diff --git a/flake.lock b/flake.lock index 43c20a6..5ffff1e 100644 --- a/flake.lock +++ b/flake.lock @@ -55,11 +55,11 @@ ] }, "locked": { - "lastModified": 1772985280, - "narHash": "sha256-FdrNykOoY9VStevU4zjSUdvsL9SzJTcXt4omdEDZDLk=", + "lastModified": 1770260404, + "narHash": "sha256-3iVX1+7YUIt23hBx1WZsUllhbmP2EnXrV8tCRbLxHc8=", "owner": "nix-community", "repo": "home-manager", - "rev": "8f736f007139d7f70752657dff6a401a585d6cbc", + "rev": "0d782ee42c86b196acff08acfbf41bb7d13eed5b", "type": "github" }, "original": { @@ -76,11 +76,11 @@ ] }, "locked": { - "lastModified": 1772129556, - "narHash": "sha256-Utk0zd8STPsUJPyjabhzPc5BpPodLTXrwkpXBHYnpeg=", + "lastModified": 1767634391, + "narHash": "sha256-owcSz2ICqTSvhBbhPP+1eWzi88e54rRZtfCNE5E/wwg=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "ebec37af18215214173c98cf6356d0aca24a2585", + "rev": "08585aacc3d6d6c280a02da195fdbd4b9cf083c2", "type": "github" }, "original": { @@ -112,11 +112,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1772822230, - "narHash": "sha256-yf3iYLGbGVlIthlQIk5/4/EQDZNNEmuqKZkQssMljuw=", + "lastModified": 1771208521, + "narHash": "sha256-X01Q3DgSpjeBpapoGA4rzKOn25qdKxbPnxHeMLNoHTU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "71caefce12ba78d84fe618cf61644dce01cf3a96", + "rev": "fa56d7d6de78f5a7f997b0ea2bc6efd5868ad9e8", "type": "github" }, "original": { @@ -128,27 +128,27 @@ }, "nixpkgs-darwin": { "locked": { - "lastModified": 1766129819, - "narHash": "sha256-crNRwvsbH2XSV8IwBjX6Tm+uWmYwhYyRuNVJ9/ZwlmA=", + "lastModified": 1771352457, + "narHash": "sha256-CCItBNMyLmtWqxTVaDAeeaIigbuaiZuN3WO8PZNkGBc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "eedcb27bf99430e51f83d896cd1149b828290d20", + "rev": "f8a68d8ce473ec59300d9fb510a1b545c1290939", "type": "github" }, "original": { "owner": "nixos", + "ref": "nixpkgs-25.11-darwin", "repo": "nixpkgs", - "rev": "eedcb27bf99430e51f83d896cd1149b828290d20", "type": "github" } }, "nixpkgs-unstable": { "locked": { - "lastModified": 1772771118, - "narHash": "sha256-xWzaTvmmACR/SRWtABgI/Z97lcqwJAeoSd5QW1KdK1s=", + "lastModified": 1771177547, + "narHash": "sha256-trTtk3WTOHz7hSw89xIIvahkgoFJYQ0G43IlqprFoMA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "e38213b91d3786389a446dfce4ff5a8aaf6012f2", + "rev": "ac055f38c798b0d87695240c7b761b82fc7e5bc2", "type": "github" }, "original": { @@ -166,11 +166,11 @@ ] }, "locked": { - "lastModified": 1773029295, - "narHash": "sha256-xmHhVHbaA5hR3dCEoGwqAgL6HTTJ0KEMRUTLdJuVtGM=", + "lastModified": 1771425294, + "narHash": "sha256-owiQE9oINf1cgaulbrr2sMjelk2cmR8rkxLRPYYL6Kg=", "owner": "nix-community", "repo": "NUR", - "rev": "bf45b24de2134f1488f7a6c135f4b0420ccec6fe", + "rev": "242d44cd6af365da2dfa77422263b29d0ac9f39f", "type": "github" }, "original": { @@ -189,11 +189,11 @@ ] }, "locked": { - "lastModified": 1772361940, - "narHash": "sha256-B1Cz+ydL1iaOnGlwOFld/C8lBECPtzhiy/pP93/CuyY=", + "lastModified": 1770766818, + "narHash": "sha256-12RCFLyAedyMOdenUi7cN3ioJPEGjA/ZG1BLjugfUVs=", "owner": "nix-community", "repo": "plasma-manager", - "rev": "a4b33606111c9c5dcd10009042bb710307174f51", + "rev": "44b928068359b7d2310a34de39555c63c93a2c90", "type": "github" }, "original": { @@ -240,11 +240,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1773028978, - "narHash": "sha256-4BjOTYhHP8ljHShQyZ1gUIdwgSLjvaGN2ueKfqp6CQk=", + "lastModified": 