hektor/nix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: hektor:ea88fff4a4112fc42680954c74f1e0aa319b5a9f
Branches Tags
hektor:main
..
compare: hektor:49de518ad1589c9f93c4f7a52cec0e585ac47377
Branches Tags
hektor:main

5 Commits
ea88fff4a4 ... 49de518ad1

Author SHA1 Message Date
hektor
49de518ad1 chore: update lockfile 
Flake lock file updates:

• Updated input 'nvim':
    'path:./dots/.config/nvim'
  → 'path:./dots/.config/nvim'
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/1e89149dcfc229e7e2ae24a8030f124a31e4f24f?narHash=sha256-twBMKGQvaztZQxFxbZnkg7y/50BW9yjtCBWwdjtOZew%3D' (2026-02-01)
  → 'github:Mic92/sops-nix/f990b0a334e96d3ef9ca09d4bd92778b42fd84f9?narHash=sha256-NUVGVtYBTC96WhPh4Y3SVM7vf0o1z5W4uqRBn9v1pfo%3D' (2026-02-03)
 2026-02-03 23:02:45 +01:00
hektor
6c9312f509 feat: mute 'astyanax' speakers when disconnecting AC 2026-02-03 23:02:41 +01:00
hektor
3359426c48 fix: integrate keepassxc browser on all firefox-based browsers 2026-02-03 23:02:41 +01:00
hektor
0f0f038f5a feat: set up restic backups for 'andromache' and 'astyanax' 2026-02-03 23:02:41 +01:00
hektor
ab31842e58 feat: set up syncthing (with e-reader) 2026-02-03 22:59:30 +01:00
12 changed files with 277 additions and 57 deletions
Expand all files Collapse all files

30
flake.lock generated
View File

@@ -53,11 +53,11 @@
}, },
"locked": { "locked": {
"dir": "pkgs/firefox-addons", "dir": "pkgs/firefox-addons",
"lastModified": 1769745834, "lastModified": 1770091431,
"narHash": "sha256-/7EzWXFrHiF2LiuQPFUD1jhICcRa30QVa/uQCPu1Q/g=", "narHash": "sha256-9Sqq/hxq8ZDLRSzu+edn0OfWG+FAPWFpwMKaJobeLec=",
"owner": "rycee", "owner": "rycee",
"repo": "nur-expressions", "repo": "nur-expressions",
"rev": "ec30ecfdee4b0df2325c2672db21684e806f4b69", "rev": "4f827ff035c6ddc58d04c45abe5b777d356b926a",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
@@ -145,11 +145,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1769776025, "lastModified": 1769978395,
"narHash": "sha256-70a1kVC08AMTvPc7iqQsJbbD4Y1fukakMVudz4oY9SM=", "narHash": "sha256-gj1yP3spUb1vGtaF5qPhshd2j0cg4xf51pklDsIm19Q=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "0fba737f8d5571d41467f3d99a878e11b8c0f0f0", "rev": "984708c34d3495a518e6ab6b8633469bbca2f77a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -252,10 +252,10 @@
"nix-secrets": { "nix-secrets": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1769114809, "lastModified": 1770135527,
"narHash": "sha256-xRZeYJAq/AcEZqsevIn1POBswP4rFYhOsQxaJP6xxpM=", "narHash": "sha256-Fup9LiyL6bDID3x+rAB2nP99Xv2o9Is5NkTDbmIy6o0=",
"ref": "main", "ref": "main",
"rev": "b14f3b416336bf44343941322745d6144582560e", "rev": "521d144f8a8ff9fca8ccf492d7fbdd05d9a5fe37",
"shallow": true, "shallow": true,
"type": "git", "type": "git",
"url": "ssh://git@github.com/hektor/nix-secrets" "url": "ssh://git@github.com/hektor/nix-secrets"
@@ -321,11 +321,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1769461804, "lastModified": 1770019141,
"narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=", "narHash": "sha256-VKS4ZLNx4PNrABoB0L8KUpc1fE7CLpQXQs985tGfaCU=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d", "rev": "cb369ef2efd432b3cdf8622b0ffc0a97a02f3137",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -612,11 +612,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1769469829, "lastModified": 1770110318,
"narHash": "sha256-wFcr32ZqspCxk4+FvIxIL0AZktRs6DuF8oOsLt59YBU=", "narHash": "sha256-NUVGVtYBTC96WhPh4Y3SVM7vf0o1z5W4uqRBn9v1pfo=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "c5eebd4eb2e3372fe12a8d70a248a6ee9dd02eff", "rev": "f990b0a334e96d3ef9ca09d4bd92778b42fd84f9",
"type": "github" "type": "github"
}, },
"original": { "original": {

