aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rwxr-xr-xMakefile1
-rw-r--r--flake.lock36
-rw-r--r--home/default.nix65
-rw-r--r--home/goose.nix4
-rw-r--r--home/nushell.nix2
-rw-r--r--home/nvim/default.nix7
-rw-r--r--home/nvim/lsp.lua3
-rw-r--r--home/nvim/plugins/treesitter.lua3
-rw-r--r--home/wallpapers/default.nix3
-rw-r--r--hosts/kataja/default.nix48
-rw-r--r--hosts/pihlaja/default.nix48
-rw-r--r--hosts/saarni/default.nix72
-rw-r--r--hosts/tammi/90-wg-relesoft.netdev15
-rw-r--r--hosts/tammi/90-wg-relesoft.network23
-rw-r--r--roles/shared.nix29
-rw-r--r--secrets/duckdns_login_token.age16
-rw-r--r--secrets/forgejo.age16
-rw-r--r--secrets/gmail.age16
-rw-r--r--secrets/miniflux_api_key.age16
-rw-r--r--secrets/minio.age19
-rw-r--r--secrets/openai_auth_token.agebin600 -> 600 bytes
-rw-r--r--secrets/radicale.age16
-rw-r--r--secrets/relesoft.age16
-rw-r--r--secrets/relesoft_cargo_token.age16
-rw-r--r--secrets/s3fs.agebin494 -> 494 bytes
-rw-r--r--secrets/secrets.nix3
-rw-r--r--secrets/shiori_password.age17
-rw-r--r--secrets/unsplash_access_key.agebin476 -> 476 bytes
-rw-r--r--secrets/wg_relesoft_kataja.agebin0 -> 477 bytes
-rw-r--r--secrets/wg_relesoft_pihlaja.agebin0 -> 477 bytes
-rw-r--r--secrets/wg_relesoft_saarni.agebin0 -> 477 bytes
31 files changed, 381 insertions, 129 deletions
diff --git a/Makefile b/Makefile
index 301b3ae..adfe507 100755
--- a/Makefile
+++ b/Makefile
@@ -14,6 +14,7 @@ clean:
run0 nix-env --delete-generations +2 --profile /nix/var/nix/profiles/system
run0 nix-store --gc
run0 nix-store --optimise
+ nix-collect-garbage --delete-older-than 10d
validate:
run0 nix-store --repair --verify --check-contents
diff --git a/flake.lock b/flake.lock
index b1e4a40..36cc965 100644
--- a/flake.lock
+++ b/flake.lock
@@ -10,11 +10,11 @@
"systems": "systems"
},
"locked": {
- "lastModified": 1762618334,
- "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=",
+ "lastModified": 1770165109,
+ "narHash": "sha256-9VnK6Oqai65puVJ4WYtCTvlJeXxMzAp/69HhQuTdl/I=",
"owner": "ryantm",
"repo": "agenix",
- "rev": "fcdea223397448d35d9b31f798479227e80183f6",
+ "rev": "b027ee29d959fda4b60b57566d64c98a202e0feb",
"type": "github"
},
"original": {
@@ -53,11 +53,11 @@
},
"locked": {
"dir": "pkgs/firefox-addons",
- "lastModified": 1767758611,
- "narHash": "sha256-ibG5QHWvuvclo5yh18+0fw3Ha/pbxhZ19quziyfvQ+w=",
+ "lastModified": 1773201798,
+ "narHash": "sha256-TZQwHvIBz9hr/fci/G/AIjPSKCMtxQm/xFm3MNJ/mVg=",
"owner": "rycee",
"repo": "nur-expressions",
- "rev": "fbd89131423a48ba82da06c6beef13a5ddde2818",
+ "rev": "016edd132727d8ac364454a6b443ef46c2d1c7e4",
"type": "gitlab"
},
"original": {
@@ -95,11 +95,11 @@
]
},
"locked": {
- "lastModified": 1767619900,
- "narHash": "sha256-KpoCBPvwHz3gAQtIUkohE2InRBFK3r0/FM6z5SPWfvM=",
+ "lastModified": 1772985280,
+ "narHash": "sha256-FdrNykOoY9VStevU4zjSUdvsL9SzJTcXt4omdEDZDLk=",
"owner": "nix-community",
"repo": "home-manager",
- "rev": "6bd04da47cfb48dfd15eabf08364b78ad894f5b2",
+ "rev": "8f736f007139d7f70752657dff6a401a585d6cbc",
"type": "github"
},
"original": {
@@ -111,11 +111,11 @@
},
"nixos-hardware": {
"locked": {
- "lastModified": 1767185284,
- "narHash": "sha256-ljDBUDpD1Cg5n3mJI81Hz5qeZAwCGxon4kQW3Ho3+6Q=",
+ "lastModified": 1772972630,
+ "narHash": "sha256-mUJxsNOrBMNOUJzN0pfdVJ1r2pxeqm9gI/yIKXzVVbk=",
"owner": "NixOS",
"repo": "nixos-hardware",
- "rev": "40b1a28dce561bea34858287fbb23052c3ee63fe",
+ "rev": "3966ce987e1a9a164205ac8259a5fe8a64528f72",
"type": "github"
},
"original": {
@@ -125,11 +125,11 @@
},
"nixpkgs": {
"locked": {
- "lastModified": 1767634882,
- "narHash": "sha256-2GffSfQxe3sedHzK+sTKlYo/NTIAGzbFCIsNMUPAAnk=",
+ "lastModified": 1773068389,
+ "narHash": "sha256-vMrm7Pk2hjBRPnCSjhq1pH0bg350Z+pXhqZ9ICiqqCs=",
"owner": "nixos",
"repo": "nixpkgs",
- "rev": "3c9db02515ef1d9b6b709fc60ba9a540957f661c",
+ "rev": "44bae273f9f82d480273bab26f5c50de3724f52f",
"type": "github"
},
"original": {
@@ -141,11 +141,11 @@
},
"nixpkgs-unstable": {
"locked": {
- "lastModified": 1767640445,
- "narHash": "sha256-UWYqmD7JFBEDBHWYcqE6s6c77pWdcU/i+bwD6XxMb8A=",
+ "lastModified": 1772963539,
+ "narHash": "sha256-9jVDGZnvCckTGdYT53d/EfznygLskyLQXYwJLKMPsZs=",
"owner": "nixos",
"repo": "nixpkgs",
- "rev": "9f0c42f8bc7151b8e7e5840fb3bd454ad850d8c5",
+ "rev": "9dcb002ca1690658be4a04645215baea8b95f31d",
"type": "github"
},
"original": {
diff --git a/home/default.nix b/home/default.nix
index e20e483..e8b74a9 100644
--- a/home/default.nix
+++ b/home/default.nix
@@ -3,6 +3,7 @@
config,
vars,
pkgs,
+ lib,
...
