pinned python 3.12

.gitignore

@@ -1,2 +1,5 @@
-git.nix
+# git.nix
 *.env
+.devenv
+
+*.log

.sops.yaml

@@ -0,0 +1,9 @@
+keys:
+  - &1password age197d424aa7jpj2s735fl2h2s4c687y8vm44usx8wag0r2kh2v7ces4efdyn
+  - &lola-ad age1qf4c4asf7wcqqyd9aju8fq9dvum4ptcqr8dd6xqengsf6jx7daqqtgup30
+creation_rules:
+  - path_regex: yaml$
+    key_groups:
+    - age:
+      - *1password
+      - *lola-ad

README.md

@@ -1,15 +1,91 @@
-NixOS Configuration for AppDaemon Development
+# NixOS Configuration for AppDaemon Development
 
-Needs a `git.nix` file. Example below:
+## Objectives
+
+- SSH remote with VSCode
+- Debugger must work
+- Multiple dev versions (different branches, forks)
+- Multiple config directories - deployment and test
+- `devenv`-based workflow
+    - Shell
+        - Makes `uv` available
+        - Syncs `devenv` virtual environment
+        - `appdaemon`
+    - Build Docker
+- Use flakes
+- Jupyter through VSCode
+    - `autoreload` must work with editable install of the dev version
+    - could always work in a dev container
+- Observation - telegraf/promtail
+- Utility - portainer, watchtower
+
+## Usage
+
+### `nfs`
+
+Used to rebuild the `ad-nix` system with whatever is currently symlinked to `/etc/nixos`
+
+### `ads`
+
+Used to enter the development shell. Be careful, as this will create a `.devenv` directory and venv wherever it's entered.
+
+### venv
+
+`.devenv/state/venv/bin/python`
+
+Used in VSCode for type hints, running, and debugging
+
+### Jupyter
+
+- Install devenv kernel - might not be useful?
+    - `python -m ipykernel install --user --name devenv --display-name "Python (devenv)"`
+- Run jupyter notebook on the side with a `uv run jupyter notebook` command
+- Use the link with the token to connect the jupyter notebook kernel to it
+
+## Mechanics
+
+### SSH Connection
+
+SSH keys are pre-authorized from `secrets/authorized_keys` which contains the public keys for desktop, laptop, and phone.
+
+### SOPS
+
+- `secrets/secrets.yaml` contains the encrypted keys.
+- There needs to be a `~/.config/sops/age/keys.txt` file with the age secret key. This file has to be manually placed.
+- `.sops.yaml` indicates to SOPS that the yaml file is encrypted with that secret key.
+- `sops-ad` is a convenience script for editing the secrets.yaml file.
+
+## Setup
+
+### Bootstrapping
+
+SSH in to the host as root and get into a shell with `git`.
 
 ```shell
-{ ... }:
-{
-  programs.git = {
-    enable = true;
-    extraConfig.credential.helper = "store --file ~/.git-credentials";
-    userName = "John Lancaster";
-    userEmail = "32917998+jsl12@users.noreply.github.com";
-  };
-}
-```
+nix-channel --update && nix-shell -p git
+```
+
+Then build the system from the flake
+
+```shell
+nixos-rebuild switch --flake git+https://gitea.john-stream.com/john/ad-nix#ad-nix --impure
+```
+
+### Secrets
+
+During build time `/etc/ssh/ssh_host_ed25519_key` automatically gets imported as an age key. If that fingerprint is included in the `.sops.yaml` file, then `secrets/secrets.yaml` can be decrypted during the build. Otherwise `~/.config/sops/age/keys.txt` needs to already be populated.
+
+`secrets/secrets.yaml` needs to be edited from the terminal. There's a `sops-ad` command for convenience. The following keys are required:
+
+- `telegraf_influx_token`
+
+`~/.config/sops/age/keys.txt` needs to be set for the `sops-ad` command to work.
+
+### Tailscale
+
+Needs this in the `/etc/pve/lxc/<vmid>.conf` file on the proxmox host.
+
+```
+lxc.cgroup2.devices.allow: c 10:200 rwm
+lxc.mount.entry: /dev/net/tun dev/net/tun none bind,create=file
+```

ad-nix.code-workspace

@@ -1,16 +1,78 @@
 {
 	"folders": [
 		{
-			"path": "/srv/appdaemon/ad-nix"
+			"path": "/home/appdaemon/ad-lola"
 		},
 		{
-			"path": "/usr/src/app"
+			"path": "/conf/lola"
 		},
 		{
-			"path": "/conf"
-		}
+			"path": "/home/appdaemon/ad-nix"
+		},
+		{
+			"path": "/home/appdaemon/ad-test"
+		},
 	],
 	"settings": {
-        "python.defaultInterpreterPath": "/usr/src/app/.venv/bin/python3"
+		// Python
+		"[python]": {
+			"editor.autoClosingDelete": "always",
+			"editor.autoClosingBrackets": "always",
+			"editor.defaultFormatter": "charliermarsh.ruff",
+			// "editor.formatOnSave": true,
+			"editor.codeActionsOnSave": {
+				"source.organizeImports.ruff": "explicit",
+				// "source.fixAll": "explicit"
+			}
+		},
+		"python.defaultInterpreterPath": "${workspaceFolder}/.devenv/state/venv/bin/python3",
+		"python.autoComplete.extraPaths": ["~/ad-lola", "${fileWorkspaceFolder}/apps/room_control/src"],
+		"python.analysis.extraPaths": [
+			"~/ad-lola",
+			"${workspaceFolder:conf}/lola/apps/room_control/src",
+			"${workspaceFolder:conf}/lola/apps/lola-parking/src"
+		],
+		"python.analysis.autoFormatStrings": true,
+		"python.analysis.completeFunctionParens": true,
+		"python.analysis.autoImportCompletions": true,
+		"python.analysis.importFormat": "relative",
+		"python.analysis.autoIndent": true,
+		"python.analysis.useLibraryCodeForTypes": true,
+		"python.analysis.languageServerMode": "full",
+		"python.analysis.typeEvaluation.enableReachabilityAnalysis": true,
+		"python.languageServer": "Pylance",
+		"python.terminal.shellIntegration.enabled": true,
+
+		// Ruff settings
+		"ruff.enable": true,
+		"ruff.organizeImports": true,
+		"ruff.importStrategy": "fromEnvironment",
+		"ruff.nativeServer": true,
+		"ruff.configurationPreference": "filesystemFirst",
+		"ruff.configuration": "${workspaceFolder}/pyproject.toml",
