Feat: docs (#98)

* hacking at dns

* hack

* hax

* start dics!

* hacking

* feat: docs!

---------

Co-authored-by: Truxnell <9149206+truxnell@users.noreply.github.com>
This commit is contained in:
Truxnell 2024-04-16 15:14:06 +10:00 committed by GitHub
parent 80e008a1ec
commit ccd8e800df
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
83 changed files with 1617 additions and 708 deletions

View file

@ -17,6 +17,7 @@
"lockFileMaintenance": { "lockFileMaintenance": {
"enabled": "true", "enabled": "true",
"automerge": "true", "automerge": "true",
"schedule": [ "before 4am on Sunday" ],
}, },
"regexManagers": [ "regexManagers": [

View file

@ -1,29 +1,33 @@
{ {
// auto update up to major
"packageRules": [ "packageRules": [
{ {
// auto update up to major
"matchDatasources": ['docker'], "matchDatasources": ['docker'],
"automerge": "true", "automerge": "true",
"automergeType": "branch", "automergeType": "branch",
"schedule": [ "before 4am on Sunday" ],
"matchUpdateTypes": [ 'minor', 'patch', 'digest'], "matchUpdateTypes": [ 'minor', 'patch', 'digest'],
"matchPackageNames": [ "matchPackageNames": [
'ghcr.io/onedr0p/sonarr', 'ghcr.io/onedr0p/sonarr',
'ghcr.io/onedr0p/readarr', 'ghcr.io/onedr0p/readarr',
'ghcr.io/onedr0p/radarr', 'ghcr.io/onedr0p/radarr',
'ghcr.io/onedr0p/lidarr', 'ghcr.io/onedr0p/lidarr',
'ghcr.io/onedr0p/prowlarr', 'ghcr.io/onedr0p/prowlarr'
'ghcr.io/twin/gatus',
], ],
}, },
// auto update up to minor
{ {
"matchDatasources": ['docker'], "matchDatasources": ['docker'],
"automerge": "true", "automerge": "true",
"automergeType": "branch", "automergeType": "branch",
"schedule": [ "before 4am on Sunday" ],
"matchUpdateTypes": [ 'patch', 'digest'], "matchUpdateTypes": [ 'patch', 'digest'],
"matchPackageNames": [ "matchPackageNames": [
'ghcr.io/twin/gatus',
"ghcr.io/gethomepage/homepage", "ghcr.io/gethomepage/homepage",
], ]
}, },
{ {

55
.github/workflows/docs-release.yaml vendored Normal file
View file

@ -0,0 +1,55 @@
---
name: "Docs: Release to GitHub pages"
on:
workflow_dispatch:
push:
branches:
- main
paths:
- ".github/workflows/docs-release.yaml"
- ".mkdocs.yml"
- "docs/**"
permissions:
contents: write
jobs:
release-docs:
name: Release documentation
runs-on: ubuntu-22.04
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
steps:
- name: "Generate Short Lived OAuth App Token (ghs_*)"
uses: actions/create-github-app-token@v1.9.3
id: app-token
with:
app-id: "${{ secrets.TRUXNELL_APP_ID }}"
private-key: "${{ secrets.TRUXNELL_APP_PRIVATE_KEY }}"
- name: Checkout main branch
uses: actions/checkout@v4
with:
token: ${{ steps.app-token.outputs.token }}
fetch-depth: 0
- uses: actions/setup-python@v5
with:
python-version: 3.x
- name: Install requirements
run: pip install -r docs/requirements.txt
- name: Build and publish docs
run: mkdocs build -f mkdocs.yml
- name: Deploy
uses: peaceiris/actions-gh-pages@v4.0.0
if: ${{ github.ref == 'refs/heads/main' }}
with:
github_token: ${{ steps.app-token.outputs.token }}
publish_dir: ./site
destination_dir: docs
user_name: "Trux-Bot[bot]"
user_email: "Trux-Bot[bot] <19149206+trux-bot[bot]@users.noreply.github.com>"

View file

@ -14,7 +14,7 @@ keys:
- &citadel age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk - &citadel age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
- &rickenbacker age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc - &rickenbacker age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
- &shodan age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw - &shodan age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
- &daedalus age1w3jtd4lecn2ng8qxantw33qxl2uasfqfjfpx45u6uweexwtxyq4spwssmh - &daedalus age1jpeh4s553taxkyxhzlshzqjfrtvmmp5lw0hmpgn3mdnmgzku332qe082dl
creation_rules: creation_rules:
- path_regex: .*\.sops\.yaml$ - path_regex: .*\.sops\.yaml$

6
.vscode/settings.json vendored Normal file
View file

@ -0,0 +1,6 @@
{
"cSpell.words": [
"homelab",
"Seafile"
]
}

View file

@ -38,37 +38,16 @@ To Install
- [ ] Bring over hosts - [ ] Bring over hosts
- [x] DNS01 Raspi4 - [x] DNS01 Raspi4
- [x] DNS02 Raspi4 - [x] DNS02 Raspi4
- [ ] NAS - [x] NAS
- [x] Latop - [x] Latop
- [x] Gaming desktop - [x] Gaming desktop
- [ ] WSL - [ ] WSL
- [ ] JJY emulator Raspi4 - [ ] JJY emulator Raspi4
- [ ] Documentation! - [x] Documentation!
- [ ] ssh_config build from computers? - [x] ssh_config build from computers?
- [ ] Modularise host to allow vm builds and hw builds - [x] Modularise host to allow vm builds and hw builds
- [ ] Add license - [x] Add license
- [ ] Add taskfiles - [x] Add taskfiles
## Network map
TBC
## Hardware
TBC
## Manifesto
Taking lead from the zen of python:
- Minimise dependencies, where required, explicitly define dependencies
- Use plain nix to solve problems over additional tooling
- Stable channel for stable machines. Unstable only where features are important.
- Modules for a specific service - Profiles for broad configuration of state.
- Write readable code - descriptive variable names and modules
- Keep functions/dependencies within the relevant module where possible
- Errors should never pass silently - use assert etc for misconfigurations
- Flat is better than nested - use built-in functions like map, filter, and fold to operate on lists or sets
## Checklist ## Checklist

View file

View file

View file

View file

@ -0,0 +1,8 @@
*[CI]: Continuous Integration
*[PR]: Pull Request
*[HASS]: Home-assistant
*[k8s]: Kubernetes
*[YAML]: Yet Another Markup Language
*[JSON]: JavaScript Object Notation
*[ZFS]: Originally 'Zettabyte File System', a COW filesystem.
*[COW]: Copy on Write

Binary file not shown.

After

Width:  |  Height:  |  Size: 57 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 56 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 63 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 6.1 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 20 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 111 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 122 KiB

19
docs/index.md Normal file
View file

@ -0,0 +1,19 @@
👋 Welcome to my NixoOS home and homelab configuration. This monorepo is my personal :simple-nixos: nix/nixos setup for all my devices, specifically my homelab.
This is the end result of a recovering :simple-kubernetes: k8s addict - who no longer enjoyed the time and effort I **personally** found it took to run k8s at home.
## Why?
Having needed a break from hobby's for some health related reasons, I found coming back to a unpatched cluster a chore, which was left unattented. Then a cheap SSD in my custom VyOS router blew, leading me to just put back in my Unifi Dreammachine router, which broke the custom DNS I was running for my cluster, which caused it issues.
During fixing the DNS issue, a basic software upgrade for the custom k8s OS I was running k8s on broke my cluster for the 6th time running, coupled with using a older version of the script tool I used to manage its machine config yaml, which ended up leading to my 6th k8s disaster recovery :octicons-info-16:{ title="No I don't want to talk about it" }).
Looking at my boring :simple-ubuntu: Ubuntu ZFS nas which just ran and ran and ran without needing TLC, and remembering the old days with Ubuntu + Docker Compose being hands-off :octicons-info-16:{ title="Too much hands off really as I auto-updated everything, but I digress" }), I dove into nix, with the idea of getting back to basics of boring proven tools, with the power of nix's declarative system.
## Goals
One of my goals is to bring what I learnt running k8s at home with some of the best homelabbers, into the nix world and see just how much of the practices I learnt I can apply to a nix setup, while focussing on having a solid, reliable, setup that I can leave largely unattended for months without issues cropping up.
The goal of this doc is for me to slow down a bit and jot down how and why I am doing what im doing in a module, and cover how I have approached the faucets of homelabbing, so **YOU** can understand, steal with pride from my code, and hopefully(?) learn a thing or two.
To _teach me_ a thing or two, contact me or raise a Issue. PR's may or may not be taken as a personal attack - this is my home setup after all.

109
docs/maintenance/backups.md Normal file
View file

@ -0,0 +1,109 @@
# Backups
Nightly Backups are facilitated by NixOS's module for [restic](https://search.nixos.org/options?channel=23.11&from=0&size=50&sort=relevance&type=packages&query=services.restic.) module and a helper module ive written.
This does a nightly ZFS snapshot, in which apps and other mutable data is restic backed up to both a local folder on my NAS and also to Cloudflare R2 :octicons-info-16:{ title="R2 mainly due to the cheap cost and low egrees fees" }). Backing up from a ZFS snapshot ensures that the restic backup is consistent, as backing up files in use (especially a sqlite database) will cause corruption. Here, all restic jobs are backing up as per the 2.05 snapshot, regardless of when they run that night.
Another benefit of this approach is that it is service agnostic - containers, nixos services, qemu, whatever all have files in the same place on the filesystem (in the persistant folder) so they can all be backed up in the same fashion.
The alternative is to shutdown services during backup (which could be facilitaed with the restic backup pre/post scripts) but ZFS snapshots are a godsend in this area, and im already running them for impermanence.
!!! info "Backing up without snapshots/shutdowns?"
This is a pattern I see a bit too - if you are backing up files raw without stopping your service beforehand you might want to check to ensure your backups aren't corrupted.
The timeline then is:
| time | activity |
| ------------- | -------------------------------------------------------------------------------------------------------------------------------- |
| 02.00 | ZFS deletes prior snapshot and creates new one, to `rpool/safe/persist@restic_nightly_snap` |
| 02.05 - 04.05 | Restic backs up from new snapshot's hidden read-only mount `.zfs` with random delays per-service - to local and remote locations |
## Automatic Backups
I have added a sops secret for both my local and remote servers in my restic module :simple-github: [/nixos/modules/nixos/services/restic/](https://github.com/truxnell/nix-config/blob/main/nixos/modules/nixos/services/restic/default.nix). This provides the restic password and 'AWS' credentials for the S3-compatible R2 bucket.
Backups are created per-service in each services module. This is largely done with a `lib` helper ive written, which creates both the relevant restic backup local and remote entries in my nixosConfiguration.
:simple-github: [nixos/modules/nixos/lib.nix](https://github.com/truxnell/nix-config/blob/main/nixos/modules/nixos/lib.nix)
!!! question "Why not backup the entire persist in one hit?"
Possibly a hold over from my k8s days, but its incredibly useful to be able to restore per-service, especially if you just want to move an app around or restore one app. You can always restore multiple repos with a script/taskfile.
NixOS will create a service + timer for each job - below shows the output for a prowlarr local/remote backup.
```bash
truxnell@daedalus ~> systemctl list-unit-files | grep restic-backups-prowlarr
restic-backups-prowlarr-local.service linked enabled
restic-backups-prowlarr-remote.service linked enabled
restic-backups-prowlarr-local.timer enabled enabled
restic-backups-prowlarr-remote.timer enabled enabled
```
NixOS (as of 23.05 IIRC) now provides shims to enable easy access to the restic commands with the correct env vars mounted same as the service.
```bash
truxnell@daedalus ~ [1]> sudo restic-prowlarr-local snapshots
repository 9d9bf357 opened (version 2, compression level auto)
ID Time Host Tags Paths
---------------------------------------------------------------------------------------------------------------------
293dad23 2024-04-15 19:24:37 daedalus /persist/.zfs/snapshot/restic_nightly_snap/containers/prowlarr
24938fe8 2024-04-16 12:42:50 daedalus /persist/.zfs/snapshot/restic_nightly_snap/containers/prowlarr
---------------------------------------------------------------------------------------------------------------------
2 snapshots
```
## Manually backing up
They are a systemd timer/service so you can query or trigger a manual run with `systemctl start restic-backups-<service>-<destination>` Local and remote work and function exactly the same, querying remote it just a fraction slower to return information.
```bash
truxnell@daedalus ~ > sudo systemctl start restic-backups-prowlarr-local.service
< no output >
truxnell@daedalus ~ [1]> sudo restic-prowlarr-local snapshots
repository 9d9bf357 opened (version 2, compression level auto)
ID Time Host Tags Paths
---------------------------------------------------------------------------------------------------------------------
293dad23 2024-04-15 19:24:37 daedalus /persist/.zfs/snapshot/restic_nightly_snap/containers/prowlarr
24938fe8 2024-04-16 12:42:50 daedalus /persist/.zfs/snapshot/restic_nightly_snap/containers/prowlarr
---------------------------------------------------------------------------------------------------------------------
2 snapshots
truxnell@daedalus ~> date
Tue Apr 16 12:43:20 AEST 2024
truxnell@daedalus ~>
```
## Restoring a backup
Testing a restore (would do --target / for a real restore)
Would just have to pause service, run restore, then re-start service.
```bash
truxnell@daedalus ~ [1]> sudo restic-lidarr-local restore --target /tmp/lidarr/ latest
repository a2847581 opened (version 2, compression level auto)
[0:00] 100.00% 2 / 2 index files loaded
restoring <Snapshot b96f4b94 of [/persist/nixos/lidarr] at 2024-04-14 04:19:41.533770692 +1000 AEST by root@daedalus> to /tmp/lidarr/
Summary: Restored 52581 files/dirs (11.025 GiB) in 1:37
```
## Failed backup notifications
Failed backup notifications are baked-in due to the global Pushover notification on SystemD unit falure. No config nessecary
Here I tested it by giving the systemd unit file a incorrect path.
<figure markdown="span">
![Screenshot of a pushover notification of a failed backup](../includes/assets/pushover-failed-backup.png)
<figcaption>A deliberately failed backup to test notifications, hopefully I don't see a real one.</figcaption>
</figure>
## Disabled backup warnings
Using [module warnings](https://nlewo.github.io/nixos-manual-sphinx/development/assertions.xml.html), I have also put in warnings into my NixOS modules if I have disabled a warning on a host _that isnt_ a development machine, just in case I do this or mixup flags on hosts. Roll your eyes, I will probably do it.
This will pop up when I do a dry run/deployment - but not abort the build.
<figure markdown="span">
![Screenshoft of nixos warning of disabled backups](../includes/assets/no-backup-warning.png)
<figcaption>It is eye catching thankfully</figcaption>
</figure>

View file

@ -0,0 +1,122 @@
# Software updates
Its crucial to update software regularly - but a homelab isn't a google play store you forget about and let it do its thing. How do you update your software stack regular without breaking things?
## Continuous integration
Continuous integration (CI) is running using :simple-githubactions: [Github Actions](https://github.com/features/actions) and [Garnix](https://Garnix.io). I have enabled branch protection rules to ensure all my devices successfully build before a PR is allowed to be pushed to main. This ensures I have a level of testing/confidence that an update of a device from the main branch will not break anything.
<figure markdown="span">
![Screenshot of passed CI checks on GitHub Repository](../includes/assets/ci-checks.png)
<figcaption>Lovely sea of green passed checks</figcaption>
</figure>
## Binary Caching
Binary caching is done for me by [Garnix](https://Garnix.io) which is an amazing tool. I can then add them as [substituter](https://wiki.nixos.org/wiki/Binary_Cache#Binary_cache_hint_in_Flakes). These run each push to _any_ branch and cache the build results for me. Even better, I can hook into them as above for CI purposes.
No code to show here, you add it as an app to your github repo and it 'Just Works :tm:'
```nix
# Substitutions
substituters = [ "https://cache.garnix.io" ];
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
```
<figure markdown="span">
![Screenshot of Garnix Cache build tests passing](../includes/assets/ci-checks-garnix.png)
<figcaption>Lovely sea of green passed checks</figcaption>
</figure>
## Flake updates
Github repo updates are provided by :simple-renovatebot: [Renovate](https://www.mend.io/renovate/) by [Mend](https://mend.io). These are auto-merged on a weekly schedule after passing CI. The settings can be found at :simple-github: [/main/.github/renovate.json5](https://github.com/truxnell/nix-config/blob/main/.github/renovate.json5)
The primary CI is a Garnix build, which Is already building and caching all my systems. Knowing all of the systems have built and cached goes a huge way toward ensuring main is a stable branch.
## Docker container updates
Container updates are provided by :simple-renovatebot: [Renovate](https://www.mend.io/renovate/) by [Mend](https://mend.io). These will either be manually merged after I have checked the upstream projects notes for breaking changes _or_ auto-merged based on settings I have in :simple-github: [/.github/renovate/autoMerge.json5](https://github.com/truxnell/nix-config/blob/dev2/.github/renovate/autoMerge.json5).
!!! info "Semantic Versioning summary"
Semantic Versioning blurb is a format of MAJOR.MINOR.PATCH:<br>
MAJOR version when you make incompatible API changes (e.g. 1.7.8 -> 2.0.0)<br>
MINOR version when you add functionality in a backward compatible manner (e.g. 1.7.8 -> 1.8.0)<br>
PATCH version when you make backward compatible bug fixes (e.g. 1.7.8 -> 1.7.9)<br>
The auto-merge file allows me to define a pattern of which packages I want to auto-merge based on the upgrade type Renovate is suggesting. As many packages adhere to [Semantic Versioning](https://semver.org/ "A standard for version numbers to indicate type of upgrade"), I can determine how I 'feel' about the project, and decide to auto-merge specific tags. So for example, Sonarr has been reliable for me so I am ok merging all digest, patch and minor updates. I will always review a a major update, as it is likely to contain a breaking change.
!!! warning "Respect pre-1.0.0 software!"
Semantic Versioning also specifies that all software before 1.0.0 may have a breaking change **AT ANY TIME**. Auto update pre 1.0 software at your own risk!
The rational here is twofold. One is obvious - The entire point of doing Nix is reproducibility - what is the point of having flakes and SHA tags to provide the ability
Also, I dont wan't a trillion PR's in my github repo waiting, but I also will not blindly update everything. There is **a balance** between updating for security/patching purposes and avoiding breaking changes. I know its popular to use `:latest` tag and a auto-update service like [watchtower](https://github.com/containrrr/watchtower) - trust me this is a bad idea.
<figure markdown="span">
![Alt text](../includes/assets/home-cluster-pr.png)
<figcaption>I only glanced away from my old homelab for a few months...</figcaption>
</figure>
!!! info "Automatically updating **all versions** of containers will break things eventually!"
This is simply because projects from time to time will release breaking changes - totally different database schemas, overhaul config, replace entire parts of their software stack etc. If you let your service update totally automatically without checking for these you will wake up to a completely broken service like I did many, many years ago when Seafile did a major upgrade.
Container updates are provided by a custom regex that matches my format for defining images in my nix modules.
```yaml
"regexManagers": [
{
fileMatch: ["^.*\\.nix$"],
matchStrings: [
'image *= *"(?<depName>.*?):(?<currentValue>.*?)(@(?<currentDigest>sha256:[a-f0-9]+))?";',
],
datasourceTemplate: "docker",
}
],
```
And then I can pick and choose what level (if any) I want for container software. The below gives me brackets I can put containers in to enable auto-merge depending on how much I much i trust the container maintainer.
```yaml
"packageRules": [
{
// auto update up to major
"matchDatasources": ['docker'],
"automerge": "true",
"automergeType": "branch",
"matchUpdateTypes": [ 'minor', 'patch', 'digest'],
"matchPackageNames": [
'ghcr.io/onedr0p/sonarr',
'ghcr.io/onedr0p/readarr',
'ghcr.io/onedr0p/radarr',
'ghcr.io/onedr0p/lidarr',
'ghcr.io/onedr0p/prowlarr'
'ghcr.io/twin/gatus',
]
},
// auto update up to minor
{
"matchDatasources": ['docker'],
"automerge": "true",
"automergeType": "branch",
"matchUpdateTypes": [ 'patch', 'digest'],
"matchPackageNames": [
"ghcr.io/gethomepage/homepage",
]
}
]
```
Which results in automated PR's being raised - and **possibly** automatically merged into main if CI passes.
<figure markdown="span">
![Alt text](../includes/assets/renovate-pr.png)
<figcaption>Thankyou RenovateBot!</figcaption>
</figure>

View file

@ -0,0 +1,89 @@
# SystemD pushover notifications
Keeping with the goal of simple, I put together a `curl` script that can send me a pushover alert. I originally tied this to individual backups, until I realised how powerful it would be to just have it tied to every SystemD service globally.
This way, I would never need to worry or consider _what_ services are being created/destroyed and repeating myself _ad nauseam_.
!!! question "Why not Prometheus?"
I ran Prometheus/AlertManager for many years and well it can be easy to get TOO many notifications depending on your alerts, or to have issues with the big complex beast it is itself, or have alerts that trigger/reset/trigger (i.e. HDD temps).
This gives me native, simple notifications I can rely on using basic tools - one of my design principles.
Immediately I picked up with little effort:
- Pod ~~crashloop~~ failed after too many quick restarts
- Native service failure
- Backup failures
- AutoUpdate failure
- etc
<figure markdown="span">
![Screenshot of Cockpit web ui showing various pushover notification units](../includes/assets/cockpit-systemd-notifications.png)
<figcaption>NixOS SystemD built-in notifications for all occasions</figcaption>
</figure>
## Adding to all services
This is accomplished in :simple-github:[/nixos/modules/nixos/system/pushover](https://github.com/truxnell/nix-config/blob/main/nixos/modules/nixos/system/pushover/default.nix), with a systemd service `notify-pushover@`.
This can then be called by other services, which I setup with adding into my options:
```nix
options.systemd.services = mkOption {
type = with types; attrsOf (
submodule {
config.onFailure = [ "notify-pushover@%n.service" ];
}
);
```
This adds into every systemd NixOS generates the "notify-pushover@%n.service", where the [systemd specifiers](https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#Specifiers") are injected with `scriptArgs`, and the simple bash script can refer to them as `$1` etc.
```nix
systemd.services."notify-pushover@" = {
enable = true;
onFailure = lib.mkForce [ ]; # cant refer to itself on failure (1)
description = "Notify on failed unit %i";
serviceConfig = {
Type = "oneshot";
# User = config.users.users.truxnell.name;
EnvironmentFile = config.sops.secrets."services/pushover/env".path; # (2)
};
# Script calls pushover with some deets.
# Here im using the systemd specifier %i passed into the script,
# which I can reference with bash $1.
scriptArgs = "%i %H"; # (3)
# (4)
script = ''
${pkgs.curl}/bin/curl --fail -s -o /dev/null \
--form-string "token=$PUSHOVER_API_KEY" \
--form-string "user=$PUSHOVER_USER_KEY" \
--form-string "priority=1" \
--form-string "html=1" \
--form-string "timestamp=$(date +%s)" \
--form-string "url=https://$2:9090/system/services#/$1" \
--form-string "url_title=View in Cockpit" \
--form-string "title=Unit failure: '$1' on $2" \
--form-string "message=<b>$1</b> has failed on <b>$2</b><br><u>Journal tail:</u><br><br><i>$(journalctl -u $1 -n 10 -o cat)</i>" \
https://api.pushover.net/1/messages.json 2&>1
'';
```
1. Force exclude this service from having the default 'onFailure' added
2. Bring in pushover API/User ENV vars for script
3. Pass SystemD specifiers into script
4. Er.. script. Nix pops it into a shell script and refers to it in the unit.
!!! bug
I put in a nice link direct to Cockpit for the specific machine/service in question that doesnt _quite_ work yet... (:octicons-issue-opened-16: [#96](https://github.com/truxnell/nix-config/issues/96))
## Excluding from a services
Now we may not want this on ALL services. Especially the pushover-notify service itself. We can exclude this from a service using Nix `nixpkgs.lib.mkForce`
```nix
# Over-write the default pushover
systemd.services."service".onFailure = lib.mkForce [ ] option.
```

View file

@ -0,0 +1,33 @@
I've added warnings and assertations to code using nix to help me avoid misconfigurations. For example, if a module needs a database enabled, it can abort a deployment if it is not enabled. Similary, I have added warnings if I have disabled backups for production machines.
!!! question "But why, when its not being shared with others?"
Because I guarentee ill somehow stuff it up down the track and accidently disable things I didnt mean to. Roll your eyes, Ill thank myself later.
> Learnt from: [Nix Manual](https://nlewo.github.io/nixos-manual-sphinx/development/assertions.xml.html)
## Warnings
Warnings will print a warning message duyring a nix build or deployment, but **NOT** stop the action. Great for things like reminders on disabled features
To add a warning inside a module:
```nix
# Warn if backups are disable and machine isn't a dev box
config.warnings = [
(mkIf (!cfg.local.enable && config.mySystem.purpose != "Development")
"WARNING: Local backups are disabled!")
(mkIf (!cfg.remote.enable && config.mySystem.purpose != "Development")
"WARNING: Remote backups are disabled!")
];
```
<figure markdown="span">
![Alt text](../includes/assets/no-backup-warning.png)
<figcaption>Oh THATS what I forgot to re-enable...</figcaption>
</figure>
## Abort/assert
Warnings bigger and meaner brother. Stops a nix build/deploy dead in its tracks. Only useful for when deployment is incompatiable with running - i.e. a dependency not met in options.

43
docs/motd.md Normal file
View file

@ -0,0 +1,43 @@
# Message of the day
Why not include a nice message of the day for each server I log into?
The below gives some insight into what the servers running, status of zpools, usage, etc.
While not show below - thankfully - If a zpool error is found the status gives a full `zpool status -x` debrief which is particulary eye-catching upon login.
![Alt text](motd.png)
Code TLDR
:simple-github:[/nixos/modules/nixos/system/motd](https://github.com/truxnell/nix-config/blob/462144babe7e7b2a49a985afe87c4b2f1fa8c3f9/nixos/modules/nixos/system/motd/default.nix])
Write a shell script using nix with a bash motd
```nix
let
motd = pkgs.writeShellScriptBin "motd"
''
#! /usr/bin/env bash
source /etc/os-release
service_status=$(systemctl list-units | grep podman-)
<- SNIP ->
printf "$BOLDService status$ENDCOLOR\n"
'';
in
```
This gets us a shells script we can then directly call into systemPackages - and after that its just a short hop to make this part of the shell init.
!!! note
Replace with your preferred shell!
```nix
environment.systemPackages = [
motd
];
programs.fish.interactiveShellInit = ''
motd
'';
```

BIN
docs/motd.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 149 KiB

12
docs/overview/design.md Normal file
View file

@ -0,0 +1,12 @@
# Design principles
Taking some lead from the [Zen of Python](https://peps.python.org/pep-0020/):
- Minimise dependencies, where required, explicitly define dependencies
- Use plain Nix & bash to solve problems over additional tooling
- Stable channel for stable machines. Unstable only where features are important.
- Modules for a specific service - Profiles for broad configuration of state.
- Write readable code - descriptive variable names and modules
- Keep functions/dependencies within the relevant module where possible
- Errors should never pass silently - use assert etc for misconfigurations
- Flat is better than nested - use built-in functions like map, filter, and fold to operate on lists or sets

10
docs/overview/features.md Normal file
View file

@ -0,0 +1,10 @@
# Features
Some things I'm proud of. Or just happy they exist so I can forget about something until I need to worry.
<div class="grid cards" markdown>
- :octicons-copy-16: [__Nightly Backups__](/maintenance/backups/)<br>A ZFS snapshot is done at night, with restic then backing up to both locally and cloud. NixOS wrappers make restoring a single command line entry.<br><br>ZFS snapshot before backup is important to ensure restic isnt backing up files that are in use, which would cause corruption.
- :material-update: [__Software Updates__](/maintenance/software_updates/)<br>Renovate Bot regulary runs on this Github repo, updating the flake lockfile, containers and other dependencies automatically.<br><br> Automerge is enabled for updates I expect will be routine, but waits for manual PR approval for updates I suspect may require reading changelog for breaking changes
- :ghost: __Impermance__:<br>Inspried by the [Erase your Darlings](https://grahamc.com/blog/erase-your-darlings/) post, Servers run zfs and rollback to a blank snapshot at night. This ensures repeatable NixOS deployments and no cruft, and also hardens servers a little.
- :material-alarm-light: __SystemD Notifications__:<br>Systemd hook that adds a pushover notification to __any__ systemd unit failure for any unit NixOS is aware of. No worrying about forgetting to add a notification to every new service or worrying about missing one.
</div>

19
docs/overview/goals.md Normal file
View file

@ -0,0 +1,19 @@
# Goals
When I set about making this lab I had a number of goals - I wonder how well I will do :thinking:?
A master list of ideas/goals/etc can be found at :octicons-issue-tracks-16: [Issue #1](https://github.com/truxnell/nix-config/issues/1)
<div class="grid cards" markdown>
- __:material-sword: Stability__ <br>NixOS stable channel for core services unstable for desktop apps/non-mission critical where desired. Containers with SHA256 pinning for server apps
- __:kiss: KISS__<br>Keep it Simple, use boring, reliable, trusted tools - not todays flashy new software repo
- __:zzz: Easy Updates__<br>Weekly update schedule, utilizing Renovate for updating lockfile and container images. Autoupdates enabled off main branch for mission critical. Aim for 'magic rollback' on upgrade failure
- __:material-cloud-upload: Backups__<br>Nightly restic backups to both cloud and NAS. All databases to have nightly backups. _Test backups regulary_
- __:repeat: Reproducability__<br>Flakes & Git for version pinning, SHA256 tags for containers.
- __:alarm_clock: Monitoring__<br>Automated monitoring on failure & critical summaries, using basic tools. Use Gatus for both internal and external monitoring
- __:clipboard: Continuous Integration__<br>CI against main branch to ensure all code compiles OK. Use PR's to add to main and dont skip CI due to impatience
- __:material-security: Security__<br>Dont use containers with S6 overlay/root (i.e. LSIO :grey_question:{ title="LSIO trades security for convenience with their container configuration" }). Expose minimal ports at router, Reduce attack surface by keeping it simple, review hardening containers/podman/NixOS
- __:fontawesome-solid-martini-glass-citrus: Ease of administration__<br>Lean into the devil that is SystemD - and have one standard interface to see logs, manipulate services, etc. Run containers as podman services, and webui's for watching/debugging
- __:simple-letsencrypt: Secrets__ _~ssshh~.._<br>[Sops-nix](https://github.com/Mic92/sops-nix) for secrets, living in my gitrepo. Avoid cloud services like I used in k8s (i.e. [Doppler.io](https://doppler.io))
</div>

1
docs/overview/options.md Normal file
View file

@ -0,0 +1 @@
Explain mySystem and myHome

View file

@ -0,0 +1,34 @@
# Repository Structure
!!! note inline end
Oh god writing this now is a horrid idea, I always refactor like 50 times...
Here is a bit of a walkthrough of the repository structure so ~~you~~ I can have a vague idea on what is going on. Organizing a monorepo is hard at the best of times.
<br><br><br>
```
├── .github
│ ├── renovate Renovate modules
│ ├── workflows Github Action workflows (i.e. CI/Site building)
│ └── renovate.json5 Renovate core settings
├── .taskfiles go-task file modules
├── docs This mkdocs-material site
│ nixos Nixos Modules
│ └── home home-manager nix files
│ ├── modules home-manager modules
│ └── truxnell home-manager user
│ ├── hosts hosts for nix - starting point of configs.
│ ├── modules nix modules
│ ├── overlays nixpkgs overlays
│ ├── pkgs custom nix packages
│ └── profiles host profiles
├── README.md Github Repo landing page
├── flake.nix Core flake
├── flake.lock Lockfile
├── LICENSE Project License
├── mkdocs.yml mkdocs settings
└── Taskfile.yaml go-task core file
```
Whew that wasnt so hard right... right?

6
docs/requirements.txt Normal file
View file

@ -0,0 +1,6 @@
mkdocs~=1.5,>=1.5.3
mkdocs-material~=9.4
mkdocs-material-extensions~=1.2
pygments~=2.16
pymdown-extensions~=10.2
mkdocs-minify-plugin~=0.7

View file

@ -0,0 +1,3 @@
## Container images
Dont use LSIO!

View file

@ -3,3 +3,6 @@
* can pass between nixos and home-manager with config.homemanager.users.<X>.<y> and osConfig.<x? * can pass between nixos and home-manager with config.homemanager.users.<X>.<y> and osConfig.<x?
* when adding home-manager to existing setup, the home-manager service may fail due to trying to over-write existing files in `~`. Deleting these should allow the service to start * when adding home-manager to existing setup, the home-manager service may fail due to trying to over-write existing files in `~`. Deleting these should allow the service to start
* yaml = json, so using nix + builtins.toJSON a lot (and repl to vscode for testing) * yaml = json, so using nix + builtins.toJSON a lot (and repl to vscode for testing)
checking values:
# https://github.com/NixOS/nixpkgs/blob/90055d5e616bd943795d38808c94dbf0dd35abe8/nixos/modules/config/users-groups.nix#L116

View file

@ -1,3 +0,0 @@
sops-nix for secrets
nixos substituters
nix nvd post build

View file

@ -1,52 +0,0 @@
Nightly Backups are facilitated by nixos restic module & a helper module ive written.
These run to my NAS 'local' and cloudflare R2 'remote'
They are a systemd timer/service so you can query or trigger a manual run with
```bash
truxnell@daedalus ~> systemctl status restic-backups-lidarr-local.timer
● restic-backups-lidarr-local.timer
Loaded: loaded (/etc/systemd/system/restic-backups-lidarr-local.timer; enabled; preset: enabled)
Active: active (waiting) since Sat 2024-04-13 19:50:23 AEST; 12h ago
Trigger: Mon 2024-04-15 03:03:22 AEST; 18h left
Triggers: ● restic-backups-lidarr-local.service
truxnell@daedalus ~> systemctl status restic-backups-lidarr-local.service
○ restic-backups-lidarr-local.service
Loaded: loaded (/etc/systemd/system/restic-backups-lidarr-local.service; linked; preset: enabled)
Active: inactive (dead) since Sun 2024-04-14 04:20:02 AEST; 4h 14min ago
TriggeredBy: ● restic-backups-lidarr-local.timer
Process: 774197 ExecStartPre=/nix/store/vw03a7pxjj1sf59rk1p65nbv1jjwba1b-unit-script-restic-backups-lidarr-local-pre-start/bin/restic-backups-lidarr-local-pre-start (code=exited, status=0/SUCCESS)
Process: 774210 ExecStart=/nix/store/cbg69gn45canlna2fsy7y9g72kv5q9y3-restic-0.16.4/bin/restic backup --exclude-file=/nix/store/bk1cxh78aaxbnh22jcxw18jadhk7j2b7-exclude-patterns --files-from=/run/restic-backups-lidarr-local/includes >
Process: 774239 ExecStart=/nix/store/cbg69gn45canlna2fsy7y9g72kv5q9y3-restic-0.16.4/bin/restic forget --prune --keep-daily 7 --keep-weekly 5 --keep-monthly 12 (code=exited, status=0/SUCCESS)
Process: 774251 ExecStart=/nix/store/cbg69gn45canlna2fsy7y9g72kv5q9y3-restic-0.16.4/bin/restic check (code=exited, status=0/SUCCESS)
Process: 774381 ExecStopPost=/nix/store/nk9a304p38yxfgb6f63s6nq1c4icjplb-unit-script-restic-backups-lidarr-local-post-stop/bin/restic-backups-lidarr-local-post-stop (code=exited, status=0/SUCCESS)
Main PID: 774251 (code=exited, status=0/SUCCESS)
IP: 0B in, 0B out
CPU: 21.961s
```
Checking snapshots
```bash
truxnell@daedalus ~ [3]> sudo restic-lidarr-local snapshots
repository a2847581 opened (version 2, compression level auto)
ID Time Host Tags Paths
----------------------------------------------------------------------------
aef44e7c 2024-04-13 19:56:14 daedalus /persist/nixos/lidarr
b96f4b94 2024-04-14 04:19:41 daedalus /persist/nixos/lidarr
----------------------------------------------------------------------------
```
Testing a restore (would do --target / for a real restore)
Would just have to pause service, run restore, then re-start service.
```bash
truxnell@daedalus ~ [1]> sudo restic-lidarr-local restore --target /tmp/lidarr/ latest
repository a2847581 opened (version 2, compression level auto)
[0:00] 100.00% 2 / 2 index files loaded
restoring <Snapshot b96f4b94 of [/persist/nixos/lidarr] at 2024-04-14 04:19:41.533770692 +1000 AEST by root@daedalus> to /tmp/lidarr/
Summary: Restored 52581 files/dirs (11.025 GiB) in 1:37
```

View file

@ -1,8 +0,0 @@
stable channel for reliable services, with unstable for desktop apps, containers for 'server' apps
renovate for automated lockfile and container updates
strong CI on all PR's to ensure system updates from main branch are reliable
leans into systemd, meaning everything can be managed, viewed and debugged with a consistent interface (Ive come around to loving systemd...)
cockpit on all servers for easy viewing of stauts logs, etc
sops-nix for secrets
nightly restic backups (diff) to local and cloud, with failure notifications and simple command-line wrapper for restores
gatus monitoring for apps, dns and servers, dynamicaly built from nix across all enabled nodes

View file

@ -1,11 +0,0 @@
SHODAN = lab01
XERXES = lab02
DURANDAL = dns01
dns02
pikvm
CITADEL = gaming pc
HYPERION = laptop

94
mkdocs.yml Normal file
View file

@ -0,0 +1,94 @@
site_name: Truxnell's NixOS homelab
site_author: truxnell
# Repository
repo_name: truxnell/nix-config
repo_url: https://github.com/truxnell/nix-config
docs_dir: ./docs
site_dir: ./site
copyright: Copyright &copy; 2024 Nat Allan
theme:
name: material
# custom_dir: ../../docs/overrides
features:
- announce.dismiss
- content.code.annotate
- content.code.copy
- navigation.expand
- navigation.indexes
- navigation.path
# - navigation.sections
- navigation.footer
# - navigation.tabs
- navigation.top
- search.suggest
palette:
- scheme: slate
media: "(prefers-color-scheme: light)"
primary: black
accent: indigo
toggle:
icon: material/brightness-4
name: Switch to light mode
- scheme: default
media: "(prefers-color-scheme: dark)"
toggle:
icon: material/brightness-7
name: Switch to dark mode
font:
text: Roboto
code: Roboto Mono
icon:
logo: simple/nixos
annotations: material/chat-question
# Plugins
plugins:
- search:
separator: '[\s\u200b\-_,:!=\[\]()"`/]+|\.(?!\d)|&[lg]t;|(?!\b)(?=[A-Z][a-z])'
- minify:
minify_html: true
# Extensions
markdown_extensions:
- admonition
- abbr
- attr_list
- md_in_html
- pymdownx.emoji:
emoji_index: !!python/name:material.extensions.emoji.twemoji
emoji_generator: !!python/name:material.extensions.emoji.to_svg
- pymdownx.highlight:
anchor_linenums: true
line_spans: __span
pygments_lang_class: true
- pymdownx.inlinehilite
- pymdownx.caret
- pymdownx.tilde
- pymdownx.snippets:
check_paths: true
auto_append:
- ./docs/includes/abbreviations.md
- pymdownx.superfences
- toc:
permalink: true
toc_depth: 3
nav:
- readme.md: index.md
- Overview:
- Goals: overview/goals.md
- Features: overview/features.md
- Design Principals: overview/design.md
- Structure: overview/structure.md
- Maintenance:
- Software Updates: maintenance/software_updates.md
- Backups: maintenance/backups.md
- Monitoring:
- SystemD failures: monitoring/systemd.md
- Nix Warnings: monitoring/warnings.md
- Other Features:
- MOTD: motd.md

View file

@ -11,25 +11,25 @@
]; ];
mySystem.purpose = "Network Attached Storage";
mySystem.services = { mySystem.services = {
openssh.enable = true; openssh.enable = true;
#containers #containers
podman.enable = true; podman.enable = true;
traefik.enable = true; traefik.enable = true;
homepage.enable = true;
sonarr.enable = true; sonarr.enable = true;
radarr.enable = true; radarr.enable = true;
lidarr.enable = true; lidarr.enable = true;
readarr.enable = true; readarr.enable = true;
gatus.enable = true;
sabnzbd.enable = true; sabnzbd.enable = true;
qbittorrent.enable = true; qbittorrent.enable = true;
prowlarr.enable = true; prowlarr.enable = true;
backrest.enable = true;
}; };
mySystem.nasFolder = "/tank"; mySystem.nasFolder = "/tank";
mySystem.system.resticBackup.local.location = "/tank/backup/nixos/nixos";
mySystem.system = { mySystem.system = {
zfs.enable = true; zfs.enable = true;

View file

@ -6,21 +6,34 @@
, pkgs , pkgs
, ... , ...
}: { }: {
mySystem.purpose = "Development";
mySystem.services = { mySystem.services = {
openssh.enable = true; openssh.enable = true;
podman.enable = true; podman.enable = true;
traefik.enable = true; traefik.enable = true;
gatus.enable = true;
homepage.enable = true;
backrest.enable = true;
plex.enable = true; plex.enable = true;
tautulli.enable = true; tautulli.enable = true;
syncthing.enable = true; syncthing.enable = true;
}; };
mySystem.nfs.nas.enable = true; mySystem.nfs.nas.enable = true;
mySystem.persistentFolder = "/persistent/nixos"; mySystem.persistentFolder = "/persistent";
mySystem.system.motd.networkInterfaces = [ "eno1" ]; mySystem.system.motd.networkInterfaces = [ "eno1" ];
# Dev machine
mySystem.system.resticBackup =
{
local.enable = false;
remote.enable = false;
};
boot = { boot = {
initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];

View file

@ -2,6 +2,4 @@
mySystem = import ./nixos; mySystem = import ./nixos;
} }

View file

@ -11,7 +11,8 @@ let
group = "568"; #string group = "568"; #string
port = 8686; #int port = 8686; #int
cfg = config.mySystem.services.${app}; cfg = config.mySystem.services.${app};
persistentFolder = "${config.mySystem.persistentFolder}/${app}"; appFolder = "containers/${app}";
persistentFolder = "${config.mySystem.persistentFolder}/${appFolder}";
in in
{ {
options.mySystem.services.${app} = options.mySystem.services.${app} =
@ -85,11 +86,13 @@ in
conditions = [ "[CONNECTED] == true" "[STATUS] == 200" "[RESPONSE_TIME] < 50" ]; conditions = [ "[CONNECTED] == true" "[STATUS] == 200" "[RESPONSE_TIME] < 50" ];
}]; }];
services.restic.backups."${app}-local" = config.lib.mySystem.mkRestic services.restic.backups = config.lib.mySystem.mkRestic
{ {
inherit app; inherit app;
user = builtins.toString user;
excludePaths = [ "Backups" ]; excludePaths = [ "Backups" ];
paths = [ persistentFolder ]; paths = [ appFolder ];
inherit appFolder;
}; };
}; };
} }

View file

@ -1,6 +1,6 @@
services: services:
lidarr: lidarr:
env: ENC[AES256_GCM,data:CNeLt9d/2eZhiazlJXKJzr3oLRvtMRLCJbNQ3ZEapLj3DwswxkC8SH4003DCCyyw98eDNzcTTwFpeu26nAuCmChJqNbyaD7j9k87xGgr+k+OjYdzUfaW3kNnz0dh2Ip2ryg7XTws9q/2laWlqyY=,iv:H2VVi2j0JI8WhawPXQKdMoHCK3S6SH1N9fwRXsz+sAw=,tag:o9ZEB1Pxogere0/gV9uHZQ==,type:str] env: ENC[AES256_GCM,data:vRK+rty1lXFeqJZdVIsJolPn+LNNwx6nNEOUgXgXoj+o1apFvoAV1JnoYhq2/RR1V4LjmL32q1pZVjI/1YI+87HWh9q7dHwnP1sN5FYCzYZOcyIaGZ6E51dEUQ+CloYchTGAJAV5PruLjP9bsg4=,iv:5Pf3o2ujfdwhb6dBUq/QIWmW1nP6oAoE7E6F0dMlroY=,tag:a6RpL4QZ9PaVGAxMiynxVw==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -10,59 +10,59 @@ sops:
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u - recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4N1p4aFNmbit6ODBacUVO YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPSDZ0WnQxOU8wMlZ2bVFJ
bUh1Sk1oQWZwaUF0RW5UVTN5b1RHdnRjRXhVCm95cndpQjdmdGRTd1gxV3ZVS3NF QjRZN0EraklXQW5xck9IcG1ScjhGZzFQaVJRCllvcWVBQ3RWMGlLZG5MTzZBandy
WUxrY1FyNkpKb0MzS0d0bjJvVFdVazQKLS0tIElPN0JqMkUvbmM0aWxVOFY3TkZh RzhFNEJ4bHBnUXdLN3VGa1QxRkR0ak0KLS0tIG9MN0U1OXdYRjB4WkErTDJBL0ZC
dDRjb1l1dHcwNXpqY3YwVHdRR3FTYTQKlklHK/ARZQvcDBFa/am6aza1NdUl1mmP SUhkckh1ZzVINndGcnJCajAzUzZwS3MKCy97fJlRCEhNKWivBLLZZgw6EIk+3AVR
bvP437PbtoSTZJNQCcRE1tv+3i4xC+OPVmuE7e5BJ/BBdHGSdyziPA== GF31FXc1KiBeRwJcLUS91yh9QCr8VxapND3QlDLd/QU1iZ5Ig1xa2A==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c - recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuLy9zY216TDBaTmdDcnJo YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIMnEvS1F0bk1JdytNQko5
NWR0QzRXb3NyaDdHVExsSnJ4NlFKc1lMUnh3CjM2VGpBdjNMY3RJOGVMS054Z3Ji aVZWMm42NENSVVNhSXZkbmdyaGYrY3RXc1VzCjNpM0poQytQakxRSzlZaHR1Y3hy
elJPMzV3ZHA2anZUbmpXaDhoMnE3WjgKLS0tIFZndDQvcWhlVDM3U1piZnhOQzBu TWdubElidlRIN0RpU2psN2E4SEtpUlEKLS0tIGxVZWUzdXh1SWdIeFF0bXRZTUMw
bGpPemtXY1Z6NXNjc29JMDNBOG5Kc2cKcavrDAWBVmzjY7kO4PFve7oP/mSkrtLN K0hPamkycVRNenBwZkwvaS9TSmR2ZEEKbORtRe2a2/5JR0eJprF4dTVPNJXNfbTv
by6Y4jFH6ndySi5dZlPX+GeyVhlgOtV3CXIcojtVFSVSY4x6DxUARw== ylzP9391GAJF+f0yDGxbrQAAwhtV0qsxDM8FPhs29sNZsWMl5MkPxQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk - recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0cktRZHlHMjFPa2x1QTJW YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByUEgvNENua0NRdlVVWEZD
Y1RPS0lVRTQ3MmhRNW1zaEhxTkFzVWtIcFVrCkRFWHpTMU15bkFib1lHWkFJMGJ1 ZFpCTUpVYWJTR0Q2ZmJzVXZaUml4NkNxaTFzCkpZME1Ga0FoOVpHWmJpWHNvVEFV
TStXaWN6eE9tU2RvNmNpMnQyWkdaM3MKLS0tIHhhQjBtd1FLcHlOV1Q1NG12MFlI d1V2VTUrdWZORTc0UWpSSFV2OTJaeFEKLS0tIGxGMnlxWTF1aTVLdUhWVExsNklJ
T2hpS1hYWnJUaUE3ZGFzVzFza0tjSEEKhnpYBWngmgWQfn756hmclB3oeEyFye70 d1V6MFFobTZkVkRCay9VSnFBcVdZWkEKUOAmq6IEH1o+YAxlMgHVQCwJoBidbfF1
Kd4PdabjMOECpMWAuFbPe/4tZW7K4Y/wqylQ+Z2oz3TkcLxrm6S+zQ== OWYrY90/uq5j0ntnLjEAKnKLzoMaQf/HmyFS6mciza/EGAUBBWKedQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc - recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6RmlSZHI5byszTkducW9l YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIbGJ5aGpGWkgzYzJmR0NU
aUk4cTY4dWhILytpb0c3SElBTnZvdTBIT3pVCkxZYUJzb09DQzNCK2QzYno1bmR4 eHduWEhlQ1cycHJIaVNLV1JpNG5tNDNTT2pjCkhqdmZtYm1PR2s3WUo3UWtzZm1U
ajFVL3V1WkdUN3MzRGxaNHRVQUVZbTQKLS0tIGU2TWdtSXBpRTB4N0t3YzR4ZVhi TS93ME9rTFJtUDJIbUgxMTRwS3o2cUUKLS0tIHFYWnNRUVJ0YXM3K2gyelNoN0F0
NHc1Q0dmWXJLYlFpOXdJVS9NY0FuVHcKjdqOjcj9lO/cAjAR9IC8MHhWwsZLASEW a0U1QXp0Yy9RZ1lkYVY2aEIwMmsvQ1UKUciQghqwTYohsg9a951ZqXIsftaSrUGi
dLXvW2Uq9yemF+X/lVh5FcWdZH9/GzaRVSIF7dtJquMD7QPie9tUzg== BdCv5QEFLnBdayildvrL0G7vrLfCFyPjHGE8qeVxfOvz3Sli/FpXew==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw - recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHTHhDU2ZCK3EyWkdBQ3Mx YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiTjlaUkg2eENIakdsdzRm
MmZzT1B5Ukt2QkhVOVorQVdnTHI3MnRwTENrClgwWXg3cHpocDAwcGJNRnJXajY4 eVo3MHYvSk10a054eDUyd3Z0dG9ncWlYTTBnClVSalRuRjVhc1dNTkNNdEl6OUJv
b3QvcUZia1JZc0d2VUJnOC9Pamw1WTgKLS0tIE04dDEwVUREVkFpaGZPU3U0NHRL QVBabTN4U1VURyt5UXJPZ2pOQmtwRTQKLS0tIFQyY3pDTmpZdkoyR0xRaUpMNUxN
cG15eUk4TDJPZ2VwYUlweEVWS09yWUEKygFWuuYw7T30P83Ds6dJo6yU5UkcTGl0 dmZOT0VNNW1JOHpjVG9LNVQ1NVJVcUUKUispQJXiy+R0L2K1HbqtURYY5ExV7Abk
w04upLLxzCTZW141ACNS1s2ydTrs/tfFvzgmP/Hm8AoBrfBbSgVObA== 5dIVkjf6kMQ2czMDh+MrD7MFdaVOgepFWHLTkkVjECJF4+l6yi66LA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1w3jtd4lecn2ng8qxantw33qxl2uasfqfjfpx45u6uweexwtxyq4spwssmh - recipient: age1jpeh4s553taxkyxhzlshzqjfrtvmmp5lw0hmpgn3mdnmgzku332qe082dl
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4MHl6N2pPdUMzUzV6YVY3 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2eWh3L2dGL0ZRRHZkVGdS
TzB4UmRFc3hmSk1MQURUakZReExZMVZLd1VFCmN6MWxHVFFJcEgvdFFYZ2lsRllD M211TlNCOVdQT1llVHY0Rmh0bmg5MFM5YmxBCk56dDBUS1Y1VTgzdU9TWnVNdVR2
Rkd4ZjVMdXlmYll1cXVWdS9SRXNWZ1kKLS0tIGxodVM3Q3c3K1p0UVBLa2Vpc3FP a2pWcll2KysxTlJhQy9CQU4wamNGZ1UKLS0tIDREdFJSaUdWQXp4TyswNExjR3ZW
ZXZscmZZN0VRdlVqdnlSWkx4WHMzOHMKbixVd4tn+cmwDp0Fw2/05Q+k0VxLqeqn UUF6dU84WGFTZ0NHTW5tV1hWWkNyZ28KVr7eWZsce+ROlH/8E4NmflUXhMHG+fBa
E7PSrCkdxnW5x8fJO9JUKsXeisif2AqCNOXQTuH5PXN43QWEsfKdng== WWH1opJP/0nQDCzTXkoZXcsyepGetORIJT96ObBuVIcJi04wD5EIqw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-11T11:56:37Z" lastmodified: "2024-04-15T06:36:15Z"
mac: ENC[AES256_GCM,data:9HRLNEt7he7qoSTHCi0wAHkuzLoAg0JOFbr4syvomYy5TAIH1PzVgX9AUrZCz90pUBQdHx+JDbnsfjP3EcVNwxdABHAlF6GzA1RsfVne4nRr2W9rFeQtREGPuNH8imTMitxEo2C+42tnLr4oYneawNZ2EHrBKlQRhIcxQCylQWg=,iv:kmnE66eFBI7ggNYfknktB06tVwn82y/9Y4NGrUqpAMQ=,tag:8U1IiM0ofEnRHSy6Zz6W5g==,type:str] mac: ENC[AES256_GCM,data:XWR5HjvPG/G/ASK3vhxdUfD91v85sHQ1kpE3lXAV/PHKADckqYl8q93RQ3Q6/AUy+/10sxLxqud6z/NCa53LiPn5fHET7F6RVsVRUSNnhsUGHX9+Vu4dy3SHEmKM0S08lisJ7rj8/BBi6sC14mlPJMIpQaQs9lRKW2GQKdMD6Ts=,iv:Ui+2dNDKR8VPkkFs6FF6u3fJwbJJqBl3AoCXhtQqrKc=,tag:XP3nYa3fArpkwkkkhddaVQ==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1

View file

@ -11,7 +11,8 @@ let
group = "568"; #string group = "568"; #string
port = 9696; #int port = 9696; #int
cfg = config.mySystem.services.${app}; cfg = config.mySystem.services.${app};
persistentFolder = "${config.mySystem.persistentFolder}/${app}"; appFolder = "containers/${app}";
persistentFolder = "${config.mySystem.persistentFolder}/${appFolder}";
in in
{ {
options.mySystem.services.${app} = options.mySystem.services.${app} =
@ -47,7 +48,6 @@ in
}; };
environmentFiles = [ config.sops.secrets."services/${app}/env".path ]; environmentFiles = [ config.sops.secrets."services/${app}/env".path ];
volumes = [ volumes = [
"${persistentFolder}:/config:rw"
"${persistentFolder}:/config:rw" "${persistentFolder}:/config:rw"
"/etc/localtime:/etc/localtime:ro" "/etc/localtime:/etc/localtime:ro"
]; ];
@ -83,5 +83,13 @@ in
conditions = [ "[CONNECTED] == true" "[STATUS] == 200" "[RESPONSE_TIME] < 50" ]; conditions = [ "[CONNECTED] == true" "[STATUS] == 200" "[RESPONSE_TIME] < 50" ];
}]; }];
services.restic.backups = config.lib.mySystem.mkRestic
{
inherit app user;
excludePaths = [ "Backups" ];
paths = [ appFolder ];
inherit appFolder;
};
}; };
} }

View file

@ -1,6 +1,6 @@
services: services:
prowlarr: prowlarr:
env: ENC[AES256_GCM,data:tosSq3uaBG3aWTf2HjIbYDwwgi4HcbRjZ+yU5udmgueraBcdgGkbzftziFOXaMJAsXQTuWl1xBRMYf7/oLKQFpS6ZsqyV8jpCOY4aDCb9g7AiNmBiqzYEoCNhorARX2o0CHDwUruU5TxSanx/ahT3GVU,iv:VY9n7WgNHyQDUfhgcjcx50w/5dJSdh94WPhnjHumCT8=,tag:JRArtemWaxiEweBS4MQpDw==,type:str] env: ENC[AES256_GCM,data:98zXlyIkwXpOJOlk6UQ2udfdRqD0nJXOC8eAfyaUyoPDokV4x0wcqGanYdSZ/GihqwQNBzH3phdlgQO+sgGqXF9reSLXGJ4UOd79P3iUZxTO5+ZWYTm27hDCH4JQH6z6UQfVlM9HaPRoOHfX+mSrg0NQ,iv:PjcmrgnFkxpJtAA71YBBM3PvRlMYeWJVlNvzvfJ5TwY=,tag:cPrQk6I/Bp0miTs6JiUwjg==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -10,59 +10,59 @@ sops:
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u - recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0WVRlOGV6QVdtYXRxenN4 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQZjJJSERkeEdZWkdnZC95
dmI2LzVYNEZSdnBDWmdYbXlJcVQzdlYrQ0ZrCmRiUlZnVXdLOTZXNEV6ODdQM1p3 cVVXbVdDQitMY3NhcnAxZld3cko4d0lySVFrCmtjRWlIVlBqeGNhZ212MWxmQ0hJ
dWxCL2VhdjcrSHdwT3kvbWR3cHVaSE0KLS0tIDdEbzY3TmFJSWJKSmtaZ3dzc2dL eHdnQ2dUSmt1R1ZvamhDd1ZPWHpvTTQKLS0tIFdzeGtJWjVDRkF3R3haVGttR1FY
TG5sU29veFBObjZackhtcE5WczI5eDgKpUFMN37YWaUbpu6kuNr25CkJvI3O1CNe VEtHLzNkRm1IZ1J6Y2VHZGRxbWlwOEEKdEMchAgVHqO/TBc5b9QDU/pdltFlp3oM
jmcJQOW5QwSbIZbmk6U3TvELBvz766RlK66heE5KGx10Li9AJBXaEA== Kqi7HkJVwfbTDk5a1SIzkdwLiGylv1d31qBDczqcJIv+V+4zbPqWng==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c - recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4SkYxd3RRcHJlTE9Sb2Ry YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3ZS8yMDBmRjA3WGJOazBy
VXJtVDB1RTN3ZnNPV05FQ2RCSTZPT0xUdWtzCmRaMWhsVjBFNTlZcGtpWi91RDM4 SkJYdlo5emtFblZibTB4bHUyeFhvSXF0bEJVCm5nZ09aODlKU0FsbDlyaTBDSW00
dlZIcDl4NVFUOElPY293aUg5NE1BaVUKLS0tIDlnMGhkdXV3S1dMS1F3NDBha05K TVA3ZExUQ2RtSmtRak13SkhmM1VxTDAKLS0tIE5OU05oaCtkUjZRUFJwaEJmNjhO
QStGQlgvT2JuZzk1eFQ1MEhRd2RCUWsKJ4Rbbye9WKsMfmsFSrzKp4EsCc46/CQB UlBQZC96S2xJMkhpUjhXRE1IaU9aNk0K3/OwLltfYQ4hmfIIMhgDLt3r+CKSpmhV
X6AqxkIi/fvwy9ZWrqDzLZn2iq4O2Zt8g6wEYaUDudxEWlR1C4JGcQ== BZZFNRdoABwVa9jaVXB+5+r58Va8OPQnUmwZKP8HLj4Wp5ZXCJcjoA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk - recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVVzFFRkExbkw2c3JqVHcy YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsNU10S21Vd2R3SjZCUzdr
ZUl0azlTeC9JTkNMdGdPamVVbVZBZ2tOcHdZClpQcVdISUlEcUE1UEtrVlpISlNx aUMrWEE0TjZWOVFmRW5JZEMxRHNUTlRiVW5jCkxUVENsZHcxSnRQR0d3dE9IZVA0
RytnSEFua2h1Yy9rRkFxNkJldHBDNm8KLS0tIENKcE9vZHJUek5jdkUrSmVDSzlF OHR0T2tSOVJ0VGZqcUtHamR4UHNCRjAKLS0tIHhXRDBydlkwN1grTVRlSCs4VG9L
M05MN2RQajhPR1oyaTM2YWRLWm1LcmsK3m970XSRhwIbMaSjd2OnH7Wm+qVkI0qA ZkJycWRkcUJMd1RINVRldVBZa1RzNlEKhu9+VjthTHOFzxw0GmdG7ZFgIxlYd5qI
5HhJ0EsGCQIDVrSFCnCV85mcgUlglCnRaSu0tWL7lH/qIvzNOG1YUQ== 6ZyU1bZbISBwBGhfqbe27Pd5HazXP+7Q22Zanxjj+EJgy5jAmxRK3A==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc - recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0WFVmWXgyZGpseXVIK2FV YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwTXVxVXBQQjdVQmNIZkZX
bTZuSFdXTUNET290UGRDZ2d2OWZ1WGZXeFM4CnRNNHc5eWtSWnNvMHBEMnBXTll4 QXBKTWs0Yk5lOXlMUXVYakdBQytmK1RSVUNBCldyUVFWd3Rmd0h3N0x4MkZTOFdZ
NDhrL1NrNFRXR0dlYXdYWjliaVVsVkEKLS0tIE5yUVE1dFQ2bzBSYnZiNzRmNjk5 NVoydjdPQk4zeXJaMmc3RFF0bHhlZ28KLS0tIDdDVmIvTDhka0FxaHRGRy9JSml6
ZmNrNjJFWDVYT0M5Nms4aFAzd3E0SUUKL5cKrLsmk9zZGCmPhlo9LTH+dZicq2GQ WmZWWEZHQkNQdVhzRzRpNUdDaTVJb3MKtCN8iYEBaCCLFuJ88tKQ9Iq4ayO0P5th
/lcvE5Zr7H9QfaAfXIjgc4g5DLvCbxq0tQxzbUdg0mtCuhIUXpTSsg== 2/D+LnpOXYu2JV/LWmB+5t42gwGhW7PSK05pfhD4WR+KnFs8OA0X8g==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw - recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwbnMrS3FZUWsrOFNhU3R2 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNaTBtUmxocEYvWGlQeVBM
bGtnMjVzRXpxWVRUb2NqQm9YRlJPS0hyY1hzCjc5Vk5iMXZNcFpZdWxMM21qNmI0 NXl3NUtkUDF6RWozVWxuK2ZNNGdPYVQzN2pRCnZobXJucVpINFhqY2o5dUNCampn
UzhWSTYyZ1BuOVdjQVFBUU9BNCtrQnMKLS0tIGtFdFlObDdYSkRpUkdTaS93eGM5 TWxVTkpZS250TEpLbXR5YVo1bFhwSTQKLS0tIEw1eU1TMzRqQUYybXBjTStuSDM5
eUJldE5jRURQUmM5Ykd2eXJXbExxdDgKQUOwrK0wbhqXMTEtV4FUMZdHsXaXf8kT MkoyV3c0T2lCa1lYcHBCQ01vVzZOajAKGT/nFwLOE0hkiI8Idvlw1qQX/D7+QaWc
lzhAovOKimF2Q47Zr58QFnJTAk7HBGoZ4sBEAa9dfvG6jRg4B3NVkQ== LngqAaUYv2AYT09Vi2u+hUs6RUhpCyY9VPQzO1Lo8jClHbnfw3YG/w==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1w3jtd4lecn2ng8qxantw33qxl2uasfqfjfpx45u6uweexwtxyq4spwssmh - recipient: age1jpeh4s553taxkyxhzlshzqjfrtvmmp5lw0hmpgn3mdnmgzku332qe082dl
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1M2FqSkpKZkZ1QW9UYXNQ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKbXY0by9od3dkQnNrZFBa
enVIdzlldXVJZXVWdVRmMEpkWHpVOHlObURZCk9xTWh5MVl5UjJxZnplMC9lN1Qw YnpodTVJa2lhUk1aL3cyOWlSTkprbmZDMWdJCmtqNDNLWlhxb1FoZkh6ZHJ4cjdC
cDJ3ZDBsWWN2R2xWR09NU3VFT3hueUUKLS0tIHhmMGNBWkRZNGQ1TitIbG1ZVFJF VjRuYmh2NUxscE81MCtyaUF5bzk4eWsKLS0tIHV2L1NETzJ3NE9JVklFYUhXNk1y
ZXFacDJYeUdjbUk2QjhuWVV1dEpNdk0KU+zEg4KPciFx+H8/W2ajrlLPHL+WX2fL bnJSYks3QnJtZXdTdUtLN1Mxais2b1kKYEJqbgsYOqG35XbQXvgSwNLtDhsXEC5r
q0ULbEBieZ0SrCqrnRl/XR1ZxKi5RlJJKKIIfOjEDryy6AtlEU+3SQ== k+kriZXxD4bsYfH9HcoYouP3/JMmHjmE411bF5I7lVzPH0T393g+dw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-11T11:56:37Z" lastmodified: "2024-04-15T06:36:15Z"
mac: ENC[AES256_GCM,data:m3pQR6lC0DzLOi6ZFK9DPWfjKnROPcFXdlukUP7f/udjLhqWeZSl9HDs7d+xS+o/MdSeoV7BnMs6NcMhzXHz5//AB1pG0eNxxO0mALZKRqjEcs4ZRrnTeYb7TPOVLpGh+nDCe+RzJ81xqM2cDXC+ajZlnJpZ5XLalxGBu/vXupg=,iv:ZW2yiNKrm2TwZVqhR6vtAuc0/Dy2mPSN8z6ey8dcpJ4=,tag:DzxtOSRMUP5LDMEvJavy0w==,type:str] mac: ENC[AES256_GCM,data:UYgyJHY5dPoJlFocTPkTYkUC0C42NIZIiii5+EXDUx4man5CAxkohqrLaqdo4SjAZKz1oTdUnNUeerJDdbdb+X11lsfEtOilmD8/MyBA1+pQd6V7FfXCaXnkves4utiNxDiZYdr3ymm/zMrr5GQxI7cPrl98xufbYpxn8DG7jqs=,iv:eKLL0lzUi9YHGoSwQj5/qD/PlJSGxoyy2XCsxTezq0s=,tag:TZ+cLrLqCvPLyEmOS14bXQ==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1

View file

@ -11,7 +11,8 @@ let
group = "568"; #string group = "568"; #string
port = 7878; #int port = 7878; #int
cfg = config.mySystem.services.${app}; cfg = config.mySystem.services.${app};
persistentFolder = "${config.mySystem.persistentFolder}/${app}"; appFolder = "containers/${app}";
persistentFolder = "${config.mySystem.persistentFolder}/${appFolder}";
in in
{ {
options.mySystem.services.${app} = options.mySystem.services.${app} =
@ -84,5 +85,14 @@ in
conditions = [ "[CONNECTED] == true" "[STATUS] == 200" "[RESPONSE_TIME] < 50" ]; conditions = [ "[CONNECTED] == true" "[STATUS] == 200" "[RESPONSE_TIME] < 50" ];
}]; }];
services.restic.backups = config.lib.mySystem.mkRestic
{
inherit app user;
excludePaths = [ "Backups" ];
paths = [ appFolder ];
inherit appFolder;
};
}; };
} }

View file

@ -1,6 +1,6 @@
services: services:
radarr: radarr:
env: ENC[AES256_GCM,data:xNR1zU9Il+jeL2uuKtiMxQV3IHDZ6uAAOnP8/odiQIlysPpcKMrP23z6iKSeUgLha+WtYYk61FmtR9gr5QcLl6WK1EWcyVfiw7ndbZgczWUr1irGCNAGGbKcyqoohUFg9aPcOUBz4MQOpdPK9gc4Uk2QAAB63HxcZxfLDQCHc9M/U6Tm8Mu81x0DtFa6gzAGeAPjeydofrY8/ZnMIkAIVxuCKOw9N6pFSCeF6YS4YsGGC0pcXSyRelnF30SuJewLm1NmE6ub0e7+FW+0Y5nO,iv:XzoK7NaQjmi/8smaJTyWLAoUENVG4DRkYL12Bb09AT8=,tag:jFAHyoSjrp1CBSG0SDlADA==,type:str] env: ENC[AES256_GCM,data:m2JW9nylMHJTMHCJgdPIDhCDdx2u9f1kpK7dhFQLdvchS3PHZt2rT3Z9quxRpbxsnA4eaxi9regl62BlBaPCIyoFzMtUdorHfdu+LCkkzDZ/Sa4giyzjQd6XBB+Mme+RMGT6GqKWCGMB6mSxcKdeZ75TmNBtY1psLjko5zntgK4X57+99ThQ5kozYWkmxSuASYA7yH9nr+ds/3ZCGyzYrpJ9Lo+FTrrccZUpJoOU+2NjnvWy2bobDXaPwY60DGpuktP4ZnINiUWVXt1W/ePK,iv:wRxtvBSEW9Mt+pr9Vm+3Bng2gYsTYJ013OCNGbSC0WI=,tag:Q97JtwOFV1zJE93UMMChnQ==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -10,59 +10,59 @@ sops:
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u - recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzSkhzTTg5MTgxMS9pbm1q YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIb1dPSlEzYVplNTlJVC9K
cTdERTJwU281YXF0N0NQNmIwMWw3T05ZMHpnCmttbmcwdjEzNVVXZGN3WXNwcll2 RnRJbC9NdkdlUGQrWU5jT3dDV1o5WUVKclNrClBBU1V3ZjNxKzdmYlBxSFJSYUwy
bUxmRlhIbnJ4aDNFM3Y0ekVReFNuTWcKLS0tIEdCSDI4MzY2b3d0M055d2lMN0kw OVRYSkw3a2dUU1VZMGxzczFnZm1MaHcKLS0tIFp3ZE1UWlNocmk3MGYxOE80NW1h
NzEwbkJTd0d1WWxvUHFNUTNiMVVhSDQKvq54ESh7DU/VGOu4Oe9D1esq+mbVOeKy Y3Z6WVNuQ0k0NGNnaHp1K25Jakd0NzAK5Pqg0fy+VcFkw2vabhx6I5qBuCDM8Ws1
7xcX7vU4cI1dqMBRciigwfV/45Aq/fhcZWDY+gv77claD18BgjXZjw== z26fKKzz08w2HdMuyhewsopEDeDtpHutrZ0OFbrxLEGlMyf9UnLxsg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c - recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsamdmNnpaTjdUdklxNlhm YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0TUpYWXlVZjdkOHpLM21y
U3BEVVJJZWxlQ0hUQlAxVmV6MnNUaWpaTVhVCk5PL24vcUsxeVM2aGtxZ3JlN2VN a0FYR2FtMDUrN3RJaGhnMnRQOGtVNWRyc1JNCjZLdTk5UXppM09iNWg0VVRUL0FQ
STF5VW5aeTRrbHFGNDFXeGE5akx6LzAKLS0tIGRzbXVvTUs5ak0zd0Ewd2JYM21u MXhiNUUxUDU4ZkV1L1BtR0ExL0xQdzgKLS0tIGdqZHdxYTd5MU9BanN0MjBjUGhs
cjFRTjFVNzFyZzI1Ti9kK1E1U01zcTQK7a5HVOPOQ6dEjjc6fLIiR0gPBQp2sl65 MTdiUjhqWllKTzhIQkhUME9FdVVTSjgKYi/+umfok2OFHjwirp7ANhfPxPpkmxbs
bZnjLPl4OW1C1vQisk2c+jw8setNdtHZ1cNEX/Tpp5jMRvG6wfFdDQ== QgtZLs8ImWxStbc6V1/iq2kgRZMBqzynVLqejTO/SOUyFG+amgeBPg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk - recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTU0JWZlV0WnptcWk0V2tW YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2c1lYZjY1d09rSUo4MEJH
RGp4NXU0TlVrcThnY1ovcnFCT0tFYk5qWVI4CmxPWVdNd2pjNndKQzlpVjdzRndU VkRkRFpkaktZS3M3dTlQb0E0MGtDeXNEZm1jClpPWGd5YTFwMnhSZ2VhSnBqZGV5
VC9GRFkxK1dZakc4VWJTK3dhNFI1dWsKLS0tIEVKQkxmK3BCcVlCTExxaytWc3p4 UXFHeFY0czN5QUdMa3J6ckdFUEdvUkEKLS0tIGFIU2o4S3V2K0tpZXZETW5TQjQz
ZWJWaWlQUE5panE2UExRdk5VTXFLVTQK7b+YCdLJfBuDGjdTT3+jBrt/UtLgqopl dCtNVmsrUnBlSDhyendNOXV4bkQ2SmMKvVIv5IPoNVVS2BoJ5SnQ0tQcIxIuu35d
Eyu8qA1vcANG/nHyWNIsv9ogXXPns5tx/EjHoDWFtmK+xYb35elahQ== knE5yHkNnwUWcIuMAqPempkqcQRomBKnEPcQFnt6mAeJ0cAWqtcShg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc - recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYT2ljZ0l4ZXNKQnNvcExW YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkNDkyQmRrZHYyVm1wNDFH
dWxnaURiTWx4Ykt6M0VueVRLREh0NEkrR3k4ClYxR3F3a3hDazV6ZWpYZ3lZUmJY NmFaZXV4enNsS1RqQ0xnbVZPREF6cjdNdVdvCk5Nc3JrRklncTBIT2h1eGdrQnlK
OFZBeFc0YXBvWUU4TVBPWjR3WDM4NTgKLS0tIFJUTzNmZXBPbFhZZG10cWNQK2pW ZFpaMlc0ZWJtQWFYSXVubzQ0MkFZdEEKLS0tIE1MS0Z1TnBpWDN5V0FydFZidi9G
ZVBpZmFMeGswNUVOa1k1WVdmeFdrVW8KXjm74fFrEhWTP81MVpGxT8DOPGdfldFV T3o2UkxtckIzL0EwNHZjNGtGejRHdDQK/fGgZJNiuDrJjQJ4AgQ0NZ1xtfiMqDjo
6AmRLlon/j4LFfhHEa+mMQyRBQ4Yf3ddA1ZGkMENpmYaZANEMK27VQ== Ip1tNE54juYI6BB+JxRcN38fsT5dbtrzf9iYCREDg83sLA3lyJsZsw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw - recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtMzViTnhNSVpuNGRQUmZI YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5VElqNEJYSFo1a1k0aUlt
ZmVicEIzb3VEYU12K1JFWC9lTlh2NzEyVUZjCk9qQUFmSm5od1pKQ1hOMEZ1dzV5 Znc1TnVZa2JTdDhlTmtOeGRBKzlPckdITVJrCkwyRUhwSkZsMzlmK3RwUlUwcFZa
U1BxcDB2RjFndTBKV1BxWWRqbHZYVjAKLS0tIE0rMDJuMWFzQzRUL3Q5aHB3WDI4 cjcvTGd0K29KaVNMNFJUenh5OVBoL3cKLS0tIFlvb281dmpHQyt2dVM2OW52dVVP
b1JJOFNxYVBPdHc5Q0FvYTBYdG1pQ2MKClJdJIeOlCsZbV5crlNWb0ibIRo4jgb1 SjU3bkwxQWZ3UVRvenllbFJDUkNWQlUKmucLPz3oNUNXceZqDvxY1bj0/tctf9Lh
x2qfjH4kcyyxueYaYQmVAsJwus+mF5DphQH6GLyEBWhecWU7hd13+A== yjMu1Cgeq7W5EPHyiT3IUXEc6utx6P+AtBIrtz1zSAVt8tiJP9JpJg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1w3jtd4lecn2ng8qxantw33qxl2uasfqfjfpx45u6uweexwtxyq4spwssmh - recipient: age1jpeh4s553taxkyxhzlshzqjfrtvmmp5lw0hmpgn3mdnmgzku332qe082dl
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1Z2ttbFphWEJOZGlXbTAx YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSU2pKYjdjMGQ4MGIwYW9S
ejAvSW5RQ0ZtZnY2R3hZcFQ1dEpZVjlabFZrCnVCZzMzSlpJcmhLVUNaRXdZUDRq RTZQZzVFMVZXUlNVeUF3b0tyWDNDd3FWUlg0Cm80VVA1bEJoYURyTkx5QXJhWmZV
OEhqbkRxT1lvN3l3K0VuZ01aeEZBTGsKLS0tIEszd0ZjbGxJc3BJYVdIeDVCSnFC TWRlbktpZHNHaVBnRVRMcGtOOXpIaTgKLS0tIGFjZzlPSGFIdzRTL3VxblpDeU53
S1lZN3NiQlZYclVQeHBheFpnS0dHNlkKnm38ebqxyazFs2f3R+Z9JxBDi05fMmgL NHJhbjFLUStTY2JtNnNWOGNiU2hia28Kd2NSudZf8zK6Mp/Ex03vynqwCRB/9oNb
7zt4SrK5puEz6Tps+Uzxc3tIw72s3IKjiolJ5NTLggVDxJC5RTHK6w== 1vdM4crUH41v9MooO2B3RfqO91TCqlH5abVSqwwJBEfP33Y7jX2y8Q==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-11T11:56:37Z" lastmodified: "2024-04-15T06:36:15Z"
mac: ENC[AES256_GCM,data:eBU8ATyScttrDfc8M17qCGrNVNxpfnW+u2f3JTiuKl79+KgVLF958K7BUiYGZ3J+BrmWHsV8YeAso6hjHS/3JLJJyRGlMeQ+ywJxglnj87TKVitqRMk0Kx+BVE24SjGxJ97/IsDUhBmLVxphv49aeiaHtPAPQ97+OfFKwFOaHwQ=,iv:0KvN1Xc25QQd9/v7apuM22Dyr5VRCwiP7eRTPi6Jrcs=,tag:lyiiNPo/Y9+RWiBzV3RmMg==,type:str] mac: ENC[AES256_GCM,data:g8XzK09/2IOwMK8h8Dh0trroyeSPXmTuPa+e4CQmHtnjYjwcX0/Pn88BS24vo2WV384ASu2OcCFBtqPfmyTQZKmnq2q6J+wZ0TkKzY8bOOhoOY7Gz3x8RFAeolw9+FGwPNj24fVl5HnxjR/+df4WrzAb8W0HmBR3B1nWJWQhm7E=,iv:ubXMRgIqgP3kOjWpf/OzhdUBTLd9lc2R0B/UmW0Gq2s=,tag:tCGq+2xdWbA0YnJG/rkT9g==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1

View file

@ -11,7 +11,8 @@ let
group = "568"; #string group = "568"; #string
port = 8787; #int port = 8787; #int
cfg = config.mySystem.services.${app}; cfg = config.mySystem.services.${app};
persistentFolder = "${config.mySystem.persistentFolder}/${app}"; appFolder = "containers/${app}";
persistentFolder = "${config.mySystem.persistentFolder}/${appFolder}";
in in
{ {
options.mySystem.services.${app} = options.mySystem.services.${app} =
@ -83,5 +84,13 @@ in
conditions = [ "[CONNECTED] == true" "[STATUS] == 200" "[RESPONSE_TIME] < 50" ]; conditions = [ "[CONNECTED] == true" "[STATUS] == 200" "[RESPONSE_TIME] < 50" ];
}]; }];
services.restic.backups = config.lib.mySystem.mkRestic
{
inherit app user;
excludePaths = [ "Backups" ];
paths = [ appFolder ];
inherit appFolder;
};
}; };
} }

View file

@ -1,6 +1,6 @@
services: services:
readarr: readarr:
env: ENC[AES256_GCM,data:YrtC84SDPVC/pWrKeg1kmA5T3QKOqxt+y9x0rnYC0pErta9v8xGU+pgC1jVZfqh4Dp81tRohhmQBMC9KZz4bmmn/5YsAHAB8Y4xJSwm/kZ3LNjVRuZ+PmvEh2ggfwvs2nFDRbMx/TLETbSZ9t6NGtg==,iv:ZwvHaREcEkFSXyL+VBDFFKgZZwg7+utMs8qZex7pzHU=,tag:+3GdLnxxo63XxvMQ3UwK+A==,type:str] env: ENC[AES256_GCM,data:2S5NsdywH+nAEAghKp6AsTw6FDpxk2gC9lW6KK1OQXqMID7ERW8LlyCRuIBMFQSXllSNSKHb7Q8QM8rZDv9KNshnIXZjuI3iuecNOmDh3fkF6psUnWhO3vxiK/ssyZfAiQQCKxrGb/8U0eZkXSZYTg==,iv:I4aTJ4lGeht6d/j3lDpMA1RddjbqXxxjfX03pJaTQ9s=,tag:XayNGtD7rxeXI33Q+rOQBQ==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -10,59 +10,59 @@ sops:
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u - recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTd1pGYXZCeG9RTm9pTmhC YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGNEdEeXpIZWFUdEpHc3JJ
dVc4MHYvZE9leHF3L1JwS3ZwVXRaY1VZOEE4CmVVeW04TWRNVXFFbmNFMkZvMEEv QW4vYkFocTdHaGt2T2czTWdUVXQvUllKQXg0CmZtYitxQkJ6ZVRZS0tVRktiRVJ1
ZUdLUmZjSXppeG9zT2xjWGlMVTVISlkKLS0tIDh3YXk2MzQyMnozbkdXQmx0NmpZ Q0lEZmpIQ1JqSEhRNnRzVjdnY1NxbU0KLS0tIHVCSllmTDlKdnZvdlVtdnRNVVVE
ZTlicGQ3WlhkTk81dHlhUUhNNGl2bEUKziPthUL3m69WSsKwAblDeQff3kyoUOp6 REJkb0kyNUhoZFlCbmJScExLTjhOK28KiRaZJRnHkMiX/3m3gvLq7it02sGP2ToF
3e8h1C/+rAx7LZIlQaMvBKFy2IiAb2bb47tb7L3k3BLx38FP2g7a2g== 6p1dKNXRbDNplTbU3juOGbX1rpqyWD/St1L3EsZCSGomAa8tixM29g==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c - recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiZUoyeTFycXZuZTJnblJY YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXWjkwcFBUOWtTRUtWMVdj
cDNxUk5YWWVMRHlHUXZPYmdVUmNvS0tadlN3CmlFbjNuU2t3OENySmNqenlLSnlD Smc1K0RidTM2UGJUcFlrSzkxcHFydVVjSGhzCmQ3Szh0bFcydDJtRHU5N1RIUUxk
ZnRNZnJnN052eHJUNzYwbG5SWTZTWU0KLS0tIFd2bk54RWV4TzVheXRyekpreElR aVpRYXpKaUpMd2tVZ0hpRlRxKy9uWjAKLS0tIFkwaGJibzFnQ1kyTzA1UUtsNnVn
YmVoVVM1T1Zwb0hOVzVpemwvOTY2WE0KjfJ8ertgqaFEEN6lgWNOVTv2UdL2/+uD emJlK3hRcTlzd2MyZVF1Q3gzdEJ5OFEKuykXtBmmPoGCg9mN+LjQH+NNBybxVA06
5W68LANkIHbVNuY6IFE6HEeBUww7BfshW/D3NjJ9/GHMdVyO0MFs3A== knurupbZSa0Ha4aKqtqt0vK/5PeEchVx8AddN0PwRKdKT1djUXJgzQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk - recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0dTFNSUVQRmpaL1FrSFkr YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5b2k5aDJQUVduWWQxbDgv
cXQzRFAvcUNsSUIyT2piZHJyR25hMTYwQ3hnCjdFbjFvNlBFSkVzMXdJd2U5ZE1s VFlBZHlwcGlBYWtxQUQvYnJ1dGlpMVdpbmcwCm1EajJYY2pKTGlMWit5NGNSZTdn
U2srMktJSnVVQjVDZnpFYUtKL2QwR3MKLS0tIEd5eUlJbnB6NmJvcXh2ODY5cGhk QWFkMFFXYmQ1ZDBqaUlEdTlKeEdETDAKLS0tIGlieEUxem1uUk16eGRWdGNPUjdL
VlBldU5pRXdiK0NwYWtPOThOYllyQmsK/onUlwfcxSA1uj7UeO0Al5SDrOnlnY+q YzQzd0xHWjFYZ1Nob3JaZit2azIyaTQKDUVGD5YuNMJFjvYv7vnI6fDrqoYCbR1L
A/8BRBjvc4NZbmQRqQFL1jAbnjWGKkr8nga68+Po41o5HGK7bQLjLA== 14Eqrh7mpA/GKUh7JepVZBshaGtbWe+QzBvrV3d2l8gd4PouRUH+9w==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc - recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2d3V1RUVjNTRzUm1scTAx YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzRm9UUktLSGhxN0NqK0Ru
aE81TUtFZkJxK1kvelY5UzFDdm4yY3RDNVRJCmNnZmpyWkNMZXNUNlZNenFtVzAz aE9JS3N3Smd6NWhGdWZ1eXlmWTJiUDlqcXlzCnhnTUVseDNWcWg1M0twdjcvVmJ4
b0tSVnBmMEhzQ1ZCeVFlZE45aFpsVHcKLS0tIDBLYXBrblpwUDZHdXBkU05WeUM0 RmNBWmdneFpwVFFScDFHSHJXV1VrRncKLS0tIFd0eUhJWVVkZ1pPRC9HTlhSdnV0
S0R5dWM1Z21vVDdYZTVPdzZybGdKNDQKKMGfvicyhJLtRljF8+2aN7B05lOQdVue Y2VPSElSY1B1K1dHUEF0WEtNK25CWEEKGVdXV7E/O/Hf0nqWGkGvsOYIenKQlpuu
9fbkdQqmyjlDBzgcpXlWYEiFXAGQw47QursiRgi5IWNrPIYUsNUGVg== Szi5QozDnAzUxuvGi/PASYghbDPRi74yTCwPPVyZAaHWIN4HZuyJxA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw - recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnazdub1l5SHZrakNJem1Y YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiRmFKS1d5Z0RQRHdZVE1i
R2Y4dUdLYUNYekZUaTF6UGp0NThSRStRdEM0CmtZajZkaURXSXdwQ0xyYVBxMGox T1dYVC9pS05Lb0MweFJtNlBLZGhyVnF4MjBjCnZWUFA5b1hueG1hUGtHUlVXUUhj
Wm8reDU0SklpQVlwN0FVUWphUU41Rm8KLS0tIEFvem1QckhSLzdZUzFYU1lkeU52 VWxGdXdjSHhHajFEN2lPaHRnRWxnRmMKLS0tIGs1MG8xRWxXdXBDNHV6b3dXcVQz
bHEvamFnRm1hQzhWVzc2NlpMdDZjamsKHw2l5wMqtMHgOlDa40+3RWMrFrC1I23i Nk13K3hiemcwYnBHMmQxTS9WZUhVNmcKrYVQyAtuaHdkK3xNqwRFxtkWFnKo8KuA
rXFmm5x6BR1xfHFfor5rJK2CrIEhgWoRLSqcj4CN2lv1CQ9Q3CZchw== QZA55CVYBkM15cLRm9QqIsWBMuJ6zhhsOsuF2S4H963X3ZFzWokuBQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1w3jtd4lecn2ng8qxantw33qxl2uasfqfjfpx45u6uweexwtxyq4spwssmh - recipient: age1jpeh4s553taxkyxhzlshzqjfrtvmmp5lw0hmpgn3mdnmgzku332qe082dl
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzMWZDOTdvY3ZtVWIxYXEw YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkTWZuUlNQRDIvZDhIM2lp
YlFwcjA2ay9ySDRuRmFuOURUQ2lOUlA5SGhRClZhY3FCZENHWkFNeDBIeEw1M21N RE41TVFucWRORmVCbmFVaDEyWmFDZUZkTGhNClBHeW9ZS0RhaklzWGZwNUtoejc4
QS9OcmhSVzhTZmdvZG83aWZqRkZUQXMKLS0tIE04elFzaWlTYlBBNDJIcXg4b2hy bmZPSk1tcFRvamxqQ2xkc1pRSTFJS1UKLS0tIEkvcHVIMzg5d1ZVZ3JkcktSMGdz
UENsWnZLZXZwUlZkOElHazM0aHJvNHMKtc3HGsZ6jmAZEapTWNGCfUmSpjpH7bIl bGVQdHNlS29jaFZ2OUo1Tkg3Z0RGM2MK6eCZ4J9XK/9Y5IO1pkgcaczI1Rp4ahA6
dClmX+63ZVOL++SrUMRh9gZJF4utXzFbwgJsh8WrVpbg1SNplA+tKA== xqU29l0Mprpkc5cahylNET3+zXm6mHdd7kPCfxgR8SOFfywfC+XOPQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-11T11:56:37Z" lastmodified: "2024-04-15T06:36:15Z"
mac: ENC[AES256_GCM,data:etgC8IZtH6YGGhbDoGK3tKjbrtIyu9mYwXRMDygCVK0uJfrktW8I7OJwKa2PAHLDzG6ffIQRJdgDNFIgVobK5hFx2MgY1mR4dwopmClovBD6H2OvXT8IdzVjAUW5xJY7rk9L9tmeackKp+sWnAxlfVtZ8rWl+i5vBYxm08UrHv4=,iv:ITUc8sDSyP/uYUSyC+B4pEjlxJ7gheTk2Wk7ibmuIyw=,tag:khG/fPxlCl/ru68iBAZntA==,type:str] mac: ENC[AES256_GCM,data:/aLPFReAY8RhctcbZyH+AJ5JCWS8p4Rqy2b4lC+Y2pd/fRDd4NFlO/KkzCcW0olxRcVsO5VDnycrgu7USLdJ14MxB7/sH1ZlGfeFxDnLW/PL+gA6y6FnKPJ1f/MtfuM8ZKajvLpcEQL81riAlimmhYbhD5XyM4zCGfNPhKIwwEM=,iv:I72VZN/3aPXEiq+xSUoV658a0gvlBQ3/nxBklSUxz34=,tag:pleR0yUN6HZrqxxZqP+Fpw==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1

View file

@ -11,7 +11,8 @@ let
group = "568"; #string group = "568"; #string
port = 8989; #int port = 8989; #int
cfg = config.mySystem.services.${app}; cfg = config.mySystem.services.${app};
persistentFolder = "${config.mySystem.persistentFolder}/${app}"; appFolder = "containers/${app}";
persistentFolder = "${config.mySystem.persistentFolder}/${appFolder}";
containerPersistentFolder = "/config"; containerPersistentFolder = "/config";
in in
{ {
@ -50,7 +51,7 @@ in
}; };
environmentFiles = [ config.sops.secrets."services/${app}/env".path ]; environmentFiles = [ config.sops.secrets."services/${app}/env".path ];
volumes = [ volumes = [
"${persistentFolder}:${containerPersistentFolder}:rw" "${persistentFolder}:/config:rw"
"${config.mySystem.nasFolder}/natflix:/media:rw" "${config.mySystem.nasFolder}/natflix:/media:rw"
"/etc/localtime:/etc/localtime:ro" "/etc/localtime:/etc/localtime:ro"
]; ];
@ -86,5 +87,14 @@ in
conditions = [ "[CONNECTED] == true" "[STATUS] == 200" "[RESPONSE_TIME] < 50" ]; conditions = [ "[CONNECTED] == true" "[STATUS] == 200" "[RESPONSE_TIME] < 50" ];
}]; }];
services.restic.backups = config.lib.mySystem.mkRestic
{
inherit app user;
excludePaths = [ "Backups" ];
paths = [ appFolder ];
inherit appFolder;
};
}; };
} }

View file

@ -1,6 +1,6 @@
services: services:
sonarr: sonarr:
env: ENC[AES256_GCM,data:oMGIe0t1e23S1W/7XbarR/fb53VB9AnUFHOl/RVy6tQxLanVgnvupexvWzwgCAHV5RTvbqm4leOw/ho/PUoCsh9HKgTNgzZnsDctoaXxnZ/r+z2uzl4VNWhpPW6WIBMHA2tkK+93972hNWrxhttmNAC/iIn7dymByWrqCIFt6BE4uQwDmetb4pgwlbPDkF/qfrZlcrAESQhJht73jk1TuRCP1oTnZFCY8O1mqiwVbdt43d/wXG+lQ0TmrPQ5LafNbnx2meL6BZbwZzMDPYEP,iv:e8+AfvHozU8V0yu0nD9foriv3ButNPuKUWJ6m2L322o=,tag:ElYdWzj5VLgWZyeLpjXGLg==,type:str] env: ENC[AES256_GCM,data:svh3G89gV3hrWwJAWRZqf3s5dgw+m8tZRl8fJ+uWax1l2kUphmkrOCA/u0gXxw+wQGxdnUTHZj+DBCOmbtVkOavc15/xuBIlTro0H/WVolIfag+k4fYjIU0fDtEtzUnrRTtUd/lznwT16RndCxaz0iJY8/GhiahHoN+sa3T8mZZKyHNfWoXkhIK+KfaJ1OIqMvPxIK21urAE1CkHVx+q1WLu05dCj4xCrIcA2ZpqiByrKdpGPe5gleU3F5i22jKudTwUzzTF0glY3RHUCSKK,iv:1U8RH6ML5yzH85fui4URONvUyWfbiLFHUZzkUK7EUkA=,tag:JEpZ8BEI5BZuDdS5ou85Jg==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -10,59 +10,59 @@ sops:
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u - recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvWTFZWFNZTWRxMm5qRmRk YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2ZVRYb2hIUFA4RkdMNmpk
MXNmSEJnZEZSWHpBTjk5ZU1Ld3pQUGNFVGhBCk9PMWdlbm1adGE5UXo0NERqT2c3 U0xuNTFsaUJJc2tvT05SRk9rNE1IRUpEWGx3CnJaRUs5Ulk3QTFSRjBqR1RwVkll
V0ZpN2FIYzBkSEVXQ2lyUitoUkphczAKLS0tIDBsTXFBMDY5YldLLy9iaTFvbVFD ckwrRjA2U2pza0VFbmhFK2hOZTFVWlEKLS0tIHpxaWlPTzQ1Uy8yVnNtMFlBbHFR
MU02RVF2dXRFcElhM3JVeFJKK2tTTWcKb2WurFhZ0ANk+iyyMVjk26Ldo25cO2cH Y3M0SlRuLzRnK0RtQXVLVHR3NVhGSGcKaaEbOqwxniCNGimCBi4N/BMEon0RuOBA
DMfkmK5NEy7iKrZZdNYQR8gBkO1GgQfI1Wm4JPaLc0vIBT9CXVDlLg== DOzpGCUAZubMGHodianqI9pkCof2glbuwQ/g1+W5JHGmtDWzHGmXsQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c - recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBRitPYkxWOHJ1WkFRbndv YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiVmdSeUJ6Q3dDclRDZXk5
NklNS0JZaXJEQ2ZkOG9SUzlySFR3ZFVvWUZVCnFXY1czNURBY3hINllEWVJpNXA2 L283SFF1Tk1aRkg4Y2dVUXRlYlFlVldDamtvCjB3U2tGdmlOV2lBWEUreWdROXQ4
RHp0VlYzN2ZlMkNnMmhPOXlPNCtpQ1kKLS0tIGg5cU5Nc2k2bEtOSmx1NmhJWVVD Mis4NWxRTHpOMkNhQ1B3ZzU1eG8yaGMKLS0tIFRyYnA5UjdxZlppUG5pSHFrck1i
dmtjSWxjN0xRYWtNbzhUQ0FNaFVpTFEKM9wSMsEYgJErzO79L6YOXfZpGnd57Xcy aS81QTMwc3h1MGYrV3NBY3lGd1JnUW8KMxUqu+mNFXvj3eOuQtiMZdttzQbXhLD5
jxrwzFhZ9AVVtPjGmyozYWY3uGlMzJtxDCNNRV7BbK4m+AsjtYJ9fQ== z4dUPriAfjVQRAgJTKyOR75IZNmle+XfK9g7JcDVCYX2D0tPHSOwSw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk - recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlaldmZW0zQkZkNG1sTzFp YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkYXVYUmZXNFpUQVY5bm1U
UTRUMEtwRCsxdGZFbmdiUWdVVjNsd2F0WUJJCjFRNnBVcU1GWTQ2NGFheHkvZytC bW4zcmhlKzU2V1RjamVyRnFlL0tPemtjOXpZCmVLWm01UmdVYzg4VnVKbEhteXkw
TkgwVm4rWlN1NklIeS9YTGh1dXNQVnMKLS0tIGZ2UlNXWUM5cnVLaWxDNXdzSE1P Mk0zZytWYitnMWZKMmIzcGtPcFFyWUEKLS0tIExFZFFnWUdDNEIyWGViZGpaQ2pB
TTVEanZuVyt6SkE2RWRQOEprbi9mVk0Kjrh4oB+EfFVDx4CW3h3be61X+RNDrZ8O d1dYWXpoTzNHRW1YZDZUT2t4Sm90bHcKVcGR4gyNz1He2hDMGOVVZS1+JMxZ7cUo
IDNFRznHaYUM757C16GMLx3We/pAinPvDlZd1eDBj8kpHGGMjIU+Ew== 9M7I6T/FkYfquK3HddV9alToppT0rl6BTwLN0z2uvVyHt/n5elh/6Q==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc - recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXQ29URGpEUHRJb1NzbitL YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsNkRqSjgrMUk4NzZ4R1Vm
MGFFUFJLQjhxQWtoMXRIRnlkZUpmRkhERnhrCjFqNnRwc3VoZEIxZlh0UG1UaDI2 N2d6VjhGVThoVEEvSkJWOXJlbVl0eFJ4OEE0CkNETzJSVVYrd3NPcnRVUVl1TnA3
M0pFSzdLcmI1MU5NcVpRdEx0c01kaTAKLS0tIGZSRXdDZUtNRXhjbHJtSTNJRkxh SnAxTi95d2EzZ3k1RUZ6WGRyQ252SzgKLS0tIHFZdFpYbGpNMlBSN1doY2RvOGtk
SGJOR0E5N3NkZFhuMkd5L05veUx5Ym8KEVUDZCs151SwCfDC7b9vb/xK++/TftWK bDVhWGdOMmdaSUVmNWYwWXBMSGlWL0UKIjcUoqSJnEhsR9uE3ny2dUyxrdkELXou
9FdCeNNEMEpTOuX8Z2Osmh003aoMpCk61VOYPBVUMrf43oSQFSb+mA== Dn14l36OqUYpvVkY6hR9yMIwEX9iK/4jmkSVinTMhEzIzPOft0Lhvg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw - recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4YW83VGI5WXNhOGg4S0hF YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuaHcxSHlUWWxLMkpXOFIr
eGk4c0o1R1ZEc2dwcjJqNFdQVEFQN2JGNmxjCmJQUkRFcmY0cWVLV3R5NzBKaGlJ bGZxME8yK3o0c3hQUnpieVd5dkN6eFJrYlZRCnJKY0VwaHpUSWFXa0MrQkZBQjgv
b2Z5QW5RSXlpR0g1M2gzYk80THQwSm8KLS0tIEtHc0VFTWVKSlVWV2xTLytVNWlo bGYvbTUzeFhaL2VRL0lZRUU2NldwTE0KLS0tIDRpbUFVUWU4U3JXNzlzUVhxSG5i
blBoaFdETkw5T2R0S1RQN2RFZmgyK2MKz7PDVFyumWboD3OgPQgmPSR9dk4xQi3V S21ZeWpiRlpGMDRSak1ucnlpNWNwcVEKb9d0wzgtD50XCg0BGivMBcKysgXL8kn0
ivvJsiV6eb0rv2T9kp3Zs3Zfbj4G4o/GhBrTNka7SkqsNPV2h3c7Kw== VtqWRLxVDtCBRMSJzzPx/9QqPsguaWrd7VaLO5nqqlyLq8VsX8uPnQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1w3jtd4lecn2ng8qxantw33qxl2uasfqfjfpx45u6uweexwtxyq4spwssmh - recipient: age1jpeh4s553taxkyxhzlshzqjfrtvmmp5lw0hmpgn3mdnmgzku332qe082dl
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMMGxWR1Z3MmQrZWQ4aVlJ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtWlF4RVRCTXJRTFdscVAy
QmVtZkwzbXRxckVDRnN4TGd6em51MXRzYmlRCkx6OVczMTBwZklXSkhxbFdHR1Bs SlRscnN1UllGYTFEeXdTQzQvR05wQlNESVJ3ClF3NzVWdmdMQ2d0a1c2Q01iUmlR
OVFlMTB3REY3N3pEU0FqTSt1TUp3U1kKLS0tIFFiK2dxSVd1OHVqcEdWMDNIUGZm R0tSWVV3Wjd6UVdINXhKMkU4QWh4YWsKLS0tIHpUeW9DMzhtVjczOXR5aXgzUlB3
dDlCa1Z0Sm1Yeko0Qm00R012NzdobVEKOwMKLmb5khE1oh+Gr22UxeGrV7nDWSrC eVU3ZUJVazB5N0VVckhndzdhVEROVkkK9Ue4O286MnHWbqlTulIDAHymyQVXfeAU
7WJy9NFYrfZpRveRAoIDJoZsQjsGE41J5e7oRguocmmz6K1oLazxwQ== trSdNjqs7LZniHDY4MsVSZuR48r6kkfxrfCtjNXD/PKd8sGeihHCfw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-11T11:56:37Z" lastmodified: "2024-04-15T06:36:15Z"
mac: ENC[AES256_GCM,data:qUGaCVWO8S6XHkm/bnwi7ICZsVdKyLHV2HF0BmuBci0qaINuP6316TB81Fsi362acXnd1kAQLWtpT6OVg4/sTQw7gXO6K6Hu4VhtpDf56MrTqvfkzbro3en24mrEtGqaPm4AE90TjbWQcgo1TVfPOuxmYBKvlEsBWB+GRwGWweI=,iv:Exqcdd0HhLG3Rb2+Wz5qhafPnJbjRPJBwTGd+iyGUag=,tag:aQzhUOz+XUIV5BYuxHViPw==,type:str] mac: ENC[AES256_GCM,data:P/8MV9dsLpg/ygzluIKwi+zBTjCRXQBuQA7R7I0qcClKIVHLTjJzI+C5YCHG4NcemT/Z+nKMsUHFqRlgxh0qBH+ZnDmjQS9qwKa8a32YDxJRcCAgbpO3xp62/ogbSKSrqx4O/qXQiKUitGv6K+UaowCQdoArob+dnE+I9m98r4M=,iv:oQXdqQ1J4pF0ZX3QD+d9Z/jQkW0+3daPYmhnXHC6Agk=,tag:8eussYTJvpMTkd1cULezhg==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1

View file

@ -11,7 +11,8 @@ let
group = "568"; #string group = "568"; #string
port = 9898; #int port = 9898; #int
cfg = config.mySystem.services.${app}; cfg = config.mySystem.services.${app};
persistentFolder = "${config.mySystem.persistentFolder}/${app}"; appFolder = "containers/${app}";
persistentFolder = "${config.mySystem.persistentFolder}/${appFolder}";
in in
{ {
options.mySystem.services.${app} = options.mySystem.services.${app} =
@ -38,9 +39,9 @@ in
XDG_CACHE_HOME = "/cache"; XDG_CACHE_HOME = "/cache";
}; };
volumes = [ volumes = [
"${persistentFolder}/config:/config:rw" "${persistentFolder}/nixos/config:/config:rw"
"${persistentFolder}/data:/data:rw" "${persistentFolder}/nixos/data:/data:rw"
"${persistentFolder}/cache:/cache:rw" "${persistentFolder}/nixos/cache:/cache:rw"
"${config.mySystem.nasFolder}/backup/nixos/nixos:/repos:rw" "${config.mySystem.nasFolder}/backup/nixos/nixos:/repos:rw"
"/etc/localtime:/etc/localtime:ro" "/etc/localtime:/etc/localtime:ro"
]; ];

View file

@ -11,7 +11,8 @@ let
group = "568"; #string group = "568"; #string
port = 8080; #int port = 8080; #int
cfg = config.mySystem.services.${app}; cfg = config.mySystem.services.${app};
persistentFolder = "${config.mySystem.persistentFolder}/${app}"; appFolder = "containers/${app}";
persistentFolder = "${config.mySystem.persistentFolder}/${appFolder}";
configFile = builtins.toFile "config.js" (builtins.toJSON configVar); configFile = builtins.toFile "config.js" (builtins.toJSON configVar);
in in

View file

@ -11,7 +11,8 @@ let
group = "568"; #string group = "568"; #string
port = 8080; #int port = 8080; #int
cfg = config.mySystem.services.${app}; cfg = config.mySystem.services.${app};
persistentFolder = "${config.mySystem.persistentFolder}/${app}"; appFolder = "containers/${app}";
persistentFolder = "${config.mySystem.persistentFolder}/${appFolder}";
containerPersistentFolder = "/config"; containerPersistentFolder = "/config";
extraEndpoints = [ extraEndpoints = [
{ {

View file

@ -1,6 +1,6 @@
services: services:
gatus: gatus:
env: ENC[AES256_GCM,data:77RkFJ6MfTxdVu2QbKHLvIRHxB18oUKJ/Jq0bxHKCAZkbQ0DqJ+npjTchX9aAHp54oROApBQklk3Rf4E7Wjn04BirxI1yh42I9AgfoRphlLB6JFAhWPmsRZIMWUjjLdA81gH,iv:odRx/Ht6Nku7WSakECHEbjZbRtLiT1HtLCv8LkLbDWg=,tag:ZFL1u/Kg3+TdGOpby40Ndw==,type:str] env: ENC[AES256_GCM,data:iocxxwf7Iu2mD/Ita8kYQjnSIa5eG6r6waZUHrZxq+Zr02rUZS3ypvtA60fdpxtCFre4nOEMTI0k6XkaW3xoma3cMbm4cjs+bn85dNeUdlDkcKdo20pE95+jPqLnB/jmxyc8,iv:uynRN38mYtrkO2HBr2hp8PTWECZn1MKRJKFegQX9slQ=,tag:gk3c/BO9+KYblGLbmtDYYQ==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -10,59 +10,59 @@ sops:
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u - recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCL096VEdTdzE3ZnpTU1M2 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjOWZEMVJVd25Hc0E4SkIw
NngxUEY5d0FNd1cwR0VrN1E3eWJmOEVEOWtVCjNOQUErL2NvOERJR0x5NVFYcHJH Y2ZnZlFsZnE5MitTbWMrb1c3WDI5QmxjdVYwClUrRXBjY0lYd1Y3T0F6ZUxHY243
ekdVNVc5TnIrQ0E2OFI3K3VIdFo0RWMKLS0tIGtEcFBWQ29KbmkyRng0bXovUTB6 OUZTK2ZxYXJ2UjdNMUN6d0ZSdFZyOFkKLS0tIGFXOHptSzF0a0pqRE1QM291KzJx
NWJBdDJYU2JjU2Y2KzZPaERyZE1HdEUKHOJMtRFmWNTzwr/j7cxL6E8BnaZk75Dr ZDJDWCtMZVRXTG9pNkl4VXg0WkpJSDAKs5QHQkoKXpdJcVnHcNLeeq2wUNh3LIUH
RYW+8oGT905PMP0jh6dFKuUIsxAuCGQXZUfnUXlbCBUJjYIjeCNGOQ== TU3SLK4yhbKBS6zL/LKOWN1XL21B3YrSHVOWQzMb/Vih4MFrPLchDQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c - recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0ck00a0xwOER3SmZ6OTM5 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2Y3BwMkJ3dGpteDZCVzBE
WGEwVjZ6ZUJhUit6SU1KTmtqak9uTHJDT2xRCjcrMHlvRkw3SGMyNE50WXRjcUtw bk5rLytHSlJDS0ErZjJKaEtTWkJzY3o0dnlBCnp0SU1vVndZbXk4TGdTSjNyNTBv
bldUSUdTZlhRUGVPQ1FaTWFva015RmcKLS0tIERrd0F5eVBMYllYS3BCZkt3bW1v MUVOWUJHSnowUjFVWEpNMUpiMjA2eTAKLS0tIEIvYmNCWDA5bGtvRGQ1SmpQdFp1
VFlYQVp5cURqWXV2ZmczWFF2UlpYKzQKWlw1CxLh2LwA9z92ZVbkZPhJuleUZHdN VEVFb1BsSitHV09PZlB6d1hCNHpvOWMKr0kc8AI0jRpx4vRKC/CcQblF2aTaAYT8
hOfpFEfd/nP2Mh22NW41ZN1X5nT6hG+0N5LANmjzGoRUCS7pYaPTGw== MBPbbv1rFJBJ63fv1tGb/EmxKWl12HIsjFTxn4R9HLMuqoeheLTkEg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk - recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVR3U1OTJncTgvcVdrUSs1 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaTm1oZXA1eUpaYi9WSHlG
VDBBaHpUU283QVFRZVNhMHJEUDZYaUZTTlNzCnFyMHYvbGwzb2VmL2Y1dnREdEpl T25hVmUrRFV6a3NXcldRMERkU2FWMmptTFVjCjd3MUlhcVBGK2JhSjdkTDZpQXBz
Z0ZkbGwzTUpoWEVQaTlPMnNFN3ArNkUKLS0tIGxtSS81TVF1SVVHcCtVZHhES015 L016NnQ3bzRocmNrUk1nR3FqeHI2cnMKLS0tIHI1aVNvcmtKYTBNVGg4RS90NXNW
YVBza2hzM1ZaVjFIbWhoOW9QRVZEamcKImmazw+OsTpec1pJMrmHlSS6R3MBFDPc ZWlnUU0vditwbWtKOEY1di9Jb1hHK2MKjqe7nRCUzXm39YxCLlp0zTPk+gCYFzg7
j6I/7AKS0mdspo9T/csjLVQWTXYgCe2x0gHhqY6I4997Dagqc8SaHw== QwfsZuSQphKUrmO/IgIUpv5H1q6WKCN5GhfH6gLwxX/Jn104xvapWg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc - recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEMTUrQXJpWVQ0OGpkS21p YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFd2puUE1lVnp2Z3Y1TDdK
eWVURUJGbkE2SStmbE5oSE02Tll6YXl4ekFjClNjTGtMNWFkdzh2TXlndEl2ZjZG aDdRb3FtTzJQSlBXQ1hZcnJXa2ltWVFtZ0hNCkZqRDQ3Q0xkTDk3OTVlWXRhbmxs
K21KOFRCdUJHMml2TlVHUXU5cnVpUGsKLS0tIHE4NS9ob2JoREU5QU4xYkN0c3BY Q2k1cW1aQmRMODBZUDJVanFRK0dkbUUKLS0tIGVxZ3VxRklMUWpBa0JweHNENG5T
YXBQeXNnWVEzaGF0WjNKaWhmK2dtTVkKoSxBOjZmZeucQrHob3wEr69L7535zN/N T3hKT0F1NUpBMkdYelA5VFBMNkRyVVEKYUNocPAY8bAm17EbPdqnGT5LjKj6t5X0
rpZqBmmTnLPuD0+fuYhLVbsRVp3cEULepRfltpQuutEJbhDAhWpTKg== zkVdSGPG+l7UzGCzZHEG9mnLpAQq+ED0cMWA7gOz+m+zAj7o4qLe3w==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw - recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBazAyNmswaTdnclNpMDkz YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyRDNNMWU2Ly9TcTFYbzhx
c1BDTFQyTFNiYlpPVU1zR05DaEQ0U2tDVXpFCkttdFNSL292eDErbzJ3VFZEUHhm ZnRXSmZNZkZtV29KRGR3ZmhwT2VhN2FOZDNjCm9Lc3BEUUJuekh0RkxoazBNSU9u
THRJWWhadW95VTFxZmtsQVl1d1RiUzQKLS0tIHNrQW5WVWF0TlFvN3JJM01PT0dl UmRUV1B3cGpGMWFKaXFmWVZBT2RaM3cKLS0tIFNWaGFsZE5Jc1NKTGc0amRUMlZR
dUxBa3FuM3JFMlVMa3Nobkh0bjFBQjAK+WhiuurDU3OwT+kuWJ/+kZOdIYwjsjgn NHd6RllGdEQxeEZRb2xyd0hOMXBFYncKAh/6llh1uBOqRz4L7SiDsevTZYKyoKoh
DkcUNWEt6IP8CKWJws6RoqlkH1cO+6JsKd/LWMwI14UhzaQI7zms8A== SSPqIycuhyotPpwHtFsRaOoa6YxHQnnYc57UJXqrwi1d2DWM1REIiw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1w3jtd4lecn2ng8qxantw33qxl2uasfqfjfpx45u6uweexwtxyq4spwssmh - recipient: age1jpeh4s553taxkyxhzlshzqjfrtvmmp5lw0hmpgn3mdnmgzku332qe082dl
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBucWtiUkhlVTBDRHQrYWlV YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpUmM0bkN5WjN3ell6TGxP
elcxeFJ2Y2Vxd0tTUERCaVRvQUZCaTU1U0FjCngrZ2sza0NzNWFZNkk1Vnc5VTJY Zzk1MDVHZEUzQ3lLSHN2SWRjNnlzZjBFRkNBCmdXMjAyNml6SDZQNzNSNGFsY0lD
WjF4MU1jcHorc09IdDFlU0FRT3hhUnMKLS0tIEUrYU9aTkcwTVhCbmQ1Unp4eEpU NzY2MHJrWGVheXlQRFlpdFJ3RXNPOWMKLS0tIHB6YmZJTUZ3ZW1OZy9LVFhCNlpK
R2RkZnZaNTBPTWJMdjlTSjhCK0tuMU0KsSsbacU86FneM4NHNYxd6YEBvOW2Pcmm VmVCMTVRRlVLclBGSnZuVzdydTFkTVkKYgtuNHfTXgGMWzJGALPEOU2aEY2AFnsq
dzIaD9ZlQGQEEwqTFFHmXI1pMVibMNG8I2LlNml4xM8J8yH+e/7YzQ== cH09C/mdOWmPOuJrzqLRD2zuQeUExc7nPLH9DumHPcVpXoAWSAE2ww==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-11T11:56:37Z" lastmodified: "2024-04-15T06:36:15Z"
mac: ENC[AES256_GCM,data:cELSGJgfHkR0RPVZAJxTd3jmaYNHb+HBNPccSZ+pD5dBsa7WBhlcdTVy+O/XkhQkiYvcVcpXZZgODcv9SwvJM24yA6s2+5nhcs6mJzVtYT15hSzH0YepAe2OHk8rR5S7ucUZZYIJzjFOTxWPvExx2ntsBVngZhHCrLm/EyjWbv0=,iv:yTDtfR1R9SVmCvwiLgdiMX4Eso6PIK1eiqlPtwW++lY=,tag:wxSrF/qz04Cdw9VATtnd3w==,type:str] mac: ENC[AES256_GCM,data:ZOuz/fdCiBKmqYdumQq2njK6wGiAtPPwLZphPfTwdCaWYnNHLuCE83CaDzBhrsR4nTR/03Uy0XDvNsv7Yvid5WivzrcsilNcriVQ025nNm6ucRCMdg1phm6sNXOkdWnWA65kro9a8C3g6j6EYAohvn/TZmS0XK1zp/PjJ9xggKs=,iv:T6O4nsrptfJJNzEFWeHKGBOGsBmvZQi7WU0uIrhat0E=,tag:7Cp6NCzh0j8ONXkNKgcTbg==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1

View file

@ -10,9 +10,9 @@ let
user = "568"; #string user = "568"; #string
group = "568"; #string group = "568"; #string
port = 3000; #int port = 3000; #int
persistentFolder = "${config.mySystem.persistentFolder}/${app}"; cfg = config.mySystem.services.${app};
appFolder = "containers/${app}";
cfg = config.mySystem.services.homepage; persistentFolder = "${config.mySystem.persistentFolder}/${appFolder}";
# TODO refactor out this sht # TODO refactor out this sht
settings = settings =

View file

@ -1,6 +1,6 @@
services: services:
homepage: homepage:
env: ENC[AES256_GCM,data:eC/ML1lypdxqPKmSpry9C46qD8h+LFhLXF47Z3qmeW6R/KOsyjVA7LwHFJ2JMZa2dq1G27FVGwDFSc0BBFjSEAq4QEHrHINf2kotSkS4bLHgnI+x7ZbO4EQezJqQQSstpaflJbX5SC/lTox7xhSjMYF9+9RUKu1FShv8buLNCc3TyQI7JCM21nXo3st4xOxTsPWDeFyOR7uvXi/kj04+2LQJveNGkN45+foc73VXD0jMA0mBJihwLRqL6PpAM64dQfwspDZ4dThNTGJzSQpnVfb1zDw/u8KWZeHZ8NMdT4SB0DjuOtaxQ6elIXzu96NOQYV/ncE9tZiAhjhpTleJsV/KWM9RhAKV7SEWT7x+vEmvmiZkwwz2wKWKgM1SKOplAupk3EsJ/NeDJAP+NltYWymN9qeOnFqcqXT2EWNkrCgHJwiVIuuMf1eh5l9xuxj5u0Es+a4plpbKiuNi8Ws/3IvL/ClJ1LU9ONZj4TSReOzuqJWvSKtAAx/kXeSP+H1bU4qyK+oOzJ6KUphZHctRX7H+c1jovkPKhRMit90/G31ydKo41MJwhV59lEr0pvz3BXrw8INJrBxgGRCylC55vgbJmgeZlIE4x+UpU+GNB0HnFC1PUxELOxBX7jTAN9mf48K58VLNH+kvvXuE4+tZt7sSJMw6HFlsQPxNoTFg3XxqVWB2FrFpf4mCd9K8cZUxEz0OtyLHDRuLgNtAv2cP4J8azvjhtH3rTKZOFrVtNB3K3mE2B6nyeeMCrpXoj+qpbApqfDInToz96CQSzx7GPkG7hrZkGr/nVd5U1LrLg3eulg==,iv:ntzX/uBd2wShWGAm+oOOYRZtZBazeVR6r8Jjp/ewLsU=,tag:Rsb3/GLTBnvv98bUicJRTw==,type:str] env: ENC[AES256_GCM,data:Oz5OZipRWFnZx4kEvSSHKEOG8YipOc4m4JMA5fd3RZ7nRwSSotADxM8z/6Va6lsjde2OcN3IckJ09MJYT0+a3+WnWsR48E7Uh9H5617H6bb1a5h0BZaHMKkulLIWsWS1K+qNlt45bGsTeLQNdDJTekcgzzHRB3GGwt0Qj+pmDXyaUmMLFLjdulfT9IlBW3QAjjtZx/jBwzpwNG4kBTuRC9pKik8L/OjqZ2Wrx/TmQ45RLQ4o2Vne86CB2/NBj7xLXH7jE7/UhcJY68Mr6DEevecA0cw0c99Ytble1GdpCcj0mb0pL9aD9USighjtIjhljnFKBx+ZvO1UVqA9L5wlSIQeGrBpn45oHOgKG/KTBYRLgCYSHOfUhAA+Zp3vWdajiQ2LPsLpNp1AGROu7ea2iJuim7AYfaXdO320i8jnZCLSPiBXd2DOo+AeqpV+9kbg3Vx4tt0SgIWtSA88oMzm5Lz4Wd5ddIuvuCBUEMnYcdzXBtOO3DgIOvi4AUcV4l2VHCp4iU+ZSvEybF0M54omYsw/yeXkIeYyTY7SLqKxhenrSkG/KXVdPB50zYpXu19/r2qccgPTFj37kxdDCX4Nz64r9ecikqZu5g2paNMINOV/ha/UbehkzdJY/RsPKgU4GSuHxqWEmPzREcUPHpx4HQP6EvS4IPzelg0ZZ0qe77f6hdQAXDux3WYuvy+00PAN+iIhxy4ozE0y8kKtEyFnfqowlzyrjIAyIN6JDiQzQnJyU7sRu6kMkX4K3zJoIdNKkEthJYeOsrcmB67hWD7INtPCy62gc4mgUVux+huZuBBjqw==,iv:fGF0WzgDIR/Z4s7/njbPtP8kk7h1VGz2g3MLN5v7gSw=,tag:n9NAbizmQh2lDf6B+fDGKw==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -10,59 +10,59 @@ sops:
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u - recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4MXN2MXZZdWk0QzZvUUtR YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwb2JCV1BpWXMrWXdxaElB
bytQUmxVZXh3cHg2dUhaNFNMM2FxbjU5Z1JVCjhDVlZEWXZYV1R5UlBXL0ZrN2FF TDBrb0UxVXBxaHhWNDdPVUt6dk9lOVYxYmxjCit3OGVvVytmM0xoMUgyL0pYU3VW
dFkxZnE4QzBaWnZvYWp4bUxzdzJCMlUKLS0tIERCeis3eGVpSWZiMnNkUzFDMWlv engydEpENEJpdGJGMFBiWTcyWGtpeFEKLS0tIDJPMjM2cnFSdDVoWU1mMEl0bHZX
MEUvelQ0d1BETW94eTIwb3FYRU05SHcKIwkwqn+/TQYPD2E9Y8Y5CKYWWOOlOqNX YUEwR2hmNHdDZDdxcmc3OW9rN0J5Q1UK7YIJgv4mNUUJZd+1jJBcYdBLB/g+NEJW
INWN0DgzQb3pVn/L3HD6R7rpCIujQhV/KE42p4theakT56cEFMpjaQ== 8nLi1IgSHRMryYOviyu1lJ7zd27pMhjjTkajaIymwi2T1txug7xwAQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c - recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3UWYwVWlGWUtENWhuQlpY YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3b0RTRHd0enhXcEFtZXZ5
THhSbnJkaENaUnNVekE2UndKeUpsRElpNFdZCmoxODUxQ1FvVW9UcFFiN3M1TFh6 Tk8zRWRYbm1UOHRjMFgyRGRQb016bzYzWVRJCjFWbVhZT3p2ZjhCcjFRR05TZnRK
UzRRbkdzQWs1SXVCUyt2ZTlPaDlwK0UKLS0tIEJSdk4rU1M0bmR4QTlEeFRwbUxT KzkxT1plTWVzSythQWFsZXh1Z0ZzRjAKLS0tIEU1cWxZcWg1bTRrYkpWSFFNUkJ2
dlpkaW13VkNCWVcvcGlVT0JSVm1jd2sKxDSwNVZkt+1VrEIEkSDFSL6XpkmRU0UZ NlROTG9YZWhZeTQ1djEvaUw3NWpKZWsKvWkqBd2nMSnSlwsMf9Y/H/7lZu3TYR6C
bsRYQjTxdqMxAVtyeKVIocMizGQIcsbjrwxL2RMnUev73wjNEKjAJA== S2DayCyLe6JfE3sgTIDiFo9awwTZYM9z+HXdMffnlKdBd1UTGRvH0Q==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk - recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrSVowcEdHQVV5U1h3Szky YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvQS9jQUJDU2xHVFM5YXFU
Wk9zTSsyZU5lWUxXNXlGcGNBQUd6dTBXSkI4Cndsb05DUy9QYUl5K1VGT3NLOFVl alBvZjh0TnZEb2ZRTnNHazFEcU9JOHRGWFhnCnpWYlhpVWZHTFQ4S2k5NERNNDE1
NzdCeG5wSjZ2SG0xSlVSZ29EQzlzT1kKLS0tIForSGZzWWdsYlJVSXhRUzMxS2dO bTF5U1htYTRtQjFmclJCNXhCcnFlS0UKLS0tIHpGaE1odmJCSWdRWU1zWnpxRFJo
ZG5SbFo5VzdsZ3BHMlhpUWVYajNVUm8KIL/y0lbYiYruyLRmdgj7/4bP4NLdL/uU cWJXQWpFWVk1N3JFeS9zZkt3RGRlMHcKieWN/vbbTCscmY+jAoY2qU46+N+susmN
/bR46RvXfAhgyncp+4hXrhh1CdPUwkg4Bh6WfwYaO+0kp/4FU47u+A== AlIHI5B65LlHZ8oAVsfGDrSb4u81dM2sPqg28iY+Ij32AuWBCTWfIQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc - recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwdjJZMmhqTzNrZWk4SGJ5 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTMFZLS1IrT3BzelZYVlAw
bkVaOHdCOXRwT2V3VEd4Q2VDRzlCMDFDelFZCk5LMWZoK0g5YUt1ck1jQlZONDRS M1ExNXVPcDlqNzIvREFOMDVzYk82L0h5YUNBClVvWkxDdnFrU2RDSTBWOWNiVWVL
MDFpSzRQaDRmMDg5YWk4NnBtU2RXcDQKLS0tIHZ1aWxjcS9mejRaTnVKV3pDUmgx bmprdEJsT2Yvcnc2cGdpUEllYS9adDQKLS0tIHdxT3JPd0tkakNpalVKU2NMUjln
RGJFZHhsME96WFFOWUx4QUtZeWpCSDAKX6odRaFPR8vHTSZ+YD5POCeFVMeWk+Q0 bCs4S2ZyZDJZRUFqY3JRcHI1UDZGTzAKlW2nKct0J9LpE1WNE73fp0OUpLXesgNx
f4zjiGN1HXOk4pwH286z66VAZ9Eem+c15mb60ZmKFRhxTeJc0Xvq6g== V8QJ4cNix3V1TX7pPsGOt+driC83kGEjj/jukvrUCiT9IHscDOpY3A==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw - recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxMy9OYWdsNjRXZ0YwdjJI YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAySG54VVEzOVY2TGNGTGdn
YmtJK0krNm1XamU3bGlyWDVPL3FscmNqREhJCmtQR255bkcxMEFheEZ5WXFvUjVJ bVVaMUtqamwwamRRQk9qYmpzdk9YbzEvYTAwCkpIb1pXb3VKdUxPNUdyRnZVNWJU
NWNQOVc3YnVZNVBSSkRZMGxCVjhsdFkKLS0tIGNyQS9BbnFJclFtYjlYZ1h1dFhi cGIzVDNHQWlSSkkxMXJ0RGp1MFNRckEKLS0tIHNSQ0t6SkJYVWZramkwZkUxRGpw
bUEzWmRZUzZIYjJJQ09YVU4wVUgrV1UK+PmTnYJ67rUGld61S0/GMa3ZQYSAePul SnZRYUJzMGJwZTFYc0J3Slcrd2ZPYVEKfQ263loKlS0MGe/CCgAiu29trQbR0z/9
+a/5BKlvLgPJVua6Fv5LIoA0zzmFLEpOOsnLarbmRfWm9XpQDD5wEg== l7ehDvRN+POsckFL12xs/gapkOFIuY9MJ5ngibKVUqVWwGG8cedkRA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1w3jtd4lecn2ng8qxantw33qxl2uasfqfjfpx45u6uweexwtxyq4spwssmh - recipient: age1jpeh4s553taxkyxhzlshzqjfrtvmmp5lw0hmpgn3mdnmgzku332qe082dl
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsaGdWWVgzQUwwbVlHZVgr YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUcmN3UXRGRlJrODQ3MEpr
U2NDSk9SV2FRQS9GSUUxK010WTFaK3g1dmg0Ck5Ld0Y4ZEticFhoTDFNb0x1NDk1 SkdaWUJENXVmRG9tZ2I4ZEVXUTJQOVlrRkdFCk5TUWNtZFk4L0MxeVhvQW1sMllP
SWxXcFk0RDh3V0xQUS94ZjRoK2xESnMKLS0tIE15LzRjYXVjS01JTEEwcDNuS2lz bHp2cyt2V1R0UmJOQ0laSUpqWEtZcFkKLS0tIGU4c0s5blJPRWIvU1JZTGtURkZh
YWR3NnNjbjUrTTVCS0t3TzRydnlSNkkKKIi0I49zJ574JR7aVu4x7PZcaRvxnzvm U2NXcDlaWUNJbm5lV0lVQklwTXowajQK3Sdo0OcVXThYTWBZMd/t7hey2ITfKIDT
Z2IXLciMBKkiIQNf0eRocSjfSumToBAhXORJVklAxW9j67haSuKZMA== pyKaJc2xDzsgKx/bc2DxjElsROPBF+7Z0gYMv7/aOIhkcGEU3lPKsA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-11T11:56:37Z" lastmodified: "2024-04-15T06:36:15Z"
mac: ENC[AES256_GCM,data:7IBluUr6uRBeQoaIG4LG3CFEUa42UEl2NMUS/V01W/fKlEBb97Jog2dpdivMQ0P4Az3MSzPqfq0Y7b4XBcU/LnSGNBNKFAXO75rBwvmuKF5qcw7X8MUl28qgTyS6DImDL33r+ydA731lTzQazntAzgqquFTtjNqixkF/2qDTgeY=,iv:ROdwE2T5M6zofyP/vxJRhvRj1X3BCKiG0Kjmfp1Jd1A=,tag:oOs4LF7RHxEb40w7KvFFcA==,type:str] mac: ENC[AES256_GCM,data:AeluQaUlgrC4iYyG/Yqjk4bVv3TWmFYy2uRRN/kFuytjN+TmDlevkWAbQpg9rtJn0f0FohWYvsDB/NNF5uvbDrwwMCqqcUUNs581fxa6QQr89IfXCIlSOCgBKVUtAqH/M1SjHh6K0LxVAlDW5mvr0OvW2WFURDBo45YMMfvoPVs=,iv:1ia1N+rkoTKXmtvEuVyKtZ758PDOfh7FuKOMaoxq49o=,tag:Au6rcmAKcYLzCvEkWiC2Qg==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1

View file

@ -11,7 +11,8 @@ let
group = "568"; #string group = "568"; #string
port = 32400; #int port = 32400; #int
cfg = config.mySystem.services.${app}; cfg = config.mySystem.services.${app};
persistentFolder = "${config.mySystem.persistentFolder}/${app}"; appFolder = "containers/${app}";
persistentFolder = "${config.mySystem.persistentFolder}/${appFolder}";
in in
{ {
options.mySystem.services.${app} = options.mySystem.services.${app} =
@ -77,5 +78,13 @@ in
conditions = [ "[CONNECTED] == true" "[STATUS] == 200" "[RESPONSE_TIME] < 50" ]; conditions = [ "[CONNECTED] == true" "[STATUS] == 200" "[RESPONSE_TIME] < 50" ];
}]; }];
services.restic.backups = config.lib.mySystem.mkRestic
{
inherit app user;
excludePaths = [ "Backups" ];
paths = [ appFolder ];
inherit appFolder;
};
}; };
} }

View file

@ -10,14 +10,20 @@ let
user = "568"; #string user = "568"; #string
group = "568"; #string group = "568"; #string
port = 8080; #int port = 8080; #int
qbit_port = 32189;
cfg = config.mySystem.services.${app}; cfg = config.mySystem.services.${app};
persistentFolder = "${config.mySystem.persistentFolder}/${app}"; appFolder = "containers/${app}";
persistentFolder = "${config.mySystem.persistentFolder}/${appFolder}";
in in
{ {
options.mySystem.services.${app} = options.mySystem.services.${app} =
{ {
enable = mkEnableOption "${app}"; enable = mkEnableOption "${app}";
addToHomepage = mkEnableOption "Add ${app} to homepage" // { default = true; }; addToHomepage = mkEnableOption "Add ${app} to homepage" // { default = true; };
openFirewall = mkEnableOption "Open firewall for ${app}" // {
default = true;
};
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
@ -30,8 +36,9 @@ in
image = "${image}"; image = "${image}";
user = "${user}:${group}"; user = "${user}:${group}";
environment = { environment = {
QBITTORRENT__BT_PORT = "32189"; QBITTORRENT__BT_PORT = builtins.toString qbit_port;
}; };
ports = [ "${builtins.toString qbit_port}:${builtins.toString qbit_port}" ];
volumes = [ volumes = [
"${persistentFolder}:/config:rw" "${persistentFolder}:/config:rw"
"${config.mySystem.nasFolder}/natflix:/media:rw" "${config.mySystem.nasFolder}/natflix:/media:rw"
@ -42,6 +49,13 @@ in
inherit port; inherit port;
}; };
}; };
# gotta open up that firewall
networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [ qbit_port ];
allowedUDPPorts = [ qbit_port ];
};
mySystem.services.homepage.media-services = mkIf cfg.addToHomepage [ mySystem.services.homepage.media-services = mkIf cfg.addToHomepage [
{ {
@ -68,5 +82,14 @@ in
conditions = [ "[CONNECTED] == true" "[STATUS] == 200" "[RESPONSE_TIME] < 50" ]; conditions = [ "[CONNECTED] == true" "[STATUS] == 200" "[RESPONSE_TIME] < 50" ];
}]; }];
services.restic.backups = config.lib.mySystem.mkRestic
{
inherit app user;
excludePaths = [ "Backups" ];
paths = [ appFolder ];
inherit appFolder;
};
}; };
} }

View file

@ -11,7 +11,8 @@ let
group = "568"; #string group = "568"; #string
port = 8080; #int port = 8080; #int
cfg = config.mySystem.services.${app}; cfg = config.mySystem.services.${app};
persistentFolder = "${config.mySystem.persistentFolder}/${app}"; appFolder = "containers/${app}";
persistentFolder = "${config.mySystem.persistentFolder}/${appFolder}";
in in
{ {
options.mySystem.services.${app} = options.mySystem.services.${app} =
@ -69,5 +70,14 @@ in
conditions = [ "[CONNECTED] == true" "[STATUS] == 200" "[RESPONSE_TIME] < 50" ]; conditions = [ "[CONNECTED] == true" "[STATUS] == 200" "[RESPONSE_TIME] < 50" ];
}]; }];
services.restic.backups = config.lib.mySystem.mkRestic
{
inherit app user;
excludePaths = [ "Backups" ];
paths = [ appFolder ];
inherit appFolder;
};
}; };
} }

View file

@ -11,7 +11,8 @@ let
group = "568"; #string group = "568"; #string
port = 8181; #int port = 8181; #int
cfg = config.mySystem.services.${app}; cfg = config.mySystem.services.${app};
persistentFolder = "${config.mySystem.persistentFolder}/${app}"; appFolder = "containers/${app}";
persistentFolder = "${config.mySystem.persistentFolder}/${appFolder}";
in in
{ {
options.mySystem.services.${app} = options.mySystem.services.${app} =
@ -67,5 +68,14 @@ in
conditions = [ "[CONNECTED] == true" "[STATUS] == 200" "[RESPONSE_TIME] < 50" ]; conditions = [ "[CONNECTED] == true" "[STATUS] == 200" "[RESPONSE_TIME] < 50" ];
}]; }];
services.restic.backups = config.lib.mySystem.mkRestic
{
inherit app user;
excludePaths = [ "Backups" ];
paths = [ appFolder ];
inherit appFolder;
};
}; };
} }

View file

@ -15,7 +15,7 @@ with lib;
options.mySystem.persistentFolder = mkOption { options.mySystem.persistentFolder = mkOption {
type = types.str; type = types.str;
description = "persistent folder for nixos mutable files"; description = "persistent folder for nixos mutable files";
default = "/persist/nixos"; default = "/persist";
}; };
options.mySystem.nasFolder = mkOption { options.mySystem.nasFolder = mkOption {
@ -33,6 +33,11 @@ with lib;
description = "domain for local devices"; description = "domain for local devices";
default = ""; default = "";
}; };
options.mySystem.purpose = mkOption {
type = types.str;
description = "System purpose";
default = "Production";
};
config = { config = {

View file

@ -23,6 +23,8 @@ in
[ [
bbenoist.nix bbenoist.nix
mkhl.direnv mkhl.direnv
streetsidesoftware.code-spell-checker
oderwat.indent-rainbow
] ]
++ pkgs.vscode-utils.extensionsFromVscodeMarketplace [ ++ pkgs.vscode-utils.extensionsFromVscodeMarketplace [

View file

@ -1,4 +1,5 @@
{ lib, config, ... }: { lib, config, pkgs, ... }:
with lib;
{ {
# build up traefik docker labesl # build up traefik docker labesl
@ -27,29 +28,49 @@
} }
); );
# build a restic restore set # build a restic restore set for both local and remote
lib.mySystem.mkRestic = options: ( lib.mySystem.mkRestic = options: (
let let
excludePath = if builtins.hasAttr "excludePath" options then options.excludePath else [ ]; excludePath = if builtins.hasAttr "excludePath" options then options.excludePath else [ ];
in
{
passwordFile = config.sops.secrets."services/restic/password".path;
initialize = true;
user = "nah";
repository = "/tank/backup/nixos/nixos/${options.app}";
exclude = options.excludePaths;
inherit (options) paths;
timerConfig = { timerConfig = {
OnCalendar = "01:05"; OnCalendar = "02:05";
Persistent = true; Persistent = true;
RandomizedDelaySec = "4h"; RandomizedDelaySec = "3h";
}; };
pruneOpts = [ pruneOpts = [
"--keep-daily 7" "--keep-daily 7"
"--keep-weekly 5" "--keep-weekly 5"
"--keep-monthly 12" "--keep-monthly 12"
]; ];
initialize = true;
backupPrepareCommand = ''
# remove stale locks - this avoids some annoyance
${pkgs.restic}/bin/restic unlock || true
'';
in
{
# local backup
"${options.app}-local" = mkIf config.mySystem.system.resticBackup.local.enable {
inherit pruneOpts timerConfig initialize backupPrepareCommand;
# Move the path to the zfs snapshot path
paths = map (x: "${config.mySystem.persistentFolder}/.zfs/snapshot/restic_nightly_snap/${x}") options.paths;
passwordFile = config.sops.secrets."services/restic/password".path;
exclude = options.excludePaths;
repository = "${config.mySystem.system.resticBackup.local.location}/${options.appFolder}";
inherit (options) user;
};
# remote backup
"${options.app}-remote" = mkIf config.mySystem.system.resticBackup.remote.enable {
inherit pruneOpts timerConfig initialize backupPrepareCommand;
# Move the path to the zfs snapshot path
paths = map (x: "${config.mySystem.persistentFolder}/.zfs/snapshot/restic_nightly_snap/${x}") options.paths;
environmentFile = config.sops.secrets."services/restic/env".path;
passwordFile = config.sops.secrets."services/restic/password".path;
repository = "${config.mySystem.system.resticBackup.remote.location}/${options.appFolder}";
exclude = options.excludePaths;
inherit (options) user;
};
} }
); );

View file

@ -88,14 +88,20 @@ in
10.5.0.0/24; # CONTAINERS 10.5.0.0/24; # CONTAINERS
}; };
key "tsig-key" {
algorithm hmac-sha512;
secret "iZhi4kaPJBvqxyW73aKYRnNy5e7N2A+7WczxAMcCvDl8QpAc0HFjfI1Q+0g1SBUQBZXqAvGFViegPsK9lZ3bkA==";
};
zone "trux.dev." { zone "trux.dev." {
type master; type master;
file "${config.sops.secrets."system/networking/bind/trux.dev".path}"; file "${config.sops.secrets."system/networking/bind/trux.dev".path}";
allow-transfer { allow-transfer {
tsig-key;
};
update-policy {
grant tsig-key zonesub ANY;
}; };
allow-query { any; }; allow-query { any; };
}; };

View file

@ -1,8 +1,8 @@
system: system:
networking: networking:
bind: bind:
trux.dev: ENC[AES256_GCM,data:yItoqCfF/QsOPjCdnQa//+3ULoSFaufvFp1v9i9hKOr2yg+Ep/NzUZ9GzDvpBEqKXwlOPV4TV5YIcHX0RFPioQ8LY4snLRwNSmHs3UjvvIw/jpJpUM8iCHMDzl1xcwZFJ3gnNuS5chRQmO19auMe8YQtYL7f6E28g0uQJE5Pcl2K/flVUut7mKVLJAqXM7VZ8Cua3jgctTnx37zyJsxWLfEK9iAzf4rcZoloGM7eyOW1b2eI0b74FQptxUtsAQSCmjuGVlJBp51RZzvLdxGutDZJXWHe6j6fzNj0lOs0vpMRo7/9exbz2q1yw5xC4XAZQN1vuD61Wx/qGyK8vxYNzrwaYLXBVvE67LivMNzayCXapEr3LducDBdwecwS7SPgao4OGIJMmJERIUUMSxvZIlaY6nQUNBkw9aI8CtrHq1bJ+46juJZtJDfjoKmIVgWpaYcq7k8qKKOHhxqJZ+7755TR7m8vcBe520Mj5QnebX4RwK3bLI9WFRv8vKlXDtcvO+zfutRO2hkc8VSb9tuCw75p8vDPCmD1NdVMgX69RvZMxq9NJgF0aPne+8dnoE0aKCSKbEI/bhy3bE07MJ9CWD9BUBHnt+77CALPF0gWOGkVuE+DWccbaVB0waOeJ/+7bM/9y1/PAIV/avfS2durbMCE9bk+LB7bvNSEzNm7ub8Kb+zQP4w2tgKq0RhopmUoVB8X5NkwwCZ5SPcernIjZcOI1O90avjvIh6H+/jdnEFjNplpxzV+BxZjd36f+qgISmNUm3Fbe/+dVAEQUDVt9hB+llXeou/YUA3Av53ncgImgXt9PaXHUtnpHrZin30eIB181Ysx7JKEp8UA7N72b0dh2/kWG7HJgbBnLNTuQdMU7u9hQMt/pFgH8ezqEO9m8XlDh1A6lw8o5ca9XVcPKD65u4Qfu8hCwH4Luq1QwuNFltc+cZPX68v2+Heq9H9zsnBw+odc4zd+XF0FnTNSdvxi2JAbRZ8tMhltAaxrZbjUiR6HkI1XLGhZaAl+L8t1xlwr9jqNIiM/6FrlGAekZlNgchz7IFO5l1VBHQLF6IAomvQEi3av4ttw0HBi9OqWzaM5IuIo/ZeImjLZpM/HQMn/gKAvvpMIOAK9pEKk5kvU2PCkrXzWStQXUYxGRIp8NRjeDXcs4sfygxtMRKnVDoNRMJzYCg+4bQBplLzLsBe7GTQRsVZJYrdOvf1kWMP4cG7MtddFQIBb2MzG4/z0n/KrDVT5Yxlv6NiTK9NZalONQW7wznSn/siReWIjtgJiHaDTg319rbkcyFvkjujAARnvVqkkIiKi2yxm9psG7JKi7gN6MgUaTUqTEuIvapHg0CzvUqUkhE6V39xLEDC+YwATGKrX+SfQwEUXe8QoCNJpArbIrjhJWDB45FMRawP7U6E3GvM/mwS9GK1ZhVnoxvQZPC6CHYaRTYaEh/L+wMoK91c0fHiS0ATghQYhS5W3oPW3kuZeYStIZBRI7ZxFn5Lv1QhJhgBqZSbSvYRB0tWhQmCx074twY2yANEZH24b/7qPo+plSUuj7r29sQwekh7OULXy9YzaNI6apBPKX3YlorJm1BgZ1k3tTuqwq62spY3niK/vlSIHWpaNKOD4vSar4mwcWnjvLHu3fE7cZnK8HKDKbUdO72O+AH2zeEXWi+njg/548RWKv7+03aSciMU096VCvb4z3OUbp0XRqTQDAyuOI3/1x1f3+AXRdAyD0XZDinnhGeiQ9lAIqfYQJblxE7JxVP4EIm0KM6YyIGySajOf9+Q22pZz3IdsHpoOTMekIK0/Z/DQzgzxvtNnXYhoyOUBCpz5tS2C1FMJ9g9ko71WK2yXApu6Dk3sAPG7zJyoqbK7Y7kPjQGTOLTOdSPK++z42U9QjZDJGAwQ9wgESBJG4k28TPlYthrL84e4kdalo+p056ZzmUmGRGfHdGKt4ufDJtFW/tXpAWfXt72tmxb0mqNgiCxyY5LzRI6iaDmYZkN5L8nL0ZNqJ1MLsqOWLKIP/CiDDtfwZBWCdx++KlEkGxJSG6H/6DqQ3u67DRUCRxv/XGtDWCLqRzhpQsD9ZoFMNesB72TNA+1TR0DoTZnn/TI1BTnK2MsSQHds8KzRXIJhBMlfYTIH7ruJtkUEqpkhWDK9PrGH/vm8dbV72YoGGy32jVy+Kllo3OBuK/xXOcU0AH5dgXdLgoN0qxA3SOYf0AINeAGO4g4zvc8YCTHfgqIJkb/An4HmdZGgGQQSTMsXzXy5EFVmhiTiJHDvNjMklQQKDgJfIbzU+bDtQydDnYEdRxyPWQb4T1SPatEmHlt52uYMyGt/G8fXfkU0lxLn7ZRSuac1Xjax3fKvGHECbWYcE8WLQFwWUFPhThSz+e6vUx7+VrjdX7P/yCF25xPxnDFj+O+enMu2eX0RCuF6AlLkapewdivNlGz/qth9Wa3+sd6Ew3AXfJ3oBwkMFM8JjB8gJPmc7PM+LQKcspcnI6icLdEOIIpOaA2oljra8+xlzOWOSYaQr7hv/BQ5jpSSl+m07NHn8ROrjAololWY6jP6fOcnrWwXRkt83qypKrO8nMf6gWlDybb6QY3hY/rfmm0CGLhywle825DbcDqsXRf8nFWu3vII3kOvcrGtVQ4MaHsWBdywlHMajYUSe40dNx6Z3tefzFruz9LHQ7xD1hJz82M7iZ0QLWP3VODgHzi28/uosOlwKEZ0atn27/ceooGbxGDMZMammpE/ov4jh+i8stFX9rn7Jp/fgJnVwIGABRfOX30VRp71nzcAQbCZiYYeNTtOhsSseFSmOC9t9fnOUH6BmefGtU3thnHfnj31b8UPEditCSAcJfiaggtr4VoCqJNA8pR+gKWz6GEDrou9Ow5F1xV2hBXeHcwEXoDmfKs4ElOqKDXagKuFhVrd9wbChn54J5DlNk0Hicwktvx63bB+5g130pVHuEyuaxSAUyJPnr+0zXaPdmXXcKrtkzC5XgU3o/YkR5BKXhomrYgm91e5yhLUIvgW1SdDWF68P0TRBuUZdH8jgbOJ4CGvHETNIIkiZWw16QGeiieZCQcZlRqKSpHFqcqOAyiHko5vTmBanlcH39tdrqtbf+A2z/N/qUbEPSA1j1pJXBjO8hNni04AM8Rdjh882LF2VBV40EBegLAvdQeNcxhzpD6k+64y/Gg6C/nZZq+tu2F3p2UgKnTyieFJv4YRO3LU+7BinogaFTGQDgGQvAPX0S+Ylo5zlruuRAHsX3nNxPwq2qx31uUIvWPuXY8Vc/Kq8TFQuR2bBL0ouyv/yIj9o8GrFqPw2nbQBzrofUhzVrkiQNYp8S7cwNqNNJyCVRdCHDpsXZsHzQdYMm9CxrK1huGX/IQ+oD9DwqOEZDjkp9bmnToeP4+pwOHivw==,iv:BEhQs3Di4Ot5fUpg8jyoRk8IwUf3cErHt1cL8EBKvwQ=,tag:PFalLUWo5cn/tVXMzdaemg==,type:str] trux.dev: ENC[AES256_GCM,data:+4mZg26mT4V0+ugHOyhuXUl+WdpBju+Nd222jDKMZBQzIrw1ab9J3yBd5X55yT57sdm10AMh78qg/tvoOjMjFSjnU7ftyoTmT4IaKJ64feFX01v02iaH3Qs5WS18qDpQ3WcY2qe2UlACe35jhEzC9jXn+dHM5evwkkVou+BfTbFOTaqmAJnZ4d2q1vzxMQFjTEUm8z5no5c2wOacQJ6zZUQC0q80kLsfuh+dlrMyC6Pb8gpxkvWxGNZM3JkpjA0QOlMhmANAAC5Jo34Cr2tdaM/P2yeo8iiM6UAbBdzX49fc9TBSByQN2NALG5tEpW4/SEBkUAAo2NKXPaWcsQLiQxNFfEPtRKFKeADtc88SE65YsDwr9dtt09YV/0cPoUOo7fI0YLqtdMLKkljYKRTI1hyeyAcZ5uMPfcAcKRs7r+REWn6PRueAF3ncP6aSYEgLUTft3qkrfeJRB/yWtrW/ixQ/0/C66Rm2DQOpZGyVBx7PBUkMb2r9SHRJa/sTpjDTt18/En36qIkhuJjjnTJ93GO1WnnSo3rlUmWVHKBon8Bwegr53qc/j3tEePs1jzwcVDkaRZpiNPG7DVTzC7Z1pY9HiAPNTDR90Odb8WBZGIbm2vuX8ZKOVhbGyX0KJn2x4Z0bgRIAAub8gTn3nvYa0QM0IWM3RhPa3Bng9Q3rCU7TT2k4584sMlz+n3TwARM4k2lR9tuS4g73UpqYX7zzN3tjRdyzaX43R3PtIv3fVES5bStoYssVqih6k6nqwU/osUIgFsag8qC17//d2WNiEltewm5aPEFI3uPT9HIU1ItklUnbvS4rg84nZ2+LPUe3+XjRMGs03CbxFpqifMjM/cqVvx8iWg+OMxph3yhCaiIMA75lXNA59bxrEbLD1kFyq1q/ivwLAiYg6XSRL9pL93MHmQu8MG6zRHDXwV5VyTJ1TndPY13ayFflrdu2eaaE9VxG20j1V9F2+dIVPKRBeX3FAGcDIxxp6KHOyYfl8dgEIrYtPMcdwPxFJebxtvJtj26+RraeP78US7XyUYxlJr4R9lK8rN3VHb5bYSkBk+OoDsEWDQoN/xaPbrAeMPk+sFyXXNG2fp9tSOCdisMkYo0iyuaQ3Vu2ZHdANNrnWmcKpXMFm4R2ro5LGPKeVrDwCXMVX8oa7ahmYTvg0ItE73ocn3jlfITccY6zJ7P3nq/AmF4p17iQI3mri9on8hi5jRkcjieiZZnG995d5YmoG4LPpgzlgrDt5b3lpVeAQHSd+cR/QKiXomYU4rJb/+fuoA5TbuA+/nhY4FzYAteWafeYrboK6GHHkMSMoyudV4apYvanpAUSAvYoAxRiNsy7WRkWrmsEVqCE6ynuNBEYYufp7rUfkSAIuI0u6Jr1RGmzZ0i7KlU524rs2WfiNf/7pu9UCVrvmRmDXXCauLYtoz0I/97746pMdeHENE5lPn8yWRnAL22l6uakYGTXpqgitu7OSwoMHCGPeC1EWkOBTaE+WC9rtI4ERvcaLbAOuT4y9YlmxZo5cRBmGcgaQMWbjFnZ/+Bt9xVPfbchD4+UO6BtxtVHvghny4RP5U+n4HrJyrQTyc02ac8gdUjqDBumNR0iGaxD4lisEu+QqwT4ZDOs+6l6mxdCtKzkqHIquEmwzDO0TAM9UnPbEtcjnVGdxR/k58FqNdPffi4iFouordGgt8neqoK9W72pyVnT/lX1ZFFkSTnj1CiR4UNmQ3ezkWazfaswNKwi5ockF033qpDZQe00nej7AN6WKPDQjPuKDsyftN9Wgr1cFyZsCw9qH4WFJux9lI4rNGEhyTe7oDx8nnLfi8Sj4G49sDCKUqgVgGWKXngI+OfvGnh5nSGe7zzRRzDltCgaWAZYBmZxqUb2odHw2UnI/dyvQzvf76U4wVSF06kef/EaPRsuzYUKCMi6e++tXxXJRlh7GSzz5tDaENhP6G+WTrHBq/harf6+sUhRSmI7fKOR1BJZXv8VOMt1rU6EnWJhusOPsh6GwbmdNvh4nMcZ6Xc2dmPFBJMyYsb2zh1l55bn0ICOZzz0mbQdRJnfwKYvEQPbyJvVGnqN+RP+EUFXsUGXR97ajNJIImeFWM9NI7OLVTs9qk6y9EHNEVXUXszT63eaVrAB3x+GBGuk3ZngWzS4KTnTdhwAX0+6uGYWpKgIPVQpdWVPOoGMcs5aVLTgUNYmfDiDncC671YjNA4qhMo2sD8D/9ClAOrmyamRcZbGN2LKBKUk4UPCN/Pj8Ci5rdc+8qHzzPhuZVosB/qsw5bwB4xDeno/YW5edupvdzYKCETp6rNbK+a5bSP5sD9EliksJa5czAevezR252XcI6JO1Q3PYaBzyzRw6BKRz+5+JMg+4oxdCKTTo4LEvBjwvYQuIveiRwlg211JraswTQbGfGsXhaJJAZFaET5ysAjiuzlIEkvJmv7pG3u8jw9Nd34re5a7NNkwFjGe6m7B+x6Uy2SG6+apzv71QsCOSkbAXZDgmId98Gq3T7+oZqESII9xXTA5usuB3cJiVcdTdw5muj6fYDTqcKYTjzb5pAz6TUSEUbNgm4ft1Iprs/cibiZ7zTm3mRrdOelxGHSGyAHDvhBP4fW1vbXhH+F7nar41gT6EfIgIck4mEaPnnXN9cA7fhvdgK4HZQQ5VGeVpEtOcIuDZa1dZzzxSqekDYylI9KaoNnslLB/vuZkakehU1A9TJrK83ZQMxABRLjMrcPzrgmFawz+qQgx6QgOQBE39RnLh58AuomNc3yqU6FRf8UMsubAOMM9U3yS3eVD1OuyaU8cFa3TqSJkidJoTSr83TwMVca74fn6S6RfBXDMScAUs23zRiaXbcX4rccha/gZj60UHdLrou+fxLKancInp/stqjFyHZH4Xge7Lm9Vx2Go/jxvDzHA4/B02AM5l1KudphXKPBJ1POdcMStCSBQg7ist7NuGquujZKwDlJO78wczqoqegXnzfZTBz5lcgsVd8NZTCuDMcbmgYIZsC1gX8K1+7N++mcvBx2DrmQ2Hh8FpEp58yrsDAyTy8jwv3+tX5vDiKJpl6K9+5bkbx5g3YxPpGR4gUBzKHF3Ze//aAnl8PEls3AvD3a/wwvIi6GLyhQ/+gSwkj2xbAjYi3u57sJZ7A8vjjHiORqmTdBSXndV1WL9qxpVFW6TXMw3A3JgCF5AK/hwVJUIaIXCbv5/nVUo+YtKghTlOiuLUeYKJaEMaZjOBf6EXyCLYs5b9OYx8mNIwqqsQyDhdW+nnZ9BhXytwA1olUccI/oOLxfoqcipj3tHXyMLzvNLNKOyRzknfqRpcfLQTihdm0G6VFB6vUndYdvOZoQgcfluo92TpSUAz+YwSMSINm9DzSXbMbH5ObdBiDiE+QGmXQ0yB2aH/upe0A==,iv:zQXRmnAz6eYEdi1CvPELMLtBDlAn5DJ16Q5GCQ8gBjM=,tag:gLfa8MFwLN64HXhGRP1LpA==,type:str]
natallan.com: ENC[AES256_GCM,data:idIBv+9XJ+nVbTFJ5EkWI4IxEw/Fh4gCXLdg10fft7IM2JLHmBObjwSEqly9CZ9AKAPJCZ/WeXKkG+Ul6wRxk8A1juFdDrOOdCXKJXpyrL7cBgSJWDylvKi7tqs9rV30SgU5hAsKNncPIWVWQApO923GKDzVVRMh8HZKTSy5ZZ8bCNQrlPr8DmkGa5VsUcz//scz1qdxnQeyAMJsrzg5bJPvR+bPjWXb06Q0oW8D4jM/gcm2HBq7POwg6DLEmX86mcYrvVw5LR2PDSXeG+32wugIaNvjHoUM62kB8b/OohTe5yqJcMfiGfEeMPlWAOdOfTZWZjS59BKPU7Ay0KUGKpVNHZv4W1G1Ebn6BCMOz4tNF1fmLdX0IcZSaX/0R58VwezKMBvaBj9t+Xmprx4fhrms4dfGpEzEM6LaeZp+dPH0MzIDPTEbrU28Oi49ppaMCQUG2HxOVoqvUNwAq/cA18WTFcEXTXjVdRo8CGo6eYU5lTK21xS6M/6ciANQtDcAPND6AaH/gJWrOFvHw8a++pLPiLK/7xT4k2TSEYMH1K4EdhVAxAc6sAPSQxvluABEsO3P8JdoLiAHI36lIN6RAkaT+gF7QvJWJtxcNqZbgwV448rcSBkWE82sNDrvcEzUpgrT2r2o+ljAX7NtXTBWps2xEjrg6NfdO3qlnW1TvLNmQTuAoezCUBQvlqNWOoSfM4qi4fqpQsnwFwy1jscYVftmI+W0cmI1dvVDJrudGJf6TtKn8Z6it+dmKCx1rRzUKA75JfC3K66FznsvqlC4TSa02nZxyUz1NxgL+bBCn8Z4PFakskxeFg==,iv:dsbNsqKBpedJuaaKZ9fPukQncCaDda8X1YEvm4ITTsU=,tag:ZRfLQ4yhjuvtiulqW1PCFQ==,type:str] natallan.com: ENC[AES256_GCM,data:xyWDDIp6tSuJt0ESUeCnpzQFhzQ/AzrTSVGO8kAR2I3kAGgcuBYRiyWMhMo7dUYYeFSBtybzyB+fWldBbcdi/pXr4SpSCTzM7dRKi2ICbGDc5Uvm7NHHo69KDcG0ZX/xuw5uAkt7kq4D49t5DwaWPUb9fQj9s5TWj6kY3YTDOdGvlpVum7M2T5c4+HQnN3U8EfPRntq3bApzWLpytkS8fb9INFPo1zmf7dC19xwIszPzafHB6VNVlkuHydxD35y9a2gjHmR9pYmdHMrd/ObYsx5+mhXKQTgAuLEqIe9LqOxlJ17LcrcKgPc9x6bxo3AAe5iELIXguqfYYc0zLKMqnB2wba+gBHkpHhPNkNglvuemevi+CyXNHtNoV9SSfU2+UwactGqm04SlNyri7Nl6vqBi1lfQGxthD2PPAW34y0t6Pahdd4HbGk8Zn+nvq74HwiOcbH0pDBh/G3ODbfBk+gfrCvnPr2QNF6Rns9SBj82J84qPMvCr4+ZN0GqTPE0+SU9s8ihzsfmOYBw5KbA6wnTZL6no1+HMMXaffcGJ9oz646WjMvcnRCbY4pS3ACcHa3ReQBpBkbTHiauyYyYEJp3FEis4H75usZyv8qKWey7/nXFRSE+UBwyIXDNRNuzxDG/3xfvfEB3vdY68lFGhP2YswiAfeluGjtG2zLEPrWyWrlA4kyzQOsTTY3fQSyHOOt4BDLYz+c0kogHfvypqEl+5/hLWmnnUOWhf5pO/jAFkU3tnJCqWp7cncyjY1vJfPBHr4pFprAIyDplRzdAYErrji8ZvVHSXDdtYGDhsDq+4ua5/b4kvFw==,iv:BaKS5fV/9FTn6+XV0FOWhJ/qTZKwZbjFkzrOhZWSaIA=,tag:6swVM+KhxffMmFbOzU+6OQ==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -12,59 +12,59 @@ sops:
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u - recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlUStiaEppZFByY1BSTDJM YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsVmk1WUJNMlJZeUJYV0xJ
a2tGZFIrWnhIRzJnTmVjeVQzR2NkdUVKczFvCnp4MjN5dlpVcEw0WjhoWTVvRXds a01wZ05OeE1vRjEydGg5cmdzVzlWZ05uZTJRCitHdm9sWmFYY3A4eVNZSGpSMzFu
bkxNM2hpdGlOb3dIbnVsWGplTXNjcVUKLS0tIEdHbUtxL1ZsdEdwaHArcnhrYXkw emRtc0xIYUlxbnNpeW45c3ZRem5LUXcKLS0tIFdad25hbktKYkVoQWtLVGJvU1hE
TkRWdG1YQWlJdjZoM3l3dmlpbjdaVW8Kx7BcZHC7gglnTijk5fhHsk0oMdPIs3Xr clJPcm9jbHA4dk5vYzBHTDJvOCtTczAKkFuEWjBNgoVhfsMmmfM8+LEOq1ZQYzWK
CPeOTnfAMh5unDqmzIlGi+rS8siDcf4QrkjQWRZK9tJynjzkqv0brw== NzAHoA0tzMV1775qmxbrYjd4296QwPBpmda/6LFgCbeZVTj2yKNQvw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c - recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpaVhkTEJMRVBsYkwyVnp6 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqQVUxRHpsQ1F2ZnFCYitj
VE4xMmFBaWVIbGZHS2RVYjJkSjFrK2M3OVV3CjdaQ21HTUdEbmlralJnTU5hTk9t dWtnVmpsZnFuT3ZuL1dsQWY3a28rYzdEdERNCjJhYTBKZmsyQzdJMXo0N1lrUXo2
RUNjKzNPRjZTdFA3b1ZObm1mS2hjRjgKLS0tIElyOGNMSHVkNVRIT3d4OURka1BF ZzdETDA1cUlFcUx6QVQ2c21JSVRYS1UKLS0tIGFMM3VTaUJMR1d4ekhFVVFVeTBN
NnVNS3EyVkNKd1FKMHBhbzM4V2lnNW8Kz92lN5MJrHkRM48nxfXgkRKX8ARWNDqg NW5EWHIxVDNQV28yMktmUGRKRllEVEkKKrt+lmoGUdzzBQj5xQ3W2XasgWREBuuw
sNqyXIDX9C+Nq2TqpLYNH7Rw06U35QTHQu7NLd/63/dxJUCcpQIpHg== TjjW+1Xcq6CfczAtxAAsr8C5nyIFJO9EUcDsMYabAQyZZp0/tvAy9w==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk - recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCanhjZCt1c3Y3aHJaV2lx YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxVVJTZjV1bVpPemtPSjRO
eWNhRE1ja1F2dlJTNG9zbS91Q1FVNWE2L2t3CmFxK0p3S3d1dm5NRGhnMWI5QkND ZHRDRHBraXk5YXV6SDB0QVY1bXIvSnBQRjM4Cms3aWdrQ2NyelB0ODMxclI0ai9v
VG9jeXNWTXFKKzJIYXhvWkZ2bm8wYmsKLS0tIG1nUzlaVXNLbmNjSVI5dVBDME9D dWVGUThkV2kvOGlQdXI1bjBPRC9uVFEKLS0tIFRDVGhZRWx2NEhFcHJ4U0lJRlky
MTh3bjNvWmFWbGRXSVEyWjlpM215QW8KSen/lWbnH1SbP7qOWARwInwXnI0GUx2m QXMwK1pkSTAwYWZnREY3OEx3TU0yamcKHAr9joyZgv8w1QXdIjgsBtwEE75nil2P
ZlWTGZPh5/Q+n6LAC64wRLKAQ+0lw7aE/b0Mf9Ht9XGDg3VizS4Ycw== HSQ0LRfRln71JMarqaCvrX3HjCi94yT5+toT+MOor7kovb+o4GEwcQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc - recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5RjFNVXJnTk9pTjZ4TFZs YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBZ0ZaY1dEUlhCNzRiMFNu
L3Z1THlRZXErQnJ0UjkvblZTR3ZoKzJYNVFnCnJWWDBiSEFzeWdXcVFNb01wTFpG dkRyWGRoTzFJblNHV2trVkdsMVhlMlNzMFYwCkhZUmJRdjAwZTFhcCtlV1hKUE5u
eUVvNGNYVk92MDdMckdKemZjRDdpb2cKLS0tIHdQSEpaRzRsa3JDamE3c1VYKy9D RzUxckNEOFNqSnR6UVdhWTdaY25VWHMKLS0tIGpWNjRKNnJKc3g0R0NtQ09uQnRT
MkIyMzNuOEV5TVVSTHB6KzVLS1ZGZncKk6cU+7KIwhVG6pbdifpxu8BSD8vW5WJ3 SC93Unl6TEh0ZVlzaTFpSEwrMHRuWkEKAcZRLzyOzTOUbZw4Rr6McFVDnZO1U+Ha
WOdwHZdbQ69c8VHeoI9WVVDXD5/ubvU15VNHvDqc0+TgM9epmSxThg== HkAd9qJ+n0YSd4NKdHitnL25NXxPs3r0z9gZlPXdgIlT2XbK4RR9uA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw - recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUUEVjRm1udU1QakNsY21x YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsN0VwWDNid1c4SmVZQVVI
a2p5dnk3NElVWXNoWmxROEp4S0prN2djY21NCnJySUF1eWFIZENMVVZ6MWVSN3hJ UmlFVHhwWHc2ZGMxY0lSNER6Wkt3TzR1QlFzCmo0amJqTHFEYXc1dzQ4d2JrYlhU
bHZ4eWN6SnVTdUxsdDd3OThOcmtTNm8KLS0tIFU5dkdsQWlKdDZzSFBGa3dZUG9q N3Z4dWdSeGFqUi8vTzU5eE9rOWp5dUUKLS0tIGZhcVhXQzFEZUJhOVdRMXpPeTFF
eittWnRlbnhJZ1A5M3o3amY2VFZyMFkKxhqNvCHSVUedEWCeuqIWNLomspQhamzo QnZ3Vmt6WkpEdHhWeGJ1YURhd3NZdHcKySPUb9MGFyNmy1EZySRjE4RL8KvbltVO
0uCqZxCgdkCZjt9aehlI/i+rlHs97+IsZoWILxHMnVN2fGiP1WWhiA== PRUdEwurrCp9ZBq87JfeUbHVvPw5+S0ha+aP8yPefXJGFs4yZBQnSA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1w3jtd4lecn2ng8qxantw33qxl2uasfqfjfpx45u6uweexwtxyq4spwssmh - recipient: age1jpeh4s553taxkyxhzlshzqjfrtvmmp5lw0hmpgn3mdnmgzku332qe082dl
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6QmFId1pnU1VTZTJhblNm YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkQVJmTWxzSzNDT1d1NzFX
M2Qvbkkyc2wxNFRLVnRoT0UyL0ozeXNuOVV3CmEzUjlFVGh5dEtQV3R5NzgycjVy UnFFbHF6YkVjUmRYTm5VVkhRbXF1SzJuT1NvCmROeFRQNkJpNkE2UWVYeW45b0Zt
QlQrMjJ1NWFUNTlPUHBGRmZPS1dwU1EKLS0tIGpGTnFKYnd1enV5V1JsQ3dmTU5R dW9Ld3NVend5cEdyN20rV3EzczdHK2MKLS0tIGJYK041RVBBN0IzMC9KRUY1UFNk
MkppYkdxMmQvdVJJaFZ3S3B4ckJDMVEKZQblDxIC5opkR92DupfwI1XdEHlnVsYy REM3YnFBaGY1ejRQeldlc0JJSW5aWjQK3ZYIRxiLOx88kimDGq8GoDMVNbpLvOPz
JKxg0pbC/ENrT+uBLjSh9cFyuHMk80V4BQ6xZvzvKX+WLJlEsHrgTA== EVtii9SHQWk4lTVqyqo2WAIc/2PMM8P7Je9xgc/sigR1i8rLQlAyTg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-13T11:28:15Z" lastmodified: "2024-04-15T06:36:15Z"
mac: ENC[AES256_GCM,data:R5uGODnxJC3ihSrzdjzxDHTKC+yXXjAOFbUAEOU67P8eM94RUnr8smP1ZDL2fnjCmzJdTMRDuBpjCtXxUeivNMTg/kK6r56VmQ2i2MDKiX49yPtGYfdUiLPBF/ZG/iwNJZ4m/3GZXAzvW2tYYkVzUU3cvsVdCFuWr1tnbsg9o1Y=,iv:kD0QdKbcr4yt+Ol3EK7O76czbYirgDx3pzPgyNB5GcU=,tag:fJsUOKQm3wUGjtqnO3574Q==,type:str] mac: ENC[AES256_GCM,data:cIXRUz3h2+PCdp0HLs1WjKPQOeGqgxpKfEXflMMUkX5GspOsrDZZYTF2A6bALaGqWAoqvHp5kxN8exTyl8fGM4x1i/eXQiZmTq/DICfCR890buSWAf83bP3X5+H1FJwR9NX37HZlmFVNWxnrKq4DTkC5Yn750LDd9aMls4EjkWA=,iv:ZDF4tgnUE6sfB7NaCouH3jd5IA5fZhZA9++jgBhg3A8=,tag:7gO7vrpkC+EI6ERjFUSy0A==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1

View file

@ -1,8 +1,8 @@
system: system:
networking: networking:
#ENC[AES256_GCM,data:rMKS8YbaNQi7RL9FcxPX9GrbYQ56yzosmLzzL3AZeZvEVQTInKbbWR6tcj3AW5bBntzNRomeKMH83cdqQ2xtkqLH1RsTUmV/mr+8Ng==,iv:+bFJXtcz7kpOeRVUvco8MuwH6y6bb0HqS+R1urbbqQ4=,tag:9yexHkeG5jGtL9Q4tEr4+g==,type:comment] #ENC[AES256_GCM,data:vOHBtHt86amLNDKm7ED9P6SW7I4IJ1k0Wl9/9bOBYH6W+DYQX5NXiefNoseaq/LjrT2ZlF/mI0+7mLRU4SU9x7a2oScSlZHqNglsoA==,iv:eaxxZ4rP7vP8utOsyhNhEueS+e2CmUk+ywdM66v1vHk=,tag:rMdipaMTEVpo3bqh8d6SNQ==,type:comment]
cloudflare-dyndns: cloudflare-dyndns:
apiTokenFile: ENC[AES256_GCM,data:ImeFlc6BAwq+1X1K8PWegOIJDJzEW63VING8lH0aYgpRbInckoarJ6a2OfYD38Powynl8mLqkcDYrlvgTDF57sRzEMGBa8mybhYZKn4ORFZPkbTpon5GuAz55Vbt9nMgoLDwiwOaE+DN2bbLVND3absLfQ==,iv:rN81afwtVNZtFqwI7s1ZA+OGNp7236IvprPE6pBSVvY=,tag:ekjTmihMMhCuBYFXpgxkDg==,type:str] apiTokenFile: ENC[AES256_GCM,data:fWAyXn25z02ZkVtsBJLFVQNTGq9a3mSU1LQg2Qbgu6bPaszFozhJ/FqeWpF7b0V9UyXD0xJsXsBJGrUoWHq7sijOK6bn5mmwP+wuijvgosQAliAL8cqsQ+eT+nVgKX2QHThPQserWFzYn97CyPMHh+VDrA==,iv:JfL/WMOfHjHJviJrrerGcq5YDkHLsR3GIGTrNr8Y/nA=,tag:xjXKVBUWbMTMxuMfzw0CgA==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -12,59 +12,59 @@ sops:
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u - recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBva09IMGhuSXQ5dVVqZmtx YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2NjVNSmVHaG1jZnBVSXNZ
bm5UNjRVN0tKSytuc3dBdTdrUG9DZDBGVEJnCnNTclg1cUUxVFE5UCt4K1BobDZi dUVPejVzaUZrYnZVVmRRVUYxN1pmVlVnRDFVCmhxRXQ5aEM3Ti9qeWNTRXdXMmRa
QllLTXFmY205cVlsMDI1cks4TEkxaTQKLS0tIGtjek5OZ21OREl5ZElmY3MzUEcr ZGlDaU8xY2NlMEZnRnBzTCtmMCtmbW8KLS0tIDhhYzlWeTVURUpqVnl2bVlBNG9C
YTNyZUtHTFhWYWRhcFNoN3ZCYjYwNHMK6wyDzfQAJe+722HF1f3DegqcdGsj2y1j emM2b2VKRGtJNlpKWGdpVkFsSzlBK0UKzjN4PkVurOHGwVRuFaWTWP2DS31pDYRw
ZK3wfCxqo7X39goywNcbnVbugHUltMvd1KW7nEKMuCF/YV9EK521xA== egd7g4MeddRPwvpg1M233XUvhYb2LHKUGZY/RoyPWn7yB3V10G98rA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c - recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2LzVrU25Qcnppd1pzYU44 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlMEo3Um5NdWxLUEpzWHpp
Qm4yTlJkSEZhajJBTmFXdk53b0lPYUU2TmdJCmNTUDBQT0dIT0RnZ3UzQUFFbW82 RndQeVNUOG1DTHE2Q20vc2M3SFZQbVg1ZDJzCmJNT2ZpVnlsaEg1cnQ3NTBYVzcw
aTd4T0JKU0p3NFQ2NzJHR1VMbG5BWGsKLS0tIGZPa1hqUzFNaDZVWjhFRi8rZXRL SjZHd0hlUnhtdGFRdmxtcmozZ2RYR2sKLS0tIHVTNFFSVFVCTCs5L2hmeCtxdGxU
U2RtMjFSbGRIS1FaWFVOSHArWWFJYU0K34Ct6CN5d96bBB0XBYYoVwL+i8+/pAJl eXdOcGVZa2N3UWJPekVWN2RtRFZVNzQKGg0Cgk0sXsJ3lEcEzEukFcu0BTPd7kqa
qpSxekXpw8K1nuHLy5102Vws0AEEMCHNAkEHsjesMXjV3S/cjJWMig== FWWgwVXZeAX6z9YV6y25ZgyK7g9hkDVHyBzrAG+MijxymdnmyotXGQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk - recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsRVJmcE5VYngvUGRBMSt3 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXUWZycjBJZ20yNkYzaFl6
dHRod0FMWmVOTlN6eHlvUE50dHNiMzRuZ1V3CmpCamdobFhoNVc0amI5TUxHck9y eEVXSmlmRjRQZFlsemRCY1FOWmNVSmFveWc0CmordGxwdmR4eTZsUzFSOTRuY25O
MHo3RkdPMnduK3QzZFlxYVV1VWZKQVUKLS0tIDFFR2U4cVdRN2RaeFFuUmtCSkFE ZUdUODMxTWxJZUdIc0NlaGVmRTNieUUKLS0tIDByOGQvck1lVEtEaHd6a2NuTnZ6
MnZVeElOTFJGc3kxS0NxZ2xvaXdOQjgKOPZe0NQpG02tsAFFpyfDQVsCw2lZeSOr SlRiZmR6YUlGbXJZbjljdVJXWC9yeGMKepDCX4KM8MGcuawDjx6ztV2LvLbutsAp
sOPOXV/zPxCGYqs4dxzx33RG/YaiAVtqA6wp00BE5y8jrxWU6HOv4A== 21zvBz1zRSnuuMV8C8/KilRA6JsffJ91JLJIKnICwohNS6M/oI9/jg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc - recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtRW9mcnJjVU01Ky9PUFdT YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWK1Z6T1VnZk45aE4xQ3FS
TmNHVS85ekhSTGE4aWlnK05oUWFIdTBnVGo0ClYrNzh5WEp0UTJmdFFkSzdhYTdj cFNQSGFXWUJYVkJxZXhxbUpGbldOT2lHMmo0Ckpoa3lIb09uZFduYlhXTkowV0ly
d2hOVWNhQmJQNERSdEpBMDJNbEMwdDgKLS0tIEtrV2NFTTNDSS9rL1l5cWRvdlAv MFJRaHJzczNnRmxMVnRuSmRFVkgxdVkKLS0tIG10TDFpelF1QmlibFJQYnhHbGNG
RWg4VUoyLy9WTis0N2hKSXNVRW1wdDQKIpSGvd5Npk0RrfpgvkFI3VCaMmoMd/uX OGFvQkhxOXVMVStsczJsaDFGZUhIN1EKYCTExNCNSYM3W2DPPnJ828b3yya8UgOO
J4ci1P2jMb8Q+oeNi5MulBOJMx6P83BLqzTZC2rbniZJH/ItUZL1ow== Wc5qClkwbC2zjf9ePtHO6wFB2Czo2QItPTRS9odBduwAOtCftyubwg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw - recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxMjExWXkxbjYybkE2NEs0 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIWHY5amtKSFhabUJMdkhS
c3hpV05oMU9PWEFMQW9OUXN5SzJYZTJZVVg4Cm9nWmlKVU15OFM2YjM3WVdrYm1w QlBHQWMrT3h3QUtIUUYyWFFtZG1aVG80eVdrCjRDVklGSjZCNGVhRExDdERiRkg4
NTA3QVZsMUFzR0psdWg2N2N0VjhlOUkKLS0tIExCbXZoSTJwMW0wSzZuYWQ5VDV6 Wk00RzFFT1VlNUZwWjB0N0s2bzRCdzQKLS0tIGJCZTdPU1ExNjRiOG9hR1I4S2w4
d2tnMXJPY2kxcFJKNDdWY1dVb3pYVVUKVCfLKncZvTagMZ5pLnzryIPxvILaXo9l UWtmdXZFclNMdUxzZkhyZVIxTW53S0EKpRwMpsriY1mI7mTo39iUBtrIAMyeI4Ll
I004nyoMSOasctN6+TbVV+qshTa4pTZsn3czjOgTMb3fg1QCVLLb8Q== RqxTl7k67n5Gt8todiH6LWn/pDugRfaWyZ+9zhPily37mxP6RJxnhg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1w3jtd4lecn2ng8qxantw33qxl2uasfqfjfpx45u6uweexwtxyq4spwssmh - recipient: age1jpeh4s553taxkyxhzlshzqjfrtvmmp5lw0hmpgn3mdnmgzku332qe082dl
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqcTBhemdHcEdrbTQ0SFVQ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHVEZaWG9ZL2NuNDgzRjAv
K2h0MmpRZmNtTG9GWm1jaDFnT0grbmk2N0IwCkt4THh6OFRNdUltZEc2VXQ2a3Fs dXd6NTRYT2I0OGFmUU40cjFHWEthWWgvS2tJCmNnZFJ6b3cvYjVZYlA0OHh6NFcy
alQyUW1NMGtVYVFtYzNNT3hYdzZEV2cKLS0tIGVyK0hPUWRPUFRCdGFscXFRVXB2 cFdPYm9IT2o0WStLWCttL0lqdXEvNncKLS0tIE1wbTl1U1krNjRJR2hjdjZMdmdP
QStyYVowM3NDZVErSzlkVGV1WXRndFEKdJdRlJp6W9ZgSihAwDnw75mnj1JtZns7 bDdhZkoyRDdVNDFwS1d4RzZtaTk2eXMKW4XWLG21M4KLX00rJ2wAx/RP6V/xDj88
v9DG0nl9+O3Z+e7HXX/LKg7DhjizfNjrwXlh7YeuYvQqTS2Hw9F9KA== n84u+tJ/mVQLkLERvTVI46GFwjkElK63eN2M5FXFBqvDJcJK4qNXTg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-11T11:56:37Z" lastmodified: "2024-04-15T06:36:15Z"
mac: ENC[AES256_GCM,data:OEzJ9yXtbBf89s7d780P7Zy/bTH9WJbimuW7MPh4VVy0V+O23EEkEg+veCsJqNyqwCGZc7jfHkgBDglMKk/rcF6zYFOpxq359kLdXrbtdsb/74SRylN2ux7YwWMZNIlGN8eIMo4nqd/47SH4ALmH01DqztFjaXQZhe0tvUT1t0w=,iv:WVzo5MR7tmFqYGL0SpiDAkXkC3kS/+rUemw617bcR7Y=,tag:94M7kvTQjuO1dSdl9ytAGw==,type:str] mac: ENC[AES256_GCM,data:y8OLIhYUNHOIK9PMT0mMq5fGKVFZzH/AvZk5o3HA2ZOKel2DK3k2Bud78axBDXWQ2PHuA4cDLKAS9BzmgioQFo0VF6s+XFGQfPV0t5Uq9X9U8AlV81KyOV/obgD/jn/OcsDIbs3bl2wSFqs+Wu20J3GMVM1PJcJufM0t35z3ojY=,iv:MRE4s2oUM/x/QGZEs5GzWp8pX03OVdMvlyvE2nJUdf4=,tag:FuSpsQWt1OjGW6cncn6O5w==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1

View file

@ -1,7 +1,7 @@
system: system:
networking: networking:
dnscrypt-proxy2: dnscrypt-proxy2:
forwarding-rules: ENC[AES256_GCM,data:XsHHK0gDDDi0Vjxytx64QXtX+CEb6BoPCbfg3TnAnpG6uFaor3/YEJHNnlmguVlThIjbXAf4B1TeJf1Mch95y3iN1EG2iw+ginzejXUFfWPahOOvKnnb+rXSsdiqX3bXKbmcx2IrSINKhQw=,iv:MMccx35r0sQz5irLHmeZLQbAFNZZq49nP7CKmMPLg+w=,tag:xCAKUdgPIpSKky0WTpsqKQ==,type:str] forwarding-rules: ENC[AES256_GCM,data:+asWXfABR/5PXtPdHUBDdK3JcdQ7WkhF3wj9jjXuEBguR5WK3gEGOuFXU+8+eGAWrotFUdPr0iqsIcgeMdjxJA+gd2NNVdk6C9joemT1kIihYL7O9BRzdZ5lEw093llmrzHsMuLqOfOeNwg=,iv:PKWm/G2F5ngygjeI9gLhiH2p6yRB+LYkybJ9OcJa+jw=,tag:GkaGYKRfUiXk04qAZ7E3Iw==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -11,59 +11,59 @@ sops:
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u - recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXb0hRQjJKNEJncWRTUGw5 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYU05iQlp3Y1IvR3czdWlm
QjRFSkk4WXVmdG9XNE03V2NYb0pnUCs5QVQ0Ck1aWVVGTmtmQ2pZVUVyRk83WXlI M05FRDdHQWNDT05oVHpvd2NsL1BaRUdZejMwCjZTdEZiTjYxRnZWVDV2ZG1iSU9K
VkcyTis4UU1SOWdFTGRIOHhYQnhVdjQKLS0tIDRLS0dTNk9mOVByK1BTSm50SUds MEtERFBmZUZ0WnhXcHplbkRpZzZnVzgKLS0tIFdoSERjckVKVndwZmtWUTVUVExS
eVRPSkdFRGFUaWJZMzFjakt1aXVRYkUKmi3m1Shpz+nMJ0lGZ8/JBJQyZ4y/CWwL NmdWMEJEQ1BMZE5rZkpKWkJsbFprWmcK1ySkcnK4NaBc7DrZO61YuWgMSdAWA1nB
yb2U4SZFEzBsxszKCBl0rk90Hpx7HduS0hDVauhmfWzpYzr55bEh9g== 5gWOP6adfGvHwbeUVWEvvQlnLLvmLm/sJPgqUSdGFycfLPXMVWeXSQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c - recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJSFpKdTVBUUE0UjhRM3hK YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpbHdkYWlPVnJoTGFxT04v
NDB5KzNJOWozK3cySEZYbFdJSSsxTWdVWUJJCkJ5WjY4Y0xEY0RPcGplM0xsUWRY MlNSUVBKSTJEWjh6Q1pzeENmOUZhL0NEYkFvCnhRV0ZlTldyT0hpV1RRUlp0T0FB
bWZEaFpBMnd6Rll3MVhlNi9pQlA5VGcKLS0tIFlSdVVLTzd5RGlPY2RSN2JRdldN a1pHbzMwckFFeDMxcUZzNWhBQjZ3YlkKLS0tIERlNEpKK0k5Qi9lVzk3NE95ZUxN
UFdXSklWd3UwbHZlRVR4RmZ4VzF5aU0KsAwJJimAUcW7pGJfZ5RIHNHQtAwy0HZj UlJLdCtPdkxUZC9EbURyczE1R3NkSmcKe0wy4vkQcaT6peLp5XNjqutMQu1nLS6Z
oaaeV704j6VtFUhv2Bcf8OYjA0dH8RIn8psYS0j2WCnNrC19q3Nwrw== gVxf2Pt3sXf8QeSyQzQQ6/5czgw2hFdjv/klh7f9odrQ0a/UqHapzQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk - recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5K3Q5VlNZaXVNdklybDF6 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjWm1JaVBaaHAzeWV5dFRP
QUFuNDZtOFJINzUxdWNLU0YxL3JQT1lJcjFrCnJoZ3Y5NFNMd3grTll2QktIQVhp M0t2Z0lFa3dKSm4raVNVcDRGWVJSUHptQ0FRCnBweHh5d0pFZk00cTNiNlc0aFhH
Nkc5dU5uVks4MVlRVTM0S1RFVlo0aU0KLS0tIFFpV2w3M2xwU1k1ODVxVU5pMnpE bXlrd3dtTWdhSUZFNE5Tb0ZTY21MS1UKLS0tIFlRczdVdkhkU0xTQkdjUkhldW1R
ZWp5ODJYVkZjekFkSTcvRU45MjZJcTQKCX9kK2wNXJJOLNJnDcvJ5zBumLZeU5Fe U2E1b25rWnhDMkJwOUhwbEVVVWtpR00KD1BUYervShefpJEu73LdNb+bAFoVojuI
2yUJJFfZe9mkzXz9++muE3LpBh9rlyXvnuOMD+0V3+Tgqbax0tA5qw== xXYFkI/IomZCkFVg8h5lCwsHdDmnG4JN0zKbt80GBZ4oz5qpaaqVZg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc - recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzcXZVK05oV1BRK3U1dHFp YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHU3VTZ2dSYUM2S3hGaUlE
OVZoTlpDdm52SHFDZ1ZobldKM3IrTi8wYTEwCmhNNFlZc2NNejZwK1FxbEdvMFJC Tjd6ako4UU5oRnFvMUxKeXpCSWd6MDRTbDJRCjd5U0Q3QUl4ejl0VEJobW5CVzVQ
M09DSFJKK0dyWk1mVXdHZDlnSS85R2cKLS0tIDdkZm1uaXR0U3NOWlJ6WDkrK2Zu cG9LUk5WczJXRlBmYXBFRzdFcGp4ZTQKLS0tIHUyZWhKeGtIVzU3R0tzUGZuNnZQ
RVZ2UUJ0RWo4UzlsSUhWejZySHFGZmsKOXFJVA3AHLgSyIPEn+RtDo0f2oNBUHuV WDRQS2x0STgrN0lvc29wUnVWN1F5bDgKRixHMNg9boG19t1USNdB/VyL+sTXBjiS
pgjTtjD7bsrlCuhH/mMPFCHf7PH8XZA8PMDfU3hNvpVWxOB2io4RvA== 3b4xZ2mFJLBvJYzmWikAHq7vSFDYdttcgQADE26DLJb1JlOxifDVcQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw - recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1WUMzeXFmcW5WcFdnOWZI YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvNEdJN0lvTU85dTFUNFlE
UDBYZyt4Y0hQRkhCaE9MMVducVBRU2szZENJCkFHNnJCc2Q4RlJlUlpKTnZLM0w2 RjNhRjRvYjNKQmVLeFRtQXZOT2pNNEI1U1JzCkVkK3hyR3lZWTArVGhBSzJJbnNu
aTgxeUNCRmpWZ001UVRLNElwcWxUNkkKLS0tIFBFNnVOUldOcUVIVDk1TjgyRGJJ UllPWUllQ0o3S1VHeEV4TTBJZ0d0SGMKLS0tIGgxSnR1NUQ2UFA4ZXJBQnRkK24w
UlgrT0VwaGJISUxpeUxuS1hiamJsVTAKVZKDd0naQHxadHsd0eRNWqweRb/7z6Q1 MFRKZXdVN0dHb0xjdm5GUnVMQzdkZW8KTioBz2zJxkLIaPgpYe6yrBm12l6tpo/c
Mf3NbnkQOKTMILntxousk8ZszvDQVZ87wyZ3mzmGay1B2B19QrPkGQ== vXRBwHo7GTUt498MZ+zhv75+BVcYqFEXMT6Sr7Eze4fVtShFYC2iDQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1w3jtd4lecn2ng8qxantw33qxl2uasfqfjfpx45u6uweexwtxyq4spwssmh - recipient: age1jpeh4s553taxkyxhzlshzqjfrtvmmp5lw0hmpgn3mdnmgzku332qe082dl
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVb2R2YzV3eHF5UGNPZmE0 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwNzEvLzltOHk4SEtPWU83
MWcyK0NwNFdFVXpzbENFZkM1dDFMbElRUWg4Cm9ORXk5TCtzdXRxcEhQcURmaCtI WjBwWGhadHUzM1REREtVQiszVVRVOEZ6RGpZClcxOTUwbEc3bnZaWEtkR0Rodk5S
R1BRZVE0WHF6THh1VGhUVVEyTFZHemsKLS0tIFpGVFJGZFpSenVLNkloZlhvK0Nz VGQ0VnhlYVZ4bFU0cUdieTAxQ1NLR1UKLS0tIG52UlBWMXgzVmtuWnZqOFgyNHl6
QThCYlc3N0ZtSnBES2dCWm1PMW42L00KSmKKlPDzs4sUYoVZOzW4pAsbQP4m2gu3 b040T2wyTFhuMkd1eEVkdXRuOWNCb2MKstTjjHhENspSzl0IwsG3lWccARz5kl0M
mPTtlyqZrSbhGSgtwEw8C+p+LZOqQXnelkhGb8I759TpR7DASrqP8Q== NdVjb/mi4y56bH7ujzqpGlcNe1oSKwkxiFGxPKXwFF8Kpgr95MSkTw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-11T23:56:52Z" lastmodified: "2024-04-15T06:36:15Z"
mac: ENC[AES256_GCM,data:z4v5yRXeB/MCa3ltyf9KZl6NEXqsiIfSmEzzZAJRchOreJ1aIjWj2te5DM0n/08iW2ijFi/bekpcsl3U+5UJkwAjA+82zlvRnw91ppmb7mtnojEq25yhpB6tAUXoimLmT21saY3PnrHx/DFeVqg/P6cX/pGo9iGB2izwH7oCfUI=,iv:NDr9ypPZlTXS5npdrRGCwI51zhU0qCkvEUZfx3JxhUU=,tag:v3NLWsekZlxRyLsCCNR/Vw==,type:str] mac: ENC[AES256_GCM,data:UpebeTZNDRyv8Z/4/t8C26D9PVej+2B4Q85CvM/bj3w5+6c3u4knwNFRLufI6y3vVAxjo0OEvdEVZQIziwpdIVpyW/O7g8nmWNGn0iI8VbNsXcqrlG6QVP0dGJqy/7DhJR4VyoMHZSoobxCyg74ZUzrYIjsQCv2NRkaJkP10WP4=,iv:SHZi8pVrySV6BAEQsVmyVyafpfuSjQ2QkJxa2QYTDok=,tag:TrxqyZRMXprhaS4C1L9QPA==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1

View file

@ -1,7 +1,7 @@
system: system:
mail: mail:
maddy: maddy:
envFile: ENC[AES256_GCM,data:QIP7YvY/kYYkqwxwLsrRC6ptExf2tzw7/+t4fdkyDwOUqWM4dI0TpjKr1LXfASCjHrVwb2a6+iqt7N+9ievD4MsrEEsoRYMYIjOlpsmPiHam85ql5WJlfTbOy91VebN35Q2aThC2NmeGcptJ7UX7cigO2KcmYPa5i4evIE+grruoQhM=,iv:0x8ezgw3xDkhQRYbASpz4IAw4hE7nRzImB/5rrs63Rg=,tag:Azm6Fn1gwLibRh7wjD6rWw==,type:str] envFile: ENC[AES256_GCM,data:NaSPuxf5PzfOrDfHrdaMdQpkOyrhtjBObyCQ89XBCHyQeWizneznto9/nQ+3n+QoE7NLuI9rKomkoioTZklserbE3EzrwSvoG7L/cF5pq/G5ToxcY2sMuhCuCoZjdj9xD9mq0WLt7azQ9nOGIzaP2EphCPFXNJLZBFjhk52zRY9okqg=,iv:zNFZlUWru4BwQOWTDEv6KDN1K9iKTrl0PvQ+gg/VXXk=,tag:zkfRRe7+x/lpgJ9Yhzj2vw==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -11,59 +11,59 @@ sops:
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u - recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEdFBMdFg0aVdXVTFWSHY4 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaRzZYckxMUkpSNU1jQmhv
STNQcFM1VnVnNHhkVmhhMGZpb3V0ZnJBOGxzClcyQlBOMXo1UXRTYVkyQ1FxSU52 RjV1MlpTMGhZT2I4b0VYNDNZZEIxbHVIZjMwCldjZHRrSUNhK2NtOTFnMVlQWjJ0
K0h4SjJCUHdZcS8xQStSTFU3S0trTDAKLS0tIGV3WW8rOE8rSmhLc0MwYW9tVDZO ejVXMWxxQnNFb1ZVRUl5ZXcwWmY5VDQKLS0tIER3em9OVTRRMUQ3eGNLM2kwYm9E
ZGdpbmovK3NBMms1Yy9WTkk5eE9mem8KXnwaEyS2Ztwd8NVY9R+B70AwMukAeFmf MmdqMjBpYnIvSlVyV3EvbU5RMmNrRkkK71rsp/TVbkVchu1gBMztRzcaLYG6Xrvv
3Gvj3C57EivrRLDTgot5Sh8TSni5VAlzXJPwwSfgEIiia4qiSUkkXg== 5NeKmrctU7GzaMCtMDWx6AcApNKt/1LamRZ2wElSCytuMy+jIRMP7w==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c - recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6YnlzaXRjMElRM1djdkNx YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvNFBLelY0TkliT1p0L1h2
UmprK3N2UmxyL295UmhoRC9DS2FvNGk4eEU4CkdiK0xVWWt6dWJEcHpjSHQ4elpq ekdlM3pvMWdBVVNRNWdXZHlwL1JXM0RTbGo4CnVBbUR1VUpMRytLVDBjL0FxcHIr
WHJhazhveUgxUW1ObWRmaTE4N1ZUMkUKLS0tIDVYekQ0OE1vSVl4YVFmZTV2VEl0 cU9QRE5lYUNmZjJqM290SW10K09uZHcKLS0tIHg1VmtvaEYwTGZEN2E1czBNaExN
amQ4NnU3WFRyc0FBTUk2NmZqdm9haVEKZ67m9O3CLBrF0U2q/1x1KQYx1gxs747t bC9EZ1hKa0VrYnB2b2s5dktBRnpwQzgK9zz2Q270y1SVpx5Ao4/XVusRqfWnn9+j
KDNfjNXQgIx3VI6xgIVOflzK4vePUWWQ4OMr3M5h5qSCKmHImIMCvQ== D6I8qHJA3uYOhEBdGClkBZiwbgCh0ww2EOZv30PmbHtUy8K8MLB1+A==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk - recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMbUh2TFR5c3d6MWdmeHBr YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPRG9UUUkwM1N0SVJYUFV3
QjNpN1EyZTFINVc3b0xaMHB4dzdoWUVzUkJBCnBYKzhNRHF0L3JiSlpaM09STlg2 dWViNjg5elFja2dibm1rUGlHalR1Q2MyUVU0CjlvalZGSGs4bTBBQXROL1REeDM4
V0RiYTRWUDhPV0xVK3d0VFFVeWZzemMKLS0tIE9kMys2QlZ5VFc1UnI5RTdSdVRX d3dBN3llZUsrd1VseW1LSmQrRWJ1ZXcKLS0tIEVWVnltMkVIQ2xQMGtQYnBmUmpB
dmNZL3IrSFRSQXFnTTBzMVEwMVg3UlEKxf+eHlF4Lq5XbnT89fel8+332gYNKv0O aXNPaHRQUUVRYXJBdFlJSmVFL3Q1MnMKZ2TMq99uVFic9g0pMhTYrZCkaTB3NZ6i
toOh5OJvN591LAk/NFy32BYXuxL1Fj3AE6wFvpx5Bkl5UYrWmwbHjw== jeQS7f0ikATurSr56MJcz1i3wwgfruo9SS8spRnK1+pKMxq+CsU3Ng==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc - recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBON25iQlpWK290UkxHK0Fr YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDK1FHNGk4YnAxQ3RMZXBw
dWxCRnd5bEsxL0F1Q0NWd0NCV0ZJeFlXaUhNClVVTFhsZzIvRk5vQXpaSDdOT0VN NVg1aG95MzV5blJpYmZDaklMcmZCTVRiSVFrCktEenBQSEdaQU4vQWlnazlRSko0
UDFTTGF1N1VMU3g5ZTVUWStmRGtLQjQKLS0tIHV3ZkpnbHcwai84NS8xaVAwUG1G dTFvNXl3TVR5dEJ4dmhaK085Rkw1Y28KLS0tIEg0ajRlUmlXajhmWFJELytLcTcw
TzlsSkdWZUF5TnNMRXFKL3dXN1Z6QzQK8JCT3nzdHwkpoQE3tvSPSzoRYd/gwdpr ZDkyWEpXNTFkN0NHQXlXcm5qM3JveGsKvZovxyg/qG10UbELb6s2Is4vuxjTNPf8
63jF28zhmEY8hoMxof6rfiqk9souAobIzwbnfW/CkF86L5iS/1iepQ== 28jD2axQfs4IxYdwDfybjgiIvZN5NyZ8cE/eSsiOJdm2cUxEQLSLXg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw - recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHSzdsa3Q0SUQ1RDBsN2s0 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBObkxxQkpsRGtTVWNpck51
bnBPM0dwUFRoalVqS2d1bVVQbUNOaVh6M21jCm9VYlRydlZtV3MwZ1BPR2g4dThu UUlHUzFNY3RDZnpYcFVHWHV1MlBGQjUzQjBzCjFLOU03bDR0cjlST25nd1VudmYr
TW5hZHYyc1VFOW1YSURRN0RiRFJyR2sKLS0tIGF4NkZmQ1F0WTcwaFB0d3c1V0Zv aTRhaEdSdFpyZmR5d1pSUW95RXgyWjgKLS0tIGQvdEVRZDZORzhIYTFPbU9RRTNi
Ynduc3pCcEVhQmdoZWZvZDg2NXRWWHcK884kU6xQiLuJ8foQY2rdZHEWzqGo1FGd elUxTUMvV3dKUTlIWG1YdW5Qbms1SUEKEW0xqUEwitR0+4Rx9HcjAFx5lcCpAckb
/Xfj8A7EGJWOSdi/n4dJZ6AWB7Z6rPAAzNBr4Her1yckG7JVxv4Oww== 2oAj6fvFH4kEPzaL+m4R81YRDnJv4mrcZ6wGHGwMQJoNPtuaLsak0w==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1w3jtd4lecn2ng8qxantw33qxl2uasfqfjfpx45u6uweexwtxyq4spwssmh - recipient: age1jpeh4s553taxkyxhzlshzqjfrtvmmp5lw0hmpgn3mdnmgzku332qe082dl
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxa1RkMmtaS0pSOGU0bWJN YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrb1JmZ0RjSUxFWERSZWl2
R283VWU1cSs2eGF3dkJVejI2RUhManJMRUNJCkpRV2NCYklzeVdYZ3VySzZ6MjBq UThsM0F1M2c2bG5hbVkxYkI0bFYxYkR5T2xzCkxvRStjUmc1bmxwUDk5c0xOZ3lP
QTlpRWRDTUx2YjZIREhyb2pMcmFKeEkKLS0tIEtNKy9DQjJBa0VZeGxpUzI4TlJl K0s2dVdyUTVsOExVNWhSUWdJTU1vRUEKLS0tIGgyMjVHR0FsSzJrSlc4cmtsNEFJ
THlORDQwdXJ3RGZmVTFtaWNlODhVYzAKKDvNETiOrLrrE6eiYM45c7JRa3UCx1iF SDFBY2hpS2tYRjJrZmE1Q05mclFQYVkK24BJZoxm7F2L4xYE6zar0Mw4ZRS+JXyW
soxcSqU7iKhr+bvo2X8idMQlwS9EhkPerFMWcON7ubcW4IznSMCXhQ== 2slJVLRUY4llS3y+Acxhif+xGpASGMS0HrBlPjXc/8dk7xnwDTQvKA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-11T11:56:37Z" lastmodified: "2024-04-15T06:36:15Z"
mac: ENC[AES256_GCM,data:QmlccYlL5IJD0OJ8CGfpma6fXSsrLISvBIlv8yvCFMitPnrFowWYzwN5EDOFIEGq1bIKef0tygBC2JDua+mH2xK5ZKftC9tTjhavZZpw4w3nWq1PP2zZWuPh2NmoSk1RtpQ760XTs1U+AloTJGIiCIUxhO/OT9fLo8WW2GyMJ1A=,iv:zXfkO1vJc1EtKgOz3Qs8BtwFQPGCvvWzLu60seO04WM=,tag:kzUS6IPrz4I2ke8kVviPgA==,type:str] mac: ENC[AES256_GCM,data:vNYnOvEhIpQ1ufxpLRKa/H1duYNDzKHY8vykpJy/4cwFLrMVy8UfTf4HdZe+kTja3WxfKEkigFZ6KOJC2HKPnQFX08yH8W6TznlU3t2q02SAXdEp8ycEoWsn8gvIGQqiJICR0Scb6M6guaP/y2n2DoPfS7vmIPpGdHIatW+crqk=,iv:C0y3+j+Nxj0NGlL3y/54/AijGo0tDC7USoDlzijmLzQ=,tag:5powWCaUDxOhhyy8FqLDfg==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1

View file

@ -0,0 +1,21 @@
{ lib
, config
, pkgs
, ...
}:
with lib;
let
cfg = config.mySystem.services.powerdns;
in
{
options.mySystem.services.powerdns.enable = mkEnableOption "powerdns";
config = mkIf cfg.enable {
services.powerdns = {
enable = true;
};
};
}

View file

@ -8,7 +8,8 @@ let
cfg = config.mySystem.system.resticBackup; cfg = config.mySystem.system.resticBackup;
in in
{ {
options.mySystem.system.resticBackup.local = { options.mySystem.system.resticBackup = {
local = {
enable = mkEnableOption "Local backups" // { default = true; }; enable = mkEnableOption "Local backups" // { default = true; };
location = mkOption location = mkOption
{ {
@ -17,22 +18,74 @@ in
default = ""; default = "";
}; };
}; };
options.mySystem.resticBackup.remote = { remote = {
enable = mkEnableOption "remote backups"; enable = mkEnableOption "Remote backups" // { default = true; };
location = mkOption location = mkOption
{ {
type = types.str; type = types.str;
description = "Location for remote backups"; description = "Location for remote backups";
default = ""; default = "";
}; };
};
}; };
config = mkIf (cfg.local.enable or cfg.remote.enable) {
sops.secrets."services/restic/password" = { config = {
# Warn if backups are disable and machine isnt a dev box
warnings = [
(mkIf (!cfg.local.enable && config.mySystem.purpose != "Development") "WARNING: Local backups are disabled!")
(mkIf (!cfg.remote.enable && config.mySystem.purpose != "Development") "WARNING: Remote backups are disabled!")
];
sops.secrets = mkIf (cfg.local.enable || cfg.remote.enable) {
"services/restic/password" = {
sopsFile = ./secrets.sops.yaml; sopsFile = ./secrets.sops.yaml;
owner = "kah"; owner = "kah";
group = "kah"; group = "kah";
}; };
"services/restic/env" = {
sopsFile = ./secrets.sops.yaml;
owner = "kah";
group = "kah";
};
};
# useful commands:
# view snapshots - zfs list -t snapshot
# below takes a snapshot of the zfs persist volume
# ready for restic syncs
# essentially its a nightly rotation of atomic state at 2am.
# this is the safest option, as if you run restic
# on live services/databases/etc, you will have
# a bad day when you try and restore
# (backing up a in-use file can and will cause corruption)
# ref: https://cyounkins.medium.com/correct-backups-require-filesystem-snapshots-23062e2e7a15
systemd = mkIf (cfg.local.enable || cfg.remote.enable) {
timers.restic_nightly_snapshot = {
description = "Nightly ZFS snapshot timer";
wantedBy = [ "timers.target" ];
partOf = [ "restic_nightly_snapshot.service" ];
timerConfig.OnCalendar = "2:00";
timerConfig.Persistent = "true";
};
services.restic_nightly_snapshot = {
description = "Nightly ZFS snapshot for Restic";
path = with pkgs; [ zfs ];
serviceConfig.Type = "simple";
script = ''
zfs destroy rpool/safe/persist@restic_nightly_snap || true && \
zfs snapshot rpool/safe/persist@restic_nightly_snap
'';
};
};
}; };
} }

View file

@ -1,6 +1,8 @@
services: services:
restic: restic:
password: ENC[AES256_GCM,data:gq4WW/IwIYQ=,iv:jVVSGQhUhAOOv7tTHOxJgYiw8e9Jfgeg8veeirn4510=,tag:eJPAgiYbTPfW7gnuvCv7JQ==,type:str] password: ENC[AES256_GCM,data:2SKwstsawlM=,iv:/09fCnQm+2p+n/dmHTiZ4ZZO6Wy41DEJGdsDnIBKOBY=,tag:J4cgLGzDzQeDYZCeJwDtPw==,type:str]
repository: ENC[AES256_GCM,data:IzQGzl/ldZnSLT5qVY8JSYNzVy8ceIeO6CkrPyUUj9z1U8K+rcDJAF/CpVPG9jlf0Zla9a+kh4ryP3PAQ+trAUmO2rg2H60Ps/PoNPPD2urc,iv:8w2D4B/CjolnEw6v/XYBiujDfqQRa5aa/tJwXD5B6aw=,tag:tDm9oodDieyOJR3ICRcmeA==,type:str]
env: ENC[AES256_GCM,data:Riy/EpztAUvGw7EufBfU/+/gHFFnNVa73GvZyphsW8pzqpXJI1hkjdrVt9xsGWpwJ8smzVBvdZGcTtklqyUVduY5IzC5uCzMFpf4XGu1HHSmmsoOMYYCYhd9eYDMcxyG3EQUfNSDQcbZq5MmBjII72NVRFcn9qy4cYTtwbi2pFa7qgixk2eJTis=,iv:caLrFMMcV4WvA6/cXSHbBZYWqYQyN48m46nvncahU8I=,tag:QxE7uTe0+ybS7SWfkXkYWQ==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -10,59 +12,59 @@ sops:
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u - recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKYnpDMGhaM1FvUjFDazNk YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUMGw1SVJRcmFEVEJwbzBY
QkNCbnhmSFludTFYU2l0WDZaOFhsZ2lCT2kwClNoSDNvaXNydmxubm5ZbUZZNW9W TERnb3p6UlB6L3B6aGgrZ0ZQdmZPZjl4TUJnClhPWG56c1k1TVlCOHRIR010dWVT
cmJVOWtHdjBvcXBuNTdwSXV6NUo4WDAKLS0tIDZzdk9YTGNyS3gyV21hRXo5WVhW bzdtaEhwQUZtZlV3aTBQbFN4ZlpYZ2cKLS0tIDJtMXBIbnZMOEpTS1BNemJmTnVh
aTRyVmdlYVVGbHJjL1BGdWxqNkxQWHMK29GOjS0tCNOECToZPSUZeyt/cElsynqy OVlwMWQ0VU5OVi9ZZm1ERzcycTVISGcKqccg1LvWhgjLkqIKn+qmtUw/RCZUxIZP
Ky1ByYdCkYZ+3IiCFjN2fChA58khWg3mRUuSpYrTZKIcdBFw6oKfhA== WwFiA8F19C0SRQ8X+q5vFYG1L9uFP4wGCE9tP1BndY/8IplwohGSpA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c - recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYQXdQcGE3anREVHFuMTh1 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5U0xIOWpCa2oyOUxTMDdt
enI0OHVYRDllYVdQNGllTnAyZ1lOU2RrMnk4CnNQUWt2ZUZsd25YWmdKcC9UNHJu NGdNdi9QQnVWWXNGN21pTlJQSkhpWXdPdjJ3Ck5CcFIwUVVQYnFCMmVYYk04VW5K
V2FZRURibS8yd0ZQZnFaYUhFWVVUdVEKLS0tIGNyTjVJRWo2ODFZUmhTRzJxdWZ0 L2FtdXdxbEV1MVdVY1hKRHlCVHFITncKLS0tIExPeTNJNi93NExlTW1RaXBiSFVr
Y3N6V0ZXRFZpUG5ablhKM29ma2ZOMFEKpCHKEiEx8lGNs9WufBZ1zyajgyBm2hWV MWc1UUt2L2FSRGxyQnBQZDFhSU1SYlUKCVHYwQcgTDS0jOmtjwKuz0ScPRQEMXoE
DW9Z6FB/Y0pvPLs3tF05qQEQ3LVjcLJ3lJ4fcrbqspNhcfV5vN6sZA== u+0MOSi4681hSXbG+sUShQ3ZQAqPK6NkiVr5cg37ci69R3wGUicMug==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk - recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhSGloUkI3UnY3S010MlI3 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGcVFZQi96eHBSSkxLUmtO
UWwyc1I2SmZEdWhWVVlsYysrMDIxdzZaQW5vCjJ1WWlVZ0xRWmMxTGh2S1k1MkVE VEZ5QmNLaHNDaTZick1TM3RNeHFKV3lYc0NRCnpEblNJTW14N05oNWtmL05DZVlW
UTJJWlBvR1R6V1RXcjlSbm4rQmFZcTgKLS0tIDAzRUtNenB1cW10ZFdMY285aVFZ bExTaVl2Yy9UV2lWM1Zuei9KOHAvdEkKLS0tIDMvZGNvR0pzY1YzaDl5TWZZNE5I
MjVZOWM3SFkvMUtoTEZGZkx4V1ZEcFUK2tDvX173EYvGqLxfsKxrKVv8BDorYJk4 bVlTNmNGSlMwaitZc2Z2OFdGU1NUTW8Kp8uFin0TRg+/i0+pthiBVW+aKQ+tZ3P+
etatqb+5KQnEYFgxY3qY4nMdsir74VqdHKkg9rP0/eUbNL0exBTjFA== WqygYHM586cJcPz6veLcK8Icb+WP3/UC9VyUSTHb8oD14IUMs1jo8w==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc - recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpUzlLNVhaMW94YjI5TU5k YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUNDZDeWNpcFl5dVg0dnoz
S2ZIRVBxRVBUT1Jta3hydndUVzZxbDA4ZldzClUzMUJWQ2JWZk9kQU5LVVRJNWlT VDMxUFM1V2N6QUhpalBkU0NOVDVuZkR0d3pnCkJmQ3h6c21ZRUgyMUNvYTQxOFlX
U0p5ZnphelExSXU4MHh2d3RxNVo5WmsKLS0tIDNHSC9tM3FaRTYybmJtWUxFYVpD LzlqMzM2eTJHTnFRMHdQVi9iclBISmMKLS0tIDBFSWUwS0UyWWhUcWxSNXIvakNz
ZU9GTUVpSGVzOWZuZWZTZjR1NWFVY2MKy1od9yzs5BJJF/b5TPsqn5ZGWAVdt6nz TGRYN2N1OTdHeGtqMnZiSElleTc0T1kK5BYxEgbaeo/MwLQNXkQRitT8ocgTrEVD
lX1owv3vRz9VBjOi9omDKbnSPViOBk8C2+5as52nUdWO/xTsNgO1+A== VdqGTlPwNMWP9dA7JPTd2f+kwr7yDGG7FZUS95ZEVQ+euMYE+6MWNQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw - recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKMVU0UHZMdVJXRW5uMkVz YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0ODRhZTI3bFhaMHdvQ2Uw
OU9PbzZRRW1aanB3b0xLK1ZsYjZGbElqQm13CjRrbUVxamhvMUdGb1FBU2VyNDl1 eUZOWDJyWFoyWjBxcTZCUkkyM1pTbnBZbTJJCmRoeDgvRTUwb1pMVCsrMGZlU2dF
RmNESmNIYWRaYTBpSnZmQ1dYc1NycHMKLS0tIDlmUFZqKzdETUNrWk1qUkM0NUdo YURsV3ZBMmF6a0hmakNadU11ZGFoNlEKLS0tIFFyMmZHTlJ1UWtwRnBXbW8wZml2
eTBWa1kvUjArK2lEbTJtTm4xQUpGTWcKbpujwUOxwcghfWbP9XWHzfhfGtQhjC63 d3ppbFZScS9vaVhDYjQyRnZYaldOckkKiVqc1Q10ypwk2VxVwRyJ908L4OhZirMI
qnZJSKGoFT/DxJiGaF70gQk+Gn+db1MaPKZzQ492lqCSX+T22z7+oQ== gmc8AocV2oQwgjWp9K/U/XVrKyqq1SjZPcTGsgls8DFy/4hM6Tc3uw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1w3jtd4lecn2ng8qxantw33qxl2uasfqfjfpx45u6uweexwtxyq4spwssmh - recipient: age1jpeh4s553taxkyxhzlshzqjfrtvmmp5lw0hmpgn3mdnmgzku332qe082dl
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHZkJsK1ZXRGo3NVVPaktD YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0UGpjak9Yd1ZOL0x0OUlJ
M3JHVTByYzlOcGtXTklKSSswNlM2R0E4OFJJCk9ab21TbWJORTJuZHZxcVJrUVZw a0R6N0VVWHhRUjNhdlExNmZnNFJkbU0za2tBCjdJTVJwZDYzemd4c09TZTlXUGFr
cDNPb25EQmEzRFRXOE9CUG12UzJQYjAKLS0tIG4rWHY5SjBZNW5qb1kyVGNXN1ls MDhzVG9qZTV3dDRnTUo0dmErRjJHQUkKLS0tIHlzdnlKTnFoZ0JWQkJaYTlOdDNG
SDNRdTJlL0p5UmREU1ExVm9Nay9laE0KPidvFK33/M1v1/62g3/nO6DdHaM7od3F OVdKZTUwVEtlTGtGbFFLRlp1eS9ZS0kKZTZPjYzlMjx+Pv2BTL4AhjfOjtdq3PuJ
mXCwxArAEZo738AM88Si9xJAyvXNI2yc+cOJzijtXrUBgvmE8DdoIA== 6cE/adCo9nPJLoZrWuXCqUje4fsAfH1pstShyOBf3O6daG5w2k9qkw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-13T09:09:34Z" lastmodified: "2024-04-15T06:36:15Z"
mac: ENC[AES256_GCM,data:VOB3F3+ssvI+2EucvZ+LX1Hl+702vhB5RVSVeSzQbgmnN+zwuYLksO4rdgOpegPGlENcj5M2CzyRqsiGhyuy9THm/u09Ac2PbPEfWGm72pzuSMPymZQrUJmZDU/Gl0IlIfxQGGOfFdaVnzVl4ynIZuseJDjOZP9ymT8G8/ewSYY=,iv:Czjr4i9JuIO+2Ftl3ENE/XAzsca9rfYCvgy+tggMihY=,tag:4BlY8d29AUh4FluA6eUNeg==,type:str] mac: ENC[AES256_GCM,data:U1qcGw8jMdJxuARQzmV1OywQoO6y3uUy46wwWnqerXsmOVQxy86/FWHP6embT00xzn/WjZNywqoiF9PlR2c9dw9usA/qHa679rkQ24xeN8Kj6GBil8WG+Z0y8NowXGY/3xqJHNZ6lsEjV8g/0TWRPVTe8XdryDoxdw7uWFk4h84=,iv:7NiANxV9y+/v6/77z06bEwrZAZRhAQ2F+Td1I6kXO1c=,tag:0OgqqX0MwewveOGKkgHdJg==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1

View file

@ -1,8 +1,8 @@
system: system:
services: services:
#ENC[AES256_GCM,data:XPfrPhKBn7rS7oL1ob3KqOuGprzSsdfnEKHm8ep6Lr2qWgKUpnLyiOqkPapooPO0E2RnHXDv1GeLpl6+NbHQRWUCcfP0ypEko0ZZPw==,iv:R/sUawRMIts93Gdz8dRBJz7VWdK3nFXQfaGk+rWXK2c=,tag:xwONcjRqD05CiSyg8u7Yvw==,type:comment] #ENC[AES256_GCM,data:ig832PtvXK2tqQLw9C2AbtNPK5JnaAZ3SB8gQzfagtnc/60NG2/R7kGTi0dt1/BGGy5GxaPmrarJ/egix2D0J4sHBNs+IE+HoaEQLQ==,iv:CqZ/xQj1ayLwR8yWFpjpszn6WjKFnlH9BKgPidz9DQs=,tag:GVI7/X0h4fC3HqQ6WALpzw==,type:comment]
traefik: traefik:
apiTokenFile: ENC[AES256_GCM,data:qFz1VRqM6Jfu33ImmglKp2L1WihYbZE86zx0BuXvgUSLrHodcgQ8ft8vpy0ur+I8I0i2/HLNKSrdz9bAdfDWdqqBpLwQA5SSu3pod/pxXTMvVEqZqYGwvXD24SifSHLKLA==,iv:YXah2ezPGDVJ9FWL5TJdqIT/ZPSEW6MxlKSqb33MNzE=,tag:UjJOl0g1UltdGicLDxqJQA==,type:str] apiTokenFile: ENC[AES256_GCM,data:NPmV586NTWCO1pntbqHZ8BinJ6Qk/WiwD6H9YVcyv+rDOc6lLkNm/vodV8RoYTtE+QF2/Ozcaqs5UkzyNNt6kgC3hHJNHcHoH7xaqLX/M8lNuTWwhwGigfb8ZjS0yx+jSg==,iv:agGj/FI/BwJ3loD/PqGuRT1jgIYoE4fqv6BMdBJ1Ch0=,tag:dPk71zXp+1rV/R7G1Zpwiw==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -12,59 +12,59 @@ sops:
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u - recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVME1FckowdTFIaFByNFk4 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1OERwMmdQZ0xWY0xqSFhu
cHM4WnprZk55WUdlcUlkcSsxQXIrRjloTXhJCm1GMWw4UGU4WnpaQmUycUxCci9i U1pHRjJSbWsyRmgzUFdjVE84V0tPQXRQWURjCkJtM1VwZHo2cmpyNTdOYmh6c0VO
WmtmbzdPSTZ5Q2l6QTZVdHkxajlpTE0KLS0tIDVxQ1ZMaFlSS3d0akQ1UDM5TFJG MzJIOERQeC9IUTFoY0w5a1g1aTdyYlEKLS0tIDNid1ExOVhCcFo5b0dOWUxHOElE
T096em14d1FRUjF3dm85MkthRVh6UnMKelOf2qNobndcxX5QR+iTt4sSIsngRbvj T2U5U0ZTMVZvaC9Dd0RjTXRaN1ZGNTAKvQahfr4FGBpHZ3REaG742Q0mnUe1JCwl
wy6W5s53x2bqe4K21RSNhAUkUO3AshotN/caiYKzYx/kBZk2kRcVXw== TXRMJ3qWnpwk465R++g9BIJxkjW+GPCad0ZYCYqVhoFS4etmVqVXkg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c - recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwTHczMFY1Rm5IQlV0TTJV YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiV2hIMStCM0J5V2pZZy9I
Sk5lKyswTlBteVZRRVE0TWY2Zm5uNXFjalNZCmVVU3FQZENSOUNtb0FGbEtqSmtG NWlPczBBMjVxY2RMR3FrSnR2TzQ5NVJkakZjCmxvZ0hsK1lpaDlUYlVrR1NQSXVv
SnYyNEgyeDIvaW94U0wyV2dFd3g2VFUKLS0tIDN0Vmg2RjNkanp4b2wvK1RVbTU1 ME0rMnozYUExN09SUzBzUFlNbHZMcXMKLS0tIFd4VHdJcStJZTBxYWVoaU1FenVh
ZzQ4Q2VLNXI0M3hXL1pyV2gvbzhuUTgK4MjauT0PDEBn9HJicK3J8FXamsoSdqGA QWdhelhBQ3pIR09kY1VMY0IzSUYxelUKCV4gHAq3zyM4Z21ZoObPm+VaoaOVLfVB
5F0E6ettiC80jYV7Cp48cyQ1vo18glFSvQ1IrJ1x0z5Oznr+ZPXK2g== AsJtfwjor2x0KWNCmn8WlQ47fgCkiK6lCkKbliR6QviAL8dtTmlL6Q==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk - recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDOFpvYnRWY2F1bTAvbmpC YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTMFRrb0piUVNaam5aeG12
SEh2SmhaeEVEK2ZLbzBPeE1YVlkxM1FlQTBRClRNRWNZQ3BZcVE0VTF0bDUwWk1k eDFHeXNsTUFQQm1sSmF6VkVOSi9hL0RBYml3CkhVYUxpaUlvakhHV0UrY3VnU3Nh
Q1l5RWtYSy93V09EeGUxcVBzOVd0eDAKLS0tIDd3QlBQcHovWDlsdEg3eDlmVWtn b3hKdHNMVHo2cUgzcXVjdnVRY2EyNlkKLS0tIEw5UnZLZ2dmZ2VQV2MwTDVXKzc0
OUhNMWxENzhqNmdaZTFkQWNVM3I0cW8KKeEKoG+e+rClRk8bWWtdGEjcyYiIPF3u NUQrUkxoR3MwUEpRLzZONmpNT2UvZG8KCp00YqFS9OD5PUA17UbknOLUd/HWmpoA
24flOm0iStrfy4b0Cf33sTzozFR6cdG3DZ1bqQLR3rwKAh9XdWbAhg== GrE7uAFUoOf2l36UpNSlX8NENOAnNrptTMxTkWKsMVur80Bt6hxZYA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc - recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjakxOcDBvcm05ckYzekIw YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGZUhyWUZJV2FPdjhrNHVQ
Mm54a1k2U0Q3SkNtWVpqNGlnOWprK21lbVFnCnNZa0FReG54MFhPQVJESmM5eklS N3hlNGZaaXJjbGtjNmtaWE51S1RETlVHUlY4Cm1hL0NjdGxWbyt3YlBPR1JWbUdt
Zlpxeml3QnZVY2V1U1VRRXJsd05jajgKLS0tIGYxTjZkNk40eG91aHZOa1AvWHl5 OGF3eEwrMXFEdXdLaEZBUXRKdXN3WU0KLS0tIGtBM2JNY2NlZnBpdFh6L25QK29Z
L2JqS0FjVzF1a1dZb29lM2dIVitiVWcKtyN9D5aqvwr5wKI7cZ+6ARZ2ntFN77bb eXdUZlE1Zkxab0tkODFYSFRoYzZwbk0KFMY2z2I7Dry1AU9bDmmqfIX1U8iZwkvE
xRS99lmHiOzEHoDK7KaU0trdeCLiUCGdVUye8RgPbe/SUXa8Nb36pw== SZ90PAWg2anSKDNRC76H2RurwnM60i453YDBYOTpdBighLYHuMWP2g==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw - recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWWERTcWZNZlM2Wm10aUps YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsYlVveFRrZEErUGo1R0Ja
dGQ5eEFVTkVBYVJCdlN5WFZKUUI4MzBwL1I0CnAxbUNocHFCZFZHRnVmbzhwd0xY ZU5keFJZcEw4aGVic292RnhyYlBrV3lsV0RjCjlGRU4xSGZpRzNON3VncEl3aTZr
aGcyelVJREh5MzBSUXNKaklXdGRFb1kKLS0tIFRvLzhsNFNvNGVvZWFPVXVFTC9H NnVWdUkrWlY0UVh2eG1kQmxHdDlHZjQKLS0tIHYyMk1tRTRkMFA5WDgyZXVTZUFh
NGQ5ZTk2dFVKNGdiQTJaNjZtR0d3YjgKz2AluV3wR0Cz7bJEXAUqBwHbdk7zmD5P cTM5WncwekN0YTh0SlB3NmQyd0lmbmcKf355+V5bKlNwS9wPl2wq3SUNi6+xDFu2
nux9nLQfoD9YDfbp2DIBDktHPL5KjY5H4/zn+Obo3fPeq+PrZMNZZw== UJ+0Uqk6S43L3964PFENGWsymmKS4DfP6OotX466k3BM4/jT32pmdg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1w3jtd4lecn2ng8qxantw33qxl2uasfqfjfpx45u6uweexwtxyq4spwssmh - recipient: age1jpeh4s553taxkyxhzlshzqjfrtvmmp5lw0hmpgn3mdnmgzku332qe082dl
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5WDhQckJCdW1tTXBEalE5 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHQXp1eDM4eHFDeXUwR2Y0
VTJNL3dJWlIzMm9LTjVaUFl3SlNNVERwM3lRCmhCT25UWkxCYkdUNytjUjZCVWF2 SnUxakdqZWZzK29xT1lVeXozT0N2UHBwRFc0ClQvU2cvL3MvVHUvQXNsR0tENWRm
NjY5ZU5xWkxRZ2tIUzRNTzl4Mk5RK3cKLS0tIGxJamh0SnJIZWIxTjZzSEtHaXdy WkJRQW5GMmlQdzRBQkkyamMzZXMrM2sKLS0tIHFtZXRkVExVWnBGcVZValFreUFY
M1V2S01iclNnMzZta2lYY29HM1dMVXMK6omDe7Pgb57Q/zA6KUQV3mt/QQN3NlUZ NzZtTzBuS2lYR2hOUzVmcVovQlJSOVUKnyI5GF6cHeQUQ9rftfQCObESLNds09dE
QESTtrrtDveuK/GBeiTQZpOdetYja3V2UHnePR5IHuMw3QexIKUlKw== lZXG3k1bUecsV6H0vExHzc9ZMYDw4Iz1YamS9KuzePCU2j9hCboMEQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-11T11:56:37Z" lastmodified: "2024-04-15T06:36:15Z"
mac: ENC[AES256_GCM,data:ZIOBc6KR2K5ttfx3EvZTL4Iod8aJCxHB90g+5cIMG0Cx5X6sf9RNVznab7/fTuCDcqEzG9KOrWhaSI1fx8NN1xbNY3GZ3iKFa8NEXlg6mO+7Kyir9GPBQaRTjCAUVKQnCukEq/50KPQsFRETyx4lOt9VFnd1GXpc1QgIXg8jnaQ=,iv:+TQstFomD658x6QYyY49Y7y2CduD16Bl8uhcIW09g6Y=,tag:bcfwfk3xfQsXom44OJq81g==,type:str] mac: ENC[AES256_GCM,data:klTr+hWUvdrJLcWPrSSvdz4Q9dspXmD9FTCUVfhbs+LfWYvk9dY0LaKb+3pMknWztyWBXqyLAvQ7sHgfXwUzagLuExHLNdFNYUk9egup55wsQvnxy/9WF7qlpvjLz0tBGMtLnHONo63z2ose3sbJoWuJvKurqVI9ozqmQa8S+7M=,iv:MJihHHTtvUA+yr2caVZjmxhJU1+IKhM77tg9GUXzb/8=,tag:7lpoz8E1gvdjKbPhDL73iQ==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1

View file

@ -9,5 +9,6 @@
./nfs ./nfs
./motd ./motd
./pushover ./pushover
./technitium-dns
]; ];
} }

View file

@ -32,16 +32,26 @@ let
upMins=$((uptime/60%60)) upMins=$((uptime/60%60))
upSecs=$((uptime%60)) upSecs=$((uptime%60))
printf "$BOLD Welcome to $(hostname)!$ENDCOLOR\n" figlet "$(hostname)" | lolcat -f
printf "$BOLD %-20s$ENDCOLOR %s\n" "Role:" "${config.mySystem.purpose}"
printf "\n" printf "\n"
${lib.strings.concatStrings (lib.lists.forEach cfg.networkInterfaces (x: "printf \"$BOLD * %-20s$ENDCOLOR %s\\n\" \"IPv4 ${x}\" \"$(ip -4 addr show ${x} | grep -oP '(?<=inet\\s)\\d+(\\.\\d+){3}')\"\n"))} ${lib.strings.concatStrings (lib.lists.forEach cfg.networkInterfaces (x: "printf \"$BOLD * %-20s$ENDCOLOR %s\\n\" \"IPv4 ${x}\" \"$(ip -4 addr show ${x} | grep -oP '(?<=inet\\s)\\d+(\\.\\d+){3}')\"\n"))}
printf "$BOLD * %-20s$ENDCOLOR %s\n" "Release" "$PRETTY_NAME" printf "$BOLD * %-20s$ENDCOLOR %s\n" "Release" "$PRETTY_NAME"
printf "$BOLD * %-20s$ENDCOLOR %s\n" "Kernel" "$(uname -rs)" printf "$BOLD * %-20s$ENDCOLOR %s\n" "Kernel" "$(uname -rs)"
[ -f /var/run/reboot-required ] && printf "$RED * %-20s$ENDCOLOR %s\n" "A reboot is required"
printf "\n" printf "\n"
printf "$BOLD * %-20s$ENDCOLOR %s\n" "CPU usage" "$LOAD1, $LOAD5, $LOAD15 (1, 5, 15 min)" printf "$BOLD * %-20s$ENDCOLOR %s\n" "CPU usage" "$LOAD1, $LOAD5, $LOAD15 (1, 5, 15 min)"
printf "$BOLD * %-20s$ENDCOLOR %s\n" "Memory" "$MEMORY" printf "$BOLD * %-20s$ENDCOLOR %s\n" "Memory" "$MEMORY"
printf "$BOLD * %-20s$ENDCOLOR %s\n" "System uptime" "$upDays days $upHours hours $upMins minutes $upSecs seconds" printf "$BOLD * %-20s$ENDCOLOR %s\n" "System uptime" "$upDays days $upHours hours $upMins minutes $upSecs seconds"
printf "\n"
if ! type "$zpool" &> /dev/null; then
printf "$BOLD Zpool status: $ENDCOLOR\n"
zpool status -x | sed -e 's/^/ /'
fi
if ! type "$zpool" &> /dev/null; then
printf "$BOLD Zpool usage: $ENDCOLOR\n"
zpool list -Ho name,cap,size | awk '{ printf("%-10s%+3s used out of %+5s\n", $1, $2, $3); }' | sed -e 's/^/ /'
fi
printf "\n" printf "\n"
printf "$BOLDService status$ENDCOLOR\n" printf "$BOLDService status$ENDCOLOR\n"
@ -76,6 +86,8 @@ in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
environment.systemPackages = [ environment.systemPackages = [
motd motd
pkgs.lolcat
pkgs.figlet
]; ];
programs.fish.interactiveShellInit = lib.mkIf config.programs.fish.enable '' programs.fish.interactiveShellInit = lib.mkIf config.programs.fish.enable ''
motd motd

View file

@ -17,9 +17,13 @@ in
); );
}; };
config = mkIf cfg.enable { config = {
# Warn if backups are disable and machine isnt a dev box
warnings = [
(mkIf (!cfg.enable && config.mySystem.purpose != "Development") "WARNING: Pushover SystemD notifications are disabled!")
];
systemd.services."notify-pushover@" = { systemd.services."notify-pushover@" = mkIf cfg.enable {
enable = true; enable = true;
onFailure = lib.mkForce [ ]; # cant refer to itself on failure onFailure = lib.mkForce [ ]; # cant refer to itself on failure
description = "Notify on failed unit %i"; description = "Notify on failed unit %i";
@ -32,6 +36,7 @@ in
# Script calls pushover with some deets. # Script calls pushover with some deets.
# Here im using the systemd specifier %i passed into the script, # Here im using the systemd specifier %i passed into the script,
# which I can reference with bash $1. # which I can reference with bash $1.
scriptArgs = "%i %H";
script = '' script = ''
${pkgs.curl}/bin/curl --fail -s -o /dev/null \ ${pkgs.curl}/bin/curl --fail -s -o /dev/null \
--form-string "token=$PUSHOVER_API_KEY" \ --form-string "token=$PUSHOVER_API_KEY" \
@ -46,7 +51,6 @@ in
https://api.pushover.net/1/messages.json 2&>1 https://api.pushover.net/1/messages.json 2&>1
''; '';
scriptArgs = "%i %H";
}; };
}; };

View file

@ -0,0 +1,86 @@
{ lib
, config
, pkgs
, ...
}:
with lib;
let
stateDir = "/var/lib/technitium-dns-server";
cfg = config.mySystem.system.technitium-dns;
in
{
options.mySystem.system.technitium-dns.enable = mkEnableOption "technitium-dns";
config = mkIf cfg.enable {
networking.firewall = {
allowedUDPPorts = [ 53 ];
allowedTCPPorts = [
53
80
443
5380
53443
];
};
systemd.services.technitium-dns-server = {
description = "Technitium DNS Server";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
ExecStart = "${pkgs.unstable.technitium-dns-server}/bin/technitium-dns-server ${stateDir}";
User = "technitiumdns";
Group = "technitiumdns";
StateDirectory = "technitium-dns-server";
WorkingDirectory = stateDir;
BindPaths = stateDir;
Restart = "always";
RestartSec = 10;
TimeoutStopSec = 10;
KillSignal = "SIGINT";
# Harden the service
LockPersonality = true;
NoNewPrivileges = true;
PrivateDevices = true;
PrivateMounts = true;
PrivateTmp = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectSystem = "strict";
RemoveIPC = true;
RestrictAddressFamilies = "AF_INET AF_INET6 AF_UNIX AF_NETLINK";
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ];
};
};
users = {
users = {
technitiumdns = {
group = "technitiumdns";
isSystemUser = true;
};
};
groups = {
technitiumdns = { };
};
};
};
}

View file

@ -1,5 +1,6 @@
{ lib { lib
, config , config
, pkgs
, ... , ...
}: }:
let let
@ -17,12 +18,14 @@ with lib;
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
# setup boot
boot = { boot = {
supportedFilesystems = [ supportedFilesystems = [
"zfs" "zfs"
]; ];
zfs = { zfs = {
forceImportRoot = false; forceImportRoot = false; # if stuck on boot, modify grub options , force importing isnt secure
extraPools = cfg.mountPoolsAtBoot; extraPools = cfg.mountPoolsAtBoot;
}; };
@ -34,6 +37,15 @@ with lib;
trim.enable = true; trim.enable = true;
}; };
# Pushover notifications
environment.systemPackages = with pkgs; [
busybox
];
services.zfs.zed.settings = {
ZED_PUSHOVER_TOKEN = "$(${pkgs.busybox}/bin/cat ${config.sops.secrets.pushover-api-key.path})";
ZED_PUSHOVER_USER = "$(${pkgs.busybox}/bin/cat ${config.sops.secrets.pushover-user-key.path})";
};
}; };
} }

View file

@ -37,6 +37,7 @@ with lib;
shell.fish.enable = true; shell.fish.enable = true;
# But wont enable plugins globally, leave them for workstations # But wont enable plugins globally, leave them for workstations
system.resticBackup.remote.location = "s3:https://f3b4625a2d02b0e6d1dec5a44f427191.r2.cloudflarestorage.com/nixos-restic";
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [

View file

@ -1,7 +1,9 @@
services: services:
pushover: pushover:
env: ENC[AES256_GCM,data:nkiW4SDRCjmKrXTDSOolV1+WJorodjF+2FvBpXRa7PsXMQM+4pgP1Ll4TRZHkrwJ5hpD0X9hnb1wdVUcm/2DU/o4qkFl/ZUGQIiOZRbyirxINeYq7G/0TWJmtx/vw48L,iv:2pqzQDEfXkkA+GCXdk4+2NFOi3OASFqefzVf0YcWkUc=,tag:tNeYcgfsLAaKGVmOsTLPdg==,type:str] env: ENC[AES256_GCM,data:OxFpyEUrGBeeIJU0/m/r4snCuFq4N3EAQ2KGReEgSDZvlTro8xyTpbypzXxFHJIYhCNbQPLKb2LTX7Rzk9c0xHc9YNcZWxD5kybJniOjFIKarhmi3GaBzJGzzQKRLt40,iv:ZP4ioZx8jR6R0AIdZE0SWEm6VLzGa+dCYn3SceAJ7R8=,tag:okcd/omsRKwr9TXzbmkAug==,type:str]
truxnell-password: ENC[AES256_GCM,data:SQhRB9eQRLbyTF1ebUoGPhWOdfcX3+yMTsIxY+/Tb0dNYAYvFojc+vcULevKS7DteLlRHSOFZS5MaPkgv4+agF8ZCC1Wy6A6KyMd4NGxzt27mE1/tjla2OVIyqoo3ye7hpxLZxW9Feh+Pg==,iv:684OoJRCiLmnfzjijz2CEdFpvlBkGzlTYIpKqbLAgtQ=,tag:5YyHnnX9/i3kp8yZjdP4XQ==,type:str] pushover-user-key: ENC[AES256_GCM,data:hOVjnl/zAaWDurVds46lXeyokK/3fl1xpwRVIWwZ,iv:lWcTsz3PdQ3ifoKWaLmOpMbwq1FhiGEzCtqiLzFk/jA=,tag:EVni7WBVqL/lXqXGtQlErg==,type:str]
pushover-api-key: ENC[AES256_GCM,data:8QdwA0csJhpQIoa0one0hFOLuQRi1hcrfBrPaU1r,iv:xxQyQY+m++qEEaR7gaDnYbA/Btc0PvLFYF0aTuJD/wI=,tag:t714Gv9xwxvI1ceOdmbTCQ==,type:str]
truxnell-password: ENC[AES256_GCM,data:cqsquP1mfRJ+VijAV7F/eBwF1o5YedV2i7P05QibtAJWnKnTI4tzDz5iYo/0cWnlKD3xpAvqph47bwkeBfJatD6Q/ccO4rV9PfpVgD3/W+aBJk1GyTaljqCU3IINyGiT4y6lh01vmOOJ2w==,iv:Er2beJsdw71QFJCmmaSOb5IsJXBG6ZV1vw5SM/ZrWwY=,tag:Lb62auMyURsJzFLuG798Kg==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -11,59 +13,59 @@ sops:
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u - recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKbjFLVktzVVNSeDVuOVpx YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWK3RSK2wyQWVGUThCMFlL
OXVrcU5vK01JbjZvMlh0bi9INFlPU2VTZUFrClRzVGlSSzljcldnVFhZTHhKcWYz RjY1TEJrZEcyUjlzeU4vdUJqL0pwLzRyZFNNCmVoVjJ0OW96YTRZOVNlSk9GWjMz
MHdGdEZBeU1tMDJOU1FVVVlMSFRNUGMKLS0tIGtRdGFaMC83MUc2VDdEOUJKcFYy cVh4VGMyK0ZtUmtpZmhVcDRjK0FzRDQKLS0tIENFdnRuNFFWaXUvOXFPcjkxaC9E
ZGorL2orMXJ1K3VNek5WaTdkcXpyUDAKUrd8OXnSEvOEHeKY02aMEnQEAK3dHWUg RUZZMzZ3OVhVYU1lODU3OWtVaU9yMW8Kmo1RgsC2hAXOMbevLSecIRtWVgCaKe5c
/zPECgCQwStiE11erj+mfYhgSeHDx0szQieRj4a+x4KaEItydVOMng== DiVVL0BZaAxEFLkrdSS+yv8717LnCyGHI9rtzB+MQxcZBiUmx/8/Pg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c - recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKYmM1cDFHd2JKMlhHU0tu YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhTkMvS3MxV2NUTjVJci94
VSthQnB0Q1VBVjEyRlJzZUtXYW1sSUordml3ClZQQnNQWFFmTnNkeEI2cjJ4OGhW UlVjZDVLMzNTdG5sVWhNVGphTVJIZ0g1d2dzCmRrcHpHbDlINjJ1eDZKU0k3QUd1
VWRqZWU1aFpZc1c4dzdPcWxWek43OEEKLS0tIHNvc0NmalFZWHY1a1I2RkJYR3pR NWdGN1RPSUF3aGFJNTBoSTNFVjF6YkEKLS0tIFpud29YSXBHTGg1NTdvYW5pMm8x
c1JwckUvQTRxZDlsQThsUHd2VndvQ1kKQAJhEKLV3AcLDhk3BEbjwsLmEC+FFYZt eGtkMGdqcEFibm5oUjE3TXVLQ3NrSm8KRp2ee/xnaouuqOwMa+ICXhN1iFc68pQO
AZXPbhJVZ2n62yU97IcEZOEs7tcaPFqRQmuEk0caMEj4F3RgF0naOg== vbHn3j9HhCCA0q5w6/JngkuIktQSqP64Tp5lRtt7ko/dNM0uySFXJQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk - recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJaDdXV2FrMHA0dkxkN2F4 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArWUxzQnR5K2ZNWkprdlh0
dCszUG42bkI5bGlzMFJmVy9RV1R1QjZsNjNJCnBBMWVpYWdnN2MzOGZXT2UzRXZw Nnp3K3JVa0YzMFhNbHFqWTEzNDFBVk91dVJ3CnM1aW5OL1VOSFZST3hLSktzb3Jn
VVlVVmJaUHhQcVNXYVJqdnkzSTJ3TUUKLS0tIFdwUU0wR0c2eXp2NEFxV29DMDIx andkSmhvdjFxbG9HTFpoeTluMHRacFUKLS0tIFJMQjIrSndFVlpDOUJiZFU4eHEw
K2d1UXZTenZnV0ViR3NOZE5YK1RNRkkK5ForFTQ9G7dvy3gri/nSVkYl4GViM4Ni S1NEU29PS21McXBpMTJOVU42bTMzQTQKVHP0zHRsR/r0zbU3uLjgHs0pMvGmtXgf
MiTQCriWOb8y0Fbdidc61NHOuGF3Ji3HUE7V065+DpWb43M8Y+w93g== fwTiFZcRxYdR4T/Pv1lqGYYMvA94bgSFXI+mJNYni9pvP4jNIg/wuA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc - recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuV0diWWZLOEdVVXhHRzZP YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQckF0ZzA0SE9jcTJrTkE3
TWtmLzQyR1N4ZHRMVVpLVWwrdXlHWjgzVkdJCld6NExvWGVXVzR3cjl2eVJTY01E bXYvSUYrWmR4Z3ZoV0NIc3lobmZJcDU1WW5JCjRUbEZXa2xrMzNRaEQ1UXRLWFJP
ZzJjcWJWWklJMUpjUjFJOURLMTBZNG8KLS0tIHpEMzA3enZMNXpmeVNtUjl0Y3lF VlRZZFg0VnpZcG0wYzh6cEdha3E2SE0KLS0tIFYzbDZXNWE1QXkwRmdZMnVBeGZt
RUR2alVhVC9rbXdYYlB4THRYRTVYSUEK9jiP+9/IMTTEQlWwn+MvL7NgI4Z97YEY RXhSclcrZ29BVU5Ra2NRTFJkUnpyaEEK2ajXl7W2R4MEuhWwvekVk8U7KobthOhR
C+U3mvXVOQ/FA/3hCaD1HALr6WHIV3DGcxacblYT4awAbN4crtfnIA== gsXgwcWrQmC7c/5s6WD3y6OPhKLzUZb5mhohbm023+8WH0koODZs3A==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw - recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2b01SMXJtTHhib2VrQ0hq YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRMGs5Z0VmckdzWGdtdG5T
YW5JQU85L3dXbDh5b3paZElCOWpwMG9QODBNCkR3UTJLSFZOOEFKUW1jbG5YNmJo U1cxYTMwRGplcUMzY1BsUTFmSnRLM296VmhRCk5ZaXQ0OGdUYlNyOTJYUjFYUFhI
ZGNaamlsZVJ2K2dxMjRKcFUxY3Y2NncKLS0tIEErUkN1WDgwajd1TjBFOURxQTdK dFBEMnlhQ0RiMnRZRHdVVzVRSFJWNTQKLS0tIDFDSTRvdE1sWmNiWnJhcHJ0bFBo
aW0rSUVwbnJqaHdUTWxYWWRGNm5reDAKlQG5maCq2K8aFJRbuuzv9SyNhrxzjbFQ WWdxOG9qQmRuRnpkN2J2VVQwR3dsb0kKaQb/fAAoEMB1BKOtxDdTh3xkehNGBgLn
jtO2KoFX2gLFw90YFCsMFbaVO+xTcZQ7FQv0s4ktffudnT5zjuzFAg== L1payadZY8VaMOY76f/hLSNIvZ1qMidnFNXr1aWFw1dsFMeKyBmbrw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1w3jtd4lecn2ng8qxantw33qxl2uasfqfjfpx45u6uweexwtxyq4spwssmh - recipient: age1jpeh4s553taxkyxhzlshzqjfrtvmmp5lw0hmpgn3mdnmgzku332qe082dl
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0TzlkSHYwc1F6VWozTUhq YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUK1dvYjIvbE1mOHFncnho
dVZWVFVPc0F1V1gvV3d0M1NzT3dubWx6OFhRCmlaVHJuRDVRZnUwd0ttWkdYck51 Z0Rpbi9MT0xBTmZVREtqbkcyVC8zTFBRbzBrCkt3WGYvT0lyYXlodFgvelVONjl4
NUdFOThuSWhLRE1lUW5aOU85TmhXVzgKLS0tIFJXVkc3Q3hmQjNQay9BV3lVZ3Jk b1dISURYR0s2c0swUEZZMHhwajdvVHMKLS0tIHpRT2hFTzRpSUdMdzB5Q281ejYx
a2NDeTRTWGtxT0wyWEF1djlyQlhQYmcKy/liFdZyxuUp6eI7s+lANV0mcQWHOLFe OGNIQk1mNjhjVSt4RkxaUVdhMGFtbVEKerfg6ALWIr35TYfv/BI4E4UQ8sN2CmJU
4Cg92W0Xppv+J3W4W+rVwzyFWUrkTnBFfZHnN3nhz18Lm7FR7vs7oQ== T3hNcp0m6Vm+0kBZ+pBTA5OOm32/tg0szySf2FNrHT4ask+iueN2og==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-14T00:18:09Z" lastmodified: "2024-04-15T06:36:15Z"
mac: ENC[AES256_GCM,data:S4QbCTp+rxSPumolno0FuSNvtvEZpA4E77S2mSliI5y4GJ5n/mx8SY07xbwqMzB3W9EgO0ZT+vvsx4N7jkZPBtr+m12/KwG8NcHZsBdXNi2TRi8CGZlCXFzRNQSjJRiYBMsdKwVCdm6Wxlf/PuCnNj0ShSU0IWaTzlSc0FhSeYM=,iv:Nv+rbtRCXZFAnDi0wzq2/qjdvr7535BkCogBqllmPGQ=,tag:OwTPYR4e8N/qGQvvOjh7SA==,type:str] mac: ENC[AES256_GCM,data:wf7GOhVD9CeVVRnnrdw/Mj98X8hRbQ0hEDHMEJ5H01vwoeA6hnum8sVaiqvypfuD1HAHQRsfrfiBArx0QA6WU8xBUHe3hZopwuTdsX8NhiUCSymSCjC2b6oINxuFcZ7GiAeSR3BAx/Gr5XPN9lq2SQYMPcxr+CkwPNCPULNKUOY=,iv:6zmP02tTF0jwiFaIB1lFwz2ZSHx4pGtLdkmA9D/+lC0=,tag:92hv/RMEETV9qD6oh5p/1g==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1

View file

@ -4,7 +4,12 @@
sops.age.sshKeyPaths = [ "${config.mySystem.system.impermanence.sshPath}/ssh_host_ed25519_key" ]; sops.age.sshKeyPaths = [ "${config.mySystem.system.impermanence.sshPath}/ssh_host_ed25519_key" ];
# Secret for machine-specific pushover # Secret for machine-specific pushover
sops.secrets."services/pushover/env" = { sops.secrets."services/pushover/env" = {
sopsFile = ./secrets.sops.yaml;
};
sops.secrets.pushover-user-key = {
sopsFile = ./secrets.sops.yaml;
};
sops.secrets.pushover-api-key = {
sopsFile = ./secrets.sops.yaml; sopsFile = ./secrets.sops.yaml;
}; };

View file

@ -18,6 +18,9 @@ with config;
services.cockpit.enable = true; services.cockpit.enable = true;
nfs.nas.enable = true; nfs.nas.enable = true;
system.resticBackup.local.enable = false;
system.resticBackup.remote.enable = false;
}; };
boot = { boot = {

View file

@ -1,30 +0,0 @@
## STILL WIP
## Wanted to avoid bringing in complexity of disko
#!/usr/bin/env bash
set -x
# Define variables
drive="/dev/mmcblk1" # Change this to the desired drive, e.g., "/dev/sdb"
swap_size="100MB" # Change this to the desired swap size
# Partitioning
parted "${drive}" -- mklabel gpt -s
parted "${drive}" -- mkpart root ext4 512MB -s# -"$swap_size"
#parted "${drive}" -- mkpart swap linux-swap -"$swap_size" 100%
parted "${drive}" -- mkpart ESP fat32 1MB 512MB -s
parted "${drive}" -- set 3 esp on -s
# Formatting
mkfs.ext4 -L nixos "${drive}p1"
#mkswap -L swap "${drive}p2"
mkfs.fat -F 32 -n boot "${drive}p3"
# Mounting disks for installation
mount /dev/disk/by-label/nixos /mnt
mkdir -p /mnt/boot
mount /dev/disk/by-label/boot /mnt/boot
swapon "${drive}p2"
# Generating default configuration
nixos-generate-config --root /mnt

View file

@ -8,13 +8,33 @@
}; };
system = builtins.currentSystem; system = builtins.currentSystem;
overlays = [ ]; # Explicit blank overlay to avoid interference overlays = [ ]; # Explicit blank overlay to avoid interference
in in
import nixpkgs { inherit system overlays; } import nixpkgs { inherit system overlays; }
, ... , ...
}: { }:
default = pkgs.mkShell { let
# setup the ssssnaaake
my-python = pkgs.python311;
python-with-my-packages = my-python.withPackages
(p: with p; [
mkdocs-material
mkdocs-minify
pygments
]);
in
pkgs.mkShell {
# Enable experimental features without having to specify the argument # Enable experimental features without having to specify the argument
NIX_CONFIG = "experimental-features = nix-command flakes"; NIX_CONFIG = "experimental-features = nix-command flakes";
buildInputs = [
python-with-my-packages
];
shellHook = ''
PYTHONPATH=${python-with-my-packages}/${python-with-my-packages.sitePackages}
'';
nativeBuildInputs = with pkgs; [ nativeBuildInputs = with pkgs; [
nix nix
home-manager home-manager
@ -25,6 +45,7 @@
sops sops
pre-commit pre-commit
gitleaks gitleaks
mkdocs
]; ];
};
} }