}:
let
@@ -24,7 +25,6 @@ in
./firefox.nix
./fish.nix
./git.nix
- ./goose.nix
./hyprland.nix
./hyprlock.nix
./mail
@@ -42,15 +42,23 @@ in
./zaread.nix
];
+ nix.gc = {
+ automatic = true;
+ dates = "weekly";
+ options = "--delete-older-than 14d";
+ };
+
home = {
+ activation.mySymlinks = lib.mkAfter ''
+ ln -sf /media/skydrive/Downloads /home/petri/Downloads;
+ '';
file = {
".cache/nix-index/.keep".text = "";
"Calendar/radicale/.keep".text = "";
"Contacts/radicale/.keep".text = "";
- Downloads.source = config.lib.file.mkOutOfStoreSymlink "/media/skydrive/Downloads";
};
enableNixpkgsReleaseCheck = true;
- stateVersion = "25.05";
+ stateVersion = "25.11";
shell = {
enableBashIntegration = true;
enableFishIntegration = true;
@@ -64,8 +72,13 @@ in
CARGO_REGISTRIES_RELESOFT_IO_PROTOCOL = "sparse";
CARGO_REGISTRIES_RELESOFT_TOKEN = "$(${pkgs.coreutils}/bin/cat ${config.age.secrets.relesoft_cargo_token.path})";
CC = "clang";
+ CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC = "1";
CURSOR_SIZE = "16";
DEFAULT_BROWSER = "${pkgs.firefox}/bin/firefox";
+ DISABLE_AUTOUPDATER = "1";
+ DISABLE_BUG_COMMAND = "1";
+ DISABLE_ERROR_REPORTING = "1";
+ DISABLE_TELEMETRY = "1";
ELECTRON_OZONE_PLATFORM_HINT = "auto";
GDK_SCALE = "1";
MOZ_USE_XINPUT2 = "1";
@@ -141,7 +154,9 @@ in
# cli-tools
appimage-run
attic-client # nix cache client
+ bat # cat but with extra features
brightnessctl
+ cargo # rust project manager
cloc # count llines of code
dmidecode # memory information
espflash # ESP32 flasher
@@ -150,7 +165,6 @@ in
file # show the type of file
font-awesome # icons
forgejo-cli # forgejo-cli
- gat # cat but with extra features
grim # screen capture
inxi # system innformation
jq # commandline json parser
@@ -169,10 +183,6 @@ in
slurp # screen are capture
sqlite # simple database
timg # show image in shell
- unstable.goose-cli # llm cli
- unstable.vale # spellcheck
- unstable.valeStyles.microsoft # spellcheck linters
- unstable.valeStyles.write-good # spellcheck linters
whisper-cpp # tts
wlogout # logout helper
xdg-utils
@@ -188,11 +198,9 @@ in
couchbase-shell # couchbase
d2 # graphs
gnumake # makefile
- lean4 # theorem prover - broken
+ lean4 # theorem prover
lld # c and rust linker
nodePackages.jsdoc # javascript documentation
- unstable.go
- unstable.golint # linter for go
uv # python package installer
];
};
@@ -258,6 +266,25 @@ in
};
programs = {
+ claude-code = {
+ enable = true;
+ package = unstable.claude-code;
+ };
+ tex-fmt = {
+ enable = true;
+ settings = {
+ wrap = false;
+ tabchar = "tab";
+ tabsize = 1;
+ };
+ };
+ go = {
+ enable = true;
+ telemetry.mode = "off";
+ env = {
+ CC = "clang";
+ };
+ };
obsidian = {
enable = true;
defaultSettings.app = {
@@ -320,6 +347,17 @@ in
television = {
enable = true;
enableFishIntegration = true;
+ settings = {
+ preview = {
+ command = "${pkgs.bat}/bin/bat --style=numbers --color=always {}";
+ };
+ ui = {
+ use_nerd_font_icons = true;
+ };
+ search = {
+ command = "${pkgs.ripgrep}/bin/rg";
+ };
+ };
};
zathura = {
enable = true;
@@ -484,6 +522,9 @@ in
ssh = {
enableDefaultConfig = false;
enable = true;
+ matchBlocks."relesoft.io" = {
+ hostname = "65.21.238.221";
+ };
matchBlocks."*" = {
compression = true;
controlMaster = "auto";
@@ -579,7 +620,7 @@ in
nvim = {
categories = [ ];
comment = "A text editor";
- exec = ''${pkgs.neovim}/bin/nvim'';
+ exec = "${pkgs.neovim}/bin/nvim";
genericName = "Editor";
name = "nvim";
terminal = true;
diff --git a/home/goose.nix b/home/goose.nix
index a277866..115386d 100644
--- a/home/goose.nix
+++ b/home/goose.nix
@@ -1,7 +1,7 @@
-{ config, pkgs, ... }:
+{ pkgs, ... }:
{
xdg.configFile."goose/config.yaml".source = (pkgs.formats.yaml { }).generate "goose-config" {
- GOOSE_DISABLE_KEYRING = "true";
+ GOOSE_DISABLE_KEYRING = true;
GOOSE_MODE = "auto";
GOOSE_MODEL = "gpt-4.1-mini";
GOOSE_PROVIDER = "openai";
diff --git a/home/nushell.nix b/home/nushell.nix
index b86625f..99f9fbb 100644
--- a/home/nushell.nix
+++ b/home/nushell.nix
@@ -19,7 +19,7 @@
wifi = "${pkgs.impala}/bin/impala";
youtube = "${pkgs.pipe-viewer}/bin/pipe-viewer";
};
- extraEnv = '''';
+ extraEnv = "";
extraConfig = ''
def ns [] {
${pkgs.nix-search-tv}/bin/nix-search-tv print | ${pkgs.fzf}/bin/fzf --preview "${pkgs.nix-search-tv}/bin/nix-search-tv preview {}" --scheme history
diff --git a/home/nvim/default.nix b/home/nvim/default.nix
index 0c1a32a..efb19b4 100644
--- a/home/nvim/default.nix
+++ b/home/nvim/default.nix
@@ -30,8 +30,8 @@
# LSP
biome # javascript, biome
- clippy # rust error checking
clang-tools # C
+ clippy # rust error checking
dprint # format engine for multiple langeuages
dprint-plugins.dprint-plugin-markdown # markdown
dprint-plugins.dprint-plugin-toml # toml
