Compare commits
1 commit
main
...
update_fla
Author | SHA1 | Date | |
---|---|---|---|
|
4273e4eb17 |
104 changed files with 96449 additions and 3069 deletions
|
@ -1,36 +0,0 @@
|
||||||
{
|
|
||||||
"durincore" = mkNixosConfig {
|
|
||||||
# T470 Thinkpad Intel i7-6600U
|
|
||||||
# Backup Nix dev laptop
|
|
||||||
hostname = "durincore";
|
|
||||||
system = "x86_64-linux";
|
|
||||||
hardwareModules = [
|
|
||||||
./nixos/profiles/hw-thinkpad-t470.nix
|
|
||||||
inputs.nixos-hardware.nixosModules.lenovo-thinkpad-t470s
|
|
||||||
];
|
|
||||||
profileModules = [
|
|
||||||
./nixos/profiles/role-workstation.nix
|
|
||||||
./nixos/profiles/role-dev.nix
|
|
||||||
{ home-manager.users.jahanson = ./nixos/home/jahanson/workstation.nix; }
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
"legiondary" = mkNixosConfig {
|
|
||||||
# Legion 15arh05h AMD/Nvidia Ryzen 7 4800H
|
|
||||||
# Nix dev/gaming laptop
|
|
||||||
hostname = "legiondary";
|
|
||||||
system = "x86_64-linux";
|
|
||||||
hardwareModules = [
|
|
||||||
inputs.nixos-hardware.nixosModules.lenovo-legion-15arh05h
|
|
||||||
./nixos/profiles/hw-legion-15arh05h.nix
|
|
||||||
disko.nixosModules.disko
|
|
||||||
(import ./nixos/profiles/disko-nixos.nix { disks = [ "/dev/nvme0n1" ]; })
|
|
||||||
];
|
|
||||||
profileModules = [
|
|
||||||
./nixos/profiles/role-dev.nix
|
|
||||||
./nixos/profiles/role-gaming.nix
|
|
||||||
./nixos/profiles/role-workstation.nix
|
|
||||||
{ home-manager.users.jahanson = ./nixos/home/jahanson/workstation.nix; }
|
|
||||||
];
|
|
||||||
};
|
|
||||||
}
|
|
1
.envrc
1
.envrc
|
@ -1,3 +1,2 @@
|
||||||
use nix
|
use nix
|
||||||
export SOPS_AGE_KEY_FILE="$(expand_path ./age.key)"
|
export SOPS_AGE_KEY_FILE="$(expand_path ./age.key)"
|
||||||
export VAULT_ADDR="http://10.1.1.61:8200"
|
|
||||||
|
|
222
.forgejo/actions/update-flake-lock/action.yml
Normal file
222
.forgejo/actions/update-flake-lock/action.yml
Normal file
|
@ -0,0 +1,222 @@
|
||||||
|
name: "Update Nix Flake Lock"
|
||||||
|
description: "Update your Nix flake.lock and send a PR"
|
||||||
|
inputs:
|
||||||
|
inputs:
|
||||||
|
description: "A space-separated list of inputs to update. Leave empty to update all inputs."
|
||||||
|
required: false
|
||||||
|
default: ""
|
||||||
|
token:
|
||||||
|
description: "GITHUB_TOKEN or a `repo` scoped Personal Access Token (PAT)"
|
||||||
|
required: false
|
||||||
|
default: ${{ github.token }}
|
||||||
|
commit-msg:
|
||||||
|
description: "The message provided with the commit"
|
||||||
|
required: false
|
||||||
|
default: "flake.lock: Update"
|
||||||
|
base:
|
||||||
|
description: "Sets the pull request base branch. Defaults to the branch checked out in the workflow."
|
||||||
|
required: false
|
||||||
|
branch:
|
||||||
|
description: "The branch of the PR to be created"
|
||||||
|
required: false
|
||||||
|
default: "update_flake_lock_action"
|
||||||
|
path-to-flake-dir:
|
||||||
|
description: "The path of the directory containing `flake.nix` file within your repository. Useful when `flake.nix` cannot reside at the root of your repository."
|
||||||
|
required: false
|
||||||
|
pr-title:
|
||||||
|
description: "The title of the PR to be created"
|
||||||
|
required: false
|
||||||
|
default: "flake.lock: Update"
|
||||||
|
pr-body:
|
||||||
|
description: "The body of the PR to be created"
|
||||||
|
required: false
|
||||||
|
default: |
|
||||||
|
Automated changes by the [update-flake-lock](https://github.com/DeterminateSystems/update-flake-lock) GitHub Action.
|
||||||
|
|
||||||
|
```
|
||||||
|
{{ env.GIT_COMMIT_MESSAGE }}
|
||||||
|
```
|
||||||
|
|
||||||
|
### Running GitHub Actions on this PR
|
||||||
|
|
||||||
|
GitHub Actions will not run workflows on pull requests which are opened by a GitHub Action.
|
||||||
|
|
||||||
|
To run GitHub Actions workflows on this PR, run:
|
||||||
|
|
||||||
|
```sh
|
||||||
|
git branch -D update_flake_lock_action
|
||||||
|
git fetch origin
|
||||||
|
git checkout update_flake_lock_action
|
||||||
|
git commit --amend --no-edit
|
||||||
|
git push origin update_flake_lock_action --force
|
||||||
|
```
|
||||||
|
|
||||||
|
pr-labels:
|
||||||
|
description: "A comma or newline separated list of labels to set on the Pull Request to be created"
|
||||||
|
required: false
|
||||||
|
default: ""
|
||||||
|
pr-assignees:
|
||||||
|
description: "A comma or newline separated list of assignees (GitHub usernames)."
|
||||||
|
required: false
|
||||||
|
default: ""
|
||||||
|
pr-reviewers:
|
||||||
|
description: "A comma or newline separated list of reviewers (GitHub usernames) to request a review from."
|
||||||
|
required: false
|
||||||
|
default: ""
|
||||||
|
git-author-name:
|
||||||
|
description: "Author name used for commit. Only used if sign-commits is false."
|
||||||
|
required: false
|
||||||
|
default: "github-actions[bot]"
|
||||||
|
git-author-email:
|
||||||
|
description: "Author email used for commit. Only used if sign-commits is false."
|
||||||
|
required: false
|
||||||
|
default: "github-actions[bot]@users.noreply.github.com"
|
||||||
|
git-committer-name:
|
||||||
|
description: "Committer name used for commit. Only used if sign-commits is false."
|
||||||
|
required: false
|
||||||
|
default: "github-actions[bot]"
|
||||||
|
git-committer-email:
|
||||||
|
description: "Committer email used for commit. Only used if sign-commits is false."
|
||||||
|
required: false
|
||||||
|
default: "github-actions[bot]@users.noreply.github.com"
|
||||||
|
sign-commits:
|
||||||
|
description: "Set to true if the action should sign the commit with GPG"
|
||||||
|
required: false
|
||||||
|
default: "false"
|
||||||
|
gpg-private-key:
|
||||||
|
description: "GPG Private Key with which to sign the commits in the PR to be created"
|
||||||
|
required: false
|
||||||
|
default: ""
|
||||||
|
gpg-fingerprint:
|
||||||
|
description: "Fingerprint of specific GPG subkey to use"
|
||||||
|
required: false
|
||||||
|
gpg-passphrase:
|
||||||
|
description: "GPG Private Key Passphrase for the GPG Private Key with which to sign the commits in the PR to be created"
|
||||||
|
required: false
|
||||||
|
default: ""
|
||||||
|
nix-options:
|
||||||
|
description: "A space-separated list of options to pass to the nix command"
|
||||||
|
required: false
|
||||||
|
default: ""
|
||||||
|
_internal-strict-mode:
|
||||||
|
description: Whether to fail when any errors are thrown. Used only to test the Action; do not set this in your own workflows.
|
||||||
|
required: false
|
||||||
|
default: false
|
||||||
|
outputs:
|
||||||
|
pull-request-number:
|
||||||
|
description: "The number of the opened pull request"
|
||||||
|
value: ${{ steps.create-pr.outputs.pull-request-number }}
|
||||||
|
pull-request-operation:
|
||||||
|
description: "The pull request operation performed by the action, `created`, `updated` or `closed`."
|
||||||
|
value: ${{ steps.create-pr.outputs.pull-request-operation }}
|
||||||
|
runs:
|
||||||
|
using: "composite"
|
||||||
|
steps:
|
||||||
|
- name: Import bot's GPG key for signing commits
|
||||||
|
if: ${{ inputs.sign-commits == 'true' }}
|
||||||
|
id: import-gpg
|
||||||
|
uses: https://github.com/crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4 # v6.1.0
|
||||||
|
with:
|
||||||
|
gpg_private_key: ${{ inputs.gpg-private-key }}
|
||||||
|
fingerprint: ${{ inputs.gpg-fingerprint }}
|
||||||
|
passphrase: ${{ inputs.gpg-passphrase }}
|
||||||
|
git_config_global: true
|
||||||
|
git_user_signingkey: true
|
||||||
|
git_commit_gpgsign: true
|
||||||
|
- name: Set environment variables (signed commits)
|
||||||
|
if: ${{ inputs.sign-commits == 'true' }}
|
||||||
|
shell: bash
|
||||||
|
env:
|
||||||
|
GIT_AUTHOR_NAME: ${{ steps.import-gpg.outputs.name }}
|
||||||
|
GIT_AUTHOR_EMAIL: ${{ steps.import-gpg.outputs.email }}
|
||||||
|
GIT_COMMITTER_NAME: ${{ steps.import-gpg.outputs.name }}
|
||||||
|
GIT_COMMITTER_EMAIL: ${{ steps.import-gpg.outputs.email }}
|
||||||
|
TARGETS: ${{ inputs.inputs }}
|
||||||
|
run: |
|
||||||
|
echo "GIT_AUTHOR_NAME=$GIT_AUTHOR_NAME" >> $GITHUB_ENV
|
||||||
|
echo "GIT_AUTHOR_EMAIL=<$GIT_AUTHOR_EMAIL>" >> $GITHUB_ENV
|
||||||
|
echo "GIT_COMMITTER_NAME=$GIT_COMMITTER_NAME" >> $GITHUB_ENV
|
||||||
|
echo "GIT_COMMITTER_EMAIL=<$GIT_COMMITTER_EMAIL>" >> $GITHUB_ENV
|
||||||
|
- name: Set environment variables (unsigned commits)
|
||||||
|
if: ${{ inputs.sign-commits != 'true' }}
|
||||||
|
shell: bash
|
||||||
|
run: |
|
||||||
|
echo "GIT_AUTHOR_NAME=${{ inputs.git-author-name }}" >> $GITHUB_ENV
|
||||||
|
echo "GIT_AUTHOR_EMAIL=<${{ inputs.git-author-email }}>" >> $GITHUB_ENV
|
||||||
|
echo "GIT_COMMITTER_NAME=${{ inputs.git-committer-name }}" >> $GITHUB_ENV
|
||||||
|
echo "GIT_COMMITTER_EMAIL=<${{ inputs.git-committer-email }}>" >> $GITHUB_ENV
|
||||||
|
- name: Run update-flake-lock
|
||||||
|
shell: bash
|
||||||
|
run: node "$GITHUB_ACTION_PATH/dist/index.js"
|
||||||
|
env:
|
||||||
|
# The following manually exposes all of the action inputs into INPUT_ environment variables so actionsCore.getInput works:
|
||||||
|
# https://github.com/actions/toolkit/blob/ae38557bb0dba824cdda26ce787bd6b66cf07a83/packages/core/src/core.ts#L126
|
||||||
|
INPUT_BASE: ${{ inputs.base }}
|
||||||
|
INPUT_BRANCH: ${{ inputs.branch }}
|
||||||
|
INPUT_COMMIT-MSG: ${{ inputs.commit-msg }}
|
||||||
|
INPUT_GIT-AUTHOR-EMAIL: ${{ inputs.git-author-email }}
|
||||||
|
INPUT_GIT-AUTHOR-NAME: ${{ inputs.git-author-name }}
|
||||||
|
INPUT_GIT-COMMITTER-EMAIL: ${{ inputs.git-committer-email }}
|
||||||
|
INPUT_GIT-COMMITTER-NAME: ${{ inputs.git-committer-name }}
|
||||||
|
INPUT_GPG-FINGERPRINT: ${{ inputs.gpg-fingerprint }}
|
||||||
|
INPUT_GPG-PASSPHRASE: ${{ inputs.gpg-passphrase }}
|
||||||
|
INPUT_GPG-PRIVATE-KEY: ${{ inputs.gpg-private-key }}
|
||||||
|
INPUT_INPUTS: ${{ inputs.inputs }}
|
||||||
|
INPUT_NIX-OPTIONS: ${{ inputs.nix-options }}
|
||||||
|
INPUT_PATH-TO-FLAKE-DIR: ${{ inputs.path-to-flake-dir }}
|
||||||
|
INPUT_PR-ASSIGNEES: ${{ inputs.pr-assignees }}
|
||||||
|
INPUT_PR-BODY: ${{ inputs.pr-body }}
|
||||||
|
INPUT_PR-LABELS: ${{ inputs.pr-labels }}
|
||||||
|
INPUT_PR-REVIEWERS: ${{ inputs.pr-reviewers }}
|
||||||
|
INPUT_PR-TITLE: ${{ inputs.pr-title }}
|
||||||
|
INPUT_PULL-REQUEST-NUMBER: ${{ inputs.pull-request-number }}
|
||||||
|
INPUT_PULL-REQUEST-OPERATION: ${{ inputs.pull-request-operation }}
|
||||||
|
INPUT_SIGN-COMMITS: ${{ inputs.sign-commits }}
|
||||||
|
INPUT_TOKEN: ${{ inputs.token }}
|
||||||
|
INPUT__INTERNAL-STRICT-MODE: ${{ inputs._internal-strict-mode }}
|
||||||
|
- name: Save PR Body as file
|
||||||
|
uses: https://github.com/DamianReeves/write-file-action@v1.3
|
||||||
|
with:
|
||||||
|
path: pr_body.template
|
||||||
|
contents: ${{ inputs.pr-body }}
|
||||||
|
env: {}
|
||||||
|
- name: Set additional env variables (GIT_COMMIT_MESSAGE)
|
||||||
|
shell: bash
|
||||||
|
run: |
|
||||||
|
DELIMITER=$(dd if=/dev/urandom bs=15 count=1 status=none | base64)
|
||||||
|
COMMIT_MESSAGE="$(git log --format=%b -n 1)"
|
||||||
|
echo "GIT_COMMIT_MESSAGE<<$DELIMITER" >> $GITHUB_ENV
|
||||||
|
echo "$COMMIT_MESSAGE" >> $GITHUB_ENV
|
||||||
|
echo "$DELIMITER" >> $GITHUB_ENV
|
||||||
|
echo "GIT_COMMIT_MESSAGE is: ${COMMIT_MESSAGE}"
|
||||||
|
- name: Interpolate PR Body
|
||||||
|
uses: pedrolamas/handlebars-action@2995d7eadacbc8f2f6ab8431a01d84a5fa3b8bb4 # v2.4.0
|
||||||
|
with:
|
||||||
|
files: "pr_body.template"
|
||||||
|
output-filename: "pr_body.txt"
|
||||||
|
- name: Read pr_body.txt
|
||||||
|
id: pr_body
|
||||||
|
uses: juliangruber/read-file-action@v1
|
||||||
|
with:
|
||||||
|
path: "pr_body.txt"
|
||||||
|
# We need to remove the pr_body files so that the
|
||||||
|
# peter-evans/create-pull-request action does not commit it (the
|
||||||
|
# action commits all new and modified files).
|
||||||
|
- name: Remove PR body template files
|
||||||
|
shell: bash
|
||||||
|
run: rm -f pr_body.txt pr_body.template
|
||||||
|
- name: Create PR
|
||||||
|
id: create-pr
|
||||||
|
uses: https://github.com/peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e # v6.0.5
|
||||||
|
with:
|
||||||
|
base: ${{ inputs.base }}
|
||||||
|
branch: ${{ inputs.branch }}
|
||||||
|
delete-branch: true
|
||||||
|
committer: ${{ env.GIT_COMMITTER_NAME }} ${{ env.GIT_COMMITTER_EMAIL }}
|
||||||
|
author: ${{ env.GIT_AUTHOR_NAME }} ${{ env.GIT_AUTHOR_EMAIL }}
|
||||||
|
title: ${{ inputs.pr-title }}
|
||||||
|
token: ${{ inputs.token }}
|
||||||
|
assignees: ${{ inputs.pr-assignees }}
|
||||||
|
labels: ${{ inputs.pr-labels }}
|
||||||
|
reviewers: ${{ inputs.pr-reviewers }}
|
||||||
|
body: ${{ steps.pr_body.outputs.content }}
|
2
.forgejo/actions/update-flake-lock/dist/index.d.ts
vendored
Normal file
2
.forgejo/actions/update-flake-lock/dist/index.d.ts
vendored
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
|
||||||
|
export { }
|
95155
.forgejo/actions/update-flake-lock/dist/index.js
vendored
Normal file
95155
.forgejo/actions/update-flake-lock/dist/index.js
vendored
Normal file
File diff suppressed because one or more lines are too long
1
.forgejo/actions/update-flake-lock/dist/index.js.map
vendored
Normal file
1
.forgejo/actions/update-flake-lock/dist/index.js.map
vendored
Normal file
File diff suppressed because one or more lines are too long
3
.forgejo/actions/update-flake-lock/dist/package.json
vendored
Normal file
3
.forgejo/actions/update-flake-lock/dist/package.json
vendored
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
{
|
||||||
|
"type": "module"
|
||||||
|
}
|
|
@ -8,7 +8,6 @@ on:
|
||||||
paths:
|
paths:
|
||||||
- ".forgejo/workflows/build.yaml"
|
- ".forgejo/workflows/build.yaml"
|
||||||
- "flake.lock"
|
- "flake.lock"
|
||||||
workflow_dispatch:
|
|
||||||
|
|
||||||
concurrency:
|
concurrency:
|
||||||
group: ${{ github.workflow }}-${{ github.event.number || github.ref }}
|
group: ${{ github.workflow }}-${{ github.event.number || github.ref }}
|
||||||
|
@ -29,8 +28,6 @@ jobs:
|
||||||
os: native-x86_64
|
os: native-x86_64
|
||||||
- system: telperion
|
- system: telperion
|
||||||
os: native-x86_64
|
os: native-x86_64
|
||||||
- system: shadowfax
|
|
||||||
os: native-x86_64
|
|
||||||
runs-on: ${{ matrix.os }}
|
runs-on: ${{ matrix.os }}
|
||||||
env:
|
env:
|
||||||
PATH: ${{ format('{0}:{1}', '/run/current-system/sw/bin', env.PATH) }}
|
PATH: ${{ format('{0}:{1}', '/run/current-system/sw/bin', env.PATH) }}
|
||||||
|
@ -49,8 +46,55 @@ jobs:
|
||||||
- name: Garbage collect build dependencies
|
- name: Garbage collect build dependencies
|
||||||
run: nix-collect-garbage
|
run: nix-collect-garbage
|
||||||
|
|
||||||
|
- name: Build previous ${{ matrix.system }} system
|
||||||
|
shell: bash
|
||||||
|
run: |
|
||||||
|
nix build git+https://git.hsn.dev/jahanson/mochi#top.${{ matrix.system }} \
|
||||||
|
-v --log-format raw --profile ./profile
|
||||||
- name: Build new ${{ matrix.system }} system
|
- name: Build new ${{ matrix.system }} system
|
||||||
shell: bash
|
shell: bash
|
||||||
run: |
|
run: |
|
||||||
nix build ".#top.${{ matrix.system }}" --profile ./profile --fallback -v \
|
nix build ".#top.${{ matrix.system }}" --profile ./profile --fallback -v \
|
||||||
> >(tee stdout.log) 2> >(tee /tmp/nix-build-err.log >&2)
|
> >(tee stdout.log) 2> >(tee /tmp/nix-build-err.log >&2)
|
||||||
|
- name: Check for build failure
|
||||||
|
if: failure()
|
||||||
|
run: |
|
||||||
|
drv=$(grep "For full logs, run" /tmp/nix-build-err.log | grep -oE "/nix/store/.*.drv")
|
||||||
|
if [ -n $drv ]; then
|
||||||
|
nix log $drv
|
||||||
|
echo $drv
|
||||||
|
fi
|
||||||
|
exit 1
|
||||||
|
- name: Diff profile
|
||||||
|
id: diff
|
||||||
|
run: |
|
||||||
|
nix profile diff-closures --profile ./profile
|
||||||
|
delimiter="$(openssl rand -hex 16)"
|
||||||
|
echo "diff<<${delimiter}" >> "${GITHUB_OUTPUT}"
|
||||||
|
nix profile diff-closures --profile ./profile | perl -pe 's/\e\[[0-9;]*m(?:\e\[K)?//g' >> "${GITHUB_OUTPUT}"
|
||||||
|
echo "${delimiter}" >> "${GITHUB_OUTPUT}"
|
||||||
|
- name: Comment report in pr
|
||||||
|
uses: https://github.com/marocchino/sticky-pull-request-comment@v2
|
||||||
|
with:
|
||||||
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
header: ".#top.${{ matrix.system }}"
|
||||||
|
message: |
|
||||||
|
### Report for `${{ matrix.system }}`
|
||||||
|
|
||||||
|
<summary> Version changes </summary> <br>
|
||||||
|
<pre> ${{ steps.diff.outputs.diff }} </pre>
|
||||||
|
# - name: Push to Cachix
|
||||||
|
# if: success()
|
||||||
|
# env:
|
||||||
|
# CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
|
||||||
|
# run: nix build ".#top.${{ matrix.system }}" --json | jq -r .[].drvPath | cachix push hsndev
|
||||||
|
nix-build-success:
|
||||||
|
if: ${{ always() }}
|
||||||
|
needs:
|
||||||
|
- nix-build
|
||||||
|
name: Nix Build Successful
|
||||||
|
runs-on: docker
|
||||||
|
steps:
|
||||||
|
- if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }}
|
||||||
|
name: Check matrix status
|
||||||
|
run: exit 1
|
||||||
|
|
28
.forgejo/workflows/update_lock.yaml
Normal file
28
.forgejo/workflows/update_lock.yaml
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
name: update-flake-lock
|
||||||
|
on:
|
||||||
|
# workflow_dispatch: # allows manual triggering
|
||||||
|
schedule:
|
||||||
|
- cron: '0 0 * * *' # daily at midnight
|
||||||
|
push:
|
||||||
|
branches:
|
||||||
|
- main
|
||||||
|
paths:
|
||||||
|
- ".forgejo/workflows/update_lock.yaml"
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
lockfile:
|
||||||
|
runs-on: docker
|
||||||
|
steps:
|
||||||
|
- name: Checkout repository
|
||||||
|
uses: https://github.com/actions/checkout@v4
|
||||||
|
- name: Install Nix
|
||||||
|
uses: https://github.com/DeterminateSystems/nix-installer-action@main
|
||||||
|
- name: Update flake.lock
|
||||||
|
uses: ./.forgejo/actions/update-flake-lock
|
||||||
|
with:
|
||||||
|
pr-title: "Update flake.lock" # Title of PR to be created
|
||||||
|
pr-labels: | # Labels to be set on the PR
|
||||||
|
dependencies
|
||||||
|
automated
|
||||||
|
inputs: nixpkgs nixpkgs-unstable
|
||||||
|
|
4
.gitignore
vendored
4
.gitignore
vendored
|
@ -1,12 +1,8 @@
|
||||||
**/*.tmp.sops.yaml
|
**/*.tmp.sops.yaml
|
||||||
**/*.sops.tmp.yaml
|
**/*.sops.tmp.yaml
|
||||||
**/*sync-conflict*
|
|
||||||
age.key
|
age.key
|
||||||
result*
|
result*
|
||||||
.direnv
|
.direnv
|
||||||
.kube
|
.kube
|
||||||
.github
|
.github
|
||||||
.profile
|
.profile
|
||||||
.idea
|
|
||||||
.secrets
|
|
||||||
.op
|
|
||||||
|
|
|
@ -36,4 +36,3 @@ repos:
|
||||||
- id: sops-encryption
|
- id: sops-encryption
|
||||||
# Uncomment to exclude all markdown files from encryption
|
# Uncomment to exclude all markdown files from encryption
|
||||||
# exclude: *.\.md
|
# exclude: *.\.md
|
||||||
files: .*secrets.*
|
|
||||||
|
|
|
@ -1,4 +0,0 @@
|
||||||
{
|
|
||||||
"quoteProps": "preserve",
|
|
||||||
"trailingComma": "none"
|
|
||||||
}
|
|
|
@ -15,10 +15,9 @@ keys:
|
||||||
- &durincore age1d9p83j52m2xg0vh9k7q0uwlxwhs3y6tlv68yg9s2h9mdw2fmmsqshddz5m
|
- &durincore age1d9p83j52m2xg0vh9k7q0uwlxwhs3y6tlv68yg9s2h9mdw2fmmsqshddz5m
|
||||||
- &gandalf age1m83ups8xn2jy4ayr8gw0pyn34smr0huqc5v76e4887az4vsl4yzsj0dlhd
|
- &gandalf age1m83ups8xn2jy4ayr8gw0pyn34smr0huqc5v76e4887az4vsl4yzsj0dlhd
|
||||||
- &legiondary age1lp6rrlvmytp9ka6q89m0e0am26222kwrn7aqd45hu07s3a6jv3gqty86eu
|
- &legiondary age1lp6rrlvmytp9ka6q89m0e0am26222kwrn7aqd45hu07s3a6jv3gqty86eu
|
||||||
- &shadowfax age1e4sd6jjd4uxxsh9xmhdsnu6mqd5h8c4zz4gwme7lkw9ee949fc9q4px9df
|
|
||||||
- &telchar age19jm7uuam7gkacm3kh2v7uqgkvmmx0slmm9zwdjhd2ln9r60xzd7qh78c5a
|
|
||||||
- &telperion age1nwnqxjuaxlt5g7fe8rnspvn2c36uuef4hzwuwa6cfjfalz2lrd4q4n5fpl
|
- &telperion age1nwnqxjuaxlt5g7fe8rnspvn2c36uuef4hzwuwa6cfjfalz2lrd4q4n5fpl
|
||||||
- &varda age1a8z3p24v32l9yxm5z2l8h7rpc3nhacyfv4jvetk2lenrvsdstd3sdu2kaf
|
- &varda age1a8z3p24v32l9yxm5z2l8h7rpc3nhacyfv4jvetk2lenrvsdstd3sdu2kaf
|
||||||
|
- &telchar age1vsqx6kukrfhrwdy4sujnra5gsswzuh0cfcfdh0d9qjrkts8hl5aqnjx32m
|
||||||
|
|
||||||
|
|
||||||
creation_rules:
|
creation_rules:
|
||||||
|
@ -29,7 +28,6 @@ creation_rules:
|
||||||
- *gandalf
|
- *gandalf
|
||||||
- *jahanson
|
- *jahanson
|
||||||
- *legiondary
|
- *legiondary
|
||||||
- *shadowfax
|
|
||||||
- *telchar
|
- *telchar
|
||||||
- *telperion
|
- *telperion
|
||||||
- *varda
|
- *varda
|
||||||
|
|
46
.vscode/nixmodule.code-snippets
vendored
46
.vscode/nixmodule.code-snippets
vendored
|
@ -1,46 +0,0 @@
|
||||||
{
|
|
||||||
// If scope is left empty or omitted, the snippet gets applied to all languages. The prefix is what is
|
|
||||||
// used to trigger the snippet and the body will be expanded and inserted. Possible variables are:
|
|
||||||
// $1, $2 for tab stops, $0 for the final cursor position, and ${1:label}, ${2:another} for placeholders.
|
|
||||||
// Placeholders with the same ids are connected.
|
|
||||||
"Nix Module with Enable Option": {
|
|
||||||
"scope": "nix",
|
|
||||||
"prefix": "nixmodule",
|
|
||||||
"body": [
|
|
||||||
"{ config, lib, pkgs, ... }:",
|
|
||||||
"let",
|
|
||||||
" cfg = config.mySystem.${1:moduleName};",
|
|
||||||
"in",
|
|
||||||
"{",
|
|
||||||
" options.mySystem.${1:moduleName} = {",
|
|
||||||
" enable = lib.mkEnableOption \"${2:Description of the module}\";",
|
|
||||||
" };",
|
|
||||||
"",
|
|
||||||
" config = lib.mkIf cfg.enable {",
|
|
||||||
" $0",
|
|
||||||
" };",
|
|
||||||
"}"
|
|
||||||
],
|
|
||||||
"description": "Creates a blank Nix module with an enable option"
|
|
||||||
},
|
|
||||||
"Nix Home Manager Module with Enable Option": {
|
|
||||||
"scope": "nix",
|
|
||||||
"prefix": "nixmodule-homemanager",
|
|
||||||
"body": [
|
|
||||||
"{ config, lib, pkgs, ... }:",
|
|
||||||
"let",
|
|
||||||
" cfg = config.myHome.programs.${1:moduleName};",
|
|
||||||
"in",
|
|
||||||
"{",
|
|
||||||
" options.myHome.programs.${1:moduleName} = {",
|
|
||||||
" enable = lib.mkEnableOption \"${2:Description of the module}\";",
|
|
||||||
" };",
|
|
||||||
"",
|
|
||||||
" config = lib.mkIf cfg.enable {",
|
|
||||||
" $0",
|
|
||||||
" };",
|
|
||||||
"}"
|
|
||||||
],
|
|
||||||
"description": "Creates a blank Nix module with an enable option"
|
|
||||||
}
|
|
||||||
}
|
|
25
.vscode/settings.json
vendored
25
.vscode/settings.json
vendored
|
@ -6,28 +6,5 @@
|
||||||
"editor.guides.bracketPairsHorizontal": true,
|
"editor.guides.bracketPairsHorizontal": true,
|
||||||
"editor.guides.highlightActiveBracketPair": true,
|
"editor.guides.highlightActiveBracketPair": true,
|
||||||
"files.trimTrailingWhitespace": true,
|
"files.trimTrailingWhitespace": true,
|
||||||
"sops.defaults.ageKeyFile": "/home/jahanson/projects/mochi/age.key",
|
"sops.defaults.ageKeyFile": "age.key",
|
||||||
"nix.enableLanguageServer": true,
|
|
||||||
"nix.serverPath": "/run/current-system/sw/bin/nil",
|
|
||||||
"nix.formatterPath": "/run/current-system/sw/bin/nixfmt",
|
|
||||||
"nix.serverSettings": {
|
|
||||||
"nil": {
|
|
||||||
"formatting": {
|
|
||||||
"command": ["nixfmt"]
|
|
||||||
},
|
|
||||||
"diagnostics": {
|
|
||||||
"ignored": [],
|
|
||||||
"excludedFiles": []
|
|
||||||
},
|
|
||||||
},
|
|
||||||
"nix": {
|
|
||||||
"binary": "/run/current-system/sw/bin/nix",
|
|
||||||
"maxMemoryMB": null, // disable memory limit
|
|
||||||
"flake": {
|
|
||||||
"autoEvalInputs": true,
|
|
||||||
"autoArchive": true,
|
|
||||||
"nixpkgsInputName": "nixpkgs"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
335
flake.lock
335
flake.lock
|
@ -24,11 +24,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1730751873,
|
"lastModified": 1722821805,
|
||||||
"narHash": "sha256-sdY29RWz0S7VbaoTwSy6RummdHKf0wUTaBlqPxrtvmQ=",
|
"narHash": "sha256-FGrUPUD+LMDwJsYyNSxNIzFMldtCm8wXiQuyL2PHSrM=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "disko",
|
"repo": "disko",
|
||||||
"rev": "856a2902156ba304efebd4c1096dbf7465569454",
|
"rev": "0257e44f4ad472b54f19a6dd1615aee7fa48ed49",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -64,11 +64,11 @@
|
||||||
"flake-compat": {
|
"flake-compat": {
|
||||||
"flake": false,
|
"flake": false,
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1673956053,
|
"lastModified": 1696426674,
|
||||||
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
|
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
|
||||||
"owner": "edolstra",
|
"owner": "edolstra",
|
||||||
"repo": "flake-compat",
|
"repo": "flake-compat",
|
||||||
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
|
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -98,11 +98,11 @@
|
||||||
"nixpkgs-lib": "nixpkgs-lib"
|
"nixpkgs-lib": "nixpkgs-lib"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1727826117,
|
"lastModified": 1719994518,
|
||||||
"narHash": "sha256-K5ZLCyfO/Zj9mPFldf3iwS6oZStJcU4tSpiXTMYaaL0=",
|
"narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=",
|
||||||
"owner": "hercules-ci",
|
"owner": "hercules-ci",
|
||||||
"repo": "flake-parts",
|
"repo": "flake-parts",
|
||||||
"rev": "3d04084d54bedc3d6b8b736c70ef449225c361b1",
|
"rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -116,11 +116,11 @@
|
||||||
"systems": "systems"
|
"systems": "systems"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1710146030,
|
"lastModified": 1705309234,
|
||||||
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
|
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
|
||||||
"owner": "numtide",
|
"owner": "numtide",
|
||||||
"repo": "flake-utils",
|
"repo": "flake-utils",
|
||||||
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
|
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -152,11 +152,11 @@
|
||||||
"systems": "systems_3"
|
"systems": "systems_3"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1681202837,
|
"lastModified": 1705309234,
|
||||||
"narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
|
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
|
||||||
"owner": "numtide",
|
"owner": "numtide",
|
||||||
"repo": "flake-utils",
|
"repo": "flake-utils",
|
||||||
"rev": "cfacdce06f30d2b68473a46042957675eebb3401",
|
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -188,11 +188,11 @@
|
||||||
"systems": "systems_5"
|
"systems": "systems_5"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1681202837,
|
"lastModified": 1710146030,
|
||||||
"narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
|
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
|
||||||
"owner": "numtide",
|
"owner": "numtide",
|
||||||
"repo": "flake-utils",
|
"repo": "flake-utils",
|
||||||
"rev": "cfacdce06f30d2b68473a46042957675eebb3401",
|
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -216,6 +216,49 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"ghostty": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs-stable": "nixpkgs-stable",
|
||||||
|
"nixpkgs-unstable": "nixpkgs-unstable",
|
||||||
|
"zig": "zig",
|
||||||
|
"zls": "zls"
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1723168569,
|
||||||
|
"narHash": "sha256-VTo/HNmYQ1ctAzdCOvtInQf9grhSuRLGA8FGP/4pVew=",
|
||||||
|
"ref": "refs/heads/main",
|
||||||
|
"rev": "33d9c043ef828b062865f42db551d6ddc48e2def",
|
||||||
|
"revCount": 6848,
|
||||||
|
"type": "git",
|
||||||
|
"url": "ssh://git@github.com/ghostty-org/ghostty"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"type": "git",
|
||||||
|
"url": "ssh://git@github.com/ghostty-org/ghostty"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"gitignore": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs": [
|
||||||
|
"ghostty",
|
||||||
|
"zls",
|
||||||
|
"nixpkgs"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1709087332,
|
||||||
|
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
|
||||||
|
"owner": "hercules-ci",
|
||||||
|
"repo": "gitignore.nix",
|
||||||
|
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "hercules-ci",
|
||||||
|
"repo": "gitignore.nix",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"home-manager": {
|
"home-manager": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
|
@ -223,11 +266,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1726989464,
|
"lastModified": 1720042825,
|
||||||
"narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=",
|
"narHash": "sha256-A0vrUB6x82/jvf17qPCpxaM+ulJnD8YZwH9Ci0BsAzE=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176",
|
"rev": "e1391fb22e18a36f57e6999c7a9f966dc80ac073",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -239,11 +282,11 @@
|
||||||
},
|
},
|
||||||
"impermanence": {
|
"impermanence": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1730403150,
|
"lastModified": 1719091691,
|
||||||
"narHash": "sha256-W1FH5aJ/GpRCOA7DXT/sJHFpa5r8sq2qAUncWwRZ3Gg=",
|
"narHash": "sha256-AxaLX5cBEcGtE02PeGsfscSb/fWMnyS7zMWBXQWDKbE=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "impermanence",
|
"repo": "impermanence",
|
||||||
"rev": "0d09341beeaa2367bac5d718df1404bf2ce45e6f",
|
"rev": "23c1f06316b67cb5dabdfe2973da3785cfe9c34a",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -252,26 +295,16 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"krewfile": {
|
"langref": {
|
||||||
"inputs": {
|
"flake": false,
|
||||||
"flake-utils": "flake-utils",
|
|
||||||
"nixpkgs": [
|
|
||||||
"nixpkgs"
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1727979884,
|
"narHash": "sha256-O6p2tiKD8ZMhSX+DeA/o5hhAvcPkU2J9lFys/r11peY=",
|
||||||
"narHash": "sha256-nLS37EhKi/ru+0HimB0EIXYpJCxaE/7bVHUHNvHDEoE=",
|
"type": "file",
|
||||||
"owner": "ajgon",
|
"url": "https://raw.githubusercontent.com/ziglang/zig/0fb2015fd3422fc1df364995f9782dfe7255eccd/doc/langref.html.in"
|
||||||
"repo": "krewfile",
|
|
||||||
"rev": "1821efaad07ad3925d68210f57e0b73bce57d317",
|
|
||||||
"type": "github"
|
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "ajgon",
|
"type": "file",
|
||||||
"ref": "feat/indexes",
|
"url": "https://raw.githubusercontent.com/ziglang/zig/0fb2015fd3422fc1df364995f9782dfe7255eccd/doc/langref.html.in"
|
||||||
"repo": "krewfile",
|
|
||||||
"type": "github"
|
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"lix": {
|
"lix": {
|
||||||
|
@ -290,7 +323,7 @@
|
||||||
},
|
},
|
||||||
"lix-module": {
|
"lix-module": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"flake-utils": "flake-utils_2",
|
"flake-utils": "flake-utils_4",
|
||||||
"flakey-profile": "flakey-profile",
|
"flakey-profile": "flakey-profile",
|
||||||
"lix": "lix",
|
"lix": "lix",
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
|
@ -359,11 +392,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1730604744,
|
"lastModified": 1722740924,
|
||||||
"narHash": "sha256-/MK6QU4iOozJ4oHTfZipGtOgaT/uy/Jm4foCqHQeYR4=",
|
"narHash": "sha256-UQPgA5d8azLZuDHZMPmvDszhuKF1Ek89SrTRtqsQ4Ss=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "nix-index-database",
|
"repo": "nix-index-database",
|
||||||
"rev": "cc2ddbf2df8ef7cc933543b1b42b845ee4772318",
|
"rev": "97ca0a0fca0391de835f57e44f369a283e37890f",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -394,42 +427,20 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nix-minecraft": {
|
|
||||||
"inputs": {
|
|
||||||
"flake-compat": "flake-compat",
|
|
||||||
"flake-utils": "flake-utils_3",
|
|
||||||
"nixpkgs": [
|
|
||||||
"nixpkgs-unstable"
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1730771089,
|
|
||||||
"narHash": "sha256-TRt7P8pIcKlrz1gVqtibcq2ZGu/EHep1I0n2Chklta4=",
|
|
||||||
"owner": "Infinidoge",
|
|
||||||
"repo": "nix-minecraft",
|
|
||||||
"rev": "84d4f0e13ff27a31d6b73d0ec4ab151755f9f1cb",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "Infinidoge",
|
|
||||||
"repo": "nix-minecraft",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"nix-vscode-extensions": {
|
"nix-vscode-extensions": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"flake-compat": "flake-compat_2",
|
"flake-compat": "flake-compat_2",
|
||||||
"flake-utils": "flake-utils_4",
|
"flake-utils": "flake-utils_5",
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
"nixpkgs"
|
"nixpkgs"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1730771180,
|
"lastModified": 1722907736,
|
||||||
"narHash": "sha256-VSPWndy0ChZobMOS283g1KItO+jLfzTLNaFSN+Lixlw=",
|
"narHash": "sha256-drU5kbx9EtTqg7rXc6ni0LZuZQy7l/wVgsQ8PSYl5Qw=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "nix-vscode-extensions",
|
"repo": "nix-vscode-extensions",
|
||||||
"rev": "77da8f3bed69932db301f372119ed71c439193b7",
|
"rev": "b3c49142939ba6072cb8bdd6109e36d1b70a055a",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -440,11 +451,11 @@
|
||||||
},
|
},
|
||||||
"nixos-hardware": {
|
"nixos-hardware": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1730797322,
|
"lastModified": 1722332872,
|
||||||
"narHash": "sha256-cH9emjYIbDYTde/CKOmU97rh7sKuyfedzPcTz4OTJkE=",
|
"narHash": "sha256-2xLM4sc5QBfi0U/AANJAW21Bj4ZX479MHPMPkB+eKBU=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixos-hardware",
|
"repo": "nixos-hardware",
|
||||||
"rev": "1b0b927860d7eb367ee6a3123ddeb7a8e24bd836",
|
"rev": "14c333162ba53c02853add87a0000cbd7aa230c2",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -456,11 +467,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1730741070,
|
"lastModified": 1723688146,
|
||||||
"narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=",
|
"narHash": "sha256-sqLwJcHYeWLOeP/XoLwAtYjr01TISlkOfz+NG82pbdg=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "d063c1dd113c91ab27959ba540c0d9753409edf3",
|
"rev": "c3d4ac725177c030b1e289015989da2ad9d56af0",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -472,14 +483,14 @@
|
||||||
},
|
},
|
||||||
"nixpkgs-lib": {
|
"nixpkgs-lib": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1727825735,
|
"lastModified": 1719876945,
|
||||||
"narHash": "sha256-0xHYkMkeLVQAMa7gvkddbPqpxph+hDzdu1XdGPJR+Os=",
|
"narHash": "sha256-Fm2rDDs86sHy0/1jxTOKB1118Q0O3Uc7EC0iXvXKpbI=",
|
||||||
"type": "tarball",
|
"type": "tarball",
|
||||||
"url": "https://github.com/NixOS/nixpkgs/archive/fb192fec7cc7a4c26d51779e9bab07ce6fa5597a.tar.gz"
|
"url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"type": "tarball",
|
"type": "tarball",
|
||||||
"url": "https://github.com/NixOS/nixpkgs/archive/fb192fec7cc7a4c26d51779e9bab07ce6fa5597a.tar.gz"
|
"url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs-ovmf": {
|
"nixpkgs-ovmf": {
|
||||||
|
@ -500,11 +511,27 @@
|
||||||
},
|
},
|
||||||
"nixpkgs-stable": {
|
"nixpkgs-stable": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1730602179,
|
"lastModified": 1705957679,
|
||||||
"narHash": "sha256-efgLzQAWSzJuCLiCaQUCDu4NudNlHdg2NzGLX5GYaEY=",
|
"narHash": "sha256-Q8LJaVZGJ9wo33wBafvZSzapYsjOaNjP/pOnSiKVGHY=",
|
||||||
|
"owner": "nixos",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "9a333eaa80901efe01df07eade2c16d183761fa3",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nixos",
|
||||||
|
"ref": "release-23.05",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"nixpkgs-stable_2": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1721524707,
|
||||||
|
"narHash": "sha256-5NctRsoE54N86nWd0psae70YSLfrOek3Kv1e8KoXe/0=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "3c2f1c4ca372622cb2f9de8016c9a0b1cbd0f37c",
|
"rev": "556533a23879fc7e5f98dd2e0b31a6911a213171",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -516,11 +543,27 @@
