diff --git a/.github/workflows/build-and-cache.yml b/.github/workflows/build-and-cache.yml deleted file mode 100644 index 79ebbee..0000000 --- a/.github/workflows/build-and-cache.yml +++ /dev/null @@ -1,38 +0,0 @@ -name: build and cache random stuff - -on: - workflow_dispatch: - push: - -jobs: - build: - strategy: - matrix: - package: - - .#attic-client - - .#attic-server - - .#eza - - runs-on: ubuntu-latest - steps: - - uses: DeterminateSystems/nix-installer-action@main - with: - logger: pretty - - - uses: DeterminateSystems/magic-nix-cache-action@main - - - uses: cachix/cachix-action@v15 - with: - name: cything - authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}" - - - name: Setup Attic cache - uses: ryanccn/attic-action@v0 - with: - endpoint: ${{ vars.ATTIC_ENDPOINT }} - cache: ${{ vars.ATTIC_CACHE }} - token: ${{ secrets.ATTIC_TOKEN }} - - - uses: actions/checkout@v4 - - - run: nix build '${{ matrix.package }}' diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml new file mode 100644 index 0000000..c99920b --- /dev/null +++ b/.github/workflows/build-machines-and-homes.yml @@ -0,0 +1,147 @@ +name: build and cache machines and homes +on: + workflow_dispatch: + push: + pull_request: + +env: + ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }} + NIX_CONFIG: | + show-trace = true + experimental-features = nix-command flakes + accept-flake-config = true + system-features = nixos-test benchmark big-parallel kvm + secret-key-files = /home/runner/cache-priv-key.pem + extra-substituters = https://nixcache.cy7.sh + extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= + TERM: ansi + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets. AWS_SECRET_ACCESS_KEY }} + +jobs: + build-machines: + strategy: + fail-fast: false + matrix: + machine: + - chunk + - ytnix + os: + - ubuntu-latest + runs-on: ${{ matrix.os }} + + steps: + - name: Maximize build disk space + uses: easimon/maximize-build-space@v10 + with: + overprovision-lvm: true + swap-size-mb: 1024 + remove-dotnet: 'true' + remove-android: 'true' + remove-haskell: 'true' + remove-codeql: 'true' + remove-docker-images: 'true' + build-mount-path: /nix + + - name: setup binary cache key + run: echo "${{ secrets.NIX_CACHE_SECRET_KEY }}" >> /home/runner/cache-priv-key.pem + + - name: Install Nix + uses: cachix/install-nix-action@v30 + + - name: Install Lix + run: | + sudo $(which nix) run \ + 'git+https://git.lix.systems/lix-project/lix?ref=refs/tags/2.92.0' -- \ + upgrade-nix + nix --version + + - name: Sync repository + uses: actions/checkout@v4 + with: + persist-credentials: false + + - name: build + run: | + package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" + nix build -L "$package" + + - name: cache + # https://stackoverflow.com/a/58859404 + if: '!cancelled()' + run: | + package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" + derivations=() + while IFS=$'\n' read derivation; do + derivations+=("$derivation") + done < <(nix path-info --derivation "$package") + + for derivation in "${derivations[@]}"; do + nix copy -j8 \ + --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ + $(nix-store --query --requisites --include-outputs "$derivation") + done + + build-homes: + strategy: + fail-fast: false + matrix: + home: + - yt@ytnix + - yt@chunk + os: + - ubuntu-latest + # - macos-latest + runs-on: ${{ matrix.os }} + + steps: + - name: Maximize build disk space + uses: easimon/maximize-build-space@v10 + with: + overprovision-lvm: true + swap-size-mb: 1024 + remove-dotnet: 'true' + remove-android: 'true' + remove-haskell: 'true' + remove-codeql: 'true' + remove-docker-images: 'true' + build-mount-path: /nix + + - name: setup binary cache key + run: echo "${{ secrets.NIX_CACHE_SECRET_KEY }}" >> /home/runner/cache-priv-key.pem + + - name: Install Nix + uses: cachix/install-nix-action@v30 + + - name: Install Lix + run: | + sudo $(which nix) run \ + 'git+https://git.lix.systems/lix-project/lix?ref=refs/tags/2.92.0' -- \ + upgrade-nix + nix --version + + - name: Sync repository + uses: actions/checkout@v4 + with: + persist-credentials: false + + - name: build + run: | + package=".#homeConfigurations."${{ matrix.home }}".activationPackage" + nix build -L "$package" + + - name: cache + # https://stackoverflow.com/a/58859404 + if: '!cancelled()' + run: | + package=".#homeConfigurations."${{ matrix.home }}".activationPackage" + derivations=() + while IFS=$'\n' read derivation; do + derivations+=("$derivation") + done < <(nix path-info --derivation "$package") + + for derivation in "${derivations[@]}"; do + nix copy -j8 \ + --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ + $(nix-store --query --requisites --include-outputs "$derivation") + done diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml new file mode 100644 index 0000000..a26c2ee --- /dev/null +++ b/.github/workflows/build-packages.yml @@ -0,0 +1,81 @@ +name: build and cache packages +on: + workflow_dispatch: + inputs: + package: + description: "package to build" + required: false + type: string + +env: + ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }} + NIX_CONFIG: | + show-trace = true + experimental-features = nix-command flakes + accept-flake-config = true + secret-key-files = /home/runner/cache-priv-key.pem + extra-substituters = https://nixcache.cy7.sh + extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= + TERM: ansi + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets. AWS_SECRET_ACCESS_KEY }} + +jobs: + build-packages: + strategy: + fail-fast: false + matrix: + package: + - ${{ inputs.package }} + os: + - ubuntu-latest + - ubuntu-24.04-arm + # - macos-latest + # - macos-13 + runs-on: ${{ matrix.os }} + + steps: + - name: setup binary cache key + run: echo "${{ secrets.NIX_CACHE_SECRET_KEY }}" >> /home/runner/cache-priv-key.pem + + - name: Install Nix + uses: cachix/install-nix-action@v30 + + - name: Install Lix + run: | + sudo $(which nix) run \ + 'git+https://git.lix.systems/lix-project/lix?ref=refs/tags/2.92.0' -- \ + upgrade-nix + nix --version + + - name: Sync repository + uses: actions/checkout@v4 + with: + persist-credentials: false + + - run: nix build -L ${{ matrix.package }} + + - name: cache result + # https://stackoverflow.com/a/58859404 + if: '!cancelled()' + run: | + derivations=() + while IFS=$'\n' read derivation; do + derivations+=("$derivation") + done < <(nix path-info --derivation "${{ matrix.package }}") + + for derivation in "${derivations[@]}"; do + nix copy -j8 \ + --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ + $(nix-store --query --requisites --include-outputs "$derivation") + done + + - name: prepare tarball to upload + run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result + + - name: upload result + uses: actions/upload-artifact@v4 + with: + name: ${{ matrix.os }} + path: result.tar + if-no-files-found: error diff --git a/.github/workflows/lazy-update.yml b/.github/workflows/lazy-update.yml deleted file mode 100644 index 7229ab9..0000000 --- a/.github/workflows/lazy-update.yml +++ /dev/null @@ -1,26 +0,0 @@ -name: "update lazy plugins" -on: - repository_dispatch: - workflow_dispatch: - schedule: - - cron: "0 3 * * *" -permissions: - pull-requests: write - contents: write -jobs: - update-lazy-plugins: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - with: - submodules: true - - uses: cachix/install-nix-action@v30 - - name: Update vim plugins - run: | - export XDG_CONFIG_HOME=$PWD/home - nix run nixpkgs#neovim -- --headless "+Lazy! update" +qa - - name: Create Pull Request - uses: peter-evans/create-pull-request@v7 - with: - title: update lazy plugins - commit-message: update neovim plugins diff --git a/.github/workflows/mirror.yml b/.github/workflows/mirror.yml deleted file mode 100644 index ae04c89..0000000 --- a/.github/workflows/mirror.yml +++ /dev/null @@ -1,19 +0,0 @@ -name: mirror to gitlab -on: [push] -jobs: - build: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v1 - - name: mirror - uses: SvanBoxel/gitlab-mirror-and-ci-action@5c211f993d35256d96b772d995972f434b94e11a - with: - args: "https://git.cything.io/cy/infra" - env: - FOLLOW_TAGS: "true" - FORCE_PUSH: "true" - GITLAB_HOSTNAME: "git.cything.io" - GITLAB_USERNAME: "cy" - GITLAB_PASSWORD: ${{ secrets.GITLAB_PASSWORD }} - GITLAB_PROJECT_ID: "2" - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.sops.yaml b/.sops.yaml index 4966beb..9e9a860 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -98,3 +98,34 @@ creation_rules: - age: - *chunk - *cy + - path_regex: secrets/services/garage.yaml + key_groups: + - age: + - *chunk + - *cy + - path_regex: secrets/services/tailscale.yaml + key_groups: + - age: + - *chunk + - *cy + - path_regex: secrets/yt/(.*).yaml$ + key_groups: + - age: + - *yt + - *cy + - path_regex: secrets/services/zipline.yaml + key_groups: + - age: + - *chunk + - *cy + - path_regex: secrets/services/searx.yaml + key_groups: + - age: + - *chunk + - *cy + - path_regex: secrets/cache-priv-key.pem + key_groups: + - age: + - *yt + - *cy + - *chunk diff --git a/flake.lock b/flake.lock index af0f5d2..20d9470 100644 --- a/flake.lock +++ b/flake.lock @@ -1,71 +1,244 @@ { "nodes": { - "crane": { + "attic": { "inputs": { + "crane": [ + "crane" + ], + "flake-compat": [ + "flake-compat" + ], + "flake-parts": [ + "flake-parts" + ], + "nix-github-actions": "nix-github-actions", "nixpkgs": [ - "lanzaboote", "nixpkgs" + ], + "nixpkgs-stable": [ + "nixpkgs-stable" ] }, "locked": { - "lastModified": 1717535930, - "narHash": "sha256-1hZ/txnbd/RmiBPNUs7i8UQw2N89uAK3UzrGAWdnFfU=", - "owner": "ipetkov", - "repo": "crane", - "rev": "55e7754ec31dac78980c8be45f8a28e80e370946", + "lastModified": 1738524606, + "narHash": "sha256-hPYEJ4juK3ph7kbjbvv7PlU1D9pAkkhl+pwx8fZY53U=", + "owner": "zhaofengli", + "repo": "attic", + "rev": "ff8a897d1f4408ebbf4d45fa9049c06b3e1e3f4e", "type": "github" }, "original": { - "owner": "ipetkov", - "repo": "crane", + "owner": "zhaofengli", + "repo": "attic", "type": "github" } }, - "disko": { + "cachix": { "inputs": { - "nixpkgs": [ - "nixpkgs" - ] + "devenv": "devenv", + "flake-compat": "flake-compat", + "git-hooks": "git-hooks", + "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1734088167, - "narHash": "sha256-snPBgTqwn3FPZVdFC5yt7Bnk3squim1vZOZ8CObWykk=", - "owner": "nix-community", - "repo": "disko", - "rev": "65a441502c9382d41ada1adbc9bd31d6c9b00fe2", + "lastModified": 1737621947, + "narHash": "sha256-8HFvG7fvIFbgtaYAY2628Tb89fA55nPm2jSiNs0/Cws=", + "owner": "cachix", + "repo": "cachix", + "rev": "f65a3cd5e339c223471e64c051434616e18cc4f5", "type": "github" }, "original": { - "owner": "nix-community", + "owner": "cachix", + "ref": "master", + "repo": "cachix", + "type": "github" + } + }, + "cachix_2": { + "inputs": { + "devenv": [ + "conduwuit", + "cachix", + "devenv" + ], + "flake-compat": [ + "conduwuit", + "cachix", + "devenv" + ], + "git-hooks": [ + "conduwuit", + "cachix", + "devenv" + ], + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1728672398, + "narHash": "sha256-KxuGSoVUFnQLB2ZcYODW7AVPAh9JqRlD5BrfsC/Q4qs=", + "owner": "cachix", + "repo": "cachix", + "rev": "aac51f698309fd0f381149214b7eee213c66ef0a", + "type": "github" + }, + "original": { + "owner": "cachix", "ref": "latest", - "repo": "disko", + "repo": "cachix", "type": "github" } }, - "eza": { + "complement": { + "flake": false, "locked": { - "lastModified": 1736397430, - "narHash": "sha256-l00P7P3zcx8rzYOOQMNUwBqK/yz/4Cv8G8+pYbfyQ5Y=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "d722e8ce81cf103280ce1ff65accb3fc25cbd2ba", + "lastModified": 1741891349, + "narHash": "sha256-YvrzOWcX7DH1drp5SGa+E/fc7wN3hqFtPbqPjZpOu1Q=", + "owner": "girlbossceo", + "repo": "complement", + "rev": "e587b3df569cba411aeac7c20b6366d03c143745", "type": "github" }, "original": { - "owner": "nixos", - "repo": "nixpkgs", - "rev": "d722e8ce81cf103280ce1ff65accb3fc25cbd2ba", + "owner": "girlbossceo", + "ref": "main", + "repo": "complement", + "type": "github" + } + }, + "conduwuit": { + "inputs": { + "attic": [ + "attic" + ], + "cachix": "cachix", + "complement": "complement", + "crane": [ + "crane" + ], + "fenix": "fenix", + "flake-compat": [ + "flake-compat" + ], + "flake-utils": [ + "flake-utils" + ], + "liburing": "liburing", + "nix-filter": "nix-filter", + "nixpkgs": [ + "nixpkgs" + ], + "rocksdb": "rocksdb" + }, + "locked": { + "lastModified": 1742266954, + "narHash": "sha256-PoVjZXR24r1WPyWWK+DZDAlVr4otn/BcxY7/jd8fehM=", + "owner": "girlbossceo", + "repo": "conduwuit", + "rev": "7bf92c8a3710eeff229bd86bc81a89daa94b66d5", + "type": "github" + }, + "original": { + "owner": "girlbossceo", + "repo": "conduwuit", + "type": "github" + } + }, + "crane": { + "locked": { + "lastModified": 1742317686, + "narHash": "sha256-ScJYnUykEDhYeCepoAWBbZWx2fpQ8ottyvOyGry7HqE=", + "owner": "ipetkov", + "repo": "crane", + "rev": "66cb0013f9a99d710b167ad13cbd8cc4e64f2ddb", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "devenv": { + "inputs": { + "cachix": "cachix_2", + "flake-compat": [ + "conduwuit", + "cachix", + "flake-compat" + ], + "git-hooks": [ + "conduwuit", + "cachix", + "git-hooks" + ], + "nix": "nix", + "nixpkgs": [ + "conduwuit", + "cachix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1733323168, + "narHash": "sha256-d5DwB4MZvlaQpN6OQ4SLYxb5jA4UH5EtV5t5WOtjLPU=", + "owner": "cachix", + "repo": "devenv", + "rev": "efa9010b8b1cfd5dd3c7ed1e172a470c3b84a064", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "devenv", + "type": "github" + } + }, + "fenix": { + "inputs": { + "nixpkgs": [ + "conduwuit", + "nixpkgs" + ], + "rust-analyzer-src": "rust-analyzer-src" + }, + "locked": { + "lastModified": 1740724364, + "narHash": "sha256-D1jLIueJx1dPrP09ZZwTrPf4cubV+TsFMYbpYYTVj6A=", + "owner": "nix-community", + "repo": "fenix", + "rev": "edf7d9e431cda8782e729253835f178a356d3aab", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "main", + "repo": "fenix", "type": "github" } }, "flake-compat": { "flake": false, "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", "owner": "edolstra", "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_2": { + "locked": { + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", "type": "github" }, "original": { @@ -77,16 +250,39 @@ "flake-parts": { "inputs": { "nixpkgs-lib": [ - "lanzaboote", + "conduwuit", + "cachix", + "devenv", + "nix", "nixpkgs" ] }, "locked": { - "lastModified": 1717285511, - "narHash": "sha256-iKzJcpdXih14qYVcZ9QC9XuZYnPc6T8YImb6dX166kw=", + "lastModified": 1712014858, + "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8", + "rev": "9126214d0a59633752a136528f5f3b9aa8565b7d", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_2": { + "inputs": { + "nixpkgs-lib": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1741352980, + "narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9", "type": "github" }, "original": { @@ -100,11 +296,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "owner": "numtide", "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { @@ -113,7 +309,124 @@ "type": "github" } }, + "flake-utils_2": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flakey-profile": { + "locked": { + "lastModified": 1712898590, + "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=", + "owner": "lf-", + "repo": "flakey-profile", + "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d", + "type": "github" + }, + "original": { + "owner": "lf-", + "repo": "flakey-profile", + "type": "github" + } + }, + "garage": { + "inputs": { + "crane": [ + "crane" + ], + "flake-compat": [ + "flake-compat" + ], + "flake-utils": [ + "flake-utils" + ], + "nixpkgs": [ + "nixpkgs" + ], + "rust-overlay": [ + "rust-overlay" + ] + }, + "locked": { + "lastModified": 1742243551, + "narHash": "sha256-hp2tKtJHW/vbiIT4hRhP8cfZEACAWZ92lCdaO9WEi2E=", + "owner": "deuxfleurs-org", + "repo": "garage", + "rev": "6906a4ff12838da2a74bdaeb7e7cd05cd1d69699", + "type": "github" + }, + "original": { + "owner": "deuxfleurs-org", + "repo": "garage", + "type": "github" + } + }, + "git-hooks": { + "inputs": { + "flake-compat": [ + "conduwuit", + "cachix", + "flake-compat" + ], + "gitignore": "gitignore", + "nixpkgs": [ + "conduwuit", + "cachix", + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1733318908, + "narHash": "sha256-SVQVsbafSM1dJ4fpgyBqLZ+Lft+jcQuMtEL3lQWx2Sk=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "6f4e2a2112050951a314d2733a994fbab94864c6", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, "gitignore": { + "inputs": { + "nixpkgs": [ + "conduwuit", + "cachix", + "git-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_2": { "inputs": { "nixpkgs": [ "lanzaboote", @@ -142,11 +455,11 @@ ] }, "locked": { - "lastModified": 1736366465, - "narHash": "sha256-Fo68EF6p/N9GJyHiAUbXtiE7IJlb3IMjK86LuxFMsRU=", + "lastModified": 1742305478, + "narHash": "sha256-iYCinzZnnUeCkZ031qGRwPdwRsqW6o9Y0MgGpA7Zva4=", "owner": "nix-community", "repo": "home-manager", - "rev": "7e00856596891850ba5ad4c5ecd2ed74468c08c5", + "rev": "fb74bb76d94a6c55632376c931fc108131260ee9", "type": "github" }, "original": { @@ -155,116 +468,461 @@ "type": "github" } }, + "ixx": { + "inputs": { + "flake-utils": [ + "nixvim", + "nuschtosSearch", + "flake-utils" + ], + "nixpkgs": [ + "nixvim", + "nuschtosSearch", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1729958008, + "narHash": "sha256-EiOq8jF4Z/zQe0QYVc3+qSKxRK//CFHMB84aYrYGwEs=", + "owner": "NuschtOS", + "repo": "ixx", + "rev": "9fd01aad037f345350eab2cd45e1946cc66da4eb", + "type": "github" + }, + "original": { + "owner": "NuschtOS", + "ref": "v0.0.6", + "repo": "ixx", + "type": "github" + } + }, "lanzaboote": { "inputs": { - "crane": "crane", - "flake-compat": "flake-compat", - "flake-parts": "flake-parts", - "flake-utils": "flake-utils", + "crane": [ + "crane" + ], + "flake-compat": [ + "flake-compat" + ], + "flake-parts": [ + "flake-parts" + ], "nixpkgs": [ "nixpkgs" ], "pre-commit-hooks-nix": "pre-commit-hooks-nix", - "rust-overlay": "rust-overlay" + "rust-overlay": [ + "rust-overlay" + ] }, "locked": { - "lastModified": 1718178907, - "narHash": "sha256-eSZyrQ9uoPB9iPQ8Y5H7gAmAgAvCw3InStmU3oEjqsE=", + "lastModified": 1741442524, + "narHash": "sha256-tVcxLDLLho8dWcO81Xj/3/ANLdVs0bGyCPyKjp70JWk=", "owner": "nix-community", "repo": "lanzaboote", - "rev": "b627ccd97d0159214cee5c7db1412b75e4be6086", + "rev": "d8099586d9a84308ffedac07880e7f07a0180ff4", "type": "github" }, "original": { "owner": "nix-community", - "ref": "v0.4.1", + "ref": "master", "repo": "lanzaboote", "type": "github" } }, + "libgit2": { + "flake": false, + "locked": { + "lastModified": 1697646580, + "narHash": "sha256-oX4Z3S9WtJlwvj0uH9HlYcWv+x1hqp8mhXl7HsLu2f0=", + "owner": "libgit2", + "repo": "libgit2", + "rev": "45fd9ed7ae1a9b74b957ef4f337bc3c8b3df01b5", + "type": "github" + }, + "original": { + "owner": "libgit2", + "repo": "libgit2", + "type": "github" + } + }, + "liburing": { + "flake": false, + "locked": { + "lastModified": 1740613216, + "narHash": "sha256-NpPOBqNND3Qe9IwqYs0mJLGTmIx7e6FgUEBAnJ+1ZLA=", + "owner": "axboe", + "repo": "liburing", + "rev": "e1003e496e66f9b0ae06674869795edf772d5500", + "type": "github" + }, + "original": { + "owner": "axboe", + "ref": "master", + "repo": "liburing", + "type": "github" + } + }, + "lix": { + "flake": false, + "locked": { + "lastModified": 1741888409, + "narHash": "sha256-gJ7QmlwsJ/QdwUjwTjifNo3v7OBQm2N6xa19l3mMWM4=", + "rev": "20edd45ae816c73504ddfb9c678756e003ceeafd", + "type": "tarball", + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/20edd45ae816c73504ddfb9c678756e003ceeafd.tar.gz?rev=20edd45ae816c73504ddfb9c678756e003ceeafd" + }, + "original": { + "type": "tarball", + "url": "https://git.lix.systems/lix-project/lix/archive/main.tar.gz" + } + }, + "lix-module": { + "inputs": { + "flake-utils": [ + "flake-utils" + ], + "flakey-profile": "flakey-profile", + "lix": "lix", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1741894565, + "narHash": "sha256-2FD0NDJbEjUHloVrtEIms5miJsj1tvQCc/0YK5ambyc=", + "ref": "refs/heads/main", + "rev": "a6da43f8193d9e329bba1795c42590c27966082e", + "revCount": 136, + "type": "git", + "url": "https://git.lix.systems/lix-project/nixos-module" + }, + "original": { + "type": "git", + "url": "https://git.lix.systems/lix-project/nixos-module" + } + }, + "nil": { + "inputs": { + "flake-utils": [ + "flake-utils" + ], + "nixpkgs": [ + "nixpkgs" + ], + "rust-overlay": [ + "rust-overlay" + ] + }, + "locked": { + "lastModified": 1741118843, + "narHash": "sha256-ggXU3RHv6NgWw+vc+HO4/9n0GPufhTIUjVuLci8Za8c=", + "owner": "oxalica", + "repo": "nil", + "rev": "577d160da311cc7f5042038456a0713e9863d09e", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "nil", + "type": "github" + } + }, + "nix": { + "inputs": { + "flake-compat": [ + "conduwuit", + "cachix", + "devenv" + ], + "flake-parts": "flake-parts", + "libgit2": "libgit2", + "nixpkgs": "nixpkgs_2", + "nixpkgs-23-11": [ + "conduwuit", + "cachix", + "devenv" + ], + "nixpkgs-regression": [ + "conduwuit", + "cachix", + "devenv" + ], + "pre-commit-hooks": [ + "conduwuit", + "cachix", + "devenv" + ] + }, + "locked": { + "lastModified": 1727438425, + "narHash": "sha256-X8ES7I1cfNhR9oKp06F6ir4Np70WGZU5sfCOuNBEwMg=", + "owner": "domenkozar", + "repo": "nix", + "rev": "f6c5ae4c1b2e411e6b1e6a8181cc84363d6a7546", + "type": "github" + }, + "original": { + "owner": "domenkozar", + "ref": "devenv-2.24", + "repo": "nix", + "type": "github" + } + }, + "nix-filter": { + "locked": { + "lastModified": 1731533336, + "narHash": "sha256-oRam5PS1vcrr5UPgALW0eo1m/5/pls27Z/pabHNy2Ms=", + "owner": "numtide", + "repo": "nix-filter", + "rev": "f7653272fd234696ae94229839a99b73c9ab7de0", + "type": "github" + }, + "original": { + "owner": "numtide", + "ref": "main", + "repo": "nix-filter", + "type": "github" + } + }, + "nix-github-actions": { + "inputs": { + "nixpkgs": [ + "attic", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1729742964, + "narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=", + "owner": "nix-community", + "repo": "nix-github-actions", + "rev": "e04df33f62cdcf93d73e9a04142464753a16db67", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-github-actions", + "type": "github" + } + }, + "nix-index-database": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1742174123, + "narHash": "sha256-pDNzMoR6m1ZSJToZQ6XDTLVSdzIzmFl1b8Pc3f7iV6Y=", + "owner": "nix-community", + "repo": "nix-index-database", + "rev": "2cfb4e1ca32f59dd2811d7a6dd5d4d1225f0955c", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-index-database", + "type": "github" + } + }, + "nix-ld": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1742204505, + "narHash": "sha256-sHBzuG9K/VrvOrcLd9GwoCLaQZDVedi/00YmFfdKq/A=", + "owner": "nix-community", + "repo": "nix-ld", + "rev": "bc1ecb8ca83507c764a3909f02f1acf53c033585", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-ld", + "type": "github" + } + }, "nixpkgs": { "locked": { - "lastModified": 