@@ -47,11 +47,14 @@
nodePackages.typescript-language-server # javascript validation
ruff # python format and lint
rust-analyzer
- tex-fmt # latex
+ tex-fmt # latex fmt
texlab # latex lsp
tree-sitter # generate tree-sitter grammars
ty # python type checker written in rust
+ vale # spellcheck
vale-ls # prose (md, asciidoc)
+ valeStyles.microsoft # spellcheck linters
+ valeStyles.write-good # spellcheck linters
];
extraPython3Packages = ps: [
diff --git a/home/nvim/lsp.lua b/home/nvim/lsp.lua
index 2b8a730..7e124bd 100644
--- a/home/nvim/lsp.lua
+++ b/home/nvim/lsp.lua
@@ -214,7 +214,7 @@ vim.lsp.config("clangd", {
vim.lsp.config("vale_ls", {
cmd = { "vale-ls" },
- filetypes = { "markdown", "text", "tex", "rst", "adoc", "asciidoc" },
+ filetypes = { "markdown", "text", "tex", "rst", "adoc", "asciidoc", "html" },
root_markers = { ".vale.ini" },
})
@@ -289,6 +289,7 @@ vim.lsp.config("bashls", {
vim.lsp.config("texlab", {
cmd = { "texlab" },
filetypes = { "tex", "plaintex", "bib" },
+ latexFormatter = "tex-fmt"
})
vim.lsp.enable({
diff --git a/home/nvim/plugins/treesitter.lua b/home/nvim/plugins/treesitter.lua
index c408901..7f470b0 100644
--- a/home/nvim/plugins/treesitter.lua
+++ b/home/nvim/plugins/treesitter.lua
@@ -9,4 +9,7 @@ require "nvim-treesitter".setup {
max_file_lines = 2000,
},
additional_vim_regex_highlighting = false,
+ indent = {
+ enable = true,
+ },
}
diff --git a/home/wallpapers/default.nix b/home/wallpapers/default.nix
index 5203cff..a358a70 100644
--- a/home/wallpapers/default.nix
+++ b/home/wallpapers/default.nix
@@ -60,6 +60,7 @@ in
systemd.user.services."wallpaper-fetch" = {
Unit = {
Description = "Fetch and update 4K nature wallpaper for Hyprpaper";
+ After = [ "graphical-session.target" ];
};
Service = {
LoadCredential = [ "login_token:${config.age.secrets.unsplash_access_key.path}" ];
@@ -72,8 +73,6 @@ in
systemd.user.timers."wallpaper-fetch" = {
Unit = {
Description = "Periodic Unsplash wallpaper fetch timer";
- After = [ "graphical-session.target" ];
- Wants = [ "network-online.target" ];
};
Timer = {
OnBootSec = "2min";
diff --git a/hosts/kataja/default.nix b/hosts/kataja/default.nix
index d7be404..d04128f 100644
--- a/hosts/kataja/default.nix
+++ b/hosts/kataja/default.nix
@@ -122,5 +122,53 @@
bluetooth.settings.General.Name = "kataja";
};
+ age.secrets.wg_relesoft = {
+ file = ../../secrets/wg_relesoft_kataja.age;
+ group = "systemd-network";
+ mode = "0640";
+ };
+
+ systemd.network.netdevs."90-wg-relesoft" = {
+ netdevConfig = {
+ Name = "wg-relesoft";
+ Kind = "wireguard";
+ };
+ wireguardConfig = {
+ PrivateKeyFile = config.age.secrets.wg_relesoft.path;
+ };
+ wireguardPeers = [
+ {
+ PublicKey = "B5QK7rl8sAXPu2upKhondWSt49qMOqTG/hDjwqY3cDs=";
+ Endpoint = "65.21.238.221:51194";
+ AllowedIPs = [
+ "10.200.200.0/24"
+ "fdc9:281f:4d7:9ee9::/64"
+ "2a01:4f9:6a:4e26::/64"
+ ];
+ PersistentKeepalive = 25;
+ }
+ ];
+ };
+
+ systemd.network.networks."90-wg-relesoft" = {
+ matchConfig.Name = "wg-relesoft";
+ address = [
+ "10.200.200.12/24"
+ "fdc9:281f:4d7:9ee9::12/128"
+ "2a01:4f9:6a:4e26::12/128"
+ ];
+ networkConfig = {
+ IPv4Forwarding = true;
+ IPv6Forwarding = true;
+ IPv6AcceptRA = false;
+ };
+ routes = [
+ { Destination = "10.200.200.0/24"; }
+ { Destination = "fdc9:281f:4d7:9ee9::/64"; }
+ { Destination = "2a01:4f9:6a:4e26::/64"; }
+ ];
+ linkConfig.MTUBytes = "1420";
+ };
+
system.stateVersion = "25.11";
}
diff --git a/hosts/pihlaja/default.nix b/hosts/pihlaja/default.nix
index 54a7efd..fd0a1b1 100644
--- a/hosts/pihlaja/default.nix
+++ b/hosts/pihlaja/default.nix
@@ -230,5 +230,53 @@
});
'';
+ age.secrets.wg_relesoft = {
+ file = ../../secrets/wg_relesoft_pihlaja.age;
+ group = "systemd-network";
+ mode = "0640";
+ };
+
+ systemd.network.netdevs."90-wg-relesoft" = {
+ netdevConfig = {
+ Name = "wg-relesoft";
+ Kind = "wireguard";
+ };
+ wireguardConfig = {
+ PrivateKeyFile = config.age.secrets.wg_relesoft.path;
+ };
+ wireguardPeers = [
+ {
+ PublicKey = "B5QK7rl8sAXPu2upKhondWSt49qMOqTG/hDjwqY3cDs=";
+ Endpoint = "65.21.238.221:51194";
+ AllowedIPs = [
+ "10.200.200.0/24"
+ "fdc9:281f:4d7:9ee9::/64"
+ "2a01:4f9:6a:4e26::/64"
+ ];
+ PersistentKeepalive = 25;
+ }
+ ];
+ };
+
+ systemd.network.networks."90-wg-relesoft" = {
+ matchConfig.Name = "wg-relesoft";
+ address = [
+ "10.200.200.10/24"
+ "fdc9:281f:4d7:9ee9::10/128"
+ "2a01:4f9:6a:4e26::10/128"
+ ];
+ networkConfig = {
+ IPv4Forwarding = true;
+ IPv6Forwarding = true;
+ IPv6AcceptRA = false;
+ };
+ routes = [
+ { Destination = "10.200.200.0/24"; }
+ { Destination = "fdc9:281f:4d7:9ee9::/64"; }
+ { Destination = "2a01:4f9:6a:4e26::/64"; }
+ ];
+ linkConfig.MTUBytes = "1420";
+ };
+
system.stateVersion = "24.05"; # Did you read the comment?
