diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index eded224..413b892 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -3,16 +3,6 @@ on: workflow_dispatch: push: pull_request: -env: - ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }} - NIX_CONFIG: | - show-trace = true - extra-substituters = https://cache.cy7.sh/main - extra-trusted-public-keys = main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0= - experimental-features = nix-command flakes - extra-experimental-features = nix-command flakes - accept-flake-config = true - TERM: ansi jobs: build-machines: strategy: @@ -37,11 +27,20 @@ jobs: remove-docker-images: 'true' build-mount-path: /nix - name: Install Nix - uses: nixbuild/nix-quick-install-action@master + uses: cachix/install-nix-action@v30 + with: + install_url: https://releases.nixos.org/nix/nix-2.25.4/install + extra_nix_config: 'accept-flake-config = true' - name: Sync repository uses: actions/checkout@v4 with: persist-credentials: false + - uses: cachix/cachix-action@v14 + with: + name: cything + authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' + useDaemon: false + installCommand: nix profile install nixpkgs#cachix - name: Restore and cache Nix store uses: nix-community/cache-nix-action@v5.1.0 with: @@ -59,17 +58,7 @@ jobs: purge-primary-key: never # always save the cache save-always: true - - name: setup attic - run: | - nix profile install github:zhaofengli/attic - attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" - - name: build and cache - run: | - package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" - nix build -L "$package" - derivation="$(nix path-info --derivation "$package")" - cache="$(nix-store --query --requisites --include-outputs "$derivation")" - attic push main --stdin <<< "$cache" + - run: nix build -L .#nixosConfigurations.${{ matrix.machine }}.config.system.build.toplevel build-homes: strategy: matrix: @@ -97,6 +86,12 @@ jobs: uses: actions/checkout@v4 with: persist-credentials: false + - uses: cachix/cachix-action@v14 + with: + name: cything + authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' + useDaemon: false + installCommand: nix profile install nixpkgs#cachix - name: Restore and cache Nix store uses: nix-community/cache-nix-action@v5.1.0 with: @@ -114,14 +109,4 @@ jobs: purge-primary-key: never # always save the cache save-always: true - - name: setup attic - run: | - nix profile install github:zhaofengli/attic - attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" - - name: build and cache - run: | - package=".#homeConfigurations."${{ matrix.home }}".activationPackage" - nix build -L "$package" - derivation="$(nix path-info --derivation "$package")" - cache="$(nix-store --query --requisites --include-outputs "$derivation")" - attic push main --stdin <<< "$cache" + - run: nix build -L .#homeConfigurations."${{ matrix.home }}".activationPackage diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index d23da13..72fc72c 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -6,16 +6,6 @@ on: description: "package to build" required: false type: string -env: - ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }} - NIX_CONFIG: | - show-trace = true - extra-substituters = https://cache.cy7.sh/main - extra-trusted-public-keys = main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0= - experimental-features = nix-command flakes - extra-experimental-features = nix-command flakes - accept-flake-config = true - TERM: ansi jobs: build-packages: strategy: @@ -32,25 +22,17 @@ jobs: steps: - name: Install Nix uses: cachix/install-nix-action@v30 + - name: Sync repository uses: actions/checkout@v4 with: persist-credentials: false - - name: setup attic - run: | - nix profile install github:zhaofengli/attic - attic login cy7 https://cache.cy7.sh "$ATTIC_TOKEN" - - run: nix build -L ${{ matrix.package }} - - name: cache result - run: | - derivation="$(nix path-info --derivation "${{ matrix.package }}")" - cache="$(nix-store --query --requisites --include-outputs "$derivation")" - attic push main --stdin <<< "$cache" - - name: prepare tarball to upload - run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result - - name: upload result - uses: actions/upload-artifact@v4 + + - uses: cachix/cachix-action@v14 with: - name: ${{ matrix.os }} - path: result.tar - if-no-files-found: error + name: cything + authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' + useDaemon: false + installCommand: nix profile install nixpkgs#cachix + + - run: nix build -L ${{ matrix.package }} diff --git a/.sops.yaml b/.sops.yaml index cb7e65d..6276e76 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -118,8 +118,9 @@ creation_rules: - age: - *chunk - *cy + - path_regex: secrets/services/searx.yaml key_groups: - age: - *chunk - - *cy + - *cy \ No newline at end of file diff --git a/flake.lock b/flake.lock index eebf547..7696580 100644 --- a/flake.lock +++ b/flake.lock @@ -2,22 +2,12 @@ "nodes": { "attic": { "inputs": { - "crane": [ - "crane" - ], - "flake-compat": [ - "flake-compat" - ], - "flake-parts": [ - "flake-parts" - ], + "crane": "crane", + "flake-compat": "flake-compat", + "flake-parts": "flake-parts", "nix-github-actions": "nix-github-actions", - "nixpkgs": [ - "nixpkgs" - ], - "nixpkgs-stable": [ - "nixpkgs-stable" - ] + "nixpkgs": "nixpkgs", + "nixpkgs-stable": "nixpkgs-stable" }, "locked": { "lastModified": 1738524606, @@ -29,6 +19,7 @@ }, "original": { "owner": "zhaofengli", + "ref": "main", "repo": "attic", "type": "github" } @@ -36,9 +27,9 @@ "cachix": { "inputs": { "devenv": "devenv", - "flake-compat": "flake-compat", + "flake-compat": "flake-compat_2", "git-hooks": "git-hooks", - "nixpkgs": "nixpkgs_3" + "nixpkgs": "nixpkgs_4" }, "locked": { "lastModified": 1737621947, @@ -72,7 +63,7 @@ "cachix", "devenv" ], - "nixpkgs": "nixpkgs" + "nixpkgs": "nixpkgs_2" }, "locked": { "lastModified": 1728672398, @@ -92,11 +83,11 @@ "complement": { "flake": false, "locked": { - "lastModified": 1741891349, - "narHash": "sha256-YvrzOWcX7DH1drp5SGa+E/fc7wN3hqFtPbqPjZpOu1Q=", + "lastModified": 1741378155, + "narHash": "sha256-rJSfqf3q4oWxcAwENtAowLZeCi8lktwKVH9XQvvZR64=", "owner": "girlbossceo", "repo": "complement", - "rev": "e587b3df569cba411aeac7c20b6366d03c143745", + "rev": "1502a00d8551d0f6e8954a23e43868877c3e57d9", "type": "github" }, "original": { @@ -108,9 +99,7 @@ }, "conduwuit": { "inputs": { - "attic": [ - "attic" - ], + "attic": "attic", "cachix": "cachix", "complement": "complement", "crane": [ @@ -131,11 +120,11 @@ "rocksdb": "rocksdb" }, "locked": { - "lastModified": 1742163799, - "narHash": "sha256-00cdNSSAOCGQpWRq7mauC1cm55hQ3JJ9phW7f2TLZes=", + "lastModified": 1741642109, + "narHash": "sha256-vO66C3rCb4lz3NU012fZj8+5BaFGuOCq/BJqiOXpqSA=", "owner": "girlbossceo", "repo": "conduwuit", - "rev": "658c19d55eb5fdf30f27e189c414208e2eae6e24", + "rev": "c4b05e77f3dd66636e26b64f8f4852703816c399", "type": "github" }, "original": { @@ -145,12 +134,34 @@ } }, "crane": { + "inputs": { + "nixpkgs": [ + "conduwuit", + "attic", + "nixpkgs" + ] + }, "locked": { - "lastModified": 1742143293, - "narHash": "sha256-8oKPsMlqlOQ7qnTWvhBEcfVFY1WqHIcSilGVtaLAquw=", + "lastModified": 1722960479, + "narHash": "sha256-NhCkJJQhD5GUib8zN9JrmYGMwt4lCRp6ZVNzIiYCl0Y=", "owner": "ipetkov", "repo": "crane", - "rev": "de3bb0155823298161c1c0a7805f10d4b4074bbb", + "rev": "4c6c77920b8d44cd6660c1621dea6b3fc4b4c4f4", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "crane_2": { + "locked": { + "lastModified": 1741481578, + "narHash": "sha256-JBTSyJFQdO3V8cgcL08VaBUByEU6P5kXbTJN6R0PFQo=", + "owner": "ipetkov", + "repo": "crane", + "rev": "bb1c9567c43e4434f54e9481eb4b8e8e0d50f0b5", "type": "github" }, "original": { @@ -217,6 +228,22 @@ } }, "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_2": { "flake": false, "locked": { "lastModified": 1733328505, @@ -232,7 +259,7 @@ "type": "github" } }, - "flake-compat_2": { + "flake-compat_3": { "locked": { "lastModified": 1733328505, "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", @@ -248,6 +275,28 @@ } }, "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "conduwuit", + "attic", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1722555600, + "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "8471fe90ad337a8074e957b69ca4d0089218391d", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_2": { "inputs": { "nixpkgs-lib": [ "conduwuit", @@ -271,7 +320,7 @@ "type": "github" } }, - "flake-parts_2": { + "flake-parts_3": { "inputs": { "nixpkgs-lib": [ "nixpkgs" @@ -342,38 +391,6 @@ "type": "github" } }, - "garage": { - "inputs": { - "crane": [ - "crane" - ], - "flake-compat": [ - "flake-compat" - ], - "flake-utils": [ - "flake-utils" - ], - "nixpkgs": [ - "nixpkgs" - ], - "rust-overlay": [ - "rust-overlay" - ] - }, - "locked": { - "lastModified": 1741360584, - "narHash": "sha256-5UkuvKllBRhU943imyc0jHDXQDVhIFx5WWUr3qrLEWQ=", - "owner": "deuxfleurs-org", - "repo": "garage", - "rev": "c96be1a9a8aa3b51075678888b80c2414ead2909", - "type": "github" - }, - "original": { - "owner": "deuxfleurs-org", - "repo": "garage", - "type": "github" - } - }, "git-hooks": { "inputs": { "flake-compat": [ @@ -387,7 +404,7 @@ "cachix", "nixpkgs" ], - "nixpkgs-stable": "nixpkgs-stable" + "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { "lastModified": 1733318908, @@ -455,11 +472,11 @@ ] }, "locked": { - "lastModified": 1741955947, - "narHash": "sha256-2lbURKclgKqBNm7hVRtWh0A7NrdsibD0EaWhahUVhhY=", + "lastModified": 1741701235, + "narHash": "sha256-gBlb8R9gnjUAT5XabJeel3C2iEUiBHx3+91651y3Sqo=", "owner": "nix-community", "repo": "home-manager", - "rev": "4e12151c9e014e2449e0beca2c0e9534b96a26b4", + "rev": "c630dfa8abcc65984cc1e47fb25d4552c81dd37e", "type": "github" }, "original": { @@ -576,11 +593,11 @@ "pre-commit-hooks": "pre-commit-hooks" }, "locked": { - "lastModified": 1742165831, - "narHash": "sha256-/ssmsf50UERQNlOcUuyfvigcnCNckAhAPZMo0+Y3mdY=", + "lastModified": 1741700536, + "narHash": "sha256-0OJER7bI6UsCFnKfKdLtgjpOTNccbN3N1dDriP4XRwA=", "ref": "refs/heads/main", - "rev": "2a336813ad2a4d64d027830507276da32927d215", - "revCount": 17664, + "rev": "be1491fa6aef638e0147b81ff172131d6db668d9", + "revCount": 17635, "type": "git", "url": "https://git.lix.systems/lix-project/lix" }, @@ -603,11 +620,11 @@ ] }, "locked": { - "lastModified": 1741894565, - "narHash": "sha256-2FD0NDJbEjUHloVrtEIms5miJsj1tvQCc/0YK5ambyc=", + "lastModified": 1738176840, + "narHash": "sha256-NG3IRvRs3u3btVCN861FqHvgOwqcNT/Oy6PBG86F5/E=", "ref": "refs/heads/main", - "rev": "a6da43f8193d9e329bba1795c42590c27966082e", - "revCount": 136, + "rev": "621aae0f3cceaffa6d73a4fb0f89c08d338d729e", + "revCount": 133, "type": "git", "url": "https://git.lix.systems/lix-project/nixos-module" }, @@ -649,9 +666,9 @@ "cachix", "devenv" ], - "flake-parts": "flake-parts", + "flake-parts": "flake-parts_2", "libgit2": "libgit2", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs_3", "nixpkgs-23-11": [ "conduwuit", "cachix", @@ -702,6 +719,7 @@ "nix-github-actions": { "inputs": { "nixpkgs": [ + "conduwuit", "attic", "nixpkgs" ] @@ -727,11 +745,11 @@ ] }, "locked": { - "lastModified": 1742174123, - "narHash": "sha256-pDNzMoR6m1ZSJToZQ6XDTLVSdzIzmFl1b8Pc3f7iV6Y=", + "lastModified": 1741619381, + "narHash": "sha256-koZtlJRqi0/MD/AKd0KrXLA2NuBOVzlIyAJprjzpxZE=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "2cfb4e1ca32f59dd2811d7a6dd5d4d1225f0955c", + "rev": "66537fb185462ba9b07f4e6f2d54894a1b2d04ab", "type": "github" }, "original": { @@ -778,16 +796,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1730531603, - "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=", + "lastModified": 1726042813, + "narHash": "sha256-LnNKCCxnwgF+575y0pxUdlGZBO/ru1CtGHIqQVfvjlA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d", + "rev": "159be5db480d1df880a0135ca0bfed84c2f88353", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-unstable", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } @@ -809,6 +827,22 @@ } }, "nixpkgs-stable": { + "locked": { + "lastModified": 1724316499, + "narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable_2": { "locked": { "lastModified": 1730741070, "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=", @@ -824,13 +858,13 @@ "type": "github" } }, - "nixpkgs-stable_2": { + "nixpkgs-stable_3": { "locked": { - "lastModified": 1742136038, - "narHash": "sha256-DDe16FJk18sadknQKKG/9FbwEro7A57tg9vB5kxZ8kY=", + "lastModified": 1741600792, + "narHash": "sha256-yfDy6chHcM7pXpMF4wycuuV+ILSTG486Z/vLx/Bdi6Y=", "owner": "nixos", "repo": "nixpkgs", - "rev": "a1185f4064c18a5db37c5c84e5638c78b46e3341", + "rev": "ebe2788eafd539477f83775ef93c3c7e244421d3", "type": "github" }, "original": { @@ -841,6 +875,22 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1730531603, + "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1717432640, "narHash": "sha256-+f9c4/ZX5MWDOuB1rKoWj+lBNm0z0rs4CK47HBLxy1o=", @@ -856,7 +906,7 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_4": { "locked": { "lastModified": 1733212471, "narHash": "sha256-M1+uCoV5igihRfcUKrr1riygbe73/dzNnzPsmaLCmpo=", @@ -872,13 +922,13 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_5": { "locked": { - "lastModified": 1742140672, - "narHash": "sha256-WhUVudt/iXRFhMTzuT594/Ho/zCZ3KH3IkwInRD3xa4=", + "lastModified": 1741692589, + "narHash": "sha256-t1BrOTAUIkRY4YlSspERzz5iaFbzJTIE6mhLmnWrDaA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "329ca25a90a27b20526164767a3309d0066a00ca", + "rev": "a7010334ad6d8082bb8aa5dd2e37bf3b98b1a713", "type": "github" }, "original": { @@ -899,11 +949,11 @@ "nuschtosSearch": "nuschtosSearch" }, "locked": { - "lastModified": 1741814789, - "narHash": "sha256-NbHsnnNwiYUcUaS4z8XK2tYpo3G8NXEKxaKkzMgMiLk=", + "lastModified": 1741637833, + "narHash": "sha256-1uBkdOwxNmkdXXjoycnEBZUoHZ/22GitQRVXjZlsVK0=", "owner": "nix-community", "repo": "nixvim", - "rev": "33097dcf776d1fad0ff3842096c4e3546312f251", + "rev": "bc34099731a7e3799c0d52ccdf4599409a2ef9b9", "type": "github" }, "original": { @@ -1028,13 +1078,11 @@ }, "root": { "inputs": { - "attic": "attic", "conduwuit": "conduwuit", - "crane": "crane", - "flake-compat": "flake-compat_2", - "flake-parts": "flake-parts_2", + "crane": "crane_2", + "flake-compat": "flake-compat_3", + "flake-parts": "flake-parts_3", "flake-utils": "flake-utils", - "garage": "garage", "home-manager": "home-manager", "lanzaboote": "lanzaboote", "lix": "lix", @@ -1042,8 +1090,8 @@ "nil": "nil", "nix-index-database": "nix-index-database", "nix-ld": "nix-ld", - "nixpkgs": "nixpkgs_4", - "nixpkgs-stable": "nixpkgs-stable_2", + "nixpkgs": "nixpkgs_5", + "nixpkgs-stable": "nixpkgs-stable_3", "nixvim": "nixvim", "nvim-github-theme": "nvim-github-theme", "pixelflasher": "pixelflasher", @@ -1077,11 +1125,11 @@ ] }, "locked": { - "lastModified": 1742178793, - "narHash": "sha256-S2onMdoDS4tIYd3/Jc5oFEZBr2dJOgPrh9KzSO/bfDw=", + "lastModified": 1741660300, + "narHash": "sha256-0jldJ58sC5RjqwpwE+ER+RPMeX4Moz5im/evQ3SU/dU=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "954582a766a50ebef5695a9616c93b5386418c08", + "rev": "ac2f556db0eb5cbba3c4f5f5989c46330f439b0b", "type": "github" }, "original": { @@ -1097,11 +1145,11 @@ ] }, "locked": { - "lastModified": 1741861888, - "narHash": "sha256-ynOgXAyToeE1UdLNfrUn/hL7MN0OpIS2BtNdLjpjPf0=", + "lastModified": 1741644481, + "narHash": "sha256-E0RrMykMtEv15V3QhpsFutgoSKhL1JBhidn+iZajOyg=", "owner": "Mic92", "repo": "sops-nix", - "rev": "d016ce0365b87d848a57c12ffcfdc71da7a2b55f", + "rev": "e653d71e82575a43fe9d228def8eddb73887b866", "type": "github" }, "original": { @@ -1170,11 +1218,11 @@ ] }, "locked": { - "lastModified": 1742176409, - "narHash": "sha256-jaTi5Tn5EIvYxThnNs4lFXWROCh8ihgSeORZ9Z1EClc=", + "lastModified": 1741704640, + "narHash": "sha256-FSvtxhfB0PQtFOj8PMfcgUG1QVaQzjTZvAxLiqDysKI=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "002ff77f2ab6417997c5e33883c754f8b23dc11d", + "rev": "27f37976beb94100b18ab8407ff056654db68506", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 3f362e2..29fc0ab 100644 --- a/flake.nix +++ b/flake.nix @@ -44,7 +44,6 @@ crane.follows = "crane"; flake-compat.follows = "flake-compat"; flake-utils.follows = "flake-utils"; - attic.follows = "attic"; }; }; lix-module = { @@ -78,26 +77,6 @@ inputs.nixpkgs.follows = "nixpkgs"; }; pixelflasher.url = "github:cything/nixpkgs/pixelflasher"; - attic = { - url = "github:zhaofengli/attic"; - inputs = { - nixpkgs.follows = "nixpkgs"; - nixpkgs-stable.follows = "nixpkgs-stable"; - flake-compat.follows = "flake-compat"; - flake-parts.follows = "flake-parts"; - crane.follows = "crane"; - }; - }; - garage = { - url = "github:deuxfleurs-org/garage"; - inputs = { - nixpkgs.follows = "nixpkgs"; - rust-overlay.follows = "rust-overlay"; - crane.follows = "crane"; - flake-compat.follows = "flake-compat"; - flake-utils.follows = "flake-utils"; - }; - }; nvim-github-theme = { url = "github:projekt0n/github-nvim-theme"; @@ -114,12 +93,12 @@ extra-substituters = [ "https://nix-community.cachix.org" "https://cache.garnix.io" - "https://cache.cy7.sh/main" + "https://cything.cachix.org" ]; extra-trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" - "main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0=" + "cything.cachix.org-1:xqW1W5NNL+wrM9wfSELb0MLj/harD2ZyB4HbdaMyvPI=" ]; builders-use-substitutes = true; }; diff --git a/home/codium.nix b/home/codium.nix index 935866b..2d7bb9d 100644 --- a/home/codium.nix +++ b/home/codium.nix @@ -10,7 +10,8 @@ extensions = # if unfree # with pkgs.vscode-marketplace; - with pkgs.open-vsx; [ + with pkgs.open-vsx; + [ vscodevim.vim jnoortheen.nix-ide github.github-vscode-theme @@ -20,8 +21,6 @@ tomrijndorp.find-it-faster streetsidesoftware.code-spell-checker emilast.logfilehighlighter - tamasfe.even-better-toml - golang.go ]; userSettings = let diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 3ec6aeb..9b20a66 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -102,7 +102,6 @@ pixelflasher element-desktop freetube - gopls ]; home.sessionVariables = { @@ -113,13 +112,13 @@ RUSTC_WRAPPER = "${lib.getExe pkgs.sccache}"; SCCACHE_BUCKET = "sccache"; SCCACHE_REGION = "us-east-1"; - SCCACHE_ENDPOINT = "https://s3.cy7.sh"; + SCCACHE_ENDPOINT = "https://e3e97aac307d106a7becea43cef8fcbd.r2.cloudflarestorage.com"; SCCACHE_ALLOW_CORE_DUMPS = "true"; SCCACHE_S3_USE_SSL = "true"; SCCACHE_CACHE_MULTIARCH = "true"; SCCACHE_LOG = "warn"; AWS_DEFAULT_REGION = "us-east-1"; - AWS_ENDPOINT_URL = "https://s3.cy7.sh"; + AWS_ENDPOINT_URL = "https://e3e97aac307d106a7becea43cef8fcbd.r2.cloudflarestorage.com"; AWS_ACCESS_KEY_ID = "$(cat /run/secrets/aws/key_id)"; AWS_SECRET_ACCESS_KEY = "$(cat /run/secrets/aws/key_secret)"; diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index 9a621c4..465e0b9 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -22,6 +22,7 @@ ./forgejo.nix ./garage.nix ./tailscale.nix + ./tor.nix ]; sops.age.keyFile = "/root/.config/sops/age/keys.txt"; @@ -100,18 +101,22 @@ ${tc} qdisc del dev ens18 root || true # create HTB hierarchy - ${tc} qdisc add dev ens18 root handle 1: htb default 10 + ${tc} qdisc add dev ens18 root handle 1: htb default 30 ${tc} class add dev ens18 parent 1: classid 1:1 htb rate 100% ceil 100% - # rest - ${tc} class add dev ens18 parent 1:1 classid 1:10 htb rate 60% ceil 100% + # tailscale + ${tc} class add dev ens18 parent 1:1 classid 1:10 htb rate 30% ceil 100% # caddy + ${tc} class add dev ens18 parent 1:1 classid 1:20 htb rate 30% ceil 100% + # rest ${tc} class add dev ens18 parent 1:1 classid 1:30 htb rate 40% ceil 100% # mark traffic - iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/caddy.service" -j MARK --set-mark 3 + iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/tailscaled.service" -j MARK --set-mark 1 + iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/caddy.service" -j MARK --set-mark 2 # route marked packets - ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 3 fw flowid 1:30 + ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 1 fw flowid 1:10 + ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 2 fw flowid 1:20 ''; }; interfaces.ens18 = { @@ -195,5 +200,4 @@ my.roundcube.enable = true; my.zipline.enable = true; my.searx.enable = true; - my.attic.enable = true; } diff --git a/hosts/chunk/garage.nix b/hosts/chunk/garage.nix index 81b4af3..0dade9f 100644 --- a/hosts/chunk/garage.nix +++ b/hosts/chunk/garage.nix @@ -10,13 +10,15 @@ api_bind_addr = "[::]:3900"; root_domain = "s3.cy7.sh"; }; + s3_web = { + bind_addr = "[::]:3902"; + root_domain = ".web.s3.cy7.sh"; + index = "index.html"; + }; admin.api_bind_addr = "[::]:3903"; rpc_bind_addr = "[::]:3901"; replication_factor = 1; db_engine = "lmdb"; - disable_scrub = true; - block_size = "10M"; - compression_level = "none"; }; environmentFile = config.sops.secrets."garage/env".path; }; @@ -29,6 +31,10 @@ reverse_proxy localhost:3900 ''; }; + "*.web.s3.cy7.sh".extraConfig = '' + import common + reverse_proxy localhost:3902 + ''; "admin.s3.cy7.sh".extraConfig = '' import common reverse_proxy localhost:3903 diff --git a/hosts/chunk/grafana.nix b/hosts/chunk/grafana.nix index f79a7ff..ee5a382 100644 --- a/hosts/chunk/grafana.nix +++ b/hosts/chunk/grafana.nix @@ -29,14 +29,6 @@ } ]; } - { - job_name = "garage"; - static_configs = [ - { - targets = [ "127.0.0.1:3903" ]; - } - ]; - } ]; }; diff --git a/hosts/chunk/rclone.nix b/hosts/chunk/rclone.nix index 60d4e0e..4b33e34 100644 --- a/hosts/chunk/rclone.nix +++ b/hosts/chunk/rclone.nix @@ -15,20 +15,30 @@ serviceConfig = { Type = "notify"; ExecStartPre = "/usr/bin/env mkdir -p /mnt/photos"; - ExecStart = '' - ${lib.getExe pkgs.rclone} mount \ - --config ${config.sops.secrets."rclone/config".path} \ - --cache-dir /var/cache/rclone \ - --transfers=32 \ - --dir-cache-time 30d \ - --vfs-cache-mode writes \ - --vfs-cache-max-size 2G \ - photos: /mnt/photos - ''; + ExecStart = "${lib.getExe pkgs.rclone} mount --config ${ + config.sops.secrets."rclone/config".path + } --cache-dir /var/cache/rclone --transfers=32 --checkers=32 --dir-cache-time 72h --vfs-cache-mode writes --vfs-cache-max-size 2G photos: /mnt/photos "; ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/photos"; }; }; + systemd.services.attic-mount = { + enable = true; + description = "Mount the attic data remote"; + requires = [ "network-online.target" ]; + after = [ "network-online.target" ]; + requiredBy = [ "atticd.service" ]; + before = [ "atticd.service" ]; + serviceConfig = { + Type = "notify"; + ExecStartPre = "/usr/bin/env mkdir -p /mnt/attic"; + ExecStart = "${lib.getExe pkgs.rclone} mount --config ${ + config.sops.secrets."rclone/config".path + } --cache-dir /var/cache/rclone --transfers=32 --checkers=32 --vfs-cache-mode writes --vfs-cache-max-size 2G --allow-other rsyncnet:attic /mnt/attic "; + ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/attic"; + }; + }; + systemd.services.garage-mount = { enable = true; description = "Mount the garage data remote"; @@ -39,22 +49,9 @@ serviceConfig = { Type = "notify"; ExecStartPre = "/usr/bin/env mkdir -p /mnt/garage"; - ExecStart = '' - ${lib.getExe pkgs.rclone} mount \ - --config ${config.sops.secrets."rclone/config".path} \ - --allow-other \ - --cache-dir /var/cache/rclone \ - --transfers=32 \ - --vfs-cache-mode full \ - --vfs-cache-min-free-space 5G \ - --dir-cache-time 30d \ - --no-checksum \ - --no-modtime \ - --vfs-fast-fingerprint \ - --vfs-read-chunk-size 10M \ - --vfs-read-chunk-streams 32 \ - rsyncnet:garage /mnt/garage - ''; + ExecStart = "${lib.getExe pkgs.rclone} mount --config ${ + config.sops.secrets."rclone/config".path + } --cache-dir /var/cache/rclone --transfers=32 --checkers=32 --vfs-cache-mode writes --vfs-cache-max-size 5G --allow-other rsyncnet:garage /mnt/garage "; ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/garage"; }; }; diff --git a/hosts/chunk/tor.nix b/hosts/chunk/tor.nix new file mode 100644 index 0000000..2ad4a89 --- /dev/null +++ b/hosts/chunk/tor.nix @@ -0,0 +1,16 @@ +{ ... }: +{ + services.tor = { + enable = true; + openFirewall = true; + relay = { + enable = true; + role = "relay"; + }; + settings = { + ORPort = 9001; + Nickname = "chunk"; + # MaxAdvertisedBandwidth = "20MBytes"; + }; + }; +} diff --git a/hosts/common.nix b/hosts/common.nix index bfa70e3..feafd17 100644 --- a/hosts/common.nix +++ b/hosts/common.nix @@ -10,14 +10,16 @@ "@wheel" ]; trusted-public-keys = [ + "niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" - "main:Ku31HoEWcBtfggge2VGj+QTkVrQuIwRIMGyfV/5VQP0=" + "cything.cachix.org-1:xqW1W5NNL+wrM9wfSELb0MLj/harD2ZyB4HbdaMyvPI=" ]; substituters = [ + "https://niri.cachix.org" "https://nix-community.cachix.org" "https://cache.garnix.io" - "https://cache.cy7.sh/main" + "https://cything.cachix.org" ]; }; channel.enable = false; diff --git a/hosts/ytnix/containers.nix b/hosts/ytnix/containers.nix index 4ef858c..a2aa405 100644 --- a/hosts/ytnix/containers.nix +++ b/hosts/ytnix/containers.nix @@ -1,4 +1,4 @@ -{ +{ config, pkgs, lib, @@ -6,22 +6,20 @@ }: { virtualisation.oci-containers.containers = { - immich-ml = - let - modelCache = "/opt/immich-ml"; - in - { - image = "ghcr.io/immich-app/immich-machine-learning:release"; - autoStart = true; - pull = "newer"; - ports = [ "3003:3003" ]; - environment = { - REDIS_HOSTNAME = "immich-redis"; - DB_HOSTNAME = "immich-db"; - }; - volumes = [ "${modelCache}:/cache" ]; - networks = [ "immich-net" ]; + immich-ml = let + modelCache = "/opt/immich-ml"; + in { + image = "ghcr.io/immich-app/immich-machine-learning:release"; + autoStart = true; + pull = "newer"; + ports = [ "3003:3003" ]; + environment = { + REDIS_HOSTNAME = "immich-redis"; + DB_HOSTNAME = "immich-db"; }; + volumes = [ "${modelCache}:/cache" ]; + networks = [ "immich-net" ]; + }; }; systemd.services.create-immich-net = rec { @@ -35,4 +33,4 @@ ${lib.getExe pkgs.podman} network create immich-net ''; }; -} +} \ No newline at end of file diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index b57887e..c185991 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -144,52 +144,49 @@ "docker" "disk" "adbusers" - "podman" ]; - environment.systemPackages = - with pkgs; - lib.flatten [ - tmux - vim - wget - tree - kitty - borgbackup - htop - file - dnsutils - q - age - compsize - wireguard-tools - traceroute - sops - sbctl # secure boot - lm_sensors - sshfs - openssl - just - killall - lshw - bubblewrap - fuse-overlayfs - dwarfs - wineWowPackages.stagingFull - (with gst_all_1; [ - gst-plugins-good - gst-plugins-bad - gst-plugins-ugly - gst-plugins-base - ]) - vulkan-loader - (heroic.override { - extraPkgs = pkgs: [ - pkgs.gamescope - pkgs.gamemode - ]; - }) - ]; + environment.systemPackages = with pkgs; lib.flatten [ + tmux + vim + wget + tree + kitty + borgbackup + htop + file + dnsutils + q + age + compsize + wireguard-tools + traceroute + sops + sbctl # secure boot + lm_sensors + sshfs + openssl + just + killall + lshw + bubblewrap + fuse-overlayfs + dwarfs + wineWowPackages.stagingFull + (with gst_all_1; [ + gst-plugins-good + gst-plugins-bad + gst-plugins-ugly + gst-plugins-base + ]) + vulkan-loader + (heroic.override { + extraPkgs = pkgs: [ + pkgs.gamescope + pkgs.gamemode + ]; + }) + ]; environment.sessionVariables = { NIXOS_OZONE_WL = "1"; @@ -387,5 +384,4 @@ programs.ccache.enable = true; nix.settings.extra-sandbox-paths = [ config.programs.ccache.cacheDir ]; programs.fuse.userAllowOther = true; - nix.settings.sandbox = false; } diff --git a/modules/attic.nix b/modules/attic.nix deleted file mode 100644 index 5aa54c6..0000000 --- a/modules/attic.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ - config, - lib, - ... -}: -let - cfg = config.my.attic; -in -{ - options.my.attic = { - enable = lib.mkEnableOption "attic"; - }; - - config = lib.mkIf cfg.enable { - services.atticd = { - enable = true; - environmentFile = config.sops.secrets."attic/env".path; - settings = { - listen = "[::]:8091"; - api-endpoint = "https://cache.cy7.sh/"; - allowed-hosts = [ "cache.cy7.sh" ]; - require-proof-of-possession = false; - compression = { - type = "none"; - level = 3; - }; - database.url = "postgresql:///atticd?host=/run/postgresql"; - - storage = { - type = "s3"; - region = "us-east-1"; - bucket = "attic"; - endpoint = "https://s3.cy7.sh"; - }; - - garbage-collection = { - default-retention-period = "1 month"; - }; - }; - }; - - services.caddy.virtualHosts."cache.cy7.sh".extraConfig = '' - import common - reverse_proxy localhost:8091 - ''; - }; -} diff --git a/modules/containerization.nix b/modules/containerization.nix index fd39da9..416d2bf 100644 --- a/modules/containerization.nix +++ b/modules/containerization.nix @@ -28,11 +28,8 @@ in dns_enabled = true; ipv6_enabled = true; }; - # answer on /var/run/docker.sock - dockerSocket.enable = true; }; - docker.enable = lib.mkIf (!cfg.usePodman) true; - oci-containers.backend = lib.mkIf (!cfg.usePodman) "docker"; + oci-containers.backend = lib.mkIf cfg.usePodman "podman"; }; }; } diff --git a/modules/default.nix b/modules/default.nix index 640d56b..b93f89f 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -8,6 +8,5 @@ ./containerization.nix ./vaultwarden.nix ./searx.nix - ./attic.nix ]; } diff --git a/modules/searx.nix b/modules/searx.nix index db22bed..9e23955 100644 --- a/modules/searx.nix +++ b/modules/searx.nix @@ -44,4 +44,4 @@ in reverse_proxy 127.0.0.1:8090 ''; }; -} +} \ No newline at end of file diff --git a/modules/vaultwarden.nix b/modules/vaultwarden.nix index 443d886..8fda611 100644 --- a/modules/vaultwarden.nix +++ b/modules/vaultwarden.nix @@ -29,4 +29,4 @@ in }; }; }; -} +} \ No newline at end of file diff --git a/overlay/attic/concurrent-32.patch b/overlay/attic/concurrent-32.patch new file mode 100644 index 0000000..639c1ec --- /dev/null +++ b/overlay/attic/concurrent-32.patch @@ -0,0 +1,13 @@ +diff --git a/server/src/config.rs b/server/src/config.rs +index 4412cbf..6dd483a 100644 +--- a/server/src/config.rs ++++ b/server/src/config.rs +@@ -565,7 +565,7 @@ fn default_default_retention_period() -> Duration { + } + + fn default_concurrent_chunk_uploads() -> usize { +- 10 ++ 32 + } + + fn load_config_from_path(path: &Path) -> Result { diff --git a/overlay/attic/default.nix b/overlay/attic/default.nix index 14f5daf..ea0cb05 100644 --- a/overlay/attic/default.nix +++ b/overlay/attic/default.nix @@ -1,7 +1,26 @@ final: prev: { - attic-server = prev.attic-server.overrideAttrs { - patches = [ - ./prefetch-32-chunks.patch - ]; - }; + attic-client = prev.attic-client.override (old: { + rustPlatform = old.rustPlatform // { + buildRustPackage = + args: + old.rustPlatform.buildRustPackage ( + args + // { + version = "0.1.1"; + src = final.fetchFromGitHub { + owner = "cything"; + repo = "attic"; + rev = "d660c85bdb6bb10499a23a846a13107ea0c72769"; + hash = "sha256-E22d2OLV02L2QdiSeK58flveehR8z8WIKkcN/njAMdg="; + }; + cargoLock = null; + cargoHash = "sha256-AbpWnYfBMrR6oOfy2LkQvIPYsClCWE89bJav+iHTtLM="; + useFetchCargoVendor = true; + patches = [ + ./concurrent-32.patch + ]; + } + ); + }; + }); } diff --git a/overlay/attic/prefetch-32-chunks.patch b/overlay/attic/prefetch-32-chunks.patch deleted file mode 100644 index bbb801b..0000000 --- a/overlay/attic/prefetch-32-chunks.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/server/src/api/binary_cache.rs b/server/src/api/binary_cache.rs -index 02e4857..71eeee8 100644 ---- a/server/src/api/binary_cache.rs -+++ b/server/src/api/binary_cache.rs -@@ -262,7 +262,7 @@ async fn get_nar( - - // TODO: Make num_prefetch configurable - // The ideal size depends on the average chunk size -- let merged = merge_chunks(chunks, streamer, storage, 2).map_err(|e| { -+ let merged = merge_chunks(chunks, streamer, storage, 32).map_err(|e| { - tracing::error!(%e, "Stream error"); - e - }); diff --git a/overlay/bitwarden/default.nix b/overlay/bitwarden/default.nix deleted file mode 100644 index e9ace96..0000000 --- a/overlay/bitwarden/default.nix +++ /dev/null @@ -1,9 +0,0 @@ -final: prev: { - bitwarden-desktop = prev.bitwarden-desktop.overrideAttrs ( - finalAttrs: prevAttrs: { - patches = prevAttrs.patches ++ [ - ./ssh-agent-no-confirm.patch - ]; - } - ); -} diff --git a/overlay/bitwarden/ssh-agent-no-confirm.patch b/overlay/bitwarden/ssh-agent-no-confirm.patch deleted file mode 100644 index 3e8e023..0000000 --- a/overlay/bitwarden/ssh-agent-no-confirm.patch +++ /dev/null @@ -1,34 +0,0 @@ -diff --git a/apps/desktop/desktop_native/core/src/ssh_agent/mod.rs b/core/src/ssh_agent/mod.rs -index 4e304cc..8203dca 100644 ---- a/apps/desktop/desktop_native/core/src/ssh_agent/mod.rs -+++ b/apps/desktop/desktop_native/core/src/ssh_agent/mod.rs -@@ -44,28 +44,7 @@ impl ssh_agent::Agent for BitwardenDesktopAgent { - return false; - } - -- let request_id = self.get_request_id().await; -- println!( -- "[SSH Agent] Confirming request from application: {}", -- info.process_name() -- ); -- -- let mut rx_channel = self.get_ui_response_rx.lock().await.resubscribe(); -- self.show_ui_request_tx -- .send(SshAgentUIRequest { -- request_id, -- cipher_id: Some(ssh_key.cipher_uuid.clone()), -- process_name: info.process_name().to_string(), -- is_list: false, -- }) -- .await -- .expect("Should send request to ui"); -- while let Ok((id, response)) = rx_channel.recv().await { -- if id == request_id { -- return response; -- } -- } -- false -+ true - } - - async fn can_list(&self, info: &peerinfo::models::PeerInfo) -> bool { diff --git a/overlay/conduwuit/default.nix b/overlay/conduwuit/default.nix new file mode 100644 index 0000000..1222c83 --- /dev/null +++ b/overlay/conduwuit/default.nix @@ -0,0 +1,44 @@ +final: prev: +let + newRust = final.rust-bin.fromRustupToolchainFile ./rust-toolchain.toml; + newRustPlatform = final.makeRustPlatform { + cargo = newRust; + rustc = newRust; + }; +in +{ + conduwuit = prev.conduwuit.override (old: { + rustPlatform = newRustPlatform // { + buildRustPackage = + args: + newRustPlatform.buildRustPackage ( + args + // { + version = "0.5.0-rc2"; + src = final.fetchFromGitHub { + owner = "girlbossceo"; + repo = "conduwuit"; + rev = "5b8464252c2c03edf65e43153be026dbb768a12a"; + hash = "sha256-yNdxoVZX13QUDJYM6zTMY9ExvacTqB+f0MLvDreSW8U="; + }; + doCheck = false; + cargoHash = "sha256-g19UujLI9d4aw+1273gfC17LDLOciqBvuLhe/VCsh80="; + # unstable has this set to "conduit" + meta.mainProgram = "conduwuit"; + + buildFeatures = [ + "brotli_compression" + "element_hacks" + "gzip_compression" + "release_max_log_level" # without this feature to enable debug logging + "sentry_telemetry" + "systemd" + "zstd_compression" + "jemalloc" + "io_uring" + ]; + } + ); + }; + }); +} diff --git a/overlay/conduwuit/rust-toolchain.toml b/overlay/conduwuit/rust-toolchain.toml new file mode 100644 index 0000000..97e33c9 --- /dev/null +++ b/overlay/conduwuit/rust-toolchain.toml @@ -0,0 +1,28 @@ +# This is the authoritiative configuration of this project's Rust toolchain. +# +# Other files that need upkeep when this changes: +# +# * `Cargo.toml` +# * `flake.nix` +# +# Search in those files for `rust-toolchain.toml` to find the relevant places. +# If you're having trouble making the relevant changes, bug a maintainer. + +[toolchain] +channel = "1.84.0" +profile = "minimal" +components = [ + # For rust-analyzer + "rust-src", + "rust-analyzer", + # For CI and editors + "rustfmt", + "clippy", +] +targets = [ + #"x86_64-apple-darwin", + "x86_64-unknown-linux-gnu", + "x86_64-unknown-linux-musl", + "aarch64-unknown-linux-musl", + #"aarch64-apple-darwin", +] diff --git a/overlay/default.nix b/overlay/default.nix index 0eea626..d617b17 100644 --- a/overlay/default.nix +++ b/overlay/default.nix @@ -1,30 +1,24 @@ { inputs }: let overlays = [ - ./zipline - ./bitwarden ./attic + ./zipline ]; importedOverlays = map (m: import m) overlays; in -[ +importedOverlays +++ [ ( final: prev: let nixpkgsFrom = flake: pkg: flake.legacyPackages.${prev.system}.${pkg}; - pkgFrom = flake: pkg: flake.packages.${prev.system}.${pkg}; + pkgFrom = flake: pkgFrom' flake "default"; + pkgFrom' = flake: pkg: flake.packages.${prev.system}.${pkg}; in { - conduwuit = pkgFrom inputs.conduwuit "static-x86_64-linux-musl-all-features-x86_64-haswell-optimised"; + conduwuit = + pkgFrom' inputs.conduwuit "static-x86_64-linux-musl-all-features-x86_64-haswell-optimised"; pixelflasher = nixpkgsFrom inputs.pixelflasher "pixelflasher"; - attic-server = pkgFrom inputs.attic "attic-server"; - attic = pkgFrom inputs.attic "attic"; - garage = ( - (pkgFrom inputs.garage "default").overrideAttrs { - meta.mainProgram = "garage"; - } - ); } ) -] -++ importedOverlays +] \ No newline at end of file diff --git a/secrets/services/attic.yaml b/secrets/services/attic.yaml index 2c42101..c4ba9a1 100644 --- a/secrets/services/attic.yaml +++ b/secrets/services/attic.yaml @@ -1,5 +1,5 @@ attic: - env: ENC[AES256_GCM,data:zaaavLrMO4pkwgt8ua32movvyeGLsqf/KBxBh17+lwIFSgrFtJ0SNEuedw1OpmjWNjjBbA3gmd2RvoYA7Ry/sSAA7cDgykr01g853c0vcr4H7u20J7gTJwSQaHVtuPwXO8VWE+xWEBJ7Gdq+fArxbHB1gW2aYtZk1w/Z40Tii6XVOuCS5YTpg+dkCuJ18q4p6o7K67W365Oq8JfcPNJ+uuOyG6UuCmoRo4iJYa+Zn53fz6soHUuC+m1G3qOB0lehbENUEapacqISz46IN1edR3+E1mcEk38q6VwbkYKBy/rycMSO9LaLeCDOD7UnxUa7Ks8Bk9BnJmI7N3IUfSHD2K+1qQuJsB1JcEnkXo+UbbSf+SG8nR/rIxj1GIJKxrJ2w1SGL1cyDw92xMJtK+kIDdvWHTsc+TwwZSL3/1pxivMIKVDhj2L2NGeIU7vBBxt0PYwgaFHA9JEH1k0c9U04Ug6P4TCOlv5C2GTL08IEnRh9ybJVHSbe8uzyofRiPjvPA8wTHwk0IPPUNKnN1Mm8MvQFNCIo3Cqnebar5r+dOY+E72Z7qNLPPM7kUWxpACwLFxDQyU9qvKeKovdmDyhpc5lC0IJbRJN84fNj50WsFI7k8txQMHkzF+GW4hRwzGnAmiZPvbYjzK+dmV0Qhk4Euiu2r5mBJNQqbHIYkwD18gk2Iz0nztLpsJLJcC9oztj+FewMNtntImYrMtv5ATYybeTuUT8wHQszOks+1EfWnISt9pU8Bn7YWmbcyD0btEjJy4BqCas5QBPamrNG3IVxT4GDqzJw8jJYmg1HF8RcGXm3wzgL0KznC8+Cd41jw1RJ6ejxkPSvZJ++rtbYg5OKQYx3Xxyl0zNSs93Agdejaqhm6twnqsan9SS1dTVJARtVYOQAN0ionHsZItKUt7zIcwm5kXxvHwvt3f9aQi8E+PxE2kfaJJdN8vnEAJOkVqUeK2zYf3X4/DSDVDB+0lPIvr5cU/Tq8P71KFgE0XtogMc7kXg8Ka4q0Ji6HIr2aY+4E4ejMVyyGH+C7/eMnTdL8BU2uZXPPbMwm7pE+3ScBaIhvtlgJtbzOW8+5xIXnPrI7k5ihTjcyPWXKghp6K2f8gTx4Ol2McJdy6zzdYvHrkKm0QplY/VnivDAUGmoimc1fdqCNq2p7iyj6+6//GIJWnzCpQP0bTs9xzZ/rfG6PLh3Y4uTETpnoyO3dZwGEWwrmsGVt03r02eY4jKEh9cARdyTfJJsoKb2403zxCUL7Gr5mA3FagA2zJuFQCuks2/HxRQyGmnd9IYde6CwXMJLUtCnoW2U0s4jscflEvfzXEPtlvuxpMX0r6aBUh4ryNryJtxCwV2Hqhcbuy73PTJT+/hSxD22HXNoNxnTb0A08mTRvXhwuciGkRr+TazPk38WzMDRV2SPIGmWTQJrsd2l1PQmo2d+aeaX2mH8Z9CQmU7l+WjzZHS3H+/LiG/Wi1TJBWLx2/MwFkFhfpCj0x9Scm9nQ5JFI3YBAc1cG2Q1uAjyCTnhY3oySfV7CrVdaF1sectScCVv2fJPFWPH3rI9noWqMh6tzaHcinB5aPnTtqoLo2p+Nu+RVwC0gKa8NZX2Py2SjsN8FBMq/EbVeUBN2pA7mEN3LEBED3qV8PzKMctZ3H8Dcwj8tuMyzxyqVMgbhyMwtE51cyg8GGi0KjFenJerI00RRnSz0MfI38PVz483i3APFrWT20/Cgcvhn+L98oZktsqzDb3qOOKVqRDv57MFT8GIlPUmgCx3T23L1SyvTetVASGdu9bE2Iv9xljikM6J/fqqs+i2d3sk+ulHZrP8OSSd/rTwhU0R1TF38PSaUvY0vj8VCKWqTDpz5zZpsWPrEXTuERcJJcPv3VMT/jXLXafj7CfxLzb/n7hp2oAXdMLdnUO6esaTFnPPm4ky8/B4uK2LB3nf3sB36aQAWKiUDk7BhNBIsGSvEf5ZT8W5EoGfZiLFVCFA4svYtbyMRyRLoofBls6FUbqzpVaQijb7coMnPdM+bPFdvNq0WhOVlhmvXGpCQejMV7SToj5tIWAz2+kSdsm/ekBu81VduCrK99lH6XX6fgkBBRcXOVnz765zD+iTIlL4ytkZ2sLq9VOunQmVD91l4/0T0Dx0L1u7jpNhvZmTW6qLEDH7SRl63mEYsXbPiIG19aK7jDQMGY58PyGPUx3q7JClbIj+2L3rro02WNf+6+RWO+ayzcHdydBPCVo4eRZb8IxwhqsRVWW57wNy37kbmWBRBq5z/O3cEaVasBHx7gTmCpfJSad+Pawizrd2+1OYPKfTls9ZOting/1lL3peT/thIjZVmw3nkISfRPayOGASqB2j80Fn5jM1em0vv3YMaQophg2JDs9AVmGr0OOOqLld9hlX3XseRPL7R9r7Q4UQ+b/v8hBGrKWAp23iTWp9kcbatzSsZ1K9LKRxRcqpNVBv0aaMun2q3NA78msQPe7nPZLoW/R3Lm7UJUqv3xRzgFgSenkuL2RaP7bg2LtHjsb9se03LslXh/spzMHjv7EX+w2NNMUChJ+eyXw5XEYXLEZzv+oiRkT13EaAKxFRHjscEXao484irI17/XYErZevsS4vIRAWjRouWTk5Em7bX1ISretbmMj2SF3N8BU+MC7uySat+FoxolN/tmtcrv7mRBVQY2sw/lYphAnydllgU7o0HFaBAGPzMvdQSf2U5kTbIXdtUiSm7/sCJXaD2X5zxvwWEKLvy4/PnGFFTgA4xnxXFPuiSA2mJhShp1DEESeJKYF+blornYiLI1Nhc6iFHOFuD2WCTeTifC46Sb3p97QqpNnbhZ8heuJVgfJ2eEjmu6dbhPX/htzPoy1mk6CUsmvg8zOCKntyuAuJW5dRusrCPhcnW2CEhY9Mmdp4B6ow4Kapb+eNmLngIqfWIea54c0BLM0U70dq6+cTeoVFdTcv8jvkn6xsj+8+V9GjMr7P4x69e+CZYAV7EA79l/xFmyVxuUyDlF6GIuk1gcR8BaANjhS7t47+pm6J/GOoKKQfQZhuqXW5bSWKXFyqr9vZZMQ3w5UWcJujCEu4f7zbL8PKTx3JamR/Rj07rZ10VdMpZpFG9JxVHUx5a46dO0xfNjshG2sFGOrSbjqLC77XG30JP5LpIKWlQe9e5yl8/2ANLgNcoErA8DS9NNvYV6IK52/eUybEl6pdjCLvEplvoMz3TdCJj2l88BtryoMU4OothUFwyAAqVE2YwINdn4JaT8Xmm/p0EyHDxZ4a1XpwjjOxHTlixPv9SPRpIPuQpyoz3nKldq21z84ZvjfWAl/RVMVzz9wyrS/xOCWzhm31tyfeQu/DbA6QQRiyKU6HuA1s2eo6pmbXQqNcUC137ruyAO+NzVzxwuGJOKyx0YIDl1AJZD7j/du3HTyMUu6Wvhx5imDdT+x1I6oM333l5ugICxK+cLgGDmkeYYVspUYqpTC24ntkmg6d8Ah0zuZG4JNXeatGRUsy3zqwkW4AQ+KWyXEFLqlfA58kGs0O4re5LOKGPg0YZtO0oGs3Iq9nE2qSx4oewzm4FWpoG7o9SrnxZvVB4HGNblc2DBHAh93Sych9tS4jRPx17giJ6NPXbkpisr27vRZuoVDE2EctpSxC9EgSdPC3RF1d4VblPmE5ki6pc2wCxtrPGiSJ7hbj4RMzPm7BCG8xL1B1CfiMHU8xdFZaov4zUfRpgtLX3XX51X8OR3kOGVZHnXP2YsqMdh+RVzm0AMETTdCzN0CAWzsqs8wFp8UtrBV8I1qLdEoKNUNN7giVGCzlsQOWl31At1axEVHdM9S/k82ZjpYatAlQyUoH5jYJrh/0D6xiyZcophD8jS21tuKU5Y5OtXmFBrzsgpa/zLXzbn8yvohHi+wXViopJLEiZ81C09zrrLxPoz0W54RaEV8EukU1XPfK56BFWdO7D55hT9wlQiQ+PlKnJj1NTDirCiHQnl1kD0xDX9sN7spOb4AXYFf7gGLUOE9z0/xU6IgYPvjiH8TYf+UqLsy09IPa4vsbc+kIrmjWFKXWru8UlMkLzBiIgS+/DWkA7pSr/scyiHFibwe4DYHkit8lUUyjZhZW+RpEr+vzYcCFrYaVycPnaoHp/c3W3nVfzhFP2rHifMC+AKMh8OBNn7J7X9KwXExtx+q/+mmPs/xkfIrHFes7km38SHSJ9dJmxaJcoJFIpldZjRMI8Qnn8LWYOoK6Mhx5ZEtXt1pAhtg7aRpJPT8olV3EPVqzFrySoz1iZay7bDYZp4TsvjVIYDS6wKKPArDDHLIR6XPYeJn41//g4TtViz2SJA4QhRttdvCAUfRzC23uGrJ3lBjJCF4rEufatZ1ohF4BV2CiWFClnKxTs92ku+Dc1hd1jda+USq+7DavojQkbgh4yQVeAZQqLPd596eoXqOog/4IVyh8fSSzMDAln6TiMPWT3XuKbSUOZDNmyvpcWtUJnpFihsVznUmjmz7NnS75d6rZsvHbEIENpgEEGjcuJy06WZa7tQ9qVazmzMXFyFGkiI1xCH3/1n/35XQSXsmtBxARzdJUXvRcsbKScGaAGzpA074qW6mFRoQDjLs8hcS+BAQpAcwMupNvMHUL6wpL4fUXqXXlEVPQ4wNG9XTqOSa0jVGWZDsm7VXh1jpkpNpckR3cxUuZ68/gr9qFPX6XlI+IBLWJfmKDYESM6vjWfQegPifOZXSdcMrtK9FnXw8SMGLdUX5XB1pm9pwS0L2h+1ePvL2lyiG/ViaUYrGFtbzYUJwy6tHne1OUATxCdLSh0EbV7zxc8XEy245Vt6PLJvbQYeZaIsu/SOrTZbnHKB0zQ70/N79D1lSPPxqR3xIJPoBoBF42oE90mXGoXdh6qQR6zZuat6+gVpuvJBWjlAff05p9xJRzKOKUm4Nzw7/zCCxx2Ah2QadW35rlrupUPZ6C2E56fKTlFnga0v1pXwEgeb4nX+AAarB7rqDqffdMRgmQHrrd0we5p9E74Eo80aBH8ETMhOOA8bJ4FRxwar8oDoNcFQfFCCYc07ZmIYzeOKdab8Uk8Fp2ZLqqCjosgv8PXAXA7RZn3krVNVCYmVzCkIq4VMc7ZtxZXO+7H3Ilnmp4ajhRBI/vzLal0eeOi70VoKIwt/uLheeqjb54HPXFq7vIsY61k3bbi+lNd3QnQUYp1+e/53d0JCNayLNNb71dUoC3RtkLrelnPXWDWkgpF3n3dZLcECZdkvbLys0CO4y2s8gMMVHDK2z19bclzglK+eKwnu/gA/k7GaTtbeKD/hm4UctIGlKERgUIHt8oGPJmxtQtEX/JcWVVi1TlSwxoRGjeNgRy7CcGISDHGn/ZwefXb2SuTQqwb0Yt9G4Ou0EmEsS5YJDsZ7WRbY2Hz47HChdB1g+6P8BC82dhkXR0/q7hljXi6mzGIUxMS5C2kyX0cqhhQJjr0kfAktcAo70O/6lKl4XDOmKeK7EGibglEmsAZmG1tQsAvir5F+SGakgjFbMlJzFde9d4fFtf8XA293MuQOAXTMlU+7SCKaG83jaebRZmxltzhX8/DXPv0T8smag7Y5KfLweyqI9sGtVAh3mknV8ZcGb5l06A2kkdmGgoKbeBD5/CSgppmDUMJAflDBLSL3K84iko2f1T7mRRyM/KKsRX4lzjXlb6ZUBYiuXbCsRMKuf/BLw1E6HPAbqUtTemPWfuBTunp/s+L4bNOLNUIScFZ5PkrM5pzNn4qz83XTTuWHZpfl1Gv4pKFCAbw4ZHdWkal8yA3tqrBXEyqxTDSMNh27/7qhY+uRTUIDzczSFuuY861gifARvg/v2ZB7fDwhLu4eI0KD33Rchgi88HV7YYS4eAoBZadZZnq5N/AcApDTLHau33pzaRIbuacPH2gjF39AiSO5cokkcfqnfXogjTtHwIzHby3x2nqAr6i6TjytEPhGHWSw9JWhmoH8gHFCzdsFpTkQQBEzawtUONC1anAtKR8buQq3/OHDzaaYp5sbI+xDlw71RXZiULrqA8LdIec+P+g4MstA==,iv:O+0WWj3qcMA+/U7jD6svoZhfk3SjtHXqgsDCdI67mCQ=,tag:HDfjSbBfNlDZniYU0L98NA==,type:str] + env: ENC[AES256_GCM,data:0qElab1fenlFSuj5GnLIOeSZkj2JX4n+idEg4kwoAoulBG3RxFzHP8zcIW1aDBG3E0trFjdTsrhaIYrfLijgQeDe05kJVJkiLM+wNZGf6w18n90/zDlpbOk9ZKSaqqsqxZ+XItW9Z8VTd2ieTlh75cedBjOaqJkn+DjjxV5YvyqPFJ69xjsbJbt5zWfFeudObiPmTJ1mdto9mMkPAmy2lgUFoXH72tRbkSNqEppylmbuiUF0tO8bpTuAa+o3apcv/tdZkvl6EV7LjTcOWBSkT8OhpGjykdiBLnJmX7yGjPSATbu+RGCkS5ZVCDG0el/RmpgrSZ9uPN6IqZPiop2bHZkAFKM7XBVevOTNmmjMLt+u3yzp5Mk/WdOUEK9vQfMRxperyQhYYtIxGEr/RYpTfV4xO4uW8GQzIg9PLKLrBeHrOrivJ8W83TlzQiBvbTjMLpmh0GFwNHMBNESNrY744PFPYJyumKBTWSzvVtDT6/bWnbmUI4SIbkCPySqu6hqHJDZbwX41oQa1yn3/CnehvAaqelbNbpiOYaYa36HxCpdSZBgiXlAGhQAEgk5VhbqpoKE8OjBdORscB/IT5OXx0dBkiOeYpiCu79LaOkxgnEVWqckwOJLJptvpZGoP81MaYbyLYbxfUHywRKMA74RG4XEJgx6YPmIn1/yRZO4y+BLhNyfTGQY7P6qPVlh9wMwyzXZA2roDLbS3hiJjFaUoOViMmmhxKveBhXQ7BCYspGD0G2L8FkkqZSNRum+LRyI9okMMrRCShz35sIoO4KLcUIq/j/RUdq8tpUy0VPIxjwHVDZ54Ehg7sVdtmJIlO3apCVnSdU+Er8gLwPuOBks6HhdU9u0HXK5Q4xxRcGnmrbdrRlVvauHceyJM/r//1Vgf+0dck75a4I8k6Hh8Pe8uKT3SxQW6Z/xhhq2QN3uE4tKGitpscTVgqVDlUCbMye7b3vjSfXkNiFtp7p9wo9K87osnua0ba3KCgqEzAAT6eRnlVZp/Dq5RaP4IOkYp1F919NkDaZX5t+M2DXvKhIC08nbdqSu6vxRK4KPksUUaYja6w8hjgWsN7VAYH0nKLSOZN8fGF7nNgxLqnh+2bKEQDOQ/Gn3sr/xKONcheKu9RXfoMng0Vd1f+Udg6p6049t9AcHkY2+gd6Cm4fmyZT0Ym50kh63eNI/knDmV/WwOTGld/XcCNwUDbIZl2EHS23rVqoy4XhEHgHIrdN+wh1+zhMW7ZeTBFSIHxYfrziEM33hDQKYYxywWt81tMYjcx2nYKqep1IRuL/9IillZuJ2GTNwidPVFjxgG3/a+0/hghSMr47t/x8EO2YlIoaKkCitkNiRX/4z3t6bfO1UmXxS/hNriFtpXYBVE+v5RHG3ttatbWUxGYU/tSR3at+GJAm22lI7SpEp4kpsLEc7bCNB8m6wqD1rLJ9xQbPqgA6CqTWBCAkVyts1H9QBsRMEJRsleqGZzkjb1p44lAgLUl4YnHCaLWN2En0GmQICetuvl2YecURlXNw6eF166vALvrGB5zGAFFrv7VPIP84okU0yPoxqi/zv0QIl+1p5/avgfYRxhSigeG+caYKs0sqnw5Or7nSh3uwggkt+QvPfXvuzB5P4O2KZOgkziZngeoExLtQSJbZrUuM+qhvt0CiB9m2JyKadSUbBf6mbafSWh6gKTdZRbarWbrvwcEB/b0nBGtNz9QlXcX2msaw8gqu97FVKVtXWAXv7P8Tne/0evb4U7CBCxU3FwsNHIy9VGdbsAWrfHUtYr9NyU9Yhjrncrejbp/0ok08XC2yJ5Lx4fqpibCOD2geHkmTS1EWOMRXqaE1rtroodpzXffzXv/CUXZngH2wc1Jc1NhnTmD/NYA1QviR+wrQGBxrCUz257fER5tYGp7MKNxIEiDPvXBC4SF8XAweoQpMzXof9RHn15CMtNU8+gf9LAltA+H7OZ9N4qyW9R9eXDOOrTW5wNthXqXel+GWSYi2H9H04b+Wf+bG7OwKd2mTpJJ6CREbX7tItBybjH3d7EGU1DGD7IYJhw2IaduqnSywyqgywT1ge07hxziU8E75bpPBDbB4v2+XWBPYItnjAj2BZxBdOIrCTmrMuaewynOAKtHPOn9v/t3wN9pbfEUbFraZGCVytSMJR0lWbhUm28ViO3EHq3DbhVIOLaMimd9Op/IIxjWrcmIvBXT8D/kM+pbYRc4vhfZQXfhFSwmTi5JHTgtaF3wEl8VGMfMLo4fqUz8nrPwJtmvNHP6GvKp9eqrBCtSjvzYD4Z1az9lgQit2rS+fv4XSynNeEZ/IYlDCJDHRCMEKEcJAIxCWRLlXjHMdfWYAMDBCpdrUxFuGuES5/7T0tZS2NbG/n7rMGExJwgAjzbWDe2N0cxegDREJMPJkPq7Q4MzhcmXhvigUYF/qkkpAkaYql5TUIQeWiIu5QsDwdbmED+6X84qKbsPRZ+8vJ9VJSnxMbrV8eU6ao0iWUceRqETiE9f3icg2SsP7n9BlliEUzuGcvW6lhAwHVwaGbhH8t15iggCfbqL+sQ9kTlda+oFC2sxQ8h3gi/kdffsgKCYwSt30RFojlVgWEZ6zMoHS7jo3EItYx+8EUeIfUwkqSRWb+mMb62cBjnWo9M9pK4m7iD85zAnzdLqzTqj6E+tzRhP/SXAo6HW2jIx502tN35MYBBnhmnxlWHGhvlAG/ItP0N2Jq+VuX5XF9HU3teXuaHVZVuo630em0L5YsyyUhyRGRQuLUpTwcvXFO9UXm2p+XpKshCkbCLxO7rgpg06vvJ4/AKrpVbTEDliMr1e4YL28dKc1jDRzjmhGUqDavnCi98x0Z9I4xuC52P1RHhkwEHgGu5ii7LsIpZ2vM4R8vbp+0zWgJzjnimMGZlAqrJlGMhNnqpv3/tk63ADCBkeol10MNxTBAJKrmZXtVXUxEX1GcFUdjFvOEz8vrgm/ide2t9qYfAW2CgJnSnUJdSFiOq8n7EeH70PPpWTwQ7HqncK2J966MmUZom5Flth8rIb8tN+m9WKytDSAhIdBL6z13kaaUiEpw+0TSb3tFSGlkyPyIjgwMuUplrBczQ5r6sfwbF9jt7SLpOU83OhSPepGmCqNTeym5fJK/0h4ypZx+bjvHSM/Wf1l/N5gcq6INLmtsZqPFIFqAqZL3fGCBTRO2ViERAccTHMN8VEEk42vW3PPWx8H6QEkNK/3tHwhdndrnmvq6wBhMbKF7i/Y3n6wy6LnSVWrB17qU1ZpRSGtraQsbUMm4fksuhZBOqPZKsyQAu+7qBs7I4NBn9u2PklZ4BZuhca/hzqWfW8tHtSy6iWIwS6lTwjasC2hZ+LEepINK10bWK9nm7m7fETFukGYgLgKGXgj1lca6G/dYidc1UHE6sLYlgHmLp+GTv1Ajup/jr4oll8AEtp2QEXTQRAVtlPSgqjNXluNL00EVG+YXuOhjh6iuA7xHIq3mg3UR6sDOW6v3h9Iaf5/muVMhJb/2srx1mjRIku0QUzpxyT9jkKQFrzyi4uxqPUJBstIEBToZCQa8ScoGmW5VS7l55M4LPRyMU/JJsa7G/IDD/IbCPLlKh+yUYbCkYupbU/SyVrJoUeiYZHfzrJWXeKKte2/4CQD2MYkV/IY/K8w5T2io0/6gdfhRi2xnMpUoqAMy8ow1wGtpJyDbkXEj+KrX2jk7nSIHGes1gbmN5ayVg2WDiebERJjZBvoLt/aiIwbzSoMKUiJuNzQC9akx7qisOnFhHsKgX1aoefBFw6Q3ChKP/z9cdBpj+jIvN/yjA1fNxpdlmXRitx6Hcum6LJJw129P43MJOVNNgX0if0P7arMJOidxgIg3oB9fEEhan6tCVyLUJUH4saGO3CoVyFA2NLqOZtAQcNzadR9lQaQnqtr3V6iHcv0IgAEYde9AdO1dDkA6OQQY8H8ZiDz0dYtsYR8L+pvqgMiMo2smGFg2pnScyNTypL5PEPJdy4dx8UnMbg8BHgnGMVcXbpTACGe3rvJzwdNyPPzisvn6fJGcSQ8A2G+SUIJLxxxQ5XQMAjeSTmPoWS8DTB7g/vNXD62XoMs24HllzcksUiBJtkbl57FL1BKcwtZesMeoV1Rd+t9lKk5UBiBjqAYYRk+BNWf7LV9ue5y1K0MFPcfB92FPrYPT1LbzZZ1lLRNr260YkBiKVQYhkMmyL1OkCpIGdOKB4fsuUETlA1+KIOcXVuVgWxYkqGcAu49pb0OICjjfXoqM7wuoqttz2GzsQrvyJ+fjzRIIxiEWmVw9v2wrAE2M1aWbA7RAWYAIpy25YrW5MATt9ZWOJdlhqfZOECtwSzn80ohD5+ysmNUqh950EhTvAxqeAO/6PfTXK9EVZM7oMfjrEQ5fJYbJ21HU9kDJjIuDxewr46um8VPrj9oVowhacY0hOo38DpZEd6BvezGL1yWFnZ/s9O7A3I3/6z3Xs/GdZlqPW8pcih7OPeAqEV/E6fQHx4wAAUgIjn72WDcaes/O7SwpM6T2HfRkxfobq1tFeGwf2PNq+74EpVJCZDgjJwqPmFrrwIPxkLWD66/hp0iGEBPtfGRHCFk8PzlccTZeWYZNTOS62g4m+sHugwTMtwk1VCa1C4VNijHa7yJPfxiI1dnmS98CmIHYX3HL+NNk9S9t5w0DG7bJzfbuEgEyOcbBOOq2RhQXyBNT4Pb3avc2CzHKPxxdhiLBKEMBIp9QAQsj9sL3bFxlhU4LmDDsu8ZoTvpfbbTB1YD9gx5yOQamRuyjkErHmGizNYhemMaQszvxJon0u/+tHGMO7vyK3Ex5+apIgEFrMGwvOUTwMFMAY8kSOcoEV09y90BU9oeAjmsUQhZqAvAb3GBLEPhWc7I9cAf7vPXw0/tH+fVUAI3eYdDh5GX1pD8I3Op88LljAk8USu4eBffESKfu7A3s0OoSpQw5ptwkWR5n45TPU60pP+82T98OKQoYJ5BwUuvAjJXwU2gfLikR9SFWoqpYd/5xx3ZKoXh374P8purIDwav7YHf+AWWz2BpsDof81Eplqr5O3F/iKvnBTftOmEXYkJH2ymkUzsCUf1liuafb1kLJ6UWrtR6ieG64MMYPv3E5ok0XEkvKAYqTa4Ux8XWOqBVq9qosuTAKuaYEnaFwK0TRefzJBTJuQCFOZnCmm6erQ/ee9pcXwRNyu/ODWwBh0U5e63PlMbbMrCMwuQtOW95U6ysmJF5Cg1pRsHwRmhOhQfIQpiQx5xQZXEr/xNSFPc7dTzrzPDszOQs9HZM57YDs5hG8gboiG5hLQ1Ly/j6jP5zli0zSd1FTMA1/f8V//emhAKfS5V/J5+N4WEMMf2PZo4/E4fn9qo6q9yv9AbikxsQLmBlf+P8ZS79dJdM6tulMyYutbEhrh2oQyDJiERd+hWI7xgU6RPXmyWGzyc9ksUaPIeZdyD4s13tq9KA0GtfpjFmY2TUxSd2qaAFDqbITkZhGGFaJr0TcJUavrSFpWMpqLGjPaxqefqVdAnPp1yr/CplDVo1amO1Uhbfx9Zhmsvmv5w3kD3s0q4K3sFaW38Chbc1o5U9SiKMhenTxqthsZ/x4AH+kB6FDEH5mLQ/SZb5EMwL3wpwc3EigXiJVZhJWeTOOQyodLQTBZpxK4KIa8j8vJaY8Fk2BxHg23H1JxqP2Ryhhof/Pqt2CAJL0XiUjL13xPqPwNrpthdVZhG/Ty04qvsXUjnrVsmgYb4KuP074EZzylczRllKGANPVNfyh+cDH4HAi6yF4RlZBrOMCSLP1R7f86mFn9x3oA3/7UkjZp502EF7TLa0l7n5rMgl2pbaapKKsw9NmCnbJUqjsjwAYiYPgYa5wVUgP9YJz3Ju8wIxXtezMtFi/IJM50B1f64Q+zvWMi6zlwdOUmCHVaZ0I0u/8Wc4nsIjAZ8kgqUXkmwkBlMoWBgzifvs7EaP4AqPPZlSEh4cAMsrP3WMmnIEasooq/HvtAIsKg+pI7qK/n1aJBKVhQkBNrQQJ+XNKLFQddf7Pv28bZdcCjwDgvOwRig==,iv:XGLs0HSedykhhCR2fB0QdN/LmGkNHwA8pnVGG9ZNNp8=,tag:RRjtMpklT+MCgEDsvwyXhw==,type:str] sops: kms: [] gcp_kms: [] @@ -33,8 +33,8 @@ sops: ekFwNFp4dm9UeDU5WFU5SmJyY25lMEEKZquSaE2A4ZTSp8sNB5bjgUzdp8RtAHIH xmbtfiMcLUv7J3FdGNwmSn9P9lYgzCVEZBjI0BCj/9JEm0eGFL8Vbw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-03-13T17:03:36Z" - mac: ENC[AES256_GCM,data:ZOCXTpjiySU1zfysnJm8u3BMFYVeI95sfEUVgep1WAvy/8RpoIgXq60hUPHSwp2+Z9u+PdTzenimlqdnVgAtfmHYO/xwOsiKuVVtBkBFuYE54U/jugr43D1mD3lHbm/0IQ+e+pCCmIp66BC6PV70lZMDzMDhf0PmxHU1hQZhgNI=,iv:4jRrIaswY2tEcx/fQrgN+DAxhLcM14DMV1et6m2W+SY=,tag:ak8/1MjIrqcgaUeKw6u6uA==,type:str] + lastmodified: "2025-02-25T02:25:40Z" + mac: ENC[AES256_GCM,data:LT0NJ2wwGkomokQSQ/iejmhmprS0I5ec3+k2BC0ni7zWFqMCTpNGpSNivOXZ7zVHKJMDgyabDzPU+G8qYIlL7hbY9QP3slt4TqwnF/xJkwIEDwDjV1eDM9QOfBzb5PTqbDpRv3I5oNa9d5viqVggwG7NoZA/j/Y+U5/aE4pVOuQ=,iv:I01C/Y98apE039URvIfnykaHFXOUO2UB6dgJQjj3QH4=,tag:qvVGltx2sE5wdyehF38EhQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.4 diff --git a/secrets/yt/aws.yaml b/secrets/yt/aws.yaml index 0a48d33..40f828a 100644 --- a/secrets/yt/aws.yaml +++ b/secrets/yt/aws.yaml @@ -1,8 +1,6 @@ aws: - key_id: ENC[AES256_GCM,data:euyq+QtSXv1UR5eOJfvZARhm5L2AuzKIOk8=,iv:RseSyVArmrawNzlwjNh6FScJF2O+F4FBuIq47uMQQEA=,tag:bkZJeX3rUHb1yZu8dytgcg==,type:str] - key_secret: ENC[AES256_GCM,data:27BHAU5suCIiSKAf0+1yNa/VJ0umErb6Ry8HI+Zfv6LV+7eB+wk8H3kxdV4wmY2XayHsUrD4FZa30O0a9PdJgA==,iv:oI2X7PCXDZBkUOikHM8S7gHsnMtWp7jxBqdmfbUlrwU=,tag:9mZ3H2jobKqYmw6S4NNpjw==,type:str] - _r2_key_id: ENC[AES256_GCM,data:R0xwzUx+6l9SR3Fd93PfJw+WPV0ByzOKMxoJQtn4pEE=,iv:qHmr/HssM8U3znbGznSIOwkAhNaORkCkG9lqAmCKmfw=,tag:LhuiiKSq/VnNEulgrS71vg==,type:str] - _r2_key_secret: ENC[AES256_GCM,data:Dw5Gq1URjMpy9Bh1IBYf+/EnkvQA/4yAC4kdoACpCUuJQxdQphFKwWmxJX+Q/oztO1imWoGIxlZNNDr5QCqXaA==,iv:hGePo+Ffe48n1BXI1f2V12C9Gn1CC1nTwbSsfqUGQ3c=,tag:AIy/F3jPGz2WHge3Mk43Ag==,type:str] + key_id: ENC[AES256_GCM,data:9tWAMzUv4f6Ea27XsmYhO11NroYnLmED/FVrCCGO0Vc=,iv:YP1xRjVd1M1MB7IKVAw0Sdx0E4AokBrsaAcDLvTLHD4=,tag:SEmEr3NoZvch9LeaJHbCww==,type:str] + key_secret: ENC[AES256_GCM,data:AK+vER4T1p0AknKzsxZQJ0JTpfIstnnTWSAZ26zJSCwJYgRYwj8RF98CS7HM+KWvz5VNGENxhVdUnjlGkrTB4w==,iv:3o79gwp5b4KGsixW02qFWYFvpagY/hykbYJ/WNz6PB8=,tag:GW2T8ggKYHa1CQ6DRomJDQ==,type:str] _garage_key_id: ENC[AES256_GCM,data:2lLS1nBhrwBkJh/ei7FwBoR6jOI6KCJkvOs=,iv:jwB7ZEaKOPIwghcGRs3qaICypoHgSxkFBOyB6e5hpYI=,tag:Iqwv3j1R1uLLUDKLhN1Atg==,type:str] _garage_key_secret: ENC[AES256_GCM,data:5iwwMfojHrR79cOIY+9O2oVY8v1cbPcECMSOMhWuGAdc2lfCogKBwLM4TFwBH9X1Vx56QvUoxCQ2uSyfOMLR7A==,iv:Q523ttz6ijmv8/JlVZuldFR4IabEKiVN4sGmJ9xDJU0=,tag:ZZ4LRG4DXOC7LY8hEjXYHQ==,type:str] sops: @@ -29,8 +27,8 @@ sops: UlYrTExEUVc0dURLR1czN3BnYzZ2VGMKCbAgM50jvs9VciA1Pb/VY+2I4x62LBGe j7eHkfTFc8Gnk/rZA9/ZJDLFr/FUPMQWK/NVoz6oLjO6oVFXqN6OqA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-03-16T16:45:13Z" - mac: ENC[AES256_GCM,data:DCx4uVuy53Gz9Ha2p/GjxTigKw/dJ0gvWIAII9AtKQCURu1OfiJ6Lp/ht6ndJwn25em11uppN371pQGxa8FRtLL+dX/YgoDmOw3Tgo3lc5VLBzalRqXHInOGHfgv9k1jHNq6zokKbBLDItBnUNOCvsLTXXenVRYdnkiuf3QPGhk=,iv:gBbbH/nJExK/dEXKHo+cCr+rxQ4uJQWweK0lYT7amsM=,tag:9GaCGFrcinqGfpibUNQ75w==,type:str] + lastmodified: "2025-02-27T02:50:27Z" + mac: ENC[AES256_GCM,data:FjlbCqqYHPn/FDPUR1flWgg6wwHhLJx1uKOedwkvsTxuPhlVJHghTHWYetdmplOQyEpOEbyv+iqKTGDYHzDdgU2jIZ0TKM66iHq+1yft4TatBu75/0N3I+SfZv97vKNehxN/zvIY3FQF4O8qVy9c1dZRmr7q27Wq2pdHSOe4Myg=,iv:YkUXcOwb6UZr0vXazbLrVeGTvBTtnwuEIY3O+GSrnNk=,tag:kQBh7urSnHoiV18TIGlPEg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.4