diff --git a/.github/workflows/build-and-cache.yml b/.github/workflows/build-and-cache.yml new file mode 100644 index 0000000..0e2e1df --- /dev/null +++ b/.github/workflows/build-and-cache.yml @@ -0,0 +1,106 @@ +name: build and cache random stuff +on: + workflow_dispatch: + push: +jobs: + build-packages: + strategy: + matrix: + package: + - github:cything/nixpkgs#hello + os: + - ubuntu-latest + - macos-latest + runs-on: ${{ matrix.os }} + continue-on-error: true + steps: + - uses: DeterminateSystems/nix-installer-action@main + with: + logger: pretty + - uses: DeterminateSystems/magic-nix-cache-action@main + - name: Setup Attic cache + uses: ryanccn/attic-action@v0 + with: + endpoint: ${{ vars.ATTIC_ENDPOINT }} + cache: ${{ vars.ATTIC_CACHE }} + token: ${{ secrets.ATTIC_TOKEN }} + - run: nix build -L '${{ matrix.package }}' + build-machines: + strategy: + matrix: + machine: + - chunk + - ytnix + - titan + os: + - ubuntu-latest + # - macos-latest + runs-on: ${{ matrix.os }} + continue-on-error: true + steps: + - name: Maximize build disk space + uses: easimon/maximize-build-space@v10 + with: + overprovision-lvm: true + swap-size-mb: 1024 + remove-dotnet: 'true' + remove-android: 'true' + remove-haskell: 'true' + remove-codeql: 'true' + remove-docker-images: 'true' + build-mount-path: /nix + build-mount-path-ownership: 'root:root' + - uses: DeterminateSystems/nix-installer-action@main + with: + logger: pretty + - uses: DeterminateSystems/magic-nix-cache-action@main + - name: Setup Attic cache + uses: ryanccn/attic-action@v0 + with: + endpoint: ${{ vars.ATTIC_ENDPOINT }} + cache: ${{ vars.ATTIC_CACHE }} + token: ${{ secrets.ATTIC_TOKEN }} + - name: Sync repository + uses: actions/checkout@v4 + with: + persist-credentials: false + - run: nix build -L --accept-flake-config .#nixosConfigurations.${{ matrix.machine }}.config.system.build.toplevel + build-homes: + strategy: + matrix: + home: + - yt@ytnix + - yt@chunk + os: + - ubuntu-latest + # - macos-latest + runs-on: ${{ matrix.os }} + continue-on-error: true + steps: + - name: Maximize build disk space + uses: easimon/maximize-build-space@v10 + with: + overprovision-lvm: true + swap-size-mb: 1024 + remove-dotnet: 'true' + remove-android: 'true' + remove-haskell: 'true' + remove-codeql: 'true' + remove-docker-images: 'true' + build-mount-path: /nix + build-mount-path-ownership: 'root:root' + - uses: DeterminateSystems/nix-installer-action@main + with: + logger: pretty + - uses: DeterminateSystems/magic-nix-cache-action@main + - name: Setup Attic cache + uses: ryanccn/attic-action@v0 + with: + endpoint: ${{ vars.ATTIC_ENDPOINT }} + cache: ${{ vars.ATTIC_CACHE }} + token: ${{ secrets.ATTIC_TOKEN }} + - name: Sync repository + uses: actions/checkout@v4 + with: + persist-credentials: false + - run: nix build -L --accept-flake-config .#homeConfigurations."${{ matrix.home }}".activationPackage diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml deleted file mode 100644 index f1e07bc..0000000 --- a/.github/workflows/build-machines-and-homes.yml +++ /dev/null @@ -1,143 +0,0 @@ -name: build and cache machines and homes -on: - workflow_dispatch: - push: - pull_request: - -env: - TERM: ansi - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets. AWS_SECRET_ACCESS_KEY }} - AWS_DEFAULT_REGION: us-east-1 - AWS_ENDPOINT_URL: https://s3.cy7.sh - -jobs: - build-machines: - strategy: - fail-fast: false - matrix: - machine: - - chunk - - ytnix - os: - - ubuntu-latest - runs-on: ${{ matrix.os }} - - steps: - - name: Maximize build disk space - uses: easimon/maximize-build-space@v10 - with: - overprovision-lvm: true - swap-size-mb: 1024 - remove-dotnet: 'true' - remove-android: 'true' - remove-haskell: 'true' - remove-codeql: 'true' - remove-docker-images: 'true' - build-mount-path: /nix - - - name: setup binary cache key - run: echo -n "${{ secrets.NIX_CACHE_SECRET_KEY }}" | xxd -p -r > ${{ runner.temp }}/cache-priv-key.pem - - - name: Sync repository - uses: actions/checkout@v4 - with: - persist-credentials: false - - - name: post-build-hook - run: | - sudo mkdir -p /etc/nix - sudo cp ci/upload-to-cache.sh /etc/nix/ - sudo chmod +x /etc/nix/upload-to-cache.sh - - - name: setup s3 credentials - run: | - sudo mkdir /root/.aws - echo "[default]" |sudo tee /root/.aws/config |sudo tee /root/.aws/credentials - echo "aws_access_key_id=$AWS_ACCESS_KEY_ID" |sudo tee -a /root/.aws/credentials - echo "aws_secret_access_key=$AWS_SECRET_ACCESS_KEY" |sudo tee -a /root/.aws/credentials - echo "endpoint_url=$AWS_ENDPOINT_URL" |sudo tee -a /root/.aws/config - - - name: Install Nix - uses: cachix/install-nix-action@v30 - with: - enable_kvm: true - extra_nix_config: | - show-trace = true - experimental-features = nix-command flakes - accept-flake-config = true - system-features = nixos-test benchmark big-parallel kvm - secret-key-files = ${{ runner.temp }}/cache-priv-key.pem - extra-substituters = https://nixcache.cy7.sh - extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= - post-build-hook = /etc/nix/upload-to-cache.sh - - - name: build - run: | - nix run nixpkgs#nixos-rebuild build -- -L --flake ".#${{ matrix.machine }}" - - build-homes: - strategy: - fail-fast: false - matrix: - home: - - yt@ytnix - - yt@chunk - os: - - ubuntu-latest - # - macos-latest - runs-on: ${{ matrix.os }} - - steps: - - name: Maximize build disk space - uses: easimon/maximize-build-space@v10 - with: - overprovision-lvm: true - swap-size-mb: 1024 - remove-dotnet: 'true' - remove-android: 'true' - remove-haskell: 'true' - remove-codeql: 'true' - remove-docker-images: 'true' - build-mount-path: /nix - - - name: setup binary cache key - run: echo -n "${{ secrets.NIX_CACHE_SECRET_KEY }}" | xxd -p -r > ${{ runner.temp }}/cache-priv-key.pem - - - name: Sync repository - uses: actions/checkout@v4 - with: - persist-credentials: false - - - name: post-build-hook - run: | - sudo mkdir -p /etc/nix - sudo cp ci/upload-to-cache.sh /etc/nix/ - sudo chmod +x /etc/nix/upload-to-cache.sh - - - name: setup s3 credentials - run: | - sudo mkdir /root/.aws - echo "[default]" |sudo tee /root/.aws/config |sudo tee /root/.aws/credentials - echo "aws_access_key_id=$AWS_ACCESS_KEY_ID" |sudo tee -a /root/.aws/credentials - echo "aws_secret_access_key=$AWS_SECRET_ACCESS_KEY" |sudo tee -a /root/.aws/credentials - echo "endpoint_url=$AWS_ENDPOINT_URL" |sudo tee -a /root/.aws/config - - - name: Install Nix - uses: cachix/install-nix-action@v30 - with: - enable_kvm: true - extra_nix_config: | - show-trace = true - experimental-features = nix-command flakes - accept-flake-config = true - system-features = nixos-test benchmark big-parallel kvm - secret-key-files = ${{ runner.temp }}/cache-priv-key.pem - extra-substituters = https://nixcache.cy7.sh - extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= - post-build-hook = /etc/nix/upload-to-cache.sh - - - name: build - run: | - package=".#homeConfigurations."${{ matrix.home }}".activationPackage" - nix build -L "$package" diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml deleted file mode 100644 index 423c88a..0000000 --- a/.github/workflows/build-packages.yml +++ /dev/null @@ -1,69 +0,0 @@ -name: build and cache packages -on: - workflow_dispatch: - inputs: - package: - description: "package to build" - required: false - type: string - -env: - TERM: ansi - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets. AWS_SECRET_ACCESS_KEY }} - AWS_DEFAULT_REGION: us-east-1 - AWS_ENDPOINT_URL: https://s3.cy7.sh - -jobs: - build-packages: - strategy: - fail-fast: false - matrix: - package: - - ${{ inputs.package }} - os: - - ubuntu-latest - - ubuntu-24.04-arm - - macos-latest - - macos-13 - runs-on: ${{ matrix.os }} - - steps: - - name: setup binary cache key - run: echo -n "${{ secrets.NIX_CACHE_SECRET_KEY }}" | xxd -p -r > ${{ runner.temp }}/cache-priv-key.pem - - - name: Install Nix - uses: cachix/install-nix-action@v30 - with: - enable_kvm: true - extra_nix_config: | - show-trace = true - experimental-features = nix-command flakes - accept-flake-config = true - system-features = nixos-test benchmark big-parallel kvm - secret-key-files = ${{ runner.temp }}/cache-priv-key.pem - extra-substituters = https://nixcache.cy7.sh - extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= - - - run: nix build -L ${{ matrix.package }} - - - name: cache result - # https://stackoverflow.com/a/58859404 - if: '!cancelled()' - run: | - nix run github:cything/nixcp -- \ - push \ - --bucket nixcache \ - --signing-key ${{ runner.temp }}/cache-priv-key.pem \ - -u https://nix-community.cachix.org \ - "${{ matrix.package }}" - - - name: prepare tarball to upload - run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result - - - name: upload result - uses: actions/upload-artifact@v4 - with: - name: ${{ matrix.os }} - path: result.tar - if-no-files-found: error diff --git a/.github/workflows/update-flake-lock.yml b/.github/workflows/update-flake-lock.yml index 3b79705..59006f6 100644 --- a/.github/workflows/update-flake-lock.yml +++ b/.github/workflows/update-flake-lock.yml @@ -11,32 +11,10 @@ jobs: createPullRequest: runs-on: ubuntu-latest steps: - - uses: actions/checkout@85e6279cec87321a52edac9c87bce653a07cf6c2 - with: - ssh-key: ${{ secrets.SSH_DEPLOY_KEY }} - + - uses: actions/checkout@v4 - name: Install Nix - uses: cachix/install-nix-action@53fb48f556dd912c4814b24ee8059a9c91c82b18 + uses: cachix/install-nix-action@v30 with: - enable_kvm: true - extra_nix_config: | - show-trace = true - experimental-features = nix-command flakes - accept-flake-config = true - system-features = nixos-test benchmark big-parallel kvm - secret-key-files = /home/runner/cache-priv-key.pem - extra-substituters = https://nixcache.cy7.sh - extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= - + github_access_token: ${{ secrets.GITHUB_TOKEN }} - name: Update flake.lock - run: | - git config --global user.email "github-actions[bot]@users.noreply.github.com" - git config --global user.name "github-actions[bot]" - nix flake update --commit-lock-file - - - name: Create PR - uses: peter-evans/create-pull-request@98106d3f2b65918a6591f9e155117b7219ff7e51 - with: - title: nix flake update - branch: update-flake-inputs - branch-suffix: timestamp + uses: DeterminateSystems/update-flake-lock@v24 diff --git a/.sops.yaml b/.sops.yaml index 5dca48c..3cfb014 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -103,42 +103,3 @@ creation_rules: - age: - *chunk - *cy - - path_regex: secrets/services/tailscale.yaml - key_groups: - - age: - - *chunk - - *cy - - path_regex: secrets/yt/(.*).yaml$ - key_groups: - - age: - - *yt - - *cy - - path_regex: secrets/services/zipline.yaml - key_groups: - - age: - - *chunk - - *cy - - path_regex: secrets/services/searx.yaml - key_groups: - - age: - - *chunk - - *cy - - path_regex: secrets/cache-priv-key.pem - key_groups: - - age: - - *yt - - *cy - - *chunk - - path_regex: secrets/services/authelia.yaml - key_groups: - - age: - - *yt - - *cy - - *chunk - - path_regex: secrets/services/karakeep.yaml - key_groups: - - age: - - *yt - - *cy - - *chunk - diff --git a/README b/README deleted file mode 100644 index 1a59725..0000000 --- a/README +++ /dev/null @@ -1 +0,0 @@ -this is only open source for free ci diff --git a/README.md b/README.md new file mode 100644 index 0000000..eb52498 --- /dev/null +++ b/README.md @@ -0,0 +1,40 @@ +# infra +## ./home +- [home-manager](https://github.com/nix-community/home-manager) configuration files +- foot, tmux, and zsh are configured in Nix +- nvim, rofi, sway, waybar are configured in their own literature and symlinked to $XDG_CONFIG_HOME with home-manager + +## ./hosts +- [`hosts/common.nix`](hosts/common.nix): configuration that makes sense on all computers +- [`hosts/zsh.nix`](hosts/zsh.nix): for computers that have the power to run zsh +### ./hosts/ytnix +- personal laptop +- a single [`default.nix`](hosts/ytnix/default.nix) that could be modularized but works for now + +### ./hosts/chunk +- the overworked server with 5% SLA +- very short and concise [`default.nix`](hosts/chunk/default.nix) +- services organized in their modules +- some services run through `virtualisation.oci-containers`: + - [immich](hosts/chunk/immich.nix) + - [conduwuit](hosts/chunk/conduwuit.nix) + +### ./hosts/titan +- got this cause chunk would go down way too often :( +- hosted on azure for "reliability" +- runs: + - [ghost](hosts/titan/ghost.nix) (through `virtualisation.oci-containers`) + - [uptime-kuma](hosts/titan/uptime-kuma.nix) + - [ntfy-sh](hosts/titan/ntfy.nix) + +## ./secrets +- secrets +- see [`.sops.yaml`](.sops.yaml) for who privy to what + +## backups +- hourly borgbackup to [rsync.net](https://rsync.net) +- see [modules/backup](modules/backup.nix) + +## monitoring +- [status.cything.io](https://status.cything.io/): uptime kuma (reliable) +- [grafana.cything.io](https://grafana.cything.io/): some real-time metrics here; unlike the status page this will go kaput often diff --git a/ci/upload-to-cache.sh b/ci/upload-to-cache.sh deleted file mode 100755 index 559d062..0000000 --- a/ci/upload-to-cache.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh - -# https://nix.dev/guides/recipes/post-build-hook.html#implementing-the-build-hook -set -eu -set -f # disable globbing -export IFS=' ' -echo "Uploading paths" $OUT_PATHS -exec /nix/var/nix/profiles/default/bin/nix copy --to "s3://nixcache?endpoint=s3.cy7.sh&compression=zstd¶llel-compression=true" $OUT_PATHS diff --git a/flake.lock b/flake.lock index 4370247..b093702 100644 --- a/flake.lock +++ b/flake.lock @@ -2,11 +2,11 @@ "nodes": { "crane": { "locked": { - "lastModified": 1737689766, - "narHash": "sha256-ivVXYaYlShxYoKfSo5+y5930qMKKJ8CLcAoIBPQfJ6s=", + "lastModified": 1731098351, + "narHash": "sha256-HQkYvKvaLQqNa10KEFGgWHfMAbWBfFp+4cAgkut+NNE=", "owner": "ipetkov", "repo": "crane", - "rev": "6fe74265bbb6d016d663b1091f015e2976c4a527", + "rev": "ef80ead953c1b28316cc3f8613904edc2eb90c28", "type": "github" }, "original": { @@ -15,53 +15,97 @@ "type": "github" } }, - "crane_2": { + "devshell": { + "inputs": { + "nixpkgs": [ + "nixvim", + "nixpkgs" + ] + }, "locked": { - "lastModified": 1741148495, - "narHash": "sha256-EV8KUaIZ2/CdBXlutXrHoZYbWPeB65p5kKZk71gvDRI=", - "owner": "ipetkov", - "repo": "crane", - "rev": "75390a36cd0c2cdd5f1aafd8a9f827d7107f2e53", + "lastModified": 1735644329, + "narHash": "sha256-tO3HrHriyLvipc4xr+Ewtdlo7wM1OjXNjlWRgmM7peY=", + "owner": "numtide", + "repo": "devshell", + "rev": "f7795ede5b02664b57035b3b757876703e2c3eac", "type": "github" }, "original": { - "owner": "ipetkov", - "repo": "crane", + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1736864502, + "narHash": "sha256-ItkIZyebGvNH2dK9jVGzJHGPtb6BSWLN8Gmef16NeY0=", + "owner": "nix-community", + "repo": "disko", + "rev": "0141aabed359f063de7413f80d906e1d98c0c123", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "latest", + "repo": "disko", "type": "github" } }, "flake-compat": { + "flake": false, "locked": { - "lastModified": 1717312683, - "narHash": "sha256-FrlieJH50AuvagamEvWMIE6D2OAnERuDboFDYAED/dE=", - "owner": "nix-community", + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", "repo": "flake-compat", - "rev": "38fd3954cf65ce6faf3d0d45cd26059e059f07ea", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", "type": "github" }, "original": { - "owner": "nix-community", + "owner": "edolstra", "repo": "flake-compat", "type": "github" } }, "flake-compat_2": { - "flake": false, "locked": { - "lastModified": 1733328505, - "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", - "type": "github" + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "revCount": 57, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz" }, "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" + "type": "tarball", + "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" } }, "flake-parts": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1736143030, + "narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_2": { "inputs": { "nixpkgs-lib": [ "lanzaboote", @@ -69,11 +113,32 @@ ] }, "locked": { - "lastModified": 1740872218, - "narHash": "sha256-ZaMw0pdoUKigLpv9HiNDH2Pjnosg7NBYMJlHTIsHEUo=", + "lastModified": 1730504689, + "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "3876f6b87db82f33775b1ef5ea343986105db764", + "rev": "506278e768c2a08bec68eb62932193e341f55c90", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_3": { + "inputs": { + "nixpkgs-lib": [ + "nixvim", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1736143030, + "narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de", "type": "github" }, "original": { @@ -100,63 +165,29 @@ "type": "github" } }, - "flake-utils_2": { + "git-hooks": { "inputs": { - "systems": "systems_2" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_3": { - "inputs": { - "systems": "systems_3" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "garage": { - "inputs": { - "crane": "crane", - "flake-compat": "flake-compat", - "flake-utils": "flake-utils", - "nixpkgs": [ - "nixpkgs" + "flake-compat": [ + "nixvim", + "flake-compat" ], - "rust-overlay": "rust-overlay" + "gitignore": "gitignore_2", + "nixpkgs": [ + "nixvim", + "nixpkgs" + ] }, "locked": { - "lastModified": 1745093116, - "narHash": "sha256-38L/NZyfGSGff9f+FfRd4teA1Xj93hqcBJcqhxbLA7Y=", - "owner": "deuxfleurs-org", - "repo": "garage", - "rev": "4ef954d17604eba8aafa52902cd3c573978c7195", + "lastModified": 1737043064, + "narHash": "sha256-I/OuxGwXwRi5gnFPsyCvVR+IfFstA+QXEpHu1hvsgD8=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "94ee657f6032d913fe0ef49adaa743804635b0bb", "type": "github" }, "original": { - "owner": "deuxfleurs-org", - "repo": "garage", + "owner": "cachix", + "repo": "git-hooks.nix", "type": "github" } }, @@ -182,6 +213,28 @@ "type": "github" } }, + "gitignore_2": { + "inputs": { + "nixpkgs": [ + "nixvim", + "git-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -189,11 +242,11 @@ ] }, "locked": { - "lastModified": 1745128386, - "narHash": "sha256-xnNxL9lZC5Ez8AxTgHZZu8pYSNM34+5GD5jGSs8Vq4M=", + "lastModified": 1737299337, + "narHash": "sha256-0NBrY2A7buujKmeCbieopOMSbLxTu8TFcTLqAbTnQDw=", "owner": "nix-community", "repo": "home-manager", - "rev": "f98314bb064cf8f8446c44afbadaaad2505875a7", + "rev": "f8ef4541bb8a54a8b52f19b52912119e689529b3", "type": "github" }, "original": { @@ -202,23 +255,72 @@ "type": "github" } }, + "home-manager_2": { + "inputs": { + "nixpkgs": [ + "nixvim", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1737075266, + "narHash": "sha256-u1gk5I1an975FOAMMdS6oBKnSIsZza5ZKhaeBZAskVo=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "12851ae7467bad8ef422b20806ab4d6d81e12d29", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "ixx": { + "inputs": { + "flake-utils": [ + "nixvim", + "nuschtosSearch", + "flake-utils" + ], + "nixpkgs": [ + "nixvim", + "nuschtosSearch", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1729958008, + "narHash": "sha256-EiOq8jF4Z/zQe0QYVc3+qSKxRK//CFHMB84aYrYGwEs=", + "owner": "NuschtOS", + "repo": "ixx", + "rev": "9fd01aad037f345350eab2cd45e1946cc66da4eb", + "type": "github" + }, + "original": { + "owner": "NuschtOS", + "ref": "v0.0.6", + "repo": "ixx", + "type": "github" + } + }, "lanzaboote": { "inputs": { - "crane": "crane_2", - "flake-compat": "flake-compat_2", - "flake-parts": "flake-parts", + "crane": "crane", + "flake-compat": "flake-compat", + "flake-parts": "flake-parts_2", "nixpkgs": [ "nixpkgs" ], "pre-commit-hooks-nix": "pre-commit-hooks-nix", - "rust-overlay": "rust-overlay_2" + "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1741442524, - "narHash": "sha256-tVcxLDLLho8dWcO81Xj/3/ANLdVs0bGyCPyKjp70JWk=", + "lastModified": 1737299073, + "narHash": "sha256-hOydnO9trHDo3qURqLSDdmE/pHNWDzlhkmyZ/gcBX2s=", "owner": "nix-community", "repo": "lanzaboote", - "rev": "d8099586d9a84308ffedac07880e7f07a0180ff4", + "rev": "64d20cb2afaad8b73f4e38de41d27fb30a782bb5", "type": "github" }, "original": { @@ -228,84 +330,212 @@ "type": "github" } }, - "nil": { + "niri": { "inputs": { - "flake-utils": "flake-utils_2", + "niri-stable": "niri-stable", + "niri-unstable": "niri-unstable", "nixpkgs": [ "nixpkgs" ], - "rust-overlay": "rust-overlay_3" + "nixpkgs-stable": "nixpkgs-stable_2", + "xwayland-satellite-stable": "xwayland-satellite-stable", + "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1741118843, - "narHash": "sha256-ggXU3RHv6NgWw+vc+HO4/9n0GPufhTIUjVuLci8Za8c=", - "owner": "oxalica", - "repo": "nil", - "rev": "577d160da311cc7f5042038456a0713e9863d09e", + "lastModified": 1737325400, + "narHash": "sha256-B8+1x5rDA9GtzX+LWlceIbLBwncKH5uDrGqEN0EoOQw=", + "owner": "sodiboo", + "repo": "niri-flake", + "rev": "aad9ae8e2b07ed5d37743f3ae87c42528e2d172c", "type": "github" }, "original": { - "owner": "oxalica", - "repo": "nil", + "owner": "sodiboo", + "repo": "niri-flake", "type": "github" } }, - "nix-index-database": { + "niri-stable": { + "flake": false, + "locked": { + "lastModified": 1736614405, + "narHash": "sha256-AJ1rlgNOPb3/+DbS5hkhm21t6Oz8IgqLllwmZt0lyzk=", + "owner": "YaLTeR", + "repo": "niri", + "rev": "e05bc269e678ecf828b96ae79c991c13b00b38a5", + "type": "github" + }, + "original": { + "owner": "YaLTeR", + "ref": "v25.01", + "repo": "niri", + "type": "github" + } + }, + "niri-unstable": { + "flake": false, + "locked": { + "lastModified": 1737211438, + "narHash": "sha256-XPcV2rV7Vy7lLeZMhTOwd0t/sRwNquXI7CH7+3Aftt0=", + "owner": "YaLTeR", + "repo": "niri", + "rev": "818248457210f5101459ea7d7066d12c456c8a97", + "type": "github" + }, + "original": { + "owner": "YaLTeR", + "repo": "niri", + "type": "github" + } + }, + "nix-darwin": { "inputs": { "nixpkgs": [ + "nixvim", "nixpkgs" ] }, "locked": { - "lastModified": 1745120797, - "narHash": "sha256-owQ0VQ+7cSanTVPxaZMWEzI22Q4bGnuvhVjLAJBNQ3E=", - "owner": "nix-community", - "repo": "nix-index-database", - "rev": "69716041f881a2af935021c1182ed5b0cc04d40e", + "lastModified": 1736819234, + "narHash": "sha256-deQVtIH4UJueELJqluAICUtX7OosD9paTP+5FgbiSwI=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "bd921223ba7cdac346477d7ea5204d6f4736fcc6", "type": "github" }, "original": { - "owner": "nix-community", - "repo": "nix-index-database", - "type": "github" - } - }, - "nix-ld": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1744621833, - "narHash": "sha256-II6a32kRc+KbLhU/jS8EbuXYt1PNCvsRvuBw2becgQM=", - "owner": "nix-community", - "repo": "nix-ld", - "rev": "9a3812797e25def1d4aed62b517606b7b93989dc", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nix-ld", + "owner": "lnl7", + "repo": "nix-darwin", "type": "github" } }, "nixpkgs": { "locked": { - "lastModified": 1744932701, - "narHash": "sha256-fusHbZCyv126cyArUwwKrLdCkgVAIaa/fQJYFlCEqiU=", + "lastModified": 1737274611, + "narHash": "sha256-tmD7875tu1P0UvhI3Q/fXvIe8neJo7H9ZrPQ+QF7Q3E=", "owner": "nixos", "repo": "nixpkgs", - "rev": "b024ced1aac25639f8ca8fdfc2f8c4fbd66c48ef", + "rev": "50165c4f7eb48ce82bd063e1fb8047a0f515f8ce", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-unstable", + "ref": "nixos-unstable-small", "repo": "nixpkgs", "type": "github" } }, + "nixpkgs-garage": { + "locked": { + "lastModified": 1736921030, + "narHash": "sha256-A7knAvBOwoM5X7oNdIOKvuXYtXJpuR4O8iKHIk8EwOI=", + "owner": "cything", + "repo": "nixpkgs", + "rev": "97f27249297bf5fbc563014ae9d4884dee27f1e0", + "type": "github" + }, + "original": { + "owner": "cything", + "ref": "garage-module", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-lib": { + "locked": { + "lastModified": 