flake.lock

@@ -165,28 +165,6 @@
         "type": "github"
       }
     },
-    "firefox-addons": {
-      "inputs": {
-        "nixpkgs": [
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "dir": "pkgs/firefox-addons",
-        "lastModified": 1781409739,
-        "narHash": "sha256-6dadOVlqPpjy0w4WuwvX+Qx0Kkaabm3tahMrCrr72Rg=",
-        "owner": "rycee",
-        "repo": "nur-expressions",
-        "rev": "ef56de5faccb3ac59d95aa31cce551ff72e35bed",
-        "type": "gitlab"
-      },
-      "original": {
-        "dir": "pkgs/firefox-addons",
-        "owner": "rycee",
-        "repo": "nur-expressions",
-        "type": "gitlab"
-      }
-    },
     "flake-compat": {
       "flake": false,
       "locked": {
@@ -261,6 +239,24 @@
         "type": "github"
       }
     },
+    "flake-utils": {
+      "inputs": {
+        "systems": "systems_2"
+      },
+      "locked": {
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
     "ghostty": {
       "flake": false,
       "locked": {
@@ -450,6 +446,58 @@
         "type": "github"
       }
     },
+    "ngit-cli": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "ngit-grasp": "ngit-grasp",
+        "nixpkgs": [
+          "nixpkgs-unstable"
+        ],
+        "rust-overlay": "rust-overlay_2"
+      },
+      "locked": {
+        "lastModified": 1781642208,
+        "narHash": "sha256-2HLVq2EvbVRCudbh2LG8o3ik2/W9513AxJBvNPbSLYY=",
+        "owner": "danconwaydev",
+        "repo": "ngit-cli",
+        "rev": "d442c087faeb5780468fbfce5e9ba658dd6211e1",
+        "type": "github"
+      },
+      "original": {
+        "owner": "danconwaydev",
+        "repo": "ngit-cli",
+        "type": "github"
+      }
+    },
+    "ngit-grasp": {
+      "inputs": {
+        "flake-utils": [
+          "ngit-cli",
+          "flake-utils"
+        ],
+        "nixpkgs": [
+          "ngit-cli",
+          "nixpkgs"
+        ],
+        "rust-overlay": [
+          "ngit-cli",
+          "rust-overlay"
+        ]
+      },
+      "locked": {
+        "lastModified": 1779467914,
+        "narHash": "sha256-qoJBhgsWq3PlTV1cnkVMEQDjpIBE8xaKlxR3EXYVZLM=",
+        "ref": "refs/heads/master",
+        "rev": "70862428b5847ee98e94cc846885f80496cf3533",
+        "revCount": 642,
+        "type": "git",
+        "url": "https://gitnostr.com/npub15qydau2hjma6ngxkl2cyar74wzyjshvl65za5k5rl69264ar2exs5cyejr/ngit-grasp.git"
+      },
+      "original": {
+        "type": "git",
+        "url": "https://gitnostr.com/npub15qydau2hjma6ngxkl2cyar74wzyjshvl65za5k5rl69264ar2exs5cyejr/ngit-grasp.git"
+      }
+    },
     "nix": {
       "inputs": {
         "flake-compat": [
@@ -580,6 +628,22 @@
       }
     },
     "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1744536153,
+        "narHash": "sha256-awS2zRgF4uTwrOKwwiJcByDzDOdo3Q1rPZbiHQg/N38=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "18dd725c29603f582cf1900e0d25f9f1063dbf11",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_3": {
       "locked": {
         "lastModified": 1781216227,
         "narHash": "sha256-9mUW6gNwoN2SWc/l0fW4svPNOulXLl8ijqKyeSOGgJE=",
@@ -595,7 +659,7 @@
         "type": "github"
       }
     },
-    "nixpkgs_3": {
+    "nixpkgs_4": {
       "locked": {
         "lastModified": 1780453794,
         "narHash": "sha256-bXMRa9VTsHSPXL4Cw8R6JJLQeY3Y/IP4+YJCYVmQ7FY=",
@@ -614,8 +678,8 @@
     "nixvim": {
       "inputs": {
         "flake-parts": "flake-parts_2",
-        "nixpkgs": "nixpkgs_3",
-        "systems": "systems_2"
+        "nixpkgs": "nixpkgs_4",
+        "systems": "systems_3"
       },
       "locked": {
         "lastModified": 1781531135,
@@ -638,17 +702,16 @@
         "darwin": "darwin_2",
         "devenv": "devenv",
         "disko": "disko",
-        "firefox-addons": "firefox-addons",
         "git-hooks": "git-hooks_2",
         "home-manager": "home-manager_2",
         "impermanence": "impermanence",
+        "ngit-cli": "ngit-cli",
         "nixos-facter-modules": "nixos-facter-modules",
-        "nixpkgs": "nixpkgs_2",
+        "nixpkgs": "nixpkgs_3",
         "nixpkgs-darwin": "nixpkgs-darwin",
         "nixpkgs-unstable": "nixpkgs-unstable",
         "nixvim": "nixvim",
-        "secrets": "secrets",
-        "zen-browser": "zen-browser"
+        "secrets": "secrets"
       }
     },
     "rust-overlay": {
@@ -672,6 +735,24 @@
         "type": "github"
       }
     },
+    "rust-overlay_2": {
+      "inputs": {
+        "nixpkgs": "nixpkgs_2"
+      },
+      "locked": {
+        "lastModified": 1781234414,
+        "narHash": "sha256-HdA+P4fKRGOomkewnI/Tww5Wz4xK1O7+hDO90YAsPB4=",
+        "owner": "oxalica",
+        "repo": "rust-overlay",
+        "rev": "1d18bfe3de6244c641ca4e8011186d0981b81d76",
+        "type": "github"
+      },
+      "original": {
+        "owner": "oxalica",
+        "repo": "rust-overlay",
+        "type": "github"
+      }
+    },
     "secrets": {
       "locked": {
         "lastModified": 1781953871,
@@ -717,6 +798,21 @@
         "type": "github"
       }
     },
+    "systems_3": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
     "treefmt-nix": {
       "inputs": {
         "nixpkgs": [
@@ -738,29 +834,6 @@
         "repo": "treefmt-nix",
         "type": "github"
       }
-    },
-    "zen-browser": {
-      "inputs": {
-        "home-manager": [
-          "home-manager"
-        ],
-        "nixpkgs": [
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1781426426,
-        "narHash": "sha256-yzxJMNgv/sLishhCT9G2lm7W9CjHSlXWkfbWC7vfjqc=",
-        "owner": "0xc000022070",
-        "repo": "zen-browser-flake",
-        "rev": "df336067c1a8af3bfce3f0b88b66dc1c57411b4e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "0xc000022070",
-        "repo": "zen-browser-flake",
-        "type": "github"
-      }
     }
   },
   "root": "root",

