From 8175ca85a3b36cd305ecee0b0efee90a3e6916bc Mon Sep 17 00:00:00 2001 From: Jordy Schreuders <3071062+99linesofcode@users.noreply.github.com> Date: Mon, 19 Jan 2026 15:29:42 +0100 Subject: [PATCH 01/16] refactor(sound): set luna's default audio source to 10% gain --- hosts/luna/default.nix | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/hosts/luna/default.nix b/hosts/luna/default.nix index cbf4d31..ef61018 100644 --- a/hosts/luna/default.nix +++ b/hosts/luna/default.nix @@ -92,6 +92,22 @@ with lib; geoProviderUrl = "https://beacondb.net/v1/geolocate"; }; getty.autologinUser = "${username}"; # hardcoded because this is a single user system + pipewire.wireplumber.extraConfig."luna-20" = { + "monitor.alsa.rules" = [ + { + matches = [ + { + "device.name" = "alsa_input.pci-0000_00_1f.3.analog-stereo"; + } + ]; + actions = { + update-props = { + "node.volume" = 0.1; + }; + }; + } + ]; + }; udisks2.enable = true; undervolt = { enable = true; From 664864a0f29fbc2294c4a6f875ed6d7065e5f3bf Mon Sep 17 00:00:00 2001 From: Jordy Schreuders <3071062+99linesofcode@users.noreply.github.com> Date: Mon, 19 Jan 2026 15:31:50 +0100 Subject: [PATCH 02/16] feat(sound): default to High Quality LDAC encoding for bluetooth devices --- modules/sound.nix | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/modules/sound.nix b/modules/sound.nix index 79dde63..7989b4f 100644 --- a/modules/sound.nix +++ b/modules/sound.nix @@ -28,11 +28,22 @@ with lib; pulse.enable = true; wireplumber = { enable = true; - extraConfig = { - "wireplumber.settings" = { - "device.routes.default-sink-volume" = 0.5; - "device.routes.default-source-volume" = 0.32; - }; + extraConfig."overrides-10" = { + "monitor.bluez.rules" = [ + { + matches = [ + { + "device.name" = "~bluez_card.*"; + } + ]; + actions = { + update-props = { + # set quality to high quality instead of the default variable bitrate ("auto") + "bluez5.a2dp.ldac.quality" = "hq"; + }; + }; + } + ]; }; }; }; From 5e7d67c37c8073fa9f424519f33a3df9d0e4d43e Mon Sep 17 00:00:00 2001 From: Jordy Schreuders <3071062+99linesofcode@users.noreply.github.com> Date: Fri, 30 Jan 2026 09:52:04 +0100 Subject: [PATCH 03/16] feat(script): add ./nixos rekey command --- nixos | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/nixos b/nixos index 4f86009..e11e5be 100755 --- a/nixos +++ b/nixos @@ -20,6 +20,7 @@ Options: Commands: help Show this help message + rekey Re-encrypt secrets with (updated) .sops.yaml keys deploy Remotely install a new NixOS system using nixos-anywhere Examples: @@ -102,6 +103,11 @@ case "${1-help}" in "help") show_help ;; +"rekey") + shift + sops_rekey "$@" + exit 0 + ;; "deploy") menu_deploy ssh_generate_host_ssh_key From 4d6266d486e06e08e361ef87eb303c347bf567fd Mon Sep 17 00:00:00 2001 From: Jordy Schreuders <3071062+99linesofcode@users.noreply.github.com> Date: Fri, 30 Jan 2026 11:19:09 +0100 Subject: [PATCH 04/16] refactor(sops): rekey with proper master and host keys --- .sops.yaml | 4 ++-- hosts/luna/users/shorty/secrets/id_ed25519 | 8 ++++---- hosts/luna/users/shorty/secrets/id_ed25519.pub | 8 ++++---- hosts/luna/users/shorty/secrets/passwd | 8 ++++---- hosts/mars/users/shorty/secrets/id_ed25519 | 6 +++--- hosts/mars/users/shorty/secrets/id_ed25519.pub | 6 +++--- hosts/mars/users/shorty/secrets/passwd | 6 +++--- hosts/shared/secrets/rclone.conf | 10 +++++----- hosts/shared/secrets/restic.passwd | 10 +++++----- 9 files changed, 33 insertions(+), 33 deletions(-) diff --git a/.sops.yaml b/.sops.yaml index c17ff2c..75617bd 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,6 +1,6 @@ keys: - - &master age1fczq47wpa2wpm9ejy85qw3axw2c9v0f4qrywv5amnuqsjc87ws6qx75pfr - - &host_luna age10a049meemjvgdgukx6zu5lwu82mqul83l7fyd66tzy9sm8637s7q07ujez + - &master age1hunzh8g6qs0yztln5q4akxvepd667xky4lkff4jga57kzah69ujqvpd7kt + - &host_luna age1fczq47wpa2wpm9ejy85qw3axw2c9v0f4qrywv5amnuqsjc87ws6qx75pfr - &host_mars age1epkfxmjk0tlne8rmxqq77u06q3lnf5xfjcrwq42nuasswefndyfscw84cy creation_rules: - path_regex: hosts/shared/secrets/.* diff --git a/hosts/luna/users/shorty/secrets/id_ed25519 b/hosts/luna/users/shorty/secrets/id_ed25519 index a9cfd14..29e38cb 100644 --- a/hosts/luna/users/shorty/secrets/id_ed25519 +++ b/hosts/luna/users/shorty/secrets/id_ed25519 @@ -3,12 +3,12 @@ "sops": { "age": [ { - "recipient": "age1fczq47wpa2wpm9ejy85qw3axw2c9v0f4qrywv5amnuqsjc87ws6qx75pfr", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvOXI0Z0ZIM2MydzUwWTBX\nVTVhQ0lVR0lIS3JjSjN3VzNmMU1qWFIyWVdRCmhUeHd6elRuM0RMYW5QdHBSdnlo\nWmxPRXdlQjJtMUpxREluSHpPZUlpeWsKLS0tIGtKTExwTG5XMlFHTUQ3eXRDL2w3\nRTZTWGZkQUtHT2pVUU45RTEySmxsMTgKyrJUCN5ooCRoZe+VJeEW1mIPLnTIWxRw\nZ3PzJkw0YPEq8B+RvWjKDeip5uj1RWJOgU5sl1ngf5CbN37uUIAlAQ==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1hunzh8g6qs0yztln5q4akxvepd667xky4lkff4jga57kzah69ujqvpd7kt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzQ3R0SW9vck5YdmtkaDlD\nTDJIbWFkeTVMOUpaY2hUemMrK2c2aDJjbzNVCjdNVmovb3VGQ2VWTnhaVS9kZyt5\nN04wNXNVblJzN2o2THlXMGRyY3l2MGcKLS0tIEQ2a2tiTktpWlViditZUU9CbDJJ\nN1FkWkdIZjl5elJiWS92Z2U2N1BYcTAKSWthfiDVJ5A41/GdUaLHOOP7JU+vGmEO\n7bj84M7Gcq4o09EZo9BIIVfUGsKQ6vH+dRb5NrjELK0ngeybsPF3dQ==\n-----END