Add a `metacfg.tools.wezterm` home-manager module so wezterm.lua
configuration can be reused across hosts instead of being duplicated
inline. Migrate halo and amd to the new module and enable it on rialo
(font size 14, term = xterm-256color).
Lays the groundwork for Sparda-Bank Südwest transaction sync via
direct FinTS (no third-party data proxy). aqbanking-cli in the system
PATH, persistent state at /var/lib/firefly-aqbanking, sops slot for
the online-banking PIN. Initial enrollment must be done interactively
on the host; systemd timer for automated fetches comes in a follow-up.
Share the check script via a parameterized mkDiskCheck function over
{ name, mountPoint, label } and iterate an attrset to emit the boot
and root services plus their daily timers.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- Added `StartLimitIntervalSec` and `StartLimitBurst` for `ntfy-failure@` unit.
- Refactored `ExecStart` into `script` for improved readability.
- Adjusted `scriptArgs` from `%I` to `%i`.
%i passes the escaped unit name which systemctl status cannot resolve,
causing "Failed to mangle name" errors.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Files vanishing during transfer is expected for mail directories
where messages are constantly moved.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Added `blackhole-2ch` to casks and `darktable` to system packages.
- Disabled `wezterm` and kept `direnv` and `alacritty` enabled in tools.
- Improves utility and functionality by refining the configuration.
Replace broken proxy_cache_bypass (was bypassing every request) with
proxy_cache_lock to coalesce concurrent requests for the same path.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Allow TCP ports 80 and 443 in the firewall for HTTP and HTTPS traffic.
- Enable Nginx with ACME integration for automatic SSL certificate management.
- Configure a virtual host with proxy settings and support for WebSocket traffic.
- Wrap `config.onFailure` in `mkIf cfg.enable` to ensure units are conditionally applied based on the service's `enable` configuration.
- Prevents unnecessary configuration of failure units when the service is disabled.
- Rename `attic` database to `atticd` and set `atticd` user as the owner directly.
- Remove redundant `postStart` script for altering database ownership.
- Update `database.url` to match the renamed database.
- Set `libvirtd.enable` to `false` in `default.nix` to align with the current virtualization setup.
- Prevents unnecessary service activation and reduces resource usage.
- Update `psql` command in the `postStart` script to explicitly connect to the `postgres` database before altering ownership of the `attic` database.
- Ensures the command runs without issues in environments with restricted default database access.
- Replace `$PSQL` with `psql` to use the correct PostgreSQL CLI directly.
- Ensures compatibility and prevents potential runtime issues in the systemd service.
- Replace `dhcpcd` with `systemd-networkd` by setting `networking.useDHCP` to `false` and `networking.useNetworkd` to `true`.
- Add a static IPv6 configuration and routes for `enp1s0` in `30-wan`.
- Ensures a more streamlined and customizable network configuration.
- Set `security.sudo.wheelNeedsPassword` to `false` in `default.nix`.
- Simplifies sudo access for users in the wheel group and aligns with system usage patterns.
- Set `networking.dhcpcd.IPv6rs` to `true` in `default.nix` to support IPv6 router solicitation.
- Ensures better compatibility with networks requiring IPv6 RA for configuration.
- Remove the ESP partition configuration in `disko.nix` as it’s unnecessary for legacy BIOS setups.
- Enable GRUB bootloader and disable EFI settings in `default.nix` for compatibility with Hetzner cloud instances.
- Switch disk device from `/dev/vda` to `/dev/sda` for compatibility.
- Add S3 storage configuration with bucket, region, and endpoint.
- Update system state version from `24.05` to `25.11`.
- Remove unused imports and clean up redundant attributes.
Runs on sgx so alerts (via Gmail) still work even if mx is down.
Available at https://status.hoyer.world behind nginx with ACME cert.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add configurable ntfy options (tokenFile, url, topic) to the shared
emailOnFailure module. When tokenFile is set, a ntfy-failure@ template
service is added alongside the existing email notifications. Systems
without ntfy configured are unaffected.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