}
diff --git a/hosts/saarni/default.nix b/hosts/saarni/default.nix
index b614131..49b37ea 100644
--- a/hosts/saarni/default.nix
+++ b/hosts/saarni/default.nix
@@ -31,6 +31,30 @@
};
network = {
networks = {
+ "13-shared" = {
+ matchConfig = {
+ MACAddress = "5a:c1:1b:77:fc:e5";
+ };
+ linkConfig = {
+ Multicast = true;
+ };
+ networkConfig = {
+ DHCP = true;
+ IPv6AcceptRA = true;
+ MulticastDNS = true;
+ LinkLocalAddressing = "ipv6";
+ DNSSEC = true;
+ UseDomains = true;
+ };
+ dhcpV4Config = {
+ RouteMetric = 20;
+ UseDNS = true;
+ UseMTU = true;
+ };
+ ipv6AcceptRAConfig = {
+ UseMTU = true;
+ };
+ };
"10-lan" = {
matchConfig = {
Name = "enps0";
@@ -126,5 +150,53 @@
};
thermald.enable = true;
};
+ age.secrets.wg_relesoft = {
+ file = ../../secrets/wg_relesoft_saarni.age;
+ group = "systemd-network";
+ mode = "0640";
+ };
+
+ systemd.network.netdevs."90-wg-relesoft" = {
+ netdevConfig = {
+ Name = "wg-relesoft";
+ Kind = "wireguard";
+ };
+ wireguardConfig = {
+ PrivateKeyFile = config.age.secrets.wg_relesoft.path;
+ };
+ wireguardPeers = [
+ {
+ PublicKey = "B5QK7rl8sAXPu2upKhondWSt49qMOqTG/hDjwqY3cDs=";
+ Endpoint = "65.21.238.221:51194";
+ AllowedIPs = [
+ "10.200.200.0/24"
+ "fdc9:281f:4d7:9ee9::/64"
+ "2a01:4f9:6a:4e26::/64"
+ ];
+ PersistentKeepalive = 25;
+ }
+ ];
+ };
+
+ systemd.network.networks."90-wg-relesoft" = {
+ matchConfig.Name = "wg-relesoft";
+ address = [
+ "10.200.200.11/24"
+ "fdc9:281f:4d7:9ee9::11/128"
+ "2a01:4f9:6a:4e26::11/128"
+ ];
+ networkConfig = {
+ IPv4Forwarding = true;
+ IPv6Forwarding = true;
+ IPv6AcceptRA = false;
+ };
+ routes = [
+ { Destination = "10.200.200.0/24"; }
+ { Destination = "fdc9:281f:4d7:9ee9::/64"; }
+ { Destination = "2a01:4f9:6a:4e26::/64"; }
+ ];
+ linkConfig.MTUBytes = "1420";
+ };
+
system.stateVersion = "24.05";
}
diff --git a/hosts/tammi/90-wg-relesoft.netdev b/hosts/tammi/90-wg-relesoft.netdev
new file mode 100644
index 0000000..9ef2e1e
--- /dev/null
+++ b/hosts/tammi/90-wg-relesoft.netdev
@@ -0,0 +1,15 @@
+[NetDev]
+Name=wg-relesoft
+Kind=wireguard
+Description=WireGuard tunnel to relesoft.io
+
+[WireGuard]
+PrivateKey=KG00ekUKe0NFxuP3ndV0EZUtKX4wR8iyU+0rufZGuFA=
+
+[WireGuardPeer]
+PublicKey=B5QK7rl8sAXPu2upKhondWSt49qMOqTG/hDjwqY3cDs=
+Endpoint=65.21.238.221:51194
+AllowedIPs=10.200.200.0/24
+AllowedIPs=fdc9:281f:04d7:9ee9::/64
+AllowedIPs=2a01:4f9:6a:4e26::/64
+PersistentKeepalive=25
diff --git a/hosts/tammi/90-wg-relesoft.network b/hosts/tammi/90-wg-relesoft.network
new file mode 100644
index 0000000..5ba120b
--- /dev/null
+++ b/hosts/tammi/90-wg-relesoft.network
@@ -0,0 +1,23 @@
+[Match]
+Name=wg-relesoft
+
+[Link]
+MTUBytes=1420
+
+[Network]
+Address=10.200.200.13/24
+Address=fdc9:281f:04d7:9ee9::13/128
+Address=2a01:4f9:6a:4e26::13/128
+IPv4Forwarding=yes
+IPv6Forwarding=yes
+IPv6AcceptRA=no
+LinkLocalAddressing=no
+
+[Route]
+Destination=10.200.200.0/24
+
+[Route]
+Destination=fdc9:281f:04d7:9ee9::/64
+
+[Route]
+Destination=2a01:4f9:6a:4e26::/64
diff --git a/roles/shared.nix b/roles/shared.nix
index 821c8f7..483f45b 100644
--- a/roles/shared.nix
+++ b/roles/shared.nix
@@ -158,8 +158,8 @@
allowedTCPPorts = [
22
443
- 5353
];
+ allowedUDPPorts = [ 5353 ];
};
wireless.iwd = {
enable = true;
@@ -175,8 +175,8 @@
};