15
home/modules/browser/firefox-base.nix
View File

@@ -1,13 +1,20 @@
{ inputs, pkgs }: {
config,
inputs,
pkgs,
}:
let let
bookmarks = import ./bookmarks.nix; bookmarks = import ./bookmarks.nix;
in in
{ {
nativeMessagingHosts = with pkgs; [ nativeMessagingHosts =
tridactyl-native with pkgs;
]; [
tridactyl-native
]
++ lib.optionals config.programs.keepassxc.enable [ keepassxc ];
profiles = { profiles = {
default = { default = {
settings = { settings = {

10
home/modules/browser/firefox.nix
View File

@@ -1,10 +1,16 @@
{ config, lib, inputs, pkgs, ... }: {
config,
lib,
inputs,
pkgs,
...
}:
{ {
config = lib.mkIf (config.browser.primary == "firefox" || config.browser.secondary == "firefox") { config = lib.mkIf (config.browser.primary == "firefox" || config.browser.secondary == "firefox") {
programs.firefox = { programs.firefox = {
enable = true; enable = true;
} }
// (import ./firefox-base.nix { inherit inputs pkgs; }); // (import ./firefox-base.nix { inherit config inputs pkgs; });
}; };
} }

10
home/modules/browser/librewolf.nix
View File

@@ -1,4 +1,10 @@
{ config, lib, inputs, pkgs, ... }: {
config,
lib,
inputs,
pkgs,
...
}:
{ {
config = config =
@@ -7,6 +13,6 @@
programs.librewolf = { programs.librewolf = {
enable = true; enable = true;
} }
// (import ./firefox-base.nix { inherit inputs pkgs; }); // (import ./firefox-base.nix { inherit config inputs pkgs; });
}; };
} }

1
home/modules/keepassxc.nix
View File

@@ -7,5 +7,4 @@
Browser.Enabled = true; Browser.Enabled = true;
}; };
}; };
# programs.firefox.nativeMessagingHosts = [ pkgs.keepassxc ]; # FIXME: Resolve 'Access error for config file $HOME/.config/keepassxc/keepassxc.ini' error
} }

42
hosts/andromache/default.nix
View File

@@ -26,6 +26,7 @@ in
device = "/dev/nvme1n1"; device = "/dev/nvme1n1";
}) })
../../modules/desktops/niri ../../modules/desktops/niri
../../modules/backups
../../modules/bluetooth ../../modules/bluetooth
../../modules/keyboard ../../modules/keyboard
(import ../../modules/networking { inherit hostName; }) (import ../../modules/networking { inherit hostName; })
@@ -36,6 +37,7 @@ in
../../modules/ssh/hardened-openssh.nix ../../modules/ssh/hardened-openssh.nix
(import ../../modules/secrets { inherit lib inputs config; }) (import ../../modules/secrets { inherit lib inputs config; })
../../modules/docker ../../modules/docker
../../modules/syncthing
]; ];
home-manager.users.${username} = import ../../home/hosts/andromache { home-manager.users.${username} = import ../../home/hosts/andromache {
@@ -96,7 +98,6 @@ in
inputs.colmena.packages.${pkgs.system}.colmena inputs.colmena.packages.${pkgs.system}.colmena
]; ];
services = { services = {
xserver = { xserver = {
videoDrivers = [ "nvidia" ]; videoDrivers = [ "nvidia" ];
@@ -106,30 +107,33 @@ in
enable = true; enable = true;
harden = true; harden = true;
}; };
syncthing = {
enable = true;
openDefaultPorts = true;
settings = {
devices = {
# "device1" = {
# id = "DEVICE-ID-GOES-HERE";
# };
};
folders = {
"/home/${username}/sync" = {
id = "sync";
devices = [ ];
};
};
};
};
locate = { locate = {
enable = true; enable = true;
package = pkgs.plocate; package = pkgs.plocate;
}; };
}; };
my.syncthing = {
enable = true;
deviceNames = [
"boox"
"astyanax"
];
folders = {
readings = {
path = "/home/h/doc/readings";
id = "readings";
devices = [
{
device = "boox";
type = "receiveonly";
}
"astyanax"
];
};
};
};
networking = { networking = {
# TODO: generate unique hostId on actual host with: head -c 8 /etc/machine-id # TODO: generate unique hostId on actual host with: head -c 8 /etc/machine-id
hostId = "80eef97e"; hostId = "80eef97e";