flake.nix

@@ -30,15 +30,14 @@
     disko.url = "github:nix-community/disko?shallow=true";
     disko.inputs.nixpkgs.follows = "nixpkgs";
 
-    git-hooks.url = "github:cachix/git-hooks.nix";
+    git-hooks.url = "github:cachix/git-hooks.nix?shallow=true";
     git-hooks.inputs.nixpkgs.follows = "nixpkgs-unstable";
 
-    zen-browser.url = "github:0xc000022070/zen-browser-flake";
-    zen-browser.inputs.nixpkgs.follows = "nixpkgs";
-    zen-browser.inputs.home-manager.follows = "home-manager";
+    ngit-cli.url = "github:danconwaydev/ngit-cli?shallow=true";
+    ngit-cli.inputs.nixpkgs.follows = "nixpkgs-unstable";
 
-    firefox-addons.url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons";
-    firefox-addons.inputs.nixpkgs.follows = "nixpkgs";
+    ngit-grasp.url = "git+https://gitnostr.com/npub15qydau2hjma6ngxkl2cyar74wzyjshvl65za5k5rl69264ar2exs5cyejr/ngit-grasp.git";
+    ngit-grasp.inputs.nixpkgs.follows = "nixpkgs-unstable";
   };
 
   outputs =

home/features/cli/default.nix

@@ -1,5 +1,6 @@
 {
   config,
+  inputs,
   pkgs,
   ...
 }:
@@ -18,7 +19,7 @@
     pkgs.unstable.devenv
     pkgs.unstable.glow
     pkgs.unstable.nak
-    # pkgs.zapstore-cli
+    inputs.ngit-cli.packages.${pkgs.system}.default
   ];
 
   programs.bash.enable = true;

home/features/desktop/default.nix

@@ -6,7 +6,6 @@
     ./logseq.nix
     # ./thunderbird.nix
     ./yubikey.nix
-    # ./zen-browser.nix
   ]
   ++ lib.optionals (isDarwin) [
     ./aerospace.nix

home/features/desktop/zen-browser.nix

@@ -1,181 +0,0 @@
-{ inputs
-, config
-, pkgs
-, ...
-}:
-
-{
-  imports = [
-    inputs.zen-browser.homeModules.beta
-  ];
-
-  programs.zen-browser.policies = {
-    AutofillAddressEnabled = false;
-    AutofillCreditCardEnabled = false;
-    DisableAppUpdate = true;
-    DisableFeedbackCommands = true;
-    DisableFirefoxStudies = true;
-    DisablePocket = true;
-    DisableTelemetry = true;
-    DontCheckDefaultBrowser = true;
-    NoDefaultBookmarks = true;
-    OfferToSaveLogins = false;
-    EnableTrackingProtection = {
-      Value = true;
-      Locked = true;
-      Cryptomining = true;
-      Fingerprinting = true;
-    };
-  };
-
-  programs.zen-browser = {
-    enable = true;
-    profiles."default" = {
-      extensions.packages =
-        with inputs.firefox-addons.packages.${pkgs.stdenv.hostPlatform.system};
-        [
-          vimium
-          ublock-origin
-          videospeed
-          simplelogin
-          alby
-          darkreader
-          bitwarden
-        ];
-
-      search = {
-        enable = true;
-        force = true;
-
-        default = "brave";
-        privateDefault = "brave";
-
-        order = [
-          "brave"
-          "ddg"
-          "google"
-        ];
-
-        engines = {
-          nix-packages = {
-            name = "Nix Packages";
-            urls = [{
-              template = "https://search.nixos.org/packages";
-              params = [
-                { name = "type"; value = "packages"; }
-                { name = "query"; value = "{searchTerms}"; }
-              ];
-            }];
-
-            icon = "https://search.nixos.org/favicon.png";
-            definedAliases = [ "@np" ];