1736012469, - "narHash": "sha256-/qlNWm/IEVVH7GfgAIyP6EsVZI6zjAx1cV5zNyrs+rI=", - "owner": "nixos", + "lastModified": 1730531603, + "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "8f3e1f807051e32d8c95cd12b9b421623850a34d", + "rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d", "type": "github" }, "original": { - "owner": "nixos", + "owner": "NixOS", "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } }, - "nixpkgs-borg": { - "locked": { - "lastModified": 1735547260, - "narHash": "sha256-ScKuaBbUXNqS9c6Y+N647BAQx7SvKywpu5MxBV3Y5pk=", - "owner": "cything", - "repo": "nixpkgs", - "rev": "53add6c0c30200663cd21beb06672ec2c8afc176", - "type": "github" - }, - "original": { - "owner": "cything", - "ref": "borg", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-btrbk": { - "locked": { - "lastModified": 1735945390, - "narHash": "sha256-isFSp8EsqnFJE7o07XdT/eia0Rtzvz6NqLt4tCdFido=", - "owner": "cything", - "repo": "nixpkgs", - "rev": "acf701b49a7687e23b4b18701d4ab62285dec029", - "type": "github" - }, - "original": { - "owner": "cything", - "ref": "btrbk", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs-stable": { "locked": { - "lastModified": 1710695816, - "narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=", + "lastModified": 1730741070, + "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "614b4613980a522ba49f0d194531beddbb7220d3", + "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-23.11", + "ref": "nixos-24.05", "repo": "nixpkgs", "type": "github" } }, + "nixpkgs-stable_2": { + "locked": { + "lastModified": 1742268799, + "narHash": "sha256-IhnK4LhkBlf14/F8THvUy3xi/TxSQkp9hikfDZRD4Ic=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "da044451c6a70518db5b730fe277b70f494188f1", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1717432640, + "narHash": "sha256-+f9c4/ZX5MWDOuB1rKoWj+lBNm0z0rs4CK47HBLxy1o=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "88269ab3044128b7c2f4c7d68448b2fb50456870", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1733212471, + "narHash": "sha256-M1+uCoV5igihRfcUKrr1riygbe73/dzNnzPsmaLCmpo=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "55d15ad12a74eb7d4646254e13638ad0c4128776", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { + "locked": { + "lastModified": 1742276595, + "narHash": "sha256-bsg9y3NoMGu0jgTI5XbxvzQFc9JtZB51i500WlVws80=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "2b3795787eba0066a2bc8bba7362422e5713840f", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable-small", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixvim": { + "inputs": { + "flake-parts": [ + "flake-parts" + ], + "nixpkgs": [ + "nixpkgs" + ], + "nuschtosSearch": "nuschtosSearch" + }, + "locked": { + "lastModified": 1742255305, + "narHash": "sha256-XxygfriVXQt+5Iqh6AOjZL5Aes5dH2xzVKpHpL8pDQg=", + "owner": "nix-community", + "repo": "nixvim", + "rev": "78f6166c23f80bdfbcc8c44b20f7f4132299a33f", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixvim", + "type": "github" + } + }, + "nuschtosSearch": { + "inputs": { + "flake-utils": "flake-utils_2", + "ixx": "ixx", + "nixpkgs": [ + "nixvim", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1738508923, + "narHash": "sha256-4DaDrQDAIxlWhTjH6h/+xfG05jt3qDZrZE/7zDLQaS4=", + "owner": "NuschtOS", + "repo": "search", + "rev": "86e2038290859006e05ca7201425ea5b5de4aecb", + "type": "github" + }, + "original": { + "owner": "NuschtOS", + "repo": "search", + "type": "github" + } + }, + "nvim-github-theme": { + "flake": false, + "locked": { + "lastModified": 1735641120, + "narHash": "sha256-/A4hkKTzjzeoR1SuwwklraAyI8oMkhxrwBBV9xb59PA=", + "owner": "projekt0n", + "repo": "github-nvim-theme", + "rev": "c106c9472154d6b2c74b74565616b877ae8ed31d", + "type": "github" + }, + "original": { + "owner": "projekt0n", + "repo": "github-nvim-theme", + "type": "github" + } + }, "pre-commit-hooks-nix": { "inputs": { "flake-compat": [ "lanzaboote", "flake-compat" ], - "gitignore": "gitignore", + "gitignore": "gitignore_2", "nixpkgs": [ "lanzaboote", "nixpkgs" - ], - "nixpkgs-stable": "nixpkgs-stable" + ] }, "locked": { - "lastModified": 1717664902, - "narHash": "sha256-7XfBuLULizXjXfBYy/VV+SpYMHreNRHk9nKMsm1bgb4=", + "lastModified": 1740915799, + "narHash": "sha256-JvQvtaphZNmeeV+IpHgNdiNePsIpHD5U/7QN5AeY44A=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "cc4d466cb1254af050ff7bdf47f6d404a7c646d1", + "rev": "42b1ba089d2034d910566bf6b40830af6b8ec732", "type": "github" }, "original": { @@ -273,36 +931,77 @@ "type": "github" } }, + "rocksdb": { + "flake": false, + "locked": { + "lastModified": 1741308171, + "narHash": "sha256-YdBvdQ75UJg5ffwNjxizpviCVwVDJnBkM8ZtGIduMgY=", + "owner": "girlbossceo", + "repo": "rocksdb", + "rev": "3ce04794bcfbbb0d2e6f81ae35fc4acf688b6986", + "type": "github" + }, + "original": { + "owner": "girlbossceo", + "ref": "v9.11.1", + "repo": "rocksdb", + "type": "github" + } + }, "root": { "inputs": { - "disko": "disko", - "eza": "eza", + "attic": "attic", + "conduwuit": "conduwuit", + "crane": "crane", + "flake-compat": "flake-compat_2", + "flake-parts": "flake-parts_2", + "flake-utils": "flake-utils", + "garage": "garage", "home-manager": "home-manager", "lanzaboote": "lanzaboote", - "nixpkgs": "nixpkgs", - "nixpkgs-borg": "nixpkgs-borg", - "nixpkgs-btrbk": "nixpkgs-btrbk", + "lix-module": "lix-module", + "nil": "nil", + "nix-index-database": "nix-index-database", + "nix-ld": "nix-ld", + "nixpkgs": "nixpkgs_4", + "nixpkgs-stable": "nixpkgs-stable_2", + "nixvim": "nixvim", + "nvim-github-theme": "nvim-github-theme", + "rust-overlay": "rust-overlay", "sops-nix": "sops-nix", - "treefmt": "treefmt" + "treefmt": "treefmt", + "vscode-extensions": "vscode-extensions" + } + }, + "rust-analyzer-src": { + "flake": false, + "locked": { + "lastModified": 1740691488, + "narHash": "sha256-Fs6vBrByuiOf2WO77qeMDMTXcTGzrIMqLBv+lNeywwM=", + "owner": "rust-lang", + "repo": "rust-analyzer", + "rev": "fe3eda77d3a7ce212388bda7b6cec8bffcc077e5", + "type": "github" + }, + "original": { + "owner": "rust-lang", + "ref": "nightly", + "repo": "rust-analyzer", + "type": "github" } }, "rust-overlay": { "inputs": { - "flake-utils": [ - "lanzaboote", - "flake-utils" - ], "nixpkgs": [ - "lanzaboote", "nixpkgs" ] }, "locked": { - "lastModified": 1717813066, - "narHash": "sha256-wqbRwq3i7g5EHIui0bIi84mdqZ/It1AXBSLJ5tafD28=", + "lastModified": 1742265167, + "narHash": "sha256-RB0UEF9IXIgwuuBFC+s9H4rDyvmMZePHlBAK4vRAwf4=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "6dc3e45fe4aee36efeed24d64fc68b1f989d5465", + "rev": "87f0965f9f5b13fca9f38074eee8369dc767550d", "type": "github" }, "original": { @@ -318,11 +1017,11 @@ ] }, "locked": { - "lastModified": 1736203741, - "narHash": "sha256-eSjkBwBdQk+TZWFlLbclF2rAh4JxbGg8az4w/Lfe7f4=", + "lastModified": 1742239755, + "narHash": "sha256-ptn8dR4Uat3UUadGYNnB7CIH9SQm8mK69D2A/twBUXQ=", "owner": "Mic92", "repo": "sops-nix", - "rev": "c9c88f08e3ee495e888b8d7c8624a0b2519cb773", + "rev": "787afce414bcce803b605c510b60bf43c11f4b55", "type": "github" }, "original": { @@ -346,6 +1045,21 @@ "type": "github" } }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "treefmt": { "inputs": { "nixpkgs": [ @@ -353,11 +1067,11 @@ ] }, "locked": { - "lastModified": 1736154270, - "narHash": "sha256-p2r8xhQZ3TYIEKBoiEhllKWQqWNJNoT9v64Vmg4q8Zw=", + "lastModified": 1742303424, + "narHash": "sha256-2R7cGdcA2npQQcIWu2cTlU63veTzwVZe78BliIuJT00=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "13c913f5deb3a5c08bb810efd89dc8cb24dd968b", + "rev": "b3b938ab8ba2e8a0ce9ee9b30ccfa5e903ae5753", "type": "github" }, "original": { @@ -365,6 +1079,29 @@ "repo": "treefmt-nix", "type": "github" } + }, + "vscode-extensions": { + "inputs": { + "flake-utils": [ + "flake-utils" + ], + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1742262692, + "narHash": "sha256-kCuy1Fld1vFmor6SZ48DdtiLv9/zUhW8lCaTA+Py+es=", + "owner": "nix-community", + "repo": "nix-vscode-extensions", + "rev": "32de9a383db6b555ac92877dd8b5b986f4151de7", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-vscode-extensions", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 4ca2874..b76d3e1 100644 --- a/flake.nix +++ b/flake.nix @@ -2,7 +2,8 @@ description = "cy's flake"; inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable-small"; + nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.11"; sops-nix = { url = "github:Mic92/sops-nix"; inputs.nixpkgs.follows = "nixpkgs"; @@ -15,32 +16,102 @@ url = "github:numtide/treefmt-nix"; inputs.nixpkgs.follows = "nixpkgs"; }; - disko = { - url = "github:nix-community/disko/latest"; + lanzaboote = { + url = "github:nix-community/lanzaboote/master"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.crane.follows = "crane"; + inputs.flake-compat.follows = "flake-compat"; + inputs.flake-parts.follows = "flake-parts"; + inputs.rust-overlay.follows = "rust-overlay"; + }; + nixvim = { + url = "github:nix-community/nixvim"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.flake-parts.follows = "flake-parts"; + }; + flake-parts = { + url = "github:hercules-ci/flake-parts"; + inputs.nixpkgs-lib.follows = "nixpkgs"; + }; + rust-overlay = { + url = "github:oxalica/rust-overlay"; inputs.nixpkgs.follows = "nixpkgs"; }; - lanzaboote = { - url = "github:nix-community/lanzaboote/v0.4.1"; + conduwuit = { + url = "github:girlbossceo/conduwuit"; + inputs = { + nixpkgs.follows = "nixpkgs"; + crane.follows = "crane"; + flake-compat.follows = "flake-compat"; + flake-utils.follows = "flake-utils"; + attic.follows = "attic"; + }; + }; + lix-module = { + url = "git+https://git.lix.systems/lix-project/nixos-module"; inputs.nixpkgs.follows = "nixpkgs"; + inputs.flake-utils.follows = "flake-utils"; + }; + nix-ld = { + url = "github:nix-community/nix-ld"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + nil = { + url = "github:oxalica/nil"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.rust-overlay.follows = "rust-overlay"; + inputs.flake-utils.follows = "flake-utils"; + }; + vscode-extensions = { + url = "github:nix-community/nix-vscode-extensions/"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.flake-utils.follows = "flake-utils"; + }; + nix-index-database = { + url = "github:nix-community/nix-index-database"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + attic = { + url = "github:zhaofengli/attic"; + inputs = { + nixpkgs.follows = "nixpkgs"; + nixpkgs-stable.follows = "nixpkgs-stable"; + flake-compat.follows = "flake-compat"; + flake-parts.follows = "flake-parts"; + crane.follows = "crane"; + }; + }; + garage = { + url = "github:deuxfleurs-org/garage"; + inputs = { + nixpkgs.follows = "nixpkgs"; + rust-overlay.follows = "rust-overlay"; + crane.follows = "crane"; + flake-compat.follows = "flake-compat"; + flake-utils.follows = "flake-utils"; + }; }; - nixpkgs-borg.url = "github:cything/nixpkgs/borg"; # unmerged PR - nixpkgs-btrbk.url = "github:cything/nixpkgs/btrbk"; # unmerged PR - eza.url = "github:nixos/nixpkgs/d722e8ce81cf103280ce1ff65accb3fc25cbd2ba"; + nvim-github-theme = { + url = "github:projekt0n/github-nvim-theme"; + flake = false; + }; + + # deduplication + flake-utils.url = "github:numtide/flake-utils"; + crane.url = "github:ipetkov/crane"; + flake-compat.url = "github:edolstra/flake-compat"; }; nixConfig = { extra-substituters = [ - "https://cache.cything.io/central" - "https://cache.cything.io/infra-ci" - "https://cache.cything.io/attic" + "https://nix-community.cachix.org" + "https://nixcache.cy7.sh" ]; extra-trusted-public-keys = [ - "central:uWhjva6m6dhC2hqNisjn2hXGvdGBs19vPkA1dPEuwFg=" - "infra-ci:xG5f5tddUBcvToYjlpHD5OY/puYQkKmgKeIQCshNs38=" - "attic:HL3hVpqXxwcF7Q1R+IvU2i0+YxIjQA2xxKM5EJMXLLs=" + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + "nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8=" ]; - builders-use-substitutes = true; }; outputs = @@ -48,133 +119,111 @@ self, nixpkgs, home-manager, - treefmt, - disko, + flake-parts, ... }@inputs: - let - lib = nixpkgs.lib; - inherit (self) outputs; + flake-parts.lib.mkFlake { inherit inputs; } ( + { ... }: + { + imports = [ + inputs.treefmt.flakeModule + ]; + systems = [ + "x86_64-linux" + ]; + perSystem = + { + inputs', + ... + }: + { + treefmt = { + projectRootFile = "flake.nix"; + programs.nixfmt.enable = true; + programs.typos.enable = true; + programs.shellcheck.enable = true; - systems = [ "x86_64-linux" ]; - forEachSystem = f: lib.genAttrs systems (system: f pkgsFor.${system}); + programs.yamlfmt = { + enable = true; + settings.retain_line_breaks = true; + }; - overridePkgsFromFlake = - pkgs: flake: pkgNames: - let - pkgs' = import flake { inherit (pkgs) system config; }; - pkgNames' = builtins.map (lib.splitString ".") pkgNames; - pkgVals = builtins.map ( - path: - let - package = lib.getAttrFromPath path pkgs'; - in - lib.setAttrByPath path package - ) pkgNames'; - in - lib.foldl' lib.recursiveUpdate { } pkgVals; - overlayPkgsFromFlake = - flake: pkgNames: _final: prev: - overridePkgsFromFlake prev flake pkgNames; - overlays = [ - (overlayPkgsFromFlake inputs.eza [ - "eza" - ]) - ] ++ import ./overlay; - - pkgsFor = lib.genAttrs systems ( - system: - import nixpkgs { - inherit system overlays; - config = { - allowUnfree = true; + settings.global.excludes = [ + "secrets/*" + "**/*.png" # tries to format a png file + ]; + }; }; - } - ); - treefmtEval = forEachSystem ( - pkgs: - treefmt.lib.evalModule pkgs { - projectRootFile = "flake.nix"; - programs.nixfmt.enable = true; - programs.stylua.enable = true; - programs.yamlfmt.enable = true; - programs.typos.enable = true; - programs.shellcheck.enable = true; - programs.deadnix.enable = true; - - settings.global.excludes = [ "secrets/*" ]; - } - ); - in - { - formatter = forEachSystem (pkgs: treefmtEval.${pkgs.system}.config.build.wrapper); - checks = forEachSystem (pkgs: { - formatting = treefmtEval.${pkgs.system}.config.build.check self; - }); - # lets us build overlayed packages with `nix build .#` - packages = pkgsFor; - - nixosConfigurations = - let - pkgs = pkgsFor.x86_64-linux; - in - { - ytnix = lib.nixosSystem { - specialArgs = { inherit inputs outputs; }; - modules = [ + flake = + let + pkgs = import nixpkgs { + config.allowUnfree = true; + system = "x86_64-linux"; + overlays = [ + inputs.rust-overlay.overlays.default + inputs.vscode-extensions.overlays.default + ] ++ (import ./overlay { inherit inputs; }); + }; + in + { + nixosConfigurations = + let + lib = nixpkgs.lib; + in { - nixpkgs = { inherit pkgs; }; - } - ./hosts/ytnix - inputs.sops-nix.nixosModules.sops - ./modules - inputs.lanzaboote.nixosModules.lanzaboote - ]; - }; - - chunk = lib.nixosSystem { - specialArgs = { inherit inputs outputs; }; - modules = [ + ytnix = lib.nixosSystem { + specialArgs = { inherit inputs; }; + modules = [ + { + nixpkgs = { inherit pkgs; }; + } + ./hosts/ytnix + ./modules + inputs.sops-nix.nixosModules.sops + inputs.lanzaboote.nixosModules.lanzaboote + inputs.lix-module.nixosModules.default + inputs.nix-ld.nixosModules.nix-ld + ]; + }; + chunk = lib.nixosSystem { + specialArgs = { inherit inputs; }; + modules = [ + { + nixpkgs = { inherit pkgs; }; + } + ./hosts/chunk + ./modules + inputs.sops-nix.nixosModules.sops + inputs.lix-module.nixosModules.default + ]; + }; + }; + homeConfigurations = + let + lib = home-manager.lib; + in { - nixpkgs = { inherit pkgs; }; - } - ./hosts/chunk - inputs.sops-nix.nixosModules.sops - ./modules - ]; + "yt@ytnix" = lib.homeManagerConfiguration { + inherit pkgs; + extraSpecialArgs = { inherit inputs; }; + modules = [ + ./home/yt/ytnix.nix + inputs.nixvim.homeManagerModules.nixvim + inputs.nix-index-database.hmModules.nix-index + ]; + }; + + "yt@chunk" = lib.homeManagerConfiguration { + inherit pkgs; + extraSpecialArgs = { inherit inputs; }; + modules = [ + ./home/yt/chunk.nix + inputs.nixvim.homeManagerModules.nixvim + ]; + }; + }; }; - - titan = lib.nixosSystem { - specialArgs = { inherit inputs outputs; }; - modules = [ - { - nixpkgs = { inherit pkgs; }; - } - ./hosts/titan - disko.nixosModules.disko - inputs.sops-nix.nixosModules.sops - ./modules - ]; - }; - }; - - homeConfigurations = { - "yt@ytnix" = home-manager.lib.homeManagerConfiguration { - pkgs = pkgsFor.x86_64-linux; - extraSpecialArgs = { inherit inputs outputs; }; - modules = [ - ./home/yt/ytnix.nix - ]; - }; - - "yt@chunk" = home-manager.lib.homeManagerConfiguration { - pkgs = pkgsFor.x86_64-linux; - extraSpecialArgs = { inherit inputs outputs; }; - modules = [ - ./home/yt/chunk.nix - ]; - }; - }; - }; + } + ); } diff --git a/garnix.yaml b/garnix.yaml new file mode 100644 index 0000000..c189664 --- /dev/null +++ b/garnix.yaml @@ -0,0 +1,6 @@ +builds: + include: + - 'nixosConfigurations.*' + - 'homeConfigurations.*' + - '*.aarch64-linux.*' + - '*.x86_64-linux.*' diff --git a/home/codium.nix b/home/codium.nix new file mode 100644 index 0000000..117c9e0 --- /dev/null +++ b/home/codium.nix @@ -0,0 +1,254 @@ +{ pkgs, lib, ... }: +{ + programs.vscode = { + enable = true; + package = pkgs.vscodium; + mutableExtensionsDir = false; + profiles.default = { + enableUpdateCheck = false; + enableExtensionUpdateCheck = false; + extensions = + # if unfree + # with pkgs.vscode-marketplace; + with pkgs.open-vsx; [ + vscodevim.vim + jnoortheen.nix-ide + github.github-vscode-theme + rust-lang.rust-analyzer + shd101wyy.markdown-preview-enhanced + alefragnani.bookmarks + tomrijndorp.find-it-faster + streetsidesoftware.code-spell-checker + emilast.logfilehighlighter + tamasfe.even-better-toml + golang.go + ms-python.python + christian-kohler.path-intellisense + ]; + userSettings = + let + vimCommonKeyBindings = [ + # nice emacs bindings + { + "before" = [ "C-a" ]; + "commands" = [ "cursorHome" ]; + } + { + "before" = [ "C-e" ]; + "commands" = [ "cursorEnd" ]; + } + { + "before" = [ "C-b" ]; + "commands" = [ "cursorLeft" ]; + } + { + "before" = [ "C-f" ]; + "commands" = [ "cursorRight" ]; + } + # ctrl+h to turn off search highlighting + { + "before" = [ "C-h" ]; + "commands" = [ ":nohl" ]; + } + ]; + in + { + "workbench.colorTheme" = "GitHub Dark Default"; + "workbench.startupEditor" = "none"; + "workbench.enableExperiments" = false; + "files.autoSave" = "onFocusChange"; + "editor.fontFamily" = "IBM Plex Mono"; + "editor.fontSize" = 15; + "editor.minimap.enabled" = false; + "window.zoomLevel" = 0.5; + "security.promptForLocalFileProtocolHandling" = false; + "security.promptForRemoteFileProtocolHandling" = false; + "explorer.confirmDelete" = false; + "explorer.confirmDragAndDrop" = false; + "editor.acceptSuggestionOnEnter" = "off"; + "editor.acceptSuggestionOnCommitCharacter" = false; + "git.openRepositoryInParentFolders" = "never"; + "git.ignoreLimitWarning" = true; + "git.blame.editorDecoration.enabled" = true; + "extensions.ignoreRecommendations" = true; + "telemetry.enableTelemetry" = false; + "telemetry.telemetryLevel" = "off"; + "window.titleBarStyle" = "custom"; + + # terminal stuff + "terminal.integrated.cursorBlinking" = true; + "terminal.integrated.cursorStyle" = "line"; + "terminal.integrated.customGlyphs" = false; + "terminal.integrated.env.linux" = { + # https://github.com/tomrijndorp/vscode-finditfaster/issues/112#issuecomment-2475227546 + FZF_DEFAULT_OPTS = "--bind ctrl-n:down,ctrl-p:up"; + }; + # don't let the workbench handle terminal keys like ctrl+n and friends + "terminal.integrated.sendKeybindingsToShell" = true; + "terminal.integrated.allowChords" = false; + + "markdown-preview-enhanced.previewTheme" = "github-dark.css"; + "nix.enableLanguageServer" = true; + "nix.serverPath" = "${lib.getExe pkgs.nil}"; + "bookmarks.saveBookmarksInProject" = true; + + "cSpell.enabledFileTypes" = { + "markdown" = true; + "*" = false; + }; + + # vim stuff + "vim.leader" = ","; + "extensions.experimental.affinity" = { + "vscodevim.vim" = 1; + }; + "vim.sneak" = true; + "vim.sneakUseIgnorecaseAndSmartcase" = true; + "vim.enableNeovim" = true; + "vim.hlsearch" = true; + "vim.easymotion" = true; + "editor.lineNumbers" = "relative"; + "vim.normalModeKeyBindings" = vimCommonKeyBindings ++ [ + { + "before" = [ ";" ]; + "after" = [ ":" ]; + "silent" = true; + } + { + "before" = [ + "" + "m" + ]; + "commands" = [ "bookmarks.toggle" ]; + } + { + "before" = [ + "" + "l" + ]; + "commands" = [ "bookmarks.toggleLabeled" ]; + } + { + "before" = [ + "" + "b" + ]; + "commands" = [ "bookmarks.list" ]; + } + { + "before" = [ + "" + "s" + ]; + "commands" = [ "workbench.action.toggleSidebarVisibility" ]; + } + { + "before" = [ + "" + "s" + ]; + "commands" = [ "workbench.action.toggleSidebarVisibility" ]; + } + { + "before" = [ + "" + "f" + "f" + ]; + "commands" = [ "find-it-faster.findFiles" ]; + } + { + "before" = [ + "" + "f" + "g" + ]; + "commands" = [ "find-it-faster.findWithinFiles" ]; + } + { + "before" = [ + "" + "f" + "t" + ]; + "commands" = [ "find-it-faster.findWithinFilesWithType" ]; + } + # "gd" for definitions is by default + { + "before" = [ + "g" + "r" + ]; + "commands" = [ "editor.action.goToReferences" ]; + } + # the default is weird when you need to go back within a file + { + "before" = [ "C-o" ]; + "commands" = [ "workbench.action.navigateBack" ]; + } + { + "before" = [ "C-i" ]; + "commands" = [ "workbench.action.navigateForward" ]; + } + # insert line without leaving normal mode + { + "before" = [ + "" + "o" + ]; + "commands" = [ "editor.action.insertLineAfter" ]; + } + { + "before" = [ + "" + "O" + ]; + "commands" = [ "editor.action.insertLineBefore" ]; + } + ]; + "vim.insertModeKeyBindings" = vimCommonKeyBindings ++ [ + { + "before" = [ "C-k" ]; + "commands" = [ "acceptSelectedSuggestion" ]; + } + ]; + "vim.visualModeKeyBindings" = vimCommonKeyBindings ++ [ + { + "before" = [ ">" ]; + "commands" = [ "editor.action.indentLines" ]; + } + { + "before" = [ "<" ]; + "commands" = [ "editor.action.outdentLines" ]; + } + ]; + }; + keybindings = [ + # repeat these vim bindings here cause otherwise they get overridden by vscode + { + "key" = "ctrl+b"; + "when" = "inputFocus"; + "command" = "cursorLeft"; + } + { + "key" = "ctrl+f"; + "when" = "inputFocus"; + "command" = "cursorRight"; + } + # clear default bindings that conflict + { + "key" = "ctrl+f"; + "command" = "-actions.find"; + } + { + "key" = "ctrl+b"; + "command" = "-workbench.action.toggleSidebarVisibility"; + } + { + "key" = "ctrl+w"; + "command" = "-workbench.action.closeActiveEditor"; + } + ]; + }; + }; +} diff --git a/home/fish.nix b/home/fish.nix deleted file mode 100644 index 3bb9d84..0000000 --- a/home/fish.nix +++ /dev/null @@ -1,80 +0,0 @@ -{ ... }: -{ - programs.fish = { - enable = true; - shellAliases = { - "vi" = "nvim"; - "vim" = "nvim"; - "t" = "tmux"; - "tl" = "tmux list-sessions"; - "ta" = "tmux new-session -A -s"; - "se" = "sudoedit"; - "s" = "sudo"; - "nrs" = "sudo nixos-rebuild switch --flake ."; - "nrt" = "sudo nixos-rebuild test --flake ."; - "hrs" = "home-manager switch --flake ."; - "g" = "git"; - "ga" = "git