This commit is contained in:
truxnell 2024-03-23 20:58:14 +11:00
parent 923b2a02e0
commit c6f32af795
7 changed files with 288 additions and 76 deletions

View file

@ -3,7 +3,8 @@ keys:
- &nixosvm age1d3qtnwd73k0npgwhqwpwysdpqa2zyyjyyzs463f5rak9swmw45gsxdyjyn - &nixosvm age1d3qtnwd73k0npgwhqwpwysdpqa2zyyjyyzs463f5rak9swmw45gsxdyjyn
- &nixosvm2 age16mwx76r29pa9lnmagujw9adxrpujxmxu38hjfastf6pgw6v66gjs5ugewz - &nixosvm2 age16mwx76r29pa9lnmagujw9adxrpujxmxu38hjfastf6pgw6v66gjs5ugewz
- &dns01 age1y399g6q8cg0efzqdywrswp5uugsfeuxg54ptp3vacrvaknl5dunq22wt5x - &dns01 age1y399g6q8cg0efzqdywrswp5uugsfeuxg54ptp3vacrvaknl5dunq22wt5x
- &rickenbacker age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk - &citadel age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
- &rickenbacker age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
creation_rules: creation_rules:
- path_regex: .*\.sops\.yaml$ - path_regex: .*\.sops\.yaml$
@ -12,4 +13,5 @@ creation_rules:
- *nixosvm - *nixosvm
- *nixosvm2 - *nixosvm2
- *dns01 - *dns01
- *citadel
- *rickenbacker - *rickenbacker

View file

@ -0,0 +1,145 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ config
, lib
, pkgs
, ...
}: {
imports = [
# Host-specific
./hardware-configuration.nix
# Common imports
../common/nixos
../common/nixos/users/truxnell
../common/optional/fish.nix
../common/optional/monitoring.nix
../common/optional/reboot-required.nix
../common/optional/gnome.nix
../common/optional/editors/vscode
../common/optional/firefox.nix
../common/optional/sops-nix.nix
];
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; # Enabled for raspi4 compilation
networking.hostName = "citadel"; # Define your hostname.
# Enable OpenGL
hardware.opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
};
# Load nvidia driver for Xorg and Wayland
services.xserver.videoDrivers = ["nvidia"]; # or "nvidiaLegacy470 etc.
hardware.nvidia = {
# Modesetting is required.
modesetting.enable = true;
# Nvidia power management. Experimental, and can cause sleep/suspend to fail.
# Enable this if you have graphical corruption issues or application crashes after waking
# up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead
# of just the bare essentials.
powerManagement.enable = false;
# Fine-grained power management. Turns off GPU when not in use.
# Experimental and only works on modern Nvidia GPUs (Turing or newer).
powerManagement.finegrained = false;
# Use the NVidia open source kernel module (not to be confused with the
# independent third-party "nouveau" open source driver).
# Support is limited to the Turing and later architectures. Full list of
# supported GPUs is at:
# https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
# Only available from driver 515.43.04+
# Currently alpha-quality/buggy, so false is currently the recommended setting.
open = false;
# Enable the Nvidia settings menu,
# accessible via `nvidia-settings`.
nvidiaSettings = true;
# Optionally, you may need to select the appropriate driver version for your specific GPU.
package = config.boot.kernelPackages.nvidiaPackages.stable;
};
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
# i18n.defaultLocale = "en_US.UTF-8";
# console = {
# font = "Lat2-Terminus16";
# keyMap = "us";
# useXkbConfig = true; # use xkb.options in tty.
# };
# Enable the X11 windowing system.
# services.xserver.enable = true;
# Configure keymap in X11
# services.xserver.xkb.layout = "us";
# services.xserver.xkb.options = "eurosign:e,caps:escape";
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
# sound.enable = true;
# hardware.pulseaudio.enable = true;
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "23.11"; # Did you read the comment?
