diff --git a/Makefile b/Makefile index 56e710e..f970db3 100644 --- a/Makefile +++ b/Makefile @@ -6,4 +6,4 @@ rebuild-pi: NIX_SSHOPTS="-o IdentitiesOnly=yes -i ~/.ssh/id_rsa" nixos-rebuild switch --flake .#pi --target-host pi --build-host server --use-remote-sudo deploy-server: - nixos-rebuild switch --flake .#server --target-host server --build-host server --use-remote-sudo --ask-sudo-password + nixos-rebuild switch --flake .#server --target-host server --build-host server --sudo --ask-sudo-password diff --git a/devices/asus/configuration.nix b/devices/asus/configuration.nix index 66244d7..23eb51b 100644 --- a/devices/asus/configuration.nix +++ b/devices/asus/configuration.nix @@ -1,12 +1,7 @@ # Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page, on # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). -{ - config, - lib, - pkgs, - ... -}: { +{ config, lib, pkgs, ... }: { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix @@ -32,19 +27,13 @@ services.desktopManager.cosmic.enable = true; services.displayManager.cosmic-greeter.enable = true; - nix.settings.experimental-features = ["nix-command" "flakes"]; + nix.settings.experimental-features = [ "nix-command" "flakes" ]; # Define a user account. Don't forget to set a password with ‘passwd’. users.users.polen = { isNormalUser = true; - extraGroups = ["wheel"]; # Enable ‘sudo’ for the user. - packages = with pkgs; [ - neovim - tree - htop - git - ranger - ]; + extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. + packages = with pkgs; [ neovim tree htop git ranger ]; }; # List packages installed in system profile. @@ -73,7 +62,7 @@ }; # Open ports in the firewall. - networking.firewall.allowedTCPPorts = [2283]; + networking.firewall.allowedTCPPorts = [ 2283 ]; # networking.firewall.allowedUDPPorts = [ ... ]; # Or disable the firewall altogether. # networking.firewall.enable = false; diff --git a/devices/asus/hardware-configuration.nix b/devices/asus/hardware-configuration.nix index 4dbb315..047b62f 100644 --- a/devices/asus/hardware-configuration.nix +++ b/devices/asus/hardware-configuration.nix @@ -4,34 +4,32 @@ { config, lib, pkgs, modulesPath, ... }: { - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.initrd.availableKernelModules = + [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; - fileSystems."/" = - { device = "/dev/disk/by-uuid/50ea20bc-d9bb-40c7-8e4a-34e31da665b5"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/50ea20bc-d9bb-40c7-8e4a-34e31da665b5"; + fsType = "ext4"; + }; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/9267-2ED4"; - fsType = "vfat"; - options = [ "fmask=0077" "dmask=0077" ]; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/9267-2ED4"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; - fileSystems."/data" = - { device = "/dev/disk/by-uuid/465aa01d-2cc4-4955-bebb-b44c21528e4f"; - fsType = "ext4"; - }; + fileSystems."