Compare commits
1 commit
main
...
update_fla
Author | SHA1 | Date | |
---|---|---|---|
|
4273e4eb17 |
119 changed files with 96625 additions and 3655 deletions
|
@ -1,36 +0,0 @@
|
|||
{
|
||||
"durincore" = mkNixosConfig {
|
||||
# T470 Thinkpad Intel i7-6600U
|
||||
# Backup Nix dev laptop
|
||||
hostname = "durincore";
|
||||
system = "x86_64-linux";
|
||||
hardwareModules = [
|
||||
./nixos/profiles/hw-thinkpad-t470.nix
|
||||
inputs.nixos-hardware.nixosModules.lenovo-thinkpad-t470s
|
||||
];
|
||||
profileModules = [
|
||||
./nixos/profiles/role-workstation.nix
|
||||
./nixos/profiles/role-dev.nix
|
||||
{ home-manager.users.jahanson = ./nixos/home/jahanson/workstation.nix; }
|
||||
];
|
||||
};
|
||||
|
||||
"legiondary" = mkNixosConfig {
|
||||
# Legion 15arh05h AMD/Nvidia Ryzen 7 4800H
|
||||
# Nix dev/gaming laptop
|
||||
hostname = "legiondary";
|
||||
system = "x86_64-linux";
|
||||
hardwareModules = [
|
||||
inputs.nixos-hardware.nixosModules.lenovo-legion-15arh05h
|
||||
./nixos/profiles/hw-legion-15arh05h.nix
|
||||
disko.nixosModules.disko
|
||||
(import ./nixos/profiles/disko-nixos.nix { disks = [ "/dev/nvme0n1" ]; })
|
||||
];
|
||||
profileModules = [
|
||||
./nixos/profiles/role-dev.nix
|
||||
./nixos/profiles/role-gaming.nix
|
||||
./nixos/profiles/role-workstation.nix
|
||||
{ home-manager.users.jahanson = ./nixos/home/jahanson/workstation.nix; }
|
||||
];
|
||||
};
|
||||
}
|
|
@ -1,93 +0,0 @@
|
|||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
modulesPath,
|
||||
...
|
||||
}:
|
||||
|
||||
{
|
||||
imports = [
|
||||
(modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
|
||||
networking.hostId = "4488bd1a";
|
||||
networking.hostName = "telchar";
|
||||
boot = {
|
||||
initrd.availableKernelModules = [
|
||||
"nvme"
|
||||
"xhci_pci"
|
||||
"thunderbolt"
|
||||
"usbhid"
|
||||
"usb_storage"
|
||||
"sd_mod"
|
||||
];
|
||||
initrd.kernelModules = [ "amdgpu" ];
|
||||
kernelModules = [ "kvm-amd" ];
|
||||
extraModulePackages = [ ];
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
virtualisation.docker.enable = true;
|
||||
|
||||
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
|
||||
# Enable Flatpak support
|
||||
services.flatpak.enable = true;
|
||||
|
||||
## Base config programs.
|
||||
programs = {
|
||||
# Enable Wireshark
|
||||
wireshark.enable = true;
|
||||
# Enable OpenJDK
|
||||
java.enable = true;
|
||||
};
|
||||
|
||||
# sops
|
||||
sops.secrets = {
|
||||
"syncthing/publicCert" = {
|
||||
sopsFile = ./secrets.sops.yaml;
|
||||
owner = "jahanson";
|
||||
mode = "400";
|
||||
restartUnits = [ "syncthing.service" ];
|
||||
};
|
||||
"syncthing/privateKey" = {
|
||||
sopsFile = ./secrets.sops.yaml;
|
||||
owner = "jahanson";
|
||||
mode = "400";
|
||||
restartUnits = [ "syncthing.service" ];
|
||||
};
|
||||
};
|
||||
|
||||
## System settings and services.
|
||||
mySystem = {
|
||||
purpose = "Development";
|
||||
|
||||
services.syncthing = {
|
||||
enable = true;
|
||||
user = "jahanson";
|
||||
publicCertPath = config.sops.secrets."syncthing/publicCert".path;
|
||||
privateKeyPath = config.sops.secrets."syncthing/privateKey".path;
|
||||
};
|
||||
|
||||
## Desktop Environment
|
||||
## Gnome
|
||||
# de.gnome.enable = true;
|
||||
## KDE
|
||||
de.kde.enable = true;
|
||||
|
||||
## Games
|
||||
games.steam.enable = true;
|
||||
|
||||
## System config
|
||||
system = {
|
||||
motd.networkInterfaces = [ "wlp1s0" ];
|
||||
fingerprint-reader-on-laptop-lid.enable = true;
|
||||
};
|
||||
|
||||
framework_wifi_swap.enable = true;
|
||||
security._1password.enable = true;
|
||||
};
|
||||
}
|
|
@ -1,86 +0,0 @@
|
|||
syncthing:
|
||||
publicCert: ENC[AES256_GCM,data:TQ8H4JsIEoSSrOtC9koG12v64ANVDU579hakO+Q/Uo+0uY/wf52U5g6THIJII7maVOJ31VXKhQABKuiirYjGnG5IaWnNkzCRo+8Pv861lr4d0be3H2NBubkIK814HziuiHa9MP5szi/J5aPQu0nj9srHCPYDzsueh8+bZDYQ2VdgKWKAKAbGwZXRcCyyNGP9u1VjUJCfXx/iQ3RbCrLNDuVbSbfmVH9wJxUUlF0ViqnHkaucQCstaAuvIn78tKpGJeM0njG2PDiVDTDBnhb5Pui/NdK+3+QqwVQHwoQRagGvqEoiL05DY3ydBlClMt2J23kqBN5U0Az15plHwQNLJujWVtkXsh4naIM8Pztwdi3xoioTytdZF/7q4q9rT3YmAK2grgSw0A4SEVvHD5RUH4ZuN/cLb0+h3Papt7xUQcwvr2WStoEujDfuHYPjs13bITnErv0PE8Imis9/ffGwC0EMsgbuDOzS8+m+KT+E8smNJD2APBZh0jq2aeSG4K1y1Q+tVnBMfZ89g8K9JZUcPWWKlGFUbWYRzY4Y1ueGH0pAUIfHLGai16q6SFvXA1+WHCJzEbZDYfDMW465yYV27JMiY4vJw+dAGs2P5o2Pf5/DtVuMW35ZQefBB/mFrJi05/3/CRbBMP73RJXvnjkTjnmUQ2FybkdX0w2zqhyWV5C171kSOcTpkBYaNWn1oM0thG246b80npGmbRjNWH7PWqxQm6kR7USiQOLgvy9rbAULNZ1+ou6He0oKD003Hfkm+OSfQVAMviIE8iS2b6xo0f8umvJ/gVEVHrDsv75KUVQHTHOjickYeYvVky6ZqPDI1z4ya8q1csb/UnLqSNvjT16OdMVQvwCOcjSPTtymj5IdDspkHW9bN856dDvbbRn0FxsEnjFpZMATYVvcLf92eA1k1/ghQKJdOcBrZY4HWUKx33e21i5OyDcLrX9JVTOMpVtKjX2pMygmVxzwj6DV5BWQYTrNByI5iHE8ihy+vOFf36b6bcyu4+3PKIoKnC738b5fSudGtPFL+bhlFPMEO9xlIwzUTA==,iv:9K8PKwTAKF1iZNRDY8ABgK2xKDZ4jh6l1C+ZzH1aexQ=,tag:/fxUf++pQQKWD8SZyw3Lqw==,type:str]
|
||||
privateKey: ENC[AES256_GCM,data:ul6WGC0iMOpm7RcZjSPATJcu5IMENcvJtPreulDB8vODKfFWKeXlWiy13CZ2fsJxn3Xd/SbXGgtqd6wNQAyU9Rp8qrbFAVCrTppGjbVElbLTdPdpWMU940Rxn4ICc9z4LmKziALFj28O2neRANEzhtThCv724PStXnS2h6mO9bvfDBvmWyD85l0W8hjYHT2g6RaKAMB0BQ+SGb/7YTzpJkU2qdcYdqFaFlxqae1ZO0Ik4UdOBwAGQFgiDM/BzwL5kM0H/r3mMd0vgLBk7AGcQx9yI76SDlFh8CT7jYyJhE0X+wSKwcMdttA8qeCcdkxdEiXgzzFreBJfRq9CUc5+y20mE+cv83bXCIAz12yT0RDMoml1efvrn5A/valqTn8y,iv:VSSVxItFPc7+t5vHoDBRP2mmiFsulThRNZqNy82RYFI=,tag:F6IHAmk4HEINtuYb9Kvbxg==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1d9p83j52m2xg0vh9k7q0uwlxwhs3y6tlv68yg9s2h9mdw2fmmsqshddz5m
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3bGFxTi9OcjUwNlJWRWov
|
||||
OEFtZTJacmxSSDhEeWdGbTRhMHEyQ0pwVW5nCmsvVU5KSHJ4OTZtWExzUWg0ZnBD
|
||||
Q3BXSFhMNUZ2YjZiRmRwcWV0R1BnVnMKLS0tIDZKaG9abm5JeVROdzNQcXhhZG41
|
||||
TDhEVG1yaDhZbWNXVm5HQnFBZld1alUKLjDMyKKMcdh96YjZ3/QPEXecPYlNZMGv
|
||||
8BCG4xZq+cqlzxpQ/f9/P+g8crw+BQD/H8S5R/UsNZuT3jFoZYTgyg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1m83ups8xn2jy4ayr8gw0pyn34smr0huqc5v76e4887az4vsl4yzsj0dlhd
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFODdNVDNtYytjZmhxK1FY
|
||||
Q2wvT2M1UFRzbVU5c0hDUXhBd0hXWDNoL21zCnI0ak9ESHl5bCtaM21SMDhpMmlM
|
||||
SUx1SldFeTlVME9iQ09BZnJCRk44OHcKLS0tIDR5dFdDZU9ESVFhTXowZ0NWQnBj
|
||||
bFZpNHNQaDZ5M1RnK1FhYXVUVDhpMTAKjbJ7BboI37aWHQ3IIiwd4F725w9QSq/5
|
||||
TYoApR7X5dDhEy43ytuuSUASDN3Zw7xg96e23/JCPfAYzjeL/6MbLA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age18kj3xhlvgjeg2awwku3r8d95w360uysu0w5ejghnp4kh8qmtge5qwa2vjp
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXcFZ4YitXNXNJaDd6aENK
|
||||
OW9Uc0VHS0hhNWUzZXRXbkdUZnRBWTVOWVdnCnlLNmpVRFB0enpUQ1FIbk8rMFhS
|
||||
a2FHTWZSZTFnbC9vNnFPaWVSK3NFNjAKLS0tIFJDS3N5eFZhQm55QUJQOXV1NER1
|
||||
cTJvYVdta0JPRFZ1TUc4eDBNS2VEQzgKkLXYLUC3Fd27KKajQwbKVUUfAawhb4g5
|
||||
/1cKOxSs1eMfCpK0xxZKwsSaAcTfmYlXuRBMO82ol9lMD+/fBNaCfg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1lp6rrlvmytp9ka6q89m0e0am26222kwrn7aqd45hu07s3a6jv3gqty86eu
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYb2diT3NqQ1UyZFM3Mmc3
|
||||
OWJicDNFVXR5dkNQN3ZVYlVCK29yd3FCMG1jClpPaWdRUWsxK2lrMy9YdGFzWmZ0
|
||||
VVNaNE9Pb0lhNEpsWUdGckFRaXNOc3cKLS0tIERLajl6Q1BGcmh3TUYyNGtCS0dI
|
||||
V2ZhNDNJTlBGWU43MFVHMGpzUElZMncK5i95c/lkjjlnpL2dCchkvhnpoQQzb2w/
|
||||
eGx9DQwj7eLhYh/STrsX39vXEEw6kNuIz/2zVMirzVhv/bQ3xmerTQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1e4sd6jjd4uxxsh9xmhdsnu6mqd5h8c4zz4gwme7lkw9ee949fc9q4px9df
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2dm1wQkx5MEUySWR3YmVS
|
||||
ZWZTRkdaeGZPVFpudit6SHpBWE0xODFZd2xRCjlGYmk3L0E3eVpjYW1NSVRoa3lk
|
||||
OHRFK24rWlJNemVWMHhERlowT3ZUZDQKLS0tIHdKancwR0wrb0hWUDBPS3ZBbnFm
|
||||
bjhSTTNxZVczK3lNSENQUVgyZUlzR3MK++UAqpak2u+E/OjXnpFQ0UFb5SrEm7KK
|
||||
TwS0VBa7OfQtC6UHuix4MtsLJYkaEf8vYjjrBHRGlbbgAP+yFPaOPw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age19jm7uuam7gkacm3kh2v7uqgkvmmx0slmm9zwdjhd2ln9r60xzd7qh78c5a
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAycC82VGhHVFRkeEs1QVl6
|
||||
RHJ3N3RGZXFTWWNIYVpVVXQ0Z0sxdWdyNkRZCnJ0a1QvOUpvekJpckY4eSs5bFRL
|
||||
b3ZiVHdpSUlCcjBXMFlzMnJvQUNlNmcKLS0tIHhNUDFzNHZpWE1zQnR3UFdFWkFO
|
||||
VHBGSENKc3lkMkdZaVdVVHlvcWoyc2MKiatzQlU9D1WSZO/6IwGhyd2zFtnRR3SS
|
||||
t9kqNFnrCfuAReoP7PsMukNbfeZr0edn2bTByZ32EF2qBFmEJicGHQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1nwnqxjuaxlt5g7fe8rnspvn2c36uuef4hzwuwa6cfjfalz2lrd4q4n5fpl
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIOG9TQkhzK0NUazd4RVE3
|
||||
Yjh2Y2hJaEdWcVExaWNmNEw1eTZsZHgxdUFZCmhqcHBSblBhd2pSbE8vYVc1NlQ0
|
||||
ck1BZG9LRHY0aHJqMkFkMFJVUVZwOFkKLS0tIG5Cc0ZVWVBzTXoySm91bSszZXpS
|
||||
TXA1RjFETXdRRFBQK3g2Tmk2VGdXVGsK3jkU01wrOWktuThyt51G4opyTrS1W1dR
|
||||
MKWuw2GljMSeGHij5VP+PwmTfaJrl5KpEm5w8ggKIm8KaR3RI/DYWg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1a8z3p24v32l9yxm5z2l8h7rpc3nhacyfv4jvetk2lenrvsdstd3sdu2kaf
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhaEtvNUs4T3czQ25ObG5L
|
||||
Yk9uZzBvSHFFcjJwdTVXckJFNE1NellDb0VJCitBTWFjRlpOdS9wL0crN3V0ZnBk
|
||||
bTY2R01LYk9zT3ppVHBaNFlMSkZJRU0KLS0tIDAvOE1Ya29OYUF2Rk41c0ZEbzlq
|
||||
eFZwL0R3R0psRzVRYjlzRlBURGhXOTAKwewHTFEpnXKOGTv544Tl8djUG3uKS7+n
|
||||
h7FAGpzGF1/i45+JJYikXjaWbJmN/WqZRrx9BAyu2ymeTQKPzCHShg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-11-07T23:27:17Z"
|
||||
mac: ENC[AES256_GCM,data:xPofZ+vRCsvPz1WTTjlxR6bbHYDDTP+sX8Rc8lRWzjAnMcsULsmbpeIwjghcnMgm406Umbct87UX1aFu4LioumG3KE1XHzE/s4Ik095m9IBbo2AVLVx0O2Q5UKwDvP7pPnBJBEmjs4xn70bMsOeYRJl+VECQssN18IzjVUwaVmE=,iv:0we672j+kxTHwXO5aUtu9wCIndgqUDnhGWvEGH2sVQA=,tag:Nu8Fa4bc4BWlvNE4m1DXYw==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.1
|
|
@ -1,65 +0,0 @@
|
|||
{ lib, config, pkgs, ... }:
|
||||
let
|
||||
cfg = config.mySystem.de.kde;
|
||||
flameshotOverride = pkgs.unstable.flameshot.override { enableWlrSupport = true; };
|
||||
in
|
||||
{
|
||||
options = {
|
||||
mySystem.de.kde = {
|
||||
enable = lib.mkEnableOption "KDE" // { default = false; };
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
# Ref: https://wiki.nixos.org/wiki/KDE
|
||||
|
||||
|
||||
# KDE
|
||||
services = {
|
||||
displayManager = {
|
||||
sddm = {
|
||||
enable = true;
|
||||
wayland = {
|
||||
enable = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
desktopManager.plasma6.enable = true;
|
||||
};
|
||||
|
||||
security = {
|
||||
# realtime process priority
|
||||
rtkit.enable = true;
|
||||
# KDE Wallet PAM integration for unlocking the default wallet on login
|
||||
pam.services."sddm".kwallet.enable = true;
|
||||
};
|
||||
|
||||
# enable pipewire for sound
|
||||
services.pipewire = {
|
||||
enable = true;
|
||||
alsa.enable = true;
|
||||
alsa.support32Bit = true;
|
||||
pulse.enable = true;
|
||||
jack.enable = true;
|
||||
};
|
||||
|
||||
|
||||
# extra pkgs and extensions
|
||||
environment = {
|
||||
systemPackages = with pkgs; [
|
||||
wl-clipboard # ls ~/Downloads | wl-copy or wl-paste > clipboard.txt
|
||||
playerctl # gsconnect play/pause command
|
||||
vorta # Borg backup tool
|
||||
flameshotOverride # screenshot tool
|
||||
libsForQt5.qt5.qtbase # for vivaldi compatibility
|
||||
kdePackages.discover # KDE software center -- mainly for flatpak updates
|
||||
];
|
||||
};
|
||||
|
||||
# enable kdeconnect
|
||||
# this method also opens the firewall ports required when enable = true
|
||||
programs.kdeconnect = {
|
||||
enable = true;
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,52 +0,0 @@
|
|||
{ pkgs, config, lib, ... }:
|
||||
let
|
||||
cfg = config.mySystem.services.glances;
|
||||
in
|
||||
with lib;
|
||||
{
|
||||
options.mySystem.services.glances =
|
||||
{
|
||||
enable = mkEnableOption "Glances system monitor";
|
||||
};
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
environment.systemPackages = with pkgs;
|
||||
[ glances python310Packages.psutil hddtemp ];
|
||||
|
||||
# port 61208
|
||||
systemd.services.glances = {
|
||||
script = ''
|
||||
${pkgs.glances}/bin/glances --enable-plugin smart --webserver --bind 0.0.0.0
|
||||
'';
|
||||
after = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
};
|
||||
|
||||
networking = {
|
||||
firewall.allowedTCPPorts = [ 61208 ];
|
||||
};
|
||||
|
||||
environment.etc."glances/glances.conf" = {
|
||||
text = ''
|
||||
[global]
|
||||
check_update=False
|
||||
|
||||
[network]
|
||||
hide=lo,docker.*
|
||||
|
||||
[diskio]
|
||||
hide=loop.*
|
||||
|
||||
[containers]
|
||||
disable=False
|
||||
podman_sock=unix:///var/run/podman/podman.sock
|
||||
|
||||
[connections]
|
||||
disable=True
|
||||
|
||||
[irq]
|
||||
disable=True
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,86 +0,0 @@
|
|||
services:
|
||||
radicale:
|
||||
htpasswd: ENC[AES256_GCM,data:O/bI1CUdpal/aJSiLaWtDQ==,iv:iJ4WrQ2vbjRlICcY21R6NGmtOZwO68zANQv52uwm74k=,tag:c2sMcVCUWOjSALNITdx1dg==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1d9p83j52m2xg0vh9k7q0uwlxwhs3y6tlv68yg9s2h9mdw2fmmsqshddz5m
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyZUxOSWd5TnFlazlXcjUv
|
||||
RVBjM01WRjZ4R2d3WGhQWHNheEZWRkdWcWx3CitOekFGZ1RXL1M3QndrWHUzUFNH
|
||||
QkY2dnYyZlhFMGVvTzBQb05oTjFFZ1UKLS0tIDFYN0pQTHBEMUZTU3QvOEJQS0Rh
|
||||
Z2p1ZFVvVVBBZXVwTkhVZ05nNVBOQUkK7qFuomZfRvwFXTUc6LWWT10Ws8xIDcCj
|
||||
AD/HSc9K+lEXHoTNmpHZyUYGnxJljnDNB3d3FS4pKbHujvhvMXwfPQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1m83ups8xn2jy4ayr8gw0pyn34smr0huqc5v76e4887az4vsl4yzsj0dlhd
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGdnRKZUk5Um5HYUwzbmhL
|
||||
K1A0ZW1YN0d3WllNb28zeDhzS1ppWXhleDBVCmMrRk41WlM1RXN5TkVnVVRYQ3Ev
|
||||
c2RTeVJ1ays1bzg1ZGozMWI5ZWZ1ZHcKLS0tIFRKRlhFT1VwY2lwbUhRd3A4SEds
|
||||
Y3BFY2lpQkExL2V4SjJvU3pTSW5WYzAKO8GMLDaoDrxdZzM8unYvq3/OteDGIwra
|
||||
dRd8c6b5LSoC63Y59WftmmasXFRNrZHZX24vwgwReKapnWmqtQTgrQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age18kj3xhlvgjeg2awwku3r8d95w360uysu0w5ejghnp4kh8qmtge5qwa2vjp
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjVFJQM3BnU2hlTVJvT0RQ
|
||||
WHRVWkJEd3JacnlVSStQYVU3c2QwOThPOVhvCjZOeEFDdXFzeWNoS3JTbktFMDJV
|
||||
ZDJKV2RlMDRiTW0vRHRBUUhCUGlPUlEKLS0tIGxWT0VmaUNGMXk0a1NYTDI0WDQw
|
||||
b2hjeEFPVGdhek8yVEcwN1BzVnFQbFEKNgwnchYNz/afrg6FeFlCikMIaCfsEMYK
|
||||
PHmfIiM64XReGZGsKL+gxIw33yszbyeOu0vr26tqV3HU/QUE7f19gw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1lp6rrlvmytp9ka6q89m0e0am26222kwrn7aqd45hu07s3a6jv3gqty86eu
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzTEpra1haektoVFNpMkV6
|
||||
eGVkQnRpblV5amdMaGZJVVJiMUV1VEYwYkVvCmJZZ1ZvWTRUOVpYRnZkSEcvbzk2
|
||||
MDZ0MVl5NmNBQnJ5ZkhqejI5Nm5URDgKLS0tIDZPRURpVHp4Q1NsRG9ZeGVqRU9X
|
||||
WnJ2ejZrZ0hOdDhxZUNnaDhOWVpzVFEKoYnqypCuLKT8OUbtRk6yN9UfWBqbznzE
|
||||
DgCHiOj590zXsfRpaei/UYx0qdEmtymh7FivkxSRNYylfcngjYiadA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1e4sd6jjd4uxxsh9xmhdsnu6mqd5h8c4zz4gwme7lkw9ee949fc9q4px9df
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2QkpxRHJYTEo5cE9ielZl
|
||||
a1NYUllWYmp2NzZZejJtby9MRkF4ejNPWmtNCmNDMWk3cGg3eVlYUXBCTjg0TmdG
|
||||
akRwVFZxMUZMNXAvYzRSYkZlamthVlUKLS0tIHEzYmg3eTFveWppbzk3c3FHM0pn
|
||||
bTZ4K2xhN2xRU2VDK040cGpDbjVmVUUKuAsZczZzTWKKxISxWOaxjzxM6wLnsbpT
|
||||
dxCkcqbjL8tWs1hACsWhJ4cNGNP7gkF+9RELZvvAHgSMrlpMv7Y80w==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age19jm7uuam7gkacm3kh2v7uqgkvmmx0slmm9zwdjhd2ln9r60xzd7qh78c5a
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtZVhZeVdXVXRSWi9tMjRv
|
||||
dlJFRE5NNDZZdStsOUdmMFZBdC9wL2o1S0hRCkpPNE5ic2t2UHdvanJ5bTdheDk2
|
||||
SUhsOTlXZnkrTkRvUXRaZE9SbW9EMGsKLS0tIHRZK3ZBQ1UrMlFGWEdIblk1YURV
|
||||
VUJaWXhJMy9NUC81SjhGR0t0QnZPSDAKnQe+zUSRWvfjwr/c5wIkw/alXelnIK+u
|
||||
BmvB/bps060r8GWIGYsN5mVzBpLAYwqqB4ylpjoLTfhAx3J3A+fRCw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1nwnqxjuaxlt5g7fe8rnspvn2c36uuef4hzwuwa6cfjfalz2lrd4q4n5fpl
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaa2hQWlNhdmpZNHkyQmJI
|
||||
WGwwZitJaUx5U0xzdURjdlFpN01jMWFvRUZZCndMcHpNclhoR1NXZzVNOWtlY0JD
|
||||
c1RSNGVzY1RUa0JLYng2a0w0bFozNXcKLS0tIC9Sb0k4MmpaWUVqMkxUbHlEdlgx
|
||||
M0hoN29oY1FVNVFGZFVyZVJTM2owYjAKsnVoccpgW7RPuJL66Q9iCOG5GZ41K65e
|
||||
7J8lGbHkalzX63VGIOgtvSViIXIeQxw9+Tmf70GQUqcM6czwX8fu5Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1a8z3p24v32l9yxm5z2l8h7rpc3nhacyfv4jvetk2lenrvsdstd3sdu2kaf
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHZWxZWk53cHd1bzhjVmZF
|
||||
TUk4RmhENGMvNzZnREdKYU9TTDZzS0Jha1I0CnY3NXZzVlJhTGpVNi8yWlZ5SXN1
|
||||
Z3I4b3BOcGtpek4vK3JzV1JUVWVMZUkKLS0tIHJMOEZraFB2WXdBVUFDUisrMzBM
|
||||
TUUzcW1GR1JOcG4yMm9EY3R6WFdTeEUKzJerRRS/5eCDOhOxHEB78qiVOx++z4M/
|
||||
XOEN6X0iDUBDfFJIqtMngMjU9E9DlRIYetMOYLxTpxmdKiv3Njyh/A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-09-18T23:57:27Z"
|
||||
mac: ENC[AES256_GCM,data:f2p4VkJ7RLGPBbkkesqFKNIVow+/7MobH+AqnELAguGxlMAt1XZaU1cLfyMy1RQIrT0UmUV2xjRf/PGXBVNOTK+A2M0zoI90N8daTvk2xrEX5JVNWycgKVnQfztIgUAf5LA+tcvyWQ/Z/sIN1aGNfbl1tCSq+U+3xjIxZ74qmuw=,iv:wcyjoKWNFLb/jGclNWbHP7wwnkz29iINSfKblqhP+bI=,tag:3RrZXX9pAWQG05ZPI5A35Q==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
|
@ -1,30 +0,0 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
let
|
||||
cfg = config.mySystem.services.vault;
|
||||
in
|
||||
{
|
||||
options.mySystem.services.vault = {
|
||||
enable = lib.mkEnableOption "vault";
|
||||
address = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "127.0.0.1:8200";
|
||||
description = "Address of the Vault server";
|
||||
example = "127.0.0.1:8200";
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
services.vault = {
|
||||
enable = true;
|
||||
package = pkgs.unstable.vault;
|
||||
address = cfg.address;
|
||||
dev = false;
|
||||
storageBackend = "raft";
|
||||
extraConfig = ''
|
||||
api_addr = "http://127.0.0.1:8200"
|
||||
cluster_addr = "http://127.0.0.1:8201"
|
||||
ui = true
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,14 +0,0 @@
|
|||
listener "tcp" {
|
||||
address = "0.0.0.0:8200"
|
||||
tls_disable = true
|
||||
}
|
||||
|
||||
storage "raft" {
|
||||
path = "/var/lib/vault/data"
|
||||
node_id = "node1"
|
||||
}
|
||||
|
||||
disable_mlock = true
|
||||
api_addr = "http://localhost:8200"
|
||||
cluster_addr = "http://localhost:8201"
|
||||
ui = true
|
|
@ -1,56 +0,0 @@
|
|||
{
|
||||
disko.devices = {
|
||||
disk = {
|
||||
main = {
|
||||
type = "disk";
|
||||
device = "/dev/disk/by-diskseq/1";
|
||||
content = {
|
||||
type = "gpt";
|
||||
partitions = {
|
||||
ESP = {
|
||||
priority = 1;
|
||||
name = "ESP";
|
||||
start = "1M";
|
||||
end = "128M";
|
||||
type = "EF00";
|
||||
content = {
|
||||
type = "filesystem";
|
||||
format = "vfat";
|
||||
mountpoint = "/boot";
|
||||
};
|
||||
};
|
||||
root = {
|
||||
size = "100%";
|
||||
content = {
|
||||
type = "btrfs";
|
||||
extraArgs = [ "-f" ]; # Override existing partition
|
||||
# Subvolumes must set a mountpoint in order to be mounted,
|
||||
# unless their parent is mounted
|
||||
subvolumes = {
|
||||
# Subvolume name is different from mountpoint
|
||||
"/rootfs" = {
|
||||
mountpoint = "/";
|
||||
};
|
||||
# Subvolume name is the same as the mountpoint
|
||||
"/home" = {
|
||||
mountOptions = [ "compress=zstd" ];
|
||||
mountpoint = "/home";
|
||||
};
|
||||
# Sub(sub)volume doesn't need a mountpoint as its parent is mounted
|
||||
"/home/user" = { };
|
||||
# Parent is not mounted so the mountpoint must be set
|
||||
"/nix" = {
|
||||
mountOptions = [ "compress=zstd" "noatime" ];
|
||||
mountpoint = "/nix";
|
||||
};
|
||||
};
|
||||
|
||||
mountpoint = "/partition-root";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
1
.envrc
1
.envrc
|
@ -1,3 +1,2 @@
|
|||
use nix
|
||||
export SOPS_AGE_KEY_FILE="$(expand_path ./age.key)"
|
||||
export VAULT_ADDR="http://10.1.1.61:8200"
|
||||
|
|
222
.forgejo/actions/update-flake-lock/action.yml
Normal file
222
.forgejo/actions/update-flake-lock/action.yml
Normal file
|
@ -0,0 +1,222 @@
|
|||
name: "Update Nix Flake Lock"
|
||||
description: "Update your Nix flake.lock and send a PR"
|
||||
inputs:
|
||||
inputs:
|
||||
description: "A space-separated list of inputs to update. Leave empty to update all inputs."
|
||||
required: false
|
||||
default: ""
|
||||
token:
|
||||
description: "GITHUB_TOKEN or a `repo` scoped Personal Access Token (PAT)"
|
||||
required: false
|
||||
default: ${{ github.token }}
|
||||
commit-msg:
|
||||
description: "The message provided with the commit"
|
||||
required: false
|
||||
default: "flake.lock: Update"
|
||||
base:
|
||||
description: "Sets the pull request base branch. Defaults to the branch checked out in the workflow."
|
||||
required: false
|
||||
branch:
|
||||
description: "The branch of the PR to be created"
|
||||
required: false
|
||||
default: "update_flake_lock_action"
|
||||
path-to-flake-dir:
|
||||
description: "The path of the directory containing `flake.nix` file within your repository. Useful when `flake.nix` cannot reside at the root of your repository."
|
||||
required: false
|
||||
pr-title:
|
||||
description: "The title of the PR to be created"
|
||||
required: false
|
||||
default: "flake.lock: Update"
|
||||
pr-body:
|
||||
description: "The body of the PR to be created"
|
||||
required: false
|
||||
default: |
|
||||
Automated changes by the [update-flake-lock](https://github.com/DeterminateSystems/update-flake-lock) GitHub Action.
|
||||
|
||||
```
|
||||
{{ env.GIT_COMMIT_MESSAGE }}
|
||||
```
|
||||
|
||||
### Running GitHub Actions on this PR
|
||||
|
||||
GitHub Actions will not run workflows on pull requests which are opened by a GitHub Action.
|
||||
|
||||
To run GitHub Actions workflows on this PR, run:
|
||||
|
||||
```sh
|
||||
git branch -D update_flake_lock_action
|
||||
git fetch origin
|
||||
git checkout update_flake_lock_action
|
||||
git commit --amend --no-edit
|
||||
git push origin update_flake_lock_action --force
|
||||
```
|
||||
|
||||
pr-labels:
|
||||
description: "A comma or newline separated list of labels to set on the Pull Request to be created"
|
||||
required: false
|
||||
default: ""
|
||||
pr-assignees:
|
||||
description: "A comma or newline separated list of assignees (GitHub usernames)."
|
||||
required: false
|
||||
default: ""
|
||||
pr-reviewers:
|
||||
description: "A comma or newline separated list of reviewers (GitHub usernames) to request a review from."
|
||||
required: false
|
||||
default: ""
|
||||
git-author-name:
|
||||
description: "Author name used for commit. Only used if sign-commits is false."
|
||||
required: false
|
||||
default: "github-actions[bot]"
|
||||
git-author-email:
|
||||
description: "Author email used for commit. Only used if sign-commits is false."
|
||||
required: false
|
||||
default: "github-actions[bot]@users.noreply.github.com"
|
||||
git-committer-name:
|
||||
description: "Committer name used for commit. Only used if sign-commits is false."
|
||||
required: false
|
||||
default: "github-actions[bot]"
|
||||
git-committer-email:
|
||||
description: "Committer email used for commit. Only used if sign-commits is false."
|
||||
required: false
|
||||
default: "github-actions[bot]@users.noreply.github.com"
|
||||
sign-commits:
|
||||
description: "Set to true if the action should sign the commit with GPG"
|
||||
required: false
|
||||
default: "false"
|
||||
gpg-private-key:
|
||||
description: "GPG Private Key with which to sign the commits in the PR to be created"
|
||||
required: false
|
||||
default: ""
|
||||
gpg-fingerprint:
|
||||
description: "Fingerprint of specific GPG subkey to use"
|
||||
required: false
|
||||
gpg-passphrase:
|
||||
description: "GPG Private Key Passphrase for the GPG Private Key with which to sign the commits in the PR to be created"
|
||||
required: false
|
||||
default: ""
|
||||
nix-options:
|
||||
description: "A space-separated list of options to pass to the nix command"
|
||||
required: false
|
||||
default: ""
|
||||
_internal-strict-mode:
|
||||
description: Whether to fail when any errors are thrown. Used only to test the Action; do not set this in your own workflows.
|
||||
required: false
|
||||
default: false
|
||||
outputs:
|
||||
pull-request-number:
|
||||
description: "The number of the opened pull request"
|
||||
value: ${{ steps.create-pr.outputs.pull-request-number }}
|
||||
pull-request-operation:
|
||||
description: "The pull request operation performed by the action, `created`, `updated` or `closed`."
