diff --git a/.sops.yaml b/.sops.yaml index 3cfb014..810c6cb 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -103,3 +103,8 @@ creation_rules: - age: - *chunk - *cy + - path_regex: secrets/services/tailscale.yaml + key_groups: + - age: + - *chunk + - *cy diff --git a/flake.lock b/flake.lock index 0c81455..e3203fe 100644 --- a/flake.lock +++ b/flake.lock @@ -157,11 +157,11 @@ }, "crane_2": { "locked": { - "lastModified": 1737563566, - "narHash": "sha256-GLJvkOG29XCynQm8XWPyykMRqIhxKcBARVu7Ydrz02M=", + "lastModified": 1737689766, + "narHash": "sha256-ivVXYaYlShxYoKfSo5+y5930qMKKJ8CLcAoIBPQfJ6s=", "owner": "ipetkov", "repo": "crane", - "rev": "849376434956794ebc7a6b487d31aace395392ba", + "rev": "6fe74265bbb6d016d663b1091f015e2976c4a527", "type": "github" }, "original": { @@ -562,11 +562,11 @@ ] }, "locked": { - "lastModified": 1737669579, - "narHash": "sha256-v9WQ3c4ctwPMfdBZMZxpdM9xXev4uChce4BxOpvsu0E=", + "lastModified": 1737704314, + "narHash": "sha256-zta8jvOQ2wRCZmiwFEnS5iCulWAh8e+fLUlQxrgOBjM=", "owner": "nix-community", "repo": "home-manager", - "rev": "7b9ece1bf3c8780cde9b975b28c2d9ccd7e9cdb9", + "rev": "a0428685572b134f6594e7d7f5db5e1febbab2d7", "type": "github" }, "original": { @@ -683,11 +683,11 @@ "pre-commit-hooks": "pre-commit-hooks" }, "locked": { - "lastModified": 1737655283, - "narHash": "sha256-yAFGeCZXUL3GqDMeFcUEOC4m459Ld7j54Rxo8cmyuSQ=", + "lastModified": 1737726524, + "narHash": "sha256-Tw4kY4m5iNkRWCzmZO8ZO0i5iufD2K11leRy3uPR+g0=", "ref": "refs/heads/main", - "rev": "963b687443b44df6c5cbdf3426454d92830d9100", - "revCount": 16671, + "rev": "ca68979174da416f0c3d11beaa19d3965a4654a0", + "revCount": 16681, "type": "git", "url": "https://git.lix.systems/lix-project/lix" }, @@ -737,11 +737,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1737627930, - "narHash": "sha256-oaAatwNVaX36xmI2AKIVu2oG07XJmHq2T+Y66hEprd8=", + "lastModified": 1737723936, + "narHash": "sha256-7badcmkmjaOeEshFdGnoEofrZO667t/k5jDa0/NINpI=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "f79aa307f4bc0bfbabee404e6354fd2a1edfcb01", + "rev": "84a8590f8196d3fccb1618a153dbd6bac325e3c4", "type": "github" }, "original": { @@ -770,11 +770,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1737623252, - "narHash": "sha256-orq/c8lOUrZfCHQhfuLEJtMZpfBYhMtGv1Xuz99Pxj0=", + "lastModified": 1737697331, + "narHash": "sha256-9k77pFW2ANx8bZc+RcF6YP9McFZsUCWWY+XwBX0P3/Q=", "owner": "YaLTeR", "repo": "niri", - "rev": "128b01e04905d833214f52a3c6fab308bcc15ce0", + "rev": "748d90b443b9f20134020c21760b5b6c2c42a7de", "type": "github" }, "original": { @@ -1045,11 +1045,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1737642748, - "narHash": "sha256-VsCzuoavNERLs46aw38nmORT4F5pLOZDDe2bzFo+jsE=", + "lastModified": 1737706285, + "narHash": "sha256-k/f1rAyCjGkNu4BnlnUGEvQPSnYVG7UHoOeaQQcjQps=", "owner": "nixos", "repo": "nixpkgs", - "rev": "864f89f98b0b4e1bbcb762b025fd83da8bc1bae0", + "rev": "dcb7446a099fe1c95b3694fdb7a4dda8f19d6ba8", "type": "github" }, "original": { @@ -1082,11 +1082,11 @@ ] }, "locked": { - "lastModified": 