/data" = { + device = "/dev/disk/by-uuid/465aa01d-2cc4-4955-bebb-b44c21528e4f"; + fsType = "ext4"; + }; swapDevices = - [ { device = "/dev/disk/by-uuid/90dd6c81-79a7-45e2-b063-e263cabf1c28"; } - ]; + [{ device = "/dev/disk/by-uuid/90dd6c81-79a7-45e2-b063-e263cabf1c28"; }]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's @@ -42,5 +40,6 @@ # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + hardware.cpu.intel.updateMicrocode = + lib.mkDefault config.hardware.enableRedistributableFirmware; } diff --git a/devices/latoure/configuration.nix b/devices/latoure/configuration.nix index dab7ee0..1e01f13 100644 --- a/devices/latoure/configuration.nix +++ b/devices/latoure/configuration.nix @@ -1,11 +1,7 @@ # Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running 'nixos-help'). -{ - config, - pkgs, - ... -}: { +{ config, pkgs, ... }: { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix @@ -35,7 +31,7 @@ # networking.proxy.default = "http://user:password@proxy:port/"; # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; - nix.settings.experimental-features = ["nix-command" "flakes"]; + nix.settings.experimental-features = [ "nix-command" "flakes" ]; #nix.settings.trusted-users = [ "polen" "polensky" ]; #nix.settings.extra-platforms = config.boot.binfmt.emulatedSystems; #boot.binfmt.emulatedSystems = ["aarch64-linux"]; @@ -98,7 +94,7 @@ users.users.polensky = { isNormalUser = true; description = "polensky"; - extraGroups = ["networkmanager" "wheel"]; + extraGroups = [ "networkmanager" "wheel" ]; shell = pkgs.zsh; }; @@ -109,13 +105,7 @@ # List packages installed in system profile. To search, run: # $ nix search wget - environment.systemPackages = with pkgs; [ - htop-vim - ranger - neovim - wget - git - ]; + environment.systemPackages = with pkgs; [ htop-vim ranger neovim wget git ]; # Some programs need SUID wrappers, can be configured further or are # started in user sessions. diff --git a/devices/latoure/hardware-configuration.nix b/devices/latoure/hardware-configuration.nix index b3bbb9b..96106c2 100644 --- a/devices/latoure/hardware-configuration.nix +++ b/devices/latoure/hardware-configuration.nix @@ -4,44 +4,52 @@ { config, lib, pkgs, modulesPath, ... }: { - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "xhci_pci" "pata_marvell" "firewire_ohci" "usb_storage" "usbhid" "sd_mod" "sr_mod" ]; + boot.initrd.availableKernelModules = [ + "uhci_hcd" + "ehci_pci" + "ahci" + "xhci_pci" + "pata_marvell" + "firewire_ohci" + "usb_storage" + "usbhid" + "sd_mod" + "sr_mod" + ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; - fileSystems."/" = - { device = "/dev/disk/by-uuid/62a34abf-561a-410d-b913-eb2ad7ede6f5"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/62a34abf-561a-410d-b913-eb2ad7ede6f5"; + fsType = "ext4"; + }; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/9B7B-A012"; - fsType = "vfat"; - options = [ "fmask=0022" "dmask=0022" ]; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/9B7B-A012"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; - fileSystems."/data" = - { device = "/dev/disk/by-uuid/b7de7b88-6239-4340-9e7a-6486814bbd83"; - fsType = "ext4"; - }; + fileSystems."/data" = { + device = "/dev/disk/by-uuid/b7de7b88-6239-4340-9e7a-6486814bbd83"; + fsType = "ext4"; + }; - fileSystems."/data1" = - { device = "/dev/disk/by-uuid/86a239f2-50a5-4c26-9534-0636fb718fc8"; - fsType = "ext4"; - }; + fileSystems."