26 +43,6 @@ "url": "https://git.jolheiser.com/cfg.git" } }, - "cfg-playground": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1729196682, - "narHash": "sha256-hLbpRWxw12/mqapicSSq1wxvNFfEKwEiXhzykpXWUDI=", - "ref": "refs/heads/main", - "rev": "63c7a6886570f332ebb187e5a5580302603b4c4e", - "revCount": 6, - "type": "git", - "url": "https://git.jolheiser.com/cfg-playground.git" - }, - "original": { - "type": "git", - "url": "https://git.jolheiser.com/cfg-playground.git" - } - }, "flake-parts": { "inputs": { "nixpkgs-lib": [ @@ -216,24 +133,6 @@ "type": "github" } }, - "foundry": { - "inputs": { - "nixpkgs": "nixpkgs" - }, - "locked": { - "lastModified": 1726638033, - "narHash": "sha256-+hcgXKG5t/9wibv+8T9WASWItBAWb0tsmcZXH+VIYdw=", - "owner": "reckenrode", - "repo": "nix-foundryvtt", - "rev": "bf07f9dd916a97a091f8ab83358c2f295bea9ec9", - "type": "github" - }, - "original": { - "owner": "reckenrode", - "repo": "nix-foundryvtt", - "type": "github" - } - }, "ghostty": { "inputs": { "nixpkgs-stable": "nixpkgs-stable", @@ -254,69 +153,6 @@ "url": "ssh://git@github.com/ghostty-org/ghostty" } }, - "gist": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1702606669, - "narHash": "sha256-98XV0l+3b4sFhxdepNoanqDzhgnEen5ZcrGtqoRp4cA=", - "ref": "refs/heads/main", - "rev": "f393c786b0ad826866d7e30d1abbd3bea319cb34", - "revCount": 3, - "type": "git", - "url": "https://git.jolheiser.com/gist.git" - }, - "original": { - "type": "git", - "url": "https://git.jolheiser.com/gist.git" - } - }, - "git-age": { - "inputs": { - "flake-utils": [ - "flake-utils" - ], - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1699932777, - "narHash": "sha256-2OF5y1geNjHd+As+FwFEYlHxQoQ+LHxizlhSx9u/4dA=", - "ref": "refs/heads/main", - "rev": "72352f984f8c4b2291bcb2c08b7b6dc718619a38", - "revCount": 9, - "type": "git", - "url": "https://git.jolheiser.com/git-age.git" - }, - "original": { - "type": "git", - "url": "https://git.jolheiser.com/git-age.git" - } - }, - "git-pr": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1724120640, - "narHash": "sha256-LLWEHAraOLKFYZ2zbR3O+AhC2PCUNsXP1xcGoDj80xs=", - "ref": "refs/heads/main", - "rev": "6a3bca9ad87b454427940c82f3d111f2eb2c256e", - "revCount": 10, - "type": "git", - "url": "https://git.jolheiser.com/git-pr-nix.git" - }, - "original": { - "type": "git", - "url": "https://git.jolheiser.com/git-pr-nix.git" - } - }, "gitignore": { "inputs": { "nixpkgs": [ @@ -338,29 +174,6 @@ "type": "github" } }, - "golink": { - "inputs": { - "flake-utils": [ - "flake-utils" - ], - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1733941744, - "narHash": "sha256-cIml0ewF5j2cQySLHkMmV1rl7cVH8wuoPFeFDCARi1A=", - "owner": "tailscale", - "repo": "golink", - "rev": "d55b2a3302777d7f9943863644d4c84ecacb31b7", - "type": "github" - }, - "original": { - "owner": "tailscale", - "repo": "golink", - "type": "github" - } - }, "gomod2nix": { "inputs": { "flake-utils": "flake-utils_3", @@ -447,7 +260,7 @@ }, "jolheiser": { "inputs": { - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs" }, "locked": { "lastModified": 1730336659, @@ -465,7 +278,7 @@ }, "jolheiser_2": { "inputs": { - "nixpkgs": "nixpkgs_3" + "nixpkgs": "nixpkgs_2" }, "locked": { "lastModified": 1730336541, @@ -499,16 +312,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1726447378, - "narHash": "sha256-2yV8nmYE1p9lfmLHhOCbYwQC/W8WYfGQABoGzJOb1JQ=", + "lastModified": 1729880355, + "narHash": "sha256-RP+OQ6koQQLX5nw0NmcDrzvGL8HDLnyXt/jHhL1jwjM=", "owner": "nixos", "repo": "nixpkgs", - "rev": "086b448a5d54fd117f4dc2dee55c9f0ff461bdc1", + "rev": "18536bf04cd71abd345f9579158841376fdd0c5a", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-24.05", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } @@ -563,11 +376,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1729880355, - "narHash": "sha256-RP+OQ6koQQLX5nw0NmcDrzvGL8HDLnyXt/jHhL1jwjM=", + "lastModified": 1734119587, + "narHash": "sha256-AKU6qqskl0yf2+JdRdD0cfxX4b9x3KKV5RqA6wijmPM=", "owner": "nixos", "repo": "nixpkgs", - "rev": "18536bf04cd71abd345f9579158841376fdd0c5a", + "rev": "3566ab7246670a43abd2ffa913cc62dad9cdf7d5", "type": "github" }, "original": { @@ -594,22 +407,6 @@ } }, "nixpkgs_5": { - "locked": { - "lastModified": 1734119587, - "narHash": "sha256-AKU6qqskl0yf2+JdRdD0cfxX4b9x3KKV5RqA6wijmPM=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "3566ab7246670a43abd2ffa913cc62dad9cdf7d5", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_6": { "locked": { "lastModified": 1728888510, "narHash": "sha256-nsNdSldaAyu6PE3YUA+YQLqUDJh+gRbBooMMekZJwvI=", @@ -627,7 +424,7 @@ "nur": { "inputs": { "flake-parts": "flake-parts", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_4", "treefmt-nix": "treefmt-nix" }, "locked": { @@ -644,59 +441,22 @@ "type": "github" } }, - "resume": { - "inputs": { - "flake-utils": [ - "flake-utils" - ], - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1697473034, - "narHash": "sha256-hIee7tDD9B1LRNUE7Cy11M1yrbbHHa6pnUZes3CGKxg=", - "ref": "refs/heads/main", - "rev": "94593c9097917604f006a4dcd5e7b10a1b42beb1", - "revCount": 6, - "type": "git", - "url": "https://git.jolheiser.com/resume.git" - }, - "original": { - "type": "git", - "url": "https://git.jolheiser.com/resume.git" - } - }, "root": { "inputs": { - "actual": "actual", "agenix": "agenix", - "bennet": "bennet", - "blog": "blog", "cfg": "cfg", - "cfg-playground": "cfg-playground", "flake-utils": "flake-utils", - "foundry": "foundry", "ghostty": "ghostty", - "gist": "gist", - "git-age": "git-age", - "git-pr": "git-pr", - "golink": "golink", "gomodinit": "gomodinit", "helix": "helix", "home-manager": "home-manager", "jolheiser": "jolheiser_2", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_3", "nur": "nur", - "resume": "resume", "spectre": "spectre", - "tailproxy": "tailproxy", "tclip": "tclip", - "templ": "templ", - "tmpl": "tmpl", - "ugit": "ugit", - "website": "website" + "templ": "templ" } }, "spectre": { @@ -779,113 +539,9 @@ "type": "github" } }, - "tailproxy": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1729968274, - "narHash": "sha256-YmGgnwar4mGwK3+TRO3W7wvFHcIZ21JEm95PRroJpzQ=", - "ref": "refs/heads/main", - "rev": "a7b8073ad6a2eaf931415b41156e0bba9e51fc76", - "revCount": 9, - "type": "git", - "url": "https://git.jolheiser.com/tailproxy.git" - }, - "original": { - "type": "git", - "url": "https://git.jolheiser.com/tailproxy.git" - } - }, - "tailwind-ctp": { - "inputs": { - "nixpkgs": [ - "ugit", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1695841587, - "narHash": "sha256-fgiZd5AV+hi8Ne0bJ8SyAx5nppseW4aXJQEIDSr0VNA=", - "ref": "refs/heads/main", - "rev": "afca060674b20e0ccecde2d6fe88c887790219a5", - "revCount": 1, - "type": "git", - "url": "https://git.jolheiser.com/tailwind-ctp" - }, - "original": { - "type": "git", - "url": "https://git.jolheiser.com/tailwind-ctp" - } - }, - "tailwind-ctp-lsp": { - "inputs": { - "nixpkgs": [ - "ugit", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1699401590, - "narHash": "sha256-nx8ExuBRUux9eXSUgkWp1LJMvA3dmA76+2xggZjHTU0=", - "ref": "refs/heads/master", - "rev": "b321333ad08bf21db242f246b10ad4a50b8fc8a0", - "revCount": 848, - "type": "git", - "url": "https://git.jolheiser.com/tailwind-ctp-intellisense" - }, - "original": { - "type": "git", - "url": "https://git.jolheiser.com/tailwind-ctp-intellisense" - } - }, - "tailwind-ctp-lsp_2": { - "inputs": { - "nixpkgs": [ - "website", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1699401590, - "narHash": "sha256-nx8ExuBRUux9eXSUgkWp1LJMvA3dmA76+2xggZjHTU0=", - "ref": "refs/heads/master", - "rev": "b321333ad08bf21db242f246b10ad4a50b8fc8a0", - "revCount": 848, - "type": "git", - "url": "https://git.jojodev.com/jolheiser/tailwind-ctp-intellisense" - }, - "original": { - "type": "git", - "url": "https://git.jojodev.com/jolheiser/tailwind-ctp-intellisense" - } - }, - "tailwind-ctp_2": { - "inputs": { - "nixpkgs": [ - "website", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1695841587, - "narHash": "sha256-fgiZd5AV+hi8Ne0bJ8SyAx5nppseW4aXJQEIDSr0VNA=", - "ref": "refs/heads/main", - "rev": "afca060674b20e0ccecde2d6fe88c887790219a5", - "revCount": 1, - "type": "git", - "url": "https://git.jojodev.com/jolheiser/tailwind-ctp" - }, - "original": { - "type": "git", - "url": "https://git.jojodev.com/jolheiser/tailwind-ctp" - } - }, "tclip": { "inputs": { - "nixpkgs": "nixpkgs_6", + "nixpkgs": "nixpkgs_5", "utils": [ "flake-utils" ] @@ -927,26 +583,6 @@ "type": "github" } }, - "tmpl": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1707601935, - "narHash": "sha256-SX1AT7onZVSEgkE0Egl1bDnHffWROCo8jrRMcDS6ELQ=", - "ref": "refs/heads/main", - "rev": "c828078874c9897a8aa10b3f8d5602684f23f0f9", - "revCount": 36, - "type": "git", - "url": "https://git.jolheiser.com/tmpl.git" - }, - "original": { - "type": "git", - "url": "https://git.jolheiser.com/tmpl.git" - } - }, "treefmt-nix": { "inputs": { "nixpkgs": [ @@ -968,56 +604,6 @@ "type": "github" } }, - "ugit": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ], - "tailwind-ctp": "tailwind-ctp", - "tailwind-ctp-lsp": "tailwind-ctp-lsp" - }, - "locked": { - "lastModified": 1729739080, - "narHash": "sha256-Ps6Wo2oSK/yRd/hfxUqh+PLfXw5AcQtC2nRZ3vnBJYs=", - "ref": "refs/heads/main", - "rev": "0f4b6ec93640a2a2aa265434e7af69360b713a04", - "revCount": 66, - "type": "git", - "url": "https://git.jolheiser.com/ugit.git" - }, - "original": { - "type": "git", - "url": "https://git.jolheiser.com/ugit.git" - } - }, - "website": { - "inputs": { - "flake-utils": [ - "flake-utils" - ], - "nixpkgs": [ - "nixpkgs" - ], - "tailwind-ctp": "tailwind-ctp_2", - "tailwind-ctp-lsp": "tailwind-ctp-lsp_2", - "templ": [ - "templ" - ] - }, - "locked": { - "lastModified": 1729007532, - "narHash": "sha256-WTCnUYILllGWI6MuG/a3Fp5HVASqPdpPbVNr7k49ZMQ=", - "ref": "refs/heads/main", - "rev": "82a84f0c62b0a1dddf9e7e7e464680a002439dcb", - "revCount": 18, - "type": "git", - "url": "https://git.jolheiser.com/jolheiser.com.git" - }, - "original": { - "type": "git", - "url": "https://git.jolheiser.com/jolheiser.com.git" - } - }, "xc": { "inputs": { "flake-utils": "flake-utils_4", diff --git a/flake.nix b/flake.nix index 0b7b2e8..9f21ca6 100644 --- a/flake.nix +++ b/flake.nix @@ -24,47 +24,6 @@ url = "git+https://git.jolheiser.com/helix.drv.git"; inputs.nixpkgs.follows = "jolheiser/nixpkgs"; }; - website = { - url = "git+https://git.jolheiser.com/jolheiser.com.git"; - inputs = { - nixpkgs.follows = "nixpkgs"; - flake-utils.follows = "flake-utils"; - templ.follows = "templ"; - }; - }; - resume = { - url = "git+https://git.jolheiser.com/resume.git"; - inputs = { - nixpkgs.follows = "nixpkgs"; - flake-utils.follows = "flake-utils"; - }; - }; - blog = { - url = "git+https://git.jolheiser.com/blog.git"; - inputs = { - nixpkgs.follows = "nixpkgs"; - templ.follows = "templ"; - }; - }; - bennet = { - url = "git+https://git.jolheiser.com/bennet.git"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - git-age = { - url = "git+https://git.jolheiser.com/git-age.git"; - inputs = { - nixpkgs.follows = "nixpkgs"; - flake-utils.follows = "flake-utils"; - }; - }; - gist = { - url = "git+https://git.jolheiser.com/gist.git"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - tmpl = { - url = "git+https://git.jolheiser.com/tmpl.git"; - inputs.nixpkgs.follows = "nixpkgs"; - }; gomodinit = { url = "git+https://git.jolheiser.com/gomodinit.git"; inputs.nixpkgs.follows = "nixpkgs"; @@ -73,51 +32,21 @@ url = "git+https://git.jolheiser.com/cfg.git"; inputs.nixpkgs.follows = "nixpkgs"; }; - cfg-playground = { - url = "git+https://git.jolheiser.com/cfg-playground.git"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - ugit = { - url = "git+https://git.jolheiser.com/ugit.git"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - git-pr = { - url = "git+https://git.jolheiser.com/git-pr-nix.git"; - inputs.nixpkgs.follows = "nixpkgs"; - }; spectre = { url = "git+https://git.jolheiser.com/go-spectre.git"; inputs.nixpkgs.follows = "nixpkgs"; }; - # Other flakes - golink = { - url = "github:tailscale/golink"; - inputs = { - nixpkgs.follows = "nixpkgs"; - flake-utils.follows = "flake-utils"; - }; - }; - tclip = { - url = "github:tailscale-dev/tclip"; - inputs = { - #nixpkgs.follows = "nixpkgs"; - utils.follows = "flake-utils"; - }; - }; templ = { url = "github:a-h/templ"; inputs.nixpkgs.follows = "nixpkgs"; }; - actual = { - url = "git+https://git.xeno.science/xenofem/actual-nix.git"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - foundry.url = "github:reckenrode/nix-foundryvtt"; - tailproxy = { - url = "git+https://git.jolheiser.com/tailproxy.git"; - inputs.nixpkgs.follows = "nixpkgs"; - }; ghostty.url = "git+ssh://git@github.com/ghostty-org/ghostty"; + tclip = { + url = "github:tailscale-dev/tclip"; + inputs = { + utils.follows = "flake-utils"; + }; + }; }; outputs = @@ -137,22 +66,14 @@ }; jolheiser = { helix = inputs.helix.packages.