diff --git a/flake.lock b/flake.lock index f501fd9..8c09c0b 100755 --- a/flake.lock +++ b/flake.lock @@ -25,7 +25,7 @@ "flake-utils": "flake-utils", "napalm": "napalm", "nixpkgs": [ - "nixpkgs" + "nixpkgs-stable" ], "pyproject-build-systems": "pyproject-build-systems", "pyproject-nix": "pyproject-nix", @@ -33,11 +33,11 @@ "uv2nix": "uv2nix" }, "locked": { - "lastModified": 1774079362, - "narHash": "sha256-HkoEWTxU5gNigcnhIa3GXukHqC5xGmgVaLICGUKlpdo=", + "lastModified": 1776085803, + "narHash": "sha256-JvvWVbXJYSY8qOReMbAOD4lxcN2cjKV6lg/jLz8CEuY=", "owner": "nix-community", "repo": "authentik-nix", - "rev": "1f279763d8b4a9138c01f1021f53e09bc2c54eb9", + "rev": "4370b561c8bafb59773ce3a518506bcf1161dbdb", "type": "github" }, "original": { @@ -49,16 +49,16 @@ "authentik-src": { "flake": false, "locked": { - "lastModified": 1772567399, - "narHash": "sha256-0Vpf1hj9C8r+rhrCgwoNazpQ+mwgjdjDhuoKCxYQFWw=", + "lastModified": 1775573258, + "narHash": "sha256-Xq7JGI/8ppIydIuWd9KRJKUrh7UpeniwvZ4NAtXbYJ4=", "owner": "goauthentik", "repo": "authentik", - "rev": "0dccbd4193c45c581e9fb7cd89df0c1487510f1f", + "rev": "5249546862986202b901c2afd860992ec48c6ef6", "type": "github" }, "original": { "owner": "goauthentik", - "ref": "version/2026.2.1", + "ref": "version/2026.2.2", "repo": "authentik", "type": "github" } @@ -584,11 +584,11 @@ ] }, "locked": { - "lastModified": 1775457580, - "narHash": "sha256-ikws/ssAmG20AGrEwBuwspwPlkubJu34mB+Uz2fJBJs=", + "lastModified": 1776046499, + "narHash": "sha256-Wzc4nn07/0RL21ypPHRzNDQZcjhIC8LaYo7QJQjM5T4=", "owner": "nix-community", "repo": "home-manager", - "rev": "5de7dbd151b0bd65d45785553d4a22d832733ffc", + "rev": "287f84846c1eb3b72c986f5f6bebcff0bd67440d", "type": "github" }, "original": { @@ -604,11 +604,11 @@ ] }, "locked": { - "lastModified": 1775457580, - "narHash": "sha256-ikws/ssAmG20AGrEwBuwspwPlkubJu34mB+Uz2fJBJs=", + "lastModified": 1776046499, + "narHash": "sha256-Wzc4nn07/0RL21ypPHRzNDQZcjhIC8LaYo7QJQjM5T4=", "owner": "nix-community", "repo": "home-manager", - "rev": "5de7dbd151b0bd65d45785553d4a22d832733ffc", + "rev": "287f84846c1eb3b72c986f5f6bebcff0bd67440d", "type": "github" }, "original": { @@ -658,11 +658,11 @@ "homebrew-cask": { "flake": false, "locked": { - "lastModified": 1775484338, - "narHash": "sha256-ylzTIrXzlCDjz9R3WxFkqqZuPboaVB/W5utc00R3wR4=", + "lastModified": 1776091050, + "narHash": "sha256-Eod3J7BQDA1al3aJ70AIEqXz5XETswBuV0jdMpW23Qo=", "owner": "homebrew", "repo": "homebrew-cask", - "rev": "fdc3c0fbd192076460dfd1d188ef45d68305397c", + "rev": "012ea40303ebf19a16a6befd39719a7f0cea352a", "type": "github" }, "original": { @@ -674,11 +674,11 @@ "homebrew-core": { "flake": false, "locked": { - "lastModified": 1775481683, - "narHash": "sha256-3PHpmYBLRXoe6r5Bx5H8jri4gW1410Uk8H8ssDS8BOA=", + "lastModified": 1776088143, + "narHash": "sha256-zWgSMGJrraKv7OfYrlts1hV3a8wPDI7QnJTNCcDreuo=", "owner": "homebrew", "repo": "homebrew-core", - "rev": "f43fd25bcd80d6af26670239676b830351a50144", + "rev": "203767edd9c63888156f13f1e83a282d242a0035", "type": "github" }, "original": { @@ -714,11 +714,11 @@ ] }, "locked": { - "lastModified": 