mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

upd

Browse Source
This commit is contained in:
mjallen18
2026-04-13 13:25:52 -05:00
parent 1b5f695f40
commit 86fffbd512
10 changed files with 137 additions and 225 deletions
Download Patch File Download Diff File Expand all files Collapse all files

130
flake.lock generated
View File

@@ -25,7 +25,7 @@
"flake-utils": "flake-utils",
"napalm": "napalm",
"nixpkgs": [
"nixpkgs"
"nixpkgs-stable"
],
"pyproject-build-systems": "pyproject-build-systems",
"pyproject-nix": "pyproject-nix",
@@ -33,11 +33,11 @@
"uv2nix": "uv2nix"
},
"locked": {
"lastModified": 1774079362,
"narHash": "sha256-HkoEWTxU5gNigcnhIa3GXukHqC5xGmgVaLICGUKlpdo=",
"lastModified": 1776085803,
"narHash": "sha256-JvvWVbXJYSY8qOReMbAOD4lxcN2cjKV6lg/jLz8CEuY=",
"owner": "nix-community",
"repo": "authentik-nix",
"rev": "1f279763d8b4a9138c01f1021f53e09bc2c54eb9",
"rev": "4370b561c8bafb59773ce3a518506bcf1161dbdb",
"type": "github"
},
"original": {
@@ -49,16 +49,16 @@
"authentik-src": {
"flake": false,
"locked": {
"lastModified": 1772567399,
"narHash": "sha256-0Vpf1hj9C8r+rhrCgwoNazpQ+mwgjdjDhuoKCxYQFWw=",
"lastModified": 1775573258,
"narHash": "sha256-Xq7JGI/8ppIydIuWd9KRJKUrh7UpeniwvZ4NAtXbYJ4=",
"owner": "goauthentik",
"repo": "authentik",
"rev": "0dccbd4193c45c581e9fb7cd89df0c1487510f1f",
"rev": "5249546862986202b901c2afd860992ec48c6ef6",
"type": "github"
},
"original": {
"owner": "goauthentik",
"ref": "version/2026.2.1",
"ref": "version/2026.2.2",
"repo": "authentik",
"type": "github"
}
@@ -584,11 +584,11 @@
]
},
"locked": {
"lastModified": 1775457580,
"narHash": "sha256-ikws/ssAmG20AGrEwBuwspwPlkubJu34mB+Uz2fJBJs=",
"lastModified": 1776046499,
"narHash": "sha256-Wzc4nn07/0RL21ypPHRzNDQZcjhIC8LaYo7QJQjM5T4=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "5de7dbd151b0bd65d45785553d4a22d832733ffc",
"rev": "287f84846c1eb3b72c986f5f6bebcff0bd67440d",
"type": "github"
},
"original": {
@@ -604,11 +604,11 @@
]
},
"locked": {
"lastModified": 1775457580,
"narHash": "sha256-ikws/ssAmG20AGrEwBuwspwPlkubJu34mB+Uz2fJBJs=",
"lastModified": 1776046499,
"narHash": "sha256-Wzc4nn07/0RL21ypPHRzNDQZcjhIC8LaYo7QJQjM5T4=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "5de7dbd151b0bd65d45785553d4a22d832733ffc",
"rev": "287f84846c1eb3b72c986f5f6bebcff0bd67440d",
"type": "github"
},
"original": {
@@ -658,11 +658,11 @@
"homebrew-cask": {
"flake": false,
