init nix-on-droid

adjust brightness, disable touchpad sometimes
reenable ipv6; reconfigure browser
2026-01-14 22:57:40 +01:00 · 2026-01-14 20:18:25 +01:00 · 2026-01-14 05:31:48 +01:00 · 2026-01-13 10:55:24 +01:00 · 2026-01-13 10:48:56 +01:00 · 2026-01-13 06:29:18 +01:00
30 changed files with 661 additions and 67 deletions
--- a/README.md
+++ b/README.md
@@ -1,3 +1,5 @@
 see TODO.md for my aspirations
 ## usage
 ### install
--- a/TODO.md
+++ b/TODO.md
@@ -0,0 +1,20 @@
 - add other remote
 - fully automate remote provisioning (remote keys)
 - fix ipv6 on remotes
 - modularize home manager
 - add services?
    - 0x0
    - forgejo
    - matrix homeserver
    - matrix webclient
    - radicale
    - tor relay
    - wireguard as vpn
 - add home functionality
    - better term emulator
    - switch browser?
        - chromium: much better sandboxing
        - ladybird: be an early tester, contribute
        - glide: sexier tridactyl implementation
        - browsh: the GOAT
    - get mouse out of here
--- a/flake.lock
+++ b/flake.lock
@@ -385,6 +385,27 @@
        "type": "github"
      }
    },
    "home-manager_3": {
      "inputs": {
        "nixpkgs": [
          "nix-on-droid",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1709445365,
        "narHash": "sha256-DVv6nd9FQBbMWbOmhq0KVqmlc3y3FMSYl49UXmMcO+0=",
        "owner": "nix-community",
        "repo": "home-manager",
        "rev": "4de84265d7ec7634a69ba75028696d74de9a44a7",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "home-manager",
        "type": "github"
      }
    },
    "impermanence": {
      "locked": {
        "lastModified": 1737831083,
@@ -433,6 +454,57 @@
        "type": "github"
      }
    },
    "nix-formatter-pack": {
      "inputs": {
        "nixpkgs": [
          "nix-on-droid",
          "nixpkgs"
        ],
        "nmd": [
          "nix-on-droid",
          "nmd"
        ],
        "nmt": "nmt"
      },
      "locked": {
        "lastModified": 1705252799,
        "narHash": "sha256-HgSTREh7VoXjGgNDwKQUYcYo13rPkltW7IitHrTPA5c=",
        "owner": "Gerschtli",
        "repo": "nix-formatter-pack",
        "rev": "2de39dedd79aab14c01b9e2934842051a160ffa5",
        "type": "github"
      },
      "original": {
        "owner": "Gerschtli",
        "repo": "nix-formatter-pack",
        "type": "github"
      }
    },
    "nix-on-droid": {
      "inputs": {
        "home-manager": "home-manager_3",
        "nix-formatter-pack": "nix-formatter-pack",
        "nixpkgs": [
          "nixpkgs"
        ],
        "nixpkgs-docs": "nixpkgs-docs",
        "nixpkgs-for-bootstrap": "nixpkgs-for-bootstrap",
        "nmd": "nmd"
      },
      "locked": {
        "lastModified": 1765031149,
        "narHash": "sha256-4ZtlnCp4blhsjGnQIxAXDAj7nCJKy7tozoBRtklmwcU=",
        "owner": "nix-community",
        "repo": "nix-on-droid",
        "rev": "55b6449b4582a4ba3ce712543c973360a026db7d",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "nix-on-droid",
        "type": "github"
      }
    },
    "nix-zulip": {
      "flake": false,
      "locked": {
@@ -488,6 +560,38 @@
        "type": "github"
      }
    },
    "nixpkgs-docs": {
      "locked": {
        "lastModified": 1705957679,
        "narHash": "sha256-Q8LJaVZGJ9wo33wBafvZSzapYsjOaNjP/pOnSiKVGHY=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "9a333eaa80901efe01df07eade2c16d183761fa3",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "release-23.05",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs-for-bootstrap": {
      "locked": {
        "lastModified": 1720244366,
        "narHash": "sha256-WrDV0FPMVd2Sq9hkR5LNHudS3OSMmUrs90JUTN+MXpA=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "49ee0e94463abada1de470c9c07bfc12b36dcf40",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "49ee0e94463abada1de470c9c07bfc12b36dcf40",
        "type": "github"
      }
    },
    "nixpkgs_2": {
      "locked": {
        "lastModified": 1764242076,
@@ -504,6 +608,44 @@
        "type": "github"
      }
    },
    "nmd": {
      "inputs": {
        "nixpkgs": [
          "nix-on-droid",
          "nixpkgs-docs"
        ],
        "scss-reset": "scss-reset"
      },
      "locked": {
        "lastModified": 1705050560,
        "narHash": "sha256-x3zzcdvhJpodsmdjqB4t5mkVW22V3wqHLOun0KRBzUI=",
        "owner": "~rycee",
        "repo": "nmd",
        "rev": "66d9334933119c36f91a78d565c152a4fdc8d3d3",
        "type": "sourcehut"
      },
      "original": {
        "owner": "~rycee",
        "repo": "nmd",
        "type": "sourcehut"
      }
    },
    "nmt": {
      "flake": false,
      "locked": {
        "lastModified": 1648075362,
        "narHash": "sha256-u36WgzoA84dMVsGXzml4wZ5ckGgfnvS0ryzo/3zn/Pc=",
        "owner": "rycee",
        "repo": "nmt",
        "rev": "d83601002c99b78c89ea80e5e6ba21addcfe12ae",
        "type": "gitlab"
      },
      "original": {
        "owner": "rycee",
        "repo": "nmt",
        "type": "gitlab"
      }
    },
    "noshell": {
      "inputs": {
        "nixpkgs": [
@@ -621,6 +763,7 @@
        "disko": "disko",
        "home-manager": "home-manager_2",
        "impermanence": "impermanence",
        "nix-on-droid": "nix-on-droid",