|
||||||
},
|
},
|
||||||
"nixpkgs-unstable": {
|
"nixpkgs-unstable": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1730531603,
|
"lastModified": 1719082008,
|
||||||
"narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=",
|
"narHash": "sha256-jHJSUH619zBQ6WdC21fFAlDxHErKVDJ5fpN0Hgx4sjs=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d",
|
"rev": "9693852a2070b398ee123a329e68f0dab5526681",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nixos",
|
||||||
|
"ref": "nixpkgs-unstable",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"nixpkgs-unstable_2": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1723637854,
|
||||||
|
"narHash": "sha256-med8+5DSWa2UnOqtdICndjDAEjxr5D7zaIiK4pn0Q7c=",
|
||||||
|
"owner": "nixos",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "c3aa7b8938b17aebd2deecf7be0636000d62a2b9",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -530,20 +573,6 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs_2": {
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1682134069,
|
|
||||||
"narHash": "sha256-TnI/ZXSmRxQDt2sjRYK/8j8iha4B4zP2cnQCZZ3vp7k=",
|
|
||||||
"owner": "NixOS",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"rev": "fd901ef4bf93499374c5af385b2943f5801c0833",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"id": "nixpkgs",
|
|
||||||
"type": "indirect"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"nixvirt-git": {
|
"nixvirt-git": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
|
@ -568,11 +597,11 @@
|
||||||
},
|
},
|
||||||
"nur": {
|
"nur": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1730818022,
|
"lastModified": 1722976219,
|
||||||
"narHash": "sha256-65XWIVBMViT6fsyEKDdIXOE98UB1rq0PHIpFKH2bZGg=",
|
"narHash": "sha256-ggIGbaqOP3N/+aezX3y4K0kbmrsYaJl/8ThC0Jq1it4=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "NUR",
|
"repo": "NUR",
|
||||||
"rev": "d239d9e41525121dde6ff1a29cfad42f9681ac4c",
|
"rev": "315c48e6c9acb95b4af6492015d36ef1b7b99dfc",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -668,22 +697,20 @@
|
||||||
"root": {
|
"root": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"disko": "disko",
|
"disko": "disko",
|
||||||
|
"ghostty": "ghostty",
|
||||||
"home-manager": "home-manager",
|
"home-manager": "home-manager",
|
||||||
"impermanence": "impermanence",
|
"impermanence": "impermanence",
|
||||||
"krewfile": "krewfile",
|
|
||||||
"lix-module": "lix-module",
|
"lix-module": "lix-module",
|
||||||
"nix-index-database": "nix-index-database",
|
"nix-index-database": "nix-index-database",
|
||||||
"nix-inspect": "nix-inspect",
|
"nix-inspect": "nix-inspect",
|
||||||
"nix-minecraft": "nix-minecraft",
|
|
||||||
"nix-vscode-extensions": "nix-vscode-extensions",
|
"nix-vscode-extensions": "nix-vscode-extensions",
|
||||||
"nixos-hardware": "nixos-hardware",
|
"nixos-hardware": "nixos-hardware",
|
||||||
"nixpkgs": "nixpkgs",
|
"nixpkgs": "nixpkgs",
|
||||||
"nixpkgs-unstable": "nixpkgs-unstable",
|
"nixpkgs-unstable": "nixpkgs-unstable_2",
|
||||||
"nixvirt-git": "nixvirt-git",
|
"nixvirt-git": "nixvirt-git",
|
||||||
"nur": "nur",
|
"nur": "nur",
|
||||||
"sops-nix": "sops-nix",
|
"sops-nix": "sops-nix",
|
||||||
"talhelper": "talhelper",
|
"talhelper": "talhelper"
|
||||||
"vscode-server": "vscode-server"
|
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"rust-overlay": {
|
"rust-overlay": {
|
||||||
|
@ -731,14 +758,14 @@
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
"nixpkgs"
|
"nixpkgs"
|
||||||
],
|
],
|
||||||
"nixpkgs-stable": "nixpkgs-stable"
|
"nixpkgs-stable": "nixpkgs-stable_2"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1730746162,
|
"lastModified": 1722897572,
|
||||||
"narHash": "sha256-ZGmI+3AbT8NkDdBQujF+HIxZ+sWXuyT6X8B49etWY2g=",
|
"narHash": "sha256-3m/iyyjCdRBF8xyehf59QlckIcmShyTesymSb+N4Ap4=",
|
||||||
"owner": "Mic92",
|
"owner": "Mic92",
|
||||||
"repo": "sops-nix",
|
"repo": "sops-nix",
|
||||||
"rev": "59d6988329626132eaf107761643f55eb979eef1",
|
"rev": "8ae477955dfd9cbf5fa4eb82a8db8ddbb94e79d9",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -830,11 +857,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1730778489,
|
"lastModified": 1722917349,
|
||||||
"narHash": "sha256-QZIzk3Bewp6KR9OVXApItLXqm4q7qonHqJjMrg4p/BI=",
|
"narHash": "sha256-7ZFfvJJM0HTom12kQ60sLCTkmOt1Z2qqty4ddiqdP/I=",
|
||||||
"owner": "budimanjojo",
|
"owner": "budimanjojo",
|
||||||
"repo": "talhelper",
|
"repo": "talhelper",
|
||||||
"rev": "20a0897f98cd0650df1d3b89b08a00bd0aff35e9",
|
"rev": "66d4ea8a347ef1e12fef466bbaf33a287ab5810d",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -865,22 +892,78 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"vscode-server": {
|
"zig": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"flake-utils": "flake-utils_5",
|
"flake-compat": [
|
||||||
"nixpkgs": "nixpkgs_2"
|
"ghostty"
|
||||||
|
],
|
||||||
|
"flake-utils": "flake-utils",
|
||||||
|
"nixpkgs": [
|
||||||
|
"ghostty",
|
||||||
|
"nixpkgs-stable"
|
||||||
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1729422940,
|
"lastModified": 1717848532,
|
||||||
"narHash": "sha256-DlvJv33ml5UTKgu4b0HauOfFIoDx6QXtbqUF3vWeRCY=",
|
"narHash": "sha256-d+xIUvSTreHl8pAmU1fnmkfDTGQYCn2Rb/zOwByxS2M=",
|
||||||
"owner": "nix-community",
|
"owner": "mitchellh",
|
||||||
"repo": "nixos-vscode-server",
|
"repo": "zig-overlay",
|
||||||
"rev": "8b6db451de46ecf9b4ab3d01ef76e59957ff549f",
|
"rev": "02fc5cc555fc14fda40c42d7c3250efa43812b43",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "nix-community",
|
"owner": "mitchellh",
|
||||||
"repo": "nixos-vscode-server",
|
"repo": "zig-overlay",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"zig-overlay": {
|
||||||
|
"inputs": {
|
||||||
|
"flake-compat": "flake-compat",
|
||||||
|
"flake-utils": "flake-utils_3",
|
||||||
|
"nixpkgs": [
|
||||||
|
"ghostty",
|
||||||
|
"zls",
|
||||||
|
"nixpkgs"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1718539737,
|
||||||
|
"narHash": "sha256-hvQ900gSqzGnJWMRQwv65TixciIbC44iX0Nh5ENRwCU=",
|
||||||
|
"owner": "mitchellh",
|
||||||
|
"repo": "zig-overlay",
|
||||||
|
"rev": "6eb42ce6f85d247b1aecf854c45d80902821d0ad",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "mitchellh",
|
||||||
|
"repo": "zig-overlay",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"zls": {
|
||||||
|
"inputs": {
|
||||||
|
"flake-utils": "flake-utils_2",
|
||||||
|
"gitignore": "gitignore",
|
||||||
|
"langref": "langref",
|
||||||
|
"nixpkgs": [
|
||||||
|
"ghostty",
|
||||||
|
"nixpkgs-stable"
|
||||||
|
],
|
||||||
|
"zig-overlay": "zig-overlay"
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1718930611,
|
||||||
|
"narHash": "sha256-FtfVhs6XHNfSQRQorrrz03nD0LCNp2FCnGllRntHBts=",
|
||||||
|
"owner": "zigtools",
|
||||||
|
"repo": "zls",
|
||||||
|
"rev": "0b9746b60c2020ab948f6556f1c729858b82a0f0",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "zigtools",
|
||||||
|
"ref": "master",
|
||||||
|
"repo": "zls",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
76
flake.nix
76
flake.nix
|
@ -66,12 +66,12 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
# talhelper - A tool to help creating Talos kubernetes cluster
|
# talhelper - A tool to help creating Talos kubernetes cluster
|
||||||
# https://github.com/budimanjojo/talhelper
|
|
||||||
talhelper = {
|
talhelper = {
|
||||||
url = "github:budimanjojo/talhelper";
|
url = "github:budimanjojo/talhelper";
|
||||||
inputs.nixpkgs.follows = "nixpkgs-unstable";
|
inputs.nixpkgs.follows = "nixpkgs-unstable";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
# NixVirt for qemu & libvirt
|
# NixVirt for qemu & libvirt
|
||||||
# https://github.com/AshleyYakeley/NixVirt
|
# https://github.com/AshleyYakeley/NixVirt
|
||||||
nixvirt-git = {
|
nixvirt-git = {
|
||||||
|
@ -79,25 +79,13 @@
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
};
|
};
|
||||||
|
|
||||||
vscode-server.url = "github:nix-community/nixos-vscode-server";
|
ghostty = {
|
||||||
|
url = "git+ssh://git@github.com/ghostty-org/ghostty";
|
||||||
# krewfile - Declarative krew plugin management
|
|
||||||
krewfile = {
|
|
||||||
# url = "github:brumhard/krewfile";
|
|
||||||
url = "github:ajgon/krewfile?ref=feat/indexes";
|
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
|
||||||
};
|
|
||||||
|
|
||||||
# nix-minecraft - Minecraft server management
|
|
||||||
# https://github.com/infinidoge/nix-minecraft
|
|
||||||
nix-minecraft = {
|
|
||||||
url = "github:Infinidoge/nix-minecraft";
|
|
||||||
inputs.nixpkgs.follows = "nixpkgs-unstable";
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs =
|
outputs =
|
||||||
{ self, nixpkgs, sops-nix, home-manager, nix-vscode-extensions, impermanence, disko, talhelper, lix-module, vscode-server, krewfile, ... } @ inputs:
|
{ self, nixpkgs, sops-nix, home-manager, nix-vscode-extensions, impermanence, disko, talhelper, lix-module, ghostty, ... } @ inputs:
|
||||||
let
|
let
|
||||||
forAllSystems = nixpkgs.lib.genAttrs [
|
forAllSystems = nixpkgs.lib.genAttrs [
|
||||||
"aarch64-linux"
|
"aarch64-linux"
|
||||||
|
@ -167,6 +155,41 @@
|
||||||
};
|
};
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
|
"durincore" = mkNixosConfig {
|
||||||
|
# T470 Thinkpad Intel i7-6600U
|
||||||
|
# Nix dev laptop
|
||||||
|
hostname = "durincore";
|
||||||
|
system = "x86_64-linux";
|
||||||
|
hardwareModules = [
|
||||||
|
./nixos/profiles/hw-thinkpad-t470.nix
|
||||||
|
inputs.nixos-hardware.nixosModules.lenovo-thinkpad-t470s
|
||||||
|
];
|
||||||
|
profileModules = [
|
||||||
|
./nixos/profiles/role-workstation.nix
|
||||||
|
./nixos/profiles/role-dev.nix
|
||||||
|
{ home-manager.users.jahanson = ./nixos/home/jahanson/workstation.nix; }
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
"legiondary" = mkNixosConfig {
|
||||||
|
# Legion 15arh05h AMD/Nvidia Ryzen 7 4800H
|
||||||
|
# Nix dev/gaming laptop
|
||||||
|
hostname = "legiondary";
|
||||||
|
system = "x86_64-linux";
|
||||||
|
hardwareModules = [
|
||||||
|
inputs.nixos-hardware.nixosModules.lenovo-legion-15arh05h
|
||||||
|
./nixos/profiles/hw-legion-15arh05h.nix
|
||||||
|
disko.nixosModules.disko
|
||||||
|
(import ./nixos/profiles/disko-nixos.nix { disks = [ "/dev/nvme0n1" ]; })
|
||||||
|
];
|
||||||
|
profileModules = [
|
||||||
|
./nixos/profiles/role-dev.nix
|
||||||
|
./nixos/profiles/role-gaming.nix
|
||||||
|
./nixos/profiles/role-workstation.nix
|
||||||
|
{ home-manager.users.jahanson = ./nixos/home/jahanson/workstation.nix; }
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
"telchar" = mkNixosConfig {
|
"telchar" = mkNixosConfig {
|
||||||
# Framework 16 Ryzen 7 7840HS - Radeon 780M Graphics
|
# Framework 16 Ryzen 7 7840HS - Radeon 780M Graphics
|
||||||
# Nix dev laptop
|
# Nix dev laptop
|
||||||
|
@ -176,7 +199,7 @@
|
||||||
inputs.nixos-hardware.nixosModules.framework-16-7040-amd
|
inputs.nixos-hardware.nixosModules.framework-16-7040-amd
|
||||||
./nixos/profiles/hw-framework-16-7840hs.nix
|
./nixos/profiles/hw-framework-16-7840hs.nix
|
||||||
disko.nixosModules.disko
|
disko.nixosModules.disko
|
||||||
(import ./nixos/profiles/disko-telchar.nix)
|
(import ./nixos/profiles/disko-nixos.nix { disks = [ "/dev/nvme0n1" ]; })
|
||||||
lix-module.nixosModules.default
|
lix-module.nixosModules.default
|
||||||
];
|
];
|
||||||
profileModules = [
|
profileModules = [
|
||||||
|
@ -227,25 +250,6 @@
|
||||||
./nixos/profiles/hw-supermicro.nix
|
./nixos/profiles/hw-supermicro.nix
|
||||||
];
|
];
|
||||||
profileModules = [
|
profileModules = [
|
||||||
vscode-server.nixosModules.default
|
|
||||||
./nixos/profiles/role-dev.nix
|
|
||||||
./nixos/profiles/role-server.nix
|
|
||||||
{ home-manager.users.jahanson = ./nixos/home/jahanson/server.nix; }
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
"shadowfax" = mkNixosConfig {
|
|
||||||
# Pro WS WRX80E-SAGE SE WIFI - AMD Ryzen Threadripper PRO 3955WX 16-Cores
|
|
||||||
# Workloads server
|
|
||||||
hostname = "shadowfax";
|
|
||||||
system = "x86_64-linux";
|
|
||||||
hardwareModules = [
|
|
||||||
lix-module.nixosModules.default
|
|
||||||
./nixos/profiles/hw-threadripperpro.nix
|
|
||||||
];
|
|
||||||
profileModules = [
|
|
||||||
vscode-server.nixosModules.default
|
|
||||||
./nixos/profiles/role-dev.nix
|
|
||||||
./nixos/profiles/role-server.nix
|
./nixos/profiles/role-server.nix
|
||||||
{ home-manager.users.jahanson = ./nixos/home/jahanson/server.nix; }
|
{ home-manager.users.jahanson = ./nixos/home/jahanson/server.nix; }
|
||||||
];
|
];
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ pkgs, config, inputs, ... }:
|
{ pkgs, config, ... }:
|
||||||
with config;
|
with config;
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
|
@ -21,7 +21,6 @@ with config;
|
||||||
};
|
};
|
||||||
|
|
||||||
home = {
|
home = {
|
||||||
|
|
||||||
# Install these packages for my user
|
# Install these packages for my user
|
||||||
packages = with pkgs; [
|
packages = with pkgs; [
|
||||||
# misc
|
# misc
|
||||||
|
@ -69,14 +68,9 @@ with config;
|
||||||
# system tools
|
# system tools
|
||||||
sysstat
|
sysstat
|
||||||
lm_sensors # for `sensors` command
|
lm_sensors # for `sensors` command
|
||||||
ethtool # modify network interface settings or firmware
|
ethtool
|
||||||
pciutils # lspci
|
pciutils # lspci
|
||||||
usbutils # lsusb
|
usbutils # lsusb
|
||||||
lshw # lshw
|
|
||||||
|
|
||||||
# filesystem tools
|
|
||||||
gptfdisk # sgdisk
|
|
||||||
|
|
||||||
|
|
||||||
# system call monitoring
|
# system call monitoring
|
||||||
strace # system call monitoring
|
strace # system call monitoring
|
||||||
|
@ -93,7 +87,6 @@ with config;
|
||||||
|
|
||||||
# nix tools
|
# nix tools
|
||||||
nvd
|
nvd
|
||||||
|
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,30 +1,9 @@
|
||||||
{
|
{ pkgs, config, ... }:
|
||||||
pkgs,
|
with config;
|
||||||
inputs,
|
|
||||||
...
|
|
||||||
}:
|
|
||||||
let
|
|
||||||
coderMainline = pkgs.coder.override { channel = "mainline"; };
|
|
||||||
in
|
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./global.nix
|
./global.nix
|
||||||
inputs.krewfile.homeManagerModules.krewfile
|
|
||||||
];
|
];
|
||||||
config = {
|
|
||||||
# Krewfile management
|
|
||||||
programs.krewfile = {
|
|
||||||
enable = true;
|
|
||||||
krewPackage = pkgs.krew;
|
|
||||||
indexes = {
|
|
||||||
"netshoot" = "https://github.com/nilic/kubectl-netshoot.git";
|
|
||||||
};
|
|
||||||
plugins = [
|
|
||||||
"netshoot/netshoot"
|
|
||||||
"resource-capacity"
|
|
||||||
"rook-ceph"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
myHome = {
|
myHome = {
|
||||||
programs.firefox.enable = true;
|
programs.firefox.enable = true;
|
||||||
|
@ -43,37 +22,32 @@ in
|
||||||
|
|
||||||
home = {
|
home = {
|
||||||
# Install these packages for my user
|
# Install these packages for my user
|
||||||
packages = with pkgs; [
|
packages = with pkgs;
|
||||||
|
[
|
||||||
#apps
|
#apps
|
||||||
|
discord
|
||||||
|
flameshot
|
||||||
|
jetbrains.datagrip
|
||||||
obsidian
|
obsidian
|
||||||
parsec-bin
|
parsec-bin
|
||||||
solaar # open source manager for logitech unifying receivers
|
solaar
|
||||||
unstable.bruno
|
talosctl
|
||||||
# unstable.fractal
|
termius
|
||||||
unstable.httpie
|
unstable.fractal
|
||||||
unstable.jetbrains.datagrip
|
unstable.peazip
|
||||||
unstable.jetbrains.rust-rover
|
|
||||||
unstable.seabird
|
|
||||||
unstable.talosctl # overlay override
|
|
||||||
unstable.telegram-desktop
|
unstable.telegram-desktop
|
||||||
unstable.tidal-hifi
|
|
||||||
# unstable.vesktop # gpu issues. Using the flatpak version solves this issue.
|
|
||||||
vlc
|
vlc
|
||||||
yt-dlp
|
|
||||||
|
|
||||||
# cli
|
# cli
|
||||||
brightnessctl
|
brightnessctl
|
||||||
|
|
||||||
# dev utils
|
# dev utils
|
||||||
kubectl
|
|
||||||
minio-client # S3 management
|
minio-client # S3 management
|
||||||
pre-commit # Pre-commit tasks for git
|
pre-commit # Pre-commit tasks for git
|
||||||
shellcheck # shell script linting
|
shellcheck # shell script linting
|
||||||
unstable.act # run GitHub actions locally
|
unstable.act # run GitHub actions locally
|
||||||
unstable.kubebuilder # k8s controller development
|
|
||||||
unstable.nodePackages_latest.prettier # code formatter
|
unstable.nodePackages_latest.prettier # code formatter
|
||||||
coderMainline # VSCode in the browser -- has overlay
|
unstable.tidal-hifi
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -26,7 +26,7 @@ with lib.hm.gvariant; {
|
||||||
"org/gnome/shell" = {
|
"org/gnome/shell" = {
|
||||||
disabled-extensions = [ "apps-menu@gnome-shell-extensions.gcampax.github.com" "light-style@gnome-shell-extensions.gcampax.github.com" "places-menu@gnome-shell-extensions.gcampax.github.com" "drive-menu@gnome-shell-extensions.gcampax.github.com" "window-list@gnome-shell-extensions.gcampax.github.com" "workspace-indicator@gnome-shell-extensions.gcampax.github.com" ];
|
disabled-extensions = [ "apps-menu@gnome-shell-extensions.gcampax.github.com" "light-style@gnome-shell-extensions.gcampax.github.com" "places-menu@gnome-shell-extensions.gcampax.github.com" "drive-menu@gnome-shell-extensions.gcampax.github.com" "window-list@gnome-shell-extensions.gcampax.github.com" "workspace-indicator@gnome-shell-extensions.gcampax.github.com" ];
|
||||||
enabled-extensions = [ "appindicatorsupport@rgcjonas.gmail.com" "caffeine@patapon.info" "dash-to-dock@micxgx.gmail.com" "gsconnect@andyholmes.github.io" "Vitals@CoreCoding.com" "sp-tray@sp-tray.esenliyim.github.com" ];
|
enabled-extensions = [ "appindicatorsupport@rgcjonas.gmail.com" "caffeine@patapon.info" "dash-to-dock@micxgx.gmail.com" "gsconnect@andyholmes.github.io" "Vitals@CoreCoding.com" "sp-tray@sp-tray.esenliyim.github.com" ];
|
||||||
favorite-apps = [ "com.mitchellh.ghostty.desktop" "vivaldi-stable.desktop" "obsidian.desktop" "code.desktop" "vesktop.desktop" ];
|
favorite-apps = [ "com.mitchellh.ghostty.desktop" "vivaldi-stable.desktop" "obsidian.desktop" "code.desktop" "discord.desktop" ];
|
||||||
};
|
};
|
||||||
"org/gnome/nautilus/preferences" = {
|
"org/gnome/nautilus/preferences" = {
|
||||||
default-folder-viewer = "list-view";
|
default-folder-viewer = "list-view";
|
||||||
|
@ -44,9 +44,6 @@ with lib.hm.gvariant; {
|
||||||
clock-format = "12h";
|
clock-format = "12h";
|
||||||
show-battery-percentage = true;
|
show-battery-percentage = true;
|
||||||
};
|
};
|
||||||
"org/gnome/settings-daemon/plugins/power" = {
|
|
||||||
ambient-enabled = false;
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -21,22 +21,12 @@ in
|
||||||
lt = "${pkgs.lsd}/bin/lsd --tree";
|
lt = "${pkgs.lsd}/bin/lsd --tree";
|
||||||
lla = "${pkgs.lsd}/bin/lsd -la";
|
lla = "${pkgs.lsd}/bin/lsd -la";
|
||||||
tm = "tmux attach -t (basename $PWD) || tmux new -s (basename $PWD)";
|
tm = "tmux attach -t (basename $PWD) || tmux new -s (basename $PWD)";
|
||||||
lsusb = "cyme --headings --tree --hide-buses";
|
|
||||||
x = "exit";
|
x = "exit";
|
||||||
};
|
};
|
||||||
|
|
||||||
shellAbbrs = {
|
shellAbbrs = {
|
||||||
nrs = "sudo nixos-rebuild switch --flake .";
|
nrs = "sudo nixos-rebuild switch --flake .";
|
||||||
nvdiff = "nvd diff /run/current-system result";
|
nvdiff = "nvd diff /run/current-system result";
|
||||||
# rook & ceph versions.
|
|
||||||
rcv =
|
|
||||||
''
|
|
||||||
kubectl \
|
|
||||||
-n rook-ceph \
|
|
||||||
get deployments \
|
|
||||||
-l rook_cluster=rook-ceph \
|
|
||||||
-o jsonpath='{range .items[*]}{.metadata.name}{" \treq/upd/avl: "}{.spec.replicas}{"/"}{.status.updatedReplicas}{"/"}{.status.readyReplicas}{" \trook-version="}{.metadata.labels.rook-version}{" \tceph-version="}{.metadata.labels.ceph-version}{"\n"}{end}'
|
|
||||||
'';
|
|
||||||
};
|
};
|
||||||
|
|
||||||
interactiveShellInit = ''
|
interactiveShellInit = ''
|
||||||
|
@ -57,12 +47,10 @@ in
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
# Krew
|
|
||||||
set -q KREW_ROOT; and set -gx PATH $PATH $KREW_ROOT/.krew/bin; or set -gx PATH $PATH $HOME/.krew/bin
|
|
||||||
|
|
||||||
# Paths are in reverse priority order
|
# Paths are in reverse priority order
|
||||||
update_path /opt/homebrew/opt/postgresql@16/bin
|
update_path /opt/homebrew/opt/postgresql@16/bin
|
||||||
update_path /opt/homebrew/bin
|
update_path /opt/homebrew/bin
|
||||||
|
update_path ${homeDirectory}/.krew/bin
|
||||||
update_path /nix/var/nix/profiles/default/bin
|
update_path /nix/var/nix/profiles/default/bin
|
||||||
update_path /run/current-system/sw/bin
|
update_path /run/current-system/sw/bin
|
||||||
update_path /etc/profiles/per-user/${username}/bin
|
update_path /etc/profiles/per-user/${username}/bin
|
||||||
|
@ -73,12 +61,6 @@ in
|
||||||
update_path ${homeDirectory}/.local/bin
|
update_path ${homeDirectory}/.local/bin
|
||||||
|
|
||||||
set -gx EDITOR "vim"
|
set -gx EDITOR "vim"
|
||||||
|
|
||||||
if test (hostname) = "telchar"
|
|
||||||
set -gx VISUAL "code"
|
|
||||||
end
|
|
||||||
|
|
||||||
set -gx SSH_ASKPASS_REQUIRE "prefer" # This is for git to use the ssh-askpass
|
|
||||||
set -gx ATUIN_SYNC_ADDRESS "https://sh.hsn.dev"
|
set -gx ATUIN_SYNC_ADDRESS "https://sh.hsn.dev"
|
||||||
|
|
||||||
# One Password cli
|
# One Password cli
|
||||||
|
@ -90,11 +72,6 @@ in
|
||||||
set -gx LSCOLORS "Gxfxcxdxbxegedabagacad"
|
set -gx LSCOLORS "Gxfxcxdxbxegedabagacad"
|
||||||
set -gx LS_COLORS 'di=01;34:ln=01;36:pi=33:so=01;35:bd=01;33:cd=33:or=31:ex=01;32:*.7z=01;31:*.bz2=01;31:*.gz=01;31:*.lz=01;31:*.lzma=01;31:*.lzo=01;31:*.rar=01;31:*.tar=01;31:*.tbz=01;31:*.tgz=01;31:*.xz=01;31:*.zip=01;31:*.zst=01;31:*.zstd=01;31:*.bmp=01;35:*.tiff=01;35:*.tif=01;35:*.TIFF=01;35:*.gif=01;35:*.jpeg=01;35:*.jpg=01;35:*.png=01;35:*.webp=01;35:*.pot=01;35:*.pcb=01;35:*.gbr=01;35:*.scm=01;35:*.xcf=01;35:*.spl=01;35:*.stl=01;35:*.dwg=01;35:*.ply=01;35:*.apk=01;31:*.deb=01;31:*.rpm=01;31:*.jad=01;31:*.jar=01;31:*.crx=01;31:*.xpi=01;31:*.avi=01;35:*.divx=01;35:*.m2v=01;35:*.m4v=01;35:*.mkv=01;35:*.MOV=01;35:*.mov=01;35:*.mp4=01;35:*.mpeg=01;35:*.mpg=01;35:*.sample=01;35:*.wmv=01;35:*.3g2=01;35:*.3gp=01;35:*.gp3=01;35:*.webm=01;35:*.flv=01;35:*.ogv=01;35:*.f4v=01;35:*.3ga=01;35:*.aac=01;35:*.m4a=01;35:*.mp3=01;35:*.mp4a=01;35:*.oga=01;35:*.ogg=01;35:*.opus=01;35:*.s3m=01;35:*.sid=01;35:*.wma=01;35:*.flac=01;35:*.alac=01;35:*.mid=01;35:*.midi=01;35:*.pcm=01;35:*.wav=01;35:*.ass=01;33:*.srt=01;33:*.ssa=01;33:*.sub=01;33:*.git=01;33:*.ass=01;33:*README=33:*README.rst=33:*README.md=33:*LICENSE=33:*COPYING=33:*INSTALL=33:*COPYRIGHT=33:*AUTHORS=33:*HISTORY=33:*CONTRIBUTOS=33:*PATENTS=33:*VERSION=33:*NOTICE=33:*CHANGES=33:*CHANGELOG=33:*log=33:*.txt=33:*.md=33:*.markdown=33:*.nfo=33:*.org=33:*.pod=33:*.rst=33:*.tex=33:*.texttile=33:*.bib=35:*.json=35:*.jsonl=35:*.jsonnet=35:*.libsonnet=35:*.rss=35:*.xml=35:*.fxml=35:*.toml=35:*.yaml=35:*.yml=35:*.dtd=35:*.cbr=35:*.cbz=35:*.chm=35:*.pdf=35:*.PDF=35:*.epub=35:*.awk=35:*.bash=35:*.bat=35:*.BAT=35:*.sed=35:*.sh=35:*.zsh=35:*.vim=35:*.py=35:*.ipynb=35:*.rb=35:*.gemspec=35:*.pl=35:*.PL=35:*.t=35:*.msql=35:*.mysql=35:*.pgsql=35:*.sql=35:*.r=35:*.R=35:*.cljw=35:*.scala=35:*.sc=35:*.dart=35:*.asm=35:*.cl=35:*.lisp=35:*.rkt=35:*.el=35:*.elc=35:*.eln=35:*.lua=35:*.c=35:*.C=35:*.h=35:*.H=35:*.tcc=35:*.c++=35:*.h++=35:*.hpp=35:*.hxx=35:*ii.=35:*.m=35:*.M=35:*.cc=35:*.cs=35:*.cp=35:*.cpp=35:*.cxx=35:*.go=35:*.f=35:*.F=35:*.nim=35:*.nimble=35:*.s=35:*.S=35:*.rs=35:*.scpt=35:*.swift=35:*.vala=35:*.vapi=35:*.hs=35:*.lhs=35:*.zig=35:*.v=35:*.pyc=35:*.tf=35:*.tfstate=35:*.tfvars=35:*.css=35:*.less=35:*.sass=35:*.scss=35:*.htm=35:*.html=35:*.jhtm=35:*.mht=35:*.eml=35:*.coffee=35:*.java=35:*.js=35:*.mjs=35:*.jsm=35:*.jsp=35:*.rasi=35:*.php=35:*.twig=35:*.vb=35:*.vba=35:*.vbs=35:*.Dockerfile=35:*.dockerignore=35:*.Makefile=35:*.MANIFEST=35:*.am=35:*.in=35:*.hin=35:*.scan=35:*.m4=35:*.old=35:*.out=35:*.SKIP=35:*.diff=35:*.patch=35:*.tmpl=35:*.j2=35:*PKGBUILD=35:*config=35:*.conf=35:*.service=31:*.@.service=31:*.socket=31:*.swap=31:*.device=31:*.mount=31:*.automount=31:*.target=31:*.path=31:*.timer=31:*.snapshot=31:*.allow=31:*.swp=31:*.swo=31:*.tmp=31:*.pid=31:*.state=31:*.lock=31:*.lockfile=31:*.pacnew=31:*.un=31:*.orig=31:'
|
set -gx LS_COLORS 'di=01;34:ln=01;36:pi=33:so=01;35:bd=01;33:cd=33:or=31:ex=01;32:*.7z=01;31:*.bz2=01;31:*.gz=01;31:*.lz=01;31:*.lzma=01;31:*.lzo=01;31:*.rar=01;31:*.tar=01;31:*.tbz=01;31:*.tgz=01;31:*.xz=01;31:*.zip=01;31:*.zst=01;31:*.zstd=01;31:*.bmp=01;35:*.tiff=01;35:*.tif=01;35:*.TIFF=01;35:*.gif=01;35:*.jpeg=01;35:*.jpg=01;35:*.png=01;35:*.webp=01;35:*.pot=01;35:*.pcb=01;35:*.gbr=01;35:*.scm=01;35:*.xcf=01;35:*.spl=01;35:*.stl=01;35:*.dwg=01;35:*.ply=01;35:*.apk=01;31:*.deb=01;31:*.rpm=01;31:*.jad=01;31:*.jar=01;31:*.crx=01;31:*.xpi=01;31:*.avi=01;35:*.divx=01;35:*.m2v=01;35:*.m4v=01;35:*.mkv=01;35:*.MOV=01;35:*.mov=01;35:*.mp4=01;35:*.mpeg=01;35:*.mpg=01;35:*.sample=01;35:*.wmv=01;35:*.3g2=01;35:*.3gp=01;35:*.gp3=01;35:*.webm=01;35:*.flv=01;35:*.ogv=01;35:*.f4v=01;35:*.3ga=01;35:*.aac=01;35:*.m4a=01;35:*.mp3=01;35:*.mp4a=01;35:*.oga=01;35:*.ogg=01;35:*.opus=01;35:*.s3m=01;35:*.sid=01;35:*.wma=01;35:*.flac=01;35:*.alac=01;35:*.mid=01;35:*.midi=01;35:*.pcm=01;35:*.wav=01;35:*.ass=01;33:*.srt=01;33:*.ssa=01;33:*.sub=01;33:*.git=01;33:*.ass=01;33:*README=33:*README.rst=33:*README.md=33:*LICENSE=33:*COPYING=33:*INSTALL=33:*COPYRIGHT=33:*AUTHORS=33:*HISTORY=33:*CONTRIBUTOS=33:*PATENTS=33:*VERSION=33:*NOTICE=33:*CHANGES=33:*CHANGELOG=33:*log=33:*.txt=33:*.md=33:*.markdown=33:*.nfo=33:*.org=33:*.pod=33:*.rst=33:*.tex=33:*.texttile=33:*.bib=35:*.json=35:*.jsonl=35:*.jsonnet=35:*.libsonnet=35:*.rss=35:*.xml=35:*.fxml=35:*.toml=35:*.yaml=35:*.yml=35:*.dtd=35:*.cbr=35:*.cbz=35:*.chm=35:*.pdf=35:*.PDF=35:*.epub=35:*.awk=35:*.bash=35:*.bat=35:*.BAT=35:*.sed=35:*.sh=35:*.zsh=35:*.vim=35:*.py=35:*.ipynb=35:*.rb=35:*.gemspec=35:*.pl=35:*.PL=35:*.t=35:*.msql=35:*.mysql=35:*.pgsql=35:*.sql=35:*.r=35:*.R=35:*.cljw=35:*.scala=35:*.sc=35:*.dart=35:*.asm=35:*.cl=35:*.lisp=35:*.rkt=35:*.el=35:*.elc=35:*.eln=35:*.lua=35:*.c=35:*.C=35:*.h=35:*.H=35:*.tcc=35:*.c++=35:*.h++=35:*.hpp=35:*.hxx=35:*ii.=35:*.m=35:*.M=35:*.cc=35:*.cs=35:*.cp=35:*.cpp=35:*.cxx=35:*.go=35:*.f=35:*.F=35:*.nim=35:*.nimble=35:*.s=35:*.S=35:*.rs=35:*.scpt=35:*.swift=35:*.vala=35:*.vapi=35:*.hs=35:*.lhs=35:*.zig=35:*.v=35:*.pyc=35:*.tf=35:*.tfstate=35:*.tfvars=35:*.css=35:*.less=35:*.sass=35:*.scss=35:*.htm=35:*.html=35:*.jhtm=35:*.mht=35:*.eml=35:*.coffee=35:*.java=35:*.js=35:*.mjs=35:*.jsm=35:*.jsp=35:*.rasi=35:*.php=35:*.twig=35:*.vb=35:*.vba=35:*.vbs=35:*.Dockerfile=35:*.dockerignore=35:*.Makefile=35:*.MANIFEST=35:*.am=35:*.in=35:*.hin=35:*.scan=35:*.m4=35:*.old=35:*.out=35:*.SKIP=35:*.diff=35:*.patch=35:*.tmpl=35:*.j2=35:*PKGBUILD=35:*config=35:*.conf=35:*.service=31:*.@.service=31:*.socket=31:*.swap=31:*.device=31:*.mount=31:*.automount=31:*.target=31:*.path=31:*.timer=31:*.snapshot=31:*.allow=31:*.swp=31:*.swo=31:*.tmp=31:*.pid=31:*.state=31:*.lock=31:*.lockfile=31:*.pacnew=31:*.un=31:*.orig=31:'
|
||||||
atuin init fish | source
|
atuin init fish | source
|
||||||
|
|
||||||
# Ghostty shell integration for Bash. This must be at the top of your fish!!!
|
|
||||||
if set -q GHOSTTY_RESOURCES_DIR
|
|
||||||
source "$GHOSTTY_RESOURCES_DIR/shell-integration/fish/vendor_conf.d/ghostty-shell-integration.fish"
|
|
||||||
end
|
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -1,16 +0,0 @@
|
||||||
[
|
|
||||||
"/dev/disk/by-id/ata-Seagate_IronWolfPro_ZA240NX10001-2ZH100_7TF002RA"
|
|
||||||
"/dev/disk/by-id/nvme-Samsung_SSD_960_EVO_250GB_S3ESNX0K308438J"
|
|
||||||
"/dev/disk/by-id/scsi-350000c0f02f0830c"
|
|
||||||
"/dev/disk/by-id/scsi-350000c0f01e7d190"
|
|
||||||
"/dev/disk/by-id/scsi-350000c0f01ea443c"
|
|
||||||
"/dev/disk/by-id/scsi-350000c0f01f8230c"
|
|
||||||
"/dev/disk/by-id/scsi-35000c500586e5057"
|
|
||||||
"/dev/disk/by-id/scsi-35000c500624a0ddb"
|
|
||||||
"/dev/disk/by-id/scsi-35000c500624a1a8b"
|
|
||||||
"/dev/disk/by-id/scsi-35000cca046135ad8"
|
|
||||||
"/dev/disk/by-id/scsi-35000cca04613722c"
|
|
||||||
"/dev/disk/by-id/scsi-35000cca0461810f8"
|
|
||||||
"/dev/disk/by-id/scsi-35000cca04618b930"
|
|
||||||
"/dev/disk/by-id/scsi-35000cca04618cec4"
|
|
||||||
]
|
|
|
@ -1,49 +0,0 @@
|
||||||
{ ... }:
|
|
||||||
{
|
|
||||||
config = {
|
|
||||||
"core.https_address" = "10.1.1.15:8445"; # Need quotes around key
|
|
||||||
};
|
|
||||||
networks = [
|
|
||||||
{
|
|
||||||
config = {
|
|
||||||
"ipv4.address" = "auto"; # Need quotes around key
|
|
||||||
"ipv6.address" = "auto"; # Need quotes around key
|
|
||||||
};
|
|
||||||
description = "";
|
|
||||||
name = "incusbr0";
|
|
||||||
type = "";
|
|
||||||
project = "default";
|
|
||||||
}
|
|
||||||
];
|
|
||||||
storage_pools = [
|
|
||||||
{
|
|
||||||
config = {
|
|
||||||
source = "eru/incus";
|
|
||||||
};
|
|
||||||
description = "";
|
|
||||||
name = "default";
|
|
||||||
driver = "zfs";
|
|
||||||
}
|
|
||||||
];
|
|
||||||
profiles = [
|
|
||||||
{
|
|
||||||
config = { };
|
|
||||||
description = "";
|
|
||||||
devices = {
|
|
||||||
eth0 = {
|
|
||||||
name = "eth0";
|
|
||||||
network = "incusbr0";
|
|
||||||
type = "nic";
|
|
||||||
};
|
|
||||||
root = {
|
|
||||||
path = "/";
|
|
||||||
pool = "default";
|
|
||||||
type = "disk";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
name = "default";
|
|
||||||
}
|
|
||||||
];
|
|
||||||
projects = [ ];
|
|
||||||
cluster = null;
|
|
||||||
}
|
|
|
@ -1,21 +1,13 @@
|
||||||
# Do not modify this file! It was generated by 'nixos-generate-config'
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
# and may be overwritten by future invocations. Please make changes
|
# and may be overwritten by future invocations. Please make changes
|
||||||
# to /etc/nixos/configuration.nix instead.
|
# to /etc/nixos/configuration.nix instead.
|
||||||
{
|
{ config, lib, modulesPath, inputs, ... }:
|
||||||
config,
|
|
||||||
lib,
|
|
||||||
modulesPath,
|
|
||||||
inputs,
|
|
||||||
...
|
|
||||||
}:
|
|
||||||
let
|
let
|
||||||
sanoidConfig = import ./config/sanoid.nix { };
|
sanoidConfig = import ./config/sanoid.nix { };
|
||||||
disks = import ./config/disks.nix;
|
|
||||||
smartdDevices = map (device: { inherit device; }) disks;
|
|
||||||
|
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
imports = [
|
imports =
|
||||||
|
[
|
||||||
(modulesPath + "/installer/scan/not-detected.nix")
|
(modulesPath + "/installer/scan/not-detected.nix")
|
||||||
inputs.disko.nixosModules.disko
|
inputs.disko.nixosModules.disko
|
||||||
(import ../../profiles/disko-nixos.nix { disks = [ "/dev/sda" ]; })
|
(import ../../profiles/disko-nixos.nix { disks = [ "/dev/sda" ]; })
|
||||||
|
@ -23,38 +15,19 @@ in
|
||||||
|
|
||||||
boot = {
|
boot = {
|
||||||
initrd = {
|
initrd = {
|
||||||
availableKernelModules = [
|
availableKernelModules = [ "ehci_pci" "ahci" "mpt3sas" "isci" "usbhid" "usb_storage" "sd_mod" ];
|
||||||
"ehci_pci"
|
|
||||||
"ahci"
|
|
||||||
"mpt3sas"
|
|
||||||
"isci"
|
|
||||||
"usbhid"
|
|
||||||
"usb_storage"
|
|
||||||
"sd_mod"
|
|
||||||
];
|
|
||||||
kernelModules = [ "nfs" ];
|
kernelModules = [ "nfs" ];
|
||||||
supportedFilesystems = [ "nfs" ];
|
supportedFilesystems = [ "nfs" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
kernelModules = [
|
kernelModules = [ "kvm-intel" "vfio" "vfio_iommu_type1" "vfio_pci" "vfio_virqfd" ];
|
||||||
"kvm-intel"
|
|
||||||
"vfio"
|
|
||||||
"vfio_iommu_type1"
|
|
||||||
"vfio_pci"
|
|
||||||
"vfio_virqfd"
|
|
||||||
];
|
|
||||||
extraModulePackages = [ ];
|
extraModulePackages = [ ];
|
||||||
kernelParams = [
|
kernelParams = [ "iommu=pt" "intel_iommu=on" "zfs.zfs_arc_max=107374182400" ]; # 100GB
|
||||||
"iommu=pt"
|
|
||||||
"intel_iommu=on"
|
|
||||||
"zfs.zfs_arc_max=107374182400"
|
|
||||||
]; # 100GB
|
|
||||||
};
|
};
|
||||||
|
|
||||||
swapDevices = [ ];
|
|
||||||
|
|
||||||
users.users.root.openssh.authorizedKeys.keys = [
|
users.users.root.openssh.authorizedKeys.keys = [
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAGSFTSVPt43PBpSMSF1dGTzN2JbxztDZUml7g4+PnWe CSI-Driver@talos"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAGSFTSVPt43PBpSMSF1dGTzN2JbxztDZUml7g4+PnWe CSI-Driver@talos"
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO/W445gX2IINRbE6crIMwgN6Ks8LTzAXR86pS9xp335 root@Sting"
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBROTzSefJGJeCNUgNLbE5l4sHHg2fHUO4sCwqvP+zAd root@Gollum"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBROTzSefJGJeCNUgNLbE5l4sHHg2fHUO4sCwqvP+zAd root@Gollum"
|
||||||
];
|
];
|
||||||
|
|
||||||
|
@ -66,85 +39,49 @@ in
|
||||||
networkmanager.enable = true;
|
networkmanager.enable = true;
|
||||||
# TODO: Add ports specifically.
|
# TODO: Add ports specifically.
|
||||||
firewall.enable = false;
|
firewall.enable = false;
|
||||||
nftables.enable = false;
|
|
||||||
interfaces = {
|
interfaces = {
|
||||||
"enp130s0f0".useDHCP = true;
|
"enp130s0f0".useDHCP = true;
|
||||||
"eno1".useDHCP = true;
|
"enp130s0f1".useDHCP = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
# For VMs
|
||||||
|
bridges = {
|
||||||
|
"br0" = {
|
||||||
|
interfaces = [ "enp130s0f1" ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
swapDevices = [ ];
|
||||||
|
|
||||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||||
|
|
||||||
# VSCode Compatibility Settings
|
|
||||||
programs.nix-ld.enable = true;
|
|
||||||
services.vscode-server = {
|
|
||||||
enable = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
# Home Manager
|
|
||||||
home-manager.users.jahanson = {
|
|
||||||
# Git settings
|
|
||||||
# TODO: Move to config module.
|
|
||||||
programs.git = {
|
|
||||||
enable = true;
|
|
||||||
userName = "Joseph Hanson";
|
|
||||||
userEmail = "joe@veri.dev";
|
|
||||||
|
|
||||||
extraConfig = {
|
|
||||||
core.autocrlf = "input";
|
|
||||||
init.defaultBranch = "main";
|
|
||||||
pull.rebase = true;
|
|
||||||
rebase.autoStash = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
# sops
|
|
||||||
sops = {
|
sops = {
|
||||||
secrets = {
|
secrets = {
|
||||||
|
"lego/dnsimple/token" = {
|
||||||
|
mode = "0444";
|
||||||
|
sopsFile = ./secrets.sops.yaml;
|
||||||
|
};
|
||||||
"borg/repository/passphrase" = {
|
"borg/repository/passphrase" = {
|
||||||
sopsFile = ./secrets.sops.yaml;
|
sopsFile = ./secrets.sops.yaml;
|
||||||
};
|
};
|
||||||
"syncthing/publicCert" = {
|
|
||||||
sopsFile = ./secrets.sops.yaml;
|
|
||||||
owner = "jahanson";
|
|
||||||
mode = "400";
|
|
||||||
restartUnits = [ "syncthing.service" ];
|
|
||||||
};
|
|
||||||
"syncthing/privateKey" = {
|
|
||||||
sopsFile = ./secrets.sops.yaml;
|
|
||||||
owner = "jahanson";
|
|
||||||
mode = "400";
|
|
||||||
restartUnits = [ "syncthing.service" ];
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# no de
|
||||||
services = {
|
services = {
|
||||||
# Smart daemon for monitoring disk health.
|
xserver = {
|
||||||
smartd = {
|
enable = false;
|
||||||
devices = smartdDevices;
|
displayManager.gdm.enable = false;
|
||||||
# Short test every day at 2:00 AM and long test every Sunday at 4:00 AM.
|
desktopManager.gnome.enable = false;
|
||||||
defaults.monitored = "-a -o on -s (S/../.././02|L/../../7/04)";
|
|
||||||
};
|
};
|
||||||
# ZFS Exporter
|
|
||||||
prometheus.exporters.zfs.enable = true;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
