Clean up retired site config

some changes for central
fix: use locked nixpkgs for nushell
2026-05-30 08:37:01 +02:00 · 2026-05-26 19:06:25 +02:00 · 2026-05-26 19:00:17 +02:00 · 2026-05-24 15:12:03 +02:00 · 2026-05-24 14:46:30 +02:00 · 2026-05-22 10:24:12 +02:00
17 changed files with 142 additions and 134 deletions
--- a/flake.lock
+++ b/flake.lock
@ -520,7 +520,8 @@
        "nixpkgs": "nixpkgs",
        "noctalia": "noctalia",
        "noctalia-qs": "noctalia-qs",
-        "readlater-bot": "readlater-bot"
+        "readlater-bot": "readlater-bot",
+        "steipete-tap": "steipete-tap"
      }
    },
    "rust-analyzer-src": {
@ -540,6 +541,22 @@
        "type": "github"
      }
    },
+    "steipete-tap": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1778750339,
+        "narHash": "sha256-ZF63K/JuNKo8vWOIhXvsxbisUSVaUIeYqJLGI7uA9g4=",
+        "owner": "steipete",
+        "repo": "homebrew-tap",
+        "rev": "ccc12256eff15e1da74e6701db136e5c81036715",
+        "type": "github"
+      },
+      "original": {
+        "owner": "steipete",
+        "repo": "homebrew-tap",
+        "type": "github"
+      }
+    },
    "systems": {
      "locked": {
        "lastModified": 1681028828,
--- a/flake.nix
+++ b/flake.nix
@ -23,6 +23,10 @@
      url = "github:homebrew/homebrew-cask";
      flake = false;
    };
+    steipete-tap = {
+      url = "github:steipete/homebrew-tap";
+      flake = false;
+    };

    agenix = {
      url = "github:ryantm/agenix";
--- a/hosts/thegeneralist-central-mbp/configuration.nix
+++ b/hosts/thegeneralist-central-mbp/configuration.nix
@ -29,5 +29,6 @@
    };
  };

+  system.primaryUser = "central";
  system.stateVersion = 6;
 }
--- a/hosts/thegeneralist-central/configuration.nix
+++ b/hosts/thegeneralist-central/configuration.nix
@ -44,6 +44,7 @@
        "input"
        "scanner"
        "docker"
+        "nginx"
      ];
      shell = pkgs.zsh;
      home = "/home/thegeneralist";
--- a/hosts/thegeneralist-central/dns.nix
+++ b/hosts/thegeneralist-central/dns.nix
@ -13,7 +13,6 @@ let
    )
        IN NS   ns.thegeneralist01.com.
    ns  IN A    100.86.129.23
-    @   IN A    100.86.129.23
    ${lib.concatStringsSep "\n" (lib.map (sub: "${sub} IN A 100.86.129.23") subdomains)}
  '';

--- a/hosts/thegeneralist-central/forgejo/default.nix
+++ b/hosts/thegeneralist-central/forgejo/default.nix
@ -10,10 +10,6 @@ in
  imports = [ ../../../modules/postgresql.nix ];

  age.secrets.forgejoRunnerToken.file = ./forgejo-runner-token.age;
-  age.secrets.forgejoFamilySiteDeployToken.file = ./forgejo-family-site-deploy-token.age;
-  age.secrets.forgejoFamilySiteDeployToken.owner = "gitea-runner";
-  age.secrets.forgejoFamilySiteDeployToken.group = "gitea-runner";
-  age.secrets.forgejoFamilySiteDeployToken.mode = "0400";

  services.forgejo = {
    enable = true;
@ -158,15 +154,7 @@ in
  systemd.tmpfiles.rules = [
    "d /var/lib/gitea-runner 0755 gitea-runner gitea-runner -"
    "d /var/lib/gitea-runner/central 0755 gitea-runner gitea-runner -"
-    # Allow gitea-runner (in group users) to write to the blog repo's .git dir.
-    "d /home/thegeneralist/blog 2770 thegeneralist users -"
-    "Z /home/thegeneralist/blog/.git - thegeneralist users -"
  ];

