diff --git a/.gitignore b/.gitignore index 8f2990d..c62c624 100644 --- a/.gitignore +++ b/.gitignore @@ -47,3 +47,6 @@ nvim-healthcheck.txt private_pid private_security private_fish_variables + +# NixOS local secrets +nixcfgs/secrets/local.nix diff --git a/nixcfgs/secrets/secrets.yaml b/nixcfgs/secrets/secrets.yaml index a5caa74..a443fef 100644 --- a/nixcfgs/secrets/secrets.yaml +++ b/nixcfgs/secrets/secrets.yaml @@ -1,6 +1,8 @@ tavily_api: ENC[AES256_GCM,data:2hdsutsj0mqytujPIF1t1gpfSE7ym4WV2/lDbdLUw4yyLv7Rfvgtww8=,iv:kIYZ7ETQtQzyf2ymsgSTrvOh00qLQt6715SEi3dqxt4=,tag:M4qTgeoMlcnfh7D418ppfQ==,type:str] openrouter_api: ENC[AES256_GCM,data:XmsmgAEdiYP90JHnKmdy/jzgaFhmoU/wdYqxahIZ3NMZshgGIWv/fq7apOH8bh+yTytiIMrOdGGP1LZRHWVMeTqoDnWAimpweA==,iv:m2qykUpt9qE4ZAIHzQ0qhFUqEhPG6TiuVZWK+kOP2fg=,tag:Jtr/s17DJMVW215sh2/6+Q==,type:str] anki_sync_key: ENC[AES256_GCM,data:58zVvhbW6DS+CaxYHBUh5w==,iv:f8XOGMHS72p8cEVuburgsWBOpkw+axNjyP09NR4P3lo=,tag:UZzrdhnEfxtxCZwviEM+4g==,type:str] +openclaw_gateway_token: ENC[AES256_GCM,data:htTV/5GmsahHs+3N/L3Q1Kn2y0t0+kPMoH1P5z07xspnTwn+vxQ/QiR+1G506VM0y4Jm93tLk+sZRruLeaSFTw==,iv:mtid4CE2fyDadu2fePs4rcVLR35WUPiiRzuUA9GHWRw=,tag:ICW9ocQwgswwM/yrXMdC1A==,type:str] +openclaw_tgbot_token: ENC[AES256_GCM,data:9q3Q6oYNO6Vj3UryVoS8yDgrO6zrBV6vvXWx7gH3IlG6gVnJ5pqYFSfiyItUsg==,iv:9MBfBK/k/9J6PACvyyhhdCIGrVN0LDeg1viivSZJdaA=,tag:r4w+QkE30O2QraGeXvXySA==,type:str] sops: age: - recipient: age1z2km2vu3mw6usw8p2rhjzkugddmsvk0ypwjw76cscyy3ar3tnufqtrv3nu @@ -21,7 +23,7 @@ sops: MlBBYzA4bWkyOFNzWlFWbWhDMU9VSG8KJGAr3Gjg6+1OUC+d8+Yu+AW+zzfQ2MtX 7RzIvGv4R3YtAHlX79BcIT6XwGMXVIF86Fu2QOoU7u8o4wpyAt0CXA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-11-23T15:05:53Z" - mac: ENC[AES256_GCM,data:VBgIJR2RJpaB8sSO/BhNbBdU8QYk2csS07a4mCSBJGonuT9iO3mLr65uTI76uayZS/2uiDCYUMGR635IlBhAc8pvy/bif8FCheVNestUjJeppS44fjatS+Wz+i6hz3ED9ECpEFlgoqi31uG0hzPeECinVXKDZr3o0JJmw4s7ZM8=,iv:0D4YD8C0rtXmJ+Qv7rzMWUJ2CaUogP6sQk6GEJFpnSo=,tag:nlT55c7ikMqq2TImVp9cSA==,type:str] + lastmodified: "2026-03-08T15:47:15Z" + mac: ENC[AES256_GCM,data:jzMalds3vg6mfWgktBKRXmGqh3VRLUXRAEwEMh6Q+NUzwm7j0rkqzs2Bz8W3bu7GNL4SQwiBnHCoEL/9E/6qLOzMbyOZmXyleRByUEUMSBGCJa25vhjGF9x3oPANksEhTLZ0N4MA3xak66CKU6c2z1DGjV5cU61e6g8kEd3pAKI=,iv:JNHZgygwKoVBrNPVc2ODT4Ai9vNAh5w4HYgJLlv9R4Q=,tag:wfmBTup5fV4JSA3BdoEzRQ==,type:str] unencrypted_suffix: _unencrypted - version: 3.11.0 + version: 3.12.1 diff --git a/nixcfgs/users/js0ny/packages/flatpak.nix b/nixcfgs/users/js0ny/packages/flatpak.nix index d8a7af6..e18e33b 100644 --- a/nixcfgs/users/js0ny/packages/flatpak.nix +++ b/nixcfgs/users/js0ny/packages/flatpak.nix @@ -39,7 +39,7 @@ in { "com.qq.QQ" "com.tencent.WeChat" # "eu.betterbird.Betterbird" - # "com.baidu.NetDisk" + "com.baidu.NetDisk" # "com.discordapp.Discord" "com.google.EarthPro" "com.wps.Office" diff --git a/nixcfgs/users/js0ny/programs/anki.nix b/nixcfgs/users/js0ny/programs/anki.nix index e4a453f..e4eaa66 100644 --- a/nixcfgs/users/js0ny/programs/anki.nix +++ b/nixcfgs/users/js0ny/programs/anki.nix @@ -11,7 +11,7 @@ review-heatmap # recolor # Use stylix ]; - sync = { + profiles."User 1".sync = { autoSync = true; autoSyncMediaMinutes = 15; username = "ankiweb.unusable450@passmail.net"; diff --git a/nixcfgs/users/js0ny/programs/openclaw.nix