}

View file

@ -0,0 +1,38 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/701fc943-ede7-41ed-8a53-3cc38fc68fe5";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/C634-F571";
fsType = "vfat";
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp12s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp13s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

View file

@ -1,8 +1,8 @@
system: system:
networking: networking:
#ENC[AES256_GCM,data:pZhhqGtwLJ4JiBm9056d8HQnzvQZeAghKkOButPkbnjXmXxzKWSZVJhbqU0Hc+XBs+EcUOCcvsSDd+Pkue9sxEwJoTmWIc8WzvUTHw==,iv:bKt6g8YBlsMxXcKaPW+5uMNbTh93YxnHxjOW4gwPrhY=,tag:kx7grZBcgSvYn2TBpDiAnQ==,type:comment] #ENC[AES256_GCM,data:JFRHRwBs7Qdlsjp5cJyPo7xey9vwDKI4lsaWwOVLGuAeSWcIUXmoF6jkZkutKI+txyjQoxqrXtvab+M6DDBG9jCC3/qcQxiljvK6+Q==,iv:tK+9bBVgDe2T5wDArr3IrSuTND16VUdMtsfbQ9OipT8=,tag:baChOJUpTAk05LRSxwNfqQ==,type:comment]
cloudflare-dyndns: cloudflare-dyndns:
apiTokenFile: ENC[AES256_GCM,data:HCPDP3uDBchxKBT0iu5obiLK8echeVyWfhBJ2ejq2cyZV00Uwh/t+usEMzmkrXdBGHUpafMIkUkAcOhCJYa8f9bEFYcJVowbE+nff3GsBtm4rA7Hx0ZVgHOjSyEVo6vPtWgX1y8EwUrAKSZYCoiG7uI/Gg==,iv:BZWwztLfSjg5n57gTsXiVZ5sn9mJzizS15KGkCHnalg=,tag:9INru4xTAH8gMXZcqHS0uA==,type:str] apiTokenFile: ENC[AES256_GCM,data:CG4KyihV3MQ9/JPmKnRAwUbOQb1IrM9yKtWeIbXtjRDjxENIcJC+tId4S9WnQ0u6WwtyDPIEbjNcZXd4pckL41mBb9E4j8Cap+ocEmuWyP4xOu/a46+yVF+Ai2mzehIx1xzx5+HsHzdh2W0WXq/T5Vi/Tg==,iv:PVQVajn/ZaA0mJEOWp+9aKECkSV0ZuQdd0U2nKw/sHI=,tag:Jj/uotKuagQa9cj7OOrcFg==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -12,41 +12,50 @@ sops:
- recipient: age1d3qtnwd73k0npgwhqwpwysdpqa2zyyjyyzs463f5rak9swmw45gsxdyjyn - recipient: age1d3qtnwd73k0npgwhqwpwysdpqa2zyyjyyzs463f5rak9swmw45gsxdyjyn
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOSlhOUWRldTVEaVg2Vk9L YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxQnZRaVB1eWlBRTlMNlUv
eDVXaExqbWRtSVlaVXBCdXpGek1oVXZ2a0ZzClpOUEtjMEE0KzNobmFCLzg0S0Vh WVZxd0VSMUxlT2prY0hQSllVZWgxSFhXY0Y0CkdBNnpieTdXZ2lWUUNYSTNVUEVk
WnhKeDFUOXdvZ25ndjhuVitWWE0vVlEKLS0tIG9zZzNvWU9KZ2c0SEsxN3oybjFw OEpUaGNHNFVYcFJEVE82RWVFZzl5MUUKLS0tIHQyT3lxZzdHNkpINTNTN3ZwQ0ZM
Q3RTL1Y2MjYrQW40UnZMZlZVUncwVEkK7Sh4kSeSxgtbclAdQdITzOVpSBbF3t4R WVl1aHphTCtiM3FlbzBoMWMyaS9oT1UK73PSRG50mZ8S6FajvllQFt9Ye8BoJJUe
tvUEEun08V5FO01QzyNuTBC9q5geGwRgjvtWSX3lECSD1AaG7VuNCA== iOw1H2tYr4V7QjHOaE5yCvQJTMUtc4EI+PfkmiiKRtsKbfibO1IylQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age16mwx76r29pa9lnmagujw9adxrpujxmxu38hjfastf6pgw6v66gjs5ugewz - recipient: age16mwx76r29pa9lnmagujw9adxrpujxmxu38hjfastf6pgw6v66gjs5ugewz
