Feat: containers and helios join the party (#79)
* feat: add * hack * feat: add secrets pre-commit * wip * wip * hacking at gatus * hacking at gatus * wip * wip * hack * hack * hack * hack * feat: gatus doing gatus stuff * hack * guh * hacking * hack * hack * hack * feat: add helios * hack * chore: new hosts reencrypt * Auto lint/format --------- Co-authored-by: Truxnell <9149206+truxnell@users.noreply.github.com> Co-authored-by: truxnell <truxnell@users.noreply.github.com>
This commit is contained in:
parent
b646419432
commit
1554768917
59 changed files with 1833 additions and 567 deletions
2
.gitignore
vendored
2
.gitignore
vendored
|
@ -2,3 +2,5 @@
|
|||
**/*.tmp.sops.yaml
|
||||
result
|
||||
.direnv
|
||||
**/*.sops.tmp.yaml
|
||||
.kube
|
||||
|
|
|
@ -26,3 +26,13 @@ repos:
|
|||
- id: remove-crlf
|
||||
- id: remove-tabs
|
||||
exclude: (Makefile)
|
||||
- repo: https://github.com/zricethezav/gitleaks
|
||||
rev: v8.18.1
|
||||
hooks:
|
||||
- id: gitleaks
|
||||
- repo: https://github.com/yuvipanda/pre-commit-hook-ensure-sops
|
||||
rev: v1.0
|
||||
hooks:
|
||||
- id: sops-encryption
|
||||
# Uncomment to exclude all markdown files from encryption
|
||||
# exclude: *.\.md
|
||||
|
|
|
@ -14,6 +14,7 @@ keys:
|
|||
- &citadel age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
||||
- &rickenbacker age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
||||
- &shodan age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
|
||||
- &helios age1se7am4c5dh35aulf5zt38ymf600hz8gah4eudr9ml4fmr8h2eqxszuel73
|
||||
|
||||
creation_rules:
|
||||
- path_regex: .*\.sops\.yaml$
|
||||
|
@ -24,3 +25,4 @@ creation_rules:
|
|||
- *citadel
|
||||
- *rickenbacker
|
||||
- *shodan
|
||||
- *helios
|
||||
|
|
|
@ -3,7 +3,9 @@
|
|||
version: "3"
|
||||
|
||||
vars:
|
||||
host: $HOSTNAME
|
||||
hostname: $HOSTNAME
|
||||
host: '{{ or .host .hostname }}'
|
||||
|
||||
|
||||
tasks:
|
||||
switch:
|
||||
|
@ -16,12 +18,46 @@ tasks:
|
|||
- echo "This will switch your config."
|
||||
- task: .prompt_to_continue
|
||||
- git add .
|
||||
- sudo nixos-rebuild switch --flake "{{.ROOT_DIR}}/#{{.host}}" --impure
|
||||
- sudo nixos-rebuild switch --flake "{{.ROOT_DIR}}/#{{.hostname}}" --impure
|
||||
preconditions:
|
||||
- sh: which nix
|
||||
msg: "nix not found"
|
||||
- sh: which nixos-rebuild
|
||||
msg: "nixos-rebuild not found"
|
||||
|
||||
deploy-single:
|
||||
desc: Deploy flake to single node
|
||||
# silent: true
|
||||
requires:
|
||||
vars:
|
||||
- host
|
||||
cmds:
|
||||
- echo "This will deploy the local flake to host {{ .host }}."
|
||||
- task: .prompt_to_continue
|
||||
- .taskfiles/nix/update-single-machine.sh {{.host}}
|
||||
preconditions:
|
||||
- sh: which nix
|
||||
msg: "nix not found"
|
||||
- sh: which nixos-rebuild
|
||||
msg: "nixos-rebuild not found"
|
||||
|
||||
deploy-all:
|
||||
desc: Deploy flake to all nodes
|
||||
# silent: true
|
||||
requires:
|
||||
vars:
|
||||
- host
|
||||
cmds:
|
||||
- echo "This will deploy the local flake to all whitelisted hosts."
|
||||
- task: .prompt_to_continue
|
||||
- .taskfiles/nix/update-all.sh
|
||||
preconditions:
|
||||
- sh: which nix
|
||||
msg: "nix not found"
|
||||
- sh: which nixos-rebuild
|
||||
msg: "nixos-rebuild not found"
|
||||
|
||||
|
||||
|
||||
test:
|
||||
desc: Build and apply nix configuration
|
||||
|
|
37
.taskfiles/nix/update-all.sh
Executable file
37
.taskfiles/nix/update-all.sh
Executable file
|
@ -0,0 +1,37 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
set -e
|
||||
|
||||
hosts=($(echo $(nix eval .#nixosConfigurations --apply 'pkgs: builtins.concatStringsSep " " (builtins.attrNames pkgs)') | xargs))
|
||||
skip=(
|
||||
"citadel"
|
||||
"rickenbacker"
|
||||
)
|
||||
|
||||
reboot=0
|
||||
|
||||
while getopts ":r" option; do
|
||||
case $option in
|
||||
r)
|
||||
reboot=1
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
for host in "${hosts[@]}"; do
|
||||
# Check if the host is in the skip list
|
||||
if [[ " ${skip[*]} " =~ " ${host} " ]]; then
|
||||
continue
|
||||
fi
|
||||
fqdn="$host.l.trux.dev"
|
||||
if [ $reboot -eq 0 ]; then
|
||||
echo $fqdn
|
||||
nixos-rebuild switch -j auto --use-remote-sudo --target-host $fqdn --flake ".#$host"
|
||||
else
|
||||
echo "$fqdn with reboot"
|
||||
nixos-rebuild boot -j auto --use-remote-sudo --target-host $fqdn --flake ".#$host"
|
||||
ssh -i $rsa_key $fqdn 'sudo reboot'
|
||||
fi
|
||||
echo
|
||||
echo
|
||||
done
|
33
.taskfiles/nix/update-single-machine.sh
Executable file
33
.taskfiles/nix/update-single-machine.sh
Executable file
|
@ -0,0 +1,33 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
set -e
|
||||
|
||||
cd /home/truxnell/.local/nix-config
|
||||
|
||||
# rsa_key="~/.nixos/secrets/ssh_keys/ansible/ansible.key"
|
||||
# export NIX_SSHOPTS="-t -i $rsa_key"
|
||||
|
||||
reboot=0
|
||||
|
||||
while getopts ":r" option; do
|
||||
case $option in
|
||||
r)
|
||||
reboot=1
|
||||
host=$2
|
||||
fqdn="$host.l.trux.dev"
|
||||
echo "$fqdn with reboot"
|
||||
nixos-rebuild boot -j auto --use-remote-sudo --target-host $fqdn --flake ".#$host"
|
||||
# ssh -i $rsa_key $fqdn 'sudo reboot'
|
||||
ssh $fqdn 'sudo reboot'
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
if [ $reboot -eq 0 ]; then
|
||||
host=$1
|
||||
fqdn="$host.l.trux.dev"
|
||||
echo "$fqdn"
|
||||
nixos-rebuild switch -j auto --use-remote-sudo --target-host $fqdn --flake ".#$host"
|
||||
fi
|
||||
echo
|
||||
echo
|
|
@ -2,3 +2,4 @@
|
|||
* Dont make conditional imports (nix needs to resolve imports upfront)
|
||||
* can pass between nixos and home-manager with config.homemanager.users.<X>.<y> and osConfig.<x?
|
||||
* when adding home-manager to existing setup, the home-manager service may fail due to trying to over-write existing files in `~`. Deleting these should allow the service to start
|
||||
* yaml = json, so using nix + builtins.toJSON a lot (and repl to vscode for testing)
|
|
@ -58,6 +58,7 @@ nixos-rebuild switch
|
|||
```
|
||||
|
||||
Set the password for the user that was created.
|
||||
Might need to use su?
|
||||
|
||||
```sh
|
||||
passwd truxnell
|
||||
|
|
41
docs/vm/installing-zfs-impermance.md
Normal file
41
docs/vm/installing-zfs-impermance.md
Normal file
|
@ -0,0 +1,41 @@
|
|||
> https://grahamc.com/blog/erase-your-darlings/
|
||||
|
||||
# Partitioning
|
||||
parted /dev/nvme0n1 -- mklabel gpt
|
||||
parted /dev/nvme0n1 -- mkpart root ext4 512MB -8GB
|
||||
parted /dev/nvme0n1 -- mkpart swap linux-swap -8GB 100%
|
||||
parted /dev/nvme0n1 -- mkpart ESP fat32 1MB 512MB
|
||||
parted /dev/nvme0n1 -- set 3 esp on
|
||||
|
||||
# Formatting
|
||||
mkswap -L swap /dev/nvme0n1p2
|
||||
mkfs.fat -F 32 -n boot /dev/nvme0n1p3
|
||||
|
||||
# ZFS on root partition
|
||||
zpool create -O mountpoint=none rpool /dev/nvme0n1p1
|
||||
|
||||
zfs create -p -o mountpoint=none rpool/local/root
|
||||
## immediate blank snapshot
|
||||
zfs snapshot rpool/local/root@blank
|
||||
mount -t zfs rpool/local/root /mnt
|
||||
|
||||
# Boot partition
|
||||
mkdir /mnt/boot
|
||||
mount /dev/nvme0n1p3 /mnt/boot
|
||||
|
||||
#mk nix
|
||||
zfs create -p -o mountpoint=legacy rpool/local/nix
|
||||
mkdir /mnt/nix
|
||||
mount -t zfs rpool/local/nix /mnt/nix
|
||||
|
||||
# And a dataset for /home: if needed
|
||||
|
||||
zfs create -p -o mountpoint=legacy rpool/safe/home
|
||||
mkdir /mnt/home
|
||||
mount -t zfs rpool/safe/home /mnt/home
|
||||
|
||||
zfs create -p -o mountpoint=legacy rpool/safe/persist
|
||||
mkdir /mnt/persist
|
||||
mount -t zfs rpool/safe/persist /mnt/persist
|
||||
|
||||
Set `networking.hostid`` in the nixos config to `head -c 8 /etc/machine-id`
|
11
docs/vm/servers.md
Normal file
11
docs/vm/servers.md
Normal file
|
@ -0,0 +1,11 @@
|
|||
|
||||
SHODAN = lab01
|
||||
XERXES = lab02
|
||||
|
||||
DURANDAL = dns01
|
||||
dns02
|
||||
|
||||
pikvm
|
||||
|
||||
CITADEL = gaming pc
|
||||
HYPERION = laptop
|
30
flake.nix
30
flake.nix
|
@ -69,6 +69,10 @@
|
|||
# Use nixpkgs-fmt for 'nix fmt'
|
||||
formatter = forAllSystems (system: nixpkgs.legacyPackages."${system}".nixpkgs-fmt);
|
||||
|
||||
# setup devshells against shell.nix
|
||||
devShells = forAllSystems (pkgs: import ./shell.nix { inherit pkgs; });
|
||||
|
||||
|
||||
nixosConfigurations =
|
||||
# with self.lib;
|
||||
let
|
||||
|
@ -188,10 +192,10 @@
|
|||
];
|
||||
};
|
||||
|
||||
"shodan" = mkNixosConfig {
|
||||
# Rpi for DNS and misc services
|
||||
"durandal" = mkNixosConfig {
|
||||
# test lenovo tiny
|
||||
|
||||
hostname = "shodan";
|
||||
hostname = "durandal";
|
||||
system = "x86_64-linux";
|
||||
hardwareModules = [
|
||||
./nixos/profiles/hw-generic-x86.nix
|
||||
|
@ -202,6 +206,21 @@
|
|||
];
|
||||
};
|
||||
|
||||
"helios" = mkNixosConfig {
|
||||
# lenovo tiny NAS
|
||||
|
||||
hostname = "helios";
|
||||
system = "x86_64-linux";
|
||||
hardwareModules = [
|
||||
./nixos/profiles/hw-generic-x86.nix
|
||||
];
|
||||
profileModules = [
|
||||
./nixos/profiles/role-server.nix
|
||||
{ home-manager.users.truxnell = ./nixos/home/truxnell/server.nix; }
|
||||
];
|
||||
};
|
||||
|
||||
|
||||
|
||||
};
|
||||
|
||||
|
@ -254,9 +273,8 @@
|
|||
};
|
||||
in
|
||||
{
|
||||
dns01 = mkDeployConfig "10.8.10.11" self.nixosConfigurations.dns01;
|
||||
dns02 = mkDeployConfig "10.8.10.10" self.nixosConfigurations.dns02;
|
||||
shodan = mkDeployConfig "10.8.20.33" self.nixosConfigurations.shodan;
|
||||
dns01 = mkDeployConfig "dns01" self.nixosConfigurations.dns01;
|
||||
dns02 = mkDeployConfig "dns02" self.nixosConfigurations.dns02;
|
||||
|
||||
# dns02 = mkDeployConfig "dns02.natallan.com" self.nixosConfigurations.dns02;
|
||||
};
|
||||
|
|
|
@ -30,7 +30,7 @@ with lib.hm.gvariant; {
|
|||
favorite-apps = [ "org.gnome.Nautilus.desktop" "firefox.desktop" "org.wezfurlong.wezterm.desktop" "PrusaGcodeviewer.desktop" "spotify.desktop" "org.gnome.Console.desktop" "codium.desktop" "discord.desktop" ];
|
||||
};
|
||||
"org/gnome/nautilus/preferences" = {
|
||||
default-folder-viewer = "icon-view";
|
||||
default-folder-viewer = "list-view";
|
||||
};
|
||||
"org/gnome/nautilus/icon-view" = {
|
||||
default-zoom-level = "small";
|
||||
|
|
|
@ -14,7 +14,6 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
# Temporary make .config/wezterm/wezterm.lua link to the local copy
|
||||
config = mkIf cfg.enable {
|
||||
# xdg.configFile."wezterm/wezterm.lua".source = config.lib.file.mkOutOfStoreSymlink cfg.configPath;
|
||||
programs.wezterm.package = pkgs.unstable.wezterm;
|
||||
|
@ -23,8 +22,11 @@ in
|
|||
extraConfig = ''
|
||||
local wez = require('wezterm')
|
||||
return {
|
||||
-- issue relating to nvidia drivers
|
||||
-- https://github.com/wez/wezterm/issues/2011
|
||||
enable_wayland = false,
|
||||
-- had to build out 550.67 manually to 'fix'
|
||||
enable_wayland = true,
|
||||
|
||||
color_scheme = "Dracula (Official)",
|
||||
check_for_updates = false,
|
||||
window_background_opacity = .90,
|
||||
|
|
|
@ -12,6 +12,7 @@ with config;
|
|||
|
||||
myHome.security = {
|
||||
ssh = {
|
||||
#TODO make this dynamic
|
||||
enable = true;
|
||||
matchBlocks = {
|
||||
citadel = {
|
||||
|
@ -40,6 +41,12 @@ with config;
|
|||
user = "root";
|
||||
identityFile = "~/.ssh/id_ed25519";
|
||||
};
|
||||
durandal = {
|
||||
hostname = "durandal";
|
||||
port = 22;
|
||||
identityFile = "~/.ssh/id_ed25519";
|
||||
};
|
||||
|
||||
helios = {
|
||||
hostname = "helios";
|
||||
user = "nat";
|
||||
|
|
|
@ -16,6 +16,7 @@
|
|||
|
||||
networking = {
|
||||
hostName = "nixos-bootstrap";
|
||||
hostId = ""; # set to `head -c 8 /etc/machine-id`
|
||||
dhcpcd.enable = true;
|
||||
};
|
||||
# Pick only one of the below networking options.
|
||||
|
|
|
@ -20,9 +20,12 @@
|
|||
radarr.enable = true;
|
||||
lidarr.enable = true;
|
||||
readarr.enable = true;
|
||||
|
||||
gatus.enable = true;
|
||||
sabnzbd.enable = true;
|
||||
qbittorrent.enable = true;
|
||||
};
|
||||
mySystem.nfs.nas.enable = true;
|
||||
mySystem.persistentFolder = "/persistent/nixos";
|
||||
|
||||
boot = {
|
||||
|
||||
|
@ -43,7 +46,7 @@
|
|||
};
|
||||
};
|
||||
|
||||
networking.hostName = "shodan1"; # Define your hostname.
|
||||
networking.hostName = "durandal"; # Define your hostname.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
|
||||
fileSystems."/" =
|
88
nixos/hosts/helios/default.nix
Normal file
88
nixos/hosts/helios/default.nix
Normal file
|
@ -0,0 +1,88 @@
|
|||
# Edit this configuration file to define what should be installed on
|
||||
# your system. Help is available in the configuration.nix(5) man page, on
|
||||
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
|
||||
{ config
|
||||
, lib
|
||||
, pkgs
|
||||
, ...
|
||||
}: {
|
||||
imports = [
|
||||
|
||||
|
||||
];
|
||||
|
||||
mySystem.services = {
|
||||
openssh.enable = true;
|
||||
|
||||
#containers
|
||||
podman.enable = true;
|
||||
traefik.enable = true;
|
||||
homepage.enable = true;
|
||||
sonarr.enable = true;
|
||||
radarr.enable = true;
|
||||
lidarr.enable = true;
|
||||
readarr.enable = true;
|
||||
gatus.enable = true;
|
||||
sabnzbd.enable = true;
|
||||
qbittorrent.enable = true;
|
||||
};
|
||||
|
||||
mySystem.system = {
|
||||
zfs.enable = true;
|
||||
zfs.mountPoolsAtBoot = [ "tank" ];
|
||||
zfs.impermanenceRollback = true;
|
||||
};
|
||||
|
||||
boot = {
|
||||
|
||||
initrd.availableKernelModules = [ "xhci_pci" "ahci" "mpt3sas" "nvme" "usbhid" "usb_storage" "sd_mod" ];
|
||||
initrd.kernelModules = [ ];
|
||||
kernelModules = [ "kvm-intel" ];
|
||||
extraModulePackages = [ ];
|
||||
|
||||
# for managing/mounting ntfs
|
||||
supportedFilesystems = [ "ntfs" ];
|
||||
|
||||
loader = {
|
||||
systemd-boot.enable = true;
|
||||
efi.canTouchEfiVariables = true;
|
||||
# why not ensure we can memtest workstatons easily?
|
||||
grub.memtest86.enable = true;
|
||||
|
||||
};
|
||||
};
|
||||
|
||||
networking.hostName = "helios"; # Define your hostname.
