Feat: docs (#98)
* hacking at dns * hack * hax * start dics! * hacking * feat: docs! --------- Co-authored-by: Truxnell <9149206+truxnell@users.noreply.github.com>
1
.github/renovate.json5
vendored
|
@ -17,6 +17,7 @@
|
|||
"lockFileMaintenance": {
|
||||
"enabled": "true",
|
||||
"automerge": "true",
|
||||
"schedule": [ "before 4am on Sunday" ],
|
||||
},
|
||||
|
||||
"regexManagers": [
|
||||
|
|
12
.github/renovate/autoMerge.json5
vendored
|
@ -1,29 +1,33 @@
|
|||
{
|
||||
|
||||
// auto update up to major
|
||||
"packageRules": [
|
||||
{
|
||||
// auto update up to major
|
||||
"matchDatasources": ['docker'],
|
||||
"automerge": "true",
|
||||
"automergeType": "branch",
|
||||
"schedule": [ "before 4am on Sunday" ],
|
||||
"matchUpdateTypes": [ 'minor', 'patch', 'digest'],
|
||||
"matchPackageNames": [
|
||||
'ghcr.io/onedr0p/sonarr',
|
||||
'ghcr.io/onedr0p/readarr',
|
||||
'ghcr.io/onedr0p/radarr',
|
||||
'ghcr.io/onedr0p/lidarr',
|
||||
'ghcr.io/onedr0p/prowlarr',
|
||||
'ghcr.io/twin/gatus',
|
||||
'ghcr.io/onedr0p/prowlarr'
|
||||
],
|
||||
|
||||
},
|
||||
// auto update up to minor
|
||||
{
|
||||
"matchDatasources": ['docker'],
|
||||
"automerge": "true",
|
||||
"automergeType": "branch",
|
||||
"schedule": [ "before 4am on Sunday" ],
|
||||
"matchUpdateTypes": [ 'patch', 'digest'],
|
||||
"matchPackageNames": [
|
||||
'ghcr.io/twin/gatus',
|
||||
"ghcr.io/gethomepage/homepage",
|
||||
],
|
||||
]
|
||||
|
||||
},
|
||||
{
|
||||
|
|
55
.github/workflows/docs-release.yaml
vendored
Normal file
|
@ -0,0 +1,55 @@
|
|||
---
|
||||
name: "Docs: Release to GitHub pages"
|
||||
|
||||
on:
|
||||
workflow_dispatch:
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
paths:
|
||||
- ".github/workflows/docs-release.yaml"
|
||||
- ".mkdocs.yml"
|
||||
- "docs/**"
|
||||
|
||||
permissions:
|
||||
contents: write
|
||||
|
||||
jobs:
|
||||
release-docs:
|
||||
name: Release documentation
|
||||
runs-on: ubuntu-22.04
|
||||
concurrency:
|
||||
group: ${{ github.workflow }}-${{ github.ref }}
|
||||
steps:
|
||||
- name: "Generate Short Lived OAuth App Token (ghs_*)"
|
||||
uses: actions/create-github-app-token@v1.9.3
|
||||
id: app-token
|
||||
with:
|
||||
app-id: "${{ secrets.TRUXNELL_APP_ID }}"
|
||||
private-key: "${{ secrets.TRUXNELL_APP_PRIVATE_KEY }}"
|
||||
|
||||
- name: Checkout main branch
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
token: ${{ steps.app-token.outputs.token }}
|
||||
fetch-depth: 0
|
||||
|
||||
- uses: actions/setup-python@v5
|
||||
with:
|
||||
python-version: 3.x
|
||||
|
||||
- name: Install requirements
|
||||
run: pip install -r docs/requirements.txt
|
||||
|
||||
- name: Build and publish docs
|
||||
run: mkdocs build -f mkdocs.yml
|
||||
|
||||
- name: Deploy
|
||||
uses: peaceiris/actions-gh-pages@v4.0.0
|
||||
if: ${{ github.ref == 'refs/heads/main' }}
|
||||
with:
|
||||
github_token: ${{ steps.app-token.outputs.token }}
|
||||
publish_dir: ./site
|
||||
destination_dir: docs
|
||||
user_name: "Trux-Bot[bot]"
|
||||
user_email: "Trux-Bot[bot] <19149206+trux-bot[bot]@users.noreply.github.com>"
|
|
@ -14,7 +14,7 @@ keys:
|
|||
- &citadel age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
||||
- &rickenbacker age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
||||
- &shodan age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
|
||||
- &daedalus age1w3jtd4lecn2ng8qxantw33qxl2uasfqfjfpx45u6uweexwtxyq4spwssmh
|
||||
- &daedalus age1jpeh4s553taxkyxhzlshzqjfrtvmmp5lw0hmpgn3mdnmgzku332qe082dl
|
||||
|
||||
creation_rules:
|
||||
- path_regex: .*\.sops\.yaml$
|
||||
|
|
6
.vscode/settings.json
vendored
Normal file
|
@ -0,0 +1,6 @@
|
|||
{
|
||||
"cSpell.words": [
|
||||
"homelab",
|
||||
"Seafile"
|
||||
]
|
||||
}
|
33
README.md
|
@ -38,37 +38,16 @@ To Install
|
|||
- [ ] Bring over hosts
|
||||
- [x] DNS01 Raspi4
|
||||
- [x] DNS02 Raspi4
|
||||
- [ ] NAS
|
||||
- [x] NAS
|
||||
- [x] Latop
|
||||
- [x] Gaming desktop
|
||||
- [ ] WSL
|
||||
- [ ] JJY emulator Raspi4
|
||||
- [ ] Documentation!
|
||||
- [ ] ssh_config build from computers?
|
||||
- [ ] Modularise host to allow vm builds and hw builds
|
||||
- [ ] Add license
|
||||
- [ ] Add taskfiles
|
||||
|
||||
## Network map
|
||||
|
||||
TBC
|
||||
|
||||
## Hardware
|
||||
|
||||
TBC
|
||||
|
||||
## Manifesto
|
||||
|
||||
Taking lead from the zen of python:
|
||||
|
||||
- Minimise dependencies, where required, explicitly define dependencies
|
||||
- Use plain nix to solve problems over additional tooling
|
||||
- Stable channel for stable machines. Unstable only where features are important.
|
||||
- Modules for a specific service - Profiles for broad configuration of state.
|
||||
- Write readable code - descriptive variable names and modules
|
||||
- Keep functions/dependencies within the relevant module where possible
|
||||
- Errors should never pass silently - use assert etc for misconfigurations
|
||||
- Flat is better than nested - use built-in functions like map, filter, and fold to operate on lists or sets
|
||||
- [x] Documentation!
|
||||
- [x] ssh_config build from computers?
|
||||
- [x] Modularise host to allow vm builds and hw builds
|
||||
- [x] Add license
|
||||
- [x] Add taskfiles
|
||||
|
||||
## Checklist
|
||||
|
||||
|
|
0
docs/administration/cockpit.md
Normal file
0
docs/administration/deployment.md
Normal file
0
docs/administration/taskfile.md
Normal file
8
docs/includes/abbreviations.md
Normal file
|
@ -0,0 +1,8 @@
|
|||
*[CI]: Continuous Integration
|
||||
*[PR]: Pull Request
|
||||
*[HASS]: Home-assistant
|
||||
*[k8s]: Kubernetes
|
||||
*[YAML]: Yet Another Markup Language
|
||||
*[JSON]: JavaScript Object Notation
|
||||
*[ZFS]: Originally 'Zettabyte File System', a COW filesystem.
|
||||
*[COW]: Copy on Write
|
BIN
docs/includes/assets/ci-checks-garnix.png
Normal file
After Width: | Height: | Size: 57 KiB |
BIN
docs/includes/assets/ci-checks.png
Normal file
After Width: | Height: | Size: 56 KiB |
BIN
docs/includes/assets/cockpit-systemd-notifications.png
Normal file
After Width: | Height: | Size: 63 KiB |
BIN
docs/includes/assets/home-cluster-pr.png
Normal file
After Width: | Height: | Size: 6.1 KiB |
BIN
docs/includes/assets/no-backup-warning.png
Normal file
After Width: | Height: | Size: 20 KiB |
BIN
docs/includes/assets/pushover-failed-backup.png
Normal file
After Width: | Height: | Size: 111 KiB |
BIN
docs/includes/assets/renovate-pr.png
Normal file
After Width: | Height: | Size: 122 KiB |
19
docs/index.md
Normal file
|
@ -0,0 +1,19 @@
|
|||
👋 Welcome to my NixoOS home and homelab configuration. This monorepo is my personal :simple-nixos: nix/nixos setup for all my devices, specifically my homelab.
|
||||
|
||||
This is the end result of a recovering :simple-kubernetes: k8s addict - who no longer enjoyed the time and effort I **personally** found it took to run k8s at home.
|
||||
|
||||
## Why?
|
||||
|
||||
Having needed a break from hobby's for some health related reasons, I found coming back to a unpatched cluster a chore, which was left unattented. Then a cheap SSD in my custom VyOS router blew, leading me to just put back in my Unifi Dreammachine router, which broke the custom DNS I was running for my cluster, which caused it issues.
|
||||
|
||||
During fixing the DNS issue, a basic software upgrade for the custom k8s OS I was running k8s on broke my cluster for the 6th time running, coupled with using a older version of the script tool I used to manage its machine config yaml, which ended up leading to my 6th k8s disaster recovery :octicons-info-16:{ title="No I don't want to talk about it" }).
|
||||
|
||||
Looking at my boring :simple-ubuntu: Ubuntu ZFS nas which just ran and ran and ran without needing TLC, and remembering the old days with Ubuntu + Docker Compose being hands-off :octicons-info-16:{ title="Too much hands off really as I auto-updated everything, but I digress" }), I dove into nix, with the idea of getting back to basics of boring proven tools, with the power of nix's declarative system.
|
||||
|
||||
## Goals
|
||||
|
||||
One of my goals is to bring what I learnt running k8s at home with some of the best homelabbers, into the nix world and see just how much of the practices I learnt I can apply to a nix setup, while focussing on having a solid, reliable, setup that I can leave largely unattended for months without issues cropping up.
|
||||
|
||||
The goal of this doc is for me to slow down a bit and jot down how and why I am doing what im doing in a module, and cover how I have approached the faucets of homelabbing, so **YOU** can understand, steal with pride from my code, and hopefully(?) learn a thing or two.
|
||||
|
||||
To _teach me_ a thing or two, contact me or raise a Issue. PR's may or may not be taken as a personal attack - this is my home setup after all.
|
109
docs/maintenance/backups.md
Normal file
|
@ -0,0 +1,109 @@
|
|||
# Backups
|
||||
|
||||
Nightly Backups are facilitated by NixOS's module for [restic](https://search.nixos.org/options?channel=23.11&from=0&size=50&sort=relevance&type=packages&query=services.restic.) module and a helper module ive written.
|
||||
|
||||
This does a nightly ZFS snapshot, in which apps and other mutable data is restic backed up to both a local folder on my NAS and also to Cloudflare R2 :octicons-info-16:{ title="R2 mainly due to the cheap cost and low egrees fees" }). Backing up from a ZFS snapshot ensures that the restic backup is consistent, as backing up files in use (especially a sqlite database) will cause corruption. Here, all restic jobs are backing up as per the 2.05 snapshot, regardless of when they run that night.
|
||||
|
||||
Another benefit of this approach is that it is service agnostic - containers, nixos services, qemu, whatever all have files in the same place on the filesystem (in the persistant folder) so they can all be backed up in the same fashion.
|
||||
|
||||
The alternative is to shutdown services during backup (which could be facilitaed with the restic backup pre/post scripts) but ZFS snapshots are a godsend in this area, and im already running them for impermanence.
|
||||
|
||||
!!! info "Backing up without snapshots/shutdowns?"
|
||||
|
||||
This is a pattern I see a bit too - if you are backing up files raw without stopping your service beforehand you might want to check to ensure your backups aren't corrupted.
|
||||
|
||||
The timeline then is:
|
||||
|
||||
| time | activity |
|
||||
| ------------- | -------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| 02.00 | ZFS deletes prior snapshot and creates new one, to `rpool/safe/persist@restic_nightly_snap` |
|
||||
| 02.05 - 04.05 | Restic backs up from new snapshot's hidden read-only mount `.zfs` with random delays per-service - to local and remote locations |
|
||||
|
||||
## Automatic Backups
|
||||
|
||||
I have added a sops secret for both my local and remote servers in my restic module :simple-github: [/nixos/modules/nixos/services/restic/](https://github.com/truxnell/nix-config/blob/main/nixos/modules/nixos/services/restic/default.nix). This provides the restic password and 'AWS' credentials for the S3-compatible R2 bucket.
|
||||
|
||||
Backups are created per-service in each services module. This is largely done with a `lib` helper ive written, which creates both the relevant restic backup local and remote entries in my nixosConfiguration.
|
||||
:simple-github: [nixos/modules/nixos/lib.nix](https://github.com/truxnell/nix-config/blob/main/nixos/modules/nixos/lib.nix)
|
||||
!!! question "Why not backup the entire persist in one hit?"
|
||||
|
||||
Possibly a hold over from my k8s days, but its incredibly useful to be able to restore per-service, especially if you just want to move an app around or restore one app. You can always restore multiple repos with a script/taskfile.
|
||||
|
||||
NixOS will create a service + timer for each job - below shows the output for a prowlarr local/remote backup.
|
||||
|
||||
```bash
|
||||
truxnell@daedalus ~> systemctl list-unit-files | grep restic-backups-prowlarr
|
||||
restic-backups-prowlarr-local.service linked enabled
|
||||
restic-backups-prowlarr-remote.service linked enabled
|
||||
restic-backups-prowlarr-local.timer enabled enabled
|
||||
restic-backups-prowlarr-remote.timer enabled enabled
|
||||
```
|
||||
|
||||
NixOS (as of 23.05 IIRC) now provides shims to enable easy access to the restic commands with the correct env vars mounted same as the service.
|
||||
|
||||
```bash
|
||||
truxnell@daedalus ~ [1]> sudo restic-prowlarr-local snapshots
|
||||
repository 9d9bf357 opened (version 2, compression level auto)
|
||||
ID Time Host Tags Paths
|
||||
---------------------------------------------------------------------------------------------------------------------
|
||||
293dad23 2024-04-15 19:24:37 daedalus /persist/.zfs/snapshot/restic_nightly_snap/containers/prowlarr
|
||||
24938fe8 2024-04-16 12:42:50 daedalus /persist/.zfs/snapshot/restic_nightly_snap/containers/prowlarr
|
||||
---------------------------------------------------------------------------------------------------------------------
|
||||
2 snapshots
|
||||
```
|
||||
|
||||
## Manually backing up
|
||||
|
||||
They are a systemd timer/service so you can query or trigger a manual run with `systemctl start restic-backups-<service>-<destination>` Local and remote work and function exactly the same, querying remote it just a fraction slower to return information.
|
||||
|
||||
```bash
|
||||
truxnell@daedalus ~ > sudo systemctl start restic-backups-prowlarr-local.service
|
||||
< no output >
|
||||
truxnell@daedalus ~ [1]> sudo restic-prowlarr-local snapshots
|
||||
repository 9d9bf357 opened (version 2, compression level auto)
|
||||
ID Time Host Tags Paths
|
||||
---------------------------------------------------------------------------------------------------------------------
|
||||
293dad23 2024-04-15 19:24:37 daedalus /persist/.zfs/snapshot/restic_nightly_snap/containers/prowlarr
|
||||
24938fe8 2024-04-16 12:42:50 daedalus /persist/.zfs/snapshot/restic_nightly_snap/containers/prowlarr
|
||||
---------------------------------------------------------------------------------------------------------------------
|
||||
2 snapshots
|
||||
truxnell@daedalus ~> date
|
||||
Tue Apr 16 12:43:20 AEST 2024
|
||||
truxnell@daedalus ~>
|
||||
```
|
||||
|
||||
## Restoring a backup
|
||||
|
||||
Testing a restore (would do --target / for a real restore)
|
||||
Would just have to pause service, run restore, then re-start service.
|
||||
|
||||
```bash
|
||||
truxnell@daedalus ~ [1]> sudo restic-lidarr-local restore --target /tmp/lidarr/ latest
|
||||
repository a2847581 opened (version 2, compression level auto)
|
||||
[0:00] 100.00% 2 / 2 index files loaded
|
||||
restoring <Snapshot b96f4b94 of [/persist/nixos/lidarr] at 2024-04-14 04:19:41.533770692 +1000 AEST by root@daedalus> to /tmp/lidarr/
|
||||
Summary: Restored 52581 files/dirs (11.025 GiB) in 1:37
|
||||
```
|
||||
|
||||
## Failed backup notifications
|
||||
|
||||
Failed backup notifications are baked-in due to the global Pushover notification on SystemD unit falure. No config nessecary
|
||||
|
||||
Here I tested it by giving the systemd unit file a incorrect path.
|
||||
|
||||
<figure markdown="span">
|
||||
![Screenshot of a pushover notification of a failed backup](../includes/assets/pushover-failed-backup.png)
|
||||
<figcaption>A deliberately failed backup to test notifications, hopefully I don't see a real one.</figcaption>
|
||||
</figure>
|
||||
|
||||
## Disabled backup warnings
|
||||
|
||||
Using [module warnings](https://nlewo.github.io/nixos-manual-sphinx/development/assertions.xml.html), I have also put in warnings into my NixOS modules if I have disabled a warning on a host _that isnt_ a development machine, just in case I do this or mixup flags on hosts. Roll your eyes, I will probably do it.
|
||||
This will pop up when I do a dry run/deployment - but not abort the build.
|
||||
|
||||
<figure markdown="span">
|
||||
|
||||
![Screenshoft of nixos warning of disabled backups](../includes/assets/no-backup-warning.png)
|
||||
|
||||
<figcaption>It is eye catching thankfully</figcaption>
|
||||
</figure>
|
122
docs/maintenance/software_updates.md
Normal file
|
@ -0,0 +1,122 @@
|
|||
# Software updates
|
||||
|
||||
Its crucial to update software regularly - but a homelab isn't a google play store you forget about and let it do its thing. How do you update your software stack regular without breaking things?
|
||||
|
||||
## Continuous integration
|
||||
|
||||
Continuous integration (CI) is running using :simple-githubactions: [Github Actions](https://github.com/features/actions) and [Garnix](https://Garnix.io). I have enabled branch protection rules to ensure all my devices successfully build before a PR is allowed to be pushed to main. This ensures I have a level of testing/confidence that an update of a device from the main branch will not break anything.
|
||||
|
||||
<figure markdown="span">
|
||||
![Screenshot of passed CI checks on GitHub Repository](../includes/assets/ci-checks.png)
|
||||
<figcaption>Lovely sea of green passed checks</figcaption>
|
||||
</figure>
|
||||
|
||||
## Binary Caching
|
||||
|
||||
Binary caching is done for me by [Garnix](https://Garnix.io) which is an amazing tool. I can then add them as [substituter](https://wiki.nixos.org/wiki/Binary_Cache#Binary_cache_hint_in_Flakes). These run each push to _any_ branch and cache the build results for me. Even better, I can hook into them as above for CI purposes.
|
||||
No code to show here, you add it as an app to your github repo and it 'Just Works :tm:'
|
||||
|
||||
```nix
|
||||
# Substitutions
|
||||
substituters = [ "https://cache.garnix.io" ];
|
||||
|
||||
trusted-public-keys = [
|
||||
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
||||
];
|
||||
|
||||
```
|
||||
|
||||
<figure markdown="span">
|
||||
![Screenshot of Garnix Cache build tests passing](../includes/assets/ci-checks-garnix.png)
|
||||
<figcaption>Lovely sea of green passed checks</figcaption>
|
||||
</figure>
|
||||
|
||||
## Flake updates
|
||||
|
||||
Github repo updates are provided by :simple-renovatebot: [Renovate](https://www.mend.io/renovate/) by [Mend](https://mend.io). These are auto-merged on a weekly schedule after passing CI. The settings can be found at :simple-github: [/main/.github/renovate.json5](https://github.com/truxnell/nix-config/blob/main/.github/renovate.json5)
|
||||
|
||||
The primary CI is a Garnix build, which Is already building and caching all my systems. Knowing all of the systems have built and cached goes a huge way toward ensuring main is a stable branch.
|
||||
|
||||
## Docker container updates
|
||||
|
||||
Container updates are provided by :simple-renovatebot: [Renovate](https://www.mend.io/renovate/) by [Mend](https://mend.io). These will either be manually merged after I have checked the upstream projects notes for breaking changes _or_ auto-merged based on settings I have in :simple-github: [/.github/renovate/autoMerge.json5](https://github.com/truxnell/nix-config/blob/dev2/.github/renovate/autoMerge.json5).
|
||||
|
||||
!!! info "Semantic Versioning summary"
|
||||
|
||||
Semantic Versioning blurb is a format of MAJOR.MINOR.PATCH:<br>
|
||||
MAJOR version when you make incompatible API changes (e.g. 1.7.8 -> 2.0.0)<br>
|
||||
MINOR version when you add functionality in a backward compatible manner (e.g. 1.7.8 -> 1.8.0)<br>
|
||||
PATCH version when you make backward compatible bug fixes (e.g. 1.7.8 -> 1.7.9)<br>
|
||||
|
||||
The auto-merge file allows me to define a pattern of which packages I want to auto-merge based on the upgrade type Renovate is suggesting. As many packages adhere to [Semantic Versioning](https://semver.org/ "A standard for version numbers to indicate type of upgrade"), I can determine how I 'feel' about the project, and decide to auto-merge specific tags. So for example, Sonarr has been reliable for me so I am ok merging all digest, patch and minor updates. I will always review a a major update, as it is likely to contain a breaking change.
|
||||
|
||||
!!! warning "Respect pre-1.0.0 software!"
|
||||
Semantic Versioning also specifies that all software before 1.0.0 may have a breaking change **AT ANY TIME**. Auto update pre 1.0 software at your own risk!
|
||||
|
||||
The rational here is twofold. One is obvious - The entire point of doing Nix is reproducibility - what is the point of having flakes and SHA tags to provide the ability
|
||||
|
||||
Also, I dont wan't a trillion PR's in my github repo waiting, but I also will not blindly update everything. There is **a balance** between updating for security/patching purposes and avoiding breaking changes. I know its popular to use `:latest` tag and a auto-update service like [watchtower](https://github.com/containrrr/watchtower) - trust me this is a bad idea.
|
||||
|
||||
<figure markdown="span">
|
||||
![Alt text](../includes/assets/home-cluster-pr.png)
|
||||
<figcaption>I only glanced away from my old homelab for a few months...</figcaption>
|
||||
</figure>
|
||||
|
||||
!!! info "Automatically updating **all versions** of containers will break things eventually!"
|
||||
|
||||
This is simply because projects from time to time will release breaking changes - totally different database schemas, overhaul config, replace entire parts of their software stack etc. If you let your service update totally automatically without checking for these you will wake up to a completely broken service like I did many, many years ago when Seafile did a major upgrade.
|
||||
|
||||
Container updates are provided by a custom regex that matches my format for defining images in my nix modules.
|
||||
|
||||
```yaml
|
||||
"regexManagers": [
|
||||
{
|
||||
fileMatch: ["^.*\\.nix$"],
|
||||
matchStrings: [
|
||||
'image *= *"(?<depName>.*?):(?<currentValue>.*?)(@(?<currentDigest>sha256:[a-f0-9]+))?";',
|
||||
],
|
||||
datasourceTemplate: "docker",
|
||||
}
|
||||
],
|
||||
|
||||
```
|
||||
|
||||
And then I can pick and choose what level (if any) I want for container software. The below gives me brackets I can put containers in to enable auto-merge depending on how much I much i trust the container maintainer.
|
||||
|
||||
```yaml
|
||||
"packageRules": [
|
||||
{
|
||||
// auto update up to major
|
||||
"matchDatasources": ['docker'],
|
||||
"automerge": "true",
|
||||
"automergeType": "branch",
|
||||
"matchUpdateTypes": [ 'minor', 'patch', 'digest'],
|
||||
"matchPackageNames": [
|
||||
'ghcr.io/onedr0p/sonarr',
|
||||
'ghcr.io/onedr0p/readarr',
|
||||
'ghcr.io/onedr0p/radarr',
|
||||
'ghcr.io/onedr0p/lidarr',
|
||||
'ghcr.io/onedr0p/prowlarr'
|
||||
'ghcr.io/twin/gatus',
|
||||
]
|
||||
},
|
||||
// auto update up to minor
|
||||
{
|
||||
"matchDatasources": ['docker'],
|
||||
"automerge": "true",
|
||||
"automergeType": "branch",
|
||||
"matchUpdateTypes": [ 'patch', 'digest'],
|
||||
"matchPackageNames": [
|
||||
"ghcr.io/gethomepage/homepage",
|
||||
]
|
||||
|
||||
}
|
||||
]
|
||||
```
|
||||
|
||||
Which results in automated PR's being raised - and **possibly** automatically merged into main if CI passes.
|
||||
|
||||
<figure markdown="span">
|
||||
![Alt text](../includes/assets/renovate-pr.png)
|
||||
<figcaption>Thankyou RenovateBot!</figcaption>
|
||||
</figure>
|
89
docs/monitoring/systemd.md
Normal file
|
@ -0,0 +1,89 @@
|
|||
# SystemD pushover notifications
|
||||
|
||||
Keeping with the goal of simple, I put together a `curl` script that can send me a pushover alert. I originally tied this to individual backups, until I realised how powerful it would be to just have it tied to every SystemD service globally.
|
||||
|
||||
This way, I would never need to worry or consider _what_ services are being created/destroyed and repeating myself _ad nauseam_.
|
||||
|
||||
!!! question "Why not Prometheus?"
|
||||
|
||||
I ran Prometheus/AlertManager for many years and well it can be easy to get TOO many notifications depending on your alerts, or to have issues with the big complex beast it is itself, or have alerts that trigger/reset/trigger (i.e. HDD temps).
|
||||
This gives me native, simple notifications I can rely on using basic tools - one of my design principles.
|
||||
|
||||
Immediately I picked up with little effort:
|
||||
|
||||
- Pod ~~crashloop~~ failed after too many quick restarts
|
||||
- Native service failure
|
||||
- Backup failures
|
||||
- AutoUpdate failure
|
||||
- etc
|
||||
|
||||
<figure markdown="span">
|
||||
![Screenshot of Cockpit web ui showing various pushover notification units](../includes/assets/cockpit-systemd-notifications.png)
|
||||
<figcaption>NixOS SystemD built-in notifications for all occasions</figcaption>
|
||||
</figure>
|
||||
|
||||
## Adding to all services
|
||||
|
||||
This is accomplished in :simple-github:[/nixos/modules/nixos/system/pushover](https://github.com/truxnell/nix-config/blob/main/nixos/modules/nixos/system/pushover/default.nix), with a systemd service `notify-pushover@`.
|
||||
|
||||
This can then be called by other services, which I setup with adding into my options:
|
||||
|
||||
```nix
|
||||
options.systemd.services = mkOption {
|
||||
type = with types; attrsOf (
|
||||
submodule {
|
||||
config.onFailure = [ "notify-pushover@%n.service" ];
|
||||
}
|
||||
);
|
||||
```
|
||||
|
||||
This adds into every systemd NixOS generates the "notify-pushover@%n.service", where the [systemd specifiers](https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#Specifiers") are injected with `scriptArgs`, and the simple bash script can refer to them as `$1` etc.
|
||||
|
||||
```nix
|
||||
systemd.services."notify-pushover@" = {
|
||||
enable = true;
|
||||
onFailure = lib.mkForce [ ]; # cant refer to itself on failure (1)
|
||||
description = "Notify on failed unit %i";
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
# User = config.users.users.truxnell.name;
|
||||
EnvironmentFile = config.sops.secrets."services/pushover/env".path; # (2)
|
||||
};
|
||||
|
||||
# Script calls pushover with some deets.
|
||||
# Here im using the systemd specifier %i passed into the script,
|
||||
# which I can reference with bash $1.
|
||||
scriptArgs = "%i %H"; # (3)
|
||||
# (4)
|
||||
script = ''
|
||||
${pkgs.curl}/bin/curl --fail -s -o /dev/null \
|
||||
--form-string "token=$PUSHOVER_API_KEY" \
|
||||
--form-string "user=$PUSHOVER_USER_KEY" \
|
||||
--form-string "priority=1" \
|
||||
--form-string "html=1" \
|
||||
--form-string "timestamp=$(date +%s)" \
|
||||
--form-string "url=https://$2:9090/system/services#/$1" \
|
||||
--form-string "url_title=View in Cockpit" \
|
||||
--form-string "title=Unit failure: '$1' on $2" \
|
||||
--form-string "message=<b>$1</b> has failed on <b>$2</b><br><u>Journal tail:</u><br><br><i>$(journalctl -u $1 -n 10 -o cat)</i>" \
|
||||
https://api.pushover.net/1/messages.json 2&>1
|
||||
'';
|
||||
```
|
||||
|
||||
1. Force exclude this service from having the default 'onFailure' added
|
||||
2. Bring in pushover API/User ENV vars for script
|
||||
3. Pass SystemD specifiers into script
|
||||
4. Er.. script. Nix pops it into a shell script and refers to it in the unit.
|
||||
|
||||
!!! bug
|
||||
|
||||
I put in a nice link direct to Cockpit for the specific machine/service in question that doesnt _quite_ work yet... (:octicons-issue-opened-16: [#96](https://github.com/truxnell/nix-config/issues/96))
|
||||
|
||||
## Excluding from a services
|
||||
|
||||
Now we may not want this on ALL services. Especially the pushover-notify service itself. We can exclude this from a service using Nix `nixpkgs.lib.mkForce`
|
||||
|
||||
```nix
|
||||
# Over-write the default pushover
|
||||
systemd.services."service".onFailure = lib.mkForce [ ] option.
|
||||
```
|
33
docs/monitoring/warnings.md
Normal file
|
@ -0,0 +1,33 @@
|
|||
I've added warnings and assertations to code using nix to help me avoid misconfigurations. For example, if a module needs a database enabled, it can abort a deployment if it is not enabled. Similary, I have added warnings if I have disabled backups for production machines.
|
||||
|
||||
!!! question "But why, when its not being shared with others?"
|
||||
|
||||
Because I guarentee ill somehow stuff it up down the track and accidently disable things I didnt mean to. Roll your eyes, Ill thank myself later.
|
||||
|
||||
> Learnt from: [Nix Manual](https://nlewo.github.io/nixos-manual-sphinx/development/assertions.xml.html)
|
||||
|
||||
## Warnings
|
||||
|
||||
Warnings will print a warning message duyring a nix build or deployment, but **NOT** stop the action. Great for things like reminders on disabled features
|
||||
|
||||
To add a warning inside a module:
|
||||
|
||||
```nix
|
||||
# Warn if backups are disable and machine isn't a dev box
|
||||
config.warnings = [
|
||||
(mkIf (!cfg.local.enable && config.mySystem.purpose != "Development")
|
||||
"WARNING: Local backups are disabled!")
|
||||
(mkIf (!cfg.remote.enable && config.mySystem.purpose != "Development")
|
||||
"WARNING: Remote backups are disabled!")
|
||||
];
|
||||
|
||||
```
|
||||
|
||||
<figure markdown="span">
|
||||
![Alt text](../includes/assets/no-backup-warning.png)
|
||||
<figcaption>Oh THATS what I forgot to re-enable...</figcaption>
|
||||
</figure>
|
||||
|
||||
## Abort/assert
|
||||
|
||||
Warnings bigger and meaner brother. Stops a nix build/deploy dead in its tracks. Only useful for when deployment is incompatiable with running - i.e. a dependency not met in options.
|
43
docs/motd.md
Normal file
|
@ -0,0 +1,43 @@
|
|||
# Message of the day
|
||||
|
||||
Why not include a nice message of the day for each server I log into?
|
||||
|
||||
The below gives some insight into what the servers running, status of zpools, usage, etc.
|
||||
While not show below - thankfully - If a zpool error is found the status gives a full `zpool status -x` debrief which is particulary eye-catching upon login.
|
||||
|
||||
![Alt text](motd.png)
|
||||
|
||||
Code TLDR
|
||||
|
||||
:simple-github:[/nixos/modules/nixos/system/motd](https://github.com/truxnell/nix-config/blob/462144babe7e7b2a49a985afe87c4b2f1fa8c3f9/nixos/modules/nixos/system/motd/default.nix])
|
||||
|
||||
Write a shell script using nix with a bash motd
|
||||
|
||||
```nix
|
||||
let
|
||||
motd = pkgs.writeShellScriptBin "motd"
|
||||
''
|
||||
#! /usr/bin/env bash
|
||||
source /etc/os-release
|
||||
service_status=$(systemctl list-units | grep podman-)
|
||||
|
||||
<- SNIP ->
|
||||
printf "$BOLDService status$ENDCOLOR\n"
|
||||
'';
|
||||
in
|
||||
```
|
||||
|
||||
This gets us a shells script we can then directly call into systemPackages - and after that its just a short hop to make this part of the shell init.
|
||||
|
||||
!!! note
|
||||
|
||||
Replace with your preferred shell!
|
||||
|
||||
```nix
|
||||
environment.systemPackages = [
|
||||
motd
|
||||
];
|
||||
programs.fish.interactiveShellInit = ''
|
||||
motd
|
||||
'';
|
||||
```
|
BIN
docs/motd.png
Normal file
After Width: | Height: | Size: 149 KiB |
12
docs/overview/design.md
Normal file
|
@ -0,0 +1,12 @@
|
|||
# Design principles
|
||||
|
||||
Taking some lead from the [Zen of Python](https://peps.python.org/pep-0020/):
|
||||
|
||||
- Minimise dependencies, where required, explicitly define dependencies
|
||||
- Use plain Nix & bash to solve problems over additional tooling
|
||||
- Stable channel for stable machines. Unstable only where features are important.
|
||||
- Modules for a specific service - Profiles for broad configuration of state.
|
||||
- Write readable code - descriptive variable names and modules
|
||||
- Keep functions/dependencies within the relevant module where possible
|
||||
- Errors should never pass silently - use assert etc for misconfigurations
|
||||
- Flat is better than nested - use built-in functions like map, filter, and fold to operate on lists or sets
|
10
docs/overview/features.md
Normal file
|
@ -0,0 +1,10 @@
|
|||
# Features
|
||||
|
||||
Some things I'm proud of. Or just happy they exist so I can forget about something until I need to worry.
|
||||
|
||||
<div class="grid cards" markdown>
|
||||
- :octicons-copy-16: [__Nightly Backups__](/maintenance/backups/)<br>A ZFS snapshot is done at night, with restic then backing up to both locally and cloud. NixOS wrappers make restoring a single command line entry.<br><br>ZFS snapshot before backup is important to ensure restic isnt backing up files that are in use, which would cause corruption.
|
||||
- :material-update: [__Software Updates__](/maintenance/software_updates/)<br>Renovate Bot regulary runs on this Github repo, updating the flake lockfile, containers and other dependencies automatically.<br><br> Automerge is enabled for updates I expect will be routine, but waits for manual PR approval for updates I suspect may require reading changelog for breaking changes
|
||||
- :ghost: __Impermance__:<br>Inspried by the [Erase your Darlings](https://grahamc.com/blog/erase-your-darlings/) post, Servers run zfs and rollback to a blank snapshot at night. This ensures repeatable NixOS deployments and no cruft, and also hardens servers a little.
|
||||
- :material-alarm-light: __SystemD Notifications__:<br>Systemd hook that adds a pushover notification to __any__ systemd unit failure for any unit NixOS is aware of. No worrying about forgetting to add a notification to every new service or worrying about missing one.
|
||||
</div>
|
19
docs/overview/goals.md
Normal file
|
@ -0,0 +1,19 @@
|
|||
# Goals
|
||||
|
||||
When I set about making this lab I had a number of goals - I wonder how well I will do :thinking:?
|
||||
|
||||
A master list of ideas/goals/etc can be found at :octicons-issue-tracks-16: [Issue #1](https://github.com/truxnell/nix-config/issues/1)
|
||||
|
||||
<div class="grid cards" markdown>
|
||||
|
||||
- __:material-sword: Stability__ <br>NixOS stable channel for core services unstable for desktop apps/non-mission critical where desired. Containers with SHA256 pinning for server apps
|
||||
- __:kiss: KISS__<br>Keep it Simple, use boring, reliable, trusted tools - not todays flashy new software repo
|
||||
- __:zzz: Easy Updates__<br>Weekly update schedule, utilizing Renovate for updating lockfile and container images. Autoupdates enabled off main branch for mission critical. Aim for 'magic rollback' on upgrade failure
|
||||
- __:material-cloud-upload: Backups__<br>Nightly restic backups to both cloud and NAS. All databases to have nightly backups. _Test backups regulary_
|
||||
- __:repeat: Reproducability__<br>Flakes & Git for version pinning, SHA256 tags for containers.
|
||||
- __:alarm_clock: Monitoring__<br>Automated monitoring on failure & critical summaries, using basic tools. Use Gatus for both internal and external monitoring
|
||||
- __:clipboard: Continuous Integration__<br>CI against main branch to ensure all code compiles OK. Use PR's to add to main and dont skip CI due to impatience
|
||||
- __:material-security: Security__<br>Dont use containers with S6 overlay/root (i.e. LSIO :grey_question:{ title="LSIO trades security for convenience with their container configuration" }). Expose minimal ports at router, Reduce attack surface by keeping it simple, review hardening containers/podman/NixOS
|
||||
- __:fontawesome-solid-martini-glass-citrus: Ease of administration__<br>Lean into the devil that is SystemD - and have one standard interface to see logs, manipulate services, etc. Run containers as podman services, and webui's for watching/debugging
|
||||
- __:simple-letsencrypt: Secrets__ _~ssshh~.._<br>[Sops-nix](https://github.com/Mic92/sops-nix) for secrets, living in my gitrepo. Avoid cloud services like I used in k8s (i.e. [Doppler.io](https://doppler.io))
|
||||
</div>
|
1
docs/overview/options.md
Normal file
|
@ -0,0 +1 @@
|
|||
Explain mySystem and myHome
|
34
docs/overview/structure.md
Normal file
|
@ -0,0 +1,34 @@
|
|||
# Repository Structure
|
||||
|
||||
!!! note inline end
|
||||
|
||||
Oh god writing this now is a horrid idea, I always refactor like 50 times...
|
||||
|
||||
Here is a bit of a walkthrough of the repository structure so ~~you~~ I can have a vague idea on what is going on. Organizing a monorepo is hard at the best of times.
|
||||
<br><br><br>
|
||||
|
||||
```
|
||||
├── .github
|
||||
│ ├── renovate Renovate modules
|
||||
│ ├── workflows Github Action workflows (i.e. CI/Site building)
|
||||
│ └── renovate.json5 Renovate core settings
|
||||
├── .taskfiles go-task file modules
|
||||
├── docs This mkdocs-material site
|
||||
│ nixos Nixos Modules
|
||||
│ └── home home-manager nix files
|
||||
│ ├── modules home-manager modules
|
||||
│ └── truxnell home-manager user
|
||||
│ ├── hosts hosts for nix - starting point of configs.
|
||||
│ ├── modules nix modules
|
||||
│ ├── overlays nixpkgs overlays
|
||||
│ ├── pkgs custom nix packages
|
||||
│ └── profiles host profiles
|
||||
├── README.md Github Repo landing page
|
||||
├── flake.nix Core flake
|
||||
├── flake.lock Lockfile
|
||||
├── LICENSE Project License
|
||||
├── mkdocs.yml mkdocs settings
|
||||
└── Taskfile.yaml go-task core file
|
||||
```
|
||||
|
||||
Whew that wasnt so hard right... right?
|
6
docs/requirements.txt
Normal file
|
@ -0,0 +1,6 @@
|
|||
mkdocs~=1.5,>=1.5.3
|
||||
mkdocs-material~=9.4
|
||||
mkdocs-material-extensions~=1.2
|
||||
pygments~=2.16
|
||||
pymdown-extensions~=10.2
|
||||
mkdocs-minify-plugin~=0.7
|
3
docs/security/containers.md
Normal file
|
@ -0,0 +1,3 @@
|
|||
## Container images
|
||||
|
||||
Dont use LSIO!
|
|
@ -3,3 +3,6 @@
|
|||
* can pass between nixos and home-manager with config.homemanager.users.<X>.<y> and osConfig.<x?
|
||||
* when adding home-manager to existing setup, the home-manager service may fail due to trying to over-write existing files in `~`. Deleting these should allow the service to start
|
||||
* yaml = json, so using nix + builtins.toJSON a lot (and repl to vscode for testing)
|
||||
|
||||
checking values:
|
||||
# https://github.com/NixOS/nixpkgs/blob/90055d5e616bd943795d38808c94dbf0dd35abe8/nixos/modules/config/users-groups.nix#L116
|
||||
|
|
|
@ -1,3 +0,0 @@
|
|||
sops-nix for secrets
|
||||
nixos substituters
|
||||
nix nvd post build
|
|
@ -1,52 +0,0 @@
|
|||
Nightly Backups are facilitated by nixos restic module & a helper module ive written.
|
||||
|
||||
These run to my NAS 'local' and cloudflare R2 'remote'
|
||||
|
||||
They are a systemd timer/service so you can query or trigger a manual run with
|
||||
|
||||
```bash
|
||||
truxnell@daedalus ~> systemctl status restic-backups-lidarr-local.timer
|
||||
● restic-backups-lidarr-local.timer
|
||||
Loaded: loaded (/etc/systemd/system/restic-backups-lidarr-local.timer; enabled; preset: enabled)
|
||||
Active: active (waiting) since Sat 2024-04-13 19:50:23 AEST; 12h ago
|
||||
Trigger: Mon 2024-04-15 03:03:22 AEST; 18h left
|
||||
Triggers: ● restic-backups-lidarr-local.service
|
||||
|
||||
truxnell@daedalus ~> systemctl status restic-backups-lidarr-local.service
|
||||
○ restic-backups-lidarr-local.service
|
||||
Loaded: loaded (/etc/systemd/system/restic-backups-lidarr-local.service; linked; preset: enabled)
|
||||
Active: inactive (dead) since Sun 2024-04-14 04:20:02 AEST; 4h 14min ago
|
||||
TriggeredBy: ● restic-backups-lidarr-local.timer
|
||||
Process: 774197 ExecStartPre=/nix/store/vw03a7pxjj1sf59rk1p65nbv1jjwba1b-unit-script-restic-backups-lidarr-local-pre-start/bin/restic-backups-lidarr-local-pre-start (code=exited, status=0/SUCCESS)
|
||||
Process: 774210 ExecStart=/nix/store/cbg69gn45canlna2fsy7y9g72kv5q9y3-restic-0.16.4/bin/restic backup --exclude-file=/nix/store/bk1cxh78aaxbnh22jcxw18jadhk7j2b7-exclude-patterns --files-from=/run/restic-backups-lidarr-local/includes >
|
||||
Process: 774239 ExecStart=/nix/store/cbg69gn45canlna2fsy7y9g72kv5q9y3-restic-0.16.4/bin/restic forget --prune --keep-daily 7 --keep-weekly 5 --keep-monthly 12 (code=exited, status=0/SUCCESS)
|
||||
Process: 774251 ExecStart=/nix/store/cbg69gn45canlna2fsy7y9g72kv5q9y3-restic-0.16.4/bin/restic check (code=exited, status=0/SUCCESS)
|
||||
Process: 774381 ExecStopPost=/nix/store/nk9a304p38yxfgb6f63s6nq1c4icjplb-unit-script-restic-backups-lidarr-local-post-stop/bin/restic-backups-lidarr-local-post-stop (code=exited, status=0/SUCCESS)
|
||||
Main PID: 774251 (code=exited, status=0/SUCCESS)
|
||||
IP: 0B in, 0B out
|
||||
CPU: 21.961s
|
||||
|
||||
```
|
||||
|
||||
Checking snapshots
|
||||
|
||||
```bash
|
||||
truxnell@daedalus ~ [3]> sudo restic-lidarr-local snapshots
|
||||
repository a2847581 opened (version 2, compression level auto)
|
||||
ID Time Host Tags Paths
|
||||
----------------------------------------------------------------------------
|
||||
aef44e7c 2024-04-13 19:56:14 daedalus /persist/nixos/lidarr
|
||||
b96f4b94 2024-04-14 04:19:41 daedalus /persist/nixos/lidarr
|
||||
----------------------------------------------------------------------------
|
||||
```
|
||||
|
||||
Testing a restore (would do --target / for a real restore)
|
||||
Would just have to pause service, run restore, then re-start service.
|
||||
|
||||
```bash
|
||||
truxnell@daedalus ~ [1]> sudo restic-lidarr-local restore --target /tmp/lidarr/ latest
|
||||
repository a2847581 opened (version 2, compression level auto)
|
||||
[0:00] 100.00% 2 / 2 index files loaded
|
||||
restoring <Snapshot b96f4b94 of [/persist/nixos/lidarr] at 2024-04-14 04:19:41.533770692 +1000 AEST by root@daedalus> to /tmp/lidarr/
|
||||
Summary: Restored 52581 files/dirs (11.025 GiB) in 1:37
|
||||
```
|
|
@ -1,8 +0,0 @@
|
|||
stable channel for reliable services, with unstable for desktop apps, containers for 'server' apps
|
||||
renovate for automated lockfile and container updates
|
||||
strong CI on all PR's to ensure system updates from main branch are reliable
|
||||
leans into systemd, meaning everything can be managed, viewed and debugged with a consistent interface (Ive come around to loving systemd...)
|
||||
cockpit on all servers for easy viewing of stauts logs, etc
|
||||
sops-nix for secrets
|
||||
nightly restic backups (diff) to local and cloud, with failure notifications and simple command-line wrapper for restores
|
||||
gatus monitoring for apps, dns and servers, dynamicaly built from nix across all enabled nodes
|
|
@ -1,11 +0,0 @@
|
|||
|
||||
SHODAN = lab01
|
||||
XERXES = lab02
|
||||
|
||||
DURANDAL = dns01
|
||||
dns02
|
||||
|
||||
pikvm
|
||||
|
||||
CITADEL = gaming pc
|
||||
HYPERION = laptop
|
94
mkdocs.yml
Normal file
|
@ -0,0 +1,94 @@
|
|||
site_name: Truxnell's NixOS homelab
|
||||
site_author: truxnell
|
||||
|
||||
# Repository
|
||||
repo_name: truxnell/nix-config
|
||||
repo_url: https://github.com/truxnell/nix-config
|
||||
|
||||
docs_dir: ./docs
|
||||
site_dir: ./site
|
||||
|
||||
copyright: Copyright © 2024 Nat Allan
|
||||
|
||||
theme:
|
||||
name: material
|
||||
# custom_dir: ../../docs/overrides
|
||||
features:
|
||||
- announce.dismiss
|
||||
- content.code.annotate
|
||||
- content.code.copy
|
||||
- navigation.expand
|
||||
- navigation.indexes
|
||||
- navigation.path
|
||||
# - navigation.sections
|
||||
- navigation.footer
|
||||
# - navigation.tabs
|
||||
- navigation.top
|
||||
- search.suggest
|
||||
palette:
|
||||
- scheme: slate
|
||||
media: "(prefers-color-scheme: light)"
|
||||
primary: black
|
||||
accent: indigo
|
||||
toggle:
|
||||
icon: material/brightness-4
|
||||
name: Switch to light mode
|
||||
- scheme: default
|
||||
media: "(prefers-color-scheme: dark)"
|
||||
toggle:
|
||||
icon: material/brightness-7
|
||||
name: Switch to dark mode
|
||||
font:
|
||||
text: Roboto
|
||||
code: Roboto Mono
|
||||
icon:
|
||||
logo: simple/nixos
|
||||
annotations: material/chat-question
|
||||
|
||||
# Plugins
|
||||
plugins:
|
||||
- search:
|
||||
separator: '[\s\u200b\-_,:!=\[\]()"`/]+|\.(?!\d)|&[lg]t;|(?!\b)(?=[A-Z][a-z])'
|
||||
- minify:
|
||||
minify_html: true
|
||||
|
||||
# Extensions
|
||||
markdown_extensions:
|
||||
- admonition
|
||||
- abbr
|
||||
- attr_list
|
||||
- md_in_html
|
||||
- pymdownx.emoji:
|
||||
emoji_index: !!python/name:material.extensions.emoji.twemoji
|
||||
emoji_generator: !!python/name:material.extensions.emoji.to_svg
|
||||
- pymdownx.highlight:
|
||||
anchor_linenums: true
|
||||
line_spans: __span
|
||||
pygments_lang_class: true
|
||||
- pymdownx.inlinehilite
|
||||
- pymdownx.caret
|
||||
- pymdownx.tilde
|
||||
- pymdownx.snippets:
|
||||
check_paths: true
|
||||
auto_append:
|
||||
- ./docs/includes/abbreviations.md
|
||||
- pymdownx.superfences
|
||||
- toc:
|
||||
permalink: true
|
||||
toc_depth: 3
|
||||
|
||||
nav:
|
||||
- readme.md: index.md
|
||||
- Overview:
|
||||
- Goals: overview/goals.md
|
||||
- Features: overview/features.md
|
||||
- Design Principals: overview/design.md
|
||||
- Structure: overview/structure.md
|
||||
- Maintenance:
|
||||
- Software Updates: maintenance/software_updates.md
|
||||
- Backups: maintenance/backups.md
|
||||
- Monitoring:
|
||||
- SystemD failures: monitoring/systemd.md
|
||||
- Nix Warnings: monitoring/warnings.md
|
||||
- Other Features:
|
||||
- MOTD: motd.md
|
|
@ -11,25 +11,25 @@
|
|||
|
||||
];
|
||||
|
||||
mySystem.purpose = "Network Attached Storage";
|
||||
mySystem.services = {
|
||||
openssh.enable = true;
|
||||
|
||||
#containers
|
||||
podman.enable = true;
|
||||
traefik.enable = true;
|
||||
homepage.enable = true;
|
||||
sonarr.enable = true;
|
||||
radarr.enable = true;
|
||||
lidarr.enable = true;
|
||||
readarr.enable = true;
|
||||
gatus.enable = true;
|
||||
sabnzbd.enable = true;
|
||||
qbittorrent.enable = true;
|
||||
prowlarr.enable = true;
|
||||
|
||||
backrest.enable = true;
|
||||
|
||||
};
|
||||
mySystem.nasFolder = "/tank";
|
||||
mySystem.system.resticBackup.local.location = "/tank/backup/nixos/nixos";
|
||||
|
||||
mySystem.system = {
|
||||
zfs.enable = true;
|
||||
|
|
|
@ -6,21 +6,34 @@
|
|||
, pkgs
|
||||
, ...
|
||||
}: {
|
||||
|
||||
mySystem.purpose = "Development";
|
||||
mySystem.services = {
|
||||
openssh.enable = true;
|
||||
podman.enable = true;
|
||||
traefik.enable = true;
|
||||
|
||||
gatus.enable = true;
|
||||
homepage.enable = true;
|
||||
backrest.enable = true;
|
||||
|
||||
plex.enable = true;
|
||||
tautulli.enable = true;
|
||||
syncthing.enable = true;
|
||||
|
||||
|
||||
};
|
||||
|
||||
mySystem.nfs.nas.enable = true;
|
||||
mySystem.persistentFolder = "/persistent/nixos";
|
||||
mySystem.persistentFolder = "/persistent";
|
||||
mySystem.system.motd.networkInterfaces = [ "eno1" ];
|
||||
|
||||
# Dev machine
|
||||
mySystem.system.resticBackup =
|
||||
{
|
||||
local.enable = false;
|
||||
remote.enable = false;
|
||||
};
|
||||
|
||||
boot = {
|
||||
|
||||
initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
|
||||
|
|
|
@ -2,6 +2,4 @@
|
|||
|
||||
mySystem = import ./nixos;
|
||||
|
||||
|
||||
|
||||
}
|
||||
|
|
|
@ -11,7 +11,8 @@ let
|
|||
group = "568"; #string
|
||||
port = 8686; #int
|
||||
cfg = config.mySystem.services.${app};
|
||||
persistentFolder = "${config.mySystem.persistentFolder}/${app}";
|
||||
appFolder = "containers/${app}";
|
||||
persistentFolder = "${config.mySystem.persistentFolder}/${appFolder}";
|
||||
in
|
||||
{
|
||||
options.mySystem.services.${app} =
|
||||
|
@ -85,11 +86,13 @@ in
|
|||
conditions = [ "[CONNECTED] == true" "[STATUS] == 200" "[RESPONSE_TIME] < 50" ];
|
||||
}];
|
||||
|
||||
services.restic.backups."${app}-local" = config.lib.mySystem.mkRestic
|
||||
services.restic.backups = config.lib.mySystem.mkRestic
|
||||
{
|
||||
inherit app;
|
||||
user = builtins.toString user;
|
||||
excludePaths = [ "Backups" ];
|
||||
paths = [ persistentFolder ];
|
||||
paths = [ appFolder ];
|
||||
inherit appFolder;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
services:
|
||||
lidarr:
|
||||
env: ENC[AES256_GCM,data:CNeLt9d/2eZhiazlJXKJzr3oLRvtMRLCJbNQ3ZEapLj3DwswxkC8SH4003DCCyyw98eDNzcTTwFpeu26nAuCmChJqNbyaD7j9k87xGgr+k+OjYdzUfaW3kNnz0dh2Ip2ryg7XTws9q/2laWlqyY=,iv:H2VVi2j0JI8WhawPXQKdMoHCK3S6SH1N9fwRXsz+sAw=,tag:o9ZEB1Pxogere0/gV9uHZQ==,type:str]
|
||||
env: ENC[AES256_GCM,data:vRK+rty1lXFeqJZdVIsJolPn+LNNwx6nNEOUgXgXoj+o1apFvoAV1JnoYhq2/RR1V4LjmL32q1pZVjI/1YI+87HWh9q7dHwnP1sN5FYCzYZOcyIaGZ6E51dEUQ+CloYchTGAJAV5PruLjP9bsg4=,iv:5Pf3o2ujfdwhb6dBUq/QIWmW1nP6oAoE7E6F0dMlroY=,tag:a6RpL4QZ9PaVGAxMiynxVw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -10,59 +10,59 @@ sops:
|
|||
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4N1p4aFNmbit6ODBacUVO
|
||||
bUh1Sk1oQWZwaUF0RW5UVTN5b1RHdnRjRXhVCm95cndpQjdmdGRTd1gxV3ZVS3NF
|
||||
WUxrY1FyNkpKb0MzS0d0bjJvVFdVazQKLS0tIElPN0JqMkUvbmM0aWxVOFY3TkZh
|
||||
dDRjb1l1dHcwNXpqY3YwVHdRR3FTYTQKlklHK/ARZQvcDBFa/am6aza1NdUl1mmP
|
||||
bvP437PbtoSTZJNQCcRE1tv+3i4xC+OPVmuE7e5BJ/BBdHGSdyziPA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPSDZ0WnQxOU8wMlZ2bVFJ
|
||||
QjRZN0EraklXQW5xck9IcG1ScjhGZzFQaVJRCllvcWVBQ3RWMGlLZG5MTzZBandy
|
||||
RzhFNEJ4bHBnUXdLN3VGa1QxRkR0ak0KLS0tIG9MN0U1OXdYRjB4WkErTDJBL0ZC
|
||||
SUhkckh1ZzVINndGcnJCajAzUzZwS3MKCy97fJlRCEhNKWivBLLZZgw6EIk+3AVR
|
||||
GF31FXc1KiBeRwJcLUS91yh9QCr8VxapND3QlDLd/QU1iZ5Ig1xa2A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuLy9zY216TDBaTmdDcnJo
|
||||
NWR0QzRXb3NyaDdHVExsSnJ4NlFKc1lMUnh3CjM2VGpBdjNMY3RJOGVMS054Z3Ji
|
||||
elJPMzV3ZHA2anZUbmpXaDhoMnE3WjgKLS0tIFZndDQvcWhlVDM3U1piZnhOQzBu
|
||||
bGpPemtXY1Z6NXNjc29JMDNBOG5Kc2cKcavrDAWBVmzjY7kO4PFve7oP/mSkrtLN
|
||||
by6Y4jFH6ndySi5dZlPX+GeyVhlgOtV3CXIcojtVFSVSY4x6DxUARw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIMnEvS1F0bk1JdytNQko5
|
||||
aVZWMm42NENSVVNhSXZkbmdyaGYrY3RXc1VzCjNpM0poQytQakxRSzlZaHR1Y3hy
|
||||
TWdubElidlRIN0RpU2psN2E4SEtpUlEKLS0tIGxVZWUzdXh1SWdIeFF0bXRZTUMw
|
||||
K0hPamkycVRNenBwZkwvaS9TSmR2ZEEKbORtRe2a2/5JR0eJprF4dTVPNJXNfbTv
|
||||
ylzP9391GAJF+f0yDGxbrQAAwhtV0qsxDM8FPhs29sNZsWMl5MkPxQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0cktRZHlHMjFPa2x1QTJW
|
||||
Y1RPS0lVRTQ3MmhRNW1zaEhxTkFzVWtIcFVrCkRFWHpTMU15bkFib1lHWkFJMGJ1
|
||||
TStXaWN6eE9tU2RvNmNpMnQyWkdaM3MKLS0tIHhhQjBtd1FLcHlOV1Q1NG12MFlI
|
||||
T2hpS1hYWnJUaUE3ZGFzVzFza0tjSEEKhnpYBWngmgWQfn756hmclB3oeEyFye70
|
||||
Kd4PdabjMOECpMWAuFbPe/4tZW7K4Y/wqylQ+Z2oz3TkcLxrm6S+zQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByUEgvNENua0NRdlVVWEZD
|
||||
ZFpCTUpVYWJTR0Q2ZmJzVXZaUml4NkNxaTFzCkpZME1Ga0FoOVpHWmJpWHNvVEFV
|
||||
d1V2VTUrdWZORTc0UWpSSFV2OTJaeFEKLS0tIGxGMnlxWTF1aTVLdUhWVExsNklJ
|
||||
d1V6MFFobTZkVkRCay9VSnFBcVdZWkEKUOAmq6IEH1o+YAxlMgHVQCwJoBidbfF1
|
||||
OWYrY90/uq5j0ntnLjEAKnKLzoMaQf/HmyFS6mciza/EGAUBBWKedQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6RmlSZHI5byszTkducW9l
|
||||
aUk4cTY4dWhILytpb0c3SElBTnZvdTBIT3pVCkxZYUJzb09DQzNCK2QzYno1bmR4
|
||||
ajFVL3V1WkdUN3MzRGxaNHRVQUVZbTQKLS0tIGU2TWdtSXBpRTB4N0t3YzR4ZVhi
|
||||
NHc1Q0dmWXJLYlFpOXdJVS9NY0FuVHcKjdqOjcj9lO/cAjAR9IC8MHhWwsZLASEW
|
||||
dLXvW2Uq9yemF+X/lVh5FcWdZH9/GzaRVSIF7dtJquMD7QPie9tUzg==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIbGJ5aGpGWkgzYzJmR0NU
|
||||
eHduWEhlQ1cycHJIaVNLV1JpNG5tNDNTT2pjCkhqdmZtYm1PR2s3WUo3UWtzZm1U
|
||||
TS93ME9rTFJtUDJIbUgxMTRwS3o2cUUKLS0tIHFYWnNRUVJ0YXM3K2gyelNoN0F0
|
||||
a0U1QXp0Yy9RZ1lkYVY2aEIwMmsvQ1UKUciQghqwTYohsg9a951ZqXIsftaSrUGi
|
||||
BdCv5QEFLnBdayildvrL0G7vrLfCFyPjHGE8qeVxfOvz3Sli/FpXew==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHTHhDU2ZCK3EyWkdBQ3Mx
|
||||
MmZzT1B5Ukt2QkhVOVorQVdnTHI3MnRwTENrClgwWXg3cHpocDAwcGJNRnJXajY4
|
||||
b3QvcUZia1JZc0d2VUJnOC9Pamw1WTgKLS0tIE04dDEwVUREVkFpaGZPU3U0NHRL
|
||||
cG15eUk4TDJPZ2VwYUlweEVWS09yWUEKygFWuuYw7T30P83Ds6dJo6yU5UkcTGl0
|
||||
w04upLLxzCTZW141ACNS1s2ydTrs/tfFvzgmP/Hm8AoBrfBbSgVObA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiTjlaUkg2eENIakdsdzRm
|
||||
eVo3MHYvSk10a054eDUyd3Z0dG9ncWlYTTBnClVSalRuRjVhc1dNTkNNdEl6OUJv
|
||||
QVBabTN4U1VURyt5UXJPZ2pOQmtwRTQKLS0tIFQyY3pDTmpZdkoyR0xRaUpMNUxN
|
||||
dmZOT0VNNW1JOHpjVG9LNVQ1NVJVcUUKUispQJXiy+R0L2K1HbqtURYY5ExV7Abk
|
||||
5dIVkjf6kMQ2czMDh+MrD7MFdaVOgepFWHLTkkVjECJF4+l6yi66LA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1w3jtd4lecn2ng8qxantw33qxl2uasfqfjfpx45u6uweexwtxyq4spwssmh
|
||||
- recipient: age1jpeh4s553taxkyxhzlshzqjfrtvmmp5lw0hmpgn3mdnmgzku332qe082dl
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4MHl6N2pPdUMzUzV6YVY3
|
||||
TzB4UmRFc3hmSk1MQURUakZReExZMVZLd1VFCmN6MWxHVFFJcEgvdFFYZ2lsRllD
|
||||
Rkd4ZjVMdXlmYll1cXVWdS9SRXNWZ1kKLS0tIGxodVM3Q3c3K1p0UVBLa2Vpc3FP
|
||||
ZXZscmZZN0VRdlVqdnlSWkx4WHMzOHMKbixVd4tn+cmwDp0Fw2/05Q+k0VxLqeqn
|
||||
E7PSrCkdxnW5x8fJO9JUKsXeisif2AqCNOXQTuH5PXN43QWEsfKdng==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2eWh3L2dGL0ZRRHZkVGdS
|
||||
M211TlNCOVdQT1llVHY0Rmh0bmg5MFM5YmxBCk56dDBUS1Y1VTgzdU9TWnVNdVR2
|
||||
a2pWcll2KysxTlJhQy9CQU4wamNGZ1UKLS0tIDREdFJSaUdWQXp4TyswNExjR3ZW
|
||||
UUF6dU84WGFTZ0NHTW5tV1hWWkNyZ28KVr7eWZsce+ROlH/8E4NmflUXhMHG+fBa
|
||||
WWH1opJP/0nQDCzTXkoZXcsyepGetORIJT96ObBuVIcJi04wD5EIqw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-04-11T11:56:37Z"
|
||||
mac: ENC[AES256_GCM,data:9HRLNEt7he7qoSTHCi0wAHkuzLoAg0JOFbr4syvomYy5TAIH1PzVgX9AUrZCz90pUBQdHx+JDbnsfjP3EcVNwxdABHAlF6GzA1RsfVne4nRr2W9rFeQtREGPuNH8imTMitxEo2C+42tnLr4oYneawNZ2EHrBKlQRhIcxQCylQWg=,iv:kmnE66eFBI7ggNYfknktB06tVwn82y/9Y4NGrUqpAMQ=,tag:8U1IiM0ofEnRHSy6Zz6W5g==,type:str]
|
||||
lastmodified: "2024-04-15T06:36:15Z"
|
||||
mac: ENC[AES256_GCM,data:XWR5HjvPG/G/ASK3vhxdUfD91v85sHQ1kpE3lXAV/PHKADckqYl8q93RQ3Q6/AUy+/10sxLxqud6z/NCa53LiPn5fHET7F6RVsVRUSNnhsUGHX9+Vu4dy3SHEmKM0S08lisJ7rj8/BBi6sC14mlPJMIpQaQs9lRKW2GQKdMD6Ts=,iv:Ui+2dNDKR8VPkkFs6FF6u3fJwbJJqBl3AoCXhtQqrKc=,tag:XP3nYa3fArpkwkkkhddaVQ==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
|
|
|
@ -11,7 +11,8 @@ let
|
|||
group = "568"; #string
|
||||
port = 9696; #int
|
||||
cfg = config.mySystem.services.${app};
|
||||
persistentFolder = "${config.mySystem.persistentFolder}/${app}";
|
||||
appFolder = "containers/${app}";
|
||||
persistentFolder = "${config.mySystem.persistentFolder}/${appFolder}";
|
||||
in
|
||||
{
|
||||
options.mySystem.services.${app} =
|
||||
|
@ -47,7 +48,6 @@ in
|
|||
};
|
||||
environmentFiles = [ config.sops.secrets."services/${app}/env".path ];
|
||||
volumes = [
|
||||
"${persistentFolder}:/config:rw"
|
||||
"${persistentFolder}:/config:rw"
|
||||
"/etc/localtime:/etc/localtime:ro"
|
||||
];
|
||||
|
@ -83,5 +83,13 @@ in
|
|||
conditions = [ "[CONNECTED] == true" "[STATUS] == 200" "[RESPONSE_TIME] < 50" ];
|
||||
}];
|
||||
|
||||
services.restic.backups = config.lib.mySystem.mkRestic
|
||||
{
|
||||
inherit app user;
|
||||
excludePaths = [ "Backups" ];
|
||||
paths = [ appFolder ];
|
||||
inherit appFolder;
|
||||
};
|
||||
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
services:
|
||||
prowlarr:
|
||||
env: ENC[AES256_GCM,data:tosSq3uaBG3aWTf2HjIbYDwwgi4HcbRjZ+yU5udmgueraBcdgGkbzftziFOXaMJAsXQTuWl1xBRMYf7/oLKQFpS6ZsqyV8jpCOY4aDCb9g7AiNmBiqzYEoCNhorARX2o0CHDwUruU5TxSanx/ahT3GVU,iv:VY9n7WgNHyQDUfhgcjcx50w/5dJSdh94WPhnjHumCT8=,tag:JRArtemWaxiEweBS4MQpDw==,type:str]
|
||||
env: ENC[AES256_GCM,data:98zXlyIkwXpOJOlk6UQ2udfdRqD0nJXOC8eAfyaUyoPDokV4x0wcqGanYdSZ/GihqwQNBzH3phdlgQO+sgGqXF9reSLXGJ4UOd79P3iUZxTO5+ZWYTm27hDCH4JQH6z6UQfVlM9HaPRoOHfX+mSrg0NQ,iv:PjcmrgnFkxpJtAA71YBBM3PvRlMYeWJVlNvzvfJ5TwY=,tag:cPrQk6I/Bp0miTs6JiUwjg==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -10,59 +10,59 @@ sops:
|
|||
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0WVRlOGV6QVdtYXRxenN4
|
||||
dmI2LzVYNEZSdnBDWmdYbXlJcVQzdlYrQ0ZrCmRiUlZnVXdLOTZXNEV6ODdQM1p3
|
||||
dWxCL2VhdjcrSHdwT3kvbWR3cHVaSE0KLS0tIDdEbzY3TmFJSWJKSmtaZ3dzc2dL
|
||||
TG5sU29veFBObjZackhtcE5WczI5eDgKpUFMN37YWaUbpu6kuNr25CkJvI3O1CNe
|
||||
jmcJQOW5QwSbIZbmk6U3TvELBvz766RlK66heE5KGx10Li9AJBXaEA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQZjJJSERkeEdZWkdnZC95
|
||||
cVVXbVdDQitMY3NhcnAxZld3cko4d0lySVFrCmtjRWlIVlBqeGNhZ212MWxmQ0hJ
|
||||
eHdnQ2dUSmt1R1ZvamhDd1ZPWHpvTTQKLS0tIFdzeGtJWjVDRkF3R3haVGttR1FY
|
||||
VEtHLzNkRm1IZ1J6Y2VHZGRxbWlwOEEKdEMchAgVHqO/TBc5b9QDU/pdltFlp3oM
|
||||
Kqi7HkJVwfbTDk5a1SIzkdwLiGylv1d31qBDczqcJIv+V+4zbPqWng==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4SkYxd3RRcHJlTE9Sb2Ry
|
||||
VXJtVDB1RTN3ZnNPV05FQ2RCSTZPT0xUdWtzCmRaMWhsVjBFNTlZcGtpWi91RDM4
|
||||
dlZIcDl4NVFUOElPY293aUg5NE1BaVUKLS0tIDlnMGhkdXV3S1dMS1F3NDBha05K
|
||||
QStGQlgvT2JuZzk1eFQ1MEhRd2RCUWsKJ4Rbbye9WKsMfmsFSrzKp4EsCc46/CQB
|
||||
X6AqxkIi/fvwy9ZWrqDzLZn2iq4O2Zt8g6wEYaUDudxEWlR1C4JGcQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3ZS8yMDBmRjA3WGJOazBy
|
||||
SkJYdlo5emtFblZibTB4bHUyeFhvSXF0bEJVCm5nZ09aODlKU0FsbDlyaTBDSW00
|
||||
TVA3ZExUQ2RtSmtRak13SkhmM1VxTDAKLS0tIE5OU05oaCtkUjZRUFJwaEJmNjhO
|
||||
UlBQZC96S2xJMkhpUjhXRE1IaU9aNk0K3/OwLltfYQ4hmfIIMhgDLt3r+CKSpmhV
|
||||
BZZFNRdoABwVa9jaVXB+5+r58Va8OPQnUmwZKP8HLj4Wp5ZXCJcjoA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVVzFFRkExbkw2c3JqVHcy
|
||||
ZUl0azlTeC9JTkNMdGdPamVVbVZBZ2tOcHdZClpQcVdISUlEcUE1UEtrVlpISlNx
|
||||
RytnSEFua2h1Yy9rRkFxNkJldHBDNm8KLS0tIENKcE9vZHJUek5jdkUrSmVDSzlF
|
||||
M05MN2RQajhPR1oyaTM2YWRLWm1LcmsK3m970XSRhwIbMaSjd2OnH7Wm+qVkI0qA
|
||||
5HhJ0EsGCQIDVrSFCnCV85mcgUlglCnRaSu0tWL7lH/qIvzNOG1YUQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsNU10S21Vd2R3SjZCUzdr
|
||||
aUMrWEE0TjZWOVFmRW5JZEMxRHNUTlRiVW5jCkxUVENsZHcxSnRQR0d3dE9IZVA0
|
||||
OHR0T2tSOVJ0VGZqcUtHamR4UHNCRjAKLS0tIHhXRDBydlkwN1grTVRlSCs4VG9L
|
||||
ZkJycWRkcUJMd1RINVRldVBZa1RzNlEKhu9+VjthTHOFzxw0GmdG7ZFgIxlYd5qI
|
||||
6ZyU1bZbISBwBGhfqbe27Pd5HazXP+7Q22Zanxjj+EJgy5jAmxRK3A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0WFVmWXgyZGpseXVIK2FV
|
||||
bTZuSFdXTUNET290UGRDZ2d2OWZ1WGZXeFM4CnRNNHc5eWtSWnNvMHBEMnBXTll4
|
||||
NDhrL1NrNFRXR0dlYXdYWjliaVVsVkEKLS0tIE5yUVE1dFQ2bzBSYnZiNzRmNjk5
|
||||
ZmNrNjJFWDVYT0M5Nms4aFAzd3E0SUUKL5cKrLsmk9zZGCmPhlo9LTH+dZicq2GQ
|
||||
/lcvE5Zr7H9QfaAfXIjgc4g5DLvCbxq0tQxzbUdg0mtCuhIUXpTSsg==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwTXVxVXBQQjdVQmNIZkZX
|
||||
QXBKTWs0Yk5lOXlMUXVYakdBQytmK1RSVUNBCldyUVFWd3Rmd0h3N0x4MkZTOFdZ
|
||||
NVoydjdPQk4zeXJaMmc3RFF0bHhlZ28KLS0tIDdDVmIvTDhka0FxaHRGRy9JSml6
|
||||
WmZWWEZHQkNQdVhzRzRpNUdDaTVJb3MKtCN8iYEBaCCLFuJ88tKQ9Iq4ayO0P5th
|
||||
2/D+LnpOXYu2JV/LWmB+5t42gwGhW7PSK05pfhD4WR+KnFs8OA0X8g==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwbnMrS3FZUWsrOFNhU3R2
|
||||
bGtnMjVzRXpxWVRUb2NqQm9YRlJPS0hyY1hzCjc5Vk5iMXZNcFpZdWxMM21qNmI0
|
||||
UzhWSTYyZ1BuOVdjQVFBUU9BNCtrQnMKLS0tIGtFdFlObDdYSkRpUkdTaS93eGM5
|
||||
eUJldE5jRURQUmM5Ykd2eXJXbExxdDgKQUOwrK0wbhqXMTEtV4FUMZdHsXaXf8kT
|
||||
lzhAovOKimF2Q47Zr58QFnJTAk7HBGoZ4sBEAa9dfvG6jRg4B3NVkQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNaTBtUmxocEYvWGlQeVBM
|
||||
NXl3NUtkUDF6RWozVWxuK2ZNNGdPYVQzN2pRCnZobXJucVpINFhqY2o5dUNCampn
|
||||
TWxVTkpZS250TEpLbXR5YVo1bFhwSTQKLS0tIEw1eU1TMzRqQUYybXBjTStuSDM5
|
||||
MkoyV3c0T2lCa1lYcHBCQ01vVzZOajAKGT/nFwLOE0hkiI8Idvlw1qQX/D7+QaWc
|
||||
LngqAaUYv2AYT09Vi2u+hUs6RUhpCyY9VPQzO1Lo8jClHbnfw3YG/w==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1w3jtd4lecn2ng8qxantw33qxl2uasfqfjfpx45u6uweexwtxyq4spwssmh
|
||||
- recipient: age1jpeh4s553taxkyxhzlshzqjfrtvmmp5lw0hmpgn3mdnmgzku332qe082dl
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1M2FqSkpKZkZ1QW9UYXNQ
|
||||
enVIdzlldXVJZXVWdVRmMEpkWHpVOHlObURZCk9xTWh5MVl5UjJxZnplMC9lN1Qw
|
||||
cDJ3ZDBsWWN2R2xWR09NU3VFT3hueUUKLS0tIHhmMGNBWkRZNGQ1TitIbG1ZVFJF
|
||||
ZXFacDJYeUdjbUk2QjhuWVV1dEpNdk0KU+zEg4KPciFx+H8/W2ajrlLPHL+WX2fL
|
||||
q0ULbEBieZ0SrCqrnRl/XR1ZxKi5RlJJKKIIfOjEDryy6AtlEU+3SQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKbXY0by9od3dkQnNrZFBa
|
||||
YnpodTVJa2lhUk1aL3cyOWlSTkprbmZDMWdJCmtqNDNLWlhxb1FoZkh6ZHJ4cjdC
|
||||
VjRuYmh2NUxscE81MCtyaUF5bzk4eWsKLS0tIHV2L1NETzJ3NE9JVklFYUhXNk1y
|
||||
bnJSYks3QnJtZXdTdUtLN1Mxais2b1kKYEJqbgsYOqG35XbQXvgSwNLtDhsXEC5r
|
||||
k+kriZXxD4bsYfH9HcoYouP3/JMmHjmE411bF5I7lVzPH0T393g+dw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-04-11T11:56:37Z"
|
||||
mac: ENC[AES256_GCM,data:m3pQR6lC0DzLOi6ZFK9DPWfjKnROPcFXdlukUP7f/udjLhqWeZSl9HDs7d+xS+o/MdSeoV7BnMs6NcMhzXHz5//AB1pG0eNxxO0mALZKRqjEcs4ZRrnTeYb7TPOVLpGh+nDCe+RzJ81xqM2cDXC+ajZlnJpZ5XLalxGBu/vXupg=,iv:ZW2yiNKrm2TwZVqhR6vtAuc0/Dy2mPSN8z6ey8dcpJ4=,tag:DzxtOSRMUP5LDMEvJavy0w==,type:str]
|
||||
lastmodified: "2024-04-15T06:36:15Z"
|
||||
mac: ENC[AES256_GCM,data:UYgyJHY5dPoJlFocTPkTYkUC0C42NIZIiii5+EXDUx4man5CAxkohqrLaqdo4SjAZKz1oTdUnNUeerJDdbdb+X11lsfEtOilmD8/MyBA1+pQd6V7FfXCaXnkves4utiNxDiZYdr3ymm/zMrr5GQxI7cPrl98xufbYpxn8DG7jqs=,iv:eKLL0lzUi9YHGoSwQj5/qD/PlJSGxoyy2XCsxTezq0s=,tag:TZ+cLrLqCvPLyEmOS14bXQ==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
|
|
|
@ -11,7 +11,8 @@ let
|
|||
group = "568"; #string
|
||||
port = 7878; #int
|
||||
cfg = config.mySystem.services.${app};
|
||||
persistentFolder = "${config.mySystem.persistentFolder}/${app}";
|
||||
appFolder = "containers/${app}";
|
||||
persistentFolder = "${config.mySystem.persistentFolder}/${appFolder}";
|
||||
in
|
||||
{
|
||||
options.mySystem.services.${app} =
|
||||
|
@ -84,5 +85,14 @@ in
|
|||
conditions = [ "[CONNECTED] == true" "[STATUS] == 200" "[RESPONSE_TIME] < 50" ];
|
||||
}];
|
||||
|
||||
services.restic.backups = config.lib.mySystem.mkRestic
|
||||
{
|
||||
inherit app user;
|
||||
excludePaths = [ "Backups" ];
|
||||
paths = [ appFolder ];
|
||||
inherit appFolder;
|
||||
};
|
||||
|
||||
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
services:
|
||||
radarr:
|
||||
env: ENC[AES256_GCM,data:xNR1zU9Il+jeL2uuKtiMxQV3IHDZ6uAAOnP8/odiQIlysPpcKMrP23z6iKSeUgLha+WtYYk61FmtR9gr5QcLl6WK1EWcyVfiw7ndbZgczWUr1irGCNAGGbKcyqoohUFg9aPcOUBz4MQOpdPK9gc4Uk2QAAB63HxcZxfLDQCHc9M/U6Tm8Mu81x0DtFa6gzAGeAPjeydofrY8/ZnMIkAIVxuCKOw9N6pFSCeF6YS4YsGGC0pcXSyRelnF30SuJewLm1NmE6ub0e7+FW+0Y5nO,iv:XzoK7NaQjmi/8smaJTyWLAoUENVG4DRkYL12Bb09AT8=,tag:jFAHyoSjrp1CBSG0SDlADA==,type:str]
|
||||
env: ENC[AES256_GCM,data:m2JW9nylMHJTMHCJgdPIDhCDdx2u9f1kpK7dhFQLdvchS3PHZt2rT3Z9quxRpbxsnA4eaxi9regl62BlBaPCIyoFzMtUdorHfdu+LCkkzDZ/Sa4giyzjQd6XBB+Mme+RMGT6GqKWCGMB6mSxcKdeZ75TmNBtY1psLjko5zntgK4X57+99ThQ5kozYWkmxSuASYA7yH9nr+ds/3ZCGyzYrpJ9Lo+FTrrccZUpJoOU+2NjnvWy2bobDXaPwY60DGpuktP4ZnINiUWVXt1W/ePK,iv:wRxtvBSEW9Mt+pr9Vm+3Bng2gYsTYJ013OCNGbSC0WI=,tag:Q97JtwOFV1zJE93UMMChnQ==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -10,59 +10,59 @@ sops:
|
|||
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzSkhzTTg5MTgxMS9pbm1q
|
||||
cTdERTJwU281YXF0N0NQNmIwMWw3T05ZMHpnCmttbmcwdjEzNVVXZGN3WXNwcll2
|
||||
bUxmRlhIbnJ4aDNFM3Y0ekVReFNuTWcKLS0tIEdCSDI4MzY2b3d0M055d2lMN0kw
|
||||
NzEwbkJTd0d1WWxvUHFNUTNiMVVhSDQKvq54ESh7DU/VGOu4Oe9D1esq+mbVOeKy
|
||||
7xcX7vU4cI1dqMBRciigwfV/45Aq/fhcZWDY+gv77claD18BgjXZjw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIb1dPSlEzYVplNTlJVC9K
|
||||
RnRJbC9NdkdlUGQrWU5jT3dDV1o5WUVKclNrClBBU1V3ZjNxKzdmYlBxSFJSYUwy
|
||||
OVRYSkw3a2dUU1VZMGxzczFnZm1MaHcKLS0tIFp3ZE1UWlNocmk3MGYxOE80NW1h
|
||||
Y3Z6WVNuQ0k0NGNnaHp1K25Jakd0NzAK5Pqg0fy+VcFkw2vabhx6I5qBuCDM8Ws1
|
||||
z26fKKzz08w2HdMuyhewsopEDeDtpHutrZ0OFbrxLEGlMyf9UnLxsg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsamdmNnpaTjdUdklxNlhm
|
||||
U3BEVVJJZWxlQ0hUQlAxVmV6MnNUaWpaTVhVCk5PL24vcUsxeVM2aGtxZ3JlN2VN
|
||||
STF5VW5aeTRrbHFGNDFXeGE5akx6LzAKLS0tIGRzbXVvTUs5ak0zd0Ewd2JYM21u
|
||||
cjFRTjFVNzFyZzI1Ti9kK1E1U01zcTQK7a5HVOPOQ6dEjjc6fLIiR0gPBQp2sl65
|
||||
bZnjLPl4OW1C1vQisk2c+jw8setNdtHZ1cNEX/Tpp5jMRvG6wfFdDQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0TUpYWXlVZjdkOHpLM21y
|
||||
a0FYR2FtMDUrN3RJaGhnMnRQOGtVNWRyc1JNCjZLdTk5UXppM09iNWg0VVRUL0FQ
|
||||
MXhiNUUxUDU4ZkV1L1BtR0ExL0xQdzgKLS0tIGdqZHdxYTd5MU9BanN0MjBjUGhs
|
||||
MTdiUjhqWllKTzhIQkhUME9FdVVTSjgKYi/+umfok2OFHjwirp7ANhfPxPpkmxbs
|
||||
QgtZLs8ImWxStbc6V1/iq2kgRZMBqzynVLqejTO/SOUyFG+amgeBPg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTU0JWZlV0WnptcWk0V2tW
|
||||
RGp4NXU0TlVrcThnY1ovcnFCT0tFYk5qWVI4CmxPWVdNd2pjNndKQzlpVjdzRndU
|
||||
VC9GRFkxK1dZakc4VWJTK3dhNFI1dWsKLS0tIEVKQkxmK3BCcVlCTExxaytWc3p4
|
||||
ZWJWaWlQUE5panE2UExRdk5VTXFLVTQK7b+YCdLJfBuDGjdTT3+jBrt/UtLgqopl
|
||||
Eyu8qA1vcANG/nHyWNIsv9ogXXPns5tx/EjHoDWFtmK+xYb35elahQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2c1lYZjY1d09rSUo4MEJH
|
||||
VkRkRFpkaktZS3M3dTlQb0E0MGtDeXNEZm1jClpPWGd5YTFwMnhSZ2VhSnBqZGV5
|
||||
UXFHeFY0czN5QUdMa3J6ckdFUEdvUkEKLS0tIGFIU2o4S3V2K0tpZXZETW5TQjQz
|
||||
dCtNVmsrUnBlSDhyendNOXV4bkQ2SmMKvVIv5IPoNVVS2BoJ5SnQ0tQcIxIuu35d
|
||||
knE5yHkNnwUWcIuMAqPempkqcQRomBKnEPcQFnt6mAeJ0cAWqtcShg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYT2ljZ0l4ZXNKQnNvcExW
|
||||
dWxnaURiTWx4Ykt6M0VueVRLREh0NEkrR3k4ClYxR3F3a3hDazV6ZWpYZ3lZUmJY
|
||||
OFZBeFc0YXBvWUU4TVBPWjR3WDM4NTgKLS0tIFJUTzNmZXBPbFhZZG10cWNQK2pW
|
||||
ZVBpZmFMeGswNUVOa1k1WVdmeFdrVW8KXjm74fFrEhWTP81MVpGxT8DOPGdfldFV
|
||||
6AmRLlon/j4LFfhHEa+mMQyRBQ4Yf3ddA1ZGkMENpmYaZANEMK27VQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkNDkyQmRrZHYyVm1wNDFH
|
||||
NmFaZXV4enNsS1RqQ0xnbVZPREF6cjdNdVdvCk5Nc3JrRklncTBIT2h1eGdrQnlK
|
||||
ZFpaMlc0ZWJtQWFYSXVubzQ0MkFZdEEKLS0tIE1MS0Z1TnBpWDN5V0FydFZidi9G
|
||||
T3o2UkxtckIzL0EwNHZjNGtGejRHdDQK/fGgZJNiuDrJjQJ4AgQ0NZ1xtfiMqDjo
|
||||
Ip1tNE54juYI6BB+JxRcN38fsT5dbtrzf9iYCREDg83sLA3lyJsZsw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtMzViTnhNSVpuNGRQUmZI
|
||||
ZmVicEIzb3VEYU12K1JFWC9lTlh2NzEyVUZjCk9qQUFmSm5od1pKQ1hOMEZ1dzV5
|
||||
U1BxcDB2RjFndTBKV1BxWWRqbHZYVjAKLS0tIE0rMDJuMWFzQzRUL3Q5aHB3WDI4
|
||||
b1JJOFNxYVBPdHc5Q0FvYTBYdG1pQ2MKClJdJIeOlCsZbV5crlNWb0ibIRo4jgb1
|
||||
x2qfjH4kcyyxueYaYQmVAsJwus+mF5DphQH6GLyEBWhecWU7hd13+A==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5VElqNEJYSFo1a1k0aUlt
|
||||
Znc1TnVZa2JTdDhlTmtOeGRBKzlPckdITVJrCkwyRUhwSkZsMzlmK3RwUlUwcFZa
|
||||
cjcvTGd0K29KaVNMNFJUenh5OVBoL3cKLS0tIFlvb281dmpHQyt2dVM2OW52dVVP
|
||||
SjU3bkwxQWZ3UVRvenllbFJDUkNWQlUKmucLPz3oNUNXceZqDvxY1bj0/tctf9Lh
|
||||
yjMu1Cgeq7W5EPHyiT3IUXEc6utx6P+AtBIrtz1zSAVt8tiJP9JpJg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1w3jtd4lecn2ng8qxantw33qxl2uasfqfjfpx45u6uweexwtxyq4spwssmh
|
||||
- recipient: age1jpeh4s553taxkyxhzlshzqjfrtvmmp5lw0hmpgn3mdnmgzku332qe082dl
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1Z2ttbFphWEJOZGlXbTAx
|
||||
ejAvSW5RQ0ZtZnY2R3hZcFQ1dEpZVjlabFZrCnVCZzMzSlpJcmhLVUNaRXdZUDRq
|
||||
OEhqbkRxT1lvN3l3K0VuZ01aeEZBTGsKLS0tIEszd0ZjbGxJc3BJYVdIeDVCSnFC
|
||||
S1lZN3NiQlZYclVQeHBheFpnS0dHNlkKnm38ebqxyazFs2f3R+Z9JxBDi05fMmgL
|
||||
7zt4SrK5puEz6Tps+Uzxc3tIw72s3IKjiolJ5NTLggVDxJC5RTHK6w==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSU2pKYjdjMGQ4MGIwYW9S
|
||||
RTZQZzVFMVZXUlNVeUF3b0tyWDNDd3FWUlg0Cm80VVA1bEJoYURyTkx5QXJhWmZV
|
||||
TWRlbktpZHNHaVBnRVRMcGtOOXpIaTgKLS0tIGFjZzlPSGFIdzRTL3VxblpDeU53
|
||||
NHJhbjFLUStTY2JtNnNWOGNiU2hia28Kd2NSudZf8zK6Mp/Ex03vynqwCRB/9oNb
|
||||
1vdM4crUH41v9MooO2B3RfqO91TCqlH5abVSqwwJBEfP33Y7jX2y8Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-04-11T11:56:37Z"
|
||||
mac: ENC[AES256_GCM,data:eBU8ATyScttrDfc8M17qCGrNVNxpfnW+u2f3JTiuKl79+KgVLF958K7BUiYGZ3J+BrmWHsV8YeAso6hjHS/3JLJJyRGlMeQ+ywJxglnj87TKVitqRMk0Kx+BVE24SjGxJ97/IsDUhBmLVxphv49aeiaHtPAPQ97+OfFKwFOaHwQ=,iv:0KvN1Xc25QQd9/v7apuM22Dyr5VRCwiP7eRTPi6Jrcs=,tag:lyiiNPo/Y9+RWiBzV3RmMg==,type:str]
|
||||
lastmodified: "2024-04-15T06:36:15Z"
|
||||
mac: ENC[AES256_GCM,data:g8XzK09/2IOwMK8h8Dh0trroyeSPXmTuPa+e4CQmHtnjYjwcX0/Pn88BS24vo2WV384ASu2OcCFBtqPfmyTQZKmnq2q6J+wZ0TkKzY8bOOhoOY7Gz3x8RFAeolw9+FGwPNj24fVl5HnxjR/+df4WrzAb8W0HmBR3B1nWJWQhm7E=,iv:ubXMRgIqgP3kOjWpf/OzhdUBTLd9lc2R0B/UmW0Gq2s=,tag:tCGq+2xdWbA0YnJG/rkT9g==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
|
|
|
@ -11,7 +11,8 @@ let
|
|||
group = "568"; #string
|
||||
port = 8787; #int
|
||||
cfg = config.mySystem.services.${app};
|
||||
persistentFolder = "${config.mySystem.persistentFolder}/${app}";
|
||||
appFolder = "containers/${app}";
|
||||
persistentFolder = "${config.mySystem.persistentFolder}/${appFolder}";
|
||||
in
|
||||
{
|
||||
options.mySystem.services.${app} =
|
||||
|
@ -83,5 +84,13 @@ in
|
|||
conditions = [ "[CONNECTED] == true" "[STATUS] == 200" "[RESPONSE_TIME] < 50" ];
|
||||
}];
|
||||
|
||||
services.restic.backups = config.lib.mySystem.mkRestic
|
||||
{
|
||||
inherit app user;
|
||||
excludePaths = [ "Backups" ];
|
||||
paths = [ appFolder ];
|
||||
inherit appFolder;
|
||||
};
|
||||
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
services:
|
||||
readarr:
|
||||
env: ENC[AES256_GCM,data:YrtC84SDPVC/pWrKeg1kmA5T3QKOqxt+y9x0rnYC0pErta9v8xGU+pgC1jVZfqh4Dp81tRohhmQBMC9KZz4bmmn/5YsAHAB8Y4xJSwm/kZ3LNjVRuZ+PmvEh2ggfwvs2nFDRbMx/TLETbSZ9t6NGtg==,iv:ZwvHaREcEkFSXyL+VBDFFKgZZwg7+utMs8qZex7pzHU=,tag:+3GdLnxxo63XxvMQ3UwK+A==,type:str]
|
||||
env: ENC[AES256_GCM,data:2S5NsdywH+nAEAghKp6AsTw6FDpxk2gC9lW6KK1OQXqMID7ERW8LlyCRuIBMFQSXllSNSKHb7Q8QM8rZDv9KNshnIXZjuI3iuecNOmDh3fkF6psUnWhO3vxiK/ssyZfAiQQCKxrGb/8U0eZkXSZYTg==,iv:I4aTJ4lGeht6d/j3lDpMA1RddjbqXxxjfX03pJaTQ9s=,tag:XayNGtD7rxeXI33Q+rOQBQ==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -10,59 +10,59 @@ sops:
|
|||
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTd1pGYXZCeG9RTm9pTmhC
|
||||
dVc4MHYvZE9leHF3L1JwS3ZwVXRaY1VZOEE4CmVVeW04TWRNVXFFbmNFMkZvMEEv
|
||||
ZUdLUmZjSXppeG9zT2xjWGlMVTVISlkKLS0tIDh3YXk2MzQyMnozbkdXQmx0NmpZ
|
||||
ZTlicGQ3WlhkTk81dHlhUUhNNGl2bEUKziPthUL3m69WSsKwAblDeQff3kyoUOp6
|
||||
3e8h1C/+rAx7LZIlQaMvBKFy2IiAb2bb47tb7L3k3BLx38FP2g7a2g==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGNEdEeXpIZWFUdEpHc3JJ
|
||||
QW4vYkFocTdHaGt2T2czTWdUVXQvUllKQXg0CmZtYitxQkJ6ZVRZS0tVRktiRVJ1
|
||||
Q0lEZmpIQ1JqSEhRNnRzVjdnY1NxbU0KLS0tIHVCSllmTDlKdnZvdlVtdnRNVVVE
|
||||
REJkb0kyNUhoZFlCbmJScExLTjhOK28KiRaZJRnHkMiX/3m3gvLq7it02sGP2ToF
|
||||
6p1dKNXRbDNplTbU3juOGbX1rpqyWD/St1L3EsZCSGomAa8tixM29g==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiZUoyeTFycXZuZTJnblJY
|
||||
cDNxUk5YWWVMRHlHUXZPYmdVUmNvS0tadlN3CmlFbjNuU2t3OENySmNqenlLSnlD
|
||||
ZnRNZnJnN052eHJUNzYwbG5SWTZTWU0KLS0tIFd2bk54RWV4TzVheXRyekpreElR
|
||||
YmVoVVM1T1Zwb0hOVzVpemwvOTY2WE0KjfJ8ertgqaFEEN6lgWNOVTv2UdL2/+uD
|
||||
5W68LANkIHbVNuY6IFE6HEeBUww7BfshW/D3NjJ9/GHMdVyO0MFs3A==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXWjkwcFBUOWtTRUtWMVdj
|
||||
Smc1K0RidTM2UGJUcFlrSzkxcHFydVVjSGhzCmQ3Szh0bFcydDJtRHU5N1RIUUxk
|
||||
aVpRYXpKaUpMd2tVZ0hpRlRxKy9uWjAKLS0tIFkwaGJibzFnQ1kyTzA1UUtsNnVn
|
||||
emJlK3hRcTlzd2MyZVF1Q3gzdEJ5OFEKuykXtBmmPoGCg9mN+LjQH+NNBybxVA06
|
||||
knurupbZSa0Ha4aKqtqt0vK/5PeEchVx8AddN0PwRKdKT1djUXJgzQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0dTFNSUVQRmpaL1FrSFkr
|
||||
cXQzRFAvcUNsSUIyT2piZHJyR25hMTYwQ3hnCjdFbjFvNlBFSkVzMXdJd2U5ZE1s
|
||||
U2srMktJSnVVQjVDZnpFYUtKL2QwR3MKLS0tIEd5eUlJbnB6NmJvcXh2ODY5cGhk
|
||||
VlBldU5pRXdiK0NwYWtPOThOYllyQmsK/onUlwfcxSA1uj7UeO0Al5SDrOnlnY+q
|
||||
A/8BRBjvc4NZbmQRqQFL1jAbnjWGKkr8nga68+Po41o5HGK7bQLjLA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5b2k5aDJQUVduWWQxbDgv
|
||||
VFlBZHlwcGlBYWtxQUQvYnJ1dGlpMVdpbmcwCm1EajJYY2pKTGlMWit5NGNSZTdn
|
||||
QWFkMFFXYmQ1ZDBqaUlEdTlKeEdETDAKLS0tIGlieEUxem1uUk16eGRWdGNPUjdL
|
||||
YzQzd0xHWjFYZ1Nob3JaZit2azIyaTQKDUVGD5YuNMJFjvYv7vnI6fDrqoYCbR1L
|
||||
14Eqrh7mpA/GKUh7JepVZBshaGtbWe+QzBvrV3d2l8gd4PouRUH+9w==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2d3V1RUVjNTRzUm1scTAx
|
||||
aE81TUtFZkJxK1kvelY5UzFDdm4yY3RDNVRJCmNnZmpyWkNMZXNUNlZNenFtVzAz
|
||||
b0tSVnBmMEhzQ1ZCeVFlZE45aFpsVHcKLS0tIDBLYXBrblpwUDZHdXBkU05WeUM0
|
||||
S0R5dWM1Z21vVDdYZTVPdzZybGdKNDQKKMGfvicyhJLtRljF8+2aN7B05lOQdVue
|
||||
9fbkdQqmyjlDBzgcpXlWYEiFXAGQw47QursiRgi5IWNrPIYUsNUGVg==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzRm9UUktLSGhxN0NqK0Ru
|
||||
aE9JS3N3Smd6NWhGdWZ1eXlmWTJiUDlqcXlzCnhnTUVseDNWcWg1M0twdjcvVmJ4
|
||||
RmNBWmdneFpwVFFScDFHSHJXV1VrRncKLS0tIFd0eUhJWVVkZ1pPRC9HTlhSdnV0
|
||||
Y2VPSElSY1B1K1dHUEF0WEtNK25CWEEKGVdXV7E/O/Hf0nqWGkGvsOYIenKQlpuu
|
||||
Szi5QozDnAzUxuvGi/PASYghbDPRi74yTCwPPVyZAaHWIN4HZuyJxA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnazdub1l5SHZrakNJem1Y
|
||||
R2Y4dUdLYUNYekZUaTF6UGp0NThSRStRdEM0CmtZajZkaURXSXdwQ0xyYVBxMGox
|
||||
Wm8reDU0SklpQVlwN0FVUWphUU41Rm8KLS0tIEFvem1QckhSLzdZUzFYU1lkeU52
|
||||
bHEvamFnRm1hQzhWVzc2NlpMdDZjamsKHw2l5wMqtMHgOlDa40+3RWMrFrC1I23i
|
||||
rXFmm5x6BR1xfHFfor5rJK2CrIEhgWoRLSqcj4CN2lv1CQ9Q3CZchw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiRmFKS1d5Z0RQRHdZVE1i
|
||||
T1dYVC9pS05Lb0MweFJtNlBLZGhyVnF4MjBjCnZWUFA5b1hueG1hUGtHUlVXUUhj
|
||||
VWxGdXdjSHhHajFEN2lPaHRnRWxnRmMKLS0tIGs1MG8xRWxXdXBDNHV6b3dXcVQz
|
||||
Nk13K3hiemcwYnBHMmQxTS9WZUhVNmcKrYVQyAtuaHdkK3xNqwRFxtkWFnKo8KuA
|
||||
QZA55CVYBkM15cLRm9QqIsWBMuJ6zhhsOsuF2S4H963X3ZFzWokuBQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1w3jtd4lecn2ng8qxantw33qxl2uasfqfjfpx45u6uweexwtxyq4spwssmh
|
||||
- recipient: age1jpeh4s553taxkyxhzlshzqjfrtvmmp5lw0hmpgn3mdnmgzku332qe082dl
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzMWZDOTdvY3ZtVWIxYXEw
|
||||
YlFwcjA2ay9ySDRuRmFuOURUQ2lOUlA5SGhRClZhY3FCZENHWkFNeDBIeEw1M21N
|
||||
QS9OcmhSVzhTZmdvZG83aWZqRkZUQXMKLS0tIE04elFzaWlTYlBBNDJIcXg4b2hy
|
||||
UENsWnZLZXZwUlZkOElHazM0aHJvNHMKtc3HGsZ6jmAZEapTWNGCfUmSpjpH7bIl
|
||||
dClmX+63ZVOL++SrUMRh9gZJF4utXzFbwgJsh8WrVpbg1SNplA+tKA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkTWZuUlNQRDIvZDhIM2lp
|
||||
RE41TVFucWRORmVCbmFVaDEyWmFDZUZkTGhNClBHeW9ZS0RhaklzWGZwNUtoejc4
|
||||
bmZPSk1tcFRvamxqQ2xkc1pRSTFJS1UKLS0tIEkvcHVIMzg5d1ZVZ3JkcktSMGdz
|
||||
bGVQdHNlS29jaFZ2OUo1Tkg3Z0RGM2MK6eCZ4J9XK/9Y5IO1pkgcaczI1Rp4ahA6
|
||||
xqU29l0Mprpkc5cahylNET3+zXm6mHdd7kPCfxgR8SOFfywfC+XOPQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-04-11T11:56:37Z"
|
||||
mac: ENC[AES256_GCM,data:etgC8IZtH6YGGhbDoGK3tKjbrtIyu9mYwXRMDygCVK0uJfrktW8I7OJwKa2PAHLDzG6ffIQRJdgDNFIgVobK5hFx2MgY1mR4dwopmClovBD6H2OvXT8IdzVjAUW5xJY7rk9L9tmeackKp+sWnAxlfVtZ8rWl+i5vBYxm08UrHv4=,iv:ITUc8sDSyP/uYUSyC+B4pEjlxJ7gheTk2Wk7ibmuIyw=,tag:khG/fPxlCl/ru68iBAZntA==,type:str]
|
||||
lastmodified: "2024-04-15T06:36:15Z"
|
||||
mac: ENC[AES256_GCM,data:/aLPFReAY8RhctcbZyH+AJ5JCWS8p4Rqy2b4lC+Y2pd/fRDd4NFlO/KkzCcW0olxRcVsO5VDnycrgu7USLdJ14MxB7/sH1ZlGfeFxDnLW/PL+gA6y6FnKPJ1f/MtfuM8ZKajvLpcEQL81riAlimmhYbhD5XyM4zCGfNPhKIwwEM=,iv:I72VZN/3aPXEiq+xSUoV658a0gvlBQ3/nxBklSUxz34=,tag:pleR0yUN6HZrqxxZqP+Fpw==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
|
|
|
@ -11,7 +11,8 @@ let
|
|||
group = "568"; #string
|
||||
port = 8989; #int
|
||||
cfg = config.mySystem.services.${app};
|
||||
persistentFolder = "${config.mySystem.persistentFolder}/${app}";
|
||||
appFolder = "containers/${app}";
|
||||
persistentFolder = "${config.mySystem.persistentFolder}/${appFolder}";
|
||||
containerPersistentFolder = "/config";
|
||||
in
|
||||
{
|
||||
|
@ -50,7 +51,7 @@ in
|
|||
};
|
||||
environmentFiles = [ config.sops.secrets."services/${app}/env".path ];
|
||||
volumes = [
|
||||
"${persistentFolder}:${containerPersistentFolder}:rw"
|
||||
"${persistentFolder}:/config:rw"
|
||||
"${config.mySystem.nasFolder}/natflix:/media:rw"
|
||||
"/etc/localtime:/etc/localtime:ro"
|
||||
];
|
||||
|
@ -86,5 +87,14 @@ in
|
|||
conditions = [ "[CONNECTED] == true" "[STATUS] == 200" "[RESPONSE_TIME] < 50" ];
|
||||
}];
|
||||
|
||||
services.restic.backups = config.lib.mySystem.mkRestic
|
||||
{
|
||||
inherit app user;
|
||||
excludePaths = [ "Backups" ];
|
||||
paths = [ appFolder ];
|
||||
inherit appFolder;
|
||||
};
|
||||
|
||||
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
services:
|
||||
sonarr:
|
||||
env: ENC[AES256_GCM,data:oMGIe0t1e23S1W/7XbarR/fb53VB9AnUFHOl/RVy6tQxLanVgnvupexvWzwgCAHV5RTvbqm4leOw/ho/PUoCsh9HKgTNgzZnsDctoaXxnZ/r+z2uzl4VNWhpPW6WIBMHA2tkK+93972hNWrxhttmNAC/iIn7dymByWrqCIFt6BE4uQwDmetb4pgwlbPDkF/qfrZlcrAESQhJht73jk1TuRCP1oTnZFCY8O1mqiwVbdt43d/wXG+lQ0TmrPQ5LafNbnx2meL6BZbwZzMDPYEP,iv:e8+AfvHozU8V0yu0nD9foriv3ButNPuKUWJ6m2L322o=,tag:ElYdWzj5VLgWZyeLpjXGLg==,type:str]
|
||||
env: ENC[AES256_GCM,data:svh3G89gV3hrWwJAWRZqf3s5dgw+m8tZRl8fJ+uWax1l2kUphmkrOCA/u0gXxw+wQGxdnUTHZj+DBCOmbtVkOavc15/xuBIlTro0H/WVolIfag+k4fYjIU0fDtEtzUnrRTtUd/lznwT16RndCxaz0iJY8/GhiahHoN+sa3T8mZZKyHNfWoXkhIK+KfaJ1OIqMvPxIK21urAE1CkHVx+q1WLu05dCj4xCrIcA2ZpqiByrKdpGPe5gleU3F5i22jKudTwUzzTF0glY3RHUCSKK,iv:1U8RH6ML5yzH85fui4URONvUyWfbiLFHUZzkUK7EUkA=,tag:JEpZ8BEI5BZuDdS5ou85Jg==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -10,59 +10,59 @@ sops:
|
|||
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvWTFZWFNZTWRxMm5qRmRk
|
||||
MXNmSEJnZEZSWHpBTjk5ZU1Ld3pQUGNFVGhBCk9PMWdlbm1adGE5UXo0NERqT2c3
|
||||
V0ZpN2FIYzBkSEVXQ2lyUitoUkphczAKLS0tIDBsTXFBMDY5YldLLy9iaTFvbVFD
|
||||
MU02RVF2dXRFcElhM3JVeFJKK2tTTWcKb2WurFhZ0ANk+iyyMVjk26Ldo25cO2cH
|
||||
DMfkmK5NEy7iKrZZdNYQR8gBkO1GgQfI1Wm4JPaLc0vIBT9CXVDlLg==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2ZVRYb2hIUFA4RkdMNmpk
|
||||
U0xuNTFsaUJJc2tvT05SRk9rNE1IRUpEWGx3CnJaRUs5Ulk3QTFSRjBqR1RwVkll
|
||||
ckwrRjA2U2pza0VFbmhFK2hOZTFVWlEKLS0tIHpxaWlPTzQ1Uy8yVnNtMFlBbHFR
|
||||
Y3M0SlRuLzRnK0RtQXVLVHR3NVhGSGcKaaEbOqwxniCNGimCBi4N/BMEon0RuOBA
|
||||
DOzpGCUAZubMGHodianqI9pkCof2glbuwQ/g1+W5JHGmtDWzHGmXsQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBRitPYkxWOHJ1WkFRbndv
|
||||
NklNS0JZaXJEQ2ZkOG9SUzlySFR3ZFVvWUZVCnFXY1czNURBY3hINllEWVJpNXA2
|
||||
RHp0VlYzN2ZlMkNnMmhPOXlPNCtpQ1kKLS0tIGg5cU5Nc2k2bEtOSmx1NmhJWVVD
|
||||
dmtjSWxjN0xRYWtNbzhUQ0FNaFVpTFEKM9wSMsEYgJErzO79L6YOXfZpGnd57Xcy
|
||||
jxrwzFhZ9AVVtPjGmyozYWY3uGlMzJtxDCNNRV7BbK4m+AsjtYJ9fQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiVmdSeUJ6Q3dDclRDZXk5
|
||||
L283SFF1Tk1aRkg4Y2dVUXRlYlFlVldDamtvCjB3U2tGdmlOV2lBWEUreWdROXQ4
|
||||
Mis4NWxRTHpOMkNhQ1B3ZzU1eG8yaGMKLS0tIFRyYnA5UjdxZlppUG5pSHFrck1i
|
||||
aS81QTMwc3h1MGYrV3NBY3lGd1JnUW8KMxUqu+mNFXvj3eOuQtiMZdttzQbXhLD5
|
||||
z4dUPriAfjVQRAgJTKyOR75IZNmle+XfK9g7JcDVCYX2D0tPHSOwSw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlaldmZW0zQkZkNG1sTzFp
|
||||
UTRUMEtwRCsxdGZFbmdiUWdVVjNsd2F0WUJJCjFRNnBVcU1GWTQ2NGFheHkvZytC
|
||||
TkgwVm4rWlN1NklIeS9YTGh1dXNQVnMKLS0tIGZ2UlNXWUM5cnVLaWxDNXdzSE1P
|
||||
TTVEanZuVyt6SkE2RWRQOEprbi9mVk0Kjrh4oB+EfFVDx4CW3h3be61X+RNDrZ8O
|
||||
IDNFRznHaYUM757C16GMLx3We/pAinPvDlZd1eDBj8kpHGGMjIU+Ew==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkYXVYUmZXNFpUQVY5bm1U
|
||||
bW4zcmhlKzU2V1RjamVyRnFlL0tPemtjOXpZCmVLWm01UmdVYzg4VnVKbEhteXkw
|
||||
Mk0zZytWYitnMWZKMmIzcGtPcFFyWUEKLS0tIExFZFFnWUdDNEIyWGViZGpaQ2pB
|
||||
d1dYWXpoTzNHRW1YZDZUT2t4Sm90bHcKVcGR4gyNz1He2hDMGOVVZS1+JMxZ7cUo
|
||||
9M7I6T/FkYfquK3HddV9alToppT0rl6BTwLN0z2uvVyHt/n5elh/6Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXQ29URGpEUHRJb1NzbitL
|
||||
MGFFUFJLQjhxQWtoMXRIRnlkZUpmRkhERnhrCjFqNnRwc3VoZEIxZlh0UG1UaDI2
|
||||
M0pFSzdLcmI1MU5NcVpRdEx0c01kaTAKLS0tIGZSRXdDZUtNRXhjbHJtSTNJRkxh
|
||||
SGJOR0E5N3NkZFhuMkd5L05veUx5Ym8KEVUDZCs151SwCfDC7b9vb/xK++/TftWK
|
||||
9FdCeNNEMEpTOuX8Z2Osmh003aoMpCk61VOYPBVUMrf43oSQFSb+mA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsNkRqSjgrMUk4NzZ4R1Vm
|
||||
N2d6VjhGVThoVEEvSkJWOXJlbVl0eFJ4OEE0CkNETzJSVVYrd3NPcnRVUVl1TnA3
|
||||
SnAxTi95d2EzZ3k1RUZ6WGRyQ252SzgKLS0tIHFZdFpYbGpNMlBSN1doY2RvOGtk
|
||||
bDVhWGdOMmdaSUVmNWYwWXBMSGlWL0UKIjcUoqSJnEhsR9uE3ny2dUyxrdkELXou
|
||||
Dn14l36OqUYpvVkY6hR9yMIwEX9iK/4jmkSVinTMhEzIzPOft0Lhvg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4YW83VGI5WXNhOGg4S0hF
|
||||
eGk4c0o1R1ZEc2dwcjJqNFdQVEFQN2JGNmxjCmJQUkRFcmY0cWVLV3R5NzBKaGlJ
|
||||
b2Z5QW5RSXlpR0g1M2gzYk80THQwSm8KLS0tIEtHc0VFTWVKSlVWV2xTLytVNWlo
|
||||
blBoaFdETkw5T2R0S1RQN2RFZmgyK2MKz7PDVFyumWboD3OgPQgmPSR9dk4xQi3V
|
||||
ivvJsiV6eb0rv2T9kp3Zs3Zfbj4G4o/GhBrTNka7SkqsNPV2h3c7Kw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuaHcxSHlUWWxLMkpXOFIr
|
||||
bGZxME8yK3o0c3hQUnpieVd5dkN6eFJrYlZRCnJKY0VwaHpUSWFXa0MrQkZBQjgv
|
||||
bGYvbTUzeFhaL2VRL0lZRUU2NldwTE0KLS0tIDRpbUFVUWU4U3JXNzlzUVhxSG5i
|
||||
S21ZeWpiRlpGMDRSak1ucnlpNWNwcVEKb9d0wzgtD50XCg0BGivMBcKysgXL8kn0
|
||||
VtqWRLxVDtCBRMSJzzPx/9QqPsguaWrd7VaLO5nqqlyLq8VsX8uPnQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1w3jtd4lecn2ng8qxantw33qxl2uasfqfjfpx45u6uweexwtxyq4spwssmh
|
||||
- recipient: age1jpeh4s553taxkyxhzlshzqjfrtvmmp5lw0hmpgn3mdnmgzku332qe082dl
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMMGxWR1Z3MmQrZWQ4aVlJ
|
||||
QmVtZkwzbXRxckVDRnN4TGd6em51MXRzYmlRCkx6OVczMTBwZklXSkhxbFdHR1Bs
|
||||
OVFlMTB3REY3N3pEU0FqTSt1TUp3U1kKLS0tIFFiK2dxSVd1OHVqcEdWMDNIUGZm
|
||||
dDlCa1Z0Sm1Yeko0Qm00R012NzdobVEKOwMKLmb5khE1oh+Gr22UxeGrV7nDWSrC
|
||||
7WJy9NFYrfZpRveRAoIDJoZsQjsGE41J5e7oRguocmmz6K1oLazxwQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtWlF4RVRCTXJRTFdscVAy
|
||||
SlRscnN1UllGYTFEeXdTQzQvR05wQlNESVJ3ClF3NzVWdmdMQ2d0a1c2Q01iUmlR
|
||||
R0tSWVV3Wjd6UVdINXhKMkU4QWh4YWsKLS0tIHpUeW9DMzhtVjczOXR5aXgzUlB3
|
||||
eVU3ZUJVazB5N0VVckhndzdhVEROVkkK9Ue4O286MnHWbqlTulIDAHymyQVXfeAU
|
||||
trSdNjqs7LZniHDY4MsVSZuR48r6kkfxrfCtjNXD/PKd8sGeihHCfw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-04-11T11:56:37Z"
|
||||
mac: ENC[AES256_GCM,data:qUGaCVWO8S6XHkm/bnwi7ICZsVdKyLHV2HF0BmuBci0qaINuP6316TB81Fsi362acXnd1kAQLWtpT6OVg4/sTQw7gXO6K6Hu4VhtpDf56MrTqvfkzbro3en24mrEtGqaPm4AE90TjbWQcgo1TVfPOuxmYBKvlEsBWB+GRwGWweI=,iv:Exqcdd0HhLG3Rb2+Wz5qhafPnJbjRPJBwTGd+iyGUag=,tag:aQzhUOz+XUIV5BYuxHViPw==,type:str]
|
||||
lastmodified: "2024-04-15T06:36:15Z"
|
||||
mac: ENC[AES256_GCM,data:P/8MV9dsLpg/ygzluIKwi+zBTjCRXQBuQA7R7I0qcClKIVHLTjJzI+C5YCHG4NcemT/Z+nKMsUHFqRlgxh0qBH+ZnDmjQS9qwKa8a32YDxJRcCAgbpO3xp62/ogbSKSrqx4O/qXQiKUitGv6K+UaowCQdoArob+dnE+I9m98r4M=,iv:oQXdqQ1J4pF0ZX3QD+d9Z/jQkW0+3daPYmhnXHC6Agk=,tag:8eussYTJvpMTkd1cULezhg==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
|
|
|
@ -11,7 +11,8 @@ let
|
|||
group = "568"; #string
|
||||
port = 9898; #int
|
||||
cfg = config.mySystem.services.${app};
|
||||
persistentFolder = "${config.mySystem.persistentFolder}/${app}";
|
||||
appFolder = "containers/${app}";
|
||||
persistentFolder = "${config.mySystem.persistentFolder}/${appFolder}";
|
||||
in
|
||||
{
|
||||
options.mySystem.services.${app} =
|
||||
|
@ -38,9 +39,9 @@ in
|
|||
XDG_CACHE_HOME = "/cache";
|
||||
};
|
||||
volumes = [
|
||||
"${persistentFolder}/config:/config:rw"
|
||||
"${persistentFolder}/data:/data:rw"
|
||||
"${persistentFolder}/cache:/cache:rw"
|
||||
"${persistentFolder}/nixos/config:/config:rw"
|
||||
"${persistentFolder}/nixos/data:/data:rw"
|
||||
"${persistentFolder}/nixos/cache:/cache:rw"
|
||||
"${config.mySystem.nasFolder}/backup/nixos/nixos:/repos:rw"
|
||||
"/etc/localtime:/etc/localtime:ro"
|
||||
];
|
||||
|
|
|
@ -11,7 +11,8 @@ let
|
|||
group = "568"; #string
|
||||
port = 8080; #int
|
||||
cfg = config.mySystem.services.${app};
|
||||
persistentFolder = "${config.mySystem.persistentFolder}/${app}";
|
||||
appFolder = "containers/${app}";
|
||||
persistentFolder = "${config.mySystem.persistentFolder}/${appFolder}";
|
||||
configFile = builtins.toFile "config.js" (builtins.toJSON configVar);
|
||||
|
||||
in
|
||||
|
|
|
@ -11,7 +11,8 @@ let
|
|||
group = "568"; #string
|
||||
port = 8080; #int
|
||||
cfg = config.mySystem.services.${app};
|
||||
persistentFolder = "${config.mySystem.persistentFolder}/${app}";
|
||||
appFolder = "containers/${app}";
|
||||
persistentFolder = "${config.mySystem.persistentFolder}/${appFolder}";
|
||||
containerPersistentFolder = "/config";
|
||||
extraEndpoints = [
|
||||
{
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
services:
|
||||
gatus:
|
||||
env: ENC[AES256_GCM,data:77RkFJ6MfTxdVu2QbKHLvIRHxB18oUKJ/Jq0bxHKCAZkbQ0DqJ+npjTchX9aAHp54oROApBQklk3Rf4E7Wjn04BirxI1yh42I9AgfoRphlLB6JFAhWPmsRZIMWUjjLdA81gH,iv:odRx/Ht6Nku7WSakECHEbjZbRtLiT1HtLCv8LkLbDWg=,tag:ZFL1u/Kg3+TdGOpby40Ndw==,type:str]
|
||||
env: ENC[AES256_GCM,data:iocxxwf7Iu2mD/Ita8kYQjnSIa5eG6r6waZUHrZxq+Zr02rUZS3ypvtA60fdpxtCFre4nOEMTI0k6XkaW3xoma3cMbm4cjs+bn85dNeUdlDkcKdo20pE95+jPqLnB/jmxyc8,iv:uynRN38mYtrkO2HBr2hp8PTWECZn1MKRJKFegQX9slQ=,tag:gk3c/BO9+KYblGLbmtDYYQ==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -10,59 +10,59 @@ sops:
|
|||
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCL096VEdTdzE3ZnpTU1M2
|
||||
NngxUEY5d0FNd1cwR0VrN1E3eWJmOEVEOWtVCjNOQUErL2NvOERJR0x5NVFYcHJH
|
||||
ekdVNVc5TnIrQ0E2OFI3K3VIdFo0RWMKLS0tIGtEcFBWQ29KbmkyRng0bXovUTB6
|
||||
NWJBdDJYU2JjU2Y2KzZPaERyZE1HdEUKHOJMtRFmWNTzwr/j7cxL6E8BnaZk75Dr
|
||||
RYW+8oGT905PMP0jh6dFKuUIsxAuCGQXZUfnUXlbCBUJjYIjeCNGOQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjOWZEMVJVd25Hc0E4SkIw
|
||||
Y2ZnZlFsZnE5MitTbWMrb1c3WDI5QmxjdVYwClUrRXBjY0lYd1Y3T0F6ZUxHY243
|
||||
OUZTK2ZxYXJ2UjdNMUN6d0ZSdFZyOFkKLS0tIGFXOHptSzF0a0pqRE1QM291KzJx
|
||||
ZDJDWCtMZVRXTG9pNkl4VXg0WkpJSDAKs5QHQkoKXpdJcVnHcNLeeq2wUNh3LIUH
|
||||
TU3SLK4yhbKBS6zL/LKOWN1XL21B3YrSHVOWQzMb/Vih4MFrPLchDQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0ck00a0xwOER3SmZ6OTM5
|
||||
WGEwVjZ6ZUJhUit6SU1KTmtqak9uTHJDT2xRCjcrMHlvRkw3SGMyNE50WXRjcUtw
|
||||
bldUSUdTZlhRUGVPQ1FaTWFva015RmcKLS0tIERrd0F5eVBMYllYS3BCZkt3bW1v
|
||||
VFlYQVp5cURqWXV2ZmczWFF2UlpYKzQKWlw1CxLh2LwA9z92ZVbkZPhJuleUZHdN
|
||||
hOfpFEfd/nP2Mh22NW41ZN1X5nT6hG+0N5LANmjzGoRUCS7pYaPTGw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2Y3BwMkJ3dGpteDZCVzBE
|
||||
bk5rLytHSlJDS0ErZjJKaEtTWkJzY3o0dnlBCnp0SU1vVndZbXk4TGdTSjNyNTBv
|
||||
MUVOWUJHSnowUjFVWEpNMUpiMjA2eTAKLS0tIEIvYmNCWDA5bGtvRGQ1SmpQdFp1
|
||||
VEVFb1BsSitHV09PZlB6d1hCNHpvOWMKr0kc8AI0jRpx4vRKC/CcQblF2aTaAYT8
|
||||
MBPbbv1rFJBJ63fv1tGb/EmxKWl12HIsjFTxn4R9HLMuqoeheLTkEg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVR3U1OTJncTgvcVdrUSs1
|
||||
VDBBaHpUU283QVFRZVNhMHJEUDZYaUZTTlNzCnFyMHYvbGwzb2VmL2Y1dnREdEpl
|
||||
Z0ZkbGwzTUpoWEVQaTlPMnNFN3ArNkUKLS0tIGxtSS81TVF1SVVHcCtVZHhES015
|
||||
YVBza2hzM1ZaVjFIbWhoOW9QRVZEamcKImmazw+OsTpec1pJMrmHlSS6R3MBFDPc
|
||||
j6I/7AKS0mdspo9T/csjLVQWTXYgCe2x0gHhqY6I4997Dagqc8SaHw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaTm1oZXA1eUpaYi9WSHlG
|
||||
T25hVmUrRFV6a3NXcldRMERkU2FWMmptTFVjCjd3MUlhcVBGK2JhSjdkTDZpQXBz
|
||||
L016NnQ3bzRocmNrUk1nR3FqeHI2cnMKLS0tIHI1aVNvcmtKYTBNVGg4RS90NXNW
|
||||
ZWlnUU0vditwbWtKOEY1di9Jb1hHK2MKjqe7nRCUzXm39YxCLlp0zTPk+gCYFzg7
|
||||
QwfsZuSQphKUrmO/IgIUpv5H1q6WKCN5GhfH6gLwxX/Jn104xvapWg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEMTUrQXJpWVQ0OGpkS21p
|
||||
eWVURUJGbkE2SStmbE5oSE02Tll6YXl4ekFjClNjTGtMNWFkdzh2TXlndEl2ZjZG
|
||||
K21KOFRCdUJHMml2TlVHUXU5cnVpUGsKLS0tIHE4NS9ob2JoREU5QU4xYkN0c3BY
|
||||
YXBQeXNnWVEzaGF0WjNKaWhmK2dtTVkKoSxBOjZmZeucQrHob3wEr69L7535zN/N
|
||||
rpZqBmmTnLPuD0+fuYhLVbsRVp3cEULepRfltpQuutEJbhDAhWpTKg==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFd2puUE1lVnp2Z3Y1TDdK
|
||||
aDdRb3FtTzJQSlBXQ1hZcnJXa2ltWVFtZ0hNCkZqRDQ3Q0xkTDk3OTVlWXRhbmxs
|
||||
Q2k1cW1aQmRMODBZUDJVanFRK0dkbUUKLS0tIGVxZ3VxRklMUWpBa0JweHNENG5T
|
||||
T3hKT0F1NUpBMkdYelA5VFBMNkRyVVEKYUNocPAY8bAm17EbPdqnGT5LjKj6t5X0
|
||||
zkVdSGPG+l7UzGCzZHEG9mnLpAQq+ED0cMWA7gOz+m+zAj7o4qLe3w==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBazAyNmswaTdnclNpMDkz
|
||||
c1BDTFQyTFNiYlpPVU1zR05DaEQ0U2tDVXpFCkttdFNSL292eDErbzJ3VFZEUHhm
|
||||
THRJWWhadW95VTFxZmtsQVl1d1RiUzQKLS0tIHNrQW5WVWF0TlFvN3JJM01PT0dl
|
||||
dUxBa3FuM3JFMlVMa3Nobkh0bjFBQjAK+WhiuurDU3OwT+kuWJ/+kZOdIYwjsjgn
|
||||
DkcUNWEt6IP8CKWJws6RoqlkH1cO+6JsKd/LWMwI14UhzaQI7zms8A==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyRDNNMWU2Ly9TcTFYbzhx
|
||||
ZnRXSmZNZkZtV29KRGR3ZmhwT2VhN2FOZDNjCm9Lc3BEUUJuekh0RkxoazBNSU9u
|
||||
UmRUV1B3cGpGMWFKaXFmWVZBT2RaM3cKLS0tIFNWaGFsZE5Jc1NKTGc0amRUMlZR
|
||||
NHd6RllGdEQxeEZRb2xyd0hOMXBFYncKAh/6llh1uBOqRz4L7SiDsevTZYKyoKoh
|
||||
SSPqIycuhyotPpwHtFsRaOoa6YxHQnnYc57UJXqrwi1d2DWM1REIiw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1w3jtd4lecn2ng8qxantw33qxl2uasfqfjfpx45u6uweexwtxyq4spwssmh
|
||||
- recipient: age1jpeh4s553taxkyxhzlshzqjfrtvmmp5lw0hmpgn3mdnmgzku332qe082dl
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBucWtiUkhlVTBDRHQrYWlV
|
||||
elcxeFJ2Y2Vxd0tTUERCaVRvQUZCaTU1U0FjCngrZ2sza0NzNWFZNkk1Vnc5VTJY
|
||||
WjF4MU1jcHorc09IdDFlU0FRT3hhUnMKLS0tIEUrYU9aTkcwTVhCbmQ1Unp4eEpU
|
||||
R2RkZnZaNTBPTWJMdjlTSjhCK0tuMU0KsSsbacU86FneM4NHNYxd6YEBvOW2Pcmm
|
||||
dzIaD9ZlQGQEEwqTFFHmXI1pMVibMNG8I2LlNml4xM8J8yH+e/7YzQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpUmM0bkN5WjN3ell6TGxP
|
||||
Zzk1MDVHZEUzQ3lLSHN2SWRjNnlzZjBFRkNBCmdXMjAyNml6SDZQNzNSNGFsY0lD
|
||||
NzY2MHJrWGVheXlQRFlpdFJ3RXNPOWMKLS0tIHB6YmZJTUZ3ZW1OZy9LVFhCNlpK
|
||||
VmVCMTVRRlVLclBGSnZuVzdydTFkTVkKYgtuNHfTXgGMWzJGALPEOU2aEY2AFnsq
|
||||
cH09C/mdOWmPOuJrzqLRD2zuQeUExc7nPLH9DumHPcVpXoAWSAE2ww==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-04-11T11:56:37Z"
|
||||
mac: ENC[AES256_GCM,data:cELSGJgfHkR0RPVZAJxTd3jmaYNHb+HBNPccSZ+pD5dBsa7WBhlcdTVy+O/XkhQkiYvcVcpXZZgODcv9SwvJM24yA6s2+5nhcs6mJzVtYT15hSzH0YepAe2OHk8rR5S7ucUZZYIJzjFOTxWPvExx2ntsBVngZhHCrLm/EyjWbv0=,iv:yTDtfR1R9SVmCvwiLgdiMX4Eso6PIK1eiqlPtwW++lY=,tag:wxSrF/qz04Cdw9VATtnd3w==,type:str]
|
||||
lastmodified: "2024-04-15T06:36:15Z"
|
||||
mac: ENC[AES256_GCM,data:ZOuz/fdCiBKmqYdumQq2njK6wGiAtPPwLZphPfTwdCaWYnNHLuCE83CaDzBhrsR4nTR/03Uy0XDvNsv7Yvid5WivzrcsilNcriVQ025nNm6ucRCMdg1phm6sNXOkdWnWA65kro9a8C3g6j6EYAohvn/TZmS0XK1zp/PjJ9xggKs=,iv:T6O4nsrptfJJNzEFWeHKGBOGsBmvZQi7WU0uIrhat0E=,tag:7Cp6NCzh0j8ONXkNKgcTbg==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
|
|
|
@ -10,9 +10,9 @@ let
|
|||
user = "568"; #string
|
||||
group = "568"; #string
|
||||
port = 3000; #int
|
||||
persistentFolder = "${config.mySystem.persistentFolder}/${app}";
|
||||
|
||||
cfg = config.mySystem.services.homepage;
|
||||
cfg = config.mySystem.services.${app};
|
||||
appFolder = "containers/${app}";
|
||||
persistentFolder = "${config.mySystem.persistentFolder}/${appFolder}";
|
||||
|
||||
# TODO refactor out this sht
|
||||
settings =
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
services:
|
||||
homepage:
|
||||
env: ENC[AES256_GCM,data:eC/ML1lypdxqPKmSpry9C46qD8h+LFhLXF47Z3qmeW6R/KOsyjVA7LwHFJ2JMZa2dq1G27FVGwDFSc0BBFjSEAq4QEHrHINf2kotSkS4bLHgnI+x7ZbO4EQezJqQQSstpaflJbX5SC/lTox7xhSjMYF9+9RUKu1FShv8buLNCc3TyQI7JCM21nXo3st4xOxTsPWDeFyOR7uvXi/kj04+2LQJveNGkN45+foc73VXD0jMA0mBJihwLRqL6PpAM64dQfwspDZ4dThNTGJzSQpnVfb1zDw/u8KWZeHZ8NMdT4SB0DjuOtaxQ6elIXzu96NOQYV/ncE9tZiAhjhpTleJsV/KWM9RhAKV7SEWT7x+vEmvmiZkwwz2wKWKgM1SKOplAupk3EsJ/NeDJAP+NltYWymN9qeOnFqcqXT2EWNkrCgHJwiVIuuMf1eh5l9xuxj5u0Es+a4plpbKiuNi8Ws/3IvL/ClJ1LU9ONZj4TSReOzuqJWvSKtAAx/kXeSP+H1bU4qyK+oOzJ6KUphZHctRX7H+c1jovkPKhRMit90/G31ydKo41MJwhV59lEr0pvz3BXrw8INJrBxgGRCylC55vgbJmgeZlIE4x+UpU+GNB0HnFC1PUxELOxBX7jTAN9mf48K58VLNH+kvvXuE4+tZt7sSJMw6HFlsQPxNoTFg3XxqVWB2FrFpf4mCd9K8cZUxEz0OtyLHDRuLgNtAv2cP4J8azvjhtH3rTKZOFrVtNB3K3mE2B6nyeeMCrpXoj+qpbApqfDInToz96CQSzx7GPkG7hrZkGr/nVd5U1LrLg3eulg==,iv:ntzX/uBd2wShWGAm+oOOYRZtZBazeVR6r8Jjp/ewLsU=,tag:Rsb3/GLTBnvv98bUicJRTw==,type:str]
|
||||
env: ENC[AES256_GCM,data:Oz5OZipRWFnZx4kEvSSHKEOG8YipOc4m4JMA5fd3RZ7nRwSSotADxM8z/6Va6lsjde2OcN3IckJ09MJYT0+a3+WnWsR48E7Uh9H5617H6bb1a5h0BZaHMKkulLIWsWS1K+qNlt45bGsTeLQNdDJTekcgzzHRB3GGwt0Qj+pmDXyaUmMLFLjdulfT9IlBW3QAjjtZx/jBwzpwNG4kBTuRC9pKik8L/OjqZ2Wrx/TmQ45RLQ4o2Vne86CB2/NBj7xLXH7jE7/UhcJY68Mr6DEevecA0cw0c99Ytble1GdpCcj0mb0pL9aD9USighjtIjhljnFKBx+ZvO1UVqA9L5wlSIQeGrBpn45oHOgKG/KTBYRLgCYSHOfUhAA+Zp3vWdajiQ2LPsLpNp1AGROu7ea2iJuim7AYfaXdO320i8jnZCLSPiBXd2DOo+AeqpV+9kbg3Vx4tt0SgIWtSA88oMzm5Lz4Wd5ddIuvuCBUEMnYcdzXBtOO3DgIOvi4AUcV4l2VHCp4iU+ZSvEybF0M54omYsw/yeXkIeYyTY7SLqKxhenrSkG/KXVdPB50zYpXu19/r2qccgPTFj37kxdDCX4Nz64r9ecikqZu5g2paNMINOV/ha/UbehkzdJY/RsPKgU4GSuHxqWEmPzREcUPHpx4HQP6EvS4IPzelg0ZZ0qe77f6hdQAXDux3WYuvy+00PAN+iIhxy4ozE0y8kKtEyFnfqowlzyrjIAyIN6JDiQzQnJyU7sRu6kMkX4K3zJoIdNKkEthJYeOsrcmB67hWD7INtPCy62gc4mgUVux+huZuBBjqw==,iv:fGF0WzgDIR/Z4s7/njbPtP8kk7h1VGz2g3MLN5v7gSw=,tag:n9NAbizmQh2lDf6B+fDGKw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -10,59 +10,59 @@ sops:
|
|||
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4MXN2MXZZdWk0QzZvUUtR
|
||||
bytQUmxVZXh3cHg2dUhaNFNMM2FxbjU5Z1JVCjhDVlZEWXZYV1R5UlBXL0ZrN2FF
|
||||
dFkxZnE4QzBaWnZvYWp4bUxzdzJCMlUKLS0tIERCeis3eGVpSWZiMnNkUzFDMWlv
|
||||
MEUvelQ0d1BETW94eTIwb3FYRU05SHcKIwkwqn+/TQYPD2E9Y8Y5CKYWWOOlOqNX
|
||||
INWN0DgzQb3pVn/L3HD6R7rpCIujQhV/KE42p4theakT56cEFMpjaQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwb2JCV1BpWXMrWXdxaElB
|
||||
TDBrb0UxVXBxaHhWNDdPVUt6dk9lOVYxYmxjCit3OGVvVytmM0xoMUgyL0pYU3VW
|
||||
engydEpENEJpdGJGMFBiWTcyWGtpeFEKLS0tIDJPMjM2cnFSdDVoWU1mMEl0bHZX
|
||||
YUEwR2hmNHdDZDdxcmc3OW9rN0J5Q1UK7YIJgv4mNUUJZd+1jJBcYdBLB/g+NEJW
|
||||
8nLi1IgSHRMryYOviyu1lJ7zd27pMhjjTkajaIymwi2T1txug7xwAQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3UWYwVWlGWUtENWhuQlpY
|
||||
THhSbnJkaENaUnNVekE2UndKeUpsRElpNFdZCmoxODUxQ1FvVW9UcFFiN3M1TFh6
|
||||
UzRRbkdzQWs1SXVCUyt2ZTlPaDlwK0UKLS0tIEJSdk4rU1M0bmR4QTlEeFRwbUxT
|
||||
dlpkaW13VkNCWVcvcGlVT0JSVm1jd2sKxDSwNVZkt+1VrEIEkSDFSL6XpkmRU0UZ
|
||||
bsRYQjTxdqMxAVtyeKVIocMizGQIcsbjrwxL2RMnUev73wjNEKjAJA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3b0RTRHd0enhXcEFtZXZ5
|
||||
Tk8zRWRYbm1UOHRjMFgyRGRQb016bzYzWVRJCjFWbVhZT3p2ZjhCcjFRR05TZnRK
|
||||
KzkxT1plTWVzSythQWFsZXh1Z0ZzRjAKLS0tIEU1cWxZcWg1bTRrYkpWSFFNUkJ2
|
||||
NlROTG9YZWhZeTQ1djEvaUw3NWpKZWsKvWkqBd2nMSnSlwsMf9Y/H/7lZu3TYR6C
|
||||
S2DayCyLe6JfE3sgTIDiFo9awwTZYM9z+HXdMffnlKdBd1UTGRvH0Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrSVowcEdHQVV5U1h3Szky
|
||||
Wk9zTSsyZU5lWUxXNXlGcGNBQUd6dTBXSkI4Cndsb05DUy9QYUl5K1VGT3NLOFVl
|
||||
NzdCeG5wSjZ2SG0xSlVSZ29EQzlzT1kKLS0tIForSGZzWWdsYlJVSXhRUzMxS2dO
|
||||
ZG5SbFo5VzdsZ3BHMlhpUWVYajNVUm8KIL/y0lbYiYruyLRmdgj7/4bP4NLdL/uU
|
||||
/bR46RvXfAhgyncp+4hXrhh1CdPUwkg4Bh6WfwYaO+0kp/4FU47u+A==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvQS9jQUJDU2xHVFM5YXFU
|
||||
alBvZjh0TnZEb2ZRTnNHazFEcU9JOHRGWFhnCnpWYlhpVWZHTFQ4S2k5NERNNDE1
|
||||
bTF5U1htYTRtQjFmclJCNXhCcnFlS0UKLS0tIHpGaE1odmJCSWdRWU1zWnpxRFJo
|
||||
cWJXQWpFWVk1N3JFeS9zZkt3RGRlMHcKieWN/vbbTCscmY+jAoY2qU46+N+susmN
|
||||
AlIHI5B65LlHZ8oAVsfGDrSb4u81dM2sPqg28iY+Ij32AuWBCTWfIQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwdjJZMmhqTzNrZWk4SGJ5
|
||||
bkVaOHdCOXRwT2V3VEd4Q2VDRzlCMDFDelFZCk5LMWZoK0g5YUt1ck1jQlZONDRS
|
||||
MDFpSzRQaDRmMDg5YWk4NnBtU2RXcDQKLS0tIHZ1aWxjcS9mejRaTnVKV3pDUmgx
|
||||
RGJFZHhsME96WFFOWUx4QUtZeWpCSDAKX6odRaFPR8vHTSZ+YD5POCeFVMeWk+Q0
|
||||
f4zjiGN1HXOk4pwH286z66VAZ9Eem+c15mb60ZmKFRhxTeJc0Xvq6g==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTMFZLS1IrT3BzelZYVlAw
|
||||
M1ExNXVPcDlqNzIvREFOMDVzYk82L0h5YUNBClVvWkxDdnFrU2RDSTBWOWNiVWVL
|
||||
bmprdEJsT2Yvcnc2cGdpUEllYS9adDQKLS0tIHdxT3JPd0tkakNpalVKU2NMUjln
|
||||
bCs4S2ZyZDJZRUFqY3JRcHI1UDZGTzAKlW2nKct0J9LpE1WNE73fp0OUpLXesgNx
|
||||
V8QJ4cNix3V1TX7pPsGOt+driC83kGEjj/jukvrUCiT9IHscDOpY3A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxMy9OYWdsNjRXZ0YwdjJI
|
||||
YmtJK0krNm1XamU3bGlyWDVPL3FscmNqREhJCmtQR255bkcxMEFheEZ5WXFvUjVJ
|
||||
NWNQOVc3YnVZNVBSSkRZMGxCVjhsdFkKLS0tIGNyQS9BbnFJclFtYjlYZ1h1dFhi
|
||||
bUEzWmRZUzZIYjJJQ09YVU4wVUgrV1UK+PmTnYJ67rUGld61S0/GMa3ZQYSAePul
|
||||
+a/5BKlvLgPJVua6Fv5LIoA0zzmFLEpOOsnLarbmRfWm9XpQDD5wEg==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAySG54VVEzOVY2TGNGTGdn
|
||||
bVVaMUtqamwwamRRQk9qYmpzdk9YbzEvYTAwCkpIb1pXb3VKdUxPNUdyRnZVNWJU
|
||||
cGIzVDNHQWlSSkkxMXJ0RGp1MFNRckEKLS0tIHNSQ0t6SkJYVWZramkwZkUxRGpw
|
||||
SnZRYUJzMGJwZTFYc0J3Slcrd2ZPYVEKfQ263loKlS0MGe/CCgAiu29trQbR0z/9
|
||||
l7ehDvRN+POsckFL12xs/gapkOFIuY9MJ5ngibKVUqVWwGG8cedkRA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1w3jtd4lecn2ng8qxantw33qxl2uasfqfjfpx45u6uweexwtxyq4spwssmh
|
||||
- recipient: age1jpeh4s553taxkyxhzlshzqjfrtvmmp5lw0hmpgn3mdnmgzku332qe082dl
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsaGdWWVgzQUwwbVlHZVgr
|
||||
U2NDSk9SV2FRQS9GSUUxK010WTFaK3g1dmg0Ck5Ld0Y4ZEticFhoTDFNb0x1NDk1
|
||||
SWxXcFk0RDh3V0xQUS94ZjRoK2xESnMKLS0tIE15LzRjYXVjS01JTEEwcDNuS2lz
|
||||
YWR3NnNjbjUrTTVCS0t3TzRydnlSNkkKKIi0I49zJ574JR7aVu4x7PZcaRvxnzvm
|
||||
Z2IXLciMBKkiIQNf0eRocSjfSumToBAhXORJVklAxW9j67haSuKZMA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUcmN3UXRGRlJrODQ3MEpr
|
||||
SkdaWUJENXVmRG9tZ2I4ZEVXUTJQOVlrRkdFCk5TUWNtZFk4L0MxeVhvQW1sMllP
|
||||
bHp2cyt2V1R0UmJOQ0laSUpqWEtZcFkKLS0tIGU4c0s5blJPRWIvU1JZTGtURkZh
|
||||
U2NXcDlaWUNJbm5lV0lVQklwTXowajQK3Sdo0OcVXThYTWBZMd/t7hey2ITfKIDT
|
||||
pyKaJc2xDzsgKx/bc2DxjElsROPBF+7Z0gYMv7/aOIhkcGEU3lPKsA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-04-11T11:56:37Z"
|
||||
mac: ENC[AES256_GCM,data:7IBluUr6uRBeQoaIG4LG3CFEUa42UEl2NMUS/V01W/fKlEBb97Jog2dpdivMQ0P4Az3MSzPqfq0Y7b4XBcU/LnSGNBNKFAXO75rBwvmuKF5qcw7X8MUl28qgTyS6DImDL33r+ydA731lTzQazntAzgqquFTtjNqixkF/2qDTgeY=,iv:ROdwE2T5M6zofyP/vxJRhvRj1X3BCKiG0Kjmfp1Jd1A=,tag:oOs4LF7RHxEb40w7KvFFcA==,type:str]
|
||||
lastmodified: "2024-04-15T06:36:15Z"
|
||||
mac: ENC[AES256_GCM,data:AeluQaUlgrC4iYyG/Yqjk4bVv3TWmFYy2uRRN/kFuytjN+TmDlevkWAbQpg9rtJn0f0FohWYvsDB/NNF5uvbDrwwMCqqcUUNs581fxa6QQr89IfXCIlSOCgBKVUtAqH/M1SjHh6K0LxVAlDW5mvr0OvW2WFURDBo45YMMfvoPVs=,iv:1ia1N+rkoTKXmtvEuVyKtZ758PDOfh7FuKOMaoxq49o=,tag:Au6rcmAKcYLzCvEkWiC2Qg==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
|
|
|
@ -11,7 +11,8 @@ let
|
|||
group = "568"; #string
|
||||
port = 32400; #int
|
||||
cfg = config.mySystem.services.${app};
|
||||
persistentFolder = "${config.mySystem.persistentFolder}/${app}";
|
||||
appFolder = "containers/${app}";
|
||||
persistentFolder = "${config.mySystem.persistentFolder}/${appFolder}";
|
||||
in
|
||||
{
|
||||
options.mySystem.services.${app} =
|
||||
|
@ -77,5 +78,13 @@ in
|
|||
conditions = [ "[CONNECTED] == true" "[STATUS] == 200" "[RESPONSE_TIME] < 50" ];
|
||||
}];
|
||||
|
||||
services.restic.backups = config.lib.mySystem.mkRestic
|
||||
{
|
||||
inherit app user;
|
||||
excludePaths = [ "Backups" ];
|
||||
paths = [ appFolder ];
|
||||
inherit appFolder;
|
||||
};
|
||||
|
||||
};
|
||||
}
|
||||
|
|
|
@ -10,14 +10,20 @@ let
|
|||
user = "568"; #string
|
||||
group = "568"; #string
|
||||
port = 8080; #int
|
||||
qbit_port = 32189;
|
||||
cfg = config.mySystem.services.${app};
|
||||
persistentFolder = "${config.mySystem.persistentFolder}/${app}";
|
||||
appFolder = "containers/${app}";
|
||||
persistentFolder = "${config.mySystem.persistentFolder}/${appFolder}";
|
||||
in
|
||||
{
|
||||
options.mySystem.services.${app} =
|
||||
{
|
||||
enable = mkEnableOption "${app}";
|
||||
addToHomepage = mkEnableOption "Add ${app} to homepage" // { default = true; };
|
||||
openFirewall = mkEnableOption "Open firewall for ${app}" // {
|
||||
default = true;
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
@ -30,8 +36,9 @@ in
|
|||
image = "${image}";
|
||||
user = "${user}:${group}";
|
||||
environment = {
|
||||
QBITTORRENT__BT_PORT = "32189";
|
||||
QBITTORRENT__BT_PORT = builtins.toString qbit_port;
|
||||
};
|
||||
ports = [ "${builtins.toString qbit_port}:${builtins.toString qbit_port}" ];
|
||||
volumes = [
|
||||
"${persistentFolder}:/config:rw"
|
||||
"${config.mySystem.nasFolder}/natflix:/media:rw"
|
||||
|
@ -42,6 +49,13 @@ in
|
|||
inherit port;
|
||||
};
|
||||
};
|
||||
# gotta open up that firewall
|
||||
networking.firewall = mkIf cfg.openFirewall {
|
||||
|
||||
allowedTCPPorts = [ qbit_port ];
|
||||
allowedUDPPorts = [ qbit_port ];
|
||||
};
|
||||
|
||||
|
||||
mySystem.services.homepage.media-services = mkIf cfg.addToHomepage [
|
||||
{
|
||||
|
@ -68,5 +82,14 @@ in
|
|||
conditions = [ "[CONNECTED] == true" "[STATUS] == 200" "[RESPONSE_TIME] < 50" ];
|
||||
}];
|
||||
|
||||
services.restic.backups = config.lib.mySystem.mkRestic
|
||||
{
|
||||
inherit app user;
|
||||
excludePaths = [ "Backups" ];
|
||||
paths = [ appFolder ];
|
||||
inherit appFolder;
|
||||
};
|
||||
|
||||
|
||||
};
|
||||
}
|
||||
|
|
|
@ -11,7 +11,8 @@ let
|
|||
group = "568"; #string
|
||||
port = 8080; #int
|
||||
cfg = config.mySystem.services.${app};
|
||||
persistentFolder = "${config.mySystem.persistentFolder}/${app}";
|
||||
appFolder = "containers/${app}";
|
||||
persistentFolder = "${config.mySystem.persistentFolder}/${appFolder}";
|
||||
in
|
||||
{
|
||||
options.mySystem.services.${app} =
|
||||
|
@ -69,5 +70,14 @@ in
|
|||
conditions = [ "[CONNECTED] == true" "[STATUS] == 200" "[RESPONSE_TIME] < 50" ];
|
||||
}];
|
||||
|
||||
services.restic.backups = config.lib.mySystem.mkRestic
|
||||
{
|
||||
inherit app user;
|
||||
excludePaths = [ "Backups" ];
|
||||
paths = [ appFolder ];
|
||||
inherit appFolder;
|
||||
};
|
||||
|
||||
|
||||
};
|
||||
}
|
||||
|
|
|
@ -11,7 +11,8 @@ let
|
|||
group = "568"; #string
|
||||
port = 8181; #int
|
||||
cfg = config.mySystem.services.${app};
|
||||
persistentFolder = "${config.mySystem.persistentFolder}/${app}";
|
||||
appFolder = "containers/${app}";
|
||||
persistentFolder = "${config.mySystem.persistentFolder}/${appFolder}";
|
||||
in
|
||||
{
|
||||
options.mySystem.services.${app} =
|
||||
|
@ -67,5 +68,14 @@ in
|
|||
conditions = [ "[CONNECTED] == true" "[STATUS] == 200" "[RESPONSE_TIME] < 50" ];
|
||||
}];
|
||||
|
||||
services.restic.backups = config.lib.mySystem.mkRestic
|
||||
{
|
||||
inherit app user;
|
||||
excludePaths = [ "Backups" ];
|
||||
paths = [ appFolder ];
|
||||
inherit appFolder;
|
||||
};
|
||||
|
||||
|
||||
};
|
||||
}
|
||||
|
|
|
@ -15,7 +15,7 @@ with lib;
|
|||
options.mySystem.persistentFolder = mkOption {
|
||||
type = types.str;
|
||||
description = "persistent folder for nixos mutable files";
|
||||
default = "/persist/nixos";
|
||||
default = "/persist";
|
||||
};
|
||||
|
||||
options.mySystem.nasFolder = mkOption {
|
||||
|
@ -33,6 +33,11 @@ with lib;
|
|||
description = "domain for local devices";
|
||||
default = "";
|
||||
};
|
||||
options.mySystem.purpose = mkOption {
|
||||
type = types.str;
|
||||
description = "System purpose";
|
||||
default = "Production";
|
||||
};
|
||||
|
||||
|
||||
config = {
|
||||
|
|
|
@ -23,6 +23,8 @@ in
|
|||
[
|
||||
bbenoist.nix
|
||||
mkhl.direnv
|
||||
streetsidesoftware.code-spell-checker
|
||||
oderwat.indent-rainbow
|
||||
|
||||
]
|
||||
++ pkgs.vscode-utils.extensionsFromVscodeMarketplace [
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
{ lib, config, ... }:
|
||||
{ lib, config, pkgs, ... }:
|
||||
with lib;
|
||||
{
|
||||
|
||||
# build up traefik docker labesl
|
||||
|
@ -27,29 +28,49 @@
|
|||
}
|
||||
);
|
||||
|
||||
# build a restic restore set
|
||||
# build a restic restore set for both local and remote
|
||||
lib.mySystem.mkRestic = options: (
|
||||
let
|
||||
excludePath = if builtins.hasAttr "excludePath" options then options.excludePath else [ ];
|
||||
|
||||
in
|
||||
{
|
||||
passwordFile = config.sops.secrets."services/restic/password".path;
|
||||
initialize = true;
|
||||
user = "nah";
|
||||
repository = "/tank/backup/nixos/nixos/${options.app}";
|
||||
exclude = options.excludePaths;
|
||||
inherit (options) paths;
|
||||
timerConfig = {
|
||||
OnCalendar = "01:05";
|
||||
OnCalendar = "02:05";
|
||||
Persistent = true;
|
||||
RandomizedDelaySec = "4h";
|
||||
RandomizedDelaySec = "3h";
|
||||
};
|
||||
pruneOpts = [
|
||||
"--keep-daily 7"
|
||||
"--keep-weekly 5"
|
||||
"--keep-monthly 12"
|
||||
];
|
||||
initialize = true;
|
||||
backupPrepareCommand = ''
|
||||
# remove stale locks - this avoids some annoyance
|
||||
${pkgs.restic}/bin/restic unlock || true
|
||||
'';
|
||||
in
|
||||
{
|
||||
# local backup
|
||||
"${options.app}-local" = mkIf config.mySystem.system.resticBackup.local.enable {
|
||||
inherit pruneOpts timerConfig initialize backupPrepareCommand;
|
||||
# Move the path to the zfs snapshot path
|
||||
paths = map (x: "${config.mySystem.persistentFolder}/.zfs/snapshot/restic_nightly_snap/${x}") options.paths;
|
||||
passwordFile = config.sops.secrets."services/restic/password".path;
|
||||
exclude = options.excludePaths;
|
||||
repository = "${config.mySystem.system.resticBackup.local.location}/${options.appFolder}";
|
||||
inherit (options) user;
|
||||
};
|
||||
|
||||
# remote backup
|
||||
"${options.app}-remote" = mkIf config.mySystem.system.resticBackup.remote.enable {
|
||||
inherit pruneOpts timerConfig initialize backupPrepareCommand;
|
||||
# Move the path to the zfs snapshot path
|
||||
paths = map (x: "${config.mySystem.persistentFolder}/.zfs/snapshot/restic_nightly_snap/${x}") options.paths;
|
||||
environmentFile = config.sops.secrets."services/restic/env".path;
|
||||
passwordFile = config.sops.secrets."services/restic/password".path;
|
||||
repository = "${config.mySystem.system.resticBackup.remote.location}/${options.appFolder}";
|
||||
exclude = options.excludePaths;
|
||||
inherit (options) user;
|
||||
};
|
||||
|
||||
}
|
||||
);
|
||||
|
|
|
@ -88,14 +88,20 @@ in
|
|||
10.5.0.0/24; # CONTAINERS
|
||||
};
|
||||
|
||||
key "tsig-key" {
|
||||
algorithm hmac-sha512;
|
||||
secret "iZhi4kaPJBvqxyW73aKYRnNy5e7N2A+7WczxAMcCvDl8QpAc0HFjfI1Q+0g1SBUQBZXqAvGFViegPsK9lZ3bkA==";
|
||||
};
|
||||
|
||||
zone "trux.dev." {
|
||||
type master;
|
||||
file "${config.sops.secrets."system/networking/bind/trux.dev".path}";
|
||||
allow-transfer {
|
||||
|
||||
tsig-key;
|
||||
};
|
||||
update-policy {
|
||||
grant tsig-key zonesub ANY;
|
||||
};
|
||||
|
||||
allow-query { any; };
|
||||
|
||||
};
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
system:
|
||||
networking:
|
||||
bind:
|
||||
trux.dev: ENC[AES256_GCM,data:yItoqCfF/QsOPjCdnQa//+3ULoSFaufvFp1v9i9hKOr2yg+Ep/NzUZ9GzDvpBEqKXwlOPV4TV5YIcHX0RFPioQ8LY4snLRwNSmHs3UjvvIw/jpJpUM8iCHMDzl1xcwZFJ3gnNuS5chRQmO19auMe8YQtYL7f6E28g0uQJE5Pcl2K/flVUut7mKVLJAqXM7VZ8Cua3jgctTnx37zyJsxWLfEK9iAzf4rcZoloGM7eyOW1b2eI0b74FQptxUtsAQSCmjuGVlJBp51RZzvLdxGutDZJXWHe6j6fzNj0lOs0vpMRo7/9exbz2q1yw5xC4XAZQN1vuD61Wx/qGyK8vxYNzrwaYLXBVvE67LivMNzayCXapEr3LducDBdwecwS7SPgao4OGIJMmJERIUUMSxvZIlaY6nQUNBkw9aI8CtrHq1bJ+46juJZtJDfjoKmIVgWpaYcq7k8qKKOHhxqJZ+7755TR7m8vcBe520Mj5QnebX4RwK3bLI9WFRv8vKlXDtcvO+zfutRO2hkc8VSb9tuCw75p8vDPCmD1NdVMgX69RvZMxq9NJgF0aPne+8dnoE0aKCSKbEI/bhy3bE07MJ9CWD9BUBHnt+77CALPF0gWOGkVuE+DWccbaVB0waOeJ/+7bM/9y1/PAIV/avfS2durbMCE9bk+LB7bvNSEzNm7ub8Kb+zQP4w2tgKq0RhopmUoVB8X5NkwwCZ5SPcernIjZcOI1O90avjvIh6H+/jdnEFjNplpxzV+BxZjd36f+qgISmNUm3Fbe/+dVAEQUDVt9hB+llXeou/YUA3Av53ncgImgXt9PaXHUtnpHrZin30eIB181Ysx7JKEp8UA7N72b0dh2/kWG7HJgbBnLNTuQdMU7u9hQMt/pFgH8ezqEO9m8XlDh1A6lw8o5ca9XVcPKD65u4Qfu8hCwH4Luq1QwuNFltc+cZPX68v2+Heq9H9zsnBw+odc4zd+XF0FnTNSdvxi2JAbRZ8tMhltAaxrZbjUiR6HkI1XLGhZaAl+L8t1xlwr9jqNIiM/6FrlGAekZlNgchz7IFO5l1VBHQLF6IAomvQEi3av4ttw0HBi9OqWzaM5IuIo/ZeImjLZpM/HQMn/gKAvvpMIOAK9pEKk5kvU2PCkrXzWStQXUYxGRIp8NRjeDXcs4sfygxtMRKnVDoNRMJzYCg+4bQBplLzLsBe7GTQRsVZJYrdOvf1kWMP4cG7MtddFQIBb2MzG4/z0n/KrDVT5Yxlv6NiTK9NZalONQW7wznSn/siReWIjtgJiHaDTg319rbkcyFvkjujAARnvVqkkIiKi2yxm9psG7JKi7gN6MgUaTUqTEuIvapHg0CzvUqUkhE6V39xLEDC+YwATGKrX+SfQwEUXe8QoCNJpArbIrjhJWDB45FMRawP7U6E3GvM/mwS9GK1ZhVnoxvQZPC6CHYaRTYaEh/L+wMoK91c0fHiS0ATghQYhS5W3oPW3kuZeYStIZBRI7ZxFn5Lv1QhJhgBqZSbSvYRB0tWhQmCx074twY2yANEZH24b/7qPo+plSUuj7r29sQwekh7OULXy9YzaNI6apBPKX3YlorJm1BgZ1k3tTuqwq62spY3niK/vlSIHWpaNKOD4vSar4mwcWnjvLHu3fE7cZnK8HKDKbUdO72O+AH2zeEXWi+njg/548RWKv7+03aSciMU096VCvb4z3OUbp0XRqTQDAyuOI3/1x1f3+AXRdAyD0XZDinnhGeiQ9lAIqfYQJblxE7JxVP4EIm0KM6YyIGySajOf9+Q22pZz3IdsHpoOTMekIK0/Z/DQzgzxvtNnXYhoyOUBCpz5tS2C1FMJ9g9ko71WK2yXApu6Dk3sAPG7zJyoqbK7Y7kPjQGTOLTOdSPK++z42U9QjZDJGAwQ9wgESBJG4k28TPlYthrL84e4kdalo+p056ZzmUmGRGfHdGKt4ufDJtFW/tXpAWfXt72tmxb0mqNgiCxyY5LzRI6iaDmYZkN5L8nL0ZNqJ1MLsqOWLKIP/CiDDtfwZBWCdx++KlEkGxJSG6H/6DqQ3u67DRUCRxv/XGtDWCLqRzhpQsD9ZoFMNesB72TNA+1TR0DoTZnn/TI1BTnK2MsSQHds8KzRXIJhBMlfYTIH7ruJtkUEqpkhWDK9PrGH/vm8dbV72YoGGy32jVy+Kllo3OBuK/xXOcU0AH5dgXdLgoN0qxA3SOYf0AINeAGO4g4zvc8YCTHfgqIJkb/An4HmdZGgGQQSTMsXzXy5EFVmhiTiJHDvNjMklQQKDgJfIbzU+bDtQydDnYEdRxyPWQb4T1SPatEmHlt52uYMyGt/G8fXfkU0lxLn7ZRSuac1Xjax3fKvGHECbWYcE8WLQFwWUFPhThSz+e6vUx7+VrjdX7P/yCF25xPxnDFj+O+enMu2eX0RCuF6AlLkapewdivNlGz/qth9Wa3+sd6Ew3AXfJ3oBwkMFM8JjB8gJPmc7PM+LQKcspcnI6icLdEOIIpOaA2oljra8+xlzOWOSYaQr7hv/BQ5jpSSl+m07NHn8ROrjAololWY6jP6fOcnrWwXRkt83qypKrO8nMf6gWlDybb6QY3hY/rfmm0CGLhywle825DbcDqsXRf8nFWu3vII3kOvcrGtVQ4MaHsWBdywlHMajYUSe40dNx6Z3tefzFruz9LHQ7xD1hJz82M7iZ0QLWP3VODgHzi28/uosOlwKEZ0atn27/ceooGbxGDMZMammpE/ov4jh+i8stFX9rn7Jp/fgJnVwIGABRfOX30VRp71nzcAQbCZiYYeNTtOhsSseFSmOC9t9fnOUH6BmefGtU3thnHfnj31b8UPEditCSAcJfiaggtr4VoCqJNA8pR+gKWz6GEDrou9Ow5F1xV2hBXeHcwEXoDmfKs4ElOqKDXagKuFhVrd9wbChn54J5DlNk0Hicwktvx63bB+5g130pVHuEyuaxSAUyJPnr+0zXaPdmXXcKrtkzC5XgU3o/YkR5BKXhomrYgm91e5yhLUIvgW1SdDWF68P0TRBuUZdH8jgbOJ4CGvHETNIIkiZWw16QGeiieZCQcZlRqKSpHFqcqOAyiHko5vTmBanlcH39tdrqtbf+A2z/N/qUbEPSA1j1pJXBjO8hNni04AM8Rdjh882LF2VBV40EBegLAvdQeNcxhzpD6k+64y/Gg6C/nZZq+tu2F3p2UgKnTyieFJv4YRO3LU+7BinogaFTGQDgGQvAPX0S+Ylo5zlruuRAHsX3nNxPwq2qx31uUIvWPuXY8Vc/Kq8TFQuR2bBL0ouyv/yIj9o8GrFqPw2nbQBzrofUhzVrkiQNYp8S7cwNqNNJyCVRdCHDpsXZsHzQdYMm9CxrK1huGX/IQ+oD9DwqOEZDjkp9bmnToeP4+pwOHivw==,iv:BEhQs3Di4Ot5fUpg8jyoRk8IwUf3cErHt1cL8EBKvwQ=,tag:PFalLUWo5cn/tVXMzdaemg==,type:str]
|
||||
natallan.com: ENC[AES256_GCM,data:idIBv+9XJ+nVbTFJ5EkWI4IxEw/Fh4gCXLdg10fft7IM2JLHmBObjwSEqly9CZ9AKAPJCZ/WeXKkG+Ul6wRxk8A1juFdDrOOdCXKJXpyrL7cBgSJWDylvKi7tqs9rV30SgU5hAsKNncPIWVWQApO923GKDzVVRMh8HZKTSy5ZZ8bCNQrlPr8DmkGa5VsUcz//scz1qdxnQeyAMJsrzg5bJPvR+bPjWXb06Q0oW8D4jM/gcm2HBq7POwg6DLEmX86mcYrvVw5LR2PDSXeG+32wugIaNvjHoUM62kB8b/OohTe5yqJcMfiGfEeMPlWAOdOfTZWZjS59BKPU7Ay0KUGKpVNHZv4W1G1Ebn6BCMOz4tNF1fmLdX0IcZSaX/0R58VwezKMBvaBj9t+Xmprx4fhrms4dfGpEzEM6LaeZp+dPH0MzIDPTEbrU28Oi49ppaMCQUG2HxOVoqvUNwAq/cA18WTFcEXTXjVdRo8CGo6eYU5lTK21xS6M/6ciANQtDcAPND6AaH/gJWrOFvHw8a++pLPiLK/7xT4k2TSEYMH1K4EdhVAxAc6sAPSQxvluABEsO3P8JdoLiAHI36lIN6RAkaT+gF7QvJWJtxcNqZbgwV448rcSBkWE82sNDrvcEzUpgrT2r2o+ljAX7NtXTBWps2xEjrg6NfdO3qlnW1TvLNmQTuAoezCUBQvlqNWOoSfM4qi4fqpQsnwFwy1jscYVftmI+W0cmI1dvVDJrudGJf6TtKn8Z6it+dmKCx1rRzUKA75JfC3K66FznsvqlC4TSa02nZxyUz1NxgL+bBCn8Z4PFakskxeFg==,iv:dsbNsqKBpedJuaaKZ9fPukQncCaDda8X1YEvm4ITTsU=,tag:ZRfLQ4yhjuvtiulqW1PCFQ==,type:str]
|
||||
trux.dev: ENC[AES256_GCM,data:+4mZg26mT4V0+ugHOyhuXUl+WdpBju+Nd222jDKMZBQzIrw1ab9J3yBd5X55yT57sdm10AMh78qg/tvoOjMjFSjnU7ftyoTmT4IaKJ64feFX01v02iaH3Qs5WS18qDpQ3WcY2qe2UlACe35jhEzC9jXn+dHM5evwkkVou+BfTbFOTaqmAJnZ4d2q1vzxMQFjTEUm8z5no5c2wOacQJ6zZUQC0q80kLsfuh+dlrMyC6Pb8gpxkvWxGNZM3JkpjA0QOlMhmANAAC5Jo34Cr2tdaM/P2yeo8iiM6UAbBdzX49fc9TBSByQN2NALG5tEpW4/SEBkUAAo2NKXPaWcsQLiQxNFfEPtRKFKeADtc88SE65YsDwr9dtt09YV/0cPoUOo7fI0YLqtdMLKkljYKRTI1hyeyAcZ5uMPfcAcKRs7r+REWn6PRueAF3ncP6aSYEgLUTft3qkrfeJRB/yWtrW/ixQ/0/C66Rm2DQOpZGyVBx7PBUkMb2r9SHRJa/sTpjDTt18/En36qIkhuJjjnTJ93GO1WnnSo3rlUmWVHKBon8Bwegr53qc/j3tEePs1jzwcVDkaRZpiNPG7DVTzC7Z1pY9HiAPNTDR90Odb8WBZGIbm2vuX8ZKOVhbGyX0KJn2x4Z0bgRIAAub8gTn3nvYa0QM0IWM3RhPa3Bng9Q3rCU7TT2k4584sMlz+n3TwARM4k2lR9tuS4g73UpqYX7zzN3tjRdyzaX43R3PtIv3fVES5bStoYssVqih6k6nqwU/osUIgFsag8qC17//d2WNiEltewm5aPEFI3uPT9HIU1ItklUnbvS4rg84nZ2+LPUe3+XjRMGs03CbxFpqifMjM/cqVvx8iWg+OMxph3yhCaiIMA75lXNA59bxrEbLD1kFyq1q/ivwLAiYg6XSRL9pL93MHmQu8MG6zRHDXwV5VyTJ1TndPY13ayFflrdu2eaaE9VxG20j1V9F2+dIVPKRBeX3FAGcDIxxp6KHOyYfl8dgEIrYtPMcdwPxFJebxtvJtj26+RraeP78US7XyUYxlJr4R9lK8rN3VHb5bYSkBk+OoDsEWDQoN/xaPbrAeMPk+sFyXXNG2fp9tSOCdisMkYo0iyuaQ3Vu2ZHdANNrnWmcKpXMFm4R2ro5LGPKeVrDwCXMVX8oa7ahmYTvg0ItE73ocn3jlfITccY6zJ7P3nq/AmF4p17iQI3mri9on8hi5jRkcjieiZZnG995d5YmoG4LPpgzlgrDt5b3lpVeAQHSd+cR/QKiXomYU4rJb/+fuoA5TbuA+/nhY4FzYAteWafeYrboK6GHHkMSMoyudV4apYvanpAUSAvYoAxRiNsy7WRkWrmsEVqCE6ynuNBEYYufp7rUfkSAIuI0u6Jr1RGmzZ0i7KlU524rs2WfiNf/7pu9UCVrvmRmDXXCauLYtoz0I/97746pMdeHENE5lPn8yWRnAL22l6uakYGTXpqgitu7OSwoMHCGPeC1EWkOBTaE+WC9rtI4ERvcaLbAOuT4y9YlmxZo5cRBmGcgaQMWbjFnZ/+Bt9xVPfbchD4+UO6BtxtVHvghny4RP5U+n4HrJyrQTyc02ac8gdUjqDBumNR0iGaxD4lisEu+QqwT4ZDOs+6l6mxdCtKzkqHIquEmwzDO0TAM9UnPbEtcjnVGdxR/k58FqNdPffi4iFouordGgt8neqoK9W72pyVnT/lX1ZFFkSTnj1CiR4UNmQ3ezkWazfaswNKwi5ockF033qpDZQe00nej7AN6WKPDQjPuKDsyftN9Wgr1cFyZsCw9qH4WFJux9lI4rNGEhyTe7oDx8nnLfi8Sj4G49sDCKUqgVgGWKXngI+OfvGnh5nSGe7zzRRzDltCgaWAZYBmZxqUb2odHw2UnI/dyvQzvf76U4wVSF06kef/EaPRsuzYUKCMi6e++tXxXJRlh7GSzz5tDaENhP6G+WTrHBq/harf6+sUhRSmI7fKOR1BJZXv8VOMt1rU6EnWJhusOPsh6GwbmdNvh4nMcZ6Xc2dmPFBJMyYsb2zh1l55bn0ICOZzz0mbQdRJnfwKYvEQPbyJvVGnqN+RP+EUFXsUGXR97ajNJIImeFWM9NI7OLVTs9qk6y9EHNEVXUXszT63eaVrAB3x+GBGuk3ZngWzS4KTnTdhwAX0+6uGYWpKgIPVQpdWVPOoGMcs5aVLTgUNYmfDiDncC671YjNA4qhMo2sD8D/9ClAOrmyamRcZbGN2LKBKUk4UPCN/Pj8Ci5rdc+8qHzzPhuZVosB/qsw5bwB4xDeno/YW5edupvdzYKCETp6rNbK+a5bSP5sD9EliksJa5czAevezR252XcI6JO1Q3PYaBzyzRw6BKRz+5+JMg+4oxdCKTTo4LEvBjwvYQuIveiRwlg211JraswTQbGfGsXhaJJAZFaET5ysAjiuzlIEkvJmv7pG3u8jw9Nd34re5a7NNkwFjGe6m7B+x6Uy2SG6+apzv71QsCOSkbAXZDgmId98Gq3T7+oZqESII9xXTA5usuB3cJiVcdTdw5muj6fYDTqcKYTjzb5pAz6TUSEUbNgm4ft1Iprs/cibiZ7zTm3mRrdOelxGHSGyAHDvhBP4fW1vbXhH+F7nar41gT6EfIgIck4mEaPnnXN9cA7fhvdgK4HZQQ5VGeVpEtOcIuDZa1dZzzxSqekDYylI9KaoNnslLB/vuZkakehU1A9TJrK83ZQMxABRLjMrcPzrgmFawz+qQgx6QgOQBE39RnLh58AuomNc3yqU6FRf8UMsubAOMM9U3yS3eVD1OuyaU8cFa3TqSJkidJoTSr83TwMVca74fn6S6RfBXDMScAUs23zRiaXbcX4rccha/gZj60UHdLrou+fxLKancInp/stqjFyHZH4Xge7Lm9Vx2Go/jxvDzHA4/B02AM5l1KudphXKPBJ1POdcMStCSBQg7ist7NuGquujZKwDlJO78wczqoqegXnzfZTBz5lcgsVd8NZTCuDMcbmgYIZsC1gX8K1+7N++mcvBx2DrmQ2Hh8FpEp58yrsDAyTy8jwv3+tX5vDiKJpl6K9+5bkbx5g3YxPpGR4gUBzKHF3Ze//aAnl8PEls3AvD3a/wwvIi6GLyhQ/+gSwkj2xbAjYi3u57sJZ7A8vjjHiORqmTdBSXndV1WL9qxpVFW6TXMw3A3JgCF5AK/hwVJUIaIXCbv5/nVUo+YtKghTlOiuLUeYKJaEMaZjOBf6EXyCLYs5b9OYx8mNIwqqsQyDhdW+nnZ9BhXytwA1olUccI/oOLxfoqcipj3tHXyMLzvNLNKOyRzknfqRpcfLQTihdm0G6VFB6vUndYdvOZoQgcfluo92TpSUAz+YwSMSINm9DzSXbMbH5ObdBiDiE+QGmXQ0yB2aH/upe0A==,iv:zQXRmnAz6eYEdi1CvPELMLtBDlAn5DJ16Q5GCQ8gBjM=,tag:gLfa8MFwLN64HXhGRP1LpA==,type:str]
|
||||
natallan.com: ENC[AES256_GCM,data:xyWDDIp6tSuJt0ESUeCnpzQFhzQ/AzrTSVGO8kAR2I3kAGgcuBYRiyWMhMo7dUYYeFSBtybzyB+fWldBbcdi/pXr4SpSCTzM7dRKi2ICbGDc5Uvm7NHHo69KDcG0ZX/xuw5uAkt7kq4D49t5DwaWPUb9fQj9s5TWj6kY3YTDOdGvlpVum7M2T5c4+HQnN3U8EfPRntq3bApzWLpytkS8fb9INFPo1zmf7dC19xwIszPzafHB6VNVlkuHydxD35y9a2gjHmR9pYmdHMrd/ObYsx5+mhXKQTgAuLEqIe9LqOxlJ17LcrcKgPc9x6bxo3AAe5iELIXguqfYYc0zLKMqnB2wba+gBHkpHhPNkNglvuemevi+CyXNHtNoV9SSfU2+UwactGqm04SlNyri7Nl6vqBi1lfQGxthD2PPAW34y0t6Pahdd4HbGk8Zn+nvq74HwiOcbH0pDBh/G3ODbfBk+gfrCvnPr2QNF6Rns9SBj82J84qPMvCr4+ZN0GqTPE0+SU9s8ihzsfmOYBw5KbA6wnTZL6no1+HMMXaffcGJ9oz646WjMvcnRCbY4pS3ACcHa3ReQBpBkbTHiauyYyYEJp3FEis4H75usZyv8qKWey7/nXFRSE+UBwyIXDNRNuzxDG/3xfvfEB3vdY68lFGhP2YswiAfeluGjtG2zLEPrWyWrlA4kyzQOsTTY3fQSyHOOt4BDLYz+c0kogHfvypqEl+5/hLWmnnUOWhf5pO/jAFkU3tnJCqWp7cncyjY1vJfPBHr4pFprAIyDplRzdAYErrji8ZvVHSXDdtYGDhsDq+4ua5/b4kvFw==,iv:BaKS5fV/9FTn6+XV0FOWhJ/qTZKwZbjFkzrOhZWSaIA=,tag:6swVM+KhxffMmFbOzU+6OQ==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -12,59 +12,59 @@ sops:
|
|||
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlUStiaEppZFByY1BSTDJM
|
||||
a2tGZFIrWnhIRzJnTmVjeVQzR2NkdUVKczFvCnp4MjN5dlpVcEw0WjhoWTVvRXds
|
||||
bkxNM2hpdGlOb3dIbnVsWGplTXNjcVUKLS0tIEdHbUtxL1ZsdEdwaHArcnhrYXkw
|
||||
TkRWdG1YQWlJdjZoM3l3dmlpbjdaVW8Kx7BcZHC7gglnTijk5fhHsk0oMdPIs3Xr
|
||||
CPeOTnfAMh5unDqmzIlGi+rS8siDcf4QrkjQWRZK9tJynjzkqv0brw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsVmk1WUJNMlJZeUJYV0xJ
|
||||
a01wZ05OeE1vRjEydGg5cmdzVzlWZ05uZTJRCitHdm9sWmFYY3A4eVNZSGpSMzFu
|
||||
emRtc0xIYUlxbnNpeW45c3ZRem5LUXcKLS0tIFdad25hbktKYkVoQWtLVGJvU1hE
|
||||
clJPcm9jbHA4dk5vYzBHTDJvOCtTczAKkFuEWjBNgoVhfsMmmfM8+LEOq1ZQYzWK
|
||||
NzAHoA0tzMV1775qmxbrYjd4296QwPBpmda/6LFgCbeZVTj2yKNQvw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpaVhkTEJMRVBsYkwyVnp6
|
||||
VE4xMmFBaWVIbGZHS2RVYjJkSjFrK2M3OVV3CjdaQ21HTUdEbmlralJnTU5hTk9t
|
||||
RUNjKzNPRjZTdFA3b1ZObm1mS2hjRjgKLS0tIElyOGNMSHVkNVRIT3d4OURka1BF
|
||||
NnVNS3EyVkNKd1FKMHBhbzM4V2lnNW8Kz92lN5MJrHkRM48nxfXgkRKX8ARWNDqg
|
||||
sNqyXIDX9C+Nq2TqpLYNH7Rw06U35QTHQu7NLd/63/dxJUCcpQIpHg==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqQVUxRHpsQ1F2ZnFCYitj
|
||||
dWtnVmpsZnFuT3ZuL1dsQWY3a28rYzdEdERNCjJhYTBKZmsyQzdJMXo0N1lrUXo2
|
||||
ZzdETDA1cUlFcUx6QVQ2c21JSVRYS1UKLS0tIGFMM3VTaUJMR1d4ekhFVVFVeTBN
|
||||
NW5EWHIxVDNQV28yMktmUGRKRllEVEkKKrt+lmoGUdzzBQj5xQ3W2XasgWREBuuw
|
||||
TjjW+1Xcq6CfczAtxAAsr8C5nyIFJO9EUcDsMYabAQyZZp0/tvAy9w==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCanhjZCt1c3Y3aHJaV2lx
|
||||
eWNhRE1ja1F2dlJTNG9zbS91Q1FVNWE2L2t3CmFxK0p3S3d1dm5NRGhnMWI5QkND
|
||||
VG9jeXNWTXFKKzJIYXhvWkZ2bm8wYmsKLS0tIG1nUzlaVXNLbmNjSVI5dVBDME9D
|
||||
MTh3bjNvWmFWbGRXSVEyWjlpM215QW8KSen/lWbnH1SbP7qOWARwInwXnI0GUx2m
|
||||
ZlWTGZPh5/Q+n6LAC64wRLKAQ+0lw7aE/b0Mf9Ht9XGDg3VizS4Ycw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxVVJTZjV1bVpPemtPSjRO
|
||||
ZHRDRHBraXk5YXV6SDB0QVY1bXIvSnBQRjM4Cms3aWdrQ2NyelB0ODMxclI0ai9v
|
||||
dWVGUThkV2kvOGlQdXI1bjBPRC9uVFEKLS0tIFRDVGhZRWx2NEhFcHJ4U0lJRlky
|
||||
QXMwK1pkSTAwYWZnREY3OEx3TU0yamcKHAr9joyZgv8w1QXdIjgsBtwEE75nil2P
|
||||
HSQ0LRfRln71JMarqaCvrX3HjCi94yT5+toT+MOor7kovb+o4GEwcQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5RjFNVXJnTk9pTjZ4TFZs
|
||||
L3Z1THlRZXErQnJ0UjkvblZTR3ZoKzJYNVFnCnJWWDBiSEFzeWdXcVFNb01wTFpG
|
||||
eUVvNGNYVk92MDdMckdKemZjRDdpb2cKLS0tIHdQSEpaRzRsa3JDamE3c1VYKy9D
|
||||
MkIyMzNuOEV5TVVSTHB6KzVLS1ZGZncKk6cU+7KIwhVG6pbdifpxu8BSD8vW5WJ3
|
||||
WOdwHZdbQ69c8VHeoI9WVVDXD5/ubvU15VNHvDqc0+TgM9epmSxThg==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBZ0ZaY1dEUlhCNzRiMFNu
|
||||
dkRyWGRoTzFJblNHV2trVkdsMVhlMlNzMFYwCkhZUmJRdjAwZTFhcCtlV1hKUE5u
|
||||
RzUxckNEOFNqSnR6UVdhWTdaY25VWHMKLS0tIGpWNjRKNnJKc3g0R0NtQ09uQnRT
|
||||
SC93Unl6TEh0ZVlzaTFpSEwrMHRuWkEKAcZRLzyOzTOUbZw4Rr6McFVDnZO1U+Ha
|
||||
HkAd9qJ+n0YSd4NKdHitnL25NXxPs3r0z9gZlPXdgIlT2XbK4RR9uA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUUEVjRm1udU1QakNsY21x
|
||||
a2p5dnk3NElVWXNoWmxROEp4S0prN2djY21NCnJySUF1eWFIZENMVVZ6MWVSN3hJ
|
||||
bHZ4eWN6SnVTdUxsdDd3OThOcmtTNm8KLS0tIFU5dkdsQWlKdDZzSFBGa3dZUG9q
|
||||
eittWnRlbnhJZ1A5M3o3amY2VFZyMFkKxhqNvCHSVUedEWCeuqIWNLomspQhamzo
|
||||
0uCqZxCgdkCZjt9aehlI/i+rlHs97+IsZoWILxHMnVN2fGiP1WWhiA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsN0VwWDNid1c4SmVZQVVI
|
||||
UmlFVHhwWHc2ZGMxY0lSNER6Wkt3TzR1QlFzCmo0amJqTHFEYXc1dzQ4d2JrYlhU
|
||||
N3Z4dWdSeGFqUi8vTzU5eE9rOWp5dUUKLS0tIGZhcVhXQzFEZUJhOVdRMXpPeTFF
|
||||
QnZ3Vmt6WkpEdHhWeGJ1YURhd3NZdHcKySPUb9MGFyNmy1EZySRjE4RL8KvbltVO
|
||||
PRUdEwurrCp9ZBq87JfeUbHVvPw5+S0ha+aP8yPefXJGFs4yZBQnSA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1w3jtd4lecn2ng8qxantw33qxl2uasfqfjfpx45u6uweexwtxyq4spwssmh
|
||||
- recipient: age1jpeh4s553taxkyxhzlshzqjfrtvmmp5lw0hmpgn3mdnmgzku332qe082dl
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6QmFId1pnU1VTZTJhblNm
|
||||
M2Qvbkkyc2wxNFRLVnRoT0UyL0ozeXNuOVV3CmEzUjlFVGh5dEtQV3R5NzgycjVy
|
||||
QlQrMjJ1NWFUNTlPUHBGRmZPS1dwU1EKLS0tIGpGTnFKYnd1enV5V1JsQ3dmTU5R
|
||||
MkppYkdxMmQvdVJJaFZ3S3B4ckJDMVEKZQblDxIC5opkR92DupfwI1XdEHlnVsYy
|
||||
JKxg0pbC/ENrT+uBLjSh9cFyuHMk80V4BQ6xZvzvKX+WLJlEsHrgTA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkQVJmTWxzSzNDT1d1NzFX
|
||||
UnFFbHF6YkVjUmRYTm5VVkhRbXF1SzJuT1NvCmROeFRQNkJpNkE2UWVYeW45b0Zt
|
||||
dW9Ld3NVend5cEdyN20rV3EzczdHK2MKLS0tIGJYK041RVBBN0IzMC9KRUY1UFNk
|
||||
REM3YnFBaGY1ejRQeldlc0JJSW5aWjQK3ZYIRxiLOx88kimDGq8GoDMVNbpLvOPz
|
||||
EVtii9SHQWk4lTVqyqo2WAIc/2PMM8P7Je9xgc/sigR1i8rLQlAyTg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-04-13T11:28:15Z"
|
||||
mac: ENC[AES256_GCM,data:R5uGODnxJC3ihSrzdjzxDHTKC+yXXjAOFbUAEOU67P8eM94RUnr8smP1ZDL2fnjCmzJdTMRDuBpjCtXxUeivNMTg/kK6r56VmQ2i2MDKiX49yPtGYfdUiLPBF/ZG/iwNJZ4m/3GZXAzvW2tYYkVzUU3cvsVdCFuWr1tnbsg9o1Y=,iv:kD0QdKbcr4yt+Ol3EK7O76czbYirgDx3pzPgyNB5GcU=,tag:fJsUOKQm3wUGjtqnO3574Q==,type:str]
|
||||
lastmodified: "2024-04-15T06:36:15Z"
|
||||
mac: ENC[AES256_GCM,data:cIXRUz3h2+PCdp0HLs1WjKPQOeGqgxpKfEXflMMUkX5GspOsrDZZYTF2A6bALaGqWAoqvHp5kxN8exTyl8fGM4x1i/eXQiZmTq/DICfCR890buSWAf83bP3X5+H1FJwR9NX37HZlmFVNWxnrKq4DTkC5Yn750LDd9aMls4EjkWA=,iv:ZDF4tgnUE6sfB7NaCouH3jd5IA5fZhZA9++jgBhg3A8=,tag:7gO7vrpkC+EI6ERjFUSy0A==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
system:
|
||||
networking:
|
||||
#ENC[AES256_GCM,data:rMKS8YbaNQi7RL9FcxPX9GrbYQ56yzosmLzzL3AZeZvEVQTInKbbWR6tcj3AW5bBntzNRomeKMH83cdqQ2xtkqLH1RsTUmV/mr+8Ng==,iv:+bFJXtcz7kpOeRVUvco8MuwH6y6bb0HqS+R1urbbqQ4=,tag:9yexHkeG5jGtL9Q4tEr4+g==,type:comment]
|
||||
#ENC[AES256_GCM,data:vOHBtHt86amLNDKm7ED9P6SW7I4IJ1k0Wl9/9bOBYH6W+DYQX5NXiefNoseaq/LjrT2ZlF/mI0+7mLRU4SU9x7a2oScSlZHqNglsoA==,iv:eaxxZ4rP7vP8utOsyhNhEueS+e2CmUk+ywdM66v1vHk=,tag:rMdipaMTEVpo3bqh8d6SNQ==,type:comment]
|
||||
cloudflare-dyndns:
|
||||
apiTokenFile: ENC[AES256_GCM,data:ImeFlc6BAwq+1X1K8PWegOIJDJzEW63VING8lH0aYgpRbInckoarJ6a2OfYD38Powynl8mLqkcDYrlvgTDF57sRzEMGBa8mybhYZKn4ORFZPkbTpon5GuAz55Vbt9nMgoLDwiwOaE+DN2bbLVND3absLfQ==,iv:rN81afwtVNZtFqwI7s1ZA+OGNp7236IvprPE6pBSVvY=,tag:ekjTmihMMhCuBYFXpgxkDg==,type:str]
|
||||
apiTokenFile: ENC[AES256_GCM,data:fWAyXn25z02ZkVtsBJLFVQNTGq9a3mSU1LQg2Qbgu6bPaszFozhJ/FqeWpF7b0V9UyXD0xJsXsBJGrUoWHq7sijOK6bn5mmwP+wuijvgosQAliAL8cqsQ+eT+nVgKX2QHThPQserWFzYn97CyPMHh+VDrA==,iv:JfL/WMOfHjHJviJrrerGcq5YDkHLsR3GIGTrNr8Y/nA=,tag:xjXKVBUWbMTMxuMfzw0CgA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -12,59 +12,59 @@ sops:
|
|||
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBva09IMGhuSXQ5dVVqZmtx
|
||||
bm5UNjRVN0tKSytuc3dBdTdrUG9DZDBGVEJnCnNTclg1cUUxVFE5UCt4K1BobDZi
|
||||
QllLTXFmY205cVlsMDI1cks4TEkxaTQKLS0tIGtjek5OZ21OREl5ZElmY3MzUEcr
|
||||
YTNyZUtHTFhWYWRhcFNoN3ZCYjYwNHMK6wyDzfQAJe+722HF1f3DegqcdGsj2y1j
|
||||
ZK3wfCxqo7X39goywNcbnVbugHUltMvd1KW7nEKMuCF/YV9EK521xA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2NjVNSmVHaG1jZnBVSXNZ
|
||||
dUVPejVzaUZrYnZVVmRRVUYxN1pmVlVnRDFVCmhxRXQ5aEM3Ti9qeWNTRXdXMmRa
|
||||
ZGlDaU8xY2NlMEZnRnBzTCtmMCtmbW8KLS0tIDhhYzlWeTVURUpqVnl2bVlBNG9C
|
||||
emM2b2VKRGtJNlpKWGdpVkFsSzlBK0UKzjN4PkVurOHGwVRuFaWTWP2DS31pDYRw
|
||||
egd7g4MeddRPwvpg1M233XUvhYb2LHKUGZY/RoyPWn7yB3V10G98rA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2LzVrU25Qcnppd1pzYU44
|
||||
Qm4yTlJkSEZhajJBTmFXdk53b0lPYUU2TmdJCmNTUDBQT0dIT0RnZ3UzQUFFbW82
|
||||
aTd4T0JKU0p3NFQ2NzJHR1VMbG5BWGsKLS0tIGZPa1hqUzFNaDZVWjhFRi8rZXRL
|
||||
U2RtMjFSbGRIS1FaWFVOSHArWWFJYU0K34Ct6CN5d96bBB0XBYYoVwL+i8+/pAJl
|
||||
qpSxekXpw8K1nuHLy5102Vws0AEEMCHNAkEHsjesMXjV3S/cjJWMig==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlMEo3Um5NdWxLUEpzWHpp
|
||||
RndQeVNUOG1DTHE2Q20vc2M3SFZQbVg1ZDJzCmJNT2ZpVnlsaEg1cnQ3NTBYVzcw
|
||||
SjZHd0hlUnhtdGFRdmxtcmozZ2RYR2sKLS0tIHVTNFFSVFVCTCs5L2hmeCtxdGxU
|
||||
eXdOcGVZa2N3UWJPekVWN2RtRFZVNzQKGg0Cgk0sXsJ3lEcEzEukFcu0BTPd7kqa
|
||||
FWWgwVXZeAX6z9YV6y25ZgyK7g9hkDVHyBzrAG+MijxymdnmyotXGQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsRVJmcE5VYngvUGRBMSt3
|
||||
dHRod0FMWmVOTlN6eHlvUE50dHNiMzRuZ1V3CmpCamdobFhoNVc0amI5TUxHck9y
|
||||
MHo3RkdPMnduK3QzZFlxYVV1VWZKQVUKLS0tIDFFR2U4cVdRN2RaeFFuUmtCSkFE
|
||||
MnZVeElOTFJGc3kxS0NxZ2xvaXdOQjgKOPZe0NQpG02tsAFFpyfDQVsCw2lZeSOr
|
||||
sOPOXV/zPxCGYqs4dxzx33RG/YaiAVtqA6wp00BE5y8jrxWU6HOv4A==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXUWZycjBJZ20yNkYzaFl6
|
||||
eEVXSmlmRjRQZFlsemRCY1FOWmNVSmFveWc0CmordGxwdmR4eTZsUzFSOTRuY25O
|
||||
ZUdUODMxTWxJZUdIc0NlaGVmRTNieUUKLS0tIDByOGQvck1lVEtEaHd6a2NuTnZ6
|
||||
SlRiZmR6YUlGbXJZbjljdVJXWC9yeGMKepDCX4KM8MGcuawDjx6ztV2LvLbutsAp
|
||||
21zvBz1zRSnuuMV8C8/KilRA6JsffJ91JLJIKnICwohNS6M/oI9/jg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtRW9mcnJjVU01Ky9PUFdT
|
||||
TmNHVS85ekhSTGE4aWlnK05oUWFIdTBnVGo0ClYrNzh5WEp0UTJmdFFkSzdhYTdj
|
||||
d2hOVWNhQmJQNERSdEpBMDJNbEMwdDgKLS0tIEtrV2NFTTNDSS9rL1l5cWRvdlAv
|
||||
RWg4VUoyLy9WTis0N2hKSXNVRW1wdDQKIpSGvd5Npk0RrfpgvkFI3VCaMmoMd/uX
|
||||
J4ci1P2jMb8Q+oeNi5MulBOJMx6P83BLqzTZC2rbniZJH/ItUZL1ow==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWK1Z6T1VnZk45aE4xQ3FS
|
||||
cFNQSGFXWUJYVkJxZXhxbUpGbldOT2lHMmo0Ckpoa3lIb09uZFduYlhXTkowV0ly
|
||||
MFJRaHJzczNnRmxMVnRuSmRFVkgxdVkKLS0tIG10TDFpelF1QmlibFJQYnhHbGNG
|
||||
OGFvQkhxOXVMVStsczJsaDFGZUhIN1EKYCTExNCNSYM3W2DPPnJ828b3yya8UgOO
|
||||
Wc5qClkwbC2zjf9ePtHO6wFB2Czo2QItPTRS9odBduwAOtCftyubwg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxMjExWXkxbjYybkE2NEs0
|
||||
c3hpV05oMU9PWEFMQW9OUXN5SzJYZTJZVVg4Cm9nWmlKVU15OFM2YjM3WVdrYm1w
|
||||
NTA3QVZsMUFzR0psdWg2N2N0VjhlOUkKLS0tIExCbXZoSTJwMW0wSzZuYWQ5VDV6
|
||||
d2tnMXJPY2kxcFJKNDdWY1dVb3pYVVUKVCfLKncZvTagMZ5pLnzryIPxvILaXo9l
|
||||
I004nyoMSOasctN6+TbVV+qshTa4pTZsn3czjOgTMb3fg1QCVLLb8Q==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIWHY5amtKSFhabUJMdkhS
|
||||
QlBHQWMrT3h3QUtIUUYyWFFtZG1aVG80eVdrCjRDVklGSjZCNGVhRExDdERiRkg4
|
||||
Wk00RzFFT1VlNUZwWjB0N0s2bzRCdzQKLS0tIGJCZTdPU1ExNjRiOG9hR1I4S2w4
|
||||
UWtmdXZFclNMdUxzZkhyZVIxTW53S0EKpRwMpsriY1mI7mTo39iUBtrIAMyeI4Ll
|
||||
RqxTl7k67n5Gt8todiH6LWn/pDugRfaWyZ+9zhPily37mxP6RJxnhg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1w3jtd4lecn2ng8qxantw33qxl2uasfqfjfpx45u6uweexwtxyq4spwssmh
|
||||
- recipient: age1jpeh4s553taxkyxhzlshzqjfrtvmmp5lw0hmpgn3mdnmgzku332qe082dl
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqcTBhemdHcEdrbTQ0SFVQ
|
||||
K2h0MmpRZmNtTG9GWm1jaDFnT0grbmk2N0IwCkt4THh6OFRNdUltZEc2VXQ2a3Fs
|
||||
alQyUW1NMGtVYVFtYzNNT3hYdzZEV2cKLS0tIGVyK0hPUWRPUFRCdGFscXFRVXB2
|
||||
QStyYVowM3NDZVErSzlkVGV1WXRndFEKdJdRlJp6W9ZgSihAwDnw75mnj1JtZns7
|
||||
v9DG0nl9+O3Z+e7HXX/LKg7DhjizfNjrwXlh7YeuYvQqTS2Hw9F9KA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHVEZaWG9ZL2NuNDgzRjAv
|
||||
dXd6NTRYT2I0OGFmUU40cjFHWEthWWgvS2tJCmNnZFJ6b3cvYjVZYlA0OHh6NFcy
|
||||
cFdPYm9IT2o0WStLWCttL0lqdXEvNncKLS0tIE1wbTl1U1krNjRJR2hjdjZMdmdP
|
||||
bDdhZkoyRDdVNDFwS1d4RzZtaTk2eXMKW4XWLG21M4KLX00rJ2wAx/RP6V/xDj88
|
||||
n84u+tJ/mVQLkLERvTVI46GFwjkElK63eN2M5FXFBqvDJcJK4qNXTg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-04-11T11:56:37Z"
|
||||
mac: ENC[AES256_GCM,data:OEzJ9yXtbBf89s7d780P7Zy/bTH9WJbimuW7MPh4VVy0V+O23EEkEg+veCsJqNyqwCGZc7jfHkgBDglMKk/rcF6zYFOpxq359kLdXrbtdsb/74SRylN2ux7YwWMZNIlGN8eIMo4nqd/47SH4ALmH01DqztFjaXQZhe0tvUT1t0w=,iv:WVzo5MR7tmFqYGL0SpiDAkXkC3kS/+rUemw617bcR7Y=,tag:94M7kvTQjuO1dSdl9ytAGw==,type:str]
|
||||
lastmodified: "2024-04-15T06:36:15Z"
|
||||
mac: ENC[AES256_GCM,data:y8OLIhYUNHOIK9PMT0mMq5fGKVFZzH/AvZk5o3HA2ZOKel2DK3k2Bud78axBDXWQ2PHuA4cDLKAS9BzmgioQFo0VF6s+XFGQfPV0t5Uq9X9U8AlV81KyOV/obgD/jn/OcsDIbs3bl2wSFqs+Wu20J3GMVM1PJcJufM0t35z3ojY=,iv:MRE4s2oUM/x/QGZEs5GzWp8pX03OVdMvlyvE2nJUdf4=,tag:FuSpsQWt1OjGW6cncn6O5w==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
system:
|
||||
networking:
|
||||
dnscrypt-proxy2:
|
||||
forwarding-rules: ENC[AES256_GCM,data:XsHHK0gDDDi0Vjxytx64QXtX+CEb6BoPCbfg3TnAnpG6uFaor3/YEJHNnlmguVlThIjbXAf4B1TeJf1Mch95y3iN1EG2iw+ginzejXUFfWPahOOvKnnb+rXSsdiqX3bXKbmcx2IrSINKhQw=,iv:MMccx35r0sQz5irLHmeZLQbAFNZZq49nP7CKmMPLg+w=,tag:xCAKUdgPIpSKky0WTpsqKQ==,type:str]
|
||||
forwarding-rules: ENC[AES256_GCM,data:+asWXfABR/5PXtPdHUBDdK3JcdQ7WkhF3wj9jjXuEBguR5WK3gEGOuFXU+8+eGAWrotFUdPr0iqsIcgeMdjxJA+gd2NNVdk6C9joemT1kIihYL7O9BRzdZ5lEw093llmrzHsMuLqOfOeNwg=,iv:PKWm/G2F5ngygjeI9gLhiH2p6yRB+LYkybJ9OcJa+jw=,tag:GkaGYKRfUiXk04qAZ7E3Iw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -11,59 +11,59 @@ sops:
|
|||
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXb0hRQjJKNEJncWRTUGw5
|
||||
QjRFSkk4WXVmdG9XNE03V2NYb0pnUCs5QVQ0Ck1aWVVGTmtmQ2pZVUVyRk83WXlI
|
||||
VkcyTis4UU1SOWdFTGRIOHhYQnhVdjQKLS0tIDRLS0dTNk9mOVByK1BTSm50SUds
|
||||
eVRPSkdFRGFUaWJZMzFjakt1aXVRYkUKmi3m1Shpz+nMJ0lGZ8/JBJQyZ4y/CWwL
|
||||
yb2U4SZFEzBsxszKCBl0rk90Hpx7HduS0hDVauhmfWzpYzr55bEh9g==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYU05iQlp3Y1IvR3czdWlm
|
||||
M05FRDdHQWNDT05oVHpvd2NsL1BaRUdZejMwCjZTdEZiTjYxRnZWVDV2ZG1iSU9K
|
||||
MEtERFBmZUZ0WnhXcHplbkRpZzZnVzgKLS0tIFdoSERjckVKVndwZmtWUTVUVExS
|
||||
NmdWMEJEQ1BMZE5rZkpKWkJsbFprWmcK1ySkcnK4NaBc7DrZO61YuWgMSdAWA1nB
|
||||
5gWOP6adfGvHwbeUVWEvvQlnLLvmLm/sJPgqUSdGFycfLPXMVWeXSQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJSFpKdTVBUUE0UjhRM3hK
|
||||
NDB5KzNJOWozK3cySEZYbFdJSSsxTWdVWUJJCkJ5WjY4Y0xEY0RPcGplM0xsUWRY
|
||||
bWZEaFpBMnd6Rll3MVhlNi9pQlA5VGcKLS0tIFlSdVVLTzd5RGlPY2RSN2JRdldN
|
||||
UFdXSklWd3UwbHZlRVR4RmZ4VzF5aU0KsAwJJimAUcW7pGJfZ5RIHNHQtAwy0HZj
|
||||
oaaeV704j6VtFUhv2Bcf8OYjA0dH8RIn8psYS0j2WCnNrC19q3Nwrw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpbHdkYWlPVnJoTGFxT04v
|
||||
MlNSUVBKSTJEWjh6Q1pzeENmOUZhL0NEYkFvCnhRV0ZlTldyT0hpV1RRUlp0T0FB
|
||||
a1pHbzMwckFFeDMxcUZzNWhBQjZ3YlkKLS0tIERlNEpKK0k5Qi9lVzk3NE95ZUxN
|
||||
UlJLdCtPdkxUZC9EbURyczE1R3NkSmcKe0wy4vkQcaT6peLp5XNjqutMQu1nLS6Z
|
||||
gVxf2Pt3sXf8QeSyQzQQ6/5czgw2hFdjv/klh7f9odrQ0a/UqHapzQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5K3Q5VlNZaXVNdklybDF6
|
||||
QUFuNDZtOFJINzUxdWNLU0YxL3JQT1lJcjFrCnJoZ3Y5NFNMd3grTll2QktIQVhp
|
||||
Nkc5dU5uVks4MVlRVTM0S1RFVlo0aU0KLS0tIFFpV2w3M2xwU1k1ODVxVU5pMnpE
|
||||
ZWp5ODJYVkZjekFkSTcvRU45MjZJcTQKCX9kK2wNXJJOLNJnDcvJ5zBumLZeU5Fe
|
||||
2yUJJFfZe9mkzXz9++muE3LpBh9rlyXvnuOMD+0V3+Tgqbax0tA5qw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjWm1JaVBaaHAzeWV5dFRP
|
||||
M0t2Z0lFa3dKSm4raVNVcDRGWVJSUHptQ0FRCnBweHh5d0pFZk00cTNiNlc0aFhH
|
||||
bXlrd3dtTWdhSUZFNE5Tb0ZTY21MS1UKLS0tIFlRczdVdkhkU0xTQkdjUkhldW1R
|
||||
U2E1b25rWnhDMkJwOUhwbEVVVWtpR00KD1BUYervShefpJEu73LdNb+bAFoVojuI
|
||||
xXYFkI/IomZCkFVg8h5lCwsHdDmnG4JN0zKbt80GBZ4oz5qpaaqVZg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzcXZVK05oV1BRK3U1dHFp
|
||||
OVZoTlpDdm52SHFDZ1ZobldKM3IrTi8wYTEwCmhNNFlZc2NNejZwK1FxbEdvMFJC
|
||||
M09DSFJKK0dyWk1mVXdHZDlnSS85R2cKLS0tIDdkZm1uaXR0U3NOWlJ6WDkrK2Zu
|
||||
RVZ2UUJ0RWo4UzlsSUhWejZySHFGZmsKOXFJVA3AHLgSyIPEn+RtDo0f2oNBUHuV
|
||||
pgjTtjD7bsrlCuhH/mMPFCHf7PH8XZA8PMDfU3hNvpVWxOB2io4RvA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHU3VTZ2dSYUM2S3hGaUlE
|
||||
Tjd6ako4UU5oRnFvMUxKeXpCSWd6MDRTbDJRCjd5U0Q3QUl4ejl0VEJobW5CVzVQ
|
||||
cG9LUk5WczJXRlBmYXBFRzdFcGp4ZTQKLS0tIHUyZWhKeGtIVzU3R0tzUGZuNnZQ
|
||||
WDRQS2x0STgrN0lvc29wUnVWN1F5bDgKRixHMNg9boG19t1USNdB/VyL+sTXBjiS
|
||||
3b4xZ2mFJLBvJYzmWikAHq7vSFDYdttcgQADE26DLJb1JlOxifDVcQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1WUMzeXFmcW5WcFdnOWZI
|
||||
UDBYZyt4Y0hQRkhCaE9MMVducVBRU2szZENJCkFHNnJCc2Q4RlJlUlpKTnZLM0w2
|
||||
aTgxeUNCRmpWZ001UVRLNElwcWxUNkkKLS0tIFBFNnVOUldOcUVIVDk1TjgyRGJJ
|
||||
UlgrT0VwaGJISUxpeUxuS1hiamJsVTAKVZKDd0naQHxadHsd0eRNWqweRb/7z6Q1
|
||||
Mf3NbnkQOKTMILntxousk8ZszvDQVZ87wyZ3mzmGay1B2B19QrPkGQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvNEdJN0lvTU85dTFUNFlE
|
||||
RjNhRjRvYjNKQmVLeFRtQXZOT2pNNEI1U1JzCkVkK3hyR3lZWTArVGhBSzJJbnNu
|
||||
UllPWUllQ0o3S1VHeEV4TTBJZ0d0SGMKLS0tIGgxSnR1NUQ2UFA4ZXJBQnRkK24w
|
||||
MFRKZXdVN0dHb0xjdm5GUnVMQzdkZW8KTioBz2zJxkLIaPgpYe6yrBm12l6tpo/c
|
||||
vXRBwHo7GTUt498MZ+zhv75+BVcYqFEXMT6Sr7Eze4fVtShFYC2iDQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1w3jtd4lecn2ng8qxantw33qxl2uasfqfjfpx45u6uweexwtxyq4spwssmh
|
||||
- recipient: age1jpeh4s553taxkyxhzlshzqjfrtvmmp5lw0hmpgn3mdnmgzku332qe082dl
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVb2R2YzV3eHF5UGNPZmE0
|
||||
MWcyK0NwNFdFVXpzbENFZkM1dDFMbElRUWg4Cm9ORXk5TCtzdXRxcEhQcURmaCtI
|
||||
R1BRZVE0WHF6THh1VGhUVVEyTFZHemsKLS0tIFpGVFJGZFpSenVLNkloZlhvK0Nz
|
||||
QThCYlc3N0ZtSnBES2dCWm1PMW42L00KSmKKlPDzs4sUYoVZOzW4pAsbQP4m2gu3
|
||||
mPTtlyqZrSbhGSgtwEw8C+p+LZOqQXnelkhGb8I759TpR7DASrqP8Q==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwNzEvLzltOHk4SEtPWU83
|
||||
WjBwWGhadHUzM1REREtVQiszVVRVOEZ6RGpZClcxOTUwbEc3bnZaWEtkR0Rodk5S
|
||||
VGQ0VnhlYVZ4bFU0cUdieTAxQ1NLR1UKLS0tIG52UlBWMXgzVmtuWnZqOFgyNHl6
|
||||
b040T2wyTFhuMkd1eEVkdXRuOWNCb2MKstTjjHhENspSzl0IwsG3lWccARz5kl0M
|
||||
NdVjb/mi4y56bH7ujzqpGlcNe1oSKwkxiFGxPKXwFF8Kpgr95MSkTw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-04-11T23:56:52Z"
|
||||
mac: ENC[AES256_GCM,data:z4v5yRXeB/MCa3ltyf9KZl6NEXqsiIfSmEzzZAJRchOreJ1aIjWj2te5DM0n/08iW2ijFi/bekpcsl3U+5UJkwAjA+82zlvRnw91ppmb7mtnojEq25yhpB6tAUXoimLmT21saY3PnrHx/DFeVqg/P6cX/pGo9iGB2izwH7oCfUI=,iv:NDr9ypPZlTXS5npdrRGCwI51zhU0qCkvEUZfx3JxhUU=,tag:v3NLWsekZlxRyLsCCNR/Vw==,type:str]
|
||||
lastmodified: "2024-04-15T06:36:15Z"
|
||||
mac: ENC[AES256_GCM,data:UpebeTZNDRyv8Z/4/t8C26D9PVej+2B4Q85CvM/bj3w5+6c3u4knwNFRLufI6y3vVAxjo0OEvdEVZQIziwpdIVpyW/O7g8nmWNGn0iI8VbNsXcqrlG6QVP0dGJqy/7DhJR4VyoMHZSoobxCyg74ZUzrYIjsQCv2NRkaJkP10WP4=,iv:SHZi8pVrySV6BAEQsVmyVyafpfuSjQ2QkJxa2QYTDok=,tag:TrxqyZRMXprhaS4C1L9QPA==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
system:
|
||||
mail:
|
||||
maddy:
|
||||
envFile: ENC[AES256_GCM,data:QIP7YvY/kYYkqwxwLsrRC6ptExf2tzw7/+t4fdkyDwOUqWM4dI0TpjKr1LXfASCjHrVwb2a6+iqt7N+9ievD4MsrEEsoRYMYIjOlpsmPiHam85ql5WJlfTbOy91VebN35Q2aThC2NmeGcptJ7UX7cigO2KcmYPa5i4evIE+grruoQhM=,iv:0x8ezgw3xDkhQRYbASpz4IAw4hE7nRzImB/5rrs63Rg=,tag:Azm6Fn1gwLibRh7wjD6rWw==,type:str]
|
||||
envFile: ENC[AES256_GCM,data:NaSPuxf5PzfOrDfHrdaMdQpkOyrhtjBObyCQ89XBCHyQeWizneznto9/nQ+3n+QoE7NLuI9rKomkoioTZklserbE3EzrwSvoG7L/cF5pq/G5ToxcY2sMuhCuCoZjdj9xD9mq0WLt7azQ9nOGIzaP2EphCPFXNJLZBFjhk52zRY9okqg=,iv:zNFZlUWru4BwQOWTDEv6KDN1K9iKTrl0PvQ+gg/VXXk=,tag:zkfRRe7+x/lpgJ9Yhzj2vw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -11,59 +11,59 @@ sops:
|
|||
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEdFBMdFg0aVdXVTFWSHY4
|
||||
STNQcFM1VnVnNHhkVmhhMGZpb3V0ZnJBOGxzClcyQlBOMXo1UXRTYVkyQ1FxSU52
|
||||
K0h4SjJCUHdZcS8xQStSTFU3S0trTDAKLS0tIGV3WW8rOE8rSmhLc0MwYW9tVDZO
|
||||
ZGdpbmovK3NBMms1Yy9WTkk5eE9mem8KXnwaEyS2Ztwd8NVY9R+B70AwMukAeFmf
|
||||
3Gvj3C57EivrRLDTgot5Sh8TSni5VAlzXJPwwSfgEIiia4qiSUkkXg==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaRzZYckxMUkpSNU1jQmhv
|
||||
RjV1MlpTMGhZT2I4b0VYNDNZZEIxbHVIZjMwCldjZHRrSUNhK2NtOTFnMVlQWjJ0
|
||||
ejVXMWxxQnNFb1ZVRUl5ZXcwWmY5VDQKLS0tIER3em9OVTRRMUQ3eGNLM2kwYm9E
|
||||
MmdqMjBpYnIvSlVyV3EvbU5RMmNrRkkK71rsp/TVbkVchu1gBMztRzcaLYG6Xrvv
|
||||
5NeKmrctU7GzaMCtMDWx6AcApNKt/1LamRZ2wElSCytuMy+jIRMP7w==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6YnlzaXRjMElRM1djdkNx
|
||||
UmprK3N2UmxyL295UmhoRC9DS2FvNGk4eEU4CkdiK0xVWWt6dWJEcHpjSHQ4elpq
|
||||
WHJhazhveUgxUW1ObWRmaTE4N1ZUMkUKLS0tIDVYekQ0OE1vSVl4YVFmZTV2VEl0
|
||||
amQ4NnU3WFRyc0FBTUk2NmZqdm9haVEKZ67m9O3CLBrF0U2q/1x1KQYx1gxs747t
|
||||
KDNfjNXQgIx3VI6xgIVOflzK4vePUWWQ4OMr3M5h5qSCKmHImIMCvQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvNFBLelY0TkliT1p0L1h2
|
||||
ekdlM3pvMWdBVVNRNWdXZHlwL1JXM0RTbGo4CnVBbUR1VUpMRytLVDBjL0FxcHIr
|
||||
cU9QRE5lYUNmZjJqM290SW10K09uZHcKLS0tIHg1VmtvaEYwTGZEN2E1czBNaExN
|
||||
bC9EZ1hKa0VrYnB2b2s5dktBRnpwQzgK9zz2Q270y1SVpx5Ao4/XVusRqfWnn9+j
|
||||
D6I8qHJA3uYOhEBdGClkBZiwbgCh0ww2EOZv30PmbHtUy8K8MLB1+A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMbUh2TFR5c3d6MWdmeHBr
|
||||
QjNpN1EyZTFINVc3b0xaMHB4dzdoWUVzUkJBCnBYKzhNRHF0L3JiSlpaM09STlg2
|
||||
V0RiYTRWUDhPV0xVK3d0VFFVeWZzemMKLS0tIE9kMys2QlZ5VFc1UnI5RTdSdVRX
|
||||
dmNZL3IrSFRSQXFnTTBzMVEwMVg3UlEKxf+eHlF4Lq5XbnT89fel8+332gYNKv0O
|
||||
toOh5OJvN591LAk/NFy32BYXuxL1Fj3AE6wFvpx5Bkl5UYrWmwbHjw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPRG9UUUkwM1N0SVJYUFV3
|
||||
dWViNjg5elFja2dibm1rUGlHalR1Q2MyUVU0CjlvalZGSGs4bTBBQXROL1REeDM4
|
||||
d3dBN3llZUsrd1VseW1LSmQrRWJ1ZXcKLS0tIEVWVnltMkVIQ2xQMGtQYnBmUmpB
|
||||
aXNPaHRQUUVRYXJBdFlJSmVFL3Q1MnMKZ2TMq99uVFic9g0pMhTYrZCkaTB3NZ6i
|
||||
jeQS7f0ikATurSr56MJcz1i3wwgfruo9SS8spRnK1+pKMxq+CsU3Ng==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBON25iQlpWK290UkxHK0Fr
|
||||
dWxCRnd5bEsxL0F1Q0NWd0NCV0ZJeFlXaUhNClVVTFhsZzIvRk5vQXpaSDdOT0VN
|
||||
UDFTTGF1N1VMU3g5ZTVUWStmRGtLQjQKLS0tIHV3ZkpnbHcwai84NS8xaVAwUG1G
|
||||
TzlsSkdWZUF5TnNMRXFKL3dXN1Z6QzQK8JCT3nzdHwkpoQE3tvSPSzoRYd/gwdpr
|
||||
63jF28zhmEY8hoMxof6rfiqk9souAobIzwbnfW/CkF86L5iS/1iepQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDK1FHNGk4YnAxQ3RMZXBw
|
||||
NVg1aG95MzV5blJpYmZDaklMcmZCTVRiSVFrCktEenBQSEdaQU4vQWlnazlRSko0
|
||||
dTFvNXl3TVR5dEJ4dmhaK085Rkw1Y28KLS0tIEg0ajRlUmlXajhmWFJELytLcTcw
|
||||
ZDkyWEpXNTFkN0NHQXlXcm5qM3JveGsKvZovxyg/qG10UbELb6s2Is4vuxjTNPf8
|
||||
28jD2axQfs4IxYdwDfybjgiIvZN5NyZ8cE/eSsiOJdm2cUxEQLSLXg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHSzdsa3Q0SUQ1RDBsN2s0
|
||||
bnBPM0dwUFRoalVqS2d1bVVQbUNOaVh6M21jCm9VYlRydlZtV3MwZ1BPR2g4dThu
|
||||
TW5hZHYyc1VFOW1YSURRN0RiRFJyR2sKLS0tIGF4NkZmQ1F0WTcwaFB0d3c1V0Zv
|
||||
Ynduc3pCcEVhQmdoZWZvZDg2NXRWWHcK884kU6xQiLuJ8foQY2rdZHEWzqGo1FGd
|
||||
/Xfj8A7EGJWOSdi/n4dJZ6AWB7Z6rPAAzNBr4Her1yckG7JVxv4Oww==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBObkxxQkpsRGtTVWNpck51
|
||||
UUlHUzFNY3RDZnpYcFVHWHV1MlBGQjUzQjBzCjFLOU03bDR0cjlST25nd1VudmYr
|
||||
aTRhaEdSdFpyZmR5d1pSUW95RXgyWjgKLS0tIGQvdEVRZDZORzhIYTFPbU9RRTNi
|
||||
elUxTUMvV3dKUTlIWG1YdW5Qbms1SUEKEW0xqUEwitR0+4Rx9HcjAFx5lcCpAckb
|
||||
2oAj6fvFH4kEPzaL+m4R81YRDnJv4mrcZ6wGHGwMQJoNPtuaLsak0w==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1w3jtd4lecn2ng8qxantw33qxl2uasfqfjfpx45u6uweexwtxyq4spwssmh
|
||||
- recipient: age1jpeh4s553taxkyxhzlshzqjfrtvmmp5lw0hmpgn3mdnmgzku332qe082dl
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxa1RkMmtaS0pSOGU0bWJN
|
||||
R283VWU1cSs2eGF3dkJVejI2RUhManJMRUNJCkpRV2NCYklzeVdYZ3VySzZ6MjBq
|
||||
QTlpRWRDTUx2YjZIREhyb2pMcmFKeEkKLS0tIEtNKy9DQjJBa0VZeGxpUzI4TlJl
|
||||
THlORDQwdXJ3RGZmVTFtaWNlODhVYzAKKDvNETiOrLrrE6eiYM45c7JRa3UCx1iF
|
||||
soxcSqU7iKhr+bvo2X8idMQlwS9EhkPerFMWcON7ubcW4IznSMCXhQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrb1JmZ0RjSUxFWERSZWl2
|
||||
UThsM0F1M2c2bG5hbVkxYkI0bFYxYkR5T2xzCkxvRStjUmc1bmxwUDk5c0xOZ3lP
|
||||
K0s2dVdyUTVsOExVNWhSUWdJTU1vRUEKLS0tIGgyMjVHR0FsSzJrSlc4cmtsNEFJ
|
||||
SDFBY2hpS2tYRjJrZmE1Q05mclFQYVkK24BJZoxm7F2L4xYE6zar0Mw4ZRS+JXyW
|
||||
2slJVLRUY4llS3y+Acxhif+xGpASGMS0HrBlPjXc/8dk7xnwDTQvKA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-04-11T11:56:37Z"
|
||||
mac: ENC[AES256_GCM,data:QmlccYlL5IJD0OJ8CGfpma6fXSsrLISvBIlv8yvCFMitPnrFowWYzwN5EDOFIEGq1bIKef0tygBC2JDua+mH2xK5ZKftC9tTjhavZZpw4w3nWq1PP2zZWuPh2NmoSk1RtpQ760XTs1U+AloTJGIiCIUxhO/OT9fLo8WW2GyMJ1A=,iv:zXfkO1vJc1EtKgOz3Qs8BtwFQPGCvvWzLu60seO04WM=,tag:kzUS6IPrz4I2ke8kVviPgA==,type:str]
|
||||
lastmodified: "2024-04-15T06:36:15Z"
|
||||
mac: ENC[AES256_GCM,data:vNYnOvEhIpQ1ufxpLRKa/H1duYNDzKHY8vykpJy/4cwFLrMVy8UfTf4HdZe+kTja3WxfKEkigFZ6KOJC2HKPnQFX08yH8W6TznlU3t2q02SAXdEp8ycEoWsn8gvIGQqiJICR0Scb6M6guaP/y2n2DoPfS7vmIPpGdHIatW+crqk=,iv:C0y3+j+Nxj0NGlL3y/54/AijGo0tDC7USoDlzijmLzQ=,tag:5powWCaUDxOhhyy8FqLDfg==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
|
|
21
nixos/modules/nixos/services/powerdns/default.nix
Normal file
|
@ -0,0 +1,21 @@
|
|||
{ lib
|
||||
, config
|
||||
, pkgs
|
||||
, ...
|
||||
}:
|
||||
with lib;
|
||||
let
|
||||
cfg = config.mySystem.services.powerdns;
|
||||
in
|
||||
{
|
||||
options.mySystem.services.powerdns.enable = mkEnableOption "powerdns";
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
services.powerdns = {
|
||||
enable = true;
|
||||
|
||||
};
|
||||
|
||||
};
|
||||
}
|
|
@ -8,7 +8,8 @@ let
|
|||
cfg = config.mySystem.system.resticBackup;
|
||||
in
|
||||
{
|
||||
options.mySystem.system.resticBackup.local = {
|
||||
options.mySystem.system.resticBackup = {
|
||||
local = {
|
||||
enable = mkEnableOption "Local backups" // { default = true; };
|
||||
location = mkOption
|
||||
{
|
||||
|
@ -17,22 +18,74 @@ in
|
|||
default = "";
|
||||
};
|
||||
};
|
||||
options.mySystem.resticBackup.remote = {
|
||||
enable = mkEnableOption "remote backups";
|
||||
remote = {
|
||||
enable = mkEnableOption "Remote backups" // { default = true; };
|
||||
location = mkOption
|
||||
{
|
||||
type = types.str;
|
||||
description = "Location for remote backups";
|
||||
default = "";
|
||||
};
|
||||
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf (cfg.local.enable or cfg.remote.enable) {
|
||||
sops.secrets."services/restic/password" = {
|
||||
|
||||
config = {
|
||||
|
||||
# Warn if backups are disable and machine isnt a dev box
|
||||
warnings = [
|
||||
(mkIf (!cfg.local.enable && config.mySystem.purpose != "Development") "WARNING: Local backups are disabled!")
|
||||
(mkIf (!cfg.remote.enable && config.mySystem.purpose != "Development") "WARNING: Remote backups are disabled!")
|
||||
];
|
||||
|
||||
sops.secrets = mkIf (cfg.local.enable || cfg.remote.enable) {
|
||||
"services/restic/password" = {
|
||||
sopsFile = ./secrets.sops.yaml;
|
||||
owner = "kah";
|
||||
group = "kah";
|
||||
};
|
||||
|
||||
"services/restic/env" = {
|
||||
sopsFile = ./secrets.sops.yaml;
|
||||
owner = "kah";
|
||||
group = "kah";
|
||||
};
|
||||
};
|
||||
|
||||
# useful commands:
|
||||
# view snapshots - zfs list -t snapshot
|
||||
|
||||
# below takes a snapshot of the zfs persist volume
|
||||
# ready for restic syncs
|
||||
# essentially its a nightly rotation of atomic state at 2am.
|
||||
|
||||
# this is the safest option, as if you run restic
|
||||
# on live services/databases/etc, you will have
|
||||
# a bad day when you try and restore
|
||||
# (backing up a in-use file can and will cause corruption)
|
||||
|
||||
# ref: https://cyounkins.medium.com/correct-backups-require-filesystem-snapshots-23062e2e7a15
|
||||
systemd = mkIf (cfg.local.enable || cfg.remote.enable) {
|
||||
|
||||
timers.restic_nightly_snapshot = {
|
||||
description = "Nightly ZFS snapshot timer";
|
||||
wantedBy = [ "timers.target" ];
|
||||
partOf = [ "restic_nightly_snapshot.service" ];
|
||||
timerConfig.OnCalendar = "2:00";
|
||||
timerConfig.Persistent = "true";
|
||||
};
|
||||
|
||||
services.restic_nightly_snapshot = {
|
||||
description = "Nightly ZFS snapshot for Restic";
|
||||
path = with pkgs; [ zfs ];
|
||||
serviceConfig.Type = "simple";
|
||||
script = ''
|
||||
zfs destroy rpool/safe/persist@restic_nightly_snap || true && \
|
||||
zfs snapshot rpool/safe/persist@restic_nightly_snap
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,6 +1,8 @@
|
|||
services:
|
||||
restic:
|
||||
password: ENC[AES256_GCM,data:gq4WW/IwIYQ=,iv:jVVSGQhUhAOOv7tTHOxJgYiw8e9Jfgeg8veeirn4510=,tag:eJPAgiYbTPfW7gnuvCv7JQ==,type:str]
|
||||
password: ENC[AES256_GCM,data:2SKwstsawlM=,iv:/09fCnQm+2p+n/dmHTiZ4ZZO6Wy41DEJGdsDnIBKOBY=,tag:J4cgLGzDzQeDYZCeJwDtPw==,type:str]
|
||||
repository: ENC[AES256_GCM,data:IzQGzl/ldZnSLT5qVY8JSYNzVy8ceIeO6CkrPyUUj9z1U8K+rcDJAF/CpVPG9jlf0Zla9a+kh4ryP3PAQ+trAUmO2rg2H60Ps/PoNPPD2urc,iv:8w2D4B/CjolnEw6v/XYBiujDfqQRa5aa/tJwXD5B6aw=,tag:tDm9oodDieyOJR3ICRcmeA==,type:str]
|
||||
env: ENC[AES256_GCM,data:Riy/EpztAUvGw7EufBfU/+/gHFFnNVa73GvZyphsW8pzqpXJI1hkjdrVt9xsGWpwJ8smzVBvdZGcTtklqyUVduY5IzC5uCzMFpf4XGu1HHSmmsoOMYYCYhd9eYDMcxyG3EQUfNSDQcbZq5MmBjII72NVRFcn9qy4cYTtwbi2pFa7qgixk2eJTis=,iv:caLrFMMcV4WvA6/cXSHbBZYWqYQyN48m46nvncahU8I=,tag:QxE7uTe0+ybS7SWfkXkYWQ==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -10,59 +12,59 @@ sops:
|
|||
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKYnpDMGhaM1FvUjFDazNk
|
||||
QkNCbnhmSFludTFYU2l0WDZaOFhsZ2lCT2kwClNoSDNvaXNydmxubm5ZbUZZNW9W
|
||||
cmJVOWtHdjBvcXBuNTdwSXV6NUo4WDAKLS0tIDZzdk9YTGNyS3gyV21hRXo5WVhW
|
||||
aTRyVmdlYVVGbHJjL1BGdWxqNkxQWHMK29GOjS0tCNOECToZPSUZeyt/cElsynqy
|
||||
Ky1ByYdCkYZ+3IiCFjN2fChA58khWg3mRUuSpYrTZKIcdBFw6oKfhA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUMGw1SVJRcmFEVEJwbzBY
|
||||
TERnb3p6UlB6L3B6aGgrZ0ZQdmZPZjl4TUJnClhPWG56c1k1TVlCOHRIR010dWVT
|
||||
bzdtaEhwQUZtZlV3aTBQbFN4ZlpYZ2cKLS0tIDJtMXBIbnZMOEpTS1BNemJmTnVh
|
||||
OVlwMWQ0VU5OVi9ZZm1ERzcycTVISGcKqccg1LvWhgjLkqIKn+qmtUw/RCZUxIZP
|
||||
WwFiA8F19C0SRQ8X+q5vFYG1L9uFP4wGCE9tP1BndY/8IplwohGSpA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYQXdQcGE3anREVHFuMTh1
|
||||
enI0OHVYRDllYVdQNGllTnAyZ1lOU2RrMnk4CnNQUWt2ZUZsd25YWmdKcC9UNHJu
|
||||
V2FZRURibS8yd0ZQZnFaYUhFWVVUdVEKLS0tIGNyTjVJRWo2ODFZUmhTRzJxdWZ0
|
||||
Y3N6V0ZXRFZpUG5ablhKM29ma2ZOMFEKpCHKEiEx8lGNs9WufBZ1zyajgyBm2hWV
|
||||
DW9Z6FB/Y0pvPLs3tF05qQEQ3LVjcLJ3lJ4fcrbqspNhcfV5vN6sZA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5U0xIOWpCa2oyOUxTMDdt
|
||||
NGdNdi9QQnVWWXNGN21pTlJQSkhpWXdPdjJ3Ck5CcFIwUVVQYnFCMmVYYk04VW5K
|
||||
L2FtdXdxbEV1MVdVY1hKRHlCVHFITncKLS0tIExPeTNJNi93NExlTW1RaXBiSFVr
|
||||
MWc1UUt2L2FSRGxyQnBQZDFhSU1SYlUKCVHYwQcgTDS0jOmtjwKuz0ScPRQEMXoE
|
||||
u+0MOSi4681hSXbG+sUShQ3ZQAqPK6NkiVr5cg37ci69R3wGUicMug==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhSGloUkI3UnY3S010MlI3
|
||||
UWwyc1I2SmZEdWhWVVlsYysrMDIxdzZaQW5vCjJ1WWlVZ0xRWmMxTGh2S1k1MkVE
|
||||
UTJJWlBvR1R6V1RXcjlSbm4rQmFZcTgKLS0tIDAzRUtNenB1cW10ZFdMY285aVFZ
|
||||
MjVZOWM3SFkvMUtoTEZGZkx4V1ZEcFUK2tDvX173EYvGqLxfsKxrKVv8BDorYJk4
|
||||
etatqb+5KQnEYFgxY3qY4nMdsir74VqdHKkg9rP0/eUbNL0exBTjFA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGcVFZQi96eHBSSkxLUmtO
|
||||
VEZ5QmNLaHNDaTZick1TM3RNeHFKV3lYc0NRCnpEblNJTW14N05oNWtmL05DZVlW
|
||||
bExTaVl2Yy9UV2lWM1Zuei9KOHAvdEkKLS0tIDMvZGNvR0pzY1YzaDl5TWZZNE5I
|
||||
bVlTNmNGSlMwaitZc2Z2OFdGU1NUTW8Kp8uFin0TRg+/i0+pthiBVW+aKQ+tZ3P+
|
||||
WqygYHM586cJcPz6veLcK8Icb+WP3/UC9VyUSTHb8oD14IUMs1jo8w==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpUzlLNVhaMW94YjI5TU5k
|
||||
S2ZIRVBxRVBUT1Jta3hydndUVzZxbDA4ZldzClUzMUJWQ2JWZk9kQU5LVVRJNWlT
|
||||
U0p5ZnphelExSXU4MHh2d3RxNVo5WmsKLS0tIDNHSC9tM3FaRTYybmJtWUxFYVpD
|
||||
ZU9GTUVpSGVzOWZuZWZTZjR1NWFVY2MKy1od9yzs5BJJF/b5TPsqn5ZGWAVdt6nz
|
||||
lX1owv3vRz9VBjOi9omDKbnSPViOBk8C2+5as52nUdWO/xTsNgO1+A==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUNDZDeWNpcFl5dVg0dnoz
|
||||
VDMxUFM1V2N6QUhpalBkU0NOVDVuZkR0d3pnCkJmQ3h6c21ZRUgyMUNvYTQxOFlX
|
||||
LzlqMzM2eTJHTnFRMHdQVi9iclBISmMKLS0tIDBFSWUwS0UyWWhUcWxSNXIvakNz
|
||||
TGRYN2N1OTdHeGtqMnZiSElleTc0T1kK5BYxEgbaeo/MwLQNXkQRitT8ocgTrEVD
|
||||
VdqGTlPwNMWP9dA7JPTd2f+kwr7yDGG7FZUS95ZEVQ+euMYE+6MWNQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKMVU0UHZMdVJXRW5uMkVz
|
||||
OU9PbzZRRW1aanB3b0xLK1ZsYjZGbElqQm13CjRrbUVxamhvMUdGb1FBU2VyNDl1
|
||||
RmNESmNIYWRaYTBpSnZmQ1dYc1NycHMKLS0tIDlmUFZqKzdETUNrWk1qUkM0NUdo
|
||||
eTBWa1kvUjArK2lEbTJtTm4xQUpGTWcKbpujwUOxwcghfWbP9XWHzfhfGtQhjC63
|
||||
qnZJSKGoFT/DxJiGaF70gQk+Gn+db1MaPKZzQ492lqCSX+T22z7+oQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0ODRhZTI3bFhaMHdvQ2Uw
|
||||
eUZOWDJyWFoyWjBxcTZCUkkyM1pTbnBZbTJJCmRoeDgvRTUwb1pMVCsrMGZlU2dF
|
||||
YURsV3ZBMmF6a0hmakNadU11ZGFoNlEKLS0tIFFyMmZHTlJ1UWtwRnBXbW8wZml2
|
||||
d3ppbFZScS9vaVhDYjQyRnZYaldOckkKiVqc1Q10ypwk2VxVwRyJ908L4OhZirMI
|
||||
gmc8AocV2oQwgjWp9K/U/XVrKyqq1SjZPcTGsgls8DFy/4hM6Tc3uw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1w3jtd4lecn2ng8qxantw33qxl2uasfqfjfpx45u6uweexwtxyq4spwssmh
|
||||
- recipient: age1jpeh4s553taxkyxhzlshzqjfrtvmmp5lw0hmpgn3mdnmgzku332qe082dl
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHZkJsK1ZXRGo3NVVPaktD
|
||||
M3JHVTByYzlOcGtXTklKSSswNlM2R0E4OFJJCk9ab21TbWJORTJuZHZxcVJrUVZw
|
||||
cDNPb25EQmEzRFRXOE9CUG12UzJQYjAKLS0tIG4rWHY5SjBZNW5qb1kyVGNXN1ls
|
||||
SDNRdTJlL0p5UmREU1ExVm9Nay9laE0KPidvFK33/M1v1/62g3/nO6DdHaM7od3F
|
||||
mXCwxArAEZo738AM88Si9xJAyvXNI2yc+cOJzijtXrUBgvmE8DdoIA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0UGpjak9Yd1ZOL0x0OUlJ
|
||||
a0R6N0VVWHhRUjNhdlExNmZnNFJkbU0za2tBCjdJTVJwZDYzemd4c09TZTlXUGFr
|
||||
MDhzVG9qZTV3dDRnTUo0dmErRjJHQUkKLS0tIHlzdnlKTnFoZ0JWQkJaYTlOdDNG
|
||||
OVdKZTUwVEtlTGtGbFFLRlp1eS9ZS0kKZTZPjYzlMjx+Pv2BTL4AhjfOjtdq3PuJ
|
||||
6cE/adCo9nPJLoZrWuXCqUje4fsAfH1pstShyOBf3O6daG5w2k9qkw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-04-13T09:09:34Z"
|
||||
mac: ENC[AES256_GCM,data:VOB3F3+ssvI+2EucvZ+LX1Hl+702vhB5RVSVeSzQbgmnN+zwuYLksO4rdgOpegPGlENcj5M2CzyRqsiGhyuy9THm/u09Ac2PbPEfWGm72pzuSMPymZQrUJmZDU/Gl0IlIfxQGGOfFdaVnzVl4ynIZuseJDjOZP9ymT8G8/ewSYY=,iv:Czjr4i9JuIO+2Ftl3ENE/XAzsca9rfYCvgy+tggMihY=,tag:4BlY8d29AUh4FluA6eUNeg==,type:str]
|
||||
lastmodified: "2024-04-15T06:36:15Z"
|
||||
mac: ENC[AES256_GCM,data:U1qcGw8jMdJxuARQzmV1OywQoO6y3uUy46wwWnqerXsmOVQxy86/FWHP6embT00xzn/WjZNywqoiF9PlR2c9dw9usA/qHa679rkQ24xeN8Kj6GBil8WG+Z0y8NowXGY/3xqJHNZ6lsEjV8g/0TWRPVTe8XdryDoxdw7uWFk4h84=,iv:7NiANxV9y+/v6/77z06bEwrZAZRhAQ2F+Td1I6kXO1c=,tag:0OgqqX0MwewveOGKkgHdJg==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
system:
|
||||
services:
|
||||
#ENC[AES256_GCM,data:XPfrPhKBn7rS7oL1ob3KqOuGprzSsdfnEKHm8ep6Lr2qWgKUpnLyiOqkPapooPO0E2RnHXDv1GeLpl6+NbHQRWUCcfP0ypEko0ZZPw==,iv:R/sUawRMIts93Gdz8dRBJz7VWdK3nFXQfaGk+rWXK2c=,tag:xwONcjRqD05CiSyg8u7Yvw==,type:comment]
|
||||
#ENC[AES256_GCM,data:ig832PtvXK2tqQLw9C2AbtNPK5JnaAZ3SB8gQzfagtnc/60NG2/R7kGTi0dt1/BGGy5GxaPmrarJ/egix2D0J4sHBNs+IE+HoaEQLQ==,iv:CqZ/xQj1ayLwR8yWFpjpszn6WjKFnlH9BKgPidz9DQs=,tag:GVI7/X0h4fC3HqQ6WALpzw==,type:comment]
|
||||
traefik:
|
||||
apiTokenFile: ENC[AES256_GCM,data:qFz1VRqM6Jfu33ImmglKp2L1WihYbZE86zx0BuXvgUSLrHodcgQ8ft8vpy0ur+I8I0i2/HLNKSrdz9bAdfDWdqqBpLwQA5SSu3pod/pxXTMvVEqZqYGwvXD24SifSHLKLA==,iv:YXah2ezPGDVJ9FWL5TJdqIT/ZPSEW6MxlKSqb33MNzE=,tag:UjJOl0g1UltdGicLDxqJQA==,type:str]
|
||||
apiTokenFile: ENC[AES256_GCM,data:NPmV586NTWCO1pntbqHZ8BinJ6Qk/WiwD6H9YVcyv+rDOc6lLkNm/vodV8RoYTtE+QF2/Ozcaqs5UkzyNNt6kgC3hHJNHcHoH7xaqLX/M8lNuTWwhwGigfb8ZjS0yx+jSg==,iv:agGj/FI/BwJ3loD/PqGuRT1jgIYoE4fqv6BMdBJ1Ch0=,tag:dPk71zXp+1rV/R7G1Zpwiw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -12,59 +12,59 @@ sops:
|
|||
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVME1FckowdTFIaFByNFk4
|
||||
cHM4WnprZk55WUdlcUlkcSsxQXIrRjloTXhJCm1GMWw4UGU4WnpaQmUycUxCci9i
|
||||
WmtmbzdPSTZ5Q2l6QTZVdHkxajlpTE0KLS0tIDVxQ1ZMaFlSS3d0akQ1UDM5TFJG
|
||||
T096em14d1FRUjF3dm85MkthRVh6UnMKelOf2qNobndcxX5QR+iTt4sSIsngRbvj
|
||||
wy6W5s53x2bqe4K21RSNhAUkUO3AshotN/caiYKzYx/kBZk2kRcVXw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1OERwMmdQZ0xWY0xqSFhu
|
||||
U1pHRjJSbWsyRmgzUFdjVE84V0tPQXRQWURjCkJtM1VwZHo2cmpyNTdOYmh6c0VO
|
||||
MzJIOERQeC9IUTFoY0w5a1g1aTdyYlEKLS0tIDNid1ExOVhCcFo5b0dOWUxHOElE
|
||||
T2U5U0ZTMVZvaC9Dd0RjTXRaN1ZGNTAKvQahfr4FGBpHZ3REaG742Q0mnUe1JCwl
|
||||
TXRMJ3qWnpwk465R++g9BIJxkjW+GPCad0ZYCYqVhoFS4etmVqVXkg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwTHczMFY1Rm5IQlV0TTJV
|
||||
Sk5lKyswTlBteVZRRVE0TWY2Zm5uNXFjalNZCmVVU3FQZENSOUNtb0FGbEtqSmtG
|
||||
SnYyNEgyeDIvaW94U0wyV2dFd3g2VFUKLS0tIDN0Vmg2RjNkanp4b2wvK1RVbTU1
|
||||
ZzQ4Q2VLNXI0M3hXL1pyV2gvbzhuUTgK4MjauT0PDEBn9HJicK3J8FXamsoSdqGA
|
||||
5F0E6ettiC80jYV7Cp48cyQ1vo18glFSvQ1IrJ1x0z5Oznr+ZPXK2g==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiV2hIMStCM0J5V2pZZy9I
|
||||
NWlPczBBMjVxY2RMR3FrSnR2TzQ5NVJkakZjCmxvZ0hsK1lpaDlUYlVrR1NQSXVv
|
||||
ME0rMnozYUExN09SUzBzUFlNbHZMcXMKLS0tIFd4VHdJcStJZTBxYWVoaU1FenVh
|
||||
QWdhelhBQ3pIR09kY1VMY0IzSUYxelUKCV4gHAq3zyM4Z21ZoObPm+VaoaOVLfVB
|
||||
AsJtfwjor2x0KWNCmn8WlQ47fgCkiK6lCkKbliR6QviAL8dtTmlL6Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDOFpvYnRWY2F1bTAvbmpC
|
||||
SEh2SmhaeEVEK2ZLbzBPeE1YVlkxM1FlQTBRClRNRWNZQ3BZcVE0VTF0bDUwWk1k
|
||||
Q1l5RWtYSy93V09EeGUxcVBzOVd0eDAKLS0tIDd3QlBQcHovWDlsdEg3eDlmVWtn
|
||||
OUhNMWxENzhqNmdaZTFkQWNVM3I0cW8KKeEKoG+e+rClRk8bWWtdGEjcyYiIPF3u
|
||||
24flOm0iStrfy4b0Cf33sTzozFR6cdG3DZ1bqQLR3rwKAh9XdWbAhg==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTMFRrb0piUVNaam5aeG12
|
||||
eDFHeXNsTUFQQm1sSmF6VkVOSi9hL0RBYml3CkhVYUxpaUlvakhHV0UrY3VnU3Nh
|
||||
b3hKdHNMVHo2cUgzcXVjdnVRY2EyNlkKLS0tIEw5UnZLZ2dmZ2VQV2MwTDVXKzc0
|
||||
NUQrUkxoR3MwUEpRLzZONmpNT2UvZG8KCp00YqFS9OD5PUA17UbknOLUd/HWmpoA
|
||||
GrE7uAFUoOf2l36UpNSlX8NENOAnNrptTMxTkWKsMVur80Bt6hxZYA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjakxOcDBvcm05ckYzekIw
|
||||
Mm54a1k2U0Q3SkNtWVpqNGlnOWprK21lbVFnCnNZa0FReG54MFhPQVJESmM5eklS
|
||||
Zlpxeml3QnZVY2V1U1VRRXJsd05jajgKLS0tIGYxTjZkNk40eG91aHZOa1AvWHl5
|
||||
L2JqS0FjVzF1a1dZb29lM2dIVitiVWcKtyN9D5aqvwr5wKI7cZ+6ARZ2ntFN77bb
|
||||
xRS99lmHiOzEHoDK7KaU0trdeCLiUCGdVUye8RgPbe/SUXa8Nb36pw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGZUhyWUZJV2FPdjhrNHVQ
|
||||
N3hlNGZaaXJjbGtjNmtaWE51S1RETlVHUlY4Cm1hL0NjdGxWbyt3YlBPR1JWbUdt
|
||||
OGF3eEwrMXFEdXdLaEZBUXRKdXN3WU0KLS0tIGtBM2JNY2NlZnBpdFh6L25QK29Z
|
||||
eXdUZlE1Zkxab0tkODFYSFRoYzZwbk0KFMY2z2I7Dry1AU9bDmmqfIX1U8iZwkvE
|
||||
SZ90PAWg2anSKDNRC76H2RurwnM60i453YDBYOTpdBighLYHuMWP2g==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWWERTcWZNZlM2Wm10aUps
|
||||
dGQ5eEFVTkVBYVJCdlN5WFZKUUI4MzBwL1I0CnAxbUNocHFCZFZHRnVmbzhwd0xY
|
||||
aGcyelVJREh5MzBSUXNKaklXdGRFb1kKLS0tIFRvLzhsNFNvNGVvZWFPVXVFTC9H
|
||||
NGQ5ZTk2dFVKNGdiQTJaNjZtR0d3YjgKz2AluV3wR0Cz7bJEXAUqBwHbdk7zmD5P
|
||||
nux9nLQfoD9YDfbp2DIBDktHPL5KjY5H4/zn+Obo3fPeq+PrZMNZZw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsYlVveFRrZEErUGo1R0Ja
|
||||
ZU5keFJZcEw4aGVic292RnhyYlBrV3lsV0RjCjlGRU4xSGZpRzNON3VncEl3aTZr
|
||||
NnVWdUkrWlY0UVh2eG1kQmxHdDlHZjQKLS0tIHYyMk1tRTRkMFA5WDgyZXVTZUFh
|
||||
cTM5WncwekN0YTh0SlB3NmQyd0lmbmcKf355+V5bKlNwS9wPl2wq3SUNi6+xDFu2
|
||||
UJ+0Uqk6S43L3964PFENGWsymmKS4DfP6OotX466k3BM4/jT32pmdg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1w3jtd4lecn2ng8qxantw33qxl2uasfqfjfpx45u6uweexwtxyq4spwssmh
|
||||
- recipient: age1jpeh4s553taxkyxhzlshzqjfrtvmmp5lw0hmpgn3mdnmgzku332qe082dl
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5WDhQckJCdW1tTXBEalE5
|
||||
VTJNL3dJWlIzMm9LTjVaUFl3SlNNVERwM3lRCmhCT25UWkxCYkdUNytjUjZCVWF2
|
||||
NjY5ZU5xWkxRZ2tIUzRNTzl4Mk5RK3cKLS0tIGxJamh0SnJIZWIxTjZzSEtHaXdy
|
||||
M1V2S01iclNnMzZta2lYY29HM1dMVXMK6omDe7Pgb57Q/zA6KUQV3mt/QQN3NlUZ
|
||||
QESTtrrtDveuK/GBeiTQZpOdetYja3V2UHnePR5IHuMw3QexIKUlKw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHQXp1eDM4eHFDeXUwR2Y0
|
||||
SnUxakdqZWZzK29xT1lVeXozT0N2UHBwRFc0ClQvU2cvL3MvVHUvQXNsR0tENWRm
|
||||
WkJRQW5GMmlQdzRBQkkyamMzZXMrM2sKLS0tIHFtZXRkVExVWnBGcVZValFreUFY
|
||||
NzZtTzBuS2lYR2hOUzVmcVovQlJSOVUKnyI5GF6cHeQUQ9rftfQCObESLNds09dE
|
||||
lZXG3k1bUecsV6H0vExHzc9ZMYDw4Iz1YamS9KuzePCU2j9hCboMEQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-04-11T11:56:37Z"
|
||||
mac: ENC[AES256_GCM,data:ZIOBc6KR2K5ttfx3EvZTL4Iod8aJCxHB90g+5cIMG0Cx5X6sf9RNVznab7/fTuCDcqEzG9KOrWhaSI1fx8NN1xbNY3GZ3iKFa8NEXlg6mO+7Kyir9GPBQaRTjCAUVKQnCukEq/50KPQsFRETyx4lOt9VFnd1GXpc1QgIXg8jnaQ=,iv:+TQstFomD658x6QYyY49Y7y2CduD16Bl8uhcIW09g6Y=,tag:bcfwfk3xfQsXom44OJq81g==,type:str]
|
||||
lastmodified: "2024-04-15T06:36:15Z"
|
||||
mac: ENC[AES256_GCM,data:klTr+hWUvdrJLcWPrSSvdz4Q9dspXmD9FTCUVfhbs+LfWYvk9dY0LaKb+3pMknWztyWBXqyLAvQ7sHgfXwUzagLuExHLNdFNYUk9egup55wsQvnxy/9WF7qlpvjLz0tBGMtLnHONo63z2ose3sbJoWuJvKurqVI9ozqmQa8S+7M=,iv:MJihHHTtvUA+yr2caVZjmxhJU1+IKhM77tg9GUXzb/8=,tag:7lpoz8E1gvdjKbPhDL73iQ==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
|
|
|
@ -9,5 +9,6 @@
|
|||
./nfs
|
||||
./motd
|
||||
./pushover
|
||||
./technitium-dns
|
||||
];
|
||||
}
|
||||
|
|
|
@ -32,16 +32,26 @@ let
|
|||
upMins=$((uptime/60%60))
|
||||
upSecs=$((uptime%60))
|
||||
|
||||
printf "$BOLD Welcome to $(hostname)!$ENDCOLOR\n"
|
||||
figlet "$(hostname)" | lolcat -f
|
||||
printf "$BOLD %-20s$ENDCOLOR %s\n" "Role:" "${config.mySystem.purpose}"
|
||||
printf "\n"
|
||||
${lib.strings.concatStrings (lib.lists.forEach cfg.networkInterfaces (x: "printf \"$BOLD * %-20s$ENDCOLOR %s\\n\" \"IPv4 ${x}\" \"$(ip -4 addr show ${x} | grep -oP '(?<=inet\\s)\\d+(\\.\\d+){3}')\"\n"))}
|
||||
printf "$BOLD * %-20s$ENDCOLOR %s\n" "Release" "$PRETTY_NAME"
|
||||
printf "$BOLD * %-20s$ENDCOLOR %s\n" "Kernel" "$(uname -rs)"
|
||||
[ -f /var/run/reboot-required ] && printf "$RED * %-20s$ENDCOLOR %s\n" "A reboot is required"
|
||||
printf "\n"
|
||||
printf "$BOLD * %-20s$ENDCOLOR %s\n" "CPU usage" "$LOAD1, $LOAD5, $LOAD15 (1, 5, 15 min)"
|
||||
printf "$BOLD * %-20s$ENDCOLOR %s\n" "Memory" "$MEMORY"
|
||||
printf "$BOLD * %-20s$ENDCOLOR %s\n" "System uptime" "$upDays days $upHours hours $upMins minutes $upSecs seconds"
|
||||
|
||||
printf "\n"
|
||||
if ! type "$zpool" &> /dev/null; then
|
||||
printf "$BOLD Zpool status: $ENDCOLOR\n"
|
||||
zpool status -x | sed -e 's/^/ /'
|
||||
fi
|
||||
if ! type "$zpool" &> /dev/null; then
|
||||
printf "$BOLD Zpool usage: $ENDCOLOR\n"
|
||||
zpool list -Ho name,cap,size | awk '{ printf("%-10s%+3s used out of %+5s\n", $1, $2, $3); }' | sed -e 's/^/ /'
|
||||
fi
|
||||
printf "\n"
|
||||
printf "$BOLDService status$ENDCOLOR\n"
|
||||
|
||||
|
@ -76,6 +86,8 @@ in
|
|||
config = lib.mkIf cfg.enable {
|
||||
environment.systemPackages = [
|
||||
motd
|
||||
pkgs.lolcat
|
||||
pkgs.figlet
|
||||
];
|
||||
programs.fish.interactiveShellInit = lib.mkIf config.programs.fish.enable ''
|
||||
motd
|
||||
|
|
|
@ -17,9 +17,13 @@ in
|
|||
);
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
config = {
|
||||
# Warn if backups are disable and machine isnt a dev box
|
||||
warnings = [
|
||||
(mkIf (!cfg.enable && config.mySystem.purpose != "Development") "WARNING: Pushover SystemD notifications are disabled!")
|
||||
];
|
||||
|
||||
systemd.services."notify-pushover@" = {
|
||||
systemd.services."notify-pushover@" = mkIf cfg.enable {
|
||||
enable = true;
|
||||
onFailure = lib.mkForce [ ]; # cant refer to itself on failure
|
||||
description = "Notify on failed unit %i";
|
||||
|
@ -32,6 +36,7 @@ in
|
|||
# Script calls pushover with some deets.
|
||||
# Here im using the systemd specifier %i passed into the script,
|
||||
# which I can reference with bash $1.
|
||||
scriptArgs = "%i %H";
|
||||
script = ''
|
||||
${pkgs.curl}/bin/curl --fail -s -o /dev/null \
|
||||
--form-string "token=$PUSHOVER_API_KEY" \
|
||||
|
@ -46,7 +51,6 @@ in
|
|||
https://api.pushover.net/1/messages.json 2&>1
|
||||
|
||||
'';
|
||||
scriptArgs = "%i %H";
|
||||
};
|
||||
|
||||
};
|
||||
|
|
86
nixos/modules/nixos/system/technitium-dns/default.nix
Normal file
|
@ -0,0 +1,86 @@
|
|||
{ lib
|
||||
, config
|
||||
, pkgs
|
||||
, ...
|
||||
}:
|
||||
with lib;
|
||||
let
|
||||
|
||||
stateDir = "/var/lib/technitium-dns-server";
|
||||
cfg = config.mySystem.system.technitium-dns;
|
||||
in
|
||||
{
|
||||
options.mySystem.system.technitium-dns.enable = mkEnableOption "technitium-dns";
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
networking.firewall = {
|
||||
allowedUDPPorts = [ 53 ];
|
||||
allowedTCPPorts = [
|
||||
53
|
||||
80
|
||||
443
|
||||
5380
|
||||
53443
|
||||
];
|
||||
};
|
||||
|
||||
systemd.services.technitium-dns-server = {
|
||||
description = "Technitium DNS Server";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" ];
|
||||
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.unstable.technitium-dns-server}/bin/technitium-dns-server ${stateDir}";
|
||||
|
||||
User = "technitiumdns";
|
||||
Group = "technitiumdns";
|
||||
|
||||
StateDirectory = "technitium-dns-server";
|
||||
WorkingDirectory = stateDir;
|
||||
BindPaths = stateDir;
|
||||
|
||||
Restart = "always";
|
||||
RestartSec = 10;
|
||||
TimeoutStopSec = 10;
|
||||
KillSignal = "SIGINT";
|
||||
|
||||
# Harden the service
|
||||
LockPersonality = true;
|
||||
NoNewPrivileges = true;
|
||||
PrivateDevices = true;
|
||||
PrivateMounts = true;
|
||||
PrivateTmp = true;
|
||||
ProtectClock = true;
|
||||
ProtectControlGroups = true;
|
||||
ProtectHome = true;
|
||||
ProtectHostname = true;
|
||||
ProtectKernelLogs = true;
|
||||
ProtectKernelModules = true;
|
||||
ProtectKernelTunables = true;
|
||||
ProtectSystem = "strict";
|
||||
RemoveIPC = true;
|
||||
RestrictAddressFamilies = "AF_INET AF_INET6 AF_UNIX AF_NETLINK";
|
||||
RestrictNamespaces = true;
|
||||
RestrictRealtime = true;
|
||||
RestrictSUIDSGID = true;
|
||||
|
||||
AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
|
||||
CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ];
|
||||
};
|
||||
};
|
||||
|
||||
users = {
|
||||
users = {
|
||||
technitiumdns = {
|
||||
group = "technitiumdns";
|
||||
isSystemUser = true;
|
||||
};
|
||||
};
|
||||
groups = {
|
||||
technitiumdns = { };
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
}
|
|
@ -1,5 +1,6 @@
|
|||
{ lib
|
||||
, config
|
||||
, pkgs
|
||||
, ...
|
||||
}:
|
||||
let
|
||||
|
@ -17,12 +18,14 @@ with lib;
|
|||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
|
||||
# setup boot
|
||||
boot = {
|
||||
supportedFilesystems = [
|
||||
"zfs"
|
||||
];
|
||||
zfs = {
|
||||
forceImportRoot = false;
|
||||
forceImportRoot = false; # if stuck on boot, modify grub options , force importing isnt secure
|
||||
extraPools = cfg.mountPoolsAtBoot;
|
||||
};
|
||||
|
||||
|
@ -34,6 +37,15 @@ with lib;
|
|||
trim.enable = true;
|
||||
};
|
||||
|
||||
# Pushover notifications
|
||||
environment.systemPackages = with pkgs; [
|
||||
busybox
|
||||
];
|
||||
|
||||
services.zfs.zed.settings = {
|
||||
ZED_PUSHOVER_TOKEN = "$(${pkgs.busybox}/bin/cat ${config.sops.secrets.pushover-api-key.path})";
|
||||
ZED_PUSHOVER_USER = "$(${pkgs.busybox}/bin/cat ${config.sops.secrets.pushover-user-key.path})";
|
||||
};
|
||||
|
||||
};
|
||||
}
|
||||
|
|
|
@ -37,6 +37,7 @@ with lib;
|
|||
|
||||
shell.fish.enable = true;
|
||||
# But wont enable plugins globally, leave them for workstations
|
||||
system.resticBackup.remote.location = "s3:https://f3b4625a2d02b0e6d1dec5a44f427191.r2.cloudflarestorage.com/nixos-restic";
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
|
|
|
@ -1,7 +1,9 @@
|
|||
services:
|
||||
pushover:
|
||||
env: ENC[AES256_GCM,data:nkiW4SDRCjmKrXTDSOolV1+WJorodjF+2FvBpXRa7PsXMQM+4pgP1Ll4TRZHkrwJ5hpD0X9hnb1wdVUcm/2DU/o4qkFl/ZUGQIiOZRbyirxINeYq7G/0TWJmtx/vw48L,iv:2pqzQDEfXkkA+GCXdk4+2NFOi3OASFqefzVf0YcWkUc=,tag:tNeYcgfsLAaKGVmOsTLPdg==,type:str]
|
||||
truxnell-password: ENC[AES256_GCM,data:SQhRB9eQRLbyTF1ebUoGPhWOdfcX3+yMTsIxY+/Tb0dNYAYvFojc+vcULevKS7DteLlRHSOFZS5MaPkgv4+agF8ZCC1Wy6A6KyMd4NGxzt27mE1/tjla2OVIyqoo3ye7hpxLZxW9Feh+Pg==,iv:684OoJRCiLmnfzjijz2CEdFpvlBkGzlTYIpKqbLAgtQ=,tag:5YyHnnX9/i3kp8yZjdP4XQ==,type:str]
|
||||
env: ENC[AES256_GCM,data:OxFpyEUrGBeeIJU0/m/r4snCuFq4N3EAQ2KGReEgSDZvlTro8xyTpbypzXxFHJIYhCNbQPLKb2LTX7Rzk9c0xHc9YNcZWxD5kybJniOjFIKarhmi3GaBzJGzzQKRLt40,iv:ZP4ioZx8jR6R0AIdZE0SWEm6VLzGa+dCYn3SceAJ7R8=,tag:okcd/omsRKwr9TXzbmkAug==,type:str]
|
||||
pushover-user-key: ENC[AES256_GCM,data:hOVjnl/zAaWDurVds46lXeyokK/3fl1xpwRVIWwZ,iv:lWcTsz3PdQ3ifoKWaLmOpMbwq1FhiGEzCtqiLzFk/jA=,tag:EVni7WBVqL/lXqXGtQlErg==,type:str]
|
||||
pushover-api-key: ENC[AES256_GCM,data:8QdwA0csJhpQIoa0one0hFOLuQRi1hcrfBrPaU1r,iv:xxQyQY+m++qEEaR7gaDnYbA/Btc0PvLFYF0aTuJD/wI=,tag:t714Gv9xwxvI1ceOdmbTCQ==,type:str]
|
||||
truxnell-password: ENC[AES256_GCM,data:cqsquP1mfRJ+VijAV7F/eBwF1o5YedV2i7P05QibtAJWnKnTI4tzDz5iYo/0cWnlKD3xpAvqph47bwkeBfJatD6Q/ccO4rV9PfpVgD3/W+aBJk1GyTaljqCU3IINyGiT4y6lh01vmOOJ2w==,iv:Er2beJsdw71QFJCmmaSOb5IsJXBG6ZV1vw5SM/ZrWwY=,tag:Lb62auMyURsJzFLuG798Kg==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -11,59 +13,59 @@ sops:
|
|||
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKbjFLVktzVVNSeDVuOVpx
|
||||
OXVrcU5vK01JbjZvMlh0bi9INFlPU2VTZUFrClRzVGlSSzljcldnVFhZTHhKcWYz
|
||||
MHdGdEZBeU1tMDJOU1FVVVlMSFRNUGMKLS0tIGtRdGFaMC83MUc2VDdEOUJKcFYy
|
||||
ZGorL2orMXJ1K3VNek5WaTdkcXpyUDAKUrd8OXnSEvOEHeKY02aMEnQEAK3dHWUg
|
||||
/zPECgCQwStiE11erj+mfYhgSeHDx0szQieRj4a+x4KaEItydVOMng==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWK3RSK2wyQWVGUThCMFlL
|
||||
RjY1TEJrZEcyUjlzeU4vdUJqL0pwLzRyZFNNCmVoVjJ0OW96YTRZOVNlSk9GWjMz
|
||||
cVh4VGMyK0ZtUmtpZmhVcDRjK0FzRDQKLS0tIENFdnRuNFFWaXUvOXFPcjkxaC9E
|
||||
RUZZMzZ3OVhVYU1lODU3OWtVaU9yMW8Kmo1RgsC2hAXOMbevLSecIRtWVgCaKe5c
|
||||
DiVVL0BZaAxEFLkrdSS+yv8717LnCyGHI9rtzB+MQxcZBiUmx/8/Pg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKYmM1cDFHd2JKMlhHU0tu
|
||||
VSthQnB0Q1VBVjEyRlJzZUtXYW1sSUordml3ClZQQnNQWFFmTnNkeEI2cjJ4OGhW
|
||||
VWRqZWU1aFpZc1c4dzdPcWxWek43OEEKLS0tIHNvc0NmalFZWHY1a1I2RkJYR3pR
|
||||
c1JwckUvQTRxZDlsQThsUHd2VndvQ1kKQAJhEKLV3AcLDhk3BEbjwsLmEC+FFYZt
|
||||
AZXPbhJVZ2n62yU97IcEZOEs7tcaPFqRQmuEk0caMEj4F3RgF0naOg==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhTkMvS3MxV2NUTjVJci94
|
||||
UlVjZDVLMzNTdG5sVWhNVGphTVJIZ0g1d2dzCmRrcHpHbDlINjJ1eDZKU0k3QUd1
|
||||
NWdGN1RPSUF3aGFJNTBoSTNFVjF6YkEKLS0tIFpud29YSXBHTGg1NTdvYW5pMm8x
|
||||
eGtkMGdqcEFibm5oUjE3TXVLQ3NrSm8KRp2ee/xnaouuqOwMa+ICXhN1iFc68pQO
|
||||
vbHn3j9HhCCA0q5w6/JngkuIktQSqP64Tp5lRtt7ko/dNM0uySFXJQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJaDdXV2FrMHA0dkxkN2F4
|
||||
dCszUG42bkI5bGlzMFJmVy9RV1R1QjZsNjNJCnBBMWVpYWdnN2MzOGZXT2UzRXZw
|
||||
VVlVVmJaUHhQcVNXYVJqdnkzSTJ3TUUKLS0tIFdwUU0wR0c2eXp2NEFxV29DMDIx
|
||||
K2d1UXZTenZnV0ViR3NOZE5YK1RNRkkK5ForFTQ9G7dvy3gri/nSVkYl4GViM4Ni
|
||||
MiTQCriWOb8y0Fbdidc61NHOuGF3Ji3HUE7V065+DpWb43M8Y+w93g==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArWUxzQnR5K2ZNWkprdlh0
|
||||
Nnp3K3JVa0YzMFhNbHFqWTEzNDFBVk91dVJ3CnM1aW5OL1VOSFZST3hLSktzb3Jn
|
||||
andkSmhvdjFxbG9HTFpoeTluMHRacFUKLS0tIFJMQjIrSndFVlpDOUJiZFU4eHEw
|
||||
S1NEU29PS21McXBpMTJOVU42bTMzQTQKVHP0zHRsR/r0zbU3uLjgHs0pMvGmtXgf
|
||||
fwTiFZcRxYdR4T/Pv1lqGYYMvA94bgSFXI+mJNYni9pvP4jNIg/wuA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuV0diWWZLOEdVVXhHRzZP
|
||||
TWtmLzQyR1N4ZHRMVVpLVWwrdXlHWjgzVkdJCld6NExvWGVXVzR3cjl2eVJTY01E
|
||||
ZzJjcWJWWklJMUpjUjFJOURLMTBZNG8KLS0tIHpEMzA3enZMNXpmeVNtUjl0Y3lF
|
||||
RUR2alVhVC9rbXdYYlB4THRYRTVYSUEK9jiP+9/IMTTEQlWwn+MvL7NgI4Z97YEY
|
||||
C+U3mvXVOQ/FA/3hCaD1HALr6WHIV3DGcxacblYT4awAbN4crtfnIA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQckF0ZzA0SE9jcTJrTkE3
|
||||
bXYvSUYrWmR4Z3ZoV0NIc3lobmZJcDU1WW5JCjRUbEZXa2xrMzNRaEQ1UXRLWFJP
|
||||
VlRZZFg0VnpZcG0wYzh6cEdha3E2SE0KLS0tIFYzbDZXNWE1QXkwRmdZMnVBeGZt
|
||||
RXhSclcrZ29BVU5Ra2NRTFJkUnpyaEEK2ajXl7W2R4MEuhWwvekVk8U7KobthOhR
|
||||
gsXgwcWrQmC7c/5s6WD3y6OPhKLzUZb5mhohbm023+8WH0koODZs3A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2b01SMXJtTHhib2VrQ0hq
|
||||
YW5JQU85L3dXbDh5b3paZElCOWpwMG9QODBNCkR3UTJLSFZOOEFKUW1jbG5YNmJo
|
||||
ZGNaamlsZVJ2K2dxMjRKcFUxY3Y2NncKLS0tIEErUkN1WDgwajd1TjBFOURxQTdK
|
||||
aW0rSUVwbnJqaHdUTWxYWWRGNm5reDAKlQG5maCq2K8aFJRbuuzv9SyNhrxzjbFQ
|
||||
jtO2KoFX2gLFw90YFCsMFbaVO+xTcZQ7FQv0s4ktffudnT5zjuzFAg==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRMGs5Z0VmckdzWGdtdG5T
|
||||
U1cxYTMwRGplcUMzY1BsUTFmSnRLM296VmhRCk5ZaXQ0OGdUYlNyOTJYUjFYUFhI
|
||||
dFBEMnlhQ0RiMnRZRHdVVzVRSFJWNTQKLS0tIDFDSTRvdE1sWmNiWnJhcHJ0bFBo
|
||||
WWdxOG9qQmRuRnpkN2J2VVQwR3dsb0kKaQb/fAAoEMB1BKOtxDdTh3xkehNGBgLn
|
||||
L1payadZY8VaMOY76f/hLSNIvZ1qMidnFNXr1aWFw1dsFMeKyBmbrw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1w3jtd4lecn2ng8qxantw33qxl2uasfqfjfpx45u6uweexwtxyq4spwssmh
|
||||
- recipient: age1jpeh4s553taxkyxhzlshzqjfrtvmmp5lw0hmpgn3mdnmgzku332qe082dl
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0TzlkSHYwc1F6VWozTUhq
|
||||
dVZWVFVPc0F1V1gvV3d0M1NzT3dubWx6OFhRCmlaVHJuRDVRZnUwd0ttWkdYck51
|
||||
NUdFOThuSWhLRE1lUW5aOU85TmhXVzgKLS0tIFJXVkc3Q3hmQjNQay9BV3lVZ3Jk
|
||||
a2NDeTRTWGtxT0wyWEF1djlyQlhQYmcKy/liFdZyxuUp6eI7s+lANV0mcQWHOLFe
|
||||
4Cg92W0Xppv+J3W4W+rVwzyFWUrkTnBFfZHnN3nhz18Lm7FR7vs7oQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUK1dvYjIvbE1mOHFncnho
|
||||
Z0Rpbi9MT0xBTmZVREtqbkcyVC8zTFBRbzBrCkt3WGYvT0lyYXlodFgvelVONjl4
|
||||
b1dISURYR0s2c0swUEZZMHhwajdvVHMKLS0tIHpRT2hFTzRpSUdMdzB5Q281ejYx
|
||||
OGNIQk1mNjhjVSt4RkxaUVdhMGFtbVEKerfg6ALWIr35TYfv/BI4E4UQ8sN2CmJU
|
||||
T3hNcp0m6Vm+0kBZ+pBTA5OOm32/tg0szySf2FNrHT4ask+iueN2og==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-04-14T00:18:09Z"
|
||||
mac: ENC[AES256_GCM,data:S4QbCTp+rxSPumolno0FuSNvtvEZpA4E77S2mSliI5y4GJ5n/mx8SY07xbwqMzB3W9EgO0ZT+vvsx4N7jkZPBtr+m12/KwG8NcHZsBdXNi2TRi8CGZlCXFzRNQSjJRiYBMsdKwVCdm6Wxlf/PuCnNj0ShSU0IWaTzlSc0FhSeYM=,iv:Nv+rbtRCXZFAnDi0wzq2/qjdvr7535BkCogBqllmPGQ=,tag:OwTPYR4e8N/qGQvvOjh7SA==,type:str]
|
||||
lastmodified: "2024-04-15T06:36:15Z"
|
||||
mac: ENC[AES256_GCM,data:wf7GOhVD9CeVVRnnrdw/Mj98X8hRbQ0hEDHMEJ5H01vwoeA6hnum8sVaiqvypfuD1HAHQRsfrfiBArx0QA6WU8xBUHe3hZopwuTdsX8NhiUCSymSCjC2b6oINxuFcZ7GiAeSR3BAx/Gr5XPN9lq2SQYMPcxr+CkwPNCPULNKUOY=,iv:6zmP02tTF0jwiFaIB1lFwz2ZSHx4pGtLdkmA9D/+lC0=,tag:92hv/RMEETV9qD6oh5p/1g==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
|
|
|
@ -4,7 +4,12 @@
|
|||
sops.age.sshKeyPaths = [ "${config.mySystem.system.impermanence.sshPath}/ssh_host_ed25519_key" ];
|
||||
# Secret for machine-specific pushover
|
||||
sops.secrets."services/pushover/env" = {
|
||||
|
||||
sopsFile = ./secrets.sops.yaml;
|
||||
};
|
||||
sops.secrets.pushover-user-key = {
|
||||
sopsFile = ./secrets.sops.yaml;
|
||||
};
|
||||
sops.secrets.pushover-api-key = {
|
||||
sopsFile = ./secrets.sops.yaml;
|
||||
};
|
||||
|
||||
|
|
|
@ -18,6 +18,9 @@ with config;
|
|||
services.cockpit.enable = true;
|
||||
|
||||
nfs.nas.enable = true;
|
||||
system.resticBackup.local.enable = false;
|
||||
system.resticBackup.remote.enable = false;
|
||||
|
||||
};
|
||||
|
||||
boot = {
|
||||
|
|
30
partition.sh
|
@ -1,30 +0,0 @@
|
|||
## STILL WIP
|
||||
## Wanted to avoid bringing in complexity of disko
|
||||
|
||||
#!/usr/bin/env bash
|
||||
set -x
|
||||
|
||||
# Define variables
|
||||
drive="/dev/mmcblk1" # Change this to the desired drive, e.g., "/dev/sdb"
|
||||
swap_size="100MB" # Change this to the desired swap size
|
||||
|
||||
# Partitioning
|
||||
parted "${drive}" -- mklabel gpt -s
|
||||
parted "${drive}" -- mkpart root ext4 512MB -s# -"$swap_size"
|
||||
#parted "${drive}" -- mkpart swap linux-swap -"$swap_size" 100%
|
||||
parted "${drive}" -- mkpart ESP fat32 1MB 512MB -s
|
||||
parted "${drive}" -- set 3 esp on -s
|
||||
|
||||
# Formatting
|
||||
mkfs.ext4 -L nixos "${drive}p1"
|
||||
#mkswap -L swap "${drive}p2"
|
||||
mkfs.fat -F 32 -n boot "${drive}p3"
|
||||
|
||||
# Mounting disks for installation
|
||||
mount /dev/disk/by-label/nixos /mnt
|
||||
mkdir -p /mnt/boot
|
||||
mount /dev/disk/by-label/boot /mnt/boot
|
||||
swapon "${drive}p2"
|
||||
|
||||
# Generating default configuration
|
||||
nixos-generate-config --root /mnt
|
27
shell.nix
|
@ -8,13 +8,33 @@
|
|||
};
|
||||
system = builtins.currentSystem;
|
||||
overlays = [ ]; # Explicit blank overlay to avoid interference
|
||||
|
||||
|
||||
in
|
||||
import nixpkgs { inherit system overlays; }
|
||||
, ...
|
||||
}: {
|
||||
default = pkgs.mkShell {
|
||||
}:
|
||||
let
|
||||
# setup the ssssnaaake
|
||||
my-python = pkgs.python311;
|
||||
python-with-my-packages = my-python.withPackages
|
||||
(p: with p; [
|
||||
mkdocs-material
|
||||
mkdocs-minify
|
||||
pygments
|
||||
]);
|
||||
in
|
||||
pkgs.mkShell {
|
||||
# Enable experimental features without having to specify the argument
|
||||
NIX_CONFIG = "experimental-features = nix-command flakes";
|
||||
|
||||
buildInputs = [
|
||||
python-with-my-packages
|
||||
];
|
||||
shellHook = ''
|
||||
PYTHONPATH=${python-with-my-packages}/${python-with-my-packages.sitePackages}
|
||||
'';
|
||||
|
||||
nativeBuildInputs = with pkgs; [
|
||||
nix
|
||||
home-manager
|
||||
|
@ -25,6 +45,7 @@
|
|||
sops
|
||||
pre-commit
|
||||
gitleaks
|
||||
mkdocs
|
||||
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|