From b9127d0e603f4ff6f8a092e6d6ef49a760370cee Mon Sep 17 00:00:00 2001 From: "RingOfStorms (Joshua Bell)" Date: Tue, 28 Oct 2025 16:27:22 -0500 Subject: [PATCH 01/10] add thunar, and new envrc import --- flakes/common/nix_modules/de_i3.nix | 1 + .../common/nix_modules/essentials/default.nix | 1 + .../essentials/envrc-import.func.sh | 51 +++++++++++++++++++ 3 files changed, 53 insertions(+) create mode 100644 flakes/common/nix_modules/essentials/envrc-import.func.sh diff --git a/flakes/common/nix_modules/de_i3.nix b/flakes/common/nix_modules/de_i3.nix index ecbfed7..ae0bda4 100644 --- a/flakes/common/nix_modules/de_i3.nix +++ b/flakes/common/nix_modules/de_i3.nix @@ -24,6 +24,7 @@ dmenu maim xclip + xfce.thunar ]; }; displayManager = { diff --git a/flakes/common/nix_modules/essentials/default.nix b/flakes/common/nix_modules/essentials/default.nix index 70d4de5..1f59169 100644 --- a/flakes/common/nix_modules/essentials/default.nix +++ b/flakes/common/nix_modules/essentials/default.nix @@ -53,5 +53,6 @@ with lib; environment.shellInit = lib.concatStringsSep "\n\n" [ (builtins.readFile ./unix_utils.func.sh) (builtins.readFile ./nixpkg.func.sh) + (builtins.readFile ./envrc-import.func.sh) ]; } diff --git a/flakes/common/nix_modules/essentials/envrc-import.func.sh b/flakes/common/nix_modules/essentials/envrc-import.func.sh new file mode 100644 index 0000000..e588e3e --- /dev/null +++ b/flakes/common/nix_modules/essentials/envrc-import.func.sh @@ -0,0 +1,51 @@ +# Function to import a .envrc from a central repository of flake wrappers +# It finds all subdirectories in a configured path that contain a .envrc file, +# lets you choose one with fzf, and appends its content to the local .envrc. +envrc() { + # --- CONFIGURATION --- + # Set this to the path where your flake wrapper projects are stored. + local FLAKE_WRAPPERS_DIR="$HOME/projects/flake_wrappers" + + # Check if the source directory exists + if [ ! -d "$FLAKE_WRAPPERS_DIR" ]; then + echo "Error: Directory not found: $FLAKE_WRAPPERS_DIR" >&2 + echo "Please configure the FLAKE_WRAPPERS_DIR variable in the import_envrc function." >&2 + return 1 + fi + + # Find all subdirectories that contain a .envrc file. + # -mindepth 1 and -maxdepth 1 ensure we only search the immediate children. + # The `-exec test -f {}/.envrc \;` part checks for the existence of the file. + # We use `fzf` to create an interactive menu. + # The --preview shows the content of the .envrc file for the highlighted entry. + # `bat` is used for preview if available, otherwise it falls back to `cat`. + local selected_dir=$(find "$FLAKE_WRAPPERS_DIR" -mindepth 1 -maxdepth 1 -type d -exec test -f {}/.envrc \; -print | \ + fzf --prompt="Select a Flake Wrapper to import > " \ + --header="[CTRL-C or ESC to quit]" \ + --preview="([[ -x \"$(command -v bat)\" ]] && bat --color=always --plain {}/.envrc) || cat {}/.envrc" \ + --preview-window="right:60%:wrap") + + # If the user pressed ESC or CTRL-C, fzf returns an empty string. + # The `[ -z "$selected_dir" ]` check handles this case. + if [ -z "$selected_dir" ]; then + echo "No selection made. Operation cancelled." + return 1 + fi + + local source_envrc="$selected_dir/.envrc" + + # Check if the selected .envrc file is readable + if [ ! -r "$source_envrc" ]; then + echo "Error: Cannot read file: $source_envrc" >&2 + return 1 + fi + + # Append the contents of the selected .envrc to the local .envrc file. + # The `>>` operator will create the file if it doesn't exist, or append if it does. + # We add a newline before appending to ensure separation if the local file doesn't end with one. + printf "\n# Imported from %s\n" "$source_envrc" >> ./.envrc + cat "$source_envrc" >> ./.envrc + + echo "✅ Successfully appended '$source_envrc' to the local .envrc file." + ndr +} From 071ae90c08568266c7bbc84944da682b0ba948e2 Mon Sep 17 00:00:00 2001 From: "RingOfStorms (Joshua Bell)" Date: Tue, 28 Oct 2025 23:26:21 -0500 Subject: [PATCH 02/10] attempt dark mode i3 de --- flakes/common/hm_modules/de_i3/default.nix | 3 ++- flakes/common/hm_modules/de_i3/i3.nix | 6 ++++++ flakes/common/hm_modules/de_i3/theme.nix | 16 ++++++++++++++++ flakes/common/hm_modules/launcher_rofi.nix | 2 +- 4 files changed, 25 insertions(+), 2 deletions(-) create mode 100644 flakes/common/hm_modules/de_i3/theme.nix diff --git a/flakes/common/hm_modules/de_i3/default.nix b/flakes/common/hm_modules/de_i3/default.nix index 7af8291..8274537 100644 --- a/flakes/common/hm_modules/de_i3/default.nix +++ b/flakes/common/hm_modules/de_i3/default.nix @@ -1,4 +1,5 @@ { ... }: { - imports = [ ./i3.nix ./polybar.nix ]; + imports = [ ./i3.nix ./polybar.nix ./theme.nix ]; } + diff --git a/flakes/common/hm_modules/de_i3/i3.nix b/flakes/common/hm_modules/de_i3/i3.nix index 14b5404..e6fb2ef 100644 --- a/flakes/common/hm_modules/de_i3/i3.nix +++ b/flakes/common/hm_modules/de_i3/i3.nix @@ -9,6 +9,12 @@ default_border pixel 1 default_floating_border pixel 1 floating_modifier Mod4 + + # Dark mode colors + client.focused #2e3440 #4c566a #eceff4 #4c566a #2e3440 + client.unfocused #2e3440 #2e3440 #d8dee9 #2e3440 #2e3440 + client.focused_inactive #2e3440 #3b4252 #e5e9f0 #3b4252 #2e3440 + client.urgent #2e3440 #bf616a #eceff4 #bf616a #2e3440 ''; config = rec { modifier = "Mod4"; diff --git a/flakes/common/hm_modules/de_i3/theme.nix b/flakes/common/hm_modules/de_i3/theme.nix new file mode 100644 index 0000000..0b6d7ce --- /dev/null +++ b/flakes/common/hm_modules/de_i3/theme.nix @@ -0,0 +1,16 @@ +{ pkgs, ... }: +{ + home.pointerCursor = { + gtk.enable = true; + x11.enable = true; + package = pkgs.bibata-cursors; + name = "Bibata-Modern-Classic"; + size = 16; + }; + gtk = { + enable = true; + theme = { package = pkgs.flat-remix-gtk; name = "Flat-Remix-GTK-Grey-Darkest"; }; + iconTheme = { package = pkgs.adwaita-icon-theme; name = "Adwaita"; }; + font = { name = "Sans"; size = 11; }; + }; +} diff --git a/flakes/common/hm_modules/launcher_rofi.nix b/flakes/common/hm_modules/launcher_rofi.nix index 353b29e..df884a9 100644 --- a/flakes/common/hm_modules/launcher_rofi.nix +++ b/flakes/common/hm_modules/launcher_rofi.nix @@ -10,7 +10,7 @@ modi = "drun,run,ssh,window,calc"; terminal = "alacritty"; }; - theme = "glue_pro_blue"; + theme = "Arc-Dark"; }; programs.wofi = { enable = true; From 892c4a9f9693e7943671d381530682b09237c56c Mon Sep 17 00:00:00 2001 From: "RingOfStorms (Joshua Bell)" Date: Wed, 29 Oct 2025 00:31:05 -0500 Subject: [PATCH 03/10] update litellm --- hosts/h001/flake.lock | 14 ++++----- hosts/h001/flake.nix | 2 +- hosts/h001/mods/litellm.nix | 60 +++++++++++++++++-------------------- 3 files changed, 35 insertions(+), 41 deletions(-) diff --git a/hosts/h001/flake.lock b/hosts/h001/flake.lock index 65be22d..c5f136e 100644 --- a/hosts/h001/flake.lock +++ b/hosts/h001/flake.lock @@ -505,11 +505,11 @@ }, "litellm-nixpkgs": { "locked": { - "lastModified": 1760524057, - "narHash": "sha256-EVAqOteLBFmd7pKkb0+FIUyzTF61VKi7YmvP1tw4nEw=", + "lastModified": 1761373498, + "narHash": "sha256-Q/uhWNvd7V7k1H1ZPMy/vkx3F8C13ZcdrKjO7Jv7v0c=", "owner": "nixos", "repo": "nixpkgs", - "rev": "544961dfcce86422ba200ed9a0b00dd4b1486ec5", + "rev": "6a08e6bb4e46ff7fcbb53d409b253f6bad8a28ce", "type": "github" }, "original": { @@ -1564,17 +1564,17 @@ }, "open-webui-nixpkgs": { "locked": { - "lastModified": 1759036355, - "narHash": "sha256-0m27AKv6ka+q270dw48KflE0LwQYrO7Fm4/2//KCVWg=", + "lastModified": 1761373498, + "narHash": "sha256-Q/uhWNvd7V7k1H1ZPMy/vkx3F8C13ZcdrKjO7Jv7v0c=", "owner": "nixos", "repo": "nixpkgs", - "rev": "e9f00bd893984bc8ce46c895c3bf7cac95331127", + "rev": "6a08e6bb4e46ff7fcbb53d409b253f6bad8a28ce", "type": "github" }, "original": { "owner": "nixos", + "ref": "nixos-unstable", "repo": "nixpkgs", - "rev": "e9f00bd893984bc8ce46c895c3bf7cac95331127", "type": "github" } }, diff --git a/hosts/h001/flake.nix b/hosts/h001/flake.nix index 3ef255e..05e7a48 100644 --- a/hosts/h001/flake.nix +++ b/hosts/h001/flake.nix @@ -2,7 +2,7 @@ inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05"; # nixpkgs-unstable.url = "github:wrvsrx/nixpkgs/fix-open-webui"; - open-webui-nixpkgs.url = "github:nixos/nixpkgs/e9f00bd893984bc8ce46c895c3bf7cac95331127"; + open-webui-nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; litellm-nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; trilium-nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; oauth2-proxy-nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; diff --git a/hosts/h001/mods/litellm.nix b/hosts/h001/mods/litellm.nix index 