-  system.activationScripts.blogGitPerms.text = ''
-    ${pkgs.coreutils}/bin/chmod -R g+rwX /home/thegeneralist/blog/.git/objects
-    ${pkgs.acl}/bin/setfacl -R -m g:users:rwx -m d:g:users:rwx /home/thegeneralist/blog/.git/objects
-  '';
-
  networking.firewall.allowedTCPPorts = [ 2222 ];
 }
--- a/hosts/thegeneralist-central/plex/default.nix
+++ b/hosts/thegeneralist-central/plex/default.nix
@ -9,7 +9,7 @@ let
    useACMEHost = domain;
  };

-  plexDebUrl = "http://thegeneralist01.com/plexmediaserver_1.43.0.10492-121068a07_arm64.deb";
+  plexDebUrl = "https://cdn.thegeneralist01.com/plexmediaserver_1.43.0.10492-121068a07_arm64.deb";
  plexDebSha256 = "1fkh09b46q70kicjprxf0v507idhg2jh3pk97nhbxj1jagkhgck2";
  plex = pkgs.stdenv.mkDerivation {
    pname = "plexmediaserver";
--- a/hosts/thegeneralist-central/site.nix
+++ b/hosts/thegeneralist-central/site.nix
@ -1,13 +1,4 @@
 { config, pkgs, ... }:
-let
-  domain = "thegeneralist01.com";
-  family_domain = builtins.getEnv "FAMILY_DOMAIN";
-
-  ssl = {
-    quic = true;
-    useACMEHost = domain;
-  };
-in
 {
  imports = [
    ./acme
@ -32,56 +23,7 @@ in
    statusPage = true;
    validateConfigFile = true;

-    virtualHosts."${domain}" = ssl // {
-      root = "/var/www/${domain}";
-      locations."/".tryFiles = "$uri $uri.html $uri/ $uri/index.html =404";
-
-      extraConfig = ''
-        if ($http_x_forwarded_proto = "http") {
-          return 301 https://${domain}$request_uri;
-        }
-
-        location ~* \.(html|css|js|jpg|jpeg|png|gif|svg|ico|woff2?)$ {
-          expires 1d;
-          add_header Cache-Control "public";
-        }
-
-        error_page 404 /404.html;
-      '';
-    };
-
-    virtualHosts."www.${domain}" = ssl // {
-      locations."/".return = "306 https://${domain}$request_uri";
-    };
-
-    virtualHosts."${family_domain}" = {
-      root = "/var/www/${family_domain}/dist";
-      locations."/".tryFiles = "$uri $uri/index.html $uri.html =404";
-
-      extraConfig = ''
-        absolute_redirect off;
-
-        location ~* \.(html|css|js|jpg|jpeg|png|gif|svg|ico)$ {
-          expires 1d;
-          add_header Cache-Control "public";
-        }
-
-        location ~* \.(ttf|woff2?)$ {
-          expires 1y;
-          add_header Cache-Control "public, immutable";
-        }
-
-        error_page 404 /404.html;
-      '';
-    };
-
-    virtualHosts."www.${family_domain}" = {
-      locations."/".return = "306 https://${family_domain}$request_uri";
-    };
-
-    # virtualHosts._ = ssl // {
-    #   locations."/".return = "307 https://${domain}/404";
-    # };
+    # Domain-specific virtual hosts live in the service modules below.
  };

