From 8175ca85a3b36cd305ecee0b0efee90a3e6916bc Mon Sep 17 00:00:00 2001 From: Jordy Schreuders <3071062+99linesofcode@users.noreply.github.com> Date: Mon, 19 Jan 2026 15:29:42 +0100 Subject: [PATCH 01/23] refactor(sound): set luna's default audio source to 10% gain --- hosts/luna/default.nix | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/hosts/luna/default.nix b/hosts/luna/default.nix index cbf4d31..ef61018 100644 --- a/hosts/luna/default.nix +++ b/hosts/luna/default.nix @@ -92,6 +92,22 @@ with lib; geoProviderUrl = "https://beacondb.net/v1/geolocate"; }; getty.autologinUser = "${username}"; # hardcoded because this is a single user system + pipewire.wireplumber.extraConfig."luna-20" = { + "monitor.alsa.rules" = [ + { + matches = [ + { + "device.name" = "alsa_input.pci-0000_00_1f.3.analog-stereo"; + } + ]; + actions = { + update-props = { + "node.volume" = 0.1; + }; + }; + } + ]; + }; udisks2.enable = true; undervolt = { enable = true; From 664864a0f29fbc2294c4a6f875ed6d7065e5f3bf Mon Sep 17 00:00:00 2001 From: Jordy Schreuders <3071062+99linesofcode@users.noreply.github.com> Date: Mon, 19 Jan 2026 15:31:50 +0100 Subject: [PATCH 02/23] feat(sound): default to High Quality LDAC encoding for bluetooth devices --- modules/sound.nix | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/modules/sound.nix b/modules/sound.nix index 79dde63..7989b4f 100644 --- a/modules/sound.nix +++ b/modules/sound.nix @@ -28,11 +28,22 @@ with lib; pulse.enable = true; wireplumber = { enable = true; - extraConfig = { - "wireplumber.settings" = { - "device.routes.default-sink-volume" = 0.5; - "device.routes.default-source-volume" = 0.32; - }; + extraConfig."overrides-10" = { + "monitor.bluez.rules" = [ + { + matches = [ + { + "device.name" = "~bluez_card.*"; + } + ]; + actions = { + update-props = { + # set quality to high quality instead of the default variable bitrate ("auto") + "bluez5.a2dp.ldac.quality" = "hq"; + }; + }; + } + ]; }; }; }; From 5e7d67c37c8073fa9f424519f33a3df9d0e4d43e Mon Sep 17 00:00:00 2001 From: Jordy Schreuders <3071062+99linesofcode@users.noreply.github.com> Date: Fri, 30 Jan 2026 09:52:04 +0100 Subject: [PATCH 03/23] feat(script): add ./nixos rekey command --- nixos | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/nixos b/nixos index 4f86009..e11e5be 100755 --- a/nixos +++ b/nixos @@ -20,6 +20,7 @@ Options: Commands: help Show this help message + rekey Re-encrypt secrets with (updated) .sops.yaml keys deploy Remotely install a new NixOS system using nixos-anywhere Examples: @@ -102,6 +103,11 @@ case "${1-help}" in "help") show_help ;; +"rekey") + shift + sops_rekey "$@" + exit 0 + ;; "deploy") menu_deploy ssh_generate_host_ssh_key From 4d6266d486e06e08e361ef87eb303c347bf567fd Mon Sep 17 00:00:00 2001 From: Jordy Schreuders <3071062+99linesofcode@users.noreply.github.com> Date: Fri, 30 Jan 2026 11:19:09 +0100 Subject: [PATCH 04/23] refactor(sops): rekey with proper master and host keys --- .sops.yaml | 4 ++-- hosts/luna/users/shorty/secrets/id_ed25519 | 8 ++++---- hosts/luna/users/shorty/secrets/id_ed25519.pub | 8 ++++---- hosts/luna/users/shorty/secrets/passwd | 8 ++++---- hosts/mars/users/shorty/secrets/id_ed25519 | 6 +++--- hosts/mars/users/shorty/secrets/id_ed25519.pub | 6 +++--- hosts/mars/users/shorty/secrets/passwd | 6 +++--- hosts/shared/secrets/rclone.conf | 10 +++++----- hosts/shared/secrets/restic.passwd | 10 +++++----- 9 files changed, 33 insertions(+), 33 deletions(-) diff --git a/.sops.yaml b/.sops.yaml index c17ff2c..75617bd 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,6 +1,6 @@ keys: - - &master age1fczq47wpa2wpm9ejy85qw3axw2c9v0f4qrywv5amnuqsjc87ws6qx75pfr - - &host_luna age10a049meemjvgdgukx6zu5lwu82mqul83l7fyd66tzy9sm8637s7q07ujez + - &master age1hunzh8g6qs0yztln5q4akxvepd667xky4lkff4jga57kzah69ujqvpd7kt + - &host_luna age1fczq47wpa2wpm9ejy85qw3axw2c9v0f4qrywv5amnuqsjc87ws6qx75pfr - &host_mars age1epkfxmjk0tlne8rmxqq77u06q3lnf5xfjcrwq42nuasswefndyfscw84cy creation_rules: - path_regex: hosts/shared/secrets/.* diff --git a/hosts/luna/users/shorty/secrets/id_ed25519 b/hosts/luna/users/shorty/secrets/id_ed25519 index a9cfd14..29e38cb 100644 --- a/hosts/luna/users/shorty/secrets/id_ed25519 +++ b/hosts/luna/users/shorty/secrets/id_ed25519 @@ -3,12 +3,12 @@ "sops": { "age": [ { - "recipient": "age1fczq47wpa2wpm9ejy85qw3axw2c9v0f4qrywv5amnuqsjc87ws6qx75pfr", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvOXI0Z0ZIM2MydzUwWTBX\nVTVhQ0lVR0lIS3JjSjN3VzNmMU1qWFIyWVdRCmhUeHd6elRuM0RMYW5QdHBSdnlo\nWmxPRXdlQjJtMUpxREluSHpPZUlpeWsKLS0tIGtKTExwTG5XMlFHTUQ3eXRDL2w3\nRTZTWGZkQUtHT2pVUU45RTEySmxsMTgKyrJUCN5ooCRoZe+VJeEW1mIPLnTIWxRw\nZ3PzJkw0YPEq8B+RvWjKDeip5uj1RWJOgU5sl1ngf5CbN37uUIAlAQ==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1hunzh8g6qs0yztln5q4akxvepd667xky4lkff4jga57kzah69ujqvpd7kt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzQ3R0SW9vck5YdmtkaDlD\nTDJIbWFkeTVMOUpaY2hUemMrK2c2aDJjbzNVCjdNVmovb3VGQ2VWTnhaVS9kZyt5\nN04wNXNVblJzN2o2THlXMGRyY3l2MGcKLS0tIEQ2a2tiTktpWlViditZUU9CbDJJ\nN1FkWkdIZjl5elJiWS92Z2U2N1BYcTAKSWthfiDVJ5A41/GdUaLHOOP7JU+vGmEO\n7bj84M7Gcq4o09EZo9BIIVfUGsKQ6vH+dRb5NrjELK0ngeybsPF3dQ==\n-----END AGE ENCRYPTED FILE-----\n" }, { - "recipient": "age10a049meemjvgdgukx6zu5lwu82mqul83l7fyd66tzy9sm8637s7q07ujez", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPVzFOQlMxdzJLRmtOMmd5\nQVIzYWwwbkRlb0tJOTRKcFlzUlVqNnNUSFRVCkd3SzNBbGhQNU5LL2RKbWlGcEh2\nM2Y0NlNicEl1S2thSHNPZDFubUIvOUkKLS0tIGNTQTR6dmxaV21UNGN2T3FoUWFG\nMDcxN0pIZjVORDRTcmhMd1RUaGZ6djQKySiQjwuQwTx8WmAqrqu94pByd+cUM5O8\nG38dnvUaRhC5DjShbinPJiVdchV9lqllU2dYaWq9voY/RCJH4EMm6Q==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1fczq47wpa2wpm9ejy85qw3axw2c9v0f4qrywv5amnuqsjc87ws6qx75pfr", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYUXF5U3dKM1NKUVYyTFNE\nZTNYR2txSzd0cHpsR055S0lnRWRuZXpVN2hzCm1MQ1dqbzRGUVIyVXhIWTBqeDQ3\nS21QRHJsRTJEOFBMK0YxUVZyYVlDejQKLS0tIGRRbE94S3dBWFBBVk9QM1FYRGNO\neXF5V21Uc0dIamdKdGNiYzltWlVyN0EKZf/zyXhbN9DJHeyrWFAhaTJr5yR05KIP\nT6Jy2cgOxt6MaqjeOcxyWdF8mA1BZBoAdipi1mD68L6Uth91gZGHBg==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-10-24T11:14:20Z", diff --git a/hosts/luna/users/shorty/secrets/id_ed25519.pub b/hosts/luna/users/shorty/secrets/id_ed25519.pub index 59b587b..64c23b1 100644 --- a/hosts/luna/users/shorty/secrets/id_ed25519.pub +++ b/hosts/luna/users/shorty/secrets/id_ed25519.pub @@ -3,12 +3,12 @@ "sops": { "age": [ { - "recipient": "age1fczq47wpa2wpm9ejy85qw3axw2c9v0f4qrywv5amnuqsjc87ws6qx75pfr", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0MUNCU0VEaWF5cVNydGNQ\nZXRKNzlla3k5RkRNZkM1dE5oN29HeXVRRDI0CmkrM2U0TEFMMk9LUEhDQzlBMGpQ\nKzB5bHFWRnFhR2xrMHpYMVdnUmJSNUUKLS0tIEVuUWF6N0YzUTVzR1lscnphWWxy\nNy9UaVNITFlxQ3NnNWNDMzRWVnkxUGcKvKmoT3SqPcyM2Fhoxc8mSJl06rV8hlhI\nFftuxCOO/04lIA7FHHrEHRwON/OZKSwe8ZHkq8ojvUyhPsS9CF3COg==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1hunzh8g6qs0yztln5q4akxvepd667xky4lkff4jga57kzah69ujqvpd7kt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBScElsRFpOeCtTQVM5bUgw\nZk41QStsY2k5TE0rVUZ0a3Fic2hCSVM1ZGljClA4Y1M2ekF4Z1BmRFlZbFFoSjY4\na3ZkaGF2L2hTZXB0VVExWWVKbTZiRlUKLS0tIFBnbVhMREJVeHAwYWM0dlNUbEV4\nbUNOK3FVakZkQzR3QjFGemRPUE52L0EK+wlAjUa2D8w5z10lf04OJ9U5ZHqqeyuc\nVPo7wy8p1/aH0D1RN3882c90khDYrL5AF55mj8BC4VEOpEUsKwR1Dg==\n-----END AGE ENCRYPTED FILE-----\n" }, { - "recipient": "age10a049meemjvgdgukx6zu5lwu82mqul83l7fyd66tzy9sm8637s7q07ujez", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOOUZmOHRBR0NkUkdmRnk3\nMGI2QlBVc2RqbHMvS1FCSmV1WHBNSjRYZkdRCjhaNk1OZ2lCbGhtTml5SStsc1ZN\nOWY2ODNCdGt1ekJKZjE2NnQwVjNGMzAKLS0tIFFoZndSVWR5cmhMTGZmVnUyNk0x\naS9FSWU1SS9zakRIWnpYTEladUxTR2cKdJUuLUlnb4/wrooyOx1rCt/sOcrBNna3\nAkglRjSmmgAmU8xkdA3ul/3ROIwn22xgp61BIRCwPVCLDOx5KfQ8/w==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1fczq47wpa2wpm9ejy85qw3axw2c9v0f4qrywv5amnuqsjc87ws6qx75pfr", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhZEJNTFpQa0lCUW0xcGdj\nSytGVS9GN2pJUWN3ZUtSSWlWcjZ6dkN0Yms0CldFc1FwWHo3WjJ3MktVR2lwQ2tR\nd3ZMeGhRNHhJYWVOYXNYR3Yxci9zOE0KLS0tIC83c3dvdlFUeFlvdzlkWlplZVF3\nZzIwcE9JMlBZSEVyNlovWEt1dnpmVDQKIq6NfaH84i9E3wE3WKRWW+rHTYFrv32b\njiT/2vqNTNxiiY8U0KtGZN9x5MP6c+g9xY0WSMTv8ZDoODRUlKUzBw==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-10-26T18:29:50Z", diff --git a/hosts/luna/users/shorty/secrets/passwd b/hosts/luna/users/shorty/secrets/passwd index d0eb601..4ad9e9e 100644 --- a/hosts/luna/users/shorty/secrets/passwd +++ b/hosts/luna/users/shorty/secrets/passwd @@ -3,12 +3,12 @@ "sops": { "age": [ { - "recipient": "age1fczq47wpa2wpm9ejy85qw3axw2c9v0f4qrywv5amnuqsjc87ws6qx75pfr", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBY1ZtdkVEUjRBZkZHNXox\ndWFhY3dIR2UzRmljNWU2cHk0dC9IU2pxVEVjCnhObHUzdVE3Sm9zdGEwK2pKVldP\neUtCZlk3VHhrQk1mMjFaSjI5ZTZqc3cKLS0tIFJyRjlLbk9ZUWVaZEd6UVRNOElt\ncTFPN0x1ckZXVFVGdVhYU2k0SjFiZG8KhvILNAzA44RmuvHlzmqVozyB6r2ZbQch\nl3S8pq0pQ5yN+4DKWKeNK8QEFZ5QCs8Ts/14wbJpdrVsQCkHy5R29w==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1hunzh8g6qs0yztln5q4akxvepd667xky4lkff4jga57kzah69ujqvpd7kt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1aG1HcDNQSjcwZWJUYk1U\nNjQzUXNEM0tKL0o0U0swUlp4UlZ5a01PVTJJCmN6NjUrN3hSdnBZbjFRYnFPdkR2\neGloNE9Ga1BPMFdwdGk4RC9ISVhQK28KLS0tIHJJVE5mTXh3azJEYXNtWm9FTkd4\nbVlUUlBmcG1VTFJrRFlYb0xackl1ak0KXSzw2EaC7IL1L/S+j9Qh+FxqwcBpwgqY\ngSM2tIvQ7xdwQG2P3lNTHX+l34MwjaQJKChREemZySTFMgvm866kEA==\n-----END AGE ENCRYPTED FILE-----\n" }, { - "recipient": "age10a049meemjvgdgukx6zu5lwu82mqul83l7fyd66tzy9sm8637s7q07ujez", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvWGJwaC9MMUJnZ0hVNG1H\nWGhKZzBkbEFpU1g3ZWJCUWlWRFdjMUY4cWxvCmhGUzFhU1ZJMW9Yc1E3Z1FLVXl2\nODhSWEJaUG9EQUhpSE5sd3MrNFA5U3cKLS0tIDlzY1gvMGI5WG83OTh4aVB2UWNO\nd2hoUGVnN01EZnhCY3MyL3FFWm1GTkUKpHob+VsJ7nmI+6avBOl2+hNz+9RQge9Y\n4WJQWkjokBNDVe/UOzRBWBWFzP/BmBzDSSepeqGWLP33ZP8R2wUnjQ==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1fczq47wpa2wpm9ejy85qw3axw2c9v0f4qrywv5amnuqsjc87ws6qx75pfr", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGa2hNbzJZck92UTFNb1Ni\ndXp1TFR1emVhaFFqMHZZa05TVlNzc0ZEOVhVCkl6b09IVnFONTJFTVJqRk04MW5L\nOHdrSXRjVmQxWXJEVHZESENOOVg2YjQKLS0tIG1MWlU0bmFWTGxBcGN3OXlPMWZp\neEk2Mm9jVDk5RjBYMzl2UHI3UVAvYmsKZQAWNxU9AwlgohjgdOgbUi6xpRJvdth0\nsI+P2unsIEtABw98TfIjGpC9/3w95NkMKkJgRbZ/bwuttdseW8jnMA==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-03-11T21:49:48Z", diff --git a/hosts/mars/users/shorty/secrets/id_ed25519 b/hosts/mars/users/shorty/secrets/id_ed25519 index 2b57b2d..b0267b8 100644 --- a/hosts/mars/users/shorty/secrets/id_ed25519 +++ b/hosts/mars/users/shorty/secrets/id_ed25519 @@ -3,12 +3,12 @@ "sops": { "age": [ { - "recipient": "age1fczq47wpa2wpm9ejy85qw3axw2c9v0f4qrywv5amnuqsjc87ws6qx75pfr", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuaDlMUVZwMExGNk1mU3lX\nWG94RmxXckg3R1BIOTZnbnQ1MTFBVmxobWdnCkZoUDZzNGkyRjRRRlBJdDF3QUt3\nVGltVzhSY2tzMEo0eTltQ08zWkN1dTgKLS0tIHhDRFRyL2I4Qnp1OHhWV2ZaUld2\nOXh0V1BuTkN0NUJHTm53UzNzcmRKMG8K6IBsrkRwRFJDt4jjhUUg7UcWLQK94t02\nZggif+q3yDuFkVRfVS6yxyMXti9BdcoCmcGS7O/fBRcdh61LMEwxRw==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1hunzh8g6qs0yztln5q4akxvepd667xky4lkff4jga57kzah69ujqvpd7kt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArTSs1eldFb1ZaWFBSVTIz\ncFhKK0gzbm85OWs0WnpFWU44NWNQcmk2WjE0CjI2ekZBOC8vam4vTzE2Z2xDaFRB\naUZVOXh2RUFNblErSWk2dlVYSUFmRDAKLS0tIDJHZkN6YmVraEE5dWxUdFN0VmpD\nTmc4MVRoQ0FrM1RhMFlONnhiakRnUGMK3+2YZ7ch2KMHbvjzTrOBoWnLhzXnsn4G\nqQtVWhMbPn3Zv5xiYHNcGKOdrAJyBUlWT3OsaVaBDcBHaX7gKM6YMQ==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1epkfxmjk0tlne8rmxqq77u06q3lnf5xfjcrwq42nuasswefndyfscw84cy", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvTmJtemFEVzhSay9HamdM\nMzBiMC8zZnpXcVFlNHJQNG41K0FiSTBsQlZ3CmkzRUI2a21hcmFNbDBva25JcTFk\nbWNpQldhZG5qM2pxZCtWcER0S2lEMFEKLS0tIGRDa0JEZkFOaThGMTh1TTFpSmRh\nSm9LYlhqSzNhRDlnTUF6MEhjZlBSanMKHzSjslqK/HiSNMaBtNYNX06Dkfjb7Auf\nDwC+LzRhpSJdi6W99OLYiCyIOMeeCZs73u9gOw2ZwXRaCxE0lMM8mQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnaVoySVNOaTBFSGlVNEov\nelpiWnQ0aFFoaE9qYWVoVVVFUXAyclpVVTBrCmt4akxYbllWUG9EQ2tYNExmQ0E4\nNWM2eVVkdHRydW4ybzhmeFp6VlhjbUEKLS0tIDdxRXNXOCtnTXlGRHArSUk1NnNk\nTWMwcGFoNXVsWlp5TTJ0NXhtdy9XQ2cKiLuO2+MCU2e50d4WIDAVDj055/h877ZG\nXTUEbQ0gDO0F8Rf72EzoqjebUvJV8UEGMEsEMpKNAyx6C6ceget4Kw==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-10-24T11:14:20Z", diff --git a/hosts/mars/users/shorty/secrets/id_ed25519.pub b/hosts/mars/users/shorty/secrets/id_ed25519.pub index b95abe5..a679ddc 100644 --- a/hosts/mars/users/shorty/secrets/id_ed25519.pub +++ b/hosts/mars/users/shorty/secrets/id_ed25519.pub @@ -3,12 +3,12 @@ "sops": { "age": [ { - "recipient": "age1fczq47wpa2wpm9ejy85qw3axw2c9v0f4qrywv5amnuqsjc87ws6qx75pfr", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKdkEwN3V1eEZSSXBhZmJN\nMnQvdFpqcFVZazNQN3hJV21QN3I0MmpWZms4Cno2V0xyemJBUXhXVHE5SEdrUmFr\nYWsvdXJOaWNYcE5jN0M3MGhmclpXY2MKLS0tIEJvb2F3UEVkY0UxUlp5TWNua2RF\nZmdzQWpYclBBeXFITzlLbVp5QmNrdkUKK/AzjA5MyrKAhTrKy5V+NwaUW93QATcP\n6TjphiCafQhquVI1bc+E9R9tUSnrUrwRveIUfbmHipXAn1xB/H0n/g==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1hunzh8g6qs0yztln5q4akxvepd667xky4lkff4jga57kzah69ujqvpd7kt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSKytFSE5YU0hUaTZCWHRw\nYTREV1ZFcnphQVlLb1RzeUx6T2ZxZmt2TGlvCkk5eG4rYkE4UHdXTENxcldwQytM\nWi9pRGdNLy9zKzhaS2w2UDl1SFYzU00KLS0tIFo4SW51WXpoa21SUUxKSjdwd3I1\nRnR2bjB3eHdTbytTV3hOODYvbDlCNVUK8a2OpDlgGc3HYgvVYy6hMi2EV6aGwlm5\ndXn9Po14OOX/En7VL3KaEUpNvTvf8n3PNayK+1/J82wwjlaOcc0Q6A==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1epkfxmjk0tlne8rmxqq77u06q3lnf5xfjcrwq42nuasswefndyfscw84cy", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxQ0orSWRzZE03RHRUZVdS\ndUkwRzFJN3h4WUxVSGtyMVlkemt4aHNRQWcwCjdBMUJUaUpCYUpvREFyVmxVdTlJ\nZWZTaTV5aVd6eW1NUkNnQXF5RlJqRE0KLS0tIFVTd0ZxQm5jVkhLVUQ0UFZCN3RK\nYW1CM2psaUgyZSswK1RJVkJHN0l1aFEK5j6BWgI40tvPDhSLCqOSytfwKQWwtueZ\n+VaBhRjy5yw2UQ6k/2/hb8oCLja7DFGoirnZMCZewLhX38Rnvp7hxQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCa2NVa0U3QTZkK283dkY1\ncVBDTFBQVU1wU0VDaUZuOUFZUjEzM09IUm00CmJOM0NBRmROOHpUWk11amxFbDJB\nelNaQVlJdld6aStEbTY4UURCUlBpYmcKLS0tIFFjWmZtY09JNW1kc0FiUi8rNVhP\nUk5sUURFSUFmclo4T25ybzc0cFRaUmcK8z1z//9A09ZG/Hh3hyCHkxSWhhRPKTSn\nwxYtI1yBI5tL3SUjJFKEqvYKETUJUnTBZuYj6b64TmTiKQTVfahOIQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-10-26T18:29:50Z", diff --git a/hosts/mars/users/shorty/secrets/passwd b/hosts/mars/users/shorty/secrets/passwd index 2dc2586..69cf33d 100644 --- a/hosts/mars/users/shorty/secrets/passwd +++ b/hosts/mars/users/shorty/secrets/passwd @@ -3,12 +3,12 @@ "sops": { "age": [ { - "recipient": "age1fczq47wpa2wpm9ejy85qw3axw2c9v0f4qrywv5amnuqsjc87ws6qx75pfr", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJMTRWM2RBdHVob21nK2o2\nY29MM3JEc1lUNFNjcFdKVEdzem9FbC9lWFhRCjZMeituVzlTVExTc2UxU21jWis2\nRFViS055Ump6OXozYTJhSXVUSUlRNlUKLS0tIDFBTU4xZ21YUVhPTUgraFdlSTVY\nZEdrb0huVmVXWUw3SHNLTVg2enZMR0kKpbLnkp0Qjph+EwcKRwOdcqSmIIDXR6XH\nopLe7bAwLlzZWK4Vvs3UuXfOtSZaCvHUAEvi1QMDgO92q2EZw1tTrw==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1hunzh8g6qs0yztln5q4akxvepd667xky4lkff4jga57kzah69ujqvpd7kt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0aWk2MDRBYVhhOUJ5L0ww\nWWZROTM2eTFxaWNaa3Foem05MTM0ZFcyampnClp3NWJyYndCK250UXJXM2ZYdWli\nZFNTUlZBV1VhUU5WQUx3cHhsVEtMTjAKLS0tIFBrajdqenhPelV2K20zRjBpLzlL\nc1FyTDI5cFF5RVlIMmUrZ3pSbk1OVW8K2MCisplW4s51i73uqBJk7xLiJI2VEtMo\n7M3quafMdlu6JlNHAs4NbMHCmzgFOTKUA/wuVIVoTmI5YMc/8XJXbQ==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1epkfxmjk0tlne8rmxqq77u06q3lnf5xfjcrwq42nuasswefndyfscw84cy", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4dmhOMmlYWnB0Y3Z6NWdW\ncThUbWg1empjbVRnS3FvY0MxTzlQczJod1dZCkFiRXB5eDg0TWptbUl3YVVJTGpH\ncW1SOThXejZDa1lFWG9NMnNIOG5aWEUKLS0tIElpOFJuL05sQTY3ZHJoOEdqRjJL\nUFRqY0Z4L3B5eFRFR2xOWVJtL3V3Nk0KKHTY3ErygB7/sSCjIrEDI2IY68/QKGUX\nmzgaDB2tqFDFMmNm9jLiawBprtTXxbaY0W7mwF+mBXQMF3IFj3BQ0w==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuNzFNK1hrbXRQeVFHT1h0\nd002dllYT3F4bFFDQUttazV1T2FJNXRqekFJCnZRSzd1SWJsT3A1Mmk3TGdPOGtj\nWjNEQUNNZTBOeng0a3MraXlIUGk4MW8KLS0tIEY5djFvVThRODR5aFh4ZFRJVWV6\nM0t5MlN6K2lQclREMjhSSFdhNjdFS0kK4cXvECjpN7/bwfpHrpDYIXsJsW0yQDvy\nzRGc95fITnQ1wm117vjc2ypYhrgHOxKmqzWKOLrIZAFvxitaO22vtA==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-03-11T21:49:48Z", diff --git a/hosts/shared/secrets/rclone.conf b/hosts/shared/secrets/rclone.conf index 5fd0f5e..56b5721 100644 --- a/hosts/shared/secrets/rclone.conf +++ b/hosts/shared/secrets/rclone.conf @@ -3,16 +3,16 @@ "sops": { "age": [ { - "recipient": "age1fczq47wpa2wpm9ejy85qw3axw2c9v0f4qrywv5amnuqsjc87ws6qx75pfr", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjV3R6b2wvZ0U3RjdMbVJO\naElNLzN5MkQ3L3pheUZOcHJ1Qm81RXJnVGlnClliUFFOOTJrTWtmRFJkWlNPa05i\ndlVYNEExVDBYRkNSd2ZUMHFkWG1DVU0KLS0tICttSHo4K3JVeDlsQVNJTDZJNExX\nVnViWWV1VzVZUkpyN29FczRSVjNTSDQKUevwEgjQDm+kNG27/NLyU6L5eOG2JRB3\nUqInB7bdt6+VknQszVUShce+FFep+7aKg6Pwi0CpZ7cNKUBRbSviDw==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1hunzh8g6qs0yztln5q4akxvepd667xky4lkff4jga57kzah69ujqvpd7kt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkaHdNWlZkWkFGdDNVblJW\nS2xSREIrR0hMT1IyNk9VazE2SDlYMEZFNkZRCmFFYU95VXdubmFVNE5ld0YwdUdo\nL2NySllwR2luSklEdU12amRkUENsYjAKLS0tIFcvNjNqcUR0bUNySmVINEJQK2N6\nTHV2bS9CS3VzTFN1dHdsVjdPQitaZ3MKwM4Z46yVulFEe/Pu33TDyKF6NprjSrsE\nLqr597GUP1jtn9Tp/VJdysP+ZZHhEkd0qaChMuB3igTvaUmfl5ZDEA==\n-----END AGE ENCRYPTED FILE-----\n" }, { - "recipient": "age10a049meemjvgdgukx6zu5lwu82mqul83l7fyd66tzy9sm8637s7q07ujez", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqcFYrZHpLanRIK0Q4c1hr\nYktmYStKd0loRlpTQmVQUkE3NDZWS1I5YlFrCnJoYW5lRGNvdEhPTGJzRzVSQXJI\nQUx4ZFN2TnV4WnN6M3Q3Y3RkL2xGdUEKLS0tIFl1eWw4enY5QlZCdEp3SlF3RFVR\nRkJERldsamFpNG5SekpIc2ZwcHowQmMK0TiAWqcBk0nft+PzRWJBGmhhQrxZJRie\nrBf5hVmseKAWTVeuSeBVi1XVGLqQttsLClNmu8J7g2nPmHaiAqztOg==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1fczq47wpa2wpm9ejy85qw3axw2c9v0f4qrywv5amnuqsjc87ws6qx75pfr", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUT2JPK0FZVGdtYWdGc21O\ncjFRQVpnNnFrYTJDNTQrbWNsbVRJZHJDM0VrClUxYmVXQTZ5bkQzblBVa0dWSXF1\nZnpDTUtyRTRvck1Sam50NEI5ejRReFEKLS0tIGxXT051cGlKK1JMeWFRVEtoNzg2\nVDRpTGo0Sk5FNTFyQ2pFdEtBRlorb0UKo7W0LQjArTceUyfbUZgoPsFV+o1i8/h/\nPb2isy2odFLCmAUH9F6bzi2i6bzFaqmWQVk0iBApFuVtjQ/kwEacxg==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1epkfxmjk0tlne8rmxqq77u06q3lnf5xfjcrwq42nuasswefndyfscw84cy", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2SFZOSWZidWZBSlczOGVm\nZzdNcG4wMlROSDkzQ0NjN2ZINU5GYXVldVNJCnBYM1N2TUZXVHRCbzByRE91Q1F4\nM2JTajgrK3MvZElqdEJ2SXF3OFhKN00KLS0tIFZFL28xM3VjMHB6UVBubWx6c0dz\nVk1xcGpOUFdWNUlpUk5PK2tCblVEdE0Kp1uoxyEGpW06HmeXQHN5yigoqPBYtFv7\nPQG2F0YaWGqR6HNREgQB276qEmjkIRHEhHE1RnCxw900UvuOw4HsTQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLejlNRjgyNDNaMEZ6RXJs\nbi9BT21NeDVueUFXYTczWndaZkRyTmNXODJjClZwVzJDS3VPd091cjNncmdKYkRQ\nUXlSbkJ1dEoyN1U0VmtwUjBtckpsSmsKLS0tIDZpUm11VWE1dGt1KzBHTUtRNDVP\nTnRKckFoM01LaXNvOUJFM1FJekoxZlkK1xGz4lnmDvK6nNSB/Ri6hclK/hDg1dzX\nApZDPM/AoCkDL0ET8fBN3D+uQKaBDG5tSHDG+NX6o2RHlajFe3pfIQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2025-02-12T10:44:19Z", diff --git a/hosts/shared/secrets/restic.passwd b/hosts/shared/secrets/restic.passwd index 841ec06..0dadf2f 100644 --- a/hosts/shared/secrets/restic.passwd +++ b/hosts/shared/secrets/restic.passwd @@ -3,16 +3,16 @@ "sops": { "age": [ { - "recipient": "age1fczq47wpa2wpm9ejy85qw3axw2c9v0f4qrywv5amnuqsjc87ws6qx75pfr", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHZ1BnWG5Fa0FUMHVEdjhW\nZGdCNDhEVFUrbXh4L0tweTJsbmZINFRhOXdVCisydk4vU2lxRFgxWG9PQ1d3cGFD\naVlhM1hEaVd2Kzg3VTBrc0JRRm9NL28KLS0tIDRSeHhtQ1dTMzRRZXZhU2pHVFBN\nSVZldUY0VkdtbVBYdFp3eEJJVm4ybkkKndRG4Yp0UjYlCGMwMFRJZb443OIumjCN\nW4QqvUDCwD+uKP6ZADdWITgVN2IOWRu/RROUSoiLfpZlAIle/LNc/g==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1hunzh8g6qs0yztln5q4akxvepd667xky4lkff4jga57kzah69ujqvpd7kt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3ZDErTmtXZDVZV2RVRFZT\nYzF1d0VWejZQWWZ3bVpKWDdhYk8xazI0TmlzCmV4a1ZiWDMvZW9xQllzNkRiWEIx\nbFJwNWJHclQyTG5LYzFGbnJ0Qlh2aEkKLS0tIDJwMDd4VERacHBjNzBtV214NkF6\nd1E3QmZvd0FmeExPYTdYZHBEOGt2d2cKAEJ49oaS1kH2/5nQsYknpEi4uU1985Qy\nDKEj71DP/xkdhQdG+mYoT9uvW++oaJBbQen5VehD0SHVC0+bl5iE0w==\n-----END AGE ENCRYPTED FILE-----\n" }, { - "recipient": "age10a049meemjvgdgukx6zu5lwu82mqul83l7fyd66tzy9sm8637s7q07ujez", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwZUJFdGpBajFUaHNpOTMx\nUlNLb1diZFlFRDZ4S29tQklHRXJ1cmZiUFhVCmNIaXNsRmxDdFY1Q3BRK09HUnlP\nVnZ1clVkY1BucUdBVHpUNUpXQ3hwRlEKLS0tIDhPTHl3VlVhUUdYWlZWb3hqWXdP\naG5pYm9SUzBnVWp6OE10VnVhbWpXR0UKmEbSZZQBjbTFFqW6L97gk99fc3ctmLGz\nxVgIokBqRqKAf/W3L8zURaaJ50BGu2gL6kZIVwF/DsaWY/iY8vv7ww==\n-----END AGE ENCRYPTED FILE-----\n" + "recipient": "age1fczq47wpa2wpm9ejy85qw3axw2c9v0f4qrywv5amnuqsjc87ws6qx75pfr", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5REZVV2tzOHphNlJjTENM\ndWk2Ny94dm9ITXVpREQ1MEptMkp3bUl0YVVJCkROTy9Jb1NvWk4yZ1ZmZWg3bW5y\nU0MrTmJKdEZKNU5KMTd1T2l5czExTFkKLS0tIFBKcUFoK1M0T2Q4SWRPM1hjS25B\nT00yWEhXVVpKSGJCSFpDRXBDUGpybEkKflues3wAVHf5mSsAG2CYlwTKtiOYANfx\nAlamfuWFTHruEN0JpwgmNrSjzE4KgPjIMaeLYXRPEo3s2QUgdanPJw==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1epkfxmjk0tlne8rmxqq77u06q3lnf5xfjcrwq42nuasswefndyfscw84cy", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVWGluR1lVdVlqM2YvNGtT\nZUpaK29XaVR0d0EyR2kxUzA5NHJJN0lSN1RvCk9lR0tlQ0VyNmxtWXZCZmJjNFh3\nT2xDYm90OW84K2I1MXlGUXlwUUdtZ0kKLS0tIFp3SjdJMUJ1cnFHNURiR0o3Vkxp\nQlJrYTJJODJLS2xoWDBhUWxjOW9kdHMKJepnVD8ocxh1LmQBJDNe9PnwvLePogG5\n+eYtK9JfuoogRRAk2hAJKmNBemAW99CjpVJGD9aGMaQ9i3YvyiBYMg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjbEs0cUVFcVNBVlhIYXZ5\nMHROMGJ1ekh3MFE0c2RQbXhhaktubU9zbkVrCnh1ZEtVdnFZUGtIbWdEUkVocURa\nL2VUdmlVRkNFaEVneEQrb1BlK2IxMTAKLS0tIDlUMThXMVJrdlBlaDFJaXMvN0Vv\nbGRBZ1lEVWF3elE0YWhZUlIrN1lrZFkKwBCKcnkCdEKfV6hL+Y4KNihdhumuxAmm\n7YG49Fh27WOQedgoBuODLQ2Fo+BBWGOsYc6e/aDranOrCFrtmXvnGQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2026-01-12T16:32:07Z", From 8649819dee443dbd9583eba470ee78be8bea040a Mon Sep 17 00:00:00 2001 From: Jordy Schreuders <3071062+99linesofcode@users.noreply.github.com> Date: Thu, 29 Jan 2026 14:37:39 +0000 Subject: [PATCH 05/23] fix(networking): define networking.hostName at default module level So this gets set no matter the networking configuration. It's not the ideal location but this'll do for now. --- hosts/mars/default.nix | 4 +--- modules/default.nix | 9 ++++++++- modules/network/manager.nix | 1 - modules/network/static/systemd-networkd.nix | 1 - 4 files changed, 9 insertions(+), 6 deletions(-) diff --git a/hosts/mars/default.nix b/hosts/mars/default.nix index 16923d7..93c45f6 100644 --- a/hosts/mars/default.nix +++ b/hosts/mars/default.nix @@ -30,9 +30,7 @@ in host = { user.${username}.enable = true; - network = { - hostname = "mars"; - }; + network.hostname = "mars"; docker = { enable = true; diff --git a/modules/default.nix b/modules/default.nix index c920bba..d6d1114 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -1,4 +1,9 @@ -{ lib, self, ... }: +{ + config, + lib, + self, + ... +}: let files = lib.filesystem.listFilesRecursive ./.; @@ -25,5 +30,7 @@ with lib; systemd.enable = true; }; }; + + networking.hostName = config.host.network.hostname; }; } diff --git a/modules/network/manager.nix b/modules/network/manager.nix index 519d903..1b32b4f 100644 --- a/modules/network/manager.nix +++ b/modules/network/manager.nix @@ -18,7 +18,6 @@ with lib; config = mkIf cfg.enable { networking = { - hostName = config.host.network.hostname; nameservers = [ "9.9.9.9" "149.112.112.112" diff --git a/modules/network/static/systemd-networkd.nix b/modules/network/static/systemd-networkd.nix index 63d7daa..e2abbc8 100644 --- a/modules/network/static/systemd-networkd.nix +++ b/modules/network/static/systemd-networkd.nix @@ -56,7 +56,6 @@ with lib; }; networking = { - hostName = config.host.network.hostname; dhcpcd.enable = false; useDHCP = false; useNetworkd = true; From ac64aa9a37d87491a58e35bcf28c85dbf5f09bf4 Mon Sep 17 00:00:00 2001 From: Jordy Schreuders <3071062+99linesofcode@users.noreply.github.com> Date: Thu, 29 Jan 2026 14:38:27 +0000 Subject: [PATCH 06/23] refactor(mars): disable k3s for the time being Don't have an ETA for the kubernetes cluster just yet. --- hosts/mars/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/hosts/mars/default.nix b/hosts/mars/default.nix index 93c45f6..e0158ae 100644 --- a/hosts/mars/default.nix +++ b/hosts/mars/default.nix @@ -36,7 +36,6 @@ in enable = true; rootless.enable = false; }; - k3s.enable = true; openssh.enable = true; rclone.enable = true; restic.enable = true; From a07a17d70dca22a1c1315cd349e00129c5898a1a Mon Sep 17 00:00:00 2001 From: Jordy Schreuders <3071062+99linesofcode@users.noreply.github.com> Date: Thu, 29 Jan 2026 14:38:46 +0000 Subject: [PATCH 07/23] fix(restic): correctly define backup paths --- hosts/mars/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/mars/default.nix b/hosts/mars/default.nix index e0158ae..cd57fc1 100644 --- a/hosts/mars/default.nix +++ b/hosts/mars/default.nix @@ -42,7 +42,7 @@ in }; services = { - restic.paths = [ + restic.backups.remotebackup.paths = [ "/home/shorty/.config/server01/" "/home/shorty/.config/piratenportaal/" "/var/lib/docker/volumes" From f5a14b5bcee951cb8487f15cd5685fbb7c82f6c3 Mon Sep 17 00:00:00 2001 From: Jordy Schreuders <3071062+99linesofcode@users.noreply.github.com> Date: Tue, 3 Feb 2026 13:02:56 +0000 Subject: [PATCH 08/23] refactor: enable dconf on all systems instead --- hosts/shared/default.nix | 12 ++++++++++++ modules/default.nix | 8 -------- modules/virtualization.nix | 1 - 3 files changed, 12 