40
hosts/astyanax/default.nix
View File

@@ -26,17 +26,20 @@ in
device = "/dev/nvme0n1"; device = "/dev/nvme0n1";
}) })
../../modules/desktops/niri ../../modules/desktops/niri
../../modules/audio
../../modules/audio-automation
../../modules/backups
../../modules/bluetooth ../../modules/bluetooth
../../modules/keyboard ../../modules/keyboard
(import ../../modules/networking { inherit hostName; }) (import ../../modules/networking { inherit hostName; })
../../modules/users ../../modules/users
../../modules/audio
../../modules/localization ../../modules/localization
../../modules/fonts ../../modules/fonts
../../modules/ssh/hardened-openssh.nix ../../modules/ssh/hardened-openssh.nix
# ../../modules/vpn/wireguard.nix # ../../modules/vpn/wireguard.nix
(import ../../modules/secrets { inherit lib inputs config; }) (import ../../modules/secrets { inherit lib inputs config; })
../../modules/docker ../../modules/docker
../../modules/syncthing
]; ];
home-manager.users.${username} = import ../../home/hosts/astyanax { home-manager.users.${username} = import ../../home/hosts/astyanax {
@@ -99,21 +102,30 @@ in
enable = true; enable = true;
harden = true; harden = true;
}; };
syncthing = { };
enable = true;
openDefaultPorts = true; my.syncthing = {
folders = { enable = true;
"/home/h/sync" = { deviceNames = [
id = "sync"; "boox"
devices = [ ]; "andromache"
}; ];
}; folders = {
devices = { readings = {
# "device1" = { path = "/home/h/doc/readings";
# id = "DEVICE-ID-GOES-HERE"; id = "readings";
# }; devices = [
{
device = "boox";
type = "receiveonly";
}
"andromache"
];
}; };
}; };
};
services = {
locate = { locate = {
enable = true; enable = true;
package = pkgs.plocate; package = pkgs.plocate;

17
modules/audio-automation/default.nix Normal file
View File

@@ -0,0 +1,17 @@
{ pkgs, ... }:
{
environment.systemPackages = [ pkgs.libnotify ];
services.udev.extraRules = ''
SUBSYSTEM=="power_supply", ATTR{online}=="0", ACTION=="change", TAG+="systemd", ENV{SYSTEMD_USER_WANTS}+="mute-audio.service"
'';
systemd.user.services.mute-audio = {
description = "mute audio when switching to battery power";
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.bash}/bin/bash -c '${pkgs.pulseaudio}/bin/pactl set-sink-mute $(${pkgs.pulseaudio}/bin/pactl get-default-sink) true && ${pkgs.libnotify}/bin/notify-send \"audio Muted\" \"switched to battery power\"'";
};
};
}

63
modules/backups/default.nix Normal file
View File

@@ -0,0 +1,63 @@
{
lib,
config,
...
}:
let
cfg = config.restic-backup;
in
{
options = {
restic-backup = {
repository = lib.mkOption {
type = lib.types.str;
default = "b2:${config.sops.placeholder."b2_bucket_name"}:${config.networking.hostName}";
};
passwordFile = lib.mkOption {
type = lib.types.str;
default = config.sops.secrets."restic_password".path;
};
paths = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ "/home" ];
};
};
};
config = {
sops.secrets.b2_bucket_name = { };
sops.templates."restic/repo-${config.networking.hostName}" = {
content = "b2:${config.sops.placeholder."b2_bucket_name"}:${config.networking.hostName}";
};
sops.templates."restic/b2-env-${config.networking.hostName}" = {
content = ''
B2_ACCOUNT_ID=${config.sops.placeholder."b2_account_id"}
B2_ACCOUNT_KEY=${config.sops.placeholder."b2_account_key"}
'';
};
services.restic.backups.home = {
repositoryFile = config.sops.templates."restic/repo-${config.networking.hostName}".path;
passwordFile = cfg.passwordFile;
paths = cfg.paths;
timerConfig = {
OnCalendar = "daily";
Persistent = true;
};
initialize = true;
extraBackupArgs = [ "--one-file-system" ];
pruneOpts = [
"--keep-daily 7"
"--keep-weekly 4"
"--keep-monthly 6"
"--keep-yearly 1"
];
environmentFile = config.sops.templates."restic/b2-env-${config.networking.hostName}".path;
};
};
}