${prev.system}.default; - website = inputs.website.packages.${prev.system}.default; - resume = inputs.resume.packages.${prev.system}.default; - git-age = inputs.git-age.packages.${prev.system}.default; - gist = inputs.gist.packages.${prev.system}.default; - tmpl = inputs.tmpl.packages.${prev.system}.default; gomodinit = inputs.gomodinit.packages.${prev.system}.default; cfg = inputs.cfg.packages.${prev.system}.default; - blog = inputs.blog.packages.${prev.system}.default; - bennet = inputs.bennet.packages.${prev.system}.default; spectre = inputs.spectre.packages.${prev.system}.default; }; tclip = inputs.tclip.packages.${prev.system}.tclip; templ = inputs.templ.packages.${prev.system}.templ; ghostty = inputs.ghostty.packages.${prev.system}.ghostty; }) - inputs.golink.overlay ]; pkgs = import inputs.nixpkgs { inherit overlays system; @@ -163,8 +84,6 @@ { config = { nixpkgs.overlays = overlays; - # TODO Remove when apps are updated - nixpkgs.config.permittedInsecurePackages = [ "electron-25.9.0" ]; }; }; username = "jolheiser"; @@ -181,21 +100,20 @@ secretsMountPoint = "/home/${username}/.agenix/agenix.d"; identityPaths = [ "/home/${username}/.ssh/nix" ]; secrets = { - ssh-config.file = ./secrets/shared/ssh-config.age; + ssh-config.file = ./secrets/ssh-config.age; spotify = { - file = ./secrets/shared/spotify.age; + file = ./secrets/spotify.age; path = "/home/${username}/.cache/spotify-player/credentials.json"; }; - irc-pw.file = ./secrets/shared/irc-pw.age; - gist-pw.file = ./secrets/shared/gist-pw.age; - spectre-pw.file = ./secrets/shared/spectre-pw.age; - git-send-email.file = ./secrets/shared/git-send-email.age; + irc-pw.file = ./secrets/irc-pw.age; + spectre-pw.file = ./secrets/spectre-pw.age; + git-send-email.file = ./secrets/git-send-email.age; cachix = { - file = ./secrets/shared/cachix.age; + file = ./secrets/cachix.age; path = "/home/${username}/.config/cachix/cachix.dhall"; }; llm = { - file = ./secrets/shared/llm.age; + file = ./secrets/llm.age; path = "/home/${username}/.config/io.datasette.llm/keys.json"; }; }; @@ -229,38 +147,6 @@ ]; }; }; - colmena = { - meta = { - nixpkgs = import nixpkgs { inherit overlays system; }; - specialArgs = { - inherit inputs; - }; - }; - dragonwell = - { pkgs, ... }: - { - imports = [ - inputs.agenix.nixosModules.default - inputs.golink.nixosModules.default - inputs.ugit.nixosModules.default - inputs.git-pr.nixosModules.default - inputs.actual.nixosModules.default - inputs.tailproxy.nixosModules.default - inputs.foundry.nixosModules.foundryvtt - inputs.cfg-playground.nixosModules.default - ./modules/tclip - ./modules/miniserve - ./machines/dragonwell - ]; - services.tclip.package = inputs.tclip.packages.${pkgs.system}.tclipd; - }; - gunpowder = { - imports = [ - inputs.tailproxy.nixosModules.default - ./machines/gunpowder - ]; - }; - }; nixConfig = { extra-substitutors = [ "https://jolheiser.cachix.org" ]; extra-trusted-public-keys = [ @@ -270,7 +156,6 @@ devShells.${system}.default = pkgs.mkShell { nativeBuildInputs = [ agenix.packages.${system}.agenix - pkgs.colmena ]; }; }; diff --git a/justfile b/justfile index 24bc254..75be876 100644 --- a/justfile +++ b/justfile @@ -20,11 +20,6 @@ hm: boot *args: @just rebuild boot {{args}} -# Run colmena for remote deploy -colmena node: - @git add . - @nix run nixpkgs#colmena -- apply --on {{node}} - # Update the flake update-flake: @nix flake update diff --git a/machines/dragonwell/actual.nix b/machines/dragonwell/actual.nix deleted file mode 100644 index e09d275..0000000 --- a/machines/dragonwell/actual.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ - services = { - actual = { - enable = true; - hostname = "127.0.0.1"; - port = 5006; - }; - tailproxy.actualbudget = { - enable = true; - hostname = "actualbudget"; - port = 5006; - authKey = "tskey-auth-kC3B2nznCk11CNTRL-G5QvPvrNWrcHcbQxh2XCrcCz3qe2jUrsh"; # One-time key - }; - }; -} diff --git a/machines/dragonwell/caddy.nix b/machines/dragonwell/caddy.nix deleted file mode 100644 index 2ef0c23..0000000 --- a/machines/dragonwell/caddy.nix +++ /dev/null @@ -1,85 +0,0 @@ -{ pkgs, ... }: -let - modules = import ./go.nix; -in -{ - services.caddy = { - enable = true; - virtualHosts = { - "jolheiser.com" = { - extraConfig = '' - handle_path /.well-known/webfinger { - header Content-Type application/jrd+json - respond ${ - builtins.toJSON { - subject = "acct:john@jolheiser.com"; - links = [ - { - rel = "http://openid.net/specs/connect/1.0/issuer"; - href = "https://auth.jolheiser.com"; - } - ]; - } - } - } - handle_path /bennet* { - root * ${pkgs.jolheiser.bennet} - file_server - } - handle /resume* { - root * ${pkgs.jolheiser.resume} - rewrite /resume /resume.pdf - file_server - } - handle { - root * ${pkgs.jolheiser.website} - file_server - } - ''; - serverAliases = [ "www.jolheiser.com" ]; - }; - "blog.jolheiser.com" = { - extraConfig = '' - root * ${pkgs.jolheiser.blog} - file_server - ''; - }; - "go.jolheiser.com" = { - extraConfig = '' - header Content-Type text/html - ${modules} - respond /* ` - - - - Redirecting to https://pkg.go.dev/go.jolheiser.com{path} - ` - ''; - }; - "git.jolheiser.com".extraConfig = '' - reverse_proxy localhost:8449 - ''; - "pr.jolheiser.com".extraConfig = '' - reverse_proxy localhost:7449 - ''; - "social.jolheiser.com".extraConfig = '' - reverse_proxy localhost:4686 - ''; - "auth.jolheiser.com".extraConfig = '' - reverse_proxy localhost:2884 - ''; - "todo.jolheiser.com".extraConfig = '' - reverse_proxy localhost:8636 - ''; - "recipes.jolheiser.com".extraConfig = '' - reverse_proxy localhost:3663 - ''; - "irc.jolheiser.com".extraConfig = '' - reverse_proxy localhost:7658 - ''; - "dnd.jolheiser.com".extraConfig = '' - reverse_proxy localhost:30000 - ''; - }; - }; -} diff --git a/machines/dragonwell/cfg.nix b/machines/dragonwell/cfg.nix deleted file mode 100644 index 9e87a2d..0000000 --- a/machines/dragonwell/cfg.