# System settings and services.
|
# System settings and services.
|
||||||
mySystem = {
|
mySystem = {
|
||||||
purpose = "Production";
|
purpose = "Production";
|
||||||
system = {
|
system = {
|
||||||
motd.networkInterfaces = [
|
motd.networkInterfaces = [ "enp130s0f0" "enp130s0f1" ];
|
||||||
"enp130s0f0"
|
|
||||||
"eno1"
|
|
||||||
];
|
|
||||||
# Incus
|
|
||||||
incus = {
|
|
||||||
enable = true;
|
|
||||||
preseed = import ./config/incus-preseed.nix { };
|
|
||||||
webuiport = 8445;
|
|
||||||
};
|
|
||||||
# ZFS
|
# ZFS
|
||||||
zfs.enable = true;
|
zfs.enable = true;
|
||||||
zfs.mountPoolsAtBoot = [ "eru" ];
|
zfs.mountPoolsAtBoot = [ "eru" ];
|
||||||
|
@ -162,33 +99,34 @@ in
|
||||||
local.noWarning = true;
|
local.noWarning = true;
|
||||||
remote.noWarning = true;
|
remote.noWarning = true;
|
||||||
};
|
};
|
||||||
|
# Borg
|
||||||
|
borgbackup = {
|
||||||
|
enable = true;
|
||||||
|
paths = [ "/eru/containers/volumes/unifi/" ];
|
||||||
|
exclude = [ ];
|
||||||
|
repo = "ssh://t3zvn0dd@t3zvn0dd.repo.borgbase.com/./repo";
|
||||||
|
repoKeyPath = config.sops.secrets."borg/repository/passphrase".path;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
services = {
|
services = {
|
||||||
libvirt-qemu.enable = true;
|
|
||||||
podman.enable = true;
|
podman.enable = true;
|
||||||
|
libvirt-qemu.enable = true;
|
||||||
# Syncthing
|
|
||||||
syncthing = {
|
|
||||||
enable = true;
|
|
||||||
user = "jahanson";
|
|
||||||
publicCertPath = config.sops.secrets."syncthing/publicCert".path;
|
|
||||||
privateKeyPath = config.sops.secrets."syncthing/privateKey".path;
|
|
||||||
};
|
|
||||||
|
|
||||||
# Scrutiny
|
|
||||||
scrutiny = {
|
|
||||||
enable = true;
|
|
||||||
devices = disks;
|
|
||||||
extraCapabilities = [ "SYS_RAWIO" ];
|
|
||||||
containerVolumeLocation = "/eru/containers/volumes/scrutiny";
|
|
||||||
port = 8585;
|
|
||||||
};
|
|
||||||
|
|
||||||
# Sanoid
|
# Sanoid
|
||||||
sanoid = {
|
sanoid = {
|
||||||
enable = true;
|
enable = true;
|
||||||
inherit (sanoidConfig.outputs) templates datasets;
|
inherit (sanoidConfig.outputs) templates datasets;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# Unifi & Lego-Auto
|
||||||
|
unifi.enable = true;
|
||||||
|
lego-auto = {
|
||||||
|
enable = true;
|
||||||
|
dnsimpleTokenPath = "${config.sops.secrets."lego/dnsimple/token".path}";
|
||||||
|
domains = "gandalf.jahanson.tech";
|
||||||
|
email = "joe@veri.dev";
|
||||||
|
provider = "dnsimple";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,12 +1,9 @@
|
||||||
lego:
|
lego:
|
||||||
dnsimple:
|
dnsimple:
|
||||||
token: ENC[AES256_GCM,data:wyj88D4qPqnxovjRKS3jg2H6OwznNfhmVyMO9MV7e66mOjUw/vbqkstEqg==,iv:f+1PN+pKpu8bm8eAQ7sFb+ZpMe8fmImukUir41XdKtM=,tag:FRpEAWf0fA8LOoTrJiEwRQ==,type:str]
|
token: ENC[AES256_GCM,data:CfRFhGE8AyZfO9RzoXXTfm8kstvx+Fuy53o9ulYNZiufzzSQ4KzwYIoCRw==,iv:HEC8hRpmk7YDI7RHj29ZAeFKyPgsWTHw1sxjdZuhcrw=,tag:7RhEhZ9GkyBE9PJRe+gD+Q==,type:str]
|
||||||
borg:
|
borg:
|
||||||
repository:
|
repository:
|
||||||
passphrase: ENC[AES256_GCM,data:33OMM880zGxJPTtqsNmbCMCCABE=,iv:8tvOqpKzbyx9sOmHLA+8v05vhLXjhRRuHpGHxGVo++s=,tag:MvsLDcVyX6rPr5lwDOvBqw==,type:str]
|
passphrase: ENC[AES256_GCM,data:lt0Rq269GoBuLNw9fxwuMAmtYjE=,iv:57IFde6EX7myLSCvYXkkbSulr8S7JPYoThWBsPLH0Yw=,tag:NwlpouurYF+2qmw2T3De8A==,type:str]
|
||||||
syncthing:
|
|
||||||
publicCert: ENC[AES256_GCM,data:jfQge0lfiZrdc+Kfv1hijHh0suGhQSfOou0cD7GcP+t0EigvRmi1JPyUm4l78x5d64oTfQoeO4Iq0Y+PL0tf/SGHU/7tMwo8456FrLSZwl5r+1iGoqRXu+VaEfEm02YXtwcRCZVOMKiwlZC4xMhUZ3CUZ9ohipluNarieivOEFzrNaFbbUeJITALsvYpBPsoIvxOePASrxYwUAjAtGPUVePuL9xfCdUZA2MMDr3alxpuNlz3wOk36qX+OS0Rc0nM9MfACRWxFsKTA8AxlCYouWjCke3kVeqcEh0rVWSEx2zqIOC9N4Ms1Q1zVqcS4hWi1LLe5BN0pK7LHdjEbuni/3Cns1GpBLJc7mwsUwlBQ7RFStAspP99YmIfAlMeztfm7GuacJC2Bddz6PJ/QEMRXli7KRm3Wimb7J2fqOyaECE35xtplvdN8HIhiQ2X6G9aFW+T3h8Hqopihl23HVZFfHe4//c3BGhHUYgzbj/0frLF7s7QySI/j8G242wKyNqpDmiC+9OCPGmpGmTg98h7X+pG4Tl1GH7xpV7jlPqg2kFm3aVGscNdCAMXyWsXoZZIPyiAxTgMauXTFIkgEjEeCB+d8Eml5xOjs4ADUeJLIc4mNOYh1ggPjbSJAAPw7LYqtmaCkazZ3XWRmpMHwcRTpVtQPmo3sLSETY3hgo9T8Z2pVqBbiiH6qVSDdZ5RANvBH2hU7mZrppN9pSVpWxt895iAs01PeTwJlFg3XleqsUcrhncrx9TVGlLn7MP58LbKeUqWpC2LFCKW42O39ajLT8dES3XQ0zjTZhYGLG6CFs6tj9sDIRAX/f0nM0PLF9ctsR3IRYX75kLSl/Wx1UeFxPoIF4/fIKZxkrsd0Pjalp1ToT2EvYL6cq+eyNeF+QIK9CazCO1FfvgLSVy5NKB9KmSj6t6qEByagE9FX2BvAJ9zA36s/inqo84hrmfZz+vf3zJbkEL2Y8xxRtE0Fd2rU0SubmLDxrlmawBUnYQ8skJEKJAA/g8ptYrbdqshtUyZac2m70ZtxO5VZHAGO8tE+jYQsS/UMD4/Iek=,iv:sq21pry1Yz4vZITF29oyFGnvhUwgyDsFwtHrzl059KE=,tag:rOmVsnWpLL87M0d6mfgovw==,type:str]
|
|
||||||
privateKey: ENC[AES256_GCM,data:QZYlRzV2FPbCDun72PPgxxx4qvqGbuj0iZhvHggm/0sh3JFjtZIBZ7V4TfYYjJJykhKP+4Tm8rghnijiAmDSjyuGm0xwr9ENreRe/j7VrMYhcBes3h9PWOWY2jx+kh7U6v3da7/G79ISv5neFtsjvvM7UpGmIb4mwygZ9qO1cRRuC/k3CPehT7uN2kYNCKlfYJcRp/IlmvD0L38BtHsnokK0zCqC3q2nOZWWazfv3Hxck0kbQSV7V3OBmqfd6h7sdN/GQBv4gmgqjUH9DsCHz+3LEEyxIOp340zPKAZFZGg1SpBQREFOyyaYUMgk8iXRqvqIPxHeyruFzkDRZf6URni3klfEbQi/6B7eP8Jzt/BPfsdLYO9QSXyuqSYAj+V5,iv:BvlKA+gltrGHOXggwLsvqI5FCz7X+RwcOOCvdMYf31w=,tag:/SICpca+QkqeEh/dXYUxBw==,type:str]
|
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
@ -16,77 +13,68 @@ sops:
|
||||||
- recipient: age1d9p83j52m2xg0vh9k7q0uwlxwhs3y6tlv68yg9s2h9mdw2fmmsqshddz5m
|
- recipient: age1d9p83j52m2xg0vh9k7q0uwlxwhs3y6tlv68yg9s2h9mdw2fmmsqshddz5m
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4dEJJVHhhTU1XMVp2UmNh
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUZVhNdGh2c3dpYWU2TDNJ
|
||||||
cnEwMTg0ck9oZzR0QndXa2t3UlpVK0M1bzBBCm8zZWpZanJYcHFQeXdKK1BDSk9u
|
M2Vyb29jQ2xHMXBKVk10dkhWVUFmVkpmV2tnCjF5ZnBBcGtkZjFYbU0zQXNNRCti
|
||||||
WVcwSGtvS3h0UTZkNG1ZMkZKT3hORkUKLS0tIFh6S1UzWXE3a085bE5NMjl6Zzgx
|
QzVKOGR2OUQvRXVvOXZlb1I0V00rcWsKLS0tIElHeHhkSmt5UkZhTjk1dkFSbUp0
|
||||||
MDZrbzBNdUNvcnppZS9wMmczVU5uQnMKpYJmsY/Ul7cpUc+ueSt3FkShvR1KqYHW
|
M1BiUzZkU0pDbHVQNC9yQ3pzSU5INm8KcRB4uY0PHnDfc4bJZwqkK/S7FbEXuxEu
|
||||||
q6bhaoby5Wz3XxLZl0ONBqovabkDwNiP6Er0rGiv0tK6TIaQE/NaUw==
|
ot9oVR4sZBs7Uhi5Ixz7Kmk9dBJ+E9dWPxDeYhYo3V0Tq77h1vVOyg==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1m83ups8xn2jy4ayr8gw0pyn34smr0huqc5v76e4887az4vsl4yzsj0dlhd
|
- recipient: age1m83ups8xn2jy4ayr8gw0pyn34smr0huqc5v76e4887az4vsl4yzsj0dlhd
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpTnVFSW8rSUFVN0txbTJz
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNalVRWXVGN0hqZDdYUDVZ
|
||||||
aXFUdXBnSW1GZkRBcFNFZlBWLzFEa2NhTlJJCldEYUlHcHM2a28za2I0N3JORTZm
|
TVRwVHJsTEJoTVIzenFuY0dnTWs1bnRHZnhzCnNPTnJ1Uk92aVRaMlA4VTRYbXNh
|
||||||
S2Foa0MyQng4TlNpaE53VHpLVGlNZFEKLS0tIHRNSWovZHJlaDhGY0xKd3pRQm5y
|
MW5ycEUzUVk0RW1Iby9kWjQ1cTVXWDgKLS0tIDdVaTcvNm9Ca2hTMzBlSGZVUnZN
|
||||||
aExPbjRPVi9kZ2s4bFlxdFhtK3l5bGcK+qEq++r5B48TwAOxyRFWm68MRa91rnZx
|
a2U1ZjIwRWx1bWp6TktablBqMUduUmMKCFT9vPMu/fob5SQG1004925OB1KNhsUm
|
||||||
levAEpFZYIMxfzxk++i26omu6r1jvXsiwtm2YvdoGhmNUqLU2UDWZA==
|
obph/984DUTQxk6IvnJ7fPrnFwL5yY1azdybjPlwGw6o5SmwKpxWBQ==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age18kj3xhlvgjeg2awwku3r8d95w360uysu0w5ejghnp4kh8qmtge5qwa2vjp
|
- recipient: age18kj3xhlvgjeg2awwku3r8d95w360uysu0w5ejghnp4kh8qmtge5qwa2vjp
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqZzlkQmFiM2puUHVNUFIr
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2RjUvSFJqNGxieVZiVE9q
|
||||||
L0E0VGpxck56d2NsemFrNEFWNmZ2MXlTV0Y0CkppUmxYRlVkVUZiWEJoVG55cXAv
|
NjB4RHcraXk5TnJtN1RSNXZSMlEwbjgxaUZVCjRxUGUwTjBFSU9nTHpRbWpmVkRQ
|
||||||
N0dRY1d1c2srTk0xU3AxSDNqQTZkdFEKLS0tIFpnZ09jellUWk1YZnh0akNsTysx
|
cllyei9URXYyRGgrTGdjWXRSZmpRYnMKLS0tIHNQOXpkZnI5b200d0JiSVI2N1BU
|
||||||
ZnBCMVNqdGRvUm4xOVVRbTF0VzY1eEkKJhjFjnVk6Kr0LIUdyRPI3nPRXbPHHW/Q
|
MS9MRW5ocGRMWXdBL0E5N00zbGZzVFEKxeMB0/opzFTnlSBK1vEsLqQ0qIDhOuw5
|
||||||
0NVqBn7s+NbS6pzSCPu5+T/ibo2HofQZQ0hFFUeCN/EO5xNCaueNFA==
|
S+g8eYTVXSIs/3TMUnOJxDezAG2l00vyWryPw2sGOnqgZCnF9VB/mw==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1lp6rrlvmytp9ka6q89m0e0am26222kwrn7aqd45hu07s3a6jv3gqty86eu
|
- recipient: age1lp6rrlvmytp9ka6q89m0e0am26222kwrn7aqd45hu07s3a6jv3gqty86eu
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArandyVGlHU0NacDdmTDdQ
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvbzJDWHhIT2tSekxpWmFR
|
||||||
ZVg5ei9hYW45VU02RkhkTmlNeHdCODgxQ1h3CmpBdnhvdlBwWUkxVVNqcHgvNDc5
|
cVFocEl6N0VWM2FYVC9FeE9zeG0wYUhnazJRCllsdlFVZXR0YTA2T2h0ZUVienpQ
|
||||||
bkFydkRGOXE2a2lyTU9rZ2l2U0NjV2cKLS0tIDhyUm5EUlZxcHFRemlpaHFYRjV0
|
MmhJVTkwd1Q4VjNVaWxkL0lVTEVLemsKLS0tIHVqMHhQaW55MHBsVmc5TjJjT1Jy
|
||||||
ODN2Y1Y5a2tWOU1PTElLa3NPeTVCb3cKqPj5QB/K9uB4RN+KRsK8UGS4WxECJn/q
|
RXdOeXk0NFJuL1ZKTUt3dXdkdlpLenMKmlQ0k9CmSWQ7MqueMbmd/TqYyQiDFZ0G
|
||||||
HCVEo/5YFnoEtE0X7xvyBEKgrAokzVsnuHtNqP0i6ka2XIt0yi2xOw==
|
FPtUIFWxxPY79vsEHq3kxyz4CGMUv7tYx00OK6niLgLZUStd/3Bxmw==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1e4sd6jjd4uxxsh9xmhdsnu6mqd5h8c4zz4gwme7lkw9ee949fc9q4px9df
|
- recipient: age1vsqx6kukrfhrwdy4sujnra5gsswzuh0cfcfdh0d9qjrkts8hl5aqnjx32m
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMbWxBNFpyajNETjM2VUhr
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzWTk5S2VkQmNnNjIwQ05y
|
||||||
TTdmc2pwb1RVNHlNVGNYaUFMelFOQVUwMlFnClBQRldoMXY4dm9nY2Ntd0pRNUZu
|
TkR2MjdnY1pGMVZpT2dadE5icjIvRWtnT2pVClRCcTVHa3BaMGRDWTgzNE5zQzBq
|
||||||
NEhYeVp4YUthMU1MUmZvSjh3ZjVTajQKLS0tIDNKSHNQcWJYNkVvWmFXV2pSNVBP
|
MWRWWi83b0k3OUo5WXhHTVRZSmovMWMKLS0tIFF4UlNtNVFkd3phTzd6R2FuY0Js
|
||||||
cHVzY09RZ1ZuSkNWWisxeDQ5V2Z5VW8KybOLJvSkkV5XiH431SBY8k5aSE9QdZ5r
|
VWpzZTdXSWpiV2tRbnc5VlVWM3FCak0KQGy+ZWdvEh09y9z1Dj3GTVyeAJ5notCH
|
||||||
UghLUUTB1OFvycYNyxhyIgetX9ycu54PXitEiTBGWphPiAnXyBG3dQ==
|
ujbOfaly8e9E2g4uOxISxyFe39xlOZd6zEInZ5qiKPrZz37ASChBkA==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age19jm7uuam7gkacm3kh2v7uqgkvmmx0slmm9zwdjhd2ln9r60xzd7qh78c5a
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxVGRacTlCMjBRaURxMDNt
|
|
||||||
SXBnZXl6M1l3ZmVZUlVDZEV4U2dJSjREcGpnCkF3L1hhOEFYcnp5Y3VLSEsyTWZE
|
|
||||||
NFpTNno3VStINnlXdW9wcXd3bW81UGsKLS0tIGR3b3lQa3VIQmZ1bXREQnphQ1lL
|
|
||||||
KzdCbXNTc054eEJBeklmM0xPVGQ4bmcKgZtxtepmmn/M4HylEsQ0FB/OXlgnyrU8
|
|
||||||
6Yy2ua5/UN+YfFJ2FNoYyxd7OYLDeHsvQQODXJuL7VEGBaF+3ttMHg==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1nwnqxjuaxlt5g7fe8rnspvn2c36uuef4hzwuwa6cfjfalz2lrd4q4n5fpl
|
- recipient: age1nwnqxjuaxlt5g7fe8rnspvn2c36uuef4hzwuwa6cfjfalz2lrd4q4n5fpl
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAweHZaZjRoaXRCNEFBYk1V
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrZDNFa0U4MWs0dmVkZXhi
|
||||||
ZWJ3YjVJVFFmeGhpUnVHYXhxNlhvOEtqVTBrCjRIa3N3UnRYeTU5ajUyM0xjanNN
|
V3JjdXIrTTdkamkzRW1jU0wzNnluQ0lJbmpNCkcxNUNwc3ZxMXJreXBxNUlaR0xN
|
||||||
RjArandlM1ljbEdjcHcvL3Fvd2MweFEKLS0tIDZ2Z0dpN1d3bFc5VlNMbXBmZGNn
|
RmFDZ3RIaVU5aCttS3Q5dWo0QUovVDgKLS0tIEVJQm1xWE80OVRyWUxkMzFXRHBp
|
||||||
blVrd3dubmUwWGd5Rk1PSHBPUlFBZ0UKOh5BQgCUxQxFSU2NxmOGEmO3DZ3TuWid
|
RlJTZjgzQ3pDVHRPQ2dFbHBqdzA3N0EKGBFnnJMqUrbaIviqpX4CP4Ps45Lk/Yyn
|
||||||
d1vLm0TotAjshXBSy/yo62ejDUhvoCJ38PNDi6+zpZwCFYhaviQM7g==
|
fpVxSlwjOHNDwQ4ojUjv11FRo9WHUTGACFniUtvYc0oaLNygNgf8+Q==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1a8z3p24v32l9yxm5z2l8h7rpc3nhacyfv4jvetk2lenrvsdstd3sdu2kaf
|
- recipient: age1a8z3p24v32l9yxm5z2l8h7rpc3nhacyfv4jvetk2lenrvsdstd3sdu2kaf
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4eTdXNlA2bW1OTmpFNktD
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBodERMdDN4cVRiS0tVck5h
|
||||||
cTgrUjY0UzV4NTE5NWFHdHlYa1JaeW1DblZVCkwrelZjaE5vdkFyTkErMGR0Mmt0
|
N3RySnRtSXJHZEthRWZNcENrNXY4bHNHa0R3Cm1HL0lzWnpocWhXNDV3RFRxL1ZG
|
||||||
RkVPb1RTMjlEc2pRSDZjMWpwVVNhZVEKLS0tIEpaV3Y2enoxMWZyTVZjdlpYTWtH
|
dWlCQWtzMEZlRnNML2NrOUVPSVRTcHMKLS0tIEsrbk5VOUZhbDFRRHRuWW56TjE1
|
||||||
ZTNZOVhTcTBHSDk2UjhXRE90VCs0R2MKUI6Q/P4v4xLnkqXqMuidlcgccDzf3Ig7
|
V1d0d1lKb3hyYVQ4elBIZ0hnU3FTbnMKiWERjAwlJRPK+PILCBV03uyNVnNgolA8
|
||||||
P8aVNYbwtQqjsOwjYcoec4PaQehloW0kt/QSnYQx3znxrYQE1WVVNQ==
|
PS0vbIDVNiX0pIrRlM2sVivZwqajjTB3XROXMmbIKpQxDMjvpHgqJA==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-11-08T01:53:24Z"
|
lastmodified: "2024-07-27T04:50:25Z"
|
||||||
mac: ENC[AES256_GCM,data:C05zcIFQC3gMa5AVKGB2uvpT5Bj/Pt2XyWizjPfIa4gcx1TzueQZ0mlZHjJY/9qu5SccbLrJ/eNmajzh39cTmFZ7211l9Zz6N8BMboh8olzIWUYFeGzZtXgmKXBRMVH6RPpbcuawLOeXeD9pCLSek6V9Qdx/OUnlWokj9ZPfvuc=,iv:PGMPSs99J6neXoSF18yWbxjCE0M9dSjqtz1ntxwk0TU=,tag:pZfVKcroeKPAvlfft1YsOA==,type:str]
|
mac: ENC[AES256_GCM,data:IKLC9N4FvfV+eWFoVZa5ijyBdiQuNdXAE4Z/pQNhns+qTuMpuz9QLeQGysow8zCqg9z5WHPa+U10uBIJg0P6Bq2CkBTJ2/75axsQgqc+BPuY4cUfppbYqQaSzB831b3XMHei9m/IPXNoh277jk0E9A0mOzHu4YsBEEzyf5nESn4=,iv:dOIgrQD0eDB1lqTWoDoLXnDZTWJLf5m9a948Wabfc6I=,tag:MWoIe5UpTqZCDDJMcg0swA==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.9.1
|
version: 3.8.1
|
||||||
|
|
|
@ -1,18 +0,0 @@
|
||||||
[
|
|
||||||
"/dev/disk/by-id/nvme-Samsung_SSD_970_EVO_Plus_500GB_S58SNM0W406409E"
|
|
||||||
"/dev/disk/by-id/nvme-SOLIDIGM_SSDPFKNU020TZ_PHEH314200DT2P0C"
|
|
||||||
"/dev/disk/by-id/nvme-SOLIDIGM_SSDPFKNU020TZ_PHEH3142017H2P0C"
|
|
||||||
"/dev/disk/by-id/nvme-SOLIDIGM_SSDPFKNU020TZ_PHEH314201AD2P0C"
|
|
||||||
"/dev/disk/by-id/nvme-SOLIDIGM_SSDPFKNU020TZ_PHEH314201E72P0C"
|
|
||||||
"/dev/nvme0" # These are required to fix a smartctl bug I have yet to upgrade to a version that fixes it.
|
|
||||||
"/dev/nvme1"
|
|
||||||
"/dev/nvme2"
|
|
||||||
"/dev/nvme3"
|
|
||||||
"/dev/disk/by-id/scsi-35000cca23bc8a504"
|
|
||||||
"/dev/disk/by-id/scsi-35000cca23bd29918"
|
|
||||||
"/dev/disk/by-id/scsi-35000cca23bd29970"
|
|
||||||
"/dev/disk/by-id/scsi-35000cca2524cc70c"
|
|
||||||
"/dev/disk/by-id/scsi-35000cca2524e03f4"
|
|
||||||
"/dev/disk/by-id/scsi-35000cca2525680dc"
|
|
||||||
"/dev/disk/by-id/scsi-35000cca25256b484"
|
|
||||||
]
|
|
|
@ -1,49 +0,0 @@
|
||||||
{ ... }:
|
|
||||||
{
|
|
||||||
config = {
|
|
||||||
"core.https_address" = "10.1.1.61:8443"; # Need quotes around key
|
|
||||||
};
|
|
||||||
networks = [
|
|
||||||
{
|
|
||||||
config = {
|
|
||||||
"ipv4.address" = "auto"; # Need quotes around key
|
|
||||||
"ipv6.address" = "auto"; # Need quotes around key
|
|
||||||
};
|
|
||||||
description = "";
|
|
||||||
name = "incusbr0";
|
|
||||||
type = "";
|
|
||||||
project = "default";
|
|
||||||
}
|
|
||||||
];
|
|
||||||
storage_pools = [
|
|
||||||
{
|
|
||||||
config = {
|
|
||||||
source = "nahar/incus";
|
|
||||||
};
|
|
||||||
description = "";
|
|
||||||
name = "default";
|
|
||||||
driver = "zfs";
|
|
||||||
}
|
|
||||||
];
|
|
||||||
profiles = [
|
|
||||||
{
|
|
||||||
config = { };
|
|
||||||
description = "";
|
|
||||||
devices = {
|
|
||||||
eth0 = {
|
|
||||||
name = "eth0";
|
|
||||||
network = "incusbr0";
|
|
||||||
type = "nic";
|
|
||||||
};
|
|
||||||
root = {
|
|
||||||
path = "/";
|
|
||||||
pool = "default";
|
|
||||||
type = "disk";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
name = "default";
|
|
||||||
}
|
|
||||||
];
|
|
||||||
projects = [ ];
|
|
||||||
cluster = null;
|
|
||||||
}
|
|
|
@ -1,17 +0,0 @@
|
||||||
{ ... }:
|
|
||||||
{
|
|
||||||
outputs = {
|
|
||||||
# ZFS automated snapshots
|
|
||||||
templates = {
|
|
||||||
"production" = {
|
|
||||||
recursive = true;
|
|
||||||
autoprune = true;
|
|
||||||
autosnap = true;
|
|
||||||
hourly = 24;
|
|
||||||
daily = 7;
|
|
||||||
monthly = 12;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
datasets = { };
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,46 +0,0 @@
|
||||||
{ ... }:
|
|
||||||
{
|
|
||||||
name = "Soft Serve";
|
|
||||||
log = {
|
|
||||||
format = "text";
|
|
||||||
time_format = "2006-01-02 15:04:05";
|
|
||||||
};
|
|
||||||
ssh = {
|
|
||||||
listen_addr = ":23231";
|
|
||||||
public_url = "ssh://10.1.1.61:23231";
|
|
||||||
key_path = "ssh/soft_serve_host_ed25519";
|
|
||||||
client_key_path = "ssh/soft_serve_client_ed25519";
|
|
||||||
max_timeout = 0;
|
|
||||||
idle_timeout = 600;
|
|
||||||
};
|
|
||||||
git = {
|
|
||||||
listen_addr = ":9418";
|
|
||||||
public_url = "git://10.1.1.61";
|
|
||||||
max_timeout = 0;
|
|
||||||
idle_timeout = 3;
|
|
||||||
max_connections = 32;
|
|
||||||
};
|
|
||||||
http = {
|
|
||||||
listen_addr = ":23232";
|
|
||||||
tls_key_path = null;
|
|
||||||
tls_cert_path = null;
|
|
||||||
public_url = "http://10.1.1.61:23232";
|
|
||||||
};
|
|
||||||
stats = {
|
|
||||||
listen_addr = "10.1.1.61:23233";
|
|
||||||
};
|
|
||||||
db = {
|
|
||||||
driver = "sqlite";
|
|
||||||
data_source = "soft-serve.db?_pragma=busy_timeout(5000)&_pragma=foreign_keys(1)";
|
|
||||||
};
|
|
||||||
lfs = {
|
|
||||||
enabled = true;
|
|
||||||
ssh_enabled = false;
|
|
||||||
};
|
|
||||||
jobs = {
|
|
||||||
mirror_pull = "@every 10m";
|
|
||||||
};
|
|
||||||
initial_admin_keys = [
|
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILcLI5qN69BuoLp8p7nTYKoLdsBNmZB31OerZ63Car1g jahanson@telchar"
|
|
||||||
];
|
|
||||||
}
|
|
|
@ -1,191 +0,0 @@
|
||||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
|
||||||
# and may be overwritten by future invocations. Please make changes
|
|
||||||
# to /etc/nixos/configuration.nix instead.
|
|
||||||
{ config, lib, inputs, pkgs, ... }:
|
|
||||||
let
|
|
||||||
sanoidConfig = import ./config/sanoid.nix { };
|
|
||||||
disks = import ./config/disks.nix;
|
|
||||||
smartdDevices = map (device: { inherit device; }) disks;
|
|
||||||
in
|
|
||||||
{
|
|
||||||
imports =
|
|
||||||
[
|
|
||||||
inputs.disko.nixosModules.disko
|
|
||||||
(import ../../profiles/disko-nixos.nix { disks = [ "/dev/sda|/dev/disk/by-id/nvme-Samsung_SSD_970_EVO_Plus_500GB_S58SNM0W406409E" ]; })
|
|
||||||
inputs.nix-minecraft.nixosModules.minecraft-servers
|
|
||||||
];
|
|
||||||
|
|
||||||
boot = {
|
|
||||||
initrd = {
|
|
||||||
kernelModules = [ "nfs" ];
|
|
||||||
supportedFilesystems = [ "nfs" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
kernelModules = [ "vfio" "vfio_iommu_type1" "vfio_pci" "vfio_virqfd" ];
|
|
||||||
extraModulePackages = [ ];
|
|
||||||
kernelParams = [ "zfs.zfs_arc_max=107374182400" ]; # 100GB
|
|
||||||
};
|
|
||||||
|
|
||||||
swapDevices = [ ];
|
|
||||||
|
|
||||||
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
|
||||||
|
|
||||||
users.users.root.openssh.authorizedKeys.keys = [
|
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAGSFTSVPt43PBpSMSF1dGTzN2JbxztDZUml7g4+PnWe CSI-Driver@talos"
|
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBROTzSefJGJeCNUgNLbE5l4sHHg2fHUO4sCwqvP+zAd root@Gollum"
|
|
||||||
];
|
|
||||||
|
|
||||||
# Network settings
|
|
||||||
networking = {
|
|
||||||
hostName = "shadowfax";
|
|
||||||
hostId = "a885fabe";
|
|
||||||
useDHCP = false; # needed for bridge
|
|
||||||
networkmanager.enable = true;
|
|
||||||
firewall.enable = false;
|
|
||||||
interfaces = {
|
|
||||||
"enp36s0f0".useDHCP = true;
|
|
||||||
"enp36s0f1".useDHCP = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
sops = {
|
|
||||||
secrets = { };
|
|
||||||
};
|
|
||||||
|
|
||||||
# Home Manager
|
|
||||||
home-manager.users.jahanson = {
|
|
||||||
# Git settings
|
|
||||||
# TODO: Move to config module.
|
|
||||||
programs.git = {
|
|
||||||
enable = true;
|
|
||||||
userName = "Joseph Hanson";
|
|
||||||
userEmail = "joe@veri.dev";
|
|
||||||
|
|
||||||
extraConfig = {
|
|
||||||
core.autocrlf = "input";
|
|
||||||
init.defaultBranch = "main";
|
|
||||||
pull.rebase = true;
|
|
||||||
rebase.autoStash = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
programs = {
|
|
||||||
# 1Password cli
|
|
||||||
_1password.enable = true;
|
|
||||||
|
|
||||||
# VSCode Compatibility Settings
|
|
||||||
nix-ld.enable = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
services = {
|
|
||||||
|
|
||||||
# Minecraft
|
|
||||||
minecraft-servers = {
|
|
||||||
# Me cc858467-2744-4c22-8514-86568fefd03b
|
|
||||||
enable = true;
|
|
||||||
eula = true;
|
|
||||||
servers.eregion = {
|
|
||||||
enable = true;
|
|
||||||
package = pkgs.paper-server;
|
|
||||||
serverProperties = {
|
|
||||||
motd = "§6§lEregion§r §7- §6§lMinecraft§r";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
# Smart daemon for monitoring disk health.
|
|
||||||
smartd = {
|
|
||||||
devices = smartdDevices;
|
|
||||||
# Short test every day at 2:00 AM and long test every Sunday at 4:00 AM.
|
|
||||||
defaults.monitored = "-a -o on -s (S/../.././02|L/../../7/04)";
|
|
||||||
};
|
|
||||||
|
|
||||||
# Soft Serve - SSH git server
|
|
||||||
soft-serve = {
|
|
||||||
enable = true;
|
|
||||||
settings = import ./config/soft-serve.nix { };
|
|
||||||
};
|
|
||||||
|
|
||||||
# VSCode Compatibility Settings
|
|
||||||
vscode-server = {
|
|
||||||
enable = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
# ZFS Exporter
|
|
||||||
prometheus.exporters.zfs.enable = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
# sops
|
|
||||||
sops.secrets = {
|
|
||||||
"syncthing/publicCert" = {
|
|
||||||
sopsFile = ./secrets.sops.yaml;
|
|
||||||
owner = "jahanson";
|
|
||||||
mode = "400";
|
|
||||||
restartUnits = [ "syncthing.service" ];
|
|
||||||
};
|
|
||||||
"syncthing/privateKey" = {
|
|
||||||
sopsFile = ./secrets.sops.yaml;
|
|
||||||
owner = "jahanson";
|
|
||||||
mode = "400";
|
|
||||||
restartUnits = [ "syncthing.service" ];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
# System settings and services.
|
|
||||||
mySystem = {
|
|
||||||
purpose = "Production";
|
|
||||||
system = {
|
|
||||||
motd.networkInterfaces = [ "enp36s0f0" ];
|
|
||||||
# Incus
|
|
||||||
incus = {
|
|
||||||
enable = true;
|
|
||||||
preseed = import ./config/incus-preseed.nix { };
|
|
||||||
};
|
|
||||||
|
|
||||||
# ZFS
|
|
||||||
zfs.enable = true;
|
|
||||||
zfs.mountPoolsAtBoot = [
|
|
||||||
"nahar"
|
|
||||||
"moria"
|
|
||||||
];
|
|
||||||
|
|
||||||
# NFS
|
|
||||||
nfs.enable = true;
|
|
||||||
|
|
||||||
resticBackup = {
|
|
||||||
local.enable = false;
|
|
||||||
remote.enable = false;
|
|
||||||
local.noWarning = true;
|
|
||||||
remote.noWarning = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
services = {
|
|
||||||
podman.enable = true;
|
|
||||||
libvirt-qemu.enable = true;
|
|
||||||
|
|
||||||
# Syncthing
|
|
||||||
syncthing = {
|
|
||||||
enable = true;
|
|
||||||
user = "jahanson";
|
|
||||||
publicCertPath = config.sops.secrets."syncthing/publicCert".path;
|
|
||||||
privateKeyPath = config.sops.secrets."syncthing/privateKey".path;
|
|
||||||
};
|
|
||||||
|
|
||||||
# Scrutiny
|
|
||||||
scrutiny = {
|
|
||||||
enable = true;
|
|
||||||
devices = disks;
|
|
||||||
extraCapabilities = [ "SYS_RAWIO" ];
|
|
||||||
containerVolumeLocation = "/nahar/containers/volumes/scrutiny";
|
|
||||||
port = 8585;
|
|
||||||
};
|
|
||||||
|
|
||||||
# Sanoid
|
|
||||||
sanoid = {
|
|
||||||
enable = true;
|
|
||||||
inherit (sanoidConfig.outputs) templates datasets;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,86 +0,0 @@
|
||||||
syncthing:
|
|
||||||
publicCert: ENC[AES256_GCM,data:oqQZ/QORhJoMUa1Sn4CoE5DKfgfIwRo7DR30MJoRLC8L3mOEDRQyk+P9ELAn3RIe2sa3OKwionJ9G+GM5htZPTaKg2h/wy//M89sdTRhC01vxJm80wScgQ8sC4HC8BpQCM5yt7A9Ln7mMvp+v61ae6xyEOcPpcZH4i31sxQUxuWURJU/KpdTAHKhora40W+DTx4YL7jEN7VMH+GawhJeW1jNZZDcBoQK/9RvB5uu6AFsQCedRwJE0772F16eaNKeXCu0BpNdTaZ7dNSUEeK0mT/0osb6DNVon8gKcYYEYtAyI/SnUOwRC4x+FeZYkAae3WGWzfKGC6ENN6JEHNG7mS81b83i3tyaN84wwmP/1pgQ5BSSEztH9P494SXLBnw3XxD2u5vxuKjf37q+gPnErq7hCEi9aS5HS/10ksgV5zpzg8eL9fNpyLXHqxDdllfvBo/KJlQaDri2OYcrz8SQlB0oCZI7AbjFz+zomFSzhi5S3gcLN/cB1CXDmK8/Ka26dcc6gAot18PqVt1aCHHVnLGvZEGt9Cj+/bool4Yq9fqQlXDyFMbiu0B57KEYshmeJE5w0fmBhenORyuKq2xhiXL4RCuKVoitjY75T4O2+ZzAqYli3gMcRksG6b+gXAYGF3XhJ2m2tBO5STlWzQx9eo8Ksm8+z0mJk7JgdKpov1mLzWZh9vHNkvUIGw15h+3FBu7oTgcvwrOqGDCCcAQSimMKiPuCUi+r2z4FuFobZOSlqAD2eRX9yh/V8s4VmaohrxacgIdscipkMFnQFGGkV3PHhh4yfMzZNHPll5Dk9fUM0BHrFMUccvP0aww60+4pufTUGWxrW5nRlI6jImPuoMh5KVZj5OAPYUcBj10UHjjtFKWN0V19XGVUx5TBR+AAkQzvAWrobSfyTyuk6P0l3Kpyi6DAJoW1Z7t2EQueKxjAd3uKMeCNDIfJOWVju9j3t2iu4BN3eyZTTbeKMwfkDJALHTsmtisRfc47qLxB3jyOHZXdZsC3OBgzRl2NlejgM+P4CVVH/kwT336u6ouuLJFjpsP+iUdBiRE=,iv:1FVhrbnLirFr2bHWZ53vEdnS6rL+HSMdV/XZarMmNAg=,tag:HCdx2II3FqDGy/t36NGiFA==,type:str]
|
|
||||||
privateKey: ENC[AES256_GCM,data:UNOJu/8lwtOy76y9mURvAQAcCPkAqCr3k4zo0qJw4WoyRiFnHszFrk988LdX9hi1a8d2SYpSbWBdRxAOBOkB0ljycjudgH+xVdOLeJDKZH69zRKkWwdfq6N4vxYhqnUyCuwsRrFvg4cZYeEx9n133QNf3DPYIvovlPEfurQXDt8s3/tDqVeJ1SuJTX2sp8X79KWypCb9T3mar9X67EirV2Tz6uxzeRiWUpekfQbdzcjITiQPZ9silBcu0ZIwgfneBQ9yqAV/Gu01mJph6H6cYqBhK3xO4T8tXsnk66siBjWmqKP+3kVG5pyFDMAhuM0Jz+0VkaKOjYxTaPff1YMsL7/hWQUXcMgM6NyppMbpJBnvqcaMpEbYuEF444pBVktC,iv:H/X4eW+1//f7uyJRiveZRQRJcPGelxHhz1sIlzsMCcM=,tag:n+/dttJpTBeHFK/H40M0oA==,type:str]
|
|
||||||
sops:
|
|
||||||
kms: []
|
|
||||||
gcp_kms: []
|
|
||||||
azure_kv: []
|
|
||||||
hc_vault: []
|
|
||||||
age:
|
|
||||||
- recipient: age1d9p83j52m2xg0vh9k7q0uwlxwhs3y6tlv68yg9s2h9mdw2fmmsqshddz5m
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIREVLNDdJUVJlbk1OR2o1
|
|
||||||
RFNJLyttRDZoTmoyenZFU2docVUxRnVtdVcwCkM2VEV5ZCtobWJDZUNVYWlkK1I1
|
|
||||||
dlJlbzQwKy94dEkrZG9rb1lma3IweGcKLS0tIEZLQjNxT1lobDh2VEJWY3E5cGZE
|
|
||||||
UzdGT2JpUWtVSzI5VVBXNWVXamlYTEEK5fFvbB55/4Nj3tI2TG3WYhwA1WK3vmfH
|
|
||||||
Qh5H5GcAYGV37Wlw2mZ/J3SYo9IBG+aNyXO8nE2/pwF7Tbw7GDPQ6A==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age1m83ups8xn2jy4ayr8gw0pyn34smr0huqc5v76e4887az4vsl4yzsj0dlhd
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtM0Q4ekVwWXhYd3krVzJR
|
|
||||||
anFxQWtaN0I3Qk1qRDE2cFVETGs2T1M0ZHhnCklBL3hmeXh3OWpvYnRzRHJWY2o4
|
|
||||||
TWpnYklpOG04S2pCVEdmTWtCYXJSUWMKLS0tIEdSUmthcEo4UjV4THAweC96cmNJ
|
|
||||||
dVV3TW04eEZDNW83T3JCRFVjMmxrZVkK7mU2HJstMD7p9As/s4XyBuYVJAlqCveA
|
|
||||||
NvC0imDnZ7btrVWKNTV2UB0VgQiM+opgcNHYhqRT1vLpUv/+ZRFDrg==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age18kj3xhlvgjeg2awwku3r8d95w360uysu0w5ejghnp4kh8qmtge5qwa2vjp
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqWElORElqTkQveHZFV1pk
|
|
||||||
ZitvWnZLTEJJWVFCTzZTVklQOVNCa0J2ZXhRCktGelNLYS85dmhJdlVjUWxkTWpC
|
|
||||||
R3cycTd0NEVWN2pLZnoxUXFyeG1tSjgKLS0tIHlIbkc0Yzd3YURqOWVwT0NTQlZR
|
|
||||||
bzRaVDdDL0NlNUZ3cTV4NU84NXNTeWsKZXNd2pYBG5P48kurR/XyswPGStyzSkqs
|
|
||||||
2mEjJCwuMZBkBRm9DFzbB/01LxqNnES4U9/6oVri0y4mHl5R7PyTag==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age1lp6rrlvmytp9ka6q89m0e0am26222kwrn7aqd45hu07s3a6jv3gqty86eu
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNQ3JHSE1IcWJqYW85cGtr
|
|
||||||
WXI3TE1SNGZ1R05iRkNKeW0wR2pVNU12dHlFClJseDYxUjFyOFg3Yjdpb1E0aEVj
|
|
||||||
SExnaTMzK3dDR2NvNEhjTkoyUTI4NlEKLS0tIGsxencxR2dhWWwwaGtFU3VnaU9x
|
|
||||||
bUNibENVMmQ4NWhOTmlOdmJyTTB3eUUKM5zbfS3IOGgXlAFi+40DAIBZbLiDDyLu
|
|
||||||
g5CZKtRAw/85WOqOdWl+WJBYegggyZs3029w2QA9WzxymnkGiyl1nA==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age1e4sd6jjd4uxxsh9xmhdsnu6mqd5h8c4zz4gwme7lkw9ee949fc9q4px9df
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZb0xEUFc4MmpOM0RaWmZO
|
|
||||||
Q1MzVkJyRnNFN28zUlQ4TUZ2TktWakFVZVQwCndvdDNzRGJMbE1lMHZaZ1llVzE1
|
|
||||||
dXZFMngzVVM4UjZWV2ZlOGY5bWJjQjgKLS0tIHBMWFlxd0syRjlEQUFwRS9lN1Ji
|
|
||||||
K2hUdmZmUHVWa01qVHVUODBlZ3RvY1UK4u0PsdXstr/NVsYGRglQ8IPhElIcJIbk
|
|
||||||
3G83Dunu+WApUNMhoCFpB0OuxSyc+xDIdEOhqcFGvIoywMmnpWWZ8Q==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age19jm7uuam7gkacm3kh2v7uqgkvmmx0slmm9zwdjhd2ln9r60xzd7qh78c5a
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrRFBRWWNSU1l5dE44c0No
|
|
||||||
QlJvYlh3dEZKVVVmS2RKOUdyaWtGMythUHhjCmsvR0M1eHlVd1l1NXVCWEw1ZnBa
|
|
||||||
SUNpWDFZWWJlSlVnR0VCNlluSWt0b0UKLS0tIENMa3FFWHpkaTg3YlRXRHpML05j
|
|
||||||
b1dmeXFkZjViVm5hdldOdTJRRWo2QUkK+eoVhfzSHimufxl0O81wRBJQ8iEVb7w2
|
|
||||||
rVLONs1qR5xRGCV6OpCtbRqKaNXQgGY/w1CGb/44xdmh7C2C21gs6g==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age1nwnqxjuaxlt5g7fe8rnspvn2c36uuef4hzwuwa6cfjfalz2lrd4q4n5fpl
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKV1o1cFphUnNhdlM3blh0
|
|
||||||
dHpKODg1SXNsbVlnRG5zaVFiNllEOGEvWkM4ClFwZDg3a1o2UDYyUUJwdHAxU0JX
|
|
||||||
MUN6Rk9rR0NKSjNyK0ZrQ1BaTWpTNjAKLS0tIDZkYTUvd3lkZHV6ei9xemUrUWFQ
|
|
||||||
TkJ6bDhxVVUzckkzNllsTkZLeFlEMkEKFesi49AfQbNLnYGrlvpCXCwvI22J1DL7
|
|
||||||
QK7lBMlDX3+zlutX6DKygQBT3BckSZWI8upOsK2atjP6d8seDVl3cA==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age1a8z3p24v32l9yxm5z2l8h7rpc3nhacyfv4jvetk2lenrvsdstd3sdu2kaf
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0eld2eEwyRTFyMGhXL2w3
|
|
||||||
Q1JYSG9VMXVqZE1zak1Ub1dOWVZYaVBNUzM4CmVUNURBcDVWeHhUUVBoRDE4M29B
|
|
||||||
SzRyUGU5MUVSL0wzRWZLd2RYOGplSmMKLS0tIDNOYWcvL0t0K0tXMWZGQXNybjY5
|
|
||||||
NDIwV1hIcXoyZWI3dUEyeWtXd3FLcEUK0YBS95TA9luAL1mObUtH6RG4nesYZ7Fc
|
|
||||||
bB3e2p6Mrp/t1Oa/8p6WQXxu4vf5y0XCNLXeW6I6/3udrTXARaNNPA==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
lastmodified: "2024-11-08T01:54:39Z"
|
|
||||||
mac: ENC[AES256_GCM,data:YD2Uwxq8rt2NPKfh5gxHvXcbcEmzfO2ZaaYjH0RnhHyNnHrf3jcyzEhJphKkzRRpsCJ/F7UV+x8EQdWkVn7eUykY92TkLeZ9I6TwyqupzfycQGrJK3Ma+jbO0qlG5L7NXXSxj4LKtJ9Rf1BdFH4czeWmrM3aMhtgAclZ4sTSCos=,iv:AElkydOvlkkGu/1iLxclH1bqkd1Pj4uQH3gbp6iGDII=,tag:WEfrJm3F0niQn1vKuowALg==,type:str]
|
|
||||||
pgp: []
|
|
||||||
unencrypted_suffix: _unencrypted
|
|
||||||
version: 3.9.1
|
|
|
@ -1,93 +1,58 @@
|
||||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
# and may be overwritten by future invocations. Please make changes
|
# and may be overwritten by future invocations. Please make changes
|
||||||
# to /etc/nixos/configuration.nix instead.
|
# to /etc/nixos/configuration.nix instead.
|
||||||
{
|
{ config, lib, modulesPath, ... }:
|
||||||
config,
|
|
||||||
lib,
|
|
||||||
modulesPath,
|
|
||||||
...