  # Cloudflare
@ -89,7 +31,6 @@ in

  age.secrets.cftcert.file = ./cert.pem.age;
  age.secrets.cftcredentials.file = ./credentials.age;
-  age.secrets.cftcredentials_personal.file = ./credentials_personal.age;

  services.cloudflared = {
    enable = true;
@ -98,8 +39,6 @@ in
    tunnels = {
      "site" = {
        ingress = {
-          "thegeneralist01.com" = "http://localhost:80";
-          "www.thegeneralist01.com" = "http://localhost:80";
          "cache.thegeneralist01.com" = "http://localhost:80";
          "git.thegeneralist01.com" = "http://localhost:3000";
        };
@ -108,16 +47,6 @@ in
        credentialsFile = config.age.secrets.cftcredentials.path;
        certificateFile = config.age.secrets.cftcert.path;
      };
-      "personal" = {
-        ingress = {
-          "${family_domain}" = "http://localhost:80";
-          "www.${family_domain}" = "http://localhost:80";
-        };
-        default = "http_status:404";
-
-        credentialsFile = config.age.secrets.cftcredentials_personal.path;
-        certificateFile = config.age.secrets.cftcert.path;
-      };
    };
  };
 }
--- a/modules/common/amp.nix
+++ b/modules/common/amp.nix
@ -1,32 +0,0 @@
-{
-  config,
-  lib,
-  ...
-}:
-let
-  enableAmp = (!config.onLinux) || (!config.isServer);
-  ampHomeModule =
-    { lib, pkgs, ... }:
-    {
-      home.sessionPath = [ "$HOME/.amp/bin" ];
-      home.activation.ampInstall = lib.hm.dag.entryAfter [ "writeBoundary" ] ''
-        amp_bin="$HOME/.amp/bin/amp"
-        if [ ! -x "$amp_bin" ]; then
-          export PATH="${
-            lib.makeBinPath [
-              pkgs.coreutils
-              pkgs.gnugrep
-              pkgs.curl
-              pkgs.bash
-            ]
-          }:$PATH"
-
-          # Prevent installer from trying to mutate shell rc files (Home Manager manages those).
-          SHELL="amp-installer" ${pkgs.curl}/bin/curl -fsSL https://ampcode.com/install.sh | ${pkgs.bash}/bin/bash
-        fi
-      '';
-    };
-in
-lib.mkIf enableAmp {
-  home-manager.sharedModules = [ ampHomeModule ];
-}
--- a/modules/common/git.nix
+++ b/modules/common/git.nix
@ -55,6 +55,8 @@ in

            # https://bernsteinbear.com/git
            alias.recent = "! git branch --sort=-committerdate --format=\"%(committerdate:relative)%09%(refname:short)\" | head -10";
+
+            safe.directory = "*";
          };
        };
      };
--- a/modules/common/neovim.nix
+++ b/modules/common/neovim.nix
@ -71,6 +71,7 @@ in
      home.sessionPath = [
        "node_modules/.bin"
        "/opt/homebrew/bin"
+        "/opt/homebrew/opt"
        "$HOME/.npm-packages/bin"
        "$PNPM_HOME"
      ];
--- a/modules/common/shell/0_nushell.nix
+++ b/modules/common/shell/0_nushell.nix
@ -1,6 +1,7 @@
 {
  config,
  lib,
+  nixpkgs,
  pkgs,
  ...
 }:
@ -18,10 +19,9 @@ let
    replaceStrings
    ;