178d4c4..b81109f 100644 --- a/hosts/h001/mods/litellm.nix +++ b/hosts/h001/mods/litellm.nix @@ -43,16 +43,33 @@ in drop_params = true; }; model_list = [ - # 宙 Proxy - # { # NOTE model discovery not working yet? https://canary.discord.com/channels/1123360753068540065/1409974123987210350/1427864010241609752 - # model_name = "litellm_proxy/*"; - # litellm_params = { - # model = "litellm_proxy/*"; - # api_base = "http://100.64.0.8:9010/air_key"; - # api_key = "os.environ/LITELLM_PROXY_API_KEY"; - # }; - # } ] + # Copilot + ++ (builtins.map + (m: { + model_name = "copilot-${m}"; + litellm_params = { + model = "github_copilot/${m}"; + extra_headers = { + editor-version = "vscode/${pkgs.vscode.version}"; + editor-plugin-version = "copilot/${pkgs.vscode-extensions.github.copilot.version}"; + Copilot-Integration-Id = "vscode-chat"; + Copilot-Vision-Request = "true"; + user-agent = "GithubCopilot/${pkgs.vscode-extensions.github.copilot.version}"; + }; + }; + + }) + # List from https://github.com/settings/copilot/features enabled models + [ + "claude-sonnet-3.5" + "claude-sonnet-4" + "claude-sonnet-4.5" + "gemini-2.5-pro" + "openai-gpt-5" + "openai-gpt-5-mini" + ] + ) # Azure ++ (builtins.map (m: { @@ -74,36 +91,13 @@ in # "gpt-5-codex-2025-09-15" ] ) - # Copilot - ++ (builtins.map - (m: { - model_name = "copilot-${m}"; - litellm_params = { - model = "github_copilot/${m}"; - extra_headers = { - editor-version = "vscode/${pkgs.vscode.version}"; - editor-plugin-version = "copilot/${pkgs.vscode-extensions.github.copilot.version}"; - Copilot-Integration-Id = "vscode-chat"; - Copilot-Vision-Request = "true"; - user-agent = "GithubCopilot/${pkgs.vscode-extensions.github.copilot.version}"; - }; - }; - - }) - # List from https://github.com/settings/copilot/features enabled models - [ - "claude-sonnet-4.5" - "claude-sonnet-4" - "gemini-2.5-pro" - ] - ) # 宙 Proxy ++ (builtins.map (m: { model_name = "air-${m}"; litellm_params = { model = "litellm_proxy/${m}"; - api_base = "http://100.64.0.8:9010/air_key"; + api_base = "http://100.64.0.8:9010/air_prd"; api_key = "os.environ/LITELLM_PROXY_API_KEY"; }; }) From d737af3c7aa6f012c26e2fbbb12c5a20e3af28c1 Mon Sep 17 00:00:00 2001 From: "RingOfStorms (Joshua Bell)" Date: Wed, 29 Oct 2025 00:47:19 -0500 Subject: [PATCH 04/10] many items --- flakes/common/hm_modules/de_i3/theme.nix | 13 +++++++++++- hosts/h001/mods/openbao.nix | 25 +++++++++++++++++++----- hosts/h001/nginx.nix | 1 + hosts/linode/l001/headscale.nix | 1 + hosts/lio/flake.lock | 8 ++++---- hosts/lio/flake.nix | 1 + hosts/oracle/o001/nginx.nix | 7 +++++++ secrets_epic.md | 14 +++++++------ 8 files changed, 54 insertions(+), 16 deletions(-) diff --git a/flakes/common/hm_modules/de_i3/theme.nix b/flakes/common/hm_modules/de_i3/theme.nix index 0b6d7ce..7d37d67 100644 --- a/flakes/common/hm_modules/de_i3/theme.nix +++ b/flakes/common/hm_modules/de_i3/theme.nix @@ -5,8 +5,19 @@ x11.enable = true; package = pkgs.bibata-cursors; name = "Bibata-Modern-Classic"; - size = 16; + size = 14; }; + + # Ensure all X11 apps see the same cursor settings + xresources.properties = { + "Xcursor.theme" = "Bibata-Modern-Classic"; + "Xcursor.size" = 14; + }; + home.sessionVariables = { + XCURSOR_THEME = "Bibata-Modern-Classic"; + XCURSOR_SIZE = "14"; + }; + gtk = { enable = true; theme = { package = pkgs.flat-remix-gtk; name = "Flat-Remix-GTK-Grey-Darkest"; }; diff --git a/hosts/h001/mods/openbao.nix b/hosts/h001/mods/openbao.nix index 74927ab..78e3bd5 100644 --- a/hosts/h001/mods/openbao.nix +++ b/hosts/h001/mods/openbao.nix @@ -5,23 +5,38 @@ ... }: { + services.nginx = { + virtualHosts = { + "sec.joshuabell.xyz" = { + addSSL = true; + sslCertificate = "/var/lib/acme/joshuabell.xyz/fullchain.pem"; + sslCertificateKey = "/var/lib/acme/joshuabell.xyz/key.pem"; + locations."/" = { + proxyWebsockets = true; + proxyPass = "http://localhost:8200"; + recommendedProxySettings = true; + }; + }; + }; + }; + services.openbao = { enable = true; package = pkgs.openbao; - + settings = { ui = true; - + listener.default = { type = "tcp"; address = "127.0.0.1:8200"; tls_disable = true; # nginx will handle TLS }; - + storage.file = { path = "/var/lib/openbao"; }; - + # Disable mlock requirement for development # In production, you may want to enable this disable_mlock = true; @@ -42,7 +57,7 @@ ProtectSystem = "strict"; ProtectHome = true; ReadWritePaths = [ "/var/lib/openbao" ]; - + # Resource limits LimitNOFILE = 65536; LimitNPROC = 4096; diff --git a/hosts/h001/nginx.nix b/hosts/h001/nginx.nix index a808ab2..530fe30 100644 --- a/hosts/h001/nginx.nix +++ b/hosts/h001/nginx.nix @@ -17,6 +17,7 @@ let in { # TODO transfer these to o001 to use same certs? + # Will I ever get rate limited by lets encrypt with both doing their own? security.acme = lib.mkIf (hasSecret "linode_rw_domains") { acceptTerms = true; defaults.email = "admin@joshuabell.xyz"; diff --git a/hosts/linode/l001/headscale.nix b/hosts/linode/l001/headscale.nix index 98f93bb..0d4ac78 100644 --- a/hosts/linode/l001/headscale.nix +++ b/hosts/linode/l001/headscale.nix @@ -32,6 +32,7 @@ (h001ARecord "chat") (h001ARecord "sso-proxy") (h001ARecord "n8n") + (h001ARecord "sec") (h001ARecord "sso") (h001ARecord "gist") (h001ARecord "git") diff --git a/hosts/lio/flake.lock b/hosts/lio/flake.lock index 1c62189..ce26221 100644 --- a/hosts/lio/flake.lock +++ b/hosts/lio/flake.lock @@ -1207,11 +1207,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1761621645, - "narHash": "sha256-pbwLPnz2WEAJ4K6d/iBy0u/Rko9NLaN8gn8NqsBzUNo=", + "lastModified": 1761712156, + "narHash": "sha256-4vU7FPZFXSFguQUIPrbLQOk3VSokp6RH8t7zQoqneow=", "ref": "refs/heads/master", - "rev": "26dd42aebb0b2bc218acf2e36113997133f4dbbd", - "revCount": 319, + "rev": "04f666dabbaced8d661693cfbe4eb7efa359ce7d", + "revCount": 320, "type": "git", "url": "https://git.joshuabell.xyz/ringofstorms/nvim" }, diff --git a/hosts/lio/flake.nix b/hosts/lio/flake.nix index 69d8c92..2af9344 100644 --- a/hosts/lio/flake.nix +++ b/hosts/lio/flake.nix @@ -49,6 +49,7 @@ secrets.nixosModules.default ros_neovim.nixosModules.default + ({ ... }: { ringofstorms-nvim.includeAllRuntimeDependencies = true; }) flatpaks.nixosModules.default common.nixosModules.essentials diff --git a/hosts/oracle/o001/nginx.nix b/hosts/oracle/o001/nginx.nix index a87fa9b..20f2eb5 100644 --- a/hosts/oracle/o001/nginx.nix +++ b/hosts/oracle/o001/nginx.nix @@ -187,6 +187,13 @@ proxyPass = "http://100.64.0.13"; }; }; + "sec.joshuabell.xyz" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://100.64.0.13"; + }; + }; "sso.joshuabell.xyz" = { enableACME = true; forceSSL = true; diff --git a/secrets_epic.md b/secrets_epic.md index beb8945..faef05d 100644 --- a/secrets_epic.md +++ b/secrets_epic.md @@ -41,14 +41,16 @@ services.openbao = { ### 1.2 Configure Nginx Reverse Proxy -**File:** `hosts/h001/nginx.nix` +**File:** Put this inside of the openbao.nix file as well above or below the existing configuration. **Tasks:** -- [ ] Add virtualHost for `vault.joshuabell.xyz` -- [ ] Configure SSL using existing ACME wildcard cert -- [ ] Set up proxy to `http://127.0.0.1:8200` -- [ ] Enable websockets for UI -- [ ] Add security headers +- [x] Add virtualHost for `sec.joshuabell.xyz` +- [x] Configure SSL using existing ACME wildcard cert +- [x] Add virtualHost for `sec.joshuabell.xyz` +- [x] Configure SSL using existing ACME wildcard cert +- [x] Set up proxy to `http://127.0.0.1:8200` +- [x] Enable websockets for UI +- [x] Add security headers **Expected config:** ```nix From 5694d66e1b6457459cbff32a3c27f6dfdc4d433d Mon Sep 17 00:00:00 2001 From: "RingOfStorms (Joshua Bell)" Date: Mon, 3 Nov 2025 22:10:53 -0600 Subject: [PATCH 05/10] 60hz cause of no working cable --- hosts/lio/i3_customizations.nix | 3 ++- secrets_epic.md | 22 +++++++++++----------- 2 files changed, 13 insertions(+), 12 deletions(-) diff --git a/hosts/lio/i3_customizations.nix b/hosts/lio/i3_customizations.nix index d53cb44..c125e8c 100644 --- a/hosts/lio/i3_customizations.nix +++ b/hosts/lio/i3_customizations.nix @@ -14,7 +14,8 @@ let ''; bg1 = ../_shared_assets/wallpapers/pixel_neon.png; bg2 = ../_shared_assets/wallpapers/pixel_neon_v.png; - xrSetup = "xrandr --output DP-1 --mode 3840x2160 --rate 97.98 --pos 0x0 --primary; sleep 0.2; xrandr --output DP-2 --mode 3440x1440 --rate 99.98 --rotate left --left-of DP-1"; + # xrSetup = "xrandr --output DP-1 --mode 3840x2160 --rate 97.98 --pos 0x0 --primary; sleep 0.2; xrandr --output DP-2 --mode 3440x1440 --rate 99.98 --rotate left --left-of DP-1"; + xrSetup = "xrandr --output DP-1 --mode 3840x2160 --rate 60 --pos 0x0 --primary; sleep 0.2; xrandr --output DP-2 --mode 3440x1440 --rate 99.98 --rotate left --left-of DP-1"; xwallpaperCmd = "xwallpaper --output DP-1 --zoom ${bg1} --output DP-2 --zoom ${bg2}"; startupCmd = "sh -c 'sleep 0.2; i3-msg workspace number 7; sleep 0.2; i3-msg workspace number 1'"; i3ExtraOptions = { diff --git a/secrets_epic.md b/secrets_epic.md index faef05d..630bfc7 100644 --- a/secrets_epic.md +++ b/secrets_epic.md @@ -54,7 +54,7 @@ services.openbao = { **Expected config:** ```nix -services.nginx.virtualHosts."vault.joshuabell.xyz" = { +services.nginx.virtualHosts."sec.joshuabell.xyz" = { addSSL = true; sslCertificate = "/var/lib/acme/joshuabell.xyz/fullchain.pem"; sslCertificateKey = "/var/lib/acme/joshuabell.xyz/key.pem"; @@ -76,12 +76,12 @@ services.nginx.virtualHosts."vault.joshuabell.xyz" = { ### 1.4 Initial Deployment **Tasks:** -- [ ] Deploy to h001 with `nixos-rebuild switch` -- [ ] Verify OpenBao service is running -- [ ] Access UI at `https://vault.joshuabell.xyz` -- [ ] Initialize OpenBao (generates root token and unseal keys) -- [ ] Save unseal keys and root token securely (LastPass/Bitwarden) -- [ ] Unseal the vault +- [x] Deploy to h001 with `nixos-rebuild switch` +- [x] Verify OpenBao service is running +- [x] Access UI at `https://sec.joshuabell.xyz` +- [x] Initialize OpenBao (generates root token and unseal keys) +- [x] Save unseal keys and root token securely (LastPass/Bitwarden) +- [x] Unseal the vault **Commands:** ```bash @@ -106,7 +106,7 @@ openbao operator unseal **Commands:** ```bash -export VAULT_ADDR='https://vault.joshuabell.xyz' +export VAULT_ADDR='https://sec.joshuabell.xyz' openbao login openbao secrets enable -version=2 kv openbao kv put kv/test password=hello @@ -277,7 +277,7 @@ in { **Tasks:** - [ ] Import vault-agent module - [ ] Configure vault-agent for h001: - - vault address: `https://vault.joshuabell.xyz` + - vault address: `https://sec.joshuabell.xyz` - role: `nixos-h001` - JWT path: `/etc/vault/h001-jwt` - [ ] Define secrets needed by h001 services @@ -287,7 +287,7 @@ in { ```nix services.vault-agent = { enable = true; - vaultAddress = "https://vault.joshuabell.xyz"; + vaultAddress = "https://sec.joshuabell.xyz"; role = "nixos-h001"; secrets = { postgres-password = { @@ -515,7 +515,7 @@ openbao kv put kv/hosts/h001/openwebui \ ## Success Criteria -- [ ] OpenBao running and accessible at `https://vault.joshuabell.xyz` +- [ ] OpenBao running and accessible at `https://sec.joshuabell.xyz` - [ ] Zitadel OIDC authentication working for machine users - [ ] At least 3 secrets migrated from agenix to OpenBao - [ ] Services on h001 starting successfully with vault-agent secrets From 5f89df58b714eee559468ec953593734f21a7738 Mon Sep 17 00:00:00 2001 From: "RingOfStorms (Joshua Bell)" Date: Thu, 6 Nov 2025 17:19:29 -0600 Subject: [PATCH 06/10] 120hz DP --- hosts/lio/flake.nix | 11 ++++++++++- hosts/lio/i3_customizations.nix | 4 ++-- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/hosts/lio/flake.nix b/hosts/lio/flake.nix index 2af9344..f20a08d 100644 --- a/hosts/lio/flake.nix +++ b/hosts/lio/flake.nix @@ -49,7 +49,12 @@ secrets.nixosModules.default ros_neovim.nixosModules.default - ({ ... }: { ringofstorms-nvim.includeAllRuntimeDependencies = true; }) + ( + { ... }: + { + ringofstorms-nvim.includeAllRuntimeDependencies = true; + } + ) flatpaks.nixosModules.default common.nixosModules.essentials @@ -151,6 +156,10 @@ "org.blender.Blender" "com.rustdesk.RustDesk" ]; + + networking.firewall.allowedTCPPorts = [ + 8080 + ]; } ) ]; diff --git a/hosts/lio/i3_customizations.nix b/hosts/lio/i3_customizations.nix index c125e8c..3a92e46 100644 --- a/hosts/lio/i3_customizations.nix +++ b/hosts/lio/i3_customizations.nix @@ -14,8 +14,8 @@ let ''; bg1 = ../_shared_assets/wallpapers/pixel_neon.png; bg2 = ../_shared_assets/wallpapers/pixel_neon_v.png; - # xrSetup = "xrandr --output DP-1 --mode 3840x2160 --rate 97.98 --pos 0x0 --primary; sleep 0.2; xrandr --output DP-2 --mode 3440x1440 --rate 99.98 --rotate left --left-of DP-1"; - xrSetup = "xrandr --output DP-1 --mode 3840x2160 --rate 60 --pos 0x0 --primary; sleep 0.2; xrandr --output DP-2 --mode 3440x1440 --rate 99.98 --rotate left --left-of DP-1"; + xrSetup = "xrandr --output DP-1 --mode 3840x2160 --rate 120.00 --pos 0x0 --primary; sleep 0.2; xrandr --output DP-2 --mode 3440x1440 --rate 99.98 --rotate left --left-of DP-1"; + # xrSetup = "xrandr --output DP-1 --mode 3840x2160 --rate 60 --pos 0x0 --primary; sleep 0.2; xrandr --output DP-2 --mode 3440x1440 --rate 99.98 --rotate left --left-of DP-1"; xwallpaperCmd = "xwallpaper --output DP-1 --zoom ${bg1} --output DP-2 --zoom ${bg2}"; startupCmd = "sh -c 'sleep 0.2; i3-msg workspace number 7; sleep 0.2; i3-msg workspace number 1'"; i3ExtraOptions = { From 82a3c325cff4642aab57489f7e4cd53d4b0a5179 Mon Sep 17 00:00:00 2001 From: "RingOfStorms (Joshua Bell)" Date: Thu, 6 Nov 2025 18:11:13 -0600 Subject: [PATCH 07/10] back to 60hz dongle did not work --- hosts/lio/i3_customizations.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hosts/lio/i3_customizations.nix b/hosts/lio/i3_customizations.nix index 3a92e46..4f294e5 100644 --- a/hosts/lio/i3_customizations.nix +++ b/hosts/lio/i3_customizations.nix @@ -14,8 +14,8 @@ let ''; bg1 = ../_shared_assets/wallpapers/pixel_neon.png; bg2 = ../_shared_assets/wallpapers/pixel_neon_v.png; - xrSetup = "xrandr --output DP-1 --mode 3840x2160 --rate 120.00 --pos 0x0 --primary; sleep 0.2; xrandr --output DP-2 --mode 3440x1440 --rate 99.98 --rotate left --left-of DP-1"; - # xrSetup = "xrandr --output DP-1 --mode 3840x2160 --rate 60 --pos 0x0 --primary; sleep 0.2; xrandr --output DP-2 --mode 3440x1440 --rate 99.98 --rotate left --left-of DP-1"; + # xrSetup = "xrandr --output DP-1 --mode 3840x2160 --rate 119.88 --pos 0x0 --primary; sleep 0.2; xrandr --output DP-2 --mode 3440x1440 --rate 99.98 --rotate left --left-of DP-1"; + xrSetup = "xrandr --output DP-1 --mode 3840x2160 --rate 60 --pos 0x0 --primary; sleep 0.2; xrandr --output DP-2 --mode 3440x1440 --rate 99.98 --rotate left --left-of DP-1"; xwallpaperCmd = "xwallpaper --output DP-1 --zoom ${bg1} --output DP-2 --zoom ${bg2}"; startupCmd = "sh -c 'sleep 0.2; i3-msg workspace number 7; sleep 0.2; i3-msg workspace number 1'"; i3ExtraOptions = { From 0f2b6ca253edf955e678cc5e8a03ef7b3dfc7eb5 Mon Sep 17 00:00:00 2001 From: "RingOfStorms (Joshua Bell)" Date: Sat, 8 Nov 2025 23:41:28 +0000 Subject: [PATCH 08/10] convert h001 to new flake module style --- flakes/common/hm_modules/ssh.nix | 5 + hosts/h001/configuration.nix | 4 - hosts/h001/flake.lock | 848 +++++++------------------------ hosts/h001/flake.nix | 144 +++--- hosts/h001/mods/pinchflat.nix | 12 + hosts/h001/readme.md | 1 - 6 files changed, 284 insertions(+), 730 deletions(-) delete mode 100644 hosts/h001/configuration.nix delete mode 100644 hosts/h001/readme.md diff --git a/flakes/common/hm_modules/ssh.nix b/flakes/common/hm_modules/ssh.nix index 50c4e68..e86e3ab 100644 --- a/flakes/common/hm_modules/ssh.nix +++ b/flakes/common/hm_modules/ssh.nix @@ -129,6 +129,11 @@ in user = "luser"; }; "h003" = lib.mkIf (hasSecret "nix2h003") { + identityFile = age.secrets.nix2h003.path; + hostname = "10.12.14.1"; + user = "luser"; + }; + "h003_" = lib.mkIf (hasSecret "nix2h003") { identityFile = age.secrets.nix2h003.path; user = "luser"; }; diff --git a/hosts/h001/configuration.nix b/hosts/h001/configuration.nix deleted file mode 100644 index 96ce2ae..0000000 --- a/hosts/h001/configuration.