|
|
||||||
}:
|
|
||||||
|
|
||||||
{
|
{
|
||||||
imports = [
|
imports =
|
||||||
|
[
|
||||||
(modulesPath + "/installer/scan/not-detected.nix")
|
(modulesPath + "/installer/scan/not-detected.nix")
|
||||||
];
|
];
|
||||||
|
|
||||||
networking.hostId = "4488bd1a";
|
networking.hostId = "4488bd1a";
|
||||||
networking.hostName = "telchar";
|
networking.hostName = "telchar";
|
||||||
boot = {
|
boot = {
|
||||||
initrd.availableKernelModules = [
|
initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usbhid" "usb_storage" "sd_mod" ];
|
||||||
"nvme"
|
initrd.kernelModules = [ ];
|
||||||
"xhci_pci"
|
|
||||||
"thunderbolt"
|
|
||||||
"usbhid"
|
|
||||||
"usb_storage"
|
|
||||||
"sd_mod"
|
|
||||||
];
|
|
||||||
initrd.kernelModules = [ "amdgpu" ];
|
|
||||||
kernelModules = [ "kvm-amd" ];
|
kernelModules = [ "kvm-amd" ];
|
||||||
extraModulePackages = [ ];
|
extraModulePackages = [ ];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
fileSystems = {
|
||||||
|
"/" = {
|
||||||
|
device = "zroot/root";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
"/nix" = {
|
||||||
|
device = "zroot/nix";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
"/var" = {
|
||||||
|
device = "zroot/var";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
"/home" = {
|
||||||
|
device = "zroot/home";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
swapDevices = [ ];
|
swapDevices = [ ];
|
||||||
virtualisation.docker.enable = true;
|
virtualisation.docker.enable = true;
|
||||||
|
|
||||||
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||||
|
# System settings and services.
|
||||||
# Enable Flatpak support
|
|
||||||
services.flatpak.enable = true;
|
|
||||||
|
|
||||||
## Base config programs.
|
|
||||||
programs = {
|
|
||||||
# Enable Wireshark
|
|
||||||
wireshark.enable = true;
|
|
||||||
# Enable OpenJDK
|
|
||||||
java.enable = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
# sops
|
|
||||||
sops.secrets = {
|
|
||||||
"syncthing/publicCert" = {
|
|
||||||
sopsFile = ./secrets.sops.yaml;
|
|
||||||
owner = "jahanson";
|
|
||||||
mode = "400";
|
|
||||||
restartUnits = [ "syncthing.service" ];
|
|
||||||
};
|
|
||||||
"syncthing/privateKey" = {
|
|
||||||
sopsFile = ./secrets.sops.yaml;
|
|
||||||
owner = "jahanson";
|
|
||||||
mode = "400";
|
|
||||||
restartUnits = [ "syncthing.service" ];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
## System settings and services.
|
|
||||||
mySystem = {
|
mySystem = {
|
||||||
purpose = "Development";
|
purpose = "Development";
|
||||||
|
|
||||||
services.syncthing = {
|
|
||||||
enable = true;
|
|
||||||
user = "jahanson";
|
|
||||||
publicCertPath = config.sops.secrets."syncthing/publicCert".path;
|
|
||||||
privateKeyPath = config.sops.secrets."syncthing/privateKey".path;
|
|
||||||
};
|
|
||||||
|
|
||||||
## Desktop Environment
|
|
||||||
## Gnome
|
|
||||||
# de.gnome.enable = true;
|
|
||||||
## KDE
|
|
||||||
de.kde.enable = true;
|
|
||||||
|
|
||||||
## Games
|
|
||||||
games.steam.enable = true;
|
|
||||||
|
|
||||||
## System config
|
|
||||||
system = {
|
system = {
|
||||||
motd.networkInterfaces = [ "wlp1s0" ];
|
motd.networkInterfaces = [ "wlp1s0" ];
|
||||||
fingerprint-reader-on-laptop-lid.enable = true;
|
fingerprint-reader-on-laptop-lid.enable = true;
|
||||||
|
borg.pika-backup.enable = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
framework_wifi_swap.enable = true;
|
|
||||||
security._1password.enable = true;
|
security._1password.enable = true;
|
||||||
|
framework_wifi_swap.enable = true;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,86 +0,0 @@
|
||||||
syncthing:
|
|
||||||
publicCert: ENC[AES256_GCM,data:TQ8H4JsIEoSSrOtC9koG12v64ANVDU579hakO+Q/Uo+0uY/wf52U5g6THIJII7maVOJ31VXKhQABKuiirYjGnG5IaWnNkzCRo+8Pv861lr4d0be3H2NBubkIK814HziuiHa9MP5szi/J5aPQu0nj9srHCPYDzsueh8+bZDYQ2VdgKWKAKAbGwZXRcCyyNGP9u1VjUJCfXx/iQ3RbCrLNDuVbSbfmVH9wJxUUlF0ViqnHkaucQCstaAuvIn78tKpGJeM0njG2PDiVDTDBnhb5Pui/NdK+3+QqwVQHwoQRagGvqEoiL05DY3ydBlClMt2J23kqBN5U0Az15plHwQNLJujWVtkXsh4naIM8Pztwdi3xoioTytdZF/7q4q9rT3YmAK2grgSw0A4SEVvHD5RUH4ZuN/cLb0+h3Papt7xUQcwvr2WStoEujDfuHYPjs13bITnErv0PE8Imis9/ffGwC0EMsgbuDOzS8+m+KT+E8smNJD2APBZh0jq2aeSG4K1y1Q+tVnBMfZ89g8K9JZUcPWWKlGFUbWYRzY4Y1ueGH0pAUIfHLGai16q6SFvXA1+WHCJzEbZDYfDMW465yYV27JMiY4vJw+dAGs2P5o2Pf5/DtVuMW35ZQefBB/mFrJi05/3/CRbBMP73RJXvnjkTjnmUQ2FybkdX0w2zqhyWV5C171kSOcTpkBYaNWn1oM0thG246b80npGmbRjNWH7PWqxQm6kR7USiQOLgvy9rbAULNZ1+ou6He0oKD003Hfkm+OSfQVAMviIE8iS2b6xo0f8umvJ/gVEVHrDsv75KUVQHTHOjickYeYvVky6ZqPDI1z4ya8q1csb/UnLqSNvjT16OdMVQvwCOcjSPTtymj5IdDspkHW9bN856dDvbbRn0FxsEnjFpZMATYVvcLf92eA1k1/ghQKJdOcBrZY4HWUKx33e21i5OyDcLrX9JVTOMpVtKjX2pMygmVxzwj6DV5BWQYTrNByI5iHE8ihy+vOFf36b6bcyu4+3PKIoKnC738b5fSudGtPFL+bhlFPMEO9xlIwzUTA==,iv:9K8PKwTAKF1iZNRDY8ABgK2xKDZ4jh6l1C+ZzH1aexQ=,tag:/fxUf++pQQKWD8SZyw3Lqw==,type:str]
|
|
||||||
privateKey: ENC[AES256_GCM,data:ul6WGC0iMOpm7RcZjSPATJcu5IMENcvJtPreulDB8vODKfFWKeXlWiy13CZ2fsJxn3Xd/SbXGgtqd6wNQAyU9Rp8qrbFAVCrTppGjbVElbLTdPdpWMU940Rxn4ICc9z4LmKziALFj28O2neRANEzhtThCv724PStXnS2h6mO9bvfDBvmWyD85l0W8hjYHT2g6RaKAMB0BQ+SGb/7YTzpJkU2qdcYdqFaFlxqae1ZO0Ik4UdOBwAGQFgiDM/BzwL5kM0H/r3mMd0vgLBk7AGcQx9yI76SDlFh8CT7jYyJhE0X+wSKwcMdttA8qeCcdkxdEiXgzzFreBJfRq9CUc5+y20mE+cv83bXCIAz12yT0RDMoml1efvrn5A/valqTn8y,iv:VSSVxItFPc7+t5vHoDBRP2mmiFsulThRNZqNy82RYFI=,tag:F6IHAmk4HEINtuYb9Kvbxg==,type:str]
|
|
||||||
sops:
|
|
||||||
kms: []
|
|
||||||
gcp_kms: []
|
|
||||||
azure_kv: []
|
|
||||||
hc_vault: []
|
|
||||||
age:
|
|
||||||
- recipient: age1d9p83j52m2xg0vh9k7q0uwlxwhs3y6tlv68yg9s2h9mdw2fmmsqshddz5m
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3bGFxTi9OcjUwNlJWRWov
|
|
||||||
OEFtZTJacmxSSDhEeWdGbTRhMHEyQ0pwVW5nCmsvVU5KSHJ4OTZtWExzUWg0ZnBD
|
|
||||||
Q3BXSFhMNUZ2YjZiRmRwcWV0R1BnVnMKLS0tIDZKaG9abm5JeVROdzNQcXhhZG41
|
|
||||||
TDhEVG1yaDhZbWNXVm5HQnFBZld1alUKLjDMyKKMcdh96YjZ3/QPEXecPYlNZMGv
|
|
||||||
8BCG4xZq+cqlzxpQ/f9/P+g8crw+BQD/H8S5R/UsNZuT3jFoZYTgyg==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age1m83ups8xn2jy4ayr8gw0pyn34smr0huqc5v76e4887az4vsl4yzsj0dlhd
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFODdNVDNtYytjZmhxK1FY
|
|
||||||
Q2wvT2M1UFRzbVU5c0hDUXhBd0hXWDNoL21zCnI0ak9ESHl5bCtaM21SMDhpMmlM
|
|
||||||
SUx1SldFeTlVME9iQ09BZnJCRk44OHcKLS0tIDR5dFdDZU9ESVFhTXowZ0NWQnBj
|
|
||||||
bFZpNHNQaDZ5M1RnK1FhYXVUVDhpMTAKjbJ7BboI37aWHQ3IIiwd4F725w9QSq/5
|
|
||||||
TYoApR7X5dDhEy43ytuuSUASDN3Zw7xg96e23/JCPfAYzjeL/6MbLA==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age18kj3xhlvgjeg2awwku3r8d95w360uysu0w5ejghnp4kh8qmtge5qwa2vjp
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXcFZ4YitXNXNJaDd6aENK
|
|
||||||
OW9Uc0VHS0hhNWUzZXRXbkdUZnRBWTVOWVdnCnlLNmpVRFB0enpUQ1FIbk8rMFhS
|
|
||||||
a2FHTWZSZTFnbC9vNnFPaWVSK3NFNjAKLS0tIFJDS3N5eFZhQm55QUJQOXV1NER1
|
|
||||||
cTJvYVdta0JPRFZ1TUc4eDBNS2VEQzgKkLXYLUC3Fd27KKajQwbKVUUfAawhb4g5
|
|
||||||
/1cKOxSs1eMfCpK0xxZKwsSaAcTfmYlXuRBMO82ol9lMD+/fBNaCfg==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age1lp6rrlvmytp9ka6q89m0e0am26222kwrn7aqd45hu07s3a6jv3gqty86eu
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYb2diT3NqQ1UyZFM3Mmc3
|
|
||||||
OWJicDNFVXR5dkNQN3ZVYlVCK29yd3FCMG1jClpPaWdRUWsxK2lrMy9YdGFzWmZ0
|
|
||||||
VVNaNE9Pb0lhNEpsWUdGckFRaXNOc3cKLS0tIERLajl6Q1BGcmh3TUYyNGtCS0dI
|
|
||||||
V2ZhNDNJTlBGWU43MFVHMGpzUElZMncK5i95c/lkjjlnpL2dCchkvhnpoQQzb2w/
|
|
||||||
eGx9DQwj7eLhYh/STrsX39vXEEw6kNuIz/2zVMirzVhv/bQ3xmerTQ==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age1e4sd6jjd4uxxsh9xmhdsnu6mqd5h8c4zz4gwme7lkw9ee949fc9q4px9df
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2dm1wQkx5MEUySWR3YmVS
|
|
||||||
ZWZTRkdaeGZPVFpudit6SHpBWE0xODFZd2xRCjlGYmk3L0E3eVpjYW1NSVRoa3lk
|
|
||||||
OHRFK24rWlJNemVWMHhERlowT3ZUZDQKLS0tIHdKancwR0wrb0hWUDBPS3ZBbnFm
|
|
||||||
bjhSTTNxZVczK3lNSENQUVgyZUlzR3MK++UAqpak2u+E/OjXnpFQ0UFb5SrEm7KK
|
|
||||||
TwS0VBa7OfQtC6UHuix4MtsLJYkaEf8vYjjrBHRGlbbgAP+yFPaOPw==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age19jm7uuam7gkacm3kh2v7uqgkvmmx0slmm9zwdjhd2ln9r60xzd7qh78c5a
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAycC82VGhHVFRkeEs1QVl6
|
|
||||||
RHJ3N3RGZXFTWWNIYVpVVXQ0Z0sxdWdyNkRZCnJ0a1QvOUpvekJpckY4eSs5bFRL
|
|
||||||
b3ZiVHdpSUlCcjBXMFlzMnJvQUNlNmcKLS0tIHhNUDFzNHZpWE1zQnR3UFdFWkFO
|
|
||||||
VHBGSENKc3lkMkdZaVdVVHlvcWoyc2MKiatzQlU9D1WSZO/6IwGhyd2zFtnRR3SS
|
|
||||||
t9kqNFnrCfuAReoP7PsMukNbfeZr0edn2bTByZ32EF2qBFmEJicGHQ==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age1nwnqxjuaxlt5g7fe8rnspvn2c36uuef4hzwuwa6cfjfalz2lrd4q4n5fpl
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIOG9TQkhzK0NUazd4RVE3
|
|
||||||
Yjh2Y2hJaEdWcVExaWNmNEw1eTZsZHgxdUFZCmhqcHBSblBhd2pSbE8vYVc1NlQ0
|
|
||||||
ck1BZG9LRHY0aHJqMkFkMFJVUVZwOFkKLS0tIG5Cc0ZVWVBzTXoySm91bSszZXpS
|
|
||||||
TXA1RjFETXdRRFBQK3g2Tmk2VGdXVGsK3jkU01wrOWktuThyt51G4opyTrS1W1dR
|
|
||||||
MKWuw2GljMSeGHij5VP+PwmTfaJrl5KpEm5w8ggKIm8KaR3RI/DYWg==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age1a8z3p24v32l9yxm5z2l8h7rpc3nhacyfv4jvetk2lenrvsdstd3sdu2kaf
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhaEtvNUs4T3czQ25ObG5L
|
|
||||||
Yk9uZzBvSHFFcjJwdTVXckJFNE1NellDb0VJCitBTWFjRlpOdS9wL0crN3V0ZnBk
|
|
||||||
bTY2R01LYk9zT3ppVHBaNFlMSkZJRU0KLS0tIDAvOE1Ya29OYUF2Rk41c0ZEbzlq
|
|
||||||
eFZwL0R3R0psRzVRYjlzRlBURGhXOTAKwewHTFEpnXKOGTv544Tl8djUG3uKS7+n
|
|
||||||
h7FAGpzGF1/i45+JJYikXjaWbJmN/WqZRrx9BAyu2ymeTQKPzCHShg==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
lastmodified: "2024-11-07T23:27:17Z"
|
|
||||||
mac: ENC[AES256_GCM,data:xPofZ+vRCsvPz1WTTjlxR6bbHYDDTP+sX8Rc8lRWzjAnMcsULsmbpeIwjghcnMgm406Umbct87UX1aFu4LioumG3KE1XHzE/s4Ik095m9IBbo2AVLVx0O2Q5UKwDvP7pPnBJBEmjs4xn70bMsOeYRJl+VECQssN18IzjVUwaVmE=,iv:0we672j+kxTHwXO5aUtu9wCIndgqUDnhGWvEGH2sVQA=,tag:Nu8Fa4bc4BWlvNE4m1DXYw==,type:str]
|
|
||||||
pgp: []
|
|
||||||
unencrypted_suffix: _unencrypted
|
|
||||||
version: 3.9.1
|
|
|
@ -27,11 +27,11 @@ frontend k8s_homelab_apiserver
|
||||||
option tcplog
|
option tcplog
|
||||||
default_backend k8s_homelab_controlplane
|
default_backend k8s_homelab_controlplane
|
||||||
|
|
||||||
frontend k8s_theshire_apiserver
|
frontend k8s_erebor_apiserver
|
||||||
bind *:6444
|
bind *:6444
|
||||||
mode tcp
|
mode tcp
|
||||||
option tcplog
|
option tcplog
|
||||||
default_backend k8s_theshire_controlplane
|
default_backend k8s_erebor_controlplane
|
||||||
|
|
||||||
backend k8s_homelab_controlplane
|
backend k8s_homelab_controlplane
|
||||||
option httpchk GET /healthz
|
option httpchk GET /healthz
|
||||||
|
@ -41,13 +41,13 @@ backend k8s_homelab_controlplane
|
||||||
balance roundrobin
|
balance roundrobin
|
||||||
server shadowfax 10.1.1.61:6443 check
|
server shadowfax 10.1.1.61:6443 check
|
||||||
|
|
||||||
backend k8s_theshire_controlplane
|
backend k8s_erebor_controlplane
|
||||||
option httpchk GET /healthz
|
option httpchk GET /healthz
|
||||||
http-check expect status 200
|
http-check expect status 200
|
||||||
mode tcp
|
mode tcp
|
||||||
option ssl-hello-chk
|
option ssl-hello-chk
|
||||||
balance roundrobin
|
balance roundrobin
|
||||||
server bilbo 10.1.1.62:6443 check
|
server nenya 10.1.1.81:6443 check
|
||||||
server frodo 10.1.1.63:6443 check
|
server vilya 10.1.1.82:6443 check
|
||||||
server sam 10.1.1.64:6443 check
|
server narya 10.1.1.83:6443 check
|
||||||
''
|
''
|
|
@ -42,8 +42,6 @@
|
||||||
swapDevices = [ ];
|
swapDevices = [ ];
|
||||||
|
|
||||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||||
# Until I can figure out why the tftp port is not opening, disable the firewall.
|
|
||||||
networking.firewall.enable = false;
|
|
||||||
|
|
||||||
sops = {
|
sops = {
|
||||||
# Mounts unencrypted sops values at /run/secrets/rndc_keys accessible by root only by default.
|
# Mounts unencrypted sops values at /run/secrets/rndc_keys accessible by root only by default.
|
||||||
|
@ -99,15 +97,13 @@
|
||||||
|
|
||||||
matchbox = {
|
matchbox = {
|
||||||
enable = true;
|
enable = true;
|
||||||
# /var/lib/matchbox/{profiles,groups,ignition,cloud,generic}
|
dataPath = "/var/lib/matchbox";
|
||||||
dataPath = "/opt/talbox/data";
|
assetPath = "/nas/matchbox/assets";
|
||||||
# /var/lib/matchbox/assets
|
|
||||||
assetPath = "/opt/talbox/assets";
|
|
||||||
};
|
};
|
||||||
|
|
||||||
dnsmasq = {
|
dnsmasq = {
|
||||||
enable = true;
|
enable = true;
|
||||||
tftpRoot = "/opt/talbox";
|
tftpRoot = "/srv/tftp";
|
||||||
bootAsset = "http://10.1.1.57:8086/boot.ipxe";
|
bootAsset = "http://10.1.1.57:8086/boot.ipxe";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,10 +1,10 @@
|
||||||
1password-credentials.json: ENC[AES256_GCM,data:AgjrQRlLUHozHTsn2iAf+DoQKmhQfSH6ktISxUZeEjs56k6idjbndkK/kwQXNNrAwmmpT+3OG7cOv0bAPU8AzwZYVyOlpFwp/eXvPJI6YcXlmsCn9lEANpdIbpc28npWTxuYvwZTSavJt5qo/Q9Gf5YQ2qiW6ER3vA1bej7Q6/WRNqcRWKfcMOfNg5YAms/o+nUDKgp2TG4cypyw7tXUoFk9drhCrybNSdlWxWf1t+VdiGLIFk1HvYWkelpxJujRZbKJxNi+4kPT1xQyU8IJbOZx1wXsIfz5I7QPtfoMxbAhRB5ikAwZpNLO1DpnAqBcLES+yqHm0V/hyI48mHz9gSH7fCUvGqj2OqdaKAl0lEpkTMA8PkfRNKGumwHsq2IEh5PP0kj50WlEFFoZszM5QKr9FK7tcvMP0mTL88hlCqnH7rzvNQtpC76BcoReOfKO0ZPtfEAJVGzsQ4F0hkeYzlfyoylqOzldju1QPadQ8Pq3dZFUXg5mZrF2N2kx8gqHqNHqK0BY7KFRrqTIJWebHiLYWe+WWqK3aUSLx3j8iqjuf+HtEBnxAkVIuAYBS6KwHQeXycdD/d1aMm8T46mJzW5FHlUed++GsU5HGQOF2gDZ2gfimdZ7taH0Wlf2wYmuH3BJKFGROefv0SuhuqKMxG1ownFIO0CbCS61ErRTER1P1L44CmaPyIgRNPMmz4nLlKt6+P7Ci4QGpevBkY1wHEn3dT/fNrBBW5EBsrWKRA88guZZHAwB3HLAVNqDno+nWlXlB5RxzaYzya6MYrlXKQxYluU73UQRzH7ikAcL4dJpjVPNIZPkzNRAI75U/IOQX+XspwM+yeIC38TAnNIcARXk2u2FJPaJLQSLqQJYgN9DO5Rg3cIVD/RsSU8TMEq/5jHaoMjZZ4iaYjUHzXbTOvk9WuGBJB1uBm3WUVDwLy6sVp7kHv4PvECcDByNxvhd7Krpbgt9sMi3jsfloo8zOzyoUOkbCEJNr6KCTOvd1/gzRVBxKyTajBkp3P/K7sqGSYpqqmE9qQSeHH6hVMgpicPsn29rzBRW5z0Oep+E6mmDoFuzJ1PJCdLguOIOkVDGiaT+ETtSrg6By3+lhcknElquTd0McoIO2nst80VA3tGUFwPcRJ+GmCtNLBDQgsxz0FtLMzIp5rWi630gnDHBjCf/qXWxyb1YXTpWGmsfWlF3xf8TrH313cnYkKVJAxMBFQVB9GCZMbFcgWg2A9T6b53tVHhmTWIZ5fHGOVBsruo/zU3mhxjoOqsbgrmj6Vi/1sEHvkN0hQq13QGT0bRv4L8BdeIanCMItEP09WZ3lDlDaXY/5xgfwr82oCxrMM7uk/j7COF5C1OjtbsqrGUUB4bphgiVsTT0m7KUw/VdJlPDUNAm3Qu5YUgeypmcNJoNFwsa0deDdg3GllaePP+8BDRbNrGSWUoNB7iNcW/fVaw=,iv:FUiB54c70FVSSkeXZ4stCdKGwihjpSZfsKqKoiDynTA=,tag:aNTbQb2/FUx2NrjQUVMIsA==,type:str]
|
1password-credentials.json: ENC[AES256_GCM,data:odK6x2TscY1WNCOaPBSfo2ln7hsa5UopakUpOgB4ci64p4LGIwTTDnSiq8+UXkrDndQ7tSqtr9RUvB+AwwYOuh1KBAwWmlZN7agtxUYc1wvMdQv8WPDfhqe9m0FNP5gyTaohcjBdBddZlv7izScVePUQUdG04dGYqUg6mQ/gmPtJy27hil8GivvxRN6FnFtkgoyfE+ZLfkTuMdeL4cxai4j+UeGc5XgmsrBLrW5udeDw2hktGXEBp2vMC6t+D7uzZ7DeLBDiHRbBZBeo+krnVdPsLxU3yFF/hC8vWVbkT7Wt/UhB0+X8SWvhYOvc3KW+NfyHcU0SONhQCM4iOkk/1qvcaDHy7idqexKxOtfQaZtuHW0vB3icgbxTO9usFxOxUPe63yXHUg+UDKSN4UGCF10eLoZKaV7zO76BkTFXQLl2Q+dytaxEKathhW4fS5lUBpuxXNDXuIxMiUIclXwVWVDpL7qchTJCopWwwDRaeHrUPev+pQptEsDLYpZeuf27hPjCMiOWkxt2kg2eKPjJ8AUtI8N3OlFPCyAurLgLSrFj0Wzm24LJLKsjs1if2y2jb/pR4MPdgnHgNnHS8VQ9JVprVyuw9C/wDhVV7yW+D4tlJ/d7AXaJq/dkO8XnwCEVPyFr9bUMB076z+tleYgvv9rHkdQMaqHr5HCHAtuYfM4f0Zpfr9alJ4wxCsj+MAn/PLGxjNd/hQQY+oYRpzBne2mUoxhRt3ZjnGH8LUBFSlz+e0+PB0anS3oV3XZUt0XuwGpNIxp4LsRFgmDC2qoMKZ2X7/DfTdmb3te0YbYNUUeHxlQ5AImzU6Lj1qw/clD7ViS82Rjc/WCavg9J7U7CdDbzhtv6xCxbyd3j1r8Wi4XLAXy4ZdcdvCEyYDHwJeExY8pp/jvS3CqSrlC/PyBUemloIQ+jSQiRYDv26XpRKbJ9Yd8fJ4ANPCMuvXU21iXtxHIRwopTo87hWqqSaORFcyVOmCxJJpa/TXL5fdd4ISy6CSqZXZCCIfiVxq4fBkqSoya4XMXQQq9Ki5xwLf1bDhaT3v7okP87A9d/j9Vru2RIZtRT71jVKvwDvJhLAfYuXyIUfQh5cvIw4/HlAZzP5vi1w5KlIJGf1uVVhvTl7p23/Gi9LAX3/P75dbK+x4VYOyqjMowER3jxk9m6GyFDl7iuceNh1bIpgPN1s4QOba7N2Tex5oa/aJJKOLYE4GYDtom5auDP6Xqa/Nd4NaDyd5oVuXcP7Lp7tDu9sIW5rhGaVYKU7jhzALN9HjfmAen+cZ50oy8L3IYKlS/91qzGughYDOjK4qeQ2XrMxySnCPja7ElV4gxmB3X73nxN+N0ZLEDhAGIS1FOaOammDjK2Pj/3vA5+S2hO3GYLh9glNgRnIGlNUVtw3My9H1mYIc4eP+LGGXz1KPnQMQWRtXZHH4d4fsOyhk+CE8as7WtyO7M=,iv:RkYdMs72Nq7dwHScKZeXMNSJ53ztTXCb3lkhrr9K2oE=,tag:XDdPfd+Be9nSAbvate52AQ==,type:str]
|
||||||
bind:
|
bind:
|
||||||
rndc-keys:
|
rndc-keys:
|
||||||
main: ENC[AES256_GCM,data:JVFfmWawvoQZNA/phLZAH/ZfDFkuDBAzQsvavFMT/8v8JKi4oJ/V2UjVv4Xhh730SP74Z41UBUA+N1iW+1HsIqCm+UGcjelLWiKoMGQMmuzVSbt4oN0lVtVIZyke+hzlNPm5qTt1,iv:Q5t9beYjCoTiYOm8K3ktqLbkaWWWzPPljcxmdrXdczA=,tag:gZaOrxZ9ou/+ZxukaZ9FDg==,type:str]
|
main: ENC[AES256_GCM,data:X0HTyNmqH1epIVNkXMyFlavqAodDw92Gs2sK54USNv0mWIwmk8NEb69x/Od8TAwDZw63k0lEAymyj/hBfkpav9yKT1M1hGxr09xjWsR/DTAM9tFv140cvnMEon0ZbXVXp4ou24jP,iv:7AsoCrxf8CyPiyWYfHZsGE0Qw/wutCVvCEiRdUdmIHA=,tag:oJi4BTDrD3FLEQuYeDR3dA==,type:str]
|
||||||
externaldns: ENC[AES256_GCM,data:eCtagoXcjAqKfvD8AuxUhtL2Rvn1iUxbS3qDv1x1KVUzdg1jGAELgCivgPLv8UaLCZ7dqqtr1XiMgsd8RPKgSZO/AS9TTQx8eGnWUnaorUXdhYfhrGfeUa7LoEPYPNx4jwrN45j3OKsE,iv:ffUDa51TqFMqOBItiezwfiNkf4aajdfIXo6+cR48rAE=,tag:E2jMpk1/hpJGjLfIFuTpqw==,type:str]
|
externaldns: ENC[AES256_GCM,data:WhH4vAR4Q4iTXq2fT+Z8kOXkwnneNV4bXWYytov62DFDSnYwsvWIbol5MvYIwXM+gEbQ/k/uk62MSFx26T34881EGJmH7KXWr7ji273D8oKAp0Fw6jOt2NZT6XkBwhWEIathUOwNdN6E,iv:SepdyBzYga7s03ppSppiBB/wTbTrL/y70aa/B/m02r4=,tag:vWqlZLx+FvstJjgRj4mjWg==,type:str]
|
||||||
zones:
|
zones:
|
||||||
jahanson.tech: ENC[AES256_GCM,data:CEOcBxa38OheRPP+JakWVfm1vbtTlMzEsEYhzehckpRN4hj9epxVwyKzth2JvhdJN7zslP/BydRm2VowSTJLDpEsRBYiC7650ear3co1qM60SvLHNgsKcW+UTfp5RUqIcos2Gfll2vrMFxMIRV9nrSz2g3trteC/4B3wmVLZjnvNQoB5SePpQKXZQQesO5+5aiF7hRqk2OSz57S/ncjHJhLz9h3xyvr7JXrcdUWHTUarqQbARG3owzaxEoPY+n4nqtx5JXqFaYAMSO6bio4OHanHXhdMfSpZud0bT7wBarAtWCFgIIMMKfd4Q1qBm5AFQyApdLKdwQ4zakrRYOx07zp/ZxVOQ5oiGIuFsEumf370PCzR6JPVivX0gHsJXR3EqlXVy4TpFOzit9jc43XD9LgvYKxdQQUUC3LwfCVK/6/rjqVU6+40tA30D8KQS1UZ1Bmm7+QGk4Jdocwg5KfI9BQNSC+Qfrmif8Ckljr8978p7rxEhMU52DkoNeOxHtLcjzsskVV2Mv01KdKQByoHxVR7ySEkmz1nDc6O6kUExgL4mrXRa+zWvTwkQdcjCoOvb5Z4X0sUdUwvt3qQqbZLyCLvXLwLyOjCTlHu3E+nlZ+AESTRoAgexkR+oWQuekoPaFxy1F4FFk8MDpBb2Cgsw5ZHhgmiKaV5e0DVU3oS6mRl1OiqhMSnbBsheyXYVWSHQh8xvlLgvF8/INeJCgZArjDfP/nz15ctkBVKC+6eEyTCXiAnaS1snbJdovTRiz9GUaE3AcQ+uRhhqDL7U1AO6n5vxI/6nKGH1YK2Z+ym7JT3M8+wtBhM/fPs5DjwjMb9c5z07Ks48r+dm8j91jsh2ACTJRvhvyQvxHh4HPWicoUhRdMj/VuLAwMpsCGRCwjsZ8OzNvzWUz/+5kA1J0/XEh6TRW2ZNKO+uzcpFKoAPwRbF0lLgZYnuceEEb1oyjEH0UjdKDL7g8GtnEdN4kem+Nfk/OgyVJKLCN6ILvd8QrhXhmAZri8s18eNEU2np92B6ISmRt/b0pcNyva1fRvYYv3CaIjqjx4RFa7pZvjyXysuomdNzUx6wfwBxVqQn4FjAhOCeGVawtzLDV2ZPfaxc36RIOrK,iv:Y6CcrD/be0F6B9TEfGFF74jWvk7uWVUytutnFGfnG0I=,tag:2JQaYAj4IuFw4LrnQ+gAig==,type:str]
|
jahanson.tech: ENC[AES256_GCM,data:XqOX6lbCubPEi1pXgIEXW0qyD2+iJXNugTPdQOB/yCm4AX1mMiANAV51FBDb9f+QQ+q1EDqGz/83VKggoIvHSZCOW3dkNWR2uy82uO8C59sbsLrR5AzTTnZN2zlaIjW2q42I838mKfO7MfYXutwQbTpepr/Brtbldm+HRjxugJJMDFvBqSlylSnFA+jeWq7RNRP1+ZxGULO8I2BTPqdRVyRHcIWjyQABTctDcDgDLMpPxrMBTtmC2/CFH5pIT3w6gbrYRwYFZh7fNprOYRRPOkGHMZK6ccMCpm2uRR4b5daB1MidqJUsX999ma2TEmsUJSQZr6mS2r/QvwZ2R9QziIkBxh91vCg6HMaHl8/ISlryZVlkWNY1P2jgCMw0jJ58NxeBVAjVWw3iL+i9JU/q51r8J3nZHi5ql90JMaVdYWw8I2GLYWDHQnES9srEXtJwJNLzE69lQuL8ARmey4gt8Q9snen0v3RJVFb466nPKvH51TjIAr3FB2L8NY3RumD4eYl05L5JdNcFVuqmsYdoWQSQdZz23BxRM/QKT2qKjrhxfZuQW1naNDg3qbx5+bLGHlG6m8wRdtkR5SXWQc5a7LG2eURY9T7vy8yxMWzjd5LPMFLd7JlUSjwXw9YBhYTafGuc2TUESs8DCO/hU2zjAn1KM+rmc2T4aF3HexJwt7b7HBmMrDWObdtj09ycV10tp1Z57ZMz18aJdIbaZKopERN25FzIKiTlytiZiWsesLo6mUbsgb7bmjGGjBEDbp9P7ozgZv5H+aR5Y7POl9EG3gfERPsa1nF1qlloOrYT/GX8pUNhXAxH6QfX7WF+ANiMB/L/X4L0/XufV7shCWfQwogZ3t7ARGHr3dIOyx1ABus+M2QUZyI94jHTn+/J6aaxL8qsDGDZ6383Gk/CHa57BklRUrZZYVs9jzDe7+12gDfID/eP+nnKuohwCY1KcHL5QCRUg8KN1ZIyH1FYz489l/qKFG1nO33iJv/l6opWjIv98EM88ckA7zxU1+UgjxNiBo0EGJPw1erwTwUzehTnj303HuTGbtGjgE/vK8M+rCCpL9L0YAFQyXqeuqQs6yM3PHCyKfvThCAnwnTIGn2mZcyu/GGGOO9Hse/islh4cYldxC8psKNfNlf6qT43MOf+gDJ2GKU2kzU5tivlNqXbgAs=,iv:8SWNl65v24W504eG64L65rDmvqrkF5VJhufN3u/wRG4=,tag:oapDfnOAPyPDiJrxGHtiJA==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
@ -14,77 +14,68 @@ sops:
|
||||||
- recipient: age1d9p83j52m2xg0vh9k7q0uwlxwhs3y6tlv68yg9s2h9mdw2fmmsqshddz5m
|
- recipient: age1d9p83j52m2xg0vh9k7q0uwlxwhs3y6tlv68yg9s2h9mdw2fmmsqshddz5m
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5V1ZQcTBNeFF6NjdXMThQ
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSSS9JWTZPak52ZFloYTZq
|
||||||
QnMxVFZHZlBwTk5CU1pSNFBPTUt6MmR2NVNrCnFjd0Q5d0pwZGdJbDlDdS8wNG5Q
|
N3Ewa2hrbUZmZ0Y2aVpzaTZjN1hzWTlqRmg0CkdIZk9IMDdWQ2xsYmdHcGM3WmVk
|
||||||
aHdqekpmREhlbEVMUjZNc1BscU5xbjgKLS0tIFdLUC9wNGlyOFd3WjRnc0IwZU85
|
cnVXVkprbXlQeDdzSkEvbW9SSE1aU3cKLS0tIHpuQUY1TmdKbGpZQ3N5Vk5LdzBC
|
||||||
alhDYk1DelpINjYvVmlCa1pKY3hjV3cKF7aIzA9U1bPVP6bQbYCTjXKptE9Rovyi
|
VVp6Q1ZNR3gycSsxU3Q3SGtNUDN4cEUKDXO3QyNQfXqn587meoAZqraGMl4ASeOf
|
||||||
CVBUzWWrb2Z12rvjDzIKc/L1iMqLn0PjPsYHL+CHW8z5A6R3m3FDMw==
|
rVJDGWkNhne1YFdAfvbiY6pD7RDxscwiRFqDofH/t0EfN4vwrzIx3Q==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1m83ups8xn2jy4ayr8gw0pyn34smr0huqc5v76e4887az4vsl4yzsj0dlhd
|
- recipient: age1m83ups8xn2jy4ayr8gw0pyn34smr0huqc5v76e4887az4vsl4yzsj0dlhd
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFUFlDK1duT010Nll2cmV3
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrSEZKOUJTTjE4YTRQUnFW
|
||||||
ZVRKM0tFNGVHQXM0Q001ZGtIZVV4bVByTVRZClZVclFEMVlSYnp2ZElNZm1DOGpR
|
bzhMcjlSVTRNRWNkSmZSbU5ITFFTbURFbGpJCnpndFR1OVJvWnBOMVovdVVGWkZ4
|
||||||
bzNCUkQrNXF4UlU5WHloaEtzMW5wMUEKLS0tIFpwQ0pLRjFJOUR0dEhhTVBhT3hJ
|
Wk9xa29kekgxRnlqbFg4YzN0OE9ZYUUKLS0tIGsxeUhWdU5NaTE3cHpYNXF2OUlK
|
||||||
c09wdG1jVlREUk5QUThKRFpsSlRUM1EKjxe9zkAp8t3gwMFOipPZeVdIyEnOTm77
|
eGNyTXdqWFNvZ0NVOCsvaG55dUdaMEkKW9SxqP6Jpn72VAwPhn3laO1OE+gYzLvb
|
||||||
0EnaO+oPJNTE+WefHKEEnqkUP0JY6vkDSkymgLtlPnY9VkAWP7ymbw==
|
10NfaR+2P0EJZ3nwc0sLKmPmSzcRiE9etGtNGFiLgoUNkQ3lnwXj6A==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age18kj3xhlvgjeg2awwku3r8d95w360uysu0w5ejghnp4kh8qmtge5qwa2vjp
|
- recipient: age18kj3xhlvgjeg2awwku3r8d95w360uysu0w5ejghnp4kh8qmtge5qwa2vjp
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxTlZoVGgwSFNOZ214WlBC
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFTTF2TjJ0WGJaTUFIWE9s
|
||||||
dFdBb2tSTjJLU1M2WmZXcS9jU2d4WThab0JFClNQekNJM1dmVjJUeEN3d1F3dVFF
|
S1NHQmRiQUVjSGJLQXZ2VUUrclorT3dIOXprCnQwOUorNXFzNG1DbG8wRW83QTdC
|
||||||
R0c2bFlFNkowZjl5eEJXMllXSzZLSUEKLS0tIG1CUWRZeXE3SksxTUxrQjBTaGpS
|
a2ZpZnM5Vit6bk1SaXRSZnZZT1g4ZzQKLS0tIFd4RVR2LzdvVG5nVzBiKzBPL1p2
|
||||||
VTZqOHB3eFlHZmNlSU9QOGprdWh3bm8KfvR852TCR0nfmXkDgF3FSOR9agJ8GUPt
|
eFJWOGx3Z240clRQN3dNa0Ztb2hrUk0KunfKdWPTZD32KagC+VXmAQDxJAoElHAp
|
||||||
1iK2aDZHLZKcK4mcuPc/qzfCXvTHlIvTDbSD0PbgCyG7gwgX2Qd8mA==
|
mo8a0GGdeVuJiUneJlZ2KYuLkseCyn0HC5qQMUIT8HZJ2bb+RH0vDg==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1lp6rrlvmytp9ka6q89m0e0am26222kwrn7aqd45hu07s3a6jv3gqty86eu
|
- recipient: age1lp6rrlvmytp9ka6q89m0e0am26222kwrn7aqd45hu07s3a6jv3gqty86eu
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3NXpCcmY2T3Zmejd2TUlX
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3ZHAxMVNsK3U1ZlJnaEJj
|
||||||
TDZYMSt6OFdIZC9ibHJid3JxVjlHK0pCWXpnCmF4dTJWNzQ1a0FZdWxJUWZVZEhk
|
eTNhZzRidW9HQ3Jrck0zNmxPYXcvVUtJRTJFClFiMGNuYnEzbVNJNExVSkZ3dVJy
|
||||||
Tk44YWQ5U2dWc2orcTExMjIwT3ZOVmcKLS0tIDJpbkEyNmJmQU1PemhpYzBycjV6
|
MHlRdG1uNHhZb3daNW03bVJrOGZmNmsKLS0tIER3RUg0TDRQT09jdy9xNzF6OUtq
|
||||||
V0pHbjhRcERyb042L0ZMUnZSdVpOOEUKICA6kYzVpAwMaoKrZIkj7GIjv4mGRzu5
|
VHR4NjUxZGpRYzNKaHhlVTdJQXBmTlkKHgqnACFlEusz0/W+I/O2smr/SV2Oiw9Y
|
||||||
3sm2D/yeE68TXH6PvHPRZpkLAqrn2HvQuviIgHXH3Flgeuu+DGl8cQ==
|
wCqCyVfB+kGrfgq08e8ki8NXv3PDT637BU3kXFaOTQhzSE0aCpD8qw==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1e4sd6jjd4uxxsh9xmhdsnu6mqd5h8c4zz4gwme7lkw9ee949fc9q4px9df
|
- recipient: age1vsqx6kukrfhrwdy4sujnra5gsswzuh0cfcfdh0d9qjrkts8hl5aqnjx32m
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMLzdsOHpDUW9Vb3c5cVFZ
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvTXJWQThMaDZNajBFOVRT
|
||||||
a0VOMEdjS2kzbTVtcU0zeXdOclJxbU5FSFE0CkwrdGN5VTNxT2Y0VUdOT0ZnMWlz
|
NEpJK3RvbzRKUXE0NWpRQVA0aWJSYVNxWkhNCk1nWHVaYmZNQkdQZFJIOTZKTWxC
|
||||||
VGxwNGFSSUttZjdIVDlRL1JQekhSdkUKLS0tIE9JbUJWeFRVbXVyNkJIVTQ0bS81
|
RXpOaHc4dzNBZ0txcFhtbjVVSjhDbXMKLS0tIDkwSnFTTjBZZE5hZTdXeTI1Q2F6
|
||||||
Zk14MEtrR2pRSWVPUEJONVNKNUl4VXMKJ93XAmrAH25gUTbtY4HQjSKCJqH8yK7t
|
Skw3OUt4SVlrQ0M0d0h3KzNubjZ6SDgKiEvuO+RqygeSSzeUlQJSPuzNY4tbzKso
|
||||||
5WGip1wjuP/jab8ycHaM8MK6hH7qKJGLKF0Q+agvQok7RKqZl5+ikA==
|
bt/fSCV4ulFTvjybD9lfA9dclHGM/IRA9obCQd8RsCBQuXo9cuWnjA==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age19jm7uuam7gkacm3kh2v7uqgkvmmx0slmm9zwdjhd2ln9r60xzd7qh78c5a
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvYUhubnhKcnFDZml5Qjl6
|
|
||||||
MzgvVFk4QzNwOWdSWDh6RlBDdTVzRWMrTmdBCktBZVdKWW9JdGxEVlRtVCtMYXpB
|
|
||||||
YTV4TmNlRnFzMTcwWGZSeWtzN3hxRFkKLS0tIHpsMTNLckhMRkM5V0xqbmFjOUpK
|
|
||||||
ZFl0QlZCUmcvQXBvcFpoZHJNZ0xUQTgKTnAjik5QM++wy3+y8N5zHk+nY1+bMfr8
|
|
||||||
5IQBIQuoJUhvj8GPniyYRHEhzttfYNuYJaENQcuYOaIpbGb3jTmBJA==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1nwnqxjuaxlt5g7fe8rnspvn2c36uuef4hzwuwa6cfjfalz2lrd4q4n5fpl
|
- recipient: age1nwnqxjuaxlt5g7fe8rnspvn2c36uuef4hzwuwa6cfjfalz2lrd4q4n5fpl
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArQW1McmZlNVhDR1VRMUM5
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVZkQ0NzVGMWJ4Tk9vYnZC
|
||||||
UVk4aGd1RDZxQ3RlSG1UUEd0R1gyUU1VUkg4Clo0eFgxVlcvNnNtWVZZajRGYUZJ
|
dmo5U2FJa0pOUmt1K09MWFdRamNnaUgwbEM0CnhKRmMyN0RYMG5Uc3ArQVZhVFZX
|
||||||
K3d0ZzNSSG16dGVONjU2cDMzbkNvazAKLS0tIE1jcU9ERXZhbW4zM0E3Z3RJWTRm
|
RHQ3SU1TUnQ1SlhvZGp6emFOV1FuVE0KLS0tIE1oQjQ1dUhTMVBaTnZIeVpVNmxp
|
||||||
anA4RmxVOWplWlo0QkFLQ2xFQ3YrRWsK0Z1iH93d8sMj8PbFaLBBO7xqz04f6ytV
|
cnk3ckEyWkdhWkpkQlhJTHlsaGFTNDAK79D2C2RZql38hBJOBnqhOOdb7Z7EJNgj
|
||||||
m6bFiMoTp+hdnFdGZkl3S+4wQBG44uLJ9z6I/SL3H90ZBrVfE0XV0Q==
|
aWfivACOM//hsPCZK+9YFpXJ08Nb6iBlNKzYsTW7qJ+Ue9M9i9JShA==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1a8z3p24v32l9yxm5z2l8h7rpc3nhacyfv4jvetk2lenrvsdstd3sdu2kaf
|
- recipient: age1a8z3p24v32l9yxm5z2l8h7rpc3nhacyfv4jvetk2lenrvsdstd3sdu2kaf
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoTSsvbFEvc0ZjQUl5WWhl
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqdHRRVEY1dmR2WjM3YVhk
|
||||||
Q0tWVndqbGlMcnpYMzUxdnlWVGxubldaWVZFCnpBdHRaa052aUJWZENBR1QvTXgx
|
dFZ6UmUxUTJKR3RKMUM0UXVaMUJwMzJRTmpnCjJtdjgwNnphOU5EdUxkSUp6UkQy
|
||||||
Nld6UHpPR05yQ0g4ZEVKVVhQUUdNVWcKLS0tIE1aMm1XOWRxWXhiOGk0Y0IzbEdN
|
cS92MGdlTExVbWJIWGlGVVFla001MGcKLS0tIHF6c3MxR1V3N2szeXlNdWhUaGpW
|
||||||
b0VpUGdsdjNpV2ZJYzBNeUZtTFg0NTgKJ9dSsLlgbxotxWyLrY6XWVyg3I3zugG0
|
WWRlTHl1MWFmU293NGJyRVNRTE1RWWMKu5nK98591T0Z4rHIHxCY7mqBW/CF6abl
|
||||||
pvd/gQmiYFxptVmBPw+GkOZJBugHpURQznXq6DEo0hVaYLoxoaFBNQ==
|
3/ygImXkb15Ws4b4mcN67vk3omg9CB6s0SHfFk1GAu6CiN7MufHQ+Q==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-10-01T23:46:47Z"
|
lastmodified: "2024-07-15T23:16:58Z"
|
||||||
mac: ENC[AES256_GCM,data:3vtZhdp4eCAlzq+LWypv5wb5qAdFM3wYTmbtvHMIxG21Z2joEH75i2BqYRl8sQPDSM01wbwZp04/pgjEBogrBrwC8Jt3fAB1ptx9A1vPBIwjcprFR53/A0SFRqb3eXJbwRMS3axZx2yp3qzv73en1vcfRgS2YfjaH8knH1f6/CE=,iv:L3NBzPNHi1wBLA2+sI+Ncl57el61friVvar1HbFWSW0=,tag:sxm8CFpwTt4jgyHBPqVihg==,type:str]
|
mac: ENC[AES256_GCM,data:pmZjxv+vcznnamHNvOL7sr8wrejmcqo6D/NpizVo7TPo6cs59vTQ2fXmM0zlfJs81wZVe8cMcv2LXITSmjpZOsrhYuzMpPsc9HGzdwfOXVTfdVDYWVwNd4LsXMW40rqUbZyVtp8zAOW4eF5iY0H+acPxMcBbogoQKOU94a0NqzU=,iv:vFcpIrA9KRMawLCbMqWbKcGFPBcMp3mQRIgje5dV5S8=,tag:iuEaP9jjhhvjMjChvaoBCQ==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.8.1
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
{ pkgs, ... }: {
|
{ ... }: {
|
||||||
imports = [ ./resources/prune-backup.nix ];
|
imports = [ ];
|
||||||
|
|
||||||
networking.hostId = "cdab8473";
|
networking.hostId = "cdab8473";
|
||||||
networking.hostName = "varda"; # Define your hostname.