+		"ruff.fixAll": true,
+		"ruff.lint.enable": true,
+		// https://docs.astral.sh/ruff/rules/
+		"ruff.lint.extendSelect": [
+			"F", "W", "I",
+			"E1", "E2", "E3", "E4", "E5", "E7", "E9"
+		],
+
+	 
+		// Notebooks
+		// "jupyter.askForKernelRestart": false,
+		"notebook.defaultFormatter": "charliermarsh.ruff",
+		"notebook.formatOnSave.enabled": true,
+		"notebook.codeActionsOnSave": {
+			"notebook.source.fixAll": "explicit",
+			"notebook.source.organizeImports": "explicit"
+		},
+
+		"editor.rulers": [120],
+		"editor.wordWrap": "on",
+		"editor.wordWrapColumn": 120,
+		// https://docs.astral.sh/ruff/rules/#pycodestyle-e-w
+		// https://pycodestyle.pycqa.org/en/latest/intro.html#error-codes
+		
     }
 }

configuration.nix

@@ -1,81 +1,75 @@
-{ pkgs, lib, modulesPath, ... }:
-let
-  stateVersion = "24.05";
-  unstable = import <nixos-unstable> {};
-  adHome = "/srv/appdaemon";
-  adNixPath = "${adHome}/ad-nix";
-  adPath = "/usr/src/app";
-  adRepo = "https://github.com/jsl12/appdaemon";
-  adBranch = "hass";
-in
+{ pkgs, lib, userSettings, systemSettings, ... }:
 {
   imports = [
-    (modulesPath + "/virtualisation/proxmox-lxc.nix")
-    (import "${builtins.fetchTarball https://github.com/nix-community/home-manager/archive/release-24.05.tar.gz}/nixos")
-    (fetchTarball "https://github.com/nix-community/nixos-vscode-server/tarball/master")
-    ./telegraf.nix
+    # (import ./home-manager {inherit systemSettings userSettings lib pkgs;})
+     ./nixos
+     ./scripts
   ];
+  system.stateVersion = systemSettings.stateVersion;
+  time.timeZone = "${systemSettings.timeZone}";
+
+  nix.settings.trusted-users = [ "root" "@wheel" ];
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+  nix.settings.download-buffer-size = 524288000; # 500MB
+  
+  programs.nix-ld.enable = true;
+
+  sops.defaultSopsFile = ./secrets/encrypted_secrets.yaml;
+  sops.defaultSopsFormat = "yaml";
+  
+  # This is needed for nix to access the secrets at build time.
+  # It doesn't affect for the `sops ...` command
+  # Optional if the system has the key age for /etc/ssh/ssh_host_ed25519_key in .sops.yaml
+  # sops.age.keyFile = "${userSettings.adHome}/.config/sops/age/keys.txt";
 
   environment.systemPackages = with pkgs; [
-    (pkgs.writeShellScriptBin "nrbs" "sudo nixos-rebuild switch")
-    (pkgs.writeShellScriptBin "nrbsu" "sudo nix-channel --update && sudo nixos-rebuild switch")
-    (pkgs.writeShellScriptBin "ad-clone" ''
-      if [ ! -d ${adPath} ]; then
-        sudo git clone -b ${adBranch} ${adRepo} ${adPath}
-        sudo chown -R appdaemon:users $(dirname ${adPath})
-      else
-        echo "${adPath} already exists"
-      fi
-    '')
-    bash
-    git
-    eza
-    gh
-    # appdaemon
+    sops
+    gdbm
   ];
 
-  time.timeZone = "America/Chicago";
-
   virtualisation.docker.enable = true;
+  virtualisation.oci-containers.backend = "docker";
+
   services.vscode-server.enable = true;
   services.openssh.enable = true;
   services.tailscale.enable = true;
 
-  system.activationScripts.ensureDirectory = ''
-    if [ ! -d /conf ]; then
-      mkdir /conf
-      chmod 0755 /conf
-      chown 1000:100 /conf
-    fi
-  '';
+  # services.cron = {
+  #   enable = true;
+  #   systemCronJobs = [
+  #     "30 2 * * * /run/current-system/sw/bin/nfsu > /etc/nixos/auto_update.log 2>&1"
+  #   ];
+  # };
 
-  security.sudo-rs = {
-    enable = true;
-    execWheelOnly = false;
-    wheelNeedsPassword = false;
-  };
+  # systemd.timers."auto-update" = {
+  #   wantedBy = [ "timers.target" ];
+  #     timerConfig = {
+  #       OnCalendar="*-*-* 4:00:00";
+  #       Unit = "auto-update.service";
+  #     };
+  # };
 
-  users.users.appdaemon = {
-    isNormalUser = true;
-    home = "${adHome}";
-    extraGroups = [ "wheel" "docker"];
-    openssh.authorizedKeys.keyFiles = [ "/root/.ssh/authorized_keys" ];
-  };
+  # systemd.services."auto-update" = {
+  #   script = ''
+  #     ${pkgs.coreutils}/bin/echo "Running auto-update"
+  #     FLAKE=$(${pkgs.coreutils}/bin/readlink -f /etc/nixos)
+  #     ${pkgs.coreutils}/bin/echo "FLAKE: $FLAKE"
+  #     ${pkgs.nix}/bin/nix flake update --flake $FLAKE --impure
+  #     ${pkgs.git}/bin/git -C $FLAKE add "$FLAKE/flake.lock" > /dev/null 2>&1
+  #     ${pkgs.sudo}/bin/sudo ${pkgs.nixos-rebuild}/bin/nixos-rebuild switch --flake $FLAKE#${systemSettings.hostName} --impure
+  #   '';
+  #   serviceConfig = {
+  #     Type = "oneshot";
+  #     User = "${userSettings.userName}";
+  #   };
+  # };
 
-  home-manager = {
-    useGlobalPkgs = true;
-    users.appdaemon = { pkgs, ... }: {
-      home.stateVersion = stateVersion;
-      imports = [ ./git.nix ];
-      programs = { 
-        ssh.enable = true;
-        git.extraConfig.safe.directory = "${adNixPath}";
-        bash = {
-          enable = true;
-          profileExtra = "cd ${adNixPath}";
-        };
-      };
-    };
+  # https://nixos.wiki/wiki/Storage_optimization
+  nix.gc = {
+    automatic = true;
+    dates = "weekly";
+    options = "--delete-older-than 30d";
   };
-  system.stateVersion = stateVersion;
+  nix.optimise.automatic = true;
+  nix.optimise.dates = [ "Mon *-*-* 05:00:00" ];
 }

flake.lock

@@ -0,0 +1,397 @@
+{
+  "nodes": {
+    "cachix": {
+      "inputs": {
+        "devenv": [
+          "devenv"
+        ],
+        "flake-compat": [
+          "devenv"
+        ],
+        "git-hooks": [
+          "devenv",
+          "git-hooks"
+        ],
