flake update

Signed-off-by: cy <cy@cy7.sh>

.sops.yaml

@@ -103,3 +103,8 @@ creation_rules:
       - age:
           - *chunk
           - *cy
+  - path_regex: secrets/services/tailscale.yaml
+    key_groups:
+      - age:
+          - *chunk
+          - *cy

flake.lock

@@ -157,11 +157,11 @@
     },
     "crane_2": {
       "locked": {
-        "lastModified": 1737563566,
+        "lastModified": 1737689766,
-        "narHash": "sha256-GLJvkOG29XCynQm8XWPyykMRqIhxKcBARVu7Ydrz02M=",
+        "narHash": "sha256-ivVXYaYlShxYoKfSo5+y5930qMKKJ8CLcAoIBPQfJ6s=",
         "owner": "ipetkov",
         "repo": "crane",
-        "rev": "849376434956794ebc7a6b487d31aace395392ba",
+        "rev": "6fe74265bbb6d016d663b1091f015e2976c4a527",
         "type": "github"
       },
       "original": {
@@ -562,11 +562,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1737669579,
+        "lastModified": 1737704314,
-        "narHash": "sha256-v9WQ3c4ctwPMfdBZMZxpdM9xXev4uChce4BxOpvsu0E=",
+        "narHash": "sha256-zta8jvOQ2wRCZmiwFEnS5iCulWAh8e+fLUlQxrgOBjM=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "7b9ece1bf3c8780cde9b975b28c2d9ccd7e9cdb9",
+        "rev": "a0428685572b134f6594e7d7f5db5e1febbab2d7",
         "type": "github"
       },
       "original": {
@@ -683,11 +683,11 @@
         "pre-commit-hooks": "pre-commit-hooks"
       },
       "locked": {
-        "lastModified": 1737655283,
+        "lastModified": 1737726524,
-        "narHash": "sha256-yAFGeCZXUL3GqDMeFcUEOC4m459Ld7j54Rxo8cmyuSQ=",
+        "narHash": "sha256-Tw4kY4m5iNkRWCzmZO8ZO0i5iufD2K11leRy3uPR+g0=",
         "ref": "refs/heads/main",
-        "rev": "963b687443b44df6c5cbdf3426454d92830d9100",
+        "rev": "ca68979174da416f0c3d11beaa19d3965a4654a0",
-        "revCount": 16671,
+        "revCount": 16681,
         "type": "git",
         "url": "https://git.lix.systems/lix-project/lix"
       },
@@ -737,11 +737,11 @@
         "xwayland-satellite-unstable": "xwayland-satellite-unstable"
       },
       "locked": {
-        "lastModified": 1737627930,
+        "lastModified": 1737723936,
-        "narHash": "sha256-oaAatwNVaX36xmI2AKIVu2oG07XJmHq2T+Y66hEprd8=",
+        "narHash": "sha256-7badcmkmjaOeEshFdGnoEofrZO667t/k5jDa0/NINpI=",
         "owner": "sodiboo",
         "repo": "niri-flake",
-        "rev": "f79aa307f4bc0bfbabee404e6354fd2a1edfcb01",
+        "rev": "84a8590f8196d3fccb1618a153dbd6bac325e3c4",
         "type": "github"
       },
       "original": {
@@ -770,11 +770,11 @@
     "niri-unstable": {
       "flake": false,
       "locked": {
-        "lastModified": 1737623252,
+        "lastModified": 1737697331,
-        "narHash": "sha256-orq/c8lOUrZfCHQhfuLEJtMZpfBYhMtGv1Xuz99Pxj0=",
+        "narHash": "sha256-9k77pFW2ANx8bZc+RcF6YP9McFZsUCWWY+XwBX0P3/Q=",
         "owner": "YaLTeR",
         "repo": "niri",
-        "rev": "128b01e04905d833214f52a3c6fab308bcc15ce0",
+        "rev": "748d90b443b9f20134020c21760b5b6c2c42a7de",
         "type": "github"
       },
       "original": {
@@ -1045,11 +1045,11 @@
     },
     "nixpkgs_5": {
       "locked": {
-        "lastModified": 1737642748,
+        "lastModified": 1737706285,
-        "narHash": "sha256-VsCzuoavNERLs46aw38nmORT4F5pLOZDDe2bzFo+jsE=",
+        "narHash": "sha256-k/f1rAyCjGkNu4BnlnUGEvQPSnYVG7UHoOeaQQcjQps=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "864f89f98b0b4e1bbcb762b025fd83da8bc1bae0",
+        "rev": "dcb7446a099fe1c95b3694fdb7a4dda8f19d6ba8",
         "type": "github"
       },
       "original": {
@@ -1082,11 +1082,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1737667561,
+        "lastModified": 1737735875,
-        "narHash": "sha256-BKUapQPTji3V2uxymGq62/UWF1XMjfHvKd565jj1HlA=",
+        "narHash": "sha256-uZpZbT5kH7whiMpaMQjSPxRbRTmH5LaoBat6eQBHHaY=",
         "owner": "nix-community",
         "repo": "nixvim",
-        "rev": "aab2b81792567237c104b90c3936e073d28a9ac6",
+        "rev": "bd3184f4957d5484bb5ebef4b9bc6f9cc53cfad5",
         "type": "github"
       },
       "original": {
@@ -1240,11 +1240,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1737599167,
+        "lastModified": 1737685583,
-        "narHash": "sha256-S2rHCrQWCDVp63XxL/AQbGr1g5M8Zx14C7Jooa4oM8o=",
+        "narHash": "sha256-p+NVABRpGi+pT+xxf9HcLcFVxG6L+vEEy+NwzB9T0f8=",
         "owner": "oxalica",
         "repo": "rust-overlay",
-        "rev": "38374302ae9edf819eac666d1f276d62c712dd06",
+        "rev": "eb64cbcc8eee0fa87ebded92805280d2ec97415a",
         "type": "github"
       },
       "original": {

