mirror of
https://github.com/thegeneralist01/config.git
synced 2026-05-30 08:37:01 +02:00
TheGeneralist
c72bd220d3
Set thegeneralist-central's user shell to zsh (matching macOS pattern). Drop the isDarwin guard on .zshrc generation so all hosts get the SSH_TTY-gated nu exec — non-interactive SSH (Codex etc.) stays in zsh, real interactive sessions still land in nu. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
229 lines
7.1 KiB
Nix
229 lines
7.1 KiB
Nix
# Edit this configuration file to define what should be installed on
|
|
# your system. Help is available in the configuration.nix(5) man page, on
|
|
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
|
|
|
|
{
|
|
config,
|
|
pkgs,
|
|
inputs,
|
|
lib,
|
|
...
|
|
}:
|
|
|
|
{
|
|
imports = [
|
|
./hardware-configuration.nix
|
|
./site.nix
|
|
./cache
|
|
./archive
|
|
./forgejo
|
|
];
|
|
|
|
age.secrets.password.file = ./password.age;
|
|
age.secrets.readlaterBotToken.file = ./readlater-bot-token.age;
|
|
age.secrets.readlaterBotSyncToken.file = ./readlater-bot-sync-token.age;
|
|
age.secrets.readlaterBotUserId.file = ./readlater-bot-user-id.age;
|
|
age.secrets.openclawTelegramToken.file = ./openclaw-telegram-token.age;
|
|
age.secrets.openclawGatewayEnv.file = ./openclaw-gateway.env.age;
|
|
age.secrets.readlaterBotToken.owner = "thegeneralist";
|
|
age.secrets.readlaterBotToken.group = "users";
|
|
age.secrets.readlaterBotToken.mode = "0400";
|
|
age.secrets.readlaterBotSyncToken.owner = "thegeneralist";
|
|
age.secrets.readlaterBotSyncToken.group = "users";
|
|
age.secrets.readlaterBotSyncToken.mode = "0400";
|
|
age.secrets.readlaterBotUserId.owner = "thegeneralist";
|
|
age.secrets.readlaterBotUserId.group = "users";
|
|
age.secrets.readlaterBotUserId.mode = "0400";
|
|
age.secrets.openclawTelegramToken.owner = "thegeneralist";
|
|
age.secrets.openclawTelegramToken.group = "users";
|
|
age.secrets.openclawTelegramToken.mode = "0400";
|
|
age.secrets.openclawGatewayEnv.owner = "thegeneralist";
|
|
age.secrets.openclawGatewayEnv.group = "users";
|
|
age.secrets.openclawGatewayEnv.mode = "0400";
|
|
users.users = {
|
|
thegeneralist = {
|
|
isNormalUser = true;
|
|
description = "thegeneralist";
|
|
extraGroups = [
|
|
"wheel"
|
|
"audio"
|
|
"video"
|
|
"input"
|
|
"scanner"
|
|
"docker"
|
|
];
|
|
shell = pkgs.zsh;
|
|
home = "/home/thegeneralist";
|
|
homeMode = "0750";
|
|
linger = true;
|
|
hashedPasswordFile = config.age.secrets.password.path;
|
|
openssh.authorizedKeys.keys =
|
|
let
|
|
inherit (import ../../keys.nix) thegeneralist;
|
|
in
|
|
[ thegeneralist ];
|
|
};
|
|
|
|
build = {
|
|
isNormalUser = true;
|
|
description = "for distributed builds";
|
|
extraGroups = [ "build" ];
|
|
shell = pkgs.zsh;
|
|
hashedPasswordFile = config.age.secrets.password.path;
|
|
openssh.authorizedKeys.keys =
|
|
let
|
|
inherit (import ../../keys.nix) thegeneralist;
|
|
in
|
|
[ thegeneralist ];
|
|
};
|
|
};
|
|
|
|
home-manager = {
|
|
backupFileExtension = "home.bak";
|
|
extraSpecialArgs = { inherit inputs; };
|
|
sharedModules = [ inputs.nix-openclaw.homeManagerModules.openclaw ];
|
|
users.thegeneralist =
|
|
{
|
|
osConfig,
|
|
lib,
|
|
pkgs,
|
|
inputs,
|
|
...
|
|
}:
|
|
let
|
|
openclawPkgs =
|
|
let
|
|
pkgsAarch64 = import inputs.nix-openclaw.inputs.nixpkgs { system = "aarch64-linux"; };
|
|
steipetePkgs =
|
|
if inputs.nix-openclaw.inputs.nix-steipete-tools ? packages
|
|
&& builtins.hasAttr
|
|
"aarch64-linux"
|
|
inputs.nix-openclaw.inputs.nix-steipete-tools.packages
|
|
then
|
|
inputs.nix-openclaw.inputs.nix-steipete-tools.packages.aarch64-linux
|
|
else
|
|
{ };
|
|
in
|
|
import "${inputs.nix-openclaw}/nix/packages" {
|
|
pkgs = pkgsAarch64;
|
|
sourceInfo = import "${inputs.nix-openclaw}/nix/sources/openclaw-source.nix";
|
|
inherit steipetePkgs;
|
|
};
|
|
openclawPackage = openclawPkgs.openclaw;
|
|
in
|
|
{
|
|
home = {
|
|
username = "thegeneralist";
|
|
homeDirectory = "/home/thegeneralist";
|
|
stateVersion = "25.11";
|
|
};
|
|
|
|
programs.openclaw = {
|
|
documents = ./openclaw-documents;
|
|
package = openclawPackage;
|
|
config = {
|
|
gateway = {
|
|
mode = "local";
|
|
auth.mode = "token";
|
|
};
|
|
|
|
channels.telegram = {
|
|
tokenFile = osConfig.age.secrets.openclawTelegramToken.path;
