From 3124b95f1e2cebc33b8f05922a57aa2a6ec1ccbd Mon Sep 17 00:00:00 2001 From: truxnell <19149206+truxnell@users.noreply.github.com> Date: Fri, 22 Mar 2024 20:21:33 +1100 Subject: [PATCH 1/6] chore: new keys for dns01 --- .sops.yaml | 2 +- .../optional/cloudflare-dyndns.sops.yaml | 50 +++++++++---------- .../common/optional/dnscrypt-proxy2.sops.yaml | 48 +++++++++--------- nixos/hosts/common/optional/maddy.sops.yaml | 48 +++++++++--------- 4 files changed, 74 insertions(+), 74 deletions(-) diff --git a/.sops.yaml b/.sops.yaml index 638fb8f..2179251 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -2,7 +2,7 @@ keys: - &nixosvm age1d3qtnwd73k0npgwhqwpwysdpqa2zyyjyyzs463f5rak9swmw45gsxdyjyn - &nixosvm2 age16mwx76r29pa9lnmagujw9adxrpujxmxu38hjfastf6pgw6v66gjs5ugewz - - &dns01 age1y399g6q8cg0efzqdywrswp5uugsfeuxg54ptp3vacrvaknl5dunq22wt5x + - &dns01 age190fm3dlfxtf5smttyqxtrht4ac2ldfhkap7luppc0aap8w6r940qvjyc8t - &rickenbacker age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk creation_rules: diff --git a/nixos/hosts/common/optional/cloudflare-dyndns.sops.yaml b/nixos/hosts/common/optional/cloudflare-dyndns.sops.yaml index 2c545e6..e289fd5 100644 --- a/nixos/hosts/common/optional/cloudflare-dyndns.sops.yaml +++ b/nixos/hosts/common/optional/cloudflare-dyndns.sops.yaml @@ -1,8 +1,8 @@ system: networking: - #ENC[AES256_GCM,data:pZhhqGtwLJ4JiBm9056d8HQnzvQZeAghKkOButPkbnjXmXxzKWSZVJhbqU0Hc+XBs+EcUOCcvsSDd+Pkue9sxEwJoTmWIc8WzvUTHw==,iv:bKt6g8YBlsMxXcKaPW+5uMNbTh93YxnHxjOW4gwPrhY=,tag:kx7grZBcgSvYn2TBpDiAnQ==,type:comment] + #ENC[AES256_GCM,data:akTbC8VrlNiKiFjRe+8hQfainn2iif6e5HWcCdNW8Ghzo6wp18H11e+DXp6D/kS7iVjKijPWTyZxwXUkNjfOu9WfmChKOoR2ZDdvEQ==,iv:DA2jbj8Ru58F/pZjmQIVHCZT5FSlJF/q0Kw+k89Kw20=,tag:jW2qH9StRljPoyzypnYXYw==,type:comment] cloudflare-dyndns: - apiTokenFile: ENC[AES256_GCM,data:HCPDP3uDBchxKBT0iu5obiLK8echeVyWfhBJ2ejq2cyZV00Uwh/t+usEMzmkrXdBGHUpafMIkUkAcOhCJYa8f9bEFYcJVowbE+nff3GsBtm4rA7Hx0ZVgHOjSyEVo6vPtWgX1y8EwUrAKSZYCoiG7uI/Gg==,iv:BZWwztLfSjg5n57gTsXiVZ5sn9mJzizS15KGkCHnalg=,tag:9INru4xTAH8gMXZcqHS0uA==,type:str] + apiTokenFile: ENC[AES256_GCM,data:quhI3WLwtSOAMaTGMwfZjU0ctGhb+bJaNShawEM9LnuLGHcsBkO9jKUERksU/hcsbCROGsQlhESrJ05guAlU1XXqDxuKHXEc5Q4MhzYAxnTpLuqJp21/CHVeJUMrMn3AyY4MGJHK608qZHcP8aULQvH0Lg==,iv:Z6bW312x9jyKUKPSHj9oLV7LXOD4WtYDCK7KXuVI+tE=,tag:8+7HudCbkfix0Xs+F041xQ==,type:str] sops: kms: [] gcp_kms: [] @@ -12,41 +12,41 @@ sops: - recipient: age1d3qtnwd73k0npgwhqwpwysdpqa2zyyjyyzs463f5rak9swmw45gsxdyjyn enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOSlhOUWRldTVEaVg2Vk9L - eDVXaExqbWRtSVlaVXBCdXpGek1oVXZ2a0ZzClpOUEtjMEE0KzNobmFCLzg0S0Vh - WnhKeDFUOXdvZ25ndjhuVitWWE0vVlEKLS0tIG9zZzNvWU9KZ2c0SEsxN3oybjFw - Q3RTL1Y2MjYrQW40UnZMZlZVUncwVEkK7Sh4kSeSxgtbclAdQdITzOVpSBbF3t4R - tvUEEun08V5FO01QzyNuTBC9q5geGwRgjvtWSX3lECSD1AaG7VuNCA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2L2krTXZNY0FrN0U1NDcz + bklZeEt0dkJBcGNsTDNMV1l6dk9sWmxkanlnCmhGWDA4cm9yL2ZzRUdoajJQU0dE + aFNDRFdvMVJ6bkhDWlJaSzIzYktXaTgKLS0tIERtakdTbk5ZeGhKT3RWVU9yOGZx + ZkZ6Z2JZV0t2Q1AwaEpHTExLRTE4L2MKjzSmZz1SRvCv6bIjh5ubWd32PLZLie3S + euYl9cTFCE4ZZwnYVqEAox4v0J8NZgI5S3ZzcpCElzNk4bkVKT/hYA== -----END AGE ENCRYPTED FILE----- - recipient: age16mwx76r29pa9lnmagujw9adxrpujxmxu38hjfastf6pgw6v66gjs5ugewz enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPVWsyR2JqSHA2NEQrV3k1 - SkFjV21oMERJR0Vra0pvalpMNlBVVTY3eVRRCnNtOVhiTkpGY1hwYW9RYW83TldX - aWxhZTRWKzNQYy9DWnpwbCtmWWMrbzAKLS0tIGpRazhEZHpRUVVmWFh5QnVlcGVn - citoYmdhRUlNODdlaVdwbmE5ejV2RlkKJh/ZHEnDe5yjY88mzXFHE2rQgIjybEgC - EnbmboDKby/Ns4Rts8M/qS9AUcbk+3B5Ls0IM4zPIGPH1UflKbFbJA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSMGkvYkFjR0oySzJacTRY + M2xpMHpyNytqdWJHVGlZTnlhRERaVnQ3MDIwCnAwOGlneTFtWnVxRnloZ3lReThl + N3drNXdXekxKTWZDZDc2YWwzMU5QVjgKLS0tIEN5WTVHUnRqUWltYVBQRmJaNDJS + d3BwaExLbkE5ZVhrVnpUNHdiVnFvTGsK+DqQ1aJFg6xNjPgq2qUu8zd7J4HjN1/D + 4XgtITFC0dxjTLjqzQwvTsh0+VMSdht9GOXlVe0Wl/N4aye8kaWAcw== -----END AGE ENCRYPTED FILE----- - - recipient: age1y399g6q8cg0efzqdywrswp5uugsfeuxg54ptp3vacrvaknl5dunq22wt5x + - recipient: age190fm3dlfxtf5smttyqxtrht4ac2ldfhkap7luppc0aap8w6r940qvjyc8t enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4ZzdmQXdLZnl1dWhnN3Mv - ZmRtRE85ZFhqYkpGbTQ5ZjRuN3IyWjE5UVJnCnNFT1NqQ0hGMjFHNmlPVmxYOWYx - N3BXOC9Ic09hTTVydHhPYzg5U3NwWTQKLS0tIEw4eFpDc25HeW5GK1NBZUpHYWdL - NEtGMXZabVlzejhMOHRBVDNoeTVkbmcKbx3mHeCwfjWB1RfsGV2fsGgr+A6ObkhG - 4Ki+HkGB1XkU/gkU6PwyAq3/9wF/h7otoGHNcvKuMVZNj8AbtSy15g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFZ1ppL2s0NXQvSkI0VjQ3 + dXBERlM0bEZDVGJielo1bDVUbXFmQUsrOXkwCkJYcnR0ZUZHd2ZTY1UwVksyU2RK + VHRZRHYyRTdDTittMlQwRnAyQm1XR0kKLS0tIDJTck15TVU4bUJCd2V1SElsa3hz + OU5wS3lKWjhZSVJnZDdxVkhOOUJsTTgKfWGqTVDllMLHoRH01bzQiQI6sBzpfYU5 + 9F3QgbYuGHHZ4PGw6gIsLEVoa0wemg32v9130IHcPwKEi36baxZynQ== -----END AGE ENCRYPTED FILE----- - recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBISTF6ZGt5L0dDNHp1cFRK - SUVMVnlmOHFKR2hEMW43OHl2WVc0T0xnOVhNCjFlZHJjUEIvT1NYMHdGSS9xMkNY - dFgyeHQwRWRIbzFPREU2M0Vjb3FObTAKLS0tIGxuSHF3RWtiZE1KZG80K3BlMWh5 - M0x2SzNYa2QvZlJ5aW16UWRGMU1RYU0KTJIhjRj5g5yiSqxHupbPVSUsuasCgmST - OG3iofre+AVi5WfWTaSArfpTCm/y1z2UGbSK+KmJ0SM4xayyTvLbIQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArd0E0a2FtUmt3cmRMcFBo + TFlROWUyQm5vRjhOTlV0MkVGaE1GQ2pDZlRzClRHWHd5WE42QUV0MmhINHE1akFV + YVRLSENJSDlIbUlDU1Fvbjl0NTlEdWsKLS0tIEEzcm5kYktTdGJPWENqOXZncU1J + T0hYbkgrSlBuTms5cEliLzlGYlREVXMKNAcri4/FFhYk61NyGbrGCEt2WygwKCTT + nagpiYUefVWCEOJA+oOhiosH91dFowBjD5kOmhilNiePqkRnw1Ekjw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-03-21T11:56:33Z" - mac: ENC[AES256_GCM,data:afQFkMRxfYsBKPfoAYSH1sNkGWDZRMH51PREmCnBb5UyZ4dEIPaLeZfnnOVY5+91EsJDURpXO7Moks6NV1zm36IdrBBkUG/2kHYQDbsrO7OQ+Lpuqk/e+Mp80oAkisWVIjytEDdzrHH4xs6YVj2/ihbTA2pVnqiBNMViEx2mGN0=,iv:w65sp9n/iqy6c2By90xCEjJKL6KwbZiB8fIb9RsEeAw=,tag:au3SnXULfI2TXsRuYQMNIw==,type:str] + lastmodified: "2024-03-22T09:04:04Z" + mac: ENC[AES256_GCM,data:AONax3l32loJDdW3tuhXxHUyj+kcKpLWqe4Ewak6qRn+bIaTQCJs+QkeUDezDv6oB+lzKB40iZY319pVpvIc9U56KN1qUSiBxoWCWhdZ2m/dPmhVq0C76LwySb9zXwvKtysI4iSN61aZdd4IhXV4xzb4Uo5Ne6Z0OkJb0ZMJbCw=,iv:n/Uc0FkLkV3e/lvlwHurluDPWv1BGRXn36g+5+daFhs=,tag:IwKb4iBXq7+i1lgcXRh1/w==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/nixos/hosts/common/optional/dnscrypt-proxy2.sops.yaml b/nixos/hosts/common/optional/dnscrypt-proxy2.sops.yaml index 240acdc..6d3ad93 100644 --- a/nixos/hosts/common/optional/dnscrypt-proxy2.sops.yaml +++ b/nixos/hosts/common/optional/dnscrypt-proxy2.sops.yaml @@ -1,7 +1,7 @@ system: networking: dnscrypt-proxy2: - forwarding-rules: ENC[AES256_GCM,data:pQ/4p670nxLQB2aVenFag/Ngk+SgGXDSW8GZJDYCRxsv7A/2qtuhw5qQ+x7Gmx4OonJy9futOg9EsylfztelUnGSve09Yx/KuQUAd5ctnfBnLWqOtX1snpm3oHD0eRYOEzo/UUJlAo26qTwOhn0t56ATv+LemIsn94wCjiWA2mg91T2VuIPWRoHfpZB5JxAV5/9vUfiGdLka4TugxDzsEvFtYAGuta3pJuQJ8Fv3O+idTsF9izU/JZKNTDe1kwngT5paMQTpAi2dqLq0MgjaXbhJsTBpYwctRy7Qs2/Q5AjNvXTfrmtIHy9wo9dD9MWRoYHC27wsMiuMlwrfNSZpt1mMVFddsS+GhpEfTwp1XPub8Cavc74VmYzQLL20e0/2jH4Swjq+mCtBGnnW+qA4ZMCbh/NDpNhm6Am5hPB49d+Vxfdhp/QeNOis55usD1aYAAoM5FFCH9NzOWCHcturqxc=,iv:FmjGnacQU17+/SFHzauuj//R94uKPhTv87rcL4QvVjk=,tag:lGFrCyZ6Dl/n9HIIdZZf4Q==,type:str] + forwarding-rules: ENC[AES256_GCM,data:bf8dxDhpC4oovrKvXpp/Bi88munuJhLRbMomUCaSDqfuS1kXBR1r1l9BIkNFF+7vYRQ1sdD0Orxas0GbHw2Vv7EmW7Ra70C3EhgWSccdCBXljzvYHqna7gnSzho0HeFQWsO6vXOZb3+32lTGNjV+PEQ1+96Sy7jCzvxSjzaxkNM6wODlt2nNXbNff+xBVHDWosis4NdlbK3HHYhlHW58SP8uc8yCbzhPiTzlFJLPsq1KHHh20JrS/DWOCVx8tWMZiFd8TKU0HM+9pbeCgTeNn5KbBW6szswdmbDxjsM7l02Dqpyg2pXOrJWLNVT15oQxC9davcHpI20+ffJLjltqDCgVTaTSwaxxUcU4pTA4bMG/mMBqAT24/84QuB8y9Bt+4fsHbzAfFXA6wQIcmbZCyK3OS1i9evdY2waubaPQacMozghu0CprhNmCITG0OwdveeUh5WLMbg31cKlYJzj6qtQ=,iv:eepiiimaUg6iRKJ0f9JrGAT5QAXjYuouRuVoGUCQAyM=,tag:gLq9pspJjGKygxazvtSXDA==,type:str] sops: kms: [] gcp_kms: [] @@ -11,41 +11,41 @@ sops: - recipient: age1d3qtnwd73k0npgwhqwpwysdpqa2zyyjyyzs463f5rak9swmw45gsxdyjyn enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0TCtBSTMxVGZGbDlqV1JX - V1JtWTRTaXFKdlhvaW9oaXozN2hPanpNdDJzClQ5MVcxcytRMERiZjRGRmZ6MTlK - SWxpQWhGdk5FVVZtUEJMYnpEdFcvRGcKLS0tIDlwc2x2aGdCZkNWM2FIQXBBTzg4 - OFFPeWVIWGI2NWhxMEhjWGtHeVl2bGcKL8r6ktx/OfboZGy8FPJqLXrschvhatMe - BEtT4vbCGw7Zj6KjaZeJoMIdHtIcC1wi7N4sB6oIvCyxBpQajfFfCQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSK0ZBSmptK0NFZDIxZVcx + bEJsTHhENU5odVh0eTVJdFlScmFlN0ZlUlUwCm5BcVp1Q0QzM3ZZd3ZBajgvRTNm + Z21Qd2FUWmJReFhlTmJXOG5FbzlXa1EKLS0tIFN2S3hmRFB2NkNZUXRXdTlCTDJK + NmVRdlF5eWE2MkJhOHV0U2pBQXBEOWcKy1tLWJ/D0//hhlC6LTq5geIEjx5uERhP + w/3OB4q8zsq+0qQftynDP8WiEedbt/WmyvQ9Lc1hkNSghGf4hk7EKA== -----END AGE ENCRYPTED FILE----- - recipient: age16mwx76r29pa9lnmagujw9adxrpujxmxu38hjfastf6pgw6v66gjs5ugewz enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhekpvRzZHSkxEcFFPVjZh - b2p4SCtrRnp5UzZlU3NLb04wQzRXY3NWT2pVClJFM0dVNVFDWkErWDdRL2Q5NEth - NThEako2L2JrT3VBajBwdUVJd0Q5Z00KLS0tIGNGekF1Um1xQlJYMmc2Y2c1Mlhl - ak16ZVFMVnBwZ0dJRkNzRFRoanE2L1kKW4Oxl4WniSVQuQTxTfEBwUOY7FBsJKp/ - FZwpti7hhdX6Fc7YAXj59KClyGBzyzOBVboY0bQzMD4XuoRkgd5aDA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOYnpMYmZ2VVlrMTBaaDZq + TWpDc3F5am5GNFE1K0pna1lMOEdKTllSMUVJClBhMHFZR1N2Q1FXdTN3LzNnRlBX + emNqVXlZZzFLVlNvaHhBWXc5NkJsdjAKLS0tIHd3cTkyN2s0VXFtQ1U1Z256eDZO + RjNqN1pDUnRBdnB5VzE3WHJYRVdLRkUKRBHs+6Um4iltS1tLnY8aN1q6N9e2WqV5 + S/iIEezFN0tyu43U9tt2sTLtvXnadqVy/MpIMZEnHfj/sEM90GMb4g== -----END AGE ENCRYPTED FILE----- - - recipient: age1y399g6q8cg0efzqdywrswp5uugsfeuxg54ptp3vacrvaknl5dunq22wt5x + - recipient: age190fm3dlfxtf5smttyqxtrht4ac2ldfhkap7luppc0aap8w6r940qvjyc8t enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBha0pRZlczNHd3SlJmVDBU - aTZaT29mbW9oZkJGL3hpNDZFbkpsSGk5dmtrCno1aFU1ZGsyYUZETUFtNHBzL2tU - bHpZVE1Jb2R6Z0QxYUc3cGNpR3N1MzQKLS0tIFFUc2VhM2tTNHRSanYxOVZmNVpK - Yi9GemV4c0hMNWRNWnplVnNVcnBjUm8KF3NraIgrWU18VlWpiPC1l2iaUqwrPNkS - L8geWFzOPa16/0tLbFJc22v4z8XJor59msEqZtBHTSjKCk6SrA2mhg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0V1EzZDBYUDJXUzFRRTI3 + WG5RbjZaQ1A5eWdYTnBYSjBSUmdSWFFpaWhBCkJBNnNQVUxwVGN6b2o3aWpyVTM4 + N0Yybnp6NzdUUVVtUS9Ha3U4R2pwMDgKLS0tIEJlaGhlL2xmSVJLdFBseU9ZUUJh + RFZ5N3hRWC8vTm9HRjBadzlVeU9yRTgK2L+OQIsmZ9UgbzAass0vvcmB7XE6apT1 + h+uSB0GpTz/+bebn3pTVjRjZXvy2ofMd1d+77NTR4LMm6WObXuI77w== -----END AGE ENCRYPTED FILE----- - recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1Qk9WK0IwY2hjQkIxMm9F - NWhiQWV4WjlpK2p3Q3NrblBROG5xa0oyYjNNCjVqRys5dGxabkl3eUVWNWNCOHpx - N2RiWThzNGovMFlVcmhrZjVHR09pelkKLS0tIGRFemo3NVh4dGFxNm1JOGM5TXFK - YmVhVU4vT2JWdjJyWkRsL3h0VjJESFEKMVOK8FxLJJyYIPF5i31QoULTJRjq8s+8 - 0T4tZXvJV9WgKG8qWTo4pGfnQDDp6QdqSzb2b02WQJEexmaeR979fw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLRDFUWEg4K2psL2Q3WnhY + cjVRbzI2eFQ0OGkweCtQc2NUa2lUMllLMUVVClVTZHdSZGI3bk1aWjJ2UnBhdnJu + M3QvamVJVCswSnltd0Q2V3A3WUZMWUEKLS0tIEk5WHJKRW1GVXNZN09jbGxaL01x + RWFaY0N4TnUvaSt2VFBiVUM1ZmgwbDQKdbZSPiMacUnCX4rNhIHOrO1Pi/zu2A9y + Ro+OYrEql904vJSbVcaTfdj6VwnLnulEzPFFyBfn2MJW/kMxkxa2tw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-03-21T11:56:33Z" - mac: ENC[AES256_GCM,data:7i10h+RJUJamnPvFIcORQrDukNudtXHLXeNkQqGHCCWsRPnXOtP8Yw8/l0QR9TH5BIxT/u7mjJnz7WfmhghkYSnKPqyHEmYtoLgmq4AsrpSoXUgbBdMDgm6UZr8NqkE2J0EUDI1AhzAH9JCakRBsrO07qRsHyjiH5Q01w0oLYTM=,iv:4gqb0eHHsHkLNLZ0jTqGRp8OGad/49VKmhINLQwlc4M=,tag:13noyAbETQkj7uVSCRD8pg==,type:str] + lastmodified: "2024-03-22T09:04:04Z" + mac: ENC[AES256_GCM,data:fbkL3OLExxWMcmpanUwCEPbMgr/sAJrrsjLFAkqe9Jqjd+Oyrk/Lx4rzCFIU2EvX/eT+EhTy37BkwpBnV9dVyFAcYdwWHheiUdAh9zT64ioA/59kjM1V9o28ZtYbILybJFpiOKCN069uJ6MsmhIgllET9ocEQJebbezzSfbjvpU=,iv:YNCUEe45zX/LUU0IONLLRLXmdfDshrFv9Rnazc2il6o=,tag:Phu0IYqI1Z4g94lENRHNxw==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/nixos/hosts/common/optional/maddy.sops.yaml b/nixos/hosts/common/optional/maddy.sops.yaml index c6c2aa7..61d0226 100644 --- a/nixos/hosts/common/optional/maddy.sops.yaml +++ b/nixos/hosts/common/optional/maddy.sops.yaml @@ -1,7 +1,7 @@ system: mail: maddy: - envFile: ENC[AES256_GCM,data:VFqV/ZqnOlJeJKNZ0YGf1ORPQGn61GFqaSyHnRwh2aH/Xe67FJEsUsY1HW8hsZ3nKssmk5kbvvUZ39kqwUpqQtwhkE//YOhFCdYzW1hsT2nc/Nfm8pSGSiy+VTKehp1/QBsm+p9n4kgvlIwZaneerMQH+Z3B/1d9285wckZWrFuMxWw=,iv:lj9OGG5vEgF1osQIpnxYHEYwVQMAZaeWqSXfES2ESVI=,tag:H1PTFWs3iNwInXUe0e5aFA==,type:str] + envFile: ENC[AES256_GCM,data:JeWV2weTxP5yHRPwX5+cbettIzvG/ZE11UXwJ6rI9eJhlfGzlRcfFz6fFgsbkiisj1V/jYiWavCn6dcvaK2wzgnt4wPYexjRXDci/4zv3VJ6+Y5PuSwwrAwlA8RtdKTDHZ8OOgYmNmByW2LgIQi4s+qdVtrCO8NukrcHaLFPJx525xU=,iv:FP8+TAvrxFNDeeUQDSGhuBm7OpH+uTPDvWIClUnZQRI=,tag:ktWR20EKEPdFGXUZya7ISg==,type:str] sops: kms: [] gcp_kms: [] @@ -11,41 +11,41 @@ sops: - recipient: age1d3qtnwd73k0npgwhqwpwysdpqa2zyyjyyzs463f5rak9swmw45gsxdyjyn enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvWXFWT0ZJaHVwMSt2by9Z - cXEyWDBmb3Q5VEEydlZoMU9PdGt5cFM5TWdJCmg4VC91NXlMdHg2OXFZeGlTK0ZJ - eE5IY1V3N1pNTHRpZGQ4YjlrU1Q3KzAKLS0tIGxFbkdoRU81b0o1UGlHeFJ4eWkr - Q2VjY243REx4ZzlVd2M5TlhFSjBCTm8KlVvxg9WvhEvhhKozS03hCz5doU3YnIal - erRZggFlxzdpG5Nk/tfEaQhGL6HeeF5j8uBO/x9E7DMYpxtMxwA5BA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMRUhOR1FrRkFER3hGN3Ra + SXVhdlRFRDNtTGJ4REsvQmFEN3AxZVFad0JRCktZZVVBZk1GcDV6ck51anlFL01r + c200SHY2cWY1cEdDTzdjc0pWQnhDajAKLS0tIGNkbS83SHJjQWZ6NlcrbmYxaE9y + NkhYQzdqWjZnKzhZMGVRV0QyajNJblEK3B9+oBGIPWB1Cgo51FNC9EdVJVgsf3Vx + 4ZVL0xTf0+/cCgAvVRQF36uGwOJTxeyW+RcbAsythW5cGigsYBJ8Aw== -----END AGE ENCRYPTED FILE----- - recipient: age16mwx76r29pa9lnmagujw9adxrpujxmxu38hjfastf6pgw6v66gjs5ugewz enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEREVkRmJGRTdiUlhhMGQ2 - aytPZnM3NnNFcWtrRHJqVWlCZ0FGY29JVDM0CmZSbWhsVlBPTXZxL00wUHl1Q3pn - aHFnQWQzNllZaDF0MUIweVVFVlhoMG8KLS0tIFpaOXl0TU93Z0Nkbng4L08xbU1Z - VzhGdEwzTDh2QVlZVVhJbkYxV1pJbncKcx51Llv2qiX2hTHx9P3+STFYhuG9SKqM - P0JLENehLDU4pYF3qva92dr47msBAEPmnVTs4C4Lj6aycoc4WXhjcA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxUGFsYkNCR05LRDBBWWZC + NFFhYzMrZGFvM2E2SGk2UVdHU3lsakdzZW00ClB2K084VEhreWNYaTZSSWZRU283 + SVpCaGRVM1hvV2toSmFRajdJRGxjdlUKLS0tIG5KSWVYTkZqdkVwZkptZlY2S0Vo + dEdRRXVZRDJUZmt1eE1QVnZXQnNlQWcKZhnZ7YvWPP8NAV2XdLepsLFswDz8Zc2X + HI9amGzzFHx3+qWZTjOnU419yB2EOG2ky+HBJ/jZzMfjfGhFztrTTg== -----END AGE ENCRYPTED FILE----- - - recipient: age1y399g6q8cg0efzqdywrswp5uugsfeuxg54ptp3vacrvaknl5dunq22wt5x + - recipient: age190fm3dlfxtf5smttyqxtrht4ac2ldfhkap7luppc0aap8w6r940qvjyc8t enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkSnlXSUJ1cFlVNVdobVBQ - Z3lYMW5VY0NKMFlZOC94WWtyWUdDdnZjZFVFCnZJeFUyWlpCbGdzOHpNbzdOcEVF - Uk9XTE92ZjhiVGNuaTN0SDgwU1F4dkkKLS0tIFdVNjl3c3VQaWY5eDUxRG9LT2w3 - Ti9HYmplcW8vQnJObk5zU2VjcXlwRGsKDhUS5CF7CXK8ZxdJ4qpZx2ZV8LAYsiUw - x+W8bmsyUlMRGX6qxi/U834t25k8/49eDWkjQXMHvIO9oYXEUak1iA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByMmtFZzdESmE0aXdzQ0ww + S3kzNzI5RWxDbTA3RnFvTW9PWEx3bk9za1hjClQyMjBuRWpwTHJodUNKVVFZSzlm + SUVQN0EzMjJXRzM4OTJnMjVncEVmaE0KLS0tIDl6UW1acmdGdSs1eDgrbmhYZmpT + b2tXQ2FMSzdvTURxQUgvdkMrc0J6MHcKo53yp9yS8oKkq04wbIkY2KPy3w6Om3Tq + wkzWFMnQsLUzEZn5QGOQOLMx3vcA50+axu1Rtg6875S9xWRIVgwUgw== -----END AGE ENCRYPTED FILE----- - recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0QW5aeEJnY0R5SmNnYldM - UTNZaUZCWDdMMVQ2bWZCWk5TZ29KVEhWa2tzCjdSc1h2K1cycllFbTZqb1VteHhs - N0l1K2hkem51ZGx3TlZDQ1J6SVRDR28KLS0tIG1UaGVBNzl5NUtocFNzYVlUWkUz - K0lDVE10a0hZZ0xQcDljWnZmc1U1L1UKyjf60ujEGDMJ2/RNRjT3y3eot83UOdKY - cbQBKcKrUHs2JeVpcFQk8jy7CaPXSGJePmp8jicArw1nGJvCReaGEQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3clhXMkpsMUVGSzhPMm0r + eFVBOXc3c0NKVDlLdThQS2JvOVd6ZmxvekQ4ClV1NWRxUVIrLytlSUpNVDl6QlBa + YmJQVXU2cnBGQWpZMGRyOXorYUtiSlEKLS0tIFJkVnMyclNhOEJPQi9ESVhrWXN0 + ZjR6cENFbDcyV1lvQ25RaGpGdnhWc0kKfmlbziidJ1714MRWuAZtZ/wLWccGMjtr + 3YHJ6FF1kexDapxe9perMapXaxq/tY6DxAoOH/BOtjwcS7aeaXJFYg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-03-21T11:56:33Z" - mac: ENC[AES256_GCM,data:hJxB91k91sDyZjmIntzCakFnSiLr7+qBPeneV8RmPJBod8Z3cFwHJ0pv5LyO7wIFhleW2kH+NM8b0Go4uiz7G683wfc9QTUxiUh5tR92a4xK5QnoMQ5S/AgDM9FDWYQ2cRWutqIdMA/TbGsfrwNLCdiGli5N4Ie98y3BXlGyuIY=,iv:NldyFeAF/hJEdg4VVymtHEebfbJD/GaxGaP55F/vKY4=,tag:e709To5PwxJJvDPVJhJecw==,type:str] + lastmodified: "2024-03-22T09:04:04Z" + mac: ENC[AES256_GCM,data:vIHgpWqr2AFZtVxHaNKAnI21+5h1LVfk0U32eARDCXb1OEgbP5voTDtzbVlKxEOB91/Yj50SMUJ8u5+JgBkwim9HB07xEfBrhbOIdgF0O5KKo9L15+xexLwzLsq22XJ35JBmvw21O5nPIibsC4u8lUMWsHHAjuy5hdUky+Pt4lY=,iv:Gu9T3GhuUZkKxFWH+p9ZE5MHZHLwBE3t5v6VcKlmt4I=,tag:ZoKd0mpd7bFTMgXWrJ9Log==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 From 86b8c32a9e087769f489d6b8cae09ff271617c18 Mon Sep 17 00:00:00 2001 From: truxnell <19149206+truxnell@users.noreply.github.com> Date: Sat, 23 Mar 2024 11:43:07 +1100 Subject: [PATCH 2/6] feat: add laptop framework --- nixos/hosts/citadel/default.nix | 103 ++++++++++++++++++++++++++++++++ 1 file changed, 103 insertions(+) create mode 100644 nixos/hosts/citadel/default.nix diff --git a/nixos/hosts/citadel/default.nix b/nixos/hosts/citadel/default.nix new file mode 100644 index 0000000..1860ce2 --- /dev/null +++ b/nixos/hosts/citadel/default.nix @@ -0,0 +1,103 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page, on +# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). +{ config +, lib +, pkgs +, ... +}: { + imports = [ + # Host-specific + ./hardware-configuration.nix + + # Common imports + ../common/nixos + ../common/nixos/users/truxnell + ../common/optional/fish.nix + ../common/optional/monitoring.nix + ../common/optional/reboot-required.nix + ../common/optional/gnome.nix + ../common/optional/editors/vscode + ../common/optional/firefox.nix + ../common/optional/sops-nix.nix + + ]; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; # Enabled for raspi4 compilation + + networking.hostName = "citadel"; # Define your hostname. + + # Pick only one of the below networking options. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # Select internationalisation properties. + # i18n.defaultLocale = "en_US.UTF-8"; + # console = { + # font = "Lat2-Terminus16"; + # keyMap = "us"; + # useXkbConfig = true; # use xkb.options in tty. + # }; + + # Enable the X11 windowing system. + # services.xserver.enable = true; + + # Configure keymap in X11 + # services.xserver.xkb.layout = "us"; + # services.xserver.xkb.options = "eurosign:e,caps:escape"; + + # Enable CUPS to print documents. + # services.printing.enable = true; + + # Enable sound. + # sound.enable = true; + # hardware.pulseaudio.enable = true; + + # Enable touchpad support (enabled default in most desktopManager). + # services.xserver.libinput.enable = true; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + # List services that you want to enable: + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # Copy the NixOS configuration file and link it from the resulting system + # (/run/current-system/configuration.nix). This is useful in case you + # accidentally delete configuration.nix. + # system.copySystemConfiguration = true; + + # This option defines the first version of NixOS you have installed on this particular machine, + # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. + # + # Most users should NEVER change this value after the initial install, for any reason, + # even if you've upgraded your system to a new NixOS release. + # + # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, + # so changing it will NOT upgrade your system. + # + # This value being lower than the current NixOS release does NOT mean your system is + # out of date, out of support, or vulnerable. + # + # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, + # and migrated your data accordingly. + # + # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . + system.stateVersion = "23.11"; # Did you read the comment? +} From bee7534630fff2f32814d6b8c163704985e75752 Mon Sep 17 00:00:00 2001 From: truxnell <19149206+truxnell@users.noreply.github.com> Date: Sat, 23 Mar 2024 20:48:23 +1100 Subject: [PATCH 3/6] feat: rename host --- nixos/hosts/citadel/default.nix | 42 +++++++++++++++++++ .../hosts/citadel/hardware-configuration.nix | 38 +++++++++++++++++ 2 files changed, 80 insertions(+) create mode 100644 nixos/hosts/citadel/hardware-configuration.nix diff --git a/nixos/hosts/citadel/default.nix b/nixos/hosts/citadel/default.nix index 1860ce2..3838124 100644 --- a/nixos/hosts/citadel/default.nix +++ b/nixos/hosts/citadel/default.nix @@ -29,6 +29,48 @@ networking.hostName = "citadel"; # Define your hostname. + # Enable OpenGL + hardware.opengl = { + enable = true; + driSupport = true; + driSupport32Bit = true; + }; + + # Load nvidia driver for Xorg and Wayland + services.xserver.videoDrivers = ["nvidia"]; # or "nvidiaLegacy470 etc. + + hardware.nvidia = { + + # Modesetting is required. + modesetting.enable = true; + + # Nvidia power management. Experimental, and can cause sleep/suspend to fail. + # Enable this if you have graphical corruption issues or application crashes after waking + # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead + # of just the bare essentials. + powerManagement.enable = false; + + # Fine-grained power management. Turns off GPU when not in use. + # Experimental and only works on modern Nvidia GPUs (Turing or newer). + powerManagement.finegrained = false; + + # Use the NVidia open source kernel module (not to be confused with the + # independent third-party "nouveau" open source driver). + # Support is limited to the Turing and later architectures. Full list of + # supported GPUs is at: + # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus + # Only available from driver 515.43.04+ + # Currently alpha-quality/buggy, so false is currently the recommended setting. + open = false; + + # Enable the Nvidia settings menu, + # accessible via `nvidia-settings`. + nvidiaSettings = true; + + # Optionally, you may need to select the appropriate driver version for your specific GPU. + package = config.boot.kernelPackages.nvidiaPackages.stable; + }; + # Pick only one of the below networking options. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. diff --git a/nixos/hosts/citadel/hardware-configuration.nix b/nixos/hosts/citadel/hardware-configuration.nix new file mode 100644 index 0000000..09462b7 --- /dev/null +++ b/nixos/hosts/citadel/hardware-configuration.nix @@ -0,0 +1,38 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/701fc943-ede7-41ed-8a53-3cc38fc68fe5"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/C634-F571"; + fsType = "vfat"; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp12s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp13s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} From 0559b947b7e016a7b806bab62e00a0c05af4d80b Mon Sep 17 00:00:00 2001 From: truxnell <19149206+truxnell@users.noreply.github.com> Date: Sat, 23 Mar 2024 20:51:52 +1100 Subject: [PATCH 4/6] feat: add host --- .sops.yaml | 6 +- .../optional/cloudflare-dyndns.sops.yaml | 57 +++++++++++-------- .../common/optional/dnscrypt-proxy2.sops.yaml | 55 ++++++++++-------- nixos/hosts/common/optional/maddy.sops.yaml | 55 ++++++++++-------- .../rickenbacker/hardware-configuration.nix | 10 ++-- 5 files changed, 106 insertions(+), 77 deletions(-) diff --git a/.sops.yaml b/.sops.yaml index 2179251..ef7e25c 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -2,8 +2,9 @@ keys: - &nixosvm age1d3qtnwd73k0npgwhqwpwysdpqa2zyyjyyzs463f5rak9swmw45gsxdyjyn - &nixosvm2 age16mwx76r29pa9lnmagujw9adxrpujxmxu38hjfastf6pgw6v66gjs5ugewz - - &dns01 age190fm3dlfxtf5smttyqxtrht4ac2ldfhkap7luppc0aap8w6r940qvjyc8t - - &rickenbacker age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk + - &dns01 age1y399g6q8cg0efzqdywrswp5uugsfeuxg54ptp3vacrvaknl5dunq22wt5x + - &citadel age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk + - &rickenbacker age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc creation_rules: - path_regex: .*\.sops\.yaml$ @@ -12,4 +13,5 @@ creation_rules: - *nixosvm - *nixosvm2 - *dns01 + - *citadel - *rickenbacker diff --git a/nixos/hosts/common/optional/cloudflare-dyndns.sops.yaml b/nixos/hosts/common/optional/cloudflare-dyndns.sops.yaml index e289fd5..af6d1b6 100644 --- a/nixos/hosts/common/optional/cloudflare-dyndns.sops.yaml +++ b/nixos/hosts/common/optional/cloudflare-dyndns.sops.yaml @@ -1,8 +1,8 @@ system: networking: - #ENC[AES256_GCM,data:akTbC8VrlNiKiFjRe+8hQfainn2iif6e5HWcCdNW8Ghzo6wp18H11e+DXp6D/kS7iVjKijPWTyZxwXUkNjfOu9WfmChKOoR2ZDdvEQ==,iv:DA2jbj8Ru58F/pZjmQIVHCZT5FSlJF/q0Kw+k89Kw20=,tag:jW2qH9StRljPoyzypnYXYw==,type:comment] + #ENC[AES256_GCM,data:JFRHRwBs7Qdlsjp5cJyPo7xey9vwDKI4lsaWwOVLGuAeSWcIUXmoF6jkZkutKI+txyjQoxqrXtvab+M6DDBG9jCC3/qcQxiljvK6+Q==,iv:tK+9bBVgDe2T5wDArr3IrSuTND16VUdMtsfbQ9OipT8=,tag:baChOJUpTAk05LRSxwNfqQ==,type:comment] cloudflare-dyndns: - apiTokenFile: ENC[AES256_GCM,data:quhI3WLwtSOAMaTGMwfZjU0ctGhb+bJaNShawEM9LnuLGHcsBkO9jKUERksU/hcsbCROGsQlhESrJ05guAlU1XXqDxuKHXEc5Q4MhzYAxnTpLuqJp21/CHVeJUMrMn3AyY4MGJHK608qZHcP8aULQvH0Lg==,iv:Z6bW312x9jyKUKPSHj9oLV7LXOD4WtYDCK7KXuVI+tE=,tag:8+7HudCbkfix0Xs+F041xQ==,type:str] + apiTokenFile: ENC[AES256_GCM,data:CG4KyihV3MQ9/JPmKnRAwUbOQb1IrM9yKtWeIbXtjRDjxENIcJC+tId4S9WnQ0u6WwtyDPIEbjNcZXd4pckL41mBb9E4j8Cap+ocEmuWyP4xOu/a46+yVF+Ai2mzehIx1xzx5+HsHzdh2W0WXq/T5Vi/Tg==,iv:PVQVajn/ZaA0mJEOWp+9aKECkSV0ZuQdd0U2nKw/sHI=,tag:Jj/uotKuagQa9cj7OOrcFg==,type:str] sops: kms: [] gcp_kms: [] @@ -12,41 +12,50 @@ sops: - recipient: age1d3qtnwd73k0npgwhqwpwysdpqa2zyyjyyzs463f5rak9swmw45gsxdyjyn enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2L2krTXZNY0FrN0U1NDcz - bklZeEt0dkJBcGNsTDNMV1l6dk9sWmxkanlnCmhGWDA4cm9yL2ZzRUdoajJQU0dE - aFNDRFdvMVJ6bkhDWlJaSzIzYktXaTgKLS0tIERtakdTbk5ZeGhKT3RWVU9yOGZx - ZkZ6Z2JZV0t2Q1AwaEpHTExLRTE4L2MKjzSmZz1SRvCv6bIjh5ubWd32PLZLie3S - euYl9cTFCE4ZZwnYVqEAox4v0J8NZgI5S3ZzcpCElzNk4bkVKT/hYA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxQnZRaVB1eWlBRTlMNlUv + WVZxd0VSMUxlT2prY0hQSllVZWgxSFhXY0Y0CkdBNnpieTdXZ2lWUUNYSTNVUEVk + OEpUaGNHNFVYcFJEVE82RWVFZzl5MUUKLS0tIHQyT3lxZzdHNkpINTNTN3ZwQ0ZM + WVl1aHphTCtiM3FlbzBoMWMyaS9oT1UK73PSRG50mZ8S6FajvllQFt9Ye8BoJJUe + iOw1H2tYr4V7QjHOaE5yCvQJTMUtc4EI+PfkmiiKRtsKbfibO1IylQ== -----END AGE ENCRYPTED FILE----- - recipient: age16mwx76r29pa9lnmagujw9adxrpujxmxu38hjfastf6pgw6v66gjs5ugewz enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSMGkvYkFjR0oySzJacTRY - M2xpMHpyNytqdWJHVGlZTnlhRERaVnQ3MDIwCnAwOGlneTFtWnVxRnloZ3lReThl - N3drNXdXekxKTWZDZDc2YWwzMU5QVjgKLS0tIEN5WTVHUnRqUWltYVBQRmJaNDJS - d3BwaExLbkE5ZVhrVnpUNHdiVnFvTGsK+DqQ1aJFg6xNjPgq2qUu8zd7J4HjN1/D - 4XgtITFC0dxjTLjqzQwvTsh0+VMSdht9GOXlVe0Wl/N4aye8kaWAcw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBieUlpT2ZHYXY3bm1TUGc2 + c2NlM1V2V2pZbFI2SjFXdnF6Z2JqS21jblRnCm5hdzJIenB4WXRweEVGV1dsUzY0 + bVZDQjExZzdWVmlkaXdiQzhsaEhRcEkKLS0tIG03aXEzbXB6VWRxcmFZQ2IvK3lR + Q1RRL2pIT0Q4bk4zQUszYkhFTU54MU0KUCr7lwMzu2FNxmDkWsNxpiJ5F/DaAOWj + GhU0TFPJP8jEBDHJKXPJ9IMkXtyLU4F14pZBQGk6cVmQ7Ll7ABAW5g== -----END AGE ENCRYPTED FILE----- - recipient: age190fm3dlfxtf5smttyqxtrht4ac2ldfhkap7luppc0aap8w6r940qvjyc8t enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFZ1ppL2s0NXQvSkI0VjQ3 - dXBERlM0bEZDVGJielo1bDVUbXFmQUsrOXkwCkJYcnR0ZUZHd2ZTY1UwVksyU2RK - VHRZRHYyRTdDTittMlQwRnAyQm1XR0kKLS0tIDJTck15TVU4bUJCd2V1SElsa3hz - OU5wS3lKWjhZSVJnZDdxVkhOOUJsTTgKfWGqTVDllMLHoRH01bzQiQI6sBzpfYU5 - 9F3QgbYuGHHZ4PGw6gIsLEVoa0wemg32v9130IHcPwKEi36baxZynQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiL1BjMUswTkMrU2kvRDNx + MGYrY25mbS9rWThvQ05lc1VnWExpRk9LQjNZCkF3REt6bGIrZTNKTGpnalZycVdi + R1NSOTNoeGdCcVZCQW0rM1B3cENHT2MKLS0tIFIwQzk5cFIyNkwvZm5rQkNnVU1y + ZEZEaWUydmV6VXVFdEpubkZRcjNvbUkKMuX2cuewaVDQh3WcEvTq3b/OT9D4eLQ8 + dP6e2umiDuWO7xjSDtN2hMvAtwzJ2ac0hpGCl0yVFAcDeCP17O9alA== -----END AGE ENCRYPTED FILE----- - recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArd0E0a2FtUmt3cmRMcFBo - TFlROWUyQm5vRjhOTlV0MkVGaE1GQ2pDZlRzClRHWHd5WE42QUV0MmhINHE1akFV - YVRLSENJSDlIbUlDU1Fvbjl0NTlEdWsKLS0tIEEzcm5kYktTdGJPWENqOXZncU1J - T0hYbkgrSlBuTms5cEliLzlGYlREVXMKNAcri4/FFhYk61NyGbrGCEt2WygwKCTT - nagpiYUefVWCEOJA+oOhiosH91dFowBjD5kOmhilNiePqkRnw1Ekjw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaNjcvMFpXbkJDZnoyT01D + Mmc5L09KMCtxVFhWWW9YWkh2YSs5c1RscnlvCm9BbmJWZkQ0UmFuVWFrSVJMY0da + TFNLUXVKWFV6bzN4RXg3Q3hoaW5UdTAKLS0tIEZzWVd0d1hFZ0xPczE1NUt1SWl4 + Z0hZcTl2OWNsRU9ncWhjMW1CNGtuQUEKDGSbGS4CTWWZuyH2DqcMd+SmH8Mmgn6Z + jqEfzCWcV0eUWN+89ic75I/Yy9JpBPvhyNnTatMeEOk6gypebgk6GQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-03-22T09:04:04Z" - mac: ENC[AES256_GCM,data:AONax3l32loJDdW3tuhXxHUyj+kcKpLWqe4Ewak6qRn+bIaTQCJs+QkeUDezDv6oB+lzKB40iZY319pVpvIc9U56KN1qUSiBxoWCWhdZ2m/dPmhVq0C76LwySb9zXwvKtysI4iSN61aZdd4IhXV4xzb4Uo5Ne6Z0OkJb0ZMJbCw=,iv:n/Uc0FkLkV3e/lvlwHurluDPWv1BGRXn36g+5+daFhs=,tag:IwKb4iBXq7+i1lgcXRh1/w==,type:str] + - recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzNHdwTHVGWGNWajdGTHVp + aTdndkl6SlE5TWM4dm5QOVZJMkxiL0VRaFhRCnlOSE1HdCtxbmlEak44VDloa0U4 + ekIzSFV5bldldnZ0eVNnV0t5MzllUjAKLS0tIFdwRjZIT21FR3VDeVV1V3VnRDZu + YjYrckxVRFFQcDNHVDNTNTVjVUZWV2cKkGTwaweH584hootSwsldyoiHfBFYMaNO + K4PuA8SHQMBP5obqljiplFx+ld+cFii10BLKbuNLx97oRJy5WyRqzA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-03-23T09:42:43Z" + mac: ENC[AES256_GCM,data:9B0TsfNaVnt7WrO0jkP4dd37Ys3JKj94d4Js31wCsPw5JZbfb+eC5meqIti1PJhw19xRG1BdpXLXGQ6XEpVPY7mU+BiVNpgaGv9+tYlxibie7+oHuCuVhnQUnqh3/FllDlq1U3jwtwHjXrEkJyKD85afPdegFrkbVozMCoNE7Cg=,iv:8tHw/5A+6IHnFURCDwsw8Kune0vNilN3CBz1e3T7Mpk=,tag:8ZRnkOd/DfoPzkEjwhK+iQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/nixos/hosts/common/optional/dnscrypt-proxy2.sops.yaml b/nixos/hosts/common/optional/dnscrypt-proxy2.sops.yaml index 6d3ad93..10fedb9 100644 --- a/nixos/hosts/common/optional/dnscrypt-proxy2.sops.yaml +++ b/nixos/hosts/common/optional/dnscrypt-proxy2.sops.yaml @@ -1,7 +1,7 @@ system: networking: dnscrypt-proxy2: - forwarding-rules: ENC[AES256_GCM,data:bf8dxDhpC4oovrKvXpp/Bi88munuJhLRbMomUCaSDqfuS1kXBR1r1l9BIkNFF+7vYRQ1sdD0Orxas0GbHw2Vv7EmW7Ra70C3EhgWSccdCBXljzvYHqna7gnSzho0HeFQWsO6vXOZb3+32lTGNjV+PEQ1+96Sy7jCzvxSjzaxkNM6wODlt2nNXbNff+xBVHDWosis4NdlbK3HHYhlHW58SP8uc8yCbzhPiTzlFJLPsq1KHHh20JrS/DWOCVx8tWMZiFd8TKU0HM+9pbeCgTeNn5KbBW6szswdmbDxjsM7l02Dqpyg2pXOrJWLNVT15oQxC9davcHpI20+ffJLjltqDCgVTaTSwaxxUcU4pTA4bMG/mMBqAT24/84QuB8y9Bt+4fsHbzAfFXA6wQIcmbZCyK3OS1i9evdY2waubaPQacMozghu0CprhNmCITG0OwdveeUh5WLMbg31cKlYJzj6qtQ=,iv:eepiiimaUg6iRKJ0f9JrGAT5QAXjYuouRuVoGUCQAyM=,tag:gLq9pspJjGKygxazvtSXDA==,type:str] + forwarding-rules: ENC[AES256_GCM,data:/Bmttk/FpmpN7IvxUgR2Hv/x0nqXP/YxGVSssYQUEcSIq0P5D5biyXK86yrbEsqUJzhH3kr2SjRHIWnZbJbtcYp/SfvqmktBfACmraYsrwO8uYkZq9dcMjBLO6T+UUeZzbD3nRF6TSgxpFYR7SWCn7P/DejcfSFT8wUJyLCqYMtkkilgOPXIzfYMH+982fmRHxQeswTuMUPXk/iczvAfQ6F85ZhFbJojzvf7eXZ3uxUwkGRE7kjsqguA5GUkYzQXsiXD2Tg2iAco5V2fQqmOEvdK/a0NCPogijIdPxgxJZENG/7ssz7k1U0egToCbPy9DcC/n3FEH+5hCEvHt5ErlrR63QBfwAf8K3TJHygCpWx5qMx//+JIUfPtWsS1y6tzvZ+2eQYscolZBQSIPkgD8KbHjEAkIlUtNqYPgGxwvyGCiucEWWc8BQImUYm+OpZwFiM1tfOAewB0W8v8o7b8PTY=,iv:MBq6w9o8iHQ51C53uLh34D5C7D1wMSGkwXQtb09y3tI=,tag:vZ5SQWmm72ytJr1zOqVgCA==,type:str] sops: kms: [] gcp_kms: [] @@ -11,41 +11,50 @@ sops: - recipient: age1d3qtnwd73k0npgwhqwpwysdpqa2zyyjyyzs463f5rak9swmw45gsxdyjyn enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSK0ZBSmptK0NFZDIxZVcx - bEJsTHhENU5odVh0eTVJdFlScmFlN0ZlUlUwCm5BcVp1Q0QzM3ZZd3ZBajgvRTNm - Z21Qd2FUWmJReFhlTmJXOG5FbzlXa1EKLS0tIFN2S3hmRFB2NkNZUXRXdTlCTDJK - NmVRdlF5eWE2MkJhOHV0U2pBQXBEOWcKy1tLWJ/D0//hhlC6LTq5geIEjx5uERhP - w/3OB4q8zsq+0qQftynDP8WiEedbt/WmyvQ9Lc1hkNSghGf4hk7EKA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOaUkyWnhXZDNBWUx6VXZx + c1h0S0dJKzVlTkdkVTRsVlg1Z2w3c3pOS2xrCk9TTGpsbyszRUg2N2RzZG4yYWYx + Sk9zaEFCbjJQb082Zm9La1hLN1h0QjgKLS0tIDNmUUcybFdiOVhLZXY2bUlmeXpx + eGRkRDl2MlhJeEJLdXBYcE9XSFgxVnMKx6nlTItqsde0ZzudnNyy3IcWyE9OfyDM + Iq7S1xNyMxFNKoj7ZQ9O+WKpf4/A7nCgB93qdKi8dyFcQsNL+7z2/A== -----END AGE ENCRYPTED FILE----- - recipient: age16mwx76r29pa9lnmagujw9adxrpujxmxu38hjfastf6pgw6v66gjs5ugewz enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOYnpMYmZ2VVlrMTBaaDZq - TWpDc3F5am5GNFE1K0pna1lMOEdKTllSMUVJClBhMHFZR1N2Q1FXdTN3LzNnRlBX - emNqVXlZZzFLVlNvaHhBWXc5NkJsdjAKLS0tIHd3cTkyN2s0VXFtQ1U1Z256eDZO - RjNqN1pDUnRBdnB5VzE3WHJYRVdLRkUKRBHs+6Um4iltS1tLnY8aN1q6N9e2WqV5 - S/iIEezFN0tyu43U9tt2sTLtvXnadqVy/MpIMZEnHfj/sEM90GMb4g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4ZnFldVp2Y2NzR0dyQVVZ + b3pxdUExcDExUWg3YkVYZVBOTm1IKzRwYUVZCkxNUitNK0syS1JjU1N6NWNlYVk5 + UFV4Wk55cEd1bWZ2WTJjaHB5NVg3K0UKLS0tIDV2bGtPZ1FhVjNVRUE5VWdQSktQ + aHJEa3hVSy90U3ZicnluS2dxMXU0L2cKGLPwOid+L7IWZtKgQ8lF2pPrAOrxZBFA + ctYXJHi31T0U2MDBrOsarmRhMd1ofvUQnz/lemgIG2F2HxTad7R2Rg== -----END AGE ENCRYPTED FILE----- - recipient: age190fm3dlfxtf5smttyqxtrht4ac2ldfhkap7luppc0aap8w6r940qvjyc8t enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0V1EzZDBYUDJXUzFRRTI3 - WG5RbjZaQ1A5eWdYTnBYSjBSUmdSWFFpaWhBCkJBNnNQVUxwVGN6b2o3aWpyVTM4 - N0Yybnp6NzdUUVVtUS9Ha3U4R2pwMDgKLS0tIEJlaGhlL2xmSVJLdFBseU9ZUUJh - RFZ5N3hRWC8vTm9HRjBadzlVeU9yRTgK2L+OQIsmZ9UgbzAass0vvcmB7XE6apT1 - h+uSB0GpTz/+bebn3pTVjRjZXvy2ofMd1d+77NTR4LMm6WObXuI77w== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyWTVma1hMN2NHMithazJI + YjNYRHRDcnZ1VnUrOWxnczZ3Q2QrdjNpcHdFClQvb2ZJMDFKRlVabUk0Mmc1NE5E + NjdRcmh3ZG1lN0FrMDJZU2RndW5nM2MKLS0tIE01cnpJMXRZY25waWdaa00wbWxP + RmJWVld2Yyt0OXdZVzRQeFBQTDdQZ0EKewL6evla5/CrqsSoDgK5TbQv2B26Unc/ + /WU+Zi/bo0bd4iDfbUPdtxg9hUqsnP4cjnX0bFR9PP1IHcbTaS3cMw== -----END AGE ENCRYPTED FILE----- - recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLRDFUWEg4K2psL2Q3WnhY - cjVRbzI2eFQ0OGkweCtQc2NUa2lUMllLMUVVClVTZHdSZGI3bk1aWjJ2UnBhdnJu - M3QvamVJVCswSnltd0Q2V3A3WUZMWUEKLS0tIEk5WHJKRW1GVXNZN09jbGxaL01x - RWFaY0N4TnUvaSt2VFBiVUM1ZmgwbDQKdbZSPiMacUnCX4rNhIHOrO1Pi/zu2A9y - Ro+OYrEql904vJSbVcaTfdj6VwnLnulEzPFFyBfn2MJW/kMxkxa2tw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNbmltMUd4OWpzL3VDVk8y + N202YlIrWXg1QnprdjNJRUtiaXZvVVBOdWlrCitoQnQvbUxLN3E5VEhaZlh0OTln + eXlhV1YzMUFVK0hzNTdyQ2gwSUxzZEkKLS0tIDFaWTU2WUR1aWhxM0M5am9sOFVQ + VjJnbE1SQ285MVJHeExxbnpwV0c3Z0EKZsw0o7hZgswaqVh/K3kDORJiSxkGK9Zr + cJHnA2e7osm7F4wrkc++GXCEsjvdM1V8uXp8bHrrvBwlbBJA4C09HA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-03-22T09:04:04Z" - mac: ENC[AES256_GCM,data:fbkL3OLExxWMcmpanUwCEPbMgr/sAJrrsjLFAkqe9Jqjd+Oyrk/Lx4rzCFIU2EvX/eT+EhTy37BkwpBnV9dVyFAcYdwWHheiUdAh9zT64ioA/59kjM1V9o28ZtYbILybJFpiOKCN069uJ6MsmhIgllET9ocEQJebbezzSfbjvpU=,iv:YNCUEe45zX/LUU0IONLLRLXmdfDshrFv9Rnazc2il6o=,tag:Phu0IYqI1Z4g94lENRHNxw==,type:str] + - recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpdXU5N1FyUHdZNmI1UEhX + NDcwR29UNE9hd2dsMHlDSjV4b0Qyd0lhelZVCjdhd3hnWFZncGlyTVJxdHZabXFN + dExUMmdRSm43UWtIYmhzZ3hTd29WRzgKLS0tIFVjZy9LbGMzR1VJTGs1eFFzZG1B + OUVlYXh5MENVZ1YxempVYlQzeUQwMXMKn5AzTMxMGCbQUGdtsOt9d4yxK1R6Vb0G + +IwgbUNS6+djhuW5TMoW7Avc/b3JbQ3oc6VgXLxTG5X2qBqasKw6Xg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-03-23T09:42:43Z" + mac: ENC[AES256_GCM,data:U7y0kd6xcz2S/1X0/FDqk4kq29K6nGE38WAfnmpgbfYXUQnbbe4dBPTbyo47tKRZiY05baYSi4cqUwYiGU9LX6KvfZSq3bYJRLiqKGrk5AMUyrzygWvceOaO2yYhjRHKU7J0rNq9pbXwtn/vjbKfzDQxXnWkAQ+/SIJbDebMlB8=,iv:5lTN4qd7XaRK0H/S6bYTMQJ3XIRGsoTVS2oK9MDBfOI=,tag:wgdr6/XA1vO3/ZqbvlPVEQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/nixos/hosts/common/optional/maddy.sops.yaml b/nixos/hosts/common/optional/maddy.sops.yaml index 61d0226..99c3502 100644 --- a/nixos/hosts/common/optional/maddy.sops.yaml +++ b/nixos/hosts/common/optional/maddy.sops.yaml @@ -1,7 +1,7 @@ system: mail: maddy: - envFile: ENC[AES256_GCM,data:JeWV2weTxP5yHRPwX5+cbettIzvG/ZE11UXwJ6rI9eJhlfGzlRcfFz6fFgsbkiisj1V/jYiWavCn6dcvaK2wzgnt4wPYexjRXDci/4zv3VJ6+Y5PuSwwrAwlA8RtdKTDHZ8OOgYmNmByW2LgIQi4s+qdVtrCO8NukrcHaLFPJx525xU=,iv:FP8+TAvrxFNDeeUQDSGhuBm7OpH+uTPDvWIClUnZQRI=,tag:ktWR20EKEPdFGXUZya7ISg==,type:str] + envFile: ENC[AES256_GCM,data:Tl3ho1MPmjdoDnCF7it3zFsVpv7l7D9nzFFKWfyqhBYmk41kq8SXIFsHBci0tAc8ON628/zb4D1rwXtj1N3AVcCEQeM8snjwo0wd6pc6yoCLnkf3mRITZAftLEgLPJbAsb/OAtDQY7IKiPYubZwBCDjbsQrWez1ZYMO5WpsPD+2VOTI=,iv:HhZCs4uiJK2iXJiAupMQ0NQq0xs0WRiBJchc19UbgQM=,tag:t1SbqqItK5wX9Wbli2V4Aw==,type:str] sops: kms: [] gcp_kms: [] @@ -11,41 +11,50 @@ sops: - recipient: age1d3qtnwd73k0npgwhqwpwysdpqa2zyyjyyzs463f5rak9swmw45gsxdyjyn enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMRUhOR1FrRkFER3hGN3Ra - SXVhdlRFRDNtTGJ4REsvQmFEN3AxZVFad0JRCktZZVVBZk1GcDV6ck51anlFL01r - c200SHY2cWY1cEdDTzdjc0pWQnhDajAKLS0tIGNkbS83SHJjQWZ6NlcrbmYxaE9y - NkhYQzdqWjZnKzhZMGVRV0QyajNJblEK3B9+oBGIPWB1Cgo51FNC9EdVJVgsf3Vx - 4ZVL0xTf0+/cCgAvVRQF36uGwOJTxeyW+RcbAsythW5cGigsYBJ8Aw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZZU9rU2JsWVF5OEVsbTBF + QlJLVDFWU3BISzl1SWk4SUUwL3VCNFZQY1VvCk5nTXJlazFQNXo1ZVhJMEpTRnVE + VlNaalRqTUtTUlBVeWVVaTFvMmJKVVUKLS0tIFM5SEIyOURhUWFHa3RrbVBSRFlT + VS9WaGhGUWpMcEJ0UUVsRVR2S2FtR2cKhePhqrlZ9KpD9CQOJ7tObqLOXWCxIxUv + X5jPf2gEsWSPnrVPehSbLjsyAFlMOVCgEcc1o5qec+cFgqwN3HcuAw== -----END AGE ENCRYPTED FILE----- - recipient: age16mwx76r29pa9lnmagujw9adxrpujxmxu38hjfastf6pgw6v66gjs5ugewz enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxUGFsYkNCR05LRDBBWWZC - NFFhYzMrZGFvM2E2SGk2UVdHU3lsakdzZW00ClB2K084VEhreWNYaTZSSWZRU283 - SVpCaGRVM1hvV2toSmFRajdJRGxjdlUKLS0tIG5KSWVYTkZqdkVwZkptZlY2S0Vo - dEdRRXVZRDJUZmt1eE1QVnZXQnNlQWcKZhnZ7YvWPP8NAV2XdLepsLFswDz8Zc2X - HI9amGzzFHx3+qWZTjOnU419yB2EOG2ky+HBJ/jZzMfjfGhFztrTTg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFSTBWVXlyN1U4dE80MnpR + UWNFYjZycUlFR1FETEJLRDdiNnZ1NzRZOEF3Cnd3QkI4TlBZRkxmL2kwaTl5eUVC + UGNGbnc2T1hPcWxOZjNBTTlrWDdnTTgKLS0tIEFjR3BFMyt1NUhhRUdmMzlMNHow + RVlqSmhZQVZXcXZFOVBhTEdDMVQvTzQK2ZMfPvX7plEopZH1mXLvc1cxa6SD/GM7 + EBaUbiRM4IccKf+6Q9w4Zna/3naHgr2EyDhJnXiNx6C5sMPpx+0Npw== -----END AGE ENCRYPTED FILE----- - recipient: age190fm3dlfxtf5smttyqxtrht4ac2ldfhkap7luppc0aap8w6r940qvjyc8t enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByMmtFZzdESmE0aXdzQ0ww - S3kzNzI5RWxDbTA3RnFvTW9PWEx3bk9za1hjClQyMjBuRWpwTHJodUNKVVFZSzlm - SUVQN0EzMjJXRzM4OTJnMjVncEVmaE0KLS0tIDl6UW1acmdGdSs1eDgrbmhYZmpT - b2tXQ2FMSzdvTURxQUgvdkMrc0J6MHcKo53yp9yS8oKkq04wbIkY2KPy3w6Om3Tq - wkzWFMnQsLUzEZn5QGOQOLMx3vcA50+axu1Rtg6875S9xWRIVgwUgw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwQ2tiTUdTcjcxS3VIdDN0 + NXBqT3Vsc21CaTBxaWRMcDRDOEFhNDIwZXdJCkdtY0VyWGVPTk5VQXhJQXV3RWtt + Wkg0SWI3M0VzclM0TFliNmtBT0U0akkKLS0tIGxWZG9BelVHSzNROVVUQ0VJLzdF + OEphZmdxN0kvc2tpUlJYTXZ0M0ZPem8K3xHBOjygxjQsyXUFh8kK5YPWLDPUAJho + AiVmd5EtWzFJikz4MW9a6P7eeUUzdVEBa4KGI9VdJ8JDFtLGZmmG+A== -----END AGE ENCRYPTED FILE----- - recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3clhXMkpsMUVGSzhPMm0r - eFVBOXc3c0NKVDlLdThQS2JvOVd6ZmxvekQ4ClV1NWRxUVIrLytlSUpNVDl6QlBa - YmJQVXU2cnBGQWpZMGRyOXorYUtiSlEKLS0tIFJkVnMyclNhOEJPQi9ESVhrWXN0 - ZjR6cENFbDcyV1lvQ25RaGpGdnhWc0kKfmlbziidJ1714MRWuAZtZ/wLWccGMjtr - 3YHJ6FF1kexDapxe9perMapXaxq/tY6DxAoOH/BOtjwcS7aeaXJFYg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnN3VrcFZZSXp0eHVaZXpz + R0RWUkpTOXVTb1Z3ZVdRK0N4Q2NsNTE1cmwwCkxWd3BRWDNpYXFrNG52S01paFdh + U2VwSDNVaDdySDh6dTcwQWszU1dBSlUKLS0tIG5XVWkxUFhhZTMvL1pOYnZwdWJI + NE1ldE5lbDRKZzd0clhSMEl0dUM4d1kKa1EJEG5Vs7MAlCjJJN7rE/9u18enxjdM + noJCoHviMHymGL5SR7BccPyrsJ3V3wH6BTEYQ6iVbC5wV2jkRFH+tg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-03-22T09:04:04Z" - mac: ENC[AES256_GCM,data:vIHgpWqr2AFZtVxHaNKAnI21+5h1LVfk0U32eARDCXb1OEgbP5voTDtzbVlKxEOB91/Yj50SMUJ8u5+JgBkwim9HB07xEfBrhbOIdgF0O5KKo9L15+xexLwzLsq22XJ35JBmvw21O5nPIibsC4u8lUMWsHHAjuy5hdUky+Pt4lY=,iv:Gu9T3GhuUZkKxFWH+p9ZE5MHZHLwBE3t5v6VcKlmt4I=,tag:ZoKd0mpd7bFTMgXWrJ9Log==,type:str] + - recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBveFZjREFtdnFSaWFmdlh1 + OTRhdElyS2l2LzhxK1A3WXVYYUdHanFZVlRnCjIvZ1JkTU1haWVoa3BjUWhyVTQr + ZnFLUnUvVS92N05UYU5KNitDVGVnV3MKLS0tIHJ6TWE1M0NaL2lSOUZEek9STDMr + eUphaFNjN3lBTnBJeFcvTGlMRG1VTVkKA6NMCTagSRvGP9buvAcHrkBlvAH48JDF + bRc92UqgD4PjK4uwjyQX25t81MBMAhcCBcVxSAIQwhRol1WXa2k7ZA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-03-23T09:42:43Z" + mac: ENC[AES256_GCM,data:c9u1+jT/GYCckbdGACGATi9gBRFW5YBjz74vUBMYUkz609BxMG0IQdQSCLNvF/3WM3MDABW6qooxsArVu7Cofq2peD59x5DJVM6Q2Q6SHhqOZAgg1YketI+LFrpuS0eL20EwrgQStRDrbPR0kk5KLlAYyWEfSK4HOqY50IKrPYc=,iv:pzPrtQ2vzyajmGlNqFI+NKrIrqbqoYFsxdAFebSgq0c=,tag:3D7EOXAiV0VWjj3abofyjw==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/nixos/hosts/rickenbacker/hardware-configuration.nix b/nixos/hosts/rickenbacker/hardware-configuration.nix index 09462b7..3e84390 100644 --- a/nixos/hosts/rickenbacker/hardware-configuration.nix +++ b/nixos/hosts/rickenbacker/hardware-configuration.nix @@ -8,18 +8,18 @@ [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usbhid" "usb_storage" "sd_mod" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-amd" ]; boot.extraModulePackages = [ ]; fileSystems."/" = - { device = "/dev/disk/by-uuid/701fc943-ede7-41ed-8a53-3cc38fc68fe5"; + { device = "/dev/disk/by-uuid/fe728106-aaf8-46e6-ab46-1610f1f4398a"; fsType = "ext4"; }; fileSystems."/boot" = - { device = "/dev/disk/by-uuid/C634-F571"; + { device = "/dev/disk/by-uuid/44D0-91EC"; fsType = "vfat"; }; @@ -30,8 +30,8 @@ # still possible to use this option, but it's recommended to use it in conjunction # with explicit per-interface declarations with `networking.interfaces..useDHCP`. networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp12s0.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp13s0.useDHCP = lib.mkDefault true; + # networking.interfaces.enp2s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; From 5dfaaf249b3a6ad9bd5a51193a617e0f3d19cdcf Mon Sep 17 00:00:00 2001 From: truxnell <19149206+truxnell@users.noreply.github.com> Date: Sat, 23 Mar 2024 20:54:05 +1100 Subject: [PATCH 5/6] feat: add host --- flake.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/flake.nix b/flake.nix index 2697a9c..ad4fa8d 100644 --- a/flake.nix +++ b/flake.nix @@ -77,6 +77,14 @@ ]; }; + citadel = nixpkgs.lib.nixosSystem { + inherit specialArgs; + system = "x86_64-linux"; + modules = defaultModules ++ [ + ./nixos/hosts/citadel + ]; + }; + dns01 = nixpkgs.lib.nixosSystem { inherit specialArgs; system = "aarch64-linux"; From 843c2d29839ee32e6c2df0cd8ed67b23f6284180 Mon Sep 17 00:00:00 2001 From: truxnell <19149206+truxnell@users.noreply.github.com> Date: Sat, 23 Mar 2024 21:00:55 +1100 Subject: [PATCH 6/6] feat: add adm graphics --- nixos/hosts/rickenbacker/default.nix | 36 +++------------------------- 1 file changed, 3 insertions(+), 33 deletions(-) diff --git a/nixos/hosts/rickenbacker/default.nix b/nixos/hosts/rickenbacker/default.nix index 63631fa..aa5ecf1 100644 --- a/nixos/hosts/rickenbacker/default.nix +++ b/nixos/hosts/rickenbacker/default.nix @@ -26,10 +26,11 @@ boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; # Enabled for raspi4 compilation + boot.initrd.kernelModules = [ "amdgpu" ]; networking.hostName = "rickenbacker"; # Define your hostname. - # Enable OpenGL + # Enable OpenGL hardware.opengl = { enable = true; driSupport = true; @@ -37,39 +38,8 @@ }; # Load nvidia driver for Xorg and Wayland - services.xserver.videoDrivers = ["nvidia"]; # or "nvidiaLegacy470 etc. + services.xserver.videoDrivers = [ "amdgpu" ]; # or "nvidiaLegacy470 etc. - hardware.nvidia = { - - # Modesetting is required. - modesetting.enable = true; - - # Nvidia power management. Experimental, and can cause sleep/suspend to fail. - # Enable this if you have graphical corruption issues or application crashes after waking - # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead - # of just the bare essentials. - powerManagement.enable = false; - - # Fine-grained power management. Turns off GPU when not in use. - # Experimental and only works on modern Nvidia GPUs (Turing or newer). - powerManagement.finegrained = false; - - # Use the NVidia open source kernel module (not to be confused with the - # independent third-party "nouveau" open source driver). - # Support is limited to the Turing and later architectures. Full list of - # supported GPUs is at: - # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus - # Only available from driver 515.43.04+ - # Currently alpha-quality/buggy, so false is currently the recommended setting. - open = false; - - # Enable the Nvidia settings menu, - # accessible via `nvidia-settings`. - nvidiaSettings = true; - - # Optionally, you may need to select the appropriate driver version for your specific GPU. - package = config.boot.kernelPackages.nvidiaPackages.stable; - }; # Pick only one of the below networking options. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.