1775287496, - "narHash": "sha256-tCBlt+RP85MLrMYntro/YvG7NWktbmFiyItGBo85Tf8=", + "lastModified": 1775841957, + "narHash": "sha256-oHxj9I82v+axW1lj+jUj2t8V++E6A9x54K5lq+liNAk=", "owner": "Jovian-Experiments", "repo": "Jovian-NixOS", - "rev": "0a7a3feb77606db451aa10287ad4c4c8f85922f8", + "rev": "67d55e61fe5e4d88d3fb90c0888cfced04a0589d", "type": "github" }, "original": { @@ -757,11 +757,11 @@ ] }, "locked": { - "lastModified": 1775501721, - "narHash": "sha256-IU2KcBvb8tulQ8NKz3OXujzOdeWXXv63sNDTjo8gPu4=", + "lastModified": 1776082891, + "narHash": "sha256-TpXoozA/HlrTb4VCJ2J+zFzDbzQErZE1cWc4P0Riisk=", "owner": "ggml-org", "repo": "llama.cpp", - "rev": "2e1f0a889e19a3922db57452268f4574c35c36e5", + "rev": "75f3bc94e649616162981c322e8e6b88ca5491e8", "type": "github" }, "original": { @@ -886,11 +886,11 @@ ] }, "locked": { - "lastModified": 1775365369, - "narHash": "sha256-DgH5mveLoau20CuTnaU5RXZWgFQWn56onQ4Du2CqYoI=", + "lastModified": 1775970782, + "narHash": "sha256-7jt9Vpm48Yy5yAWigYpde+HxtYEpEuyzIQJF4VYehhk=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "cef5cf82671e749ac87d69aadecbb75967e6f6c3", + "rev": "bedba5989b04614fc598af9633033b95a937933f", "type": "github" }, "original": { @@ -943,11 +943,11 @@ "nixpkgs": "nixpkgs_7" }, "locked": { - "lastModified": 1775444751, - "narHash": "sha256-7rAvWDPdSyeul4E0uKuVezJMN69tutpNGpujOODAX10=", + "lastModified": 1776051332, + "narHash": "sha256-u17gFUARTdA9ZtODdrep0QyIAaGNHjKscFLkB/jFTQQ=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "ed33cc3b1eabe6c04af158dd7155c4198b6679fe", + "rev": "81915eb135b9b56b691a34e432768a349531b951", "type": "github" }, "original": { @@ -962,11 +962,11 @@ "nixpkgs": "nixpkgs_8" }, "locked": { - "lastModified": 1774264319, - "narHash": "sha256-aAsO35YtqIdvBhCIKZ0a+OcC8wB0H1+mAoPKBY0jxeQ=", + "lastModified": 1775887459, + "narHash": "sha256-aUC+iK8zpMxdZLMhQpmUz9XBzKrQnFWzveB9IK18n3w=", "owner": "nix-community", "repo": "nixos-apple-silicon", - "rev": "9fe29a63b23005acfcd1324a9e78b6241226cdb1", + "rev": "b6d1d07d55831902cb188a40692a5c7b5529e9e0", "type": "github" }, "original": { @@ -977,11 +977,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1775203647, - "narHash": "sha256-6MWaMLXK9QMndI94CIxeiPafi3wuO+imCtK9tfhsZdw=", + "lastModified": 1775490113, + "narHash": "sha256-2ZBhDNZZwYkRmefK5XLOusCJHnoeKkoN95hoSGgMxWM=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "80afbd13eea0b7c4ac188de949e1711b31c2b5f0", + "rev": "c775c2772ba56e906cbeb4e0b2db19079ef11ff7", "type": "github" }, "original": { @@ -1083,11 +1083,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1775305101, - "narHash": "sha256-/74n1oQPtKG52Yw41cbToxspxHbYz6O3vi+XEw16Qe8=", + "lastModified": 1775811116, + "narHash": "sha256-t+HZK42pB6N+i5RGbuy7Xluez/VvWbembBdvzsc23Ss=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "36a601196c4ebf49e035270e10b2d103fe39076b", + "rev": "54170c54449ea4d6725efd30d719c5e505f1c10e", "type": "github" }, "original": { @@ -1099,11 +1099,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1775036866, - "narHash": "sha256-ZojAnPuCdy657PbTq5V0Y+AHKhZAIwSIT2cb8UgAz/U=", + "lastModified": 