ringofstorms/dotfiles
ringofstorms/dotfiles
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

remove opencode, it is a nightmare to keep updated, using nix-ld instead

Browse source
This commit is contained in:
RingOfStorms (Joshua Bell) 2025-08-18 17:38:46 -05:00
parent 1ebdb42d62
commit 066e915e43
14 changed files with 82 additions and 180 deletions
Download patch file Download diff file Expand all files Collapse all files

1
common/_containers/forgejo.nix
View file

@ -7,6 +7,7 @@ let
name = "forgejo";
hostDataDir = "/var/lib/${name}";
hostAddress = "10.0.0.1";
containerAddress = "10.0.0.2";
hostAddress6 = "fc00::1";

3
common/_containers/librechat.nix
View file

@ -65,8 +65,6 @@ in
MEILI_MASTER_KEY = "ringofstormsLibreChat";
RAG_PORT = toString cfg.ragPort;
RAG_API_URL = "http://librechat_rag_api:${toString cfg.ragPort}";
# DEBUG_CONSOLE = "true";
# DEBUG_LOGGING = "true";
};
environmentFiles = [ "${cfg.dataDir}/.env" ];
volumes = [
@ -129,7 +127,6 @@ in
environment = {
DB_HOST = "librechat_vectordb";
RAG_PORT = toString cfg.ragPort;
OPENAI_API_KEY = "not_using_openai";
};
dependsOn = [ "librechat_vectordb" ];
environmentFiles = [ "${cfg.dataDir}/.env" ];

0
common/_services/forejo.nix Normal file
View file

0
common/_services/librechat.nix Normal file
View file

35
common/flake.lock generated
View file

@ -153,22 +153,6 @@
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1753694789,
"narHash": "sha256-cKgvtz6fKuK1Xr5LQW/zOUiAC0oSQoA9nOISB0pJZqM=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "dc9637876d0dcc8c9e5e22986b857632effeb727",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1741379970,
@ -185,23 +169,6 @@
"type": "github"
}
},
"opencode": {
"flake": false,
"locked": {
"lastModified": 1754526276,
"narHash": "sha256-OkkjbytvvUBOcSCjf3zd8NWLaM+I1tUR9IxcRZrdVeM=",
"owner": "sst",
"repo": "opencode",
"rev": "1a561bb5120b1b87a4c477f7cb6c3a0a4ce79114",
"type": "github"
},
"original": {
"owner": "sst",
"ref": "v0.3.133",
"repo": "opencode",
"type": "github"
}
},
"ragenix": {
"inputs": {
"agenix": "agenix",
@ -228,8 +195,6 @@
"inputs": {
"home-manager": "home-manager",
"nix-flatpak": "nix-flatpak",
"nixpkgs-unstable": "nixpkgs-unstable",
"opencode": "opencode",
"ragenix": "ragenix"
}
},

28
common/flake.nix
View file

@ -4,11 +4,6 @@
home-manager.url = "github:rycee/home-manager/release-25.05";
ragenix.url = "github:yaxitech/ragenix";
nix-flatpak.url = "github:gmodena/nix-flatpak/?ref=latest";
# tmp
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
opencode.url = "github:sst/opencode/v0.4.12";
opencode.flake = false;
};
outputs =
@ -16,8 +11,6 @@
home-manager,
ragenix,
nix-flatpak,
opencode,
nixpkgs-unstable,
...
}:
{
@ -30,27 +23,6 @@
}:
{
imports = [
(
{ ... }:
{
nixpkgs.overlays = [
(final: prev: {
opencode = nixpkgs-unstable.legacyPackages.${prev.system}.opencode.overrideAttrs (old: rec {
version = "0.4.12";
src = opencode;
node_modules = old.node_modules.overrideAttrs (nmOld: {
outputHash = "sha256-LmNn4DdnSLVmGS5yqLyk/0e5pCiKfBzKIGRvvwZ6jHY=";
});
tui = old.tui.overrideAttrs (tuiOld: {
src = src;
modRoot = "packages/tui";
vendorHash = "sha256-jINbGug/SPGBjsXNsC9X2r5TwvrOl5PJDL+lrOQP69Q=";
});
});
})
];
}
)
home-manager.nixosModules.home-manager
ragenix.nixosModules.age
nix-flatpak.nixosModules.nix-flatpak

