Feat: containers and helios join the party (#79)
* feat: add * hack * feat: add secrets pre-commit * wip * wip * hacking at gatus * hacking at gatus * wip * wip * hack * hack * hack * hack * feat: gatus doing gatus stuff * hack * guh * hacking * hack * hack * hack * feat: add helios * hack * chore: new hosts reencrypt * Auto lint/format --------- Co-authored-by: Truxnell <9149206+truxnell@users.noreply.github.com> Co-authored-by: truxnell <truxnell@users.noreply.github.com>
This commit is contained in:
parent
b646419432
commit
1554768917
59 changed files with 1833 additions and 567 deletions
2
.gitignore
vendored
2
.gitignore
vendored
|
@ -2,3 +2,5 @@
|
||||||
**/*.tmp.sops.yaml
|
**/*.tmp.sops.yaml
|
||||||
result
|
result
|
||||||
.direnv
|
.direnv
|
||||||
|
**/*.sops.tmp.yaml
|
||||||
|
.kube
|
||||||
|
|
|
@ -26,3 +26,13 @@ repos:
|
||||||
- id: remove-crlf
|
- id: remove-crlf
|
||||||
- id: remove-tabs
|
- id: remove-tabs
|
||||||
exclude: (Makefile)
|
exclude: (Makefile)
|
||||||
|
- repo: https://github.com/zricethezav/gitleaks
|
||||||
|
rev: v8.18.1
|
||||||
|
hooks:
|
||||||
|
- id: gitleaks
|
||||||
|
- repo: https://github.com/yuvipanda/pre-commit-hook-ensure-sops
|
||||||
|
rev: v1.0
|
||||||
|
hooks:
|
||||||
|
- id: sops-encryption
|
||||||
|
# Uncomment to exclude all markdown files from encryption
|
||||||
|
# exclude: *.\.md
|
||||||
|
|
|
@ -14,6 +14,7 @@ keys:
|
||||||
- &citadel age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
- &citadel age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
||||||
- &rickenbacker age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
- &rickenbacker age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
||||||
- &shodan age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
|
- &shodan age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
|
||||||
|
- &helios age1se7am4c5dh35aulf5zt38ymf600hz8gah4eudr9ml4fmr8h2eqxszuel73
|
||||||
|
|
||||||
creation_rules:
|
creation_rules:
|
||||||
- path_regex: .*\.sops\.yaml$
|
- path_regex: .*\.sops\.yaml$
|
||||||
|
@ -24,3 +25,4 @@ creation_rules:
|
||||||
- *citadel
|
- *citadel
|
||||||
- *rickenbacker
|
- *rickenbacker
|
||||||
- *shodan
|
- *shodan
|
||||||
|
- *helios
|
||||||
|
|
|
@ -3,7 +3,9 @@
|
||||||
version: "3"
|
version: "3"
|
||||||
|
|
||||||
vars:
|
vars:
|
||||||
host: $HOSTNAME
|
hostname: $HOSTNAME
|
||||||
|
host: '{{ or .host .hostname }}'
|
||||||
|
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
switch:
|
switch:
|
||||||
|
@ -16,13 +18,47 @@ tasks:
|
||||||
- echo "This will switch your config."
|
- echo "This will switch your config."
|
||||||
- task: .prompt_to_continue
|
- task: .prompt_to_continue
|
||||||
- git add .
|
- git add .
|
||||||
- sudo nixos-rebuild switch --flake "{{.ROOT_DIR}}/#{{.host}}" --impure
|
- sudo nixos-rebuild switch --flake "{{.ROOT_DIR}}/#{{.hostname}}" --impure
|
||||||
preconditions:
|
preconditions:
|
||||||
- sh: which nix
|
- sh: which nix
|
||||||
msg: "nix not found"
|
msg: "nix not found"
|
||||||
- sh: which nixos-rebuild
|
- sh: which nixos-rebuild
|
||||||
msg: "nixos-rebuild not found"
|
msg: "nixos-rebuild not found"
|
||||||
|
|
||||||
|
deploy-single:
|
||||||
|
desc: Deploy flake to single node
|
||||||
|
# silent: true
|
||||||
|
requires:
|
||||||
|
vars:
|
||||||
|
- host
|
||||||
|
cmds:
|
||||||
|
- echo "This will deploy the local flake to host {{ .host }}."
|
||||||
|
- task: .prompt_to_continue
|
||||||
|
- .taskfiles/nix/update-single-machine.sh {{.host}}
|
||||||
|
preconditions:
|
||||||
|
- sh: which nix
|
||||||
|
msg: "nix not found"
|
||||||
|
- sh: which nixos-rebuild
|
||||||
|
msg: "nixos-rebuild not found"
|
||||||
|
|
||||||
|
deploy-all:
|
||||||
|
desc: Deploy flake to all nodes
|
||||||
|
# silent: true
|
||||||
|
requires:
|
||||||
|
vars:
|
||||||
|
- host
|
||||||
|
cmds:
|
||||||
|
- echo "This will deploy the local flake to all whitelisted hosts."
|
||||||
|
- task: .prompt_to_continue
|
||||||
|
- .taskfiles/nix/update-all.sh
|
||||||
|
preconditions:
|
||||||
|
- sh: which nix
|
||||||
|
msg: "nix not found"
|
||||||
|
- sh: which nixos-rebuild
|
||||||
|
msg: "nixos-rebuild not found"
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
test:
|
test:
|
||||||
desc: Build and apply nix configuration
|
desc: Build and apply nix configuration
|
||||||
silent: true
|
silent: true
|
||||||
|
|
37
.taskfiles/nix/update-all.sh
Executable file
37
.taskfiles/nix/update-all.sh
Executable file
|
@ -0,0 +1,37 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
hosts=($(echo $(nix eval .#nixosConfigurations --apply 'pkgs: builtins.concatStringsSep " " (builtins.attrNames pkgs)') | xargs))
|
||||||
|
skip=(
|
||||||
|
"citadel"
|
||||||
|
"rickenbacker"
|
||||||
|
)
|
||||||
|
|
||||||
|
reboot=0
|
||||||
|
|
||||||
|
while getopts ":r" option; do
|
||||||
|
case $option in
|
||||||
|
r)
|
||||||
|
reboot=1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
|
||||||
|
for host in "${hosts[@]}"; do
|
||||||
|
# Check if the host is in the skip list
|
||||||
|
if [[ " ${skip[*]} " =~ " ${host} " ]]; then
|
||||||
|
continue
|
||||||
|
fi
|
||||||
|
fqdn="$host.l.trux.dev"
|
||||||
|
if [ $reboot -eq 0 ]; then
|
||||||
|
echo $fqdn
|
||||||
|
nixos-rebuild switch -j auto --use-remote-sudo --target-host $fqdn --flake ".#$host"
|
||||||
|
else
|
||||||
|
echo "$fqdn with reboot"
|
||||||
|
nixos-rebuild boot -j auto --use-remote-sudo --target-host $fqdn --flake ".#$host"
|
||||||
|
ssh -i $rsa_key $fqdn 'sudo reboot'
|
||||||
|
fi
|
||||||
|
echo
|
||||||
|
echo
|
||||||
|
done
|
33
.taskfiles/nix/update-single-machine.sh
Executable file
33
.taskfiles/nix/update-single-machine.sh
Executable file
|
@ -0,0 +1,33 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
cd /home/truxnell/.local/nix-config
|
||||||
|
|
||||||
|
# rsa_key="~/.nixos/secrets/ssh_keys/ansible/ansible.key"
|
||||||
|
# export NIX_SSHOPTS="-t -i $rsa_key"
|
||||||
|
|
||||||
|
reboot=0
|
||||||
|
|
||||||
|
while getopts ":r" option; do
|
||||||
|
case $option in
|
||||||
|
r)
|
||||||
|
reboot=1
|
||||||
|
host=$2
|
||||||
|
fqdn="$host.l.trux.dev"
|
||||||
|
echo "$fqdn with reboot"
|
||||||
|
nixos-rebuild boot -j auto --use-remote-sudo --target-host $fqdn --flake ".#$host"
|
||||||
|
# ssh -i $rsa_key $fqdn 'sudo reboot'
|
||||||
|
ssh $fqdn 'sudo reboot'
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
|
||||||
|
if [ $reboot -eq 0 ]; then
|
||||||
|
host=$1
|
||||||
|
fqdn="$host.l.trux.dev"
|
||||||
|
echo "$fqdn"
|
||||||
|
nixos-rebuild switch -j auto --use-remote-sudo --target-host $fqdn --flake ".#$host"
|
||||||
|
fi
|
||||||
|
echo
|
||||||
|
echo
|
|
@ -2,3 +2,4 @@
|
||||||
* Dont make conditional imports (nix needs to resolve imports upfront)
|
* Dont make conditional imports (nix needs to resolve imports upfront)
|
||||||
* can pass between nixos and home-manager with config.homemanager.users.<X>.<y> and osConfig.<x?
|
* can pass between nixos and home-manager with config.homemanager.users.<X>.<y> and osConfig.<x?
|
||||||
* when adding home-manager to existing setup, the home-manager service may fail due to trying to over-write existing files in `~`. Deleting these should allow the service to start
|
* when adding home-manager to existing setup, the home-manager service may fail due to trying to over-write existing files in `~`. Deleting these should allow the service to start
|
||||||
|
* yaml = json, so using nix + builtins.toJSON a lot (and repl to vscode for testing)
|
|
@ -58,6 +58,7 @@ nixos-rebuild switch
|
||||||
```
|
```
|
||||||
|
|
||||||
Set the password for the user that was created.
|
Set the password for the user that was created.
|
||||||
|
Might need to use su?
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
passwd truxnell
|
passwd truxnell
|
||||||
|
|
41
docs/vm/installing-zfs-impermance.md
Normal file
41
docs/vm/installing-zfs-impermance.md
Normal file
|
@ -0,0 +1,41 @@
|
||||||
|
> https://grahamc.com/blog/erase-your-darlings/
|
||||||
|
|
||||||
|
# Partitioning
|
||||||
|
parted /dev/nvme0n1 -- mklabel gpt
|
||||||
|
parted /dev/nvme0n1 -- mkpart root ext4 512MB -8GB
|
||||||
|
parted /dev/nvme0n1 -- mkpart swap linux-swap -8GB 100%
|
||||||
|
parted /dev/nvme0n1 -- mkpart ESP fat32 1MB 512MB
|
||||||
|
parted /dev/nvme0n1 -- set 3 esp on
|
||||||
|
|
||||||
|
# Formatting
|
||||||
|
mkswap -L swap /dev/nvme0n1p2
|
||||||
|
mkfs.fat -F 32 -n boot /dev/nvme0n1p3
|
||||||
|
|
||||||
|
# ZFS on root partition
|
||||||
|
zpool create -O mountpoint=none rpool /dev/nvme0n1p1
|
||||||
|
|
||||||
|
zfs create -p -o mountpoint=none rpool/local/root
|
||||||
|
## immediate blank snapshot
|
||||||
|
zfs snapshot rpool/local/root@blank
|
||||||
|
mount -t zfs rpool/local/root /mnt
|
||||||
|
|
||||||
|
# Boot partition
|
||||||
|
mkdir /mnt/boot
|
||||||
|
mount /dev/nvme0n1p3 /mnt/boot
|
||||||
|
|
||||||
|
#mk nix
|
||||||
|
zfs create -p -o mountpoint=legacy rpool/local/nix
|
||||||
|
mkdir /mnt/nix
|
||||||
|
mount -t zfs rpool/local/nix /mnt/nix
|
||||||
|
|
||||||
|
# And a dataset for /home: if needed
|
||||||
|
|
||||||
|
zfs create -p -o mountpoint=legacy rpool/safe/home
|
||||||
|
mkdir /mnt/home
|
||||||
|
mount -t zfs rpool/safe/home /mnt/home
|
||||||
|
|
||||||
|
zfs create -p -o mountpoint=legacy rpool/safe/persist
|
||||||
|
mkdir /mnt/persist
|
||||||
|
mount -t zfs rpool/safe/persist /mnt/persist
|
||||||
|
|
||||||
|
Set `networking.hostid`` in the nixos config to `head -c 8 /etc/machine-id`
|
11
docs/vm/servers.md
Normal file
11
docs/vm/servers.md
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
|
||||||
|
SHODAN = lab01
|
||||||
|
XERXES = lab02
|
||||||
|
|
||||||
|
DURANDAL = dns01
|
||||||
|
dns02
|
||||||
|
|
||||||
|
pikvm
|
||||||
|
|
||||||
|
CITADEL = gaming pc
|
||||||
|
HYPERION = laptop
|
30
flake.nix
30
flake.nix
|
@ -69,6 +69,10 @@
|
||||||
# Use nixpkgs-fmt for 'nix fmt'
|
# Use nixpkgs-fmt for 'nix fmt'
|
||||||
formatter = forAllSystems (system: nixpkgs.legacyPackages."${system}".nixpkgs-fmt);
|
formatter = forAllSystems (system: nixpkgs.legacyPackages."${system}".nixpkgs-fmt);
|
||||||
|
|
||||||
|
# setup devshells against shell.nix
|
||||||
|
devShells = forAllSystems (pkgs: import ./shell.nix { inherit pkgs; });
|
||||||
|
|
||||||
|
|
||||||
nixosConfigurations =
|
nixosConfigurations =
|
||||||
# with self.lib;
|
# with self.lib;
|
||||||
let
|
let
|
||||||
|
@ -188,10 +192,10 @@
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
"shodan" = mkNixosConfig {
|
"durandal" = mkNixosConfig {
|
||||||
# Rpi for DNS and misc services
|
# test lenovo tiny
|
||||||
|
|
||||||
hostname = "shodan";
|
hostname = "durandal";
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
hardwareModules = [
|
hardwareModules = [
|
||||||
./nixos/profiles/hw-generic-x86.nix
|
./nixos/profiles/hw-generic-x86.nix
|
||||||
|
@ -202,6 +206,21 @@
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
"helios" = mkNixosConfig {
|
||||||
|
# lenovo tiny NAS
|
||||||
|
|
||||||
|
hostname = "helios";
|
||||||
|
system = "x86_64-linux";
|
||||||
|
hardwareModules = [
|
||||||
|
./nixos/profiles/hw-generic-x86.nix
|
||||||
|
];
|
||||||
|
profileModules = [
|
||||||
|
./nixos/profiles/role-server.nix
|
||||||
|
{ home-manager.users.truxnell = ./nixos/home/truxnell/server.nix; }
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -254,9 +273,8 @@
|
||||||
};
|
};
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
dns01 = mkDeployConfig "10.8.10.11" self.nixosConfigurations.dns01;
|
dns01 = mkDeployConfig "dns01" self.nixosConfigurations.dns01;
|
||||||
dns02 = mkDeployConfig "10.8.10.10" self.nixosConfigurations.dns02;
|
dns02 = mkDeployConfig "dns02" self.nixosConfigurations.dns02;
|
||||||
shodan = mkDeployConfig "10.8.20.33" self.nixosConfigurations.shodan;
|
|
||||||
|
|
||||||
# dns02 = mkDeployConfig "dns02.natallan.com" self.nixosConfigurations.dns02;
|
# dns02 = mkDeployConfig "dns02.natallan.com" self.nixosConfigurations.dns02;
|
||||||
};
|
};
|
||||||
|
|
|
@ -30,7 +30,7 @@ with lib.hm.gvariant; {
|
||||||
favorite-apps = [ "org.gnome.Nautilus.desktop" "firefox.desktop" "org.wezfurlong.wezterm.desktop" "PrusaGcodeviewer.desktop" "spotify.desktop" "org.gnome.Console.desktop" "codium.desktop" "discord.desktop" ];
|
favorite-apps = [ "org.gnome.Nautilus.desktop" "firefox.desktop" "org.wezfurlong.wezterm.desktop" "PrusaGcodeviewer.desktop" "spotify.desktop" "org.gnome.Console.desktop" "codium.desktop" "discord.desktop" ];
|
||||||
};
|
};
|
||||||
"org/gnome/nautilus/preferences" = {
|
"org/gnome/nautilus/preferences" = {
|
||||||
default-folder-viewer = "icon-view";
|
default-folder-viewer = "list-view";
|
||||||
};
|
};
|
||||||
"org/gnome/nautilus/icon-view" = {
|
"org/gnome/nautilus/icon-view" = {
|
||||||
default-zoom-level = "small";
|
default-zoom-level = "small";
|
||||||
|
|
|
@ -14,7 +14,6 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# Temporary make .config/wezterm/wezterm.lua link to the local copy
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
# xdg.configFile."wezterm/wezterm.lua".source = config.lib.file.mkOutOfStoreSymlink cfg.configPath;
|
# xdg.configFile."wezterm/wezterm.lua".source = config.lib.file.mkOutOfStoreSymlink cfg.configPath;
|
||||||
programs.wezterm.package = pkgs.unstable.wezterm;
|
programs.wezterm.package = pkgs.unstable.wezterm;
|
||||||
|
@ -23,8 +22,11 @@ in
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
local wez = require('wezterm')
|
local wez = require('wezterm')
|
||||||
return {
|
return {
|
||||||
|
-- issue relating to nvidia drivers
|
||||||
-- https://github.com/wez/wezterm/issues/2011
|
-- https://github.com/wez/wezterm/issues/2011
|
||||||
enable_wayland = false,
|
-- had to build out 550.67 manually to 'fix'
|
||||||
|
enable_wayland = true,
|
||||||
|
|
||||||
color_scheme = "Dracula (Official)",
|
color_scheme = "Dracula (Official)",
|
||||||
check_for_updates = false,
|
check_for_updates = false,
|
||||||
window_background_opacity = .90,
|
window_background_opacity = .90,
|
||||||
|
|
|
@ -12,6 +12,7 @@ with config;
|
||||||
|
|
||||||
myHome.security = {
|
myHome.security = {
|
||||||
ssh = {
|
ssh = {
|
||||||
|
#TODO make this dynamic
|
||||||
enable = true;
|
enable = true;
|
||||||
matchBlocks = {
|
matchBlocks = {
|
||||||
citadel = {
|
citadel = {
|
||||||
|
@ -40,6 +41,12 @@ with config;
|
||||||
user = "root";
|
user = "root";
|
||||||
identityFile = "~/.ssh/id_ed25519";
|
identityFile = "~/.ssh/id_ed25519";
|
||||||
};
|
};
|
||||||
|
durandal = {
|
||||||
|
hostname = "durandal";
|
||||||
|
port = 22;
|
||||||
|
identityFile = "~/.ssh/id_ed25519";
|
||||||
|
};
|
||||||
|
|
||||||
helios = {
|
helios = {
|
||||||
hostname = "helios";
|
hostname = "helios";
|
||||||
user = "nat";
|
user = "nat";
|
||||||
|
|
|
@ -16,6 +16,7 @@
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
hostName = "nixos-bootstrap";
|
hostName = "nixos-bootstrap";
|
||||||
|
hostId = ""; # set to `head -c 8 /etc/machine-id`
|
||||||
dhcpcd.enable = true;
|
dhcpcd.enable = true;
|
||||||
};
|
};
|
||||||
# Pick only one of the below networking options.
|
# Pick only one of the below networking options.
|
||||||
|
|
|
@ -20,9 +20,12 @@
|
||||||
radarr.enable = true;
|
radarr.enable = true;
|
||||||
lidarr.enable = true;
|
lidarr.enable = true;
|
||||||
readarr.enable = true;
|
readarr.enable = true;
|
||||||
|
gatus.enable = true;
|
||||||
|
sabnzbd.enable = true;
|
||||||
|
qbittorrent.enable = true;
|
||||||
};
|
};
|
||||||
mySystem.nfs.nas.enable = true;
|
mySystem.nfs.nas.enable = true;
|
||||||
|
mySystem.persistentFolder = "/persistent/nixos";
|
||||||
|
|
||||||
boot = {
|
boot = {
|
||||||
|
|
||||||
|
@ -43,7 +46,7 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
networking.hostName = "shodan1"; # Define your hostname.
|
networking.hostName = "durandal"; # Define your hostname.
|
||||||
networking.useDHCP = lib.mkDefault true;
|
networking.useDHCP = lib.mkDefault true;
|
||||||
|
|
||||||
fileSystems."/" =
|
fileSystems."/" =
|
88
nixos/hosts/helios/default.nix
Normal file
88
nixos/hosts/helios/default.nix
Normal file
|
@ -0,0 +1,88 @@
|
||||||
|
# Edit this configuration file to define what should be installed on
|
||||||
|
# your system. Help is available in the configuration.nix(5) man page, on
|
||||||
|
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
|
||||||
|
{ config
|
||||||
|
, lib
|
||||||
|
, pkgs
|
||||||
|
, ...
|
||||||
|
}: {
|
||||||
|
imports = [
|
||||||
|
|
||||||
|
|
||||||
|
];
|
||||||
|
|
||||||
|
mySystem.services = {
|
||||||
|
openssh.enable = true;
|
||||||
|
|
||||||
|
#containers
|
||||||
|
podman.enable = true;
|
||||||
|
traefik.enable = true;
|
||||||
|
homepage.enable = true;
|
||||||
|
sonarr.enable = true;
|
||||||
|
radarr.enable = true;
|
||||||
|
lidarr.enable = true;
|
||||||
|
readarr.enable = true;
|
||||||
|
gatus.enable = true;
|
||||||
|
sabnzbd.enable = true;
|
||||||
|
qbittorrent.enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
mySystem.system = {
|
||||||
|
zfs.enable = true;
|
||||||
|
zfs.mountPoolsAtBoot = [ "tank" ];
|
||||||
|
zfs.impermanenceRollback = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
boot = {
|
||||||
|
|
||||||
|
initrd.availableKernelModules = [ "xhci_pci" "ahci" "mpt3sas" "nvme" "usbhid" "usb_storage" "sd_mod" ];
|
||||||
|
initrd.kernelModules = [ ];
|
||||||
|
kernelModules = [ "kvm-intel" ];
|
||||||
|
extraModulePackages = [ ];
|
||||||
|
|
||||||
|
# for managing/mounting ntfs
|
||||||
|
supportedFilesystems = [ "ntfs" ];
|
||||||
|
|
||||||
|
loader = {
|
||||||
|
systemd-boot.enable = true;
|
||||||
|
efi.canTouchEfiVariables = true;
|
||||||
|
# why not ensure we can memtest workstatons easily?
|
||||||
|
grub.memtest86.enable = true;
|
||||||
|
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.hostName = "helios"; # Define your hostname.