1775710090, + "narHash": "sha256-ar3rofg+awPB8QXDaFJhJ2jJhu+KqN/PRCXeyuXR76E=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6201e203d09599479a3b3450ed24fa81537ebc4e", + "rev": "4c1018dae018162ec878d42fec712642d214fdfa", "type": "github" }, "original": { @@ -1115,11 +1115,11 @@ }, "nixpkgs_10": { "locked": { - "lastModified": 1775126147, - "narHash": "sha256-J0dZU4atgcfo4QvM9D92uQ0Oe1eLTxBVXjJzdEMQpD0=", + "lastModified": 1775888245, + "narHash": "sha256-nwASzrRDD1JBEu/o8ekKYEXm/oJW6EMCzCRdrwcLe90=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8d8c1fa5b412c223ffa47410867813290cdedfef", + "rev": "13043924aaa7375ce482ebe2494338e058282925", "type": "github" }, "original": { @@ -1243,11 +1243,11 @@ }, "nixpkgs_9": { "locked": { - "lastModified": 1775036866, - "narHash": "sha256-ZojAnPuCdy657PbTq5V0Y+AHKhZAIwSIT2cb8UgAz/U=", + "lastModified": 1775710090, + "narHash": "sha256-ar3rofg+awPB8QXDaFJhJ2jJhu+KqN/PRCXeyuXR76E=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6201e203d09599479a3b3450ed24fa81537ebc4e", + "rev": "4c1018dae018162ec878d42fec712642d214fdfa", "type": "github" }, "original": { @@ -1292,11 +1292,11 @@ ] }, "locked": { - "lastModified": 1774915545, - "narHash": "sha256-COT4l/+ZddGBvrDVfPf7MEOJxV8EDKame6/aRnNIKcY=", + "lastModified": 1775856943, + "narHash": "sha256-b7Mp7P+q2Md5AGt4rjHfMcBykzMumFTen10ST++AuTU=", "owner": "nix-community", "repo": "plasma-manager", - "rev": "f3177b3c69fb3f03201098d7fe8ab6422cce7fc1", + "rev": "a524a6160e6df89f7673ba293cf7d78b559eb1a5", "type": "github" }, "original": { @@ -1337,11 +1337,11 @@ ] }, "locked": { - "lastModified": 1775036584, - "narHash": "sha256-zW0lyy7ZNNT/x8JhzFHBsP2IPx7ATZIPai4FJj12BgU=", + "lastModified": 1775585728, + "narHash": "sha256-8Psjt+TWvE4thRKktJsXfR6PA/fWWsZ04DVaY6PUhr4=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "4e0eb042b67d863b1b34b3f64d52ceb9cd926735", + "rev": "580633fa3fe5fc0379905986543fd7495481913d", "type": "github" }, "original": { @@ -1505,11 +1505,11 @@ "nixpkgs": "nixpkgs_10" }, "locked": { - "lastModified": 1775365543, - "narHash": "sha256-f50qrK0WwZ9z5EdaMGWOTtALgSF7yb7XwuE7LjCuDmw=", + "lastModified": 1775971308, + "narHash": "sha256-VKp9bhVSm0bT6JWctFy06ocqxGGnWHi1NfoE90IgIcY=", "owner": "Mic92", "repo": "sops-nix", - "rev": "a4ee2de76efb759fe8d4868c33dec9937897916f", + "rev": "31ac5fe5d015f76b54058c69fcaebb66a55871a4", "type": "github" }, "original": { @@ -1561,11 +1561,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1775429060, - "narHash": "sha256-wbFF5cRxQOCzL/wHOKYm21t5AHPH2Lfp0mVPCOAvEoc=", + "lastModified": 1775936757, + "narHash": "sha256-KJO/7qoxJ+hlsb3WlFSl6IGrExBIf1GvKdrhOlnGdKY=", "owner": "nix-community", "repo": "stylix", - "rev": "d27951a6539951d87f75cf0a7cda8a3a24016019", + "rev": "d3e447786b74d62c75f665e17cb3e681c66e90c7", "type": "github" }, "original": { @@ -1712,11 +1712,11 @@ ] }, "locked": { - "lastModified": 1775125835, - "narHash": "sha256-2qYcPgzFhnQWchHo0SlqLHrXpux5i6ay6UHA+v2iH4U=", + "lastModified": 1775636079, + "narHash": "sha256-pc20NRoMdiar8oPQceQT47UUZMBTiMdUuWrYu2obUP0=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "75925962939880974e3ab417879daffcba36c4a3", + "rev": "790751ff7fd3801feeaf96d7dc416a8d581265ba", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index