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ - services.cfg-playground = { - enable = true; - verbose = true; - auth-key = "tskey-auth-ksTZtpeU1i11CNTRL-HmmWuAFifG3xxy8UDr1yG3UdjiYJ3mtGe"; # One-time key - }; -} diff --git a/machines/dragonwell/default.nix b/machines/dragonwell/default.nix deleted file mode 100644 index 825c922..0000000 --- a/machines/dragonwell/default.nix +++ /dev/null @@ -1,61 +0,0 @@ -let - username = "jolheiser"; - key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+uhnfFLhlyfGGsksSxh5IIY6gnIMryeQ2EiM979kZa"; -in -{ - imports = [ - # ./actual.nix - ./caddy.nix - ./cfg.nix - ./dex.nix - ./foundry.nix - ./git-pr.nix - ./golink.nix - ./gotosocial.nix - ./miniserve.nix - ./pubserve.nix - ./restic.nix - ./soju.nix - ./tandoor.nix - ./tclip.nix - ./ugit.nix - ./vikunja.nix - ./hardware.nix - ]; - - boot.tmp.cleanOnBoot = true; - zramSwap.enable = true; - - networking = { - hostName = "dragonwell"; - - firewall = { - enable = true; - allowedTCPPorts = [ - 80 - 443 - 6697 - ]; - }; - }; - - services = { - openssh.enable = true; - tailscale.enable = true; - }; - - users.users = { - "${username}" = { - extraGroups = [ - "wheel" - "docker" - "storage" - ]; - isNormalUser = true; - openssh.authorizedKeys.keys = [ key ]; - }; - "root".openssh.authorizedKeys.keys = [ key ]; - }; - - system.stateVersion = "22.11"; -} diff --git a/machines/dragonwell/dex.nix b/machines/dragonwell/dex.nix deleted file mode 100644 index 744c263..0000000 Binary files a/machines/dragonwell/dex.nix and /dev/null differ diff --git a/machines/dragonwell/foundry.nix b/machines/dragonwell/foundry.nix deleted file mode 100644 index ca0ea9a..0000000 --- a/machines/dragonwell/foundry.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ inputs, pkgs, ... }: -{ - services.foundryvtt = { - enable = true; - hostName = "dnd.jolheiser.com"; - minifyStaticFiles = true; - proxyPort = 443; - proxySSL = true; - upnp = false; - package = inputs.foundry.packages.${pkgs.system}.foundryvtt_12; - }; -} diff --git a/machines/dragonwell/git-pr.nix b/machines/dragonwell/git-pr.nix deleted file mode 100644 index bcb7b50..0000000 --- a/machines/dragonwell/git-pr.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ - services.git-pr = { - enable = true; - openFirewall = true; - url = "pr.jolheiser.com"; - admins = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJXoiWcPkL5kUAqJfMxnPM/ND4qJ4kKShDhXdqnYv2ZB" ]; - sshPort = 7448; - enableWeb = true; - webPort = 7449; - theme = "catppuccin-mocha"; - timeFormat = "01/02/2006 at 03:04:05PM"; - repos = [ - { - id = "ugit"; - cloneAddr = "https://git.jolheiser.com/ugit.git"; - desc = "Minimal git service"; - } - { - id = "git-pr-nix"; - cloneAddr = "https://git.jolheiser.com/git-pr-nix.git"; - desc = "Nix flake, package, and module for git-pr"; - } - ]; - }; -} diff --git a/machines/dragonwell/go.nix b/machines/dragonwell/go.nix deleted file mode 100644 index fe1f7cf..0000000 --- a/machines/dragonwell/go.nix +++ /dev/null @@ -1,22 +0,0 @@ -let - modules = [ - { - name = "hcaptcha"; - repo = "gitea.com/jolheiser/hcaptcha"; - } - { - name = "pwn"; - repo = "gitea.com/jolheiser/pwn"; - } - ]; -in -builtins.concatStringsSep "\n" ( - builtins.map (module: '' - respond /${module.name}* ` - - - - Redirecting to https://pkg.go.dev/go.jolheiser.com/${module.name} - ` - '') modules -) diff --git a/machines/dragonwell/golink.nix b/machines/dragonwell/golink.nix deleted file mode 100644 index 9e65524..0000000 --- a/machines/dragonwell/golink.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ pkgs, ... }: -{ - services.golink = { - enable = true; - tailscaleAuthKeyFile = pkgs.writeText "tskey" "tskey-auth-kGaKxz5CNTRL-nvyRLm7J38B37QZ2gCDM8BqtwyC6zJUh7"; # One-time key - }; -} diff --git a/machines/dragonwell/gotosocial.nix b/machines/dragonwell/gotosocial.nix deleted file mode 100644 index e7a909f..0000000 --- a/machines/dragonwell/gotosocial.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ - services.gotosocial = { - enable = true; - settings = { - application-name = "jolheiser GtS"; - host = "social.jolheiser.com"; - port = 4686; - accounts-registration-open = false; - landing-page-user = "jolheiser"; - }; - }; -} diff --git a/machines/dragonwell/hardware.nix b/machines/dragonwell/hardware.nix deleted file mode 100644 index 8ec4311..0000000 --- a/machines/dragonwell/hardware.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ modulesPath, ... }: -{ - imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - boot.loader.grub.device = "/dev/sda"; - boot.initrd.availableKernelModules = [ - "ata_piix" - "uhci_hcd" - "xen_blkfront" - "vmw_pvscsi" - ]; - boot.initrd.kernelModules = [ "nvme" ]; - fileSystems."/" = { - device = "/dev/sda1"; - fsType = "ext4"; - }; -} diff --git a/machines/dragonwell/miniserve.nix b/machines/dragonwell/miniserve.nix deleted file mode 100644 index 8905b13..0000000 --- a/machines/dragonwell/miniserve.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ - services = { - miniserve = { - enable = true; - port = 3453; - showHidden = true; - uploadFiles = ""; - mkdir = true; - overwriteFiles = true; - enableTar = true; - enableTarGz = true; - enableZip = true; - dirsFirst = true; - title = "Files"; - hideThemeSelector = true; - hideVersionFooter = true; - readme = true; - }; - tailproxy.miniserve = { - enable = true; - hostname = "files"; - port = 3453; - authKey = "tskey-auth-kNNZJXfSDb11CNTRL-DsdZPygdA7Lrye5WJjnr6LGNffgzo3PUH"; # One-time key - }; - }; -} diff --git a/machines/dragonwell/pubserve.nix b/machines/dragonwell/pubserve.nix deleted file mode 100644 index ed05fc5..0000000 --- a/machines/dragonwell/pubserve.nix +++ /dev/null @@ -1,68 +0,0 @@ -{ pkgs, lib, ... }: -let - user = "pubserve"; - path = "/var/lib/pubserve"; -in -{ - users.users.