AGE ENCRYPTED FILE-----\n" }, { - "recipient": "age10a049meemjvgdgukx6zu5lwu82mqul83l7fyd66tzy9sm8637s7q07ujez", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPVzFOQlMxdzJLRmtOMmd5\nQVIzYWwwbkRlb0tJOTRKcFlzUlVqNnNUSFRVCkd3SzNBbGhQNU5LL2RKbWlGcEh2\nM2Y0NlNicEl1S2thSHNPZDFubUIvOUkKLS0tIGNTQTR6dmxaV21UNGN2T3FoUWFG\nMDcxN0pIZjVORDRTcmhMd1RUaGZ6djQKySiQjwuQwTx8WmAqrqu94pByd+cUM5O8\nG38dnvUaRhC5DjShbinPJiVdchV9lqllU2dYaWq9voY/RCJH4EMm6Q==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1fczq47wpa2wpm9ejy85qw3axw2c9v0f4qrywv5amnuqsjc87ws6qx75pfr", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYUXF5U3dKM1NKUVYyTFNE\nZTNYR2txSzd0cHpsR055S0lnRWRuZXpVN2hzCm1MQ1dqbzRGUVIyVXhIWTBqeDQ3\nS21QRHJsRTJEOFBMK0YxUVZyYVlDejQKLS0tIGRRbE94S3dBWFBBVk9QM1FYRGNO\neXF5V21Uc0dIamdKdGNiYzltWlVyN0EKZf/zyXhbN9DJHeyrWFAhaTJr5yR05KIP\nT6Jy2cgOxt6MaqjeOcxyWdF8mA1BZBoAdipi1mD68L6Uth91gZGHBg==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-10-24T11:14:20Z", diff --git a/hosts/luna/users/shorty/secrets/id_ed25519.pub b/hosts/luna/users/shorty/secrets/id_ed25519.pub index 59b587b..64c23b1 100644 --- a/hosts/luna/users/shorty/secrets/id_ed25519.pub +++ b/hosts/luna/users/shorty/secrets/id_ed25519.pub @@ -3,12 +3,12 @@ "sops": { "age": [ { - "recipient": "age1fczq47wpa2wpm9ejy85qw3axw2c9v0f4qrywv5amnuqsjc87ws6qx75pfr", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0MUNCU0VEaWF5cVNydGNQ\nZXRKNzlla3k5RkRNZkM1dE5oN29HeXVRRDI0CmkrM2U0TEFMMk9LUEhDQzlBMGpQ\nKzB5bHFWRnFhR2xrMHpYMVdnUmJSNUUKLS0tIEVuUWF6N0YzUTVzR1lscnphWWxy\nNy9UaVNITFlxQ3NnNWNDMzRWVnkxUGcKvKmoT3SqPcyM2Fhoxc8mSJl06rV8hlhI\nFftuxCOO/04lIA7FHHrEHRwON/OZKSwe8ZHkq8ojvUyhPsS9CF3COg==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1hunzh8g6qs0yztln5q4akxvepd667xky4lkff4jga57kzah69ujqvpd7kt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBScElsRFpOeCtTQVM5bUgw\nZk41QStsY2k5TE0rVUZ0a3Fic2hCSVM1ZGljClA4Y1M2ekF4Z1BmRFlZbFFoSjY4\na3ZkaGF2L2hTZXB0VVExWWVKbTZiRlUKLS0tIFBnbVhMREJVeHAwYWM0dlNUbEV4\nbUNOK3FVakZkQzR3QjFGemRPUE52L0EK+wlAjUa2D8w5z10lf04OJ9U5ZHqqeyuc\nVPo7wy8p1/aH0D1RN3882c90khDYrL5AF55mj8BC4VEOpEUsKwR1Dg==\n-----END AGE ENCRYPTED FILE-----\n" }, { - "recipient": "age10a049meemjvgdgukx6zu5lwu82mqul83l7fyd66tzy9sm8637s7q07ujez", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOOUZmOHRBR0NkUkdmRnk3\nMGI2QlBVc2RqbHMvS1FCSmV1WHBNSjRYZkdRCjhaNk1OZ2lCbGhtTml5SStsc1ZN\nOWY2ODNCdGt1ekJKZjE2NnQwVjNGMzAKLS0tIFFoZndSVWR5cmhMTGZmVnUyNk0x\naS9FSWU1SS9zakRIWnpYTEladUxTR2cKdJUuLUlnb4/wrooyOx1rCt/sOcrBNna3\nAkglRjSmmgAmU8xkdA3ul/3ROIwn22xgp61BIRCwPVCLDOx5KfQ8/w==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1fczq47wpa2wpm9ejy85qw3axw2c9v0f4qrywv5amnuqsjc87ws6qx75pfr", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhZEJNTFpQa0lCUW0xcGdj\nSytGVS9GN2pJUWN3ZUtSSWlWcjZ6dkN0Yms0CldFc1FwWHo3WjJ3MktVR2lwQ2tR\nd3ZMeGhRNHhJYWVOYXNYR3Yxci9zOE0KLS0tIC83c3dvdlFUeFlvdzlkWlplZVF3\nZzIwcE9JMlBZSEVyNlovWEt1dnpmVDQKIq6NfaH84i9E3wE3WKRWW+rHTYFrv32b\njiT/2vqNTNxiiY8U0KtGZN9x5MP6c+g9xY0WSMTv8ZDoODRUlKUzBw==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-10-26T18:29:50Z", diff --git a/hosts/luna/users/shorty/secrets/passwd b/hosts/luna/users/shorty/secrets/passwd index d0eb601..4ad9e9e 100644 --- a/hosts/luna/users/shorty/secrets/passwd +++ b/hosts/luna/users/shorty/secrets/passwd @@ -3,12 +3,12 @@ "sops": { "age": [ { - "recipient": "age1fczq47wpa2wpm9ejy85qw3axw2c9v0f4qrywv5amnuqsjc87ws6qx75pfr", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBY1ZtdkVEUjRBZkZHNXox\ndWFhY3dIR2UzRmljNWU2cHk0dC9IU2pxVEVjCnhObHUzdVE3Sm9zdGEwK2pKVldP\neUtCZlk3VHhrQk1mMjFaSjI5ZTZqc3cKLS0tIFJyRjlLbk9ZUWVaZEd6UVRNOElt\ncTFPN0x1ckZXVFVGdVhYU2k0SjFiZG8KhvILNAzA44RmuvHlzmqVozyB6r2ZbQch\nl3S8pq0pQ5yN+4DKWKeNK8QEFZ5QCs8Ts/14wbJpdrVsQCkHy5R29w==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1hunzh8g6qs0yztln5q4akxvepd667xky4lkff4jga57kzah69ujqvpd7kt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1aG1HcDNQSjcwZWJUYk1U\nNjQzUXNEM0tKL0o0U0swUlp4UlZ5a01PVTJJCmN6NjUrN3hSdnBZbjFRYnFPdkR2\neGloNE9Ga1BPMFdwdGk4RC9ISVhQK28KLS0tIHJJVE5mTXh3azJEYXNtWm9FTkd4\nbVlUUlBmcG1VTFJrRFlYb0xackl1ak0KXSzw2EaC7IL1L/S+j9Qh+FxqwcBpwgqY\ngSM2tIvQ7xdwQG2P3lNTHX+l34MwjaQJKChREemZySTFMgvm866kEA==\n-----END AGE ENCRYPTED