1735774519, + "narHash": "sha256-CewEm1o2eVAnoqb6Ml+Qi9Gg/EfNAxbRx1lANGVyoLI=", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz" + } + }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1730741070, + "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable_2": { + "locked": { + "lastModified": 1737299813, + "narHash": "sha256-Qw2PwmkXDK8sPQ5YQ/y/icbQ+TYgbxfjhgnkNJyT1X8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "107d5ef05c0b1119749e381451389eded30fb0d5", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixvim": { + "inputs": { + "devshell": "devshell", + "flake-compat": "flake-compat_2", + "flake-parts": "flake-parts_3", + "git-hooks": "git-hooks", + "home-manager": "home-manager_2", + "nix-darwin": "nix-darwin", + "nixpkgs": [ + "nixpkgs" + ], + "nuschtosSearch": "nuschtosSearch", + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1737308837, + "narHash": "sha256-Sro74XNFgGgIIW4uo/YSVGafZhKnZwPLJNBvMsgpl4k=", + "owner": "nix-community", + "repo": "nixvim", + "rev": "8fb2fe22c237b25b8af346870e126fdaeaff688b", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixvim", + "type": "github" + } + }, + "nuschtosSearch": { + "inputs": { + "flake-utils": "flake-utils", + "ixx": "ixx", + "nixpkgs": [ + "nixvim", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1735854821, + "narHash": "sha256-Iv59gMDZajNfezTO0Fw6LHE7uKAShxbvMidmZREit7c=", + "owner": "NuschtOS", + "repo": "search", + "rev": "836908e3bddd837ae0f13e215dd48767aee355f0", + "type": "github" + }, + "original": { + "owner": "NuschtOS", + "repo": "search", + "type": "github" + } + }, "pre-commit-hooks-nix": { "inputs": { "flake-compat": [ @@ -316,14 +546,15 @@ "nixpkgs": [ "lanzaboote", "nixpkgs" - ] + ], + "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1740915799, - "narHash": "sha256-JvQvtaphZNmeeV+IpHgNdiNePsIpHD5U/7QN5AeY44A=", + "lastModified": 1731363552, + "narHash": "sha256-vFta1uHnD29VUY4HJOO/D6p6rxyObnf+InnSMT4jlMU=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "42b1ba089d2034d910566bf6b40830af6b8ec732", + "rev": "cd1af27aa85026ac759d5d3fccf650abe7e1bbf0", "type": "github" }, "original": { @@ -334,41 +565,20 @@ }, "root": { "inputs": { - "garage": "garage", + "disko": "disko", + "flake-parts": "flake-parts", "home-manager": "home-manager", "lanzaboote": "lanzaboote", - "nil": "nil", - "nix-index-database": "nix-index-database", - "nix-ld": "nix-ld", + "niri": "niri", "nixpkgs": "nixpkgs", - "rust-overlay": "rust-overlay_4", + "nixpkgs-garage": "nixpkgs-garage", + "nixvim": "nixvim", + "rust-overlay": "rust-overlay_2", "sops-nix": "sops-nix", - "vscode-extensions": "vscode-extensions" + "treefmt": "treefmt" } }, "rust-overlay": { - "inputs": { - "nixpkgs": [ - "garage", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1738549608, - "narHash": "sha256-GdyT9QEUSx5k/n8kILuNy83vxxdyUfJ8jL5mMpQZWfw=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "35c6f8c4352f995ecd53896200769f80a3e8f22d", - "type": "github" - }, - "original": { - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "35c6f8c4352f995ecd53896200769f80a3e8f22d", - "type": "github" - } - }, - "rust-overlay_2": { "inputs": { "nixpkgs": [ "lanzaboote", @@ -376,11 +586,11 @@ ] }, "locked": { - "lastModified": 1741228283, - "narHash": "sha256-VzqI+k/eoijLQ5am6rDFDAtFAbw8nltXfLBC6SIEJAE=", + "lastModified": 1731897198, + "narHash": "sha256-Ou7vLETSKwmE/HRQz4cImXXJBr/k9gp4J4z/PF8LzTE=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "38e9826bc4296c9daf18bc1e6aa299f3e932a403", + "rev": "0be641045af6d8666c11c2c40e45ffc9667839b5", "type": "github" }, "original": { @@ -389,39 +599,18 @@ "type": "github" } }, - "rust-overlay_3": { - "inputs": { - "nixpkgs": [ - "nil", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1741055476, - "narHash": "sha256-52vwEV0oS2lCnx3c/alOFGglujZTLmObit7K8VblnS8=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "aefb7017d710f150970299685e8d8b549d653649", - "type": "github" - }, - "original": { - "owner": "oxalica", - "repo": "rust-overlay", - "type": "github" - } - }, - "rust-overlay_4": { + "rust-overlay_2": { "inputs": { "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1745116541, - "narHash": "sha256-5xzA6dTfqCfTTDCo3ipPZzrg3wp01xmcr73y4cTNMP8=", + "lastModified": 1737340068, + "narHash": "sha256-5UciRckNV+YOZ6y6ASBIb01cySB12whDxgFUK+EqT8g=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "e2142ef330a61c02f274ac9a9cb6f8487a5d0080", + "rev": "275c824ed9e90e7fd4f96d187bde3670062e721f", "type": "github" }, "original": { @@ -437,11 +626,11 @@ ] }, "locked": { - "lastModified": 1744669848, - "narHash": "sha256-pXyanHLUzLNd3MX9vsWG+6Z2hTU8niyphWstYEP3/GU=", + "lastModified": 1737107480, + "narHash": "sha256-GXUE9+FgxoZU8v0p6ilBJ8NH7k8nKmZjp/7dmMrCv3o=", "owner": "Mic92", "repo": "sops-nix", - "rev": "61154300d945f0b147b30d24ddcafa159148026a", + "rev": "4c4fb93f18b9072c6fa1986221f9a3d7bf1fe4b6", "type": "github" }, "original": { @@ -465,54 +654,77 @@ "type": "github" } }, - "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_3": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "vscode-extensions": { + "treefmt": { "inputs": { - "flake-utils": "flake-utils_3", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1745114521, - "narHash": "sha256-P/TgmeavrpUiHCejjjsU2vOMB7cBIcHltGDSKKgi20E=", - "owner": "nix-community", - "repo": "nix-vscode-extensions", - "rev": "ff14820202442f847fd37862eb48a7cb254a19d3", + "lastModified": 1737103437, + "narHash": "sha256-uPNWcYbhY2fjY3HOfRCR5jsfzdzemhfxLSxwjXYXqNc=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "d1ed3b385f8130e392870cfb1dbfaff8a63a1899", "type": "github" }, "original": { - "owner": "nix-community", - "repo": "nix-vscode-extensions", + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "nixvim", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1737054102, + "narHash": "sha256-saLiCRQ5RtdTnznT/fja7GxcYRAzeY3k8S+IF/2s/2A=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "97871d416166803134ba64597a1006f3f670fbde", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, + "xwayland-satellite-stable": { + "flake": false, + "locked": { + "lastModified": 1730166465, + "narHash": "sha256-nq7bouXQXaaPPo/E+Jbq+wNHnatD4dY8OxSrRqzvy6s=", + "owner": "Supreeeme", + "repo": "xwayland-satellite", + "rev": "a713cf46cb7db84a0d1b57c3a397c610cad3cf98", + "type": "github" + }, + "original": { + "owner": "Supreeeme", + "ref": "v0.5", + "repo": "xwayland-satellite", + "type": "github" + } + }, + "xwayland-satellite-unstable": { + "flake": false, + "locked": { + "lastModified": 1736487362, + "narHash": "sha256-4kGoOA7FgK9N2mzS+TFEn41kUUNY6KwdiA/0rqlr868=", + "owner": "Supreeeme", + "repo": "xwayland-satellite", + "rev": "8f55e27f63a749881c4bbfbb6b1da028342a91d1", + "type": "github" + }, + "original": { + "owner": "Supreeeme", + "repo": "xwayland-satellite", "type": "github" } } diff --git a/flake.nix b/flake.nix index 0aea8eb..f75fe1e 100644 --- a/flake.nix +++ b/flake.nix @@ -2,36 +2,56 @@ description = "cy's flake"; inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; - sops-nix.url = "github:Mic92/sops-nix"; - sops-nix.inputs.nixpkgs.follows = "nixpkgs"; - home-manager.url = "github:nix-community/home-manager"; - home-manager.inputs.nixpkgs.follows = "nixpkgs"; - lanzaboote.url = "github:nix-community/lanzaboote/master"; - lanzaboote.inputs.nixpkgs.follows = "nixpkgs"; - rust-overlay.url = "github:oxalica/rust-overlay"; - rust-overlay.inputs.nixpkgs.follows = "nixpkgs"; - nix-ld.url = "github:nix-community/nix-ld"; - nix-ld.inputs.nixpkgs.follows = "nixpkgs"; - nil.url = "github:oxalica/nil"; - nil.inputs.nixpkgs.follows = "nixpkgs"; - vscode-extensions.url = "github:nix-community/nix-vscode-extensions/"; - vscode-extensions.inputs.nixpkgs.follows = "nixpkgs"; - nix-index-database.url = "github:nix-community/nix-index-database"; - nix-index-database.inputs.nixpkgs.follows = "nixpkgs"; - garage.url = "github:deuxfleurs-org/garage"; - garage.inputs.nixpkgs.follows = "nixpkgs"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable-small"; + sops-nix = { + url = "github:Mic92/sops-nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + home-manager = { + url = "github:nix-community/home-manager"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + treefmt = { + url = "github:numtide/treefmt-nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + disko = { + url = "github:nix-community/disko/latest"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + lanzaboote = { + url = "github:nix-community/lanzaboote/master"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + nixvim = { + url = "github:nix-community/nixvim"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + flake-parts.url = "github:hercules-ci/flake-parts"; + niri = { + url = "github:sodiboo/niri-flake"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + rust-overlay = { + url = "github:oxalica/rust-overlay"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + nixpkgs-garage.url = "github:cything/nixpkgs/garage-module"; # unmerged PR }; nixConfig = { extra-substituters = [ + "https://cache.cything.io/central" + "https://niri.cachix.org" "https://nix-community.cachix.org" - "https://nixcache.cy7.sh" ]; extra-trusted-public-keys = [ + "central:uWhjva6m6dhC2hqNisjn2hXGvdGBs19vPkA1dPEuwFg=" + "niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - "nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8=" ]; + builders-use-substitutes = true; }; outputs = @@ -39,70 +59,142 @@ self, nixpkgs, home-manager, + disko, + flake-parts, ... }@inputs: - let - pkgs = import nixpkgs { - config.allowUnfree = true; - system = "x86_64-linux"; - overlays = [ - inputs.rust-overlay.overlays.default - inputs.vscode-extensions.overlays.default - ] ++ (import ./overlay { inherit inputs; }); - }; - in + flake-parts.lib.mkFlake { inherit inputs; } ( + { ... }: { - nixosConfigurations = - let - lib = nixpkgs.lib; - in + imports = [ + inputs.treefmt.flakeModule + ]; + debug = true; + systems = [ + "x86_64-linux" + ]; + perSystem = { - ytnix = lib.nixosSystem { - specialArgs = { inherit inputs; }; - modules = [ - { - nixpkgs = { inherit pkgs; }; - } - ./hosts/ytnix - ./modules - inputs.sops-nix.nixosModules.sops - inputs.lanzaboote.nixosModules.lanzaboote - inputs.nix-ld.nixosModules.nix-ld - ]; - }; - chunk = lib.nixosSystem { - specialArgs = { inherit inputs; }; - modules = [ - { - nixpkgs = { inherit pkgs; }; - } - ./hosts/chunk - ./modules - inputs.sops-nix.nixosModules.sops - ]; - }; - }; - homeConfigurations = - let - lib = home-manager.lib; - in + system, + ... + }: { - "yt@ytnix" = lib.homeManagerConfiguration { - inherit pkgs; - extraSpecialArgs = { inherit inputs; }; - modules = [ - ./home/yt/ytnix.nix - inputs.nix-index-database.hmModules.nix-index - ]; + # make pkgs available to `perSystem` + _module.args.pkgs = import inputs.nixpkgs { + inherit system; + config = { + allowUnfree = true; + }; }; - "yt@chunk" = lib.homeManagerConfiguration { - inherit pkgs; - extraSpecialArgs = { inherit inputs; }; - modules = [ - ./home/yt/chunk.nix + treefmt = { + projectRootFile = "flake.nix"; + programs.nixfmt.enable = true; + programs.stylua.enable = true; + programs.yamlfmt.enable = true; + programs.typos.enable = true; + programs.shellcheck.enable = true; + + settings.global.excludes = [ + "secrets/*" + "**/*.png" # tries to format a png file?? ]; }; }; - }; + + flake = + let + pkgs = import nixpkgs { + config.allowUnfree = true; + system = "x86_64-linux"; + overlays = [ + inputs.niri.overlays.niri + inputs.rust-overlay.overlays.default + ] ++ import ./overlay; + }; + in + { + nixosConfigurations = + let + lib = nixpkgs.lib; + in + { + ytnix = lib.nixosSystem { + specialArgs = { inherit inputs; }; + modules = [ + { + nixpkgs = { inherit pkgs; }; + } + ./hosts/ytnix + inputs.sops-nix.nixosModules.sops + ./modules + inputs.lanzaboote.nixosModules.lanzaboote + inputs.niri.nixosModules.niri + ]; + }; + chunk = lib.nixosSystem { + specialArgs = { inherit inputs; }; + modules = [ + { + nixpkgs = { inherit pkgs; }; + disabledModules = [ + "services/web-servers/garage.nix" + ]; + } + ./hosts/chunk + inputs.sops-nix.nixosModules.sops + ./modules + (inputs.nixpkgs-garage + "/nixos/modules/services/web-servers/garage.nix") + ]; + }; + + titan = lib.nixosSystem { + specialArgs = { inherit inputs; }; + modules = [ + { + nixpkgs = { inherit pkgs; }; + } + ./hosts/titan + disko.nixosModules.disko + inputs.sops-nix.nixosModules.sops + ./modules + ]; + }; + }; + homeConfigurations = + let + lib = home-manager.lib; + in + { + "yt@ytnix" = lib.homeManagerConfiguration { + inherit pkgs; + extraSpecialArgs = { inherit inputs; }; + modules = [ + ./home/yt/ytnix.nix + inputs.nixvim.homeManagerModules.nixvim + inputs.niri.homeModules.config + ]; + }; + + "yt@chunk" = lib.homeManagerConfiguration { + inherit pkgs; + extraSpecialArgs = { inherit inputs; }; + modules = [ + ./home/yt/chunk.nix + inputs.nixvim.homeManagerModules.nixvim + ]; + }; + + "codespace@codespace" = lib.homeManagerConfiguration { + inherit pkgs; + extraSpecialArgs = { inherit inputs; }; + modules = [ + ./home/yt/codespace.nix + inputs.nixvim.homeManagerModules.nixvim + ]; + }; + }; + }; + } + ); } diff --git a/home/codium.nix b/home/codium.nix deleted file mode 100644 index ba4e324..0000000 --- a/home/codium.nix +++ /dev/null @@ -1,254 +0,0 @@ -{ pkgs, lib, ... }: -{ - programs.vscode = { - enable = true; - package = pkgs.vscodium; - mutableExtensionsDir = false; - profiles.default = { - enableUpdateCheck = false; - enableExtensionUpdateCheck = false; - extensions = - # if unfree - # with pkgs.vscode-marketplace; - with pkgs.open-vsx; [ - vscodevim.vim - jnoortheen.nix-ide - github.github-vscode-theme - rust-lang.rust-analyzer - shd101wyy.markdown-preview-enhanced - alefragnani.bookmarks - tomrijndorp.find-it-faster - streetsidesoftware.code-spell-checker - emilast.logfilehighlighter - tamasfe.even-better-toml - golang.go - ms-python.python - ]; - userSettings = - let - vimCommonKeyBindings = [ - # nice emacs bindings - { - "before" = [ "C-a" ]; - "commands" = [ "cursorHome" ]; - } - { - "before" = [ "C-e" ]; - "commands" = [ "cursorEnd" ]; - } - { - "before" = [ "C-b" ]; - "commands" = [ "cursorLeft" ]; - } - { - "before" = [ "C-f" ]; - "commands" = [ "cursorRight" ]; - } - # ctrl+h to turn off search highlighting - { - "before" = [ "C-h" ]; - "commands" = [ ":nohl" ]; - } - ]; - in - { - "workbench.colorTheme" = "GitHub Dark Default"; - "workbench.startupEditor" = "none"; - "workbench.enableExperiments" = false; - "files.autoSave" = "onFocusChange"; - "editor.fontFamily" = "IBM Plex Mono"; - "editor.fontSize" = 15; - "editor.minimap.enabled" = false; - "window.zoomLevel" = 0.5; - "security.promptForLocalFileProtocolHandling" = false; - "security.promptForRemoteFileProtocolHandling" = false; - "explorer.confirmDelete" = false; - "explorer.confirmDragAndDrop" = false; - "editor.acceptSuggestionOnEnter" = "off"; - "editor.acceptSuggestionOnCommitCharacter" = false; - "git.openRepositoryInParentFolders" = "never"; - "git.ignoreLimitWarning" = true; - "git.blame.editorDecoration.enabled" = true; - "extensions.ignoreRecommendations" = true; - "telemetry.enableTelemetry" = false; - "telemetry.telemetryLevel" = "off"; - "window.titleBarStyle" = "custom"; - "editor.formatOnSave" = true; - - # terminal stuff - "terminal.integrated.cursorBlinking" = true; - "terminal.integrated.cursorStyle" = "line"; - "terminal.integrated.customGlyphs" = false; - "terminal.integrated.env.linux" = { - # https://github.com/tomrijndorp/vscode-finditfaster/issues/112#issuecomment-2475227546 - FZF_DEFAULT_OPTS = "--bind ctrl-n:down,ctrl-p:up"; - }; - # don't let the workbench handle terminal keys like ctrl+n and friends - "terminal.integrated.sendKeybindingsToShell" = true; - "terminal.integrated.allowChords" = false; - - "markdown-preview-enhanced.previewTheme" = "github-dark.css"; - "nix.enableLanguageServer" = true; - "nix.serverPath" = "${lib.getExe pkgs.nil}"; - "bookmarks.saveBookmarksInProject" = true; - - "cSpell.enabledFileTypes" = { - "markdown" = true; - "*" = false; - }; - - # vim stuff - "vim.leader" = ","; - "extensions.experimental.affinity" = { - "vscodevim.vim" = 1; - }; - "vim.sneak" = true; - "vim.sneakUseIgnorecaseAndSmartcase" = true; - "vim.enableNeovim" = true; - "vim.hlsearch" = true; - "vim.easymotion" = true; - "editor.lineNumbers" = "relative"; - "vim.normalModeKeyBindings" = vimCommonKeyBindings ++ [ - { - "before" = [ ";" ]; - "after" = [ ":" ]; - "silent" = true; - } - { - "before" = [ - "" - "m" - ]; - "commands" = [ "bookmarks.toggle" ]; - } - { - "before" = [ - "" - "l" - ]; - "commands" = [ "bookmarks.toggleLabeled" ]; - } - { - "before" = [ - "" - "b" - ]; - "commands" = [ "bookmarks.list" ]; - } - { - "before" = [ - "" - "s" - ]; - "commands" = [ "workbench.action.toggleSidebarVisibility" ]; - } - { - "before" = [ - "" - "s" - ]; - "commands" = [ "workbench.action.toggleSidebarVisibility" ]; - } - { - "before" = [ - "" - "f" - "f" - ]; - "commands" = [ "find-it-faster.findFiles" ]; - } - { - "before" = [ - "" - "f" - "g" - ]; - "commands" = [ "find-it-faster.findWithinFiles" ]; - } - { - "before" = [ - "" - "f" - "t" - ]; - "commands" = [ "find-it-faster.findWithinFilesWithType" ]; - } - # "gd" for definitions is by default - { - "before" = [ - "g" - "r" - ]; - "commands" = [ "editor.action.goToReferences" ]; - } - # the default is weird when you need to go back within a file - { - "before" = [ "C-o" ]; - "commands" = [ "workbench.action.navigateBack" ]; - } - { - "before" = [ "C-i" ]; - "commands" = [ "workbench.action.navigateForward" ]; - } - # insert line without leaving normal mode - { - "before" = [ - "" - "o" - ]; - "commands" = [ "editor.action.insertLineAfter" ]; - } - { - "before" = [ - "" - "O" - ]; - "commands" = [ "editor.action.insertLineBefore" ]; - } - ]; - "vim.insertModeKeyBindings" = vimCommonKeyBindings ++ [ - { - "before" = [ "C-k" ]; - "commands" = [ "acceptSelectedSuggestion" ]; - } - ]; - "vim.visualModeKeyBindings" = vimCommonKeyBindings ++ [ - { - "before" = [ ">" ]; - "commands" = [ "editor.action.indentLines" ]; - } - { - "before" = [ "<" ]; - "commands" = [ "editor.action.outdentLines" ]; - } - ]; - }; - keybindings = [ - # repeat these vim bindings here cause otherwise they get overridden by vscode - { - "key" = "ctrl+b"; - "when" = "inputFocus"; - "command" = "cursorLeft"; - } - { - "key" = "ctrl+f"; - "when" = "inputFocus"; - "command" = "cursorRight"; - } - # clear default bindings that conflict - { - "key" = "ctrl+f"; - "command" = "-actions.find"; - } - { - "key" = "ctrl+b"; - "command" = "-workbench.action.toggleSidebarVisibility"; - } - { - "key" = "ctrl+w"; - "command" = "-workbench.action.closeActiveEditor"; - } - ]; - }; - }; -} diff --git a/home/fish.nix b/home/fish.nix new file mode 100644 index 0000000..3bb9d84 --- /dev/null +++ b/home/fish.nix @@ -0,0 +1,80 @@ +{ ... }: +{ + programs.fish = { + enable = true; + shellAliases = { + "vi" = "nvim"; + "vim" = "nvim"; + "t" = "tmux"; + "tl" = "tmux list-sessions"; + "ta" = "tmux new-session -A -s"; + "se" = "sudoedit"; + "s" = "sudo"; + "nrs" = "sudo nixos-rebuild switch --flake ."; + "nrt" = "sudo nixos-rebuild test --flake ."; + "hrs" = "home-manager switch --flake ."; + "g" = "git"; + "ga" = "git add"; + "gaa" = "git add --all"; + "gb" = "git branch"; + "gc" = "git commit --verbose"; + "gcmsg" = "git commit --message"; + "gd" = "git diff"; + "gdca" = "git diff --cached"; + "gds" = "git diff --staged"; + "gl" = "git log --stat"; + "glg" = "git log --graph"; + "glga" = "git log --graph --decorate --all"; + "glo" = "git log --oneline --decorate"; + "gp" = "git push"; + "gr" = "git remote"; + "gra" = "git remote add"; + "grv" = "git remote --verbose"; + "gs" = "git status --short"; + "gss" = "git status"; + }; + + shellInit = '' + set fish_greeting + ''; + + functions = { + fish_prompt = '' + set -l last_status $status + set -l normal (set_color normal) + set -l status_color (set_color brgreen) + set -l cwd_color (set_color $fish_color_cwd) + set -l vcs_color (set_color brpurple) + set -l prompt_status "" + + # Since we display the prompt on a new line allow the directory names to be longer. + set -q fish_prompt_pwd_dir_length + or set -lx fish_prompt_pwd_dir_length 0 + + # Color the prompt differently when we're root + set -l suffix '❯' + if functions -q fish_is_root_user; and fish_is_root_user + if set -q fish_color_cwd_root + set cwd_color (set_color $fish_color_cwd_root) + end + set suffix '#' + end + + # Color the prompt in red on error + if test $last_status -ne 0 + set status_color (set_color $fish_color_error) + set prompt_status $status_color "[" $last_status "]" $normal + end + + echo -s (prompt_login) ' ' $cwd_color (prompt_pwd) $vcs_color (fish_vcs_prompt) $normal ' ' $prompt_status + echo -n -s $status_color $suffix ' ' $normal + ''; + + }; + }; + + programs.fzf.enableFishIntegration = true; + programs.zoxide.enableFishIntegration = true; + programs.eza.enableFishIntegration = true; + programs.nix-index.enableFishIntegration = true; +} diff --git a/home/foot.nix b/home/foot.nix new file mode 100644 index 0000000..2df77bc --- /dev/null +++ b/home/foot.nix @@ -0,0 +1,63 @@ +{ ... }: +{ + programs.foot = { + enable = true; + settings = { + main = { + font = "IBM Plex Mono:size=8"; + dpi-aware = "yes"; + }; + bell = { + urgent = "no"; + notify = "no"; + visual = "no"; + }; + cursor = { + style = "beam"; + blink = "yes"; + blink-rate = 500; + beam-thickness = 1.5; + }; + mouse = { + hide-when-typing = "yes"; + }; + colors = { + background = "161821"; + foreground = "c6c8d1"; + + selection-background = "1e2132"; + selection-foreground = "c6c8d1"; + + regular0 = "161821"; + bright0 = "6b7089"; + + regular1 = "e27878"; + bright1 = "e98989"; + + regular2 = "b4be82"; + bright2 = "c0ca8e"; + + regular3 = "e2a478"; + bright3 = "e9b189"; + + regular4 = "84a0c6"; + bright4 = "91acd1"; + + regular5 = "a093c7"; + bright5 = "ada0d3"; + + regular6 = "89b8c2"; + bright6 = "95c4ce"; + + regular7 = "c6c8d1"; + bright7 = "d2d4de"; + }; + + key-bindings = { + clipboard-copy = "Control+Shift+c XF86Copy"; + clipboard-paste = "Control+Shift+v XF86Paste"; + quit = "Control+q"; + }; + }; + }; +} diff --git a/home/irssi.nix b/home/irssi.nix deleted file mode 100644 index e8133c1..0000000 --- a/home/irssi.