Feat: add dns02 (#37)

* feat: add overlays

* Auto lint/format

* feat: fix dns01 firewall ports

* chore: new keys for dns01

* fix: dupe key

* chore: fix cfdyn

* feat: add dns02

---------

Co-authored-by: Truxnell <9149206+truxnell@users.noreply.github.com>
Co-authored-by: truxnell <truxnell@users.noreply.github.com>
This commit is contained in:
Truxnell 2024-03-30 12:57:31 +11:00 committed by GitHub
parent 662806ab07
commit a4a8b05bb8
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
9 changed files with 153 additions and 177 deletions

View file

@ -11,7 +11,8 @@
keys:
- &nixosvm age1d3qtnwd73k0npgwhqwpwysdpqa2zyyjyyzs463f5rak9swmw45gsxdyjyn
- &nixosvm2 age16mwx76r29pa9lnmagujw9adxrpujxmxu38hjfastf6pgw6v66gjs5ugewz
- &dns01 age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
- &dns01 age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
- &dns02 age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
- &citadel age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
- &rickenbacker age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
@ -22,5 +23,6 @@ creation_rules:
- *nixosvm
- *nixosvm2
- *dns01
- *dns02
- *citadel
- *rickenbacker

View file

@ -142,6 +142,19 @@
];
};
"dns02" = mkNixosConfig {
# Rpi for DNS and misc services
hostname = "dns02";
system = "aarch64-linux";
hardwareModules = [
./nixos/profiles/hw-rpi4.nix
inputs.nixos-hardware.nixosModules.raspberry-pi-4
];
profileModules = [
./nixos/profiles/role-server.nix
];
};
# # nix build .#images.rpi4
# rpi4 = nixpkgs.lib.nixosSystem {
@ -189,8 +202,10 @@
};
in
{
dns01 = mkDeployConfig "10.8.10.11" self.nixosConfigurations.dns01;
rickenbacker = mkDeployConfig "rickenbacker" self.nixosConfigurations.rickenbacker;
dns01 = mkDeployConfig "10.8.10.11" self.nixosConfigurations.dns01;
dns02 = mkDeployConfig "10.8.10.10" self.nixosConfigurations.dns02;
# dns02 = mkDeployConfig "dns02.natallan.com" self.nixosConfigurations.dns02;
};

View file

@ -24,7 +24,7 @@
fileSystems."/" =
{
device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4";
};

View file

@ -7,96 +7,28 @@
, ...
}: {
imports = [
# Host-specific
./hardware-configuration.nix
# Common imports
../common/nixos
../common/nixos/users/truxnell
../common/optional/fish.nix
../common/optional/monitoring.nix
../common/optional/reboot-required.nix
../common/optional/sops-nix.nix
../common/optional/dnscrypt-proxy2.nix
../common/optional/cloudflare-dyndns.nix
../common/optional/maddy.nix
];
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
mySystem.services = {
networking.hostName = "dns01"; # Define your hostname.
openssh.enable = true;
dnscrypt-proxy.enable = true;
cfDdns.enable = true;
};
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
networking.hostName = "dns02"; # Define your hostname.
networking.useDHCP = lib.mkDefault true;
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
fileSystems."/" =
{
device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4";
};
# Select internationalisation properties.
# i18n.defaultLocale = "en_US.UTF-8";
# console = {
# font = "Lat2-Terminus16";
# keyMap = "us";
# useXkbConfig = true; # use xkb.options in tty.
# };
swapDevices = [ ];
# Enable the X11 windowing system.
# services.xserver.enable = true;
# Configure keymap in X11
# services.xserver.xkb.layout = "us";
# services.xserver.xkb.options = "eurosign:e,caps:escape";
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
# sound.enable = true;
# hardware.pulseaudio.enable = true;
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "23.11"; # Did you read the comment?
}