1771301023, + "narHash": "sha256-0XauSmXBLOqn8SYHRWOL7Z9O7m5qtF0Yw6rqXVHkEnw=", "owner": "rycee", "repo": "nur-expressions", - "rev": "a6ed037ffc0b50a9bd0c92e20e31f270a03ca1e3", + "rev": "1cf8b4f42720573ef35dcd7d2ba0fd80e40954e9", "type": "gitlab" }, "original": { diff --git a/flake.nix b/flake.nix index 21bbcca..3b4f7b7 100644 --- a/flake.nix +++ b/flake.nix @@ -4,9 +4,7 @@ inputs = { # Specify the source of Home Manager and Nixpkgs. nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11"; - # Revert to a cached version of Julia for aarch64-darwin - nixpkgs-darwin.url = - "github:nixos/nixpkgs/eedcb27bf99430e51f83d896cd1149b828290d20"; + nixpkgs-darwin.url = "github:nixos/nixpkgs/nixpkgs-25.11-darwin"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixpkgs-unstable"; # Inputs for both darwin and linux systems diff --git a/programs/zed.nix b/programs/zed.nix index 1aceb66..8b4fc69 100644 --- a/programs/zed.nix +++ b/programs/zed.nix @@ -59,10 +59,6 @@ }; lsp = { nil = { settings.nix.flake.autoArchive = true; }; - nixd = { - settings.options.home-manager.expr = - "(builtins.getFlake (builtins.toString ./.)).homeConfigurations..options"; - }; texlab = { settings = { build = { diff --git a/secrets.nix b/secrets.nix index 667dd30..d6effcc 100644 --- a/secrets.nix +++ b/secrets.nix @@ -48,6 +48,4 @@ in { ++ [ bosephus-host ]; "secrets/redis-password.age".publicKeys = system-administrators ++ [ mcentire-host ]; - "secrets/vaultwarden.toml.age".publicKeys = system-administrators - ++ [ mcentire-host ]; } diff --git a/secrets/vaultwarden.toml.age b/secrets/vaultwarden.toml.age deleted file mode 100644 index b60bcd2..0000000 Binary files a/secrets/vaultwarden.toml.age and /dev/null differ diff --git a/services/fireflyiii.nix b/services/fireflyiii.nix index 5174cc2..4d2f24d 100644 --- a/services/fireflyiii.nix +++ b/services/fireflyiii.nix @@ -80,7 +80,7 @@ in { virtualisation.quadlet = let inherit (config.virtualisation.quadlet) containers; inherit (config.virtualisation.quadlet) networks; - secrets = osConfig.millironx.podman-secrets.fireflyiii; + secrets = osConfig.millironx.podman-secrets.freshrss; in { autoUpdate.enable = true; autoEscape = true; diff --git a/services/vaultwarden.nix b/services/vaultwarden.nix deleted file mode 100644 index 42a87cd..0000000 --- a/services/vaultwarden.nix +++ /dev/null @@ -1,125 +0,0 @@ -{ config, pkgs, home-manager-quadlet-nix, ... }: -let - user = "vaultwarden"; - port = "92858"; - containerPort = port; - authentikPort = "9000"; - stateDirectory = "/var/lib/${user}"; - servicePaths = [ "data" ]; - databasePaths = [ "database" ]; -in { - age.secrets."vaultwarden.toml" = { - file = ./../secrets/vaultwarden.toml.age; - owner = user; - }; - - millironx.podman-secrets.vaultwarden = { - inherit user; - secrets-files = [ config.age.secrets."vaultwarden.toml".path ]; - }; - - systemd.tmpfiles.rules = - map (d: "d ${stateDirectory}/${d} 1775 ${user} ${user} -") - ([ "" ] ++ servicePaths ++ databasePaths); - - services.borgmatic.configurations."${config.networking.hostName}" = { - source_directories = map (d: "${stateDirectory}/${d}") servicePaths; - postgresql_databases = [{ - name = user; - psql_command = - "/run/wrappers/bin/sudo -iu ${user} ${pkgs.podman}/bin/podman exec ${user}-db psql --username=${user}"; - pg_dump_command = - "/run/wrappers/bin/sudo -iu ${user} ${pkgs.podman}/bin/podman exec ${user}-db pg_dump --username=${user}"; - pg_restore_command = - "/run/wrappers/bin/sudo -iu ${user} ${pkgs.podman}/bin/podman exec ${user}-db pg_restore --username=${user}"; - }]; - }; - - services.caddy.virtualHosts."vault.millironx.com".extraConfig = '' - reverse_proxy http://127.0.0.1:${port} - ''; - - users.users."