useNetworkd = true;
nameservers = [
- "2001:14ba:a302:1e29::1#adguard.tammi.cc"
- "88.148.149.225#adguard.tammi.cc"
+ "2001:14ba:a303:1713::1#adguard.tammi.cc"
+ "87.94.150.140#adguard.tammi.cc"
];
};
@@ -311,6 +311,7 @@
"adm"
"audio"
"bluetooth"
+ "dialout"
"input"
"lp"
"lpadmin"
@@ -340,6 +341,9 @@
nixfmt-rfc-style
shaderc.dev
shaderc.static
+ sshpass
+ busybox
+ wireguard-tools
vulkan-headers
vulkan-loader
vulkan-tools
@@ -595,16 +599,6 @@
};
services = {
- avahi = {
- enable = true;
- nssmdns4 = true;
- nssmdns6 = true;
- openFirewall = true;
- publish = {
- enable = true;
- userServices = true;
- };
- };
fprintd.enable = true;
pipewire = {
enable = true;
@@ -690,6 +684,8 @@
updateDbusEnvironment = true;
};
udev.extraRules = ''
+ # Navilock GPS
+ SUBSYSTEM=="usb", ATTR{idVendor}=="067b", ATTR{idProduct}=="2303", MODE:="0666"
# Blinkstick nano
SUBSYSTEM=="usb", ATTR{idVendor}=="20a0", ATTR{idProduct}=="41e5", MODE:="0666"
# ESP32P4 waveshare
@@ -717,7 +713,6 @@
enable = true;
openFirewall = true;
settings = {
- UseDns = true;
AllowUsers = [ "petri" ];
KexAlgorithms = [
"curve25519-sha256@libssh.org"
@@ -746,9 +741,9 @@
PasswordAuthentication = false;
};
extraConfig = ''
- AllowAgentForwarding no
- AllowTcpForwarding no
- ClientAliveCountMax 0
+ AllowAgentForwarding yes
+ AllowTcpForwarding yes
+ ClientAliveCountMax 3
ClientAliveInterval 300
LoginGraceTime 60
MaxAuthTries 1
diff --git a/secrets/duckdns_login_token.age b/secrets/duckdns_login_token.age
index 3b3d3ab..a519b33 100644
--- a/secrets/duckdns_login_token.age
+++ b/secrets/duckdns_login_token.age
@@ -1,9 +1,9 @@
age-encryption.org/v1
--> ssh-ed25519 egf4NA +VzAzKhuXkw74GBIOzofN6/6SI7cje4aiEcDZDxEclg
-e325gmTDa+fvp/AgdxyQYv2071Err/kgtnHq67LHHhE
--> ssh-ed25519 nivnYg Hm2IQ/VYz/+IeZfkeQYwedpuI5n7ud2kxggBJoPx8As
-DQjHPv+RCrlP8dF6rJlRF8y6DcE71E/0sWD2cy1vf50
--> ssh-ed25519 SIk9MQ dOGiCPHx48roHubeG080IiMK4qhlMFoQG2dzfXyOP1A
-P2Q/80buYQo18MLG6RhW3RZqrxn1pk9Yvn98AUll7UU
---- Q3ykV4uJZ7W3A2zOzZGbcFIBNo8s9TB+jZMKmGqtZoY
-Oܿ[w_jAUŔHfkSxK/\{Ϙ1fN^i`VpseAQ \ No newline at end of file
+-> ssh-ed25519 egf4NA F4GBfNpWG75ESy176wtm+vLHcSdAa9ZdbnwXubNkuiM
+ccX1/Z0dTvwd8iyavC0k1Z2ppWuNkc8bEmyTVA5BNHs
+-> ssh-ed25519 nivnYg o/UjkIgc1o6UV07FtzFS7paHKyskSVhe7kEcEk527Bk
+1zKLbNGq++UN6+/80XbyeGoukHF1oYhE+fHCl2NPe14
+-> ssh-ed25519 SIk9MQ Wbn0cKs1CjjxptJ06hG4aGo7qJO0tw2ammLfADOor0M
+CSbdt4f43d8XLf8hPnCtGZ4cd7kLVs9NU99uu0/g16U
+--- UL6LnkmstsoTzmenzOOAWjAZxvFtKYmHo8ncWCaq59o
+>O³,fO@i %;6sw{~7ֶhx?(#c M^(We]q \ No newline at end of file
diff --git a/secrets/forgejo.age b/secrets/forgejo.age
index e57b11c..f7a0bb2 100644
--- a/secrets/forgejo.age
+++ b/secrets/forgejo.age
@@ -1,9 +1,9 @@
age-encryption.org/v1
--> ssh-ed25519 egf4NA 3QsGsfV3HjIyiAjYS2pHn8XS+QVqHjJyeyXCWOVxmiE
-cRwdpYAOxGISDqczCeF8263bCAUKzHaCl+uOCf6ofIA
--> ssh-ed25519 nivnYg yq5CQdmIndZ/w1QfHUR4uSNh7yyq4nfOgLs3FmcWKhc
-fx28Vj/Fmgllrw2lNKUqWP8WbkOEioibbI8tqh82sd8
--> ssh-ed25519 SIk9MQ W+8sFOxyaoQpupYA9/mzMwnpn8DyOhF/e+ecOJ0kDwU
-NcX6MgEOfwBHnzLVFCMnk1fXaUR05pos8fYPeKWfO7E
---- L/KB6Xd+wa19ldkEGaDOXj9yMSU/2CndF6muUmGaQhU
-W8zRØ+De]t/V#=^۵qk?zgB^j-#S-Ϫn \ No newline at end of file
+-> ssh-ed25519 egf4NA KF2j3N0OIRo30p04Oy0Po09fyqEFV4WXjl9i9nHyqzY
+ODRKAHZsGw1AxC3AI7SpohYJYYel1YAK3fteq4AQ4EI