FILE-----\n" }, { - "recipient": "age10a049meemjvgdgukx6zu5lwu82mqul83l7fyd66tzy9sm8637s7q07ujez", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvWGJwaC9MMUJnZ0hVNG1H\nWGhKZzBkbEFpU1g3ZWJCUWlWRFdjMUY4cWxvCmhGUzFhU1ZJMW9Yc1E3Z1FLVXl2\nODhSWEJaUG9EQUhpSE5sd3MrNFA5U3cKLS0tIDlzY1gvMGI5WG83OTh4aVB2UWNO\nd2hoUGVnN01EZnhCY3MyL3FFWm1GTkUKpHob+VsJ7nmI+6avBOl2+hNz+9RQge9Y\n4WJQWkjokBNDVe/UOzRBWBWFzP/BmBzDSSepeqGWLP33ZP8R2wUnjQ==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1fczq47wpa2wpm9ejy85qw3axw2c9v0f4qrywv5amnuqsjc87ws6qx75pfr", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGa2hNbzJZck92UTFNb1Ni\ndXp1TFR1emVhaFFqMHZZa05TVlNzc0ZEOVhVCkl6b09IVnFONTJFTVJqRk04MW5L\nOHdrSXRjVmQxWXJEVHZESENOOVg2YjQKLS0tIG1MWlU0bmFWTGxBcGN3OXlPMWZp\neEk2Mm9jVDk5RjBYMzl2UHI3UVAvYmsKZQAWNxU9AwlgohjgdOgbUi6xpRJvdth0\nsI+P2unsIEtABw98TfIjGpC9/3w95NkMKkJgRbZ/bwuttdseW8jnMA==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-03-11T21:49:48Z", diff --git a/hosts/mars/users/shorty/secrets/id_ed25519 b/hosts/mars/users/shorty/secrets/id_ed25519 index 2b57b2d..b0267b8 100644 --- a/hosts/mars/users/shorty/secrets/id_ed25519 +++ b/hosts/mars/users/shorty/secrets/id_ed25519 @@ -3,12 +3,12 @@ "sops": { "age": [ { - "recipient": "age1fczq47wpa2wpm9ejy85qw3axw2c9v0f4qrywv5amnuqsjc87ws6qx75pfr", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuaDlMUVZwMExGNk1mU3lX\nWG94RmxXckg3R1BIOTZnbnQ1MTFBVmxobWdnCkZoUDZzNGkyRjRRRlBJdDF3QUt3\nVGltVzhSY2tzMEo0eTltQ08zWkN1dTgKLS0tIHhDRFRyL2I4Qnp1OHhWV2ZaUld2\nOXh0V1BuTkN0NUJHTm53UzNzcmRKMG8K6IBsrkRwRFJDt4jjhUUg7UcWLQK94t02\nZggif+q3yDuFkVRfVS6yxyMXti9BdcoCmcGS7O/fBRcdh61LMEwxRw==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1hunzh8g6qs0yztln5q4akxvepd667xky4lkff4jga57kzah69ujqvpd7kt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArTSs1eldFb1ZaWFBSVTIz\ncFhKK0gzbm85OWs0WnpFWU44NWNQcmk2WjE0CjI2ekZBOC8vam4vTzE2Z2xDaFRB\naUZVOXh2RUFNblErSWk2dlVYSUFmRDAKLS0tIDJHZkN6YmVraEE5dWxUdFN0VmpD\nTmc4MVRoQ0FrM1RhMFlONnhiakRnUGMK3+2YZ7ch2KMHbvjzTrOBoWnLhzXnsn4G\nqQtVWhMbPn3Zv5xiYHNcGKOdrAJyBUlWT3OsaVaBDcBHaX7gKM6YMQ==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1epkfxmjk0tlne8rmxqq77u06q3lnf5xfjcrwq42nuasswefndyfscw84cy", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvTmJtemFEVzhSay9HamdM\nMzBiMC8zZnpXcVFlNHJQNG41K0FiSTBsQlZ3CmkzRUI2a21hcmFNbDBva25JcTFk\nbWNpQldhZG5qM2pxZCtWcER0S2lEMFEKLS0tIGRDa0JEZkFOaThGMTh1TTFpSmRh\nSm9LYlhqSzNhRDlnTUF6MEhjZlBSanMKHzSjslqK/HiSNMaBtNYNX06Dkfjb7Auf\nDwC+LzRhpSJdi6W99OLYiCyIOMeeCZs73u9gOw2ZwXRaCxE0lMM8mQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnaVoySVNOaTBFSGlVNEov\nelpiWnQ0aFFoaE9qYWVoVVVFUXAyclpVVTBrCmt4akxYbllWUG9EQ2tYNExmQ0E4\nNWM2eVVkdHRydW4ybzhmeFp6VlhjbUEKLS0tIDdxRXNXOCtnTXlGRHArSUk1NnNk\nTWMwcGFoNXVsWlp5TTJ0NXhtdy9XQ2cKiLuO2+MCU2e50d4WIDAVDj055/h877ZG\nXTUEbQ0gDO0F8Rf72EzoqjebUvJV8UEGMEsEMpKNAyx6C6ceget4Kw==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-10-24T11:14:20Z", diff --git a/hosts/mars/users/shorty/secrets/id_ed25519.pub b/hosts/mars/users/shorty/secrets/id_ed25519.pub index b95abe5..a679ddc 100644 --- a/hosts/mars/users/shorty/secrets/id_ed25519.pub +++ b/hosts/mars/users/shorty/secrets/id_ed25519.pub @@ -3,12 +3,12 @@ "sops": { "age": [ { - "recipient": "age1fczq47wpa2wpm9ejy85qw3axw2c9v0f4qrywv5amnuqsjc87ws6qx75pfr", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKdkEwN3V1eEZSSXBhZmJN\nMnQvdFpqcFVZazNQN3hJV21QN3I0MmpWZms4Cno2V0xyemJBUXhXVHE5SEdrUmFr\nYWsvdXJOaWNYcE5jN0M3MGhmclpXY2MKLS0tIEJvb2F3UEVkY0UxUlp5TWNua2RF\nZmdzQWpYclBBeXFITzlLbVp5QmNrdkUKK/AzjA5MyrKAhTrKy5V+NwaUW93QATcP\n6TjphiCafQhquVI1bc+E9R9tUSnrUrwRveIUfbmHipXAn1xB/H0n/g==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1hunzh8g6qs0yztln5q4akxvepd667xky4lkff4jga57kzah69ujqvpd7kt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSKytFSE5YU0hUaTZCWHRw\nYTREV1ZFcnphQVlLb1RzeUx6T2ZxZmt2TGlvCkk5eG4rYkE4UHdXTENxcldwQytM\nWi9pRGdNLy9zKzhaS2w2UDl1SFYzU00KLS0tIFo4SW51WXpoa21SUUxKSjdwd3I1\nRnR2bjB3eHdTbytTV3hOODYvbDlCNVUK8a2OpDlgGc3HYgvVYy6hMi2EV6aGwlm5\ndXn9Po14OOX/En7VL3KaEUpNvTvf8n3PNayK+1/J82wwjlaOcc0Q6A==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1epkfxmjk0tlne8rmxqq77u06q3lnf5xfjcrwq42nuasswefndyfscw84cy", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxQ0orSWRzZE03RHRUZVdS\ndUkwRzFJN3h4WUxVSGtyMVlkemt4aHNRQWcwCjdBMUJUaUpCYUpvREFyVmxVdTlJ\nZWZTaTV5aVd6eW1NUkNnQXF5RlJqRE0KLS0tIFVTd0ZxQm5jVkhLVUQ0UFZCN3RK\nYW1CM2psaUgyZSswK1RJVkJHN0l1aFEK5j6BWgI40tvPDhSLCqOSytfwKQWwtueZ\n+VaBhRjy5yw2UQ6k/2/hb8oCLja7DFGoirnZMCZewLhX38Rnvp7hxQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCa2NVa0U3QTZkK283dkY1\ncVBDTFBQVU1wU0VDaUZuOUFZUjEzM09IUm00CmJOM0NBRmROOHpUWk11amxFbDJB\nelNaQVlJdld6aStEbTY4UURCUlBpYmcKLS0tIFFjWmZtY09JNW1kc0FiUi8rNVhP\nUk5sUURFSUFmclo4T25ybzc0cFRaUmcK8z1z//9A09ZG/Hh3hyCHkxSWhhRPKTSn\nwxYtI1yBI5tL3SUjJFKEqvYKETUJUnTBZuYj6b64TmTiKQTVfahOIQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-10-26T18:29:50Z", diff --git a/hosts/mars/users/shorty/secrets/passwd b/hosts/mars/users/shorty/secrets/passwd