e822c0a..ff21fbe 100755 --- a/flake.nix +++ b/flake.nix @@ -47,7 +47,7 @@ authentik-nix = { url = "github:nix-community/authentik-nix"; - inputs.nixpkgs.follows = "nixpkgs"; + inputs.nixpkgs.follows = "nixpkgs-stable"; }; disko = { diff --git a/homes/x86_64-linux/admin@jallen-nas/default.nix b/homes/x86_64-linux/admin@jallen-nas/default.nix index f19052c..0287886 100755 --- a/homes/x86_64-linux/admin@jallen-nas/default.nix +++ b/homes/x86_64-linux/admin@jallen-nas/default.nix @@ -37,7 +37,7 @@ in ${namespace} = { sops.enable = true; programs.opencode = enabled; - # desktop.plasma = enabled; + desktop.plasma = enabled; }; sops.secrets = { diff --git a/homes/x86_64-linux/matt@allyx/default.nix b/homes/x86_64-linux/matt@allyx/default.nix index 5a88683..3d69b95 100755 --- a/homes/x86_64-linux/matt@allyx/default.nix +++ b/homes/x86_64-linux/matt@allyx/default.nix @@ -54,7 +54,7 @@ in ryujinx.enable = true; # Switch (ryubing fork) yuzu.enable = true; # Switch (eden fork) dolphin-emu.enable = true; # GameCube / Wii - cemu.enable = true; # Wii U + cemu.enable = false; # Wii U melonDS.enable = true; # DS citra.enable = true; # 3DS (azahar fork) mgba.enable = true; # Game Boy / GBC diff --git a/modules/home/desktop/plasma/default.nix b/modules/home/desktop/plasma/default.nix index a1333d7..1083774 100755 --- a/modules/home/desktop/plasma/default.nix +++ b/modules/home/desktop/plasma/default.nix @@ -25,24 +25,28 @@ in programs.plasma = { enable = true; - workspace = { - colorScheme = "BreezeDark"; - cursor = { - theme = "breeze_cursors"; - size = 24; - }; - iconTheme = "breeze-dark"; - theme = "breeze-dark"; - lookAndFeel = "org.kde.breezedark.desktop"; - # Explicitly set Breeze to prevent QT_STYLE_OVERRIDE=kvantum (set by - # Stylix's qt6ct target) from being picked up by KWin/plasmashell, which - # would cause a fatal "module kvantum is not installed" QML error and - # leave the desktop blank. - widgetStyle = "Breeze"; + configFile.kded5rc = { + "Module-gtkconfig"."autoload" = false; }; - # input.mice and input.touchpads require device-specific vendorId/productId - # identifiers — configure those per-host in the home config instead. + # workspace = { + # colorScheme = "BreezeDark"; + # cursor = { + # theme = "breeze_cursors"; + # size = 24; + # }; + # iconTheme = "breeze-dark"; + # theme = "breeze-dark"; + # lookAndFeel = "org.kde.breezedark.desktop"; + # # Explicitly set Breeze to prevent QT_STYLE_OVERRIDE=kvantum (set by + # # Stylix's qt6ct target) from being picked up by KWin/plasmashell, which + # # would cause a fatal "module kvantum is not installed" QML error and + # # leave the desktop blank. + # widgetStyle = "Breeze"; + # }; + + # # input.mice and input.touchpads require device-specific vendorId/productId + # # identifiers — configure those per-host in the home config instead. kscreenlocker = { autoLock = true; @@ -67,20 +71,20 @@ in }; }; - panels = [ - { - location = "bottom"; - floating = true; - height = 44; - widgets = [ - "org.kde.plasma.kickoff" - "org.kde.plasma.icontasks" - "org.kde.plasma.marginsseparator" - "org.kde.plasma.systemtray" - "org.kde.plasma.digitalclock" - ]; - } - ]; + # panels = [ + # { + # location = "bottom"; + # floating = true; + # height = 44; + # widgets = [ + # "org.kde.plasma.kickoff" + # "org.kde.plasma.icontasks" + # "org.kde.plasma.marginsseparator" + # "org.kde.plasma.systemtray" + # "org.kde.plasma.digitalclock" + # ]; + # } + # ]; shortcuts = { kwin = { diff --git a/modules/nixos/services/actual/default.nix b/modules/nixos/services/actual/default.nix index 0e8b6b8..92b140f 100755 --- a/modules/nixos/services/actual/default.nix +++ b/modules/nixos/services/actual/default.nix @@ -15,6 +15,20 @@ let description = "Actual Personal Finance Planner"; options = { }; moduleConfig = { + sops = { + secrets = { + "jallen-nas/actual/client-id" = { + sopsFile = lib.snowfall.fs.get-file "secrets/nas-secrets.yaml"; + owner = "actual"; + restartUnits = [ "actual.service" ]; + }; + "jallen-nas/actual/client-secret" = { + sopsFile = lib.snowfall.fs.get-file "secrets/nas-secrets.yaml"; + owner = "actual"; + restartUnits = [ "actual.service" ]; + }; + }; + }; services.actual = { inherit (cfg) openFirewall; enable = true; @@ -24,6 +38,13 @@ let serverFiles = "${cfg.configDir}/${name}/server-files"; userFiles = "${cfg.configDir}/${name}/user-files"; dataDir = "${cfg.configDir}/${name}"; + openId = { + discoveryURL = "https://authentik.mjallen.dev/application/o/actual/.well-known/openid-configuration"; + client_id._secret = config.sops.secrets."jallen-nas/actual/client-id".path; + client_secret._secret = config.sops.secrets."jallen-nas/actual/client-secret".path; + server_hostname = "https://authentik.mjallen.dev"; + authMethod = "openid"; + }; }; }; diff --git a/modules/nixos/services/owncloud/default.nix b/modules/nixos/services/owncloud/default.nix index 809226b..bab331c 100755 --- a/modules/nixos/services/owncloud/default.nix +++ b/modules/nixos/services/owncloud/default.nix @@ -60,6 +60,11 @@ in }; config = mkIf cfg.enable { + systemd.services."podman-${cfg.name}".unitConfig.RequiresMountsFor = [ + cfg.configPath + cfg.dataPath + ]; + virtualisation.oci-containers.containers."${cfg.name}" = { inherit (cfg) autoStart image; ports = [ "${cfg.httpPort}:9200" ]; diff --git a/overlays/homeassistant/default.nix b/overlays/homeassistant/default.nix deleted file mode 100755 index 92b3aac..0000000 --- a/overlays/homeassistant/default.nix +++ /dev/null @@ -1,125 +0,0 @@ -{ ... }: -_final: prev: { - home-assistant = prev.home-assistant.override { - packageOverrides = _self: super: { - nice-go = super.nice-go.overridePythonAttrs (_old: { - doCheck = false; - }); - cfn-lint = super.cfn-lint.overridePythonAttrs (_old: { - doCheck = false; - }); - aiobotocore = super.aiobotocore.overridePythonAttrs (_old: { - doCheck = false; - }); - connect-box = super.connect-box.overridePythonAttrs (_old: { - doCheck = false; - }); - motionblindsble = super.motionblindsble.overridePythonAttrs (_old: { - doCheck = false; - }); - pyinsteon = super.pyinsteon.overridePythonAttrs (_old: { - doCheck = false; - }); - psnawp = super.psnawp.overridePythonAttrs (old: { - nativeBuildInputs = (old.nativeBuildInputs or [ ]) ++ [ super.pythonRelaxDepsHook ]; - pythonRelaxDeps = [ "pycountry" ]; - }); - radios = super.radios.overridePythonAttrs (old: { - nativeBuildInputs = (old.nativeBuildInputs or [ ]) ++ [ super.pythonRelaxDepsHook ]; - pythonRelaxDeps = [ "pycountry" ]; - }); - - # Several packages are gated behind pythonAtLeast "3.13" or "3.14" guards - # in nixpkgs, but are required as transitive dependencies of HA components - # when using availableComponents. Override them all to allow Python 3.14 - # until upstream catches up. - aiounittest = super.aiounittest.overridePythonAttrs (_old: { - disabled = false; - doCheck = false; - }); - # aiokef tests rely on asyncio.get_event_loop() auto-creating a loop, - # which was removed in Python 3.10+. - aiokef = super.aiokef.overridePythonAttrs (_old: { - doCheck = false; - }); - # pyads 3.5.1 adopted a src/ layout; the nixpkgs patchPhase references - # the old flat path, and setup.py always tries to compile adslib from - # source via make. Skip the compile step by making platform_is_unix() - # return False, pre-place the nixpkgs adslib.so in src/ so the wheel - # installs it, and disable the import check since pyads searches sys.path - # for adslib.so at import time (requires the real ADS hardware library). - pyads = super.pyads.overridePythonAttrs (old: { - patchPhase = '' - substituteInPlace setup.py \ - --replace-fail "sys.platform.startswith(\"linux\") or sys.platform.startswith(\"darwin\")" \ - "False" - ''; - preBuild = '' - mkdir -p src - cp ${builtins.head old.buildInputs}/lib/adslib.so src/adslib.so - ''; - doCheck = false; - pythonImportsCheck = [ ]; - }); - apischema = super.apischema.overridePythonAttrs (_old: { - disabled = false; - doCheck = false; - }); - aws-sam-translator = super.aws-sam-translator.overridePythonAttrs (_old: { - # https://github.com/aws/serverless-application-model/issues/3831 - disabled = false; - doCheck = false; - }); - # future uses lib2to3 in past.translation, which was removed in Python 3.14. - # That module is only needed for Python 2→3 source translation at runtime, - # which HA components don't use. Drop past.translation from the import check. - future = super.future.overridePythonAttrs (_old: { - disabled = false; - pythonImportsCheck = [ - "future.builtins" - "future.moves" - "future.standard_library" - "past.builtins" - ]; - }); - raincloudy = super.raincloudy.overridePythonAttrs (_old: { - disabled = false; - doCheck = false; - }); - reactivex = super.reactivex.overridePythonAttrs (_old: { - disabled = false; - doCheck = false; - }); - - # Several packages are marked broken due to version constraints on upstream - # deps that have been bumped in nixpkgs (pysnmp 7.x, xmltodict 1.x). - # They work fine at runtime for HA's usage. - # aio-georss-client is marked broken because xmltodict >= 1.0 changed how - # namespace-annotated XML elements are returned (dict instead of string), - # which breaks _process_coordinates. The GDACS integration is not used here - # and the package installs fine; skip tests to unblock the build. - aio-georss-client = super.aio-georss-client.overridePythonAttrs (_old: { - meta = (super.aio-georss-client.meta or { }) // { - broken = false; - }; - doCheck = false; - }); - atenpdu = super.atenpdu.overridePythonAttrs (_old: { - meta = (super.atenpdu.meta or { }) // { - broken = false; - }; - nativeBuildInputs = (_old.nativeBuildInputs or [ ]) ++ [ super.pythonRelaxDepsHook ]; - pythonRelaxDeps = [ "async-timeout" ]; - }); - bimmer-connected = super.bimmer-connected.overridePythonAttrs (old: { - meta = (old.meta or { }) // { - broken = false; - }; - doCheck = false; - # pillow is an optional dep (China market only) but the runtime dep check - # flags it as missing; add it to propagatedBuildInputs to satisfy it. - propagatedBuildInputs = (old.propagatedBuildInputs or [ ]) ++ [ super.pillow ]; - }); - }; - }; -} diff --git a/secrets/nas-secrets.yaml b/secrets/nas-secrets.yaml index 9e300fa..d2c7ca3 100755 --- a/secrets/nas-secrets.yaml +++ b/secrets/nas-secrets.yaml @@ -101,6 +101,9 @@ jallen-nas: secret-key: ENC[AES256_GCM,data:dPHXEAKGrbbM36uH3W4yzm3GmJI=,iv:yHMAMJ8w+uoH/IvLSbxyQm6dEml0MWvwfRIIVHmc6LE=,tag:AyDLS20gUH4gupRGrtGReQ==,type:str] kavita: token: ENC[AES256_GCM,data:XurnehEZ/jCn+lxtTyty3WkDb17nQ7X3dIIys8O1l17gNzBMyqCLuzQaKLvqAV13PIaGBRTSnlNe7hDs5XYsI2nyL/l0ptPPXgKGEujEtTL8ei0rxTAYnA==,iv:Guinyj+EQNSUE+z+yu3HTF+leoxk7LWXBX/HGcLEki4=,tag:hfkgnjFAwUEVXtDT5HFJTg==,type:str] + actual: + client-id: ENC[AES256_GCM,data:bgImXku1RYZADFOPGKScHyC07iB6NRO+OfL477Fmxvp2/MGdahhjXQ==,iv:PsAomwKXxJjHEDrkIuzOAoyxhmKM9Yqmj3xVYx8iUns=,tag:nPd9+jPqcc06DqVb+bg79Q==,type:str] + client-secret: ENC[AES256_GCM,data:PN5RA3gd5NM8m8FbpeJR5SROU9BaE78jTDHBBrVTkXZQq+7HQ6Tq9X6YDv755qwES2WOZyWohAlPSGBJ7/z1NY2dzDhBJTekVXKDpWYpVZhk3AlaT/XjaFP6HNRyAHjBUjLvp1hgCC/QcipzSjfVYdRduRV5b5nMhbz+AITlo6w=,iv:MpgHI1bmd4fS1MILDtmTeFShi61M/dqQsalmTnxT4q8=,tag:+lTfIfRIy7MxFRQu06GtgQ==,type:str] sops: shamir_threshold: 1 age: @@ -248,8 +251,8 @@ sops: L0gwQm5takNjMkVGNzVlSStJYlUwWDAKP8QA3rRUHYbyyhPC/k0Eq2EIKfjyc7Co 7BkHH3msC6h9g42BB5iIYe6KQ+UGxMQBFvp+qSB27jaIfajN5MP0BA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-04-08T20:48:03Z" - mac: ENC[AES256_GCM,data:iwAX9cd47lppnht7Tvu5lHxuMLrZ9GMAQpcAyZC+GkFV6P+Kkda1lxphuMKkntEeSkEbjG1Ca29bkhKQ1M7HxPnmV2ORIYqHz15ZQXcGnKyW5cj2mSn9skPlTjMY8VzN8LHhHWWba54EzG6b6fsKuYhtnZZiQWnXS4bZQeRxPB4=,iv:QaNu/kEXCkuSQ+METVL5pag1JrYLZoPeUyl4dnlzTew=,tag:7G7a6vTORnb+PFT8VdB9cg==,type:str] + lastmodified: "2026-04-13T16:30:32Z" + mac: ENC[AES256_GCM,data:7IQ7jAVbIy2U8WZu7jMCHO13uz8Q+3w4hwEZP8QSOzN45EwjnZSKUoHtIbeS7FEkB/EwkfUdN9trezbEhcPRb7cF6hg2xNdEU8dnx8MmzOoRvirqCf2/c0AD1rVzkEYgYU6RZDIDGOck+WPHf95+2jR2h+P5zz47QCKnej+nlXA=,iv:FhqWxLvGbmMgywIvnXJC2xi6BP7LLhS3mwJIcsUhL84=,tag:NoCqjuZNESUXtX/V31frZg==,type:str] pgp: - created_at: "2026-02-06T15:34:30Z" enc: |- diff --git a/systems/x86_64-linux/nuc-nixos/default.nix b/systems/x86_64-linux/nuc-nixos/default.nix index 64c780d..30d399d 100755 --- a/systems/x86_64-linux/nuc-nixos/default.nix +++ b/systems/x86_64-linux/nuc-nixos/default.nix @@ -75,6 +75,10 @@ in subdomain = "otbr"; upstream = "http://127.0.0.1:${toString net.ports.nuc.otbr}"; }; + actual = { + subdomain = "actual"; + upstream = "http://10.0.0.4:${toString net.ports.nas.actual}"; + }; # hass is currently proxied by the NAS Caddy (modules/nixos/services/caddy). # To migrate it here, remove the @hass block from that module and add: # hass = {