+        "nixpkgs": [
+          "devenv",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1748883665,
+        "narHash": "sha256-R0W7uAg+BLoHjMRMQ8+oiSbTq8nkGz5RDpQ+ZfxxP3A=",
+        "owner": "cachix",
+        "repo": "cachix",
+        "rev": "f707778d902af4d62d8dd92c269f8e70de09acbe",
+        "type": "github"
+      },
+      "original": {
+        "owner": "cachix",
+        "ref": "latest",
+        "repo": "cachix",
+        "type": "github"
+      }
+    },
+    "devenv": {
+      "inputs": {
+        "cachix": "cachix",
+        "flake-compat": "flake-compat",
+        "git-hooks": "git-hooks",
+        "nix": "nix",
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1756048064,
+        "narHash": "sha256-mVgB6qWhLrCW6AciLyFXosDKKZFtBgqvixcA8a07s+g=",
+        "owner": "cachix",
+        "repo": "devenv",
+        "rev": "3fb20c149d329b01a2b519fbb2a9ca3e6e6e1b05",
+        "type": "github"
+      },
+      "original": {
+        "owner": "cachix",
+        "repo": "devenv",
+        "type": "github"
+      }
+    },
+    "flake-compat": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1747046372,
+        "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
+    "flake-compat_2": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1747046372,
+        "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
+    "flake-parts": {
+      "inputs": {
+        "nixpkgs-lib": [
+          "devenv",
+          "nix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1733312601,
+        "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "type": "github"
+      }
+    },
+    "flake-utils": {
+      "inputs": {
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1681202837,
+        "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "cfacdce06f30d2b68473a46042957675eebb3401",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "git-hooks": {
+      "inputs": {
+        "flake-compat": [
+          "devenv",
+          "flake-compat"
+        ],
+        "gitignore": "gitignore",
+        "nixpkgs": [
+          "devenv",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1750779888,
+        "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=",
+        "owner": "cachix",
+        "repo": "git-hooks.nix",
+        "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "cachix",
+        "repo": "git-hooks.nix",
+        "type": "github"
+      }
+    },
+    "gitignore": {
+      "inputs": {
+        "nixpkgs": [
+          "devenv",
+          "git-hooks",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1709087332,
+        "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
+        "owner": "hercules-ci",
+        "repo": "gitignore.nix",
+        "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "gitignore.nix",
+        "type": "github"
+      }
+    },
+    "home-manager": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1756022458,
+        "narHash": "sha256-J1i35r4HfNDdPpwL0vOBaZopQudAUVtartEerc1Jryc=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "9e3a33c0bcbc25619e540b9dfea372282f8a9740",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "home-manager_2": {
+      "inputs": {
+        "nixpkgs": [
+          "nix-home",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1750033262,
+        "narHash": "sha256-TcFN78w6kPspxpbPsxW/8vQ1GAtY8Y3mjBaC+oB8jo4=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "66523b0efe93ce5b0ba96dcddcda15d36673c1f0",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "nix": {
+      "inputs": {
+        "flake-compat": [
+          "devenv",
+          "flake-compat"
+        ],
+        "flake-parts": "flake-parts",
+        "git-hooks-nix": [
+          "devenv",
+          "git-hooks"
+        ],
+        "nixpkgs": [
+          "devenv",
+          "nixpkgs"
+        ],
+        "nixpkgs-23-11": [
+          "devenv"
+        ],
+        "nixpkgs-regression": [
+          "devenv"
+        ]
+      },
+      "locked": {
+        "lastModified": 1755029779,
+        "narHash": "sha256-3+GHIYGg4U9XKUN4rg473frIVNn8YD06bjwxKS1IPrU=",
+        "owner": "cachix",
+        "repo": "nix",
+        "rev": "b0972b0eee6726081d10b1199f54de6d2917f861",
+        "type": "github"
+      },
+      "original": {
+        "owner": "cachix",
+        "ref": "devenv-2.30",
+        "repo": "nix",
+        "type": "github"
+      }
+    },
+    "nix-home": {
+      "inputs": {
+        "home-manager": "home-manager_2",
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1750825763,
+        "narHash": "sha256-gUtcO/8Bcw4YerJpSIRu+Q2MYKxWrtT+8Bp3Mh1Qfmw=",
+        "ref": "refs/heads/main",
+        "rev": "1ab1e4b9e610dcd40a3d728f377b6ac8a302d977",
+        "revCount": 26,
+        "type": "git",
+        "url": "https://gitea.john-stream.com/john/nix-home"
+      },
+      "original": {
+        "type": "git",
+        "url": "https://gitea.john-stream.com/john/nix-home"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1755615617,
+        "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "20075955deac2583bb12f07151c2df830ef346b4",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs-python": {
+      "inputs": {
+        "flake-compat": "flake-compat_2",
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1755249745,
+        "narHash": "sha256-lDIbUfJ8xK62ekG+qojTlA1raHpKdScBTx8IFlQYx9U=",
+        "owner": "cachix",
+        "repo": "nixpkgs-python",