index 2dc2586..69cf33d 100644 --- a/hosts/mars/users/shorty/secrets/passwd +++ b/hosts/mars/users/shorty/secrets/passwd @@ -3,12 +3,12 @@ "sops": { "age": [ { - "recipient": "age1fczq47wpa2wpm9ejy85qw3axw2c9v0f4qrywv5amnuqsjc87ws6qx75pfr", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJMTRWM2RBdHVob21nK2o2\nY29MM3JEc1lUNFNjcFdKVEdzem9FbC9lWFhRCjZMeituVzlTVExTc2UxU21jWis2\nRFViS055Ump6OXozYTJhSXVUSUlRNlUKLS0tIDFBTU4xZ21YUVhPTUgraFdlSTVY\nZEdrb0huVmVXWUw3SHNLTVg2enZMR0kKpbLnkp0Qjph+EwcKRwOdcqSmIIDXR6XH\nopLe7bAwLlzZWK4Vvs3UuXfOtSZaCvHUAEvi1QMDgO92q2EZw1tTrw==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1hunzh8g6qs0yztln5q4akxvepd667xky4lkff4jga57kzah69ujqvpd7kt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0aWk2MDRBYVhhOUJ5L0ww\nWWZROTM2eTFxaWNaa3Foem05MTM0ZFcyampnClp3NWJyYndCK250UXJXM2ZYdWli\nZFNTUlZBV1VhUU5WQUx3cHhsVEtMTjAKLS0tIFBrajdqenhPelV2K20zRjBpLzlL\nc1FyTDI5cFF5RVlIMmUrZ3pSbk1OVW8K2MCisplW4s51i73uqBJk7xLiJI2VEtMo\n7M3quafMdlu6JlNHAs4NbMHCmzgFOTKUA/wuVIVoTmI5YMc/8XJXbQ==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1epkfxmjk0tlne8rmxqq77u06q3lnf5xfjcrwq42nuasswefndyfscw84cy", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4dmhOMmlYWnB0Y3Z6NWdW\ncThUbWg1empjbVRnS3FvY0MxTzlQczJod1dZCkFiRXB5eDg0TWptbUl3YVVJTGpH\ncW1SOThXejZDa1lFWG9NMnNIOG5aWEUKLS0tIElpOFJuL05sQTY3ZHJoOEdqRjJL\nUFRqY0Z4L3B5eFRFR2xOWVJtL3V3Nk0KKHTY3ErygB7/sSCjIrEDI2IY68/QKGUX\nmzgaDB2tqFDFMmNm9jLiawBprtTXxbaY0W7mwF+mBXQMF3IFj3BQ0w==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuNzFNK1hrbXRQeVFHT1h0\nd002dllYT3F4bFFDQUttazV1T2FJNXRqekFJCnZRSzd1SWJsT3A1Mmk3TGdPOGtj\nWjNEQUNNZTBOeng0a3MraXlIUGk4MW8KLS0tIEY5djFvVThRODR5aFh4ZFRJVWV6\nM0t5MlN6K2lQclREMjhSSFdhNjdFS0kK4cXvECjpN7/bwfpHrpDYIXsJsW0yQDvy\nzRGc95fITnQ1wm117vjc2ypYhrgHOxKmqzWKOLrIZAFvxitaO22vtA==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-03-11T21:49:48Z", diff --git a/hosts/shared/secrets/rclone.conf b/hosts/shared/secrets/rclone.conf index 5fd0f5e..56b5721 100644 --- a/hosts/shared/secrets/rclone.conf +++ b/hosts/shared/secrets/rclone.conf @@ -3,16 +3,16 @@ "sops": { "age": [ { - "recipient": "age1fczq47wpa2wpm9ejy85qw3axw2c9v0f4qrywv5amnuqsjc87ws6qx75pfr", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjV3R6b2wvZ0U3RjdMbVJO\naElNLzN5MkQ3L3pheUZOcHJ1Qm81RXJnVGlnClliUFFOOTJrTWtmRFJkWlNPa05i\ndlVYNEExVDBYRkNSd2ZUMHFkWG1DVU0KLS0tICttSHo4K3JVeDlsQVNJTDZJNExX\nVnViWWV1VzVZUkpyN29FczRSVjNTSDQKUevwEgjQDm+kNG27/NLyU6L5eOG2JRB3\nUqInB7bdt6+VknQszVUShce+FFep+7aKg6Pwi0CpZ7cNKUBRbSviDw==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1hunzh8g6qs0yztln5q4akxvepd667xky4lkff4jga57kzah69ujqvpd7kt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkaHdNWlZkWkFGdDNVblJW\nS2xSREIrR0hMT1IyNk9VazE2SDlYMEZFNkZRCmFFYU95VXdubmFVNE5ld0YwdUdo\nL2NySllwR2luSklEdU12amRkUENsYjAKLS0tIFcvNjNqcUR0bUNySmVINEJQK2N6\nTHV2bS9CS3VzTFN1dHdsVjdPQitaZ3MKwM4Z46yVulFEe/Pu33TDyKF6NprjSrsE\nLqr597GUP1jtn9Tp/VJdysP+ZZHhEkd0qaChMuB3igTvaUmfl5ZDEA==\n-----END AGE ENCRYPTED FILE-----\n" }, { - "recipient": "age10a049meemjvgdgukx6zu5lwu82mqul83l7fyd66tzy9sm8637s7q07ujez", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqcFYrZHpLanRIK0Q4c1hr\nYktmYStKd0loRlpTQmVQUkE3NDZWS1I5YlFrCnJoYW5lRGNvdEhPTGJzRzVSQXJI\nQUx4ZFN2TnV4WnN6M3Q3Y3RkL2xGdUEKLS0tIFl1eWw4enY5QlZCdEp3SlF3RFVR\nRkJERldsamFpNG5SekpIc2ZwcHowQmMK0TiAWqcBk0nft+PzRWJBGmhhQrxZJRie\nrBf5hVmseKAWTVeuSeBVi1XVGLqQttsLClNmu8J7g2nPmHaiAqztOg==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1fczq47wpa2wpm9ejy85qw3axw2c9v0f4qrywv5amnuqsjc87ws6qx75pfr", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUT2JPK0FZVGdtYWdGc21O\ncjFRQVpnNnFrYTJDNTQrbWNsbVRJZHJDM0VrClUxYmVXQTZ5bkQzblBVa0dWSXF1\nZnpDTUtyRTRvck1Sam50NEI5ejRReFEKLS0tIGxXT051cGlKK1JMeWFRVEtoNzg2\nVDRpTGo0Sk5FNTFyQ2pFdEtBRlorb0UKo7W0LQjArTceUyfbUZgoPsFV+o1i8/h/\nPb2isy2odFLCmAUH9F6bzi2i6bzFaqmWQVk0iBApFuVtjQ/kwEacxg==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1epkfxmjk0tlne8rmxqq77u06q3lnf5xfjcrwq42nuasswefndyfscw84cy", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2SFZOSWZidWZBSlczOGVm\nZzdNcG4wMlROSDkzQ0NjN2ZINU5GYXVldVNJCnBYM1N2TUZXVHRCbzByRE91Q1F4\nM2JTajgrK3MvZElqdEJ2SXF3OFhKN00KLS0tIFZFL28xM3VjMHB6UVBubWx6c0dz\nVk1xcGpOUFdWNUlpUk5PK2tCblVEdE0Kp1uoxyEGpW06HmeXQHN5yigoqPBYtFv7\nPQG2F0YaWGqR6HNREgQB276qEmjkIRHEhHE1RnCxw900UvuOw4HsTQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLejlNRjgyNDNaMEZ6RXJs\nbi9BT21NeDVueUFXYTczWndaZkRyTmNXODJjClZwVzJDS3VPd091cjNncmdKYkRQ\nUXlSbkJ1dEoyN1U0VmtwUjBtckpsSmsKLS0tIDZpUm11VWE1dGt1KzBHTUtRNDVP\nTnRKckFoM01LaXNvOUJFM1FJekoxZlkK1xGz4lnmDvK6nNSB/Ri6hclK/hDg1dzX\nApZDPM/AoCkDL0ET8fBN3D+uQKaBDG5tSHDG+NX6o2RHlajFe3pfIQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-02-12T10:44:19Z", diff --git a/hosts/shared/secrets/restic.passwd b/hosts/shared/secrets/restic.passwd index 