-          };
-
-          nixos-wiki = {
-            name = "NixOS Wiki";
-            urls = [{ template = "https://wiki.nixos.org/w/index.php?search={searchTerms}"; }];
-            iconMapObj."16" = "https://wiki.nixos.org/favicon.ico";
-            definedAliases = [ "@nw" ];
-          };
-
-          brave = {
-            name = "Brave Search";
-            urls = [{ template = "https://search.brave.com/search?q={searchTerms}"; }];
-            iconMapObj."16" = "https://cdn.search.brave.com/serp/v3/_app/immutable/assets/favicon.acxxetWH.ico";
-            definedAliases = [ "@b" "@brave" ];
-          };
-
-          bing.metaData.hidden = true;
-          google.metaData.alias = "@g"; # builtin engines only support specifying one additional alias
-        };
-      };
-
-      settings = {
-        "zen.tabs.show-newtab-vertical" = false;
-        "zen.view.compact.enable-at-startup" = true;
-        "zen.view.compact.hide-toolbar" = true;
-        "zen.view.compact.toolbar-flash-popup" = true;
-        "zen.view.show-newtab-button-top" = false;
-        "zen.view.window.scheme" = 0;
-        "zen.welcome-screen.seen" = true;
-        "zen.workspaces.continue-where-left-off" = true;
-      };
-
-      containersForce = true;
-      containers = {
-        Personal = {
-          color = "purple";
-          icon = "fingerprint";
-          id = 1;
-        };
-
-        Development = {
-          color = "blue";
-          icon = "briefcase";
-          id = 2;
-        };
-
-        Shopping = {
-          color = "yellow";
-          icon = "gift";
-          id = 3;
-        };
-
-        Video = {
-          color = "red";
-          icon = "chill";
-          id = 4;
-        };
-
-        Zofie = {
-          color = "orange";
-          icon = "fence";
-          id = 5;
-        };
-      };
-
-      # TODO: Figure out how to enable this.
-      # spacesForce = true;
-      spaces =
-        let
-          containers = config.programs.zen-browser.profiles."default".containers;
-        in
-        {
-          "Personal" = {
-            id = "{c6de089c-410d-4206-961d-ab11f988d40a}";
-            icon = "🏠";
-            container = containers.Personal.id;
-            position = 1000;
-          };
-
-          "Work" = {
-            id = "{cdd10fab-4fc5-494b-9041-325e5759195b}";
-            icon = "🚀";
-            container = containers.Development.id;
-            position = 2000;
-          };
-
-          "Zofie" = {
-            id = "{6c3bfa4d-faeb-490a-b10c-d38d260c5750}";
-            icon = "✨";
-            container = containers.Zofie.id;
-            position = 2500;
-          };
-
-          "Shopping" = {
-            id = "{78aabdad-8aae-4fe0-8ff0-2a0c6c4ccc24}";
-            icon = "💸";
-            container = containers.Shopping.id;
-            position = 3000;
-          };
-
-          "YouTube" = {
-            id = "{7cb56859-3be7-47de-9136-0faac58c5336}";
-            icon = "https://upload.wikimedia.org/wikipedia/commons/0/09/YouTube_full-color_icon_%282017%29.svg";
-            container = containers.Video.id;
-            position = 4000;
-          };
-        };
-    };
-  };
-}