|
||||
networking.hostId = "fae0e831"; # for zfs, helps stop importing to wrong machine
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
|
||||
fileSystems."/" =
|
||||
{
|
||||
device = "rpool/local/root";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/nix" =
|
||||
{
|
||||
device = "rpool/local/nix";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/persist" =
|
||||
{
|
||||
device = "rpool/safe/persist";
|
||||
fsType = "zfs";
|
||||
};
|
||||
fileSystems."/boot" =
|
||||
{
|
||||
device = "/dev/disk/by-uuid/B19B-8223";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
|
||||
swapDevices =
|
||||
[{ device = "/dev/disk/by-uuid/1d7b6e4a-aa76-4217-af18-44378c2d93d9"; }];
|
||||
|
||||
|
||||
|
||||
}
|
|
@ -38,6 +38,7 @@ in
|
|||
virtualisation.oci-containers.containers.${app} = {
|
||||
image = "${image}";
|
||||
user = "${user}:${group}";
|
||||
dependsOn = [ "prowlarr" ];
|
||||
environment = {
|
||||
PUSHOVER_DEBUG = "false";
|
||||
PUSHOVER_APP_URL = "${app}.${config.networking.domain}";
|
||||
|
@ -51,16 +52,13 @@ in
|
|||
"/mnt/nas/natflix:/media:rw"
|
||||
"/etc/localtime:/etc/localtime:ro"
|
||||
];
|
||||
labels = {
|
||||
"traefik.enable" = "true";
|
||||
"traefik.http.routers.${app}.entrypoints" = "websecure";
|
||||
"traefik.http.routers.${app}.middlewares" = "local-only@file";
|
||||
"traefik.http.services.${app}.loadbalancer.server.port" = "${toString port}";
|
||||
|
||||
labels = config.lib.mySystem.mkTraefikLabels {
|
||||
name = app;
|
||||
inherit port;
|
||||
};
|
||||
};
|
||||
|
||||
mySystem.services.homepage.media-services = [
|
||||
mySystem.services.homepage.media-services = mkIf cfg.addToHomepage [
|
||||
{
|
||||
Lidarr = {
|
||||
icon = "${app}.png";
|
||||
|
@ -69,11 +67,21 @@ in
|
|||
container = "${app}";
|
||||
widget = {
|
||||
type = "${app}";
|
||||
url = "http://${app}:${toString port}";
|
||||
url = "https://${app}.${config.networking.domain}";
|
||||
key = "{{HOMEPAGE_VAR_LIDARR__API_KEY}}";
|
||||
};
|
||||
};
|
||||
}
|
||||
];
|
||||
|
||||
mySystem.services.gatus.monitors = mkIf config.mySystem.services.gatus.enable [{
|
||||
|
||||
name = app;
|
||||
group = "arr";
|
||||
url = "https://${app}.${config.networking.domain}";
|
||||
interval = "30s";
|
||||
conditions = [ "[CONNECTED] == true" ];
|
||||
}];
|
||||
|
||||
};
|
||||
}
|
68
nixos/modules/nixos/containers/arr/lidarr/secrets.sops.yaml
Normal file
68
nixos/modules/nixos/containers/arr/lidarr/secrets.sops.yaml
Normal file
|
@ -0,0 +1,68 @@
|
|||
services:
|
||||
lidarr:
|
||||
env: ENC[AES256_GCM,data:7YX4nyGmGWCLWfAq2C+wgFDhsldtB+HtCgTOFzloTUCNzF+FkCiqOfCoelrLlpDDWzTY2zLVHmPpsn65170SUfm93nAAxS2Wje5nK18USoKIDd+M4lOkq1vPkVcIMHJlW6U7K8Uf9HidCFsTg9k=,iv:1R1K+ZSRTiltIN6c5s0s1Bev7xdRWBvHTaOO4/zIzWE=,tag:4jOnhVk9of3wzzgvL/4F4w==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2NlFJVE1WaWtkRGtwa3VM
|
||||
TnVHTjVkekRlL05lcDlSM2EvaUNvbzliV1F3CjhQajQ4dERzSGl0Y3RsK21HOS9K
|
||||
TURVdlY0Z3Qxd3AzcHU5bVcyeisrbFUKLS0tIHRYeEhyNzNveUU3QVVvd2FHaUo0
|
||||
ZnQwbmZKc3J1aUF2Z3YwWDZzeXM2RncKOldAtGrvchEjB43g4yGFMObsU+PsV+Br
|
||||
kGqwFZfQYult/pIPuu0uitY4DGzqGFvVZSHbRlafVksg9yfllW/TZA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4d05KN0tOTTdITWlkSFNk
|
||||
WGM4WFJYb2RmN3RIU1NFRytzNWxSTFc4SmxjCmt3Nkh4Yy9MK1lkYmxwRWxIeEJR
|
||||
YitCbXAwdzhBWXVrUGJjcmRDam9Qc1UKLS0tIEZPUjRqZVV2UEpsWkZaYVFSZVd6
|
||||
YXNFK2t5RzlJc1JyUWlFeHNLdFpqU0UKr0HL7K9cdaHIDa2J/3fOxuY9ciHmyoaC
|
||||
O9fPgDV7MUG1cG7lFMQUXw17ke/3aqxBrQdixCIJDVFiD3Bp5CNUwQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRRmtvVS83Qk50Qnp3MGlH
|
||||
MDg0czVSRDc1MkdLV01EOG5JZWtwUGFXeVNJClNtWmZLSzVQTjcwVmhpaE1lcTcx
|
||||
VDFGT0RqZDQ5ZTh1QWhVWXpLQ3Q3VmcKLS0tIEJ1REI1a2lWTFpWZ0RZVHVRNXBI
|
||||
Q0VoNjMrZXNzbkl2cy9tUW1wajNaR2cKPDjjplQ9v9aFkHuDPhGri/VLBDrHdAeN
|
||||
040urbUo0MV8rf5wysRkDKFqoZeIJF9pTetkSTL3BawV/G9uo1ccBA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyWTdIMCtCRVFXSXcxZDRZ
|
||||
eTJiaVVMYVRoOHFoNEZ3OWlZZ2VXYlk5NGdFCkFKeFhpbGltUGNwR0FwWGpCWVpD
|
||||
aGI1TG9uK2cyYlQ4dGdYOHFQWkNkOTAKLS0tIFFvOE5lNmFkNnppZkRNSW5zTWtD
|
||||
enpoY1NscGhSTWxVTEU4M1lNS21ZWmMK/vkbqW5oQT/NImNFGx7d42Q/bHMTA3cy
|
||||
SzoDd762QD84ONgwh8OtXEHk3TlxrVrMKbqRa3OyYSV9AdPZ4QiHaQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLRVJRdkJwdE95eE1NbEJE
|
||||
eUZXWlppUXBDOGFGVjBoMzhYWnFkc0Z3OEFFCnU4MlhFMmV3YjI2R3dPY2QzWW9q
|
||||
elhGSE1FQlVVWUp1dHIrUFlkRlV3Z0kKLS0tIFRrR3VxVFdsbld4QXB6Qlc5UGZQ
|
||||
ZmpvRy8zNkExN2lWTEZvQllLcHo4cjgKXJt9NVNxEy0gaow2Uwm1NfLytLLsHyoF
|
||||
C+RAWMpEhxyJHQ3cyGaYmOe9AkArO3lV9xwiNLcAzQTjZaIjy3KO0Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1se7am4c5dh35aulf5zt38ymf600hz8gah4eudr9ml4fmr8h2eqxszuel73
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNSXFaZ0EvNjRzazhsZzhP
|
||||
ZGZqRFhoT1RVNHI0cG41OVhmYU1HWTI3ZnlRCndKREo1UmNhTTRPdGxIdkpaeVZy
|
||||
Ujk1M005NTRtaC9YQ2dteGNQZ1A5cGsKLS0tIEJhSWkvaWY3eGRyR1VlckYzL1BQ
|
||||
SjVNbnhXeGhxTHEyRU5Jd1BaNzc0TjQK+JalyEaNtqABGJbphWUdVKG3dNoU8/zv
|
||||
9uivNH47OBZmWPWhDMWFKU3EZ05LRJMPHax4W1PyWXsvV8keda1K1A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-04-10T07:18:45Z"
|
||||
mac: ENC[AES256_GCM,data:O6qkL2lH7dxsadSwJeYkRLr98jvmonuuHrQF52A9OP44fNdhA0SVagd4iLpIh4nlghIpWGnaLRzl+eL4u36Dh3rrlJoOKaWJmkSQDEVvRXpE36/+7ChvJj995s2qX/2MAMhG2ytrgAmGb0TuzsP8ySTJlFFubwk/lZoVaWAy+Fc=,iv:OFfOpQy+mCiO8RpHQStW34H7J9LJ3PFkZyrlCj5kOcA=,tag:7C0rafYEwMoakDR3sSWL6w==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
|
@ -50,16 +50,13 @@ in
|
|||
"${persistentFolder}:/config:rw"
|
||||
"/etc/localtime:/etc/localtime:ro"
|
||||
];
|
||||
labels = {
|
||||
"traefik.enable" = "true";
|
||||
"traefik.http.routers.${app}.entrypoints" = "websecure";
|
||||
"traefik.http.routers.${app}.middlewares" = "local-only@file";
|
||||
"traefik.http.services.${app}.loadbalancer.server.port" = "${toString port}";
|
||||
|
||||
labels = config.lib.mySystem.mkTraefikLabels {
|
||||
name = app;
|
||||
inherit port;
|
||||
};
|
||||
};
|
||||
|
||||
mySystem.services.homepage.media-services = [
|
||||
mySystem.services.homepage.media-services = mkIf cfg.addToHomepage [
|
||||
{
|
||||
Prowlarr = {
|
||||
icon = "${app}.png";
|
||||
|
@ -68,11 +65,21 @@ in
|
|||
container = "${app}";
|
||||
widget = {
|
||||
type = "${app}";
|
||||
url = "http://${app}:${toString port}";
|
||||
url = "https://${app}.${config.networking.domain}";
|
||||
key = "{{HOMEPAGE_VAR_PROWLARR__API_KEY}}";
|
||||
};
|
||||
};
|
||||
}
|
||||
];
|
||||
|
||||
mySystem.services.gatus.monitors = mkIf config.mySystem.services.gatus.enable [{
|
||||
|
||||
name = app;
|
||||
group = "arr";
|
||||
url = "https://${app}.${config.networking.domain}";
|
||||
interval = "30s";
|
||||
conditions = [ "[CONNECTED] == true" ];
|
||||
}];
|
||||
|
||||
};
|
||||
}
|
|
@ -0,0 +1,68 @@
|
|||
services:
|
||||
prowlarr:
|
||||
env: ENC[AES256_GCM,data:bB13WWB+H9OHK4FMOEuURU0oZLdCTpG67bY/E6ikN8MBixG5PPwZuUHVt3gfpcdiQC3/BVj8UhkEC3ATRlihZCsUAB9kWUMAPrxOeXQr0VJ+RQpl2q9IjdUa4nz42AZkG1ZevCoYojxFKvJGmGaVj9CI,iv:yUe+L4cOwI52462FMu2zKvjLShXFI5joaEHxcENcVPI=,tag:rVdZZ2E0Ikx8OhIFs+8rMw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaR2h5a2dnc005dGFPdkxD
|
||||
YlBQakZRUFYyUHNFUklzQ2dXTUp1ZXpaVkcwClVpZzJFTTNBeitYOWpJdUx0K3FL
|
||||
bnRkbnNDZzBqOTNCRnJnekU0N043MjgKLS0tIGZ1WTdkb1g5c3MzNXBnVGdPZGw2
|
||||
cklqZXFTS0JKb1hHNG8yQm9jQ0dyRkUKsJIGwRQUpQ2rWtLAEnm8C9+5yLfTY4He
|
||||
mDB2V6IitkKFEPzEpPi9vk+2zkf6dqWbwUa9VANs14uLu5Ue0WTsjQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFWFRlL0VQY0d1aDIreksr
|
||||
UjZwMzM3RkhyamlVVGtOWFdTRlhodlphZmo4Cm1WMlNRVDhSVTlqUG84TG5iK1cw
|
||||
M290eVZXVXlpbCs5aEhpRERRRWVzSVEKLS0tIFlBemlwWjZuczVFSVE0UWJOZFJh
|
||||
T2h5eEJXekxKVnBmQWJoL0h4aGJreHcKQSgjZWxd8lBhMrv4bqmoQICK/hf/hWOp
|
||||
a2Un0jXCvomlCCRiMXpc1Ii9Xy6y012bHrAlom3eiAU11wKOBYZ0Qg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0MWliQTFvM0MrUmN1NDFK
|
||||
VEM4TnhrSWM2cEU2dHE3UnQzeHZhN1BKT1E4CllBMEEwY1FxVWI5S1JndnVQUkFT
|
||||
VzBUYVozN1M2Z2o0b3hxaHd3aUV0ajAKLS0tIHBRQ3RTOGxzTlQ2emlqTXdoZy92
|
||||
VGQ1RklSUy9UclRYaVNmWTlHTXRHMDgKk6MlwJIlSsZRxYwNC39bkwUly3m+y+68
|
||||
XpLbncjI55Uyno1z2J+6NJotAFFKpzuQ/VpAiE+FwBM7CLrkh11KvQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEb3dyZ2RrZXZjUlYvZFI1
|
||||
Ui8vQmx2bFlYV2pUQmc1eUordnd6RVFyQXpJCk92SFk5QTA2Qk1WbTArSFpQaGNi
|
||||
N0gwUEI1b3NWZ3JURGVPQ3ZuZnU4NGsKLS0tIE1GUWJ2NUFzck0vNUI5T1VqMUly
|
||||
NkFQb21LVzloQnd0L0tYUEpRZTF3eE0K4xTWCCiceDKCla7kWfBvftNjTFY5aXZa
|
||||
azlnCmlg/geKrQvWRYe63i+20q+ZkhQfm6qGugkRuHpMSsXG8woTlg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2MkhmRytsWHJSalBucjlH
|
||||
NTFCc01UQW9HMjFJSkJnM1EzM2pza1gzaVRNCm5lTEhnU2E0VnlCR1pKT2xSWCtT
|
||||
Z3FXclRmQkxvOFliMVVIS2ZJY0dsOGMKLS0tIGE0eWVuVXRsYXg4Z0syNS9mWCt3
|
||||
ajJ5RzBDaTZXMnlkSFJFQXRqZ0FOUTgKGEaHiHOO45JfVheInmxiModzF5fzo2e7
|
||||
5XF9WUKPz9Jx53ugivb/S9turWA4eZaeA9rmLb3yQ0HcQoaLVsB7ng==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1se7am4c5dh35aulf5zt38ymf600hz8gah4eudr9ml4fmr8h2eqxszuel73
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvVVBFL1VYYnlyQVRoN2hx
|
||||
NnJ6SzFucHp6THJTYktJRC9Tb2J6bUpYVFVjCnhEYjcvZUNGTXhZci9wMWtHaERE
|
||||
NW9KNkc5ZE9TdFpKdUoyUGRVQ1JGSXMKLS0tIGdGS3lpUWVMRTlwTElHUE9uY0Nm
|
||||
dExpb1kvR1o0V2RFOE9GckkzWG93NmMK4JM8Vp0zTa9zVRiMzw5AY+3zaNqKnYAt
|
||||
bD9iTN/TQbjyowvdxRiziLE4hZ6plav7x8/o3MRT8uXMdnaykIT0PQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-04-10T07:18:45Z"
|
||||
mac: ENC[AES256_GCM,data:ygSwpOo/ZuqTVLKDgmQvAEY8KYkq1O/3grLL5i/0LGlSOM9n9j4oBjBodmGRrXtZ5ui0BL8PZlExfjK7QUni7m0wRXRhWoiuYadiiPVmfzSLQ4aDet4eCt5mTvjn2Xm68cOB3Vyu+dGzmU9O1H0y7EoUsItVPsrreOAlItGEKM0=,iv:10jClAw0BkJJbLg4zdPxZ3/7I20M0UQUcfL+SRtg/MI=,tag:Bhu5V35Hp6pGKfRCUgKSSQ==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
|
@ -38,6 +38,7 @@ in
|
|||
virtualisation.oci-containers.containers.${app} = {
|
||||
image = "${image}";
|
||||
user = "${user}:${group}";
|
||||
dependsOn = [ "prowlarr" ];
|
||||
environment = {
|
||||
PUSHOVER_DEBUG = "false";
|
||||
PUSHOVER_APP_URL = "${app}.${config.networking.domain}";
|
||||
|
@ -51,16 +52,13 @@ in
|
|||
"/mnt/nas/natflix/series:/media:rw"
|
||||
"/etc/localtime:/etc/localtime:ro"
|
||||
];
|
||||
labels = {
|
||||
"traefik.enable" = "true";
|
||||
"traefik.http.routers.${app}.entrypoints" = "websecure";
|
||||
"traefik.http.routers.${app}.middlewares" = "local-only@file";
|
||||
"traefik.http.services.${app}.loadbalancer.server.port" = "${toString port}";
|
||||
|
||||
labels = config.lib.mySystem.mkTraefikLabels {
|
||||
name = app;
|
||||
inherit port;
|
||||
};
|
||||
};
|
||||
|
||||
mySystem.services.homepage.media-services = [
|
||||
mySystem.services.homepage.media-services = mkIf cfg.addToHomepage [
|
||||
{
|
||||
Radarr = {
|
||||
icon = "${app}.png";
|
||||
|
@ -69,11 +67,21 @@ in
|
|||
container = "${app}";
|
||||
widget = {
|
||||
type = "${app}";
|
||||
url = "http://${app}:${toString port}";
|
||||
url = "https://${app}.${config.networking.domain}";
|
||||
key = "{{HOMEPAGE_VAR_RADARR__API_KEY}}";
|
||||
};
|
||||
};
|
||||
}
|
||||
];
|
||||
|
||||
mySystem.services.gatus.monitors = mkIf config.mySystem.services.gatus.enable [{
|
||||
|
||||
name = app;
|
||||
group = "arr";
|
||||
url = "https://${app}.${config.networking.domain}";
|
||||
interval = "30s";
|
||||
conditions = [ "[CONNECTED] == true" ];
|
||||
}];
|
||||
|
||||
};
|
||||
}
|
68
nixos/modules/nixos/containers/arr/radarr/secrets.sops.yaml
Normal file
68
nixos/modules/nixos/containers/arr/radarr/secrets.sops.yaml
Normal file
|
@ -0,0 +1,68 @@
|
|||
services:
|
||||
radarr:
|
||||
env: ENC[AES256_GCM,data:eCok5/+DTT4DvI+3Tmgel3h7rRMQzPyGKmGzjWr9Bk+7KhuCutqT8VKRT6cvk6N6GkAaF8fLeZ8ANxy2bK6RyPrB0jOb6J2SsYWrXHNdgtTLPVccIDRfJ+R7Xp01eHp6JGY5xmpF7HEjN9JHFQkwcsy+GpNBK+ALfBH6BFMbnK2AGlM6RwclN+BSvMZirfRnxSZ1XTUNPuLX/+ClWTqlfEHfab0lM1ZcA0VFSKNpk1ivshewRpv7ZgLGGHU4JXZXT1amJrYoSCPKkl2Aaf52,iv:N0L7Vmv7yOSprFAxpdpkrH8uFj0cHgVbpyCSJnqrugI=,tag:3xLCZY0EN505xfWKvDs+hg==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnV0tvc1FncHB0Mkt1QjNh
|
||||
VzlZdXBjb3VTSjRpWWpZclE1RE9xM2FsUlFVCkU2eEtNL1FrRTVLZ3lrSXdTOHp4
|
||||
RERqbWRyeURJTFVZT2lQVWk2eDhrZ0EKLS0tIDl2OWUxTHUwR0ZtbnY1d3dLRUtR
|
||||
QTF0WnJZbjVmSHMwdlQ2cjhuTzF3eTgKRWyMgPMCPCQaFyMoemfaVKR4Nz/9zqE1
|
||||
QYfyVdzo+EGp8aFsJUDW7i8tnNWuqSkU/arEX2HXZ4eURoVOV56M/A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNT1BxVU8xb3Qxbk9nY2hG
|
||||
a2dBbGwwZmtRYUdvenlWYklDL3RleWx6RnlJClFkcXhwbFROR3dZNWprUkh0SG9W
|
||||
eXNLOHhNTHdBcmJmNnMwRGk1M21adXcKLS0tIHBzaHQ3U255MlMxWDBZdzRqSUpN
|
||||
S2taWVhLWmRCcW81ejY3T2lVM1dSeGMKMEExqNLhSDxcFSUvAx4Uoet1Cr9pMbM5
|
||||
JFmIuiEOF7idfJ0/fceM9IxMS22LBTRC9Vlkkr9lYj/trO9KmF0l/Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYZG1VMGtyMnhwTzZkMlp6
|
||||
Z3Z4K1JIYjcyaTBVSjJjRnNXQWc4ZFNxRUJzCkVIdVFvaldOR1FtTkFZbjFuVG5B
|
||||
VUY2Zm9mTDRFeWxudGtOWlp5c1hvdGMKLS0tIEFYLzlJcDN5a1ZJMm9mUW9YR1BR
|
||||
dm4rV0t6SkVwVk5udVI5c3ZYNHRoUkUKIR9FbffWcyslWbURZ+PkWSqW1QDaS3m0
|
||||
HW4aSEPPbA+SIDIlZY/6CdY3MS5p/STkqfLPIpAuswEaMGdAcHI9Cw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpbzNjdFgydlhFcjRQZGh4
|
||||
eExFSG1uZkl2aDl1SWk5SExlWjlid2V3V3dRCkErY2tYanprRXoreHB3OFpRNFRO
|
||||
MzB1NEtnVTZMd2V0WVpPMnJ2V1ZlbkEKLS0tIDAxQ0FkeFdXb1FPUm9uWjVscFZ3
|
||||
WTlObk85TGJkMlNZQ0RKc0FkTyszSGMKk29wTRW8QtioBdX6vaiM5NycbVJCmf1V
|
||||
3w9D4uJyIocBvXbhHOoL7JJp7rRKCx+rcs6nxYrtgI/f5pWR4mG5Ng==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGTmpjK3VzOHlKbnAveHNR
|
||||
TWdIR1FjZW44NHdiMk1qRkwrWHZsMDR0ZkhFCmdyNUNOZ2I4elJSVzF2S0poaTJm
|
||||
M2gzTHNMejZTNzVoUHJOdEJkNkkrTEkKLS0tIDdUWlhMcmVOUnAyaXZKN25sMGpX
|
||||
RExtMlBhNEpnYnZSY0NUS2ZLZWpLSUUKXDbDA8JdpfHMJuB1dr68mzETGJn6SfrZ
|
||||
V0c127YS2LvNl1jwDl4nMPpUy2MH0gYYi3JTJSOWFbqzWVDx2lsrHw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1se7am4c5dh35aulf5zt38ymf600hz8gah4eudr9ml4fmr8h2eqxszuel73
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwNGFzc2pJS09ldkFRTjQ0
|
||||
WHB4TUdUTElMZ09BanRRS3gvdldIRUozWDFzCktyUUVsTndPTFduNGlubVBaZjk0
|
||||
REhBckdmNTIwcGh4UURLdnJVL0tnOFkKLS0tIHNtdW1UcTVadGtwbUt6Z0lMZHZs
|
||||
NThTZi91NWRubGl6YWNMOHFiYktia2cKE8eNGhd9c5/nnCMoRD5fkYstVzvSg4Un
|
||||
AgyBwvsh8H75HOQaxB2fLqOnzFmmEapRCflaymq9R5qBk8kpQ5iChA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-04-10T07:18:45Z"
|
||||
mac: ENC[AES256_GCM,data:4g+4hRWHD5L/SjxKu8VhCU2oznUP/GZ5iNsKrC7GWHg4iLXY2MRSwbkcR1SoQrCWqFACNQCFQzdAqUFbhHMx85AL9V+YEVYMxBmDt2arOF1yNVbxYnDfbBbWRjYva2Yt9er2P1Topfku5XhIfPXyPi7nuZuGamRWiGNt98bpsTY=,iv:LbWJzgT8QRE7AaxSNdPCT0jvjZiBUh7xlKsBQQfnVwA=,tag:w/nNS+6eYYt1tMixoX97IA==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
|
@ -38,7 +38,9 @@ in
|
|||
virtualisation.oci-containers.containers.${app} = {
|
||||
image = "${image}";
|
||||
user = "${user}:${group}";
|
||||
dependsOn = [ "prowlarr" ];
|
||||
environment = {
|
||||
TZ = "${config.time.timeZone}";
|
||||
READARR__INSTANCE_NAME = "Lidarr";
|
||||
READARR__APPLICATION_URL = "https://${app}.${config.networking.domain}";
|
||||
READARR__LOG_LEVEL = "info";
|
||||
|
@ -49,16 +51,13 @@ in
|
|||
"/mnt/nas/natflix:/media:rw"
|
||||
"/etc/localtime:/etc/localtime:ro"
|
||||
];
|
||||
labels = {
|
||||
"traefik.enable" = "true";
|
||||
"traefik.http.routers.${app}.entrypoints" = "websecure";
|
||||
"traefik.http.routers.${app}.middlewares" = "local-only@file";
|
||||
"traefik.http.services.${app}.loadbalancer.server.port" = "${toString port}";
|
||||
|
||||
labels = config.lib.mySystem.mkTraefikLabels {
|
||||
name = app;
|
||||
inherit port;
|
||||
};
|
||||
};
|
||||
|
||||
mySystem.services.homepage.media-services = [
|
||||
mySystem.services.homepage.media-services = mkIf cfg.addToHomepage [
|
||||
{
|
||||
Readar = {
|
||||
icon = "${app}.png";
|
||||
|
@ -67,11 +66,21 @@ in
|
|||
container = "${app}";
|
||||
widget = {
|
||||
type = "${app}";
|
||||
url = "http://${app}:${toString port}";
|
||||
url = "https://${app}.${config.networking.domain}";
|
||||
key = "{{HOMEPAGE_VAR_READARR__API_KEY}}";
|
||||
};
|
||||
};
|
||||
}
|
||||
];
|
||||
|
||||
mySystem.services.gatus.monitors = mkIf config.mySystem.services.gatus.enable [{
|
||||
|
||||
name = app;
|
||||
group = "arr";
|
||||
url = "https://${app}.${config.networking.domain}";
|
||||
interval = "30s";
|
||||
conditions = [ "[CONNECTED] == true" ];
|
||||
}];
|
||||
|
||||
};
|
||||
}
|
68
nixos/modules/nixos/containers/arr/readarr/secrets.sops.yaml
Normal file
68
nixos/modules/nixos/containers/arr/readarr/secrets.sops.yaml
Normal file
|
@ -0,0 +1,68 @@
|
|||
services:
|
||||
readarr:
|
||||
env: ENC[AES256_GCM,data:vPKL/0rOBlly7EW1Pbt8dJ7fQHBP+AHXElIZbfZBB3Wl1GibhJs69rAnRH7xGwPLZgjFtT742sUnIOw+ZdGDU7Aws/LyU9AeNcmGVjFHNz3tPi3ikoHV1Glofku/Q7pje69dqoKuDvN/y2U8D8vYIg==,iv:A+/Q9/8ZCaYEUY0V624eOe6nM/9LGVidaK+56KGG+3s=,tag:y0fcBeEoHMgFz85PQkqt+Q==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTbmJOZ3RHVGZyMVdQcXJ5
|
||||
aDdEeUFNTGVlTmxzQTdKNUFzVCt5c1FndEU4Ck9ja28vOXJoWWhlYXI0RXlpS0o1
|
||||
ZUszUi9vc1NiVHFDNXJ3TGdzNUhwOG8KLS0tIEJQRURjZHBqNkVKYkp3YUxuOFdB
|
||||
YnIycXFuV2JiQ1lSZDRIekhFTUpWdDgKYJuej3+o8YOysAm8zaOsxbok9x53vAMi
|
||||
9tAPF1FPC/JJvYJnncpynxEWVLQ9VEQ+T72HDWy6Xf1PD18mhA7ZSw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0cllLVVYraHRueklwR1h3
|
||||
bDE5TnI4eFBCMjNIcU01MGZlWlJ0K0JGMjNNCnluOGpjaTFhdFk4TUoveS94UlVH
|
||||
K0daVThXcDV6SDRma2pyRHdtUWRhV1kKLS0tIE44T3owMU9pOEkrdlFhM1hwM3Zn
|
||||
VUlELytqTnVNcER1K1BkbStpa0d5UjQK7nF3pq7ajVA2y/2VE+k96INyrWU44uQM
|
||||
SxIEsqjYkuyjaQdYBtxZSqiwpQBKdLj47X8U42m9M9NOjG3Uc0J1og==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAreDF3bms5aXN5blpkZEs4
|
||||
eTNET0ZaRFp5K0FuVWowWTMvWjMvNldBV0E4ClcyOWpKa0RpZXB5dXpsa3o1UkR6
|
||||
V1gxaHhiSERkT0lIQ3l5c1lNMVVpUDgKLS0tIHRCd3pFdnp3WTBJdzBlQ04zWDBN
|
||||
bGhvc213TmV6aDZYbzZhQUNtT3dYVlkKlkUuDfB/81dShrlL1KzfOsE6fNb/7vFE
|
||||
3grwJMKQKZhvN+nK/BVAAUCamdMa07Q+DX0+VXdSc+QspHNpLrRCdg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBheVV6Wkc3NHZiTFAycnU2
|
||||
TDkrTVhGd0gxTmN6aENFdEhnb2JQZ3c0SHljCmZnQTBqVXhGT0FyRUN4VERQZW9T
|
||||
d1QydTMzVG5MdFhYMmV4L1dJRTBtYzQKLS0tIEVMZ1VRbjFjSThoTXB3TW9KcGRM
|
||||
V2JQdGxIUHRkbHdVSXhZMktTWTczazAKtU+XFzoNTfhRC+He+UqM5w/o9VoqJF2r
|
||||
4LIpVuITrD8cCFjRQYBvg/04zdSXoN9plpHcW7EpzoQE1enKNFN02A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmN254K3k3SksxOENzYURJ
|
||||
SnFVeXdtd2RscGkwMmV6Yk5LSTN6YUhhOUVjCndYajFrZGpwQldiek9XVURMZ3hR
|
||||
Uk9DM1NJQVpqMmxkSnZ5QTJhOUZFWkEKLS0tIHc0V280TDZDby9NbDRRS3pkWDVP
|
||||
QWhJQW5WaTZ2TGtvaGt0OW9nM2tBREkK1GHdyV5JKNWWOXJR0HszGRnGYes+xIlG
|
||||
JMKIZswINap3RUNThr+xOfjajdsj5gBt6N0yozArLNGupxo6qp3zPw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1se7am4c5dh35aulf5zt38ymf600hz8gah4eudr9ml4fmr8h2eqxszuel73
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5OWVWL3Y1SDYwTTNwcnha
|
||||
SEM3RmlCa01RTkpOczIramIwSE9NdGEyZkJRCjM2dTBIUGNENlhDVHNCN0VxbEZk
|
||||
WUxtOFdjSk1jb2ttanFST05LVER0UVEKLS0tIG9oTk1aRXBHK2RmNXlHZkt1ZUNm
|
||||
bW53aTdhL21hbEZPSkx0d0dZR3BBK3cKkPeXkGtmEqi7MKplyKoIY3yOEFiLAWe0
|
||||
qZHN/IO0dgWmmSKpWQTtrAve9GJx/Apz/9VTouWaVpq3a/pDU1de/A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-04-10T07:18:45Z"
|
||||
mac: ENC[AES256_GCM,data:eexZeVU3wnYJryPVkIyokKqkvHASFCMBKT9MyTMqf7JAW/gDB+7irGs4WEv8UgJUCHKDNUh5KRngMk/W8ugFccuGhsiDnNUm4/KAMPjL+GtR0EdIjSDNUhwFJYqvN0KiZ47P2zzb3Lfpe3cix7A/HhzF3Vk+NAljnyE9uCk0sEA=,iv:G4dXYsVjpCqr/AxlQmcxArFdx7gPQTRNt8iK5IAYGi8=,tag:aQ1dNARwJd/PBc1aWoK9eA==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
|
@ -39,7 +39,9 @@ in
|
|||
virtualisation.oci-containers.containers.${app} = {
|
||||
image = "${image}";
|
||||
user = "${user}:${group}";
|
||||
dependsOn = [ "prowlarr" ];
|
||||
environment = {
|
||||
TZ = "${config.time.timeZone}";
|
||||
PUSHOVER_DEBUG = "false";
|
||||
PUSHOVER_APP_URL = "${app}.${config.networking.domain}";
|
||||
SONARR__INSTANCE_NAME = "Radarr";
|
||||
|
@ -52,16 +54,13 @@ in
|
|||
"/mnt/nas/natflix:/media:rw"
|
||||
"/etc/localtime:/etc/localtime:ro"
|
||||
];
|
||||
labels = {
|
||||
"traefik.enable" = "true";
|
||||
"traefik.http.routers.${app}.entrypoints" = "websecure";
|
||||
"traefik.http.routers.${app}.middlewares" = "local-only@file";
|
||||
"traefik.http.services.${app}.loadbalancer.server.port" = "${toString port}";
|
||||
|
||||
labels = config.lib.mySystem.mkTraefikLabels {
|
||||
name = app;
|
||||
inherit port;
|
||||
};
|
||||
};
|
||||
|
||||
mySystem.services.homepage.media-services = [
|
||||
mySystem.services.homepage.media-services = mkIf cfg.addToHomepage [
|
||||
{
|
||||
Sonarr = {
|
||||
icon = "${app}.png";
|
||||
|
@ -70,11 +69,21 @@ in
|
|||
container = "${app}";
|
||||
widget = {
|
||||
type = "${app}";
|
||||
url = "http://${app}:${toString port}";
|
||||
url = "https://${app}.${config.networking.domain}";
|
||||
key = "{{HOMEPAGE_VAR_SONARR__API_KEY}}";
|
||||
};
|
||||
};
|
||||
}
|
||||
];
|
||||
|
||||
mySystem.services.gatus.monitors = mkIf config.mySystem.services.gatus.enable [{
|
||||
|
||||
name = app;
|
||||
group = "arr";
|
||||
url = "https://${app}.${config.networking.domain}";
|
||||
interval = "30s";
|
||||
conditions = [ "[CONNECTED] == true" ];
|
||||
}];
|
||||
|
||||
};
|
||||
}
|
68
nixos/modules/nixos/containers/arr/sonarr/secrets.sops.yaml
Normal file
68
nixos/modules/nixos/containers/arr/sonarr/secrets.sops.yaml
Normal file
|
@ -0,0 +1,68 @@
|
|||
services:
|
||||
sonarr:
|
||||
env: ENC[AES256_GCM,data:y0OW/T+/6DpkFlwXszG6IyeWs2xIKEwX3KQhw4U6TLQuAlBMwIAD7HeRdT6GE1f1N5MIt46lho+d6vyAXTMs78Oi+R8/HVRQ+Ch4soUM1nNyRtK0FhCzxIlczR+owumJSFst3WfrjHYWolk7z5men8/mQpocJMo7t/n0QozHlNiPkEM2KlKU6viXs4u1UbQwqhmA9I6x2b3vHBrSml7CM0ch4/2IMc5VPagBeaGd1nRHvr+TiHRFv1tbkhbY8O43DcbmVqUHLNBhpyJ7A6Pz,iv:TUAgMJu8HDP+fuRKIQXv3Yi4ImZBv+WaA081e8w7cQw=,tag:rCCR0xBMcHKMiDkGEhsvkw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoMXVtN2FvVHhia1l1TzRF
|
||||
ZmJucjk1dU9GNGE3UEZLUVZVRnNyWVp1azNVCjRyRGRvSTZpbnB0aDhxaTNLcmll
|
||||
NE9tbVp1b0FxQ0VoSmgrWkRFN3hTS2sKLS0tIEc5VVE5L3d5VTEzQ2hZbFU5MElx
|
||||
NkNJSEdJYjYycDhudUFLWHNVcGZTcUUKm4WNGOnXRIFfYKrsBZAd05p1Y/PgaA+O
|
||||
OMmcQtKKkgv++IW5IN9W637kfIAXRn9+8uREGVfhx08ScZPT0ciyfg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRWUcyUU1ZbGVQMTNZWVNo
|
||||
SGZ0WVVYamYwQzR0UXl1QWpvZ1d4OEh5aEZjCmplQ1laSkdkbzlkc3IzRStQLy8z
|
||||
U2Nmc3dyN3pQaGEzNnBHSDc5Q2FOZ2sKLS0tIFdPc05oTExQeDhMd3RUdzZmTlll
|
||||
OXVFdmFicnlsQjFhM3NyOXVMc2NGelEK5dc1ofhg/asnKpwGlwqxkXf/V0jUPqnA
|
||||
PRZejTMGsct73NtKXvejGJ2vD1lctd3T3vfe3NM+ebKPgDUSOSk6Iw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiWjZrdWhOVkRGdERNTTBo
|
||||
QlA3bWFtalk2eDlsTTJyWHVrbUlCT2Yvd2xFCmJUUDJUQmxnQi80cHcxMEhtOGJX
|
||||
VDNUZFZoNTI1WHZyNWFWYjdDYTRidmMKLS0tIDNuSm9hTzVDTmsxVmZ0NlhJNmty
|
||||
N0R3OHU2OVdaa2FiWEl0b2E4R0pvQzgKuCmGQA0fJXGzcaASpKDptxhZhjD3Px2X
|
||||
TUkYkzQXUoaDCIkh1le1ntPGwRM36lQQqWtCi7ObvOmNamj8cgGdoA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaTXZpTGJWODJKcytuTmNh
|
||||
cDEvOUlvaXBUUUxiWHVTSS9pOXZNcUdEOGl3ClFhMnljcmdPQkh6dWg1eTZUOUM4
|
||||
OFBwOEI5aXhnWFhGT3VPYmRZa3EwV1EKLS0tIG5NN0FZa0VVOTRyNkxQdC9lajdM
|
||||
WmJJc05yM0ZJNGtwRFJySFQ4YXdHTXMKqAJM38MRRxEipfVv9k6B6Bzb8i16if05
|
||||
AYdkjb6K6kUnZqzSrqvafmsvP+9Ke2uhr7yCLll1tHhjtMP7TYMW4A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtSmJvM1FlbXBTOHNsemZF
|
||||
NU9YVnNWT1RrZlc5Y2FIWVBhdXVnRjFyKzNnCjFnSWp6MUdtQjcwYmx2bjJML1ls
|
||||
aWRnN0piMmZKTE91QnZuK1dFSTZHeVkKLS0tIFAzckd3aDVHQTk3eDUxVFdTRURH
|
||||
K0ltdWd6ZDZUOURyNlZsTW9RdVFMY1UKi4OzpjsDeckTIVLwHr1MlYKSqTO7ExXg
|
||||
FIupYmfFvwnQVex5Y/rgtTCiM6qFaV7gzVhG9paGMD5h1g5moG9eBA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1se7am4c5dh35aulf5zt38ymf600hz8gah4eudr9ml4fmr8h2eqxszuel73
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrNGRjc2xqT243TFFzT3Bk
|
||||
elJmNnlmdUdFS0JjMUdXVW5XUC91YWlSOEEwCm51blRhb2dyM0FzdGZZdUpVcWgv
|
||||
MXN0bFYvOXkvNnVMaW5zNmVaS2R2V2sKLS0tIDQwVys3ZUpHNWdydG1NRUt3Y0Yv
|
||||
Qk94L3lpMjFMWUJUTjVXbnNuSWVMaHMKiewu7zoAMlL55BoU9lZYryVG32e6bg0K
|
||||
toNX6iv4tGZ7EIjgB2L6TKlLisQW+Ta4P7VA+TAd2Z/nfYmDS77jNA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-04-10T07:18:45Z"
|
||||
mac: ENC[AES256_GCM,data:zGC93zgG64/scDXYlUWY6arUW9f+jIZiA/wC3RBbFokT5430ubXhRVcBErwvqnghuC60sC0ZeNqoJNi4jQwE7BAbnnU8DTUsAoH4qhmNLfUeJtL8oF0NRl3i+hpauabg6E/qNbtuNG0/lUsnWXswz+7VbJP2ggTVpj+h+0vRN20=,iv:2JCto2Sy1i5gmHpAR3VgRbf0I4WSJVQLYxN4Vf/8Uz4=,tag:ZzYRKWy2HnMLyVn8CRJBqg==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
42
nixos/modules/nixos/containers/cross-seed/default.nix
Normal file
42
nixos/modules/nixos/containers/cross-seed/default.nix
Normal file
|
@ -0,0 +1,42 @@
|
|||
{ lib
|
||||
, config
|
||||
, pkgs
|
||||
, ...
