diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 413b892..eded224 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -3,6 +3,16 @@ on: workflow_dispatch: push: pull_request: +env: + ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }} + NIX_CONFIG: | + show-trace = true + extra-substituters = https://cache.cy7.sh/main + extra-trusted-public-keys = main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0= + experimental-features = nix-command flakes + extra-experimental-features = nix-command flakes + accept-flake-config = true + TERM: ansi jobs: build-machines: strategy: @@ -27,20 +37,11 @@ jobs: remove-docker-images: 'true' build-mount-path: /nix - name: Install Nix - uses: cachix/install-nix-action@v30 - with: - install_url: https://releases.nixos.org/nix/nix-2.25.4/install - extra_nix_config: 'accept-flake-config = true' + uses: nixbuild/nix-quick-install-action@master - name: Sync repository uses: actions/checkout@v4 with: persist-credentials: false - - uses: cachix/cachix-action@v14 - with: - name: cything - authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' - useDaemon: false - installCommand: nix profile install nixpkgs#cachix - name: Restore and cache Nix store uses: nix-community/cache-nix-action@v5.1.0 with: @@ -58,7 +59,17 @@ jobs: purge-primary-key: never # always save the cache save-always: true - - run: nix build -L .#nixosConfigurations.${{ matrix.machine }}.config.system.build.toplevel + - name: setup attic + run: | + nix profile install github:zhaofengli/attic + attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" + - name: build and cache + run: | + package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" + nix build -L "$package" + derivation="$(nix path-info --derivation "$package")" + cache="$(nix-store --query --requisites --include-outputs "$derivation")" + attic push main --stdin <<< "$cache" build-homes: strategy: matrix: @@ -86,12 +97,6 @@ jobs: uses: actions/checkout@v4 with: persist-credentials: false - - uses: cachix/cachix-action@v14 - with: - name: cything - authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' - useDaemon: false - installCommand: nix profile install nixpkgs#cachix - name: Restore and cache Nix store uses: nix-community/cache-nix-action@v5.1.0 with: @@ -109,4 +114,14 @@ jobs: purge-primary-key: never # always save the cache save-always: true - - run: nix build -L .#homeConfigurations."${{ matrix.home }}".activationPackage + - name: setup attic + run: | + nix profile install github:zhaofengli/attic + attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" + - name: build and cache + run: | + package=".#homeConfigurations."${{ matrix.home }}".activationPackage" + nix build -L "$package" + derivation="$(nix path-info --derivation "$package")" + cache="$(nix-store --query --requisites --include-outputs "$derivation")" + attic push main --stdin <<< "$cache" diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index 72fc72c..d23da13 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -6,6 +6,16 @@ on: description: "package to build" required: false type: string +env: + ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }} + NIX_CONFIG: | + show-trace = true + extra-substituters = https://cache.cy7.sh/main + extra-trusted-public-keys = main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0= + experimental-features = nix-command flakes + extra-experimental-features = nix-command flakes + accept-flake-config = true + TERM: ansi jobs: build-packages: strategy: @@ -22,17 +32,25 @@ jobs: steps: - name: Install Nix uses: cachix/install-nix-action@v30 - - name: Sync repository uses: actions/checkout@v4 with: persist-credentials: false - - - uses: cachix/cachix-action@v14 - with: - name: cything - authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' - useDaemon: false - installCommand: nix profile install nixpkgs#cachix - + - name: setup attic + run: | + nix profile install github:zhaofengli/attic + attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" - run: nix build -L ${{ matrix.package }} + - name: cache result + run: | + derivation="$(nix path-info --derivation "${{ matrix.package }}")" + cache="$(nix-store --query --requisites --include-outputs "$derivation")" + attic push main --stdin <<< "$cache" + - name: prepare tarball to upload + run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result + - name: upload result + uses: actions/upload-artifact@v4 + with: + name: ${{ matrix.os }} + path: result.tar + if-no-files-found: error diff --git a/.sops.yaml b/.sops.yaml index 6276e76..cb7e65d 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -118,9 +118,8 @@ creation_rules: - age: - *chunk - *cy - - path_regex: secrets/services/searx.yaml key_groups: - age: - *chunk - - *cy \ No newline at end of file + - *cy diff --git a/flake.lock b/flake.lock index 7696580..eebf547 100644 --- a/flake.lock +++ b/flake.lock @@ -2,12 +2,22 @@ "nodes": { "attic": { "inputs": { - "crane": "crane", - "flake-compat": "flake-compat", - "flake-parts": "flake-parts", + "crane": [ + "crane" + ], + "flake-compat": [ + "flake-compat" + ], + "flake-parts": [ + "flake-parts" + ], "nix-github-actions": "nix-github-actions", - "nixpkgs": "nixpkgs", - "nixpkgs-stable": "nixpkgs-stable" + "nixpkgs": [ + "nixpkgs" + ], + "nixpkgs-stable": [ + "nixpkgs-stable" + ] }, "locked": { "lastModified": 1738524606, @@ -19,7 +29,6 @@ }, "original": { "owner": "zhaofengli", - "ref": "main", "repo": "attic", "type": "github" } @@ -27,9 +36,9 @@ "cachix": { "inputs": { "devenv": "devenv", - "flake-compat": "flake-compat_2", + "flake-compat": "flake-compat", "git-hooks": "git-hooks", - "nixpkgs": "nixpkgs_4" + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1737621947, @@ -63,7 +72,7 @@ "cachix", "devenv" ], - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs" }, "locked": { "lastModified": 1728672398, @@ -83,11 +92,11 @@ "complement": { "flake": false, "locked": { - "lastModified": 1741378155, - "narHash": "sha256-rJSfqf3q4oWxcAwENtAowLZeCi8lktwKVH9XQvvZR64=", + "lastModified": 1741891349, + "narHash": "sha256-YvrzOWcX7DH1drp5SGa+E/fc7wN3hqFtPbqPjZpOu1Q=", "owner": "girlbossceo", "repo": "complement", - "rev": "1502a00d8551d0f6e8954a23e43868877c3e57d9", + "rev": "e587b3df569cba411aeac7c20b6366d03c143745", "type": "github" }, "original": { @@ -99,7 +108,9 @@ }, "conduwuit": { "inputs": { - "attic": "attic", + "attic": [ + "attic" + ], "cachix": "cachix", "complement": "complement", "crane": [ @@ -120,11 +131,11 @@ "rocksdb": "rocksdb" }, "locked": { - "lastModified": 1741642109, - "narHash": "sha256-vO66C3rCb4lz3NU012fZj8+5BaFGuOCq/BJqiOXpqSA=", + "lastModified": 1742163799, + "narHash": "sha256-00cdNSSAOCGQpWRq7mauC1cm55hQ3JJ9phW7f2TLZes=", "owner": "girlbossceo", "repo": "conduwuit", - "rev": "c4b05e77f3dd66636e26b64f8f4852703816c399", + "rev": "658c19d55eb5fdf30f27e189c414208e2eae6e24", "type": "github" }, "original": { @@ -134,34 +145,12 @@ } }, "crane": { - "inputs": { - "nixpkgs": [ - "conduwuit", - "attic", - "nixpkgs" - ] - }, "locked": { - "lastModified": 1722960479, - "narHash": "sha256-NhCkJJQhD5GUib8zN9JrmYGMwt4lCRp6ZVNzIiYCl0Y=", + "lastModified": 1742143293, + "narHash": "sha256-8oKPsMlqlOQ7qnTWvhBEcfVFY1WqHIcSilGVtaLAquw=", "owner": "ipetkov", "repo": "crane", - "rev": "4c6c77920b8d44cd6660c1621dea6b3fc4b4c4f4", - "type": "github" - }, - "original": { - "owner": "ipetkov", - "repo": "crane", - "type": "github" - } - }, - "crane_2": { - "locked": { - "lastModified": 1741481578, - "narHash": "sha256-JBTSyJFQdO3V8cgcL08VaBUByEU6P5kXbTJN6R0PFQo=", - "owner": "ipetkov", - "repo": "crane", - "rev": "bb1c9567c43e4434f54e9481eb4b8e8e0d50f0b5", + "rev": "de3bb0155823298161c1c0a7805f10d4b4074bbb", "type": "github" }, "original": { @@ -228,22 +217,6 @@ } }, "flake-compat": { - "flake": false, - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_2": { "flake": false, "locked": { "lastModified": 1733328505, @@ -259,7 +232,7 @@ "type": "github" } }, - "flake-compat_3": { + "flake-compat_2": { "locked": { "lastModified": 1733328505, "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", @@ -275,28 +248,6 @@ } }, "flake-parts": { - "inputs": { - "nixpkgs-lib": [ - "conduwuit", - "attic", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1722555600, - "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "8471fe90ad337a8074e957b69ca4d0089218391d", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-parts_2": { "inputs": { "nixpkgs-lib": [ "conduwuit", @@ -320,7 +271,7 @@ "type": "github" } }, - "flake-parts_3": { + "flake-parts_2": { "inputs": { "nixpkgs-lib": [ "nixpkgs" @@ -391,6 +342,38 @@ "type": "github" } }, + "garage": { + "inputs": { + "crane": [ + "crane" + ], + "flake-compat": [ + "flake-compat" + ], + "flake-utils": [ + "flake-utils" + ], + "nixpkgs": [ + "nixpkgs" + ], + "rust-overlay": [ + "rust-overlay" + ] + }, + "locked": { + "lastModified": 1741360584, + "narHash": "sha256-5UkuvKllBRhU943imyc0jHDXQDVhIFx5WWUr3qrLEWQ=", + "owner": "deuxfleurs-org", + "repo": "garage", + "rev": "c96be1a9a8aa3b51075678888b80c2414ead2909", + "type": "github" + }, + "original": { + "owner": "deuxfleurs-org", + "repo": "garage", + "type": "github" + } + }, "git-hooks": { "inputs": { "flake-compat": [ @@ -404,7 +387,7 @@ "cachix", "nixpkgs" ], - "nixpkgs-stable": "nixpkgs-stable_2" + "nixpkgs-stable": "nixpkgs-stable" }, "locked": { "lastModified": 1733318908, @@ -472,11 +455,11 @@ ] }, "locked": { - "lastModified": 1741701235, - "narHash": "sha256-gBlb8R9gnjUAT5XabJeel3C2iEUiBHx3+91651y3Sqo=", + "lastModified": 1741955947, + "narHash": "sha256-2lbURKclgKqBNm7hVRtWh0A7NrdsibD0EaWhahUVhhY=", "owner": "nix-community", "repo": "home-manager", - "rev": "c630dfa8abcc65984cc1e47fb25d4552c81dd37e", + "rev": "4e12151c9e014e2449e0beca2c0e9534b96a26b4", "type": "github" }, "original": { @@ -593,11 +576,11 @@ "pre-commit-hooks": "pre-commit-hooks" }, "locked": { - "lastModified": 1741700536, - "narHash": "sha256-0OJER7bI6UsCFnKfKdLtgjpOTNccbN3N1dDriP4XRwA=", + "lastModified": 1742165831, + "narHash": "sha256-/ssmsf50UERQNlOcUuyfvigcnCNckAhAPZMo0+Y3mdY=", "ref": "refs/heads/main", - "rev": "be1491fa6aef638e0147b81ff172131d6db668d9", - "revCount": 17635, + "rev": "2a336813ad2a4d64d027830507276da32927d215", + "revCount": 17664, "type": "git", "url": "https://git.lix.systems/lix-project/lix" }, @@ -620,11 +603,11 @@ ] }, "locked": { - "lastModified": 1738176840, - "narHash": "sha256-NG3IRvRs3u3btVCN861FqHvgOwqcNT/Oy6PBG86F5/E=", + "lastModified": 1741894565, + "narHash": "sha256-2FD0NDJbEjUHloVrtEIms5miJsj1tvQCc/0YK5ambyc=", "ref": "refs/heads/main", - "rev": "621aae0f3cceaffa6d73a4fb0f89c08d338d729e", - "revCount": 133, + "rev": "a6da43f8193d9e329bba1795c42590c27966082e", + "revCount": 136, "type": "git", "url": "https://git.lix.systems/lix-project/nixos-module" }, @@ -666,9 +649,9 @@ "cachix", "devenv" ], - "flake-parts": "flake-parts_2", + "flake-parts": "flake-parts", "libgit2": "libgit2", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_2", "nixpkgs-23-11": [ "conduwuit", "cachix", @@ -719,7 +702,6 @@ "nix-github-actions": { "inputs": { "nixpkgs": [ - "conduwuit", "attic", "nixpkgs" ] @@ -745,11 +727,11 @@ ] }, "locked": { - "lastModified": 1741619381, - "narHash": "sha256-koZtlJRqi0/MD/AKd0KrXLA2NuBOVzlIyAJprjzpxZE=", + "lastModified": 1742174123, + "narHash": "sha256-pDNzMoR6m1ZSJToZQ6XDTLVSdzIzmFl1b8Pc3f7iV6Y=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "66537fb185462ba9b07f4e6f2d54894a1b2d04ab", + "rev": "2cfb4e1ca32f59dd2811d7a6dd5d4d1225f0955c", "type": "github" }, "original": { @@ -796,16 +778,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1726042813, - "narHash": "sha256-LnNKCCxnwgF+575y0pxUdlGZBO/ru1CtGHIqQVfvjlA=", + "lastModified": 1730531603, + "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "159be5db480d1df880a0135ca0bfed84c2f88353", + "rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixpkgs-unstable", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } @@ -827,22 +809,6 @@ } }, "nixpkgs-stable": { - "locked": { - "lastModified": 1724316499, - "narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-24.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-stable_2": { "locked": { "lastModified": 1730741070, "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=", @@ -858,13 +824,13 @@ "type": "github" } }, - "nixpkgs-stable_3": { + "nixpkgs-stable_2": { "locked": { - "lastModified": 1741600792, - "narHash": "sha256-yfDy6chHcM7pXpMF4wycuuV+ILSTG486Z/vLx/Bdi6Y=", + "lastModified": 1742136038, + "narHash": "sha256-DDe16FJk18sadknQKKG/9FbwEro7A57tg9vB5kxZ8kY=", "owner": "nixos", "repo": "nixpkgs", - "rev": "ebe2788eafd539477f83775ef93c3c7e244421d3", + "rev": "a1185f4064c18a5db37c5c84e5638c78b46e3341", "type": "github" }, "original": { @@ -875,22 +841,6 @@ } }, "nixpkgs_2": { - "locked": { - "lastModified": 1730531603, - "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { "locked": { "lastModified": 1717432640, "narHash": "sha256-+f9c4/ZX5MWDOuB1rKoWj+lBNm0z0rs4CK47HBLxy1o=", @@ -906,7 +856,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_3": { "locked": { "lastModified": 1733212471, "narHash": "sha256-M1+uCoV5igihRfcUKrr1riygbe73/dzNnzPsmaLCmpo=", @@ -922,13 +872,13 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_4": { "locked": { - "lastModified": 1741692589, - "narHash": "sha256-t1BrOTAUIkRY4YlSspERzz5iaFbzJTIE6mhLmnWrDaA=", + "lastModified": 1742140672, + "narHash": "sha256-WhUVudt/iXRFhMTzuT594/Ho/zCZ3KH3IkwInRD3xa4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "a7010334ad6d8082bb8aa5dd2e37bf3b98b1a713", + "rev": "329ca25a90a27b20526164767a3309d0066a00ca", "type": "github" }, "original": { @@ -949,11 +899,11 @@ "nuschtosSearch": "nuschtosSearch" }, "locked": { - "lastModified": 1741637833, - "narHash": "sha256-1uBkdOwxNmkdXXjoycnEBZUoHZ/22GitQRVXjZlsVK0=", + "lastModified": 1741814789, + "narHash": "sha256-NbHsnnNwiYUcUaS4z8XK2tYpo3G8NXEKxaKkzMgMiLk=", "owner": "nix-community", "repo": "nixvim", - "rev": "bc34099731a7e3799c0d52ccdf4599409a2ef9b9", + "rev": "33097dcf776d1fad0ff3842096c4e3546312f251", "type": "github" }, "original": { @@ -1078,11 +1028,13 @@ }, "root": { "inputs": { + "attic": "attic", "conduwuit": "conduwuit", - "crane": "crane_2", - "flake-compat": "flake-compat_3", - "flake-parts": "flake-parts_3", + "crane": "crane", + "flake-compat": "flake-compat_2", + "flake-parts": "flake-parts_2", "flake-utils": "flake-utils", + "garage": "garage", "home-manager": "home-manager", "lanzaboote": "lanzaboote", "lix": "lix", @@ -1090,8 +1042,8 @@ "nil": "nil", "nix-index-database": "nix-index-database", "nix-ld": "nix-ld", - "nixpkgs": "nixpkgs_5", - "nixpkgs-stable": "nixpkgs-stable_3", + "nixpkgs": "nixpkgs_4", + "nixpkgs-stable": "nixpkgs-stable_2", "nixvim": "nixvim", "nvim-github-theme": "nvim-github-theme", "pixelflasher": "pixelflasher", @@ -1125,11 +1077,11 @@ ] }, "locked": { - "lastModified": 1741660300, - "narHash": "sha256-0jldJ58sC5RjqwpwE+ER+RPMeX4Moz5im/evQ3SU/dU=", + "lastModified": 1742178793, + "narHash": "sha256-S2onMdoDS4tIYd3/Jc5oFEZBr2dJOgPrh9KzSO/bfDw=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "ac2f556db0eb5cbba3c4f5f5989c46330f439b0b", + "rev": "954582a766a50ebef5695a9616c93b5386418c08", "type": "github" }, "original": { @@ -1145,11 +1097,11 @@ ] }, "locked": { - "lastModified": 1741644481, - "narHash": "sha256-E0RrMykMtEv15V3QhpsFutgoSKhL1JBhidn+iZajOyg=", + "lastModified": 1741861888, + "narHash": "sha256-ynOgXAyToeE1UdLNfrUn/hL7MN0OpIS2BtNdLjpjPf0=", "owner": "Mic92", "repo": "sops-nix", - "rev": "e653d71e82575a43fe9d228def8eddb73887b866", + "rev": "d016ce0365b87d848a57c12ffcfdc71da7a2b55f", "type": "github" }, "original": { @@ -1218,11 +1170,11 @@ ] }, "locked": { - "lastModified": 1741704640, - "narHash": "sha256-FSvtxhfB0PQtFOj8PMfcgUG1QVaQzjTZvAxLiqDysKI=", + "lastModified": 1742176409, + "narHash": "sha256-jaTi5Tn5EIvYxThnNs4lFXWROCh8ihgSeORZ9Z1EClc=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "27f37976beb94100b18ab8407ff056654db68506", + "rev": "002ff77f2ab6417997c5e33883c754f8b23dc11d", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 29fc0ab..3f362e2 100644 --- a/flake.nix +++ b/flake.nix @@ -44,6 +44,7 @@ crane.follows = "crane"; flake-compat.follows = "flake-compat"; flake-utils.follows = "flake-utils"; + attic.follows = "attic"; }; }; lix-module = { @@ -77,6 +78,26 @@ inputs.nixpkgs.follows = "nixpkgs"; }; pixelflasher.url = "github:cything/nixpkgs/pixelflasher"; + attic = { + url = "github:zhaofengli/attic"; + inputs = { + nixpkgs.follows = "nixpkgs"; + nixpkgs-stable.follows = "nixpkgs-stable"; + flake-compat.follows = "flake-compat"; + flake-parts.follows = "flake-parts"; + crane.follows = "crane"; + }; + }; + garage = { + url = "github:deuxfleurs-org/garage"; + inputs = { + nixpkgs.follows = "nixpkgs"; + rust-overlay.follows = "rust-overlay"; + crane.follows = "crane"; + flake-compat.follows = "flake-compat"; + flake-utils.follows = "flake-utils"; + }; + }; nvim-github-theme = { url = "github:projekt0n/github-nvim-theme"; @@ -93,12 +114,12 @@ extra-substituters = [ "https://nix-community.cachix.org" "https://cache.garnix.io" - "https://cything.cachix.org" + "https://cache.cy7.sh/main" ]; extra-trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" - "cything.cachix.org-1:xqW1W5NNL+wrM9wfSELb0MLj/harD2ZyB4HbdaMyvPI=" + "main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0=" ]; builders-use-substitutes = true; }; diff --git a/home/codium.nix b/home/codium.nix index 2d7bb9d..935866b 100644 --- a/home/codium.nix +++ b/home/codium.nix @@ -10,8 +10,7 @@ extensions = # if unfree # with pkgs.vscode-marketplace; - with pkgs.open-vsx; - [ + with pkgs.open-vsx; [ vscodevim.vim jnoortheen.nix-ide github.github-vscode-theme @@ -21,6 +20,8 @@ tomrijndorp.find-it-faster streetsidesoftware.code-spell-checker emilast.logfilehighlighter + tamasfe.even-better-toml + golang.go ]; userSettings = let diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 9b20a66..3ec6aeb 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -102,6 +102,7 @@ pixelflasher element-desktop freetube + gopls ]; home.sessionVariables = { @@ -112,13 +113,13 @@ RUSTC_WRAPPER = "${lib.getExe pkgs.sccache}"; SCCACHE_BUCKET = "sccache"; SCCACHE_REGION = "us-east-1"; - SCCACHE_ENDPOINT = "https://e3e97aac307d106a7becea43cef8fcbd.r2.cloudflarestorage.com"; + SCCACHE_ENDPOINT = "https://s3.cy7.sh"; SCCACHE_ALLOW_CORE_DUMPS = "true"; SCCACHE_S3_USE_SSL = "true"; SCCACHE_CACHE_MULTIARCH = "true"; SCCACHE_LOG = "warn"; AWS_DEFAULT_REGION = "us-east-1"; - AWS_ENDPOINT_URL = "https://e3e97aac307d106a7becea43cef8fcbd.r2.cloudflarestorage.com"; + AWS_ENDPOINT_URL = "https://s3.cy7.sh"; AWS_ACCESS_KEY_ID = "$(cat /run/secrets/aws/key_id)"; AWS_SECRET_ACCESS_KEY = "$(cat /run/secrets/aws/key_secret)"; diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index 465e0b9..9a621c4 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -22,7 +22,6 @@ ./forgejo.nix ./garage.nix ./tailscale.nix - ./tor.nix ]; sops.age.keyFile = "/root/.config/sops/age/keys.txt"; @@ -101,22 +100,18 @@ ${tc} qdisc del dev ens18 root || true # create HTB hierarchy - ${tc} qdisc add dev ens18 root handle 1: htb default 30 + ${tc} qdisc add dev ens18 root handle 1: htb default 10 ${tc} class add dev ens18 parent 1: classid 1:1 htb rate 100% ceil 100% - # tailscale - ${tc} class add dev ens18 parent 1:1 classid 1:10 htb rate 30% ceil 100% - # caddy - ${tc} class add dev ens18 parent 1:1 classid 1:20 htb rate 30% ceil 100% # rest + ${tc} class add dev ens18 parent 1:1 classid 1:10 htb rate 60% ceil 100% + # caddy ${tc} class add dev ens18 parent 1:1 classid 1:30 htb rate 40% ceil 100% # mark traffic - iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/tailscaled.service" -j MARK --set-mark 1 - iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/caddy.service" -j MARK --set-mark 2 + iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/caddy.service" -j MARK --set-mark 3 # route marked packets - ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 1 fw flowid 1:10 - ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 2 fw flowid 1:20 + ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 3 fw flowid 1:30 ''; }; interfaces.ens18 = { @@ -200,4 +195,5 @@ my.roundcube.enable = true; my.zipline.enable = true; my.searx.enable = true; + my.attic.enable = true; } diff --git a/hosts/chunk/garage.nix b/hosts/chunk/garage.nix index 0dade9f..81b4af3 100644 --- a/hosts/chunk/garage.nix +++ b/hosts/chunk/garage.nix @@ -10,15 +10,13 @@ api_bind_addr = "[::]:3900"; root_domain = "s3.cy7.sh"; }; - s3_web = { - bind_addr = "[::]:3902"; - root_domain = ".web.s3.cy7.sh"; - index = "index.html"; - }; admin.api_bind_addr = "[::]:3903"; rpc_bind_addr = "[::]:3901"; replication_factor = 1; db_engine = "lmdb"; + disable_scrub = true; + block_size = "10M"; + compression_level = "none"; }; environmentFile = config.sops.secrets."garage/env".path; }; @@ -31,10 +29,6 @@ reverse_proxy localhost:3900 ''; }; - "*.web.s3.cy7.sh".extraConfig = '' - import common - reverse_proxy localhost:3902 - ''; "admin.s3.cy7.sh".extraConfig = '' import common reverse_proxy localhost:3903 diff --git a/hosts/chunk/grafana.nix b/hosts/chunk/grafana.nix index ee5a382..f79a7ff 100644 --- a/hosts/chunk/grafana.nix +++ b/hosts/chunk/grafana.nix @@ -29,6 +29,14 @@ } ]; } + { + job_name = "garage"; + static_configs = [ + { + targets = [ "127.0.0.1:3903" ]; + } + ]; + } ]; }; diff --git a/hosts/chunk/rclone.nix b/hosts/chunk/rclone.nix index 4b33e34..60d4e0e 100644 --- a/hosts/chunk/rclone.nix +++ b/hosts/chunk/rclone.nix @@ -15,30 +15,20 @@ serviceConfig = { Type = "notify"; ExecStartPre = "/usr/bin/env mkdir -p /mnt/photos"; - ExecStart = "${lib.getExe pkgs.rclone} mount --config ${ - config.sops.secrets."rclone/config".path - } --cache-dir /var/cache/rclone --transfers=32 --checkers=32 --dir-cache-time 72h --vfs-cache-mode writes --vfs-cache-max-size 2G photos: /mnt/photos "; + ExecStart = '' + ${lib.getExe pkgs.rclone} mount \ + --config ${config.sops.secrets."rclone/config".path} \ + --cache-dir /var/cache/rclone \ + --transfers=32 \ + --dir-cache-time 30d \ + --vfs-cache-mode writes \ + --vfs-cache-max-size 2G \ + photos: /mnt/photos + ''; ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/photos"; }; }; - systemd.services.attic-mount = { - enable = true; - description = "Mount the attic data remote"; - requires = [ "network-online.target" ]; - after = [ "network-online.target" ]; - requiredBy = [ "atticd.service" ]; - before = [ "atticd.service" ]; - serviceConfig = { - Type = "notify"; - ExecStartPre = "/usr/bin/env mkdir -p /mnt/attic"; - ExecStart = "${lib.getExe pkgs.rclone} mount --config ${ - config.sops.secrets."rclone/config".path - } --cache-dir /var/cache/rclone --transfers=32 --checkers=32 --vfs-cache-mode writes --vfs-cache-max-size 2G --allow-other rsyncnet:attic /mnt/attic "; - ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/attic"; - }; - }; - systemd.services.garage-mount = { enable = true; description = "Mount the garage data remote"; @@ -49,9 +39,22 @@ serviceConfig = { Type = "notify"; ExecStartPre = "/usr/bin/env mkdir -p /mnt/garage"; - ExecStart = "${lib.getExe pkgs.rclone} mount --config ${ - config.sops.secrets."rclone/config".path - } --cache-dir /var/cache/rclone --transfers=32 --checkers=32 --vfs-cache-mode writes --vfs-cache-max-size 5G --allow-other rsyncnet:garage /mnt/garage "; + ExecStart = '' + ${lib.getExe pkgs.rclone} mount \ + --config ${config.sops.secrets."rclone/config".path} \ + --allow-other \ + --cache-dir /var/cache/rclone \ + --transfers=32 \ + --vfs-cache-mode full \ + --vfs-cache-min-free-space 5G \ + --dir-cache-time 30d \ + --no-checksum \ + --no-modtime \ + --vfs-fast-fingerprint \ + --vfs-read-chunk-size 10M \ + --vfs-read-chunk-streams 32 \ + rsyncnet:garage /mnt/garage + ''; ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/garage"; }; }; diff --git a/hosts/chunk/tor.nix b/hosts/chunk/tor.nix deleted file mode 100644 index 2ad4a89..0000000 --- a/hosts/chunk/tor.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ ... }: -{ - services.tor = { - enable = true; - openFirewall = true; - relay = { - enable = true; - role = "relay"; - }; - settings = { - ORPort = 9001; - Nickname = "chunk"; - # MaxAdvertisedBandwidth = "20MBytes"; - }; - }; -} diff --git a/hosts/common.nix b/hosts/common.nix index feafd17..bfa70e3 100644 --- a/hosts/common.nix +++ b/hosts/common.nix @@ -10,16 +10,14 @@ "@wheel" ]; trusted-public-keys = [ - "niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" - "cything.cachix.org-1:xqW1W5NNL+wrM9wfSELb0MLj/harD2ZyB4HbdaMyvPI=" + "main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0=" ]; substituters = [ - "https://niri.cachix.org" "https://nix-community.cachix.org" "https://cache.garnix.io" - "https://cything.cachix.org" + "https://cache.cy7.sh/main" ]; }; channel.enable = false; diff --git a/hosts/ytnix/containers.nix b/hosts/ytnix/containers.nix index a2aa405..4ef858c 100644 --- a/hosts/ytnix/containers.nix +++ b/hosts/ytnix/containers.nix @@ -1,4 +1,4 @@ -{ +{ config, pkgs, lib, @@ -6,20 +6,22 @@ }: { virtualisation.oci-containers.containers = { - immich-ml = let - modelCache = "/opt/immich-ml"; - in { - image = "ghcr.io/immich-app/immich-machine-learning:release"; - autoStart = true; - pull = "newer"; - ports = [ "3003:3003" ]; - environment = { - REDIS_HOSTNAME = "immich-redis"; - DB_HOSTNAME = "immich-db"; + immich-ml = + let + modelCache = "/opt/immich-ml"; + in + { + image = "ghcr.io/immich-app/immich-machine-learning:release"; + autoStart = true; + pull = "newer"; + ports = [ "3003:3003" ]; + environment = { + REDIS_HOSTNAME = "immich-redis"; + DB_HOSTNAME = "immich-db"; + }; + volumes = [ "${modelCache}:/cache" ]; + networks = [ "immich-net" ]; }; - volumes = [ "${modelCache}:/cache" ]; - networks = [ "immich-net" ]; - }; }; systemd.services.create-immich-net = rec { @@ -33,4 +35,4 @@ ${lib.getExe pkgs.podman} network create immich-net ''; }; -} \ No newline at end of file +} diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index c185991..b57887e 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -144,49 +144,52 @@ "docker" "disk" "adbusers" + "podman" ]; - environment.systemPackages = with pkgs; lib.flatten [ - tmux - vim - wget - tree - kitty - borgbackup - htop - file - dnsutils - q - age - compsize - wireguard-tools - traceroute - sops - sbctl # secure boot - lm_sensors - sshfs - openssl - just - killall - lshw - bubblewrap - fuse-overlayfs - dwarfs - wineWowPackages.stagingFull - (with gst_all_1; [ - gst-plugins-good - gst-plugins-bad - gst-plugins-ugly - gst-plugins-base - ]) - vulkan-loader - (heroic.override { - extraPkgs = pkgs: [ - pkgs.gamescope - pkgs.gamemode - ]; - }) - ]; + environment.systemPackages = + with pkgs; + lib.flatten [ + tmux + vim + wget + tree + kitty + borgbackup + htop + file + dnsutils + q + age + compsize + wireguard-tools + traceroute + sops + sbctl # secure boot + lm_sensors + sshfs + openssl + just + killall + lshw + bubblewrap + fuse-overlayfs + dwarfs + wineWowPackages.stagingFull + (with gst_all_1; [ + gst-plugins-good + gst-plugins-bad + gst-plugins-ugly + gst-plugins-base + ]) + vulkan-loader + (heroic.override { + extraPkgs = pkgs: [ + pkgs.gamescope + pkgs.gamemode + ]; + }) + ]; environment.sessionVariables = { NIXOS_OZONE_WL = "1"; @@ -384,4 +387,5 @@ programs.ccache.enable = true; nix.settings.extra-sandbox-paths = [ config.programs.ccache.cacheDir ]; programs.fuse.userAllowOther = true; + nix.settings.sandbox = false; } diff --git a/modules/attic.nix b/modules/attic.nix new file mode 100644 index 0000000..5aa54c6 --- /dev/null +++ b/modules/attic.nix @@ -0,0 +1,47 @@ +{ + config, + lib, + ... +}: +let + cfg = config.my.attic; +in +{ + options.my.attic = { + enable = lib.mkEnableOption "attic"; + }; + + config = lib.mkIf cfg.enable { + services.atticd = { + enable = true; + environmentFile = config.sops.secrets."attic/env".path; + settings = { + listen = "[::]:8091"; + api-endpoint = "https://cache.cy7.sh/"; + allowed-hosts = [ "cache.cy7.sh" ]; + require-proof-of-possession = false; + compression = { + type = "none"; + level = 3; + }; + database.url = "postgresql:///atticd?host=/run/postgresql"; + + storage = { + type = "s3"; + region = "us-east-1"; + bucket = "attic"; + endpoint = "https://s3.cy7.sh"; + }; + + garbage-collection = { + default-retention-period = "1 month"; + }; + }; + }; + + services.caddy.virtualHosts."cache.cy7.sh".extraConfig = '' + import common + reverse_proxy localhost:8091 + ''; + }; +} diff --git a/modules/containerization.nix b/modules/containerization.nix index 416d2bf..fd39da9 100644 --- a/modules/containerization.nix +++ b/modules/containerization.nix @@ -28,8 +28,11 @@ in dns_enabled = true; ipv6_enabled = true; }; + # answer on /var/run/docker.sock + dockerSocket.enable = true; }; - oci-containers.backend = lib.mkIf cfg.usePodman "podman"; + docker.enable = lib.mkIf (!cfg.usePodman) true; + oci-containers.backend = lib.mkIf (!cfg.usePodman) "docker"; }; }; } diff --git a/modules/default.nix b/modules/default.nix index b93f89f..640d56b 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -8,5 +8,6 @@ ./containerization.nix ./vaultwarden.nix ./searx.nix + ./attic.nix ]; } diff --git a/modules/searx.nix b/modules/searx.nix index 9e23955..db22bed 100644 --- a/modules/searx.nix +++ b/modules/searx.nix @@ -44,4 +44,4 @@ in reverse_proxy 127.0.0.1:8090 ''; }; -} \ No newline at end of file +} diff --git a/modules/vaultwarden.nix b/modules/vaultwarden.nix index 8fda611..443d886 100644 --- a/modules/vaultwarden.nix +++ b/modules/vaultwarden.nix @@ -29,4 +29,4 @@ in }; }; }; -} \ No newline at end of file +} diff --git a/overlay/attic/concurrent-32.patch b/overlay/attic/concurrent-32.patch deleted file mode 100644 index 639c1ec..0000000 --- a/overlay/attic/concurrent-32.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/server/src/config.rs b/server/src/config.rs -index 4412cbf..6dd483a 100644 ---- a/server/src/config.rs -+++ b/server/src/config.rs -@@ -565,7 +565,7 @@ fn default_default_retention_period() -> Duration { - } - - fn default_concurrent_chunk_uploads() -> usize { -- 10 -+ 32 - } - - fn load_config_from_path(path: &Path) -> Result { diff --git a/overlay/attic/default.nix b/overlay/attic/default.nix index ea0cb05..14f5daf 100644 --- a/overlay/attic/default.nix +++ b/overlay/attic/default.nix @@ -1,26 +1,7 @@ final: prev: { - attic-client = prev.attic-client.override (old: { - rustPlatform = old.rustPlatform // { - buildRustPackage = - args: - old.rustPlatform.buildRustPackage ( - args - // { - version = "0.1.1"; - src = final.fetchFromGitHub { - owner = "cything"; - repo = "attic"; - rev = "d660c85bdb6bb10499a23a846a13107ea0c72769"; - hash = "sha256-E22d2OLV02L2QdiSeK58flveehR8z8WIKkcN/njAMdg="; - }; - cargoLock = null; - cargoHash = "sha256-AbpWnYfBMrR6oOfy2LkQvIPYsClCWE89bJav+iHTtLM="; - useFetchCargoVendor = true; - patches = [ - ./concurrent-32.patch - ]; - } - ); - }; - }); + attic-server = prev.attic-server.overrideAttrs { + patches = [ + ./prefetch-32-chunks.patch + ]; + }; } diff --git a/overlay/attic/prefetch-32-chunks.patch b/overlay/attic/prefetch-32-chunks.patch new file mode 100644 index 0000000..bbb801b --- /dev/null +++ b/overlay/attic/prefetch-32-chunks.patch @@ -0,0 +1,13 @@ +diff --git a/server/src/api/binary_cache.rs b/server/src/api/binary_cache.rs +index 02e4857..71eeee8 100644 +--- a/server/src/api/binary_cache.rs ++++ b/server/src/api/binary_cache.rs +@@ -262,7 +262,7 @@ async fn get_nar( + + // TODO: Make num_prefetch configurable + // The ideal size depends on the average chunk size +- let merged = merge_chunks(chunks, streamer, storage, 2).map_err(|e| { ++ let merged = merge_chunks(chunks, streamer, storage, 32).map_err(|e| { + tracing::error!(%e, "Stream error"); + e + }); diff --git a/overlay/bitwarden/default.nix b/overlay/bitwarden/default.nix new file mode 100644 index 0000000..e9ace96 --- /dev/null +++ b/overlay/bitwarden/default.nix @@ -0,0 +1,9 @@ +final: prev: { + bitwarden-desktop = prev.bitwarden-desktop.overrideAttrs ( + finalAttrs: prevAttrs: { + patches = prevAttrs.patches ++ [ + ./ssh-agent-no-confirm.patch + ]; + } + ); +} diff --git a/overlay/bitwarden/ssh-agent-no-confirm.patch b/overlay/bitwarden/ssh-agent-no-confirm.patch new file mode 100644 index 0000000..3e8e023 --- /dev/null +++ b/overlay/bitwarden/ssh-agent-no-confirm.patch @@ -0,0 +1,34 @@ +diff --git a/apps/desktop/desktop_native/core/src/ssh_agent/mod.rs b/core/src/ssh_agent/mod.rs +index 4e304cc..8203dca 100644 +--- a/apps/desktop/desktop_native/core/src/ssh_agent/mod.rs ++++ b/apps/desktop/desktop_native/core/src/ssh_agent/mod.rs +@@ -44,28 +44,7 @@ impl ssh_agent::Agent for BitwardenDesktopAgent { + return false; + } + +- let request_id = self.get_request_id().await; +- println!( +- "[SSH Agent] Confirming request from application: {}", +- info.process_name() +- ); +- +- let mut rx_channel = self.get_ui_response_rx.lock().await.resubscribe(); +- self.show_ui_request_tx +- .send(SshAgentUIRequest { +- request_id, +- cipher_id: Some(ssh_key.cipher_uuid.clone()), +- process_name: info.process_name().to_string(), +- is_list: false, +- }) +- .await +- .expect("Should send request to ui"); +- while let Ok((id, response)) = rx_channel.recv().await { +- if id == request_id { +- return response; +- } +- } +- false ++ true + } + + async fn can_list(&self, info: &peerinfo::models::PeerInfo) -> bool { diff --git a/overlay/conduwuit/default.nix b/overlay/conduwuit/default.nix deleted file mode 100644 index 1222c83..0000000 --- a/overlay/conduwuit/default.nix +++ /dev/null @@ -1,44 +0,0 @@ -final: prev: -let - newRust = final.rust-bin.fromRustupToolchainFile ./rust-toolchain.toml; - newRustPlatform = final.makeRustPlatform { - cargo = newRust; - rustc = newRust; - }; -in -{ - conduwuit = prev.conduwuit.override (old: { - rustPlatform = newRustPlatform // { - buildRustPackage = - args: - newRustPlatform.buildRustPackage ( - args - // { - version = "0.5.0-rc2"; - src = final.fetchFromGitHub { - owner = "girlbossceo"; - repo = "conduwuit"; - rev = "5b8464252c2c03edf65e43153be026dbb768a12a"; - hash = "sha256-yNdxoVZX13QUDJYM6zTMY9ExvacTqB+f0MLvDreSW8U="; - }; - doCheck = false; - cargoHash = "sha256-g19UujLI9d4aw+1273gfC17LDLOciqBvuLhe/VCsh80="; - # unstable has this set to "conduit" - meta.mainProgram = "conduwuit"; - - buildFeatures = [ - "brotli_compression" - "element_hacks" - "gzip_compression" - "release_max_log_level" # without this feature to enable debug logging - "sentry_telemetry" - "systemd" - "zstd_compression" - "jemalloc" - "io_uring" - ]; - } - ); - }; - }); -} diff --git a/overlay/conduwuit/rust-toolchain.toml b/overlay/conduwuit/rust-toolchain.toml deleted file mode 100644 index 97e33c9..0000000 --- a/overlay/conduwuit/rust-toolchain.toml +++ /dev/null @@ -1,28 +0,0 @@ -# This is the authoritiative configuration of this project's Rust toolchain. -# -# Other files that need upkeep when this changes: -# -# * `Cargo.toml` -# * `flake.nix` -# -# Search in those files for `rust-toolchain.toml` to find the relevant places. -# If you're having trouble making the relevant changes, bug a maintainer. - -[toolchain] -channel = "1.84.0" -profile = "minimal" -components = [ - # For rust-analyzer - "rust-src", - "rust-analyzer", - # For CI and editors - "rustfmt", - "clippy", -] -targets = [ - #"x86_64-apple-darwin", - "x86_64-unknown-linux-gnu", - "x86_64-unknown-linux-musl", - "aarch64-unknown-linux-musl", - #"aarch64-apple-darwin", -] diff --git a/overlay/default.nix b/overlay/default.nix index d617b17..0eea626 100644 --- a/overlay/default.nix +++ b/overlay/default.nix @@ -1,24 +1,30 @@ { inputs }: let overlays = [ - ./attic ./zipline + ./bitwarden + ./attic ]; importedOverlays = map (m: import m) overlays; in -importedOverlays -++ [ +[ ( final: prev: let nixpkgsFrom = flake: pkg: flake.legacyPackages.${prev.system}.${pkg}; - pkgFrom = flake: pkgFrom' flake "default"; - pkgFrom' = flake: pkg: flake.packages.${prev.system}.${pkg}; + pkgFrom = flake: pkg: flake.packages.${prev.system}.${pkg}; in { - conduwuit = - pkgFrom' inputs.conduwuit "static-x86_64-linux-musl-all-features-x86_64-haswell-optimised"; + conduwuit = pkgFrom inputs.conduwuit "static-x86_64-linux-musl-all-features-x86_64-haswell-optimised"; pixelflasher = nixpkgsFrom inputs.pixelflasher "pixelflasher"; + attic-server = pkgFrom inputs.attic "attic-server"; + attic = pkgFrom inputs.attic "attic"; + garage = ( + (pkgFrom inputs.garage "default").overrideAttrs { + meta.mainProgram = "garage"; + } + ); } ) -] \ No newline at end of file +] +++ importedOverlays diff --git a/secrets/services/attic.yaml b/secrets/services/attic.yaml index c4ba9a1..2c42101 100644 --- a/secrets/services/attic.yaml +++ b/secrets/services/attic.yaml @@ -1,5 +1,5 @@ attic: - env: ENC[AES256_GCM,data:0qElab1fenlFSuj5GnLIOeSZkj2JX4n+idEg4kwoAoulBG3RxFzHP8zcIW1aDBG3E0trFjdTsrhaIYrfLijgQeDe05kJVJkiLM+wNZGf6w18n90/zDlpbOk9ZKSaqqsqxZ+XItW9Z8VTd2ieTlh75cedBjOaqJkn+DjjxV5YvyqPFJ69xjsbJbt5zWfFeudObiPmTJ1mdto9mMkPAmy2lgUFoXH72tRbkSNqEppylmbuiUF0tO8bpTuAa+o3apcv/tdZkvl6EV7LjTcOWBSkT8OhpGjykdiBLnJmX7yGjPSATbu+RGCkS5ZVCDG0el/RmpgrSZ9uPN6IqZPiop2bHZkAFKM7XBVevOTNmmjMLt+u3yzp5Mk/WdOUEK9vQfMRxperyQhYYtIxGEr/RYpTfV4xO4uW8GQzIg9PLKLrBeHrOrivJ8W83TlzQiBvbTjMLpmh0GFwNHMBNESNrY744PFPYJyumKBTWSzvVtDT6/bWnbmUI4SIbkCPySqu6hqHJDZbwX41oQa1yn3/CnehvAaqelbNbpiOYaYa36HxCpdSZBgiXlAGhQAEgk5VhbqpoKE8OjBdORscB/IT5OXx0dBkiOeYpiCu79LaOkxgnEVWqckwOJLJptvpZGoP81MaYbyLYbxfUHywRKMA74RG4XEJgx6YPmIn1/yRZO4y+BLhNyfTGQY7P6qPVlh9wMwyzXZA2roDLbS3hiJjFaUoOViMmmhxKveBhXQ7BCYspGD0G2L8FkkqZSNRum+LRyI9okMMrRCShz35sIoO4KLcUIq/j/RUdq8tpUy0VPIxjwHVDZ54Ehg7sVdtmJIlO3apCVnSdU+Er8gLwPuOBks6HhdU9u0HXK5Q4xxRcGnmrbdrRlVvauHceyJM/r//1Vgf+0dck75a4I8k6Hh8Pe8uKT3SxQW6Z/xhhq2QN3uE4tKGitpscTVgqVDlUCbMye7b3vjSfXkNiFtp7p9wo9K87osnua0ba3KCgqEzAAT6eRnlVZp/Dq5RaP4IOkYp1F919NkDaZX5t+M2DXvKhIC08nbdqSu6vxRK4KPksUUaYja6w8hjgWsN7VAYH0nKLSOZN8fGF7nNgxLqnh+2bKEQDOQ/Gn3sr/xKONcheKu9RXfoMng0Vd1f+Udg6p6049t9AcHkY2+gd6Cm4fmyZT0Ym50kh63eNI/knDmV/WwOTGld/XcCNwUDbIZl2EHS23rVqoy4XhEHgHIrdN+wh1+zhMW7ZeTBFSIHxYfrziEM33hDQKYYxywWt81tMYjcx2nYKqep1IRuL/9IillZuJ2GTNwidPVFjxgG3/a+0/hghSMr47t/x8EO2YlIoaKkCitkNiRX/4z3t6bfO1UmXxS/hNriFtpXYBVE+v5RHG3ttatbWUxGYU/tSR3at+GJAm22lI7SpEp4kpsLEc7bCNB8m6wqD1rLJ9xQbPqgA6CqTWBCAkVyts1H9QBsRMEJRsleqGZzkjb1p44lAgLUl4YnHCaLWN2En0GmQICetuvl2YecURlXNw6eF166vALvrGB5zGAFFrv7VPIP84okU0yPoxqi/zv0QIl+1p5/avgfYRxhSigeG+caYKs0sqnw5Or7nSh3uwggkt+QvPfXvuzB5P4O2KZOgkziZngeoExLtQSJbZrUuM+qhvt0CiB9m2JyKadSUbBf6mbafSWh6gKTdZRbarWbrvwcEB/b0nBGtNz9QlXcX2msaw8gqu97FVKVtXWAXv7P8Tne/0evb4U7CBCxU3FwsNHIy9VGdbsAWrfHUtYr9NyU9Yhjrncrejbp/0ok08XC2yJ5Lx4fqpibCOD2geHkmTS1EWOMRXqaE1rtroodpzXffzXv/CUXZngH2wc1Jc1NhnTmD/NYA1QviR+wrQGBxrCUz257fER5tYGp7MKNxIEiDPvXBC4SF8XAweoQpMzXof9RHn15CMtNU8+gf9LAltA+H7OZ9N4qyW9R9eXDOOrTW5wNthXqXel+GWSYi2H9H04b+Wf+bG7OwKd2mTpJJ6CREbX7tItBybjH3d7EGU1DGD7IYJhw2IaduqnSywyqgywT1ge07hxziU8E75bpPBDbB4v2+XWBPYItnjAj2BZxBdOIrCTmrMuaewynOAKtHPOn9v/t3wN9pbfEUbFraZGCVytSMJR0lWbhUm28ViO3EHq3DbhVIOLaMimd9Op/IIxjWrcmIvBXT8D/kM+pbYRc4vhfZQXfhFSwmTi5JHTgtaF3wEl8VGMfMLo4fqUz8nrPwJtmvNHP6GvKp9eqrBCtSjvzYD4Z1az9lgQit2rS+fv4XSynNeEZ/IYlDCJDHRCMEKEcJAIxCWRLlXjHMdfWYAMDBCpdrUxFuGuES5/7T0tZS2NbG/n7rMGExJwgAjzbWDe2N0cxegDREJMPJkPq7Q4MzhcmXhvigUYF/qkkpAkaYql5TUIQeWiIu5QsDwdbmED+6X84qKbsPRZ+8vJ9VJSnxMbrV8eU6ao0iWUceRqETiE9f3icg2SsP7n9BlliEUzuGcvW6lhAwHVwaGbhH8t15iggCfbqL+sQ9kTlda+oFC2sxQ8h3gi/kdffsgKCYwSt30RFojlVgWEZ6zMoHS7jo3EItYx+8EUeIfUwkqSRWb+mMb62cBjnWo9M9pK4m7iD85zAnzdLqzTqj6E+tzRhP/SXAo6HW2jIx502tN35MYBBnhmnxlWHGhvlAG/ItP0N2Jq+VuX5XF9HU3teXuaHVZVuo630em0L5YsyyUhyRGRQuLUpTwcvXFO9UXm2p+XpKshCkbCLxO7rgpg06vvJ4/AKrpVbTEDliMr1e4YL28dKc1jDRzjmhGUqDavnCi98x0Z9I4xuC52P1RHhkwEHgGu5ii7LsIpZ2vM4R8vbp+0zWgJzjnimMGZlAqrJlGMhNnqpv3/tk63ADCBkeol10MNxTBAJKrmZXtVXUxEX1GcFUdjFvOEz8vrgm/ide2t9qYfAW2CgJnSnUJdSFiOq8n7EeH70PPpWTwQ7HqncK2J966MmUZom5Flth8rIb8tN+m9WKytDSAhIdBL6z13kaaUiEpw+0TSb3tFSGlkyPyIjgwMuUplrBczQ5r6sfwbF9jt7SLpOU83OhSPepGmCqNTeym5fJK/0h4ypZx+bjvHSM/Wf1l/N5gcq6INLmtsZqPFIFqAqZL3fGCBTRO2ViERAccTHMN8VEEk42vW3PPWx8H6QEkNK/3tHwhdndrnmvq6wBhMbKF7i/Y3n6wy6LnSVWrB17qU1ZpRSGtraQsbUMm4fksuhZBOqPZKsyQAu+7qBs7I4NBn9u2PklZ4BZuhca/hzqWfW8tHtSy6iWIwS6lTwjasC2hZ+LEepINK10bWK9nm7m7fETFukGYgLgKGXgj1lca6G/dYidc1UHE6sLYlgHmLp+GTv1Ajup/jr4oll8AEtp2QEXTQRAVtlPSgqjNXluNL00EVG+YXuOhjh6iuA7xHIq3mg3UR6sDOW6v3h9Iaf5/muVMhJb/2srx1mjRIku0QUzpxyT9jkKQFrzyi4uxqPUJBstIEBToZCQa8ScoGmW5VS7l55M4LPRyMU/JJsa7G/IDD/IbCPLlKh+yUYbCkYupbU/SyVrJoUeiYZHfzrJWXeKKte2/4CQD2MYkV/IY/K8w5T2io0/6gdfhRi2xnMpUoqAMy8ow1wGtpJyDbkXEj+KrX2jk7nSIHGes1gbmN5ayVg2WDiebERJjZBvoLt/aiIwbzSoMKUiJuNzQC9akx7qisOnFhHsKgX1aoefBFw6Q3ChKP/z9cdBpj+jIvN/yjA1fNxpdlmXRitx6Hcum6LJJw129P43MJOVNNgX0if0P7arMJOidxgIg3oB9fEEhan6tCVyLUJUH4saGO3CoVyFA2NLqOZtAQcNzadR9lQaQnqtr3V6iHcv0IgAEYde9AdO1dDkA6OQQY8H8ZiDz0dYtsYR8L+pvqgMiMo2smGFg2pnScyNTypL5PEPJdy4dx8UnMbg8BHgnGMVcXbpTACGe3rvJzwdNyPPzisvn6fJGcSQ8A2G+SUIJLxxxQ5XQMAjeSTmPoWS8DTB7g/vNXD62XoMs24HllzcksUiBJtkbl57FL1BKcwtZesMeoV1Rd+t9lKk5UBiBjqAYYRk+BNWf7LV9ue5y1K0MFPcfB92FPrYPT1LbzZZ1lLRNr260YkBiKVQYhkMmyL1OkCpIGdOKB4fsuUETlA1+KIOcXVuVgWxYkqGcAu49pb0OICjjfXoqM7wuoqttz2GzsQrvyJ+fjzRIIxiEWmVw9v2wrAE2M1aWbA7RAWYAIpy25YrW5MATt9ZWOJdlhqfZOECtwSzn80ohD5+ysmNUqh950EhTvAxqeAO/6PfTXK9EVZM7oMfjrEQ5fJYbJ21HU9kDJjIuDxewr46um8VPrj9oVowhacY0hOo38DpZEd6BvezGL1yWFnZ/s9O7A3I3/6z3Xs/GdZlqPW8pcih7OPeAqEV/E6fQHx4wAAUgIjn72WDcaes/O7SwpM6T2HfRkxfobq1tFeGwf2PNq+74EpVJCZDgjJwqPmFrrwIPxkLWD66/hp0iGEBPtfGRHCFk8PzlccTZeWYZNTOS62g4m+sHugwTMtwk1VCa1C4VNijHa7yJPfxiI1dnmS98CmIHYX3HL+NNk9S9t5w0DG7bJzfbuEgEyOcbBOOq2RhQXyBNT4Pb3avc2CzHKPxxdhiLBKEMBIp9QAQsj9sL3bFxlhU4LmDDsu8ZoTvpfbbTB1YD9gx5yOQamRuyjkErHmGizNYhemMaQszvxJon0u/+tHGMO7vyK3Ex5+apIgEFrMGwvOUTwMFMAY8kSOcoEV09y90BU9oeAjmsUQhZqAvAb3GBLEPhWc7I9cAf7vPXw0/tH+fVUAI3eYdDh5GX1pD8I3Op88LljAk8USu4eBffESKfu7A3s0OoSpQw5ptwkWR5n45TPU60pP+82T98OKQoYJ5BwUuvAjJXwU2gfLikR9SFWoqpYd/5xx3ZKoXh374P8purIDwav7YHf+AWWz2BpsDof81Eplqr5O3F/iKvnBTftOmEXYkJH2ymkUzsCUf1liuafb1kLJ6UWrtR6ieG64MMYPv3E5ok0XEkvKAYqTa4Ux8XWOqBVq9qosuTAKuaYEnaFwK0TRefzJBTJuQCFOZnCmm6erQ/ee9pcXwRNyu/ODWwBh0U5e63PlMbbMrCMwuQtOW95U6ysmJF5Cg1pRsHwRmhOhQfIQpiQx5xQZXEr/xNSFPc7dTzrzPDszOQs9HZM57YDs5hG8gboiG5hLQ1Ly/j6jP5zli0zSd1FTMA1/f8V//emhAKfS5V/J5+N4WEMMf2PZo4/E4fn9qo6q9yv9AbikxsQLmBlf+P8ZS79dJdM6tulMyYutbEhrh2oQyDJiERd+hWI7xgU6RPXmyWGzyc9ksUaPIeZdyD4s13tq9KA0GtfpjFmY2TUxSd2qaAFDqbITkZhGGFaJr0TcJUavrSFpWMpqLGjPaxqefqVdAnPp1yr/CplDVo1amO1Uhbfx9Zhmsvmv5w3kD3s0q4K3sFaW38Chbc1o5U9SiKMhenTxqthsZ/x4AH+kB6FDEH5mLQ/SZb5EMwL3wpwc3EigXiJVZhJWeTOOQyodLQTBZpxK4KIa8j8vJaY8Fk2BxHg23H1JxqP2Ryhhof/Pqt2CAJL0XiUjL13xPqPwNrpthdVZhG/Ty04qvsXUjnrVsmgYb4KuP074EZzylczRllKGANPVNfyh+cDH4HAi6yF4RlZBrOMCSLP1R7f86mFn9x3oA3/7UkjZp502EF7TLa0l7n5rMgl2pbaapKKsw9NmCnbJUqjsjwAYiYPgYa5wVUgP9YJz3Ju8wIxXtezMtFi/IJM50B1f64Q+zvWMi6zlwdOUmCHVaZ0I0u/8Wc4nsIjAZ8kgqUXkmwkBlMoWBgzifvs7EaP4AqPPZlSEh4cAMsrP3WMmnIEasooq/HvtAIsKg+pI7qK/n1aJBKVhQkBNrQQJ+XNKLFQddf7Pv28bZdcCjwDgvOwRig==,iv:XGLs0HSedykhhCR2fB0QdN/LmGkNHwA8pnVGG9ZNNp8=,tag:RRjtMpklT+MCgEDsvwyXhw==,type:str] + env: ENC[AES256_GCM,data:zaaavLrMO4pkwgt8ua32movvyeGLsqf/KBxBh17+lwIFSgrFtJ0SNEuedw1OpmjWNjjBbA3gmd2RvoYA7Ry/sSAA7cDgykr01g853c0vcr4H7u20J7gTJwSQaHVtuPwXO8VWE+xWEBJ7Gdq+fArxbHB1gW2aYtZk1w/Z40Tii6XVOuCS5YTpg+dkCuJ18q4p6o7K67W365Oq8JfcPNJ+uuOyG6UuCmoRo4iJYa+Zn53fz6soHUuC+m1G3qOB0lehbENUEapacqISz46IN1edR3+E1mcEk38q6VwbkYKBy/rycMSO9LaLeCDOD7UnxUa7Ks8Bk9BnJmI7N3IUfSHD2K+1qQuJsB1JcEnkXo+UbbSf+SG8nR/rIxj1GIJKxrJ2w1SGL1cyDw92xMJtK+kIDdvWHTsc+TwwZSL3/1pxivMIKVDhj2L2NGeIU7vBBxt0PYwgaFHA9JEH1k0c9U04Ug6P4TCOlv5C2GTL08IEnRh9ybJVHSbe8uzyofRiPjvPA8wTHwk0IPPUNKnN1Mm8MvQFNCIo3Cqnebar5r+dOY+E72Z7qNLPPM7kUWxpACwLFxDQyU9qvKeKovdmDyhpc5lC0IJbRJN84fNj50WsFI7k8txQMHkzF+GW4hRwzGnAmiZPvbYjzK+dmV0Qhk4Euiu2r5mBJNQqbHIYkwD18gk2Iz0nztLpsJLJcC9oztj+FewMNtntImYrMtv5ATYybeTuUT8wHQszOks+1EfWnISt9pU8Bn7YWmbcyD0btEjJy4BqCas5QBPamrNG3IVxT4GDqzJw8jJYmg1HF8RcGXm3wzgL0KznC8+Cd41jw1RJ6ejxkPSvZJ++rtbYg5OKQYx3Xxyl0zNSs93Agdejaqhm6twnqsan9SS1dTVJARtVYOQAN0ionHsZItKUt7zIcwm5kXxvHwvt3f9aQi8E+PxE2kfaJJdN8vnEAJOkVqUeK2zYf3X4/DSDVDB+0lPIvr5cU/Tq8P71KFgE0XtogMc7kXg8Ka4q0Ji6HIr2aY+4E4ejMVyyGH+C7/eMnTdL8BU2uZXPPbMwm7pE+3ScBaIhvtlgJtbzOW8+5xIXnPrI7k5ihTjcyPWXKghp6K2f8gTx4Ol2McJdy6zzdYvHrkKm0QplY/VnivDAUGmoimc1fdqCNq2p7iyj6+6//GIJWnzCpQP0bTs9xzZ/rfG6PLh3Y4uTETpnoyO3dZwGEWwrmsGVt03r02eY4jKEh9cARdyTfJJsoKb2403zxCUL7Gr5mA3FagA2zJuFQCuks2/HxRQyGmnd9IYde6CwXMJLUtCnoW2U0s4jscflEvfzXEPtlvuxpMX0r6aBUh4ryNryJtxCwV2Hqhcbuy73PTJT+/hSxD22HXNoNxnTb0A08mTRvXhwuciGkRr+TazPk38WzMDRV2SPIGmWTQJrsd2l1PQmo2d+aeaX2mH8Z9CQmU7l+WjzZHS3H+/LiG/Wi1TJBWLx2/MwFkFhfpCj0x9Scm9nQ5JFI3YBAc1cG2Q1uAjyCTnhY3oySfV7CrVdaF1sectScCVv2fJPFWPH3rI9noWqMh6tzaHcinB5aPnTtqoLo2p+Nu+RVwC0gKa8NZX2Py2SjsN8FBMq/EbVeUBN2pA7mEN3LEBED3qV8PzKMctZ3H8Dcwj8tuMyzxyqVMgbhyMwtE51cyg8GGi0KjFenJerI00RRnSz0MfI38PVz483i3APFrWT20/Cgcvhn+L98oZktsqzDb3qOOKVqRDv57MFT8GIlPUmgCx3T23L1SyvTetVASGdu9bE2Iv9xljikM6J/fqqs+i2d3sk+ulHZrP8OSSd/rTwhU0R1TF38PSaUvY0vj8VCKWqTDpz5zZpsWPrEXTuERcJJcPv3VMT/jXLXafj7CfxLzb/n7hp2oAXdMLdnUO6esaTFnPPm4ky8/B4uK2LB3nf3sB36aQAWKiUDk7BhNBIsGSvEf5ZT8W5EoGfZiLFVCFA4svYtbyMRyRLoofBls6FUbqzpVaQijb7coMnPdM+bPFdvNq0WhOVlhmvXGpCQejMV7SToj5tIWAz2+kSdsm/ekBu81VduCrK99lH6XX6fgkBBRcXOVnz765zD+iTIlL4ytkZ2sLq9VOunQmVD91l4/0T0Dx0L1u7jpNhvZmTW6qLEDH7SRl63mEYsXbPiIG19aK7jDQMGY58PyGPUx3q7JClbIj+2L3rro02WNf+6+RWO+ayzcHdydBPCVo4eRZb8IxwhqsRVWW57wNy37kbmWBRBq5z/O3cEaVasBHx7gTmCpfJSad+Pawizrd2+1OYPKfTls9ZOting/1lL3peT/thIjZVmw3nkISfRPayOGASqB2j80Fn5jM1em0vv3YMaQophg2JDs9AVmGr0OOOqLld9hlX3XseRPL7R9r7Q4UQ+b/v8hBGrKWAp23iTWp9kcbatzSsZ1K9LKRxRcqpNVBv0aaMun2q3NA78msQPe7nPZLoW/R3Lm7UJUqv3xRzgFgSenkuL2RaP7bg2LtHjsb9se03LslXh/spzMHjv7EX+w2NNMUChJ+eyXw5XEYXLEZzv+oiRkT13EaAKxFRHjscEXao484irI17/XYErZevsS4vIRAWjRouWTk5Em7bX1ISretbmMj2SF3N8BU+MC7uySat+FoxolN/tmtcrv7mRBVQY2sw/lYphAnydllgU7o0HFaBAGPzMvdQSf2U5kTbIXdtUiSm7/sCJXaD2X5zxvwWEKLvy4/PnGFFTgA4xnxXFPuiSA2mJhShp1DEESeJKYF+blornYiLI1Nhc6iFHOFuD2WCTeTifC46Sb3p97QqpNnbhZ8heuJVgfJ2eEjmu6dbhPX/htzPoy1mk6CUsmvg8zOCKntyuAuJW5dRusrCPhcnW2CEhY9Mmdp4B6ow4Kapb+eNmLngIqfWIea54c0BLM0U70dq6+cTeoVFdTcv8jvkn6xsj+8+V9GjMr7P4x69e+CZYAV7EA79l/xFmyVxuUyDlF6GIuk1gcR8BaANjhS7t47+pm6J/GOoKKQfQZhuqXW5bSWKXFyqr9vZZMQ3w5UWcJujCEu4f7zbL8PKTx3JamR/Rj07rZ10VdMpZpFG9JxVHUx5a46dO0xfNjshG2sFGOrSbjqLC77XG30JP5LpIKWlQe9e5yl8/2ANLgNcoErA8DS9NNvYV6IK52/eUybEl6pdjCLvEplvoMz3TdCJj2l88BtryoMU4OothUFwyAAqVE2YwINdn4JaT8Xmm/p0EyHDxZ4a1XpwjjOxHTlixPv9SPRpIPuQpyoz3nKldq21z84ZvjfWAl/RVMVzz9wyrS/xOCWzhm31tyfeQu/DbA6QQRiyKU6HuA1s2eo6pmbXQqNcUC137ruyAO+NzVzxwuGJOKyx0YIDl1AJZD7j/du3HTyMUu6Wvhx5imDdT+x1I6oM333l5ugICxK+cLgGDmkeYYVspUYqpTC24ntkmg6d8Ah0zuZG4JNXeatGRUsy3zqwkW4AQ+KWyXEFLqlfA58kGs0O4re5LOKGPg0YZtO0oGs3Iq9nE2qSx4oewzm4FWpoG7o9SrnxZvVB4HGNblc2DBHAh93Sych9tS4jRPx17giJ6NPXbkpisr27vRZuoVDE2EctpSxC9EgSdPC3RF1d4VblPmE5ki6pc2wCxtrPGiSJ7hbj4RMzPm7BCG8xL1B1CfiMHU8xdFZaov4zUfRpgtLX3XX51X8OR3kOGVZHnXP2YsqMdh+RVzm0AMETTdCzN0CAWzsqs8wFp8UtrBV8I1qLdEoKNUNN7giVGCzlsQOWl31At1axEVHdM9S/k82ZjpYatAlQyUoH5jYJrh/0D6xiyZcophD8jS21tuKU5Y5OtXmFBrzsgpa/zLXzbn8yvohHi+wXViopJLEiZ81C09zrrLxPoz0W54RaEV8EukU1XPfK56BFWdO7D55hT9wlQiQ+PlKnJj1NTDirCiHQnl1kD0xDX9sN7spOb4AXYFf7gGLUOE9z0/xU6IgYPvjiH8TYf+UqLsy09IPa4vsbc+kIrmjWFKXWru8UlMkLzBiIgS+/DWkA7pSr/scyiHFibwe4DYHkit8lUUyjZhZW+RpEr+vzYcCFrYaVycPnaoHp/c3W3nVfzhFP2rHifMC+AKMh8OBNn7J7X9KwXExtx+q/+mmPs/xkfIrHFes7km38SHSJ9dJmxaJcoJFIpldZjRMI8Qnn8LWYOoK6Mhx5ZEtXt1pAhtg7aRpJPT8olV3EPVqzFrySoz1iZay7bDYZp4TsvjVIYDS6wKKPArDDHLIR6XPYeJn41//g4TtViz2SJA4QhRttdvCAUfRzC23uGrJ3lBjJCF4rEufatZ1ohF4BV2CiWFClnKxTs92ku+Dc1hd1jda+USq+7DavojQkbgh4yQVeAZQqLPd596eoXqOog/4IVyh8fSSzMDAln6TiMPWT3XuKbSUOZDNmyvpcWtUJnpFihsVznUmjmz7NnS75d6rZsvHbEIENpgEEGjcuJy06WZa7tQ9qVazmzMXFyFGkiI1xCH3/1n/35XQSXsmtBxARzdJUXvRcsbKScGaAGzpA074qW6mFRoQDjLs8hcS+BAQpAcwMupNvMHUL6wpL4fUXqXXlEVPQ4wNG9XTqOSa0jVGWZDsm7VXh1jpkpNpckR3cxUuZ68/gr9qFPX6XlI+IBLWJfmKDYESM6vjWfQegPifOZXSdcMrtK9FnXw8SMGLdUX5XB1pm9pwS0L2h+1ePvL2lyiG/ViaUYrGFtbzYUJwy6tHne1OUATxCdLSh0EbV7zxc8XEy245Vt6PLJvbQYeZaIsu/SOrTZbnHKB0zQ70/N79D1lSPPxqR3xIJPoBoBF42oE90mXGoXdh6qQR6zZuat6+gVpuvJBWjlAff05p9xJRzKOKUm4Nzw7/zCCxx2Ah2QadW35rlrupUPZ6C2E56fKTlFnga0v1pXwEgeb4nX+AAarB7rqDqffdMRgmQHrrd0we5p9E74Eo80aBH8ETMhOOA8bJ4FRxwar8oDoNcFQfFCCYc07ZmIYzeOKdab8Uk8Fp2ZLqqCjosgv8PXAXA7RZn3krVNVCYmVzCkIq4VMc7ZtxZXO+7H3Ilnmp4ajhRBI/vzLal0eeOi70VoKIwt/uLheeqjb54HPXFq7vIsY61k3bbi+lNd3QnQUYp1+e/53d0JCNayLNNb71dUoC3RtkLrelnPXWDWkgpF3n3dZLcECZdkvbLys0CO4y2s8gMMVHDK2z19bclzglK+eKwnu/gA/k7GaTtbeKD/hm4UctIGlKERgUIHt8oGPJmxtQtEX/JcWVVi1TlSwxoRGjeNgRy7CcGISDHGn/ZwefXb2SuTQqwb0Yt9G4Ou0EmEsS5YJDsZ7WRbY2Hz47HChdB1g+6P8BC82dhkXR0/q7hljXi6mzGIUxMS5C2kyX0cqhhQJjr0kfAktcAo70O/6lKl4XDOmKeK7EGibglEmsAZmG1tQsAvir5F+SGakgjFbMlJzFde9d4fFtf8XA293MuQOAXTMlU+7SCKaG83jaebRZmxltzhX8/DXPv0T8smag7Y5KfLweyqI9sGtVAh3mknV8ZcGb5l06A2kkdmGgoKbeBD5/CSgppmDUMJAflDBLSL3K84iko2f1T7mRRyM/KKsRX4lzjXlb6ZUBYiuXbCsRMKuf/BLw1E6HPAbqUtTemPWfuBTunp/s+L4bNOLNUIScFZ5PkrM5pzNn4qz83XTTuWHZpfl1Gv4pKFCAbw4ZHdWkal8yA3tqrBXEyqxTDSMNh27/7qhY+uRTUIDzczSFuuY861gifARvg/v2ZB7fDwhLu4eI0KD33Rchgi88HV7YYS4eAoBZadZZnq5N/AcApDTLHau33pzaRIbuacPH2gjF39AiSO5cokkcfqnfXogjTtHwIzHby3x2nqAr6i6TjytEPhGHWSw9JWhmoH8gHFCzdsFpTkQQBEzawtUONC1anAtKR8buQq3/OHDzaaYp5sbI+xDlw71RXZiULrqA8LdIec+P+g4MstA==,iv:O+0WWj3qcMA+/U7jD6svoZhfk3SjtHXqgsDCdI67mCQ=,tag:HDfjSbBfNlDZniYU0L98NA==,type:str] sops: kms: [] gcp_kms: [] @@ -33,8 +33,8 @@ sops: ekFwNFp4dm9UeDU5WFU5SmJyY25lMEEKZquSaE2A4ZTSp8sNB5bjgUzdp8RtAHIH xmbtfiMcLUv7J3FdGNwmSn9P9lYgzCVEZBjI0BCj/9JEm0eGFL8Vbw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-02-25T02:25:40Z" - mac: ENC[AES256_GCM,data:LT0NJ2wwGkomokQSQ/iejmhmprS0I5ec3+k2BC0ni7zWFqMCTpNGpSNivOXZ7zVHKJMDgyabDzPU+G8qYIlL7hbY9QP3slt4TqwnF/xJkwIEDwDjV1eDM9QOfBzb5PTqbDpRv3I5oNa9d5viqVggwG7NoZA/j/Y+U5/aE4pVOuQ=,iv:I01C/Y98apE039URvIfnykaHFXOUO2UB6dgJQjj3QH4=,tag:qvVGltx2sE5wdyehF38EhQ==,type:str] + lastmodified: "2025-03-13T17:03:36Z" + mac: ENC[AES256_GCM,data:ZOCXTpjiySU1zfysnJm8u3BMFYVeI95sfEUVgep1WAvy/8RpoIgXq60hUPHSwp2+Z9u+PdTzenimlqdnVgAtfmHYO/xwOsiKuVVtBkBFuYE54U/jugr43D1mD3lHbm/0IQ+e+pCCmIp66BC6PV70lZMDzMDhf0PmxHU1hQZhgNI=,iv:4jRrIaswY2tEcx/fQrgN+DAxhLcM14DMV1et6m2W+SY=,tag:ak8/1MjIrqcgaUeKw6u6uA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.4 diff --git a/secrets/yt/aws.yaml b/secrets/yt/aws.yaml index 40f828a..0a48d33 100644 --- a/secrets/yt/aws.yaml +++ b/secrets/yt/aws.yaml @@ -1,6 +1,8 @@ aws: - key_id: ENC[AES256_GCM,data:9tWAMzUv4f6Ea27XsmYhO11NroYnLmED/FVrCCGO0Vc=,iv:YP1xRjVd1M1MB7IKVAw0Sdx0E4AokBrsaAcDLvTLHD4=,tag:SEmEr3NoZvch9LeaJHbCww==,type:str] - key_secret: ENC[AES256_GCM,data:AK+vER4T1p0AknKzsxZQJ0JTpfIstnnTWSAZ26zJSCwJYgRYwj8RF98CS7HM+KWvz5VNGENxhVdUnjlGkrTB4w==,iv:3o79gwp5b4KGsixW02qFWYFvpagY/hykbYJ/WNz6PB8=,tag:GW2T8ggKYHa1CQ6DRomJDQ==,type:str] + key_id: ENC[AES256_GCM,data:euyq+QtSXv1UR5eOJfvZARhm5L2AuzKIOk8=,iv:RseSyVArmrawNzlwjNh6FScJF2O+F4FBuIq47uMQQEA=,tag:bkZJeX3rUHb1yZu8dytgcg==,type:str] + key_secret: ENC[AES256_GCM,data:27BHAU5suCIiSKAf0+1yNa/VJ0umErb6Ry8HI+Zfv6LV+7eB+wk8H3kxdV4wmY2XayHsUrD4FZa30O0a9PdJgA==,iv:oI2X7PCXDZBkUOikHM8S7gHsnMtWp7jxBqdmfbUlrwU=,tag:9mZ3H2jobKqYmw6S4NNpjw==,type:str] + _r2_key_id: ENC[AES256_GCM,data:R0xwzUx+6l9SR3Fd93PfJw+WPV0ByzOKMxoJQtn4pEE=,iv:qHmr/HssM8U3znbGznSIOwkAhNaORkCkG9lqAmCKmfw=,tag:LhuiiKSq/VnNEulgrS71vg==,type:str] + _r2_key_secret: ENC[AES256_GCM,data:Dw5Gq1URjMpy9Bh1IBYf+/EnkvQA/4yAC4kdoACpCUuJQxdQphFKwWmxJX+Q/oztO1imWoGIxlZNNDr5QCqXaA==,iv:hGePo+Ffe48n1BXI1f2V12C9Gn1CC1nTwbSsfqUGQ3c=,tag:AIy/F3jPGz2WHge3Mk43Ag==,type:str] _garage_key_id: ENC[AES256_GCM,data:2lLS1nBhrwBkJh/ei7FwBoR6jOI6KCJkvOs=,iv:jwB7ZEaKOPIwghcGRs3qaICypoHgSxkFBOyB6e5hpYI=,tag:Iqwv3j1R1uLLUDKLhN1Atg==,type:str] _garage_key_secret: ENC[AES256_GCM,data:5iwwMfojHrR79cOIY+9O2oVY8v1cbPcECMSOMhWuGAdc2lfCogKBwLM4TFwBH9X1Vx56QvUoxCQ2uSyfOMLR7A==,iv:Q523ttz6ijmv8/JlVZuldFR4IabEKiVN4sGmJ9xDJU0=,tag:ZZ4LRG4DXOC7LY8hEjXYHQ==,type:str] sops: @@ -27,8 +29,8 @@ sops: UlYrTExEUVc0dURLR1czN3BnYzZ2VGMKCbAgM50jvs9VciA1Pb/VY+2I4x62LBGe j7eHkfTFc8Gnk/rZA9/ZJDLFr/FUPMQWK/NVoz6oLjO6oVFXqN6OqA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-02-27T02:50:27Z" - mac: ENC[AES256_GCM,data:FjlbCqqYHPn/FDPUR1flWgg6wwHhLJx1uKOedwkvsTxuPhlVJHghTHWYetdmplOQyEpOEbyv+iqKTGDYHzDdgU2jIZ0TKM66iHq+1yft4TatBu75/0N3I+SfZv97vKNehxN/zvIY3FQF4O8qVy9c1dZRmr7q27Wq2pdHSOe4Myg=,iv:YkUXcOwb6UZr0vXazbLrVeGTvBTtnwuEIY3O+GSrnNk=,tag:kQBh7urSnHoiV18TIGlPEg==,type:str] + lastmodified: "2025-03-16T16:45:13Z" + mac: ENC[AES256_GCM,data:DCx4uVuy53Gz9Ha2p/GjxTigKw/dJ0gvWIAII9AtKQCURu1OfiJ6Lp/ht6ndJwn25em11uppN371pQGxa8FRtLL+dX/YgoDmOw3Tgo3lc5VLBzalRqXHInOGHfgv9k1jHNq6zokKbBLDItBnUNOCvsLTXXenVRYdnkiuf3QPGhk=,iv:gBbbH/nJExK/dEXKHo+cCr+rxQ4uJQWweK0lYT7amsM=,tag:9GaCGFrcinqGfpibUNQ75w==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.4