${user} = { - group = user; - home = path; - createHome = true; - isSystemUser = true; - isNormalUser = false; - - }; - users.groups.${user} = { }; - - systemd.services = - let - commonArgs = [ - "-i '127.0.0.1'" - "-H" - "-D" - "-F" - "--hide-theme-selector" - "--readme" - path - ]; - in - { - pubserve = { - description = "Miniserve Public File Server"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - ExecStart = "${pkgs.miniserve}/bin/miniserve -t 'PubServe' -p 3454 ${lib.concatStringsSep " " commonArgs}"; - Restart = "on-failure"; - User = user; - Group = user; - }; - }; - privserve = { - description = "Miniserve Public File Server (Admin)"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - ExecStart = "${pkgs.miniserve}/bin/miniserve -u -U -o -t 'PrivServe' -p 3455 ${lib.concatStringsSep " " commonArgs}"; - Restart = "on-failure"; - User = user; - Group = user; - }; - }; - }; - services.tailproxy = { - pubserve = { - enable = true; - hostname = "pubserve"; - funnel = true; - port = 3454; - authKey = "tskey-auth-kJrnknpMsL11CNTRL-ot1kkasErR2cLZZmfuKYR2b9za7fCzVR"; # One-time key - }; - privserve = { - enable = true; - hostname = "privserve"; - port = 3455; - authKey = "tskey-auth-kKFv865ykk11CNTRL-dfmxUREHP5evuuMsfPy55ehXECXrLF1N7"; # One-time key - }; - }; -} diff --git a/machines/dragonwell/restic.nix b/machines/dragonwell/restic.nix deleted file mode 100644 index 26e0254..0000000 --- a/machines/dragonwell/restic.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ config, ... }: -{ - age.secrets = { - restic-env.file = ../../secrets/personal/restic-env.age; - restic-pass.file = ../../secrets/personal/restic-pass.age; - restic-repo.file = ../../secrets/personal/restic-repo.age; - }; - services.restic.backups.dragonwell = { - initialize = true; - environmentFile = config.age.secrets.restic-env.path; - passwordFile = config.age.secrets.restic-pass.path; - repositoryFile = config.age.secrets.restic-repo.path; - paths = [ - "/var/lib/ugit/repos" - "/var/lib/miniserve" - "/var/lib/foundryvtt/Data" - "/var/lib/foundryvtt/Config" - ]; - pruneOpts = [ - "--keep-daily 7" - "--keep-weekly 2" - "--keep-monthly 2" - ]; - timerConfig = { - OnCalendar = "daily"; - Persistent = true; - }; - }; -} diff --git a/machines/dragonwell/soju.nix b/machines/dragonwell/soju.nix deleted file mode 100644 index 6f5e86c..0000000 --- a/machines/dragonwell/soju.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ lib, ... }: -let - baseCertPath = "/var/lib/acme/irc.jolheiser.com"; -in -{ - security.acme = { - acceptTerms = true; - email = "irc@jolheiser.com"; - certs."irc.jolheiser.com" = { - listenHTTP = ":7658"; - postRun = "systemctl reload soju"; - group = "soju"; - }; - }; - services.soju = { - enable = true; - tlsCertificate = "${baseCertPath}/fullchain.pem"; - tlsCertificateKey = "${baseCertPath}/key.pem"; - }; - systemd.services.soju.serviceConfig = { - DynamicUser = lib.mkForce false; - User = "soju"; - Group = "soju"; - ReadOnlyPaths = baseCertPath; - }; - users = { - users.soju = { - isSystemUser = true; - group = "soju"; - }; - groups.soju = { }; - }; -} diff --git a/machines/dragonwell/tandoor.nix b/machines/dragonwell/tandoor.nix deleted file mode 100644 index efc4061..0000000 Binary files a/machines/dragonwell/tandoor.nix and /dev/null differ diff --git a/machines/dragonwell/tclip.nix b/machines/dragonwell/tclip.nix deleted file mode 100644 index db4dcd8..0000000 --- a/machines/dragonwell/tclip.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ - services.tclip = { - enable = true; - hostname = "paste"; - useFunnel = true; - hideFunnelUsers = true; - authKey = "tskey-auth-k1VerP4gam11CNTRL-89rpeDcfTdJqkF9AECWmdJLVgo1jQcSAB"; # One-time key - }; -} diff --git a/machines/dragonwell/ugit.nix b/machines/dragonwell/ugit.nix deleted file mode 100644 index c7ef77e..0000000 --- a/machines/dragonwell/ugit.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ - services.ugit = { - enable = true; - openFirewall = true; - authorizedKeys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJXoiWcPkL5kUAqJfMxnPM/ND4qJ4kKShDhXdqnYv2ZB" - ]; - tsAuthKey = "tskey-auth-kRUJE7zxH621CNTRL-Td29STXSrtTUHdacaKaYtTD82uyDXZj7"; # One-time key - config = { - ssh.clone-url = "ugit@git.jolheiser.com"; - http.clone-url = "https://git.jolheiser.com"; - log.json = true; - profile = { - username = "jolheiser"; - email = "ugit@jolheiser.com"; - links = [ - "Github,https://github.com/jolheiser" - "Gitea,https://gitea.com/jolheiser" - "JoJoDev,https://git.jojodev.com/jolheiser" - "Fediverse,https://social.jolheiser.com/@jolheiser" - ]; - }; - tailscale = { - enable = true; - hostname = "git"; - }; - }; - }; -} diff --git a/machines/dragonwell/vikunja.nix b/machines/dragonwell/vikunja.nix deleted file mode 100644 index 045a521..0000000 Binary files a/machines/dragonwell/vikunja.nix and /dev/null differ diff --git a/modules/miniserve/default.nix b/modules/miniserve/default.nix deleted file mode 100644 index 9b6fcf6..0000000 --- a/modules/miniserve/default.nix +++ /dev/null @@ -1,438 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: - -let - cfg = config.services.miniserve; - inherit (lib) - mkEnableOption - mkOption - mkIf - types - optionalString - concatMapStringsSep - concatStringsSep - ; -in -{ - options.services.miniserve = { - enable = mkEnableOption "miniserve service"; - - package = mkOption { - type = types.package; - description = "miniserve package to use"; - default = pkgs.miniserve; - }; - - user = mkOption { - type = types.str; - default = "miniserve"; - description = "User account for miniserve service"; - }; - - group = mkOption { - type = types.str; - default = "miniserve"; - description = "Group for miniserve service"; - }; - - path = mkOption { - type = types.str; - default = "/var/lib/miniserve"; - description = "Which path to serve"; - }; - - port = mkOption { - type = types.port; - default = 