Merge branch 'Vanderscycle:main' into main

Author: vancycles-knak

nix-darwin/home-modules/window-managers/hyprland/hyprland.nix

@@ -198,26 +198,28 @@
         ];
         windowrule = [
           "workspace 1, Emacs"
+          "workspace 1, emacs"
           "workspace 2, firefox"
-          "workspace 2, Brave"
+          "workspace 2, Brave-browser" # Updated to match the class name for Brave
           "workspace 3, discord"
           "workspace 3, Spotify"
           "workspace 3, spotify"
-          "workspace 3, Slack"
           "workspace 4, steam"
           "workspace 4, Steam"
           "workspace 5, SuperSlicer"
           "workspace 5, OrcaSlicer"
-          "workspace 6, Transmission"
+          "workspace 6, transmission-gtk" # Updated to match the class name for Transmission
           "pseudo,fcitx"
         ];
 
         windowrulev2 = [
-          # steam
-          "float, class:^([Ss]team)$, title:^((?![Ss]team).*)$"
-          "workspace 4 silent, class:^([Ss]team)$, title:^([Ss]team)$"
-          "tile, class:^([Ss]team)$, title:^([Ss]team)$"
-          "workspace 4 silent, class:^([Ss]team)$ title:^(notificationtoasts_.*)$"
+          # Steam rules
+          "float, class:^([Ss]team)$, title:^((?![Ss]team).*)$" # Float non-Steam windows (e.g., game launchers)
+          "workspace 4 silent, class:^([Ss]team)$, title:^([Ss]team)$" # Move Steam to workspace 4
+          "tile, class:^([Ss]team)$, title:^([Ss]team)$" # Tile the main Steam window
+          "workspace 4 silent, class:^([Ss]team)$, title:^(notificationtoasts_.*)$" # Move Steam notifications to workspace 4
+          "nofocus, class:^([Ss]team)$, title:^((?![Ss]team).*)$" # Prevent non-Steam windows from stealing focus
+          "noblur, class:^([Ss]team)$" # Ensure Steam window remains visible
           # orcaslicer
           # https://github.com/hyprwm/Hyprland/issues/6698
           "opacity 0.0 override 0.0 override,class:^(xwaylandvideobridge)$"
@@ -234,7 +236,9 @@
         # Or execute your favorite apps at launch like this:
 
         exec-once = [
-          "waybar & hyprpaper"
+          "waybar"
+          "hyprpaper"
+          "blueman-applet"
           "/etc/profiles/per-user/henri/bin/emacs --daemon &"
           "swaync"
           "discord --enable-wayland-ime"

nix-darwin/users/henri/home.nix

@@ -39,7 +39,7 @@
   # programs
   flameshot.enable = true;
   brave.enable = true;
-  firefox.enable = lib.mkForce false;
+  firefox.enable = true; # lib.mkForce false;
 
   plastic_printer = {
     enable = true;

nix-k8s-homelab/argocd/apps/support/base/kustomization.yaml

@@ -2,7 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 
 resources:
-  # - external-dns.yaml
+  - external-dns.yaml
   # - cert-manager.yaml
   # - ingress-nginx.yaml
   - metallb.yaml

nix-k8s-homelab/argocd/base/kustomization.yaml

@@ -12,7 +12,7 @@ resources:
   - application-support.yaml
   - application-services.yaml
   - application-secrets.yaml
-  - application-servers.yaml
+  # - application-servers.yaml
   - application-monitoring.yaml
   - namespace.yaml
   # - argocd-repo.yaml

nix-k8s-homelab/charts/services/nextcloud/base/values.yaml

@@ -9,13 +9,13 @@
 ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
 ##
 ingress:
-  enabled: false
+  enabled: true
   # className: nginx
   annotations:
     # nginx.ingress.kubernetes.io/ssl-passthrough: true
-    nginx.ingress.kubernetes.io/force-ssl-redirect: true
+    # nginx.ingress.kubernetes.io/force-ssl-redirect: true
     kubernetes.io/ingress.class: nginx
-    cert-manager.io/cluster-issuer: "letsencrypt-cluster-issuer-non-prod"
+    # cert-manager.io/cluster-issuer: "letsencrypt-cluster-issuer-non-prod"
     # nginx.ingress.kubernetes.io/rewrite-target: /
 