841ec06..0dadf2f 100644 --- a/hosts/shared/secrets/restic.passwd +++ b/hosts/shared/secrets/restic.passwd @@ -3,16 +3,16 @@ "sops": { "age": [ { - "recipient": "age1fczq47wpa2wpm9ejy85qw3axw2c9v0f4qrywv5amnuqsjc87ws6qx75pfr", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHZ1BnWG5Fa0FUMHVEdjhW\nZGdCNDhEVFUrbXh4L0tweTJsbmZINFRhOXdVCisydk4vU2lxRFgxWG9PQ1d3cGFD\naVlhM1hEaVd2Kzg3VTBrc0JRRm9NL28KLS0tIDRSeHhtQ1dTMzRRZXZhU2pHVFBN\nSVZldUY0VkdtbVBYdFp3eEJJVm4ybkkKndRG4Yp0UjYlCGMwMFRJZb443OIumjCN\nW4QqvUDCwD+uKP6ZADdWITgVN2IOWRu/RROUSoiLfpZlAIle/LNc/g==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1hunzh8g6qs0yztln5q4akxvepd667xky4lkff4jga57kzah69ujqvpd7kt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3ZDErTmtXZDVZV2RVRFZT\nYzF1d0VWejZQWWZ3bVpKWDdhYk8xazI0TmlzCmV4a1ZiWDMvZW9xQllzNkRiWEIx\nbFJwNWJHclQyTG5LYzFGbnJ0Qlh2aEkKLS0tIDJwMDd4VERacHBjNzBtV214NkF6\nd1E3QmZvd0FmeExPYTdYZHBEOGt2d2cKAEJ49oaS1kH2/5nQsYknpEi4uU1985Qy\nDKEj71DP/xkdhQdG+mYoT9uvW++oaJBbQen5VehD0SHVC0+bl5iE0w==\n-----END AGE ENCRYPTED FILE-----\n" }, { - "recipient": "age10a049meemjvgdgukx6zu5lwu82mqul83l7fyd66tzy9sm8637s7q07ujez", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwZUJFdGpBajFUaHNpOTMx\nUlNLb1diZFlFRDZ4S29tQklHRXJ1cmZiUFhVCmNIaXNsRmxDdFY1Q3BRK09HUnlP\nVnZ1clVkY1BucUdBVHpUNUpXQ3hwRlEKLS0tIDhPTHl3VlVhUUdYWlZWb3hqWXdP\naG5pYm9SUzBnVWp6OE10VnVhbWpXR0UKmEbSZZQBjbTFFqW6L97gk99fc3ctmLGz\nxVgIokBqRqKAf/W3L8zURaaJ50BGu2gL6kZIVwF/DsaWY/iY8vv7ww==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1fczq47wpa2wpm9ejy85qw3axw2c9v0f4qrywv5amnuqsjc87ws6qx75pfr", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5REZVV2tzOHphNlJjTENM\ndWk2Ny94dm9ITXVpREQ1MEptMkp3bUl0YVVJCkROTy9Jb1NvWk4yZ1ZmZWg3bW5y\nU0MrTmJKdEZKNU5KMTd1T2l5czExTFkKLS0tIFBKcUFoK1M0T2Q4SWRPM1hjS25B\nT00yWEhXVVpKSGJCSFpDRXBDUGpybEkKflues3wAVHf5mSsAG2CYlwTKtiOYANfx\nAlamfuWFTHruEN0JpwgmNrSjzE4KgPjIMaeLYXRPEo3s2QUgdanPJw==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1epkfxmjk0tlne8rmxqq77u06q3lnf5xfjcrwq42nuasswefndyfscw84cy", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVWGluR1lVdVlqM2YvNGtT\nZUpaK29XaVR0d0EyR2kxUzA5NHJJN0lSN1RvCk9lR0tlQ0VyNmxtWXZCZmJjNFh3\nT2xDYm90OW84K2I1MXlGUXlwUUdtZ0kKLS0tIFp3SjdJMUJ1cnFHNURiR0o3Vkxp\nQlJrYTJJODJLS2xoWDBhUWxjOW9kdHMKJepnVD8ocxh1LmQBJDNe9PnwvLePogG5\n+eYtK9JfuoogRRAk2hAJKmNBemAW99CjpVJGD9aGMaQ9i3YvyiBYMg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjbEs0cUVFcVNBVlhIYXZ5\nMHROMGJ1ekh3MFE0c2RQbXhhaktubU9zbkVrCnh1ZEtVdnFZUGtIbWdEUkVocURa\nL2VUdmlVRkNFaEVneEQrb1BlK2IxMTAKLS0tIDlUMThXMVJrdlBlaDFJaXMvN0Vv\nbGRBZ1lEVWF3elE0YWhZUlIrN1lrZFkKwBCKcnkCdEKfV6hL+Y4KNihdhumuxAmm\n7YG49Fh27WOQedgoBuODLQ2Fo+BBWGOsYc6e/aDranOrCFrtmXvnGQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2026-01-12T16:32:07Z", From 8649819dee443dbd9583eba470ee78be8bea040a Mon Sep 17 00:00:00 2001 From: Jordy Schreuders <3071062+99linesofcode@users.noreply.github.com> Date: Thu, 29 Jan 2026 14:37:39 +0000 Subject: [PATCH 05/16] fix(networking): define networking.hostName at default module level So this gets set no matter the networking configuration. It's not the ideal location but this'll do for now. --- hosts/mars/default.nix | 4 +--- modules/default.nix | 9 ++++++++- modules/network/manager.nix | 1 - modules/network/static/systemd-networkd.nix | 1 - 4 files changed, 9 insertions(+), 6 deletions(-) diff --git a/hosts/mars/default.nix b/hosts/mars/default.nix index 16923d7..93c45f6 100644 --- a/hosts/mars/default.nix +++ b/hosts/mars/default.nix @@ -30,9 +30,7 @@ in host = { user.${username}.enable = true; - network = { - hostname = "mars"; - }; + network.hostname = "mars"; docker = { enable = true; diff --git a/modules/default.nix b/modules/default.nix index c920bba..d6d1114 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -1,4 +1,9 @@ -{ lib, self, ... }: +{ + config, + lib, + self, + ... +}: let files = lib.filesystem.listFilesRecursive ./.; @@ -25,5 +30,7 @@ with lib; systemd.enable = true; }; }; + + networking.hostName = config.host.network.hostname; }; } diff --git a/modules/network/manager.nix b/modules/network/manager.nix index 519d903..1b32b4f 100644 --- a/modules/network/manager.nix +++ b/modules/network/manager.nix @@ -18,7 +18,6 @@ with lib; config = mkIf cfg.enable { networking = { - hostName = config.host.network.hostname; nameservers = [ "9.9.9.9" "149.112.112.112" diff --git a/modules/network/static/systemd-networkd.nix b/modules/network/static/systemd-networkd.nix index 63d7daa..e2abbc8 100644 --- a/modules/network/static/systemd-networkd.nix +++ b/modules/network/static/systemd-networkd.nix @@ -56,7 +56,6 @@ with lib; }; networking = { - hostName = config.host.network.hostname; dhcpcd.enable = false; useDHCP = false; useNetworkd = true; From ac64aa9a37d87491a58e35bcf28c85dbf5f09bf4 Mon Sep 17 00:00:00 2001 