insertions(+), 9 deletions(-) diff --git a/hosts/shared/default.nix b/hosts/shared/default.nix index 8fa2b55..21494ea 100644 --- a/hosts/shared/default.nix +++ b/hosts/shared/default.nix @@ -13,6 +13,18 @@ with lib; sops.enable = true; }; + boot = { + initrd = { + systemd.enable = true; + }; + }; + + networking.hostName = config.host.network.hostname; + + programs = { + dconf.enable = true; + }; + services = { keyd = { enable = true; diff --git a/modules/default.nix b/modules/default.nix index d6d1114..b50878b 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -24,13 +24,5 @@ with lib; host = { root = self.outPath; }; - - boot = { - initrd = { - systemd.enable = true; - }; - }; - - networking.hostName = config.host.network.hostname; }; } diff --git a/modules/virtualization.nix b/modules/virtualization.nix index eef6cb2..f6ae449 100644 --- a/modules/virtualization.nix +++ b/modules/virtualization.nix @@ -16,7 +16,6 @@ with lib; config = mkIf cfg.enable { programs = { - dconf.enable = true; virt-manager.enable = true; }; From 98f1f4091bc9d85f249adb7b1a513744857a5685 Mon Sep 17 00:00:00 2001 From: Jordy Schreuders <3071062+99linesofcode@users.noreply.github.com> Date: Mon, 9 Mar 2026 10:57:42 +0100 Subject: [PATCH 09/23] refactor(resolved): configuration moved to settings.Resolve attr set --- modules/network/systemd-resolved.nix | 32 +++++++++++++++------------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/modules/network/systemd-resolved.nix b/modules/network/systemd-resolved.nix index dc575c1..d95d94d 100644 --- a/modules/network/systemd-resolved.nix +++ b/modules/network/systemd-resolved.nix @@ -12,21 +12,23 @@ with lib; config = mkIf cfg.enable { services.resolved = { enable = true; - dnssec = "true"; - dnsovertls = "true"; - domains = [ "~." ]; - extraConfig = mkIf config.host.printing.enable "MulticastDNS=resolve"; - fallbackDns = [ - "1.1.1.1" - "1.0.0.1" - "2606:4700:4700::1111" - "2606:4700:4700::1001" - "1.1.1.1" - "1.0.0.1" - "2606:4700:4700::1111" - "2606:4700:4700::1001" - ]; - llmnr = "false"; + settings.Resolve = { + DNSSEC = true; + DNSOverTLS = true; + FallbackDNS = [ + "1.1.1.1" + "1.0.0.1" + "2606:4700:4700::1111" + "2606:4700:4700::1001" + "1.1.1.1" + "1.0.0.1" + "2606:4700:4700::1111" + "2606:4700:4700::1001" + ]; + LLMNR = "false"; + Domains = [ "~." ]; + MulticastDNS = mkIf config.host.printing.enable "resolve"; + }; }; }; } From d8b904c49569d412ccfa63b13c701b31b16dab9c Mon Sep 17 00:00:00 2001 From: Jordy Schreuders <3071062+99linesofcode@users.noreply.github.com> Date: Mon, 9 Mar 2026 10:58:40 +0100 Subject: [PATCH 10/23] fix: pass config to shared/default.nix module so hostname is set correctly --- hosts/shared/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/shared/default.nix b/hosts/shared/default.nix index 21494ea..d06c7c6 100644 --- a/hosts/shared/default.nix +++ b/hosts/shared/default.nix @@ -1,4 +1,4 @@ -{ lib, ... }: +{ config, lib, ... }: with lib; { From b88f05a29daa578f2558ae869b7591e7f0c9c496 Mon Sep 17 00:00:00 2001 From: Jordy Schreuders <3071062+99linesofcode@users.noreply.github.com> Date: Mon, 9 Mar 2026 10:59:12 +0100 Subject: [PATCH 11/23] refactor(rustdesk): install pre-build package to reduce build time --- hosts/luna/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/luna/default.nix b/hosts/luna/default.nix index ef61018..1e83ff0 100644 --- a/hosts/luna/default.nix +++ b/hosts/luna/default.nix @@ -26,7 +26,7 @@ with lib; environment.systemPackages = with pkgs; [ busybox git - rustdesk + rustdesk-flutter ]; hardware = { From 46fb1f63c6bdbc242255841ef5ddace76739e8df Mon Sep 17 00:00:00 2001 From: Jordy Schreuders <3071062+99linesofcode@users.noreply.github.com> Date: Mon, 9 Mar 2026 11:03:45 +0100 Subject: [PATCH 12/23] refactor(luna): sunshine doesn't build so disabling for now --- hosts/luna/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hosts/luna/default.nix b/hosts/luna/default.nix index 1e83ff0..4680d0d 100644 --- a/hosts/luna/default.nix +++ b/hosts/luna/default.nix @@ -31,7 +31,7 @@ with lib; hardware = { nvidia = { - package = config.boot.kernelPackages.nvidiaPackages.production; # NOTE: support for this GPU is dropped after driver version 580 (and there is no dedicated legacy package for it as of yet) + package = config.boot.kernelPackages.nvidiaPackages.production; # FIXME: support for this GPU is dropped after driver version 580 (and there is no dedicated legacy package for it as of yet) }; openrazer = { enable = true; @@ -71,7 +71,7 @@ with lib; power-management.enable = true; rclone.enable = true; sound.enable = true; - sunshine.enable = true; + # sunshine.enable = true; openssh.enable = true; qmk.enable = true; steam.enable = true; From ed0d09360ffcef1228ec8857c36a166b50c6b45a Mon Sep 17 00:00:00 2001 From: Jordy Schreuders <3071062+99linesofcode@users.noreply.github.com> Date: Mon, 9 Mar 2026 11:03:52 +0100 Subject: [PATCH 13/23] chore: nix flake update --- flake.lock | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index c03e4fe..54fe03a 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1766150702, - "narHash": "sha256-P0kM+5o+DKnB6raXgFEk3azw8Wqg5FL6wyl9jD+G5a4=", + "lastModified": 1771881364, + "narHash": "sha256-A5uE/hMium5of/QGC6JwF5TGoDAfpNtW00T0s9u/PN8=", "owner": "nix-community", "repo": "disko", - "rev": "916506443ecd0d0b4a0f4cf9d40a3c22ce39b378", + "rev": "a4cb7bf73f264d40560ba527f9280469f1f081c6", "type": "github" }, "original": { @@ -27,11 +27,11 @@ ] }, "locked": { - "lastModified": 1768240557, - "narHash": "sha256-bVqJ34yMiiUQwYhjliiiN5LBH1Y+UldbIjNTCUtDdwE=", + "lastModified": 1772060133, + "narHash": "sha256-VuyRptb8v1lVGMlLp4/1vRX3Efwec0CN0S6mKmDPzLg=", "owner": "nix-community", "repo": "home-manager", - "rev": "b3f737e70fb9eef1d2308ea6738ffed5ae080f9b", + "rev": "ce9b6e52500a0ea0ec48f0bbf6d7a3e431d9dfa4", "type": "github" }, "original": { @@ -48,11 +48,11 @@ ] }, "locked": { - "lastModified": 1747978958, - "narHash": "sha256-pQQnbxWpY3IiZqgelXHIe/OAE/Yv4NSQq7fch7M6nXQ=", + "lastModified": 1768598210, + "narHash": "sha256-kkgA32s/f4jaa4UG+2f8C225Qvclxnqs76mf8zvTVPg=", "owner": "nix-community", "repo": "home-manager", - "rev": "7419250703fd5eb50e99bdfb07a86671939103ea", + "rev": "c47b2cc64a629f8e075de52e4742de688f930dc6", "type": "github" }, "original": { @@ -67,11 +67,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1767822991, - "narHash": "sha256-iyrn9AcPZCoyxX4OT8eMkBsjG7SRUQXXS/V1JzxS7rA=", + "lastModified": 