|
||||
}:
|
||||
with lib;
|
||||
let
|
||||
app = "cross-seed";
|
||||
image = "ghcr.io/onedr0p/sabnzbd:4.2.3@sha256:bb20d3940ff32c672111ad7169ce4156f1c4c08bb653241f1b14f6d00f93b3cc";
|
||||
user = "568"; #string
|
||||
group = "568"; #string
|
||||
port = 8080; #int
|
||||
cfg = config.mySystem.services.${app};
|
||||
persistentFolder = "${config.mySystem.persistentFolder}/${app}";
|
||||
configFile = builtins.toFile "config.js" (builtins.toJSON configVar);
|
||||
|
||||
in
|
||||
{
|
||||
options.mySystem.services.${app} =
|
||||
{
|
||||
enable = mkEnableOption "${app}";
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
# ensure folder exist and has correct owner/group
|
||||
systemd.tmpfiles.rules = [
|
||||
"d ${persistentFolder} 0755 ${user} ${group} -" #The - disables automatic cleanup, so the file wont be removed after a period
|
||||
];
|
||||
|
||||
virtualisation.oci-containers.containers.${app} = {
|
||||
image = "${image}";
|
||||
user = "${user}:${group}";
|
||||
cmd = [ "daemon" ];
|
||||
volumes = [
|
||||
"${persistentFolder}:/config:rw"
|
||||
"${configFile}:/config/config.yaml:ro"
|
||||
"/etc/localtime:/etc/localtime:ro"
|
||||
];
|
||||
};
|
||||
|
||||
};
|
||||
}
|
9
nixos/modules/nixos/containers/default.nix
Normal file
9
nixos/modules/nixos/containers/default.nix
Normal file
|
@ -0,0 +1,9 @@
|
|||
{
|
||||
imports = [
|
||||
./arr
|
||||
./homepage
|
||||
./gatus
|
||||
./sabnzbd
|
||||
./qbittorrent
|
||||
];
|
||||
}
|
230
nixos/modules/nixos/containers/gatus/default.nix
Normal file
230
nixos/modules/nixos/containers/gatus/default.nix
Normal file
|
@ -0,0 +1,230 @@
|
|||
{ lib
|
||||
, config
|
||||
, pkgs
|
||||
, ...
|
||||
}:
|
||||
with lib;
|
||||
let
|
||||
app = "gatus";
|
||||
image = "ghcr.io/twin/gatus:v5.8.0@sha256:fecb4c38722df59f5e00ab4fcf2393d9b8dad9161db208d8d79386dc86da8a55";
|
||||
user = "568"; #string
|
||||
group = "568"; #string
|
||||
port = 8080; #int
|
||||
cfg = config.mySystem.services.${app};
|
||||
persistentFolder = "${config.mySystem.persistentFolder}/${app}";
|
||||
containerPersistentFolder = "/config";
|
||||
extraEndpoints = [
|
||||
{
|
||||
name = "firewall";
|
||||
group = "servers";
|
||||
url = "icmp://unifi.l.trux.dev";
|
||||
interval = "30s";
|
||||
alerts = [{ type = "pushover"; }];
|
||||
conditions = [ "[CONNECTED] == true" ];
|
||||
}
|
||||
{
|
||||
name = "pikvm";
|
||||
group = "servers";
|
||||
url = "icmp://pikvm.l.trux.dev";
|
||||
interval = "30s";
|
||||
alerts = [{ type = "pushover"; }];
|
||||
conditions = [ "[CONNECTED] == true" ];
|
||||
}
|
||||
{
|
||||
name = "octoprint";
|
||||
group = "servers";
|
||||
url = "icmp://prusa.l.trux.dev";
|
||||
interval = "30s";
|
||||
alerts = [{ type = "pushover"; }];
|
||||
conditions = [ "[CONNECTED] == true" ];
|
||||
}
|
||||
{
|
||||
name = "icarus";
|
||||
group = "k8s";
|
||||
url = "icmp://icarus.l.trux.dev";
|
||||
interval = "30s";
|
||||
alerts = [{ type = "pushover"; }];
|
||||
conditions = [ "[CONNECTED] == true" ];
|
||||
}
|
||||
{
|
||||
name = "xerxes";
|
||||
group = "k8s";
|
||||
url = "icmp://xerxes.l.trux.dev";
|
||||
interval = "30s";
|
||||
alerts = [{ type = "pushover"; }];
|
||||
conditions = [ "[CONNECTED] == true" ];
|
||||
}
|
||||
{
|
||||
name = "shodan";
|
||||
group = "k8s";
|
||||
url = "icmp://shodan.l.trux.dev";
|
||||
interval = "30s";
|
||||
alerts = [{ type = "pushover"; }];
|
||||
conditions = [ "[CONNECTED] == true" ];
|
||||
}
|
||||
|
||||
{
|
||||
name = "helios";
|
||||
group = "servers";
|
||||
url = "icmp://helios.l.trux.dev";
|
||||
interval = "30s";
|
||||
alerts = [{ type = "pushover"; }];
|
||||
conditions = [ "[CONNECTED] == true" ];
|
||||
}
|
||||
{
|
||||
name = "dns01 external dns";
|
||||
group = "dns";
|
||||
url = "dns01.l.trux.dev";
|
||||
dns = {
|
||||
query-name = "cloudflare.com";
|
||||
query-type = "A";
|
||||
};
|
||||
interval = "30s";
|
||||
alerts = [{ type = "pushover"; }];
|
||||
conditions = [ "[DNS_RCODE] == NOERROR" ];
|
||||
}
|
||||
{
|
||||
name = "dns02 external dns";
|
||||
group = "dns";
|
||||
url = "dns02.l.trux.dev";
|
||||
dns = {
|
||||
query-name = "cloudflare.com";
|
||||
query-type = "A";
|
||||
};
|
||||
interval = "30s";
|
||||
alerts = [{ type = "pushover"; }];
|
||||
conditions = [ "[DNS_RCODE] == NOERROR" ];
|
||||
}
|
||||
{
|
||||
name = "dns01 internal dns";
|
||||
group = "dns";
|
||||
url = "dns01.l.trux.dev";
|
||||
dns = {
|
||||
query-name = "unifi.l.trux.dev";
|
||||
query-type = "A";
|
||||
};
|
||||
interval = "30s";
|
||||
alerts = [{ type = "pushover"; }];
|
||||
conditions = [ "[DNS_RCODE] == NOERROR" ];
|
||||
}
|
||||
{
|
||||
name = "dns02 internal dns";
|
||||
group = "dns";
|
||||
url = "dns02.l.trux.dev";
|
||||
dns = {
|
||||
query-name = "unifi.l.trux.dev";
|
||||
query-type = "A";
|
||||
};
|
||||
interval = "30s";
|
||||
alerts = [{ type = "pushover"; }];
|
||||
conditions = [ "[DNS_RCODE] == NOERROR" ];
|
||||
}
|
||||
{
|
||||
name = "dns01 split DNS";
|
||||
group = "dns";
|
||||
url = "dns01.l.trux.dev";
|
||||
dns = {
|
||||
query-name = "${app}.trux.dev";
|
||||
query-type = "A";
|
||||
};
|
||||
interval = "30s";
|
||||
alerts = [{ type = "pushover"; }];
|
||||
conditions = [ "[DNS_RCODE] == NOERROR" ];
|
||||
}
|
||||
{
|
||||
name = "dns02 split DNS";
|
||||
group = "dns";
|
||||
url = "dns02.l.trux.dev";
|
||||
dns = {
|
||||
query-name = "${app}.trux.dev";
|
||||
query-type = "A";
|
||||
};
|
||||
interval = "30s";
|
||||
alerts = [{ type = "pushover"; }];
|
||||
conditions = [ "[DNS_RCODE] == NOERROR" ];
|
||||
}
|
||||
|
||||
|
||||
] ++ config.mySystem.services.gatus.monitors;
|
||||
|
||||
configAlerting = {
|
||||
pushover = {
|
||||
title = "${app} Internal";
|
||||
application-token = "$PUSHOVER_APP_TOKEN";
|
||||
user-key = "$PUSHOVER_USER_KEY";
|
||||
default-alert = {
|
||||
failure-threshold = 5;
|
||||
success-threshold = 2;
|
||||
send-on-resolved = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
configVar =
|
||||
{
|
||||
metrics = true;
|
||||
endpoints = extraEndpoints;
|
||||
alerting = configAlerting;
|
||||
ui = {
|
||||
title = "Home Status | Gatus";
|
||||
header = "Home Status";
|
||||
};
|
||||
};
|
||||
|
||||
configFile = builtins.toFile "config.yaml" (builtins.toJSON configVar);
|
||||
|
||||
in
|
||||
{
|
||||
options.mySystem.services.${app} =
|
||||
{
|
||||
enable = mkEnableOption "${app}";
|
||||
addToHomepage = mkEnableOption "Add ${app} to homepage" // { default = true; };
|
||||
monitors = lib.mkOption {
|
||||
type = lib.types.listOf lib.types.attrs;
|
||||
description = "Services to add for montoring";
|
||||
default = [ ];
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
sops.secrets."services/${app}/env" = {
|
||||
sopsFile = ./secrets.sops.yaml;
|
||||
owner = config.users.users.kah.name;
|
||||
inherit (config.users.users.kah) group;
|
||||
restartUnits = [ "podman-${app}.service" ];
|
||||
};
|
||||
|
||||
|
||||
virtualisation.oci-containers.containers.${app} = {
|
||||
image = "${image}";
|
||||
user = "${user}:${group}";
|
||||
environmentFiles = [ config.sops.secrets."services/${app}/env".path ];
|
||||
volumes = [
|
||||
"/etc/localtime:/etc/localtime:ro"
|
||||
"${configFile}:/config/config.yaml:ro"
|
||||
];
|
||||
|
||||
labels = config.lib.mySystem.mkTraefikLabels {
|
||||
name = app;
|
||||
inherit port;
|
||||
};
|
||||
|
||||
extraOptions = [ "--cap-add=NET_RAW" ]; # Required for ping/etc to do monitoring
|
||||
};
|
||||
|
||||
mySystem.services.homepage.infrastructure-services = mkIf cfg.addToHomepage [
|
||||
{
|
||||
"Gatus Internal" = {
|
||||
icon = "${app}.png";
|
||||
href = "https://${app}.${config.networking.domain}";
|
||||
description = "Internal Infrastructure Monitoring";
|
||||
container = "${app}";
|
||||
widget = {
|
||||
type = "${app}";
|
||||
url = "https://${app}.${config.networking.domain}";
|
||||
};
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
}
|
68
nixos/modules/nixos/containers/gatus/secrets.sops.yaml
Normal file
68
nixos/modules/nixos/containers/gatus/secrets.sops.yaml
Normal file
|
@ -0,0 +1,68 @@
|
|||
services:
|
||||
gatus:
|
||||
env: ENC[AES256_GCM,data:Wx6rATQ7Q7XUh47ZyV19wXH6Rv1YY43Rd5ijFmFCK2cjQ0p6uVPJ/JQqtSd99daAmT0844ug6PTUGMiVajm+fFZSV9gi294/5s25OOVRZiL+QND0rHF0xPWEUnIsBNmvk1LV,iv:PLds5favGpAwJVmlQEYJaunkTGPQH+OtehP+fK2Gagg=,tag:VIf02wjvPG9MYPN+y9vyRA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDTWxxVitWUTMyTTB5LzBH
|
||||
MktCV044YUMyZzRUc0dIQk9YVEJoUFhQZjBnCndXUG5vQW5aNlkyWWl4WHZ6RDcr
|
||||
OU5RTFN6RHFkdlU4aUlDL3NSRVBxKzgKLS0tIFdtY2JZNlVKWHlGV1RESFhGK0V1
|
||||
VGFCU0hmRFBPR3pGSGxyOU9mcFZyMzgKCc2Ti52M0ZMibetv1pg6hiMSXfb6JdAg
|
||||
ZYEmOfoa0yvrt8Hn1gmYDpBH4UPQRh8x9uIW1uR7kfOoWsjQPzwkrA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJd29DMEMxbXNJcGczTEd3
|
||||
RGMvSEVuUEFzWklQTTBWck40RkV3OTF6d3lzCkNyNEFsV3Vua1JJeU56Mmhma2JI
|
||||
K1pCcGZuS3BQWERtK28rYStHU29pNzgKLS0tIFFsMnlFblRhc2k4dlhFTnBIZjhY
|
||||
WlRNbERzU1pxelZxVFlDbFdtNm53ekUKrK7AClzYOwTaBowqf0J6wg987MWSNydh
|
||||
yOF4SbGj0LScSVz0ZM3wwaP1QFtI+ziojVuMd0sIuRZixUHkD3n25g==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPbkdNMUlpY2IzZ1BrTVdi
|
||||
cEFRTkFCMkpJeGhqRXEzY3ZaRHcxZVVDYWlrCnFBR2xrZDkyL2padmI3TkdYQ05R
|
||||
SE1GQVR3OHdoRDUvams4Nk1vbEVVVEEKLS0tIFdCM0RDanBBbUdEN1lrSVN6TFVJ
|
||||
ZGkydk1VVkZxZmlmVHg2KzdvNUtuYnMKRI7q8nyzq+Kqjx+9qJxXJ1YBSsOSFJXJ
|
||||
ZzKYDf/OvQuqdOmsKOzjEOPANCgjbZ3w2no2A/lVyhiaYg1yQM6Vdw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiUUduTFhmNkhtZnU4R2ZK
|
||||
YlJwUDg0c1REL2NoYTZPS0Vyc0lMNkNkc3pzClZNektlYkp2TkdtTUFGZUlwbkly
|
||||
bmZ2Y1Z4MjBmZzZEVFAweUJHUU9KSWsKLS0tIE5NMkRIY3h4TGNpNnpkNHBDRTgx
|
||||
TFJSU1VXVzBxWDh0RUYxc0NFamZEV3MK7sIQcpSrYSDjuliI/taIKzi9qryHt1dR
|
||||
E7W433ZZykhKyRn5IYAOrOCabc5E5Ny7wyd7TjlJs/IqSB+16TII9Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVQlZXSnZoNFlkcDE0Q1Qr
|
||||
TUFoYU1KRmp6aXY1c3FGeWx4RUQ0azJlYXdjCjFzQTF4S1VHUUNTaWloT1dHcnk3
|
||||
Qzg1dGVxa0V1L2tsUllDZzhnbjhBVzgKLS0tIEZYWkJpV1V3ZWUyLzAyZnhKVHU1
|
||||
M0xraFdna05SeHVuQXlsT2VmSW56QVkKAZsbdSvrzJDnxAY2PlM7re05GJvrElD/
|
||||
74dbBdReIuLQZnanU5KRh5sp41HoxtK8vRBteZE+zy3vva5CIylKEg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1se7am4c5dh35aulf5zt38ymf600hz8gah4eudr9ml4fmr8h2eqxszuel73
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHSGY0UFA4SDlDYWMyN2xa
|
||||
ZFFyemFMRjh3ZVBlUGpyYjNmWW03SlRrU1gwCll5elRzMjZKRjBmUkRNVDVVSGNx
|
||||
K2lWUnlTL1E3RlJyMEdJQUZPaFJzTkUKLS0tIGhLWEF4Z1ZTNkZjeHl1WWloa3Rp
|
||||
dE42TnhlK2szanphamFsZHl2V1o2OGMKpIS2v2mnofHOSpALJh+g9/2C3GIMH3oY
|
||||
GuPsMaRCxUW1NAL/i5EjNKm8t3QKR9r+JnIwCTDNkQdG1N00gpUgRg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-04-10T07:18:45Z"
|
||||
mac: ENC[AES256_GCM,data:0ECI2z14unAGgc2xcRdjjkaaAzi0c/x7V9HcTtB9tdMKZwIINHu+m1UC4SG+prRBuTX+7j4tpN343PzdgYzeXSx/aZlUDgc5cwPpgJyLhmIkDG8vPaKxcxtKOD5tHrnHe8tpdrZ3+/5NqneLPshlJZMX12PSpln50O8g9YPVKiI=,iv:5wGiTGpJ7+7U4XmRd6dH8455po/65XqT9+cdNxGuQwg=,tag:cXJ8sAEYkYDnZ6I/32y+0w==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
|
@ -14,12 +14,31 @@ let
|
|||
|
||||
cfg = config.mySystem.services.homepage;
|
||||
|
||||
settings = {
|
||||
# title = "Hades";
|
||||
# theme = "dark";
|
||||
# color = "slate";
|
||||
showStats = true;
|
||||
};
|
||||
# TODO refactor out this sht
|
||||
settings =
|
||||
{
|
||||
title = "NatFlix";
|
||||
theme = "dark";
|
||||
color = "slate";
|
||||
showStats = true;
|
||||
disableCollape = true;
|
||||
cardBlur = "md";
|
||||
statusStyle = "none";
|
||||
|
||||
datetime = {
|
||||
text_size = "l";
|
||||
format = {
|
||||
timeStyle = "short";
|
||||
dateStyle = "short";
|
||||
hourCycle = "h23";
|
||||
};
|
||||
};
|
||||
|
||||
providers = {
|
||||
openweathermap = "{{HOMEPAGE_VAR_OPENWEATHERMAP_API_KEY}}";
|
||||
};
|
||||
};
|
||||
|
||||
settingsFile = builtins.toFile "homepage-settings.yaml" (builtins.toJSON settings);
|
||||
|
||||
bookmarks = [
|
||||
|
@ -55,20 +74,93 @@ let
|
|||
};
|
||||
}
|
||||
{
|
||||
search = {
|
||||
provider = "duckduckgo";
|
||||
target = "_blank";
|
||||
datetime = {
|
||||
text_size = "l";
|
||||
locale = "au";
|
||||
format = {
|
||||
timeStyle = "short";
|
||||
dateStyle = "short";
|
||||
hourCycle = "h23";
|
||||
};
|
||||
};
|
||||
}
|
||||
{
|
||||
openmeteo = {
|
||||
label = "Melbourne";
|
||||
latitude = "-37.8136";
|
||||
longitude = "144.9631";
|
||||
timezone = config.time.timeZone;
|
||||
units = "metric";
|
||||
cache = 5;
|
||||
};
|
||||
}
|
||||
];
|
||||
widgetsFile = builtins.toFile "homepage-widgets.yaml" (builtins.toJSON widgets);
|
||||
|
||||
extraInfrastructure = [
|
||||
{
|
||||
"UDMP" = {
|
||||
href = "https://10.8.10.1";
|
||||
description = "Unifi Dream Machine Pro";
|
||||
icon = "ubiquiti";
|
||||
widget = {
|
||||
url = "https://10.8.10.1:443";
|
||||
username = "unifi_read_only";
|
||||
password = "{{HOMEPAGE_VAR_UNIFI_PASSWORD}}";
|
||||
type = "unifi";
|
||||
};
|
||||
};
|
||||
}
|
||||
{
|
||||
"Nextdns" = {
|
||||
href = "https://my.nextdns.io/";
|
||||
description = "Adblocking DNS";
|
||||
icon = "nextdns";
|
||||
widget = {
|
||||
profile = "{{HOMEPAGE_VAR_NEXTDNS_TRUSTED_PROFILE}}";
|
||||
key = "{{HOMEPAGE_VAR_NEXTDNS_API_KEY}}";
|
||||
type = "nextdns";
|
||||
};
|
||||
};
|
||||
}
|
||||
{
|
||||
"Cloudflare" = {
|
||||
href = "https://dash.cloudflare.com";
|
||||
description = "DNS and security provider";
|
||||
icon = "cloudflare";
|
||||
widget = {
|
||||
key = "{{HOMEPAGE_VAR_CLOUDFLARE_TUNNEL_API}}";
|
||||
accountid = "{{HOMEPAGE_VAR_CLOUDFLARE_ACCOUNT_ID}}";
|
||||
tunnelid = "{{HOMEPAGE_VAR_CLOUDFLARE_TUNNEL_ID}}";
|
||||
type = "cloudflared";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
];
|
||||
|
||||
extraHome = [
|
||||
{
|
||||
"Prusa Octoprint" = {
|
||||
href = "http://prusa:5000"; # TODO fix with better hostname
|
||||
description = "Prusa MK3s 3D printer";
|
||||
icon = "octoprint";
|
||||
widget = {
|
||||
type = "octoprint";
|
||||
url = "http://prusa:5000";
|
||||
key = "{{HOMEPAGE_VAR_PRUSA_OCTOPRINT_API}}";
|
||||
};
|
||||
};
|
||||
}
|
||||
];
|
||||
services = [
|
||||
{ Infrastructure = cfg.infrastructure-services; }
|
||||
{ Home = cfg.home-services; }
|
||||
{ Infrastructure = cfg.infrastructure-services ++ extraInfrastructure; }
|
||||
{ Home = cfg.home-services ++ extraHome; }
|
||||
{ Media = cfg.media-services; }
|
||||
];
|
||||
servicesFile = builtins.toFile "homepage-config.yaml" (builtins.toJSON services);
|
||||
emptyFile = builtins.toFile "docker.yaml" (builtins.toJSON [{ }]);