   #  nginx.ingress.kubernetes.io/proxy-body-size: 4G
@@ -44,16 +44,18 @@ ingress:
   #    location ~ ^/(?:autotest|occ|issue|indie|db_|console) {
   #      deny all;
   #    }
-  tls:
-    - secretName: nextcloud-tls
-      hosts:
-        - nextcloud.vandersleyen.dev
+  # tls:
+  #   - secretName: nextcloud-tls
+  #     hosts:
+  #       - nextcloud.homelab.com
   labels: {}
   path: /
   pathType: Prefix
 
 service:
   type: LoadBalancer
+  annotations:
+    external-dns.alpha.kubernetes.io/hostname: nextcloud.vandersleyen.dev
 nextcloud:
   trustedDomains:
     - nextcloud.vandersleyen.dev

nix-k8s-homelab/charts/support/external-dns/base/kustomization.yaml

@@ -3,13 +3,14 @@ kind: Kustomization
 
 namespace: external-dns
 
-resources:
-  - secrets
+# resources:
+#   - secrets # applied manually
 
 helmCharts:
   - name: external-dns
-    version: 8.7.3
-    repo: oci://registry-1.docker.io/bitnamicharts
+    version: 1.15.2
+    repo: https://kubernetes-sigs.github.io/external-dns/
+    # repo: oci://registry-1.docker.io/bitnamicharts
     valuesFile: values.yaml
     namespace: external-dns
     releaseName: support

nix-k8s-homelab/charts/support/external-dns/base/secrets/sealed-secret.yaml

@@ -2,18 +2,14 @@
 apiVersion: bitnami.com/v1alpha1
 kind: SealedSecret
 metadata:
-  annotations:
-    sealedsecrets.bitnami.com/cluster-wide: "true"
   creationTimestamp: null
   name: support-external-dns
   namespace: external-dns
 spec:
   encryptedData:
-    pihole_password: AgBlNUWcKLKkFZk3ge+12GcwU4QDPNwLzsJM2pTaJfh60+fkiSd6abJ/ggrnCIQU9uzTPVKLy9Hj1M20IYb3J7cD716gzipYPzuhStPZ0BL/Y21QAcSCS6QR/IRtiiqLIkN1NAlBSkenbjA5QhW1FB621cGlhLHYQ74+zcE7YbfL+wUboGkxbf5BrlyhyYWODD9HlaK10j5PUuKJ6ok0qcFy8+mRAbMAMay8FsU9xo4o11mtrNElAHSXM7Z6lbKoITRgVS4XH1Y8iwNR4INeQ5w/OABMDhQjy0gdIJ5ukFAYWMa0lN4Y/4f68v4pjlC9YKbkpZJ25x/iGY0usQWvPp0+XAYUkI/BH69jrkOyB/4kBzdh/nisUydujUErtfuh5Q/vAGFfyk9WLHIGmgtK5bmTvDbWsLTTOvsSmQB0VB8jPIDNnh+Oaamzj8hf32zLuQOA0vgUiwe3a0bsdG+roGvARW17c9rmlg3CZey201jkO5SKPQjHkMHe4VgZHCGeN+21DaG3legKCVTMfG2xZVzrUN8mnk5Ar9IsNcs8x3e6e7+V5ZKaL49MVq6H+fmhQxZL89vMriKRjgRskpz+N1+Q8aAAI5DRiMmN+24347+hDvrCDZN9VWI1IQ7N6oTAwLMJu2+nbr+Dwqf9rkM5nQyHlL9+GYvEmqaYIzxcRBVSCqN6ieUA/+RamnHux4vMr3rZHhB0pc1sCXtgINDeKPIwrfOYHyJZ2fTzw5++amECgxhkfQHdqqe+bK5D0Py1yVv621UPXXqL/f7ygDd2ZHVHBg==
+    unifi_api_key: AgCDqKg0jD/KtoAii/ZefYetq96SH5XowUDosaHhevL3qIAkVNdN2Fz99Yz/nOBSHsfa5CMSQ0WWk9k4F91clkGOQt13KVhLyfFkb3OVeZ1C7bIlOJRmFDw3kWYd2vYQxWuY/+c+JxnAqpaPVbeNLKV6SSfpFwoCuguWxhV2ywcSfdgrKQULv72FXUxYwaOYakdkI4PDOnuUnKiDyg9DEuGiZAjh+Bm4fA48ch1Tpn6aPLpm1B+VJLH6VFZzrFKfSEKKOFFq7P+7XnXMwOTtBmoZKsbOCWmg6mNEOxG2p9+GLpLP4W4WknIbSPz8beSSfG4x4gibxAOAbD/p9QmhZlY+NJFhttOuYZP04xKa7GiEp+vuDr8qsgZ04M8wgeYRQsvC4Ssle3EXW4xqaSrCk50HEEbfQIk1sg9/2TKHV6ecY5enaDrGnKvKgbH/0dXUnmS63ptDx/jkSWvc2l8Ie1xYtP4DIb2SSg+w6F1/7TqsbSDjWj1Q7ELFLBPqv8Jrss8lP9Z87v6Cpd/IoeNgsdsZxvPCXrWjsuMH+KHUGdyG6cj083o8y4SXwvtpJvoOL/czbaHMz/5Jc8amAHbPdjckJ2CPM0NmMVgaaeubd4qxio7va16DMyCKyHi0tn7QsoSAp5xRfjPpzJ30EiZlqe0FvipVXgeZq1V/H7+U74FgIMEPjThIPKvOPpqifkgbqFaD2IFk8QQlFp1nMtvWTGDY0ZuvXF9Zv73NGAiREjjLlg==
   template:
     metadata:
-      annotations:
-        sealedsecrets.bitnami.com/cluster-wide: "true"
       creationTimestamp: null
       name: support-external-dns
       namespace: external-dns