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ ... }: -{ - system.stateVersion = "24.11"; # Did you read the comment? -} diff --git a/hosts/h001/flake.lock b/hosts/h001/flake.lock index c5f136e..a1a3bf2 100644 --- a/hosts/h001/flake.lock +++ b/hosts/h001/flake.lock @@ -5,11 +5,11 @@ "darwin": "darwin", "home-manager": "home-manager_2", "nixpkgs": [ - "common", + "secrets", "ragenix", "nixpkgs" ], - "systems": "systems_2" + "systems": "systems" }, "locked": { "lastModified": 1736955230, @@ -25,64 +25,16 @@ "type": "github" } }, - "aquamarine": { - "inputs": { - "hyprutils": [ - "common", - "hyprland", - "hyprutils" - ], - "hyprwayland-scanner": [ - "common", - "hyprland", - "hyprwayland-scanner" - ], - "nixpkgs": [ - "common", - "hyprland", - "nixpkgs" - ], - "systems": [ - "common", - "hyprland", - "systems" - ] - }, - "locked": { - "lastModified": 1759499898, - "narHash": "sha256-UNzYHLWfkSzLHDep5Ckb5tXc0fdxwPIrT+MY4kpQttM=", - "owner": "hyprwm", - "repo": "aquamarine", - "rev": "655e067f96fd44b3f5685e17f566b0e4d535d798", - "type": "github" - }, - "original": { - "owner": "hyprwm", - "repo": "aquamarine", - "type": "github" - } - }, "common": { - "inputs": { - "home-manager": "home-manager", - "hyprland": "hyprland", - "nix-flatpak": "nix-flatpak", - "nixpkgs": "nixpkgs_3", - "ragenix": "ragenix" - }, "locked": { - "lastModified": 1760816519, - "narHash": "sha256-f6xAZROOBHWrmKdmVxmVpNjg6Q7EwwBRcaQ+VmnWBeQ=", - "ref": "refs/heads/master", - "rev": "2238aaf36795a140ce099d6dad07d19b8cd1356b", - "revCount": 726, - "type": "git", - "url": "https://git.joshuabell.xyz/ringofstorms/dotfiles" + "path": "../../flakes/common", + "type": "path" }, "original": { - "type": "git", - "url": "https://git.joshuabell.xyz/ringofstorms/dotfiles" - } + "path": "../../flakes/common", + "type": "path" + }, + "parent": [] }, "crane": { "locked": { @@ -102,7 +54,7 @@ "darwin": { "inputs": { "nixpkgs": [ - "common", + "secrets", "ragenix", "agenix", "nixpkgs" @@ -123,25 +75,9 @@ "type": "github" } }, - "flake-compat": { - "flake": false, - "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "flake-utils": { "inputs": { - "systems": "systems_3" + "systems": "systems_2" }, "locked": { "lastModified": 1731533236, @@ -157,29 +93,6 @@ "type": "github" } }, - "gitignore": { - "inputs": { - "nixpkgs": [ - "common", - "hyprland", - "pre-commit-hooks", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1709087332, - "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", - "owner": "hercules-ci", - "repo": "gitignore.nix", - "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "gitignore.nix", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": "nixpkgs" @@ -202,7 +115,7 @@ "home-manager_2": { "inputs": { "nixpkgs": [ - "common", + "secrets", "ragenix", "agenix", "nixpkgs" @@ -222,294 +135,13 @@ "type": "github" } }, - "hyprcursor": { - "inputs": { - "hyprlang": [ - "common", - "hyprland", - "hyprlang" - ], - "nixpkgs": [ - "common", - "hyprland", - "nixpkgs" - ], - "systems": [ - "common", - "hyprland", - "systems" - ] - }, - "locked": { - "lastModified": 1753964049, - "narHash": "sha256-lIqabfBY7z/OANxHoPeIrDJrFyYy9jAM4GQLzZ2feCM=", - "owner": "hyprwm", - "repo": "hyprcursor", - "rev": "44e91d467bdad8dcf8bbd2ac7cf49972540980a5", - "type": "github" - }, - "original": { - "owner": "hyprwm", - "repo": "hyprcursor", - "type": "github" - } - }, - "hyprgraphics": { - "inputs": { - "hyprutils": [ - "common", - "hyprland", - "hyprutils" - ], - "nixpkgs": [ - "common", - "hyprland", - "nixpkgs" - ], - "systems": [ - "common", - "hyprland", - "systems" - ] - }, - "locked": { - "lastModified": 1759490292, - "narHash": "sha256-T6iWzDOXp8Wv0KQOCTHpBcmAOdHJ6zc/l9xaztW6Ivc=", - "owner": "hyprwm", - "repo": "hyprgraphics", - "rev": "9431db625cd9bb66ac55525479dce694101d6d7a", - "type": "github" - }, - "original": { - "owner": "hyprwm", - "repo": "hyprgraphics", - "type": "github" - } - }, - "hyprland": { - "inputs": { - "aquamarine": "aquamarine", - "hyprcursor": "hyprcursor", - "hyprgraphics": "hyprgraphics", - "hyprland-protocols": "hyprland-protocols", - "hyprland-qtutils": "hyprland-qtutils", - "hyprlang": "hyprlang", - "hyprutils": "hyprutils", - "hyprwayland-scanner": "hyprwayland-scanner", - "nixpkgs": "nixpkgs_2", - "pre-commit-hooks": "pre-commit-hooks", - "systems": "systems", - "xdph": "xdph" - }, - "locked": { - "lastModified": 1760813095, - "narHash": "sha256-D0AU+KKB9aGqiwDaS7er2pITjn9AS+XStzigPSoLeOQ=", - "owner": "hyprwm", - "repo": "Hyprland", - "rev": "39d62e1487052da2751ec1e36d243e3e92e24f6a", - "type": "github" - }, - "original": { - "owner": "hyprwm", - "repo": "Hyprland", - "type": "github" - } - }, - "hyprland-protocols": { - "inputs": { - "nixpkgs": [ - "common", - "hyprland", - "nixpkgs" - ], - "systems": [ - "common", - "hyprland", - "systems" - ] - }, - "locked": { - "lastModified": 1749046714, - "narHash": "sha256-kymV5FMnddYGI+UjwIw8ceDjdeg7ToDVjbHCvUlhn14=", - "owner": "hyprwm", - "repo": "hyprland-protocols", - "rev": "613878cb6f459c5e323aaafe1e6f388ac8a36330", - "type": "github" - }, - "original": { - "owner": "hyprwm", - "repo": "hyprland-protocols", - "type": "github" - } - }, - "hyprland-qt-support": { - "inputs": { - "hyprlang": [ - "common", - "hyprland", - "hyprland-qtutils", - "hyprlang" - ], - "nixpkgs": [ - "common", - "hyprland", - "hyprland-qtutils", - "nixpkgs" - ], - "systems": [ - "common", - "hyprland", - "hyprland-qtutils", - "systems" - ] - }, - "locked": { - "lastModified": 1749154592, - "narHash": "sha256-DO7z5CeT/ddSGDEnK9mAXm1qlGL47L3VAHLlLXoCjhE=", - "owner": "hyprwm", - "repo": "hyprland-qt-support", - "rev": "4c8053c3c888138a30c3a6c45c2e45f5484f2074", - "type": "github" - }, - "original": { - "owner": "hyprwm", - "repo": "hyprland-qt-support", - "type": "github" - } - }, - "hyprland-qtutils": { - "inputs": { - "hyprland-qt-support": "hyprland-qt-support", - "hyprlang": [ - "common", - "hyprland", - "hyprlang" - ], - "hyprutils": [ - "common", - "hyprland", - "hyprland-qtutils", - "hyprlang", - "hyprutils" - ], - "nixpkgs": [ - "common", - "hyprland", - "nixpkgs" - ], - "systems": [ - "common", - "hyprland", - "systems" - ] - }, - "locked": { - "lastModified": 1759080228, - "narHash": "sha256-RgDoAja0T1hnF0pTc56xPfLfFOO8Utol2iITwYbUhTk=", - "owner": "hyprwm", - "repo": "hyprland-qtutils", - "rev": "629b15c19fa4082e4ce6be09fdb89e8c3312aed7", - "type": "github" - }, - "original": { - "owner": "hyprwm", - "repo": "hyprland-qtutils", - "type": "github" - } - }, - "hyprlang": { - "inputs": { - "hyprutils": [ - "common", - "hyprland", - "hyprutils" - ], - "nixpkgs": [ - "common", - "hyprland", - "nixpkgs" - ], - "systems": [ - "common", - "hyprland", - "systems" - ] - }, - "locked": { - "lastModified": 1758927902, - "narHash": "sha256-LZgMds7M94+vuMql2bERQ6LiFFdhgsEFezE4Vn+Ys3A=", - "owner": "hyprwm", - "repo": "hyprlang", - "rev": "4dafa28d4f79877d67a7d1a654cddccf8ebf15da", - "type": "github" - }, - "original": { - "owner": "hyprwm", - "repo": "hyprlang", - "type": "github" - } - }, - "hyprutils": { - "inputs": { - "nixpkgs": [ - "common", - "hyprland", - "nixpkgs" - ], - "systems": [ - "common", - "hyprland", - "systems" - ] - }, - "locked": { - "lastModified": 1759619523, - "narHash": "sha256-r1ed7AR2ZEb2U8gy321/Xcp1ho2tzn+gG1te/Wxsj1A=", - "owner": "hyprwm", - "repo": "hyprutils", - "rev": "3df7bde01efb3a3e8e678d1155f2aa3f19e177ef", - "type": "github" - }, - "original": { - "owner": "hyprwm", - "repo": "hyprutils", - "type": "github" - } - }, - "hyprwayland-scanner": { - "inputs": { - "nixpkgs": [ - "common", - "hyprland", - "nixpkgs" - ], - "systems": [ - "common", - "hyprland", - "systems" - ] - }, - "locked": { - "lastModified": 1755184602, - "narHash": "sha256-RCBQN8xuADB0LEgaKbfRqwm6CdyopE1xIEhNc67FAbw=", - "owner": "hyprwm", - "repo": "hyprwayland-scanner", - "rev": "b3b0f1f40ae09d4447c20608e5a4faf8bf3c492d", - "type": "github" - }, - "original": { - "owner": "hyprwm", - "repo": "hyprwayland-scanner", - "type": "github" - } - }, "litellm-nixpkgs": { "locked": { - "lastModified": 1761373498, - "narHash": "sha256-Q/uhWNvd7V7k1H1ZPMy/vkx3F8C13ZcdrKjO7Jv7v0c=", + "lastModified": 1762363567, + "narHash": "sha256-YRqMDEtSMbitIMj+JLpheSz0pwEr0Rmy5mC7myl17xs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "6a08e6bb4e46ff7fcbb53d409b253f6bad8a28ce", + "rev": "ae814fd3904b621d8ab97418f1d0f2eb0d3716f4", "type": "github" }, "original": { @@ -519,34 +151,18 @@ "type": "github" } }, - "nix-flatpak": { - "locked": { - "lastModified": 1739444422, - "narHash": "sha256-iAVVHi7X3kWORftY+LVbRiStRnQEob2TULWyjMS6dWg=", - "owner": "gmodena", - "repo": "nix-flatpak", - "rev": "5e54c3ca05a7c7d968ae1ddeabe01d2a9bc1e177", - "type": "github" - }, - "original": { - "owner": "gmodena", - "ref": "latest", - "repo": "nix-flatpak", - "type": "github" - } - }, "nixarr": { "inputs": { - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_2", "vpnconfinement": "vpnconfinement", "website-builder": "website-builder" }, "locked": { - "lastModified": 1755601892, - "narHash": "sha256-4FECnCcaUVQHnocuuu/KRldPW2yj7hFpd1F7bfWxTxY=", + "lastModified": 1762329494, + "narHash": "sha256-Cww1bU7xX3i6rSLUidM6mAW6srkPN2YH//YWrGt/yFc=", "owner": "rasmus-kirk", "repo": "nixarr", - "rev": "c6cd890fa028ec2a8d735a121cb0a161d265101c", + "rev": "837562b51943aec6459348a4cee1735c38067c80", "type": "github" }, "original": { @@ -573,37 +189,52 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1759381078, - "narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=", - "owner": "NixOS", + "lastModified": 