|
networking.hostName = "varda"; # Define your hostname.
|
||||||
|
@ -22,17 +22,13 @@
|
||||||
|
|
||||||
swapDevices = [ ];
|
swapDevices = [ ];
|
||||||
|
|
||||||
|
|
||||||
# System settings and services.
|
# System settings and services.
|
||||||
mySystem = {
|
mySystem = {
|
||||||
purpose = "Production";
|
purpose = "Production";
|
||||||
system.motd.networkInterfaces = [ "enp1s0" ];
|
system.motd.networkInterfaces = [ "enp1s0" ];
|
||||||
security.acme.enable = true;
|
security.acme.enable = true;
|
||||||
services = {
|
services = {
|
||||||
forgejo = {
|
forgejo.enable = true;
|
||||||
enable = true;
|
|
||||||
package = pkgs.unstable.forgejo;
|
|
||||||
};
|
|
||||||
nginx.enable = true;
|
nginx.enable = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,24 +0,0 @@
|
||||||
{ pkgs, ... }:
|
|
||||||
|
|
||||||
let
|
|
||||||
cleanupScript = pkgs.writeShellScriptBin "cleanup-backups.sh" (builtins.readFile ./prune-backups.sh);
|
|
||||||
in
|
|
||||||
{
|
|
||||||
systemd.timers.cleanup-backups = {
|
|
||||||
wantedBy = [ "timers.target" ];
|
|
||||||
timerConfig = {
|
|
||||||
OnCalendar = "daily";
|
|
||||||
Persistent = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
systemd.services.cleanup-backups = {
|
|
||||||
script = "${cleanupScript}/bin/cleanup-backups.sh";
|
|
||||||
serviceConfig = {
|
|
||||||
Type = "oneshot";
|
|
||||||
User = "forgejo";
|
|
||||||
StandardOutput = "journal+console";
|
|
||||||
StandardError = "journal+console";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,20 +0,0 @@
|
||||||
# Set the backup directory
|
|
||||||
BACKUP_DIR="/var/lib/forgejo/dump"
|
|
||||||
|
|
||||||
# Keep the 3 most recent backups
|
|
||||||
KEEP_NUM=3
|
|
||||||
|
|
||||||
echo "Starting backup cleanup process..."
|
|
||||||
echo "Keeping the $KEEP_NUM most recent backups in $BACKUP_DIR"
|
|
||||||
|
|
||||||
# Find all backup files, sort by modification time (newest first),
|
|
||||||
# skip the first 3, and delete the rest
|
|
||||||
find "$BACKUP_DIR" -type f -name "forgejo-dump-*" -print0 |
|
|
||||||
sort -z -t_ -k2 -r |
|
|
||||||
tail -z -n +$((KEEP_NUM + 1)) |
|
|
||||||
while IFS= read -r -d '' file; do
|
|
||||||
echo "Deleting: $file"
|
|
||||||
rm -f "$file"
|
|
||||||
done
|
|
||||||
|
|
||||||
echo "Cleanup complete. Deleted all but the $KEEP_NUM most recent backups."
|
|
|
@ -2,6 +2,6 @@
|
||||||
imports = [
|
imports = [
|
||||||
./backrest
|
./backrest
|
||||||
./lego-auto
|
./lego-auto
|
||||||
./scrutiny
|
./unifi
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,92 +0,0 @@
|
||||||
{ lib, config, ... }:
|
|
||||||
with lib;
|
|
||||||
let
|
|
||||||
app = "scrutiny";
|
|
||||||
# renovate: depName=AnalogJ/scrutiny datasource=github-releases
|
|
||||||
version = "v0.8.1";
|
|
||||||
cfg = config.mySystem.services.${app};
|
|
||||||
in
|
|
||||||
{
|
|
||||||
options.mySystem.services.${app} = {
|
|
||||||
enable = mkEnableOption "${app}";
|
|
||||||
|
|
||||||
# Port to expose the web ui on.
|
|
||||||
port = mkOption {
|
|
||||||
type = types.int;
|
|
||||||
default = 8080;
|
|
||||||
description = ''
|
|
||||||
Port to expose the web ui on.
|
|
||||||
'';
|
|
||||||
example = 8080;
|
|
||||||
};
|
|
||||||
# Location where the container will store its data.
|
|
||||||
containerVolumeLocation = mkOption {
|
|
||||||
type = types.str;
|
|
||||||
default = "/mnt/data/containers/${app}";
|
|
||||||
description = ''
|
|
||||||
The location where the container will store its data.
|
|
||||||
'';
|
|
||||||
example = "/mnt/data/containers/${app}";
|
|
||||||
};
|
|
||||||
|
|
||||||
# podman equivalent:
|
|
||||||
# --device /dev/disk/by-id/nvme-XXXXXXXXXXXXXXXXXXXXXXXXXXXX
|
|
||||||
devices = mkOption {
|
|
||||||
type = types.listOf types.str;
|
|
||||||
default = [ ];
|
|
||||||
description = ''
|
|
||||||
Devices to monitor on Scrutiny.
|
|
||||||
'';
|
|
||||||
example = [
|
|
||||||
"/dev/disk/by-id/nvme-XXXXXXXXXXXXXXXXXXXXXXXXXXXX"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
# podman equivalent:
|
|
||||||
# --cap-add SYS_RAWIO
|
|
||||||
extraCapabilities = mkOption {
|
|
||||||
type = types.listOf types.str;
|
|
||||||
default = [
|
|
||||||
"SYS_RAWIO"
|
|
||||||
];
|
|
||||||
description = ''
|
|
||||||
Extra capabilities to add to the container.
|
|
||||||
'';
|
|
||||||
example = [
|
|
||||||
"SYS_RAWIO"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
|
||||||
# TODO: Add automatic restarting of the container when disks.nix changes.
|
|
||||||
# - https://github.com/nix-community/home-manager/issues/3865#issuecomment-1631998032
|
|
||||||
# - https://github.com/NixOS/nixpkgs/blob/6f6c45b5134a8ee2e465164811e451dcb5ad86e3/nixos/modules/virtualisation/oci-containers.nix
|
|
||||||
virtualisation.oci-containers.containers.${app} = {
|
|
||||||
image = "ghcr.io/analogj/scrutiny:${version}-omnibus";
|
|
||||||
autoStart = true;
|
|
||||||
|
|
||||||
ports = [
|
|
||||||
"${toString cfg.port}:8080" # web ui
|
|
||||||
"8086:8086" # influxdb2
|
|
||||||
];
|
|
||||||
|
|
||||||
environment = {
|
|
||||||
TZ = "America/Chicago";
|
|
||||||
};
|
|
||||||
|
|
||||||
volumes = [
|
|
||||||
"${cfg.containerVolumeLocation}:/opt/scrutiny/config"
|
|
||||||
"${cfg.containerVolumeLocation}/influxdb2:/opt/scrutiny/influxdb"
|
|
||||||
"/run/udev:/run/udev:ro"
|
|
||||||
];
|
|
||||||
|
|
||||||
# Merge the devices and extraCapabilities into the extraOptions property
|
|
||||||
# using the --device and --cap-add flags
|
|
||||||
extraOptions =
|
|
||||||
(map (disk: "--device=${toString disk}") cfg.devices)
|
|
||||||
++
|
|
||||||
(map (cap: "--cap-add=${cap}") cfg.extraCapabilities);
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -3,7 +3,7 @@ with lib;
|
||||||
let
|
let
|
||||||
app = "unifi";
|
app = "unifi";
|
||||||
# renovate: depName=goofball222/unifi datasource=github-releases
|
# renovate: depName=goofball222/unifi datasource=github-releases
|
||||||
version = "8.4.62";
|
version = "8.3.32";
|
||||||
cfg = config.mySystem.services.${app};
|
cfg = config.mySystem.services.${app};
|
||||||
appFolder = "/eru/containers/volumes/${app}";
|
appFolder = "/eru/containers/volumes/${app}";
|
||||||
# persistentFolder = "${config.mySystem.persistentFolder}/var/lib/${appFolder}";
|
# persistentFolder = "${config.mySystem.persistentFolder}/var/lib/${appFolder}";
|
||||||
|
@ -14,15 +14,10 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
networking.firewall.interfaces = {
|
networking.firewall.interfaces.podman0 = {
|
||||||
enp130s0f0 = {
|
|
||||||
allowedTCPPorts = [ 8443 ];
|
|
||||||
};
|
|
||||||
podman0 = {
|
|
||||||
allowedTCPPorts = [ 8080 8443 8880 8843 ];
|
allowedTCPPorts = [ 8080 8443 8880 8843 ];
|
||||||
allowedUDPPorts = [ 3478 ];
|
allowedUDPPorts = [ 3478 ];
|
||||||
};
|
};
|
||||||
};
|
|
||||||
virtualisation.oci-containers.containers.${app} = {
|
virtualisation.oci-containers.containers.${app} = {
|
||||||
image = "ghcr.io/goofball222/unifi:${version}";
|
image = "ghcr.io/goofball222/unifi:${version}";
|
||||||
autoStart = true;
|
autoStart = true;
|
|
@ -1,6 +1,5 @@
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./gnome.nix
|
./gnome.nix
|
||||||
./kde.nix
|
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,29 +1,18 @@
|
||||||
{
|
{ lib, config, pkgs, ... }:
|
||||||
lib,
|
with lib;
|
||||||
config,
|
|
||||||
pkgs,
|
|
||||||
...
|
|
||||||
}:
|
|
||||||
let
|
let
|
||||||
cfg = config.mySystem.de.gnome;
|
cfg = config.mySystem.de.gnome;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
options = {
|
options = {
|
||||||
mySystem.de.gnome = {
|
mySystem.de.gnome = {
|
||||||
enable = lib.mkEnableOption "GNOME" // {
|
enable = mkEnableOption "GNOME" // { default = false; };
|
||||||
default = false;
|
systrayicons = mkEnableOption "Enable systray icons" // { default = true; };
|
||||||
};
|
gsconnect = mkEnableOption "Enable gsconnect (KDEConnect for GNOME)" // { default = true; };
|
||||||
systrayicons = lib.mkEnableOption "Enable systray icons" // {
|
|
||||||
default = true;
|
|
||||||
};
|
|
||||||
gsconnect = lib.mkEnableOption "Enable gsconnect (KDEConnect for GNOME)" // {
|
|
||||||
default = true;
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
};
|
config = mkIf cfg.enable {
|
||||||
|
|
||||||
config = lib.mkIf cfg.enable {
|
|
||||||
# Ref: https://nixos.wiki/wiki/GNOME
|
# Ref: https://nixos.wiki/wiki/GNOME
|
||||||
|
|
||||||
# GNOME plz
|
# GNOME plz
|
||||||
|
@ -49,15 +38,13 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
udev.packages = lib.optionals cfg.systrayicons [ pkgs.gnome.gnome-settings-daemon ]; # support appindicator
|
udev.packages = optionals cfg.systrayicons [ pkgs.gnome.gnome-settings-daemon ]; # support appindicator
|
||||||
};
|
};
|
||||||
|
|
||||||
# systyray icons
|
# systyray icons
|
||||||
# extra pkgs and extensions
|
# extra pkgs and extensions
|
||||||
environment = {
|
environment = {
|
||||||
systemPackages =
|
systemPackages = with pkgs; [
|
||||||
with pkgs;
|
|
||||||
[
|
|
||||||
wl-clipboard # ls ~/Downloads | wl-copy or wl-paste > clipboard.txt
|
wl-clipboard # ls ~/Downloads | wl-copy or wl-paste > clipboard.txt
|
||||||
playerctl # gsconnect play/pause command
|
playerctl # gsconnect play/pause command
|
||||||
pamixer # gcsconnect volume control
|
pamixer # gcsconnect volume control
|
||||||
|
@ -75,15 +62,17 @@ in
|
||||||
|
|
||||||
# enable gsconnect
|
# enable gsconnect
|
||||||
# this method also opens the firewall ports required when enable = true
|
# this method also opens the firewall ports required when enable = true
|
||||||
programs.kdeconnect = lib.mkIf cfg.gsconnect {
|
programs.kdeconnect = mkIf
|
||||||
|
cfg.gsconnect
|
||||||
|
{
|
||||||
enable = true;
|
enable = true;
|
||||||
package = pkgs.gnomeExtensions.gsconnect;
|
package = pkgs.gnomeExtensions.gsconnect;
|
||||||
};
|
};
|
||||||
|
|
||||||
# GNOME connection to browsers - requires flag on browser as well
|
# GNOME connection to browsers - requires flag on browser as well
|
||||||
services.gnome.gnome-browser-connector.enable = lib.any (user: user.programs.firefox.enable) (
|
services.gnome.gnome-browser-connector.enable = lib.any
|
||||||
lib.attrValues config.home-manager.users
|
(user: user.programs.firefox.enable)
|
||||||
);
|
(lib.attrValues config.home-manager.users);
|
||||||
|
|
||||||
# And dconf
|
# And dconf
|
||||||
programs.dconf.enable = true;
|
programs.dconf.enable = true;
|
||||||
|
@ -110,4 +99,6 @@ in
|
||||||
atomix # puzzle game
|
atomix # puzzle game
|
||||||
]);
|
]);
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,65 +0,0 @@
|
||||||
{ lib, config, pkgs, ... }:
|
|
||||||
let
|
|
||||||
cfg = config.mySystem.de.kde;
|
|
||||||
flameshotOverride = pkgs.unstable.flameshot.override { enableWlrSupport = true; };
|
|
||||||
in
|
|
||||||
{
|
|
||||||
options = {
|
|
||||||
mySystem.de.kde = {
|
|
||||||
enable = lib.mkEnableOption "KDE" // { default = false; };
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
config = lib.mkIf cfg.enable {
|
|
||||||
# Ref: https://wiki.nixos.org/wiki/KDE
|
|
||||||
|
|
||||||
|
|
||||||
# KDE
|
|
||||||
services = {
|
|
||||||
displayManager = {
|
|
||||||
sddm = {
|
|
||||||
enable = true;
|
|
||||||
wayland = {
|
|
||||||
enable = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
desktopManager.plasma6.enable = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
security = {
|
|
||||||
# realtime process priority
|
|
||||||
rtkit.enable = true;
|
|
||||||
# KDE Wallet PAM integration for unlocking the default wallet on login
|
|
||||||
pam.services."sddm".kwallet.enable = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
# enable pipewire for sound
|
|
||||||
services.pipewire = {
|
|
||||||
enable = true;
|
|
||||||
alsa.enable = true;
|
|
||||||
alsa.support32Bit = true;
|
|
||||||
pulse.enable = true;
|
|
||||||
jack.enable = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
|
|
||||||
# extra pkgs and extensions
|
|
||||||
environment = {
|
|
||||||
systemPackages = with pkgs; [
|
|
||||||
wl-clipboard # ls ~/Downloads | wl-copy or wl-paste > clipboard.txt
|
|
||||||
playerctl # gsconnect play/pause command
|
|
||||||
vorta # Borg backup tool
|
|
||||||
flameshotOverride # screenshot tool
|
|
||||||
libsForQt5.qt5.qtbase # for vivaldi compatibility
|
|
||||||
kdePackages.discover # KDE software center -- mainly for flatpak updates
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
# enable kdeconnect
|
|
||||||
# this method also opens the firewall ports required when enable = true
|
|
||||||
programs.kdeconnect = {
|
|
||||||
enable = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -5,7 +5,6 @@ with lib;
|
||||||
./containers
|
./containers
|
||||||
./de
|
./de
|
||||||
./editor
|
./editor
|
||||||
./games
|
|
||||||
./hardware
|
./hardware
|
||||||
./lib.nix
|
./lib.nix
|
||||||
./programs
|
./programs
|
||||||
|
|
|
@ -4,38 +4,27 @@ let
|
||||||
cfg = config.mySystem.editor.vscode;
|
cfg = config.mySystem.editor.vscode;
|
||||||
# VSCode Community Extensions. These are updated daily.
|
# VSCode Community Extensions. These are updated daily.
|
||||||
vscodeCommunityExtensions = [
|
vscodeCommunityExtensions = [
|
||||||
"ahmadalli.vscode-nginx-conf"
|
|
||||||
"astro-build.astro-vscode"
|
|
||||||
"bmalehorn.vscode-fish"
|
|
||||||
"coder.coder-remote"
|
|
||||||
"dracula-theme.theme-dracula"
|
"dracula-theme.theme-dracula"
|
||||||
"editorconfig.editorconfig"
|
"editorconfig.editorconfig"
|
||||||
"esbenp.prettier-vscode"
|
"esbenp.prettier-vscode"
|
||||||
"foxundermoon.shell-format"
|
|
||||||
"github.copilot"
|
"github.copilot"
|
||||||
"hashicorp.hcl"
|
# "github.copilot-chat"
|
||||||
"jnoortheen.nix-ide"
|
"jnoortheen.nix-ide"
|
||||||
"mikestead.dotenv"
|
"mikestead.dotenv"
|
||||||
"mrmlnc.vscode-json5"
|
"mrmlnc.vscode-json5"
|
||||||
"ms-azuretools.vscode-docker"
|
"ms-azuretools.vscode-docker"
|
||||||
# "ms-python.python" # Python extensions *required* for redhat.ansible/vscode-yaml
|
# Python extensions *required* for redhat.ansible/vscode-yaml
|
||||||
|
"ms-python.python"
|
||||||
"ms-python.vscode-pylance"
|
"ms-python.vscode-pylance"
|
||||||
|
"ms-vscode-remote.remote-ssh"
|
||||||
"ms-vscode-remote.remote-ssh-edit"
|
"ms-vscode-remote.remote-ssh-edit"
|
||||||
"pkief.material-icon-theme"
|
"pkief.material-icon-theme"
|
||||||
"redhat.ansible"
|
"redhat.ansible"
|
||||||
"redhat.vscode-yaml"
|
"redhat.vscode-yaml"
|
||||||
"signageos.signageos-vscode-sops"
|
"signageos.signageos-vscode-sops"
|
||||||
"tamasfe.even-better-toml"
|
"tamasfe.even-better-toml"
|
||||||
"task.vscode-task"
|
|
||||||
"tyriar.sort-lines"
|
"tyriar.sort-lines"
|
||||||
"yzhang.markdown-all-in-one"
|
"yzhang.markdown-all-in-one"
|
||||||
"fill-labs.dependi"
|
|
||||||
"rust-lang.rust-analyzer"
|
|
||||||
"dustypomerleau.rust-syntax"
|
|
||||||
"mattheworford.hocon-tools"
|
|
||||||
"pgourlain.erlang"
|
|
||||||
"exiasr.hadolint"
|
|
||||||
# "github.copilot-chat"
|
|
||||||
];
|
];
|
||||||
# Nixpkgs Extensions. These are updated whenver they get around to it.
|
# Nixpkgs Extensions. These are updated whenver they get around to it.
|
||||||
vscodeNixpkgsExtensions = [
|
vscodeNixpkgsExtensions = [
|
||||||
|
@ -50,27 +39,12 @@ let
|
||||||
# version = "1.219.0";
|
# version = "1.219.0";
|
||||||
# sha256 = "Y/l59JsmAKtENhBBf965brSwSkTjSOEuxc3tlWI88sY=";
|
# sha256 = "Y/l59JsmAKtENhBBf965brSwSkTjSOEuxc3tlWI88sY=";
|
||||||
# }
|
# }
|
||||||
{
|
{ # Apparently there's no insiders build for copilot-chat so the latest isn't what we want.
|
||||||
# Apparently there's no insiders build for copilot-chat so the latest isn't what we want.
|
|
||||||
# The latest generally targets insiders build of vs code right now and it won't load on stable.
|
# The latest generally targets insiders build of vs code right now and it won't load on stable.
|
||||||
name = "copilot-chat";
|
name = "copilot-chat";
|
||||||
publisher = "github";
|
publisher = "github";
|
||||||
version = "0.21.1";
|
version = "0.18.1";
|
||||||
sha256 = "sha256-8naCDn6esc1ZR30aX7/+F6ClFjQLPQ3k3r6jyVZ3iNg=";
|
sha256 = "BrcrfhkX2VGF9wznTSlPSdPPv126ScbHb1ngBRGtr4E=";
|
||||||
}
|
|
||||||
{
|
|
||||||
name = "remote-ssh";
|
|
||||||
publisher = "ms-vscode-remote";
|
|
||||||
version = "0.113.1";
|
|
||||||
sha256 = "sha256-/tyyjf3fquUmjdEX7Gyt3MChzn1qMbijyej8Lskt6So=";
|
|
||||||
|
|
||||||
}
|
|
||||||
{
|
|
||||||
# Same issue as the above -- auto pulling nightly builds not compatible with vscode stable.
|
|
||||||
name = "python";
|
|
||||||
publisher = "ms-python";
|
|
||||||
version = "2024.14.1";
|
|
||||||
sha256 = "sha256-NhE3xATR4D6aAqIT/hToZ/qzMvZxjTmpTyDoIrdvuTE=";
|
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
# Extract extension strings and coerce them to a list of valid attribute paths.
|
# Extract extension strings and coerce them to a list of valid attribute paths.
|
||||||
|
|
|
@ -1,5 +0,0 @@
|
||||||
{
|
|
||||||
imports = [
|
|
||||||
./steam
|
|
||||||
];
|
|
||||||
}
|
|
|
@ -1,5 +0,0 @@
|
||||||
{
|
|
||||||
imports = [
|
|
||||||
./steam.nix
|
|
||||||
];
|
|
||||||
}
|
|
|
@ -1,24 +0,0 @@
|
||||||
{ config, lib, pkgs, ... }:
|
|
||||||
let
|
|
||||||
cfg = config.mySystem.games.steam;
|
|
||||||
in
|
|
||||||
{
|
|
||||||
options.mySystem.games.steam = {
|
|
||||||
enable = lib.mkEnableOption "Steam";
|
|
||||||
};
|
|
||||||
|
|
||||||
config = lib.mkIf cfg.enable {
|
|
||||||
# Steam Games
|
|
||||||
programs.steam = {
|
|
||||||
enable = true;
|
|
||||||
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
|
|
||||||
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
|
|
||||||
};
|
|
||||||
|
|
||||||
# Need that glorious eggroll
|
|
||||||
environment.systemPackages = with pkgs; [
|
|
||||||
protonup-qt
|
|
||||||
];
|
|
||||||
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,5 +1,5 @@
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
# ./nvidia
|
./nvidia
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
security:
|
security:
|
||||||
acme:
|
acme:
|
||||||
env: ENC[AES256_GCM,data:rYeJqYF11Ccw/zDTpfB2ewXIy4cqzHF/d+ar6NUdOGxesiBdJXVbGQtGOOLHTUJ6yKNhdBJ2mpBpCpIdQEdT9+4=,iv:XpjxG0RypUQ0Ub0dKAa8/c4F8TVuRNFXJM5UAfrlMV4=,tag:zCaLPPTp9KHs/AwYNq28gg==,type:str]
|
env: ENC[AES256_GCM,data:JP+Syy9927T9ePL4Ly9FxlJ8F4/g/xejRn9nw2mqpl2ZUTwudp+R+ZI//h14Nej5S07oJt2L3LD/ol7ugdXHFG8=,iv:NJdqDIA0FZzyKRvDgjWmHA17q0FOCqjCk0WdkFMtd5w=,tag:KG8dgCcEOdroFpljNawdGA==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
@ -10,77 +10,68 @@ sops:
|
||||||
- recipient: age1d9p83j52m2xg0vh9k7q0uwlxwhs3y6tlv68yg9s2h9mdw2fmmsqshddz5m
|
- recipient: age1d9p83j52m2xg0vh9k7q0uwlxwhs3y6tlv68yg9s2h9mdw2fmmsqshddz5m
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKOHNGVG5DWVArcngxYXlv
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4ZFJTREJxZ3NlNGtkSmhG
|
||||||
dlFmd1RPenFwSm9TSjhTR3F3cHB6R2lTTGo4Ck1BTVFSd21Xc0hiZlBUdjFrbWFp
|
YTcwVmt1OUNmdTRaVDI5N3JNemszNklHV1dNCmVYczBEQ3BHT3ZhbjUySFNJVjhQ
|
||||||
Q2VoVzQrTEpZbE1yTHpBUVIyNWFiVEUKLS0tIDZLM3gzbUZUajZQaVRtT0dsQlpY
|
dWh6c2ZHRUZTOTJEOTBrS3NuNDNzZW8KLS0tIHp3ckNvdmNYdkh3Znc0OVk5Yk53
|
||||||
VExPSVBLb0R3ekpNTE1jNG9QME5OTkkKPivk0v0xDOzHJSPVJYO6/5wdF1PChXtl
|
ZW5jQmxLMHR6MC8yVFpFdFhsTVBub0kKRdYFNppcSFZ/5gm2WvydESeJOTVYd0Yk
|
||||||
xj6JrycRyQPahncXndTZoQL7EbdXnR2tfMtEE5Ua7l4mK11pE3K8cg==
|
0HQd6o8bAX8dcRhMHyyveWXz94/mcINkqz2mlXoL1N0HRPXcuUu5tQ==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1m83ups8xn2jy4ayr8gw0pyn34smr0huqc5v76e4887az4vsl4yzsj0dlhd
|
- recipient: age1m83ups8xn2jy4ayr8gw0pyn34smr0huqc5v76e4887az4vsl4yzsj0dlhd
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQc0p0TXdtcVZNcngrQXM4
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3RnNVZFowV2NYakYvOEFr
|
||||||
bzBJcERRWVhxLy9QVHBCSnJEMzJTekF4RlU0CmFDWmtMdEdiOFVrRmhRbXc0R3ZE
|
c2pFaDVqekVFeEdPWklkVWxoMjNEMEZrbWtFClFmcGNZYkJqUVF3MlRDcmpqWFZI
|
||||||
RC9mQUF4ZjFkbWlYZHkyZ25NV01hREUKLS0tIEVQWHR5YTJ0KytQYi83MmpWL0tO
|
aU11eElxd2c4YTEzNEQ4RFgraFIxS0UKLS0tIEY5Yi9IUGxjYnpyL2I0eVFNNk83
|
||||||
Q0ZKN2JSMGVsU2h5eW5OTk1Kd3hoS0EKNbVvQ3VwkWloO15CV8v3SP8pD4zc2h04
|
Q3VaYjdiYVd0TFVuSld6M25wWHRZMncKaqb2kQvlLGZMaI72npCBuroWK/Fqr9jg
|
||||||
uM4/VlXTsVxVBqRxycdTKdWhmIChb8w98ljQC+iqatCCUiC9vHYIsg==
|
oaBz3rpvYJEox2Naismb2D4fNCtI7Z1hLhPqq/jGAiczNaU039N9Bg==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age18kj3xhlvgjeg2awwku3r8d95w360uysu0w5ejghnp4kh8qmtge5qwa2vjp
|
- recipient: age18kj3xhlvgjeg2awwku3r8d95w360uysu0w5ejghnp4kh8qmtge5qwa2vjp
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmNTVwbGNWRHNaRkd4N0Z3
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQdC9BM21iMldoUkIwdnpr
|
||||||
U3ZrYWRMNGJSMTI4UjljQkozTHAvdXpIaVZjCmJMNmdoVjBZZHRqcHBkcEpiL2dC
|
a0hXbUNzNFJFTDF3ZS9CSFBENHdNTTZDU1RzCm9QbVdLMnRyTDRQNFE2U2w3cXpW
|
||||||
ak5xNGVRV0NoV2c5TCsvbkhWM2JqeXMKLS0tIG9uMmpJUzdMTUhVWWsxSWFaSTVy
|
WkdKRFdocnRNaUxLejExSE5STjdCTkEKLS0tIHZvKzVtWnV4WWxRZXFMVWpobHJt
|
||||||
VHhxQ1U3L042VGpNdjI4RVNiRFlqU00KPuDqqR7EeclGGOs0R/3PsB+dnNo20Lh+
|
WlVNd2xNb2c0YVB5WlJtbTVreFhadFUK32KcIdcbt1rAk2+GWe5slpAdHcTBWoKs
|
||||||
GiCWjFy9MVEsrlZV7pd9cb0ggYTm09H0ZD5kb+++Er9WJqb7Ss+iOQ==
|
wGOEayXeMi9EGYtx7v1oJ8+xlo2wRW/i1pKdCRK4vi4FtaXT65zglw==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1lp6rrlvmytp9ka6q89m0e0am26222kwrn7aqd45hu07s3a6jv3gqty86eu
|
- recipient: age1lp6rrlvmytp9ka6q89m0e0am26222kwrn7aqd45hu07s3a6jv3gqty86eu
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByRGdRRWUybHNiZzZaM1hv
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxb2wzMW1EUUx5VFp0Ykor
|
||||||
bW5Kb3NIbW1WNFl6aUdLWDA4WWI3RDdZQ0VFCjBXajVsY3BNMWs2QldjZDZWQnZ3
|
UWJEeFlZQTVJTFZIVFExZ1NkcVBCT09XVkU0CmFvWCtsaStjSDR6OVQwTW9iV3Vu
|
||||||
VjBvZ1AwZkVGNTB2RGF5aGp4ckFYYTQKLS0tIFd6L1lyblZ6ZEVXTHJGanhna0JQ
|
cVo3MHhVOTAxQnU3ZWdDcllKaXhnK3cKLS0tIENyYlFtVWtqS05MVVFOWFpZK1Zp
|
||||||
S25RbHI4TENLUzRtM2NGOFNQQUdENm8K3upUW3cVF6fBrii/pEXua5sLwFcU/as3
|
cTFkQlpkZFgvOERSdlFMSHFxR1pTZmcKSRYr/tIskcm4mwiF74Qnd5d0zRRDSzC1
|
||||||
RNDLpyvvA/CCZCuneNS27/nYUcc2rJVDU71OsDA6A6SUivYLTriRbQ==
|
QXidtsl505oGOgT/ujVtPwSJwvJewZT7NJKVRYktS3xY0v/flr1ieQ==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1e4sd6jjd4uxxsh9xmhdsnu6mqd5h8c4zz4gwme7lkw9ee949fc9q4px9df
|
- recipient: age1vsqx6kukrfhrwdy4sujnra5gsswzuh0cfcfdh0d9qjrkts8hl5aqnjx32m
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtaE9UczNPNk0zbWV6Zjdv
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLQjdka1hwejFZR25xbXcr
|
||||||
VXNEVmVibG1xejVObnlBa0JOOVBoQTZvQ0ZVClRSOXBrKzdjVkdGNVc2VmtidE8v
|
Vzc4MVd3eXJOdmxqZVFDVVMvTVhLT0lZdVVFCmFtQkZjSm0wUHdMczM5ckFBaEdQ
|
||||||
Wjlob1Q4cDZRYjB5ejMwWXZzL2NFbUkKLS0tIHdLWjZtcjRjbjNGYjIzeWhqV0t5
|
Y0JMYnR0dGRLYTF1d3NHSyt6MWcrYXcKLS0tIElaT0FjVEdaeExnMUF4OE93Z1Ny
|
||||||
NFBwOUJZYUlicXRqWWtucnJIM2ZXMXcK9UTQ7NxoE5vozWvaDWT285BpZG/VdBh7
|
cnQ0Kzd0aWdrSlN5Y3NIN1kyOVh1WTQKG825r7fM2BXak4Q4GNPwZgmigmPxZXh4
|
||||||
3VrNKMWJLt/OuA0ucJAkK8NJ4mBYviytUk0kRR39nUok5+kM1iJJpA==
|
DTdp3xBgHWpw8eQsi+gBzzf+4boLDTDDi+acLshj+SpIhjPdMZ1BwA==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age19jm7uuam7gkacm3kh2v7uqgkvmmx0slmm9zwdjhd2ln9r60xzd7qh78c5a
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5MjVaRjQ3VTdsUzNHSkxE
|
|
||||||
ZGFiWWZmTzN5N0t3YjBtNGtiWDhNVmduQVM0ClZFMHp6UE5aUjdYaXU3YTk5RDk3
|
|
||||||
Q0ZBcnJLYzVtN3h2UEVSbmtsa1hTbEkKLS0tIEIwL3dkQVRCRm1TaGlUNVpWTUFT
|
|
||||||
MHFjd0ovcXN5S3ZhdXpzU3ZXUnorTjAKPdgr51ho0B2rDKld/UHHC4j1RwRy0fGy
|
|
||||||
6Pl/Qes4Gjvrb4dlDHS4HTEwBs0TbA62DEDI/jquypwxRW55eDMB6g==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1nwnqxjuaxlt5g7fe8rnspvn2c36uuef4hzwuwa6cfjfalz2lrd4q4n5fpl
|
- recipient: age1nwnqxjuaxlt5g7fe8rnspvn2c36uuef4hzwuwa6cfjfalz2lrd4q4n5fpl
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxMmNINWttMHBndGM0eVJI
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtUmVpUHh0QzNLMVhsMHN5
|
||||||
OFlGUEpQRGthS2xuWnNtcjRaWEY0L0JKZzJvCkYzWCtVdE1VNnh1c2lGaUZoN1J4
|
bituWE9Ic2tXTm95cWlUMG9QVWhEcE1sejNBCmw5Q0lTYjExRjdkaCtYMWdkQnZZ
|
||||||
SnN1M25qempwZXBLV0ZPRjJreklnbEkKLS0tIGJYRk5xaFhuK2FwdUtKMHFaTGJZ
|
dXNrQWhZaERBK1hVK0pkbFlvQkc1RHcKLS0tIGcwK0dzUVZFMFh2b0dmWDMyMjdS
|
||||||
QlRmcFpPazh3ZkgzWTh0Y01yTWxMbkEKK525n37sRSRirQQPzVluIwAiYFIbeta+
|
d09MQlZST2ZJY28vRWtkRzRjd3JFKzQKH2pjr7P1mG1m/8L/VLaTVrAQem8rcNGN
|
||||||
0/baUvErrjD9xofBZOm7kenLw/pPtcGXsUFqp9aCM7KGLjgRQTuK6g==
|
tBWqg9XT3aSc+7NqUDkPVvH8STFGVlEhIskKTJA2TuY6CXfqwS3D5A==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1a8z3p24v32l9yxm5z2l8h7rpc3nhacyfv4jvetk2lenrvsdstd3sdu2kaf
|
- recipient: age1a8z3p24v32l9yxm5z2l8h7rpc3nhacyfv4jvetk2lenrvsdstd3sdu2kaf
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqNXhtSE50Yk9BdnRIOUEx
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvRW80Q2x5bllHVDNzTGsr
|
||||||
UW0rRGNHTFJjWWI0R0xqVGVTUkFvSFZyUVcwCmp6b2I2aStEdlNzcGNtcTVML2dz
|
a29PRHJHcHR2Mng2M2lpb1ZXMkV3UlZkQVRvCk01ciszVDlqeUdpa01FbjRtU3hq
|
||||||
TWRRUWVpd0doWFBYTWZZRXFjZ0wxR1kKLS0tIFhSU094RFdXVXFrT2FqbVEwc2FB
|
V2hPS1NTSEdPL01ZZkxVdmI4ZHRRVFkKLS0tIHpjck5OaGl2dGgyUjZlNmlVWkZB
|
||||||
WE93RjBHS1NreWhqTmtEckVWMSt6clEKE24mtrJll0lsXEJktPjCFRpf8DLdxIW4
|
RHZ2TlJOanR6L2tQRm0rc3NVVSs1R1EKdSheY8qXv+ylwqjlpbWsSYD55X4SUT7c
|
||||||
4JjOWY6zgBWxtuvg5rdb5rz7Sp2UaI1LavvhkCdjmpFckdEUDMOOyA==
|
W2czHg0Ezbjk8W7vyDuxdS1LjKSMinfRPUG+oyUwxwrjBN3aAwVDIQ==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-09-18T23:57:27Z"
|
lastmodified: "2024-07-15T23:16:58Z"
|
||||||
mac: ENC[AES256_GCM,data:nBRzGlhrgKchrfnidh/SUNiT04UVeeuck7wWL8M6Jfi0zJItankJaCAHlFzHku5+HYCM+6B1TN5bBKzyrizMAAtZ7fwmUjMt1TgXDSmG4CQXrUSmTkItlHnA1W8MvdFbJY5+cS3aJNx7rnvGp5H5OroedL88L+uuIHqxEx/qxRI=,iv:E4MmeS+xBPIvd2QNxpOHGx2Vpj16s9PZzp6kjkbItqA=,tag:FqVEO7iEjvAuJE4EJ35Yww==,type:str]
|
mac: ENC[AES256_GCM,data:YEm+/mTkdLblxqrQAkCW8QUoQVkK1drgdHCt463aBUl9r04TJdRbij0p3QuLzVIvXJosdBQ0dN0Y/huuFOkP2bixH1q1WtBaqt98iYuR+Gessj7+kDekTNHCNQoZJjbFfqOwIEFNw/if2kY4aHcUoyQQj//yoGTA0vGbqrWzcX0=,iv:KWIo36gl7hOrEDZulqwRwr6eCfc6Hat5f17hpLLDMW8=,tag:3IBrvYXxN4j9I72lwiKq/A==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.8.1
|
||||||
|
|
|
@ -4,7 +4,6 @@
|
||||||
./cockpit
|
./cockpit
|
||||||
./dnsmasq
|
./dnsmasq
|
||||||
./forgejo
|
./forgejo
|
||||||
./glances
|
|
||||||
./haproxy
|
./haproxy
|
||||||
./libvirt-qemu
|
./libvirt-qemu
|
||||||
./matchbox
|
./matchbox
|
||||||
|
@ -16,6 +15,5 @@
|
||||||
./reboot-required-check.nix
|
./reboot-required-check.nix
|
||||||
./restic
|
./restic
|
||||||
./sanoid
|
./sanoid
|
||||||
./syncthing
|
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -18,14 +18,9 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
# Ensure the tftpRoot directory exists
|
|
||||||
systemd.tmpfiles.rules = [
|
|
||||||
"d ${cfg.tftpRoot} 0755 dnsmasq dnsmasq"
|
|
||||||
];
|
|
||||||
|
|
||||||
networking.firewall = {
|
networking.firewall = {
|
||||||
# dhcp ports | tftp port
|
# dhcp ports
|
||||||
allowedUDPPorts = [ 67 68 69 ]; # server/client/tftp
|
allowedUDPPorts = [ 67 68 ]; # server/client
|
||||||
};
|
};
|
||||||
|
|
||||||
# Proxy DHCP for PXE booting. This leaves DHCP address allocation alone and dhcp clients
|
# Proxy DHCP for PXE booting. This leaves DHCP address allocation alone and dhcp clients
|
||||||
|
|
|
@ -9,10 +9,6 @@ in
|
||||||
{
|
{
|
||||||
options.mySystem.services.forgejo = {
|
options.mySystem.services.forgejo = {
|
||||||
enable = mkEnableOption "Forgejo";
|
enable = mkEnableOption "Forgejo";
|
||||||
package = mkOption {
|
|
||||||
type = types.package;
|
|
||||||
default = pkgs.forgejo;
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
|
@ -29,7 +25,6 @@ in
|
||||||
|
|
||||||
services.forgejo = {
|
services.forgejo = {
|
||||||
enable = true;
|
enable = true;
|
||||||
package = cfg.package;
|
|
||||||
# enable sql db dumps daily
|
# enable sql db dumps daily
|
||||||
dump.enable = true;
|
dump.enable = true;
|
||||||
database.type = "postgres";
|
database.type = "postgres";
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
services:
|
services:
|
||||||
forgejo:
|
forgejo:
|
||||||
smtp:
|
smtp:
|
||||||
password: ENC[AES256_GCM,data:sq+vLUV35+sclAszVQRU4up1s1y6K6BNbzSW8hKBN4kavJOZLX6o86xTgNjjScQop1c=,iv:5zbzggdTT59ali0LzmPtaP/jAnGCYoJFcIEZkFNFmJw=,tag:z9s3NQptPwKOC+m/EUVeWA==,type:str]
|
password: ENC[AES256_GCM,data:kkKrSGJER21Q3efHuJ6YJVcmqILMYMME+e1GRdNDOX+sDgKwapY+lJrlELgD5RFVJN4=,iv:/nxRa6Tn1pGGYQ0mds70p3+a9ZYHv6UidngHvI5GTIY=,tag:4rScz6znMhgtQB9V4iDqWg==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