|
||||||
|
networking.hostId = "fae0e831"; # for zfs, helps stop importing to wrong machine
|
||||||
|
networking.useDHCP = lib.mkDefault true;
|
||||||
|
|
||||||
|
fileSystems."/" =
|
||||||
|
{
|
||||||
|
device = "rpool/local/root";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/nix" =
|
||||||
|
{
|
||||||
|
device = "rpool/local/nix";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/persist" =
|
||||||
|
{
|
||||||
|
device = "rpool/safe/persist";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
fileSystems."/boot" =
|
||||||
|
{
|
||||||
|
device = "/dev/disk/by-uuid/B19B-8223";
|
||||||
|
fsType = "vfat";
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
swapDevices =
|
||||||
|
[{ device = "/dev/disk/by-uuid/1d7b6e4a-aa76-4217-af18-44378c2d93d9"; }];
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
}
|
|
@ -38,6 +38,7 @@ in
|
||||||
virtualisation.oci-containers.containers.${app} = {
|
virtualisation.oci-containers.containers.${app} = {
|
||||||
image = "${image}";
|
image = "${image}";
|
||||||
user = "${user}:${group}";
|
user = "${user}:${group}";
|
||||||
|
dependsOn = [ "prowlarr" ];
|
||||||
environment = {
|
environment = {
|
||||||
PUSHOVER_DEBUG = "false";
|
PUSHOVER_DEBUG = "false";
|
||||||
PUSHOVER_APP_URL = "${app}.${config.networking.domain}";
|
PUSHOVER_APP_URL = "${app}.${config.networking.domain}";
|
||||||
|
@ -51,16 +52,13 @@ in
|
||||||
"/mnt/nas/natflix:/media:rw"
|
"/mnt/nas/natflix:/media:rw"
|
||||||
"/etc/localtime:/etc/localtime:ro"
|
"/etc/localtime:/etc/localtime:ro"
|
||||||
];
|
];
|
||||||
labels = {
|
labels = config.lib.mySystem.mkTraefikLabels {
|
||||||
"traefik.enable" = "true";
|
name = app;
|
||||||
"traefik.http.routers.${app}.entrypoints" = "websecure";
|
inherit port;
|
||||||
"traefik.http.routers.${app}.middlewares" = "local-only@file";
|
|
||||||
"traefik.http.services.${app}.loadbalancer.server.port" = "${toString port}";
|
|
||||||
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
mySystem.services.homepage.media-services = [
|
mySystem.services.homepage.media-services = mkIf cfg.addToHomepage [
|
||||||
{
|
{
|
||||||
Lidarr = {
|
Lidarr = {
|
||||||
icon = "${app}.png";
|
icon = "${app}.png";
|
||||||
|
@ -69,11 +67,21 @@ in
|
||||||
container = "${app}";
|
container = "${app}";
|
||||||
widget = {
|
widget = {
|
||||||
type = "${app}";
|
type = "${app}";
|
||||||
url = "http://${app}:${toString port}";
|
url = "https://${app}.${config.networking.domain}";
|
||||||
key = "{{HOMEPAGE_VAR_LIDARR__API_KEY}}";
|
key = "{{HOMEPAGE_VAR_LIDARR__API_KEY}}";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
|
mySystem.services.gatus.monitors = mkIf config.mySystem.services.gatus.enable [{
|
||||||
|
|
||||||
|
name = app;
|
||||||
|
group = "arr";
|
||||||
|
url = "https://${app}.${config.networking.domain}";
|
||||||
|
interval = "30s";
|
||||||
|
conditions = [ "[CONNECTED] == true" ];
|
||||||
|
}];
|
||||||
|
|
||||||
};
|
};
|
||||||
}
|
}
|
68
nixos/modules/nixos/containers/arr/lidarr/secrets.sops.yaml
Normal file
68
nixos/modules/nixos/containers/arr/lidarr/secrets.sops.yaml
Normal file
|
@ -0,0 +1,68 @@
|
||||||
|
services:
|
||||||
|
lidarr:
|
||||||
|
env: ENC[AES256_GCM,data:7YX4nyGmGWCLWfAq2C+wgFDhsldtB+HtCgTOFzloTUCNzF+FkCiqOfCoelrLlpDDWzTY2zLVHmPpsn65170SUfm93nAAxS2Wje5nK18USoKIDd+M4lOkq1vPkVcIMHJlW6U7K8Uf9HidCFsTg9k=,iv:1R1K+ZSRTiltIN6c5s0s1Bev7xdRWBvHTaOO4/zIzWE=,tag:4jOnhVk9of3wzzgvL/4F4w==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2NlFJVE1WaWtkRGtwa3VM
|
||||||
|
TnVHTjVkekRlL05lcDlSM2EvaUNvbzliV1F3CjhQajQ4dERzSGl0Y3RsK21HOS9K
|
||||||
|
TURVdlY0Z3Qxd3AzcHU5bVcyeisrbFUKLS0tIHRYeEhyNzNveUU3QVVvd2FHaUo0
|
||||||
|
ZnQwbmZKc3J1aUF2Z3YwWDZzeXM2RncKOldAtGrvchEjB43g4yGFMObsU+PsV+Br
|
||||||
|
kGqwFZfQYult/pIPuu0uitY4DGzqGFvVZSHbRlafVksg9yfllW/TZA==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4d05KN0tOTTdITWlkSFNk
|
||||||
|
WGM4WFJYb2RmN3RIU1NFRytzNWxSTFc4SmxjCmt3Nkh4Yy9MK1lkYmxwRWxIeEJR
|
||||||
|
YitCbXAwdzhBWXVrUGJjcmRDam9Qc1UKLS0tIEZPUjRqZVV2UEpsWkZaYVFSZVd6
|
||||||
|
YXNFK2t5RzlJc1JyUWlFeHNLdFpqU0UKr0HL7K9cdaHIDa2J/3fOxuY9ciHmyoaC
|
||||||
|
O9fPgDV7MUG1cG7lFMQUXw17ke/3aqxBrQdixCIJDVFiD3Bp5CNUwQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRRmtvVS83Qk50Qnp3MGlH
|
||||||
|
MDg0czVSRDc1MkdLV01EOG5JZWtwUGFXeVNJClNtWmZLSzVQTjcwVmhpaE1lcTcx
|
||||||
|
VDFGT0RqZDQ5ZTh1QWhVWXpLQ3Q3VmcKLS0tIEJ1REI1a2lWTFpWZ0RZVHVRNXBI
|
||||||
|
Q0VoNjMrZXNzbkl2cy9tUW1wajNaR2cKPDjjplQ9v9aFkHuDPhGri/VLBDrHdAeN
|
||||||
|
040urbUo0MV8rf5wysRkDKFqoZeIJF9pTetkSTL3BawV/G9uo1ccBA==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyWTdIMCtCRVFXSXcxZDRZ
|
||||||
|
eTJiaVVMYVRoOHFoNEZ3OWlZZ2VXYlk5NGdFCkFKeFhpbGltUGNwR0FwWGpCWVpD
|
||||||
|
aGI1TG9uK2cyYlQ4dGdYOHFQWkNkOTAKLS0tIFFvOE5lNmFkNnppZkRNSW5zTWtD
|
||||||
|
enpoY1NscGhSTWxVTEU4M1lNS21ZWmMK/vkbqW5oQT/NImNFGx7d42Q/bHMTA3cy
|
||||||
|
SzoDd762QD84ONgwh8OtXEHk3TlxrVrMKbqRa3OyYSV9AdPZ4QiHaQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLRVJRdkJwdE95eE1NbEJE
|
||||||
|
eUZXWlppUXBDOGFGVjBoMzhYWnFkc0Z3OEFFCnU4MlhFMmV3YjI2R3dPY2QzWW9q
|
||||||
|
elhGSE1FQlVVWUp1dHIrUFlkRlV3Z0kKLS0tIFRrR3VxVFdsbld4QXB6Qlc5UGZQ
|
||||||
|
ZmpvRy8zNkExN2lWTEZvQllLcHo4cjgKXJt9NVNxEy0gaow2Uwm1NfLytLLsHyoF
|
||||||
|
C+RAWMpEhxyJHQ3cyGaYmOe9AkArO3lV9xwiNLcAzQTjZaIjy3KO0Q==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1se7am4c5dh35aulf5zt38ymf600hz8gah4eudr9ml4fmr8h2eqxszuel73
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNSXFaZ0EvNjRzazhsZzhP
|
||||||
|
ZGZqRFhoT1RVNHI0cG41OVhmYU1HWTI3ZnlRCndKREo1UmNhTTRPdGxIdkpaeVZy
|
||||||
|
Ujk1M005NTRtaC9YQ2dteGNQZ1A5cGsKLS0tIEJhSWkvaWY3eGRyR1VlckYzL1BQ
|
||||||
|
SjVNbnhXeGhxTHEyRU5Jd1BaNzc0TjQK+JalyEaNtqABGJbphWUdVKG3dNoU8/zv
|
||||||
|
9uivNH47OBZmWPWhDMWFKU3EZ05LRJMPHax4W1PyWXsvV8keda1K1A==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-04-10T07:18:45Z"
|
||||||
|
mac: ENC[AES256_GCM,data:O6qkL2lH7dxsadSwJeYkRLr98jvmonuuHrQF52A9OP44fNdhA0SVagd4iLpIh4nlghIpWGnaLRzl+eL4u36Dh3rrlJoOKaWJmkSQDEVvRXpE36/+7ChvJj995s2qX/2MAMhG2ytrgAmGb0TuzsP8ySTJlFFubwk/lZoVaWAy+Fc=,iv:OFfOpQy+mCiO8RpHQStW34H7J9LJ3PFkZyrlCj5kOcA=,tag:7C0rafYEwMoakDR3sSWL6w==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.8.1
|
|
@ -50,16 +50,13 @@ in
|
||||||
"${persistentFolder}:/config:rw"
|
"${persistentFolder}:/config:rw"
|
||||||
"/etc/localtime:/etc/localtime:ro"
|
"/etc/localtime:/etc/localtime:ro"
|
||||||
];
|
];
|
||||||
labels = {
|
labels = config.lib.mySystem.mkTraefikLabels {
|
||||||
"traefik.enable" = "true";
|
name = app;
|
||||||
"traefik.http.routers.${app}.entrypoints" = "websecure";
|
inherit port;
|
||||||
"traefik.http.routers.${app}.middlewares" = "local-only@file";
|
|
||||||
"traefik.http.services.${app}.loadbalancer.server.port" = "${toString port}";
|
|
||||||
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
mySystem.services.homepage.media-services = [
|
mySystem.services.homepage.media-services = mkIf cfg.addToHomepage [
|
||||||
{
|
{
|
||||||
Prowlarr = {
|
Prowlarr = {
|
||||||
icon = "${app}.png";
|
icon = "${app}.png";
|
||||||
|
@ -68,11 +65,21 @@ in
|
||||||
container = "${app}";
|
container = "${app}";
|
||||||
widget = {
|
widget = {
|
||||||
type = "${app}";
|
type = "${app}";
|
||||||
url = "http://${app}:${toString port}";
|
url = "https://${app}.${config.networking.domain}";
|
||||||
key = "{{HOMEPAGE_VAR_PROWLARR__API_KEY}}";
|
key = "{{HOMEPAGE_VAR_PROWLARR__API_KEY}}";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
|
mySystem.services.gatus.monitors = mkIf config.mySystem.services.gatus.enable [{
|
||||||
|
|
||||||
|
name = app;
|
||||||
|
group = "arr";
|
||||||
|
url = "https://${app}.${config.networking.domain}";
|
||||||
|
interval = "30s";
|
||||||
|
conditions = [ "[CONNECTED] == true" ];
|
||||||
|
}];
|
||||||
|
|
||||||
};
|
};
|
||||||
}
|
}
|
|
@ -0,0 +1,68 @@
|
||||||
|
services:
|
||||||
|
prowlarr:
|
||||||
|
env: ENC[AES256_GCM,data:bB13WWB+H9OHK4FMOEuURU0oZLdCTpG67bY/E6ikN8MBixG5PPwZuUHVt3gfpcdiQC3/BVj8UhkEC3ATRlihZCsUAB9kWUMAPrxOeXQr0VJ+RQpl2q9IjdUa4nz42AZkG1ZevCoYojxFKvJGmGaVj9CI,iv:yUe+L4cOwI52462FMu2zKvjLShXFI5joaEHxcENcVPI=,tag:rVdZZ2E0Ikx8OhIFs+8rMw==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaR2h5a2dnc005dGFPdkxD
|
||||||
|
YlBQakZRUFYyUHNFUklzQ2dXTUp1ZXpaVkcwClVpZzJFTTNBeitYOWpJdUx0K3FL
|
||||||
|
bnRkbnNDZzBqOTNCRnJnekU0N043MjgKLS0tIGZ1WTdkb1g5c3MzNXBnVGdPZGw2
|
||||||
|
cklqZXFTS0JKb1hHNG8yQm9jQ0dyRkUKsJIGwRQUpQ2rWtLAEnm8C9+5yLfTY4He
|
||||||
|
mDB2V6IitkKFEPzEpPi9vk+2zkf6dqWbwUa9VANs14uLu5Ue0WTsjQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFWFRlL0VQY0d1aDIreksr
|
||||||
|
UjZwMzM3RkhyamlVVGtOWFdTRlhodlphZmo4Cm1WMlNRVDhSVTlqUG84TG5iK1cw
|
||||||
|
M290eVZXVXlpbCs5aEhpRERRRWVzSVEKLS0tIFlBemlwWjZuczVFSVE0UWJOZFJh
|
||||||
|
T2h5eEJXekxKVnBmQWJoL0h4aGJreHcKQSgjZWxd8lBhMrv4bqmoQICK/hf/hWOp
|
||||||
|
a2Un0jXCvomlCCRiMXpc1Ii9Xy6y012bHrAlom3eiAU11wKOBYZ0Qg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0MWliQTFvM0MrUmN1NDFK
|
||||||
|
VEM4TnhrSWM2cEU2dHE3UnQzeHZhN1BKT1E4CllBMEEwY1FxVWI5S1JndnVQUkFT
|
||||||
|
VzBUYVozN1M2Z2o0b3hxaHd3aUV0ajAKLS0tIHBRQ3RTOGxzTlQ2emlqTXdoZy92
|
||||||
|
VGQ1RklSUy9UclRYaVNmWTlHTXRHMDgKk6MlwJIlSsZRxYwNC39bkwUly3m+y+68
|
||||||
|
XpLbncjI55Uyno1z2J+6NJotAFFKpzuQ/VpAiE+FwBM7CLrkh11KvQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEb3dyZ2RrZXZjUlYvZFI1
|
||||||
|
Ui8vQmx2bFlYV2pUQmc1eUordnd6RVFyQXpJCk92SFk5QTA2Qk1WbTArSFpQaGNi
|
||||||
|
N0gwUEI1b3NWZ3JURGVPQ3ZuZnU4NGsKLS0tIE1GUWJ2NUFzck0vNUI5T1VqMUly
|
||||||
|
NkFQb21LVzloQnd0L0tYUEpRZTF3eE0K4xTWCCiceDKCla7kWfBvftNjTFY5aXZa
|
||||||
|
azlnCmlg/geKrQvWRYe63i+20q+ZkhQfm6qGugkRuHpMSsXG8woTlg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2MkhmRytsWHJSalBucjlH
|
||||||
|
NTFCc01UQW9HMjFJSkJnM1EzM2pza1gzaVRNCm5lTEhnU2E0VnlCR1pKT2xSWCtT
|
||||||
|
Z3FXclRmQkxvOFliMVVIS2ZJY0dsOGMKLS0tIGE0eWVuVXRsYXg4Z0syNS9mWCt3
|
||||||
|
ajJ5RzBDaTZXMnlkSFJFQXRqZ0FOUTgKGEaHiHOO45JfVheInmxiModzF5fzo2e7
|
||||||
|
5XF9WUKPz9Jx53ugivb/S9turWA4eZaeA9rmLb3yQ0HcQoaLVsB7ng==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1se7am4c5dh35aulf5zt38ymf600hz8gah4eudr9ml4fmr8h2eqxszuel73
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvVVBFL1VYYnlyQVRoN2hx
|
||||||
|
NnJ6SzFucHp6THJTYktJRC9Tb2J6bUpYVFVjCnhEYjcvZUNGTXhZci9wMWtHaERE
|
||||||
|
NW9KNkc5ZE9TdFpKdUoyUGRVQ1JGSXMKLS0tIGdGS3lpUWVMRTlwTElHUE9uY0Nm
|
||||||
|
dExpb1kvR1o0V2RFOE9GckkzWG93NmMK4JM8Vp0zTa9zVRiMzw5AY+3zaNqKnYAt
|
||||||
|
bD9iTN/TQbjyowvdxRiziLE4hZ6plav7x8/o3MRT8uXMdnaykIT0PQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-04-10T07:18:45Z"
|
||||||
|
mac: ENC[AES256_GCM,data:ygSwpOo/ZuqTVLKDgmQvAEY8KYkq1O/3grLL5i/0LGlSOM9n9j4oBjBodmGRrXtZ5ui0BL8PZlExfjK7QUni7m0wRXRhWoiuYadiiPVmfzSLQ4aDet4eCt5mTvjn2Xm68cOB3Vyu+dGzmU9O1H0y7EoUsItVPsrreOAlItGEKM0=,iv:10jClAw0BkJJbLg4zdPxZ3/7I20M0UQUcfL+SRtg/MI=,tag:Bhu5V35Hp6pGKfRCUgKSSQ==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.8.1
|
|
@ -38,6 +38,7 @@ in
|
||||||
virtualisation.oci-containers.containers.${app} = {
|
virtualisation.oci-containers.containers.${app} = {
|
||||||
image = "${image}";
|
image = "${image}";
|
||||||
user = "${user}:${group}";
|
user = "${user}:${group}";
|
||||||
|
dependsOn = [ "prowlarr" ];
|
||||||
environment = {
|
environment = {
|
||||||
PUSHOVER_DEBUG = "false";
|
PUSHOVER_DEBUG = "false";
|
||||||
PUSHOVER_APP_URL = "${app}.${config.networking.domain}";
|
PUSHOVER_APP_URL = "${app}.${config.networking.domain}";
|
||||||
|
@ -51,16 +52,13 @@ in
|
||||||
"/mnt/nas/natflix/series:/media:rw"
|
"/mnt/nas/natflix/series:/media:rw"
|
||||||
"/etc/localtime:/etc/localtime:ro"
|
"/etc/localtime:/etc/localtime:ro"
|
||||||
];
|
];
|
||||||
labels = {
|
labels = config.lib.mySystem.mkTraefikLabels {
|
||||||
"traefik.enable" = "true";
|
name = app;
|
||||||
"traefik.http.routers.${app}.entrypoints" = "websecure";
|
inherit port;
|
||||||
"traefik.http.routers.${app}.middlewares" = "local-only@file";
|
|
||||||
"traefik.http.services.${app}.loadbalancer.server.port" = "${toString port}";
|
|
||||||
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
mySystem.services.homepage.media-services = [
|
mySystem.services.homepage.media-services = mkIf cfg.addToHomepage [
|
||||||
{
|
{
|
||||||
Radarr = {
|
Radarr = {
|
||||||
icon = "${app}.png";
|
icon = "${app}.png";
|
||||||
|
@ -69,11 +67,21 @@ in
|
||||||
container = "${app}";
|
container = "${app}";
|
||||||
widget = {
|
widget = {
|
||||||
type = "${app}";
|
type = "${app}";
|
||||||
url = "http://${app}:${toString port}";
|
url = "https://${app}.${config.networking.domain}";
|
||||||
key = "{{HOMEPAGE_VAR_RADARR__API_KEY}}";
|
key = "{{HOMEPAGE_VAR_RADARR__API_KEY}}";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
|
mySystem.services.gatus.monitors = mkIf config.mySystem.services.gatus.enable [{
|
||||||
|
|
||||||
|
name = app;
|
||||||
|
group = "arr";
|
||||||
|
url = "https://${app}.${config.networking.domain}";
|
||||||
|
interval = "30s";
|
||||||
|
conditions = [ "[CONNECTED] == true" ];
|
||||||
|
}];
|
||||||
|
|
||||||
};
|
};
|
||||||
}
|
}
|
68
nixos/modules/nixos/containers/arr/radarr/secrets.sops.yaml
Normal file
68
nixos/modules/nixos/containers/arr/radarr/secrets.sops.yaml
Normal file
|
@ -0,0 +1,68 @@
|
||||||
|
services:
|
||||||
|
radarr:
|
||||||
|
env: ENC[AES256_GCM,data:eCok5/+DTT4DvI+3Tmgel3h7rRMQzPyGKmGzjWr9Bk+7KhuCutqT8VKRT6cvk6N6GkAaF8fLeZ8ANxy2bK6RyPrB0jOb6J2SsYWrXHNdgtTLPVccIDRfJ+R7Xp01eHp6JGY5xmpF7HEjN9JHFQkwcsy+GpNBK+ALfBH6BFMbnK2AGlM6RwclN+BSvMZirfRnxSZ1XTUNPuLX/+ClWTqlfEHfab0lM1ZcA0VFSKNpk1ivshewRpv7ZgLGGHU4JXZXT1amJrYoSCPKkl2Aaf52,iv:N0L7Vmv7yOSprFAxpdpkrH8uFj0cHgVbpyCSJnqrugI=,tag:3xLCZY0EN505xfWKvDs+hg==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnV0tvc1FncHB0Mkt1QjNh
|
||||||
|
VzlZdXBjb3VTSjRpWWpZclE1RE9xM2FsUlFVCkU2eEtNL1FrRTVLZ3lrSXdTOHp4
|
||||||
|
RERqbWRyeURJTFVZT2lQVWk2eDhrZ0EKLS0tIDl2OWUxTHUwR0ZtbnY1d3dLRUtR
|
||||||
|
QTF0WnJZbjVmSHMwdlQ2cjhuTzF3eTgKRWyMgPMCPCQaFyMoemfaVKR4Nz/9zqE1
|
||||||
|
QYfyVdzo+EGp8aFsJUDW7i8tnNWuqSkU/arEX2HXZ4eURoVOV56M/A==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNT1BxVU8xb3Qxbk9nY2hG
|
||||||
|
a2dBbGwwZmtRYUdvenlWYklDL3RleWx6RnlJClFkcXhwbFROR3dZNWprUkh0SG9W
|
||||||
|
eXNLOHhNTHdBcmJmNnMwRGk1M21adXcKLS0tIHBzaHQ3U255MlMxWDBZdzRqSUpN
|
||||||
|
S2taWVhLWmRCcW81ejY3T2lVM1dSeGMKMEExqNLhSDxcFSUvAx4Uoet1Cr9pMbM5
|
||||||
|
JFmIuiEOF7idfJ0/fceM9IxMS22LBTRC9Vlkkr9lYj/trO9KmF0l/Q==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYZG1VMGtyMnhwTzZkMlp6
|
||||||
|
Z3Z4K1JIYjcyaTBVSjJjRnNXQWc4ZFNxRUJzCkVIdVFvaldOR1FtTkFZbjFuVG5B
|
||||||
|
VUY2Zm9mTDRFeWxudGtOWlp5c1hvdGMKLS0tIEFYLzlJcDN5a1ZJMm9mUW9YR1BR
|
||||||
|
dm4rV0t6SkVwVk5udVI5c3ZYNHRoUkUKIR9FbffWcyslWbURZ+PkWSqW1QDaS3m0
|
||||||
|
HW4aSEPPbA+SIDIlZY/6CdY3MS5p/STkqfLPIpAuswEaMGdAcHI9Cw==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpbzNjdFgydlhFcjRQZGh4
|
||||||
|
eExFSG1uZkl2aDl1SWk5SExlWjlid2V3V3dRCkErY2tYanprRXoreHB3OFpRNFRO
|
||||||
|
MzB1NEtnVTZMd2V0WVpPMnJ2V1ZlbkEKLS0tIDAxQ0FkeFdXb1FPUm9uWjVscFZ3
|
||||||
|
WTlObk85TGJkMlNZQ0RKc0FkTyszSGMKk29wTRW8QtioBdX6vaiM5NycbVJCmf1V
|
||||||
|
3w9D4uJyIocBvXbhHOoL7JJp7rRKCx+rcs6nxYrtgI/f5pWR4mG5Ng==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGTmpjK3VzOHlKbnAveHNR
|
||||||
|
TWdIR1FjZW44NHdiMk1qRkwrWHZsMDR0ZkhFCmdyNUNOZ2I4elJSVzF2S0poaTJm
|
||||||
|
M2gzTHNMejZTNzVoUHJOdEJkNkkrTEkKLS0tIDdUWlhMcmVOUnAyaXZKN25sMGpX
|
||||||
|
RExtMlBhNEpnYnZSY0NUS2ZLZWpLSUUKXDbDA8JdpfHMJuB1dr68mzETGJn6SfrZ
|
||||||
|
V0c127YS2LvNl1jwDl4nMPpUy2MH0gYYi3JTJSOWFbqzWVDx2lsrHw==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1se7am4c5dh35aulf5zt38ymf600hz8gah4eudr9ml4fmr8h2eqxszuel73
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwNGFzc2pJS09ldkFRTjQ0
|
||||||
|
WHB4TUdUTElMZ09BanRRS3gvdldIRUozWDFzCktyUUVsTndPTFduNGlubVBaZjk0
|
||||||
|
REhBckdmNTIwcGh4UURLdnJVL0tnOFkKLS0tIHNtdW1UcTVadGtwbUt6Z0lMZHZs
|
||||||
|
NThTZi91NWRubGl6YWNMOHFiYktia2cKE8eNGhd9c5/nnCMoRD5fkYstVzvSg4Un
|
||||||
|
AgyBwvsh8H75HOQaxB2fLqOnzFmmEapRCflaymq9R5qBk8kpQ5iChA==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-04-10T07:18:45Z"
|
||||||
|
mac: ENC[AES256_GCM,data:4g+4hRWHD5L/SjxKu8VhCU2oznUP/GZ5iNsKrC7GWHg4iLXY2MRSwbkcR1SoQrCWqFACNQCFQzdAqUFbhHMx85AL9V+YEVYMxBmDt2arOF1yNVbxYnDfbBbWRjYva2Yt9er2P1Topfku5XhIfPXyPi7nuZuGamRWiGNt98bpsTY=,iv:LbWJzgT8QRE7AaxSNdPCT0jvjZiBUh7xlKsBQQfnVwA=,tag:w/nNS+6eYYt1tMixoX97IA==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.8.1
|
|
@ -38,7 +38,9 @@ in
|
||||||
virtualisation.oci-containers.containers.${app} = {
|
virtualisation.oci-containers.containers.${app} = {
|
||||||
image = "${image}";
|
image = "${image}";
|
||||||
user = "${user}:${group}";
|
user = "${user}:${group}";
|
||||||
|
dependsOn = [ "prowlarr" ];
|
||||||
environment = {
|
environment = {
|
||||||
|
TZ = "${config.time.timeZone}";
|
||||||
READARR__INSTANCE_NAME = "Lidarr";
|
READARR__INSTANCE_NAME = "Lidarr";
|
||||||
READARR__APPLICATION_URL = "https://${app}.${config.networking.domain}";
|
READARR__APPLICATION_URL = "https://${app}.${config.networking.domain}";
|
||||||
READARR__LOG_LEVEL = "info";
|
READARR__LOG_LEVEL = "info";
|
||||||
|
@ -49,16 +51,13 @@ in
|
||||||
"/mnt/nas/natflix:/media:rw"
|
"/mnt/nas/natflix:/media:rw"
|
||||||
"/etc/localtime:/etc/localtime:ro"
|
"/etc/localtime:/etc/localtime:ro"
|
||||||
];
|
];
|
||||||
labels = {
|
labels = config.lib.mySystem.mkTraefikLabels {
|
||||||
"traefik.enable" = "true";
|
name = app;
|
||||||
"traefik.http.routers.${app}.entrypoints" = "websecure";
|
inherit port;
|
||||||
"traefik.http.routers.${app}.middlewares" = "local-only@file";
|
|
||||||
"traefik.http.services.${app}.loadbalancer.server.port" = "${toString port}";
|
|
||||||
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
mySystem.services.homepage.media-services = [
|
mySystem.services.homepage.media-services = mkIf cfg.addToHomepage [
|
||||||
{
|
{
|
||||||
Readar = {
|
Readar = {
|
||||||
icon = "${app}.png";
|
icon = "${app}.png";
|
||||||
|
@ -67,11 +66,21 @@ in
|
||||||
container = "${app}";
|
container = "${app}";
|
||||||
widget = {
|
widget = {
|
||||||
type = "${app}";
|
type = "${app}";
|
||||||
url = "http://${app}:${toString port}";
|
url = "https://${app}.${config.networking.domain}";
|
||||||
key = "{{HOMEPAGE_VAR_READARR__API_KEY}}";
|
key = "{{HOMEPAGE_VAR_READARR__API_KEY}}";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
|
mySystem.services.gatus.monitors = mkIf config.mySystem.services.gatus.enable [{
|
||||||
|
|
||||||
|
name = app;
|
||||||
|
group = "arr";
|
||||||
|
url = "https://${app}.${config.networking.domain}";
|
||||||
|
interval = "30s";
|
||||||
|
conditions = [ "[CONNECTED] == true" ];
|
||||||
|
}];
|
||||||
|
|
||||||
};
|
};
|
||||||
}
|
}
|
68
nixos/modules/nixos/containers/arr/readarr/secrets.sops.yaml
Normal file
68
nixos/modules/nixos/containers/arr/readarr/secrets.sops.yaml
Normal file
|
@ -0,0 +1,68 @@
|
||||||
|
services:
|
||||||
|
readarr:
|
||||||
|
env: ENC[AES256_GCM,data:vPKL/0rOBlly7EW1Pbt8dJ7fQHBP+AHXElIZbfZBB3Wl1GibhJs69rAnRH7xGwPLZgjFtT742sUnIOw+ZdGDU7Aws/LyU9AeNcmGVjFHNz3tPi3ikoHV1Glofku/Q7pje69dqoKuDvN/y2U8D8vYIg==,iv:A+/Q9/8ZCaYEUY0V624eOe6nM/9LGVidaK+56KGG+3s=,tag:y0fcBeEoHMgFz85PQkqt+Q==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTbmJOZ3RHVGZyMVdQcXJ5
|
||||||
|
aDdEeUFNTGVlTmxzQTdKNUFzVCt5c1FndEU4Ck9ja28vOXJoWWhlYXI0RXlpS0o1
|
||||||
|
ZUszUi9vc1NiVHFDNXJ3TGdzNUhwOG8KLS0tIEJQRURjZHBqNkVKYkp3YUxuOFdB
|
||||||
|
YnIycXFuV2JiQ1lSZDRIekhFTUpWdDgKYJuej3+o8YOysAm8zaOsxbok9x53vAMi
|
||||||
|
9tAPF1FPC/JJvYJnncpynxEWVLQ9VEQ+T72HDWy6Xf1PD18mhA7ZSw==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0cllLVVYraHRueklwR1h3
|
||||||
|
bDE5TnI4eFBCMjNIcU01MGZlWlJ0K0JGMjNNCnluOGpjaTFhdFk4TUoveS94UlVH
|
||||||
|
K0daVThXcDV6SDRma2pyRHdtUWRhV1kKLS0tIE44T3owMU9pOEkrdlFhM1hwM3Zn
|
||||||
|
VUlELytqTnVNcER1K1BkbStpa0d5UjQK7nF3pq7ajVA2y/2VE+k96INyrWU44uQM
|
||||||
|
SxIEsqjYkuyjaQdYBtxZSqiwpQBKdLj47X8U42m9M9NOjG3Uc0J1og==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAreDF3bms5aXN5blpkZEs4
|
||||||
|
eTNET0ZaRFp5K0FuVWowWTMvWjMvNldBV0E4ClcyOWpKa0RpZXB5dXpsa3o1UkR6
|
||||||
|
V1gxaHhiSERkT0lIQ3l5c1lNMVVpUDgKLS0tIHRCd3pFdnp3WTBJdzBlQ04zWDBN
|
||||||
|
bGhvc213TmV6aDZYbzZhQUNtT3dYVlkKlkUuDfB/81dShrlL1KzfOsE6fNb/7vFE
|
||||||
|
3grwJMKQKZhvN+nK/BVAAUCamdMa07Q+DX0+VXdSc+QspHNpLrRCdg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBheVV6Wkc3NHZiTFAycnU2
|
||||||
|
TDkrTVhGd0gxTmN6aENFdEhnb2JQZ3c0SHljCmZnQTBqVXhGT0FyRUN4VERQZW9T
|
||||||
|
d1QydTMzVG5MdFhYMmV4L1dJRTBtYzQKLS0tIEVMZ1VRbjFjSThoTXB3TW9KcGRM
|
||||||
|
V2JQdGxIUHRkbHdVSXhZMktTWTczazAKtU+XFzoNTfhRC+He+UqM5w/o9VoqJF2r
|
||||||
|
4LIpVuITrD8cCFjRQYBvg/04zdSXoN9plpHcW7EpzoQE1enKNFN02A==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmN254K3k3SksxOENzYURJ
|
||||||
|
SnFVeXdtd2RscGkwMmV6Yk5LSTN6YUhhOUVjCndYajFrZGpwQldiek9XVURMZ3hR
|
||||||
|
Uk9DM1NJQVpqMmxkSnZ5QTJhOUZFWkEKLS0tIHc0V280TDZDby9NbDRRS3pkWDVP
|
||||||
|
QWhJQW5WaTZ2TGtvaGt0OW9nM2tBREkK1GHdyV5JKNWWOXJR0HszGRnGYes+xIlG
|
||||||
|
JMKIZswINap3RUNThr+xOfjajdsj5gBt6N0yozArLNGupxo6qp3zPw==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1se7am4c5dh35aulf5zt38ymf600hz8gah4eudr9ml4fmr8h2eqxszuel73
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5OWVWL3Y1SDYwTTNwcnha
|
||||||
|
SEM3RmlCa01RTkpOczIramIwSE9NdGEyZkJRCjM2dTBIUGNENlhDVHNCN0VxbEZk
|
||||||
|
WUxtOFdjSk1jb2ttanFST05LVER0UVEKLS0tIG9oTk1aRXBHK2RmNXlHZkt1ZUNm
|
||||||
|
bW53aTdhL21hbEZPSkx0d0dZR3BBK3cKkPeXkGtmEqi7MKplyKoIY3yOEFiLAWe0
|
||||||
|
qZHN/IO0dgWmmSKpWQTtrAve9GJx/Apz/9VTouWaVpq3a/pDU1de/A==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-04-10T07:18:45Z"
|
||||||
|
mac: ENC[AES256_GCM,data:eexZeVU3wnYJryPVkIyokKqkvHASFCMBKT9MyTMqf7JAW/gDB+7irGs4WEv8UgJUCHKDNUh5KRngMk/W8ugFccuGhsiDnNUm4/KAMPjL+GtR0EdIjSDNUhwFJYqvN0KiZ47P2zzb3Lfpe3cix7A/HhzF3Vk+NAljnyE9uCk0sEA=,iv:G4dXYsVjpCqr/AxlQmcxArFdx7gPQTRNt8iK5IAYGi8=,tag:aQ1dNARwJd/PBc1aWoK9eA==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.8.1
|
|
@ -39,7 +39,9 @@ in
|
||||||
virtualisation.oci-containers.containers.${app} = {
|
virtualisation.oci-containers.containers.${app} = {
|
||||||
image = "${image}";
|
image = "${image}";
|
||||||
user = "${user}:${group}";
|
user = "${user}:${group}";
|
||||||
|
dependsOn = [ "prowlarr" ];