        "nix-zulip": "nix-zulip",
        "nixos-mailserver": "nixos-mailserver",
        "nixpkgs": "nixpkgs",
@@ -631,6 +774,22 @@
        "stylix": "stylix"
      }
    },
    "scss-reset": {
      "flake": false,
      "locked": {
        "lastModified": 1631450058,
        "narHash": "sha256-muDlZJPtXDIGevSEWkicPP0HQ6VtucbkMNygpGlBEUM=",
        "owner": "andreymatin",
        "repo": "scss-reset",
        "rev": "0cf50e27a4e95e9bb5b1715eedf9c54dee1a5a91",
        "type": "github"
      },
      "original": {
        "owner": "andreymatin",
        "repo": "scss-reset",
        "type": "github"
      }
    },
    "stylix": {
      "inputs": {
        "base16": "base16",
--- a/flake.nix
+++ b/flake.nix
@@ -18,6 +18,10 @@
      inputs.nixpkgs.follows = "nixpkgs";
    };
    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
    nix-on-droid = {
      url = "github:nix-community/nix-on-droid";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    nix-zulip = {
      url = "git+https://git.afnix.fr/nix-zulip/nix-zulip";
      flake = false;
@@ -50,6 +54,7 @@
    impermanence,
    nixos-mailserver,
    nixpkgs,
    nix-on-droid,
    nix-zulip,
    noshell,
    nur,
@@ -117,5 +122,19 @@
      builtins.mapAttrs
      (hostname: value: configurationWithHomeManager value)
      machines;
    nixOnDroidConfigurations.default = nix-on-droid.lib.nixOnDroidConfiguration {
      pkgs = import nixpkgs {system = "aarch64-linux";};
      modules = [
        ./modules/nix-on-droid/nix-on-droid.nix
        {
          home-manager.useGlobalPkgs = true;
          home-manager.users."andromeda" = {
            imports = [
              ./modules/nix-on-droid/home.nix
            ];
          };
        }
      ];
    };
  };
 }
--- a/machines.nix
+++ b/machines.nix
@@ -30,6 +30,9 @@
      # apps
      ./modules/nixos/steam.nix
      # substitutors
      ./substitutors.nix
    ];
  };
  "109-199-104-83" = {
@@ -69,6 +72,13 @@
      # webmail.domain
      ./modules/nixos/roundcube.nix
      # matrix homeserver
      # matrix.domain
      # ./modules/nixos/matrix-conduit.nix
      # matrix homeserver
      ./modules/nixos/matrix-synapse.nix
      # BROKEN
      # forgejo
      # git.domain
@@ -77,9 +87,7 @@
      # BROKEN
      # zulip chat client
      # chat.domain
-      # zulip chat server
+      ./modules/nixos/zulip.nix
      # zulip.domain
      # ./modules/nixos/zulip.nix
    ];
  };
 }
--- a/modules/nix-on-droid/home.nix
+++ b/modules/nix-on-droid/home.nix
@@ -0,0 +1,165 @@
 {
  config,
  lib,
  pkgs,
  ...
 }: {
  home = {
    username = "andromeda";
    homeDirectory = "/home/${config.home.username}";
    stateVersion = "26.05";
    packages = [
      pkgs.brush
      pkgs.dust
      pkgs.fzf
      pkgs.glow
      pkgs.nix-output-monitor
      pkgs.ranger
      pkgs.rip2
      pkgs.ripgrep
      pkgs.tree
      pkgs.zoxide
    ];
  };
  programs = {
    bash = {
      enable = true;
      shellAliases = {
        neofetch = "fastfetch";
        ls = lib.mkForce "lsd";
        ll = lib.mkForce "lsd -l";
        l = "lsd -la";
        cd = "z";
        gg = "git log --oneline --abbrev-commit --all --graph --decorate --color";
        md = "glow";
      };
      bashrcExtra = ''
        PS1="\u@\h:\w$"
        eval "$(zoxide init bash)"
      '';
    };
    btop = {
      enable = true;
      settings = {
        theme_background = false;
        vim_keys = true;
        rounded_corners = false;
        graph_symbol = "braille";
        update_ms = 150;
        proc_sorting = "cpu lazy";
        proc_gradient = false;
        proc_left = true;
        cpu_single_graph = true;
        cpu_bottom = true;
        clock_format = "/user@/host:/uptime@%H:%M";
        background_update = true;
        mem_graphs = false;
        mem_below_net = true;
        show_swap = false;
        only_physical = true;
        show_io_stat = true;
        io_mode = false;
        io_graph_combined = false;
      };
    };
    fastfetch.enable = true;
    git = {
      enable = true;
      settings = {
        user = {
          name = config.home.username;
          email = "${config.home.username}@android";
        };
        init.defaultBranch = "master";
      };
    };
    home-manager.enable = true;
    lsd.enable = true;
    nvf = {
      enable = true;
      settings.vim = {
        autocomplete.nvim-cmp.enable = false;
        formatter.conform-nvim = {
          enable = true;
          setupOpts.format_on_save = {
            lsp_format = "fallback";
            timeout_ms = 5000;
          };
        };
        lsp.otter-nvim.enable = true;
        git.enable = true;
        keymaps = [
          {
            key = "<Down>";
            mode = ["i" "n" "v" "c"];
            action = "<NOP>";
          }
          {
            key = "<Up>";
            mode = ["i" "n" "v" "c"];
            action = "<NOP>";
          }
          {
            key = "<Left>";
            mode = ["i" "n" "v" "c"];
            action = "<NOP>";
          }
          {
            key = "<Right>";
            mode = ["i" "n" "v" "c"];
            action = "<NOP>";
          }
          {
            key = "jj";