|
||||
value: ${{ steps.create-pr.outputs.pull-request-operation }}
|
||||
runs:
|
||||
using: "composite"
|
||||
steps:
|
||||
- name: Import bot's GPG key for signing commits
|
||||
if: ${{ inputs.sign-commits == 'true' }}
|
||||
id: import-gpg
|
||||
uses: https://github.com/crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4 # v6.1.0
|
||||
with:
|
||||
gpg_private_key: ${{ inputs.gpg-private-key }}
|
||||
fingerprint: ${{ inputs.gpg-fingerprint }}
|
||||
passphrase: ${{ inputs.gpg-passphrase }}
|
||||
git_config_global: true
|
||||
git_user_signingkey: true
|
||||
git_commit_gpgsign: true
|
||||
- name: Set environment variables (signed commits)
|
||||
if: ${{ inputs.sign-commits == 'true' }}
|
||||
shell: bash
|
||||
env:
|
||||
GIT_AUTHOR_NAME: ${{ steps.import-gpg.outputs.name }}
|
||||
GIT_AUTHOR_EMAIL: ${{ steps.import-gpg.outputs.email }}
|
||||
GIT_COMMITTER_NAME: ${{ steps.import-gpg.outputs.name }}
|
||||
GIT_COMMITTER_EMAIL: ${{ steps.import-gpg.outputs.email }}
|
||||
TARGETS: ${{ inputs.inputs }}
|
||||
run: |
|
||||
echo "GIT_AUTHOR_NAME=$GIT_AUTHOR_NAME" >> $GITHUB_ENV
|
||||
echo "GIT_AUTHOR_EMAIL=<$GIT_AUTHOR_EMAIL>" >> $GITHUB_ENV
|
||||
echo "GIT_COMMITTER_NAME=$GIT_COMMITTER_NAME" >> $GITHUB_ENV
|
||||
echo "GIT_COMMITTER_EMAIL=<$GIT_COMMITTER_EMAIL>" >> $GITHUB_ENV
|
||||
- name: Set environment variables (unsigned commits)
|
||||
if: ${{ inputs.sign-commits != 'true' }}
|
||||
shell: bash
|
||||
run: |
|
||||
echo "GIT_AUTHOR_NAME=${{ inputs.git-author-name }}" >> $GITHUB_ENV
|
||||
echo "GIT_AUTHOR_EMAIL=<${{ inputs.git-author-email }}>" >> $GITHUB_ENV
|
||||
echo "GIT_COMMITTER_NAME=${{ inputs.git-committer-name }}" >> $GITHUB_ENV
|
||||
echo "GIT_COMMITTER_EMAIL=<${{ inputs.git-committer-email }}>" >> $GITHUB_ENV
|
||||
- name: Run update-flake-lock
|
||||
shell: bash
|
||||
run: node "$GITHUB_ACTION_PATH/dist/index.js"
|
||||
env:
|
||||
# The following manually exposes all of the action inputs into INPUT_ environment variables so actionsCore.getInput works:
|
||||
# https://github.com/actions/toolkit/blob/ae38557bb0dba824cdda26ce787bd6b66cf07a83/packages/core/src/core.ts#L126
|
||||
INPUT_BASE: ${{ inputs.base }}
|
||||
INPUT_BRANCH: ${{ inputs.branch }}
|
||||
INPUT_COMMIT-MSG: ${{ inputs.commit-msg }}
|
||||
INPUT_GIT-AUTHOR-EMAIL: ${{ inputs.git-author-email }}
|
||||
INPUT_GIT-AUTHOR-NAME: ${{ inputs.git-author-name }}
|
||||
INPUT_GIT-COMMITTER-EMAIL: ${{ inputs.git-committer-email }}
|
||||
INPUT_GIT-COMMITTER-NAME: ${{ inputs.git-committer-name }}
|
||||
INPUT_GPG-FINGERPRINT: ${{ inputs.gpg-fingerprint }}
|
||||
INPUT_GPG-PASSPHRASE: ${{ inputs.gpg-passphrase }}
|
||||
INPUT_GPG-PRIVATE-KEY: ${{ inputs.gpg-private-key }}
|
||||
INPUT_INPUTS: ${{ inputs.inputs }}
|
||||
INPUT_NIX-OPTIONS: ${{ inputs.nix-options }}
|
||||
INPUT_PATH-TO-FLAKE-DIR: ${{ inputs.path-to-flake-dir }}
|
||||
INPUT_PR-ASSIGNEES: ${{ inputs.pr-assignees }}
|
||||
INPUT_PR-BODY: ${{ inputs.pr-body }}
|
||||
INPUT_PR-LABELS: ${{ inputs.pr-labels }}
|
||||
INPUT_PR-REVIEWERS: ${{ inputs.pr-reviewers }}
|
||||
INPUT_PR-TITLE: ${{ inputs.pr-title }}
|
||||
INPUT_PULL-REQUEST-NUMBER: ${{ inputs.pull-request-number }}
|
||||
INPUT_PULL-REQUEST-OPERATION: ${{ inputs.pull-request-operation }}
|
||||
INPUT_SIGN-COMMITS: ${{ inputs.sign-commits }}
|
||||
INPUT_TOKEN: ${{ inputs.token }}
|
||||
INPUT__INTERNAL-STRICT-MODE: ${{ inputs._internal-strict-mode }}
|
||||
- name: Save PR Body as file
|
||||
uses: https://github.com/DamianReeves/write-file-action@v1.3
|
||||
with:
|
||||
path: pr_body.template
|
||||
contents: ${{ inputs.pr-body }}
|
||||
env: {}
|
||||
- name: Set additional env variables (GIT_COMMIT_MESSAGE)
|
||||
shell: bash
|
||||
run: |
|
||||
DELIMITER=$(dd if=/dev/urandom bs=15 count=1 status=none | base64)
|
||||
COMMIT_MESSAGE="$(git log --format=%b -n 1)"
|
||||
echo "GIT_COMMIT_MESSAGE<<$DELIMITER" >> $GITHUB_ENV
|
||||
echo "$COMMIT_MESSAGE" >> $GITHUB_ENV
|
||||
echo "$DELIMITER" >> $GITHUB_ENV
|
||||
echo "GIT_COMMIT_MESSAGE is: ${COMMIT_MESSAGE}"
|
||||
- name: Interpolate PR Body
|
||||
uses: pedrolamas/handlebars-action@2995d7eadacbc8f2f6ab8431a01d84a5fa3b8bb4 # v2.4.0
|
||||
with:
|
||||
files: "pr_body.template"
|
||||
output-filename: "pr_body.txt"
|
||||
- name: Read pr_body.txt
|
||||
id: pr_body
|
||||
uses: juliangruber/read-file-action@v1
|
||||
with:
|
||||
path: "pr_body.txt"
|
||||
# We need to remove the pr_body files so that the
|
||||
# peter-evans/create-pull-request action does not commit it (the
|
||||
# action commits all new and modified files).
|
||||
- name: Remove PR body template files
|
||||
shell: bash
|
||||
run: rm -f pr_body.txt pr_body.template
|
||||
- name: Create PR
|
||||
id: create-pr
|
||||
uses: https://github.com/peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e # v6.0.5
|
||||
with:
|
||||
base: ${{ inputs.base }}
|
||||
branch: ${{ inputs.branch }}
|
||||
delete-branch: true
|
||||
committer: ${{ env.GIT_COMMITTER_NAME }} ${{ env.GIT_COMMITTER_EMAIL }}
|
||||
author: ${{ env.GIT_AUTHOR_NAME }} ${{ env.GIT_AUTHOR_EMAIL }}
|
||||
title: ${{ inputs.pr-title }}
|
||||
token: ${{ inputs.token }}
|
||||
assignees: ${{ inputs.pr-assignees }}
|
||||
labels: ${{ inputs.pr-labels }}
|
||||
reviewers: ${{ inputs.pr-reviewers }}
|
||||
body: ${{ steps.pr_body.outputs.content }}
|
2
.forgejo/actions/update-flake-lock/dist/index.d.ts
vendored
Normal file
2
.forgejo/actions/update-flake-lock/dist/index.d.ts
vendored
Normal file
|
@ -0,0 +1,2 @@
|
|||
|
||||
export { }
|
95155
.forgejo/actions/update-flake-lock/dist/index.js
vendored
Normal file
95155
.forgejo/actions/update-flake-lock/dist/index.js
vendored
Normal file
File diff suppressed because one or more lines are too long
1
.forgejo/actions/update-flake-lock/dist/index.js.map
vendored
Normal file
1
.forgejo/actions/update-flake-lock/dist/index.js.map
vendored
Normal file
File diff suppressed because one or more lines are too long
3
.forgejo/actions/update-flake-lock/dist/package.json
vendored
Normal file
3
.forgejo/actions/update-flake-lock/dist/package.json
vendored
Normal file
|
@ -0,0 +1,3 @@
|
|||
{
|
||||
"type": "module"
|
||||
}
|
|
@ -1,13 +1,13 @@
|
|||
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
|
||||
name: "Build"
|
||||
on:
|
||||
pull_request:
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
paths:
|
||||
- ".forgejo/workflows/build.yaml"
|
||||
- "flake.lock"
|
||||
workflow_dispatch:
|
||||
|
||||
concurrency:
|
||||
group: ${{ github.workflow }}-${{ github.event.number || github.ref }}
|
||||
|
@ -20,14 +20,14 @@ jobs:
|
|||
fail-fast: false
|
||||
matrix:
|
||||
include:
|
||||
- system: varda
|
||||
os: native-aarch64
|
||||
- system: telchar
|
||||
os: native-x86_64
|
||||
- system: gandalf
|
||||
os: native-x86_64
|
||||
- system: telperion
|
||||
os: native-x86_64
|
||||
- system: shadowfax
|
||||
os: native-x86_64
|
||||
# - system: varda
|
||||
# os: native-x86_64
|
||||
runs-on: ${{ matrix.os }}
|
||||
env:
|
||||
PATH: ${{ format('{0}:{1}', '/run/current-system/sw/bin', env.PATH) }}
|
||||
|
@ -46,8 +46,55 @@ jobs:
|
|||
- name: Garbage collect build dependencies
|
||||
run: nix-collect-garbage
|
||||
|
||||
- name: Build previous ${{ matrix.system }} system
|
||||
shell: bash
|
||||
run: |
|
||||
nix build git+https://git.hsn.dev/jahanson/mochi#top.${{ matrix.system }} \
|
||||
-v --log-format raw --profile ./profile
|
||||
- name: Build new ${{ matrix.system }} system
|
||||
shell: bash
|
||||
run: |
|
||||
nix build ".#top.${{ matrix.system }}" --profile ./profile --fallback -v \
|
||||
> >(tee stdout.log) 2> >(tee /tmp/nix-build-err.log >&2)
|
||||
- name: Check for build failure
|
||||
if: failure()
|
||||
run: |
|
||||
drv=$(grep "For full logs, run" /tmp/nix-build-err.log | grep -oE "/nix/store/.*.drv")
|
||||
if [ -n $drv ]; then
|
||||
nix log $drv
|
||||
echo $drv
|
||||
fi
|
||||
exit 1
|
||||
- name: Diff profile
|
||||
id: diff
|
||||
run: |
|
||||
nix profile diff-closures --profile ./profile
|
||||
delimiter="$(openssl rand -hex 16)"
|
||||
echo "diff<<${delimiter}" >> "${GITHUB_OUTPUT}"
|
||||
nix profile diff-closures --profile ./profile | perl -pe 's/\e\[[0-9;]*m(?:\e\[K)?//g' >> "${GITHUB_OUTPUT}"
|
||||
echo "${delimiter}" >> "${GITHUB_OUTPUT}"
|
||||
- name: Comment report in pr
|
||||
uses: https://github.com/marocchino/sticky-pull-request-comment@v2
|
||||
with:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
header: ".#top.${{ matrix.system }}"
|
||||
message: |
|
||||
### Report for `${{ matrix.system }}`
|
||||
|
||||
<summary> Version changes </summary> <br>
|
||||
<pre> ${{ steps.diff.outputs.diff }} </pre>
|
||||
# - name: Push to Cachix
|
||||
# if: success()
|
||||
# env:
|
||||
# CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
|
||||
# run: nix build ".#top.${{ matrix.system }}" --json | jq -r .[].drvPath | cachix push hsndev
|
||||
nix-build-success:
|
||||
if: ${{ always() }}
|
||||
needs:
|
||||
- nix-build
|
||||
name: Nix Build Successful
|
||||
runs-on: docker
|
||||
steps:
|
||||
- if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }}
|
||||
name: Check matrix status
|
||||
run: exit 1
|
||||
|
|
28
.forgejo/workflows/update_lock.yaml
Normal file
28
.forgejo/workflows/update_lock.yaml
Normal file
|
@ -0,0 +1,28 @@
|
|||
name: update-flake-lock
|
||||
on:
|
||||
# workflow_dispatch: # allows manual triggering
|
||||
schedule:
|
||||
- cron: '0 0 * * *' # daily at midnight
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
paths:
|
||||
- ".forgejo/workflows/update_lock.yaml"
|
||||
|
||||
jobs:
|
||||
lockfile:
|
||||
runs-on: docker
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: https://github.com/actions/checkout@v4
|
||||
- name: Install Nix
|
||||
uses: https://github.com/DeterminateSystems/nix-installer-action@main
|
||||
- name: Update flake.lock
|
||||
uses: ./.forgejo/actions/update-flake-lock
|
||||
with:
|
||||
pr-title: "Update flake.lock" # Title of PR to be created
|
||||
pr-labels: | # Labels to be set on the PR
|
||||
dependencies
|
||||
automated
|
||||
inputs: nixpkgs nixpkgs-unstable
|
||||
|
4
.gitignore
vendored
4
.gitignore
vendored
|
@ -1,12 +1,8 @@
|
|||
**/*.tmp.sops.yaml
|
||||
**/*.sops.tmp.yaml
|
||||
**/*sync-conflict*
|
||||
age.key
|
||||
result*
|
||||
.direnv
|
||||
.kube
|
||||
.github
|
||||
.profile
|
||||
.idea
|
||||
.secrets
|
||||
.op
|
||||
|
|
|
@ -36,4 +36,3 @@ repos:
|
|||
- id: sops-encryption
|
||||
# Uncomment to exclude all markdown files from encryption
|
||||
# exclude: *.\.md
|
||||
files: .*secrets.*
|
||||
|
|
|
@ -1,4 +0,0 @@
|
|||
{
|
||||
"quoteProps": "preserve",
|
||||
"trailingComma": "none"
|
||||
}
|
|
@ -15,10 +15,9 @@ keys:
|
|||
- &durincore age1d9p83j52m2xg0vh9k7q0uwlxwhs3y6tlv68yg9s2h9mdw2fmmsqshddz5m
|
||||
- &gandalf age1m83ups8xn2jy4ayr8gw0pyn34smr0huqc5v76e4887az4vsl4yzsj0dlhd
|
||||
- &legiondary age1lp6rrlvmytp9ka6q89m0e0am26222kwrn7aqd45hu07s3a6jv3gqty86eu
|
||||
- &shadowfax age1e4sd6jjd4uxxsh9xmhdsnu6mqd5h8c4zz4gwme7lkw9ee949fc9q4px9df
|
||||
- &telchar age19jm7uuam7gkacm3kh2v7uqgkvmmx0slmm9zwdjhd2ln9r60xzd7qh78c5a
|
||||
- &telperion age1nwnqxjuaxlt5g7fe8rnspvn2c36uuef4hzwuwa6cfjfalz2lrd4q4n5fpl
|
||||
- &varda age1a8z3p24v32l9yxm5z2l8h7rpc3nhacyfv4jvetk2lenrvsdstd3sdu2kaf
|
||||
- &telchar age1vsqx6kukrfhrwdy4sujnra5gsswzuh0cfcfdh0d9qjrkts8hl5aqnjx32m
|
||||
|
||||
|
||||
creation_rules:
|
||||
|
@ -29,7 +28,6 @@ creation_rules:
|
|||
- *gandalf
|
||||
- *jahanson
|
||||
- *legiondary
|
||||
- *shadowfax
|
||||
- *telchar
|
||||
- *telperion
|
||||
- *varda
|
||||
|
|
46
.vscode/nixmodule.code-snippets
vendored
46
.vscode/nixmodule.code-snippets
vendored
|
@ -1,46 +0,0 @@
|
|||
{
|
||||
// If scope is left empty or omitted, the snippet gets applied to all languages. The prefix is what is
|
||||
// used to trigger the snippet and the body will be expanded and inserted. Possible variables are:
|
||||
// $1, $2 for tab stops, $0 for the final cursor position, and ${1:label}, ${2:another} for placeholders.
|
||||
// Placeholders with the same ids are connected.
|
||||
"Nix Module with Enable Option": {
|
||||
"scope": "nix",
|
||||
"prefix": "nixmodule",
|
||||
"body": [
|
||||
"{ config, lib, pkgs, ... }:",
|
||||
"let",
|
||||
" cfg = config.mySystem.${1:moduleName};",
|
||||
"in",
|
||||
"{",
|
||||
" options.mySystem.${1:moduleName} = {",
|
||||
" enable = lib.mkEnableOption \"${2:Description of the module}\";",
|
||||
" };",
|
||||
"",
|
||||
" config = lib.mkIf cfg.enable {",
|
||||
" $0",
|
||||
" };",
|
||||
"}"
|
||||
],
|
||||
"description": "Creates a blank Nix module with an enable option"
|
||||
},
|
||||
"Nix Home Manager Module with Enable Option": {
|
||||
"scope": "nix",
|
||||
"prefix": "nixmodule-homemanager",
|
||||
"body": [
|
||||
"{ config, lib, pkgs, ... }:",
|
||||
"let",
|
||||
" cfg = config.myHome.programs.${1:moduleName};",
|
||||
"in",
|
||||
"{",
|
||||
" options.myHome.programs.${1:moduleName} = {",
|
||||
" enable = lib.mkEnableOption \"${2:Description of the module}\";",
|
||||
" };",
|
||||
"",
|
||||
" config = lib.mkIf cfg.enable {",
|
||||
" $0",
|
||||
" };",
|
||||
"}"
|
||||
],
|
||||
"description": "Creates a blank Nix module with an enable option"
|
||||
}
|
||||
}
|
46
.vscode/settings.json
vendored
46
.vscode/settings.json
vendored
|
@ -1,40 +1,10 @@
|
|||
{
|
||||
"editor.fontFamily": "FiraCode Nerd Font",
|
||||
"files.associations": {
|
||||
"*.json5": "jsonc",
|
||||
},
|
||||
"editor.hover.delay": 1500,
|
||||
"editor.bracketPairColorization.enabled": true,
|
||||
"editor.guides.bracketPairs": true,
|
||||
"editor.guides.bracketPairsHorizontal": true,
|
||||
"editor.guides.highlightActiveBracketPair": true,
|
||||
"files.trimTrailingWhitespace": true,
|
||||
"sops.defaults.ageKeyFile": "/home/jahanson/projects/mochi/age.key",
|
||||
"nix.enableLanguageServer": true,
|
||||
"nix.serverPath": "/home/jahanson/.nix-profile/bin/nil",
|
||||
"nix.formatterPath": "/home/jahanson/.nix-profile/bin/nixfmt",
|
||||
"nix.serverSettings": {
|
||||
"nil": {
|
||||
"formatting": {
|
||||
"command": ["nixfmt"]
|
||||
},
|
||||
"diagnostics": {
|
||||
"ignored": [],
|
||||
"excludedFiles": []
|
||||
},
|
||||
},
|
||||
"nix": {
|
||||
"binary": "/nix/var/nix/profiles/default/bin/nix",
|
||||
"maxMemoryMB": null, // disable memory limit
|
||||
"flake": {
|
||||
"autoEvalInputs": true,
|
||||
"autoArchive": true,
|
||||
"nixpkgsInputName": "nixpkgs"
|
||||
}
|
||||
}
|
||||
},
|
||||
"[jsonc]": {
|
||||
"editor.defaultFormatter": "esbenp.prettier-vscode"
|
||||
},
|
||||
"sops.binPath": "/home/jahanson/.nix-profile/bin/sops"
|
||||
"editor.fontFamily": "FiraCode Nerd Font",
|
||||
"editor.hover.delay": 1500,
|
||||
"editor.bracketPairColorization.enabled": true,
|
||||
"editor.guides.bracketPairs": true,
|
||||
"editor.guides.bracketPairsHorizontal": true,
|
||||
"editor.guides.highlightActiveBracketPair": true,
|
||||
"files.trimTrailingWhitespace": true,
|
||||
"sops.defaults.ageKeyFile": "age.key",
|
||||
}
|
||||
|
|
354
flake.lock
354
flake.lock
|
@ -24,11 +24,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1732221404,
|
||||
"narHash": "sha256-fWTyjgGt+BHmkeJ5IxOR4zGF4/uc+ceWmhBjOBSVkgQ=",
|
||||
"lastModified": 1722821805,
|
||||
"narHash": "sha256-FGrUPUD+LMDwJsYyNSxNIzFMldtCm8wXiQuyL2PHSrM=",
|
||||
"owner": "nix-community",
|
||||
"repo": "disko",
|
||||
"rev": "97c0c4d7072f19b598ed332e9f7f8ad562c6885b",
|
||||
"rev": "0257e44f4ad472b54f19a6dd1615aee7fa48ed49",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -64,11 +64,11 @@
|
|||
"flake-compat": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1673956053,
|
||||
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
|
||||
"lastModified": 1696426674,
|
||||
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
|
||||
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -98,11 +98,11 @@
|
|||
"nixpkgs-lib": "nixpkgs-lib"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1730504689,
|
||||
"narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=",
|
||||
"lastModified": 1719994518,
|
||||
"narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=",
|
||||
"owner": "hercules-ci",
|
||||
"repo": "flake-parts",
|
||||
"rev": "506278e768c2a08bec68eb62932193e341f55c90",
|
||||
"rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -116,11 +116,11 @@
|
|||
"systems": "systems"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1710146030,
|
||||
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
|
||||
"lastModified": 1705309234,
|
||||
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
|
||||
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -152,11 +152,11 @@
|
|||
"systems": "systems_3"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1681202837,
|
||||
"narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
|
||||
"lastModified": 1705309234,
|
||||
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "cfacdce06f30d2b68473a46042957675eebb3401",
|
||||
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -188,11 +188,11 @@
|
|||
"systems": "systems_5"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1681202837,
|
||||
"narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
|
||||
"lastModified": 1710146030,
|
||||
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "cfacdce06f30d2b68473a46042957675eebb3401",
|
||||
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -216,6 +216,49 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"ghostty": {
|
||||
"inputs": {
|
||||
"nixpkgs-stable": "nixpkgs-stable",
|
||||
"nixpkgs-unstable": "nixpkgs-unstable",
|
||||
"zig": "zig",
|
||||
"zls": "zls"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1723168569,
|
||||
"narHash": "sha256-VTo/HNmYQ1ctAzdCOvtInQf9grhSuRLGA8FGP/4pVew=",
|
||||
"ref": "refs/heads/main",
|
||||
"rev": "33d9c043ef828b062865f42db551d6ddc48e2def",
|
||||
"revCount": 6848,
|
||||
"type": "git",
|
||||
"url": "ssh://git@github.com/ghostty-org/ghostty"
|
||||
},
|
||||
"original": {
|
||||
"type": "git",
|
||||
"url": "ssh://git@github.com/ghostty-org/ghostty"
|
||||
}
|
||||
},
|
||||
"gitignore": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"ghostty",
|
||||
"zls",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1709087332,
|
||||
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
|
||||
"owner": "hercules-ci",
|
||||
"repo": "gitignore.nix",
|
||||
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "hercules-ci",
|
||||
"repo": "gitignore.nix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"home-manager": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
|
@ -223,27 +266,27 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1731880681,
|
||||
"narHash": "sha256-FmYTkIyPBUxSWgA7DPIVTsCCMvSSbs56yOtHpLNSnKg=",
|
||||
"lastModified": 1720042825,
|
||||
"narHash": "sha256-A0vrUB6x82/jvf17qPCpxaM+ulJnD8YZwH9Ci0BsAzE=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "aecd341dfead1c3ef7a3c15468ecd71e8343b7c6",
|
||||
"rev": "e1391fb22e18a36f57e6999c7a9f966dc80ac073",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"ref": "release-24.11",
|
||||
"ref": "release-24.05",
|
||||
"repo": "home-manager",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"impermanence": {
|
||||
"locked": {
|
||||
"lastModified": 1731242966,
|
||||
"narHash": "sha256-B3C3JLbGw0FtLSWCjBxU961gLNv+BOOBC6WvstKLYMw=",
|
||||
"lastModified": 1719091691,
|
||||
"narHash": "sha256-AxaLX5cBEcGtE02PeGsfscSb/fWMnyS7zMWBXQWDKbE=",
|
||||
"owner": "nix-community",
|
||||
"repo": "impermanence",
|
||||
"rev": "3ed3f0eaae9fcc0a8331e77e9319c8a4abd8a71a",
|
||||
"rev": "23c1f06316b67cb5dabdfe2973da3785cfe9c34a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -252,26 +295,16 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"krewfile": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"langref": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1727979884,
|
||||
"narHash": "sha256-nLS37EhKi/ru+0HimB0EIXYpJCxaE/7bVHUHNvHDEoE=",
|
||||
"owner": "ajgon",
|
||||
"repo": "krewfile",
|
||||
"rev": "1821efaad07ad3925d68210f57e0b73bce57d317",
|
||||
"type": "github"
|
||||
"narHash": "sha256-O6p2tiKD8ZMhSX+DeA/o5hhAvcPkU2J9lFys/r11peY=",
|
||||
"type": "file",
|
||||
"url": "https://raw.githubusercontent.com/ziglang/zig/0fb2015fd3422fc1df364995f9782dfe7255eccd/doc/langref.html.in"
|
||||
},
|
||||
"original": {
|
||||
"owner": "ajgon",
|
||||
"ref": "feat/indexes",
|
||||
"repo": "krewfile",
|
||||
"type": "github"
|
||||
"type": "file",
|
||||
"url": "https://raw.githubusercontent.com/ziglang/zig/0fb2015fd3422fc1df364995f9782dfe7255eccd/doc/langref.html.in"
|
||||
}
|
||||
},
|
||||
"lix": {
|
||||
|
@ -290,7 +323,7 @@
|
|||
},
|
||||
"lix-module": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils_2",
|
||||
"flake-utils": "flake-utils_4",
|
||||
"flakey-profile": "flakey-profile",
|
||||
"lix": "lix",
|
||||
"nixpkgs": [
|
||||
|
@ -302,7 +335,7 @@
|
|||
"narHash": "sha256-zNW/rqNJwhq2lYmQf19wJerRuNimjhxHKmzrWWFJYts=",
|
||||
"rev": "622a2253a071a1fb97a4d3c8103a91114acc1140",
|
||||
"type": "tarball",
|
||||
"url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/622a2253a071a1fb97a4d3c8103a91114acc1140.tar.gz"
|
||||
"url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/622a2253a071a1fb97a4d3c8103a91114acc1140.tar.gz?rev=622a2253a071a1fb97a4d3c8103a91114acc1140"
|
||||
},
|
||||
"original": {
|
||||
"type": "tarball",
|
||||
|
@ -359,11 +392,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1731814505,
|
||||
"narHash": "sha256-l9ryrx1Twh08a+gxrMGM9O/aZKEimZfa6sZVyPCImgI=",
|
||||
"lastModified": 1722740924,
|
||||
"narHash": "sha256-UQPgA5d8azLZuDHZMPmvDszhuKF1Ek89SrTRtqsQ4Ss=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nix-index-database",
|
||||
"rev": "bdba246946fb079b87b4cada4df9b1cdf1c06132",
|
||||
"rev": "97ca0a0fca0391de835f57e44f369a283e37890f",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -394,42 +427,20 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nix-minecraft": {
|
||||
"inputs": {
|
||||
"flake-compat": "flake-compat",
|
||||
"flake-utils": "flake-utils_3",
|
||||
"nixpkgs": [
|
||||
"nixpkgs-unstable"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1732153840,
|
||||
"narHash": "sha256-lt8Gdx6TNheby/9lRNE1GMP3vkdpLaXmyHQk+ZvYNAY=",
|
||||
"owner": "Infinidoge",
|
||||
"repo": "nix-minecraft",
|
||||
"rev": "8325d463c1c424f2e6edeef2010c0d902a37b3d3",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "Infinidoge",
|
||||
"repo": "nix-minecraft",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nix-vscode-extensions": {
|
||||
"inputs": {
|
||||
"flake-compat": "flake-compat_2",
|
||||
"flake-utils": "flake-utils_4",
|
||||
"flake-utils": "flake-utils_5",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1732153985,
|
||||
"narHash": "sha256-libOsvOEQjHhlNEVPuG+i4OY5NyO301RZCxYovsVtrc=",
|
||||
"lastModified": 1722907736,
|
||||
"narHash": "sha256-drU5kbx9EtTqg7rXc6ni0LZuZQy7l/wVgsQ8PSYl5Qw=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nix-vscode-extensions",
|
||||
"rev": "c53c9d319e51deb97fb9a82001952c4efa74cba7",
|
||||
"rev": "b3c49142939ba6072cb8bdd6109e36d1b70a055a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -440,11 +451,11 @@
|
|||
},
|
||||
"nixos-hardware": {
|
||||
"locked": {
|
||||
"lastModified": 1731797098,
|
||||
"narHash": "sha256-UhWmEZhwJZmVZ1jfHZFzCg+ZLO9Tb/v3Y6LC0UNyeTo=",
|
||||
"lastModified": 1722332872,
|
||||
"narHash": "sha256-2xLM4sc5QBfi0U/AANJAW21Bj4ZX479MHPMPkB+eKBU=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixos-hardware",
|
||||
"rev": "672ac2ac86f7dff2f6f3406405bddecf960e0db6",
|
||||
"rev": "14c333162ba53c02853add87a0000cbd7aa230c2",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -456,30 +467,30 @@
|
|||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1731755305,
|
||||
"narHash": "sha256-v5P3dk5JdiT+4x69ZaB18B8+Rcu3TIOrcdG4uEX7WZ8=",
|
||||
"lastModified": 1723688146,
|
||||
"narHash": "sha256-sqLwJcHYeWLOeP/XoLwAtYjr01TISlkOfz+NG82pbdg=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "057f63b6dc1a2c67301286152eb5af20747a9cb4",
|
||||
"rev": "c3d4ac725177c030b1e289015989da2ad9d56af0",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nixos",
|
||||
"ref": "nixos-24.11",
|
||||
"ref": "nixos-24.05",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-lib": {
|
||||
"locked": {
|
||||
"lastModified": 1730504152,
|
||||
"narHash": "sha256-lXvH/vOfb4aGYyvFmZK/HlsNsr/0CVWlwYvo2rxJk3s=",
|
||||
"lastModified": 1719876945,
|
||||
"narHash": "sha256-Fm2rDDs86sHy0/1jxTOKB1118Q0O3Uc7EC0iXvXKpbI=",
|
||||
"type": "tarball",
|
||||
"url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz"
|
||||
"url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz"
|
||||
},
|
||||
"original": {
|
||||
"type": "tarball",
|
||||
"url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz"
|
||||
"url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz"
|
||||
}
|
||||
},
|
||||
"nixpkgs-ovmf": {
|
||||
|
@ -498,13 +509,61 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-unstable": {
|
||||
"nixpkgs-stable": {
|
||||
"locked": {
|
||||
"lastModified": 1732014248,
|
||||
"narHash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=",
|
||||
"lastModified": 1705957679,
|
||||
"narHash": "sha256-Q8LJaVZGJ9wo33wBafvZSzapYsjOaNjP/pOnSiKVGHY=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "23e89b7da85c3640bbc2173fe04f4bd114342367",
|
||||
"rev": "9a333eaa80901efe01df07eade2c16d183761fa3",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nixos",
|
||||
"ref": "release-23.05",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-stable_2": {
|
||||
"locked": {
|
||||
"lastModified": 1721524707,
|
||||
"narHash": "sha256-5NctRsoE54N86nWd0psae70YSLfrOek3Kv1e8KoXe/0=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "556533a23879fc7e5f98dd2e0b31a6911a213171",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "release-24.05",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-unstable": {
|
||||
"locked": {
|
||||
"lastModified": 1719082008,
|
||||
"narHash": "sha256-jHJSUH619zBQ6WdC21fFAlDxHErKVDJ5fpN0Hgx4sjs=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "9693852a2070b398ee123a329e68f0dab5526681",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nixos",
|
||||
"ref": "nixpkgs-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-unstable_2": {
|
||||
"locked": {
|
||||
"lastModified": 1723637854,
|
||||
"narHash": "sha256-med8+5DSWa2UnOqtdICndjDAEjxr5D7zaIiK4pn0Q7c=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "c3aa7b8938b17aebd2deecf7be0636000d62a2b9",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -514,20 +573,6 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_2": {
|
||||
"locked": {
|
||||
"lastModified": 1682134069,
|
||||
"narHash": "sha256-TnI/ZXSmRxQDt2sjRYK/8j8iha4B4zP2cnQCZZ3vp7k=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "fd901ef4bf93499374c5af385b2943f5801c0833",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"id": "nixpkgs",
|
||||
"type": "indirect"
|
||||
}
|
||||
},
|
||||
"nixvirt-git": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
|
@ -552,11 +597,11 @@
|
|||
},
|
||||
"nur": {
|
||||
"locked": {
|
||||
"lastModified": 1732220928,
|
||||
"narHash": "sha256-OOFqnjTax0132/mBsRpVD1QTMlZUCbVexKgKUVUxJNg=",
|
||||
"lastModified": 1722976219,
|
||||
"narHash": "sha256-ggIGbaqOP3N/+aezX3y4K0kbmrsYaJl/8ThC0Jq1it4=",
|
||||
"owner": "nix-community",
|
||||
"repo": "NUR",
|
||||
"rev": "8439fca0da7f67b331edcca08eb2a47249be72f4",
|
||||
"rev": "315c48e6c9acb95b4af6492015d36ef1b7b99dfc",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -652,22 +697,20 @@
|
|||
"root": {
|
||||
"inputs": {
|
||||
"disko": "disko",
|
||||
"ghostty": "ghostty",
|
||||
"home-manager": "home-manager",
|
||||
"impermanence": "impermanence",
|
||||
"krewfile": "krewfile",
|
||||
"lix-module": "lix-module",
|
||||
"nix-index-database": "nix-index-database",
|
||||
"nix-inspect": "nix-inspect",
|
||||
"nix-minecraft": "nix-minecraft",
|
||||
"nix-vscode-extensions": "nix-vscode-extensions",
|
||||
"nixos-hardware": "nixos-hardware",
|
||||
"nixpkgs": "nixpkgs",
|
||||
"nixpkgs-unstable": "nixpkgs-unstable",
|
||||
"nixpkgs-unstable": "nixpkgs-unstable_2",
|
||||
"nixvirt-git": "nixvirt-git",
|
||||
"nur": "nur",
|
||||
"sops-nix": "sops-nix",
|
||||
"talhelper": "talhelper",
|
||||
"vscode-server": "vscode-server"
|
||||
"talhelper": "talhelper"
|
||||
}
|
||||
},
|
||||
"rust-overlay": {
|
||||
|
@ -714,14 +757,15 @@
|
|||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
],
|
||||
"nixpkgs-stable": "nixpkgs-stable_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1732186149,
|
||||
"narHash": "sha256-N9JGWe/T8BC0Tss2Cv30plvZUYoiRmykP7ZdY2on2b0=",
|
||||
"lastModified": 1722897572,
|
||||
"narHash": "sha256-3m/iyyjCdRBF8xyehf59QlckIcmShyTesymSb+N4Ap4=",
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"rev": "53c853fb1a7e4f25f68805ee25c83d5de18dc699",
|
||||
"rev": "8ae477955dfd9cbf5fa4eb82a8db8ddbb94e79d9",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -813,11 +857,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1732161983,
|
||||
"narHash": "sha256-HnM+3Dv/p4awf0zXffPpcg/v4RywuKiN4yA2t7W1CxE=",
|
||||
"lastModified": 1722917349,
|
||||
"narHash": "sha256-7ZFfvJJM0HTom12kQ60sLCTkmOt1Z2qqty4ddiqdP/I=",
|
||||
"owner": "budimanjojo",
|
||||
"repo": "talhelper",
|
||||
"rev": "94487e8cc82617dc9be8b50de94edd33ce1e56ad",
|
||||
"rev": "66d4ea8a347ef1e12fef466bbaf33a287ab5810d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -848,22 +892,78 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"vscode-server": {
|
||||
"zig": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils_5",
|
||||
"nixpkgs": "nixpkgs_2"
|
||||
"flake-compat": [
|
||||
"ghostty"
|
||||
],
|
||||
"flake-utils": "flake-utils",
|
||||
"nixpkgs": [
|
||||
"ghostty",
|
||||
"nixpkgs-stable"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1729422940,
|
||||
"narHash": "sha256-DlvJv33ml5UTKgu4b0HauOfFIoDx6QXtbqUF3vWeRCY=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixos-vscode-server",
|
||||
"rev": "8b6db451de46ecf9b4ab3d01ef76e59957ff549f",
|
||||
"lastModified": 1717848532,
|
||||
"narHash": "sha256-d+xIUvSTreHl8pAmU1fnmkfDTGQYCn2Rb/zOwByxS2M=",
|
||||
"owner": "mitchellh",
|
||||
"repo": "zig-overlay",
|
||||
"rev": "02fc5cc555fc14fda40c42d7c3250efa43812b43",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "nixos-vscode-server",
|
||||
"owner": "mitchellh",
|
||||
"repo": "zig-overlay",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"zig-overlay": {
|
||||
"inputs": {
|
||||
"flake-compat": "flake-compat",
|
||||
"flake-utils": "flake-utils_3",
|
||||
"nixpkgs": [
|
||||
"ghostty",
|
||||
"zls",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1718539737,
|
||||
"narHash": "sha256-hvQ900gSqzGnJWMRQwv65TixciIbC44iX0Nh5ENRwCU=",
|
||||
"owner": "mitchellh",
|
||||
"repo": "zig-overlay",
|
||||
"rev": "6eb42ce6f85d247b1aecf854c45d80902821d0ad",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "mitchellh",
|
||||
"repo": "zig-overlay",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"zls": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils_2",
|
||||
"gitignore": "gitignore",
|
||||
"langref": "langref",
|
||||
"nixpkgs": [
|
||||
"ghostty",
|
||||
"nixpkgs-stable"
|
||||
],
|
||||
"zig-overlay": "zig-overlay"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1718930611,
|
||||
"narHash": "sha256-FtfVhs6XHNfSQRQorrrz03nD0LCNp2FCnGllRntHBts=",
|
||||
"owner": "zigtools",
|
||||
"repo": "zls",
|
||||
"rev": "0b9746b60c2020ab948f6556f1c729858b82a0f0",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "zigtools",
|
||||
"ref": "master",
|
||||
"repo": "zls",
|
||||
"type": "github"
|
||||
}
|
||||
}
|
||||
|
|
93
flake.nix
93
flake.nix
|
@ -66,12 +66,12 @@
|
|||
};
|
||||
|
||||
# talhelper - A tool to help creating Talos kubernetes cluster
|
||||
# https://github.com/budimanjojo/talhelper
|
||||
talhelper = {
|
||||
url = "github:budimanjojo/talhelper";
|
||||
inputs.nixpkgs.follows = "nixpkgs-unstable";
|
||||
};
|
||||
|
||||
|
||||
# NixVirt for qemu & libvirt
|
||||
# https://github.com/AshleyYakeley/NixVirt
|
||||
nixvirt-git = {
|
||||
|
@ -79,25 +79,13 @@
|
|||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
|
||||
vscode-server.url = "github:nix-community/nixos-vscode-server";
|
||||
|
||||
# krewfile - Declarative krew plugin management
|
||||
krewfile = {
|
||||
# url = "github:brumhard/krewfile";
|
||||
url = "github:ajgon/krewfile?ref=feat/indexes";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
|
||||
# nix-minecraft - Minecraft server management
|
||||
# https://github.com/infinidoge/nix-minecraft
|
||||
nix-minecraft = {
|
||||
url = "github:Infinidoge/nix-minecraft";
|
||||
inputs.nixpkgs.follows = "nixpkgs-unstable";
|
||||
ghostty = {
|
||||
url = "git+ssh://git@github.com/ghostty-org/ghostty";
|
||||
};
|
||||
};
|
||||
|
||||
outputs =
|
||||
{ self, nixpkgs, sops-nix, home-manager, nix-vscode-extensions, impermanence, disko, talhelper, lix-module, vscode-server, krewfile, ... } @ inputs:
|
||||
{ self, nixpkgs, sops-nix, home-manager, nix-vscode-extensions, impermanence, disko, talhelper, lix-module, ghostty, ... } @ inputs:
|
||||
let
|
||||
forAllSystems = nixpkgs.lib.genAttrs [
|
||||
"aarch64-linux"
|
||||
|
@ -167,6 +155,60 @@
|
|||
};
|
||||
in
|
||||
{
|
||||
"durincore" = mkNixosConfig {
|
||||
# T470 Thinkpad Intel i7-6600U
|
||||
# Nix dev laptop
|
||||
hostname = "durincore";
|
||||
system = "x86_64-linux";
|
||||
hardwareModules = [
|
||||
./nixos/profiles/hw-thinkpad-t470.nix
|
||||
inputs.nixos-hardware.nixosModules.lenovo-thinkpad-t470s
|
||||
];
|
||||
profileModules = [
|
||||
./nixos/profiles/role-workstation.nix
|
||||
./nixos/profiles/role-dev.nix
|
||||
{ home-manager.users.jahanson = ./nixos/home/jahanson/workstation.nix; }
|
||||
];
|
||||
};
|
||||
|
||||
"legiondary" = mkNixosConfig {
|
||||
# Legion 15arh05h AMD/Nvidia Ryzen 7 4800H
|
||||
# Nix dev/gaming laptop
|
||||
hostname = "legiondary";
|
||||
system = "x86_64-linux";
|
||||
hardwareModules = [
|
||||
inputs.nixos-hardware.nixosModules.lenovo-legion-15arh05h
|
||||
./nixos/profiles/hw-legion-15arh05h.nix
|
||||
disko.nixosModules.disko
|
||||
(import ./nixos/profiles/disko-nixos.nix { disks = [ "/dev/nvme0n1" ]; })
|
||||
];
|
||||
profileModules = [
|
||||
./nixos/profiles/role-dev.nix
|
||||
./nixos/profiles/role-gaming.nix
|
||||
./nixos/profiles/role-workstation.nix
|
||||
{ home-manager.users.jahanson = ./nixos/home/jahanson/workstation.nix; }
|
||||
];
|
||||
};
|
||||
|
||||
"telchar" = mkNixosConfig {
|
||||
# Framework 16 Ryzen 7 7840HS - Radeon 780M Graphics
|
||||
# Nix dev laptop
|
||||
hostname = "telchar";
|
||||
system = "x86_64-linux";
|
||||
hardwareModules = [
|
||||
inputs.nixos-hardware.nixosModules.framework-16-7040-amd
|
||||
./nixos/profiles/hw-framework-16-7840hs.nix
|
||||
disko.nixosModules.disko
|
||||
(import ./nixos/profiles/disko-nixos.nix { disks = [ "/dev/nvme0n1" ]; })
|
||||
lix-module.nixosModules.default
|
||||
];
|
||||
profileModules = [
|
||||
./nixos/profiles/role-dev.nix
|
||||
./nixos/profiles/role-workstation.nix
|
||||
{ home-manager.users.jahanson = ./nixos/home/jahanson/workstation.nix; }
|
||||
];
|
||||
};
|
||||
|
||||
"varda" = mkNixosConfig {
|
||||
# Arm64 cax21 @ Hetzner
|
||||
# forgejo server
|
||||
|
@ -208,25 +250,6 @@
|
|||
./nixos/profiles/hw-supermicro.nix
|
||||
];
|
||||
profileModules = [
|
||||
vscode-server.nixosModules.default
|
||||
./nixos/profiles/role-dev.nix
|
||||
./nixos/profiles/role-server.nix
|
||||
{ home-manager.users.jahanson = ./nixos/home/jahanson/server.nix; }
|
||||
];
|
||||
};
|
||||
|
||||
"shadowfax" = mkNixosConfig {
|
||||
# Pro WS WRX80E-SAGE SE WIFI - AMD Ryzen Threadripper PRO 3955WX 16-Cores
|
||||
# Workloads server
|
||||
hostname = "shadowfax";
|
||||
system = "x86_64-linux";
|
||||
hardwareModules = [
|
||||
lix-module.nixosModules.default
|
||||
./nixos/profiles/hw-threadripperpro.nix
|
||||
];
|
||||
profileModules = [
|
||||
vscode-server.nixosModules.default
|
||||
./nixos/profiles/role-dev.nix
|
||||
./nixos/profiles/role-server.nix
|
||||
{ home-manager.users.jahanson = ./nixos/home/jahanson/server.nix; }
|
||||
];
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ pkgs, config, inputs, ... }:
|
||||
{ pkgs, config, ... }:
|
||||
with config;
|
||||
{
|
||||
imports = [
|
||||
|
@ -21,7 +21,6 @@ with config;
|
|||
};
|
||||
|
||||
home = {
|
||||
|
||||
# Install these packages for my user
|
||||
packages = with pkgs; [
|
||||
# misc
|
||||
|
@ -69,14 +68,9 @@ with config;
|
|||
# system tools
|
||||
sysstat
|
||||
lm_sensors # for `sensors` command
|
||||
ethtool # modify network interface settings or firmware
|
||||
ethtool
|
||||
pciutils # lspci
|
||||
usbutils # lsusb
|
||||
lshw # lshw
|
||||
|
||||
# filesystem tools
|
||||
gptfdisk # sgdisk
|
||||
|
||||
|
||||
# system call monitoring
|
||||
strace # system call monitoring
|
||||
|
@ -93,11 +87,6 @@ with config;
|
|||
|
||||
# nix tools
|
||||
nvd
|
||||
|
||||
# backup tools
|
||||
unstable.rclone
|
||||
unstable.restic
|
||||
|
||||
];
|
||||
};
|
||||
};
|
||||
|
|
|
@ -1,80 +1,53 @@
|
|||
{
|
||||
pkgs,
|
||||
inputs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
coderMainline = pkgs.coder.override { channel = "mainline"; };
|
||||
in
|
||||
{ pkgs, config, ... }:
|
||||
with config;
|
||||
{
|
||||
imports = [
|
||||
./global.nix
|
||||
inputs.krewfile.homeManagerModules.krewfile
|
||||
];
|
||||
config = {
|
||||
# Krewfile management
|
||||
programs.krewfile = {
|
||||
enable = true;
|
||||
krewPackage = pkgs.krew;
|
||||
indexes = {
|
||||
"netshoot" = "https://github.com/nilic/kubectl-netshoot.git";
|
||||
};
|
||||
plugins = [
|
||||
"netshoot/netshoot"
|
||||
"resource-capacity"
|
||||
"rook-ceph"
|
||||
];
|
||||
};
|
||||
|
||||
myHome = {
|
||||
programs.firefox.enable = true;
|
||||
programs.thunderbird.enable = true;
|
||||
shell = {
|
||||
wezterm.enable = true;
|
||||
myHome = {
|
||||
programs.firefox.enable = true;
|
||||
programs.thunderbird.enable = true;
|
||||
shell = {
|
||||
wezterm.enable = true;
|
||||
|
||||
git = {
|
||||
enable = true;
|
||||
username = "Joseph Hanson";
|
||||
email = "joe@veri.dev";
|
||||
signingKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIDSAmssproxG+KsVn2DfuteBAemHrmmAFzCtldpKl4J";
|
||||
};
|
||||
git = {
|
||||
enable = true;
|
||||
username = "Joseph Hanson";
|
||||
email = "joe@veri.dev";
|
||||
signingKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIDSAmssproxG+KsVn2DfuteBAemHrmmAFzCtldpKl4J";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
home = {
|
||||
# Install these packages for my user
|
||||
packages = with pkgs; [
|
||||
# apps
|
||||
home = {
|
||||
# Install these packages for my user
|
||||
packages = with pkgs;
