diff --git a/flake.lock b/flake.lock index 5e87a86..1f5caa6 100644 --- a/flake.lock +++ b/flake.lock @@ -520,7 +520,8 @@ "nixpkgs": "nixpkgs", "noctalia": "noctalia", "noctalia-qs": "noctalia-qs", - "readlater-bot": "readlater-bot" + "readlater-bot": "readlater-bot", + "steipete-tap": "steipete-tap" } }, "rust-analyzer-src": { @@ -540,6 +541,22 @@ "type": "github" } }, + "steipete-tap": { + "flake": false, + "locked": { + "lastModified": 1778750339, + "narHash": "sha256-ZF63K/JuNKo8vWOIhXvsxbisUSVaUIeYqJLGI7uA9g4=", + "owner": "steipete", + "repo": "homebrew-tap", + "rev": "ccc12256eff15e1da74e6701db136e5c81036715", + "type": "github" + }, + "original": { + "owner": "steipete", + "repo": "homebrew-tap", + "type": "github" + } + }, "systems": { "locked": { "lastModified": 1681028828, diff --git a/flake.nix b/flake.nix index 7b4869c..dacc6ad 100644 --- a/flake.nix +++ b/flake.nix @@ -23,6 +23,10 @@ url = "github:homebrew/homebrew-cask"; flake = false; }; + steipete-tap = { + url = "github:steipete/homebrew-tap"; + flake = false; + }; agenix = { url = "github:ryantm/agenix"; diff --git a/hosts/thegeneralist-central-mbp/configuration.nix b/hosts/thegeneralist-central-mbp/configuration.nix index a6ffb2f..704563d 100644 --- a/hosts/thegeneralist-central-mbp/configuration.nix +++ b/hosts/thegeneralist-central-mbp/configuration.nix @@ -29,5 +29,6 @@ }; }; + system.primaryUser = "central"; system.stateVersion = 6; } diff --git a/hosts/thegeneralist-central/configuration.nix b/hosts/thegeneralist-central/configuration.nix index 7f720e8..398cd87 100644 --- a/hosts/thegeneralist-central/configuration.nix +++ b/hosts/thegeneralist-central/configuration.nix @@ -44,6 +44,7 @@ "input" "scanner" "docker" + "nginx" ]; shell = pkgs.zsh; home = "/home/thegeneralist"; diff --git a/hosts/thegeneralist-central/dns.nix b/hosts/thegeneralist-central/dns.nix index c7a0952..303f4c2 100644 --- a/hosts/thegeneralist-central/dns.nix +++ b/hosts/thegeneralist-central/dns.nix @@ -13,7 +13,6 @@ let ) IN NS ns.thegeneralist01.com. ns IN A 100.86.129.23 - @ IN A 100.86.129.23 ${lib.concatStringsSep "\n" (lib.map (sub: "${sub} IN A 100.86.129.23") subdomains)} ''; diff --git a/hosts/thegeneralist-central/forgejo/default.nix b/hosts/thegeneralist-central/forgejo/default.nix index fd196d0..4b62cb5 100644 --- a/hosts/thegeneralist-central/forgejo/default.nix +++ b/hosts/thegeneralist-central/forgejo/default.nix @@ -10,10 +10,6 @@ in imports = [ ../../../modules/postgresql.nix ]; age.secrets.forgejoRunnerToken.file = ./forgejo-runner-token.age; - age.secrets.forgejoFamilySiteDeployToken.file = ./forgejo-family-site-deploy-token.age; - age.secrets.forgejoFamilySiteDeployToken.owner = "gitea-runner"; - age.secrets.forgejoFamilySiteDeployToken.group = "gitea-runner"; - age.secrets.forgejoFamilySiteDeployToken.mode = "0400"; services.forgejo = { enable = true; @@ -158,15 +154,7 @@ in systemd.tmpfiles.rules = [ "d /var/lib/gitea-runner 0755 gitea-runner gitea-runner -" "d /var/lib/gitea-runner/central 0755 gitea-runner gitea-runner -" - # Allow gitea-runner (in group users) to write to the blog repo's .git dir. - "d /home/thegeneralist/blog 2770 thegeneralist users -" - "Z /home/thegeneralist/blog/.git - thegeneralist users -" ]; - system.activationScripts.blogGitPerms.text = '' - ${pkgs.coreutils}/bin/chmod -R g+rwX /home/thegeneralist/blog/.git/objects - ${pkgs.acl}/bin/setfacl -R -m g:users:rwx -m d:g:users:rwx /home/thegeneralist/blog/.git/objects - ''; - networking.firewall.allowedTCPPorts = [ 2222 ]; } diff --git a/hosts/thegeneralist-central/plex/default.nix