about summary refs log tree commit diff
path: root/modules
diff options
context:
space:
mode:
Diffstat (limited to 'modules')
-rw-r--r--modules/keyd-qol.nix19
-rw-r--r--modules/persistence.nix10
-rw-r--r--modules/secure-boot.nix28
-rw-r--r--modules/services/atticd.nix6
-rw-r--r--modules/services/blocky/grafana_blocky_rev3.json2
-rw-r--r--modules/services/hydra.nix4
-rw-r--r--modules/services/invidious.nix1
-rw-r--r--modules/services/jellyfin.nix26
-rw-r--r--modules/services/nextcloud.nix2
-rw-r--r--modules/tailscale-initrd.nix2
10 files changed, 90 insertions, 10 deletions
diff --git a/modules/keyd-qol.nix b/modules/keyd-qol.nix
index 2f720d7..23ea784 100644
--- a/modules/keyd-qol.nix
+++ b/modules/keyd-qol.nix
@@ -31,6 +31,25 @@
           };
         };
       };
+
+      kensington_trackball = {
+        ids = [
+          # Slimblade Pro
+          "047d:80d4" # Bluetooth
+          "047d:80d6" # 2.4Ghz
+          "047d:80d7" # Wired
+        ];
+        settings = {
+          main = {
+            # MIDDLE / MOUSE1
+            # LEFT   / RIGHT
+            middlemouse = "middlemouse";
+            mouse1 = "rightmouse";
+            leftmouse = "leftmouse";
+            rightmouse = "back";
+          };
+        };
+      };
     };
   };
 }
diff --git a/modules/persistence.nix b/modules/persistence.nix
index 3131d61..989bed0 100644
--- a/modules/persistence.nix
+++ b/modules/persistence.nix
@@ -1,4 +1,4 @@
-{ config, lib, ... }:
+{ config, inputs, lib, ... }:
 
 
 with lib;
@@ -6,6 +6,10 @@ let
   cfg = config.modules.persistence;
 in
 {
+  imports = [
+    inputs.impermanence.nixosModules.impermanence
+  ];
+
   options.modules.persistence = {
     enable = mkEnableOption "impermanence persistence";
 
@@ -17,6 +21,8 @@ in
       '';
     };
 
+    setupSshHostKeys = mkEnableOption "configure persistence for OpenSSH Host keys";
+
     directories = mkOption {
       type = types.listOf types.str;
       default = [ ];
@@ -28,7 +34,7 @@ in
 
     environment.persistence.${cfg.storagePath}.directories = cfg.directories;
 
-    services.openssh.hostKeys = [
+    services.openssh.hostKeys = mkIf cfg.setupSshHostKeys [
       {
         path = "${cfg.storagePath}/ssh/ssh_host_ed25519_key";
         type = "ed25519";
diff --git a/modules/secure-boot.nix b/modules/secure-boot.nix
new file mode 100644
index 0000000..7f079e4
--- /dev/null
+++ b/modules/secure-boot.nix
@@ -0,0 +1,28 @@
+{ config, inputs, pkgs, lib, ... }:
+
+let
+  cfg = config.modules.secure-boot;
+in
+{
+  imports = [
+    inputs.lanzaboote.nixosModules.lanzaboote
+  ];
+
+  options.modules.secure-boot = {
+    enable = lib.mkEnableOption "Secure boot with lanzaboote";
+  };
+
+  config = lib.mkIf cfg.enable {
+    boot.lanzaboote.enable = true;
+    boot.lanzaboote.pkiBundle = "/etc/secureboot";
+
+    # Managed by lanzaboote
+    boot.loader.systemd-boot.enable = lib.mkForce false;
+
+    modules.persistence.directories = [
+      "/etc/secureboot"
+    ];
+
+    environment.systemPackages = [ pkgs.sbctl ];
+  };
+}
diff --git a/modules/services/atticd.nix b/modules/services/atticd.nix
index ef79871..fe11074 100644
--- a/modules/services/atticd.nix
+++ b/modules/services/atticd.nix
@@ -1,4 +1,4 @@
-{ config, lib, pkgs, ... }:
+{ config, inputs, lib, pkgs, ... }:
 
 with lib;
 let
@@ -24,7 +24,7 @@ in
     (mkIf cfg.enable {
       services.atticd = {
         enable = true;
-        credentialsFile = cfg.secrets.attic-credentials;
+        environmentFile = cfg.secrets.attic-credentials;
 