-  unstable = import (builtins.fetchTarball {
-    url = "https://github.com/NixOS/nixpkgs/archive/nixos-unstable.tar.gz";
-    sha256 = if (config.isServer) then "sha256:18ggs7jwmpi58k7xza4axy3cjs17c596ihq5y70h6sryz2hypgba" else (if (config.onLinux) then "sha256:03plivnr4cg0h8v7djf9g2jra09r45pmdiirmy4lvl2n1d4yb7ac" else "sha256:16xi1yijq2ccbp8254zc0b5fgz0igxvyf4yn349wj2ggk4cl6dgn");
-  }) { system = pkgs.stdenv.hostPlatform.system; };
+  # Use the repo's locked nixos-unstable flake input instead of following the
+  # moving nixos-unstable tarball, which causes frequent refetches.
+  unstable = import nixpkgs { system = pkgs.stdenv.hostPlatform.system; };
  package = unstable.nushell;
 in
 {
--- a/modules/common/shell/default.nix
+++ b/modules/common/shell/default.nix
@ -179,10 +179,12 @@ in
        nuExecCondition =
          if config.isDarwin then
            ''
-              [[ $- == *i* ]] && [ -z "$skip" ] && [ -t 1 ]
+              [[ $- == *i* ]] && [ -z "$skip" ] && [ -t 0 ] && [ -t 1 ]
            ''
          else
-            ''[ -z "$INTELLIJ_ENVIRONMENT_READER" ] && [ -z "$skip" ] && [ -z "$SSH_TTY" ]'';
+            ''
+              [[ $- == *i* ]] && [ -z "$INTELLIJ_ENVIRONMENT_READER" ] && [ -z "$skip" ] && [ -z "$SSH_TTY" ] && [ -t 0 ] && [ -t 1 ]
+            '';
      in
      {
        programs.fish = {
--- a/modules/darwin/homebrew.nix
+++ b/modules/darwin/homebrew.nix
@ -1,6 +1,7 @@
 {
  homebrew-core,
  homebrew-cask,
+  steipete-tap,
  config,
  ...
 }:
@ -16,7 +17,8 @@

    taps."homebrew/homebrew-core" = homebrew-core;
    taps."homebrew/homebrew-cask" = homebrew-cask;
+    taps."steipete/tap" = steipete-tap;

-    mutableTaps = false;
+    mutableTaps = true;
  };
 }
--- a/modules/darwin/karabiner.nix
+++ b/modules/darwin/karabiner.nix
@ -8,9 +8,13 @@ let
  ];

  openGhostty = "open -na Ghostty.app";
+  openCmux = "open -na cmux.app";
  openHelium = "open -na Helium.app";
  openHeliumNotifications = "open -na Helium.app --args https://x.com/i/notifications";
  openHeliumT3Chat = "open -na Helium.app --args https://t3.chat/";
+  openHeliumExaSearch = "open -na Helium.app --args https://exa.ai/search";
+  openChatGPT = "open -na Helium.app --args https://chatgpt.com/";
+  openClaude = "open -na Helium.app --args https://claude.ai/new";

  numbers = [
    "1"
@ -102,7 +106,6 @@ let
            ];
            to_if_alone = [
              {
-                hold_down_milliseconds = 500;
                key_code = "escape";
              }
            ];
@ -111,7 +114,7 @@ let
        ];
      }
      {
-        description = "Hyper+Return opens Ghostty";
+        description = "Hyper+Return opens cmux";
        manipulators = [
          {
            from = {
@ -122,7 +125,7 @@ let
            };
            to = [
              {
-                shell_command = openGhostty;
+                shell_command = openCmux;
              }
            ];
            type = "basic";
@ -186,6 +189,25 @@ let
          }
        ];
      }
+      {
+        description = "Hyper+E opens Exa Search";
+        manipulators = [
+          {
+            from = {
+              key_code = "e";
+              modifiers = {
+                mandatory = hyperModifiers;
+              };
+            };
+            to = [
+              {
+                shell_command = openHeliumExaSearch;
+              }
+            ];
+            type = "basic";
+          }
+        ];
+      }
      {
        description = "Toggle Focus Mode with F6";
        manipulators = [
@ -198,6 +220,82 @@ let
          }
        ];
      }
+      {
+        description = "Hyper+Q runs Add Quote shortcut";
+        manipulators = [
+          {
+            from = {
+              key_code = "q";
+              modifiers = {
+                mandatory = hyperModifiers;
+              };
+            };
+            to = [
+              {
+                shell_command = "shortcuts run 'Add Quote'";
+              }
+            ];
+            type = "basic";
+          }
+        ];
+      }
+      {
+        description = "Hyper+G runs Shades of Gray shortcut";
+        manipulators = [
+          {
+            from = {
+              key_code = "g";
+              modifiers = {
+                mandatory = hyperModifiers;
+              };
+            };
+            to = [
+              {
+                shell_command = "shortcuts run 'Shades of Gray'";
+              }
+            ];
+            type = "basic";
+          }
+        ];
+      }
+      {
+        description = "Hyper+C opens ChatGPT";
+        manipulators = [
+          {
+            from = {
+              key_code = "c";
+              modifiers = {
+                mandatory = hyperModifiers;
+              };
+            };
+            to = [
+              {
+                shell_command = openChatGPT;
+              }
+            ];
+            type = "basic";
+          }
+        ];
+      }
+      {
+        description = "Hyper+L opens Claude";
+        manipulators = [
+          {
+            from = {
+              key_code = "l";
+              modifiers = {
+                mandatory = hyperModifiers;
+              };
+            };
+            to = [
+              {
+                shell_command = openClaude;
+              }
+            ];
+            type = "basic";
+          }
+        ];
+      }
    ];
  };