View file

@ -1,8 +1,8 @@
system:
networking:
#ENC[AES256_GCM,data:bHeRWJyZgBuMalt5K3j4xtffim6aSCq+/c4+t1pxIlr2JAI+i+PO3S09GVahSGlUpn4buJbkE1H80/w0UrdPWtR/ZAn1ZMoXCuKnXg==,iv:f1MerFEkn76dNWwYNVGotKfDbaSy2ndvt8q4ul53HGw=,tag:eNjmJtRMxbu5j2rssXHYHA==,type:comment]
#ENC[AES256_GCM,data:y2k8WKDdMW/+lCc7OnJTPd21DZFkjXqRSDRuIHTvN3p8AZ0KB0ERjf5/Fzpgq9wRjktcGMfFRzl9AaLN0DNXLseV5hoeX8pzXrZddA==,iv:hMuTiccA2PSUKGK5bZ9YCGHYgj58+TMbid7/FOXqK6A=,tag:B9A3H4ssQsi3aD/bUvh8IA==,type:comment]
cloudflare-dyndns:
apiTokenFile: ENC[AES256_GCM,data:t2SR+EyOzBW3+5bZE/4Kpa4kpyZi7IErHDkjyC6r6su8thstVynSpfWDCi4Xj4Th11kU0YO3h8RBqAmss1wHTPGti+1ha3LlSJfemKWIN2qtYfJLeZ5ZBoC+xctW8u5+ahur/3tjUjsXgERCUuQiuMe5Tw==,iv:CTWKFyIi/mYu6eW6WMFWsF2ds3lkqqcQcE/5xy9qQac=,tag:muZ1RC2M3fB7vjissXCPtQ==,type:str]
apiTokenFile: ENC[AES256_GCM,data:AQA6X+GoPgudn+qwGpNnX3PmWNfgYFuvYGbthoOXPTiAs54oPrH6XGyFjGS5skqe9vypjPbl/Zj+z8q4rLGKrZt9cgF5JywoS2pyjscDW9QI74mAS6bcH8eJ/PMLopDYybKEMS8w1cMeGP5J46Uhg2HLJA==,iv:vjzMXBt9NbFcoqzpew/s/h1OXNWEnDLY0JuyASvbojM=,tag:8Ca+0ieZUZ9Wk9Q2UigF0A==,type:str]
sops:
kms: []
gcp_kms: []
@ -12,50 +12,59 @@ sops:
- recipient: age1d3qtnwd73k0npgwhqwpwysdpqa2zyyjyyzs463f5rak9swmw45gsxdyjyn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPbVFkcXJoWjJweUowdDU5
bTdTSVBDK041MVFoclRiRk1tYjBvVGFCTUhjCkhZbXB0ZURua0Yvb0EyV3ZzWEJ6
NU1LaUgwZ1NjWEd3K3VWNEY0d1dkc2cKLS0tIDRHMDk5TFdCRk5jNVNPd2srT1ZY
VVBMZFJzVGcweUErRGpyWm5JU2M0YmsKiqThEaJubMZalyA/7nhh0L1IK0Ro0y5X
8mgZh6rx8BzZJodiuRjGeCgsVnUREX4Mr1IKaFtG9GFyzc0yeTStjQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3eHR0VlFlL21SNzJJQ2F0
UUJ3Vy9mem0veTJlV3FKbVNGd1htRHNOQkI4Ckd3QXk5bVR0WmNkaXZUZXBZY0px
NTJJZ3NKRDBLZTRJd2xOZ0pBazk2SFEKLS0tIG1zQTlCcUFSUUthaUxLeHlyZWpQ
NXBYeUx6bmYwSXFrZlNmZitYM1ZlK28KvKU5iig3qg1tGOX8jDsXjXJ9ly8cP+4y
tcsCDuQWxiJ2v2U4FD47iRs2IfxZadYGJM2nOToOKHnuTTSpvNXAVQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age16mwx76r29pa9lnmagujw9adxrpujxmxu38hjfastf6pgw6v66gjs5ugewz
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0aE92YzM2WmlRK01qZ3RC
dHBhc1dvSG1ReGdrZzkyUUtPRVYraGFScHpnCjRGaTM2KzRxTGFkN05mc0xFSGxO
MkVrYVZkWlFoWmEzSWhQTTZZK0dwREUKLS0tIGRhenlKV29WbkJVVVlEaUkrNUpl
c1hEMnBuVFBKUjl2ZHM0OXAwcnFJZzAK+Pf1YDIbiqsKGsA3geTbP9alkBG2uomZ
KeY+goK6MwNcZwKkSd83Lf6j6Fezv9C+gR2lTdZ4EFITlRWaxt6nmA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyZzEyRkZZbTcvOVRLU3JH
bWZ4eXdUZlAxQjNkN2c1SzNiQVdkWU1FR24wClYwVjdGYm1xditOYWxIMGNmVDFr
cXZLdHhqOS9yNHEzQ29aKzVCNU5uMWMKLS0tIHoveWJmcS80MENxSnVXNlpJN0lx
bFNWU3dUTXFkMDZaWjUxWVlVd2x6dkUKKEBaUX/euYu9VEzhudWs4PUb+xVvpjQQ
GoOcFJvp+A60X2pK5mDxzgyWWudr+ZjiQNn3A/6XE4KfLhzmmI5Bsg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVSkNCTFZaSTYyYjRwN0lP
Qzd4R3krZVJlREtueHlqUTBPRTNhcU5ORVNzCmdkYWFUQWRNajB4UEc3bzA2anIr
cm92alRQUWI0UDR2T0c5OTVhZ1hRQ0UKLS0tIFkxUHl1c3psYU1CTUI2NEpmL1hR
