diff --git a/flake.lock b/flake.lock index 43e5c2f..741ed8f 100644 --- a/flake.lock +++ b/flake.lock @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1754091436, - "narHash": "sha256-XKqDMN1/Qj1DKivQvscI4vmHfDfvYR2pfuFOJiCeewM=", + "lastModified": 1749398372, + "narHash": "sha256-tYBdgS56eXYaWVW3fsnPQ/nFlgWi/Z2Ymhyu21zVM98=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "67df8c627c2c39c41dbec76a1f201929929ab0bd", + "rev": "9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569", "type": "github" }, "original": { @@ -228,11 +228,11 @@ ] }, "locked": { - "lastModified": 1753592768, - "narHash": "sha256-oV695RvbAE4+R9pcsT9shmp6zE/+IZe6evHWX63f2Qg=", + "lastModified": 1752544374, + "narHash": "sha256-ReX0NG6nIAEtQQjLqeu1vUU2jjZuMlpymNtb4VQYeus=", "owner": "nix-community", "repo": "home-manager", - "rev": "fc3add429f21450359369af74c2375cb34a2d204", + "rev": "2e00ed310c218127e02ffcf28ddd4e0f669fde3e", "type": "github" }, "original": { @@ -300,11 +300,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1754744872, - "narHash": "sha256-rcMHMs+dFWaDXev092gfxTfxHEWcUY/6SRV+cseNevQ=", + "lastModified": 1752659960, + "narHash": "sha256-AP/Gds8b1hhU50prgLjYSv5qpy9D8E6Xre/r/gb3K8M=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "346fc31bcc4d2dbcc3e8ce8dbb622e4255ff54b7", + "rev": "8e3f7bbada0cf637d23de4200c6e1a5a157de9cc", "type": "github" }, "original": { @@ -333,11 +333,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1754742008, - "narHash": "sha256-Tp0FG7VpLudVEC622d91z2hbdfPLCXxw0Nv43iNN4O0=", + "lastModified": 1752656275, + "narHash": "sha256-tTRMyGxqHF5IkYcnvHbwCgRBRUBhvRapxtuUfrN/8Ic=", "owner": "YaLTeR", "repo": "niri", - "rev": "67361f88fd01974ebee4cf80f0e29c87d805cc39", + "rev": "7b065f8618f63b7cf761ebe05a2cebd556113a6c", "type": "github" }, "original": { @@ -364,11 +364,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1754689972, - "narHash": "sha256-eogqv6FqZXHgqrbZzHnq43GalnRbLTkbBbFtEfm1RSc=", + "lastModified": 1752436162, + "narHash": "sha256-Kt1UIPi7kZqkSc5HVj6UY5YLHHEzPBkgpNUByuyxtlw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fc756aa6f5d3e2e5666efcf865d190701fef150a", + "rev": "dfcd5b901dbab46c9c6e80b265648481aafb01f8", "type": "github" }, "original": { @@ -380,11 +380,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1754689972, - "narHash": "sha256-eogqv6FqZXHgqrbZzHnq43GalnRbLTkbBbFtEfm1RSc=", + "lastModified": 1752436162, + "narHash": "sha256-Kt1UIPi7kZqkSc5HVj6UY5YLHHEzPBkgpNUByuyxtlw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fc756aa6f5d3e2e5666efcf865d190701fef150a", + "rev": "dfcd5b901dbab46c9c6e80b265648481aafb01f8", "type": "github" }, "original": { @@ -395,11 +395,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1754214453, - "narHash": "sha256-Q/I2xJn/j1wpkGhWkQnm20nShYnG7TI99foDBpXm1SY=", + "lastModified": 1751984180, + "narHash": "sha256-LwWRsENAZJKUdD3SpLluwDmdXY9F45ZEgCb0X+xgOL0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5b09dc45f24cf32316283e62aec81ffee3c3e376", + "rev": "9807714d6944a957c2e036f84b0ff8caf9930bc0", "type": "github" }, "original": { @@ -419,11 +419,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1754262585, - "narHash": "sha256-Yz5dJ0VzGRzSRHdHldsWQbuFYmtP3NWNreCvPfCi9CI=", + "lastModified": 1752010420, + "narHash": "sha256-fboKrq2WeEC2Y4LaZNiiH2dptUYHtSbYhzE0FTN/u+M=", "owner": "nix-community", "repo": "nixvim", - "rev": "ab1b5962e1ca90b42de47e1172e0d24ca80e6256", + "rev": "a11133507a930dfd235324cdf776bdb5e6ddd717", "type": "github" }, "original": { @@ -469,11 +469,11 @@ ] }, "locked": { - "lastModified": 