b/hosts/thegeneralist-central/plex/default.nix index bb77f22..acba559 100644 --- a/hosts/thegeneralist-central/plex/default.nix +++ b/hosts/thegeneralist-central/plex/default.nix @@ -9,7 +9,7 @@ let useACMEHost = domain; }; - plexDebUrl = "http://thegeneralist01.com/plexmediaserver_1.43.0.10492-121068a07_arm64.deb"; + plexDebUrl = "https://cdn.thegeneralist01.com/plexmediaserver_1.43.0.10492-121068a07_arm64.deb"; plexDebSha256 = "1fkh09b46q70kicjprxf0v507idhg2jh3pk97nhbxj1jagkhgck2"; plex = pkgs.stdenv.mkDerivation { pname = "plexmediaserver"; diff --git a/hosts/thegeneralist-central/site.nix b/hosts/thegeneralist-central/site.nix index fbac9ac..fafa6b0 100644 --- a/hosts/thegeneralist-central/site.nix +++ b/hosts/thegeneralist-central/site.nix @@ -1,13 +1,4 @@ { config, pkgs, ... }: -let - domain = "thegeneralist01.com"; - family_domain = builtins.getEnv "FAMILY_DOMAIN"; - - ssl = { - quic = true; - useACMEHost = domain; - }; -in { imports = [ ./acme @@ -32,56 +23,7 @@ in statusPage = true; validateConfigFile = true; - virtualHosts."${domain}" = ssl // { - root = "/var/www/${domain}"; - locations."/".tryFiles = "$uri $uri.html $uri/ $uri/index.html =404"; - - extraConfig = '' - if ($http_x_forwarded_proto = "http") { - return 301 https://${domain}$request_uri; - } - - location ~* \.(html|css|js|jpg|jpeg|png|gif|svg|ico|woff2?)$ { - expires 1d; - add_header Cache-Control "public"; - } - - error_page 404 /404.html; - ''; - }; - - virtualHosts."www.${domain}" = ssl // { - locations."/".return = "306 https://${domain}$request_uri"; - }; - - virtualHosts."${family_domain}" = { - root = "/var/www/${family_domain}/dist"; - locations."/".tryFiles = "$uri $uri/index.html $uri.html =404"; - - extraConfig = '' - absolute_redirect off; - - location ~* \.(html|css|js|jpg|jpeg|png|gif|svg|ico)$ { - expires 1d; - add_header Cache-Control "public"; - } - - location ~* \.(ttf|woff2?)$ { - expires 1y; - add_header Cache-Control "public, immutable"; - } - - error_page 404 /404.html; - ''; - }; - - virtualHosts."www.${family_domain}" = { - locations."/".return = "306 https://${family_domain}$request_uri"; - }; - - # virtualHosts._ = ssl // { - # locations."/".return = "307 https://${domain}/404"; - # }; + # Domain-specific virtual hosts live in the service modules below. }; # Cloudflare @@ -89,7 +31,6 @@ in age.secrets.cftcert.file = ./cert.pem.age; age.secrets.cftcredentials.file = ./credentials.age; - age.secrets.cftcredentials_personal.file = ./credentials_personal.age; services.cloudflared = { enable = true; @@ -98,8 +39,6 @@ in tunnels = { "site" = { ingress = { - "thegeneralist01.com" = "http://localhost:80"; - "www.thegeneralist01.com" = "http://localhost:80"; "cache.thegeneralist01.com" = "http://localhost:80"; "git.thegeneralist01.com" = "http://localhost:3000"; }; @@ -108,16 +47,6 @@ in credentialsFile = config.age.secrets.cftcredentials.path; certificateFile = config.age.secrets.cftcert.path; }; - "personal" = { - ingress = { - "${family_domain}" = "http://localhost:80"; - "www.${family_domain}" = "http://localhost:80"; - }; - default = "http_status:404"; - - credentialsFile = config.age.secrets.cftcredentials_personal.path; - certificateFile = config.age.secrets.cftcert.path; - }; }; }; } diff --git a/modules/common/amp.nix b/modules/common/amp.nix deleted file mode 100644 index c788a25..0000000 --- a/modules/common/amp.