+        "rev": "b6632af2db9f47c79dac8f4466388c7b1b6c3071",
+        "type": "github"
+      },
+      "original": {
+        "owner": "cachix",
+        "repo": "nixpkgs-python",
+        "type": "github"
+      }
+    },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1682134069,
+        "narHash": "sha256-TnI/ZXSmRxQDt2sjRYK/8j8iha4B4zP2cnQCZZ3vp7k=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "fd901ef4bf93499374c5af385b2943f5801c0833",
+        "type": "github"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "type": "indirect"
+      }
+    },
+    "root": {
+      "inputs": {
+        "devenv": "devenv",
+        "home-manager": "home-manager",
+        "nix-home": "nix-home",
+        "nixpkgs": "nixpkgs",
+        "nixpkgs-python": "nixpkgs-python",
+        "sops-nix": "sops-nix",
+        "vscode-server": "vscode-server"
+      }
+    },
+    "sops-nix": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1754988908,
+        "narHash": "sha256-t+voe2961vCgrzPFtZxha0/kmFSHFobzF00sT8p9h0U=",
+        "owner": "Mic92",
+        "repo": "sops-nix",
+        "rev": "3223c7a92724b5d804e9988c6b447a0d09017d48",
+        "type": "github"
+      },
+      "original": {
+        "owner": "Mic92",
+        "repo": "sops-nix",
+        "type": "github"
+      }
+    },
+    "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
+    "vscode-server": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "nixpkgs": "nixpkgs_2"
+      },
+      "locked": {
+        "lastModified": 1753541826,
+        "narHash": "sha256-foGgZu8+bCNIGeuDqQ84jNbmKZpd+JvnrL2WlyU4tuU=",
+        "owner": "nix-community",
+        "repo": "nixos-vscode-server",
+        "rev": "6d5f074e4811d143d44169ba4af09b20ddb6937d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "nixos-vscode-server",
+        "type": "github"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}

flake.nix

@@ -0,0 +1,141 @@
+{
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+    home-manager = {
+      url = "github:nix-community/home-manager";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    vscode-server.url = "github:nix-community/nixos-vscode-server";
+    sops-nix = {
+      url = "github:Mic92/sops-nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    nixpkgs-python = {
+      url = "github:cachix/nixpkgs-python";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    devenv = {
+      url = "github:cachix/devenv";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    nix-home = {
+      url = "git+https://gitea.john-stream.com/john/nix-home";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+  };
+
+  nixConfig = {
+    extra-trusted-public-keys = "devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw=";
+    extra-substituters = "https://devenv.cachix.org";
+  };
+
+  outputs = { self, ... }@inputs:
+  let
+    inherit (self) outputs;
+    nixosSystem = inputs.nixpkgs.lib.nixosSystem;
+
+    userSettings = {
+      userName = "appdaemon";
+      adHome = "/home/appdaemon";
+    };
+
+    systemSettings = {
+      hostName = "ad-nix";
+      stateVersion = "24.05";
+      system = "x86_64-linux";
+      timeZone = "America/Chicago";
+      locale = "en_US.UTF-8";
+      pythonVersion = "3.12"; # This is largely irrelevant because uv will handle it
+    };
+
+    pkgs = inputs.nixpkgs.legacyPackages.${systemSettings.system};
+
+  in
+  {
+    nixosConfigurations.${systemSettings.hostName} = nixosSystem {
+      system = systemSettings.system;
+      specialArgs = {
+        inherit inputs;
+        inherit systemSettings;
+        inherit userSettings;
+      };
+      modules = [
+        (inputs.nixpkgs + "/nixos/modules/virtualisation/proxmox-lxc.nix")
+        inputs.home-manager.nixosModules.default
+        inputs.nix-home.nixosModules.default { user = "${userSettings.userName}"; }
+        inputs.vscode-server.nixosModules.default
+        inputs.sops-nix.nixosModules.sops
+        ./configuration.nix
+      ];
+    };
+
+    # https://devenv.sh/guides/using-with-flakes/#the-flakenix-file
+    packages.${systemSettings.system} = {
+      devenv-up = self.devShells.${systemSettings.system}.default.config.procfileScript;
+      devenv-test = self.devShells.${systemSettings.system}.default.config.test;
+    };
+
+    devShells.${systemSettings.system}.default = inputs.devenv.lib.mkShell {
+      inherit inputs pkgs;
+      modules = [
+        ({ pkgs, config, ... }: {
+          # This is your devenv configuration
+
+          # https://devenv.sh/reference/options/#pre-commithooks
+          git-hooks.hooks = {
+            end-of-file-fixer.enable = true;
+            trim-trailing-whitespace.enable = true;
+          };
+
+          # https://devenv.sh/supported-languages/python/
+          languages.python = {
+            enable = true;
+            version = systemSettings.pythonVersion;
+            uv = {
+              enable = true;
+              package = pkgs.uv;
+              sync = {
+                enable = true;
+                allExtras = true;
+                arguments = [ "-U" ];
+              };
+            };
+          };
+
+          packages = with pkgs; [
+            git
+            gdbm
+            # (python312.withPackages (python-pkgs: with python-pkgs; [ gdbm ]))
+            (python312.withPackages (python-pkgs: with python-pkgs; [
+              gdbm
+              notebook # kinda hacky, but needed so that jupyter notebook has some shared library it needs?