1753771532, - "narHash": "sha256-Pmpke0JtLRzgdlwDC5a+aiLVZ11JPUO5Bcqkj0nHE/k=", + "lastModified": 1749730855, + "narHash": "sha256-L3x2nSlFkXkM6tQPLJP3oCBMIsRifhIDPMQQdHO5xWo=", "owner": "NuschtOS", "repo": "search", - "rev": "2a65adaf2c0c428efb0f4a2bc406aab466e96a06", + "rev": "8dfe5879dd009ff4742b668d9c699bc4b9761742", "type": "github" }, "original": { @@ -502,11 +502,11 @@ ] }, "locked": { - "lastModified": 1754328224, - "narHash": "sha256-glPK8DF329/dXtosV7YSzRlF4n35WDjaVwdOMEoEXHA=", + "lastModified": 1752544651, + "narHash": "sha256-GllP7cmQu7zLZTs9z0J2gIL42IZHa9CBEXwBY9szT0U=", "owner": "Mic92", "repo": "sops-nix", - "rev": "49021900e69812ba7ddb9e40f9170218a7eca9f4", + "rev": "2c8def626f54708a9c38a5861866660395bb3461", "type": "github" }, "original": { @@ -536,11 +536,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1754599117, - "narHash": "sha256-AzAYdZlat002vCjCKWdFpGi2xUaiOU4DtIPnv1nomD8=", + "lastModified": 1752599753, + "narHash": "sha256-8ppgjqbFc/697OXgMntMhk+kAQF4BHBog73oP6Xds8Y=", "owner": "danth", "repo": "stylix", - "rev": "312dec38b2231b21f36903d1bdce96daa11548ff", + "rev": "a35db84c7568c75f3ec665fdcd962cc9c52b6c0a", "type": "github" }, "original": { @@ -718,11 +718,11 @@ "xwayland-satellite-unstable": { "flake": false, "locked": { - "lastModified": 1754533920, - "narHash": "sha256-fCZ68Yud1sUCq6UNXj0SDyiBgVA8gJUE+14ZFGsFJG8=", + "lastModified": 1752338000, + "narHash": "sha256-Fxlp/yKtynug0jyuauAmvZU2SzHCfwlwWf85j+IvQ0U=", "owner": "Supreeeme", "repo": "xwayland-satellite", - "rev": "e0d1dad25a158551ab58547b2ece4b7d5a19929c", + "rev": "ba78881a68182ce338041846164cbfed0d70935c", "type": "github" }, "original": { @@ -736,11 +736,11 @@ "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1754540523, - "narHash": "sha256-Wgv2qVckt8q11/xErY7hYdLAPcoOnZ0BkMLqyXegCzQ=", + "lastModified": 1752293576, + "narHash": "sha256-84tAzrC/kioWRmG0jLt1HWRP/wHON7zjLtXCwWRNI/g=", "owner": "youwen5", "repo": "zen-browser-flake", - "rev": "451454de40a4433174153e823994fe2ecd3c869e", + "rev": "1a40cdcb093a0025631ef692caa53130f821dd77", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 1c1bbae..67b55a2 100644 --- a/flake.nix +++ b/flake.nix @@ -84,7 +84,6 @@ alpine = mkConf { nixos-modules = [ ./hardware/alpine.nix - ./nixos/services/fail2ban.nix ./nixos/services/anki.nix ./nixos/services/forgejo.nix ./nixos/services/vaultwarden.nix diff --git a/home/default.nix b/home/default.nix index 8edb0ac..46d886d 100644 --- a/home/default.nix +++ b/home/default.nix @@ -6,6 +6,7 @@ }: { imports = [ ./programs/neovim/. + ./programs/helix.nix ./programs/git.nix ./programs/lf/. ./programs/zsh.nix diff --git a/home/desktop/niri/default.nix b/home/desktop/niri/default.nix index d2e1d76..9fd5805 100644 --- a/home/desktop/niri/default.nix +++ b/home/desktop/niri/default.nix @@ -42,9 +42,6 @@ input.focus-follows-mouse = { enable = true; }; - input.touchpad = { - dwt = true; # disable when typing - }; prefer-no-csd = true; spawn-at-startup = [ {command = [(lib.getExe pkgs.xwayland-satellite)];} diff --git a/home/programs/graphical.nix b/home/programs/graphical.nix index 301b503..a9d9e5a 100644 --- a/home/programs/graphical.nix +++ b/home/programs/graphical.nix @@ -1,11 +1,7 @@ -{ - pkgs, - inputs, - user, - ... -}: { +{pkgs, inputs, user, ...