         settings = {
           listen = "[::]:4005";
@@ -104,7 +104,7 @@ in
           # NOTE: currently this expects `attic/config.toml` to be manually
           # generated and placed on `/var/lib/atticd-watch-store`
           Environment = "XDG_CONFIG_HOME=/var/lib/atticd-watch-store";
-          ExecStart = "${pkgs.attic}/bin/attic watch-store hydra";
+          ExecStart = "${pkgs.attic-client}/bin/attic watch-store hydra";
           Restart = "on-failure";
           RestartSec = "5s";
           ProtectKernelLogs = true;
diff --git a/modules/services/blocky/grafana_blocky_rev3.json b/modules/services/blocky/grafana_blocky_rev3.json
index e4e837c..01e6ea5 100644
--- a/modules/services/blocky/grafana_blocky_rev3.json
+++ b/modules/services/blocky/grafana_blocky_rev3.json
@@ -861,7 +861,7 @@
       "datasource": {
         "uid": "5Z0Y8D3GXAMDODSF"
       },
-      "description": "Number of occured errors",
+      "description": "Number of errors occurred",
       "fieldConfig": {
         "defaults": {
           "decimals": 0,
diff --git a/modules/services/hydra.nix b/modules/services/hydra.nix
index d0e5968..be30db3 100644
--- a/modules/services/hydra.nix
+++ b/modules/services/hydra.nix
@@ -9,7 +9,7 @@ in
     enable = mkEnableOption "Whether to enable Hydra, a Nix-based continuous build system";
     baseURL = mkOption {
       type = types.str;
-      example = "https://hydra.kusanari.network";
+      example = "https://hydra.kanata.network";
       description = "The base URL for the Hydra webserver instance";
     };
   };
@@ -23,7 +23,7 @@ in
       hydraURL = cfg.baseURL;
       dbi = "dbi:Pg:dbname=hydra;user=hydra;";
       useSubstitutes = true;
-      notificationSender = "hydra@kusanari.network";
+      notificationSender = "hydra@kanata.network";
 
       listenHost = "localhost";
       port = 4004;
diff --git a/modules/services/invidious.nix b/modules/services/invidious.nix
index 949f2c7..8952cda 100644
--- a/modules/services/invidious.nix
+++ b/modules/services/invidious.nix
@@ -27,6 +27,7 @@ in
       database.createLocally = true;
 
       http3-ytproxy.enable = true;
+      sig-helper.enable = true;
 
       settings = {
         db.user = "indivious";
diff --git a/modules/services/jellyfin.nix b/modules/services/jellyfin.nix
new file mode 100644
index 0000000..1936a54
--- /dev/null
+++ b/modules/services/jellyfin.nix
@@ -0,0 +1,26 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+let
+  cfg = config.modules.services.jellyfin;
+in
+{
+  options.modules.services.jellyfin = {
+    enable = mkEnableOption "";
+
+    dataDir = mkOption { type = types.str; };
+  };
+
+  config = mkIf cfg.enable {
+    services.jellyfin = {
+      enable = true;
+
+      dataDir = cfg.dataDir;
+    };
+
+    environment.systemPackages = with pkgs; [
+      jellyfin-web
+      jellyfin-ffmpeg
+    ];
+  };
+}
diff --git a/modules/services/nextcloud.nix b/modules/services/nextcloud.nix
index 70b08e6..9a472a8 100644
--- a/modules/services/nextcloud.nix
+++ b/modules/services/nextcloud.nix
@@ -36,7 +36,7 @@ in
     services.nextcloud = {
       enable = true;
 
-      package = pkgs.nextcloud29;
+      package = pkgs.nextcloud30;
       database.createLocally = true;
       hostName = cfg.realHost;
 
diff --git a/modules/tailscale-initrd.nix b/modules/tailscale-initrd.nix
index 4429d60..21bbd53 100644
--- a/modules/tailscale-initrd.nix
+++ b/modules/tailscale-initrd.nix
@@ -83,7 +83,7 @@
         extraUtilsCommands = ''
           copy_bin_and_libs ${pkgs.tailscale}/bin/tailscaled
           copy_bin_and_libs ${pkgs.tailscale}/bin/tailscale
-          copy_bin_and_libs ${pkgs.iproute}/bin/ip
+          copy_bin_and_libs ${pkgs.iproute2}/bin/ip
           copy_bin_and_libs ${iptables-static}/bin/iptables
           copy_bin_and_libs ${iptables-static}/bin/xtables-legacy-multi
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-09-14 14:15:39 +0000