+            ]))
+            (writeShellScriptBin "docs" "${pkgs.uv}/bin/uv run sphinx-autobuild -E ./docs/ ./docs_build --port 9999")
+            (writeShellScriptBin "ab" "${pkgs.uv}/bin/uv build --wheel --refresh")
+            (writeShellScriptBin "adb" "ab && ${pkgs.docker}/bin/docker build -t acockburn/appdaemon:local-dev .")
+            # (writeShellScriptBin "ad-nb" "cd $(readlink -f /etc/nixos) && devenv up")
+          ];
+
+          # processes = {
+          #   my-jup.exec = "uv run jupyter notebook";
+          # };
+
+          enterShell = ''
+            alias fix="${pkgs.uv}/bin/uv run ruff check --fix"
+            alias appdaemon="${pkgs.uv}/bin/uv run --frozen appdaemon"
+            # alias ad="appdaemon"
+
+            export PS1="\[\e[0;34m\](AppDaemon)\[\e[0m\] \[\033[1;32m\][\[\e]0;\u@\h: \w\a\]\u@\h:\w]\$\[\033[0m\] "
+
+            export VIRTUAL_ENV=$UV_PROJECT_ENVIRONMENT
+
+            echo -e "URL:        \e[34m$(${pkgs.git}/bin/git config --get remote.origin.url)\e[0m"
+            echo -e "Branch/Tag: \e[32m$(${pkgs.git}/bin/git describe --tags --exact-match 2>/dev/null || ${pkgs.git}/bin/git rev-parse --abbrev-ref HEAD)\e[0m"
+            echo -e "Hash:       \e[33m$(${pkgs.git}/bin/git rev-parse --short HEAD)\e[0m"
+            echo "AppDaemon v$(${pkgs.uv}/bin/uv pip show appdaemon | awk '/^Version:/ {print $2}') development shell started"
+          '';
+        })
+      ];
+    };
+  };
+}

nixos/default.nix

@@ -0,0 +1,8 @@
+{ ... }:
+{
+  imports = [
+    ./home-manager.nix
+    ./docker
+    ./services
+  ];
+}

nixos/docker/default.nix

@@ -0,0 +1,7 @@
+{ ... }:
+{
+  imports = [
+    ./portainer.nix
+    ./watchtower.nix
+  ];
+}

nixos/docker/portainer.nix

@@ -0,0 +1,13 @@
+{ config, ... }:
+{
+  virtualisation.oci-containers.containers.portainer-agent = {
+    image = "portainer/agent:latest";  # Use the latest Portainer agent image
+    ports = [
+      "9001:9001"  # Expose the Portainer agent API port
+    ];
+    volumes = [
+      "/etc/zoneinfo/${config.time.timeZone}:/etc/localtime:ro"
+      "/var/run/docker.sock:/var/run/docker.sock"
+    ];
+  };
+}

nixos/docker/watchtower.nix

@@ -0,0 +1,11 @@
+{ config, ... }:
+{
+  virtualisation.oci-containers.containers.watchtower = {
+    image = "containrrr/watchtower:latest";
+    volumes = [
+      "/etc/zoneinfo/${config.time.timeZone}:/etc/localtime:ro"
+      "/var/run/docker.sock:/var/run/docker.sock"
+    ];
+    environment = {WATCHTOWER_SCHEDULE = "0 0 3 * * *";};
+  };
+}

nixos/home-manager.nix

@@ -0,0 +1,27 @@
+{ lib, pkgs, systemSettings, userSettings, ... }:
+{
+  security.sudo-rs = {
+    enable = true;
+    execWheelOnly = false;
+    wheelNeedsPassword = false;
+  };
+
+  users.users.${userSettings.userName} = {
+    isNormalUser = true;
+    extraGroups = [ "wheel" "docker" ];
+  };
+
+  home-manager = {
+    useGlobalPkgs = true;
+    users.${userSettings.userName} = {
+      home.stateVersion = systemSettings.stateVersion;
+      home.homeDirectory = lib.mkForce "${userSettings.adHome}";
+      systemd.user.startServices = "sd-switch"; # helps with handling systemd services when switching
+      programs.gh.enable = true;
+      programs.git.extraConfig.safe.directory = "/home/appdaemon/ad-nix";
+      home.packages = with pkgs; [
+        lazydocker
+      ];
+    };
+  };
+}

nixos/services/default.nix

@@ -0,0 +1,8 @@
+{ ... }:
+{
+  imports = [
+    ./promtail.nix
+    ./telegraf.nix
+    ./restic.nix
+  ];
+}

nixos/services/promtail.nix

@@ -0,0 +1,86 @@
+{ config, pkgs, ... }:
+let
+  lokiHost = "https://loki.john-stream.com";
+in
+{
+  systemd.services.promtail.serviceConfig = {
+    SupplementaryGroups = [ "docker" ];
+  };
+
+  environment.systemPackages = with pkgs; [
+    (pkgs.writeShellScriptBin "promtail-check" "systemctl status promtail.service")
+    (pkgs.writeShellScriptBin "promtail-watch" "journalctl -u promtail.service -b -n 25 -f")
+  ];
+
+  services.promtail = {
+    enable = true;
+    configuration = {
+      server = {
+        http_listen_port = 3031;
+        grpc_listen_port = 0;
+      };
+      positions = {
+        filename = "/tmp/positions.yaml";
+      };
+      clients = [{url = "${lokiHost}/loki/api/v1/push";}];
+      scrape_configs = [
+        {
+          job_name = "journal";
+          journal = {
+            max_age = "24h";
+            path = "/var/log/journal";
+            json = true;
+            # matches: _TRANSPORT=kernel;
+            labels = {
+              job = "systemd-journal";
+              host = config.networking.hostName; # Dynamically fetch the hostname
+            };
+          };
+          relabel_configs = [
+            {