|
||||||
environment = {
|
environment = {
|
||||||
|
TZ = "${config.time.timeZone}";
|
||||||
PUSHOVER_DEBUG = "false";
|
PUSHOVER_DEBUG = "false";
|
||||||
PUSHOVER_APP_URL = "${app}.${config.networking.domain}";
|
PUSHOVER_APP_URL = "${app}.${config.networking.domain}";
|
||||||
SONARR__INSTANCE_NAME = "Radarr";
|
SONARR__INSTANCE_NAME = "Radarr";
|
||||||
|
@ -52,16 +54,13 @@ in
|
||||||
"/mnt/nas/natflix:/media:rw"
|
"/mnt/nas/natflix:/media:rw"
|
||||||
"/etc/localtime:/etc/localtime:ro"
|
"/etc/localtime:/etc/localtime:ro"
|
||||||
];
|
];
|
||||||
labels = {
|
labels = config.lib.mySystem.mkTraefikLabels {
|
||||||
"traefik.enable" = "true";
|
name = app;
|
||||||
"traefik.http.routers.${app}.entrypoints" = "websecure";
|
inherit port;
|
||||||
"traefik.http.routers.${app}.middlewares" = "local-only@file";
|
|
||||||
"traefik.http.services.${app}.loadbalancer.server.port" = "${toString port}";
|
|
||||||
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
mySystem.services.homepage.media-services = [
|
mySystem.services.homepage.media-services = mkIf cfg.addToHomepage [
|
||||||
{
|
{
|
||||||
Sonarr = {
|
Sonarr = {
|
||||||
icon = "${app}.png";
|
icon = "${app}.png";
|
||||||
|
@ -70,11 +69,21 @@ in
|
||||||
container = "${app}";
|
container = "${app}";
|
||||||
widget = {
|
widget = {
|
||||||
type = "${app}";
|
type = "${app}";
|
||||||
url = "http://${app}:${toString port}";
|
url = "https://${app}.${config.networking.domain}";
|
||||||
key = "{{HOMEPAGE_VAR_SONARR__API_KEY}}";
|
key = "{{HOMEPAGE_VAR_SONARR__API_KEY}}";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
|
mySystem.services.gatus.monitors = mkIf config.mySystem.services.gatus.enable [{
|
||||||
|
|
||||||
|
name = app;
|
||||||
|
group = "arr";
|
||||||
|
url = "https://${app}.${config.networking.domain}";
|
||||||
|
interval = "30s";
|
||||||
|
conditions = [ "[CONNECTED] == true" ];
|
||||||
|
}];
|
||||||
|
|
||||||
};
|
};
|
||||||
}
|
}
|
68
nixos/modules/nixos/containers/arr/sonarr/secrets.sops.yaml
Normal file
68
nixos/modules/nixos/containers/arr/sonarr/secrets.sops.yaml
Normal file
|
@ -0,0 +1,68 @@
|
||||||
|
services:
|
||||||
|
sonarr:
|
||||||
|
env: ENC[AES256_GCM,data:y0OW/T+/6DpkFlwXszG6IyeWs2xIKEwX3KQhw4U6TLQuAlBMwIAD7HeRdT6GE1f1N5MIt46lho+d6vyAXTMs78Oi+R8/HVRQ+Ch4soUM1nNyRtK0FhCzxIlczR+owumJSFst3WfrjHYWolk7z5men8/mQpocJMo7t/n0QozHlNiPkEM2KlKU6viXs4u1UbQwqhmA9I6x2b3vHBrSml7CM0ch4/2IMc5VPagBeaGd1nRHvr+TiHRFv1tbkhbY8O43DcbmVqUHLNBhpyJ7A6Pz,iv:TUAgMJu8HDP+fuRKIQXv3Yi4ImZBv+WaA081e8w7cQw=,tag:rCCR0xBMcHKMiDkGEhsvkw==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoMXVtN2FvVHhia1l1TzRF
|
||||||
|
ZmJucjk1dU9GNGE3UEZLUVZVRnNyWVp1azNVCjRyRGRvSTZpbnB0aDhxaTNLcmll
|
||||||
|
NE9tbVp1b0FxQ0VoSmgrWkRFN3hTS2sKLS0tIEc5VVE5L3d5VTEzQ2hZbFU5MElx
|
||||||
|
NkNJSEdJYjYycDhudUFLWHNVcGZTcUUKm4WNGOnXRIFfYKrsBZAd05p1Y/PgaA+O
|
||||||
|
OMmcQtKKkgv++IW5IN9W637kfIAXRn9+8uREGVfhx08ScZPT0ciyfg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRWUcyUU1ZbGVQMTNZWVNo
|
||||||
|
SGZ0WVVYamYwQzR0UXl1QWpvZ1d4OEh5aEZjCmplQ1laSkdkbzlkc3IzRStQLy8z
|
||||||
|
U2Nmc3dyN3pQaGEzNnBHSDc5Q2FOZ2sKLS0tIFdPc05oTExQeDhMd3RUdzZmTlll
|
||||||
|
OXVFdmFicnlsQjFhM3NyOXVMc2NGelEK5dc1ofhg/asnKpwGlwqxkXf/V0jUPqnA
|
||||||
|
PRZejTMGsct73NtKXvejGJ2vD1lctd3T3vfe3NM+ebKPgDUSOSk6Iw==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiWjZrdWhOVkRGdERNTTBo
|
||||||
|
QlA3bWFtalk2eDlsTTJyWHVrbUlCT2Yvd2xFCmJUUDJUQmxnQi80cHcxMEhtOGJX
|
||||||
|
VDNUZFZoNTI1WHZyNWFWYjdDYTRidmMKLS0tIDNuSm9hTzVDTmsxVmZ0NlhJNmty
|
||||||
|
N0R3OHU2OVdaa2FiWEl0b2E4R0pvQzgKuCmGQA0fJXGzcaASpKDptxhZhjD3Px2X
|
||||||
|
TUkYkzQXUoaDCIkh1le1ntPGwRM36lQQqWtCi7ObvOmNamj8cgGdoA==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaTXZpTGJWODJKcytuTmNh
|
||||||
|
cDEvOUlvaXBUUUxiWHVTSS9pOXZNcUdEOGl3ClFhMnljcmdPQkh6dWg1eTZUOUM4
|
||||||
|
OFBwOEI5aXhnWFhGT3VPYmRZa3EwV1EKLS0tIG5NN0FZa0VVOTRyNkxQdC9lajdM
|
||||||
|
WmJJc05yM0ZJNGtwRFJySFQ4YXdHTXMKqAJM38MRRxEipfVv9k6B6Bzb8i16if05
|
||||||
|
AYdkjb6K6kUnZqzSrqvafmsvP+9Ke2uhr7yCLll1tHhjtMP7TYMW4A==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtSmJvM1FlbXBTOHNsemZF
|
||||||
|
NU9YVnNWT1RrZlc5Y2FIWVBhdXVnRjFyKzNnCjFnSWp6MUdtQjcwYmx2bjJML1ls
|
||||||
|
aWRnN0piMmZKTE91QnZuK1dFSTZHeVkKLS0tIFAzckd3aDVHQTk3eDUxVFdTRURH
|
||||||
|
K0ltdWd6ZDZUOURyNlZsTW9RdVFMY1UKi4OzpjsDeckTIVLwHr1MlYKSqTO7ExXg
|
||||||
|
FIupYmfFvwnQVex5Y/rgtTCiM6qFaV7gzVhG9paGMD5h1g5moG9eBA==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1se7am4c5dh35aulf5zt38ymf600hz8gah4eudr9ml4fmr8h2eqxszuel73
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrNGRjc2xqT243TFFzT3Bk
|
||||||
|
elJmNnlmdUdFS0JjMUdXVW5XUC91YWlSOEEwCm51blRhb2dyM0FzdGZZdUpVcWgv
|
||||||
|
MXN0bFYvOXkvNnVMaW5zNmVaS2R2V2sKLS0tIDQwVys3ZUpHNWdydG1NRUt3Y0Yv
|
||||||
|
Qk94L3lpMjFMWUJUTjVXbnNuSWVMaHMKiewu7zoAMlL55BoU9lZYryVG32e6bg0K
|
||||||
|
toNX6iv4tGZ7EIjgB2L6TKlLisQW+Ta4P7VA+TAd2Z/nfYmDS77jNA==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-04-10T07:18:45Z"
|
||||||
|
mac: ENC[AES256_GCM,data:zGC93zgG64/scDXYlUWY6arUW9f+jIZiA/wC3RBbFokT5430ubXhRVcBErwvqnghuC60sC0ZeNqoJNi4jQwE7BAbnnU8DTUsAoH4qhmNLfUeJtL8oF0NRl3i+hpauabg6E/qNbtuNG0/lUsnWXswz+7VbJP2ggTVpj+h+0vRN20=,iv:2JCto2Sy1i5gmHpAR3VgRbf0I4WSJVQLYxN4Vf/8Uz4=,tag:ZzYRKWy2HnMLyVn8CRJBqg==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.8.1
|
42
nixos/modules/nixos/containers/cross-seed/default.nix
Normal file
42
nixos/modules/nixos/containers/cross-seed/default.nix
Normal file
|
@ -0,0 +1,42 @@
|
||||||
|
{ lib
|
||||||
|
, config
|
||||||
|
, pkgs
|
||||||
|
, ...
|
||||||
|
}:
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
app = "cross-seed";
|
||||||
|
image = "ghcr.io/onedr0p/sabnzbd:4.2.3@sha256:bb20d3940ff32c672111ad7169ce4156f1c4c08bb653241f1b14f6d00f93b3cc";
|
||||||
|
user = "568"; #string
|
||||||
|
group = "568"; #string
|
||||||
|
port = 8080; #int
|
||||||
|
cfg = config.mySystem.services.${app};
|
||||||
|
persistentFolder = "${config.mySystem.persistentFolder}/${app}";
|
||||||
|
configFile = builtins.toFile "config.js" (builtins.toJSON configVar);
|
||||||
|
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options.mySystem.services.${app} =
|
||||||
|
{
|
||||||
|
enable = mkEnableOption "${app}";
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
# ensure folder exist and has correct owner/group
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
"d ${persistentFolder} 0755 ${user} ${group} -" #The - disables automatic cleanup, so the file wont be removed after a period
|
||||||
|
];
|
||||||
|
|
||||||
|
virtualisation.oci-containers.containers.${app} = {
|
||||||
|
image = "${image}";
|
||||||
|
user = "${user}:${group}";
|
||||||
|
cmd = [ "daemon" ];
|
||||||
|
volumes = [
|
||||||
|
"${persistentFolder}:/config:rw"
|
||||||
|
"${configFile}:/config/config.yaml:ro"
|
||||||
|
"/etc/localtime:/etc/localtime:ro"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
};
|
||||||
|
}
|
9
nixos/modules/nixos/containers/default.nix
Normal file
9
nixos/modules/nixos/containers/default.nix
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./arr
|
||||||
|
./homepage
|
||||||
|
./gatus
|
||||||
|
./sabnzbd
|
||||||
|
./qbittorrent
|
||||||
|
];
|
||||||
|
}
|
230
nixos/modules/nixos/containers/gatus/default.nix
Normal file
230
nixos/modules/nixos/containers/gatus/default.nix
Normal file
|
@ -0,0 +1,230 @@
|
||||||
|
{ lib
|
||||||
|
, config
|
||||||
|
, pkgs
|
||||||
|
, ...
|
||||||
|
}:
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
app = "gatus";
|
||||||
|
image = "ghcr.io/twin/gatus:v5.8.0@sha256:fecb4c38722df59f5e00ab4fcf2393d9b8dad9161db208d8d79386dc86da8a55";
|
||||||
|
user = "568"; #string
|
||||||
|
group = "568"; #string
|
||||||
|
port = 8080; #int
|
||||||
|
cfg = config.mySystem.services.${app};
|
||||||
|
persistentFolder = "${config.mySystem.persistentFolder}/${app}";
|
||||||
|
containerPersistentFolder = "/config";
|
||||||
|
extraEndpoints = [
|
||||||
|
{
|
||||||
|
name = "firewall";
|
||||||
|
group = "servers";
|
||||||
|
url = "icmp://unifi.l.trux.dev";
|
||||||
|
interval = "30s";
|
||||||
|
alerts = [{ type = "pushover"; }];
|
||||||
|
conditions = [ "[CONNECTED] == true" ];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
name = "pikvm";
|
||||||
|
group = "servers";
|
||||||
|
url = "icmp://pikvm.l.trux.dev";
|
||||||
|
interval = "30s";
|
||||||
|
alerts = [{ type = "pushover"; }];
|
||||||
|
conditions = [ "[CONNECTED] == true" ];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
name = "octoprint";
|
||||||
|
group = "servers";
|
||||||
|
url = "icmp://prusa.l.trux.dev";
|
||||||
|
interval = "30s";
|
||||||
|
alerts = [{ type = "pushover"; }];
|
||||||
|
conditions = [ "[CONNECTED] == true" ];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
name = "icarus";
|
||||||
|
group = "k8s";
|
||||||
|
url = "icmp://icarus.l.trux.dev";
|
||||||
|
interval = "30s";
|
||||||
|
alerts = [{ type = "pushover"; }];
|
||||||
|
conditions = [ "[CONNECTED] == true" ];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
name = "xerxes";
|
||||||
|
group = "k8s";
|
||||||
|
url = "icmp://xerxes.l.trux.dev";
|
||||||
|
interval = "30s";
|
||||||
|
alerts = [{ type = "pushover"; }];
|
||||||
|
conditions = [ "[CONNECTED] == true" ];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
name = "shodan";
|
||||||
|
group = "k8s";
|
||||||
|
url = "icmp://shodan.l.trux.dev";
|
||||||
|
interval = "30s";
|
||||||
|
alerts = [{ type = "pushover"; }];
|
||||||
|
conditions = [ "[CONNECTED] == true" ];
|
||||||
|
}
|
||||||
|
|
||||||
|
{
|
||||||
|
name = "helios";
|
||||||
|
group = "servers";
|
||||||
|
url = "icmp://helios.l.trux.dev";
|
||||||
|
interval = "30s";
|
||||||
|
alerts = [{ type = "pushover"; }];
|
||||||
|
conditions = [ "[CONNECTED] == true" ];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
name = "dns01 external dns";
|
||||||
|
group = "dns";
|
||||||
|
url = "dns01.l.trux.dev";
|
||||||
|
dns = {
|
||||||
|
query-name = "cloudflare.com";
|
||||||
|
query-type = "A";
|
||||||
|
};
|
||||||
|
interval = "30s";
|
||||||
|
alerts = [{ type = "pushover"; }];
|
||||||
|
conditions = [ "[DNS_RCODE] == NOERROR" ];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
name = "dns02 external dns";
|
||||||
|
group = "dns";
|
||||||
|
url = "dns02.l.trux.dev";
|
||||||
|
dns = {
|
||||||
|
query-name = "cloudflare.com";
|
||||||
|
query-type = "A";
|
||||||
|
};
|
||||||
|
interval = "30s";
|
||||||
|
alerts = [{ type = "pushover"; }];
|
||||||
|
conditions = [ "[DNS_RCODE] == NOERROR" ];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
name = "dns01 internal dns";
|
||||||
|
group = "dns";
|
||||||
|
url = "dns01.l.trux.dev";
|
||||||
|
dns = {
|
||||||
|
query-name = "unifi.l.trux.dev";
|
||||||
|
query-type = "A";
|
||||||
|
};
|
||||||
|
interval = "30s";
|
||||||
|
alerts = [{ type = "pushover"; }];
|
||||||
|
conditions = [ "[DNS_RCODE] == NOERROR" ];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
name = "dns02 internal dns";
|
||||||
|
group = "dns";
|
||||||
|
url = "dns02.l.trux.dev";
|
||||||
|
dns = {
|
||||||
|
query-name = "unifi.l.trux.dev";
|
||||||
|
query-type = "A";
|
||||||
|
};
|
||||||
|
interval = "30s";
|
||||||
|
alerts = [{ type = "pushover"; }];
|
||||||
|
conditions = [ "[DNS_RCODE] == NOERROR" ];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
name = "dns01 split DNS";
|
||||||
|
group = "dns";
|
||||||
|
url = "dns01.l.trux.dev";
|
||||||
|
dns = {
|
||||||
|
query-name = "${app}.trux.dev";
|
||||||
|
query-type = "A";
|
||||||
|
};
|
||||||
|
interval = "30s";
|
||||||
|
alerts = [{ type = "pushover"; }];
|
||||||
|
conditions = [ "[DNS_RCODE] == NOERROR" ];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
name = "dns02 split DNS";
|
||||||
|
group = "dns";
|
||||||
|
url = "dns02.l.trux.dev";
|
||||||
|
dns = {
|
||||||
|
query-name = "${app}.trux.dev";
|
||||||
|
query-type = "A";
|
||||||
|
};
|
||||||
|
interval = "30s";
|
||||||
|
alerts = [{ type = "pushover"; }];
|
||||||
|
conditions = [ "[DNS_RCODE] == NOERROR" ];
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
] ++ config.mySystem.services.gatus.monitors;
|
||||||
|
|
||||||
|
configAlerting = {
|
||||||
|
pushover = {
|
||||||
|
title = "${app} Internal";
|
||||||
|
application-token = "$PUSHOVER_APP_TOKEN";
|
||||||
|
user-key = "$PUSHOVER_USER_KEY";
|
||||||
|
default-alert = {
|
||||||
|
failure-threshold = 5;
|
||||||
|
success-threshold = 2;
|
||||||
|
send-on-resolved = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
configVar =
|
||||||
|
{
|
||||||
|
metrics = true;
|
||||||
|
endpoints = extraEndpoints;
|
||||||
|
alerting = configAlerting;
|
||||||
|
ui = {
|
||||||
|
title = "Home Status | Gatus";
|
||||||
|
header = "Home Status";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
configFile = builtins.toFile "config.yaml" (builtins.toJSON configVar);
|
||||||
|
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options.mySystem.services.${app} =
|
||||||
|
{
|
||||||
|
enable = mkEnableOption "${app}";
|
||||||
|
addToHomepage = mkEnableOption "Add ${app} to homepage" // { default = true; };
|
||||||
|
monitors = lib.mkOption {
|
||||||
|
type = lib.types.listOf lib.types.attrs;
|
||||||
|
description = "Services to add for montoring";
|
||||||
|
default = [ ];
|
||||||
|
};
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
sops.secrets."services/${app}/env" = {
|
||||||
|
sopsFile = ./secrets.sops.yaml;
|
||||||
|
owner = config.users.users.kah.name;
|
||||||
|
inherit (config.users.users.kah) group;
|
||||||
|
restartUnits = [ "podman-${app}.service" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
virtualisation.oci-containers.containers.${app} = {
|
||||||
|
image = "${image}";
|
||||||
|
user = "${user}:${group}";
|
||||||
|
environmentFiles = [ config.sops.secrets."services/${app}/env".path ];
|
||||||
|
volumes = [
|
||||||
|
"/etc/localtime:/etc/localtime:ro"
|
||||||
|
"${configFile}:/config/config.yaml:ro"
|
||||||
|
];
|
||||||
|
|
||||||
|
labels = config.lib.mySystem.mkTraefikLabels {
|
||||||
|
name = app;
|
||||||
|
inherit port;
|
||||||
|
};
|
||||||
|
|
||||||
|
extraOptions = [ "--cap-add=NET_RAW" ]; # Required for ping/etc to do monitoring
|
||||||
|
};
|
||||||
|
|
||||||
|
mySystem.services.homepage.infrastructure-services = mkIf cfg.addToHomepage [
|
||||||
|
{
|
||||||
|
"Gatus Internal" = {
|
||||||
|
icon = "${app}.png";
|
||||||
|
href = "https://${app}.${config.networking.domain}";
|
||||||
|
description = "Internal Infrastructure Monitoring";
|
||||||
|
container = "${app}";
|
||||||
|
widget = {
|
||||||
|
type = "${app}";
|
||||||
|
url = "https://${app}.${config.networking.domain}";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}
|
68
nixos/modules/nixos/containers/gatus/secrets.sops.yaml
Normal file
68
nixos/modules/nixos/containers/gatus/secrets.sops.yaml
Normal file
|
@ -0,0 +1,68 @@
|
||||||
|
services:
|
||||||
|
gatus:
|
||||||
|
env: ENC[AES256_GCM,data:Wx6rATQ7Q7XUh47ZyV19wXH6Rv1YY43Rd5ijFmFCK2cjQ0p6uVPJ/JQqtSd99daAmT0844ug6PTUGMiVajm+fFZSV9gi294/5s25OOVRZiL+QND0rHF0xPWEUnIsBNmvk1LV,iv:PLds5favGpAwJVmlQEYJaunkTGPQH+OtehP+fK2Gagg=,tag:VIf02wjvPG9MYPN+y9vyRA==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDTWxxVitWUTMyTTB5LzBH
|
||||||
|
MktCV044YUMyZzRUc0dIQk9YVEJoUFhQZjBnCndXUG5vQW5aNlkyWWl4WHZ6RDcr
|
||||||
|
OU5RTFN6RHFkdlU4aUlDL3NSRVBxKzgKLS0tIFdtY2JZNlVKWHlGV1RESFhGK0V1
|
||||||
|
VGFCU0hmRFBPR3pGSGxyOU9mcFZyMzgKCc2Ti52M0ZMibetv1pg6hiMSXfb6JdAg
|
||||||
|
ZYEmOfoa0yvrt8Hn1gmYDpBH4UPQRh8x9uIW1uR7kfOoWsjQPzwkrA==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJd29DMEMxbXNJcGczTEd3
|
||||||
|
RGMvSEVuUEFzWklQTTBWck40RkV3OTF6d3lzCkNyNEFsV3Vua1JJeU56Mmhma2JI
|
||||||
|
K1pCcGZuS3BQWERtK28rYStHU29pNzgKLS0tIFFsMnlFblRhc2k4dlhFTnBIZjhY
|
||||||
|
WlRNbERzU1pxelZxVFlDbFdtNm53ekUKrK7AClzYOwTaBowqf0J6wg987MWSNydh
|
||||||
|
yOF4SbGj0LScSVz0ZM3wwaP1QFtI+ziojVuMd0sIuRZixUHkD3n25g==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPbkdNMUlpY2IzZ1BrTVdi
|
||||||
|
cEFRTkFCMkpJeGhqRXEzY3ZaRHcxZVVDYWlrCnFBR2xrZDkyL2padmI3TkdYQ05R
|
||||||
|
SE1GQVR3OHdoRDUvams4Nk1vbEVVVEEKLS0tIFdCM0RDanBBbUdEN1lrSVN6TFVJ
|
||||||
|
ZGkydk1VVkZxZmlmVHg2KzdvNUtuYnMKRI7q8nyzq+Kqjx+9qJxXJ1YBSsOSFJXJ
|
||||||
|
ZzKYDf/OvQuqdOmsKOzjEOPANCgjbZ3w2no2A/lVyhiaYg1yQM6Vdw==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiUUduTFhmNkhtZnU4R2ZK
|
||||||
|
YlJwUDg0c1REL2NoYTZPS0Vyc0lMNkNkc3pzClZNektlYkp2TkdtTUFGZUlwbkly
|
||||||
|
bmZ2Y1Z4MjBmZzZEVFAweUJHUU9KSWsKLS0tIE5NMkRIY3h4TGNpNnpkNHBDRTgx
|
||||||
|
TFJSU1VXVzBxWDh0RUYxc0NFamZEV3MK7sIQcpSrYSDjuliI/taIKzi9qryHt1dR
|
||||||
|
E7W433ZZykhKyRn5IYAOrOCabc5E5Ny7wyd7TjlJs/IqSB+16TII9Q==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVQlZXSnZoNFlkcDE0Q1Qr
|
||||||
|
TUFoYU1KRmp6aXY1c3FGeWx4RUQ0azJlYXdjCjFzQTF4S1VHUUNTaWloT1dHcnk3
|
||||||
|
Qzg1dGVxa0V1L2tsUllDZzhnbjhBVzgKLS0tIEZYWkJpV1V3ZWUyLzAyZnhKVHU1
|
||||||
|
M0xraFdna05SeHVuQXlsT2VmSW56QVkKAZsbdSvrzJDnxAY2PlM7re05GJvrElD/
|
||||||
|
74dbBdReIuLQZnanU5KRh5sp41HoxtK8vRBteZE+zy3vva5CIylKEg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1se7am4c5dh35aulf5zt38ymf600hz8gah4eudr9ml4fmr8h2eqxszuel73
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHSGY0UFA4SDlDYWMyN2xa
|
||||||
|
ZFFyemFMRjh3ZVBlUGpyYjNmWW03SlRrU1gwCll5elRzMjZKRjBmUkRNVDVVSGNx
|
||||||
|
K2lWUnlTL1E3RlJyMEdJQUZPaFJzTkUKLS0tIGhLWEF4Z1ZTNkZjeHl1WWloa3Rp
|
||||||
|
dE42TnhlK2szanphamFsZHl2V1o2OGMKpIS2v2mnofHOSpALJh+g9/2C3GIMH3oY
|
||||||
|
GuPsMaRCxUW1NAL/i5EjNKm8t3QKR9r+JnIwCTDNkQdG1N00gpUgRg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-04-10T07:18:45Z"
|
||||||
|
mac: ENC[AES256_GCM,data:0ECI2z14unAGgc2xcRdjjkaaAzi0c/x7V9HcTtB9tdMKZwIINHu+m1UC4SG+prRBuTX+7j4tpN343PzdgYzeXSx/aZlUDgc5cwPpgJyLhmIkDG8vPaKxcxtKOD5tHrnHe8tpdrZ3+/5NqneLPshlJZMX12PSpln50O8g9YPVKiI=,iv:5wGiTGpJ7+7U4XmRd6dH8455po/65XqT9+cdNxGuQwg=,tag:cXJ8sAEYkYDnZ6I/32y+0w==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.8.1
|
|
@ -14,12 +14,31 @@ let
|
||||||
|
|
||||||
cfg = config.mySystem.services.homepage;
|
cfg = config.mySystem.services.homepage;
|
||||||
|
|
||||||
settings = {
|
# TODO refactor out this sht
|
||||||
# title = "Hades";
|
settings =
|
||||||
# theme = "dark";
|
{
|
||||||
# color = "slate";
|
title = "NatFlix";
|
||||||
showStats = true;
|
theme = "dark";
|
||||||
};
|
color = "slate";
|
||||||
|
showStats = true;
|
||||||
|
disableCollape = true;
|
||||||
|
cardBlur = "md";
|
||||||
|
statusStyle = "none";
|
||||||
|
|
||||||
|
datetime = {
|
||||||
|
text_size = "l";
|
||||||
|
format = {
|
||||||
|
timeStyle = "short";
|
||||||
|
dateStyle = "short";
|
||||||
|
hourCycle = "h23";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
providers = {
|
||||||
|
openweathermap = "{{HOMEPAGE_VAR_OPENWEATHERMAP_API_KEY}}";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
settingsFile = builtins.toFile "homepage-settings.yaml" (builtins.toJSON settings);
|
settingsFile = builtins.toFile "homepage-settings.yaml" (builtins.toJSON settings);
|
||||||
|
|
||||||
bookmarks = [
|
bookmarks = [
|
||||||
|
@ -55,20 +74,93 @@ let
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
search = {
|
datetime = {
|
||||||
provider = "duckduckgo";
|
text_size = "l";
|
||||||
target = "_blank";
|
locale = "au";
|
||||||
|
format = {
|
||||||
|
timeStyle = "short";
|
||||||
|
dateStyle = "short";
|
||||||
|
hourCycle = "h23";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
{
|
||||||
|
openmeteo = {
|
||||||
|
label = "Melbourne";
|
||||||
|
latitude = "-37.8136";
|
||||||
|
longitude = "144.9631";
|
||||||
|
timezone = config.time.timeZone;
|
||||||
|
units = "metric";
|
||||||
|
cache = 5;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
widgetsFile = builtins.toFile "homepage-widgets.yaml" (builtins.toJSON widgets);
|
widgetsFile = builtins.toFile "homepage-widgets.yaml" (builtins.toJSON widgets);
|
||||||
|
|
||||||
|
extraInfrastructure = [
|
||||||
|
{
|
||||||
|
"UDMP" = {
|
||||||
|
href = "https://10.8.10.1";
|
||||||
|
description = "Unifi Dream Machine Pro";
|
||||||
|
icon = "ubiquiti";
|
||||||
|
widget = {
|
||||||
|
url = "https://10.8.10.1:443";
|
||||||
|
username = "unifi_read_only";
|
||||||
|
password = "{{HOMEPAGE_VAR_UNIFI_PASSWORD}}";
|
||||||
|
type = "unifi";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
{
|
||||||
|
"Nextdns" = {
|
||||||
|
href = "https://my.nextdns.io/";
|
||||||
|
description = "Adblocking DNS";
|
||||||
|
icon = "nextdns";
|
||||||
|
widget = {
|
||||||
|
profile = "{{HOMEPAGE_VAR_NEXTDNS_TRUSTED_PROFILE}}";
|
||||||
|
key = "{{HOMEPAGE_VAR_NEXTDNS_API_KEY}}";
|
||||||
|
type = "nextdns";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
{
|
||||||
|
"Cloudflare" = {
|
||||||
|
href = "https://dash.cloudflare.com";
|
||||||
|
description = "DNS and security provider";
|
||||||
|
icon = "cloudflare";
|
||||||
|
widget = {
|
||||||
|
key = "{{HOMEPAGE_VAR_CLOUDFLARE_TUNNEL_API}}";
|
||||||
|
accountid = "{{HOMEPAGE_VAR_CLOUDFLARE_ACCOUNT_ID}}";
|
||||||
|
tunnelid = "{{HOMEPAGE_VAR_CLOUDFLARE_TUNNEL_ID}}";
|
||||||
|
type = "cloudflared";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
];
|
||||||
|
|
||||||
|
extraHome = [
|
||||||
|
{
|
||||||
|
"Prusa Octoprint" = {
|
||||||
|
href = "http://prusa:5000"; # TODO fix with better hostname
|
||||||
|
description = "Prusa MK3s 3D printer";
|
||||||
|
icon = "octoprint";
|
||||||
|
widget = {
|
||||||
|
type = "octoprint";
|
||||||
|
url = "http://prusa:5000";
|
||||||
|
key = "{{HOMEPAGE_VAR_PRUSA_OCTOPRINT_API}}";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
];
|
||||||
services = [
|
services = [
|
||||||
{ Infrastructure = cfg.infrastructure-services; }
|
{ Infrastructure = cfg.infrastructure-services ++ extraInfrastructure; }
|
||||||
{ Home = cfg.home-services; }
|
{ Home = cfg.home-services ++ extraHome; }
|
||||||
{ Media = cfg.media-services; }
|
{ Media = cfg.media-services; }
|
||||||
];
|
];
|
||||||
servicesFile = builtins.toFile "homepage-config.yaml" (builtins.toJSON services);
|
servicesFile = builtins.toFile "homepage-config.yaml" (builtins.toJSON services);
|
||||||
|
emptyFile = builtins.toFile "docker.yaml" (builtins.toJSON [{ }]);