            mode = ["i"];
            action = "<Esc>";
          }
          {
            key = "kk";
            mode = ["i"];
            action = "<Esc>";
          }
          {
            key = "jk";
            mode = ["i"];
            action = "<Esc>";
          }
          {
            key = "kj";
            mode = ["i"];
            action = "<Esc>";
          }
          {
            key = "<Esc>";
            mode = ["i"];
            action = "<Nop>";
          }
        ];
        languages = {
          nix = {
            enable = true;
            format.enable = true;
            lsp.enable = true;
          };
          haskell = {
            enable = true;
            lsp.enable = true;
          };
        };
        lineNumberMode = "relative";
        options = {
          tabstop = 2;
          shiftwidth = 2;
          expandtab = true;
          smarttab = true;
          foldmethod = "indent";
          number = true;
          colorcolumn = "80";
        };
        statusline.lualine.enable = true;
        syntaxHighlighting = true;
      };
    };
    ssh.enable = true;
  };
 }
--- a/modules/nix-on-droid/nix-on-droid.nix
+++ b/modules/nix-on-droid/nix-on-droid.nix
@@ -0,0 +1,5 @@
 {pkgs, ...}: {
  environment.packages = [pkgs.git];
  system.stateVersion = "26.05";
  nix.settings.experimentalFeatures = ["nix-command" "flakes"];
 }
--- a/modules/nixos/mailserver.nix
+++ b/modules/nixos/mailserver.nix
@@ -2,10 +2,14 @@
  mailserver = {
    enable = true;
    stateVersion = 3;
    # domain bs
    fqdn = "mail.${config.networking.domain}";
    domains = ["${config.networking.domain}"];
    x509.useACMEHost = config.mailserver.fqdn;
    loginAccounts = {
      # test acc
      "test@${config.networking.domain}" = {
        hashedPasswordFile = builtins.toString config.age.secrets.mailserver-acc-test-pw.path;
      };
@@ -15,6 +19,17 @@
      };
    };
  };
  # put dkim key into /etc for declarability
  mailserver.dkimKeyDirectory = "/etc/dkim";
  environment.etc."dkim/${config.networking.domain}.${config.mailserver.dkimSelector}.key" = {
    source = config.age.secrets."dkim-${config.networking.domain}.${config.mailserver.dkimSelector}.key".path;
    mode = "600";
    user = config.services.rspamd.user;
    group = config.services.rspamd.group;
  };
  # does acme for me
  services.nginx = {
    enable = true;
    virtualHosts = {
@@ -28,9 +43,12 @@
    acceptTerms = true;
    defaults.email = "mtgmonket@gmail.com";
  };
  # persist directories per the backup guidelines
  environment.persistence."/persist" = {
    directories = [
-      "/var/dkim"
+      # not needed bc the dkim dir is declared
      # "/var/dkim"
      "/var/vmail"
      "/var/lib/redis-rspamd"
      "/var/lib/acme"
--- a/modules/nixos/matrix-conduit.nix
+++ b/modules/nixos/matrix-conduit.nix
@@ -0,0 +1,82 @@
 {
  config,
  pkgs,
  ...
 }: let
  well_known_server = pkgs.writeText "well-known-matrix-server" ''
    {
      "m.server": "matrix.${config.services.matrix-conduit.settings.global.server_name}"
    }
  '';
  well_known_client = pkgs.writeText "well-known-matrix-client" ''
    {
      "m.homeserver": {
        "base_url": "https://matrix.${config.services.matrix-conduit.settings.global.server_name}"
      }
  '';
 in {
  services.matrix-conduit = {
    enable = true;
    settings.global = {
      server_name = "${config.networking.domain}";
    };
  };
  services.nginx = {
    enable = true;
    virtualHosts = {
      "matrix.${config.services.matrix-conduit.settings.global.server_name}" = {
        forceSSL = true;
        enableACME = true;
        listen = [
          {
            addr = "0.0.0.0";
            port = 443;
            ssl = true;
          }
          {
            addr = "0.0.0.0";
            port = 8448;
            ssl = true;
          }
        ];
        locations."/_matrix/" = {
          proxyPass = "http://backend_conduit$request_uri";
          proxyWebsockets = true;
          extraConfig = ''
            proxy_set_header Host $host;
            proxy_buffering off;
          '';
        };
        extraConfig = ''
          merge_slashes off;
        '';
      };
      "${config.services.matrix-conduit.settings.global.server_name}" = {
        forceSSL = true;
        enableACME = true;
        locations."/.well-known/matrix/server/" = {
          alias = "${well_known_server}";
          extraConfig = ''
            default_type application/json;
          '';
        };
        locations."/.well-known/matrix/client/" = {
          alias = "${well_known_client}";
          extraConfig = ''
            default_type application/json;
            add_header Access-Control-Allow-Origin "";
          '';
        };
      };
    };
    upstreams = {
      backend-conduit = {
        servers = {
          "localhost:${builtins.toString config.services.matrix-conduit.settings.global.port}" = {};
        };
      };
    };
  };
  networking.firewall.allowedTCPPorts = [8448];
  networking.firewall.allowedUDPPorts = [8448];
 }
--- a/modules/nixos/matrix-synapse.nix
+++ b/modules/nixos/matrix-synapse.nix
@@ -0,0 +1,65 @@
 {
  pkgs,
  lib,
  config,
  ...