+              source_labels = [ "__journal__systemd_unit" ];
+              target_label = "unit";
+            }
+          ];
+        }
+        {
+          job_name = "flog_scrape";
+          docker_sd_configs = [
+            {
+              host = "unix:///var/run/docker.sock";
+              refresh_interval = "5s";
+            }
+          ];
+          relabel_configs = [
+            {
+              source_labels = [ "__meta_docker_container_name" ];
+              regex = "/(.*)";
+              target_label = "container";
+            }
+            {
+              source_labels = [ "__meta_docker_container_label_com_docker_compose_oneoff" ];
+              target_label = "oneoff";
+            }
+            {
+              source_labels = [ "__meta_docker_container_label_com_docker_compose_project_config_files" ];
+              target_label = "compose_file";
+            }
+            {
+              source_labels = [ "__meta_docker_container_label_com_docker_compose_project" ];
+              target_label = "project_name";
+            }
+            {
+              source_labels = [ "__meta_docker_container_label_com_docker_compose_service" ];
+              target_label = "service";
+            }
+            {
+              target_label = "host";
+              replacement = "${config.networking.hostName}";
+            }
+          ];
+        }
+      ];
+    };
+    # extraFlags
+  };
+}

nixos/services/restic.nix

@@ -0,0 +1,49 @@
+{ config, pkgs, userSettings, ... }:
+{
+
+  sops.secrets.restic_password = {
+    owner = config.users.users.${userSettings.userName}.name;
+    mode = "0440";
+  };
+
+  environment.systemPackages = with pkgs; [
+    restic
+    (pkgs.writeShellScriptBin "restic-backup" "sudo systemctl start restic-backups-localBackup.service")
+    (pkgs.writeShellScriptBin "restic-backup-check" "sudo journalctl -b -u restic-backups-localBackup.service")
+  ];
+
+  environment.variables = {
+    RESTIC_REPOSITORY = "/mnt/restic/appdaemon";
+    RESTIC_PASSWORD = "${builtins.readFile config.sops.secrets."restic_password".path}";
+  };
+
+  services.restic.backups = {
+    localBackup = {
+      repository = "/mnt/restic/appdaemon";
+      passwordFile = config.sops.secrets."restic_password".path;
+      initialize = true;
+      timerConfig = {
+        OnCalendar = "03:00";
+        RandomizedDelaySec = "2h";
+        Persistent = true;
+      };
+      paths = [
+        "/home"
+        "/conf"
+        "/etc/nixos"
+        "/etc/ssh"  # necessary for SOPS nix to have the same keys
+      ];
+      exclude = [
+        ".cache"
+        ".vscode*"
+        ".devenv"
+        ".venv"
+        "build"
+        "dist"
+        "__pycache__"
+        "*.egg-info"
+        "namespaces"
+      ];
+    };
+  };
+}

nixos/services/telegraf.nix

@@ -1,18 +1,25 @@
-{ ... }:
+{ config, pkgs, ... }:
 let
-  influxURL = "http://panoptes.john-stream.com:8086";
+  influxURL = "https://influxdb.john-stream.com";
   organization = "homelab";
   bucket = "docker";
-  envFile = ./telegraf.env;
+  token = "${builtins.readFile config.sops.secrets."telegraf_influx_token".path}";
 in
 {
-  systemd.services.telegraf.serviceConfig = {
-    SupplementaryGroups = [ "docker" ];
+  sops.secrets."telegraf_influx_token" = { };
+
+  environment.systemPackages = with pkgs; [
+    (pkgs.writeShellScriptBin "telegraf-check" "systemctl status telegraf.service")
+    (pkgs.writeShellScriptBin "telegraf-watch" "journalctl -u telegraf.service -b -n 25 -f")
+  ];
+
+  systemd.services.telegraf = {
+    environment.INFLUX_WRITE_TOKEN = token;
+    serviceConfig.SupplementaryGroups = [ "docker" ];
   };
 
   services.telegraf = {
     enable = true;
-    environmentFiles = [ "${envFile}" ];
     extraConfig = {
       agent = {
         interval = "10s";
@@ -34,7 +41,6 @@ in
           container_name_include = [];
           timeout = "5s";
           perdevice_include = ["cpu" "blkio" "network"];
-          total = false;
           docker_label_include = [];
         };
       };

scripts/default.nix

@@ -0,0 +1,9 @@
+{ pkgs, systemSettings, ... }:
+{
+  environment.systemPackages = with pkgs; [
+    (pkgs.writeShellScriptBin "ads" "nix develop --no-pure-eval $(readlink -f /etc/nixos)")
+    (pkgs.writeShellScriptBin "link-nix" "${builtins.readFile ./link-nix.sh}")
+    (pkgs.writeShellScriptBin "sops-ad" "sops $(readlink -f /etc/nixos)/secrets/encrypted_secrets.yaml")
+    (pkgs.writeShellScriptBin "lola-up" "docker compose -f /conf/lola/docker-compose.yml up -d")
+  ];
+}

scripts/link-nix.sh

@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+
+set -e
+
+if [ "$#" -eq 0 ]; then
+echo "Error: No arguments provided."
+echo "Usage: $0 <path>"
+exit 1
+fi
+
+CURRENT=$(readlink -f /etc/nixos)
+if [ -d "/etc/nixos" ]; then
+    sudo rm -r /etc/nixos
+fi
+echo "Unlinked $CURRENT"
+
+sudo ln -s $1 /etc/nixos
+echo "Linked   $(readlink -f /etc/nixos)"

secrets/authorized_keys

@@ -0,0 +1,3 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDIaHS9CLiDc6T1tja0fBwwv5qc6iwuckWN6w8MNo5yiR8LPWyrfueowNJkL4HMqu6OEuggtdybGw1Do4sW5o+toHCyWfZf3khI1l15opPXuVpD4CWED+SpJiZ0wBgRaCaWhfxLI+s4JOhjOO2OjiClPX3HfxIHyTpRiR78lOMcIieHSnzrAV2MatYKf6lL2ckOsIPwxo/OVM+1ljjX+HLq9IxGUCpWOnF4nF1rq3gKL2JUh2KsrgrzE3NB7EFuqKm8F0tF2rG3JjSvlwox0h06drKD02lpZWXPOBRlcyFDpNXymmc2bpG0S2Bbj5g+pqNBB0jO0h3kzWvYYqrtU/ElObg1cXhyi0PFOhhptlbhbK0Ao8B+pAbSZ661nMT3jpRWLVbnJrRFnXXdjX08r5eseQ3k4CFpv+g64n7yg3IMo9f8gA9P/hOexR+qu5AQ1Ad/tvkp6pPXnR/zsUnbe4p2A9MaNJm4E1zxbs5VGlXynNikXwDL+spkrnjwdfUULTk= john@JOHN-PC
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFn5ilhqaeDsOWSk7y29se2NvxGm8djlfL3RGLokj0q6 john@john-p14s
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHh9SBuxU2dOJHnpGZAE4cwe0fXcTBBAx+JmRsmIX+Tk8zooeM32vbNxxSXiZNpBGH5wzHNb534dWexGGG3sOaONmcL7SCoPIvaAdnIn5VsiznerLrzppSbx3Qn8eyF97WAGCcOcIUNmTIDDx1m6zG762WQnoaUEy0Ul5IR7ET5GQxP3p5Qwx8yqfixKDwarvV421sUIxYt9gee31jS9jcI3MFd6EL57hWle95Z8BGpR/Q7sXDBTZQWMZauh5NPwLMZS7k3bHgxXZ7WNOw/J/yts1ckBbvIFJSRNnMuWD0oGnDTL6aivGi+Eiswp0fpKzYGzquB3/wr3VU4G1JcMM5 JuiceSSH

secrets/encrypted_secrets.yaml

@@ -0,0 +1,31 @@
+telegraf_influx_token: ENC[AES256_GCM,data:XHT7lvRrw9MeC0Jxe2EYTTa/iB5QLVTzp9TDJaljssRR+kGdK3va1u14NX5b6jFrHnAXLiMdMQ5UTdbsnYH43TnRkY29mcVHxwaQv+rbCgEIKOAYFeIw0g==,iv:uzBYXWYRDH6bHZ3pubWh5Qn/2dN2Rz+sjEmrqpKhA4o=,tag:wemgU05aTl9S1rwt+fVQug==,type:str]
+restic_password: ENC[AES256_GCM,data:8ArxlyulTejzZ2eA9LqLptAZdBfBZJpeNmaw7r9H2ZPQsPAuT4uMcGRgvYF3tD1d9msyUC5yFy5trQfUxUMhXUrnPnFgZEYUrq+BVG/VraYjH74N1YTSKHksz7kqEGmTpMh6DpNLSq3JWfUT/T2GWDhIjRfQf1O++nlAWHDLT0+aEPT633+o63k8+GZuC38Khsv22dYHki1U57QQusk8x5Rj/0ZwuftJe7ItKs28nXZyLejFq+c+OTvJxjQb70FvHY0QfrGFA8RPteJgoLuTDrnKtkw2CuTpfnfhQXQw9oxUnT6x3L34RMY6Tla1PZt/xp07VZC1vnmmLB1prwJtUgvtQfzp8hLVNipoNAfg9ujg7eTq0Dwm7yHVe5hSkOxp1qh47mwA7Og9yb0t7FZE3ZiVT0P5dH/+Qvp76KhCCQUDA4ttKKw8TNjsiqrcEMyDBj+c1mXRpcXfgoAhJpgtEgHT28GEwVl927Zz3zpGG23Gu9pn5ow09GRWJOzvInwnEI/3Thz+DKySzKB2xDK/Nu8hXsmF37iYafLBSnDRGw8RPp6DQBBFNT84WlncCz71yNt7diiAmdxFVESIv3P0sXMVEXEJ3yx/8ke/2quGiCvYUfvxFsU8xsPIkA3gQodHJY+8q16kjafuMUZkuhZxhFZuScKEThlSkJcvlX+C19dlJYbQM/NoLN8KEeJ+ULoTd+CgGtlK7gXEE9GC5i+rTW/9pZrsg8MaPJAxw/jnZO9ikxJtxRPiJGJ7r2zkEwM9DdlPNlbPWw3BQO/ikOS6UhtcuQI2dj0KJC1b4jzrHCALa7h4tRZmT40isEC1KuGcj02CR0QFAVYWWCz9S6TE2RR8y+OiEJosRfTWFg1CbWyGjBAsZ8WbyAhufB6EhF2F5CA3bMnGc1D6JAgrQw0rowce1Znzs2hYQP4ysaDMLoUhRfDjdfUlb9byOeRwKnLFxg67mAHO1ON8DUT+ZnLeNH3rEmams5g9irtLcH3nxV45ESZfFDqVLr645gmfPNs92a8K1ZUwU3XpO6mOR7+iLiKpFIhlVavtsJPKE1XAxnhilH6Hekd78PAdKc+aZLeDGHUZcTZYEN76mxRfBe20GpkUlx9ekHN4ZP1qvQl301vefNpmfflcJheJ/fgsLjDW5US5hyG6PZ/+GG1xAEhBEmSKH9GvN7sk+FwaxdVSzZwcL7Dj2fyX89kSWoZdKMbE6RwsUHNo1Pdfc1w1M8RxSnOLZL7ijG/nJFLn0T6I5cjnKQ+qscsRQz+62aUczTRp80jFHnNo1VOrsO9Oz0YX1/t9