Must run borgmatic init as root

Flake lock file updates:

• Updated input 'agenix':
    'github:ryantm/agenix/d0d4ad5be611da43da04321f49684ad72d705c7e' (2023-12-22)
  → 'github:ryantm/agenix/457669db4259ff69d1ac1183aaa6000420940c1f' (2023-12-23)
• Updated input 'agenix/darwin':
    'github:lnl7/nix-darwin/87b9d090ad39b25b2400029c64825fc2a8868943' (2023-01-09)
  → 'github:lnl7/nix-darwin/4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d' (2023-11-24)
• Updated input 'agenix/home-manager':
    'github:nix-community/home-manager/32d3e39c491e2f91152c84f8ad8b003420eab0a1' (2023-04-22)
  → 'github:nix-community/home-manager/3bfaacf46133c037bb356193bd2f1765d9dc82c1' (2023-12-20)
• Updated input 'agenix/nixpkgs':
    'github:NixOS/nixpkgs/a08d6979dd7c82c4cef0dcc6ac45ab16051c1169' (2023-03-01)
  → 'github:NixOS/nixpkgs/54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6' (2023-12-19)
• Added input 'agenix/systems':
    'github:nix-systems/default/da67096a3b9bf56a91d16901293e51ba5b49a27e' (2023-04-09)
• Updated input 'home-manager':
    'github:nix-community/home-manager/0c2353d5d930c3d93724df6858aef064a31b3c00' (2023-12-20)
  → 'github:nix-community/home-manager/d5824a76bc6bb93d1dce9ebbbcb09a9b6abcc224' (2023-12-23)

