Replace inline wg-quick config in nix-book with a reusable role that
uses inline config instead of configFile, fixing the world-readable
/tmp key leak. Adds network-online.target dependency to prevent boot
failures from DNS not being ready.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add a new system-level role for mounting WebDAV filesystems via rclone.
Includes rclone-torbox-setup helper script that uses rbw to bootstrap
credentials from Bitwarden.
Key features:
- Configurable WebDAV URL, username, mount point
- VFS cache mode and buffer size tuning for media streaming
- RequiresMountsFor option for ZFS pool dependencies
- Obscured password storage via environment file
Enable on john-endesktop for TorBox WebDAV access by rdt-client and
Jellyfin. Mount waits for /media ZFS pool before starting.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add reusable k3s-node role with configurable options for server/agent
modes. Configure john-endesktop as a k3s agent joining the cluster at
10.0.0.222.
Role supports:
- Server or agent role selection
- Configurable server address and token file
- Graceful node shutdown
- Optional firewall port opening
- Cluster initialization for first server
Note: NixOS nodes must be labeled with `k3s-upgrade=disabled` to exclude
them from the system-upgrade-controller, since NixOS manages k3s upgrades
through Nix rather than in-place binary replacement.
Create roles/common.nix containing shared configuration between NixOS and
Darwin: timezone, base packages (git, glances, pciutils, tree, usbutils, vim),
nix settings (experimental-features, max-jobs, trusted-users), gc config,
and allowUnfree setting.
Both roles/default.nix and roles/darwin.nix now import common.nix and only
contain platform-specific configuration.
- Add Jovian-NixOS integration for Steam Deck hardware support
- Create nix-deck machine configuration with SteamOS role
- Add jovian-compat.nix for NixOS 25.05 compatibility (remove in 25.11+)
- Create remote-build role for distributed builds
- Configure zix790prors as build host
- Configure nix-book and nix-deck to use remote builder with fallback
- Add comprehensive setup documentation
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
I'm standardizing on bitwarden and rbw for secrets. No need to build out
a separate secret management system. The complexity of this was just not
worth it for my effectively single-user workflows
