From 124ee0001b66a25dd0c8d48dd1e7d6b25a5ef917 Mon Sep 17 00:00:00 2001 From: muon Date: Fri, 1 Aug 2025 08:34:39 +0000 Subject: [PATCH 1/8] Update murk hardware --- hosts/murk/hardware-configuration.nix | 59 +++------------------------ 1 file changed, 5 insertions(+), 54 deletions(-) diff --git a/hosts/murk/hardware-configuration.nix b/hosts/murk/hardware-configuration.nix index 2598b86..e465f37 100644 --- a/hosts/murk/hardware-configuration.nix +++ b/hosts/murk/hardware-configuration.nix @@ -4,64 +4,15 @@ { config, lib, pkgs, modulesPath, ... }: { - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot.initrd.availableKernelModules = - [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; - fileSystems."/" = { - device = "/dev/mapper/crypted"; - fsType = "btrfs"; - options = [ "subvol=root" ]; - }; - - boot.initrd.luks.devices."crypted".device = - "/dev/disk/by-uuid/1ca0c5f6-3cb3-4f86-94a5-4376461da227"; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/4BD8-A887"; - fsType = "vfat"; - options = [ "fmask=0077" "dmask=0077" ]; - }; - - fileSystems."/home" = { - device = "/dev/mapper/crypted"; - fsType = "btrfs"; - options = [ "subvol=home" "compress=zstd" "noatime" ]; - }; - - fileSystems."/nix" = { - device = "/dev/mapper/crypted"; - fsType = "btrfs"; - options = [ "subvol=nix" "compress=zstd" "noatime" ]; - }; - - fileSystems."/persist" = { - device = "/dev/mapper/crypted"; - fsType = "btrfs"; - options = [ "subvol=persist" "compress=zstd" "noatime" ]; - neededForBoot = true; - }; - - fileSystems."/swap" = { - device = "/dev/mapper/crypted"; - fsType = "btrfs"; - options = [ "subvol=swap" ]; - }; - - fileSystems."/var/log" = { - device = "/dev/mapper/crypted"; - fsType = "btrfs"; - options = [ "subvol=log" "compress=zstd" "noatime" ]; - neededForBoot = true; - }; - - swapDevices = [ ]; - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = - lib.mkDefault config.hardware.enableRedistributableFirmware; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; } From d3097eb3a264928348186c597481bdb9573988d4 Mon Sep 17 00:00:00 2001 From: muon Date: Fri, 1 Aug 2025 09:00:26 +0000 Subject: [PATCH 2/8] Remove redundant persist --- README.md | 4 ---- modules/nixos/impermanence.nix | 2 +- 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/README.md b/README.md index 87e7768..431e53b 100644 --- a/README.md +++ b/README.md @@ -11,9 +11,6 @@ cp /mnt/etc/nixos/hardware-configuration.nix hosts/$(hostname)/hardware-configur rbw config set email admin@muon.host rbw config set base_url https://vault.muon.host rbw login -sudo mkdir -p /mnt/etc/ssh -nix-shell -p jq --run "rbw get --raw sopsssh | jq -r '.data.password' | sudo tee /mnt/etc/ssh/ssh_host_ed25519_key.pub" -nix-shell -p jq --run "rbw get --raw sopsssh | jq -r '.notes' | sudo tee /mnt/etc/ssh/ssh_host_ed25519_key" sudo mkdir -p /mnt{,/persist}/var/lib/sops-nix sudo chown muon:users /mnt/var/lib/sops-nix -R sudo chown muon:users /mnt/persist/var/lib/sops-nix -R @@ -21,7 +18,6 @@ rbw get sops > /mnt/var/lib/sops-nix/key.txt sudo cp {/mnt,/mnt/persist}/var/lib/sops-nix/key.txt sudo nixos-install --root /mnt --no-root-passwd --flake .#$(hostname) sudo cp -r /mnt/var/lib/nixos/* /mnt/persist/var/lib/nixos/ -sudo cp -r /mnt/etc/ssh/ssh_host* /mnt/persist/etc/ssh/ sudo cp {/mnt,/mnt/persist}/etc/machine-id ``` diff --git a/modules/nixos/impermanence.nix b/modules/nixos/impermanence.nix index 069db06..8ce89a0 100644 --- a/modules/nixos/impermanence.nix +++ b/modules/nixos/impermanence.nix @@ -4,7 +4,7 @@ with lib; { config = mkIf config.mods.impermanence.enable { environment.persistence."/persist" = { - directories = [ "/var/lib/nixos" "/var/lib/systemd/coredump" "/etc/ssh" ]; + directories = [ "/var/lib/nixos" "/var/lib/systemd/coredump" ]; files = [ "/var/lib/sops-nix/key.txt" "/etc/machine-id" ]; }; From 34bd5d9293e72ca8f472ae1c39c041808a03f788 Mon Sep 17 00:00:00 2001 From: muon Date: Fri, 1 Aug 2025 09:05:43 +0000 Subject: [PATCH 3/8] Fix mkdir --- modules/home/impermanence.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/impermanence.nix b/modules/home/impermanence.nix index b2dee21..8dd5e97 100644 --- a/modules/home/impermanence.nix +++ b/modules/home/impermanence.nix @@ -8,7 +8,7 @@ let # fs-diff.sh set -euo pipefail - sudo mkdir /btrfs_tmp + sudo mkdir -p /btrfs_tmp sudo mount -o subvol=/ /dev/mapper/crypted /btrfs_tmp OLD_TRANSID=$(sudo btrfs subvolume find-new /btrfs_tmp/root-blank 9999999) From 20d2ccd62285f98e30451566cbfe255b918a864d Mon Sep 17 00:00:00 2001 From: muon Date: Fri, 1 Aug 2025 09:49:07 +0000 Subject: [PATCH 4/8] Update nix --- README.md | 1 - flake.lock | 18 +++++++++--------- 2 files changed, 9 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 431e53b..10eb0b5 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,6 @@ rbw config set email admin@muon.host rbw config set base_url https://vault.muon.host rbw login sudo mkdir -p /mnt{,/persist}/var/lib/sops-nix -sudo chown muon:users /mnt/var/lib/sops-nix -R sudo chown muon:users /mnt/persist/var/lib/sops-nix -R rbw get sops > /mnt/var/lib/sops-nix/key.txt sudo cp {/mnt,/mnt/persist}/var/lib/sops-nix/key.txt diff --git a/flake.lock b/flake.lock index fab5027..7169b86 100644 --- a/flake.lock +++ b/flake.lock @@ -193,11 +193,11 @@ ] }, "locked": { - "lastModified": 1753595562, - "narHash": "sha256-Ci88mAdtiP5RQkYmVhRUq69iYPMM7/lS9/mw+FnC7DE=", + "lastModified": 1753983724, + "narHash": "sha256-2vlAOJv4lBrE+P1uOGhZ1symyjXTRdn/mz0tZ6faQcg=", "owner": "nix-community", "repo": "home-manager", - "rev": "710771af3d1c8c3f86a9e5d562616973ed5f3f21", + "rev": "7035020a507ed616e2b20c61491ae3eaa8e5462c", "type": "github" }, "original": { @@ -316,11 +316,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1753429684, - "narHash": "sha256-9h7+4/53cSfQ/uA3pSvCaBepmZaz/dLlLVJnbQ+SJjk=", + "lastModified": 1753694789, + "narHash": "sha256-cKgvtz6fKuK1Xr5LQW/zOUiAC0oSQoA9nOISB0pJZqM=", "owner": "nixos", "repo": "nixpkgs", - "rev": "7fd36ee82c0275fb545775cc5e4d30542899511d", + "rev": "dc9637876d0dcc8c9e5e22986b857632effeb727", "type": "github" }, "original": { @@ -443,11 +443,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1753553562, - "narHash": "sha256-CpTwdsrPU3UFy95Btg56RcVMgNpnw3C0DYTznE5aRq4=", + "lastModified": 1753978157, + "narHash": "sha256-sVy8hb71VawSOIsLv/hMGzpvbbWszdP9aSKI5Drbt6Q=", "owner": "danth", "repo": "stylix", - "rev": "af85565aba0f4749cb18b118a7333a0745920950", + "rev": "ded4f29a023e0f14506ec16b0e32d129e56341cc", "type": "github" }, "original": { From ac9947806a20944acb7c114c4eb047712027f277 Mon Sep 17 00:00:00 2001 From: muon Date: Fri, 1 Aug 2025 10:02:25 +0000 Subject: [PATCH 5/8] Add atuin --- hosts/ports.nix | 1 + modules/nixos/server/atuin.nix | 24 ++++++++++++++++++++++++ modules/nixos/server/default.nix | 1 + 3 files changed, 26 insertions(+) create mode 100644 modules/nixos/server/atuin.nix diff --git a/hosts/ports.nix b/hosts/ports.nix index 537e89b..9aa8b9e 100644 --- a/hosts/ports.nix +++ b/hosts/ports.nix @@ -18,6 +18,7 @@ # dash = 3009; ntfy = 3010; audio = 3011; + atuin = 3012; search = 8081; videos = 8082; diff --git a/modules/nixos/server/atuin.nix b/modules/nixos/server/atuin.nix new file mode 100644 index 0000000..2f2d2c0 --- /dev/null +++ b/modules/nixos/server/atuin.nix @@ -0,0 +1,24 @@ +{ pkgs, lib, config, ... }: +let + cfg = config.mods.server.atuin; + port = config.mods.server.nginx.ports.atuin; +in with lib; { + options.mods.server = { + atuin = { + enable = mkEnableOption { + default = false; + description = "enables atuin server"; + }; + }; + }; + + config = mkIf cfg.enable { + services.atuin = { + inherit port; + enable = true; + host = "0.0.0.0"; + openRegistration = true; + }; + }; +} + diff --git a/modules/nixos/server/default.nix b/modules/nixos/server/default.nix index a142aa4..26912c8 100644 --- a/modules/nixos/server/default.nix +++ b/modules/nixos/server/default.nix @@ -24,5 +24,6 @@ ./ntfy.nix ./lemmy.nix ./audio.nix + ./atuin.nix ]; } From ee1f5b74084d9e12568dd0c24d92403731d3d3a0 Mon Sep 17 00:00:00 2001 From: muon Date: Fri, 1 Aug 2025 10:03:48 +0000 Subject: [PATCH 6/8] Enable atuin --- hosts/muho/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/muho/configuration.nix b/hosts/muho/configuration.nix index 9c604d2..e4717a5 100644 --- a/hosts/muho/configuration.nix +++ b/hosts/muho/configuration.nix @@ -44,6 +44,7 @@ in { mods.server.ntfy.enable = true; mods.server.lemmy.enable = true; mods.server.audio.enable = true; + mods.server.atuin.enable = true; mods.server.dash.enable = false; mods.server.nginx.ports.dash = 3009; From 8c3ce29b0d2c867f622536814be90c592bf1db4e Mon Sep 17 00:00:00 2001 From: muon Date: Fri, 1 Aug 2025 11:33:55 +0000 Subject: [PATCH 7/8] Add atuin home --- modules/home/sops/default.nix | 1 + modules/home/sops/secrets.yaml | 12 ++++-------- modules/home/terminal/tools.nix | 18 +++++++++++++++++- 3 files changed, 22 insertions(+), 9 deletions(-) diff --git a/modules/home/sops/default.nix b/modules/home/sops/default.nix index 87bd88b..567cf8e 100644 --- a/modules/home/sops/default.nix +++ b/modules/home/sops/default.nix @@ -6,5 +6,6 @@ in with lib; { age.keyFile = "/persist/var/lib/sops-nix/key.txt"; defaultSopsFile = ./secrets.yaml; secrets.zipline-auth = { }; + secrets.atuin-auth = { }; }; } diff --git a/modules/home/sops/secrets.yaml b/modules/home/sops/secrets.yaml index cc797d4..f6c3d8d 100644 --- a/modules/home/sops/secrets.yaml +++ b/modules/home/sops/secrets.yaml @@ -1,9 +1,6 @@ zipline-auth: ENC[AES256_GCM,data:RkJI6GuH7RzdcSlKn32gMGojjB6rkdDcnNUvsi/BTfJk2slzoktAaJPzQA==,iv:LIiB3tyqXf/D64aIDSo0AyG3imvI6ZE893KBPlYFr28=,tag:wl8spMBwzfvuKA+Y6JnVyQ==,type:str] +atuin-auth: ENC[AES256_GCM,data:LDkiXWIwxor8Ro383gonJCyqu+nyxS7DrI2J8uo4Cqu2X61rBUlnpNR6YirUZS/lYAnWYJhZM7sR0G7ZNh9EgQ==,iv:UEs2KW8ImMnaQrSLrIGbVXEq86QiVPAPNIXBZpa3jFI=,tag:N0rhnPbasFzkoI3CJ9CV+Q==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - recipient: age1m97a3eptxwpdd7h5kkqe9gkmhg6rquc64qjmlsfqfhfqv8q72crqrylhgc enc: | @@ -32,8 +29,7 @@ sops: cThxTVpmcEMrcG9Lczd3dkdyQ0paSHMKUfkx9jh7zIqBkUjxaH3dVKvNJG3Mipts OjmJ5aVVIR5U8MhgSgECb22mGlOgW8SU/x4gxcWgafZwbv2vbON6OA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-01-19T20:01:35Z" - mac: ENC[AES256_GCM,data:jG/1PmWEk8EMvor/QCEhxDzkRufVWCLdDnsfomVy9hbiOl9ndzCFjvMR2OXkxGsTHl8bGaYJ+DqAjtLvgZZW5l+F6HQmQcene1vNFH3DsrtiQ7TC3Lmov6PBND1XCkj3urwaT3zKoydHIuIdIWyo2/RSxyz8G8mQrn8QrKv5SJw=,iv:PIle2A4sd2hVarMIgYu9/obShMe8NnDbfe9FUL/p8HI=,tag:I/2Bt2L+a8ybJUc6Pv3yZw==,type:str] - pgp: [] + lastmodified: "2025-08-01T11:06:26Z" + mac: ENC[AES256_GCM,data:bcCDmG+460Y+hUYHg6yVl2E6Oyw2MQcHVLp7sfhJDwWAHCwEPeYKlQLp8yumOTyQQxw6uSgj+vso7JmiAsnJvk/v9BIx6SNmfKK+rz9cwIJY1d8Da99Yn7WUVAjXQyWqxNckrELS+CKSsGXl7nr/PKYM1w87Fpbq9F7x4bp/V28=,iv:/XrjK+qaJCPrqoSEZ+hJQa7jvjWgzJQJXRXn+7Y1m8I=,tag:BruzsbUBC61Hzsx/3k8Vcg==,type:str] unencrypted_suffix: _unencrypted - version: 3.9.2 + version: 3.10.2 diff --git a/modules/home/terminal/tools.nix b/modules/home/terminal/tools.nix index 9760b1e..4e356d6 100644 --- a/modules/home/terminal/tools.nix +++ b/modules/home/terminal/tools.nix @@ -29,7 +29,23 @@ in with lib; { "htop" "vifm" "rbw" - ]); + ]) // { + atuin = { + enable = true; + enableZshIntegration = true; + flags = [ "--disable-up-arrow" ]; + settings = { + sync_frequency = "5m"; + sync_address = "https://atuin.muon.host"; + key_path = config.sops.secrets.atuin-auth.path; + keymap_mode = "vim-insert"; + keymap_cursor = { + vim_insert = "blink-bar"; + vim_normal = "steady-block"; + }; + }; + }; + }; home.packages = with pkgs; [ # libraries From 33473bba66822490007007374de3f59021aa8f1e Mon Sep 17 00:00:00 2001 From: muon Date: Fri, 1 Aug 2025 12:02:44 +0000 Subject: [PATCH 8/8] Add nvr to nginx --- hosts/mups/configuration.nix | 5 +++++ modules/nixos/server/nvr.nix | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/hosts/mups/configuration.nix b/hosts/mups/configuration.nix index 8596441..24fe51b 100644 --- a/hosts/mups/configuration.nix +++ b/hosts/mups/configuration.nix @@ -55,6 +55,11 @@ in { default = true; locations."/" = { proxyPass = "http://localhost:8008"; }; }; + "nvr.muon.host" = { + enableACME = true; + forceSSL = true; + locations."/" = { proxyPass = "http://10.0.0.2:8095"; }; + }; "tetterodesportcomplex.nl" = { enableACME = true; forceSSL = true; diff --git a/modules/nixos/server/nvr.nix b/modules/nixos/server/nvr.nix index 130ccb8..dfb2678 100644 --- a/modules/nixos/server/nvr.nix +++ b/modules/nixos/server/nvr.nix @@ -13,9 +13,9 @@ in with lib; { }; config = mkIf cfg.enable { - networking.firewall.allowedTCPPorts = [ 8095 ]; services.zoneminder = { enable = true; + openFirewall = true; database = { createLocally = true; username = "zoneminder";