"locked": {
"lastModified": 1775484338,
"narHash": "sha256-ylzTIrXzlCDjz9R3WxFkqqZuPboaVB/W5utc00R3wR4=",
"lastModified": 1776091050,
"narHash": "sha256-Eod3J7BQDA1al3aJ70AIEqXz5XETswBuV0jdMpW23Qo=",
"owner": "homebrew",
"repo": "homebrew-cask",
"rev": "fdc3c0fbd192076460dfd1d188ef45d68305397c",
"rev": "012ea40303ebf19a16a6befd39719a7f0cea352a",
"type": "github"
},
"original": {
@@ -674,11 +674,11 @@
"homebrew-core": {
"flake": false,
"locked": {
"lastModified": 1775481683,
"narHash": "sha256-3PHpmYBLRXoe6r5Bx5H8jri4gW1410Uk8H8ssDS8BOA=",
"lastModified": 1776088143,
"narHash": "sha256-zWgSMGJrraKv7OfYrlts1hV3a8wPDI7QnJTNCcDreuo=",
"owner": "homebrew",
"repo": "homebrew-core",
"rev": "f43fd25bcd80d6af26670239676b830351a50144",
"rev": "203767edd9c63888156f13f1e83a282d242a0035",
"type": "github"
},
"original": {
@@ -714,11 +714,11 @@
]
},
"locked": {
"lastModified": 1775287496,
"narHash": "sha256-tCBlt+RP85MLrMYntro/YvG7NWktbmFiyItGBo85Tf8=",
"lastModified": 1775841957,
"narHash": "sha256-oHxj9I82v+axW1lj+jUj2t8V++E6A9x54K5lq+liNAk=",
"owner": "Jovian-Experiments",
"repo": "Jovian-NixOS",
"rev": "0a7a3feb77606db451aa10287ad4c4c8f85922f8",
"rev": "67d55e61fe5e4d88d3fb90c0888cfced04a0589d",
"type": "github"
},
"original": {
@@ -757,11 +757,11 @@
]
},
"locked": {
"lastModified": 1775501721,
"narHash": "sha256-IU2KcBvb8tulQ8NKz3OXujzOdeWXXv63sNDTjo8gPu4=",
"lastModified": 1776082891,
"narHash": "sha256-TpXoozA/HlrTb4VCJ2J+zFzDbzQErZE1cWc4P0Riisk=",
"owner": "ggml-org",
"repo": "llama.cpp",
"rev": "2e1f0a889e19a3922db57452268f4574c35c36e5",
"rev": "75f3bc94e649616162981c322e8e6b88ca5491e8",
"type": "github"
},
"original": {
@@ -886,11 +886,11 @@
]
},
"locked": {
"lastModified": 1775365369,
"narHash": "sha256-DgH5mveLoau20CuTnaU5RXZWgFQWn56onQ4Du2CqYoI=",
"lastModified": 1775970782,
"narHash": "sha256-7jt9Vpm48Yy5yAWigYpde+HxtYEpEuyzIQJF4VYehhk=",
"owner": "nix-community",
"repo": "nix-index-database",
"rev": "cef5cf82671e749ac87d69aadecbb75967e6f6c3",
"rev": "bedba5989b04614fc598af9633033b95a937933f",
"type": "github"
},
"original": {
@@ -943,11 +943,11 @@
"nixpkgs": "nixpkgs_7"
},
"locked": {
"lastModified": 1775444751,
"narHash": "sha256-7rAvWDPdSyeul4E0uKuVezJMN69tutpNGpujOODAX10=",
"lastModified": 1776051332,
"narHash": "sha256-u17gFUARTdA9ZtODdrep0QyIAaGNHjKscFLkB/jFTQQ=",
"owner": "nix-community",
"repo": "nix-vscode-extensions",