 }: let
  fqdn = "${config.networking.hostName}.${config.networking.domain}";
  baseUrl = "https://${fqdn}";
  clientConfig."m.homeserver".base_url = baseUrl;
  serverConfig."m.server" = "${fqdn}:443";
  mkWellKnown = data: ''
    default_type application/json;
    add_header Access-Control-Allow-Origin *;
    return 200 '${builtins.toJSON data}';
  '';
 in {
  services.postgresql.enable = true;
  services.nginx = {
    enable = true;
    recommendedTlsSettings = true;
    recommendedOptimisation = true;
    recommendedGzipSettings = true;
    recommendedProxySettings = true;
    virtualHosts = {
      "${config.networking.domain}" = {
        enableACME = true;
        forceSSL = true;
        locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
        locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;
      };
      "${fqdn}" = {
        enableACME = true;
        forceSSL = true;
        locations."/".extraConfig = ''
          return 404;
        '';
        locations."/_matrix".proxyPass = "http://[::1]:8008";
        locations."/_synapse/client".proxyPass = "http://[::1]:8008";
      };
    };
  };
  services.matrix-synapse = {
    enable = true;
    settings.server_name = config.networking.domain;
    settings.public_baseurl = baseUrl;
    settings.listeners = [
      {
        port = 8008;
        bind_addresses = ["::1"];
        type = "http";
        tls = false;
        x_forwarded = true;
        resources = [
          {
            names = [
              "client"
              "federation"
            ];
            compress = true;
          }
        ];
      }
    ];
  };
 }
--- a/modules/nixos/openvpn-client.nix
+++ b/modules/nixos/openvpn-client.nix
@@ -1,8 +1,11 @@
-{lib, ...}: {
+{
  services.openvpn.servers = {
    "173.249.5.230" = {config = ''config /etc/openvpn-confs/173.249.5.230.ovpn'';};
  };
  networking.enableIPv6 = lib.mkForce false;
  environment.persistence."/persist".directories = ["/etc/openvpn-confs"];
-  boot.kernelParams = ["ipv6.disable=1"];
+
  # turns out disabling ipv6 is a bad idea; I'm just going to enable v6 on the remote xD
  #  networking.enableIPv6 = lib.mkForce false;
  # workaround; NetworkManager reenables ipv6 without the following
  #  boot.kernelParams = ["ipv6.disable=1"];
 }
--- a/modules/nixos/zulip.nix
+++ b/modules/nixos/zulip.nix
@@ -8,25 +8,47 @@
    # host domain
    host = "chat.${config.networking.domain}";
-    # secrets
+    # secrets; head rolled on keyboard for all :)
    camoKeyFile = builtins.toString config.age.secrets.zulip-camoKey.path;
    rabbitmqPasswordFile = builtins.toString config.age.secrets.zulip-rabbitmqPassword.path;
    secretKeyFile = builtins.toString config.age.secrets.zulip-secretKey.path;
    sharedSecretKeyFile = builtins.toString config.age.secrets.zulip-sharedSecretKey.path;
    avatarSaltKeyFile = builtins.toString config.age.secrets.zulip-avatarSaltKey.path;
-    extraSecrets = {
+
-      email_password = builtins.toString config.age.secrets.zulip-extraSecrets-email_password.path;
+    # TODO check for parity with `mailserver-acc-admin-pw.age`
-    };
+    extraSecrets.email_password = builtins.toString config.age.secrets.zulip-extraSecrets-email_password.path;
    # settings
    zulipSettings = rec {
-      EMAIL_USE_TLS = true;
+      # email users
-      EMAIL_PORT = 587;
+      ZULIP_ADMINISTRATOR = "admin@${config.networking.domain}";
      EMAIL_HOST_USER = ZULIP_ADMINISTRATOR;
      # configure mailserver port
      EMAIL_HOST = config.mailserver.fqdn;