/data1" = { + device = "/dev/disk/by-uuid/86a239f2-50a5-4c26-9534-0636fb718fc8"; + fsType = "ext4"; + }; - fileSystems."/home" = - { device = "/dev/disk/by-uuid/5181dbcf-7e00-46d9-ac04-c22d4c4e9827"; - fsType = "ext4"; - }; + fileSystems."/home" = { + device = "/dev/disk/by-uuid/5181dbcf-7e00-46d9-ac04-c22d4c4e9827"; + fsType = "ext4"; + }; swapDevices = - [ { device = "/dev/disk/by-uuid/29ac34a7-fa51-489b-b9da-8c5d02bdd2c4"; } - ]; + [{ device = "/dev/disk/by-uuid/29ac34a7-fa51-489b-b9da-8c5d02bdd2c4"; }]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's @@ -52,5 +60,6 @@ # networking.interfaces.enp7s0.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + hardware.cpu.intel.updateMicrocode = + lib.mkDefault config.hardware.enableRedistributableFirmware; } diff --git a/devices/macbook/configuration.nix b/devices/macbook/configuration.nix index 46f5578..8a21193 100644 --- a/devices/macbook/configuration.nix +++ b/devices/macbook/configuration.nix @@ -1,11 +1,5 @@ -{ - pkgs, - inputs, - system, - config, - ... -}: let - my-emacs = pkgs.emacsNativeComp; +{ pkgs, inputs, system, config, ... }: +let my-emacs = pkgs.emacsNativeComp; in { nixpkgs.config.allowUnfree = true; @@ -24,7 +18,7 @@ in { colima git gnupg - (pass.withExtensions (exts: [exts.pass-otp])) + (pass.withExtensions (exts: [ exts.pass-otp ])) # emacs my-emacs @@ -90,9 +84,7 @@ in { programs.direnv.enable = true; programs.gnupg.agent.enable = true; - services.yabai = { - enable = true; - }; + services.yabai = { enable = true; }; services.skhd.enable = true; services.emacs = { @@ -107,15 +99,13 @@ in { system.defaults.dock = { autohide = true; - persistent-apps = []; + persistent-apps = [ ]; show-recents = false; static-only = true; tilesize = 32; }; - system.defaults.menuExtraClock = { - Show24Hour = true; - }; + system.defaults.menuExtraClock = { Show24Hour = true; }; launchd.user.agents.remap-keys = { serviceConfig = { @@ -123,7 +113,8 @@ in { "/usr/bin/hidutil" "property" "--set" - '' { + '' + { "UserKeyMapping":[ {"HIDKeyboardModifierMappingSrc":0x700000039,"HIDKeyboardModifierMappingDst":0x7000000E7} ] diff --git a/devices/pi/configuration.nix b/devices/pi/configuration.nix index 8f9d49a..22e717f 100644 --- a/devices/pi/configuration.nix +++ b/devices/pi/configuration.nix @@ -1,16 +1,11 @@ -{ - inputs, - config, - pkgs, - lib, - ... -}: let +{ inputs, config, pkgs, lib, ... }: +let user = "polen"; hostname = "pi"; in { boot = { kernelPackages = pkgs.linuxKernel.packages.linux_rpi3; - initrd.availableKernelModules = ["xhci_pci" "usbhid" "usb_storage"]; + initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" ]; loader = { grub.enable = false; generic-extlinux-compatible.enable = true; @@ -21,16 +16,14 @@ in { "/" = { device = "/dev/disk/by-label/NIXOS_SD"; fsType = "ext4"; - options = ["noatime"]; + options = [ "noatime" ]; }; }; - swapDevices = [ - { - device = "/var/lib/swapfile"; - size = 10 * 1024; - } - ]; + swapDevices = [{ + device = "/var/lib/swapfile"; + size = 10 * 1024; + }]; #sops.defaultSopsFile = ../../secrets/secrets.yaml; #sops.defaultSopsFormat = "yaml"; @@ -48,15 +41,9 @@ in { node.openFirewall = true; }; - nix.settings.trusted-users = [user]; + nix.settings.trusted-users = [ user ]; - environment.systemPackages = with pkgs; [ - htop-vim - neovim - curl - wget - ranger - ]; + environment.systemPackages = with pkgs; [ htop-vim neovim curl wget ranger ]; services.openssh.enable = true; @@ -66,11 +53,9 @@ in { "${user}" = { isNormalUser = true; #hashedPasswordFile = config.sops.secrets.pi_user_pass.path; - extraGroups = ["wheel"]; - }; - lauria = { - isNormalUser = true; + extraGroups = [ "wheel" ]; }; + lauria = { isNormalUser = true; }; }; }; diff --git a/devices/server/configuration.nix b/devices/server/configuration.nix index c38eeff..4da0468 100644 --- a/devices/server/configuration.nix +++ b/devices/server/configuration.nix @@ -64,7 +64,8 @@ in { openFirewall = true; # 11434 host = "0.0.0.0"; syncModels = true; - loadModels = [ "mistral:7b" "phi3.5:3.8b" ]; + loadModels = + [ "qwen3:4b" "lfm2.5-thinking:1.2b" "ministral-3:8b" "ministral-3:3b" ]; }; }; @@ -161,6 +162,7 @@ in { 9000 # mealie 8989 # sonarr 10222 # taskchampion-sync-server + 18789 # openclaw ]; firewall.allowedUDPPorts = [ 5353 # mDNS @@ -170,12 +172,15 @@ in { time.timeZone = "America/Toronto"; users.users."${user}" = { + isNormalUser = true; + group = "polen"; extraGroups = [ "wheel" "transmission" "jellyfin" "polensky" "docker" ]; shell = pkgs.zsh; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC6O2MJqR+P/FwRyVSz1HWYhMtIwh16ozBU71Y2vf0oNDQ6DZ5T8Bvp5/4uSJgS8lOl3qYyNy0e0zJMIyfFVJnu89ycKBEdixA4HqWOUQGiyvn1C4s740jHolOzN1xNB24PDXFz0vHcVb+G5nU/xeKeaq0vrszrkK2zctqXshw94/x3ah0m3fr5CwM4S2RY/VODOdt11fllFEvN8HGE2mQTPn5sJzwtGW20npQ5iJ7ShugPbC4D1G2JU1R7MqkvWEpq9OFVb1prTpJM+i/lcqCn3lBv8XxpKKnD3q+48eeO1geosAsG/kgUWPDildbzcSfytgj7/TCTujx2ow4ZUfS4kWUrNaXM3M99SG61rFN7zLMAv14SOSsgegmX3q0ZAwOieUhCifqIqdfFr5QjEUP11ALofYRC6567X1YrEVXZFFnZSXMKGkBKpTxx0jaTTGnFSd6F49kDlI30cKJnVUgAK5nESissdEFn3UGRSFfxmjZkYvhY5l3LqtbO3kEutJU= polen@polen-xps" ]; }; + users.groups.polen = { }; # Luna user for OpenClaw AI assistant users.users.luna = { @@ -197,16 +202,17 @@ in { defaultSopsFile = ../../secrets/secrets.yaml; age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; secrets = { - luna-telegram-token = { + luna_telegram_token = { owner = "luna"; group = "luna"; }; - luna-gateway-token = { + luna_gateway_token = { owner = "luna"; group = "luna"; }; }; }; + environment.systemPackages = with pkgs; [ neovim htop-vim diff --git a/devices/server/hardware-configuration.nix b/devices/server/hardware-configuration.nix index a59b1e5..3e46e9b 100644 --- a/devices/server/hardware-configuration.nix +++ b/devices/server/hardware-configuration.nix @@ -1,30 +1,22 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ - config, - lib, - pkgs, - modulesPath, - ... -}: { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; +{ config, lib, pkgs, modulesPath, ... }: { + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = ["uhci_hcd" "ehci_pci" "hpsa" "usb_storage" "usbhid" "sd_mod"]; - boot.initrd.kernelModules = []; - boot.kernelModules = ["kvm-intel"]; - boot.extraModulePackages = []; + boot.initrd.availableKernelModules = + [ "uhci_hcd" "ehci_pci" "hpsa" "usb_storage" "usbhid" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; fileSystems."