|
||||
[
|
||||
#apps
|
||||
discord
|
||||
flameshot
|
||||
jetbrains.datagrip
|
||||
obsidian
|
||||
parsec-bin
|
||||
solaar # open source manager for logitech unifying receivers
|
||||
unstable.bruno
|
||||
# unstable.fractal
|
||||
unstable.httpie
|
||||
unstable.jetbrains.datagrip
|
||||
unstable.jetbrains.rust-rover
|
||||
unstable.seabird
|
||||
unstable.talosctl # overlay override
|
||||
solaar
|
||||
talosctl
|
||||
termius
|
||||
unstable.fractal
|
||||
unstable.peazip
|
||||
unstable.telegram-desktop
|
||||
unstable.tidal-hifi
|
||||
unstable.xpipe
|
||||
# unstable.vesktop # gpu issues. Using the flatpak version solves this issue.
|
||||
vlc
|
||||
yt-dlp
|
||||
|
||||
# cli
|
||||
brightnessctl
|
||||
|
||||
# dev utils
|
||||
kubectl
|
||||
minio-client # S3 management
|
||||
pre-commit # Pre-commit tasks for git
|
||||
shellcheck # shell script linting
|
||||
unstable.act # run GitHub actions locally
|
||||
unstable.kubebuilder # k8s controller development
|
||||
unstable.nodePackages_latest.prettier # code formatter
|
||||
coderMainline # VSCode in the browser -- has overlay
|
||||
unstable.tidal-hifi
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -26,7 +26,7 @@ with lib.hm.gvariant; {
|
|||
"org/gnome/shell" = {
|
||||
disabled-extensions = [ "apps-menu@gnome-shell-extensions.gcampax.github.com" "light-style@gnome-shell-extensions.gcampax.github.com" "places-menu@gnome-shell-extensions.gcampax.github.com" "drive-menu@gnome-shell-extensions.gcampax.github.com" "window-list@gnome-shell-extensions.gcampax.github.com" "workspace-indicator@gnome-shell-extensions.gcampax.github.com" ];
|
||||
enabled-extensions = [ "appindicatorsupport@rgcjonas.gmail.com" "caffeine@patapon.info" "dash-to-dock@micxgx.gmail.com" "gsconnect@andyholmes.github.io" "Vitals@CoreCoding.com" "sp-tray@sp-tray.esenliyim.github.com" ];
|
||||
favorite-apps = [ "com.mitchellh.ghostty.desktop" "vivaldi-stable.desktop" "obsidian.desktop" "code.desktop" "vesktop.desktop" ];
|
||||
favorite-apps = [ "com.mitchellh.ghostty.desktop" "vivaldi-stable.desktop" "obsidian.desktop" "code.desktop" "discord.desktop" ];
|
||||
};
|
||||
"org/gnome/nautilus/preferences" = {
|
||||
default-folder-viewer = "list-view";
|
||||
|
@ -44,9 +44,6 @@ with lib.hm.gvariant; {
|
|||
clock-format = "12h";
|
||||
show-battery-percentage = true;
|
||||
};
|
||||
"org/gnome/settings-daemon/plugins/power" = {
|
||||
ambient-enabled = false;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,6 +1,7 @@
|
|||
{ ... }: {
|
||||
imports = [
|
||||
./browsers
|
||||
./de
|
||||
./thunderbird
|
||||
];
|
||||
}
|
||||
|
|
|
@ -21,22 +21,12 @@ in
|
|||
lt = "${pkgs.lsd}/bin/lsd --tree";
|
||||
lla = "${pkgs.lsd}/bin/lsd -la";
|
||||
tm = "tmux attach -t (basename $PWD) || tmux new -s (basename $PWD)";
|
||||
lsusb = "cyme --headings --tree --hide-buses";
|
||||
x = "exit";
|
||||
};
|
||||
|
||||
shellAbbrs = {
|
||||
nrs = "sudo nixos-rebuild switch --flake .";
|
||||
nvdiff = "nvd diff /run/current-system result";
|
||||
# rook & ceph versions.
|
||||
rcv =
|
||||
''
|
||||
kubectl \
|
||||
-n rook-ceph \
|
||||
get deployments \
|
||||
-l rook_cluster=rook-ceph \
|
||||
-o jsonpath='{range .items[*]}{.metadata.name}{" \treq/upd/avl: "}{.spec.replicas}{"/"}{.status.updatedReplicas}{"/"}{.status.readyReplicas}{" \trook-version="}{.metadata.labels.rook-version}{" \tceph-version="}{.metadata.labels.ceph-version}{"\n"}{end}'
|
||||
'';
|
||||
};
|
||||
|
||||
interactiveShellInit = ''
|
||||
|
@ -57,12 +47,10 @@ in
|
|||
end
|
||||
end
|
||||
|
||||
# Krew
|
||||
set -q KREW_ROOT; and set -gx PATH $PATH $KREW_ROOT/.krew/bin; or set -gx PATH $PATH $HOME/.krew/bin
|
||||
|
||||
# Paths are in reverse priority order
|
||||
update_path /opt/homebrew/opt/postgresql@16/bin
|
||||
update_path /opt/homebrew/bin
|
||||
update_path ${homeDirectory}/.krew/bin
|
||||
update_path /nix/var/nix/profiles/default/bin
|
||||
update_path /run/current-system/sw/bin
|
||||
update_path /etc/profiles/per-user/${username}/bin
|
||||
|
@ -73,12 +61,6 @@ in
|
|||
update_path ${homeDirectory}/.local/bin
|
||||
|
||||
set -gx EDITOR "vim"
|
||||
|
||||
if test (hostname) = "telchar"
|
||||
set -gx VISUAL "code"
|
||||
end
|
||||
|
||||
set -gx SSH_ASKPASS_REQUIRE "prefer" # This is for git to use the ssh-askpass
|
||||
set -gx ATUIN_SYNC_ADDRESS "https://sh.hsn.dev"
|
||||
|
||||
# One Password cli
|
||||
|
@ -90,11 +72,6 @@ in
|
|||
set -gx LSCOLORS "Gxfxcxdxbxegedabagacad"
|
||||
set -gx LS_COLORS 'di=01;34:ln=01;36:pi=33:so=01;35:bd=01;33:cd=33:or=31:ex=01;32:*.7z=01;31:*.bz2=01;31:*.gz=01;31:*.lz=01;31:*.lzma=01;31:*.lzo=01;31:*.rar=01;31:*.tar=01;31:*.tbz=01;31:*.tgz=01;31:*.xz=01;31:*.zip=01;31:*.zst=01;31:*.zstd=01;31:*.bmp=01;35:*.tiff=01;35:*.tif=01;35:*.TIFF=01;35:*.gif=01;35:*.jpeg=01;35:*.jpg=01;35:*.png=01;35:*.webp=01;35:*.pot=01;35:*.pcb=01;35:*.gbr=01;35:*.scm=01;35:*.xcf=01;35:*.spl=01;35:*.stl=01;35:*.dwg=01;35:*.ply=01;35:*.apk=01;31:*.deb=01;31:*.rpm=01;31:*.jad=01;31:*.jar=01;31:*.crx=01;31:*.xpi=01;31:*.avi=01;35:*.divx=01;35:*.m2v=01;35:*.m4v=01;35:*.mkv=01;35:*.MOV=01;35:*.mov=01;35:*.mp4=01;35:*.mpeg=01;35:*.mpg=01;35:*.sample=01;35:*.wmv=01;35:*.3g2=01;35:*.3gp=01;35:*.gp3=01;35:*.webm=01;35:*.flv=01;35:*.ogv=01;35:*.f4v=01;35:*.3ga=01;35:*.aac=01;35:*.m4a=01;35:*.mp3=01;35:*.mp4a=01;35:*.oga=01;35:*.ogg=01;35:*.opus=01;35:*.s3m=01;35:*.sid=01;35:*.wma=01;35:*.flac=01;35:*.alac=01;35:*.mid=01;35:*.midi=01;35:*.pcm=01;35:*.wav=01;35:*.ass=01;33:*.srt=01;33:*.ssa=01;33:*.sub=01;33:*.git=01;33:*.ass=01;33:*README=33:*README.rst=33:*README.md=33:*LICENSE=33:*COPYING=33:*INSTALL=33:*COPYRIGHT=33:*AUTHORS=33:*HISTORY=33:*CONTRIBUTOS=33:*PATENTS=33:*VERSION=33:*NOTICE=33:*CHANGES=33:*CHANGELOG=33:*log=33:*.txt=33:*.md=33:*.markdown=33:*.nfo=33:*.org=33:*.pod=33:*.rst=33:*.tex=33:*.texttile=33:*.bib=35:*.json=35:*.jsonl=35:*.jsonnet=35:*.libsonnet=35:*.rss=35:*.xml=35:*.fxml=35:*.toml=35:*.yaml=35:*.yml=35:*.dtd=35:*.cbr=35:*.cbz=35:*.chm=35:*.pdf=35:*.PDF=35:*.epub=35:*.awk=35:*.bash=35:*.bat=35:*.BAT=35:*.sed=35:*.sh=35:*.zsh=35:*.vim=35:*.py=35:*.ipynb=35:*.rb=35:*.gemspec=35:*.pl=35:*.PL=35:*.t=35:*.msql=35:*.mysql=35:*.pgsql=35:*.sql=35:*.r=35:*.R=35:*.cljw=35:*.scala=35:*.sc=35:*.dart=35:*.asm=35:*.cl=35:*.lisp=35:*.rkt=35:*.el=35:*.elc=35:*.eln=35:*.lua=35:*.c=35:*.C=35:*.h=35:*.H=35:*.tcc=35:*.c++=35:*.h++=35:*.hpp=35:*.hxx=35:*ii.=35:*.m=35:*.M=35:*.cc=35:*.cs=35:*.cp=35:*.cpp=35:*.cxx=35:*.go=35:*.f=35:*.F=35:*.nim=35:*.nimble=35:*.s=35:*.S=35:*.rs=35:*.scpt=35:*.swift=35:*.vala=35:*.vapi=35:*.hs=35:*.lhs=35:*.zig=35:*.v=35:*.pyc=35:*.tf=35:*.tfstate=35:*.tfvars=35:*.css=35:*.less=35:*.sass=35:*.scss=35:*.htm=35:*.html=35:*.jhtm=35:*.mht=35:*.eml=35:*.coffee=35:*.java=35:*.js=35:*.mjs=35:*.jsm=35:*.jsp=35:*.rasi=35:*.php=35:*.twig=35:*.vb=35:*.vba=35:*.vbs=35:*.Dockerfile=35:*.dockerignore=35:*.Makefile=35:*.MANIFEST=35:*.am=35:*.in=35:*.hin=35:*.scan=35:*.m4=35:*.old=35:*.out=35:*.SKIP=35:*.diff=35:*.patch=35:*.tmpl=35:*.j2=35:*PKGBUILD=35:*config=35:*.conf=35:*.service=31:*.@.service=31:*.socket=31:*.swap=31:*.device=31:*.mount=31:*.automount=31:*.target=31:*.path=31:*.timer=31:*.snapshot=31:*.allow=31:*.swp=31:*.swo=31:*.tmp=31:*.pid=31:*.state=31:*.lock=31:*.lockfile=31:*.pacnew=31:*.un=31:*.orig=31:'
|
||||
atuin init fish | source
|
||||
|
||||
# Ghostty shell integration for Bash. This must be at the top of your fish!!!
|
||||
if set -q GHOSTTY_RESOURCES_DIR
|
||||
source "$GHOSTTY_RESOURCES_DIR/shell-integration/fish/vendor_conf.d/ghostty-shell-integration.fish"
|
||||
end
|
||||
'';
|
||||
};
|
||||
|
||||
|
|
|
@ -1,16 +0,0 @@
|
|||
[
|
||||
"/dev/disk/by-id/ata-Seagate_IronWolfPro_ZA240NX10001-2ZH100_7TF002RA"
|
||||
"/dev/disk/by-id/nvme-Samsung_SSD_960_EVO_250GB_S3ESNX0K308438J"
|
||||
"/dev/disk/by-id/scsi-350000c0f02f0830c"
|
||||
"/dev/disk/by-id/scsi-350000c0f01e7d190"
|
||||
"/dev/disk/by-id/scsi-350000c0f01ea443c"
|
||||
"/dev/disk/by-id/scsi-350000c0f01f8230c"
|
||||
"/dev/disk/by-id/scsi-35000c500586e5057"
|
||||
"/dev/disk/by-id/scsi-35000c500624a0ddb"
|
||||
"/dev/disk/by-id/scsi-35000c500624a1a8b"
|
||||
"/dev/disk/by-id/scsi-35000cca046135ad8"
|
||||
"/dev/disk/by-id/scsi-35000cca04613722c"
|
||||
"/dev/disk/by-id/scsi-35000cca0461810f8"
|
||||
"/dev/disk/by-id/scsi-35000cca04618b930"
|
||||
"/dev/disk/by-id/scsi-35000cca04618cec4"
|
||||
]
|
|
@ -1,49 +0,0 @@
|
|||
{ ... }:
|
||||
{
|
||||
config = {
|
||||
"core.https_address" = "10.1.1.15:8445"; # Need quotes around key
|
||||
};
|
||||
networks = [
|
||||
{
|
||||
config = {
|
||||
"ipv4.address" = "auto"; # Need quotes around key
|
||||
"ipv6.address" = "auto"; # Need quotes around key
|
||||
};
|
||||
description = "";
|
||||
name = "incusbr0";
|
||||
type = "";
|
||||
project = "default";
|
||||
}
|
||||
];
|
||||
storage_pools = [
|
||||
{
|
||||
config = {
|
||||
source = "eru/incus";
|
||||
};
|
||||
description = "";
|
||||
name = "default";
|
||||
driver = "zfs";
|
||||
}
|
||||
];
|
||||
profiles = [
|
||||
{
|
||||
config = { };
|
||||
description = "";
|
||||
devices = {
|
||||
eth0 = {
|
||||
name = "eth0";
|
||||
network = "incusbr0";
|
||||
type = "nic";
|
||||
};
|
||||
root = {
|
||||
path = "/";
|
||||
pool = "default";
|
||||
type = "disk";
|
||||
};
|
||||
};
|
||||
name = "default";
|
||||
}
|
||||
];
|
||||
projects = [ ];
|
||||
cluster = null;
|
||||
}
|
|
@ -1,60 +1,33 @@
|
|||
# Do not modify this file! It was generated by 'nixos-generate-config'
|
||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
modulesPath,
|
||||
inputs,
|
||||
...
|
||||
}:
|
||||
{ config, lib, modulesPath, inputs, ... }:
|
||||
let
|
||||
sanoidConfig = import ./config/sanoid.nix { };
|
||||
disks = import ./config/disks.nix;
|
||||
smartdDevices = map (device: { inherit device; }) disks;
|
||||
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
(modulesPath + "/installer/scan/not-detected.nix")
|
||||
inputs.disko.nixosModules.disko
|
||||
(import ../../profiles/disko-nixos.nix { disks = [ "/dev/sda" ]; })
|
||||
];
|
||||
imports =
|
||||
[
|
||||
(modulesPath + "/installer/scan/not-detected.nix")
|
||||
inputs.disko.nixosModules.disko
|
||||
(import ../../profiles/disko-nixos.nix { disks = [ "/dev/sda" ]; })
|
||||
];
|
||||
|
||||
boot = {
|
||||
initrd = {
|
||||
availableKernelModules = [
|
||||
"ehci_pci"
|
||||
"ahci"
|
||||
"mpt3sas"
|
||||
"isci"
|
||||
"usbhid"
|
||||
"usb_storage"
|
||||
"sd_mod"
|
||||
];
|
||||
availableKernelModules = [ "ehci_pci" "ahci" "mpt3sas" "isci" "usbhid" "usb_storage" "sd_mod" ];
|
||||
kernelModules = [ "nfs" ];
|
||||
supportedFilesystems = [ "nfs" ];
|
||||
};
|
||||
|
||||
kernelModules = [
|
||||
"kvm-intel"
|
||||
"vfio"
|
||||
"vfio_iommu_type1"
|
||||
"vfio_pci"
|
||||
"vfio_virqfd"
|
||||
];
|
||||
kernelModules = [ "kvm-intel" "vfio" "vfio_iommu_type1" "vfio_pci" "vfio_virqfd" ];
|
||||
extraModulePackages = [ ];
|
||||
kernelParams = [
|
||||
"iommu=pt"
|
||||
"intel_iommu=on"
|
||||
"zfs.zfs_arc_max=107374182400"
|
||||
]; # 100GB
|
||||
kernelParams = [ "iommu=pt" "intel_iommu=on" "zfs.zfs_arc_max=107374182400" ]; # 100GB
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
|
||||
users.users.root.openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAGSFTSVPt43PBpSMSF1dGTzN2JbxztDZUml7g4+PnWe CSI-Driver@talos"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO/W445gX2IINRbE6crIMwgN6Ks8LTzAXR86pS9xp335 root@Sting"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBROTzSefJGJeCNUgNLbE5l4sHHg2fHUO4sCwqvP+zAd root@Gollum"
|
||||
];
|
||||
|
||||
|
@ -66,85 +39,49 @@ in
|
|||
networkmanager.enable = true;
|
||||
# TODO: Add ports specifically.
|
||||
firewall.enable = false;
|
||||
nftables.enable = false;
|
||||
interfaces = {
|
||||
"enp130s0f0".useDHCP = true;
|
||||
"eno1".useDHCP = true;
|
||||
"enp130s0f1".useDHCP = true;
|
||||
};
|
||||
|
||||
# For VMs
|
||||
bridges = {
|
||||
"br0" = {
|
||||
interfaces = [ "enp130s0f1" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
|
||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
|
||||
# VSCode Compatibility Settings
|
||||
programs.nix-ld.enable = true;
|
||||
services.vscode-server = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
# Home Manager
|
||||
home-manager.users.jahanson = {
|
||||
# Git settings
|
||||
# TODO: Move to config module.
|
||||
programs.git = {
|
||||
enable = true;
|
||||
userName = "Joseph Hanson";
|
||||
userEmail = "joe@veri.dev";
|
||||
|
||||
extraConfig = {
|
||||
core.autocrlf = "input";
|
||||
init.defaultBranch = "main";
|
||||
pull.rebase = true;
|
||||
rebase.autoStash = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# sops
|
||||
sops = {
|
||||
secrets = {
|
||||
"lego/dnsimple/token" = {
|
||||
mode = "0444";
|
||||
sopsFile = ./secrets.sops.yaml;
|
||||
};
|
||||
"borg/repository/passphrase" = {
|
||||
sopsFile = ./secrets.sops.yaml;
|
||||
};
|
||||
"syncthing/publicCert" = {
|
||||
sopsFile = ./secrets.sops.yaml;
|
||||
owner = "jahanson";
|
||||
mode = "400";
|
||||
restartUnits = [ "syncthing.service" ];
|
||||
};
|
||||
"syncthing/privateKey" = {
|
||||
sopsFile = ./secrets.sops.yaml;
|
||||
owner = "jahanson";
|
||||
mode = "400";
|
||||
restartUnits = [ "syncthing.service" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# no de
|
||||
services = {
|
||||
# Smart daemon for monitoring disk health.
|
||||
smartd = {
|
||||
devices = smartdDevices;
|
||||
# Short test every day at 2:00 AM and long test every Sunday at 4:00 AM.
|
||||
defaults.monitored = "-a -o on -s (S/../.././02|L/../../7/04)";
|
||||
xserver = {
|
||||
enable = false;
|
||||
displayManager.gdm.enable = false;
|
||||
desktopManager.gnome.enable = false;
|
||||
};
|
||||
# ZFS Exporter
|
||||
prometheus.exporters.zfs.enable = true;
|
||||
};
|
||||
|
||||
# System settings and services.
|
||||
mySystem = {
|
||||
purpose = "Production";
|
||||
system = {
|
||||
motd.networkInterfaces = [
|
||||
"enp130s0f0"
|
||||
"eno1"
|
||||
];
|
||||
# Incus
|
||||
incus = {
|
||||
enable = true;
|
||||
preseed = import ./config/incus-preseed.nix { };
|
||||
webuiport = 8445;
|
||||
};
|
||||
motd.networkInterfaces = [ "enp130s0f0" "enp130s0f1" ];
|
||||
# ZFS
|
||||
zfs.enable = true;
|
||||
zfs.mountPoolsAtBoot = [ "eru" ];
|
||||
|
@ -162,33 +99,34 @@ in
|
|||
local.noWarning = true;
|
||||
remote.noWarning = true;
|
||||
};
|
||||
# Borg
|
||||
borgbackup = {
|
||||
enable = true;
|
||||
paths = [ "/eru/containers/volumes/unifi/" ];
|
||||
exclude = [ ];
|
||||
repo = "ssh://t3zvn0dd@t3zvn0dd.repo.borgbase.com/./repo";
|
||||
repoKeyPath = config.sops.secrets."borg/repository/passphrase".path;
|
||||
};
|
||||
};
|
||||
services = {
|
||||
libvirt-qemu.enable = true;
|
||||
podman.enable = true;
|
||||
|
||||
# Syncthing
|
||||
syncthing = {
|
||||
enable = true;
|
||||
user = "jahanson";
|
||||
publicCertPath = config.sops.secrets."syncthing/publicCert".path;
|
||||
privateKeyPath = config.sops.secrets."syncthing/privateKey".path;
|
||||
};
|
||||
|
||||
# Scrutiny
|
||||
scrutiny = {
|
||||
enable = true;
|
||||
devices = disks;
|
||||
extraCapabilities = [ "SYS_RAWIO" ];
|
||||
containerVolumeLocation = "/eru/containers/volumes/scrutiny";
|
||||
port = 8585;
|
||||
};
|
||||
libvirt-qemu.enable = true;
|
||||
|
||||
# Sanoid
|
||||
sanoid = {
|
||||
enable = true;
|
||||
inherit (sanoidConfig.outputs) templates datasets;
|
||||
};
|
||||
|
||||
# Unifi & Lego-Auto
|
||||
unifi.enable = true;
|
||||
lego-auto = {
|
||||
enable = true;
|
||||
dnsimpleTokenPath = "${config.sops.secrets."lego/dnsimple/token".path}";
|
||||
domains = "gandalf.jahanson.tech";
|
||||
email = "joe@veri.dev";
|
||||
provider = "dnsimple";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,12 +1,9 @@
|
|||
lego:
|
||||
dnsimple:
|
||||
token: ENC[AES256_GCM,data:wyj88D4qPqnxovjRKS3jg2H6OwznNfhmVyMO9MV7e66mOjUw/vbqkstEqg==,iv:f+1PN+pKpu8bm8eAQ7sFb+ZpMe8fmImukUir41XdKtM=,tag:FRpEAWf0fA8LOoTrJiEwRQ==,type:str]
|
||||
token: ENC[AES256_GCM,data:CfRFhGE8AyZfO9RzoXXTfm8kstvx+Fuy53o9ulYNZiufzzSQ4KzwYIoCRw==,iv:HEC8hRpmk7YDI7RHj29ZAeFKyPgsWTHw1sxjdZuhcrw=,tag:7RhEhZ9GkyBE9PJRe+gD+Q==,type:str]
|
||||
borg:
|
||||
repository:
|
||||
passphrase: ENC[AES256_GCM,data:33OMM880zGxJPTtqsNmbCMCCABE=,iv:8tvOqpKzbyx9sOmHLA+8v05vhLXjhRRuHpGHxGVo++s=,tag:MvsLDcVyX6rPr5lwDOvBqw==,type:str]
|
||||
syncthing:
|
||||
publicCert: ENC[AES256_GCM,data:jfQge0lfiZrdc+Kfv1hijHh0suGhQSfOou0cD7GcP+t0EigvRmi1JPyUm4l78x5d64oTfQoeO4Iq0Y+PL0tf/SGHU/7tMwo8456FrLSZwl5r+1iGoqRXu+VaEfEm02YXtwcRCZVOMKiwlZC4xMhUZ3CUZ9ohipluNarieivOEFzrNaFbbUeJITALsvYpBPsoIvxOePASrxYwUAjAtGPUVePuL9xfCdUZA2MMDr3alxpuNlz3wOk36qX+OS0Rc0nM9MfACRWxFsKTA8AxlCYouWjCke3kVeqcEh0rVWSEx2zqIOC9N4Ms1Q1zVqcS4hWi1LLe5BN0pK7LHdjEbuni/3Cns1GpBLJc7mwsUwlBQ7RFStAspP99YmIfAlMeztfm7GuacJC2Bddz6PJ/QEMRXli7KRm3Wimb7J2fqOyaECE35xtplvdN8HIhiQ2X6G9aFW+T3h8Hqopihl23HVZFfHe4//c3BGhHUYgzbj/0frLF7s7QySI/j8G242wKyNqpDmiC+9OCPGmpGmTg98h7X+pG4Tl1GH7xpV7jlPqg2kFm3aVGscNdCAMXyWsXoZZIPyiAxTgMauXTFIkgEjEeCB+d8Eml5xOjs4ADUeJLIc4mNOYh1ggPjbSJAAPw7LYqtmaCkazZ3XWRmpMHwcRTpVtQPmo3sLSETY3hgo9T8Z2pVqBbiiH6qVSDdZ5RANvBH2hU7mZrppN9pSVpWxt895iAs01PeTwJlFg3XleqsUcrhncrx9TVGlLn7MP58LbKeUqWpC2LFCKW42O39ajLT8dES3XQ0zjTZhYGLG6CFs6tj9sDIRAX/f0nM0PLF9ctsR3IRYX75kLSl/Wx1UeFxPoIF4/fIKZxkrsd0Pjalp1ToT2EvYL6cq+eyNeF+QIK9CazCO1FfvgLSVy5NKB9KmSj6t6qEByagE9FX2BvAJ9zA36s/inqo84hrmfZz+vf3zJbkEL2Y8xxRtE0Fd2rU0SubmLDxrlmawBUnYQ8skJEKJAA/g8ptYrbdqshtUyZac2m70ZtxO5VZHAGO8tE+jYQsS/UMD4/Iek=,iv:sq21pry1Yz4vZITF29oyFGnvhUwgyDsFwtHrzl059KE=,tag:rOmVsnWpLL87M0d6mfgovw==,type:str]
|
||||
privateKey: ENC[AES256_GCM,data:QZYlRzV2FPbCDun72PPgxxx4qvqGbuj0iZhvHggm/0sh3JFjtZIBZ7V4TfYYjJJykhKP+4Tm8rghnijiAmDSjyuGm0xwr9ENreRe/j7VrMYhcBes3h9PWOWY2jx+kh7U6v3da7/G79ISv5neFtsjvvM7UpGmIb4mwygZ9qO1cRRuC/k3CPehT7uN2kYNCKlfYJcRp/IlmvD0L38BtHsnokK0zCqC3q2nOZWWazfv3Hxck0kbQSV7V3OBmqfd6h7sdN/GQBv4gmgqjUH9DsCHz+3LEEyxIOp340zPKAZFZGg1SpBQREFOyyaYUMgk8iXRqvqIPxHeyruFzkDRZf6URni3klfEbQi/6B7eP8Jzt/BPfsdLYO9QSXyuqSYAj+V5,iv:BvlKA+gltrGHOXggwLsvqI5FCz7X+RwcOOCvdMYf31w=,tag:/SICpca+QkqeEh/dXYUxBw==,type:str]
|
||||
passphrase: ENC[AES256_GCM,data:lt0Rq269GoBuLNw9fxwuMAmtYjE=,iv:57IFde6EX7myLSCvYXkkbSulr8S7JPYoThWBsPLH0Yw=,tag:NwlpouurYF+2qmw2T3De8A==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -16,77 +13,68 @@ sops:
|
|||
- recipient: age1d9p83j52m2xg0vh9k7q0uwlxwhs3y6tlv68yg9s2h9mdw2fmmsqshddz5m
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4dEJJVHhhTU1XMVp2UmNh
|
||||
cnEwMTg0ck9oZzR0QndXa2t3UlpVK0M1bzBBCm8zZWpZanJYcHFQeXdKK1BDSk9u
|
||||
WVcwSGtvS3h0UTZkNG1ZMkZKT3hORkUKLS0tIFh6S1UzWXE3a085bE5NMjl6Zzgx
|
||||
MDZrbzBNdUNvcnppZS9wMmczVU5uQnMKpYJmsY/Ul7cpUc+ueSt3FkShvR1KqYHW
|
||||
q6bhaoby5Wz3XxLZl0ONBqovabkDwNiP6Er0rGiv0tK6TIaQE/NaUw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUZVhNdGh2c3dpYWU2TDNJ
|
||||
M2Vyb29jQ2xHMXBKVk10dkhWVUFmVkpmV2tnCjF5ZnBBcGtkZjFYbU0zQXNNRCti
|
||||
QzVKOGR2OUQvRXVvOXZlb1I0V00rcWsKLS0tIElHeHhkSmt5UkZhTjk1dkFSbUp0
|
||||
M1BiUzZkU0pDbHVQNC9yQ3pzSU5INm8KcRB4uY0PHnDfc4bJZwqkK/S7FbEXuxEu
|
||||
ot9oVR4sZBs7Uhi5Ixz7Kmk9dBJ+E9dWPxDeYhYo3V0Tq77h1vVOyg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1m83ups8xn2jy4ayr8gw0pyn34smr0huqc5v76e4887az4vsl4yzsj0dlhd
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpTnVFSW8rSUFVN0txbTJz
|
||||
aXFUdXBnSW1GZkRBcFNFZlBWLzFEa2NhTlJJCldEYUlHcHM2a28za2I0N3JORTZm
|
||||
S2Foa0MyQng4TlNpaE53VHpLVGlNZFEKLS0tIHRNSWovZHJlaDhGY0xKd3pRQm5y
|
||||
aExPbjRPVi9kZ2s4bFlxdFhtK3l5bGcK+qEq++r5B48TwAOxyRFWm68MRa91rnZx
|
||||
levAEpFZYIMxfzxk++i26omu6r1jvXsiwtm2YvdoGhmNUqLU2UDWZA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNalVRWXVGN0hqZDdYUDVZ
|
||||
TVRwVHJsTEJoTVIzenFuY0dnTWs1bnRHZnhzCnNPTnJ1Uk92aVRaMlA4VTRYbXNh
|
||||
MW5ycEUzUVk0RW1Iby9kWjQ1cTVXWDgKLS0tIDdVaTcvNm9Ca2hTMzBlSGZVUnZN
|
||||
a2U1ZjIwRWx1bWp6TktablBqMUduUmMKCFT9vPMu/fob5SQG1004925OB1KNhsUm
|
||||
obph/984DUTQxk6IvnJ7fPrnFwL5yY1azdybjPlwGw6o5SmwKpxWBQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age18kj3xhlvgjeg2awwku3r8d95w360uysu0w5ejghnp4kh8qmtge5qwa2vjp
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqZzlkQmFiM2puUHVNUFIr
|
||||
L0E0VGpxck56d2NsemFrNEFWNmZ2MXlTV0Y0CkppUmxYRlVkVUZiWEJoVG55cXAv
|
||||
N0dRY1d1c2srTk0xU3AxSDNqQTZkdFEKLS0tIFpnZ09jellUWk1YZnh0akNsTysx
|
||||
ZnBCMVNqdGRvUm4xOVVRbTF0VzY1eEkKJhjFjnVk6Kr0LIUdyRPI3nPRXbPHHW/Q
|
||||
0NVqBn7s+NbS6pzSCPu5+T/ibo2HofQZQ0hFFUeCN/EO5xNCaueNFA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2RjUvSFJqNGxieVZiVE9q
|
||||
NjB4RHcraXk5TnJtN1RSNXZSMlEwbjgxaUZVCjRxUGUwTjBFSU9nTHpRbWpmVkRQ
|
||||
cllyei9URXYyRGgrTGdjWXRSZmpRYnMKLS0tIHNQOXpkZnI5b200d0JiSVI2N1BU
|
||||
MS9MRW5ocGRMWXdBL0E5N00zbGZzVFEKxeMB0/opzFTnlSBK1vEsLqQ0qIDhOuw5
|
||||
S+g8eYTVXSIs/3TMUnOJxDezAG2l00vyWryPw2sGOnqgZCnF9VB/mw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1lp6rrlvmytp9ka6q89m0e0am26222kwrn7aqd45hu07s3a6jv3gqty86eu
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArandyVGlHU0NacDdmTDdQ
|
||||
ZVg5ei9hYW45VU02RkhkTmlNeHdCODgxQ1h3CmpBdnhvdlBwWUkxVVNqcHgvNDc5
|
||||
bkFydkRGOXE2a2lyTU9rZ2l2U0NjV2cKLS0tIDhyUm5EUlZxcHFRemlpaHFYRjV0
|
||||
ODN2Y1Y5a2tWOU1PTElLa3NPeTVCb3cKqPj5QB/K9uB4RN+KRsK8UGS4WxECJn/q
|
||||
HCVEo/5YFnoEtE0X7xvyBEKgrAokzVsnuHtNqP0i6ka2XIt0yi2xOw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvbzJDWHhIT2tSekxpWmFR
|
||||
cVFocEl6N0VWM2FYVC9FeE9zeG0wYUhnazJRCllsdlFVZXR0YTA2T2h0ZUVienpQ
|
||||
MmhJVTkwd1Q4VjNVaWxkL0lVTEVLemsKLS0tIHVqMHhQaW55MHBsVmc5TjJjT1Jy
|
||||
RXdOeXk0NFJuL1ZKTUt3dXdkdlpLenMKmlQ0k9CmSWQ7MqueMbmd/TqYyQiDFZ0G
|
||||
FPtUIFWxxPY79vsEHq3kxyz4CGMUv7tYx00OK6niLgLZUStd/3Bxmw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1e4sd6jjd4uxxsh9xmhdsnu6mqd5h8c4zz4gwme7lkw9ee949fc9q4px9df
|
||||
- recipient: age1vsqx6kukrfhrwdy4sujnra5gsswzuh0cfcfdh0d9qjrkts8hl5aqnjx32m
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMbWxBNFpyajNETjM2VUhr
|
||||
TTdmc2pwb1RVNHlNVGNYaUFMelFOQVUwMlFnClBQRldoMXY4dm9nY2Ntd0pRNUZu
|
||||
NEhYeVp4YUthMU1MUmZvSjh3ZjVTajQKLS0tIDNKSHNQcWJYNkVvWmFXV2pSNVBP
|
||||
cHVzY09RZ1ZuSkNWWisxeDQ5V2Z5VW8KybOLJvSkkV5XiH431SBY8k5aSE9QdZ5r
|
||||
UghLUUTB1OFvycYNyxhyIgetX9ycu54PXitEiTBGWphPiAnXyBG3dQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age19jm7uuam7gkacm3kh2v7uqgkvmmx0slmm9zwdjhd2ln9r60xzd7qh78c5a
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxVGRacTlCMjBRaURxMDNt
|
||||
SXBnZXl6M1l3ZmVZUlVDZEV4U2dJSjREcGpnCkF3L1hhOEFYcnp5Y3VLSEsyTWZE
|
||||
NFpTNno3VStINnlXdW9wcXd3bW81UGsKLS0tIGR3b3lQa3VIQmZ1bXREQnphQ1lL
|
||||
KzdCbXNTc054eEJBeklmM0xPVGQ4bmcKgZtxtepmmn/M4HylEsQ0FB/OXlgnyrU8
|
||||
6Yy2ua5/UN+YfFJ2FNoYyxd7OYLDeHsvQQODXJuL7VEGBaF+3ttMHg==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzWTk5S2VkQmNnNjIwQ05y
|
||||
TkR2MjdnY1pGMVZpT2dadE5icjIvRWtnT2pVClRCcTVHa3BaMGRDWTgzNE5zQzBq
|
||||
MWRWWi83b0k3OUo5WXhHTVRZSmovMWMKLS0tIFF4UlNtNVFkd3phTzd6R2FuY0Js
|
||||
VWpzZTdXSWpiV2tRbnc5VlVWM3FCak0KQGy+ZWdvEh09y9z1Dj3GTVyeAJ5notCH
|
||||
ujbOfaly8e9E2g4uOxISxyFe39xlOZd6zEInZ5qiKPrZz37ASChBkA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1nwnqxjuaxlt5g7fe8rnspvn2c36uuef4hzwuwa6cfjfalz2lrd4q4n5fpl
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAweHZaZjRoaXRCNEFBYk1V
|
||||
ZWJ3YjVJVFFmeGhpUnVHYXhxNlhvOEtqVTBrCjRIa3N3UnRYeTU5ajUyM0xjanNN
|
||||
RjArandlM1ljbEdjcHcvL3Fvd2MweFEKLS0tIDZ2Z0dpN1d3bFc5VlNMbXBmZGNn
|
||||
blVrd3dubmUwWGd5Rk1PSHBPUlFBZ0UKOh5BQgCUxQxFSU2NxmOGEmO3DZ3TuWid
|
||||
d1vLm0TotAjshXBSy/yo62ejDUhvoCJ38PNDi6+zpZwCFYhaviQM7g==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrZDNFa0U4MWs0dmVkZXhi
|
||||
V3JjdXIrTTdkamkzRW1jU0wzNnluQ0lJbmpNCkcxNUNwc3ZxMXJreXBxNUlaR0xN
|
||||
RmFDZ3RIaVU5aCttS3Q5dWo0QUovVDgKLS0tIEVJQm1xWE80OVRyWUxkMzFXRHBp
|
||||
RlJTZjgzQ3pDVHRPQ2dFbHBqdzA3N0EKGBFnnJMqUrbaIviqpX4CP4Ps45Lk/Yyn
|
||||
fpVxSlwjOHNDwQ4ojUjv11FRo9WHUTGACFniUtvYc0oaLNygNgf8+Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1a8z3p24v32l9yxm5z2l8h7rpc3nhacyfv4jvetk2lenrvsdstd3sdu2kaf
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4eTdXNlA2bW1OTmpFNktD
|
||||
cTgrUjY0UzV4NTE5NWFHdHlYa1JaeW1DblZVCkwrelZjaE5vdkFyTkErMGR0Mmt0
|
||||
RkVPb1RTMjlEc2pRSDZjMWpwVVNhZVEKLS0tIEpaV3Y2enoxMWZyTVZjdlpYTWtH
|
||||
ZTNZOVhTcTBHSDk2UjhXRE90VCs0R2MKUI6Q/P4v4xLnkqXqMuidlcgccDzf3Ig7
|
||||
P8aVNYbwtQqjsOwjYcoec4PaQehloW0kt/QSnYQx3znxrYQE1WVVNQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBodERMdDN4cVRiS0tVck5h
|
||||
N3RySnRtSXJHZEthRWZNcENrNXY4bHNHa0R3Cm1HL0lzWnpocWhXNDV3RFRxL1ZG
|
||||
dWlCQWtzMEZlRnNML2NrOUVPSVRTcHMKLS0tIEsrbk5VOUZhbDFRRHRuWW56TjE1
|
||||
V1d0d1lKb3hyYVQ4elBIZ0hnU3FTbnMKiWERjAwlJRPK+PILCBV03uyNVnNgolA8
|
||||
PS0vbIDVNiX0pIrRlM2sVivZwqajjTB3XROXMmbIKpQxDMjvpHgqJA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-11-08T01:53:24Z"
|
||||
mac: ENC[AES256_GCM,data:C05zcIFQC3gMa5AVKGB2uvpT5Bj/Pt2XyWizjPfIa4gcx1TzueQZ0mlZHjJY/9qu5SccbLrJ/eNmajzh39cTmFZ7211l9Zz6N8BMboh8olzIWUYFeGzZtXgmKXBRMVH6RPpbcuawLOeXeD9pCLSek6V9Qdx/OUnlWokj9ZPfvuc=,iv:PGMPSs99J6neXoSF18yWbxjCE0M9dSjqtz1ntxwk0TU=,tag:pZfVKcroeKPAvlfft1YsOA==,type:str]
|
||||
lastmodified: "2024-07-27T04:50:25Z"
|
||||
mac: ENC[AES256_GCM,data:IKLC9N4FvfV+eWFoVZa5ijyBdiQuNdXAE4Z/pQNhns+qTuMpuz9QLeQGysow8zCqg9z5WHPa+U10uBIJg0P6Bq2CkBTJ2/75axsQgqc+BPuY4cUfppbYqQaSzB831b3XMHei9m/IPXNoh277jk0E9A0mOzHu4YsBEEzyf5nESn4=,iv:dOIgrQD0eDB1lqTWoDoLXnDZTWJLf5m9a948Wabfc6I=,tag:MWoIe5UpTqZCDDJMcg0swA==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.1
|
||||
version: 3.8.1
|
||||
|
|
|
@ -1,18 +0,0 @@
|
|||
[
|
||||
"/dev/disk/by-id/nvme-Samsung_SSD_970_EVO_Plus_500GB_S58SNM0W406409E"
|
||||
"/dev/disk/by-id/nvme-SOLIDIGM_SSDPFKNU020TZ_PHEH314200DT2P0C"
|
||||
"/dev/disk/by-id/nvme-SOLIDIGM_SSDPFKNU020TZ_PHEH3142017H2P0C"
|
||||
"/dev/disk/by-id/nvme-SOLIDIGM_SSDPFKNU020TZ_PHEH314201AD2P0C"
|
||||
"/dev/disk/by-id/nvme-SOLIDIGM_SSDPFKNU020TZ_PHEH314201E72P0C"
|
||||
"/dev/nvme0" # These are required to fix a smartctl bug I have yet to upgrade to a version that fixes it.