|
||||
|
||||
in
|
||||
{
|
||||
options.mySystem.services.homepage = {
|
||||
|
@ -92,6 +184,18 @@ in
|
|||
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
# homepage secrets
|
||||
# ensure you dont have whitespace around your ='s!
|
||||
# ex: HOMEPAGE_VAR_CLOUDFLARE_TUNNEL_API="supersecretlol"
|
||||
sops.secrets."services/homepage/env" = {
|
||||
# configure secret for forwarding rules
|
||||
sopsFile = ./secrets.sops.yaml;
|
||||
owner = "kah";
|
||||
group = "kah";
|
||||
restartUnits = [ "podman-${app}.service" ];
|
||||
};
|
||||
|
||||
# api secrets from other apps
|
||||
sops.secrets."services/sonarr/env" = {
|
||||
# configure secret for forwarding rules
|
||||
sopsFile = ../arr/sonarr/secrets.sops.yaml;
|
||||
|
@ -128,11 +232,6 @@ in
|
|||
restartUnits = [ "podman-${app}.service" ];
|
||||
};
|
||||
|
||||
# ensure folder exist and has correct owner/group
|
||||
systemd.tmpfiles.rules = [
|
||||
"d ${persistentFolder} 0755 ${user} ${group} -" #The - disables automatic cleanup, so the file wont be removed after a period
|
||||
];
|
||||
|
||||
virtualisation.oci-containers.containers.${app} = {
|
||||
image = "${image}";
|
||||
user = "${user}:${group}";
|
||||
|
@ -141,9 +240,13 @@ in
|
|||
UMASK = "002";
|
||||
PUID = "${user}";
|
||||
PGID = "${group}";
|
||||
LOG_TARGETS = "stdout";
|
||||
};
|
||||
|
||||
# secrets
|
||||
environmentFiles = [
|
||||
config.sops.secrets."services/homepage/env".path
|
||||
|
||||
config.sops.secrets."services/sonarr/env".path
|
||||
config.sops.secrets."services/radarr/env".path
|
||||
config.sops.secrets."services/readarr/env".path
|
||||
|
@ -151,11 +254,15 @@ in
|
|||
config.sops.secrets."services/prowlarr/env".path
|
||||
];
|
||||
|
||||
labels = {
|
||||
"traefik.enable" = "true";
|
||||
"traefik.http.routers.${app}.entrypoints" = "websecure";
|
||||
"traefik.http.routers.${app}.middlewares" = "local-only@file";
|
||||
"traefik.http.services.${app}.loadbalancer.server.port" = "${toString port}";
|
||||
# labels = {
|
||||
# "traefik.enable" = "true";
|
||||
# "traefik.http.routers.${app}.entrypoints" = "websecure";
|
||||
# "traefik.http.routers.${app}.middlewares" = "local-ip-only@file";
|
||||
# "traefik.http.services.${app}.loadbalancer.server.port" = "${toString port}";
|
||||
# };
|
||||
labels = config.lib.mySystem.mkTraefikLabels {
|
||||
name = app;
|
||||
inherit port;
|
||||
};
|
||||
# not using docker socket for discovery, just
|
||||
# building up the apps from a shared key
|
||||
|
@ -164,15 +271,28 @@ in
|
|||
# easier to have/move services between hosts
|
||||
volumes = [
|
||||
"/etc/localtime:/etc/localtime:ro"
|
||||
"${persistentFolder}:/app/config/logs:rw"
|
||||
"${settingsFile}:/app/config/settings.yaml"
|
||||
"${servicesFile}:/app/config/services.yaml"
|
||||
"${bookmarksFile}:/app/config/bookmarks.yaml"
|
||||
"${widgetsFile}:/app/config/widgets.yaml"
|
||||
|
||||
"${settingsFile}:/app/config/settings.yaml:ro"
|
||||
"${servicesFile}:/app/config/services.yaml:ro"
|
||||
"${bookmarksFile}:/app/config/bookmarks.yaml:ro"
|
||||
"${widgetsFile}:/app/config/widgets.yaml:ro"
|
||||
"${emptyFile}:/app/config/docker.yaml:ro"
|
||||
"${emptyFile}:/app/config/kubernetes.yaml:ro"
|
||||
];
|
||||
|
||||
extraOptions = [
|
||||
"--read-only"
|
||||
"--tmpfs=/app/config"
|
||||
];
|
||||
};
|
||||
|
||||
mySystem.services.gatus.monitors = mkIf config.mySystem.services.gatus.enable [{
|
||||
name = app;
|
||||
group = "infrastructure";
|
||||
url = "https://${app}.${config.networking.domain}";
|
||||
interval = "30s";
|
||||
conditions = [ "[CONNECTED] == true" ];
|
||||
}];
|
||||
|
||||
|
||||
};
|
||||
}
|
68
nixos/modules/nixos/containers/homepage/secrets.sops.yaml
Normal file
68
nixos/modules/nixos/containers/homepage/secrets.sops.yaml
Normal file
|
@ -0,0 +1,68 @@
|
|||
services:
|
||||
homepage:
|
||||
env: ENC[AES256_GCM,data:9T4cgUUy631Hp9GRiR2N2MTJxOfiV/O3b0huRRTGH8vbgXZRbwn6xkE2hyJgvaPxLyybvcZSTMP7h73lqUuOiSl1FNlWE1QJpkkWew2XAbxSV7yYoFf573csD/fMnfDjS2CWjVR2fPbPUDfmFSx0nVjKo4k3zgDbGPTpiGXdVzN7OdvkwTfsMmpXL0Risl0a9NK7Iiriwk+Ieg5peJllxGlmHNgEnbgykZe0JjZlWbqg5KFmK+vN8cvSrlhsjfYeoVcTaSjQJ9SdeqQmRaThA9DE8cMY4dS395gWF6Y4hkmZ8uPrMnY9HIHn5qgv4LCKBL8UB8BaYH6yAk/zIFIRM3GEsLObMiHgUurgZDrrMFuzn46lngXBfUZp9bFYPJ5WEUEPrFaEeFVz3HHYbtSpxiGDfrDLmKNConC44G/sU0snMANUntvEpMXdhwBIzfhtPzu9XChYiVkvLOU28Z624UOYNd0tKLtZpFk9gME5nsIF5+Z6Rk+f5ycv6+h4Ruv0Yx1+I3pXsjiiio1CT6hh/D7nM3/SgbWp/LHMOtV0YKnvTL89BDmFMDZdy452dVSw+xOX9hE4L79HDThIYX2fZKQ8CkZTyE1f9/6cU03GDA893oQ6k9nG1cY1vW2zgQLXSnYR4hQ2HbUXOlpEAp1Nm6t5yVdST8bSGHvlV+Sn/JI4OFi7NgM+66Owf/b/SzuuhHUzfvtk6O3VEvyyOySA3GwRIwowsQydu4/QN7ZogJ5yqvCMTQU34J1WalRqM1dohnOXI84+fakdz1M2E68wMs1rIyuXa7w6Tn6DoE2nx7n1wQ==,iv:kaW+31hzliWY/sMZyVr8bIvAk0MwfLJVdHiRrcVICoQ=,tag:FPp+sn1AYVBJyLQy14vogg==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhenRKQldGQkVlRmhKd1dY
|
||||
R0lPM0FOekU4SWdIZS9oWU5nZlNsaTRua1MwCkFINGZ1cWhURUlLMmhqQjQ4blRM
|
||||
eFR2anR6VGZFZy8wN28rNXhkbk9DcGMKLS0tIGxQbTV2eWNNbEg4Y2o2UGM4WmlB
|
||||
RmF5Q1pFMGs1cVJqaHExL1Q1WVBDSE0Kc/gxa62PA75jGtLhhTlweL+1jbNA34UG
|
||||
lAdqTDI81uQVHuX/K7CSffMSNa1dQR9BBwSmAI7FD1q+gdnx3qOXog==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKKzljNnRwWEpJUS84bGtG
|
||||
QjVIL2xUZDhtVGozWE1Wd1h5NWNpM1gvRzFRCk9nN2ZQQWxSNU1URytqRTFQNU1k
|
||||
WVhDWEVicENUZnlZODF6b0JDMUdoaWsKLS0tIGFiMUMzVExncHVmQU9ETDdYSkpa
|
||||
YVdadDJDVWkyMXJ3YVhLUnJxUEp1bjgKRM5xrW3hl1RgcK0ynHSEnwV5J8uHyGiP
|
||||
8p5bnKrE5YYtBaK8d6O0evKgufxEhnajwvuOATlfbRBlmbce/BjhgA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJR3hCVVlXZFU0UGsrckl0
|
||||
MGVDV0hSQVJqeTFraFFqK1I0emdxem9Ga1dzCi9HemtJMGNOenBVRzAzS0I1cUE4
|
||||
dGdoWnZXODVzRGtIM293R3F3M0VpcjgKLS0tIDNUT1Yvb2NKckxWMW9yYkJPK0hj
|
||||
U2VhOUFXSnVtaHl6WUVBSVBXUHkvYVUKhHGoMsNhwnbq0YOTX7U9h119GxsYq+u9
|
||||
fwhkqozV8/yIH/pgu14ZKrXJyzXhC1jWgYXqhGVVzpuJelCg4V86cg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzZ1B3QjlrSHZDU3Y1bng4
|
||||
aTcvN3M5K0Vabm9wb21RQ3VxYkxJWnRVakZNCmVEOC9nbDlXaS9hUHk4blRValJO
|
||||
THJ1ajEvbFVsN3FwU2ZBdkNudlhmU3MKLS0tIDFDL0ZnTE5IaHU5dUF5UVNzRkt6
|
||||
ZUh5MjNBeXNBa0JBWEhaVE90azMvT28KLd980Jlt+vkIKYuM3BbSBIEZjiec6s+i
|
||||
8/SKkpwuuzGPHEnA3VsV2a9o8ejzQOPFQjSbd2Fw8caKjF9T6KFqTA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLWlkzWmJBZmVFbU84SFI4
|
||||
ck4wTDc3Z0VGbmxRNGRKRkJ3Qmd1LytVZnlBCjErNjNSNy9nTTVMMzBMbWRUU2FV
|
||||
SU1QeUI3bEpGV3ZCUHRFUWpsZHo3Z1EKLS0tIHZNd2xrT1hrKzhTWHU5STdyV3U3
|
||||
ZGd4SU52YkVNWHBkWGNvTjBDUXNsNlEKnLnev2PXIwVqUMqttGFQra3/pmHG2jhz
|
||||
h6OANuguMMCasK1CaMY8s756Lm/7qgoCO1l8pnx2Effet514gR7Bbw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1se7am4c5dh35aulf5zt38ymf600hz8gah4eudr9ml4fmr8h2eqxszuel73
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlMDVnd3NmWWJUczhwb3hs
|
||||
UVE3S0llK1FKL3ArYW9xWms2ZXhzYkJYY2xvCmxPTVlvY0tpcXRwTExmUm9WL3oy
|
||||
bU54eEVtMkU0Y21BVDZ6Sy9YNkZWSDQKLS0tIGYvbUxzRXpRQmU1a0czVGRENXpj
|
||||
dkNtZWNnek9uUnd1Z2U2enR4N1hqWE0K1Zu/GCw/aIPkXvWmVSxqZwBSnagjXS1J
|
||||
uyefLabImtdR4FjWSPsldIACH1zi69ucaXTccQptrxqABzqltjBXxA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-04-10T07:18:45Z"
|
||||
mac: ENC[AES256_GCM,data:aKCkHTYBHaSZpn43uI6Ihws2CETNnbsKvR4+BkqbHd1FpPrZ4V1wojaPcQSFNULgYmAnQM6MJD0may6OGt9Ux16U/ygytCt1BMVTMhxihb2R9IdlQxxDnou56e+E/jTjwIei2yr2RBxra+d47NbF6domaQ66DoIAmGELPfqcOg8=,iv:wyLUspsNZsYQMcqzl6UT6TcURYGLkUnU616xb8huqho=,tag:APVPI3+Lhvvw11sHIs33HA==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
71
nixos/modules/nixos/containers/qbittorrent/default.nix
Normal file
71
nixos/modules/nixos/containers/qbittorrent/default.nix
Normal file
|
@ -0,0 +1,71 @@
|
|||
{ lib
|
||||
, config
|
||||
, pkgs
|
||||
, ...
|
||||
}:
|
||||
with lib;
|
||||
let
|
||||
app = "qbittorrent";
|
||||
image = "ghcr.io/onedr0p/qbittorrent:4.6.3@sha256:a4ad890e8c4a287c17d12ca22eb1d84a046aba2efbd882bf7d6eb12459f6a70c";
|
||||
user = "568"; #string
|
||||
group = "568"; #string
|
||||
port = 8080; #int
|
||||
cfg = config.mySystem.services.${app};
|
||||
persistentFolder = "${config.mySystem.persistentFolder}/${app}";
|
||||
in
|
||||
{
|
||||
options.mySystem.services.${app} =
|
||||
{
|
||||
enable = mkEnableOption "${app}";
|
||||
addToHomepage = mkEnableOption "Add ${app} to homepage" // { default = true; };
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
# ensure folder exist and has correct owner/group
|
||||
systemd.tmpfiles.rules = [
|
||||
"d ${persistentFolder} 0755 ${user} ${group} -" #The - disables automatic cleanup, so the file wont be removed after a period
|
||||
];
|
||||
|
||||
virtualisation.oci-containers.containers.${app} = {
|
||||
image = "${image}";
|
||||
user = "${user}:${group}";
|
||||
environment = {
|
||||
QBITTORRENT__BT_PORT = "32189";
|
||||
};
|
||||
volumes = [
|
||||
"${persistentFolder}:/config:rw"
|
||||
"/mnt/nas/natflix:/media:rw"
|
||||
"/etc/localtime:/etc/localtime:ro"
|
||||
];
|
||||
labels = config.lib.mySystem.mkTraefikLabels {
|
||||
name = app;
|
||||
inherit port;
|
||||
};
|
||||
};
|
||||
|
||||
mySystem.services.homepage.media-services = mkIf cfg.addToHomepage [
|
||||
{
|
||||
Qbittorrent = {
|
||||
icon = "${app}.png";
|
||||
href = "https://${app}.${config.networking.domain}";
|
||||
description = "Torrent Downloader";
|
||||
container = "${app}";
|
||||
widget = {
|
||||
type = "${app}";
|
||||
url = "https://${app}.${config.networking.domain}";
|
||||
};
|
||||
};
|
||||
}
|
||||
];
|
||||
|
||||
mySystem.services.gatus.monitors = mkIf config.mySystem.services.gatus.enable [{
|
||||
|
||||
name = app;
|
||||
group = "arr";
|
||||
url = "https://${app}.${config.networking.domain}";
|
||||
interval = "30s";
|
||||
conditions = [ "[CONNECTED] == true" ];
|
||||
}];
|
||||
|
||||
};
|
||||
}
|
72
nixos/modules/nixos/containers/sabnzbd/default.nix
Normal file
72
nixos/modules/nixos/containers/sabnzbd/default.nix
Normal file
|
@ -0,0 +1,72 @@
|
|||
{ lib
|
||||
, config
|
||||
, pkgs
|
||||
, ...
|
||||
}:
|
||||
with lib;
|
||||
let
|
||||
app = "sabnzbd";
|
||||
image = "ghcr.io/onedr0p/sabnzbd:4.2.3@sha256:bb20d3940ff32c672111ad7169ce4156f1c4c08bb653241f1b14f6d00f93b3cc";
|
||||
user = "568"; #string
|
||||
group = "568"; #string
|
||||
port = 8080; #int
|
||||
cfg = config.mySystem.services.${app};
|
||||
persistentFolder = "${config.mySystem.persistentFolder}/${app}";
|
||||
in
|
||||
{
|
||||
options.mySystem.services.${app} =
|
||||
{
|
||||
enable = mkEnableOption "${app}";
|
||||
addToHomepage = mkEnableOption "Add ${app} to homepage" // { default = true; };
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
# ensure folder exist and has correct owner/group
|
||||
systemd.tmpfiles.rules = [
|
||||
"d ${persistentFolder} 0755 ${user} ${group} -" #The - disables automatic cleanup, so the file wont be removed after a period
|
||||
];
|
||||
|
||||
virtualisation.oci-containers.containers.${app} = {
|
||||
image = "${image}";
|
||||
user = "${user}:${group}";
|
||||
environment = {
|
||||
SABNZBD__HOST_WHITELIST_ENTRIES = "sabnzbd, sabnzbd.trux.dev";
|
||||
};
|
||||
volumes = [
|
||||
"${persistentFolder}:/config:rw"
|
||||
"/mnt/nas/natflix:/media:rw"
|
||||
"/etc/localtime:/etc/localtime:ro"
|
||||
];
|
||||
labels = config.lib.mySystem.mkTraefikLabels {
|
||||
name = app;
|
||||
inherit port;
|
||||
};
|
||||
};
|
||||
|
||||
mySystem.services.homepage.media-services = mkIf cfg.addToHomepage [
|
||||
{
|
||||
Sabnzbd = {
|
||||
icon = "${app}.png";
|
||||
href = "https://${app}.${config.networking.domain}";
|
||||
description = "Usenet Downloader";
|
||||
container = "${app}";
|
||||
widget = {
|
||||
type = "${app}";
|
||||
url = "https://${app}.${config.networking.domain}";
|
||||
key = "{{HOMEPAGE_VAR_SABNZBD__API_KEY}}";
|
||||
};
|
||||
};
|
||||
}
|
||||
];
|
||||
|
||||
mySystem.services.gatus.monitors = mkIf config.mySystem.services.gatus.enable [{
|
||||
|
||||
name = app;
|
||||
group = "arr";
|
||||
url = "https://${app}.${config.networking.domain}";
|
||||
interval = "30s";
|
||||
conditions = [ "[CONNECTED] == true" ];
|
||||
}];
|
||||
|
||||
};
|
||||
}
|
|
@ -8,12 +8,13 @@
|
|||
./de
|
||||
./editor
|
||||
./hardware
|
||||
./containers
|
||||
];
|
||||
|
||||
options.mySystem.persistentFolder = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
description = "persistent folter for mutable files";
|
||||
default = "/persistent/nixos/";
|
||||
default = "/persist/nixos/";
|
||||
};
|
||||
|
||||
|
||||
|
|
|
@ -19,6 +19,9 @@ in
|
|||
driSupport = true;
|
||||
driSupport32Bit = true;
|
||||
};
|
||||
hardware.opengl.extraPackages = with pkgs; [
|
||||
vaapiVdpau
|
||||
];
|
||||
|
||||
# This is for the benefit of VSCODE running natively in wayland
|
||||
environment.sessionVariables.NIXOS_OZONE_WL = "1";
|
||||
|
@ -52,7 +55,27 @@ in
|
|||
nvidiaSettings = true;
