From 6cb9cd60b21a1d040ad179481f92daafb7282294 Mon Sep 17 00:00:00 2001 From: lightly-toasted Date: Wed, 8 Oct 2025 14:38:18 +0900 Subject: [PATCH 1/5] feat(opencode): add mcp servers --- home/modules/cli/opencode.nix | 40 ++++++++++++++++++++++++++++++++++- home/modules/cli/sops.nix | 2 -- secrets/secrets.yaml | 6 ++++-- 3 files changed, 43 insertions(+), 5 deletions(-) diff --git a/home/modules/cli/opencode.nix b/home/modules/cli/opencode.nix index db53896..162cae9 100644 --- a/home/modules/cli/opencode.nix +++ b/home/modules/cli/opencode.nix @@ -1,3 +1,41 @@ +{ config, ... }: + { - programs.opencode.enable = true; + sops.secrets = { + "openrouter_api_key" = {}; + "github_token" = {}; + "context7_api_key" = {}; + }; + + programs.opencode = { + enable = true; + settings = { + theme = "opencode"; + provider = { + openrouter = { + options = { + apiKey = "{file:${config.sops.secrets."openrouter_api_key".path}}"; + }; + }; + }; + mcp = { + github = { + enabled = true; + type = "remote"; + url = "https://api.githubcopilot.com/mcp/"; + headers = { + Authorization = "Bearer {file:${config.sops.secrets."github_token".path}}"; + }; + }; + context7 = { + enabled = true; + type = "remote"; + url = "https://mcp.context7.com/mcp"; + headers = { + "CONTEXT7_API_KEY" = "{file:${config.sops.secrets."context7_api_key".path}}"; + }; + }; + }; + }; + }; } diff --git a/home/modules/cli/sops.nix b/home/modules/cli/sops.nix index 7b1a78d..b125b37 100644 --- a/home/modules/cli/sops.nix +++ b/home/modules/cli/sops.nix @@ -5,6 +5,4 @@ sops.defaultSopsFormat = "yaml"; sops.age.keyFile = "/home/toast/.config/sops/age/keys.txt"; - - sops.secrets."tailscale/authkey" = { }; } diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index dd0ab4c..9cb5764 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -1,6 +1,8 @@ tailscale: authkey: ENC[AES256_GCM,data:ssxd13QKzXbezZs9ewR0CRsN0T6FMzQjGyJ5czjv4lHP6ODM1hAkS728vInfgq2hwUwVzs17I0C4017MGg==,iv:r/M4WtjrQZLdqidlFNUvY9NQhDSntNka2iYOAu+RQc8=,tag:kycZLagUboZ31ryQ3exi3w==,type:str] github_token: ENC[AES256_GCM,data:3LoIlgJTmCfMwPcTz1Q+exe8QV8XaYuYu6pAQp6yKq0aSspTo12G5w==,iv:cwhF34tcoiss/Oy/N5SdTHo4ZEbPeVZYm8PgoD29YSk=,tag:PItjK2ZPMSKVa4AsNnkhPw==,type:str] +openrouter_api_key: ENC[AES256_GCM,data:c0GHwhX5S4cfOXs6iR8TWVwhW90bvehWdy8lJBmbZvnz9nK7VSobaVPJZ2e1G5rUvAtgEGvwX9WBhkvGMHpU/tdkzzUIHQN5iw==,iv:yGTo1b7EXOGsgyeHTuWYSbiE3EtvASvrjIu98+Hgl4c=,tag:X/b3FKrPe9igt415eyfdyQ==,type:str] +context7_api_key: ENC[AES256_GCM,data:3fvSGzii2MqlfMCFYIUcC8Fa18KBh2K91rYPtXe04+UzNb/ElBEVMoH4Gw==,iv:4cZlsYZVum/Ui3MNAzSMb8JxOCNchUzuwlh890Lc4vo=,tag:RDjeujPxDQC5eRqDcKfbvA==,type:str] restic: password: ENC[AES256_GCM,data:CaWwS1Pm2LoeLHWtZv7fahpyJu4vgGgNo5E88tDXK767UH39naxcJuejq1l2Bb2OM5x8+zsIUPz8mPYAJD/Yaw==,iv:zJSZKliRzGdTlBMXk6wG9aVeR3xFQP2chcHm3LrNfjk=,tag:z90vqLU29EPgczL4X/XG4g==,type:str] rclone-config: ENC[AES256_GCM,data:HAuuawWALDQzsn6wJxQIbh57OaJnqwfm4tfhVJJ61wUgC3Kg3a/butjTCX6Q9DVQ7ygK2KH/29p4/lzSeQTGpMx7evOYi8qHQmvW+XMepx0+DEN6+y8iMRw3HG2/cctWoLDcf1RPw+eQdhDPSd/TnU26gNNdxEfTkEKPxQ5ctlLMmyGmUy2UCMarG5I6F88M2y608syTMDfbF22YHpLCBcofKbpvN9rOvqmrM8KxZ8m4JVDcbA23/X36dVkWYKrBuTW8Y2Wuo1o7dAesHIXsxW0KstnJomn/2bDNVjbsiaAlT7Vt4WVm0Gmg8ost2IrAqOeQdevw3V2SYhfCtCEJSmtpvR7KFO0e/Jsj0kF1xFdVQR7QyYO2IsyAyAozpD9pILVNOrfZ6LT8TYI+p1RnR504lumo1VPXKoRE6nnyaZWb1ABuSqXhiOVQcHN2Kg9WWEk6d3XhoIcVob1MFLvgoFttMn5dMUFqtpmpKm+E7/jxGP7wg19pmWanfr2lsbt/vnobkqKFLWFevfuK9u6atRXYo4PyONPo2KDwpI7+7WBBD49pbiklxyNUGYgYpIsLrvaG1fVnCxgdGKI7vdtBK9uLVIEP2t0cZqGs2SjEfBhJrGgU76vSTQrRm0RqA8B1WKXHOrqwaujhVzeaCf4tqRGR1StTtqTeMQ7rKi14oPFXOPTXElSVXvWlFi3yForFpUSptcGJEj5HyHwuzxOww6K2bvOltznOWO0OvI6yVMS0VfagcQBWkV7Gy6qPR98o5v18ZBfDIh8OpcnDwZ2SotTzQfkIUXWzzNTs71cWNCuQexufOzKYk/Afb8kZk1msa3q2jKZj9I3/B0siyE0X6pKgoKuV7t27PSXuDyaFSkd8+E2SLM/GPEBOXy22UwOMvcGbB+s=,iv:MXTKIls+iKS9zAm09acTBmh2imzrjIo5ojLiFW3nGuY=,tag:Z0sDuGYaz/3ZdvVqCY1m/g==,type:str] @@ -18,7 +20,7 @@ sops: Z0crWElZcVFMVUd0VytoTHFqbkRDck0KY8nsRThk1hCA/yDNy5JJ0T6pTUwRZhYW j8grD6JYvauuYa+3tSIwqy2RPiKltx696n9nXy9iPnFUO0QY/rQGVg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-09-25T08:59:38Z" - mac: ENC[AES256_GCM,data:BjdbNsicAIUBzztvYLFtyWpQKfAwAL6iYygr7RZsqeszRiNb2fjVC1m4LBgp9f+NWkb2QFXcHouFzeUq84ZMO1QZHGAXgbbV5mR2oHqPl32/Hi387T3lvVjQjSlwh8eMAj4/6e51jmaCuNevOTtZ8Lf7T0FRMNXUSMFL+EbffQo=,iv:A7dl71Zx81QtxiSK0ujYrtlUNhel/NmxfpFVRNsk6Aw=,tag:Y19XPnTaJ0wVa+avpDaUeQ==,type:str] + lastmodified: "2025-10-08T05:31:44Z" + mac: ENC[AES256_GCM,data:05fWijDDOt7+MLLeMHjnMO/GvEur5CMGeeUg88FgzEjnhgWg8dGi8KyvnbHvHKi5G0Qm6+f2XBw7n1NkL31Umct8rEw84uSpFPZy/KN6XAEgYWFknugaOd1nriTrgJyP5ERsQM+vAL7J53X/wGH7rvwb9pqnHFHsBLZKe2Oyp7g=,iv:j8sKpH27f0ammwQmG5Bukk3Ec5dumrVg2aUmciIyhnM=,tag:LYwz7MKaU33rbmg7RVjklQ==,type:str] unencrypted_suffix: _unencrypted version: 3.10.2 From 7307eaa6e669de2efafe96e398c9556707fdfe6d Mon Sep 17 00:00:00 2001 From: lightly-toasted Date: Thu, 9 Oct 2025 15:05:39 +0900 Subject: [PATCH 2/5] feat(nixos): remove spotify from flatpak --- hosts/nixos/modules/services/flatpak.