16
modules/secrets/default.nix
View File

@@ -32,6 +32,15 @@ in
"nix_signing_key_astyanax" = { }; "nix_signing_key_astyanax" = { };
"nix_signing_key_andromache" = { }; "nix_signing_key_andromache" = { };
"opencode_api_key".owner = config.users.users.${cfg.username}.name; "opencode_api_key".owner = config.users.users.${cfg.username}.name;
# TODO: using shared secrets for now, but would be better to to per-host secrets
# To add per-host secrets:
# "restic_password_${config.networking.hostName}" = { };
# "restic_b2_account_id_${config.networking.hostName}" = { };
# "restic_b2_account_key_${config.networking.hostName}" = { };
"restic_password" = { };
"b2_bucket_name" = { };
"b2_account_id" = { };
"b2_account_key" = { };
}; };
templates = { templates = {
@@ -86,6 +95,13 @@ in
} }
''; '';
}; };
"restic/b2-env" = {
content = ''
B2_ACCOUNT_ID=${config.sops.placeholder."b2_account_id"}
B2_ACCOUNT_KEY=${config.sops.placeholder."b2_account_key"}
'';
};
}; };
}; };
}; };

85
modules/syncthing/default.nix Normal file
View File

@@ -0,0 +1,85 @@
{
lib,
config,
...
}:
with lib;
let
cfg = config.my.syncthing;
allDevices = import ./devices.nix;
in
{
options.my.syncthing = {
enable = mkEnableOption "Syncthing file synchronization";
username = mkOption {
type = types.str;
default = "h";
};
deviceNames = mkOption {
type = types.listOf types.str;
default = [ ];
};
folders = mkOption {
type = types.attrsOf (
types.submodule {
options = {
path = mkOption { type = types.path; };
id = mkOption { type = types.str; };
devices = mkOption {
type = types.listOf (
types.either types.str (
types.submodule {
options = {
device = mkOption { type = types.str; };
type = mkOption {
type = types.str;
default = "sendreceive";
};
};
}
)
);
default = cfg.deviceNames;
};
};
}
);
default = { };
};
};
config = mkIf cfg.enable {
users.groups.${cfg.username} = { };
services.syncthing = {
enable = true;
user = cfg.username;
group = cfg.username;
configDir = "/home/${cfg.username}/.local/state/syncthing";
openDefaultPorts = true;
settings = {
options = {
localAnnounceEnabled = true;
globalAnnounceEnabled = true;
relaysEnabled = true;
urAccepted = -1;
};
devices = mapAttrs (name: id: { inherit id; }) (
filterAttrs (name: _: elem name cfg.deviceNames) allDevices
);
folders = mapAttrs (name: folder: {
inherit (folder) id path;
devices = map (
device:
if isString device then
allDevices.${device}
else
device // { deviceID = allDevices.${device.device}; }
) folder.devices;
}) cfg.folders;
};
};
};
}

5
modules/syncthing/devices.nix Normal file
View File

@@ -0,0 +1,5 @@
{
boox = "7B5E6PT-HWRQ3WH-OLOSWAZ-T3WNHND-VKUREIJ-AD5I4EA-UJR4M5E-OR5COA7";
andromache = "QNVYMOC-GAPIIF7-PKYBN22-PPNAWOF-UJWNUFD-6DXRAJA-AZSMPOS-ULMZWAU";
astyanax = "CSSFKEO-2T5PAO5-HX43E4E-UKARH4I-6FVHP36-6YC5WXX-VNMHXD3-WY3QKA7";
}