1
common/programs/default.nix
View file

@ -14,7 +14,6 @@ in
./podman.nix
./incus.nix
./flatpaks.nix
./opencode.nix
./virt-manager.nix
];
config = {

34
common/programs/opencode.nix
View file

@ -1,34 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
ccfg = import ../config.nix;
cfg_path = [
ccfg.custom_config_key
"programs"
"opencode"
];
cfg = lib.attrsets.getAttrFromPath cfg_path config;
in
{
options =
{ }
// lib.attrsets.setAttrByPath cfg_path {
enable = lib.mkEnableOption "opencode";
};
config = lib.mkIf cfg.enable ({
environment.systemPackages = with pkgs; [
opencode
];
environment.shellAliases = {
"oc" = "all_proxy='' http_proxy='' https_proxy='' opencode";
};
});
}

39
common/secrets/secrets/secrets.nix
View file

@ -7,23 +7,46 @@
# `nix run github:yaxitech/ragenix -- -i ~/.ssh/ragenix_authority --rules ~/.config/nixos-config/common/secrets/secrets.nix` <-r(eykey)|-e(edit) <File>>
let
publicKeys = [
authorityKey = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBdG4tG18VeuEr/g4GM7HWUzHuUVcR9k6oS3TPBs4JRF ragenix authority key"
];
gpdPocket3 = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFzAQ2Dzl8EvQtYLjEZS5K0bQeNop8QRkwrfxMkBagW2 root@gpdPocket3"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIr/aS0qyn5hCLR6wH1P2GhH3hGOqniewMkIseGZ23HB josh@gpdPocket3"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG4PwrrOuZJWRjlc2dKBUKKE4ybqifJeVOn7x9J5IxIS josh@joe"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP+GYfPPKxR/18RdD736G7IQhImX/CYU3A+Gifud3CHg root@joe"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB9GW9W3DT9AqTonG5rDta3ziZdYOEEdukh2ErJfHxoP root@h002"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC60tzOVF0mcyfnYK2V/omzikuyE8Ol0K+yAjGxBV7q4 luser@h002"
];
lio = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFGp6oInUcGVnDl5axV1EHflMfZUiHxtqNa4eAuye/av root@lio"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKxNhtJNx/y4W54kAGmm2pF80l437z1RLWl/GTVKy0Pd josh@lio"
];
joe = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG4PwrrOuZJWRjlc2dKBUKKE4ybqifJeVOn7x9J5IxIS josh@joe"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP+GYfPPKxR/18RdD736G7IQhImX/CYU3A+Gifud3CHg root@joe"
];
oren = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK7bNX7R9ApoX/cHdXIhQdpA2sHrC9ii6VAulboAIJM2 root@oren"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICauUtSa71+oQAiLxp3GMMbmNXcbr9Mc7eK8b/lqZbbS josh@oren"
];
h001 = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGTAz6n35c3r8kSuWJM1JzMVx6jK+0EBwpJA5eTIvy3N root@h001"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICRHer3NrJiklp4oDNRCzDxc9fXpXn5rPAXGFce8ugy2 luser@h001"
];
h002 = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB9GW9W3DT9AqTonG5rDta3ziZdYOEEdukh2ErJfHxoP root@h002"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC60tzOVF0mcyfnYK2V/omzikuyE8Ol0K+yAjGxBV7q4 luser@h002"
];
h003 = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHsV5r9sWYgrr9t9p12Epzm6WtxN/XsKSCb46+ODQvVT root@h003"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILQLt2Hc+CN6+e7/sf3Fv0FQlp6+yrIbIJ/J9AdnJCjI luser@h003"
];
publicKeys = authorityKey ++ gpdPocket3 ++ lio ++ joe ++ oren ++ h001 ++ h002 ++ h003;
in
{
## To make a new secret:
@ -71,11 +94,9 @@ in
"nix2l002.age" = {
inherit publicKeys;
};
# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJuo6L6V52AzdQIK6fWW9s0aX1yKUUTXbPd8v8IU9p2o nix2linode
"nix2linode.age" = {
inherit publicKeys;
};
# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG90Gg6dV3yhZ5+X40vICbeBwV9rfD39/8l9QSqluTw8 nix2oracle
"nix2oracle.age" = {
inherit publicKeys;
};
@ -98,4 +119,8 @@ in
"us_chi_wg.age" = {
inherit publicKeys;
};
"zitadel_master_key.age" = {
# h001 only
publicKeys = authorityKey ++ h001;
};
}

15
common/secrets/secrets/zitadel_master_key.age Normal file
View file

@ -0,0 +1,15 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USAyWGFw
bUJNQkwvcjRKUWU5WWozTWZHb21IdDNlT0VwK21LQ2FZNEJWWWxJCjBBUDV4MkRt
Y3F5TWVMN0xLMjBibkJMcmUwdEwxM2pONUlLSU1EOXV5dXMKLT4gc3NoLWVkMjU1
MTkgcGVGQlFnIGJPcEx2TnFZZjVicDlYaVdwRmJHSnIvZlpRNkx5RG8zVmZTaTFq
bmkwM1kKK0o3ZVViNnBjS2NZbFV4TERBczJNQWxtWU1IYTNoL1EzQlNxWHhFNDZL
TQotPiBzc2gtZWQyNTUxOSA5di8ySEEgZm5nYXdJMElxVTE4TnVnY0xSVFVtMXFs
NTNobnI1MjdMNDhWRmpkL1BnSQpXRHcwSVVCajFhQlp4N2J5VGhKc3E2eHpYZmd6
TlU2MXdtdmNrSUJpZjFFCi0+IG5wImA0LWdyZWFzZQpuSHRTckxXVTd4eTFETWE4
MEQ0QXNaTzhSTmFOdjI5Vyt1bDVRU1k5dExiUVk3bEdCeGN2UFV4Y3RTR1MvalNn
CkhHWFF4TGtPcktieDZnQTRkdk9ndnllU05zSVlMOWh0R1ZncUlWNy9WZURiCi0t
LSAxdW84VUg5d21jT2hrNEJ0NlBES1NRRjU4b05JQW80dk9IL29LZGlST0FjCnt8
t+yvFWU0LlFGAWmLc9i4XFUpexZf8rC2bfw3FkNPuCzAyvbowhBJnGkqK+2C+mtL
za43EsGaLvA5s8ObhLw=
-----END AGE ENCRYPTED FILE-----

4
flake.nix
View file

@ -7,10 +7,6 @@
home-manager.url = "github:rycee/home-manager/release-25.05";
ragenix.url = "github:yaxitech/ragenix";
nix-flatpak.url = "github:gmodena/nix-flatpak/?ref=latest";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
opencode.url = "github:sst/opencode/v0.4.12";
opencode.flake = false;
# ======
};