@ -11,77 +11,68 @@ sops:
|
||||||
- recipient: age1d9p83j52m2xg0vh9k7q0uwlxwhs3y6tlv68yg9s2h9mdw2fmmsqshddz5m
|
- recipient: age1d9p83j52m2xg0vh9k7q0uwlxwhs3y6tlv68yg9s2h9mdw2fmmsqshddz5m
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPUXYxY2hGci9ZZ3BId0xE
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpM0tHclk4K3ZTZ2VyTk1i
|
||||||
TFJJVzdJQ2h2TlhNQk8vZFYyajZyUVpiY0E4CjFJR0lGdG1jYk1EejBNTFVwekJD
|
MXliVmtmUXBMWlFlTjZHeEdEbHArUjJwMVRrClViKzZJNXkwMHF3bW5FQUxROVRF
|
||||||
bE0xR01SNWNib3VyRE52TG1hbFYydXcKLS0tIEtkaW9RN2lqYkhwR29JZm9QcHFM
|
UTdadFdseVkzaUpvMnNKaTZkVWNJSVUKLS0tIGxkUmk5ZmFZOWtlUndJdjFSL056
|
||||||
U0hqelgyTWJGUW83emttS1pVYzlNOWcKWp+wQH8iZH6ox+unG6Qx/2vbG8GeMpCa
|
dXh2bG04QXR4THB4WFVSamY0SWpUSGcKwYArSMUjLm7j4+0vdPw8x8WrfIMEvJz1
|
||||||
k3lUrtyqEKxw3V08FA1gWvLF8XWVgYGVS1jlZFypOVLbl5Ig9l+VDg==
|
K8Tqc2IJ1KfH4GGcOveYt9UcgUrzuvXsSnPydKWnc86RuFA+X6Qixg==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1m83ups8xn2jy4ayr8gw0pyn34smr0huqc5v76e4887az4vsl4yzsj0dlhd
|
- recipient: age1m83ups8xn2jy4ayr8gw0pyn34smr0huqc5v76e4887az4vsl4yzsj0dlhd
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmcWsvN2w3MGp3M21xc3BT
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsNTVGdjJ0dGE4aHBDbjRx
|
||||||
UkVueCtwSmdRNjNXNFdYY1NBTUF4Y2czVFVjCmhzcnpKUkVvZGRzSm1KTGs2SldW
|
VWlJeXEzVkF5MXNmN2VNUnZrZTFuam94ZmdZCjZiSXpNZTk0VFVuck9ac3hDenZv
|
||||||
cEZ1djNGUWpaek9lRGFkWVlqSHJDWmcKLS0tIHY1TU1FNm52clhZNVBDOWtrOXI2
|
djZrbndYTjREUG5RSTNFNnhLTkRWSzQKLS0tIHR3L3BDditLcm1BMmlLcWdGNFFt
|
||||||
b0RWamMvdWMvS2tSMnRTcTFlV2hBdUUK2RMSSn4WBhBiv5k0NNoXdwjPJkueOoXu
|
MGRBaFVjTzRNaXlOaGtvUzlmanZTb00Kb/RJFiSQ9XlRAfjrrncoJlDnQAJw9LI3
|
||||||
OXEeslquRSkZ+f/BpbhzFTXRzlQdLA9keMTcM20SK1IBuKICkJ5eyQ==
|
lXX0+BKL4fz8VUFY1dqcuDBSuvssADkDxU4X6yaebt/touhXJ66A8w==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age18kj3xhlvgjeg2awwku3r8d95w360uysu0w5ejghnp4kh8qmtge5qwa2vjp
|
- recipient: age18kj3xhlvgjeg2awwku3r8d95w360uysu0w5ejghnp4kh8qmtge5qwa2vjp
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWbDlZMlcvbkk2WnJmZU1I
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDWUVxVGFobUxZV2M0ZUx4
|
||||||
djR2UEtqbUlsaVVQZjk1R2RjbVpTT3VQVVNBCmV4aWVLOFdkdnhEaWgwU2FzbVRL
|
NkpWTTVYZkM0cmFYNFJXYkE5SHJaaVpvdlVNCkV6UTN4c09ZT1RkVE1EYjlVZkhm
|
||||||
ZVVLVjN5WVdNMWtxbDcrUGYzZ2xNWDgKLS0tIHpTdExXbXF4V1pnSzBMcnFoSWF4
|
Y1ltSWpuSW95SXVkb3pyUVQ1ZGJ2Q28KLS0tIC82WnVsQ3RxSmxaL3czRlI0cTJV
|
||||||
eU83ZVVnblV0eE5ia3QrMndDNG11MXMKF+iGOD0KKJV7YgxmI4ucHjvyGu+0EcIQ
|
OFd6VXJZUnZkT204Y2locHVvb3VpRHMKg9AMO4e5qGgSno/8FWEseUW9bQmfxVS1
|
||||||
smjK+ENxzkfk3yFICjkiIQSVBygvNiV97oPVpYeYGnhyiH3xefgyWQ==
|
UOYzIvtmAZVuL0uxrz6b9TwOv0CooP0+JhNOjcuFzcbMCcM1CQgwvg==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1lp6rrlvmytp9ka6q89m0e0am26222kwrn7aqd45hu07s3a6jv3gqty86eu
|
- recipient: age1lp6rrlvmytp9ka6q89m0e0am26222kwrn7aqd45hu07s3a6jv3gqty86eu
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGUWx5YWhHbWFZeGEvV0VL
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjVFJDbGtEeksrN3lKeXJF
|
||||||
TnU1akp0WHhlczQwbW9LZ3BTYlhFSUVlaWpvCnFsZFFIdXNubGRyQkFnNm1nSUVQ
|
dFIzd280SXRwZmVycHl2YlZ2VEo5dHhQVTE4ClBHS0lKd0FaMkNZT0xlVUF0eURO
|
||||||
d3Z2WUwyVjYraXRxV3NoZVZYbVhyQWcKLS0tIG5LV1hDRng4aDd5eDUzY0k1TXQv
|
TDZ6ZWJBRmtNMUZFN0FqbEVtdUxjYVEKLS0tIHZOTUZwUVdXenlDb2JxUXE3TVgy
|
||||||
SWNzRXgwRTRvL3hEc3ZvVGFiRTQ0UEkK/9vK8sXbEqxQ4KCxzMeFHmqoTSLd/kx3
|
UDZMb2xQVGIraDNxTy8yZDV2cEtHc1kKyjdLT8YcpB0yhXugPcN0scRiiTvpaF06
|
||||||
JBt18+XISrPYptEekZTV6obp2GKxpHDj0LEsNpUIjPWmIbT6gInHBQ==
|
AoBdKBnxWHn1EVuypo75gOvKHwUMDdiQY/WUndQdlNOihDjzCSYGUg==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1e4sd6jjd4uxxsh9xmhdsnu6mqd5h8c4zz4gwme7lkw9ee949fc9q4px9df
|
- recipient: age1vsqx6kukrfhrwdy4sujnra5gsswzuh0cfcfdh0d9qjrkts8hl5aqnjx32m
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxZmFZUE43L1FzTFltamdX
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArM3BsTUhJWTlXSitXN2NG
|
||||||
Uk4zNUtjMmlwcFVEeVB6UmFjWHM2OEpMaGxVCi9HYmFOVjl4MDl1MFAzc3pTbWtO
|
cG1LTWs5MFZYV09Ga3JqREdmZ2NDYVRHa25JCm4vNFZXS3JQdTEzUmxmbld5R1BD
|
||||||
WHIwV0labHpmYUFFcWZwNWdrN1dhVk0KLS0tIHM1VENSWWtUN2hFa1hLcUJjU1VJ
|
dFFWM1Ivd1M5dTNJbExLZThNYmdCbE0KLS0tICsyWmh3bjZLVC9ZSUxBVlpkWksv
|
||||||
amJ2K2xHL1FwMlErZitrSXRwek05TEEK/KDJHIOzuMCp1xON6ZYsgMKbYIQ5MAm8
|
WXpaZDkyOFFnTkYvVDJjdjJGeXVSZGsKjJEb7JlXb8n/l0j32ixReFR+UJm59CYy
|
||||||
W5U9PDE93js7j8lR4dTq2AASB+U5nk3I0MPPrcqhHkVcsSwMuKYSUg==
|
QyGCeBuAWOpeDw5d4jA+WikFrRRAJyiTcvsVi+PAzzqlOAlT0+/KrA==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age19jm7uuam7gkacm3kh2v7uqgkvmmx0slmm9zwdjhd2ln9r60xzd7qh78c5a
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmWHUzSTYvaWRQc1dhWEN2
|
|
||||||
d2JwdjFldkRzbi95Q2JpRlZFaUVGWFU0MUFFCmpaaHdQbmw0Q2FVS1JvMkNYSzR6
|
|
||||||
aDRCRVI1NU9jRXkwMndyUzFwL3BDOUkKLS0tIDFvclN5eXJTWEg4VGhDVFpFSHdV
|
|
||||||
V1FlN0JOVFBXZ1A2SmxZaGkvU0MrU3MKuK+c/lbMvzdREphCn46IvL8X1iOw4BwB
|
|
||||||
9FdstXHyEX8OW0hFl35ZCNvPyd9pwO5fK/sObDrZ5+aCfFE0MbFbyg==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1nwnqxjuaxlt5g7fe8rnspvn2c36uuef4hzwuwa6cfjfalz2lrd4q4n5fpl
|
- recipient: age1nwnqxjuaxlt5g7fe8rnspvn2c36uuef4hzwuwa6cfjfalz2lrd4q4n5fpl
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnK1N0S3pDa2tCdjhiMGJJ
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjSXg3NUVia1hkK08raHRI
|
||||||
T0lDNU9YQXN1bkJuM1NUUnFzeGJBN01WTEVFClVVNmNTekpOOHp6N202L0NzSno3
|
VmlMRENkMHB4bkFJNGNiRGlLUitSQzVrWFZnCkZPWTI4QjhiWUpaYkh2NHZwR1dG
|
||||||
MEwvMUx0c1ZmTFpscFlTM3FDR1VhOE0KLS0tIGM5TjBiQjByWkMwY3lhQm5CVTZJ
|
Z0Zub0JSdWwvM1ptazhUdWpxL3htR1kKLS0tIE91bWZObHVRSmZNNlBJK2FZK2RF
|
||||||
K1pPUER4aVlmN0FKTElEOXdzbVlRMVUKaqTcad+P1DfUqEhD7YUdsGaIx2H4IMco
|
UnBtNmlJbnRYRmVyQ2hMcWNxSjVkVzQKZ9+hpZk/VnMKaVEUoajfBfMjkqz1PbVl
|
||||||
Kh7lk0/ppXFmcRAKWF3luwdLkaebkFzx56MZjJGroNmMvkR0fMUv9Q==
|
Fy6cOfjXzGCtx8vsU3TNILy+23M6e3G7K6ghHnhO5kL4StAY1PTR/w==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1a8z3p24v32l9yxm5z2l8h7rpc3nhacyfv4jvetk2lenrvsdstd3sdu2kaf
|
- recipient: age1a8z3p24v32l9yxm5z2l8h7rpc3nhacyfv4jvetk2lenrvsdstd3sdu2kaf
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5T0syRFJiekFaeDRsY0FT
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzZ3JDSGZ5WTRybGpVdG1Q
|
||||||
NE1DQUgwK3NQS3lQRGRTTXFQVEVkK1pYYkJnCkNWQ3J0b0V1eXF3OVF3R2JjNEpy
|
Y2crbWlQMnAyQjIzbzY4RHcwV3pXdGVzY2s0CnE2MTRLZnRQakU1RzVlQ1NDeXRk
|
||||||
U3libG9INjl4K2VEMHpMMHdRYVViUkEKLS0tIEliSUFLWlhmblFZWCtRdDRGNlNa
|
U21mM0ExVzQ2QllOdTltQlpNOE5EU1kKLS0tIEtOa1BJdnRVY3FuZ2Zlb3g2ajhN
|
||||||
VXhhd1BLcmh5TnVsaEJaOUJURG9VYlEKeFta+e5e2EiJCSL7CMrIoYwyAnCeybEq
|
eTRFakI4MlRBbEJKbXBHSXlBWlZJMmcKaeSAhUZHIlXOaKqnRcARJITwQdJLFbpt
|
||||||
vYfgMETwNaAh/AfGS1mdEABpK1tWi1H6Uu44g8OWTiszjQ09shb76A==
|
Hs5sshvnv+EZjvir9L0EgRtgpUmnpkl+mGnQxaBW4YVf/iiQYTyHsA==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-09-18T23:57:27Z"
|
lastmodified: "2024-07-15T23:16:58Z"
|
||||||
mac: ENC[AES256_GCM,data:DrSjFv1jbSuMO2QL6h8h8ln0Y5VBDBSrqC8rvaLZHkd8MOF4IPsjQORN2coZJNNvOpGhZsTiZ2prBBCQfqGRI+QWNlGTezOfWCZpFa7Fkp7g8TXZQmAkvrpnkFYgcL2JyvN5PrvL1j6gK4+zP7ohjLk1+v1VbYOPSab+N9ftYRI=,iv:VDGLfHXC0/vIue1kIKTGxK5x0CskAyG0CcNUOmHEXfc=,tag:CWXtliE0nCSiiW5O630A1A==,type:str]
|
mac: ENC[AES256_GCM,data:61nap2R6vs3XTFECmq5F1rqPE6eWZyM50dsYtNMfAAWQU9D9cyaDEx6bKkwMyBpxSQNHlGJWoglwRvZH2wQsLB46sdR9UNosqJZD7RRRh/RzkY3SWW6vHeP/YgnfsGgPpMWleBI7jnH/4EMoB8a1PECZiR7L/8BIFDlmdklbJ/I=,iv:G5xTBn3oFBLJHIEqGsghAXrZc115eGwWBbMLBOHET6Y=,tag:bnZodcvP+6nbc/yFcQVogw==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.8.1
|
||||||
|
|
|
@ -1,52 +0,0 @@
|
||||||
{ pkgs, config, lib, ... }:
|
|
||||||
let
|
|
||||||
cfg = config.mySystem.services.glances;
|
|
||||||
in
|
|
||||||
with lib;
|
|
||||||
{
|
|
||||||
options.mySystem.services.glances =
|
|
||||||
{
|
|
||||||
enable = mkEnableOption "Glances system monitor";
|
|
||||||
};
|
|
||||||
config = mkIf cfg.enable {
|
|
||||||
|
|
||||||
environment.systemPackages = with pkgs;
|
|
||||||
[ glances python310Packages.psutil hddtemp ];
|
|
||||||
|
|
||||||
# port 61208
|
|
||||||
systemd.services.glances = {
|
|
||||||
script = ''
|
|
||||||
${pkgs.glances}/bin/glances --enable-plugin smart --webserver --bind 0.0.0.0
|
|
||||||
'';
|
|
||||||
after = [ "network.target" ];
|
|
||||||
wantedBy = [ "multi-user.target" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
networking = {
|
|
||||||
firewall.allowedTCPPorts = [ 61208 ];
|
|
||||||
};
|
|
||||||
|
|
||||||
environment.etc."glances/glances.conf" = {
|
|
||||||
text = ''
|
|
||||||
[global]
|
|
||||||
check_update=False
|
|
||||||
|
|
||||||
[network]
|
|
||||||
hide=lo,docker.*
|
|
||||||
|
|
||||||
[diskio]
|
|
||||||
hide=loop.*
|
|
||||||
|
|
||||||
[containers]
|
|
||||||
disable=False
|
|
||||||
podman_sock=unix:///var/run/podman/podman.sock
|
|
||||||
|
|
||||||
[connections]
|
|
||||||
disable=True
|
|
||||||
|
|
||||||
[irq]
|
|
||||||
disable=True
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -6,27 +6,18 @@ in
|
||||||
{
|
{
|
||||||
options.mySystem.services.matchbox = {
|
options.mySystem.services.matchbox = {
|
||||||
enable = mkEnableOption "matchbox";
|
enable = mkEnableOption "matchbox";
|
||||||
package = mkPackageOption pkgs "matchbox-server" { };
|
package = mkPackageOption pkgs "matchbox" { };
|
||||||
dataPath = mkOption {
|
dataPath = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
example = "/var/lib/matchbox";
|
example = "/var/lib/matchbox";
|
||||||
description = "This is where profiles, groups, and other matchbox configuration is stored.";
|
|
||||||
};
|
};
|
||||||
assetPath = mkOption {
|
assetPath = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
example = "/var/lib/matchbox/assets";
|
example = "/nas/matchbox/assets";
|
||||||
description = "This is where matchbox will look for assets like kernels and initrds.";
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
# Ensure the dataPath and assetPath directories exist
|
|
||||||
systemd.tmpfiles.rules = [
|
|
||||||
"d ${cfg.dataPath} 0755 matchbox matchbox"
|
|
||||||
"d ${cfg.assetPath} 0755 matchbox matchbox"
|
|
||||||
];
|
|
||||||
|
|
||||||
# Matchbox Server for PXE booting via device profiles
|
|
||||||
environment.systemPackages = [
|
environment.systemPackages = [
|
||||||
cfg.package
|
cfg.package
|
||||||
];
|
];
|
||||||
|
@ -36,6 +27,7 @@ in
|
||||||
allowedTCPPorts = [ 8086 ];
|
allowedTCPPorts = [ 8086 ];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# Matchbox Server for PXE booting via device profiles
|
||||||
users.groups.matchbox = { };
|
users.groups.matchbox = { };
|
||||||
users.users = {
|
users.users = {
|
||||||
matchbox = {
|
matchbox = {
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
services:
|
services:
|
||||||
radicale:
|
radicale:
|
||||||
htpasswd: ENC[AES256_GCM,data:O/bI1CUdpal/aJSiLaWtDQ==,iv:iJ4WrQ2vbjRlICcY21R6NGmtOZwO68zANQv52uwm74k=,tag:c2sMcVCUWOjSALNITdx1dg==,type:str]
|
htpasswd: ENC[AES256_GCM,data:5ddA5KQfwz19///HzOsWfQ==,iv:RF0x0m+ODyDjQhn7eSBEXu5Leg0EvpMvuLVErDZihAo=,tag:HhHzXcroFshr1H/ditMARA==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
@ -10,77 +10,68 @@ sops:
|
||||||
- recipient: age1d9p83j52m2xg0vh9k7q0uwlxwhs3y6tlv68yg9s2h9mdw2fmmsqshddz5m
|
- recipient: age1d9p83j52m2xg0vh9k7q0uwlxwhs3y6tlv68yg9s2h9mdw2fmmsqshddz5m
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyZUxOSWd5TnFlazlXcjUv
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0UjFGTkNCaHVEK3ROTVBO
|
||||||
RVBjM01WRjZ4R2d3WGhQWHNheEZWRkdWcWx3CitOekFGZ1RXL1M3QndrWHUzUFNH
|
OUxrcmhjR21YempEZWVIOUlLYVNuMm9XOURNClJkbVZ5MEFmL0dhTWgzNWtYTHUy
|
||||||
QkY2dnYyZlhFMGVvTzBQb05oTjFFZ1UKLS0tIDFYN0pQTHBEMUZTU3QvOEJQS0Rh
|
SUlyZmtYTXZmWUx0V3BGZFRjOTcyWVUKLS0tIDNVSW5ZcU1IdW1jRTJucUxIdm5x
|
||||||
Z2p1ZFVvVVBBZXVwTkhVZ05nNVBOQUkK7qFuomZfRvwFXTUc6LWWT10Ws8xIDcCj
|
TmIvZmRRaFh1clkydDVlcWxvVGJkOGcKFpeAAdv1pi5AixsBKn/0Zo4QRTNBrKdm
|
||||||
AD/HSc9K+lEXHoTNmpHZyUYGnxJljnDNB3d3FS4pKbHujvhvMXwfPQ==
|
8Qy6MVZg8HTf/CezK/XjkAoiB5K96fATXTpdZqZ7jfcuYLdpfEU2jA==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1m83ups8xn2jy4ayr8gw0pyn34smr0huqc5v76e4887az4vsl4yzsj0dlhd
|
- recipient: age1m83ups8xn2jy4ayr8gw0pyn34smr0huqc5v76e4887az4vsl4yzsj0dlhd
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGdnRKZUk5Um5HYUwzbmhL
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDQlRJNlhhdkNLcjRjaFZT
|
||||||
K1A0ZW1YN0d3WllNb28zeDhzS1ppWXhleDBVCmMrRk41WlM1RXN5TkVnVVRYQ3Ev
|
YVZJdDJLeFYwMzJUZlllaElPazhPaE14YWlRClNBWDVkTWx0Qm8xTExyT2dmSjRP
|
||||||
c2RTeVJ1ays1bzg1ZGozMWI5ZWZ1ZHcKLS0tIFRKRlhFT1VwY2lwbUhRd3A4SEds
|
VHdNM3pwQkNXUW5xVTZlVC9YTFFodjQKLS0tIEkyQTVHd0pqelppSXJ5SGpHSVF1
|
||||||
Y3BFY2lpQkExL2V4SjJvU3pTSW5WYzAKO8GMLDaoDrxdZzM8unYvq3/OteDGIwra
|
aUd6ZGhaU3BsdnFVV3NqMDkwbDdVUjgK1BnXUPCCo7M/sdpGfLOOJ5AAjyI9isSx
|
||||||
dRd8c6b5LSoC63Y59WftmmasXFRNrZHZX24vwgwReKapnWmqtQTgrQ==
|
9WJ5+WmNxygzBDczPjJITBrvZMGduAxWqQP/FrLe9rQ/RA3DGJjThA==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age18kj3xhlvgjeg2awwku3r8d95w360uysu0w5ejghnp4kh8qmtge5qwa2vjp
|
- recipient: age18kj3xhlvgjeg2awwku3r8d95w360uysu0w5ejghnp4kh8qmtge5qwa2vjp
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjVFJQM3BnU2hlTVJvT0RQ
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKdWdJandiNXJhMUxwSm5p
|
||||||
WHRVWkJEd3JacnlVSStQYVU3c2QwOThPOVhvCjZOeEFDdXFzeWNoS3JTbktFMDJV
|
eHh5bmM2MmF6d2MvdjBXYmhyZUgvS1V4L2pnCmxDYm1VUi82byt5SFJ6aHdrNmp6
|
||||||
ZDJKV2RlMDRiTW0vRHRBUUhCUGlPUlEKLS0tIGxWT0VmaUNGMXk0a1NYTDI0WDQw
|
dENPTmgvVWZPYmZtN0s2VG8xNHplT00KLS0tIExYcSs1bENBK1NFZUluSjFCOFVp
|
||||||
b2hjeEFPVGdhek8yVEcwN1BzVnFQbFEKNgwnchYNz/afrg6FeFlCikMIaCfsEMYK
|
R3lmaUNyT0lyaWlhdGJySWtLWVNqLzAK28Nd/WUDXXW2BXhLvZpzbOU7kSoMRPaX
|
||||||
PHmfIiM64XReGZGsKL+gxIw33yszbyeOu0vr26tqV3HU/QUE7f19gw==
|
jqx6VRHBcgXvPJcYh1KK0nnxo6+DlLeTXI/ai3H6WI3TbQHNmoLEGQ==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1lp6rrlvmytp9ka6q89m0e0am26222kwrn7aqd45hu07s3a6jv3gqty86eu
|
- recipient: age1lp6rrlvmytp9ka6q89m0e0am26222kwrn7aqd45hu07s3a6jv3gqty86eu
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzTEpra1haektoVFNpMkV6
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGc2lUelNyV3BGNjl0STJw
|
||||||
eGVkQnRpblV5amdMaGZJVVJiMUV1VEYwYkVvCmJZZ1ZvWTRUOVpYRnZkSEcvbzk2
|
clpiSUZUSTUwbEtZYjcvbzVaVi9EQ1d1WlFFCnhQbC9Lelk0V1RmQTJ0K2ZZazdo
|
||||||
MDZ0MVl5NmNBQnJ5ZkhqejI5Nm5URDgKLS0tIDZPRURpVHp4Q1NsRG9ZeGVqRU9X
|
NTZCREhNUE5KbVR0ek1Hd09UbkN2bkEKLS0tIFVyd2YvZ3g2R2dOaEJOcWVWVG9D
|
||||||
WnJ2ejZrZ0hOdDhxZUNnaDhOWVpzVFEKoYnqypCuLKT8OUbtRk6yN9UfWBqbznzE
|
b3REQnhvOENGbWxtdER2T05wS2RINTQKRhMiqLnu2Ww098A24fNtfDFSMC/t7A2D
|
||||||
DgCHiOj590zXsfRpaei/UYx0qdEmtymh7FivkxSRNYylfcngjYiadA==
|
qcLdhazNwKvzCSOW0i+EYsG4beWcqLyDFA5dNpGWyfRYSh3QJWTdmA==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1e4sd6jjd4uxxsh9xmhdsnu6mqd5h8c4zz4gwme7lkw9ee949fc9q4px9df
|
- recipient: age1vsqx6kukrfhrwdy4sujnra5gsswzuh0cfcfdh0d9qjrkts8hl5aqnjx32m
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2QkpxRHJYTEo5cE9ielZl
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsdWNXSks3MEF4eGVHREpp
|
||||||
a1NYUllWYmp2NzZZejJtby9MRkF4ejNPWmtNCmNDMWk3cGg3eVlYUXBCTjg0TmdG
|
VllDczcxbThRYUsxZGhHR0J5TVoyTmFtdWpNCmJHbG5UMExLSHh5ZkwyRDMzc2N6
|
||||||
akRwVFZxMUZMNXAvYzRSYkZlamthVlUKLS0tIHEzYmg3eTFveWppbzk3c3FHM0pn
|
UG1WTnNyTTdldHFDa3VKOG45Q1RmU0UKLS0tIFFXKzZHTm0wTVpheEw5RE12bWlo
|
||||||
bTZ4K2xhN2xRU2VDK040cGpDbjVmVUUKuAsZczZzTWKKxISxWOaxjzxM6wLnsbpT
|
NHFWWlRBdmRRWU1DL25CRmlVdDhhRjgKutzYioPd1LJvQdo/FQ+hQznRqsIhSGfn
|
||||||
dxCkcqbjL8tWs1hACsWhJ4cNGNP7gkF+9RELZvvAHgSMrlpMv7Y80w==
|
c2ZwmE3QgPRhfh1CoeoK+iK/STVlrb8DEPi5VPEOz74+kbr18v+K5g==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age19jm7uuam7gkacm3kh2v7uqgkvmmx0slmm9zwdjhd2ln9r60xzd7qh78c5a
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtZVhZeVdXVXRSWi9tMjRv
|
|
||||||
dlJFRE5NNDZZdStsOUdmMFZBdC9wL2o1S0hRCkpPNE5ic2t2UHdvanJ5bTdheDk2
|
|
||||||
SUhsOTlXZnkrTkRvUXRaZE9SbW9EMGsKLS0tIHRZK3ZBQ1UrMlFGWEdIblk1YURV
|
|
||||||
VUJaWXhJMy9NUC81SjhGR0t0QnZPSDAKnQe+zUSRWvfjwr/c5wIkw/alXelnIK+u
|
|
||||||
BmvB/bps060r8GWIGYsN5mVzBpLAYwqqB4ylpjoLTfhAx3J3A+fRCw==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1nwnqxjuaxlt5g7fe8rnspvn2c36uuef4hzwuwa6cfjfalz2lrd4q4n5fpl
|
- recipient: age1nwnqxjuaxlt5g7fe8rnspvn2c36uuef4hzwuwa6cfjfalz2lrd4q4n5fpl
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaa2hQWlNhdmpZNHkyQmJI
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhdERIZTlEN3NRK2R1WUJL
|
||||||
WGwwZitJaUx5U0xzdURjdlFpN01jMWFvRUZZCndMcHpNclhoR1NXZzVNOWtlY0JD
|
T0ZScVpraUdaQWE2WU4zdUp2Rk96T0xzcGhnClNWSGlKODYrSVBlM0V5RkVaMUt6
|
||||||
c1RSNGVzY1RUa0JLYng2a0w0bFozNXcKLS0tIC9Sb0k4MmpaWUVqMkxUbHlEdlgx
|
YUJIa1NnZTZhM1ZXOGp4ZHZidTR6V2cKLS0tIG54RU91dkZEeFB4WGdaSFpQTjlX
|
||||||
M0hoN29oY1FVNVFGZFVyZVJTM2owYjAKsnVoccpgW7RPuJL66Q9iCOG5GZ41K65e
|
NVF3WGdGZmxxMllBQVlYQy9zTE03VW8KE9LaWyGBs7vRBjayY+8XiFDq0uFQIFfy
|
||||||
7J8lGbHkalzX63VGIOgtvSViIXIeQxw9+Tmf70GQUqcM6czwX8fu5Q==
|
AqeVIQIAlt6EKXzUwCD/otHgCAJmI1T/2QNc7x34HjgQi1NcjZzxJw==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1a8z3p24v32l9yxm5z2l8h7rpc3nhacyfv4jvetk2lenrvsdstd3sdu2kaf
|
- recipient: age1a8z3p24v32l9yxm5z2l8h7rpc3nhacyfv4jvetk2lenrvsdstd3sdu2kaf
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHZWxZWk53cHd1bzhjVmZF
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOdXNFbGNLb0RqZXpQcXda
|
||||||
TUk4RmhENGMvNzZnREdKYU9TTDZzS0Jha1I0CnY3NXZzVlJhTGpVNi8yWlZ5SXN1
|
RDd5ODk1QXk5N1o4Z2N2dytIWlMvVVVSa1VBCkNLSzZWZG5rc1N1d1hQQnladVJ6
|
||||||
Z3I4b3BOcGtpek4vK3JzV1JUVWVMZUkKLS0tIHJMOEZraFB2WXdBVUFDUisrMzBM
|
VGwwSmFkVU9GYmZyQjhiK1ZSNWRrVG8KLS0tIFkyM0FDNUhVK291eGl4cjNTSnRk
|
||||||
TUUzcW1GR1JOcG4yMm9EY3R6WFdTeEUKzJerRRS/5eCDOhOxHEB78qiVOx++z4M/
|
bUs1eUZkcWJYM0NVU3FDMDFKNTNIWUEKbfdIAAfRNO5OXmvxA4az2be6O+aSIzfL
|
||||||
XOEN6X0iDUBDfFJIqtMngMjU9E9DlRIYetMOYLxTpxmdKiv3Njyh/A==
|
lHfQwH+07owhw6K17vJaKlOVGlpTLVpW88497ILCoUrcH9QbVnGAcg==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-09-18T23:57:27Z"
|
lastmodified: "2024-07-15T23:16:58Z"
|
||||||
mac: ENC[AES256_GCM,data:f2p4VkJ7RLGPBbkkesqFKNIVow+/7MobH+AqnELAguGxlMAt1XZaU1cLfyMy1RQIrT0UmUV2xjRf/PGXBVNOTK+A2M0zoI90N8daTvk2xrEX5JVNWycgKVnQfztIgUAf5LA+tcvyWQ/Z/sIN1aGNfbl1tCSq+U+3xjIxZ74qmuw=,iv:wcyjoKWNFLb/jGclNWbHP7wwnkz29iINSfKblqhP+bI=,tag:3RrZXX9pAWQG05ZPI5A35Q==,type:str]
|
mac: ENC[AES256_GCM,data:mgsfpMzhJ0vaoxNTbfXcVZ395e79wFGTK7YmYZY1nUOrTFP5NO8xUB+A9RlnUVrgKEV6eJBLYah6LX29fjwcllgT3aJnk9oFf32PxBPaYxg93m/L5a1+8cHbYn9JqQcPzaqmCCqT1uK5DphO2ztxKqlBhzEhx4UIfh5hBkyu3cI=,iv:n1oVTFkQriDMdRqmcUNApqzfaCX/rGNhzjGPAgPTK7c=,tag:E3uoBzPxhBk0lBF5GMhNoQ==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.8.1
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
services:
|
services:
|
||||||
restic:
|
restic:
|
||||||
password: ENC[AES256_GCM,data:QPU=,iv:6FYmdgpKLplg1uIkXNvyA+DW493xdMLsBLnbenabz+M=,tag:SVY2mEhoPP/exDOENzVRGg==,type:str]
|
password: ENC[AES256_GCM,data:PMY=,iv:GzQOdFF+rDY/WN3uZK7FV2++o2Mh4fnhzHhNnzyiJ4c=,tag:GhnZYmvoaDb3wSbHA50DkQ==,type:str]
|
||||||
repository: ENC[AES256_GCM,data:VGtSJA==,iv:K4FnYzTrfVhjMWf4R7qgPUCdgWFlQAG8JJccfRYlEWM=,tag:43onghqVr44slin0rlIUgQ==,type:str]
|
repository: ENC[AES256_GCM,data:1Ui21g==,iv:qC8f3+nYS9HTF5WqFfiKjAFY0tSQhL1XU6sAgIK7vCs=,tag:ykOm3Tv8XWbqDofPChvHuA==,type:str]
|
||||||
env: ENC[AES256_GCM,data:TWUJ/GE84CTiLo1Gud+XsA==,iv:gKC1VcWnGqEwn5+e5jIqsIfipi3X2oHGvrG0rgqQl9E=,tag:QIBfXblvSDxAVYbZGAN3Mg==,type:str]
|
env: ENC[AES256_GCM,data:tfXFwJZkdFrhwN90u1tT3Q==,iv:ShVllR4+CNOURMwCIF5ionQZEs6Zv+GCQOwpZ3cNlIU=,tag:udAASv7SH635dqNtNf4z7g==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
@ -12,77 +12,68 @@ sops:
|
||||||
- recipient: age1d9p83j52m2xg0vh9k7q0uwlxwhs3y6tlv68yg9s2h9mdw2fmmsqshddz5m
|
- recipient: age1d9p83j52m2xg0vh9k7q0uwlxwhs3y6tlv68yg9s2h9mdw2fmmsqshddz5m
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvRUJEU25EaUhacWFBOVg5
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0QStpWFFiTDF0dkMva28w
|
||||||
TWI3NmtkWFpONHRVZ1BVSVRsQzMraVdmblFBCmd2NzcwMGRTMTR6ck9lcGZSQmVi
|
WGM0TFdOY2VhUGVCTjh6ZzFycmZkci81MWtNCldGZksxNHR5MnFmQ1ZnMVpXK2xo
|
||||||
dHlFeS9RNENKcDEvS2FiRTVrYjVlUGcKLS0tIG1VSW9sejVWZmJHQXlIOVpLMjds
|
OWltSjQ1OEN3WnNqK2xTN3haYWJWYkEKLS0tIFJBSHhSNWtxSkFYcFZrL1o5dGxX
|
||||||
SHV6U2ZhUnVpQVNROGNjNEtZZXI1bEUKXjSwBNA8ylfo4CWlefFfajm2JdYtjUVK
|
RVFWMVJXMnRQdWhFSEwvOVVicG50ek0KMJYN1Xo4Y1QgPGkGcglXa7wip9u8gOeG
|
||||||
bqXlIH/nG+nQ+I4Rj1XHo7hAuxCatuN0bGVBkSlzqIZk58/JladwFg==
|
E4e4s9upSyjZTKOe+6OOnYXjVl3uc0SJLmdjvQyqqMR7SnOTqjqbfw==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1m83ups8xn2jy4ayr8gw0pyn34smr0huqc5v76e4887az4vsl4yzsj0dlhd
|
- recipient: age1m83ups8xn2jy4ayr8gw0pyn34smr0huqc5v76e4887az4vsl4yzsj0dlhd
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMWis3TWZ0djY4YnJNek9N
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIWlNFbXlONEI2L1NhOSs5
|
||||||
T2VXK0IzaStkMisyaUs5MTVHeXY4bytoUWdnCmlmTmRXRlRwOUZVQm5aWkxSKzFB
|
TXA0dERBV0xmUDlHN2FDeXBKZ3FROEE2d2cwCjF2aWZSbGloYStEemozTkJlelZS
|
||||||
UzhtbWd2Q09sbTJPeDRWeTFESkcwWUUKLS0tIDVaN0d4UGlTZUhIaXVKaXJRNThS
|
TC9tMnNDL05YS01lYWFlSjBDMjBNVmcKLS0tIDFYVSszTGVpTWlQc2JFNE5HTGQx
|
||||||
algwTTZsVzNTQngzVUwyU2lpNll0bU0Kjz+34mvPPAfGUQKMH6LXawGou9HjBTjJ
|
allaTGsycThSKzJPT1R0TjhlZ21tYkEK5eFfulRlIjh0j/n55uCtkgTe9Y25Li1k
|
||||||
p9vxncB+7ykvT4e4Z0PpPE/Zo5yvi9rt1T8bZ6dG7GA5vuE/4BarCA==
|
TaMfOiS56aeDBVJx0x/glR2gvxR4yd0si1fPijsbP2179JqE7zFNSg==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age18kj3xhlvgjeg2awwku3r8d95w360uysu0w5ejghnp4kh8qmtge5qwa2vjp
|
- recipient: age18kj3xhlvgjeg2awwku3r8d95w360uysu0w5ejghnp4kh8qmtge5qwa2vjp
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByK2FNS0tJaTdRQzA0VVky
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4YnZoaWIyajVLYjFHT3NR
|
||||||
aERMTVdqRzBwWFV1WFJJcVRKSTFIUlh3U0E0CmFKZm9jUHBpRjJCZk9PVkNWVEFU
|
UTNNY2llYW5mWjJIejhCZ08vSGQvWDZiZ1VRCmNMeWdGelRod2x5NmdhS2RVWGhl
|
||||||
RURReEhGNTRmWWpLa1ZNdVFHK3FQQWMKLS0tIHcrMTBiMGhlcFc3RzlmVEp2OEpX
|
RmxhOGo4OXFINDgxbjQvQkNpakVkZzgKLS0tIDNNVFRmNGQwWmJKYUlFN3hNbVFw
|
||||||
ZHZLdXV4a05NaGRmR2Z1SkZCV25kNUEKHU1v1OK0d2ud7QL+gEoA8R4Z5YgVSP42
|
MXZoMXFkaXhCaHhCclZrb2R1WEVjSjAK2InKsgvBb6tI8gUZYwfGAYOly0pa1mFK
|
||||||
IvnEQxjjXZjC4p+OjFErKcWrVb+3DGzqF1vngJVrXmIgOx/SZKTa/Q==
|
kuQyj0VMYFI3O7c35ZpwNmHCtFzxt2rza7E0DGrYpVUlJgOte6Gicg==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1lp6rrlvmytp9ka6q89m0e0am26222kwrn7aqd45hu07s3a6jv3gqty86eu
|
- recipient: age1lp6rrlvmytp9ka6q89m0e0am26222kwrn7aqd45hu07s3a6jv3gqty86eu
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3MytrUFpsMUVpT3pTNWlq
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhZnZKemIveDRTZGhoN3lB
|
||||||
NjMrRjI5a3NqNzlNV2JlczJRNXNicVZaWVdNCjNnRHM2RGV1SEh6M0U3T0NvdlNQ
|
bHlNOVNFUnAzdVBjRk5HR3lxdGI4UWdDTFdFCkUzMUdEMXk1dVppdTJhMmgxRjBG
|
||||||
a1JIZFp5bHJwMXlNd29DQ2MwckRrczAKLS0tIHdmd2lFZ1FWTFFMUExPeWRXd2U3
|
UDl3UzlhUi9nOS9WZW5naWhyMlN4NWMKLS0tIGJVZndlOTBQMjM3dEROUTdlQzEw
|
||||||
RU9UYXJESnAyYXFITTN0cm5QelR2T1UK3XUlIGQED91sUPc1ITq1rXLj/xhkGM9s
|
NXRkOUhDaTU1am0wbjNXWkVOMUZsZ2sK5uOwOezrleA+zwYcDYjBdGQXRI+27ZLr
|
||||||
R4bsTK5RqpXE+RmGfxeAMP7Om424vjM76l6DU2JkoZietDwR35UA8w==
|
850yLNtKO248aFX128JTk5+J1OV5Dv4QYRbzGfpb0/mK0U1uTXLm1g==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1e4sd6jjd4uxxsh9xmhdsnu6mqd5h8c4zz4gwme7lkw9ee949fc9q4px9df
|
- recipient: age1vsqx6kukrfhrwdy4sujnra5gsswzuh0cfcfdh0d9qjrkts8hl5aqnjx32m
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjc0haNU95V3JRUlpuUjha
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmdU93TEgwVHJSeWJmbGNv
|
||||||
SHpOWThJWVMwbElRaFcrL21jYXA2SFBHeFR3CnV1MkRxbG9QV1dWdjJxWENtQk5L
|
bDlQZVd5SjQ2eGJ0ZjVYVE9MYnRRZmp6czFzClZvVnFjd213MlU3b01jNHJGWm43
|
||||||
M1g0cDJXRjN0VFhiRXZKbG1yS3hXaG8KLS0tIEtScWorRENpbFZWMjVXNnIxTTdi
|
cDkxWVh5MTEzY05lVlg0TGJWbWdvYkUKLS0tIEtqc2c3R1JuOTlmazYrSDdlZXJs
|
||||||
djdBdThNMzFZdlI4TVBJSjdxeXg0VE0Kcwsa/et9gMSlm46rt0vZ/dFy3ZCZQ5Oi
|
L21nOU5oZjVySGdJUGpGUy94U3Ixc2sKeHKCmx5yxHprbCq+76K5MNWVZJjOs+ck
|
||||||
WLJ492+srIeE47Gpye2jN2XAmM4exCijYkZeQvPpLIFvBFmQCK30hQ==
|
QiTxxYKvdI7w2cCfyn9l9+dLcMqlqxdRLnoX99oi2ztIDHZEVEmqsg==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age19jm7uuam7gkacm3kh2v7uqgkvmmx0slmm9zwdjhd2ln9r60xzd7qh78c5a
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMTDI0QXZaMlZLUW9ST0lW
|
|
||||||
Q1M1ZmlpTHpvM0NHejFSNEx0UUFnTVJIN0U4CllRcnVpUjFqOUZRRk5CWXZqT0V0
|
|
||||||
YWwweld0TE9zZGFmUTVDVVl6eDNETzAKLS0tIGtEanVWTHgxSk9Ld3NRYndOL3dZ
|
|
||||||
WXJrUWtncDZjVE50dmw2MHRCelpzZ2cKfLIQbrTsVGXY+UZCC5p/7+bXKHhv8nxt
|
|
||||||
dvvr+VGnH57jmELqSUoWOgefJ6GFNcCoGSYHZ9cn0UgvhZgx1Wpoow==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1nwnqxjuaxlt5g7fe8rnspvn2c36uuef4hzwuwa6cfjfalz2lrd4q4n5fpl
|
- recipient: age1nwnqxjuaxlt5g7fe8rnspvn2c36uuef4hzwuwa6cfjfalz2lrd4q4n5fpl
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRN2M0VmVCQ0JaNVhnRzBj
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhQlNCSytZdTJQbGN3Y2U4
|
||||||
Z2Vqbk9GZUtaZlExYTRPQ3ZJWHIvU283cFRBCjExQnJvZy9SMndJd0VqdUpCSDFJ
|
NlIxSWsyeTIvU0ZrVjhqVTl2K1pMVHN2UXdnClhCU2djUkZGQzRzYUhNNnc2TmlS
|
||||||
ZmJpVFJ1em9iNnNOcnFTQUExeGZESm8KLS0tIGdnWXNtNEg2SHpjRW1mR28vVDRv
|
RVVrdkdqNUxQdGhCYWwyc3NLQ2l5bFUKLS0tIGVxWm01eU5zb2pma2pUU3VPbmxW
|
||||||
VFVRcDh0TlVXR3pYRk1Ybkx3MjhOaVEKsViUc14dePdnukQa3ud/EesnvZL7OCM1
|
cW94Y0dBZVMzbW9icUtyWDV2c1N0ZU0K77jXENggGEHpoe6qQl5O0sBbycrmlPoo
|
||||||
HWJYP81C9O4mU1kwRYtC0lGxMQX6aWiFZ5e2ImSi3w+mBP+KihfmBw==
|
fnIMedUGzXpzYRV8cyKnY1sFGwyU2ymGsUff7cIBablwP1/MAKRJmw==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1a8z3p24v32l9yxm5z2l8h7rpc3nhacyfv4jvetk2lenrvsdstd3sdu2kaf
|
- recipient: age1a8z3p24v32l9yxm5z2l8h7rpc3nhacyfv4jvetk2lenrvsdstd3sdu2kaf
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCUlZ1TER2anNCRHBKQm1v
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrdm9ZNmdvVnhROFZvVVhu
|
||||||
QjhybHFCc1dod1djeWxkRmhBSC9YTW5IV0NJCkM5c3hkYWtLZnJHNVpPYUh4TzBR
|
QkJGQ2J5MkI4VjVLNXNSL2svbnBKZUJ2Y1MwClFsQ1JQSEhlK0JJbTRHNzBNU2tI
|
||||||
U3ZaMEdSTVNsenV0RVorTTZMUXdYT3MKLS0tIDV1dWxjbXNtekZaUk9xaVdOYU93
|
aDl4eFhMMlhib1QzZldUcnVJdVZMSFkKLS0tIHBoYXVYazk4S1VpOE0vV2tqL2hC
|
||||||
UUpVako2MGVobTcvNWRsTWMwZm5ZSVEK1uI5dVSI4vY5hw0oxj21mJYoZB2Jq52z
|
N3JDRm1OMFFobjloaXBNNENrQ29BeVkK/aAtqd93BGI5q3bZHydLxmVp6iBgfNUE
|
||||||
e+RDvcyBFRsS+238UCVi5qDdA8DcnQ2uRiBxKDGC2P3RoVU5TeCfTQ==
|
nf+dZioVWVdoK9LSpoREFuOQu4upZ3MjxkClO0hjBJwaACElPrUF2w==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-09-18T23:57:27Z"
|
lastmodified: "2024-07-15T23:16:58Z"
|
||||||
mac: ENC[AES256_GCM,data:88ZnGTkV1xxZO7UuVm5clZrHUMeiqAG++4X4DbCJGwqL+VDagYVhsui1+PzN62h6TgXtARecHON8TXd8z/NF4ekiY+LAcMC3m9x5AzmGYa7Qd5FKht1O6RfRORBDrojj251cqCifDxeGPq3C/X4Zi8Jg4KTSk1lAJoXMsqJQ3+c=,iv:8NnKOlzXD1jRVQ/tgoChEb0YY18Y7VpEiq85YhupTws=,tag:eUbLR66sNqQ2VIQW0/CBwA==,type:str]
|
mac: ENC[AES256_GCM,data:Eht9Vth1XVzeTCTyS18neiLthQF2c1DZkUkrYv01v1nC6tRPnWPd6+7zPQsQbdUuImwEthFpGDtNY0DLqwuZ9NWWhtEhWspUK2QKxNDKdP/aDT5rnjcf5tvyDK1EGnvTfp/fbw5I+z1mQYfrrUrQNVn6eiZXO+71mF9zoQLu/C0=,iv:TMnbBm1d5BSC6ywdwR4Mmn39qyCEyjSr5ndwtcwQk/k=,tag:qcAjLJl995bSmJtzGX7VbQ==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.8.1
|
||||||
|
|
|
@ -1,46 +0,0 @@
|
||||||
{ sops, ... }:
|
|
||||||
{
|
|
||||||
gui = {
|
|
||||||
user = sops.secrets.username;
|
|
||||||
password = sops.secrets.password;
|
|
||||||
};
|
|
||||||
|
|
||||||
devices = {
|
|
||||||
gandalf = {
|
|
||||||
name = "gandalf";
|
|
||||||
id = "2VYHSOB-4QE3UIJ-EFKAD4D-J7YTLYG-4KF36C2-3SOLD4G-MFR6NK3-C2VSAQV";
|
|
||||||
addresses = [ "tcp://10.1.1.13:22000" ];
|
|
||||||
};
|
|
||||||
legiondary = {
|
|
||||||
name = "legiondary";
|
|
||||||
id = "O4WI2YC-BZBPF2W-2ALNQ2D-UOP3BK5-ZDSEHVH-DIHS2FG-BSVJCXG-GF47XAE";
|
|
||||||
addresses = [ "dynamic" ];
|
|
||||||
};
|
|
||||||
shadowfax = {
|
|
||||||
name = "shadowfax";
|
|
||||||
id = "U3DS7CW-GBZT44M-IFP3MOB-AV6SHVY-YFVEL5P-HE3ACC5-NDDGAOB-HOTKJAC";
|
|
||||||
addresses = [ "tcp://10.1.1.61:22000" ];
|
|
||||||
};
|
|
||||||
telchar = {
|
|
||||||
name = "telchar";
|
|
||||||
id = "ENO4NVK-DUKOLUT-ASJZOEI-IFBVBTA-GDNWKWS-DQF3TZW-JJ72VVB-VWTHNAH";
|
|
||||||
addresses = [ "dynamic" ];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
folders = {
|
|
||||||
projects = {
|
|
||||||
id = "projects";
|
|
||||||
path = "~/projects";
|
|
||||||
versioning = {
|
|
||||||
type = "simple";
|
|
||||||
params.keep = 10;
|
|
||||||
};
|
|
||||||
devices = [
|
|
||||||
"legiondary"
|
|
||||||
"shadowfax"
|
|
||||||
"gandalf"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,57 +0,0 @@
|
||||||
{
|
|
||||||
config,
|
|
||||||
lib,
|
|
||||||
...