home/yt/common.nix

@@ -44,7 +44,11 @@
         rebase = true;
         autostash = true;
       };
-      merge.tool = "vimdiff";
+      merge = {
+        tool = "vimdiff";
+        keepBackup = false;
+        prompt = false;
+      };
       rebase = {
         stat = true;
         autoStash = true;
@@ -52,10 +56,7 @@
         updateRefs = true;
       };
       help.autocorrect = 1;
-      mergetool = {
+      "mergetool \"vimdiff\"".cmd = "nvim -d $LOCAL $REMOTE $MERGED -c '$wincmd w' -c 'wincmd J'";
-        prompt = false;
-        path = "nvim-open";
-      };
     };
   };
   programs.ripgrep.enable = true;

home/zsh/default.nix

@@ -94,8 +94,8 @@
       "ga" = "git add";
       "gaa" = "git add --all";
       "gb" = "git branch";
-      "gc" = "git commit --verbose";
+      "gc" = "git commit --verbose -s";
-      "gcmsg" = "git commit --message";
+      "gcmsg" = "git commit -s --message";
       "gd" = "git diff";
       "gdca" = "git diff --cached";
       "gds" = "git diff --staged";

hosts/chunk/default.nix

@@ -26,6 +26,7 @@
     ./attic.nix
     ./forgejo.nix
     ./garage.nix
+    ./tailscale.nix
   ];
 
   sops.age.keyFile = "/root/.config/sops/age/keys.txt";
@@ -66,10 +67,12 @@
     "attic/env" = {
       sopsFile = ../../secrets/services/attic.yaml;
     };
-
     "garage/env" = {
       sopsFile = ../../secrets/services/garage.yaml;
     };
+    "tailscale/auth" = {
+      sopsFile = ../../secrets/services/tailscale.yaml;
+    };
   };
 
   boot.loader.grub.enable = true;

hosts/chunk/tailscale.nix

@@ -0,0 +1,9 @@
+{ config, ... }: {
+  services.tailscale = {
+    enable = true;
+    authKeyFile = config.sops.secrets."tailscale/auth".path;
+    extraUpFlags = [ "--advertise-exit-node" ];
+    useRoutingFeatures = "server";
+    openFirewall = true;
+  };
+}

hosts/ytnix/default.nix

@@ -9,6 +9,7 @@
     ./hardware-configuration.nix
     ../common.nix
     ../zsh.nix
+    ./tailscale.nix
   ];
 
   sops.age.keyFile = "/root/.config/sops/age/keys.txt";
@@ -32,6 +33,9 @@
       sopsFile = ../../secrets/newsboat.yaml;
       owner = "yt";
     };
+    "tailscale/auth" = {
+      sopsFile = ../../secrets/services/tailscale.yaml;
+    };
   };
 