}: { imports = [ ./mpv.nix + ./vscode.nix ]; home.packages = with pkgs; [ @@ -18,10 +14,15 @@ # tools inkscape + kdePackages.okular gimp3 libreoffice + dbeaver-bin + zed-editor + insomnia # entertainment + kdePackages.kasts shortwave youtube-music transmission_4-gtk @@ -72,4 +73,5 @@ enable = true; package = pkgs.brave; }; + } diff --git a/home/programs/work.nix b/home/programs/work.nix index 65a96ff..5830e43 100644 --- a/home/programs/work.nix +++ b/home/programs/work.nix @@ -5,9 +5,6 @@ }: let modifier = config.windowManager.modifierKey; in { - imports = [ - ./vscode.nix - ]; roles.email = { enable = true; email = "tristan.beedell@cryoserver.com"; diff --git a/nixos/services/authentik.nix b/nixos/services/authentik.nix index 3f95bab..9496e99 100644 --- a/nixos/services/authentik.nix +++ b/nixos/services/authentik.nix @@ -10,7 +10,7 @@ }; authentik-config = { autoStart = true; - image = "ghcr.io/goauthentik/server:2025.6.3"; + image = "ghcr.io/goauthentik/server:2025.6.0"; volumes = ["/home/tristan/pods/authentik/media:/media"]; environment = { AUTHENTIK_POSTGRESQL__USER = postgres.user; diff --git a/nixos/services/fail2ban.nix b/nixos/services/fail2ban.nix deleted file mode 100644 index 8b05b75..0000000 --- a/nixos/services/fail2ban.nix +++ /dev/null @@ -1,5 +0,0 @@ -{...}: { - services.fail2ban = { - enable = true; - }; -} diff --git a/nixos/services/grafana.nix b/nixos/services/grafana.nix index c6790ba..9bfb549 100644 --- a/nixos/services/grafana.nix +++ b/nixos/services/grafana.nix @@ -48,7 +48,7 @@ in { { name = "synapse"; url = "https://raw.githubusercontent.com/element-hq/synapse/refs/heads/master/contrib/grafana/synapse.json"; - sha256 = "sha256:16fl81sx1by0wldw4vda0zr1pvbq1dpih1fikzwlvmk63mpc80kb"; + sha256 = "sha256:07qlr0waw9phmyd38bv22bn5v303w3397b89l44l3lzwhpnhs16s"; } ]; }]; diff --git a/nixos/services/loki.nix b/nixos/services/loki.nix index 67afff0..d114318 100644 --- a/nixos/services/loki.nix +++ b/nixos/services/loki.nix @@ -21,77 +21,78 @@ in { storage_config."filesystem".directory = "/tmp/loki/chunks"; common = { ring = { + instance_addr = "127.0.0.1"; kvstore.store = "inmemory"; }; replication_factor = 1; path_prefix = "/tmp/loki"; }; - # https://grafana.com/docs/loki/latest/configure/#limits_config limits_config = { ingestion_rate_strategy = "local"; - ingestion_rate_mb = 128; - ingestion_burst_size_mb = 256; - max_streams_per_user = 0; - max_global_streams_per_user = 0; + ingestion_rate_mb = 24; + ingestion_burst_size_mb = 36; }; }; }; - services.prometheus.scrapeConfigs = [ - { - job_name = "loki"; - static_configs = [ + services.prometheus.scrapeConfigs = [{ + job_name = "loki"; + static_configs = [ + { + targets = ["localhost:3100"]; + } + ]; + }]; + services.promtail = { + enable = true; + # https://grafana.com/docs/loki/latest/send-data/promtail/configuration/ + configuration = { + server = { + http_listen_port = 9080; + grpc_listen_port = 0; + }; + clients = [ + {url = "http://localhost:3100/loki/api/v1/push";} + ]; + scrape_configs = [ { - targets = ["localhost:3100"]; + job_name = "system"; + journal = { + path = "/var/log/journal/"; + }; + relabel_configs = [ + { + source_labels = ["__journal_message"]; + target_label = "message"; + regex = "(.+)"; + } + { + source_labels = ["__journal__systemd_unit"]; + target_label = "systemd_unit"; + regex = "(.+)"; + } + { + source_labels = ["__journal__systemd_user_unit"]; + target_label = "systemd_user_unit"; + regex = "(.+)"; + } + { + source_labels = ["__journal__transport"]; + target_label = "transport"; + regex = "(.+)"; + } + { + source_labels = ["__journal__priority_keyword"]; + target_label = "severity"; + regex = "(.+)"; + } + ]; } ]; - } - ]; - services.alloy = { - enable = true; - extraFlags = [ - "--server.http.listen-addr=100.106.241.122:12345" - ]; + }; }; - environment.etc."alloy/config.alloy" = { - text = '' - discovery.relabel "system" { - targets = [] - - rule { - source_labels = ["__journal__systemd_unit", "__journal__systemd_user_unit"] - regex = "(.