VnVacXZDQ3UyR1VoVGVQUzdteDRXRUUKkK9LP5sCjS2t2M+tftUqBh8jqwjmfKU6
HsIaMzELohiV5/91iq5FlIArQe7F5KFQfY3vRfYuh26I6zgqvVUlrA==
-----END AGE ENCRYPTED FILE-----
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0MGhXMS9FbUdqckdqcUhs
aE1qL1lydy9VVWMwYlNrZTJrVVNxOW5hTWhvCkVGbjZ1RHJLc05HaFJkWm9VNzB0
T3dzbTU5YysvclQ5OHVaNU00bmRSWEUKLS0tIFF1cnVqVndtYXNrWWt5OU1IYjd5
bUhRTVFad0pCSFhweUNkSElVSUI5SGsKccyy6u6aJagRn7OYlBpbfnzkaD/qYRt+
oct41POm3gi8QQ6TYMT/xa0UlOCS9CnvjE4ZV8W5cWyvEEyPEez+Qg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6NEJjblpGK2dGMmJ6OHBu
bnc0dUg0dXJROUMvQW1mOEcyWlpqb3BzUGc4CjdmT1FkaTdsRndGUXlod1cwSnpm
OFNLcjc3NlpPY2ZOMm55Y0ZFSjVpelkKLS0tIDVZV2hmMG1Qd0g1dXFEY0x0ZmhC
Y3NleUZ2azM0amdHRlplSGtvcWowd1kK+PNq8czpnC5zfwET60aQkNdcUwQopZ9W
nUX+QutTCdFoWoCKGsoQK42uXWQheHNtoPT258s2+8SBtdwLIckHgQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYbWtjd3o3anJqRHI2cWx1
NFp4dnF4UzdxODRLek8yeWc3NXMvYXg3Y2pZCmZ1bkg4Y2htRUQ5Kzd1ZlFSRlNv
dHJ6UTRUVGlzL0VQRXpLQjJMSGtQT1kKLS0tIElxcGRHUTZxdzd6U0J2cHVad2Z6
d0I5T1prNkJtU3dOK2dLU0FQYWl6Y3MKWtTVfqZqwO1DWcqCX3zQKJw+Iru9uYLL
oaDFNp7BkyHGAgUGlnryhpHqk/Mfiaz9F3+7E7yxPGmBL5/XGcfYzg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0T25vdlB1VGFBVGdYd3k4
em42STFmdU9tZW9vVCtTZlBqOFZnUzFHYlZJCnJuSGk0cGlOSkQ1VzlRZ0ZONmlx
bXNkQ0hCaFBrMmt3dXZ2dXZzN09UVGsKLS0tIHo5bnVxcWEyQ2JkMk9qK1pxVW1S
ZnJ0R0hDVDU4WDFVS1Jka0h3b0R4bjAKcJ88Yzxn2HTqEEu0ujVMZGXJpc9jbypI
hlsDzMESTAlrZx7ZmI+nJw36RolDPRTfteHJFGI8LEx6zGXLcBp3LQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGZC9xSVVuV1QyaWxQN09F
YVplRmZFOFJ2dGJPeS9iTVZpU3lqZk9Pc3kwCmdTV3B3WllwN3Z2dDI5aVl1OUtJ
Z0IxRHgxRjROdHE4RmpvOThuZmx4VHMKLS0tIFNJRXRsQ2lRRjB5ZTByczg0ZWg5
elVTbm96S2tpb3hPNHc1OU0yZ2FUNVUKCikEO6z7kpDmFlc9JldOSlGXv4JhFh/u
8sQSl3jF58lCBllOfM5T0crwbDHGlKI7JQ2H8vhZKk8TfiH3hGWxpg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCbmdMeGUxaGN1cTFXVlFV
dElYSkVMTm9DMGFLTDRLYzRGQ1dGaUFHSzNRCjk0bkprSHpsUjRRdnNaeWpTbG0y
T3BKK1h6VWNCMC96Y3lyQ1ZRcW9mL0kKLS0tIG5GaTI5MVkwMkNEWWcvbmZGanYz
VWIybGRha1dWWUdsaWIxOXRLZkVFNlUKLEQI3HO/7Ia7GoOJOKJVbYkDrevqh7m7
hjMjnl4RnrcFwq46NuYyruTartHqRPBUHyXdoiMfeHNQQ7QP8A5ZHA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-03-29T22:45:28Z"
mac: ENC[AES256_GCM,data:tPhORuf+63E68CdAdSsA/NgdBG9GrnmpVKVLo0O1ibaUDk6WblcmMoFROIo8BuciaUZsEf30NF9lVC/QgsZ35sHc/WcX4Ze80LyhBVgf0wgpy5xSjWLnYHCgFMA/TuYX7lJBLJVFZ3VAdwWp4XznGdlBHulQFM6jBEHz8wW749A=,iv:3aHdxUNfZinz13HRTtb7376era8Hont39C6pa0jnRAk=,tag:zza2Dy6I9R3C+xqEehgRfQ==,type:str]
lastmodified: "2024-03-30T01:29:21Z"
mac: ENC[AES256_GCM,data:8Z5udmxrut2IxaP9kjP7px8CoQYNBIwIhafCWC8y1+LzOJWdITIfL3S/gW8O3xIH27gS0y2CsBSFf3fB9kF0JPapnCMLwNtA/oqNdSqx4p0Jev3mdtfaboF1kGShuDiYUIhMRVk/eiDtNojakVJiMxZzEtdo5YbgRXlfbYw6gTQ=,iv:UHOH6pAVf3VBtVvGn0HijmhbPWv6d64EESMRJkXC48o=,tag:EJfBjV6qZfGNxyCU9XzuHA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

View file

@ -1,7 +1,7 @@
system:
networking:
dnscrypt-proxy2:
forwarding-rules: ENC[AES256_GCM,data:ZoVm64ORJw1H7fglwN/d9juRkmpblAFT3uoBh3TI//2iZ8Al3mlqdXaC72Rn4FVQh6MZA/xYXMsh3rfgZF45gb9b8YwmDA+8F3vaHo13FkwKcAsx0IMcdKJdPkOVrWXsLmvppli/z5IfyZqamLVvexqNM3QwDC5Zfi1YBQGinygYLW6ayFjWEEbW3T4pdeehhhDZW9MSutvGu+lCpQ+w2qzlqMnYCoo+k9Y+9oOBDGWwzXjfg9ry0AOhOokrQuSqTx7i8s5ERZIJ3SvG89q2O4E9PCdj9HbZfXoQwEoknfPtm/+cDcaOOxcd7FvYKH6wlOjH2ow/E6pUjiS9/BS5ht7vlBjl8sk/hSswL0EQllb6ggjH2JVp7UgHxL8moLusixHDLzCt5asIhuCqn+E2QEs1nCEdXvoLNL/ytJwP51BVQolA7KRFVYb4vA16Egz/ttjqxIAASSdGFfQesB6T6Aw=,iv:uy5lYl1kN4LXT81hx1OsrCkRgYVg6QyjAofDowXCeb0=,tag:b5PoXYgkyIiru9cDB4irBw==,type:str]
forwarding-rules: ENC[AES256_GCM,data:qM6Y19pynqVruwgV7KhRfS1klhsZChZqpVxx0mV1PXSAyTf+9uiVCmpst7ZYIOzOeri4DnG2Pi1L2aOs93tsH7UnbLyKMs0qHO0y5T30clzBclw+VmjGUXJ3iwX0vL9o3fYXZ/WEfZd1vclgKqJmjwNIhqXdf+iYwm/Vlhe6Ib1cb8qUh3H0QqSARwmPw+5ffPjTBRdp+MAu8ZH+9s0lbXipk1l/YoBsd0qs6ID1D8ahTXLaUKabuE4a462Qjat0cx7b88Psam/AxqQXTbujCxAbO9t6rzPgTW79GURoIVddoURPEfWUX+7125RH4bHHZd4dQWPee1d89ikmPIG65x6mGRlI073gGP07x+uNXyvcQVG4GabiJ1xOzlnzT5obySYuH/JKhYMR8meTCQGQKJyCaFjPfOWQYkEHt8xd4/hg3zlC8H+a44th9tNadif0rys3LSx+ltyyEbYyqU6U5vs=,iv:ApcoDgN5uLjqFmWbYZoL21GlKkUwkqRcVxXm20/q8GI=,tag:TxYTmEGcf+183CyzH5cfiQ==,type:str]
sops:
kms: []
gcp_kms: []
@ -11,50 +11,59 @@ sops:
- recipient: age1d3qtnwd73k0npgwhqwpwysdpqa2zyyjyyzs463f5rak9swmw45gsxdyjyn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVWGR5YzNVbWw5eEUyNE02
d2xkR0dlbGVrdEk0VG9HNU9zS0FNazFWczNzCng1b25sdFhBZ1p0S3Q2Vys4Mnlu
RDdUQnY5amRUNng5TzlEZUhEakw2akUKLS0tIEFXVHBUcnY4RnlSbERRcUFMK2JZ
U3ZrSXVURnh2ZHg0eC9UcnZjZ2txeE0KHRyC65nWKwuSMroEyDMKBXSg9q+yAzhe
kBBUkasGdSAESM8cvMVbLoyn7RTRcMbuAFeZPkwcJu3pUc6IdWARdw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2c2dSOEIrUUtpbFNUb3Rj
TlIyOU9EQlJCVTB4WFNjWDAwVGVpMUluV25vCnpvaXVqckIrUit6Q2NGb3Q5bnF0
ZG9JRy9VdVRLS0J3Vys4UEFZcndRU28KLS0tIGlIcFpMYXIzOEVBZ3cvbVJ2MFBl
cWtPNHRmSDNUVXJ3NUVPN3crYUVRREEKQxhNUNBYizl6qNo/JKdHeOLAn6/V2xfA
sHtn9fq0lhpWQ5oaSUOP9GHZVhEkP+fRJfK+QULEiR52zr2pYj8jMA==
-----END AGE ENCRYPTED FILE-----
- recipient: age16mwx76r29pa9lnmagujw9adxrpujxmxu38hjfastf6pgw6v66gjs5ugewz
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwYWhtUXZDSCtVWTFIZy8v
WFJTZ29jU1pHSURkSmU4M3FvWVBHeXJFcjJJCkVYTzM1bXJnVjZmalZYUTlTaCtH
M2FaYUhodU5ZdWdNT0ZXaDJIcS8vYWcKLS0tIGg0MjdqaG5VcElYaVNodXgyZkty
Y1Nxa3JkVVZxcVNucEdQdjdsTUovRFkKk4PMs41Wlw3vvrcR0kREyZiP4TIDRYQm
FfVPJ1CV3oZcDuDQMJmU0zh5uFJRB5INXXNnB2ULjnqq/PNnKuHXtA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrajZoNzE4VWhCK0E3aHNq
RUZ0TFFMejNjUmhSS2lZQnR0RHhZUzAwcERNCndUYnFPZnhuelptVUNaUWdkTWFk
R05mcXE3REcrNEJndGphTXhESW8vam8KLS0tIFMzSXFBUEY4N0d5eWN3b3IvQnFV
K21tS3FnbWZsRHVyZHI5d1NyN3c0b0kKfHq1QUZwgmIA/3cHOJuTWN99hwm2kI1p
emBoeNukVvjOgqUCEBG/O4GMHlc6BmmimnSiULg65eIyFEAdLOsBOA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmZVExakR2VUVCODVoZ0tm
WnBsNXdjTXVRejFBUzVLN0s3aGgzV2pJb2pzCmpTdnhpb2h0c25TdDBSemxHS2xh
ekR0QlJLUk9JY3VqTzJVSWdZa0UrYW8KLS0tIGFjVmxDbjdXdHptK1RxZCtxcDFR
NUxNNUtkQzlvTHhadS9JelFOSWI4ODQKdFjY8uyoOrRXa37M3d6qqY5zsB6UxOLv
d/hfiFATBbGGdj5B3AyQV8yIWTBt+k9og7wh8GVhzrkje5eJx3qMqA==
-----END AGE ENCRYPTED FILE-----
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFSEFMOGJtSXBCUEdGWHRy
d1E3MGRkUG5sUnJzNktwUnZMLzdMU3NOeUNJCkVvNDhDSE1wZWpycTVwbkxWRmww
VmFVQklLWFZSaTJlUFdLWFZIditpelUKLS0tIFdVRnpwK0RLR0E4d0xzN04yWlp4
YkNQVkpUeDdDaUo3OGFibnZUcW5pSWMKzHh01qkxst4+3HUaqZaPAQqLV95mrUs7
cToOnz8gj4gPUxz7mKFkkHeIev/D/1kc0aDx5KPRQc7VGsLPaKkUtA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1OGxhc054cTh1VU55eUtE
aklYUVI3RUhYdy9WdzhMV2dkU0FYZi9uakEwCkFPQ2lVeDNEcXVvRUV2czI5M1dS
d3g2R29YRHJpMXRWMlZxT25JazBab2cKLS0tIExPYWhZUktycmtNMndXVFlHcnNH
U2RXdlk0VThxb0hYOTR6U3dTZW5RNHcKy4iJe/O5O00Otvf7bh48+cCbhEhctu69
zzrNyHgd7T1cCTd1YdgR+cuwqBLDW1br8ATh8w6Fj41gtvB8mrzXVw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRYTRpYnhZWENyM3RQdDdj
TzF0UUJsOU4yQVhLeUhzT0R2a3hjWnBMV3prCkN4NVRDbjdIZ1BtS3VpSXZlTkFC
MlA3dDExRytDSlpFQmFyS2NtUVJZVm8KLS0tIGhlRXZBQ0tEbHFnQlRkTmVzSnlZ
M0UwN3lTbFBiV3NjZnpUeHEzVnQ1SjAK+z6YMA4SKGcmrL77FEPAEGQeCPeLnWwy
ubU4c+wRqNYkPlKnt/qy5Fj0qlA9wIDo54kqEuqehnn8XzgLCBZVyg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwNVFaYU1jZDhHbGRndWtZ
aS9wNnpWanBxc3Jtc1lsNXZRVGR5bDhyRXprCkVhWEIzT3JHcjFueDM0emlobFVD
dTBqUXNnaTBMUk1sZlJ2a09SWHhQbzAKLS0tIHV0WS9TcmYxR043S1ExZHhsc3pl
ZFRDOWhGbmlwR2hqT0swVm5RQWdxZjQK/kWd22+oqeZ3jVgpFiJYJbdbhnOTVTSg
lBw1CGoxXlHgXMjjbAQVdFk7n8uLxIjhcV3WZyFVAYdEQ+QQUmXUyw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmckhLaVorclNudHNJVU1w
VEpRWWFYL2JGUktCaXk5TXlSQjhCd0ZhQ1FrClU3R0ZuN0NoZ0cwYXZORkZ2OTll
akM3YjhtZHFNeHNEUkNmZVhLUVJDSmMKLS0tIEg0UnRBQTdPRnNOMnRack8vS1RT
WFBhZmwzQWhLVm9CaUtpVDdnOHdCemMKUV3IpFvZdm42PbL/kOLQKpFe4bld6S/q
b5sIdEDAp98aNAcvAjnJJWgIcWqhFFvM2UT7QFpCcvLg3njOfJo0IQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPZ2lWY0FiYytiM1YvRmox
NDIwVlpNWWx4L0p5MTA4N214a0lqTGhjaHg0CmtwSGZxWTRrcDBiaEVNUUZNMmM4
VFd2Tm95Z2dTemtkLzY1WmdSUllBRjAKLS0tIFpqTDhXTW1mZ1FwYVZxbEZNdjRL
YTNLREliQjJudW4rZCt3VzZYMGhoUFUKvMQEXnUNDd/RBv/zo+05d/znEZqaWONj
BjisOFvPYDodU/hUYGCxrdiKx4CxMhrtOjZjVxF25BMbH7m+XeNLHw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-03-29T22:45:28Z"
mac: ENC[AES256_GCM,data:ZmLhNLQvLG6foHvCadUTw0Ws3TrVkSv93/8sS5UmC0DxwHl9s8IieTS/Otk/tu89twgLv/hI+gMWZf+L8WkaMYU0dGq0d/NSB5+Pyd1hEyHOHkUQImBz+EKj2qk9m8f5+HDnb+RpUnpMJLpjv4Fayzg9A7Ox4MfPyaPUSHUNsDQ=,iv:55ao8R/DONq6JUQLoMr/7g4qhDpOVDBP0VpwGZKkteM=,tag:DDmIi2F0L//eahBuxlVWLQ==,type:str]
lastmodified: "2024-03-30T01:29:21Z"
mac: ENC[AES256_GCM,data:j/ofDZ5Ky8xGkQU5ciGDPWDO8WchRl7ii4aWKhLZsPRojCYDEq7uQEKVeXl8QRjeDpFiFsGVlapKpLKbdCnANxHFgwPDR4sM+cBgqP5IRagTYo+4PyXNz7gjeVDnboB0rI80TrSd9uWcBU+1mkSuzLlUiXZQ2Uo00Tnkf7xIcBk=,iv:HX4//Q5uNbLfUePXGQOjt+zuFqPL3iTl9zRD8tGZXWU=,tag:cQccCSJ2QRQA5hy/LQFgTQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

View file

@ -1,7 +1,7 @@
system:
mail:
maddy:
envFile: ENC[AES256_GCM,data:fSlitO+c4atrjmTJwqQQ1MgSJXUQ8taaGxhw8sATuYVXnmFTFe5nfGGu183RXOP5ZobyTydDgxl3FA4yGVAUdH55oAiikO6H2+n8BAUQdtkzdUR4jOtl5cukn01PoTbAuAj0OX1s3rCf7INPDqCydb5IuuUrW81mS7CCH/eoNyUSRFo=,iv:0CVGfwu8GJTR5QoAfSd6tLbGtkzwNb6fB+gHwiZiiws=,tag:0VrK08F/Fmx1WeqkdldBCA==,type:str]
envFile: ENC[AES256_GCM,data:Wo+iP0IzT71mtQwTX8u4klf+Jw126+ovm3neZKlRKDxXt2GT1TR7DTXzdUIskhfVyXSS5K8VbHb/+vZgDJ8jqoIGRxd3CSnH/f5zevHzPgz8LOpXc+4pVDqQzuTqS2XFI9JPLZpiXmcrJ0aSGeupTK1vkS+KvezJNbtRCar+uRVH0Cw=,iv:qK0mHWnpnDrYl+Ovc8HlmfWgLUvhHaTEXRqvkeWuMSk=,tag:Yh9jIlt2IxK68Mi2xOa0oA==,type:str]
sops:
kms: []
gcp_kms: []
@ -11,50 +11,59 @@ sops:
- recipient: age1d3qtnwd73k0npgwhqwpwysdpqa2zyyjyyzs463f5rak9swmw45gsxdyjyn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwNitqWUlhK2tLSHYzZndT
R2MyVEcwc01JWEY0MWMzblNqcEszeDFjdmxFCmpjWnRoM1BrU0lHWTQrbWZvVnlG
QzlvOG9uQjRBZGE1OVgzRWFET2ROWFkKLS0tIDROUnlTYS83SGdkaVV1SWJpcGVB
c0RiMmVNaW9XMWtBT3IydmNRcnFabzQKKshKR6aVRlDfj+AWYJAd/x+3b9JcMhEm
uTFP003ENqVR0Mxozz7rOWToaUid5kvLKqiEWwenXu9RQmwNINl9dA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxUGhnSDc3N3M0MjY4TGsv
MkFtUGpGWGFZN1JiZ2VKTC8vUnlOd0s3bzFFCktCTDdmekhpUm1ZNzVYaUN6c1ht
czVtVXdGSGU3T0FLNGJ2Y0cwY2cyWDgKLS0tIGZTRHBBeU1DN0xtYXpzcE5aczJr
QVhRSXZOTHUvOWh0cGFOcTR5R2ZsK2cKD5fNP6Oa6W/OJck3FbYn6R5nYS2UoF8I
aOUIN98e15BaSFaOc8kmqkNZC4mKMHKaBJH2NqpbwyDP4iwLbRtP4Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age16mwx76r29pa9lnmagujw9adxrpujxmxu38hjfastf6pgw6v66gjs5ugewz
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5aCtOS3lvM0pHU05oMnFU
VUZFaHNid2RESDhOVFFRR0dZQ2NsU1NvaVRrCkRHZ2lWZjBoa0Q4TWpaR0dFb3Jz
NjZMcFdRNThtTDJrWERVa0lSQlUwODAKLS0tIC9nSkdXRU40Vm9QMldYRUdFS095
YWxmTEE4RktDakJGTHVsOURUUDExZjgK5ML6rKmO4rRcV6mFVhA3mjtXne9luTAi
6lmVdYKIvKz5mQT2TqickgEDAdLcziz5e9xxwq5Nojf5V5obtCJs/g==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhMUluUk41a25heEkyUm1U
TDdPbHpvUi9hMG03RDBKTjVZSUY4K1p2ZkJNCmRqRWFDKzg0QVU0dGJtWUYzZThJ
RCtNYWtyNEJyNHMybVlTc2FoMWtmMWsKLS0tIFEzVDQySmNLTlNONHJZVWlSbm5G
cWE5bVZBN1ZmV0JkVXJXbzdldXU3ZnMK7EV7u1lewpEsurScWTKVscYMo9dmSoUl
O0kLRmRR4NEzuYzCFJ3JVaxTrPlMJM9C3Mwo3LsSDLCXSQ71JWiOZQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXd1ZFcjhkNnJXRjZPY3FO
UFVmT05CTWt1dXhjSit6QmlabHJOMTMyQW1VCjY3RTR2UGVJMFBYWlZnK29yejNw
WjRXT2NpMC9ZL1pldHRhRGk4TlAyK3cKLS0tIFgyVUhxRVh5UFdPOTRHQ0ZMMjVy
aUwyczEydHNnTG9KZEk2cjFNaFBOTmsKqd5MtgAJ1aKqk9Miq9ot2garqMxtFjdJ
1IvxprhYiPCgvhYtEbPlyCKtM/kdEGCplX3BwVOvhAU8CbyNb8zyug==
-----END AGE ENCRYPTED FILE-----
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEbjhvcDAzU0Y4Mkc3Z1JP
QWI2ZCtJRHhzNTM0Zm5Gb0lCeng2bE1nOG4wCkFVTXZPcm5yS3FOQkVqN0NYTFZB
QmJIVTNSNDBRaDduUmJTbFVQV2R2eWMKLS0tIFlzbS8xcDhrb2pFc1dPaUorc1U1
YWg4dDE2UzY1b1VldzBaSHc0dDgxemMKuQ7RXTLwKwrcNDv2tNmCTYcTnzOY1jO5
2m9CUSqeDRgMDfxO24Pt7Zk0YuGDdFONNMsBX8nm2RhCUhVM0nVmVQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArSHp1K3UzMXRXV3ZMRDRI
dllLWGF3NG5JOExac3BXamc3ZjRzWkFobGprCloxUzRZNU1kZ29GUWhZa2pXbUtl
MDZpL3NPL1hpdGtsSjBqQWpHUndpMDAKLS0tIHJBYmJPTGRxV0V6TWJiSG9iNjNZ
SWNQSkV2SHJHSHNFc1BIMGpabXlwLzAKQSI0Yo71Rt1eUHUKZZHsrTJenq3ooB3i
7aLQqN6jp2ZwfOPh0/HBB1HWy6AWJoWkJZb+zKXTn0v+kx9NHU43ow==
-----END AGE ENCRYPTED FILE-----
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwMlpYOXZIcUdHU20yTzRG
ajcwTk9HT3lxM3JxbG1GMitQQnVHenFQRFdFCnFhK1RxT3lUVE55M09HOTZQTzJF
QlpWOXBtOGNWamxDdVRFcHlGRm5DeXMKLS0tIEkyK2Y5S2h5d0JBS3pJaXBVb0ow
dUhCRVh6eTkxMy95MjlkVlFVZVZGazgK6HewYdcLC1q/NY6ysanj2pQogpxQVWxh
+LrDzvjMeYOrQD2bC3rVBEnM4IFIur9RKg1JLPkrNI/bONX+Tsk52g==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZZ2ZaQU5waXFMRW9oOFZ4
SHZwSzBVK3lGR3czUTJKbStWSTQvVjd1NVZzClF3L2ZDTDViQXhsZThKUXA0M0ZB
SmZaYU1iTVJ3b1ZkekM0STdWZmlGSzgKLS0tIFY2a3lCUUlZM3pnRGdxSzVOSGdE
bWRpL0lvMXRRNC93eFZEaEt3TE9vTnMKhzXsQiwzuxRLKAwsgn0GMyxNQHHJQpnJ
R3dnLC5FjDnr2u4LFeMlgWVWb6sd08GlBTgBCzGujNFo+qgvTsyNUQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrTWtEYnVJdWkyTVFSQkMz
ZWVKeE1hdlF5bXZHaWxJUVVWbzlnZ2JYVWp3ClpJc3JOZjZ0bktTdUlNZHcxNm5y
TDBJcTUvSG5mcyt1KytlQmViR0FXdVUKLS0tIGR3M3BhdkJqdElEN09QTXJVbFpS
eUZCVlh3YlRVTzU1YjZZaVd1U0ZLZW8Kr5wh1mo7P9dhUcQWGSDtY09uqC+aEYAF
Fo+1RM0vaZJ90MUygERU+tZsjoZuD+XL+ckdCquPLRypuidZvfeh0g==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHcEd4OWJGVjkzWVJLNGQw
ZDkzNFd3a3VrQW9uMnIvS3ZwUmx5TGp2b0FrCkdjaEJRNVo3ZDM3TnFvRDlPRFph
V2dkUUhvYUdlSDY1TG91dlZNeCtPYmMKLS0tIG1JOWRmbFd0b2xaQkJaNjlXcjJK
KzNZbGVUVXdweTFmYXdxWm9Oa05GbDAKGB7SVhd13AukH44aGPMNx3aXxXI0iQNI
UtAwlxSakIZ2OSb6A+BJNG68Joy8dEBp23JY+l5wGnKkPNbWIYSqbg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-03-29T22:45:28Z"
mac: ENC[AES256_GCM,data:oU8t0LUz/gSpABrHfQi6uazu0hen7Z1Bu+LlBPWxc2hGOV+Et1YF2VZY11uA0th0aZ6t1sFA+DvBDuKKBv/S70qhz1KB5MYTmGfcHMWmLNTzoO35u5FSVRbrcWDX8Simj2Mfpxksphr9xzqlbCaMKiCj6ZrUFDKAfPPe+KPjJwg=,iv:8AKTtwoTHQbfjXwrozBiytUn4jGWKbBJLTzkod2Cdlw=,tag:XqBX+pA9x+m4Cl+NVZx0Lw==,type:str]
lastmodified: "2024-03-30T01:29:20Z"
mac: ENC[AES256_GCM,data:P7huPF/xSFJdbsM58kPaZqwA5LufakR9rHPQk7I4+WfKocJDxLDKknsTXvKqsEi/hnii2uFkahp+J8nTAGBjqENAdFx2ux+j++Z5dfOf/Ipl1PWZxjUKnB6SaflSja6PTsULLUl8ZiR0b6O0fitgyvaUdYsdQqVsi/VdCTTUxe8=,iv:BVmTyDkhYDW4hu5ebcytaLqAtau91KRjSg+jsHOwD5I=,tag:5sOALgUX8z0DqD0yRESerQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

View file

@ -27,7 +27,7 @@
];
# Substitutions
trusted-substituters = [
substituters = [
"https://cache.garnix.io"
"https://nix-community.cachix.org"
"https://numtide.cachix.org"
@ -40,7 +40,7 @@
];
# Fallback quickly if substituters are not available.
connect-timeout = 5;
connect-timeout = 25;
# Avoid copying unnecessary stuff over SSH
builders-use-substitutes = true;

View file

@ -32,12 +32,12 @@ with lib;
programs.command-not-found.enable = mkDefault false;
services.udisks2.enable = mkDefault false;
xdg = {
autostart.enable = mkDefault false;
icons.enable = mkDefault false;
mime.enable = mkDefault true;
sounds.enable = mkDefault false;
};
# xdg = {
# autostart.enable = mkDefault false;
# icons.enable = mkDefault false;
# mime.enable = mkDefault true;
# sounds.enable = mkDefault false;
# };
};
}