8080; - description = "Port to use"; - }; - - interfaces = mkOption { - type = types.listOf types.str; - default = [ "127.0.0.1" ]; - description = "Interface to listen on"; - }; - - verbose = mkOption { - type = types.bool; - default = false; - description = "Be verbose, includes emitting access logs"; - }; - - indexFile = mkOption { - type = types.nullOr types.str; - default = null; - description = '' - The name of a directory index file to serve, like "index.html" - - Normally, when miniserve serves a directory, it creates a listing for that directory. However, if a directory - contains this file, miniserve will serve that file instead. - ''; - }; - - spa = mkOption { - type = types.bool; - default = false; - description = '' - Activate SPA (Single Page Application) mode - - This will cause the file given by --index to be served for all non-existing file paths. In effect, this will serve - the index file whenever a 404 would otherwise occur in order to allow the SPA router to handle the request instead. - ''; - }; - - prettyUrls = mkOption { - type = types.bool; - default = false; - description = '' - Activate Pretty URLs mode - - This will cause the server to serve the equivalent `.html` file indicated by the path. - - `/about` will try to find `about.html` and serve it. - ''; - }; - - auth = mkOption { - type = types.nullOr types.str; - default = null; - description = '' - Set authentication - - Currently supported formats: - username:password, username:sha256:hash, username:sha512:hash - (e.g. joe:123, joe:sha256:a665a45920422f9d417e4867efdc4fb8a04a1f3fff1fa07e998e86f7f7a27ae3) - ''; - }; - - authFile = mkOption { - type = types.nullOr types.path; - default = null; - description = '' - Read authentication values from a file - - Example file content: - - joe:123 - bob:sha256:a665a45920422f9d417e4867efdc4fb8a04a1f3fff1fa07e998e86f7f7a27ae3 - bill: - ''; - }; - - routePrefix = mkOption { - type = types.nullOr types.str; - default = null; - description = "Use a specific route prefix"; - }; - - randomRoute = mkOption { - type = types.bool; - default = false; - description = "Generate a random 6-hexdigit route"; - }; - - hideSymlinks = mkOption { - type = types.bool; - default = false; - description = "Hide symlinks in listing and prevent them from being followed"; - }; - - showHidden = mkOption { - type = types.bool; - default = false; - description = "Show hidden files"; - }; - - sortingMethod = mkOption { - type = types.enum [ - "name" - "size" - "date" - ]; - default = "name"; - description = '' - Default sorting method for file list - - Possible values: - - name: Sort by name - - size: Sort by size - - date: Sort by last modification date (natural sort: follows alphanumerical order) - ''; - }; - - sortingOrder = mkOption { - type = types.enum [ - "asc" - "desc" - ]; - default = "desc"; - description = '' - Default sorting order for file list - - Possible values: - - asc: Ascending order - - desc: Descending order - ''; - }; - - colorScheme = mkOption { - type = types.enum [ - "squirrel" - "archlinux" - "zenburn" - "monokai" - ]; - default = "squirrel"; - description = '' - Default color scheme - - Possible values: squirrel, archlinux, zenburn, monokai - ''; - }; - - colorSchemeDark = mkOption { - type = types.enum [ - "squirrel" - "archlinux" - "zenburn" - "monokai" - ]; - default = "archlinux"; - description = '' - Default color scheme - - Possible values: squirrel, archlinux, zenburn, monokai - ''; - }; - - qrcode = mkOption { - type = types.bool; - default = false; - description = "Enable QR code display"; - }; - - uploadFiles = mkOption { - type = types.nullOr types.str; - default = null; - description = "Enable file uploading (and optionally specify for which directory)"; - }; - - mkdir = mkOption { - type = types.bool; - default = false; - description = "Enable creating directories"; - }; - - mediaType = mkOption { - type = types.nullOr ( - types.enum [ - "image" - "audio" - "video" - ] - ); - default = null; - description = '' - Specify uploadable media types - - Possible values: image, audio, video - ''; - }; - - rawMediaType = mkOption { - type = types.nullOr types.str; - default = null; - description = "Directly specify the uploadable media type expression"; - }; - - overwriteFiles = mkOption { - type = types.bool; - default = false; - description = "Enable overriding existing files during file upload"; - }; - - enableTar = mkOption { - type = types.bool; - default = false; - description = "Enable uncompressed tar archive generation"; - }; - - enableTarGz = mkOption { - type = types.bool; - default = false; - description = "Enable gz-compressed tar archive generation"; - }; - - enableZip = mkOption { - type = types.bool; - default = false; - description = '' - Enable zip archive generation - - WARNING: Zipping large directories can result in out-of-memory exception because zip generation is done in memory - and cannot be sent on the fly - ''; - }; - - compressResponse = mkOption { - type = types.bool; - default = false; - description = '' - Compress response - - WARNING: Enabling this option may slow down transfers due to CPU overhead, so it is disabled by default. - - Only enable this option if you know that your users have slow connections or if you want to minimize your server's bandwidth usage. - ''; - }; - - dirsFirst = mkOption { - type = types.bool; - default = false; - description = "List directories first"; - }; - - title = mkOption { - type = types.nullOr types.str; - default = null; - description = "Shown instead of host in page title and heading"; - }; - - headers = mkOption { - type = types.listOf types.str; - default = [ ]; - description = '' - Inserts custom headers into the responses. Specify each header as a 'Header:Value' pair. - This parameter can be used multiple times to add multiple headers. - - Example: - --header "Header1:Value1" --header "Header2:Value2" - (If a header is already set or previously inserted, it will not be overwritten.) - ''; - }; - - showSymlinkInfo = mkOption { - type = types.bool; - default = false; - description = "Visualize