flake.lock

@@ -4,14 +4,15 @@
       "inputs": {
         "darwin": "darwin",
         "home-manager": "home-manager",
-        "nixpkgs": "nixpkgs"
+        "nixpkgs": "nixpkgs",
+        "systems": "systems"
       },
       "locked": {
-        "lastModified": 1701216516,
+        "lastModified": 1703371241,
-        "narHash": "sha256-jKSeJn+7hZ1dZdiH1L+NWUGT2i/BGomKAJ54B9kT06Q=",
+        "narHash": "sha256-f7ZcabJ5iAH2IRfVuI55xSPZ9TbegFzvFxoKtIPNEn8=",
         "owner": "ryantm",
         "repo": "agenix",
-        "rev": "13ac9ac6d68b9a0896e3d43a082947233189e247",
+        "rev": "457669db4259ff69d1ac1183aaa6000420940c1f",
         "type": "github"
       },
       "original": {
@@ -28,11 +29,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1673295039,
+        "lastModified": 1700795494,
-        "narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=",
+        "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
         "owner": "lnl7",
         "repo": "nix-darwin",
-        "rev": "87b9d090ad39b25b2400029c64825fc2a8868943",
+        "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
         "type": "github"
       },
       "original": {
@@ -49,11 +50,11 @@
         "utils": "utils"
       },
       "locked": {
-        "lastModified": 1702460489,
+        "lastModified": 1703087360,
-        "narHash": "sha256-H6s6oVLvx7PCjUcvfkB89Bb+kbaiJxTAgWfMjiQTjA0=",
+        "narHash": "sha256-0VUbWBW8VyiDRuimMuLsEO4elGuUw/nc2WDeuO1eN1M=",
         "owner": "serokell",
         "repo": "deploy-rs",
-        "rev": "915327515f5fd1b7719c06e2f1eb304ee0bdd803",
+        "rev": "b709d63debafce9f5645a5ba550c9e0983b3d1f7",
         "type": "github"
       },
       "original": {
@@ -65,11 +66,11 @@
     "firefox-gnome-theme": {
       "flake": false,
       "locked": {
-        "lastModified": 1702138393,
+        "lastModified": 1703023593,
-        "narHash": "sha256-2jRm1yzX+gKpSCtdpYt1olIgWVEkJnS7FeK00o9X1ko=",
+        "narHash": "sha256-M+Cw6vh7xCDmIhyVuEPNmaNVUwpmdFQq8zlsXZTKees=",
         "owner": "rafaelmardojai",
         "repo": "firefox-gnome-theme",
-        "rev": "d2e6cfdd63651ae8168e5905d94138f406580dd6",
+        "rev": "bad853333d9021e7012adb9b8fbfe7a7003f26bc",
         "type": "github"
       },
       "original": {
@@ -102,11 +103,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1682203081,
+        "lastModified": 1703113217,
-        "narHash": "sha256-kRL4ejWDhi0zph/FpebFYhzqlOBrk0Pl3dzGEKSAlEw=",
+        "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "32d3e39c491e2f91152c84f8ad8b003420eab0a1",
+        "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
         "type": "github"
       },
       "original": {
@@ -122,11 +123,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1702814678,
+        "lastModified": 1703367386,
-        "narHash": "sha256-zDtO0jV2QLoddUJinLlTQrQqCUW3dPiIWOSYgg98T7E=",
+        "narHash": "sha256-FMbm48UGrBfOWGt8+opuS+uLBLQlRfhiYXhHNcYMS5k=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "1488651d02c1a7a15e284210f0d380a62d8d8cef",
+        "rev": "d5824a76bc6bb93d1dce9ebbbcb09a9b6abcc224",
         "type": "github"
       },
       "original": {
@@ -153,11 +154,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1677676435,
+        "lastModified": 1703013332,
-        "narHash": "sha256-6FxdcmQr5JeZqsQvfinIMr0XcTyTuR7EXX0H3ANShpQ=",
+        "narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "a08d6979dd7c82c4cef0dcc6ac45ab16051c1169",
+        "rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6",
         "type": "github"
       },
       "original": {
@@ -185,11 +186,11 @@
     },
     "nixpkgs_3": {
       "locked": {
-        "lastModified": 1702780907,
+        "lastModified": 1703068421,
-        "narHash": "sha256-blbrBBXjjZt6OKTcYX1jpe9SRof2P9ZYWPzq22tzXAA=",
+        "narHash": "sha256-WSw5Faqlw75McIflnl5v7qVD/B3S2sLh+968bpOGrWA=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "1e2e384c5b7c50dbf8e9c441a9e58d85f408b01f",
+        "rev": "d65bceaee0fb1e64363f7871bc43dc1c6ecad99f",
         "type": "github"
       },
       "original": {
@@ -213,11 +214,11 @@
     "secrets": {
       "flake": false,
       "locked": {
-        "lastModified": 1702855332,
+        "lastModified": 1702936962,
-        "narHash": "sha256-3j9wZCbVcrtEg7yQMVHJDhSAW6DESNs+6QxweWZNCNY=",
+        "narHash": "sha256-uIZ2uPE26JKJ58463ejHMiAOpqBwflyN6tCmZ89vaSQ=",
         "ref": "refs/heads/master",
-        "rev": "ba52c86b6ff0d0657cb57ce737851d6f6026f7f5",
+        "rev": "c6db5c3ba8bff0e618fc3e31c9680863c5e53800",
-        "revCount": 4,
+        "revCount": 5,
         "type": "git",
         "url": "ssh://git@git.vimium.com/jordan/nix-secrets.git"
       },
@@ -241,6 +242,21 @@
         "type": "github"
       }
     },
+    "systems_2": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
     "thunderbird-gnome-theme": {
       "flake": false,
       "locked": {
@@ -259,7 +275,7 @@
     },
     "utils": {
       "inputs": {
-        "systems": "systems"
+        "systems": "systems_2"
       },
       "locked": {
         "lastModified": 1701680307,