add"; - "gaa" = "git add --all"; - "gb" = "git branch"; - "gc" = "git commit --verbose"; - "gcmsg" = "git commit --message"; - "gd" = "git diff"; - "gdca" = "git diff --cached"; - "gds" = "git diff --staged"; - "gl" = "git log --stat"; - "glg" = "git log --graph"; - "glga" = "git log --graph --decorate --all"; - "glo" = "git log --oneline --decorate"; - "gp" = "git push"; - "gr" = "git remote"; - "gra" = "git remote add"; - "grv" = "git remote --verbose"; - "gs" = "git status --short"; - "gss" = "git status"; - }; - - shellInit = '' - set fish_greeting - ''; - - functions = { - fish_prompt = '' - set -l last_status $status - set -l normal (set_color normal) - set -l status_color (set_color brgreen) - set -l cwd_color (set_color $fish_color_cwd) - set -l vcs_color (set_color brpurple) - set -l prompt_status "" - - # Since we display the prompt on a new line allow the directory names to be longer. - set -q fish_prompt_pwd_dir_length - or set -lx fish_prompt_pwd_dir_length 0 - - # Color the prompt differently when we're root - set -l suffix '❯' - if functions -q fish_is_root_user; and fish_is_root_user - if set -q fish_color_cwd_root - set cwd_color (set_color $fish_color_cwd_root) - end - set suffix '#' - end - - # Color the prompt in red on error - if test $last_status -ne 0 - set status_color (set_color $fish_color_error) - set prompt_status $status_color "[" $last_status "]" $normal - end - - echo -s (prompt_login) ' ' $cwd_color (prompt_pwd) $vcs_color (fish_vcs_prompt) $normal ' ' $prompt_status - echo -n -s $status_color $suffix ' ' $normal - ''; - - }; - }; - - programs.fzf.enableFishIntegration = true; - programs.zoxide.enableFishIntegration = true; - programs.eza.enableFishIntegration = true; - programs.nix-index.enableFishIntegration = true; -} diff --git a/home/foot.nix b/home/foot.nix deleted file mode 100644 index 2df77bc..0000000 --- a/home/foot.nix +++ /dev/null @@ -1,63 +0,0 @@ -{ ... }: -{ - programs.foot = { - enable = true; - settings = { - main = { - font = "IBM Plex Mono:size=8"; - dpi-aware = "yes"; - }; - bell = { - urgent = "no"; - notify = "no"; - visual = "no"; - }; - cursor = { - style = "beam"; - blink = "yes"; - blink-rate = 500; - beam-thickness = 1.5; - }; - mouse = { - hide-when-typing = "yes"; - }; - colors = { - background = "161821"; - foreground = "c6c8d1"; - - selection-background = "1e2132"; - selection-foreground = "c6c8d1"; - - regular0 = "161821"; - bright0 = "6b7089"; - - regular1 = "e27878"; - bright1 = "e98989"; - - regular2 = "b4be82"; - bright2 = "c0ca8e"; - - regular3 = "e2a478"; - bright3 = "e9b189"; - - regular4 = "84a0c6"; - bright4 = "91acd1"; - - regular5 = "a093c7"; - bright5 = "ada0d3"; - - regular6 = "89b8c2"; - bright6 = "95c4ce"; - - regular7 = "c6c8d1"; - bright7 = "d2d4de"; - }; - - key-bindings = { - clipboard-copy = "Control+Shift+c XF86Copy"; - clipboard-paste = "Control+Shift+v XF86Paste"; - quit = "Control+q"; - }; - }; - }; -} diff --git a/home/irssi.nix b/home/irssi.nix new file mode 100644 index 0000000..e8133c1 --- /dev/null +++ b/home/irssi.nix @@ -0,0 +1,22 @@ +{ ... }: +{ + programs.irssi = { + enable = true; + networks.liberachat = { + nick = "cy7"; + server = { + address = "irc.libera.chat"; + port = 6697; + autoConnect = true; + }; + channels = { + nixos.autoJoin = true; + linux.autoJoin = true; + rust.autoJoin = true; + }; + }; + extraConfig = '' + ignores = ( { level = "JOINS PARTS QUITS MODES NICKS"; } ) + ''; + }; +} diff --git a/home/kitty.nix b/home/kitty.nix new file mode 100644 index 0000000..ea7047f --- /dev/null +++ b/home/kitty.nix @@ -0,0 +1,75 @@ +{ pkgs, ... }: +{ + programs.kitty = { + enable = true; + font = { + name = "IBM Plex Mono"; + package = pkgs.ibm-plex; + size = 12; + }; + themeFile = "GitHub_Dark"; + settings = { + enable_audio_bell = true; + # how many windows should be open before kitty asks + # for confirmation + confirm_os_window_close = 0; + clear_all_shortcuts = true; + + # will probably lower this later but the max allowed is actually 4GB + # this is NOT stored in memory and can only be viewed with scrollback_pager + "scrollback_pager_history_size" = "1024"; + # see https://github.com/sharkdp/bat/issues/1077#issuecomment-652785399 + "scrollback_pager" = "bat --pager='less -FR +G'"; + "scrollback_lines" = 20000; + }; + keybindings = { + # kitty_mod is ctrl+shift by default + "kitty_mod+c" = "copy_to_clipboard"; + "kitty_mod+v" = "paste_from_clipboard"; + # "ctrl+q" = "quit"; + + "kitty_mod+m" = "show_scrollback"; + + # windows + "kitty_mod+h" = "neighboring_window left"; + "kitty_mod+alt+h" = "move_window left"; + "kitty_mod+l" = "neighboring_window right"; + "kitty_mod+alt+l" = "move_window right"; + "kitty_mod+j" = "neighboring_window down"; + "kitty_mod+alt+j" = "move_window down"; + "kitty_mod+k" = "neighboring_window up"; + "kitty_mod+alt+k" = "move_window up"; + "ctrl+f3" = "detach_window new-tab"; + "ctrl+f4" = "detach_window tab-left"; + "ctrl+f5" = "load_config_file"; + "ctrl+alt+l" = "next_layout"; + "ctrl+alt+t" = "goto_layout tall"; + "ctrl+alt+s" = "goto_layout stack"; + "kitty_mod+enter" = "new_window_with_cwd"; + "kitty_mod+r" = "resize_window"; + # this closes the *current* window, not the *OS* window + # https://sw.kovidgoyal.net/kitty/overview/#tabs-and-windows + "kitty_mod+w" = "close_window"; + + # tabs + "kitty_mod+n" = "next_tab"; + "kitty_mod+p" = "previous_tab"; + "kitty_mod+alt+n" = "move_tab_forward"; + "kitty_mod+alt+p" = "move_tab_backward"; + "kitty_mod+q" = "close_tab"; + "kitty_mod+t" = "new_tab_with_cwd"; + "ctrl+f2" = "detach_tab"; + + # hints + # > basically means the preceding key is a prefix (think tmux) + "kitty_mod+o>o" = "open_url_with_hints"; + "kitty_mod+o>p" = "kitten hints --type path --program -"; + "kitty_mod+o>n" = "kitten hints --type line --program -"; + "kitty_mod+o>w" = "kitten hints --type word --program -"; + "kitty_mod+o>h" = "kitten hints --type hash --program -"; + "kitty_mod+o>l" = "kitten hints --type linenum"; + }; + }; + + # programs.zsh.shellAliases."ssh" = "kitten ssh"; # doesn't seem to work with bitwarden ssh agent :( +} diff --git a/home/nixvim/default.nix b/home/nixvim/default.nix new file mode 100644 index 0000000..5199812 --- /dev/null +++ b/home/nixvim/default.nix @@ -0,0 +1,215 @@ +{ pkgs, inputs, ... }: +{ + programs.nixvim = { + enable = true; + plugins.lualine.enable = true; + opts = { + number = true; + relativenumber = true; + expandtab = true; + autoindent = true; + shiftwidth = 2; + smartindent = true; + tabstop = 2; + ignorecase = true; + incsearch = true; + smartcase = true; + }; + colorscheme = "github_dark_tritanopia"; + clipboard.register = "unnamed"; + + globals = { + mapleader = ","; + }; + + extraPlugins = [ + (pkgs.vimUtils.buildVimPlugin { + name = "github-theme"; + src = inputs.nvim-github-theme; + }) + ]; + + keymaps = [ + { + action = "Neotree toggle"; + key = "s"; + mode = "n"; + options.silent = true; + } + { + # shortcut to command mode + action = ":"; + key = ";"; + mode = [ + "n" + "x" + ]; + options.silent = true; + } + { + # insert line below without moving cursor + action = "printf('m`%so``', v:count1)"; + key = "o"; + options.expr = true; + mode = "n"; + } + { + # insert line above without moving cursor + action = "printf('m`%sO``', v:count1)"; + key = "O"; + options.expr = true; + mode = "n"; + } + # nice emacs bindings + { + action = ""; + key = ""; + mode = "i"; + } + { + action = ""; + key = ""; + mode = "i"; + } + ]; + + plugins.cmp = { + enable = true; + settings = { + formatting.fields = [ + "abbr" + "kind" + "menu" + ]; + experimental = { + ghost_text = true; + }; + snippet.expand = '' + function(args) require('luasnip').lsp_expand(args.body) end + ''; + sources = [ + { name = "nvim_lsp"; } + { name = "emoji"; } + { name = "luasnip"; } + { name = "buffer"; } + { name = "path"; } + ]; + mapping = { + "" = "cmp.mapping.abort()"; + "" = "cmp.mapping.select_next_item()"; + "" = "cmp.mapping.select_prev_item()"; + "" = "cmp.mapping.scroll_docs(-4)"; + "" = "cmp.mapping.scroll_docs(4)"; + "" = '' + cmp.mapping(function(fallback) + if cmp.visible() then + if require("luasnip").expandable() then + require("luasnip").expand() + else + cmp.confirm({ + select = true, + }) + end + else + fallback() + end + end) + ''; + # plain tab conflicts with i try to indent + "" = '' + cmp.mapping(function(fallback) + if require("luasnip").jumpable(1) then + require("luasnip").jump(1) + else + fallback() + end + end,{"i","s"}) + ''; + "" = '' + cmp.mapping(function(fallback) + if require("luasnip").jumpable(-1) then + require("luasnip").jump(-1) + else + fallback() + end + end,{"i","s"}) + ''; + }; + }; + }; + + plugins.lsp = { + enable = true; + keymaps.lspBuf = { + "K" = "hover"; + "gd" = "definition"; + "gD" = "references"; + # "gt" = "type_definition"; # conflicts with switch tab + "gI" = "type_definition"; + "gi" = "implementation"; + }; + servers = { + bashls.enable = true; + lua_ls.enable = true; + nil_ls = { + enable = true; + settings = { + formatting.command = [ + "nix" + "fmt" + ]; + nix.flake.autoArchive = true; + }; + }; + rust_analyzer = { + enable = true; + installRustc = false; + installCargo = false; + }; + eslint.enable = true; + yamlls.enable = true; + }; + }; + plugins.treesitter = { + enable = true; + nixGrammars = true; + settings = { + indent.enable = true; + auto_install = true; + highlight.enable = true; + }; + }; + plugins.fzf-lua = { + enable = true; + profile = "fzf-native"; + keymaps = { + "ff" = "files"; + "fg" = "live_grep"; + }; + }; + + plugins.neo-tree = { + enable = true; + buffers.followCurrentFile.enabled = true; + window.width = 30; + }; + + plugins.gitsigns = { + enable = true; + settings.current_line_blame = true; + }; + + plugins.cmp-buffer.enable = true; + plugins.cmp-emoji.enable = true; + plugins.cmp-nvim-lsp.enable = true; + plugins.cmp-path.enable = true; + plugins.cmp_luasnip.enable = true; + plugins.luasnip.enable = true; + plugins.nvim-autopairs.enable = true; + plugins.rainbow-delimiters.enable = true; + plugins.web-devicons.enable = true; + plugins.auto-save.enable = true; + plugins.indent-blankline.enable = true; + plugins.undotree.enable = true; + }; +} diff --git a/home/nvim/init.lua b/home/nvim/init.lua deleted file mode 100644 index b57e106..0000000 --- a/home/nvim/init.lua +++ /dev/null @@ -1,84 +0,0 @@ -require("plugin_specs") - -local keymap = vim.keymap -local opt = vim.opt -local api = vim.api - -vim.g.loaded_netrw = 1 -vim.g.loaded_netrwPlugin = 1 -vim.opt.termguicolors = true -require("nvim-tree").setup() - -require("lualine").setup({ - options = { - theme = "auto", - icons_enabled = true, - globalstatus = true, - }, -}) - -require("gitsigns").setup() - -opt.tabstop = 2 -opt.softtabstop = 2 -opt.shiftwidth = 2 -opt.expandtab = true -opt.relativenumber = true -opt.ignorecase = true -opt.smartcase = true -opt.scrolloff = 3 -opt.confirm = true -opt.history = 500 -opt.undofile = true -opt.termguicolors = true -opt.showmode = false -opt.mouse = "" -opt.wrap = false -opt.clipboard:append("unnamedplus") - -vim.cmd.colorscheme("iceberg") - --- restore terminal cursor on exit -api.nvim_create_autocmd("VimLeave", { - callback = function() - opt.guicursor = "a:ver25-blinkon500-blinkon500" - end, -}) - --- blinking cursor in insert mode -opt.guicursor = "i-ci-ve:ver25-blinkon500-blinkon500" - -keymap.set("n", "s", require("nvim-tree.api").tree.toggle, { - desc = "toggle nvim-tree", - silent = true, -}) - --- shortcut to command mode -keymap.set({ "n", "x" }, ";", ":", { silent = true }) - -keymap.set("n", "o", "printf('m`%so``', v:count1)", { - expr = true, - desc = "insert line below without moving cursor", -}) - -keymap.set("n", "O", "printf('m`%sO``', v:count1)", { - expr = true, - desc = "insert line above without moving cursor", -}) - -keymap.set("n", "/", [[/\v]]) - -keymap.set("n", "c", '"_c') -keymap.set("n", "C", '"_C') -keymap.set("n", "cc", '"_cc') -keymap.set("x", "c", '"_c') -keymap.set("x", "p", '"_cp') - --- Break inserted text into smaller undo units when we insert some punctuation chars. -local undo_ch = { ",", ".", "!", "?", ";", ":" } -for _, ch in ipairs(undo_ch) do - keymap.set("i", ch, ch .. "u") -end - -keymap.set("i", "", "") -keymap.set("i", "", "") diff --git a/home/nvim/lazy-lock.json b/home/nvim/lazy-lock.json deleted file mode 100644 index b35ef9f..0000000 --- a/home/nvim/lazy-lock.json +++ /dev/null @@ -1,24 +0,0 @@ -{ - "LuaSnip": { "branch": "master", "commit": "03c8e67eb7293c404845b3982db895d59c0d1538" }, - "cmp-buffer": { "branch": "main", "commit": "3022dbc9166796b644a841a02de8dd1cc1d311fa" }, - "cmp-cmdline": { "branch": "main", "commit": "d250c63aa13ead745e3a40f61fdd3470efde3923" }, - "cmp-nvim-lsp": { "branch": "main", "commit": "99290b3ec1322070bcfb9e846450a46f6efa50f0" }, - "cmp-omni": { "branch": "main", "commit": "4ef610bbd85a5ee4e97e09450c0daecbdc60de86" }, - "cmp-path": { "branch": "main", "commit": "91ff86cd9c29299a64f968ebb45846c485725f23" }, - "cmp_luasnip": { "branch": "master", "commit": "98d9cb5c2c38532bd9bdb481067b20fea8f32e90" }, - "dressing.nvim": { "branch": "master", "commit": "3a45525bb182730fe462325c99395529308f431e" }, - "fzf-lua": { "branch": "main", "commit": "3d7e5db8fa56cfc2b92a38999016a51abe9e1d23" }, - "gitsigns.nvim": { "branch": "main", "commit": "b544bd62623ca1b483d8b9bfb6d65805f112a320" }, - "hop.nvim": { "branch": "master", "commit": "08ddca799089ab96a6d1763db0b8adc5320bf050" }, - "iceberg.vim": { "branch": "master", "commit": "23835d5ed696436f716cbfdb56a93a7850fe3b18" }, - "lazy.nvim": { "branch": "main", "commit": "d8f26efd456190241afd1b0f5235fe6fdba13d4a" }, - "lualine.nvim": { "branch": "master", "commit": "2a5bae925481f999263d6f5ed8361baef8df4f83" }, - "nvim-autopairs": { "branch": "master", "commit": "b464658e9b880f463b9f7e6ccddd93fb0013f559" }, - "nvim-cmp": { "branch": "main", "commit": "8c82d0bd31299dbff7f8e780f5e06d2283de9678" }, - "nvim-lspconfig": { "branch": "master", "commit": "8121483b8132b7053120fafd83728178fb3febf6" }, - "nvim-tree.lua": { "branch": "master", "commit": "68fc4c20f5803444277022c681785c5edd11916d" }, - "nvim-treesitter": { "branch": "master", "commit": "622a4a6ba76d1de52b72a965159213ae655b4ac7" }, - "nvim-web-devicons": { "branch": "master", "commit": "5740b7382429d20b6ed0bbdb0694185af9507d44" }, - "tokyonight.nvim": { "branch": "main", "commit": "7bb270adaa7692c2c33befc35f5567fc596a2504" }, - "vim-commentary": { "branch": "master", "commit": "64a654ef4a20db1727938338310209b6a63f60c9" } -} diff --git a/home/nvim/lua/config/fzf.lua b/home/nvim/lua/config/fzf.lua deleted file mode 100644 index c96f06d..0000000 --- a/home/nvim/lua/config/fzf.lua +++ /dev/null @@ -1,21 +0,0 @@ -local keymap = vim.keymap - -local fzf = require("fzf-lua") - -keymap.set("n", "ff", fzf.files, { silent = true }) -keymap.set("n", "fr", fzf.oldfiles, { silent = true }) -keymap.set("n", "fc", fzf.resume, { silent = true }) -keymap.set("n", "fs", fzf.treesitter, { silent = true }) -keymap.set("n", "fg", fzf.grep_project, { silent = true }) - -fzf.setup({ - "fzf-native", - keymap = { - fzf = { - ["ctrl-u"] = "half-page-up", - ["ctrl-d"] = "half-page-down", - ["ctrl-j"] = "preview-page-down", - ["ctrl-k"] = "preview-page-up", - }, - }, -}) diff --git a/home/nvim/lua/config/hop.lua b/home/nvim/lua/config/hop.lua deleted file mode 100644 index 3724b9f..0000000 --- a/home/nvim/lua/config/hop.lua +++ /dev/null @@ -1,16 +0,0 @@ -local hop = require("hop") -local keymap = vim.keymap - -hop.setup({ - case_insensitive = true, - char2_fallback_key = "", - quit_key = "", "", { - silent = true, - noremap = true, - callback = function() - hop.hint_char1() - end, -}) diff --git a/home/nvim/lua/config/lsp.lua b/home/nvim/lua/config/lsp.lua deleted file mode 100644 index 149163b..0000000 --- a/home/nvim/lua/config/lsp.lua +++ /dev/null @@ -1,74 +0,0 @@ -local lsp = vim.lsp -local diagnostic = vim.diagnostic -local keymap = vim.keymap - -keymap.set("n", "gd", lsp.buf.definition) -keymap.set("n", "rn", lsp.buf.rename) -keymap.set("n", "gr", lsp.buf.references) -keymap.set("n", "[d", diagnostic.goto_prev) -keymap.set("n", "]d", diagnostic.goto_next) - -diagnostic.config({ - signs = false, -}) - -local lspconfig = require("lspconfig") -local capabilities = require("cmp_nvim_lsp").default_capabilities() - -lspconfig.pylsp.setup({ capabilities = capabilities }) -lspconfig.clangd.setup({ capabilities = capabilities }) -lspconfig.bashls.setup({ capabilities = capabilities }) -lspconfig.rust_analyzer.setup({ - capabilities = capabilities, -}) - -lspconfig.gopls.setup({ - settings = { - gopls = { - analyses = { - unusedparams = true, - }, - staticcheck = true, - gofumpt = true, - }, - }, - capabilities = capabilities, -}) - -lspconfig.lua_ls.setup({ - capabilities = capabilities, - on_init = function(client) - if client.workspace_folders then - local path = client.workspace_folders[1].name - if vim.uv.fs_stat(path .. "/.luarc.json") or vim.uv.fs_stat(path .. "/.luarc.jsonc") then - return - end - end - - client.config.settings.Lua = vim.tbl_deep_extend("force", client.config.settings.Lua, { - runtime = { - -- Tell the language server which version of Lua you're using - -- (most likely LuaJIT in the case of Neovim) - version = "LuaJIT", - }, - -- Make the server aware of Neovim runtime files - workspace = { - checkThirdParty = false, - library = { - vim.env.VIMRUNTIME, - -- Depending on the usage, you might want to add additional paths here. - -- "${3rd}/luv/library" - -- "${3rd}/busted/library", - }, - -- or pull in all of 'runtimepath'. NOTE: this is a lot slower - -- library = vim.api.nvim_get_runtime_file("", true) - }, - }) - end, - settings = { - Lua = {}, - }, -}) - -lspconfig.nixd.setup({ capabilities = capabilities }) -lspconfig.terraformls.setup({ capabilities = capabilities }) diff --git a/home/nvim/lua/config/nvim-cmp.lua b/home/nvim/lua/config/nvim-cmp.lua deleted file mode 100644 index 8cfdedb..0000000 --- a/home/nvim/lua/config/nvim-cmp.lua +++ /dev/null @@ -1,54 +0,0 @@ -local cmp = require("cmp") -local luasnip = require("luasnip") - -cmp.setup({ - snippet = { - expand = function(args) - require("luasnip").lsp_expand(args.body) - end, - }, - mapping = { - [""] = cmp.mapping(function(fallback) - if cmp.visible() then - if luasnip.expandable() then - luasnip.expand() - else - cmp.confirm({ - select = true, - }) - end - else - fallback() - end - end), - - [""] = cmp.mapping(function(fallback) - if luasnip.locally_jumpable(1) then - luasnip.jump(1) - elseif cmp.visible() then - cmp.select_next_item() - else - fallback() - end - end, { "i", "s" }), - - [""] = cmp.mapping(function(fallback) - if luasnip.locally_jumpable(-1) then - luasnip.jump(-1) - elseif cmp.visible() then - cmp.select_prev_item() - else - fallback() - end - end, { "i", "s" }), - }, - sources = cmp.config.sources({ - { name = "nvim_lsp" }, - { name = "luasnip" }, - }, { - { name = "buffer" }, - { name = "path" }, - }), -}) diff --git a/home/nvim/lua/plugin_specs.lua b/home/nvim/lua/plugin_specs.lua deleted file mode 100644 index a51272e..0000000 --- a/home/nvim/lua/plugin_specs.lua +++ /dev/null @@ -1,99 +0,0 @@ --- Bootstrap lazy.nvim -local lazypath = vim.fn.stdpath("data") .. "/lazy/lazy.nvim" -if not (vim.uv or vim.loop).fs_stat(lazypath) then - local lazyrepo = "https://github.com/folke/lazy.nvim.git" - local out = vim.fn.system({ "git", "clone", "--filter=blob:none", "--branch=stable", lazyrepo, lazypath }) - if vim.v.shell_error ~= 0 then - vim.api.nvim_echo({ - { "Failed to clone lazy.nvim:\n", "ErrorMsg" }, - { out, "WarningMsg" }, - { "\nPress any key to exit..." }, - }, true, {}) - vim.fn.getchar() - os.exit(1) - end -end -vim.opt.rtp:prepend(lazypath) - -vim.g.mapleader = "," - -local plugin_specs = { - { - "nvim-treesitter/nvim-treesitter", - build = ":TSUpdate", - event = "VeryLazy", - }, - - { - "neovim/nvim-lspconfig", - event = { "BufRead", "BufNewFile" }, - config = function() - require("config.lsp") - end, - }, - - { - "hrsh7th/nvim-cmp", - event = "VeryLazy", - dependencies = { - "hrsh7th/cmp-nvim-lsp", - "hrsh7th/cmp-path", - "hrsh7th/cmp-buffer", - "hrsh7th/cmp-omni", - "hrsh7th/cmp-cmdline", - "saadparwaiz1/cmp_luasnip", - }, - config = function() - require("config.nvim-cmp") - end, - }, - - { - "L3MON4D3/LuaSnip", - version = "v2.