symlinks in directory listing"; - }; - - hideVersionFooter = mkOption { - type = types.bool; - default = false; - description = "Hide version footer"; - }; - - hideThemeSelector = mkOption { - type = types.bool; - default = false; - description = "Hide theme selector"; - }; - - showWgetFooter = mkOption { - type = types.bool; - default = false; - description = "If enabled, display a wget command to recursively download the current directory"; - }; - - tlsCert = mkOption { - type = types.nullOr types.path; - default = null; - description = "TLS certificate to use"; - }; - - tlsKey = mkOption { - type = types.nullOr types.path; - default = null; - description = "TLS private key to use"; - }; - - readme = mkOption { - type = types.bool; - default = false; - description = "Enable README.md rendering in directories"; - }; - - disableIndexing = mkOption { - type = types.bool; - default = false; - description = '' - Disable indexing - - This will prevent directory listings from being generated and return an error instead. - ''; - }; - }; - - config = mkIf cfg.enable { - systemd.services.miniserve = { - description = "Miniserve File Server"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - ExecStart = - let - args = [ - (optionalString cfg.verbose "-v") - (optionalString (cfg.indexFile != null) "--index '${cfg.indexFile}'") - (optionalString cfg.spa "--spa") - (optionalString cfg.prettyUrls "--pretty-urls") - "-p ${toString cfg.port}" - (concatMapStringsSep " " (i: "-i ${i}") cfg.interfaces) - (optionalString (cfg.auth != null) "-a '${cfg.auth}'") - (optionalString (cfg.authFile != null) "--auth-file ${cfg.authFile}") - (optionalString (cfg.routePrefix != null) "--route-prefix '${cfg.routePrefix}'") - (optionalString cfg.randomRoute "--random-route") - (optionalString cfg.hideSymlinks "-P") - (optionalString cfg.showHidden "-H") - "-S ${cfg.sortingMethod}" - "-O ${cfg.sortingOrder}" - "-c ${cfg.colorScheme}" - "-d ${cfg.colorSchemeDark}" - (optionalString cfg.qrcode "-q") - (optionalString (cfg.uploadFiles != null) ( - if (cfg.uploadFiles != "") then "-u '${cfg.uploadFiles}'" else "-u" - )) - (optionalString cfg.mkdir "-U") - (optionalString (cfg.mediaType != null) "-m ${cfg.mediaType}") - (optionalString (cfg.rawMediaType != null) "-M '${cfg.rawMediaType}'") - (optionalString cfg.overwriteFiles "-o") - (optionalString cfg.enableTar "-r") - (optionalString cfg.enableTarGz "-g") - (optionalString cfg.enableZip "-z") - (optionalString cfg.compressResponse "-C") - (optionalString cfg.dirsFirst "-D") - (optionalString (cfg.title != null) "-t '${cfg.title}'") - (concatMapStringsSep " " (h: "--header '${h}'") cfg.headers) - (optionalString cfg.showSymlinkInfo "-l") - (optionalString cfg.hideVersionFooter "-F") - (optionalString cfg.hideThemeSelector "--hide-theme-selector") - (optionalString cfg.showWgetFooter "-W") - (optionalString (cfg.tlsCert != null) "--tls-cert ${cfg.tlsCert}") - (optionalString (cfg.tlsKey != null) "--tls-key ${cfg.tlsKey}") - (optionalString cfg.readme "--readme") - (optionalString cfg.disableIndexing "-I") - cfg.path - ]; - in - "${pkgs.miniserve}/bin/miniserve ${concatStringsSep " " args}"; - Restart = "on-failure"; - User = cfg.user; - Group = cfg.group; - }; - }; - - users.users.${cfg.user} = { - group = cfg.group; - home = cfg.path; - createHome = true; - isSystemUser = true; - isNormalUser = false; - }; - users.groups.${cfg.group} = { }; - }; -} diff --git a/modules/tclip/default.nix b/modules/tclip/default.nix deleted file mode 100644 index c8c6876..0000000 --- a/modules/tclip/default.nix +++ /dev/null @@ -1,108 +0,0 @@ -{ config, lib, ... }: -let - cfg = config.services.tclip; -in -{ - options.services.tclip = { - enable = lib.mkEnableOption "tclip service"; - - hostname = lib.mkOption { - type = lib.types.str; - default = "paste"; - description = "The hostname to use on your tailnet"; - }; - - dataLocation = lib.mkOption { - type = lib.types.str; - default = "/var/lib/tclip"; - description = "Where program data is stored"; - }; - - tsnetVerbose = lib.mkOption { - type = lib.types.bool; - default = false; - description = "Log verbosely to stderr"; - }; - - useFunnel = lib.mkOption { - type = lib.types.bool; - default = false; - description = "Expose pastes with tailscale funnel"; - }; - - hideFunnelUsers = lib.mkOption { - type = lib.types.bool; - default = false; - description = "Hide usernamd/image on funnel"; - }; - - httpPort = lib.mkOption { - type = lib.types.nullOr lib.types.port; - default = null; - description = "Expose pastes on an HTTP server at the given port"; - }; - - controlURL = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - description = "Custom control server (e.g. headscale)"; - }; - - disableHTTPS = lib.mkOption { - type = lib.types.bool; - default = false; - description = "Disable serving on HTTPS"; - }; - - package = lib.mkOption { - type = lib.types.package; - description = "The tclip package to use"; - }; - - authKey = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - description = "Tailscale auth key"; - }; - }; - - config = lib.mkIf cfg.enable { - systemd.services.tclip = { - description = "tclip Service"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - - serviceConfig = { - ExecStart = - let - args = - lib.optionals (cfg.httpPort != null) [ "--http-port=${cfg.httpPort}" ] - ++ lib.optionals (cfg.controlURL != null) [ "--control-url=${cfg.controlURL}" ] - ++ [ - (lib.optionalString cfg.disableHTTPS "--disable-https") - "--hostname=${cfg.hostname}" - "--data-location=${cfg.dataLocation}" - (lib.optionalString cfg.tsnetVerbose "--tsnet-verbose") - (lib.optionalString cfg.useFunnel "--use-funnel") - (lib.optionalString cfg.hideFunnelUsers "--hide-funnel-users") - ]; - in - "${cfg.package}/bin/tclipd ${lib.concatStringsSep " " args}"; - Restart = "always"; - User = "tclip"; - Group = "tclip"; - Environment = [ "TS_AUTHKEY=${cfg.authKey}" ]; - }; - }; - - # Create user and group - users.users.tclip = { - isSystemUser = true; - group = "tclip"; - home = cfg.dataLocation; - createHome = true; - }; - - users.groups.tclip = { }; - }; -} diff --git a/secrets/shared/cachix.age b/secrets/cachix.age similarity index 100% rename from secrets/shared/cachix.age rename to secrets/cachix.age diff --git a/secrets/shared/git-send-email.age b/secrets/git-send-email.age similarity index 100% rename from secrets/shared/git-send-email.age rename to secrets/git-send-email.age diff --git a/secrets/shared/irc-pw.age b/secrets/irc-pw.age similarity index 100% rename from secrets/shared/irc-pw.age rename to secrets/irc-pw.age diff --git a/secrets/shared/llm.age b/secrets/llm.age similarity index 100% rename from secrets/shared/llm.age rename to secrets/llm.age diff --git a/secrets/personal/dex-tailscale.age b/secrets/personal/dex-tailscale.age deleted file mode 100644 index 126c2e8..0000000 --- a/secrets/personal/dex-tailscale.age +++ /dev/null @@ -1,8 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 E8j6/g QWZGgeu5+89wRzWH31D1GdNuhrNyyKsKqv/b4Kkyn2s -3vYwTYDVOMyiNeE+NtNPyplmGiknjyTQvln2DRxUPg0 --> ssh-ed25519 f31uNA NVB2C1IjxvB25uA+PdB9lmNgmPQ16wSRl8lS0Wp4Tzg -Fe7BCcnb+1HzJ43Iq+YtHCI/i2m7TT5xO1rZwb9yZ70 ---- 4Fmm3sQzE/funn3yI79REu1SVRzgUMQ1r8bUaNgVYZE -΍ -,F/~ŔTDِۨt`)9+xy~+ \ No newline at end of file diff --git a/secrets/personal/dex-tandoor.age b/secrets/personal/dex-tandoor.age deleted file mode 100644 index 764061e..0000000 --- a/secrets/personal/dex-tandoor.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 E8j6/g npvjWOaLtdQ8shF6rkXfUlXXf1MAe/pvPBPIPY9R1XY -gO6lr8kHN7fOQb5NXaybFqhghx5VqcK0LaHCVvlsdvs --> ssh-ed25519 f31uNA qrbvpL4AuM1wPSR2Qc9VKSpO4Ho0WgpmOIThWvotBCQ -Q1oMS4SAxzqb1vQffM4dpsnlXP1M2fZ5nYYIpyB9uoA ---- ESb6mxdTZnHs053UowTuWZRn+W+QlOeVM8/kL1VWSgw - HDݭD֢wokGEJ-_up!!B \ No newline at end of file diff --git a/secrets/personal/dex-vikunja.age b/secrets/personal/dex-vikunja.age deleted file mode 100644 index fdcdfa1..0000000 --- a/secrets/personal/dex-vikunja.age +++ /dev/null @@ -1,8 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 E8j6/g rUc81FjzuShzhp/3we9dQPPAqIPEoKAagCF9K0/S9lw -0mv/S6RCEosLF1aWvb/2+oPdQEfTHraOqVI8v3PMcrI --> ssh-ed25519 f31uNA C3OusAWxSswFYZxr26XtuB5EpJUzkxcP0US+F4SZFlc -L/soUr5i+7+RyZ8mMUI6AOfTXdWzqO+a9OFLHGw28SI ---- rVDcNMV2dVpwhNiIx964+sw6ak5lcZzaeGASLlVNac8 -&sE -H'/S|%8ӛԧ@Z:2j1 5p. \ No newline at end of file diff --git a/secrets/personal/dex.age b/secrets/personal/dex.age deleted file mode 100644 index afde76e..0000000 Binary files a/secrets/personal/dex.age and /dev/null differ diff --git a/secrets/personal/restic-env.age b/secrets/personal/restic-env.age deleted file mode 100644 index 8ca40dc..0000000 Binary files a/secrets/personal/restic-env.age and /dev/null differ diff --git a/secrets/personal/restic-pass.age b/secrets/personal/restic-pass.age deleted file mode 100644 index 1a2664a..0000000 --- a/secrets/personal/restic-pass.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 E8j6/g c3mP+3muM3Nk+CR8X2GRdVDgc88Y5FHblV7EzxaYF08 -dVEE+rQ6Y7ki9Uyr+8B3xYRZtO9VeGWwFboasp5ycqg --> ssh-ed25519 f31uNA Xq8QkBgX9mpIkenoJQCt+hyg/AVf/kwkVMJnOxqEARM -tkte19pOr+Lb2lk1BVQibsC8d8k38oKwllx6cySVtt0 ---- geKlgkUKw/FYhJNqGSZmXoTSTfRQR+dlz7fq5WzL7SU -l,ٗWL4VEb6Y8 \ No newline at end of file diff --git a/secrets/personal/restic-repo.age b/secrets/personal/restic-repo.age deleted file mode 100644 index 08d2997..0000000 --- a/secrets/personal/restic-repo.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 E8j6/g vLXo/gyZOwGUJyLHIqcrpCmvLmbFpgrFHBRLmqzyiwg -ha7V1vSM3r5Y0PQyeNL01wqqvSuMOWfwbdZjJSMpzhk --> ssh-ed25519 f31uNA NGUshv3FTRw4kARWfLgSqp2EbLvPnm638rKAULFLZlY -3owquk+she5gB+cjdpPYdIFlz+RtA25RbwxIGftD6BI ---- MZfK5Wquy6pyOWuQdRYa9y46X8lD1ndOeXqkImvIDpM -e7kUWsm7ߨ㗛Dd\(1ܪdj$$N^Јi.b*}(2$%B[5So1A徱+#c \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 4f4156f..d6546bf 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -3,51 +3,20 @@ let matcha = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILZxjkZLj/9xvmg1enK+B7k8qf6Px0j4kTZ2caQfYmB1"; genmaicha = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKhyzwMV0eoS8RSAcUvLkPhbXoR9/06cLoBmUVyb9DTw"; sencha = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJurjAMu4IXgpBwgUP0QvE2ySE5/Orn/yflkdWVvy6Am"; - dragonwell = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN32Cwxer2AOGvEqSqXSPp49gj1VtR7G2XmPnmXj6o53"; all = [ jolheiser matcha genmaicha sencha - dragonwell ]; in { - "shared/cachix.age".publicKeys = all; - "shared/ssh-config.age".publicKeys = all; - "shared/spotify.age".publicKeys = all; - "shared/irc-pw.age".publicKeys = all; - "shared/gist-pw.age".publicKeys = all; - "shared/git-send-email.age".publicKeys = all; - "shared/llm.age".publicKeys = all; - "shared/spectre-pw.age".publicKeys = [ jolheiser ]; - "personal/restic-env.age".publicKeys = [ - jolheiser - dragonwell - ]; - "personal/restic-pass.age".publicKeys = [ - jolheiser - dragonwell - ]; - "personal/restic-repo.age".publicKeys = [ - jolheiser - dragonwell - ]; - "personal/dex.age".publicKeys = [ - jolheiser - dragonwell - ]; - "personal/dex-tailscale.age".publicKeys = [ - jolheiser - dragonwell - ]; - "personal/dex-vikunja.age".publicKeys = [ - jolheiser - dragonwell - ]; - "personal/dex-tandoor.age".publicKeys = [ - jolheiser - dragonwell - ]; + "cachix.age".publicKeys = all; + "ssh-config.age".publicKeys = all; + "spotify.age".publicKeys = all; + "irc-pw.age".publicKeys = all; + "git-send-email.age".publicKeys = all; + "llm.age".publicKeys = all; + "spectre-pw.age".publicKeys = [ jolheiser ]; } diff --git a/secrets/shared/gist-pw.age b/secrets/shared/gist-pw.age deleted file mode 100644 index 6e0eb99..0000000 Binary files a/secrets/shared/gist-pw.age and /dev/null differ diff --git a/secrets/shared/spectre-pw.age b/secrets/spectre-pw.age similarity index 100% rename from secrets/shared/spectre-pw.age rename to secrets/spectre-pw.age diff --git a/secrets/shared/spotify.age b/secrets/spotify.age similarity index 100% rename from secrets/shared/spotify.age rename to secrets/spotify.age diff --git a/secrets/shared/ssh-config.age b/secrets/ssh-config.age similarity index 100% rename from secrets/shared/ssh-config.age rename to secrets/ssh-config.age