|
||||||
|
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
options.mySystem.services.homepage = {
|
options.mySystem.services.homepage = {
|
||||||
|
@ -92,6 +184,18 @@ in
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
|
|
||||||
|
# homepage secrets
|
||||||
|
# ensure you dont have whitespace around your ='s!
|
||||||
|
# ex: HOMEPAGE_VAR_CLOUDFLARE_TUNNEL_API="supersecretlol"
|
||||||
|
sops.secrets."services/homepage/env" = {
|
||||||
|
# configure secret for forwarding rules
|
||||||
|
sopsFile = ./secrets.sops.yaml;
|
||||||
|
owner = "kah";
|
||||||
|
group = "kah";
|
||||||
|
restartUnits = [ "podman-${app}.service" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
# api secrets from other apps
|
||||||
sops.secrets."services/sonarr/env" = {
|
sops.secrets."services/sonarr/env" = {
|
||||||
# configure secret for forwarding rules
|
# configure secret for forwarding rules
|
||||||
sopsFile = ../arr/sonarr/secrets.sops.yaml;
|
sopsFile = ../arr/sonarr/secrets.sops.yaml;
|
||||||
|
@ -128,11 +232,6 @@ in
|
||||||
restartUnits = [ "podman-${app}.service" ];
|
restartUnits = [ "podman-${app}.service" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
# ensure folder exist and has correct owner/group
|
|
||||||
systemd.tmpfiles.rules = [
|
|
||||||
"d ${persistentFolder} 0755 ${user} ${group} -" #The - disables automatic cleanup, so the file wont be removed after a period
|
|
||||||
];
|
|
||||||
|
|
||||||
virtualisation.oci-containers.containers.${app} = {
|
virtualisation.oci-containers.containers.${app} = {
|
||||||
image = "${image}";
|
image = "${image}";
|
||||||
user = "${user}:${group}";
|
user = "${user}:${group}";
|
||||||
|
@ -141,9 +240,13 @@ in
|
||||||
UMASK = "002";
|
UMASK = "002";
|
||||||
PUID = "${user}";
|
PUID = "${user}";
|
||||||
PGID = "${group}";
|
PGID = "${group}";
|
||||||
|
LOG_TARGETS = "stdout";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# secrets
|
||||||
environmentFiles = [
|
environmentFiles = [
|
||||||
|
config.sops.secrets."services/homepage/env".path
|
||||||
|
|
||||||
config.sops.secrets."services/sonarr/env".path
|
config.sops.secrets."services/sonarr/env".path
|
||||||
config.sops.secrets."services/radarr/env".path
|
config.sops.secrets."services/radarr/env".path
|
||||||
config.sops.secrets."services/readarr/env".path
|
config.sops.secrets."services/readarr/env".path
|
||||||
|
@ -151,11 +254,15 @@ in
|
||||||
config.sops.secrets."services/prowlarr/env".path
|
config.sops.secrets."services/prowlarr/env".path
|
||||||
];
|
];
|
||||||
|
|
||||||
labels = {
|
# labels = {
|
||||||
"traefik.enable" = "true";
|
# "traefik.enable" = "true";
|
||||||
"traefik.http.routers.${app}.entrypoints" = "websecure";
|
# "traefik.http.routers.${app}.entrypoints" = "websecure";
|
||||||
"traefik.http.routers.${app}.middlewares" = "local-only@file";
|
# "traefik.http.routers.${app}.middlewares" = "local-ip-only@file";
|
||||||
"traefik.http.services.${app}.loadbalancer.server.port" = "${toString port}";
|
# "traefik.http.services.${app}.loadbalancer.server.port" = "${toString port}";
|
||||||
|
# };
|
||||||
|
labels = config.lib.mySystem.mkTraefikLabels {
|
||||||
|
name = app;
|
||||||
|
inherit port;
|
||||||
};
|
};
|
||||||
# not using docker socket for discovery, just
|
# not using docker socket for discovery, just
|
||||||
# building up the apps from a shared key
|
# building up the apps from a shared key
|
||||||
|
@ -164,15 +271,28 @@ in
|
||||||
# easier to have/move services between hosts
|
# easier to have/move services between hosts
|
||||||
volumes = [
|
volumes = [
|
||||||
"/etc/localtime:/etc/localtime:ro"
|
"/etc/localtime:/etc/localtime:ro"
|
||||||
"${persistentFolder}:/app/config/logs:rw"
|
"${settingsFile}:/app/config/settings.yaml:ro"
|
||||||
"${settingsFile}:/app/config/settings.yaml"
|
"${servicesFile}:/app/config/services.yaml:ro"
|
||||||
"${servicesFile}:/app/config/services.yaml"
|
"${bookmarksFile}:/app/config/bookmarks.yaml:ro"
|
||||||
"${bookmarksFile}:/app/config/bookmarks.yaml"
|
"${widgetsFile}:/app/config/widgets.yaml:ro"
|
||||||
"${widgetsFile}:/app/config/widgets.yaml"
|
"${emptyFile}:/app/config/docker.yaml:ro"
|
||||||
|
"${emptyFile}:/app/config/kubernetes.yaml:ro"
|
||||||
];
|
];
|
||||||
|
|
||||||
|
extraOptions = [
|
||||||
|
"--read-only"
|
||||||
|
"--tmpfs=/app/config"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
mySystem.services.gatus.monitors = mkIf config.mySystem.services.gatus.enable [{
|
||||||
|
name = app;
|
||||||
|
group = "infrastructure";
|
||||||
|
url = "https://${app}.${config.networking.domain}";
|
||||||
|
interval = "30s";
|
||||||
|
conditions = [ "[CONNECTED] == true" ];
|
||||||
|
}];
|
||||||
|
|
||||||
|
|
||||||
};
|
};
|
||||||
}
|
}
|
68
nixos/modules/nixos/containers/homepage/secrets.sops.yaml
Normal file
68
nixos/modules/nixos/containers/homepage/secrets.sops.yaml
Normal file
|
@ -0,0 +1,68 @@
|
||||||
|
services:
|
||||||
|
homepage:
|
||||||
|
env: ENC[AES256_GCM,data:9T4cgUUy631Hp9GRiR2N2MTJxOfiV/O3b0huRRTGH8vbgXZRbwn6xkE2hyJgvaPxLyybvcZSTMP7h73lqUuOiSl1FNlWE1QJpkkWew2XAbxSV7yYoFf573csD/fMnfDjS2CWjVR2fPbPUDfmFSx0nVjKo4k3zgDbGPTpiGXdVzN7OdvkwTfsMmpXL0Risl0a9NK7Iiriwk+Ieg5peJllxGlmHNgEnbgykZe0JjZlWbqg5KFmK+vN8cvSrlhsjfYeoVcTaSjQJ9SdeqQmRaThA9DE8cMY4dS395gWF6Y4hkmZ8uPrMnY9HIHn5qgv4LCKBL8UB8BaYH6yAk/zIFIRM3GEsLObMiHgUurgZDrrMFuzn46lngXBfUZp9bFYPJ5WEUEPrFaEeFVz3HHYbtSpxiGDfrDLmKNConC44G/sU0snMANUntvEpMXdhwBIzfhtPzu9XChYiVkvLOU28Z624UOYNd0tKLtZpFk9gME5nsIF5+Z6Rk+f5ycv6+h4Ruv0Yx1+I3pXsjiiio1CT6hh/D7nM3/SgbWp/LHMOtV0YKnvTL89BDmFMDZdy452dVSw+xOX9hE4L79HDThIYX2fZKQ8CkZTyE1f9/6cU03GDA893oQ6k9nG1cY1vW2zgQLXSnYR4hQ2HbUXOlpEAp1Nm6t5yVdST8bSGHvlV+Sn/JI4OFi7NgM+66Owf/b/SzuuhHUzfvtk6O3VEvyyOySA3GwRIwowsQydu4/QN7ZogJ5yqvCMTQU34J1WalRqM1dohnOXI84+fakdz1M2E68wMs1rIyuXa7w6Tn6DoE2nx7n1wQ==,iv:kaW+31hzliWY/sMZyVr8bIvAk0MwfLJVdHiRrcVICoQ=,tag:FPp+sn1AYVBJyLQy14vogg==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhenRKQldGQkVlRmhKd1dY
|
||||||
|
R0lPM0FOekU4SWdIZS9oWU5nZlNsaTRua1MwCkFINGZ1cWhURUlLMmhqQjQ4blRM
|
||||||
|
eFR2anR6VGZFZy8wN28rNXhkbk9DcGMKLS0tIGxQbTV2eWNNbEg4Y2o2UGM4WmlB
|
||||||
|
RmF5Q1pFMGs1cVJqaHExL1Q1WVBDSE0Kc/gxa62PA75jGtLhhTlweL+1jbNA34UG
|
||||||
|
lAdqTDI81uQVHuX/K7CSffMSNa1dQR9BBwSmAI7FD1q+gdnx3qOXog==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKKzljNnRwWEpJUS84bGtG
|
||||||
|
QjVIL2xUZDhtVGozWE1Wd1h5NWNpM1gvRzFRCk9nN2ZQQWxSNU1URytqRTFQNU1k
|
||||||
|
WVhDWEVicENUZnlZODF6b0JDMUdoaWsKLS0tIGFiMUMzVExncHVmQU9ETDdYSkpa
|
||||||
|
YVdadDJDVWkyMXJ3YVhLUnJxUEp1bjgKRM5xrW3hl1RgcK0ynHSEnwV5J8uHyGiP
|
||||||
|
8p5bnKrE5YYtBaK8d6O0evKgufxEhnajwvuOATlfbRBlmbce/BjhgA==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJR3hCVVlXZFU0UGsrckl0
|
||||||
|
MGVDV0hSQVJqeTFraFFqK1I0emdxem9Ga1dzCi9HemtJMGNOenBVRzAzS0I1cUE4
|
||||||
|
dGdoWnZXODVzRGtIM293R3F3M0VpcjgKLS0tIDNUT1Yvb2NKckxWMW9yYkJPK0hj
|
||||||
|
U2VhOUFXSnVtaHl6WUVBSVBXUHkvYVUKhHGoMsNhwnbq0YOTX7U9h119GxsYq+u9
|
||||||
|
fwhkqozV8/yIH/pgu14ZKrXJyzXhC1jWgYXqhGVVzpuJelCg4V86cg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzZ1B3QjlrSHZDU3Y1bng4
|
||||||
|
aTcvN3M5K0Vabm9wb21RQ3VxYkxJWnRVakZNCmVEOC9nbDlXaS9hUHk4blRValJO
|
||||||
|
THJ1ajEvbFVsN3FwU2ZBdkNudlhmU3MKLS0tIDFDL0ZnTE5IaHU5dUF5UVNzRkt6
|
||||||
|
ZUh5MjNBeXNBa0JBWEhaVE90azMvT28KLd980Jlt+vkIKYuM3BbSBIEZjiec6s+i
|
||||||
|
8/SKkpwuuzGPHEnA3VsV2a9o8ejzQOPFQjSbd2Fw8caKjF9T6KFqTA==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLWlkzWmJBZmVFbU84SFI4
|
||||||
|
ck4wTDc3Z0VGbmxRNGRKRkJ3Qmd1LytVZnlBCjErNjNSNy9nTTVMMzBMbWRUU2FV
|
||||||
|
SU1QeUI3bEpGV3ZCUHRFUWpsZHo3Z1EKLS0tIHZNd2xrT1hrKzhTWHU5STdyV3U3
|
||||||
|
ZGd4SU52YkVNWHBkWGNvTjBDUXNsNlEKnLnev2PXIwVqUMqttGFQra3/pmHG2jhz
|
||||||
|
h6OANuguMMCasK1CaMY8s756Lm/7qgoCO1l8pnx2Effet514gR7Bbw==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1se7am4c5dh35aulf5zt38ymf600hz8gah4eudr9ml4fmr8h2eqxszuel73
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlMDVnd3NmWWJUczhwb3hs
|
||||||
|
UVE3S0llK1FKL3ArYW9xWms2ZXhzYkJYY2xvCmxPTVlvY0tpcXRwTExmUm9WL3oy
|
||||||
|
bU54eEVtMkU0Y21BVDZ6Sy9YNkZWSDQKLS0tIGYvbUxzRXpRQmU1a0czVGRENXpj
|
||||||
|
dkNtZWNnek9uUnd1Z2U2enR4N1hqWE0K1Zu/GCw/aIPkXvWmVSxqZwBSnagjXS1J
|
||||||
|
uyefLabImtdR4FjWSPsldIACH1zi69ucaXTccQptrxqABzqltjBXxA==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-04-10T07:18:45Z"
|
||||||
|
mac: ENC[AES256_GCM,data:aKCkHTYBHaSZpn43uI6Ihws2CETNnbsKvR4+BkqbHd1FpPrZ4V1wojaPcQSFNULgYmAnQM6MJD0may6OGt9Ux16U/ygytCt1BMVTMhxihb2R9IdlQxxDnou56e+E/jTjwIei2yr2RBxra+d47NbF6domaQ66DoIAmGELPfqcOg8=,iv:wyLUspsNZsYQMcqzl6UT6TcURYGLkUnU616xb8huqho=,tag:APVPI3+Lhvvw11sHIs33HA==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.8.1
|
71
nixos/modules/nixos/containers/qbittorrent/default.nix
Normal file
71
nixos/modules/nixos/containers/qbittorrent/default.nix
Normal file
|
@ -0,0 +1,71 @@
|
||||||
|
{ lib
|
||||||
|
, config
|
||||||
|
, pkgs
|
||||||
|
, ...
|
||||||
|
}:
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
app = "qbittorrent";
|
||||||
|
image = "ghcr.io/onedr0p/qbittorrent:4.6.3@sha256:a4ad890e8c4a287c17d12ca22eb1d84a046aba2efbd882bf7d6eb12459f6a70c";
|
||||||
|
user = "568"; #string
|
||||||
|
group = "568"; #string
|
||||||
|
port = 8080; #int
|
||||||
|
cfg = config.mySystem.services.${app};
|
||||||
|
persistentFolder = "${config.mySystem.persistentFolder}/${app}";
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options.mySystem.services.${app} =
|
||||||
|
{
|
||||||
|
enable = mkEnableOption "${app}";
|
||||||
|
addToHomepage = mkEnableOption "Add ${app} to homepage" // { default = true; };
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
# ensure folder exist and has correct owner/group
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
"d ${persistentFolder} 0755 ${user} ${group} -" #The - disables automatic cleanup, so the file wont be removed after a period
|
||||||
|
];
|
||||||
|
|
||||||
|
virtualisation.oci-containers.containers.${app} = {
|
||||||
|
image = "${image}";
|
||||||
|
user = "${user}:${group}";
|
||||||
|
environment = {
|
||||||
|
QBITTORRENT__BT_PORT = "32189";
|
||||||
|
};
|
||||||
|
volumes = [
|
||||||
|
"${persistentFolder}:/config:rw"
|
||||||
|
"/mnt/nas/natflix:/media:rw"
|
||||||
|
"/etc/localtime:/etc/localtime:ro"
|
||||||
|
];
|
||||||
|
labels = config.lib.mySystem.mkTraefikLabels {
|
||||||
|
name = app;
|
||||||
|
inherit port;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
mySystem.services.homepage.media-services = mkIf cfg.addToHomepage [
|
||||||
|
{
|
||||||
|
Qbittorrent = {
|
||||||
|
icon = "${app}.png";
|
||||||
|
href = "https://${app}.${config.networking.domain}";
|
||||||
|
description = "Torrent Downloader";
|
||||||
|
container = "${app}";
|
||||||
|
widget = {
|
||||||
|
type = "${app}";
|
||||||
|
url = "https://${app}.${config.networking.domain}";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
mySystem.services.gatus.monitors = mkIf config.mySystem.services.gatus.enable [{
|
||||||
|
|
||||||
|
name = app;
|
||||||
|
group = "arr";
|
||||||
|
url = "https://${app}.${config.networking.domain}";
|
||||||
|
interval = "30s";
|
||||||
|
conditions = [ "[CONNECTED] == true" ];
|
||||||
|
}];
|
||||||
|
|
||||||
|
};
|
||||||
|
}
|
72
nixos/modules/nixos/containers/sabnzbd/default.nix
Normal file
72
nixos/modules/nixos/containers/sabnzbd/default.nix
Normal file
|
@ -0,0 +1,72 @@
|
||||||
|
{ lib
|
||||||
|
, config
|
||||||
|
, pkgs
|
||||||
|
, ...
|
||||||
|
}:
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
app = "sabnzbd";
|
||||||
|
image = "ghcr.io/onedr0p/sabnzbd:4.2.3@sha256:bb20d3940ff32c672111ad7169ce4156f1c4c08bb653241f1b14f6d00f93b3cc";
|
||||||
|
user = "568"; #string
|
||||||
|
group = "568"; #string
|
||||||
|
port = 8080; #int
|
||||||
|
cfg = config.mySystem.services.${app};
|
||||||
|
persistentFolder = "${config.mySystem.persistentFolder}/${app}";
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options.mySystem.services.${app} =
|
||||||
|
{
|
||||||
|
enable = mkEnableOption "${app}";
|
||||||
|
addToHomepage = mkEnableOption "Add ${app} to homepage" // { default = true; };
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
# ensure folder exist and has correct owner/group
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
"d ${persistentFolder} 0755 ${user} ${group} -" #The - disables automatic cleanup, so the file wont be removed after a period
|
||||||
|
];
|
||||||
|
|
||||||
|
virtualisation.oci-containers.containers.${app} = {
|
||||||
|
image = "${image}";
|
||||||
|
user = "${user}:${group}";
|
||||||
|
environment = {
|
||||||
|
SABNZBD__HOST_WHITELIST_ENTRIES = "sabnzbd, sabnzbd.trux.dev";
|
||||||
|
};
|
||||||
|
volumes = [
|
||||||
|
"${persistentFolder}:/config:rw"
|
||||||
|
"/mnt/nas/natflix:/media:rw"
|
||||||
|
"/etc/localtime:/etc/localtime:ro"
|
||||||
|
];
|
||||||
|
labels = config.lib.mySystem.mkTraefikLabels {
|
||||||
|
name = app;
|
||||||
|
inherit port;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
mySystem.services.homepage.media-services = mkIf cfg.addToHomepage [
|
||||||
|
{
|
||||||
|
Sabnzbd = {
|
||||||
|
icon = "${app}.png";
|
||||||
|
href = "https://${app}.${config.networking.domain}";
|
||||||
|
description = "Usenet Downloader";
|
||||||
|
container = "${app}";
|
||||||
|
widget = {
|
||||||
|
type = "${app}";
|
||||||
|
url = "https://${app}.${config.networking.domain}";
|
||||||
|
key = "{{HOMEPAGE_VAR_SABNZBD__API_KEY}}";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
mySystem.services.gatus.monitors = mkIf config.mySystem.services.gatus.enable [{
|
||||||
|
|
||||||
|
name = app;
|
||||||
|
group = "arr";
|
||||||
|
url = "https://${app}.${config.networking.domain}";
|
||||||
|
interval = "30s";
|
||||||
|
conditions = [ "[CONNECTED] == true" ];
|
||||||
|
}];
|
||||||
|
|
||||||
|
};
|
||||||
|
}
|
|
@ -8,12 +8,13 @@
|
||||||
./de
|
./de
|
||||||
./editor
|
./editor
|
||||||
./hardware
|
./hardware
|
||||||
|
./containers
|
||||||
];
|
];
|
||||||
|
|
||||||
options.mySystem.persistentFolder = lib.mkOption {
|
options.mySystem.persistentFolder = lib.mkOption {
|
||||||
type = lib.types.str;
|
type = lib.types.str;
|
||||||
description = "persistent folter for mutable files";
|
description = "persistent folter for mutable files";
|
||||||
default = "/persistent/nixos/";
|
default = "/persist/nixos/";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -19,6 +19,9 @@ in
|
||||||
driSupport = true;
|
driSupport = true;
|
||||||
driSupport32Bit = true;
|
driSupport32Bit = true;
|
||||||
};
|
};
|
||||||
|
hardware.opengl.extraPackages = with pkgs; [
|
||||||
|
vaapiVdpau
|
||||||
|
];
|
||||||
|
|
||||||
# This is for the benefit of VSCODE running natively in wayland
|
# This is for the benefit of VSCODE running natively in wayland
|
||||||
environment.sessionVariables.NIXOS_OZONE_WL = "1";
|
environment.sessionVariables.NIXOS_OZONE_WL = "1";
|
||||||
|
@ -52,7 +55,27 @@ in
|
||||||
nvidiaSettings = true;
|
nvidiaSettings = true;
|
||||||
|
|
||||||
# Optionally, you may need to select the appropriate driver version for your specific GPU.
|
# Optionally, you may need to select the appropriate driver version for your specific GPU.
|
||||||
package = config.boot.kernelPackages.nvidiaPackages.stable;
|
# package = config.boot.kernelPackages.nvidiaPackages.stable;
|
||||||
|
|
||||||
|
# manual build nvidia driver, works around some wezterm issues
|
||||||
|
# https://github.com/wez/wezterm/issues/2011
|
||||||
|
package =
|
||||||
|
# let
|
||||||
|
# rcu_patch = pkgs.fetchpatch {
|
||||||
|
# url = "https://github.com/gentoo/gentoo/raw/c64caf53/x11-drivers/nvidia-drivers/files/nvidia-drivers-470.223.02-gpl-pfn_valid.patch";
|
||||||
|
# hash = "sha256-eZiQQp2S/asE7MfGvfe6dA/kdCvek9SYa/FFGp24dVg=";
|
||||||
|
# };
|
||||||
|
# in
|
||||||
|
config.boot.kernelPackages.nvidiaPackages.mkDriver {
|
||||||
|
version = "550.67";
|
||||||
|
sha256_64bit = "sha256-mSAaCccc/w/QJh6w8Mva0oLrqB+cOSO1YMz1Se/32uI=";
|
||||||
|
sha256_aarch64 = "sha256-+UuK0UniAsndN15VDb/xopjkdlc6ZGk5LIm/GNs5ivA=";
|
||||||
|
openSha256 = "sha256-M/1qAQxTm61bznAtCoNQXICfThh3hLqfd0s1n1BFj2A=";
|
||||||
|
settingsSha256 = "sha256-FUEwXpeUMH1DYH77/t76wF1UslkcW721x9BHasaRUaM=";
|
||||||
|
persistencedSha256 = "sha256-ojHbmSAOYl3lOi2X6HOBlokTXhTCK6VNsH6+xfGQsyo=";
|
||||||
|
|
||||||
|
# patches = [ rcu_patch ];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||||
|
|
|
@ -1,59 +0,0 @@
|
||||||
services:
|
|
||||||
lidarr:
|
|
||||||
env: ENC[AES256_GCM,data:QMvX7WRcLegLbHS7JQm8rcyc9ac12Urj29Pkv8socA2kvgL0TI1w7jL0qhXLNUmCJmtcvhCwNL91lN/5UOFFWxEVzUcJEWvY7NmHi9twSXT6evOej3Q1qALO+xG6ZAuKTc5EHlqPx6aUnSdt9rU=,iv:myoud9cBoCQ2AIsD2zJAMaqB8Uyp9PwEgSAIJofQk3Y=,tag:llN0afX1zpvij44Wk9guJw==,type:str]
|
|
||||||
sops:
|
|
||||||
kms: []
|
|
||||||
gcp_kms: []
|
|
||||||
azure_kv: []
|
|
||||||
hc_vault: []
|
|
||||||
age:
|
|
||||||
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoeFc1WkRCejJPN2VsK1BK
|
|
||||||
K3V5dWxHc3RxL1NzVUtXcmxsSG1EZnJqS0dNCnVkbExwK1dMR1ZuNnc5TWcrNmdL
|
|
||||||
R2xzR0xXSktHVEJwWVdIU2JSbHR0UjgKLS0tIGtmVSs2aGtVQnZtYURBRDdVdjYv
|
|
||||||
ZEIwTUtSeEVDeEMzeUFKazFFQzhXdFUKAlFKK2unF7tfjFAznL+MmsDOVG7w9clb
|
|
||||||
j4UVT8hVYySnRmoEivKPmmPrkIgsMvlewFyViL9m8XoiZ8BOGIApRw==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLUWhyMnh5RzFua3NHMXMy
|
|
||||||
UUM0NEd1NGFvbzlzMTdmam1NdWRDRXFDdlJJCnZkdFg4ejRCSCt6TWg4QWl5KzFu
|
|
||||||
MTIyTGZuc0JvQWU5ZFdEY0VWeGZFTHMKLS0tIEtrRDdkQWFMOSsxdkg5dkx3aXhQ
|
|
||||||
ZFlpT1d2d3dYaEhpOVRqWkx1Sk1nYlUKABWHbKvk7XqRdRHmaPfGMBs2j0KJSY1z
|
|
||||||
eZJXlXFMY/WLLf3FkvVsU03DBxnDzi3NIDhNkZUf1uywVfIV6G2FNg==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwT2VvYWpmOVlHSHBiM29M
|
|
||||||
NDdNbjZKb3M3TXRMeUUyVEsxekNFUXZGNlI4ClBoQjVYSTJaZFplRnBwb0NQZFFm
|
|
||||||
QXN0ditMUU12ZkhIMHhPQy92Nno4MUUKLS0tIGVIWUk5YWxrTFg3N3NOZEJJNW9R
|
|
||||||
VWJJT0hkeVB6d1B4QldyY01sdU0rSVkKlDsj2lmzB0E9FpESBzDDLieJ5uLtspSf
|
|
||||||
vnPNi6J3EznHAcO9CoXejrbkEEBTafueAx6/U9T9nzxkAhNFt7wYdQ==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrUTlNUE1PczRlNVJ0dnlF
|
|
||||||
aG5id1ZERE83TEdqWUdXQ2V0K3VXWENacDBBClcvYVFvZVRYTVA3bXdUblYzeFBR
|
|
||||||
VzdBdVVNSGxCbG9yVmVQbnZmK0ZTVDQKLS0tIGl4WUFxOVRlOWZsaVhaKzR1UmhZ
|
|
||||||
UlRkM1NqT1BRY1U3ZGVwS1NIeG5hZEEKo9yIGo2q+XemTtqsVRUGZol+ToorrA7s
|
|
||||||
LKQTB92x6ZIL1Nc0ssXNppTDxDWnIl5GMGlQliwCVmtc9+IhXAjNOQ==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0ZUN2d1FJRUc2dWhaR0lz
|
|
||||||
VUxDK3VSKy9aNmxoWW9leUZibFlJYXVPWkFnCmY0ODYzeWYyWVdmdXdoNFRQUno1
|
|
||||||
b0lWeHdpWERVczJTbXpjMEpxT2dNUTAKLS0tIE1odzZ1WVFNdEJIclZFL3UvMjFV
|
|
||||||
Y3ZhWHpVb0lLL09xOU1rZllDRVNXSFkKUXNaWZt+lOv0D7gzh6DLSn0bHmhKNygC
|
|
||||||
L/jFAJUkya8fsdqOfLpxzprLrJ8tXlEyCIBkz/6RPTQO82hbB0vXRg==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
lastmodified: "2024-04-08T02:06:18Z"
|
|
||||||
mac: ENC[AES256_GCM,data:Hul7Mj+gIPXdDLInM+bSyMr/2cw7XGoIKxB1IGDbW6fnJAt91fdgl8t3g4C35h0W9lFV4nIbWB8BolIq2gX0AfAqVyiL4WiEbVodJlwhVS4I/lha3gTfST0n8H4rZCeLFaDe4JKyhcfvFa+mCTS0mwtgtcRHDi2TLa8AP+Ue5dg=,iv:/fkQeo6T72WKKXjhaywSyPlj27Npg1DA+ktihR5jN9E=,tag:gCRJzcLT65q58rbvSf5BCQ==,type:str]
|
|
||||||
pgp: []
|
|
||||||
unencrypted_suffix: _unencrypted
|
|
||||||
version: 3.8.1
|
|
|
@ -1,59 +0,0 @@
|
||||||
services:
|
|
||||||
prowlarr:
|
|
||||||
env: ENC[AES256_GCM,data:zzyYxJrgKQJg9IgWdRePrw6yY4OfM4CjX1yHd3xM4+Nw2CqQlfkKvFkoTerDFlOFKvYZB30JOgExdtv9fAFdXUWoKeuqTyliQZG71SGcQrnkikrSzgBfuiKF2vsXiLlDzG1zWGAhnqQsOpymf9u1jAQ1,iv:BYybV11VMWZUaFPsUvrb7OpAr/ypqpGvQsG8+UzuZJc=,tag:hNpX44HPSN+ZoPmDHiKYBA==,type:str]
|
|
||||||
sops:
|
|
||||||
kms: []
|
|
||||||
gcp_kms: []
|
|
||||||
azure_kv: []
|
|
||||||
hc_vault: []
|
|
||||||
age:
|
|
||||||
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6WS9DU3JmV3d3aklRSXNF
|
|
||||||
clJpOUJyOWN2eXJDQkNxOVBVR2dpY1NOTkRvClpnenViWEY4VmNJaFZPN2RLTk5D
|
|
||||||
cThTRy9LOVVJT2xZUUpoRzZQZS9SVm8KLS0tIE9iVkNWb0dwK0ZndW51aHdMVFBX
|
|
||||||
SEVkRDNtZEgwajlOQ3RITmFZMnNoZFkKcvUmNpFMk51aWGjWvzzg4QJ9JjRmOaoz
|
|
||||||
aQtrZB4rZ0etRK5qn7ax/uzCnG5P21hcZePm70v0b+TZnVDuDLHmbg==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBidDZZdzBkYytsekM4TEt2
|
|
||||||
Rkw0blVjTnBwaWFzd2RyUVM1Rks0ODJYRXpNCmdwWmt2dnBwSFJBTERYUFdMb0wv
|
|
||||||
T3JOYUwrSVFhdjVtZjlpcEkyY2hveG8KLS0tIDNaREVmb3BDa2tlbHpOM05pMWZh
|
|
||||||
Z1hPQ1dBbUlxZDBhRXBWSnk4NlBiRG8KL767jh7h/YJBfMttJSgdSP9iPgMg1/Za
|
|
||||||
sIJ2Z7wUcmnYAKaQh9Ol2xgzOyWhLOM+Tj4DuJvyZVgMWlhHLgrdFw==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKQ3FKMXJGQmcxTU5XSmZr
|
|
||||||
RFRRT3Rib0tDckN1ZWNFT3Z1TC9hdUw4aXlNClRFc2p3REptR2ZWYW8xVk15Q0Rh
|
|
||||||
Rms1TWdtREFybHNaTWZWaGZmYnJUMVUKLS0tIHhsKytqakxXNnJYd3ZvMGk2RVNj
|
|
||||||
bmpCbEw2bDFQOFFwelFrUTcyemlCU28KoxcnwQIJigjDi4a7R3PzlLKjPOlovuT1
|
|
||||||
8N8sxfSV6FrdyyrDF/ey8K3zWlig/yrRLpgCSlNMzw/3VRZI/gMI4g==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4VEZ2bkFJTWo2VGV0OXpS
|
|
||||||
OGc4YkhZS0tuTUxBNUM4K05HZWpmTXhwVGhFCmVIVUYzRDdBNC9sZmdzL3I3K2NG
|
|
||||||
TVo5djUva09xR1g2ZEN3NitBN1d2cGsKLS0tIDlDMDBGbTFTUXgwYUQzaWh0MVJT
|
|
||||||
SGFnYW9DTWRrUlBQNjJsN251L1Ayam8KhQ4Qr3JMsy4w6gl1Fym6ejDtzJSgZ+wm
|
|
||||||
6+F1PJw4xWzwHVZe3INAK3hMglg/o21u2lX9u9Rm7aKsSm/p/nNr6w==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYZHU0NjF5Z1JFWlBsblpJ
|
|
||||||
MXJjZCt5eU5YSCtWRmpQQ2NkTDd3VXJaekIwCjY0b0xKTk4zRWxqdFF4KzJWdStl
|
|
||||||
bkp5bXpDYXl2MXZvNVJJNCtRazhnK0kKLS0tIDV6MnR5RkZRYUNCcCtmSHJhQzlq
|
|
||||||
aGJLM01UMzFOcjZqeUtCL1lTTEZZSlUKQrhkgXiRjT7lQoTdMKv6V4famp3p8/Ca
|
|
||||||
Qc+xgxh4VwIqa7hcQoqneaWRFxjVeYLEwM5JbBaqkIYfIGZFZG+3rg==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
lastmodified: "2024-04-08T02:03:18Z"
|
|
||||||
mac: ENC[AES256_GCM,data:+V/l66ndBKtXe1W3gdsAPA335OQRm7Why+O++bL/eMjzgTWb7NJaQSgBQ1MV0K5/fOhzTtgTu/eSoni4DQwaotuzILlXix0BW6HZ+OxFWCGucPEce9KXYWFLhKJmbEqXJCxo+Gbnc0TJ50JOXIpWevoCsEoOp26NUaHcoX9uw08=,iv:hhluUr9R8cT/uYKoRPoxRmBuEz0+o/S50kGV74rbK5o=,tag:/beFhlp0k0k3EjlWrSwSjA==,type:str]
|
|
||||||
pgp: []
|
|
||||||
unencrypted_suffix: _unencrypted
|
|
||||||
version: 3.8.1
|
|
|
@ -1,59 +0,0 @@
|
||||||
services:
|
|
||||||
radarr:
|
|
||||||
env: ENC[AES256_GCM,data:582m9MfhLUMDG7Kbu4ePV5EmOTpHhXZojxaqjNeAFhHo2yzNpWwKf8sESUJlo5JgZevyKcjxJOM0ZujwVEqKe5MP74uPOsCUPgPZoo17sf1VGgfE5uyowJX0XCcnXn403k3gASDZacKTGDHpOQ8BJdoKKJbRffx8wYGeX8UtdevUP/284gU1kuCgL9DQRieNGyoFTi7ltudg/N7t0pg/9LCq31A1amn3Zb+sDHQdEFSWYO6qKibW2eGBwvz0jNQ2f6Si47msw+wX3O/6OXGF,iv:OuFoJOglImRcbOZgSdUR3Ijfaoj7fC2Sfvw/hWoG4iM=,tag:cZVNBBU8WfZVVqk+4d+IWQ==,type:str]
|
|
||||||
sops:
|
|
||||||
kms: []
|
|
||||||
gcp_kms: []
|
|
||||||
azure_kv: []
|
|
||||||
hc_vault: []
|
|
||||||
age:
|
|
||||||
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5TzlaRncyMUtiR0prTzhG
|
|
||||||
SDJ2TU8rK3E5VHB5QjJhZjZNZWs1cmVuSlRZCnJUQTZpVE5HMHpHQXFkUFRRNUtv
|
|
||||||
K0hzckxFb1dyRGJ1ejRWYlpabThTeU0KLS0tIHk0NXRPaVUrazVzMTlmWFViSHJI
|
|
||||||
SVE3Z25lVWtwdHlxNTJMSk9laDRvTUkK4t9ZdoH6JUMMR/p6gQc3jfAGboGeR31X
|
|
||||||
gvrbz2Q+cp8YSyI3XrAVJG3/HqqO99bx8BSWwIqnSk1iOIl6qrwYpA==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGKy84ck1CWFlhQUdwYTVZ
|
|
||||||
eU5hdEprQW12d01lN2tLSnl2RTdTODJlWUQwCnpxRnJ0ZHNDMEYzZTRBMHhoc0hq
|
|
||||||
MHB0aGFRNGRwdmlIV0RoK0Z6b04ySWMKLS0tIGlZZGNZbnF1M2FLRVJvdkVuVnJ2
|
|
||||||
bGZFc2pQK2xUQUk5WVVMbVdsRWU4OXMK2CGUFSLA5omweArXyHmi9eewDua+8o9G
|
|
||||||
44rzu4oS9Uwcaq92Z6XyoJqWvXnFmW+pUPDBq36MlY7fanVdoaXBhQ==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4cVRaTUNhUGJOYVZ4Mi9n
|
|
||||||
aEk4ZkZ2VjB4NFpCbjFtK1JQVFI5dnJHVlJVCkRrN2dRUEphZVdDa0N6VU11QlZs
|
|
||||||
cVhaYzQ4a0o5L0JWZ1kzMXBOSUV0ajAKLS0tIHljYVNwQ2QxOENQSFY2RldQV2Jr
|
|
||||||
N0JpbUp6TnNLWXAwYUFuN2YrQmN1VW8KyJA7i+CZH2zRhK+vvPao2xMlxD2vm+yD
|
|
||||||
aJCTO+EwL0T0imhg7DDHhgwoAUCQTc89qwBkj84JeSGBD8nSxCOtUw==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiZkdvM1dnT2VyTmpCdFp4
|
|
||||||
dFdWaEQ1aUVNYUVkclRXd09pS2d0bmNmUVc0CitvQTdCZ0hwa3NuTFQyeWN5bmRM
|
|
||||||
WlcrMTZETVNZSGZXNzRaa3lZOVRoVkUKLS0tIHAwaUpYd3Jsb1ArT1U0Qm54WkNP
|
|
||||||
YUY5N25qWkx3cHJIS0NBYSs5MXhkWncKQjlZaY1AO8mpqZaIjwMGBKHnZMQyzJm+
|
|
||||||
A4+B95P8DBKuZTJjHwVrjVvWfFFL3XglmftbiDyHL/WjRUGCL332Vg==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5QjUvYmFoNGFDRWFkN1Qx
|
|
||||||
Ti9iMVJQZHFrYzN6S0hhaFkwRE5tUTRYcXpFCjhhZElEVFlhbyt6dkdvUFM2QXhr
|
|
||||||
QktxSzdIWi9YUHpYS0lPbEJ4Z0tMNFUKLS0tIDg5dG16d1NJblprY3A1ZDdhTTBh
|
|
||||||
SS95dStzKzI0ZFVDcURxd2k5UHduYUkK/NQCeduzIPws13zJmBD0NGSbfb0iHrfQ
|
|
||||||
UxXWyesEZmItT0LorZp+PL5iYZ9Iax9DONe9CKN9fOxS4G8x8U9cDw==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
lastmodified: "2024-04-08T02:05:52Z"
|
|
||||||
mac: ENC[AES256_GCM,data:Z5USXKjnL5PhpC1GRftGuBukjmAVc3VXnBG//qwrJUryC4WoxJExsmJ9okS9CWeNiPy1EoPbNx+7v1Xlnbgg/5op+unLCufc7lb/hRZc89umQEkVt9XWyCQvd5Ar6PCmGwkP/oG2zoTAYXEg9njyO9ae7F++EJNpa92VstvfWtI=,iv:by6YKmRDnOaoneEVbGzx5jbCxesv8K2XJxZg2LjnzLQ=,tag:y1IZXfVOuMvqr6dHKA5oTg==,type:str]
|
|
||||||
pgp: []
|
|
||||||
unencrypted_suffix: _unencrypted
|
|
||||||
version: 3.8.1
|
|
|
@ -1,59 +0,0 @@
|
||||||
services:
|
|
||||||
readarr:
|
|
||||||
env: ENC[AES256_GCM,data:+ZpTnRHTU8cQQKouzVEXTlk4mq27wgV135YDwQNh3Jp45Woj8czlliuR7SEr86dvTYOord5jtFUJzYcOli9+0H0JynJNiUT1ZkY26gnD8tDJYK97vrLAKgfZVbxcdXsJaRD0q9CGwbQrPWiXkMZLNQ==,iv:GhTkFKT3G8XXu4D+UUwfiVGz6NgRcS4tKIqQZWgYyI4=,tag:LettwkiVj31G8KL8nLr83Q==,type:str]
|
|
||||||
sops:
|
|
||||||
kms: []
|
|
||||||
gcp_kms: []
|
|
||||||
azure_kv: []
|
|
||||||
hc_vault: []
|
|
||||||
age:
|
|
||||||
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlWmt6Qi80bkR1Y1pnSG8v
|
|
||||||
d1owbWxJL0s5M3NmUGd6dnRaWXpwT1JrdHl3ClEwL2pvakNNT2pqU2lWdkk5ZzUx
|
|
||||||
UFQyRzB5NFVxc056N1ZTbUpISGFKVFEKLS0tIGlmZmJUR1REOWl3anh6b0JYQmo5
|
|
||||||
bmt0S0ozR2d3eGhWa1g1NHJhYW5jKzgKSoY7i2uMbzFJiWRCoxhMqul0GJpUAKcd
|
|
||||||
fMPyg09a+pmAeoEKSxSpC3z6OR1CLAyr9Yo9FIsIYBS2jRPwwwCXOA==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQQ2tLVkp4MFBkT2pueHBF
|
|
||||||
dnJ0TUlhZUpjakJEU0NmMkpSbVg1Um9SeUhFCkV2azN4L3IyZDhrQ2hvQ1NEMGhw
|
|
||||||
d1NXaVVHOWNGSGZuS2xuVUQ0Tm04NE0KLS0tIDNJWUJJaVdLaUxSS2ZwM1h4UTFH
|
|
||||||
OXpzREdpWitzZnd0cDZ6WVdacmh3MEUKxB4dMNuaFXYRtt33tGpR03mHhPRho8oO
|
|
||||||
uwSFpJSK+s50T6eQQeDH9E/6JsJSiH4haVV2MWgTZ2IgqEwZ6Wc5nQ==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSem9EVzZmNXh1eGxhZ1ZD
|
|
||||||
WXkvNGRZbkRaZ0l3R0s3d3hQN1VjZThMRzJVCmZkb0M3aTF4UFdKUCtXSmpDbVpQ
|
|
||||||
T2h5K0lIdWNWcVFmc21VblBaVjhKemcKLS0tIGNCQUVRbkRlZHpLRGJjbVFyMWRy
|
|
||||||
djJPMXpvU3d3Y0dXeDdRTHVtWjNUT3cK+3O7uXPkdxN5ksKs+OVOmRzAMCXP+sYy
|
|
||||||
kA6JCOYMu1CInY3GzKHs93fl8B5BixZy+pHDqMfix6eWrVrGICMvXQ==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzWGNtWmREZ0Z3R2V6U0xU
|
|
||||||
dlhLKzhRRkJlV3BvUHJVazNMYjZTOXQ3dnlVClk2V08yYkVHNU5qYXo0ZmVhdVZB
|
|
||||||
cG1XWTd2V2xjUFZESktZbU5NWnU2TG8KLS0tIDdoeHA5WktCSXZsOWp3a2VIMTlw
|
|
||||||
bmFqTHZRQ0ZrcERWVlBmb3hCTnhYQVEKLKJ6r3t6YZmq5U0ncsepBjbxD6DtEjly
|
|
||||||
++ayk7xxfFKi9XgaMItDAXC3/dldPg2fS8kjbRlXzq2TQPOhweWm/Q==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzcGF2Zjl6aGl2azRKRE5p
|
|
||||||
ZmdLWWk5WWcxM0FkdUlpNTYvUW54ZFQxMEYwCnY0YnA3N0JhQTU5eXltUEFkZDla
|
|
||||||
T3hBQThKUFJqUy9pdGJKYnNDYnRwQ3MKLS0tIHRRODc0OWl6MzhvZUtndUtLUW9l
|
|
||||||
RktMK3ZQOHJLd1M0aHJadGk3Y2krQ2MKQDDFKPzL4/2l+MepcvQpx5UHPeVXU2tJ
|
|
||||||
6cl6BJ2/mZAbp2136W6/JwpE8lTkk0WUyT7/s//RjO57F3qPXZxA7A==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
lastmodified: "2024-04-08T02:00:29Z"
|
|
||||||
mac: ENC[AES256_GCM,data:2rsGhSOFbqv8GdvQzL6ieXqq5sIs46ojdgal8BiWNBZfV7oadubWIaB0rLdjpeiaqvjQLICyUekc/JiXhXG7mO1jhTlIkjP9TDbszbNB4cwuf1H06DN4DrkxeboF0X0vytCZ8AQFVwjbD1ghGvd0CmDgtCSHzaHzZ6iDBeey+zo=,iv:e/bty/8FnMcG7NOoiFi4zRTwKGI4iiDsaK6JVfEqfpo=,tag:C3GIgRanRUkQ2Lxb/wML1g==,type:str]
|
|
||||||
pgp: []
|
|
||||||
unencrypted_suffix: _unencrypted
|
|
||||||
version: 3.8.1
|
|
|
@ -1,59 +0,0 @@
|
||||||
services:
|
|
||||||
sonarr:
|
|
||||||
env: ENC[AES256_GCM,data:Lg92wQkiBY5gBZ2+ckLs7EBPo/0fEwqhEvnWcnU5quUMNlJeWnjWFqU8qu1TaW0Vmux/A/QgIJAiYgWnbQuD9benOR2swkt4+DazSeC+35VQOTbegVDrH4wiJikTHTtoKpgSKHLBQAy113jaDL/RBFRpsSjsXEsGGu+G+GZ1MFcW5hRbYam1o62NqOAG66efcIGXv8T+sD0ouLcN2g9ZjU2QqUqJqsGBtg1d0SIVj9bNW2vUHHmMtIQBTxfR6S5V3tzqjP2EfzaT/gDSPPJg,iv:e9/vpvTFDixP07fVXutIhJcAg8Qb9d7fVJNmn+XhMjU=,tag:7MAF0kHvcf5VDUMCpJATVA==,type:str]
|
|
||||||
sops:
|
|
||||||
kms: []
|
|
||||||
gcp_kms: []
|
|
||||||
azure_kv: []
|
|
||||||
hc_vault: []
|
|
||||||
age:
|
|
||||||
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvYTlNSGpIclBoWVlWWDBz
|
|
||||||
ckVZQWdndVBreDRXV3k1UDhxR0Y4R1J5blNBCmh0RmtwbzMrcGxLL1FoQVBjSVUy
|
|
||||||
QUxPUXJmaFYxRXFFb0lTQ2JHd3M3aFUKLS0tIEZ6UWJOVXp1VE1XTnhzQVhGT2RS
|
|
||||||
MVhTTE1JbU5rZnZjUFI2NDNkRUEvY0EKxglGGpDa8xY9w9VKayRF2Oqjv+UhDiLY
|
|
||||||
3uPQWLasVcQviZE7AqG5n8azLTaX5DEoAOVFDCnhJYjU9NatXhcutw==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkdU84WkVMVWl2UXQ2WHN3
|
|
||||||
ZE1IbENMU0JlN0pPMTZSeHFPdW5mN1NhcUVRCkovcEJSNm9FWU9LdWk2aWRMbzJO
|
|
||||||
b3VoM0F5VWxSU2I1UU9lblMreXNvcjQKLS0tIG9hSVk4RzRzbVgyektXQ1lkcGF6
|
|
||||||
Q1FLdWZGOUFqWm9Hc0NDVUFFczlXYXcKxxWKSOrDUGld40zvDzsmMBOAexWoijDN
|
|
||||||
tBxJteEnSbTd+s93MDfuM+axeNR5Ak4+f/pEoLho5xjjn8f/fdlebA==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVdGV5ZU1ZSFNvaHpGRUFs
|
|
||||||
cWRkVWlMZUZrbDNLSlJJSUpZVkhKUHI3OVdnCk1pckRmbWJNMkdvOXZscE1sMFcw
|
|
||||||
QktRU0Foa2hNTU9tcUN0UmM0Y0h2TU0KLS0tIDY1c2lVb1Bnd1c0d1Y3NVMrYmVZ
|
|
||||||
UXJFb294d1Bqc3E0SUFjWmFqSjdka28K2cEgMCIxpzGe2Z1rgaWq+rWXKJvfsTi9
|
|
||||||
PFWywF6/E+9Egwrh98FspQAzYP/7zl+N8gjR5Pa+Scx2D2iOizXWfg==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKallmeUFQMmRvNFZRbnho
|
|
||||||
SVYzYit2TWFSRnV6dVNjUzlSQ0ZhTEJUNEhjCmFmaEsvMkpPQVZBN0FLVVp1dzgv
|
|
||||||
Ym56YzhwcWdkNlVSbHA4cnQ2T2VVeXMKLS0tIENqdXZCaFNrZVpFVUIrakpsY1ZP
|
|
||||||
QUxPS3lqcTBISnByTXVWcWdtZWYwNXMK8FRzmS0q2l6MWUu0YreaqEnKKW085j4s
|
|
||||||
f1oTHPpErwPLuh3hUciUPFe5Mbm3zSdjBsGyQtxPF6xLtw8dFaDYBA==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaTXg2S2R2M2tHYmllUXFZ
|
|
||||||
NkZzcTdRaU5RM29RQkdEQnpNWXowZUFoR3hZCm1TclN2K0FoQktVTzg4YkkyRUhC
|
|
||||||
NXRybXE5Ym1XYjF3cG53RitvK3VTR1kKLS0tIGtkZXFLWmJiRG81M2RyYzdXZUEx
|
|
||||||
M2tqQVZaUmNVbm9YZys0NUNpSk4vN3cKpkL37l/i3VD6zhWHK/ROvcvmCBQfifuw
|
|
||||||
EFYI+F+BTjkoptqIVFCDbATRrqSfOqsYPmEg5lM0e3Oul+vT++e0/g==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
lastmodified: "2024-04-06T21:26:23Z"
|
|
||||||
mac: ENC[AES256_GCM,data:ITWKix2aNhXzzzZTvq2sBPXO3Phvr+lS83fSwEbH7FTowD7uScxqAF4PMJ+txAfIpmZiaD5vXIK98YU9HOWRFUoOiYxdwVwfOiX63mB0JKj5jLHHeIe6bMaWfudITlIL9an6YO/qyUww9OVXaxYEmwOJI4W+HnMLbYLf5lGboEo=,iv:i8dddSV2W9FifN+ktwGsaYRRnK4UJtrG7g6LpWPtgu4=,tag:acP4YvJarHLCZUJ3dCFuOQ==,type:str]
|
|
||||||
pgp: []
|
|
||||||
unencrypted_suffix: _unencrypted
|
|
||||||
version: 3.8.1
|
|
|
@ -22,6 +22,16 @@ in
|
||||||
# Restart dnscrypt when secret changes
|
# Restart dnscrypt when secret changes
|
||||||
"system/networking/bind/trux.dev".restartUnits = [ "bind.service" ];
|
"system/networking/bind/trux.dev".restartUnits = [ "bind.service" ];
|
||||||
};
|
};
|
||||||
|
sops.secrets = {
|
||||||
|
|
||||||
|
# configure secret for forwarding rules
|
||||||
|
"system/networking/bind/natallan.com".sopsFile = ./secrets.sops.yaml;
|
||||||
|
"system/networking/bind/natallan.com".mode = "0444"; # This is world-readable but theres nothing security related in the file
|
||||||
|
|
||||||
|
# Restart dnscrypt when secret changes
|
||||||
|
"system/networking/bind/natallan.com".restartUnits = [ "bind.service" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
networking.resolvconf.useLocalResolver = mkForce false;
|
networking.resolvconf.useLocalResolver = mkForce false;
|
||||||
|
|
||||||
|
@ -42,13 +52,13 @@ in
|
||||||
|
|
||||||
options {
|
options {
|
||||||
listen-on port 5353 { any; };
|
listen-on port 5353 { any; };
|
||||||
|
listen-on-v6 port 5353 { ::1; };
|
||||||
allow-query { cachenetworks; };
|
allow-query { cachenetworks; };
|
||||||
blackhole { badnetworks; };
|
blackhole { badnetworks; };
|
||||||
forward first;
|
forward first;
|
||||||
forwarders { 10.8.10.1; };
|
forwarders { 10.8.10.1; };
|
||||||
directory "/run/named";
|
directory "/run/named";
|
||||||
pid-file "/run/named/named.pid";
|
pid-file "/run/named/named.pid";
|
||||||
listen-on port 5353 { any; };
|
|
||||||
recursion yes;
|
recursion yes;
|
||||||
dnssec-validation auto;
|
dnssec-validation auto;
|
||||||
|
|
||||||
|
@ -89,6 +99,17 @@ in
|
||||||
allow-query { any; };
|
allow-query { any; };
|
||||||
|
|
||||||
};
|
};
|
||||||
|
zone "natallan.com." {
|
||||||
|
type master;
|
||||||
|
file "${config.sops.secrets."system/networking/bind/natallan.com".path}";
|
||||||
|
allow-transfer {
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
|
allow-query { any; };
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
|
|
@ -1,60 +1,70 @@
|
||||||
system:
|
system:
|
||||||
networking:
|
networking:
|
||||||
bind:
|
bind:
|
||||||
trux.dev: ENC[ES256_GCM,dt:WI9GxgL94/r05nK10P/jiaKhkqj/uh+svApuANzIwHblIfkygL8oK//G/Mrd7a+uStz4EuoAPb5w6kvcrzKlTAR3YTz3xtVlTHXB8qxmO4UjvzpjCqYZKsiX3O/VSlEs3z2qIPrUIOLKepXpsebQaa2/Gjr/KVTA/9119QfqnDlxcQVnY3hIVr+jEhAMhKrXHJhxKrQ8trl7oiPvD7Ll5N4vZ0lkQcpiGyqMwgy6D9P1L+l4IGwn81JfKzd0BM2vhqGBejoqVQvpF600e8wF+8TbS0u8C9jNlVm8H4id7BOArggmJoAnRsFyD2/unce4Wb2CSJWsv09ETTbvkdsJDOpIE7UMBU5S7JiWTZEhV3HcckIwm1gwc5w0ucGKtKcFLOOcihhByCW3SyV/EU3H3mQJDBVx/skCtVZLApa6MkRgi7WpGusjxGcAj+fqHRNfotgrulZdEEAHp5yxsjMMFgfKyXDyRVKIac+tkLVY/Qx3J3NcPZkc3NPYIX0n0l7TZXSpfMiG7nGzy9VVa9n/YcUrm44+kCWH6/Jx4w259YMLMUMwLC/uJZiIMyLIQZ70bs70zVFbz6ul3ltB3Sl6Svlawu2xdpBAIp8aQvAY6dh3v2beXDnRrSXejmG2RiMm619kZE5k3H0AqIWwk2e/nSjSa3nq7DI7WxetEqJ9t9uOe98KRx+UqxYinS1LS2lvvpWa4RnWSCO/LjKAsKUUGbAoJ0eBDQT2E6fTd7DMtaF8wUU6/2JpVRH+YGPBVjQPRlBi5bb3eZg6AsiFyrCAbC9SgigXUGXG3R2fJHYEFMn0drjSLKQ9LLcnTXnHipYzRp4doCqP97WqUh13S3PeNko5QxBiP7//eapEn7UfrtXqi7M4mxGiGack/WhGdBNmCuNV404VrJnmIZhwo/LgO4m753ubN5s4jtOAVjH+z+9cXGlc0+lsQCWAuna/MkeTrKS0+EdynBxEwSWaqKtvwA6VFlQRCwvwzciqklmXYZRfO5wDEHqtpeWKJ4FGUkUMDYUrU6u7yIdQjaJ7FeXtKjT6UrfWvB3aOZXXNbwYwpG2uNPVj2i4LCzugHiBIbAvw1yw9SX2uiJiQjJ6NSbMyapvcWcmlu+zVqMpxshrxZR6VHjAhA2Cthc9E7rBpq22AcZAGXPnYcGYDpP+bP+1eC23dpusA/7T4D1/4VsGA4Rz1DsYH0flhgBBZ2f0/yHfv5oSsjDUHOAGdRGghDCHUlOCayTnODiXuR9/SQQos1issAKn0I8mgjlNNIsPZ0SbEZNNOAo+0aJpiYwu8qY5ZSxAVJNwxxzOZDjB0PBA32LCT0i0wcIbgIa0sPmKsKpOwsPzbJj21GLD9GGEQhq+XAxgCBFn2Ou9e5k808z5TubLAXWR1RdPzhsp3J2zDwamVcOPW8VyHp9sbgabwrC7DFX/KI8o6ZRzxc0kF1cZl9h4M/7IdYvJ49YAuPqDSFlCeQx8Z5EOtpbTBluSrt6Jqx6fuy0N20DEqzzbB6xWBMQ0A3/b8l0vLSNzUVoZ381YbD679jSnsVjLimd23PRmvGnIZaV94kIHjEOW3MIgaiJJSXECpMiWQEObjBeFG0SJjvyO+ZEkkNA9vvnyJ9dxu16qlKE7yts0lw5Qiljl6akUdgoraPvXrUozdkzzac7HLvJimcoJqSSJkDZhvtzq//ERsRCL9OfDU5Jk7HmgIXzZRCaDq6ZSYxt/ks+x7296YCd2Li6C0DOLHSCAGrFzKAIruUBNInPcaI87IsAM5ji1Bi+h0z5upwYohTOFHtMfF92MZDk/hSgbquenn6LGJYldCTCAswE/YVdN4SHLH0fXL/WyXMsNUYplMBB22MkHXhoJc4yB2UP62piwETDM6pnt1yA1sklHplwuTGSY6CReKecGpqeLQHjdNRa2SZRBOyd4sKb21W+AldSWuCZllnvo8pGi1Ei7U50Ua1aQ6h6nZbi2iPDaxtOUHy0kxaRUTQxrtQ3K7mwMvs4+5gTCphaqc1N6x10ONcDhpDjZFhMV/Y2xzG3LyxMvxaeABCnasPZru3KQWgx+QM+6M+eFmRG5f+E1o+gP42+2+/hP/vXYKiHHDfo/TzarzduupY8s4ogANu3Y4c8d5FvThOzmANvEHLWUzzw2LV/cQK7VWexD4BqPG5PGHfmi73Lp39IE6Xd6j2dtIUYl/aA+a/2wZmP3XAM3hyp8uoEM4Usc6v0zGfIzB8ppDVeeWIdn5av/j/4KNllC/utfDAqIKR/YQbY2asdV59kmS0RCdJvr7yZH3HfMkKlVqsYOntj5Ug5jx8M5i7Nqw41Ltw1Tnr42MvB4CwLbso8ijw3VHsltq3NKBDPpzgt9OwW0k1icz6lySPioegMykCzHNwi+VT46+7Bmvc4be+KulB9exDfoOtcnBH1cwZEvndRdvclOKtib7tyrRS6iyVK2ZPp14U2EQ2gZr/xml9bdj0cXM0j1sIrGP00NXOzAlIUQBJjAVafBbevCoa+4nl65ukL+uoMx46yG+oDFu0ZFiJr26niGv5DoJuKXSgB99GZ/N4ksDf4XZQ+drIh7P0LdmRpepVNh2ytZrO96vI3d64fV7ULyFaT/MKybjnSY0BTWCz2k50YHJCGZJHCefq0F4jN3kt9G3kHrt00in9nkycVF9zCgNZd4qB6Rh2+QZPaFQPgKLE0xTI5nVzGkoPDu+6AZMVcLl7hqB/e+SeoEYD8KaPNzr9aOGXW2dMw13L8hEyTZaWsvYV2PHGrr/8cahsjcN6aZ6Ht8+GUXn7IlPxHsbE+0BoCfEqem4zXZWjJxHqpZMmCoP3yIU355fyQvctipzAwPzLNMrtzo0BVgbpSvyDn0qfhNHRcXcS2uDyiPbYtQVihB/yrUmPKYtySIsG2gR60XuPKju2Ss09LKRQkh80hq1eSCJcZJ7Vlwqa0U0ccnMUEYcm+/2p8Ee1cB07Dpj5TrTYIB0v9WQ4vhNsZiglJzKoOv8uDxv0P2v98P5nyrTIBiOefhs7tL7/fj4YXnSDiFY3NT9gG9wcNNISKp+3SvyB,iv:b+V6/ImnEF+8TO/xmwu1jks9N8QFSPSRRnWbS8gy/8=,tg:WseBC+XsjhQdWjemtJGQ==,type:str]
|
trux.dev: ENC[AES256_GCM,data:YoUfdxTXEtEe9z1aLkfZlX3LeBS0yeZTx+86QkXMQKiBCStmJtjLMW2q0uOmjAYEz3O0iUgwTLyMDEOV6ZQKyvI/kNBFl8S6dSe4dTYwVuNUdyoQq9qmK7GRGRyEwyqT+uSWujFbFXnjKOFDbMEx5McOO0Opt+YI/9QgoBZKgmVgylEF5B0SCsIVVUGXEzgk5r03p63rgTli0+dRY3bh8KonKLykKU17epTdUrp3A/Vogom9JZBxhE9ZHLO6yOv89y/z7zeKT0bzUgGKe9bXSr3swxpYr/FoirW/2YttNmL3pHXbtnAqdsWWdZduacaHO5Ac40z1+8SFce0e/yh8q6/d7Z5uLAY8CBYSVCQkrr2HaV0vwtnlDD26INVgDt7KwnGjazLC9KyjawYYt+TS0ZN7ifVN6nYJU/CQJCv9YzknCXG2HY4CxbGZwFbE6Tjrn2C5JBvBFchmxWBtOQcnktSltmvane3OVje9URtqoTaiF86fsRleb+IJ7mLv/qFJKcVHKDWVOSDYeSzuot/et96Asjc1dhXpEE5J2qqwKHxBkT9T5zDl+3QGIOqt+mkFl0jPh0FTQyTZGj0aZElm/9ll8UtxOmrzi7GijK8e5ltCwtZi7XPulBIIqPxn7pvn/UaDMojFZc8qN2/ND9pG5BNJwyZN0yduymoWnxRoPI4gARYGhLN4tswBImDqQtnTQ1JwTw0infY1WyznpVSkzfSYZC9fZWdcgnfl1z4WEbvGohrVd94mYF8UUwp6XIgDcycqyBbrHs5/8eTS8f5dLfcq7Jn7lBdYHUEu2oa07RjCDfhfHSKV1jpmeie0pWXKdGlaW9zon12jPXvQgP15fmc58mFlgxSCc2LJzyNAj16vUEcfgPMHW7sW9xItOnDvrA7O1VXNtYD2Nuce2bbLz+P0nGLbNarAgUqUSLCU297FVYfJNSW2YSqdbtjogbTkSrXVNRjQLgh1mHMWJfw+huPTKyvijCPSzt6fU+68/aXwWxiXeiSJK66kg1KdWWDUpoRaeeoV8u1JmBXkVAKv2yVhNkZVOEuQoCJ36hiHbGWeXY9cx0E3nNf3J9tJ7iuvb+Tdt8YCqGkuMv11GGNe939ac5iHhOM+yOgk+f+/ndpLtg8Ck2yMJ+0FaI4dkb/q+BFk+ZO+48abq6WTCuxAE9KpDFLSVik890uluYKWigCLSHqT9+xK5OnBsVFmMK2FfGI8OlblVP2tclRghY1cblnbR3YdRbpmfZ/dFIL4MJ4EBJRWYfoQqCoJYQveWdNw3s24iX0JKuiQB7Jjn1R8jWfQBGWtVhbnpDF40F+SSeUOatOVr3Um5F1zwY6CU3Z5EZVWqT1sgumJdmB4CcZzpSYOu0PImRdBT6FsF6vNsBjnB22H79aenRTTEfK7IPFpQEVMCJmlsgXjELKbwSOSA352by2OBuJU0agrbEX5rc0mxsRmNCHwS55e3C6VAYoUPo7q2qzzLZsCgdpll4RKi/WuRlHVXWxKyjVv+W09aYpXXpYHUaptRQeaufXdWcRD/rd4JsHwUtagu/mO89ujTaXblG/x7GbXRgw29t+lLCzKV5AfuMGdhdQShY2tUVH4gP2FX57rD9XRELM/iKawO38kfCxHaNQy7Be/LItaLTCkkBdErrm3SeUr4Boy65tBK5ogG+5hCf+adYJ2jEgFR+/DWslYpyvDB4prX+f0xhkUctCTeiDgMVqyxFvh32vdJ/TQFrbCHkLSK/IZyGQ5bsLB/wOxmjP1UFfo9nxJPvg8TCoIQCY2AUyEZEM0fEMkMfddHkTJJ7KW3PdRmPhKVLDNlWYcqnC205xgF6JOJ8LVOabW6v+eqa8dzn+jqImSzq+T2x6SRFV8GdYReQGeZ6odAATpBwmBFOQ/7066wUzNggQih7BrOY/4LhO876LzG/PqRh9JiI9wOtDFnCa1vg1wUnb7sRhnYN1SlXeSLuTVBqCbrXw99bzpR345fvjuV3PtC4DXXmx1vUsegieN/1+Cosr4Ce+afhqT3+F+cd+geW4Zw8oq2GUDNBQKZAxzQtEjdPhSYmyG4V9uh9pOrADDd2vKtuVG63ZviKvxVcrncNM7c7Jrzip/3zg2D5ae7TvqXSMlEokUwsVHxNBRXV6VBKHY/VCQYfQuZnjRKMLg1BCEOSIotEorHYRRdhldiUHomAHIcFOXL2VpzUM1X9H+UwTdNwXo9lPR5WckmU+jk/CducKAHaD5aRfugt/xogST7/0TtNUz21UUHHqEzrKyRqKCgYKsaHMwcO8tMzaSMpiDo0au9vZ3MWnDne5rD/KYhL9KKpS44C5ClGlgy8X6f1sN3tbNef59Jd/X/e/3hyZ15QSQ8967oUxKPm3Ci/Bg0a7FjugJg2WKhW08mrQfvm8R9nAZFW9sCoYPdYVYmin3OtLn67Yi9/3Fa20WUgA4aBdPWJ61lAOPHIwW/Gr7bJncTQqg7gZ+1s1dn21CIA6RfjdZyK5V9IaOFT6qyc5NoKsB+oXT9853AFa5EbdTdiHvjN2MIBIzunjAyWskiYN6cyJU31lutoxSP3irB4dxskWnii/Pi4EYd30Oq2DXUKaZx1W9ZNN8XTZJMlClWNkyBMjo4am7fxdH5yx+bilHV2dE20x+p5SKCYsuoWjWoNdTGGi5Qff6t66vybDUIFInBIcXUJRi8zPv0tD3eZDdPV5zbminnCRSuY7dvGqCHroPH6qTnPQPf6rWtKMeqiAmhsyZ6kN0f8P4Qpz4KU5MnYHVMdU1aqyxEWlwIJV8Bx5uoIbhNcuY24YuQZZOSMG8LLmyyMeLdV0AlGfmBqi1PjtYViho2NRa2bY5+XnBGfV8xM6RTXADhWItRu2oSHOYTS1vYByVLIFU7E8HMDCVZKSdvJe1TntADDYS51c+ht2/jUbnmYd6RyQ4ShtoHzgJtR0CYQoTliGBKQbVaaoWXL2zfBt9N5CYDdwN+CftKkVBh6bWhlpiHul2Nr/ax0HNq3UsEELz0a5TlwLlYg1P5KVHniZxAXS7VlCvUHX9fbaG9q36wUBzSUYnII6VOdWBMtR1udA8wWVOke4HH83baaG0KVabCRDk/dSWdplDgMdIjI35z/HpIwk0wI/vm5sw0WCb4VLIq7QxGCNqkJaOyJH0Wc6FzFQ59rX6KWLSJoKiD4jqLM8m09RZJAHejyGAB+98nr9B6sa/0oXXDoL//q516xfYjpTxTcN6QxGvt5JdBeupHDnRtgCA/amitDtHqu8sfVvEGdP+EzhbxyWdLx+vltKZZMsLzryf0UMYkaYqayVvjzUdAMzyPw958GSR+zZzTlcsGsfPQSuESEWbrXYxbESkwam4EZeLHSescaIATy3w6AsC/HL/4faSwJysrkCZJZS0CzBdsPM1wzZ1,iv:Za9EQYc9Zzhw28+gTV8BeZOphIrUpODvI71xboNQfv0=,tag:mcJ7+heEmmVl/CwnvQB45A==,type:str]
|
||||||
|
natallan.com: ENC[AES256_GCM,data:nc7QDUtsKlhfXaVc5gktDmvJGmLqAg69hzQZp1l411gvOO6yGrWzIuLJ52kAVKf1CH0Jfd7fzhDQhFRJ0nrnnHi9FHmLBYsAwvWP3wNzV5Fetly1DW6ozCUm6uSbcs46Gu2mxM0ozsIZnCwMO9p87cxAnZLL/jHKPsZ7ADHvDxYK6UsROhbkeCIfZ0dVf/1IH3FjkhfaEAAsZW+KYF8tynzKURHD0EJZWT4su43rf3pk9/fjyv2e1lxM3jx3KPrF1LJqwQhggmenJj9dhbRnxih2/Y5oF4lAmGqyUxJNTfn2yFd1DVaEElcl1DaXIiZ+HyDJH2rXAVE101VuUraJYe6wV1nzo0rziI2ZlTrs6qk2HDeiFmdEDbB5dahkLqDbttEjWJdxwVblDYrI2omKcFsXtQncpwczyZs+r3gSEJfG9PWV+eVzOzp+HLnmt68+mNIbtiSSAanDlvJJXw85XM853Nqxveru9Co4M2SpsM5FhWGK/f4A7tQLUFDUakcx175rYRTo5gpji4RUM47v0Gdd5qddw+/L0ruIXCKv0/f4IJ1seDwfsKlrRrMYSbG3oGbHB0bl/rNWTPlgDeLfR/nDCplsX+U+y5YsPcLLPAhlE9/7cS7CR7nwUWB/vgHVy6NoyiZin06l0Kz5Sh+onckdpYafhHKWqcazmPViMjslY0f6i76HGiZWdi79AqFFZ8nMgFfXqqyUMP4plU/jzn5Sb8mNixpSBtGTXPsAmkDxxpHxusVSAZOMR8MQF30gZ11di5epQbMK/VSkK9p+lHI=,iv:TMhgrwFes8a2tGrwi32emOXdAvGEGJV00cJ1Jl97OrI=,tag:KsTUPg0ykCFs685XOR9Peg==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
zure_kv: []
|
azure_kv: []
|
||||||
hc_vult: []
|
hc_vault: []
|
||||||
ge:
|
age:
|
||||||
- recipient: ge1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN GE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBocGE4ZGUweDdp0ZFYUdY
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBETG5pMVlDa2tDTFF5S2lQ
|
||||||
cDVoOEJrUVdoZ1kyWk91zRNUxTN2JQYVJRCk9QemlMdHRhRGlPakFPYmNEaGV6
|
V1BFNUU2bjgyT256YjNoMnZ1OWwrc0xmS21BCjcvd0pmbDhBS0gyRXcwUWQvemdi
|
||||||
nd6UVZrdWU3dWQ2SkRpS1c0MWhUMEEKLS0tIFE0eXI3Z3BkeG5ay9VRjdPaFgw
|
UVIzMDlwWXU3K29qNWRpU2cxbFFKZWMKLS0tIFlIYlhyNmVMZFBqMnRjOXdldVcy
|
||||||
dVFrTCtSakxFY0hpRHZmQzNrWis3U3cKsxUYyjRk6Tb7nKAs1pALQJZb2QB9ope
|
NzFGVU43N2EvWVRpaWhzN0p6TzVVeUEKsvZbM38E9MG1jl7RXgK/QE4DPGqqchw7
|
||||||
c74VLxs/6hl3cLgkD5//20b4TQYpcGq/lbCkeFI5pyU5zKuFHbE0A==
|
NyKu6TijJUwfw3No7vS+DVZHtILxy/sjtM48T++Txf25+d++J3YY/A==
|
||||||
-----END GE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: ge17edew3hg3t5nte5g0505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN GE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmaFY4SE1BSWxkMEh3U3ZC
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0V2RKdXpOb2cvYXFyUmtl
|
||||||
eGhNb3ExRXgvaHFUYVFyZ3iUSt2ZHRmeXhVCnlUUWdYQzJQUhOS28raFBOcSs2
|
UFpEeWZFaVVuZEt5QmxFUCsvRHVpdFVWOEJBCnZ5Nk13dzNiWHFmQytGU2lpaUlH
|
||||||
ZlZscnpzNnZIRXB1WHVXRVNJMlFPYjAKLS0tIDRlRGV0S2gwRVA0Wk2V2NLdnQ3
|
a0lYSXArZ3lUeGJWeXVKY05zRTc1aGsKLS0tIDYvNHAxR0lHbTg1Zm9XaXJoSGR1
|
||||||
NURGaHAreXNTeVJMY0xXUnFPMlcNmcKjSQDxUQMoREdEhyutDC3PXcVRgYXNLsE
|
UGsvc0xIU0NUcGhUZmVpN01oTStDUXcKVlKnlqXpB04Ex015ZynOqJUJ3sEiHE8h
|
||||||
IvVK+GkthAyPfgYkia/j+tIZIHwI3aXshb9vMkf+4Rl4S4nayPHKw==
|
tN+svpAdCfUgDVpUr8ynPWvW6kfeOh1RtW6Rr1Nl42WeGNsMdk8iNA==
|
||||||
-----END GE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: ge1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN GE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOS3UEIxZVZuY0NheHl6NDJT
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxNlZ5ZTgyTkZKUXVqMlBy
|
||||||
XBjSjZsMUVNNy9nTmwzMWZXdlk1UXFvQlFJCmJrRjcyU1JieitBSDVyTlJZZTZ4
|
ajUxSEtWTEZLM3BvbHR5YnhzZVBxN1dLL0hBCjdDQnM4WnFzQU5TbUU4cURnbEdX
|
||||||
ZlA2empwU0tPcjhPcDN5enlkc3BQeTKLS0tIDBhRVh3bXl1QTFTL2UweS9GNmxL
|
dFhUSlBQNnVyWG9zazIyTk90YlBtbEEKLS0tIEJsOVFqVU96OVptbXBTT21HcEpy
|
||||||
SnZWSzJRQXZkN1ByaGpwaTBjL29yQWK9GbYzpqKM52UDqvlBx3JXbkpoRkLt3e
|
Mm1HN2ZtUzl6TnAza08zUG0zVTN4alUKhjafzCDCJw9ZScEBQ+W7ZDdUlT67l0b5
|
||||||
WN2gmSAqkQr9c8KMHqjjW61O1MqIAeKY3X/PHiu2cU0Uc+kfv0MEA==
|
dTtSI1YMm8Q9EyxOA4ZH7UYe1b0h2+v2z2bv1J/CUTuzP+N3ksMmYg==
|
||||||
-----END GE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: ge1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkggc
|
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN GE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvdStRbG5YdGplRkVuUXZn
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMdDFubmJTQjRSeW5YNmk3
|
||||||
ZFp4Mkh5dnB1GFQ3NrS0xxZHNDUVhem5FCmZNTEVhNmlSYmNDVWp3K1oxT0Ix
|
akN5U1N6T3U5cm5VVkFtcVB5Rkp6NzZQQlNzClBpZlRpTG9MVzU0dElUOUI3MTVR
|
||||||
eDZzZlNSM3hrNlFKd0plUll4QnJucGcKLS0tIEVKdzJUSlQR1ZyZjNVSjc0N0hT
|
eGdLNjVPTS9QbkNvYnhYWmRvV1RhM1EKLS0tIFNGK04zL3J4TUdmZ3VmOW5qQ3hw
|
||||||
QzNIaGVMUnhUR1kxN0FmZzdXN1daaEkKTOflqGPdSzNYRZeltDbkrZ6r++9GAdcL
|
QndpUStZUFlBZ3RsZ2V2V3pPQzIwbEUKDtTBG7tMnxwaDvdPGvpw1RNOJwLDL7x8
|
||||||
UVV/9mnky4ZGOXkjykPQB6yvHy+g5qhhENre13NlBJNo3XlyFSEoQ==
|
tOY1B3YQbS6Hj43c30NeeGYvFju676h94x+08ePSO4+ihdNMM387gQ==
|
||||||
-----END GE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: ge1j2r8mypw44uvqhfs53424h6fu2rkr5m7sl7rl3zn3xzv9m3dcqp97gw
|
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN GE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSTNGR5K2grVTdUTGpwOFdm
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjZzJrVXZ0bFE0YndVRDhr
|
||||||
YmpMMXB2WGNXUzkyK1JDeVFHc1ZhWnN3b0NzCisyd0p5YmlhcFVPVloc3dwbnNJ
|
WncwTjJ5dHhDVlJXQVpXbEI3QWtZNkZiS0ZzCm5FblhIR0NPZU96R2I4R2V2aCsv
|
||||||
b1lEY3FWOGl3aldWazV3Y09DbzlbUUKLS0tIFdmZ05TLyt3c0g3ZXNmdkZLVHV4
|
SUUxY3greVB5TDJzemRGbkdQdEtZRWcKLS0tIEkrQzRrcGJqOUt1WU1YMGFRTmor
|
||||||
M3lDZW9tUlR2T2NSclh4R3dNSnBoTDQK+53REvxwR6hu+K79TrdyPzyg9Gptt/Sr
|
Njg3a2xNdEhEbjBKRFFqWUV3MGNkcmcKM+aSG/4FLuM/XsrwGyNYMk3dKr+CJO4z
|
||||||
309zukSR7TLPRM7Hf0dj3VfFqBjJlFmPj7c2dyZ0tNGVhEbRQ==
|
yc0x4LzIGpN1MAMV4YBzKleL6nbv5LZbk17uaGdEe9VSJIM+GIhBLg==
|
||||||
-----END GE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lstmodified: "2024-04-08T01:58:59Z"
|
- recipient: age1se7am4c5dh35aulf5zt38ymf600hz8gah4eudr9ml4fmr8h2eqxszuel73
|
||||||
mc: ENC[ES256_GCM,dt:9/Q43NdE9eP15Z0f4jYOjz5H0nTNrIec1CM0kIzteJg7t9xNTVw6SyKom/tquni+GEr3xEJKVrB/LHPXaiLqG1pK0PrPZR+D0WlAq5hJHAyhgOdQFwyL3mrM0ZZAWo3Bk7VJMsIhjA8WSxi3TfttH8xpHiiyhuebC5a9oo=,iv:L5EObYh8rkQUq8275EFZ35afVmjUeekHyTytm+s0Gt=,tg:lj8BxGoh0vWVQHI9ewsqzA==,type:str]
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPeWlJeFdlRW5NbFBka0Zt
|
||||||
|
ZWpiZGkxaTlaYW9jWFVSYWUrSTZvK1pyRWd3CnM3OEpFOGtYZWpoa2JibGxGODZS
|
||||||
|
SVI0cWdZaHpKVjBLemF3eENFUTYvNHcKLS0tIFFQNXZwOFQ1KzBMOUxuUUpkT2t0
|
||||||
|
a01TckpGaUFQTWYxN1dlY0MyeEVrcmsKsbvBgFCgyB1IsUQBdg2z2RK1Pqhp4+2G
|
||||||
|
PiYoxl01WOqjR7tR4pyyMwadOGxK7NUJGykYinwdap/DqAGbdKyebg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-04-10T07:58:45Z"
|
||||||
|
mac: ENC[AES256_GCM,data:OcJWd7icGYtZfLZGezGRGvYRfdLWBpgYeUQDBV+wsVwYpFEaXsuuISkj1UeAwSwZsyd3dHbjf23ynkAZqlvd+ThH84bVzwg6U79Jc9ut+QPI7jRE+Us/wz1k3h/jqld34lHT9wPmsyHvy2u066BNonXbZoP2/7vJAlwdqcZU6rU=,iv:jW47SHCpYz6dBGu/MkdKn2xDZo7NC/2HnhWYaqiQO18=,tag:VUTINSn8tsYLp9ARQLXj1A==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.8.1
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
system:
|
system:
|
||||||
networking:
|
networking:
|
||||||
#ENC[AES256_GCM,data:TDvdPPvdl3DrEj5qW67F43J++D7V3YzfO6YL3g9P5vGMnC0IZAqETl1YbczJZflq9+RHooTcMbT3kIw/PC7xcC7bxQd0gV6Gk21iUw==,iv:Vy6/Vw5xX5gWttooacsDf5/dDVPW3VKjnpmKGFy+RhA=,tag:/Mitoy6mvym5/xY4dom4QA==,type:comment]
|
#ENC[AES256_GCM,data:qhveeLaM/v48No/13sSjYbqdrdNlAv8fF9ZaQeTIgO3XKjvCbu3RNMmWLzR8tFKrIBn8EAmAN53LG9CIVd7QdXY3J68sHeOHKb9fNw==,iv:D6BSMXhIeBSftqmtlPACN121knQaVLKUYedmKyyA1CY=,tag:XcvdgpMB/72yzgquR9ORkA==,type:comment]
|
||||||
cloudflare-dyndns:
|
cloudflare-dyndns:
|
||||||
apiTokenFile: ENC[AES256_GCM,data:q2KbAnezy/pZ80NzrDnkYJqmPpdws+DJR4wSWuZ78yOw53SP7Gec92JO4gQHZfrQNX0W5u8Df0RLc0uiXNnTia17MzWyFpRYiBtZ+jFdwUlqWn1ZzT6whIG8vHKNFEuZxDYy9IhAamtLZrpsmt0JYs6yog==,iv:53k9hR0GxErCk+HjtIaysaZhNt1cYOZbjwvhqKpbatc=,tag:hABkc/jzHErnlpQzkPeavw==,type:str]
|
apiTokenFile: ENC[AES256_GCM,data:PhKfudZaWKI5xPBAk3jMYB2HRieEzjLoDw4cctCYxJshjXVkNfpybkZeNs6rFasXI3KBjZHcP5yC6KA1xDFKZqTqQvhoJGpQqpAQUy2MMgUCblG4MYoz+mHiBiEWKZWZhxikRAODAYeeeuVO70cdZiKLQQ==,iv:AY0vYBSl8Slzms7HLgUz4MrPHk0i6Y9wwRemgyDBsrg=,tag:sBxerSCfqWB2hZ9+WjBjgQ==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
@ -12,50 +12,59 @@ sops:
|
||||||
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtcCs0ZGRIaXhUY2kwU2VH
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTYys4SllQRGF0Q09HdzUw
|
||||||
Wm9GRXVvM0oySU43UkROUW1MNHlTY3BoN0VRCmNJUjcxbVpTNmxoaXNWckhNMkFP
|
a0k0YTZTOVRkSFZaK2xZeWpjNDIydVZsNURnCm1pU2lzSzR4bXJqQ04rQkFrdU1y
|
||||||
bWR0eGNUVUkwVHBZcVp1Z2Q5OGYwUmcKLS0tIEc4bFp3cXBmR3ZKbEtnTldZeU52
|
YmUrTHFlWFdWbEN2TVo4RlRCaUFSK1EKLS0tIFNXUFgrSnNMbVA4ZVo4TWE3WS9p
|
||||||
TS9aQnp4cUxBRkZmQmVTSk92T3dkUFEKRGWQaqeL++nglVzX1RbbfdhhCMsKB64c
|
UUVHZmpzQ1dGbmVnK2tXQlV3ZXNoWVEKWz8ryyNlZ190FSE/E06IazAdnYer5hgN
|
||||||
EsBkSk/dufQ+VjRFqPOW76SrgIHxR5EbmH4V1R42OBOxEJmwqczRiQ==
|
YgC4Sa4EBXoMpe4UEsyHNknNY+NpJSYq/mAkkJiYxKA4zFW61o+JzQ==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzRGZNZFp4UjZHV3UxZHFP
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoejNQSzdyUkFhSWlrVG9S
|
||||||
Wk5vc2NMOEpndkV2aUpicTV6Y1M2aE93N0NVCjQyVVpBSjRWdWFzV2ovcHhPQ3R4
|
N1RpNkJQUUwrMWhKK05TWWFwbmlUUnpicUNBCi9nR2N0cWZROHBjWXhKdVFXRGxv
|
||||||
bnpxc2habWE2cHFUOE81b2t5cGJHK0EKLS0tIHVtQUVuMFM2RnNBUnMvK3c4eWpO
|
WWQycHBsZEF4QnNFRGE2YWpKbUxFSGMKLS0tIDQySU00TVF1UkZXdHpKZUM0dS90
|
||||||
VnltK3pzcUxHRDRPS1VZWlJ2eHd1RTgKl440Bo+xdkcKUDUl6v3OoaJKd+EYkpMh
|
Zmx6aHlxYS9TKzZWb2dUZG54OFlVWmsK6dQcFoFQVZA4oR7rJtfxLOA/hCiBUJZJ
|
||||||
gqGyQeIYDoNA2QC4ekCaCv4RMhkjT1CPIxDZV2KfM87+iB2jJK/G0Q==
|
FqmNsr7ek/iuKfE/s7ZlL0bpHAIKdpCgpxcdW22PDkHJcl7hDTDypw==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3ODJXaEZydXltNHZTTnhu
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBicjZUOGRpb3ozRFZRZ1F6
|
||||||
ZjNIbXA2S0dYb2NRSUhKUlBYUVlnMUtZWVJZCjg5eVQ1WHM4VEhBcGRSZ1VJWmRU
|
eWxZc3NIY3VOMFp0clhsb29OWFU2UzF2ZUY0Cm0vdDIyZ05rQkd4NTR2Q3pEMlVv
|
||||||
cEd1V3BkK1NkRDN5MUpoU2tGZ2dscFUKLS0tIHNmcUdwdEsweEJwekZQSXF3dXgr
|
ZVV3YVg3bmkyYmdrU3NaY1JGQm1STWMKLS0tIDNYRmZVUm1JR0xjd2c0SGlKK21D
|
||||||
SkVnWXdCREdlRVRLdEdlVzdzeDFxelEKqaPpTuDxh/v9vj3nc6VCB6CgCD0rrqIA
|
VUNJR01URUV0K3R5QzY1dUd5b0tuaGMKmgJGFCVvV4DmQ5Kqf/jViWt3YnCSzeOi
|
||||||
st3JxRm0DFfjrqqA1urwVvlsMW05QmP8rZTlb3+Uar67Fj7V9niEpg==
|
RiIpMva+BW5h/7L/6i1WGpwt9yuel1eYr+3lQmjef/POpsTrk5etsw==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4bGpJcTdwMDhjSnVzVUov
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJcFRKVjFDcnFvV0VJOHJH
|
||||||
NzluNFJIbnhxQ3dlSXdocldPVkVISVNtejJJCnZjUW4rMXo5RDFWak92ZW9LSVM2
|
YnVEam0zdmtjakR1SlR5V3pBV1pucmNZY3hZCmpXRlNjU2xZVFNSVjJWRlFPZE8x
|
||||||
akgvT1Q0dnJmd0l6V0JRZUE2Wi9ZY28KLS0tIGo1T3p3YzBvK0s0M3djWFIzNFE1
|
YmxJb0J2d1ppcGlrR2NBaWFwM2NCS0EKLS0tIGpmbkdaWkZBczRzRXlqUFowd2l2
|
||||||
aUlHcWZVV2hQYldDZm1heDNtYUptZGcKaf9F8FQQiliNQzZnuFZ2doolfJ/R/NbZ
|
UDB4a1JnZDdXcXgybTdIeURnYmFIQzQKGV7Uze0yGx74lYaSe850I+s3rB+h0ezA
|
||||||
yExXrqhg2kCQSY0bPoUZKBIrdFRQ2SVJfBn5YThz2XiK7ayBm3wt0w==
|
DqH5SRjtZpmYpJZDppFkIEXcAN2q2At/U9fS1LJdOopYJrSbef8LSg==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
|
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0S0pVcFlSNVZJSzdHU296
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2aHdtajRQeXhEK1JRcWVv
|
||||||
RUxmYXZjQW1jRFE5YmhncldUWDFzeng4eFZZClo4MnZqaEdBdXBiUDVQYk1nTTJK
|
SFlBYXB4bkdqbzl6Q0lHS1hJQ0x3dG5mOEQwCnBKZnhLbDFIOTNJSHpkalNVOXdm
|
||||||
bTF6Qy9hbGFZT2g3TFdQREVsVSt6Z0UKLS0tIHNHMThrMTMrSXhDd1dCekxZS3Ro
|
Ym1DUDU1bWtoSlVEWGFieGxPeTNrMFEKLS0tIENaa0NYVDV1R3VTdUc0b3VXSlhM
|
||||||
cUhrVWFuVE5QTitrbXNDVzk4TmFaNGMKtxL2Nh2R8RxK6Cme/GEr8ebJUNr+wJYO
|
T3dKVWJhUlZKOG9PNUNTTGE0aU9nd28KPXDHnFPYZkxRadqYyHGQAdWJy4sH4LYz
|
||||||
S8UhoOG07m59GIgyce+IdGKD6rl9Y2LeGDwhnOq+7L8H5l5X+8xqbQ==
|
KS5wKZZcK+kyPkQVf3QmB0A+YJc439CFc+t8zZihR1OZeSidCIUwLw==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-04-08T01:59:28Z"
|
- recipient: age1se7am4c5dh35aulf5zt38ymf600hz8gah4eudr9ml4fmr8h2eqxszuel73
|
||||||
mac: ENC[AES256_GCM,data:Cd8D58YH+/c2S+ViYnHR+eoEIQ8y8SKPuuUo4dvS78KJeuO33rADlghm9TiPLHH+JaPF52Yle0vsT6EWUJfOy+sE4Q4Esxohnj0mOBc3WM56tK4HMBpl5jDdplstkKzCtGtL8ztdjIB8g6+hcmFvXeHftKP9hPBRBc2yCmAxofM=,iv:C8oR1UW1z9HbbcjjksMyeepxngzVdizogKUVjZkN0ko=,tag:+fXA8NztLKL62NJIp+JJcg==,type:str]
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3dXNmTWxJeWN6azdzU2t1
|
||||||
|
TkRzazRCaEYxSTRTakozVFY4THorZW85Qm04CnBEYXRHbFkxck1keU9zOEtuakVz
|
||||||
|
Rzd3RWN3UzJRMU9HRlR1aCtqdzN6MXMKLS0tIDArMzNpNmRVUElhdXdrSVBVQ3dO
|
||||||
|
OUw2dnVzYnJKVjA1cUNxckkrNk0rbWMKEQ9HmXY6BOIlj8nuV4jOxJ091PNkcyaS
|
||||||
|
kW0onE22VurJQH45vVXc5uvVajwVCtNnHK9VwzvneQBOsXu3UB6RpQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-04-10T07:18:45Z"
|
||||||
|
mac: ENC[AES256_GCM,data:IGomSlCiHulZQ9ZkCpQ3dg4E6D4AXHjNwBBYubGCUIfPNU4lMn0pP0scdfXxOXvjX8dYpyDVZDaflIrSVFa9GFzI6ufqU9wziSfAuRBjEiQgrg/zJY8vwHAbladoKsLDRlChh8Yu3K82HBfAoRRKGsNCfY2OhkQCf7pyrubhMY4=,iv:TbW+JvoJz1gC2ElsU6LxQj4ctCUja6TySggGfleGSbU=,tag:XRgiDkOJFPvEw39UDl01EA==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.8.1
|
||||||
|
|
|
@ -11,7 +11,6 @@
|
||||||
./nfs
|
./nfs
|
||||||
./nix-serve
|
./nix-serve
|
||||||
./bind
|
./bind
|
||||||
./arr
|
|
||||||
./homepage
|
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
system:
|
system:
|
||||||
networking:
|
networking:
|
||||||
dnscrypt-proxy2:
|
dnscrypt-proxy2:
|
||||||
forwarding-rules: ENC[AES256_GCM,data:P5GAwlcuUI2hXcJBzAPSQBviqi8z0ccz29sv1bsSx7lkD9isTaurylD07v3tlXFN,iv:lPIbdMpUMzyhnkakw4FSxvHolyNXMVuciwKK7jz9MMY=,tag:0pKhfclkbWbPBJ6/vs5a3w==,type:str]
|
forwarding-rules: ENC[AES256_GCM,data:eGLh6dckR9E13wympTA2faMf6ChW6L2lM0zO/Ea9cIwTndtsbRU3dKh280vkdg==,iv:SS3cj+JkT64pn9anJBPtVHT2cQ5Ag2VLPpLFM1LkGS8=,tag:V/HyhSW/HDXp9LfOSjM4JA==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
@ -11,50 +11,59 @@ sops:
|
||||||
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiU2V4cmpHZ0hhRUlDNTU4
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1U1ZEaFZ5K21LMVVCU01l
|
||||||
c0FGTGxCTzNTTUJxN2lkZmZQUVlCRFVxZld3ClU2TmpxcHFvR0lZeVUxZ0x1YmFC
|
UHYwUVZoMVM5bFZ3d3JXRjA5YUZDajZIbWhZCjRGRitzU1pvc3d3LzNWaXN1NFJE
|
||||||
bFZ4QlQvajNxYTByenlDVXNJb0dGNEEKLS0tIFQvaUhCYnE4MWc1bFZtSlB6cDFq
|
M0RhQVBQVWxoZ2R6bEdHRVFwcDBid0EKLS0tIHJtaVVvd3NCbFFqOTVZY2o2cHNQ
|
||||||
aTJyS2RGWFJTNEd3Rlo3dVN6UjhlUVEKZvaWNTcKkSzLDsQ99S3/d9eQ350QM+e0
|
aEdiNXZoc3ZiUzFyT0lPV2F1R2JLR1kKMFHEXnH/3qgwtJ8koKMCmSMi4IwtwxW4
|
||||||
R19K1QHuljx3vKV+LhnJ+fCUL5bnIhvDCFVnWBWGirVzJNp4iwfuWw==
|
5kFFGaxQ47CejOJzNnrsOyDCKJtv8+3arzwlhuZSG2558trcvugCaw==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnbnR4T1d4M3pKdExGYUZZ
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHUmlHNnNrd0E5cFQ4ZTl4
|
||||||
Y0R4WVNLZnZJTmhqVW4vSzJwZjkxdk92N3lNCk9iWmJNZHVZVDFINEErRi9JZjBZ
|
ZXJmRGtScW5Nc3M5SHlqbkIxbWlTb2YzSFIwCmZ3a2llTHlITnBwMjc1UDlhRFNn
|
||||||
MDEyM1Q3cGZDWkUyZEZhaVo3K2FpUjgKLS0tIEhHR0dTak43T3pDcUtvYk02aFZZ
|
TkRpK0dKSWROTWsybWNGeGpBZWZiK1EKLS0tICtHYmNMV2RaY2llOEJpeDNqV1FT
|
||||||
M2w2RDV4UmY1Zll5WjdxSWIxZVhVMUUKAvOmavnidng3QxxHaVqQKwq9TMgbusOE
|
ejh2bTlVVE9QUXNRR3pLN1NCM0VVNUEKdesWjss0MoH6SABH1ZLT1fauZVOJyO8U
|
||||||
SnBx1ShiX0m7ZBLHPzcHuwzEOxYRvpKuV1tVDVbROPfaOYusgIMa+A==
|
9mqP/WsE727MhwsodZAnccQ906mm8IGK0LtCUxUhlJGZl+Vw5n4eqg==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRaWV0VGZFc0toUXJURURF
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmNEJwR1ljN1ZwMWt2c3NW
|
||||||
eDRKMGV6UktYWVRUcFJKVTdiQ3h6LzhlV2tRCjVMZkFqWGZCV1Q5OFBkOW1lWnFj
|
QmlPNUNvYTh3QmQzSkJKa3EzMlN5VjZwS2tzClFrQzFYdHN5eXNZOUVWeFZIMkll
|
||||||
NGFMVXBNbVF4azlUV3dLZFB3aHdnZk0KLS0tIEFObC9ING4wRUtwZXhOS2VRcnR3
|
YzRUcDkvWTVoTHJwSW11dTZJTVZtd2sKLS0tIGRUdGJ0SWJ6RDBjL25qenBWMXQ5
|
||||||
NnkrVjdGcFE0cGtEY0Vub3Z5R09zVWcKEjgqoO+4n02mwa8idy1FdASqoCkB4Ooe
|
Q1pUTlIxSFRiQ0JQb3VzdzBIQTd1RTQKis/oM+GK1zWRlSePma3dAsfOAI7d0HLB
|
||||||
j04tUVa0xufui6gITvO9DBgXbSdni5wbtabZNJ13S3dgWVY4CiDuYw==
|
RByMVCfQhVcwalWFg5kdSguUkpTX9FFkYKELDMluSyec3APRA6w1UA==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6aC9hTTB1enJYcUpiUHZS
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1Y21VVmUyaS9DUkNTM0N5
|
||||||
eENnaEhPL3JIeGp5QmczQ1pSMTRmejZ1L0FNCldzM2FFSm9NaTNGTHVmNTJwVW9F
|
S1kxdGR3MDBRM1kxcHc1UWRxSnhzY2h3L0FZCjY4S24vQS83Z2V6aGRVV0UwSUpY
|
||||||
YXIrSGFsWG05U0NXdWg2VUQ1NDVyYWsKLS0tIFQxd2hpMXJRWXhJclFzQjVzZWFI
|
ZG1mYzF0MXVUOC9HNXNFRzRZb3VwQ2cKLS0tIEdUSy8zSHNrN0s1SUt3anE4eGwr
|
||||||
VHdoVHJnNit3OE5mU2YvTjYxSmxkcXcKBips96WiE/NI7GWZVUOzdJSTIyoG4U4R
|
VzM4eExndDIyeVdRVFIza25xcVlJd28KSsMwl6kWUiA/1euqHhuicwrhApVBs/zb
|
||||||
haVYaHJJ1xW/E7WqJKn/E+wiMHFNcQJFOi6/JkWGLCkEE5tDLSDibw==
|
lf5ez4x8FDiZKY+fyhJRSrZnW607d48OegIjZrslJLSU2EBqt+ZHXg==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
|
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVY0pEaVR5NWMzR29YQUFY
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCWG9HNSswN3RiYk9KcW5S
|
||||||
R1p2ZFdEaVN1NXYzMW9oR3V2aXJxdDR2QlFvCmxsVDBCQUZnRllvY3NEMm1DQXpj
|
dGNpWXcvZXNsVmR2dmtOZjRTL09DVmw4ekVzCmhwZVh5M0hHMW9VM0tDZnp6bUVO
|
||||||
aDRCZjlnM0xZaVpTVlpXd08wU1VIR3cKLS0tIHo5TGNmMXZHSXpYQW5ITHpwTWJE
|
TFdyeVVqaldqdlk2Uk1vbCtMbXlZSkkKLS0tIE4vWGhaOUZZbWRlZkRtWXJkOXMv
|
||||||
a1hDZXkxSG9FR0laYW9nZXFnN0NyUUUKa9dtMzPzZqWi1Z6gBxOh355Om8865AT5
|
TCtaeERmVWpXNlFLS2pTNVZVK1Y3NFEKV5keoMVWpjC6H9enpcNwOb1kraWlKAJD
|
||||||
j0SjD1Zl00RvaC6mZQrhOB6Aq+eYHe3w29jkmkAGvIHXH8p1fNt8Hg==
|
E9qoFk70o4LOJbp+WauuNw8I6/WIxgKxUr4xN4Uj/WN+/IG3NtssZw==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-04-06T05:12:13Z"
|
- recipient: age1se7am4c5dh35aulf5zt38ymf600hz8gah4eudr9ml4fmr8h2eqxszuel73
|
||||||
mac: ENC[AES256_GCM,data:JVJ58TeYh66P6PuhSeCAZpXS5tu4H33rG5GZcJYorhT8Bldn72CTo9AhyhNzVHhfK1fIPI6VLyQM5rBUxBQVHWufx8hnYDrhBQdR9d3po8KKnyfpNgYS0rhifYyon5GUl4BW89RaD45+ZbrE1kIsqCYwwim/bcVYqXuRh1CGYeA=,iv:lRU08rccGMH5ykhSE8bREkog4ftXUporCj+YMsOmUN8=,tag:tIekpP6QIp1Ce2s4a2qO8Q==,type:str]
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3K05kM2M4NU9vRTVGQWpO
|
||||||
|
SWRWckhyTmxaTSttNHRFbVJyZkF6ZldzVkRRCklIekxYZW8wNWtlOER6d24yM1NE
|
||||||
|
R1U0WExrbU5QbEhoZXp4c0xLT3ZuNFEKLS0tIGZrN1JiR1RRajB2MEhYb3FMZlcr
|
||||||
|
MXhHSlRORktTMlZKenpKOUpQeWd2ZDQKluaK9G++4UbKZZ+eesZd+7j+uZ3VEsOm
|
||||||
|
FPEUQJnnxNCou2t2CoDNwm9u4xyQJXBW2Au6ucJx9noLpjvuB/NZUw==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-04-10T07:18:45Z"
|
||||||
|
mac: ENC[AES256_GCM,data:rOSRK5QlwvURaliwEeowRNJfQRnvj0cuu6TPvmtSpcX4BBuqZ9zItmXm6aGPVAJaRgEznRVjdA9yLRDU8p/bwZckeyaR0Z5Sf7N9e9Gq9NaX1goT190wIADy1pHnCbf2nroNao38M8AH+REwJ21yWLAfSf26i6YTJgQFgmypEFQ=,iv:7pyXsGJmWgU9l4jSzPqYNgzNzvIjDT2jy238QE6UghU=,tag:dq5mNG0Qr0380vfhDGWjsg==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.8.1
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
system:
|
system:
|
||||||
mail:
|
mail:
|
||||||
maddy:
|
maddy:
|
||||||
envFile: ENC[AES256_GCM,data:9WbOJfLkcobfnZJBOVqMaw8UNCH7kwXz5Cle5PHEUSLMAtrUKXTEmjkD+nYZK1sdf0fueGxNTxS20f+W+rRBRDMGT3VpJtdFAizt3vprkV/n4y5X/qHtu4y9WmnkfjHfHsJyt2h3DkmD/IV5p21VU3dc+rFGeiFza9jar2WhlrDLRAA=,iv:3Cw9JBiHlmFq2oMHyUQn88fxHifimdOjn69EcRnP1Zg=,tag:I+1hs8C8WbEr+w6aye1Kxw==,type:str]
|
envFile: ENC[AES256_GCM,data:g2KPadrCaW/TWvoRc+AbhdJbSgG2FcL+h1k+0FCgzHkQ4dFhIBunFIw0jdPvV8Xou+/gLw7Mogkgg/MMzJzsvUHkosK1TotH8TaKxtJ0VsH0SlDWrOhFUMrt1474/O3iLkS5YK2U9+3r9HIJ2SqnSy6Kp9IZWrh7ttbWvOth5pdfR0g=,iv:rzpBXGhCWzRMkLNhgQaT42exCKfMTJlcSFRFsDz6Jns=,tag:KPypsSSuxgBvf7LAMdudRA==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
@ -11,50 +11,59 @@ sops:
|
||||||
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4Ri81REp4T2xXZGNZWTRj
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5c1FCWWlsTzg0NHdKOHEw
|
||||||
UmR0ZmlweTQzaGhkTExBWVg2bjhvVXhIQVFRCjM3STlpekJEaU9VM1cvQ2dTa25Q
|
SENVRzlKL21DWFZ5SlV0ZDVNSmgxSEV2K0M0CmVlSjR5OW45VVp4Sm1LV2J0bTYv
|
||||||
SmhxMW9ENGxRdzdpTS9VZUJQQUx6cEkKLS0tIHV3NDBHbFBuRnM0OFQ3WDd6Tmor
|
SWl2cWEwTzBXZG9FdGkrVnFDQnIzcTAKLS0tIEJnendjTmRGZis0eEI4MHJtNkpY
|
||||||
dEVUeW00SUdGQTFZSXpiZlkwWCt4SVkKabNchXZ58+lR1EvuOS8131g1OuhlJOiX
|
aUpEeW1xWTI2RVJza09DU2lhdzcwWlUKdZjovENidw2gsdhrwd2CfBVW8Sghx2x9
|
||||||
Co11IqKudC80CM5KKlAmYcgzQNQvHJ+mDJHUG4Da7Q1aSBvu7nO/4w==
|
oZCM5u6089go+wQuhyURhyG8ZFSwAylA65VPTH9mm9hpV7AMSbS6Bw==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqTlZJNHpvcXorR29iWW83
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqOUs0ejBMN0YyVjR4Q3cz
|
||||||
REVMUXBXSENia0ovcldKS2dxUGdyYTJ0akZZCjAxS1RyeTZ4SStyeWdoOVlRT1NF
|
YnhLZ1d5Sk1tbnRMWmZlR01zY0owaWlaeEMwCjlKZ09pSjdob1NKL2FuRzlXTkdq
|
||||||
UE8wMFZwRGhIUkxKTVd4ZHdmeTArMlUKLS0tICtBdk8xd01zT2pNdjE5d292bjJu
|
a0c4YjhGZytHTERvaWg2bEZCQjNiL0EKLS0tIGttdDE4VG0xYUEzc0pOM25ZVXBi
|
||||||
NENlVVV1SWpWWDJ0R3BDR08yUjdISWsKl/57RicdIvCDEfa2tgfJgWG+H0Iokx0T
|
ZnZ6TzBjeXdGSnVsTktGN0k3WkJsOWsKg6vWDZA9fScS2Vw5Iz+jt9TcUMK/K8/G
|
||||||
5fOtsbLFx79pHGiuOaUMBXL9LuEAcoIpTJrK8XrythIIfPQNST0P+w==
|
/Y+SYNoRP90Iov6idl4LJugsRRjY3X+AjAy+ThHEzanIFMOUSkdQ+g==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1ME53U3RUb3pKdDNhTm5o
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlUVNxQldIaXk2WU5hR2RF
|
||||||
eWRDWDZGVGJPVWIvSnpQUkRRcXdVclppMFFzCjF4YVpRS1dCYk1VQi9FYmJuc2VI
|
R1Q2QnJIY1JLcDE4QWZjeHdBQlRHZE9BTHhnCkhZQkppWHIxR1N4MGFVWjNlbk11
|
||||||
YUJrNWRTaE5UWm9OWVJ2UzJDaE9jVjAKLS0tIE0zWmFmSlhGN241QVJoUWpqTUpu
|
UldBMllITk1Tekl4MVY0MXpQT092cG8KLS0tIDRaYVdwT3VYRHJzVVlueW8xL3hQ
|
||||||
dmN6ZWs1THZ4bWViK2dJeTh2Q1dnQ2cKg7BQoyElsRF3Udx1aHLSK+dGVcyZUnLe
|
UGU5SGJVSU50OW1OS3hRRGNKSnI0WjgKR22yT/87dDaUnUn5p66Mp/sAkaFofHJ4
|
||||||
+4inhxJj07J0rfIhME5hY0FDf4z6uJ4VhmQOoDSL82FML5GGBrS79A==
|
k9tYGeZ0ASqRG0FMOZO6er41M6MzBt66jDxnkeJsa8ZW/qa4tx4MCA==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBNTE1ZjJlVzNSMm8zZzRZ
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKSU55S1B1QXl5UElqbHRX
|
||||||
alNBaGFSOHRxWE9LdHI3azFienk1OTRnTURZCjU4enpTcHFlOXBzalZqbGFXQXB6
|
WmVMcFNOZXVjVDhzeTRJVWJUV2JVeUhqc0RFCjJYT2wyem45Vlh1WkpTR3BsSnVt
|
||||||
c3FON0FsQStDOUtaQm1xNVBIWWdiMTAKLS0tICt5MVBDNGJGMVhBaWhRUW5LeWsw
|
T0VxbEExVGlySENJQXVSRmZXMDAzZnMKLS0tIFpLZHJQekdGRTZrYys2cXlVTmVv
|
||||||
VExYT3BiNThraEM2Y0EvdGFDUU9OZW8K8feLH4aFtQB+AypdriaS6HyX2T/Ziz/E
|
RElIUFZURktLd2trcnRKVXArV0pkQUUKXwaXOUQWDqJhtgIKz0wwTIyh9bED87mm
|
||||||
7vROXS8BoU60RXcCcUE8v8HnrZ+eslWgR91Jw1Uvc0j1jqm5+A2yDw==
|
E/0dYsbdMcpguk3FRT4g3mcuU2w4b57l/0pcGWui1QwHWsA3X/tkJA==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
|
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCUUFUQXBvVkN5aVB4cGhG
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2R0VlSGRuK2g2d0xUODFq
|
||||||
Q3Z0RFc1ajJCbEhWUWVKVCtRTGs5NVRDaDNZCmVXbldRbm5CT0tQZDhXei9IQ0E3
|
YVBCU0tqaG96Z1RhSWJ5KzAxcGtPeDc2UTNnClVtb0NnazJuZFhFdzhoVzY2cXcw
|
||||||
YS8rTnNsQkVtU3NTWnNCUEx2U1grT2MKLS0tIEVlaFlieGVWQ3hnWWQzMElaeG4z
|
a3k0c0s5OVRPeFQzazcyTjVXVG4ySjgKLS0tIFVlSU1QUlRPSFcvcDVBNWo1b0cv
|
||||||
NWRYMDhnNURKUldQUzhhNXR4MC93OVEKrm6N5Nvr0ywLwzT24eTSlKotBuE2u+2O
|
QS9jZWNuYlE4U3FhTmNWZFNvT3lzZkkKsQDEqNUUUcNXKvAip9a0SSEIVglgHrmI
|
||||||
7EXddIRuKEg1Lc0DporbE1eXAehKSofp10pmzXfLlp6dF82asIro9Q==
|
qvfv8dGMxmh55RYJ6+jOypMhwD2HcIqBBUvSUIAW31K0k9SqmrNx8g==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-04-08T01:59:36Z"
|
- recipient: age1se7am4c5dh35aulf5zt38ymf600hz8gah4eudr9ml4fmr8h2eqxszuel73
|
||||||
mac: ENC[AES256_GCM,data:GtTLqVnxurgGZNIXBNJ0P+huf24hwVOzabFJUZ+E8vBfV3sebV/V20K/rPKX84USpAh+7D59x8iVI5ZsBZEpAPXemYkDQk/6qfeGso514prPS8HqjQJxQ0NHqC7bv16/b5WltJEGjL+AkpJLJnWdBSzO7x7LgVMKtnpc+r3qm3Q=,iv:lbZ8OQS5MdSwj1Usag6UUR+4Yo51d2lglSknWH0UD5s=,tag:lZFGSPWrnJLIX5EqLTxYdw==,type:str]