"rev": "ed33cc3b1eabe6c04af158dd7155c4198b6679fe",
"rev": "81915eb135b9b56b691a34e432768a349531b951",
"type": "github"
},
"original": {
@@ -962,11 +962,11 @@
"nixpkgs": "nixpkgs_8"
},
"locked": {
"lastModified": 1774264319,
"narHash": "sha256-aAsO35YtqIdvBhCIKZ0a+OcC8wB0H1+mAoPKBY0jxeQ=",
"lastModified": 1775887459,
"narHash": "sha256-aUC+iK8zpMxdZLMhQpmUz9XBzKrQnFWzveB9IK18n3w=",
"owner": "nix-community",
"repo": "nixos-apple-silicon",
"rev": "9fe29a63b23005acfcd1324a9e78b6241226cdb1",
"rev": "b6d1d07d55831902cb188a40692a5c7b5529e9e0",
"type": "github"
},
"original": {
@@ -977,11 +977,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1775203647,
"narHash": "sha256-6MWaMLXK9QMndI94CIxeiPafi3wuO+imCtK9tfhsZdw=",
"lastModified": 1775490113,
"narHash": "sha256-2ZBhDNZZwYkRmefK5XLOusCJHnoeKkoN95hoSGgMxWM=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "80afbd13eea0b7c4ac188de949e1711b31c2b5f0",
"rev": "c775c2772ba56e906cbeb4e0b2db19079ef11ff7",
"type": "github"
},
"original": {
@@ -1083,11 +1083,11 @@
},
"nixpkgs-stable_2": {
"locked": {
"lastModified": 1775305101,
"narHash": "sha256-/74n1oQPtKG52Yw41cbToxspxHbYz6O3vi+XEw16Qe8=",
"lastModified": 1775811116,
"narHash": "sha256-t+HZK42pB6N+i5RGbuy7Xluez/VvWbembBdvzsc23Ss=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "36a601196c4ebf49e035270e10b2d103fe39076b",
"rev": "54170c54449ea4d6725efd30d719c5e505f1c10e",
"type": "github"
},
"original": {
@@ -1099,11 +1099,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1775036866,
"narHash": "sha256-ZojAnPuCdy657PbTq5V0Y+AHKhZAIwSIT2cb8UgAz/U=",
"lastModified": 1775710090,
"narHash": "sha256-ar3rofg+awPB8QXDaFJhJ2jJhu+KqN/PRCXeyuXR76E=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "6201e203d09599479a3b3450ed24fa81537ebc4e",
"rev": "4c1018dae018162ec878d42fec712642d214fdfa",
"type": "github"
},
"original": {
@@ -1115,11 +1115,11 @@
},
"nixpkgs_10": {
"locked": {
"lastModified": 1775126147,
"narHash": "sha256-J0dZU4atgcfo4QvM9D92uQ0Oe1eLTxBVXjJzdEMQpD0=",
"lastModified": 1775888245,
"narHash": "sha256-nwASzrRDD1JBEu/o8ekKYEXm/oJW6EMCzCRdrwcLe90=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "8d8c1fa5b412c223ffa47410867813290cdedfef",
"rev": "13043924aaa7375ce482ebe2494338e058282925",
"type": "github"
},
"original": {
@@ -1243,11 +1243,11 @@
},
"nixpkgs_9": {
"locked": {
"lastModified": 1775036866,
"narHash": "sha256-ZojAnPuCdy657PbTq5V0Y+AHKhZAIwSIT2cb8UgAz/U=",