|
|
# Replace with your Telegram user ID from @userinfobot.
|
|
allowFrom = [ 0 ];
|
|
groups."*" = {
|
|
requireMention = true;
|
|
};
|
|
};
|
|
};
|
|
|
|
instances.default = {
|
|
enable = true;
|
|
package = openclawPackage;
|
|
};
|
|
};
|
|
|
|
systemd.user.services.openclaw-gateway.Service.EnvironmentFile = [
|
|
osConfig.age.secrets.openclawGatewayEnv.path
|
|
];
|
|
|
|
home.activation.openclawTelegramAllowFrom =
|
|
lib.hm.dag.entryAfter [ "openclawConfigFiles" ] ''
|
|
set -euo pipefail
|
|
|
|
user_id="$(${lib.getExe' pkgs.coreutils "cat"} ${osConfig.age.secrets.readlaterBotUserId.path})"
|
|
tmp="$(${lib.getExe' pkgs.coreutils "mktemp"})"
|
|
|
|
${lib.getExe pkgs.jq} --argjson user_id "$user_id" \
|
|
'.channels.telegram.allowFrom = [$user_id]' \
|
|
/home/thegeneralist/.openclaw/openclaw.json > "$tmp"
|
|
|
|
rm -f /home/thegeneralist/.openclaw/openclaw.json
|
|
mv "$tmp" /home/thegeneralist/.openclaw/openclaw.json
|
|
'';
|
|
};
|
|
};
|
|
|
|
age.secrets.hostkey.file = ./hostkey.age;
|
|
services.openssh.hostKeys = [
|
|
{
|
|
type = "ed25519";
|
|
path = config.age.secrets.hostkey.path;
|
|
}
|
|
];
|
|
|
|
# Some programs
|
|
services.libinput.enable = true;
|
|
programs.firefox.enable = true;
|
|
programs.zsh.enable = true;
|
|
|
|
services.readlater-bot = {
|
|
enable = true;
|
|
user = "thegeneralist";
|
|
group = "users";
|
|
tokenFile = config.age.secrets.readlaterBotToken.path;
|
|
settings = {
|
|
media_dir = "/home/thegeneralist/obsidian/09 Misc/Assets/images_misc";
|
|
resources_path = "/home/thegeneralist/obsidian/02 Knowledge/03 Resources";
|
|
read_later_path = "/home/thegeneralist/obsidian/10 Read Later.md";
|
|
finished_path = "/home/thegeneralist/obsidian/20 Finished Reading.md";
|
|
data_dir = "/var/lib/readlater-bot";
|
|
retry_interval_seconds = 30;
|
|
sync = {
|
|
repo_path = "/home/thegeneralist/obsidian";
|
|
token_file = config.age.secrets.readlaterBotSyncToken.path;
|
|
};
|
|
sync_x = {
|
|
source_project_path = "/home/thegeneralist/bookkeeper/vendor/extract-x-bookmarks";
|
|
python_bin = "/home/thegeneralist/bookkeeper/vendor/extract-x-bookmarks/.venv/bin/python3";
|
|
work_dir = "/home/thegeneralist/bookkeeper/.sync-x-work";
|
|
};
|
|
};
|
|
};
|
|
|
|
systemd.services.readlater-bot.preStart = lib.mkAfter ''
|
|
if [ -f /run/readlater-bot/config.toml ]; then
|
|
tmp="/run/readlater-bot/config.toml.tmp"
|
|
{
|
|
IFS= read -r first_line || true
|
|
printf '%s\n' "$first_line"
|
|
printf 'user_id = %s\n' "$(cat ${config.age.secrets.readlaterBotUserId.path})"
|
|
cat
|
|
} < /run/readlater-bot/config.toml > "$tmp"
|
|
mv "$tmp" /run/readlater-bot/config.toml
|
|
fi
|
|
'';
|
|
|
|
# Set your time zone.
|
|
time.timeZone = "Europe/Berlin";
|
|
|
|
# Select internationalisation properties.
|
|
i18n.defaultLocale = "en_US.UTF-8";
|
|
# console = {
|
|
# font = "Lat2-Terminus16";
|
|
# keyMap = "us";
|
|
# useXkbConfig = true; # use xkb.options in tty.
|
|
# };
|
|
|
|
system.stateVersion = "24.11";
|
|
}
|