      EMAIL_USE_SSL = true;
      EMAIL_PORT = 465;
      # setting to allow realm creation; probably unsafe, might delete later :3
      OPEN_REALM_CREATION = true;
      # send all noreply emails from `admin@galaxious.de`
      # TODO configure admin to send from any address
      ADD_TOKENS_TO_NOREPLY_ADDRESS = false;
      NOREPLY_EMAIL_ADDRESS = ZULIP_ADMINISTRATOR;
-      OPEN_REALM_CREATION = true;
+
      # domain name
      EXTERNAL_HOST = config.services.zulip.host;
      ZULIP_ADMINISTRATOR = "admin@${config.networking.domain}";
    };
  };
  # persist
  environment.persistence."/persist".directories = [
    # messages
    "/var/lib/rabbitmq"
    # uploads
    "/var/lib/zulip"
    # contrived, but in the store a couple layers down
    # "/var/lib/redis-zulip"
  ];
 }
--- a/pub-keys.nix
+++ b/pub-keys.nix
@@ -1,10 +1,12 @@
 {
  age.secrets = {
    andromeda-pw.file = ./secrets/andromeda-pw.age;
    conduit-secretFile.file = ./secrets/conduit-secretFile.age;
    "dkim-galaxious.de.mail.key".file = ./secrets/dkim-galaxious.de.mail.key.age;
    mtgmonkey-pw.file = ./secrets/mtgmonkey-pw.age;
    mailserver-acc-test-pw.file = ./secrets/mailserver-acc-test-pw.age;
    mailserver-acc-admin-pw.file = ./secrets/mailserver-acc-admin-pw.age;
-    "mailserver-acc-zulip+admin-pw".file = ./secrets + "/mailserver-acc-zulip+admin-pw.age";
+    "mailserver-acc-zulip+admin-pw".file = "${./secrets}/mailserver-acc-zulip+admin-pw.age";
    zulip-avatarSaltKey.file = ./secrets/zulip-avatarSaltKey.age;
    zulip-camoKey.file = ./secrets/zulip-camoKey.age;
    zulip-extraSecrets-email_password.file = ./secrets/zulip-extraSecrets-email_password.age;
@@ -16,7 +18,7 @@
    ssh = {
      andromeda = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJy2VD362wUcu0lKj2d6OIU8dbAna0Lu/NaAYIj8gdIA andromeda@lenovo";
      lenovo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHG4eqsLTq2os2mxfwhys3BpVnowcJrqt2CbRFzN2pJb root@lenovo";
-      _109-199-104-83 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINlpE7T8kvfbDtVRpnkr33EVjBkU+yF2IQPbzkbNVFF3 root@109-199-104-83";
+      _109-199-104-83 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBH5TA6Br8K4xTjD5YcXQDh4UQSvuE0lEs1UxUytDiAn root@109-199-104-83";
    };
  };
 }
--- a/secrets/andromeda-pw.age
+++ b/secrets/andromeda-pw.age
@@ -1,7 +1,8 @@
 age-encryption.org/v1
-> ssh-ed25519 mT2fyg K7kzILfWN/0BDwr0a2oGiuc3kROPhW79nEFs4Fqm7Uw
+-> ssh-ed25519 mT2fyg ixFM7swaItfNnTRVSdTm1wZJ8lHUv7tDOgSXo1OpgCc
-LvTmIvmmBOKsW3wYxI58arafExAaX/VWIjCZ0v9i28Y
+lf8/ChfcpgYkK8mTS9Zk++toOu0KNh88S+Lqu4a0UIw
-> ssh-ed25519 UHxfvA FB8alLQWDkoRqIM6l4D39Ty+Wc318JZyjLTthXCIL0s
+-> ssh-ed25519 UHxfvA hbsRwdzU1IP3K/gH0btUOQ8hZer8Kgq+RqzcEVrCqTE
-QNAOXZq10TaofYpDflKbywJpQTmzq8lZJEoa6Say+s4
+iSVh+yeypHoalRhaRM2XMlBvtO8HCyatDnWgUyC3GWU
--- 9qhHzZQfZFT95v5M2GQHP4ZoAwY8Ba7veV/PRvTX2tQ
+--- hcs6DJZRvjoKDPI/cjUXRfM7+06PNJvWqjkvJof/bSs
-<EFBFBD>t<EFBFBD>]<13><><EFBFBD><EFBFBD><EFBFBD>Q<EFBFBD><51>f&<26><><EFBFBD><EFBFBD>W<EFBFBD>c<7F>c<EFBFBD>ά^,<2C>8S<38>2<EFBFBD>iKX<4B><58><EFBFBD><EFBFBD><EFBFBD><12><><0B>KB5<42><35>W6<57>*<2A><><EFBFBD><EFBFBD>:,<2C><><EFBFBD><EFBFBD><05>k<EFBFBD>Êo<C38A>u3<75><33><EFBFBD>;<1D><><EFBFBD>E<EFBFBD>Ti<54>9&*o<>q<06>'q<>B
+Bo<1A>p<EFBFBD>Qlg-<2D>\<5C>=ƙ	ڼ<0B><><1E><>sv<13><>~<7E><>O<EFBFBD><4F>{Rx<1E>IErô<>s<EFBFBD>1<1F><>v<EFBFBD><76><EFBFBD>:<<3C>
 i<EFBFBD><EFBFBD><EFBFBD>1<EFBFBD>v<0E><03>K<EFBFBD><4B><07><16><>*<2A> |<7C> <20><><EFBFBD><EFBFBD><EFBFBD>5[{<7B>\<5C>
--- a/secrets/conduit-secretFile.age
+++ b/secrets/conduit-secretFile.age