1769548169, + "narHash": "sha256-03+JxvzmfwRu+5JafM0DLbxgHttOQZkUtDWBmeUkN8Y=", "owner": "nix-community", "repo": "impermanence", - "rev": "82e5bc4508cab9e8d5a136626276eb5bbce5e9c5", + "rev": "7b1d382faf603b6d264f58627330f9faa5cba149", "type": "github" }, "original": { @@ -82,11 +82,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1748026106, - "narHash": "sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o=", + "lastModified": 1768564909, + "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "063f43f2dbdef86376cc29ad646c45c46e93234c", + "rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f", "type": "github" }, "original": { @@ -98,11 +98,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1768127708, - "narHash": "sha256-1Sm77VfZh3mU0F5OqKABNLWxOuDeHIlcFjsXeeiPazs=", + "lastModified": 1771848320, + "narHash": "sha256-0MAd+0mun3K/Ns8JATeHT1sX28faLII5hVLq0L3BdZU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ffbc9f8cbaacfb331b6017d5a5abb21a492c9a38", + "rev": "2fc6539b481e1d2569f25f8799236694180c0993", "type": "github" }, "original": { @@ -128,11 +128,11 @@ ] }, "locked": { - "lastModified": 1768104471, - "narHash": "sha256-HdnXWQsA1EI27IJlaENUEEug58trUrh6+MT0cFiDHmY=", + "lastModified": 1772048434, + "narHash": "sha256-/wA0OaH6kZ/pFA+nXR/tvg5oupOmEDmMS5us79JT60o=", "owner": "Mic92", "repo": "sops-nix", - "rev": "94f9cbd20f680ebb2ad6cdf39da97cbcfaedf004", + "rev": "334daa7c273dd8bf7a0cd370e4e16022b64e55e9", "type": "github" }, "original": { From 3d56c2fed78fab1aa5e7280d038bc43ff557fa88 Mon Sep 17 00:00:00 2001 From: Jordy Schreuders <3071062+99linesofcode@users.noreply.github.com> Date: Tue, 24 Mar 2026 17:38:55 +0100 Subject: [PATCH 14/23] feat(github): let dependabot update git submodules automatically --- .gitattributes | 2 ++ .github/dependabot.yaml | 14 ++++++++++++++ .github/workflows/automatic-updates.yaml | 7 +++++++ .github/workflows/changelog.yaml | 3 --- 4 files changed, 23 insertions(+), 3 deletions(-) create mode 100644 .gitattributes create mode 100644 .github/dependabot.yaml create mode 100644 .github/workflows/automatic-updates.yaml diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..4c1b4c9 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,2 @@ +* text=auto eol=lf +CHANGELOG.md export-ignore diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml new file mode 100644 index 0000000..79e380c --- /dev/null +++ b/.github/dependabot.yaml @@ -0,0 +1,14 @@ +version: 2 + +updates: + - package-ecosystem: gitsubmodule + directory: / + schedule: + interval: daily + time: 06:00 + assignees: + - 99linesofcode + commit-message: + prefix: fix + prefix-development: chore + include: scope diff --git a/.github/workflows/automatic-updates.yaml b/.github/workflows/automatic-updates.yaml new file mode 100644 index 0000000..6001aff --- /dev/null +++ b/.github/workflows/automatic-updates.yaml @@ -0,0 +1,7 @@ +name: automatic updates + +on: pull_request + +jobs: + automatic-updates: + uses: 99linesofcode/.github/.github/workflows/automatic-updates.yaml@main diff --git a/.github/workflows/changelog.yaml b/.github/workflows/changelog.yaml index 14df506..fe83930 100644 --- a/.github/workflows/changelog.yaml +++ b/.github/workflows/changelog.yaml @@ -1,8 +1,5 @@ name: changelog -permissions: - contents: write - on: push: branches: From 9702fba5e2f8faec2bb8f7bcb57536d4e075c2c1 Mon Sep 17 00:00:00 2001 From: Jordy Schreuders <3071062+99linesofcode@users.noreply.github.com> Date: Tue, 24 Mar 2026 21:08:21 +0100 Subject: [PATCH 15/23] chore: formatting --- .editorconfig | 7 +++++-- .prettierrc | 7 +++++++ 2 files changed, 12 insertions(+), 2 deletions(-) create mode 100644 .prettierrc diff --git a/.editorconfig b/.editorconfig index 6422feb..876ec2a 100644 --- a/.editorconfig +++ b/.editorconfig @@ -4,10 +4,13 @@ root = true [*] charset = utf-8 end_of_line = lf -insert_final_newline = true -indent_size = 2 +indent_size = 4 indent_style = space +insert_final_newline = true trim_trailing_whitespace = true [*.md] trim_trailing_whitespace = false + +[*.{yml,yaml}] +indent_size = 2 diff --git a/.prettierrc b/.prettierrc new file mode 100644 index 0000000..90efb55 --- /dev/null +++ b/.prettierrc @@ -0,0 +1,7 @@ +{ + "semi": true, + "singleQuote": true, + "trailingComma": "all", + "plugins": [], + "overrides": [] +} From 8c857209e7a81854a9a3ed2856cb07c3f591976d Mon Sep 17 00:00:00 2001 From: Jordy Schreuders <3071062+99linesofcode@users.noreply.github.com> Date: Wed, 25 Mar 2026 13:38:43 +0100 Subject: [PATCH 16/23] fix(dependabot): time should be string instead of int --- .github/dependabot.yaml | 2 +- .github/workflows/automatic-submodule-updates.yaml | 7 +++++++ .github/workflows/automatic-updates.yaml | 7 ------- .github/workflows/changelog.yaml | 2 +- 4 files changed, 9 insertions(+), 9 deletions(-) create mode 100644 .github/workflows/automatic-submodule-updates.yaml delete mode 100644 .github/workflows/automatic-updates.yaml diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml index 79e380c..7a580d4 100644 --- a/.github/dependabot.yaml +++ b/.github/dependabot.yaml @@ -5,7 +5,7 @@ updates: directory: / schedule: interval: daily - time: 06:00 + time: '06:00' assignees: - 99linesofcode commit-message: diff --git a/.github/workflows/automatic-submodule-updates.yaml b/.github/workflows/automatic-submodule-updates.yaml new file mode 100644 index 0000000..cadbdc3 --- /dev/null +++ b/.github/workflows/automatic-submodule-updates.yaml @@ -0,0 +1,7 @@ +name: Automatic submodule updates + +on: pull_request + +jobs: + update: + uses: 99linesofcode/.github/.github/workflows/automatic-submodule-updates.yaml@main diff --git a/.github/workflows/automatic-updates.yaml b/.github/workflows/automatic-updates.yaml deleted file mode 100644 index 6001aff..0000000 --- a/.github/workflows/automatic-updates.yaml +++ /dev/null @@ -1,7 +0,0 @@ -name: automatic updates - -on: pull_request - -jobs: - automatic-updates: - uses: 99linesofcode/.github/.github/workflows/automatic-updates.yaml@main diff --git a/.github/workflows/changelog.yaml b/.github/workflows/changelog.yaml index fe83930..7d22116 100644 --- a/.github/workflows/changelog.yaml +++ b/.github/workflows/changelog.yaml @@ -1,4 +1,4 @@ -name: changelog +name: Generate Changelog and Release on: push: From f1e438e4066e4e2cdc75c89c5e4cb83be3e9cd00 Mon Sep 17 00:00:00 2001 From: Jordy Schreuders <3071062+99linesofcode@users.noreply.github.com> Date: Sat, 4 Apr 2026 12:44:12 +0200 Subject: [PATCH 17/23] chore(editorconfig): set nix indent size --- .editorconfig | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.editorconfig b/.editorconfig index 876ec2a..59837c5 100644 --- a/.editorconfig +++ b/.editorconfig @@ -12,5 +12,8 @@ trim_trailing_whitespace = true [*.md] trim_trailing_whitespace = false +[*.nix] +indent_size = 2 + [*.