|
|
||||||
}:
|
|
||||||
let
|
|
||||||
cfg = config.mySystem.services.syncthing;
|
|
||||||
in
|
|
||||||
{
|
|
||||||
options.mySystem.services.syncthing = {
|
|
||||||
enable = lib.mkEnableOption "Syncthing";
|
|
||||||
publicCertPath = lib.mkOption {
|
|
||||||
type = lib.types.path;
|
|
||||||
description = "The public certificate for Syncthing";
|
|
||||||
};
|
|
||||||
privateKeyPath = lib.mkOption {
|
|
||||||
type = lib.types.path;
|
|
||||||
description = "The private key for Syncthing";
|
|
||||||
};
|
|
||||||
user = lib.mkOption {
|
|
||||||
type = lib.types.str;
|
|
||||||
description = "The user to run Syncthing as";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
config = lib.mkIf cfg.enable {
|
|
||||||
# sops
|
|
||||||
sops.secrets = {
|
|
||||||
"username" = {
|
|
||||||
sopsFile = ./secrets.sops.yaml;
|
|
||||||
owner = "jahanson";
|
|
||||||
mode = "400";
|
|
||||||
restartUnits = [ "syncthing.service" ];
|
|
||||||
};
|
|
||||||
"password" = {
|
|
||||||
sopsFile = ./secrets.sops.yaml;
|
|
||||||
owner = "jahanson";
|
|
||||||
mode = "400";
|
|
||||||
restartUnits = [ "syncthing.service" ];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
services = {
|
|
||||||
syncthing = {
|
|
||||||
enable = true;
|
|
||||||
user = cfg.user;
|
|
||||||
dataDir = "/home/${cfg.user}/";
|
|
||||||
openDefaultPorts = true;
|
|
||||||
key = "${cfg.privateKeyPath}";
|
|
||||||
cert = "${cfg.publicCertPath}";
|
|
||||||
settings = import ./config { inherit (config) sops; };
|
|
||||||
};
|
|
||||||
};
|
|
||||||
# Don't create default ~/Sync folder
|
|
||||||
systemd.services.syncthing.environment.STNODEFAULTFOLDER = "true";
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,85 +0,0 @@
|
||||||
username: ENC[AES256_GCM,data:WSQeuKRVE80=,iv:ci1XiMFsDDx3PbM0sH8ph/twu1FlrI3LSaURp3qaUxE=,tag:GrpaeuVBVK6CqOAiK+F2bg==,type:str]
|
|
||||||
password: ENC[AES256_GCM,data:Er08gOwq4LMXCiH+c1dPq1eGcVU=,iv:TtYcMYMuIRtsPzT47nCe0SEzpy9byuoBIOMTHWEdJkk=,tag:rIeYTmHDYW44pgntALRx1w==,type:str]
|
|
||||||
sops:
|
|
||||||
kms: []
|
|
||||||
gcp_kms: []
|
|
||||||
azure_kv: []
|
|
||||||
hc_vault: []
|
|
||||||
age:
|
|
||||||
- recipient: age1d9p83j52m2xg0vh9k7q0uwlxwhs3y6tlv68yg9s2h9mdw2fmmsqshddz5m
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEcDA4MXZCNlk5TzVKK09L
|
|
||||||
Q0F3bldGN3p6SCtFM1F5dG9QV09uNXhiMFI4CmhFcit6V0FQL1ZYcVJ2UDc3ZWlu
|
|
||||||
bWc5Qzd0eHBjY3NzRUVXM1V6Sm1tR2MKLS0tIGU4YlNYcGltc21ZbENWMC9TS2JQ
|
|
||||||
VEhZdklMcUdBUmh5Q1ZXdEtYZ3htblEKWr8uQWvUbu36eD3Q09aKpHaAXkzBCx2f
|
|
||||||
g9osxa9r8Ih43NWZvJRTQlXdLi7T+oQj3dyYOT3gTL8L8WkbWuG2eA==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age1m83ups8xn2jy4ayr8gw0pyn34smr0huqc5v76e4887az4vsl4yzsj0dlhd
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtMGxrdEV6SUREMFlyK1p5
|
|
||||||
WFZ5aUs4QlNSUUE2eEJXcTVjRitjdlhtTWpFCll1TjlWMWd3N1FoOWRqWTEyODVZ
|
|
||||||
a0dwd1RIb1U0OGdUdkUyM2IvYmhyR3cKLS0tIEhhUzdhTml5b1ZaeWNQV2NpUmVF
|
|
||||||
aHdZV2FWbXpmL0RDTUdjQVBuQnBEUjgKELbs5UPRNslIvZz66Imtf4XfFxLUJkIA
|
|
||||||
xAbMZeGbW61da1kfb5Dc/v/zbB57T1qZNDE48nPfIMpQBNQNh8/9FA==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age18kj3xhlvgjeg2awwku3r8d95w360uysu0w5ejghnp4kh8qmtge5qwa2vjp
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBadDFIK1lRR0Z4RVhHRXUw
|
|
||||||
QldxNk8zUTVOVFpIM1cwV3ZMcXZPcFpTbEZrCm1NWVpsc05ob2FpRVY1VlI5Z291
|
|
||||||
WDI3ZEZwS25tRVpTMDR5SDlodE51VDgKLS0tIHk4VmhJcWswTVpwRyt3bEcxZEM0
|
|
||||||
MVQrSHR0WHI0eHVaVkpDZzhqZG5sZ28K2vw5S5phg4UXCeWr2baPdwtHDPM7OaUf
|
|
||||||
idLK+rKGFLxXWOcgzCJPDvwdIbvrmfueEPf8chmqcHus1JPYKzASJA==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age1lp6rrlvmytp9ka6q89m0e0am26222kwrn7aqd45hu07s3a6jv3gqty86eu
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwTWY2YlFHVU94NnBuRlpN
|
|
||||||
RlpMS3kxOUhvTWtsNnVyQ2ExU0YzdXN4ZEdNCnpKczFjWFBkVGhnRGcwL2xRejVu
|
|
||||||
TGhHUHZzeEpVNm5MVk03Zkp3OFYxNjgKLS0tIGEzL2J3SytvZFp6ZTFXWHF5YlU1
|
|
||||||
dGZwelk0eWRsM2xwMmtxMWhQSkNVMEUKUSuFRNYCAuodVIVq59mfFDD3NIK3aCMS
|
|
||||||
WN0/otRuND5kDy4kmTqFil5E8WwRcpHvjZZOAjqDA16DSriZS6mpbQ==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age1e4sd6jjd4uxxsh9xmhdsnu6mqd5h8c4zz4gwme7lkw9ee949fc9q4px9df
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjckh5R0s5Y0E3STZZbWd3
|
|
||||||
TDNtWUxGYVZCKzluK1FzZG9VaUppVUFpbEJvCjhtZDA0a0preVd1SW8xTW9jQkdO
|
|
||||||
cmJQOE9LNUJDa1Q0dFhYcDh6VUxwSzAKLS0tIEd5SkF0RUwvUUVMSW1IY25Oak1W
|
|
||||||
cHVrZGh6R1YyOStmV2dEbXJsY0U1NTgK7XjhWRazgHzIcsDPIsTV3qrYWhJ6FpCT
|
|
||||||
5P+HUNSjdv1sv/KbexJgjWgG0YNv+eRQnqtxzZaniaWcn5gp1JlR7A==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age19jm7uuam7gkacm3kh2v7uqgkvmmx0slmm9zwdjhd2ln9r60xzd7qh78c5a
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWU0NnS2E1UzlRYVVjcDZC
|
|
||||||
ajhwSGxpUzNENXBSSE82empzd1pmYkt5SUdzCk5TZWJna0w4UU1MQ1R3WHVOMDJU
|
|
||||||
Q0pvM09OZFJFYm5OeHdQVDZBNW1mckUKLS0tIEhraG9YUXYrWUp6S3VqeThpcWZw
|
|
||||||
aEx6bWNNY2t5UFVwcHdBZE9kSEFrYWMKw40ntGaLDFX5tRK5Ir9yRu4Kbsyl7N05
|
|
||||||
uyMlyQ20zL0TmsL5OFEuIF3mhaLyu2GgigQaQcGffx/DUJdLRc8Fnw==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age1nwnqxjuaxlt5g7fe8rnspvn2c36uuef4hzwuwa6cfjfalz2lrd4q4n5fpl
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4SDZaeUtCbWt2OFZRRm9T
|
|
||||||
Y3l1dzZwU2s0WDlaNXNaUHpFaExFamtSS3lRCmE1VHI0M3hqSDNCanFuR2l4SU8r
|
|
||||||
aTR6TlhReDJ4SjUvS0J0aHNyY002eTgKLS0tIHYxdU1WSng0VWZETTFiMGh1OHY5
|
|
||||||
STQyNWUyNDhRTkxVUXd5VHNjZjJjK0kK8SJirqpGCmLCwLlLul6WdAzIWWiAR4Qf
|
|
||||||
usYAmNmjbHLHxNftB9mGLEumJ8IAB20Ywk5EbujMvhJ0w1R7kAyC+w==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age1a8z3p24v32l9yxm5z2l8h7rpc3nhacyfv4jvetk2lenrvsdstd3sdu2kaf
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhbCtUMFhveWVLTzI3Y21Z
|
|
||||||
ZlY2UU9vVFplcUVIbk5Jay82UmNxT2lZSnk0Cm5DRHRGMVZSaDZ1cElxWk9PQWhs
|
|
||||||
SmlRMHBiU1lTNVE2UlpQSXgvSDZqazAKLS0tIGxadVhWYUVOV0Jab05LS0ptendn
|
|
||||||
aWtiSlZlTUdwMW9Eb1dXUERVanVOaFEKSqRistshNg61yLJIe/3kuisRLuvfVbWu
|
|
||||||
ZsN/jk357Zv1VIYwmdm80LqI6zCGNzDaP30+Bxp8RTasA3gKM1mKrg==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
lastmodified: "2024-11-07T23:25:22Z"
|
|
||||||
mac: ENC[AES256_GCM,data:ngdpFJcw3Qq/G7MWJY4Ka28r5tAobVlPxkQ+ve1MGd4SHKhUMRTA3je7kG+2zB/muQKtZ+SNolFJF4KcCtCOBaC0y70eJcFbGZ7g2iXa8TtNnW53PRpdWPYjJ5BhGbdCcJ3KKNcO+nT/PWIC1JTP6vp0j0aghLlYrm7Bq8+cAj0=,iv:YoTnZcxbn4Mzh+5lGQSr1OxLdyGUtGrnkt/KsNSTw2Q=,tag:63wotwyZVIqnTtZGW47jRA==,type:str]
|
|
||||||
pgp: []
|
|
||||||
unencrypted_suffix: _unencrypted
|
|
||||||
version: 3.9.1
|
|
|
@ -1,30 +0,0 @@
|
||||||
{ config, lib, pkgs, ... }:
|
|
||||||
let
|
|
||||||
cfg = config.mySystem.services.vault;
|
|
||||||
in
|
|
||||||
{
|
|
||||||
options.mySystem.services.vault = {
|
|
||||||
enable = lib.mkEnableOption "vault";
|
|
||||||
address = lib.mkOption {
|
|
||||||
type = lib.types.str;
|
|
||||||
default = "127.0.0.1:8200";
|
|
||||||
description = "Address of the Vault server";
|
|
||||||
example = "127.0.0.1:8200";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
config = lib.mkIf cfg.enable {
|
|
||||||
services.vault = {
|
|
||||||
enable = true;
|
|
||||||
package = pkgs.unstable.vault;
|
|
||||||
address = cfg.address;
|
|
||||||
dev = false;
|
|
||||||
storageBackend = "raft";
|
|
||||||
extraConfig = ''
|
|
||||||
api_addr = "http://127.0.0.1:8200"
|
|
||||||
cluster_addr = "http://127.0.0.1:8201"
|
|
||||||
ui = true
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,14 +0,0 @@
|
||||||
listener "tcp" {
|
|
||||||
address = "0.0.0.0:8200"
|
|
||||||
tls_disable = true
|
|
||||||
}
|
|
||||||
|
|
||||||
storage "raft" {
|
|
||||||
path = "/var/lib/vault/data"
|
|
||||||
node_id = "node1"
|
|
||||||
}
|
|
||||||
|
|
||||||
disable_mlock = true
|
|
||||||
api_addr = "http://localhost:8200"
|
|
||||||
cluster_addr = "http://localhost:8201"
|
|
||||||
ui = true
|
|
|
@ -11,7 +11,7 @@ in
|
||||||
config = lib.mkIf cfg.enable {
|
config = lib.mkIf cfg.enable {
|
||||||
# Add package
|
# Add package
|
||||||
environment.systemPackages = [
|
environment.systemPackages = [
|
||||||
pkgs.unstable.pika-backup
|
pkgs.pika-backup
|
||||||
];
|
];
|
||||||
# Setup auto start at login.
|
# Setup auto start at login.
|
||||||
home-manager.users.${user} = {
|
home-manager.users.${user} = {
|
||||||
|
|
|
@ -1,9 +1,8 @@
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./borg
|
./borg
|
||||||
./fingerprint-reader-on-laptop-lid
|
./fingerprint-laptop-lid.nix
|
||||||
./impermanence.nix
|
./impermanence.nix
|
||||||
./incus
|
|
||||||
./motd
|
./motd
|
||||||
./nfs
|
./nfs
|
||||||
./nix.nix
|
./nix.nix
|
||||||
|
|
|
@ -1,4 +1,3 @@
|
||||||
# Pertially from: https://github.com/fzakaria/nix-home/blob/framework-laptop/modules/nixos/fprint-laptop-lid.nix
|
|
||||||
# Originally this file was based on
|
# Originally this file was based on
|
||||||
# https://unix.stackexchange.com/questions/678609/how-to-disable-fingerprint-authentication-when-laptop-lid-is-closed
|
# https://unix.stackexchange.com/questions/678609/how-to-disable-fingerprint-authentication-when-laptop-lid-is-closed
|
||||||
# However I found this not to work as the fprintd is started via dbus and masking it doesn't seem to do anything.
|
# However I found this not to work as the fprintd is started via dbus and masking it doesn't seem to do anything.
|
||||||
|
@ -9,25 +8,22 @@
|
||||||
# On framework 13 the USB is:
|
# On framework 13 the USB is:
|
||||||
# Port 004: Dev 003, If 0, Class=Vendor Specific Class, Driver=[none], 12M
|
# Port 004: Dev 003, If 0, Class=Vendor Specific Class, Driver=[none], 12M
|
||||||
# ID 27c6:609c Shenzhen Goodix Technology Co.,Ltd
|
# ID 27c6:609c Shenzhen Goodix Technology Co.,Ltd
|
||||||
# On Framework 16 the USB is:
|
|
||||||
# Bus 005 Device 007: ID 27c6:609c Shenzhen Goodix Technology Co.,Ltd
|
|
||||||
# Use `findfp.sh` to find the correct USB device.
|
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
let
|
let
|
||||||
cfg = config.mySystem.system.fingerprint-reader-on-laptop-lid;
|
cfg = config.mySystem.system.fingerprint-reader-on-laptop-lid;
|
||||||
laptop-lid = pkgs.writeShellScript "laptop-lid" ''
|
laptop-lid = pkgs.writeShellScript "laptop-lid" ''
|
||||||
lock=/var/lock/fingerprint-reader-disabled
|
lock=$HOME/fingerprint-reader-disabled
|
||||||
|
|
||||||
# match for either display port or hdmi port
|
# match for either display port or hdmi port
|
||||||
if grep -Fq closed /proc/acpi/button/lid/LID0/state &&
|
if grep -Fq closed /proc/acpi/button/lid/LID0/state &&
|
||||||
(grep -Fxq connected /sys/class/drm/card*-DP-*/status ||
|
(grep -Fxq connected /sys/class/drm/card1-DP-*/status ||
|
||||||
grep -Fxq connected /sys/class/drm/card*-HDMI-*/status)
|
grep -Fxq connected /sys/class/drm/card1-HDMI-*/status)
|
||||||
then
|
then
|
||||||
touch "$lock"
|
touch "$lock"
|
||||||
echo 0 > /dev/fingerprint_sensor/authorized
|
echo 0 > /sys/bus/usb/devices/1-4/authorized
|
||||||
elif [ -f "$lock" ]
|
elif [ -f "$lock" ]
|
||||||
then
|
then
|
||||||
echo 1 > /dev/fingerprint_sensor/authorized
|
echo 1 > /sys/bus/usb/devices/1-4/authorized
|
||||||
rm "$lock"
|
rm "$lock"
|
||||||
fi
|
fi
|
||||||
'';
|
'';
|
||||||
|
@ -38,20 +34,10 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
config = lib.mkIf cfg.enable {
|
config = lib.mkIf cfg.enable {
|
||||||
services = {
|
services.acpid = {
|
||||||
acpid = {
|
|
||||||
enable = true;
|
enable = true;
|
||||||
lidEventCommands = "${laptop-lid}";
|
lidEventCommands = "${laptop-lid}";
|
||||||
};
|
};
|
||||||
# Add udev rule to create symlink for fingerprint sensor
|
|
||||||
# when usb device 27c6:609c is connected or disconnected.
|
|
||||||
# Reason: hubs like caldigit re-orient the device number on each boot.
|
|
||||||
# May requires a reboot to take effect.
|
|
||||||
# or sudo udevadm control --reload-rules && sudo udevadm trigger
|
|
||||||
udev.extraRules = ''
|
|
||||||
SUBSYSTEM=="usb", ATTRS{idVendor}=="27c6", ATTRS{idProduct}=="609c", RUN+="/bin/sh -c 'ln -sf /sys$devpath /dev/fingerprint_sensor'"
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
# Disable fingerprint reader at login since you can't put in a password when fprintd is running.
|
# Disable fingerprint reader at login since you can't put in a password when fprintd is running.
|
||||||
security.pam.services.login.fprintAuth = false;
|
security.pam.services.login.fprintAuth = false;
|
|
@ -1,39 +0,0 @@
|
||||||
#!/usr/bin/env bash
|
|
||||||
|
|
||||||
find_usb_device() {
|
|
||||||
local idVendor=$1
|
|
||||||
local idProduct=$2
|
|
||||||
local device_id="${idVendor}:${idProduct}"
|
|
||||||
|
|
||||||
for device in /sys/bus/usb/devices/*; do
|
|
||||||
if [ -f "$device/idVendor" ] && [ -f "$device/idProduct" ]; then
|
|
||||||
vendor=$(cat "$device/idVendor")
|
|
||||||
product=$(cat "$device/idProduct")
|
|
||||||
if [ "${vendor}:${product}" = "$device_id" ]; then
|
|
||||||
echo "$device"
|
|
||||||
return 0
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
|
|
||||||
return 1
|
|
||||||
}
|
|
||||||
|
|
||||||
# Example usage
|
|
||||||
idVendor="27c6"
|
|
||||||
idProduct="609c"
|
|
||||||
|
|
||||||
device_path=$(find_usb_device "$idVendor" "$idProduct")
|
|
||||||
|
|
||||||
if [ -n "$device_path" ]; then
|
|
||||||
echo "Device found at: $device_path"
|
|
||||||
|
|
||||||
# Print additional information
|
|
||||||
manufacturer=$(cat "$device_path/manufacturer" 2>/dev/null)
|
|
||||||
product=$(cat "$device_path/product" 2>/dev/null)
|
|
||||||
|
|
||||||
echo "Manufacturer: ${manufacturer:-N/A}"
|
|
||||||
echo "Product: ${product:-N/A}"
|
|
||||||
else
|
|
||||||
echo "Device not found"
|
|
||||||
fi
|
|
|
@ -1,51 +0,0 @@
|
||||||
{ config, pkgs, lib, ... }:
|
|
||||||
let
|
|
||||||
cfg = config.mySystem.system.incus;
|
|
||||||
user = "jahanson";
|
|
||||||
in
|
|
||||||
{
|
|
||||||
# sops.secrets.secret-domain-0 = {
|
|
||||||
# sopsFile = ./secret.sops.yaml;
|
|
||||||
# };
|
|
||||||
options.mySystem.system.incus = {
|
|
||||||
enable = lib.mkEnableOption "incus";
|
|
||||||
preseed = lib.mkOption {
|
|
||||||
type = lib.types.unspecified;
|
|
||||||
default = "";
|
|
||||||
description = "Incus preseed configuration. Generate with `incus admin init`.";
|
|
||||||
};
|
|
||||||
webuiport = lib.mkOption {
|
|
||||||
type = lib.types.int;
|
|
||||||
default = 8443;
|
|
||||||
description = "Port for the Incus Web UI";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
config = lib.mkIf cfg.enable {
|
|
||||||
|
|
||||||
virtualisation.incus = {
|
|
||||||
inherit (cfg) preseed;
|
|
||||||
enable = true;
|
|
||||||
ui.enable = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
users.users.${user}.extraGroups = [ "incus-admin" ];
|
|
||||||
|
|
||||||
# systemd.services.incus-preseed.postStart = "${oidcSetup}";
|
|
||||||
|
|
||||||
networking = {
|
|
||||||
# nftables.enable = true;
|
|
||||||
firewall = {
|
|
||||||
allowedTCPPorts = [
|
|
||||||
cfg.webuiport
|
|
||||||
53
|
|
||||||
67
|
|
||||||
];
|
|
||||||
allowedUDPPorts = [
|
|
||||||
53
|
|
||||||
67
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,10 +0,0 @@
|
||||||
{ ... }:
|
|
||||||
let
|
|
||||||
finalVersion = "tauri-v2.0.4";
|
|
||||||
in
|
|
||||||
final: prev: {
|
|
||||||
cargo-tauri = prev.cargo-tauri.overrideAttrs (oldAttrs: {
|
|
||||||
version = finalVersion;
|
|
||||||
vendorHash = "sha256-aTtvVpL979BUvSBwBqRqCWSWIBBmmty9vBD97Q5P4+E=";
|
|
||||||
});
|
|
||||||
}
|
|
|
@ -1,68 +0,0 @@
|
||||||
{
|
|
||||||
lib,
|
|
||||||
buildGoModule,
|
|
||||||
installShellFiles,
|
|
||||||
fetchFromGitHub,
|
|
||||||
gitUpdater,
|
|
||||||
testers,
|
|
||||||
mods,
|
|
||||||
}:
|
|
||||||
|
|
||||||
buildGoModule rec {
|
|
||||||
pname = "mods";
|
|
||||||
version = "1.6.0";
|
|
||||||
commitHash = "2a7f9d4dc11b6c828bf35a0b3d0be709f3ed79b9";
|
|
||||||
|
|
||||||
src = fetchFromGitHub {
|
|
||||||
owner = "charmbracelet";
|
|
||||||
repo = "mods";
|
|
||||||
rev = commitHash;
|
|
||||||
hash = "sha256-23gtb8BOx/0c643/paRt7VFHEyMyF4Q4a5b5+a4+kNU=";
|
|
||||||
};
|
|
||||||
|
|
||||||
vendorHash = "sha256-RV/Nr60BpCLcUL2Yy1Dd2ScwoI0BhGhTb/igCEcJPjI=";
|
|
||||||
|
|
||||||
nativeBuildInputs = [
|
|
||||||
installShellFiles
|
|
||||||
];
|
|
||||||
|
|
||||||
ldflags = [
|
|
||||||
"-s"
|
|
||||||
"-w"
|
|
||||||
"-X=main.Version=${version}-${commitHash}"
|
|
||||||
];
|
|
||||||
|
|
||||||
# These tests require internet access.
|
|
||||||
checkFlags = [ "-skip=^TestLoad/http_url$|^TestLoad/https_url$" ];
|
|
||||||
|
|
||||||
passthru = {
|
|
||||||
updateScript = gitUpdater {
|
|
||||||
rev-prefix = "v";
|
|
||||||
ignoredVersions = ".(rc|beta).*";
|
|
||||||
};
|
|
||||||
|
|
||||||
tests.version = testers.testVersion {
|
|
||||||
package = mods;
|
|
||||||
command = "HOME=$(mktemp -d) mods -v";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
postInstall = ''
|
|
||||||
export HOME=$(mktemp -d)
|
|
||||||
$out/bin/mods man > mods.1
|
|
||||||
$out/bin/mods completion bash > mods.bash
|
|
||||||
$out/bin/mods completion fish > mods.fish
|
|
||||||
$out/bin/mods completion zsh > mods.zsh
|
|
||||||
|
|
||||||
installManPage mods.1
|
|
||||||
installShellCompletion mods.{bash,fish,zsh}
|
|
||||||
'';
|
|
||||||
|
|
||||||
meta = with lib; {
|
|
||||||
description = "AI on the command line";
|
|
||||||
homepage = "https://github.com/charmbracelet/mods";
|
|
||||||
license = licenses.mit;
|
|
||||||
maintainers = with maintainers; [ dit7ya caarlos0 ];
|
|
||||||
mainProgram = "mods";
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,108 +0,0 @@
|
||||||
{ lib
|
|
||||||
, channel ? "stable"
|
|
||||||
, fetchurl
|
|
||||||
, installShellFiles
|
|
||||||
, makeBinaryWrapper
|
|
||||||
, terraform
|
|
||||||
, stdenvNoCC
|
|
||||||
, unzip
|
|
||||||
, nixosTests
|
|
||||||
}:
|
|
||||||
|
|
||||||
let
|
|
||||||
inherit (stdenvNoCC.hostPlatform) system;
|
|
||||||
|
|
||||||
channels = {
|
|
||||||
stable = {
|
|
||||||
version = "2.15.1";
|
|
||||||
hash = {
|
|
||||||
x86_64-linux = "sha256-DB/3iUkgWzAI+3DEQB8heYkG6apUARDulQ4lKDAPN1I=";
|
|
||||||
x86_64-darwin = "sha256-62tjAC3WtWC8eIkh9dPi2Exksp2gDHyXEU2tCavKZ4Q=";
|
|
||||||
aarch64-linux = "sha256-957GdH5sDjbjxEt8LXKPBM7vht7T6JizVwYYhbitdpw=";
|
|
||||||
aarch64-darwin = "sha256-ckcd1u9dgg9LKhr47Yw8dJKkR7hawPie4QNyySH8vyM=";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
mainline = {
|
|
||||||
version = "2.16.0";
|
|
||||||
hash = {
|
|
||||||
x86_64-linux = "sha256-Uk9oGiLSHBCINAzQg88tlHyMw/OGfdmCw2/NXJs5wbQ=";
|
|
||||||
x86_64-darwin = "sha256-Bbayv00NDJGUA4M4KyG4XCXIiaQSf4JSgy5VvLSVmAM=";
|
|
||||||
aarch64-linux = "sha256-nV02uO+UkNNvQDIkh2G+9H8gvk9DOSYyIu4O3nwkYXk=";
|
|
||||||
aarch64-darwin = "sha256-C9Nm8dW3V25D7J/3ABO5oLGL4wcSCsAXtQNZABwVpWs=";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
in
|
|
||||||
stdenvNoCC.mkDerivation (finalAttrs: {
|
|
||||||
pname = "coder";
|
|
||||||
version = channels.${channel}.version;
|
|
||||||
src = fetchurl {
|
|
||||||
hash = (channels.${channel}.hash).${system};
|
|
||||||
|
|
||||||
url =
|
|
||||||
let
|
|
||||||
systemName = {
|
|
||||||
x86_64-linux = "linux_amd64";
|
|
||||||
aarch64-linux = "linux_arm64";
|
|
||||||
x86_64-darwin = "darwin_amd64";
|
|
||||||
aarch64-darwin = "darwin_arm64";
|
|
||||||
}.${system};
|
|
||||||
|
|
||||||
ext = {
|
|
||||||
x86_64-linux = "tar.gz";
|
|
||||||
aarch64-linux = "tar.gz";
|
|
||||||
x86_64-darwin = "zip";
|
|
||||||
aarch64-darwin = "zip";
|
|
||||||
}.${system};
|
|
||||||
in
|
|
||||||
"https://github.com/coder/coder/releases/download/v${finalAttrs.version}/coder_${finalAttrs.version}_${systemName}.${ext}";
|
|
||||||
};
|
|
||||||
|
|
||||||
nativeBuildInputs = [
|
|
||||||
installShellFiles
|
|
||||||
makeBinaryWrapper
|
|
||||||
unzip
|
|
||||||
];
|
|
||||||
|
|
||||||
unpackPhase = ''
|
|
||||||
runHook preUnpack
|
|
||||||
|
|
||||||
case $src in
|
|
||||||
*.tar.gz) tar -xz -f "$src" ;;
|
|
||||||
*.zip) unzip "$src" ;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
runHook postUnpack
|
|
||||||
'';
|
|
||||||
|
|
||||||
installPhase = ''
|
|
||||||
runHook preInstall
|
|
||||||
|
|
||||||
install -D -m755 coder $out/bin/coder
|
|
||||||
|
|
||||||
runHook postInstall
|
|
||||||
'';
|
|
||||||
|
|
||||||
postInstall = ''
|
|
||||||
wrapProgram $out/bin/coder \
|
|
||||||
--prefix PATH : ${lib.makeBinPath [ terraform ]}
|
|
||||||
'';
|
|
||||||
|
|
||||||
# integration tests require network access
|
|
||||||
doCheck = false;
|
|
||||||
|
|
||||||
meta = {
|
|
||||||
description = "Provision remote development environments via Terraform";
|
|
||||||
homepage = "https://coder.com";
|
|
||||||
license = lib.licenses.agpl3Only;
|
|
||||||
mainProgram = "coder";
|
|
||||||
maintainers = with lib.maintainers; [ ghuntley kylecarbs urandom ];
|
|
||||||
};
|
|
||||||
|
|
||||||
passthru = {
|
|
||||||
updateScript = ./update.sh;
|
|
||||||
tests = {
|
|
||||||
inherit (nixosTests) coder;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
})
|
|
|
@ -1,33 +1,33 @@
|
||||||
{ inputs, ... }:
|
{ inputs, ... }:
|
||||||
let
|
let
|
||||||
# smartmontoolsOverlay = import ./smartmontools { };
|
warpTerminalOverlay = import ./warp-terminal {
|
||||||
# vivaldiOverlay = self: super: { vivaldi = super.callPackage ./vivaldi { }; };
|
inherit (inputs.nixpkgs) lib;
|
||||||
coderOverlay = self: super: { coder = super.callPackage ./coder { }; };
|
};
|
||||||
modsOverlay = self: super: { mods = super.callPackage ./charm-mods { }; };
|
termiusOverlay = import ./termius { };
|
||||||
termiusOverlay = self: super: { termius = super.callPackage ./termius { }; };
|
# Partial overlay
|
||||||
|
# talosctlOverlay = import ./talosctl { };
|
||||||
|
# Full overlay
|
||||||
|
talosctlOverlay = self: super: {
|
||||||
|
talosctl = super.callPackage ./talosctl/talosctl-custom.nix { };
|
||||||
|
};
|
||||||
|
goOverlay = import ./go { };
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
# smartmontools = smartmontoolsOverlay;
|
|
||||||
# vivaldi = vivaldiOverlay;
|
|
||||||
coder = coderOverlay;
|
|
||||||
comm-packages = inputs.nix-vscode-extensions.overlays.default;
|
|
||||||
mods = modsOverlay;
|
|
||||||
nix-minecraft = inputs.nix-minecraft.overlay;
|
|
||||||
nur = inputs.nur.overlay;
|
nur = inputs.nur.overlay;
|
||||||
|
# warp-terminal = warpTerminalOverlay;
|
||||||
termius = termiusOverlay;
|
termius = termiusOverlay;
|
||||||
|
talosctl = talosctlOverlay;
|
||||||
|
# go = goOverlay;
|
||||||
|
|
||||||
# The unstable nixpkgs set (declared in the flake inputs) will
|
# The unstable nixpkgs set (declared in the flake inputs) will
|
||||||
# be accessible through 'pkgs.unstable'
|
# be accessible through 'pkgs.unstable'
|
||||||
unstable-packages = final: prev: {
|
unstable-packages = final: _prev: {
|
||||||
unstable = import inputs.nixpkgs-unstable
|
unstable = import inputs.nixpkgs-unstable {
|
||||||
{
|
|
||||||
inherit (final) system;
|
inherit (final) system;
|
||||||
config.allowUnfree = true;
|
config.allowUnfree = true;
|
||||||
} // {
|
|
||||||
# Add talosctl to the unstable set
|
|
||||||
talosctl = final.unstable.callPackage ./talosctl {
|
|
||||||
inherit (final.unstable) lib buildGoModule fetchFromGitHub installShellFiles;
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# VSCode Community Packages
|
||||||
|
comm-packages = inputs.nix-vscode-extensions.overlays.default;
|
||||||
}
|
}
|
||||||
|
|
13
nixos/overlays/go/default.nix
Normal file
13
nixos/overlays/go/default.nix
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
{ ... }:
|
||||||
|
let
|
||||||
|
finalVersion = "1.22.5";
|
||||||
|
in
|
||||||
|
final: prev: {
|
||||||
|
go_1_22 = prev.go_1_22.overrideAttrs (oldAttrs: {
|
||||||
|
version = finalVersion;
|
||||||
|
src = prev.fetchurl {
|
||||||
|
url = "https://go.dev/dl/go${finalVersion}.src.tar.gz";
|
||||||
|
hash = "sha256-rJxyPyJJaa7mJLw0/TTJ4T8qIS11xxyAfeZEu0bhEvY=";
|
||||||
|
};
|
||||||
|
});
|
||||||
|
}
|
|
@ -1,15 +0,0 @@
|
||||||
{ ... }:
|
|
||||||
let
|
|
||||||
dbrev = "5613";
|
|
||||||
drivedbBranch = "RELEASE_7_4";
|
|
||||||
in
|
|
||||||
final: prev: {
|
|
||||||
smartmontools = prev.smartmontools.overrideAttrs (oldAttrs: {
|
|
||||||
inherit dbrev drivedbBranch;
|
|
||||||
driverdb = builtins.fetchurl {
|
|
||||||
url = "https://sourceforge.net/p/smartmontools/code/${dbrev}/tree/trunk/smartmontools/drivedb.h?format=raw";
|
|
||||||
sha256 = "sha256-6r7Pd298Ea55AXOLijUEQoJq+Km5cE+Ygti65yacdoM=";
|
|
||||||
name = "smartmontools-drivedb.h";
|
|
||||||
};
|
|
||||||
});
|
|
||||||
}
|
|
|
@ -1,15 +0,0 @@
|
||||||
#!/usr/bin/env nix-shell
|
|
||||||
#!nix-shell -I nixpkgs=/etc/nix/inputs/nixpkgs/ -i bash -p nix
|
|
||||||
set -euo pipefail
|
|
||||||
|
|
||||||
dbrev="5613"
|
|
||||||
drivedbBranch="RELEASE_7_4"
|
|
||||||
url="https://sourceforge.net/p/smartmontools/code/${dbrev}/tree/trunk/smartmontools/drivedb.h?format=raw";
|
|
||||||
|
|
||||||
echo "Fetching hash for URL: $url"
|
|
||||||
|
|
||||||
hash=$(nix-prefetch-url "$url")
|
|
||||||
sri=$(nix-hash --type sha256 --flat --base32 --to-sri "$hash")
|
|
||||||
|
|
||||||
echo "Hash: $hash"
|
|
||||||
echo "Sri: $sri"
|
|
|
@ -1,40 +1,19 @@
|
||||||
{ lib, buildGoModule, fetchFromGitHub, installShellFiles }:
|
{ ... }:
|
||||||
|
let
|
||||||
buildGoModule rec {
|
finalVersion = "1.7.5";
|
||||||
pname = "talosctl";
|
in
|
||||||
version = "1.8.2";
|
final: prev: {
|
||||||
|
talosctl = prev.talosctl.overrideAttrs (oldAttrs: {
|
||||||
src = fetchFromGitHub {
|
version = finalVersion;
|
||||||
|
src = prev.fetchFromGitHub {
|
||||||
owner = "siderolabs";
|
owner = "siderolabs";
|
||||||
repo = "talos";
|
repo = "talos";
|
||||||
rev = "v${version}";
|
rev = "v${finalVersion}";
|
||||||
hash = "sha256-sD/Nn1ZLM6JIZdWQsBioKyhrAvhz749LL4xWleQ80xY=";
|
hash = "sha256-lmDLlxiPyVhlSPplYkIaS5Uw19hir6XD8MAk8q+obhY=";
|
||||||
};
|
};
|
||||||
|
vendorHash = "sha256-8UIey+r1tdVRN1RBK5xxcAzaHb0VFdgenUXSFgoWh1g=";
|
||||||
vendorHash = "sha256-pWG8DbZ9N57p2Q9w/IzETcvwaSfzaUvJgcz7Th/Oi9c=";
|
passthru = oldAttrs.passthru // {
|
||||||
|
updateScript = ./update.sh;
|
||||||
ldflags = [ "-s" "-w" ];
|
|
||||||
|
|
||||||
env.GOWORK = "off";
|
|
||||||
|
|
||||||
subPackages = [ "cmd/talosctl" ];
|
|
||||||
|
|
||||||
nativeBuildInputs = [ installShellFiles ];
|
|
||||||
|
|
||||||
postInstall = ''
|
|
||||||
installShellCompletion --cmd talosctl \
|
|
||||||
--bash <($out/bin/talosctl completion bash) \
|
|
||||||
--fish <($out/bin/talosctl completion fish) \
|
|
||||||
--zsh <($out/bin/talosctl completion zsh)
|
|
||||||
'';
|
|
||||||
|
|
||||||
doCheck = false; # no tests
|
|
||||||
|
|
||||||
meta = with lib; {
|
|
||||||
description = "CLI for out-of-band management of Kubernetes nodes created by Talos";
|
|
||||||
mainProgram = "talosctl";
|
|
||||||
homepage = "https://www.talos.dev/";
|
|
||||||
license = licenses.mpl20;
|
|
||||||
maintainers = with maintainers; [ flokli ];
|
|
||||||
};
|
};
|
||||||
|
});
|
||||||
}
|
}
|
43
nixos/overlays/talosctl/talosctl-custom.nix
Normal file
43
nixos/overlays/talosctl/talosctl-custom.nix
Normal file
|
@ -0,0 +1,43 @@
|
||||||
|
{ lib, buildGo122Module, fetchFromGitHub, installShellFiles }:
|
||||||
|
|
||||||
|
buildGo122Module rec {
|
||||||
|
pname = "talosctl";
|
||||||
|
version = "1.7.5";
|
||||||
|
src = fetchFromGitHub {
|
||||||
|
owner = "siderolabs";
|
||||||
|
repo = "talos";
|
||||||
|
rev = "v${version}";
|
||||||
|
hash = "sha256-lmDLlxiPyVhlSPplYkIaS5Uw19hir6XD8MAk8q+obhY=";
|
||||||
|
};
|
||||||
|
|
||||||
|
passthru = {
|
||||||
|
updateScript = ./update.sh;
|
||||||
|
};
|
||||||
|
|
||||||
|
vendorHash = "sha256-8UIey+r1tdVRN1RBK5xxcAzaHb0VFdgenUXSFgoWh1g=";
|
||||||
|
|
||||||
|
ldflags = [ "-s" "-w" ];
|
||||||
|
|
||||||
|
env.GOWORK = "off";
|
||||||
|
|
||||||
|
subPackages = [ "cmd/talosctl" ];
|
||||||
|
|
||||||
|
nativeBuildInputs = [ installShellFiles ];
|
||||||
|
|
||||||
|
postInstall = ''
|
||||||
|
installShellCompletion --cmd talosctl \
|
||||||
|
--bash <($out/bin/talosctl completion bash) \
|
||||||
|
--fish <($out/bin/talosctl completion fish) \
|
||||||
|
--zsh <($out/bin/talosctl completion zsh)
|
||||||
|
'';
|
||||||
|
|
||||||
|
doCheck = false; # no tests
|
||||||
|
|
||||||
|
meta = with lib; {
|
||||||
|
description = "CLI for out-of-band management of Kubernetes nodes created by Talos";
|
||||||
|
mainProgram = "talosctl";
|
||||||
|
homepage = "https://www.talos.dev/";
|
||||||
|
license = licenses.mpl20;
|
||||||
|
maintainers = with maintainers; [ flokli ];
|
||||||
|
};
|
||||||
|
}
|
|
@ -1,96 +1,8 @@
|
||||||
{ autoPatchelfHook
|
{ ... }:
|
||||||
, squashfsTools
|
(final: prev: {
|
||||||
, alsa-lib
|
termius = prev.termius.overrideAttrs (oldAttrs: {
|
||||||
, fetchurl
|
|
||||||
, makeDesktopItem
|
|
||||||
, makeWrapper
|
|
||||||
, stdenv
|
|
||||||
, lib
|
|
||||||
, libsecret
|
|
||||||
, mesa
|
|
||||||
, udev
|
|
||||||
, wrapGAppsHook3
|
|
||||||
}:
|
|
||||||
|
|
||||||
stdenv.mkDerivation rec {
|
|
||||||
pname = "termius";
|
|
||||||
version = "9.5.0";
|
|
||||||
|
|
||||||
src = fetchurl {
|
|
||||||
# find the latest version with
|
|
||||||
# curl -H 'X-Ubuntu-Series: 16' https://api.snapcraft.io/api/v1/snaps/details/termius-app | jq '.version'
|
|
||||||
# and the url with
|
|
||||||
# curl -H 'X-Ubuntu-Series: 16' https://api.snapcraft.io/api/v1/snaps/details/termius-app | jq '.download_url' -r
|
|
||||||
# and the sha512 with
|
|
||||||
# curl -H 'X-Ubuntu-Series: 16' https://api.snapcraft.io/api/v1/snaps/details/termius-app | jq '.download_sha512' -r
|
|
||||||
# nix-hash --type sha512 --to-sri <output of curl>
|
|
||||||
url = "https://api.snapcraft.io/api/v1/snaps/download/WkTBXwoX81rBe3s3OTt3EiiLKBx2QhuS_203.snap";
|
|
||||||
hash = "sha512-BouIQvJZbi350l30gl9fnXKYRHhi5q1oOvyEIVEmd4DjXvJLQisV4cK4OZIJ/bPOCI5DTxNOY7PwEduVQd3SYA==";
|
|
||||||
#
|
|
||||||
};
|
|
||||||
|
|
||||||
desktopItem = makeDesktopItem {
|
|
||||||
categories = [ "Network" ];
|
|
||||||
comment = "The SSH client that works on Desktop and Mobile";
|
|
||||||
desktopName = "Termius";
|
|
||||||
exec = "termius-app";
|
|
||||||
genericName = "Cross-platform SSH client";
|
|
||||||
icon = "termius-app";
|
|
||||||
name = "termius-app";
|
|
||||||
};
|
|
||||||
|
|
||||||
dontBuild = true;
|
|
||||||
dontConfigure = true;
|
|
||||||
dontPatchELF = true;
|
|
||||||
dontWrapGApps = true;
|
|
||||||
|
|
||||||
# TODO: migrate off autoPatchelfHook and use nixpkgs' electron
|
|
||||||
nativeBuildInputs = [ autoPatchelfHook squashfsTools makeWrapper wrapGAppsHook3 ];
|
|
||||||
|
|
||||||
buildInputs = [
|
|
||||||
alsa-lib
|
|
||||||
libsecret
|
|
||||||
mesa
|
|
||||||
];
|
|
||||||
|
|
||||||
unpackPhase = ''
|
|
||||||
runHook preUnpack
|
|
||||||
unsquashfs "$src"
|
|
||||||
runHook postUnpack
|
|
||||||
'';
|
|
||||||
|
|
||||||
installPhase = ''
|
|
||||||
runHook preInstall
|
|
||||||
cd squashfs-root
|
|
||||||
mkdir -p $out/opt/termius
|
|
||||||
cp -r ./ $out/opt/termius
|
|
||||||
|
|
||||||
mkdir -p "$out/share/applications" "$out/share/pixmaps/termius-app.png"
|
|
||||||
cp "${desktopItem}/share/applications/"* "$out/share/applications"
|
|
||||||
cp meta/gui/icon.png $out/share/pixmaps/termius-app.png
|
|
||||||
|
|
||||||
runHook postInstall
|
|
||||||
'';
|
|
||||||
|
|
||||||
postInstall = ''
|
postInstall = ''
|
||||||
install -Dm644 meta/gui/icon.png $out/share/icons/hicolor/128x128/apps/termius-app.png
|
install -Dm644 meta/gui/icon.png $out/share/icons/hicolor/128x128/apps/termius-app.png
|
||||||
'';
|
'';
|
||||||
|
});
|
||||||
runtimeDependencies = [ (lib.getLib udev) ];
|
})
|
||||||
|
|
||||||
postFixup = ''
|
|
||||||
makeWrapper $out/opt/termius/termius-app $out/bin/termius-app \
|
|
||||||
"''${gappsWrapperArgs[@]}"
|
|
||||||
'';
|
|
||||||
|
|
||||||
meta = with lib; {
|
|
||||||
description = "A cross-platform SSH client with cloud data sync and more";
|
|
||||||
homepage = "https://termius.com/";
|
|
||||||
downloadPage = "https://termius.com/linux/";
|
|
||||||
sourceProvenance = with sourceTypes; [ binaryNativeCode ];
|
|
||||||
license = licenses.unfree;
|
|
||||||
maintainers = with maintainers; [ Br1ght0ne th0rgal ];
|
|
||||||
platforms = [ "x86_64-linux" ];
|
|
||||||
mainProgram = "termius-app";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,10 +0,0 @@
|
||||||
#!/usr/bin/env nix-shell
|
|
||||||
#!nix-shell -i bash -p curl jq nix
|
|
||||||
|
|
||||||
VERSION=$(curl -H 'X-Ubuntu-Series: 16' https://api.snapcraft.io/api/v1/snaps/details/termius-app | jq '.version')
|
|
||||||
DOWNLOAD_URL=$(curl -H 'X-Ubuntu-Series: 16' https://api.snapcraft.io/api/v1/snaps/details/termius-app | jq '.download_url' -r)
|
|
||||||
SHASUM=$(curl -H 'X-Ubuntu-Series: 16' https://api.snapcraft.io/api/v1/snaps/details/termius-app | jq '.download_sha512' -r)
|
|
||||||
SRI512SUM=$(nix-hash --type sha512 --to-sri $SHASUM)
|
|
||||||
|
|
||||||
echo "The latest SRI for version $VERSION is "
|
|
||||||
echo "$SRI512SUM"
|
|
|
@ -1,135 +0,0 @@
|
||||||
{ lib, stdenv, fetchurl, zlib, libX11, libXext, libSM, libICE, libxkbcommon, libxshmfence
|
|
||||||
, libXfixes, libXt, libXi, libXcursor, libXScrnSaver, libXcomposite, libXdamage, libXtst, libXrandr
|
|
||||||
, alsa-lib, dbus, cups, libexif, ffmpeg, systemd, libva, libGL
|
|
||||||
, freetype, fontconfig, libXft, libXrender, libxcb, expat
|
|
||||||
, libuuid
|
|
||||||
, libxml2
|
|
||||||
, glib, gtk3, pango, gdk-pixbuf, cairo, atk, at-spi2-atk, at-spi2-core
|
|
||||||
, qt5
|
|
||||||
, libdrm, mesa
|
|
||||||
, vulkan-loader
|
|
||||||
, nss, nspr
|
|
||||||
, patchelf, makeWrapper
|
|
||||||
, wayland, pipewire
|
|
||||||
, isSnapshot ? false
|
|
||||||
, proprietaryCodecs ? false, vivaldi-ffmpeg-codecs ? null
|
|
||||||
, enableWidevine ? false, widevine-cdm ? null
|
|
||||||
, commandLineArgs ? ""
|
|
||||||
, pulseSupport ? stdenv.isLinux, libpulseaudio
|
|
||||||
, kerberosSupport ? true, libkrb5
|
|
||||||
}:
|
|
||||||
|
|
||||||
let
|
|
||||||
branch = if isSnapshot then "snapshot" else "stable";
|
|
||||||
vivaldiName = if isSnapshot then "vivaldi-snapshot" else "vivaldi";
|
|
||||||
in stdenv.mkDerivation rec {
|
|
||||||
pname = "vivaldi";
|
|
||||||
version = "6.9.3447.37";
|
|
||||||
|
|
||||||
suffix = {
|
|
||||||
aarch64-linux = "arm64";
|
|
||||||
x86_64-linux = "amd64";
|
|
||||||
}.${stdenv.hostPlatform.system} or (throw "Unsupported system: ${stdenv.hostPlatform.system}");
|
|
||||||
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://downloads.vivaldi.com/${branch}/vivaldi-${branch}_${version}-1_${suffix}.deb";
|
|
||||||
hash = {
|
|
||||||
aarch64-linux = "sha256-kYTnWad/jrJt9z+AhjXzHYxVSIwIIO3RKD7szuPEg2s=";
|
|
||||||
x86_64-linux = "sha256-+h7SHci8gZ+epKFHD0PiXyME2xT+loD2KXpJGFCfIFg=";
|
|
||||||
}.${stdenv.hostPlatform.system} or (throw "Unsupported system: ${stdenv.hostPlatform.system}");
|
|
||||||
};
|
|
||||||
|
|
||||||
unpackPhase = ''
|
|
||||||
ar vx $src
|
|
||||||
tar -xvf data.tar.xz
|
|
||||||
'';
|
|
||||||
|
|
||||||
nativeBuildInputs = [ patchelf makeWrapper ];
|
|
||||||
|
|
||||||
dontWrapQtApps = true;
|
|
||||||
|
|
||||||
buildInputs = [
|
|
||||||
stdenv.cc.cc stdenv.cc.libc zlib libX11 libXt libXext libSM libICE libxcb libxkbcommon libxshmfence
|
|
||||||
libXi libXft libXcursor libXfixes libXScrnSaver libXcomposite libXdamage libXtst libXrandr
|
|
||||||
atk at-spi2-atk at-spi2-core alsa-lib dbus cups gtk3 gdk-pixbuf libexif ffmpeg systemd libva
|
|
||||||
qt5.qtbase
|
|
||||||
freetype fontconfig libXrender libuuid expat glib nss nspr libGL
|
|
||||||
libxml2 pango cairo
|
|
||||||
libdrm mesa vulkan-loader
|
|
||||||
wayland pipewire
|
|
||||||
] ++ lib.optional proprietaryCodecs vivaldi-ffmpeg-codecs
|
|
||||||
++ lib.optional pulseSupport libpulseaudio
|
|
||||||
++ lib.optional kerberosSupport libkrb5;
|
|
||||||
|
|
||||||
libPath = lib.makeLibraryPath buildInputs
|
|
||||||
+ lib.optionalString (stdenv.is64bit)
|
|
||||||
(":" + lib.makeSearchPathOutput "lib" "lib64" buildInputs)
|
|
||||||
+ ":$out/opt/${vivaldiName}/lib";
|
|
||||||
|
|
||||||
buildPhase = ''
|
|
||||||
runHook preBuild
|
|
||||||
echo "Patching Vivaldi binaries"
|
|
||||||
for f in chrome_crashpad_handler vivaldi-bin vivaldi-sandbox ; do
|
|
||||||
patchelf \
|
|
||||||
--set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" \
|
|
||||||
--set-rpath "${libPath}" \
|
|
||||||
opt/${vivaldiName}/$f
|
|
||||||
done
|
|
||||||
|
|
||||||
for f in libGLESv2.so libqt5_shim.so ; do
|
|
||||||
patchelf --set-rpath "${libPath}" opt/${vivaldiName}/$f
|
|
||||||
done
|
|
||||||
'' + lib.optionalString proprietaryCodecs ''
|
|
||||||
ln -s ${vivaldi-ffmpeg-codecs}/lib/libffmpeg.so opt/${vivaldiName}/libffmpeg.so.''${version%\.*\.*}
|
|
||||||
'' + ''
|
|
||||||
echo "Finished patching Vivaldi binaries"
|
|
||||||
runHook postBuild
|
|
||||||
'';
|
|
||||||
|
|
||||||
dontPatchELF = true;
|
|
||||||
dontStrip = true;
|
|
||||||
|
|
||||||
installPhase = ''
|
|
||||||
runHook preInstall
|
|
||||||
mkdir -p "$out"
|
|
||||||
cp -r opt "$out"
|
|
||||||
mkdir "$out/bin"
|
|
||||||
ln -s "$out/opt/${vivaldiName}/${vivaldiName}" "$out/bin/vivaldi"
|
|
||||||
mkdir -p "$out/share"
|
|
||||||
cp -r usr/share/{applications,xfce4} "$out"/share
|
|
||||||
substituteInPlace "$out"/share/applications/*.desktop \
|
|
||||||
--replace /usr/bin/${vivaldiName} "$out"/bin/vivaldi
|
|
||||||
substituteInPlace "$out"/share/applications/*.desktop \
|
|
||||||
--replace vivaldi-stable vivaldi
|
|
||||||
local d
|
|
||||||
for d in 16 22 24 32 48 64 128 256; do
|
|
||||||
mkdir -p "$out"/share/icons/hicolor/''${d}x''${d}/apps
|
|
||||||
ln -s \
|
|
||||||
"$out"/opt/${vivaldiName}/product_logo_''${d}.png \
|
|
||||||
"$out"/share/icons/hicolor/''${d}x''${d}/apps/vivaldi.png
|
|
||||||
done
|
|
||||||
wrapProgram "$out/bin/vivaldi" \
|
|
||||||
--add-flags ${lib.escapeShellArg commandLineArgs} \
|
|
||||||
--add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform-hint=auto --enable-features=WaylandWindowDecorations}}" \
|
|
||||||
--set-default FONTCONFIG_FILE "${fontconfig.out}/etc/fonts/fonts.conf" \
|
|
||||||
--set-default FONTCONFIG_PATH "${fontconfig.out}/etc/fonts" \
|
|
||||||
--suffix XDG_DATA_DIRS : ${gtk3}/share/gsettings-schemas/${gtk3.name}/ \
|
|
||||||
${lib.optionalString enableWidevine "--suffix LD_LIBRARY_PATH : ${libPath}"}
|
|
||||||
'' + lib.optionalString enableWidevine ''
|
|
||||||
ln -sf ${widevine-cdm}/share/google/chrome/WidevineCdm $out/opt/${vivaldiName}/WidevineCdm
|
|
||||||
'' + ''
|
|
||||||
runHook postInstall
|
|
||||||
'';
|
|
||||||
|
|
||||||
passthru.updateScript = ./update-vivaldi.sh;
|
|
||||||
|
|
||||||
meta = with lib; {
|
|
||||||
description = "Browser for our Friends, powerful and personal";
|
|
||||||
homepage = "https://vivaldi.com";
|
|
||||||
license = licenses.unfree;
|
|
||||||
sourceProvenance = with sourceTypes; [ binaryNativeCode ];
|
|
||||||
mainProgram = "vivaldi";
|
|
||||||
maintainers = with maintainers; [ otwieracz badmutex ];
|
|
||||||
platforms = [ "x86_64-linux" "aarch64-linux" ];
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,32 +0,0 @@
|
||||||
{ squashfsTools, fetchurl, lib, stdenv }:
|
|
||||||
|
|
||||||
# This derivation roughly follows the update-ffmpeg script that ships with the official Vivaldi
|
|
||||||
# downloads at https://vivaldi.com/download/
|
|
||||||
stdenv.mkDerivation rec {
|
|
||||||
pname = "chromium-codecs-ffmpeg-extra";
|
|
||||||
version = "115541";
|
|
||||||
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://api.snapcraft.io/api/v1/snaps/download/XXzVIXswXKHqlUATPqGCj2w2l7BxosS8_41.snap";
|
|
||||||
hash = "sha256-a1peHhku+OaGvPyChvLdh6/7zT+v8OHNwt60QUq7VvU=";
|
|
||||||
};
|
|
||||||
|
|
||||||
buildInputs = [ squashfsTools ];
|
|
||||||
|
|
||||||
unpackPhase = ''
|
|
||||||
unsquashfs -dest . $src
|
|
||||||
'';
|
|
||||||
|
|
||||||
installPhase = ''
|
|
||||||
install -vD chromium-ffmpeg-${version}/chromium-ffmpeg/libffmpeg.so $out/lib/libffmpeg.so
|
|
||||||
'';
|
|
||||||
|
|
||||||
meta = with lib; {
|
|
||||||
description = "Additional support for proprietary codecs for Vivaldi";
|
|
||||||
homepage = "https://ffmpeg.org/";
|
|
||||||
sourceProvenance = with sourceTypes; [ binaryNativeCode ];
|
|
||||||
license = licenses.lgpl21;
|
|
||||||
maintainers = with maintainers; [ betaboon cawilliamson fptje ];
|
|
||||||
platforms = [ "x86_64-linux" ];
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,15 +0,0 @@
|
||||||
#!/usr/bin/env nix-shell
|
|
||||||
#!nix-shell -i bash -p curl common-updater-scripts
|
|
||||||
|
|
||||||
set -eu -o pipefail
|
|
||||||
|
|
||||||
version=$(curl -sS https://vivaldi.com/download/ | sed -rne 's/.*vivaldi-stable_([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)-1_amd64\.deb.*/\1/p')
|
|
||||||
|
|
||||||
update_hash() {
|
|
||||||
url="https://downloads.vivaldi.com/stable/vivaldi-stable_$version-1_$2.deb"
|
|
||||||
hash=$(nix hash to-sri --type sha256 $(nix-prefetch-url --type sha256 "$url"))
|
|
||||||
update-source-version vivaldi "$version" "$hash" --system=$1 --ignore-same-version
|
|
||||||
}
|
|
||||||
|
|
||||||
update_hash aarch64-linux arm64
|
|
||||||
update_hash x86_64-linux amd64
|
|
|
@ -1,47 +0,0 @@
|
||||||
#!/usr/bin/env nix-shell
|
|
||||||
#!nix-shell -i bash -p libarchive curl common-updater-scripts
|
|
||||||
|
|
||||||
set -eu -o pipefail
|
|
||||||
|
|
||||||
cd "$(dirname "${BASH_SOURCE[0]}")"
|
|
||||||
root=../../../../..