@@ -0,0 +1,9 @@
 age-encryption.org/v1
 -> ssh-ed25519 mT2fyg x0n1JToeD7bRsDYJpv0HFzQYB9YxxiSqt+dG6elG1Eg
 vspLec9Vm6fvJnlDGjzezThc1qeIYyWncBxYwsE/6rg
 -> ssh-ed25519 UHxfvA nOlZo53SINXJs8tt/vdoiGjMnIW/lYZVdI8TJfAFqxE
 XlxvrHDFlm8c7odfNbBw0/QeYuCj5e4VValql5JNNgg
 -> ssh-ed25519 yXDKAA Rf+obXBUKxOcMqrb6rlOSfZGyjkj1PnRvHUSDToj6Tw
 XV/3FmC48Wcg9r3C5soRKBwOcBgat2ueAa8pU1MUYLE
 --- l/eEq13iyiddR9Rgf47Mv8JxPfjINwCnU4pd3KyxMVQ
 ^P%<25>Ϧ<EFBFBD><CFA6>}<7D><>M<EFBFBD><4D><EFBFBD>&ߢه<DFA2>Q<>?d^<04>Y<EFBFBD>	<09>~<7E>Tu<54><75><EFBFBD>o<EFBFBD>f<EFBFBD><66><EFBFBD>7<>n<1D>'!'͓<><10><><EFBFBD>]d͇0>v<>ǟ<EFBFBD><12>.<2E><>E]<1D><>ԇ|<7C>>d<><64>*wDɏ<44><1A><><EFBFBD><EFBFBD><0E><>)cH<63><48><EFBFBD>@W<>v*<2A>Wk<57><6B><EFBFBD>N<EFBFBD><4E>R<EFBFBD>F	I@<40><>;9=u<><75><EFBFBD><EFBFBD><7F><EFBFBD><EFBFBD>τ<EFBFBD>,<01><><EFBFBD>)<29>>b<><03>:O<>J<EFBFBD>=<3D>W
--- a/secrets/dkim-galaxious.de.mail.key.age
+++ b/secrets/dkim-galaxious.de.mail.key.age
--- a/secrets/mailserver-acc-admin-pw.age
+++ b/secrets/mailserver-acc-admin-pw.age
--- a/secrets/mailserver-acc-test-pw.age
+++ b/secrets/mailserver-acc-test-pw.age
--- a/secrets/mailserver-acc-zulip+admin-pw.age
+++ b/secrets/mailserver-acc-zulip+admin-pw.age
@@ -1,9 +1,10 @@
 age-encryption.org/v1
-> ssh-ed25519 mT2fyg FHuYkPGH3UL3O34LIx8cDhJIWfskCN7UVG3AdWiKg1o
+-> ssh-ed25519 mT2fyg sRu0FIphSJVMBcC02mo1YuZdy3i2+/jMeN3ROvxp4kM
-eR7vCHJDwKKM046yFTZ+ZNjGGEo4/OiYWGxME7Px30g
+sEwx23t3IAauISKesq+110ZKRKxQv3Zesd0AJufYOLs
-> ssh-ed25519 UHxfvA 7mvZu454XNEa23FzE8QQ5vIfl2PTixieAhwtjS2kKBM
+-> ssh-ed25519 UHxfvA +YaJGPRT7nX2CqVzw1ixNLpW7MfzEnj44pSwj4iUwhI
-nX+3S24PR5ymH6XYbITgNG3AS98OzkVYs0b2tcEkpYE
+E2U6Q+4uesNCWK7uVSztrA84TU/n/xLFm3PJH0hO/EM
-> ssh-ed25519 j/PduQ ivvo7z0GMBIeApn1fSNkrKBAI9vrzV3kOshH9KTRCkg
+-> ssh-ed25519 yXDKAA V2kygl0BK/oYpKnnheslBO2YqXFdQWFgtqfmDNdgolc
-G1qrQfYKoaYyFXplnr7itkU9fT7SEe96UuWGYz5qoak
+NpJNN4nfrbgOav8Y38C9DwKFZH+QTRp/US/8kyo9m0o
--- cifQaIuyTN6u6GWRVqui2qjQqQSYgEYKJlFY1g54y78
+--- LdqtfywtHOAy3AZ7AexZU0TJMU/ugq+ZYN07706rNxY
-<EFBFBD><EFBFBD><EFBFBD>V1;<19>ki<6B>bڸ<62>g<><67><EFBFBD>n6.<2E>N<EFBFBD>RR <20><06>g<EFBFBD>|yP<1B>ѾPRfq'<08><>F%<25><>a"l<1D>;<3B>+<2B>M<EFBFBD><4D><EFBFBD><EFBFBD>v<EFBFBD><76><EFBFBD><EFBFBD><0E>&<26><><EFBFBD><EFBFBD>P<EFBFBD><0B>#<23><><EFBFBD>
+<EFBFBD>
 U$<24>Ap<>nG<6E>Neɕ<65>u<EFBFBD>y`!<21>ʤ<EFBFBD><CAA4><EFBFBD>f;ipv<70>Y<EFBFBD><59>V_3<5F><33>N+<06><><EFBFBD>k#<23>{<7B><><EFBFBD><EFBFBD><EFBFBD>W<EFBFBD>*<2A>n(<28><0F><03><><14><>ջG6<47><36>݈yc`<60><>q<EFBFBD>:$K]?͗b=<3D>'<27>^<5E>9
--- a/secrets/mtgmonkey-pw.age
+++ b/secrets/mtgmonkey-pw.age
@@ -1,8 +1,7 @@
 age-encryption.org/v1
-> ssh-ed25519 mT2fyg vJUroogm1lL+g4D9kPvaKXwHLtQ9I0pM6SWDzuYji0o
+-> ssh-ed25519 mT2fyg WZNwnBmikWIb4rlH89iIQHouM7cw07/E/KXz/AVv3V8
-dRsKh5Z4E7gOSI5GDwe2Qh6H81oSh3LuF0jSWyERpZ4
+FxLaO1zM0aGztJAsq+lgrM8gFogKY76Wcs1vYxhA19g
-> ssh-ed25519 UHxfvA Cxh3+rMnMw0r8wVyLqdItC3/uNtmlR5r/q4fsnFRKyc
+-> ssh-ed25519 UHxfvA YIpS5r25kHVJtG3+kDVUvAPyTKDsRPG/jHwXmiD44SA
-EtR9sbq5heOxg+ldMRld9KDhruEhsly2HMUvVR8Sy5I
+FKAmC669aQzSbjBjbQbzCixdqnCXnb/JJRQo2MgEZgw
--- cIUB+TgDOllwLTG0XZbnV0AzV80SPzP9L6/HJAK1x8g
+--- xvwJ5oYHR3T1D44fl/aeAVjZglnKhq0JKZr9YecC3EE
-<EFBFBD>	9<15>S[<5B><><1C><>Q<7F>,<2C>Z<EFBFBD>Pr<><EFBFBD><EFBFBD>"<EFBFBD><EFBFBD><EFBFBD><EFBFBD>L<0F><><EFBFBD><01>F$<24><>vs<76>-پ<><D9BE>&<26>T<EFBFBD><0B>
+<EFBFBD>ow<6F>M<EFBFBD><4D><EFBFBD><EFBFBD>{<7B>8<EFBFBD>m<EFBFBD>$/<2F>1<EFBFBD><1A>0<EFBFBD>ts<74><73><EFBFBD>X<EFBFBD><EFBFBD><1D><><EFBFBD><EFBFBD><EFBFBD>Cד<EFBFBD><EFBFBD><EFBFBD><EFBFBD>\<13>h<>-}<7D><>E,<2C> <20><><1E>,dxdX<>TAk<41><6B><18>
 <08>[<1C>콟4h$<24><>Ֆ<EFBFBD>:<3A><><EFBFBD><EFBFBD>k<EFBFBD><6B><EFBFBD>?<3F>1~<7E><><EFBFBD>MO±W'T<><54><EFBFBD><EFBFBD>
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -8,6 +8,14 @@ in {
  "andromeda-pw.age".publicKeys = [andromeda lenovo];
  "mtgmonkey-pw.age".publicKeys = [andromeda lenovo];
  # contains the following env
  # CONDUIT_JWT_SECRET
  # CONDUIT_TURN_SECRET
  "conduit-secretFile.age".publicKeys = [andromeda lenovo _109-199-104-83];
  # dkim private keys
  "dkim-galaxious.de.mail.key.age".publicKeys = [andromeda lenovo _109-199-104-83];
  # mail account passwords
  "mailserver-acc-test-pw.age".publicKeys = [andromeda lenovo _109-199-104-83];
  "mailserver-acc-admin-pw.age".publicKeys = [andromeda lenovo _109-199-104-83];
--- a/secrets/zulip-avatarSaltKey.age
+++ b/secrets/zulip-avatarSaltKey.age
--- a/secrets/zulip-camoKey.age
+++ b/secrets/zulip-camoKey.age
@@ -1,9 +1,10 @@
 age-encryption.org/v1
-> ssh-ed25519 mT2fyg PuSf5leyB85HuKWlMJkL8v18NUbDBXHBlVrm5EEhHCo
+-> ssh-ed25519 mT2fyg 5ADzKAtycqfFpqW/dp71FTaK2gchzdWFNqxPyZ6deSY
-afWMNlJAsnTFbQhWHWZWDisgPxTIMYNUQEPt6w/S76g
+aISA4YwF1l9S0fmE84wOvAJpM221bwPDYvXELTVv9k
-> ssh-ed25519 UHxfvA 0yY6R0w5on+k2TgrAAfkr3BhVpBymkdzOlNn1vwX7Xc
+-> ssh-ed25519 UHxfvA uKYcpPbaXA4r1OmlkuiIu/EqQ3IiHR7JpItnVgTaW2g
-U+Xoitf7/bbzrLLkCA8um2Alozrc0kGUPUviIeSC2hs
+LjySgI4mTlaZY81IJc6DmBh43l2qeGlQnZi+rOlbtb8
-> ssh-ed25519 j/PduQ KxUHl7qP4hqZB9bT+M4XdqIY3EptkK++/z1cZ5T/p3I
+-> ssh-ed25519 yXDKAA TMwoM06ZJsjkZ7eLguxqYB05jcRn+tTgVzE7WQIf0mw
-h+eFBGLtmq7ZFuYLsqexEDNv1eKorJxldTitZ4DozNs
+vKwCkWsywGsgVv6Y278Mi28MhCYBRRUnfg4+EouOw+0
--- 8WLobgK1wezG9DNZymCRfhpQGwuSvpdkbcoHF51cpA8
+--- CScrim9wya9AhElXBtKBR3XBZDL83/g3MTfdF258GJ8
-<EFBFBD>Cv<EFBFBD>?O<>g<EFBFBD>JO<4A><4F><0C>TԾw<D4BE>J=[<5B><><1F>70<37>2yȇ<79><C887><EFBFBD><EFBFBD><08>L<EFBFBD><EFBFBD>
+K#<23>>8}c<><EFBFBD><7F>}8<><38>L<04>(<28><>c<EFBFBD><EFBFBD>
 <EFBFBD>w1<EFBFBD>"O<><4F>
--- a/secrets/zulip-extraSecrets-email_password.age
+++ b/secrets/zulip-extraSecrets-email_password.age
@@ -1,9 +1,10 @@
 age-encryption.org/v1
-> ssh-ed25519 mT2fyg BRDLpeTvLv4+ihpbdRXz/9wT/SflL0tIM/LSAtXI3RM
+-> ssh-ed25519 mT2fyg IOcD4r19Gx2AvjusnnJDHQXr/U4Ti6qKr01I9lNQDQE
-ko6h87bR5hc9XH6L+ZRhZAofIowOvptdpMbIzPS26TI
+fCwouMQPvhkyzehszuv0YhSfNh9zGKaFNDKaTZT0rD0
-> ssh-ed25519 UHxfvA hN+tfjFVpQKtulo3CAfN1ZGeWpzMjRuBnmHHJmCgBV4
+-> ssh-ed25519 UHxfvA e95raPehUz6T2FR/eT8kzfrxt/Ou6kKsqi7z/3BkfwU
-q9B8xAsmSi1sYK4cKPDzbsLWgJdng3danwLVzJbOKzQ
+uHymqnY3t7IwpxWkN8xen3Vsy6R7VMoj+fR0zPnPinY
-> ssh-ed25519 j/PduQ 65bPOqJKXgd9O0gERvsOiZ06GD5JujTmvb/KKbRO8nQ
+-> ssh-ed25519 yXDKAA nlR1prGysW+k8gq2npEiboFqoo9jKQ5ISxRiiCFlb0s
-ansPGNwM1u8h7AvDcbRDy4K06BCPjLrv1laIFJxDvCI
+kaGOvlQgO0nOAl12mMKvafa9ezmy8XdUC2tVPuBG4iw
--- EV6qlEPbG1vcr6xfhllXVWa28J8Lp2ojQacdcfsNXLk
+--- MRFAGURoyediqNSjGxr57a0w6n9lH2zVjfyrUZcyAYw
-<EFBFBD>Y<04>._<><5F><EFBFBD>^<06>]<5D><>|<7C><>X@<08>=<3D>{T<>2<EFBFBD><32>IĂ<>_<EFBFBD><5F>+<2B><><EFBFBD>
+
 z<EFBFBD>0
--- a/secrets/zulip-rabbitmqPassword.age
+++ b/secrets/zulip-rabbitmqPassword.age
--- a/secrets/zulip-secretKey.age
+++ b/secrets/zulip-secretKey.age
--- a/secrets/zulip-sharedSecretKey.age
+++ b/secrets/zulip-sharedSecretKey.age
--- a/substitutors.nix
+++ b/substitutors.nix
@@ -0,0 +1,8 @@
 {
  # spectrum
  nix.settings.substituters = ["https://cache.dataaturservice.se/spectrum/"];
  nix.settings.trusted-public-keys = [
    "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
    "spectrum-os.org-2:foQk3r7t2VpRx92CaXb5ROyy/NBdRJQG2uX2XJMYZfU="