${user}" = { - group = user; - isNormalUser = true; - home = stateDirectory; - createHome = true; - linger = true; - autoSubUidGidRange = true; - }; - users.groups."${user}" = { }; - - home-manager.users."${user}" = { config, osConfig, ... }: { - imports = [ home-manager-quadlet-nix ]; - - home.stateVersion = "25.05"; - - virtualisation.quadlet = let - inherit (config.virtualisation.quadlet) containers; - inherit (config.virtualisation.quadlet) networks; - secrets = osConfig.millironx.podman-secrets.vaultwarden; - in { - autoUpdate.enable = true; - autoEscape = true; - - networks."${user}" = { }; - - containers = { - "${user}-db" = { - autoStart = true; - containerConfig = { - image = "docker.io/library/postgres:16"; - environments = { - POSTGRES_DB = user; - POSTGRES_USER = user; - }; - secrets = [ - "POSTGRES_PASSWORD,type=env" - "POSTGRES_PASSWORD,type=env,target=PGPASSWORD" - ]; - healthCmd = "pg_isready -d $\${POSTGRES_DB} -U $\${POSTGRES_USER}"; - healthInterval = "30s"; - healthRetries = 5; - healthStartPeriod = "20s"; - volumes = - [ "${stateDirectory}/database:/var/lib/postgresql/data:U" ]; - networks = [ networks."${user}".ref ]; - }; - unitConfig.Requires = [ secrets.ref ]; - unitConfig.After = [ secrets.ref ]; - }; - - "${user}" = { - autoStart = true; - containerConfig = { - image = "ghcr.io/dani-garcia/vaultwarden:latest"; - environments = { - DOMAIN = "https://vault.millironx.com"; - ROCKET_PORT = port; - SIGNUPS_ALLOWED = "false"; - SMTP_FROM_NAME = "Milliron X Vault"; - }; - secrets = map (s: "${s},type=env") [ - "ADMIN_TOKEN" - "DATABASE_URL" - "SMTP_FROM" - "SMTP_HOST" - "SMTP_PORT" - "SMTP_PASSWORD" - "SMTP_USERNAME" - "YUBICO_CLIENT_ID" - "YUBICO_SECRET_KEY" - ]; - volumes = [ "${stateDirectory}/data:/data:U" ]; - networks = [ networks."${user}".ref ]; - publishPorts = [ "127.0.0.1:${port}:${containerPort}" ]; - }; - unitConfig.Requires = [ secrets.ref containers."${user}".ref ]; - unitConfig.After = [ secrets.ref containers."${user}".ref ]; - }; - }; - }; - - }; - -} diff --git a/systems/darwin/corianne.nix b/systems/darwin/corianne.nix index 40d240b..a029992 100644 --- a/systems/darwin/corianne.nix +++ b/systems/darwin/corianne.nix @@ -32,17 +32,9 @@ in { automatic = true; interval = { Weekday = 1; }; options = '' - --delete-older-than 90d + --delete-older-than 14d ''; }; - settings = { - substituters = - [ "https://nix-community.cachix.org" "https://cache.nixos.org/" ]; - trusted-public-keys = [ - "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - ]; - }; - # Needed for rosetta-builder, see # # @@ -192,7 +184,15 @@ in { no_quarantine = true; }; - taps = [ "r-lib/rig" ]; + taps = [ + "homebrew/services" + { + name = "millironx/millironx"; + clone_target = + "https://code.millironx.com/millironx/homebrew-millironx.git"; + } + "r-lib/rig" + ]; brews = [ "borgbackup/tap/borgbackup-fuse" "buildkit" @@ -207,7 +207,6 @@ in { ]; casks = [ "alt-tab" - "dash" "db-browser-for-sqlite" "firefox" "inkscape" diff --git a/systems/linux/mcentire.nix b/systems/linux/mcentire.nix index cf01a65..94c4bd6 100644 --- a/systems/linux/mcentire.nix +++ b/systems/linux/mcentire.nix @@ -11,7 +11,6 @@ ./../../services/fireflyiii.nix ./../../services/freshrss.nix ./../../services/navidrome.nix - ./../../services/vaultwarden.nix ]; # Use the GRUB 2 boot loader.