   boot = {
@@ -58,6 +62,7 @@
       pkiBundle = "/var/lib/sbctl";
     };
     kernel.sysctl."kernel.sysrq" = 1;
+    binfmt.emulatedSystems = [ "aarch64-linux" ];
   };
 
   networking = {
@@ -128,6 +133,7 @@
     "wheel"
     "libvirtd"
     "docker"
+    "disk"
   ];
 
   environment.systemPackages = with pkgs; [
@@ -314,4 +320,8 @@
   programs.niri.enable = true;
   programs.niri.package = pkgs.niri-unstable;
   programs.xwayland.enable = true;
+
+  services.udev.extraHwdb = ''
+    SUBSYSTEM=="usb", SYSFS{idVendor}=="090c", SYSFS{idProduct}=="1000", ACTION=="add", GROUP="users", MODE="0664"
+  '';
 }

hosts/ytnix/tailscale.nix

@@ -0,0 +1,11 @@
+{ config, ... }: {
+  services.tailscale = {
+    enable = true;
+    authKeyFile = config.sops.secrets."tailscale/auth".path;
+    openFirewall = true;
+    useRoutingFeatures = "client";
+    extraUpFlags = [
+      "--exit-node=100.122.132.30"
+    ];
+  };
+}

justfile

@@ -0,0 +1,14 @@
+update:
+    git switch -c update
+    git push
+    git switch main
+
+upgrade:
+    git switch update
+    sudo nixos-rebuild switch -L --flake . --use-substitutes
+    nixos-rebuild switch -L --flake .#chunk --target-host root@2a0f:85c1:840:2bfb::1 --use-substitutes
+    nixos-rebuild switch -L --flake .#titan --target-host root@www.cything.io --use-substitutes
+    home-manager -L switch --flake .
+    git switch main
+    git merge update
+    git branch -d update

secrets/services/tailscale.yaml

@@ -0,0 +1,31 @@
+tailscale:
+    auth: ENC[AES256_GCM,data:7gGiUBRUK25Tp5y/5DDZKOTxKPFFfN1UUeBOdMLLQqobq643MKdJ9imxkKmKFg/FwgLYft/uzdxQGGlE7Q==,iv:HRmd+T1QuTYP8VrX/bZt8dWSwm5rcUvpEMqCMPfxjE4=,tag:PRZn2Pm6yydfEULrYGM6yg==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2Z1JZZmZMaDQ3UHYvbXYr
+            c05RaEMxUGJXSGczUDBkL1UxT0hjQ0VNNkJNClFUNmJ5d3gyaHFwMTdNVW9GQ2ly
+            V3haMkx5Z1B5dmJ0SE4wY0UzMWswQ0EKLS0tIGNpZVo3UmtHcjFZVE5FMmdpOGMx
+            UFZGb3I1L3FJYVE2VjJ5aTVoZlo4bFUKwH2sPBwuLQXrHmiKYSu4Eut/H2j/2tUW
+            1y8Eph7l6w3kfhZRRbo6cZ8gcbZNHPSPeAvWf/TpYumiTt1WBt8SMw==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSVXBMTEMrY1NGa1NBSjZP
+            R04wYUsrdGlVa3FnL1NYVG4xdUdqeHNnM0ZJCmhMSzFoRVFSOFBrQlU3VUtwaU0r
+            TEtad1B5NGh3OW1oajNvckhJcExrU0kKLS0tIFc5K3JOVTUvSFU1dmQxMUFRZ1o3
+            em5IemlsM29zVy9GK3RmTlgzVnRpMDAKRatmFgCdoXcypQ+1EDedCuVctl0SFMf4
+            kjtHrTSpept/y9bpTUy656aPRQ1LvqvfPs7Co1ssC/YWFroDsLgv4w==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-01-24T05:26:20Z"
+    mac: ENC[AES256_GCM,data:GbQrLESUR/x+eLzukOR1FaJsd8zxlrz9dc/2kDBKUYAgI8L4QwLmwRuzpaIJgNLv2PdLTW83oSC8ekxR8fmsap40DpiygcrmPdPUeVFbEPaz7SSvU+DCgB0UX+qNQ9aOQ0BIbeKKOIj3r9enGv2o6DKY8I85n7VXjnGZAmCf1C8=,iv:UrtVqRGwvOpXOH3X3qF6ZF+VwqO0VGt+hFG7r6oUqCg=,tag:TD4mG3t5ORYgAS0GBmA7Eg==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.3