{yml,yaml}] indent_size = 2 From 0ecba6f527c59d381c1d2f997172bac2f1672ad6 Mon Sep 17 00:00:00 2001 From: Jordy Schreuders <3071062+99linesofcode@users.noreply.github.com> Date: Sat, 4 Apr 2026 12:57:59 +0200 Subject: [PATCH 18/23] refactor(nvidia): define intel and nvidia bus id on host as well Will probably define a configuration option for this later when reworking/abstracting to support different GPUs/configurations. --- hosts/luna/default.nix | 4 ++++ modules/nvidia.nix | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/hosts/luna/default.nix b/hosts/luna/default.nix index 4680d0d..b8c4581 100644 --- a/hosts/luna/default.nix +++ b/hosts/luna/default.nix @@ -32,6 +32,10 @@ with lib; hardware = { nvidia = { package = config.boot.kernelPackages.nvidiaPackages.production; # FIXME: support for this GPU is dropped after driver version 580 (and there is no dedicated legacy package for it as of yet) + prime = { + intelBusId = "PCI:0:2:0"; + nvidiaBusId = "PCI:1:0:0"; + }; }; openrazer = { enable = true; diff --git a/modules/nvidia.nix b/modules/nvidia.nix index df74792..aa6a428 100644 --- a/modules/nvidia.nix +++ b/modules/nvidia.nix @@ -40,8 +40,8 @@ with lib; finegrained = true; }; prime = { - intelBusId = "PCI:0:2:0"; - nvidiaBusId = "PCI:1:0:0"; + intelBusId = "PCI:0:2:0"; # luna + nvidiaBusId = "PCI:1:0:0"; # luna offload.enableOffloadCmd = true; reverseSync.enable = true; }; From 27a0d409a36da2ddc6be4308bbd0ee0243532dbc Mon Sep 17 00:00:00 2001 From: Jordy Schreuders <3071062+99linesofcode@users.noreply.github.com> Date: Sat, 4 Apr 2026 13:00:41 +0200 Subject: [PATCH 19/23] feat(nvidia): allow installing LACT or CoolerControl on host machines These are not Nvidia specific so I will probably want to extract these into their own GPU or application modules at some point. --- modules/nvidia.nix | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/modules/nvidia.nix b/modules/nvidia.nix index aa6a428..55c020e 100644 --- a/modules/nvidia.nix +++ b/modules/nvidia.nix @@ -12,6 +12,8 @@ with lib; { options.host.nvidia = { enable = mkEnableOption "nvidia"; + lact.enable = mkEnableOption "linux GPU control application"; + coolercontrol.enable = mkEnableOption "powerful cooling control and monitoring for Linux"; }; config = mkIf cfg.enable { @@ -34,7 +36,7 @@ with lib; modesetting.enable = true; # default since 535 nvidiaSettings = true; open = false; - package = mkDefault config.boot.kernelPackages.nvidiaPackages.beta; + package = mkDefault config.boot.kernelPackages.nvidiaPackages.production; powerManagement = { enable = true; finegrained = true; @@ -48,8 +50,13 @@ with lib; }; }; - services.xserver.videoDrivers = [ - "nvidia" - ]; + programs.coolercontrol.enable = cfg.coolercontrol.enable; + + services = { + lact.enable = cfg.lact.enable; + xserver.videoDrivers = [ + "nvidia" + ]; + }; }; } From a62710a0feaa99cac27fe4ea032cd27f23175d14 Mon Sep 17 00:00:00 2001 From: Jordy Schreuders <3071062+99linesofcode@users.noreply.github.com> Date: Sat, 4 Apr 2026 17:22:17 +0200 Subject: [PATCH 20/23] feat(tlp): extend battery life and limit turbo boost to prevent throttling * Change CPU energy/performance policy to extend battery life * Disable turbo boost on battery power * Turn off PCIe devices when idle to reduce power consumption and noise * Limit power consumption under heavy CPU load by reducing max P-state --- flake.nix | 1 - modules/power-management.nix | 10 +++++++++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/flake.nix b/flake.nix index 87db73c..743ddea 100644 --- a/flake.nix +++ b/flake.nix @@ -38,7 +38,6 @@ { nixpkgs, self, - sops-nix, disko, impermanence, ... diff --git a/modules/power-management.nix b/modules/power-management.nix index b8ebb9c..79eecf7 100644 --- a/modules/power-management.nix +++ b/modules/power-management.nix @@ -21,13 +21,21 @@ with lib; enable = true; # see: https://linrunner.de/tlp/settings/index.html settings = { - CPU_ENERGY_PERF_POLICY_ON_AC = "performance"; + CPU_SCALING_GOVERNOR_ON_AC = "performance"; + CPU_ENERGY_PERF_POLICY_ON_AC = "balance_performance"; + CPU_ENERGY_PERF_POLICY_ON_BAT = "balance_power"; + CPU_MAX_PERF_ON_AC = 90; + CPU_MAX_PERF_ON_BAT = 80; DEVICES_TO_DISABLE_ON_BAT_NOT_IN_USE = "bluetooth"; DEVICES_TO_ENABLE_ON_AC = "bluetooth"; + PLATFORM_PROFILE_ON_AC = "balance_performance"; + PLATFORM_PROFILE_ON_BAT = "balance_power"; START_CHARGE_THRESH_BAT0 = 75; STOP_CHARGE_THRESH_BAT0 = 80; SOUND_POWER_SAVE_ON_AC = 10; SOUND_POWER_SAVE_ON_BAT = 10; + RUNTIME_PM_ON_AC = "auto"; + RUNTIME_PM_DRIVER_DENYLIST = "mei_me nvidia xhci_hcd"; USB_AUTOSUSPEND = 0; WIFI_PWR_ON_BAT = "off"; }; From 0f6a1ee27cc4c082c0e394b28ea6eb98a3d098ce Mon Sep 17 00:00:00 2001 From: Jordy Schreuders <3071062+99linesofcode@users.noreply.github.com> Date: Sun, 12 Apr 2026 20:31:54 +0200 Subject: [PATCH 21/23] feat(dnsmasq): replace systemd-resolved with dnsmasq to allow wildcard resolution DNS requests are now handled by dnsmasq which in turn will use quad9 et. al. to resolve them. mDNS requests get passed onto Avahi when enabled as dnsmasq does not support this. By default, Docker reads the /etc/resolv.conf but since we have disabled that we specify the DNS server explicitly. --- hosts/luna/default.nix | 2 +- modules/network/dnsmasq.nix | 22 ++++++++++++++++------ modules/network/manager.nix | 4 ++-- modules/network/systemd-resolved.nix | 11 ++++------- 4 files changed, 23 insertions(+), 16 deletions(-) diff --git a/hosts/luna/default.nix b/hosts/luna/default.nix index b8c4581..c0cfe97 100644 --- a/hosts/luna/default.nix +++ b/hosts/luna/default.nix @@ -55,7 +55,7 @@ with lib; network = { hostname = "luna"; manager.enable = true; - systemd-resolved.enable = true; + dnsmasq.enable = true; }; printing.enable = true; diff --git a/modules/network/dnsmasq.nix b/modules/network/dnsmasq.nix index 4f9bcaf..561deb7 100644 --- a/modules/network/dnsmasq.nix +++ b/modules/network/dnsmasq.nix @@ -16,23 +16,27 @@ with lib; config = mkIf cfg.enable { networking = { - nameservers = [ "127.0.0.1" ]; # dnsmasq + nameservers = mkForce [ + "127.0.0.1" + ]; }; services = { dnsmasq = { enable = true; + alwaysKeepRunning = true; resolveLocalQueries = true; settings = { - address = "/test/127.0.0.1"; + bind-interfaces = true; bogus-priv = true; + cache-size = 1000; conf-file = "${pkgs.dnsmasq}/share/dnsmasq/trust-anchors.conf"; dnssec = true; dnssec-check-unsigned = true; - domain-needed = true; - expand-hosts = true; - interface = "wlan0"; - no-resolv = true; + local = [ + "/local/" + "/test/" + ]; server = [ "9.9.9.9" "149.112.112.112" @@ -40,7 +44,13 @@ with lib; "1.0.0.1" "8.8.8.8" "8.8.4.4" + ] + ++ optionals config.host.avahi.enable [ + "/local/127.0.0.1#5353" # forward mDNS queries to Avahi ]; + } + // optionalAttrs config.host.k3s.enable { + address = "/.test/192.168.1.81"; # support wildcard domains for k3s }; }; resolved.enable = mkForce false; diff --git a/modules/network/manager.nix b/modules/network/manager.nix index 1b32b4f..f347663 100644 --- a/modules/network/manager.nix +++ b/modules/network/manager.nix @@ -18,7 +18,7 @@ with lib; config = mkIf cfg.enable { networking = { - nameservers = [ + nameservers = mkDefault [ "9.9.9.9" "149.112.112.112" "1.1.1.1" @@ -26,9 +26,9 @@ with lib; "8.8.8.8" "8.8.4.4" ]; - resolvconf.enable = false; stevenblack.enable = true; # stevenblack hosts file blocklist useNetworkd = true; + resolvconf.enable = mkDefault false; wireless = { interfaces = [ "wlan0" ]; iwd.enable = true; diff --git a/modules/network/systemd-resolved.nix b/modules/network/systemd-resolved.nix index d95d94d..276409e 100644 --- a/modules/network/systemd-resolved.nix +++ b/modules/network/systemd-resolved.nix @@ -10,20 +10,17 @@ with lib; }; config = mkIf cfg.enable { + networking.resolvconf.enable = mkForce false; + services.resolved = { enable = true; settings.Resolve = { DNSSEC = true; DNSOverTLS = true; FallbackDNS = [ + "8.8.8.8" + "8.8.4.4" "1.1.1.1" - "1.0.0.1" - "2606:4700:4700::1111" - "2606:4700:4700::1001" - "1.1.1.1" - "1.0.0.1" - "2606:4700:4700::1111" - "2606:4700:4700::1001" ]; LLMNR = "false"; Domains = [ "~." ]; From 9091376ead538c0630a762c4d3725ba48665bbe5 Mon Sep 17 00:00:00 2001 From: Jordy Schreuders <3071062+99linesofcode@users.noreply.github.com> Date: Sat, 6 Jun 2026 17:18:14 +0200 Subject: [PATCH 22/23] chore: nix flake update 76323eca1c91f67b8bc4230d9a364f0855155c7766d15ee8a41fa706caf685d1 --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 54fe03a..d912788 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1771881364, - "narHash": "sha256-A5uE/hMium5of/QGC6JwF5TGoDAfpNtW00T0s9u/PN8=", + "lastModified": 1780290312, + "narHash": "sha256-eTAlX0CwgB84Ts3GaBd944A3DRXVMzgA0EqroZBISUo=", "owner": "nix-community", "repo": "disko", - "rev": "a4cb7bf73f264d40560ba527f9280469f1f081c6", + "rev": "115e5211780054d8a890b41f0b7734cafad54dfe", "type": "github" }, "original": { @@ -27,11 +27,11 @@ ] }, "locked": { - "lastModified": 1772060133, - "narHash": "sha256-VuyRptb8v1lVGMlLp4/1vRX3Efwec0CN0S6mKmDPzLg=", + "lastModified": 1780679734, + "narHash": "sha256-KmRNvpNOb7QEORa06bVgjW9kITcx0VhsI7w0vhmZyD8=", "owner": "nix-community", "repo": "home-manager", - "rev": "ce9b6e52500a0ea0ec48f0bbf6d7a3e431d9dfa4", + "rev": "b2b7db486e06e098711dc291bb25db82850e1d16", "type": "github" }, "original": { @@ -98,11 +98,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1771848320, - "narHash": "sha256-0MAd+0mun3K/Ns8JATeHT1sX28faLII5hVLq0L3BdZU=", + "lastModified": 1780243769, + "narHash": "sha256-x5UQuRsH3MqI0U9afaXSNqzTPSeZlRLvFAav2Ux1pNw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2fc6539b481e1d2569f25f8799236694180c0993", + "rev": "331800de5053fcebacf6813adb5db9c9dca22a0c", "type": "github" }, "original": { @@ -128,11 +128,11 @@ ] }, "locked": { - "lastModified": 1772048434, - "narHash": "sha256-/wA0OaH6kZ/pFA+nXR/tvg5oupOmEDmMS5us79JT60o=", + "lastModified": 1780547341, + "narHash": "sha256-Gq8KNx5A7hBB3uGJaj6eQfLDIz5YdLu92gqBcvHvoUo=", "owner": "Mic92", "repo": "sops-nix", - "rev": "334daa7c273dd8bf7a0cd370e4e16022b64e55e9", + "rev": "9ed65852b6257fbeae4355bc24ecfea307ca759a", "type": "github" }, "original": { From 491d9417d072e929befdcc5184a90857e34227ab Mon Sep 17 00:00:00 2001 From: Jordy Schreuders <3071062+99linesofcode@users.noreply.github.com> Date: Sat, 6 Jun 2026 17:18:57 +0200 Subject: [PATCH 23/23] refactor(luna): lock nvidia driver to legacy 580 --- hosts/luna/default.nix | 4 +--- modules/network/manager.nix | 2 +- users/shorty/default.nix | 2 +- 3 files changed, 3 insertions(+), 5 deletions(-) diff --git a/hosts/luna/default.nix b/hosts/luna/default.nix index c0cfe97..c3d68ac 100644 --- a/hosts/luna/default.nix +++ b/hosts/luna/default.nix @@ -31,7 +31,7 @@ with lib; hardware = { nvidia = { - package = config.boot.kernelPackages.nvidiaPackages.production; # FIXME: support for this GPU is dropped after driver version 580 (and there is no dedicated legacy package for it as of yet) + package = mkForce config.boot.kernelPackages.nvidiaPackages.legacy_580; prime = { intelBusId = "PCI:0:2:0"; nvidiaBusId = "PCI:1:0:0"; @@ -75,13 +75,11 @@ with lib; power-management.enable = true; rclone.enable = true; sound.enable = true; - # sunshine.enable = true; openssh.enable = true; qmk.enable = true; steam.enable = true; v4l2loopback.enable = true; wayland.enable = true; - # yubikey.enable = true; }; programs = { diff --git a/modules/network/manager.nix b/modules/network/manager.nix index f347663..5f7a352 100644 --- a/modules/network/manager.nix +++ b/modules/network/manager.nix @@ -26,7 +26,7 @@ with lib; "8.8.8.8" "8.8.4.4" ]; - stevenblack.enable = true; # stevenblack hosts file blocklist + # stevenblack.enable = true; # stevenblack hosts file blocklist # FIXME: results in a corrupt /etc/hosts file that causes dnsmasq to crash useNetworkd = true; resolvconf.enable = mkDefault false; wireless = { diff --git a/users/shorty/default.nix b/users/shorty/default.nix index 3b4dbe0..7b48fd0 100644 --- a/users/shorty/default.nix +++ b/users/shorty/default.nix @@ -7,8 +7,8 @@ let cfg = config.host.user.shorty; - username = "shorty"; hostname = config.host.network.hostname; + username = "shorty"; ifTheyExist = c: builtins.filter (group: builtins.hasAttr group config.users.groups) c; in with lib;