+-> ssh-ed25519 nivnYg uhgBMrm1sNgrr/LiEp3jqAWCrllOIW5NG4ZfZjFuFXY
+Plk0RBv91mt8rH4b6ndyb9xLxSvzxonQ66Q6FC2C+fE
+-> ssh-ed25519 SIk9MQ E47QYLcULldBBtf0Y0i1VuVN9LRegKQamt55QQaSFGg
+cCXYPgRwkD3VApe3+3B81kFO5S1gAYkti7cw3ZGMTeo
+--- 0R9QYtbBxtyrCvDMiE9oUPny8vnd2xlPrZYJh0Sa/Jc
+A xY1&P5#& 4 J:c1.&o-3Z}6z QOyCN_( \ No newline at end of file
diff --git a/secrets/gmail.age b/secrets/gmail.age
index f9a3540..2b58ea4 100644
--- a/secrets/gmail.age
+++ b/secrets/gmail.age
@@ -1,9 +1,9 @@
age-encryption.org/v1
--> ssh-ed25519 SIk9MQ tG2XMK92K0BS4+6D/7f2FFnhx/XFcn0bc0qryrLZnkI
-Dbl424Y2izE9qTENo0oC+KA7arK3jxs1sCmolpO7L4I
--> ssh-ed25519 nivnYg xhC2zowQQPKWIJFphgHCWK6Fv3or4gEWMmrq+Xt+wl4
-6PoyXh+MZ3uL9eds8R2w50o9qb+i0elB7eunKMzJImE
--> ssh-ed25519 egf4NA hceSfAb5vAGGor4zXLtQQrD64HygN13KTye6b58BFT0
-ua1LO4Y7gYhNhMGJ9nAG/f0OtQw7WygPoUsIGKTLee0
---- AtIO61YC+CUcWLsk/3d8QiCOJo5NTnIn78cFg0MMiNg
-^ؙ 04ɭFDc봮D'('ჲJk \ No newline at end of file
+-> ssh-ed25519 egf4NA 4y0WCYvt6amVUxLhJTzFZVGHn8jf7pFRt0YYWbRiFSE
+PL/sH2OfL12vEkpm8QPQhsIuSJN5mnT6qAHZlnw/NgM
+-> ssh-ed25519 nivnYg dd0J0aDLmjVk08o9dstEVYVuRpjKYwJV3CCCijwQrQk
+YWQtF9rEgnt+THxUDX52a2WpzwuAFoFDeV9ALoxyTHg
+-> ssh-ed25519 SIk9MQ CAtI/OR6n9M/yMbraxceXARt9+iJJQufWoP0EPB9FRc
+6KWjll0XkdKnIm7kDgaBbnwRa6NGFm5wuqa5zViMjXg
+--- r/1Slgr5qRP7pwn4EYcTRi0NnJN5+ztboMOCpzqtu3o
+%H_^C+g] c= j󹺠^?ƀ/K^ \ No newline at end of file
diff --git a/secrets/miniflux_api_key.age b/secrets/miniflux_api_key.age
index 2f53644..7f6d1ef 100644
--- a/secrets/miniflux_api_key.age
+++ b/secrets/miniflux_api_key.age
@@ -1,9 +1,9 @@
age-encryption.org/v1
--> ssh-ed25519 SIk9MQ BRp0yTco5Q4sOac5hFEUhBjaHppmvCTbXlduXRfJAjM
-/tzdOv1JdMS/+wPEG14Os2e+msjTB0kE/BPBrCWeCUc
--> ssh-ed25519 egf4NA wLPwP/TzjstOjWp0YuM0qbPfjXBfW6vzI9RY6Kj3X2g
-XjjDmWVo9I+cat4FnEIAiyOwXe5aG0AJW65m++Elby0
--> ssh-ed25519 nivnYg 20vbXcFIy2mHpfVdwu/cQWydnJ4VGrETDEs1sjiKQD4
-x6dD/2btPNAyEU1oNFiBkLw9+I1bqU88NzJSuE0RNyI
---- xFZP/xTVMWe4RwhNB+RyjcNrkwVEPNpnzExx5uNuiOw
-2$|*)lP<ɢi/dRzZf{t҃4ŚAD&ړ \ No newline at end of file
+-> ssh-ed25519 egf4NA J1/isdjmVYODu8vYajwuf4cWveg3qUDoeNum+voIa10
+5ELr2bAh22Gx3MOQen7kvq4LqFiE6INvevbGPCBwrFY
+-> ssh-ed25519 nivnYg LqrX1C6oO3ant80apWqEYbMXSrFMw+Uk3teIsH0h+TU
+Vf2DnuOWaYg3DSv2+2hQCb46tWGXLeKBSgcppU4pqa4
+-> ssh-ed25519 SIk9MQ WqDklPr2gcdpwt9yYsnRj5aYQIPfOJaqY21KwV2NRQw
+RJjlSlAqHN8720auLBO/wx6PR2KNC4gxbhNsFjA+ulw
+--- /rfsyVbT4DxpqFczDKDcD/4W3RCZvlZ8rWyPbAMgBCU
+3:[[ȝMz(֪fVӉKJDü_1]2᧓+w 3}ڭŠۂO_h*/\CN \ No newline at end of file
diff --git a/secrets/minio.age b/secrets/minio.age
index d063e42..64be5ae 100644
--- a/secrets/minio.age
+++ b/secrets/minio.age
@@ -1,10 +1,11 @@
age-encryption.org/v1
--> ssh-ed25519 egf4NA 8lW1RHtykR+6pj9Ug2ZNnmSu254uTaDAt76+RRxkGz4
-NgEqN4TQ0GQxQ5pIPI0pEIFUrITcfSPeWyQu2A+Walc
--> ssh-ed25519 nivnYg 9cfMyQwHWrSza4S/r+b8TnXSzK/vkVTvmSEWmy3+HmM
-ALTBX4sQEgQk2qO+jQsryI1EsMRo5RV6oW+SC52Yilg
--> ssh-ed25519 SIk9MQ rAd4JXWDWTuJjhgXwF/eoe+4BRQ62MqQh7kmkkh2z1M
-z8vCOjNtDop28C4R0ZKvrsOdO+ngMtJRfnr3t//kV7k
---- yyneI1nvquyB252DjPsh1/5KuzPNTTofJf3Y4Opw+8A
-yEY`$Su.ϔ$I:t*`T:ol-~@dOe5W+;*}YiXTQbqt2sr-X>MflµvMd&%o1,ؾ* !Ѭ#;ޕJC) j/c8}@AL]1')gfO+^3C(mlH9
-}Cʌ\!>tYIe CE0."~v]]_B-$㝄WhvBۚOxۓ *TF^L{1x|>ıWE4Z$]ȜWBD$j;{3 HWGNCF[(8SV"\-&0^_VS S \ No newline at end of file