"lastModified": 1775710090,
"narHash": "sha256-ar3rofg+awPB8QXDaFJhJ2jJhu+KqN/PRCXeyuXR76E=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "6201e203d09599479a3b3450ed24fa81537ebc4e",
"rev": "4c1018dae018162ec878d42fec712642d214fdfa",
"type": "github"
},
"original": {
@@ -1292,11 +1292,11 @@
]
},
"locked": {
"lastModified": 1774915545,
"narHash": "sha256-COT4l/+ZddGBvrDVfPf7MEOJxV8EDKame6/aRnNIKcY=",
"lastModified": 1775856943,
"narHash": "sha256-b7Mp7P+q2Md5AGt4rjHfMcBykzMumFTen10ST++AuTU=",
"owner": "nix-community",
"repo": "plasma-manager",
"rev": "f3177b3c69fb3f03201098d7fe8ab6422cce7fc1",
"rev": "a524a6160e6df89f7673ba293cf7d78b559eb1a5",
"type": "github"
},
"original": {
@@ -1337,11 +1337,11 @@
]
},
"locked": {
"lastModified": 1775036584,
"narHash": "sha256-zW0lyy7ZNNT/x8JhzFHBsP2IPx7ATZIPai4FJj12BgU=",
"lastModified": 1775585728,
"narHash": "sha256-8Psjt+TWvE4thRKktJsXfR6PA/fWWsZ04DVaY6PUhr4=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "4e0eb042b67d863b1b34b3f64d52ceb9cd926735",
"rev": "580633fa3fe5fc0379905986543fd7495481913d",
"type": "github"
},
"original": {
@@ -1505,11 +1505,11 @@
"nixpkgs": "nixpkgs_10"
},
"locked": {
"lastModified": 1775365543,
"narHash": "sha256-f50qrK0WwZ9z5EdaMGWOTtALgSF7yb7XwuE7LjCuDmw=",
"lastModified": 1775971308,
"narHash": "sha256-VKp9bhVSm0bT6JWctFy06ocqxGGnWHi1NfoE90IgIcY=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "a4ee2de76efb759fe8d4868c33dec9937897916f",
"rev": "31ac5fe5d015f76b54058c69fcaebb66a55871a4",
"type": "github"
},
"original": {
@@ -1561,11 +1561,11 @@
"tinted-zed": "tinted-zed"
},
"locked": {
"lastModified": 1775429060,
"narHash": "sha256-wbFF5cRxQOCzL/wHOKYm21t5AHPH2Lfp0mVPCOAvEoc=",
"lastModified": 1775936757,
"narHash": "sha256-KJO/7qoxJ+hlsb3WlFSl6IGrExBIf1GvKdrhOlnGdKY=",
"owner": "nix-community",
"repo": "stylix",
"rev": "d27951a6539951d87f75cf0a7cda8a3a24016019",
"rev": "d3e447786b74d62c75f665e17cb3e681c66e90c7",
"type": "github"
},
"original": {
@@ -1712,11 +1712,11 @@
]
},
"locked": {
"lastModified": 1775125835,
"narHash": "sha256-2qYcPgzFhnQWchHo0SlqLHrXpux5i6ay6UHA+v2iH4U=",
"lastModified": 1775636079,
"narHash": "sha256-pc20NRoMdiar8oPQceQT47UUZMBTiMdUuWrYu2obUP0=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "75925962939880974e3ab417879daffcba36c4a3",
"rev": "790751ff7fd3801feeaf96d7dc416a8d581265ba",
"type": "github"
},
"original": {

2
flake.nix
View File

@@ -47,7 +47,7 @@
authentik-nix = {
url = "github:nix-community/authentik-nix";
inputs.nixpkgs.follows = "nixpkgs";
inputs.nixpkgs.follows = "nixpkgs-stable";
};
disko = {

2
homes/x86_64-linux/admin@jallen-nas/default.nix
View File

@@ -37,7 +37,7 @@ in
${namespace} = {
sops.enable = true;
programs.opencode = enabled;
# desktop.plasma = enabled;
desktop.plasma = enabled;
};
sops.secrets = {

2
homes/x86_64-linux/matt@allyx/default.nix
View File

@@ -54,7 +54,7 @@ in
ryujinx.enable = true; # Switch (ryubing fork)
yuzu.enable = true; # Switch (eden fork)
dolphin-emu.enable = true; # GameCube / Wii
cemu.enable = true; # Wii U
cemu.enable = false; # Wii U
melonDS.enable = true; # DS
citra.enable = true; # 3DS (azahar fork)
mgba.enable = true; # Game Boy / GBC

64
modules/home/desktop/plasma/default.nix
View File

@@ -25,24 +25,28 @@ in
programs.plasma = {
enable = true;
workspace = {
colorScheme = "BreezeDark";
cursor = {
theme = "breeze_cursors";
size = 24;
};
iconTheme = "breeze-dark";
theme = "breeze-dark";
lookAndFeel = "org.kde.breezedark.desktop";
# Explicitly set Breeze to prevent QT_STYLE_OVERRIDE=kvantum (set by
# Stylix's qt6ct target) from being picked up by KWin/plasmashell, which
# would cause a fatal "module kvantum is not installed" QML error and
# leave the desktop blank.
widgetStyle = "Breeze";
configFile.kded5rc = {
"Module-gtkconfig"."autoload" = false;
};
# input.mice and input.touchpads require device-specific vendorId/productId
# identifiers — configure those per-host in the home config instead.
# workspace = {
# colorScheme = "BreezeDark";
# cursor = {
# theme = "breeze_cursors";
# size = 24;
# };
# iconTheme = "breeze-dark";
# theme = "breeze-dark";
# lookAndFeel = "org.kde.breezedark.desktop";
# # Explicitly set Breeze to prevent QT_STYLE_OVERRIDE=kvantum (set by
# # Stylix's qt6ct target) from being picked up by KWin/plasmashell, which
# # would cause a fatal "module kvantum is not installed" QML error and
# # leave the desktop blank.
# widgetStyle = "Breeze";
# };
# # input.mice and input.touchpads require device-specific vendorId/productId
# # identifiers — configure those per-host in the home config instead.
kscreenlocker = {
autoLock = true;
@@ -67,20 +71,20 @@ in
};
};
panels = [
{
location = "bottom";
floating = true;
height = 44;
widgets = [
"org.kde.plasma.kickoff"
"org.kde.plasma.icontasks"
"org.kde.plasma.marginsseparator"
"org.kde.plasma.systemtray"
"org.kde.plasma.digitalclock"
];
}
];
# panels = [
# {
# location = "bottom";
# floating = true;
# height = 44;
# widgets = [
# "org.kde.plasma.kickoff"
# "org.kde.plasma.icontasks"
# "org.kde.plasma.marginsseparator"
# "org.kde.plasma.systemtray"
# "org.kde.plasma.digitalclock"
# ];
# }
# ];
shortcuts = {
kwin = {

21
modules/nixos/services/actual/default.nix
View File

@@ -15,6 +15,20 @@ let
description = "Actual Personal Finance Planner";
options = { };
moduleConfig = {
sops = {
secrets = {
"jallen-nas/actual/client-id" = {
sopsFile = lib.snowfall.fs.get-file "secrets/nas-secrets.yaml";
owner = "actual";
restartUnits = [ "actual.service" ];
};
"jallen-nas/actual/client-secret" = {
sopsFile = lib.snowfall.fs.get-file "secrets/nas-secrets.yaml";
owner = "actual";
restartUnits = [ "actual.service" ];
};
};
};
services.actual = {
inherit (cfg) openFirewall;
enable = true;
@@ -24,6 +38,13 @@ let
serverFiles = "${cfg.configDir}/${name}/server-files";
userFiles = "${cfg.configDir}/${name}/user-files";
dataDir = "${cfg.configDir}/${name}";
openId = {
discoveryURL = "https://authentik.mjallen.dev/application/o/actual/.well-known/openid-configuration";
client_id._secret = config.sops.secrets."jallen-nas/actual/client-id".path;
client_secret._secret = config.sops.secrets."jallen-nas/actual/client-secret".path;
server_hostname = "https://authentik.mjallen.dev";
authMethod = "openid";
};
};
};

5
modules/nixos/services/owncloud/default.nix
View File

@@ -60,6 +60,11 @@ in
};
config = mkIf cfg.enable {
systemd.services."podman-${cfg.name}".unitConfig.RequiresMountsFor = [
cfg.configPath
cfg.dataPath
];
virtualisation.oci-containers.containers."${cfg.name}" = {
inherit (cfg) autoStart image;
ports = [ "${cfg.httpPort}:9200" ];

125
overlays/homeassistant/default.nix
View File

@@ -1,125 +0,0 @@
{ ... }:
_final: prev: {
home-assistant = prev.home-assistant.override {
packageOverrides = _self: super: {
nice-go = super.nice-go.overridePythonAttrs (_old: {
doCheck = false;
});
cfn-lint = super.cfn-lint.overridePythonAttrs (_old: {
doCheck = false;
});
aiobotocore = super.aiobotocore.overridePythonAttrs (_old: {
doCheck = false;
});
connect-box = super.connect-box.overridePythonAttrs (_old: {
doCheck = false;
});
motionblindsble = super.motionblindsble.overridePythonAttrs (_old: {
doCheck = false;
});
pyinsteon = super.pyinsteon.overridePythonAttrs (_old: {
doCheck = false;
});
psnawp = super.psnawp.overridePythonAttrs (old: {
nativeBuildInputs = (old.nativeBuildInputs or [ ]) ++ [ super.pythonRelaxDepsHook ];
pythonRelaxDeps = [ "pycountry" ];
});
radios = super.radios.overridePythonAttrs (old: {
nativeBuildInputs = (old.nativeBuildInputs or [ ]) ++ [ super.pythonRelaxDepsHook ];
pythonRelaxDeps = [ "pycountry" ];
});
# Several packages are gated behind pythonAtLeast "3.13" or "3.14" guards
# in nixpkgs, but are required as transitive dependencies of HA components
# when using availableComponents. Override them all to allow Python 3.14
# until upstream catches up.
aiounittest = super.aiounittest.overridePythonAttrs (_old: {
disabled = false;
doCheck = false;
});
# aiokef tests rely on asyncio.get_event_loop() auto-creating a loop,
# which was removed in Python 3.10+.
aiokef = super.aiokef.overridePythonAttrs (_old: {
doCheck = false;
});
# pyads 3.5.1 adopted a src/ layout; the nixpkgs patchPhase references
# the old flat path, and setup.py always tries to compile adslib from
# source via make. Skip the compile step by making platform_is_unix()
# return False, pre-place the nixpkgs adslib.so in src/ so the wheel
# installs it, and disable the import check since pyads searches sys.path
# for adslib.so at import time (requires the real ADS hardware library).
pyads = super.pyads.overridePythonAttrs (old: {
patchPhase = ''
substituteInPlace setup.py \
--replace-fail "sys.platform.startswith(\"linux\") or sys.platform.startswith(\"darwin\")" \
"False"
'';
preBuild = ''
mkdir -p src
cp ${builtins.head old.buildInputs}/lib/adslib.so src/adslib.so
'';
doCheck = false;
pythonImportsCheck = [ ];
});
apischema = super.apischema.overridePythonAttrs (_old: {
disabled = false;
doCheck = false;
});
aws-sam-translator = super.aws-sam-translator.overridePythonAttrs (_old: {
# https://github.com/aws/serverless-application-model/issues/3831
disabled = false;
doCheck = false;
});
# future uses lib2to3 in past.translation, which was removed in Python 3.14.
# That module is only needed for Python 2→3 source translation at runtime,
# which HA components don't use. Drop past.translation from the import check.
future = super.future.overridePythonAttrs (_old: {
disabled = false;
pythonImportsCheck = [
"future.builtins"
"future.moves"
"future.standard_library"
"past.builtins"
];
});
raincloudy = super.raincloudy.overridePythonAttrs (_old: {
disabled = false;
doCheck = false;
});
reactivex = super.reactivex.overridePythonAttrs (_old: {
disabled = false;
doCheck = false;
});
# Several packages are marked broken due to version constraints on upstream
# deps that have been bumped in nixpkgs (pysnmp 7.x, xmltodict 1.x).
# They work fine at runtime for HA's usage.
# aio-georss-client is marked broken because xmltodict >= 1.0 changed how
# namespace-annotated XML elements are returned (dict instead of string),
# which breaks _process_coordinates. The GDACS integration is not used here
# and the package installs fine; skip tests to unblock the build.
aio-georss-client = super.aio-georss-client.overridePythonAttrs (_old: {
meta = (super.aio-georss-client.meta or { }) // {
broken = false;
};
doCheck = false;
});
atenpdu = super.atenpdu.overridePythonAttrs (_old: {
meta = (super.atenpdu.meta or { }) // {
broken = false;
};
nativeBuildInputs = (_old.nativeBuildInputs or [ ]) ++ [ super.pythonRelaxDepsHook ];
pythonRelaxDeps = [ "async-timeout" ];
});
bimmer-connected = super.bimmer-connected.overridePythonAttrs (old: {
meta = (old.meta or { }) // {
broken = false;
};
doCheck = false;
# pillow is an optional dep (China market only) but the runtime dep check
# flags it as missing; add it to propagatedBuildInputs to satisfy it.
propagatedBuildInputs = (old.propagatedBuildInputs or [ ]) ++ [ super.pillow ];
});
};
};
}