|
||||
"/dev/nvme1"
|
||||
"/dev/nvme2"
|
||||
"/dev/nvme3"
|
||||
"/dev/disk/by-id/scsi-35000cca23bc8a504"
|
||||
"/dev/disk/by-id/scsi-35000cca23bd29918"
|
||||
"/dev/disk/by-id/scsi-35000cca23bd29970"
|
||||
"/dev/disk/by-id/scsi-35000cca2524cc70c"
|
||||
"/dev/disk/by-id/scsi-35000cca2524e03f4"
|
||||
"/dev/disk/by-id/scsi-35000cca2525680dc"
|
||||
"/dev/disk/by-id/scsi-35000cca25256b484"
|
||||
]
|
|
@ -1,49 +0,0 @@
|
|||
{ ... }:
|
||||
{
|
||||
config = {
|
||||
"core.https_address" = "10.1.1.61:8443"; # Need quotes around key
|
||||
};
|
||||
networks = [
|
||||
{
|
||||
config = {
|
||||
"ipv4.address" = "auto"; # Need quotes around key
|
||||
"ipv6.address" = "auto"; # Need quotes around key
|
||||
};
|
||||
description = "";
|
||||
name = "incusbr0";
|
||||
type = "";
|
||||
project = "default";
|
||||
}
|
||||
];
|
||||
storage_pools = [
|
||||
{
|
||||
config = {
|
||||
source = "nahar/incus";
|
||||
};
|
||||
description = "";
|
||||
name = "default";
|
||||
driver = "zfs";
|
||||
}
|
||||
];
|
||||
profiles = [
|
||||
{
|
||||
config = { };
|
||||
description = "";
|
||||
devices = {
|
||||
eth0 = {
|
||||
name = "eth0";
|
||||
network = "incusbr0";
|
||||
type = "nic";
|
||||
};
|
||||
root = {
|
||||
path = "/";
|
||||
pool = "default";
|
||||
type = "disk";
|
||||
};
|
||||
};
|
||||
name = "default";
|
||||
}
|
||||
];
|
||||
projects = [ ];
|
||||
cluster = null;
|
||||
}
|
|
@ -1,17 +0,0 @@
|
|||
{ ... }:
|
||||
{
|
||||
outputs = {
|
||||
# ZFS automated snapshots
|
||||
templates = {
|
||||
"production" = {
|
||||
recursive = true;
|
||||
autoprune = true;
|
||||
autosnap = true;
|
||||
hourly = 24;
|
||||
daily = 7;
|
||||
monthly = 12;
|
||||
};
|
||||
};
|
||||
datasets = { };
|
||||
};
|
||||
}
|
|
@ -1,46 +0,0 @@
|
|||
{ ... }:
|
||||
{
|
||||
name = "Soft Serve";
|
||||
log = {
|
||||
format = "text";
|
||||
time_format = "2006-01-02 15:04:05";
|
||||
};
|
||||
ssh = {
|
||||
listen_addr = ":23231";
|
||||
public_url = "ssh://10.1.1.61:23231";
|
||||
key_path = "ssh/soft_serve_host_ed25519";
|
||||
client_key_path = "ssh/soft_serve_client_ed25519";
|
||||
max_timeout = 0;
|
||||
idle_timeout = 600;
|
||||
};
|
||||
git = {
|
||||
listen_addr = ":9418";
|
||||
public_url = "git://10.1.1.61";
|
||||
max_timeout = 0;
|
||||
idle_timeout = 3;
|
||||
max_connections = 32;
|
||||
};
|
||||
http = {
|
||||
listen_addr = ":23232";
|
||||
tls_key_path = null;
|
||||
tls_cert_path = null;
|
||||
public_url = "http://10.1.1.61:23232";
|
||||
};
|
||||
stats = {
|
||||
listen_addr = "10.1.1.61:23233";
|
||||
};
|
||||
db = {
|
||||
driver = "sqlite";
|
||||
data_source = "soft-serve.db?_pragma=busy_timeout(5000)&_pragma=foreign_keys(1)";
|
||||
};
|
||||
lfs = {
|
||||
enabled = true;
|
||||
ssh_enabled = false;
|
||||
};
|
||||
jobs = {
|
||||
mirror_pull = "@every 10m";
|
||||
};
|
||||
initial_admin_keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILcLI5qN69BuoLp8p7nTYKoLdsBNmZB31OerZ63Car1g jahanson@telchar"
|
||||
];
|
||||
}
|
|
@ -1,209 +0,0 @@
|
|||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, inputs, pkgs, ... }:
|
||||
let
|
||||
sanoidConfig = import ./config/sanoid.nix { };
|
||||
disks = import ./config/disks.nix;
|
||||
smartdDevices = map (device: { inherit device; }) disks;
|
||||
in
|
||||
{
|
||||
imports =
|
||||
[
|
||||
inputs.disko.nixosModules.disko
|
||||
(import ../../profiles/disko-nixos.nix { disks = [ "/dev/sda|/dev/disk/by-id/nvme-Samsung_SSD_970_EVO_Plus_500GB_S58SNM0W406409E" ]; })
|
||||
inputs.nix-minecraft.nixosModules.minecraft-servers
|
||||
];
|
||||
|
||||
boot = {
|
||||
initrd = {
|
||||
kernelModules = [ "nfs" ];
|
||||
supportedFilesystems = [ "nfs" ];
|
||||
};
|
||||
|
||||
kernelModules = [ "vfio" "vfio_iommu_type1" "vfio_pci" "vfio_virqfd" ];
|
||||
extraModulePackages = [ ];
|
||||
kernelParams = [ "zfs.zfs_arc_max=107374182400" ]; # 100GB
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
|
||||
hardware = {
|
||||
cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
nvidia.open = true;
|
||||
# TODO: Swap these once I switch to 24.11
|
||||
# graphics.enable = true;
|
||||
opengl.enable = true;
|
||||
nvidia-container-toolkit.enable = true;
|
||||
};
|
||||
|
||||
users.users.root.openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAGSFTSVPt43PBpSMSF1dGTzN2JbxztDZUml7g4+PnWe CSI-Driver@talos"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBROTzSefJGJeCNUgNLbE5l4sHHg2fHUO4sCwqvP+zAd root@Gollum"
|
||||
];
|
||||
|
||||
# Network settings
|
||||
networking = {
|
||||
hostName = "shadowfax";
|
||||
hostId = "a885fabe";
|
||||
useDHCP = false; # needed for bridge
|
||||
networkmanager.enable = true;
|
||||
firewall.enable = false;
|
||||
interfaces = {
|
||||
"enp36s0f0".useDHCP = true;
|
||||
"enp36s0f1".useDHCP = true;
|
||||
};
|
||||
};
|
||||
|
||||
sops = {
|
||||
secrets = { };
|
||||
};
|
||||
|
||||
# Home Manager
|
||||
home-manager.users.jahanson = {
|
||||
# Git settings
|
||||
# TODO: Move to config module.
|
||||
programs.git = {
|
||||
enable = true;
|
||||
userName = "Joseph Hanson";
|
||||
userEmail = "joe@veri.dev";
|
||||
|
||||
extraConfig = {
|
||||
core.autocrlf = "input";
|
||||
init.defaultBranch = "main";
|
||||
pull.rebase = true;
|
||||
rebase.autoStash = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
programs = {
|
||||
# 1Password cli
|
||||
_1password.enable = true;
|
||||
|
||||
# VSCode Compatibility Settings
|
||||
nix-ld.enable = true;
|
||||
};
|
||||
|
||||
services = {
|
||||
xserver.videoDrivers = [ "nvidia" ];
|
||||
|
||||
# Minecraft
|
||||
minecraft-servers = {
|
||||
# Me cc858467-2744-4c22-8514-86568fefd03b
|
||||
enable = true;
|
||||
eula = true;
|
||||
servers.eregion = {
|
||||
enable = true;
|
||||
package = pkgs.paper-server;
|
||||
serverProperties = {
|
||||
motd = "§6§lEregion§r §7- §6§lMinecraft§r";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# Smart daemon for monitoring disk health.
|
||||
smartd = {
|
||||
devices = smartdDevices;
|
||||
# Short test every day at 2:00 AM and long test every Sunday at 4:00 AM.
|
||||
defaults.monitored = "-a -o on -s (S/../.././02|L/../../7/04)";
|
||||
};
|
||||
|
||||
# Soft Serve - SSH git server
|
||||
soft-serve = {
|
||||
enable = true;
|
||||
settings = import ./config/soft-serve.nix { };
|
||||
};
|
||||
|
||||
# VSCode Compatibility Settings
|
||||
vscode-server = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
# ZFS Exporter
|
||||
prometheus.exporters.zfs.enable = true;
|
||||
};
|
||||
|
||||
# sops
|
||||
sops.secrets = {
|
||||
"syncthing/publicCert" = {
|
||||
sopsFile = ./secrets.sops.yaml;
|
||||
owner = "jahanson";
|
||||
mode = "400";
|
||||
restartUnits = [ "syncthing.service" ];
|
||||
};
|
||||
"syncthing/privateKey" = {
|
||||
sopsFile = ./secrets.sops.yaml;
|
||||
owner = "jahanson";
|
||||
mode = "400";
|
||||
restartUnits = [ "syncthing.service" ];
|
||||
};
|
||||
};
|
||||
# System settings and services.
|
||||
mySystem = {
|
||||
purpose = "Production";
|
||||
|
||||
# Containers
|
||||
containers = {
|
||||
plex.enable = true;
|
||||
scrypted.enable = true;
|
||||
jellyfin.enable = true;
|
||||
};
|
||||
|
||||
# System
|
||||
system = {
|
||||
motd.networkInterfaces = [ "enp36s0f0" ];
|
||||
# Incus
|
||||
incus = {
|
||||
enable = true;
|
||||
preseed = import ./config/incus-preseed.nix { };
|
||||
};
|
||||
|
||||
# ZFS
|
||||
zfs.enable = true;
|
||||
zfs.mountPoolsAtBoot = [
|
||||
"nahar"
|
||||
"moria"
|
||||
];
|
||||
|
||||
# NFS
|
||||
nfs.enable = true;
|
||||
|
||||
resticBackup = {
|
||||
local.enable = false;
|
||||
remote.enable = false;
|
||||
local.noWarning = true;
|
||||
remote.noWarning = true;
|
||||
};
|
||||
};
|
||||
|
||||
# Services
|
||||
services = {
|
||||
podman.enable = true;
|
||||
libvirt-qemu.enable = true;
|
||||
|
||||
# Syncthing
|
||||
syncthing = {
|
||||
enable = true;
|
||||
user = "jahanson";
|
||||
publicCertPath = config.sops.secrets."syncthing/publicCert".path;
|
||||
privateKeyPath = config.sops.secrets."syncthing/privateKey".path;
|
||||
};
|
||||
|
||||
# Scrutiny
|
||||
scrutiny = {
|
||||
enable = true;
|
||||
devices = disks;
|
||||
extraCapabilities = [ "SYS_RAWIO" ];
|
||||
containerVolumeLocation = "/nahar/containers/volumes/scrutiny";
|
||||
port = 8585;
|
||||
};
|
||||
|
||||
# Sanoid
|
||||
sanoid = {
|
||||
enable = true;
|
||||
inherit (sanoidConfig.outputs) templates datasets;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,86 +0,0 @@
|
|||
syncthing:
|
||||
publicCert: ENC[AES256_GCM,data:oqQZ/QORhJoMUa1Sn4CoE5DKfgfIwRo7DR30MJoRLC8L3mOEDRQyk+P9ELAn3RIe2sa3OKwionJ9G+GM5htZPTaKg2h/wy//M89sdTRhC01vxJm80wScgQ8sC4HC8BpQCM5yt7A9Ln7mMvp+v61ae6xyEOcPpcZH4i31sxQUxuWURJU/KpdTAHKhora40W+DTx4YL7jEN7VMH+GawhJeW1jNZZDcBoQK/9RvB5uu6AFsQCedRwJE0772F16eaNKeXCu0BpNdTaZ7dNSUEeK0mT/0osb6DNVon8gKcYYEYtAyI/SnUOwRC4x+FeZYkAae3WGWzfKGC6ENN6JEHNG7mS81b83i3tyaN84wwmP/1pgQ5BSSEztH9P494SXLBnw3XxD2u5vxuKjf37q+gPnErq7hCEi9aS5HS/10ksgV5zpzg8eL9fNpyLXHqxDdllfvBo/KJlQaDri2OYcrz8SQlB0oCZI7AbjFz+zomFSzhi5S3gcLN/cB1CXDmK8/Ka26dcc6gAot18PqVt1aCHHVnLGvZEGt9Cj+/bool4Yq9fqQlXDyFMbiu0B57KEYshmeJE5w0fmBhenORyuKq2xhiXL4RCuKVoitjY75T4O2+ZzAqYli3gMcRksG6b+gXAYGF3XhJ2m2tBO5STlWzQx9eo8Ksm8+z0mJk7JgdKpov1mLzWZh9vHNkvUIGw15h+3FBu7oTgcvwrOqGDCCcAQSimMKiPuCUi+r2z4FuFobZOSlqAD2eRX9yh/V8s4VmaohrxacgIdscipkMFnQFGGkV3PHhh4yfMzZNHPll5Dk9fUM0BHrFMUccvP0aww60+4pufTUGWxrW5nRlI6jImPuoMh5KVZj5OAPYUcBj10UHjjtFKWN0V19XGVUx5TBR+AAkQzvAWrobSfyTyuk6P0l3Kpyi6DAJoW1Z7t2EQueKxjAd3uKMeCNDIfJOWVju9j3t2iu4BN3eyZTTbeKMwfkDJALHTsmtisRfc47qLxB3jyOHZXdZsC3OBgzRl2NlejgM+P4CVVH/kwT336u6ouuLJFjpsP+iUdBiRE=,iv:1FVhrbnLirFr2bHWZ53vEdnS6rL+HSMdV/XZarMmNAg=,tag:HCdx2II3FqDGy/t36NGiFA==,type:str]
|
||||
privateKey: ENC[AES256_GCM,data:UNOJu/8lwtOy76y9mURvAQAcCPkAqCr3k4zo0qJw4WoyRiFnHszFrk988LdX9hi1a8d2SYpSbWBdRxAOBOkB0ljycjudgH+xVdOLeJDKZH69zRKkWwdfq6N4vxYhqnUyCuwsRrFvg4cZYeEx9n133QNf3DPYIvovlPEfurQXDt8s3/tDqVeJ1SuJTX2sp8X79KWypCb9T3mar9X67EirV2Tz6uxzeRiWUpekfQbdzcjITiQPZ9silBcu0ZIwgfneBQ9yqAV/Gu01mJph6H6cYqBhK3xO4T8tXsnk66siBjWmqKP+3kVG5pyFDMAhuM0Jz+0VkaKOjYxTaPff1YMsL7/hWQUXcMgM6NyppMbpJBnvqcaMpEbYuEF444pBVktC,iv:H/X4eW+1//f7uyJRiveZRQRJcPGelxHhz1sIlzsMCcM=,tag:n+/dttJpTBeHFK/H40M0oA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1d9p83j52m2xg0vh9k7q0uwlxwhs3y6tlv68yg9s2h9mdw2fmmsqshddz5m
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIREVLNDdJUVJlbk1OR2o1
|
||||
RFNJLyttRDZoTmoyenZFU2docVUxRnVtdVcwCkM2VEV5ZCtobWJDZUNVYWlkK1I1
|
||||
dlJlbzQwKy94dEkrZG9rb1lma3IweGcKLS0tIEZLQjNxT1lobDh2VEJWY3E5cGZE
|
||||
UzdGT2JpUWtVSzI5VVBXNWVXamlYTEEK5fFvbB55/4Nj3tI2TG3WYhwA1WK3vmfH
|
||||
Qh5H5GcAYGV37Wlw2mZ/J3SYo9IBG+aNyXO8nE2/pwF7Tbw7GDPQ6A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1m83ups8xn2jy4ayr8gw0pyn34smr0huqc5v76e4887az4vsl4yzsj0dlhd
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtM0Q4ekVwWXhYd3krVzJR
|
||||
anFxQWtaN0I3Qk1qRDE2cFVETGs2T1M0ZHhnCklBL3hmeXh3OWpvYnRzRHJWY2o4
|
||||
TWpnYklpOG04S2pCVEdmTWtCYXJSUWMKLS0tIEdSUmthcEo4UjV4THAweC96cmNJ
|
||||
dVV3TW04eEZDNW83T3JCRFVjMmxrZVkK7mU2HJstMD7p9As/s4XyBuYVJAlqCveA
|
||||
NvC0imDnZ7btrVWKNTV2UB0VgQiM+opgcNHYhqRT1vLpUv/+ZRFDrg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age18kj3xhlvgjeg2awwku3r8d95w360uysu0w5ejghnp4kh8qmtge5qwa2vjp
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqWElORElqTkQveHZFV1pk
|
||||
ZitvWnZLTEJJWVFCTzZTVklQOVNCa0J2ZXhRCktGelNLYS85dmhJdlVjUWxkTWpC
|
||||
R3cycTd0NEVWN2pLZnoxUXFyeG1tSjgKLS0tIHlIbkc0Yzd3YURqOWVwT0NTQlZR
|
||||
bzRaVDdDL0NlNUZ3cTV4NU84NXNTeWsKZXNd2pYBG5P48kurR/XyswPGStyzSkqs
|
||||
2mEjJCwuMZBkBRm9DFzbB/01LxqNnES4U9/6oVri0y4mHl5R7PyTag==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1lp6rrlvmytp9ka6q89m0e0am26222kwrn7aqd45hu07s3a6jv3gqty86eu
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNQ3JHSE1IcWJqYW85cGtr
|
||||
WXI3TE1SNGZ1R05iRkNKeW0wR2pVNU12dHlFClJseDYxUjFyOFg3Yjdpb1E0aEVj
|
||||
SExnaTMzK3dDR2NvNEhjTkoyUTI4NlEKLS0tIGsxencxR2dhWWwwaGtFU3VnaU9x
|
||||
bUNibENVMmQ4NWhOTmlOdmJyTTB3eUUKM5zbfS3IOGgXlAFi+40DAIBZbLiDDyLu
|
||||
g5CZKtRAw/85WOqOdWl+WJBYegggyZs3029w2QA9WzxymnkGiyl1nA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1e4sd6jjd4uxxsh9xmhdsnu6mqd5h8c4zz4gwme7lkw9ee949fc9q4px9df
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZb0xEUFc4MmpOM0RaWmZO
|
||||
Q1MzVkJyRnNFN28zUlQ4TUZ2TktWakFVZVQwCndvdDNzRGJMbE1lMHZaZ1llVzE1
|
||||
dXZFMngzVVM4UjZWV2ZlOGY5bWJjQjgKLS0tIHBMWFlxd0syRjlEQUFwRS9lN1Ji
|
||||
K2hUdmZmUHVWa01qVHVUODBlZ3RvY1UK4u0PsdXstr/NVsYGRglQ8IPhElIcJIbk
|
||||
3G83Dunu+WApUNMhoCFpB0OuxSyc+xDIdEOhqcFGvIoywMmnpWWZ8Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age19jm7uuam7gkacm3kh2v7uqgkvmmx0slmm9zwdjhd2ln9r60xzd7qh78c5a
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrRFBRWWNSU1l5dE44c0No
|
||||
QlJvYlh3dEZKVVVmS2RKOUdyaWtGMythUHhjCmsvR0M1eHlVd1l1NXVCWEw1ZnBa
|
||||
SUNpWDFZWWJlSlVnR0VCNlluSWt0b0UKLS0tIENMa3FFWHpkaTg3YlRXRHpML05j
|
||||
b1dmeXFkZjViVm5hdldOdTJRRWo2QUkK+eoVhfzSHimufxl0O81wRBJQ8iEVb7w2
|
||||
rVLONs1qR5xRGCV6OpCtbRqKaNXQgGY/w1CGb/44xdmh7C2C21gs6g==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1nwnqxjuaxlt5g7fe8rnspvn2c36uuef4hzwuwa6cfjfalz2lrd4q4n5fpl
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKV1o1cFphUnNhdlM3blh0
|
||||
dHpKODg1SXNsbVlnRG5zaVFiNllEOGEvWkM4ClFwZDg3a1o2UDYyUUJwdHAxU0JX
|
||||
MUN6Rk9rR0NKSjNyK0ZrQ1BaTWpTNjAKLS0tIDZkYTUvd3lkZHV6ei9xemUrUWFQ
|
||||
TkJ6bDhxVVUzckkzNllsTkZLeFlEMkEKFesi49AfQbNLnYGrlvpCXCwvI22J1DL7
|
||||
QK7lBMlDX3+zlutX6DKygQBT3BckSZWI8upOsK2atjP6d8seDVl3cA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1a8z3p24v32l9yxm5z2l8h7rpc3nhacyfv4jvetk2lenrvsdstd3sdu2kaf
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0eld2eEwyRTFyMGhXL2w3
|
||||
Q1JYSG9VMXVqZE1zak1Ub1dOWVZYaVBNUzM4CmVUNURBcDVWeHhUUVBoRDE4M29B
|
||||
SzRyUGU5MUVSL0wzRWZLd2RYOGplSmMKLS0tIDNOYWcvL0t0K0tXMWZGQXNybjY5
|
||||
NDIwV1hIcXoyZWI3dUEyeWtXd3FLcEUK0YBS95TA9luAL1mObUtH6RG4nesYZ7Fc
|
||||
bB3e2p6Mrp/t1Oa/8p6WQXxu4vf5y0XCNLXeW6I6/3udrTXARaNNPA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-11-08T01:54:39Z"
|
||||
mac: ENC[AES256_GCM,data:YD2Uwxq8rt2NPKfh5gxHvXcbcEmzfO2ZaaYjH0RnhHyNnHrf3jcyzEhJphKkzRRpsCJ/F7UV+x8EQdWkVn7eUykY92TkLeZ9I6TwyqupzfycQGrJK3Ma+jbO0qlG5L7NXXSxj4LKtJ9Rf1BdFH4czeWmrM3aMhtgAclZ4sTSCos=,iv:AElkydOvlkkGu/1iLxclH1bqkd1Pj4uQH3gbp6iGDII=,tag:WEfrJm3F0niQn1vKuowALg==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.1
|
58
nixos/hosts/telchar/default.nix
Normal file
58
nixos/hosts/telchar/default.nix
Normal file
|
@ -0,0 +1,58 @@
|
|||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[
|
||||
(modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
|
||||
networking.hostId = "4488bd1a";
|
||||
networking.hostName = "telchar";
|
||||
boot = {
|
||||
initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usbhid" "usb_storage" "sd_mod" ];
|
||||
initrd.kernelModules = [ ];
|
||||
kernelModules = [ "kvm-amd" ];
|
||||
extraModulePackages = [ ];
|
||||
};
|
||||
|
||||
fileSystems = {
|
||||
"/" = {
|
||||
device = "zroot/root";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
"/nix" = {
|
||||
device = "zroot/nix";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
"/var" = {
|
||||
device = "zroot/var";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
"/home" = {
|
||||
device = "zroot/home";
|
||||
fsType = "zfs";
|
||||
};
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
virtualisation.docker.enable = true;
|
||||
|
||||
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
# System settings and services.
|
||||
mySystem = {
|
||||
purpose = "Development";
|
||||
system = {
|
||||
motd.networkInterfaces = [ "wlp1s0" ];
|
||||
fingerprint-reader-on-laptop-lid.enable = true;
|
||||
borg.pika-backup.enable = true;
|
||||
};
|
||||
security._1password.enable = true;
|
||||
framework_wifi_swap.enable = true;
|
||||
};
|
||||
}
|
|
@ -27,11 +27,11 @@ frontend k8s_homelab_apiserver
|
|||
option tcplog
|
||||
default_backend k8s_homelab_controlplane
|
||||
|
||||
frontend k8s_theshire_apiserver
|
||||
frontend k8s_erebor_apiserver
|
||||
bind *:6444
|
||||
mode tcp
|
||||
option tcplog
|
||||
default_backend k8s_theshire_controlplane
|
||||
default_backend k8s_erebor_controlplane
|
||||
|
||||
backend k8s_homelab_controlplane
|
||||
option httpchk GET /healthz
|
||||
|
@ -41,13 +41,13 @@ backend k8s_homelab_controlplane
|
|||
balance roundrobin
|
||||
server shadowfax 10.1.1.61:6443 check
|
||||
|
||||
backend k8s_theshire_controlplane
|
||||
backend k8s_erebor_controlplane
|
||||
option httpchk GET /healthz
|
||||
http-check expect status 200
|
||||
mode tcp
|
||||
option ssl-hello-chk
|
||||
balance roundrobin
|
||||
server bilbo 10.1.1.62:6443 check
|
||||
server frodo 10.1.1.63:6443 check
|
||||
server sam 10.1.1.64:6443 check
|
||||
''
|
||||
server nenya 10.1.1.81:6443 check
|
||||
server vilya 10.1.1.82:6443 check
|
||||
server narya 10.1.1.83:6443 check
|
||||
''
|
|
@ -42,8 +42,6 @@
|
|||
swapDevices = [ ];
|
||||
|
||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
# Until I can figure out why the tftp port is not opening, disable the firewall.
|
||||
networking.firewall.enable = false;
|
||||
|
||||
sops = {
|
||||
# Mounts unencrypted sops values at /run/secrets/rndc_keys accessible by root only by default.
|
||||
|
@ -99,15 +97,13 @@
|
|||
|
||||
matchbox = {
|
||||
enable = true;
|
||||
# /var/lib/matchbox/{profiles,groups,ignition,cloud,generic}
|
||||
dataPath = "/opt/talbox/data";
|
||||
# /var/lib/matchbox/assets
|
||||
assetPath = "/opt/talbox/assets";
|
||||
dataPath = "/var/lib/matchbox";
|
||||
assetPath = "/nas/matchbox/assets";
|
||||
};
|
||||
|
||||
dnsmasq = {
|
||||
enable = true;
|
||||
tftpRoot = "/opt/talbox";
|
||||
tftpRoot = "/srv/tftp";
|
||||
bootAsset = "http://10.1.1.57:8086/boot.ipxe";
|
||||
};
|
||||
};
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
1password-credentials.json: ENC[AES256_GCM,data:AgjrQRlLUHozHTsn2iAf+DoQKmhQfSH6ktISxUZeEjs56k6idjbndkK/kwQXNNrAwmmpT+3OG7cOv0bAPU8AzwZYVyOlpFwp/eXvPJI6YcXlmsCn9lEANpdIbpc28npWTxuYvwZTSavJt5qo/Q9Gf5YQ2qiW6ER3vA1bej7Q6/WRNqcRWKfcMOfNg5YAms/o+nUDKgp2TG4cypyw7tXUoFk9drhCrybNSdlWxWf1t+VdiGLIFk1HvYWkelpxJujRZbKJxNi+4kPT1xQyU8IJbOZx1wXsIfz5I7QPtfoMxbAhRB5ikAwZpNLO1DpnAqBcLES+yqHm0V/hyI48mHz9gSH7fCUvGqj2OqdaKAl0lEpkTMA8PkfRNKGumwHsq2IEh5PP0kj50WlEFFoZszM5QKr9FK7tcvMP0mTL88hlCqnH7rzvNQtpC76BcoReOfKO0ZPtfEAJVGzsQ4F0hkeYzlfyoylqOzldju1QPadQ8Pq3dZFUXg5mZrF2N2kx8gqHqNHqK0BY7KFRrqTIJWebHiLYWe+WWqK3aUSLx3j8iqjuf+HtEBnxAkVIuAYBS6KwHQeXycdD/d1aMm8T46mJzW5FHlUed++GsU5HGQOF2gDZ2gfimdZ7taH0Wlf2wYmuH3BJKFGROefv0SuhuqKMxG1ownFIO0CbCS61ErRTER1P1L44CmaPyIgRNPMmz4nLlKt6+P7Ci4QGpevBkY1wHEn3dT/fNrBBW5EBsrWKRA88guZZHAwB3HLAVNqDno+nWlXlB5RxzaYzya6MYrlXKQxYluU73UQRzH7ikAcL4dJpjVPNIZPkzNRAI75U/IOQX+XspwM+yeIC38TAnNIcARXk2u2FJPaJLQSLqQJYgN9DO5Rg3cIVD/RsSU8TMEq/5jHaoMjZZ4iaYjUHzXbTOvk9WuGBJB1uBm3WUVDwLy6sVp7kHv4PvECcDByNxvhd7Krpbgt9sMi3jsfloo8zOzyoUOkbCEJNr6KCTOvd1/gzRVBxKyTajBkp3P/K7sqGSYpqqmE9qQSeHH6hVMgpicPsn29rzBRW5z0Oep+E6mmDoFuzJ1PJCdLguOIOkVDGiaT+ETtSrg6By3+lhcknElquTd0McoIO2nst80VA3tGUFwPcRJ+GmCtNLBDQgsxz0FtLMzIp5rWi630gnDHBjCf/qXWxyb1YXTpWGmsfWlF3xf8TrH313cnYkKVJAxMBFQVB9GCZMbFcgWg2A9T6b53tVHhmTWIZ5fHGOVBsruo/zU3mhxjoOqsbgrmj6Vi/1sEHvkN0hQq13QGT0bRv4L8BdeIanCMItEP09WZ3lDlDaXY/5xgfwr82oCxrMM7uk/j7COF5C1OjtbsqrGUUB4bphgiVsTT0m7KUw/VdJlPDUNAm3Qu5YUgeypmcNJoNFwsa0deDdg3GllaePP+8BDRbNrGSWUoNB7iNcW/fVaw=,iv:FUiB54c70FVSSkeXZ4stCdKGwihjpSZfsKqKoiDynTA=,tag:aNTbQb2/FUx2NrjQUVMIsA==,type:str]
|
||||
1password-credentials.json: ENC[AES256_GCM,data:odK6x2TscY1WNCOaPBSfo2ln7hsa5UopakUpOgB4ci64p4LGIwTTDnSiq8+UXkrDndQ7tSqtr9RUvB+AwwYOuh1KBAwWmlZN7agtxUYc1wvMdQv8WPDfhqe9m0FNP5gyTaohcjBdBddZlv7izScVePUQUdG04dGYqUg6mQ/gmPtJy27hil8GivvxRN6FnFtkgoyfE+ZLfkTuMdeL4cxai4j+UeGc5XgmsrBLrW5udeDw2hktGXEBp2vMC6t+D7uzZ7DeLBDiHRbBZBeo+krnVdPsLxU3yFF/hC8vWVbkT7Wt/UhB0+X8SWvhYOvc3KW+NfyHcU0SONhQCM4iOkk/1qvcaDHy7idqexKxOtfQaZtuHW0vB3icgbxTO9usFxOxUPe63yXHUg+UDKSN4UGCF10eLoZKaV7zO76BkTFXQLl2Q+dytaxEKathhW4fS5lUBpuxXNDXuIxMiUIclXwVWVDpL7qchTJCopWwwDRaeHrUPev+pQptEsDLYpZeuf27hPjCMiOWkxt2kg2eKPjJ8AUtI8N3OlFPCyAurLgLSrFj0Wzm24LJLKsjs1if2y2jb/pR4MPdgnHgNnHS8VQ9JVprVyuw9C/wDhVV7yW+D4tlJ/d7AXaJq/dkO8XnwCEVPyFr9bUMB076z+tleYgvv9rHkdQMaqHr5HCHAtuYfM4f0Zpfr9alJ4wxCsj+MAn/PLGxjNd/hQQY+oYRpzBne2mUoxhRt3ZjnGH8LUBFSlz+e0+PB0anS3oV3XZUt0XuwGpNIxp4LsRFgmDC2qoMKZ2X7/DfTdmb3te0YbYNUUeHxlQ5AImzU6Lj1qw/clD7ViS82Rjc/WCavg9J7U7CdDbzhtv6xCxbyd3j1r8Wi4XLAXy4ZdcdvCEyYDHwJeExY8pp/jvS3CqSrlC/PyBUemloIQ+jSQiRYDv26XpRKbJ9Yd8fJ4ANPCMuvXU21iXtxHIRwopTo87hWqqSaORFcyVOmCxJJpa/TXL5fdd4ISy6CSqZXZCCIfiVxq4fBkqSoya4XMXQQq9Ki5xwLf1bDhaT3v7okP87A9d/j9Vru2RIZtRT71jVKvwDvJhLAfYuXyIUfQh5cvIw4/HlAZzP5vi1w5KlIJGf1uVVhvTl7p23/Gi9LAX3/P75dbK+x4VYOyqjMowER3jxk9m6GyFDl7iuceNh1bIpgPN1s4QOba7N2Tex5oa/aJJKOLYE4GYDtom5auDP6Xqa/Nd4NaDyd5oVuXcP7Lp7tDu9sIW5rhGaVYKU7jhzALN9HjfmAen+cZ50oy8L3IYKlS/91qzGughYDOjK4qeQ2XrMxySnCPja7ElV4gxmB3X73nxN+N0ZLEDhAGIS1FOaOammDjK2Pj/3vA5+S2hO3GYLh9glNgRnIGlNUVtw3My9H1mYIc4eP+LGGXz1KPnQMQWRtXZHH4d4fsOyhk+CE8as7WtyO7M=,iv:RkYdMs72Nq7dwHScKZeXMNSJ53ztTXCb3lkhrr9K2oE=,tag:XDdPfd+Be9nSAbvate52AQ==,type:str]
|
||||
bind:
|
||||
rndc-keys:
|
||||
main: ENC[AES256_GCM,data:JVFfmWawvoQZNA/phLZAH/ZfDFkuDBAzQsvavFMT/8v8JKi4oJ/V2UjVv4Xhh730SP74Z41UBUA+N1iW+1HsIqCm+UGcjelLWiKoMGQMmuzVSbt4oN0lVtVIZyke+hzlNPm5qTt1,iv:Q5t9beYjCoTiYOm8K3ktqLbkaWWWzPPljcxmdrXdczA=,tag:gZaOrxZ9ou/+ZxukaZ9FDg==,type:str]
|
||||
externaldns: ENC[AES256_GCM,data:eCtagoXcjAqKfvD8AuxUhtL2Rvn1iUxbS3qDv1x1KVUzdg1jGAELgCivgPLv8UaLCZ7dqqtr1XiMgsd8RPKgSZO/AS9TTQx8eGnWUnaorUXdhYfhrGfeUa7LoEPYPNx4jwrN45j3OKsE,iv:ffUDa51TqFMqOBItiezwfiNkf4aajdfIXo6+cR48rAE=,tag:E2jMpk1/hpJGjLfIFuTpqw==,type:str]
|
||||
main: ENC[AES256_GCM,data:X0HTyNmqH1epIVNkXMyFlavqAodDw92Gs2sK54USNv0mWIwmk8NEb69x/Od8TAwDZw63k0lEAymyj/hBfkpav9yKT1M1hGxr09xjWsR/DTAM9tFv140cvnMEon0ZbXVXp4ou24jP,iv:7AsoCrxf8CyPiyWYfHZsGE0Qw/wutCVvCEiRdUdmIHA=,tag:oJi4BTDrD3FLEQuYeDR3dA==,type:str]
|
||||
externaldns: ENC[AES256_GCM,data:WhH4vAR4Q4iTXq2fT+Z8kOXkwnneNV4bXWYytov62DFDSnYwsvWIbol5MvYIwXM+gEbQ/k/uk62MSFx26T34881EGJmH7KXWr7ji273D8oKAp0Fw6jOt2NZT6XkBwhWEIathUOwNdN6E,iv:SepdyBzYga7s03ppSppiBB/wTbTrL/y70aa/B/m02r4=,tag:vWqlZLx+FvstJjgRj4mjWg==,type:str]
|
||||
zones:
|
||||
jahanson.tech: ENC[AES256_GCM,data:CEOcBxa38OheRPP+JakWVfm1vbtTlMzEsEYhzehckpRN4hj9epxVwyKzth2JvhdJN7zslP/BydRm2VowSTJLDpEsRBYiC7650ear3co1qM60SvLHNgsKcW+UTfp5RUqIcos2Gfll2vrMFxMIRV9nrSz2g3trteC/4B3wmVLZjnvNQoB5SePpQKXZQQesO5+5aiF7hRqk2OSz57S/ncjHJhLz9h3xyvr7JXrcdUWHTUarqQbARG3owzaxEoPY+n4nqtx5JXqFaYAMSO6bio4OHanHXhdMfSpZud0bT7wBarAtWCFgIIMMKfd4Q1qBm5AFQyApdLKdwQ4zakrRYOx07zp/ZxVOQ5oiGIuFsEumf370PCzR6JPVivX0gHsJXR3EqlXVy4TpFOzit9jc43XD9LgvYKxdQQUUC3LwfCVK/6/rjqVU6+40tA30D8KQS1UZ1Bmm7+QGk4Jdocwg5KfI9BQNSC+Qfrmif8Ckljr8978p7rxEhMU52DkoNeOxHtLcjzsskVV2Mv01KdKQByoHxVR7ySEkmz1nDc6O6kUExgL4mrXRa+zWvTwkQdcjCoOvb5Z4X0sUdUwvt3qQqbZLyCLvXLwLyOjCTlHu3E+nlZ+AESTRoAgexkR+oWQuekoPaFxy1F4FFk8MDpBb2Cgsw5ZHhgmiKaV5e0DVU3oS6mRl1OiqhMSnbBsheyXYVWSHQh8xvlLgvF8/INeJCgZArjDfP/nz15ctkBVKC+6eEyTCXiAnaS1snbJdovTRiz9GUaE3AcQ+uRhhqDL7U1AO6n5vxI/6nKGH1YK2Z+ym7JT3M8+wtBhM/fPs5DjwjMb9c5z07Ks48r+dm8j91jsh2ACTJRvhvyQvxHh4HPWicoUhRdMj/VuLAwMpsCGRCwjsZ8OzNvzWUz/+5kA1J0/XEh6TRW2ZNKO+uzcpFKoAPwRbF0lLgZYnuceEEb1oyjEH0UjdKDL7g8GtnEdN4kem+Nfk/OgyVJKLCN6ILvd8QrhXhmAZri8s18eNEU2np92B6ISmRt/b0pcNyva1fRvYYv3CaIjqjx4RFa7pZvjyXysuomdNzUx6wfwBxVqQn4FjAhOCeGVawtzLDV2ZPfaxc36RIOrK,iv:Y6CcrD/be0F6B9TEfGFF74jWvk7uWVUytutnFGfnG0I=,tag:2JQaYAj4IuFw4LrnQ+gAig==,type:str]
|
||||
jahanson.tech: ENC[AES256_GCM,data:XqOX6lbCubPEi1pXgIEXW0qyD2+iJXNugTPdQOB/yCm4AX1mMiANAV51FBDb9f+QQ+q1EDqGz/83VKggoIvHSZCOW3dkNWR2uy82uO8C59sbsLrR5AzTTnZN2zlaIjW2q42I838mKfO7MfYXutwQbTpepr/Brtbldm+HRjxugJJMDFvBqSlylSnFA+jeWq7RNRP1+ZxGULO8I2BTPqdRVyRHcIWjyQABTctDcDgDLMpPxrMBTtmC2/CFH5pIT3w6gbrYRwYFZh7fNprOYRRPOkGHMZK6ccMCpm2uRR4b5daB1MidqJUsX999ma2TEmsUJSQZr6mS2r/QvwZ2R9QziIkBxh91vCg6HMaHl8/ISlryZVlkWNY1P2jgCMw0jJ58NxeBVAjVWw3iL+i9JU/q51r8J3nZHi5ql90JMaVdYWw8I2GLYWDHQnES9srEXtJwJNLzE69lQuL8ARmey4gt8Q9snen0v3RJVFb466nPKvH51TjIAr3FB2L8NY3RumD4eYl05L5JdNcFVuqmsYdoWQSQdZz23BxRM/QKT2qKjrhxfZuQW1naNDg3qbx5+bLGHlG6m8wRdtkR5SXWQc5a7LG2eURY9T7vy8yxMWzjd5LPMFLd7JlUSjwXw9YBhYTafGuc2TUESs8DCO/hU2zjAn1KM+rmc2T4aF3HexJwt7b7HBmMrDWObdtj09ycV10tp1Z57ZMz18aJdIbaZKopERN25FzIKiTlytiZiWsesLo6mUbsgb7bmjGGjBEDbp9P7ozgZv5H+aR5Y7POl9EG3gfERPsa1nF1qlloOrYT/GX8pUNhXAxH6QfX7WF+ANiMB/L/X4L0/XufV7shCWfQwogZ3t7ARGHr3dIOyx1ABus+M2QUZyI94jHTn+/J6aaxL8qsDGDZ6383Gk/CHa57BklRUrZZYVs9jzDe7+12gDfID/eP+nnKuohwCY1KcHL5QCRUg8KN1ZIyH1FYz489l/qKFG1nO33iJv/l6opWjIv98EM88ckA7zxU1+UgjxNiBo0EGJPw1erwTwUzehTnj303HuTGbtGjgE/vK8M+rCCpL9L0YAFQyXqeuqQs6yM3PHCyKfvThCAnwnTIGn2mZcyu/GGGOO9Hse/islh4cYldxC8psKNfNlf6qT43MOf+gDJ2GKU2kzU5tivlNqXbgAs=,iv:8SWNl65v24W504eG64L65rDmvqrkF5VJhufN3u/wRG4=,tag:oapDfnOAPyPDiJrxGHtiJA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -14,77 +14,68 @@ sops:
|
|||
- recipient: age1d9p83j52m2xg0vh9k7q0uwlxwhs3y6tlv68yg9s2h9mdw2fmmsqshddz5m
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5V1ZQcTBNeFF6NjdXMThQ
|
||||
QnMxVFZHZlBwTk5CU1pSNFBPTUt6MmR2NVNrCnFjd0Q5d0pwZGdJbDlDdS8wNG5Q
|
||||
aHdqekpmREhlbEVMUjZNc1BscU5xbjgKLS0tIFdLUC9wNGlyOFd3WjRnc0IwZU85
|
||||
alhDYk1DelpINjYvVmlCa1pKY3hjV3cKF7aIzA9U1bPVP6bQbYCTjXKptE9Rovyi
|
||||
CVBUzWWrb2Z12rvjDzIKc/L1iMqLn0PjPsYHL+CHW8z5A6R3m3FDMw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSSS9JWTZPak52ZFloYTZq
|
||||
N3Ewa2hrbUZmZ0Y2aVpzaTZjN1hzWTlqRmg0CkdIZk9IMDdWQ2xsYmdHcGM3WmVk
|
||||
cnVXVkprbXlQeDdzSkEvbW9SSE1aU3cKLS0tIHpuQUY1TmdKbGpZQ3N5Vk5LdzBC
|
||||
VVp6Q1ZNR3gycSsxU3Q3SGtNUDN4cEUKDXO3QyNQfXqn587meoAZqraGMl4ASeOf
|
||||
rVJDGWkNhne1YFdAfvbiY6pD7RDxscwiRFqDofH/t0EfN4vwrzIx3Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1m83ups8xn2jy4ayr8gw0pyn34smr0huqc5v76e4887az4vsl4yzsj0dlhd
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFUFlDK1duT010Nll2cmV3
|
||||
ZVRKM0tFNGVHQXM0Q001ZGtIZVV4bVByTVRZClZVclFEMVlSYnp2ZElNZm1DOGpR
|
||||
bzNCUkQrNXF4UlU5WHloaEtzMW5wMUEKLS0tIFpwQ0pLRjFJOUR0dEhhTVBhT3hJ
|
||||
c09wdG1jVlREUk5QUThKRFpsSlRUM1EKjxe9zkAp8t3gwMFOipPZeVdIyEnOTm77
|
||||
0EnaO+oPJNTE+WefHKEEnqkUP0JY6vkDSkymgLtlPnY9VkAWP7ymbw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrSEZKOUJTTjE4YTRQUnFW
|
||||
bzhMcjlSVTRNRWNkSmZSbU5ITFFTbURFbGpJCnpndFR1OVJvWnBOMVovdVVGWkZ4
|
||||
Wk9xa29kekgxRnlqbFg4YzN0OE9ZYUUKLS0tIGsxeUhWdU5NaTE3cHpYNXF2OUlK
|
||||
eGNyTXdqWFNvZ0NVOCsvaG55dUdaMEkKW9SxqP6Jpn72VAwPhn3laO1OE+gYzLvb
|
||||
10NfaR+2P0EJZ3nwc0sLKmPmSzcRiE9etGtNGFiLgoUNkQ3lnwXj6A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age18kj3xhlvgjeg2awwku3r8d95w360uysu0w5ejghnp4kh8qmtge5qwa2vjp
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxTlZoVGgwSFNOZ214WlBC
|
||||
dFdBb2tSTjJLU1M2WmZXcS9jU2d4WThab0JFClNQekNJM1dmVjJUeEN3d1F3dVFF
|
||||
R0c2bFlFNkowZjl5eEJXMllXSzZLSUEKLS0tIG1CUWRZeXE3SksxTUxrQjBTaGpS
|
||||
VTZqOHB3eFlHZmNlSU9QOGprdWh3bm8KfvR852TCR0nfmXkDgF3FSOR9agJ8GUPt
|
||||
1iK2aDZHLZKcK4mcuPc/qzfCXvTHlIvTDbSD0PbgCyG7gwgX2Qd8mA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFTTF2TjJ0WGJaTUFIWE9s
|
||||
S1NHQmRiQUVjSGJLQXZ2VUUrclorT3dIOXprCnQwOUorNXFzNG1DbG8wRW83QTdC
|
||||
a2ZpZnM5Vit6bk1SaXRSZnZZT1g4ZzQKLS0tIFd4RVR2LzdvVG5nVzBiKzBPL1p2
|
||||
eFJWOGx3Z240clRQN3dNa0Ztb2hrUk0KunfKdWPTZD32KagC+VXmAQDxJAoElHAp
|
||||
mo8a0GGdeVuJiUneJlZ2KYuLkseCyn0HC5qQMUIT8HZJ2bb+RH0vDg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1lp6rrlvmytp9ka6q89m0e0am26222kwrn7aqd45hu07s3a6jv3gqty86eu
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3NXpCcmY2T3Zmejd2TUlX
|
||||
TDZYMSt6OFdIZC9ibHJid3JxVjlHK0pCWXpnCmF4dTJWNzQ1a0FZdWxJUWZVZEhk
|
||||
Tk44YWQ5U2dWc2orcTExMjIwT3ZOVmcKLS0tIDJpbkEyNmJmQU1PemhpYzBycjV6
|
||||
V0pHbjhRcERyb042L0ZMUnZSdVpOOEUKICA6kYzVpAwMaoKrZIkj7GIjv4mGRzu5
|
||||
3sm2D/yeE68TXH6PvHPRZpkLAqrn2HvQuviIgHXH3Flgeuu+DGl8cQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3ZHAxMVNsK3U1ZlJnaEJj
|
||||
eTNhZzRidW9HQ3Jrck0zNmxPYXcvVUtJRTJFClFiMGNuYnEzbVNJNExVSkZ3dVJy
|
||||
MHlRdG1uNHhZb3daNW03bVJrOGZmNmsKLS0tIER3RUg0TDRQT09jdy9xNzF6OUtq
|
||||
VHR4NjUxZGpRYzNKaHhlVTdJQXBmTlkKHgqnACFlEusz0/W+I/O2smr/SV2Oiw9Y
|
||||
wCqCyVfB+kGrfgq08e8ki8NXv3PDT637BU3kXFaOTQhzSE0aCpD8qw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1e4sd6jjd4uxxsh9xmhdsnu6mqd5h8c4zz4gwme7lkw9ee949fc9q4px9df
|
||||
- recipient: age1vsqx6kukrfhrwdy4sujnra5gsswzuh0cfcfdh0d9qjrkts8hl5aqnjx32m
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMLzdsOHpDUW9Vb3c5cVFZ
|
||||
a0VOMEdjS2kzbTVtcU0zeXdOclJxbU5FSFE0CkwrdGN5VTNxT2Y0VUdOT0ZnMWlz
|
||||
VGxwNGFSSUttZjdIVDlRL1JQekhSdkUKLS0tIE9JbUJWeFRVbXVyNkJIVTQ0bS81
|
||||
Zk14MEtrR2pRSWVPUEJONVNKNUl4VXMKJ93XAmrAH25gUTbtY4HQjSKCJqH8yK7t
|
||||
5WGip1wjuP/jab8ycHaM8MK6hH7qKJGLKF0Q+agvQok7RKqZl5+ikA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age19jm7uuam7gkacm3kh2v7uqgkvmmx0slmm9zwdjhd2ln9r60xzd7qh78c5a
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvYUhubnhKcnFDZml5Qjl6
|
||||
MzgvVFk4QzNwOWdSWDh6RlBDdTVzRWMrTmdBCktBZVdKWW9JdGxEVlRtVCtMYXpB
|
||||
YTV4TmNlRnFzMTcwWGZSeWtzN3hxRFkKLS0tIHpsMTNLckhMRkM5V0xqbmFjOUpK
|
||||
ZFl0QlZCUmcvQXBvcFpoZHJNZ0xUQTgKTnAjik5QM++wy3+y8N5zHk+nY1+bMfr8
|
||||
5IQBIQuoJUhvj8GPniyYRHEhzttfYNuYJaENQcuYOaIpbGb3jTmBJA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvTXJWQThMaDZNajBFOVRT
|
||||
NEpJK3RvbzRKUXE0NWpRQVA0aWJSYVNxWkhNCk1nWHVaYmZNQkdQZFJIOTZKTWxC
|
||||
RXpOaHc4dzNBZ0txcFhtbjVVSjhDbXMKLS0tIDkwSnFTTjBZZE5hZTdXeTI1Q2F6
|
||||
Skw3OUt4SVlrQ0M0d0h3KzNubjZ6SDgKiEvuO+RqygeSSzeUlQJSPuzNY4tbzKso
|
||||
bt/fSCV4ulFTvjybD9lfA9dclHGM/IRA9obCQd8RsCBQuXo9cuWnjA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1nwnqxjuaxlt5g7fe8rnspvn2c36uuef4hzwuwa6cfjfalz2lrd4q4n5fpl
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArQW1McmZlNVhDR1VRMUM5
|
||||
UVk4aGd1RDZxQ3RlSG1UUEd0R1gyUU1VUkg4Clo0eFgxVlcvNnNtWVZZajRGYUZJ
|
||||
K3d0ZzNSSG16dGVONjU2cDMzbkNvazAKLS0tIE1jcU9ERXZhbW4zM0E3Z3RJWTRm
|
||||
anA4RmxVOWplWlo0QkFLQ2xFQ3YrRWsK0Z1iH93d8sMj8PbFaLBBO7xqz04f6ytV
|
||||
m6bFiMoTp+hdnFdGZkl3S+4wQBG44uLJ9z6I/SL3H90ZBrVfE0XV0Q==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVZkQ0NzVGMWJ4Tk9vYnZC
|
||||
dmo5U2FJa0pOUmt1K09MWFdRamNnaUgwbEM0CnhKRmMyN0RYMG5Uc3ArQVZhVFZX
|
||||
RHQ3SU1TUnQ1SlhvZGp6emFOV1FuVE0KLS0tIE1oQjQ1dUhTMVBaTnZIeVpVNmxp
|
||||
cnk3ckEyWkdhWkpkQlhJTHlsaGFTNDAK79D2C2RZql38hBJOBnqhOOdb7Z7EJNgj
|
||||
aWfivACOM//hsPCZK+9YFpXJ08Nb6iBlNKzYsTW7qJ+Ue9M9i9JShA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1a8z3p24v32l9yxm5z2l8h7rpc3nhacyfv4jvetk2lenrvsdstd3sdu2kaf
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoTSsvbFEvc0ZjQUl5WWhl
|
||||
Q0tWVndqbGlMcnpYMzUxdnlWVGxubldaWVZFCnpBdHRaa052aUJWZENBR1QvTXgx
|
||||
Nld6UHpPR05yQ0g4ZEVKVVhQUUdNVWcKLS0tIE1aMm1XOWRxWXhiOGk0Y0IzbEdN
|
||||
b0VpUGdsdjNpV2ZJYzBNeUZtTFg0NTgKJ9dSsLlgbxotxWyLrY6XWVyg3I3zugG0
|
||||
pvd/gQmiYFxptVmBPw+GkOZJBugHpURQznXq6DEo0hVaYLoxoaFBNQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqdHRRVEY1dmR2WjM3YVhk
|
||||
dFZ6UmUxUTJKR3RKMUM0UXVaMUJwMzJRTmpnCjJtdjgwNnphOU5EdUxkSUp6UkQy
|
||||
cS92MGdlTExVbWJIWGlGVVFla001MGcKLS0tIHF6c3MxR1V3N2szeXlNdWhUaGpW
|
||||
WWRlTHl1MWFmU293NGJyRVNRTE1RWWMKu5nK98591T0Z4rHIHxCY7mqBW/CF6abl
|
||||
3/ygImXkb15Ws4b4mcN67vk3omg9CB6s0SHfFk1GAu6CiN7MufHQ+Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-10-01T23:46:47Z"
|
||||
mac: ENC[AES256_GCM,data:3vtZhdp4eCAlzq+LWypv5wb5qAdFM3wYTmbtvHMIxG21Z2joEH75i2BqYRl8sQPDSM01wbwZp04/pgjEBogrBrwC8Jt3fAB1ptx9A1vPBIwjcprFR53/A0SFRqb3eXJbwRMS3axZx2yp3qzv73en1vcfRgS2YfjaH8knH1f6/CE=,iv:L3NBzPNHi1wBLA2+sI+Ncl57el61friVvar1HbFWSW0=,tag:sxm8CFpwTt4jgyHBPqVihg==,type:str]
|
||||
lastmodified: "2024-07-15T23:16:58Z"
|
||||
mac: ENC[AES256_GCM,data:pmZjxv+vcznnamHNvOL7sr8wrejmcqo6D/NpizVo7TPo6cs59vTQ2fXmM0zlfJs81wZVe8cMcv2LXITSmjpZOsrhYuzMpPsc9HGzdwfOXVTfdVDYWVwNd4LsXMW40rqUbZyVtp8zAOW4eF5iY0H+acPxMcBbogoQKOU94a0NqzU=,iv:vFcpIrA9KRMawLCbMqWbKcGFPBcMp3mQRIgje5dV5S8=,tag:iuEaP9jjhhvjMjChvaoBCQ==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
{ pkgs, ... }: {
|
||||
imports = [ ./resources/prune-backup.nix ];
|
||||
{ ... }: {
|
||||
imports = [ ];
|
||||
|
||||
networking.hostId = "cdab8473";
|
||||
networking.hostName = "varda"; # Define your hostname.
|
||||
|
@ -22,17 +22,13 @@
|
|||
|
||||
swapDevices = [ ];
|
||||
|
||||
|
||||
# System settings and services.
|
||||
mySystem = {
|
||||
purpose = "Production";
|
||||
system.motd.networkInterfaces = [ "enp1s0" ];
|
||||
security.acme.enable = true;
|
||||
services = {
|
||||
forgejo = {
|
||||
enable = true;
|
||||
package = pkgs.unstable.forgejo;
|
||||
};
|
||||
forgejo.enable = true;
|
||||
nginx.enable = true;
|
||||
};
|
||||
};
|
||||
|
|
|
@ -1,24 +0,0 @@
|
|||
{ pkgs, ... }:
|
||||
|
||||
let
|
||||
cleanupScript = pkgs.writeShellScriptBin "cleanup-backups.sh" (builtins.readFile ./prune-backups.sh);
|
||||
in
|
||||
{
|
||||
systemd.timers.cleanup-backups = {
|
||||
wantedBy = [ "timers.target" ];
|
||||
timerConfig = {
|
||||
OnCalendar = "daily";
|
||||
Persistent = true;
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.cleanup-backups = {
|
||||
script = "${cleanupScript}/bin/cleanup-backups.sh";
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
User = "forgejo";
|
||||
StandardOutput = "journal+console";
|
||||
StandardError = "journal+console";
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,20 +0,0 @@
|
|||
# Set the backup directory
|
||||
BACKUP_DIR="/var/lib/forgejo/dump"
|
||||
|
||||
# Keep the 3 most recent backups
|
||||
KEEP_NUM=3
|
||||
|
||||
echo "Starting backup cleanup process..."
|
||||
echo "Keeping the $KEEP_NUM most recent backups in $BACKUP_DIR"
|
||||
|
||||
# Find all backup files, sort by modification time (newest first),
|
||||
# skip the first 3, and delete the rest
|
||||
find "$BACKUP_DIR" -type f -name "forgejo-dump-*" -print0 |
|
||||
sort -z -t_ -k2 -r |
|
||||
tail -z -n +$((KEEP_NUM + 1)) |
|
||||
while IFS= read -r -d '' file; do
|
||||
echo "Deleting: $file"
|
||||
rm -f "$file"
|
||||
done
|
||||
|
||||
echo "Cleanup complete. Deleted all but the $KEEP_NUM most recent backups."
|
56
nixos/modules/nixos/containers/backrest/default.nix
Normal file
56
nixos/modules/nixos/containers/backrest/default.nix
Normal file
|
@ -0,0 +1,56 @@
|
|||
{ lib, config, ... }:
|
||||
with lib;
|
||||
let
|
||||
app = "backrest";
|
||||
image = "garethgeorge/backrest:v1.1.0";
|
||||
user = "568"; #string
|
||||
group = "568"; #string
|
||||
port = 9898; #int
|
||||
cfg = config.mySystem.services.${app};
|
||||
appFolder = "/var/lib/${app}";
|
||||
# persistentFolder = "${config.mySystem.persistentFolder}/var/lib/${appFolder}";
|
||||
in
|
||||
{
|
||||
options.mySystem.services.${app} =
|
||||
{
|
||||
enable = mkEnableOption "${app}";
|
||||
addToHomepage = mkEnableOption "Add ${app} to homepage" // { default = true; };
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
# ensure folder exist and has correct owner/group
|
||||
systemd.tmpfiles.rules = [
|
||||
"d ${appFolder}/config 0750 ${user} ${group} -"
|
||||
"d ${appFolder}/data 0750 ${user} ${group} -"
|
||||
"d ${appFolder}/cache 0750 ${user} ${group} -"
|
||||
];
|
||||
|
||||
virtualisation.oci-containers.containers.${app} = {
|
||||
image = "${image}";
|
||||
user = "${user}:${group}";
|
||||
environment = {
|
||||
BACKREST_PORT = "9898";
|
||||
BACKREST_DATA = "/data";
|
||||
BACKREST_CONFIG = "/config/config.json";
|
||||
XDG_CACHE_HOME = "/cache";
|
||||
};
|
||||
volumes = [
|
||||
"${appFolder}/nixos/config:/config:rw"
|
||||
"${appFolder}/nixos/data:/data:rw"
|
||||
"${appFolder}/nixos/cache:/cache:rw"
|
||||
"${config.mySystem.nasFolder}/backup/nixos/nixos:/repos:rw"
|
||||
"/etc/localtime:/etc/localtime:ro"
|
||||
];
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."${app}.${config.networking.domain}" = {
|
||||
useACMEHost = config.networking.domain;
|
||||
forceSSL = true;
|
||||
locations."^~ /" = {
|
||||
proxyPass = "http://${app}:${builtins.toString port}";
|
||||
extraConfig = "resolver 10.88.0.1;";
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
}
|
|
@ -1,9 +1,7 @@
|
|||
{
|
||||
imports = [
|
||||
./jellyfin
|
||||
./backrest
|
||||
./lego-auto
|
||||
./plex
|
||||
./scrutiny
|
||||
./scrypted
|
||||
./unifi
|
||||
];
|
||||
}
|
||||
|
|
|
@ -1,117 +0,0 @@
|
|||
{
|
||||
lib,
|
||||
config,
|
||||
...
|
||||
}:
|
||||
with lib;
|
||||
let
|
||||
app = "jellyfin";
|
||||
# renovate: depName=ghcr.io/jellyfin/jellyfin datasource=docker
|
||||
version = "10.10.2";
|
||||
image = "ghcr.io/jellyfin/jellyfin:${version}";
|
||||
port = 8096; # int
|
||||
cfg = config.mySystem.containers.${app};
|
||||
in
|
||||
{
|
||||
# Options
|
||||
options.mySystem.containers.${app} = {
|
||||
enable = mkEnableOption "${app}";
|
||||
# TODO add to homepage
|
||||
# addToHomepage = mkEnableOption "Add ${app} to homepage" // {
|
||||
# default = true;
|
||||
# };
|
||||
openFirewall = mkEnableOption "Open firewall for ${app}" // {
|
||||
default = true;
|
||||
};
|
||||
};
|
||||
|
||||
# Implementation
|
||||
config = mkIf cfg.enable {
|
||||
# Container
|
||||
virtualisation.oci-containers.containers.${app} = {
|
||||
image = "${image}";
|
||||
user = "568:568";
|
||||
|
||||
volumes = [
|
||||
"/nahar/containers/volumes/jellyfin:/config:rw"
|
||||
"/moria/media:/media:rw"
|
||||
"tmpfs:/cache:rw"
|
||||
"tmpfs:/transcode:rw"
|
||||
"tmpfs:/tmp:rw"
|
||||
];
|
||||
|
||||
environment = {
|
||||
TZ = "America/Chicago";
|
||||
DOTNET_SYSTEM_IO_DISABLEFILELOCKING = "true";
|
||||
JELLYFIN_FFmpeg__probesize = "50000000";
|
||||
JELLYFIN_FFmpeg__analyzeduration = "50000000";
|
||||
};
|
||||
|
||||
ports = [ "${toString port}:${toString port}" ]; # expose port
|
||||
|
||||
extraOptions = [
|
||||
"--device nvidia.com/gpu=all"
|
||||
];
|
||||
};
|
||||
|
||||
# Firewall
|
||||
networking.firewall = mkIf cfg.openFirewall {
|
||||
allowedTCPPorts = [ port ];
|
||||
allowedUDPPorts = [ port ];
|
||||
};
|
||||
|
||||
# TODO add nginx proxy
|
||||
# services.nginx.virtualHosts."${app}.${config.networking.domain}" = {
|
||||
# useACMEHost = config.networking.domain;
|
||||
# forceSSL = true;
|
||||
# locations."^~ /" = {
|
||||
# proxyPass = "http://${app}:${builtins.toString port}";
|
||||
# extraConfig = "resolver 10.88.0.1;";
|
||||
|
||||
# };
|
||||
# };
|
||||
|
||||
## TODO add to homepage
|
||||
# mySystem.services.homepage.media = mkIf cfg.addToHomepage [
|
||||
# {
|
||||
# Plex = {
|
||||
# icon = "${app}.svg";
|
||||
# href = "https://${app}.${config.mySystem.domain}";
|
||||
|
||||
# description = "Media streaming service";
|
||||
# container = "${app}";
|
||||
# widget = {
|
||||
# type = "tautulli";
|
||||
# url = "https://tautulli.${config.mySystem.domain}";
|
||||
# key = "{{HOMEPAGE_VAR_TAUTULLI__API_KEY}}";
|
||||
# };
|
||||
# };
|
||||
# }
|
||||
# ];
|
||||
|
||||
# TODO add gatus monitor
|
||||
# mySystem.services.gatus.monitors = [
|
||||
# {
|
||||
|
||||
# name = app;
|
||||
# group = "media";
|
||||
# url = "https://${app}.${config.mySystem.domain}/web/";
|
||||
# interval = "1m";
|
||||
# conditions = [
|
||||
# "[CONNECTED] == true"
|
||||
# "[STATUS] == 200"
|
||||
# "[RESPONSE_TIME] < 50"
|
||||
# ];
|
||||
# }
|
||||
# ];
|
||||
|
||||
# TODO add restic backup
|
||||
# services.restic.backups = config.lib.mySystem.mkRestic {
|
||||
# inherit app user;
|
||||
# excludePaths = [ "Backups" ];
|
||||
# paths = [ appFolder ];
|
||||
# inherit appFolder;
|
||||
# };
|
||||
|
||||
};
|
||||
}
|
|
@ -1,115 +0,0 @@
|
|||
{
|
||||
lib,
|
||||
config,
|
||||
...
|
||||
}:
|
||||
with lib;
|
||||
let
|
||||
app = "plex";
|
||||
# renovate: depName=ghcr.io/onedr0p/plex datasource=docker versioning=loose
|
||||
version = "1.41.2.9200-c6bbc1b53";
|
||||
image = "ghcr.io/onedr0p/plex:${version}";
|
||||
port = 32400; # int
|
||||
cfg = config.mySystem.containers.${app};
|
||||
in
|
||||
{
|
||||
# Options
|
||||
options.mySystem.containers.${app} = {
|
||||
enable = mkEnableOption "${app}";
|
||||
# TODO add to homepage
|
||||
# addToHomepage = mkEnableOption "Add ${app} to homepage" // {
|
||||
# default = true;
|
||||
# };
|
||||
openFirewall = mkEnableOption "Open firewall for ${app}" // {
|
||||
default = true;
|
||||
};
|
||||
};
|
||||
|
||||
# Implementation
|
||||
config = mkIf cfg.enable {
|
||||
# Container
|
||||
virtualisation.oci-containers.containers.${app} = {
|
||||
image = "${image}";
|
||||
user = "568:568";
|
||||
|
||||
volumes = [
|
||||
"/nahar/containers/volumes/plex:/config/Library/Application Support/Plex Media Server:rw"
|
||||
"/moria/media:/media:rw"
|
||||
"tmpfs:/config/Library/Application Support/Plex Media Server/Logs:rw"
|
||||
"tmpfs:/tmp:rw"
|
||||
];
|
||||
|
||||
extraOptions = [
|
||||
"--device nvidia.com/gpu=all"
|
||||
];
|
||||
|
||||
environment = {
|
||||
TZ = "America/Chicago";
|
||||
# PLEX_ADVERTISE_URL = "https://${app}.hsn.dev";
|
||||
PLEX_NO_AUTH_NETWORKS = "10.1.1.0/24,10.1.2.0/24";
|
||||
};
|
||||
|
||||
ports = [ "${toString port}:${toString port}" ]; # expose port
|
||||
};
|
||||
|
||||
# Firewall
|
||||
networking.firewall = mkIf cfg.openFirewall {
|
||||
allowedTCPPorts = [ port ];
|
||||
allowedUDPPorts = [ port ];
|
||||
};
|
||||
|
||||
# TODO add nginx proxy
|
||||
# services.nginx.virtualHosts."${app}.${config.networking.domain}" = {
|
||||
# useACMEHost = config.networking.domain;
|
||||
# forceSSL = true;
|
||||
# locations."^~ /" = {
|
||||
# proxyPass = "http://${app}:${builtins.toString port}";
|
||||
# extraConfig = "resolver 10.88.0.1;";
|
||||
|
||||
# };
|
||||
# };
|
||||
|
||||
## TODO add to homepage
|
||||
# mySystem.services.homepage.media = mkIf cfg.addToHomepage [
|
||||
# {
|
||||
# Plex = {
|
||||
# icon = "${app}.svg";
|
||||
# href = "https://${app}.${config.mySystem.domain}";
|
||||
|
||||
# description = "Media streaming service";
|
||||
# container = "${app}";
|
||||
# widget = {
|
||||
# type = "tautulli";
|
||||
# url = "https://tautulli.${config.mySystem.domain}";
|
||||
# key = "{{HOMEPAGE_VAR_TAUTULLI__API_KEY}}";
|
||||
# };
|
||||
# };
|
||||
# }
|
||||
# ];
|
||||
|
||||
# TODO add gatus monitor
|
||||
# mySystem.services.gatus.monitors = [
|
||||
# {
|
||||
|
||||
# name = app;
|
||||
# group = "media";
|
||||
# url = "https://${app}.${config.mySystem.domain}/web/";
|
||||
# interval = "1m";
|
||||
# conditions = [
|
||||
# "[CONNECTED] == true"
|
||||
# "[STATUS] == 200"
|
||||
# "[RESPONSE_TIME] < 50"
|
||||
# ];
|
||||
# }
|
||||
# ];
|
||||
|
||||
# TODO add restic backup
|
||||
# services.restic.backups = config.lib.mySystem.mkRestic {
|
||||
# inherit app user;
|
||||
# excludePaths = [ "Backups" ];
|
||||
# paths = [ appFolder ];
|
||||
# inherit appFolder;
|
||||
# };
|
||||
|
||||
};
|
||||
}
|
|
@ -1,92 +0,0 @@
|
|||
{ lib, config, ... }:
|
||||
with lib;
|
||||
let
|
||||
app = "scrutiny";
|
||||
# renovate: depName=AnalogJ/scrutiny datasource=github-releases
|
||||
version = "v0.8.1";
|
||||
cfg = config.mySystem.services.${app};
|
||||
in
|
||||
{
|
||||
options.mySystem.services.${app} = {
|
||||
enable = mkEnableOption "${app}";
|
||||
|
||||
# Port to expose the web ui on.
|
||||
port = mkOption {
|
||||
type = types.int;
|
||||
default = 8080;
|
||||
description = ''
|
||||
Port to expose the web ui on.
|
||||
'';
|
||||
example = 8080;
|
||||
};
|
||||
# Location where the container will store its data.
|
||||
containerVolumeLocation = mkOption {
|
||||
type = types.str;
|
||||
default = "/mnt/data/containers/${app}";
|
||||
description = ''
|
||||
The location where the container will store its data.
|
||||
'';
|
||||
example = "/mnt/data/containers/${app}";
|
||||
};
|
||||
|
||||
# podman equivalent:
|
||||
# --device /dev/disk/by-id/nvme-XXXXXXXXXXXXXXXXXXXXXXXXXXXX
|
||||
devices = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [ ];
|
||||
description = ''
|
||||
Devices to monitor on Scrutiny.
|
||||
'';
|
||||
example = [
|
||||
"/dev/disk/by-id/nvme-XXXXXXXXXXXXXXXXXXXXXXXXXXXX"
|
||||
];
|
||||
};
|
||||
|
||||
# podman equivalent:
|
||||
# --cap-add SYS_RAWIO
|
||||
extraCapabilities = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [
|
||||
"SYS_RAWIO"
|
||||
];
|
||||
description = ''
|
||||
Extra capabilities to add to the container.
|
||||
'';
|
||||
example = [
|
||||
"SYS_RAWIO"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
# TODO: Add automatic restarting of the container when disks.nix changes.
|
||||
# - https://github.com/nix-community/home-manager/issues/3865#issuecomment-1631998032
|
||||
# - https://github.com/NixOS/nixpkgs/blob/6f6c45b5134a8ee2e465164811e451dcb5ad86e3/nixos/modules/virtualisation/oci-containers.nix
|
||||
virtualisation.oci-containers.containers.${app} = {
|
||||
image = "ghcr.io/analogj/scrutiny:${version}-omnibus";
|
||||
autoStart = true;
|
||||
|
||||
ports = [
|
||||
"${toString cfg.port}:8080" # web ui
|
||||
"8086:8086" # influxdb2
|
||||
];
|
||||
|
||||
environment = {
|
||||
TZ = "America/Chicago";
|
||||
};
|
||||
|
||||
volumes = [
|
||||
"${cfg.containerVolumeLocation}:/opt/scrutiny/config"
|
||||
"${cfg.containerVolumeLocation}/influxdb2:/opt/scrutiny/influxdb"
|
||||
"/run/udev:/run/udev:ro"
|
||||
];
|
||||
|
||||
# Merge the devices and extraCapabilities into the extraOptions property
|
||||
# using the --device and --cap-add flags
|
||||
extraOptions =
|
||||
(map (disk: "--device=${toString disk}") cfg.devices)
|
||||
++
|
||||
(map (cap: "--cap-add=${cap}") cfg.extraCapabilities);
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,116 +0,0 @@
|
|||
{
|
||||
lib,
|
||||
config,
|
||||
...
|
||||
}:
|
||||
with lib;
|
||||
let
|
||||
app = "scrypted";
|
||||
# renovate: depName=ghcr.io/koush/scrypted datasource=docker versioning=docker
|
||||
version = "v0.123.30-jammy-nvidia";
|
||||
image = "ghcr.io/koush/scrypted:${version}";
|
||||
port = 11080; # int
|
||||
cfg = config.mySystem.containers.${app};
|
||||
in
|
||||
{
|
||||
# Options
|
||||
options.mySystem.containers.${app} = {
|
||||
enable = mkEnableOption "${app}";
|
||||
# TODO add to homepage
|
||||
# addToHomepage = mkEnableOption "Add ${app} to homepage" // {
|
||||
# default = true;
|
||||
# };
|
||||
openFirewall = mkEnableOption "Open firewall for ${app}" // {
|
||||
default = true;
|
||||
};
|
||||
};
|
||||
|
||||
# Implementation
|
||||
config = mkIf cfg.enable {
|
||||
# Container
|
||||
virtualisation.oci-containers.containers.${app} = {
|
||||
image = "${image}";
|
||||
|
||||
volumes = [
|
||||
"/nahar/containers/volumes/scrypted:/server/volume:rw"
|
||||
# "/nahar/scrypted:/recordings:rw"
|
||||
"tmpfs:/.cache:rw"
|
||||
"tmpfs:/.npm:rw"
|
||||
"tmpfs:/tmp:rw"
|
||||
];
|
||||
|
||||
extraOptions = [
|
||||
# all usb devices, such as coral tpu
|
||||
"--device=/dev/bus/usb"
|
||||
"--network=host"
|
||||
"--device nvidia.com/gpu=all"
|
||||
];
|
||||
|
||||
environment = {
|
||||
TZ = "America/Chicago";
|
||||
};
|
||||
|
||||
ports = [ "${toString port}:${toString port}" ]; # expose port
|
||||
};
|
||||
|
||||
# Firewall
|
||||
networking.firewall = mkIf cfg.openFirewall {
|
||||
allowedTCPPorts = [ port ];
|
||||
allowedUDPPorts = [ port ];
|
||||
};
|
||||
|
||||
# TODO add nginx proxy
|
||||
# services.nginx.virtualHosts."${app}.${config.networking.domain}" = {
|
||||
# useACMEHost = config.networking.domain;
|
||||
# forceSSL = true;
|
||||
# locations."^~ /" = {
|
||||
# proxyPass = "http://${app}:${builtins.toString port}";
|
||||
# extraConfig = "resolver 10.88.0.1;";
|
||||
|
||||
# };
|
||||
# };
|
||||
|
||||
## TODO add to homepage
|
||||
# mySystem.services.homepage.media = mkIf cfg.addToHomepage [
|
||||
# {
|
||||
# Plex = {
|
||||
# icon = "${app}.svg";
|
||||
# href = "https://${app}.${config.mySystem.domain}";
|
||||
|
||||
# description = "Media streaming service";
|
||||
# container = "${app}";
|
||||
# widget = {
|
||||
# type = "tautulli";
|
||||
# url = "https://tautulli.${config.mySystem.domain}";
|
||||
# key = "{{HOMEPAGE_VAR_TAUTULLI__API_KEY}}";
|
||||
# };
|
||||
# };
|
||||
# }
|
||||
# ];
|
||||
|
||||
# TODO add gatus monitor
|
||||
# mySystem.services.gatus.monitors = [
|
||||
# {
|
||||
|
||||
# name = app;
|
||||
# group = "media";
|
||||
# url = "https://${app}.${config.mySystem.domain}/web/";
|
||||
# interval = "1m";
|
||||
# conditions = [
|
||||
# "[CONNECTED] == true"
|
||||
# "[STATUS] == 200"
|
||||
# "[RESPONSE_TIME] < 50"
|
||||
# ];
|
||||
# }
|
||||
# ];
|
||||
|
||||
# TODO add restic backup
|
||||
# services.restic.backups = config.lib.mySystem.mkRestic {
|
||||
# inherit app user;
|
||||
# excludePaths = [ "Backups" ];
|
||||
# paths = [ appFolder ];
|
||||
# inherit appFolder;
|
||||
# };
|
||||
|
||||
};
|
||||
}
|
|
@ -3,7 +3,7 @@ with lib;
|
|||
let
|
||||
app = "unifi";
|
||||
# renovate: depName=goofball222/unifi datasource=github-releases
|
||||
version = "8.4.62";
|
||||
version = "8.3.32";
|
||||
cfg = config.mySystem.services.${app};
|
||||
appFolder = "/eru/containers/volumes/${app}";
|
||||
# persistentFolder = "${config.mySystem.persistentFolder}/var/lib/${appFolder}";
|
||||
|
@ -14,14 +14,9 @@ in
|
|||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
networking.firewall.interfaces = {
|
||||
enp130s0f0 = {
|
||||
allowedTCPPorts = [ 8443 ];
|
||||
};
|
||||
podman0 = {
|
||||
allowedTCPPorts = [ 8080 8443 8880 8843 ];
|
||||
allowedUDPPorts = [ 3478 ];
|
||||
};
|
||||
networking.firewall.interfaces.podman0 = {
|
||||
allowedTCPPorts = [ 8080 8443 8880 8843 ];
|
||||
allowedUDPPorts = [ 3478 ];
|
||||
};
|
||||
virtualisation.oci-containers.containers.${app} = {
|
||||
image = "ghcr.io/goofball222/unifi:${version}";
|
|
@ -1,6 +1,5 @@
|
|||
{
|
||||
imports = [
|
||||
./gnome.nix
|
||||
./kde.nix
|
||||
];
|
||||
}
|
|
@ -1,29 +1,18 @@
|
|||
{
|
||||
lib,
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
{ lib, config, pkgs, ... }:
|
||||
with lib;
|
||||
let
|
||||
cfg = config.mySystem.de.gnome;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
mySystem.de.gnome = {
|
||||
enable = lib.mkEnableOption "GNOME" // {
|
||||
default = false;
|
||||
};
|
||||
systrayicons = lib.mkEnableOption "Enable systray icons" // {
|
||||
default = true;
|
||||
};
|
||||
gsconnect = lib.mkEnableOption "Enable gsconnect (KDEConnect for GNOME)" // {
|
||||
default = true;
|
||||
};
|
||||
enable = mkEnableOption "GNOME" // { default = false; };
|
||||
systrayicons = mkEnableOption "Enable systray icons" // { default = true; };
|
||||
gsconnect = mkEnableOption "Enable gsconnect (KDEConnect for GNOME)" // { default = true; };
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
config = mkIf cfg.enable {
|
||||
# Ref: https://nixos.wiki/wiki/GNOME
|
||||
|
||||
# GNOME plz
|
||||
|
@ -49,41 +38,41 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
udev.packages = lib.optionals cfg.systrayicons [ pkgs.gnome.gnome-settings-daemon ]; # support appindicator
|
||||
udev.packages = optionals cfg.systrayicons [ pkgs.gnome.gnome-settings-daemon ]; # support appindicator
|
||||
};
|
||||
|
||||
# systyray icons
|
||||
# extra pkgs and extensions
|
||||
environment = {
|
||||
systemPackages =
|
||||
with pkgs;
|
||||
[
|
||||
wl-clipboard # ls ~/Downloads | wl-copy or wl-paste > clipboard.txt
|
||||
playerctl # gsconnect play/pause command
|
||||
pamixer # gcsconnect volume control
|
||||
gnome.gnome-tweaks
|
||||
gnome.dconf-editor
|
||||
systemPackages = with pkgs; [
|
||||
wl-clipboard # ls ~/Downloads | wl-copy or wl-paste > clipboard.txt
|
||||
playerctl # gsconnect play/pause command
|
||||
pamixer # gcsconnect volume control
|
||||
gnome.gnome-tweaks
|
||||
gnome.dconf-editor
|
||||
|
||||
# This installs the extension packages, but
|
||||
# dont forget to enable them per-user in dconf settings -> "org/gnome/shell"
|
||||
gnomeExtensions.vitals
|
||||
gnomeExtensions.caffeine
|
||||
gnomeExtensions.dash-to-dock
|
||||
]
|
||||
++ optionals cfg.systrayicons [ pkgs.gnomeExtensions.appindicator ];
|
||||
# This installs the extension packages, but
|
||||
# dont forget to enable them per-user in dconf settings -> "org/gnome/shell"
|
||||
gnomeExtensions.vitals
|
||||
gnomeExtensions.caffeine
|
||||
gnomeExtensions.dash-to-dock
|
||||
]
|
||||
++ optionals cfg.systrayicons [ pkgs.gnomeExtensions.appindicator ];
|
||||
};
|
||||
|
||||
# enable gsconnect
|
||||
# this method also opens the firewall ports required when enable = true
|
||||
programs.kdeconnect = lib.mkIf cfg.gsconnect {
|
||||
enable = true;
|
||||
package = pkgs.gnomeExtensions.gsconnect;
|
||||
};
|
||||
programs.kdeconnect = mkIf
|
||||
cfg.gsconnect
|
||||
{
|
||||
enable = true;
|
||||
package = pkgs.gnomeExtensions.gsconnect;
|
||||
};
|
||||
|
||||
# GNOME connection to browsers - requires flag on browser as well
|
||||
services.gnome.gnome-browser-connector.enable = lib.any (user: user.programs.firefox.enable) (
|
||||
lib.attrValues config.home-manager.users
|
||||
);
|
||||
services.gnome.gnome-browser-connector.enable = lib.any
|
||||
(user: user.programs.firefox.enable)
|
||||
(lib.attrValues config.home-manager.users);
|
||||
|
||||
# And dconf
|
||||
programs.dconf.enable = true;
|
||||
|
@ -110,4 +99,6 @@ in
|
|||
atomix # puzzle game
|
||||
]);
|
||||
};
|
||||
|
||||
|
||||
}
|
|
@ -3,6 +3,7 @@ with lib;
|
|||
{
|
||||
imports = [
|
||||
./containers
|
||||
./de
|
||||
./editor
|
||||
./hardware
|
||||
./lib.nix
|
||||
|
|
|
@ -4,38 +4,27 @@ let
|
|||
cfg = config.mySystem.editor.vscode;
|
||||
# VSCode Community Extensions. These are updated daily.
|
||||
vscodeCommunityExtensions = [
|
||||
"ahmadalli.vscode-nginx-conf"
|
||||
"astro-build.astro-vscode"
|
||||
"bmalehorn.vscode-fish"
|
||||
"coder.coder-remote"
|
||||
"dracula-theme.theme-dracula"
|
||||
"editorconfig.editorconfig"
|
||||
"esbenp.prettier-vscode"
|
||||
"foxundermoon.shell-format"
|
||||
"github.copilot"
|
||||
"hashicorp.hcl"
|
||||
# "github.copilot-chat"
|
||||
"jnoortheen.nix-ide"
|
||||
"mikestead.dotenv"
|
||||
"mrmlnc.vscode-json5"
|
||||
"ms-azuretools.vscode-docker"
|
||||
# "ms-python.python" # Python extensions *required* for redhat.ansible/vscode-yaml
|
||||
# Python extensions *required* for redhat.ansible/vscode-yaml
|
||||
"ms-python.python"
|
||||
"ms-python.vscode-pylance"
|
||||
"ms-vscode-remote.remote-ssh"
|
||||
"ms-vscode-remote.remote-ssh-edit"
|
||||
"pkief.material-icon-theme"
|
||||
"redhat.ansible"
|
||||
"redhat.vscode-yaml"
|
||||
"signageos.signageos-vscode-sops"
|
||||
"tamasfe.even-better-toml"
|
||||
"task.vscode-task"
|
||||
"tyriar.sort-lines"
|
||||
"yzhang.markdown-all-in-one"
|
||||
"fill-labs.dependi"
|
||||
"rust-lang.rust-analyzer"
|
||||
"dustypomerleau.rust-syntax"
|
||||
"mattheworford.hocon-tools"
|
||||
"pgourlain.erlang"
|
||||
"exiasr.hadolint"
|
||||
# "github.copilot-chat"
|
||||
];
|
||||
# Nixpkgs Extensions. These are updated whenver they get around to it.
|
||||
vscodeNixpkgsExtensions = [
|
||||
|
@ -50,27 +39,12 @@ let
|
|||
# version = "1.219.0";
|
||||
# sha256 = "Y/l59JsmAKtENhBBf965brSwSkTjSOEuxc3tlWI88sY=";
|
||||
# }
|
||||
{
|
||||
# Apparently there's no insiders build for copilot-chat so the latest isn't what we want.
|
||||
{ # Apparently there's no insiders build for copilot-chat so the latest isn't what we want.
|
||||
# The latest generally targets insiders build of vs code right now and it won't load on stable.
|
||||
name = "copilot-chat";
|
||||
publisher = "github";
|
||||
version = "0.21.1";
|
||||
sha256 = "sha256-8naCDn6esc1ZR30aX7/+F6ClFjQLPQ3k3r6jyVZ3iNg=";
|
||||
}
|
||||
{
|
||||
name = "remote-ssh";
|
||||
publisher = "ms-vscode-remote";
|
||||
version = "0.113.1";
|
||||
sha256 = "sha256-/tyyjf3fquUmjdEX7Gyt3MChzn1qMbijyej8Lskt6So=";
|
||||
|
||||
}
|
||||
{
|
||||
# Same issue as the above -- auto pulling nightly builds not compatible with vscode stable.
|
||||
name = "python";
|
||||
publisher = "ms-python";
|
||||
version = "2024.14.1";
|
||||
sha256 = "sha256-NhE3xATR4D6aAqIT/hToZ/qzMvZxjTmpTyDoIrdvuTE=";
|
||||
version = "0.18.1";
|
||||
sha256 = "BrcrfhkX2VGF9wznTSlPSdPPv126ScbHb1ngBRGtr4E=";
|
||||
}
|
||||
];
|
||||
# Extract extension strings and coerce them to a list of valid attribute paths.
|
||||
|
|
|
@ -1,5 +0,0 @@
|
|||
{
|
||||
imports = [
|
||||
./steam
|
||||
];
|
||||
}
|
|
@ -1,5 +0,0 @@
|
|||
{
|
||||
imports = [
|
||||
./steam.nix
|
||||
];
|
||||
}
|
|
@ -1,24 +0,0 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
let
|
||||
cfg = config.mySystem.games.steam;
|
||||
in
|
||||
{
|
||||
options.mySystem.games.steam = {
|
||||
enable = lib.mkEnableOption "Steam";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
# Steam Games
|
||||
programs.steam = {
|
||||
enable = true;
|
||||
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
|
||||
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
|
||||
};
|
||||
|
||||
# Need that glorious eggroll
|
||||
environment.systemPackages = with pkgs; [
|
||||
protonup-qt
|
||||
];
|
||||
|
||||
};
|
||||
}
|
|
@ -1,5 +1,5 @@
|
|||
{
|
||||
imports = [
|
||||
# ./nvidia
|
||||
./nvidia
|
||||
];
|
||||
}
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
security:
|
||||
acme:
|
||||
env: ENC[AES256_GCM,data:rYeJqYF11Ccw/zDTpfB2ewXIy4cqzHF/d+ar6NUdOGxesiBdJXVbGQtGOOLHTUJ6yKNhdBJ2mpBpCpIdQEdT9+4=,iv:XpjxG0RypUQ0Ub0dKAa8/c4F8TVuRNFXJM5UAfrlMV4=,tag:zCaLPPTp9KHs/AwYNq28gg==,type:str]
|
||||
env: ENC[AES256_GCM,data:JP+Syy9927T9ePL4Ly9FxlJ8F4/g/xejRn9nw2mqpl2ZUTwudp+R+ZI//h14Nej5S07oJt2L3LD/ol7ugdXHFG8=,iv:NJdqDIA0FZzyKRvDgjWmHA17q0FOCqjCk0WdkFMtd5w=,tag:KG8dgCcEOdroFpljNawdGA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -10,77 +10,68 @@ sops:
|
|||
- recipient: age1d9p83j52m2xg0vh9k7q0uwlxwhs3y6tlv68yg9s2h9mdw2fmmsqshddz5m
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKOHNGVG5DWVArcngxYXlv
|
||||
dlFmd1RPenFwSm9TSjhTR3F3cHB6R2lTTGo4Ck1BTVFSd21Xc0hiZlBUdjFrbWFp
|
||||
Q2VoVzQrTEpZbE1yTHpBUVIyNWFiVEUKLS0tIDZLM3gzbUZUajZQaVRtT0dsQlpY
|
||||
VExPSVBLb0R3ekpNTE1jNG9QME5OTkkKPivk0v0xDOzHJSPVJYO6/5wdF1PChXtl
|
||||
xj6JrycRyQPahncXndTZoQL7EbdXnR2tfMtEE5Ua7l4mK11pE3K8cg==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4ZFJTREJxZ3NlNGtkSmhG
|
||||
YTcwVmt1OUNmdTRaVDI5N3JNemszNklHV1dNCmVYczBEQ3BHT3ZhbjUySFNJVjhQ
|
||||
dWh6c2ZHRUZTOTJEOTBrS3NuNDNzZW8KLS0tIHp3ckNvdmNYdkh3Znc0OVk5Yk53
|
||||
ZW5jQmxLMHR6MC8yVFpFdFhsTVBub0kKRdYFNppcSFZ/5gm2WvydESeJOTVYd0Yk
|
||||
0HQd6o8bAX8dcRhMHyyveWXz94/mcINkqz2mlXoL1N0HRPXcuUu5tQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1m83ups8xn2jy4ayr8gw0pyn34smr0huqc5v76e4887az4vsl4yzsj0dlhd
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQc0p0TXdtcVZNcngrQXM4
|
||||
bzBJcERRWVhxLy9QVHBCSnJEMzJTekF4RlU0CmFDWmtMdEdiOFVrRmhRbXc0R3ZE
|
||||
RC9mQUF4ZjFkbWlYZHkyZ25NV01hREUKLS0tIEVQWHR5YTJ0KytQYi83MmpWL0tO
|
||||
Q0ZKN2JSMGVsU2h5eW5OTk1Kd3hoS0EKNbVvQ3VwkWloO15CV8v3SP8pD4zc2h04
|
||||
uM4/VlXTsVxVBqRxycdTKdWhmIChb8w98ljQC+iqatCCUiC9vHYIsg==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3RnNVZFowV2NYakYvOEFr
|
||||
c2pFaDVqekVFeEdPWklkVWxoMjNEMEZrbWtFClFmcGNZYkJqUVF3MlRDcmpqWFZI
|
||||
aU11eElxd2c4YTEzNEQ4RFgraFIxS0UKLS0tIEY5Yi9IUGxjYnpyL2I0eVFNNk83
|
||||
Q3VaYjdiYVd0TFVuSld6M25wWHRZMncKaqb2kQvlLGZMaI72npCBuroWK/Fqr9jg
|
||||
oaBz3rpvYJEox2Naismb2D4fNCtI7Z1hLhPqq/jGAiczNaU039N9Bg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age18kj3xhlvgjeg2awwku3r8d95w360uysu0w5ejghnp4kh8qmtge5qwa2vjp
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmNTVwbGNWRHNaRkd4N0Z3
|
||||
U3ZrYWRMNGJSMTI4UjljQkozTHAvdXpIaVZjCmJMNmdoVjBZZHRqcHBkcEpiL2dC
|
||||
ak5xNGVRV0NoV2c5TCsvbkhWM2JqeXMKLS0tIG9uMmpJUzdMTUhVWWsxSWFaSTVy
|
||||
VHhxQ1U3L042VGpNdjI4RVNiRFlqU00KPuDqqR7EeclGGOs0R/3PsB+dnNo20Lh+
|
||||
GiCWjFy9MVEsrlZV7pd9cb0ggYTm09H0ZD5kb+++Er9WJqb7Ss+iOQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQdC9BM21iMldoUkIwdnpr
|
||||
a0hXbUNzNFJFTDF3ZS9CSFBENHdNTTZDU1RzCm9QbVdLMnRyTDRQNFE2U2w3cXpW
|
||||
WkdKRFdocnRNaUxLejExSE5STjdCTkEKLS0tIHZvKzVtWnV4WWxRZXFMVWpobHJt
|
||||
WlVNd2xNb2c0YVB5WlJtbTVreFhadFUK32KcIdcbt1rAk2+GWe5slpAdHcTBWoKs
|
||||
wGOEayXeMi9EGYtx7v1oJ8+xlo2wRW/i1pKdCRK4vi4FtaXT65zglw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1lp6rrlvmytp9ka6q89m0e0am26222kwrn7aqd45hu07s3a6jv3gqty86eu
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByRGdRRWUybHNiZzZaM1hv
|
||||
bW5Kb3NIbW1WNFl6aUdLWDA4WWI3RDdZQ0VFCjBXajVsY3BNMWs2QldjZDZWQnZ3
|
||||
VjBvZ1AwZkVGNTB2RGF5aGp4ckFYYTQKLS0tIFd6L1lyblZ6ZEVXTHJGanhna0JQ
|
||||
S25RbHI4TENLUzRtM2NGOFNQQUdENm8K3upUW3cVF6fBrii/pEXua5sLwFcU/as3
|
||||
RNDLpyvvA/CCZCuneNS27/nYUcc2rJVDU71OsDA6A6SUivYLTriRbQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxb2wzMW1EUUx5VFp0Ykor
|
||||
UWJEeFlZQTVJTFZIVFExZ1NkcVBCT09XVkU0CmFvWCtsaStjSDR6OVQwTW9iV3Vu
|
||||
cVo3MHhVOTAxQnU3ZWdDcllKaXhnK3cKLS0tIENyYlFtVWtqS05MVVFOWFpZK1Zp
|
||||
cTFkQlpkZFgvOERSdlFMSHFxR1pTZmcKSRYr/tIskcm4mwiF74Qnd5d0zRRDSzC1
|
||||
QXidtsl505oGOgT/ujVtPwSJwvJewZT7NJKVRYktS3xY0v/flr1ieQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1e4sd6jjd4uxxsh9xmhdsnu6mqd5h8c4zz4gwme7lkw9ee949fc9q4px9df
|
||||
- recipient: age1vsqx6kukrfhrwdy4sujnra5gsswzuh0cfcfdh0d9qjrkts8hl5aqnjx32m
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtaE9UczNPNk0zbWV6Zjdv
|
||||
VXNEVmVibG1xejVObnlBa0JOOVBoQTZvQ0ZVClRSOXBrKzdjVkdGNVc2VmtidE8v
|
||||
Wjlob1Q4cDZRYjB5ejMwWXZzL2NFbUkKLS0tIHdLWjZtcjRjbjNGYjIzeWhqV0t5
|
||||
NFBwOUJZYUlicXRqWWtucnJIM2ZXMXcK9UTQ7NxoE5vozWvaDWT285BpZG/VdBh7
|
||||
3VrNKMWJLt/OuA0ucJAkK8NJ4mBYviytUk0kRR39nUok5+kM1iJJpA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age19jm7uuam7gkacm3kh2v7uqgkvmmx0slmm9zwdjhd2ln9r60xzd7qh78c5a
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5MjVaRjQ3VTdsUzNHSkxE
|
||||
ZGFiWWZmTzN5N0t3YjBtNGtiWDhNVmduQVM0ClZFMHp6UE5aUjdYaXU3YTk5RDk3
|
||||
Q0ZBcnJLYzVtN3h2UEVSbmtsa1hTbEkKLS0tIEIwL3dkQVRCRm1TaGlUNVpWTUFT
|
||||
MHFjd0ovcXN5S3ZhdXpzU3ZXUnorTjAKPdgr51ho0B2rDKld/UHHC4j1RwRy0fGy
|
||||
6Pl/Qes4Gjvrb4dlDHS4HTEwBs0TbA62DEDI/jquypwxRW55eDMB6g==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLQjdka1hwejFZR25xbXcr
|
||||
Vzc4MVd3eXJOdmxqZVFDVVMvTVhLT0lZdVVFCmFtQkZjSm0wUHdMczM5ckFBaEdQ
|
||||
Y0JMYnR0dGRLYTF1d3NHSyt6MWcrYXcKLS0tIElaT0FjVEdaeExnMUF4OE93Z1Ny
|
||||
cnQ0Kzd0aWdrSlN5Y3NIN1kyOVh1WTQKG825r7fM2BXak4Q4GNPwZgmigmPxZXh4
|
||||
DTdp3xBgHWpw8eQsi+gBzzf+4boLDTDDi+acLshj+SpIhjPdMZ1BwA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1nwnqxjuaxlt5g7fe8rnspvn2c36uuef4hzwuwa6cfjfalz2lrd4q4n5fpl
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxMmNINWttMHBndGM0eVJI
|
||||
OFlGUEpQRGthS2xuWnNtcjRaWEY0L0JKZzJvCkYzWCtVdE1VNnh1c2lGaUZoN1J4
|
||||
SnN1M25qempwZXBLV0ZPRjJreklnbEkKLS0tIGJYRk5xaFhuK2FwdUtKMHFaTGJZ
|
||||
QlRmcFpPazh3ZkgzWTh0Y01yTWxMbkEKK525n37sRSRirQQPzVluIwAiYFIbeta+
|
||||
0/baUvErrjD9xofBZOm7kenLw/pPtcGXsUFqp9aCM7KGLjgRQTuK6g==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtUmVpUHh0QzNLMVhsMHN5
|
||||
bituWE9Ic2tXTm95cWlUMG9QVWhEcE1sejNBCmw5Q0lTYjExRjdkaCtYMWdkQnZZ
|
||||
dXNrQWhZaERBK1hVK0pkbFlvQkc1RHcKLS0tIGcwK0dzUVZFMFh2b0dmWDMyMjdS
|
||||
d09MQlZST2ZJY28vRWtkRzRjd3JFKzQKH2pjr7P1mG1m/8L/VLaTVrAQem8rcNGN
|
||||
tBWqg9XT3aSc+7NqUDkPVvH8STFGVlEhIskKTJA2TuY6CXfqwS3D5A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1a8z3p24v32l9yxm5z2l8h7rpc3nhacyfv4jvetk2lenrvsdstd3sdu2kaf
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqNXhtSE50Yk9BdnRIOUEx
|
||||
UW0rRGNHTFJjWWI0R0xqVGVTUkFvSFZyUVcwCmp6b2I2aStEdlNzcGNtcTVML2dz
|
||||
TWRRUWVpd0doWFBYTWZZRXFjZ0wxR1kKLS0tIFhSU094RFdXVXFrT2FqbVEwc2FB
|
||||
WE93RjBHS1NreWhqTmtEckVWMSt6clEKE24mtrJll0lsXEJktPjCFRpf8DLdxIW4
|
||||
4JjOWY6zgBWxtuvg5rdb5rz7Sp2UaI1LavvhkCdjmpFckdEUDMOOyA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvRW80Q2x5bllHVDNzTGsr
|
||||
a29PRHJHcHR2Mng2M2lpb1ZXMkV3UlZkQVRvCk01ciszVDlqeUdpa01FbjRtU3hq
|
||||
V2hPS1NTSEdPL01ZZkxVdmI4ZHRRVFkKLS0tIHpjck5OaGl2dGgyUjZlNmlVWkZB
|
||||
RHZ2TlJOanR6L2tQRm0rc3NVVSs1R1EKdSheY8qXv+ylwqjlpbWsSYD55X4SUT7c
|
||||
W2czHg0Ezbjk8W7vyDuxdS1LjKSMinfRPUG+oyUwxwrjBN3aAwVDIQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-09-18T23:57:27Z"
|
||||
mac: ENC[AES256_GCM,data:nBRzGlhrgKchrfnidh/SUNiT04UVeeuck7wWL8M6Jfi0zJItankJaCAHlFzHku5+HYCM+6B1TN5bBKzyrizMAAtZ7fwmUjMt1TgXDSmG4CQXrUSmTkItlHnA1W8MvdFbJY5+cS3aJNx7rnvGp5H5OroedL88L+uuIHqxEx/qxRI=,iv:E4MmeS+xBPIvd2QNxpOHGx2Vpj16s9PZzp6kjkbItqA=,tag:FqVEO7iEjvAuJE4EJ35Yww==,type:str]
|
||||
lastmodified: "2024-07-15T23:16:58Z"
|
||||
mac: ENC[AES256_GCM,data:YEm+/mTkdLblxqrQAkCW8QUoQVkK1drgdHCt463aBUl9r04TJdRbij0p3QuLzVIvXJosdBQ0dN0Y/huuFOkP2bixH1q1WtBaqt98iYuR+Gessj7+kDekTNHCNQoZJjbFfqOwIEFNw/if2kY4aHcUoyQQj//yoGTA0vGbqrWzcX0=,iv:KWIo36gl7hOrEDZulqwRwr6eCfc6Hat5f17hpLLDMW8=,tag:3IBrvYXxN4j9I72lwiKq/A==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
{
|
||||
imports = [
|
||||
./bind
|
||||
./cockpit
|
||||
./dnsmasq
|
||||
./forgejo
|
||||
./haproxy
|
||||
|
@ -9,9 +10,10 @@
|
|||
./nginx
|
||||
./onepassword-connect
|
||||
./podman
|
||||
./postgresql
|
||||
./radicale
|
||||
./reboot-required-check.nix
|
||||
./restic
|
||||
./sanoid
|
||||
./syncthing
|
||||
];
|
||||
}
|
||||
|
|
|
@ -9,7 +9,7 @@ in
|
|||
package = mkPackageOption pkgs "dnsmasq" { };
|
||||
bootAsset = mkOption {
|
||||
type = types.str;
|
||||
example = "http://10.1.1.57:8086/boot.ipxe";
|
||||
example = "http://10.1.1.57:8086/boot.ipxe";
|
||||
};
|
||||
tftpRoot = mkOption {
|
||||
type = types.str;
|
||||
|
@ -18,14 +18,9 @@ in
|
|||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
# Ensure the tftpRoot directory exists
|
||||
systemd.tmpfiles.rules = [
|
||||
"d ${cfg.tftpRoot} 0755 dnsmasq dnsmasq"
|
||||
];
|
||||
|
||||
networking.firewall = {
|
||||
# dhcp ports | tftp port
|
||||
allowedUDPPorts = [ 67 68 69 ]; # server/client/tftp
|
||||
# dhcp ports
|
||||
allowedUDPPorts = [ 67 68 ]; # server/client
|
||||
};
|
||||
|
||||
# Proxy DHCP for PXE booting. This leaves DHCP address allocation alone and dhcp clients
|
||||
|
|
|
@ -9,10 +9,6 @@ in
|
|||
{
|
||||
options.mySystem.services.forgejo = {
|
||||
enable = mkEnableOption "Forgejo";
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.forgejo;
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
@ -29,7 +25,6 @@ in
|
|||
|
||||
services.forgejo = {
|
||||
enable = true;
|
||||
package = cfg.package;
|
||||
# enable sql db dumps daily
|
||||
dump.enable = true;
|
||||
database.type = "postgres";
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
services:
|
||||
forgejo:
|
||||
smtp:
|
||||
password: ENC[AES256_GCM,data:sq+vLUV35+sclAszVQRU4up1s1y6K6BNbzSW8hKBN4kavJOZLX6o86xTgNjjScQop1c=,iv:5zbzggdTT59ali0LzmPtaP/jAnGCYoJFcIEZkFNFmJw=,tag:z9s3NQptPwKOC+m/EUVeWA==,type:str]
|
||||
password: ENC[AES256_GCM,data:kkKrSGJER21Q3efHuJ6YJVcmqILMYMME+e1GRdNDOX+sDgKwapY+lJrlELgD5RFVJN4=,iv:/nxRa6Tn1pGGYQ0mds70p3+a9ZYHv6UidngHvI5GTIY=,tag:4rScz6znMhgtQB9V4iDqWg==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -11,77 +11,68 @@ sops:
|
|||
- recipient: age1d9p83j52m2xg0vh9k7q0uwlxwhs3y6tlv68yg9s2h9mdw2fmmsqshddz5m
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPUXYxY2hGci9ZZ3BId0xE
|
||||
TFJJVzdJQ2h2TlhNQk8vZFYyajZyUVpiY0E4CjFJR0lGdG1jYk1EejBNTFVwekJD
|
||||
bE0xR01SNWNib3VyRE52TG1hbFYydXcKLS0tIEtkaW9RN2lqYkhwR29JZm9QcHFM
|
||||
U0hqelgyTWJGUW83emttS1pVYzlNOWcKWp+wQH8iZH6ox+unG6Qx/2vbG8GeMpCa
|
||||
k3lUrtyqEKxw3V08FA1gWvLF8XWVgYGVS1jlZFypOVLbl5Ig9l+VDg==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpM0tHclk4K3ZTZ2VyTk1i
|
||||
MXliVmtmUXBMWlFlTjZHeEdEbHArUjJwMVRrClViKzZJNXkwMHF3bW5FQUxROVRF
|
||||
UTdadFdseVkzaUpvMnNKaTZkVWNJSVUKLS0tIGxkUmk5ZmFZOWtlUndJdjFSL056
|
||||
dXh2bG04QXR4THB4WFVSamY0SWpUSGcKwYArSMUjLm7j4+0vdPw8x8WrfIMEvJz1
|
||||
K8Tqc2IJ1KfH4GGcOveYt9UcgUrzuvXsSnPydKWnc86RuFA+X6Qixg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1m83ups8xn2jy4ayr8gw0pyn34smr0huqc5v76e4887az4vsl4yzsj0dlhd
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmcWsvN2w3MGp3M21xc3BT
|
||||
UkVueCtwSmdRNjNXNFdYY1NBTUF4Y2czVFVjCmhzcnpKUkVvZGRzSm1KTGs2SldW
|
||||
cEZ1djNGUWpaek9lRGFkWVlqSHJDWmcKLS0tIHY1TU1FNm52clhZNVBDOWtrOXI2
|
||||
b0RWamMvdWMvS2tSMnRTcTFlV2hBdUUK2RMSSn4WBhBiv5k0NNoXdwjPJkueOoXu
|
||||
OXEeslquRSkZ+f/BpbhzFTXRzlQdLA9keMTcM20SK1IBuKICkJ5eyQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsNTVGdjJ0dGE4aHBDbjRx
|
||||
VWlJeXEzVkF5MXNmN2VNUnZrZTFuam94ZmdZCjZiSXpNZTk0VFVuck9ac3hDenZv
|
||||
djZrbndYTjREUG5RSTNFNnhLTkRWSzQKLS0tIHR3L3BDditLcm1BMmlLcWdGNFFt
|
||||
MGRBaFVjTzRNaXlOaGtvUzlmanZTb00Kb/RJFiSQ9XlRAfjrrncoJlDnQAJw9LI3
|
||||
lXX0+BKL4fz8VUFY1dqcuDBSuvssADkDxU4X6yaebt/touhXJ66A8w==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age18kj3xhlvgjeg2awwku3r8d95w360uysu0w5ejghnp4kh8qmtge5qwa2vjp
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWbDlZMlcvbkk2WnJmZU1I
|
||||
djR2UEtqbUlsaVVQZjk1R2RjbVpTT3VQVVNBCmV4aWVLOFdkdnhEaWgwU2FzbVRL
|
||||
ZVVLVjN5WVdNMWtxbDcrUGYzZ2xNWDgKLS0tIHpTdExXbXF4V1pnSzBMcnFoSWF4
|
||||
eU83ZVVnblV0eE5ia3QrMndDNG11MXMKF+iGOD0KKJV7YgxmI4ucHjvyGu+0EcIQ
|
||||
smjK+ENxzkfk3yFICjkiIQSVBygvNiV97oPVpYeYGnhyiH3xefgyWQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDWUVxVGFobUxZV2M0ZUx4
|
||||
NkpWTTVYZkM0cmFYNFJXYkE5SHJaaVpvdlVNCkV6UTN4c09ZT1RkVE1EYjlVZkhm
|
||||
Y1ltSWpuSW95SXVkb3pyUVQ1ZGJ2Q28KLS0tIC82WnVsQ3RxSmxaL3czRlI0cTJV
|
||||
OFd6VXJZUnZkT204Y2locHVvb3VpRHMKg9AMO4e5qGgSno/8FWEseUW9bQmfxVS1
|
||||
UOYzIvtmAZVuL0uxrz6b9TwOv0CooP0+JhNOjcuFzcbMCcM1CQgwvg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1lp6rrlvmytp9ka6q89m0e0am26222kwrn7aqd45hu07s3a6jv3gqty86eu
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGUWx5YWhHbWFZeGEvV0VL
|
||||
TnU1akp0WHhlczQwbW9LZ3BTYlhFSUVlaWpvCnFsZFFIdXNubGRyQkFnNm1nSUVQ
|
||||
d3Z2WUwyVjYraXRxV3NoZVZYbVhyQWcKLS0tIG5LV1hDRng4aDd5eDUzY0k1TXQv
|
||||
SWNzRXgwRTRvL3hEc3ZvVGFiRTQ0UEkK/9vK8sXbEqxQ4KCxzMeFHmqoTSLd/kx3
|
||||
JBt18+XISrPYptEekZTV6obp2GKxpHDj0LEsNpUIjPWmIbT6gInHBQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjVFJDbGtEeksrN3lKeXJF
|
||||
dFIzd280SXRwZmVycHl2YlZ2VEo5dHhQVTE4ClBHS0lKd0FaMkNZT0xlVUF0eURO
|
||||
TDZ6ZWJBRmtNMUZFN0FqbEVtdUxjYVEKLS0tIHZOTUZwUVdXenlDb2JxUXE3TVgy
|
||||
UDZMb2xQVGIraDNxTy8yZDV2cEtHc1kKyjdLT8YcpB0yhXugPcN0scRiiTvpaF06
|
||||
AoBdKBnxWHn1EVuypo75gOvKHwUMDdiQY/WUndQdlNOihDjzCSYGUg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1e4sd6jjd4uxxsh9xmhdsnu6mqd5h8c4zz4gwme7lkw9ee949fc9q4px9df
|
||||
- recipient: age1vsqx6kukrfhrwdy4sujnra5gsswzuh0cfcfdh0d9qjrkts8hl5aqnjx32m
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxZmFZUE43L1FzTFltamdX
|
||||
Uk4zNUtjMmlwcFVEeVB6UmFjWHM2OEpMaGxVCi9HYmFOVjl4MDl1MFAzc3pTbWtO
|
||||
WHIwV0labHpmYUFFcWZwNWdrN1dhVk0KLS0tIHM1VENSWWtUN2hFa1hLcUJjU1VJ
|
||||
amJ2K2xHL1FwMlErZitrSXRwek05TEEK/KDJHIOzuMCp1xON6ZYsgMKbYIQ5MAm8
|
||||
W5U9PDE93js7j8lR4dTq2AASB+U5nk3I0MPPrcqhHkVcsSwMuKYSUg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age19jm7uuam7gkacm3kh2v7uqgkvmmx0slmm9zwdjhd2ln9r60xzd7qh78c5a
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmWHUzSTYvaWRQc1dhWEN2
|
||||
d2JwdjFldkRzbi95Q2JpRlZFaUVGWFU0MUFFCmpaaHdQbmw0Q2FVS1JvMkNYSzR6
|
||||
aDRCRVI1NU9jRXkwMndyUzFwL3BDOUkKLS0tIDFvclN5eXJTWEg4VGhDVFpFSHdV
|
||||
V1FlN0JOVFBXZ1A2SmxZaGkvU0MrU3MKuK+c/lbMvzdREphCn46IvL8X1iOw4BwB
|
||||
9FdstXHyEX8OW0hFl35ZCNvPyd9pwO5fK/sObDrZ5+aCfFE0MbFbyg==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArM3BsTUhJWTlXSitXN2NG
|
||||
cG1LTWs5MFZYV09Ga3JqREdmZ2NDYVRHa25JCm4vNFZXS3JQdTEzUmxmbld5R1BD
|
||||
dFFWM1Ivd1M5dTNJbExLZThNYmdCbE0KLS0tICsyWmh3bjZLVC9ZSUxBVlpkWksv
|
||||
WXpaZDkyOFFnTkYvVDJjdjJGeXVSZGsKjJEb7JlXb8n/l0j32ixReFR+UJm59CYy
|
||||
QyGCeBuAWOpeDw5d4jA+WikFrRRAJyiTcvsVi+PAzzqlOAlT0+/KrA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1nwnqxjuaxlt5g7fe8rnspvn2c36uuef4hzwuwa6cfjfalz2lrd4q4n5fpl
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnK1N0S3pDa2tCdjhiMGJJ
|
||||
T0lDNU9YQXN1bkJuM1NUUnFzeGJBN01WTEVFClVVNmNTekpOOHp6N202L0NzSno3
|
||||
MEwvMUx0c1ZmTFpscFlTM3FDR1VhOE0KLS0tIGM5TjBiQjByWkMwY3lhQm5CVTZJ
|
||||
K1pPUER4aVlmN0FKTElEOXdzbVlRMVUKaqTcad+P1DfUqEhD7YUdsGaIx2H4IMco
|
||||
Kh7lk0/ppXFmcRAKWF3luwdLkaebkFzx56MZjJGroNmMvkR0fMUv9Q==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjSXg3NUVia1hkK08raHRI
|
||||
VmlMRENkMHB4bkFJNGNiRGlLUitSQzVrWFZnCkZPWTI4QjhiWUpaYkh2NHZwR1dG
|
||||
Z0Zub0JSdWwvM1ptazhUdWpxL3htR1kKLS0tIE91bWZObHVRSmZNNlBJK2FZK2RF
|
||||
UnBtNmlJbnRYRmVyQ2hMcWNxSjVkVzQKZ9+hpZk/VnMKaVEUoajfBfMjkqz1PbVl
|
||||
Fy6cOfjXzGCtx8vsU3TNILy+23M6e3G7K6ghHnhO5kL4StAY1PTR/w==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1a8z3p24v32l9yxm5z2l8h7rpc3nhacyfv4jvetk2lenrvsdstd3sdu2kaf
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5T0syRFJiekFaeDRsY0FT
|
||||
NE1DQUgwK3NQS3lQRGRTTXFQVEVkK1pYYkJnCkNWQ3J0b0V1eXF3OVF3R2JjNEpy
|
||||
U3libG9INjl4K2VEMHpMMHdRYVViUkEKLS0tIEliSUFLWlhmblFZWCtRdDRGNlNa
|
||||
VXhhd1BLcmh5TnVsaEJaOUJURG9VYlEKeFta+e5e2EiJCSL7CMrIoYwyAnCeybEq
|
||||
vYfgMETwNaAh/AfGS1mdEABpK1tWi1H6Uu44g8OWTiszjQ09shb76A==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzZ3JDSGZ5WTRybGpVdG1Q
|
||||
Y2crbWlQMnAyQjIzbzY4RHcwV3pXdGVzY2s0CnE2MTRLZnRQakU1RzVlQ1NDeXRk
|
||||
U21mM0ExVzQ2QllOdTltQlpNOE5EU1kKLS0tIEtOa1BJdnRVY3FuZ2Zlb3g2ajhN
|
||||
eTRFakI4MlRBbEJKbXBHSXlBWlZJMmcKaeSAhUZHIlXOaKqnRcARJITwQdJLFbpt
|
||||
Hs5sshvnv+EZjvir9L0EgRtgpUmnpkl+mGnQxaBW4YVf/iiQYTyHsA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-09-18T23:57:27Z"
|
||||
mac: ENC[AES256_GCM,data:DrSjFv1jbSuMO2QL6h8h8ln0Y5VBDBSrqC8rvaLZHkd8MOF4IPsjQORN2coZJNNvOpGhZsTiZ2prBBCQfqGRI+QWNlGTezOfWCZpFa7Fkp7g8TXZQmAkvrpnkFYgcL2JyvN5PrvL1j6gK4+zP7ohjLk1+v1VbYOPSab+N9ftYRI=,iv:VDGLfHXC0/vIue1kIKTGxK5x0CskAyG0CcNUOmHEXfc=,tag:CWXtliE0nCSiiW5O630A1A==,type:str]
|
||||
lastmodified: "2024-07-15T23:16:58Z"
|
||||
mac: ENC[AES256_GCM,data:61nap2R6vs3XTFECmq5F1rqPE6eWZyM50dsYtNMfAAWQU9D9cyaDEx6bKkwMyBpxSQNHlGJWoglwRvZH2wQsLB46sdR9UNosqJZD7RRRh/RzkY3SWW6vHeP/YgnfsGgPpMWleBI7jnH/4EMoB8a1PECZiR7L/8BIFDlmdklbJ/I=,iv:G5xTBn3oFBLJHIEqGsghAXrZc115eGwWBbMLBOHET6Y=,tag:bnZodcvP+6nbc/yFcQVogw==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
|
|
|
@ -6,27 +6,18 @@ in
|
|||
{
|
||||
options.mySystem.services.matchbox = {
|
||||
enable = mkEnableOption "matchbox";
|
||||
package = mkPackageOption pkgs "matchbox-server" { };
|
||||
package = mkPackageOption pkgs "matchbox" { };
|
||||
dataPath = mkOption {
|
||||
type = types.str;
|
||||
example = "/var/lib/matchbox";
|
||||
description = "This is where profiles, groups, and other matchbox configuration is stored.";
|
||||
};
|
||||
assetPath = mkOption {
|
||||
type = types.str;
|
||||
example = "/var/lib/matchbox/assets";
|
||||
description = "This is where matchbox will look for assets like kernels and initrds.";
|
||||
example = "/nas/matchbox/assets";
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
# Ensure the dataPath and assetPath directories exist
|
||||
systemd.tmpfiles.rules = [
|
||||
"d ${cfg.dataPath} 0755 matchbox matchbox"
|
||||
"d ${cfg.assetPath} 0755 matchbox matchbox"
|
||||
];
|
||||
|
||||
# Matchbox Server for PXE booting via device profiles
|
||||
environment.systemPackages = [
|
||||
cfg.package
|
||||
];
|
||||
|
@ -36,6 +27,7 @@ in
|
|||
allowedTCPPorts = [ 8086 ];
|
||||
};
|
||||
|
||||
# Matchbox Server for PXE booting via device profiles
|
||||
users.groups.matchbox = { };
|
||||
users.users = {
|
||||
matchbox = {
|
||||
|
|
77
nixos/modules/nixos/services/radicale/secrets.sops.yaml
Normal file
77
nixos/modules/nixos/services/radicale/secrets.sops.yaml
Normal file
|
@ -0,0 +1,77 @@
|
|||
services:
|
||||
radicale:
|
||||
htpasswd: ENC[AES256_GCM,data:5ddA5KQfwz19///HzOsWfQ==,iv:RF0x0m+ODyDjQhn7eSBEXu5Leg0EvpMvuLVErDZihAo=,tag:HhHzXcroFshr1H/ditMARA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1d9p83j52m2xg0vh9k7q0uwlxwhs3y6tlv68yg9s2h9mdw2fmmsqshddz5m
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0UjFGTkNCaHVEK3ROTVBO
|
||||
OUxrcmhjR21YempEZWVIOUlLYVNuMm9XOURNClJkbVZ5MEFmL0dhTWgzNWtYTHUy
|
||||
SUlyZmtYTXZmWUx0V3BGZFRjOTcyWVUKLS0tIDNVSW5ZcU1IdW1jRTJucUxIdm5x
|
||||
TmIvZmRRaFh1clkydDVlcWxvVGJkOGcKFpeAAdv1pi5AixsBKn/0Zo4QRTNBrKdm
|
||||
8Qy6MVZg8HTf/CezK/XjkAoiB5K96fATXTpdZqZ7jfcuYLdpfEU2jA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1m83ups8xn2jy4ayr8gw0pyn34smr0huqc5v76e4887az4vsl4yzsj0dlhd
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDQlRJNlhhdkNLcjRjaFZT
|
||||
YVZJdDJLeFYwMzJUZlllaElPazhPaE14YWlRClNBWDVkTWx0Qm8xTExyT2dmSjRP
|
||||
VHdNM3pwQkNXUW5xVTZlVC9YTFFodjQKLS0tIEkyQTVHd0pqelppSXJ5SGpHSVF1
|
||||
aUd6ZGhaU3BsdnFVV3NqMDkwbDdVUjgK1BnXUPCCo7M/sdpGfLOOJ5AAjyI9isSx
|
||||
9WJ5+WmNxygzBDczPjJITBrvZMGduAxWqQP/FrLe9rQ/RA3DGJjThA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age18kj3xhlvgjeg2awwku3r8d95w360uysu0w5ejghnp4kh8qmtge5qwa2vjp
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKdWdJandiNXJhMUxwSm5p
|
||||
eHh5bmM2MmF6d2MvdjBXYmhyZUgvS1V4L2pnCmxDYm1VUi82byt5SFJ6aHdrNmp6
|
||||
dENPTmgvVWZPYmZtN0s2VG8xNHplT00KLS0tIExYcSs1bENBK1NFZUluSjFCOFVp
|
||||
R3lmaUNyT0lyaWlhdGJySWtLWVNqLzAK28Nd/WUDXXW2BXhLvZpzbOU7kSoMRPaX
|
||||
jqx6VRHBcgXvPJcYh1KK0nnxo6+DlLeTXI/ai3H6WI3TbQHNmoLEGQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1lp6rrlvmytp9ka6q89m0e0am26222kwrn7aqd45hu07s3a6jv3gqty86eu
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGc2lUelNyV3BGNjl0STJw
|
||||
clpiSUZUSTUwbEtZYjcvbzVaVi9EQ1d1WlFFCnhQbC9Lelk0V1RmQTJ0K2ZZazdo
|
||||
NTZCREhNUE5KbVR0ek1Hd09UbkN2bkEKLS0tIFVyd2YvZ3g2R2dOaEJOcWVWVG9D
|
||||
b3REQnhvOENGbWxtdER2T05wS2RINTQKRhMiqLnu2Ww098A24fNtfDFSMC/t7A2D
|
||||
qcLdhazNwKvzCSOW0i+EYsG4beWcqLyDFA5dNpGWyfRYSh3QJWTdmA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1vsqx6kukrfhrwdy4sujnra5gsswzuh0cfcfdh0d9qjrkts8hl5aqnjx32m
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsdWNXSks3MEF4eGVHREpp
|
||||
VllDczcxbThRYUsxZGhHR0J5TVoyTmFtdWpNCmJHbG5UMExLSHh5ZkwyRDMzc2N6
|
||||
UG1WTnNyTTdldHFDa3VKOG45Q1RmU0UKLS0tIFFXKzZHTm0wTVpheEw5RE12bWlo
|
||||
NHFWWlRBdmRRWU1DL25CRmlVdDhhRjgKutzYioPd1LJvQdo/FQ+hQznRqsIhSGfn
|
||||
c2ZwmE3QgPRhfh1CoeoK+iK/STVlrb8DEPi5VPEOz74+kbr18v+K5g==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1nwnqxjuaxlt5g7fe8rnspvn2c36uuef4hzwuwa6cfjfalz2lrd4q4n5fpl
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhdERIZTlEN3NRK2R1WUJL
|
||||
T0ZScVpraUdaQWE2WU4zdUp2Rk96T0xzcGhnClNWSGlKODYrSVBlM0V5RkVaMUt6
|
||||
YUJIa1NnZTZhM1ZXOGp4ZHZidTR6V2cKLS0tIG54RU91dkZEeFB4WGdaSFpQTjlX
|
||||
NVF3WGdGZmxxMllBQVlYQy9zTE03VW8KE9LaWyGBs7vRBjayY+8XiFDq0uFQIFfy
|
||||
AqeVIQIAlt6EKXzUwCD/otHgCAJmI1T/2QNc7x34HjgQi1NcjZzxJw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1a8z3p24v32l9yxm5z2l8h7rpc3nhacyfv4jvetk2lenrvsdstd3sdu2kaf
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOdXNFbGNLb0RqZXpQcXda
|
||||
RDd5ODk1QXk5N1o4Z2N2dytIWlMvVVVSa1VBCkNLSzZWZG5rc1N1d1hQQnladVJ6
|
||||
VGwwSmFkVU9GYmZyQjhiK1ZSNWRrVG8KLS0tIFkyM0FDNUhVK291eGl4cjNTSnRk
|
||||
bUs1eUZkcWJYM0NVU3FDMDFKNTNIWUEKbfdIAAfRNO5OXmvxA4az2be6O+aSIzfL
|
||||
lHfQwH+07owhw6K17vJaKlOVGlpTLVpW88497ILCoUrcH9QbVnGAcg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-07-15T23:16:58Z"
|
||||
mac: ENC[AES256_GCM,data:mgsfpMzhJ0vaoxNTbfXcVZ395e79wFGTK7YmYZY1nUOrTFP5NO8xUB+A9RlnUVrgKEV6eJBLYah6LX29fjwcllgT3aJnk9oFf32PxBPaYxg93m/L5a1+8cHbYn9JqQcPzaqmCCqT1uK5DphO2ztxKqlBhzEhx4UIfh5hBkyu3cI=,iv:n1oVTFkQriDMdRqmcUNApqzfaCX/rGNhzjGPAgPTK7c=,tag:E3uoBzPxhBk0lBF5GMhNoQ==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
|
@ -1,8 +1,8 @@
|
|||
services:
|
||||
restic:
|
||||
password: ENC[AES256_GCM,data:QPU=,iv:6FYmdgpKLplg1uIkXNvyA+DW493xdMLsBLnbenabz+M=,tag:SVY2mEhoPP/exDOENzVRGg==,type:str]
|
||||
repository: ENC[AES256_GCM,data:VGtSJA==,iv:K4FnYzTrfVhjMWf4R7qgPUCdgWFlQAG8JJccfRYlEWM=,tag:43onghqVr44slin0rlIUgQ==,type:str]
|
||||
env: ENC[AES256_GCM,data:TWUJ/GE84CTiLo1Gud+XsA==,iv:gKC1VcWnGqEwn5+e5jIqsIfipi3X2oHGvrG0rgqQl9E=,tag:QIBfXblvSDxAVYbZGAN3Mg==,type:str]
|
||||
password: ENC[AES256_GCM,data:PMY=,iv:GzQOdFF+rDY/WN3uZK7FV2++o2Mh4fnhzHhNnzyiJ4c=,tag:GhnZYmvoaDb3wSbHA50DkQ==,type:str]
|
||||
repository: ENC[AES256_GCM,data:1Ui21g==,iv:qC8f3+nYS9HTF5WqFfiKjAFY0tSQhL1XU6sAgIK7vCs=,tag:ykOm3Tv8XWbqDofPChvHuA==,type:str]
|
||||
env: ENC[AES256_GCM,data:tfXFwJZkdFrhwN90u1tT3Q==,iv:ShVllR4+CNOURMwCIF5ionQZEs6Zv+GCQOwpZ3cNlIU=,tag:udAASv7SH635dqNtNf4z7g==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -12,77 +12,68 @@ sops:
|
|||
- recipient: age1d9p83j52m2xg0vh9k7q0uwlxwhs3y6tlv68yg9s2h9mdw2fmmsqshddz5m
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvRUJEU25EaUhacWFBOVg5
|
||||
TWI3NmtkWFpONHRVZ1BVSVRsQzMraVdmblFBCmd2NzcwMGRTMTR6ck9lcGZSQmVi
|
||||
dHlFeS9RNENKcDEvS2FiRTVrYjVlUGcKLS0tIG1VSW9sejVWZmJHQXlIOVpLMjds
|
||||
SHV6U2ZhUnVpQVNROGNjNEtZZXI1bEUKXjSwBNA8ylfo4CWlefFfajm2JdYtjUVK
|
||||
bqXlIH/nG+nQ+I4Rj1XHo7hAuxCatuN0bGVBkSlzqIZk58/JladwFg==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0QStpWFFiTDF0dkMva28w
|
||||
WGM0TFdOY2VhUGVCTjh6ZzFycmZkci81MWtNCldGZksxNHR5MnFmQ1ZnMVpXK2xo
|
||||
OWltSjQ1OEN3WnNqK2xTN3haYWJWYkEKLS0tIFJBSHhSNWtxSkFYcFZrL1o5dGxX
|
||||
RVFWMVJXMnRQdWhFSEwvOVVicG50ek0KMJYN1Xo4Y1QgPGkGcglXa7wip9u8gOeG
|
||||
E4e4s9upSyjZTKOe+6OOnYXjVl3uc0SJLmdjvQyqqMR7SnOTqjqbfw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1m83ups8xn2jy4ayr8gw0pyn34smr0huqc5v76e4887az4vsl4yzsj0dlhd
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMWis3TWZ0djY4YnJNek9N
|
||||
T2VXK0IzaStkMisyaUs5MTVHeXY4bytoUWdnCmlmTmRXRlRwOUZVQm5aWkxSKzFB
|
||||
UzhtbWd2Q09sbTJPeDRWeTFESkcwWUUKLS0tIDVaN0d4UGlTZUhIaXVKaXJRNThS
|
||||
algwTTZsVzNTQngzVUwyU2lpNll0bU0Kjz+34mvPPAfGUQKMH6LXawGou9HjBTjJ
|
||||
p9vxncB+7ykvT4e4Z0PpPE/Zo5yvi9rt1T8bZ6dG7GA5vuE/4BarCA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIWlNFbXlONEI2L1NhOSs5
|
||||
TXA0dERBV0xmUDlHN2FDeXBKZ3FROEE2d2cwCjF2aWZSbGloYStEemozTkJlelZS
|
||||
TC9tMnNDL05YS01lYWFlSjBDMjBNVmcKLS0tIDFYVSszTGVpTWlQc2JFNE5HTGQx
|
||||
allaTGsycThSKzJPT1R0TjhlZ21tYkEK5eFfulRlIjh0j/n55uCtkgTe9Y25Li1k
|
||||
TaMfOiS56aeDBVJx0x/glR2gvxR4yd0si1fPijsbP2179JqE7zFNSg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age18kj3xhlvgjeg2awwku3r8d95w360uysu0w5ejghnp4kh8qmtge5qwa2vjp
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByK2FNS0tJaTdRQzA0VVky
|
||||
aERMTVdqRzBwWFV1WFJJcVRKSTFIUlh3U0E0CmFKZm9jUHBpRjJCZk9PVkNWVEFU
|
||||
RURReEhGNTRmWWpLa1ZNdVFHK3FQQWMKLS0tIHcrMTBiMGhlcFc3RzlmVEp2OEpX
|
||||
ZHZLdXV4a05NaGRmR2Z1SkZCV25kNUEKHU1v1OK0d2ud7QL+gEoA8R4Z5YgVSP42
|
||||
IvnEQxjjXZjC4p+OjFErKcWrVb+3DGzqF1vngJVrXmIgOx/SZKTa/Q==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4YnZoaWIyajVLYjFHT3NR
|
||||
UTNNY2llYW5mWjJIejhCZ08vSGQvWDZiZ1VRCmNMeWdGelRod2x5NmdhS2RVWGhl
|
||||
RmxhOGo4OXFINDgxbjQvQkNpakVkZzgKLS0tIDNNVFRmNGQwWmJKYUlFN3hNbVFw
|
||||
MXZoMXFkaXhCaHhCclZrb2R1WEVjSjAK2InKsgvBb6tI8gUZYwfGAYOly0pa1mFK
|
||||
kuQyj0VMYFI3O7c35ZpwNmHCtFzxt2rza7E0DGrYpVUlJgOte6Gicg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1lp6rrlvmytp9ka6q89m0e0am26222kwrn7aqd45hu07s3a6jv3gqty86eu
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3MytrUFpsMUVpT3pTNWlq
|
||||
NjMrRjI5a3NqNzlNV2JlczJRNXNicVZaWVdNCjNnRHM2RGV1SEh6M0U3T0NvdlNQ
|
||||
a1JIZFp5bHJwMXlNd29DQ2MwckRrczAKLS0tIHdmd2lFZ1FWTFFMUExPeWRXd2U3
|
||||
RU9UYXJESnAyYXFITTN0cm5QelR2T1UK3XUlIGQED91sUPc1ITq1rXLj/xhkGM9s
|
||||
R4bsTK5RqpXE+RmGfxeAMP7Om424vjM76l6DU2JkoZietDwR35UA8w==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhZnZKemIveDRTZGhoN3lB
|
||||
bHlNOVNFUnAzdVBjRk5HR3lxdGI4UWdDTFdFCkUzMUdEMXk1dVppdTJhMmgxRjBG
|
||||
UDl3UzlhUi9nOS9WZW5naWhyMlN4NWMKLS0tIGJVZndlOTBQMjM3dEROUTdlQzEw
|
||||
NXRkOUhDaTU1am0wbjNXWkVOMUZsZ2sK5uOwOezrleA+zwYcDYjBdGQXRI+27ZLr
|
||||
850yLNtKO248aFX128JTk5+J1OV5Dv4QYRbzGfpb0/mK0U1uTXLm1g==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1e4sd6jjd4uxxsh9xmhdsnu6mqd5h8c4zz4gwme7lkw9ee949fc9q4px9df
|
||||
- recipient: age1vsqx6kukrfhrwdy4sujnra5gsswzuh0cfcfdh0d9qjrkts8hl5aqnjx32m
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjc0haNU95V3JRUlpuUjha
|
||||
SHpOWThJWVMwbElRaFcrL21jYXA2SFBHeFR3CnV1MkRxbG9QV1dWdjJxWENtQk5L
|
||||
M1g0cDJXRjN0VFhiRXZKbG1yS3hXaG8KLS0tIEtScWorRENpbFZWMjVXNnIxTTdi
|
||||
djdBdThNMzFZdlI4TVBJSjdxeXg0VE0Kcwsa/et9gMSlm46rt0vZ/dFy3ZCZQ5Oi
|
||||
WLJ492+srIeE47Gpye2jN2XAmM4exCijYkZeQvPpLIFvBFmQCK30hQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age19jm7uuam7gkacm3kh2v7uqgkvmmx0slmm9zwdjhd2ln9r60xzd7qh78c5a
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMTDI0QXZaMlZLUW9ST0lW
|
||||
Q1M1ZmlpTHpvM0NHejFSNEx0UUFnTVJIN0U4CllRcnVpUjFqOUZRRk5CWXZqT0V0
|
||||
YWwweld0TE9zZGFmUTVDVVl6eDNETzAKLS0tIGtEanVWTHgxSk9Ld3NRYndOL3dZ
|
||||
WXJrUWtncDZjVE50dmw2MHRCelpzZ2cKfLIQbrTsVGXY+UZCC5p/7+bXKHhv8nxt
|
||||
dvvr+VGnH57jmELqSUoWOgefJ6GFNcCoGSYHZ9cn0UgvhZgx1Wpoow==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmdU93TEgwVHJSeWJmbGNv
|
||||
bDlQZVd5SjQ2eGJ0ZjVYVE9MYnRRZmp6czFzClZvVnFjd213MlU3b01jNHJGWm43
|
||||
cDkxWVh5MTEzY05lVlg0TGJWbWdvYkUKLS0tIEtqc2c3R1JuOTlmazYrSDdlZXJs
|
||||
L21nOU5oZjVySGdJUGpGUy94U3Ixc2sKeHKCmx5yxHprbCq+76K5MNWVZJjOs+ck
|
||||
QiTxxYKvdI7w2cCfyn9l9+dLcMqlqxdRLnoX99oi2ztIDHZEVEmqsg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1nwnqxjuaxlt5g7fe8rnspvn2c36uuef4hzwuwa6cfjfalz2lrd4q4n5fpl
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRN2M0VmVCQ0JaNVhnRzBj
|
||||
Z2Vqbk9GZUtaZlExYTRPQ3ZJWHIvU283cFRBCjExQnJvZy9SMndJd0VqdUpCSDFJ
|
||||
ZmJpVFJ1em9iNnNOcnFTQUExeGZESm8KLS0tIGdnWXNtNEg2SHpjRW1mR28vVDRv
|
||||
VFVRcDh0TlVXR3pYRk1Ybkx3MjhOaVEKsViUc14dePdnukQa3ud/EesnvZL7OCM1
|
||||
HWJYP81C9O4mU1kwRYtC0lGxMQX6aWiFZ5e2ImSi3w+mBP+KihfmBw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhQlNCSytZdTJQbGN3Y2U4
|
||||
NlIxSWsyeTIvU0ZrVjhqVTl2K1pMVHN2UXdnClhCU2djUkZGQzRzYUhNNnc2TmlS
|
||||
RVVrdkdqNUxQdGhCYWwyc3NLQ2l5bFUKLS0tIGVxWm01eU5zb2pma2pUU3VPbmxW
|
||||
cW94Y0dBZVMzbW9icUtyWDV2c1N0ZU0K77jXENggGEHpoe6qQl5O0sBbycrmlPoo
|
||||
fnIMedUGzXpzYRV8cyKnY1sFGwyU2ymGsUff7cIBablwP1/MAKRJmw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1a8z3p24v32l9yxm5z2l8h7rpc3nhacyfv4jvetk2lenrvsdstd3sdu2kaf
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCUlZ1TER2anNCRHBKQm1v
|
||||
QjhybHFCc1dod1djeWxkRmhBSC9YTW5IV0NJCkM5c3hkYWtLZnJHNVpPYUh4TzBR
|
||||
U3ZaMEdSTVNsenV0RVorTTZMUXdYT3MKLS0tIDV1dWxjbXNtekZaUk9xaVdOYU93
|
||||
UUpVako2MGVobTcvNWRsTWMwZm5ZSVEK1uI5dVSI4vY5hw0oxj21mJYoZB2Jq52z
|
||||
e+RDvcyBFRsS+238UCVi5qDdA8DcnQ2uRiBxKDGC2P3RoVU5TeCfTQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrdm9ZNmdvVnhROFZvVVhu
|
||||
QkJGQ2J5MkI4VjVLNXNSL2svbnBKZUJ2Y1MwClFsQ1JQSEhlK0JJbTRHNzBNU2tI
|
||||
aDl4eFhMMlhib1QzZldUcnVJdVZMSFkKLS0tIHBoYXVYazk4S1VpOE0vV2tqL2hC
|
||||
N3JDRm1OMFFobjloaXBNNENrQ29BeVkK/aAtqd93BGI5q3bZHydLxmVp6iBgfNUE
|
||||
nf+dZioVWVdoK9LSpoREFuOQu4upZ3MjxkClO0hjBJwaACElPrUF2w==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-09-18T23:57:27Z"
|
||||
mac: ENC[AES256_GCM,data:88ZnGTkV1xxZO7UuVm5clZrHUMeiqAG++4X4DbCJGwqL+VDagYVhsui1+PzN62h6TgXtARecHON8TXd8z/NF4ekiY+LAcMC3m9x5AzmGYa7Qd5FKht1O6RfRORBDrojj251cqCifDxeGPq3C/X4Zi8Jg4KTSk1lAJoXMsqJQ3+c=,iv:8NnKOlzXD1jRVQ/tgoChEb0YY18Y7VpEiq85YhupTws=,tag:eUbLR66sNqQ2VIQW0/CBwA==,type:str]
|
||||
lastmodified: "2024-07-15T23:16:58Z"
|
||||
mac: ENC[AES256_GCM,data:Eht9Vth1XVzeTCTyS18neiLthQF2c1DZkUkrYv01v1nC6tRPnWPd6+7zPQsQbdUuImwEthFpGDtNY0DLqwuZ9NWWhtEhWspUK2QKxNDKdP/aDT5rnjcf5tvyDK1EGnvTfp/fbw5I+z1mQYfrrUrQNVn6eiZXO+71mF9zoQLu/C0=,iv:TMnbBm1d5BSC6ywdwR4Mmn39qyCEyjSr5ndwtcwQk/k=,tag:qcAjLJl995bSmJtzGX7VbQ==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
|
|
|
@ -1,46 +0,0 @@
|
|||
{ sops, ... }:
|
||||
{
|
||||
gui = {
|
||||
user = sops.secrets.username;
|
||||
password = sops.secrets.password;
|
||||
};
|
||||
|
||||
devices = {
|
||||
gandalf = {
|
||||
name = "gandalf";
|
||||
id = "2VYHSOB-4QE3UIJ-EFKAD4D-J7YTLYG-4KF36C2-3SOLD4G-MFR6NK3-C2VSAQV";
|
||||
addresses = [ "tcp://10.1.1.13:22000" ];
|
||||
};
|
||||
legiondary = {
|
||||
name = "legiondary";
|
||||
id = "O4WI2YC-BZBPF2W-2ALNQ2D-UOP3BK5-ZDSEHVH-DIHS2FG-BSVJCXG-GF47XAE";
|
||||
addresses = [ "dynamic" ];
|
||||
};
|
||||
shadowfax = {
|
||||
name = "shadowfax";
|
||||
id = "U3DS7CW-GBZT44M-IFP3MOB-AV6SHVY-YFVEL5P-HE3ACC5-NDDGAOB-HOTKJAC";
|
||||
addresses = [ "tcp://10.1.1.61:22000" ];
|
||||
};
|
||||
telchar = {
|
||||
name = "telchar";
|
||||
id = "ENO4NVK-DUKOLUT-ASJZOEI-IFBVBTA-GDNWKWS-DQF3TZW-JJ72VVB-VWTHNAH";
|
||||
addresses = [ "dynamic" ];
|
||||
};
|
||||
};
|
||||
|
||||
folders = {
|
||||
projects = {
|
||||
id = "projects";
|
||||
path = "~/projects";
|
||||
versioning = {
|
||||
type = "simple";
|
||||
params.keep = 10;
|
||||
};
|
||||
devices = [
|
||||
"legiondary"
|
||||
"shadowfax"
|
||||
"gandalf"
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,57 +0,0 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.mySystem.services.syncthing;
|
||||
in
|
||||
{
|
||||
options.mySystem.services.syncthing = {
|
||||
enable = lib.mkEnableOption "Syncthing";
|
||||
publicCertPath = lib.mkOption {
|
||||
type = lib.types.path;
|
||||
description = "The public certificate for Syncthing";
|
||||
};
|
||||
privateKeyPath = lib.mkOption {
|
||||
type = lib.types.path;
|
||||
description = "The private key for Syncthing";
|
||||
};
|
||||
user = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
description = "The user to run Syncthing as";
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
# sops
|
||||
sops.secrets = {
|
||||
"username" = {
|
||||
sopsFile = ./secrets.sops.yaml;
|
||||
owner = "jahanson";
|
||||
mode = "400";
|
||||
restartUnits = [ "syncthing.service" ];
|
||||
};
|
||||
"password" = {
|
||||
sopsFile = ./secrets.sops.yaml;
|
||||
owner = "jahanson";
|
||||
mode = "400";
|
||||
restartUnits = [ "syncthing.service" ];
|
||||
};
|
||||
};
|
||||
|
||||
services = {
|
||||
syncthing = {
|
||||
enable = true;
|
||||
user = cfg.user;
|
||||
dataDir = "/home/${cfg.user}/";
|
||||
openDefaultPorts = true;
|
||||
key = "${cfg.privateKeyPath}";
|
||||
cert = "${cfg.publicCertPath}";
|
||||
settings = import ./config { inherit (config) sops; };
|
||||
};
|
||||
};
|
||||
# Don't create default ~/Sync folder
|
||||
systemd.services.syncthing.environment.STNODEFAULTFOLDER = "true";
|
||||
};
|
||||
}
|
|
@ -1,85 +0,0 @@
|
|||
username: ENC[AES256_GCM,data:WSQeuKRVE80=,iv:ci1XiMFsDDx3PbM0sH8ph/twu1FlrI3LSaURp3qaUxE=,tag:GrpaeuVBVK6CqOAiK+F2bg==,type:str]
|
||||
password: ENC[AES256_GCM,data:Er08gOwq4LMXCiH+c1dPq1eGcVU=,iv:TtYcMYMuIRtsPzT47nCe0SEzpy9byuoBIOMTHWEdJkk=,tag:rIeYTmHDYW44pgntALRx1w==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1d9p83j52m2xg0vh9k7q0uwlxwhs3y6tlv68yg9s2h9mdw2fmmsqshddz5m
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEcDA4MXZCNlk5TzVKK09L
|
||||
Q0F3bldGN3p6SCtFM1F5dG9QV09uNXhiMFI4CmhFcit6V0FQL1ZYcVJ2UDc3ZWlu
|
||||
bWc5Qzd0eHBjY3NzRUVXM1V6Sm1tR2MKLS0tIGU4YlNYcGltc21ZbENWMC9TS2JQ
|
||||
VEhZdklMcUdBUmh5Q1ZXdEtYZ3htblEKWr8uQWvUbu36eD3Q09aKpHaAXkzBCx2f
|
||||
g9osxa9r8Ih43NWZvJRTQlXdLi7T+oQj3dyYOT3gTL8L8WkbWuG2eA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1m83ups8xn2jy4ayr8gw0pyn34smr0huqc5v76e4887az4vsl4yzsj0dlhd
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtMGxrdEV6SUREMFlyK1p5
|
||||
WFZ5aUs4QlNSUUE2eEJXcTVjRitjdlhtTWpFCll1TjlWMWd3N1FoOWRqWTEyODVZ
|
||||
a0dwd1RIb1U0OGdUdkUyM2IvYmhyR3cKLS0tIEhhUzdhTml5b1ZaeWNQV2NpUmVF
|
||||
aHdZV2FWbXpmL0RDTUdjQVBuQnBEUjgKELbs5UPRNslIvZz66Imtf4XfFxLUJkIA
|
||||
xAbMZeGbW61da1kfb5Dc/v/zbB57T1qZNDE48nPfIMpQBNQNh8/9FA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age18kj3xhlvgjeg2awwku3r8d95w360uysu0w5ejghnp4kh8qmtge5qwa2vjp
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBadDFIK1lRR0Z4RVhHRXUw
|
||||
QldxNk8zUTVOVFpIM1cwV3ZMcXZPcFpTbEZrCm1NWVpsc05ob2FpRVY1VlI5Z291
|
||||
WDI3ZEZwS25tRVpTMDR5SDlodE51VDgKLS0tIHk4VmhJcWswTVpwRyt3bEcxZEM0
|
||||
MVQrSHR0WHI0eHVaVkpDZzhqZG5sZ28K2vw5S5phg4UXCeWr2baPdwtHDPM7OaUf
|
||||
idLK+rKGFLxXWOcgzCJPDvwdIbvrmfueEPf8chmqcHus1JPYKzASJA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1lp6rrlvmytp9ka6q89m0e0am26222kwrn7aqd45hu07s3a6jv3gqty86eu
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwTWY2YlFHVU94NnBuRlpN
|
||||
RlpMS3kxOUhvTWtsNnVyQ2ExU0YzdXN4ZEdNCnpKczFjWFBkVGhnRGcwL2xRejVu
|
||||
TGhHUHZzeEpVNm5MVk03Zkp3OFYxNjgKLS0tIGEzL2J3SytvZFp6ZTFXWHF5YlU1
|
||||
dGZwelk0eWRsM2xwMmtxMWhQSkNVMEUKUSuFRNYCAuodVIVq59mfFDD3NIK3aCMS
|
||||
WN0/otRuND5kDy4kmTqFil5E8WwRcpHvjZZOAjqDA16DSriZS6mpbQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1e4sd6jjd4uxxsh9xmhdsnu6mqd5h8c4zz4gwme7lkw9ee949fc9q4px9df
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjckh5R0s5Y0E3STZZbWd3
|
||||
TDNtWUxGYVZCKzluK1FzZG9VaUppVUFpbEJvCjhtZDA0a0preVd1SW8xTW9jQkdO
|
||||
cmJQOE9LNUJDa1Q0dFhYcDh6VUxwSzAKLS0tIEd5SkF0RUwvUUVMSW1IY25Oak1W
|
||||
cHVrZGh6R1YyOStmV2dEbXJsY0U1NTgK7XjhWRazgHzIcsDPIsTV3qrYWhJ6FpCT
|
||||
5P+HUNSjdv1sv/KbexJgjWgG0YNv+eRQnqtxzZaniaWcn5gp1JlR7A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age19jm7uuam7gkacm3kh2v7uqgkvmmx0slmm9zwdjhd2ln9r60xzd7qh78c5a
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWU0NnS2E1UzlRYVVjcDZC
|
||||
ajhwSGxpUzNENXBSSE82empzd1pmYkt5SUdzCk5TZWJna0w4UU1MQ1R3WHVOMDJU
|
||||
Q0pvM09OZFJFYm5OeHdQVDZBNW1mckUKLS0tIEhraG9YUXYrWUp6S3VqeThpcWZw
|
||||
aEx6bWNNY2t5UFVwcHdBZE9kSEFrYWMKw40ntGaLDFX5tRK5Ir9yRu4Kbsyl7N05
|
||||
uyMlyQ20zL0TmsL5OFEuIF3mhaLyu2GgigQaQcGffx/DUJdLRc8Fnw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1nwnqxjuaxlt5g7fe8rnspvn2c36uuef4hzwuwa6cfjfalz2lrd4q4n5fpl
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4SDZaeUtCbWt2OFZRRm9T
|
||||
Y3l1dzZwU2s0WDlaNXNaUHpFaExFamtSS3lRCmE1VHI0M3hqSDNCanFuR2l4SU8r
|
||||
aTR6TlhReDJ4SjUvS0J0aHNyY002eTgKLS0tIHYxdU1WSng0VWZETTFiMGh1OHY5
|
||||
STQyNWUyNDhRTkxVUXd5VHNjZjJjK0kK8SJirqpGCmLCwLlLul6WdAzIWWiAR4Qf
|
||||
usYAmNmjbHLHxNftB9mGLEumJ8IAB20Ywk5EbujMvhJ0w1R7kAyC+w==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1a8z3p24v32l9yxm5z2l8h7rpc3nhacyfv4jvetk2lenrvsdstd3sdu2kaf
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhbCtUMFhveWVLTzI3Y21Z
|
||||
ZlY2UU9vVFplcUVIbk5Jay82UmNxT2lZSnk0Cm5DRHRGMVZSaDZ1cElxWk9PQWhs
|
||||
SmlRMHBiU1lTNVE2UlpQSXgvSDZqazAKLS0tIGxadVhWYUVOV0Jab05LS0ptendn
|
||||
aWtiSlZlTUdwMW9Eb1dXUERVanVOaFEKSqRistshNg61yLJIe/3kuisRLuvfVbWu
|
||||
ZsN/jk357Zv1VIYwmdm80LqI6zCGNzDaP30+Bxp8RTasA3gKM1mKrg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-11-07T23:25:22Z"
|
||||
mac: ENC[AES256_GCM,data:ngdpFJcw3Qq/G7MWJY4Ka28r5tAobVlPxkQ+ve1MGd4SHKhUMRTA3je7kG+2zB/muQKtZ+SNolFJF4KcCtCOBaC0y70eJcFbGZ7g2iXa8TtNnW53PRpdWPYjJ5BhGbdCcJ3KKNcO+nT/PWIC1JTP6vp0j0aghLlYrm7Bq8+cAj0=,iv:YoTnZcxbn4Mzh+5lGQSr1OxLdyGUtGrnkt/KsNSTw2Q=,tag:63wotwyZVIqnTtZGW47jRA==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.1
|
|
@ -11,7 +11,7 @@ in
|
|||
config = lib.mkIf cfg.enable {
|
||||
# Add package
|
||||
environment.systemPackages = [
|
||||
pkgs.unstable.pika-backup
|
||||
pkgs.pika-backup
|
||||
];
|
||||
# Setup auto start at login.
|
||||
home-manager.users.${user} = {
|
||||
|
|
|
@ -1,9 +1,8 @@
|
|||
{
|
||||
imports = [
|
||||
./borg
|
||||
./fingerprint-reader-on-laptop-lid
|
||||
./fingerprint-laptop-lid.nix
|
||||
./impermanence.nix
|
||||
./incus
|
||||
./motd
|
||||
./nfs
|
||||
./nix.nix
|
||||
|
|
|
@ -1,4 +1,3 @@
|
|||
# Pertially from: https://github.com/fzakaria/nix-home/blob/framework-laptop/modules/nixos/fprint-laptop-lid.nix
|
||||
# Originally this file was based on
|
||||
# https://unix.stackexchange.com/questions/678609/how-to-disable-fingerprint-authentication-when-laptop-lid-is-closed
|
||||
# However I found this not to work as the fprintd is started via dbus and masking it doesn't seem to do anything.
|
||||
|
@ -9,25 +8,22 @@
|
|||
# On framework 13 the USB is:
|
||||
# Port 004: Dev 003, If 0, Class=Vendor Specific Class, Driver=[none], 12M
|
||||
# ID 27c6:609c Shenzhen Goodix Technology Co.,Ltd
|
||||
# On Framework 16 the USB is:
|
||||
# Bus 005 Device 007: ID 27c6:609c Shenzhen Goodix Technology Co.,Ltd
|
||||
# Use `findfp.sh` to find the correct USB device.
|
||||
{ config, lib, pkgs, ... }:
|
||||
let
|
||||
cfg = config.mySystem.system.fingerprint-reader-on-laptop-lid;
|
||||
laptop-lid = pkgs.writeShellScript "laptop-lid" ''
|
||||
lock=/var/lock/fingerprint-reader-disabled
|
||||
lock=$HOME/fingerprint-reader-disabled
|
||||
|
||||
# match for either display port or hdmi port
|
||||
if grep -Fq closed /proc/acpi/button/lid/LID0/state &&
|
||||
(grep -Fxq connected /sys/class/drm/card*-DP-*/status ||
|
||||
grep -Fxq connected /sys/class/drm/card*-HDMI-*/status)
|
||||
(grep -Fxq connected /sys/class/drm/card1-DP-*/status ||
|
||||
grep -Fxq connected /sys/class/drm/card1-HDMI-*/status)
|
||||
then
|
||||
touch "$lock"
|
||||
echo 0 > /dev/fingerprint_sensor/authorized
|
||||
echo 0 > /sys/bus/usb/devices/1-4/authorized
|
||||
elif [ -f "$lock" ]
|
||||
then
|
||||
echo 1 > /dev/fingerprint_sensor/authorized
|
||||
echo 1 > /sys/bus/usb/devices/1-4/authorized
|
||||
rm "$lock"
|
||||
fi
|
||||
'';
|
||||
|
@ -38,19 +34,9 @@ in
|
|||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
services = {
|
||||
acpid = {
|
||||
enable = true;
|
||||
lidEventCommands = "${laptop-lid}";
|
||||
};