hosts/new.md

@@ -0,0 +1,30 @@
+# Steps to add a new host
+
+1. Generate an SSH host key to be used for secrets
+`ssh-keygen -t ed25519 -f /tmp/ssh_host_ed25519_key -C ""`
+1. Go to borgmatic.com, add the generated SSH key and create a new
+repository
+1. Add a new host entry to nix-secrets/secrets.nix
+1. Generate a repository passphrase in nix-secrets
+1. Commit nix-secrets and run `nix flake update` in nix-config
+1. Add a README.md and default.nix suited to the host
+1. Define (or generate with `nixos-generate-config`) a
+hardware-configuration.nix
+1. Define the disk layout to be used by disko
+1. Commit nix-config
+1. Boot the NixOS installer
+1. Copy the generated SSH host key to `/etc/ssh`
+1. Run `nix run github:nix-community/nixos-anywhere -- --flake .#<hostname> root@<ip address>`
+
+## Post install
+> The backup and Tailscale modules won't work until the following steps are
+> completed.
+
+1. Run `sudo borgmatic init --encryption repokey-blake2`
+1. Restart `borgmatic`
+1. Run `sudo tailscale up --login-server https://headscale.vimium.net`
+1. Visit the URL, then SSH onto `vps1` and run
+`headscale --user mesh nodes register --key <key>`
+1. (Optionally) Give the Tailscale node a friendly name with
+`headscale node rename -i <index> <hostname>`
+

hosts/odyssey/default.nix

@@ -86,6 +86,10 @@
       browsers = {
         firefox.enable = true;
       };
+      gaming.emulators = {
+        ps2.enable = true;
+        psp.enable = true;
+      };
       media.graphics = {
         modeling.enable = true;
         raster.enable = true;

hosts/pi/default.nix

@@ -53,23 +53,16 @@
     systemWide = true;
   };
 
-  services.home-assistant = {
+  virtualisation.oci-containers = {
-    enable = true;
+    backend = "podman";
-    extraComponents = [
+    containers.homeassistant = {
-      "alert"
+      volumes = [ "home-assistant:/config" ];
-      "icloud"
+      environment.TZ = config.time.timeZone;
-      "jellyfin"
+      image = "ghcr.io/home-assistant/home-assistant:stable";
-      "metoffice"
+      extraOptions = [
-      "onkyo"
+        "--network=host"
-      "radio_browser"
+        "--device=/dev/ttyUSB0:/dev/ttyUSB0"
-    ];
+      ];
-    config = {
-      default_config = {};
-      homeassistant = {
-        name = "Home";
-        unit_system = "metric";
-        temperature_unit = "C";
-      };
     };
   };
 
@@ -83,15 +76,33 @@
     }];
   };
 
+  age.secrets."files/services/zigbee2mqtt/secret.yaml" = {
+    file = "${inputs.secrets}/files/services/zigbee2mqtt/secret.yaml.age";
+    path = "${config.services.zigbee2mqtt.dataDir}/secret.yaml";
+    owner = "zigbee2mqtt";
+    group = "zigbee2mqtt";
+  };
+
   services.zigbee2mqtt = {
     enable = true;
+    dataDir = "/var/lib/zigbee2mqtt";
     settings = {
-      homeassistant = config.services.home-assistant.enable;
+      homeassistant = true;
       frontend = true;
+      device_options = {
+        retain = true;
+      };
       serial = {
-        port = "/dev/ttyUSB0";
+        port = "/dev/serial/by-id/usb-Silicon_Labs_Sonoff_Zigbee_3.0_USB_Dongle_Plus_0001-if00-port0";
+      };
+      advanced = {
+        channel = 20;
+        network_key = "!secret.yaml network_key";
+        pan_id = 13001;
+        ext_pan_id = [ 79 1 73 47 250 136 124 222 ];
       };
       mqtt = {
+        version = 5;
         server = "mqtt://localhost:1883";
       };
     };

modules/desktop/gnome.nix

@@ -200,7 +200,9 @@ in {
       tokei
       tree
       wl-clipboard
-    ];
+    ] ++ (if config.virtualisation.podman.enable then [
+      pods
+    ] else []);
 
     home.services.gpg-agent.pinentryFlavor = "gnome3";
   };