+-> ssh-ed25519 egf4NA 3bNlkpiog2iIucIEdILts/x9O2sLMDEHVy4OMYPdlSs
+vM5TAVmF8wLe5/zg6Op31rYJe3c0wkp4G4YPG0dvqfY
+-> ssh-ed25519 nivnYg P2zBhRytEwBP0VpXTsro6e3lmPRQm9YAeY7KgKCoiXA
+WC/K/fln22YJzjL61eHVGjTwNo6qKLfN5/sGvXkh2H0
+-> ssh-ed25519 SIk9MQ D2JuX7SDkPvwbyOlObjXq8URfKNmsxAxP7LkXxg+Z3E
+vEG+yQI4Btlt37tFn+wksml1olF2jv6KR14+iOYL2xM
+--- G1OekzdserTkSAIkZRSuwGSPapYn3j+aIH72acrCyEA
+H j.kȫz,Q"㖕ΟURiwVwK~
+b=S;$tg[5]؊0)JT+˧:LYWkCxӺ!u
+oy ;|;I&3o'c@Ӯb TTXs="F~lOx'c]W0>^G=ԯWo,;#ܮ.e/K0uG/; H S{Y] ǶF(fѾWR=`;<2OǷrM~{, |]< WS}:| !i* gAVEWt?8G?„T)SEۉa쌊(-twPUݯd$@/a.RaD \ No newline at end of file
diff --git a/secrets/openai_auth_token.age b/secrets/openai_auth_token.age
index 0573d6d..9113963 100644
--- a/secrets/openai_auth_token.age
+++ b/secrets/openai_auth_token.age
Binary files differ
diff --git a/secrets/radicale.age b/secrets/radicale.age
index d7afaef..ccba4c9 100644
--- a/secrets/radicale.age
+++ b/secrets/radicale.age
@@ -1,9 +1,9 @@
age-encryption.org/v1
--> ssh-ed25519 egf4NA t8xybeKMCRerg7jl8qtnO56gHokOKkp49r90AC5u0yQ
-aDh4inNR0BmhgaJ0IKQklIyfSAPXiwCqzFbqiY3JCcs
--> ssh-ed25519 nivnYg Jn3xfhyeClezWLJT6JCRFQOY3yWGjz2sw16OQ0zQUSM
-HbaxFg7AYjb24+pd3Qh1zUD6JVZoVdbZZWSNQYe5pg0
--> ssh-ed25519 SIk9MQ HXpzdz/crBh/9ZfKKf/ENJdnPh8Gjh9A6xKv7Eg/L0k
-Wjce2VTyDRw68uILHcUFkhIPhKoSyHZSh/D+pblGWC4
---- ZvNeXC8WWrupOsb6l/dJpFdCyXTDFXokleoaVOfgJu4
-݄R@䨩6B1̀$J$2Z}</V) \ No newline at end of file
+-> ssh-ed25519 egf4NA vbYZkUQBOA2VjxRvk1HE0jfVmzCz0e3F9A1uuKze7gI
+QIuoACzyrk/KPjIStmEmjY5Y+6oHX339tM3mQRYxSmw
+-> ssh-ed25519 nivnYg gYnoUlcgaNcE0wW5u3B0a2Sfmr5ptP9V8FTeGjD7HUM
+136xY6Jl0THLt0ot0KTDVoeZv8Zbx9wHg4s1c8/hMu0
+-> ssh-ed25519 SIk9MQ Bq0eiRmfPCwIYf41WdXX5gb+QyAlDauyy6JkSO2ol3c
+twVzP4MT6MrS3Z6npG2toCPCuvWhZe7Y+d2ZlEF60zU
+--- pHUWg2D1Nfq1SRWsu6njpRAWdFkWjkWRMlcPXKSQf7k
++ӥ <l#"K?f.L ePW \ No newline at end of file
diff --git a/secrets/relesoft.age b/secrets/relesoft.age
index 1cd16d5..bd23508 100644
--- a/secrets/relesoft.age
+++ b/secrets/relesoft.age
@@ -1,9 +1,9 @@
age-encryption.org/v1
--> ssh-ed25519 SIk9MQ hWfgfvibzmIpL5CVharIXW2qX6NN4ti/IWaxNBfCOlA
-BJ2KsVFx/1Ra/gUfFSGqDH2xGtj3ZUCR2JtO9upObCM
--> ssh-ed25519 nivnYg +xvAmrXobATO5hswYotmBrJh40RpCi8UIQ8JBl1YVG4
-Q11BE4UCgmv/c9VQeUuKa97J/JmWB4v+YoxHIa9/EQE
--> ssh-ed25519 egf4NA IgVPAbf5pz/WvI7uI56VKAhtQbCm0A6R8e1QC1nXE0c
-EGb0U+QxTREl4HhWxMLMZcqFsRKEXMqZRRSKdEhdYUU
---- +Sgmew6pn5ttSrqMwGIeWYZ1chQGUzDTRGvHJmBkDNA
-?q8UgьeCsЗTEp'ZKo \ No newline at end of file
+-> ssh-ed25519 egf4NA 7MUzjJ4kufXpXDb6J+rNnAAkA3zB68RBTuTcziLlpDY
+r5t1fgh2YJqH0dW+4ucRBs9HQmEKOJA7Hoypd+v9ME8
+-> ssh-ed25519 nivnYg efWLsKs8Ua4L0qv8CXeEAhE2y7+otbHP8xUmHLgb1m4
+YgnuLXmiO5UDwqJt7PgAf599eiU/i9Xl8bItiK6ayak
+-> ssh-ed25519 SIk9MQ F09pgphY8QFcTnu39cOoZnMQ8rXwPyXPsRJRnqsw0Eg
+oNgZppm1kYbnS+gm0M5phtw0D5wqpYVmDXzknnq7yoQ
+--- 2R4aZxVk6f0kYO/AKo064eRSYrZ4ruE7iQLZFmP2uZk
+vr\4I2ayҟ6rBڷ+8$i}9% \ No newline at end of file
diff --git a/secrets/relesoft_cargo_token.age b/secrets/relesoft_cargo_token.age
index b57354a..e5dd7cc 100644
--- a/secrets/relesoft_cargo_token.age
+++ b/secrets/relesoft_cargo_token.age
@@ -1,9 +1,9 @@
age-encryption.org/v1
--> ssh-ed25519 SIk9MQ 6JF0u8WRDM26eTMxB8RHy7gHGD5DyVQO04BUjI8FKFI
-rUSvDpdnbIjeDssPhJ4y3jiuwXfkda42gpRlb5MwZVE