78
hosts/lio/flake.lock generated
View file

@ -29,24 +29,17 @@
"inputs": {
"home-manager": "home-manager",
"nix-flatpak": "nix-flatpak",
"nixpkgs": "nixpkgs_2",
"nixpkgs-unstable": "nixpkgs-unstable",
"opencode": "opencode",
"ragenix": "ragenix"
},
"locked": {
"lastModified": 1755097136,
"narHash": "sha256-26LJsGUnccrlWNAm+2ttCapbCLY8dx4+gyqFPmuHM0c=",
"ref": "refs/heads/master",
"rev": "1f619f0b73766710597fc888fbb725affd46424a",
"revCount": 593,
"type": "git",
"url": "https://git.joshuabell.xyz/ringofstorms/dotfiles"
"path": "../../common",
"type": "path"
},
"original": {
"type": "git",
"url": "https://git.joshuabell.xyz/ringofstorms/dotfiles"
}
"path": "../../common",
"type": "path"
},
"parent": []
},
"crane": {
"locked": {
@ -179,39 +172,7 @@
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1753694789,
"narHash": "sha256-cKgvtz6fKuK1Xr5LQW/zOUiAC0oSQoA9nOISB0pJZqM=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "dc9637876d0dcc8c9e5e22986b857632effeb727",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1753694789,
"narHash": "sha256-cKgvtz6fKuK1Xr5LQW/zOUiAC0oSQoA9nOISB0pJZqM=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "dc9637876d0dcc8c9e5e22986b857632effeb727",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1741379970,
"narHash": "sha256-Wh7esNh7G24qYleLvgOSY/7HlDUzWaL/n4qzlBePpiw=",
@ -227,7 +188,7 @@
"type": "github"
}
},
"nixpkgs_4": {
"nixpkgs_3": {
"locked": {
"lastModified": 1754937576,
"narHash": "sha256-3sWA5WJybUE16kIMZ3+uxcxKZY/JRR4DFBqLdSLBo7w=",
@ -243,7 +204,7 @@
"type": "github"
}
},
"nixpkgs_5": {
"nixpkgs_4": {
"locked": {
"lastModified": 1753848940,
"narHash": "sha256-jH7fqN4HzsIlj2c/SAuVWmgUIjBwDdEKVnL97xlECHY=",
@ -1138,29 +1099,12 @@
"type": "github"
}
},
"opencode": {
"flake": false,
"locked": {
"lastModified": 1754890102,
"narHash": "sha256-3o8bHU5vSG+MxbvjLzlqeagnW9hnekl0hlj3EiNFaaQ=",
"owner": "sst",
"repo": "opencode",
"rev": "4580c88c0b38519e8187d2df1035e9538b51ec2a",
"type": "github"
},
"original": {
"owner": "sst",
"ref": "v0.4.12",
"repo": "opencode",
"type": "github"
}
},
"ragenix": {
"inputs": {
"agenix": "agenix",
"crane": "crane",
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs_3",
"nixpkgs": "nixpkgs_2",
"rust-overlay": "rust-overlay"
},
"locked": {
@ -1180,13 +1124,13 @@
"root": {
"inputs": {
"common": "common",
"nixpkgs": "nixpkgs_4",
"nixpkgs": "nixpkgs_3",
"ros_neovim": "ros_neovim"
}
},
"ros_neovim": {
"inputs": {
"nixpkgs": "nixpkgs_5",
"nixpkgs": "nixpkgs_4",
"nvim_plugin-Almo7aya/openingh.nvim": "nvim_plugin-Almo7aya/openingh.nvim",
"nvim_plugin-CopilotC-Nvim/CopilotChat.nvim": "nvim_plugin-CopilotC-Nvim/CopilotChat.nvim",
"nvim_plugin-JoosepAlviste/nvim-ts-context-commentstring": "nvim_plugin-JoosepAlviste/nvim-ts-context-commentstring",

17
hosts/lio/flake.nix
View file

@ -42,6 +42,16 @@
{
programs = {
steam.enable = true;
nix-ld = {
enable = true;
libraries = with pkgs; [
icu
gmp
glibc
openssl
stdenv.cc.cc
];
};
};
environment.systemPackages = with pkgs; [
@ -50,8 +60,14 @@
steam
ffmpeg-full
appimage-run
nodejs_24
];
environment.shellAliases = {
"oc" =
"all_proxy='' http_proxy='' https_proxy='' /home/josh/other/opencode/node_modules/opencode-linux-x64/bin/opencode";
};
# Also allow this key to work for root user, this will let us use this as a remote builder easier
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJN2nsLmAlF6zj5dEBkNSJaqcCya+aB6I0imY8Q5Ew0S nix2lio"
@ -76,7 +92,6 @@
tailnet.enableExitNode = true;
ssh.enable = true;
docker.enable = true;
opencode.enable = true;
virt-manager.enable = true;
flatpaks = {
enable = true;

7
hosts/oracle/o001/nginx.nix
View file

@ -133,6 +133,13 @@
proxyPass = "http://100.64.0.13";
};
};
"sso.joshuabell.xyz" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://100.64.0.13";
};
};
"obsidiansync.joshuabell.xyz" = {
enableACME = true;
forceSSL = true;