b/nixcfgs/users/js0ny/programs/openclaw.nix new file mode 100644 index 0000000..fb52597 --- /dev/null +++ b/nixcfgs/users/js0ny/programs/openclaw.nix @@ -0,0 +1,140 @@ +# OpenClaw - AI Gateway with Telegram/Discord Integration +# Documentation: https://github.com/openclaw/nix-openclaw +{ + pkgs, + lib, + config, + ... +}: let + # Import local machine-specific values (git-ignored) + # Create nixcfgs/secrets/local.nix with your Telegram User ID + localSecrets = import ../../../secrets/local.nix; +in { + programs.openclaw = { + enable = true; + + # Documents directory containing AGENTS.md, SOUL.md, TOOLS.md, etc. + # Located at ~/.local/share/openclaw-docs + documents = "${config.home.homeDirectory}/.local/share/openclaw-docs"; + + # Core gateway configuration + config = { + gateway = { + mode = "local"; # "local" or "remote" + auth = { + # Gateway authentication token (managed by sops-nix) + token = config.sops.secrets."OPENCLAW_GATEWAY_TOKEN".path; + }; + }; + + # Communication channels + channels = { + telegram = { + # Get bot token from @BotFather on Telegram (managed by sops-nix) + tokenFile = config.sops.secrets."OPENCLAW_TGBOT_TOKEN".path; + + # Your Telegram user ID - get from @userinfobot + # Imported from nixcfgs/secrets/local.nix (git-ignored) + allowFrom = lib.optionals (localSecrets.telegramUserId != 0) [ + localSecrets.telegramUserId + ]; + + # Group chat configuration + groups = { + "*" = {requireMention = true;}; # Default: require @mention in all groups + # "-1001234567890" = { requireMention = false; }; # Specific group without @mention + }; + }; + + # Discord configuration (optional) + # discord = { + # tokenFile = config.sops.secrets."DISCORD_BOT_TOKEN".path; + # allowFrom = [ + # "your-discord-user-id" + # ]; + # }; + }; + + # Provider API keys (managed by sops-nix) + env.vars = { + OPENROUTER_API_KEY = config.sops.secrets."OPENROUTER_API_KEY".path; + # OPENAI_API_KEY = config.sops.secrets."OPENAI_API_KEY".path; + }; + }; + + # Built-in plugins + bundledPlugins = { + summarize.enable = true; # Summarize web pages, PDFs, videos + peekaboo.enable = lib.mkIf pkgs.stdenv.isDarwin true; # Take screenshots (macOS only) + poltergeist.enable = false; # Control macOS UI (macOS only) + sag.enable = false; # Text-to-speech + camsnap.enable = false; # Camera snapshots (macOS only) + gogcli.enable = false; # Google Calendar integration + goplaces.enable = false; # Google Places API + bird.enable = false; # Twitter/X integration + sonoscli.enable = false; # Sonos speaker control + imsg.enable = false; # iMessage integration (macOS only) + + # Example: Plugin with sops-nix configuration + # goplaces = { + # enable = true; + # config.env.GOOGLE_PLACES_API_KEY = config.sops.secrets."GOOGLE_PLACES_API_KEY".path; + # }; + }; + + # Custom/community plugins + # plugins = [ + # # Simple plugin from GitHub + # { source = "github:owner/repo-name"; } + # + # # Plugin with sops-nix managed secrets + # { + # source = "github:owner/plugin-name"; + # config = { + # env = { + # PLUGIN_AUTH_FILE = config.sops.secrets."PLUGIN_AUTH_KEY".path; + # }; + # settings = { + # default_option = "value"; + # retries = 3; + # tags = [ "tag1" "tag2" ]; + # }; + # }; + # } + # + # # Local plugin development + # { source = "path:${config.home.homeDirectory}/code/my-openclaw-plugin"; } + # ]; + + # Tool management (avoid conflicts with system packages) + # excludeTools = [ "git" "jq" "ripgrep" ]; # Exclude tools already installed + }; + + # Multi-instance configuration (advanced) + # Use when you need separate prod/dev environments + # programs.openclaw.instances = { + # prod = { + # enable = true; + # stateDir = "${config.home.homeDirectory}/.openclaw"; + # workspaceDir = "${config.home.homeDirectory}/.openclaw/workspace"; + # config = { + # gateway.auth.token = config.sops.secrets."OPENCLAW_GATEWAY_TOKEN_PROD".path; + # channels.telegram.tokenFile = config.sops.secrets."TELEGRAM_BOT_TOKEN_PROD".path; + # # ... other prod config + # }; + # plugins = [ /* production plugins */ ]; + # }; + # + # dev = { + # enable = true; + # gatewayPort = 18790; + # gatewayPath = "${config.home.homeDirectory}/code/openclaw"; # Local development + # config = { + # gateway.auth.token = config.sops.secrets."OPENCLAW_GATEWAY_TOKEN_DEV".path; + # channels.telegram.tokenFile = config.sops.secrets."TELEGRAM_BOT_TOKEN_DEV".path; + # # ... other dev config + # }; + # plugins = [ /* dev plugins with local overrides */ ]; + # }; + # }; +} diff --git a/nixcfgs/users/js0ny/programs/readest.nix b/nixcfgs/users/js0ny/programs/readest.nix new file mode 100644 index 0000000..b7bd022 --- /dev/null +++ b/nixcfgs/users/js0ny/programs/readest.nix @@ -0,0 +1,30 @@ +{ + pkgs, + lib, + config, + ... +}: let + mergetools = import ../lib/mergetools.nix {inherit pkgs lib config;}; + mkMergedJson = mergetools.mkMergedJson; + readestSettings = mkMergedJson { + name = "readest-settings"; + target = ".config/com.bilingify.readest/settings.json"; + settings = { + globalViewSettings = { + serifFont = "LXGW WenKai GB Screen"; + defaultCJKFont = "LXGW WenKai GB Screen"; + sansSerifFont = config.stylix.fonts.sansSerif.name; + monospaceFont = config.stylix.fonts.monospace.name ++ " Regular"; + uiLanguage = "zh-CN"; + }; + telemetryEnabled = false; + }; + }; +in { + home.packages = [ + pkgs.readest + ]; + imports = [ + readestSettings + ]; +} diff --git a/nixcfgs/users/js0ny/programs/sops.nix b/nixcfgs/users/js0ny/programs/sops.nix index dc56741..e0574d0 100644 --- a/nixcfgs/users/js0ny/programs/sops.nix +++ b/nixcfgs/users/js0ny/programs/sops.nix @@ -42,6 +42,26 @@ in { "ANKI_SYNC_KEY" = { key = "anki_sync_key"; }; + # OpenClaw secrets + "OPENCLAW_GATEWAY_TOKEN" = { + key = "openclaw_gateway_token"; + }; + "OPENCLAW_TGBOT_TOKEN" = { + key = "openclaw_tgbot_token"; + }; + "TELEGRAM_USER_ID_AMS" = { + key = "telegram_userid_ams"; + }; + # Optional OpenClaw secrets (uncomment as needed) + # "DISCORD_BOT_TOKEN" = { + # key = "discord_bot_token"; + # }; + # "OPENAI_API_KEY" = { + # key = "openai_api_key"; + # }; + # "GOOGLE_PLACES_API_KEY" = { + # key = "google_places_api_key"; + # }; }; }; diff --git a/nixcfgs/users/js0ny/zephyrus.nix b/nixcfgs/users/js0ny/zephyrus.nix index 9ab5e0b..98eb173 100644 --- a/nixcfgs/users/js0ny/zephyrus.nix +++ b/nixcfgs/users/js0ny/zephyrus.nix @@ -82,6 +82,7 @@ in { ./programs/elisa.nix ./programs/lollypop.nix ./programs/gallery-dl.nix + ./programs/readest.nix # Desktop Linux ./programs/desktop/gnome