From: Jordy Schreuders <3071062+99linesofcode@users.noreply.github.com> Date: Thu, 29 Jan 2026 14:38:27 +0000 Subject: [PATCH 06/16] refactor(mars): disable k3s for the time being Don't have an ETA for the kubernetes cluster just yet. --- hosts/mars/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/hosts/mars/default.nix b/hosts/mars/default.nix index 93c45f6..e0158ae 100644 --- a/hosts/mars/default.nix +++ b/hosts/mars/default.nix @@ -36,7 +36,6 @@ in enable = true; rootless.enable = false; }; - k3s.enable = true; openssh.enable = true; rclone.enable = true; restic.enable = true; From a07a17d70dca22a1c1315cd349e00129c5898a1a Mon Sep 17 00:00:00 2001 From: Jordy Schreuders <3071062+99linesofcode@users.noreply.github.com> Date: Thu, 29 Jan 2026 14:38:46 +0000 Subject: [PATCH 07/16] fix(restic): correctly define backup paths --- hosts/mars/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/mars/default.nix b/hosts/mars/default.nix index e0158ae..cd57fc1 100644 --- a/hosts/mars/default.nix +++ b/hosts/mars/default.nix @@ -42,7 +42,7 @@ in }; services = { - restic.paths = [ + restic.backups.remotebackup.paths = [ "/home/shorty/.config/server01/" "/home/shorty/.config/piratenportaal/" "/var/lib/docker/volumes" From f5a14b5bcee951cb8487f15cd5685fbb7c82f6c3 Mon Sep 17 00:00:00 2001 From: Jordy Schreuders <3071062+99linesofcode@users.noreply.github.com> Date: Tue, 3 Feb 2026 13:02:56 +0000 Subject: [PATCH 08/16] refactor: enable dconf on all systems instead --- hosts/shared/default.nix | 12 ++++++++++++ modules/default.nix | 8 -------- modules/virtualization.nix | 1 - 3 files changed, 12 insertions(+), 9 deletions(-) diff --git a/hosts/shared/default.nix b/hosts/shared/default.nix index 8fa2b55..21494ea 100644 --- a/hosts/shared/default.nix +++ b/hosts/shared/default.nix @@ -13,6 +13,18 @@ with lib; sops.enable = true; }; + boot = { + initrd = { + systemd.enable = true; + }; + }; + + networking.hostName = config.host.network.hostname; + + programs = { + dconf.enable = true; + }; + services = { keyd = { enable = true; diff --git a/modules/default.nix b/modules/default.nix index d6d1114..b50878b 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -24,13 +24,5 @@ with lib; host = { root = self.outPath; }; - - boot = { - initrd = { - systemd.enable = true; - }; - }; - - networking.hostName = config.host.network.hostname; }; } diff --git a/modules/virtualization.nix b/modules/virtualization.nix index eef6cb2..f6ae449 100644 --- a/modules/virtualization.nix +++ b/modules/virtualization.nix @@ -16,7 +16,6 @@ with lib; config = mkIf cfg.enable { programs = { - dconf.enable = true; virt-manager.enable = true; }; From 98f1f4091bc9d85f249adb7b1a513744857a5685 Mon Sep 17 00:00:00 2001 From: Jordy Schreuders <3071062+99linesofcode@users.noreply.github.com> Date: Mon, 9 Mar 2026 10:57:42 +0100 Subject: [PATCH 09/16] refactor(resolved): configuration moved to settings.Resolve attr set --- modules/network/systemd-resolved.nix | 32 +++++++++++++++------------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/modules/network/systemd-resolved.nix b/modules/network/systemd-resolved.nix index dc575c1..d95d94d 100644 --- a/modules/network/systemd-resolved.nix +++ b/modules/network/systemd-resolved.nix @@ -12,21 +12,23 @@ with lib; config = mkIf cfg.enable { services.resolved = { enable = true; - dnssec = "true"; - dnsovertls = "true"; - domains = [ "~." ]; - extraConfig = mkIf config.host.printing.enable "MulticastDNS=resolve"; - fallbackDns = [ - "1.1.1.1" - "1.0.0.1" - "2606:4700:4700::1111" - "2606:4700:4700::1001" - "1.1.1.1" - "1.0.0.1" - "2606:4700:4700::1111" - "2606:4700:4700::1001" - ]; - llmnr = "false"; + settings.Resolve = { + DNSSEC = true; + DNSOverTLS = true; + FallbackDNS = [ + "1.1.1.1" + "1.0.0.1" + "2606:4700:4700::1111" + "2606:4700:4700::1001" + "1.1.1.1" + "1.0.0.1" + "2606:4700:4700::1111" + "2606:4700:4700::1001" + ]; + LLMNR = "false"; + Domains = [ "~." ]; + MulticastDNS = mkIf config.host.printing.enable "resolve"; + }; }; }; } From d8b904c49569d412ccfa63b13c701b31b16dab9c Mon Sep 17 00:00:00 2001 From: Jordy Schreuders <3071062+99linesofcode@users.noreply.github.com> Date: Mon, 9 Mar 2026 10:58:40 +0100 Subject: [PATCH 10/16] fix: pass config to shared/default.nix module so hostname is set correctly --- hosts/shared/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/shared/default.nix b/hosts/shared/default.nix index 21494ea..d06c7c6 100644 --- a/hosts/shared/default.nix +++ b/hosts/shared/default.nix @@ -1,4 +1,4 @@ -{ lib, ... }: +{ config, lib, ... }: with lib; { From b88f05a29daa578f2558ae869b7591e7f0c9c496 Mon Sep 17 00:00:00 2001 From: Jordy Schreuders <3071062+99linesofcode@users.noreply.github.com> Date: Mon, 9 Mar 2026 10:59:12 +0100 Subject: [PATCH 