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/hosts/nixos/modules/services/flatpak.nix b/hosts/nixos/modules/services/flatpak.nix index 0a2f7b7..5a6d285 100644 --- a/hosts/nixos/modules/services/flatpak.nix +++ b/hosts/nixos/modules/services/flatpak.nix @@ -6,7 +6,6 @@ packages = [ "org.vinegarhq.Sober" "org.vinegarhq.Vinegar" - "com.spotify.Client" "md.obsidian.Obsidian" ]; overrides = { From da3d4c46d83c7f0474874cf7aaae52b59332f3f6 Mon Sep 17 00:00:00 2001 From: lightly-toasted Date: Thu, 9 Oct 2025 16:59:03 +0900 Subject: [PATCH 3/5] feat(nixos): migrate restic backups from Google Drive to Backblaze B2 - Switch repository from rclone:gdrive to s3 b2 - Add node_modules exclude pattern - Update secrets --- hosts/nixos/modules/services/restic.nix | 13 ++++++++----- secrets/secrets.yaml | 8 ++++---- 2 files changed, 12 insertions(+), 9 deletions(-) diff --git a/hosts/nixos/modules/services/restic.nix b/hosts/nixos/modules/services/restic.nix index 99ac410..1452624 100644 --- a/hosts/nixos/modules/services/restic.nix +++ b/hosts/nixos/modules/services/restic.nix @@ -1,10 +1,12 @@ { config, ... }: { - sops.secrets."restic/password" = { }; - sops.secrets."restic/rclone-config" = { }; + sops.secrets = { + "restic/password" = {}; + "restic/env" = {}; + }; - services.restic.backups.gdrive = { + services.restic.backups.b2 = { initialize = true; inhibitsSleep = true; passwordFile = config.sops.secrets."restic/password".path; @@ -12,8 +14,9 @@ "/data/Backup" "/home/toast/workspace" ]; - repository = "rclone:gdrive:restic"; - rcloneConfigFile = config.sops.secrets."restic/rclone-config".path; + exclude = [ "node_modules" ]; + repository = "s3:https://s3.us-east-005.backblazeb2.com/restic-backups-0"; + environmentFile = config.sops.secrets."restic/env".path; pruneOpts = [ "--keep-daily 7" "--keep-weekly 3" diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index 9cb5764..a04e661 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -4,8 +4,8 @@ github_token: ENC[AES256_GCM,data:3LoIlgJTmCfMwPcTz1Q+exe8QV8XaYuYu6pAQp6yKq0aSs openrouter_api_key: ENC[AES256_GCM,data:c0GHwhX5S4cfOXs6iR8TWVwhW90bvehWdy8lJBmbZvnz9nK7VSobaVPJZ2e1G5rUvAtgEGvwX9WBhkvGMHpU/tdkzzUIHQN5iw==,iv:yGTo1b7EXOGsgyeHTuWYSbiE3EtvASvrjIu98+Hgl4c=,tag:X/b3FKrPe9igt415eyfdyQ==,type:str] context7_api_key: ENC[AES256_GCM,data:3fvSGzii2MqlfMCFYIUcC8Fa18KBh2K91rYPtXe04+UzNb/ElBEVMoH4Gw==,iv:4cZlsYZVum/Ui3MNAzSMb8JxOCNchUzuwlh890Lc4vo=,tag:RDjeujPxDQC5eRqDcKfbvA==,type:str] restic: - password: ENC[AES256_GCM,data:CaWwS1Pm2LoeLHWtZv7fahpyJu4vgGgNo5E88tDXK767UH39naxcJuejq1l2Bb2OM5x8+zsIUPz8mPYAJD/Yaw==,iv:zJSZKliRzGdTlBMXk6wG9aVeR3xFQP2chcHm3LrNfjk=,tag:z90vqLU29EPgczL4X/XG4g==,type:str] - rclone-config: ENC[AES256_GCM,data:HAuuawWALDQzsn6wJxQIbh57OaJnqwfm4tfhVJJ61wUgC3Kg3a/butjTCX6Q9DVQ7ygK2KH/29p4/lzSeQTGpMx7evOYi8qHQmvW+XMepx0+DEN6+y8iMRw3HG2/cctWoLDcf1RPw+eQdhDPSd/TnU26gNNdxEfTkEKPxQ5ctlLMmyGmUy2UCMarG5I6F88M2y608syTMDfbF22YHpLCBcofKbpvN9rOvqmrM8KxZ8m4JVDcbA23/X36dVkWYKrBuTW8Y2Wuo1o7dAesHIXsxW0KstnJomn/2bDNVjbsiaAlT7Vt4WVm0Gmg8ost2IrAqOeQdevw3V2SYhfCtCEJSmtpvR7KFO0e/Jsj0kF1xFdVQR7QyYO2IsyAyAozpD9pILVNOrfZ6LT8TYI+p1RnR504lumo1VPXKoRE6nnyaZWb1ABuSqXhiOVQcHN2Kg9WWEk6d3XhoIcVob1MFLvgoFttMn5dMUFqtpmpKm+E7/jxGP7wg19pmWanfr2lsbt/vnobkqKFLWFevfuK9u6atRXYo4PyONPo2KDwpI7+7WBBD49pbiklxyNUGYgYpIsLrvaG1fVnCxgdGKI7vdtBK9uLVIEP2t0cZqGs2SjEfBhJrGgU76vSTQrRm0RqA8B1WKXHOrqwaujhVzeaCf4tqRGR1StTtqTeMQ7rKi14oPFXOPTXElSVXvWlFi3yForFpUSptcGJEj5HyHwuzxOww6K2bvOltznOWO0OvI6yVMS0VfagcQBWkV7Gy6qPR98o5v18ZBfDIh8OpcnDwZ2SotTzQfkIUXWzzNTs71cWNCuQexufOzKYk/Afb8kZk1msa3q2jKZj9I3/B0siyE0X6pKgoKuV7t27PSXuDyaFSkd8+E2SLM/GPEBOXy22UwOMvcGbB+s=,iv:MXTKIls+iKS9zAm09acTBmh2imzrjIo5ojLiFW3nGuY=,tag:Z0sDuGYaz/3ZdvVqCY1m/g==,type:str] + password: ENC[AES256_GCM,data:LhO9evxJ1jO+/jVefT1ImRB7mdQB6VWxMdXPzAX4v9ICy5V+QlPDHdug3fKgZfzZ2EJtxy0LeQqHhyACKvPACA==,iv:Ag5BXn7gViL2J7qALn6WoQ1zwS69/NkjU9iP7pw2g0U=,tag:nUSCMkojdSA3+aJ4OKM8rw==,type:str] + env: ENC[AES256_GCM,data:1FJTGyT115aL0kZWUE52wqLbLYJ3ArrM9+Xm8DvtWzjzJAM5UdRzN0LZtToxFE6jn7Z3DmCQT4lI08EeVtHgcEABteDyk40v2Z6PFq0EjWS/Y13iOi507yE1NsiHKAF3Ew==,iv:OuKSnQDVLJVtrXe7nNlU8vG5cJr2NiToC0/dGfZ+iW0=,tag:nWI6gjfawt8OWHyPX3d+eQ==,type:str] zipline: env: ENC[AES256_GCM,data:HOcqrzXnu+BcpZYgv1yzPOTV4ydJiVa0oIXQWMUNt/X6q2TUGPOTwWg/dOgzoi6jGzFxm+wJzugO4lLQurUV0DiWIWLDSm/PK+zW34yLYwMrwK1bRaF9yl7usAN6BEmpLw==,iv:9IZDQRT2JoXNTuyPZrwRSr2m3SnXaLmJcafpkraCFWA=,tag:+7EoCTiY9f0/C5jgvPQknA==,type:str] token: ENC[AES256_GCM,data:Ke+cJQ6Up5RUGqe/3tG7Nk40PoOQ1Vq1jN5QN4N5LXOFgclXpzN7sjx0bumFVEcgg4B7UkHmjHzjRAPtWheFu+1PaN02aQVLMGzYXgujqmccC+6roxYt4vdN0CLzf0Ii7k5KUwX3QdOV+lrVwyoBjgQyTD839YnODI7zavf+aDMlrE4+BlFjjV8MUQHsJ5G017xN0XLKOBIQsGpMl40YsvVXFrNwkZ+DkN7bXCZBiHI41W44snB1C3wkYOO+a0g4JzVjIhcHXalYgOW4Unuyyah8yDoXRxuSq7aZpQ+/AHRiuIuaHSrE5BUJu/9bJdjojNuk6VTsaLFtngViSjtyztcqMAIHFFq/KXAog8tg16dJH/V6PomrWXY=,iv:H/EcD/oNSw1mIwxsqyMeSRPsY7lnzEzTNJs6OPNfPw4=,tag:FgH9Nwxnq62uhCd/Av2kAA==,type:str] @@ -20,7 +20,7 @@ sops: Z0crWElZcVFMVUd0VytoTHFqbkRDck0KY8nsRThk1hCA/yDNy5JJ0T6pTUwRZhYW j8grD6JYvauuYa+3tSIwqy2RPiKltx696n9nXy9iPnFUO0QY/rQGVg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-10-08T05:31:44Z" - mac: ENC[AES256_GCM,data:05fWijDDOt7+MLLeMHjnMO/GvEur5CMGeeUg88FgzEjnhgWg8dGi8KyvnbHvHKi5G0Qm6+f2XBw7n1NkL31Umct8rEw84uSpFPZy/KN6XAEgYWFknugaOd1nriTrgJyP5ERsQM+vAL7J53X/wGH7rvwb9pqnHFHsBLZKe2Oyp7g=,iv:j8sKpH27f0ammwQmG5Bukk3Ec5dumrVg2aUmciIyhnM=,tag:LYwz7MKaU33rbmg7RVjklQ==,type:str] + lastmodified: "2025-10-09T07:41:18Z" + mac: ENC[AES256_GCM,data:zLuNIqXZaFBGXHEXDLbs5U2IaJRNDuPWX6MAhFVP28dWsghWgcNF3Oh09YCO4rAtgby73rN48Stm/mvmUFnvP90t0vGXRlAsflNnGJhiwMW9YyUGBaFUh2BSKUzOC37R+ZQEpchngqCoIHjCtAL+1EWjgF0QCac/aH9rwBd6MmQ=,iv:Z9/KOe1LgZpDw5l2Sk0f19hyV7dQotxuDi2GdOFsK0E=,tag:YngGlczVYLhShguSJyXe0g==,type:str] unencrypted_suffix: _unencrypted version: 3.10.2 From eaa6a4fdec4b444998a7c83df6b662da1e42eb3e Mon Sep 17 00:00:00 2001 From: lightly-toasted Date: Thu, 9 Oct 2025 20:09:57 +0900 Subject: [PATCH 4/5] feat(home): add host y2q --- flake.nix | 7 ++++++- home/hosts/y2q.nix | 23 +++++++++++++++++++++++ home/modules/cli/sops.nix | 4 ++-- 3 files changed, 31 insertions(+), 3 deletions(-) create mode 100644 home/hosts/y2q.nix diff --git a/flake.nix b/flake.nix index b1cb8ef..bf5430b 100644 --- a/flake.nix +++ b/flake.nix @@ -63,6 +63,11 @@ extraSpecialArgs = { inherit inputs rootPath; }; modules = [ ./home/hosts/wsl.nix ]; }; + "android@y2q" = home-manager.lib.homeManagerConfiguration { + pkgs = nixpkgs.legacyPackages.x86_64-linux; + extraSpecialArgs = { inherit inputs rootPath; }; + modules = [ ./home/hosts/y2q.nix ]; + }; }; devShells.${system}.default = pkgs.mkShell { @@ -76,7 +81,7 @@ HOST=$(hostname) alias deploy-nixos="sudo nixos-rebuild switch --flake .#$HOST" alias deploy-vps="nixos-rebuild switch --flake .#vps --target-host root@vps" - alias deploy-home="home-manager switch --flake .#toast@$HOST" + alias deploy-home="home-manager switch --flake .#$USER@$HOST" ''; }; }; diff --git a/home/hosts/y2q.nix b/home/hosts/y2q.nix new file mode 100644 index 0000000..509621d --- /dev/null +++ b/home/hosts/y2q.nix @@ -0,0 +1,23 @@ +{ config, pkgs, inputs, ... }: + +{ + imports = [ + inputs.nixvim.homeModules.nixvim + inputs.sops-nix.homeManagerModules.sops + ] ++ ( + let + modulesPath = ../modules; + cliModules = builtins.attrNames (builtins.readDir (modulesPath + "/cli/")); + in + map (module: modulesPath + "/cli/${module}") cliModules + ); + + home = { + username = "android"; + homeDirectory = "/home/android"; + stateVersion = "24.11"; + }; + + nixpkgs.config.allowUnfree = true; + systemd.user.startServices = "sd-switch"; +} diff --git a/home/modules/cli/sops.nix b/home/modules/cli/sops.nix index b125b37..094195f 100644 --- a/home/modules/cli/sops.nix +++ b/home/modules/cli/sops.nix @@ -1,8 +1,8 @@ -{ rootPath, ... }: +{ rootPath, config, ... }: { sops.defaultSopsFile = rootPath + /secrets/secrets.yaml; sops.defaultSopsFormat = "yaml"; - sops.age.keyFile = "/home/toast/.config/sops/age/keys.txt"; + sops.age.keyFile = "${config.home.homeDirectory}/.config/sops/age/keys.txt"; } From 08f4e5aa90df0469828ff0fb277bc8238b67da82 Mon Sep 17 00:00:00 2001 From: lightly-toasted Date: Thu, 9 Oct 2025 20:18:52 +0900 Subject: [PATCH 5/5] feat: add aarch64 support --- flake.nix | 39 +++++++++++++++++++++++---------------- 1 file changed, 23 insertions(+), 16 deletions(-) diff --git a/flake.nix b/flake.nix index bf5430b..5a88538 100644 --- a/flake.nix +++ b/flake.nix @@ -31,8 +31,8 @@ outputs = { self, nixpkgs, home-manager, ... } @ inputs: let rootPath = ./.; - system = "x86_64-linux"; - pkgs = import nixpkgs { inherit system; }; + systems = [ "x86_64-linux" "aarch64-linux" ]; + forAllSystems = f: nixpkgs.lib.genAttrs systems (system: f system); in { nixosConfigurations = { @@ -64,25 +64,32 @@ modules = [ ./home/hosts/wsl.nix ]; }; "android@y2q" = home-manager.lib.homeManagerConfiguration { - pkgs = nixpkgs.legacyPackages.x86_64-linux; + pkgs = nixpkgs.legacyPackages.aarch64-linux; extraSpecialArgs = { inherit inputs rootPath; }; modules = [ ./home/hosts/y2q.nix ]; }; }; - devShells.${system}.default = pkgs.mkShell { - buildInputs = [ - pkgs.nix - pkgs.home-manager - pkgs.sops - ]; + devShells = forAllSystems (system: + let + pkgs = import nixpkgs { inherit system; }; + in + { + default = pkgs.mkShell { + buildInputs = [ + pkgs.nix + pkgs.home-manager + pkgs.sops + ]; - shellHook = '' - HOST=$(hostname) - alias deploy-nixos="sudo nixos-rebuild switch --flake .#$HOST" - alias deploy-vps="nixos-rebuild switch --flake .#vps --target-host root@vps" - alias deploy-home="home-manager switch --flake .#$USER@$HOST" - ''; - }; + shellHook = '' + HOST=$(hostname) + alias deploy-nixos="sudo nixos-rebuild switch --flake .#$HOST" + alias deploy-vps="nixos-rebuild switch --flake .#vps --target-host root@vps" + alias deploy-home="home-manager switch --flake .#$USER@$HOST" + ''; + }; + } + ); }; }