diff --git a/hosts/pc/secrets/secrets.yaml b/hosts/pc/secrets/secrets.yaml index 550ac67..c5c5dd0 100644 --- a/hosts/pc/secrets/secrets.yaml +++ b/hosts/pc/secrets/secrets.yaml @@ -2,8 +2,6 @@ tailscale: auth-key: ENC[AES256_GCM,data:ieDjXpk1YJ2+rb5X5dV3NPtr8+FGwcQtdinSbB+SIuyNbLoSogKrutsBqa+v0I5g,iv:0bV4VwRGCf0yIKpR850/CuTvGFUPXOnFaHpWkdyokjk=,tag:vlRo7cZqgYnvSJiCPSutmw==,type:str] forgejo-runner: token: ENC[AES256_GCM,data:rDwc/w9RpL/++VXg+YEYTP0CPz+trQp2OP5rHgWrPU0qODh1VjHjJA==,iv:SEFGOTB4YVnZqaJ2Lg87MSPV++8kAgtYMabvqouLuaw=,tag:NvRQHU8yvc6BdyTsnmIqyg==,type:str] -syncthing: - gui-pw: ENC[AES256_GCM,data:iPm/MObZ4ZnLFGpHuTREJ1IGhEk=,iv:hy+wQ+xRRS5mevWUIItNby667IbqGaMDG+NOOjsJXeY=,tag:qZIsqO0iEVT0EG+bFzT6/g==,type:str] sops: age: - recipient: age19yeqvv28fgrtk6jsh3xyaf0lch86kna6rcz4dwe962yyyyevu30sx474xy @@ -24,7 +22,7 @@ sops: OHNTYTFFYTJQeXkzWDN3bE91RFgyMzAKV49+02ik78/chrQ1arlkQZH4G6oeRHCa Gp/WhuuOUJ7gwERNxhduhl4+IOSGcepgN5EJeTDXppUtiKXvNzmxpA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-03-01T15:50:59Z" - mac: ENC[AES256_GCM,data:ZZ/zBkla2TYXIjUQ66OL1GzH3YxUi6zXchcMyFsoxeYbaF+gxSWDnHXTtQDgOb72FdWPx18zUz/vO3BTSQqJ9Yyg46hN8xpVbjU7eDgVkXYJ3WfLikz/4v4R9xpxw/ru3LNyGtx+asa/DJu/a/wu4RL2OE1cXWbxqeVtXYll2A4=,iv:2T7gwHuzdjiVCJYQgYVs6PGDpF5pRWARAi+YPIJ77UE=,tag:b+1zPuKxyTjO0G7QgZeLXg==,type:str] + lastmodified: "2026-02-18T17:43:14Z" + mac: ENC[AES256_GCM,data:1QcpQcLQ/TQwfzzHSGsoveB4HoN5ByCURoJn+TZjXd/szx0dBtUIxzc4ktkQZ388HFgYJ4rqpNudlc4AvYvDJULSpfP7KRADKG1reSuqpInGjU79t5U4Wwp+KJ+o29lulTV4fIqfCuqB9QhD4lqLjMSjnKUx5wkmtPuvIEjvWDw=,iv:T3ygIFwbXA/GLAbRAbQn9AP+V6evdmUCOlUfVbZc4fs=,tag:V7tLIukIAo5jyN/HkrciAw==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 diff --git a/hosts/pc/services.nix b/hosts/pc/services.nix index f12c519..639108f 100644 --- a/hosts/pc/services.nix +++ b/hosts/pc/services.nix @@ -10,14 +10,11 @@ inputs.synix.nixosModules.openssh outputs.nixosModules.forgejo-runner - outputs.nixosModules.syncthing ]; - services.openssh.enable = true; - - # bootstrap - # services.syncthing.enable = true; - # services.syncthing.guiAddress = "0.0.0.0:8384"; + services = { + openssh.enable = true; + }; services.forgejo-runner = { enable = true; diff --git a/modules/nixos/common/default.nix b/modules/nixos/common/default.nix index 8d52671..ebba501 100644 --- a/modules/nixos/common/default.nix +++ b/modules/nixos/common/default.nix @@ -1,5 +1,6 @@ { imports = [ + ./nix.nix ./overlays.nix ]; diff --git a/modules/nixos/common/nix.nix b/modules/nixos/common/nix.nix new file mode 100644 index 0000000..b0eed13 --- /dev/null +++ b/modules/nixos/common/nix.nix @@ -0,0 +1,29 @@ +{ + nix = { + # TODO: add distributed build support for portuus.de + # distributedBuilds = true; + # buildMachines = [ + # { + # hostName = "portuus.de"; + # supportedFeatures = [ + # "benchmark" + # "big-parallel" + # "kvm" + # "nixos-test" + # ]; + # maxJobs = 8; + # system = "x86_64-linux"; + # } + # ]; + + settings = { + # binary caches + # substituters = [ + # "https://cache.portuus.de" + # ]; + # trusted-public-keys = [ + # "cache.portuus.de:INZRjwImLIbPbIx8Qp38gTVmSNL0PYE4qlkRzQY2IAU=" + # ]; + }; + }; +} diff --git a/modules/nixos/syncthing/default.nix b/modules/nixos/syncthing/default.nix index 42cb14d..fa023c1 100644 --- a/modules/nixos/syncthing/default.nix +++ b/modules/nixos/syncthing/default.nix @@ -19,10 +19,6 @@ let id = "5IPAQ5C-V3KFUMD-NJM74SH-6MD246O-JGYCBN4-F77QG6W-W3WNSCA-NQY37AY"; addresses = [ "tcp://100.64.0.2:${toString transferPort}" ]; }; - pc = { - id = "CSAY5FH-MHYXX4I-ERMWREY-KCXMMUS-AGITLYP-U3EIWNM-RB54JIM-6WIE4AS"; - addresses = [ "tcp://100.64.0.5:${toString transferPort}" ]; - }; rv2 = { id = "JG6BYOJ-AW67R72-VA25U6I-VIZ57HU-3KXMPGY-HTYT2FQ-ZZL6U7B-Z2RWDQ4"; addresses = [ "tcp://100.64.0.11:${toString transferPort}" ]; diff --git a/users/sid/home/hyprland/README.md b/users/sid/home/hyprland/README.md index d49f112..5697888 100644 --- a/users/sid/home/hyprland/README.md +++ b/users/sid/home/hyprland/README.md @@ -39,7 +39,7 @@ sudo cryptsetup close crypt ## Clone password store repository ```bash -git clone ssh://forgejo@rx4.tail:2299/sid/password-store.git $PASSWORD_STORE_DIR +git clone ssh://git.portuus.de:2299/home/sid/git/password-store $PASSWORD_STORE_DIR ``` ## Librewolf diff --git a/users/sid/home/hyprland/default.nix b/users/sid/home/hyprland/default.nix index e77e486..2258c0b 100644 --- a/users/sid/home/hyprland/default.nix +++ b/users/sid/home/hyprland/default.nix @@ -14,6 +14,7 @@ ./hyprland.nix ./librewolf.nix ./newsboat.nix + # ./nextcloud-sync.nix ./obs-studio.nix ./opencode.nix ./packages.nix diff --git a/users/sid/home/hyprland/hyprland.nix b/users/sid/home/hyprland/hyprland.nix index 6e24fc4..52e23a2 100644 --- a/users/sid/home/hyprland/hyprland.nix +++ b/users/sid/home/hyprland/hyprland.nix @@ -27,7 +27,7 @@ "$mod CTRL, m, exec, ${flatpakRun} org.mypaint.MyPaint" "$mod CTRL, o, exec, obs" "$mod CTRL, p, exec, otp" - "$mod SHIFT, a, exec, chromium --app=https://ai.sid.ovh" + "$mod SHIFT, a, exec, chromium --app=https://ai.portuus.de" ]; windowrule = [ "workspace 4, title:^newsboat$" @@ -35,7 +35,7 @@ "workspace 7, title:^Jellyfin Media Player$" "workspace 7, title:^spotify$" "workspace 8, class:^Element$, title:^Element" - "workspace 9, class:^chrome-ai.sid.ovh" + "workspace 9, class:^chrome-ai.portuus.de" "workspace 10, class:^zoom$, title:^Zoom" "workspace 10, class:^org.qbittorrent.qBittorrent$" "workspace 10, title:^Virtual Machine Manager$" diff --git a/users/sid/home/hyprland/newsboat.nix b/users/sid/home/hyprland/newsboat.nix index aef4b6c..6f60c33 100644 --- a/users/sid/home/hyprland/newsboat.nix +++ b/users/sid/home/hyprland/newsboat.nix @@ -4,7 +4,7 @@ programs.newsboat = { extraConfig = '' urls-source "miniflux" - miniflux-url "https://rss.sid.ovh/" + miniflux-url "https://miniflux.portuus.de/" miniflux-login "sid" miniflux-passwordfile "${config.sops.secrets.miniflux.path}" ''; diff --git a/users/sid/home/hyprland/nextcloud-sync.nix