*", - build = "make install_jsregexp", - }, - - { "stevearc/dressing.nvim", event = "VeryLazy" }, - - { - "nvim-tree/nvim-tree.lua", - lazy = false, - dependencies = { - "nvim-tree/nvim-web-devicons", - }, - }, - - { - "ibhagwan/fzf-lua", - dependencies = { "nvim-tree/nvim-web-devicons" }, - config = function() - require("config.fzf") - end, - }, - - { "windwp/nvim-autopairs", event = "InsertEnter", config = true }, - - { "tpope/vim-commentary", event = "VeryLazy" }, - - { "folke/tokyonight.nvim", lazy = false, priority = 1000 }, - - { "lewis6991/gitsigns.nvim" }, - - { "nvim-lualine/lualine.nvim", dependencies = { "nvim-tree/nvim-web-devicons" } }, - - { - "smoka7/hop.nvim", - version = "*", - config = function() - require("config.hop") - end, - }, - - { "cocopon/iceberg.vim" }, -} - -require("lazy").setup({ - spec = plugin_specs, - rocks = { enabled = true }, -}) diff --git a/home/plasma.nix b/home/plasma.nix new file mode 100644 index 0000000..10f5399 --- /dev/null +++ b/home/plasma.nix @@ -0,0 +1,85 @@ +{ ... }: +{ + programs.plasma = { + enable = true; + overrideConfig = true; + immutableByDefault = true; + workspace = { + lookAndFeel = "org.ide.breezedark.desktop"; + cursor = { + theme = "Bibata-Modern-Classic"; + size = 23; + }; + }; + + fonts = { + general = { + family = "IBM Plex Mono"; + pointSize = 12; + }; + }; + + input.keyboard = { + numlockOnStartup = "on"; + options = [ "ctrl:nocaps" ]; + }; + + # Meta key is actually the Super key in KDE + + hotkeys.commands = { + "launch-terminal" = { + name = "launch terminal"; + key = "Meta+Return"; + command = "kitty"; + }; + "launch-browser" = { + name = "launch browser"; + key = "Meta+B"; + command = "chromium"; + }; + "launch-fuzzel" = { + name = "launch-fuzzel"; + key = "Meta+d"; + command = "fuzzel"; + }; + }; + + shortcuts = { + kwin = { + "Switch Window Down" = "Meta+J"; + "Switch Window Left" = "Meta+H"; + "Switch Window Right" = "Meta+L"; + "Switch Window Up" = "Meta+K"; + "Window Quick Tile Down" = "Meta+Shift+J"; + "Window Quick Tile Left" = "Meta+Shift+H"; + "Window Quick Tile Right" = "Meta+Shift+L"; + "Window Quick Tile Up" = "Meta+Shift+K"; + "Window Close" = "Meta+Ctrl+Q"; + "Window Maximize" = "Meta+W"; + "Window Minimize" = "Meta+Shift+-"; + "Window Fullscreen" = "Meta+F"; + "Window Shrink Horizontal" = "Meta+-"; + }; + + ksmserver = { + "Lock Session" = [ + "Screensaver" + "Meta+Ctrl+L" + ]; + }; + }; + + configFile = { + # save RAM + baloofilerc."Basic Settings"."Indexing-Enabled" = false; + }; + + # looks like KDE overrides services.logind settings + powerdevil.AC = { + whenLaptopLidClosed = "hibernate"; + }; + powerdevil.battery = { + whenLaptopLidClosed = "hibernate"; + }; + }; +} diff --git a/home/rofi/config.rasi b/home/rofi/config.rasi deleted file mode 100644 index ae76aeb..0000000 --- a/home/rofi/config.rasi +++ /dev/null @@ -1,156 +0,0 @@ -configuration { - modes: "drun,run,emoji:rofimoji,clipboard:/home/yt/.config/rofi/scripts/cliphist.sh"; - font: "hack 12"; -/* location: 0;*/ -/* yoffset: 0;*/ -/* xoffset: 0;*/ -/* fixed-num-lines: true;*/ - show-icons: true; - terminal: "kitty"; -/* ssh-client: "ssh";*/ -/* ssh-command: "{terminal} -e {ssh-client} {host} [-p {port}]";*/ -/* run-command: "{cmd}";*/ -/* run-list-command: "";*/ -/* run-shell-command: "{terminal} -e {cmd}";*/ -/* window-command: "wmctrl -i -R {window}";*/ -/* window-match-fields: "all";*/ - icon-theme: "Papirus"; -/* drun-match-fields: "name,generic,exec,categories,keywords";*/ -/* drun-categories: ;*/ -/* drun-show-actions: false;*/ -/* drun-display-format: "{name} [({generic})]";*/ -/* drun-url-launcher: "xdg-open";*/ -/* disable-history: false;*/ -/* ignored-prefixes: "";*/ -/* sort: false;*/ -/* sorting-method: "normal";*/ -/* case-sensitive: false;*/ -/* cycle: true;*/ -/* sidebar-mode: false;*/ -/* hover-select: false;*/ -/* eh: 1;*/ -/* auto-select: false;*/ -/* parse-hosts: false;*/ -/* parse-known-hosts: true;*/ - combi-modes: "window,run,calc,filebrowser"; -/* matching: "normal";*/ -/* tokenize: true;*/ -/* m: "-5";*/ -/* filter: ;*/ -/* dpi: -1;*/ -/* threads: 0;*/ -/* scroll-method: 0;*/ -/* window-format: "{w} {c} {t}";*/ -/* click-to-exit: true;*/ -/* global-kb: false;*/ -/* max-history-size: 25;*/ -/* combi-hide-mode-prefix: false;*/ -/* combi-display-format: "{mode} {text}";*/ -/* matching-negate-char: '-' /* unsupported */;*/ -/* cache-dir: ;*/ -/* window-thumbnail: false;*/ -/* drun-use-desktop-cache: false;*/ -/* drun-reload-desktop-cache: false;*/ -/* normalize-match: false;*/ -/* steal-focus: false;*/ -/* application-fallback-icon: ;*/ -/* refilter-timeout-limit: 300;*/ -/* xserver-i300-workaround: false;*/ -/* completer-mode: "recursivebrowser";*/ -/* pid: "/run/user/1000/rofi.pid";*/ -/* display-window: ;*/ -/* display-run: ;*/ -/* display-ssh: ;*/ -/* display-drun: ;*/ -/* display-combi: ;*/ -/* display-keys: ;*/ -/* display-filebrowser: ;*/ -/* display-recursivebrowser: ;*/ -/* kb-primary-paste: "Control+V,Shift+Insert";*/ -/* kb-secondary-paste: "Control+v,Insert";*/ -/* kb-secondary-copy: "Control+c";*/ -/* kb-clear-line: "Control+w";*/ -/* kb-move-front: "Control+a";*/ -/* kb-move-end: "Control+e";*/ -/* kb-move-word-back: "Alt+b,Control+Left";*/ -/* kb-move-word-forward: "Alt+f,Control+Right";*/ -/* kb-move-char-back: "Left,Control+b";*/ -/* kb-move-char-forward: "Right,Control+f";*/ -/* kb-remove-word-back: "Control+Alt+h,Control+BackSpace";*/ -/* kb-remove-word-forward: "Control+Alt+d";*/ -/* kb-remove-char-forward: "Delete,Control+d";*/ -/* kb-remove-char-back: "BackSpace,Shift+BackSpace,Control+h";*/ -/* kb-remove-to-eol: "Control+k";*/ -/* kb-remove-to-sol: "Control+u";*/ -/* kb-accept-entry: "Control+j,Control+m,Return,KP_Enter";*/ -/* kb-accept-custom: "Control+Return";*/ -/* kb-accept-custom-alt: "Control+Shift+Return";*/ -/* kb-accept-alt: "Shift+Return";*/ -/* kb-delete-entry: "Shift+Delete";*/ -/* kb-mode-next: "Shift+Right,Control+Tab";*/ -/* kb-mode-previous: "Shift+Left,Control+ISO_Left_Tab";*/ -/* kb-mode-complete: "Control+l";*/ -/* kb-row-left: "Control+Page_Up";*/ -/* kb-row-right: "Control+Page_Down";*/ -/* kb-row-up: "Up,Control+p";*/ -/* kb-row-down: "Down,Control+n";*/ -/* kb-row-tab: "";*/ -/* kb-element-next: "Tab";*/ -/* kb-element-prev: "ISO_Left_Tab";*/ -/* kb-page-prev: "Page_Up";*/ -/* kb-page-next: "Page_Down";*/ -/* kb-row-first: "Home,KP_Home";*/ -/* kb-row-last: "End,KP_End";*/ -/* kb-row-select: "Control+space";*/ -/* kb-screenshot: "Alt+S";*/ -/* kb-ellipsize: "Alt+period";*/ -/* kb-toggle-case-sensitivity: "grave,dead_grave";*/ -/* kb-toggle-sort: "Alt+grave";*/ -/* kb-cancel: "Escape,Control+g,Control+bracketleft";*/ -/* kb-custom-1: "Alt+1";*/ -/* kb-custom-2: "Alt+2";*/ -/* kb-custom-3: "Alt+3";*/ -/* kb-custom-4: "Alt+4";*/ -/* kb-custom-5: "Alt+5";*/ -/* kb-custom-6: "Alt+6";*/ -/* kb-custom-7: "Alt+7";*/ -/* kb-custom-8: "Alt+8";*/ -/* kb-custom-9: "Alt+9";*/ -/* kb-custom-10: "Alt+0";*/ -/* kb-custom-11: "Alt+exclam";*/ -/* kb-custom-12: "Alt+at";*/ -/* kb-custom-13: "Alt+numbersign";*/ -/* kb-custom-14: "Alt+dollar";*/ -/* kb-custom-15: "Alt+percent";*/ -/* kb-custom-16: "Alt+dead_circumflex";*/ -/* kb-custom-17: "Alt+ampersand";*/ -/* kb-custom-18: "Alt+asterisk";*/ -/* kb-custom-19: "Alt+parenleft";*/ -/* kb-select-1: "Super+1";*/ -/* kb-select-2: "Super+2";*/ -/* kb-select-3: "Super+3";*/ -/* kb-select-4: "Super+4";*/ -/* kb-select-5: "Super+5";*/ -/* kb-select-6: "Super+6";*/ -/* kb-select-7: "Super+7";*/ -/* kb-select-8: "Super+8";*/ -/* kb-select-9: "Super+9";*/ -/* kb-select-10: "Super+0";*/ -/* kb-entry-history-up: "Control+Up";*/ -/* kb-entry-history-down: "Control+Down";*/ -/* ml-row-left: "ScrollLeft";*/ -/* ml-row-right: "ScrollRight";*/ -/* ml-row-up: "ScrollUp";*/ -/* ml-row-down: "ScrollDown";*/ -/* me-select-entry: "MousePrimary";*/ -/* me-accept-entry: "MouseDPrimary";*/ -/* me-accept-custom: "Control+MouseDPrimary";*/ - timeout { - action: "kb-cancel"; - delay: 0; - } - filebrowser { - directories-first: true; - sorting-method: "name"; - } -} diff --git a/home/rofi/scripts/cliphist.sh b/home/rofi/scripts/cliphist.sh deleted file mode 100755 index d11fadf..0000000 --- a/home/rofi/scripts/cliphist.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/usr/bin/env bash - -tmp_dir="/tmp/cliphist" -rm -rf "$tmp_dir" - -if [[ -n "$1" ]]; then - cliphist decode <<<"$1" | wl-copy - exit -fi - -mkdir -p "$tmp_dir" - -read -r -d '' prog <$tmp_dir/"grp[1]"."grp[3]) - print \$0"\0icon\x1f$tmp_dir/"grp[1]"."grp[3] - next -} -1 -EOF -cliphist list | gawk "$prog" diff --git a/home/sway/config b/home/sway/config deleted file mode 100644 index a5521db..0000000 --- a/home/sway/config +++ /dev/null @@ -1,155 +0,0 @@ -set $mod Mod4 -set $alt Mod1 -set $left h -set $down j -set $up k -set $right l - -set $term $HOME/.config/sway/scripts/terminal.sh -set $menu rofi -show run -set $screenshot grim -g "$(slurp)" - | wl-copy -set $browser librewolf -set $clipboard rofi -show clipboard -show-icons -set $emoji rofi -show emoji - -set $font_family DejaVu Sans Mono -set $font_size 11 -set $bg #000000 -set $fg #ffffff -set $fgi #888888 - -set $wallpaper $HOME/wallpapers/nixos-c-book-large.png -set $lock swaylock -f -i $wallpaper -output * bg $wallpaper fill - -floating_modifier $mod normal -default_border pixel -smart_borders on -focus_follows_mouse always -mouse_warping container - -bindsym $mod+Return exec $term -bindsym $mod+Ctrl+q kill -bindsym $mod+d exec $menu -bindsym $mod+Shift+c reload -bindsym $mod+Shift+e exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -B 'Yes, exit sway' 'swaymsg exit' -bindsym Print exec $screenshot -bindsym $mod+comma exec $clipboard -bindsym $mod+period exec $emoji - -bindsym $mod+$alt+b exec $browser -bindsym $mod+$alt+a exec anki -bindsym $mod+$alt+f exec thunar -bindsym $mod+$alt+e exec evolution -bindsym $mod+p exec bitwarden -bindsym $mod+$alt+m exec element-desktop - -bindsym $mod+$left focus left -bindsym $mod+$down focus down -bindsym $mod+$up focus up -bindsym $mod+$right focus right - -bindsym $mod+Shift+$left move left -bindsym $mod+Shift+$down move down -bindsym $mod+Shift+$up move up -bindsym $mod+Shift+$right move right - -bindsym $mod+1 workspace number 1 -bindsym $mod+2 workspace number 2 -bindsym $mod+3 workspace number 3 -bindsym $mod+4 workspace number 4 -bindsym $mod+5 workspace number 5 -bindsym $mod+6 workspace number 6 -bindsym $mod+7 workspace number 7 -bindsym $mod+8 workspace number 8 -bindsym $mod+9 workspace number 9 -bindsym $mod+0 workspace number 10 - -bindsym $mod+Shift+1 move container to workspace number 1 -bindsym $mod+Shift+2 move container to workspace number 2 -bindsym $mod+Shift+3 move container to workspace number 3 -bindsym $mod+Shift+4 move container to workspace number 4 -bindsym $mod+Shift+5 move container to workspace number 5 -bindsym $mod+Shift+6 move container to workspace number 6 -bindsym $mod+Shift+7 move container to workspace number 7 -bindsym $mod+Shift+8 move container to workspace number 8 -bindsym $mod+Shift+9 move container to workspace number 9 -bindsym $mod+Shift+0 move container to workspace number 10 - -# mouse side buttons -bindsym --whole-window BTN_EXTRA exec ~/.config/sway/scripts/remote.sh btn1 -bindsym --whole-window BTN_SIDE exec ~/.config/sway/scripts/remote.sh - -bindsym $mod+b splith -bindsym $mod+v splitv - -bindsym $mod+s layout stacking -bindsym $mod+w layout tabbed -bindsym $mod+e layout toggle split - -bindsym $mod+f fullscreen - -bindsym $mod+Shift+space floating toggle - -bindsym $mod+space focus mode_toggle - -bindsym $mod+a focus parent -bindsym $mod+Shift+a focus child - -bindsym $mod+Shift+minus move scratchpad -bindsym $mod+minus scratchpad show - -mode "resize" { - bindsym $left resize shrink width 10px - bindsym $down resize grow height 10px - bindsym $up resize shrink height 10px - bindsym $right resize grow width 10px - bindsym Return mode "default" - bindsym Escape mode "default" -} -bindsym $mod+r mode "resize" - -# keys to adjust volue and brightness -bindsym --locked XF86AudioMute exec "amixer -q sset Master,0 toggle" -bindsym --locked XF86AudioLowerVolume exec "amixer -q set Master 1%-" -bindsym --locked XF86AudioRaiseVolume exec "amixer -q sset Master 1%+" -bindsym --locked XF86MonBrightnessDown exec brightnessctl set 1%- -bindsym --locked XF86MonBrightnessUp exec brightnessctl set 1%+ - -# lockscreen -bindsym $mod+Control+l exec $lock - -font pango:$font_family $font_size - -for_window [app_id=mpv] inhibit_idle visible, floating enable, sticky enable -for_window [app_id="LibreWolf" title="^Extension"] floating enable -for_window [floating] border csd -for_window [app_id="Bitwarden"] floating enable - -bar { - swaybar_command waybar -} - -input "type:touchpad" { - dwt enabled - tap enabled - natural_scroll enabled -} - -input "type:keyboard" { - xkb_layout us - xkb_options ctrl:nocaps - xkb_numlock enabled -} - -exec wl-paste --watch cliphist store -exec mako >> $HOME/mako.log 2>&1 -exec dbus-update-activation-environment --all - -exec swayidle -w \ - timeout 300 'swaymsg "output * power off"' \ - timeout 305 $lock \ - resume 'swaymsg "output * power on"' \ - before-sleep 'playerctl pause; swaylock -f' - -exec system-dnotify --ready diff --git a/home/sway/scripts/remote.sh b/home/sway/scripts/remote.sh deleted file mode 100755 index 741c26d..0000000 --- a/home/sway/scripts/remote.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -active_window=$(swaymsg -t get_tree |jq -r '..|try select(.focused == true) |.app_id') - -if [ "$1" = "btn1" ]; then - if [ "$active_window" = "anki" ]; then - wtype " " - elif [ "$active_window" = "foot" ]; then - wtype -M ctrl -M shift -k c -m ctrl -m shift - elif [ "$active_window" = "chromium-browser" ] || [ "$active_window" = "librewolf" ]; then - wtype -M alt -P right -p right -m alt - else - wtype -M ctrl -k c -m ctrl - fi -else - if [ "$active_window" = "anki" ]; then - wtype "1" - elif [ "$active_window" = "foot" ]; then - wtype -M ctrl -M shift -k v - wtype -m ctrl - elif [ "$active_window" = "chromium-browser" ] || [ "$active_window" = "librewolf" ]; then - wtype -M alt -P left -p left -m alt - else - wtype -M ctrl -k v - wtype -m ctrl - fi -fi diff --git a/home/sway/scripts/terminal.sh b/home/sway/scripts/terminal.sh deleted file mode 100755 index 42653c6..0000000 --- a/home/sway/scripts/terminal.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/usr/bin/env bash - -focused_workspace=$(swaymsg -t get_workspaces | jq '.[] | select(.focused == true) | .num') - -foot_window_count=$(swaymsg -t get_tree | jq --argjson workspace "$focused_workspace" '[recurse(.nodes[]?) | select(.type == "workspace" and .num == $workspace) | recurse(.nodes[]?) | select(.app_id == "foot")] | length') - -next_session=$((focused_workspace * 10)) - -if [ "$foot_window_count" -gt 0 ] -then - next_session=$((next_session + foot_window_count)) -fi - -foot tmux new-session -A -s ${next_session} diff --git a/home/waybar/config b/home/waybar/config deleted file mode 100644 index 13b7819..0000000 --- a/home/waybar/config +++ /dev/null @@ -1,81 +0,0 @@ -{ - "layer": "top", // Waybar on highest layer so tooltips go over windows - "output": "eDP-1", // Set output to primary monitor - "height": 40, // Set height to avoid jumping due to active workspace indicator - - "margin-left": 0, - "margin-right": 0, - "margin-top": 0, - "modules-left": ["sway/workspaces", "clock#time", "clock#date", "battery"], // Sets modules for the left of the bar - "modules-center": ["sway/window"], // Set modules for the center of the bar - "modules-right": ["tray", "temperature", "cpu", "memory", "wireplumber"], // Set modules for the right of the bar - "clock#time": { - "format": "{:%H:%M:%S}", - "interval": 1, - }, - "clock#date": { - "format": "{:%Y/%m/%d}", - "tooltip-format": "{calendar}", - "interval": 360, - "calendar": { - "mode": "month", - "mode-mon-col": 4, - "weeks-pos": "right", - "on-scroll": 1, - "on-click-right": "mode", - "format": { - "months": "{}", - "days": "{}", - "weeks": "W{}", - "weekdays": "{}", - "today": "{}", - }, - }, - }, - "battery": { - "interval": 60, - "states": { - "warning": 40, - "critical": 20, - }, - "format": "{icon} {capacity}%", - "format-icons": [ - "", - "", - "", - "", - "", - ], - "format-charging": "󱐌 {capacity}%", - }, - "cpu": { - "format": "{usage}%", - "interval": 4, - }, - "memory": { - "format": "{used}GiB", - "interval": 4, - }, - "temperature": { - "hwmon-path": "/sys/class/hwmon/hwmon4/temp1_input", - "critical-threshold": 80, - "format": "{temperatureC}°C", - "format-critical": "{temperatureC}°C", - "interval": 4, - }, - "wireplumber": { - "scroll-step": 1, // %, can be a float - "format": "{icon} {volume}%", - "format-muted": "󰝟 Muted", - "format-icons": ["", "", ""], - "on-click": "pavucontrol", - "interval": 4, - }, - "sway/window": { - "max-length": 64, - }, - "tray": { - "icon-size": 22, - "spacing": 6, - } -} diff --git a/home/waybar/style.css b/home/waybar/style.css deleted file mode 100644 index 438d892..0000000 --- a/home/waybar/style.css +++ /dev/null @@ -1,70 +0,0 @@ -.module, -#clock.date, -#clock.time, -#workspaces button { - background: transparent; - padding: 0 10px; - font-family: RobotoMono Nerd Font; - font-weight: 900; - font-size: 13pt; - color: #c0caf5; -} - -/* main waybar */ -window#waybar { - background: rgba(26, 27, 38, 1); - border: 2px solid #414868; -} - -/* when hovering over modules */ -tooltip { - background: #1e1e2e; - border-radius: 0; -} - -#workspaces { - padding-right: 0; -} - -#workspaces button { - padding: 2px; -} - -#clock { - padding-right: 100px; -} - - -/* Sets active workspace to have a solid line on the bottom */ -#workspaces button.focused { - border-bottom: 2px solid #7aa2f7; - border-radius: 0; - margin-top: 0px; - transition: none; -} - -/* More workspace stuff for highlighting on hover */ -#workspaces button.focused { - color: #a6adc8; -} - -#workspaces button.urgent { - color: #f7768e; -} - -#workspaces button:hover { - background: #11111b; - color: #cdd6f4; -} - -/* Hide window module when not focused on window or empty workspace */ -window#waybar.empty #window { - padding: 0; - margin: 0; - opacity: 0; -} - -/* Set up rounding to make these modules look like separate pills */ -#tray { - margin-right: 4px; -} diff --git a/home/yt/chunk.nix b/home/yt/chunk.nix index 3285421..474abfc 100644 --- a/home/yt/chunk.nix +++ b/home/yt/chunk.nix @@ -14,9 +14,4 @@ programs.home-manager.enable = true; systemd.user.startServices = "sd-switch"; - - home.packages = with pkgs; [ - foot.terminfo - attic-server - ]; } diff --git a/home/yt/common.nix b/home/yt/common.nix index f14fc37..a8c9467 100644 --- a/home/yt/common.nix +++ b/home/yt/common.nix @@ -3,16 +3,13 @@ imports = [ ../tmux.nix ../zsh + ../nixvim ]; home.sessionVariables = { "EDITOR" = "nvim"; }; - xdg.configFile = { - nvim.source = ../nvim; - }; - home.packages = with pkgs; [ man-pages man-pages-posix @@ -30,17 +27,17 @@ }; programs.zoxide.enable = true; programs.eza.enable = true; - programs.neovim.enable = true; programs.git = { enable = true; userName = "cy"; - userEmail = "hi@cything.io"; + userEmail = "cy@cy7.sh"; delta = { - enable = true; + enable = false; options = { navigate = true; }; }; + difftastic.enable = true; extraConfig = { init.defaultBranch = "main"; push.autoSetupRemote = true; # assume -u on first push @@ -48,7 +45,11 @@ rebase = true; autostash = true; }; - merge.tool = "vimdiff"; + merge = { + tool = "vimdiff"; + keepBackup = false; + prompt = false; + }; rebase = { stat = true; autoStash = true; @@ -56,12 +57,20 @@ updateRefs = true; }; help.autocorrect = 1; - mergetool = { - prompt = false; - path = "nvim-open"; + "mergetool \"vimdiff\"".cmd = "nvim -d $LOCAL $REMOTE $MERGED -c '$wincmd w' -c 'wincmd J'"; + url = { + "ssh://git@github.com/" = { + insteadOf = [ + "https://github.com/" + "github:" + "gh:" + ]; + }; }; }; }; programs.ripgrep.enable = true; - programs.man.generateCaches = true; + # programs.man.generateCaches = true; # slows down eval + programs.fd.enable = true; + news.display = "silent"; } diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 729894f..cd6baa4 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -1,11 +1,14 @@ { pkgs, + lib, ... }: { imports = [ ./common.nix - ../foot.nix + ../irssi.nix + ../kitty.nix + ../codium.nix ]; home = { username = "yt"; @@ -14,128 +17,139 @@ }; programs.home-manager.enable = true; - systemd.user.startServices = "sd-switch"; - - qt = { - enable = true; - platformTheme.name = "gtk"; - style.name = "adwaita-dark"; - style.package = pkgs.adwaita-qt; + home.pointerCursor = { + package = pkgs.bibata-cursors; + name = "Bibata-Modern-Classic"; + size = 23; + gtk.enable = true; + x11.enable = true; }; - gtk = { - enable = true; - cursorTheme = { - package = pkgs.bibata-cursors; - name = "Bibata-Modern"; - }; - theme = { - package = pkgs.adw-gtk3; - name = "adw-gtk3-dark"; - }; - iconTheme = { - package = pkgs.adwaita-icon-theme; - name = "Adwaita"; - }; - }; + home.packages = + with pkgs; + lib.flatten [ + ungoogled-chromium + librewolf + bitwarden-desktop + bitwarden-cli + fastfetch + (with kdePackages; [ + gwenview + okular + ]) + mpv + signal-desktop + btop + jq + sqlite + usbutils + calibre + tor-browser + wtype + bat + rclone + go + (rust-bin.selectLatestNightlyWith ( + toolchain: + toolchain.default.override { + extensions = [ "rust-src" ]; + } + )) + pwgen + gnumake + unzip + anki-bin + trezorctl + q + gdb + fuzzel + hugo + ghidra + sccache + awscli2 + (cutter.withPlugins ( + p: with p; [ + rz-ghidra + jsdec + sigdb + ] + )) + p7zip + qbittorrent + android-tools + frida-tools + mitmproxy + (python313.withPackages ( + p: with p; [ + python-lsp-server + pip + virtualenv + ] + )) + jadx + scrcpy + syncthing + syncthingtray + (with llvmPackages; [ + clangUseLLVM + compiler-rt + libllvm + ]) + nix-output-monitor + wl-clipboard-rs + pixelflasher + cinny-desktop + freetube + gopls + rust-analyzer + minio-client + ]; home.sessionVariables = { - ANKI_WAYLAND = "1"; + # to make ghidra work on xwayland + _JAVA_AWT_WM_NONREPARENTING = 1; + + # sccache stuff + RUSTC_WRAPPER = "${lib.getExe pkgs.sccache}"; + SCCACHE_BUCKET = "sccache"; + SCCACHE_REGION = "us-east-1"; + SCCACHE_ENDPOINT = "https://s3.cy7.sh"; + SCCACHE_ALLOW_CORE_DUMPS = "true"; + SCCACHE_S3_USE_SSL = "true"; + SCCACHE_CACHE_MULTIARCH = "true"; + SCCACHE_LOG = "warn"; + AWS_DEFAULT_REGION = "us-east-1"; + AWS_ENDPOINT_URL = "https://s3.cy7.sh"; + AWS_ACCESS_KEY_ID = "$(cat /run/secrets/aws/key_id)"; + AWS_SECRET_ACCESS_KEY = "$(cat /run/secrets/aws/key_secret)"; + + # bitwarden ssh agent + SSH_AUTH_SOCK = "$HOME/.bitwarden-ssh-agent.sock"; }; - home.packages = with pkgs; [ - firefox - ungoogled-chromium - librewolf - bitwarden-desktop - bitwarden-cli - fastfetch - discord - nwg-look - element-desktop - kdePackages.gwenview - kdePackages.okular - kdePackages.qtwayland - mpv - yt-dlp - signal-desktop - azure-cli - pavucontrol - btop - grim - slurp - rofi-wayland - rofimoji - cliphist - jq - bash-language-server - sqlite - usbutils - clang-tools - calibre - tor-browser - wtype - bat - yarn - rclone - go - rustup - pwgen - lua-language-server - gnumake - foot - minisign - unzip - lm_sensors - sshfs - python312Packages.python-lsp-server - gopls - anki - trezorctl - trezor-agent - q - opentofu - terraform-ls - gdb - gcc - seahorse + home.sessionPath = [ + "$HOME/.cargo/bin" + "$HOME/go/bin" ]; - programs.waybar.enable = true; programs.feh.enable = true; - services.mako = { - enable = true; - backgroundColor = "#1a1a1a"; - defaultTimeout = 5000; - borderSize = 0; - borderRadius = 10; - font = "DejaVu Sans Mono 11"; - padding = "10"; - textColor = "#ffffff"; - extraConfig = '' - [urgency=high] - background-color=#c00000 - border-color=#ff0000 - ''; - }; - xdg.configFile = { - sway.source = ../sway; - rofi.source = ../rofi; - waybar.source = ../waybar; mpv.source = ../mpv; }; - programs.newsboat = { + programs.direnv = { enable = true; - extraConfig = '' - urls-source "miniflux" - miniflux-url "https://rss.cything.io/" - miniflux-login "cy" - miniflux-passwordfile /run/secrets/newsboat/miniflux - ''; + nix-direnv.enable = true; }; - services.gnome-keyring.enable = true; + programs.git.extraConfig = { + user = { + signingKey = "~/.ssh/id_ed25519"; + }; + gpg.format = "ssh"; + commit.gpgsign = true; + }; + + programs.nix-index-database.comma.enable = true; } diff --git a/home/zsh/default.nix b/home/zsh/default.nix index 2dd2a84..e599f0d 100644 --- a/home/zsh/default.nix +++ b/home/zsh/default.nix @@ -36,19 +36,22 @@ searchUpKey = "^p"; searchDownKey = "^n"; }; + + # prezto = { + # enable = true; + # caseSensitive = false; + # editor.keymap = "vi"; + # }; + initExtra = '' # disable control+s to pause terminal unsetopt FLOW_CONTROL - # manually integrate fzf cause we need to make sure zsh-vi-mode - # won't override C-r - function zvm_after_init() { - eval "$(${pkgs.fzf}/bin/fzf --zsh)" - } # useful emacs mode bindings bindkey -M viins "^E" end-of-line bindkey -M viins "^A" beginning-of-line bindkey -M viins "^B" backward-char + bindkey -M viins "^F" forward-char # accept one word completion bindkey -M viins "^S" forward-word @@ -87,9 +90,9 @@ "ta" = "tmux new-session -A -s"; "se" = "sudoedit"; "s" = "sudo"; - "nrs" = "sudo nixos-rebuild switch --flake ."; - "nrt" = "sudo nixos-rebuild test --flake ."; - "hrs" = "home-manager switch --flake ."; + "nrs" = "sudo nixos-rebuild switch -L --flake . --log-format internal-json -v |& nom --json"; + "nrt" = "sudo nixos-rebuild test -L --flake . --log-format internal-json -v |& nom --json"; + "hrs" = "home-manager switch -L --flake ."; "g" = "git"; "ga" = "git add"; "gaa" = "git add --all"; @@ -109,11 +112,13 @@ "grv" = "git remote --verbose"; "gs" = "git status --short"; "gss" = "git status"; + "code" = "codium"; }; }; programs.fzf.enableZshIntegration = true; programs.zoxide.enableZshIntegration = true; programs.eza.enableZshIntegration = true; - programs.nix-index.enableZshIntegration = false; + programs.nix-index.enableZshIntegration = true; + programs.direnv.enableZshIntegration = true; } diff --git a/hosts/chunk/Caddyfile b/hosts/chunk/Caddyfile deleted file mode 100644 index a42032c..0000000 --- a/hosts/chunk/Caddyfile +++ /dev/null @@ -1,67 +0,0 @@ -{ - acme_ca https://acme.zerossl.com/v2/DV90 - acme_eab { - key_id {$EAB_KEY_ID} - mac_key {$EAB_MAC_KEY} - } -} - -(common) { - encode zstd gzip - header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" -} - -git.cy7.sh, git.cything.io { - import common - reverse_proxy unix//run/gitlab/gitlab-workhorse.socket -} - -rss.cything.io { - import common - reverse_proxy localhost:8080 -} - -photos.cy7.sh { - import common - reverse_proxy localhost:2283 -} - -chat.cything.io { - import common - reverse_proxy localhost:8448 -} - -pass.cy7.sh { - import common - reverse_proxy localhost:8081 -} - -dns.cything.io { - import common - reverse_proxy localhost:8082 -} - -pad.cything.io { - import common - reverse_proxy localhost:8085 -} - -red.cything.io { - import common - reverse_proxy localhost:8087 -} - -grafana.cything.io { - import common - reverse_proxy localhost:8088 -} - -element.cything.io { - import common - reverse_proxy localhost:8089 -} - -cache.cything.io { - import common - reverse_proxy localhost:8090 -} diff --git a/hosts/chunk/adguard.nix b/hosts/chunk/adguard.nix deleted file mode 100644 index fe4b9bb..0000000 --- a/hosts/chunk/adguard.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ ... }: -{ - services.adguardhome = { - enable = true; - host = "127.0.0.1"; - port = 8082; - settings = { - http.port = "8083"; - users = [ - { - name = "cy"; - password = "$2y$10$BZy2zYJj5z4e8LZCq/GwuuhWUafL/MNFO.YcsAMmpDS.2krPxi7KC"; - } - ]; - # do not listen eveywhere cause podman runs it's own DNS - dns.bind_hosts = [ - "127.0.0.1" - "::1" - "31.59.129.225" - "2a0f:85c1:840:2bfb::1" - ]; - }; - }; -} diff --git a/hosts/chunk/attic.nix b/hosts/chunk/attic.nix deleted file mode 100644 index 2f84394..0000000 --- a/hosts/chunk/attic.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ config, ... }: -{ - services.atticd = { - enable = true; - - environmentFile = config.sops.secrets."attic/env".path; - - settings = { - listen = "[::]:8090"; - api-endpoint = "https://cache.cything.io/"; - allowed-hosts = [ "cache.cything.io" ]; - require-proof-of-possession = false; - compression.type = "zstd"; - database.url = "postgresql:///atticd?host=/run/postgresql"; - - storage = { - type = "local"; - path = "/mnt/attic"; - }; - - garbage-collection = { - default-retention-period = "3 months"; - }; - - chunking = { - nar-size-threshold = 0; # disables chunking - min-size = 0; - avg-size = 0; - max-size = 0; - concurrent-chunk-uploads = 32; - }; - }; - }; -} diff --git a/hosts/chunk/conduit.nix b/hosts/chunk/conduit.nix deleted file mode 100644 index 48025e1..0000000 --- a/hosts/chunk/conduit.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ - pkgs, - config, - ... -}: -{ - virtualisation.oci-containers.containers.conduit = { - image = "ghcr.io/girlbossceo/conduwuit:main"; - autoStart = true; - ports = [ "127.0.0.1:8448:8448" ]; - pull = "newer"; - environment = { - CONDUWUIT_SERVER_NAME = "cything.io"; - CONDUWUIT_DATABASE_PATH = "/var/lib/conduwuit"; - CONDUWUIT_PORT = "8448"; - CONDUWUIT_MAX_REQUEST_SIZE = "20000000"; # in bytes ~20MB - CONDUWUIT_ALLOW_REGISTRATION = "false"; - CONDUWUIT_ALLOW_FEDERATION = "true"; - CONDUWUIT_ALLOW_CHECK_FOR_UPDATES = "true"; - CONDUWUIT_TRUSTED_SERVERS = ''["matrix.org"]''; - CONDUWUIT_ADDRESS = "0.0.0.0"; - # CONDUIT_CONFIG = ""; - }; - volumes = [ - "/opt/conduit/db:/var/lib/conduwuit/" - ]; - networks = [ "conduit-net" ]; - }; - - systemd.services.create-conduit-net = { - serviceConfig.Type = "oneshot"; - wantedBy = with config.virtualisation.oci-containers; [ - "${backend}-conduit.service" - ]; - script = '' - ${pkgs.podman}/bin/podman network exists conduit-net || \ - ${pkgs.podman}/bin/podman network create conduit-net - ''; - }; -} diff --git a/hosts/chunk/conduwuit.nix b/hosts/chunk/conduwuit.nix index 6bada8e..3a6638f 100644 --- a/hosts/chunk/conduwuit.nix +++ b/hosts/chunk/conduwuit.nix @@ -8,4 +8,26 @@ allow_check_for_updates = true; }; }; + + services.caddy.virtualHosts."chat.cything.io".extraConfig = '' + import common + reverse_proxy localhost:8448 + ''; + + services.caddy.virtualHosts."cything.io" = { + serverAliases = [ "www.cything.io" ]; + extraConfig = '' + import common + + header /.well-known/matrix/* Content-Type application/json + header /.well-known/matrix/* Access-Control-Allow-Origin * + header /.well-known/matrix/* Access-Control-Allow-Methods GET,POST,PUT,DELETE,OPTIONS,PATCH,HEAD + header /.well-known/matrix/* Access-Control-Allow-Headers X-Requested-With,Content-Type,Authorization,Origin,Accept + route { + respond /.well-known/matrix/server {"m.server":"chat.cything.io:443"} + respond /.well-known/matrix/client {"m.server":{"base_url":"https://chat.cything.io"},"m.homeserver":{"base_url":"https://chat.cything.io"},"org.matrix.msc3575.proxy":{"url":"https://chat.cything.io"}} + redir https://cy7.sh/posts{uri} permanent + } + ''; + }; } diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index 38fbaeb..22290c1 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -1,7 +1,6 @@ { - config, - lib, pkgs, + lib, ... }: { @@ -9,22 +8,20 @@ ../common.nix ../zsh.nix ./hardware-configuration.nix - ./gitlab.nix ./backup.nix ./rclone.nix ./postgres.nix - ./wireguard.nix - ./adguard.nix ./hedgedoc.nix ./miniflux.nix ./redlib.nix ./vaultwarden.nix - ./wireguard.nix ./grafana.nix ./conduwuit.nix ./immich.nix ./element.nix - ./attic.nix + ./forgejo.nix + ./garage.nix + ./tailscale.nix ]; sops.age.keyFile = "/root/.config/sops/age/keys.txt"; @@ -32,9 +29,6 @@ "borg/rsyncnet" = { sopsFile = ../../secrets/borg/chunk.yaml; }; - "services/ntfy" = { - sopsFile = ../../secrets/services/ntfy.yaml; - }; "rclone/config" = { sopsFile = ../../secrets/rclone.yaml; }; @@ -47,99 +41,101 @@ "hedgedoc/env" = { sopsFile = ../../secrets/services/hedgedoc.yaml; }; - "wireguard/private" = { - sopsFile = ../../secrets/wireguard/chunk.yaml; - }; - "wireguard/psk-yt" = { - sopsFile = ../../secrets/wireguard/chunk.yaml; - }; - "wireguard/psk-phone" = { - sopsFile = ../../secrets/wireguard/chunk.yaml; - }; "miniflux/env" = { sopsFile = ../../secrets/services/miniflux.yaml; }; - "gitlab/root" = { - sopsFile = ../../secrets/services/gitlab.yaml; - owner = config.users.users.git.name; - }; - "gitlab/secret" = { - sopsFile = ../../secrets/services/gitlab.yaml; - owner = config.users.users.git.name; - }; - "gitlab/jws" = { - sopsFile = ../../secrets/services/gitlab.yaml; - owner = config.users.users.git.name; - }; - "gitlab/db" = { - sopsFile = ../../secrets/services/gitlab.yaml; - owner = config.users.users.git.name; - }; - "gitlab/otp" = { - sopsFile = ../../secrets/services/gitlab.yaml; - owner = config.users.users.git.name; - }; "rsyncnet/id_ed25519" = { sopsFile = ../../secrets/zh5061/chunk.yaml; }; "attic/env" = { sopsFile = ../../secrets/services/attic.yaml; }; + "garage/env" = { + sopsFile = ../../secrets/services/garage.yaml; + }; + "tailscale/auth" = { + sopsFile = ../../secrets/services/tailscale.yaml; + }; + "zipline/env" = { + sopsFile = ../../secrets/services/zipline.yaml; + }; + "searx/env" = { + sopsFile = ../../secrets/services/searx.yaml; + }; }; - boot.loader.grub.enable = true; - boot.loader.grub.device = "/dev/vda"; + boot = { + loader.grub.enable = true; + loader.grub.device = "/dev/vda"; + kernelPackages = pkgs.linuxPackages_latest; + }; system.stateVersion = "24.05"; # network stuff + networking = { + hostName = "chunk"; + networkmanager.enable = true; + firewall = { + enable = true; + trustedInterfaces = [ "tailscale0" ]; + allowedTCPPorts = [ + 22 + 80 + 443 + ]; + allowedUDPPorts = [ + 443 + ]; + extraCommands = + let + ethtool = lib.getExe pkgs.ethtool; + tc = lib.getExe' pkgs.iproute2 "tc"; + in + '' + # disable TCP segmentation offload (https://wiki.archlinux.org/title/Advanced_traffic_control#Prerequisites) + ${ethtool} -K ens18 tso off - networking.hostName = "chunk"; - networking.networkmanager.enable = true; - networking.firewall = { - enable = true; - allowedTCPPorts = [ - 22 - 80 - 443 - 53 - 853 - ]; - allowedUDPPorts = [ - 443 - 51820 - 53 - 853 - ]; # 51820 is wireguard - trustedInterfaces = [ "wg0" ]; - }; - networking.interfaces.ens18 = { - ipv6.addresses = [ - { - address = "2a0f:85c1:840:2bfb::1"; - prefixLength = 64; - } - ]; - ipv4.addresses = [ - { - address = "31.59.129.225"; - prefixLength = 24; - } - ]; - }; - networking.defaultGateway6 = { - address = "2a0f:85c1:840::1"; - interface = "ens18"; - }; - networking.defaultGateway = { - address = "31.59.129.1"; - interface = "ens18"; - }; + # clear existing rules + ${tc} qdisc del dev ens18 root || true - i18n.defaultLocale = "en_US.UTF-8"; - console = { - font = "Lat2-Terminus16"; - useXkbConfig = true; + # create HTB hierarchy + ${tc} qdisc add dev ens18 root handle 1: htb default 10 + ${tc} class add dev ens18 parent 1: classid 1:1 htb rate 100% ceil 100% + # rest + ${tc} class add dev ens18 parent 1:1 classid 1:10 htb rate 60% ceil 100% + # caddy + ${tc} class add dev ens18 parent 1:1 classid 1:30 htb rate 40% ceil 100% + + # mark traffic + iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/caddy.service" -j MARK --set-mark 3 + + # route marked packets + ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 3 fw flowid 1:30 + ''; + }; + interfaces.ens18 = { + ipv6.addresses = [ + { + address = "2a0f:85c1:840:2bfb::1"; + prefixLength = 64; + } + ]; + ipv4.addresses = [ + { + address = "31.59.129.225"; + prefixLength = 24; + } + ]; + }; + defaultGateway6 = { + address = "2a0f:85c1:840::1"; + interface = "ens18"; + }; + defaultGateway = { + address = "31.59.129.1"; + interface = "ens18"; + }; }; users.users.yt = { @@ -157,6 +153,13 @@ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPdhAQYy0+vS+QmyCd0MAbqbgzyMGcsuuFyf6kg2yKge yt@ytlinux" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINyn2+OoRN4nExti+vFQ1NHEZip0slAoCH9C5/FzvgZD yt@ytnix" ]; + # for forgejo + users.users.git = { + isNormalUser = true; + home = "/var/lib/forgejo"; + group = "git"; + }; + users.groups.git = { }; environment.systemPackages = with pkgs; [ vim @@ -166,7 +169,6 @@ tmux file sops - attic-server ]; environment.variables = { @@ -182,27 +184,10 @@ security.sudo.enable = true; security.sudo.wheelNeedsPassword = false; - programs.gnupg.agent.enable = true; programs.git.enable = true; - services.caddy = { - enable = true; - configFile = ./Caddyfile; - environmentFile = config.sops.secrets."caddy/env".path; - logFormat = lib.mkForce "level INFO"; - }; + my.caddy.enable = true; # container stuff - virtualisation.containers.enable = true; - virtualisation.podman = { - enable = true; - # create 'docker' alias for podman, to use as - # drop-in replacement - dockerCompat = true; - defaultNetwork.settings = { - dns_enabled = true; - ipv6_enabled = true; - }; - }; - virtualisation.oci-containers.backend = "podman"; + my.containerization.enable = true; } diff --git a/hosts/chunk/deluge.nix b/hosts/chunk/deluge.nix deleted file mode 100644 index 638c728..0000000 --- a/hosts/chunk/deluge.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ ... }: -{ - services.deluge = { - enable = true; - web = { - enable = true; - port = 8112; - }; - }; -} diff --git a/hosts/chunk/element.nix b/hosts/chunk/element.nix index 958666e..5a12e1e 100644 --- a/hosts/chunk/element.nix +++ b/hosts/chunk/element.nix @@ -7,9 +7,12 @@ virtualisation.oci-containers.containers.element = { image = "vectorim/element-web"; autoStart = true; - ports = [ "127.0.0.1:8089:80" ]; + ports = [ "127.0.0.1:8089:8089" ]; pull = "newer"; networks = [ "element-net" ]; + environment = { + ELEMENT_WEB_PORT = "8089"; + }; }; systemd.services.create-element-net = { @@ -22,4 +25,9 @@ ${pkgs.podman}/bin/podman network create element-net ''; }; + + services.caddy.virtualHosts."element.cy7.sh".extraConfig = '' + import common + reverse_proxy localhost:8089 + ''; } diff --git a/hosts/chunk/forgejo.nix b/hosts/chunk/forgejo.nix new file mode 100644 index 0000000..0abc681 --- /dev/null +++ b/hosts/chunk/forgejo.nix @@ -0,0 +1,53 @@ +{ pkgs, ... }: +{ + services.forgejo = { + enable = true; + package = pkgs.forgejo; # uses forgejo-lts by default + user = "git"; + group = "git"; + settings = { + server = { + ROOT_URL = "https://git.cy7.sh"; + HTTP_PORT = 3000; + HTTP_ADDR = "127.0.0.1"; + DOMAIN = "git.cy7.sh"; + LANDING_PAGE = "explore"; + }; + session.COOKIE_SECURE = true; + service.DISABLE_REGISTRATION = true; + ui = { + AMBIGUOUS_UNICODE_DETECTION = false; + DEFAULT_THEME = "forgejo-dark"; + }; + actions.ENABLED = false; + repository.ENABLE_PUSH_CREATE_USER = true; + indexer.REPO_INDEXER_ENABLED = true; + }; + database = { + type = "postgres"; + socket = "/run/postgresql"; + user = "git"; + name = "git"; + }; + }; + + services.caddy.virtualHosts."git.cy7.sh".extraConfig = '' + import common + + # renamed repo + uri replace /cy/infra /cy/nixos-config + + reverse_proxy localhost:3000 + ''; + services.caddy.virtualHosts."git.cything.io".extraConfig = '' + import common + + # wrap in route so things are evaluated in the order written + route { + # rewrite gitlab URIs to make it work with forgejo + uri path_regexp /-/ / + uri replace /blob/ /src/ + redir https://git.cy7.sh{uri} permanent + } + ''; +} diff --git a/hosts/chunk/garage.nix b/hosts/chunk/garage.nix new file mode 100644 index 0000000..b046a4b --- /dev/null +++ b/hosts/chunk/garage.nix @@ -0,0 +1,50 @@ +{ config, pkgs, ... }: +{ + services.garage = { + enable = true; + package = pkgs.garage; + settings = { + data_dir = "/mnt/garage"; + s3_api = { + s3_region = "us-east-1"; + api_bind_addr = "[::]:3900"; + root_domain = "s3.cy7.sh"; + }; + s3_web = { + bind_addr = "[::]:3902"; + root_domain = ".web.cy7.sh"; + add_host_to_metrics = true; + }; + admin.api_bind_addr = "[::]:3903"; + rpc_bind_addr = "[::]:3901"; + replication_factor = 1; + db_engine = "lmdb"; + disable_scrub = true; + block_size = "128M"; + compression_level = "none"; + }; + environmentFile = config.sops.secrets."garage/env".path; + logLevel = "warn"; + }; + + services.caddy.virtualHosts = { + "s3.cy7.sh" = { + serverAliases = [ "*.s3.cy7.sh" ]; + extraConfig = '' + import common + reverse_proxy localhost:3900 + ''; + }; + "admin.s3.cy7.sh".extraConfig = '' + import common + reverse_proxy localhost:3903 + ''; + "*.web.cy7.sh" = { + serverAliases = [ "nixcache.cy7.sh" ]; + extraConfig = '' + import common + reverse_proxy localhost:3902 + ''; + }; + }; +} diff --git a/hosts/chunk/gitlab.nix b/hosts/chunk/gitlab.nix deleted file mode 100644 index 753bcbd..0000000 --- a/hosts/chunk/gitlab.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ config, ... }: -{ - services.gitlab = { - enable = true; - https = true; - host = "git.cything.io"; - user = "git"; # so that you can ssh with git@git.cything.io - group = "git"; - port = 443; # this *not* the port gitlab will run on - puma.workers = 0; # https://docs.gitlab.com/omnibus/settings/memory_constrained_envs.html#optimize-puma - sidekiq.concurrency = 5; - databaseUsername = "git"; # needs to be same as user - initialRootEmail = "hi@cything.io"; - initialRootPasswordFile = config.sops.secrets."gitlab/root".path; - secrets = { - secretFile = config.sops.secrets."gitlab/secret".path; - otpFile = config.sops.secrets."gitlab/otp".path; - jwsFile = config.sops.secrets."gitlab/jws".path; - dbFile = config.sops.secrets."gitlab/db".path; - }; - backup = { - startAt = "daily"; - # we already postgresqlbackup.service - skip = [ "db" ]; - keepTime = 48; # hours - }; - extraConfig = { - gitlab = { - # NOTE: default_syntax_highlighting_theme needs to be set in the application_settings table in the database - default_color_mode = 2; - }; - prometheus.enabled = false; - }; - }; -} diff --git a/hosts/chunk/grafana.nix b/hosts/chunk/grafana.nix index 0575f51..f79a7ff 100644 --- a/hosts/chunk/grafana.nix +++ b/hosts/chunk/grafana.nix @@ -7,7 +7,7 @@ http_port = 8088; enforce_domain = true; enable_gzip = true; - domain = "grafana.cything.io"; + domain = "grafana.cy7.sh"; }; settings.analytics.reporting_enabled = false; }; @@ -29,6 +29,19 @@ } ]; } + { + job_name = "garage"; + static_configs = [ + { + targets = [ "127.0.0.1:3903" ]; + } + ]; + } ]; }; + + services.caddy.virtualHosts."grafana.cy7.sh".extraConfig = '' + import common + reverse_proxy localhost:8088 + ''; } diff --git a/hosts/chunk/hedgedoc.nix b/hosts/chunk/hedgedoc.nix index 1988520..62505f9 100644 --- a/hosts/chunk/hedgedoc.nix +++ b/hosts/chunk/hedgedoc.nix @@ -16,4 +16,9 @@ protocolUseSSL = true; }; }; + + services.caddy.virtualHosts."pad.cy7.sh".extraConfig = '' + import common + reverse_proxy localhost:8085 + ''; } diff --git a/hosts/chunk/immich.nix b/hosts/chunk/immich.nix index 2062330..7dc7824 100644 --- a/hosts/chunk/immich.nix +++ b/hosts/chunk/immich.nix @@ -1,13 +1,15 @@ { pkgs, config, + lib, ... }: let uploadLocation = "/mnt/photos/immich"; - thumbsLocation = "/opt/immich/thumbs"; + # thumbsLocation = "/opt/immich/thumbs"; profileLocation = "/opt/immich/profile"; dbDataLocation = "/opt/immich/postgres"; + backupsLocation = "/opt/immich/backups"; in { virtualisation.oci-containers.containers = { @@ -18,8 +20,9 @@ in pull = "newer"; volumes = [ "${uploadLocation}:/usr/src/app/upload" - "${thumbsLocation}:/usr/src/app/upload/thumbs" + # "${thumbsLocation}:/usr/src/app/upload/thumbs" "${profileLocation}:/usr/src/app/upload/profile" + "${backupsLocation}:/usr/src/app/upload/backups" ]; environment = { REDIS_HOSTNAME = "immich-redis"; @@ -67,21 +70,9 @@ in ]; networks = [ "immich-net" ]; }; - - # immich-ml = { - # image = "ghcr.io/immich-app/immich-machine-learning:release"; - # autoStart = true; - # pull = "newer"; - # environment = { - # REDIS_HOSTNAME = "immich-redis"; - # DB_HOSTNAME = "immich-db"; - # }; - # volumes = [ "${modelCache}:/cache" ]; - # networks = [ "immich-net" ]; - # }; }; - systemd.services.create-immich-net = { + systemd.services.create-immich-net = rec { serviceConfig.Type = "oneshot"; requiredBy = with config.virtualisation.oci-containers; [ "${backend}-immich.service" @@ -89,10 +80,15 @@ in "${backend}-immich-redis.service" # "${backend}-immich-ml.service" ]; - before = config.systemd.services.create-immich-net.requiredBy; + before = requiredBy; script = '' - ${pkgs.podman}/bin/podman network exists immich-net || \ - ${pkgs.podman}/bin/podman network create immich-net + ${lib.getExe pkgs.podman} network exists immich-net || \ + ${lib.getExe pkgs.podman} network create immich-net ''; }; + + services.caddy.virtualHosts."photos.cy7.sh".extraConfig = '' + import common + reverse_proxy localhost:2283 + ''; } diff --git a/hosts/chunk/jellyfin.nix b/hosts/chunk/jellyfin.nix deleted file mode 100644 index c6e0dec..0000000 --- a/hosts/chunk/jellyfin.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ ... }: -{ - services.jellyfin = { - enable = true; - dataDir = "/mnt/jellyfin"; - configDir = "/var/lib/jellyfin/config"; - }; -} diff --git a/hosts/chunk/miniflux.nix b/hosts/chunk/miniflux.nix index 9376ca6..84783f6 100644 --- a/hosts/chunk/miniflux.nix +++ b/hosts/chunk/miniflux.nix @@ -5,8 +5,13 @@ adminCredentialsFile = config.sops.secrets."miniflux/env".path; config = { PORT = 8080; - BASE_URL = "https://rss.cything.io"; + BASE_URL = "https://rss.cy7.sh"; FORCE_REFRESH_INTERVAL = 0; # don't rate limit me }; }; + + services.caddy.virtualHosts."rss.cy7.sh".extraConfig = '' + import common + reverse_proxy localhost:8080 + ''; } diff --git a/hosts/chunk/rclone.nix b/hosts/chunk/rclone.nix index ba9e45d..c592fbb 100644 --- a/hosts/chunk/rclone.nix +++ b/hosts/chunk/rclone.nix @@ -4,6 +4,33 @@ lib, ... }: +let + mkServiceConfig = remote: mount: { + Type = "notify"; + TimeoutSec = "5min 20s"; + ExecStartPre = "/usr/bin/env mkdir -p ${mount}"; + ExecStart = '' + ${lib.getExe pkgs.rclone} mount \ + --config ${config.sops.secrets."rclone/config".path} \ + --allow-other \ + --cache-dir /var/cache/rclone \ + --transfers 32 \ + --vfs-cache-mode full \ + --vfs-cache-min-free-space 5G \ + --dir-cache-time 30d \ + --no-checksum \ + --no-modtime \ + --vfs-fast-fingerprint \ + --vfs-read-chunk-size 16M \ + --vfs-read-chunk-streams 16 \ + --sftp-concurrency 64 \ + --sftp-chunk-size 255k \ + --buffer-size 0 \ + ${remote} ${mount} + ''; + ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -zu ${mount}"; + }; +in { systemd.services.immich-mount = { enable = true; @@ -12,31 +39,16 @@ after = [ "network-online.target" ]; requiredBy = [ "podman-immich-server.service" ]; before = [ "podman-immich-server.service" ]; - serviceConfig = { - Type = "notify"; - ExecStartPre = "/usr/bin/env mkdir -p /mnt/photos"; - ExecStart = "${lib.getExe pkgs.rclone} mount --config ${ - config.sops.secrets."rclone/config".path - } --cache-dir /var/cache/rclone --transfers=32 --checkers=32 --dir-cache-time 72h --vfs-cache-mode writes --vfs-cache-max-size 2G photos: /mnt/photos "; - ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/photos"; - }; + serviceConfig = mkServiceConfig "photos:" "/mnt/photos"; }; - systemd.services.attic-mount = { + systemd.services.garage-mount = { enable = true; - description = "Mount the attic data remote"; + description = "Mount the garage data remote"; requires = [ "network-online.target" ]; after = [ "network-online.target" ]; - requiredBy = [ "atticd.service" ]; - before = [ "atticd.service" ]; - serviceConfig = { - Type = "notify"; - ExecStartPre = "/usr/bin/env mkdir -p /mnt/attic"; - ExecStart = "${lib.getExe pkgs.rclone} mount --config ${ - config.sops.secrets."rclone/config".path - } --cache-dir /var/cache/rclone --transfers=32 --checkers=32 --vfs-cache-mode writes --vfs-cache-max-size 15G --allow-other rsyncnet:attic /mnt/attic "; - ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/attic"; - }; + requiredBy = [ "garage.service" ]; + before = [ "garage.service" ]; + serviceConfig = mkServiceConfig "rsyncnet:garage" "/mnt/garage"; }; - programs.fuse.userAllowOther = true; } diff --git a/hosts/chunk/redlib.nix b/hosts/chunk/redlib.nix index 39585f1..d095da5 100644 --- a/hosts/chunk/redlib.nix +++ b/hosts/chunk/redlib.nix @@ -10,4 +10,9 @@ REDLIB_ROBOTS_DISABLE_INDEXING = "on"; }; }; + + services.caddy.virtualHosts."red.cy7.sh".extraConfig = '' + import common + reverse_proxy localhost:8087 + ''; } diff --git a/hosts/chunk/tailscale.nix b/hosts/chunk/tailscale.nix new file mode 100644 index 0000000..17ff521 --- /dev/null +++ b/hosts/chunk/tailscale.nix @@ -0,0 +1,16 @@ +{ config, ... }: +{ + services.tailscale = { + enable = true; + authKeyFile = config.sops.secrets."tailscale/auth".path; + extraUpFlags = [ + "--advertise-exit-node" + "--accept-dns=false" + ]; + extraDaemonFlags = [ + "--no-logs-no-support" + ]; + useRoutingFeatures = "server"; + openFirewall = true; + }; +} diff --git a/hosts/chunk/tor.nix b/hosts/chunk/tor.nix deleted file mode 100644 index a63db2f..0000000 --- a/hosts/chunk/tor.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ ... }: -{ - services.tor = { - enable = true; - openFirewall = true; - relay = { - enable = true; - role = "relay"; - }; - settings = { - ORPort = 9001; - Nickname = "chunk"; - MaxAdvertisedBandwidth = "20MBytes"; - }; - }; -} diff --git a/hosts/chunk/vaultwarden.nix b/hosts/chunk/vaultwarden.nix index b97835e..cedece2 100644 --- a/hosts/chunk/vaultwarden.nix +++ b/hosts/chunk/vaultwarden.nix @@ -1,13 +1,9 @@ -{ config, ... }: +{ ... }: { - services.vaultwarden = { - enable = true; - dbBackend = "postgresql"; - environmentFile = config.sops.secrets."vaultwarden/env".path; - config = { - ROCKET_ADDRESS = "127.0.0.1"; - ROCKET_PORT = "8081"; - DATABASE_URL = "postgresql://vaultwarden:vaultwarden@127.0.0.1:5432/vaultwarden"; - }; - }; + my.vaultwarden.enable = true; + + services.caddy.virtualHosts."pass.cy7.sh".extraConfig = '' + import common + reverse_proxy localhost:8081 + ''; } diff --git a/hosts/common.nix b/hosts/common.nix index 100c6ec..77e0edb 100644 --- a/hosts/common.nix +++ b/hosts/common.nix @@ -1,13 +1,25 @@ -{ ... }: +{ inputs, config, ... }: { nix = { settings = { experimental-features = "nix-command flakes"; auto-optimise-store = true; flake-registry = ""; - trusted-users = [ "root" "@wheel" ]; - trusted-public-keys = [ "central:uWhjva6m6dhC2hqNisjn2hXGvdGBs19vPkA1dPEuwFg=" ]; - substituters = [ "https://cache.cything.io/central" ]; + trusted-users = [ + "root" + "@wheel" + ]; + extra-trusted-public-keys = [ + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + "nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8=" + ]; + extra-substituters = [ + "https://nix-community.cachix.org" + "https://nixcache.cy7.sh" + ]; + secret-key-files = [ + config.sops.secrets.cache-priv-key.path + ]; }; channel.enable = false; optimise = { @@ -20,25 +32,56 @@ persistent = true; options = "--delete-older-than 14d"; }; - extraOptions = '' - builders-use-substitutes = true - ''; + registry.nixpkgs.flake = inputs.nixpkgs; }; - time.timeZone = "America/Toronto"; - networking.firewall.logRefusedConnections = false; - networking.nameservers = [ - # quad9 - "2620:fe::fe" - "2620:fe::9" - "9.9.9.9" - "149.112.112.112" - ]; - # this is true by default and mutually exclusive with - # programs.nix-index - programs.command-not-found.enable = false; - programs.nix-index.enable = false; # set above to false to use this + i18n.defaultLocale = "en_US.UTF-8"; + time.timeZone = "America/New_York"; + networking = { + firewall.logRefusedConnections = false; + nameservers = [ + # quad9 (unfiltered) + "2620:fe::10" + "2620:fe::fe:10" + "9.9.9.10" + "149.112.112.110" + ]; + timeServers = [ + # https://github.com/jauderho/nts-servers + "ntp3.fau.de" + "ntppool1.time.nl" + "ntpmon.dcs1.biz" + "stratum1.time.cifelli.xyz" + "nts.teambelgium.net" + "c.st1.ntp.br" + ]; + }; + services.chrony = { + enable = true; + enableNTS = true; + enableMemoryLocking = true; + extraConfig = '' + # Expedited Forwarding + dscp 46 + # disable command port + cmdport 0 + # only allow NTS + authselectmode require + # update the clock only when at least 3 sources agree on the correct time + minsources 3 + ''; + }; # see journald.conf(5) services.journald.extraConfig = "MaxRetentionSec=2d"; + + services.thermald.enable = true; + environment.enableAllTerminfo = true; + + sops.secrets.cache-priv-key = { + format = "binary"; + sopsFile = ../secrets/cache-priv-key.pem; + mode = "0440"; + group = "users"; + }; } diff --git a/hosts/titan/Caddyfile b/hosts/titan/Caddyfile deleted file mode 100644 index d13e7ac..0000000 --- a/hosts/titan/Caddyfile +++ /dev/null @@ -1,37 +0,0 @@ -{ - acme_ca https://acme.zerossl.com/v2/DV90 - acme_eab { - key_id {$EAB_KEY_ID} - mac_key {$EAB_MAC_KEY} - } -} - -(common) { - encode zstd gzip - header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" -} - -cything.io { - import common - reverse_proxy localhost:8084 - - header /.well-known/matrix/* Content-Type application/json - header /.well-known/matrix/* Access-Control-Allow-Origin * - respond /.well-known/matrix/server {"m.server":"chat.cything.io:443"} - respond /.well-known/matrix/client {"m.server":{"base_url":"https://chat.cything.io"},"m.homeserver":{"base_url":"https://chat.cything.io"},"org.matrix.msc3575.proxy":{"url":"https://chat.cything.io"}} -} - -www.cything.io { - import common - redir https://cything.io{uri} permanent -} - -ntfy.cything.io { - import common - reverse_proxy localhost:8083 -} - -status.cything.io { - import common - reverse_proxy localhost:3001 -} diff --git a/hosts/titan/backup.nix b/hosts/titan/backup.nix deleted file mode 100644 index ad09978..0000000 --- a/hosts/titan/backup.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ - config, - ... -}: -{ - my.backup = { - enable = true; - jobName = "titanRsync"; - repo = "titan"; - passFile = config.sops.secrets."borg/rsyncnet".path; - sshKeyFile = config.sops.secrets."rsyncnet/id_ed25519".path; - }; -} diff --git a/hosts/titan/default.nix b/hosts/titan/default.nix deleted file mode 100644 index e8b03f0..0000000 --- a/hosts/titan/default.nix +++ /dev/null @@ -1,98 +0,0 @@ -{ - modulesPath, - config, - lib, - pkgs, - ... -}: -{ - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - (modulesPath + "/profiles/qemu-guest.nix") - ../common.nix - ./disk-config.nix - ./hardware-configuration.nix - ./ghost.nix - ./ntfy.nix - ./uptime-kuma.nix - ./backup.nix - ]; - - sops.age.keyFile = "/root/.config/sops/age/keys.txt"; - sops.secrets = { - "caddy/env" = { - sopsFile = ../../secrets/services/caddy.yaml; - }; - "services/ntfy" = { - sopsFile = ../../secrets/services/ntfy.yaml; - }; - "borg/rsyncnet" = { - sopsFile = ../../secrets/borg/titan.yaml; - }; - "rsyncnet/id_ed25519" = { - sopsFile = ../../secrets/zh5061/titan.yaml; - }; - }; - - boot = { - loader = { - systemd-boot.enable = true; - efi.canTouchEfiVariables = true; - }; - tmp.cleanOnBoot = true; - kernelPackages = pkgs.linuxPackages_latest; - }; - - services.openssh = { - enable = true; - settings.PasswordAuthentication = false; - }; - - users.users.root.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPdhAQYy0+vS+QmyCd0MAbqbgzyMGcsuuFyf6kg2yKge yt@ytlinux" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINyn2+OoRN4nExti+vFQ1NHEZip0slAoCH9C5/FzvgZD yt@ytnix" - ]; - - system.stateVersion = "24.05"; - - environment.systemPackages = with pkgs; [ - curl - git - ]; - - # network stuff - networking.hostName = "titan"; - networking.networkmanager.enable = true; - networking.firewall = { - enable = true; - allowedTCPPorts = [ - 22 - 80 - 443 - ]; - allowedUDPPorts = [ - 443 - ]; - }; - - # container stuff - virtualisation.containers.enable = true; - virtualisation.podman = { - enable = true; - # create 'docker' alias for podman, to use as - # drop-in replacement - dockerCompat = true; - defaultNetwork.settings = { - dns_enabled = true; - ipv6_enabled = true; - }; - }; - virtualisation.oci-containers.backend = "podman"; - - services.caddy = { - enable = true; - configFile = ./Caddyfile; - environmentFile = config.sops.secrets."caddy/env".path; - logFormat = lib.mkForce "level INFO"; - }; -} diff --git a/hosts/titan/disk-config.nix b/hosts/titan/disk-config.nix deleted file mode 100644 index 7c67624..0000000 --- a/hosts/titan/disk-config.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ - disko.devices = { - disk = { - main = { - device = "/dev/sda"; - type = "disk"; - content = { - type = "gpt"; - partitions = { - ESP = { - type = "EF00"; - size = "500M"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ "umask=0077" ]; - }; - }; - root = { - size = "100%"; - content = { - type = "filesystem"; - format = "ext4"; - mountpoint = "/"; - }; - }; - }; - }; - }; - }; - }; -} diff --git a/hosts/titan/ghost.nix b/hosts/titan/ghost.nix deleted file mode 100644 index a9f8293..0000000 --- a/hosts/titan/ghost.nix +++ /dev/null @@ -1,52 +0,0 @@ -{ - pkgs, - config, - ... -}: -{ - virtualisation.oci-containers.containers.ghost = { - image = "ghost:5-alpine"; - autoStart = true; - ports = [ "127.0.0.1:8084:2368" ]; - pull = "newer"; - environment = { - database__client = "mysql"; - database__connection__host = "ghost-db"; - database__connection__user = "root"; - database__connection__password = "example"; - database__connection__database = "ghost"; - url = "https://cything.io"; - NODE_ENV = "production"; - }; - volumes = [ - "/opt/ghost/data:/var/lib/ghost/content" - ]; - networks = [ "ghost-net" ]; - dependsOn = [ "ghost-db" ]; - }; - - virtualisation.oci-containers.containers.ghost-db = { - image = "mysql:8.0"; - autoStart = true; - pull = "newer"; - environment = { - MYSQL_ROOT_PASSWORD = "example"; - }; - volumes = [ - "/opt/ghost/db:/var/lib/mysql" - ]; - networks = [ "ghost-net" ]; - }; - - systemd.services.create-ghost-net = { - serviceConfig.Type = "oneshot"; - wantedBy = with config.virtualisation.oci-containers; [ - "${backend}-ghost.service" - "${backend}-ghost-db.service" - ]; - script = '' - ${pkgs.podman}/bin/podman network exists ghost-net || \ - ${pkgs.podman}/bin/podman network create ghost-net - ''; - }; -} diff --git a/hosts/titan/hardware-configuration.nix b/hosts/titan/hardware-configuration.nix deleted file mode 100644 index 2730f0c..0000000 --- a/hosts/titan/hardware-configuration.nix +++ /dev/null @@ -1,26 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ - lib, - ... -}: - -{ - imports = [ ]; - - boot.initrd.availableKernelModules = [ "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.eth0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - virtualisation.hypervGuest.enable = true; -} diff --git a/hosts/titan/ntfy.nix b/hosts/titan/ntfy.nix deleted file mode 100644 index cc2cb47..0000000 --- a/hosts/titan/ntfy.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ ... }: -{ - services.ntfy-sh = { - enable = true; - settings = { - listen-http = "127.0.0.1:8083"; - base-url = "https://ntfy.cything.io"; - upstream-base-url = "https://ntfy.sh"; - auth-default-access = "deny-all"; - behind-proxy = true; - }; - }; -} diff --git a/hosts/titan/uptime-kuma.nix b/hosts/titan/uptime-kuma.nix deleted file mode 100644 index 8bc0251..0000000 --- a/hosts/titan/uptime-kuma.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ ... }: -{ - # data stored at /var/lib/uptime-kuma/ but does not expose - # an option to change it - services.uptime-kuma = { - enable = true; - settings.PORT = "3001"; - }; -} diff --git a/hosts/ytnix/containers.nix b/hosts/ytnix/containers.nix new file mode 100644 index 0000000..4ef858c --- /dev/null +++ b/hosts/ytnix/containers.nix @@ -0,0 +1,38 @@ +{ + config, + pkgs, + lib, + ... +}: +{ + virtualisation.oci-containers.containers = { + immich-ml = + let + modelCache = "/opt/immich-ml"; + in + { + image = "ghcr.io/immich-app/immich-machine-learning:release"; + autoStart = true; + pull = "newer"; + ports = [ "3003:3003" ]; + environment = { + REDIS_HOSTNAME = "immich-redis"; + DB_HOSTNAME = "immich-db"; + }; + volumes = [ "${modelCache}:/cache" ]; + networks = [ "immich-net" ]; + }; + }; + + systemd.services.create-immich-net = rec { + serviceConfig.Type = "oneshot"; + requiredBy = with config.virtualisation.oci-containers; [ + "${backend}-immich-ml.service" + ]; + before = requiredBy; + script = '' + ${lib.getExe pkgs.podman} network exists immich-net || \ + ${lib.getExe pkgs.podman} network create immich-net + ''; + }; +} diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index 016582b..eba3509 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -1,7 +1,6 @@ { config, pkgs, - inputs, lib, ... }: @@ -10,12 +9,8 @@ ./hardware-configuration.nix ../common.nix ../zsh.nix - { - disabledModules = [ - "services/backup/btrbk.nix" - ]; - } - (inputs.nixpkgs-btrbk + "/nixos/modules/services/backup/btrbk.nix") + ./tailscale.nix + ./containers.nix ]; sops.age.keyFile = "/root/.config/sops/age/keys.txt"; @@ -23,32 +18,33 @@ "borg/rsyncnet" = { sopsFile = ../../secrets/borg/yt.yaml; }; - "services/ntfy" = { - sopsFile = ../../secrets/services/ntfy.yaml; - }; - "wireguard/private" = { - sopsFile = ../../secrets/wireguard/yt.yaml; - }; - "wireguard/psk" = { - sopsFile = ../../secrets/wireguard/yt.yaml; - }; "rsyncnet/id_ed25519" = { sopsFile = ../../secrets/zh5061/yt.yaml; }; - "newsboat/miniflux" = { - sopsFile = ../../secrets/newsboat.yaml; + "tailscale/auth" = { + sopsFile = ../../secrets/services/tailscale.yaml; + }; + "aws/key_id" = { + sopsFile = ../../secrets/yt/aws.yaml; owner = "yt"; }; + "aws/key_secret" = { + sopsFile = ../../secrets/yt/aws.yaml; + owner = "yt"; + }; + "vaultwarden/env" = { + sopsFile = ../../secrets/services/vaultwarden.yaml; + }; }; boot = { loader = { # lanzaboote replaces systemd-boot systemd-boot.enable = lib.mkForce false; - efi.canTouchEfiVariables = false; # toggle when installing + efi.canTouchEfiVariables = true; }; tmp.cleanOnBoot = true; - kernelPackages = pkgs.linuxPackages_latest; + kernelPackages = pkgs.linuxKernel.packages.linux_zen; extraModulePackages = with config.boot.kernelPackages; [ rtl8821ce ]; @@ -65,6 +61,7 @@ pkiBundle = "/var/lib/sbctl"; }; kernel.sysctl."kernel.sysrq" = 1; + binfmt.emulatedSystems = [ "aarch64-linux" ]; }; networking = { @@ -82,15 +79,25 @@ networkmanager = { enable = true; dns = "none"; - wifi.backend = "iwd"; + wifi = { + backend = "iwd"; + powersave = false; + }; }; resolvconf.enable = true; firewall = { - allowedUDPPorts = [ 51820 ]; # for wireguard - trustedInterfaces = [ "wg0" ]; + enable = true; + trustedInterfaces = [ "tailscale0" ]; + # allowedTCPPorts = [ + # 8080 # mitmproxy + # 22000 # syncthing + # 3003 # immich-ml + # ]; + }; + hosts = { + "100.122.132.30" = [ "s3.cy7.sh" ]; }; }; - programs.nm-applet.enable = true; security.rtkit.enable = true; services.pipewire = { @@ -99,9 +106,7 @@ alsa.enable = true; alsa.support32Bit = true; wireplumber.extraConfig.bluetoothEnhancements = { - "wireplumber.settings" = { - "bluetooth.autoswitch-to-headset-profile" = false; - }; + # https://julian.pages.freedesktop.org/wireplumber/daemon/configuration/bluetooth.html#bluetooth-configuration "monitor.bluez.properties" = { "bluez5.enable-sbc-xq" = true; "bluez5.enable-msbc" = true; @@ -109,6 +114,10 @@ "bluez5.roles" = [ "a2dp_sink" "a2dp_source" + "hsp_hs" + "hsp_ag" + "hfp_hf" + "hfp_ag" ]; }; }; @@ -135,39 +144,54 @@ "wheel" "libvirtd" "docker" + "disk" + "adbusers" + "podman" ]; - environment.systemPackages = with pkgs; [ - tmux - vim - wget - neovim - git - python3 - wl-clipboard - mako - tree - kitty - borgbackup - brightnessctl - alsa-utils - nixd - bluetuith - libimobiledevice - pass-wayland - htop - file - dnsutils - age - compsize - wireguard-tools - traceroute - sops - restic - haskell-language-server - ghc - sbctl # secure boot - ]; + environment.systemPackages = + with pkgs; + lib.flatten [ + tmux + vim + wget + tree + kitty + borgbackup + htop + file + dnsutils + q + age + compsize + wireguard-tools + traceroute + sops + sbctl # secure boot + lm_sensors + sshfs + openssl + just + killall + lshw + bubblewrap + fuse-overlayfs + dwarfs + wineWowPackages.stagingFull + (with gst_all_1; [ + gst-plugins-good + gst-plugins-bad + gst-plugins-ugly + gst-plugins-base + ]) + vulkan-loader + (heroic.override { + extraPkgs = pkgs: [ + pkgs.gamescope + pkgs.gamemode + ]; + }) + ]; environment.sessionVariables = { NIXOS_OZONE_WL = "1"; @@ -180,25 +204,27 @@ services.displayManager = { enable = true; autoLogin.user = "yt"; + defaultSession = "plasma"; + sddm = { + enable = true; + wayland.enable = true; + autoNumlock = true; + }; }; - fonts.packages = with pkgs; [ - nerd-fonts.roboto-mono - ibm-plex - ]; - fonts.enableDefaultPackages = true; + fonts = { + packages = with pkgs; [ + nerd-fonts.roboto-mono + ibm-plex + ]; + enableDefaultPackages = true; + }; hardware.enableAllFirmware = true; hardware.bluetooth = { enable = true; powerOnBoot = true; }; - services.blueman.enable = true; - - programs.sway = { - enable = true; - wrapperFeatures.gtk = true; - }; my.backup = { enable = true; @@ -210,82 +236,118 @@ "/home/yt/.local/share/Steam" "**/.wine" "/home/yt/Games" + "/home/yt/Videos" + "/home/yt/.bitmonero" ]; repo = "yt"; passFile = config.sops.secrets."borg/rsyncnet".path; sshKeyFile = config.sops.secrets."rsyncnet/id_ed25519".path; }; - services.btrbk.instances.local = { - onCalendar = "hourly"; - # only create snapshots automatically. backups are triggered manually with `btrbk resume` - snapshotOnly = true; - settings = { - snapshot_preserve_min = "latest"; - target_preserve = "*d"; - target_preserve_min = "no"; - target = "/mnt/external/btr_backup/ytnix"; - stream_compress = "zstd"; - stream_compress_level = "8"; - snapshot_dir = "/snapshots"; - subvolume = { - "/home" = { }; - "/" = { }; - }; - }; - }; - programs.steam = { enable = true; extest.enable = true; extraCompatPackages = with pkgs; [ proton-ge-bin ]; }; - hardware.steam-hardware.enable = true; + programs.gamescope.enable = true; services.logind = { - lidSwitch = "hibernate"; - powerKey = "hibernate"; + lidSwitch = "suspend"; + powerKey = "poweroff"; + suspendKey = "hibernate"; }; xdg.mime.defaultApplications = { "application/pdf" = "okular.desktop"; "image/*" = "gwenview.desktop"; - "*/html" = "chromium-browser.desktop"; }; - programs.thunar = { + virtualisation.libvirtd = { enable = true; - plugins = with pkgs.xfce; [ - thunar-archive-plugin - thunar-volman - ]; - }; - # preference changes don't work in thunar without this - programs.xfconf.enable = true; - # mount, trash and stuff in thunar - services.gvfs.enable = true; - # thumbnails in thunar - services.tumbler.enable = true; - - virtualisation = { - libvirtd.enable = true; - docker.enable = true; + qemu.vhostUserPackages = with pkgs; [ virtiofsd ]; }; programs.virt-manager.enable = true; + my.containerization.enable = true; services.usbmuxd.enable = true; - programs.nix-ld.enable = true; + programs.nix-ld.dev = { + enable = true; + # nix run github:thiagokokada/nix-alien#nix-alien-find-libs ./ + libraries = with pkgs; [ + # TODO: revisit what we actually need + mesa + extest + stdenv.cc.cc + libGL + fontconfig + libxkbcommon + zlib + libz + libxml2 + dbus + freetype + egl-wayland + waylandpp + cairo + xcb-util-cursor + libplist + p11-kit + kdePackages.qtwayland + qt6.full + qt6.qtwayland + qt5.full + qt5.qtwayland + xorg.libX11 + xorg.libxcb + xorg.xcbutilwm + xorg.xcbutilimage + xorg.xcbutilkeysyms + xorg.xcbutilrenderutil + xorg.libXScrnSaver + xorg.libXcomposite + xorg.libXcursor + xorg.libXdamage + xorg.libXext + xorg.libXfixes + xorg.libXi + xorg.libXrandr + xorg.libXrender + xorg.libXtst + xorg.libxkbfile + xorg.libxshmfence + xorg.libXxf86vm + xorg.libSM + gtk3 + pango + gdk-pixbuf + glib + libnotify + SDL2 + libpng + libjpeg8 + libtiff + curl + pcre2 + gsettings-desktop-schemas + ]; + }; programs.evolution.enable = true; xdg.portal = { enable = true; wlr.enable = true; + xdgOpenUsePortal = true; + extraPortals = with pkgs; [ + xdg-desktop-portal-gtk + xdg-desktop-portal-gnome + ]; }; programs.obs-studio = { enable = true; plugins = with pkgs.obs-studio-plugins; [ wlrobs + obs-pipewire-audio-capture ]; }; @@ -297,29 +359,35 @@ ]; }; - services.ollama.enable = true; - - # wireguard setup - networking.wg-quick.interfaces.wg0 = { - autostart = false; - address = [ - "10.0.0.2/24" - "fdc9:281f:04d7:9ee9::2/64" - ]; - privateKeyFile = config.sops.secrets."wireguard/private".path; - peers = [ - { - publicKey = "a16/F/wP7HQIUtFywebqPSXQAktPsLgsMLH9ZfevMy0="; - allowedIPs = [ - "0.0.0.0/0" - "::/0" - ]; - endpoint = "31.59.129.225:51820"; - persistentKeepalive = 25; - presharedKeyFile = config.sops.secrets."wireguard/psk".path; - } - ]; - }; + services.ollama.enable = false; services.trezord.enable = true; + + programs.niri.enable = false; + programs.niri.package = pkgs.niri-unstable; + programs.xwayland.enable = true; + + services.udev.extraHwdb = '' + SUBSYSTEM=="usb", SYSFS{idVendor}=="090c", SYSFS{idProduct}=="1000", ACTION=="add", GROUP="users", MODE="0664" + ''; + + services.desktopManager.plasma6 = { + enable = true; + enableQt5Integration = true; + }; + + programs.appimage = { + enable = true; + binfmt = true; + }; + + programs.adb.enable = true; + services.envfs.enable = true; + programs.kdeconnect.enable = true; + programs.dconf.enable = true; + + programs.ccache.enable = true; + nix.settings.extra-sandbox-paths = [ config.programs.ccache.cacheDir ]; + programs.fuse.userAllowOther = true; + nix.settings.sandbox = false; } diff --git a/hosts/ytnix/tailscale.nix b/hosts/ytnix/tailscale.nix new file mode 100644 index 0000000..17db0c5 --- /dev/null +++ b/hosts/ytnix/tailscale.nix @@ -0,0 +1,18 @@ +{ config, ... }: +{ + services.tailscale = { + enable = true; + authKeyFile = config.sops.secrets."tailscale/auth".path; + openFirewall = true; + useRoutingFeatures = "client"; + extraUpFlags = [ + "--exit-node=chunk" + "--accept-dns=false" + "--operator=yt" + "--exit-node-allow-lan-access" + ]; + extraDaemonFlags = [ + "--no-logs-no-support" + ]; + }; +} diff --git a/justfile b/justfile new file mode 100644 index 0000000..9f6236c --- /dev/null +++ b/justfile @@ -0,0 +1,20 @@ +update: + git branch -D update || true + git switch -c update + nix flake update --commit-lock-file + git push -f + git switch main + +upgrade: + git switch update + sudo nixos-rebuild switch -L --flake . --use-substitutes + nixos-rebuild switch -L --flake .#chunk --target-host root@2a0f:85c1:840:2bfb::1 --use-substitutes + home-manager -L switch --flake . + git switch main + git merge update + git branch -d update + +switch: + sudo nixos-rebuild switch -L --flake . --use-substitutes + nixos-rebuild switch -L --flake .#chunk --target-host root@2a0f:85c1:840:2bfb::1 --use-substitutes + home-manager -L switch --flake . diff --git a/modules/attic.nix b/modules/attic.nix new file mode 100644 index 0000000..e546a9e --- /dev/null +++ b/modules/attic.nix @@ -0,0 +1,72 @@ +{ + config, + lib, + ... +}: +let + cfg = config.my.attic; +in +{ + options.my.attic = { + enable = lib.mkEnableOption "attic"; + }; + + config = lib.mkIf cfg.enable { + services.atticd = { + enable = true; + environmentFile = config.sops.secrets."attic/env".path; + settings = { + listen = "[::]:8091"; + api-endpoint = "https://cache.cy7.sh/"; + allowed-hosts = [ + "cache.cy7.sh" + "cdn.cy7.sh" + ]; + require-proof-of-possession = false; + compression = { + type = "none"; + level = 3; + }; + database.url = "postgresql:///atticd?host=/run/postgresql"; + + storage = { + type = "s3"; + region = "us-east-1"; + bucket = "attic"; + # attic must be patched to never serve pre-signed s3 urls directly + # otherwise it will redirect clients to this localhost endpoint + endpoint = "http://127.0.0.1:3900"; + }; + + garbage-collection = { + default-retention-period = "1 month"; + }; + + chunking = { + # disable chunking since garage does its own + nar-size-threshold = 0; + # defaults + min-size = 16384; + avg-size = 65536; + max-size = 262144; + }; + }; + }; + + systemd.services.atticd = { + requires = [ "garage.service" ]; + after = [ "garage.service" ]; + environment = { + RUST_LOG = "INFO"; + }; + }; + + services.caddy.virtualHosts."cache.cy7.sh" = { + serverAliases = [ "cdn.cy7.sh" ]; + extraConfig = '' + import common + reverse_proxy localhost:8091 + ''; + }; + }; +} diff --git a/modules/backup.nix b/modules/backup.nix index e632726..2715deb 100644 --- a/modules/backup.nix +++ b/modules/backup.nix @@ -2,12 +2,10 @@ config, lib, pkgs, - inputs, ... }: let cfg = config.my.backup; - hostname = config.networking.hostName; defaultPaths = [ "/root" "/home" @@ -31,13 +29,6 @@ let ]; in { - imports = [ - { - disabledModules = [ "services/backup/borgbackup.nix" ]; - } - (inputs.nixpkgs-borg + "/nixos/modules/services/backup/borgbackup.nix") - ]; - options.my.backup = { enable = lib.mkEnableOption "backup"; paths = lib.mkOption { @@ -105,23 +96,6 @@ in ]; # warnings are often not that serious failOnWarnings = false; - postHook = '' - invocationId=$(systemctl show -p InvocationID --value borgbackup-job-${cfg.jobName}.service) - title="${hostname}: backup completed with exit code: $exitStatus" - msg=$(journalctl -o cat _SYSTEMD_INVOCATION_ID=$invocationId) - - if [ "$exitStatus" -eq 0 ]; then - tag="v" - else - tag="rotating_light" - fi - - ${pkgs.curl}/bin/curl -sL -u $(cat ${config.sops.secrets."services/ntfy".path}) \ - -H "Title: $title" \ - -H "Tags: $tag" \ - -d "$msg" \ - https://ntfy.cything.io/backups > /dev/null - ''; prune.keep = { within = "2d"; diff --git a/modules/caddy.nix b/modules/caddy.nix new file mode 100644 index 0000000..3e6ca63 --- /dev/null +++ b/modules/caddy.nix @@ -0,0 +1,41 @@ +{ + config, + lib, + pkgs, + ... +}: +let + cfg = config.my.caddy; +in +{ + options.my.caddy = { + enable = lib.mkEnableOption "caddy reverse proxy"; + }; + + config = lib.mkIf cfg.enable { + services.caddy = { + enable = true; + package = pkgs.caddy.withPlugins { + plugins = [ + # error message will tell you the correct version tag to use + # (still need the @ to pass nix config check) + "github.com/caddy-dns/cloudflare@v0.0.0-20250228175314-1fb64108d4de" + ]; + hash = "sha256-YYpsf8HMONR1teMiSymo2y+HrKoxuJMKIea5/NEykGc="; + }; + logFormat = lib.mkForce "level INFO"; + acmeCA = "https://acme-v02.api.letsencrypt.org/directory"; + extraConfig = '' + (common) { + encode zstd gzip + header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" + tls { + dns cloudflare {$CLOUDFLARE_KEY} + resolvers 1.1.1.1 8.8.8.8 + } + } + ''; + environmentFile = config.sops.secrets."caddy/env".path; + }; + }; +} diff --git a/modules/containerization.nix b/modules/containerization.nix new file mode 100644 index 0000000..fd39da9 --- /dev/null +++ b/modules/containerization.nix @@ -0,0 +1,38 @@ +{ + config, + lib, + ... +}: +let + cfg = config.my.containerization; +in +{ + options.my.containerization = { + enable = lib.mkEnableOption "containerization"; + usePodman = lib.mkOption { + type = lib.types.bool; + default = true; + description = "whether to use podman instead of docker"; + }; + }; + + config = lib.mkIf cfg.enable { + virtualisation = { + containers.enable = true; + podman = lib.mkIf cfg.usePodman { + enable = true; + # create 'docker' alias for podman, to use as + # drop-in replacement + dockerCompat = true; + defaultNetwork.settings = { + dns_enabled = true; + ipv6_enabled = true; + }; + # answer on /var/run/docker.sock + dockerSocket.enable = true; + }; + docker.enable = lib.mkIf (!cfg.usePodman) true; + oci-containers.backend = lib.mkIf (!cfg.usePodman) "docker"; + }; + }; +} diff --git a/modules/default.nix b/modules/default.nix index 2155137..640d56b 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -2,5 +2,12 @@ { imports = [ ./backup.nix + ./caddy.nix + ./roundcube.nix + ./zipline.nix + ./containerization.nix + ./vaultwarden.nix + ./searx.nix + ./attic.nix ]; } diff --git a/modules/roundcube.nix b/modules/roundcube.nix new file mode 100644 index 0000000..63b14c5 --- /dev/null +++ b/modules/roundcube.nix @@ -0,0 +1,56 @@ +{ + config, + lib, + pkgs, + ... +}: +let + cfg = config.my.roundcube; + fpm = config.services.phpfpm.pools.roundcube; + roundcube = config.services.roundcube; +in +{ + options.my.roundcube = { + enable = lib.mkEnableOption "roundcube webmail"; + }; + + config = lib.mkIf cfg.enable { + services.roundcube = { + enable = true; + configureNginx = false; + package = pkgs.roundcube.withPlugins ( + p: with p; [ + persistent_login + contextmenu + custom_from + thunderbird_labels + ] + ); + plugins = [ + "persistent_login" + "contextmenu" + "custom_from" + "thunderbird_labels" + ]; + dicts = with pkgs.aspellDicts; [ en ]; + extraConfig = '' + $config['imap_host'] = "ssl://imap.migadu.com:993"; + $config['smtp_host'] = "ssl://smtp.migadu.com:465"; + $config['smtp_user'] = "%u"; + $config['smtp_pass'] = "%p"; + ''; + }; + + services.phpfpm.pools.roundcube.settings = lib.mapAttrs (name: lib.mkForce) { + "listen.owner" = "caddy"; + "listen.group" = "caddy"; + }; + + services.caddy.virtualHosts."mail.cy7.sh".extraConfig = '' + import common + root ${roundcube.package} + php_fastcgi unix/${fpm.socket} + file_server + ''; + }; +} diff --git a/modules/searx.nix b/modules/searx.nix new file mode 100644 index 0000000..db22bed --- /dev/null +++ b/modules/searx.nix @@ -0,0 +1,47 @@ +{ + config, + lib, + ... +}: +let + cfg = config.my.searx; +in +{ + options.my.searx = { + enable = lib.mkEnableOption "searx"; + }; + + config = lib.mkIf cfg.enable { + services.searx = { + enable = true; + runInUwsgi = true; + uwsgiConfig = { + disable-logging = true; + http = "127.0.0.1:8090"; + }; + settings = { + # get secret from env + server.secret_key = "@SEARX_SECRET_KEY@"; + }; + environmentFile = config.sops.secrets."searx/env".path; + redisCreateLocally = true; # required for limiter + limiterSettings = { + real_ip = { + x_for = 1; + ipv4_prefix = 32; + ipv6_prefix = 56; + }; + botdetection.ip_lists.pass_ip = [ + "100.121.152.86" + "100.66.32.54" + ]; + link_token = true; + }; + }; + + services.caddy.virtualHosts."x.cy7.sh".extraConfig = '' + import common + reverse_proxy 127.0.0.1:8090 + ''; + }; +} diff --git a/modules/vaultwarden.nix b/modules/vaultwarden.nix new file mode 100644 index 0000000..443d886 --- /dev/null +++ b/modules/vaultwarden.nix @@ -0,0 +1,32 @@ +{ + config, + lib, + ... +}: +let + cfg = config.my.vaultwarden; +in +{ + options.my.vaultwarden = { + enable = lib.mkEnableOption "vaultwarden"; + domain = lib.mkOption { + type = lib.types.str; + default = "https://pass.cy7.sh"; + }; + }; + + config = lib.mkIf cfg.enable { + services.vaultwarden = { + enable = true; + dbBackend = "postgresql"; + environmentFile = config.sops.secrets."vaultwarden/env".path; + config = { + ROCKET_ADDRESS = "0.0.0.0"; + ROCKET_PORT = "8081"; + DATABASE_URL = "postgresql://vaultwarden:vaultwarden@127.0.0.1:5432/vaultwarden"; + EXPERIMENTAL_CLIENT_FEATURE_FLAGS = "fido2-vault-credentials,ssh-agent,ssh-key-vault-item,autofill-v2"; + DOMAIN = cfg.domain; + }; + }; + }; +} diff --git a/modules/zipline.nix b/modules/zipline.nix new file mode 100644 index 0000000..744f3dc --- /dev/null +++ b/modules/zipline.nix @@ -0,0 +1,33 @@ +{ + config, + lib, + ... +}: +let + cfg = config.my.zipline; +in +{ + options.my.zipline = { + enable = lib.mkEnableOption "zipline"; + }; + + config = lib.mkIf cfg.enable { + services.zipline = { + enable = true; + settings = { + CORE_HOSTNAME = "127.0.0.1"; + CORE_PORT = 3001; + DATASOURCE_TYPE = "s3"; + DATASOURCE_S3_ENDPOINT = "https://e3e97aac307d106a7becea43cef8fcbd.r2.cloudflarestorage.com"; + DATASOURCE_S3_BUCKET = "zipline"; + DATASOURCE_S3_REGION = "auto"; + }; + environmentFiles = [ config.sops.secrets."zipline/env".path ]; + }; + + services.caddy.virtualHosts."host.cy7.sh".extraConfig = '' + import common + reverse_proxy 127.0.0.1:3001 + ''; + }; +} diff --git a/overlay/attic/default.nix b/overlay/attic/default.nix index 5e4161b..454d367 100644 --- a/overlay/attic/default.nix +++ b/overlay/attic/default.nix @@ -1,23 +1,7 @@ final: prev: { - attic-client = prev.attic-client.override (old: { - rustPlatform = old.rustPlatform // { - buildRustPackage = - args: - old.rustPlatform.buildRustPackage ( - args - // { - version = "0.1.1"; - src = final.fetchFromGitHub { - owner = "cything"; - repo = "attic"; - rev = "d660c85bdb6bb10499a23a846a13107ea0c72769"; - hash = "sha256-E22d2OLV02L2QdiSeK58flveehR8z8WIKkcN/njAMdg="; - }; - cargoLock = null; - cargoHash = "sha256-AbpWnYfBMrR6oOfy2LkQvIPYsClCWE89bJav+iHTtLM="; - useFetchCargoVendor = true; - } - ); - }; - }); + attic-server = prev.attic-server.overrideAttrs { + patches = [ + ./prefetch-8-chunks.patch + ]; + }; } diff --git a/overlay/attic/prefetch-8-chunks.patch b/overlay/attic/prefetch-8-chunks.patch new file mode 100644 index 0000000..3d6134f --- /dev/null +++ b/overlay/attic/prefetch-8-chunks.patch @@ -0,0 +1,14 @@ +diff --git a/server/src/api/binary_cache.rs b/server/src/api/binary_cache.rs +index 02e4857..b522154 100644 +--- a/server/src/api/binary_cache.rs ++++ b/server/src/api/binary_cache.rs +@@ -215,7 +215,7 @@ async fn get_nar( + let chunk = chunks[0].as_ref().unwrap(); + let remote_file = &chunk.remote_file.0; + let storage = state.storage().await?; +- match storage.download_file_db(remote_file, false).await? { ++ match storage.download_file_db(remote_file, true).await? { + Download::Url(url) => Ok(Redirect::temporary(&url).into_response()), + Download::AsyncRead(stream) => { + let stream = ReaderStream::new(stream).map_err(|e| { + diff --git a/overlay/bitwarden/default.nix b/overlay/bitwarden/default.nix new file mode 100644 index 0000000..e9ace96 --- /dev/null +++ b/overlay/bitwarden/default.nix @@ -0,0 +1,9 @@ +final: prev: { + bitwarden-desktop = prev.bitwarden-desktop.overrideAttrs ( + finalAttrs: prevAttrs: { + patches = prevAttrs.patches ++ [ + ./ssh-agent-no-confirm.patch + ]; + } + ); +} diff --git a/overlay/bitwarden/ssh-agent-no-confirm.patch b/overlay/bitwarden/ssh-agent-no-confirm.patch new file mode 100644 index 0000000..3e8e023 --- /dev/null +++ b/overlay/bitwarden/ssh-agent-no-confirm.patch @@ -0,0 +1,34 @@ +diff --git a/apps/desktop/desktop_native/core/src/ssh_agent/mod.rs b/core/src/ssh_agent/mod.rs +index 4e304cc..8203dca 100644 +--- a/apps/desktop/desktop_native/core/src/ssh_agent/mod.rs ++++ b/apps/desktop/desktop_native/core/src/ssh_agent/mod.rs +@@ -44,28 +44,7 @@ impl ssh_agent::Agent for BitwardenDesktopAgent { + return false; + } + +- let request_id = self.get_request_id().await; +- println!( +- "[SSH Agent] Confirming request from application: {}", +- info.process_name() +- ); +- +- let mut rx_channel = self.get_ui_response_rx.lock().await.resubscribe(); +- self.show_ui_request_tx +- .send(SshAgentUIRequest { +- request_id, +- cipher_id: Some(ssh_key.cipher_uuid.clone()), +- process_name: info.process_name().to_string(), +- is_list: false, +- }) +- .await +- .expect("Should send request to ui"); +- while let Ok((id, response)) = rx_channel.recv().await { +- if id == request_id { +- return response; +- } +- } +- false ++ true + } + + async fn can_list(&self, info: &peerinfo::models::PeerInfo) -> bool { diff --git a/overlay/conduwuit/default.nix b/overlay/conduwuit/default.nix deleted file mode 100644 index cb2502a..0000000 --- a/overlay/conduwuit/default.nix +++ /dev/null @@ -1,27 +0,0 @@ -final: prev: { - conduwuit = prev.conduwuit.override (old: { - rustPlatform = old.rustPlatform // { - buildRustPackage = - args: - old.rustPlatform.buildRustPackage ( - args - // rec { - version = "0.5.0-rc2"; - src = final.fetchFromGitHub { - owner = "girlbossceo"; - repo = "conduwuit"; - rev = "v${version}"; - hash = "sha256-xnwqhU3yOIyWRrD/Pq3jmUHoNZSY8Ms9h8OTsZVYQ1g="; - }; - doCheck = false; - cargoHash = "sha256-ZenMTCEJrALKQnW7/eXqrhFj+BedE9i/rQZMsPHl8K0="; - cargoPatches = [ - ./fix-lint.patch - ]; - # unstable has this set to "conduit" - meta.mainProgram = "conduwuit"; - } - ); - }; - }); -} diff --git a/overlay/conduwuit/fix-lint.patch b/overlay/conduwuit/fix-lint.patch deleted file mode 100644 index 120ec8a..0000000 --- a/overlay/conduwuit/fix-lint.patch +++ /dev/null @@ -1,74 +0,0 @@ -diff --git a/Cargo.lock b/Cargo.lock -index 3f900a114..0d30a3fec 100644 ---- a/Cargo.lock -+++ b/Cargo.lock -@@ -4493,7 +4493,7 @@ checksum = "8df9b6e13f2d32c91b9bd719c00d1958837bc7dec474d94952798cc8e69eeec3" - [[package]] - name = "tracing" - version = "0.1.41" --source = "git+https://github.com/girlbossceo/tracing?rev=ccc4fbd8238c2d5ba354e61ec17ac610af11401d#ccc4fbd8238c2d5ba354e61ec17ac610af11401d" -+source = "git+https://github.com/girlbossceo/tracing?rev=3cf1c991e3660785d3855a34245949557db33209#3cf1c991e3660785d3855a34245949557db33209" - dependencies = [ - "log", - "pin-project-lite", -@@ -4504,7 +4504,7 @@ dependencies = [ - [[package]] - name = "tracing-attributes" - version = "0.1.28" --source = "git+https://github.com/girlbossceo/tracing?rev=ccc4fbd8238c2d5ba354e61ec17ac610af11401d#ccc4fbd8238c2d5ba354e61ec17ac610af11401d" -+source = "git+https://github.com/girlbossceo/tracing?rev=3cf1c991e3660785d3855a34245949557db33209#3cf1c991e3660785d3855a34245949557db33209" - dependencies = [ - "proc-macro2", - "quote", -@@ -4514,7 +4514,7 @@ dependencies = [ - [[package]] - name = "tracing-core" - version = "0.1.33" --source = "git+https://github.com/girlbossceo/tracing?rev=ccc4fbd8238c2d5ba354e61ec17ac610af11401d#ccc4fbd8238c2d5ba354e61ec17ac610af11401d" -+source = "git+https://github.com/girlbossceo/tracing?rev=3cf1c991e3660785d3855a34245949557db33209#3cf1c991e3660785d3855a34245949557db33209" - dependencies = [ - "once_cell", - "valuable", -@@ -4534,7 +4534,7 @@ dependencies = [ - [[package]] - name = "tracing-log" - version = "0.2.0" --source = "git+https://github.com/girlbossceo/tracing?rev=ccc4fbd8238c2d5ba354e61ec17ac610af11401d#ccc4fbd8238c2d5ba354e61ec17ac610af11401d" -+source = "git+https://github.com/girlbossceo/tracing?rev=3cf1c991e3660785d3855a34245949557db33209#3cf1c991e3660785d3855a34245949557db33209" - dependencies = [ - "log", - "once_cell", -@@ -4562,7 +4562,7 @@ dependencies = [ - [[package]] - name = "tracing-subscriber" - version = "0.3.18" --source = "git+https://github.com/girlbossceo/tracing?rev=ccc4fbd8238c2d5ba354e61ec17ac610af11401d#ccc4fbd8238c2d5ba354e61ec17ac610af11401d" -+source = "git+https://github.com/girlbossceo/tracing?rev=3cf1c991e3660785d3855a34245949557db33209#3cf1c991e3660785d3855a34245949557db33209" - dependencies = [ - "matchers", - "nu-ansi-term", -diff --git a/Cargo.toml b/Cargo.toml -index 76acda807..a2916a6aa 100644 ---- a/Cargo.toml -+++ b/Cargo.toml -@@ -513,16 +513,16 @@ version = "0.2" - # https://github.com/girlbossceo/tracing/commit/b348dca742af641c47bc390261f60711c2af573c - [patch.crates-io.tracing-subscriber] - git = "https://github.com/girlbossceo/tracing" --rev = "ccc4fbd8238c2d5ba354e61ec17ac610af11401d" -+rev = "3cf1c991e3660785d3855a34245949557db33209" - [patch.crates-io.tracing] - git = "https://github.com/girlbossceo/tracing" --rev = "ccc4fbd8238c2d5ba354e61ec17ac610af11401d" -+rev = "3cf1c991e3660785d3855a34245949557db33209" - [patch.crates-io.tracing-core] - git = "https://github.com/girlbossceo/tracing" --rev = "ccc4fbd8238c2d5ba354e61ec17ac610af11401d" -+rev = "3cf1c991e3660785d3855a34245949557db33209" - [patch.crates-io.tracing-log] - git = "https://github.com/girlbossceo/tracing" --rev = "ccc4fbd8238c2d5ba354e61ec17ac610af11401d" -+rev = "3cf1c991e3660785d3855a34245949557db33209" - - # adds a tab completion callback: https://github.com/girlbossceo/rustyline-async/commit/de26100b0db03e419a3d8e1dd26895d170d1fe50 - # adds event for CTRL+\: https://github.com/girlbossceo/rustyline-async/commit/67d8c49aeac03a5ef4e818f663eaa94dd7bf339b diff --git a/overlay/default.nix b/overlay/default.nix index 1710eb7..f4a7353 100644 --- a/overlay/default.nix +++ b/overlay/default.nix @@ -1,8 +1,29 @@ +{ inputs }: let overlays = [ - ./conduwuit + ./zipline + ./bitwarden ./attic ]; importedOverlays = map (m: import m) overlays; in - importedOverlays +[ + ( + final: prev: + let + nixpkgsFrom = flake: pkg: flake.legacyPackages.${prev.system}.${pkg}; + pkgFrom = flake: pkg: flake.packages.${prev.system}.${pkg}; + in + { + conduwuit = pkgFrom inputs.conduwuit "default"; + attic-server = pkgFrom inputs.attic "attic-server"; + attic = pkgFrom inputs.attic "attic"; + garage = ( + (pkgFrom inputs.garage "default").overrideAttrs { + meta.mainProgram = "garage"; + } + ); + } + ) +] +++ importedOverlays diff --git a/overlay/vscode.nix b/overlay/vscode.nix new file mode 100644 index 0000000..4de2d90 --- /dev/null +++ b/overlay/vscode.nix @@ -0,0 +1,14 @@ +final: prev: { + vscode-extensions = prev.vscode-extensions // { + github = prev.vscode-extensions.github // { + codespaces = prev.vscode-utils.buildVscodeMarketplaceExtension { + mktplcRef = { + publisher = "github"; + name = "codespaces"; + version = "1.17.3"; + hash = "sha256-idJFYHJ4yeqpFZBX55Y0v1yfzgqyhS0MrC4yIto7i7w="; + }; + }; + }; + }; +} diff --git a/overlay/zipline/default.nix b/overlay/zipline/default.nix new file mode 100644 index 0000000..b114119 --- /dev/null +++ b/overlay/zipline/default.nix @@ -0,0 +1,7 @@ +final: prev: { + zipline = prev.zipline.overrideAttrs { + patches = [ + ./no-check-bucket.patch + ]; + }; +} diff --git a/overlay/zipline/no-check-bucket.patch b/overlay/zipline/no-check-bucket.patch new file mode 100644 index 0000000..9d1c756 --- /dev/null +++ b/overlay/zipline/no-check-bucket.patch @@ -0,0 +1,45 @@ +diff --git a/src/lib/datasource/S3.ts b/src/lib/datasource/S3.ts +index 089dd64..39dd8f4 100644 +--- a/src/lib/datasource/S3.ts ++++ b/src/lib/datasource/S3.ts +@@ -4,7 +4,6 @@ import { + DeleteObjectCommand, + DeleteObjectsCommand, + GetObjectCommand, +- ListBucketsCommand, + ListObjectsCommand, + PutObjectCommand, + S3Client, +@@ -38,32 +37,6 @@ export class S3Datasource extends Datasource { + endpoint: this.options.endpoint ?? undefined, + forcePathStyle: this.options.forcePathStyle ?? false, + }); +- +- this.ensureBucketExists(); +- } +- +- private async ensureBucketExists() { +- try { +- const res = await this.client.send(new ListBucketsCommand()); +- if (res.$metadata.httpStatusCode !== 200) { +- this.logger +- .error('there was an error while listing buckets', res.$metadata as Record) +- .error('zipline will now exit'); +- process.exit(1); +- } +- +- if (!res.Buckets?.find((bucket) => bucket.Name === this.options.bucket)) { +- this.logger.error(`bucket ${this.options.bucket} does not exist`).error('zipline will now exit'); +- process.exit(1); +- } +- } catch (e) { +- this.logger +- .error('there was an error while listing buckets', e as Record) +- .error('zipline will now exit'); +- process.exit(1); +- } finally { +- this.logger.debug(`bucket ${this.options.bucket} exists`); +- } + } + + public async get(file: string): Promise { diff --git a/secrets/cache-priv-key.pem b/secrets/cache-priv-key.pem new file mode 100644 index 0000000..c9bd80e --- /dev/null +++ b/secrets/cache-priv-key.pem @@ -0,0 +1,28 @@ +{ + "data": "ENC[AES256_GCM,data:IVRg3IqrlV1Cy3xwyVszhUnRzbWP3OSb/XZF1H0N30eKL8d0DxFGngC5qMgRcmSs203/QL3w0fENp1u0f8tVajqJVlzLjlsiQrMdtXmiMv0LKO7E+aj4UZ0wMchB0XgSVUWrKUXxZrA=,iv:3GtA07yuAAI++RsLSwY3U62k1iG9+hvkGn45HjFt/Gk=,tag:PJ13CrjcE06KMC383txqHw==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age1sy0at69err83qyml2vqu8xvwjccfws447aaadfvacj2qluw3p45s2mtrw8", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLcGd1alJmNWM3dVBmSWxs\nRHBTOVV6U3p1U3Q3bzQ3OXYrWVhNVTlxTGxvClllbFMwc3dFZW56a0d6eUhVZ2Na\nMUVJc29CNHVMcHRLaXBlRnRLZ2pNb0UKLS0tIFRERnRBZGVFRk9sYmpzVjlpdmN1\ndjUyVmRZMFlFTm4zSnZWV09WbTNoMWMKM35a6GkCZIKscqgADrbIa48T8++wkhLP\nOFr03bv6D0Hj38VLWx+kh9kmja8BaxmdSUTeAhdORwbQumJBAqjsOw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHbEh0YkFlL3dPL1FmcE9m\nbjl0dHhQZlpBREMwYzQ0NEpQQ3RZVlNsM1Q4CmYwS0VDNjFaOXhOS3JkVUtaTEJZ\nSVNyZ1lXbEhCbE5XdGxCRWhsNVR1N0EKLS0tICt2Um9wQ0pyUVpnd1dVemM4NmpU\nTHE1bi9OcmsweDZyNVpVVUlITmt3c28KdX6fO1C7Ma66AAv/RCI5z8p/7fSvKWQ7\nCL86Nl4Xzb5WWxkteO4wOoHh4y0+9dpEAbS/XP78PkC07uRttcS7pQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCRmNheTZrUWplWFZJcm53\nbC94UHdYbXdsSFB0Nk92Q29RdGMxbUxVeEhjCkZqVk13bEFvNFFLZllTN0NUeFpj\nRkhlYXl5STJrbVQzeWg3YzlQZ1ZlZncKLS0tIGhjUytJa2FXa0VVTFlMN2ZpTjF0\ncG9ZTG0zL2dNekV0NkFZWWVrcFpPU3cK/Kia/sHk5T9nlbDg2G52uQcJUoPrnu3y\n6ARJKoz0MnV4csjS6IZCFSb7Vy5DSH+at3khEw3x00eGae1Jd89vwQ==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-03-27T20:37:28Z", + "mac": "ENC[AES256_GCM,data:35iUoodcjvIn+VAE20f2sHFaTh3+aqCYQ4HalWdVz4eUSkVNcdXs2uqOZtFv3MszDiH9izM84OyHwykudJ99QE3B/NwpfIoKQaU6Qg5X/g/rC1meffMaZwcASVbepjznahbTKmJqeSrMeybrBIV+6FaSjWXn0+D72GEEM1vgH9c=,iv:N2CbttHJsczm37qdapOCrlNeSSgsZBDlvWyvUpa3mkk=,tag:btniVwaVS9h4jDo4IM2wcA==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.9.4" + } +} \ No newline at end of file diff --git a/secrets/services/attic.yaml b/secrets/services/attic.yaml index 82b0f57..2c42101 100644 --- a/secrets/services/attic.yaml +++ b/secrets/services/attic.yaml @@ -1,5 +1,5 @@ attic: - env: ENC[AES256_GCM,data:kwQltWs8MMEJ9SEz/EIKoMNy1DDfz/tCsCVYNkvCy3/m/o8uXtgwc/F3QKBD6Gwc4P27e7Bv1w1ZpBqwHDS5qe+YD5gEg6Z7JSXKaJlG9AAZhOOhg/Qyqib7HTw/bZQH77QVxo/KwEaHzId6IGoUKAS0kimiyqOV2UiAN0O0JZtaWIkC9WmoTcjr+z/2x4mSFJJnRzS7u4wQj6Aqnuc1fmePHcsehy/8hyhD36E9jHm60LG4MgZKC44i5U+FqlidQg1/Jl26pblbGhdWnFu52YdnuguIttumMdGJwgvj9uu6p5bHF7QSbmmx8GlMx9xG0ogq2mi/FClvfd//BRVAOd/5+fcbptt/NRfawCUrxqkUqyj/v3WSym/HtQ9+EZ07vScl4ILnswWQ8nw4UlZSjhDhTuZ1WB5iSANZYmRoB2weSPAKNWqYodwXOR4dFyuj6lJXi7lIBlUzkgA/1q+gsKS+VBhNg8TvuBPpvmN0YlkVPn8xjShM+jcQJF7aeXymW4EjGe8ctraU1cRiC3Hn8dVuODKccSqgJK0AD0SjdCXPjM+drUm5D3BLF/gLNJsEprz+Sirkb0tljapLoR1Zc9CwPeX01wmVKZq8nYqSAEwAiJYYUb0HcO9HMFbWLkw8GNIvKhoKq2NW2zo+Fxc3Wm8vTSieji4TJd8v6cmdFeE4e6i2PPr0m1zxupIvCXCi9ZUT9lvmYlM7kZK3FZYa7rW4i9D5TFsD1K7E1uRRWdqQbnY8vJxpXD7fyRuwz8cqDEyX3me5vT4fNxSbQIr0PS3YW09ijagY9kTn7PkRLDB4Zzswe4yLybWCqHVsuvUlFaOA9M9WQWTxdooHcENtJRADRFdS6fx5QTMcugGMFGYrGt37LDhE/xasGO9GpS6EpoaO81EvSMgobVqHcQlXFjk/+645g+fx9Y9sN3SOB5CBNz9BOsyeTL27coNwAvo+NOCOHZ+3rW2voiU9ybHWgujySyKqxAHZjJ18KEvFv0mWG0thuftL4+hx8sxJ2HfjawlIt/YcXHRP2CpmVICQcJZle7UUYCqDR5On/NTHzAABe4SRBunGJP/2jZ3Qg5dRkxJr0TZStCJT7TzO2R1+YafhOSJIATQN4M9FP0S3GU1e619xKRroupmBducCSDB/fUgiGoN+rGXFadPs7bZc1BmGKwDHBvJ29OrQT2oPsdUTHGo1KR/cWNIvkqJAIsa181hMgz7GiW8DwENkvlY17KOEOnCQcsLHO8Hk1B8g/kWlowPjGnvhK5cI5NvZmej5B77uNPjZy31ZR2Mpt6O/k0wtpdl03ooSdr3MsmR1oChD2oAhpvoYzC7vvhJsd7r1EGUZdo087WZWN0Chmjg/7aFDmcu/dtfkvl6lSAtFog46MgmMcFFjkEMiIIs3SmY00rrhdqWHoT4nARwQkqy3GkrAykyxyu9/WpTf77CVNiKKiLAJNpkEqPmHRYj5tXHDjw1yK/sp+TRe0vn45DJ+ZRfsySmb/5YeME/nioIBNkETh6J1hXj9BMtXyXmz1G+/RlvUDxQMOxW9UqvD3N1sukQ5dHkjiteY0TaJ05OAMSxIk7XRdomljjLA8FF+CvhH5bbpZ5IpkKYxa4IPzxBx4y5JeSpujke8nMGjV5ulqLkFchua8UQPzYABpGoDrOKmWs7ZQoUzQULbsy5INhCOiDKV82Pl6CI5zgBh40d+RKCcOLd8fCaxB3m4NiHio9+nXM7/MEIQFXrpHLrYo8WXgm1L8ik1Gi+8gPP1VcwoX4a4z0tkSID/UnZqWOCVP/URW5D563iG0xl4Mvc55xgyp6Un82higVLWmYkW04ta33pCvu/3RcEAuRAU1Z7a4dq8CacQbqTpHjNw/bArI+hxHODiAPv3DU/jfhhyn/JMDOUnObjNCWxnfpYBJu244Rgmm8CS6YSCxsswnjMmG+rHtPbaOe3FDH2RzdXtRqJ7JxQdPQcV6Pi5bwQAc89vi7WAe94IziFWFQaNDBJc68J/881cGhGikV1mCW4AV26mVbbbrUZo6frKTelBDufD4J/ISPUmCFPppc+uHhCoqdXZ+ONPP00HR1ka4pubzKz+LOQh1G6Rf6PtdfbK/g60RkjhQ/xtA0fRt4O2CIqRZ46Xmyx9jO08zJIW1B+mSpAKWVyZ+ZSqo8x894/sHLWfIsjBIybe6nB9xzLo4hbc3DQpFUNlwWZFpKEFtdNl2/Ww+U4hdjLLZpTQAPbUUjlS/jcAJT2tNMsi7ujy8xgdsbRUp6QpxE9LVl1ChiwQVwwKNHimt5sFlYp8H6j9LUuoL8kIDPRi/9govHrP39GkS294MFjyHeHhZlwfbFrHO1+UowTbl1qTh+YG9/NS3ZN1dAEJs2ZD9AxRH/6m8Cbi1LH+LzZm/0kmM4HgJLqzoTmsB5YjiWA9P6ORbdeM0+4o+6CjuihLOzmc7GMDzeidde4uvoCbKCAsJh8iTEsgGbTHvCys/qo0G5goL+DispSclZwU64tGhJb7SgZCPkl4+2+qFMgjKJ3PO7IodBqETwL3poAEknbwXCuuFNLpDJymwt9G2F86Neky/G1Npsswc6UiKJSzEvyDSR+inxlSuD7MRJu6ujuMdqtBMhTKObHvu/JxE+zVHF3aePYnk78xHTLKl2C7NAVR5/sD3tvo9uxX7SuYWjDcYYIrH/DuWhAIvwBzFEO8tsDGPfg65cF691FOQmuKHWWTJx3tNgoQYelfyoxRI8ao9dIY6Jcwf/FB1NUQr9iw/sfn+w3ojqBqpin46f6xrSc40WgrnQibEoPk1bvK6aZvXYWpdOv/7C29X6amnOBvlCvt+T4/WpXPO9qM/nu1MvFI3ZtNRnJViRRMxjw9wbxxVXPmXD5BqW6SZTI1W03IAu7hNz3aHELB8vZBaAdZ8jGRw+vYsoopjMTFNW/98HVwlRlcz4x0V0FKls5l1FI55rSHjDOLUZdsqyot66TkT5wZ7HHUIFt8MsaXSjZIKRJ166d4Z3435VKWog6LqDrpFiShwRTJpMWNVJNWQLT/7f8clvexqk7v5u6q7C7mq8rOA32UlRFKg3O9ruI8iutyhp2QYdFM6p2l256Tr+Lf3AL7hNA6GSt79Kb9DxXnBl7+IP7vQTZhUDU/hM/z84e+fYagMOMQDSQzfOIC/0H4tnVQk1kQa90pihvvo2A3y98V299kMqc68jw2xMfIIshXLsg/tqpeApSnIKcSrKX6TqHeXn9ZJe4uuzK4tYGhpYfx1ceIFWd25hIjiMrjkb5HjTQqvwrTqrc4gdJ/20J6sSn0p/aAI6BT+UqzRs2cdVMmEK6zTvHmdRnxAMkQ8NAo56UZej9YoGa7fKt5fJMVyll1muZjLp3rRDuZdBpGM4VixLw+OFou/HSdjfcVXQNTlLGIRD+WVyxX662BmvvWjctN5upNhZ3Ale9XrTmQhG2yClM/gQzKSfRi6aLi12N111vdj4Ug2iFxlg9v5KCsRSTQ416BGJFh8a1bAJYFbdd/8yCWvRt1QbdqXWKmpa5S2Ufuivhr7ajX6W+PbEG8XlnIhxAe3xTxsXuGwMhrHBzsBLXDkzZPjSIrMGznBt5+TDy2MCqqiqMepV4YHldyM3jLBPpyFxc5Ut7bT5bF/+01n894Rfi15txJnFV4YWsu2nwECnfLJtJ2iMPlaBwFqT5xyM95B9IuTanSG6UmY3hfcYwHGVdAS1GULnvdVSPFsdSCxR17pyslDARLu7uRNXe3l4z1mdmI5YX10AYphJY0lt5//EFzwNqpRtubYHwxpecaeQXlTHT1fYIz5gwnPny0pBKnqDqF4RZgl7PkSJci3PQS9R2QFNRX+3VzJ13AXE/DPzn7EcJKhajEgVAQN8vDooZ5xLjFPyqgo8hkFbDPF1554eoHm7XC+iw0SSDoLKMSsLPLGwu/jq9bBa5GTCTQ02gx1pVBKVpi/+PjXd+Vl3H7ElvCRNtUErBSNmzKSXFfCRmShZOHB2kJnyuX2IQ+6dEiOBAztx7mBFsmwbC0xvmnBwWx6nn6mbeY+3P82dLrkd8j+uH6bnuMz4rXLc1wonmLSxOQLArUVRDRls6Ng0nDw5VYgX08dMVlJ+NtBL4ra3gbM/CVIddIBRWbgPXttUZs277I2SaZ7KdCrO3pZo7WIApy9akeL2hOGR9kvLBn8uOw6mW77BjjAqH2rVTlfUbb1inAxyrUe6TGHF4uCTavE2Yge37CAFnUwChwN9M84oCfiq2XEM2+CARzhiByAvyFihLvZtrUaUq5le3g1ay67XbCYQ67l+Lrkm9Ktdt1nLEG2lnBuyFDSwnBIPH9KbWw5YGBMq28Gvadjo/3SmKsFaEuh43aiYbB3t9klBi8fpS1Blog0vtPlJC22sLu3u9OkRkeHXwxw5I4ta2E2ii0ZB8DlYmgrYJ2Hn3hwwPQMwdCXiGRBD70PJrDJV2hMitFP9QjW5Gwj5UGnjaPRK7M1x2nai16UAJ2yg7/s6lX9uldEC0JguvvcqRJ1ZlvT4IYRJSlafdb2YaLkEhitMsY3gSEgjkQ+d/qCCv68PdhO8orozBVRqXzAvGuzGAmuD3U54J6/ADZWikKH+5tqhb9DqaD2Q5SGgPkqai1rlkohkS/HBn7cKGKiHHDm1Szv+pUNX3sfFcwV+2H2nfBjZeySd60aU+DFnVGCv09WA4HP+gD/sC8CBuke9pTnGRkzYQICFDac+6eNGNqt16ELVBab6K+ahQNfE1Mpf+saYTpiMVXw/UM+qUvQi23FjMd3bXbNQoiu+KLt4EA2Hx5ZTp0htPrUnDQtcSsdcEbFK/oIDvzZMhSAaO9XA7AjoTqaEFoR/vVWdKaDjI4gVmdogf9b0BHPg/jGM1Pc9mM0RKh93xI4xZwT6PR73raRjRSIkle/uqSyI2Al/pWTXYioPFeUDhsfBmuRzvHXa8Flq+Cjz9XzPi2n3NK7BuM8+ZayNL5K5VtRrL8xPeWy2spIYJCxAqAP/ES5BZ6WmBKxZq2fKMh3Oigt9CStoChjTIZmx8Nn/QZ6QWfh3feQR4VN90LAEjpUn2dVM3R0I/r5gr9hzeh0Tgg4HePcO5U+zhTU4UcBbTVFooyCVxud71EBDs6BdaYzq8mk6ge/kEeyDkOv30dJXyI2039AmwTwvyMaFThUDdAkgfG8UwvYEzrvBfVFsFM9/8NP3w9RPMm4ebvbtgKTloEpIoWUViFT5YhH6bzFJvqJw2czk2EFyzHKfhijMO+6gJX1at21NolNeaFHPvSnD7Arbmv0p1gY60+aSUbx0Cp8DHw5mkRC1r/DC2dJJ1qCwU1Qghyz+/fmrZr0PspTxH8bxJFsVtJ/zdjqi1Ci8YFGOrD8OtIIYpCmQF8cGXx3lyrGKn65xXEegBwRbWh5lQ8WqvRaRWaW+lot0LtpK1vUYJUzPlZTliUYEoujOhTMCPg8LfeUJauvVULo2HT8GTEoWJ8LY+906g/bOqJfukTHHCmwGFaDEtceKyD8kGa2Q1ckHmdh/UnoX/AX0la9ICmCuEDXgbBAoKzMhLEiFpo98Q2XIMpxRRVcDUa6Ovu5gnYYT8xOeyHr2kgsQ2LRjL7fxDGAMMuBkO3szFn4H9f367F0Knbz2vcolt6AlVpfhcMrqPIc0HFVAgLtdxYGm49FWkDiGGGggfRd/pJLX5FD72C7scYTLFP0fxYN13D08U72FcOKcapLLMSETfKrh5u9yp3MNqDqiuhZ+tEnowVkM2ChdE5ce7DdHyS6Sth5MAcs2Z0Nfs2d8wMxQv15dOreLpXGkh3HbEcxZFIZNbpNiJEIp93EgQRJ2viCVJ4CpoMFFzNpARspASxAB/gBS3QsCaiAtv5sEOSSkkNA+P/b/z0iU5gGXyzbGVl2HqW51YxSYvT+gerHwLSLwZoJ/lGGEvI1LwZ9AbxKEIiMp9aSBFea9ZvgLITkZHNpO3QeWXJ5NqdADyRq0d5dSmEzRt8ACEVhCDNxSVrUwHYJokILjjHB0xx5FG2xsB9gaqhB0ZNlA==,iv:cE8zuRVAWVt7sLgnJsiTgwq2CpSsX4cQwIbYAeEv7iQ=,tag:j+VQnlNKapT3eTq4aPebQw==,type:str] + env: ENC[AES256_GCM,data:zaaavLrMO4pkwgt8ua32movvyeGLsqf/KBxBh17+lwIFSgrFtJ0SNEuedw1OpmjWNjjBbA3gmd2RvoYA7Ry/sSAA7cDgykr01g853c0vcr4H7u20J7gTJwSQaHVtuPwXO8VWE+xWEBJ7Gdq+fArxbHB1gW2aYtZk1w/Z40Tii6XVOuCS5YTpg+dkCuJ18q4p6o7K67W365Oq8JfcPNJ+uuOyG6UuCmoRo4iJYa+Zn53fz6soHUuC+m1G3qOB0lehbENUEapacqISz46IN1edR3+E1mcEk38q6VwbkYKBy/rycMSO9LaLeCDOD7UnxUa7Ks8Bk9BnJmI7N3IUfSHD2K+1qQuJsB1JcEnkXo+UbbSf+SG8nR/rIxj1GIJKxrJ2w1SGL1cyDw92xMJtK+kIDdvWHTsc+TwwZSL3/1pxivMIKVDhj2L2NGeIU7vBBxt0PYwgaFHA9JEH1k0c9U04Ug6P4TCOlv5C2GTL08IEnRh9ybJVHSbe8uzyofRiPjvPA8wTHwk0IPPUNKnN1Mm8MvQFNCIo3Cqnebar5r+dOY+E72Z7qNLPPM7kUWxpACwLFxDQyU9qvKeKovdmDyhpc5lC0IJbRJN84fNj50WsFI7k8txQMHkzF+GW4hRwzGnAmiZPvbYjzK+dmV0Qhk4Euiu2r5mBJNQqbHIYkwD18gk2Iz0nztLpsJLJcC9oztj+FewMNtntImYrMtv5ATYybeTuUT8wHQszOks+1EfWnISt9pU8Bn7YWmbcyD0btEjJy4BqCas5QBPamrNG3IVxT4GDqzJw8jJYmg1HF8RcGXm3wzgL0KznC8+Cd41jw1RJ6ejxkPSvZJ++rtbYg5OKQYx3Xxyl0zNSs93Agdejaqhm6twnqsan9SS1dTVJARtVYOQAN0ionHsZItKUt7zIcwm5kXxvHwvt3f9aQi8E+PxE2kfaJJdN8vnEAJOkVqUeK2zYf3X4/DSDVDB+0lPIvr5cU/Tq8P71KFgE0XtogMc7kXg8Ka4q0Ji6HIr2aY+4E4ejMVyyGH+C7/eMnTdL8BU2uZXPPbMwm7pE+3ScBaIhvtlgJtbzOW8+5xIXnPrI7k5ihTjcyPWXKghp6K2f8gTx4Ol2McJdy6zzdYvHrkKm0QplY/VnivDAUGmoimc1fdqCNq2p7iyj6+6//GIJWnzCpQP0bTs9xzZ/rfG6PLh3Y4uTETpnoyO3dZwGEWwrmsGVt03r02eY4jKEh9cARdyTfJJsoKb2403zxCUL7Gr5mA3FagA2zJuFQCuks2/HxRQyGmnd9IYde6CwXMJLUtCnoW2U0s4jscflEvfzXEPtlvuxpMX0r6aBUh4ryNryJtxCwV2Hqhcbuy73PTJT+/hSxD22HXNoNxnTb0A08mTRvXhwuciGkRr+TazPk38WzMDRV2SPIGmWTQJrsd2l1PQmo2d+aeaX2mH8Z9CQmU7l+WjzZHS3H+/LiG/Wi1TJBWLx2/MwFkFhfpCj0x9Scm9nQ5JFI3YBAc1cG2Q1uAjyCTnhY3oySfV7CrVdaF1sectScCVv2fJPFWPH3rI9noWqMh6tzaHcinB5aPnTtqoLo2p+Nu+RVwC0gKa8NZX2Py2SjsN8FBMq/EbVeUBN2pA7mEN3LEBED3qV8PzKMctZ3H8Dcwj8tuMyzxyqVMgbhyMwtE51cyg8GGi0KjFenJerI00RRnSz0MfI38PVz483i3APFrWT20/Cgcvhn+L98oZktsqzDb3qOOKVqRDv57MFT8GIlPUmgCx3T23L1SyvTetVASGdu9bE2Iv9xljikM6J/fqqs+i2d3sk+ulHZrP8OSSd/rTwhU0R1TF38PSaUvY0vj8VCKWqTDpz5zZpsWPrEXTuERcJJcPv3VMT/jXLXafj7CfxLzb/n7hp2oAXdMLdnUO6esaTFnPPm4ky8/B4uK2LB3nf3sB36aQAWKiUDk7BhNBIsGSvEf5ZT8W5EoGfZiLFVCFA4svYtbyMRyRLoofBls6FUbqzpVaQijb7coMnPdM+bPFdvNq0WhOVlhmvXGpCQejMV7SToj5tIWAz2+kSdsm/ekBu81VduCrK99lH6XX6fgkBBRcXOVnz765zD+iTIlL4ytkZ2sLq9VOunQmVD91l4/0T0Dx0L1u7jpNhvZmTW6qLEDH7SRl63mEYsXbPiIG19aK7jDQMGY58PyGPUx3q7JClbIj+2L3rro02WNf+6+RWO+ayzcHdydBPCVo4eRZb8IxwhqsRVWW57wNy37kbmWBRBq5z/O3cEaVasBHx7gTmCpfJSad+Pawizrd2+1OYPKfTls9ZOting/1lL3peT/thIjZVmw3nkISfRPayOGASqB2j80Fn5jM1em0vv3YMaQophg2JDs9AVmGr0OOOqLld9hlX3XseRPL7R9r7Q4UQ+b/v8hBGrKWAp23iTWp9kcbatzSsZ1K9LKRxRcqpNVBv0aaMun2q3NA78msQPe7nPZLoW/R3Lm7UJUqv3xRzgFgSenkuL2RaP7bg2LtHjsb9se03LslXh/spzMHjv7EX+w2NNMUChJ+eyXw5XEYXLEZzv+oiRkT13EaAKxFRHjscEXao484irI17/XYErZevsS4vIRAWjRouWTk5Em7bX1ISretbmMj2SF3N8BU+MC7uySat+FoxolN/tmtcrv7mRBVQY2sw/lYphAnydllgU7o0HFaBAGPzMvdQSf2U5kTbIXdtUiSm7/sCJXaD2X5zxvwWEKLvy4/PnGFFTgA4xnxXFPuiSA2mJhShp1DEESeJKYF+blornYiLI1Nhc6iFHOFuD2WCTeTifC46Sb3p97QqpNnbhZ8heuJVgfJ2eEjmu6dbhPX/htzPoy1mk6CUsmvg8zOCKntyuAuJW5dRusrCPhcnW2CEhY9Mmdp4B6ow4Kapb+eNmLngIqfWIea54c0BLM0U70dq6+cTeoVFdTcv8jvkn6xsj+8+V9GjMr7P4x69e+CZYAV7EA79l/xFmyVxuUyDlF6GIuk1gcR8BaANjhS7t47+pm6J/GOoKKQfQZhuqXW5bSWKXFyqr9vZZMQ3w5UWcJujCEu4f7zbL8PKTx3JamR/Rj07rZ10VdMpZpFG9JxVHUx5a46dO0xfNjshG2sFGOrSbjqLC77XG30JP5LpIKWlQe9e5yl8/2ANLgNcoErA8DS9NNvYV6IK52/eUybEl6pdjCLvEplvoMz3TdCJj2l88BtryoMU4OothUFwyAAqVE2YwINdn4JaT8Xmm/p0EyHDxZ4a1XpwjjOxHTlixPv9SPRpIPuQpyoz3nKldq21z84ZvjfWAl/RVMVzz9wyrS/xOCWzhm31tyfeQu/DbA6QQRiyKU6HuA1s2eo6pmbXQqNcUC137ruyAO+NzVzxwuGJOKyx0YIDl1AJZD7j/du3HTyMUu6Wvhx5imDdT+x1I6oM333l5ugICxK+cLgGDmkeYYVspUYqpTC24ntkmg6d8Ah0zuZG4JNXeatGRUsy3zqwkW4AQ+KWyXEFLqlfA58kGs0O4re5LOKGPg0YZtO0oGs3Iq9nE2qSx4oewzm4FWpoG7o9SrnxZvVB4HGNblc2DBHAh93Sych9tS4jRPx17giJ6NPXbkpisr27vRZuoVDE2EctpSxC9EgSdPC3RF1d4VblPmE5ki6pc2wCxtrPGiSJ7hbj4RMzPm7BCG8xL1B1CfiMHU8xdFZaov4zUfRpgtLX3XX51X8OR3kOGVZHnXP2YsqMdh+RVzm0AMETTdCzN0CAWzsqs8wFp8UtrBV8I1qLdEoKNUNN7giVGCzlsQOWl31At1axEVHdM9S/k82ZjpYatAlQyUoH5jYJrh/0D6xiyZcophD8jS21tuKU5Y5OtXmFBrzsgpa/zLXzbn8yvohHi+wXViopJLEiZ81C09zrrLxPoz0W54RaEV8EukU1XPfK56BFWdO7D55hT9wlQiQ+PlKnJj1NTDirCiHQnl1kD0xDX9sN7spOb4AXYFf7gGLUOE9z0/xU6IgYPvjiH8TYf+UqLsy09IPa4vsbc+kIrmjWFKXWru8UlMkLzBiIgS+/DWkA7pSr/scyiHFibwe4DYHkit8lUUyjZhZW+RpEr+vzYcCFrYaVycPnaoHp/c3W3nVfzhFP2rHifMC+AKMh8OBNn7J7X9KwXExtx+q/+mmPs/xkfIrHFes7km38SHSJ9dJmxaJcoJFIpldZjRMI8Qnn8LWYOoK6Mhx5ZEtXt1pAhtg7aRpJPT8olV3EPVqzFrySoz1iZay7bDYZp4TsvjVIYDS6wKKPArDDHLIR6XPYeJn41//g4TtViz2SJA4QhRttdvCAUfRzC23uGrJ3lBjJCF4rEufatZ1ohF4BV2CiWFClnKxTs92ku+Dc1hd1jda+USq+7DavojQkbgh4yQVeAZQqLPd596eoXqOog/4IVyh8fSSzMDAln6TiMPWT3XuKbSUOZDNmyvpcWtUJnpFihsVznUmjmz7NnS75d6rZsvHbEIENpgEEGjcuJy06WZa7tQ9qVazmzMXFyFGkiI1xCH3/1n/35XQSXsmtBxARzdJUXvRcsbKScGaAGzpA074qW6mFRoQDjLs8hcS+BAQpAcwMupNvMHUL6wpL4fUXqXXlEVPQ4wNG9XTqOSa0jVGWZDsm7VXh1jpkpNpckR3cxUuZ68/gr9qFPX6XlI+IBLWJfmKDYESM6vjWfQegPifOZXSdcMrtK9FnXw8SMGLdUX5XB1pm9pwS0L2h+1ePvL2lyiG/ViaUYrGFtbzYUJwy6tHne1OUATxCdLSh0EbV7zxc8XEy245Vt6PLJvbQYeZaIsu/SOrTZbnHKB0zQ70/N79D1lSPPxqR3xIJPoBoBF42oE90mXGoXdh6qQR6zZuat6+gVpuvJBWjlAff05p9xJRzKOKUm4Nzw7/zCCxx2Ah2QadW35rlrupUPZ6C2E56fKTlFnga0v1pXwEgeb4nX+AAarB7rqDqffdMRgmQHrrd0we5p9E74Eo80aBH8ETMhOOA8bJ4FRxwar8oDoNcFQfFCCYc07ZmIYzeOKdab8Uk8Fp2ZLqqCjosgv8PXAXA7RZn3krVNVCYmVzCkIq4VMc7ZtxZXO+7H3Ilnmp4ajhRBI/vzLal0eeOi70VoKIwt/uLheeqjb54HPXFq7vIsY61k3bbi+lNd3QnQUYp1+e/53d0JCNayLNNb71dUoC3RtkLrelnPXWDWkgpF3n3dZLcECZdkvbLys0CO4y2s8gMMVHDK2z19bclzglK+eKwnu/gA/k7GaTtbeKD/hm4UctIGlKERgUIHt8oGPJmxtQtEX/JcWVVi1TlSwxoRGjeNgRy7CcGISDHGn/ZwefXb2SuTQqwb0Yt9G4Ou0EmEsS5YJDsZ7WRbY2Hz47HChdB1g+6P8BC82dhkXR0/q7hljXi6mzGIUxMS5C2kyX0cqhhQJjr0kfAktcAo70O/6lKl4XDOmKeK7EGibglEmsAZmG1tQsAvir5F+SGakgjFbMlJzFde9d4fFtf8XA293MuQOAXTMlU+7SCKaG83jaebRZmxltzhX8/DXPv0T8smag7Y5KfLweyqI9sGtVAh3mknV8ZcGb5l06A2kkdmGgoKbeBD5/CSgppmDUMJAflDBLSL3K84iko2f1T7mRRyM/KKsRX4lzjXlb6ZUBYiuXbCsRMKuf/BLw1E6HPAbqUtTemPWfuBTunp/s+L4bNOLNUIScFZ5PkrM5pzNn4qz83XTTuWHZpfl1Gv4pKFCAbw4ZHdWkal8yA3tqrBXEyqxTDSMNh27/7qhY+uRTUIDzczSFuuY861gifARvg/v2ZB7fDwhLu4eI0KD33Rchgi88HV7YYS4eAoBZadZZnq5N/AcApDTLHau33pzaRIbuacPH2gjF39AiSO5cokkcfqnfXogjTtHwIzHby3x2nqAr6i6TjytEPhGHWSw9JWhmoH8gHFCzdsFpTkQQBEzawtUONC1anAtKR8buQq3/OHDzaaYp5sbI+xDlw71RXZiULrqA8LdIec+P+g4MstA==,iv:O+0WWj3qcMA+/U7jD6svoZhfk3SjtHXqgsDCdI67mCQ=,tag:HDfjSbBfNlDZniYU0L98NA==,type:str] sops: kms: [] gcp_kms: [] @@ -33,8 +33,8 @@ sops: ekFwNFp4dm9UeDU5WFU5SmJyY25lMEEKZquSaE2A4ZTSp8sNB5bjgUzdp8RtAHIH xmbtfiMcLUv7J3FdGNwmSn9P9lYgzCVEZBjI0BCj/9JEm0eGFL8Vbw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-01-05T10:45:11Z" - mac: ENC[AES256_GCM,data:iigwuhn4wm2NIRBymwslUKiljbrFzbEsz0UZ9K/YeEX4FU3oy3gY2j8qP+yd7qISdObxOHs6AtdMzx1KcTK4CHhoI3vJ+aYKBwmaNvM91Dgbz71f01IUql/+ZGG/UqqgkWpvac0bERDPW/ypXJM/g9YpzocqWb9bxyfUDRvxkyw=,iv:zI7CsVegQC5STNH3u0hIC/YWXTfNwRyU3JJ1hn5I3AU=,tag:h/+KCpAmnNXORHLcCyldoQ==,type:str] + lastmodified: "2025-03-13T17:03:36Z" + mac: ENC[AES256_GCM,data:ZOCXTpjiySU1zfysnJm8u3BMFYVeI95sfEUVgep1WAvy/8RpoIgXq60hUPHSwp2+Z9u+PdTzenimlqdnVgAtfmHYO/xwOsiKuVVtBkBFuYE54U/jugr43D1mD3lHbm/0IQ+e+pCCmIp66BC6PV70lZMDzMDhf0PmxHU1hQZhgNI=,iv:4jRrIaswY2tEcx/fQrgN+DAxhLcM14DMV1et6m2W+SY=,tag:ak8/1MjIrqcgaUeKw6u6uA==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.9.2 + version: 3.9.4 diff --git a/secrets/services/caddy.yaml b/secrets/services/caddy.yaml index 9fea4c0..5f3ea62 100644 --- a/secrets/services/caddy.yaml +++ b/secrets/services/caddy.yaml @@ -1,5 +1,5 @@ caddy: - env: ENC[AES256_GCM,data:uVCkVky5MRRhN+g4f634nBjvpcI5Ldy+eOKXg7eGu9foswTHA1SXDs67+Wuvo/jaPw7Zg67xKZRHnoTon1udQzyfu0T6pmVKfsUPewITYCd+qLTanFz6uVRUHzpUVwjCZNqB8gxNr/BiZ70NG4vQXRjgd3zKFrQYQBr4zSaP2vK1pRdbuQ==,iv:dQBfX4X8huUp2dqY3tEGW+BPZ/XADT10ptt85R7X+AY=,tag:cvMbFjkRHoxxnNfz8dGv5g==,type:str] + env: ENC[AES256_GCM,data:fyP1pPJgO9jN0ypC09s0Sz+HlUX42fl6DxWevYYevKdlKTgz5VHQfbELhy6vejmg9v+zFB3/AtSZfWJQB2dNX4Zm/L42wf5QZ7oYoa9QTujJjRgE96OXM77ioNy2DzFzpGw3w16QoC7zaR8UHSN1KL6qRj5xxKw0U6Apxhc0AuBoLvNHOgn8CHY92Q4OBcA1tJn8tgLB9uZB5Ge/2BlEjdSQ0sZMLkE+dHC4/0IILVFrrv1sWRXvXt6t5njF,iv:tF5GRPFYZSuKRgDAY1e8/J7jNQAEqDpgXlpwWW+1P4E=,tag:lK/BUErXNIPgqXPzGJvPTQ==,type:str] sops: kms: [] gcp_kms: [] @@ -33,8 +33,8 @@ sops: Q2hBZE1FOHJ3aW5rVmoyK045eG11cmsKFOmP5iWONREZvxu0rM+fKMPQKgnYq5LH AKMZFsP7nnUxjdCXEA18sDg4Rf0qp8i3uQK3D6P7417j9ye/YZA4BQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-12-17T03:25:37Z" - mac: ENC[AES256_GCM,data:bhFBLkT2q6HGtTPtHLVZkKZn00Lbm11/u3qSR19lU2E1SsQ7mpukvCqcTxNWtJ+HHth6yJJfgM6XABKq/9/598L2MgGuF3C/GGS3xpjwHh5RyV8t1lV8cqDaZGjGOMGx35lFQ6DoXOreQrtP/f7MKzf+nVNFr1NbTR8YhqR1xDU=,iv:+fjYlbyIyM9nLagrvE+PUhC2pT7QTsTSQX7ELZ7Wuhs=,tag:GWQv6VmIsWwFzb4bUr5CLg==,type:str] + lastmodified: "2025-03-08T21:05:07Z" + mac: ENC[AES256_GCM,data:vgGCrCJMBxjiCWZYymlaPKTekA1Weprwgtc4xcoPVlDsuljkXDth+aAZPpnakE/nSXhGC6jGJOHdtrsIUTkH2R9WQHIdZDBy+VrVQoV6xE3ijfWyIujcIPwz3s1MGBqRFUYum1XMU5FAcIASiYV7PDxj/f6fsLbjKZCc9/kG3GE=,iv:PSvlssl+Gx+Gcw6/zccIKJDeNz3dJ0kHnPmCrAdBnqQ=,tag:6F/JKBFNxKEgMTyYZ3W0Vg==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.9.2 + version: 3.9.4 diff --git a/secrets/services/garage.yaml b/secrets/services/garage.yaml new file mode 100644 index 0000000..d84d4af --- /dev/null +++ b/secrets/services/garage.yaml @@ -0,0 +1,31 @@ +garage: + env: ENC[AES256_GCM,data:miNp4SJ9xuMXSEIJYCZFWM96enAh8uwCxv0ySn2Jbp5V4Iso2uZ2R9dXqSS7y60pRq+bbXPYbBxBnmb+fhjvB7TdCLPom9CKSY8zMI7n/p1IE4qUFvzCG4ejV6BIsh/887BjzAx1UNcRG/9eUNcMfTu58wQwKmIzr1iu5pD+IlLHa+0/orpZKssQ2Ba1hMwLOAXp,iv:zgkGikunB4zQ4CfGgEd1DmLgYpEREJhoX4oT/zK3mI8=,tag:ohpZWF/lPHQc010mteJZDw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIemdMVVE4alZ2MElWeUpj + TjNhL2VYL2dwMmN0VzJxVGwzWHgvbm82QWtjCk1pem5SdzFpR0dRci80emo1VlVu + VWtWMVpoN2M4NUphcTgxeTB6aU83bjAKLS0tIGlJanA1TFBnaE9PTmRnQWVidE53 + elRZaFVaZ1VTRU1MbWlqSkJNZG1oRW8K8IupEpJzC0CJGpxSTssiFrQgdHAzCW4I + IlvYdZkUou/6km5OMnsFqhqEqIjAwVuJ08YiNzAv67ZzTG0ThD133A== + -----END AGE ENCRYPTED FILE----- + - recipient: age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiemRZRmF1NWozM1RFS2Z2 + bld5V0lTS3V1OW1SU0VaR2IzZjJmbEtJVkhjCnBVKzFYUXYveGdkSTVmbzRldGRo + eVAxWXQ1TzczVjZiQ2NsUEk3YmhGNk0KLS0tIG04d0FDYXF1MU5ab3ZMTmpCUWNa + WTQ3dWs4enQrc2F3K3AvMUQvWEh6RDgKxJl3ftSpIrK+45LzjX9gIy41Lv+bcZsV + 7rriUhKAtaCXsQcO6Povif7zJyCROYhC0sgpRhmMKoN76TAH3zxvag== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-01-08T20:44:32Z" + mac: ENC[AES256_GCM,data:rVv9sNYb9Fttm5IjonAZBmcrCqC1cAp2sjMJDZ3JMt+YeyiCUI6jsXSGAc3pgP+7vvaTvDvdNwlAa5axxA72omE4eAK+9me0RLI75vA4UGrh3KiB4qrHK6H6qMUFg92uhKFo+uhtxERIV5/HSwbZPBT2R0pbSSQzTKk5U9UuJsY=,iv:CRSEqphlBsHwPvwXlTQui5U4fsXWgWnZ+8KYFAyVRlg=,tag:82mxRsp5uCo235jzJNK8LQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.2 diff --git a/secrets/services/searx.yaml b/secrets/services/searx.yaml new file mode 100644 index 0000000..46df77e --- /dev/null +++ b/secrets/services/searx.yaml @@ -0,0 +1,31 @@ +searx: + env: ENC[AES256_GCM,data:VWLft5+85mNA8k3VynVBz2V+8zcg97UtHfucpaAcKbA+CQdGUbqLesQSu9a7tNRI7+OdI1qPJj5HTzP8tpGN5f39D4brtyo4fN8n8zAd,iv:F70wq9qJiFjEjJeZeFCyQskLdBR3nd/CR/UW/dE9gTo=,tag:/W8FhRC180aAdzjD5v0vZw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEM3VXOVZBSVdZMzBOVzJD + Y0ZvWUtFUW5pMUZnYjdxdHQvWDBEVmU1L2hBCi8zcEszZThwcGQ5WUdRTWFUWCtP + WWE0OVJIOXpCMGJZc3J6TmVCMGN2TUUKLS0tIEwxVDJLTkdrK3g2TG9iWml6aEFR + d3NOS245SmV3K1dlaHdnMHpVSzlYQk0KnDSK1C1sEeBVMX80DqjJRrGFx+WkNijg + XEf/Jq//qzgvX24fOl4X4xGTRfBMbLlznLs4N6WtIY7aVcW5N041jQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCOGFaWkY1TWhvQUhENHUx + cUk4b2FpeCs5eUMyQ2FhZzVKdHY1MVIzWUhRCmw0eEhwYjl2OFNoQkZRVW43REQy + OGpNWFRTWEF4NFFuU1lpTFdKY3lBNEEKLS0tIFNET0JBZmxoSGhWdTIwL0x2Ris3 + ZHhidlJHT08rR3ZuME9UQmovRTFGNlkK83k2wqXQvxeURrUE/hXoZMDc9lqkgBuL + W/UWt/PBorp1/WRqO6dpuu9N2S9i6VCPJH0jdoHMWEqWuRIENFKVhQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-03-08T20:52:15Z" + mac: ENC[AES256_GCM,data:UGFkCgmgRofmX2gQR2W2DD0u4LowQ9pmUxPOgpLVaKGasEoNWJMGu7A7rUIpHvuUomoL6q8aiWs3kiIuZrTQ3CB5gawmU9pPiEseOAdbww4beIcnUmumwmCLH46XYQdaooPaz8bIncW/gFePRpVB2Oef1pYeryXkbZRwBm+bPOI=,iv:GGFjerxpLH8C1m50AiKoEJxj+lGRYNMe4Y7k4u232v8=,tag:woww///+80wakvzYoyWCqQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.4 diff --git a/secrets/services/tailscale.yaml b/secrets/services/tailscale.yaml new file mode 100644 index 0000000..27997b8 --- /dev/null +++ b/secrets/services/tailscale.yaml @@ -0,0 +1,31 @@ +tailscale: + auth: ENC[AES256_GCM,data:7gGiUBRUK25Tp5y/5DDZKOTxKPFFfN1UUeBOdMLLQqobq643MKdJ9imxkKmKFg/FwgLYft/uzdxQGGlE7Q==,iv:HRmd+T1QuTYP8VrX/bZt8dWSwm5rcUvpEMqCMPfxjE4=,tag:PRZn2Pm6yydfEULrYGM6yg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2Z1JZZmZMaDQ3UHYvbXYr + c05RaEMxUGJXSGczUDBkL1UxT0hjQ0VNNkJNClFUNmJ5d3gyaHFwMTdNVW9GQ2ly + V3haMkx5Z1B5dmJ0SE4wY0UzMWswQ0EKLS0tIGNpZVo3UmtHcjFZVE5FMmdpOGMx + UFZGb3I1L3FJYVE2VjJ5aTVoZlo4bFUKwH2sPBwuLQXrHmiKYSu4Eut/H2j/2tUW + 1y8Eph7l6w3kfhZRRbo6cZ8gcbZNHPSPeAvWf/TpYumiTt1WBt8SMw== + -----END AGE ENCRYPTED FILE----- + - recipient: age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSVXBMTEMrY1NGa1NBSjZP + R04wYUsrdGlVa3FnL1NYVG4xdUdqeHNnM0ZJCmhMSzFoRVFSOFBrQlU3VUtwaU0r + TEtad1B5NGh3OW1oajNvckhJcExrU0kKLS0tIFc5K3JOVTUvSFU1dmQxMUFRZ1o3 + em5IemlsM29zVy9GK3RmTlgzVnRpMDAKRatmFgCdoXcypQ+1EDedCuVctl0SFMf4 + kjtHrTSpept/y9bpTUy656aPRQ1LvqvfPs7Co1ssC/YWFroDsLgv4w== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-01-24T05:26:20Z" + mac: ENC[AES256_GCM,data:GbQrLESUR/x+eLzukOR1FaJsd8zxlrz9dc/2kDBKUYAgI8L4QwLmwRuzpaIJgNLv2PdLTW83oSC8ekxR8fmsap40DpiygcrmPdPUeVFbEPaz7SSvU+DCgB0UX+qNQ9aOQ0BIbeKKOIj3r9enGv2o6DKY8I85n7VXjnGZAmCf1C8=,iv:UrtVqRGwvOpXOH3X3qF6ZF+VwqO0VGt+hFG7r6oUqCg=,tag:TD4mG3t5ORYgAS0GBmA7Eg==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.3 diff --git a/secrets/services/zipline.yaml b/secrets/services/zipline.yaml new file mode 100644 index 0000000..0d233c3 --- /dev/null +++ b/secrets/services/zipline.yaml @@ -0,0 +1,31 @@ +zipline: + env: ENC[AES256_GCM,data:5n056AoWvM4PXBCxm+tk2G9qOugRpA/n5YRrxTtB7XBBQmRQNaP2a6AbAnWX665yFGQsB0iHdSER3sY78RqUL0gFKupVq1UAT8A2Wi0HqcFMqUs2drXjIksdmI6hTLk9TCxtPy0VbPieIshO2VEYesUqitTZ01i8Hj5CyF8yFC6t9eQ2L9iKLm5gje80MoqQT4IFx+V5B4ExP3fzhcpfr8StGHKHvG59nc40KQAW38i/95H3nncScOBfSQSNH61wLnDjecr8srxELO/j2iOKD9JzmqYLQr8TLKNw7KIIhDMAmuNeQhG1YXtj7/nj6gHN6cHpcHPgUdWID/Y6MHcndDCIJnyC2Qeod5ShOn53IjL7C8VZ940o9LfwNz22sx1SYZEwRGktIhUY0c4IL/4bUvhxwTcMH9ITYU8eVfG/QSnr8B4=,iv:juf0dRagztirDN89Jj+v8k62BBl9TU12A8TdR/m8qDA=,tag:WakN+bOYfF4YrleIsAg+OQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDUDFDSnFEM1NZK0lSMnUx + YkI3MWlpY1VjYXdaKzBCOFc5NWp5NXdBbkdVCmI0Z2tuSXBOSFN2NXJTUWxKQXNu + SGhhTTYzUDFSOFFXdU5aVHlmYnJNa1UKLS0tIGlrUTErQkVRdFBYYWxUcklHaUVY + UkQ3eVlDR2lMOEZGNXRjU3J3RXpwZkUKNJL/dvPsGu0AJiXryR8uSM0jE//cQi0b + AeYUjXLRcouUq5zWL6AsKDOUAo9t//AAFZqv3DGUboR8UzdymYRYMw== + -----END AGE ENCRYPTED FILE----- + - recipient: age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0Wk9ZYkExU3k0ZWpOZEhF + TkswRGxTd1hpcGJaa1pmcUJFQnZMcGV6L0ZFCnp3K05YdU56WUl1TktVSFNQWWZH + bG5COXVuSjFCUWpEYXQweVFPaDAzcTQKLS0tIFgralQ1TWUzajVOM3RyS3RDcnRx + WHZSeVJIaGRldmhmcWZvT3YzL3hPbFEKVUtCU1l/RhFOlwdjE0ejW/Ym+cMVNxIW + AdvVcWoilMGTsDJIIlLu7fPbhmGotPvqGjxMC2yEpEgJUt/rsz2vPA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-02-23T21:43:15Z" + mac: ENC[AES256_GCM,data:nI7xnLUMtseY9q8XZ3owb6qtRBtaRmmNNK4Z5ELHaI85VowdItZXMFN9faCVuCVTzhKp/4WC8jm96k7eWxytzW6r6KRvKDrUaRV27UweraK2Oe8et7u+oIEPh6HkNuZFB+qPiFYdfc+qQeTIKwayEVLeVWyvQKVDBhBxZd9UArg=,iv:q4hRQVat+LHVbYnF6QLE8iBdBeacJVUBKmMe4tbU8YU=,tag:6m4+SU1BFXMPORqe9vgXAw==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.4 diff --git a/secrets/yt/aws.yaml b/secrets/yt/aws.yaml new file mode 100644 index 0000000..0a48d33 --- /dev/null +++ b/secrets/yt/aws.yaml @@ -0,0 +1,36 @@ +aws: + key_id: ENC[AES256_GCM,data:euyq+QtSXv1UR5eOJfvZARhm5L2AuzKIOk8=,iv:RseSyVArmrawNzlwjNh6FScJF2O+F4FBuIq47uMQQEA=,tag:bkZJeX3rUHb1yZu8dytgcg==,type:str] + key_secret: ENC[AES256_GCM,data:27BHAU5suCIiSKAf0+1yNa/VJ0umErb6Ry8HI+Zfv6LV+7eB+wk8H3kxdV4wmY2XayHsUrD4FZa30O0a9PdJgA==,iv:oI2X7PCXDZBkUOikHM8S7gHsnMtWp7jxBqdmfbUlrwU=,tag:9mZ3H2jobKqYmw6S4NNpjw==,type:str] + _r2_key_id: ENC[AES256_GCM,data:R0xwzUx+6l9SR3Fd93PfJw+WPV0ByzOKMxoJQtn4pEE=,iv:qHmr/HssM8U3znbGznSIOwkAhNaORkCkG9lqAmCKmfw=,tag:LhuiiKSq/VnNEulgrS71vg==,type:str] + _r2_key_secret: ENC[AES256_GCM,data:Dw5Gq1URjMpy9Bh1IBYf+/EnkvQA/4yAC4kdoACpCUuJQxdQphFKwWmxJX+Q/oztO1imWoGIxlZNNDr5QCqXaA==,iv:hGePo+Ffe48n1BXI1f2V12C9Gn1CC1nTwbSsfqUGQ3c=,tag:AIy/F3jPGz2WHge3Mk43Ag==,type:str] + _garage_key_id: ENC[AES256_GCM,data:2lLS1nBhrwBkJh/ei7FwBoR6jOI6KCJkvOs=,iv:jwB7ZEaKOPIwghcGRs3qaICypoHgSxkFBOyB6e5hpYI=,tag:Iqwv3j1R1uLLUDKLhN1Atg==,type:str] + _garage_key_secret: ENC[AES256_GCM,data:5iwwMfojHrR79cOIY+9O2oVY8v1cbPcECMSOMhWuGAdc2lfCogKBwLM4TFwBH9X1Vx56QvUoxCQ2uSyfOMLR7A==,iv:Q523ttz6ijmv8/JlVZuldFR4IabEKiVN4sGmJ9xDJU0=,tag:ZZ4LRG4DXOC7LY8hEjXYHQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1sy0at69err83qyml2vqu8xvwjccfws447aaadfvacj2qluw3p45s2mtrw8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKaUZKbTVjZ1NEWlE5RzZT + T1dKdkRQajEva0tpRXhxYUlYWmw1b3MwSFZvCmhteVJ2VGhVNnZTZkJlem1OT3dL + dGlQTWdOUlo3TXNOS0wvNlpqVWpZSFEKLS0tIC9DNjY3OW1zWUlRQ1ZEOGlBRk9R + azQxMGhQejQ5M0N1YjFtSW5uVnRCQ3MKtt26G2PxIry/lppOT/NUX8jebEb5NgqO + HuHj7WT51Gtotfgb22VfGeOCaw9+pPYSjdk9WV4z57r7Z/lylALKRw== + -----END AGE ENCRYPTED FILE----- + - recipient: age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPaVIwbExDUjJiVFpHOFJu + dk1SUHc5UDRFUENsbkg2RmQvazdEZ1NKeEhvCjVCNzdwRFN0aUZJL0pVSTI1RUxv + Ymhhc0tsSENVa1VUKzRBZk5IcjEvNFUKLS0tIFpPNlRXOVYyVnpyUmtLMTFqNlZ0 + UlYrTExEUVc0dURLR1czN3BnYzZ2VGMKCbAgM50jvs9VciA1Pb/VY+2I4x62LBGe + j7eHkfTFc8Gnk/rZA9/ZJDLFr/FUPMQWK/NVoz6oLjO6oVFXqN6OqA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-03-16T16:45:13Z" + mac: ENC[AES256_GCM,data:DCx4uVuy53Gz9Ha2p/GjxTigKw/dJ0gvWIAII9AtKQCURu1OfiJ6Lp/ht6ndJwn25em11uppN371pQGxa8FRtLL+dX/YgoDmOw3Tgo3lc5VLBzalRqXHInOGHfgv9k1jHNq6zokKbBLDItBnUNOCvsLTXXenVRYdnkiuf3QPGhk=,iv:gBbbH/nJExK/dEXKHo+cCr+rxQ4uJQWweK0lYT7amsM=,tag:9GaCGFrcinqGfpibUNQ75w==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.4