|
||||
# Add udev rule to create symlink for fingerprint sensor
|
||||
# when usb device 27c6:609c is connected or disconnected.
|
||||
# Reason: hubs like caldigit re-orient the device number on each boot.
|
||||
# May requires a reboot to take effect.
|
||||
# or sudo udevadm control --reload-rules && sudo udevadm trigger
|
||||
udev.extraRules = ''
|
||||
SUBSYSTEM=="usb", ATTRS{idVendor}=="27c6", ATTRS{idProduct}=="609c", RUN+="/bin/sh -c 'ln -sf /sys$devpath /dev/fingerprint_sensor'"
|
||||
'';
|
||||
services.acpid = {
|
||||
enable = true;
|
||||
lidEventCommands = "${laptop-lid}";
|
||||
};
|
||||
|
||||
# Disable fingerprint reader at login since you can't put in a password when fprintd is running.
|
|
@ -1,39 +0,0 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
find_usb_device() {
|
||||
local idVendor=$1
|
||||
local idProduct=$2
|
||||
local device_id="${idVendor}:${idProduct}"
|
||||
|
||||
for device in /sys/bus/usb/devices/*; do
|
||||
if [ -f "$device/idVendor" ] && [ -f "$device/idProduct" ]; then
|
||||
vendor=$(cat "$device/idVendor")
|
||||
product=$(cat "$device/idProduct")
|
||||
if [ "${vendor}:${product}" = "$device_id" ]; then
|
||||
echo "$device"
|
||||
return 0
|
||||
fi
|
||||
fi
|
||||
done
|
||||
|
||||
return 1
|
||||
}
|
||||
|
||||
# Example usage
|
||||
idVendor="27c6"
|
||||
idProduct="609c"
|
||||
|
||||
device_path=$(find_usb_device "$idVendor" "$idProduct")
|
||||
|
||||
if [ -n "$device_path" ]; then
|
||||
echo "Device found at: $device_path"
|
||||
|
||||
# Print additional information
|
||||
manufacturer=$(cat "$device_path/manufacturer" 2>/dev/null)
|
||||
product=$(cat "$device_path/product" 2>/dev/null)
|
||||
|
||||
echo "Manufacturer: ${manufacturer:-N/A}"
|
||||
echo "Product: ${product:-N/A}"
|
||||
else
|
||||
echo "Device not found"
|
||||
fi
|
|
@ -1,51 +0,0 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
let
|
||||
cfg = config.mySystem.system.incus;
|
||||
user = "jahanson";
|
||||
in
|
||||
{
|
||||
# sops.secrets.secret-domain-0 = {
|
||||
# sopsFile = ./secret.sops.yaml;
|
||||
# };
|
||||
options.mySystem.system.incus = {
|
||||
enable = lib.mkEnableOption "incus";
|
||||
preseed = lib.mkOption {
|
||||
type = lib.types.unspecified;
|
||||
default = "";
|
||||
description = "Incus preseed configuration. Generate with `incus admin init`.";
|
||||
};
|
||||
webuiport = lib.mkOption {
|
||||
type = lib.types.int;
|
||||
default = 8443;
|
||||
description = "Port for the Incus Web UI";
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
|
||||
virtualisation.incus = {
|
||||
inherit (cfg) preseed;
|
||||
enable = true;
|
||||
ui.enable = true;
|
||||
};
|
||||
|
||||
users.users.${user}.extraGroups = [ "incus-admin" ];
|
||||
|
||||
# systemd.services.incus-preseed.postStart = "${oidcSetup}";
|
||||
|
||||
networking = {
|
||||
# nftables.enable = true;
|
||||
firewall = {
|
||||
allowedTCPPorts = [
|
||||
cfg.webuiport
|
||||
53
|
||||
67
|
||||
];
|
||||
allowedUDPPorts = [
|
||||
53
|
||||
67
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,10 +0,0 @@
|
|||
{ ... }:
|
||||
let
|
||||
finalVersion = "tauri-v2.0.4";
|
||||
in
|
||||
final: prev: {
|
||||
cargo-tauri = prev.cargo-tauri.overrideAttrs (oldAttrs: {
|
||||
version = finalVersion;
|
||||
vendorHash = "sha256-aTtvVpL979BUvSBwBqRqCWSWIBBmmty9vBD97Q5P4+E=";
|
||||
});
|
||||
}
|
|
@ -1,68 +0,0 @@
|
|||
{
|
||||
lib,
|
||||
buildGoModule,
|
||||
installShellFiles,
|
||||
fetchFromGitHub,
|
||||
gitUpdater,
|
||||
testers,
|
||||
mods,
|
||||
}:
|
||||
|
||||
buildGoModule rec {
|
||||
pname = "mods";
|
||||
version = "1.6.0";
|
||||
commitHash = "2a7f9d4dc11b6c828bf35a0b3d0be709f3ed79b9";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "charmbracelet";
|
||||
repo = "mods";
|
||||
rev = commitHash;
|
||||
hash = "sha256-23gtb8BOx/0c643/paRt7VFHEyMyF4Q4a5b5+a4+kNU=";
|
||||
};
|
||||
|
||||
vendorHash = "sha256-RV/Nr60BpCLcUL2Yy1Dd2ScwoI0BhGhTb/igCEcJPjI=";
|
||||
|
||||
nativeBuildInputs = [
|
||||
installShellFiles
|
||||
];
|
||||
|
||||
ldflags = [
|
||||
"-s"
|
||||
"-w"
|
||||
"-X=main.Version=${version}-${commitHash}"
|
||||
];
|
||||
|
||||
# These tests require internet access.
|
||||
checkFlags = [ "-skip=^TestLoad/http_url$|^TestLoad/https_url$" ];
|
||||
|
||||
passthru = {
|
||||
updateScript = gitUpdater {
|
||||
rev-prefix = "v";
|
||||
ignoredVersions = ".(rc|beta).*";
|
||||
};
|
||||
|
||||
tests.version = testers.testVersion {
|
||||
package = mods;
|
||||
command = "HOME=$(mktemp -d) mods -v";
|
||||
};
|
||||
};
|
||||
|
||||
postInstall = ''
|
||||
export HOME=$(mktemp -d)
|
||||
$out/bin/mods man > mods.1
|
||||
$out/bin/mods completion bash > mods.bash
|
||||
$out/bin/mods completion fish > mods.fish
|
||||
$out/bin/mods completion zsh > mods.zsh
|
||||
|
||||
installManPage mods.1
|
||||
installShellCompletion mods.{bash,fish,zsh}
|
||||
'';
|
||||
|
||||
meta = with lib; {
|
||||
description = "AI on the command line";
|
||||
homepage = "https://github.com/charmbracelet/mods";
|
||||
license = licenses.mit;
|
||||
maintainers = with maintainers; [ dit7ya caarlos0 ];
|
||||
mainProgram = "mods";
|
||||
};
|
||||
}
|
|
@ -1,108 +0,0 @@
|
|||
{ lib
|
||||
, channel ? "stable"
|
||||
, fetchurl
|
||||
, installShellFiles
|
||||
, makeBinaryWrapper
|
||||
, terraform
|
||||
, stdenvNoCC
|
||||
, unzip
|
||||
, nixosTests
|
||||
}:
|
||||
|
||||
let
|
||||
inherit (stdenvNoCC.hostPlatform) system;
|
||||
|
||||
channels = {
|
||||
stable = {
|
||||
version = "2.15.1";
|
||||
hash = {
|
||||
x86_64-linux = "sha256-DB/3iUkgWzAI+3DEQB8heYkG6apUARDulQ4lKDAPN1I=";
|
||||
x86_64-darwin = "sha256-62tjAC3WtWC8eIkh9dPi2Exksp2gDHyXEU2tCavKZ4Q=";
|
||||
aarch64-linux = "sha256-957GdH5sDjbjxEt8LXKPBM7vht7T6JizVwYYhbitdpw=";
|
||||
aarch64-darwin = "sha256-ckcd1u9dgg9LKhr47Yw8dJKkR7hawPie4QNyySH8vyM=";
|
||||
};
|
||||
};
|
||||
mainline = {
|
||||
version = "2.16.0";
|
||||
hash = {
|
||||
x86_64-linux = "sha256-Uk9oGiLSHBCINAzQg88tlHyMw/OGfdmCw2/NXJs5wbQ=";
|
||||
x86_64-darwin = "sha256-Bbayv00NDJGUA4M4KyG4XCXIiaQSf4JSgy5VvLSVmAM=";
|
||||
aarch64-linux = "sha256-nV02uO+UkNNvQDIkh2G+9H8gvk9DOSYyIu4O3nwkYXk=";
|
||||
aarch64-darwin = "sha256-C9Nm8dW3V25D7J/3ABO5oLGL4wcSCsAXtQNZABwVpWs=";
|
||||
};
|
||||
};
|
||||
};
|
||||
in
|
||||
stdenvNoCC.mkDerivation (finalAttrs: {
|
||||
pname = "coder";
|
||||
version = channels.${channel}.version;
|
||||
src = fetchurl {
|
||||
hash = (channels.${channel}.hash).${system};
|
||||
|
||||
url =
|
||||
let
|
||||
systemName = {
|
||||
x86_64-linux = "linux_amd64";
|
||||
aarch64-linux = "linux_arm64";
|
||||
x86_64-darwin = "darwin_amd64";
|
||||
aarch64-darwin = "darwin_arm64";
|
||||
}.${system};
|
||||
|
||||
ext = {
|
||||
x86_64-linux = "tar.gz";
|
||||
aarch64-linux = "tar.gz";
|
||||
x86_64-darwin = "zip";
|
||||
aarch64-darwin = "zip";
|
||||
}.${system};
|
||||
in
|
||||
"https://github.com/coder/coder/releases/download/v${finalAttrs.version}/coder_${finalAttrs.version}_${systemName}.${ext}";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
installShellFiles
|
||||
makeBinaryWrapper
|
||||
unzip
|
||||
];
|
||||
|
||||
unpackPhase = ''
|
||||
runHook preUnpack
|
||||
|
||||
case $src in
|
||||
*.tar.gz) tar -xz -f "$src" ;;
|
||||
*.zip) unzip "$src" ;;
|
||||
esac
|
||||
|
||||
runHook postUnpack
|
||||
'';
|
||||
|
||||
installPhase = ''
|
||||
runHook preInstall
|
||||
|
||||
install -D -m755 coder $out/bin/coder
|
||||
|
||||
runHook postInstall
|
||||
'';
|
||||
|
||||
postInstall = ''
|
||||
wrapProgram $out/bin/coder \
|
||||
--prefix PATH : ${lib.makeBinPath [ terraform ]}
|
||||
'';
|
||||
|
||||
# integration tests require network access
|
||||
doCheck = false;
|
||||
|
||||
meta = {
|
||||
description = "Provision remote development environments via Terraform";
|
||||
homepage = "https://coder.com";
|
||||
license = lib.licenses.agpl3Only;
|
||||
mainProgram = "coder";
|
||||
maintainers = with lib.maintainers; [ ghuntley kylecarbs urandom ];
|
||||
};
|
||||
|
||||
passthru = {
|
||||
updateScript = ./update.sh;
|
||||
tests = {
|
||||
inherit (nixosTests) coder;
|
||||
};
|
||||
};
|
||||
})
|
|
@ -1,34 +1,33 @@
|
|||
{ inputs, ... }:
|
||||
let
|
||||
# smartmontoolsOverlay = import ./smartmontools { };
|
||||
# vivaldiOverlay = self: super: { vivaldi = super.callPackage ./vivaldi { }; };
|
||||
coderOverlay = self: super: { coder = super.callPackage ./coder { }; };
|
||||
modsOverlay = self: super: { mods = super.callPackage ./charm-mods { }; };
|
||||
termiusOverlay = self: super: { termius = super.callPackage ./termius { }; };
|
||||
warpTerminalOverlay = import ./warp-terminal {
|
||||
inherit (inputs.nixpkgs) lib;
|
||||
};
|
||||
termiusOverlay = import ./termius { };
|
||||
# Partial overlay
|
||||
# talosctlOverlay = import ./talosctl { };
|
||||
# Full overlay
|
||||
talosctlOverlay = self: super: {
|
||||
talosctl = super.callPackage ./talosctl/talosctl-custom.nix { };
|
||||
};
|
||||
goOverlay = import ./go { };
|
||||
in
|
||||
{
|
||||
# smartmontools = smartmontoolsOverlay;
|
||||
# vivaldi = vivaldiOverlay;
|
||||
coder = coderOverlay;
|
||||
comm-packages = inputs.nix-vscode-extensions.overlays.default;
|
||||
mods = modsOverlay;
|
||||
nix-minecraft = inputs.nix-minecraft.overlay;
|
||||
nur = inputs.nur.overlay;
|
||||
# warp-terminal = warpTerminalOverlay;
|
||||
termius = termiusOverlay;
|
||||
talosctl = talosctlOverlay;
|
||||
# go = goOverlay;
|
||||
|
||||
# The unstable nixpkgs set (declared in the flake inputs) will
|
||||
# be accessible through 'pkgs.unstable'
|
||||
unstable-packages = final: prev: {
|
||||
unstable = import inputs.nixpkgs-unstable
|
||||
{
|
||||
inherit (final) system;
|
||||
config.allowUnfree = true;
|
||||
} // {
|
||||
# Add talosctl to the unstable set
|
||||
talosctl = final.unstable.callPackage ./talosctl {
|
||||
inherit (final.unstable) lib buildGoModule fetchFromGitHub installShellFiles;
|
||||
};
|
||||
xpipe = final.unstable.callPackage ./xpipe/ptb.nix {};
|
||||
unstable-packages = final: _prev: {
|
||||
unstable = import inputs.nixpkgs-unstable {
|
||||
inherit (final) system;
|
||||
config.allowUnfree = true;
|
||||
};
|
||||
};
|
||||
|
||||
# VSCode Community Packages
|
||||
comm-packages = inputs.nix-vscode-extensions.overlays.default;
|
||||
}
|
||||
|
|
13
nixos/overlays/go/default.nix
Normal file
13
nixos/overlays/go/default.nix
Normal file
|
@ -0,0 +1,13 @@
|
|||
{ ... }:
|
||||
let
|
||||
finalVersion = "1.22.5";
|
||||
in
|
||||
final: prev: {
|
||||
go_1_22 = prev.go_1_22.overrideAttrs (oldAttrs: {
|
||||
version = finalVersion;
|
||||
src = prev.fetchurl {
|
||||
url = "https://go.dev/dl/go${finalVersion}.src.tar.gz";
|
||||
hash = "sha256-rJxyPyJJaa7mJLw0/TTJ4T8qIS11xxyAfeZEu0bhEvY=";
|
||||
};
|
||||
});
|
||||
}
|
|
@ -1,15 +0,0 @@
|
|||
{ ... }:
|
||||
let
|
||||
dbrev = "5613";
|
||||
drivedbBranch = "RELEASE_7_4";
|
||||
in
|
||||
final: prev: {
|
||||
smartmontools = prev.smartmontools.overrideAttrs (oldAttrs: {
|
||||
inherit dbrev drivedbBranch;
|
||||
driverdb = builtins.fetchurl {
|
||||
url = "https://sourceforge.net/p/smartmontools/code/${dbrev}/tree/trunk/smartmontools/drivedb.h?format=raw";
|
||||
sha256 = "sha256-6r7Pd298Ea55AXOLijUEQoJq+Km5cE+Ygti65yacdoM=";
|
||||
name = "smartmontools-drivedb.h";
|
||||
};
|
||||
});
|
||||
}
|
|
@ -1,15 +0,0 @@
|
|||
#!/usr/bin/env nix-shell
|
||||
#!nix-shell -I nixpkgs=/etc/nix/inputs/nixpkgs/ -i bash -p nix
|
||||
set -euo pipefail
|
||||
|
||||
dbrev="5613"
|
||||
drivedbBranch="RELEASE_7_4"
|
||||
url="https://sourceforge.net/p/smartmontools/code/${dbrev}/tree/trunk/smartmontools/drivedb.h?format=raw";
|
||||
|
||||
echo "Fetching hash for URL: $url"
|
||||
|
||||
hash=$(nix-prefetch-url "$url")
|
||||
sri=$(nix-hash --type sha256 --flat --base32 --to-sri "$hash")
|
||||
|
||||
echo "Hash: $hash"
|
||||
echo "Sri: $sri"
|
|
@ -1,40 +1,19 @@
|
|||
{ lib, buildGoModule, fetchFromGitHub, installShellFiles }:
|
||||
|
||||
buildGoModule rec {
|
||||
pname = "talosctl";
|
||||
version = "1.8.2";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "siderolabs";
|
||||
repo = "talos";
|
||||
rev = "v${version}";
|
||||
hash = "sha256-sD/Nn1ZLM6JIZdWQsBioKyhrAvhz749LL4xWleQ80xY=";
|
||||
};
|
||||
|
||||
vendorHash = "sha256-pWG8DbZ9N57p2Q9w/IzETcvwaSfzaUvJgcz7Th/Oi9c=";
|
||||
|
||||
ldflags = [ "-s" "-w" ];
|
||||
|
||||
env.GOWORK = "off";
|
||||
|
||||
subPackages = [ "cmd/talosctl" ];
|
||||
|
||||
nativeBuildInputs = [ installShellFiles ];
|
||||
|
||||
postInstall = ''
|
||||
installShellCompletion --cmd talosctl \
|
||||
--bash <($out/bin/talosctl completion bash) \
|
||||
--fish <($out/bin/talosctl completion fish) \
|
||||
--zsh <($out/bin/talosctl completion zsh)
|
||||
'';
|
||||
|
||||
doCheck = false; # no tests
|
||||
|
||||
meta = with lib; {
|
||||
description = "CLI for out-of-band management of Kubernetes nodes created by Talos";
|
||||
mainProgram = "talosctl";
|
||||
homepage = "https://www.talos.dev/";
|
||||
license = licenses.mpl20;
|
||||
maintainers = with maintainers; [ flokli ];
|
||||
};
|
||||
}
|
||||
{ ... }:
|
||||
let
|
||||
finalVersion = "1.7.5";
|
||||
in
|
||||
final: prev: {
|
||||
talosctl = prev.talosctl.overrideAttrs (oldAttrs: {
|
||||
version = finalVersion;
|
||||
src = prev.fetchFromGitHub {
|
||||
owner = "siderolabs";
|
||||
repo = "talos";
|
||||
rev = "v${finalVersion}";
|
||||
hash = "sha256-lmDLlxiPyVhlSPplYkIaS5Uw19hir6XD8MAk8q+obhY=";
|
||||
};
|
||||
vendorHash = "sha256-8UIey+r1tdVRN1RBK5xxcAzaHb0VFdgenUXSFgoWh1g=";
|
||||
passthru = oldAttrs.passthru // {
|
||||
updateScript = ./update.sh;
|
||||
};
|
||||
});
|
||||
}
|
43
nixos/overlays/talosctl/talosctl-custom.nix
Normal file
43
nixos/overlays/talosctl/talosctl-custom.nix
Normal file
|
@ -0,0 +1,43 @@
|
|||
{ lib, buildGo122Module, fetchFromGitHub, installShellFiles }:
|
||||
|
||||
buildGo122Module rec {
|
||||
pname = "talosctl";
|
||||
version = "1.7.5";
|
||||
src = fetchFromGitHub {
|
||||
owner = "siderolabs";
|
||||
repo = "talos";
|
||||
rev = "v${version}";
|
||||
hash = "sha256-lmDLlxiPyVhlSPplYkIaS5Uw19hir6XD8MAk8q+obhY=";
|
||||
};
|
||||
|
||||
passthru = {
|
||||
updateScript = ./update.sh;
|
||||
};
|
||||
|
||||
vendorHash = "sha256-8UIey+r1tdVRN1RBK5xxcAzaHb0VFdgenUXSFgoWh1g=";
|
||||
|
||||
ldflags = [ "-s" "-w" ];
|
||||
|
||||
env.GOWORK = "off";
|
||||
|
||||
subPackages = [ "cmd/talosctl" ];
|
||||
|
||||
nativeBuildInputs = [ installShellFiles ];
|
||||
|
||||
postInstall = ''
|
||||
installShellCompletion --cmd talosctl \
|
||||
--bash <($out/bin/talosctl completion bash) \
|
||||
--fish <($out/bin/talosctl completion fish) \
|
||||
--zsh <($out/bin/talosctl completion zsh)
|
||||
'';
|
||||
|
||||
doCheck = false; # no tests
|
||||
|
||||
meta = with lib; {
|
||||
description = "CLI for out-of-band management of Kubernetes nodes created by Talos";
|
||||
mainProgram = "talosctl";
|
||||
homepage = "https://www.talos.dev/";
|
||||
license = licenses.mpl20;
|
||||
maintainers = with maintainers; [ flokli ];
|
||||
};
|
||||
}
|
|
@ -1,96 +1,8 @@
|
|||
{ autoPatchelfHook
|
||||
, squashfsTools
|
||||
, alsa-lib
|
||||
, fetchurl
|
||||
, makeDesktopItem
|
||||
, makeWrapper
|
||||
, stdenv
|
||||
, lib
|
||||
, libsecret
|
||||
, mesa
|
||||
, udev
|
||||
, wrapGAppsHook3
|
||||
}:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "termius";
|
||||
version = "9.5.0";
|
||||
|
||||
src = fetchurl {
|
||||
# find the latest version with
|
||||
# curl -H 'X-Ubuntu-Series: 16' https://api.snapcraft.io/api/v1/snaps/details/termius-app | jq '.version'
|
||||
# and the url with
|
||||
# curl -H 'X-Ubuntu-Series: 16' https://api.snapcraft.io/api/v1/snaps/details/termius-app | jq '.download_url' -r
|
||||
# and the sha512 with
|
||||
# curl -H 'X-Ubuntu-Series: 16' https://api.snapcraft.io/api/v1/snaps/details/termius-app | jq '.download_sha512' -r
|
||||
# nix-hash --type sha512 --to-sri <output of curl>
|
||||
url = "https://api.snapcraft.io/api/v1/snaps/download/WkTBXwoX81rBe3s3OTt3EiiLKBx2QhuS_203.snap";
|
||||
hash = "sha512-BouIQvJZbi350l30gl9fnXKYRHhi5q1oOvyEIVEmd4DjXvJLQisV4cK4OZIJ/bPOCI5DTxNOY7PwEduVQd3SYA==";
|
||||
#
|
||||
};
|
||||
|
||||
desktopItem = makeDesktopItem {
|
||||
categories = [ "Network" ];
|
||||
comment = "The SSH client that works on Desktop and Mobile";
|
||||
desktopName = "Termius";
|
||||
exec = "termius-app";
|
||||
genericName = "Cross-platform SSH client";
|
||||
icon = "termius-app";
|
||||
name = "termius-app";
|
||||
};
|
||||
|
||||
dontBuild = true;
|
||||
dontConfigure = true;
|
||||
dontPatchELF = true;
|
||||
dontWrapGApps = true;
|
||||
|
||||
# TODO: migrate off autoPatchelfHook and use nixpkgs' electron
|
||||
nativeBuildInputs = [ autoPatchelfHook squashfsTools makeWrapper wrapGAppsHook3 ];
|
||||
|
||||
buildInputs = [
|
||||
alsa-lib
|
||||
libsecret
|
||||
mesa
|
||||
];
|
||||
|
||||
unpackPhase = ''
|
||||
runHook preUnpack
|
||||
unsquashfs "$src"
|
||||
runHook postUnpack
|
||||
'';
|
||||
|
||||
installPhase = ''
|
||||
runHook preInstall
|
||||
cd squashfs-root
|
||||
mkdir -p $out/opt/termius
|
||||
cp -r ./ $out/opt/termius
|
||||
|
||||
mkdir -p "$out/share/applications" "$out/share/pixmaps/termius-app.png"
|
||||
cp "${desktopItem}/share/applications/"* "$out/share/applications"
|
||||
cp meta/gui/icon.png $out/share/pixmaps/termius-app.png
|
||||
|
||||
runHook postInstall
|
||||
'';
|
||||
|
||||
postInstall = ''
|
||||
install -Dm644 meta/gui/icon.png $out/share/icons/hicolor/128x128/apps/termius-app.png
|
||||
'';
|
||||
|
||||
runtimeDependencies = [ (lib.getLib udev) ];
|
||||
|
||||
postFixup = ''
|
||||
makeWrapper $out/opt/termius/termius-app $out/bin/termius-app \
|
||||
"''${gappsWrapperArgs[@]}"
|
||||
'';
|
||||
|
||||
meta = with lib; {
|
||||
description = "A cross-platform SSH client with cloud data sync and more";
|
||||
homepage = "https://termius.com/";
|
||||
downloadPage = "https://termius.com/linux/";
|
||||
sourceProvenance = with sourceTypes; [ binaryNativeCode ];
|
||||
license = licenses.unfree;
|
||||
maintainers = with maintainers; [ Br1ght0ne th0rgal ];
|
||||
platforms = [ "x86_64-linux" ];
|
||||
mainProgram = "termius-app";
|
||||
};
|
||||
}
|
||||
{ ... }:
|
||||
(final: prev: {
|
||||
termius = prev.termius.overrideAttrs (oldAttrs: {
|
||||
postInstall = ''
|
||||
install -Dm644 meta/gui/icon.png $out/share/icons/hicolor/128x128/apps/termius-app.png
|
||||
'';
|
||||
});
|
||||
})
|
||||
|
|
|
@ -1,10 +0,0 @@
|
|||
#!/usr/bin/env nix-shell
|
||||
#!nix-shell -i bash -p curl jq nix
|
||||
|
||||
VERSION=$(curl -H 'X-Ubuntu-Series: 16' https://api.snapcraft.io/api/v1/snaps/details/termius-app | jq '.version')
|
||||
DOWNLOAD_URL=$(curl -H 'X-Ubuntu-Series: 16' https://api.snapcraft.io/api/v1/snaps/details/termius-app | jq '.download_url' -r)
|
||||
SHASUM=$(curl -H 'X-Ubuntu-Series: 16' https://api.snapcraft.io/api/v1/snaps/details/termius-app | jq '.download_sha512' -r)
|
||||
SRI512SUM=$(nix-hash --type sha512 --to-sri $SHASUM)
|
||||
|
||||
echo "The latest SRI for version $VERSION is "
|
||||
echo "$SRI512SUM"
|
|
@ -1,135 +0,0 @@
|
|||
{ lib, stdenv, fetchurl, zlib, libX11, libXext, libSM, libICE, libxkbcommon, libxshmfence
|
||||
, libXfixes, libXt, libXi, libXcursor, libXScrnSaver, libXcomposite, libXdamage, libXtst, libXrandr
|
||||
, alsa-lib, dbus, cups, libexif, ffmpeg, systemd, libva, libGL
|
||||
, freetype, fontconfig, libXft, libXrender, libxcb, expat
|
||||
, libuuid
|
||||
, libxml2
|
||||
, glib, gtk3, pango, gdk-pixbuf, cairo, atk, at-spi2-atk, at-spi2-core
|
||||
, qt5
|
||||
, libdrm, mesa
|
||||
, vulkan-loader
|
||||
, nss, nspr
|
||||
, patchelf, makeWrapper
|
||||
, wayland, pipewire
|
||||
, isSnapshot ? false
|
||||
, proprietaryCodecs ? false, vivaldi-ffmpeg-codecs ? null
|
||||
, enableWidevine ? false, widevine-cdm ? null
|
||||
, commandLineArgs ? ""
|
||||
, pulseSupport ? stdenv.isLinux, libpulseaudio
|
||||
, kerberosSupport ? true, libkrb5
|
||||
}:
|
||||
|
||||
let
|
||||
branch = if isSnapshot then "snapshot" else "stable";
|
||||
vivaldiName = if isSnapshot then "vivaldi-snapshot" else "vivaldi";
|
||||
in stdenv.mkDerivation rec {
|
||||
pname = "vivaldi";
|
||||
version = "6.9.3447.37";
|
||||
|
||||
suffix = {
|
||||
aarch64-linux = "arm64";
|
||||
x86_64-linux = "amd64";
|
||||
}.${stdenv.hostPlatform.system} or (throw "Unsupported system: ${stdenv.hostPlatform.system}");
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://downloads.vivaldi.com/${branch}/vivaldi-${branch}_${version}-1_${suffix}.deb";
|
||||
hash = {
|
||||
aarch64-linux = "sha256-kYTnWad/jrJt9z+AhjXzHYxVSIwIIO3RKD7szuPEg2s=";
|
||||
x86_64-linux = "sha256-+h7SHci8gZ+epKFHD0PiXyME2xT+loD2KXpJGFCfIFg=";
|
||||
}.${stdenv.hostPlatform.system} or (throw "Unsupported system: ${stdenv.hostPlatform.system}");
|
||||
};
|
||||
|
||||
unpackPhase = ''
|
||||
ar vx $src
|
||||
tar -xvf data.tar.xz
|
||||
'';
|
||||
|
||||
nativeBuildInputs = [ patchelf makeWrapper ];
|
||||
|
||||
dontWrapQtApps = true;
|
||||
|
||||
buildInputs = [
|
||||
stdenv.cc.cc stdenv.cc.libc zlib libX11 libXt libXext libSM libICE libxcb libxkbcommon libxshmfence
|
||||
libXi libXft libXcursor libXfixes libXScrnSaver libXcomposite libXdamage libXtst libXrandr
|
||||
atk at-spi2-atk at-spi2-core alsa-lib dbus cups gtk3 gdk-pixbuf libexif ffmpeg systemd libva
|
||||
qt5.qtbase
|
||||
freetype fontconfig libXrender libuuid expat glib nss nspr libGL
|
||||
libxml2 pango cairo
|
||||
libdrm mesa vulkan-loader
|
||||
wayland pipewire
|
||||
] ++ lib.optional proprietaryCodecs vivaldi-ffmpeg-codecs
|
||||
++ lib.optional pulseSupport libpulseaudio
|
||||
++ lib.optional kerberosSupport libkrb5;
|
||||
|
||||
libPath = lib.makeLibraryPath buildInputs
|
||||
+ lib.optionalString (stdenv.is64bit)
|
||||
(":" + lib.makeSearchPathOutput "lib" "lib64" buildInputs)
|
||||
+ ":$out/opt/${vivaldiName}/lib";
|
||||
|
||||
buildPhase = ''
|
||||
runHook preBuild
|
||||
echo "Patching Vivaldi binaries"
|
||||
for f in chrome_crashpad_handler vivaldi-bin vivaldi-sandbox ; do
|
||||
patchelf \
|
||||
--set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" \
|
||||
--set-rpath "${libPath}" \
|
||||
opt/${vivaldiName}/$f
|
||||
done
|
||||
|
||||
for f in libGLESv2.so libqt5_shim.so ; do
|
||||
patchelf --set-rpath "${libPath}" opt/${vivaldiName}/$f
|
||||
done
|
||||
'' + lib.optionalString proprietaryCodecs ''
|
||||
ln -s ${vivaldi-ffmpeg-codecs}/lib/libffmpeg.so opt/${vivaldiName}/libffmpeg.so.''${version%\.*\.*}
|
||||
'' + ''
|
||||
echo "Finished patching Vivaldi binaries"
|
||||
runHook postBuild
|
||||
'';
|
||||
|
||||
dontPatchELF = true;
|
||||
dontStrip = true;
|
||||
|
||||
installPhase = ''
|
||||
runHook preInstall
|
||||
mkdir -p "$out"
|
||||
cp -r opt "$out"
|
||||
mkdir "$out/bin"
|
||||
ln -s "$out/opt/${vivaldiName}/${vivaldiName}" "$out/bin/vivaldi"
|
||||
mkdir -p "$out/share"
|
||||
cp -r usr/share/{applications,xfce4} "$out"/share
|
||||
substituteInPlace "$out"/share/applications/*.desktop \
|
||||
--replace /usr/bin/${vivaldiName} "$out"/bin/vivaldi
|
||||
substituteInPlace "$out"/share/applications/*.desktop \
|
||||
--replace vivaldi-stable vivaldi
|
||||
local d
|
||||
for d in 16 22 24 32 48 64 128 256; do
|
||||
mkdir -p "$out"/share/icons/hicolor/''${d}x''${d}/apps
|
||||
ln -s \
|
||||
"$out"/opt/${vivaldiName}/product_logo_''${d}.png \
|
||||
"$out"/share/icons/hicolor/''${d}x''${d}/apps/vivaldi.png
|
||||
done
|
||||
wrapProgram "$out/bin/vivaldi" \
|
||||
--add-flags ${lib.escapeShellArg commandLineArgs} \
|
||||
--add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform-hint=auto --enable-features=WaylandWindowDecorations}}" \
|
||||
--set-default FONTCONFIG_FILE "${fontconfig.out}/etc/fonts/fonts.conf" \
|
||||
--set-default FONTCONFIG_PATH "${fontconfig.out}/etc/fonts" \
|
||||
--suffix XDG_DATA_DIRS : ${gtk3}/share/gsettings-schemas/${gtk3.name}/ \
|
||||
${lib.optionalString enableWidevine "--suffix LD_LIBRARY_PATH : ${libPath}"}
|
||||
'' + lib.optionalString enableWidevine ''
|
||||
ln -sf ${widevine-cdm}/share/google/chrome/WidevineCdm $out/opt/${vivaldiName}/WidevineCdm
|
||||
'' + ''
|
||||
runHook postInstall
|
||||
'';
|
||||
|
||||
passthru.updateScript = ./update-vivaldi.sh;
|
||||
|
||||
meta = with lib; {
|
||||
description = "Browser for our Friends, powerful and personal";
|
||||
homepage = "https://vivaldi.com";
|
||||
license = licenses.unfree;
|
||||
sourceProvenance = with sourceTypes; [ binaryNativeCode ];
|
||||
mainProgram = "vivaldi";
|
||||
maintainers = with maintainers; [ otwieracz badmutex ];
|
||||
platforms = [ "x86_64-linux" "aarch64-linux" ];
|
||||
};
|
||||
}
|
|
@ -1,32 +0,0 @@
|
|||
{ squashfsTools, fetchurl, lib, stdenv }:
|
||||
|
||||
# This derivation roughly follows the update-ffmpeg script that ships with the official Vivaldi
|
||||
# downloads at https://vivaldi.com/download/
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "chromium-codecs-ffmpeg-extra";
|
||||
version = "115541";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://api.snapcraft.io/api/v1/snaps/download/XXzVIXswXKHqlUATPqGCj2w2l7BxosS8_41.snap";
|
||||
hash = "sha256-a1peHhku+OaGvPyChvLdh6/7zT+v8OHNwt60QUq7VvU=";
|
||||
};
|
||||
|
||||
buildInputs = [ squashfsTools ];
|
||||
|
||||
unpackPhase = ''
|
||||
unsquashfs -dest . $src
|
||||
'';
|
||||
|
||||
installPhase = ''
|
||||
install -vD chromium-ffmpeg-${version}/chromium-ffmpeg/libffmpeg.so $out/lib/libffmpeg.so
|
||||
'';
|
||||
|
||||
meta = with lib; {
|
||||
description = "Additional support for proprietary codecs for Vivaldi";
|
||||
homepage = "https://ffmpeg.org/";
|
||||
sourceProvenance = with sourceTypes; [ binaryNativeCode ];
|
||||
license = licenses.lgpl21;
|
||||
maintainers = with maintainers; [ betaboon cawilliamson fptje ];
|
||||
platforms = [ "x86_64-linux" ];
|
||||
};
|
||||
}
|
|
@ -1,15 +0,0 @@
|
|||
#!/usr/bin/env nix-shell
|
||||
#!nix-shell -i bash -p curl common-updater-scripts
|
||||
|
||||
set -eu -o pipefail
|
||||
|
||||
version=$(curl -sS https://vivaldi.com/download/ | sed -rne 's/.*vivaldi-stable_([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)-1_amd64\.deb.*/\1/p')
|
||||
|
||||
update_hash() {
|
||||
url="https://downloads.vivaldi.com/stable/vivaldi-stable_$version-1_$2.deb"
|
||||
hash=$(nix hash to-sri --type sha256 $(nix-prefetch-url --type sha256 "$url"))
|
||||
update-source-version vivaldi "$version" "$hash" --system=$1 --ignore-same-version
|
||||
}
|
||||
|
||||
update_hash aarch64-linux arm64
|
||||
update_hash x86_64-linux amd64
|
|
@ -1,47 +0,0 @@
|
|||
#!/usr/bin/env nix-shell
|
||||
#!nix-shell -i bash -p libarchive curl common-updater-scripts
|
||||
|
||||
set -eu -o pipefail
|
||||
|
||||
cd "$(dirname "${BASH_SOURCE[0]}")"
|
||||
root=../../../../..
|
||||
export NIXPKGS_ALLOW_UNFREE=1
|
||||
|
||||
version() {
|
||||
(cd "$root" && nix-instantiate --eval --strict -A "$1.version" | tr -d '"')
|
||||
}
|
||||
|
||||
vivaldi_version_old=$(version vivaldi)
|
||||
vivaldi_version=$(curl -sS https://vivaldi.com/download/ | sed -rne 's/.*vivaldi-stable_([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)-1_amd64\.deb.*/\1/p')
|
||||
|
||||
if [[ ! "$vivaldi_version" = "$vivaldi_version_old" ]]; then
|
||||
echo "vivaldi is not up-to-date, not updating codecs"
|
||||
(cd "$root" && nix-shell maintainers/scripts/update.nix --argstr package vivaldi)
|
||||
exit
|
||||
fi
|
||||
|
||||
echo "vivaldi is up-to-date, updating codecs"
|
||||
|
||||
# Download vivaldi and save file path.
|
||||
url="https://downloads.vivaldi.com/stable/vivaldi-stable_${vivaldi_version}-1_amd64.deb"
|
||||
mapfile -t prefetch < <(nix-prefetch-url --print-path "$url")
|
||||
path=${prefetch[1]}
|
||||
|
||||
nixpkgs="$(git rev-parse --show-toplevel)"
|
||||
default_nix="$nixpkgs/pkgs/applications/networking/browsers/vivaldi/default.nix"
|
||||
ffmpeg_nix="$nixpkgs/pkgs/applications/networking/browsers/vivaldi/ffmpeg-codecs.nix"
|
||||
|
||||
# Check vivaldi-ffmpeg-codecs version.
|
||||
chromium_version_old=$(version vivaldi-ffmpeg-codecs)
|
||||
ffmpeg_update_script=$(bsdtar xOf "$path" data.tar.xz | bsdtar xOf - ./opt/vivaldi/update-ffmpeg)
|
||||
chromium_version=$(sed -rne 's/^FFMPEG_VERSION_DEB\=([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+).*/\1/p' <<< $ffmpeg_update_script)
|
||||
download_subdir=$(sed -rne 's/.*FFMPEG_URL_DEB\=https:\/\/launchpadlibrarian\.net\/([0-9]+)\/.*_amd64\.deb/\1/p' <<< $ffmpeg_update_script)
|
||||
|
||||
if [[ "$chromium_version" != "$chromium_version_old" ]]; then
|
||||
# replace the download prefix
|
||||
sed -i $ffmpeg_nix -e "s/\(https:\/\/launchpadlibrarian\.net\/\)[0-9]\+/\1$download_subdir/g"
|
||||
(cd "$root" && update-source-version vivaldi-ffmpeg-codecs "$chromium_version")
|
||||
|
||||
git add "${ffmpeg_nix}"
|
||||
git commit -m "vivaldi-ffmpeg-codecs: $chromium_version_old -> $chromium_version"
|
||||
fi
|
13
nixos/overlays/warp-terminal/default.nix
Normal file
13
nixos/overlays/warp-terminal/default.nix
Normal file
|
@ -0,0 +1,13 @@
|
|||
{ lib, ...}:
|
||||
let
|
||||
versions = lib.importJSON ./versions.json;
|
||||
in
|
||||
final: prev: {
|
||||
warp-terminal = prev.warp-terminal.overrideAttrs (oldAttrs: {
|
||||
inherit (versions.linux) version;
|
||||
src = prev.fetchurl {
|
||||
url = "https://releases.warp.dev/stable/v${versions.linux.version}/warp-terminal-v${versions.linux.version}-1-x86_64.pkg.tar.zst";
|
||||
inherit (versions.linux) hash;
|
||||
};
|
||||
});
|
||||
}
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue