cy/nixos-config
cy/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: cy:4e1ac1e3b623a48f68a61272c0ee355bf89a62d9
Branches Tags
cy:main
cy:update
cy:2025-04-14
cy:2025-04-07
cy:2025-04-05
cy:2025-04-04
cy:staging
cy:dogfood-nixcp
cy:no-follows
cy:workflow-test
cy:update_flake_lock_action
cy:caddy-s3
cy:workflow-copy
cy:workflow-lix
cy:test-s3-cache
cy:temp
cy:attic
cy:helix
cy:test
cy:lix-test
cy:bitwarden-patch
cy:chromium
cy:new-attic
cy:canary
cy:downgrade-kernel
cy:soju
cy:kde
cy:shiori
cy:caddy-module
cy:anki-overlay
cy:nixpkgs-master
cy:lix
cy:pan-home
cy:pi
cy:pancake
cy:pancake-sd-image
cy:arm
cy:lix-404
cy:customize-kernel
cy:blueprint
cy:flake-utils
cy:conduwuit-flake
cy:ghostty
cy:zen
cy:lact-fix-test
cy:alvr-test
cy:workflow-refactor
cy:bump-conduwuit
cy:gollum
cy:build
cy:nginx
cy:iso
cy:flake-parts
cy:codespace
cy:sway
cy:minio
cy:garage-module
cy:garage-test
cy:vscode
cy:purge
cy:create-pull-request/patch
cy:garage
cy:harmonia
cy:impermanence
..
compare: cy:7c180248fb4cf47d19007c00a66bb3f27bac5acc
Branches Tags
cy:main
cy:update
cy:2025-04-14
cy:2025-04-07
cy:2025-04-05
cy:2025-04-04
cy:staging
cy:dogfood-nixcp
cy:no-follows
cy:workflow-test
cy:update_flake_lock_action
cy:caddy-s3
cy:workflow-copy
cy:workflow-lix
cy:test-s3-cache
cy:temp
cy:attic
cy:helix
cy:test
cy:lix-test
cy:bitwarden-patch
cy:chromium
cy:new-attic
cy:canary
cy:downgrade-kernel
cy:soju
cy:kde
cy:shiori
cy:caddy-module
cy:anki-overlay
cy:nixpkgs-master
cy:lix
cy:pan-home
cy:pi
cy:pancake
cy:pancake-sd-image
cy:arm
cy:lix-404
cy:customize-kernel
cy:blueprint
cy:flake-utils
cy:conduwuit-flake
cy:ghostty
cy:zen
cy:lact-fix-test
cy:alvr-test
cy:workflow-refactor
cy:bump-conduwuit
cy:gollum
cy:build
cy:nginx
cy:iso
cy:flake-parts
cy:codespace
cy:sway
cy:minio
cy:garage-module
cy:garage-test
cy:vscode
cy:purge
cy:create-pull-request/patch
cy:garage
cy:harmonia
cy:impermanence

No commits in common. "4e1ac1e3b623a48f68a61272c0ee355bf89a62d9" and "7c180248fb4cf47d19007c00a66bb3f27bac5acc" have entirely different histories.
4e1ac1e3b6 ... 7c180248fb

17 changed files with 87 additions and 195 deletions
Download patch file Download diff file Expand all files Collapse all files

4
.github/workflows/build-machines-and-homes.yml vendored
View file

@ -74,7 +74,7 @@ jobs:
run: |
package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel"
nix run git+https://git.cy7.sh/cy/nixcp.git -- \
--to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem&compression=zstd' \
--to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem&compression=none' \
-u https://nix-community.cachix.org \
-u https://nixcache.web.cy7.sh \
$package
@ -143,7 +143,7 @@ jobs:
run: |
package=".#homeConfigurations."${{ matrix.home }}".activationPackage"
nix run git+https://git.cy7.sh/cy/nixcp.git -- \
--to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem&compression=zstd' \
--to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem&compression=none' \
-u https://nix-community.cachix.org \
-u https://nixcache.web.cy7.sh \
$package

2
.github/workflows/build-packages.yml vendored
View file

@ -62,7 +62,7 @@ jobs:
if: '!cancelled()'
run: |
nix run git+https://git.cy7.sh/cy/nixcp.git -- \
--to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem&compression=zstd' \
--to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem&compression=none' \
-u https://nix-community.cachix.org \
-u https://nixcache.web.cy7.sh \
"${{ matrix.package }}"

6
.sops.yaml
View file

@ -135,10 +135,4 @@ creation_rules:
- *yt
- *cy
- *chunk
- path_regex: secrets/services/karakeep.yaml
key_groups:
- age:
- *yt
- *cy
- *chunk

54
flake.lock generated
View file

@ -114,11 +114,11 @@
"rocksdb": "rocksdb"
},
"locked": {
"lastModified": 1744169934,
"narHash": "sha256-5YyHmPUUrXXrczWayji9327knihVTKnmjX+vX6+p6d0=",
"lastModified": 1743780871,
"narHash": "sha256-xmDepDLHsIWiwpWYjhI40XOrV9jCKrYJQ+EK1EOIdRg=",
"owner": "girlbossceo",
"repo": "conduwuit",
"rev": "d8311a5ff672fdc4729d956af5e3af8646b0670d",
"rev": "4e5b87d0cd16f3d015f4b61285b369d027bb909d",
"type": "github"
},
"original": {
@ -610,11 +610,11 @@
]
},
"locked": {
"lastModified": 1744380363,
"narHash": "sha256-cXjAUuAfQDPSLSsckZuTioQ986iqSPTzx8D7dLAcC+Q=",
"lastModified": 1743783108,
"narHash": "sha256-Lg1cK7oGCNPOO1ts481m269WmdGNoigz8RNXLRE9Co0=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "e43c6bcb101ba3301522439c459288c4a248f624",
"rev": "bb036cb35383982066e01a6ac8d45597132cf5d5",
"type": "github"
},
"original": {
@ -826,11 +826,11 @@
]
},
"locked": {
"lastModified": 1743911143,
"narHash": "sha256-4j4JPwr0TXHH4ZyorXN5yIcmqIQr0WYacsuPA4ktONo=",
"lastModified": 1743306489,
"narHash": "sha256-LROaIjSLo347cwcHRfSpqzEOa2FoLSeJwU4dOrGm55E=",
"owner": "nix-community",
"repo": "nix-index-database",
"rev": "a36f6a7148aec2c77d78e4466215cceb2f5f4bfb",
"rev": "b3696bfb6c24aa61428839a99e8b40c53ac3a82d",
"type": "github"
},
"original": {
@ -846,11 +846,11 @@
]
},
"locked": {
"lastModified": 1744019307,
"narHash": "sha256-momo+rjA7KRbeujKxHK5dkZsWztPL0+wzyF28epVAdI=",
"lastModified": 1743410259,
"narHash": "sha256-tjdkPPkRT1Mj72yrpN8oUxYw9SaG8wOQWD3auS1bvSs=",
"owner": "nix-community",
"repo": "nix-ld",
"rev": "661e260728c51903cab5ad88b938fe4ce502be51",
"rev": "140451db1cadeef1e7e9e054332b67b7be808916",
"type": "github"
},
"original": {
@ -909,11 +909,11 @@
},
"nixpkgs-stable_3": {
"locked": {
"lastModified": 1744309437,
"narHash": "sha256-QZnNHM823am8apCqKSPdtnzPGTy2ZB4zIXOVoBp5+W0=",
"lastModified": 1743576891,
"narHash": "sha256-vXiKURtntURybE6FMNFAVpRPr8+e8KoLPrYs9TGuAKc=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "f9ebe33a928b5d529c895202263a5ce46bdf12f7",
"rev": "44a69ed688786e98a101f02b712c313f1ade37ab",
"type": "github"
},
"original": {
@ -989,11 +989,11 @@
},
"nixpkgs_6": {
"locked": {
"lastModified": 1744371553,
"narHash": "sha256-KjvhD+DkQsOAggIFyuxSAZIs84UahDb/O9ojpvyFNe0=",
"lastModified": 1743775863,
"narHash": "sha256-gUnR9qcZK/O20oQFn1ijz7Nn66qG2Sp7JprDFl+oQBo=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "6f061f35682410185d9a1582601e9241bfa6ad96",
"rev": "30705076a1748a2b2a1cf0539ea1665eef4d2f4a",
"type": "github"
},
"original": {
@ -1151,11 +1151,11 @@
]
},
"locked": {
"lastModified": 1744338850,
"narHash": "sha256-pwMIVmsb8fjjT92n5XFDqCsplcX70qVMMT7NulumPXs=",
"lastModified": 1743682350,
"narHash": "sha256-S/MyKOFajCiBm5H5laoE59wB6w0NJ4wJG53iAPfYW3k=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "5e64aecc018e6f775572609e7d7485fdba6985a7",
"rev": "c4a8327b0f25d1d81edecbb6105f74d7cf9d7382",
"type": "github"
},
"original": {
@ -1171,11 +1171,11 @@
]
},
"locked": {
"lastModified": 1744103455,
"narHash": "sha256-SR6+qjkPjGQG+8eM4dCcVtss8r9bre/LAxFMPJpaZeU=",
"lastModified": 1743756170,
"narHash": "sha256-2b11EYa08oqDmF3zEBLkG1AoNn9rB1k39ew/T/mSvbU=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "69d5a5a4635c27dae5a742f36108beccc506c1ba",
"rev": "cff8437c5fe8c68fc3a840a21bf1f4dc801da40d",
"type": "github"
},
"original": {
@ -1267,11 +1267,11 @@
]
},
"locked": {
"lastModified": 1744336496,
"narHash": "sha256-9nn2S/nGB0o0pFV3YUV4D6PM/2/w5+V6FpfPs7ByTgI=",
"lastModified": 1743731627,
"narHash": "sha256-gFvZTGlSGCl7MZ5MrihUf7pkIY0zwaUVhl/iUBto/3I=",
"owner": "nix-community",
"repo": "nix-vscode-extensions",
"rev": "f0555ec37883d2bddca658cad7bfe995bc195217",
"rev": "c8270f31af9c37e4fe5711567a6412460e94e9b7",
"type": "github"
},
"original": {

1
home/codium.nix
View file

@ -23,6 +23,7 @@
tamasfe.even-better-toml
golang.go
ms-python.python
christian-kohler.path-intellisense
];
userSettings =
let

1
home/kitty.nix
View file

@ -21,7 +21,6 @@
# see https://github.com/sharkdp/bat/issues/1077#issuecomment-652785399
"scrollback_pager" = "bat --pager='less -FR +G'";
# "scrollback_lines" = 20000;
wheel_scroll_multiplier = 50;
};
keybindings = {
# kitty_mod is ctrl+shift by default

22
hosts/chunk/default.nix
View file

@ -18,6 +18,7 @@
./grafana.nix
./conduwuit.nix
./immich.nix
./element.nix
./forgejo.nix
./garage.nix
./tailscale.nix
@ -46,14 +47,20 @@
"rsyncnet/id_ed25519" = {
sopsFile = ../../secrets/zh5061/chunk.yaml;
};
"attic/env" = {
sopsFile = ../../secrets/services/attic.yaml;
};
"garage/env" = {
sopsFile = ../../secrets/services/garage.yaml;
};
"tailscale/auth" = {
sopsFile = ../../secrets/services/tailscale.yaml;
};
"karakeep/env" = {
sopsFile = ../../secrets/services/karakeep.yaml;
"zipline/env" = {
sopsFile = ../../secrets/services/zipline.yaml;
};
"searx/env" = {
sopsFile = ../../secrets/services/searx.yaml;
};
};
@ -138,15 +145,13 @@
"podman"
];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPdhAQYy0+vS+QmyCd0MAbqbgzyMGcsuuFyf6kg2yKge"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPdhAQYy0+vS+QmyCd0MAbqbgzyMGcsuuFyf6kg2yKge yt@ytlinux"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOfubDWr0kRm2o4DqaK6l1s4NCdTkljXZWKWCiF5nX+6"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIA/IX9OFEhHS9Dl8nrtHkL7j7hhy7in9OAY/hVuzEGL0AAAABHNzaDo="
];
};
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPdhAQYy0+vS+QmyCd0MAbqbgzyMGcsuuFyf6kg2yKge yt@ytlinux"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOfubDWr0kRm2o4DqaK6l1s4NCdTkljXZWKWCiF5nX+6"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIA/IX9OFEhHS9Dl8nrtHkL7j7hhy7in9OAY/hVuzEGL0AAAABHNzaDo="
];
# for forgejo
users.users.git = {
@ -182,10 +187,9 @@
programs.git.enable = true;
my.caddy.enable = true;
# container stuff
my.containerization.enable = true;
my.authelia.enable = true;
my.karakeep = {
enable = true;
dataDir = "/opt/karakeep";
};
}

33
hosts/chunk/element.nix Normal file
View file

@ -0,0 +1,33 @@
{
pkgs,
config,
...
}:
{
virtualisation.oci-containers.containers.element = {
image = "vectorim/element-web";
autoStart = true;
ports = [ "127.0.0.1:8089:8089" ];
pull = "newer";
networks = [ "element-net" ];
environment = {
ELEMENT_WEB_PORT = "8089";
};
};
systemd.services.create-element-net = {
serviceConfig.Type = "oneshot";
wantedBy = with config.virtualisation.oci-containers; [
"${backend}-element.service"
];
script = ''
${pkgs.podman}/bin/podman network exists element-net || \
${pkgs.podman}/bin/podman network create element-net
'';
};
services.caddy.virtualHosts."element.cy7.sh".extraConfig = ''
import common
reverse_proxy localhost:8089
'';
}

5
hosts/chunk/garage.nix
View file

@ -17,12 +17,11 @@
};
admin.api_bind_addr = "[::]:3903";
rpc_bind_addr = "[::]:3901";
rpc_public_addr = "100.122.132.30:3901";
replication_factor = 1;
db_engine = "lmdb";
disable_scrub = true;
block_size = "128M";
compression_level = "none";
block_size = "16M";
compression_level = 3;
};
environmentFile = config.sops.secrets."garage/env".path;
logLevel = "warn";

2
hosts/ytnix/default.nix
View file

@ -274,6 +274,7 @@
enable = true;
# nix run github:thiagokokada/nix-alien#nix-alien-find-libs ./<binary>
libraries = with pkgs; [
# TODO: revisit what we actually need
mesa
extest
stdenv.cc.cc
@ -329,7 +330,6 @@
pcre2
gsettings-desktop-schemas
fzf
systemd
];
};
programs.evolution.enable = true;

22
modules/authelia.nix
View file

@ -49,14 +49,9 @@ in
webauthn = {
enable_passkey_login = true;
};
identity_providers.oidc.claims_policies = {
# https://github.com/karakeep-app/karakeep/issues/410
# https://www.authelia.com/integration/openid-connect/openid-connect-1.0-claims/#restore-functionality-prior-to-claims-parameter
karakeep.id_token = [ "email" ];
};
identity_providers.oidc.clients = [
{
client_id = "4EIrpRb9rnwHWjYWvlz2gYrtTmoOLF1D5gqXw28BvmOS0f-9T2p4CFwuctf4Co1hkpo2sd4Y";
client_id = "immich";
client_name = "immich";
client_secret = "$argon2id$v=19$m=65536,t=3,p=4$Vny2G8EbSPafSwnIuq2Zkg$eF2om4WDEaqCFmrAG27h2mYl+cXxXyttPJ7gaPLs+f8";
public = false;
@ -70,7 +65,7 @@ in
userinfo_signed_response_alg = "none";
}
{
client_id = "_kuUEYxyfXjInJCniwugpw2Qn6iI-YW24NOkHZG~63BAhnAACDZ.xsLqOdGghj2DNZxXR0sU";
client_id = "forgejo";
client_name = "Forgejo";
client_secret = "$argon2id$v=19$m=65536,t=3,p=4$O2O5r/7A8hc4EMvernQ4Dw$YOVqtwY3jv0HlcxmviPq2CRnD7Dw85V9KDtTSUQE7bA";
public = false;
@ -83,7 +78,7 @@ in
token_endpoint_auth_method = "client_secret_basic";
}
{
client_id = "b_ITCG0uNzy9lZ5nVC~Ny5R35te8I3hoQW1uraCbdxeiE9VuiCIelMmZZ7dAZLg_anTUWSQG";
client_id = "hedgedoc";
client_name = "HedgeDoc";
client_secret = "$argon2id$v=19$m=65536,t=3,p=4$MFSXW3gjIZf0M3e8s8RJCg$6KWwksJe2vdUebPEdYc0Zy88fzGcHPrbStcqkiXl+Hg";
public = false;
@ -99,17 +94,6 @@ in
audience = [];
token_endpoint_auth_method = "client_secret_post";
}
{
client_id = "0SbsGvw5APYJ4px~dv38rCVgXtK2XWrF1QvyuaFz48cgsNm-rAXkSgNOctfxS21IWOFSfsm5";
client_name = "Karakeep";
client_secret = "$pbkdf2-sha512$310000$4UanDZq.6oholJW3CmKwtQ$9e3hqR8qGU4LoneR/Y9jtJTx0iSzATI4iXymrs8QrmGw4JY1BPF4.IJ9Jbc.8cikU4qpfUIFO6r2dG7JHznCnw";
public = false;
authorization_policy = "two_factor";
redirect_uris = [ "https://keep.cy7.sh/api/auth/callback/custom" ];
scopes = [ "openid" "profile" "email" ];
userinfo_signed_response_alg = "none";
claims_policy = "karakeep";
}
];
};
secrets = {

3
modules/caddy.nix
View file

@ -49,8 +49,7 @@ in
respond / 200 {
body "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOfubDWr0kRm2o4DqaK6l1s4NCdTkljXZWKWCiF5nX+6
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPhUt9h5dCcrwOrZNKkStCX5OxumPzEwYXSU/0DgtWgP
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINyn2+OoRN4nExti+vFQ1NHEZip0slAoCH9C5/FzvgZD
sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIA/IX9OFEhHS9Dl8nrtHkL7j7hhy7in9OAY/hVuzEGL0AAAABHNzaDo="
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINyn2+OoRN4nExti+vFQ1NHEZip0slAoCH9C5/FzvgZD"
}
'';
};

4
modules/containerization.nix
View file

@ -30,10 +30,6 @@ in
};
# answer on /var/run/docker.sock
dockerSocket.enable = true;
autoPrune = {
enable = true;
dates = "daily";
};
};
docker.enable = lib.mkIf (!cfg.usePodman) true;
oci-containers.backend = lib.mkIf (!cfg.usePodman) "docker";

1
modules/default.nix
View file

@ -10,6 +10,5 @@
./searx.nix
./attic.nix
./authelia.nix
./karakeep.nix
];
}

81
modules/karakeep.nix
View file

@ -1,81 +0,0 @@
{ config, lib, ... }:
let
cfg = config.my.karakeep;
in
{
options.my.karakeep = {
enable = lib.mkEnableOption "karakeep";
dataDir = lib.mkOption {
type = lib.types.path;
};
port = lib.mkOption {
default = 3002;
description = "port for the web service";
type = lib.types.port;
};
domain = lib.mkOption {
default = "keep.cy7.sh";
type = lib.types.str;
};
environmentFile = lib.mkOption {
default = config.sops.secrets."karakeep/env".path;
type = lib.types.path;
};
};
config = lib.mkIf cfg.enable {
virtualisation.oci-containers.containers = {
karakeep-web = {
image = "ghcr.io/karakeep-app/karakeep:release";
pull = "newer";
volumes = [ "${cfg.dataDir}:/data" ];
ports = [ "${toString cfg.port}:3000"];
dependsOn = [
"karakeep-chrome"
"karakeep-meilisearch"
];
environment = {
MEILI_ADDR = "http://karakeep-meilisearch:7700";
BROWSER_WEB_URL = "http://karakeep-chrome:9222";
DATA_DIR = "/data";
NEXTAUTH_URL = "https://${cfg.domain}";
DISABLE_PASSWORD_AUTH = "true";
OAUTH_WELLKNOWN_URL = "https://auth.cy7.sh/.well-known/openid-configuration";
OAUTH_CLIENT_ID = "0SbsGvw5APYJ4px~dv38rCVgXtK2XWrF1QvyuaFz48cgsNm-rAXkSgNOctfxS21IWOFSfsm5";
OAUTH_PROVIDER_NAME = "Authelia";
OAUTH_ALLOW_DANGEROUS_EMAIL_ACCOUNT_LINKING = "true";
};
# needs NEXTAUTH_SECRET
environmentFiles = [ "${cfg.environmentFile}" ];
};
karakeep-chrome = {
image = "ghcr.io/zenika/alpine-chrome:latest";
pull = "newer";
cmd = [
"--no-sandbox"
"--disable-gpu"
"--disable-dev-shm-usage"
"--remote-debugging-address=0.0.0.0"
"--remote-debugging-port=9222"
"--hide-scrollbars"
];
};
karakeep-meilisearch = {
image = "getmeili/meilisearch:latest";
volumes = [ "meilisearch:/meili_data" ];
environment = {
MEILI_NO_ANALYTICS = "true";
};
# needs MEILI_MASTER_KEY
environmentFiles = [ "${cfg.environmentFile}" ];
};
};
services.caddy.virtualHosts.${cfg.domain}.extraConfig = ''
import common
reverse_proxy localhost:${toString cfg.port}
'';
};
}

6
secrets/services/hedgedoc.yaml
View file

@ -1,5 +1,5 @@
hedgedoc:
env: ENC[AES256_GCM,data:9xnOlQrk1qCyiAHSjmu8dvj2/z/BrJlngNGAQnMwvLsL0pnyvvyJLnYWTDYix1a9o8OJUNLw6Qhq7KbY4uXfxsNZkfGdVHwvkvhySjR2rcX/r90txqHJUUIxE/TzdsBvonzQ0F85KfXhsi69gKHp016gCj+jNf6CCY+tOVpt71el4Z+jzqLHasuQET8GctKJRzHOfNfCx/X2kJeb7RQl3JFC6/VmYT45bUk7uFfveFD9ao03wJwLKi27wO1WDrfpOigFdvkmqpbWZjaILYHYmkdhdlhr7w330CiCmGHT/ssmSPcu5cYUc8tjYPgpYLjusiUzpE5jmut5GaNwZsY9hNuow/mUVnQ/tCDH0ChOq0DQisJ07VMYlRII9tMdcuT4IbjjwiRcYlORAHsTFUuo5DCaDp8a4mx846BGp1YMQsvqJQgOe4x15VMpeB/ptxm79qxcLZKZ3BkiJaKmDdWsVk9RfqVgsxqiq16Me2EQhknO2s/oBjGOaoIiT4NEuRFQl0BIPgIMD0lYzKx0uDaYyclID5W0DqMI+SrcBd+WH/BB9HPdZx92rFe34PzjZse0i6+5UZHXUu8au6CyLMqGkUlzkSFwVT5W7Lv2m9P3+6YjgPRMaYbg8b6kmavB6EtjiqWtTbMKr3nxPVYJc5FRImvebfFqiLy5MWoNV6Qe7TUGIk6QtX2OWBhQ1UB+IpR+180QH7yw7UpgJ9EM8dD2m2/smar5P0BjAaqAFib++GzoB0OfFtxJNUjrejQC11tRWBXYvcHWwa78VbKPul0xqiEMmsAZufMix4lD1EgutTf1CXfv7l0rUpLwkYbWIq2hT5UI53L0YWJDl7zlhi94ANdXV8z8kCvMeXm2Fwl/vIgJ9JuFeVeVYPpXwx2coLBwE6uI4SuFvY1d4ojvzY8KftcHWO7srVzpuwrwW+6gKLwPQyEazv+sRKXAGo0ffMO2/2KRgOu9zGwaOFaNDAZ6gYFDWbPz6TMfNWHzfLEFK5BlVAL8KDb78IODUBYcMr2CX1Y=,iv:LDkuJgxIbohEVf7wmdtOZ/vlPddMYa7uzHGkL+0MnUM=,tag:pnJiCJydjTmUbS761fPUPw==,type:str]
env: ENC[AES256_GCM,data:hU4Ht9WkWknuYJ3yHZSm5o22wlssTNjPDZvgDi9DGEh8ULt2GzrEHfFHI9VcpyrbsLcw7HT5TuYrPibWMk4AEvqlZT/6UiyQFMso9mac6x7esf55RHTXr4F7gyC/eRDUE+mAzyhjB5xKaCUhaQpMOwA2t0zahtiaCzLvi/DXRo1jiB42Xt8Nwi1D+zRT3T/HYD8l7D+SZQQc6HC+WM/y7RIjEPcDeX/wTk+JqiGW++0D3GxCQgq6VOhw7EM4hs5aR659QVNICT9kJt9nxEsyU84nsws4MHzU53BvEY77rYZPvvrBSFJ+TnQJ0c/e8K2G9mgaEGkk/+Rmx3RbPQKuTNCzAJZ0m9g9XSwMHU/z5KkrxcI6xU1+JqpdL2Rx35JiNxbNNrlQSvXJFuGNSf0Z5l8RirKJL4HJXAsIPVZTxeJJ0rQflyb5hN63KH/vUTHJWucAFSRYwLHOgs4Yu7SKJjnWnrLYAK9K/eRprhe3Np3vTed13soZXjdB1Jz6lz3lUxZ4TpOb6E8rGt33GqACTp04DBkyUaxMg7fOQIi0riev9GcGNy1kQkDC5dOwWyQdSICIavBrL+4WRoK8xhsEMY8K58+TYfIm3XnWz6pSEl7OzdGNSFZJuwAPzGS065bCjHIlMxIUKlbx4rmGvecIGRLoa5a5XpFwVwPlH8IJ8LvDPXqyIBquL6IsoCNi+jVy7UV52WldqAAeC3+UJtD8LJj1FaWLkoshkSbcr5veZLtBnpOZsiPXtkn1qgRhCB0QjzNwz+AOJCamSn1R+i+JJN6Wja3mJytCrtoj0M6cc1beJBbam4PgxWd1CJE3zhstuqoktn9LdDZ3qNjPgRY3q4FPbjo53XvQQi/NgnPztMg2z7Rj8yeNtG+HjL2pfXIw9AXZwc19D+T7M5hR7jlD3117o+K2CeaC+wgfXPZ/xzIbhg==,iv:gvSOTStLJ5R4UaXj7gXQDCF4TAgway12yh1BtGz1Mvs=,tag:Jt+daURO+t8HME/m7tLEIw==,type:str]
sops:
age:
- recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn
@ -20,7 +20,7 @@ sops:
enlDZEI2NElkZkI3UmRyQUZqQWE5ZmcK2JlwNzVJNhGjyniIg9UY5tjgUKttkT3e
9C/xag3dQCiqzX1O3o5tdhYnxXw+VxVf+qTFyyuftg5iQPZNuvX6mA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-04-05T21:08:15Z"
mac: ENC[AES256_GCM,data:cPisYUoZWd/vd+wWzz3xTnftj1RdjK20dWFo+MKssm/eu7eCOWDIaZdcJg13gkTleBpMWQy/mG1drC6GLfGQiBmkS99UCPAoo0aLTBL4FbSm6FEXdbVjoOI7URu6Sj31drWCMAm+lXYymWsHwZJrNLhjsCTQsxTPvFq8oOdNlXo=,iv:KpmJoZ/BGEEhZ75jXfXxegNglm7k6mtleRuVud6tX2g=,tag:lsiqX+YSz4mGK6mw9gdKNg==,type:str]
lastmodified: "2025-04-04T17:04:50Z"
mac: ENC[AES256_GCM,data:RRkdyrxwrFs3r0SaNred5zTpz5CKf043+KWkFSvPFh0RbvIVyxzJKyfL9r7erifEMhPRJ7Hz5GKE4RAPA9yRLkA9C+416sZKfwdopqAe6zSRt4zd0QOPMdc2z3+07+1SP2ay/ZYCn6jjIyoBaki3t0DMv7e9a/OzFv3WfyjG/rg=,iv:K41muQnynaGoZsBquNF0SNFgssLF9KGzBz8siagI+38=,tag:jkWbWBloSbUSJXl9jedAMQ==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.1

35
secrets/services/karakeep.yaml
View file

@ -1,35 +0,0 @@
karakeep:
env: ENC[AES256_GCM,data:SWc26EQaKR5d9hMDYzVHA/r7XfjwFZ0d44Co0IS6OayR24ej7yqLAtkNttROKoKFuYc0sHgN9bOy4MyX0s3qiSWYovIIUJgFiJjPQFYDAo+50WR4+5W5FgvYI6e42fcWrQhaCXWQrDyzch/zT2OITZsjXcQhT5E+IiPLVkaGOjGptE07GjM7ZXI4UxBzINFQOhxdfIO0km1o6Wq8GhJdWsz4exz4ahRslR+WjK/flV2GZVAj6EHSJ5sHohm74QlhxaShEbc/8IKP6R2gSjBFP7l8VvwFyIUD9sLzYGvS3iU=,iv:gSPQU0bZ+VRFbuaNDc90dW0ogWX2SMH7kewtq/u/11E=,tag:L0Y4EWSQUhcn2eHt+yZ7qQ==,type:str]
sops:
age:
- recipient: age1sy0at69err83qyml2vqu8xvwjccfws447aaadfvacj2qluw3p45s2mtrw8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIaWQ1Q1JwRHJxQjNjdTAx
TXRsWjVZOG1mNEptNVhscHBaK2I5MHhjdlFjCkNqOEhwT3hyOHpHQ2k0ZmowUXB4
eks2dlpUS0V6VjBEYW9UWnhFOEw4VGsKLS0tIFo2a0FTRE5WdHBGVW5DOUFkaE9p
bitvUnJXSnB6UnV3VTEzSjlSYmEwVUEKHOwFCRu+SIyM0uJ6bNEAo+MMlsc8la6G
bLYdCoykcBu+uVXqn3BYTbrS5ylQMRYcbcPFJw5BVdmjIYF4LU5W6A==
-----END AGE ENCRYPTED FILE-----
- recipient: age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrU2ZnNVAyeVdJeHlTSW1x
QUhKRzlNclVUWE1ucHFLZW5sL1lnUDhkd0Y4CjFuekNEOE1icDNqL1JyT0hEYW16
Q2VyajJFWWtGUnBzOENGOEZHbWROZzAKLS0tIE8wMVc3TkV5Y1VyenIvOW02NDNq
cStTeUcvY1pJWEN2MzFEeThKT0JPc1EKXrtVG49a6YZVKiL1F8Xg3t3niTYv3LwN
NeAQ8srV0F6ckky7OCkvUp9GInZCWRzULXV/x+4IUb6C+KQaNm2vYA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFdDdUSUlmMk5VcytyT01N
UmRaK2k5Wkh5SlhPT3QrczY2eW9vZk5KWFZBCnBteitnNFlHdWRaaTRxSWYvYmtG
ZnY5ZXlYa3Z5aENlRy9BQjVSU1F3UzQKLS0tIFpjN1dOaWNKaU9PaENyaXc1K3BU
K2orZ0Y2Z05LSUZ5WHQ4TnVVY0QwSzQKiUQT4aSxXnaq0kEMp+q5WnIUoGypEmZ+
DQEhkB9yu/BrkjXH+HGQr1W5B4sJyb5rnl0+SQ+IypRIRyaX4CdFxg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-04-05T19:44:58Z"
mac: ENC[AES256_GCM,data:OmqsJI9BaICOTiH1cq4gZlNBbkAxn/pAOWBtkIjHdqpikABLG6fMY+sLpyeaovXjexIj9MZk7fPmV8dRZ5VNLHCqlYXK/cVoQBZ2HK+p/cGTAFelNAShu9NSgZdFmVgJJtOjVvFp8dtuY8VcQj861k/MPX0mNZt9pmXYdumjpNM=,iv:efHkp1KUctwtCjG9A8i5qs7nQfQqv2ya1yYlHHOt8pU=,tag:4lChpspl0oOUMiXzvGuA2Q==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.1