--- a/modules/darwin/packages.nix
+++ b/modules/darwin/packages.nix
@ -1,6 +1,6 @@
 { pkgs, ... }: {
  homebrew.enable = true;
  # homebrew.brews = [ "mole" ];
-  homebrew.casks = [ "google-chrome" ];
+  # homebrew.casks = [ "google-chrome" ];
  environment.systemPackages = [ pkgs.iina ];
 }
--- a/secrets.nix
+++ b/secrets.nix
@ -8,13 +8,9 @@ in
  "hosts/thegeneralist-central/acme/acmeEnvironment.age".publicKeys = [ thegeneralist ];
  "hosts/thegeneralist-central/cert.pem.age".publicKeys = [ thegeneralist ];
  "hosts/thegeneralist-central/credentials.age".publicKeys = [ thegeneralist ];
-  "hosts/thegeneralist-central/credentials_personal.age".publicKeys = [ thegeneralist ];
  "hosts/thegeneralist-central/cache/key.age".publicKeys = [ thegeneralist ];
  "hosts/thegeneralist-central/password.age".publicKeys = [ thegeneralist ];
  "hosts/thegeneralist-central/forgejo/forgejo-runner-token.age".publicKeys = [ thegeneralist ];
-  "hosts/thegeneralist-central/forgejo/forgejo-family-site-deploy-token.age".publicKeys = [
-    thegeneralist
-  ];
  "hosts/thegeneralist-central/readlater-bot-token.age".publicKeys = [ thegeneralist ];
  "hosts/thegeneralist-central/readlater-bot-sync-token.age".publicKeys = [ thegeneralist ];
  "hosts/thegeneralist-central/readlater-bot-user-id.age".publicKeys = [ thegeneralist ];
Author	SHA1	Message	Date
TheGeneralist	2f6b684b28	Clean up retired site config	2026-05-26 19:06:25 +02:00
TheGeneralist	ec497ddace	some changes for `central`	2026-05-26 19:00:17 +02:00
TheGeneralist	06fe648fe5	fix: use locked nixpkgs for nushell	2026-05-24 15:12:03 +02:00
TheGeneralist	2685e94483	chore: open cmux with hyper return	2026-05-24 14:46:30 +02:00
TheGeneralist	1bd9dd2b63	Add Hyperkey+C for ChatGPT and Hyperkey+L for Claude in Helium	2026-05-22 10:24:12 +02:00
TheGeneralist	5371cb191a	Update local config changes	2026-05-19 20:52:06 +02:00
TheGeneralist	5e709810e2	karabiner: add new keybind	2026-05-18 19:30:26 +02:00
TheGeneralist	cfcbcb9653	change cdn url	2026-05-12 15:23:13 +02:00