|
||||
|
||||
# Optionally, you may need to select the appropriate driver version for your specific GPU.
|
||||
package = config.boot.kernelPackages.nvidiaPackages.stable;
|
||||
# package = config.boot.kernelPackages.nvidiaPackages.stable;
|
||||
|
||||
# manual build nvidia driver, works around some wezterm issues
|
||||
# https://github.com/wez/wezterm/issues/2011
|
||||
package =
|
||||
# let
|
||||
# rcu_patch = pkgs.fetchpatch {
|
||||
# url = "https://github.com/gentoo/gentoo/raw/c64caf53/x11-drivers/nvidia-drivers/files/nvidia-drivers-470.223.02-gpl-pfn_valid.patch";
|
||||
# hash = "sha256-eZiQQp2S/asE7MfGvfe6dA/kdCvek9SYa/FFGp24dVg=";
|
||||
# };
|
||||
# in
|
||||
config.boot.kernelPackages.nvidiaPackages.mkDriver {
|
||||
version = "550.67";
|
||||
sha256_64bit = "sha256-mSAaCccc/w/QJh6w8Mva0oLrqB+cOSO1YMz1Se/32uI=";
|
||||
sha256_aarch64 = "sha256-+UuK0UniAsndN15VDb/xopjkdlc6ZGk5LIm/GNs5ivA=";
|
||||
openSha256 = "sha256-M/1qAQxTm61bznAtCoNQXICfThh3hLqfd0s1n1BFj2A=";
|
||||
settingsSha256 = "sha256-FUEwXpeUMH1DYH77/t76wF1UslkcW721x9BHasaRUaM=";
|
||||
persistencedSha256 = "sha256-ojHbmSAOYl3lOi2X6HOBlokTXhTCK6VNsH6+xfGQsyo=";
|
||||
|
||||
# patches = [ rcu_patch ];
|
||||
};
|
||||
};
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
|
|
|
@ -1,59 +0,0 @@
|
|||
services:
|
||||
lidarr:
|
||||
env: ENC[AES256_GCM,data:QMvX7WRcLegLbHS7JQm8rcyc9ac12Urj29Pkv8socA2kvgL0TI1w7jL0qhXLNUmCJmtcvhCwNL91lN/5UOFFWxEVzUcJEWvY7NmHi9twSXT6evOej3Q1qALO+xG6ZAuKTc5EHlqPx6aUnSdt9rU=,iv:myoud9cBoCQ2AIsD2zJAMaqB8Uyp9PwEgSAIJofQk3Y=,tag:llN0afX1zpvij44Wk9guJw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoeFc1WkRCejJPN2VsK1BK
|
||||
K3V5dWxHc3RxL1NzVUtXcmxsSG1EZnJqS0dNCnVkbExwK1dMR1ZuNnc5TWcrNmdL
|
||||
R2xzR0xXSktHVEJwWVdIU2JSbHR0UjgKLS0tIGtmVSs2aGtVQnZtYURBRDdVdjYv
|
||||
ZEIwTUtSeEVDeEMzeUFKazFFQzhXdFUKAlFKK2unF7tfjFAznL+MmsDOVG7w9clb
|
||||
j4UVT8hVYySnRmoEivKPmmPrkIgsMvlewFyViL9m8XoiZ8BOGIApRw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLUWhyMnh5RzFua3NHMXMy
|
||||
UUM0NEd1NGFvbzlzMTdmam1NdWRDRXFDdlJJCnZkdFg4ejRCSCt6TWg4QWl5KzFu
|
||||
MTIyTGZuc0JvQWU5ZFdEY0VWeGZFTHMKLS0tIEtrRDdkQWFMOSsxdkg5dkx3aXhQ
|
||||
ZFlpT1d2d3dYaEhpOVRqWkx1Sk1nYlUKABWHbKvk7XqRdRHmaPfGMBs2j0KJSY1z
|
||||
eZJXlXFMY/WLLf3FkvVsU03DBxnDzi3NIDhNkZUf1uywVfIV6G2FNg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwT2VvYWpmOVlHSHBiM29M
|
||||
NDdNbjZKb3M3TXRMeUUyVEsxekNFUXZGNlI4ClBoQjVYSTJaZFplRnBwb0NQZFFm
|
||||
QXN0ditMUU12ZkhIMHhPQy92Nno4MUUKLS0tIGVIWUk5YWxrTFg3N3NOZEJJNW9R
|
||||
VWJJT0hkeVB6d1B4QldyY01sdU0rSVkKlDsj2lmzB0E9FpESBzDDLieJ5uLtspSf
|
||||
vnPNi6J3EznHAcO9CoXejrbkEEBTafueAx6/U9T9nzxkAhNFt7wYdQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrUTlNUE1PczRlNVJ0dnlF
|
||||
aG5id1ZERE83TEdqWUdXQ2V0K3VXWENacDBBClcvYVFvZVRYTVA3bXdUblYzeFBR
|
||||
VzdBdVVNSGxCbG9yVmVQbnZmK0ZTVDQKLS0tIGl4WUFxOVRlOWZsaVhaKzR1UmhZ
|
||||
UlRkM1NqT1BRY1U3ZGVwS1NIeG5hZEEKo9yIGo2q+XemTtqsVRUGZol+ToorrA7s
|
||||
LKQTB92x6ZIL1Nc0ssXNppTDxDWnIl5GMGlQliwCVmtc9+IhXAjNOQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0ZUN2d1FJRUc2dWhaR0lz
|
||||
VUxDK3VSKy9aNmxoWW9leUZibFlJYXVPWkFnCmY0ODYzeWYyWVdmdXdoNFRQUno1
|
||||
b0lWeHdpWERVczJTbXpjMEpxT2dNUTAKLS0tIE1odzZ1WVFNdEJIclZFL3UvMjFV
|
||||
Y3ZhWHpVb0lLL09xOU1rZllDRVNXSFkKUXNaWZt+lOv0D7gzh6DLSn0bHmhKNygC
|
||||
L/jFAJUkya8fsdqOfLpxzprLrJ8tXlEyCIBkz/6RPTQO82hbB0vXRg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-04-08T02:06:18Z"
|
||||
mac: ENC[AES256_GCM,data:Hul7Mj+gIPXdDLInM+bSyMr/2cw7XGoIKxB1IGDbW6fnJAt91fdgl8t3g4C35h0W9lFV4nIbWB8BolIq2gX0AfAqVyiL4WiEbVodJlwhVS4I/lha3gTfST0n8H4rZCeLFaDe4JKyhcfvFa+mCTS0mwtgtcRHDi2TLa8AP+Ue5dg=,iv:/fkQeo6T72WKKXjhaywSyPlj27Npg1DA+ktihR5jN9E=,tag:gCRJzcLT65q58rbvSf5BCQ==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
|
@ -1,59 +0,0 @@
|
|||
services:
|
||||
prowlarr:
|
||||
env: ENC[AES256_GCM,data:zzyYxJrgKQJg9IgWdRePrw6yY4OfM4CjX1yHd3xM4+Nw2CqQlfkKvFkoTerDFlOFKvYZB30JOgExdtv9fAFdXUWoKeuqTyliQZG71SGcQrnkikrSzgBfuiKF2vsXiLlDzG1zWGAhnqQsOpymf9u1jAQ1,iv:BYybV11VMWZUaFPsUvrb7OpAr/ypqpGvQsG8+UzuZJc=,tag:hNpX44HPSN+ZoPmDHiKYBA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6WS9DU3JmV3d3aklRSXNF
|
||||
clJpOUJyOWN2eXJDQkNxOVBVR2dpY1NOTkRvClpnenViWEY4VmNJaFZPN2RLTk5D
|
||||
cThTRy9LOVVJT2xZUUpoRzZQZS9SVm8KLS0tIE9iVkNWb0dwK0ZndW51aHdMVFBX
|
||||
SEVkRDNtZEgwajlOQ3RITmFZMnNoZFkKcvUmNpFMk51aWGjWvzzg4QJ9JjRmOaoz
|
||||
aQtrZB4rZ0etRK5qn7ax/uzCnG5P21hcZePm70v0b+TZnVDuDLHmbg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBidDZZdzBkYytsekM4TEt2
|
||||
Rkw0blVjTnBwaWFzd2RyUVM1Rks0ODJYRXpNCmdwWmt2dnBwSFJBTERYUFdMb0wv
|
||||
T3JOYUwrSVFhdjVtZjlpcEkyY2hveG8KLS0tIDNaREVmb3BDa2tlbHpOM05pMWZh
|
||||
Z1hPQ1dBbUlxZDBhRXBWSnk4NlBiRG8KL767jh7h/YJBfMttJSgdSP9iPgMg1/Za
|
||||
sIJ2Z7wUcmnYAKaQh9Ol2xgzOyWhLOM+Tj4DuJvyZVgMWlhHLgrdFw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKQ3FKMXJGQmcxTU5XSmZr
|
||||
RFRRT3Rib0tDckN1ZWNFT3Z1TC9hdUw4aXlNClRFc2p3REptR2ZWYW8xVk15Q0Rh
|
||||
Rms1TWdtREFybHNaTWZWaGZmYnJUMVUKLS0tIHhsKytqakxXNnJYd3ZvMGk2RVNj
|
||||
bmpCbEw2bDFQOFFwelFrUTcyemlCU28KoxcnwQIJigjDi4a7R3PzlLKjPOlovuT1
|
||||
8N8sxfSV6FrdyyrDF/ey8K3zWlig/yrRLpgCSlNMzw/3VRZI/gMI4g==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4VEZ2bkFJTWo2VGV0OXpS
|
||||
OGc4YkhZS0tuTUxBNUM4K05HZWpmTXhwVGhFCmVIVUYzRDdBNC9sZmdzL3I3K2NG
|
||||
TVo5djUva09xR1g2ZEN3NitBN1d2cGsKLS0tIDlDMDBGbTFTUXgwYUQzaWh0MVJT
|
||||
SGFnYW9DTWRrUlBQNjJsN251L1Ayam8KhQ4Qr3JMsy4w6gl1Fym6ejDtzJSgZ+wm
|
||||
6+F1PJw4xWzwHVZe3INAK3hMglg/o21u2lX9u9Rm7aKsSm/p/nNr6w==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYZHU0NjF5Z1JFWlBsblpJ
|
||||
MXJjZCt5eU5YSCtWRmpQQ2NkTDd3VXJaekIwCjY0b0xKTk4zRWxqdFF4KzJWdStl
|
||||
bkp5bXpDYXl2MXZvNVJJNCtRazhnK0kKLS0tIDV6MnR5RkZRYUNCcCtmSHJhQzlq
|
||||
aGJLM01UMzFOcjZqeUtCL1lTTEZZSlUKQrhkgXiRjT7lQoTdMKv6V4famp3p8/Ca
|
||||
Qc+xgxh4VwIqa7hcQoqneaWRFxjVeYLEwM5JbBaqkIYfIGZFZG+3rg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-04-08T02:03:18Z"
|
||||
mac: ENC[AES256_GCM,data:+V/l66ndBKtXe1W3gdsAPA335OQRm7Why+O++bL/eMjzgTWb7NJaQSgBQ1MV0K5/fOhzTtgTu/eSoni4DQwaotuzILlXix0BW6HZ+OxFWCGucPEce9KXYWFLhKJmbEqXJCxo+Gbnc0TJ50JOXIpWevoCsEoOp26NUaHcoX9uw08=,iv:hhluUr9R8cT/uYKoRPoxRmBuEz0+o/S50kGV74rbK5o=,tag:/beFhlp0k0k3EjlWrSwSjA==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
|
@ -1,59 +0,0 @@
|
|||
services:
|
||||
radarr:
|
||||
env: ENC[AES256_GCM,data:582m9MfhLUMDG7Kbu4ePV5EmOTpHhXZojxaqjNeAFhHo2yzNpWwKf8sESUJlo5JgZevyKcjxJOM0ZujwVEqKe5MP74uPOsCUPgPZoo17sf1VGgfE5uyowJX0XCcnXn403k3gASDZacKTGDHpOQ8BJdoKKJbRffx8wYGeX8UtdevUP/284gU1kuCgL9DQRieNGyoFTi7ltudg/N7t0pg/9LCq31A1amn3Zb+sDHQdEFSWYO6qKibW2eGBwvz0jNQ2f6Si47msw+wX3O/6OXGF,iv:OuFoJOglImRcbOZgSdUR3Ijfaoj7fC2Sfvw/hWoG4iM=,tag:cZVNBBU8WfZVVqk+4d+IWQ==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5TzlaRncyMUtiR0prTzhG
|
||||
SDJ2TU8rK3E5VHB5QjJhZjZNZWs1cmVuSlRZCnJUQTZpVE5HMHpHQXFkUFRRNUtv
|
||||
K0hzckxFb1dyRGJ1ejRWYlpabThTeU0KLS0tIHk0NXRPaVUrazVzMTlmWFViSHJI
|
||||
SVE3Z25lVWtwdHlxNTJMSk9laDRvTUkK4t9ZdoH6JUMMR/p6gQc3jfAGboGeR31X
|
||||
gvrbz2Q+cp8YSyI3XrAVJG3/HqqO99bx8BSWwIqnSk1iOIl6qrwYpA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGKy84ck1CWFlhQUdwYTVZ
|
||||
eU5hdEprQW12d01lN2tLSnl2RTdTODJlWUQwCnpxRnJ0ZHNDMEYzZTRBMHhoc0hq
|
||||
MHB0aGFRNGRwdmlIV0RoK0Z6b04ySWMKLS0tIGlZZGNZbnF1M2FLRVJvdkVuVnJ2
|
||||
bGZFc2pQK2xUQUk5WVVMbVdsRWU4OXMK2CGUFSLA5omweArXyHmi9eewDua+8o9G
|
||||
44rzu4oS9Uwcaq92Z6XyoJqWvXnFmW+pUPDBq36MlY7fanVdoaXBhQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4cVRaTUNhUGJOYVZ4Mi9n
|
||||
aEk4ZkZ2VjB4NFpCbjFtK1JQVFI5dnJHVlJVCkRrN2dRUEphZVdDa0N6VU11QlZs
|
||||
cVhaYzQ4a0o5L0JWZ1kzMXBOSUV0ajAKLS0tIHljYVNwQ2QxOENQSFY2RldQV2Jr
|
||||
N0JpbUp6TnNLWXAwYUFuN2YrQmN1VW8KyJA7i+CZH2zRhK+vvPao2xMlxD2vm+yD
|
||||
aJCTO+EwL0T0imhg7DDHhgwoAUCQTc89qwBkj84JeSGBD8nSxCOtUw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiZkdvM1dnT2VyTmpCdFp4
|
||||
dFdWaEQ1aUVNYUVkclRXd09pS2d0bmNmUVc0CitvQTdCZ0hwa3NuTFQyeWN5bmRM
|
||||
WlcrMTZETVNZSGZXNzRaa3lZOVRoVkUKLS0tIHAwaUpYd3Jsb1ArT1U0Qm54WkNP
|
||||
YUY5N25qWkx3cHJIS0NBYSs5MXhkWncKQjlZaY1AO8mpqZaIjwMGBKHnZMQyzJm+
|
||||
A4+B95P8DBKuZTJjHwVrjVvWfFFL3XglmftbiDyHL/WjRUGCL332Vg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5QjUvYmFoNGFDRWFkN1Qx
|
||||
Ti9iMVJQZHFrYzN6S0hhaFkwRE5tUTRYcXpFCjhhZElEVFlhbyt6dkdvUFM2QXhr
|
||||
QktxSzdIWi9YUHpYS0lPbEJ4Z0tMNFUKLS0tIDg5dG16d1NJblprY3A1ZDdhTTBh
|
||||
SS95dStzKzI0ZFVDcURxd2k5UHduYUkK/NQCeduzIPws13zJmBD0NGSbfb0iHrfQ
|
||||
UxXWyesEZmItT0LorZp+PL5iYZ9Iax9DONe9CKN9fOxS4G8x8U9cDw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-04-08T02:05:52Z"
|
||||
mac: ENC[AES256_GCM,data:Z5USXKjnL5PhpC1GRftGuBukjmAVc3VXnBG//qwrJUryC4WoxJExsmJ9okS9CWeNiPy1EoPbNx+7v1Xlnbgg/5op+unLCufc7lb/hRZc89umQEkVt9XWyCQvd5Ar6PCmGwkP/oG2zoTAYXEg9njyO9ae7F++EJNpa92VstvfWtI=,iv:by6YKmRDnOaoneEVbGzx5jbCxesv8K2XJxZg2LjnzLQ=,tag:y1IZXfVOuMvqr6dHKA5oTg==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
|
@ -1,59 +0,0 @@
|
|||
services:
|
||||
readarr:
|
||||
env: ENC[AES256_GCM,data:+ZpTnRHTU8cQQKouzVEXTlk4mq27wgV135YDwQNh3Jp45Woj8czlliuR7SEr86dvTYOord5jtFUJzYcOli9+0H0JynJNiUT1ZkY26gnD8tDJYK97vrLAKgfZVbxcdXsJaRD0q9CGwbQrPWiXkMZLNQ==,iv:GhTkFKT3G8XXu4D+UUwfiVGz6NgRcS4tKIqQZWgYyI4=,tag:LettwkiVj31G8KL8nLr83Q==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlWmt6Qi80bkR1Y1pnSG8v
|
||||
d1owbWxJL0s5M3NmUGd6dnRaWXpwT1JrdHl3ClEwL2pvakNNT2pqU2lWdkk5ZzUx
|
||||
UFQyRzB5NFVxc056N1ZTbUpISGFKVFEKLS0tIGlmZmJUR1REOWl3anh6b0JYQmo5
|
||||
bmt0S0ozR2d3eGhWa1g1NHJhYW5jKzgKSoY7i2uMbzFJiWRCoxhMqul0GJpUAKcd
|
||||
fMPyg09a+pmAeoEKSxSpC3z6OR1CLAyr9Yo9FIsIYBS2jRPwwwCXOA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQQ2tLVkp4MFBkT2pueHBF
|
||||
dnJ0TUlhZUpjakJEU0NmMkpSbVg1Um9SeUhFCkV2azN4L3IyZDhrQ2hvQ1NEMGhw
|
||||
d1NXaVVHOWNGSGZuS2xuVUQ0Tm04NE0KLS0tIDNJWUJJaVdLaUxSS2ZwM1h4UTFH
|
||||
OXpzREdpWitzZnd0cDZ6WVdacmh3MEUKxB4dMNuaFXYRtt33tGpR03mHhPRho8oO
|
||||
uwSFpJSK+s50T6eQQeDH9E/6JsJSiH4haVV2MWgTZ2IgqEwZ6Wc5nQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSem9EVzZmNXh1eGxhZ1ZD
|
||||
WXkvNGRZbkRaZ0l3R0s3d3hQN1VjZThMRzJVCmZkb0M3aTF4UFdKUCtXSmpDbVpQ
|
||||
T2h5K0lIdWNWcVFmc21VblBaVjhKemcKLS0tIGNCQUVRbkRlZHpLRGJjbVFyMWRy
|
||||
djJPMXpvU3d3Y0dXeDdRTHVtWjNUT3cK+3O7uXPkdxN5ksKs+OVOmRzAMCXP+sYy
|
||||
kA6JCOYMu1CInY3GzKHs93fl8B5BixZy+pHDqMfix6eWrVrGICMvXQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzWGNtWmREZ0Z3R2V6U0xU
|
||||
dlhLKzhRRkJlV3BvUHJVazNMYjZTOXQ3dnlVClk2V08yYkVHNU5qYXo0ZmVhdVZB
|
||||
cG1XWTd2V2xjUFZESktZbU5NWnU2TG8KLS0tIDdoeHA5WktCSXZsOWp3a2VIMTlw
|
||||
bmFqTHZRQ0ZrcERWVlBmb3hCTnhYQVEKLKJ6r3t6YZmq5U0ncsepBjbxD6DtEjly
|
||||
++ayk7xxfFKi9XgaMItDAXC3/dldPg2fS8kjbRlXzq2TQPOhweWm/Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzcGF2Zjl6aGl2azRKRE5p
|
||||
ZmdLWWk5WWcxM0FkdUlpNTYvUW54ZFQxMEYwCnY0YnA3N0JhQTU5eXltUEFkZDla
|
||||
T3hBQThKUFJqUy9pdGJKYnNDYnRwQ3MKLS0tIHRRODc0OWl6MzhvZUtndUtLUW9l
|
||||
RktMK3ZQOHJLd1M0aHJadGk3Y2krQ2MKQDDFKPzL4/2l+MepcvQpx5UHPeVXU2tJ
|
||||
6cl6BJ2/mZAbp2136W6/JwpE8lTkk0WUyT7/s//RjO57F3qPXZxA7A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-04-08T02:00:29Z"
|
||||
mac: ENC[AES256_GCM,data:2rsGhSOFbqv8GdvQzL6ieXqq5sIs46ojdgal8BiWNBZfV7oadubWIaB0rLdjpeiaqvjQLICyUekc/JiXhXG7mO1jhTlIkjP9TDbszbNB4cwuf1H06DN4DrkxeboF0X0vytCZ8AQFVwjbD1ghGvd0CmDgtCSHzaHzZ6iDBeey+zo=,iv:e/bty/8FnMcG7NOoiFi4zRTwKGI4iiDsaK6JVfEqfpo=,tag:C3GIgRanRUkQ2Lxb/wML1g==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
|
@ -1,59 +0,0 @@
|
|||
services:
|
||||
sonarr:
|
||||
env: ENC[AES256_GCM,data:Lg92wQkiBY5gBZ2+ckLs7EBPo/0fEwqhEvnWcnU5quUMNlJeWnjWFqU8qu1TaW0Vmux/A/QgIJAiYgWnbQuD9benOR2swkt4+DazSeC+35VQOTbegVDrH4wiJikTHTtoKpgSKHLBQAy113jaDL/RBFRpsSjsXEsGGu+G+GZ1MFcW5hRbYam1o62NqOAG66efcIGXv8T+sD0ouLcN2g9ZjU2QqUqJqsGBtg1d0SIVj9bNW2vUHHmMtIQBTxfR6S5V3tzqjP2EfzaT/gDSPPJg,iv:e9/vpvTFDixP07fVXutIhJcAg8Qb9d7fVJNmn+XhMjU=,tag:7MAF0kHvcf5VDUMCpJATVA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvYTlNSGpIclBoWVlWWDBz
|
||||
ckVZQWdndVBreDRXV3k1UDhxR0Y4R1J5blNBCmh0RmtwbzMrcGxLL1FoQVBjSVUy
|
||||
QUxPUXJmaFYxRXFFb0lTQ2JHd3M3aFUKLS0tIEZ6UWJOVXp1VE1XTnhzQVhGT2RS
|
||||
MVhTTE1JbU5rZnZjUFI2NDNkRUEvY0EKxglGGpDa8xY9w9VKayRF2Oqjv+UhDiLY
|
||||
3uPQWLasVcQviZE7AqG5n8azLTaX5DEoAOVFDCnhJYjU9NatXhcutw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkdU84WkVMVWl2UXQ2WHN3
|
||||
ZE1IbENMU0JlN0pPMTZSeHFPdW5mN1NhcUVRCkovcEJSNm9FWU9LdWk2aWRMbzJO
|
||||
b3VoM0F5VWxSU2I1UU9lblMreXNvcjQKLS0tIG9hSVk4RzRzbVgyektXQ1lkcGF6
|
||||
Q1FLdWZGOUFqWm9Hc0NDVUFFczlXYXcKxxWKSOrDUGld40zvDzsmMBOAexWoijDN
|
||||
tBxJteEnSbTd+s93MDfuM+axeNR5Ak4+f/pEoLho5xjjn8f/fdlebA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVdGV5ZU1ZSFNvaHpGRUFs
|
||||
cWRkVWlMZUZrbDNLSlJJSUpZVkhKUHI3OVdnCk1pckRmbWJNMkdvOXZscE1sMFcw
|
||||
QktRU0Foa2hNTU9tcUN0UmM0Y0h2TU0KLS0tIDY1c2lVb1Bnd1c0d1Y3NVMrYmVZ
|
||||
UXJFb294d1Bqc3E0SUFjWmFqSjdka28K2cEgMCIxpzGe2Z1rgaWq+rWXKJvfsTi9
|
||||
PFWywF6/E+9Egwrh98FspQAzYP/7zl+N8gjR5Pa+Scx2D2iOizXWfg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKallmeUFQMmRvNFZRbnho
|
||||
SVYzYit2TWFSRnV6dVNjUzlSQ0ZhTEJUNEhjCmFmaEsvMkpPQVZBN0FLVVp1dzgv
|
||||
Ym56YzhwcWdkNlVSbHA4cnQ2T2VVeXMKLS0tIENqdXZCaFNrZVpFVUIrakpsY1ZP
|
||||
QUxPS3lqcTBISnByTXVWcWdtZWYwNXMK8FRzmS0q2l6MWUu0YreaqEnKKW085j4s
|
||||
f1oTHPpErwPLuh3hUciUPFe5Mbm3zSdjBsGyQtxPF6xLtw8dFaDYBA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaTXg2S2R2M2tHYmllUXFZ
|
||||
NkZzcTdRaU5RM29RQkdEQnpNWXowZUFoR3hZCm1TclN2K0FoQktVTzg4YkkyRUhC
|
||||
NXRybXE5Ym1XYjF3cG53RitvK3VTR1kKLS0tIGtkZXFLWmJiRG81M2RyYzdXZUEx
|
||||
M2tqQVZaUmNVbm9YZys0NUNpSk4vN3cKpkL37l/i3VD6zhWHK/ROvcvmCBQfifuw
|
||||
EFYI+F+BTjkoptqIVFCDbATRrqSfOqsYPmEg5lM0e3Oul+vT++e0/g==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-04-06T21:26:23Z"
|
||||
mac: ENC[AES256_GCM,data:ITWKix2aNhXzzzZTvq2sBPXO3Phvr+lS83fSwEbH7FTowD7uScxqAF4PMJ+txAfIpmZiaD5vXIK98YU9HOWRFUoOiYxdwVwfOiX63mB0JKj5jLHHeIe6bMaWfudITlIL9an6YO/qyUww9OVXaxYEmwOJI4W+HnMLbYLf5lGboEo=,iv:i8dddSV2W9FifN+ktwGsaYRRnK4UJtrG7g6LpWPtgu4=,tag:acP4YvJarHLCZUJ3dCFuOQ==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
|
@ -22,6 +22,16 @@ in
|
|||
# Restart dnscrypt when secret changes
|
||||
"system/networking/bind/trux.dev".restartUnits = [ "bind.service" ];
|
||||
};
|
||||
sops.secrets = {
|
||||
|
||||
# configure secret for forwarding rules
|
||||
"system/networking/bind/natallan.com".sopsFile = ./secrets.sops.yaml;
|
||||
"system/networking/bind/natallan.com".mode = "0444"; # This is world-readable but theres nothing security related in the file
|
||||
|
||||
# Restart dnscrypt when secret changes
|
||||
"system/networking/bind/natallan.com".restartUnits = [ "bind.service" ];
|
||||
};
|
||||
|
||||
|
||||
networking.resolvconf.useLocalResolver = mkForce false;
|
||||
|
||||
|
@ -42,13 +52,13 @@ in
|
|||
|
||||
options {
|
||||
listen-on port 5353 { any; };
|
||||
listen-on-v6 port 5353 { ::1; };
|
||||
allow-query { cachenetworks; };
|
||||
blackhole { badnetworks; };
|
||||
forward first;
|
||||
forwarders { 10.8.10.1; };
|
||||
directory "/run/named";
|
||||
pid-file "/run/named/named.pid";
|
||||
listen-on port 5353 { any; };
|
||||
recursion yes;
|
||||
dnssec-validation auto;
|
||||
|
||||
|
@ -89,6 +99,17 @@ in
|
|||
allow-query { any; };
|
||||
|
||||
};
|
||||
zone "natallan.com." {
|
||||
type master;
|
||||
file "${config.sops.secrets."system/networking/bind/natallan.com".path}";
|
||||
allow-transfer {
|
||||
|
||||
};
|
||||
|
||||
allow-query { any; };
|
||||
|
||||
};
|
||||
|
||||
|
||||
'';
|
||||
|
||||
|
|
|
@ -1,60 +1,70 @@
|
|||
system:
|
||||
networking:
|
||||
bind:
|
||||
trux.dev: ENC[ES256_GCM,dt:WI9GxgL94/r05nK10P/jiaKhkqj/uh+svApuANzIwHblIfkygL8oK//G/Mrd7a+uStz4EuoAPb5w6kvcrzKlTAR3YTz3xtVlTHXB8qxmO4UjvzpjCqYZKsiX3O/VSlEs3z2qIPrUIOLKepXpsebQaa2/Gjr/KVTA/9119QfqnDlxcQVnY3hIVr+jEhAMhKrXHJhxKrQ8trl7oiPvD7Ll5N4vZ0lkQcpiGyqMwgy6D9P1L+l4IGwn81JfKzd0BM2vhqGBejoqVQvpF600e8wF+8TbS0u8C9jNlVm8H4id7BOArggmJoAnRsFyD2/unce4Wb2CSJWsv09ETTbvkdsJDOpIE7UMBU5S7JiWTZEhV3HcckIwm1gwc5w0ucGKtKcFLOOcihhByCW3SyV/EU3H3mQJDBVx/skCtVZLApa6MkRgi7WpGusjxGcAj+fqHRNfotgrulZdEEAHp5yxsjMMFgfKyXDyRVKIac+tkLVY/Qx3J3NcPZkc3NPYIX0n0l7TZXSpfMiG7nGzy9VVa9n/YcUrm44+kCWH6/Jx4w259YMLMUMwLC/uJZiIMyLIQZ70bs70zVFbz6ul3ltB3Sl6Svlawu2xdpBAIp8aQvAY6dh3v2beXDnRrSXejmG2RiMm619kZE5k3H0AqIWwk2e/nSjSa3nq7DI7WxetEqJ9t9uOe98KRx+UqxYinS1LS2lvvpWa4RnWSCO/LjKAsKUUGbAoJ0eBDQT2E6fTd7DMtaF8wUU6/2JpVRH+YGPBVjQPRlBi5bb3eZg6AsiFyrCAbC9SgigXUGXG3R2fJHYEFMn0drjSLKQ9LLcnTXnHipYzRp4doCqP97WqUh13S3PeNko5QxBiP7//eapEn7UfrtXqi7M4mxGiGack/WhGdBNmCuNV404VrJnmIZhwo/LgO4m753ubN5s4jtOAVjH+z+9cXGlc0+lsQCWAuna/MkeTrKS0+EdynBxEwSWaqKtvwA6VFlQRCwvwzciqklmXYZRfO5wDEHqtpeWKJ4FGUkUMDYUrU6u7yIdQjaJ7FeXtKjT6UrfWvB3aOZXXNbwYwpG2uNPVj2i4LCzugHiBIbAvw1yw9SX2uiJiQjJ6NSbMyapvcWcmlu+zVqMpxshrxZR6VHjAhA2Cthc9E7rBpq22AcZAGXPnYcGYDpP+bP+1eC23dpusA/7T4D1/4VsGA4Rz1DsYH0flhgBBZ2f0/yHfv5oSsjDUHOAGdRGghDCHUlOCayTnODiXuR9/SQQos1issAKn0I8mgjlNNIsPZ0SbEZNNOAo+0aJpiYwu8qY5ZSxAVJNwxxzOZDjB0PBA32LCT0i0wcIbgIa0sPmKsKpOwsPzbJj21GLD9GGEQhq+XAxgCBFn2Ou9e5k808z5TubLAXWR1RdPzhsp3J2zDwamVcOPW8VyHp9sbgabwrC7DFX/KI8o6ZRzxc0kF1cZl9h4M/7IdYvJ49YAuPqDSFlCeQx8Z5EOtpbTBluSrt6Jqx6fuy0N20DEqzzbB6xWBMQ0A3/b8l0vLSNzUVoZ381YbD679jSnsVjLimd23PRmvGnIZaV94kIHjEOW3MIgaiJJSXECpMiWQEObjBeFG0SJjvyO+ZEkkNA9vvnyJ9dxu16qlKE7yts0lw5Qiljl6akUdgoraPvXrUozdkzzac7HLvJimcoJqSSJkDZhvtzq//ERsRCL9OfDU5Jk7HmgIXzZRCaDq6ZSYxt/ks+x7296YCd2Li6C0DOLHSCAGrFzKAIruUBNInPcaI87IsAM5ji1Bi+h0z5upwYohTOFHtMfF92MZDk/hSgbquenn6LGJYldCTCAswE/YVdN4SHLH0fXL/WyXMsNUYplMBB22MkHXhoJc4yB2UP62piwETDM6pnt1yA1sklHplwuTGSY6CReKecGpqeLQHjdNRa2SZRBOyd4sKb21W+AldSWuCZllnvo8pGi1Ei7U50Ua1aQ6h6nZbi2iPDaxtOUHy0kxaRUTQxrtQ3K7mwMvs4+5gTCphaqc1N6x10ONcDhpDjZFhMV/Y2xzG3LyxMvxaeABCnasPZru3KQWgx+QM+6M+eFmRG5f+E1o+gP42+2+/hP/vXYKiHHDfo/TzarzduupY8s4ogANu3Y4c8d5FvThOzmANvEHLWUzzw2LV/cQK7VWexD4BqPG5PGHfmi73Lp39IE6Xd6j2dtIUYl/aA+a/2wZmP3XAM3hyp8uoEM4Usc6v0zGfIzB8ppDVeeWIdn5av/j/4KNllC/utfDAqIKR/YQbY2asdV59kmS0RCdJvr7yZH3HfMkKlVqsYOntj5Ug5jx8M5i7Nqw41Ltw1Tnr42MvB4CwLbso8ijw3VHsltq3NKBDPpzgt9OwW0k1icz6lySPioegMykCzHNwi+VT46+7Bmvc4be+KulB9exDfoOtcnBH1cwZEvndRdvclOKtib7tyrRS6iyVK2ZPp14U2EQ2gZr/xml9bdj0cXM0j1sIrGP00NXOzAlIUQBJjAVafBbevCoa+4nl65ukL+uoMx46yG+oDFu0ZFiJr26niGv5DoJuKXSgB99GZ/N4ksDf4XZQ+drIh7P0LdmRpepVNh2ytZrO96vI3d64fV7ULyFaT/MKybjnSY0BTWCz2k50YHJCGZJHCefq0F4jN3kt9G3kHrt00in9nkycVF9zCgNZd4qB6Rh2+QZPaFQPgKLE0xTI5nVzGkoPDu+6AZMVcLl7hqB/e+SeoEYD8KaPNzr9aOGXW2dMw13L8hEyTZaWsvYV2PHGrr/8cahsjcN6aZ6Ht8+GUXn7IlPxHsbE+0BoCfEqem4zXZWjJxHqpZMmCoP3yIU355fyQvctipzAwPzLNMrtzo0BVgbpSvyDn0qfhNHRcXcS2uDyiPbYtQVihB/yrUmPKYtySIsG2gR60XuPKju2Ss09LKRQkh80hq1eSCJcZJ7Vlwqa0U0ccnMUEYcm+/2p8Ee1cB07Dpj5TrTYIB0v9WQ4vhNsZiglJzKoOv8uDxv0P2v98P5nyrTIBiOefhs7tL7/fj4YXnSDiFY3NT9gG9wcNNISKp+3SvyB,iv:b+V6/ImnEF+8TO/xmwu1jks9N8QFSPSRRnWbS8gy/8=,tg:WseBC+XsjhQdWjemtJGQ==,type:str]
|
||||
trux.dev: ENC[AES256_GCM,data:YoUfdxTXEtEe9z1aLkfZlX3LeBS0yeZTx+86QkXMQKiBCStmJtjLMW2q0uOmjAYEz3O0iUgwTLyMDEOV6ZQKyvI/kNBFl8S6dSe4dTYwVuNUdyoQq9qmK7GRGRyEwyqT+uSWujFbFXnjKOFDbMEx5McOO0Opt+YI/9QgoBZKgmVgylEF5B0SCsIVVUGXEzgk5r03p63rgTli0+dRY3bh8KonKLykKU17epTdUrp3A/Vogom9JZBxhE9ZHLO6yOv89y/z7zeKT0bzUgGKe9bXSr3swxpYr/FoirW/2YttNmL3pHXbtnAqdsWWdZduacaHO5Ac40z1+8SFce0e/yh8q6/d7Z5uLAY8CBYSVCQkrr2HaV0vwtnlDD26INVgDt7KwnGjazLC9KyjawYYt+TS0ZN7ifVN6nYJU/CQJCv9YzknCXG2HY4CxbGZwFbE6Tjrn2C5JBvBFchmxWBtOQcnktSltmvane3OVje9URtqoTaiF86fsRleb+IJ7mLv/qFJKcVHKDWVOSDYeSzuot/et96Asjc1dhXpEE5J2qqwKHxBkT9T5zDl+3QGIOqt+mkFl0jPh0FTQyTZGj0aZElm/9ll8UtxOmrzi7GijK8e5ltCwtZi7XPulBIIqPxn7pvn/UaDMojFZc8qN2/ND9pG5BNJwyZN0yduymoWnxRoPI4gARYGhLN4tswBImDqQtnTQ1JwTw0infY1WyznpVSkzfSYZC9fZWdcgnfl1z4WEbvGohrVd94mYF8UUwp6XIgDcycqyBbrHs5/8eTS8f5dLfcq7Jn7lBdYHUEu2oa07RjCDfhfHSKV1jpmeie0pWXKdGlaW9zon12jPXvQgP15fmc58mFlgxSCc2LJzyNAj16vUEcfgPMHW7sW9xItOnDvrA7O1VXNtYD2Nuce2bbLz+P0nGLbNarAgUqUSLCU297FVYfJNSW2YSqdbtjogbTkSrXVNRjQLgh1mHMWJfw+huPTKyvijCPSzt6fU+68/aXwWxiXeiSJK66kg1KdWWDUpoRaeeoV8u1JmBXkVAKv2yVhNkZVOEuQoCJ36hiHbGWeXY9cx0E3nNf3J9tJ7iuvb+Tdt8YCqGkuMv11GGNe939ac5iHhOM+yOgk+f+/ndpLtg8Ck2yMJ+0FaI4dkb/q+BFk+ZO+48abq6WTCuxAE9KpDFLSVik890uluYKWigCLSHqT9+xK5OnBsVFmMK2FfGI8OlblVP2tclRghY1cblnbR3YdRbpmfZ/dFIL4MJ4EBJRWYfoQqCoJYQveWdNw3s24iX0JKuiQB7Jjn1R8jWfQBGWtVhbnpDF40F+SSeUOatOVr3Um5F1zwY6CU3Z5EZVWqT1sgumJdmB4CcZzpSYOu0PImRdBT6FsF6vNsBjnB22H79aenRTTEfK7IPFpQEVMCJmlsgXjELKbwSOSA352by2OBuJU0agrbEX5rc0mxsRmNCHwS55e3C6VAYoUPo7q2qzzLZsCgdpll4RKi/WuRlHVXWxKyjVv+W09aYpXXpYHUaptRQeaufXdWcRD/rd4JsHwUtagu/mO89ujTaXblG/x7GbXRgw29t+lLCzKV5AfuMGdhdQShY2tUVH4gP2FX57rD9XRELM/iKawO38kfCxHaNQy7Be/LItaLTCkkBdErrm3SeUr4Boy65tBK5ogG+5hCf+adYJ2jEgFR+/DWslYpyvDB4prX+f0xhkUctCTeiDgMVqyxFvh32vdJ/TQFrbCHkLSK/IZyGQ5bsLB/wOxmjP1UFfo9nxJPvg8TCoIQCY2AUyEZEM0fEMkMfddHkTJJ7KW3PdRmPhKVLDNlWYcqnC205xgF6JOJ8LVOabW6v+eqa8dzn+jqImSzq+T2x6SRFV8GdYReQGeZ6odAATpBwmBFOQ/7066wUzNggQih7BrOY/4LhO876LzG/PqRh9JiI9wOtDFnCa1vg1wUnb7sRhnYN1SlXeSLuTVBqCbrXw99bzpR345fvjuV3PtC4DXXmx1vUsegieN/1+Cosr4Ce+afhqT3+F+cd+geW4Zw8oq2GUDNBQKZAxzQtEjdPhSYmyG4V9uh9pOrADDd2vKtuVG63ZviKvxVcrncNM7c7Jrzip/3zg2D5ae7TvqXSMlEokUwsVHxNBRXV6VBKHY/VCQYfQuZnjRKMLg1BCEOSIotEorHYRRdhldiUHomAHIcFOXL2VpzUM1X9H+UwTdNwXo9lPR5WckmU+jk/CducKAHaD5aRfugt/xogST7/0TtNUz21UUHHqEzrKyRqKCgYKsaHMwcO8tMzaSMpiDo0au9vZ3MWnDne5rD/KYhL9KKpS44C5ClGlgy8X6f1sN3tbNef59Jd/X/e/3hyZ15QSQ8967oUxKPm3Ci/Bg0a7FjugJg2WKhW08mrQfvm8R9nAZFW9sCoYPdYVYmin3OtLn67Yi9/3Fa20WUgA4aBdPWJ61lAOPHIwW/Gr7bJncTQqg7gZ+1s1dn21CIA6RfjdZyK5V9IaOFT6qyc5NoKsB+oXT9853AFa5EbdTdiHvjN2MIBIzunjAyWskiYN6cyJU31lutoxSP3irB4dxskWnii/Pi4EYd30Oq2DXUKaZx1W9ZNN8XTZJMlClWNkyBMjo4am7fxdH5yx+bilHV2dE20x+p5SKCYsuoWjWoNdTGGi5Qff6t66vybDUIFInBIcXUJRi8zPv0tD3eZDdPV5zbminnCRSuY7dvGqCHroPH6qTnPQPf6rWtKMeqiAmhsyZ6kN0f8P4Qpz4KU5MnYHVMdU1aqyxEWlwIJV8Bx5uoIbhNcuY24YuQZZOSMG8LLmyyMeLdV0AlGfmBqi1PjtYViho2NRa2bY5+XnBGfV8xM6RTXADhWItRu2oSHOYTS1vYByVLIFU7E8HMDCVZKSdvJe1TntADDYS51c+ht2/jUbnmYd6RyQ4ShtoHzgJtR0CYQoTliGBKQbVaaoWXL2zfBt9N5CYDdwN+CftKkVBh6bWhlpiHul2Nr/ax0HNq3UsEELz0a5TlwLlYg1P5KVHniZxAXS7VlCvUHX9fbaG9q36wUBzSUYnII6VOdWBMtR1udA8wWVOke4HH83baaG0KVabCRDk/dSWdplDgMdIjI35z/HpIwk0wI/vm5sw0WCb4VLIq7QxGCNqkJaOyJH0Wc6FzFQ59rX6KWLSJoKiD4jqLM8m09RZJAHejyGAB+98nr9B6sa/0oXXDoL//q516xfYjpTxTcN6QxGvt5JdBeupHDnRtgCA/amitDtHqu8sfVvEGdP+EzhbxyWdLx+vltKZZMsLzryf0UMYkaYqayVvjzUdAMzyPw958GSR+zZzTlcsGsfPQSuESEWbrXYxbESkwam4EZeLHSescaIATy3w6AsC/HL/4faSwJysrkCZJZS0CzBdsPM1wzZ1,iv:Za9EQYc9Zzhw28+gTV8BeZOphIrUpODvI71xboNQfv0=,tag:mcJ7+heEmmVl/CwnvQB45A==,type:str]
|
||||
natallan.com: ENC[AES256_GCM,data:nc7QDUtsKlhfXaVc5gktDmvJGmLqAg69hzQZp1l411gvOO6yGrWzIuLJ52kAVKf1CH0Jfd7fzhDQhFRJ0nrnnHi9FHmLBYsAwvWP3wNzV5Fetly1DW6ozCUm6uSbcs46Gu2mxM0ozsIZnCwMO9p87cxAnZLL/jHKPsZ7ADHvDxYK6UsROhbkeCIfZ0dVf/1IH3FjkhfaEAAsZW+KYF8tynzKURHD0EJZWT4su43rf3pk9/fjyv2e1lxM3jx3KPrF1LJqwQhggmenJj9dhbRnxih2/Y5oF4lAmGqyUxJNTfn2yFd1DVaEElcl1DaXIiZ+HyDJH2rXAVE101VuUraJYe6wV1nzo0rziI2ZlTrs6qk2HDeiFmdEDbB5dahkLqDbttEjWJdxwVblDYrI2omKcFsXtQncpwczyZs+r3gSEJfG9PWV+eVzOzp+HLnmt68+mNIbtiSSAanDlvJJXw85XM853Nqxveru9Co4M2SpsM5FhWGK/f4A7tQLUFDUakcx175rYRTo5gpji4RUM47v0Gdd5qddw+/L0ruIXCKv0/f4IJ1seDwfsKlrRrMYSbG3oGbHB0bl/rNWTPlgDeLfR/nDCplsX+U+y5YsPcLLPAhlE9/7cS7CR7nwUWB/vgHVy6NoyiZin06l0Kz5Sh+onckdpYafhHKWqcazmPViMjslY0f6i76HGiZWdi79AqFFZ8nMgFfXqqyUMP4plU/jzn5Sb8mNixpSBtGTXPsAmkDxxpHxusVSAZOMR8MQF30gZ11di5epQbMK/VSkK9p+lHI=,iv:TMhgrwFes8a2tGrwi32emOXdAvGEGJV00cJ1Jl97OrI=,tag:KsTUPg0ykCFs685XOR9Peg==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
zure_kv: []
|
||||
hc_vult: []
|
||||
ge:
|
||||
- recipient: ge1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
||||
enc: |
|
||||
-----BEGIN GE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBocGE4ZGUweDdp0ZFYUdY
|
||||
cDVoOEJrUVdoZ1kyWk91zRNUxTN2JQYVJRCk9QemlMdHRhRGlPakFPYmNEaGV6
|
||||
nd6UVZrdWU3dWQ2SkRpS1c0MWhUMEEKLS0tIFE0eXI3Z3BkeG5ay9VRjdPaFgw
|
||||
dVFrTCtSakxFY0hpRHZmQzNrWis3U3cKsxUYyjRk6Tb7nKAs1pALQJZb2QB9ope
|
||||
c74VLxs/6hl3cLgkD5//20b4TQYpcGq/lbCkeFI5pyU5zKuFHbE0A==
|
||||
-----END GE ENCRYPTED FILE-----
|
||||
- recipient: ge17edew3hg3t5nte5g0505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBETG5pMVlDa2tDTFF5S2lQ
|
||||
V1BFNUU2bjgyT256YjNoMnZ1OWwrc0xmS21BCjcvd0pmbDhBS0gyRXcwUWQvemdi
|
||||
UVIzMDlwWXU3K29qNWRpU2cxbFFKZWMKLS0tIFlIYlhyNmVMZFBqMnRjOXdldVcy
|
||||
NzFGVU43N2EvWVRpaWhzN0p6TzVVeUEKsvZbM38E9MG1jl7RXgK/QE4DPGqqchw7
|
||||
NyKu6TijJUwfw3No7vS+DVZHtILxy/sjtM48T++Txf25+d++J3YY/A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
||||
enc: |
|
||||
-----BEGIN GE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmaFY4SE1BSWxkMEh3U3ZC
|
||||
eGhNb3ExRXgvaHFUYVFyZ3iUSt2ZHRmeXhVCnlUUWdYQzJQUhOS28raFBOcSs2
|
||||
ZlZscnpzNnZIRXB1WHVXRVNJMlFPYjAKLS0tIDRlRGV0S2gwRVA0Wk2V2NLdnQ3
|
||||
NURGaHAreXNTeVJMY0xXUnFPMlcNmcKjSQDxUQMoREdEhyutDC3PXcVRgYXNLsE
|
||||
IvVK+GkthAyPfgYkia/j+tIZIHwI3aXshb9vMkf+4Rl4S4nayPHKw==
|
||||
-----END GE ENCRYPTED FILE-----
|
||||
- recipient: ge1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0V2RKdXpOb2cvYXFyUmtl
|
||||
UFpEeWZFaVVuZEt5QmxFUCsvRHVpdFVWOEJBCnZ5Nk13dzNiWHFmQytGU2lpaUlH
|
||||
a0lYSXArZ3lUeGJWeXVKY05zRTc1aGsKLS0tIDYvNHAxR0lHbTg1Zm9XaXJoSGR1
|
||||
UGsvc0xIU0NUcGhUZmVpN01oTStDUXcKVlKnlqXpB04Ex015ZynOqJUJ3sEiHE8h
|
||||
tN+svpAdCfUgDVpUr8ynPWvW6kfeOh1RtW6Rr1Nl42WeGNsMdk8iNA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
||||
enc: |
|
||||
-----BEGIN GE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOS3UEIxZVZuY0NheHl6NDJT
|
||||
XBjSjZsMUVNNy9nTmwzMWZXdlk1UXFvQlFJCmJrRjcyU1JieitBSDVyTlJZZTZ4
|
||||
ZlA2empwU0tPcjhPcDN5enlkc3BQeTKLS0tIDBhRVh3bXl1QTFTL2UweS9GNmxL
|
||||
SnZWSzJRQXZkN1ByaGpwaTBjL29yQWK9GbYzpqKM52UDqvlBx3JXbkpoRkLt3e
|
||||
WN2gmSAqkQr9c8KMHqjjW61O1MqIAeKY3X/PHiu2cU0Uc+kfv0MEA==
|
||||
-----END GE ENCRYPTED FILE-----
|
||||
- recipient: ge1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkggc
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxNlZ5ZTgyTkZKUXVqMlBy
|
||||
ajUxSEtWTEZLM3BvbHR5YnhzZVBxN1dLL0hBCjdDQnM4WnFzQU5TbUU4cURnbEdX
|
||||
dFhUSlBQNnVyWG9zazIyTk90YlBtbEEKLS0tIEJsOVFqVU96OVptbXBTT21HcEpy
|
||||
Mm1HN2ZtUzl6TnAza08zUG0zVTN4alUKhjafzCDCJw9ZScEBQ+W7ZDdUlT67l0b5
|
||||
dTtSI1YMm8Q9EyxOA4ZH7UYe1b0h2+v2z2bv1J/CUTuzP+N3ksMmYg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
||||
enc: |
|
||||
-----BEGIN GE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvdStRbG5YdGplRkVuUXZn
|
||||
ZFp4Mkh5dnB1GFQ3NrS0xxZHNDUVhem5FCmZNTEVhNmlSYmNDVWp3K1oxT0Ix
|
||||
eDZzZlNSM3hrNlFKd0plUll4QnJucGcKLS0tIEVKdzJUSlQR1ZyZjNVSjc0N0hT
|
||||
QzNIaGVMUnhUR1kxN0FmZzdXN1daaEkKTOflqGPdSzNYRZeltDbkrZ6r++9GAdcL
|
||||
UVV/9mnky4ZGOXkjykPQB6yvHy+g5qhhENre13NlBJNo3XlyFSEoQ==
|
||||
-----END GE ENCRYPTED FILE-----
|
||||
- recipient: ge1j2r8mypw44uvqhfs53424h6fu2rkr5m7sl7rl3zn3xzv9m3dcqp97gw
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMdDFubmJTQjRSeW5YNmk3
|
||||
akN5U1N6T3U5cm5VVkFtcVB5Rkp6NzZQQlNzClBpZlRpTG9MVzU0dElUOUI3MTVR
|
||||
eGdLNjVPTS9QbkNvYnhYWmRvV1RhM1EKLS0tIFNGK04zL3J4TUdmZ3VmOW5qQ3hw
|
||||
QndpUStZUFlBZ3RsZ2V2V3pPQzIwbEUKDtTBG7tMnxwaDvdPGvpw1RNOJwLDL7x8
|
||||
tOY1B3YQbS6Hj43c30NeeGYvFju676h94x+08ePSO4+ihdNMM387gQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
|
||||
enc: |
|
||||
-----BEGIN GE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSTNGR5K2grVTdUTGpwOFdm
|
||||
YmpMMXB2WGNXUzkyK1JDeVFHc1ZhWnN3b0NzCisyd0p5YmlhcFVPVloc3dwbnNJ
|
||||
b1lEY3FWOGl3aldWazV3Y09DbzlbUUKLS0tIFdmZ05TLyt3c0g3ZXNmdkZLVHV4
|
||||
M3lDZW9tUlR2T2NSclh4R3dNSnBoTDQK+53REvxwR6hu+K79TrdyPzyg9Gptt/Sr
|
||||
309zukSR7TLPRM7Hf0dj3VfFqBjJlFmPj7c2dyZ0tNGVhEbRQ==
|
||||
-----END GE ENCRYPTED FILE-----
|
||||
lstmodified: "2024-04-08T01:58:59Z"
|
||||
mc: ENC[ES256_GCM,dt:9/Q43NdE9eP15Z0f4jYOjz5H0nTNrIec1CM0kIzteJg7t9xNTVw6SyKom/tquni+GEr3xEJKVrB/LHPXaiLqG1pK0PrPZR+D0WlAq5hJHAyhgOdQFwyL3mrM0ZZAWo3Bk7VJMsIhjA8WSxi3TfttH8xpHiiyhuebC5a9oo=,iv:L5EObYh8rkQUq8275EFZ35afVmjUeekHyTytm+s0Gt=,tg:lj8BxGoh0vWVQHI9ewsqzA==,type:str]
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjZzJrVXZ0bFE0YndVRDhr
|
||||
WncwTjJ5dHhDVlJXQVpXbEI3QWtZNkZiS0ZzCm5FblhIR0NPZU96R2I4R2V2aCsv
|
||||
SUUxY3greVB5TDJzemRGbkdQdEtZRWcKLS0tIEkrQzRrcGJqOUt1WU1YMGFRTmor
|
||||
Njg3a2xNdEhEbjBKRFFqWUV3MGNkcmcKM+aSG/4FLuM/XsrwGyNYMk3dKr+CJO4z
|
||||
yc0x4LzIGpN1MAMV4YBzKleL6nbv5LZbk17uaGdEe9VSJIM+GIhBLg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1se7am4c5dh35aulf5zt38ymf600hz8gah4eudr9ml4fmr8h2eqxszuel73
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPeWlJeFdlRW5NbFBka0Zt
|
||||
ZWpiZGkxaTlaYW9jWFVSYWUrSTZvK1pyRWd3CnM3OEpFOGtYZWpoa2JibGxGODZS
|
||||
SVI0cWdZaHpKVjBLemF3eENFUTYvNHcKLS0tIFFQNXZwOFQ1KzBMOUxuUUpkT2t0
|
||||
a01TckpGaUFQTWYxN1dlY0MyeEVrcmsKsbvBgFCgyB1IsUQBdg2z2RK1Pqhp4+2G
|
||||
PiYoxl01WOqjR7tR4pyyMwadOGxK7NUJGykYinwdap/DqAGbdKyebg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-04-10T07:58:45Z"
|
||||
mac: ENC[AES256_GCM,data:OcJWd7icGYtZfLZGezGRGvYRfdLWBpgYeUQDBV+wsVwYpFEaXsuuISkj1UeAwSwZsyd3dHbjf23ynkAZqlvd+ThH84bVzwg6U79Jc9ut+QPI7jRE+Us/wz1k3h/jqld34lHT9wPmsyHvy2u066BNonXbZoP2/7vJAlwdqcZU6rU=,iv:jW47SHCpYz6dBGu/MkdKn2xDZo7NC/2HnhWYaqiQO18=,tag:VUTINSn8tsYLp9ARQLXj1A==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
system:
|
||||
networking:
|
||||
#ENC[AES256_GCM,data:TDvdPPvdl3DrEj5qW67F43J++D7V3YzfO6YL3g9P5vGMnC0IZAqETl1YbczJZflq9+RHooTcMbT3kIw/PC7xcC7bxQd0gV6Gk21iUw==,iv:Vy6/Vw5xX5gWttooacsDf5/dDVPW3VKjnpmKGFy+RhA=,tag:/Mitoy6mvym5/xY4dom4QA==,type:comment]
|
||||
#ENC[AES256_GCM,data:qhveeLaM/v48No/13sSjYbqdrdNlAv8fF9ZaQeTIgO3XKjvCbu3RNMmWLzR8tFKrIBn8EAmAN53LG9CIVd7QdXY3J68sHeOHKb9fNw==,iv:D6BSMXhIeBSftqmtlPACN121knQaVLKUYedmKyyA1CY=,tag:XcvdgpMB/72yzgquR9ORkA==,type:comment]
|
||||
cloudflare-dyndns:
|
||||