nix-k8s-homelab/charts/support/external-dns/base/values.yaml

@@ -2,32 +2,42 @@
 ## This is a YAML-formatted file.
 ## Declare variables to be passed into your templates.
 
-## Linode configuration to be set via arguments/env. variables
-##
-# linode:
-  ## @param linode.apiToken When using the Linode provider, `LINODE_TOKEN` to set (optional)
-  ##
-  # apiToken: ""
-  ## @param linode.secretName Use an existing secret with key "linode_api_token" defined.
-  ## This ignores linode.apiToken
-  ##
-  # secretName: "external-dns-secret"
-
-## Pi-hole configuration to be set via arguments/env. variables
-##
-logLevel: "debug"
-provider: "pihole"
-registry: "noop"
-pihole:
-  ## @param pihole.server When using the Pi-hole provider, specify The address of the Pi-hole web server
-  ##
-  server: "http://192.168.1.152"
-  ## @param pihole.tlsSkipVerify When using the Pi-hole provider, specify wheter to skip verification of any TLS certificates served by the Pi-hole web server
-  ##
-  tlsSkipVerify: ""
-  ## @param pihole.password When using the Pi-hole provider, specify a password to use
-  ##
-  # password: "replaceme" # has to be the api key from pihole
-  ## @param pihole.secretName Use an existing secret with key "pihole_password" defined.
-  ##
-  secretName: "support-external-dns"
+fullnameOverride: external-dns-unifi
+logLevel: &logLevel debug
+provider:
+  name: webhook
+  webhook:
+    image:
+      repository: ghcr.io/kashalls/external-dns-unifi-webhook
+      tag: v0.4.2 # replace with a versioned release tag
+    env:
+      - name: UNIFI_HOST
+        value: https://192.168.1.1 # replace with the address to your UniFi router/controller
+      - name: UNIFI_EXTERNAL_CONTROLLER
+        value: "false"
+      - name: UNIFI_API_KEY
+        valueFrom:
+          secretKeyRef:
+            name: support-external-dns
+            key: unifi_api_key
+      - name: LOG_LEVEL
+        value: *logLevel
+    livenessProbe:
+      httpGet:
+        path: /healthz
+        port: http-webhook
+      initialDelaySeconds: 10
+      timeoutSeconds: 5
+    readinessProbe:
+      httpGet:
+        path: /readyz
+        port: http-webhook
+      initialDelaySeconds: 10
+      timeoutSeconds: 5
+extraArgs:
+  - --ignore-ingress-tls-spec
+policy: sync
+sources: ["ingress", "service"]
+txtOwnerId: default
+txtPrefix: k8s.
+domainFilters: ["vandersleyen.dev"] # replace with your domain