1761016216, + "narHash": "sha256-G/iC4t/9j/52i/nm+0/4ybBmAF4hzR8CNHC75qEhjHo=", + "owner": "nixos", "repo": "nixpkgs", - "rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee", + "rev": "481cf557888e05d3128a76f14c76397b7d7cc869", "type": "github" }, "original": { - "owner": "NixOS", - "ref": "nixos-unstable", + "owner": "nixos", + "ref": "nixos-25.05", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_3": { "locked": { - "lastModified": 1760524057, - "narHash": "sha256-EVAqOteLBFmd7pKkb0+FIUyzTF61VKi7YmvP1tw4nEw=", + "lastModified": 1762498405, + "narHash": "sha256-Zg/SCgCaAioc0/SVZQJxuECGPJy+OAeBcGeA5okdYDc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "544961dfcce86422ba200ed9a0b00dd4b1486ec5", + "rev": "6faeb062ee4cf4f105989d490831713cc5a43ee1", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-unstable", + "ref": "nixos-25.05", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_4": { + "locked": { + "lastModified": 1761619080, + "narHash": "sha256-PsLFmU/CORWeCjJi9ALsegwr/SMjf2gHsooTR09az4c=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "fd644bba1d3a83169e4b312ce20928ba1b0abb02", + "type": "github" + }, + "original": { + "owner": "nixos", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_5": { "locked": { "lastModified": 1741379970, "narHash": "sha256-Wh7esNh7G24qYleLvgOSY/7HlDUzWaL/n4qzlBePpiw=", @@ -619,53 +250,6 @@ "type": "github" } }, - "nixpkgs_5": { - "locked": { - "lastModified": 1748662220, - "narHash": "sha256-7gGa49iB9nCnFk4h/g9zwjlQAyjtpgcFkODjcOQS0Es=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "59138c7667b7970d205d6a05a8bfa2d78caa3643", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_6": { - "locked": { - "lastModified": 1760580664, - "narHash": "sha256-/YdfibIrnqXAL8p5kqCU345mzpHoOtuVIkMiI2pF4Dc=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "98ff3f9af2684f6136c24beef08f5e2033fc5389", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-25.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_7": { - "locked": { - "lastModified": 1759772810, - "narHash": "sha256-8/sO67+Q6yNfFD39W5SXQHDbf/tQUHWFhCdxgRRGVCQ=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "2b78ecc45e163d655c08c9a4cffb4a91c66d0493", - "type": "github" - }, - "original": { - "owner": "nixos", - "repo": "nixpkgs", - "type": "github" - } - }, "nvim_plugin-Almo7aya/openingh.nvim": { "flake": false, "locked": { @@ -685,11 +269,11 @@ "nvim_plugin-CopilotC-Nvim/CopilotChat.nvim": { "flake": false, "locked": { - "lastModified": 1759715887, - "narHash": "sha256-9wXyswKnUenlZyO/aIy0gr1hF0IhuEJ0UOwvqjDSGjA=", + "lastModified": 1761323006, + "narHash": "sha256-6BjkqZCo2DLVxW6BHyElt2cZdG6Dhzao8hPfWYm0sIQ=", "owner": "CopilotC-Nvim", "repo": "CopilotChat.nvim", - "rev": "92f269971c33a6e2f405da8b14f01cd109b9a3a3", + "rev": "a7138a0ee04d8af42c262554eccee168bbf1454f", "type": "github" }, "original": { @@ -717,11 +301,11 @@ "nvim_plugin-L3MON4D3/LuaSnip": { "flake": false, "locked": { - "lastModified": 1759157591, - "narHash": "sha256-sicE0/Vgc03X+Qxqlu5CM7NGd+6FE9RGx6OjZUa6Umw=", + "lastModified": 1761039842, + "narHash": "sha256-ovvtTZgqL6MFvuI3byx+boWm6ErZX06+v6a3VoctREc=", "owner": "L3MON4D3", "repo": "LuaSnip", - "rev": "73813308abc2eaeff2bc0d3f2f79270c491be9d7", + "rev": "ccf25a5452b8697a823de3e5ecda63ed3d723b79", "type": "github" }, "original": { @@ -733,11 +317,11 @@ "nvim_plugin-MeanderingProgrammer/render-markdown.nvim": { "flake": false, "locked": { - "lastModified": 1759424904, - "narHash": "sha256-Smt9v6/XyHUdUiIPyCPQSRvWCeMMhYITSZWd9M7Jlvs=", + "lastModified": 1761343950, + "narHash": "sha256-HycEAgAsU8IxFiYfyp5ZGN+z6wYyCarIESxA9TDuJ3s=", "owner": "MeanderingProgrammer", "repo": "render-markdown.nvim", - "rev": "7e6af36c846017122e07e68803bbf95f3c729ca3", + "rev": "bfd67f1402b97ac619cb538f4bbaed12a7fa89aa", "type": "github" }, "original": { @@ -813,11 +397,11 @@ "nvim_plugin-b0o/schemastore.nvim": { "flake": false, "locked": { - "lastModified": 1759454886, - "narHash": "sha256-T6mWvScsU0IsB3wFre5+TrNIbpQCA0flf7BNrGQIb+M=", + "lastModified": 1761343239, + "narHash": "sha256-obGnux+K0blHROEOAy7Ct18vxiO4Qez8XJB5l23KgMs=", "owner": "b0o", "repo": "schemastore.nvim", - "rev": "8e17e50b519ba360bcfd5dfb5843ccac9be500ba", + "rev": "4341619da06779ae310ee9c3d6d70edfefed7152", "type": "github" }, "original": { @@ -829,11 +413,11 @@ "nvim_plugin-catppuccin/nvim": { "flake": false, "locked": { - "lastModified": 1759668198, - "narHash": "sha256-WmWGygttH78KajAaIvlwRW47G7UGJuPV0YIfEZkse6I=", + "lastModified": 1761396780, + "narHash": "sha256-Nz/XbItShbrnKtj0+gcEDBFO5y00g0EG5CHqdJGK2j0=", "owner": "catppuccin", "repo": "nvim", - "rev": "e79d09fa347b367e0e7f693bfe87dba932a8cbd1", + "rev": "8c4125e3c746976ba025dc5d908fa22c6aa09486", "type": "github" }, "original": { @@ -845,11 +429,11 @@ "nvim_plugin-chrisgrieser/nvim-early-retirement": { "flake": false, "locked": { - "lastModified": 1757363000, - "narHash": "sha256-hfoJDD4ZKIx1IZjmZba117wRe3ELyGqG8ZqxDnRVmIk=", + "lastModified": 1760385962, + "narHash": "sha256-PtpD6Uc4GK4dSJynWH5d6c7XOWXfYODXJ3FyOY1eZNo=", "owner": "chrisgrieser", "repo": "nvim-early-retirement", - "rev": "14aba23ce4168e6d6acbf78ab1d33739c3894f68", + "rev": "9109589b542773c9ad2a34067a085874f255577b", "type": "github" }, "original": { @@ -877,11 +461,11 @@ "nvim_plugin-folke/lazy.nvim": { "flake": false, "locked": { - "lastModified": 1759439283, - "narHash": "sha256-FjQ2rj3BvC8fh60IT0ExrBOmdDLdXFexffef6iKcPFQ=", + "lastModified": 1761488113, + "narHash": "sha256-jBmtFzzdGYe3N3kvWHvR7FGXtA+/t36efxsAqhLmaxU=", "owner": "folke", "repo": "lazy.nvim", - "rev": "59334064f8604ca073791c25dcc5c9698865406e", + "rev": "ed4dc336a73c18da6fea6e1cf7ad6e1b76d281eb", "type": "github" }, "original": { @@ -909,11 +493,11 @@ "nvim_plugin-folke/which-key.nvim": { "flake": false, "locked": { - "lastModified": 1758639622, - "narHash": "sha256-JNkjlv6QpnuaYCAFcBPjV7IavVLzj8QEX/Zi3sbdyrU=", + "lastModified": 1759952076, + "narHash": "sha256-N31+V5L0gd+TUo9nVtNGRmMVmM9fMxOwldCfuLYT4hU=", "owner": "folke", "repo": "which-key.nvim", - "rev": "904308e6885bbb7b60714c80ab3daf0c071c1492", + "rev": "b4177e3eaf15fe5eb8357ebac2286d488be1ed00", "type": "github" }, "original": { @@ -973,11 +557,11 @@ "nvim_plugin-hrsh7th/nvim-cmp": { "flake": false, "locked": { - "lastModified": 1744514599, - "narHash": "sha256-l5z+PT4S9b09d2M+J/tHVd9W9Ss3eQQk5Ykpz2Qjxxw=", + "lastModified": 1760792454, + "narHash": "sha256-wkESSNUViVI5DE+3t4AVTaSLQ/hTB43vrm+PH6uA8H4=", "owner": "hrsh7th", "repo": "nvim-cmp", - "rev": "b5311ab3ed9c846b585c0c15b7559be131ec4be9", + "rev": "a7bcf1d88069fc67c9ace8a62ba480b8fe879025", "type": "github" }, "original": { @@ -989,11 +573,11 @@ "nvim_plugin-j-hui/fidget.nvim": { "flake": false, "locked": { - "lastModified": 1758578970, - "narHash": "sha256-ieY3zaQAydzadpPiW1/IYakVHhp+wyEOpCQntgDOObs=", + "lastModified": 1761243883, + "narHash": "sha256-XXTeJweQRIsC/WFhFxFbepOETV8e5Wfmh513su2Wve0=", "owner": "j-hui", "repo": "fidget.nvim", - "rev": "3f5475949679953af6d78654db29b944fa826e6a", + "rev": "e32b672d8fd343f9d6a76944fedb8c61d7d8111a", "type": "github" }, "original": { @@ -1021,11 +605,11 @@ "nvim_plugin-lewis6991/gitsigns.nvim": { "flake": false, "locked": { - "lastModified": 1759324477, - "narHash": "sha256-GDK9I3SNRyZe59+GsnDC0L2KjGr150dWo4S3DUwhT7U=", + "lastModified": 1760888451, + "narHash": "sha256-eGpB7YYWbyCCGYXEYAM432srSp/lUo5C1b0J3OYjwnY=", "owner": "lewis6991", "repo": "gitsigns.nvim", - "rev": "1ee5c1fd068c81f9dd06483e639c2aa4587dc197", + "rev": "20ad4419564d6e22b189f6738116b38871082332", "type": "github" }, "original": { @@ -1101,11 +685,11 @@ "nvim_plugin-mfussenegger/nvim-lint": { "flake": false, "locked": { - "lastModified": 1758714671, - "narHash": "sha256-POnQfsZAv93+0uCbKFcNgyQxn3u8nNqgnx0uTqCkCq8=", + "lastModified": 1759852544, + "narHash": "sha256-wVEX0lCxeipvwCfdd2JbQwnhgg6UrTXixC8E1OiEblI=", "owner": "mfussenegger", "repo": "nvim-lint", - "rev": "335a6044be16d7701001059cba9baa36fbeef422", + "rev": "9da1fb942dd0668d5182f9c8dee801b9c190e2bb", "type": "github" }, "original": { @@ -1117,11 +701,11 @@ "nvim_plugin-mrcjkb/rustaceanvim": { "flake": false, "locked": { - "lastModified": 1759623626, - "narHash": "sha256-Cz4LDzz7v3kBS1mbxZjprogqHFghYr5xMfSN3us2Ltk=", + "lastModified": 1761585884, + "narHash": "sha256-m/gd+cb7X2a7R6JSbHes0QjGs+zuj4698Qyi/OW0R1g=", "owner": "mrcjkb", "repo": "rustaceanvim", - "rev": "96a4f5efc7705f613ddd47fb5d1445c172acb213", + "rev": "be0d1d14b8504c1c0965b608dc7ed39f2d588c91", "type": "github" }, "original": { @@ -1133,11 +717,11 @@ "nvim_plugin-neovim/nvim-lspconfig": { "flake": false, "locked": { - "lastModified": 1759548517, - "narHash": "sha256-K56vjTUkQ/NdA6vq5942zUknPiCUbMByiEW540dR8R0=", + "lastModified": 1761605346, + "narHash": "sha256-3Aulaw6KMmrcoQQxhRhQhjZ2fg6MSU4Q7qAWtrVsOcA=", "owner": "neovim", "repo": "nvim-lspconfig", - "rev": "e688b486fe9291f151eae7e5c0b5a5c4ef980847", + "rev": "2b52bc2190c8efde2e4de02d829a138666774c7c", "type": "github" }, "original": { @@ -1146,22 +730,6 @@ "type": "github" } }, - "nvim_plugin-nosduco/remote-sshfs.nvim": { - "flake": false, - "locked": { - "lastModified": 1759193354, - "narHash": "sha256-FfUxpRfqrf0r56/gi76N2ZooWnXWO0aRtaQBS7m+SvY=", - "owner": "nosduco", - "repo": "remote-sshfs.nvim", - "rev": "45502b3892774811153aeab5f7f9b0033c82005c", - "type": "github" - }, - "original": { - "owner": "nosduco", - "repo": "remote-sshfs.nvim", - "type": "github" - } - }, "nvim_plugin-numToStr/Comment.nvim": { "flake": false, "locked": { @@ -1197,11 +765,11 @@ "nvim_plugin-nvim-lualine/lualine.nvim": { "flake": false, "locked": { - "lastModified": 1754970649, - "narHash": "sha256-lWt2kpW+hsTMWt8tar/+AISTDrIt4Jn27NmI9j+Xt4s=", + "lastModified": 1760596863, + "narHash": "sha256-hdrAdG3hC2sAevQ6a9xizqPgEgnNKxuc5rBYn0pKM1c=", "owner": "nvim-lualine", "repo": "lualine.nvim", - "rev": "b8c23159c0161f4b89196f74ee3a6d02cdc3a955", + "rev": "3946f0122255bc377d14a59b27b609fb3ab25768", "type": "github" }, "original": { @@ -1277,11 +845,11 @@ "nvim_plugin-nvim-tree/nvim-tree.lua": { "flake": false, "locked": { - "lastModified": 1759222332, - "narHash": "sha256-TmQd8Xx9xw3G9PfPH+DZeSECfiUoO7XKCUSyQ4O0hMk=", + "lastModified": 1760921408, + "narHash": "sha256-QCUp/6qX/FS8LrZ6K+pvC/mHkYW8xfzQZEB2y0VOStQ=", "owner": "nvim-tree", "repo": "nvim-tree.lua", - "rev": "87d096a39cb2d5d43e6771563575ff042a79f48b", + "rev": "64e2192f5250796aa4a7f33c6ad888515af50640", "type": "github" }, "original": { @@ -1293,11 +861,11 @@ "nvim_plugin-nvim-tree/nvim-web-devicons": { "flake": false, "locked": { - "lastModified": 1759188261, - "narHash": "sha256-lVrakFrpIP9lp7sMfMb33KeMPIkcn1qBFVytJzKCfuE=", + "lastModified": 1761440007, + "narHash": "sha256-klBjUtj0AvarN5a6O8Hh2t5BuOTe/m3ps2cHnlxVJvE=", "owner": "nvim-tree", "repo": "nvim-web-devicons", - "rev": "b8221e42cf7287c4dcde81f232f58d7b947c210d", + "rev": "8dcb311b0c92d460fac00eac706abd43d94d68af", "type": "github" }, "original": { @@ -1309,11 +877,11 @@ "nvim_plugin-nvim-treesitter/nvim-treesitter-context": { "flake": false, "locked": { - "lastModified": 1757521884, - "narHash": "sha256-+yj8bstmffVByX3Z/1vkUYdXvpmWGbPt+RDfkBnV11w=", + "lastModified": 1761077440, + "narHash": "sha256-QdZstxKsEILwe7eUZCmMdyLPyvNKc/e7cfdYQowHWPQ=", "owner": "nvim-treesitter", "repo": "nvim-treesitter-context", - "rev": "41847d3dafb5004464708a3db06b14f12bde548a", + "rev": "ec308c7827b5f8cb2dd0ad303a059c945dd21969", "type": "github" }, "original": { @@ -1357,11 +925,11 @@ "nvim_plugin-rmagatti/auto-session": { "flake": false, "locked": { - "lastModified": 1759618137, - "narHash": "sha256-+RYQi685tyV73WNXpgr/Q5p3o21dSUkQmSoif+EPBVM=", + "lastModified": 1761491368, + "narHash": "sha256-F2MtkBCVAObRwniSvFjv5MmYnCaj1YSUf0Nk5MF1F4Y=", "owner": "rmagatti", "repo": "auto-session", - "rev": "0385a9ad378d70608c2e6e4c14b3b126ce30fc51", + "rev": "f0eb3d69848389869572b82b336d7a6887e88e43", "type": "github" }, "original": { @@ -1370,7 +938,7 @@ "type": "github" } }, - "nvim_plugin-ron/ron.vim": { + "nvim_plugin-ron-rs/ron.vim": { "flake": false, "locked": { "lastModified": 1660904719, @@ -1421,11 +989,11 @@ "nvim_plugin-stevearc/conform.nvim": { "flake": false, "locked": { - "lastModified": 1759554032, - "narHash": "sha256-JX+vFs+8n4PS7Xwq68MW2mjlDaLlUx6CxMqhf9ArfXQ=", + "lastModified": 1761160784, + "narHash": "sha256-yUUDxYuIjbFHUscEKpFV6IaraDNOA4hdcGljPHG/+sU=", "owner": "stevearc", "repo": "conform.nvim", - "rev": "9d859cbfbde7a1bd1770e7c97aef30ec5a237a71", + "rev": "9fd3d5e0b689ec1bf400c53cbbec72c6fdf24081", "type": "github" }, "original": { @@ -1533,11 +1101,11 @@ "nvim_plugin-zbirenbaum/copilot.lua": { "flake": false, "locked": { - "lastModified": 1759697885, - "narHash": "sha256-PwqJ7/FCfK4AqFgguZ2Tac5RWhehSEfI1N6ySSuTbZc=", + "lastModified": 1761595323, + "narHash": "sha256-KkiU2xmpfIbpuijvcXDw+LWKWuBgxjwY7jEQIasN5Kw=", "owner": "zbirenbaum", "repo": "copilot.lua", - "rev": "30b98a4c25d6152c14084020f703b6d56e1f1122", + "rev": "93adf9844dcbe09a37e7a72eaa286d33d38bf628", "type": "github" }, "original": { @@ -1548,11 +1116,11 @@ }, "oauth2-proxy-nixpkgs": { "locked": { - "lastModified": 1760524057, - "narHash": "sha256-EVAqOteLBFmd7pKkb0+FIUyzTF61VKi7YmvP1tw4nEw=", + "lastModified": 1762363567, + "narHash": "sha256-YRqMDEtSMbitIMj+JLpheSz0pwEr0Rmy5mC7myl17xs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "544961dfcce86422ba200ed9a0b00dd4b1486ec5", + "rev": "ae814fd3904b621d8ab97418f1d0f2eb0d3716f4", "type": "github" }, "original": { @@ -1564,11 +1132,11 @@ }, "open-webui-nixpkgs": { "locked": { - "lastModified": 1761373498, - "narHash": "sha256-Q/uhWNvd7V7k1H1ZPMy/vkx3F8C13ZcdrKjO7Jv7v0c=", + "lastModified": 1762363567, + "narHash": "sha256-YRqMDEtSMbitIMj+JLpheSz0pwEr0Rmy5mC7myl17xs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "6a08e6bb4e46ff7fcbb53d409b253f6bad8a28ce", + "rev": "ae814fd3904b621d8ab97418f1d0f2eb0d3716f4", "type": "github" }, "original": { @@ -1578,27 +1146,19 @@ "type": "github" } }, - "pre-commit-hooks": { - "inputs": { - "flake-compat": "flake-compat", - "gitignore": "gitignore", - "nixpkgs": [ - "common", - "hyprland", - "nixpkgs" - ] - }, + "pinchflat-nixpkgs": { "locked": { - "lastModified": 1758108966, - "narHash": "sha256-ytw7ROXaWZ7OfwHrQ9xvjpUWeGVm86pwnEd1QhzawIo=", - "owner": "cachix", - "repo": "git-hooks.nix", - "rev": "54df955a695a84cd47d4a43e08e1feaf90b1fd9b", + "lastModified": 1762363567, + "narHash": "sha256-YRqMDEtSMbitIMj+JLpheSz0pwEr0Rmy5mC7myl17xs=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "ae814fd3904b621d8ab97418f1d0f2eb0d3716f4", "type": "github" }, "original": { - "owner": "cachix", - "repo": "git-hooks.nix", + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", "type": "github" } }, @@ -1607,8 +1167,8 @@ "agenix": "agenix", "crane": "crane", "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs_4", - "rust-overlay": "rust-overlay" + "nixpkgs": "nixpkgs_5", + "rust-overlay": "rust-overlay_2" }, "locked": { "lastModified": 1744897914, @@ -1627,18 +1187,21 @@ "root": { "inputs": { "common": "common", + "home-manager": "home-manager", "litellm-nixpkgs": "litellm-nixpkgs", "nixarr": "nixarr", - "nixpkgs": "nixpkgs_6", + "nixpkgs": "nixpkgs_3", "oauth2-proxy-nixpkgs": "oauth2-proxy-nixpkgs", "open-webui-nixpkgs": "open-webui-nixpkgs", + "pinchflat-nixpkgs": "pinchflat-nixpkgs", "ros_neovim": "ros_neovim", + "secrets": "secrets", "trilium-nixpkgs": "trilium-nixpkgs" } }, "ros_neovim": { "inputs": { - "nixpkgs": "nixpkgs_7", + "nixpkgs": "nixpkgs_4", "nvim_plugin-Almo7aya/openingh.nvim": "nvim_plugin-Almo7aya/openingh.nvim", "nvim_plugin-CopilotC-Nvim/CopilotChat.nvim": "nvim_plugin-CopilotC-Nvim/CopilotChat.nvim", "nvim_plugin-JoosepAlviste/nvim-ts-context-commentstring": "nvim_plugin-JoosepAlviste/nvim-ts-context-commentstring", @@ -1669,7 +1232,6 @@ "nvim_plugin-mfussenegger/nvim-lint": "nvim_plugin-mfussenegger/nvim-lint", "nvim_plugin-mrcjkb/rustaceanvim": "nvim_plugin-mrcjkb/rustaceanvim", "nvim_plugin-neovim/nvim-lspconfig": "nvim_plugin-neovim/nvim-lspconfig", - "nvim_plugin-nosduco/remote-sshfs.nvim": "nvim_plugin-nosduco/remote-sshfs.nvim", "nvim_plugin-numToStr/Comment.nvim": "nvim_plugin-numToStr/Comment.nvim", "nvim_plugin-nvim-lua/plenary.nvim": "nvim_plugin-nvim-lua/plenary.nvim", "nvim_plugin-nvim-lualine/lualine.nvim": "nvim_plugin-nvim-lualine/lualine.nvim", @@ -1683,7 +1245,7 @@ "nvim_plugin-rafamadriz/friendly-snippets": "nvim_plugin-rafamadriz/friendly-snippets", "nvim_plugin-rcarriga/nvim-notify": "nvim_plugin-rcarriga/nvim-notify", "nvim_plugin-rmagatti/auto-session": "nvim_plugin-rmagatti/auto-session", - "nvim_plugin-ron/ron.vim": "nvim_plugin-ron/ron.vim", + "nvim_plugin-ron-rs/ron.vim": "nvim_plugin-ron-rs/ron.vim", "nvim_plugin-saadparwaiz1/cmp_luasnip": "nvim_plugin-saadparwaiz1/cmp_luasnip", "nvim_plugin-sindrets/diffview.nvim": "nvim_plugin-sindrets/diffview.nvim", "nvim_plugin-stevearc/conform.nvim": "nvim_plugin-stevearc/conform.nvim", @@ -1694,14 +1256,14 @@ "nvim_plugin-windwp/nvim-ts-autotag": "nvim_plugin-windwp/nvim-ts-autotag", "nvim_plugin-zbirenbaum/copilot-cmp": "nvim_plugin-zbirenbaum/copilot-cmp", "nvim_plugin-zbirenbaum/copilot.lua": "nvim_plugin-zbirenbaum/copilot.lua", - "rust-overlay": "rust-overlay_2" + "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1760630879, - "narHash": "sha256-H1ZHzlSpu2dxnM69OYCB6qJVZfVIbR3hBu3LcVW2eKw=", + "lastModified": 1761712156, + "narHash": "sha256-4vU7FPZFXSFguQUIPrbLQOk3VSokp6RH8t7zQoqneow=", "ref": "refs/heads/master", - "rev": "d1172c40fd221200a1c7f924d0e43b395f3338ad", - "revCount": 310, + "rev": "04f666dabbaced8d661693cfbe4eb7efa359ce7d", + "revCount": 320, "type": "git", "url": "https://git.joshuabell.xyz/ringofstorms/nvim" }, @@ -1713,7 +1275,28 @@ "rust-overlay": { "inputs": { "nixpkgs": [ - "common", + "ros_neovim", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1761619008, + "narHash": "sha256-vp97eNmi5GG/+jlvnBpmG6EVO2F1+nqMQFF9GT2TIQg=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "7bc7d2f706ebe5479d230d2c6806b5dc757ae4cd", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "rust-overlay_2": { + "inputs": { + "nixpkgs": [ + "secrets", "ragenix", "nixpkgs" ] @@ -1732,39 +1315,38 @@ "type": "github" } }, - "rust-overlay_2": { + "secrets": { "inputs": { - "nixpkgs": [ - "ros_neovim", - "nixpkgs" - ] + "ragenix": "ragenix" }, "locked": { - "lastModified": 1759718104, - "narHash": "sha256-TbkLsgdnXHUXR4gOQBmhxkEE9ne+eHmX1chZHWRogy0=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "edea9f33f9a03f615ad3609a40fbcefe0ec835ca", - "type": "github" + "dir": "flakes/secrets", + "lastModified": 1762474273, + "narHash": "sha256-3zV7GnBNLfIegXGKcnT1B/gFa9EAFsOTvNyDTMBhFJ4=", + "ref": "refs/heads/master", + "rev": "82a3c325cff4642aab57489f7e4cd53d4b0a5179", + "revCount": 760, + "type": "git", + "url": "https://git.joshuabell.xyz/ringofstorms/dotfiles" }, "original": { - "owner": "oxalica", - "repo": "rust-overlay", - "type": "github" + "dir": "flakes/secrets", + "type": "git", + "url": "https://git.joshuabell.xyz/ringofstorms/dotfiles" } }, "systems": { "locked": { - "lastModified": 1689347949, - "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", "owner": "nix-systems", - "repo": "default-linux", - "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", "type": "github" }, "original": { "owner": "nix-systems", - "repo": "default-linux", + "repo": "default", "type": "github" } }, @@ -1783,28 +1365,13 @@ "type": "github" } }, - "systems_3": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "trilium-nixpkgs": { "locked": { - "lastModified": 1760524057, - "narHash": "sha256-EVAqOteLBFmd7pKkb0+FIUyzTF61VKi7YmvP1tw4nEw=", + "lastModified": 1762363567, + "narHash": "sha256-YRqMDEtSMbitIMj+JLpheSz0pwEr0Rmy5mC7myl17xs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "544961dfcce86422ba200ed9a0b00dd4b1486ec5", + "rev": "ae814fd3904b621d8ab97418f1d0f2eb0d3716f4", "type": "github" }, "original": { @@ -1816,11 +1383,11 @@ }, "vpnconfinement": { "locked": { - "lastModified": 1743810720, - "narHash": "sha256-kbv/W4gizUSa6qH2rUQdgPj9AJaeN9k2XSWUYqj7IMU=", + "lastModified": 1759956062, + "narHash": "sha256-NUZu0Rb0fwUjfdp51zMm0xM3lcK8Kw4c97LLog7+JjA=", "owner": "Maroka-chan", "repo": "VPN-Confinement", - "rev": "74ae51e6d18b972ecc918ab43e8bde60c21a65d8", + "rev": "fabe7247b720b5eb4c3c053e24a2b3b70e64c52b", "type": "github" }, "original": { @@ -1837,11 +1404,11 @@ ] }, "locked": { - "lastModified": 1750317638, - "narHash": "sha256-B4RWcXXOLO6gMeYyV+K4olu+kGGsYamKH+JAm0cIXqI=", + "lastModified": 1753958235, + "narHash": "sha256-Rd27XQJKv8Z4BCr3gdbaHFd0TmumiGxdjGRzsEf/mOg=", "owner": "rasmus-kirk", "repo": "website-builder", - "rev": "b54192000a00e865947f45bacf3184d56363ee38", + "rev": "00a14b7ae7baef2197978ba7c3fe72dfca7bc475", "type": "github" }, "original": { @@ -1849,53 +1416,6 @@ "repo": "website-builder", "type": "github" } - }, - "xdph": { - "inputs": { - "hyprland-protocols": [ - "common", - "hyprland", - "hyprland-protocols" - ], - "hyprlang": [ - "common", - "hyprland", - "hyprlang" - ], - "hyprutils": [ - "common", - "hyprland", - "hyprutils" - ], - "hyprwayland-scanner": [ - "common", - "hyprland", - "hyprwayland-scanner" - ], - "nixpkgs": [ - "common", - "hyprland", - "nixpkgs" - ], - "systems": [ - "common", - "hyprland", - "systems" - ] - }, - "locked": { - "lastModified": 1755354946, - "narHash": "sha256-zdov5f/GcoLQc9qYIS1dUTqtJMeDqmBmo59PAxze6e4=", - "owner": "hyprwm", - "repo": "xdg-desktop-portal-hyprland", - "rev": "a10726d6a8d0ef1a0c645378f983b6278c42eaa0", - "type": "github" - }, - "original": { - "owner": "hyprwm", - "repo": "xdg-desktop-portal-hyprland", - "type": "github" - } } }, "root": "root", diff --git a/hosts/h001/flake.nix b/hosts/h001/flake.nix index 05e7a48..805a748 100644 --- a/hosts/h001/flake.nix +++ b/hosts/h001/flake.nix @@ -1,15 +1,20 @@ { inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05"; + home-manager.url = "github:rycee/home-manager/release-25.05"; + # nixpkgs-unstable.url = "github:wrvsrx/nixpkgs/fix-open-webui"; open-webui-nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; litellm-nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; trilium-nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; oauth2-proxy-nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + pinchflat-nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; - # Use relative to get current version for testing - # common.url = "path:../../common"; - common.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles"; + # Use relative to get current version for testin + common.url = "path:../../flakes/common"; + # common.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles?dir=flakes/common"; + # secrets.url = "path:../../flakes/secrets"; + secrets.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles?dir=flakes/secrets"; ros_neovim.url = "git+https://git.joshuabell.xyz/ringofstorms/nvim"; @@ -19,93 +24,110 @@ outputs = { nixpkgs, + home-manager, common, + secrets, ros_neovim, nixarr, ... }@inputs: let configuration_name = "h001"; + system = "x86_64-linux"; + stateVersion = "24.11"; + primaryUser = "luser"; lib = nixpkgs.lib; in { nixosConfigurations = { "${configuration_name}" = ( lib.nixosSystem { + inherit system; specialArgs = { inherit inputs; }; modules = [ - common.nixosModules.default + home-manager.nixosModules.default + + secrets.nixosModules.default ros_neovim.nixosModules.default + + common.nixosModules.essentials + common.nixosModules.git + common.nixosModules.boot_systemd + common.nixosModules.hardening + common.nixosModules.nix_options + common.nixosModules.podman + common.nixosModules.tailnet + common.nixosModules.timezone_auto + common.nixosModules.tty_caps_esc + common.nixosModules.zsh + nixarr.nixosModules.default - ./configuration.nix ./hardware-configuration.nix ./mods ./nginx.nix ./containers ( { config, pkgs, ... }: - { + rec { + # Home Manager + home-manager = { + useUserPackages = true; + useGlobalPkgs = true; + backupFileExtension = "bak"; + # add all normal users to home manager so it applies to them + users = lib.mapAttrs (name: user: { + home.stateVersion = stateVersion; + programs.home-manager.enable = true; + }) (lib.filterAttrs (name: user: user.isNormalUser or false) users.users); + + sharedModules = [ + common.homeManagerModules.tmux + common.homeManagerModules.atuin + common.homeManagerModules.direnv + common.homeManagerModules.git + common.homeManagerModules.postgres_cli_options + common.homeManagerModules.ssh + common.homeManagerModules.starship + common.homeManagerModules.zoxide + common.homeManagerModules.zsh + ]; + }; + + # System configuration + system.stateVersion = stateVersion; + networking.hostName = configuration_name; + programs.nh.flake = "/home/${primaryUser}/.config/nixos-config/hosts/${configuration_name}"; + nixpkgs.config.allowUnfree = true; + users.users = { + "${primaryUser}" = { + isNormalUser = true; + initialPassword = "password1"; + shell = pkgs.zsh; + extraGroups = [ + "wheel" + "networkmanager" + "video" + "input" + ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILZigrRMF/HHMhjBIwiOnS2pqbOz8Az19tch680BGvmu nix2h001" + ]; + }; + root = { + shell = pkgs.zsh; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILZigrRMF/HHMhjBIwiOnS2pqbOz8Az19tch680BGvmu nix2h001" + ]; + }; + }; + environment.systemPackages = with pkgs; [ lua sqlite + ttyd ]; - - ringofstorms_common = { - systemName = configuration_name; - boot.systemd.enable = true; - secrets.enable = true; - general = { - reporting.enable = true; - }; - programs = { - tailnet.enable = true; - ssh.enable = true; - podman.enable = true; - }; - users = { - admins = [ "luser" ]; # First admin is also the primary user owning nix config - users = { - root = { - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILZigrRMF/HHMhjBIwiOnS2pqbOz8Az19tch680BGvmu nix2h001" - ]; - shell = pkgs.zsh; - }; - luser = { - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILZigrRMF/HHMhjBIwiOnS2pqbOz8Az19tch680BGvmu nix2h001" - ]; - extraGroups = [ - "networkmanager" - "video" - "input" - ]; - shell = pkgs.zsh; - }; - }; - }; - homeManager = { - users = { - luser = { - imports = with common.homeManagerModules; [ - kitty - tmux - atuin - direnv - git - nix_deprecations - postgres - ssh - starship - zoxide - zsh - ]; - }; - }; - }; - }; } ) ]; diff --git a/hosts/h001/mods/pinchflat.nix b/hosts/h001/mods/pinchflat.nix index 8690b69..abd3183 100644 --- a/hosts/h001/mods/pinchflat.nix +++ b/hosts/h001/mods/pinchflat.nix @@ -1,10 +1,22 @@ { lib, + inputs, ... }: +let + declaration = "services/misc/pinchflat.nix"; + nixpkgs = inputs.pinchflat-nixpkgs; + pkgs = import nixpkgs { + system = "x86_64-linux"; + config.allowUnfree = true; + }; +in { + disabledModules = [ declaration ]; + imports = [ "${nixpkgs}/nixos/modules/${declaration}" ]; config = { services.pinchflat = { + package = pkgs.pinchflat; enable = true; port = 8945; selfhosted = true; diff --git a/hosts/h001/readme.md b/hosts/h001/readme.md deleted file mode 100644 index 0758f91..0000000 --- a/hosts/h001/readme.md +++ /dev/null @@ -1 +0,0 @@ -Main media server and run things server, has a bunch of stuff on it I am self hosting From ca60f182e36d9d28d342391e7e3931db6b082842 Mon Sep 17 00:00:00 2001 From: "RingOfStorms (Joshua Bell)" Date: Sat, 8 Nov 2025 23:42:10 +0000 Subject: [PATCH 09/10] pin version to common --- hosts/h001/flake.lock | 18 ++++++++++++------ hosts/h001/flake.nix | 4 ++-- 2 files changed, 14 insertions(+), 8 deletions(-) diff --git a/hosts/h001/flake.lock b/hosts/h001/flake.lock index a1a3bf2..b9c744e 100644 --- a/hosts/h001/flake.lock +++ b/hosts/h001/flake.lock @@ -27,14 +27,20 @@ }, "common": { "locked": { - "path": "../../flakes/common", - "type": "path" + "dir": "flakes/common", + "lastModified": 1762474273, + "narHash": "sha256-3zV7GnBNLfIegXGKcnT1B/gFa9EAFsOTvNyDTMBhFJ4=", + "ref": "refs/heads/master", + "rev": "82a3c325cff4642aab57489f7e4cd53d4b0a5179", + "revCount": 760, + "type": "git", + "url": "https://git.joshuabell.xyz/ringofstorms/dotfiles" }, "original": { - "path": "../../flakes/common", - "type": "path" - }, - "parent": [] + "dir": "flakes/common", + "type": "git", + "url": "https://git.joshuabell.xyz/ringofstorms/dotfiles" + } }, "crane": { "locked": { diff --git a/hosts/h001/flake.nix b/hosts/h001/flake.nix index 805a748..5774c07 100644 --- a/hosts/h001/flake.nix +++ b/hosts/h001/flake.nix @@ -11,8 +11,8 @@ pinchflat-nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; # Use relative to get current version for testin - common.url = "path:../../flakes/common"; - # common.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles?dir=flakes/common"; + # common.url = "path:../../flakes/common"; + common.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles?dir=flakes/common"; # secrets.url = "path:../../flakes/secrets"; secrets.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles?dir=flakes/secrets"; From c0ed047bae0863c40185a95b19e895359813436f Mon Sep 17 00:00:00 2001 From: "RingOfStorms (Joshua Bell)" Date: Sun, 9 Nov 2025 23:53:48 -0600 Subject: [PATCH 10/10] update h003 to latest module based mode --- hosts/h001/flake.nix | 2 +- hosts/h003/flake.nix | 145 +++++++++++++++++++++++++------------------ 2 files changed, 85 insertions(+), 62 deletions(-) diff --git a/hosts/h001/flake.nix b/hosts/h001/flake.nix index 5774c07..1ae4bc2 100644 --- a/hosts/h001/flake.nix +++ b/hosts/h001/flake.nix @@ -10,7 +10,7 @@ oauth2-proxy-nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; pinchflat-nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; - # Use relative to get current version for testin + # Use relative to get current version for testing # common.url = "path:../../flakes/common"; common.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles?dir=flakes/common"; # secrets.url = "path:../../flakes/secrets"; diff --git a/hosts/h003/flake.nix b/hosts/h003/flake.nix index 1d93336..f9232d8 100644 --- a/hosts/h003/flake.nix +++ b/hosts/h003/flake.nix @@ -1,10 +1,13 @@ { inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05"; + home-manager.url = "github:rycee/home-manager/release-25.05"; # Use relative to get current version for testing - # common.url = "path:../../common"; - common.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles"; + # common.url = "path:../../flakes/common"; + common.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles?dir=flakes/common"; + # secrets.url = "path:../../flakes/secrets"; + secrets.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles?dir=flakes/secrets"; ros_neovim.url = "git+https://git.joshuabell.xyz/ringofstorms/nvim"; }; @@ -12,89 +15,109 @@ outputs = { nixpkgs, + home-manager, common, + secrets, ros_neovim, ... - }: + }@inputs: let configuration_name = "h003"; + system = "x86_64-linux"; + stateVersion = "24.11"; + primaryUser = "luser"; lib = nixpkgs.lib; in { nixosConfigurations = { "${configuration_name}" = ( lib.nixosSystem { + inherit system; + specialArgs = { + inherit inputs; + }; modules = [ - common.nixosModules.default + home-manager.nixosModules.default + + secrets.nixosModules.default ros_neovim.nixosModules.default + + common.nixosModules.essentials + common.nixosModules.git + common.nixosModules.boot_systemd + common.nixosModules.hardening + common.nixosModules.nix_options + common.nixosModules.podman + common.nixosModules.tailnet + common.nixosModules.timezone_auto + common.nixosModules.tty_caps_esc + common.nixosModules.zsh + ./configuration.nix ./hardware-configuration.nix ./mods ( { config, pkgs, ... }: - { + rec { + # Home Manager + home-manager = { + useUserPackages = true; + useGlobalPkgs = true; + backupFileExtension = "bak"; + # add all normal users to home manager so it applies to them + users = lib.mapAttrs (name: user: { + home.stateVersion = stateVersion; + programs.home-manager.enable = true; + }) (lib.filterAttrs (name: user: user.isNormalUser or false) users.users); + + sharedModules = [ + common.homeManagerModules.tmux + common.homeManagerModules.atuin + common.homeManagerModules.direnv + common.homeManagerModules.git + common.homeManagerModules.postgres_cli_options + common.homeManagerModules.ssh + common.homeManagerModules.starship + common.homeManagerModules.zoxide + common.homeManagerModules.zsh + ]; + }; + + # System configuration + system.stateVersion = stateVersion; + networking.hostName = configuration_name; + programs.nh.flake = "/home/${primaryUser}/.config/nixos-config/hosts/${configuration_name}"; + nixpkgs.config.allowUnfree = true; + users.users = { + "${primaryUser}" = { + isNormalUser = true; + initialPassword = "password1"; + shell = pkgs.zsh; + extraGroups = [ + "wheel" + "networkmanager" + "video" + "input" + ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA3riAQ8RP5JXj2eO87JpjbM/9SrfFHcN5pEJwQpRcOl nix2h003" + ]; + }; + root = { + shell = pkgs.zsh; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA3riAQ8RP5JXj2eO87JpjbM/9SrfFHcN5pEJwQpRcOl nix2h003" + ]; + }; + }; + environment.systemPackages = with pkgs; [ lua sqlite - # networking tools + ttyd tcpdump dig ]; - - ringofstorms_common = { - systemName = configuration_name; - boot.systemd.enable = true; - secrets.enable = true; - general = { - reporting.enable = true; - }; - programs = { - tailnet.enable = true; - ssh.enable = true; - podman.enable = true; - }; - users = { - admins = [ "luser" ]; # First admin is also the primary user owning nix config - users = { - root = { - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA3riAQ8RP5JXj2eO87JpjbM/9SrfFHcN5pEJwQpRcOl nix2h003" - ]; - shell = pkgs.zsh; - }; - luser = { - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA3riAQ8RP5JXj2eO87JpjbM/9SrfFHcN5pEJwQpRcOl nix2h003" - ]; - extraGroups = [ - "networkmanager" - "video" - "input" - ]; - shell = pkgs.zsh; - }; - }; - }; - homeManager = { - users = { - luser = { - imports = with common.homeManagerModules; [ - kitty - tmux - atuin - direnv - git - nix_deprecations - postgres - ssh - starship - zoxide - zsh - ]; - }; - }; - }; - }; } ) ];