apiTokenFile: ENC[AES256_GCM,data:q2KbAnezy/pZ80NzrDnkYJqmPpdws+DJR4wSWuZ78yOw53SP7Gec92JO4gQHZfrQNX0W5u8Df0RLc0uiXNnTia17MzWyFpRYiBtZ+jFdwUlqWn1ZzT6whIG8vHKNFEuZxDYy9IhAamtLZrpsmt0JYs6yog==,iv:53k9hR0GxErCk+HjtIaysaZhNt1cYOZbjwvhqKpbatc=,tag:hABkc/jzHErnlpQzkPeavw==,type:str]
|
||||
apiTokenFile: ENC[AES256_GCM,data:PhKfudZaWKI5xPBAk3jMYB2HRieEzjLoDw4cctCYxJshjXVkNfpybkZeNs6rFasXI3KBjZHcP5yC6KA1xDFKZqTqQvhoJGpQqpAQUy2MMgUCblG4MYoz+mHiBiEWKZWZhxikRAODAYeeeuVO70cdZiKLQQ==,iv:AY0vYBSl8Slzms7HLgUz4MrPHk0i6Y9wwRemgyDBsrg=,tag:sBxerSCfqWB2hZ9+WjBjgQ==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -12,50 +12,59 @@ sops:
|
|||
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtcCs0ZGRIaXhUY2kwU2VH
|
||||
Wm9GRXVvM0oySU43UkROUW1MNHlTY3BoN0VRCmNJUjcxbVpTNmxoaXNWckhNMkFP
|
||||
bWR0eGNUVUkwVHBZcVp1Z2Q5OGYwUmcKLS0tIEc4bFp3cXBmR3ZKbEtnTldZeU52
|
||||
TS9aQnp4cUxBRkZmQmVTSk92T3dkUFEKRGWQaqeL++nglVzX1RbbfdhhCMsKB64c
|
||||
EsBkSk/dufQ+VjRFqPOW76SrgIHxR5EbmH4V1R42OBOxEJmwqczRiQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTYys4SllQRGF0Q09HdzUw
|
||||
a0k0YTZTOVRkSFZaK2xZeWpjNDIydVZsNURnCm1pU2lzSzR4bXJqQ04rQkFrdU1y
|
||||
YmUrTHFlWFdWbEN2TVo4RlRCaUFSK1EKLS0tIFNXUFgrSnNMbVA4ZVo4TWE3WS9p
|
||||
UUVHZmpzQ1dGbmVnK2tXQlV3ZXNoWVEKWz8ryyNlZ190FSE/E06IazAdnYer5hgN
|
||||
YgC4Sa4EBXoMpe4UEsyHNknNY+NpJSYq/mAkkJiYxKA4zFW61o+JzQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzRGZNZFp4UjZHV3UxZHFP
|
||||
Wk5vc2NMOEpndkV2aUpicTV6Y1M2aE93N0NVCjQyVVpBSjRWdWFzV2ovcHhPQ3R4
|
||||
bnpxc2habWE2cHFUOE81b2t5cGJHK0EKLS0tIHVtQUVuMFM2RnNBUnMvK3c4eWpO
|
||||
VnltK3pzcUxHRDRPS1VZWlJ2eHd1RTgKl440Bo+xdkcKUDUl6v3OoaJKd+EYkpMh
|
||||
gqGyQeIYDoNA2QC4ekCaCv4RMhkjT1CPIxDZV2KfM87+iB2jJK/G0Q==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoejNQSzdyUkFhSWlrVG9S
|
||||
N1RpNkJQUUwrMWhKK05TWWFwbmlUUnpicUNBCi9nR2N0cWZROHBjWXhKdVFXRGxv
|
||||
WWQycHBsZEF4QnNFRGE2YWpKbUxFSGMKLS0tIDQySU00TVF1UkZXdHpKZUM0dS90
|
||||
Zmx6aHlxYS9TKzZWb2dUZG54OFlVWmsK6dQcFoFQVZA4oR7rJtfxLOA/hCiBUJZJ
|
||||
FqmNsr7ek/iuKfE/s7ZlL0bpHAIKdpCgpxcdW22PDkHJcl7hDTDypw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3ODJXaEZydXltNHZTTnhu
|
||||
ZjNIbXA2S0dYb2NRSUhKUlBYUVlnMUtZWVJZCjg5eVQ1WHM4VEhBcGRSZ1VJWmRU
|
||||
cEd1V3BkK1NkRDN5MUpoU2tGZ2dscFUKLS0tIHNmcUdwdEsweEJwekZQSXF3dXgr
|
||||
SkVnWXdCREdlRVRLdEdlVzdzeDFxelEKqaPpTuDxh/v9vj3nc6VCB6CgCD0rrqIA
|
||||
st3JxRm0DFfjrqqA1urwVvlsMW05QmP8rZTlb3+Uar67Fj7V9niEpg==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBicjZUOGRpb3ozRFZRZ1F6
|
||||
eWxZc3NIY3VOMFp0clhsb29OWFU2UzF2ZUY0Cm0vdDIyZ05rQkd4NTR2Q3pEMlVv
|
||||
ZVV3YVg3bmkyYmdrU3NaY1JGQm1STWMKLS0tIDNYRmZVUm1JR0xjd2c0SGlKK21D
|
||||
VUNJR01URUV0K3R5QzY1dUd5b0tuaGMKmgJGFCVvV4DmQ5Kqf/jViWt3YnCSzeOi
|
||||
RiIpMva+BW5h/7L/6i1WGpwt9yuel1eYr+3lQmjef/POpsTrk5etsw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4bGpJcTdwMDhjSnVzVUov
|
||||
NzluNFJIbnhxQ3dlSXdocldPVkVISVNtejJJCnZjUW4rMXo5RDFWak92ZW9LSVM2
|
||||
akgvT1Q0dnJmd0l6V0JRZUE2Wi9ZY28KLS0tIGo1T3p3YzBvK0s0M3djWFIzNFE1
|
||||
aUlHcWZVV2hQYldDZm1heDNtYUptZGcKaf9F8FQQiliNQzZnuFZ2doolfJ/R/NbZ
|
||||
yExXrqhg2kCQSY0bPoUZKBIrdFRQ2SVJfBn5YThz2XiK7ayBm3wt0w==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJcFRKVjFDcnFvV0VJOHJH
|
||||
YnVEam0zdmtjakR1SlR5V3pBV1pucmNZY3hZCmpXRlNjU2xZVFNSVjJWRlFPZE8x
|
||||
YmxJb0J2d1ppcGlrR2NBaWFwM2NCS0EKLS0tIGpmbkdaWkZBczRzRXlqUFowd2l2
|
||||
UDB4a1JnZDdXcXgybTdIeURnYmFIQzQKGV7Uze0yGx74lYaSe850I+s3rB+h0ezA
|
||||
DqH5SRjtZpmYpJZDppFkIEXcAN2q2At/U9fS1LJdOopYJrSbef8LSg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0S0pVcFlSNVZJSzdHU296
|
||||
RUxmYXZjQW1jRFE5YmhncldUWDFzeng4eFZZClo4MnZqaEdBdXBiUDVQYk1nTTJK
|
||||
bTF6Qy9hbGFZT2g3TFdQREVsVSt6Z0UKLS0tIHNHMThrMTMrSXhDd1dCekxZS3Ro
|
||||
cUhrVWFuVE5QTitrbXNDVzk4TmFaNGMKtxL2Nh2R8RxK6Cme/GEr8ebJUNr+wJYO
|
||||
S8UhoOG07m59GIgyce+IdGKD6rl9Y2LeGDwhnOq+7L8H5l5X+8xqbQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2aHdtajRQeXhEK1JRcWVv
|
||||
SFlBYXB4bkdqbzl6Q0lHS1hJQ0x3dG5mOEQwCnBKZnhLbDFIOTNJSHpkalNVOXdm
|
||||
Ym1DUDU1bWtoSlVEWGFieGxPeTNrMFEKLS0tIENaa0NYVDV1R3VTdUc0b3VXSlhM
|
||||
T3dKVWJhUlZKOG9PNUNTTGE0aU9nd28KPXDHnFPYZkxRadqYyHGQAdWJy4sH4LYz
|
||||
KS5wKZZcK+kyPkQVf3QmB0A+YJc439CFc+t8zZihR1OZeSidCIUwLw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-04-08T01:59:28Z"
|
||||
mac: ENC[AES256_GCM,data:Cd8D58YH+/c2S+ViYnHR+eoEIQ8y8SKPuuUo4dvS78KJeuO33rADlghm9TiPLHH+JaPF52Yle0vsT6EWUJfOy+sE4Q4Esxohnj0mOBc3WM56tK4HMBpl5jDdplstkKzCtGtL8ztdjIB8g6+hcmFvXeHftKP9hPBRBc2yCmAxofM=,iv:C8oR1UW1z9HbbcjjksMyeepxngzVdizogKUVjZkN0ko=,tag:+fXA8NztLKL62NJIp+JJcg==,type:str]
|
||||
- recipient: age1se7am4c5dh35aulf5zt38ymf600hz8gah4eudr9ml4fmr8h2eqxszuel73
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3dXNmTWxJeWN6azdzU2t1
|
||||
TkRzazRCaEYxSTRTakozVFY4THorZW85Qm04CnBEYXRHbFkxck1keU9zOEtuakVz
|
||||
Rzd3RWN3UzJRMU9HRlR1aCtqdzN6MXMKLS0tIDArMzNpNmRVUElhdXdrSVBVQ3dO
|
||||
OUw2dnVzYnJKVjA1cUNxckkrNk0rbWMKEQ9HmXY6BOIlj8nuV4jOxJ091PNkcyaS
|
||||
kW0onE22VurJQH45vVXc5uvVajwVCtNnHK9VwzvneQBOsXu3UB6RpQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-04-10T07:18:45Z"
|
||||
mac: ENC[AES256_GCM,data:IGomSlCiHulZQ9ZkCpQ3dg4E6D4AXHjNwBBYubGCUIfPNU4lMn0pP0scdfXxOXvjX8dYpyDVZDaflIrSVFa9GFzI6ufqU9wziSfAuRBjEiQgrg/zJY8vwHAbladoKsLDRlChh8Yu3K82HBfAoRRKGsNCfY2OhkQCf7pyrubhMY4=,iv:TbW+JvoJz1gC2ElsU6LxQj4ctCUja6TySggGfleGSbU=,tag:XRgiDkOJFPvEw39UDl01EA==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
|
|
|
@ -11,7 +11,6 @@
|
|||
./nfs
|
||||
./nix-serve
|
||||
./bind
|
||||
./arr
|
||||
./homepage
|
||||
|
||||
];
|
||||
}
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
system:
|
||||
networking:
|
||||
dnscrypt-proxy2:
|
||||
forwarding-rules: ENC[AES256_GCM,data:P5GAwlcuUI2hXcJBzAPSQBviqi8z0ccz29sv1bsSx7lkD9isTaurylD07v3tlXFN,iv:lPIbdMpUMzyhnkakw4FSxvHolyNXMVuciwKK7jz9MMY=,tag:0pKhfclkbWbPBJ6/vs5a3w==,type:str]
|
||||
forwarding-rules: ENC[AES256_GCM,data:eGLh6dckR9E13wympTA2faMf6ChW6L2lM0zO/Ea9cIwTndtsbRU3dKh280vkdg==,iv:SS3cj+JkT64pn9anJBPtVHT2cQ5Ag2VLPpLFM1LkGS8=,tag:V/HyhSW/HDXp9LfOSjM4JA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -11,50 +11,59 @@ sops:
|
|||
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiU2V4cmpHZ0hhRUlDNTU4
|
||||
c0FGTGxCTzNTTUJxN2lkZmZQUVlCRFVxZld3ClU2TmpxcHFvR0lZeVUxZ0x1YmFC
|
||||
bFZ4QlQvajNxYTByenlDVXNJb0dGNEEKLS0tIFQvaUhCYnE4MWc1bFZtSlB6cDFq
|
||||
aTJyS2RGWFJTNEd3Rlo3dVN6UjhlUVEKZvaWNTcKkSzLDsQ99S3/d9eQ350QM+e0
|
||||
R19K1QHuljx3vKV+LhnJ+fCUL5bnIhvDCFVnWBWGirVzJNp4iwfuWw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1U1ZEaFZ5K21LMVVCU01l
|
||||
UHYwUVZoMVM5bFZ3d3JXRjA5YUZDajZIbWhZCjRGRitzU1pvc3d3LzNWaXN1NFJE
|
||||
M0RhQVBQVWxoZ2R6bEdHRVFwcDBid0EKLS0tIHJtaVVvd3NCbFFqOTVZY2o2cHNQ
|
||||
aEdiNXZoc3ZiUzFyT0lPV2F1R2JLR1kKMFHEXnH/3qgwtJ8koKMCmSMi4IwtwxW4
|
||||
5kFFGaxQ47CejOJzNnrsOyDCKJtv8+3arzwlhuZSG2558trcvugCaw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnbnR4T1d4M3pKdExGYUZZ
|
||||
Y0R4WVNLZnZJTmhqVW4vSzJwZjkxdk92N3lNCk9iWmJNZHVZVDFINEErRi9JZjBZ
|
||||
MDEyM1Q3cGZDWkUyZEZhaVo3K2FpUjgKLS0tIEhHR0dTak43T3pDcUtvYk02aFZZ
|
||||
M2w2RDV4UmY1Zll5WjdxSWIxZVhVMUUKAvOmavnidng3QxxHaVqQKwq9TMgbusOE
|
||||
SnBx1ShiX0m7ZBLHPzcHuwzEOxYRvpKuV1tVDVbROPfaOYusgIMa+A==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHUmlHNnNrd0E5cFQ4ZTl4
|
||||
ZXJmRGtScW5Nc3M5SHlqbkIxbWlTb2YzSFIwCmZ3a2llTHlITnBwMjc1UDlhRFNn
|
||||
TkRpK0dKSWROTWsybWNGeGpBZWZiK1EKLS0tICtHYmNMV2RaY2llOEJpeDNqV1FT
|
||||
ejh2bTlVVE9QUXNRR3pLN1NCM0VVNUEKdesWjss0MoH6SABH1ZLT1fauZVOJyO8U
|
||||
9mqP/WsE727MhwsodZAnccQ906mm8IGK0LtCUxUhlJGZl+Vw5n4eqg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRaWV0VGZFc0toUXJURURF
|
||||
eDRKMGV6UktYWVRUcFJKVTdiQ3h6LzhlV2tRCjVMZkFqWGZCV1Q5OFBkOW1lWnFj
|
||||
NGFMVXBNbVF4azlUV3dLZFB3aHdnZk0KLS0tIEFObC9ING4wRUtwZXhOS2VRcnR3
|
||||
NnkrVjdGcFE0cGtEY0Vub3Z5R09zVWcKEjgqoO+4n02mwa8idy1FdASqoCkB4Ooe
|
||||
j04tUVa0xufui6gITvO9DBgXbSdni5wbtabZNJ13S3dgWVY4CiDuYw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmNEJwR1ljN1ZwMWt2c3NW
|
||||
QmlPNUNvYTh3QmQzSkJKa3EzMlN5VjZwS2tzClFrQzFYdHN5eXNZOUVWeFZIMkll
|
||||
YzRUcDkvWTVoTHJwSW11dTZJTVZtd2sKLS0tIGRUdGJ0SWJ6RDBjL25qenBWMXQ5
|
||||
Q1pUTlIxSFRiQ0JQb3VzdzBIQTd1RTQKis/oM+GK1zWRlSePma3dAsfOAI7d0HLB
|
||||
RByMVCfQhVcwalWFg5kdSguUkpTX9FFkYKELDMluSyec3APRA6w1UA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6aC9hTTB1enJYcUpiUHZS
|
||||
eENnaEhPL3JIeGp5QmczQ1pSMTRmejZ1L0FNCldzM2FFSm9NaTNGTHVmNTJwVW9F
|
||||
YXIrSGFsWG05U0NXdWg2VUQ1NDVyYWsKLS0tIFQxd2hpMXJRWXhJclFzQjVzZWFI
|
||||
VHdoVHJnNit3OE5mU2YvTjYxSmxkcXcKBips96WiE/NI7GWZVUOzdJSTIyoG4U4R
|
||||
haVYaHJJ1xW/E7WqJKn/E+wiMHFNcQJFOi6/JkWGLCkEE5tDLSDibw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1Y21VVmUyaS9DUkNTM0N5
|
||||
S1kxdGR3MDBRM1kxcHc1UWRxSnhzY2h3L0FZCjY4S24vQS83Z2V6aGRVV0UwSUpY
|
||||
ZG1mYzF0MXVUOC9HNXNFRzRZb3VwQ2cKLS0tIEdUSy8zSHNrN0s1SUt3anE4eGwr
|
||||
VzM4eExndDIyeVdRVFIza25xcVlJd28KSsMwl6kWUiA/1euqHhuicwrhApVBs/zb
|
||||
lf5ez4x8FDiZKY+fyhJRSrZnW607d48OegIjZrslJLSU2EBqt+ZHXg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVY0pEaVR5NWMzR29YQUFY
|
||||
R1p2ZFdEaVN1NXYzMW9oR3V2aXJxdDR2QlFvCmxsVDBCQUZnRllvY3NEMm1DQXpj
|
||||
aDRCZjlnM0xZaVpTVlpXd08wU1VIR3cKLS0tIHo5TGNmMXZHSXpYQW5ITHpwTWJE
|
||||
a1hDZXkxSG9FR0laYW9nZXFnN0NyUUUKa9dtMzPzZqWi1Z6gBxOh355Om8865AT5
|
||||
j0SjD1Zl00RvaC6mZQrhOB6Aq+eYHe3w29jkmkAGvIHXH8p1fNt8Hg==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCWG9HNSswN3RiYk9KcW5S
|
||||
dGNpWXcvZXNsVmR2dmtOZjRTL09DVmw4ekVzCmhwZVh5M0hHMW9VM0tDZnp6bUVO
|
||||
TFdyeVVqaldqdlk2Uk1vbCtMbXlZSkkKLS0tIE4vWGhaOUZZbWRlZkRtWXJkOXMv
|
||||
TCtaeERmVWpXNlFLS2pTNVZVK1Y3NFEKV5keoMVWpjC6H9enpcNwOb1kraWlKAJD
|
||||
E9qoFk70o4LOJbp+WauuNw8I6/WIxgKxUr4xN4Uj/WN+/IG3NtssZw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-04-06T05:12:13Z"
|
||||
mac: ENC[AES256_GCM,data:JVJ58TeYh66P6PuhSeCAZpXS5tu4H33rG5GZcJYorhT8Bldn72CTo9AhyhNzVHhfK1fIPI6VLyQM5rBUxBQVHWufx8hnYDrhBQdR9d3po8KKnyfpNgYS0rhifYyon5GUl4BW89RaD45+ZbrE1kIsqCYwwim/bcVYqXuRh1CGYeA=,iv:lRU08rccGMH5ykhSE8bREkog4ftXUporCj+YMsOmUN8=,tag:tIekpP6QIp1Ce2s4a2qO8Q==,type:str]
|
||||
- recipient: age1se7am4c5dh35aulf5zt38ymf600hz8gah4eudr9ml4fmr8h2eqxszuel73
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3K05kM2M4NU9vRTVGQWpO
|
||||
SWRWckhyTmxaTSttNHRFbVJyZkF6ZldzVkRRCklIekxYZW8wNWtlOER6d24yM1NE
|
||||
R1U0WExrbU5QbEhoZXp4c0xLT3ZuNFEKLS0tIGZrN1JiR1RRajB2MEhYb3FMZlcr
|
||||
MXhHSlRORktTMlZKenpKOUpQeWd2ZDQKluaK9G++4UbKZZ+eesZd+7j+uZ3VEsOm
|
||||
FPEUQJnnxNCou2t2CoDNwm9u4xyQJXBW2Au6ucJx9noLpjvuB/NZUw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-04-10T07:18:45Z"
|
||||
mac: ENC[AES256_GCM,data:rOSRK5QlwvURaliwEeowRNJfQRnvj0cuu6TPvmtSpcX4BBuqZ9zItmXm6aGPVAJaRgEznRVjdA9yLRDU8p/bwZckeyaR0Z5Sf7N9e9Gq9NaX1goT190wIADy1pHnCbf2nroNao38M8AH+REwJ21yWLAfSf26i6YTJgQFgmypEFQ=,iv:7pyXsGJmWgU9l4jSzPqYNgzNzvIjDT2jy238QE6UghU=,tag:dq5mNG0Qr0380vfhDGWjsg==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
system:
|
||||
mail:
|
||||
maddy:
|
||||
envFile: ENC[AES256_GCM,data:9WbOJfLkcobfnZJBOVqMaw8UNCH7kwXz5Cle5PHEUSLMAtrUKXTEmjkD+nYZK1sdf0fueGxNTxS20f+W+rRBRDMGT3VpJtdFAizt3vprkV/n4y5X/qHtu4y9WmnkfjHfHsJyt2h3DkmD/IV5p21VU3dc+rFGeiFza9jar2WhlrDLRAA=,iv:3Cw9JBiHlmFq2oMHyUQn88fxHifimdOjn69EcRnP1Zg=,tag:I+1hs8C8WbEr+w6aye1Kxw==,type:str]
|
||||
envFile: ENC[AES256_GCM,data:g2KPadrCaW/TWvoRc+AbhdJbSgG2FcL+h1k+0FCgzHkQ4dFhIBunFIw0jdPvV8Xou+/gLw7Mogkgg/MMzJzsvUHkosK1TotH8TaKxtJ0VsH0SlDWrOhFUMrt1474/O3iLkS5YK2U9+3r9HIJ2SqnSy6Kp9IZWrh7ttbWvOth5pdfR0g=,iv:rzpBXGhCWzRMkLNhgQaT42exCKfMTJlcSFRFsDz6Jns=,tag:KPypsSSuxgBvf7LAMdudRA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -11,50 +11,59 @@ sops:
|
|||
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4Ri81REp4T2xXZGNZWTRj
|
||||
UmR0ZmlweTQzaGhkTExBWVg2bjhvVXhIQVFRCjM3STlpekJEaU9VM1cvQ2dTa25Q
|
||||
SmhxMW9ENGxRdzdpTS9VZUJQQUx6cEkKLS0tIHV3NDBHbFBuRnM0OFQ3WDd6Tmor
|
||||
dEVUeW00SUdGQTFZSXpiZlkwWCt4SVkKabNchXZ58+lR1EvuOS8131g1OuhlJOiX
|
||||
Co11IqKudC80CM5KKlAmYcgzQNQvHJ+mDJHUG4Da7Q1aSBvu7nO/4w==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5c1FCWWlsTzg0NHdKOHEw
|
||||
SENVRzlKL21DWFZ5SlV0ZDVNSmgxSEV2K0M0CmVlSjR5OW45VVp4Sm1LV2J0bTYv
|
||||
SWl2cWEwTzBXZG9FdGkrVnFDQnIzcTAKLS0tIEJnendjTmRGZis0eEI4MHJtNkpY
|
||||
aUpEeW1xWTI2RVJza09DU2lhdzcwWlUKdZjovENidw2gsdhrwd2CfBVW8Sghx2x9
|
||||
oZCM5u6089go+wQuhyURhyG8ZFSwAylA65VPTH9mm9hpV7AMSbS6Bw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqTlZJNHpvcXorR29iWW83
|
||||
REVMUXBXSENia0ovcldKS2dxUGdyYTJ0akZZCjAxS1RyeTZ4SStyeWdoOVlRT1NF
|
||||
UE8wMFZwRGhIUkxKTVd4ZHdmeTArMlUKLS0tICtBdk8xd01zT2pNdjE5d292bjJu
|
||||
NENlVVV1SWpWWDJ0R3BDR08yUjdISWsKl/57RicdIvCDEfa2tgfJgWG+H0Iokx0T
|
||||
5fOtsbLFx79pHGiuOaUMBXL9LuEAcoIpTJrK8XrythIIfPQNST0P+w==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqOUs0ejBMN0YyVjR4Q3cz
|
||||
YnhLZ1d5Sk1tbnRMWmZlR01zY0owaWlaeEMwCjlKZ09pSjdob1NKL2FuRzlXTkdq
|
||||
a0c4YjhGZytHTERvaWg2bEZCQjNiL0EKLS0tIGttdDE4VG0xYUEzc0pOM25ZVXBi
|
||||
ZnZ6TzBjeXdGSnVsTktGN0k3WkJsOWsKg6vWDZA9fScS2Vw5Iz+jt9TcUMK/K8/G
|
||||
/Y+SYNoRP90Iov6idl4LJugsRRjY3X+AjAy+ThHEzanIFMOUSkdQ+g==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1ME53U3RUb3pKdDNhTm5o
|
||||
eWRDWDZGVGJPVWIvSnpQUkRRcXdVclppMFFzCjF4YVpRS1dCYk1VQi9FYmJuc2VI
|
||||
YUJrNWRTaE5UWm9OWVJ2UzJDaE9jVjAKLS0tIE0zWmFmSlhGN241QVJoUWpqTUpu
|
||||
dmN6ZWs1THZ4bWViK2dJeTh2Q1dnQ2cKg7BQoyElsRF3Udx1aHLSK+dGVcyZUnLe
|
||||
+4inhxJj07J0rfIhME5hY0FDf4z6uJ4VhmQOoDSL82FML5GGBrS79A==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlUVNxQldIaXk2WU5hR2RF
|
||||
R1Q2QnJIY1JLcDE4QWZjeHdBQlRHZE9BTHhnCkhZQkppWHIxR1N4MGFVWjNlbk11
|
||||
UldBMllITk1Tekl4MVY0MXpQT092cG8KLS0tIDRaYVdwT3VYRHJzVVlueW8xL3hQ
|
||||
UGU5SGJVSU50OW1OS3hRRGNKSnI0WjgKR22yT/87dDaUnUn5p66Mp/sAkaFofHJ4
|
||||
k9tYGeZ0ASqRG0FMOZO6er41M6MzBt66jDxnkeJsa8ZW/qa4tx4MCA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBNTE1ZjJlVzNSMm8zZzRZ
|
||||
alNBaGFSOHRxWE9LdHI3azFienk1OTRnTURZCjU4enpTcHFlOXBzalZqbGFXQXB6
|
||||
c3FON0FsQStDOUtaQm1xNVBIWWdiMTAKLS0tICt5MVBDNGJGMVhBaWhRUW5LeWsw
|
||||
VExYT3BiNThraEM2Y0EvdGFDUU9OZW8K8feLH4aFtQB+AypdriaS6HyX2T/Ziz/E
|
||||
7vROXS8BoU60RXcCcUE8v8HnrZ+eslWgR91Jw1Uvc0j1jqm5+A2yDw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKSU55S1B1QXl5UElqbHRX
|
||||
WmVMcFNOZXVjVDhzeTRJVWJUV2JVeUhqc0RFCjJYT2wyem45Vlh1WkpTR3BsSnVt
|
||||
T0VxbEExVGlySENJQXVSRmZXMDAzZnMKLS0tIFpLZHJQekdGRTZrYys2cXlVTmVv
|
||||
RElIUFZURktLd2trcnRKVXArV0pkQUUKXwaXOUQWDqJhtgIKz0wwTIyh9bED87mm
|
||||
E/0dYsbdMcpguk3FRT4g3mcuU2w4b57l/0pcGWui1QwHWsA3X/tkJA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCUUFUQXBvVkN5aVB4cGhG
|
||||
Q3Z0RFc1ajJCbEhWUWVKVCtRTGs5NVRDaDNZCmVXbldRbm5CT0tQZDhXei9IQ0E3
|
||||
YS8rTnNsQkVtU3NTWnNCUEx2U1grT2MKLS0tIEVlaFlieGVWQ3hnWWQzMElaeG4z
|
||||
NWRYMDhnNURKUldQUzhhNXR4MC93OVEKrm6N5Nvr0ywLwzT24eTSlKotBuE2u+2O
|
||||
7EXddIRuKEg1Lc0DporbE1eXAehKSofp10pmzXfLlp6dF82asIro9Q==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2R0VlSGRuK2g2d0xUODFq
|
||||
YVBCU0tqaG96Z1RhSWJ5KzAxcGtPeDc2UTNnClVtb0NnazJuZFhFdzhoVzY2cXcw
|
||||
a3k0c0s5OVRPeFQzazcyTjVXVG4ySjgKLS0tIFVlSU1QUlRPSFcvcDVBNWo1b0cv
|
||||
QS9jZWNuYlE4U3FhTmNWZFNvT3lzZkkKsQDEqNUUUcNXKvAip9a0SSEIVglgHrmI
|
||||
qvfv8dGMxmh55RYJ6+jOypMhwD2HcIqBBUvSUIAW31K0k9SqmrNx8g==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-04-08T01:59:36Z"
|
||||
mac: ENC[AES256_GCM,data:GtTLqVnxurgGZNIXBNJ0P+huf24hwVOzabFJUZ+E8vBfV3sebV/V20K/rPKX84USpAh+7D59x8iVI5ZsBZEpAPXemYkDQk/6qfeGso514prPS8HqjQJxQ0NHqC7bv16/b5WltJEGjL+AkpJLJnWdBSzO7x7LgVMKtnpc+r3qm3Q=,iv:lbZ8OQS5MdSwj1Usag6UUR+4Yo51d2lglSknWH0UD5s=,tag:lZFGSPWrnJLIX5EqLTxYdw==,type:str]
|
||||
- recipient: age1se7am4c5dh35aulf5zt38ymf600hz8gah4eudr9ml4fmr8h2eqxszuel73
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArZlhXY1ZReloxODlRWVdr
|
||||
SFh5eDhWS0pGV0xYcGxicHhFZ0JxUkF4RkVRCmRhaGl0ZktiY3ZKSm1uTS9VWFFQ
|
||||
Z2Q3V1lKNldHaVUxWC9rUS9scFB3UncKLS0tIGJ3NnZUNnhxWjRseTdGQW9oakhj
|
||||
SkZnMHhDRENkSExNWkFKUU9XOTVQb0UKzCbZsDqSwbtHRkKH7oXOITHJ5LHU3pzp
|
||||
7pEsBGmhk8PyNHlaJlAWXunqBW+zD7tuhJgH+hSA/Wr46y2Hck5P1Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-04-10T07:18:45Z"
|
||||
mac: ENC[AES256_GCM,data:5of7TtrBQXrreK6yxAZ4zddm0byWbAyvWmJSDQ1LC7GmIxJOWHeY0Mvy/oUqioz5HbEjQIt84ftQLpPeJHed3qfsqujV4lXWyb66R+lXw9JvkCx02KgM3Jli82etjv91EzPv1HolfSv6e6pQd6xjhpPQTGucp4Ombu4PvzU9Q3Y=,iv:JINmbJloNXcF503e6Iwvp8+zrjfXTmRBNXX8KPqIDo4=,tag:zo8IjbFb5zsNVi0sCfhNKw==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
|
|
|
@ -35,12 +35,11 @@ in
|
|||
|
||||
# extra user for containers
|
||||
users.users.kah = {
|
||||
|
||||
uid = 568;
|
||||
group = "kah";
|
||||
|
||||
};
|
||||
users.groups.kah = { };
|
||||
users.users.truxnell.extraGroups = [ "kah" ];
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
@ -11,17 +11,34 @@ in
|
|||
{
|
||||
options.mySystem.services.traefik.enable = mkEnableOption "Traefik reverse proxy";
|
||||
|
||||
# TODO add to homepage
|
||||
# modules.homepage.infrastructure-services = [{
|
||||
# Traefik = {
|
||||
# icon = "traefik.svg";
|
||||
# description = "Reverse proxy";
|
||||
# href = "https://traefik.dhupar.xyz:444";
|
||||
# };
|
||||
# }];
|
||||
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
lib.mySystem.mkTraefikLabels = options: (
|
||||
let
|
||||
inherit (options) name;
|
||||
subdomain = if builtins.hasAttr "subdomain" options then options.subdomain else options.name;
|
||||
# created if port is specified
|
||||
service = if builtins.hasAttr "service" options then options.service else options.name;
|
||||
middleware = if builtins.hasAttr "middleware" options then options.middleware else "local-ip-only@file";
|
||||
in
|
||||
{
|
||||
"traefik.enable" = "true";
|
||||
"traefik.http.routers.${name}.rule" = "Host(`${options.name}.${config.networking.domain}`)";
|
||||
"traefik.http.routers.${name}.entrypoints" = "websecure";
|
||||
"traefik.http.routers.${name}.middlewares" = "${middleware}";
|
||||
} // lib.attrsets.optionalAttrs (builtins.hasAttr "port" options) {
|
||||
"traefik.http.routers.${name}.service" = service;
|
||||
"traefik.http.services.${service}.loadbalancer.server.port" = "${builtins.toString options.port}";
|
||||
} // lib.attrsets.optionalAttrs (builtins.hasAttr "scheme" options) {
|
||||
"traefik.http.routers.${name}.service" = service;
|
||||
"traefik.http.services.${service}.loadbalancer.server.scheme" = "${options.scheme}";
|
||||
} // lib.attrsets.optionalAttrs (builtins.hasAttr "service" options) {
|
||||
"traefik.http.routers.${name}.service" = service;
|
||||
}
|
||||
);
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
|
||||
sops.secrets."system/services/traefik/apiTokenFile".sopsFile = ./secrets.sops.yaml;
|
||||
|
@ -35,6 +52,9 @@ in
|
|||
];
|
||||
};
|
||||
|
||||
# add user to group to view files/storage
|
||||
users.users.truxnell.extraGroups = [ config.services.traefik.group ];
|
||||
|
||||
services.traefik = {
|
||||
enable = true;
|
||||
group = "podman"; # podman backend, required to access socket
|
||||
|
@ -95,7 +115,7 @@ in
|
|||
|
||||
http.middlewares = {
|
||||
# Whitelist local network and VPN addresses
|
||||
local-only.ipWhiteList.sourceRange = [
|
||||
local-ip-only.ipWhiteList.sourceRange = [
|
||||
"127.0.0.1/32" # localhost
|
||||
"192.168.0.0/16" # RFC1918
|
||||
"10.0.0.0/8" # RFC1918
|
||||
|
@ -158,13 +178,35 @@ in
|
|||
main = "${config.networking.domain}";
|
||||
sans = "*.${config.networking.domain}";
|
||||
}];
|
||||
middlewares = "local-only@file";
|
||||
middlewares = "local-ip-only@file";
|
||||
service = "api@internal";
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
};
|
||||
};
|
||||
|
||||
mySystem.services.homepage.infrastructure-services = [
|
||||
{
|
||||
Traefik = {
|
||||
icon = "traefik.png";
|
||||
href = "https://traefik.${config.networking.domain}/dashboard/";
|
||||
description = "Reverse Proxy";
|
||||
widget = {
|
||||
type = "traefik";
|
||||
url = "https://traefik.${config.networking.domain}";
|
||||
};
|
||||
};
|
||||
}
|
||||
];
|
||||
|
||||
mySystem.services.gatus.monitors = mkIf config.mySystem.services.gatus.enable [{
|
||||
|
||||
name = "traefik";
|
||||
group = "infrastructure";
|
||||
url = "https://traefik.${config.networking.domain}";
|
||||
interval = "30s";
|
||||
conditions = [ "[CONNECTED] == true" ];
|
||||
}];
|
||||
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
system:
|
||||
services:
|
||||
#ENC[AES256_GCM,data:L5ZUZZoFkMaTErRqwkG03SVET5x6AVL+4OvX6ukQlvFX+P9ICYY6lDGDmJARUXDm2yW6hllqA2FxoteFXT5LEikraLywI5jGDgQMGw==,iv:fHYZ9LBvFVT24xeN7HSjlNhFse/MIhb6/3XCUbdCppA=,tag:tq+MbSt+jhvNJfdpuQ5ddg==,type:comment]
|
||||
#ENC[AES256_GCM,data:VQrWiLlHkqKk80oZqXVyLJt8JBaLIoqKr7tGlXxaRD4Dny8/ZlOy6qw4Bdj6vEUmawBDlHEK+sn93+XnmwzHgnWtUdzgzbAklBSnoA==,iv:Pq3DN3+iWW4mnFSiRhqo+SI3HNZoqjvsuQYaPXKYTZg=,tag:G0yjrWrpnHBn/TB+HUEL3Q==,type:comment]
|
||||
traefik:
|
||||
apiTokenFile: ENC[AES256_GCM,data:hVIUCHU/AU6SOGt7JEVYuE55LlT7AhSuRpkCEWrsKxhy0K5jRZhYb4G30sXrOv80gb8T82ItYjpi5ytckGq325A4Uzn2dYQ4P9sv1uRxrcJrSOuMvpeWnijT33wbxn/fcg==,iv:5065MjT63rYvx/+ivfVha/+VxaTaHicfmshPI/9qfYw=,tag:S7t/Fr5R30lwO3KvuDjHWw==,type:str]
|
||||
apiTokenFile: ENC[AES256_GCM,data:ja9KJ7/jhEJnEyI7Nj/9CtnP+VOP0Xpv2ZSmxAvHcRhcE3JG4NSHN1YgxzbzCwa0xvy1vMf4Qw0R/zHbmdgytgzBPuWHoML+GJndY6LDJlihda5gXG909KWOTuTIbuGqvw==,iv:zmDwzHpYdpBuhEHieJxiSRSkHWaHgshysaJkbGGpMzM=,tag:QErXZHxZKPsWhuJProt0Tg==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -12,50 +12,59 @@ sops:
|
|||
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLbVBCZGdUU3dJR0VXMUQ2
|
||||
ZUhYcEZkYVBRZkxteGkzaXdDNUVzNjdFUWxrCkgwcXZYZlZ2Wk1KbDg2VGpmZXQ5
|
||||
K3ZxR21FZGpJWFpSakltdzN6MUh0b28KLS0tIHRDK2dKQ1Q0UGpBM2oyYzhuSGo2
|
||||
TWFTYnpYbDZPeUVtbTdXNm84RFJoaDQKFB0HX9yJ6D5jQRd8qUsLUy4ZcweYv1Qh
|
||||
BJlQJOlMi+OliSiWOPsI8L8SJSTWJvy6ZX/LcebuQ0tlXeNd3HYAQQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIVHcyRjRJZW9ZQlZBa3py
|
||||
djV5THprVjhPT3JGT1Z0MjhkNlFKdFZnNFhjCkpmUVhGTmlyQXJVOExxQ2ZaNjEx
|
||||
TllocWNOSjBmVUtCblNUb3V3TkVuSWcKLS0tIDh6T1FKZmx6K1dWZEVlMUU3S2RC
|
||||
MG10QTAzU2l2azg2Tlh5L0dxRG1aQ0kKED5IgaOfb4rBbfpd2XzCbzF7wXyNj+6T
|
||||
VYYAnxILFNm0FcqeV9sCva40KidCBGL9FRaURJLOIK6Nl8vtGO61Ew==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBTXp6aExQTVh4OFVKV1Nz
|
||||
UU0zbEJnR3Nvb256TllyYXg4OTVOektoSURnCllWZUpwc3ZObjlWT0YyLzRiQ0dM
|
||||
Sy9GSCtsTkZyVkJ1dDJnbmh2ZHdrZG8KLS0tIDRPakxzRWt6ckRzZzVZQzN6RVlU
|
||||
MEhwbFpIK3hTeGttS0x3Q0dHdHZhNG8KovgKj2k7N/lpGT2j+e1u+3uX3EAMwAwt
|
||||
uHI2LqEtfaMJZQvsP409G4QkEy+o7GJ7N3LpAXFAPvnJbH5/n7WxiA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAybm9lWS9JWXZybnVKR1Q1
|
||||
UDB0djBKdTQ1aFdUM1dScDFFOGMyeGM5Nm53ClpzbVBWZjZydkY4NVVQT3lMK3l5
|
||||
NjRkbHFxZlYvOXBoWGNPVGJQQkxsclUKLS0tIDFiR1IzZEhxbUFSUzV0Qzh3aFBs
|
||||
WFYwa3NsR0VHb2RkQ1JyZnhMR2Rkc1UKi3X1ZzzMzr565t889tCM1duwqu+HlXAS
|
||||
G/4aaaqJr+7TMmjuNIVh2o19XNv0SquW1RWbv1dJ7fc4maXnaJBxSw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCZjFiSDIzMVVNMmk3ZlBn
|
||||
SFFpbE10Q0ZZMlhGbElMTURjeDFhUmlnNmdrCk55ZHY0Y3o2SGtaM2ZOTE5QOFo1
|
||||
WVdEWGtzWTIxbWtXMmF5V3JvVjBpVFEKLS0tIEtVMldydlRvdHJLYzVnQy9kUnNZ
|
||||
OHJUSlBlQ3Rhb1RYUVNQSWNLWU5NOGcKEHjjav+ACT+HQ9haoMfRei7cAOPugMDs
|
||||
JsSRPWnVBYPx+9AxDY030Aw6vMw9+rFSuCp3PMH4mNbCcCucaIWWSA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxUVBUMmp1NVNsRldvS0Ns
|
||||
Vk9Sd1JzS1REdGMxMWNaNnNEWVpCWVFIY0dFCjlLc0w0T01Oc0RUTXQ2eFNjMjBF
|
||||
ZGFjOHc0czREcTF5L1QvWWc1TWpxK28KLS0tIHpHUnlhbC9SbTEzUGtNQ2U1aXk4
|
||||
bFZQbm1HYTRoUlFrVVdRcUt1Sk83eTAKhtrNaITlaCSJaIlN93SwsTIX6IoKtO0W
|
||||
2rJWmtVzZ2gpgBpqGUS+do/mJ09ltmsz0dc9/wbSTNgVKC+kcef0Cg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzQWhCM2dpZDFkVVE4SVJq
|
||||
SXY1ZVh2ZWlDRnN4d2hsREpwU0tYMmpKK0hzCmhkSllSM0NGdHZiV0o4dWVac2Ft
|
||||
Y01nUlBKUHg4eE1YZWZlU29Vd2lEelEKLS0tIG9DdmdoaWVBMTJ2WnBnWXI5d1ZX
|
||||
VGtCSTdPcDZHeVdUL1Z6S3hoUE9IR2sK8WyNXZDiJG3ox+nBcwTXdn3fmd4kS2z/
|
||||
aUV6ql3vLdsu3/BxLq3v00AXXYNOnWmVrUxTJ9Lv1j0FM5Gh5LupQw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTZkpjNm1nbm5nR3V3RFhy
|
||||
WTIrMjZOMHozS0JiNHZGZFRQa0Q3aDhGeldnCmtmUC9NSFFsdnozOGZuR1hyWU5Z
|
||||
b0t4Y3lyNVVodWxPaXlYandkYXlON0UKLS0tIGNrR1dmSU1LNS91d09GbkdmZkFj
|
||||
S2lxSGlNWHltUFhaQ1lRQ01aalNPWDgKmRpcodDVgO9Rb2zpRKmIUaS00FoAyCif
|
||||
izDG6Tcsf4fa4wnMVwKBRnmJHJ8OTyDThk5RIv96ZlAVrZJAn7p77w==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVdU9TeFlSUWZISytBTnNn
|
||||
RWlITURiQnY2Ni9LMWZ4R0pBWDJmaHpTZDJ3ClVackV1UHNYUXFmeUliT0h1aHNR
|
||||
S0M4NWg0NkYrL2V4NXlIUDJ6RE8rODgKLS0tIGEwdGpxNVNtVDc0M0k1ejl1ZmFX
|
||||
c2VQSk53WEFoTFdFUTM3eWNVamxwNTgKBYqQy+ILW9MdRPDgRBVw8sOyYF40rhYz
|
||||
yP+Bu6EBAjJDOP/Ywx6I7u6AmlTRcOtk8PmJ8eo3raP07at+jrXsaw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrVXRjRHV5NStlU2Q4Qzhw
|
||||
ZHBhUzYydlB5TlUzQzJKQ0dtRFZSYTZMNml3CkRqSkRKYWdTWFlJYm9aNlAzdjg0
|
||||
Q2Urc2QzRkV3SG9UZ0U4b0RmcE9qOUEKLS0tIFM0bG1hSWV1bGRUTDBNaWVaOGFk
|
||||
eWFqK2taVTN2aE5yVWQvTXhPQXN0SEEKUtgEBN5hxt+8N0/CuuqrFfTVlb4WGieR
|
||||
Ww8jDkzXsmaYcbTRv0lajyxdTlfhubhDcKSWguP5PzqRC5cdJxXpqg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-04-05T08:20:07Z"
|
||||
mac: ENC[AES256_GCM,data:a/J87IQL0X7XQycpZXWg2otlBe7/W7Ebe0CAKunnyF8Gm9RRMWdECrFeBDtAyVAHl2F6gqlNTyEMsOVE+aR6+xu91rXr332k66SnSQcMOjQ987+r+t3b1hUZ9Cz+qNbtepXaGTuCNQ0JH+o3ezkA1D6BDIvf6S4IRWRT9psOiHI=,iv:2TXiGQDDK2nSTAb+n3baFfng9jDPoe7Ts9Au9dTRclA=,tag:MZFBEcpOmoX0TN33OMoApg==,type:str]
|
||||
- recipient: age1se7am4c5dh35aulf5zt38ymf600hz8gah4eudr9ml4fmr8h2eqxszuel73
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmK2FjbGJkbmFqekUwOFkx
|
||||
d2ZDN2ZZRU5pMENNbjlVRTIrZGlGNEtpanhvClBDbndLcHFTbldlZlZ1aGpHMDFP
|
||||
ZW53Y1pBbGJ6dFR1Y1ZWbU01Q2lKdUUKLS0tIGRoSDdSbmIzSjBEamZIQ2Q4KzBK
|
||||
emttN0Jmak5DU0R1cDlxdmkzL2tQT3cKW/3h9EQnwzw0AvLKv5yPc3boXKcgqFv+
|
||||
rLyBO0sTld1T8JQ5tpw9dX/H8RgKXu+9E2zVdHWkPrnEpRlK11TyRg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-04-10T07:18:45Z"
|
||||
mac: ENC[AES256_GCM,data:mVVRkH+oCh+V/witg8XWh9pfDSOMc3nRCxnyqoE3DVA1XEiX3T7dC9bbJspAUGI+fte19u0FafbswmRUO1K70zfXkRhK4GKDRyAysBmdCZXpcf3IIlEaP/XblR6jHtuEE68hNXfA15SEPk3x3+P5kNBXIQwKl5nPCah7ZOugJao=,iv:uK19ZNnejxWGu5dLKDFLGP6gLZ3GOteWWYsCPkxZ0pU=,tag:1F2eU32hP2dV4ssWQBh4KQ==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
|
|
|
@ -5,5 +5,6 @@
|
|||
./security.nix
|
||||
./systempackages.nix
|
||||
./nix.nix
|
||||
./zfs.nix
|
||||
];
|
||||
}
|
||||
|
|
43
nixos/modules/nixos/system/zfs.nix
Normal file
43
nixos/modules/nixos/system/zfs.nix
Normal file
|
@ -0,0 +1,43 @@
|
|||
{ lib
|
||||
, config
|
||||
, ...
|
||||
}:
|
||||
let
|
||||
cfg = config.mySystem.system.zfs;
|
||||
in
|
||||
with lib;
|
||||
{
|
||||
options.mySystem.system.zfs = {
|
||||
enable = lib.mkEnableOption "zfs";
|
||||
mountPoolsAtBoot = lib.mkOption {
|
||||
type = lib.types.listOf lib.types.str;
|
||||
default = [ ];
|
||||
};
|
||||
impermanenceRollback = lib.mkEnableOption "Rollback root on boot for impermance";
|
||||
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
boot = {
|
||||
supportedFilesystems = [
|
||||
"zfs"
|
||||
];
|
||||
zfs = {
|
||||
forceImportRoot = false;
|
||||
extraPools = cfg.mountPoolsAtBoot;
|
||||
};
|
||||
|
||||
initrd.postDeviceCommands = lib.mkIf cfg.impermanenceRollback (lib.mkAfter ''
|
||||
zfs rollback -r rpool/local/root@blank
|
||||
'');
|
||||
|
||||
};
|
||||
|
||||
services.zfs = {
|
||||
autoScrub.enable = true;
|
||||
trim.enable = true;
|
||||
};
|
||||
|
||||
|
||||
};
|
||||
}
|
|
@ -5,4 +5,5 @@
|
|||
./system.nix
|
||||
./users.nix
|
||||
];
|
||||
|
||||
}
|
||||
|
|
|
@ -15,6 +15,14 @@ with lib;
|
|||
mySystem.services.rebootRequiredCheck.enable = true;
|
||||
mySystem.security.wheelNeedsSudoPassword = false;
|
||||
mySystem.services.cockpit.enable = true;
|
||||
mySystem.services.gatus.monitors = mkIf config.mySystem.services.gatus.enable [{
|
||||
|
||||
name = config.networking.hostName;
|
||||
group = "servers";
|
||||
url = "icmp://${config.networking.hostName}.l.trux.dev";
|
||||
interval = "30s";
|
||||
conditions = [ "[CONNECTED] == true" ];
|
||||
}];
|
||||
|
||||
nix.settings = {
|
||||
# TODO factor out into mySystem
|
||||
|
|
29
shell.nix
29
shell.nix
|
@ -11,17 +11,20 @@
|
|||
in
|
||||
import nixpkgs { inherit system overlays; }
|
||||
, ...
|
||||
}: pkgs.mkShell {
|
||||
# Enable experimental features without having to specify the argument
|
||||
NIX_CONFIG = "experimental-features = nix-command flakes";
|
||||
nativeBuildInputs = with pkgs; [
|
||||
nix
|
||||
home-manager
|
||||
git
|
||||
nil
|
||||
nixpkgs-fmt
|
||||
go-task
|
||||
sops
|
||||
pre-commit
|
||||
];
|
||||
}: {
|
||||
default = pkgs.mkShell {
|
||||
# Enable experimental features without having to specify the argument
|
||||
NIX_CONFIG = "experimental-features = nix-command flakes";
|
||||
nativeBuildInputs = with pkgs; [
|
||||
nix
|
||||
home-manager
|
||||
git
|
||||
nil
|
||||
nixpkgs-fmt
|
||||
go-task
|
||||
sops
|
||||
pre-commit
|
||||
gitleaks
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|
20
zone
Normal file
20
zone
Normal file
|
@ -0,0 +1,20 @@
|
|||
; Make sure to update the epoch time in the SOA records so coreDNS picks up the changes automatically
|
||||
; https://www.epochconverter.com/
|
||||
; you can check this file with the tool 'named-checkzone' from 'bind' package
|
||||
|
||||
; SOA Records
|
||||
$TTL 3600
|
||||
$ORIGIN natallan.com.
|
||||
@ 3600 IN SOA gateway.natallan.com. gateway.natallan.com. (
|
||||
1682790203 ; serial number (epoch timestamp)
|
||||
7200 ; refresh period
|
||||
3600 ; retry period
|
||||
1209600 ; expire time
|
||||
3600 ; minimum ttl
|
||||
)
|
||||
|
||||
; NS Records
|
||||
@ IN NS unifi.l.trux.dev.
|
||||
|
||||
; Metallb
|
||||
hegira IN A 10.8.20.30
|
Reference in a new issue