7
secrets/nas-secrets.yaml
View File

@@ -101,6 +101,9 @@ jallen-nas:
secret-key: ENC[AES256_GCM,data:dPHXEAKGrbbM36uH3W4yzm3GmJI=,iv:yHMAMJ8w+uoH/IvLSbxyQm6dEml0MWvwfRIIVHmc6LE=,tag:AyDLS20gUH4gupRGrtGReQ==,type:str]
kavita:
token: ENC[AES256_GCM,data:XurnehEZ/jCn+lxtTyty3WkDb17nQ7X3dIIys8O1l17gNzBMyqCLuzQaKLvqAV13PIaGBRTSnlNe7hDs5XYsI2nyL/l0ptPPXgKGEujEtTL8ei0rxTAYnA==,iv:Guinyj+EQNSUE+z+yu3HTF+leoxk7LWXBX/HGcLEki4=,tag:hfkgnjFAwUEVXtDT5HFJTg==,type:str]
actual:
client-id: ENC[AES256_GCM,data:bgImXku1RYZADFOPGKScHyC07iB6NRO+OfL477Fmxvp2/MGdahhjXQ==,iv:PsAomwKXxJjHEDrkIuzOAoyxhmKM9Yqmj3xVYx8iUns=,tag:nPd9+jPqcc06DqVb+bg79Q==,type:str]
client-secret: ENC[AES256_GCM,data:PN5RA3gd5NM8m8FbpeJR5SROU9BaE78jTDHBBrVTkXZQq+7HQ6Tq9X6YDv755qwES2WOZyWohAlPSGBJ7/z1NY2dzDhBJTekVXKDpWYpVZhk3AlaT/XjaFP6HNRyAHjBUjLvp1hgCC/QcipzSjfVYdRduRV5b5nMhbz+AITlo6w=,iv:MpgHI1bmd4fS1MILDtmTeFShi61M/dqQsalmTnxT4q8=,tag:+lTfIfRIy7MxFRQu06GtgQ==,type:str]
sops:
shamir_threshold: 1
age:
@@ -248,8 +251,8 @@ sops:
L0gwQm5takNjMkVGNzVlSStJYlUwWDAKP8QA3rRUHYbyyhPC/k0Eq2EIKfjyc7Co
7BkHH3msC6h9g42BB5iIYe6KQ+UGxMQBFvp+qSB27jaIfajN5MP0BA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-04-08T20:48:03Z"
mac: ENC[AES256_GCM,data:iwAX9cd47lppnht7Tvu5lHxuMLrZ9GMAQpcAyZC+GkFV6P+Kkda1lxphuMKkntEeSkEbjG1Ca29bkhKQ1M7HxPnmV2ORIYqHz15ZQXcGnKyW5cj2mSn9skPlTjMY8VzN8LHhHWWba54EzG6b6fsKuYhtnZZiQWnXS4bZQeRxPB4=,iv:QaNu/kEXCkuSQ+METVL5pag1JrYLZoPeUyl4dnlzTew=,tag:7G7a6vTORnb+PFT8VdB9cg==,type:str]
lastmodified: "2026-04-13T16:30:32Z"
mac: ENC[AES256_GCM,data:7IQ7jAVbIy2U8WZu7jMCHO13uz8Q+3w4hwEZP8QSOzN45EwjnZSKUoHtIbeS7FEkB/EwkfUdN9trezbEhcPRb7cF6hg2xNdEU8dnx8MmzOoRvirqCf2/c0AD1rVzkEYgYU6RZDIDGOck+WPHf95+2jR2h+P5zz47QCKnej+nlXA=,iv:FhqWxLvGbmMgywIvnXJC2xi6BP7LLhS3mwJIcsUhL84=,tag:NoCqjuZNESUXtX/V31frZg==,type:str]
pgp:
- created_at: "2026-02-06T15:34:30Z"
enc: |-

4
systems/x86_64-linux/nuc-nixos/default.nix
View File

@@ -75,6 +75,10 @@ in
subdomain = "otbr";
upstream = "http://127.0.0.1:${toString net.ports.nuc.otbr}";
};
actual = {
subdomain = "actual";
upstream = "http://10.0.0.4:${toString net.ports.nas.actual}";
};
# hass is currently proxied by the NAS Caddy (modules/nixos/services/caddy).
# To migrate it here, remove the @hass block from that module and add:
# hass = {