diff --git a/nixos/flake.lock b/nixos/flake.lock index fbc9b8f..f185299 100644 --- a/nixos/flake.lock +++ b/nixos/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1773506317, - "narHash": "sha256-qWKbLUJpavIpvOdX1fhHYm0WGerytFHRoh9lVck6Bh0=", + "lastModified": 1773889306, + "narHash": "sha256-PAqwnsBSI9SVC2QugvQ3xeYCB0otOwCacB1ueQj2tgw=", "owner": "nix-community", "repo": "disko", - "rev": "878ec37d6a8f52c6c801d0e2a2ad554c75b9353c", + "rev": "5ad85c82cc52264f4beddc934ba57f3789f28347", "type": "github" }, "original": { @@ -99,11 +99,11 @@ ] }, "locked": { - "lastModified": 1773810247, - "narHash": "sha256-6Vz1Thy/1s7z+Rq5OfkWOBAdV4eD+OrvDs10yH6xJzQ=", + "lastModified": 1776184304, + "narHash": "sha256-No6QGBmIv5ChiwKCcbkxjdEQ/RO2ZS1gD7SFy6EZ7rc=", "owner": "nix-community", "repo": "home-manager", - "rev": "d47357a4c806d18a3e853ad2699eaec3c01622e7", + "rev": "3c7524c68348ef79ce48308e0978611a050089b2", "type": "github" }, "original": { @@ -141,11 +141,11 @@ ] }, "locked": { - "lastModified": 1773422513, - "narHash": "sha256-MPjR48roW7CUMU6lu0+qQGqj92Kuh3paIulMWFZy+NQ=", + "lastModified": 1774991950, + "narHash": "sha256-kScKj3qJDIWuN9/6PMmgy5esrTUkYinrO5VvILik/zw=", "owner": "nix-community", "repo": "home-manager", - "rev": "ef12a9a2b0f77c8fa3dda1e7e494fca668909056", + "rev": "f2d3e04e278422c7379e067e323734f3e8c585a7", "type": "github" }, "original": { @@ -161,11 +161,11 @@ ] }, "locked": { - "lastModified": 1773000227, - "narHash": "sha256-zm3ftUQw0MPumYi91HovoGhgyZBlM4o3Zy0LhPNwzXE=", + "lastModified": 1775037210, + "narHash": "sha256-KM2WYj6EA7M/FVZVCl3rqWY+TFV5QzSyyGE2gQxeODU=", "owner": "nix-darwin", "repo": "nix-darwin", - "rev": "da529ac9e46f25ed5616fd634079a5f3c579135f", + "rev": "06648f4902343228ce2de79f291dd5a58ee12146", "type": "github" }, "original": { @@ -185,11 +185,11 @@ ] }, "locked": { - "lastModified": 1773851886, - "narHash": "sha256-+3ygZuf5K8mtSGMMEZ/h+vxGvXCu1CmiB+531KMagH8=", + "lastModified": 1776183358, + "narHash": "sha256-uRWaRXGhkyGWMbNgQcmx0+RPzPLenVGopkNHgAEfmBQ=", "owner": "openclaw", "repo": "nix-openclaw", - "rev": "64d410666821866c565e048a4d07d6cf5d8e494e", + "rev": "53aac0dce0810c40c75793fdad3d41b0f7e7baaf", "type": "github" }, "original": { @@ -222,11 +222,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1773603777, - "narHash": "sha256-oXSEbMR/IuHYk9nvrbRhaYBxVK5s63DH2UGOZT2ok48=", + "lastModified": 1776255237, + "narHash": "sha256-LQjlc0VEn55WAT4BiI8sIsokb/2FNlcbBD+Xr3MTE24=", "owner": "nix-community", "repo": "NixOS-WSL", - "rev": "0efe7af73d6e4a8d447a22936c5526d73822b0a7", + "rev": "9a8c2a85f1ffdcecfb0f9c52c5a73c49ceb43911", "type": "github" }, "original": { @@ -254,11 +254,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1773282481, - "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=", + "lastModified": 1773734432, + "narHash": "sha256-IF5ppUWh6gHGHYDbtVUyhwy/i7D261P7fWD1bPefOsw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127", + "rev": "cda48547b432e8d3b18b4180ba07473762ec8558", "type": "github" }, "original": { @@ -270,11 +270,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1773628058, - "narHash": "sha256-hpXH0z3K9xv0fHaje136KY872VT2T5uwxtezlAskQgY=", + "lastModified": 1776255774, + "narHash": "sha256-psVTpH6PK3q1htMJpmdz1hLF5pQgEshu7gQWgKO6t6Y=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f8573b9c935cfaa162dd62cc9e75ae2db86f85df", + "rev": "566acc07c54dc807f91625bb286cb9b321b5f42a", "type": "github" }, "original": { @@ -368,11 +368,11 @@ ] }, "locked": { - "lastModified": 1773737882, - "narHash": "sha256-P6k0BtT1/idYveVRdcwAZk8By9UjZW8XOMhSoS6wTBY=", + "lastModified": 1776317517, + "narHash": "sha256-JP1XVRabZquf7pnXvRUjp7DV+EBrB6Qmp3+vG3HMy/k=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "a7f1db35d74faf04e5189b3a32f890186ace5c28", + "rev": "0a7be59e988bb2cb452080f59aaabae70bc415ae", "type": "github" }, "original": { diff --git a/nixos/hosts/phantom-ship.nix b/nixos/hosts/phantom-ship.nix index 0f08e9b..617b9e5 100644 --- a/nixos/hosts/phantom-ship.nix +++ b/nixos/hosts/phantom-ship.nix @@ -56,7 +56,8 @@ in }; time.timeZone = "Europe/Copenhagen"; - nixpkgs.config.permittedInsecurePackages = [ "openclaw-2026.3.12" ]; + nixpkgs.config.permittedInsecurePackages = [ "openclaw-2026.3.12" "openclaw-2026.4.12" ]; + nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "claude-code" ]; nix.settings.experimental-features = [ "nix-command" "flakes" ]; programs.nix-ld.enable = true; # run dynamically linked binaries (e.g. Claude Code remote CLI) system.stateVersion = "24.11"; @@ -79,10 +80,12 @@ in # Passwordless sudo for wheel. security.sudo.wheelNeedsPassword = false; environment.systemPackages = with pkgs; [ - git # clone/bootstrap and dotfiles-rebuild timer - nodejs # npm for openclaw plugin installs - python3 # node-gyp dependency for openclaw plugins - wakeonlan # wake rusty-anchor: wakeonlan 00:16:cb:87:20:ba + git # clone/bootstrap and dotfiles-rebuild timer + nodejs # npm for openclaw plugin installs + python3 # node-gyp dependency for openclaw plugins + wakeonlan # wake rusty-anchor: wakeonlan 00:16:cb:87:20:ba + bun # runtime for claude-code channel plugins + claude-code # Claude Code CLI (channels replaces openclaw) ]; # OpenClaw AI gateway — Telegram bot, Anthropic API. diff --git a/nixos/hosts/sunken-ship.nix b/nixos/hosts/sunken-ship.nix index a98a9e0..7099ae4 100644 --- a/nixos/hosts/sunken-ship.nix +++ b/nixos/hosts/sunken-ship.nix @@ -95,6 +95,7 @@ in # Persist the bind mount so navidrome can read music outside ProtectHome. fileSystems."/srv/music" = { device = "/home/danny/music"; + fsType = "none"; options = [ "bind" "ro" ]; }; @@ -132,8 +133,9 @@ in }; # BigBiggerBiggestBot — Telegram fitness tracker with Mini App. - # Code deployed separately via rsync (private repo, not referenced here). + # Code: https://github.com/DannyDannyDanny/bigbiggerbiggestbot cloned at /home/danny/tg_fitness_bot # Bot token: ~danny/.secrets/bigbiggerbiggestbot + # Deployment: fitness-bot-pull timer below runs every 15 min, git pulls, restarts service on changes. systemd.services.fitness-bot = let pythonEnv = pkgs.python3.withPackages (ps: with ps; [ python-telegram-bot @@ -155,6 +157,34 @@ in }; }; + # Pull fitness bot from GitHub and restart the service if the repo has new commits. + # Code lives at /home/danny/tg_fitness_bot (git clone of DannyDannyDanny/bigbiggerbiggestbot). + # workouts.db is gitignored — preserved across pulls. + systemd.services.fitness-bot-pull = { + description = "Pull fitness bot and restart service if repo changed"; + path = with pkgs; [ git systemd ]; + environment.GIT_CONFIG_COUNT = "1"; + environment.GIT_CONFIG_KEY_0 = "safe.directory"; + environment.GIT_CONFIG_VALUE_0 = "/home/danny/tg_fitness_bot"; + script = '' + set -euo pipefail + cd /home/danny/tg_fitness_bot + git fetch origin + if [ "$(git rev-parse HEAD)" = "$(git rev-parse origin/main)" ]; then + exit 0 + fi + git pull origin main + systemctl restart fitness-bot + ''; + serviceConfig.Type = "oneshot"; + }; + + systemd.timers.fitness-bot-pull = { + wantedBy = [ "timers.target" ]; + timerConfig.OnCalendar = "*-*-* *:07/15:00"; # every 15 minutes, offset from dotfiles-rebuild + timerConfig.RandomizedDelaySec = "2min"; + }; + # Pull dotfiles and rebuild if the repo has new commits. systemd.services.dotfiles-rebuild = { description = "Pull dotfiles and run nixos-rebuild if repo changed";