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPVWsyR2JqSHA2NEQrV3k1 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBieUlpT2ZHYXY3bm1TUGc2
SkFjV21oMERJR0Vra0pvalpMNlBVVTY3eVRRCnNtOVhiTkpGY1hwYW9RYW83TldX c2NlM1V2V2pZbFI2SjFXdnF6Z2JqS21jblRnCm5hdzJIenB4WXRweEVGV1dsUzY0
aWxhZTRWKzNQYy9DWnpwbCtmWWMrbzAKLS0tIGpRazhEZHpRUVVmWFh5QnVlcGVn bVZDQjExZzdWVmlkaXdiQzhsaEhRcEkKLS0tIG03aXEzbXB6VWRxcmFZQ2IvK3lR
citoYmdhRUlNODdlaVdwbmE5ejV2RlkKJh/ZHEnDe5yjY88mzXFHE2rQgIjybEgC Q1RRL2pIT0Q4bk4zQUszYkhFTU54MU0KUCr7lwMzu2FNxmDkWsNxpiJ5F/DaAOWj
EnbmboDKby/Ns4Rts8M/qS9AUcbk+3B5Ls0IM4zPIGPH1UflKbFbJA== GhU0TFPJP8jEBDHJKXPJ9IMkXtyLU4F14pZBQGk6cVmQ7Ll7ABAW5g==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1y399g6q8cg0efzqdywrswp5uugsfeuxg54ptp3vacrvaknl5dunq22wt5x - recipient: age1y399g6q8cg0efzqdywrswp5uugsfeuxg54ptp3vacrvaknl5dunq22wt5x
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4ZzdmQXdLZnl1dWhnN3Mv YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiL1BjMUswTkMrU2kvRDNx
ZmRtRE85ZFhqYkpGbTQ5ZjRuN3IyWjE5UVJnCnNFT1NqQ0hGMjFHNmlPVmxYOWYx MGYrY25mbS9rWThvQ05lc1VnWExpRk9LQjNZCkF3REt6bGIrZTNKTGpnalZycVdi
N3BXOC9Ic09hTTVydHhPYzg5U3NwWTQKLS0tIEw4eFpDc25HeW5GK1NBZUpHYWdL R1NSOTNoeGdCcVZCQW0rM1B3cENHT2MKLS0tIFIwQzk5cFIyNkwvZm5rQkNnVU1y
NEtGMXZabVlzejhMOHRBVDNoeTVkbmcKbx3mHeCwfjWB1RfsGV2fsGgr+A6ObkhG ZEZEaWUydmV6VXVFdEpubkZRcjNvbUkKMuX2cuewaVDQh3WcEvTq3b/OT9D4eLQ8
4Ki+HkGB1XkU/gkU6PwyAq3/9wF/h7otoGHNcvKuMVZNj8AbtSy15g== dP6e2umiDuWO7xjSDtN2hMvAtwzJ2ac0hpGCl0yVFAcDeCP17O9alA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk - recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBISTF6ZGt5L0dDNHp1cFRK YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaNjcvMFpXbkJDZnoyT01D
SUVMVnlmOHFKR2hEMW43OHl2WVc0T0xnOVhNCjFlZHJjUEIvT1NYMHdGSS9xMkNY Mmc5L09KMCtxVFhWWW9YWkh2YSs5c1RscnlvCm9BbmJWZkQ0UmFuVWFrSVJMY0da
dFgyeHQwRWRIbzFPREU2M0Vjb3FObTAKLS0tIGxuSHF3RWtiZE1KZG80K3BlMWh5 TFNLUXVKWFV6bzN4RXg3Q3hoaW5UdTAKLS0tIEZzWVd0d1hFZ0xPczE1NUt1SWl4
M0x2SzNYa2QvZlJ5aW16UWRGMU1RYU0KTJIhjRj5g5yiSqxHupbPVSUsuasCgmST Z0hZcTl2OWNsRU9ncWhjMW1CNGtuQUEKDGSbGS4CTWWZuyH2DqcMd+SmH8Mmgn6Z
OG3iofre+AVi5WfWTaSArfpTCm/y1z2UGbSK+KmJ0SM4xayyTvLbIQ== jqEfzCWcV0eUWN+89ic75I/Yy9JpBPvhyNnTatMeEOk6gypebgk6GQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-03-21T11:56:33Z" - recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
mac: ENC[AES256_GCM,data:afQFkMRxfYsBKPfoAYSH1sNkGWDZRMH51PREmCnBb5UyZ4dEIPaLeZfnnOVY5+91EsJDURpXO7Moks6NV1zm36IdrBBkUG/2kHYQDbsrO7OQ+Lpuqk/e+Mp80oAkisWVIjytEDdzrHH4xs6YVj2/ihbTA2pVnqiBNMViEx2mGN0=,iv:w65sp9n/iqy6c2By90xCEjJKL6KwbZiB8fIb9RsEeAw=,tag:au3SnXULfI2TXsRuYQMNIw==,type:str] enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzNHdwTHVGWGNWajdGTHVp
aTdndkl6SlE5TWM4dm5QOVZJMkxiL0VRaFhRCnlOSE1HdCtxbmlEak44VDloa0U4
ekIzSFV5bldldnZ0eVNnV0t5MzllUjAKLS0tIFdwRjZIT21FR3VDeVV1V3VnRDZu
YjYrckxVRFFQcDNHVDNTNTVjVUZWV2cKkGTwaweH584hootSwsldyoiHfBFYMaNO
K4PuA8SHQMBP5obqljiplFx+ld+cFii10BLKbuNLx97oRJy5WyRqzA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-03-23T09:42:43Z"
mac: ENC[AES256_GCM,data:9B0TsfNaVnt7WrO0jkP4dd37Ys3JKj94d4Js31wCsPw5JZbfb+eC5meqIti1PJhw19xRG1BdpXLXGQ6XEpVPY7mU+BiVNpgaGv9+tYlxibie7+oHuCuVhnQUnqh3/FllDlq1U3jwtwHjXrEkJyKD85afPdegFrkbVozMCoNE7Cg=,iv:8tHw/5A+6IHnFURCDwsw8Kune0vNilN3CBz1e3T7Mpk=,tag:8ZRnkOd/DfoPzkEjwhK+iQ==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1

View file

@ -1,7 +1,7 @@
system: system:
networking: networking:
dnscrypt-proxy2: dnscrypt-proxy2:
forwarding-rules: ENC[AES256_GCM,data:pQ/4p670nxLQB2aVenFag/Ngk+SgGXDSW8GZJDYCRxsv7A/2qtuhw5qQ+x7Gmx4OonJy9futOg9EsylfztelUnGSve09Yx/KuQUAd5ctnfBnLWqOtX1snpm3oHD0eRYOEzo/UUJlAo26qTwOhn0t56ATv+LemIsn94wCjiWA2mg91T2VuIPWRoHfpZB5JxAV5/9vUfiGdLka4TugxDzsEvFtYAGuta3pJuQJ8Fv3O+idTsF9izU/JZKNTDe1kwngT5paMQTpAi2dqLq0MgjaXbhJsTBpYwctRy7Qs2/Q5AjNvXTfrmtIHy9wo9dD9MWRoYHC27wsMiuMlwrfNSZpt1mMVFddsS+GhpEfTwp1XPub8Cavc74VmYzQLL20e0/2jH4Swjq+mCtBGnnW+qA4ZMCbh/NDpNhm6Am5hPB49d+Vxfdhp/QeNOis55usD1aYAAoM5FFCH9NzOWCHcturqxc=,iv:FmjGnacQU17+/SFHzauuj//R94uKPhTv87rcL4QvVjk=,tag:lGFrCyZ6Dl/n9HIIdZZf4Q==,type:str] forwarding-rules: ENC[AES256_GCM,data:/Bmttk/FpmpN7IvxUgR2Hv/x0nqXP/YxGVSssYQUEcSIq0P5D5biyXK86yrbEsqUJzhH3kr2SjRHIWnZbJbtcYp/SfvqmktBfACmraYsrwO8uYkZq9dcMjBLO6T+UUeZzbD3nRF6TSgxpFYR7SWCn7P/DejcfSFT8wUJyLCqYMtkkilgOPXIzfYMH+982fmRHxQeswTuMUPXk/iczvAfQ6F85ZhFbJojzvf7eXZ3uxUwkGRE7kjsqguA5GUkYzQXsiXD2Tg2iAco5V2fQqmOEvdK/a0NCPogijIdPxgxJZENG/7ssz7k1U0egToCbPy9DcC/n3FEH+5hCEvHt5ErlrR63QBfwAf8K3TJHygCpWx5qMx//+JIUfPtWsS1y6tzvZ+2eQYscolZBQSIPkgD8KbHjEAkIlUtNqYPgGxwvyGCiucEWWc8BQImUYm+OpZwFiM1tfOAewB0W8v8o7b8PTY=,iv:MBq6w9o8iHQ51C53uLh34D5C7D1wMSGkwXQtb09y3tI=,tag:vZ5SQWmm72ytJr1zOqVgCA==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -11,41 +11,50 @@ sops:
- recipient: age1d3qtnwd73k0npgwhqwpwysdpqa2zyyjyyzs463f5rak9swmw45gsxdyjyn - recipient: age1d3qtnwd73k0npgwhqwpwysdpqa2zyyjyyzs463f5rak9swmw45gsxdyjyn
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0TCtBSTMxVGZGbDlqV1JX YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOaUkyWnhXZDNBWUx6VXZx
V1JtWTRTaXFKdlhvaW9oaXozN2hPanpNdDJzClQ5MVcxcytRMERiZjRGRmZ6MTlK c1h0S0dJKzVlTkdkVTRsVlg1Z2w3c3pOS2xrCk9TTGpsbyszRUg2N2RzZG4yYWYx
SWxpQWhGdk5FVVZtUEJMYnpEdFcvRGcKLS0tIDlwc2x2aGdCZkNWM2FIQXBBTzg4 Sk9zaEFCbjJQb082Zm9La1hLN1h0QjgKLS0tIDNmUUcybFdiOVhLZXY2bUlmeXpx
OFFPeWVIWGI2NWhxMEhjWGtHeVl2bGcKL8r6ktx/OfboZGy8FPJqLXrschvhatMe eGRkRDl2MlhJeEJLdXBYcE9XSFgxVnMKx6nlTItqsde0ZzudnNyy3IcWyE9OfyDM
BEtT4vbCGw7Zj6KjaZeJoMIdHtIcC1wi7N4sB6oIvCyxBpQajfFfCQ== Iq7S1xNyMxFNKoj7ZQ9O+WKpf4/A7nCgB93qdKi8dyFcQsNL+7z2/A==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age16mwx76r29pa9lnmagujw9adxrpujxmxu38hjfastf6pgw6v66gjs5ugewz - recipient: age16mwx76r29pa9lnmagujw9adxrpujxmxu38hjfastf6pgw6v66gjs5ugewz
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhekpvRzZHSkxEcFFPVjZh YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4ZnFldVp2Y2NzR0dyQVVZ
b2p4SCtrRnp5UzZlU3NLb04wQzRXY3NWT2pVClJFM0dVNVFDWkErWDdRL2Q5NEth b3pxdUExcDExUWg3YkVYZVBOTm1IKzRwYUVZCkxNUitNK0syS1JjU1N6NWNlYVk5
NThEako2L2JrT3VBajBwdUVJd0Q5Z00KLS0tIGNGekF1Um1xQlJYMmc2Y2c1Mlhl UFV4Wk55cEd1bWZ2WTJjaHB5NVg3K0UKLS0tIDV2bGtPZ1FhVjNVRUE5VWdQSktQ
ak16ZVFMVnBwZ0dJRkNzRFRoanE2L1kKW4Oxl4WniSVQuQTxTfEBwUOY7FBsJKp/ aHJEa3hVSy90U3ZicnluS2dxMXU0L2cKGLPwOid+L7IWZtKgQ8lF2pPrAOrxZBFA
FZwpti7hhdX6Fc7YAXj59KClyGBzyzOBVboY0bQzMD4XuoRkgd5aDA== ctYXJHi31T0U2MDBrOsarmRhMd1ofvUQnz/lemgIG2F2HxTad7R2Rg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1y399g6q8cg0efzqdywrswp5uugsfeuxg54ptp3vacrvaknl5dunq22wt5x - recipient: age1y399g6q8cg0efzqdywrswp5uugsfeuxg54ptp3vacrvaknl5dunq22wt5x
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBha0pRZlczNHd3SlJmVDBU YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyWTVma1hMN2NHMithazJI
aTZaT29mbW9oZkJGL3hpNDZFbkpsSGk5dmtrCno1aFU1ZGsyYUZETUFtNHBzL2tU YjNYRHRDcnZ1VnUrOWxnczZ3Q2QrdjNpcHdFClQvb2ZJMDFKRlVabUk0Mmc1NE5E
bHpZVE1Jb2R6Z0QxYUc3cGNpR3N1MzQKLS0tIFFUc2VhM2tTNHRSanYxOVZmNVpK NjdRcmh3ZG1lN0FrMDJZU2RndW5nM2MKLS0tIE01cnpJMXRZY25waWdaa00wbWxP
Yi9GemV4c0hMNWRNWnplVnNVcnBjUm8KF3NraIgrWU18VlWpiPC1l2iaUqwrPNkS RmJWVld2Yyt0OXdZVzRQeFBQTDdQZ0EKewL6evla5/CrqsSoDgK5TbQv2B26Unc/
L8geWFzOPa16/0tLbFJc22v4z8XJor59msEqZtBHTSjKCk6SrA2mhg== /WU+Zi/bo0bd4iDfbUPdtxg9hUqsnP4cjnX0bFR9PP1IHcbTaS3cMw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk - recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1Qk9WK0IwY2hjQkIxMm9F YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNbmltMUd4OWpzL3VDVk8y
NWhiQWV4WjlpK2p3Q3NrblBROG5xa0oyYjNNCjVqRys5dGxabkl3eUVWNWNCOHpx N202YlIrWXg1QnprdjNJRUtiaXZvVVBOdWlrCitoQnQvbUxLN3E5VEhaZlh0OTln
N2RiWThzNGovMFlVcmhrZjVHR09pelkKLS0tIGRFemo3NVh4dGFxNm1JOGM5TXFK eXlhV1YzMUFVK0hzNTdyQ2gwSUxzZEkKLS0tIDFaWTU2WUR1aWhxM0M5am9sOFVQ
YmVhVU4vT2JWdjJyWkRsL3h0VjJESFEKMVOK8FxLJJyYIPF5i31QoULTJRjq8s+8 VjJnbE1SQ285MVJHeExxbnpwV0c3Z0EKZsw0o7hZgswaqVh/K3kDORJiSxkGK9Zr
0T4tZXvJV9WgKG8qWTo4pGfnQDDp6QdqSzb2b02WQJEexmaeR979fw== cJHnA2e7osm7F4wrkc++GXCEsjvdM1V8uXp8bHrrvBwlbBJA4C09HA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-03-21T11:56:33Z" - recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
mac: ENC[AES256_GCM,data:7i10h+RJUJamnPvFIcORQrDukNudtXHLXeNkQqGHCCWsRPnXOtP8Yw8/l0QR9TH5BIxT/u7mjJnz7WfmhghkYSnKPqyHEmYtoLgmq4AsrpSoXUgbBdMDgm6UZr8NqkE2J0EUDI1AhzAH9JCakRBsrO07qRsHyjiH5Q01w0oLYTM=,iv:4gqb0eHHsHkLNLZ0jTqGRp8OGad/49VKmhINLQwlc4M=,tag:13noyAbETQkj7uVSCRD8pg==,type:str] enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpdXU5N1FyUHdZNmI1UEhX
NDcwR29UNE9hd2dsMHlDSjV4b0Qyd0lhelZVCjdhd3hnWFZncGlyTVJxdHZabXFN
dExUMmdRSm43UWtIYmhzZ3hTd29WRzgKLS0tIFVjZy9LbGMzR1VJTGs1eFFzZG1B
OUVlYXh5MENVZ1YxempVYlQzeUQwMXMKn5AzTMxMGCbQUGdtsOt9d4yxK1R6Vb0G
+IwgbUNS6+djhuW5TMoW7Avc/b3JbQ3oc6VgXLxTG5X2qBqasKw6Xg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-03-23T09:42:43Z"
mac: ENC[AES256_GCM,data:U7y0kd6xcz2S/1X0/FDqk4kq29K6nGE38WAfnmpgbfYXUQnbbe4dBPTbyo47tKRZiY05baYSi4cqUwYiGU9LX6KvfZSq3bYJRLiqKGrk5AMUyrzygWvceOaO2yYhjRHKU7J0rNq9pbXwtn/vjbKfzDQxXnWkAQ+/SIJbDebMlB8=,iv:5lTN4qd7XaRK0H/S6bYTMQJ3XIRGsoTVS2oK9MDBfOI=,tag:wgdr6/XA1vO3/ZqbvlPVEQ==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1

View file

@ -1,7 +1,7 @@
system: system:
mail: mail:
maddy: maddy:
envFile: ENC[AES256_GCM,data:VFqV/ZqnOlJeJKNZ0YGf1ORPQGn61GFqaSyHnRwh2aH/Xe67FJEsUsY1HW8hsZ3nKssmk5kbvvUZ39kqwUpqQtwhkE//YOhFCdYzW1hsT2nc/Nfm8pSGSiy+VTKehp1/QBsm+p9n4kgvlIwZaneerMQH+Z3B/1d9285wckZWrFuMxWw=,iv:lj9OGG5vEgF1osQIpnxYHEYwVQMAZaeWqSXfES2ESVI=,tag:H1PTFWs3iNwInXUe0e5aFA==,type:str] envFile: ENC[AES256_GCM,data:Tl3ho1MPmjdoDnCF7it3zFsVpv7l7D9nzFFKWfyqhBYmk41kq8SXIFsHBci0tAc8ON628/zb4D1rwXtj1N3AVcCEQeM8snjwo0wd6pc6yoCLnkf3mRITZAftLEgLPJbAsb/OAtDQY7IKiPYubZwBCDjbsQrWez1ZYMO5WpsPD+2VOTI=,iv:HhZCs4uiJK2iXJiAupMQ0NQq0xs0WRiBJchc19UbgQM=,tag:t1SbqqItK5wX9Wbli2V4Aw==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -11,41 +11,50 @@ sops:
- recipient: age1d3qtnwd73k0npgwhqwpwysdpqa2zyyjyyzs463f5rak9swmw45gsxdyjyn - recipient: age1d3qtnwd73k0npgwhqwpwysdpqa2zyyjyyzs463f5rak9swmw45gsxdyjyn
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvWXFWT0ZJaHVwMSt2by9Z YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZZU9rU2JsWVF5OEVsbTBF
cXEyWDBmb3Q5VEEydlZoMU9PdGt5cFM5TWdJCmg4VC91NXlMdHg2OXFZeGlTK0ZJ QlJLVDFWU3BISzl1SWk4SUUwL3VCNFZQY1VvCk5nTXJlazFQNXo1ZVhJMEpTRnVE
eE5IY1V3N1pNTHRpZGQ4YjlrU1Q3KzAKLS0tIGxFbkdoRU81b0o1UGlHeFJ4eWkr VlNaalRqTUtTUlBVeWVVaTFvMmJKVVUKLS0tIFM5SEIyOURhUWFHa3RrbVBSRFlT
Q2VjY243REx4ZzlVd2M5TlhFSjBCTm8KlVvxg9WvhEvhhKozS03hCz5doU3YnIal VS9WaGhGUWpMcEJ0UUVsRVR2S2FtR2cKhePhqrlZ9KpD9CQOJ7tObqLOXWCxIxUv
erRZggFlxzdpG5Nk/tfEaQhGL6HeeF5j8uBO/x9E7DMYpxtMxwA5BA== X5jPf2gEsWSPnrVPehSbLjsyAFlMOVCgEcc1o5qec+cFgqwN3HcuAw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age16mwx76r29pa9lnmagujw9adxrpujxmxu38hjfastf6pgw6v66gjs5ugewz - recipient: age16mwx76r29pa9lnmagujw9adxrpujxmxu38hjfastf6pgw6v66gjs5ugewz
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEREVkRmJGRTdiUlhhMGQ2 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFSTBWVXlyN1U4dE80MnpR
aytPZnM3NnNFcWtrRHJqVWlCZ0FGY29JVDM0CmZSbWhsVlBPTXZxL00wUHl1Q3pn UWNFYjZycUlFR1FETEJLRDdiNnZ1NzRZOEF3Cnd3QkI4TlBZRkxmL2kwaTl5eUVC
aHFnQWQzNllZaDF0MUIweVVFVlhoMG8KLS0tIFpaOXl0TU93Z0Nkbng4L08xbU1Z UGNGbnc2T1hPcWxOZjNBTTlrWDdnTTgKLS0tIEFjR3BFMyt1NUhhRUdmMzlMNHow
VzhGdEwzTDh2QVlZVVhJbkYxV1pJbncKcx51Llv2qiX2hTHx9P3+STFYhuG9SKqM RVlqSmhZQVZXcXZFOVBhTEdDMVQvTzQK2ZMfPvX7plEopZH1mXLvc1cxa6SD/GM7
P0JLENehLDU4pYF3qva92dr47msBAEPmnVTs4C4Lj6aycoc4WXhjcA== EBaUbiRM4IccKf+6Q9w4Zna/3naHgr2EyDhJnXiNx6C5sMPpx+0Npw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1y399g6q8cg0efzqdywrswp5uugsfeuxg54ptp3vacrvaknl5dunq22wt5x - recipient: age1y399g6q8cg0efzqdywrswp5uugsfeuxg54ptp3vacrvaknl5dunq22wt5x
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkSnlXSUJ1cFlVNVdobVBQ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwQ2tiTUdTcjcxS3VIdDN0
Z3lYMW5VY0NKMFlZOC94WWtyWUdDdnZjZFVFCnZJeFUyWlpCbGdzOHpNbzdOcEVF NXBqT3Vsc21CaTBxaWRMcDRDOEFhNDIwZXdJCkdtY0VyWGVPTk5VQXhJQXV3RWtt
Uk9XTE92ZjhiVGNuaTN0SDgwU1F4dkkKLS0tIFdVNjl3c3VQaWY5eDUxRG9LT2w3 Wkg0SWI3M0VzclM0TFliNmtBT0U0akkKLS0tIGxWZG9BelVHSzNROVVUQ0VJLzdF
Ti9HYmplcW8vQnJObk5zU2VjcXlwRGsKDhUS5CF7CXK8ZxdJ4qpZx2ZV8LAYsiUw OEphZmdxN0kvc2tpUlJYTXZ0M0ZPem8K3xHBOjygxjQsyXUFh8kK5YPWLDPUAJho
x+W8bmsyUlMRGX6qxi/U834t25k8/49eDWkjQXMHvIO9oYXEUak1iA== AiVmd5EtWzFJikz4MW9a6P7eeUUzdVEBa4KGI9VdJ8JDFtLGZmmG+A==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk - recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0QW5aeEJnY0R5SmNnYldM YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnN3VrcFZZSXp0eHVaZXpz
UTNZaUZCWDdMMVQ2bWZCWk5TZ29KVEhWa2tzCjdSc1h2K1cycllFbTZqb1VteHhs R0RWUkpTOXVTb1Z3ZVdRK0N4Q2NsNTE1cmwwCkxWd3BRWDNpYXFrNG52S01paFdh
N0l1K2hkem51ZGx3TlZDQ1J6SVRDR28KLS0tIG1UaGVBNzl5NUtocFNzYVlUWkUz U2VwSDNVaDdySDh6dTcwQWszU1dBSlUKLS0tIG5XVWkxUFhhZTMvL1pOYnZwdWJI
K0lDVE10a0hZZ0xQcDljWnZmc1U1L1UKyjf60ujEGDMJ2/RNRjT3y3eot83UOdKY NE1ldE5lbDRKZzd0clhSMEl0dUM4d1kKa1EJEG5Vs7MAlCjJJN7rE/9u18enxjdM
cbQBKcKrUHs2JeVpcFQk8jy7CaPXSGJePmp8jicArw1nGJvCReaGEQ== noJCoHviMHymGL5SR7BccPyrsJ3V3wH6BTEYQ6iVbC5wV2jkRFH+tg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-03-21T11:56:33Z" - recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
mac: ENC[AES256_GCM,data:hJxB91k91sDyZjmIntzCakFnSiLr7+qBPeneV8RmPJBod8Z3cFwHJ0pv5LyO7wIFhleW2kH+NM8b0Go4uiz7G683wfc9QTUxiUh5tR92a4xK5QnoMQ5S/AgDM9FDWYQ2cRWutqIdMA/TbGsfrwNLCdiGli5N4Ie98y3BXlGyuIY=,iv:NldyFeAF/hJEdg4VVymtHEebfbJD/GaxGaP55F/vKY4=,tag:e709To5PwxJJvDPVJhJecw==,type:str] enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBveFZjREFtdnFSaWFmdlh1
OTRhdElyS2l2LzhxK1A3WXVYYUdHanFZVlRnCjIvZ1JkTU1haWVoa3BjUWhyVTQr
ZnFLUnUvVS92N05UYU5KNitDVGVnV3MKLS0tIHJ6TWE1M0NaL2lSOUZEek9STDMr
eUphaFNjN3lBTnBJeFcvTGlMRG1VTVkKA6NMCTagSRvGP9buvAcHrkBlvAH48JDF
bRc92UqgD4PjK4uwjyQX25t81MBMAhcCBcVxSAIQwhRol1WXa2k7ZA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-03-23T09:42:43Z"
mac: ENC[AES256_GCM,data:c9u1+jT/GYCckbdGACGATi9gBRFW5YBjz74vUBMYUkz609BxMG0IQdQSCLNvF/3WM3MDABW6qooxsArVu7Cofq2peD59x5DJVM6Q2Q6SHhqOZAgg1YketI+LFrpuS0eL20EwrgQStRDrbPR0kk5KLlAYyWEfSK4HOqY50IKrPYc=,iv:pzPrtQ2vzyajmGlNqFI+NKrIrqbqoYFsxdAFebSgq0c=,tag:3D7EOXAiV0VWjj3abofyjw==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1

View file

@ -8,18 +8,18 @@
[ (modulesPath + "/installer/scan/not-detected.nix") [ (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ]; boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = fileSystems."/" =
{ device = "/dev/disk/by-uuid/701fc943-ede7-41ed-8a53-3cc38fc68fe5"; { device = "/dev/disk/by-uuid/fe728106-aaf8-46e6-ab46-1610f1f4398a";
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/boot" = fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/C634-F571"; { device = "/dev/disk/by-uuid/44D0-91EC";
fsType = "vfat"; fsType = "vfat";
}; };
@ -30,8 +30,8 @@
# still possible to use this option, but it's recommended to use it in conjunction # still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true; networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp12s0.useDHCP = lib.mkDefault true; # networking.interfaces.enp2s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp13s0.useDHCP = lib.mkDefault true; # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;