diff --git a/flake.nix b/flake.nix index 5a88538..b1cb8ef 100644 --- a/flake.nix +++ b/flake.nix @@ -31,8 +31,8 @@ outputs = { self, nixpkgs, home-manager, ... } @ inputs: let rootPath = ./.; - systems = [ "x86_64-linux" "aarch64-linux" ]; - forAllSystems = f: nixpkgs.lib.genAttrs systems (system: f system); + system = "x86_64-linux"; + pkgs = import nixpkgs { inherit system; }; in { nixosConfigurations = { @@ -63,33 +63,21 @@ extraSpecialArgs = { inherit inputs rootPath; }; modules = [ ./home/hosts/wsl.nix ]; }; - "android@y2q" = home-manager.lib.homeManagerConfiguration { - pkgs = nixpkgs.legacyPackages.aarch64-linux; - extraSpecialArgs = { inherit inputs rootPath; }; - modules = [ ./home/hosts/y2q.nix ]; - }; }; - devShells = forAllSystems (system: - let - pkgs = import nixpkgs { inherit system; }; - in - { - default = pkgs.mkShell { - buildInputs = [ - pkgs.nix - pkgs.home-manager - pkgs.sops - ]; + devShells.${system}.default = pkgs.mkShell { + buildInputs = [ + pkgs.nix + pkgs.home-manager + pkgs.sops + ]; - shellHook = '' - HOST=$(hostname) - alias deploy-nixos="sudo nixos-rebuild switch --flake .#$HOST" - alias deploy-vps="nixos-rebuild switch --flake .#vps --target-host root@vps" - alias deploy-home="home-manager switch --flake .#$USER@$HOST" - ''; - }; - } - ); + shellHook = '' + HOST=$(hostname) + alias deploy-nixos="sudo nixos-rebuild switch --flake .#$HOST" + alias deploy-vps="nixos-rebuild switch --flake .#vps --target-host root@vps" + alias deploy-home="home-manager switch --flake .#toast@$HOST" + ''; + }; }; } diff --git a/home/hosts/y2q.nix b/home/hosts/y2q.nix deleted file mode 100644 index 509621d..0000000 --- a/home/hosts/y2q.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ config, pkgs, inputs, ... }: - -{ - imports = [ - inputs.nixvim.homeModules.nixvim - inputs.sops-nix.homeManagerModules.sops - ] ++ ( - let - modulesPath = ../modules; - cliModules = builtins.attrNames (builtins.readDir (modulesPath + "/cli/")); - in - map (module: modulesPath + "/cli/${module}") cliModules - ); - - home = { - username = "android"; - homeDirectory = "/home/android"; - stateVersion = "24.11"; - }; - - nixpkgs.config.allowUnfree = true; - systemd.user.startServices = "sd-switch"; -} diff --git a/home/modules/cli/opencode.nix b/home/modules/cli/opencode.nix index 162cae9..db53896 100644 --- a/home/modules/cli/opencode.nix +++ b/home/modules/cli/opencode.nix @@ -1,41 +1,3 @@ -{ config, ... }: - { - sops.secrets = { - "openrouter_api_key" = {}; - "github_token" = {}; - "context7_api_key" = {}; - }; - - programs.opencode = { - enable = true; - settings = { - theme = "opencode"; - provider = { - openrouter = { - options = { - apiKey = "{file:${config.sops.secrets."openrouter_api_key".path}}"; - }; - }; - }; - mcp = { - github = { - enabled = true; - type = "remote"; - url = "https://api.githubcopilot.com/mcp/"; - headers = { - Authorization = "Bearer {file:${config.sops.secrets."github_token".path}}"; - }; - }; - context7 = { - enabled = true; - type = "remote"; - url = "https://mcp.context7.com/mcp"; - headers = { - "CONTEXT7_API_KEY" = "{file:${config.sops.secrets."context7_api_key".path}}"; - }; - }; - }; - }; - }; + programs.opencode.enable = true; } diff --git a/home/modules/cli/sops.nix b/home/modules/cli/sops.nix index 094195f..7b1a78d 100644 --- a/home/modules/cli/sops.nix +++ b/home/modules/cli/sops.nix @@ -1,8 +1,10 @@ -{ rootPath, config, ... }: +{ rootPath, ... }: { sops.defaultSopsFile = rootPath + /secrets/secrets.yaml; sops.defaultSopsFormat = "yaml"; - sops.age.keyFile = "${config.home.homeDirectory}/.config/sops/age/keys.txt"; + sops.age.keyFile = "/home/toast/.config/sops/age/keys.txt"; + + sops.secrets."tailscale/authkey" = { }; } diff --git a/hosts/nixos/modules/services/flatpak.nix b/hosts/nixos/modules/services/flatpak.nix index 5a6d285..0a2f7b7 100644 --- a/hosts/nixos/modules/services/flatpak.nix +++ b/hosts/nixos/modules/services/flatpak.nix @@ -6,6 +6,7 @@ packages = [ "org.vinegarhq.Sober" "org.vinegarhq.Vinegar" + "com.spotify.Client" "md.obsidian.Obsidian" ]; overrides = { diff --git a/hosts/nixos/modules/services/restic.nix b/hosts/nixos/modules/services/restic.nix index 1452624..99ac410 100644 --- a/hosts/nixos/modules/services/restic.nix +++ b/hosts/nixos/modules/services/restic.nix @@ -1,12 +1,10 @@ { config, ... }: { - sops.secrets = { - "restic/password" = {}; - "restic/env" = {}; - }; + sops.secrets."restic/password" = { }; + sops.secrets."restic/rclone-config" = { }; - services.restic.backups.b2 = { + services.restic.backups.gdrive = { initialize = true; inhibitsSleep = true; passwordFile = config.sops.secrets."restic/password".path; @@ -14,9 +12,8 @@ "/data/Backup" "/home/toast/workspace" ]; - exclude = [ "node_modules" ]; - repository = "s3:https://s3.us-east-005.backblazeb2.com/restic-backups-0"; - environmentFile = config.sops.secrets."restic/env".path; + repository = "rclone:gdrive:restic"; + rcloneConfigFile = config.sops.secrets."restic/rclone-config".path; pruneOpts = [ "--keep-daily 7" "--keep-weekly 3" diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index a04e661..dd0ab4c 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -1,11 +1,9 @@ tailscale: authkey: ENC[AES256_GCM,data:ssxd13QKzXbezZs9ewR0CRsN0T6FMzQjGyJ5czjv4lHP6ODM1hAkS728vInfgq2hwUwVzs17I0C4017MGg==,iv:r/M4WtjrQZLdqidlFNUvY9NQhDSntNka2iYOAu+RQc8=,tag:kycZLagUboZ31ryQ3exi3w==,type:str] github_token: ENC[AES256_GCM,data:3LoIlgJTmCfMwPcTz1Q+exe8QV8XaYuYu6pAQp6yKq0aSspTo12G5w==,iv:cwhF34tcoiss/Oy/N5SdTHo4ZEbPeVZYm8PgoD29YSk=,tag:PItjK2ZPMSKVa4AsNnkhPw==,type:str] -openrouter_api_key: ENC[AES256_GCM,data:c0GHwhX5S4cfOXs6iR8TWVwhW90bvehWdy8lJBmbZvnz9nK7VSobaVPJZ2e1G5rUvAtgEGvwX9WBhkvGMHpU/tdkzzUIHQN5iw==,iv:yGTo1b7EXOGsgyeHTuWYSbiE3EtvASvrjIu98+Hgl4c=,tag:X/b3FKrPe9igt415eyfdyQ==,type:str] -context7_api_key: ENC[AES256_GCM,data:3fvSGzii2MqlfMCFYIUcC8Fa18KBh2K91rYPtXe04+UzNb/ElBEVMoH4Gw==,iv:4cZlsYZVum/Ui3MNAzSMb8JxOCNchUzuwlh890Lc4vo=,tag:RDjeujPxDQC5eRqDcKfbvA==,type:str] restic: - password: ENC[AES256_GCM,data:LhO9evxJ1jO+/jVefT1ImRB7mdQB6VWxMdXPzAX4v9ICy5V+QlPDHdug3fKgZfzZ2EJtxy0LeQqHhyACKvPACA==,iv:Ag5BXn7gViL2J7qALn6WoQ1zwS69/NkjU9iP7pw2g0U=,tag:nUSCMkojdSA3+aJ4OKM8rw==,type:str] - env: ENC[AES256_GCM,data:1FJTGyT115aL0kZWUE52wqLbLYJ3ArrM9+Xm8DvtWzjzJAM5UdRzN0LZtToxFE6jn7Z3DmCQT4lI08EeVtHgcEABteDyk40v2Z6PFq0EjWS/Y13iOi507yE1NsiHKAF3Ew==,iv:OuKSnQDVLJVtrXe7nNlU8vG5cJr2NiToC0/dGfZ+iW0=,tag:nWI6gjfawt8OWHyPX3d+eQ==,type:str] + password: ENC[AES256_GCM,data:CaWwS1Pm2LoeLHWtZv7fahpyJu4vgGgNo5E88tDXK767UH39naxcJuejq1l2Bb2OM5x8+zsIUPz8mPYAJD/Yaw==,iv:zJSZKliRzGdTlBMXk6wG9aVeR3xFQP2chcHm3LrNfjk=,tag:z90vqLU29EPgczL4X/XG4g==,type:str] + rclone-config: ENC[AES256_GCM,data:HAuuawWALDQzsn6wJxQIbh57OaJnqwfm4tfhVJJ61wUgC3Kg3a/butjTCX6Q9DVQ7ygK2KH/29p4/lzSeQTGpMx7evOYi8qHQmvW+XMepx0+DEN6+y8iMRw3HG2/cctWoLDcf1RPw+eQdhDPSd/TnU26gNNdxEfTkEKPxQ5ctlLMmyGmUy2UCMarG5I6F88M2y608syTMDfbF22YHpLCBcofKbpvN9rOvqmrM8KxZ8m4JVDcbA23/X36dVkWYKrBuTW8Y2Wuo1o7dAesHIXsxW0KstnJomn/2bDNVjbsiaAlT7Vt4WVm0Gmg8ost2IrAqOeQdevw3V2SYhfCtCEJSmtpvR7KFO0e/Jsj0kF1xFdVQR7QyYO2IsyAyAozpD9pILVNOrfZ6LT8TYI+p1RnR504lumo1VPXKoRE6nnyaZWb1ABuSqXhiOVQcHN2Kg9WWEk6d3XhoIcVob1MFLvgoFttMn5dMUFqtpmpKm+E7/jxGP7wg19pmWanfr2lsbt/vnobkqKFLWFevfuK9u6atRXYo4PyONPo2KDwpI7+7WBBD49pbiklxyNUGYgYpIsLrvaG1fVnCxgdGKI7vdtBK9uLVIEP2t0cZqGs2SjEfBhJrGgU76vSTQrRm0RqA8B1WKXHOrqwaujhVzeaCf4tqRGR1StTtqTeMQ7rKi14oPFXOPTXElSVXvWlFi3yForFpUSptcGJEj5HyHwuzxOww6K2bvOltznOWO0OvI6yVMS0VfagcQBWkV7Gy6qPR98o5v18ZBfDIh8OpcnDwZ2SotTzQfkIUXWzzNTs71cWNCuQexufOzKYk/Afb8kZk1msa3q2jKZj9I3/B0siyE0X6pKgoKuV7t27PSXuDyaFSkd8+E2SLM/GPEBOXy22UwOMvcGbB+s=,iv:MXTKIls+iKS9zAm09acTBmh2imzrjIo5ojLiFW3nGuY=,tag:Z0sDuGYaz/3ZdvVqCY1m/g==,type:str] zipline: env: ENC[AES256_GCM,data:HOcqrzXnu+BcpZYgv1yzPOTV4ydJiVa0oIXQWMUNt/X6q2TUGPOTwWg/dOgzoi6jGzFxm+wJzugO4lLQurUV0DiWIWLDSm/PK+zW34yLYwMrwK1bRaF9yl7usAN6BEmpLw==,iv:9IZDQRT2JoXNTuyPZrwRSr2m3SnXaLmJcafpkraCFWA=,tag:+7EoCTiY9f0/C5jgvPQknA==,type:str] token: ENC[AES256_GCM,data:Ke+cJQ6Up5RUGqe/3tG7Nk40PoOQ1Vq1jN5QN4N5LXOFgclXpzN7sjx0bumFVEcgg4B7UkHmjHzjRAPtWheFu+1PaN02aQVLMGzYXgujqmccC+6roxYt4vdN0CLzf0Ii7k5KUwX3QdOV+lrVwyoBjgQyTD839YnODI7zavf+aDMlrE4+BlFjjV8MUQHsJ5G017xN0XLKOBIQsGpMl40YsvVXFrNwkZ+DkN7bXCZBiHI41W44snB1C3wkYOO+a0g4JzVjIhcHXalYgOW4Unuyyah8yDoXRxuSq7aZpQ+/AHRiuIuaHSrE5BUJu/9bJdjojNuk6VTsaLFtngViSjtyztcqMAIHFFq/KXAog8tg16dJH/V6PomrWXY=,iv:H/EcD/oNSw1mIwxsqyMeSRPsY7lnzEzTNJs6OPNfPw4=,tag:FgH9Nwxnq62uhCd/Av2kAA==,type:str] @@ -20,7 +18,7 @@ sops: Z0crWElZcVFMVUd0VytoTHFqbkRDck0KY8nsRThk1hCA/yDNy5JJ0T6pTUwRZhYW j8grD6JYvauuYa+3tSIwqy2RPiKltx696n9nXy9iPnFUO0QY/rQGVg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-10-09T07:41:18Z" - mac: ENC[AES256_GCM,data:zLuNIqXZaFBGXHEXDLbs5U2IaJRNDuPWX6MAhFVP28dWsghWgcNF3Oh09YCO4rAtgby73rN48Stm/mvmUFnvP90t0vGXRlAsflNnGJhiwMW9YyUGBaFUh2BSKUzOC37R+ZQEpchngqCoIHjCtAL+1EWjgF0QCac/aH9rwBd6MmQ=,iv:Z9/KOe1LgZpDw5l2Sk0f19hyV7dQotxuDi2GdOFsK0E=,tag:YngGlczVYLhShguSJyXe0g==,type:str] + lastmodified: "2025-09-25T08:59:38Z" + mac: ENC[AES256_GCM,data:BjdbNsicAIUBzztvYLFtyWpQKfAwAL6iYygr7RZsqeszRiNb2fjVC1m4LBgp9f+NWkb2QFXcHouFzeUq84ZMO1QZHGAXgbbV5mR2oHqPl32/Hi387T3lvVjQjSlwh8eMAj4/6e51jmaCuNevOTtZ8Lf7T0FRMNXUSMFL+EbffQo=,iv:A7dl71Zx81QtxiSK0ujYrtlUNhel/NmxfpFVRNsk6Aw=,tag:Y19XPnTaJ0wVa+avpDaUeQ==,type:str] unencrypted_suffix: _unencrypted version: 3.10.2