--> ssh-ed25519 egf4NA 2M5u3dE0K0IODav88dkVu3TAfsv1upra3+TtY6eFYFM
-gFcQyRADiG0ruf7OLBrUxOiXMkptpsm7Zo770xdtAnA
--> ssh-ed25519 nivnYg OucwYuH7Z6Ih+lUGEPSs1oh/ZsuqrDHttNVyzR5iXnM
-zavvC+0FtsSAVMcpang0rY7MvWqEG92RZOdozOljb1s
---- LFI08syDoP7BhDymUtGSj26rlvlAIywYrDKs3Ff30N0
-eRBcT|m߹x*!VVn%ï0t([>ŴKyn.:Ԋ_45fh:l \ No newline at end of file
+-> ssh-ed25519 egf4NA rAXxqI+3a0hpLWfAsSpVZbzyu//s9r9TQFcZrdlrKWY
+0qQL3N3wZgC+rQEM9k4AgOfOu63G4IPKRRA5yaqVOcw
+-> ssh-ed25519 nivnYg zdz++IMXx3M4sAJcgRbzmBGh1ZdFH4z8fjvNJK2e5WI
+DhA+8QTGRl48069S7HIjrL/N+mYtg/DMd5dQqyJfNeQ
+-> ssh-ed25519 SIk9MQ cvmptByV2r8XJOkXTGiZGPZ+FIYgBpPMh76kuOD4FH0
+PQzo5QC2XDNSDtnRAfEyjr2iK+IF4RSehm/Ry6cVSTE
+--- WLRYAYSl+VNOWWnnpkkfJaKMpag4YxlM/WqSHcbJY4c
+QkKE ȨFѝ "vagu)Ax۫"FyKK~\Mέ2w"Rf"h(yh \ No newline at end of file
diff --git a/secrets/s3fs.age b/secrets/s3fs.age
index 49e782e..2220be8 100644
--- a/secrets/s3fs.age
+++ b/secrets/s3fs.age
Binary files differ
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index a063ee4..6b0220b 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -21,4 +21,7 @@ in
"s3fs.age".publicKeys = systems;
"shiori_password.age".publicKeys = systems;
"unsplash_access_key.age".publicKeys = systems;
+ "wg_relesoft_pihlaja.age".publicKeys = systems;
+ "wg_relesoft_saarni.age".publicKeys = systems;
+ "wg_relesoft_kataja.age".publicKeys = systems;
}
diff --git a/secrets/shiori_password.age b/secrets/shiori_password.age
index ab0f3c2..893dac5 100644
--- a/secrets/shiori_password.age
+++ b/secrets/shiori_password.age
@@ -1,10 +1,9 @@
age-encryption.org/v1
--> ssh-ed25519 SIk9MQ NH850utZIMxFFNAZCZHsyjL5f+t3TnhThtVnExWpEHk
-uYEf+jtdqZcr39Yj2vmBZap6lUVdHKSV3O0MYwFk2Xc
--> ssh-ed25519 egf4NA bUcc1F73WG3Jc5BxjG8L4w88uJsY+SbrXO5Yb1ZMzEw
-uAiwubSlvXV+hH2qgQEEUNB69uEVISRgQzluIoV80Jc
--> ssh-ed25519 nivnYg 4Bzp4S/J17xt3pG8L70Kw5rtBjL+Q9r9mnjSMw6FV30
-TALKdu7Xn+p/p6aUifBCoEzian4IEWwYbx7F7X2CLBE
---- yD8ik0HkBt4IcbZxuH5R7Jqk2mqyCOfzqQ+WkI5Orv4
-Q@Øwg7#B)
-U'B_λQy
+-> ssh-ed25519 egf4NA pUVMExd+O89N37IrlsXqzdVXzGMgGKmC608NNhASoU8
+dmWlMRC410lZHDnbvl79ms8RsiaFm5dm6v0MlDMGhlQ
+-> ssh-ed25519 nivnYg 5gsEHFcxaJPfjvvgkJblqlXpIJTGcPyl0tPvqUDOVxs
+MhBdxlcEECecPaAJfS61qpHOFfpNHt6o5K/E3FDPtUI
+-> ssh-ed25519 SIk9MQ 24+BJxfSYK2G96Y8g1WdWRFSaDL/SYTdK6q02Vvof0M
+pQED0L7m3lMOsJ9VAzd73W/wAIyzBq0x5XSc18Onb3I
+--- hOGQS2xgLIDc6C+aGcIDkV03ml2CjkpzPkhKfqbim50
+Hri,yF 6UNL5aq0cFUH \ No newline at end of file
diff --git a/secrets/unsplash_access_key.age b/secrets/unsplash_access_key.age
index 72dd04c..0378317 100644
--- a/secrets/unsplash_access_key.age
+++ b/secrets/unsplash_access_key.age
Binary files differ
diff --git a/secrets/wg_relesoft_kataja.age b/secrets/wg_relesoft_kataja.age
new file mode 100644
index 0000000..b14f1cc
--- /dev/null
+++ b/secrets/wg_relesoft_kataja.age
Binary files differ
diff --git a/secrets/wg_relesoft_pihlaja.age b/secrets/wg_relesoft_pihlaja.age
new file mode 100644
index 0000000..893f9d3
--- /dev/null
+++ b/secrets/wg_relesoft_pihlaja.age
Binary files differ
diff --git a/secrets/wg_relesoft_saarni.age b/secrets/wg_relesoft_saarni.age
new file mode 100644
index 0000000..0034943
--- /dev/null
+++ b/secrets/wg_relesoft_saarni.age
Binary files differ
generated by cgit v1.3-1-g0d28 (git 2.53.0) at 2026-03-30 10:30:34 +0000