11/16] refactor(rustdesk): install pre-build package to reduce build time --- hosts/luna/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/luna/default.nix b/hosts/luna/default.nix index ef61018..1e83ff0 100644 --- a/hosts/luna/default.nix +++ b/hosts/luna/default.nix @@ -26,7 +26,7 @@ with lib; environment.systemPackages = with pkgs; [ busybox git - rustdesk + rustdesk-flutter ]; hardware = { From 46fb1f63c6bdbc242255841ef5ddace76739e8df Mon Sep 17 00:00:00 2001 From: Jordy Schreuders <3071062+99linesofcode@users.noreply.github.com> Date: Mon, 9 Mar 2026 11:03:45 +0100 Subject: [PATCH 12/16] refactor(luna): sunshine doesn't build so disabling for now --- hosts/luna/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hosts/luna/default.nix b/hosts/luna/default.nix index 1e83ff0..4680d0d 100644 --- a/hosts/luna/default.nix +++ b/hosts/luna/default.nix @@ -31,7 +31,7 @@ with lib; hardware = { nvidia = { - package = config.boot.kernelPackages.nvidiaPackages.production; # NOTE: support for this GPU is dropped after driver version 580 (and there is no dedicated legacy package for it as of yet) + package = config.boot.kernelPackages.nvidiaPackages.production; # FIXME: support for this GPU is dropped after driver version 580 (and there is no dedicated legacy package for it as of yet) }; openrazer = { enable = true; @@ -71,7 +71,7 @@ with lib; power-management.enable = true; rclone.enable = true; sound.enable = true; - sunshine.enable = true; + # sunshine.enable = true; openssh.enable = true; qmk.enable = true; steam.enable = true; From ed0d09360ffcef1228ec8857c36a166b50c6b45a Mon Sep 17 00:00:00 2001 From: Jordy Schreuders <3071062+99linesofcode@users.noreply.github.com> Date: Mon, 9 Mar 2026 11:03:52 +0100 Subject: [PATCH 13/16] chore: nix flake update --- flake.lock | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index c03e4fe..54fe03a 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1766150702, - "narHash": "sha256-P0kM+5o+DKnB6raXgFEk3azw8Wqg5FL6wyl9jD+G5a4=", + "lastModified": 1771881364, + "narHash": "sha256-A5uE/hMium5of/QGC6JwF5TGoDAfpNtW00T0s9u/PN8=", "owner": "nix-community", "repo": "disko", - "rev": "916506443ecd0d0b4a0f4cf9d40a3c22ce39b378", + "rev": "a4cb7bf73f264d40560ba527f9280469f1f081c6", "type": "github" }, "original": { @@ -27,11 +27,11 @@ ] }, "locked": { - "lastModified": 1768240557, - "narHash": "sha256-bVqJ34yMiiUQwYhjliiiN5LBH1Y+UldbIjNTCUtDdwE=", + "lastModified": 1772060133, + "narHash": "sha256-VuyRptb8v1lVGMlLp4/1vRX3Efwec0CN0S6mKmDPzLg=", "owner": "nix-community", "repo": "home-manager", - "rev": "b3f737e70fb9eef1d2308ea6738ffed5ae080f9b", + "rev": "ce9b6e52500a0ea0ec48f0bbf6d7a3e431d9dfa4", "type": "github" }, "original": { @@ -48,11 +48,11 @@ ] }, "locked": { - "lastModified": 1747978958, - "narHash": "sha256-pQQnbxWpY3IiZqgelXHIe/OAE/Yv4NSQq7fch7M6nXQ=", + "lastModified": 1768598210, + "narHash": "sha256-kkgA32s/f4jaa4UG+2f8C225Qvclxnqs76mf8zvTVPg=", "owner": "nix-community", "repo": "home-manager", - "rev": "7419250703fd5eb50e99bdfb07a86671939103ea", + "rev": "c47b2cc64a629f8e075de52e4742de688f930dc6", "type": "github" }, "original": { @@ -67,11 +67,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1767822991, - "narHash": "sha256-iyrn9AcPZCoyxX4OT8eMkBsjG7SRUQXXS/V1JzxS7rA=", + "lastModified": 1769548169, + "narHash": "sha256-03+JxvzmfwRu+5JafM0DLbxgHttOQZkUtDWBmeUkN8Y=", "owner": "nix-community", "repo": "impermanence", - "rev": "82e5bc4508cab9e8d5a136626276eb5bbce5e9c5", + "rev": "7b1d382faf603b6d264f58627330f9faa5cba149", "type": "github" }, "original": { @@ -82,11 +82,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1748026106, - "narHash": "sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o=", + "lastModified": 1768564909, + "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "063f43f2dbdef86376cc29ad646c45c46e93234c", + "rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f", "type": "github" }, "original": { @@ -98,11 +98,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1768127708, - "narHash": "sha256-1Sm77VfZh3mU0F5OqKABNLWxOuDeHIlcFjsXeeiPazs=", + "lastModified": 1771848320, + "narHash": "sha256-0MAd+0mun3K/Ns8JATeHT1sX28faLII5hVLq0L3BdZU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ffbc9f8cbaacfb331b6017d5a5abb21a492c9a38", + "rev": "2fc6539b481e1d2569f25f8799236694180c0993", "type": "github" }, "original": { @@ -128,11 +128,11 @@ ] }, "locked": { - "lastModified": 1768104471, - "narHash": "sha256-HdnXWQsA1EI27IJlaENUEEug58trUrh6+MT0cFiDHmY=", + "lastModified": 1772048434, + "narHash": "sha256-/wA0OaH6kZ/pFA+nXR/tvg5oupOmEDmMS5us79JT60o=", "owner": "Mic92", "repo": "sops-nix", - "rev": "94f9cbd20f680ebb2ad6cdf39da97cbcfaedf004", + "rev": "334daa7c273dd8bf7a0cd370e4e16022b64e55e9", "type": "github" }, "original": { From 