hosts/odin/containers/default.nix

@@ -0,0 +1,60 @@
+{
+  config,
+  inputs,
+  outputs,
+  ...
+}:
+{
+  containers = {
+    grist-latest = {
+      autoStart = false;
+      privateNetwork = true;
+      hostAddress = "192.168.1.1";
+      localAddress = "192.168.1.2";
+      specialArgs = { inherit outputs; };
+      config = import ./grist.nix;
+    };
+
+    grasp = {
+      autoStart = false;
+      privateNetwork = true;
+      hostAddress = "192.168.1.1";
+      localAddress = "192.168.1.4";
+      specialArgs = { inherit outputs inputs; };
+
+      bindMounts = {
+        "/run/secrets/grasp-owner" = {
+          hostPath = config.age.secrets."odin/services/grasp-owner".path;
+          isReadOnly = true;
+        };
+      };
+
+      config = import ./grasp.nix;
+    };
+
+    gogs = {
+      autoStart = false;
+      privateNetwork = true;
+      hostAddress = "192.168.1.1";
+      localAddress = "192.168.1.3";
+      specialArgs = { inherit outputs; };
+
+      bindMounts = {
+        "/run/secrets/gogs-admin" = {
+          hostPath = config.age.secrets."odin/services/gogs-admin".path;
+          isReadOnly = true;
+        };
+      };
+
+      config = import ./gogs.nix;
+    };
+  };
+
+  services.caddy.virtualHosts.grist = {
+    hostName = "grist.{$DOMAIN}";
+    extraConfig = ''
+      encode gzip zstd
+      reverse_proxy 192.168.1.2:8484
+    '';
+  };
+}

hosts/odin/containers/grasp.nix

@@ -0,0 +1,42 @@
+{
+  outputs,
+  inputs,
+  ...
+}:
+{
+  imports = [
+    outputs.modules.global.nix-config
+    "${inputs.ngit-grasp}/nix/module.nix"
+  ];
+
+  services.ngit-grasp.primary = {
+    enable = true;
+    domain = "grasp.t5.st";
+    port = 7334;
+    bindAddress = "0.0.0.0";
+    dataDir = "/var/lib/ngit-grasp";
+    relayOwnerNsecFile = "/run/secrets/grasp-owner";
+    metricsEnabled = false;
+    archiveWhitelist = [
+      "npub1z0fle6nzrw3c6mv7klxyhkycpkt7lna04p9z5e4yq5rss259dq0sky7xzd"
+    ];
+  };
+
+  networking = {
+    firewall.allowedTCPPorts = [ 7334 ];
+    interfaces.eth0 = {
+      ipv4.addresses = [
+        {
+          address = "192.168.1.4";
+          prefixLength = 24;
+        }
+      ];
+    };
+    defaultGateway = "192.168.1.1";
+    nameservers = [ "8.8.8.8" ];
+    useDHCP = false;
+  };
+
+  boot.isContainer = true;
+  system.stateVersion = "26.05";
+}

hosts/odin/default.nix

@@ -1,17 +1,16 @@
-{ config
-, lib
-, pkgs
-, outputs
-, ...
+{
+  config,
+  lib,
+  pkgs,
+  outputs,
+  ...
 }:
-let
-  age = config.age;
-in
 {
   imports = [
     # TODO: auto-import via `outputs.modules.nixos`
     outputs.modules.global.nix-config
 
+    ./containers
     ./system
     ./services
     ./users
@@ -46,53 +45,6 @@ in
     };
   };
 
-  # # Container runtime
-  # virtualisation = {
-  #   docker = {
-  #     enable = true;
-  #     storageDriver = "btrfs";
-  #     autoPrune = {
-  #       enable = true;
-  #       dates = "weekly";
-  #       flags = [ "--all" "--force" "--volumes" ];
-  #     };
-  #   };
-  # };
-
-  containers.grist-latest = {
-    autoStart = false;
-    privateNetwork = true;
-    hostAddress = "192.168.1.1";
-    localAddress = "192.168.1.2";
-    specialArgs = { inherit outputs; };
-    config = import ./containers/grist.nix;
-  };
-
-  containers.gogs = {
-    autoStart = false;
-    privateNetwork = true;
-    hostAddress = "192.168.1.1";
-    localAddress = "192.168.1.3";
-    specialArgs = { inherit outputs; };
-
-    bindMounts = {
-      "/run/secrets/gogs-admin" = {
-        hostPath = config.age.secrets."odin/services/gogs-admin".path;
-        isReadOnly = true;
-      };
-    };
-
-    config = import ./containers/gogs.nix;
-  };
-
-  services.caddy.virtualHosts.grist = {
-    hostName = "grist.{$DOMAIN}";
-    extraConfig = ''
-      encode gzip zstd
-      reverse_proxy 192.168.1.2:8484
-    '';
-  };
-
   programs.fish = {
     enable = true;
     vendor = {

hosts/odin/services/cloudflared.nix

@@ -1,7 +1,7 @@
 { config, ... }:
 let
+  inherit (config.containers) gogs grasp;
   immich = config.services.immich;
-  gogs = config.containers.gogs;
 in
 {
   services.cloudflared = {
@@ -15,6 +15,7 @@ in
       ingress = {
         "photos.t5.st".service = "http://${immich.host}:${toString immich.port}";
         "git.t5.st".service = "http://${gogs.localAddress}:3000";
+        "grasp.t5.st".service = "http://${grasp.localAddress}:7334";
       };
     };
   };

hosts/odin/system/age.nix

@@ -16,6 +16,10 @@ in
     };
     "odin/services/cloudflared".file = secrets."odin/services/cloudflared.age";
     "odin/services/cloudflared-tunnel".file = secrets."odin/services/cloudflared-tunnel.age";
+    "odin/services/grasp-owner" = {
+      file = secrets."odin/services/grasp-owner.age";
+      mode = "0444";
+    };
     "odin/services/gogs-admin" = {
       file = secrets."odin/services/gogs-admin.age";
       mode = "0444";