/" = { device = "/dev/disk/by-uuid/a4ba3cce-bbdd-470d-9874-71f3aea9ea13"; fsType = "ext4"; }; - swapDevices = [ - {device = "/dev/disk/by-uuid/6fc86a5b-ac4b-41ed-a7c9-56f734f5e711";} - ]; + swapDevices = + [{ device = "/dev/disk/by-uuid/6fc86a5b-ac4b-41ed-a7c9-56f734f5e711"; }]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's @@ -37,5 +29,6 @@ # networking.interfaces.enp4s0f1.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + hardware.cpu.intel.updateMicrocode = + lib.mkDefault config.hardware.enableRedistributableFirmware; } diff --git a/devices/server/luna.nix b/devices/server/luna.nix index 64f559d..ce84935 100644 --- a/devices/server/luna.nix +++ b/devices/server/luna.nix @@ -7,35 +7,105 @@ home.homeDirectory = "/var/lib/luna"; home.stateVersion = "25.05"; + home.packages = with pkgs; [ xmlstarlet ]; + programs.openclaw = { enable = true; - documents = ./luna-documents; config = { - # Use local Ollama - auto-detected at 127.0.0.1:11434 - agents.defaults.model = { - primary = "ollama/mistral:7b"; - fallbacks = [ "ollama/phi3.5:3.8b" ]; + models = { + providers = { + ollama = { + baseUrl = "http://127.0.0.1:11434/v1"; + apiKey = "ollama-local"; + api = "openai-completions"; + models = [ ]; + }; + }; + }; + + agents = { + defaults = { + model = { primary = "github-copilot/gpt-5-mini"; }; + workspace = "/var/lib/luna/.openclaw/workspace"; + maxConcurrent = 4; + subagents = { maxConcurrent = 8; }; + models = { "github-copilot/gpt-5-mini" = { }; }; + }; + }; + + commands = { + native = "auto"; + nativeSkills = "auto"; + }; + + channels = { + telegram = { + dmPolicy = "pairing"; + tokenFile = "/run/secrets/luna_telegram_token"; + groups = { "*" = { requireMention = true; }; }; + allowFrom = [ 1268580775 ]; + groupPolicy = "allowlist"; + streamMode = "partial"; + }; }; gateway = { mode = "local"; - auth = { tokenFile = "/run/secrets/luna-gateway-token"; }; + auth = { + token = + "14db7eaede5f363bce5f5efd23baea45fd8c7984fd3d9234d9b98e1d52c88db7"; + mode = "token"; + }; + port = 18789; + bind = "loopback"; + tailscale = { + mode = "off"; + resetOnExit = false; + }; }; - channels.telegram = { - tokenFile = "/run/secrets/luna-telegram-token"; - allowFrom = [ - 1268580775 - ]; - groups = { "*" = { requireMention = true; }; }; + plugins = { entries = { telegram = { enabled = true; }; }; }; + + messages = { ackReactionScope = "group-mentions"; }; + + auth = { + profiles = { + "github-copilot:github" = { + provider = "github-copilot"; + mode = "token"; + }; + }; + }; + + hooks = { + internal = { + enabled = true; + entries = { + "boot-md" = { enabled = true; }; + "command-logger" = { enabled = true; }; + "session-memory" = { enabled = true; }; + }; + }; + }; + + wizard = { + lastRunAt = "2026-02-10T18:36:29.457Z"; + lastRunVersion = "2026.2.6-3"; + lastRunCommand = "onboard"; + lastRunMode = "local"; + }; + + meta = { + lastTouchedVersion = "2026.2.6-3"; + lastTouchedAt = "2026-02-10T18:36:29.472Z"; }; }; # Plugins useful for homelab Q&A bundledPlugins = { summarize.enable = true; # Summarize docs/web pages - oracle.enable = true; # Web search + oracle.enable = false; # Web search }; }; diff --git a/devices/xps13/configuration.nix b/devices/xps13/configuration.nix index 6cc43df..65bab79 100644 --- a/devices/xps13/configuration.nix +++ b/devices/xps13/configuration.nix @@ -1,12 +1,7 @@ # Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running 'nixos-help'). -{ - config, - pkgs, - inputs, - ... -}: { +{ config, pkgs, inputs, ... }: { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix @@ -29,14 +24,14 @@ boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; - boot.kernelModules = ["msr"]; + boot.kernelModules = [ "msr" ]; networking.hostName = "xps13"; # Define your hostname. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. nix = { - settings.experimental-features = ["nix-command" "flakes"]; - settings.trusted-users = ["polen"]; + settings.experimental-features = [ "nix-command" "flakes" ]; + settings.trusted-users = [ "polen" ]; settings.extra-platforms = config.boot.binfmt.emulatedSystems; gc = { automatic = true; @@ -44,7 +39,7 @@ options = "--delete-older-than 15d"; }; }; - boot.binfmt.emulatedSystems = ["aarch64-linux"]; + boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; # Configure network proxy if necessary # networking.proxy.default = "http://user:password@proxy:port/"; @@ -68,14 +63,14 @@ services.displayManager.sddm = { enable = true; - theme = "${import ./sddm-theme.nix {inherit pkgs;}}"; + theme = "${import ./sddm-theme.nix { inherit pkgs; }}"; }; # Define a user account. Don't forget to set a password with 'passwd'. users.users.polen = { isNormalUser = true; description = "polen"; - extraGroups = ["networkmanager" "wheel"]; + extraGroups = [ "networkmanager" "wheel" ]; shell = pkgs.zsh; }; @@ -134,7 +129,7 @@ programs.seahorse.enable = true; xdg.portal.enable = true; - xdg.portal.extraPortals = [pkgs.xdg-desktop-portal-gtk]; + xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ]; environment.sessionVariables = { NIXOS_OZONE_WL = "1"; diff --git a/devices/xps13/hardware-configuration.nix b/devices/xps13/hardware-configuration.nix index 99be3ee..20fdb62 100644 --- a/devices/xps13/hardware-configuration.nix +++ b/devices/xps13/hardware-configuration.nix @@ -4,29 +4,28 @@ { config, lib, pkgs, modulesPath, ... }: { - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.initrd.availableKernelModules = + [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; - fileSystems."/" = - { device = "/dev/disk/by-uuid/6faa62c9-8566-4ed7-b372-355e04ac4ca6"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/6faa62c9-8566-4ed7-b372-355e04ac4ca6"; + fsType = "ext4"; + }; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/A769-2F96"; - fsType = "vfat"; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/A769-2F96"; + fsType = "vfat"; + }; - fileSystems."/home" = - { device = "/dev/disk/by-uuid/8b28694c-3401-4545-9974-521674baa450"; - fsType = "ext4"; - }; + fileSystems."/home" = { + device = "/dev/disk/by-uuid/8b28694c-3401-4545-9974-521674baa450"; + fsType = "ext4"; + }; swapDevices = [ ]; @@ -38,5 +37,6 @@ # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + hardware.cpu.intel.updateMicrocode = + lib.mkDefault config.hardware.enableRedistributableFirmware; } diff --git a/devices/xps13/sddm-theme.nix b/devices/xps13/sddm-theme.nix index 3df1e26..f8ab95e 100644 --- a/devices/xps13/sddm-theme.nix +++ b/devices/xps13/sddm-theme.nix @@ -1,19 +1,18 @@ -{pkgs}: let - image = ./assets/a_forest_of_trees_with_fog.jpg; -in - pkgs.stdenv.mkDerivation { - name = "sddm-theme"; - src = pkgs.fetchFromGitHub { - owner = "MarianArlt"; - repo = "sddm-sugar-dark"; - rev = "ceb2c455663429be03ba62d9f898c571650ef7fe"; - sha256 = "flOspjpYezPvGZ6b4R/Mr18N7N3JdytCSwwu6mf4owQ="; - }; - installPhase = '' - mkdir -p $out - cp -R ./* $out/ - cd $out/ - rm Background.jpg - cp -r ${image} $out/Background.jpg - ''; - } +{ pkgs }: +let image = ./assets/a_forest_of_trees_with_fog.jpg; +in pkgs.stdenv.mkDerivation { + name = "sddm-theme"; + src = pkgs.fetchFromGitHub { + owner = "MarianArlt"; + repo = "sddm-sugar-dark"; + rev = "ceb2c455663429be03ba62d9f898c571650ef7fe"; + sha256 = "flOspjpYezPvGZ6b4R/Mr18N7N3JdytCSwwu6mf4owQ="; + }; + installPhase = '' + mkdir -p $out + cp -R ./* $out/ + cd $out/ + rm Background.jpg + cp -r ${image} $out/Background.jpg + ''; +} diff --git a/flake.nix b/flake.nix index f4f9c3a..c0dfe2a 100644 --- a/flake.nix +++ b/flake.nix @@ -46,12 +46,15 @@ specialArgs = { inherit inputs; }; system = "x86_64-linux"; modules = [ + { nixpkgs.overlays = [ nix-openclaw.overlays.default ]; } + disko.nixosModules.disko sops-nix.nixosModules.sops home-manager.nixosModules.home-manager { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; + home-manager.backupFileExtension = "backup"; home-manager.extraSpecialArgs = { inherit inputs; }; home-manager.users.luna = import ./devices/server/luna.nix; } diff --git a/modules/default.nix b/modules/default.nix index feec28c..68afca3 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -1,5 +1 @@ -{...}: { - imports = [ - ./pocketbase.nix - ]; -} +{ ... }: { imports = [ ./pocketbase.nix ]; } diff --git a/modules/pocketbase.nix b/modules/pocketbase.nix index 464c487..d462711 100644 --- a/modules/pocketbase.nix +++ b/modules/pocketbase.nix @@ -1,10 +1,5 @@ -{ - config, - pkgs, - lib, - ... -}: let - cfg = config.services.pocketbase; +{ config, pkgs, lib, ... }: +let cfg = config.services.pocketbase; in { options.services.pocketbase = { enable = lib.mkEnableOption "PocketBase backend"; @@ -12,7 +7,8 @@ in { dataDir = lib.mkOption { type = lib.types.path; default = "/var/lib/pocketbase"; - description = "Working directory containing the PocketBase binary and data."; + description = + "Working directory containing the PocketBase binary and data."; }; openFirewall = lib.mkOption { @@ -47,19 +43,18 @@ in { description = "Log file used for both stdout and stderr."; }; - package = lib.mkPackageOption pkgs "pocketbase" {}; + package = lib.mkPackageOption pkgs "pocketbase" { }; }; config = lib.mkIf cfg.enable { # Optional: ensure the directory exists with proper ownership - systemd.tmpfiles.rules = [ - "d ${cfg.dataDir} 0700 ${cfg.user} ${cfg.group} -" - ]; + systemd.tmpfiles.rules = + [ "d ${cfg.dataDir} 0700 ${cfg.user} ${cfg.group} -" ]; systemd.services.pocketbase = { description = "PocketBase"; - wantedBy = ["multi-user.target"]; - after = ["network.target"]; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; serviceConfig = { Type = "simple"; @@ -71,7 +66,11 @@ in { WorkingDirectory = cfg.dataDir; ExecStart = '' - ${lib.getExe cfg.package} serve --dir ${cfg.dataDir}/pb_data --http=0.0.0.0:${toString cfg.port} + ${ + lib.getExe cfg.package + } serve --dir ${cfg.dataDir}/pb_data --http=0.0.0.0:${ + toString cfg.port + } ''; # Switch to systemd stdout/stderr logging by default @@ -80,8 +79,7 @@ in { StandardError = "append:${cfg.logFile}"; }; }; - networking.firewall = lib.mkIf cfg.openFirewall { - allowedTCPPorts = [cfg.port]; - }; + networking.firewall = + lib.mkIf cfg.openFirewall { allowedTCPPorts = [ cfg.port ]; }; }; } diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index 0426777..c4e3dd8 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -6,11 +6,29 @@ sops: - recipient: age1x8qsd7kxxjvan4psvnvua3r0emljsnq07agxnu6jqw56ky8z6faqyjq0e3 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxN2ZzTUpSeWRWejVxVm4y - dzF3MU9DOTBTZUF0Y3I2SUVURGZCZDBqTVV3ClNwL29hejN2OFdVaHk2TEppNWFj - V3NYcEM4RHNyWUszWFlLa2pXa2FyVmsKLS0tIExOL254cGh4RkJDandqZzJ2RjRi - b3AxOTd2VmdHdXd5c3NNTkJoYW12bUUKbX199Z7jI6nornm0erzm7dSQ+XuxAnXb - glw60TnUSnLUWIHTTx/jVSRR4uO5I6FzxUUfVJ2BMOn/eUNa5BJ70A== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzRy9DblE4WnhEc1kvcjcw + ZVBEeVVoRUMxNUZ6Q09QZXdYcEZaSGp0UHpFCnc3UnZOZThLdDYwN05GUjJqYnhK + Z0tZMXo2N0J4R2ZPLzRLcS83QVRBZncKLS0tICs3dDVIV0s2ZTRBQk5wMVE3WjVP + NENYZHlvR3U3Um5XWm90RW01eEM3eHMKewyXEa9TInEFz65LoDo8BHBdjibdYF4r + DGQtPlYF5yuVd8PVMATxMBhs/6hXJLfK2Y54NEeJo2gydyq11Lpm2Q== + -----END AGE ENCRYPTED FILE----- + - recipient: age1y2s7ah49jmhd8n05q7tw0gjcnv3390s0uxp3ewjqueekq7a7rvdqzytgd2 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGMlBaWURCSTd6cjRYTTB1 + VWQvTHBFaDgrMFRpb0crRld6ZjVOUXkrb0cwCnFpcE1nSERwUlowRW54SnEwTk9u + S2N1Rm9kUCtWM3pEWmh1aE1HU3oxT1UKLS0tIE5HSXdFT29XazloR0VjVDVqQWVq + RURoYXdtZFh2djVaem15Qjk4UFhBOEEKEjAuKJ8vpVKoBO8ioyH4EcXVmEkfwrQh + JtDzik9QwZgUNdamWu5BhDlNA1Jmu87VYchhR4CXIS5OG4ticUqr7g== + -----END AGE ENCRYPTED FILE----- + - recipient: age107mmu7nkjfpm7ygp25zpj69m06ftckc9gh7a37umkjq0y7ac34msd6uj3u + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBodExKajhTZzRZdWlXWG9n + V09sRDZrK0gvaDI4TmtzUmR0cUF0OFl1OGxJCmNUMk5aWkV3LzYzeTJJMDFlR0p4 + Qlp0STk4dFN3WGswb05BRHlOQit2VGMKLS0tIGJTVkp0Y1Yrd2pqMm1yUlJaYkMy + TzlCMWpMQ1hRMTRObWNyN2Q0YWtsZmcKFHVmvu6U0Qw+EUsBEmdST2cyQ3rZyh6w + 62vmALGxE2NWDYQmwtHJmYqeO14HHEDclUErQiCmUt+hLgOLF2MxwA== -----END AGE ENCRYPTED FILE----- lastmodified: "2026-02-09T03:39:35Z" mac: ENC[AES256_GCM,data:lVU+w4EOpNACzz1CjtBGwGcoB/huatCa97sJ4irzX/dNP8LYwMiRvm6axsyqNiBns76WyKHAS9r+drByQzNAFAIh+2EwJCk7Mm7Njy3+kL0GNd0RanMhI51WSHTbjHIqrGC81jgS4ydcsGDMDmZBOZHL5t/uTcrdn/SRjgDvHTA=,iv:F4kbFHvTFmG4mhvMIAUtNq6WCwXyILOlbYvIaFno6BI=,tag:JSYzsKF86cuJtApPeTVDTA==,type:str]