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ ... }: -{ - programs.irssi = { - enable = true; - networks.liberachat = { - nick = "cy7"; - server = { - address = "irc.libera.chat"; - port = 6697; - autoConnect = true; - }; - channels = { - nixos.autoJoin = true; - linux.autoJoin = true; - rust.autoJoin = true; - }; - }; - extraConfig = '' - ignores = ( { level = "JOINS PARTS QUITS MODES NICKS"; } ) - ''; - }; -} diff --git a/home/kitty.nix b/home/kitty.nix deleted file mode 100644 index a6ddf37..0000000 --- a/home/kitty.nix +++ /dev/null @@ -1,86 +0,0 @@ -{ pkgs, ... }: -{ - programs.kitty = { - enable = true; - font = { - name = "IBM Plex Mono"; - package = pkgs.ibm-plex; - size = 12; - }; - settings = { - enable_audio_bell = true; - # how many windows should be open before kitty asks - # for confirmation - confirm_os_window_close = 0; - clear_all_shortcuts = true; - - # will probably lower this later but the max allowed is actually 4GB - # this is NOT stored in memory and can only be viewed with scrollback_pager - "scrollback_pager_history_size" = "10"; # in MB - # see https://github.com/sharkdp/bat/issues/1077#issuecomment-652785399 - "scrollback_pager" = "bat --pager='less -FR +G'"; - # "scrollback_lines" = 20000; - wheel_scroll_multiplier = 50; - }; - keybindings = { - # kitty_mod is ctrl+shift by default - "kitty_mod+c" = "copy_to_clipboard"; - "kitty_mod+v" = "paste_from_clipboard"; - # "ctrl+q" = "quit"; - - "kitty_mod+m" = "show_scrollback"; - - # windows - "kitty_mod+h" = "neighboring_window left"; - "kitty_mod+alt+h" = "move_window left"; - "kitty_mod+l" = "neighboring_window right"; - "kitty_mod+alt+l" = "move_window right"; - "kitty_mod+j" = "neighboring_window down"; - "kitty_mod+alt+j" = "move_window down"; - "kitty_mod+k" = "neighboring_window up"; - "kitty_mod+alt+k" = "move_window up"; - "ctrl+f3" = "detach_window new-tab"; - "ctrl+f4" = "detach_window tab-left"; - "ctrl+f5" = "load_config_file"; - "ctrl+alt+l" = "next_layout"; - "ctrl+alt+t" = "goto_layout tall"; - "ctrl+alt+s" = "goto_layout stack"; - "kitty_mod+enter" = "new_window_with_cwd"; - "kitty_mod+r" = "resize_window"; - # this closes the *current* window, not the *OS* window - # https://sw.kovidgoyal.net/kitty/overview/#tabs-and-windows - "kitty_mod+w" = "close_window"; - - # tabs - "kitty_mod+n" = "next_tab"; - "kitty_mod+p" = "previous_tab"; - "kitty_mod+alt+n" = "move_tab_forward"; - "kitty_mod+alt+p" = "move_tab_backward"; - "kitty_mod+q" = "close_tab"; - "kitty_mod+t" = "new_tab_with_cwd"; - - # hints - # > basically means the preceding key is a prefix (think tmux) - "kitty_mod+o>o" = "open_url_with_hints"; - # `--program @` means copy to clipboard - "kitty_mod+o>u" = "kitten hints --type url --program @"; - "kitty_mod+o>p" = "kitten hints --type path --program @"; - "kitty_mod+o>n" = "kitten hints --type line --program @"; - "kitty_mod+o>w" = "kitten hints --type word --program @"; - "kitty_mod+o>h" = "kitten hints --type hash --program @"; - "kitty_mod+o>l" = "kitten hints --type linenum"; - - # scrolling - "kitty_mod+u" = "scroll_page_up"; - "kitty_mod+d" = "scroll_page_down"; - "kitty_mod+a" = "scroll_home"; - "kitty_mod+e" = "scroll_end"; - "kitty_mod+z" = "scroll_to_prompt -1"; # scroll to previous shell prompt - "kitty_mod+x" = "scroll_to_prompt 1"; # scroll to next shell prompt - "kitty_mod+y" = "show_scrollback"; # browse scrollback buffer in pager - "kitty_mod+g" = "show_last_command_output"; # browse output of last command in pager - }; - }; - - programs.zsh.shellAliases."ssh" = "kitten ssh"; -} diff --git a/home/niri/default.nix b/home/niri/default.nix new file mode 100644 index 0000000..9aa8636 --- /dev/null +++ b/home/niri/default.nix @@ -0,0 +1,188 @@ +{ + config, + pkgs, + lib, + ... +}: +let + wallpaper = "${./nixos-c-book.png}"; + terminal = "foot"; + menu = [ + "fuzzel" + "-w" + "100" + ]; + browser = "librewolf"; + file-manager = "thunar"; + clipboard = "cliphist list | ${lib.concatStringsSep " " menu} --dmenu | cliphist decode | wl-copy"; +in +{ + programs.niri.settings = { + prefer-no-csd = true; + input.keyboard.xkb.options = "ctrl:nocaps"; + spawn-at-startup = [ + { command = [ "${lib.getExe pkgs.waybar}" ]; } + { + command = [ + "${lib.getExe pkgs.swaybg}" + "-m" + "fill" + "-i" + wallpaper + ]; + } + { command = [ "${lib.getExe pkgs.xwayland-satellite}" ]; } + ]; + hotkey-overlay.skip-at-startup = true; + + input = { + touchpad = { + tap = true; + dwt = true; + natural-scroll = true; + click-method = "clickfinger"; + }; + warp-mouse-to-focus = true; + focus-follows-mouse.enable = false; + }; + + environment = { + DISPLAY = ":0"; # for xwayland-satellite + }; + + layout = { + gaps = 4; + focus-ring = { + width = 4; + active.color = "#00000055"; + inactive.color = "#505050"; + }; + always-center-single-column = true; + border.enable = false; + }; + + window-rules = [ + { + matches = [ + { + app-id = "anki"; + title = "Add"; + } + { app-id = "mpv"; } + { app-id = "Bitwarden"; } + ]; + open-floating = true; + } + { + matches = [ { app-id = "anki"; } ]; + default-column-width.proportion = .25; + } + { + matches = [ + { app-id = "foot"; } + { + app-id = "anki"; + title = "^Browse"; + } + ]; + default-column-width.proportion = .5; + } + { + matches = [ { app-id = "librewolf"; } ]; + default-column-width.proportion = .75; + } + ]; + }; + + programs.niri.settings.binds = + with config.lib.niri.actions; + let + sh = spawn "sh" "-c"; + in + { + "Mod+Return".action = spawn terminal; + "Mod+D".action = spawn menu; + + "Mod+Shift+E".action = quit; + "Mod+Equal".action = set-column-width "+10%"; + "Mod+Minus".action = set-column-width "-10%"; + "Mod+Shift+Equal".action = set-window-height "+10%"; + "Mod+Shift+Minus".action = set-window-height "-10%"; + "Super+Alt+L".action = spawn "swaylock"; + "Mod+Ctrl+Q".action = close-window; + "Mod+H".action = focus-column-left; + "Mod+L".action = focus-column-right; + "Mod+K".action = focus-window-up; + "Mod+J".action = focus-window-down; + "Mod+Shift+H".action = move-column-left; + "Mod+Shift+L".action = move-column-right; + "Mod+Shift+K".action = move-window-up; + "Mod+Shift+J".action = move-window-down; + "Mod+U".action = focus-workspace-up; + "Mod+I".action = focus-workspace-down; + "Mod+Shift+U".action = move-window-to-workspace-up; + "Mod+Shift+I".action = move-window-to-workspace-down; + "Mod+W".action = maximize-column; + "Mod+C".action = center-column; + "Mod+Shift+Space".action = toggle-window-floating; + "Mod+Space".action = switch-focus-between-floating-and-tiling; + "Print".action = screenshot; + "Alt+Print".action = screenshot-window; + "Ctrl+Print".action = screenshot-screen; + "Mod+R".action = switch-preset-column-width; + "Mod+Shift+R".action = switch-preset-window-height; + "Mod+Ctrl+R".action = reset-window-height; + "Mod+F".action = fullscreen-window; + "Mod+WheelScrollDown" = { + cooldown-ms = 150; + action = focus-column-right; + }; + "Mod+WheelScrollUp" = { + cooldown-ms = 150; + action = focus-column-left; + }; + "Mod+Shift+WheelScrollDown" = { + cooldown-ms = 150; + action = focus-workspace-down; + }; + "Mod+Shift+WheelScrollUp" = { + cooldown-ms = 150; + action = focus-workspace-up; + }; + + "XF86AudioRaiseVolume".action = sh "wpctl set-volume @DEFAULT_AUDIO_SINK@ 1%+"; + "XF86AudioLowerVolume".action = sh "wpctl set-volume @DEFAULT_AUDIO_SINK@ 1%-"; + "XF86AudioMute".action = sh "wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle"; + "XF86MonBrightnessUp".action = sh "brightnessctl set 1%+"; + "XF86MonBrightnessDown".action = sh "brightnessctl set 1%-"; + + "Mod+1".action = focus-workspace 1; + "Mod+2".action = focus-workspace 2; + "Mod+3".action = focus-workspace 3; + "Mod+4".action = focus-workspace 4; + "Mod+5".action = focus-workspace 5; + "Mod+6".action = focus-workspace 6; + "Mod+7".action = focus-workspace 7; + "Mod+8".action = focus-workspace 8; + "Mod+9".action = focus-workspace 9; + "Mod+Shift+1".action = move-column-to-workspace 1; + "Mod+Shift+2".action = move-column-to-workspace 2; + "Mod+Shift+3".action = move-column-to-workspace 3; + "Mod+Shift+4".action = move-column-to-workspace 4; + "Mod+Shift+5".action = move-column-to-workspace 5; + "Mod+Shift+6".action = move-column-to-workspace 6; + "Mod+Shift+7".action = move-column-to-workspace 7; + "Mod+Shift+8".action = move-column-to-workspace 8; + "Mod+Shift+9".action = move-column-to-workspace 9; + + "Mod+Alt+B".action = spawn browser; + "Mod+Alt+A".action = spawn "anki"; + "Mod+Alt+F".action = spawn file-manager; + "Mod+Alt+E".action = spawn "evolution"; + "Mod+P".action = spawn "bitwarden"; + "Mod+Comma".action = sh clipboard; + + "MouseForward".action = spawn "sh" "${./scripts/remote.sh}" "btn1"; + "MouseBack".action = spawn "sh" "${./scripts/remote.sh}"; + }; +} diff --git a/home/niri/nixos-c-book.png b/home/niri/nixos-c-book.png new file mode 100644 index 0000000..96abf8f Binary files /dev/null and b/home/niri/nixos-c-book.png differ diff --git a/home/niri/scripts/remote.sh b/home/niri/scripts/remote.sh new file mode 100755 index 0000000..5065980 --- /dev/null +++ b/home/niri/scripts/remote.sh @@ -0,0 +1,25 @@ +#!/usr/bin/env bash + +active_window=$(niri msg --json focused-window |jq -r .app_id) + +if [ "$1" = "btn1" ]; then + if [ "$active_window" = "anki" ]; then + wtype " " + elif [ "$active_window" = "foot" ]; then + wtype -M ctrl -M shift -k c -m ctrl -m shift + elif [ "$active_window" = "chromium-browser" ] || [ "$active_window" = "librewolf" ]; then + wtype -M alt -P right -p right -m alt + else + wtype -M ctrl -k c -m ctrl + fi +else + if [ "$active_window" = "anki" ]; then + wtype "1" + elif [ "$active_window" = "foot" ]; then + wtype -M ctrl -M shift -k v -m ctrl + elif [ "$active_window" = "chromium-browser" ] || [ "$active_window" = "librewolf" ]; then + wtype -M alt -P left -p left -m alt + else + wtype -M ctrl -k v -m ctrl + fi +fi diff --git a/home/nixvim/default.nix b/home/nixvim/default.nix new file mode 100644 index 0000000..98a97ee --- /dev/null +++ b/home/nixvim/default.nix @@ -0,0 +1,204 @@ +{ pkgs, ... }: +{ + programs.nixvim = { + enable = true; + plugins.lualine.enable = true; + opts = { + number = true; + relativenumber = true; + expandtab = true; + autoindent = true; + shiftwidth = 2; + smartindent = true; + tabstop = 2; + ignorecase = true; + incsearch = true; + smartcase = true; + }; + colorscheme = "iceberg"; + clipboard.register = "unnamedplus"; + + globals = { + mapleader = ","; + }; + + extraPlugins = with pkgs.vimPlugins; [ + iceberg-vim + ]; + + keymaps = [ + { + action = "Neotree toggle"; + key = "s"; + mode = "n"; + options.silent = true; + } + { + # shortcut to command mode + action = ":"; + key = ";"; + mode = [ + "n" + "x" + ]; + options.silent = true; + } + { + # insert line below without moving cursor + action = "printf('m`%so``', v:count1)"; + key = "o"; + options.expr = true; + mode = "n"; + } + { + # insert line above without moving cursor + action = "printf('m`%sO``', v:count1)"; + key = "O"; + options.expr = true; + mode = "n"; + } + # nice emacs bindings + { + action = ""; + key = ""; + mode = "i"; + } + { + action = ""; + key = ""; + mode = "i"; + } + ]; + + plugins.cmp = { + enable = true; + settings = { + formatting.fields = [ + "abbr" + "kind" + "menu" + ]; + experimental = { + ghost_text = true; + }; + snippet.expand = '' + function(args) require('luasnip').lsp_expand(args.body) end + ''; + sources = [ + { name = "nvim_lsp"; } + { name = "emoji"; } + { name = "luasnip"; } + { name = "buffer"; } + { name = "path"; } + ]; + mapping = { + "" = "cmp.mapping.abort()"; + "" = "cmp.mapping.select_next_item()"; + "" = "cmp.mapping.select_prev_item()"; + "" = "cmp.mapping.scroll_docs(-4)"; + "" = "cmp.mapping.scroll_docs(4)"; + "" = '' + cmp.mapping(function(fallback) + if cmp.visible() then + if require("luasnip").expandable() then + require("luasnip").expand() + else + cmp.confirm({ + select = true, + }) + end + else + fallback() + end + end) + ''; + "" = '' + cmp.mapping(function(fallback) + if require("luasnip").jumpable(1) then + require("luasnip").jump(1) + else + fallback() + end + end,{"i","s"}) + ''; + "" = '' + cmp.mapping(function(fallback) + if require("luasnip").jumpable(-1) then + require("luasnip").jump(-1) + else + fallback() + end + end,{"i","s"}) + ''; + }; + }; + }; + + plugins.lsp = { + enable = true; + keymaps.lspBuf = { + "K" = "hover"; + "gd" = "definition"; + "gD" = "references"; + # "gt" = "type_definition"; # conflicts with switch tab + "gI" = "type_definition"; + "gi" = "implementation"; + }; + servers = { + bashls.enable = true; + lua_ls.enable = true; + nil_ls = { + enable = true; + settings = { + formatting.command = [ + "nix" + "fmt" + ]; + nix.flake.autoArchive = true; + }; + }; + rust_analyzer = { + enable = true; + installRustc = true; + installCargo = true; + }; + }; + }; + plugins.treesitter = { + enable = true; + nixGrammars = true; + settings.indent.enable = true; + }; + plugins.fzf-lua = { + enable = true; + keymaps = { + "ff" = "files"; + "fg" = "live_grep"; + }; + }; + + plugins.neo-tree = { + enable = true; + buffers.followCurrentFile.enabled = true; + window.width = 30; + }; + + plugins.gitsigns = { + enable = true; + settings.current_line_blame = true; + }; + + plugins.cmp-buffer.enable = true; + plugins.cmp-emoji.enable = true; + plugins.cmp-nvim-lsp.enable = true; + plugins.cmp-path.enable = true; + plugins.cmp_luasnip.enable = true; + plugins.luasnip.enable = true; + plugins.nvim-autopairs.enable = true; + plugins.rainbow-delimiters.enable = true; + plugins.web-devicons.enable = true; + plugins.auto-save.enable = true; + plugins.indent-blankline.enable = true; + plugins.undotree.enable = true; + }; +} diff --git a/home/plasma.nix b/home/plasma.nix deleted file mode 100644 index 10f5399..0000000 --- a/home/plasma.nix +++ /dev/null @@ -1,85 +0,0 @@ -{ ... }: -{ - programs.plasma = { - enable = true; - overrideConfig = true; - immutableByDefault = true; - workspace = { - lookAndFeel = "org.ide.breezedark.desktop"; - cursor = { - theme = "Bibata-Modern-Classic"; - size = 23; - }; - }; - - fonts = { - general = { - family = "IBM Plex Mono"; - pointSize = 12; - }; - }; - - input.keyboard = { - numlockOnStartup = "on"; - options = [ "ctrl:nocaps" ]; - }; - - # Meta key is actually the Super key in KDE - - hotkeys.commands = { - "launch-terminal" = { - name = "launch terminal"; - key = "Meta+Return"; - command = "kitty"; - }; - "launch-browser" = { - name = "launch browser"; - key = "Meta+B"; - command = "chromium"; - }; - "launch-fuzzel" = { - name = "launch-fuzzel"; - key = "Meta+d"; - command = "fuzzel"; - }; - }; - - shortcuts = { - kwin = { - "Switch Window Down" = "Meta+J"; - "Switch Window Left" = "Meta+H"; - "Switch Window Right" = "Meta+L"; - "Switch Window Up" = "Meta+K"; - "Window Quick Tile Down" = "Meta+Shift+J"; - "Window Quick Tile Left" = "Meta+Shift+H"; - "Window Quick Tile Right" = "Meta+Shift+L"; - "Window Quick Tile Up" = "Meta+Shift+K"; - "Window Close" = "Meta+Ctrl+Q"; - "Window Maximize" = "Meta+W"; - "Window Minimize" = "Meta+Shift+-"; - "Window Fullscreen" = "Meta+F"; - "Window Shrink Horizontal" = "Meta+-"; - }; - - ksmserver = { - "Lock Session" = [ - "Screensaver" - "Meta+Ctrl+L" - ]; - }; - }; - - configFile = { - # save RAM - baloofilerc."Basic Settings"."Indexing-Enabled" = false; - }; - - # looks like KDE overrides services.logind settings - powerdevil.AC = { - whenLaptopLidClosed = "hibernate"; - }; - powerdevil.battery = { - whenLaptopLidClosed = "hibernate"; - }; - }; -} diff --git a/home/rofi/config.rasi b/home/rofi/config.rasi new file mode 100644 index 0000000..ae76aeb --- /dev/null +++ b/home/rofi/config.rasi @@ -0,0 +1,156 @@ +configuration { + modes: "drun,run,emoji:rofimoji,clipboard:/home/yt/.config/rofi/scripts/cliphist.sh"; + font: "hack 12"; +/* location: 0;*/ +/* yoffset: 0;*/ +/* xoffset: 0;*/ +/* fixed-num-lines: true;*/ + show-icons: true; + terminal: "kitty"; +/* ssh-client: "ssh";*/ +/* ssh-command: "{terminal} -e {ssh-client} {host} [-p {port}]";*/ +/* run-command: "{cmd}";*/ +/* run-list-command: "";*/ +/* run-shell-command: "{terminal} -e {cmd}";*/ +/* window-command: "wmctrl -i -R {window}";*/ +/* window-match-fields: "all";*/ + icon-theme: "Papirus"; +/* drun-match-fields: "name,generic,exec,categories,keywords";*/ +/* drun-categories: ;*/ +/* drun-show-actions: false;*/ +/* drun-display-format: "{name} [({generic})]";*/ +/* drun-url-launcher: "xdg-open";*/ +/* disable-history: false;*/ +/* ignored-prefixes: "";*/ +/* sort: false;*/ +/* sorting-method: "normal";*/ +/* case-sensitive: false;*/ +/* cycle: true;*/ +/* sidebar-mode: false;*/ +/* hover-select: false;*/ +/* eh: 1;*/ +/* auto-select: false;*/ +/* parse-hosts: false;*/ +/* parse-known-hosts: true;*/ + combi-modes: "window,run,calc,filebrowser"; +/* matching: "normal";*/ +/* tokenize: true;*/ +/* m: "-5";*/ +/* filter: ;*/ +/* dpi: -1;*/ +/* threads: 0;*/ +/* scroll-method: 0;*/ +/* window-format: "{w} {c} {t}";*/ +/* click-to-exit: true;*/ +/* global-kb: false;*/ +/* max-history-size: 25;*/ +/* combi-hide-mode-prefix: false;*/ +/* combi-display-format: "{mode} {text}";*/ +/* matching-negate-char: '-' /* unsupported */;*/ +/* cache-dir: ;*/ +/* window-thumbnail: false;*/ +/* drun-use-desktop-cache: false;*/ +/* drun-reload-desktop-cache: false;*/ +/* normalize-match: false;*/ +/* steal-focus: false;*/ +/* application-fallback-icon: ;*/ +/* refilter-timeout-limit: 300;*/ +/* xserver-i300-workaround: false;*/ +/* completer-mode: "recursivebrowser";*/ +/* pid: "/run/user/1000/rofi.pid";*/ +/* display-window: ;*/ +/* display-run: ;*/ +/* display-ssh: ;*/ +/* display-drun: ;*/ +/* display-combi: ;*/ +/* display-keys: ;*/ +/* display-filebrowser: ;*/ +/* display-recursivebrowser: ;*/ +/* kb-primary-paste: "Control+V,Shift+Insert";*/ +/* kb-secondary-paste: "Control+v,Insert";*/ +/* kb-secondary-copy: "Control+c";*/ +/* kb-clear-line: "Control+w";*/ +/* kb-move-front: "Control+a";*/ +/* kb-move-end: "Control+e";*/ +/* kb-move-word-back: "Alt+b,Control+Left";*/ +/* kb-move-word-forward: "Alt+f,Control+Right";*/ +/* kb-move-char-back: "Left,Control+b";*/ +/* kb-move-char-forward: "Right,Control+f";*/ +/* kb-remove-word-back: "Control+Alt+h,Control+BackSpace";*/ +/* kb-remove-word-forward: "Control+Alt+d";*/ +/* kb-remove-char-forward: "Delete,Control+d";*/ +/* kb-remove-char-back: "BackSpace,Shift+BackSpace,Control+h";*/ +/* kb-remove-to-eol: "Control+k";*/ +/* kb-remove-to-sol: "Control+u";*/ +/* kb-accept-entry: "Control+j,Control+m,Return,KP_Enter";*/ +/* kb-accept-custom: "Control+Return";*/ +/* kb-accept-custom-alt: "Control+Shift+Return";*/ +/* kb-accept-alt: "Shift+Return";*/ +/* kb-delete-entry: "Shift+Delete";*/ +/* kb-mode-next: "Shift+Right,Control+Tab";*/ +/* kb-mode-previous: "Shift+Left,Control+ISO_Left_Tab";*/ +/* kb-mode-complete: "Control+l";*/ +/* kb-row-left: "Control+Page_Up";*/ +/* kb-row-right: "Control+Page_Down";*/ +/* kb-row-up: "Up,Control+p";*/ +/* kb-row-down: "Down,Control+n";*/ +/* kb-row-tab: "";*/ +/* kb-element-next: "Tab";*/ +/* kb-element-prev: "ISO_Left_Tab";*/ +/* kb-page-prev: "Page_Up";*/ +/* kb-page-next: "Page_Down";*/ +/* kb-row-first: "Home,KP_Home";*/ +/* kb-row-last: "End,KP_End";*/ +/* kb-row-select: "Control+space";*/ +/* kb-screenshot: "Alt+S";*/ +/* kb-ellipsize: "Alt+period";*/ +/* kb-toggle-case-sensitivity: "grave,dead_grave";*/ +/* kb-toggle-sort: "Alt+grave";*/ +/* kb-cancel: "Escape,Control+g,Control+bracketleft";*/ +/* kb-custom-1: "Alt+1";*/ +/* kb-custom-2: "Alt+2";*/ +/* kb-custom-3: "Alt+3";*/ +/* kb-custom-4: "Alt+4";*/ +/* kb-custom-5: "Alt+5";*/ +/* kb-custom-6: "Alt+6";*/ +/* kb-custom-7: "Alt+7";*/ +/* kb-custom-8: "Alt+8";*/ +/* kb-custom-9: "Alt+9";*/ +/* kb-custom-10: "Alt+0";*/ +/* kb-custom-11: "Alt+exclam";*/ +/* kb-custom-12: "Alt+at";*/ +/* kb-custom-13: "Alt+numbersign";*/ +/* kb-custom-14: "Alt+dollar";*/ +/* kb-custom-15: "Alt+percent";*/ +/* kb-custom-16: "Alt+dead_circumflex";*/ +/* kb-custom-17: "Alt+ampersand";*/ +/* kb-custom-18: "Alt+asterisk";*/ +/* kb-custom-19: "Alt+parenleft";*/ +/* kb-select-1: "Super+1";*/ +/* kb-select-2: "Super+2";*/ +/* kb-select-3: "Super+3";*/ +/* kb-select-4: "Super+4";*/ +/* kb-select-5: "Super+5";*/ +/* kb-select-6: "Super+6";*/ +/* kb-select-7: "Super+7";*/ +/* kb-select-8: "Super+8";*/ +/* kb-select-9: "Super+9";*/ +/* kb-select-10: "Super+0";*/ +/* kb-entry-history-up: "Control+Up";*/ +/* kb-entry-history-down: "Control+Down";*/ +/* ml-row-left: "ScrollLeft";*/ +/* ml-row-right: "ScrollRight";*/ +/* ml-row-up: "ScrollUp";*/ +/* ml-row-down: "ScrollDown";*/ +/* me-select-entry: "MousePrimary";*/ +/* me-accept-entry: "MouseDPrimary";*/ +/* me-accept-custom: "Control+MouseDPrimary";*/ + timeout { + action: "kb-cancel"; + delay: 0; + } + filebrowser { + directories-first: true; + sorting-method: "name"; + } +} diff --git a/home/rofi/scripts/cliphist.sh b/home/rofi/scripts/cliphist.sh new file mode 100755 index 0000000..d11fadf --- /dev/null +++ b/home/rofi/scripts/cliphist.sh @@ -0,0 +1,22 @@ +#!/usr/bin/env bash + +tmp_dir="/tmp/cliphist" +rm -rf "$tmp_dir" + +if [[ -n "$1" ]]; then + cliphist decode <<<"$1" | wl-copy + exit +fi + +mkdir -p "$tmp_dir" + +read -r -d '' prog <$tmp_dir/"grp[1]"."grp[3]) + print \$0"\0icon\x1f$tmp_dir/"grp[1]"."grp[3] + next +} +1 +EOF +cliphist list | gawk "$prog" diff --git a/home/sway/config b/home/sway/config new file mode 100644 index 0000000..1005b61 --- /dev/null +++ b/home/sway/config @@ -0,0 +1,156 @@ +set $mod Mod4 +set $alt Mod1 +set $left h +set $down j +set $up k +set $right l + +set $term $HOME/.config/sway/scripts/terminal.sh +set $menu rofi -show run +set $screenshot grim -g "$(slurp)" - | wl-copy +set $browser librewolf +set $clipboard rofi -show clipboard -show-icons +set $emoji rofi -show emoji + +set $font_family DejaVu Sans Mono +set $font_size 11 +set $bg #000000 +set $fg #ffffff +set $fgi #888888 + +set $wallpaper $HOME/wallpapers/nixos-c-book-large.png +set $lock swaylock -f -i $wallpaper +output * bg $wallpaper fill + +floating_modifier $mod normal +default_border pixel +smart_borders on +focus_follows_mouse always +# mouse_warping container + +bindsym $mod+Return exec $term +bindsym $mod+Ctrl+q kill +bindsym $mod+d exec $menu +bindsym $mod+Shift+c reload +bindsym $mod+Shift+e exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -B 'Yes, exit sway' 'swaymsg exit' +bindsym Print exec $screenshot +bindsym $mod+comma exec $clipboard +bindsym $mod+period exec $emoji + +bindsym $mod+$alt+b exec $browser +bindsym $mod+$alt+a exec anki +bindsym $mod+$alt+f exec thunar +bindsym $mod+$alt+e exec evolution +bindsym $mod+p exec bitwarden +bindsym $mod+$alt+m exec element-desktop + +bindsym $mod+$left focus left +bindsym $mod+$down focus down +bindsym $mod+$up focus up +bindsym $mod+$right focus right + +bindsym $mod+Shift+$left move left +bindsym $mod+Shift+$down move down +bindsym $mod+Shift+$up move up +bindsym $mod+Shift+$right move right + +bindsym $mod+1 workspace number 1 +bindsym $mod+2 workspace number 2 +bindsym $mod+3 workspace number 3 +bindsym $mod+4 workspace number 4 +bindsym $mod+5 workspace number 5 +bindsym $mod+6 workspace number 6 +bindsym $mod+7 workspace number 7 +bindsym $mod+8 workspace number 8 +bindsym $mod+9 workspace number 9 +bindsym $mod+0 workspace number 10 + +bindsym $mod+Shift+1 move container to workspace number 1 +bindsym $mod+Shift+2 move container to workspace number 2 +bindsym $mod+Shift+3 move container to workspace number 3 +bindsym $mod+Shift+4 move container to workspace number 4 +bindsym $mod+Shift+5 move container to workspace number 5 +bindsym $mod+Shift+6 move container to workspace number 6 +bindsym $mod+Shift+7 move container to workspace number 7 +bindsym $mod+Shift+8 move container to workspace number 8 +bindsym $mod+Shift+9 move container to workspace number 9 +bindsym $mod+Shift+0 move container to workspace number 10 + +# mouse side buttons +bindsym --whole-window BTN_EXTRA exec ~/.config/sway/scripts/remote.sh btn1 +bindsym --whole-window BTN_SIDE exec ~/.config/sway/scripts/remote.sh + +bindsym $mod+b splith +bindsym $mod+v splitv + +bindsym $mod+s layout stacking +bindsym $mod+w layout tabbed +bindsym $mod+e layout toggle split + +bindsym $mod+f fullscreen + +bindsym $mod+Shift+space floating toggle + +bindsym $mod+space focus mode_toggle + +bindsym $mod+a focus parent +bindsym $mod+Shift+a focus child + +bindsym $mod+Shift+minus move scratchpad +bindsym $mod+minus scratchpad show + +mode "resize" { + bindsym $left resize shrink width 10px + bindsym $down resize grow height 10px + bindsym $up resize shrink height 10px + bindsym $right resize grow width 10px + bindsym Return mode "default" + bindsym Escape mode "default" +} +bindsym $mod+r mode "resize" + +# keys to adjust volue and brightness +bindsym --locked XF86AudioMute exec "amixer -q sset Master,0 toggle" +bindsym --locked XF86AudioLowerVolume exec "amixer -q set Master 1%-" +bindsym --locked XF86AudioRaiseVolume exec "amixer -q sset Master 1%+" +bindsym --locked XF86MonBrightnessDown exec brightnessctl set 1%- +bindsym --locked XF86MonBrightnessUp exec brightnessctl set 1%+ + +# lockscreen +bindsym $mod+Control+l exec $lock + +font pango:$font_family $font_size + +for_window [app_id=mpv] inhibit_idle visible, floating enable, sticky enable +for_window [app_id="LibreWolf" title="^Extension"] floating enable +for_window [floating] border csd +for_window [app_id="Bitwarden"] floating enable +for_window [app_id=anki title="Add"] floating enable + +bar { + swaybar_command waybar +} + +input "type:touchpad" { + dwt enabled + tap enabled + natural_scroll enabled +} + +input "type:keyboard" { + xkb_layout us + xkb_options ctrl:nocaps + xkb_numlock enabled +} + +exec wl-paste --watch cliphist store +exec mako >> $HOME/mako.log 2>&1 +exec dbus-update-activation-environment --all + +exec swayidle -w \ + timeout 300 'swaymsg "output * power off"' \ + timeout 305 $lock \ + resume 'swaymsg "output * power on"' \ + before-sleep 'playerctl pause; swaylock -f' + +exec system-dnotify --ready diff --git a/home/sway/scripts/remote.sh b/home/sway/scripts/remote.sh new file mode 100755 index 0000000..741c26d --- /dev/null +++ b/home/sway/scripts/remote.sh @@ -0,0 +1,27 @@ +#!/usr/bin/env bash + +active_window=$(swaymsg -t get_tree |jq -r '..|try select(.focused == true) |.app_id') + +if [ "$1" = "btn1" ]; then + if [ "$active_window" = "anki" ]; then + wtype " " + elif [ "$active_window" = "foot" ]; then + wtype -M ctrl -M shift -k c -m ctrl -m shift + elif [ "$active_window" = "chromium-browser" ] || [ "$active_window" = "librewolf" ]; then + wtype -M alt -P right -p right -m alt + else + wtype -M ctrl -k c -m ctrl + fi +else + if [ "$active_window" = "anki" ]; then + wtype "1" + elif [ "$active_window" = "foot" ]; then + wtype -M ctrl -M shift -k v + wtype -m ctrl + elif [ "$active_window" = "chromium-browser" ] || [ "$active_window" = "librewolf" ]; then + wtype -M alt -P left -p left -m alt + else + wtype -M ctrl -k v + wtype -m ctrl + fi +fi diff --git a/home/sway/scripts/terminal.sh b/home/sway/scripts/terminal.sh new file mode 100755 index 0000000..42653c6 --- /dev/null +++ b/home/sway/scripts/terminal.sh @@ -0,0 +1,14 @@ +#!/usr/bin/env bash + +focused_workspace=$(swaymsg -t get_workspaces | jq '.[] | select(.focused == true) | .num') + +foot_window_count=$(swaymsg -t get_tree | jq --argjson workspace "$focused_workspace" '[recurse(.nodes[]?) | select(.type == "workspace" and .num == $workspace) | recurse(.nodes[]?) | select(.app_id == "foot")] | length') + +next_session=$((focused_workspace * 10)) + +if [ "$foot_window_count" -gt 0 ] +then + next_session=$((next_session + foot_window_count)) +fi + +foot tmux new-session -A -s ${next_session} diff --git a/home/vscode.nix b/home/vscode.nix new file mode 100644 index 0000000..d2b7bb0 --- /dev/null +++ b/home/vscode.nix @@ -0,0 +1,18 @@ +{ pkgs, ... }: +{ + programs.vscode = { + enable = true; + package = pkgs.vscodium; + enableUpdateCheck = false; + enableExtensionUpdateCheck = false; + mutableExtensionsDir = false; + extensions = with pkgs.vscode-extensions; [ + vscodevim.vim + jnoortheen.nix-ide # nix language support + editorconfig.editorconfig # editorconfig + dracula-theme.theme-dracula # color scheme + tomoki1207.pdf # pdf viewer + yzhang.markdown-all-in-one # markdown tools + ]; + }; +} diff --git a/home/waybar/config b/home/waybar/config new file mode 100644 index 0000000..6038a44 --- /dev/null +++ b/home/waybar/config @@ -0,0 +1,81 @@ +{ + "layer": "top", // Waybar on highest layer so tooltips go over windows + "output": "eDP-1", // Set output to primary monitor + "height": 40, // Set height to avoid jumping due to active workspace indicator + + "margin-left": 0, + "margin-right": 0, + "margin-top": 0, + "modules-left": ["niri/workspaces", "clock#time", "clock#date", "battery"], // Sets modules for the left of the bar + "modules-center": ["niri/window"], // Set modules for the center of the bar + "modules-right": ["tray", "temperature", "cpu", "memory", "wireplumber"], // Set modules for the right of the bar + "clock#time": { + "format": "{:%H:%M:%S}", + "interval": 1, + }, + "clock#date": { + "format": "{:%Y/%m/%d}", + "tooltip-format": "{calendar}", + "interval": 360, + "calendar": { + "mode": "month", + "mode-mon-col": 4, + "weeks-pos": "right", + "on-scroll": 1, + "on-click-right": "mode", + "format": { + "months": "{}", + "days": "{}", + "weeks": "W{}", + "weekdays": "{}", + "today": "{}", + }, + }, + }, + "battery": { + "interval": 60, + "states": { + "warning": 40, + "critical": 20, + }, + "format": "{icon} {capacity}%", + "format-icons": [ + "", + "", + "", + "", + "", + ], + "format-charging": "󱐌 {capacity}%", + }, + "cpu": { + "format": "{usage}%", + "interval": 4, + }, + "memory": { + "format": "{used}GiB", + "interval": 4, + }, + "temperature": { + "hwmon-path": "/sys/class/hwmon/hwmon4/temp1_input", + "critical-threshold": 80, + "format": "{temperatureC}°C", + "format-critical": "{temperatureC}°C", + "interval": 4, + }, + "wireplumber": { + "scroll-step": 1, // %, can be a float + "format": "{icon} {volume}%", + "format-muted": "󰝟 Muted", + "format-icons": ["", "", ""], + "on-click": "pavucontrol", + "interval": 4, + }, + "niri/window": { + "max-length": 64, + }, + "tray": { + "icon-size": 22, + "spacing": 6, + } +} diff --git a/home/waybar/style.css b/home/waybar/style.css new file mode 100644 index 0000000..438d892 --- /dev/null +++ b/home/waybar/style.css @@ -0,0 +1,70 @@ +.module, +#clock.date, +#clock.time, +#workspaces button { + background: transparent; + padding: 0 10px; + font-family: RobotoMono Nerd Font; + font-weight: 900; + font-size: 13pt; + color: #c0caf5; +} + +/* main waybar */ +window#waybar { + background: rgba(26, 27, 38, 1); + border: 2px solid #414868; +} + +/* when hovering over modules */ +tooltip { + background: #1e1e2e; + border-radius: 0; +} + +#workspaces { + padding-right: 0; +} + +#workspaces button { + padding: 2px; +} + +#clock { + padding-right: 100px; +} + + +/* Sets active workspace to have a solid line on the bottom */ +#workspaces button.focused { + border-bottom: 2px solid #7aa2f7; + border-radius: 0; + margin-top: 0px; + transition: none; +} + +/* More workspace stuff for highlighting on hover */ +#workspaces button.focused { + color: #a6adc8; +} + +#workspaces button.urgent { + color: #f7768e; +} + +#workspaces button:hover { + background: #11111b; + color: #cdd6f4; +} + +/* Hide window module when not focused on window or empty workspace */ +window#waybar.empty #window { + padding: 0; + margin: 0; + opacity: 0; +} + +/* Set up rounding to make these modules look like separate pills */ +#tray { + margin-right: 4px; +} diff --git a/home/yt/chunk.nix b/home/yt/chunk.nix index 474abfc..3285421 100644 --- a/home/yt/chunk.nix +++ b/home/yt/chunk.nix @@ -14,4 +14,9 @@ programs.home-manager.enable = true; systemd.user.startServices = "sd-switch"; + + home.packages = with pkgs; [ + foot.terminfo + attic-server + ]; } diff --git a/home/yt/codespace.nix b/home/yt/codespace.nix new file mode 100644 index 0000000..6720c17 --- /dev/null +++ b/home/yt/codespace.nix @@ -0,0 +1,22 @@ +{ + pkgs, + ... +}: +{ + imports = [ + ./common.nix + ]; + home = { + username = "codespace"; + homeDirectory = "/home/codespace"; + stateVersion = "24.05"; + }; + programs.home-manager.enable = true; + + systemd.user.startServices = "sd-switch"; + + home.packages = with pkgs; [ + foot.terminfo + attic-client + ]; +} diff --git a/home/yt/common.nix b/home/yt/common.nix index d06d67b..77c98fe 100644 --- a/home/yt/common.nix +++ b/home/yt/common.nix @@ -3,6 +3,7 @@ imports = [ ../tmux.nix ../zsh + ../nixvim ]; home.sessionVariables = { @@ -31,12 +32,11 @@ userName = "cy"; userEmail = "cy@cy7.sh"; delta = { - enable = false; + enable = true; options = { navigate = true; }; }; - difftastic.enable = true; extraConfig = { init.defaultBranch = "main"; push.autoSetupRemote = true; # assume -u on first push @@ -44,11 +44,7 @@ rebase = true; autostash = true; }; - merge = { - tool = "vimdiff"; - keepBackup = false; - prompt = false; - }; + merge.tool = "vimdiff"; rebase = { stat = true; autoStash = true; @@ -56,20 +52,12 @@ updateRefs = true; }; help.autocorrect = 1; - "mergetool \"vimdiff\"".cmd = "nvim -d $LOCAL $REMOTE $MERGED -c '$wincmd w' -c 'wincmd J'"; - url = { - "ssh://git@github.com/" = { - insteadOf = [ - "https://github.com/" - "github:" - "gh:" - ]; - }; + mergetool = { + prompt = false; + path = "nvim-open"; }; }; }; programs.ripgrep.enable = true; - # programs.man.generateCaches = true; # slows down eval - programs.fd.enable = true; - news.display = "silent"; + programs.man.generateCaches = true; } diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index f22d425..6d34814 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -1,14 +1,12 @@ { pkgs, - lib, ... }: { imports = [ ./common.nix - ../irssi.nix - ../kitty.nix - ../codium.nix + ../foot.nix + ../niri ]; home = { username = "yt"; @@ -17,151 +15,134 @@ }; programs.home-manager.enable = true; - home.pointerCursor = { - package = pkgs.bibata-cursors; - name = "Bibata-Modern-Classic"; - size = 23; - gtk.enable = true; - x11.enable = true; + systemd.user.startServices = "sd-switch"; + + qt = { + enable = true; + platformTheme.name = "gtk"; + style.name = "adwaita-dark"; + style.package = pkgs.adwaita-qt; }; - home.packages = - with pkgs; - lib.flatten [ - ungoogled-chromium - librewolf - bitwarden-desktop - bitwarden-cli - fastfetch - (with kdePackages; [ - gwenview - okular - ]) - mpv - signal-desktop - btop - jq - sqlite - usbutils - calibre - tor-browser - wtype - bat - rclone - go - (rust-bin.selectLatestNightlyWith ( - toolchain: - toolchain.default.override { - extensions = [ "rust-src" ]; - } - )) - pwgen - gnumake - unzip - anki-bin - trezorctl - q - gdb - fuzzel - hugo - ghidra - sccache - awscli2 - (cutter.withPlugins ( - p: with p; [ - rz-ghidra - jsdec - sigdb - ] - )) - p7zip - qbittorrent - android-tools - frida-tools - mitmproxy - (python313.withPackages ( - p: with p; [ - python-lsp-server - pip - virtualenv - ] - )) - jadx - scrcpy - syncthing - syncthingtray - (with llvmPackages; [ - clangUseLLVM - compiler-rt - libllvm - ]) - nix-output-monitor - wl-clipboard-rs - pixelflasher - cinny-desktop - freetube - gopls - rust-analyzer - minio-client - nil - keepassxc - ]; + gtk = { + enable = true; + cursorTheme = { + package = pkgs.bibata-cursors; + name = "Bibata-Modern"; + }; + theme = { + package = pkgs.adw-gtk3; + name = "adw-gtk3-dark"; + }; + iconTheme = { + package = pkgs.adwaita-icon-theme; + name = "Adwaita"; + }; + }; home.sessionVariables = { - # to make ghidra work on xwayland - _JAVA_AWT_WM_NONREPARENTING = 1; - - # sccache stuff - RUSTC_WRAPPER = "${lib.getExe pkgs.sccache}"; - SCCACHE_BUCKET = "sccache"; - SCCACHE_REGION = "us-east-1"; - SCCACHE_ENDPOINT = "https://s3.cy7.sh"; - SCCACHE_ALLOW_CORE_DUMPS = "true"; - SCCACHE_S3_USE_SSL = "true"; - SCCACHE_CACHE_MULTIARCH = "true"; - SCCACHE_LOG = "warn"; - AWS_DEFAULT_REGION = "us-east-1"; - AWS_ENDPOINT_URL = "https://s3.cy7.sh"; - AWS_ACCESS_KEY_ID = "$(cat /run/secrets/aws/key_id)"; - AWS_SECRET_ACCESS_KEY = "$(cat /run/secrets/aws/key_secret)"; + ANKI_WAYLAND = "1"; + DISPLAY = ":0"; }; - home.sessionPath = [ - "$HOME/.cargo/bin" - "$HOME/go/bin" + home.packages = with pkgs; [ + firefox + ungoogled-chromium + librewolf + bitwarden-desktop + bitwarden-cli + fastfetch + discord + nwg-look + kdePackages.gwenview + kdePackages.okular + kdePackages.qtwayland + mpv + yt-dlp + signal-desktop + azure-cli + pavucontrol + btop + grim + slurp + rofi-wayland + rofimoji + cliphist + jq + bash-language-server + sqlite + usbutils + clang-tools + calibre + tor-browser + wtype + bat + yarn + rclone + go + rustup + pwgen + lua-language-server + gnumake + foot + minisign + unzip + lm_sensors + sshfs + python312Packages.python-lsp-server + gopls + anki + trezorctl + trezor-agent + q + opentofu + terraform-ls + gdb + clang + seahorse + github-cli + fuzzel ]; + programs.waybar.enable = true; programs.feh.enable = true; + services.mako = { + enable = true; + backgroundColor = "#1a1a1a"; + defaultTimeout = 5000; + borderSize = 0; + borderRadius = 10; + font = "DejaVu Sans Mono 11"; + padding = "10"; + textColor = "#ffffff"; + extraConfig = '' + [urgency=high] + background-color=#c00000 + border-color=#ff0000 + ''; + }; + xdg.configFile = { + rofi.source = ../rofi; + waybar.source = ../waybar; mpv.source = ../mpv; }; + programs.newsboat = { + enable = true; + extraConfig = '' + urls-source "miniflux" + miniflux-url "https://rss.cything.io/" + miniflux-login "cy" + miniflux-passwordfile /run/secrets/newsboat/miniflux + ''; + }; + + services.gnome-keyring.enable = true; + programs.direnv = { enable = true; nix-direnv.enable = true; }; - - programs.git.extraConfig = { - user = { - signingKey = "~/.ssh/id_ed25519"; - }; - gpg.format = "ssh"; - commit.gpgsign = true; - }; - - programs.nix-index-database.comma.enable = true; - - programs.neovim = { - enable = true; - viAlias = true; - vimAlias = true; - }; - - programs.ssh = { - enable = true; - addKeysToAgent = "yes"; - }; - - programs.firefox.enable = true; } diff --git a/home/zsh/default.nix b/home/zsh/default.nix index e599f0d..c1df4e8 100644 --- a/home/zsh/default.nix +++ b/home/zsh/default.nix @@ -36,22 +36,19 @@ searchUpKey = "^p"; searchDownKey = "^n"; }; - - # prezto = { - # enable = true; - # caseSensitive = false; - # editor.keymap = "vi"; - # }; - initExtra = '' # disable control+s to pause terminal unsetopt FLOW_CONTROL + # manually integrate fzf cause we need to make sure zsh-vi-mode + # won't override C-r + function zvm_after_init() { + eval "$(${pkgs.fzf}/bin/fzf --zsh)" + } # useful emacs mode bindings bindkey -M viins "^E" end-of-line bindkey -M viins "^A" beginning-of-line bindkey -M viins "^B" backward-char - bindkey -M viins "^F" forward-char # accept one word completion bindkey -M viins "^S" forward-word @@ -90,9 +87,9 @@ "ta" = "tmux new-session -A -s"; "se" = "sudoedit"; "s" = "sudo"; - "nrs" = "sudo nixos-rebuild switch -L --flake . --log-format internal-json -v |& nom --json"; - "nrt" = "sudo nixos-rebuild test -L --flake . --log-format internal-json -v |& nom --json"; - "hrs" = "home-manager switch -L --flake ."; + "nrs" = "sudo nixos-rebuild switch --flake ."; + "nrt" = "sudo nixos-rebuild test --flake ."; + "hrs" = "home-manager switch --flake ."; "g" = "git"; "ga" = "git add"; "gaa" = "git add --all"; @@ -112,13 +109,12 @@ "grv" = "git remote --verbose"; "gs" = "git status --short"; "gss" = "git status"; - "code" = "codium"; }; }; programs.fzf.enableZshIntegration = true; programs.zoxide.enableZshIntegration = true; programs.eza.enableZshIntegration = true; - programs.nix-index.enableZshIntegration = true; - programs.direnv.enableZshIntegration = true; + programs.nix-index.enableZshIntegration = false; + programs.direnv.enableZshIntegration = false; } diff --git a/hosts/chunk/Caddyfile b/hosts/chunk/Caddyfile new file mode 100644 index 0000000..5e56278 --- /dev/null +++ b/hosts/chunk/Caddyfile @@ -0,0 +1,89 @@ +{ + acme_ca https://acme.zerossl.com/v2/DV90 + acme_eab { + key_id {$EAB_KEY_ID} + mac_key {$EAB_MAC_KEY} + } +} + +(common) { + encode zstd gzip + header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" +} + +git.cything.io { + import common + + # wrap in route so things are evaluated in the order written + route { + # rewrite gitlab URIs to make it work with forgejo + uri path_regexp /-/ / + uri replace /blob/ /src/ + redir https://git.cy7.sh{uri} permanent + } +} + +git.cy7.sh { + import common + reverse_proxy localhost:3000 +} + +rss.cy7.sh { + import common + reverse_proxy localhost:8080 +} + +photos.cy7.sh { + import common + reverse_proxy localhost:2283 +} + +chat.cything.io { + import common + reverse_proxy localhost:8448 +} + +pass.cy7.sh { + import common + reverse_proxy localhost:8081 +} + +dns.cything.io { + import common + reverse_proxy localhost:8082 +} + +pad.cything.io { + import common + reverse_proxy localhost:8085 +} + +red.cything.io { + import common + reverse_proxy localhost:8087 +} + +grafana.cything.io { + import common + reverse_proxy localhost:8088 +} + +element.cything.io { + import common + reverse_proxy localhost:8089 +} + +cache.cything.io { + import common + reverse_proxy localhost:8090 +} + +s3.cy7.sh { + import common + reverse_proxy localhost:3900 +} + +admin.s3.cy7.sh { + import common + reverse_proxy localhost:3903 +} diff --git a/hosts/chunk/adguard.nix b/hosts/chunk/adguard.nix new file mode 100644 index 0000000..fe4b9bb --- /dev/null +++ b/hosts/chunk/adguard.nix @@ -0,0 +1,24 @@ +{ ... }: +{ + services.adguardhome = { + enable = true; + host = "127.0.0.1"; + port = 8082; + settings = { + http.port = "8083"; + users = [ + { + name = "cy"; + password = "$2y$10$BZy2zYJj5z4e8LZCq/GwuuhWUafL/MNFO.YcsAMmpDS.2krPxi7KC"; + } + ]; + # do not listen eveywhere cause podman runs it's own DNS + dns.bind_hosts = [ + "127.0.0.1" + "::1" + "31.59.129.225" + "2a0f:85c1:840:2bfb::1" + ]; + }; + }; +} diff --git a/hosts/chunk/attic.nix b/hosts/chunk/attic.nix new file mode 100644 index 0000000..2f84394 --- /dev/null +++ b/hosts/chunk/attic.nix @@ -0,0 +1,34 @@ +{ config, ... }: +{ + services.atticd = { + enable = true; + + environmentFile = config.sops.secrets."attic/env".path; + + settings = { + listen = "[::]:8090"; + api-endpoint = "https://cache.cything.io/"; + allowed-hosts = [ "cache.cything.io" ]; + require-proof-of-possession = false; + compression.type = "zstd"; + database.url = "postgresql:///atticd?host=/run/postgresql"; + + storage = { + type = "local"; + path = "/mnt/attic"; + }; + + garbage-collection = { + default-retention-period = "3 months"; + }; + + chunking = { + nar-size-threshold = 0; # disables chunking + min-size = 0; + avg-size = 0; + max-size = 0; + concurrent-chunk-uploads = 32; + }; + }; + }; +} diff --git a/hosts/chunk/conduit.nix b/hosts/chunk/conduit.nix new file mode 100644 index 0000000..48025e1 --- /dev/null +++ b/hosts/chunk/conduit.nix @@ -0,0 +1,40 @@ +{ + pkgs, + config, + ... +}: +{ + virtualisation.oci-containers.containers.conduit = { + image = "ghcr.io/girlbossceo/conduwuit:main"; + autoStart = true; + ports = [ "127.0.0.1:8448:8448" ]; + pull = "newer"; + environment = { + CONDUWUIT_SERVER_NAME = "cything.io"; + CONDUWUIT_DATABASE_PATH = "/var/lib/conduwuit"; + CONDUWUIT_PORT = "8448"; + CONDUWUIT_MAX_REQUEST_SIZE = "20000000"; # in bytes ~20MB + CONDUWUIT_ALLOW_REGISTRATION = "false"; + CONDUWUIT_ALLOW_FEDERATION = "true"; + CONDUWUIT_ALLOW_CHECK_FOR_UPDATES = "true"; + CONDUWUIT_TRUSTED_SERVERS = ''["matrix.org"]''; + CONDUWUIT_ADDRESS = "0.0.0.0"; + # CONDUIT_CONFIG = ""; + }; + volumes = [ + "/opt/conduit/db:/var/lib/conduwuit/" + ]; + networks = [ "conduit-net" ]; + }; + + systemd.services.create-conduit-net = { + serviceConfig.Type = "oneshot"; + wantedBy = with config.virtualisation.oci-containers; [ + "${backend}-conduit.service" + ]; + script = '' + ${pkgs.podman}/bin/podman network exists conduit-net || \ + ${pkgs.podman}/bin/podman network create conduit-net + ''; + }; +} diff --git a/hosts/chunk/conduwuit.nix b/hosts/chunk/conduwuit.nix new file mode 100644 index 0000000..6bada8e --- /dev/null +++ b/hosts/chunk/conduwuit.nix @@ -0,0 +1,11 @@ +{ ... }: +{ + services.conduwuit = { + enable = true; + settings.global = { + port = [ 8448 ]; + server_name = "cything.io"; + allow_check_for_updates = true; + }; + }; +} diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index 2e4c960..edb153b 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -1,6 +1,7 @@ { - pkgs, + config, lib, + pkgs, ... }: { @@ -11,15 +12,20 @@ ./backup.nix ./rclone.nix ./postgres.nix + ./wireguard.nix + ./adguard.nix ./hedgedoc.nix ./miniflux.nix ./redlib.nix ./vaultwarden.nix + ./wireguard.nix ./grafana.nix + ./conduwuit.nix ./immich.nix + ./element.nix + ./attic.nix ./forgejo.nix ./garage.nix - ./tailscale.nix ]; sops.age.keyFile = "/root/.config/sops/age/keys.txt"; @@ -27,6 +33,9 @@ "borg/rsyncnet" = { sopsFile = ../../secrets/borg/chunk.yaml; }; + "services/ntfy" = { + sopsFile = ../../secrets/services/ntfy.yaml; + }; "rclone/config" = { sopsFile = ../../secrets/rclone.yaml; }; @@ -39,95 +48,83 @@ "hedgedoc/env" = { sopsFile = ../../secrets/services/hedgedoc.yaml; }; + "wireguard/private" = { + sopsFile = ../../secrets/wireguard/chunk.yaml; + }; + "wireguard/psk-yt" = { + sopsFile = ../../secrets/wireguard/chunk.yaml; + }; + "wireguard/psk-phone" = { + sopsFile = ../../secrets/wireguard/chunk.yaml; + }; "miniflux/env" = { sopsFile = ../../secrets/services/miniflux.yaml; }; "rsyncnet/id_ed25519" = { sopsFile = ../../secrets/zh5061/chunk.yaml; }; + "attic/env" = { + sopsFile = ../../secrets/services/attic.yaml; + }; + "garage/env" = { sopsFile = ../../secrets/services/garage.yaml; }; - "tailscale/auth" = { - sopsFile = ../../secrets/services/tailscale.yaml; - }; - "karakeep/env" = { - sopsFile = ../../secrets/services/karakeep.yaml; - }; }; - boot = { - loader.grub.enable = true; - loader.grub.device = "/dev/vda"; - kernelPackages = pkgs.linuxPackages_latest; - }; + boot.loader.grub.enable = true; + boot.loader.grub.device = "/dev/vda"; system.stateVersion = "24.05"; # network stuff - networking = { - hostName = "chunk"; - networkmanager.enable = true; - firewall = { - enable = true; - trustedInterfaces = [ "tailscale0" ]; - allowedTCPPorts = [ - 22 - 80 - 443 - ]; - allowedUDPPorts = [ - 443 - ]; - extraCommands = - let - ethtool = lib.getExe pkgs.ethtool; - tc = lib.getExe' pkgs.iproute2 "tc"; - in - '' - # disable TCP segmentation offload (https://wiki.archlinux.org/title/Advanced_traffic_control#Prerequisites) - ${ethtool} -K ens18 tso off - # clear existing rules - ${tc} qdisc del dev ens18 root || true + networking.hostName = "chunk"; + networking.networkmanager.enable = true; + networking.firewall = { + enable = true; + allowedTCPPorts = [ + 22 + 80 + 443 + 53 + 853 + ]; + allowedUDPPorts = [ + 443 + 51820 + 53 + 853 + ]; # 51820 is wireguard + trustedInterfaces = [ "wg0" ]; + }; + networking.interfaces.ens18 = { + ipv6.addresses = [ + { + address = "2a0f:85c1:840:2bfb::1"; + prefixLength = 64; + } + ]; + ipv4.addresses = [ + { + address = "31.59.129.225"; + prefixLength = 24; + } + ]; + }; + networking.defaultGateway6 = { + address = "2a0f:85c1:840::1"; + interface = "ens18"; + }; + networking.defaultGateway = { + address = "31.59.129.1"; + interface = "ens18"; + }; - # create HTB hierarchy - ${tc} qdisc add dev ens18 root handle 1: htb default 10 - ${tc} class add dev ens18 parent 1: classid 1:1 htb rate 100% ceil 100% - # rest - ${tc} class add dev ens18 parent 1:1 classid 1:10 htb rate 60% ceil 100% - # caddy - ${tc} class add dev ens18 parent 1:1 classid 1:30 htb rate 40% ceil 100% - - # mark traffic - iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/caddy.service" -j MARK --set-mark 3 - - # route marked packets - ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 3 fw flowid 1:30 - ''; - }; - interfaces.ens18 = { - ipv6.addresses = [ - { - address = "2a0f:85c1:840:2bfb::1"; - prefixLength = 64; - } - ]; - ipv4.addresses = [ - { - address = "31.59.129.225"; - prefixLength = 24; - } - ]; - }; - defaultGateway6 = { - address = "2a0f:85c1:840::1"; - interface = "ens18"; - }; - defaultGateway = { - address = "31.59.129.1"; - interface = "ens18"; - }; + i18n.defaultLocale = "en_US.UTF-8"; + console = { + font = "Lat2-Terminus16"; + useXkbConfig = true; }; users.users.yt = { @@ -137,15 +134,13 @@ "podman" ]; openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPdhAQYy0+vS+QmyCd0MAbqbgzyMGcsuuFyf6kg2yKge" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOfubDWr0kRm2o4DqaK6l1s4NCdTkljXZWKWCiF5nX+6" - "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIA/IX9OFEhHS9Dl8nrtHkL7j7hhy7in9OAY/hVuzEGL0AAAABHNzaDo=" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPdhAQYy0+vS+QmyCd0MAbqbgzyMGcsuuFyf6kg2yKge yt@ytlinux" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINyn2+OoRN4nExti+vFQ1NHEZip0slAoCH9C5/FzvgZD yt@ytnix" ]; }; users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPdhAQYy0+vS+QmyCd0MAbqbgzyMGcsuuFyf6kg2yKge yt@ytlinux" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOfubDWr0kRm2o4DqaK6l1s4NCdTkljXZWKWCiF5nX+6" - "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIA/IX9OFEhHS9Dl8nrtHkL7j7hhy7in9OAY/hVuzEGL0AAAABHNzaDo=" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINyn2+OoRN4nExti+vFQ1NHEZip0slAoCH9C5/FzvgZD yt@ytnix" ]; # for forgejo users.users.git = { @@ -163,6 +158,7 @@ tmux file sops + attic-server ]; environment.variables = { @@ -178,13 +174,27 @@ security.sudo.enable = true; security.sudo.wheelNeedsPassword = false; + programs.gnupg.agent.enable = true; programs.git.enable = true; - my.caddy.enable = true; - my.containerization.enable = true; - my.authelia.enable = true; - my.karakeep = { - enable = false; - dataDir = "/opt/karakeep"; + services.caddy = { + enable = true; + configFile = ./Caddyfile; + environmentFile = config.sops.secrets."caddy/env".path; + logFormat = lib.mkForce "level INFO"; }; + + # container stuff + virtualisation.containers.enable = true; + virtualisation.podman = { + enable = true; + # create 'docker' alias for podman, to use as + # drop-in replacement + dockerCompat = true; + defaultNetwork.settings = { + dns_enabled = true; + ipv6_enabled = true; + }; + }; + virtualisation.oci-containers.backend = "podman"; } diff --git a/hosts/chunk/deluge.nix b/hosts/chunk/deluge.nix new file mode 100644 index 0000000..638c728 --- /dev/null +++ b/hosts/chunk/deluge.nix @@ -0,0 +1,10 @@ +{ ... }: +{ + services.deluge = { + enable = true; + web = { + enable = true; + port = 8112; + }; + }; +} diff --git a/hosts/chunk/element.nix b/hosts/chunk/element.nix new file mode 100644 index 0000000..958666e --- /dev/null +++ b/hosts/chunk/element.nix @@ -0,0 +1,25 @@ +{ + pkgs, + config, + ... +}: +{ + virtualisation.oci-containers.containers.element = { + image = "vectorim/element-web"; + autoStart = true; + ports = [ "127.0.0.1:8089:80" ]; + pull = "newer"; + networks = [ "element-net" ]; + }; + + systemd.services.create-element-net = { + serviceConfig.Type = "oneshot"; + wantedBy = with config.virtualisation.oci-containers; [ + "${backend}-element.service" + ]; + script = '' + ${pkgs.podman}/bin/podman network exists element-net || \ + ${pkgs.podman}/bin/podman network create element-net + ''; + }; +} diff --git a/hosts/chunk/forgejo.nix b/hosts/chunk/forgejo.nix index 0abc681..0b644a2 100644 --- a/hosts/chunk/forgejo.nix +++ b/hosts/chunk/forgejo.nix @@ -1,8 +1,7 @@ -{ pkgs, ... }: +{ ... }: { services.forgejo = { enable = true; - package = pkgs.forgejo; # uses forgejo-lts by default user = "git"; group = "git"; settings = { @@ -17,11 +16,10 @@ service.DISABLE_REGISTRATION = true; ui = { AMBIGUOUS_UNICODE_DETECTION = false; - DEFAULT_THEME = "forgejo-dark"; + DEFAULT_THEME = "gitea-dark"; }; actions.ENABLED = false; repository.ENABLE_PUSH_CREATE_USER = true; - indexer.REPO_INDEXER_ENABLED = true; }; database = { type = "postgres"; @@ -30,24 +28,4 @@ name = "git"; }; }; - - services.caddy.virtualHosts."git.cy7.sh".extraConfig = '' - import common - - # renamed repo - uri replace /cy/infra /cy/nixos-config - - reverse_proxy localhost:3000 - ''; - services.caddy.virtualHosts."git.cything.io".extraConfig = '' - import common - - # wrap in route so things are evaluated in the order written - route { - # rewrite gitlab URIs to make it work with forgejo - uri path_regexp /-/ / - uri replace /blob/ /src/ - redir https://git.cy7.sh{uri} permanent - } - ''; } diff --git a/hosts/chunk/garage.nix b/hosts/chunk/garage.nix index a36dc49..fe3ef46 100644 --- a/hosts/chunk/garage.nix +++ b/hosts/chunk/garage.nix @@ -6,54 +6,14 @@ settings = { data_dir = "/mnt/garage"; s3_api = { - s3_region = "us-east-1"; + s3_region = "earth"; api_bind_addr = "[::]:3900"; - root_domain = "s3.cy7.sh"; - }; - s3_web = { - bind_addr = "[::]:3902"; - root_domain = ".web.cy7.sh"; - add_host_to_metrics = true; }; admin.api_bind_addr = "[::]:3903"; rpc_bind_addr = "[::]:3901"; - rpc_public_addr = "100.122.132.30:3901"; replication_factor = 1; db_engine = "lmdb"; - disable_scrub = true; - block_size = "128M"; - compression_level = "none"; }; environmentFile = config.sops.secrets."garage/env".path; - logLevel = "warn"; - }; - - services.caddy.virtualHosts = { - "s3.cy7.sh" = { - serverAliases = [ "*.s3.cy7.sh" ]; - extraConfig = '' - import common - reverse_proxy localhost:3900 - ''; - }; - "admin.s3.cy7.sh".extraConfig = '' - import common - reverse_proxy localhost:3903 - ''; - "*.web.cy7.sh" = { - serverAliases = [ "nixcache.cy7.sh" "staging.cy7.sh" ]; - extraConfig = '' - import common - @plain { - host nixcache.cy7.sh nixcache.web.cy7.sh - path / /nix-cache-info - } - header @plain { - >content-type text/plain - } - - reverse_proxy localhost:3902 - ''; - }; }; } diff --git a/hosts/chunk/gitlab.nix b/hosts/chunk/gitlab.nix new file mode 100644 index 0000000..753bcbd --- /dev/null +++ b/hosts/chunk/gitlab.nix @@ -0,0 +1,35 @@ +{ config, ... }: +{ + services.gitlab = { + enable = true; + https = true; + host = "git.cything.io"; + user = "git"; # so that you can ssh with git@git.cything.io + group = "git"; + port = 443; # this *not* the port gitlab will run on + puma.workers = 0; # https://docs.gitlab.com/omnibus/settings/memory_constrained_envs.html#optimize-puma + sidekiq.concurrency = 5; + databaseUsername = "git"; # needs to be same as user + initialRootEmail = "hi@cything.io"; + initialRootPasswordFile = config.sops.secrets."gitlab/root".path; + secrets = { + secretFile = config.sops.secrets."gitlab/secret".path; + otpFile = config.sops.secrets."gitlab/otp".path; + jwsFile = config.sops.secrets."gitlab/jws".path; + dbFile = config.sops.secrets."gitlab/db".path; + }; + backup = { + startAt = "daily"; + # we already postgresqlbackup.service + skip = [ "db" ]; + keepTime = 48; # hours + }; + extraConfig = { + gitlab = { + # NOTE: default_syntax_highlighting_theme needs to be set in the application_settings table in the database + default_color_mode = 2; + }; + prometheus.enabled = false; + }; + }; +} diff --git a/hosts/chunk/grafana.nix b/hosts/chunk/grafana.nix index 33a77a0..0575f51 100644 --- a/hosts/chunk/grafana.nix +++ b/hosts/chunk/grafana.nix @@ -7,7 +7,7 @@ http_port = 8088; enforce_domain = true; enable_gzip = true; - domain = "grafana.cy7.sh"; + domain = "grafana.cything.io"; }; settings.analytics.reporting_enabled = false; }; @@ -29,20 +29,6 @@ } ]; } - { - job_name = "garage"; - static_configs = [ - { - targets = [ "127.0.0.1:3903" ]; - } - ]; - } ]; }; - - services.caddy.virtualHosts."grafana.cy7.sh".extraConfig = '' - import common - import authelia - reverse_proxy localhost:8088 - ''; } diff --git a/hosts/chunk/hedgedoc.nix b/hosts/chunk/hedgedoc.nix index 1e7e497..1988520 100644 --- a/hosts/chunk/hedgedoc.nix +++ b/hosts/chunk/hedgedoc.nix @@ -11,14 +11,9 @@ dialect = "postgresql"; }; port = 8085; - domain = "pad.cy7.sh"; + domain = "pad.cything.io"; allowEmailRegister = false; protocolUseSSL = true; }; }; - - services.caddy.virtualHosts."pad.cy7.sh".extraConfig = '' - import common - reverse_proxy localhost:8085 - ''; } diff --git a/hosts/chunk/immich.nix b/hosts/chunk/immich.nix index 7dc7824..2062330 100644 --- a/hosts/chunk/immich.nix +++ b/hosts/chunk/immich.nix @@ -1,15 +1,13 @@ { pkgs, config, - lib, ... }: let uploadLocation = "/mnt/photos/immich"; - # thumbsLocation = "/opt/immich/thumbs"; + thumbsLocation = "/opt/immich/thumbs"; profileLocation = "/opt/immich/profile"; dbDataLocation = "/opt/immich/postgres"; - backupsLocation = "/opt/immich/backups"; in { virtualisation.oci-containers.containers = { @@ -20,9 +18,8 @@ in pull = "newer"; volumes = [ "${uploadLocation}:/usr/src/app/upload" - # "${thumbsLocation}:/usr/src/app/upload/thumbs" + "${thumbsLocation}:/usr/src/app/upload/thumbs" "${profileLocation}:/usr/src/app/upload/profile" - "${backupsLocation}:/usr/src/app/upload/backups" ]; environment = { REDIS_HOSTNAME = "immich-redis"; @@ -70,9 +67,21 @@ in ]; networks = [ "immich-net" ]; }; + + # immich-ml = { + # image = "ghcr.io/immich-app/immich-machine-learning:release"; + # autoStart = true; + # pull = "newer"; + # environment = { + # REDIS_HOSTNAME = "immich-redis"; + # DB_HOSTNAME = "immich-db"; + # }; + # volumes = [ "${modelCache}:/cache" ]; + # networks = [ "immich-net" ]; + # }; }; - systemd.services.create-immich-net = rec { + systemd.services.create-immich-net = { serviceConfig.Type = "oneshot"; requiredBy = with config.virtualisation.oci-containers; [ "${backend}-immich.service" @@ -80,15 +89,10 @@ in "${backend}-immich-redis.service" # "${backend}-immich-ml.service" ]; - before = requiredBy; + before = config.systemd.services.create-immich-net.requiredBy; script = '' - ${lib.getExe pkgs.podman} network exists immich-net || \ - ${lib.getExe pkgs.podman} network create immich-net + ${pkgs.podman}/bin/podman network exists immich-net || \ + ${pkgs.podman}/bin/podman network create immich-net ''; }; - - services.caddy.virtualHosts."photos.cy7.sh".extraConfig = '' - import common - reverse_proxy localhost:2283 - ''; } diff --git a/hosts/chunk/jellyfin.nix b/hosts/chunk/jellyfin.nix new file mode 100644 index 0000000..c6e0dec --- /dev/null +++ b/hosts/chunk/jellyfin.nix @@ -0,0 +1,8 @@ +{ ... }: +{ + services.jellyfin = { + enable = true; + dataDir = "/mnt/jellyfin"; + configDir = "/var/lib/jellyfin/config"; + }; +} diff --git a/hosts/chunk/miniflux.nix b/hosts/chunk/miniflux.nix index 9c6a8c7..f40b2b6 100644 --- a/hosts/chunk/miniflux.nix +++ b/hosts/chunk/miniflux.nix @@ -9,10 +9,4 @@ FORCE_REFRESH_INTERVAL = 0; # don't rate limit me }; }; - - services.caddy.virtualHosts."rss.cy7.sh".extraConfig = '' - import common - import authelia - reverse_proxy localhost:8080 - ''; } diff --git a/hosts/chunk/rclone.nix b/hosts/chunk/rclone.nix index 1c474af..be833af 100644 --- a/hosts/chunk/rclone.nix +++ b/hosts/chunk/rclone.nix @@ -4,34 +4,6 @@ lib, ... }: -let - mkServiceConfig = remote: mount: { - Type = "notify"; - TimeoutSec = "5min 20s"; - ExecStartPre = "/usr/bin/env mkdir -p ${mount}"; - ExecStart = '' - ${lib.getExe pkgs.rclone} mount \ - --config ${config.sops.secrets."rclone/config".path} \ - --allow-other \ - --cache-dir /var/cache/rclone \ - --transfers 64 \ - --vfs-cache-mode full \ - --vfs-cache-min-free-space 5G \ - --dir-cache-time 30d \ - --no-checksum \ - --no-modtime \ - --vfs-fast-fingerprint \ - --vfs-read-chunk-size 8M \ - --vfs-read-chunk-streams 16 \ - --sftp-concurrency 128 \ - --sftp-chunk-size 255k \ - --buffer-size 0 \ - --write-back-cache \ - ${remote} ${mount} - ''; - ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -zu ${mount}"; - }; -in { systemd.services.immich-mount = { enable = true; @@ -40,7 +12,31 @@ in after = [ "network-online.target" ]; requiredBy = [ "podman-immich-server.service" ]; before = [ "podman-immich-server.service" ]; - serviceConfig = mkServiceConfig "photos:" "/mnt/photos"; + serviceConfig = { + Type = "notify"; + ExecStartPre = "/usr/bin/env mkdir -p /mnt/photos"; + ExecStart = "${lib.getExe pkgs.rclone} mount --config ${ + config.sops.secrets."rclone/config".path + } --cache-dir /var/cache/rclone --transfers=32 --checkers=32 --dir-cache-time 72h --vfs-cache-mode writes --vfs-cache-max-size 2G photos: /mnt/photos "; + ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/photos"; + }; + }; + + systemd.services.attic-mount = { + enable = true; + description = "Mount the attic data remote"; + requires = [ "network-online.target" ]; + after = [ "network-online.target" ]; + requiredBy = [ "atticd.service" ]; + before = [ "atticd.service" ]; + serviceConfig = { + Type = "notify"; + ExecStartPre = "/usr/bin/env mkdir -p /mnt/attic"; + ExecStart = "${lib.getExe pkgs.rclone} mount --config ${ + config.sops.secrets."rclone/config".path + } --cache-dir /var/cache/rclone --transfers=32 --checkers=32 --vfs-cache-mode writes --vfs-cache-max-size 15G --allow-other rsyncnet:attic /mnt/attic "; + ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/attic"; + }; }; systemd.services.garage-mount = { @@ -50,6 +46,15 @@ in after = [ "network-online.target" ]; requiredBy = [ "garage.service" ]; before = [ "garage.service" ]; - serviceConfig = mkServiceConfig "rsyncnet:garage" "/mnt/garage"; + serviceConfig = { + Type = "notify"; + ExecStartPre = "/usr/bin/env mkdir -p /mnt/garage"; + ExecStart = "${lib.getExe pkgs.rclone} mount --config ${ + config.sops.secrets."rclone/config".path + } --cache-dir /var/cache/rclone --transfers=32 --checkers=32 --vfs-cache-mode writes --vfs-cache-max-size 5G --allow-other rsyncnet:garage /mnt/garage "; + ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/garage"; + }; }; + + programs.fuse.userAllowOther = true; } diff --git a/hosts/chunk/redlib.nix b/hosts/chunk/redlib.nix index fac65cd..39585f1 100644 --- a/hosts/chunk/redlib.nix +++ b/hosts/chunk/redlib.nix @@ -10,10 +10,4 @@ REDLIB_ROBOTS_DISABLE_INDEXING = "on"; }; }; - - services.caddy.virtualHosts."red.cy7.sh".extraConfig = '' - import common - import authelia - reverse_proxy localhost:8087 - ''; } diff --git a/hosts/chunk/tailscale.nix b/hosts/chunk/tailscale.nix deleted file mode 100644 index 17ff521..0000000 --- a/hosts/chunk/tailscale.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ config, ... }: -{ - services.tailscale = { - enable = true; - authKeyFile = config.sops.secrets."tailscale/auth".path; - extraUpFlags = [ - "--advertise-exit-node" - "--accept-dns=false" - ]; - extraDaemonFlags = [ - "--no-logs-no-support" - ]; - useRoutingFeatures = "server"; - openFirewall = true; - }; -} diff --git a/hosts/chunk/tor.nix b/hosts/chunk/tor.nix new file mode 100644 index 0000000..a63db2f --- /dev/null +++ b/hosts/chunk/tor.nix @@ -0,0 +1,16 @@ +{ ... }: +{ + services.tor = { + enable = true; + openFirewall = true; + relay = { + enable = true; + role = "relay"; + }; + settings = { + ORPort = 9001; + Nickname = "chunk"; + MaxAdvertisedBandwidth = "20MBytes"; + }; + }; +} diff --git a/hosts/chunk/vaultwarden.nix b/hosts/chunk/vaultwarden.nix index cedece2..b97835e 100644 --- a/hosts/chunk/vaultwarden.nix +++ b/hosts/chunk/vaultwarden.nix @@ -1,9 +1,13 @@ -{ ... }: +{ config, ... }: { - my.vaultwarden.enable = true; - - services.caddy.virtualHosts."pass.cy7.sh".extraConfig = '' - import common - reverse_proxy localhost:8081 - ''; + services.vaultwarden = { + enable = true; + dbBackend = "postgresql"; + environmentFile = config.sops.secrets."vaultwarden/env".path; + config = { + ROCKET_ADDRESS = "127.0.0.1"; + ROCKET_PORT = "8081"; + DATABASE_URL = "postgresql://vaultwarden:vaultwarden@127.0.0.1:5432/vaultwarden"; + }; + }; } diff --git a/hosts/common.nix b/hosts/common.nix index b1989b1..b334b5f 100644 --- a/hosts/common.nix +++ b/hosts/common.nix @@ -1,7 +1,6 @@ -{ inputs, config, pkgs, ... }: +{ ... }: { nix = { - package = pkgs.lix; settings = { experimental-features = "nix-command flakes"; auto-optimise-store = true; @@ -10,17 +9,8 @@ "root" "@wheel" ]; - extra-trusted-public-keys = [ - "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - "nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8=" - ]; - extra-substituters = [ - "https://nix-community.cachix.org" - "https://nixcache.cy7.sh" - ]; - secret-key-files = [ - config.sops.secrets.cache-priv-key.path - ]; + trusted-public-keys = [ "central:uWhjva6m6dhC2hqNisjn2hXGvdGBs19vPkA1dPEuwFg=" ]; + substituters = [ "https://cache.cything.io/central" ]; }; channel.enable = false; optimise = { @@ -33,56 +23,25 @@ persistent = true; options = "--delete-older-than 14d"; }; - registry.nixpkgs.flake = inputs.nixpkgs; + extraOptions = '' + builders-use-substitutes = true + ''; }; + time.timeZone = "America/Toronto"; + networking.firewall.logRefusedConnections = false; + networking.nameservers = [ + # quad9 + "2620:fe::fe" + "2620:fe::9" + "9.9.9.9" + "149.112.112.112" + ]; - i18n.defaultLocale = "en_US.UTF-8"; - time.timeZone = "America/New_York"; - networking = { - firewall.logRefusedConnections = false; - nameservers = [ - # quad9 (unfiltered) - "2620:fe::10" - "2620:fe::fe:10" - "9.9.9.10" - "149.112.112.110" - ]; - timeServers = [ - # https://github.com/jauderho/nts-servers - "ntp3.fau.de" - "ntppool1.time.nl" - "ntpmon.dcs1.biz" - "stratum1.time.cifelli.xyz" - "nts.teambelgium.net" - "c.st1.ntp.br" - ]; - }; - services.chrony = { - enable = true; - enableNTS = true; - enableMemoryLocking = true; - extraConfig = '' - # Expedited Forwarding - dscp 46 - # disable command port - cmdport 0 - # only allow NTS - authselectmode require - # update the clock only when at least 3 sources agree on the correct time - minsources 3 - ''; - }; + # this is true by default and mutually exclusive with + # programs.nix-index + programs.command-not-found.enable = false; + programs.nix-index.enable = false; # set above to false to use this # see journald.conf(5) services.journald.extraConfig = "MaxRetentionSec=2d"; - - services.thermald.enable = true; - environment.enableAllTerminfo = true; - - sops.secrets.cache-priv-key = { - format = "binary"; - sopsFile = ../secrets/cache-priv-key.pem; - mode = "0440"; - group = "users"; - }; } diff --git a/hosts/titan/Caddyfile b/hosts/titan/Caddyfile new file mode 100644 index 0000000..70cc99f --- /dev/null +++ b/hosts/titan/Caddyfile @@ -0,0 +1,39 @@ +{ + acme_ca https://acme.zerossl.com/v2/DV90 + acme_eab { + key_id {$EAB_KEY_ID} + mac_key {$EAB_MAC_KEY} + } +} + +(common) { + encode zstd gzip + header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" +} + +cything.io { + import common + reverse_proxy localhost:8084 + + header /.well-known/matrix/* Content-Type application/json + header /.well-known/matrix/* Access-Control-Allow-Origin * + header /.well-known/matrix/* Access-Control-Allow-Methods GET,POST,PUT,DELETE,OPTIONS,PATCH,HEAD + header /.well-known/matrix/* Access-Control-Allow-Headers X-Requested-With,Content-Type,Authorization,Origin,Accept + respond /.well-known/matrix/server {"m.server":"chat.cything.io:443"} + respond /.well-known/matrix/client {"m.server":{"base_url":"https://chat.cything.io"},"m.homeserver":{"base_url":"https://chat.cything.io"},"org.matrix.msc3575.proxy":{"url":"https://chat.cything.io"}} +} + +www.cything.io { + import common + redir https://cything.io{uri} permanent +} + +ntfy.cything.io { + import common + reverse_proxy localhost:8083 +} + +status.cything.io { + import common + reverse_proxy localhost:3001 +} diff --git a/hosts/titan/backup.nix b/hosts/titan/backup.nix new file mode 100644 index 0000000..ad09978 --- /dev/null +++ b/hosts/titan/backup.nix @@ -0,0 +1,13 @@ +{ + config, + ... +}: +{ + my.backup = { + enable = true; + jobName = "titanRsync"; + repo = "titan"; + passFile = config.sops.secrets."borg/rsyncnet".path; + sshKeyFile = config.sops.secrets."rsyncnet/id_ed25519".path; + }; +} diff --git a/hosts/titan/default.nix b/hosts/titan/default.nix new file mode 100644 index 0000000..e8b03f0 --- /dev/null +++ b/hosts/titan/default.nix @@ -0,0 +1,98 @@ +{ + modulesPath, + config, + lib, + pkgs, + ... +}: +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + (modulesPath + "/profiles/qemu-guest.nix") + ../common.nix + ./disk-config.nix + ./hardware-configuration.nix + ./ghost.nix + ./ntfy.nix + ./uptime-kuma.nix + ./backup.nix + ]; + + sops.age.keyFile = "/root/.config/sops/age/keys.txt"; + sops.secrets = { + "caddy/env" = { + sopsFile = ../../secrets/services/caddy.yaml; + }; + "services/ntfy" = { + sopsFile = ../../secrets/services/ntfy.yaml; + }; + "borg/rsyncnet" = { + sopsFile = ../../secrets/borg/titan.yaml; + }; + "rsyncnet/id_ed25519" = { + sopsFile = ../../secrets/zh5061/titan.yaml; + }; + }; + + boot = { + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + tmp.cleanOnBoot = true; + kernelPackages = pkgs.linuxPackages_latest; + }; + + services.openssh = { + enable = true; + settings.PasswordAuthentication = false; + }; + + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPdhAQYy0+vS+QmyCd0MAbqbgzyMGcsuuFyf6kg2yKge yt@ytlinux" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINyn2+OoRN4nExti+vFQ1NHEZip0slAoCH9C5/FzvgZD yt@ytnix" + ]; + + system.stateVersion = "24.05"; + + environment.systemPackages = with pkgs; [ + curl + git + ]; + + # network stuff + networking.hostName = "titan"; + networking.networkmanager.enable = true; + networking.firewall = { + enable = true; + allowedTCPPorts = [ + 22 + 80 + 443 + ]; + allowedUDPPorts = [ + 443 + ]; + }; + + # container stuff + virtualisation.containers.enable = true; + virtualisation.podman = { + enable = true; + # create 'docker' alias for podman, to use as + # drop-in replacement + dockerCompat = true; + defaultNetwork.settings = { + dns_enabled = true; + ipv6_enabled = true; + }; + }; + virtualisation.oci-containers.backend = "podman"; + + services.caddy = { + enable = true; + configFile = ./Caddyfile; + environmentFile = config.sops.secrets."caddy/env".path; + logFormat = lib.mkForce "level INFO"; + }; +} diff --git a/hosts/titan/disk-config.nix b/hosts/titan/disk-config.nix new file mode 100644 index 0000000..7c67624 --- /dev/null +++ b/hosts/titan/disk-config.nix @@ -0,0 +1,33 @@ +{ + disko.devices = { + disk = { + main = { + device = "/dev/sda"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + ESP = { + type = "EF00"; + size = "500M"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/hosts/titan/ghost.nix b/hosts/titan/ghost.nix new file mode 100644 index 0000000..a9f8293 --- /dev/null +++ b/hosts/titan/ghost.nix @@ -0,0 +1,52 @@ +{ + pkgs, + config, + ... +}: +{ + virtualisation.oci-containers.containers.ghost = { + image = "ghost:5-alpine"; + autoStart = true; + ports = [ "127.0.0.1:8084:2368" ]; + pull = "newer"; + environment = { + database__client = "mysql"; + database__connection__host = "ghost-db"; + database__connection__user = "root"; + database__connection__password = "example"; + database__connection__database = "ghost"; + url = "https://cything.io"; + NODE_ENV = "production"; + }; + volumes = [ + "/opt/ghost/data:/var/lib/ghost/content" + ]; + networks = [ "ghost-net" ]; + dependsOn = [ "ghost-db" ]; + }; + + virtualisation.oci-containers.containers.ghost-db = { + image = "mysql:8.0"; + autoStart = true; + pull = "newer"; + environment = { + MYSQL_ROOT_PASSWORD = "example"; + }; + volumes = [ + "/opt/ghost/db:/var/lib/mysql" + ]; + networks = [ "ghost-net" ]; + }; + + systemd.services.create-ghost-net = { + serviceConfig.Type = "oneshot"; + wantedBy = with config.virtualisation.oci-containers; [ + "${backend}-ghost.service" + "${backend}-ghost-db.service" + ]; + script = '' + ${pkgs.podman}/bin/podman network exists ghost-net || \ + ${pkgs.podman}/bin/podman network create ghost-net + ''; + }; +} diff --git a/hosts/titan/hardware-configuration.nix b/hosts/titan/hardware-configuration.nix new file mode 100644 index 0000000..2730f0c --- /dev/null +++ b/hosts/titan/hardware-configuration.nix @@ -0,0 +1,26 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + lib, + ... +}: + +{ + imports = [ ]; + + boot.initrd.availableKernelModules = [ "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.eth0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + virtualisation.hypervGuest.enable = true; +} diff --git a/hosts/titan/ntfy.nix b/hosts/titan/ntfy.nix new file mode 100644 index 0000000..cc2cb47 --- /dev/null +++ b/hosts/titan/ntfy.nix @@ -0,0 +1,13 @@ +{ ... }: +{ + services.ntfy-sh = { + enable = true; + settings = { + listen-http = "127.0.0.1:8083"; + base-url = "https://ntfy.cything.io"; + upstream-base-url = "https://ntfy.sh"; + auth-default-access = "deny-all"; + behind-proxy = true; + }; + }; +} diff --git a/hosts/titan/uptime-kuma.nix b/hosts/titan/uptime-kuma.nix new file mode 100644 index 0000000..8bc0251 --- /dev/null +++ b/hosts/titan/uptime-kuma.nix @@ -0,0 +1,9 @@ +{ ... }: +{ + # data stored at /var/lib/uptime-kuma/ but does not expose + # an option to change it + services.uptime-kuma = { + enable = true; + settings.PORT = "3001"; + }; +} diff --git a/hosts/ytnix/containers.nix b/hosts/ytnix/containers.nix deleted file mode 100644 index 4ef858c..0000000 --- a/hosts/ytnix/containers.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: -{ - virtualisation.oci-containers.containers = { - immich-ml = - let - modelCache = "/opt/immich-ml"; - in - { - image = "ghcr.io/immich-app/immich-machine-learning:release"; - autoStart = true; - pull = "newer"; - ports = [ "3003:3003" ]; - environment = { - REDIS_HOSTNAME = "immich-redis"; - DB_HOSTNAME = "immich-db"; - }; - volumes = [ "${modelCache}:/cache" ]; - networks = [ "immich-net" ]; - }; - }; - - systemd.services.create-immich-net = rec { - serviceConfig.Type = "oneshot"; - requiredBy = with config.virtualisation.oci-containers; [ - "${backend}-immich-ml.service" - ]; - before = requiredBy; - script = '' - ${lib.getExe pkgs.podman} network exists immich-net || \ - ${lib.getExe pkgs.podman} network create immich-net - ''; - }; -} diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index ddf1364..8912c19 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -9,8 +9,6 @@ ./hardware-configuration.nix ../common.nix ../zsh.nix - ./tailscale.nix - ./containers.nix ]; sops.age.keyFile = "/root/.config/sops/age/keys.txt"; @@ -18,33 +16,32 @@ "borg/rsyncnet" = { sopsFile = ../../secrets/borg/yt.yaml; }; + "services/ntfy" = { + sopsFile = ../../secrets/services/ntfy.yaml; + }; + "wireguard/private" = { + sopsFile = ../../secrets/wireguard/yt.yaml; + }; + "wireguard/psk" = { + sopsFile = ../../secrets/wireguard/yt.yaml; + }; "rsyncnet/id_ed25519" = { sopsFile = ../../secrets/zh5061/yt.yaml; }; - "tailscale/auth" = { - sopsFile = ../../secrets/services/tailscale.yaml; - }; - "aws/key_id" = { - sopsFile = ../../secrets/yt/aws.yaml; + "newsboat/miniflux" = { + sopsFile = ../../secrets/newsboat.yaml; owner = "yt"; }; - "aws/key_secret" = { - sopsFile = ../../secrets/yt/aws.yaml; - owner = "yt"; - }; - "vaultwarden/env" = { - sopsFile = ../../secrets/services/vaultwarden.yaml; - }; }; boot = { loader = { # lanzaboote replaces systemd-boot systemd-boot.enable = lib.mkForce false; - efi.canTouchEfiVariables = true; + efi.canTouchEfiVariables = false; # toggle when installing }; tmp.cleanOnBoot = true; - kernelPackages = pkgs.linuxKernel.packages.linux_zen; + kernelPackages = pkgs.linuxPackages_latest; extraModulePackages = with config.boot.kernelPackages; [ rtl8821ce ]; @@ -61,7 +58,6 @@ pkiBundle = "/var/lib/sbctl"; }; kernel.sysctl."kernel.sysrq" = 1; - binfmt.emulatedSystems = [ "aarch64-linux" ]; }; networking = { @@ -79,25 +75,15 @@ networkmanager = { enable = true; dns = "none"; - wifi = { - backend = "iwd"; - powersave = false; - }; + wifi.backend = "iwd"; }; resolvconf.enable = true; firewall = { - enable = true; - trustedInterfaces = [ "tailscale0" ]; - # allowedTCPPorts = [ - # 8080 # mitmproxy - # 22000 # syncthing - # 3003 # immich-ml - # ]; - }; - hosts = { - "100.122.132.30" = [ "s3.cy7.sh" ]; + allowedUDPPorts = [ 51820 ]; # for wireguard + trustedInterfaces = [ "wg0" ]; }; }; + programs.nm-applet.enable = true; security.rtkit.enable = true; services.pipewire = { @@ -106,7 +92,9 @@ alsa.enable = true; alsa.support32Bit = true; wireplumber.extraConfig.bluetoothEnhancements = { - # https://julian.pages.freedesktop.org/wireplumber/daemon/configuration/bluetooth.html#bluetooth-configuration + "wireplumber.settings" = { + "bluetooth.autoswitch-to-headset-profile" = false; + }; "monitor.bluez.properties" = { "bluez5.enable-sbc-xq" = true; "bluez5.enable-msbc" = true; @@ -114,10 +102,6 @@ "bluez5.roles" = [ "a2dp_sink" "a2dp_source" - "hsp_hs" - "hsp_ag" - "hfp_hf" - "hfp_ag" ]; }; }; @@ -144,54 +128,39 @@ "wheel" "libvirtd" "docker" - "disk" - "adbusers" - "podman" ]; - environment.systemPackages = - with pkgs; - lib.flatten [ - tmux - vim - wget - tree - kitty - borgbackup - htop - file - dnsutils - q - age - compsize - wireguard-tools - traceroute - sops - sbctl # secure boot - lm_sensors - sshfs - openssl - just - killall - lshw - bubblewrap - fuse-overlayfs - dwarfs - wineWowPackages.stagingFull - (with gst_all_1; [ - gst-plugins-good - gst-plugins-bad - gst-plugins-ugly - gst-plugins-base - ]) - vulkan-loader - (heroic.override { - extraPkgs = pkgs: [ - pkgs.gamescope - pkgs.gamemode - ]; - }) - ]; + environment.systemPackages = with pkgs; [ + tmux + vim + wget + neovim + git + python3 + wl-clipboard + mako + tree + kitty + borgbackup + brightnessctl + alsa-utils + nixd + bluetuith + libimobiledevice + pass-wayland + htop + file + dnsutils + age + compsize + wireguard-tools + traceroute + sops + restic + haskell-language-server + ghc + sbctl # secure boot + ]; environment.sessionVariables = { NIXOS_OZONE_WL = "1"; @@ -204,27 +173,20 @@ services.displayManager = { enable = true; autoLogin.user = "yt"; - defaultSession = "plasma"; - sddm = { - enable = true; - wayland.enable = true; - autoNumlock = true; - }; }; - fonts = { - packages = with pkgs; [ - nerd-fonts.roboto-mono - ibm-plex - ]; - enableDefaultPackages = true; - }; + fonts.packages = with pkgs; [ + nerd-fonts.roboto-mono + ibm-plex + ]; + fonts.enableDefaultPackages = true; hardware.enableAllFirmware = true; hardware.bluetooth = { enable = true; powerOnBoot = true; }; + services.blueman.enable = true; my.backup = { enable = true; @@ -236,119 +198,82 @@ "/home/yt/.local/share/Steam" "**/.wine" "/home/yt/Games" - "/home/yt/Videos" - "/home/yt/.bitmonero" ]; repo = "yt"; passFile = config.sops.secrets."borg/rsyncnet".path; sshKeyFile = config.sops.secrets."rsyncnet/id_ed25519".path; }; + services.btrbk.instances.local = { + onCalendar = "hourly"; + # only create snapshots automatically. backups are triggered manually with `btrbk resume` + snapshotOnly = true; + settings = { + snapshot_preserve_min = "latest"; + target_preserve = "*d"; + target_preserve_min = "no"; + target = "/mnt/external/btr_backup/ytnix"; + stream_compress = "zstd"; + stream_compress_level = "8"; + snapshot_dir = "/snapshots"; + subvolume = { + "/home" = { }; + "/" = { }; + }; + }; + }; + programs.steam = { enable = true; extest.enable = true; extraCompatPackages = with pkgs; [ proton-ge-bin ]; }; - programs.gamescope.enable = true; + hardware.steam-hardware.enable = true; services.logind = { - lidSwitch = "suspend"; - powerKey = "poweroff"; - suspendKey = "hibernate"; + lidSwitch = "hibernate"; + powerKey = "hibernate"; }; xdg.mime.defaultApplications = { "application/pdf" = "okular.desktop"; "image/*" = "gwenview.desktop"; + "*/html" = "chromium-browser.desktop"; }; - virtualisation.libvirtd = { + programs.thunar = { enable = true; - qemu.vhostUserPackages = with pkgs; [ virtiofsd ]; - }; - programs.virt-manager.enable = true; - my.containerization.enable = true; - - services.usbmuxd.enable = true; - programs.nix-ld.dev = { - enable = true; - # nix run github:thiagokokada/nix-alien#nix-alien-find-libs ./ - libraries = with pkgs; [ - mesa - extest - stdenv.cc.cc - libGL - fontconfig - libxkbcommon - zlib - libz - libxml2 - dbus - freetype - egl-wayland - waylandpp - cairo - xcb-util-cursor - libplist - p11-kit - kdePackages.qtwayland - qt6.full - qt6.qtwayland - qt5.full - qt5.qtwayland - xorg.libX11 - xorg.libxcb - xorg.xcbutilwm - xorg.xcbutilimage - xorg.xcbutilkeysyms - xorg.xcbutilrenderutil - xorg.libXScrnSaver - xorg.libXcomposite - xorg.libXcursor - xorg.libXdamage - xorg.libXext - xorg.libXfixes - xorg.libXi - xorg.libXrandr - xorg.libXrender - xorg.libXtst - xorg.libxkbfile - xorg.libxshmfence - xorg.libXxf86vm - xorg.libSM - gtk3 - pango - gdk-pixbuf - glib - libnotify - SDL2 - libpng - libjpeg8 - libtiff - curl - pcre2 - gsettings-desktop-schemas - fzf - systemd + plugins = with pkgs.xfce; [ + thunar-archive-plugin + thunar-volman ]; }; + # preference changes don't work in thunar without this + programs.xfconf.enable = true; + # mount, trash and stuff in thunar + services.gvfs.enable = true; + # thumbnails in thunar + services.tumbler.enable = true; + + virtualisation = { + libvirtd.enable = true; + docker.enable = true; + }; + programs.virt-manager.enable = true; + + services.usbmuxd.enable = true; + programs.nix-ld.enable = true; programs.evolution.enable = true; xdg.portal = { enable = true; wlr.enable = true; - xdgOpenUsePortal = true; - extraPortals = with pkgs; [ - xdg-desktop-portal-gtk - xdg-desktop-portal-gnome - ]; }; programs.obs-studio = { enable = true; plugins = with pkgs.obs-studio-plugins; [ wlrobs - obs-pipewire-audio-capture ]; }; @@ -360,37 +285,34 @@ ]; }; - services.ollama.enable = false; + services.ollama.enable = true; + + # wireguard setup + networking.wg-quick.interfaces.wg0 = { + autostart = false; + address = [ + "10.0.0.2/24" + "fdc9:281f:04d7:9ee9::2/64" + ]; + privateKeyFile = config.sops.secrets."wireguard/private".path; + peers = [ + { + publicKey = "a16/F/wP7HQIUtFywebqPSXQAktPsLgsMLH9ZfevMy0="; + allowedIPs = [ + "0.0.0.0/0" + "::/0" + ]; + endpoint = "31.59.129.225:51820"; + persistentKeepalive = 25; + presharedKeyFile = config.sops.secrets."wireguard/psk".path; + } + ]; + }; services.trezord.enable = true; - programs.niri.enable = false; - programs.niri.package = pkgs.niri-unstable; - programs.xwayland.enable = true; - - services.udev.extraHwdb = '' - SUBSYSTEM=="usb", SYSFS{idVendor}=="090c", SYSFS{idProduct}=="1000", ACTION=="add", GROUP="users", MODE="0664" - ''; - - services.desktopManager.plasma6 = { + my.niri = { enable = true; - enableQt5Integration = true; + package = pkgs.niri-unstable; }; - - programs.appimage = { - enable = true; - binfmt = true; - }; - - programs.adb.enable = true; - services.envfs.enable = true; - programs.kdeconnect.enable = true; - programs.dconf.enable = true; - - programs.ccache.enable = true; - nix.settings.extra-sandbox-paths = [ config.programs.ccache.cacheDir ]; - programs.fuse.userAllowOther = true; - nix.settings.sandbox = false; - - programs.ssh.startAgent = true; } diff --git a/hosts/ytnix/tailscale.nix b/hosts/ytnix/tailscale.nix deleted file mode 100644 index 17db0c5..0000000 --- a/hosts/ytnix/tailscale.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ config, ... }: -{ - services.tailscale = { - enable = true; - authKeyFile = config.sops.secrets."tailscale/auth".path; - openFirewall = true; - useRoutingFeatures = "client"; - extraUpFlags = [ - "--exit-node=chunk" - "--accept-dns=false" - "--operator=yt" - "--exit-node-allow-lan-access" - ]; - extraDaemonFlags = [ - "--no-logs-no-support" - ]; - }; -} diff --git a/justfile b/justfile deleted file mode 100644 index 9f6236c..0000000 --- a/justfile +++ /dev/null @@ -1,20 +0,0 @@ -update: - git branch -D update || true - git switch -c update - nix flake update --commit-lock-file - git push -f - git switch main - -upgrade: - git switch update - sudo nixos-rebuild switch -L --flake . --use-substitutes - nixos-rebuild switch -L --flake .#chunk --target-host root@2a0f:85c1:840:2bfb::1 --use-substitutes - home-manager -L switch --flake . - git switch main - git merge update - git branch -d update - -switch: - sudo nixos-rebuild switch -L --flake . --use-substitutes - nixos-rebuild switch -L --flake .#chunk --target-host root@2a0f:85c1:840:2bfb::1 --use-substitutes - home-manager -L switch --flake . diff --git a/modules/attic.nix b/modules/attic.nix deleted file mode 100644 index e546a9e..0000000 --- a/modules/attic.nix +++ /dev/null @@ -1,72 +0,0 @@ -{ - config, - lib, - ... -}: -let - cfg = config.my.attic; -in -{ - options.my.attic = { - enable = lib.mkEnableOption "attic"; - }; - - config = lib.mkIf cfg.enable { - services.atticd = { - enable = true; - environmentFile = config.sops.secrets."attic/env".path; - settings = { - listen = "[::]:8091"; - api-endpoint = "https://cache.cy7.sh/"; - allowed-hosts = [ - "cache.cy7.sh" - "cdn.cy7.sh" - ]; - require-proof-of-possession = false; - compression = { - type = "none"; - level = 3; - }; - database.url = "postgresql:///atticd?host=/run/postgresql"; - - storage = { - type = "s3"; - region = "us-east-1"; - bucket = "attic"; - # attic must be patched to never serve pre-signed s3 urls directly - # otherwise it will redirect clients to this localhost endpoint - endpoint = "http://127.0.0.1:3900"; - }; - - garbage-collection = { - default-retention-period = "1 month"; - }; - - chunking = { - # disable chunking since garage does its own - nar-size-threshold = 0; - # defaults - min-size = 16384; - avg-size = 65536; - max-size = 262144; - }; - }; - }; - - systemd.services.atticd = { - requires = [ "garage.service" ]; - after = [ "garage.service" ]; - environment = { - RUST_LOG = "INFO"; - }; - }; - - services.caddy.virtualHosts."cache.cy7.sh" = { - serverAliases = [ "cdn.cy7.sh" ]; - extraConfig = '' - import common - reverse_proxy localhost:8091 - ''; - }; - }; -} diff --git a/modules/authelia.nix b/modules/authelia.nix deleted file mode 100644 index f231f50..0000000 --- a/modules/authelia.nix +++ /dev/null @@ -1,137 +0,0 @@ -{ - config, - lib, - ... -}: -let - cfg = config.my.authelia; - getSecret = path: config.sops.secrets.${path}.path; - sopsConfig = { - sopsFile = ../secrets/services/authelia.yaml; - owner = "authelia-main"; - }; - domain = "auth.cy7.sh"; - varPath = "/var/lib/authelia-main"; -in -{ - options.my.authelia = { - enable = lib.mkEnableOption "authelia"; - }; - - config = lib.mkIf cfg.enable { - services.authelia.instances.main = { - enable = true; - settings = { - theme = "dark"; - default_2fa_method = "webauthn"; - log.level = "info"; - log.format = "text"; - server = { - disable_healthcheck = true; - endpoints.authz.forward-auth.implementation = "ForwardAuth"; - }; - authentication_backend.file.path = "${varPath}/users_database.yaml"; - access_control = { - default_policy = "deny"; - rules = [ - { - domain = "*.cy7.sh"; - policy = "one_factor"; - } - ]; - }; - session.cookies = [{ - domain = "cy7.sh"; - authelia_url = "https://${domain}"; - }]; - storage.local.path = "${varPath}/db.sqlite3"; - notifier.filesystem.filename = "${varPath}/notifications.txt"; - webauthn = { - enable_passkey_login = true; - }; - identity_providers.oidc.claims_policies = { - # https://github.com/karakeep-app/karakeep/issues/410 - # https://www.authelia.com/integration/openid-connect/openid-connect-1.0-claims/#restore-functionality-prior-to-claims-parameter - karakeep.id_token = [ "email" ]; - }; - identity_providers.oidc.clients = [ - { - client_id = "4EIrpRb9rnwHWjYWvlz2gYrtTmoOLF1D5gqXw28BvmOS0f-9T2p4CFwuctf4Co1hkpo2sd4Y"; - client_name = "immich"; - client_secret = "$argon2id$v=19$m=65536,t=3,p=4$Vny2G8EbSPafSwnIuq2Zkg$eF2om4WDEaqCFmrAG27h2mYl+cXxXyttPJ7gaPLs+f8"; - public = false; - authorization_policy = "two_factor"; - redirect_uris = [ - "https://photos.cy7.sh/auth/login" - "https://photos.cy7.sh/user-settings" - "app.immich:///oauth-callback" - ]; - scopes = [ "openid" "profile" "email" ]; - userinfo_signed_response_alg = "none"; - } - { - client_id = "_kuUEYxyfXjInJCniwugpw2Qn6iI-YW24NOkHZG~63BAhnAACDZ.xsLqOdGghj2DNZxXR0sU"; - client_name = "Forgejo"; - client_secret = "$argon2id$v=19$m=65536,t=3,p=4$O2O5r/7A8hc4EMvernQ4Dw$YOVqtwY3jv0HlcxmviPq2CRnD7Dw85V9KDtTSUQE7bA"; - public = false; - authorization_policy = "two_factor"; - redirect_uris = [ - "https://git.cy7.sh/user/oauth2/authelia/callback" - ]; - scopes = [ "openid" "profile" "email" ]; - userinfo_signed_response_alg = "none"; - token_endpoint_auth_method = "client_secret_basic"; - } - { - client_id = "b_ITCG0uNzy9lZ5nVC~Ny5R35te8I3hoQW1uraCbdxeiE9VuiCIelMmZZ7dAZLg_anTUWSQG"; - client_name = "HedgeDoc"; - client_secret = "$argon2id$v=19$m=65536,t=3,p=4$MFSXW3gjIZf0M3e8s8RJCg$6KWwksJe2vdUebPEdYc0Zy88fzGcHPrbStcqkiXl+Hg"; - public = false; - authorization_policy = "two_factor"; - redirect_uris = [ - "https://pad.cy7.sh/auth/oauth2/callback" - ]; - scopes = [ "openid" "profile" "email" ]; - userinfo_signed_response_alg = "none"; - grant_types = [ "refresh_token" "authorization_code" ]; - response_types = [ "code" ]; - response_modes = [ "form_post" "query" "fragment" ]; - audience = []; - token_endpoint_auth_method = "client_secret_post"; - } - { - client_id = "0SbsGvw5APYJ4px~dv38rCVgXtK2XWrF1QvyuaFz48cgsNm-rAXkSgNOctfxS21IWOFSfsm5"; - client_name = "Karakeep"; - client_secret = "$pbkdf2-sha512$310000$4UanDZq.6oholJW3CmKwtQ$9e3hqR8qGU4LoneR/Y9jtJTx0iSzATI4iXymrs8QrmGw4JY1BPF4.IJ9Jbc.8cikU4qpfUIFO6r2dG7JHznCnw"; - public = false; - authorization_policy = "two_factor"; - redirect_uris = [ "https://keep.cy7.sh/api/auth/callback/custom" ]; - scopes = [ "openid" "profile" "email" ]; - userinfo_signed_response_alg = "none"; - claims_policy = "karakeep"; - } - ]; - }; - secrets = { - sessionSecretFile = getSecret "authelia/session"; - storageEncryptionKeyFile = getSecret "authelia/storage"; - jwtSecretFile = getSecret "authelia/jwt"; - oidcHmacSecretFile = getSecret "authelia/hmac"; - oidcIssuerPrivateKeyFile = getSecret "authelia/oidc_private"; - }; - }; - - sops.secrets = { - "authelia/jwt" = sopsConfig; - "authelia/storage" = sopsConfig; - "authelia/session" = sopsConfig; - "authelia/hmac" = sopsConfig; - "authelia/oidc_private" = sopsConfig; - }; - - services.caddy.virtualHosts.${domain}.extraConfig = '' - import common - reverse_proxy localhost:9091 - ''; - }; -} diff --git a/modules/backup.nix b/modules/backup.nix index 2715deb..52913b4 100644 --- a/modules/backup.nix +++ b/modules/backup.nix @@ -6,6 +6,7 @@ }: let cfg = config.my.backup; + hostname = config.networking.hostName; defaultPaths = [ "/root" "/home" @@ -96,6 +97,23 @@ in ]; # warnings are often not that serious failOnWarnings = false; + postHook = '' + invocationId=$(systemctl show -p InvocationID --value borgbackup-job-${cfg.jobName}.service) + title="${hostname}: backup completed with exit code: $exitStatus" + msg=$(journalctl -o cat _SYSTEMD_INVOCATION_ID=$invocationId) + + if [ "$exitStatus" -eq 0 ]; then + tag="v" + else + tag="rotating_light" + fi + + ${pkgs.curl}/bin/curl -sL -u $(cat ${config.sops.secrets."services/ntfy".path}) \ + -H "Title: $title" \ + -H "Tags: $tag" \ + -d "$msg" \ + https://ntfy.cything.io/backups > /dev/null + ''; prune.keep = { within = "2d"; diff --git a/modules/caddy.nix b/modules/caddy.nix deleted file mode 100644 index c5de226..0000000 --- a/modules/caddy.nix +++ /dev/null @@ -1,58 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -let - cfg = config.my.caddy; -in -{ - options.my.caddy = { - enable = lib.mkEnableOption "caddy reverse proxy"; - }; - - config = lib.mkIf cfg.enable { - services.caddy = { - enable = true; - package = pkgs.caddy.withPlugins { - plugins = [ - # error message will tell you the correct version tag to use - # (still need the @ to pass nix config check) - "github.com/caddy-dns/cloudflare@v0.0.0-20250228175314-1fb64108d4de" - ]; - hash = "sha256-pfh9DXUj35jlAntkWc4D5wuW04xxQfM1rZ4KFauMzvc="; - }; - logFormat = lib.mkForce "level INFO"; - acmeCA = "https://acme-v02.api.letsencrypt.org/directory"; - extraConfig = '' - (common) { - encode zstd gzip - header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" - tls { - dns cloudflare {$CLOUDFLARE_KEY} - resolvers 1.1.1.1 8.8.8.8 - } - } - - (authelia) { - forward_auth localhost:9091 { - uri /api/authz/forward-auth - copy_headers Remote-User Remote-Groups Remote-Name Remote-Email - } - } - ''; - environmentFile = config.sops.secrets."caddy/env".path; - - virtualHosts."keys.cy7.sh".extraConfig = '' - import common - respond / 200 { - body "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOfubDWr0kRm2o4DqaK6l1s4NCdTkljXZWKWCiF5nX+6 - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPhUt9h5dCcrwOrZNKkStCX5OxumPzEwYXSU/0DgtWgP - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINyn2+OoRN4nExti+vFQ1NHEZip0slAoCH9C5/FzvgZD - sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIA/IX9OFEhHS9Dl8nrtHkL7j7hhy7in9OAY/hVuzEGL0AAAABHNzaDo=" - } - ''; - }; - }; -} diff --git a/modules/containerization.nix b/modules/containerization.nix deleted file mode 100644 index 2bcc8dd..0000000 --- a/modules/containerization.nix +++ /dev/null @@ -1,42 +0,0 @@ -{ - config, - lib, - ... -}: -let - cfg = config.my.containerization; -in -{ - options.my.containerization = { - enable = lib.mkEnableOption "containerization"; - usePodman = lib.mkOption { - type = lib.types.bool; - default = true; - description = "whether to use podman instead of docker"; - }; - }; - - config = lib.mkIf cfg.enable { - virtualisation = { - containers.enable = true; - podman = lib.mkIf cfg.usePodman { - enable = true; - # create 'docker' alias for podman, to use as - # drop-in replacement - dockerCompat = true; - defaultNetwork.settings = { - dns_enabled = true; - ipv6_enabled = true; - }; - # answer on /var/run/docker.sock - dockerSocket.enable = true; - autoPrune = { - enable = true; - dates = "daily"; - }; - }; - docker.enable = lib.mkIf (!cfg.usePodman) true; - oci-containers.backend = lib.mkIf (!cfg.usePodman) "docker"; - }; - }; -} diff --git a/modules/default.nix b/modules/default.nix index 0d4638f..bde6e96 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -2,14 +2,6 @@ { imports = [ ./backup.nix - ./caddy.nix - ./roundcube.nix - ./zipline.nix - ./containerization.nix - ./vaultwarden.nix - ./searx.nix - ./attic.nix - ./authelia.nix - ./karakeep.nix + ./niri.nix ]; } diff --git a/modules/karakeep.nix b/modules/karakeep.nix deleted file mode 100644 index 3e75f74..0000000 --- a/modules/karakeep.nix +++ /dev/null @@ -1,81 +0,0 @@ -{ config, lib, ... }: -let - cfg = config.my.karakeep; -in -{ - options.my.karakeep = { - enable = lib.mkEnableOption "karakeep"; - dataDir = lib.mkOption { - type = lib.types.path; - }; - port = lib.mkOption { - default = 3002; - description = "port for the web service"; - type = lib.types.port; - }; - domain = lib.mkOption { - default = "keep.cy7.sh"; - type = lib.types.str; - }; - environmentFile = lib.mkOption { - default = config.sops.secrets."karakeep/env".path; - type = lib.types.path; - }; - }; - - config = lib.mkIf cfg.enable { - virtualisation.oci-containers.containers = { - karakeep-web = { - image = "ghcr.io/karakeep-app/karakeep:release"; - pull = "newer"; - volumes = [ "${cfg.dataDir}:/data" ]; - ports = [ "${toString cfg.port}:3000"]; - dependsOn = [ - "karakeep-chrome" - "karakeep-meilisearch" - ]; - environment = { - MEILI_ADDR = "http://karakeep-meilisearch:7700"; - BROWSER_WEB_URL = "http://karakeep-chrome:9222"; - DATA_DIR = "/data"; - NEXTAUTH_URL = "https://${cfg.domain}"; - DISABLE_PASSWORD_AUTH = "true"; - OAUTH_WELLKNOWN_URL = "https://auth.cy7.sh/.well-known/openid-configuration"; - OAUTH_CLIENT_ID = "0SbsGvw5APYJ4px~dv38rCVgXtK2XWrF1QvyuaFz48cgsNm-rAXkSgNOctfxS21IWOFSfsm5"; - OAUTH_PROVIDER_NAME = "Authelia"; - OAUTH_ALLOW_DANGEROUS_EMAIL_ACCOUNT_LINKING = "true"; - }; - # needs NEXTAUTH_SECRET - environmentFiles = [ "${cfg.environmentFile}" ]; - }; - - karakeep-chrome = { - image = "ghcr.io/zenika/alpine-chrome:latest"; - pull = "newer"; - cmd = [ - "--no-sandbox" - "--disable-gpu" - "--disable-dev-shm-usage" - "--remote-debugging-address=0.0.0.0" - "--remote-debugging-port=9222" - "--hide-scrollbars" - ]; - }; - - karakeep-meilisearch = { - image = "getmeili/meilisearch:latest"; - volumes = [ "meilisearch:/meili_data" ]; - environment = { - MEILI_NO_ANALYTICS = "true"; - }; - # needs MEILI_MASTER_KEY - environmentFiles = [ "${cfg.environmentFile}" ]; - }; - }; - - services.caddy.virtualHosts.${cfg.domain}.extraConfig = '' - import common - reverse_proxy localhost:${toString cfg.port} - ''; - }; -} \ No newline at end of file diff --git a/modules/niri.nix b/modules/niri.nix new file mode 100644 index 0000000..b5a6ef4 --- /dev/null +++ b/modules/niri.nix @@ -0,0 +1,21 @@ +{ + pkgs, + config, + lib, + ... +}: +let + cfg = config.my.niri; +in +{ + options.my.niri = { + enable = lib.mkEnableOption "niri"; + package = lib.mkPackageOption pkgs "niri" { }; + }; + + config = lib.mkIf cfg.enable { + programs.niri.package = cfg.package; + programs.niri.enable = true; + programs.xwayland.enable = true; + }; +} diff --git a/modules/roundcube.nix b/modules/roundcube.nix deleted file mode 100644 index 63b14c5..0000000 --- a/modules/roundcube.nix +++ /dev/null @@ -1,56 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -let - cfg = config.my.roundcube; - fpm = config.services.phpfpm.pools.roundcube; - roundcube = config.services.roundcube; -in -{ - options.my.roundcube = { - enable = lib.mkEnableOption "roundcube webmail"; - }; - - config = lib.mkIf cfg.enable { - services.roundcube = { - enable = true; - configureNginx = false; - package = pkgs.roundcube.withPlugins ( - p: with p; [ - persistent_login - contextmenu - custom_from - thunderbird_labels - ] - ); - plugins = [ - "persistent_login" - "contextmenu" - "custom_from" - "thunderbird_labels" - ]; - dicts = with pkgs.aspellDicts; [ en ]; - extraConfig = '' - $config['imap_host'] = "ssl://imap.migadu.com:993"; - $config['smtp_host'] = "ssl://smtp.migadu.com:465"; - $config['smtp_user'] = "%u"; - $config['smtp_pass'] = "%p"; - ''; - }; - - services.phpfpm.pools.roundcube.settings = lib.mapAttrs (name: lib.mkForce) { - "listen.owner" = "caddy"; - "listen.group" = "caddy"; - }; - - services.caddy.virtualHosts."mail.cy7.sh".extraConfig = '' - import common - root ${roundcube.package} - php_fastcgi unix/${fpm.socket} - file_server - ''; - }; -} diff --git a/modules/searx.nix b/modules/searx.nix deleted file mode 100644 index db22bed..0000000 --- a/modules/searx.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ - config, - lib, - ... -}: -let - cfg = config.my.searx; -in -{ - options.my.searx = { - enable = lib.mkEnableOption "searx"; - }; - - config = lib.mkIf cfg.enable { - services.searx = { - enable = true; - runInUwsgi = true; - uwsgiConfig = { - disable-logging = true; - http = "127.0.0.1:8090"; - }; - settings = { - # get secret from env - server.secret_key = "@SEARX_SECRET_KEY@"; - }; - environmentFile = config.sops.secrets."searx/env".path; - redisCreateLocally = true; # required for limiter - limiterSettings = { - real_ip = { - x_for = 1; - ipv4_prefix = 32; - ipv6_prefix = 56; - }; - botdetection.ip_lists.pass_ip = [ - "100.121.152.86" - "100.66.32.54" - ]; - link_token = true; - }; - }; - - services.caddy.virtualHosts."x.cy7.sh".extraConfig = '' - import common - reverse_proxy 127.0.0.1:8090 - ''; - }; -} diff --git a/modules/vault.nix b/modules/vault.nix deleted file mode 100644 index 1e3772d..0000000 --- a/modules/vault.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ - config, - lib, - ... -}: -let - cfg = config.my.vault; -in -{ - options.my.vault = { - enable = lib.mkEnableOption "hashicorp vault"; - }; - - config = lib.mkIf cfg.enable { - services.vault = { - - }; - }; -} \ No newline at end of file diff --git a/modules/vaultwarden.nix b/modules/vaultwarden.nix deleted file mode 100644 index 443d886..0000000 --- a/modules/vaultwarden.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ - config, - lib, - ... -}: -let - cfg = config.my.vaultwarden; -in -{ - options.my.vaultwarden = { - enable = lib.mkEnableOption "vaultwarden"; - domain = lib.mkOption { - type = lib.types.str; - default = "https://pass.cy7.sh"; - }; - }; - - config = lib.mkIf cfg.enable { - services.vaultwarden = { - enable = true; - dbBackend = "postgresql"; - environmentFile = config.sops.secrets."vaultwarden/env".path; - config = { - ROCKET_ADDRESS = "0.0.0.0"; - ROCKET_PORT = "8081"; - DATABASE_URL = "postgresql://vaultwarden:vaultwarden@127.0.0.1:5432/vaultwarden"; - EXPERIMENTAL_CLIENT_FEATURE_FLAGS = "fido2-vault-credentials,ssh-agent,ssh-key-vault-item,autofill-v2"; - DOMAIN = cfg.domain; - }; - }; - }; -} diff --git a/modules/zipline.nix b/modules/zipline.nix deleted file mode 100644 index 744f3dc..0000000 --- a/modules/zipline.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ - config, - lib, - ... -}: -let - cfg = config.my.zipline; -in -{ - options.my.zipline = { - enable = lib.mkEnableOption "zipline"; - }; - - config = lib.mkIf cfg.enable { - services.zipline = { - enable = true; - settings = { - CORE_HOSTNAME = "127.0.0.1"; - CORE_PORT = 3001; - DATASOURCE_TYPE = "s3"; - DATASOURCE_S3_ENDPOINT = "https://e3e97aac307d106a7becea43cef8fcbd.r2.cloudflarestorage.com"; - DATASOURCE_S3_BUCKET = "zipline"; - DATASOURCE_S3_REGION = "auto"; - }; - environmentFiles = [ config.sops.secrets."zipline/env".path ]; - }; - - services.caddy.virtualHosts."host.cy7.sh".extraConfig = '' - import common - reverse_proxy 127.0.0.1:3001 - ''; - }; -} diff --git a/overlay/attic/default.nix b/overlay/attic/default.nix new file mode 100644 index 0000000..5e4161b --- /dev/null +++ b/overlay/attic/default.nix @@ -0,0 +1,23 @@ +final: prev: { + attic-client = prev.attic-client.override (old: { + rustPlatform = old.rustPlatform // { + buildRustPackage = + args: + old.rustPlatform.buildRustPackage ( + args + // { + version = "0.1.1"; + src = final.fetchFromGitHub { + owner = "cything"; + repo = "attic"; + rev = "d660c85bdb6bb10499a23a846a13107ea0c72769"; + hash = "sha256-E22d2OLV02L2QdiSeK58flveehR8z8WIKkcN/njAMdg="; + }; + cargoLock = null; + cargoHash = "sha256-AbpWnYfBMrR6oOfy2LkQvIPYsClCWE89bJav+iHTtLM="; + useFetchCargoVendor = true; + } + ); + }; + }); +} diff --git a/overlay/conduwuit/default.nix b/overlay/conduwuit/default.nix new file mode 100644 index 0000000..1222c83 --- /dev/null +++ b/overlay/conduwuit/default.nix @@ -0,0 +1,44 @@ +final: prev: +let + newRust = final.rust-bin.fromRustupToolchainFile ./rust-toolchain.toml; + newRustPlatform = final.makeRustPlatform { + cargo = newRust; + rustc = newRust; + }; +in +{ + conduwuit = prev.conduwuit.override (old: { + rustPlatform = newRustPlatform // { + buildRustPackage = + args: + newRustPlatform.buildRustPackage ( + args + // { + version = "0.5.0-rc2"; + src = final.fetchFromGitHub { + owner = "girlbossceo"; + repo = "conduwuit"; + rev = "5b8464252c2c03edf65e43153be026dbb768a12a"; + hash = "sha256-yNdxoVZX13QUDJYM6zTMY9ExvacTqB+f0MLvDreSW8U="; + }; + doCheck = false; + cargoHash = "sha256-g19UujLI9d4aw+1273gfC17LDLOciqBvuLhe/VCsh80="; + # unstable has this set to "conduit" + meta.mainProgram = "conduwuit"; + + buildFeatures = [ + "brotli_compression" + "element_hacks" + "gzip_compression" + "release_max_log_level" # without this feature to enable debug logging + "sentry_telemetry" + "systemd" + "zstd_compression" + "jemalloc" + "io_uring" + ]; + } + ); + }; + }); +} diff --git a/overlay/conduwuit/rust-toolchain.toml b/overlay/conduwuit/rust-toolchain.toml new file mode 100644 index 0000000..97e33c9 --- /dev/null +++ b/overlay/conduwuit/rust-toolchain.toml @@ -0,0 +1,28 @@ +# This is the authoritiative configuration of this project's Rust toolchain. +# +# Other files that need upkeep when this changes: +# +# * `Cargo.toml` +# * `flake.nix` +# +# Search in those files for `rust-toolchain.toml` to find the relevant places. +# If you're having trouble making the relevant changes, bug a maintainer. + +[toolchain] +channel = "1.84.0" +profile = "minimal" +components = [ + # For rust-analyzer + "rust-src", + "rust-analyzer", + # For CI and editors + "rustfmt", + "clippy", +] +targets = [ + #"x86_64-apple-darwin", + "x86_64-unknown-linux-gnu", + "x86_64-unknown-linux-musl", + "aarch64-unknown-linux-musl", + #"aarch64-apple-darwin", +] diff --git a/overlay/default.nix b/overlay/default.nix index 67d855e..99fc17b 100644 --- a/overlay/default.nix +++ b/overlay/default.nix @@ -1,18 +1,8 @@ -{ inputs }: -[ - ( - final: prev: - let - nixpkgsFrom = flake: pkg: flake.legacyPackages.${prev.system}.${pkg}; - pkgFrom = flake: pkg: flake.packages.${prev.system}.${pkg}; - in - { - garage = ( - (pkgFrom inputs.garage "default").overrideAttrs { - meta.mainProgram = "garage"; - } - ); - nil = pkgFrom inputs.nil "default"; - } - ) -] +let + overlays = [ + ./conduwuit + ./attic + ]; + importedOverlays = map (m: import m) overlays; +in +importedOverlays diff --git a/secrets/cache-priv-key.pem b/secrets/cache-priv-key.pem deleted file mode 100644 index c9bd80e..0000000 --- a/secrets/cache-priv-key.pem +++ /dev/null @@ -1,28 +0,0 @@ -{ - "data": "ENC[AES256_GCM,data:IVRg3IqrlV1Cy3xwyVszhUnRzbWP3OSb/XZF1H0N30eKL8d0DxFGngC5qMgRcmSs203/QL3w0fENp1u0f8tVajqJVlzLjlsiQrMdtXmiMv0LKO7E+aj4UZ0wMchB0XgSVUWrKUXxZrA=,iv:3GtA07yuAAI++RsLSwY3U62k1iG9+hvkGn45HjFt/Gk=,tag:PJ13CrjcE06KMC383txqHw==,type:str]", - "sops": { - "kms": null, - "gcp_kms": null, - "azure_kv": null, - "hc_vault": null, - "age": [ - { - "recipient": "age1sy0at69err83qyml2vqu8xvwjccfws447aaadfvacj2qluw3p45s2mtrw8", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLcGd1alJmNWM3dVBmSWxs\nRHBTOVV6U3p1U3Q3bzQ3OXYrWVhNVTlxTGxvClllbFMwc3dFZW56a0d6eUhVZ2Na\nMUVJc29CNHVMcHRLaXBlRnRLZ2pNb0UKLS0tIFRERnRBZGVFRk9sYmpzVjlpdmN1\ndjUyVmRZMFlFTm4zSnZWV09WbTNoMWMKM35a6GkCZIKscqgADrbIa48T8++wkhLP\nOFr03bv6D0Hj38VLWx+kh9kmja8BaxmdSUTeAhdORwbQumJBAqjsOw==\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHbEh0YkFlL3dPL1FmcE9m\nbjl0dHhQZlpBREMwYzQ0NEpQQ3RZVlNsM1Q4CmYwS0VDNjFaOXhOS3JkVUtaTEJZ\nSVNyZ1lXbEhCbE5XdGxCRWhsNVR1N0EKLS0tICt2Um9wQ0pyUVpnd1dVemM4NmpU\nTHE1bi9OcmsweDZyNVpVVUlITmt3c28KdX6fO1C7Ma66AAv/RCI5z8p/7fSvKWQ7\nCL86Nl4Xzb5WWxkteO4wOoHh4y0+9dpEAbS/XP78PkC07uRttcS7pQ==\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCRmNheTZrUWplWFZJcm53\nbC94UHdYbXdsSFB0Nk92Q29RdGMxbUxVeEhjCkZqVk13bEFvNFFLZllTN0NUeFpj\nRkhlYXl5STJrbVQzeWg3YzlQZ1ZlZncKLS0tIGhjUytJa2FXa0VVTFlMN2ZpTjF0\ncG9ZTG0zL2dNekV0NkFZWWVrcFpPU3cK/Kia/sHk5T9nlbDg2G52uQcJUoPrnu3y\n6ARJKoz0MnV4csjS6IZCFSb7Vy5DSH+at3khEw3x00eGae1Jd89vwQ==\n-----END AGE ENCRYPTED FILE-----\n" - } - ], - "lastmodified": "2025-03-27T20:37:28Z", - "mac": "ENC[AES256_GCM,data:35iUoodcjvIn+VAE20f2sHFaTh3+aqCYQ4HalWdVz4eUSkVNcdXs2uqOZtFv3MszDiH9izM84OyHwykudJ99QE3B/NwpfIoKQaU6Qg5X/g/rC1meffMaZwcASVbepjznahbTKmJqeSrMeybrBIV+6FaSjWXn0+D72GEEM1vgH9c=,iv:N2CbttHJsczm37qdapOCrlNeSSgsZBDlvWyvUpa3mkk=,tag:btniVwaVS9h4jDo4IM2wcA==,type:str]", - "pgp": null, - "unencrypted_suffix": "_unencrypted", - "version": "3.9.4" - } -} \ No newline at end of file diff --git a/secrets/services/attic.yaml b/secrets/services/attic.yaml index 2c42101..82b0f57 100644 --- a/secrets/services/attic.yaml +++ b/secrets/services/attic.yaml @@ -1,5 +1,5 @@ attic: - env: ENC[AES256_GCM,data:zaaavLrMO4pkwgt8ua32movvyeGLsqf/KBxBh17+lwIFSgrFtJ0SNEuedw1OpmjWNjjBbA3gmd2RvoYA7Ry/sSAA7cDgykr01g853c0vcr4H7u20J7gTJwSQaHVtuPwXO8VWE+xWEBJ7Gdq+fArxbHB1gW2aYtZk1w/Z40Tii6XVOuCS5YTpg+dkCuJ18q4p6o7K67W365Oq8JfcPNJ+uuOyG6UuCmoRo4iJYa+Zn53fz6soHUuC+m1G3qOB0lehbENUEapacqISz46IN1edR3+E1mcEk38q6VwbkYKBy/rycMSO9LaLeCDOD7UnxUa7Ks8Bk9BnJmI7N3IUfSHD2K+1qQuJsB1JcEnkXo+UbbSf+SG8nR/rIxj1GIJKxrJ2w1SGL1cyDw92xMJtK+kIDdvWHTsc+TwwZSL3/1pxivMIKVDhj2L2NGeIU7vBBxt0PYwgaFHA9JEH1k0c9U04Ug6P4TCOlv5C2GTL08IEnRh9ybJVHSbe8uzyofRiPjvPA8wTHwk0IPPUNKnN1Mm8MvQFNCIo3Cqnebar5r+dOY+E72Z7qNLPPM7kUWxpACwLFxDQyU9qvKeKovdmDyhpc5lC0IJbRJN84fNj50WsFI7k8txQMHkzF+GW4hRwzGnAmiZPvbYjzK+dmV0Qhk4Euiu2r5mBJNQqbHIYkwD18gk2Iz0nztLpsJLJcC9oztj+FewMNtntImYrMtv5ATYybeTuUT8wHQszOks+1EfWnISt9pU8Bn7YWmbcyD0btEjJy4BqCas5QBPamrNG3IVxT4GDqzJw8jJYmg1HF8RcGXm3wzgL0KznC8+Cd41jw1RJ6ejxkPSvZJ++rtbYg5OKQYx3Xxyl0zNSs93Agdejaqhm6twnqsan9SS1dTVJARtVYOQAN0ionHsZItKUt7zIcwm5kXxvHwvt3f9aQi8E+PxE2kfaJJdN8vnEAJOkVqUeK2zYf3X4/DSDVDB+0lPIvr5cU/Tq8P71KFgE0XtogMc7kXg8Ka4q0Ji6HIr2aY+4E4ejMVyyGH+C7/eMnTdL8BU2uZXPPbMwm7pE+3ScBaIhvtlgJtbzOW8+5xIXnPrI7k5ihTjcyPWXKghp6K2f8gTx4Ol2McJdy6zzdYvHrkKm0QplY/VnivDAUGmoimc1fdqCNq2p7iyj6+6//GIJWnzCpQP0bTs9xzZ/rfG6PLh3Y4uTETpnoyO3dZwGEWwrmsGVt03r02eY4jKEh9cARdyTfJJsoKb2403zxCUL7Gr5mA3FagA2zJuFQCuks2/HxRQyGmnd9IYde6CwXMJLUtCnoW2U0s4jscflEvfzXEPtlvuxpMX0r6aBUh4ryNryJtxCwV2Hqhcbuy73PTJT+/hSxD22HXNoNxnTb0A08mTRvXhwuciGkRr+TazPk38WzMDRV2SPIGmWTQJrsd2l1PQmo2d+aeaX2mH8Z9CQmU7l+WjzZHS3H+/LiG/Wi1TJBWLx2/MwFkFhfpCj0x9Scm9nQ5JFI3YBAc1cG2Q1uAjyCTnhY3oySfV7CrVdaF1sectScCVv2fJPFWPH3rI9noWqMh6tzaHcinB5aPnTtqoLo2p+Nu+RVwC0gKa8NZX2Py2SjsN8FBMq/EbVeUBN2pA7mEN3LEBED3qV8PzKMctZ3H8Dcwj8tuMyzxyqVMgbhyMwtE51cyg8GGi0KjFenJerI00RRnSz0MfI38PVz483i3APFrWT20/Cgcvhn+L98oZktsqzDb3qOOKVqRDv57MFT8GIlPUmgCx3T23L1SyvTetVASGdu9bE2Iv9xljikM6J/fqqs+i2d3sk+ulHZrP8OSSd/rTwhU0R1TF38PSaUvY0vj8VCKWqTDpz5zZpsWPrEXTuERcJJcPv3VMT/jXLXafj7CfxLzb/n7hp2oAXdMLdnUO6esaTFnPPm4ky8/B4uK2LB3nf3sB36aQAWKiUDk7BhNBIsGSvEf5ZT8W5EoGfZiLFVCFA4svYtbyMRyRLoofBls6FUbqzpVaQijb7coMnPdM+bPFdvNq0WhOVlhmvXGpCQejMV7SToj5tIWAz2+kSdsm/ekBu81VduCrK99lH6XX6fgkBBRcXOVnz765zD+iTIlL4ytkZ2sLq9VOunQmVD91l4/0T0Dx0L1u7jpNhvZmTW6qLEDH7SRl63mEYsXbPiIG19aK7jDQMGY58PyGPUx3q7JClbIj+2L3rro02WNf+6+RWO+ayzcHdydBPCVo4eRZb8IxwhqsRVWW57wNy37kbmWBRBq5z/O3cEaVasBHx7gTmCpfJSad+Pawizrd2+1OYPKfTls9ZOting/1lL3peT/thIjZVmw3nkISfRPayOGASqB2j80Fn5jM1em0vv3YMaQophg2JDs9AVmGr0OOOqLld9hlX3XseRPL7R9r7Q4UQ+b/v8hBGrKWAp23iTWp9kcbatzSsZ1K9LKRxRcqpNVBv0aaMun2q3NA78msQPe7nPZLoW/R3Lm7UJUqv3xRzgFgSenkuL2RaP7bg2LtHjsb9se03LslXh/spzMHjv7EX+w2NNMUChJ+eyXw5XEYXLEZzv+oiRkT13EaAKxFRHjscEXao484irI17/XYErZevsS4vIRAWjRouWTk5Em7bX1ISretbmMj2SF3N8BU+MC7uySat+FoxolN/tmtcrv7mRBVQY2sw/lYphAnydllgU7o0HFaBAGPzMvdQSf2U5kTbIXdtUiSm7/sCJXaD2X5zxvwWEKLvy4/PnGFFTgA4xnxXFPuiSA2mJhShp1DEESeJKYF+blornYiLI1Nhc6iFHOFuD2WCTeTifC46Sb3p97QqpNnbhZ8heuJVgfJ2eEjmu6dbhPX/htzPoy1mk6CUsmvg8zOCKntyuAuJW5dRusrCPhcnW2CEhY9Mmdp4B6ow4Kapb+eNmLngIqfWIea54c0BLM0U70dq6+cTeoVFdTcv8jvkn6xsj+8+V9GjMr7P4x69e+CZYAV7EA79l/xFmyVxuUyDlF6GIuk1gcR8BaANjhS7t47+pm6J/GOoKKQfQZhuqXW5bSWKXFyqr9vZZMQ3w5UWcJujCEu4f7zbL8PKTx3JamR/Rj07rZ10VdMpZpFG9JxVHUx5a46dO0xfNjshG2sFGOrSbjqLC77XG30JP5LpIKWlQe9e5yl8/2ANLgNcoErA8DS9NNvYV6IK52/eUybEl6pdjCLvEplvoMz3TdCJj2l88BtryoMU4OothUFwyAAqVE2YwINdn4JaT8Xmm/p0EyHDxZ4a1XpwjjOxHTlixPv9SPRpIPuQpyoz3nKldq21z84ZvjfWAl/RVMVzz9wyrS/xOCWzhm31tyfeQu/DbA6QQRiyKU6HuA1s2eo6pmbXQqNcUC137ruyAO+NzVzxwuGJOKyx0YIDl1AJZD7j/du3HTyMUu6Wvhx5imDdT+x1I6oM333l5ugICxK+cLgGDmkeYYVspUYqpTC24ntkmg6d8Ah0zuZG4JNXeatGRUsy3zqwkW4AQ+KWyXEFLqlfA58kGs0O4re5LOKGPg0YZtO0oGs3Iq9nE2qSx4oewzm4FWpoG7o9SrnxZvVB4HGNblc2DBHAh93Sych9tS4jRPx17giJ6NPXbkpisr27vRZuoVDE2EctpSxC9EgSdPC3RF1d4VblPmE5ki6pc2wCxtrPGiSJ7hbj4RMzPm7BCG8xL1B1CfiMHU8xdFZaov4zUfRpgtLX3XX51X8OR3kOGVZHnXP2YsqMdh+RVzm0AMETTdCzN0CAWzsqs8wFp8UtrBV8I1qLdEoKNUNN7giVGCzlsQOWl31At1axEVHdM9S/k82ZjpYatAlQyUoH5jYJrh/0D6xiyZcophD8jS21tuKU5Y5OtXmFBrzsgpa/zLXzbn8yvohHi+wXViopJLEiZ81C09zrrLxPoz0W54RaEV8EukU1XPfK56BFWdO7D55hT9wlQiQ+PlKnJj1NTDirCiHQnl1kD0xDX9sN7spOb4AXYFf7gGLUOE9z0/xU6IgYPvjiH8TYf+UqLsy09IPa4vsbc+kIrmjWFKXWru8UlMkLzBiIgS+/DWkA7pSr/scyiHFibwe4DYHkit8lUUyjZhZW+RpEr+vzYcCFrYaVycPnaoHp/c3W3nVfzhFP2rHifMC+AKMh8OBNn7J7X9KwXExtx+q/+mmPs/xkfIrHFes7km38SHSJ9dJmxaJcoJFIpldZjRMI8Qnn8LWYOoK6Mhx5ZEtXt1pAhtg7aRpJPT8olV3EPVqzFrySoz1iZay7bDYZp4TsvjVIYDS6wKKPArDDHLIR6XPYeJn41//g4TtViz2SJA4QhRttdvCAUfRzC23uGrJ3lBjJCF4rEufatZ1ohF4BV2CiWFClnKxTs92ku+Dc1hd1jda+USq+7DavojQkbgh4yQVeAZQqLPd596eoXqOog/4IVyh8fSSzMDAln6TiMPWT3XuKbSUOZDNmyvpcWtUJnpFihsVznUmjmz7NnS75d6rZsvHbEIENpgEEGjcuJy06WZa7tQ9qVazmzMXFyFGkiI1xCH3/1n/35XQSXsmtBxARzdJUXvRcsbKScGaAGzpA074qW6mFRoQDjLs8hcS+BAQpAcwMupNvMHUL6wpL4fUXqXXlEVPQ4wNG9XTqOSa0jVGWZDsm7VXh1jpkpNpckR3cxUuZ68/gr9qFPX6XlI+IBLWJfmKDYESM6vjWfQegPifOZXSdcMrtK9FnXw8SMGLdUX5XB1pm9pwS0L2h+1ePvL2lyiG/ViaUYrGFtbzYUJwy6tHne1OUATxCdLSh0EbV7zxc8XEy245Vt6PLJvbQYeZaIsu/SOrTZbnHKB0zQ70/N79D1lSPPxqR3xIJPoBoBF42oE90mXGoXdh6qQR6zZuat6+gVpuvJBWjlAff05p9xJRzKOKUm4Nzw7/zCCxx2Ah2QadW35rlrupUPZ6C2E56fKTlFnga0v1pXwEgeb4nX+AAarB7rqDqffdMRgmQHrrd0we5p9E74Eo80aBH8ETMhOOA8bJ4FRxwar8oDoNcFQfFCCYc07ZmIYzeOKdab8Uk8Fp2ZLqqCjosgv8PXAXA7RZn3krVNVCYmVzCkIq4VMc7ZtxZXO+7H3Ilnmp4ajhRBI/vzLal0eeOi70VoKIwt/uLheeqjb54HPXFq7vIsY61k3bbi+lNd3QnQUYp1+e/53d0JCNayLNNb71dUoC3RtkLrelnPXWDWkgpF3n3dZLcECZdkvbLys0CO4y2s8gMMVHDK2z19bclzglK+eKwnu/gA/k7GaTtbeKD/hm4UctIGlKERgUIHt8oGPJmxtQtEX/JcWVVi1TlSwxoRGjeNgRy7CcGISDHGn/ZwefXb2SuTQqwb0Yt9G4Ou0EmEsS5YJDsZ7WRbY2Hz47HChdB1g+6P8BC82dhkXR0/q7hljXi6mzGIUxMS5C2kyX0cqhhQJjr0kfAktcAo70O/6lKl4XDOmKeK7EGibglEmsAZmG1tQsAvir5F+SGakgjFbMlJzFde9d4fFtf8XA293MuQOAXTMlU+7SCKaG83jaebRZmxltzhX8/DXPv0T8smag7Y5KfLweyqI9sGtVAh3mknV8ZcGb5l06A2kkdmGgoKbeBD5/CSgppmDUMJAflDBLSL3K84iko2f1T7mRRyM/KKsRX4lzjXlb6ZUBYiuXbCsRMKuf/BLw1E6HPAbqUtTemPWfuBTunp/s+L4bNOLNUIScFZ5PkrM5pzNn4qz83XTTuWHZpfl1Gv4pKFCAbw4ZHdWkal8yA3tqrBXEyqxTDSMNh27/7qhY+uRTUIDzczSFuuY861gifARvg/v2ZB7fDwhLu4eI0KD33Rchgi88HV7YYS4eAoBZadZZnq5N/AcApDTLHau33pzaRIbuacPH2gjF39AiSO5cokkcfqnfXogjTtHwIzHby3x2nqAr6i6TjytEPhGHWSw9JWhmoH8gHFCzdsFpTkQQBEzawtUONC1anAtKR8buQq3/OHDzaaYp5sbI+xDlw71RXZiULrqA8LdIec+P+g4MstA==,iv:O+0WWj3qcMA+/U7jD6svoZhfk3SjtHXqgsDCdI67mCQ=,tag:HDfjSbBfNlDZniYU0L98NA==,type:str] + env: ENC[AES256_GCM,data:kwQltWs8MMEJ9SEz/EIKoMNy1DDfz/tCsCVYNkvCy3/m/o8uXtgwc/F3QKBD6Gwc4P27e7Bv1w1ZpBqwHDS5qe+YD5gEg6Z7JSXKaJlG9AAZhOOhg/Qyqib7HTw/bZQH77QVxo/KwEaHzId6IGoUKAS0kimiyqOV2UiAN0O0JZtaWIkC9WmoTcjr+z/2x4mSFJJnRzS7u4wQj6Aqnuc1fmePHcsehy/8hyhD36E9jHm60LG4MgZKC44i5U+FqlidQg1/Jl26pblbGhdWnFu52YdnuguIttumMdGJwgvj9uu6p5bHF7QSbmmx8GlMx9xG0ogq2mi/FClvfd//BRVAOd/5+fcbptt/NRfawCUrxqkUqyj/v3WSym/HtQ9+EZ07vScl4ILnswWQ8nw4UlZSjhDhTuZ1WB5iSANZYmRoB2weSPAKNWqYodwXOR4dFyuj6lJXi7lIBlUzkgA/1q+gsKS+VBhNg8TvuBPpvmN0YlkVPn8xjShM+jcQJF7aeXymW4EjGe8ctraU1cRiC3Hn8dVuODKccSqgJK0AD0SjdCXPjM+drUm5D3BLF/gLNJsEprz+Sirkb0tljapLoR1Zc9CwPeX01wmVKZq8nYqSAEwAiJYYUb0HcO9HMFbWLkw8GNIvKhoKq2NW2zo+Fxc3Wm8vTSieji4TJd8v6cmdFeE4e6i2PPr0m1zxupIvCXCi9ZUT9lvmYlM7kZK3FZYa7rW4i9D5TFsD1K7E1uRRWdqQbnY8vJxpXD7fyRuwz8cqDEyX3me5vT4fNxSbQIr0PS3YW09ijagY9kTn7PkRLDB4Zzswe4yLybWCqHVsuvUlFaOA9M9WQWTxdooHcENtJRADRFdS6fx5QTMcugGMFGYrGt37LDhE/xasGO9GpS6EpoaO81EvSMgobVqHcQlXFjk/+645g+fx9Y9sN3SOB5CBNz9BOsyeTL27coNwAvo+NOCOHZ+3rW2voiU9ybHWgujySyKqxAHZjJ18KEvFv0mWG0thuftL4+hx8sxJ2HfjawlIt/YcXHRP2CpmVICQcJZle7UUYCqDR5On/NTHzAABe4SRBunGJP/2jZ3Qg5dRkxJr0TZStCJT7TzO2R1+YafhOSJIATQN4M9FP0S3GU1e619xKRroupmBducCSDB/fUgiGoN+rGXFadPs7bZc1BmGKwDHBvJ29OrQT2oPsdUTHGo1KR/cWNIvkqJAIsa181hMgz7GiW8DwENkvlY17KOEOnCQcsLHO8Hk1B8g/kWlowPjGnvhK5cI5NvZmej5B77uNPjZy31ZR2Mpt6O/k0wtpdl03ooSdr3MsmR1oChD2oAhpvoYzC7vvhJsd7r1EGUZdo087WZWN0Chmjg/7aFDmcu/dtfkvl6lSAtFog46MgmMcFFjkEMiIIs3SmY00rrhdqWHoT4nARwQkqy3GkrAykyxyu9/WpTf77CVNiKKiLAJNpkEqPmHRYj5tXHDjw1yK/sp+TRe0vn45DJ+ZRfsySmb/5YeME/nioIBNkETh6J1hXj9BMtXyXmz1G+/RlvUDxQMOxW9UqvD3N1sukQ5dHkjiteY0TaJ05OAMSxIk7XRdomljjLA8FF+CvhH5bbpZ5IpkKYxa4IPzxBx4y5JeSpujke8nMGjV5ulqLkFchua8UQPzYABpGoDrOKmWs7ZQoUzQULbsy5INhCOiDKV82Pl6CI5zgBh40d+RKCcOLd8fCaxB3m4NiHio9+nXM7/MEIQFXrpHLrYo8WXgm1L8ik1Gi+8gPP1VcwoX4a4z0tkSID/UnZqWOCVP/URW5D563iG0xl4Mvc55xgyp6Un82higVLWmYkW04ta33pCvu/3RcEAuRAU1Z7a4dq8CacQbqTpHjNw/bArI+hxHODiAPv3DU/jfhhyn/JMDOUnObjNCWxnfpYBJu244Rgmm8CS6YSCxsswnjMmG+rHtPbaOe3FDH2RzdXtRqJ7JxQdPQcV6Pi5bwQAc89vi7WAe94IziFWFQaNDBJc68J/881cGhGikV1mCW4AV26mVbbbrUZo6frKTelBDufD4J/ISPUmCFPppc+uHhCoqdXZ+ONPP00HR1ka4pubzKz+LOQh1G6Rf6PtdfbK/g60RkjhQ/xtA0fRt4O2CIqRZ46Xmyx9jO08zJIW1B+mSpAKWVyZ+ZSqo8x894/sHLWfIsjBIybe6nB9xzLo4hbc3DQpFUNlwWZFpKEFtdNl2/Ww+U4hdjLLZpTQAPbUUjlS/jcAJT2tNMsi7ujy8xgdsbRUp6QpxE9LVl1ChiwQVwwKNHimt5sFlYp8H6j9LUuoL8kIDPRi/9govHrP39GkS294MFjyHeHhZlwfbFrHO1+UowTbl1qTh+YG9/NS3ZN1dAEJs2ZD9AxRH/6m8Cbi1LH+LzZm/0kmM4HgJLqzoTmsB5YjiWA9P6ORbdeM0+4o+6CjuihLOzmc7GMDzeidde4uvoCbKCAsJh8iTEsgGbTHvCys/qo0G5goL+DispSclZwU64tGhJb7SgZCPkl4+2+qFMgjKJ3PO7IodBqETwL3poAEknbwXCuuFNLpDJymwt9G2F86Neky/G1Npsswc6UiKJSzEvyDSR+inxlSuD7MRJu6ujuMdqtBMhTKObHvu/JxE+zVHF3aePYnk78xHTLKl2C7NAVR5/sD3tvo9uxX7SuYWjDcYYIrH/DuWhAIvwBzFEO8tsDGPfg65cF691FOQmuKHWWTJx3tNgoQYelfyoxRI8ao9dIY6Jcwf/FB1NUQr9iw/sfn+w3ojqBqpin46f6xrSc40WgrnQibEoPk1bvK6aZvXYWpdOv/7C29X6amnOBvlCvt+T4/WpXPO9qM/nu1MvFI3ZtNRnJViRRMxjw9wbxxVXPmXD5BqW6SZTI1W03IAu7hNz3aHELB8vZBaAdZ8jGRw+vYsoopjMTFNW/98HVwlRlcz4x0V0FKls5l1FI55rSHjDOLUZdsqyot66TkT5wZ7HHUIFt8MsaXSjZIKRJ166d4Z3435VKWog6LqDrpFiShwRTJpMWNVJNWQLT/7f8clvexqk7v5u6q7C7mq8rOA32UlRFKg3O9ruI8iutyhp2QYdFM6p2l256Tr+Lf3AL7hNA6GSt79Kb9DxXnBl7+IP7vQTZhUDU/hM/z84e+fYagMOMQDSQzfOIC/0H4tnVQk1kQa90pihvvo2A3y98V299kMqc68jw2xMfIIshXLsg/tqpeApSnIKcSrKX6TqHeXn9ZJe4uuzK4tYGhpYfx1ceIFWd25hIjiMrjkb5HjTQqvwrTqrc4gdJ/20J6sSn0p/aAI6BT+UqzRs2cdVMmEK6zTvHmdRnxAMkQ8NAo56UZej9YoGa7fKt5fJMVyll1muZjLp3rRDuZdBpGM4VixLw+OFou/HSdjfcVXQNTlLGIRD+WVyxX662BmvvWjctN5upNhZ3Ale9XrTmQhG2yClM/gQzKSfRi6aLi12N111vdj4Ug2iFxlg9v5KCsRSTQ416BGJFh8a1bAJYFbdd/8yCWvRt1QbdqXWKmpa5S2Ufuivhr7ajX6W+PbEG8XlnIhxAe3xTxsXuGwMhrHBzsBLXDkzZPjSIrMGznBt5+TDy2MCqqiqMepV4YHldyM3jLBPpyFxc5Ut7bT5bF/+01n894Rfi15txJnFV4YWsu2nwECnfLJtJ2iMPlaBwFqT5xyM95B9IuTanSG6UmY3hfcYwHGVdAS1GULnvdVSPFsdSCxR17pyslDARLu7uRNXe3l4z1mdmI5YX10AYphJY0lt5//EFzwNqpRtubYHwxpecaeQXlTHT1fYIz5gwnPny0pBKnqDqF4RZgl7PkSJci3PQS9R2QFNRX+3VzJ13AXE/DPzn7EcJKhajEgVAQN8vDooZ5xLjFPyqgo8hkFbDPF1554eoHm7XC+iw0SSDoLKMSsLPLGwu/jq9bBa5GTCTQ02gx1pVBKVpi/+PjXd+Vl3H7ElvCRNtUErBSNmzKSXFfCRmShZOHB2kJnyuX2IQ+6dEiOBAztx7mBFsmwbC0xvmnBwWx6nn6mbeY+3P82dLrkd8j+uH6bnuMz4rXLc1wonmLSxOQLArUVRDRls6Ng0nDw5VYgX08dMVlJ+NtBL4ra3gbM/CVIddIBRWbgPXttUZs277I2SaZ7KdCrO3pZo7WIApy9akeL2hOGR9kvLBn8uOw6mW77BjjAqH2rVTlfUbb1inAxyrUe6TGHF4uCTavE2Yge37CAFnUwChwN9M84oCfiq2XEM2+CARzhiByAvyFihLvZtrUaUq5le3g1ay67XbCYQ67l+Lrkm9Ktdt1nLEG2lnBuyFDSwnBIPH9KbWw5YGBMq28Gvadjo/3SmKsFaEuh43aiYbB3t9klBi8fpS1Blog0vtPlJC22sLu3u9OkRkeHXwxw5I4ta2E2ii0ZB8DlYmgrYJ2Hn3hwwPQMwdCXiGRBD70PJrDJV2hMitFP9QjW5Gwj5UGnjaPRK7M1x2nai16UAJ2yg7/s6lX9uldEC0JguvvcqRJ1ZlvT4IYRJSlafdb2YaLkEhitMsY3gSEgjkQ+d/qCCv68PdhO8orozBVRqXzAvGuzGAmuD3U54J6/ADZWikKH+5tqhb9DqaD2Q5SGgPkqai1rlkohkS/HBn7cKGKiHHDm1Szv+pUNX3sfFcwV+2H2nfBjZeySd60aU+DFnVGCv09WA4HP+gD/sC8CBuke9pTnGRkzYQICFDac+6eNGNqt16ELVBab6K+ahQNfE1Mpf+saYTpiMVXw/UM+qUvQi23FjMd3bXbNQoiu+KLt4EA2Hx5ZTp0htPrUnDQtcSsdcEbFK/oIDvzZMhSAaO9XA7AjoTqaEFoR/vVWdKaDjI4gVmdogf9b0BHPg/jGM1Pc9mM0RKh93xI4xZwT6PR73raRjRSIkle/uqSyI2Al/pWTXYioPFeUDhsfBmuRzvHXa8Flq+Cjz9XzPi2n3NK7BuM8+ZayNL5K5VtRrL8xPeWy2spIYJCxAqAP/ES5BZ6WmBKxZq2fKMh3Oigt9CStoChjTIZmx8Nn/QZ6QWfh3feQR4VN90LAEjpUn2dVM3R0I/r5gr9hzeh0Tgg4HePcO5U+zhTU4UcBbTVFooyCVxud71EBDs6BdaYzq8mk6ge/kEeyDkOv30dJXyI2039AmwTwvyMaFThUDdAkgfG8UwvYEzrvBfVFsFM9/8NP3w9RPMm4ebvbtgKTloEpIoWUViFT5YhH6bzFJvqJw2czk2EFyzHKfhijMO+6gJX1at21NolNeaFHPvSnD7Arbmv0p1gY60+aSUbx0Cp8DHw5mkRC1r/DC2dJJ1qCwU1Qghyz+/fmrZr0PspTxH8bxJFsVtJ/zdjqi1Ci8YFGOrD8OtIIYpCmQF8cGXx3lyrGKn65xXEegBwRbWh5lQ8WqvRaRWaW+lot0LtpK1vUYJUzPlZTliUYEoujOhTMCPg8LfeUJauvVULo2HT8GTEoWJ8LY+906g/bOqJfukTHHCmwGFaDEtceKyD8kGa2Q1ckHmdh/UnoX/AX0la9ICmCuEDXgbBAoKzMhLEiFpo98Q2XIMpxRRVcDUa6Ovu5gnYYT8xOeyHr2kgsQ2LRjL7fxDGAMMuBkO3szFn4H9f367F0Knbz2vcolt6AlVpfhcMrqPIc0HFVAgLtdxYGm49FWkDiGGGggfRd/pJLX5FD72C7scYTLFP0fxYN13D08U72FcOKcapLLMSETfKrh5u9yp3MNqDqiuhZ+tEnowVkM2ChdE5ce7DdHyS6Sth5MAcs2Z0Nfs2d8wMxQv15dOreLpXGkh3HbEcxZFIZNbpNiJEIp93EgQRJ2viCVJ4CpoMFFzNpARspASxAB/gBS3QsCaiAtv5sEOSSkkNA+P/b/z0iU5gGXyzbGVl2HqW51YxSYvT+gerHwLSLwZoJ/lGGEvI1LwZ9AbxKEIiMp9aSBFea9ZvgLITkZHNpO3QeWXJ5NqdADyRq0d5dSmEzRt8ACEVhCDNxSVrUwHYJokILjjHB0xx5FG2xsB9gaqhB0ZNlA==,iv:cE8zuRVAWVt7sLgnJsiTgwq2CpSsX4cQwIbYAeEv7iQ=,tag:j+VQnlNKapT3eTq4aPebQw==,type:str] sops: kms: [] gcp_kms: [] @@ -33,8 +33,8 @@ sops: ekFwNFp4dm9UeDU5WFU5SmJyY25lMEEKZquSaE2A4ZTSp8sNB5bjgUzdp8RtAHIH xmbtfiMcLUv7J3FdGNwmSn9P9lYgzCVEZBjI0BCj/9JEm0eGFL8Vbw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-03-13T17:03:36Z" - mac: ENC[AES256_GCM,data:ZOCXTpjiySU1zfysnJm8u3BMFYVeI95sfEUVgep1WAvy/8RpoIgXq60hUPHSwp2+Z9u+PdTzenimlqdnVgAtfmHYO/xwOsiKuVVtBkBFuYE54U/jugr43D1mD3lHbm/0IQ+e+pCCmIp66BC6PV70lZMDzMDhf0PmxHU1hQZhgNI=,iv:4jRrIaswY2tEcx/fQrgN+DAxhLcM14DMV1et6m2W+SY=,tag:ak8/1MjIrqcgaUeKw6u6uA==,type:str] + lastmodified: "2025-01-05T10:45:11Z" + mac: ENC[AES256_GCM,data:iigwuhn4wm2NIRBymwslUKiljbrFzbEsz0UZ9K/YeEX4FU3oy3gY2j8qP+yd7qISdObxOHs6AtdMzx1KcTK4CHhoI3vJ+aYKBwmaNvM91Dgbz71f01IUql/+ZGG/UqqgkWpvac0bERDPW/ypXJM/g9YpzocqWb9bxyfUDRvxkyw=,iv:zI7CsVegQC5STNH3u0hIC/YWXTfNwRyU3JJ1hn5I3AU=,tag:h/+KCpAmnNXORHLcCyldoQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.9.4 + version: 3.9.2 diff --git a/secrets/services/authelia.yaml b/secrets/services/authelia.yaml deleted file mode 100644 index 6aa9c33..0000000 --- a/secrets/services/authelia.yaml +++ /dev/null @@ -1,39 +0,0 @@ -authelia: - jwt: ENC[AES256_GCM,data:L20XZt1eYz1srY+xIliasq4x2guxNIUOM4mVTPe/1uS2wQY6h1uY9n7yoMQ=,iv:OhTuutHQOVLG/CjX3m839Acw9eq/Yh3Iy947km1jalQ=,tag:nq/lwsfGSzeH6RsXLzr24g==,type:str] - storage: ENC[AES256_GCM,data:RW15TzoZifv0xrVAfrM7yFXv1ISp7v1c20PL4nGkQrXwjablPKQa5IZ0Fvg=,iv:YQ7+2h4O0Qx9BqnFU7WMaZuPtKU4BUo56/KPq2NQYxI=,tag:LQ8gWhf9rblGkN5bhPHPIQ==,type:str] - session: ENC[AES256_GCM,data:fJY4uSKRIcHDyDqndT9YiolOX1HDw2BphoaZONAv8AhdPV+aG5qj9Ppy3Rw=,iv:dcFZyIdZQQlyAORudsUCCD2wx4Sc7NF0dh/v/M6iYko=,tag:vBYU58mL7DecMqhX/TUdVg==,type:str] - hmac: ENC[AES256_GCM,data:K/qiyibBlu9wNh9IINHgYQiEZMromSA9Kf0iRVHPVuuhhUBZRyyfFyd4sLYNDLWvYKRJGnTBniIscQuBR+HU3/ttFGN0EkDsuAXlW3tKyLSxTiVgEvsKhA==,iv:2femAZUtSE9DjopiRIRT3Be3T2Qi0J+b8TaNJZ9vcjw=,tag:Sb7TT+1uxtStv20oM8oa8A==,type:str] - oidc_private: ENC[AES256_GCM,data:dzrykbgRk77yDbrnayTzSyiAjvgr5RUuDG046azumPinHL9wBaKpNdx6CqY7o+W95yOyVr/Xriw/aBbSyCZE8RoMchZhnS5Z8moHrIK7RryRM/BmEpOfyFLf9kpaO5QqSGyPt13yJQSA/3TwoXD4et3rVEdEz8mwb+vIA+G3WIZrNY+95KNjhwu9W648eouGBqJFfwTw0tm8mHsu+VZE8OYdp+ujSlKWZcVDEzgMEe+egXbvSB/3sk82HjolcqCmDx+U1TWMZfZdZPaT4RxONy+4kgGDW4FOqtsgctS2uRUQ2CLuRLD8xIulBO/VbsnNuticiM86BYygobq3RUdCKAFLUpcXqNWgnDBvnYPcF6mXPTmFCD3Gr2t4uRkqIIPc3NrW6DKnSO4pu4oVlUiSd9XaHGvAuo0yR7zcG7Zl4BAzhZa1HuVq6QmSNMf1TAo5P5zBc/NKlUVUhgIEKmRkwf95ZDyph1CJJagTsRZp/D4n6gbuzmV2Pjd8GxT6X+GOK7MQ3hPWsQP8+hhf8DArnVa988Z5cVxG3CQS6wEdEfc8yoHXlXwsB6iHjG4GooJk17GkP0YnMqOkv5Y9QbWXGNN/Zce6LJrSdvpd1Z8oWHxFB9ChFEA34tTYE/1wv0C71K6VRADnshBTyg0i+7GxvW0iyplWGEB2/DRv9WbpmIze1vff0KPlwvmdPXvZM7kfJE6uRP+DH5kJeIlKezA+hwuZmTLEu8kTdIkIJVfbzuOmXtX1yO+sQmSs6anqbSBuw5dpKYFFtQ04V+P27uTdi6lbUUfaBiHMhiW2A8aj/1Xf+pOV5oIN1c7PXNhAGrsNbmumQ7mBmbfOZeLC2aze5iKLSu5xqCzMNEWdlxXkmK+eEuUgDAQgW0pRAA12wvAFT8cf5BIeEPQQF4gPJprrQ3u93AXCVXve/TPC6rSEb+uCVq30JRGvIciFAEPWjhtSSO2Mh2zxjaALXVRE456k8DQq5mvovCp003EW23Io+lKDfg73n4LLZvbpHBVa3SQY0YMazjynJTo6UcDT3J/u9kNutIRjszzohMdW4jmykawPb/FFGv4yaX199bkTT/6/ztygaUTUTtWrl40p61lMzFHsz1qPy/5Bp4fxOYk6mLHpUFBpXUlu90ZxiReu6fX9HR6oQ1OC6MmpYjvcvxOAfIszgoMmp0LABJ1XN7DMOxpRrjNqW071xnel2/NzYy/gx0r2SdusxFJckGjrnyVzjEBVFwdpc9lZ+NdyzbNaElt/duk5AhdQ/iTCDlQpFsBhcl83Sbt38P/QlsOCPvRYuOz3vvOgeRprZn4hXuvGpQKJZEy+/rHDFijVABgbqLBxhfQiCpFmfwqQrcI+vFnPBGHP96p8S7xg5Dh2007QyFk9D2zHDHY6E+Iv27UkjaCZI29IAEdBe86IMtLI7Pl0q6XE44cHwD+QqzS55YlPj/F3va9LesoylPzBJwlxogciolfBQfQjLp4OF1rBSpy1Xy/Es7+M9eEsdatX1a3qFzYCJbC8+no5ol0PaIHx4ejH9aeoIiVfq/yXtzV04pJQz0bZfpfKVwtroyHhclEsP9pZVHnnexIFY1xqVF76V0kbusiizhru5ldOWE7smwXD5+KyMCTfDuxPnEjFBZLb/BLjo46sugJTAGQJhBBWJY+h7Je5PP+FnjQG28h4n4NMshhPfnyDEAZWNpDAHi08KhHOGzbNhPl+E+pNrNoNwmJjWbiqZ+P9LVQf1s5C+UrL+uV6qpeVKcm9tjy75fgVTD4iRXb4ejQIWlwO2EVLBzI9BXYsVmly6z0C+8f3wDPswwwocna9SonBus1QGudZ8cLSihZqSYmq6fCIFqfXTlCj3H0aOBNbX7dCYrles/y6jtn0VebQa3UEflXs+4WytpXdKEelN5f1PoJVnjrRF6Wtyq23GNbo1M9BTBQfpUf5x7QnZrxyIVbgvHq3JSR6/5p6yv6SGOdypCEqMtvnw9+bJMi6bxy55tXQNNpBB/GHWPqzOE9//9pqazJzikL/x7HWg/t+tJ7yV7MCFV6Bk2cy77j7i0fftxfHqjF7MRbnIaJRqxiTqp0z2rA4L797Que6a903b/u/AStMnsm8sE9gRy7P5L/PafqpgA/kK2FIxbDDP91cnvikRi2u+oaydHLhCkaq20SIupBCbgyDVkOXZ9n5EnKJDjFOAbOQ2UiXYrQPXDEMPLLUklBeLzQBHY4ZTQ7zzMb1tqvo4UqaHVnw2FwY+PoX2IPmF1ciccFO5uHX2w2qz8Hx0ZCPa9AsR/3HhKAg9sdg0cF0k3nXqTWCSs8j+9vpJxjCmrN1bXwoRA8K/ICYDoOtjb76c1B/Ahvc2YA7OULcM0EAzsQ2Z++cU/OCIcQatxzEx+TOp5i1yN2YnCFHqDBpE1UB2UbxBCYb+oEEBqB9qeFkQI6eZmvHASjdasXUtvnBYNCc3nliGfODoOXKLmzHQZJVPguWFu7b06zWA7fy3qGMjf7h/RhKbfkL9o7HkAvHTSh0+Lpc8gjPVu+sqLNUMyk3196LJWUI3nf7L3kUxkdSBdsJ/18FZ97OzC3Ws9dhhWe02ry3Y2ptRnIlLf8f4Y/P6FpqwR8Asa6NYBq+LKNSuWfzo4ZynkPt4irAm0LDOnZzbrRbQTB7tUHIA1dZMMWueIe22mUDOzTGDPuFSfF31rYbh2rmc3Tjvkumz6g53kdCV4QnL04htkMwql4KvpMCrkkMxDRlOTf1Xh10QrO49aPd29i7LbFjorGj1872hXszPDpmdDN78VApvMzVue8dKdhlz/x/9aCJnp9oEEgdObEg2OYyc29bqd9kbCOs5F4vaI4YdMrN9QKTqjAVG0kQAKH41Q7VCe0/jPWmGpH4Kd40RQ6/NY5g312D3RKV3V30DlCOIm+w1z7XzV2EWTgb5vgg4EbYyVmh3Y7wBguv2qOqzwhGMFrWGx+fTFAe5Zq8TVwvQUfeN/vFlYz+jc8ysKBbyrrAl4vKm2pz9Geu3Rh4AfRRmxawNjE/qlrTk6sWdWNJu7i2Wgk1C2+1FZeAprPg6EsZj7rFEGOFvZIjWrTi7n+IHI+8rRKDo3J5SkAsxiDaDo8dfvGecPp9ig5l9+OiN68t29HxfGnhJsk5eim/vkuA5mdFJW0cy7h3gtP1Z0PtRYsRoBO+hPp7dcYhhh9NqkP4LbVI8graz5FEf0yMmaA6ci7xgBWe/zOa0V539Y9cWzTK5zE2wrWI+mHKsbgUH9s+7y0tTVk9mPaNKhih1MHgCQiFyctQLzVnd6fXnv7JHzkkIY7AQiCjEZ4QPUrj99rDh0bikDtKX0hAiVedGMJQ664Hhyd3sWVGfrC/Qmob+4LhpE24kAxIRf94d2cB1zRFQ02HMGkbVUbge8SPNqqq/HoWkYvNo/ltdL0Nr5Qb1OmY0LP5txGh8cCQt8SD3K/ww+ZjD0ZbqqTwIaND9reyzXL0ryf8yNkiPCTpFiNmdL1rtHw+E2s9HtdngCz9XuGW5GRa4cL5xY1Yt4WBLEnxXwmyB/EOjBIeO4aJuwAcssL3UrvS/IEERWN4XrqVM4O81ainLaXeze1jj9VJcMb+/qz8dMdgm4WGkKfbbJeIsFCrlHOJ0CFNZZmijMvkoTvZ9WTq2OpxxZdsci1UmItlU60LETfWTUK8Q3YOo+c+fukIMPv68NLQH1LsiYjFXo9yDdzfD990uI5wdwnR3S3Sx6Vp04SkzJX7BAZ2UuL0wJ564Ny4S9Ew5BfWucd70mfQaEzOl52M9mqCyJYDfMYhd65YxkAEAV1dMg3FBlpZmOr2wtEQqXz+25cSPCNwQ/obCQt12cLNGRhyNi1Stz2E67Q9sesmssF7dgq0u/TeLezzVxTk13sJj6PzMtdpOYDwsgZJdh9hz8PZ32nJMTJnlkq6zcTYsbq23+HreCx1dHJJEDjpqZlttMYqLZ8mLLob25PzFaue164MbqozFtNTOc8eeOD+hoPCP/hfPoKoNi7oARs0fvwOwCQEug0XpMcz9mF/85ZBxYuDUBEP1vpbD9MpP/ECslqGdHuJePEFiiJOrDVggpaGcgWUfS2jwWv/46Bbz+W9QH+6Y8IevMf+lXPOL294g5VOoOW5k77naeNNCbycbijFD76gR5DtA+Vn+B6pxzF7l4E4VqC0Vlc1OUvYA7GLZ4rzb4bH4cEZiIb2/skDhJOmcb2btPWKRgutbmpHmi59eVbVkKUAKXm/WBw8xLwt2sLBS5r5R7aAZpMu/NaXFTfBEBGUzrH1u8Pfz3FwRK7v0QEyzhu2bS2JkGxSsaxD5+geQlvzN8eRYW4+pst/CfcCxTES9spBnqSWIX++rs8f9/mECf4jXzZQDv0fdbGILAU=,iv:GTKiBIir9+G3Lh45x77KARxi7paEsGP1m0qVldRnuOw=,tag:eCsjDzyO1g2HvnDhR/Gb4w==,type:str] -sops: - age: - - recipient: age1sy0at69err83qyml2vqu8xvwjccfws447aaadfvacj2qluw3p45s2mtrw8 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJOG1menBCTTF3YURCOThM - Q3Z4bnZJYmtQY1RmdTBSeFlhZCtUVzg4Qm5ZClo5NFJqaWg3NElKQjRLcFZGdmxP - cFMwOGxoelJlVnJNamUxWFhETWpiY3cKLS0tIFNDWGRkYVZQWTd2YXg2aGswbmJz - MVJQdDV3ZGdzd3NYL29tYU51NndiNmcKtagAZdoZQo0y0atvRI6f1tY/3j8aD4RP - yvs9RVDdNqm990O5EudjMNhoKLXnFQtX9NlzYVHzrsX0UT/HSUi7mQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0K2tGaktsdXVPN3g0bXps - ZkVWamZGc0QzNk1TaVdla1RDaW90TVpYb25rCmRPL29ZNFFCbVkrbVpseW5SZlFN - dmlLWHVBb1RMb1dvY3NKNHc3NEpMZFEKLS0tIFluRGN6U2paVzVBdCt4d3FyMVZ4 - Nkx5aHo4Qk8vU01wazdWdmhvNWRLQTAK7kiQiEdF1LpzQ/syjRjyhchShrnfhHFE - M/XWLSIcnnApt1dOyJhJlpsQTnT6Y6Fqem0y779/uOQCBJGavscOWw== - -----END AGE ENCRYPTED FILE----- - - recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzK2U3YlRLK3BuK1Q0TkYy - SE1lTkVXUUV4NFVuT2V2VjdqUFpBbVFLSTJnCjI3c0xpMnBnV0M0Q0ZHYTdUSVZl - MWNMQXowWitFVTlIMFBadVJ6OHBBR28KLS0tIHJ1M0NkZzFMSndIUjBwN2tFUmF5 - b2pGTmJva2VnOFZlRWxlOW5wMitDUkkKrZyzpch6jTSsumseBEaN8xQXfng4P7ds - JSoock3sEmL4NSfxXSu+PP8kEOXFtu1yAcmSSeVDDhV7jiwE4egu2Q== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-04-02T14:06:11Z" - mac: ENC[AES256_GCM,data:wK8Nb1Vb80UfolzqZOpifZdoEKYu847anowYiCdSluoK+dfHhDhCj7ZxznYV7SwVACIoLsqLR5syRzC861PRBrAujkhbcn7lTc1kQRCjw0gMAbPYR/xiO76EHmiYqnV2UMN0EmuQg1nIRIWY9EO9C7m1b9fjoZFgDsj/7O99aVU=,iv:CJxUKpyNgEYwqLhSvuXoHb+Hu3M7ydKh0WlsjlOtKkM=,tag:4KXmNwwFrqvBjxe656Jvug==,type:str] - unencrypted_suffix: _unencrypted - version: 3.10.1 diff --git a/secrets/services/caddy.yaml b/secrets/services/caddy.yaml index 5f3ea62..9fea4c0 100644 --- a/secrets/services/caddy.yaml +++ b/secrets/services/caddy.yaml @@ -1,5 +1,5 @@ caddy: - env: ENC[AES256_GCM,data:fyP1pPJgO9jN0ypC09s0Sz+HlUX42fl6DxWevYYevKdlKTgz5VHQfbELhy6vejmg9v+zFB3/AtSZfWJQB2dNX4Zm/L42wf5QZ7oYoa9QTujJjRgE96OXM77ioNy2DzFzpGw3w16QoC7zaR8UHSN1KL6qRj5xxKw0U6Apxhc0AuBoLvNHOgn8CHY92Q4OBcA1tJn8tgLB9uZB5Ge/2BlEjdSQ0sZMLkE+dHC4/0IILVFrrv1sWRXvXt6t5njF,iv:tF5GRPFYZSuKRgDAY1e8/J7jNQAEqDpgXlpwWW+1P4E=,tag:lK/BUErXNIPgqXPzGJvPTQ==,type:str] + env: ENC[AES256_GCM,data:uVCkVky5MRRhN+g4f634nBjvpcI5Ldy+eOKXg7eGu9foswTHA1SXDs67+Wuvo/jaPw7Zg67xKZRHnoTon1udQzyfu0T6pmVKfsUPewITYCd+qLTanFz6uVRUHzpUVwjCZNqB8gxNr/BiZ70NG4vQXRjgd3zKFrQYQBr4zSaP2vK1pRdbuQ==,iv:dQBfX4X8huUp2dqY3tEGW+BPZ/XADT10ptt85R7X+AY=,tag:cvMbFjkRHoxxnNfz8dGv5g==,type:str] sops: kms: [] gcp_kms: [] @@ -33,8 +33,8 @@ sops: Q2hBZE1FOHJ3aW5rVmoyK045eG11cmsKFOmP5iWONREZvxu0rM+fKMPQKgnYq5LH AKMZFsP7nnUxjdCXEA18sDg4Rf0qp8i3uQK3D6P7417j9ye/YZA4BQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-03-08T21:05:07Z" - mac: ENC[AES256_GCM,data:vgGCrCJMBxjiCWZYymlaPKTekA1Weprwgtc4xcoPVlDsuljkXDth+aAZPpnakE/nSXhGC6jGJOHdtrsIUTkH2R9WQHIdZDBy+VrVQoV6xE3ijfWyIujcIPwz3s1MGBqRFUYum1XMU5FAcIASiYV7PDxj/f6fsLbjKZCc9/kG3GE=,iv:PSvlssl+Gx+Gcw6/zccIKJDeNz3dJ0kHnPmCrAdBnqQ=,tag:6F/JKBFNxKEgMTyYZ3W0Vg==,type:str] + lastmodified: "2024-12-17T03:25:37Z" + mac: ENC[AES256_GCM,data:bhFBLkT2q6HGtTPtHLVZkKZn00Lbm11/u3qSR19lU2E1SsQ7mpukvCqcTxNWtJ+HHth6yJJfgM6XABKq/9/598L2MgGuF3C/GGS3xpjwHh5RyV8t1lV8cqDaZGjGOMGx35lFQ6DoXOreQrtP/f7MKzf+nVNFr1NbTR8YhqR1xDU=,iv:+fjYlbyIyM9nLagrvE+PUhC2pT7QTsTSQX7ELZ7Wuhs=,tag:GWQv6VmIsWwFzb4bUr5CLg==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.9.4 + version: 3.9.2 diff --git a/secrets/services/hedgedoc.yaml b/secrets/services/hedgedoc.yaml index 0c693dc..84ef3d6 100644 --- a/secrets/services/hedgedoc.yaml +++ b/secrets/services/hedgedoc.yaml @@ -1,6 +1,10 @@ hedgedoc: - env: ENC[AES256_GCM,data:9xnOlQrk1qCyiAHSjmu8dvj2/z/BrJlngNGAQnMwvLsL0pnyvvyJLnYWTDYix1a9o8OJUNLw6Qhq7KbY4uXfxsNZkfGdVHwvkvhySjR2rcX/r90txqHJUUIxE/TzdsBvonzQ0F85KfXhsi69gKHp016gCj+jNf6CCY+tOVpt71el4Z+jzqLHasuQET8GctKJRzHOfNfCx/X2kJeb7RQl3JFC6/VmYT45bUk7uFfveFD9ao03wJwLKi27wO1WDrfpOigFdvkmqpbWZjaILYHYmkdhdlhr7w330CiCmGHT/ssmSPcu5cYUc8tjYPgpYLjusiUzpE5jmut5GaNwZsY9hNuow/mUVnQ/tCDH0ChOq0DQisJ07VMYlRII9tMdcuT4IbjjwiRcYlORAHsTFUuo5DCaDp8a4mx846BGp1YMQsvqJQgOe4x15VMpeB/ptxm79qxcLZKZ3BkiJaKmDdWsVk9RfqVgsxqiq16Me2EQhknO2s/oBjGOaoIiT4NEuRFQl0BIPgIMD0lYzKx0uDaYyclID5W0DqMI+SrcBd+WH/BB9HPdZx92rFe34PzjZse0i6+5UZHXUu8au6CyLMqGkUlzkSFwVT5W7Lv2m9P3+6YjgPRMaYbg8b6kmavB6EtjiqWtTbMKr3nxPVYJc5FRImvebfFqiLy5MWoNV6Qe7TUGIk6QtX2OWBhQ1UB+IpR+180QH7yw7UpgJ9EM8dD2m2/smar5P0BjAaqAFib++GzoB0OfFtxJNUjrejQC11tRWBXYvcHWwa78VbKPul0xqiEMmsAZufMix4lD1EgutTf1CXfv7l0rUpLwkYbWIq2hT5UI53L0YWJDl7zlhi94ANdXV8z8kCvMeXm2Fwl/vIgJ9JuFeVeVYPpXwx2coLBwE6uI4SuFvY1d4ojvzY8KftcHWO7srVzpuwrwW+6gKLwPQyEazv+sRKXAGo0ffMO2/2KRgOu9zGwaOFaNDAZ6gYFDWbPz6TMfNWHzfLEFK5BlVAL8KDb78IODUBYcMr2CX1Y=,iv:LDkuJgxIbohEVf7wmdtOZ/vlPddMYa7uzHGkL+0MnUM=,tag:pnJiCJydjTmUbS761fPUPw==,type:str] + env: ENC[AES256_GCM,data:15rWiIYWyIJ0Hxl5I8m+EBV+FkNDT/OHlLK9shVS46UE7SQtuIh45N5hvwgs0rg9E9Tawu+lyE2aozWNh6HSDUZ1h4FYrB+JHwIetGkOqXSLHfXi,iv:v9ohLTtlxw3fsRoJJoOY5VYxVsxUyDEsQHRjcGKg/GY=,tag:Wncm1reqNblnVhRTYjU3Pg==,type:str] sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] age: - recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn enc: | @@ -20,7 +24,8 @@ sops: enlDZEI2NElkZkI3UmRyQUZqQWE5ZmcK2JlwNzVJNhGjyniIg9UY5tjgUKttkT3e 9C/xag3dQCiqzX1O3o5tdhYnxXw+VxVf+qTFyyuftg5iQPZNuvX6mA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-04-05T21:08:15Z" - mac: ENC[AES256_GCM,data:cPisYUoZWd/vd+wWzz3xTnftj1RdjK20dWFo+MKssm/eu7eCOWDIaZdcJg13gkTleBpMWQy/mG1drC6GLfGQiBmkS99UCPAoo0aLTBL4FbSm6FEXdbVjoOI7URu6Sj31drWCMAm+lXYymWsHwZJrNLhjsCTQsxTPvFq8oOdNlXo=,iv:KpmJoZ/BGEEhZ75jXfXxegNglm7k6mtleRuVud6tX2g=,tag:lsiqX+YSz4mGK6mw9gdKNg==,type:str] + lastmodified: "2024-12-17T03:25:54Z" + mac: ENC[AES256_GCM,data:1cxiK/HhqYzatT2PhZxjvtizII2QMHqbbyOujUtx4cT8x488j2wecu6hOfSkuHbQ43AxA8kDH1NAruPCSdCpj3PytMR+np+R/5WuRcK+OF/FCnWvWvvHqgDnBs/wYjllnR6HyWBlhrROpINxu9ch4fzN0Def3I7O+wJgpojnPiU=,iv:PKPykPv9zSHj9+HXnrg1v8Ty78te66D9ZH6c1V7Qlh4=,tag:JQk68u6p317r3Df+hv16+g==,type:str] + pgp: [] unencrypted_suffix: _unencrypted - version: 3.10.1 + version: 3.9.2 diff --git a/secrets/services/karakeep.yaml b/secrets/services/karakeep.yaml deleted file mode 100644 index cc09262..0000000 --- a/secrets/services/karakeep.yaml +++ /dev/null @@ -1,35 +0,0 @@ -karakeep: - env: ENC[AES256_GCM,data:SWc26EQaKR5d9hMDYzVHA/r7XfjwFZ0d44Co0IS6OayR24ej7yqLAtkNttROKoKFuYc0sHgN9bOy4MyX0s3qiSWYovIIUJgFiJjPQFYDAo+50WR4+5W5FgvYI6e42fcWrQhaCXWQrDyzch/zT2OITZsjXcQhT5E+IiPLVkaGOjGptE07GjM7ZXI4UxBzINFQOhxdfIO0km1o6Wq8GhJdWsz4exz4ahRslR+WjK/flV2GZVAj6EHSJ5sHohm74QlhxaShEbc/8IKP6R2gSjBFP7l8VvwFyIUD9sLzYGvS3iU=,iv:gSPQU0bZ+VRFbuaNDc90dW0ogWX2SMH7kewtq/u/11E=,tag:L0Y4EWSQUhcn2eHt+yZ7qQ==,type:str] -sops: - age: - - recipient: age1sy0at69err83qyml2vqu8xvwjccfws447aaadfvacj2qluw3p45s2mtrw8 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIaWQ1Q1JwRHJxQjNjdTAx - TXRsWjVZOG1mNEptNVhscHBaK2I5MHhjdlFjCkNqOEhwT3hyOHpHQ2k0ZmowUXB4 - eks2dlpUS0V6VjBEYW9UWnhFOEw4VGsKLS0tIFo2a0FTRE5WdHBGVW5DOUFkaE9p - bitvUnJXSnB6UnV3VTEzSjlSYmEwVUEKHOwFCRu+SIyM0uJ6bNEAo+MMlsc8la6G - bLYdCoykcBu+uVXqn3BYTbrS5ylQMRYcbcPFJw5BVdmjIYF4LU5W6A== - -----END AGE ENCRYPTED FILE----- - - recipient: age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrU2ZnNVAyeVdJeHlTSW1x - QUhKRzlNclVUWE1ucHFLZW5sL1lnUDhkd0Y4CjFuekNEOE1icDNqL1JyT0hEYW16 - Q2VyajJFWWtGUnBzOENGOEZHbWROZzAKLS0tIE8wMVc3TkV5Y1VyenIvOW02NDNq - cStTeUcvY1pJWEN2MzFEeThKT0JPc1EKXrtVG49a6YZVKiL1F8Xg3t3niTYv3LwN - NeAQ8srV0F6ckky7OCkvUp9GInZCWRzULXV/x+4IUb6C+KQaNm2vYA== - -----END AGE ENCRYPTED FILE----- - - recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFdDdUSUlmMk5VcytyT01N - UmRaK2k5Wkh5SlhPT3QrczY2eW9vZk5KWFZBCnBteitnNFlHdWRaaTRxSWYvYmtG - ZnY5ZXlYa3Z5aENlRy9BQjVSU1F3UzQKLS0tIFpjN1dOaWNKaU9PaENyaXc1K3BU - K2orZ0Y2Z05LSUZ5WHQ4TnVVY0QwSzQKiUQT4aSxXnaq0kEMp+q5WnIUoGypEmZ+ - DQEhkB9yu/BrkjXH+HGQr1W5B4sJyb5rnl0+SQ+IypRIRyaX4CdFxg== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-04-05T19:44:58Z" - mac: ENC[AES256_GCM,data:OmqsJI9BaICOTiH1cq4gZlNBbkAxn/pAOWBtkIjHdqpikABLG6fMY+sLpyeaovXjexIj9MZk7fPmV8dRZ5VNLHCqlYXK/cVoQBZ2HK+p/cGTAFelNAShu9NSgZdFmVgJJtOjVvFp8dtuY8VcQj861k/MPX0mNZt9pmXYdumjpNM=,iv:efHkp1KUctwtCjG9A8i5qs7nQfQqv2ya1yYlHHOt8pU=,tag:4lChpspl0oOUMiXzvGuA2Q==,type:str] - unencrypted_suffix: _unencrypted - version: 3.10.1 diff --git a/secrets/services/searx.yaml b/secrets/services/searx.yaml deleted file mode 100644 index 46df77e..0000000 --- a/secrets/services/searx.yaml +++ /dev/null @@ -1,31 +0,0 @@ -searx: - env: ENC[AES256_GCM,data:VWLft5+85mNA8k3VynVBz2V+8zcg97UtHfucpaAcKbA+CQdGUbqLesQSu9a7tNRI7+OdI1qPJj5HTzP8tpGN5f39D4brtyo4fN8n8zAd,iv:F70wq9qJiFjEjJeZeFCyQskLdBR3nd/CR/UW/dE9gTo=,tag:/W8FhRC180aAdzjD5v0vZw==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEM3VXOVZBSVdZMzBOVzJD - Y0ZvWUtFUW5pMUZnYjdxdHQvWDBEVmU1L2hBCi8zcEszZThwcGQ5WUdRTWFUWCtP - WWE0OVJIOXpCMGJZc3J6TmVCMGN2TUUKLS0tIEwxVDJLTkdrK3g2TG9iWml6aEFR - d3NOS245SmV3K1dlaHdnMHpVSzlYQk0KnDSK1C1sEeBVMX80DqjJRrGFx+WkNijg - XEf/Jq//qzgvX24fOl4X4xGTRfBMbLlznLs4N6WtIY7aVcW5N041jQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCOGFaWkY1TWhvQUhENHUx - cUk4b2FpeCs5eUMyQ2FhZzVKdHY1MVIzWUhRCmw0eEhwYjl2OFNoQkZRVW43REQy - OGpNWFRTWEF4NFFuU1lpTFdKY3lBNEEKLS0tIFNET0JBZmxoSGhWdTIwL0x2Ris3 - ZHhidlJHT08rR3ZuME9UQmovRTFGNlkK83k2wqXQvxeURrUE/hXoZMDc9lqkgBuL - W/UWt/PBorp1/WRqO6dpuu9N2S9i6VCPJH0jdoHMWEqWuRIENFKVhQ== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-03-08T20:52:15Z" - mac: ENC[AES256_GCM,data:UGFkCgmgRofmX2gQR2W2DD0u4LowQ9pmUxPOgpLVaKGasEoNWJMGu7A7rUIpHvuUomoL6q8aiWs3kiIuZrTQ3CB5gawmU9pPiEseOAdbww4beIcnUmumwmCLH46XYQdaooPaz8bIncW/gFePRpVB2Oef1pYeryXkbZRwBm+bPOI=,iv:GGFjerxpLH8C1m50AiKoEJxj+lGRYNMe4Y7k4u232v8=,tag:woww///+80wakvzYoyWCqQ==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.9.4 diff --git a/secrets/services/tailscale.yaml b/secrets/services/tailscale.yaml deleted file mode 100644 index 27997b8..0000000 --- a/secrets/services/tailscale.yaml +++ /dev/null @@ -1,31 +0,0 @@ -tailscale: - auth: ENC[AES256_GCM,data:7gGiUBRUK25Tp5y/5DDZKOTxKPFFfN1UUeBOdMLLQqobq643MKdJ9imxkKmKFg/FwgLYft/uzdxQGGlE7Q==,iv:HRmd+T1QuTYP8VrX/bZt8dWSwm5rcUvpEMqCMPfxjE4=,tag:PRZn2Pm6yydfEULrYGM6yg==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2Z1JZZmZMaDQ3UHYvbXYr - c05RaEMxUGJXSGczUDBkL1UxT0hjQ0VNNkJNClFUNmJ5d3gyaHFwMTdNVW9GQ2ly - V3haMkx5Z1B5dmJ0SE4wY0UzMWswQ0EKLS0tIGNpZVo3UmtHcjFZVE5FMmdpOGMx - UFZGb3I1L3FJYVE2VjJ5aTVoZlo4bFUKwH2sPBwuLQXrHmiKYSu4Eut/H2j/2tUW - 1y8Eph7l6w3kfhZRRbo6cZ8gcbZNHPSPeAvWf/TpYumiTt1WBt8SMw== - -----END AGE ENCRYPTED FILE----- - - recipient: age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSVXBMTEMrY1NGa1NBSjZP - R04wYUsrdGlVa3FnL1NYVG4xdUdqeHNnM0ZJCmhMSzFoRVFSOFBrQlU3VUtwaU0r - TEtad1B5NGh3OW1oajNvckhJcExrU0kKLS0tIFc5K3JOVTUvSFU1dmQxMUFRZ1o3 - em5IemlsM29zVy9GK3RmTlgzVnRpMDAKRatmFgCdoXcypQ+1EDedCuVctl0SFMf4 - kjtHrTSpept/y9bpTUy656aPRQ1LvqvfPs7Co1ssC/YWFroDsLgv4w== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-01-24T05:26:20Z" - mac: ENC[AES256_GCM,data:GbQrLESUR/x+eLzukOR1FaJsd8zxlrz9dc/2kDBKUYAgI8L4QwLmwRuzpaIJgNLv2PdLTW83oSC8ekxR8fmsap40DpiygcrmPdPUeVFbEPaz7SSvU+DCgB0UX+qNQ9aOQ0BIbeKKOIj3r9enGv2o6DKY8I85n7VXjnGZAmCf1C8=,iv:UrtVqRGwvOpXOH3X3qF6ZF+VwqO0VGt+hFG7r6oUqCg=,tag:TD4mG3t5ORYgAS0GBmA7Eg==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.9.3 diff --git a/secrets/services/zipline.yaml b/secrets/services/zipline.yaml deleted file mode 100644 index 0d233c3..0000000 --- a/secrets/services/zipline.yaml +++ /dev/null @@ -1,31 +0,0 @@ -zipline: - env: ENC[AES256_GCM,data:5n056AoWvM4PXBCxm+tk2G9qOugRpA/n5YRrxTtB7XBBQmRQNaP2a6AbAnWX665yFGQsB0iHdSER3sY78RqUL0gFKupVq1UAT8A2Wi0HqcFMqUs2drXjIksdmI6hTLk9TCxtPy0VbPieIshO2VEYesUqitTZ01i8Hj5CyF8yFC6t9eQ2L9iKLm5gje80MoqQT4IFx+V5B4ExP3fzhcpfr8StGHKHvG59nc40KQAW38i/95H3nncScOBfSQSNH61wLnDjecr8srxELO/j2iOKD9JzmqYLQr8TLKNw7KIIhDMAmuNeQhG1YXtj7/nj6gHN6cHpcHPgUdWID/Y6MHcndDCIJnyC2Qeod5ShOn53IjL7C8VZ940o9LfwNz22sx1SYZEwRGktIhUY0c4IL/4bUvhxwTcMH9ITYU8eVfG/QSnr8B4=,iv:juf0dRagztirDN89Jj+v8k62BBl9TU12A8TdR/m8qDA=,tag:WakN+bOYfF4YrleIsAg+OQ==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDUDFDSnFEM1NZK0lSMnUx - YkI3MWlpY1VjYXdaKzBCOFc5NWp5NXdBbkdVCmI0Z2tuSXBOSFN2NXJTUWxKQXNu - SGhhTTYzUDFSOFFXdU5aVHlmYnJNa1UKLS0tIGlrUTErQkVRdFBYYWxUcklHaUVY - UkQ3eVlDR2lMOEZGNXRjU3J3RXpwZkUKNJL/dvPsGu0AJiXryR8uSM0jE//cQi0b - AeYUjXLRcouUq5zWL6AsKDOUAo9t//AAFZqv3DGUboR8UzdymYRYMw== - -----END AGE ENCRYPTED FILE----- - - recipient: age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0Wk9ZYkExU3k0ZWpOZEhF - TkswRGxTd1hpcGJaa1pmcUJFQnZMcGV6L0ZFCnp3K05YdU56WUl1TktVSFNQWWZH - bG5COXVuSjFCUWpEYXQweVFPaDAzcTQKLS0tIFgralQ1TWUzajVOM3RyS3RDcnRx - WHZSeVJIaGRldmhmcWZvT3YzL3hPbFEKVUtCU1l/RhFOlwdjE0ejW/Ym+cMVNxIW - AdvVcWoilMGTsDJIIlLu7fPbhmGotPvqGjxMC2yEpEgJUt/rsz2vPA== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-02-23T21:43:15Z" - mac: ENC[AES256_GCM,data:nI7xnLUMtseY9q8XZ3owb6qtRBtaRmmNNK4Z5ELHaI85VowdItZXMFN9faCVuCVTzhKp/4WC8jm96k7eWxytzW6r6KRvKDrUaRV27UweraK2Oe8et7u+oIEPh6HkNuZFB+qPiFYdfc+qQeTIKwayEVLeVWyvQKVDBhBxZd9UArg=,iv:q4hRQVat+LHVbYnF6QLE8iBdBeacJVUBKmMe4tbU8YU=,tag:6m4+SU1BFXMPORqe9vgXAw==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.9.4 diff --git a/secrets/yt/aws.yaml b/secrets/yt/aws.yaml deleted file mode 100644 index 0a48d33..0000000 --- a/secrets/yt/aws.yaml +++ /dev/null @@ -1,36 +0,0 @@ -aws: - key_id: ENC[AES256_GCM,data:euyq+QtSXv1UR5eOJfvZARhm5L2AuzKIOk8=,iv:RseSyVArmrawNzlwjNh6FScJF2O+F4FBuIq47uMQQEA=,tag:bkZJeX3rUHb1yZu8dytgcg==,type:str] - key_secret: ENC[AES256_GCM,data:27BHAU5suCIiSKAf0+1yNa/VJ0umErb6Ry8HI+Zfv6LV+7eB+wk8H3kxdV4wmY2XayHsUrD4FZa30O0a9PdJgA==,iv:oI2X7PCXDZBkUOikHM8S7gHsnMtWp7jxBqdmfbUlrwU=,tag:9mZ3H2jobKqYmw6S4NNpjw==,type:str] - _r2_key_id: ENC[AES256_GCM,data:R0xwzUx+6l9SR3Fd93PfJw+WPV0ByzOKMxoJQtn4pEE=,iv:qHmr/HssM8U3znbGznSIOwkAhNaORkCkG9lqAmCKmfw=,tag:LhuiiKSq/VnNEulgrS71vg==,type:str] - _r2_key_secret: ENC[AES256_GCM,data:Dw5Gq1URjMpy9Bh1IBYf+/EnkvQA/4yAC4kdoACpCUuJQxdQphFKwWmxJX+Q/oztO1imWoGIxlZNNDr5QCqXaA==,iv:hGePo+Ffe48n1BXI1f2V12C9Gn1CC1nTwbSsfqUGQ3c=,tag:AIy/F3jPGz2WHge3Mk43Ag==,type:str] - _garage_key_id: ENC[AES256_GCM,data:2lLS1nBhrwBkJh/ei7FwBoR6jOI6KCJkvOs=,iv:jwB7ZEaKOPIwghcGRs3qaICypoHgSxkFBOyB6e5hpYI=,tag:Iqwv3j1R1uLLUDKLhN1Atg==,type:str] - _garage_key_secret: ENC[AES256_GCM,data:5iwwMfojHrR79cOIY+9O2oVY8v1cbPcECMSOMhWuGAdc2lfCogKBwLM4TFwBH9X1Vx56QvUoxCQ2uSyfOMLR7A==,iv:Q523ttz6ijmv8/JlVZuldFR4IabEKiVN4sGmJ9xDJU0=,tag:ZZ4LRG4DXOC7LY8hEjXYHQ==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1sy0at69err83qyml2vqu8xvwjccfws447aaadfvacj2qluw3p45s2mtrw8 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKaUZKbTVjZ1NEWlE5RzZT - T1dKdkRQajEva0tpRXhxYUlYWmw1b3MwSFZvCmhteVJ2VGhVNnZTZkJlem1OT3dL - dGlQTWdOUlo3TXNOS0wvNlpqVWpZSFEKLS0tIC9DNjY3OW1zWUlRQ1ZEOGlBRk9R - azQxMGhQejQ5M0N1YjFtSW5uVnRCQ3MKtt26G2PxIry/lppOT/NUX8jebEb5NgqO - HuHj7WT51Gtotfgb22VfGeOCaw9+pPYSjdk9WV4z57r7Z/lylALKRw== - -----END AGE ENCRYPTED FILE----- - - recipient: age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPaVIwbExDUjJiVFpHOFJu - dk1SUHc5UDRFUENsbkg2RmQvazdEZ1NKeEhvCjVCNzdwRFN0aUZJL0pVSTI1RUxv - Ymhhc0tsSENVa1VUKzRBZk5IcjEvNFUKLS0tIFpPNlRXOVYyVnpyUmtLMTFqNlZ0 - UlYrTExEUVc0dURLR1czN3BnYzZ2VGMKCbAgM50jvs9VciA1Pb/VY+2I4x62LBGe - j7eHkfTFc8Gnk/rZA9/ZJDLFr/FUPMQWK/NVoz6oLjO6oVFXqN6OqA== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-03-16T16:45:13Z" - mac: ENC[AES256_GCM,data:DCx4uVuy53Gz9Ha2p/GjxTigKw/dJ0gvWIAII9AtKQCURu1OfiJ6Lp/ht6ndJwn25em11uppN371pQGxa8FRtLL+dX/YgoDmOw3Tgo3lc5VLBzalRqXHInOGHfgv9k1jHNq6zokKbBLDItBnUNOCvsLTXXenVRYdnkiuf3QPGhk=,iv:gBbbH/nJExK/dEXKHo+cCr+rxQ4uJQWweK0lYT7amsM=,tag:9GaCGFrcinqGfpibUNQ75w==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.9.4