  ];
 }
--- a/users/andromeda/home.nix
+++ b/users/andromeda/home.nix
@@ -101,7 +101,7 @@ in {
          pkgs.nur.repos.rycee.firefox-addons.tridactyl
        ];
        search = {
-          default = "repos";
+          default = "ddghtml";
          privateDefault = "ddghtml";
          order = [
            "wiki"
@@ -159,16 +159,6 @@ in {
                }
              ];
            };
            "repos" = {
              template = "https://html.duckduckgo.com/html/";
              params = [
                {
                  name = "q";
                  value = "{searchTerms}+(site:*.gitlab.org OR site:github.com OR site:git.mtgmonkey.net OR site:sr.ht)";
                }
              ];
            };
          };
        };
        settings = {
--- a/users/andromeda/sway_config
+++ b/users/andromeda/sway_config
@@ -55,6 +55,12 @@ bindsym $mod+Shift+8 move container to workspace number 8
 bindsym $mod+Shift+9 move container to workspace number 9
 bindsym $mod+Shift+0 move container to workspace number 0
 seat * hide_cursor 100
 input type:touchpad events disabled
 bindsym $mod+r exec 'swaymsg "seat * hide_cursor 100"; swaymsg "input type:touchpad events disabled"'
 bindsym $mod+t exec 'swaymsg "seat * hide_cursor 0"; swaymsg "input type:touchpad events enabled"'
 bindsym $mod+f fullscreen
 bindsym $mod+Shift+space floating toggle
 bindsym $mod+Shift+minus move scratchpad
@@ -64,8 +70,8 @@ bindsym --locked XF86AudioMute exec pactl set-sink-mute \@DEFAULT_SINK@ toggle
 bindsym --locked XF86AudioLowerVolume exec pactl set-sink-volume \@DEFAULT_SINK@ -5%
 bindsym --locked XF86AudioRaiseVolume exec pactl set-sink-volume \@DEFAULT_SINK@ +5%
 bindsym --locked XF86AudioMicMute exec pact set-source-mute \@DEFAULT_SOURCE@ toggle
-bindsym --locked XF86MonBrightnessDown exec brightnessctl set 5%-
+bindsym --locked XF86MonBrightnessDown exec brightnessctl set 2%-
-bindsym --locked XF86MonbrightnessUp exec brightnessctl set 5%+
+bindsym --locked XF86MonbrightnessUp exec brightnessctl set 2%+
 default_border none
 font pango:monospace 0.001
Author	SHA1	Message	Date
andromeda	580cbd1851	init nix-on-droid	2026-01-14 22:57:40 +01:00
andromeda	6fdcd13627	adjust brightness, disable touchpad sometimes	2026-01-14 20:18:25 +01:00
andromeda	6fb816f27c	reenable ipv6; reconfigure browser	2026-01-14 05:31:48 +01:00
andromeda	c0e92a4ef3	typo	2026-01-13 10:55:24 +01:00
andromeda	b754a3d53f	matrix-synapse?	2026-01-13 10:48:56 +01:00
andromeda	19d45ebd05	edit TODO.md	2026-01-13 06:29:18 +01:00
andromeda	312ee02d9e	fix alias traversal	2026-01-13 06:21:08 +01:00
andromeda	c377598d5c	conduit setup?	2026-01-13 06:16:27 +01:00
andromeda	dcb82ed361	add README, conduit	2026-01-13 05:53:57 +01:00
andromeda	b25ce469b6	persist zulip	2026-01-12 19:09:27 +01:00
andromeda	d2d370442b	ssl port email?	2026-01-12 18:01:52 +01:00
andromeda	e05c9fe5a5	add tls (I don't know how this works)	2026-01-12 17:46:49 +01:00
andromeda	c1d8b4dff3	use non-tls ssl? [fix typo]	2026-01-12 17:37:55 +01:00
andromeda	a7e65a0943	use non-tls ssl?	2026-01-12 17:35:38 +01:00
andromeda	d2e95f2fb8	add EMAIL_HOST_USER?	2026-01-12 16:31:58 +01:00
andromeda	9b0944223f	fix typo	2026-01-12 16:19:37 +01:00
andromeda	bea6414758	actually add zulip module	2026-01-12 15:45:38 +01:00
andromeda	90ad40e207	fix zulip?	2026-01-12 15:41:06 +01:00
andromeda	803bc95317	fix dkim perms?	2026-01-12 14:26:35 +01:00
andromeda	4bd6ddece1	declare dkim secrets	2026-01-12 13:30:25 +01:00
andromeda	3fa9a368bf	update remote pub keys	2026-01-12 13:04:33 +01:00