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ - config, - lib, - ... -}: -let - enableAmp = (!config.onLinux) || (!config.isServer); - ampHomeModule = - { lib, pkgs, ... }: - { - home.sessionPath = [ "$HOME/.amp/bin" ]; - home.activation.ampInstall = lib.hm.dag.entryAfter [ "writeBoundary" ] '' - amp_bin="$HOME/.amp/bin/amp" - if [ ! -x "$amp_bin" ]; then - export PATH="${ - lib.makeBinPath [ - pkgs.coreutils - pkgs.gnugrep - pkgs.curl - pkgs.bash - ] - }:$PATH" - - # Prevent installer from trying to mutate shell rc files (Home Manager manages those). - SHELL="amp-installer" ${pkgs.curl}/bin/curl -fsSL https://ampcode.com/install.sh | ${pkgs.bash}/bin/bash - fi - ''; - }; -in -lib.mkIf enableAmp { - home-manager.sharedModules = [ ampHomeModule ]; -} diff --git a/modules/common/git.nix b/modules/common/git.nix index 434004c..0edf0f0 100644 --- a/modules/common/git.nix +++ b/modules/common/git.nix @@ -55,6 +55,8 @@ in # https://bernsteinbear.com/git alias.recent = "! git branch --sort=-committerdate --format=\"%(committerdate:relative)%09%(refname:short)\" | head -10"; + + safe.directory = "*"; }; }; }; diff --git a/modules/common/neovim.nix b/modules/common/neovim.nix index 82c3716..9429af8 100644 --- a/modules/common/neovim.nix +++ b/modules/common/neovim.nix @@ -71,6 +71,7 @@ in home.sessionPath = [ "node_modules/.bin" "/opt/homebrew/bin" + "/opt/homebrew/opt" "$HOME/.npm-packages/bin" "$PNPM_HOME" ]; diff --git a/modules/common/shell/0_nushell.nix b/modules/common/shell/0_nushell.nix index bd573e6..30f7f3b 100644 --- a/modules/common/shell/0_nushell.nix +++ b/modules/common/shell/0_nushell.nix @@ -1,6 +1,7 @@ { config, lib, + nixpkgs, pkgs, ... }: @@ -18,10 +19,9 @@ let replaceStrings ; - unstable = import (builtins.fetchTarball { - url = "https://github.com/NixOS/nixpkgs/archive/nixos-unstable.tar.gz"; - sha256 = if (config.isServer) then "sha256:18ggs7jwmpi58k7xza4axy3cjs17c596ihq5y70h6sryz2hypgba" else (if (config.onLinux) then "sha256:03plivnr4cg0h8v7djf9g2jra09r45pmdiirmy4lvl2n1d4yb7ac" else "sha256:16xi1yijq2ccbp8254zc0b5fgz0igxvyf4yn349wj2ggk4cl6dgn"); - }) { system = pkgs.stdenv.hostPlatform.system; }; + # Use the repo's locked nixos-unstable flake input instead of following the + # moving nixos-unstable tarball, which causes frequent refetches. + unstable = import nixpkgs { system = pkgs.stdenv.hostPlatform.system; }; package = unstable.nushell; in { diff --git a/modules/common/shell/default.nix b/modules/common/shell/default.nix index 80bd437..6b0e720 100644 --- a/modules/common/shell/default.nix +++ b/modules/common/shell/default.nix @@ -179,10 +179,12 @@ in nuExecCondition = if config.isDarwin then '' - [[ $- == *i* ]] && [ -z "$skip" ] && [ -t 1 ] + [[ $- == *i* ]] && [ -z "$skip" ] && [ -t 0 ] && [ -t 1 ] '' else - ''[ -z "$INTELLIJ_ENVIRONMENT_READER" ] && [ -z "$skip" ] && [ -z "$SSH_TTY" ]''; + '' + [[ $- == *i* ]] && [ -z "$INTELLIJ_ENVIRONMENT_READER" ] && [ -z "$skip" ] && [ -z "$SSH_TTY" ] && [ -t 0 ] && [ -t 1 ] + ''; in { programs.fish = { diff --git a/modules/darwin/homebrew.nix b/modules/darwin/homebrew.nix index 6961e3f..252a08f 100644 --- a/modules/darwin/homebrew.nix +++ b/modules/darwin/homebrew.nix @@ -1,6 +1,7 @@ { homebrew-core, homebrew-cask, + steipete-tap, config, ... }: @@ -16,7 +17,8 @@ taps."homebrew/homebrew-core" = homebrew-core; taps."homebrew/homebrew-cask" = homebrew-cask; + taps."steipete/tap" = steipete-tap; - mutableTaps = false; + mutableTaps = true; }; } diff --git a/modules/darwin/karabiner.nix b/modules/darwin/karabiner.nix index eead1b4..15b8fee 100644 --- a/modules/darwin/karabiner.nix +++ b/modules/darwin/karabiner.nix @@ -8,9 +8,13 @@ let ]; openGhostty = "open -na Ghostty.app"; + openCmux = "open -na cmux.app"; openHelium = "open -na Helium.app"; openHeliumNotifications = "open -na Helium.app --args https://x.com/i/notifications"; openHeliumT3Chat = "open -na Helium.app --args https://t3.chat/"; + openHeliumExaSearch = "open -na Helium.app --args https://exa.ai/search"; + openChatGPT = "open -na Helium.app --args https://chatgpt.com/"; + openClaude = "open -na Helium.app --args https://claude.ai/new"; numbers = [ "1" @@ -102,7 +106,6 @@ let ]; to_if_alone = [ { - hold_down_milliseconds = 500; key_code = "escape"; } ]; @@ -111,7 +114,7 @@ let ]; } { - description = "Hyper+Return opens Ghostty"; + description = "Hyper+Return opens cmux"; manipulators = [ { from = { @@ -122,7 +125,7 @@ let }; to = [ { - shell_command = openGhostty; + shell_command = openCmux; } ]; type = "basic"; @@ -186,6 +189,25 @@ let } ]; } + { + description = "Hyper+E opens Exa Search"; + manipulators = [ + { + from = { + key_code = "e"; + modifiers = { + mandatory = hyperModifiers; + }; + }; + to = [ + { + shell_command = openHeliumExaSearch; + } + ]; + type = "basic"; + } + ]; + } { description = "Toggle Focus Mode with F6"; manipulators = [ @@ -198,6 +220,82 @@ let } ]; } + { + description = "Hyper+Q runs Add Quote shortcut"; + manipulators = [ + { + from = { + key_code = "q"; + modifiers = { + mandatory = hyperModifiers; + }; + }; + to = [ + { + shell_command = "shortcuts run 'Add Quote'"; + } + ]; + type = "basic"; + } + ]; + } + { + description = "Hyper+G runs Shades of Gray shortcut"; + manipulators = [ + { + from = { + key_code = "g"; + modifiers = { + mandatory = hyperModifiers; + }; + }; + to = [ + { + shell_command = "shortcuts run 'Shades of Gray'"; + } + ]; + type = "basic"; + } + ]; + } + { + description = "Hyper+C opens ChatGPT"; + manipulators = [ + { + from = { + key_code = "c"; + modifiers = { + mandatory = hyperModifiers; + }; + }; + to = [ + { + shell_command = openChatGPT; + } + ]; + type = "basic"; + } + ]; + } + { + description = "Hyper+L opens Claude"; + manipulators = [ + { + from = { + key_code = "l"; + modifiers = { + mandatory = hyperModifiers; + }; + }; + to = [ + { + shell_command = openClaude; + } + ]; + type = "basic"; + } + ]; + } ]; }; diff --git a/modules/darwin/packages.nix b/modules/darwin/packages.nix index 6186e0d..194e1b4 100644 --- a/modules/darwin/packages.nix +++ b/modules/darwin/packages.nix @@ -1,6 +1,6 @@ { pkgs, ... }: { homebrew.enable = true; # homebrew.brews = [ "mole" ]; - homebrew.casks = [ "google-chrome" ]; + # homebrew.casks = [ "google-chrome" ]; environment.systemPackages = [ pkgs.iina ]; } diff --git a/secrets.nix b/secrets.nix index c8ca474..5287776 100644 --- a/secrets.nix +++ b/secrets.nix @@ -8,13 +8,9 @@ in "hosts/thegeneralist-central/acme/acmeEnvironment.age".publicKeys = [ thegeneralist ]; "hosts/thegeneralist-central/cert.pem.age".publicKeys = [ thegeneralist ]; "hosts/thegeneralist-central/credentials.age".publicKeys = [ thegeneralist ]; - "hosts/thegeneralist-central/credentials_personal.age".publicKeys = [ thegeneralist ]; "hosts/thegeneralist-central/cache/key.age".publicKeys = [ thegeneralist ]; "hosts/thegeneralist-central/password.age".publicKeys = [ thegeneralist ]; "hosts/thegeneralist-central/forgejo/forgejo-runner-token.age".publicKeys = [ thegeneralist ]; - "hosts/thegeneralist-central/forgejo/forgejo-family-site-deploy-token.age".publicKeys = [ - thegeneralist - ]; "hosts/thegeneralist-central/readlater-bot-token.age".publicKeys = [ thegeneralist ]; "hosts/thegeneralist-central/readlater-bot-sync-token.age".publicKeys = [ thegeneralist ]; "hosts/thegeneralist-central/readlater-bot-user-id.age".publicKeys = [ thegeneralist ];