Pnq1mR/X/UzZFwiRKrdLacTwRSEWUFi5zf4PX5rcd6EeZbp5DuvP7RZt39npAmzNz+TBKZP06RymG5CdDVzO41xNJWt7bQ/sd3tw3MUXJaz87Glbg7xq+5EdoUE9J/PaJfO5i+9CAaKCOiFBUfr/NjWv3zpfMCZ50HzqlsQCLnOMWS8S65V5xh2a1h77sOYsrWESvUcdg1ryfGd98znyNE5P7BEBo83P8DIKdYrRoPaWPWHRC6ldOOvFDEeaHy6GedV6k0qKcueGHNYRHG4aMOV9lnlc3qMOpXkNFWk45Mv5pmFgGlgrmutjXzi3ljxa0cGe5UUdPbr4lDZ+U2yPvCOu7Lg7FpVyCR77QMerF0xENKrhB4G57QBUhtx8TUdYH/B6+vka1LiKz/i09VEDiQ2K1q5831hUfrS6GyXN8p7JdhCQ3C66V8cMpb9/llO06LLV5Cc4ooB0svSigMuQ4UFDO5bTkrt7wGJLG/mHrb8DjDPI5nuWhyoxs6OqCvg2t2/HJwK9,iv:wiW/f7wLO7kfd3CKDfoYZnXj697qIFRokAut7VXALVM=,tag:VzKJ/BrCL6zNbglsDqJx9w==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age197d424aa7jpj2s735fl2h2s4c687y8vm44usx8wag0r2kh2v7ces4efdyn
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAralB5SnNwckUxMkRad0Jr
+            U2xMRVpnUU9GNHpZTEtLdnpwc2tmT08rQmpNCnFzdHpOdWFpZzBNR1lUSHR5U3lr
+            Vk1HTEQ3REFvdUg1T0hMM014N3BtcVEKLS0tIE5LUTF4Qk1XSXlNNkxNN2pnVi9P
+            TXd3eUJyYTZYaENSV3FEU2pGbFc1RDQKMj8dOska8lpMAFKV2w6bbO/r01K/9Dw5
+            Q/jp5XdYtyaGSZcxRnHHbJYldyKKYII9Rcm/uDNuMNA/gCFvbSLccA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1qf4c4asf7wcqqyd9aju8fq9dvum4ptcqr8dd6xqengsf6jx7daqqtgup30
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuWmtMR1Vuc0g2OCsxSjJ2
+            eCs1bWJyT3g3QktRRHlzVFB6bkZjVjIwRlRFCmVtam9HWWErdlVwYkFrSUprZHR4
+            bllDcWdCT2ZiRFpaQ1lVZVBSb05kb2MKLS0tIGgrRUx4TTljdDVGVCtxN0kyZGRL
+            Vm1ldGhPRmNyZHErekRlbFBZQy8wK0EKY2vsWzqtX5w4vM0aLGEN2ZO0Rm9slcKk
+            6Yx2KvJAT6dNg2lqjzXYYS/MvnpOrW6fA46bmWKaAl9IzKhyW+2avw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-02-17T06:15:17Z"
+    mac: ENC[AES256_GCM,data:zbnP62SqnI7UUb5lP4UlgzWPDkUegvVX2lAbRcDqWqZJsXTkRPefdUIFPO3aZn2EW0aKlFQGEwARTtOtQ9hLYhbqcvAvh5Ur5eFh3szp9ejgF59JBdYGH8PTR/6FkCaVnyuMA1t3940gVhs8eIRdfdjihTHsIe254/3xzBtVG4o=,iv:j7EImL80FgAt7bjlkgB5KIKduKniUaoyz8fnHr/v2rM=,tag:5vK0s6Qf6t2HRhDPaZkT6Q==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.4

shell.nix

@@ -1,13 +1,26 @@
 { pkgs ? import <nixpkgs> {}, unstable ? import <nixpkgs-unstable> {} }:
-
 pkgs.mkShell {
-  buildInputs = [
-    pkgs.python312
-    unstable.uv
-    unstable.python312Packages.ipykernel
-    unstable.python312Packages.rich
+  packages = [
+    pkgs.git
+    (pkgs.python312.withPackages (python-pkgs: with python-pkgs; [
+      pip
+      setuptools
+      wheel
+      
+      # pyproject deps
+      aiohttp
+      astral
+      bcrypt
+      deepdiff
+      feedparser
+      iso8601
+      paho-mqtt
+      requests
+      uvloop
+      pydantic
+      click
+    ]))
   ];
-
   shellHook = ''
     echo "Welcome to the Nix shell for AppDaemon development"
     cd /usr/src/app
@@ -20,9 +33,5 @@ pkgs.mkShell {
     alias fbuild="build && dbuild"
     alias clean="cd /usr/src/app && rm -rf ./build ./dist"
     alias ad="python -m appdaemon"
-
-    uv sync --all-extras --upgrade --inexact
-    source .venv/bin/activate
-    echo -e "Built and activated virtual environment\n"
   '';
 }