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArZlhXY1ZReloxODlRWVdr
|
||||||
|
SFh5eDhWS0pGV0xYcGxicHhFZ0JxUkF4RkVRCmRhaGl0ZktiY3ZKSm1uTS9VWFFQ
|
||||||
|
Z2Q3V1lKNldHaVUxWC9rUS9scFB3UncKLS0tIGJ3NnZUNnhxWjRseTdGQW9oakhj
|
||||||
|
SkZnMHhDRENkSExNWkFKUU9XOTVQb0UKzCbZsDqSwbtHRkKH7oXOITHJ5LHU3pzp
|
||||||
|
7pEsBGmhk8PyNHlaJlAWXunqBW+zD7tuhJgH+hSA/Wr46y2Hck5P1Q==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-04-10T07:18:45Z"
|
||||||
|
mac: ENC[AES256_GCM,data:5of7TtrBQXrreK6yxAZ4zddm0byWbAyvWmJSDQ1LC7GmIxJOWHeY0Mvy/oUqioz5HbEjQIt84ftQLpPeJHed3qfsqujV4lXWyb66R+lXw9JvkCx02KgM3Jli82etjv91EzPv1HolfSv6e6pQd6xjhpPQTGucp4Ombu4PvzU9Q3Y=,iv:JINmbJloNXcF503e6Iwvp8+zrjfXTmRBNXX8KPqIDo4=,tag:zo8IjbFb5zsNVi0sCfhNKw==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.8.1
|
||||||
|
|
|
@ -35,12 +35,11 @@ in
|
||||||
|
|
||||||
# extra user for containers
|
# extra user for containers
|
||||||
users.users.kah = {
|
users.users.kah = {
|
||||||
|
|
||||||
uid = 568;
|
uid = 568;
|
||||||
group = "kah";
|
group = "kah";
|
||||||
|
|
||||||
};
|
};
|
||||||
users.groups.kah = { };
|
users.groups.kah = { };
|
||||||
|
users.users.truxnell.extraGroups = [ "kah" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -11,17 +11,34 @@ in
|
||||||
{
|
{
|
||||||
options.mySystem.services.traefik.enable = mkEnableOption "Traefik reverse proxy";
|
options.mySystem.services.traefik.enable = mkEnableOption "Traefik reverse proxy";
|
||||||
|
|
||||||
# TODO add to homepage
|
|
||||||
# modules.homepage.infrastructure-services = [{
|
|
||||||
# Traefik = {
|
|
||||||
# icon = "traefik.svg";
|
|
||||||
# description = "Reverse proxy";
|
|
||||||
# href = "https://traefik.dhupar.xyz:444";
|
|
||||||
# };
|
|
||||||
# }];
|
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
|
|
||||||
|
lib.mySystem.mkTraefikLabels = options: (
|
||||||
|
let
|
||||||
|
inherit (options) name;
|
||||||
|
subdomain = if builtins.hasAttr "subdomain" options then options.subdomain else options.name;
|
||||||
|
# created if port is specified
|
||||||
|
service = if builtins.hasAttr "service" options then options.service else options.name;
|
||||||
|
middleware = if builtins.hasAttr "middleware" options then options.middleware else "local-ip-only@file";
|
||||||
|
in
|
||||||
|
{
|
||||||
|
"traefik.enable" = "true";
|
||||||
|
"traefik.http.routers.${name}.rule" = "Host(`${options.name}.${config.networking.domain}`)";
|
||||||
|
"traefik.http.routers.${name}.entrypoints" = "websecure";
|
||||||
|
"traefik.http.routers.${name}.middlewares" = "${middleware}";
|
||||||
|
} // lib.attrsets.optionalAttrs (builtins.hasAttr "port" options) {
|
||||||
|
"traefik.http.routers.${name}.service" = service;
|
||||||
|
"traefik.http.services.${service}.loadbalancer.server.port" = "${builtins.toString options.port}";
|
||||||
|
} // lib.attrsets.optionalAttrs (builtins.hasAttr "scheme" options) {
|
||||||
|
"traefik.http.routers.${name}.service" = service;
|
||||||
|
"traefik.http.services.${service}.loadbalancer.server.scheme" = "${options.scheme}";
|
||||||
|
} // lib.attrsets.optionalAttrs (builtins.hasAttr "service" options) {
|
||||||
|
"traefik.http.routers.${name}.service" = service;
|
||||||
|
}
|
||||||
|
);
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||||
|
|
||||||
sops.secrets."system/services/traefik/apiTokenFile".sopsFile = ./secrets.sops.yaml;
|
sops.secrets."system/services/traefik/apiTokenFile".sopsFile = ./secrets.sops.yaml;
|
||||||
|
@ -35,6 +52,9 @@ in
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# add user to group to view files/storage
|
||||||
|
users.users.truxnell.extraGroups = [ config.services.traefik.group ];
|
||||||
|
|
||||||
services.traefik = {
|
services.traefik = {
|
||||||
enable = true;
|
enable = true;
|
||||||
group = "podman"; # podman backend, required to access socket
|
group = "podman"; # podman backend, required to access socket
|
||||||
|
@ -95,7 +115,7 @@ in
|
||||||
|
|
||||||
http.middlewares = {
|
http.middlewares = {
|
||||||
# Whitelist local network and VPN addresses
|
# Whitelist local network and VPN addresses
|
||||||
local-only.ipWhiteList.sourceRange = [
|
local-ip-only.ipWhiteList.sourceRange = [
|
||||||
"127.0.0.1/32" # localhost
|
"127.0.0.1/32" # localhost
|
||||||
"192.168.0.0/16" # RFC1918
|
"192.168.0.0/16" # RFC1918
|
||||||
"10.0.0.0/8" # RFC1918
|
"10.0.0.0/8" # RFC1918
|
||||||
|
@ -158,13 +178,35 @@ in
|
||||||
main = "${config.networking.domain}";
|
main = "${config.networking.domain}";
|
||||||
sans = "*.${config.networking.domain}";
|
sans = "*.${config.networking.domain}";
|
||||||
}];
|
}];
|
||||||
middlewares = "local-only@file";
|
middlewares = "local-ip-only@file";
|
||||||
service = "api@internal";
|
service = "api@internal";
|
||||||
};
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
mySystem.services.homepage.infrastructure-services = [
|
||||||
|
{
|
||||||
|
Traefik = {
|
||||||
|
icon = "traefik.png";
|
||||||
|
href = "https://traefik.${config.networking.domain}/dashboard/";
|
||||||
|
description = "Reverse Proxy";
|
||||||
|
widget = {
|
||||||
|
type = "traefik";
|
||||||
|
url = "https://traefik.${config.networking.domain}";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
mySystem.services.gatus.monitors = mkIf config.mySystem.services.gatus.enable [{
|
||||||
|
|
||||||
|
name = "traefik";
|
||||||
|
group = "infrastructure";
|
||||||
|
url = "https://traefik.${config.networking.domain}";
|
||||||
|
interval = "30s";
|
||||||
|
conditions = [ "[CONNECTED] == true" ];
|
||||||
|
}];
|
||||||
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
system:
|
system:
|
||||||
services:
|
services:
|
||||||
#ENC[AES256_GCM,data:L5ZUZZoFkMaTErRqwkG03SVET5x6AVL+4OvX6ukQlvFX+P9ICYY6lDGDmJARUXDm2yW6hllqA2FxoteFXT5LEikraLywI5jGDgQMGw==,iv:fHYZ9LBvFVT24xeN7HSjlNhFse/MIhb6/3XCUbdCppA=,tag:tq+MbSt+jhvNJfdpuQ5ddg==,type:comment]
|
#ENC[AES256_GCM,data:VQrWiLlHkqKk80oZqXVyLJt8JBaLIoqKr7tGlXxaRD4Dny8/ZlOy6qw4Bdj6vEUmawBDlHEK+sn93+XnmwzHgnWtUdzgzbAklBSnoA==,iv:Pq3DN3+iWW4mnFSiRhqo+SI3HNZoqjvsuQYaPXKYTZg=,tag:G0yjrWrpnHBn/TB+HUEL3Q==,type:comment]
|
||||||
traefik:
|
traefik:
|
||||||
apiTokenFile: ENC[AES256_GCM,data:hVIUCHU/AU6SOGt7JEVYuE55LlT7AhSuRpkCEWrsKxhy0K5jRZhYb4G30sXrOv80gb8T82ItYjpi5ytckGq325A4Uzn2dYQ4P9sv1uRxrcJrSOuMvpeWnijT33wbxn/fcg==,iv:5065MjT63rYvx/+ivfVha/+VxaTaHicfmshPI/9qfYw=,tag:S7t/Fr5R30lwO3KvuDjHWw==,type:str]
|
apiTokenFile: ENC[AES256_GCM,data:ja9KJ7/jhEJnEyI7Nj/9CtnP+VOP0Xpv2ZSmxAvHcRhcE3JG4NSHN1YgxzbzCwa0xvy1vMf4Qw0R/zHbmdgytgzBPuWHoML+GJndY6LDJlihda5gXG909KWOTuTIbuGqvw==,iv:zmDwzHpYdpBuhEHieJxiSRSkHWaHgshysaJkbGGpMzM=,tag:QErXZHxZKPsWhuJProt0Tg==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
@ -12,50 +12,59 @@ sops:
|
||||||
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLbVBCZGdUU3dJR0VXMUQ2
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIVHcyRjRJZW9ZQlZBa3py
|
||||||
ZUhYcEZkYVBRZkxteGkzaXdDNUVzNjdFUWxrCkgwcXZYZlZ2Wk1KbDg2VGpmZXQ5
|
djV5THprVjhPT3JGT1Z0MjhkNlFKdFZnNFhjCkpmUVhGTmlyQXJVOExxQ2ZaNjEx
|
||||||
K3ZxR21FZGpJWFpSakltdzN6MUh0b28KLS0tIHRDK2dKQ1Q0UGpBM2oyYzhuSGo2
|
TllocWNOSjBmVUtCblNUb3V3TkVuSWcKLS0tIDh6T1FKZmx6K1dWZEVlMUU3S2RC
|
||||||
TWFTYnpYbDZPeUVtbTdXNm84RFJoaDQKFB0HX9yJ6D5jQRd8qUsLUy4ZcweYv1Qh
|
MG10QTAzU2l2azg2Tlh5L0dxRG1aQ0kKED5IgaOfb4rBbfpd2XzCbzF7wXyNj+6T
|
||||||
BJlQJOlMi+OliSiWOPsI8L8SJSTWJvy6ZX/LcebuQ0tlXeNd3HYAQQ==
|
VYYAnxILFNm0FcqeV9sCva40KidCBGL9FRaURJLOIK6Nl8vtGO61Ew==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBTXp6aExQTVh4OFVKV1Nz
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAybm9lWS9JWXZybnVKR1Q1
|
||||||
UU0zbEJnR3Nvb256TllyYXg4OTVOektoSURnCllWZUpwc3ZObjlWT0YyLzRiQ0dM
|
UDB0djBKdTQ1aFdUM1dScDFFOGMyeGM5Nm53ClpzbVBWZjZydkY4NVVQT3lMK3l5
|
||||||
Sy9GSCtsTkZyVkJ1dDJnbmh2ZHdrZG8KLS0tIDRPakxzRWt6ckRzZzVZQzN6RVlU
|
NjRkbHFxZlYvOXBoWGNPVGJQQkxsclUKLS0tIDFiR1IzZEhxbUFSUzV0Qzh3aFBs
|
||||||
MEhwbFpIK3hTeGttS0x3Q0dHdHZhNG8KovgKj2k7N/lpGT2j+e1u+3uX3EAMwAwt
|
WFYwa3NsR0VHb2RkQ1JyZnhMR2Rkc1UKi3X1ZzzMzr565t889tCM1duwqu+HlXAS
|
||||||
uHI2LqEtfaMJZQvsP409G4QkEy+o7GJ7N3LpAXFAPvnJbH5/n7WxiA==
|
G/4aaaqJr+7TMmjuNIVh2o19XNv0SquW1RWbv1dJ7fc4maXnaJBxSw==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCZjFiSDIzMVVNMmk3ZlBn
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxUVBUMmp1NVNsRldvS0Ns
|
||||||
SFFpbE10Q0ZZMlhGbElMTURjeDFhUmlnNmdrCk55ZHY0Y3o2SGtaM2ZOTE5QOFo1
|
Vk9Sd1JzS1REdGMxMWNaNnNEWVpCWVFIY0dFCjlLc0w0T01Oc0RUTXQ2eFNjMjBF
|
||||||
WVdEWGtzWTIxbWtXMmF5V3JvVjBpVFEKLS0tIEtVMldydlRvdHJLYzVnQy9kUnNZ
|
ZGFjOHc0czREcTF5L1QvWWc1TWpxK28KLS0tIHpHUnlhbC9SbTEzUGtNQ2U1aXk4
|
||||||
OHJUSlBlQ3Rhb1RYUVNQSWNLWU5NOGcKEHjjav+ACT+HQ9haoMfRei7cAOPugMDs
|
bFZQbm1HYTRoUlFrVVdRcUt1Sk83eTAKhtrNaITlaCSJaIlN93SwsTIX6IoKtO0W
|
||||||
JsSRPWnVBYPx+9AxDY030Aw6vMw9+rFSuCp3PMH4mNbCcCucaIWWSA==
|
2rJWmtVzZ2gpgBpqGUS+do/mJ09ltmsz0dc9/wbSTNgVKC+kcef0Cg==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzQWhCM2dpZDFkVVE4SVJq
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTZkpjNm1nbm5nR3V3RFhy
|
||||||
SXY1ZVh2ZWlDRnN4d2hsREpwU0tYMmpKK0hzCmhkSllSM0NGdHZiV0o4dWVac2Ft
|
WTIrMjZOMHozS0JiNHZGZFRQa0Q3aDhGeldnCmtmUC9NSFFsdnozOGZuR1hyWU5Z
|
||||||
Y01nUlBKUHg4eE1YZWZlU29Vd2lEelEKLS0tIG9DdmdoaWVBMTJ2WnBnWXI5d1ZX
|
b0t4Y3lyNVVodWxPaXlYandkYXlON0UKLS0tIGNrR1dmSU1LNS91d09GbkdmZkFj
|
||||||
VGtCSTdPcDZHeVdUL1Z6S3hoUE9IR2sK8WyNXZDiJG3ox+nBcwTXdn3fmd4kS2z/
|
S2lxSGlNWHltUFhaQ1lRQ01aalNPWDgKmRpcodDVgO9Rb2zpRKmIUaS00FoAyCif
|
||||||
aUV6ql3vLdsu3/BxLq3v00AXXYNOnWmVrUxTJ9Lv1j0FM5Gh5LupQw==
|
izDG6Tcsf4fa4wnMVwKBRnmJHJ8OTyDThk5RIv96ZlAVrZJAn7p77w==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
|
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVdU9TeFlSUWZISytBTnNn
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrVXRjRHV5NStlU2Q4Qzhw
|
||||||
RWlITURiQnY2Ni9LMWZ4R0pBWDJmaHpTZDJ3ClVackV1UHNYUXFmeUliT0h1aHNR
|
ZHBhUzYydlB5TlUzQzJKQ0dtRFZSYTZMNml3CkRqSkRKYWdTWFlJYm9aNlAzdjg0
|
||||||
S0M4NWg0NkYrL2V4NXlIUDJ6RE8rODgKLS0tIGEwdGpxNVNtVDc0M0k1ejl1ZmFX
|
Q2Urc2QzRkV3SG9UZ0U4b0RmcE9qOUEKLS0tIFM0bG1hSWV1bGRUTDBNaWVaOGFk
|
||||||
c2VQSk53WEFoTFdFUTM3eWNVamxwNTgKBYqQy+ILW9MdRPDgRBVw8sOyYF40rhYz
|
eWFqK2taVTN2aE5yVWQvTXhPQXN0SEEKUtgEBN5hxt+8N0/CuuqrFfTVlb4WGieR
|
||||||
yP+Bu6EBAjJDOP/Ywx6I7u6AmlTRcOtk8PmJ8eo3raP07at+jrXsaw==
|
Ww8jDkzXsmaYcbTRv0lajyxdTlfhubhDcKSWguP5PzqRC5cdJxXpqg==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-04-05T08:20:07Z"
|
- recipient: age1se7am4c5dh35aulf5zt38ymf600hz8gah4eudr9ml4fmr8h2eqxszuel73
|
||||||
mac: ENC[AES256_GCM,data:a/J87IQL0X7XQycpZXWg2otlBe7/W7Ebe0CAKunnyF8Gm9RRMWdECrFeBDtAyVAHl2F6gqlNTyEMsOVE+aR6+xu91rXr332k66SnSQcMOjQ987+r+t3b1hUZ9Cz+qNbtepXaGTuCNQ0JH+o3ezkA1D6BDIvf6S4IRWRT9psOiHI=,iv:2TXiGQDDK2nSTAb+n3baFfng9jDPoe7Ts9Au9dTRclA=,tag:MZFBEcpOmoX0TN33OMoApg==,type:str]
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmK2FjbGJkbmFqekUwOFkx
|
||||||
|
d2ZDN2ZZRU5pMENNbjlVRTIrZGlGNEtpanhvClBDbndLcHFTbldlZlZ1aGpHMDFP
|
||||||
|
ZW53Y1pBbGJ6dFR1Y1ZWbU01Q2lKdUUKLS0tIGRoSDdSbmIzSjBEamZIQ2Q4KzBK
|
||||||
|
emttN0Jmak5DU0R1cDlxdmkzL2tQT3cKW/3h9EQnwzw0AvLKv5yPc3boXKcgqFv+
|
||||||
|
rLyBO0sTld1T8JQ5tpw9dX/H8RgKXu+9E2zVdHWkPrnEpRlK11TyRg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-04-10T07:18:45Z"
|
||||||
|
mac: ENC[AES256_GCM,data:mVVRkH+oCh+V/witg8XWh9pfDSOMc3nRCxnyqoE3DVA1XEiX3T7dC9bbJspAUGI+fte19u0FafbswmRUO1K70zfXkRhK4GKDRyAysBmdCZXpcf3IIlEaP/XblR6jHtuEE68hNXfA15SEPk3x3+P5kNBXIQwKl5nPCah7ZOugJao=,iv:uK19ZNnejxWGu5dLKDFLGP6gLZ3GOteWWYsCPkxZ0pU=,tag:1F2eU32hP2dV4ssWQBh4KQ==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.8.1
|
||||||
|
|
|
@ -5,5 +5,6 @@
|
||||||
./security.nix
|
./security.nix
|
||||||
./systempackages.nix
|
./systempackages.nix
|
||||||
./nix.nix
|
./nix.nix
|
||||||
|
./zfs.nix
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
43
nixos/modules/nixos/system/zfs.nix
Normal file
43
nixos/modules/nixos/system/zfs.nix
Normal file
|
@ -0,0 +1,43 @@
|
||||||
|
{ lib
|
||||||
|
, config
|
||||||
|
, ...
|
||||||
|
}:
|
||||||
|
let
|
||||||
|
cfg = config.mySystem.system.zfs;
|
||||||
|
in
|
||||||
|
with lib;
|
||||||
|
{
|
||||||
|
options.mySystem.system.zfs = {
|
||||||
|
enable = lib.mkEnableOption "zfs";
|
||||||
|
mountPoolsAtBoot = lib.mkOption {
|
||||||
|
type = lib.types.listOf lib.types.str;
|
||||||
|
default = [ ];
|
||||||
|
};
|
||||||
|
impermanenceRollback = lib.mkEnableOption "Rollback root on boot for impermance";
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
|
config = lib.mkIf cfg.enable {
|
||||||
|
boot = {
|
||||||
|
supportedFilesystems = [
|
||||||
|
"zfs"
|
||||||
|
];
|
||||||
|
zfs = {
|
||||||
|
forceImportRoot = false;
|
||||||
|
extraPools = cfg.mountPoolsAtBoot;
|
||||||
|
};
|
||||||
|
|
||||||
|
initrd.postDeviceCommands = lib.mkIf cfg.impermanenceRollback (lib.mkAfter ''
|
||||||
|
zfs rollback -r rpool/local/root@blank
|
||||||
|
'');
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
|
services.zfs = {
|
||||||
|
autoScrub.enable = true;
|
||||||
|
trim.enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
};
|
||||||
|
}
|
|
@ -5,4 +5,5 @@
|
||||||
./system.nix
|
./system.nix
|
||||||
./users.nix
|
./users.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -15,6 +15,14 @@ with lib;
|
||||||
mySystem.services.rebootRequiredCheck.enable = true;
|
mySystem.services.rebootRequiredCheck.enable = true;
|
||||||
mySystem.security.wheelNeedsSudoPassword = false;
|
mySystem.security.wheelNeedsSudoPassword = false;
|
||||||
mySystem.services.cockpit.enable = true;
|
mySystem.services.cockpit.enable = true;
|
||||||
|
mySystem.services.gatus.monitors = mkIf config.mySystem.services.gatus.enable [{
|
||||||
|
|
||||||
|
name = config.networking.hostName;
|
||||||
|
group = "servers";
|
||||||
|
url = "icmp://${config.networking.hostName}.l.trux.dev";
|
||||||
|
interval = "30s";
|
||||||
|
conditions = [ "[CONNECTED] == true" ];
|
||||||
|
}];
|
||||||
|
|
||||||
nix.settings = {
|
nix.settings = {
|
||||||
# TODO factor out into mySystem
|
# TODO factor out into mySystem
|
||||||
|
|
29
shell.nix
29
shell.nix
|
@ -11,17 +11,20 @@
|
||||||
in
|
in
|
||||||
import nixpkgs { inherit system overlays; }
|
import nixpkgs { inherit system overlays; }
|
||||||
, ...
|
, ...
|
||||||
}: pkgs.mkShell {
|
}: {
|
||||||
# Enable experimental features without having to specify the argument
|
default = pkgs.mkShell {
|
||||||
NIX_CONFIG = "experimental-features = nix-command flakes";
|
# Enable experimental features without having to specify the argument
|
||||||
nativeBuildInputs = with pkgs; [
|
NIX_CONFIG = "experimental-features = nix-command flakes";
|
||||||
nix
|
nativeBuildInputs = with pkgs; [
|
||||||
home-manager
|
nix
|
||||||
git
|
home-manager
|
||||||
nil
|
git
|
||||||
nixpkgs-fmt
|
nil
|
||||||
go-task
|
nixpkgs-fmt
|
||||||
sops
|
go-task
|
||||||
pre-commit
|
sops
|
||||||
];
|
pre-commit
|
||||||
|
gitleaks
|
||||||
|
];
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
20
zone
Normal file
20
zone
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
; Make sure to update the epoch time in the SOA records so coreDNS picks up the changes automatically
|
||||||
|
; https://www.epochconverter.com/
|
||||||
|
; you can check this file with the tool 'named-checkzone' from 'bind' package
|
||||||
|
|
||||||
|
; SOA Records
|
||||||
|
$TTL 3600
|
||||||
|
$ORIGIN natallan.com.
|
||||||
|
@ 3600 IN SOA gateway.natallan.com. gateway.natallan.com. (
|
||||||
|
1682790203 ; serial number (epoch timestamp)
|
||||||
|
7200 ; refresh period
|
||||||
|
3600 ; retry period
|
||||||
|
1209600 ; expire time
|
||||||
|
3600 ; minimum ttl
|
||||||
|
)
|
||||||
|
|
||||||
|
; NS Records
|
||||||
|
@ IN NS unifi.l.trux.dev.
|
||||||
|
|
||||||
|
; Metallb
|
||||||
|
hegira IN A 10.8.20.30
|
Reference in a new issue