1737667561, - "narHash": "sha256-BKUapQPTji3V2uxymGq62/UWF1XMjfHvKd565jj1HlA=", + "lastModified": 1737735875, + "narHash": "sha256-uZpZbT5kH7whiMpaMQjSPxRbRTmH5LaoBat6eQBHHaY=", "owner": "nix-community", "repo": "nixvim", - "rev": "aab2b81792567237c104b90c3936e073d28a9ac6", + "rev": "bd3184f4957d5484bb5ebef4b9bc6f9cc53cfad5", "type": "github" }, "original": { @@ -1240,11 +1240,11 @@ ] }, "locked": { - "lastModified": 1737599167, - "narHash": "sha256-S2rHCrQWCDVp63XxL/AQbGr1g5M8Zx14C7Jooa4oM8o=", + "lastModified": 1737685583, + "narHash": "sha256-p+NVABRpGi+pT+xxf9HcLcFVxG6L+vEEy+NwzB9T0f8=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "38374302ae9edf819eac666d1f276d62c712dd06", + "rev": "eb64cbcc8eee0fa87ebded92805280d2ec97415a", "type": "github" }, "original": { diff --git a/home/yt/common.nix b/home/yt/common.nix index 77c98fe..4d7acca 100644 --- a/home/yt/common.nix +++ b/home/yt/common.nix @@ -44,7 +44,11 @@ rebase = true; autostash = true; }; - merge.tool = "vimdiff"; + merge = { + tool = "vimdiff"; + keepBackup = false; + prompt = false; + }; rebase = { stat = true; autoStash = true; @@ -52,10 +56,7 @@ updateRefs = true; }; help.autocorrect = 1; - mergetool = { - prompt = false; - path = "nvim-open"; - }; + "mergetool \"vimdiff\"".cmd = "nvim -d $LOCAL $REMOTE $MERGED -c '$wincmd w' -c 'wincmd J'"; }; }; programs.ripgrep.enable = true; diff --git a/home/zsh/default.nix b/home/zsh/default.nix index 994fa1f..363efd6 100644 --- a/home/zsh/default.nix +++ b/home/zsh/default.nix @@ -94,8 +94,8 @@ "ga" = "git add"; "gaa" = "git add --all"; "gb" = "git branch"; - "gc" = "git commit --verbose"; - "gcmsg" = "git commit --message"; + "gc" = "git commit --verbose -s"; + "gcmsg" = "git commit -s --message"; "gd" = "git diff"; "gdca" = "git diff --cached"; "gds" = "git diff --staged"; diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index 7c2b8c6..0343084 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -26,6 +26,7 @@ ./attic.nix ./forgejo.nix ./garage.nix + ./tailscale.nix ]; sops.age.keyFile = "/root/.config/sops/age/keys.txt"; @@ -66,10 +67,12 @@ "attic/env" = { sopsFile = ../../secrets/services/attic.yaml; }; - "garage/env" = { sopsFile = ../../secrets/services/garage.yaml; }; + "tailscale/auth" = { + sopsFile = ../../secrets/services/tailscale.yaml; + }; }; boot.loader.grub.enable = true; diff --git a/hosts/chunk/tailscale.nix b/hosts/chunk/tailscale.nix new file mode 100644 index 0000000..b33da9c --- /dev/null +++ b/hosts/chunk/tailscale.nix @@ -0,0 +1,9 @@ +{ config, ... }: { + services.tailscale = { + enable = true; + authKeyFile = config.sops.secrets."tailscale/auth".path; + extraUpFlags = [ "--advertise-exit-node" ]; + useRoutingFeatures = "server"; + openFirewall = true; + }; +} diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index c2a670a..54f13da 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -9,6 +9,7 @@ ./hardware-configuration.nix ../common.nix ../zsh.nix + ./tailscale.nix ]; sops.age.keyFile = "/root/.config/sops/age/keys.txt"; @@ -32,6 +33,9 @@ sopsFile = ../../secrets/newsboat.yaml; owner = "yt"; }; + "tailscale/auth" = { + sopsFile = ../../secrets/services/tailscale.yaml; + }; }; boot = { @@ -58,6 +62,7 @@ pkiBundle = "/var/lib/sbctl"; }; kernel.sysctl."kernel.sysrq" = 1; + binfmt.emulatedSystems = [ "aarch64-linux" ]; }; networking = { @@ -128,6 +133,7 @@ "wheel" "libvirtd" "docker" + "disk" ]; environment.systemPackages = with pkgs; [ @@ -314,4 +320,8 @@ programs.niri.enable = true; programs.niri.package = pkgs.niri-unstable; programs.xwayland.enable = true; + + services.udev.extraHwdb = '' + SUBSYSTEM=="usb", SYSFS{idVendor}=="090c", SYSFS{idProduct}=="1000", ACTION=="add", GROUP="users", MODE="0664" + ''; } diff --git a/hosts/ytnix/tailscale.nix b/hosts/ytnix/tailscale.nix new file mode 100644 index 0000000..71d47c8 --- /dev/null +++ b/hosts/ytnix/tailscale.nix @@ -0,0 +1,11 @@ +{ config, ... }: { + services.tailscale = { + enable = true; + authKeyFile = config.sops.secrets."tailscale/auth".path; + openFirewall = true; + useRoutingFeatures = "client"; + extraUpFlags = [ + "--exit-node=100.122.132.30" + ]; + }; +} diff --git a/justfile b/justfile new file mode 100644 index 0000000..e15ec8b --- /dev/null +++ b/justfile @@ -0,0 +1,14 @@ +update: + git switch -c update + git push + git switch main + +upgrade: + git switch update + sudo nixos-rebuild switch -L --flake . --use-substitutes + nixos-rebuild switch -L --flake .#chunk --target-host root@2a0f:85c1:840:2bfb::1 --use-substitutes + nixos-rebuild switch -L --flake .#titan --target-host root@www.cything.io --use-substitutes + home-manager -L switch --flake . + git switch main + git merge update + git branch -d update diff --git a/secrets/services/tailscale.yaml b/secrets/services/tailscale.yaml new file mode 100644 index 0000000..27997b8 --- /dev/null +++ b/secrets/services/tailscale.yaml @@ -0,0 +1,31 @@ +tailscale: + auth: ENC[AES256_GCM,data:7gGiUBRUK25Tp5y/5DDZKOTxKPFFfN1UUeBOdMLLQqobq643MKdJ9imxkKmKFg/FwgLYft/uzdxQGGlE7Q==,iv:HRmd+T1QuTYP8VrX/bZt8dWSwm5rcUvpEMqCMPfxjE4=,tag:PRZn2Pm6yydfEULrYGM6yg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2Z1JZZmZMaDQ3UHYvbXYr + c05RaEMxUGJXSGczUDBkL1UxT0hjQ0VNNkJNClFUNmJ5d3gyaHFwMTdNVW9GQ2ly + V3haMkx5Z1B5dmJ0SE4wY0UzMWswQ0EKLS0tIGNpZVo3UmtHcjFZVE5FMmdpOGMx + UFZGb3I1L3FJYVE2VjJ5aTVoZlo4bFUKwH2sPBwuLQXrHmiKYSu4Eut/H2j/2tUW + 1y8Eph7l6w3kfhZRRbo6cZ8gcbZNHPSPeAvWf/TpYumiTt1WBt8SMw== + -----END AGE ENCRYPTED FILE----- + - recipient: age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSVXBMTEMrY1NGa1NBSjZP + R04wYUsrdGlVa3FnL1NYVG4xdUdqeHNnM0ZJCmhMSzFoRVFSOFBrQlU3VUtwaU0r + TEtad1B5NGh3OW1oajNvckhJcExrU0kKLS0tIFc5K3JOVTUvSFU1dmQxMUFRZ1o3 + em5IemlsM29zVy9GK3RmTlgzVnRpMDAKRatmFgCdoXcypQ+1EDedCuVctl0SFMf4 + kjtHrTSpept/y9bpTUy656aPRQ1LvqvfPs7Co1ssC/YWFroDsLgv4w== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-01-24T05:26:20Z" + mac: ENC[AES256_GCM,data:GbQrLESUR/x+eLzukOR1FaJsd8zxlrz9dc/2kDBKUYAgI8L4QwLmwRuzpaIJgNLv2PdLTW83oSC8ekxR8fmsap40DpiygcrmPdPUeVFbEPaz7SSvU+DCgB0UX+qNQ9aOQ0BIbeKKOIj3r9enGv2o6DKY8I85n7VXjnGZAmCf1C8=,iv:UrtVqRGwvOpXOH3X3qF6ZF+VwqO0VGt+hFG7r6oUqCg=,tag:TD4mG3t5ORYgAS0GBmA7Eg==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.3