+)" - target_label = "systemd_unit" - } - - rule { - source_labels = ["__journal__priority_keyword"] - regex = "(.+)" - target_label = "severity" - } - } - - loki.source.journal "system" { - max_age = "1h0m0s" - path = "/var/log/journal/" - relabel_rules = discovery.relabel.system.rules - forward_to = [loki.write.default.receiver] - labels = {} - } - - loki.write "default" { - endpoint { - url = "http://localhost:3100/loki/api/v1/push" - } - max_streams = 64 - } - - ''; - }; - services.grafana.provision.datasources.settings.datasources = [ - { - name = "Loki"; - type = "loki"; - url = "http://localhost:${toString loki.configuration.server.http_listen_port}"; - } - ]; + services.grafana.provision.datasources.settings.datasources = [{ + name = "Loki"; + type = "loki"; + url = "http://localhost:${toString loki.configuration.server.http_listen_port}"; + }]; } diff --git a/nixos/services/nfs.nix b/nixos/services/nfs.nix deleted file mode 100644 index aa645de..0000000 --- a/nixos/services/nfs.nix +++ /dev/null @@ -1,13 +0,0 @@ -{config, ...}: { - services.nfs = { - settings = { - mountd.manage-gids = true; - }; - server = { - enable = true; - exports = '' - /mnt/storage/media 100.106.241.122/8(rw,fsid=root) - ''; - }; - }; -} diff --git a/nixos/services/samba.nix b/nixos/services/samba.nix deleted file mode 100644 index e1e0fb8..0000000 --- a/nixos/services/samba.nix +++ /dev/null @@ -1,52 +0,0 @@ -{...}: { - users.users.guest = { - extraGroups = ["media"]; - isNormalUser = true; - }; - services.samba = { - enable = true; - openFirewall = true; - settings = { - global = { - "workgroup" = "WORKGROUP"; - "server string" = "Tristan's Media Server"; - "netbios name" = "alpine"; - "security" = "user"; - #"use sendfile" = "yes"; - #"max protocol" = "smb2"; - # note: localhost is the ipv6 localhostĀ ::1 - "hosts allow" = "192.168.1. 127.0.0.1 localhost"; - "hosts deny" = "0.0.0.0/0"; - "guest account" = "guest"; - "map to guest" = "bad user"; - }; - "Music" = { - "path" = "/mnt/storage/media/Public/"; - "browseable" = "yes"; - "read only" = "no"; - "guest ok" = "yes"; - "guest only" = "yes"; - "create mask" = "0644"; - "directory mask" = "0755"; - }; - }; - }; - - services.samba-wsdd = { - enable = true; - openFirewall = true; - }; - - services.avahi = { - publish.enable = true; - publish.userServices = true; - # ^^ Needed to allow samba to automatically register mDNS records (without the need for an `extraServiceFile` - nssmdns4 = true; - # ^^ Not one hundred percent sure if this is needed- if it aint broke, don't fix it - enable = true; - openFirewall = true; - }; - - networking.firewall.enable = true; - networking.firewall.allowPing = true; -} diff --git a/nixos/services/synapse/default.nix b/nixos/services/synapse/default.nix index 229063e..c09c4ed 100644 --- a/nixos/services/synapse/default.nix +++ b/nixos/services/synapse/default.nix @@ -63,7 +63,6 @@ in { services.matrix-synapse = { enable = true; extraConfigFiles = [templates."synapse/secrets.yaml".path]; - # https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html settings = { signing_key_path = secrets."synapse/signing_key".path; server_name = domain; diff --git a/pkgs/mpv-skipsilence.nix b/pkgs/mpv-skipsilence.nix index 1391603..33d6b1f 100644 --- a/pkgs/mpv-skipsilence.nix +++ b/pkgs/mpv-skipsilence.nix @@ -10,7 +10,7 @@ buildLua { src = fetchgit { url = "https://codeberg.org/ferreum/mpv-skipsilence.git"; - hash = "sha256-+sOMWFFumJUk5gFE1iCTvWub3PWzYOkulXJLCGS4fYA="; + hash = "sha256-fg8vfeb68nr0bTBIvr0FnRnoB48/kV957pn22tWcz1g="; }; passthru.updateScript = gitUpdater {};