3d56c2fed78fab1aa5e7280d038bc43ff557fa88 Mon Sep 17 00:00:00 2001 From: Jordy Schreuders <3071062+99linesofcode@users.noreply.github.com> Date: Tue, 24 Mar 2026 17:38:55 +0100 Subject: [PATCH 14/16] feat(github): let dependabot update git submodules automatically --- .gitattributes | 2 ++ .github/dependabot.yaml | 14 ++++++++++++++ .github/workflows/automatic-updates.yaml | 7 +++++++ .github/workflows/changelog.yaml | 3 --- 4 files changed, 23 insertions(+), 3 deletions(-) create mode 100644 .gitattributes create mode 100644 .github/dependabot.yaml create mode 100644 .github/workflows/automatic-updates.yaml diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..4c1b4c9 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,2 @@ +* text=auto eol=lf +CHANGELOG.md export-ignore diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml new file mode 100644 index 0000000..79e380c --- /dev/null +++ b/.github/dependabot.yaml @@ -0,0 +1,14 @@ +version: 2 + +updates: + - package-ecosystem: gitsubmodule + directory: / + schedule: + interval: daily + time: 06:00 + assignees: + - 99linesofcode + commit-message: + prefix: fix + prefix-development: chore + include: scope diff --git a/.github/workflows/automatic-updates.yaml b/.github/workflows/automatic-updates.yaml new file mode 100644 index 0000000..6001aff --- /dev/null +++ b/.github/workflows/automatic-updates.yaml @@ -0,0 +1,7 @@ +name: automatic updates + +on: pull_request + +jobs: + automatic-updates: + uses: 99linesofcode/.github/.github/workflows/automatic-updates.yaml@main diff --git a/.github/workflows/changelog.yaml b/.github/workflows/changelog.yaml index 14df506..fe83930 100644 --- a/.github/workflows/changelog.yaml +++ b/.github/workflows/changelog.yaml @@ -1,8 +1,5 @@ name: changelog -permissions: - contents: write - on: push: branches: From 9702fba5e2f8faec2bb8f7bcb57536d4e075c2c1 Mon Sep 17 00:00:00 2001 From: Jordy Schreuders <3071062+99linesofcode@users.noreply.github.com> Date: Tue, 24 Mar 2026 21:08:21 +0100 Subject: [PATCH 15/16] chore: formatting --- .editorconfig | 7 +++++-- .prettierrc | 7 +++++++ 2 files changed, 12 insertions(+), 2 deletions(-) create mode 100644 .prettierrc diff --git a/.editorconfig b/.editorconfig index 6422feb..876ec2a 100644 --- a/.editorconfig +++ b/.editorconfig @@ -4,10 +4,13 @@ root = true [*] charset = utf-8 end_of_line = lf -insert_final_newline = true -indent_size = 2 +indent_size = 4 indent_style = space +insert_final_newline = true trim_trailing_whitespace = true [*.md] trim_trailing_whitespace = false + +[*.{yml,yaml}] +indent_size = 2 diff --git a/.prettierrc b/.prettierrc new file mode 100644 index 0000000..90efb55 --- /dev/null +++ b/.prettierrc @@ -0,0 +1,7 @@ +{ + "semi": true, + "singleQuote": true, + "trailingComma": "all", + "plugins": [], + "overrides": [] +} From 8c857209e7a81854a9a3ed2856cb07c3f591976d Mon Sep 17 00:00:00 2001 From: Jordy Schreuders <3071062+99linesofcode@users.noreply.github.com> Date: Wed, 25 Mar 2026 13:38:43 +0100 Subject: [PATCH 16/16] fix(dependabot): time should be string instead of int --- .github/dependabot.yaml | 2 +- .github/workflows/automatic-submodule-updates.yaml | 7 +++++++ .github/workflows/automatic-updates.yaml | 7 ------- .github/workflows/changelog.yaml | 2 +- 4 files changed, 9 insertions(+), 9 deletions(-) create mode 100644 .github/workflows/automatic-submodule-updates.yaml delete mode 100644 .github/workflows/automatic-updates.yaml diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml index 79e380c..7a580d4 100644 --- a/.github/dependabot.yaml +++ b/.github/dependabot.yaml @@ -5,7 +5,7 @@ updates: directory: / schedule: interval: daily - time: 06:00 + time: '06:00' assignees: - 99linesofcode commit-message: diff --git a/.github/workflows/automatic-submodule-updates.yaml b/.github/workflows/automatic-submodule-updates.yaml new file mode 100644 index 0000000..cadbdc3 --- /dev/null +++ b/.github/workflows/automatic-submodule-updates.yaml @@ -0,0 +1,7 @@ +name: Automatic submodule updates + +on: pull_request + +jobs: + update: + uses: 99linesofcode/.github/.github/workflows/automatic-submodule-updates.yaml@main diff --git a/.github/workflows/automatic-updates.yaml b/.github/workflows/automatic-updates.yaml deleted file mode 100644 index 6001aff..0000000 --- a/.github/workflows/automatic-updates.yaml +++ /dev/null @@ -1,7 +0,0 @@ -name: automatic updates - -on: pull_request - -jobs: - automatic-updates: - uses: 99linesofcode/.github/.github/workflows/automatic-updates.yaml@main diff --git a/.github/workflows/changelog.yaml b/.github/workflows/changelog.yaml index fe83930..7d22116 100644 --- a/.github/workflows/changelog.yaml +++ b/.github/workflows/changelog.yaml @@ -1,4 +1,4 @@ -name: changelog +name: Generate Changelog and Release on: push: