From 62c649856831d782bc1ab0d0d2e24051749e9ab3 Mon Sep 17 00:00:00 2001 From: Nathan Date: Thu, 23 Apr 2026 13:29:08 -0500 Subject: [PATCH 01/62] test iso --- modules/hosts/iso/configuration.nix | 19 ++++++++++++++----- modules/hosts/iso/default.nix | 5 +++-- modules/users/nathan/nathan.nix | 20 ++++++++++---------- 3 files changed, 27 insertions(+), 17 deletions(-) diff --git a/modules/hosts/iso/configuration.nix b/modules/hosts/iso/configuration.nix index ed81d84..a29d78d 100644 --- a/modules/hosts/iso/configuration.nix +++ b/modules/hosts/iso/configuration.nix @@ -2,14 +2,19 @@ flake.nixosModules.iso = { lib, pkgs, modulesPath, ... }: { - imports = with inputs; [ + imports = with self.nixosModules; [ (modulesPath + "/installer/cd-dvd/installation-cd-minimal.nix") + inputs.home-manager.nixosModules.default + self.nixosModules.default - self.nixosModules.aurora-greeter - - home-manager.nixosModules.default + aurora-greeter + hyprland + pipewire + avahi + netbird + openssh ]; @@ -22,7 +27,8 @@ system.stateVersion = "25.11"; - nixpkgs.hostPlatform = "x86_64-linux"; + #nixpkgs.hostPlatform = "x86_64-linux"; + nixpkgs.hostPlatform = pkgs.stdenv.hostPlatform.system; users.users."nathan" = { hashedPassword = "$y$j9T$F0pn6l4C45lz4a0FTZLqE0$Fc48Ptbmz/3MJCk/Jsaqop4ff.bY3J3GcjhmJx5R7k6"; @@ -35,6 +41,9 @@ users.users.nixos.enable = lib.mkForce false; networking = { + + hostName = "iso"; + nameservers = [ "1.1.1.1" "1.0.0.1" ]; networkmanager.enable = true; }; diff --git a/modules/hosts/iso/default.nix b/modules/hosts/iso/default.nix index bc619bd..3c59086 100644 --- a/modules/hosts/iso/default.nix +++ b/modules/hosts/iso/default.nix @@ -6,8 +6,9 @@ flake.nixosConfigurations.iso = inputs.nixpkgs.lib.nixosSystem { - modules = [ - self.nixosModules.iso + modules = with self.nixosModules; [ + iso + user-nathan ]; }; diff --git a/modules/users/nathan/nathan.nix b/modules/users/nathan/nathan.nix index 66ee9bb..8900e57 100644 --- a/modules/users/nathan/nathan.nix +++ b/modules/users/nathan/nathan.nix @@ -3,7 +3,7 @@ flake.nixosModules.user-nathan = { config, lib, pkgs, ... }: let laptop = [ "laptop" ]; homebox = [ "homebox" ]; - #both = laptop ++ homebox; + iso = [ "iso" ]; useWith = x: y: (lib.mkIf (builtins.any (z: z == config.networking.hostName) x) y); in { @@ -18,7 +18,7 @@ #hashedPasswordFile = lib.mkIf (cfg.hashedPasswordFile != null) cfg.hashedPasswordFile; extraGroups = [ "networkmanager" "docker" "libvirtd" "wheel" ]; openssh.authorizedKeys.keys = lib.mkMerge [ - (useWith homebox [ + (useWith (homebox ++ iso) [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsU69CxfQk58CvItPN426h5Alnpb60SH37wet97Vb57 nathan@laptop" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEnUhN2uHwAJF/SLRX3wlGRmfhV3zpP88JQAYB+gh8jW nathan@localhost" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCM7ZgIu4+ntHZbzo9iQPq5pUt7AhpOnfvvI0lWDgO4CgtkPGvyFrDnW87wjAKGKYkgKeHWHIkwq2hkEDqlPD+7xxtPpwzfyo7ZS23xlP31rL14HcG21jGHgx9SO7RmGDHHylu4PwJzz/KX59hcVmpSSV4hgB/mYA9UKe6VHv39X4y3HsjmiHwNBOKXltG4V+VkxOZD6HcZ62sgkyDTaqDpE7p+q8vHPbm6dVTKC9cMjtJmjB5EesMGKcEAy3VN2tA9M0EndtaLcBKM39vDXGpBsjURYZTu7NbQnncnO7L8kVL0nT4vA/d4mCjB51dPoXIcxn1ise0TOb9G7TxMbBQQO5YMOpiB2iuZRRvB3sYoKwbO8YfSxZi0EhvLcxkF9GBFw+pWPl0p0D2fPBbW88YQfEpoAt2EWvEu/pgaMJsTHpgaIuDwPLVQmDciX4MRoi324oElGSK8yN0P8IaCHhFchuehLBWvTi34Qot0GpnxeTzmlLzImICO9Yq0I7dk2rk= nathan@rpi-3dp" @@ -37,14 +37,14 @@ home-manager.users.nathan = with self.homeModules; lib.mkMerge [ self.homeModules.nathan - (useWith laptop nathan-aurora) - (useWith laptop nathan-firefox) - (useWith laptop nathan-rofi) - (useWith laptop nathan-hypridle) - (useWith laptop nathan-hyprland) - (useWith laptop nathan-kitty) - (useWith laptop nathan-scripts) - (useWith laptop nathan-pywal) + (useWith (laptop ++ iso) nathan-aurora) + (useWith (laptop ++ iso) nathan-firefox) + (useWith (laptop ++ iso) nathan-rofi) + (useWith (laptop ++ iso) nathan-hypridle) + (useWith (laptop ++ iso) nathan-hyprland) + (useWith (laptop ++ iso) nathan-kitty) + (useWith (laptop ++ iso) nathan-scripts) + (useWith (laptop ++ iso) nathan-pywal) (useWith laptop { wayland.windowManager.hyprland.extraConfig = '' From 2d7517fe5c09b9070bd4ba762f7fcbf0e66052d0 Mon Sep 17 00:00:00 2001 From: Nathan Date: Thu, 23 Apr 2026 13:29:58 -0500 Subject: [PATCH 02/62] test iso --- modules/hosts/iso/configuration.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/modules/hosts/iso/configuration.nix b/modules/hosts/iso/configuration.nix index a29d78d..729ae54 100644 --- a/modules/hosts/iso/configuration.nix +++ b/modules/hosts/iso/configuration.nix @@ -27,8 +27,7 @@ system.stateVersion = "25.11"; - #nixpkgs.hostPlatform = "x86_64-linux"; - nixpkgs.hostPlatform = pkgs.stdenv.hostPlatform.system; + nixpkgs.hostPlatform = "x86_64-linux"; users.users."nathan" = { hashedPassword = "$y$j9T$F0pn6l4C45lz4a0FTZLqE0$Fc48Ptbmz/3MJCk/Jsaqop4ff.bY3J3GcjhmJx5R7k6"; From 779310fb2c2caeab9976d98ed2f5daa59c75c787 Mon Sep 17 00:00:00 2001 From: Nathan Date: Thu, 23 Apr 2026 13:45:13 -0500 Subject: [PATCH 03/62] test iso --- .sops.yaml | 20 +++++++++++++++++++- modules/hosts/iso/configuration.nix | 2 ++ modules/hosts/iso/secrets.yaml | 17 +++++++++++++++++ 3 files changed, 38 insertions(+), 1 deletion(-) create mode 100644 modules/hosts/iso/secrets.yaml diff --git a/.sops.yaml b/.sops.yaml index 9593357..c4ccad3 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -3,7 +3,25 @@ keys: - &laptop age1yqgyp2uxz4lzrc9f9ka0mfjl5fr6ahf8nf24nlmran2wulg6fpvq9hyp9q - &android age12pnf36uqesjmy3e0lythfnpwam3zg5mv8m936fc4jphy4ces2fdqwn0s74 creation_rules: - - path_regex: system/secrets.yaml$ + - path_regex: features/secrets.yaml$ + key_groups: + - age: + - *laptop + - *homebox + - *android + - path_regex: iso/secrets.yaml$ + key_groups: + - age: + - *laptop + - *homebox + - *android + - path_regex: live/secrets.yaml$ + key_groups: + - age: + - *laptop + - *homebox + - *android + - path_regex: container/secrets.yaml$ key_groups: - age: - *laptop diff --git a/modules/hosts/iso/configuration.nix b/modules/hosts/iso/configuration.nix index 729ae54..679e6c9 100644 --- a/modules/hosts/iso/configuration.nix +++ b/modules/hosts/iso/configuration.nix @@ -37,6 +37,8 @@ ]; }; + sops.defaultSopsFile = ./secrets.yaml; + users.users.nixos.enable = lib.mkForce false; networking = { diff --git a/modules/hosts/iso/secrets.yaml b/modules/hosts/iso/secrets.yaml new file mode 100644 index 0000000..e18d6b8 --- /dev/null +++ b/modules/hosts/iso/secrets.yaml @@ -0,0 +1,17 @@ +nathan: + pass: ENC[AES256_GCM,data:0hmcbyTLbmadTAMoSeOgBmpqgtCKtfrY1EIxIUoxgo+3297+jZqcsSmhPlFKtbornezm+7uPRzaVRHyp2G0Ee6mG4FbzUfGYFg==,iv:F2aTS/BPPxTemu4vEy9H0FY0HUEBWaRFeaoMr8TJbmA=,tag:Ai90KJluCimR6OG5BtCnVQ==,type:str] +sops: + age: + - recipient: age1yqgyp2uxz4lzrc9f9ka0mfjl5fr6ahf8nf24nlmran2wulg6fpvq9hyp9q + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5cUF3YWY2STgwc1pzREJP + QndUajV6WUJFZEdtOGNOQ05Ua1hGM25IbzJJCjF3Z24rc0JwMSt5bnpIVDZ0ZGJG + ZE9LdEU3bXhsMUxEL0hlMTNTc0VkR0kKLS0tIHhWOGJocS94eWJUSXdtaldJSG50 + TjZCN3RneGtJa0hLNU1yTUlLMDJpcEUKNvpcKkNXeRyFsn0CRjSKNb89l1864I6A + Yzijw0c0BVfivhn2wAyq0fYuw2rT+vIJdFUHvIgxkpkZFl4n/RucOQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-08-31T19:51:15Z" + mac: ENC[AES256_GCM,data:L4SK7iaPX3dPJTyl2RgSuqMcoFRm8q9k64TsroV3tT1uWn0J9XRBj9KXgGj/qLloQkgmZsmtct8w2x5tYYosh5k1+056/DeTD8l/Nw5339qKJppRjg6jYNtw02ZGPSNFQdmGNQU9NOOuT8Q94sl0mphwlYhFV1Tf1r/AoSg1ja8=,iv:/qEVdxOR8CDJ2plE8Ez9ML+u+lKPmsNfV0GyXgBbQRk=,tag:EyjdJzvuHXn+0+5hOk0dVg==,type:str] + unencrypted_suffix: _unencrypted + version: 3.10.2 From 250c949bd6571ea64d3549530271eface291fa87 Mon Sep 17 00:00:00 2001 From: Nathan Date: Thu, 23 Apr 2026 16:03:32 -0500 Subject: [PATCH 04/62] more separation --- .sops.yaml | 6 +++ modules/features/home-manager.nix | 21 +++++++++ modules/features/locale.nix | 27 ++++++++++++ modules/features/nix.nix | 21 +++++++++ .../{default.nix => remoteBuilds.nix} | 43 +++---------------- modules/hosts/homebox/configuration.nix | 1 + modules/hosts/iso/configuration.nix | 2 - modules/hosts/laptop/configuration.nix | 1 + modules/users/nathan/nathan.nix | 7 ++- modules/users/nathan/secrets.yaml | 17 ++++++++ 10 files changed, 105 insertions(+), 41 deletions(-) create mode 100644 modules/features/home-manager.nix create mode 100644 modules/features/locale.nix create mode 100644 modules/features/nix.nix rename modules/features/{default.nix => remoteBuilds.nix} (55%) create mode 100644 modules/users/nathan/secrets.yaml diff --git a/.sops.yaml b/.sops.yaml index c4ccad3..c2b0eeb 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -27,3 +27,9 @@ creation_rules: - *laptop - *homebox - *android + - path_regex: users/.*/secrets.yaml$ + key_groups: + - age: + - *laptop + - *homebox + - *android diff --git a/modules/features/home-manager.nix b/modules/features/home-manager.nix new file mode 100644 index 0000000..ac24bcd --- /dev/null +++ b/modules/features/home-manager.nix @@ -0,0 +1,21 @@ +{ inputs, ... }: { + + flake.nixosModules.default = { config, lib, pkgs, ... }: { + + imports = [ + inputs.home-manager.nixosModules.default + ]; + + config = { + + programs.fuse.userAllowOther = true; + + home-manager = { + backupFileExtension = "backup"; + useUserPackages = true; + sharedModules = []; + }; + }; + }; +} + diff --git a/modules/features/locale.nix b/modules/features/locale.nix new file mode 100644 index 0000000..394527e --- /dev/null +++ b/modules/features/locale.nix @@ -0,0 +1,27 @@ +{ ... }: { + + flake.nixosModules.default = { config, lib, pkgs, ... }: { + + config = { + + time.timeZone = lib.mkDefault "America/Chicago"; + + i18n = lib.mkDefault { + defaultLocale = "en_US.UTF-8"; + + extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + }; + }; + }; + }; +} + diff --git a/modules/features/nix.nix b/modules/features/nix.nix new file mode 100644 index 0000000..0e9cd2c --- /dev/null +++ b/modules/features/nix.nix @@ -0,0 +1,21 @@ +{ inputs, ... }: { + + flake.nixosModules.default = { config, lib, pkgs, ... }: { + + config = { + + nix = { + nixPath = [ "nixpkgs=${inputs.nixpkgs}" ]; + channel.enable = false; + settings = { + experimental-features = [ "nix-command" "flakes" ]; + + substituters = lib.mkIf config.programs.hyprland.enable ["https://hyprland.cachix.org"]; + trusted-substituters = lib.mkIf config.programs.hyprland.enable ["https://hyprland.cachix.org"]; + trusted-public-keys = lib.mkIf config.programs.hyprland.enable ["hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="]; + }; + }; + }; + }; +} + diff --git a/modules/features/default.nix b/modules/features/remoteBuilds.nix similarity index 55% rename from modules/features/default.nix rename to modules/features/remoteBuilds.nix index 7ca891e..f41eb47 100644 --- a/modules/features/default.nix +++ b/modules/features/remoteBuilds.nix @@ -1,6 +1,6 @@ { inputs, ... }: { - flake.nixosModules.default = { config, lib, pkgs, ... }: { + flake.nixosModules.remoteBuilds = { config, lib, ... }: { imports = [ inputs.sops-nix.nixosModules.sops @@ -9,18 +9,13 @@ config = { nix = { - nixPath = [ "nixpkgs=${inputs.nixpkgs}" ]; - channel.enable = false; settings = { - experimental-features = [ "nix-command" "flakes" ]; builders-use-substitutes = (config.sops.secrets ? "remoteBuildKey"); - substituters = lib.mkIf config.programs.hyprland.enable ["https://hyprland.cachix.org"]; - trusted-substituters = lib.mkIf config.programs.hyprland.enable ["https://hyprland.cachix.org"]; - trusted-public-keys = lib.mkIf config.programs.hyprland.enable ["hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="]; }; distributedBuilds = lib.mkDefault (config.sops.secrets ? "remoteBuildKey"); + buildMachines = lib.mkIf (config.sops.secrets ? "remoteBuildKey") [ { hostName = "esotericbytes.com"; @@ -35,6 +30,7 @@ systems = [ "x86_64-linux" "aarch64-linux" ]; } ]; + }; users.users."remote-builder" = lib.mkIf (builtins.any @@ -46,9 +42,9 @@ }; sops.templates."remote-builder" = lib.mkIf (builtins.any - (x: (builtins.match "^remoteBuildClientKeys/.+" x) != null) - (builtins.attrNames config.sops.secrets) - ) { + (x: (builtins.match "^remoteBuildClientKeys/.+" x) != null) + (builtins.attrNames config.sops.secrets) + ) { content = builtins.concatStringsSep ''''\n'' (builtins.map (y: config.sops.placeholder.${y}) (builtins.filter @@ -64,33 +60,6 @@ age.keyFile = "/var/lib/sops/age/keys.txt"; defaultSopsFormat = "yaml"; }; - - programs.fuse.userAllowOther = true; - - home-manager = { - backupFileExtension = "backup"; - useUserPackages = true; - sharedModules = []; - }; - - time.timeZone = lib.mkDefault "America/Chicago"; - - i18n = lib.mkDefault { - defaultLocale = "en_US.UTF-8"; - - extraLocaleSettings = { - LC_ADDRESS = "en_US.UTF-8"; - LC_IDENTIFICATION = "en_US.UTF-8"; - LC_MEASUREMENT = "en_US.UTF-8"; - LC_MONETARY = "en_US.UTF-8"; - LC_NAME = "en_US.UTF-8"; - LC_NUMERIC = "en_US.UTF-8"; - LC_PAPER = "en_US.UTF-8"; - LC_TELEPHONE = "en_US.UTF-8"; - LC_TIME = "en_US.UTF-8"; - }; - }; }; }; } - diff --git a/modules/hosts/homebox/configuration.nix b/modules/hosts/homebox/configuration.nix index fe079d6..4e436de 100644 --- a/modules/hosts/homebox/configuration.nix +++ b/modules/hosts/homebox/configuration.nix @@ -13,6 +13,7 @@ avahi netbird openssh + remoteBuilds docker diff --git a/modules/hosts/iso/configuration.nix b/modules/hosts/iso/configuration.nix index 679e6c9..729ae54 100644 --- a/modules/hosts/iso/configuration.nix +++ b/modules/hosts/iso/configuration.nix @@ -37,8 +37,6 @@ ]; }; - sops.defaultSopsFile = ./secrets.yaml; - users.users.nixos.enable = lib.mkForce false; networking = { diff --git a/modules/hosts/laptop/configuration.nix b/modules/hosts/laptop/configuration.nix index 2ba04d0..a826978 100644 --- a/modules/hosts/laptop/configuration.nix +++ b/modules/hosts/laptop/configuration.nix @@ -15,6 +15,7 @@ avahi netbird openssh + remoteBuilds ]; config = { diff --git a/modules/users/nathan/nathan.nix b/modules/users/nathan/nathan.nix index 8900e57..db48eda 100644 --- a/modules/users/nathan/nathan.nix +++ b/modules/users/nathan/nathan.nix @@ -9,13 +9,16 @@ config = { - sops.secrets."nathan/pass".neededForUsers = true; + sops.secrets."nathan/pass" = { + neededForUsers = true; + sopsFile = ./secrets.yaml; + }; users.users.nathan = { shell = pkgs.zsh; name = lib.mkDefault "nathan"; isNormalUser = lib.mkDefault true; -#hashedPasswordFile = lib.mkIf (cfg.hashedPasswordFile != null) cfg.hashedPasswordFile; + hashedPasswordFile = lib.mkDefault config.sops.secrets."nathan/pass".path; extraGroups = [ "networkmanager" "docker" "libvirtd" "wheel" ]; openssh.authorizedKeys.keys = lib.mkMerge [ (useWith (homebox ++ iso) [ diff --git a/modules/users/nathan/secrets.yaml b/modules/users/nathan/secrets.yaml new file mode 100644 index 0000000..e18d6b8 --- /dev/null +++ b/modules/users/nathan/secrets.yaml @@ -0,0 +1,17 @@ +nathan: + pass: ENC[AES256_GCM,data:0hmcbyTLbmadTAMoSeOgBmpqgtCKtfrY1EIxIUoxgo+3297+jZqcsSmhPlFKtbornezm+7uPRzaVRHyp2G0Ee6mG4FbzUfGYFg==,iv:F2aTS/BPPxTemu4vEy9H0FY0HUEBWaRFeaoMr8TJbmA=,tag:Ai90KJluCimR6OG5BtCnVQ==,type:str] +sops: + age: + - recipient: age1yqgyp2uxz4lzrc9f9ka0mfjl5fr6ahf8nf24nlmran2wulg6fpvq9hyp9q + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5cUF3YWY2STgwc1pzREJP + QndUajV6WUJFZEdtOGNOQ05Ua1hGM25IbzJJCjF3Z24rc0JwMSt5bnpIVDZ0ZGJG + ZE9LdEU3bXhsMUxEL0hlMTNTc0VkR0kKLS0tIHhWOGJocS94eWJUSXdtaldJSG50 + TjZCN3RneGtJa0hLNU1yTUlLMDJpcEUKNvpcKkNXeRyFsn0CRjSKNb89l1864I6A + Yzijw0c0BVfivhn2wAyq0fYuw2rT+vIJdFUHvIgxkpkZFl4n/RucOQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-08-31T19:51:15Z" + mac: ENC[AES256_GCM,data:L4SK7iaPX3dPJTyl2RgSuqMcoFRm8q9k64TsroV3tT1uWn0J9XRBj9KXgGj/qLloQkgmZsmtct8w2x5tYYosh5k1+056/DeTD8l/Nw5339qKJppRjg6jYNtw02ZGPSNFQdmGNQU9NOOuT8Q94sl0mphwlYhFV1Tf1r/AoSg1ja8=,iv:/qEVdxOR8CDJ2plE8Ez9ML+u+lKPmsNfV0GyXgBbQRk=,tag:EyjdJzvuHXn+0+5hOk0dVg==,type:str] + unencrypted_suffix: _unencrypted + version: 3.10.2 From 4a39c705b939bd418ddc2c04f650b68fc099355e Mon Sep 17 00:00:00 2001 From: Nathan Date: Thu, 23 Apr 2026 16:05:13 -0500 Subject: [PATCH 05/62] test iso --- modules/hosts/iso/secrets.yaml | 17 ----------------- 1 file changed, 17 deletions(-) delete mode 100644 modules/hosts/iso/secrets.yaml diff --git a/modules/hosts/iso/secrets.yaml b/modules/hosts/iso/secrets.yaml deleted file mode 100644 index e18d6b8..0000000 --- a/modules/hosts/iso/secrets.yaml +++ /dev/null @@ -1,17 +0,0 @@ -nathan: - pass: ENC[AES256_GCM,data:0hmcbyTLbmadTAMoSeOgBmpqgtCKtfrY1EIxIUoxgo+3297+jZqcsSmhPlFKtbornezm+7uPRzaVRHyp2G0Ee6mG4FbzUfGYFg==,iv:F2aTS/BPPxTemu4vEy9H0FY0HUEBWaRFeaoMr8TJbmA=,tag:Ai90KJluCimR6OG5BtCnVQ==,type:str] -sops: - age: - - recipient: age1yqgyp2uxz4lzrc9f9ka0mfjl5fr6ahf8nf24nlmran2wulg6fpvq9hyp9q - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5cUF3YWY2STgwc1pzREJP - QndUajV6WUJFZEdtOGNOQ05Ua1hGM25IbzJJCjF3Z24rc0JwMSt5bnpIVDZ0ZGJG - ZE9LdEU3bXhsMUxEL0hlMTNTc0VkR0kKLS0tIHhWOGJocS94eWJUSXdtaldJSG50 - TjZCN3RneGtJa0hLNU1yTUlLMDJpcEUKNvpcKkNXeRyFsn0CRjSKNb89l1864I6A - Yzijw0c0BVfivhn2wAyq0fYuw2rT+vIJdFUHvIgxkpkZFl4n/RucOQ== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-08-31T19:51:15Z" - mac: ENC[AES256_GCM,data:L4SK7iaPX3dPJTyl2RgSuqMcoFRm8q9k64TsroV3tT1uWn0J9XRBj9KXgGj/qLloQkgmZsmtct8w2x5tYYosh5k1+056/DeTD8l/Nw5339qKJppRjg6jYNtw02ZGPSNFQdmGNQU9NOOuT8Q94sl0mphwlYhFV1Tf1r/AoSg1ja8=,iv:/qEVdxOR8CDJ2plE8Ez9ML+u+lKPmsNfV0GyXgBbQRk=,tag:EyjdJzvuHXn+0+5hOk0dVg==,type:str] - unencrypted_suffix: _unencrypted - version: 3.10.2 From 0a26675f7ce606b90136ba2484094d0ea8d29d0b Mon Sep 17 00:00:00 2001 From: Nathan Date: Thu, 23 Apr 2026 16:09:18 -0500 Subject: [PATCH 06/62] test iso --- modules/users/nathan/nathan.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/users/nathan/nathan.nix b/modules/users/nathan/nathan.nix index db48eda..22faad3 100644 --- a/modules/users/nathan/nathan.nix +++ b/modules/users/nathan/nathan.nix @@ -9,6 +9,10 @@ config = { + imports = [ + inputs.sops-nix.nixosModules.sops + ]; + sops.secrets."nathan/pass" = { neededForUsers = true; sopsFile = ./secrets.yaml; From ac32833239c7e32cbe2ab08254a05f31f2a1de3a Mon Sep 17 00:00:00 2001 From: Nathan Date: Thu, 23 Apr 2026 16:10:32 -0500 Subject: [PATCH 07/62] test iso --- modules/users/nathan/nathan.nix | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/modules/users/nathan/nathan.nix b/modules/users/nathan/nathan.nix index 22faad3..9719c0c 100644 --- a/modules/users/nathan/nathan.nix +++ b/modules/users/nathan/nathan.nix @@ -1,18 +1,18 @@ { self, inputs, ... }: { flake.nixosModules.user-nathan = { config, lib, pkgs, ... }: let - laptop = [ "laptop" ]; - homebox = [ "homebox" ]; - iso = [ "iso" ]; - useWith = x: y: (lib.mkIf (builtins.any (z: z == config.networking.hostName) x) y); - in { + laptop = [ "laptop" ]; + homebox = [ "homebox" ]; + iso = [ "iso" ]; + useWith = x: y: (lib.mkIf (builtins.any (z: z == config.networking.hostName) x) y); + in { + + imports = [ + inputs.sops-nix.nixosModules.sops + ]; config = { - imports = [ - inputs.sops-nix.nixosModules.sops - ]; - sops.secrets."nathan/pass" = { neededForUsers = true; sopsFile = ./secrets.yaml; From dea26059eb83e795f272b5bc0902fc360195901a Mon Sep 17 00:00:00 2001 From: Nathan Date: Thu, 23 Apr 2026 18:38:55 -0500 Subject: [PATCH 08/62] test iso --- modules/features/remoteBuilds.nix | 13 ++---- modules/features/sops.nix | 21 +++++++++ modules/users/nathan/home-manager/.sops.yaml | 11 ----- modules/users/nathan/home-manager/default.nix | 32 +------------- .../nathan/home-manager/features/git.nix | 22 +++------- .../nathan/home-manager/features/sops.nix | 23 ++++++++++ .../nathan/home-manager/features/ssh.nix | 44 ++++++++++++------- .../users/nathan/home-manager/secrets.yaml | 36 --------------- modules/users/nathan/nathan.nix | 28 ++++++------ modules/users/nathan/sops.nix | 19 ++++++++ 10 files changed, 117 insertions(+), 132 deletions(-) create mode 100644 modules/features/sops.nix delete mode 100644 modules/users/nathan/home-manager/.sops.yaml create mode 100644 modules/users/nathan/home-manager/features/sops.nix delete mode 100644 modules/users/nathan/home-manager/secrets.yaml create mode 100644 modules/users/nathan/sops.nix diff --git a/modules/features/remoteBuilds.nix b/modules/features/remoteBuilds.nix index f41eb47..0f80aa1 100644 --- a/modules/features/remoteBuilds.nix +++ b/modules/features/remoteBuilds.nix @@ -1,6 +1,6 @@ { inputs, ... }: { - flake.nixosModules.remoteBuilds = { config, lib, ... }: { + flake.nixosModules.sops = { config, lib, ... }: { imports = [ inputs.sops-nix.nixosModules.sops @@ -23,9 +23,9 @@ sshKey = config.sops.secrets."remoteBuildKey".path; supportedFeatures = [ "nixos-test" - "benchmark" - "big-parallel" - "kvm" + "benchmark" + "big-parallel" + "kvm" ]; systems = [ "x86_64-linux" "aarch64-linux" ]; } @@ -55,11 +55,6 @@ path = "/etc/ssh/authorized_keys.d/remote-builder"; owner = "remote-builder"; }; - - sops = { - age.keyFile = "/var/lib/sops/age/keys.txt"; - defaultSopsFormat = "yaml"; - }; }; }; } diff --git a/modules/features/sops.nix b/modules/features/sops.nix new file mode 100644 index 0000000..1f5bf9c --- /dev/null +++ b/modules/features/sops.nix @@ -0,0 +1,21 @@ +{ inputs, ... }: { + + flake.nixosModules.sops = { config, lib, ... }: { + + imports = [ + inputs.sops-nix.nixosModules.sops + ]; + + config = { + + sops = { + age = { + keyFile = "/var/lib/sops/age/keys.txt"; + generateKey = true; + }; + + defaultSopsFormat = "yaml"; + }; + }; + }; +} diff --git a/modules/users/nathan/home-manager/.sops.yaml b/modules/users/nathan/home-manager/.sops.yaml deleted file mode 100644 index 45c4006..0000000 --- a/modules/users/nathan/home-manager/.sops.yaml +++ /dev/null @@ -1,11 +0,0 @@ -keys: - - &homebox age1640eg0pnmkruc89m5xguz0m8fek44fl4tzez6qwuzlz6kmapqewsp8esxd - - &laptop age1yqgyp2uxz4lzrc9f9ka0mfjl5fr6ahf8nf24nlmran2wulg6fpvq9hyp9q - - &android age12pnf36uqesjmy3e0lythfnpwam3zg5mv8m936fc4jphy4ces2fdqwn0s74 -creation_rules: - - path_regex: ^secrets.yaml$ - key_groups: - - age: - - *laptop - - *homebox - - *android diff --git a/modules/users/nathan/home-manager/default.nix b/modules/users/nathan/home-manager/default.nix index 86f2b61..c0686c1 100644 --- a/modules/users/nathan/home-manager/default.nix +++ b/modules/users/nathan/home-manager/default.nix @@ -1,11 +1,8 @@ -{ self, inputs, ... }: { +{ self, ... }: { flake.homeModules.nathan = { config, lib, pkgs, ... }: { imports = with self.homeModules; [ - inputs.sops-nix.homeManagerModules.sops - - nathan-terminal nathan-mpd nathan-nh @@ -41,35 +38,8 @@ iconTheme.name = "rose-pine-moon"; }; - sops = { - age.keyFile = "${config.home.homeDirectory}/.config/sops/age/keys.txt"; - defaultSopsFile = ./secrets.yaml; - defaultSopsFormat = "yaml"; - -#secrets."remoteBuildKey" = {}; - }; - services.mpris-proxy.enable = true; - programs.ssh = { - enable = true; - - matchBlocks = { - "builder" = { - hostname = "esotericbytes.com"; - user = "remote-builder"; - identityFile = "${config.home.homeDirectory}/.ssh/id_ed25519"; - port = 22; - }; - - "remote" = { - hostname = "esotericbytes.com"; - user = "nathan"; - identityFile = "${config.home.homeDirectory}/.ssh/id_ed25519"; - port = 22; - }; - }; - }; }; }; } diff --git a/modules/users/nathan/home-manager/features/git.nix b/modules/users/nathan/home-manager/features/git.nix index d3f2ff8..6393647 100644 --- a/modules/users/nathan/home-manager/features/git.nix +++ b/modules/users/nathan/home-manager/features/git.nix @@ -4,26 +4,9 @@ config = { - sops = { - secrets = { - "git/username" = {}; - "git/email" = {}; - }; - - templates.gitconfig.content = '' - [user] - name = "${config.sops.placeholder."git/username"}" - email = "${config.sops.placeholder."git/email"}" - ''; - }; - programs.git = { enable = true; - includes = [ - { path = "${config.sops.templates.gitconfig.path}"; } - ]; - settings = { init = { defaultBranch = "master"; @@ -38,6 +21,11 @@ ]; }; }; + + user = { + name = "Nathan"; + email = "nathanblunkall5@gmail.com"; + }; }; }; }; diff --git a/modules/users/nathan/home-manager/features/sops.nix b/modules/users/nathan/home-manager/features/sops.nix new file mode 100644 index 0000000..9530c68 --- /dev/null +++ b/modules/users/nathan/home-manager/features/sops.nix @@ -0,0 +1,23 @@ +{ inputs, ... }: { + + flake.homeModules.nathan-sops = { config, lib, pkgs, ... }: { + + imports = [ + inputs.sops-nix.homeManagerModules.sops + ]; + + config = { + + sops = { + age = { + keyFile = "${config.home.homeDirectory}/.config/sops/age/keys.txt"; + generateKey = true; + }; + + defaultSopsFormat = "yaml"; + +#secrets."remoteBuildKey" = {}; + }; + }; + }; +} diff --git a/modules/users/nathan/home-manager/features/ssh.nix b/modules/users/nathan/home-manager/features/ssh.nix index e149ded..d5ff552 100644 --- a/modules/users/nathan/home-manager/features/ssh.nix +++ b/modules/users/nathan/home-manager/features/ssh.nix @@ -1,27 +1,41 @@ { ... }: { - flake.homeModules.nathan-terminal = { ... }: { + flake.homeModules.nathan-terminal = { config, ... }: { programs.ssh = { - enable = true; -# defaults as of 25.11 - matchBlocks."*" = { - forwardAgent = false; - addKeysToAgent = "no"; - compression = false; - serverAliveInterval = 0; - serverAliveCountMax = 3; - hashKnownHosts = false; - userKnownHostsFile = "~/.ssh/known_hosts"; - controlMaster = "no"; - controlPath = "~/.ssh/master-%r@%n:%p"; - controlPersist = "no"; - }; enableDefaultConfig = false; + matchBlocks = { + "*" = { + forwardAgent = false; + addKeysToAgent = "no"; + compression = false; + serverAliveInterval = 0; + serverAliveCountMax = 3; + hashKnownHosts = false; + userKnownHostsFile = "~/.ssh/known_hosts"; + controlMaster = "no"; + controlPath = "~/.ssh/master-%r@%n:%p"; + controlPersist = "no"; + }; + + "builder" = { + hostname = "esotericbytes.com"; + user = "remote-builder"; + identityFile = "${config.home.homeDirectory}/.ssh/id_ed25519"; + port = 22; + }; + + "remote" = { + hostname = "esotericbytes.com"; + user = "nathan"; + identityFile = "${config.home.homeDirectory}/.ssh/id_ed25519"; + port = 22; + }; + }; }; }; } diff --git a/modules/users/nathan/home-manager/secrets.yaml b/modules/users/nathan/home-manager/secrets.yaml deleted file mode 100644 index c521a86..0000000 --- a/modules/users/nathan/home-manager/secrets.yaml +++ /dev/null @@ -1,36 +0,0 @@ -git: - username: ENC[AES256_GCM,data:418z4cCK,iv:tgPmynsW8fEJs6n+OGfm6IypOjNNhVdVaqFImeKXpC4=,tag:V5zI47vb9FnSO/OWurbJ+A==,type:str] - email: ENC[AES256_GCM,data:xp6HlIO1pTgvrXpGAOQwl0UvcnY4zrLrmw==,iv:LzGkluWeSe8MQqPXQMnNOv062UY+BkQE1fGjGqd/nCg=,tag:Y9nwo+Hjcg4ea2GxGKWApA==,type:str] -sops: - age: - - recipient: age1yqgyp2uxz4lzrc9f9ka0mfjl5fr6ahf8nf24nlmran2wulg6fpvq9hyp9q - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvMktJdFhxRjhaT0MyZ0N3 - YVBMYlNkRnl1eU8zajZLWXRPajZzWDBGQWxVCkhMcEdsNlVKQ1VHR2hjZWdsR1gx - MkhCeVZGUDJwdkdDTiswRW40QjRRYWMKLS0tIENIN2pheisyR21YZkIzblVZZ1cw - bHpLWEdPdUc4d2ZSS1FjUDM0QWRQUWsKqvlH0oWHH/PhMDTYT5KhCTzaEffsf1jM - r0o60YUCe6pUFs0qPvOxEPM3bq+7MkUpH4eXVAw3tCov3nUkmwlVZg== - -----END AGE ENCRYPTED FILE----- - - recipient: age1640eg0pnmkruc89m5xguz0m8fek44fl4tzez6qwuzlz6kmapqewsp8esxd - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5K3ovcmpPck1reGVPQ0lm - YTYvNGtaSk4vLzlYSW0rSkpHcjZWUnBMS2dBCmt3RU1PMkJ1VU5wNUc1NC9lbGFk - cjl6cXp6M292enFHckkyamwwaDRia2MKLS0tIGRUTzFGdDZFaS9LdkRjMW56U25B - emRDTncvNnlycHF3V2VJN3NlZTNVSjgK8RUx9qImdqjHBHisnwY+qRZ9vuafl3MN - jnJsIsKSdF51dWYskEMVnPYwn9HdOKkAh6amwSITcw3ZCcK7ftfT+g== - -----END AGE ENCRYPTED FILE----- - - recipient: age12pnf36uqesjmy3e0lythfnpwam3zg5mv8m936fc4jphy4ces2fdqwn0s74 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRWXVTSVQvNEhsMkQ2QkRl - SlZLTWN2eUdMa3MwdTBHZE8vdENKTTRKYVF3Ck01N2VNQUJPeHBwVHZTNWYzbXR5 - ZS9hUDQydy9nQnR0SVpiUHV6ejhPb0EKLS0tIEZKeXV5QnpZYzBCVDR3WjVSV2Vv - TmJkL3VUbTRLNGNISGhFaGpmaXJ1cDAKpiZ8Nfml0KFq46JRg+394BCyZmnpE4XC - zqxRrNlGH/EDp00q5/jN84vQA+bOhGHcScQpvRCDKMXehQn3H4jksw== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-08-16T16:08:48Z" - mac: ENC[AES256_GCM,data:3/ztJNXhOIPqgQ47QxjM5KTeAJwXPpUuVtvI5/xJsMOOZhXYRt+uhL584F98rJiMHhnbsuGIZi+jGlYRiE6c+GJ9X7TKLj9yRqKvCMSCdWHGzY721GH5kMPcjD2YDYZ4tt+olIMePNJBPjC1XJgfhfOvs43o2HyDTCS95cEQzB4=,iv:qofZBAwxbTrc/hPyuSi8nxibJ0bGhoytZpUTZwwzbuI=,tag:z1SJXutJmlJ+j6RnV4u29Q==,type:str] - unencrypted_suffix: _unencrypted - version: 3.10.2 diff --git a/modules/users/nathan/nathan.nix b/modules/users/nathan/nathan.nix index 9719c0c..89e8fc4 100644 --- a/modules/users/nathan/nathan.nix +++ b/modules/users/nathan/nathan.nix @@ -6,23 +6,16 @@ iso = [ "iso" ]; useWith = x: y: (lib.mkIf (builtins.any (z: z == config.networking.hostName) x) y); in { - - imports = [ - inputs.sops-nix.nixosModules.sops - ]; - + config = { - sops.secrets."nathan/pass" = { - neededForUsers = true; - sopsFile = ./secrets.yaml; - }; - users.users.nathan = { shell = pkgs.zsh; name = lib.mkDefault "nathan"; isNormalUser = lib.mkDefault true; - hashedPasswordFile = lib.mkDefault config.sops.secrets."nathan/pass".path; + hashedPassword = lib.mkIf + (config.users.users.nathan.hashedPasswordFile == null) + "$y$j9T$F0pn6l4C45lz4a0FTZLqE0$Fc48Ptbmz/3MJCk/Jsaqop4ff.bY3J3GcjhmJx5R7k6"; extraGroups = [ "networkmanager" "docker" "libvirtd" "wheel" ]; openssh.authorizedKeys.keys = lib.mkMerge [ (useWith (homebox ++ iso) [ @@ -52,6 +45,7 @@ (useWith (laptop ++ iso) nathan-kitty) (useWith (laptop ++ iso) nathan-scripts) (useWith (laptop ++ iso) nathan-pywal) + (useWith (laptop ++ homebox) nathan-sops) (useWith laptop { wayland.windowManager.hyprland.extraConfig = '' @@ -64,9 +58,17 @@ }; }; - flake.homeModules.nathan-standalone = { lib, ... }: + flake.homeModules.nathan-sops = { ... }: { + imports = [ + inputs.sops-nix.homeManagerModules.sops + ]; + + config = { + sops.defaultSopsFile = ./secrets.yaml; + }; + }; - { + flake.homeModules.nathan-standalone = { ... }: { config = { diff --git a/modules/users/nathan/sops.nix b/modules/users/nathan/sops.nix new file mode 100644 index 0000000..90af126 --- /dev/null +++ b/modules/users/nathan/sops.nix @@ -0,0 +1,19 @@ +{ inputs, ... }: { + + flake.nixosModules.sops = { config, lib, ... }: { + + imports = [ + inputs.sops-nix.nixosModules.sops + ]; + + config = { + + sops.secrets."nathan/pass" = { + neededForUsers = true; + sopsFile = ./secrets.yaml; + }; + + users.users.nathan.hashedPasswordFile = lib.mkDefault config.sops.secrets."nathan/pass".path; + }; + }; +} From 47c9437df7de2998dce930cb20aebf3ba4fad98a Mon Sep 17 00:00:00 2001 From: Nathan Date: Thu, 23 Apr 2026 19:12:28 -0500 Subject: [PATCH 09/62] test iso --- modules/users/nathan/nathan.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/users/nathan/nathan.nix b/modules/users/nathan/nathan.nix index 89e8fc4..6c7ad79 100644 --- a/modules/users/nathan/nathan.nix +++ b/modules/users/nathan/nathan.nix @@ -92,6 +92,7 @@ modules = [ self.homeModules.nathan + self.homeModules.nathan-standalone ]; }; } From 1e3cf302928cc6ce7b779d453fd6a66b58cb7fd2 Mon Sep 17 00:00:00 2001 From: Nathan Date: Thu, 23 Apr 2026 20:21:38 -0500 Subject: [PATCH 10/62] fix website --- modules/features/traefik/config/routing.yml | 2 +- modules/hosts/pi4/configuration.nix | 24 +++++++++++++-------- modules/users/nathan/nathan.nix | 2 ++ 3 files changed, 18 insertions(+), 10 deletions(-) diff --git a/modules/features/traefik/config/routing.yml b/modules/features/traefik/config/routing.yml index 60acba4..280ef38 100644 --- a/modules/features/traefik/config/routing.yml +++ b/modules/features/traefik/config/routing.yml @@ -8,7 +8,7 @@ http: rule: "Host(`esotericbytes.com`) || Host(`www.esotericbytes.com`)" service: "homepage" middlewares: - - authentik + - authentik@docker tls: certResolver: "cloudflare" diff --git a/modules/hosts/pi4/configuration.nix b/modules/hosts/pi4/configuration.nix index 4a22b06..08818ca 100644 --- a/modules/hosts/pi4/configuration.nix +++ b/modules/hosts/pi4/configuration.nix @@ -1,11 +1,19 @@ -{ inputs, ... }: { +{ self, inputs, ... }: { flake.nixosModules.pi4 = { config, pkgs, ... }: { - imports = [ - inputs.disko.nixosModules.default + imports = with self.nixosModules; [ + inputs.disko.nixosModules.default - inputs.home-manager.nixosModules.default + inputs.home-manager.nixosModules.default + + self.nixosModules.default + user-nathan + netbird + avahi + openssh + remoteBuilds + sops ]; config = { @@ -57,13 +65,13 @@ SUBSYSTEM=="bcm2835-gpiomem", KERNEL=="gpiomem", GROUP="gpio",MODE="0660" SUBSYSTEM=="gpio", KERNEL=="gpiochip*", ACTION=="add", RUN+="${pkgs.bash}/bin/bash -c 'chown root:gpio /sys/class/gpio/export /sys/class/gpio/unexport ; chmod 220 /sys/class/gpio/export /sys/class/gpio/unexport'" SUBSYSTEM=="gpio", KERNEL=="gpio*", ACTION=="add",RUN+="${pkgs.bash}/bin/bash -c 'chown root:gpio /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value ; chmod 660 /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value'" - ''; + ''; pulseaudio = { enable = true; extraConfig = '' load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1 - ''; + ''; }; }; @@ -77,11 +85,9 @@ fonts.packages = with pkgs; [ nerd-fonts.fira-code ]; - sound.enable = true; - security.rtkit.enable = true; - system.stateVersion = "25.05"; + system.stateVersion = "25.11"; }; }; } diff --git a/modules/users/nathan/nathan.nix b/modules/users/nathan/nathan.nix index 6c7ad79..15a93d7 100644 --- a/modules/users/nathan/nathan.nix +++ b/modules/users/nathan/nathan.nix @@ -4,6 +4,8 @@ laptop = [ "laptop" ]; homebox = [ "homebox" ]; iso = [ "iso" ]; + #pi4 = [ "pi4" ]; + #z2w = [ "red-black" "blue-white" ]; useWith = x: y: (lib.mkIf (builtins.any (z: z == config.networking.hostName) x) y); in { From f7ed1862a07bbce66ae5a7e1fc8e227740a2a059 Mon Sep 17 00:00:00 2001 From: Nathan Date: Thu, 23 Apr 2026 20:23:46 -0500 Subject: [PATCH 11/62] fix imports --- modules/hosts/homebox/configuration.nix | 2 +- modules/hosts/laptop/configuration.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/hosts/homebox/configuration.nix b/modules/hosts/homebox/configuration.nix index 4e436de..d327d02 100644 --- a/modules/hosts/homebox/configuration.nix +++ b/modules/hosts/homebox/configuration.nix @@ -13,7 +13,7 @@ avahi netbird openssh - remoteBuilds + sops docker diff --git a/modules/hosts/laptop/configuration.nix b/modules/hosts/laptop/configuration.nix index a826978..cf3ad54 100644 --- a/modules/hosts/laptop/configuration.nix +++ b/modules/hosts/laptop/configuration.nix @@ -15,7 +15,7 @@ avahi netbird openssh - remoteBuilds + sops ]; config = { From e0401af9f49be4f0c87727cf37ade666e3c78d72 Mon Sep 17 00:00:00 2001 From: Nathan Date: Thu, 23 Apr 2026 20:26:06 -0500 Subject: [PATCH 12/62] fix sops --- modules/features/sops.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/features/sops.nix b/modules/features/sops.nix index 1f5bf9c..dfaee86 100644 --- a/modules/features/sops.nix +++ b/modules/features/sops.nix @@ -11,7 +11,7 @@ sops = { age = { keyFile = "/var/lib/sops/age/keys.txt"; - generateKey = true; + #generateKey = true; }; defaultSopsFormat = "yaml"; From d32b7d135d7afdbfbe7ce5e8483b40d50a3b7827 Mon Sep 17 00:00:00 2001 From: Nathan Date: Thu, 23 Apr 2026 20:30:52 -0500 Subject: [PATCH 13/62] fix sops --- modules/users/nathan/secrets.yaml | 36 +++++++++++++++++++++++-------- 1 file changed, 27 insertions(+), 9 deletions(-) diff --git a/modules/users/nathan/secrets.yaml b/modules/users/nathan/secrets.yaml index e18d6b8..7c405b4 100644 --- a/modules/users/nathan/secrets.yaml +++ b/modules/users/nathan/secrets.yaml @@ -1,17 +1,35 @@ nathan: - pass: ENC[AES256_GCM,data:0hmcbyTLbmadTAMoSeOgBmpqgtCKtfrY1EIxIUoxgo+3297+jZqcsSmhPlFKtbornezm+7uPRzaVRHyp2G0Ee6mG4FbzUfGYFg==,iv:F2aTS/BPPxTemu4vEy9H0FY0HUEBWaRFeaoMr8TJbmA=,tag:Ai90KJluCimR6OG5BtCnVQ==,type:str] + pass: ENC[AES256_GCM,data:QCpcdtN8Bzn4UnrIdwcEv5jkpW1Xfsmhy7iMyOmBUuMFqqmKrJcFbIUJCuNUSqtRgRl4KO7gzUuXfZbaDX0tm+B/YDEt8vAWxQ==,iv:3GYAq0I2uqJ91YewyTVoTQNR6cnwJROQr2ipgHvbmSo=,tag:oHnAjSNqIIp39LLI8kSONQ==,type:str] sops: age: - recipient: age1yqgyp2uxz4lzrc9f9ka0mfjl5fr6ahf8nf24nlmran2wulg6fpvq9hyp9q enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5cUF3YWY2STgwc1pzREJP - QndUajV6WUJFZEdtOGNOQ05Ua1hGM25IbzJJCjF3Z24rc0JwMSt5bnpIVDZ0ZGJG - ZE9LdEU3bXhsMUxEL0hlMTNTc0VkR0kKLS0tIHhWOGJocS94eWJUSXdtaldJSG50 - TjZCN3RneGtJa0hLNU1yTUlLMDJpcEUKNvpcKkNXeRyFsn0CRjSKNb89l1864I6A - Yzijw0c0BVfivhn2wAyq0fYuw2rT+vIJdFUHvIgxkpkZFl4n/RucOQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNOWVVVVpVdGFMMmNaTmU2 + ZStjR0liZVVKSHcyQUhiVkdCeWhCZUVGMzFRCkFRc0xpdUJ5R0lMUHZzcVN3TTd3 + OXVuNHhqSVBoYnFveFljbHlBbGRoZVkKLS0tIHgvOFA2cGxMaTFBUGFrQVBmRVJ1 + N3ZvV3VKbmhNUGx1ckhhdWZVemRCMGcKLwZZ+wlV8EOCk7F5eaBFR4HPPCjvPI/+ + UyQFJSzc9gGCNrhGicFtrDLx0m/JCzU/jILFUXav9IUTZ8ZRi01BOA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-08-31T19:51:15Z" - mac: ENC[AES256_GCM,data:L4SK7iaPX3dPJTyl2RgSuqMcoFRm8q9k64TsroV3tT1uWn0J9XRBj9KXgGj/qLloQkgmZsmtct8w2x5tYYosh5k1+056/DeTD8l/Nw5339qKJppRjg6jYNtw02ZGPSNFQdmGNQU9NOOuT8Q94sl0mphwlYhFV1Tf1r/AoSg1ja8=,iv:/qEVdxOR8CDJ2plE8Ez9ML+u+lKPmsNfV0GyXgBbQRk=,tag:EyjdJzvuHXn+0+5hOk0dVg==,type:str] + - recipient: age1640eg0pnmkruc89m5xguz0m8fek44fl4tzez6qwuzlz6kmapqewsp8esxd + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWQ1hRVHIrWHp0ZnlFVmJR + ODk4VzZPWnBLaTMxK3pLR2VxQk9LY0tMWWhVCjFqUzMxb01JNXZuaWVIdEE2NkxL + UWp2UytEYVl0SnZHQm4veGNva1p1a2MKLS0tIEphZVU4VjJJblpDRzdNZ3hJbTAx + c3lUMjBXMjVUY2VlSm9SRTNHUEdJd1kK/hotdiVc5La4c6k4U73URA/26y6EMzDL + iHqVcXZmgkipQtFB5Fvfs/6Zuc0E2f4zQmZSaGw2hQheVl1snm5xiw== + -----END AGE ENCRYPTED FILE----- + - recipient: age12pnf36uqesjmy3e0lythfnpwam3zg5mv8m936fc4jphy4ces2fdqwn0s74 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJMDl4bWVPNnpxYXZmWG1h + N2krT2lqN09IOHlvS1FaL1hTNFpsZS9XUmdrCkRFc3YyaWNjejJobVlrdEFReW9N + RlRHdVc1RHNxUE0vV0VvTzdlMm11R3MKLS0tIEpDMUVVME9PdFVNVnVEeG5Oay9l + UU50YWtqSG5SYjc2YUhFWmNZc3NpNTAKPaL3XXAUMD0wjI3PkXEWN4epQPSURN+J + b7di0rMlc6JtJrtzU3HdfmXneMfd4Da9Xk1SeFIxKHS0AsD4cJyt2w== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2026-04-24T01:30:18Z" + mac: ENC[AES256_GCM,data:1tuKI1VMDSiCNWZ2fXp4G3Z0OmhxdyF8IlTaoEFCq324qNgaIfUX7TLfzzEF7ogctf1VBwdu2klGNRKAwjaVIZ8/9U7RgjtkbP5KGJMtXiVkDh1gNV31mlE9ogddxixkQiM9j3wI3RbgsAJaBwo3WGNwEeRrqO21unlE28BrMo0=,iv:Asdx7jYvylRDxWRu7XALP9FpPxWvban8pldJ5b/O9to=,tag:cECR7vjAR05RyLhEWIIrcA==,type:str] unencrypted_suffix: _unencrypted - version: 3.10.2 + version: 3.12.1 From ce0391f0e39ba5113a3019760ca367921b71f77d Mon Sep 17 00:00:00 2001 From: Nathan Date: Thu, 23 Apr 2026 20:37:09 -0500 Subject: [PATCH 14/62] fix n8n --- modules/features/n8n.nix | 2 +- modules/features/netbird/netbird.nix | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/features/n8n.nix b/modules/features/n8n.nix index 25e358a..bc54269 100644 --- a/modules/features/n8n.nix +++ b/modules/features/n8n.nix @@ -42,7 +42,7 @@ ]; extraOptions = [ - "--ip=192.168.101.2" + "--ip=192.168.101.6" ]; volumes = [ diff --git a/modules/features/netbird/netbird.nix b/modules/features/netbird/netbird.nix index 95a0dc1..bbb6d82 100644 --- a/modules/features/netbird/netbird.nix +++ b/modules/features/netbird/netbird.nix @@ -218,6 +218,7 @@ extraOptions = [ "--network-alias=signal" "--network=docker-main" + "--ip=192.168.101.2" ]; }; systemd.services."docker-netbird-signal" = { From a9deafe5dd34f3cdd0c628d305e61b9778c3afc7 Mon Sep 17 00:00:00 2001 From: Nathan Date: Thu, 23 Apr 2026 20:47:19 -0500 Subject: [PATCH 15/62] fix n8n --- modules/features/n8n.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/features/n8n.nix b/modules/features/n8n.nix index bc54269..0e80c94 100644 --- a/modules/features/n8n.nix +++ b/modules/features/n8n.nix @@ -42,7 +42,7 @@ ]; extraOptions = [ - "--ip=192.168.101.6" + "--ip=192.168.101.7" ]; volumes = [ From 13eecd7ae7b60a22d42c313327d070595926de23 Mon Sep 17 00:00:00 2001 From: Nathan Date: Thu, 23 Apr 2026 20:49:04 -0500 Subject: [PATCH 16/62] fix n8n --- modules/features/n8n.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/features/n8n.nix b/modules/features/n8n.nix index 0e80c94..88a9747 100644 --- a/modules/features/n8n.nix +++ b/modules/features/n8n.nix @@ -42,7 +42,7 @@ ]; extraOptions = [ - "--ip=192.168.101.7" + "--ip=192.168.101.14" ]; volumes = [ From 2f89e5771d94a8d484bec64cca2e333b567a77ab Mon Sep 17 00:00:00 2001 From: Nathan Date: Thu, 23 Apr 2026 22:08:15 -0500 Subject: [PATCH 17/62] smol iso pls --- .../nathan/home-manager/features/packages.nix | 20 +++++++++++++++++-- modules/users/nathan/nathan.nix | 11 ++++++++++ 2 files changed, 29 insertions(+), 2 deletions(-) diff --git a/modules/users/nathan/home-manager/features/packages.nix b/modules/users/nathan/home-manager/features/packages.nix index dcd9c7e..423aa96 100644 --- a/modules/users/nathan/home-manager/features/packages.nix +++ b/modules/users/nathan/home-manager/features/packages.nix @@ -2,6 +2,11 @@ flake.homeModules.nathan = { config, lib, pkgs, ... }: { + options.olympus.packageSet = lib.mkOption { + type = lib.types.str; + default = "full"; + }; + config = with lib; mkMerge [ { @@ -56,13 +61,24 @@ wl-clipboard xfce.thunar blueberry + brightnessctl + libdbusmenu-gtk3 + ]; + }) + + (mkIf (config.olympus.packageSet == "full") { + + nixpkgs.config = { + allowUnfree = true; + }; + + + home.packages = with pkgs; [ handbrake quickemu bottles - brightnessctl - libdbusmenu-gtk3 lmms #unfree { diff --git a/modules/users/nathan/nathan.nix b/modules/users/nathan/nathan.nix index 15a93d7..7ac93e1 100644 --- a/modules/users/nathan/nathan.nix +++ b/modules/users/nathan/nathan.nix @@ -56,6 +56,17 @@ bind = ALT, Escape, exec, if [[ $(hyprctl monitors | grep 0x0 | sed -n -e "s/\t*1920x1080@//" -e "s/.[1234567890]* at 0x0//p") == 300 ]]; then hyprctl keyword monitor eDP-1,1920x1080@60,0x0,1; else hyprctl keyword monitor eDP-1,1920x1080@300,0x0,1; fi ''; }) + + (useWith iso { + + olympus = { + packageSet = "minimal"; + }; + + wayland.windowManager.hyprland.extraConfig = '' + monitor=,preferred,auto,1 + ''; + }) ]; }; }; From 2afd0e1ba927340fdeef09b8a93c8938a451fb03 Mon Sep 17 00:00:00 2001 From: Nathan Date: Fri, 24 Apr 2026 00:42:35 -0500 Subject: [PATCH 18/62] test iso --- modules/features/networking.nix | 35 +++++++++++++++++++++++++++++ modules/hosts/iso/configuration.nix | 9 ++++++++ 2 files changed, 44 insertions(+) create mode 100644 modules/features/networking.nix diff --git a/modules/features/networking.nix b/modules/features/networking.nix new file mode 100644 index 0000000..98bf869 --- /dev/null +++ b/modules/features/networking.nix @@ -0,0 +1,35 @@ +{ ... }: { + + flake.nixosModules.static-eth = { config, lib, ... }: { + + networking = { + interfaces.eno1 = { + ipv4.addresses = [{ + address = "192.0.2.2"; + prefixLength = 24; + }]; + }; + + defaultGateway = { + address = "192.0.2.1"; + interface = "eno1"; + }; + }; + }; + + flake.nixosModules.static-wl = { config, lib, ... }: { + + networking = { + interfaces.wlo1 = { + ipv4.addresses = [{ + address = "192.0.3.2"; + prefixLength = 24; + }]; + }; + defaultGateway = { + address = "192.0.3.1"; + interface = "wlo1"; + }; + }; + }; +} diff --git a/modules/hosts/iso/configuration.nix b/modules/hosts/iso/configuration.nix index 729ae54..bf42fb5 100644 --- a/modules/hosts/iso/configuration.nix +++ b/modules/hosts/iso/configuration.nix @@ -37,6 +37,15 @@ ]; }; + environment.etc."wallpaper.jpg".source = ./../../users/nathan/home-manager/dotfiles/Wallpaper/bluescape.jpg; + + system.activationScripts."wallpaperInit" = { + text = '' + mkdir -p /tmp/aurora/wallpaper + cp /etc/wallpaper.jpg /tmp/aurora/wallpaper/wallpaper.jpg + ''; + }; + users.users.nixos.enable = lib.mkForce false; networking = { From 5f1c29d90ec7fa97c191bdce9fa91415a36be63c Mon Sep 17 00:00:00 2001 From: Nathan Date: Fri, 24 Apr 2026 09:07:09 -0500 Subject: [PATCH 19/62] test iso --- flake.nix | 4 ++++ modules/features/hyprland.nix | 2 ++ modules/hosts/laptop/configuration.nix | 1 - modules/hosts/z2w/configuration.nix | 0 modules/hosts/z2w/default.nix | 16 ++++++++++++++++ 5 files changed, 22 insertions(+), 1 deletion(-) create mode 100644 modules/hosts/z2w/configuration.nix create mode 100644 modules/hosts/z2w/default.nix diff --git a/flake.nix b/flake.nix index 1616680..35ae87f 100644 --- a/flake.nix +++ b/flake.nix @@ -16,6 +16,10 @@ inputs.nixpkgs.follows = "nixpkgs"; }; + nixos-hardware.url = "github:nix-community/nixos-hardware/master"; + + nixos-opi-zero2w.url = "github:virusdave/nixos-opi-zero2w"; + sops-nix = { url = "github:Mic92/sops-nix"; inputs.nixpkgs.follows = "nixpkgs"; diff --git a/modules/features/hyprland.nix b/modules/features/hyprland.nix index ab2d231..fdcc035 100644 --- a/modules/features/hyprland.nix +++ b/modules/features/hyprland.nix @@ -22,6 +22,8 @@ portalPackage = inputs.hyprland.packages.${system}.xdg-desktop-portal-hyprland; }; + + programs.partition-manager.enable = true; }; }; } diff --git a/modules/hosts/laptop/configuration.nix b/modules/hosts/laptop/configuration.nix index cf3ad54..d7302e1 100644 --- a/modules/hosts/laptop/configuration.nix +++ b/modules/hosts/laptop/configuration.nix @@ -48,7 +48,6 @@ }; - programs.partition-manager.enable = true; services.pulseaudio.enable = false; environment.systemPackages = with pkgs; [ diff --git a/modules/hosts/z2w/configuration.nix b/modules/hosts/z2w/configuration.nix new file mode 100644 index 0000000..e69de29 diff --git a/modules/hosts/z2w/default.nix b/modules/hosts/z2w/default.nix new file mode 100644 index 0000000..a0274a3 --- /dev/null +++ b/modules/hosts/z2w/default.nix @@ -0,0 +1,16 @@ +{ self, inputs, ... }: { + + flake.nixosConfigurations."blue-white" = inputs.nixpkgs.lib.nixosSystem { + + system = "aarch64-linux"; + + modules = inputs.nixos-opi-zero2w.lib.withOpiZero2wInstallerEssentials [ + self.nixosModules.z2w + self.nixosModules.z2w-hardware + #self.diskoConfigurations.z2w + ({ ... }: { + networking.hostName = "blue-white"; + }) + ]; + }; +} From 5b5dbdb3cd65ce38f1566f748035fc96972d9a2f Mon Sep 17 00:00:00 2001 From: Nathan Date: Fri, 24 Apr 2026 09:09:05 -0500 Subject: [PATCH 20/62] test iso --- flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index 35ae87f..df1b24b 100644 --- a/flake.nix +++ b/flake.nix @@ -16,7 +16,7 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - nixos-hardware.url = "github:nix-community/nixos-hardware/master"; + nixos-hardware.url = "github:nixos/nixos-hardware/master"; nixos-opi-zero2w.url = "github:virusdave/nixos-opi-zero2w"; From e192ae93a68df78a116f17e063355d941c78c66d Mon Sep 17 00:00:00 2001 From: Nathan Date: Fri, 24 Apr 2026 09:11:42 -0500 Subject: [PATCH 21/62] update flake --- flake.lock | 168 +++++++++++++++++++++++++++++++++++------------------ 1 file changed, 110 insertions(+), 58 deletions(-) diff --git a/flake.lock b/flake.lock index c3f31fc..c0f3487 100644 --- a/flake.lock +++ b/flake.lock @@ -20,11 +20,11 @@ ] }, "locked": { - "lastModified": 1775558810, - "narHash": "sha256-fy95EdPnqQlpbP8+rk0yWKclWShCUS5VKs6P7/1MF2c=", + "lastModified": 1776702787, + "narHash": "sha256-qc5uwEWbuubzYthmZcfCapooZGXhoYZWfTQ24TozbCQ=", "owner": "hyprwm", "repo": "aquamarine", - "rev": "7371b669b22aa2af980f913fc312a786d2f1abb2", + "rev": "9a1ca6b8cb4d86a599787a55b78f2ddf809bf945", "type": "github" }, "original": { @@ -61,11 +61,11 @@ ] }, "locked": { - "lastModified": 1773889306, - "narHash": "sha256-PAqwnsBSI9SVC2QugvQ3xeYCB0otOwCacB1ueQj2tgw=", + "lastModified": 1776613567, + "narHash": "sha256-gC9Cp5ibBmGD5awCA9z7xy6MW6iJufhazTYJOiGlCUI=", "owner": "nix-community", "repo": "disko", - "rev": "5ad85c82cc52264f4beddc934ba57f3789f28347", + "rev": "32f4236bfc141ae930b5ba2fb604f561fed5219d", "type": "github" }, "original": { @@ -82,11 +82,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1775880170, - "narHash": "sha256-63PLZ7lspPAqpV/+d0oNtDHLCWQf1MVFRG2DOeDK+nU=", + "lastModified": 1777003388, + "narHash": "sha256-IS8oeyaqYS/MPpDp0Z7i86PwcdTqJ2dritgdRtWzkew=", "owner": "rycee", "repo": "nur-expressions", - "rev": "28b164d30b5ab6820ef7e17281ae55c539ae9ff5", + "rev": "03d4270c1f75494910b7b8039b1a050bc7055c97", "type": "gitlab" }, "original": { @@ -251,14 +251,14 @@ }, "home-manager_3": { "inputs": { - "nixpkgs": "nixpkgs_5" + "nixpkgs": "nixpkgs_6" }, "locked": { - "lastModified": 1776885253, - "narHash": "sha256-vslJ5ezhyD+HBMEqzsPLOBfalILmPrAABR68yxrhEuM=", + "lastModified": 1777004352, + "narHash": "sha256-SV+9PgNwZ8jHVCjK6YaCBzaheLSW7cDnm5DpOYrD8Vw=", "owner": "nix-community", "repo": "home-manager", - "rev": "d79c987e654347083e903ab6d2a89ed3d0752177", + "rev": "6012cf1fed3eba66115f3fd117b9be6bd2a15b2f", "type": "github" }, "original": { @@ -283,11 +283,11 @@ ] }, "locked": { - "lastModified": 1772461003, - "narHash": "sha256-pVICsV7FtcEeVwg5y/LFh3XFUkVJninm/P1j/JHzEbM=", + "lastModified": 1776511930, + "narHash": "sha256-fCpwFiTW0rT7oKJqr3cqHMnkwypSwQKpbtUEtxdkgrM=", "owner": "hyprwm", "repo": "hyprcursor", - "rev": "b62396457b9cfe2ebf24fe05404b09d2a40f8ed7", + "rev": "39435900785d0c560c6ae8777d29f28617d031ef", "type": "github" }, "original": { @@ -312,11 +312,11 @@ ] }, "locked": { - "lastModified": 1775496928, - "narHash": "sha256-Ds759WU03mGWtu3I43J+5GF5Ni8TvF+GYQUFD+fVeMo=", + "lastModified": 1776426399, + "narHash": "sha256-RUESLKNikIeEq9ymGJ6nmcDXiSFQpUW1IhJ245nL3xM=", "owner": "hyprwm", "repo": "hyprgraphics", - "rev": "cf95d93d17baa18f1d9b016b3afe27f820521a6e", + "rev": "68d064434787cf1ed4a2fe257c03c5f52f33cf84", "type": "github" }, "original": { @@ -342,11 +342,11 @@ "xdph": "xdph" }, "locked": { - "lastModified": 1775828308, - "narHash": "sha256-mKW54+ilZNBVsU3GnzHhZUb041H7L/R8aPA0GD+1oKQ=", + "lastModified": 1776947531, + "narHash": "sha256-BnUJwexEDpt10Csws8UNq/34r5zaUl8oXNrDHd6oJVA=", "ref": "refs/heads/main", - "rev": "f7755322fc515108cc9eed8113c09492d4a352c1", - "revCount": 7141, + "rev": "b65714e3b8e123fb2febd507905d25fa6abd0400", + "revCount": 7171, "submodules": true, "type": "git", "url": "https://github.com/hyprwm/Hyprland" @@ -390,11 +390,11 @@ ] }, "locked": { - "lastModified": 1774710575, - "narHash": "sha256-p7Rcw13+gA4Z9EI3oGYe3neQ3FqyOOfZCleBTfhJ95Q=", + "lastModified": 1776426575, + "narHash": "sha256-KI6nIfVihn/DPaeB5Et46Xg3dkNHrrEtUd5LBBVomB0=", "owner": "hyprwm", "repo": "hyprland-guiutils", - "rev": "0703df899520001209646246bef63358c9881e36", + "rev": "a968d211048e3ed538e47b84cb3649299578f19d", "type": "github" }, "original": { @@ -444,11 +444,11 @@ ] }, "locked": { - "lastModified": 1772459629, - "narHash": "sha256-/iwvNUYShmmnwmz/czEUh6+0eF5vCMv0xtDW0STPIuM=", + "lastModified": 1776426736, + "narHash": "sha256-rl7i4aY+9p8LysJp7o8uRWahCkpFznCgGHXszlTw7b0=", "owner": "hyprwm", "repo": "hyprlang", - "rev": "7615ee388de18239a4ab1400946f3d0e498a8186", + "rev": "7833ff33b2e82d3406337b5dcf0d1cec595d83e9", "type": "github" }, "original": { @@ -521,11 +521,11 @@ ] }, "locked": { - "lastModified": 1774911391, - "narHash": "sha256-c4YVwO33Mmw+FIV8E0u3atJZagHvGTJ9Jai6RtiB8rE=", + "lastModified": 1776428866, + "narHash": "sha256-XfRlBolGtjvalTHJp3XvvpYLBjkMhaZLLU0WqZ91Fcg=", "owner": "hyprwm", "repo": "hyprutils", - "rev": "e6caa3d4d1427eedbdf556cf4ceb70f2d9c0b56d", + "rev": "eedd60805cd96d4442586f2ba5fe51d549b12674", "type": "github" }, "original": { @@ -546,11 +546,11 @@ ] }, "locked": { - "lastModified": 1772459835, - "narHash": "sha256-978jRz/y/9TKmZb/qD4lEYHCQGHpEXGqy+8X2lFZsak=", + "lastModified": 1776430932, + "narHash": "sha256-Yv3RPiUvl7CAsJgwIVsqcj7akn1gLyJP1F/mocof5hA=", "owner": "hyprwm", "repo": "hyprwayland-scanner", - "rev": "0a692d4a645165eebd65f109146b8861e3a925e7", + "rev": "4c2fcc06dc9722c97dbb54ba649c69b18ce83d2e", "type": "github" }, "original": { @@ -575,11 +575,11 @@ ] }, "locked": { - "lastModified": 1775414057, - "narHash": "sha256-mDpHnf+MkdOxEqIM1TnckYYh9p1SXR8B3KQfNZ12M8s=", + "lastModified": 1776728575, + "narHash": "sha256-z9eGphrArEBpl1O/GCH0wlY6z4K9vA6yWh2gAS6qytU=", "owner": "hyprwm", "repo": "hyprwire", - "rev": "86012ee01b0fdd8bf3101ef38816f2efbee42490", + "rev": "f3a80888783702a39691b684d099e16b83ed4702", "type": "github" }, "original": { @@ -618,6 +618,40 @@ "type": "github" } }, + "nixos-hardware": { + "locked": { + "lastModified": 1776983936, + "narHash": "sha256-ZOQyNqSvJ8UdrrqU1p7vaFcdL53idK+LOM8oRWEWh6o=", + "owner": "nixos", + "repo": "nixos-hardware", + "rev": "2096f3f411ce46e88a79ae4eafcfc9df8ed41c61", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "master", + "repo": "nixos-hardware", + "type": "github" + } + }, + "nixos-opi-zero2w": { + "inputs": { + "nixpkgs": "nixpkgs_4" + }, + "locked": { + "lastModified": 1772415536, + "narHash": "sha256-dS4XyDDVCjGEFDX4zgaalQqMlfWL7JfeLGJpLwcAAFE=", + "owner": "virusdave", + "repo": "nixos-opi-zero2w", + "rev": "1337ecfb2443f059f8971eb89eae487fbc6b0dcc", + "type": "github" + }, + "original": { + "owner": "virusdave", + "repo": "nixos-opi-zero2w", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1775423009, @@ -713,11 +747,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1775423009, - "narHash": "sha256-vPKLpjhIVWdDrfiUM8atW6YkIggCEKdSAlJPzzhkQlw=", + "lastModified": 1776548001, + "narHash": "sha256-ZSK0NL4a1BwVbbTBoSnWgbJy9HeZFXLYQizjb2DPF24=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "68d8aa3d661f0e6bd5862291b5bb263b2a6595c9", + "rev": "b12141ef619e0a9c1c84dc8c684040326f27cdcc", "type": "github" }, "original": { @@ -729,11 +763,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1775811116, - "narHash": "sha256-t+HZK42pB6N+i5RGbuy7Xluez/VvWbembBdvzsc23Ss=", + "lastModified": 1772047000, + "narHash": "sha256-7DaQVv4R97cii/Qdfy4tmDZMB2xxtyIvNGSwXBBhSmo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "54170c54449ea4d6725efd30d719c5e505f1c10e", + "rev": "1267bb4920d0fc06ea916734c11b0bf004bbe17e", "type": "github" }, "original": { @@ -744,6 +778,22 @@ } }, "nixpkgs_5": { + "locked": { + "lastModified": 1776734388, + "narHash": "sha256-vl3dkhlE5gzsItuHoEMVe+DlonsK+0836LIRDnm6MXQ=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "10e7ad5bbcb421fe07e3a4ad53a634b0cd57ffac", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-25.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_6": { "locked": { "lastModified": 1775423009, "narHash": "sha256-vPKLpjhIVWdDrfiUM8atW6YkIggCEKdSAlJPzzhkQlw=", @@ -759,7 +809,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_7": { "locked": { "lastModified": 1775710090, "narHash": "sha256-ar3rofg+awPB8QXDaFJhJ2jJhu+KqN/PRCXeyuXR76E=", @@ -775,7 +825,7 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_8": { "locked": { "lastModified": 1774701658, "narHash": "sha256-CIS/4AMUSwUyC8X5g+5JsMRvIUL3YUfewe8K4VrbsSQ=", @@ -795,7 +845,7 @@ "inputs": { "flake-parts": "flake-parts_3", "home-manager": "home-manager_3", - "nixpkgs": "nixpkgs_6", + "nixpkgs": "nixpkgs_7", "nixvim": "nixvim_2" }, "locked": { @@ -815,7 +865,7 @@ "nixvim_2": { "inputs": { "flake-parts": "flake-parts_4", - "nixpkgs": "nixpkgs_7", + "nixpkgs": "nixpkgs_8", "systems": "systems_2" }, "locked": { @@ -842,11 +892,11 @@ ] }, "locked": { - "lastModified": 1775036584, - "narHash": "sha256-zW0lyy7ZNNT/x8JhzFHBsP2IPx7ATZIPai4FJj12BgU=", + "lastModified": 1776796298, + "narHash": "sha256-PcRvlWayisPSjd0UcRQbhG8Oqw78AcPE6x872cPRHN8=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "4e0eb042b67d863b1b34b3f64d52ceb9cd926735", + "rev": "3cfd774b0a530725a077e17354fbdb87ea1c4aad", "type": "github" }, "original": { @@ -864,7 +914,9 @@ "home-manager": "home-manager_2", "hyprland": "hyprland", "import-tree": "import-tree_2", - "nixpkgs": "nixpkgs_4", + "nixos-hardware": "nixos-hardware", + "nixos-opi-zero2w": "nixos-opi-zero2w", + "nixpkgs": "nixpkgs_5", "nixpkgs-us": "nixpkgs-us", "nixvim": "nixvim", "sops-nix": "sops-nix" @@ -877,11 +929,11 @@ ] }, "locked": { - "lastModified": 1775682595, - "narHash": "sha256-0E9PohY/VuESLq0LR4doaH7hTag513sDDW5n5qmHd1Q=", + "lastModified": 1776771786, + "narHash": "sha256-DRFGPfFV6hbrfO9a1PH1FkCi7qR5FgjSqsQGGvk1rdI=", "owner": "Mic92", "repo": "sops-nix", - "rev": "d2e8438d5886e92bc5e7c40c035ab6cae0c41f76", + "rev": "bef289e2248991f7afeb95965c82fbcd8ff72598", "type": "github" }, "original": { @@ -948,11 +1000,11 @@ ] }, "locked": { - "lastModified": 1773601989, - "narHash": "sha256-2tJf/CQoHApoIudxHeJye+0Ii7scR0Yyi7pNiWk0Hn8=", + "lastModified": 1776608502, + "narHash": "sha256-UH8YoQxx4hFOm6qjMdjRQNRvSejFIR/wBZ8fW1p9sME=", "owner": "hyprwm", "repo": "xdg-desktop-portal-hyprland", - "rev": "a9b862d1aa000a676d310cc62d249f7ad726233d", + "rev": "4a293523d36dfa367e67ec304cc718ea66a8fec2", "type": "github" }, "original": { From b12be8335af2f82973343bf1431699156a3cabea Mon Sep 17 00:00:00 2001 From: Nathan Date: Fri, 24 Apr 2026 09:14:21 -0500 Subject: [PATCH 22/62] update flake --- modules/hosts/z2w/configuration.nix | 11 +++++++++++ modules/hosts/z2w/default.nix | 2 +- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/modules/hosts/z2w/configuration.nix b/modules/hosts/z2w/configuration.nix index e69de29..1d29838 100644 --- a/modules/hosts/z2w/configuration.nix +++ b/modules/hosts/z2w/configuration.nix @@ -0,0 +1,11 @@ +{ ... }: { + + flake.nixosModules.z2w = { ... }: { + + imports = [ + ]; + + config = { + }; + }; +} diff --git a/modules/hosts/z2w/default.nix b/modules/hosts/z2w/default.nix index a0274a3..f7715be 100644 --- a/modules/hosts/z2w/default.nix +++ b/modules/hosts/z2w/default.nix @@ -6,7 +6,7 @@ modules = inputs.nixos-opi-zero2w.lib.withOpiZero2wInstallerEssentials [ self.nixosModules.z2w - self.nixosModules.z2w-hardware + #self.nixosModules.z2w-hardware #self.diskoConfigurations.z2w ({ ... }: { networking.hostName = "blue-white"; From a42623f01eeeff81953ea4adbcbdf5a426241334 Mon Sep 17 00:00:00 2001 From: Nathan Date: Fri, 24 Apr 2026 20:53:46 -0500 Subject: [PATCH 23/62] hotspot broken --- modules/features/hotspot.nix | 43 +++++++++++++++++++++++++++++++++ modules/features/networking.nix | 35 --------------------------- modules/features/secrets.yaml | 7 +++--- 3 files changed, 47 insertions(+), 38 deletions(-) create mode 100644 modules/features/hotspot.nix delete mode 100644 modules/features/networking.nix diff --git a/modules/features/hotspot.nix b/modules/features/hotspot.nix new file mode 100644 index 0000000..d93727e --- /dev/null +++ b/modules/features/hotspot.nix @@ -0,0 +1,43 @@ +{ ... }: { + + flake.nixosModules.hotspot = { config, lib, ... }: { + + networking.interfaces."eno1" = { + useDHCP = false; + ipv4.addresses = [ + { address = "192.168.222.1"; prefixLength = 24; } + ]; + }; + + networking.firewall.interfaces."eno1" = { + allowedUDPPorts = [ 53 67 ]; + allowedTCPPorts = [ 53 67 ]; + }; + + networking.nat = { + enable = true; + externalInterface = "wlo1"; + internalInterfaces = [ "eno1" ]; + }; + + /*sops.secrets."hotspotPass".sopsFile = ./secrets.yaml; + + services.hostapd = { + enable = true; + + radios.wlo1 = { + networks.wlo1 = { + ssid = "laptopHotspot"; + authentication.saePasswords = [{ passwordFile = "${config.sops.secrets."hotspotPass".path}"; }]; + }; + }; + };*/ + + services.dnsmasq = { + enable = true; + settings = { + dhcp-range = [ "192.168.222.2,192.168.222.4" ]; + }; + }; + }; +} diff --git a/modules/features/networking.nix b/modules/features/networking.nix deleted file mode 100644 index 98bf869..0000000 --- a/modules/features/networking.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ ... }: { - - flake.nixosModules.static-eth = { config, lib, ... }: { - - networking = { - interfaces.eno1 = { - ipv4.addresses = [{ - address = "192.0.2.2"; - prefixLength = 24; - }]; - }; - - defaultGateway = { - address = "192.0.2.1"; - interface = "eno1"; - }; - }; - }; - - flake.nixosModules.static-wl = { config, lib, ... }: { - - networking = { - interfaces.wlo1 = { - ipv4.addresses = [{ - address = "192.0.3.2"; - prefixLength = 24; - }]; - }; - defaultGateway = { - address = "192.0.3.1"; - interface = "wlo1"; - }; - }; - }; -} diff --git a/modules/features/secrets.yaml b/modules/features/secrets.yaml index 561990b..e26a760 100644 --- a/modules/features/secrets.yaml +++ b/modules/features/secrets.yaml @@ -2,6 +2,7 @@ remoteBuildClientKeys: laptop: ENC[AES256_GCM,data:SZRAZ36nSueWVLcdvpgZpltp/aORqAObFWhgqtIrTYccoK/3F7l0J+VJzF51FASa6spbGJL2BSbzOygyal609pvJc9Hb9bIN85GMzV1P4lha62iC8dkuVLXezPU=,iv:veQJxL4QTxFg2UKm2+I3RQXyuwW2rXEV/gXIQ7nBtlY=,tag:9C9Ltzwz823yY029p9K41A==,type:str] pi4: ENC[AES256_GCM,data:zT7V70DbBj5OIl5dTkUjvdqrxSiPcc+oFvL7R2ZAuytSQWdo9MR+WuuhN1Zeo0Ho9eGcbS+Qwr/Vs+yIYU+XaUlgawHM6aiUXoQmQE/yJFOPYUcmi0R4mxD0nkPZ0w==,iv:HQ+bxpeHZq9cezF6omZ1OMecfOw74pXzBujndhXnLPM=,tag:AM5O21nYzb4xzybOPvBwRg==,type:str] android: ENC[AES256_GCM,data:srkEb7oAxcN5++sTWQo43C8M4JNpfeeJlcGLGUA6gp74kcES1HnIs87ZtCik121oMSYD15LZ8p/x/AV2QdGMobQFxoMQ2NEehhP66n2EoXcEos3BXqUlbphiBGMRfVK9+w==,iv:bmDbVfVSZLU+EsZh/GBBY9QVcfHZJB9gLZYeI3NYoGY=,tag:biE4/DN7z2wRyFBjK7vEnQ==,type:str] +hotspotPass: ENC[AES256_GCM,data:str2NCiO3mkWQiNWC1fouqHl,iv:gtwKki5hs9PHMzrK516QxZ4iLx8raIV7vCdJ7RpPd/E=,tag:j+Yw431Mghqt//bFUQnSSA==,type:str] sops: age: - recipient: age1yqgyp2uxz4lzrc9f9ka0mfjl5fr6ahf8nf24nlmran2wulg6fpvq9hyp9q @@ -31,7 +32,7 @@ sops: NXNhczV5Y3o3dmJ2RVk3eDBRd1FDdEkK4ELlB6suN3R3GJ6XRQCvE9mgiXUOMFs3 Yi+VfJTi3pkUQEi8MZP64Nl6IR5dXjUoPXFhBNcplmLf09JDjH4LJQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-08-26T22:28:31Z" - mac: ENC[AES256_GCM,data:hTEenm/UO84leu7alRdWlicKKrwNlaRR7ZQzhDtOCUcXemvwe30WkSq2mdzOnSo0uMSg1HZIlna8oRUd31ENe1aWfl69PlYPxEicmN5UHykVboXydw6m0yPoAqHj+nqG/vkWsVp0JN8HvTc59mzD+1DfydhJA3m0juaa81w5GsY=,iv:HBkE78QhX1wZANpvDW7nOIOTKBdCv0/dUc1Xv5+OQmQ=,tag:6I2z8MgZxnXjqd4iikA9nQ==,type:str] + lastmodified: "2026-04-24T23:13:22Z" + mac: ENC[AES256_GCM,data:m/4/y5r+BTeq5AtR6u3+vKxgTopGu+kIOGjaKMtNp/SSY1x086hzBfnB8p3BtLFijxYVrEqM/4JxvKU3m41jOtx4/1oSM/BXjHRUl+7diDSOcBaBtJMH2xam2b7Jlg4J0bW4ai3QnEQVF1A00dcmmEUqa/LZInFYSOXjB+FICCo=,iv:RcqpkSk8BSkcreVG1cY5f2OukCgcT36vqCyOfqoNXIs=,tag:aIDe4Tv5BygBYbyQ8GGr5Q==,type:str] unencrypted_suffix: _unencrypted - version: 3.10.2 + version: 3.12.1 From 0401508fba1515380627038d7d40e959b436d20a Mon Sep 17 00:00:00 2001 From: Nathan Date: Fri, 24 Apr 2026 21:49:00 -0500 Subject: [PATCH 24/62] hotspot test --- modules/features/hotspot.nix | 24 +++--------------------- modules/hosts/laptop/configuration.nix | 2 ++ 2 files changed, 5 insertions(+), 21 deletions(-) diff --git a/modules/features/hotspot.nix b/modules/features/hotspot.nix index d93727e..2fbded4 100644 --- a/modules/features/hotspot.nix +++ b/modules/features/hotspot.nix @@ -2,23 +2,11 @@ flake.nixosModules.hotspot = { config, lib, ... }: { - networking.interfaces."eno1" = { - useDHCP = false; - ipv4.addresses = [ - { address = "192.168.222.1"; prefixLength = 24; } - ]; + networking.firewall.interfaces."wlo1" = { + allowedUDPPorts = [ 67 68 ]; }; - networking.firewall.interfaces."eno1" = { - allowedUDPPorts = [ 53 67 ]; - allowedTCPPorts = [ 53 67 ]; - }; - - networking.nat = { - enable = true; - externalInterface = "wlo1"; - internalInterfaces = [ "eno1" ]; - }; + services.dnsmasq.enable = true; /*sops.secrets."hotspotPass".sopsFile = ./secrets.yaml; @@ -33,11 +21,5 @@ }; };*/ - services.dnsmasq = { - enable = true; - settings = { - dhcp-range = [ "192.168.222.2,192.168.222.4" ]; - }; - }; }; } diff --git a/modules/hosts/laptop/configuration.nix b/modules/hosts/laptop/configuration.nix index d7302e1..b1912ac 100644 --- a/modules/hosts/laptop/configuration.nix +++ b/modules/hosts/laptop/configuration.nix @@ -16,6 +16,8 @@ netbird openssh sops + + hotspot ]; config = { From f6bb0ccf0bd1274b3b12ab3f5bed06c88a41cd04 Mon Sep 17 00:00:00 2001 From: Nathan Date: Fri, 24 Apr 2026 21:55:40 -0500 Subject: [PATCH 25/62] hotspot test --- modules/features/hotspot.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/features/hotspot.nix b/modules/features/hotspot.nix index 2fbded4..4f83a9b 100644 --- a/modules/features/hotspot.nix +++ b/modules/features/hotspot.nix @@ -3,7 +3,8 @@ flake.nixosModules.hotspot = { config, lib, ... }: { networking.firewall.interfaces."wlo1" = { - allowedUDPPorts = [ 67 68 ]; + allowedUDPPorts = [ 53 67 68 ]; + allowedTCPPorts = [ 53 67 68 ]; }; services.dnsmasq.enable = true; From 1f368a10753cb4a1e357766033b84f4ccc2c9779 Mon Sep 17 00:00:00 2001 From: Nathan Date: Fri, 24 Apr 2026 22:39:11 -0500 Subject: [PATCH 26/62] hotspot test --- modules/features/hotspot.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/features/hotspot.nix b/modules/features/hotspot.nix index 4f83a9b..4910d83 100644 --- a/modules/features/hotspot.nix +++ b/modules/features/hotspot.nix @@ -7,6 +7,8 @@ allowedTCPPorts = [ 53 67 68 ]; }; + networking.networkmanager.dns = lib.mkForce "dnsmasq"; + services.dnsmasq.enable = true; /*sops.secrets."hotspotPass".sopsFile = ./secrets.yaml; From 15ef3e86bd42429d7faa2fcaca76f7dfd532e4c4 Mon Sep 17 00:00:00 2001 From: Nathan Date: Fri, 24 Apr 2026 22:44:21 -0500 Subject: [PATCH 27/62] hotspot test --- modules/features/hotspot.nix | 2 -- modules/hosts/laptop/configuration.nix | 2 +- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/modules/features/hotspot.nix b/modules/features/hotspot.nix index 4910d83..4f83a9b 100644 --- a/modules/features/hotspot.nix +++ b/modules/features/hotspot.nix @@ -7,8 +7,6 @@ allowedTCPPorts = [ 53 67 68 ]; }; - networking.networkmanager.dns = lib.mkForce "dnsmasq"; - services.dnsmasq.enable = true; /*sops.secrets."hotspotPass".sopsFile = ./secrets.yaml; diff --git a/modules/hosts/laptop/configuration.nix b/modules/hosts/laptop/configuration.nix index b1912ac..ca5da86 100644 --- a/modules/hosts/laptop/configuration.nix +++ b/modules/hosts/laptop/configuration.nix @@ -83,7 +83,7 @@ ]; networkmanager = { enable = true; - dns = "none"; + #dns = "none"; }; useDHCP = false; dhcpcd.enable = false; From 8cb0e39272260ab54b9fdf2e195b193deedbf0ac Mon Sep 17 00:00:00 2001 From: Nathan Date: Sat, 25 Apr 2026 08:14:18 -0500 Subject: [PATCH 28/62] hotspot test --- modules/features/hotspot.nix | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/modules/features/hotspot.nix b/modules/features/hotspot.nix index 4f83a9b..ec32b38 100644 --- a/modules/features/hotspot.nix +++ b/modules/features/hotspot.nix @@ -9,7 +9,7 @@ services.dnsmasq.enable = true; - /*sops.secrets."hotspotPass".sopsFile = ./secrets.yaml; + sops.secrets."hotspotPass".sopsFile = ./secrets.yaml; services.hostapd = { enable = true; @@ -19,8 +19,15 @@ ssid = "laptopHotspot"; authentication.saePasswords = [{ passwordFile = "${config.sops.secrets."hotspotPass".path}"; }]; }; - }; - };*/ + countryCode = "US"; + + wifi4 = { + enable = true; + }; + }; + }; + + networking.networkmanager.unmanaged = [ "wlo1" ]; }; } From fb6d6a600ff2891e8e43315e88949dc86f348b51 Mon Sep 17 00:00:00 2001 From: Nathan Date: Sat, 25 Apr 2026 08:22:33 -0500 Subject: [PATCH 29/62] hotspot test --- modules/features/hotspot.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/features/hotspot.nix b/modules/features/hotspot.nix index ec32b38..0f3c7b8 100644 --- a/modules/features/hotspot.nix +++ b/modules/features/hotspot.nix @@ -22,6 +22,10 @@ countryCode = "US"; + band = "2g"; + + channel = 7; + wifi4 = { enable = true; }; From 1c36f5d2b4e16f67f68e01888010440a74f11fc3 Mon Sep 17 00:00:00 2001 From: Nathan Date: Sat, 25 Apr 2026 08:34:45 -0500 Subject: [PATCH 30/62] hotspot test --- modules/features/hotspot.nix | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/modules/features/hotspot.nix b/modules/features/hotspot.nix index 0f3c7b8..0de171c 100644 --- a/modules/features/hotspot.nix +++ b/modules/features/hotspot.nix @@ -3,11 +3,18 @@ flake.nixosModules.hotspot = { config, lib, ... }: { networking.firewall.interfaces."wlo1" = { + ipv4.addresses = [{ address = "192.168.121.1"; prefixLength = 32; }]; allowedUDPPorts = [ 53 67 68 ]; allowedTCPPorts = [ 53 67 68 ]; }; - services.dnsmasq.enable = true; + services.dnsmasq = { + enable = true; + settings = { + interface = "wlo1"; + dhcp-range = [ "192.168.121.2,192.168.121.10,1h" ]; + }; + }; sops.secrets."hotspotPass".sopsFile = ./secrets.yaml; From cae7760aad0981ea533d555d99792fcb9b2db12d Mon Sep 17 00:00:00 2001 From: Nathan Date: Sat, 25 Apr 2026 08:37:27 -0500 Subject: [PATCH 31/62] hotspot test --- modules/features/hotspot.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/modules/features/hotspot.nix b/modules/features/hotspot.nix index 0de171c..3a8dae0 100644 --- a/modules/features/hotspot.nix +++ b/modules/features/hotspot.nix @@ -3,11 +3,14 @@ flake.nixosModules.hotspot = { config, lib, ... }: { networking.firewall.interfaces."wlo1" = { - ipv4.addresses = [{ address = "192.168.121.1"; prefixLength = 32; }]; allowedUDPPorts = [ 53 67 68 ]; allowedTCPPorts = [ 53 67 68 ]; }; + networking.interfaces."wlo1" = { + ipv4.addresses = [{ address = "192.168.121.1"; prefixLength = 32; }]; + }; + services.dnsmasq = { enable = true; settings = { From fdb71b0cc4af773351fc3c1074773adc09b22471 Mon Sep 17 00:00:00 2001 From: Nathan Date: Sat, 25 Apr 2026 08:48:10 -0500 Subject: [PATCH 32/62] hotspot test --- modules/features/hotspot.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/features/hotspot.nix b/modules/features/hotspot.nix index 3a8dae0..c386a12 100644 --- a/modules/features/hotspot.nix +++ b/modules/features/hotspot.nix @@ -8,7 +8,7 @@ }; networking.interfaces."wlo1" = { - ipv4.addresses = [{ address = "192.168.121.1"; prefixLength = 32; }]; + ipv4.addresses = [{ address = "192.168.121.1"; prefixLength = 24; }]; }; services.dnsmasq = { From bb2811f238abbbe76696c754177b1e501f5eea3c Mon Sep 17 00:00:00 2001 From: Nathan Date: Sat, 25 Apr 2026 08:55:08 -0500 Subject: [PATCH 33/62] hotspot test --- modules/features/ethdhcp.nix | 32 ++++++++++++++++++++++++++++++++ modules/features/hotspot.nix | 12 ++++++++++-- 2 files changed, 42 insertions(+), 2 deletions(-) create mode 100644 modules/features/ethdhcp.nix diff --git a/modules/features/ethdhcp.nix b/modules/features/ethdhcp.nix new file mode 100644 index 0000000..3739225 --- /dev/null +++ b/modules/features/ethdhcp.nix @@ -0,0 +1,32 @@ +{ ... }: { + + flake.nixosModules.hotspot = { config, lib, ... }: { + + networking.firewall.interfaces."eno1" = { + allowedUDPPorts = [ 53 67 68 ]; + allowedTCPPorts = [ 53 67 68 ]; + }; + + networking = { + interfaces."eno1" = { + ipv4.addresses = [{ address = "192.168.121.1"; prefixLength = 24; }]; + }; + + nat = { + enable = true; + internalInterfaces = [ "eno1" ]; + externalInterface = "wlo1"; + }; + }; + + services.dnsmasq = { + enable = true; + settings = { + interface = "eno1"; + dhcp-range = [ "192.168.121.2,192.168.121.10,1h" ]; + }; + }; + + networking.networkmanager.unmanaged = [ "eno1" ]; + }; +} diff --git a/modules/features/hotspot.nix b/modules/features/hotspot.nix index c386a12..cfd1931 100644 --- a/modules/features/hotspot.nix +++ b/modules/features/hotspot.nix @@ -7,8 +7,16 @@ allowedTCPPorts = [ 53 67 68 ]; }; - networking.interfaces."wlo1" = { - ipv4.addresses = [{ address = "192.168.121.1"; prefixLength = 24; }]; + networking = { + interfaces."wlo1" = { + ipv4.addresses = [{ address = "192.168.121.1"; prefixLength = 24; }]; + }; + + nat = { + enable = true; + internalInterfaces = [ "wlo1" ]; + externalInterface = "eno1"; + }; }; services.dnsmasq = { From 73c12d8b345eff99545a9c18713a57be582bd0f1 Mon Sep 17 00:00:00 2001 From: Nathan Date: Sat, 25 Apr 2026 08:58:24 -0500 Subject: [PATCH 34/62] hotspot test --- modules/features/ethdhcp.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/features/ethdhcp.nix b/modules/features/ethdhcp.nix index 3739225..3197dcd 100644 --- a/modules/features/ethdhcp.nix +++ b/modules/features/ethdhcp.nix @@ -1,6 +1,6 @@ { ... }: { - flake.nixosModules.hotspot = { config, lib, ... }: { + flake.nixosModules.ethdhcp = { config, lib, ... }: { networking.firewall.interfaces."eno1" = { allowedUDPPorts = [ 53 67 68 ]; @@ -23,7 +23,7 @@ enable = true; settings = { interface = "eno1"; - dhcp-range = [ "192.168.121.2,192.168.121.10,1h" ]; + dhcp-range = [ "192.168.121.2,192.168.121.2,1h" ]; }; }; From 794a787a542a18c6696dd393d762427ba4f83cc2 Mon Sep 17 00:00:00 2001 From: Nathan Date: Sat, 25 Apr 2026 09:06:15 -0500 Subject: [PATCH 35/62] ethdhcp test --- modules/hosts/laptop/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/hosts/laptop/configuration.nix b/modules/hosts/laptop/configuration.nix index ca5da86..e39ce22 100644 --- a/modules/hosts/laptop/configuration.nix +++ b/modules/hosts/laptop/configuration.nix @@ -17,7 +17,7 @@ openssh sops - hotspot + ethdhcp ]; config = { From b2996d750bea52e844af2de447dbf39abb5cf42f Mon Sep 17 00:00:00 2001 From: Nathan Date: Sat, 25 Apr 2026 12:43:13 -0500 Subject: [PATCH 36/62] test pi4 --- .sops.yaml | 6 -- modules/features/netbird/netbird.nix | 31 +++++++++ modules/hosts/homebox/configuration.nix | 4 +- modules/hosts/iso/default.nix | 2 +- modules/hosts/pi4/configuration.nix | 92 +++++-------------------- modules/hosts/pi4/core.nix | 75 ++++++++++++++++++++ modules/hosts/pi4/default.nix | 30 +++++++- modules/users/nathan/nathan.nix | 31 ++++++--- modules/users/nathan/sops.nix | 5 +- 9 files changed, 182 insertions(+), 94 deletions(-) create mode 100644 modules/hosts/pi4/core.nix diff --git a/.sops.yaml b/.sops.yaml index c2b0eeb..8121c36 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -9,12 +9,6 @@ creation_rules: - *laptop - *homebox - *android - - path_regex: iso/secrets.yaml$ - key_groups: - - age: - - *laptop - - *homebox - - *android - path_regex: live/secrets.yaml$ key_groups: - age: diff --git a/modules/features/netbird/netbird.nix b/modules/features/netbird/netbird.nix index bbb6d82..e9e46ce 100644 --- a/modules/features/netbird/netbird.nix +++ b/modules/features/netbird/netbird.nix @@ -31,6 +31,37 @@ }; }; + flake.nixosModules.netbird-sbc = { config, lib, pkgs, ... }: { + + config = let + pkgs-us = import inputs.nixpkgs-us { + system = "x86_64-linux"; + }; + in { + + sops.secrets."netbirdKey".sopsFile = ./../secrets.yaml; + + services.netbird = { + enable = lib.mkDefault true; + + clients.default = { + port = 51820; + name = "netbird"; + interface = "wt0"; + hardened = false; + + login = { + enable = true; + setupKeyFile = config.sops.secrets."netbirdKey".path; + }; + }; + + package = pkgs-us.netbird; + #package = pkgs.netbird; + }; + }; + }; + flake.nixosModules.netbird-docker = { config, lib, pkgs, ... }: { imports = [ diff --git a/modules/hosts/homebox/configuration.nix b/modules/hosts/homebox/configuration.nix index d327d02..9033631 100644 --- a/modules/hosts/homebox/configuration.nix +++ b/modules/hosts/homebox/configuration.nix @@ -11,7 +11,7 @@ self.nixosModules.default pipewire avahi - netbird + netbird-sbc openssh sops @@ -81,6 +81,8 @@ }; }; + sops.secrets."netbirdKey".sopsFile = lib.mkForce ./secrets.yaml; + services.netbird.clients.default.environment = { NB_EXTRA_DNS_LABELS = "server"; }; diff --git a/modules/hosts/iso/default.nix b/modules/hosts/iso/default.nix index 3c59086..fdedc86 100644 --- a/modules/hosts/iso/default.nix +++ b/modules/hosts/iso/default.nix @@ -1,6 +1,6 @@ { self, inputs, ...}: { - perSystem = { config, system, pkgs, self', inputs', ... }: { + perSystem = { ... }: { packages.iso = self.nixosConfigurations.iso.config.system.build.isoImage; }; diff --git a/modules/hosts/pi4/configuration.nix b/modules/hosts/pi4/configuration.nix index 08818ca..ae4d528 100644 --- a/modules/hosts/pi4/configuration.nix +++ b/modules/hosts/pi4/configuration.nix @@ -1,93 +1,37 @@ { self, inputs, ... }: { - flake.nixosModules.pi4 = { config, pkgs, ... }: { + flake.nixosModules.pi4-install-disko = { config, pkgs, ... }: { imports = with self.nixosModules; [ inputs.disko.nixosModules.default - inputs.home-manager.nixosModules.default + pi4-core - self.nixosModules.default - user-nathan - netbird - avahi - openssh + self.diskoConfigurations.pi4 + ]; + + config = { + + }; + }; + + + flake.nixosModules.pi4 = { config, pkgs, ... }: { + + imports = with self.nixosModules; [ + + pi4-core-disko + + netbird-sbc remoteBuilds sops ]; config = { - boot = { - loader = { - grub.enable = false; - generic-extlinux-compatible.enable = true; - }; - }; - - networking = { - hostName = "pi4"; - nameservers = [ "1.1.1.1" "1.0.0.1" ]; - networkmanager.enable = true; - }; - - time.timeZone = "America/Chicago"; - - i18n.defaultLocale = "en_US.UTF-8"; - - i18n.extraLocaleSettings = { - LC_ADDRESS = "en_US.UTF-8"; - LC_IDENTIFICATION = "en_US.UTF-8"; - LC_MEASUREMENT = "en_US.UTF-8"; - LC_MONETARY = "en_US.UTF-8"; - LC_NAME = "en_US.UTF-8"; - LC_NUMERIC = "en_US.UTF-8"; - LC_PAPER = "en_US.UTF-8"; - LC_TELEPHONE = "en_US.UTF-8"; - LC_TIME = "en_US.UTF-8"; - }; - - hardware = { - bluetooth.enable = true; - - }; - - programs.zsh.enable = true; - - environment.shells = with pkgs; [ zsh ]; - - users = { - groups.gpio = {}; - }; - - services = { - udev.extraRules = '' - SUBSYSTEM=="bcm2835-gpiomem", KERNEL=="gpiomem", GROUP="gpio",MODE="0660" - SUBSYSTEM=="gpio", KERNEL=="gpiochip*", ACTION=="add", RUN+="${pkgs.bash}/bin/bash -c 'chown root:gpio /sys/class/gpio/export /sys/class/gpio/unexport ; chmod 220 /sys/class/gpio/export /sys/class/gpio/unexport'" - SUBSYSTEM=="gpio", KERNEL=="gpio*", ACTION=="add",RUN+="${pkgs.bash}/bin/bash -c 'chown root:gpio /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value ; chmod 660 /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value'" - ''; - - pulseaudio = { - enable = true; - extraConfig = '' - load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1 - ''; - }; - - }; - sops = { - age.keyFile = "/var/lib/sops/age/keys.txt"; defaultSopsFile = ./secrets.yaml; - defaultSopsFormat = "yaml"; }; - - - fonts.packages = with pkgs; [ nerd-fonts.fira-code ]; - - security.rtkit.enable = true; - - system.stateVersion = "25.11"; }; }; } diff --git a/modules/hosts/pi4/core.nix b/modules/hosts/pi4/core.nix new file mode 100644 index 0000000..2768298 --- /dev/null +++ b/modules/hosts/pi4/core.nix @@ -0,0 +1,75 @@ +{ self, inputs, ... }: { + + flake.nixosModules.pi4-core = { config, pkgs, ... }: { + + imports = with self.nixosModules; [ + + inputs.home-manager.nixosModules.default + + self.nixosModules.default + user-nathan + avahi + openssh + ]; + + config = { + + boot = { + loader = { + grub.enable = false; + generic-extlinux-compatible.enable = true; + }; + kernelParams = [ "snd_bcm2835.enable_hdmi=1" "snd_bcm2835.enable_headphones=1" ]; + }; + + networking = { + hostName = "pi4"; + nameservers = [ "1.1.1.1" "1.0.0.1" ]; + networkmanager = { + enable = true; + powersave = false; + }; + }; + + hardware = { + bluetooth.enable = true; + + }; + + programs.zsh.enable = true; + + environment.shells = with pkgs; [ zsh ]; + + environment.systemPackages = with pkgs; [ + libraspberrypi + raspberrypi-eeprom + ]; + + users = { + groups.gpio = {}; + }; + + services = { + udev.extraRules = '' + SUBSYSTEM=="bcm2835-gpiomem", KERNEL=="gpiomem", GROUP="gpio",MODE="0660" + SUBSYSTEM=="gpio", KERNEL=="gpiochip*", ACTION=="add", RUN+="${pkgs.bash}/bin/bash -c 'chown root:gpio /sys/class/gpio/export /sys/class/gpio/unexport ; chmod 220 /sys/class/gpio/export /sys/class/gpio/unexport'" + SUBSYSTEM=="gpio", KERNEL=="gpio*", ACTION=="add",RUN+="${pkgs.bash}/bin/bash -c 'chown root:gpio /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value ; chmod 660 /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value'" + ''; + + pulseaudio = { + enable = true; + extraConfig = '' + load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1 + ''; + }; + + }; + + fonts.packages = with pkgs; [ nerd-fonts.fira-code ]; + + security.rtkit.enable = true; + + system.stateVersion = "25.11"; + }; + }; +} diff --git a/modules/hosts/pi4/default.nix b/modules/hosts/pi4/default.nix index 90c104a..93aeab1 100644 --- a/modules/hosts/pi4/default.nix +++ b/modules/hosts/pi4/default.nix @@ -1,6 +1,12 @@ { self, inputs, ... }: { - - flake.nixosConfigurations."pi4" = inputs.nixpkgs.lib.nixosSystem { + + perSystem = { ... }: { + packages.pi4-sd = self.nixosConfigurations.pi4-install.config.system.build.sdImage; + }; + + flake.nixosConfigurations.pi4 = inputs.nixpkgs.lib.nixosSystem { + + system = "aarch64-linux"; modules = [ self.nixosModules.pi4 @@ -9,4 +15,24 @@ ]; }; + flake.nixosConfigurations.pi4-install = inputs.nixpkgs.lib.nixosSystem { + + system = "aarch64-linux"; + + modules = [ + self.nixosModules.pi4-core + self.nixosModules.pi4-hardware + ]; + }; + + flake.nixosConfigurations.pi4-install-disko = inputs.nixpkgs.lib.nixosSystem { + + system = "aarch64-linux"; + + modules = [ + self.nixosModules.pi4-core-disko + self.nixosModules.pi4-hardware + self.diskoConfigurations.pi4 + ]; + }; } diff --git a/modules/users/nathan/nathan.nix b/modules/users/nathan/nathan.nix index 7ac93e1..bc1b9be 100644 --- a/modules/users/nathan/nathan.nix +++ b/modules/users/nathan/nathan.nix @@ -4,28 +4,38 @@ laptop = [ "laptop" ]; homebox = [ "homebox" ]; iso = [ "iso" ]; - #pi4 = [ "pi4" ]; - #z2w = [ "red-black" "blue-white" ]; + pi4 = [ "pi4" ]; + z2w = [ "red-black" "blue-white" ]; useWith = x: y: (lib.mkIf (builtins.any (z: z == config.networking.hostName) x) y); in { config = { users.users.nathan = { + enable = true; shell = pkgs.zsh; name = lib.mkDefault "nathan"; isNormalUser = lib.mkDefault true; hashedPassword = lib.mkIf (config.users.users.nathan.hashedPasswordFile == null) "$y$j9T$F0pn6l4C45lz4a0FTZLqE0$Fc48Ptbmz/3MJCk/Jsaqop4ff.bY3J3GcjhmJx5R7k6"; - extraGroups = [ "networkmanager" "docker" "libvirtd" "wheel" ]; + extraGroups = lib.mkMerge [ + [ "networkmanager" "wheel" ] + (useWith (homebox) [ "docker" "libvirtd" ]) + (useWith (pi4) [ "gpio" ]) + ]; openssh.authorizedKeys.keys = lib.mkMerge [ - (useWith (homebox ++ iso) [ + (useWith (homebox) [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsU69CxfQk58CvItPN426h5Alnpb60SH37wet97Vb57 nathan@laptop" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEnUhN2uHwAJF/SLRX3wlGRmfhV3zpP88JQAYB+gh8jW nathan@localhost" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCM7ZgIu4+ntHZbzo9iQPq5pUt7AhpOnfvvI0lWDgO4CgtkPGvyFrDnW87wjAKGKYkgKeHWHIkwq2hkEDqlPD+7xxtPpwzfyo7ZS23xlP31rL14HcG21jGHgx9SO7RmGDHHylu4PwJzz/KX59hcVmpSSV4hgB/mYA9UKe6VHv39X4y3HsjmiHwNBOKXltG4V+VkxOZD6HcZ62sgkyDTaqDpE7p+q8vHPbm6dVTKC9cMjtJmjB5EesMGKcEAy3VN2tA9M0EndtaLcBKM39vDXGpBsjURYZTu7NbQnncnO7L8kVL0nT4vA/d4mCjB51dPoXIcxn1ise0TOb9G7TxMbBQQO5YMOpiB2iuZRRvB3sYoKwbO8YfSxZi0EhvLcxkF9GBFw+pWPl0p0D2fPBbW88YQfEpoAt2EWvEu/pgaMJsTHpgaIuDwPLVQmDciX4MRoi324oElGSK8yN0P8IaCHhFchuehLBWvTi34Qot0GpnxeTzmlLzImICO9Yq0I7dk2rk= nathan@rpi-3dp" ]) + (useWith (iso ++ pi4 ++ z2w) [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsU69CxfQk58CvItPN426h5Alnpb60SH37wet97Vb57 nathan@laptop" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEnUhN2uHwAJF/SLRX3wlGRmfhV3zpP88JQAYB+gh8jW nathan@localhost" + ]) + (useWith laptop [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEnUhN2uHwAJF/SLRX3wlGRmfhV3zpP88JQAYB+gh8jW nathan@localhost" ]) @@ -57,16 +67,19 @@ ''; }) - (useWith iso { - - olympus = { - packageSet = "minimal"; - }; + (useWith (iso) { wayland.windowManager.hyprland.extraConfig = '' monitor=,preferred,auto,1 ''; }) + + (useWith (iso ++ pi4 ++ z2w) { + + olympus = { + packageSet = "minimal"; + }; + }) ]; }; }; diff --git a/modules/users/nathan/sops.nix b/modules/users/nathan/sops.nix index 90af126..fe93618 100644 --- a/modules/users/nathan/sops.nix +++ b/modules/users/nathan/sops.nix @@ -13,7 +13,10 @@ sopsFile = ./secrets.yaml; }; - users.users.nathan.hashedPasswordFile = lib.mkDefault config.sops.secrets."nathan/pass".path; + users.users.nathan = { + enable = lib.mkDefault false; + hashedPasswordFile = lib.mkDefault config.sops.secrets."nathan/pass".path; + }; }; }; } From b77d4a0d963845920b2e4434b7b5552e0e1871cc Mon Sep 17 00:00:00 2001 From: Nathan Date: Sat, 25 Apr 2026 12:45:55 -0500 Subject: [PATCH 37/62] test pi4 --- modules/hosts/pi4/core.nix | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/modules/hosts/pi4/core.nix b/modules/hosts/pi4/core.nix index 2768298..eaf1256 100644 --- a/modules/hosts/pi4/core.nix +++ b/modules/hosts/pi4/core.nix @@ -25,10 +25,7 @@ networking = { hostName = "pi4"; nameservers = [ "1.1.1.1" "1.0.0.1" ]; - networkmanager = { - enable = true; - powersave = false; - }; + networkmanager.enable = true; }; hardware = { From 9805e11b9c17feead072ac9871422b1f9aa63291 Mon Sep 17 00:00:00 2001 From: Nathan Date: Sat, 25 Apr 2026 12:52:04 -0500 Subject: [PATCH 38/62] test pi4 --- modules/hosts/pi4/configuration.nix | 15 ++++++++++++++- modules/hosts/pi4/default.nix | 2 +- 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/modules/hosts/pi4/configuration.nix b/modules/hosts/pi4/configuration.nix index ae4d528..5964f98 100644 --- a/modules/hosts/pi4/configuration.nix +++ b/modules/hosts/pi4/configuration.nix @@ -1,5 +1,19 @@ { self, inputs, ... }: { + flake.nixosModules.pi4-install-sd = { config, pkgs, modulesPath, ... }: { + + imports = with self.nixosModules; [ + + (modulesPath + "/installer/sd-card/sd-image-aarch64.nix") + pi4-core + + ]; + + config = { + + }; + }; + flake.nixosModules.pi4-install-disko = { config, pkgs, ... }: { imports = with self.nixosModules; [ @@ -15,7 +29,6 @@ }; }; - flake.nixosModules.pi4 = { config, pkgs, ... }: { imports = with self.nixosModules; [ diff --git a/modules/hosts/pi4/default.nix b/modules/hosts/pi4/default.nix index 93aeab1..39d29de 100644 --- a/modules/hosts/pi4/default.nix +++ b/modules/hosts/pi4/default.nix @@ -1,7 +1,7 @@ { self, inputs, ... }: { perSystem = { ... }: { - packages.pi4-sd = self.nixosConfigurations.pi4-install.config.system.build.sdImage; + packages.pi4-sd = self.nixosConfigurations.pi4-install-sd.config.system.build.sdImage; }; flake.nixosConfigurations.pi4 = inputs.nixpkgs.lib.nixosSystem { From 3a10a1d9b126c2eec9d054ce690fd154f39d0064 Mon Sep 17 00:00:00 2001 From: Nathan Date: Sat, 25 Apr 2026 12:54:31 -0500 Subject: [PATCH 39/62] test pi4 --- modules/hosts/pi4/default.nix | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/modules/hosts/pi4/default.nix b/modules/hosts/pi4/default.nix index 39d29de..781ad0e 100644 --- a/modules/hosts/pi4/default.nix +++ b/modules/hosts/pi4/default.nix @@ -25,12 +25,22 @@ ]; }; + flake.nixosConfigurations.pi4-install-sd = inputs.nixpkgs.lib.nixosSystem { + + system = "aarch64-linux"; + + modules = [ + self.nixosModules.pi4-install-sd + self.nixosModules.pi4-hardware + ]; + }; + flake.nixosConfigurations.pi4-install-disko = inputs.nixpkgs.lib.nixosSystem { system = "aarch64-linux"; modules = [ - self.nixosModules.pi4-core-disko + self.nixosModules.pi4-install-disko self.nixosModules.pi4-hardware self.diskoConfigurations.pi4 ]; From 89413138f606f9f3bc8973bf1492311c575b9b67 Mon Sep 17 00:00:00 2001 From: Nathan Date: Sat, 25 Apr 2026 17:32:22 -0500 Subject: [PATCH 40/62] test pi4 --- modules/hosts/z2w/core.nix | 63 +++++++++++++++++++ .../nathan/home-manager/features/packages.nix | 22 +++---- 2 files changed, 74 insertions(+), 11 deletions(-) create mode 100644 modules/hosts/z2w/core.nix diff --git a/modules/hosts/z2w/core.nix b/modules/hosts/z2w/core.nix new file mode 100644 index 0000000..f96691a --- /dev/null +++ b/modules/hosts/z2w/core.nix @@ -0,0 +1,63 @@ +{ self, inputs, ... }: { + + flake.nixosModules.z2w-core = { config, pkgs, ... }: { + + imports = with self.nixosModules; [ + + inputs.home-manager.nixosModules.default + + self.nixosModules.default + user-nathan + avahi + openssh + ]; + + config = { + + boot = { + loader = { + grub.enable = false; + generic-extlinux-compatible.enable = true; + }; + }; + + networking = { + nameservers = [ "1.1.1.1" "1.0.0.1" ]; + networkmanager.enable = true; + }; + + hardware = { + bluetooth.enable = true; + + }; + + programs.zsh.enable = true; + + environment.shells = with pkgs; [ zsh ]; +/* + users = { + groups.gpio = {}; + }; + + services = { + udev.extraRules = '' + SUBSYSTEM=="bcm2835-gpiomem", KERNEL=="gpiomem", GROUP="gpio",MODE="0660" + SUBSYSTEM=="gpio", KERNEL=="gpiochip*", ACTION=="add", RUN+="${pkgs.bash}/bin/bash -c 'chown root:gpio /sys/class/gpio/export /sys/class/gpio/unexport ; chmod 220 /sys/class/gpio/export /sys/class/gpio/unexport'" + SUBSYSTEM=="gpio", KERNEL=="gpio*", ACTION=="add",RUN+="${pkgs.bash}/bin/bash -c 'chown root:gpio /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value ; chmod 660 /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value'" + ''; + + pulseaudio = { + enable = true; + extraConfig = '' + load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1 + ''; + }; + + }; +*/ + fonts.packages = with pkgs; [ nerd-fonts.fira-code ]; + + system.stateVersion = "25.11"; + }; + }; +} diff --git a/modules/users/nathan/home-manager/features/packages.nix b/modules/users/nathan/home-manager/features/packages.nix index 423aa96..0e3064d 100644 --- a/modules/users/nathan/home-manager/features/packages.nix +++ b/modules/users/nathan/home-manager/features/packages.nix @@ -22,17 +22,6 @@ unzip rsync curl - - (python314.withPackages (ps: with ps; [ - gpustat - numpy - matplotlib - scipy - pandas - pyaudio - pyusb - requests - ])) cava android-tools @@ -56,6 +45,17 @@ home.packages = with pkgs; [ + (python314.withPackages (ps: with ps; [ + gpustat + numpy + matplotlib + scipy + pandas + pyaudio + pyusb + requests + ])) + grim slurp wl-clipboard From 25cadc63eeb42fdbe5d4e7743f17e398fe8acc18 Mon Sep 17 00:00:00 2001 From: Nathan Date: Sat, 25 Apr 2026 19:26:50 -0500 Subject: [PATCH 41/62] test pi4 --- modules/hosts/z2w/configuration.nix | 30 +++++++++++++++++++++++--- modules/hosts/z2w/default.nix | 33 +++++++++++++++++++++++------ 2 files changed, 54 insertions(+), 9 deletions(-) diff --git a/modules/hosts/z2w/configuration.nix b/modules/hosts/z2w/configuration.nix index 1d29838..d8d80c9 100644 --- a/modules/hosts/z2w/configuration.nix +++ b/modules/hosts/z2w/configuration.nix @@ -1,11 +1,35 @@ -{ ... }: { +{ self, ... }: { - flake.nixosModules.z2w = { ... }: { + flake.nixosModules.z2w-install-sd = { config, pkgs, modulesPath, ... }: { + + imports = with self.nixosModules; [ + + (modulesPath + "/installer/sd-card/sd-image-aarch64.nix") + z2w-core - imports = [ ]; config = { + + }; + }; + + flake.nixosModules.z2w = { config, pkgs, ... }: { + + imports = with self.nixosModules; [ + + z2w-install-sd + + netbird-sbc + remoteBuilds + sops + ]; + + config = { + + sops = { + defaultSopsFile = ./secrets.yaml; + }; }; }; } diff --git a/modules/hosts/z2w/default.nix b/modules/hosts/z2w/default.nix index f7715be..e37ed05 100644 --- a/modules/hosts/z2w/default.nix +++ b/modules/hosts/z2w/default.nix @@ -1,16 +1,37 @@ { self, inputs, ... }: { + + perSystem = { ... }: { + packages.z2w-sd = self.nixosConfigurations.z2w-install-sd.config.system.build.sdImage; + }; - flake.nixosConfigurations."blue-white" = inputs.nixpkgs.lib.nixosSystem { + flake.nixosConfigurations.z2w = inputs.nixpkgs.lib.nixosSystem { system = "aarch64-linux"; - modules = inputs.nixos-opi-zero2w.lib.withOpiZero2wInstallerEssentials [ + modules = [ self.nixosModules.z2w #self.nixosModules.z2w-hardware - #self.diskoConfigurations.z2w - ({ ... }: { - networking.hostName = "blue-white"; - }) + self.diskoConfigurations.z2w + ]; + }; + + flake.nixosConfigurations.z2w-install = inputs.nixpkgs.lib.nixosSystem { + + system = "aarch64-linux"; + + modules = [ + self.nixosModules.z2w-core + #self.nixosModules.z2w-hardware + ]; + }; + + flake.nixosConfigurations.z2w-install-sd = inputs.nixpkgs.lib.nixosSystem { + + system = "aarch64-linux"; + + modules = [ + self.nixosModules.z2w-install-sd + #self.nixosModules.z2w-hardware ]; }; } From 05978001eba6f3202e12adc0e948ddc90eb59460 Mon Sep 17 00:00:00 2001 From: Nathan Date: Sat, 25 Apr 2026 19:42:56 -0500 Subject: [PATCH 42/62] laptop specialisation --- modules/hosts/laptop/configuration.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/modules/hosts/laptop/configuration.nix b/modules/hosts/laptop/configuration.nix index e39ce22..47a3556 100644 --- a/modules/hosts/laptop/configuration.nix +++ b/modules/hosts/laptop/configuration.nix @@ -91,6 +91,14 @@ services.openssh.openFirewall = false; + specialisation = { + ethdhcp = { + configuration = with self.nixosModules; lib.mkMerge [ + ethdhcp + ]; + }; + }; + fonts.packages = with pkgs; [ nerd-fonts.fira-code ]; From 9254637afd1949e7e06e23e79966e811ee422c2c Mon Sep 17 00:00:00 2001 From: Nathan Date: Sat, 25 Apr 2026 19:43:44 -0500 Subject: [PATCH 43/62] laptop specialisation --- modules/hosts/laptop/configuration.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/modules/hosts/laptop/configuration.nix b/modules/hosts/laptop/configuration.nix index 47a3556..9efb3bd 100644 --- a/modules/hosts/laptop/configuration.nix +++ b/modules/hosts/laptop/configuration.nix @@ -16,8 +16,6 @@ netbird openssh sops - - ethdhcp ]; config = { From 4e9ac313d8470f0d12d919c54c013994b790235a Mon Sep 17 00:00:00 2001 From: Nathan Date: Sat, 25 Apr 2026 21:53:00 -0500 Subject: [PATCH 44/62] test z2w --- modules/hosts/z2w/core.nix | 11 ++++++----- modules/hosts/z2w/default.nix | 15 ++------------- 2 files changed, 8 insertions(+), 18 deletions(-) diff --git a/modules/hosts/z2w/core.nix b/modules/hosts/z2w/core.nix index f96691a..60a3230 100644 --- a/modules/hosts/z2w/core.nix +++ b/modules/hosts/z2w/core.nix @@ -1,6 +1,6 @@ { self, inputs, ... }: { - flake.nixosModules.z2w-core = { config, pkgs, ... }: { + flake.nixosModules.z2w-core = { config, lib, pkgs, ... }: { imports = with self.nixosModules; [ @@ -14,22 +14,23 @@ config = { - boot = { + /*boot = { loader = { grub.enable = false; generic-extlinux-compatible.enable = true; }; - }; + };*/ networking = { + hostName = lib.mkDefault "z2w"; nameservers = [ "1.1.1.1" "1.0.0.1" ]; networkmanager.enable = true; }; - hardware = { + /*hardware = { bluetooth.enable = true; - }; + };*/ programs.zsh.enable = true; diff --git a/modules/hosts/z2w/default.nix b/modules/hosts/z2w/default.nix index e37ed05..6cd4315 100644 --- a/modules/hosts/z2w/default.nix +++ b/modules/hosts/z2w/default.nix @@ -8,20 +8,9 @@ system = "aarch64-linux"; - modules = [ + modules = inputs.opi-zero2w.lib.withOpiZero2wEssentials [ self.nixosModules.z2w #self.nixosModules.z2w-hardware - self.diskoConfigurations.z2w - ]; - }; - - flake.nixosConfigurations.z2w-install = inputs.nixpkgs.lib.nixosSystem { - - system = "aarch64-linux"; - - modules = [ - self.nixosModules.z2w-core - #self.nixosModules.z2w-hardware ]; }; @@ -29,7 +18,7 @@ system = "aarch64-linux"; - modules = [ + modules = inputs.opi-zero2w.lib.withOpiZero2wEssentials [ self.nixosModules.z2w-install-sd #self.nixosModules.z2w-hardware ]; From cb964de8f3b567001d3c0b03db5f755e7214fcd8 Mon Sep 17 00:00:00 2001 From: Nathan Date: Sat, 25 Apr 2026 21:55:58 -0500 Subject: [PATCH 45/62] test z2w --- flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index df1b24b..6a71923 100644 --- a/flake.nix +++ b/flake.nix @@ -18,7 +18,7 @@ nixos-hardware.url = "github:nixos/nixos-hardware/master"; - nixos-opi-zero2w.url = "github:virusdave/nixos-opi-zero2w"; + opi-zero2w.url = "github:virusdave/nixos-opi-zero2w"; sops-nix = { url = "github:Mic92/sops-nix"; From 9b1c8237a765c0fb49c7ee085e51f1c0d9485635 Mon Sep 17 00:00:00 2001 From: Nathan Date: Sat, 25 Apr 2026 21:56:33 -0500 Subject: [PATCH 46/62] test z2w --- flake.lock | 84 +++++++++++++++++++++++++++--------------------------- 1 file changed, 42 insertions(+), 42 deletions(-) diff --git a/flake.lock b/flake.lock index c0f3487..81d810b 100644 --- a/flake.lock +++ b/flake.lock @@ -251,7 +251,7 @@ }, "home-manager_3": { "inputs": { - "nixpkgs": "nixpkgs_6" + "nixpkgs": "nixpkgs_5" }, "locked": { "lastModified": 1777004352, @@ -634,24 +634,6 @@ "type": "github" } }, - "nixos-opi-zero2w": { - "inputs": { - "nixpkgs": "nixpkgs_4" - }, - "locked": { - "lastModified": 1772415536, - "narHash": "sha256-dS4XyDDVCjGEFDX4zgaalQqMlfWL7JfeLGJpLwcAAFE=", - "owner": "virusdave", - "repo": "nixos-opi-zero2w", - "rev": "1337ecfb2443f059f8971eb89eae487fbc6b0dcc", - "type": "github" - }, - "original": { - "owner": "virusdave", - "repo": "nixos-opi-zero2w", - "type": "github" - } - }, "nixpkgs": { "locked": { "lastModified": 1775423009, @@ -762,22 +744,6 @@ } }, "nixpkgs_4": { - "locked": { - "lastModified": 1772047000, - "narHash": "sha256-7DaQVv4R97cii/Qdfy4tmDZMB2xxtyIvNGSwXBBhSmo=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "1267bb4920d0fc06ea916734c11b0bf004bbe17e", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-25.11", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_5": { "locked": { "lastModified": 1776734388, "narHash": "sha256-vl3dkhlE5gzsItuHoEMVe+DlonsK+0836LIRDnm6MXQ=", @@ -793,7 +759,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_5": { "locked": { "lastModified": 1775423009, "narHash": "sha256-vPKLpjhIVWdDrfiUM8atW6YkIggCEKdSAlJPzzhkQlw=", @@ -809,7 +775,7 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_6": { "locked": { "lastModified": 1775710090, "narHash": "sha256-ar3rofg+awPB8QXDaFJhJ2jJhu+KqN/PRCXeyuXR76E=", @@ -825,7 +791,7 @@ "type": "github" } }, - "nixpkgs_8": { + "nixpkgs_7": { "locked": { "lastModified": 1774701658, "narHash": "sha256-CIS/4AMUSwUyC8X5g+5JsMRvIUL3YUfewe8K4VrbsSQ=", @@ -841,11 +807,27 @@ "type": "github" } }, + "nixpkgs_8": { + "locked": { + "lastModified": 1772047000, + "narHash": "sha256-7DaQVv4R97cii/Qdfy4tmDZMB2xxtyIvNGSwXBBhSmo=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "1267bb4920d0fc06ea916734c11b0bf004bbe17e", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-25.11", + "repo": "nixpkgs", + "type": "github" + } + }, "nixvim": { "inputs": { "flake-parts": "flake-parts_3", "home-manager": "home-manager_3", - "nixpkgs": "nixpkgs_7", + "nixpkgs": "nixpkgs_6", "nixvim": "nixvim_2" }, "locked": { @@ -865,7 +847,7 @@ "nixvim_2": { "inputs": { "flake-parts": "flake-parts_4", - "nixpkgs": "nixpkgs_8", + "nixpkgs": "nixpkgs_7", "systems": "systems_2" }, "locked": { @@ -882,6 +864,24 @@ "type": "github" } }, + "opi-zero2w": { + "inputs": { + "nixpkgs": "nixpkgs_8" + }, + "locked": { + "lastModified": 1772415536, + "narHash": "sha256-dS4XyDDVCjGEFDX4zgaalQqMlfWL7JfeLGJpLwcAAFE=", + "owner": "virusdave", + "repo": "nixos-opi-zero2w", + "rev": "1337ecfb2443f059f8971eb89eae487fbc6b0dcc", + "type": "github" + }, + "original": { + "owner": "virusdave", + "repo": "nixos-opi-zero2w", + "type": "github" + } + }, "pre-commit-hooks": { "inputs": { "flake-compat": "flake-compat", @@ -915,10 +915,10 @@ "hyprland": "hyprland", "import-tree": "import-tree_2", "nixos-hardware": "nixos-hardware", - "nixos-opi-zero2w": "nixos-opi-zero2w", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_4", "nixpkgs-us": "nixpkgs-us", "nixvim": "nixvim", + "opi-zero2w": "opi-zero2w", "sops-nix": "sops-nix" } }, From 05490f1a1c0e93a00a43b0d3303af8d5ff33ae09 Mon Sep 17 00:00:00 2001 From: Nathan Date: Sat, 25 Apr 2026 21:59:44 -0500 Subject: [PATCH 47/62] test z2w --- modules/users/nathan/nathan.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/users/nathan/nathan.nix b/modules/users/nathan/nathan.nix index bc1b9be..4581ee1 100644 --- a/modules/users/nathan/nathan.nix +++ b/modules/users/nathan/nathan.nix @@ -5,7 +5,7 @@ homebox = [ "homebox" ]; iso = [ "iso" ]; pi4 = [ "pi4" ]; - z2w = [ "red-black" "blue-white" ]; + z2w = [ "red-black" "blue-white" "z2w" ]; useWith = x: y: (lib.mkIf (builtins.any (z: z == config.networking.hostName) x) y); in { From d0efe3a8779ff348448531566756968c89085d85 Mon Sep 17 00:00:00 2001 From: Nathan Date: Sat, 25 Apr 2026 22:06:43 -0500 Subject: [PATCH 48/62] test z2w --- modules/hosts/z2w/core.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/hosts/z2w/core.nix b/modules/hosts/z2w/core.nix index 60a3230..4f21b66 100644 --- a/modules/hosts/z2w/core.nix +++ b/modules/hosts/z2w/core.nix @@ -27,6 +27,8 @@ networkmanager.enable = true; }; + wireless.enable = lib.mkForce false; + /*hardware = { bluetooth.enable = true; From d8232091ab53b6104e24712cad0617c30f202095 Mon Sep 17 00:00:00 2001 From: Nathan Date: Sat, 25 Apr 2026 22:07:17 -0500 Subject: [PATCH 49/62] test z2w --- modules/hosts/z2w/core.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/hosts/z2w/core.nix b/modules/hosts/z2w/core.nix index 4f21b66..5fc6cb0 100644 --- a/modules/hosts/z2w/core.nix +++ b/modules/hosts/z2w/core.nix @@ -25,9 +25,9 @@ hostName = lib.mkDefault "z2w"; nameservers = [ "1.1.1.1" "1.0.0.1" ]; networkmanager.enable = true; + wireless.enable = lib.mkForce false; }; - wireless.enable = lib.mkForce false; /*hardware = { bluetooth.enable = true; From 58960aa94d1fadb49243ce37fc105e34b8561d37 Mon Sep 17 00:00:00 2001 From: Nathan Date: Sat, 25 Apr 2026 22:35:15 -0500 Subject: [PATCH 50/62] test z2w --- modules/features/remoteBuilds.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/features/remoteBuilds.nix b/modules/features/remoteBuilds.nix index 0f80aa1..429c8bc 100644 --- a/modules/features/remoteBuilds.nix +++ b/modules/features/remoteBuilds.nix @@ -38,7 +38,8 @@ (builtins.attrNames config.sops.secrets) ) { isNormalUser = true; - createHome = false; + createHome = true; + home = "/tmp/remote-builder"; }; sops.templates."remote-builder" = lib.mkIf (builtins.any From 715f4911ea93df939a0e04e82c1912fce68048e9 Mon Sep 17 00:00:00 2001 From: Nathan Date: Sat, 25 Apr 2026 22:37:18 -0500 Subject: [PATCH 51/62] update netbird secrets --- modules/hosts/homebox/secrets.yaml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/modules/hosts/homebox/secrets.yaml b/modules/hosts/homebox/secrets.yaml index b42abac..64f0c47 100644 --- a/modules/hosts/homebox/secrets.yaml +++ b/modules/hosts/homebox/secrets.yaml @@ -14,6 +14,7 @@ keycloak: dbpass: ENC[AES256_GCM,data:tc4wIAqzY7nonBhz8s+YdAux,iv:Wg0b0/xnl6cANLTOJWBsX+gw1iF8Q/GvO/iKyKwqJrM=,tag:LORKRmo4RjcrVbPNhk2A9Q==,type:str] netbird: secret_key: ENC[AES256_GCM,data:isJHGh/InvgJUSqISqxpWhZH0OMN/QG7WBbSS7WqHaWTdfZDBOh//PBP8g==,iv:j0D6feM3qnDjXijXRHgZPboFLHzPwWIhT5bYz3M+QMU=,tag:pOHRxOEdOUrL3n6DgqGDsA==,type:str] +netbirdKey: ENC[AES256_GCM,data:NSOx62QO2/BMgsV6B+Bi20XN1s8PUYDogRVj4XXYeqhF2QZE,iv:FiJzCpy+4Et58KJlG25A/GqeYscFQ9yzLj5i1ZEVDos=,tag:nlviBvsFJBGsAmwVt3agTg==,type:str] gitlab: db_pass: ENC[AES256_GCM,data:N3KvXkXql/PDjxZSpGo/Apr/,iv:OOzhR4BEmV3T01PA50vqdJMg7D2OGKHn/8hiqKEaOd4=,tag:jzdonXH/D/5kZ5Cld2W//w==,type:str] root_pass: ENC[AES256_GCM,data:bALaUkoJw3N0ugZP/4MCnEsD,iv:LJdJpXlyzA6o00UVlK+l5WCCFIL/sT/fQNjI8wA5LAg=,tag:BYk1o/rjubyEpeHbgYA1Sg==,type:str] @@ -38,7 +39,7 @@ sops: S0NMRGJSeks0Q0UrVnZmUVdyU2NqVm8KLu2kQpD1fJdU0fTdR9A2cTQzRp+waJ6M 8vA+E8xYb2U4d7m0YnwKkGzw0CBPb0BvdEgvWvqpFViftoDwRv5KGA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-02-01T12:56:37Z" - mac: ENC[AES256_GCM,data:clu/WnwHAQaowQ99Z8tNlIKKcVnLHYeYsgQK0meftXgiQKnLyLzqNipwfaU3qjITdm6fB7wY+TcySygpwFbY2f2TKrqAk7RxdnTFa61vQDqMF7rYPG90Ub79P+R5URZI8yjv69Hmrav0Y6z92vH8ItbPSRBLtgrbYZx36IFq0LU=,iv:qzBVA0xATM979tzu6cTvMrX77firvA5K0WU2hoUggoA=,tag:Fm3IqH0GUHBq9Din6ZW6ng==,type:str] + lastmodified: "2026-04-26T03:37:06Z" + mac: ENC[AES256_GCM,data:gFZhelYC2ToiyRQmX2XiEmmMy3XeSFiF9EARogNcEIv+V/3Z4jKIDGwIvnP94s9ylgb+VZ2IoJLYb6zYSgYx/muOCoeoLifNwZOO+zA2hEgUf0kAhsM08HkuuwvifPwBZXO0P3VXTfP21QymetYVstX9ifYT3K5BIB2m9Unudu0=,iv:+Pr8idIxArX7eQEQaxigjhAGEOQRl7pz3p182yh6+Tg=,tag:qlpBKB4vg3BRFd/s+vDaDw==,type:str] unencrypted_suffix: _unencrypted - version: 3.11.0 + version: 3.12.1 From cb63ce6b6bd789da6fb0924721cb866ea71614ba Mon Sep 17 00:00:00 2001 From: Nathan Date: Sat, 25 Apr 2026 22:45:35 -0500 Subject: [PATCH 52/62] packages --- .../nathan/home-manager/features/packages.nix | 22 ++++++++++--------- modules/users/nathan/nathan.nix | 2 +- 2 files changed, 13 insertions(+), 11 deletions(-) diff --git a/modules/users/nathan/home-manager/features/packages.nix b/modules/users/nathan/home-manager/features/packages.nix index 0e3064d..9753ef5 100644 --- a/modules/users/nathan/home-manager/features/packages.nix +++ b/modules/users/nathan/home-manager/features/packages.nix @@ -38,10 +38,19 @@ (mkIf config.wayland.windowManager.hyprland.enable { - nixpkgs.config = { - allowUnfree = true; - }; + home.packages = with pkgs; [ + grim + slurp + wl-clipboard + xfce.thunar + blueberry + brightnessctl + libdbusmenu-gtk3 + ]; + }) + + (mkIf (pkgs.stdenv.hostPlatform == "x86_64-linux") { home.packages = with pkgs; [ @@ -56,13 +65,6 @@ requests ])) - grim - slurp - wl-clipboard - xfce.thunar - blueberry - brightnessctl - libdbusmenu-gtk3 ]; }) diff --git a/modules/users/nathan/nathan.nix b/modules/users/nathan/nathan.nix index 4581ee1..86c2bcc 100644 --- a/modules/users/nathan/nathan.nix +++ b/modules/users/nathan/nathan.nix @@ -74,7 +74,7 @@ ''; }) - (useWith (iso ++ pi4 ++ z2w) { + (useWith (iso ++ pi4 ++ z2w ++ homebox) { olympus = { packageSet = "minimal"; From db21c83e3f30656a5221f5e0323bd96f8cede966 Mon Sep 17 00:00:00 2001 From: Nathan Date: Sat, 25 Apr 2026 22:48:48 -0500 Subject: [PATCH 53/62] packages --- modules/users/nathan/home-manager/features/packages.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/users/nathan/home-manager/features/packages.nix b/modules/users/nathan/home-manager/features/packages.nix index 9753ef5..08416cf 100644 --- a/modules/users/nathan/home-manager/features/packages.nix +++ b/modules/users/nathan/home-manager/features/packages.nix @@ -50,7 +50,7 @@ ]; }) - (mkIf (pkgs.stdenv.hostPlatform == "x86_64-linux") { + (mkIf (pkgs.stdenv.hostPlatform.system == "x86_64-linux") { home.packages = with pkgs; [ From d4184b882ef07d010268f49a2c207c063fc566bf Mon Sep 17 00:00:00 2001 From: Nathan Date: Sat, 25 Apr 2026 23:56:28 -0500 Subject: [PATCH 54/62] test z2w --- modules/hosts/z2w/core.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/hosts/z2w/core.nix b/modules/hosts/z2w/core.nix index 5fc6cb0..fd6b4ac 100644 --- a/modules/hosts/z2w/core.nix +++ b/modules/hosts/z2w/core.nix @@ -24,8 +24,8 @@ networking = { hostName = lib.mkDefault "z2w"; nameservers = [ "1.1.1.1" "1.0.0.1" ]; - networkmanager.enable = true; - wireless.enable = lib.mkForce false; + #networkmanager.enable = true; + #wireless.enable = lib.mkForce false; }; From 0952ba45cad015579168d2d15c06145a5e95ad4f Mon Sep 17 00:00:00 2001 From: Nathan Date: Sun, 26 Apr 2026 00:08:44 -0500 Subject: [PATCH 55/62] test z2w --- modules/features/netbird/netbird.nix | 5 ----- modules/hosts/homebox/configuration.nix | 2 ++ 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/modules/features/netbird/netbird.nix b/modules/features/netbird/netbird.nix index e9e46ce..c8ffedc 100644 --- a/modules/features/netbird/netbird.nix +++ b/modules/features/netbird/netbird.nix @@ -49,11 +49,6 @@ name = "netbird"; interface = "wt0"; hardened = false; - - login = { - enable = true; - setupKeyFile = config.sops.secrets."netbirdKey".path; - }; }; package = pkgs-us.netbird; diff --git a/modules/hosts/homebox/configuration.nix b/modules/hosts/homebox/configuration.nix index 9033631..046086e 100644 --- a/modules/hosts/homebox/configuration.nix +++ b/modules/hosts/homebox/configuration.nix @@ -60,6 +60,8 @@ nixpkgs.config.allowUnfree = true; + nix.settings.extra-sandbox-paths = [ "/nix/var/cache/ccache-kernel" ]; # this is weird + networking = { hostName = "homebox"; From e2913658567a18ef20cb1c32d315eec9b90533fb Mon Sep 17 00:00:00 2001 From: Nathan Date: Sun, 26 Apr 2026 00:13:33 -0500 Subject: [PATCH 56/62] test z2w --- modules/hosts/homebox/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/hosts/homebox/configuration.nix b/modules/hosts/homebox/configuration.nix index 046086e..85592d9 100644 --- a/modules/hosts/homebox/configuration.nix +++ b/modules/hosts/homebox/configuration.nix @@ -60,7 +60,7 @@ nixpkgs.config.allowUnfree = true; - nix.settings.extra-sandbox-paths = [ "/nix/var/cache/ccache-kernel" ]; # this is weird + nix.settings.extra-sandbox-paths = [ "/nix/var/cache/ccache-kernel" "/build/linux-6.12.82/build" ]; # this is weird networking = { From c1e557b8df5c884963530761c4339e65f5800728 Mon Sep 17 00:00:00 2001 From: Nathan Date: Sun, 26 Apr 2026 00:21:03 -0500 Subject: [PATCH 57/62] test z2w --- modules/hosts/z2w/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/hosts/z2w/default.nix b/modules/hosts/z2w/default.nix index 6cd4315..82e7b05 100644 --- a/modules/hosts/z2w/default.nix +++ b/modules/hosts/z2w/default.nix @@ -18,7 +18,7 @@ system = "aarch64-linux"; - modules = inputs.opi-zero2w.lib.withOpiZero2wEssentials [ + modules = inputs.opi-zero2w.lib.withOpiZero2wInstallerEssentials [ self.nixosModules.z2w-install-sd #self.nixosModules.z2w-hardware ]; From f7968948f653f60ece13889fed1bce8c9d0acfba Mon Sep 17 00:00:00 2001 From: Nathan Date: Sun, 26 Apr 2026 00:22:40 -0500 Subject: [PATCH 58/62] test z2w --- modules/hosts/homebox/configuration.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/modules/hosts/homebox/configuration.nix b/modules/hosts/homebox/configuration.nix index 85592d9..9033631 100644 --- a/modules/hosts/homebox/configuration.nix +++ b/modules/hosts/homebox/configuration.nix @@ -60,8 +60,6 @@ nixpkgs.config.allowUnfree = true; - nix.settings.extra-sandbox-paths = [ "/nix/var/cache/ccache-kernel" "/build/linux-6.12.82/build" ]; # this is weird - networking = { hostName = "homebox"; From 82d8816052aad3d763e18c7c51276c21d9caa613 Mon Sep 17 00:00:00 2001 From: Nathan Date: Sun, 26 Apr 2026 07:45:26 -0500 Subject: [PATCH 59/62] ignore ccache --- flake.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index 6a71923..7e5dfbf 100644 --- a/flake.nix +++ b/flake.nix @@ -18,7 +18,8 @@ nixos-hardware.url = "github:nixos/nixos-hardware/master"; - opi-zero2w.url = "github:virusdave/nixos-opi-zero2w"; + #opi-zero2w.url = "github:virusdave/nixos-opi-zero2w"; + opi-zero2w.url = "git+file:///home/nathan/Projects/tests/nixos-opi-zero2w"; sops-nix = { url = "github:Mic92/sops-nix"; From a8b2621469ec345084b53944cf807b7cfa01ab69 Mon Sep 17 00:00:00 2001 From: Nathan Date: Sun, 26 Apr 2026 11:14:46 -0500 Subject: [PATCH 60/62] test gitea docker --- flake.nix | 4 +- modules/features/gitea.nix | 65 +++++++++++++-------- modules/features/traefik/config/routing.yml | 27 --------- modules/hosts/homebox/configuration.nix | 1 + modules/hosts/laptop/configuration.nix | 1 + modules/hosts/pi4/configuration.nix | 2 +- modules/hosts/pi4/default.nix | 2 +- 7 files changed, 46 insertions(+), 56 deletions(-) diff --git a/flake.nix b/flake.nix index 7e5dfbf..a52e34a 100644 --- a/flake.nix +++ b/flake.nix @@ -18,8 +18,8 @@ nixos-hardware.url = "github:nixos/nixos-hardware/master"; - #opi-zero2w.url = "github:virusdave/nixos-opi-zero2w"; - opi-zero2w.url = "git+file:///home/nathan/Projects/tests/nixos-opi-zero2w"; + opi-zero2w.url = "github:virusdave/nixos-opi-zero2w"; + #opi-zero2w.url = "git+file:///home/nathan/Projects/tests/nixos-opi-zero2w"; sops-nix = { url = "github:Mic92/sops-nix"; diff --git a/modules/features/gitea.nix b/modules/features/gitea.nix index 237c650..4cf143a 100644 --- a/modules/features/gitea.nix +++ b/modules/features/gitea.nix @@ -80,6 +80,13 @@ repository = { DEFAULT_BRANCH = "master"; }; + + migrations = { + ALLOWED_DOMAINS = "*"; + ALLOW_LOCALNETWORKS = true; + SKIP_TLS_VERIFY = true; + BLOCKED_DOMAINS = ""; + }; }; database = { @@ -118,6 +125,25 @@ config = { + sops.secrets = { + "gitea/dbpass" = {}; + }; + + sops.templates."gitea.env".content = '' + USER_UID=1000 + USER_GID=1000 + GITEA__database__DB_TYPE=postgres + GITEA__database__HOST=db:5432 + GITEA__database__NAME=gitea + GITEA__database__USER=gitea + GITEA__database__PASSWD=${config.sops.placeholder."gitea/dbpass"} + ''; + + sops.templates."gitea-db.env".content = '' + POSTGRES_USER=gitea + POSTGRES_DB=gitea + POSTGRES_PASSWORD=${config.sops.placeholder."gitea/dbpass"} + ''; virtualisation.oci-containers.containers."${name}" = { image = "docker.gitea.com/gitea:1.25.4"; @@ -145,22 +171,27 @@ "traefik.tcp.routers.${name}-ssh.rule" = "HostSNI(`*`)"; "traefik.tcp.routers.${name}-ssh.service" = "${name}-ssh"; - "traefik.tcp.services.${name}-ssh.loadbalancer.server.port" = "22"; + "traefik.tcp.services.${name}-ssh.loadbalancer.server.port" = "2222"; }; ports = [ ]; extraOptions = [ - "--ip=192.168.101.20" + "--ip=192.168.101.25" ]; volumes = [ - "vol_gitea:/data" + "/etc/gitea/data:/data" ]; - environment = { - }; + environmentFiles = [ + config.sops.templates."gitea.env".path + ]; + + dependsOn = [ + "${name}-db" + ]; }; virtualisation.oci-containers.containers."${name}-db" = { @@ -182,15 +213,16 @@ ]; extraOptions = [ - "--ip=192.168.101.21" + "--ip=192.168.101.26" ]; volumes = [ "/etc/gitea/db:/var/lib/postgresql/data" ]; - environment = { - }; + environmentFiles = [ + config.sops.templates."gitea-db.env".path + ]; }; systemd.services."docker-gitea" = { @@ -202,12 +234,10 @@ }; after = [ "docker-network-setup.service" - "docker-volume-gitea.service" "docker-gitea-db.service" ]; requires = [ "docker-network-setup.service" - "docker-volume-gitea.service" "docker-gitea-db.service" ]; partOf = [ @@ -238,21 +268,6 @@ "docker-compose-gitea-root.target" ]; }; - - systemd.services."docker-volume-gitea" = { - path = [ pkgs.docker ]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - }; - script = '' - docker volume inspect vol_gitea || docker volume create vol_gitea --driver=local - ''; - partOf = [ "docker-compose-gitea-root.target" ]; - wantedBy = [ "docker-compose-gitea-root.target" ]; - }; - }; }; - } diff --git a/modules/features/traefik/config/routing.yml b/modules/features/traefik/config/routing.yml index 280ef38..a555b40 100644 --- a/modules/features/traefik/config/routing.yml +++ b/modules/features/traefik/config/routing.yml @@ -20,15 +20,6 @@ http: tls: certResolver: "cloudflare" - gitea: - entryPoints: - - "localsecure" - - "websecure" - rule: "Host(`gitea.esotericbytes.com`)" - service: "gitea" - tls: - certResolver: "cloudflare" - octoprint: entryPoints: - "localsecure" @@ -49,27 +40,9 @@ http: servers: - url: "http://192.168.100.31:4444" - gitea: - loadBalancer: - servers: - - url: "http://192.168.100.20:3000" - octoprint: loadBalancer: servers: - url: "http://rpi-3dp.local" passHostHeader: true -tcp: - routers: - gitea-ssh: - entryPoints: - - "gitea-ssh" - rule: "HostSNI(`*`)" - service: "gitea-ssh" - - services: - gitea-ssh: - loadBalancer: - servers: - - address: "192.168.100.20:2222" diff --git a/modules/hosts/homebox/configuration.nix b/modules/hosts/homebox/configuration.nix index 9033631..6230dff 100644 --- a/modules/hosts/homebox/configuration.nix +++ b/modules/hosts/homebox/configuration.nix @@ -25,6 +25,7 @@ n8n code-server gitea + gitea-docker jellyfin nginx ollama-docker diff --git a/modules/hosts/laptop/configuration.nix b/modules/hosts/laptop/configuration.nix index 9efb3bd..ee91382 100644 --- a/modules/hosts/laptop/configuration.nix +++ b/modules/hosts/laptop/configuration.nix @@ -32,6 +32,7 @@ efi.canTouchEfiVariables = true; timeout = null; }; + binfmt.emulatedSystems = [ "aarch64-linux" ]; }; systemd.settings.Manager.DefaultLimitNOFILE = 2048; diff --git a/modules/hosts/pi4/configuration.nix b/modules/hosts/pi4/configuration.nix index 5964f98..ea24734 100644 --- a/modules/hosts/pi4/configuration.nix +++ b/modules/hosts/pi4/configuration.nix @@ -33,7 +33,7 @@ imports = with self.nixosModules; [ - pi4-core-disko + pi4-core netbird-sbc remoteBuilds diff --git a/modules/hosts/pi4/default.nix b/modules/hosts/pi4/default.nix index 781ad0e..2128487 100644 --- a/modules/hosts/pi4/default.nix +++ b/modules/hosts/pi4/default.nix @@ -11,7 +11,7 @@ modules = [ self.nixosModules.pi4 self.nixosModules.pi4-hardware - self.diskoConfigurations.pi4 + #self.diskoConfigurations.pi4 ]; }; From a4b3430a8c6f90530f647529232744c77301c84d Mon Sep 17 00:00:00 2001 From: Nathan Date: Sun, 26 Apr 2026 11:18:48 -0500 Subject: [PATCH 61/62] test gitea docker --- modules/features/gitea.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/features/gitea.nix b/modules/features/gitea.nix index 4cf143a..02b3f6e 100644 --- a/modules/features/gitea.nix +++ b/modules/features/gitea.nix @@ -159,7 +159,7 @@ labels = { "traefik.enable" = "true"; - "traefik.http.routers.${name}.entrypoints" = "localsecure"; + "traefik.http.routers.${name}.entrypoints" = "websecure"; "traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)"; "traefik.http.routers.${name}.service" = "${name}"; "traefik.http.routers.${name}.tls.certResolver" = "cloudflare"; From fe29c5ff4b6867b51784a3ff0ac2360d85d755f6 Mon Sep 17 00:00:00 2001 From: Nathan Date: Sun, 26 Apr 2026 11:22:46 -0500 Subject: [PATCH 62/62] test gitea docker --- modules/features/gitea.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/features/gitea.nix b/modules/features/gitea.nix index 02b3f6e..1f1de93 100644 --- a/modules/features/gitea.nix +++ b/modules/features/gitea.nix @@ -133,7 +133,7 @@ USER_UID=1000 USER_GID=1000 GITEA__database__DB_TYPE=postgres - GITEA__database__HOST=db:5432 + GITEA__database__HOST=${name}-db:5432 GITEA__database__NAME=gitea GITEA__database__USER=gitea GITEA__database__PASSWD=${config.sops.placeholder."gitea/dbpass"}