b/users/sid/home/hyprland/nextcloud-sync.nix new file mode 100644 index 0000000..fbe684d --- /dev/null +++ b/users/sid/home/hyprland/nextcloud-sync.nix @@ -0,0 +1,29 @@ +{ inputs, config, ... }: + +let + mkConnection = dir: { + local = config.home.homeDirectory + "/" + dir; + remote = "/" + dir; + }; + + mkConnections = dirs: map mkConnection dirs; + + connections = [ + "aud" + "doc" + "img" + "vid" + ]; +in +{ + imports = [ + inputs.synix.homeModules.nextcloud-sync + ]; + + services.nextcloud-sync = { + enable = true; + remote = "cloud.portuus.de"; + passwordFile = config.sops.secrets.nextcloud.path; + connections = mkConnections connections; + }; +} diff --git a/users/sid/home/hyprland/rclone.nix b/users/sid/home/hyprland/rclone.nix index aeb4edd..039b237 100644 --- a/users/sid/home/hyprland/rclone.nix +++ b/users/sid/home/hyprland/rclone.nix @@ -6,6 +6,13 @@ in { sops.templates.rclone.path = config.xdg.configHome + "/rclone/rclone.conf"; sops.templates.rclone.content = '' + [portuus] + type = webdav + url = https://cloud.portuus.de/remote.php/dav/files/sid/ + vendor = nextcloud + user = sid + pass = ${sops.placeholder."rclone/portuus/pass"} + [sciebo] type = webdav url = ${sops.placeholder."rclone/sciebo/url"} diff --git a/users/sid/home/hyprland/shell-aliases.nix b/users/sid/home/hyprland/shell-aliases.nix index 6e60438..5fe73f6 100644 --- a/users/sid/home/hyprland/shell-aliases.nix +++ b/users/sid/home/hyprland/shell-aliases.nix @@ -5,6 +5,7 @@ bt = "bluetoothctl"; ff = "find . -type f -name"; dd-iso = "dd bs=4M status=progress oflag=sync"; + nc-sync = "nextcloud-sync-all"; synapse_change_display_name = "${pkgs.synix.synapse_change_display_name}/bin/synapse_change_display_name -t $(${pkgs.pass}/bin/pass sid.ovh/matrix/access-token) -r sid.ovh"; }; } diff --git a/users/sid/home/hyprland/ssh-hosts.nix b/users/sid/home/hyprland/ssh-hosts.nix index bd55dc8..f5bdfda 100644 --- a/users/sid/home/hyprland/ssh-hosts.nix +++ b/users/sid/home/hyprland/ssh-hosts.nix @@ -2,6 +2,12 @@ { programs.ssh.matchBlocks = { + edge = { + host = "e edge"; + hostname = "49.12.227.10"; + port = 2299; + user = "sid"; + }; uvm = { host = "u uvm"; hostname = "localhost"; @@ -9,6 +15,12 @@ user = "root"; checkHostIP = false; }; + portuus = { + host = "p portuus *.portuus.de"; + hostname = "portuus.de"; + port = 2299; + user = "sid"; + }; sid = { host = "s sid *.sid.ovh"; hostname = "sid.ovh"; @@ -29,6 +41,12 @@ # gpg --export-ssh-key > ~/.ssh/id_rsa.pub defaultSshKey = "/home/sid/.ssh/id_rsa.pub"; mounts = { + portuus = { + host = "portuus.de"; + user = "sid"; + port = 2299; + mountPoint = "/home/sid/.config/nixos"; + }; }; }; home.shellAliases.sm = "sftpman"; diff --git a/users/sid/home/secrets/default.nix b/users/sid/home/secrets/default.nix index 3be7e83..4e5b1d5 100644 --- a/users/sid/home/secrets/default.nix +++ b/users/sid/home/secrets/default.nix @@ -6,10 +6,13 @@ ]; sops.secrets = { + "rclone/portuus/pass" = { }; "rclone/sciebo/pass" = { }; "rclone/sciebo/url" = { }; "rclone/sciebo/user" = { }; + gemini-api-key = { }; miniflux = { }; + nextcloud = { }; openrouter-api-key = { }; spotify = { }; }; diff --git a/users/sid/home/secrets/secrets.yaml b/users/sid/home/secrets/secrets.yaml index bd7301c..4b3823d 100644 --- a/users/sid/home/secrets/secrets.yaml +++ b/users/sid/home/secrets/secrets.yaml @@ -1,10 +1,14 @@ -miniflux: ENC[AES256_GCM,data:34Sg1cuIwxIkZR5zvFvfu3IV6AU=,iv:wRJ1ukppdcggJy9TTyzHxOqFmu5z2NwgByRj8U9UUGE=,tag:B9lp3ufjr5XcyywEujcvEw==,type:str] +miniflux: ENC[AES256_GCM,data:8AraKHhALBBJ5vzXc3t3UKX1DqA=,iv:VWv7MaTfDXZIr/dVWOMyRm6rFqLVhvTU0CYv5a2/PAM=,tag:nStt3Rn08KWadYVECRyObA==,type:str] +nextcloud: ENC[AES256_GCM,data:ge1GukFPmVe0vO1oL98loLpHkpE=,iv:7OTKSpxeKVmDFIvC8yd+c3TglZMIb6iLmXtUQgONWDE=,tag:1PYvJAYfSnZquyXz4eseDw==,type:str] rclone: + portuus: + pass: ENC[AES256_GCM,data:QcI6y3AKEh0+PWT4a7NXxbt0te78BJeZT3JxRxGpfkjxhqFWGNHHs6I0pxBFuyAkFa8=,iv:qcMmuAI1odd32YWO8OB+CB2cMHHK2raFBWJ/dSbBSuA=,tag:uxD2CVq9i5quK7QuQuwQTQ==,type:str] sciebo: url: ENC[AES256_GCM,data:T8eSTFOYRu+dOF3wnOBSorIgeOs1VkZ8xqH5mh2/g2VeKnvjeLmUg6/4X+ZthsBpetPeiELkeg+XzzT+F5qxEaaV5OdTT8c=,iv:qmpvVJLJwE6CmIEdne9vgoP5H1GTiZYOXb5yR2DaS5k=,tag:QdTmUW+O2Z2Dpqcb/Ug2/A==,type:str] user: ENC[AES256_GCM,data:FrZZtV05qq15bwZko/2qFhWLfn4=,iv:sddWcvc1K8J008bkqSrf22fCR9w+fD5uOykNVb0aBS8=,tag:XkwZtGtDskUBpbj0vJyHGg==,type:str] pass: ENC[AES256_GCM,data:osKqEPF3MXzGSA3bziw6hx+5fQNXkXfrWKAUiK7yV+r48nTsJ+YYzUlIjYluioM0,iv:TANLg8RW2NUwj0RKUZW09U//l//ijOjRB3uRLITlu/E=,tag:yJxkCWL0Y0a8MPH57duOMw==,type:str] spotify: ENC[AES256_GCM,data:PQ5eUxL/oi+SE6gbe5+XQYExHw0=,iv:vz5TCa6jS+LMZsxFOQZhC4EwetcHmu/zxK6JTVXucwA=,tag:+cyc2hdUsvfDwLbxzoeogg==,type:str] +gemini-api-key: ENC[AES256_GCM,data:UvLB1vq56Wv4MpL/KPJ4M4p5Lx1Se/dv/vT/Vim2HSxHiyXWoVow,iv:xepkGlDG4doKeskQTyzxVx7SE7veUQVrzZahLdDxVQg=,tag:ue6lphZcPovfrgyibhRkDA==,type:str] openrouter-api-key: ENC[AES256_GCM,data:VGSlgUfEBwUKjEwdGqYTLvGlMJ3VSwApJexYZ4YVpKTE6oFQeZpsjMc6dymkSsLITVw2n92rfkhJi7e+MEvBCkNVNbb+KP5PnA==,iv:GvYq5+QhuONaPzHleGMuqzWQhhCcb9oxU9Pr/mWwKh4=,tag:iAlf173z7pW97LvkUPQgBA==,type:str] sops: age: @@ -17,7 +21,7 @@ sops: d0lFU3lCVHVxN2xveUE4V2VtanFBY2cKD4qYxFo7G6B0fsLcNeNZaK4k3DGwVocA XYHwoqEZ58xspiuVkp3F+fFpgoysuVusB9ZimjLkt2D6phk+0SGKfA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-02-27T21:32:58Z" - mac: ENC[AES256_GCM,data:d2GBjbQxTQeihm0XNobLuJ1SxIwhG6SAZa1LqHA7zhet/CNsDG4TwjKWRKzy6gSQAO/OjPB8OiRFv9l7m3sid+Rh9Zf3YvozTq6hF7seLfWDOVHAeT0yj8st64JV2QsteRNDKrD/LqQdAZTg7yIbYpgggwbgpfOCB9z9cg6rGDA=,iv:Wz5nTk5XyyUhRnYqSJSmpwxMlOsV4Wqsy734tG0NBfo=,tag:bVeTa8qZhasffN2lzfQFSw==,type:str] + lastmodified: "2026-02-18T17:07:22Z" + mac: ENC[AES256_GCM,data:U3c9xDqKHIGFM9YCwR/1W2U2blWyXfFOljzyht+2aOA15v8Ys23vG5UJNO91frIRqZYnoSLTrJADlrW0S7zD4ft+7GHKK1XuriUXm5hzOl62HdB3pSX5nvWVdkPBdKE5e/se3HyQuiu0ZM9EHd0hepxLBh3YfQxGjhsaHZX2Q1g=,iv:r+1sC+MuONmFwEN935KJ0CFn9jsSGoI7rH+d6uDGYF8=,tag:2SNEFn1TNVQ2K/Jr9uIypQ==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0