|
|
||||||
export NIXPKGS_ALLOW_UNFREE=1
|
|
||||||
|
|
||||||
version() {
|
|
||||||
(cd "$root" && nix-instantiate --eval --strict -A "$1.version" | tr -d '"')
|
|
||||||
}
|
|
||||||
|
|
||||||
vivaldi_version_old=$(version vivaldi)
|
|
||||||
vivaldi_version=$(curl -sS https://vivaldi.com/download/ | sed -rne 's/.*vivaldi-stable_([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)-1_amd64\.deb.*/\1/p')
|
|
||||||
|
|
||||||
if [[ ! "$vivaldi_version" = "$vivaldi_version_old" ]]; then
|
|
||||||
echo "vivaldi is not up-to-date, not updating codecs"
|
|
||||||
(cd "$root" && nix-shell maintainers/scripts/update.nix --argstr package vivaldi)
|
|
||||||
exit
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo "vivaldi is up-to-date, updating codecs"
|
|
||||||
|
|
||||||
# Download vivaldi and save file path.
|
|
||||||
url="https://downloads.vivaldi.com/stable/vivaldi-stable_${vivaldi_version}-1_amd64.deb"
|
|
||||||
mapfile -t prefetch < <(nix-prefetch-url --print-path "$url")
|
|
||||||
path=${prefetch[1]}
|
|
||||||
|
|
||||||
nixpkgs="$(git rev-parse --show-toplevel)"
|
|
||||||
default_nix="$nixpkgs/pkgs/applications/networking/browsers/vivaldi/default.nix"
|
|
||||||
ffmpeg_nix="$nixpkgs/pkgs/applications/networking/browsers/vivaldi/ffmpeg-codecs.nix"
|
|
||||||
|
|
||||||
# Check vivaldi-ffmpeg-codecs version.
|
|
||||||
chromium_version_old=$(version vivaldi-ffmpeg-codecs)
|
|
||||||
ffmpeg_update_script=$(bsdtar xOf "$path" data.tar.xz | bsdtar xOf - ./opt/vivaldi/update-ffmpeg)
|
|
||||||
chromium_version=$(sed -rne 's/^FFMPEG_VERSION_DEB\=([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+).*/\1/p' <<< $ffmpeg_update_script)
|
|
||||||
download_subdir=$(sed -rne 's/.*FFMPEG_URL_DEB\=https:\/\/launchpadlibrarian\.net\/([0-9]+)\/.*_amd64\.deb/\1/p' <<< $ffmpeg_update_script)
|
|
||||||
|
|
||||||
if [[ "$chromium_version" != "$chromium_version_old" ]]; then
|
|
||||||
# replace the download prefix
|
|
||||||
sed -i $ffmpeg_nix -e "s/\(https:\/\/launchpadlibrarian\.net\/\)[0-9]\+/\1$download_subdir/g"
|
|
||||||
(cd "$root" && update-source-version vivaldi-ffmpeg-codecs "$chromium_version")
|
|
||||||
|
|
||||||
git add "${ffmpeg_nix}"
|
|
||||||
git commit -m "vivaldi-ffmpeg-codecs: $chromium_version_old -> $chromium_version"
|
|
||||||
fi
|
|
13
nixos/overlays/warp-terminal/default.nix
Normal file
13
nixos/overlays/warp-terminal/default.nix
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
{ lib, ...}:
|
||||||
|
let
|
||||||
|
versions = lib.importJSON ./versions.json;
|
||||||
|
in
|
||||||
|
final: prev: {
|
||||||
|
warp-terminal = prev.warp-terminal.overrideAttrs (oldAttrs: {
|
||||||
|
inherit (versions.linux) version;
|
||||||
|
src = prev.fetchurl {
|
||||||
|
url = "https://releases.warp.dev/stable/v${versions.linux.version}/warp-terminal-v${versions.linux.version}-1-x86_64.pkg.tar.zst";
|
||||||
|
inherit (versions.linux) hash;
|
||||||
|
};
|
||||||
|
});
|
||||||
|
}
|
74
nixos/overlays/warp-terminal/update.sh
Executable file
74
nixos/overlays/warp-terminal/update.sh
Executable file
|
@ -0,0 +1,74 @@
|
||||||
|
#!/usr/bin/env nix-shell
|
||||||
|
#!nix-shell -i bash -p cacert curl jq nix moreutils --pure
|
||||||
|
#shellcheck shell=bash
|
||||||
|
set -eu -o pipefail
|
||||||
|
|
||||||
|
cd "$(dirname "$0")"
|
||||||
|
nixpkgs=$(nix-instantiate --eval -E '<nixpkgs>' --impure)
|
||||||
|
|
||||||
|
err() {
|
||||||
|
echo "$*" >&2
|
||||||
|
exit 1
|
||||||
|
}
|
||||||
|
|
||||||
|
json_get() {
|
||||||
|
jq -r "$1" < "./versions.json"
|
||||||
|
}
|
||||||
|
|
||||||
|
json_set() {
|
||||||
|
jq --arg x "$2" "$1 = \$x" < "./versions.json" | sponge "./versions.json"
|
||||||
|
}
|
||||||
|
|
||||||
|
resolve_url() {
|
||||||
|
local pkg sfx url
|
||||||
|
local -i i max_redirects
|
||||||
|
case "$1" in
|
||||||
|
darwin)
|
||||||
|
pkg=macos
|
||||||
|
sfx=dmg
|
||||||
|
;;
|
||||||
|
linux)
|
||||||
|
pkg=pacman
|
||||||
|
sfx=pkg.tar.zst
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
err "Unexpected download type: $1"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
url="https://app.warp.dev/download?package=${pkg}"
|
||||||
|
((max_redirects = 15))
|
||||||
|
for ((i = 0; i < max_redirects; i++)); do
|
||||||
|
url=$(curl -s -o /dev/null -w '%{redirect_url}' "${url}")
|
||||||
|
[[ ${url} != *.${sfx} ]] || break
|
||||||
|
done
|
||||||
|
((i < max_redirects)) || { err "too many redirects"; }
|
||||||
|
echo "${url}"
|
||||||
|
}
|
||||||
|
|
||||||
|
get_version() {
|
||||||
|
echo "$1" | grep -oP -m 1 '(?<=/v)[\d.\w]+(?=/)'
|
||||||
|
}
|
||||||
|
|
||||||
|
# nix-prefetch-url seems to be uncompressing the archive then taking the hash
|
||||||
|
# so just get the hash from fetchurl
|
||||||
|
sri_get() {
|
||||||
|
local ouput sri
|
||||||
|
output=$(nix-build --expr \
|
||||||
|
"with import $nixpkgs {};
|
||||||
|
fetchurl {
|
||||||
|
url = \"$1\";
|
||||||
|
}" 2>&1 || true)
|
||||||
|
sri=$(echo "$output" | awk '/^\s+got:\s+/{ print $2 }')
|
||||||
|
[[ -z "$sri" ]] && err "$output"
|
||||||
|
echo "$sri"
|
||||||
|
}
|
||||||
|
|
||||||
|
for sys in darwin linux; do
|
||||||
|
url=$(resolve_url ${sys})
|
||||||
|
version=$(get_version "${url}")
|
||||||
|
if [[ ${version} != "$(json_get ".${sys}.version")" ]]; then
|
||||||
|
sri=$(sri_get "${url}")
|
||||||
|
json_set ".${sys}.version" "${version}"
|
||||||
|
json_set ".${sys}.hash" "${sri}"
|
||||||
|
fi
|
||||||
|
done
|
10
nixos/overlays/warp-terminal/versions.json
Normal file
10
nixos/overlays/warp-terminal/versions.json
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
{
|
||||||
|
"darwin": {
|
||||||
|
"hash": "sha256-vogQAVbtiw2/U3oJrTj8SUexkEsEfYvmGq50nzy5aYo=",
|
||||||
|
"version": "0.2024.06.25.08.02.stable_01"
|
||||||
|
},
|
||||||
|
"linux": {
|
||||||
|
"hash": "sha256-Fc48bZzFBw9p636Mr8R+W/d1B3kIcOAu/Gd17nbzNfI=",
|
||||||
|
"version": "0.2024.06.25.08.02.stable_01"
|
||||||
|
}
|
||||||
|
}
|
|
@ -1,16 +0,0 @@
|
||||||
{ ... }:
|
|
||||||
let
|
|
||||||
finalVersion = "0.149.3";
|
|
||||||
in
|
|
||||||
final: prev: {
|
|
||||||
zed-editor = prev.zed-editor.overrideAttrs
|
|
||||||
(oldAttrs: {
|
|
||||||
version = finalVersion;
|
|
||||||
src = prev.fetchFromGithub {
|
|
||||||
hash = "sha256-ed6/QQObmclSA36g+civhii1aFKTBSjqB+LOyp2LUPg=";
|
|
||||||
};
|
|
||||||
cargoLock = prev.outputHashes {
|
|
||||||
"blade-graphics-0.4.0" = "sha256-sGXhXmgtd7Wx/Gf7HCWro4RsQOGS4pQt8+S3T+2wMfY=";
|
|
||||||
};
|
|
||||||
});
|
|
||||||
}
|
|
|
@ -1,56 +0,0 @@
|
||||||
{
|
|
||||||
disko.devices = {
|
|
||||||
disk = {
|
|
||||||
main = {
|
|
||||||
type = "disk";
|
|
||||||
device = "/dev/disk/by-diskseq/1";
|
|
||||||
content = {
|
|
||||||
type = "gpt";
|
|
||||||
partitions = {
|
|
||||||
ESP = {
|
|
||||||
priority = 1;
|
|
||||||
name = "ESP";
|
|
||||||
start = "1M";
|
|
||||||
end = "128M";
|
|
||||||
type = "EF00";
|
|
||||||
content = {
|
|
||||||
type = "filesystem";
|
|
||||||
format = "vfat";
|
|
||||||
mountpoint = "/boot";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
root = {
|
|
||||||
size = "100%";
|
|
||||||
content = {
|
|
||||||
type = "btrfs";
|
|
||||||
extraArgs = [ "-f" ]; # Override existing partition
|
|
||||||
# Subvolumes must set a mountpoint in order to be mounted,
|
|
||||||
# unless their parent is mounted
|
|
||||||
subvolumes = {
|
|
||||||
# Subvolume name is different from mountpoint
|
|
||||||
"/rootfs" = {
|
|
||||||
mountpoint = "/";
|
|
||||||
};
|
|
||||||
# Subvolume name is the same as the mountpoint
|
|
||||||
"/home" = {
|
|
||||||
mountOptions = [ "compress=zstd" ];
|
|
||||||
mountpoint = "/home";
|
|
||||||
};
|
|
||||||
# Sub(sub)volume doesn't need a mountpoint as its parent is mounted
|
|
||||||
"/home/user" = { };
|
|
||||||
# Parent is not mounted so the mountpoint must be set
|
|
||||||
"/nix" = {
|
|
||||||
mountOptions = [ "compress=zstd" "noatime" ];
|
|
||||||
mountpoint = "/nix";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
mountpoint = "/partition-root";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -35,9 +35,7 @@ with lib;
|
||||||
wget
|
wget
|
||||||
dnsutils
|
dnsutils
|
||||||
jq
|
jq
|
||||||
yq-go
|
yq
|
||||||
nvme-cli
|
|
||||||
smartmontools
|
|
||||||
];
|
];
|
||||||
|
|
||||||
networking.useDHCP = lib.mkDefault true;
|
networking.useDHCP = lib.mkDefault true;
|
||||||
|
|
|
@ -26,14 +26,12 @@
|
||||||
"https://hsndev.cachix.org"
|
"https://hsndev.cachix.org"
|
||||||
"https://nix-community.cachix.org"
|
"https://nix-community.cachix.org"
|
||||||
"https://numtide.cachix.org"
|
"https://numtide.cachix.org"
|
||||||
"https://cosmic.cachix.org/"
|
|
||||||
];
|
];
|
||||||
|
|
||||||
trusted-public-keys = [
|
trusted-public-keys = [
|
||||||
"hsndev.cachix.org-1:vN1/XGBZtMLnTFYDmTLDrullgZHSUYY3Kqt+Yg/C+tE="
|
"hsndev.cachix.org-1:vN1/XGBZtMLnTFYDmTLDrullgZHSUYY3Kqt+Yg/C+tE="
|
||||||
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
||||||
"numtide.cachix.org-1:2ps1kLBUWjxIneOy1Ik6cQjb41X0iXVXeHigGmycPPE="
|
"numtide.cachix.org-1:2ps1kLBUWjxIneOy1Ik6cQjb41X0iXVXeHigGmycPPE="
|
||||||
"cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="
|
|
||||||
];
|
];
|
||||||
|
|
||||||
# Fallback quickly if substituters are not available.
|
# Fallback quickly if substituters are not available.
|
||||||
|
|
|
@ -1,9 +1,9 @@
|
||||||
services:
|
services:
|
||||||
pushover:
|
pushover:
|
||||||
env: ENC[AES256_GCM,data:oqU6JIwsFaxuO3Lc7EeRJCWrR1bDzs70LKqNtO/wZ4ZC56EuAS7dei9TKXqYdQ34svXeVDnbwkHLNIWVJtA6xUoKWbrhc3VMscuChRtijzONW9Ln72veAVraV5cEUCr0,iv:sZjoAc7WKPTHskSIKnfLmI2/W7Jwi7kzTaAFE3pomus=,tag:KO7tTxpT+LF3JXCx/LS0CQ==,type:str]
|
env: ENC[AES256_GCM,data:Z138qrnqNDIlhZiuEPmTekY9oq3KGH7HIr4MrXyYoMqjZRsgj3scpeFFrO1CCyfaq9gCugStEQvkmeinJ+1FkoOs3qMRbIgxinUfj366cuOas2mo4OSw0+v559Acgpxr,iv:jq+IPXYTC7RI3YkbD/avMI+cXtXlWPQwizzkdjPzlXE=,tag:KI5ye2yMu5JAl5KodWpwaA==,type:str]
|
||||||
pushover-user-key: ENC[AES256_GCM,data:S/zpO5t/Ze/Nu6nMNkHmQdDcDNwpxpoueC1te6bX,iv:VGwuQDg34VqBzUEQTDdHUCMJV655pQBrBke2kerv9lU=,tag:MQvKbGQeMxMLFsKnTxuVUg==,type:str]
|
pushover-user-key: ENC[AES256_GCM,data:WbhwKcEaR3AuAv2HUZ/A8kGjsHj2OB8hBwSTHOKk,iv:q8HVHg5dHKPSdTzfgJr95JxxEY2X1u0wPEvLlu9UfAI=,tag:H91O575QWfR3z12OunZwew==,type:str]
|
||||||
pushover-api-key: ENC[AES256_GCM,data:rinJsuixNfCSQbAHixSQyn08MDLZ9hLMVr8XNIDZ,iv:r0uP0A4K0FUL3KQAcEQub+o8R4BKIgNckSnof8TIZzs=,tag:23KlBJl6r4zwqayPYbtjyA==,type:str]
|
pushover-api-key: ENC[AES256_GCM,data:uhm/Jbuo5pFkE6H98L3KUboiYOBh7f5QgRRnzewo,iv:Ai/EKu6+8gVnmDND0e4W30ExPU7GioSJ6kEYbbpLVWI=,tag:sOzg+tSNwwP4WAUXiQ/NPw==,type:str]
|
||||||
jahanson-password: ENC[AES256_GCM,data:XGTQabc+LYpQ6WbVm6Q=,iv:4DlJJ5yl4aaAWKp/go286ioqk4HRc94VhUwLUIb6lXo=,tag:kK1qY7vMZRVirS/ymI3D4A==,type:str]
|
jahanson-password: ENC[AES256_GCM,data:lfTo0YLbENWKUZa7eqQ=,iv:pA9xFU5wRvpX6NSvOfHCNu1A7f/wsyuHQftLjWdXoys=,tag:AxWfhgOZdVHVac8thB3bgg==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
@ -13,77 +13,68 @@ sops:
|
||||||
- recipient: age1d9p83j52m2xg0vh9k7q0uwlxwhs3y6tlv68yg9s2h9mdw2fmmsqshddz5m
|
- recipient: age1d9p83j52m2xg0vh9k7q0uwlxwhs3y6tlv68yg9s2h9mdw2fmmsqshddz5m
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYbEhtZFFibXRYRHN1WHB3
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGYW5xM2pwbmM0MmNqZlE5
|
||||||
ZHlMMSt1MWhZRVhFTnFyaG50Rm04NDlmRjNFClRITU9VbXNxMERxWnpqc2U1MzYv
|
SHdlcnE0SXcvSHpkS1F6WDdWNUxyenRrTUJFCjlPbTY4L252S3IwN1c4QitIbGR2
|
||||||
cVEwdXhTTyswbVA5alU1cXpoYnFUOVkKLS0tIHQ2SC9JQWNObzZ5Z2ZRb1J0Nkh6
|
SDBwMXdCdGVjeExkRTJQNnd0a1NSVGMKLS0tIGE4T0pXTEMwQ2FyRVpNS1ZyVDdO
|
||||||
NUFvbGJnQVFIZm5SUDV0SitWZ05lYjgKEH/RAEebaa8Ccbs5j7G6xOhkSNnOFGas
|
QUVxOXFZTVFMZHJyZFFaS3loU1ZiQkUKQJYLPv8Acl9eeDOuWFP3HoUPH2jYGweK
|
||||||
+ntPSvzEzgJAR4Jho4Pz95id686DZPWmCVakRyZxdtZSzS5+PBKFTA==
|
Hky9FVS0LhOVxlVhKEX/pH/EsR1O7Id//5zq437KZA6v6sZqVdfx+w==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1m83ups8xn2jy4ayr8gw0pyn34smr0huqc5v76e4887az4vsl4yzsj0dlhd
|
- recipient: age1m83ups8xn2jy4ayr8gw0pyn34smr0huqc5v76e4887az4vsl4yzsj0dlhd
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBMU5ieG5EMzBUT2RLYkV5
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByMStjc2diVUE3OU55MVRo
|
||||||
aHNreXhBTFNSUlJMazBpRG8rYUEwM29mRWhjCmkwVFA2OVg3Qmltc2p0NUpXaUQr
|
UGFrSDZBbXVDTG9icHJjTEh6UHlPRSt3emlnCk9pQ3dVWi92ck5oZitMUFp1Y2tk
|
||||||
V0FhbkNsOWJsUnRLbTdYS2xVaTJlWWMKLS0tIG5JUzU3dDJrak02L1NDbytsdk5y
|
Tk4xbSt0OTBJMUhWRmtTd0kwVXo5aXMKLS0tIDFOQi80QWNoZEVGeExyeUJqeUV5
|
||||||
b1FhVktpVFZCQWowRitUcnRDdDI1WGMK+OBrJmrpiZZWOov+jag2UyOI6Tg1RJqI
|
UWZUSGo2UmsxOWRYdFowSmJoT1FjeEEK7eb3XYm6/Q/hXXBNfHX1zDypq5SG74dy
|
||||||
pgnHv0Ju+cn8Pg4VvAE/zN+hYMzD2aMMpQk5I1BhuH8IS56NpMzcFg==
|
keMjZI7XlYDpWij/juZl6oYRUaOxUzz4T9QE5jUjJsv9pXRCcoSPdA==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age18kj3xhlvgjeg2awwku3r8d95w360uysu0w5ejghnp4kh8qmtge5qwa2vjp
|
- recipient: age18kj3xhlvgjeg2awwku3r8d95w360uysu0w5ejghnp4kh8qmtge5qwa2vjp
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGNnBxVGZFSTBzMmdiTElp
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYYklSam94VU1wYlRDRkZO
|
||||||
RkpVbndYcS9NVlFuK0ZQb2M2cU0zVDJ3MTFzCmV5Y25WWGVkNk91dWUzTm1UdURT
|
QWhqYWxZNFBnaVBhZWtvbkxhZzlFUVlESEF3ClpQVFFJTUs5YUlxK1U2cUpoWDlz
|
||||||
d29RRGZNK2J2ZjdNN2hHMUd1MEFqM2sKLS0tIGtXNU1jQStmWE5kQldrQW9seVoz
|
a2RqVFBjNzdidnZYcGcrb2ZDMXM2ZWMKLS0tIHZsNU9IRlllUW9nKzIzMlA1cm1E
|
||||||
Q001QkZVb282cW5RY2Nlc0ZRTy9vYXcKFXO2d0dZVoFTdw5M4bJH3C3mi6e56Bvp
|
RHdsZ0h6Q0hhRmFNMUFYNUcxNXA5YnMKa9YXvrQlHIW9X94IrnVbJq9WDuQahdoC
|
||||||
ubyGesXow1S0JytyveWhpTJVh/6gfXAGGSGJyVbM3xoguBtdhazzAQ==
|
Uimav/J0XgN1/Eu4i+bFhOvIoZcV8t0L1uZbWU6Fn3yhDl4BXGPPUg==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1lp6rrlvmytp9ka6q89m0e0am26222kwrn7aqd45hu07s3a6jv3gqty86eu
|
- recipient: age1lp6rrlvmytp9ka6q89m0e0am26222kwrn7aqd45hu07s3a6jv3gqty86eu
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6ZytiVDQyTlQxU1MrYUdV
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGSUlwdjJIUWdTWVlZcGM5
|
||||||
WGVBNVN0UUVlYXkyOVA3MHBkakpYOXA1QWxJCjBCYUJXamFpYkJDaVNCWGdnRGk3
|
dndnc1lFb0hjdW5vbzdJR3dJN3c0Z29FemlZCjBCVGxUS1dGVkZWc2hmTStYcDF3
|
||||||
MDJtM2k1aVdxaGRxQWREeUg2TDNpbEkKLS0tIHMrSlFDcGs0N2JGOVZYdXlSRk9I
|
bTR1WDFUN0pOa2wxYmZNVnhsQ1dhQVUKLS0tIEJmdzlJN1AvTkZqRHRGQTcrbG4y
|
||||||
OGNEMlRad28zT3FmeUxSWjkrNGJTZDQKuP3lfQ0hwdK5DzrL4Qn5VkRCtvHi50Yr
|
NEJtV0FJU3RMbGNBMCtyWnIzYWwwSUEK/kt62lblp5wMYC8uWWRV09rWwQBOxxXw
|
||||||
PoIVrF+1gJA2COrytD81rPH/OsWMAUdEKtRO1EOGOTEag21e0UpSnA==
|
K2gzMoIIy44u2PMKZSX8vp2socQfMxNtBqMm4PH6Tl5oyd9cNMX9rA==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1e4sd6jjd4uxxsh9xmhdsnu6mqd5h8c4zz4gwme7lkw9ee949fc9q4px9df
|
- recipient: age1vsqx6kukrfhrwdy4sujnra5gsswzuh0cfcfdh0d9qjrkts8hl5aqnjx32m
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZNDJNWjIzenptWlhOUzJm
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLRXd0bUhzeTlvYmRsalVK
|
||||||
U2c4UjlnTEFvTWw4U041ZVNqa0FPMi8zZ1VVCmZCYXE0L2pVdjRQajl6YlRLdnpr
|
Sjk1YWxzdTdNSVNTai85WndIUmZabW81SGpvClFFTytkRHc3a3R1Rk9PVmtKR2tB
|
||||||
Uk0yL2c3cmt4ZUZjK0RHMis5YWZPblUKLS0tIEIvTzZuczZlWitLVW1kY1pWUFhr
|
cWlzUk1Qb2dMWlBva1Boa0dGOGhPY2sKLS0tIGhDVmZHWUlsL1RrREdIWWdBSmw2
|
||||||
a25iRHBJMFZJYVNSQVgwanBIS2RnZ0EKuKzaVJHkZj2kB4O8z9XMWmoRGbFaDEOl
|
U080Z2FTcCt5OWUvYmNVUlVzNnRvcjgKeKVY57El+zPFwS0scrp8qHXodmKn8qcn
|
||||||
JuU7jOfR+0r9zBwSAzrYnLL5xBh6IH5L3UWB4vfi6X271KJa1g7d3A==
|
qqF3804LfavB27BnYjHLcGb52HrgrmtpY3TpjfM3i7uuYjJZbh9xCw==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age19jm7uuam7gkacm3kh2v7uqgkvmmx0slmm9zwdjhd2ln9r60xzd7qh78c5a
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2c2xJeHNDZUo3SUlpd3N5
|
|
||||||
bzJFVzRkMFY3UnljcGNKWWJYWlVVZGxVUUZNCll5ekRzampIYS9JUHdOYXZBNWp2
|
|
||||||
UU5kREpCNFpYK2l5M0x0Qjg4V2pESFEKLS0tIHhyNmh3SVJLZVRXY29hN2ZRTmZV
|
|
||||||
U1RMTGpCblE5RzJzeWdYUm4xYnZ2b0UK/oQ44kjpwdOwF4rr+M0mxmJipuBAvPTV
|
|
||||||
dQJqFu6xs664uDosd8rWT7sEeEWJLvs5s/QZKD73EiCg7i9819pMrQ==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1nwnqxjuaxlt5g7fe8rnspvn2c36uuef4hzwuwa6cfjfalz2lrd4q4n5fpl
|
- recipient: age1nwnqxjuaxlt5g7fe8rnspvn2c36uuef4hzwuwa6cfjfalz2lrd4q4n5fpl
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4RmhTK29yaGVCbmJmWkdC
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQbXZVSVMyZ09YYW13aEFW
|
||||||
VU1nczRwWWV6RG5sY3ZCeWVyUFlQTS91aVJnClNlMjRPdEN0L1NaOXZGdFlJdW41
|
TlJ3TlYxbyttVGs0VVFHVmNTT3oxalVYc0NvCnF2WW53MHhxSHgwTnNGVkZyd3Zo
|
||||||
TlRpdTYveXdRSW1UaGNCbXk3UWtQdDAKLS0tIDV5ZkNWVTNGRnJtcGxJQmZ2NDBh
|
UzZ4NHVQOTlkMlVVYTdFWXdoVVM0bUUKLS0tIG05M2hmWjhGaWZrb2RBRGV3U2xD
|
||||||
V1h3WVZzRk5pV2JSMlhmOFpaQXNIWmsKy0VbeGo9FchDTZ3327/9/8WEQce1RLSj
|
WnI1c1VLZDJ5aW9aMFN0YnBiN0wyRUEKxZJCCI6jO5nbwwIm4lUo7WrqKKRvyQbY
|
||||||
sWW952ZDkS/tkcYwcKa2FZYNpv71wwW6RWwZEtfGKmYttYNOovwzBw==
|
CYCJfZhCIYwXgrvFp1CLnY81ayZjnkVUKGMvOoQD2tJ9FZmBBFolxg==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1a8z3p24v32l9yxm5z2l8h7rpc3nhacyfv4jvetk2lenrvsdstd3sdu2kaf
|
- recipient: age1a8z3p24v32l9yxm5z2l8h7rpc3nhacyfv4jvetk2lenrvsdstd3sdu2kaf
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiU0hPVDZrVWp1dUdlUGJH
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCNlFjbWduR0IyUnhhaVZW
|
||||||
V2hDK2QwQ291Zi9iTXBEUmNjTDhwOHRabjFNCkllbThlMmRZSGFyb3QyQjN3UEFF
|
NW9mbXBVUC9PSXdVR3ozRmNBQ1lHSkJCUFN3CnJvb0pBak9KczZTM3F0SktTc0Rl
|
||||||
ZHNteXFRM01Vb3Q3bit4M0ZJaWtTVGsKLS0tIEFrTDVGN0V5UnZiTWROT1FxQzFN
|
QjZOVWJlUGRxeWIrUUVWdGVjbk5IanMKLS0tIHRlaFUxejBybzl0bFJqUmlab25O
|
||||||
QWR3TU1mWmNUZmdpUkhyQzBTUm1OaXcKnJ1W9n8gIBCyjuIGca6B2Z2EwCnfrrJJ
|
cTdUU1EyY3BmdlhUMVhZWE1SekdUNzQKg8KI+jRz6d3ugvx8FNMkpC3kfj4flMY7
|
||||||
bm9RMO3ZmA5ffc+nTyKfy9QtYY6i9ksUxNsUp5sWCxiKKb759voURQ==
|
gRI9Ej777+Vl9Zowo1I4qF4t/6kAfvA8JUiuQnl7Ns7Mou0EyMVv5Q==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-09-18T23:57:27Z"
|
lastmodified: "2024-07-15T23:16:58Z"
|
||||||
mac: ENC[AES256_GCM,data:+emFGGQB1nrYdbGQE4/zqhMz+CtXlDhBCFCgimW4UddTqbtggqSy1J+w3Y4/vih6fQmBgGQHjuSNO84ZPtnvxSf1DOOWknic/8ozU5hPyhNksYl0D68EthUuqdsuIHzY6vEZMYPjIRaig/dAii/ov6pmLTlhKFjt7FpQTIuKmdY=,iv:MCaltKhV2CV0w31cpf1GQzAYlQphaHh/PGMbtN3EPOo=,tag:LGpbDiRarAOnORill/aE9w==,type:str]
|
mac: ENC[AES256_GCM,data:M09iYBGnRluGoGRQTOT9/oTHlg692Lm4LXrz0u5V8DleWRg1zIyjYxtupadpKMbGQ1DVuhB3oNejuvmjKJ+eX2Z8m4LMDhVFJZEfjd5/g+fUuwoyEzI1nU4ttvQ1j6NnO9F0F/VxvOp9fb78zpgzhxDEMjVrhHcnM0qyZtnSx7Y=,iv:V21v29Xx1QWGb1/Lap6dRJ6OuwcsdDCW0QrDeitqtYw=,tag:3PEgDPAzCD01XLCR+JJqQA==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.8.1
|
||||||
|
|
|
@ -4,13 +4,7 @@
|
||||||
# Enable printing changes on nix build etc with nvd
|
# Enable printing changes on nix build etc with nvd
|
||||||
activationScripts.report-changes = ''
|
activationScripts.report-changes = ''
|
||||||
PATH=$PATH:${lib.makeBinPath [ pkgs.nvd pkgs.nix ]}
|
PATH=$PATH:${lib.makeBinPath [ pkgs.nvd pkgs.nix ]}
|
||||||
profiles=$(${pkgs.coreutils}/bin/ls -dv /nix/var/nix/profiles/system-*-link | tail -2)
|
nvd diff $(ls -dv /nix/var/nix/profiles/system-*-link | tail -2)
|
||||||
profile_count=$(echo "$profiles" | ${pkgs.coreutils}/bin/wc -l)
|
|
||||||
if [ $profile_count -gt 1 ]; then
|
|
||||||
nvd diff $profiles
|
|
||||||
else
|
|
||||||
echo "Not enough system configurations to compare. Found only $profile_count profile."
|
|
||||||
fi
|
|
||||||
'';
|
'';
|
||||||
|
|
||||||
# Do not change unless you know what you are doing
|
# Do not change unless you know what you are doing
|
||||||
|
|
|
@ -10,27 +10,13 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
users = {
|
users.users.jahanson = {
|
||||||
groups = {
|
|
||||||
kah = {
|
|
||||||
gid = 568;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
users = {
|
|
||||||
kah = {
|
|
||||||
isSystemUser = true;
|
|
||||||
group = "kah";
|
|
||||||
uid = 568;
|
|
||||||
};
|
|
||||||
|
|
||||||
jahanson = {
|
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
shell = pkgs.fish;
|
shell = pkgs.fish;
|
||||||
hashedPasswordFile = config.sops.secrets.jahanson-password.path;
|
hashedPasswordFile = config.sops.secrets.jahanson-password.path;
|
||||||
extraGroups =
|
extraGroups =
|
||||||
[
|
[
|
||||||
"wheel"
|
"wheel"
|
||||||
"kah"
|
|
||||||
]
|
]
|
||||||
++ ifTheyExist [
|
++ ifTheyExist [
|
||||||
"network"
|
"network"
|
||||||
|
@ -39,18 +25,12 @@ in
|
||||||
"podman"
|
"podman"
|
||||||
"audio" # pulseaudio
|
"audio" # pulseaudio
|
||||||
"libvirtd"
|
"libvirtd"
|
||||||
"wireshark"
|
|
||||||
"minecraft"
|
|
||||||
];
|
];
|
||||||
|
|
||||||
openssh.authorizedKeys.keys = [
|
openssh.authorizedKeys.keys = [
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIDJtqzSFK3MN12Lo3Y4DnzJV5NiygIPkR+gun5oEb2q jahanson@legiondary"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIDJtqzSFK3MN12Lo3Y4DnzJV5NiygIPkR+gun5oEb2q jahanson@legiondary"
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsUe5YF5z8vGcEYtQX7AAiw2rJygGf2l7xxr8nZZa7w jahanson@durincore"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsUe5YF5z8vGcEYtQX7AAiw2rJygGf2l7xxr8nZZa7w jahanson@durincore"
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILcLI5qN69BuoLp8p7nTYKoLdsBNmZB31OerZ63Car1g jahanson@telchar"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILcLI5qN69BuoLp8p7nTYKoLdsBNmZB31OerZ63Car1g jahanson@telchar"
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHwUOBEd0z2Jh6qJi4JeJbWdbU665E8/cP44iaUjW1DA jahanson@shadowfax"
|
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPHzVi4xC6aLYsC4iiIX9rBfEh/FkWZilukLxmfjU9DE jahanson@gandalf"
|
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,29 +0,0 @@
|
||||||
{ lib, ... }: {
|
|
||||||
imports = [ ];
|
|
||||||
|
|
||||||
boot = {
|
|
||||||
loader.systemd-boot.enable = true;
|
|
||||||
loader.efi.canTouchEfiVariables = true;
|
|
||||||
initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
|
|
||||||
initrd.kernelModules = [ ];
|
|
||||||
kernelModules = [ "kvm-amd" ];
|
|
||||||
extraModulePackages = [ ];
|
|
||||||
};
|
|
||||||
|
|
||||||
mySystem = {
|
|
||||||
services.openssh.enable = true;
|
|
||||||
security.wheelNeedsSudoPassword = false;
|
|
||||||
|
|
||||||
# Restic backups disabled.
|
|
||||||
# TODO: configure storagebox for hetzner backups
|
|
||||||
system.resticBackup = {
|
|
||||||
local.enable = false;
|
|
||||||
local.noWarning = true;
|
|
||||||
remote.enable = false;
|
|
||||||
remote.noWarning = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
networking.useDHCP = lib.mkDefault true;
|
|
||||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
|
||||||
}
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue