diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index e276cbf..f1e07bc 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -3,18 +3,26 @@ on: workflow_dispatch: push: pull_request: + +env: + TERM: ansi + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets. AWS_SECRET_ACCESS_KEY }} + AWS_DEFAULT_REGION: us-east-1 + AWS_ENDPOINT_URL: https://s3.cy7.sh + jobs: build-machines: strategy: + fail-fast: false matrix: machine: - chunk - ytnix - - titan os: - ubuntu-latest runs-on: ${{ matrix.os }} - continue-on-error: true + steps: - name: Maximize build disk space uses: easimon/maximize-build-space@v10 @@ -27,47 +35,50 @@ jobs: remove-codeql: 'true' remove-docker-images: 'true' build-mount-path: /nix - - name: Install Nix - uses: cachix/install-nix-action@v30 - with: - install_url: https://releases.nixos.org/nix/nix-2.25.4/install - extra_nix_config: 'accept-flake-config = true' + + - name: setup binary cache key + run: echo -n "${{ secrets.NIX_CACHE_SECRET_KEY }}" | xxd -p -r > ${{ runner.temp }}/cache-priv-key.pem + - name: Sync repository uses: actions/checkout@v4 with: persist-credentials: false - - uses: cachix/cachix-action@v14 + + - name: post-build-hook + run: | + sudo mkdir -p /etc/nix + sudo cp ci/upload-to-cache.sh /etc/nix/ + sudo chmod +x /etc/nix/upload-to-cache.sh + + - name: setup s3 credentials + run: | + sudo mkdir /root/.aws + echo "[default]" |sudo tee /root/.aws/config |sudo tee /root/.aws/credentials + echo "aws_access_key_id=$AWS_ACCESS_KEY_ID" |sudo tee -a /root/.aws/credentials + echo "aws_secret_access_key=$AWS_SECRET_ACCESS_KEY" |sudo tee -a /root/.aws/credentials + echo "endpoint_url=$AWS_ENDPOINT_URL" |sudo tee -a /root/.aws/config + + - name: Install Nix + uses: cachix/install-nix-action@v30 with: - name: cything - authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' - useDaemon: false - installCommand: nix profile install nixpkgs#cachix - - name: Setup Attic cache - uses: ryanccn/attic-action@v0 - with: - endpoint: ${{ vars.ATTIC_ENDPOINT }} - cache: ${{ vars.ATTIC_CACHE }} - token: ${{ secrets.ATTIC_TOKEN }} - - name: Restore and cache Nix store - uses: nix-community/cache-nix-action@v5.1.0 - with: - # restore and save a cache using this key - primary-key: nix-${{ runner.os }}-${{ matrix.machine }}-${{ hashFiles('**/*.nix', 'flake.lock') }} - # if there's no cache hit, restore a cache by this prefix - restore-prefixes-first-match: nix-${{ runner.os }}-${{ matrix.machine }}- - # do purge caches - purge: true - # purge all versions of the cache - purge-prefixes: nix-${{ runner.os }}- - # created more than this number of seconds ago relative to the start of the `Post Restore` phase - purge-last-accessed: 86400 - # except the version with the `primary-key`, if it exists - purge-primary-key: never - # always save the cache - save-always: true - - run: nix build -L .#nixosConfigurations.${{ matrix.machine }}.config.system.build.toplevel + enable_kvm: true + extra_nix_config: | + show-trace = true + experimental-features = nix-command flakes + accept-flake-config = true + system-features = nixos-test benchmark big-parallel kvm + secret-key-files = ${{ runner.temp }}/cache-priv-key.pem + extra-substituters = https://nixcache.cy7.sh + extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= + post-build-hook = /etc/nix/upload-to-cache.sh + + - name: build + run: | + nix run nixpkgs#nixos-rebuild build -- -L --flake ".#${{ matrix.machine }}" + build-homes: strategy: + fail-fast: false matrix: home: - yt@ytnix @@ -76,7 +87,7 @@ jobs: - ubuntu-latest # - macos-latest runs-on: ${{ matrix.os }} - continue-on-error: true + steps: - name: Maximize build disk space uses: easimon/maximize-build-space@v10 @@ -89,38 +100,44 @@ jobs: remove-codeql: 'true' remove-docker-images: 'true' build-mount-path: /nix - - uses: nixbuild/nix-quick-install-action@master + + - name: setup binary cache key + run: echo -n "${{ secrets.NIX_CACHE_SECRET_KEY }}" | xxd -p -r > ${{ runner.temp }}/cache-priv-key.pem + - name: Sync repository uses: actions/checkout@v4 with: persist-credentials: false - - uses: cachix/cachix-action@v14 + + - name: post-build-hook + run: | + sudo mkdir -p /etc/nix + sudo cp ci/upload-to-cache.sh /etc/nix/ + sudo chmod +x /etc/nix/upload-to-cache.sh + + - name: setup s3 credentials + run: | + sudo mkdir /root/.aws + echo "[default]" |sudo tee /root/.aws/config |sudo tee /root/.aws/credentials + echo "aws_access_key_id=$AWS_ACCESS_KEY_ID" |sudo tee -a /root/.aws/credentials + echo "aws_secret_access_key=$AWS_SECRET_ACCESS_KEY" |sudo tee -a /root/.aws/credentials + echo "endpoint_url=$AWS_ENDPOINT_URL" |sudo tee -a /root/.aws/config + + - name: Install Nix + uses: cachix/install-nix-action@v30 with: - name: cything - authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' - useDaemon: false - installCommand: nix profile install nixpkgs#cachix - - name: Setup Attic cache - uses: ryanccn/attic-action@v0 - with: - endpoint: ${{ vars.ATTIC_ENDPOINT }} - cache: ${{ vars.ATTIC_CACHE }} - token: ${{ secrets.ATTIC_TOKEN }} - - name: Restore and cache Nix store - uses: nix-community/cache-nix-action@v5.1.0 - with: - # restore and save a cache using this key - primary-key: nix-${{ runner.os }}-${{ matrix.home }}-${{ hashFiles('**/*.nix', 'flake.lock') }} - # if there's no cache hit, restore a cache by this prefix - restore-prefixes-first-match: nix-${{ runner.os }}-${{ matrix.home }}- - # do purge caches - purge: true - # purge all versions of the cache - purge-prefixes: nix-${{ runner.os }}- - # created more than this number of seconds ago relative to the start of the `Post Restore` phase - purge-last-accessed: 86400 - # except the version with the `primary-key`, if it exists - purge-primary-key: never - # always save the cache - save-always: true - - run: nix build -L .#homeConfigurations."${{ matrix.home }}".activationPackage + enable_kvm: true + extra_nix_config: | + show-trace = true + experimental-features = nix-command flakes + accept-flake-config = true + system-features = nixos-test benchmark big-parallel kvm + secret-key-files = ${{ runner.temp }}/cache-priv-key.pem + extra-substituters = https://nixcache.cy7.sh + extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= + post-build-hook = /etc/nix/upload-to-cache.sh + + - name: build + run: | + package=".#homeConfigurations."${{ matrix.home }}".activationPackage" + nix build -L "$package" diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index 4408d30..423c88a 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -6,54 +6,64 @@ on: description: "package to build" required: false type: string + +env: + TERM: ansi + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets. AWS_SECRET_ACCESS_KEY }} + AWS_DEFAULT_REGION: us-east-1 + AWS_ENDPOINT_URL: https://s3.cy7.sh + jobs: build-packages: strategy: + fail-fast: false matrix: package: - - github:cything/nixpkgs/928e0c6874ab3e759305e93f806a4cf559645677#alvr - - github:cything/nixpkgs/8929e1256ceec677dd57fce405cdaca23176399b#lact - ${{ inputs.package }} os: - ubuntu-latest - - macos-latest - ubuntu-24.04-arm + - macos-latest + - macos-13 runs-on: ${{ matrix.os }} - continue-on-error: true + steps: + - name: setup binary cache key + run: echo -n "${{ secrets.NIX_CACHE_SECRET_KEY }}" | xxd -p -r > ${{ runner.temp }}/cache-priv-key.pem + - name: Install Nix uses: cachix/install-nix-action@v30 - - name: Sync repository - uses: actions/checkout@v4 with: - persist-credentials: false - - uses: cachix/cachix-action@v14 - with: - name: cything - authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' - useDaemon: false - installCommand: nix profile install nixpkgs#cachix - - name: Setup Attic cache - uses: ryanccn/attic-action@v0 - with: - endpoint: ${{ vars.ATTIC_ENDPOINT }} - cache: ${{ vars.ATTIC_CACHE }} - token: ${{ secrets.ATTIC_TOKEN }} - - name: Restore and cache Nix store - uses: nix-community/cache-nix-action@v5.1.0 - with: - # restore and save a cache using this key - primary-key: nix-${{ runner.os }}-${{ matrix.package }}-${{ hashFiles('**/*.nix', 'flake.lock') }} - # if there's no cache hit, restore a cache by this prefix - restore-prefixes-first-match: nix-${{ runner.os }}-${{ matrix.package }}- - # do purge caches - purge: true - # purge all versions of the cache - purge-prefixes: nix-${{ runner.os }}- - # created more than this number of seconds ago relative to the start of the `Post Restore` phase - purge-last-accessed: 86400 - # except the version with the `primary-key`, if it exists - purge-primary-key: never - # always save the cache - save-always: true + enable_kvm: true + extra_nix_config: | + show-trace = true + experimental-features = nix-command flakes + accept-flake-config = true + system-features = nixos-test benchmark big-parallel kvm + secret-key-files = ${{ runner.temp }}/cache-priv-key.pem + extra-substituters = https://nixcache.cy7.sh + extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= + - run: nix build -L ${{ matrix.package }} + + - name: cache result + # https://stackoverflow.com/a/58859404 + if: '!cancelled()' + run: | + nix run github:cything/nixcp -- \ + push \ + --bucket nixcache \ + --signing-key ${{ runner.temp }}/cache-priv-key.pem \ + -u https://nix-community.cachix.org \ + "${{ matrix.package }}" + + - name: prepare tarball to upload + run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result + + - name: upload result + uses: actions/upload-artifact@v4 + with: + name: ${{ matrix.os }} + path: result.tar + if-no-files-found: error diff --git a/.github/workflows/update-flake-lock.yml b/.github/workflows/update-flake-lock.yml index 59006f6..3b79705 100644 --- a/.github/workflows/update-flake-lock.yml +++ b/.github/workflows/update-flake-lock.yml @@ -11,10 +11,32 @@ jobs: createPullRequest: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - name: Install Nix - uses: cachix/install-nix-action@v30 + - uses: actions/checkout@85e6279cec87321a52edac9c87bce653a07cf6c2 with: - github_access_token: ${{ secrets.GITHUB_TOKEN }} + ssh-key: ${{ secrets.SSH_DEPLOY_KEY }} + + - name: Install Nix + uses: cachix/install-nix-action@53fb48f556dd912c4814b24ee8059a9c91c82b18 + with: + enable_kvm: true + extra_nix_config: | + show-trace = true + experimental-features = nix-command flakes + accept-flake-config = true + system-features = nixos-test benchmark big-parallel kvm + secret-key-files = /home/runner/cache-priv-key.pem + extra-substituters = https://nixcache.cy7.sh + extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= + - name: Update flake.lock - uses: DeterminateSystems/update-flake-lock@v24 + run: | + git config --global user.email "github-actions[bot]@users.noreply.github.com" + git config --global user.name "github-actions[bot]" + nix flake update --commit-lock-file + + - name: Create PR + uses: peter-evans/create-pull-request@98106d3f2b65918a6591f9e155117b7219ff7e51 + with: + title: nix flake update + branch: update-flake-inputs + branch-suffix: timestamp diff --git a/.sops.yaml b/.sops.yaml index 96b61cd..5dca48c 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -118,3 +118,27 @@ creation_rules: - age: - *chunk - *cy + - path_regex: secrets/services/searx.yaml + key_groups: + - age: + - *chunk + - *cy + - path_regex: secrets/cache-priv-key.pem + key_groups: + - age: + - *yt + - *cy + - *chunk + - path_regex: secrets/services/authelia.yaml + key_groups: + - age: + - *yt + - *cy + - *chunk + - path_regex: secrets/services/karakeep.yaml + key_groups: + - age: + - *yt + - *cy + - *chunk + diff --git a/README b/README new file mode 100644 index 0000000..1a59725 --- /dev/null +++ b/README @@ -0,0 +1 @@ +this is only open source for free ci diff --git a/README.md b/README.md deleted file mode 100644 index eb52498..0000000 --- a/README.md +++ /dev/null @@ -1,40 +0,0 @@ -# infra -## ./home -- [home-manager](https://github.com/nix-community/home-manager) configuration files -- foot, tmux, and zsh are configured in Nix -- nvim, rofi, sway, waybar are configured in their own literature and symlinked to $XDG_CONFIG_HOME with home-manager - -## ./hosts -- [`hosts/common.nix`](hosts/common.nix): configuration that makes sense on all computers -- [`hosts/zsh.nix`](hosts/zsh.nix): for computers that have the power to run zsh -### ./hosts/ytnix -- personal laptop -- a single [`default.nix`](hosts/ytnix/default.nix) that could be modularized but works for now - -### ./hosts/chunk -- the overworked server with 5% SLA -- very short and concise [`default.nix`](hosts/chunk/default.nix) -- services organized in their modules -- some services run through `virtualisation.oci-containers`: - - [immich](hosts/chunk/immich.nix) - - [conduwuit](hosts/chunk/conduwuit.nix) - -### ./hosts/titan -- got this cause chunk would go down way too often :( -- hosted on azure for "reliability" -- runs: - - [ghost](hosts/titan/ghost.nix) (through `virtualisation.oci-containers`) - - [uptime-kuma](hosts/titan/uptime-kuma.nix) - - [ntfy-sh](hosts/titan/ntfy.nix) - -## ./secrets -- secrets -- see [`.sops.yaml`](.sops.yaml) for who privy to what - -## backups -- hourly borgbackup to [rsync.net](https://rsync.net) -- see [modules/backup](modules/backup.nix) - -## monitoring -- [status.cything.io](https://status.cything.io/): uptime kuma (reliable) -- [grafana.cything.io](https://grafana.cything.io/): some real-time metrics here; unlike the status page this will go kaput often diff --git a/ci/upload-to-cache.sh b/ci/upload-to-cache.sh new file mode 100755 index 0000000..559d062 --- /dev/null +++ b/ci/upload-to-cache.sh @@ -0,0 +1,8 @@ +#!/bin/sh + +# https://nix.dev/guides/recipes/post-build-hook.html#implementing-the-build-hook +set -eu +set -f # disable globbing +export IFS=' ' +echo "Uploading paths" $OUT_PATHS +exec /nix/var/nix/profiles/default/bin/nix copy --to "s3://nixcache?endpoint=s3.cy7.sh&compression=zstd¶llel-compression=true" $OUT_PATHS diff --git a/flake.lock b/flake.lock index 2042b1e..4370247 100644 --- a/flake.lock +++ b/flake.lock @@ -1,152 +1,12 @@ { "nodes": { - "attic": { - "inputs": { - "crane": "crane", - "flake-compat": "flake-compat", - "flake-parts": "flake-parts", - "nix-github-actions": "nix-github-actions", - "nixpkgs": "nixpkgs", - "nixpkgs-stable": "nixpkgs-stable" - }, - "locked": { - "lastModified": 1731270564, - "narHash": "sha256-6KMC/NH/VWP5Eb+hA56hz0urel3jP6Y6cF2PX6xaTkk=", - "owner": "zhaofengli", - "repo": "attic", - "rev": "47752427561f1c34debb16728a210d378f0ece36", - "type": "github" - }, - "original": { - "owner": "zhaofengli", - "ref": "main", - "repo": "attic", - "type": "github" - } - }, - "cachix": { - "inputs": { - "devenv": "devenv", - "flake-compat": "flake-compat_2", - "git-hooks": "git-hooks", - "nixpkgs": "nixpkgs_4" - }, - "locked": { - "lastModified": 1737621947, - "narHash": "sha256-8HFvG7fvIFbgtaYAY2628Tb89fA55nPm2jSiNs0/Cws=", - "owner": "cachix", - "repo": "cachix", - "rev": "f65a3cd5e339c223471e64c051434616e18cc4f5", - "type": "github" - }, - "original": { - "owner": "cachix", - "ref": "master", - "repo": "cachix", - "type": "github" - } - }, - "cachix_2": { - "inputs": { - "devenv": [ - "conduwuit", - "cachix", - "devenv" - ], - "flake-compat": [ - "conduwuit", - "cachix", - "devenv" - ], - "git-hooks": [ - "conduwuit", - "cachix", - "devenv" - ], - "nixpkgs": "nixpkgs_2" - }, - "locked": { - "lastModified": 1728672398, - "narHash": "sha256-KxuGSoVUFnQLB2ZcYODW7AVPAh9JqRlD5BrfsC/Q4qs=", - "owner": "cachix", - "repo": "cachix", - "rev": "aac51f698309fd0f381149214b7eee213c66ef0a", - "type": "github" - }, - "original": { - "owner": "cachix", - "ref": "latest", - "repo": "cachix", - "type": "github" - } - }, - "complement": { - "flake": false, - "locked": { - "lastModified": 1734303596, - "narHash": "sha256-HjDRyLR4MBqQ3IjfMM6eE+8ayztXlbz3gXdyDmFla68=", - "owner": "girlbossceo", - "repo": "complement", - "rev": "14cc5be797b774f1a2b9f826f38181066d4952b8", - "type": "github" - }, - "original": { - "owner": "girlbossceo", - "ref": "main", - "repo": "complement", - "type": "github" - } - }, - "conduwuit": { - "inputs": { - "attic": "attic", - "cachix": "cachix", - "complement": "complement", - "crane": [ - "crane" - ], - "fenix": "fenix", - "flake-compat": [ - "flake-compat" - ], - "flake-utils": [ - "flake-utils" - ], - "liburing": "liburing", - "nix-filter": "nix-filter", - "nixpkgs": [ - "nixpkgs" - ], - "rocksdb": "rocksdb" - }, - "locked": { - "lastModified": 1739202916, - "narHash": "sha256-QdPUbONWFUdUSagT0pwad5yzOP0+Vxmmb6pM6QjhyFI=", - "owner": "girlbossceo", - "repo": "conduwuit", - "rev": "e3b81f7b6488b5c483e8b13e3959fe591bf4cb92", - "type": "github" - }, - "original": { - "owner": "girlbossceo", - "repo": "conduwuit", - "type": "github" - } - }, "crane": { - "inputs": { - "nixpkgs": [ - "conduwuit", - "attic", - "nixpkgs" - ] - }, "locked": { - "lastModified": 1722960479, - "narHash": "sha256-NhCkJJQhD5GUib8zN9JrmYGMwt4lCRp6ZVNzIiYCl0Y=", + "lastModified": 1737689766, + "narHash": "sha256-ivVXYaYlShxYoKfSo5+y5930qMKKJ8CLcAoIBPQfJ6s=", "owner": "ipetkov", "repo": "crane", - "rev": "4c6c77920b8d44cd6660c1621dea6b3fc4b4c4f4", + "rev": "6fe74265bbb6d016d663b1091f015e2976c4a527", "type": "github" }, "original": { @@ -157,11 +17,11 @@ }, "crane_2": { "locked": { - "lastModified": 1739936662, - "narHash": "sha256-x4syUjNUuRblR07nDPeLDP7DpphaBVbUaSoeZkFbGSk=", + "lastModified": 1741148495, + "narHash": "sha256-EV8KUaIZ2/CdBXlutXrHoZYbWPeB65p5kKZk71gvDRI=", "owner": "ipetkov", "repo": "crane", - "rev": "19de14aaeb869287647d9461cbd389187d8ecdb7", + "rev": "75390a36cd0c2cdd5f1aafd8a9f827d7107f2e53", "type": "github" }, "original": { @@ -170,117 +30,17 @@ "type": "github" } }, - "devenv": { - "inputs": { - "cachix": "cachix_2", - "flake-compat": [ - "conduwuit", - "cachix", - "flake-compat" - ], - "git-hooks": [ - "conduwuit", - "cachix", - "git-hooks" - ], - "nix": "nix", - "nixpkgs": [ - "conduwuit", - "cachix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1733323168, - "narHash": "sha256-d5DwB4MZvlaQpN6OQ4SLYxb5jA4UH5EtV5t5WOtjLPU=", - "owner": "cachix", - "repo": "devenv", - "rev": "efa9010b8b1cfd5dd3c7ed1e172a470c3b84a064", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "devenv", - "type": "github" - } - }, - "devshell": { - "inputs": { - "nixpkgs": [ - "nixvim", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1735644329, - "narHash": "sha256-tO3HrHriyLvipc4xr+Ewtdlo7wM1OjXNjlWRgmM7peY=", - "owner": "numtide", - "repo": "devshell", - "rev": "f7795ede5b02664b57035b3b757876703e2c3eac", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "devshell", - "type": "github" - } - }, - "disko": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1736864502, - "narHash": "sha256-ItkIZyebGvNH2dK9jVGzJHGPtb6BSWLN8Gmef16NeY0=", - "owner": "nix-community", - "repo": "disko", - "rev": "0141aabed359f063de7413f80d906e1d98c0c123", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "latest", - "repo": "disko", - "type": "github" - } - }, - "fenix": { - "inputs": { - "nixpkgs": [ - "conduwuit", - "nixpkgs" - ], - "rust-analyzer-src": "rust-analyzer-src" - }, - "locked": { - "lastModified": 1737786656, - "narHash": "sha256-ubCW9Jy7ZUOF354bWxTgLDpVnTvIpNr6qR4H/j7I0oo=", - "owner": "nix-community", - "repo": "fenix", - "rev": "2f721f527886f801403f389a9cabafda8f1e3b7f", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "main", - "repo": "fenix", - "type": "github" - } - }, "flake-compat": { - "flake": false, "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "owner": "edolstra", + "lastModified": 1717312683, + "narHash": "sha256-FrlieJH50AuvagamEvWMIE6D2OAnERuDboFDYAED/dE=", + "owner": "nix-community", "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "rev": "38fd3954cf65ce6faf3d0d45cd26059e059f07ea", "type": "github" }, "original": { - "owner": "edolstra", + "owner": "nix-community", "repo": "flake-compat", "type": "github" } @@ -301,79 +61,19 @@ "type": "github" } }, - "flake-compat_3": { - "locked": { - "lastModified": 1733328505, - "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "flake-parts": { "inputs": { "nixpkgs-lib": [ - "conduwuit", - "attic", + "lanzaboote", "nixpkgs" ] }, "locked": { - "lastModified": 1722555600, - "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=", + "lastModified": 1740872218, + "narHash": "sha256-ZaMw0pdoUKigLpv9HiNDH2Pjnosg7NBYMJlHTIsHEUo=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "8471fe90ad337a8074e957b69ca4d0089218391d", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-parts_2": { - "inputs": { - "nixpkgs-lib": [ - "conduwuit", - "cachix", - "devenv", - "nix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1712014858, - "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "9126214d0a59633752a136528f5f3b9aa8565b7d", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-parts_3": { - "inputs": { - "nixpkgs-lib": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1738453229, - "narHash": "sha256-7H9XgNiGLKN1G1CgRh0vUL4AheZSYzPm+zmZ7vxbJdo=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "32ea77a06711b758da0ad9bd6a844c5740a87abd", + "rev": "3876f6b87db82f33775b1ef5ea343986105db764", "type": "github" }, "original": { @@ -418,100 +118,49 @@ "type": "github" } }, - "flakey-profile": { + "flake-utils_3": { + "inputs": { + "systems": "systems_3" + }, "locked": { - "lastModified": 1712898590, - "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=", - "owner": "lf-", - "repo": "flakey-profile", - "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { - "owner": "lf-", - "repo": "flakey-profile", + "owner": "numtide", + "repo": "flake-utils", "type": "github" } }, - "git-hooks": { + "garage": { "inputs": { - "flake-compat": [ - "conduwuit", - "cachix", - "flake-compat" - ], - "gitignore": "gitignore", + "crane": "crane", + "flake-compat": "flake-compat", + "flake-utils": "flake-utils", "nixpkgs": [ - "conduwuit", - "cachix", "nixpkgs" ], - "nixpkgs-stable": "nixpkgs-stable_2" + "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1733318908, - "narHash": "sha256-SVQVsbafSM1dJ4fpgyBqLZ+Lft+jcQuMtEL3lQWx2Sk=", - "owner": "cachix", - "repo": "git-hooks.nix", - "rev": "6f4e2a2112050951a314d2733a994fbab94864c6", + "lastModified": 1745093116, + "narHash": "sha256-38L/NZyfGSGff9f+FfRd4teA1Xj93hqcBJcqhxbLA7Y=", + "owner": "deuxfleurs-org", + "repo": "garage", + "rev": "4ef954d17604eba8aafa52902cd3c573978c7195", "type": "github" }, "original": { - "owner": "cachix", - "repo": "git-hooks.nix", - "type": "github" - } - }, - "git-hooks_2": { - "inputs": { - "flake-compat": [ - "nixvim", - "flake-compat" - ], - "gitignore": "gitignore_3", - "nixpkgs": [ - "nixvim", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1737465171, - "narHash": "sha256-R10v2hoJRLq8jcL4syVFag7nIGE7m13qO48wRIukWNg=", - "owner": "cachix", - "repo": "git-hooks.nix", - "rev": "9364dc02281ce2d37a1f55b6e51f7c0f65a75f17", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "git-hooks.nix", + "owner": "deuxfleurs-org", + "repo": "garage", "type": "github" } }, "gitignore": { - "inputs": { - "nixpkgs": [ - "conduwuit", - "cachix", - "git-hooks", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1709087332, - "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", - "owner": "hercules-ci", - "repo": "gitignore.nix", - "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "gitignore.nix", - "type": "github" - } - }, - "gitignore_2": { "inputs": { "nixpkgs": [ "lanzaboote", @@ -533,28 +182,6 @@ "type": "github" } }, - "gitignore_3": { - "inputs": { - "nixpkgs": [ - "nixvim", - "git-hooks", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1709087332, - "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", - "owner": "hercules-ci", - "repo": "gitignore.nix", - "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "gitignore.nix", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -562,11 +189,11 @@ ] }, "locked": { - "lastModified": 1740318342, - "narHash": "sha256-fjr9+3Iru6O5qE+2oERQkabqAUXx4awm0+i2MBcta1U=", + "lastModified": 1745128386, + "narHash": "sha256-xnNxL9lZC5Ez8AxTgHZZu8pYSNM34+5GD5jGSs8Vq4M=", "owner": "nix-community", "repo": "home-manager", - "rev": "b5ab2c7fdaa807cf425066ab7cd34b073946b1ca", + "rev": "f98314bb064cf8f8446c44afbadaaad2505875a7", "type": "github" }, "original": { @@ -575,59 +202,23 @@ "type": "github" } }, - "ixx": { - "inputs": { - "flake-utils": [ - "nixvim", - "nuschtosSearch", - "flake-utils" - ], - "nixpkgs": [ - "nixvim", - "nuschtosSearch", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1729958008, - "narHash": "sha256-EiOq8jF4Z/zQe0QYVc3+qSKxRK//CFHMB84aYrYGwEs=", - "owner": "NuschtOS", - "repo": "ixx", - "rev": "9fd01aad037f345350eab2cd45e1946cc66da4eb", - "type": "github" - }, - "original": { - "owner": "NuschtOS", - "ref": "v0.0.6", - "repo": "ixx", - "type": "github" - } - }, "lanzaboote": { "inputs": { - "crane": [ - "crane" - ], - "flake-compat": [ - "flake-compat" - ], - "flake-parts": [ - "flake-parts" - ], + "crane": "crane_2", + "flake-compat": "flake-compat_2", + "flake-parts": "flake-parts", "nixpkgs": [ "nixpkgs" ], "pre-commit-hooks-nix": "pre-commit-hooks-nix", - "rust-overlay": [ - "rust-overlay" - ] + "rust-overlay": "rust-overlay_2" }, "locked": { - "lastModified": 1739186342, - "narHash": "sha256-2j+sln9RwQn+g7J4GmdFFgvqXnLkvWBNMaUzONlkzUE=", + "lastModified": 1741442524, + "narHash": "sha256-tVcxLDLLho8dWcO81Xj/3/ANLdVs0bGyCPyKjp70JWk=", "owner": "nix-community", "repo": "lanzaboote", - "rev": "3bdeebbc484a09391c4f0ec8a37bb77809426660", + "rev": "d8099586d9a84308ffedac07880e7f07a0180ff4", "type": "github" }, "original": { @@ -637,110 +228,20 @@ "type": "github" } }, - "libgit2": { - "flake": false, - "locked": { - "lastModified": 1697646580, - "narHash": "sha256-oX4Z3S9WtJlwvj0uH9HlYcWv+x1hqp8mhXl7HsLu2f0=", - "owner": "libgit2", - "repo": "libgit2", - "rev": "45fd9ed7ae1a9b74b957ef4f337bc3c8b3df01b5", - "type": "github" - }, - "original": { - "owner": "libgit2", - "repo": "libgit2", - "type": "github" - } - }, - "liburing": { - "flake": false, - "locked": { - "lastModified": 1737600516, - "narHash": "sha256-EKyLQ3pbcjoU5jH5atge59F4fzuhTsb6yalUj6Ve2t8=", - "owner": "axboe", - "repo": "liburing", - "rev": "6c509e2b0c881a13b83b259a221bf15fc9b3f681", - "type": "github" - }, - "original": { - "owner": "axboe", - "ref": "master", - "repo": "liburing", - "type": "github" - } - }, - "lix": { - "inputs": { - "flake-compat": [ - "flake-compat" - ], - "nix2container": "nix2container", - "nixpkgs": [ - "nixpkgs" - ], - "nixpkgs-regression": "nixpkgs-regression", - "pre-commit-hooks": "pre-commit-hooks" - }, - "locked": { - "lastModified": 1740318097, - "narHash": "sha256-lCRwHfZqpXO/Q98WCTD0eOWvKpA2J4ANLxrDzd3aWJw=", - "ref": "refs/heads/main", - "rev": "aaab224bea76cc6882884f9223b4bec2a781ebd4", - "revCount": 17460, - "type": "git", - "url": "https://git.lix.systems/lix-project/lix" - }, - "original": { - "type": "git", - "url": "https://git.lix.systems/lix-project/lix" - } - }, - "lix-module": { - "inputs": { - "flake-utils": [ - "flake-utils" - ], - "flakey-profile": "flakey-profile", - "lix": [ - "lix" - ], - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1738176840, - "narHash": "sha256-NG3IRvRs3u3btVCN861FqHvgOwqcNT/Oy6PBG86F5/E=", - "ref": "refs/heads/main", - "rev": "621aae0f3cceaffa6d73a4fb0f89c08d338d729e", - "revCount": 133, - "type": "git", - "url": "https://git.lix.systems/lix-project/nixos-module" - }, - "original": { - "type": "git", - "url": "https://git.lix.systems/lix-project/nixos-module" - } - }, "nil": { "inputs": { - "flake-utils": [ - "flake-utils" - ], + "flake-utils": "flake-utils_2", "nixpkgs": [ "nixpkgs" ], - "rust-overlay": [ - "rust-overlay" - ] + "rust-overlay": "rust-overlay_3" }, "locked": { - "lastModified": 1732053863, - "narHash": "sha256-DCIVdlb81Fct2uwzbtnawLBC/U03U2hqx8trqTJB7WA=", + "lastModified": 1741118843, + "narHash": "sha256-ggXU3RHv6NgWw+vc+HO4/9n0GPufhTIUjVuLci8Za8c=", "owner": "oxalica", "repo": "nil", - "rev": "2e24c9834e3bb5aa2a3701d3713b43a6fb106362", + "rev": "577d160da311cc7f5042038456a0713e9863d09e", "type": "github" }, "original": { @@ -749,163 +250,23 @@ "type": "github" } }, - "niri": { - "inputs": { - "niri-stable": "niri-stable", - "niri-unstable": "niri-unstable", - "nixpkgs": [ - "nixpkgs" - ], - "nixpkgs-stable": [ - "nixpkgs" - ], - "xwayland-satellite-stable": "xwayland-satellite-stable", - "xwayland-satellite-unstable": "xwayland-satellite-unstable" - }, - "locked": { - "lastModified": 1740326457, - "narHash": "sha256-C1tiPRIXI6Z5vd3pz26/JQ/p+VaG2eKD6PNk8ZqFW1E=", - "owner": "sodiboo", - "repo": "niri-flake", - "rev": "23b0234ac1b03709a0cec40e84d293f083859dc9", - "type": "github" - }, - "original": { - "owner": "sodiboo", - "repo": "niri-flake", - "type": "github" - } - }, - "niri-stable": { - "flake": false, - "locked": { - "lastModified": 1736614405, - "narHash": "sha256-AJ1rlgNOPb3/+DbS5hkhm21t6Oz8IgqLllwmZt0lyzk=", - "owner": "YaLTeR", - "repo": "niri", - "rev": "e05bc269e678ecf828b96ae79c991c13b00b38a5", - "type": "github" - }, - "original": { - "owner": "YaLTeR", - "ref": "v25.01", - "repo": "niri", - "type": "github" - } - }, - "niri-unstable": { - "flake": false, - "locked": { - "lastModified": 1740251548, - "narHash": "sha256-53kgDwNYEPIZadX5SEk7+OoTXycHm1QUF7x2XCoo9+U=", - "owner": "YaLTeR", - "repo": "niri", - "rev": "bca65452882e1e616045e21a0a9a4a0b7024239b", - "type": "github" - }, - "original": { - "owner": "YaLTeR", - "repo": "niri", - "type": "github" - } - }, - "nix": { - "inputs": { - "flake-compat": [ - "conduwuit", - "cachix", - "devenv" - ], - "flake-parts": "flake-parts_2", - "libgit2": "libgit2", - "nixpkgs": "nixpkgs_3", - "nixpkgs-23-11": [ - "conduwuit", - "cachix", - "devenv" - ], - "nixpkgs-regression": [ - "conduwuit", - "cachix", - "devenv" - ], - "pre-commit-hooks": [ - "conduwuit", - "cachix", - "devenv" - ] - }, - "locked": { - "lastModified": 1727438425, - "narHash": "sha256-X8ES7I1cfNhR9oKp06F6ir4Np70WGZU5sfCOuNBEwMg=", - "owner": "domenkozar", - "repo": "nix", - "rev": "f6c5ae4c1b2e411e6b1e6a8181cc84363d6a7546", - "type": "github" - }, - "original": { - "owner": "domenkozar", - "ref": "devenv-2.24", - "repo": "nix", - "type": "github" - } - }, - "nix-darwin": { + "nix-index-database": { "inputs": { "nixpkgs": [ - "nixvim", "nixpkgs" ] }, "locked": { - "lastModified": 1738743987, - "narHash": "sha256-O3bnAfsObto6l2tQOmQlrO6Z2kD6yKwOWfs7pA0CpOc=", - "owner": "lnl7", - "repo": "nix-darwin", - "rev": "ae406c04577ff9a64087018c79b4fdc02468c87c", - "type": "github" - }, - "original": { - "owner": "lnl7", - "repo": "nix-darwin", - "type": "github" - } - }, - "nix-filter": { - "locked": { - "lastModified": 1731533336, - "narHash": "sha256-oRam5PS1vcrr5UPgALW0eo1m/5/pls27Z/pabHNy2Ms=", - "owner": "numtide", - "repo": "nix-filter", - "rev": "f7653272fd234696ae94229839a99b73c9ab7de0", - "type": "github" - }, - "original": { - "owner": "numtide", - "ref": "main", - "repo": "nix-filter", - "type": "github" - } - }, - "nix-github-actions": { - "inputs": { - "nixpkgs": [ - "conduwuit", - "attic", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1729742964, - "narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=", + "lastModified": 1745120797, + "narHash": "sha256-owQ0VQ+7cSanTVPxaZMWEzI22Q4bGnuvhVjLAJBNQ3E=", "owner": "nix-community", - "repo": "nix-github-actions", - "rev": "e04df33f62cdcf93d73e9a04142464753a16db67", + "repo": "nix-index-database", + "rev": "69716041f881a2af935021c1182ed5b0cc04d40e", "type": "github" }, "original": { "owner": "nix-community", - "repo": "nix-github-actions", + "repo": "nix-index-database", "type": "github" } }, @@ -916,11 +277,11 @@ ] }, "locked": { - "lastModified": 1739790836, - "narHash": "sha256-ksegG5wSllKmBqId/BtHVje9E5s0I+uCWgiFeLv2RzM=", + "lastModified": 1744621833, + "narHash": "sha256-II6a32kRc+KbLhU/jS8EbuXYt1PNCvsRvuBw2becgQM=", "owner": "nix-community", "repo": "nix-ld", - "rev": "36420e7b304b5071da5eedd176c0a567fd821861", + "rev": "9a3812797e25def1d4aed62b517606b7b93989dc", "type": "github" }, "original": { @@ -929,315 +290,40 @@ "type": "github" } }, - "nix2container": { - "flake": false, - "locked": { - "lastModified": 1724996935, - "narHash": "sha256-njRK9vvZ1JJsP8oV2OgkBrpJhgQezI03S7gzskCcHos=", - "owner": "nlewo", - "repo": "nix2container", - "rev": "fa6bb0a1159f55d071ba99331355955ae30b3401", - "type": "github" - }, - "original": { - "owner": "nlewo", - "repo": "nix2container", - "type": "github" - } - }, "nixpkgs": { "locked": { - "lastModified": 1726042813, - "narHash": "sha256-LnNKCCxnwgF+575y0pxUdlGZBO/ru1CtGHIqQVfvjlA=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "159be5db480d1df880a0135ca0bfed84c2f88353", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-regression": { - "locked": { - "lastModified": 1643052045, - "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", - "type": "github" - }, - "original": { - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", - "type": "github" - } - }, - "nixpkgs-stable": { - "locked": { - "lastModified": 1724316499, - "narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-24.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-stable_2": { - "locked": { - "lastModified": 1730741070, - "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-24.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-stable_3": { - "locked": { - "lastModified": 1730741070, - "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-24.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-stable_4": { - "locked": { - "lastModified": 1740162160, - "narHash": "sha256-SSYxFhqCOb3aiPb6MmN68yEzBIltfom8IgRz7phHscM=", + "lastModified": 1744932701, + "narHash": "sha256-fusHbZCyv126cyArUwwKrLdCkgVAIaa/fQJYFlCEqiU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "11415c7ae8539d6292f2928317ee7a8410b28bb9", + "rev": "b024ced1aac25639f8ca8fdfc2f8c4fbd66c48ef", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-24.11", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_2": { - "locked": { - "lastModified": 1730531603, - "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d", - "type": "github" - }, - "original": { - "owner": "NixOS", "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } }, - "nixpkgs_3": { - "locked": { - "lastModified": 1717432640, - "narHash": "sha256-+f9c4/ZX5MWDOuB1rKoWj+lBNm0z0rs4CK47HBLxy1o=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "88269ab3044128b7c2f4c7d68448b2fb50456870", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "release-24.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_4": { - "locked": { - "lastModified": 1733212471, - "narHash": "sha256-M1+uCoV5igihRfcUKrr1riygbe73/dzNnzPsmaLCmpo=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "55d15ad12a74eb7d4646254e13638ad0c4128776", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_5": { - "locked": { - "lastModified": 1740301968, - "narHash": "sha256-eDAiNagpMExcLoSIgjdef2ZYyvjuy1VTF8r9OZXCMGc=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "b7fe81518095c48a8ba94fc7cfe5c0fc8370851b", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable-small", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixvim": { - "inputs": { - "devshell": "devshell", - "flake-compat": [ - "flake-compat" - ], - "flake-parts": [ - "flake-parts" - ], - "git-hooks": "git-hooks_2", - "home-manager": [ - "home-manager" - ], - "nix-darwin": "nix-darwin", - "nixpkgs": [ - "nixpkgs" - ], - "nuschtosSearch": "nuschtosSearch", - "treefmt-nix": [ - "treefmt" - ] - }, - "locked": { - "lastModified": 1739902813, - "narHash": "sha256-BgOQcKKz7VNvSHIbBllHisv32HvF3W3ALF9sdnC++V8=", - "owner": "nix-community", - "repo": "nixvim", - "rev": "0ab9947137cd034ec64eb5cd9ede94e53af21f50", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixvim", - "type": "github" - } - }, - "nuschtosSearch": { - "inputs": { - "flake-utils": "flake-utils_2", - "ixx": "ixx", - "nixpkgs": [ - "nixvim", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1738508923, - "narHash": "sha256-4DaDrQDAIxlWhTjH6h/+xfG05jt3qDZrZE/7zDLQaS4=", - "owner": "NuschtOS", - "repo": "search", - "rev": "86e2038290859006e05ca7201425ea5b5de4aecb", - "type": "github" - }, - "original": { - "owner": "NuschtOS", - "repo": "search", - "type": "github" - } - }, - "nvim-github-theme": { - "flake": false, - "locked": { - "lastModified": 1735641120, - "narHash": "sha256-/A4hkKTzjzeoR1SuwwklraAyI8oMkhxrwBBV9xb59PA=", - "owner": "projekt0n", - "repo": "github-nvim-theme", - "rev": "c106c9472154d6b2c74b74565616b877ae8ed31d", - "type": "github" - }, - "original": { - "owner": "projekt0n", - "repo": "github-nvim-theme", - "type": "github" - } - }, - "plasma-manager": { - "inputs": { - "home-manager": [ - "home-manager" - ], - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1739557722, - "narHash": "sha256-XikzLpPUDYiNyJ4w2SfRShdbSkIgE3btYdxCGInmtc4=", - "owner": "nix-community", - "repo": "plasma-manager", - "rev": "1f3e1f38dedbbb8aad77e184fb54ec518e2d9522", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "plasma-manager", - "type": "github" - } - }, - "pre-commit-hooks": { - "flake": false, - "locked": { - "lastModified": 1733318908, - "narHash": "sha256-SVQVsbafSM1dJ4fpgyBqLZ+Lft+jcQuMtEL3lQWx2Sk=", - "owner": "cachix", - "repo": "git-hooks.nix", - "rev": "6f4e2a2112050951a314d2733a994fbab94864c6", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "git-hooks.nix", - "type": "github" - } - }, "pre-commit-hooks-nix": { "inputs": { "flake-compat": [ "lanzaboote", "flake-compat" ], - "gitignore": "gitignore_2", + "gitignore": "gitignore", "nixpkgs": [ "lanzaboote", "nixpkgs" - ], - "nixpkgs-stable": "nixpkgs-stable_3" + ] }, "locked": { - "lastModified": 1731363552, - "narHash": "sha256-vFta1uHnD29VUY4HJOO/D6p6rxyObnf+InnSMT4jlMU=", + "lastModified": 1740915799, + "narHash": "sha256-JvQvtaphZNmeeV+IpHgNdiNePsIpHD5U/7QN5AeY44A=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "cd1af27aa85026ac759d5d3fccf650abe7e1bbf0", + "rev": "42b1ba089d2034d910566bf6b40830af6b8ec732", "type": "github" }, "original": { @@ -1246,78 +332,96 @@ "type": "github" } }, - "rocksdb": { - "flake": false, - "locked": { - "lastModified": 1737828695, - "narHash": "sha256-8Ev6zzhNPU798JNvU27a7gj5X+6SDG3jBweUkQ59DbA=", - "owner": "girlbossceo", - "repo": "rocksdb", - "rev": "a4d9230dcc9d03be428b9a728133f8f646c0065c", - "type": "github" - }, - "original": { - "owner": "girlbossceo", - "ref": "v9.9.3", - "repo": "rocksdb", - "type": "github" - } - }, "root": { "inputs": { - "conduwuit": "conduwuit", - "crane": "crane_2", - "disko": "disko", - "flake-compat": "flake-compat_3", - "flake-parts": "flake-parts_3", - "flake-utils": "flake-utils", + "garage": "garage", "home-manager": "home-manager", "lanzaboote": "lanzaboote", - "lix": "lix", - "lix-module": "lix-module", "nil": "nil", - "niri": "niri", + "nix-index-database": "nix-index-database", "nix-ld": "nix-ld", - "nixpkgs": "nixpkgs_5", - "nixpkgs-stable": "nixpkgs-stable_4", - "nixvim": "nixvim", - "nvim-github-theme": "nvim-github-theme", - "plasma-manager": "plasma-manager", - "rust-overlay": "rust-overlay", + "nixpkgs": "nixpkgs", + "rust-overlay": "rust-overlay_4", "sops-nix": "sops-nix", - "treefmt": "treefmt", "vscode-extensions": "vscode-extensions" } }, - "rust-analyzer-src": { - "flake": false, + "rust-overlay": { + "inputs": { + "nixpkgs": [ + "garage", + "nixpkgs" + ] + }, "locked": { - "lastModified": 1737728869, - "narHash": "sha256-U4pl3Hi0lT6GP4ecN3q9wdD2sdaKMbmD/5NJ1NdJ9AM=", - "owner": "rust-lang", - "repo": "rust-analyzer", - "rev": "6e4c29f7ce18cea7d3d31237a4661ab932eab636", + "lastModified": 1738549608, + "narHash": "sha256-GdyT9QEUSx5k/n8kILuNy83vxxdyUfJ8jL5mMpQZWfw=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "35c6f8c4352f995ecd53896200769f80a3e8f22d", "type": "github" }, "original": { - "owner": "rust-lang", - "ref": "nightly", - "repo": "rust-analyzer", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "35c6f8c4352f995ecd53896200769f80a3e8f22d", "type": "github" } }, - "rust-overlay": { + "rust-overlay_2": { + "inputs": { + "nixpkgs": [ + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1741228283, + "narHash": "sha256-VzqI+k/eoijLQ5am6rDFDAtFAbw8nltXfLBC6SIEJAE=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "38e9826bc4296c9daf18bc1e6aa299f3e932a403", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "rust-overlay_3": { + "inputs": { + "nixpkgs": [ + "nil", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1741055476, + "narHash": "sha256-52vwEV0oS2lCnx3c/alOFGglujZTLmObit7K8VblnS8=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "aefb7017d710f150970299685e8d8b549d653649", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "rust-overlay_4": { "inputs": { "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1740277845, - "narHash": "sha256-NNU0CdiaSbAeZ8tpDG4aFi9qtcdlItRvk8Xns9oBrVU=", + "lastModified": 1745116541, + "narHash": "sha256-5xzA6dTfqCfTTDCo3ipPZzrg3wp01xmcr73y4cTNMP8=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "f933070c29f9c1c5457447a51903f27f76ebb519", + "rev": "e2142ef330a61c02f274ac9a9cb6f8487a5d0080", "type": "github" }, "original": { @@ -1333,11 +437,11 @@ ] }, "locked": { - "lastModified": 1739262228, - "narHash": "sha256-7JAGezJ0Dn5qIyA2+T4Dt/xQgAbhCglh6lzCekTVMeU=", + "lastModified": 1744669848, + "narHash": "sha256-pXyanHLUzLNd3MX9vsWG+6Z2hTU8niyphWstYEP3/GU=", "owner": "Mic92", "repo": "sops-nix", - "rev": "07af005bb7d60c7f118d9d9f5530485da5d1e975", + "rev": "61154300d945f0b147b30d24ddcafa159148026a", "type": "github" }, "original": { @@ -1376,44 +480,34 @@ "type": "github" } }, - "treefmt": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, + "systems_3": { "locked": { - "lastModified": 1739829690, - "narHash": "sha256-mL1szCeIsjh6Khn3nH2cYtwO5YXG6gBiTw1A30iGeDU=", - "owner": "numtide", - "repo": "treefmt-nix", - "rev": "3d0579f5cc93436052d94b73925b48973a104204", + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", "type": "github" }, "original": { - "owner": "numtide", - "repo": "treefmt-nix", + "owner": "nix-systems", + "repo": "default", "type": "github" } }, "vscode-extensions": { "inputs": { - "flake-compat": [ - "flake-compat" - ], - "flake-utils": [ - "flake-utils" - ], + "flake-utils": "flake-utils_3", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1740275623, - "narHash": "sha256-LQ9hq3hKwWqm+dzBhgsIkr2KO6Bb0aU+yO/TtI7hXXo=", + "lastModified": 1745114521, + "narHash": "sha256-P/TgmeavrpUiHCejjjsU2vOMB7cBIcHltGDSKKgi20E=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "35ff5dce04469e7b4e56a9d997e5201bfce52ae3", + "rev": "ff14820202442f847fd37862eb48a7cb254a19d3", "type": "github" }, "original": { @@ -1421,39 +515,6 @@ "repo": "nix-vscode-extensions", "type": "github" } - }, - "xwayland-satellite-stable": { - "flake": false, - "locked": { - "lastModified": 1730166465, - "narHash": "sha256-nq7bouXQXaaPPo/E+Jbq+wNHnatD4dY8OxSrRqzvy6s=", - "owner": "Supreeeme", - "repo": "xwayland-satellite", - "rev": "a713cf46cb7db84a0d1b57c3a397c610cad3cf98", - "type": "github" - }, - "original": { - "owner": "Supreeeme", - "ref": "v0.5", - "repo": "xwayland-satellite", - "type": "github" - } - }, - "xwayland-satellite-unstable": { - "flake": false, - "locked": { - "lastModified": 1739246919, - "narHash": "sha256-/hBM43/Gd0/tW+egrhlWgOIISeJxEs2uAOIYVpfDKeU=", - "owner": "Supreeeme", - "repo": "xwayland-satellite", - "rev": "44590a416d4a3e8220e19e29e0b6efe64a80315d", - "type": "github" - }, - "original": { - "owner": "Supreeeme", - "repo": "xwayland-satellite", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index ba2a9ed..0aea8eb 100644 --- a/flake.nix +++ b/flake.nix @@ -2,121 +2,36 @@ description = "cy's flake"; inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable-small"; - nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.11"; - sops-nix = { - url = "github:Mic92/sops-nix"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - home-manager = { - url = "github:nix-community/home-manager"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - treefmt = { - url = "github:numtide/treefmt-nix"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - disko = { - url = "github:nix-community/disko/latest"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - lanzaboote = { - url = "github:nix-community/lanzaboote/master"; - inputs.nixpkgs.follows = "nixpkgs"; - inputs.crane.follows = "crane"; - inputs.flake-compat.follows = "flake-compat"; - inputs.flake-parts.follows = "flake-parts"; - inputs.rust-overlay.follows = "rust-overlay"; - }; - nixvim = { - url = "github:nix-community/nixvim"; - inputs.nixpkgs.follows = "nixpkgs"; - inputs.flake-parts.follows = "flake-parts"; - inputs.flake-compat.follows = "flake-compat"; - inputs.home-manager.follows = "home-manager"; - inputs.treefmt-nix.follows = "treefmt"; - }; - flake-parts = { - url = "github:hercules-ci/flake-parts"; - inputs.nixpkgs-lib.follows = "nixpkgs"; - }; - niri = { - url = "github:sodiboo/niri-flake"; - inputs.nixpkgs.follows = "nixpkgs"; - inputs.nixpkgs-stable.follows = "nixpkgs"; - }; - rust-overlay = { - url = "github:oxalica/rust-overlay"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - conduwuit = { - url = "github:girlbossceo/conduwuit"; - inputs = { - nixpkgs.follows = "nixpkgs"; - crane.follows = "crane"; - flake-compat.follows = "flake-compat"; - flake-utils.follows = "flake-utils"; - }; - }; - lix-module = { - url = "git+https://git.lix.systems/lix-project/nixos-module"; - inputs.nixpkgs.follows = "nixpkgs"; - inputs.flake-utils.follows = "flake-utils"; - inputs.lix.follows = "lix"; - }; - lix = { - url = "git+https://git.lix.systems/lix-project/lix"; - inputs.nixpkgs.follows = "nixpkgs"; - inputs.flake-compat.follows = "flake-compat"; - }; - nix-ld = { - url = "github:nix-community/nix-ld"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - plasma-manager = { - url = "github:nix-community/plasma-manager"; - inputs.nixpkgs.follows = "nixpkgs"; - inputs.home-manager.follows = "home-manager"; - }; - nil = { - url = "github:oxalica/nil"; - inputs.nixpkgs.follows = "nixpkgs"; - inputs.rust-overlay.follows = "rust-overlay"; - inputs.flake-utils.follows = "flake-utils"; - }; - vscode-extensions = { - url = "github:nix-community/nix-vscode-extensions"; - inputs.nixpkgs.follows = "nixpkgs"; - inputs.flake-utils.follows = "flake-utils"; - inputs.flake-compat.follows = "flake-compat"; - }; - - nvim-github-theme = { - url = "github:projekt0n/github-nvim-theme"; - flake = false; - }; - - # deduplication - flake-utils.url = "github:numtide/flake-utils"; - crane.url = "github:ipetkov/crane"; - flake-compat.url = "github:edolstra/flake-compat"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + sops-nix.url = "github:Mic92/sops-nix"; + sops-nix.inputs.nixpkgs.follows = "nixpkgs"; + home-manager.url = "github:nix-community/home-manager"; + home-manager.inputs.nixpkgs.follows = "nixpkgs"; + lanzaboote.url = "github:nix-community/lanzaboote/master"; + lanzaboote.inputs.nixpkgs.follows = "nixpkgs"; + rust-overlay.url = "github:oxalica/rust-overlay"; + rust-overlay.inputs.nixpkgs.follows = "nixpkgs"; + nix-ld.url = "github:nix-community/nix-ld"; + nix-ld.inputs.nixpkgs.follows = "nixpkgs"; + nil.url = "github:oxalica/nil"; + nil.inputs.nixpkgs.follows = "nixpkgs"; + vscode-extensions.url = "github:nix-community/nix-vscode-extensions/"; + vscode-extensions.inputs.nixpkgs.follows = "nixpkgs"; + nix-index-database.url = "github:nix-community/nix-index-database"; + nix-index-database.inputs.nixpkgs.follows = "nixpkgs"; + garage.url = "github:deuxfleurs-org/garage"; + garage.inputs.nixpkgs.follows = "nixpkgs"; }; nixConfig = { extra-substituters = [ - "https://niri.cachix.org" "https://nix-community.cachix.org" - "https://cache.garnix.io" - "https://cything.cachix.org" - "https://aseipp-nix-cache.global.ssl.fastly.net" + "https://nixcache.cy7.sh" ]; extra-trusted-public-keys = [ - "niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" - "cything.cachix.org-1:xqW1W5NNL+wrM9wfSELb0MLj/harD2ZyB4HbdaMyvPI=" + "nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8=" ]; - builders-use-substitutes = true; }; outputs = @@ -124,112 +39,70 @@ self, nixpkgs, home-manager, - disko, - flake-parts, ... }@inputs: - flake-parts.lib.mkFlake { inherit inputs; } ( - { ... }: + let + pkgs = import nixpkgs { + config.allowUnfree = true; + system = "x86_64-linux"; + overlays = [ + inputs.rust-overlay.overlays.default + inputs.vscode-extensions.overlays.default + ] ++ (import ./overlay { inherit inputs; }); + }; + in { - imports = [ - inputs.treefmt.flakeModule - ]; - debug = true; - systems = [ - "x86_64-linux" - ]; - perSystem = + nixosConfigurations = + let + lib = nixpkgs.lib; + in { - inputs', - ... - }: - { - treefmt = { - projectRootFile = "flake.nix"; - programs.nixfmt.enable = true; - programs.stylua.enable = true; - programs.yamlfmt.enable = true; - programs.typos.enable = true; - programs.shellcheck.enable = true; - - settings.global.excludes = [ - "secrets/*" - "**/*.png" # tries to format a png file + ytnix = lib.nixosSystem { + specialArgs = { inherit inputs; }; + modules = [ + { + nixpkgs = { inherit pkgs; }; + } + ./hosts/ytnix + ./modules + inputs.sops-nix.nixosModules.sops + inputs.lanzaboote.nixosModules.lanzaboote + inputs.nix-ld.nixosModules.nix-ld + ]; + }; + chunk = lib.nixosSystem { + specialArgs = { inherit inputs; }; + modules = [ + { + nixpkgs = { inherit pkgs; }; + } + ./hosts/chunk + ./modules + inputs.sops-nix.nixosModules.sops ]; }; }; - - flake = + homeConfigurations = let - pkgs = import nixpkgs { - config.allowUnfree = true; - system = "x86_64-linux"; - overlays = [ - inputs.niri.overlays.niri - inputs.rust-overlay.overlays.default - inputs.vscode-extensions.overlays.default - ] ++ (import ./overlay { inherit inputs; }); - }; + lib = home-manager.lib; in { - nixosConfigurations = - let - lib = nixpkgs.lib; - in - { - ytnix = lib.nixosSystem { - specialArgs = { inherit inputs; }; - modules = [ - { - nixpkgs = { inherit pkgs; }; - } - ./hosts/ytnix - inputs.sops-nix.nixosModules.sops - ./modules - inputs.lanzaboote.nixosModules.lanzaboote - inputs.niri.nixosModules.niri - inputs.lix-module.nixosModules.default - inputs.nix-ld.nixosModules.nix-ld - ]; - }; - chunk = lib.nixosSystem { - specialArgs = { inherit inputs; }; - modules = [ - { - nixpkgs = { inherit pkgs; }; - } - ./hosts/chunk - inputs.sops-nix.nixosModules.sops - ./modules - ]; - }; - }; - homeConfigurations = - let - lib = home-manager.lib; - in - { - "yt@ytnix" = lib.homeManagerConfiguration { - inherit pkgs; - extraSpecialArgs = { inherit inputs; }; - modules = [ - ./home/yt/ytnix.nix - inputs.nixvim.homeManagerModules.nixvim - inputs.niri.homeModules.config - inputs.plasma-manager.homeManagerModules.plasma-manager - ]; - }; + "yt@ytnix" = lib.homeManagerConfiguration { + inherit pkgs; + extraSpecialArgs = { inherit inputs; }; + modules = [ + ./home/yt/ytnix.nix + inputs.nix-index-database.hmModules.nix-index + ]; + }; - "yt@chunk" = lib.homeManagerConfiguration { - inherit pkgs; - extraSpecialArgs = { inherit inputs; }; - modules = [ - ./home/yt/chunk.nix - inputs.nixvim.homeManagerModules.nixvim - ]; - }; - }; + "yt@chunk" = lib.homeManagerConfiguration { + inherit pkgs; + extraSpecialArgs = { inherit inputs; }; + modules = [ + ./home/yt/chunk.nix + ]; + }; }; - } - ); + }; } diff --git a/garnix.yaml b/garnix.yaml deleted file mode 100644 index c189664..0000000 --- a/garnix.yaml +++ /dev/null @@ -1,6 +0,0 @@ -builds: - include: - - 'nixosConfigurations.*' - - 'homeConfigurations.*' - - '*.aarch64-linux.*' - - '*.x86_64-linux.*' diff --git a/home/codium.nix b/home/codium.nix index f6c9a04..ba4e324 100644 --- a/home/codium.nix +++ b/home/codium.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ pkgs, lib, ... }: { programs.vscode = { enable = true; @@ -16,30 +16,239 @@ github.github-vscode-theme rust-lang.rust-analyzer shd101wyy.markdown-preview-enhanced - fwcd.kotlin + alefragnani.bookmarks + tomrijndorp.find-it-faster + streetsidesoftware.code-spell-checker + emilast.logfilehighlighter + tamasfe.even-better-toml + golang.go + ms-python.python ]; - userSettings = { - "workbench.colorTheme" = "GitHub Dark Default"; - "files.autoSave" = "afterDelay"; - "nix.enableLanguageServer" = true; - "nix.serverPath" = "nil"; - "editor.fontFamily" = "IBM Plex Mono"; - "editor.fontSize" = 16; - "editor.wordWrap" = "on"; + userSettings = + let + vimCommonKeyBindings = [ + # nice emacs bindings + { + "before" = [ "C-a" ]; + "commands" = [ "cursorHome" ]; + } + { + "before" = [ "C-e" ]; + "commands" = [ "cursorEnd" ]; + } + { + "before" = [ "C-b" ]; + "commands" = [ "cursorLeft" ]; + } + { + "before" = [ "C-f" ]; + "commands" = [ "cursorRight" ]; + } + # ctrl+h to turn off search highlighting + { + "before" = [ "C-h" ]; + "commands" = [ ":nohl" ]; + } + ]; + in + { + "workbench.colorTheme" = "GitHub Dark Default"; + "workbench.startupEditor" = "none"; + "workbench.enableExperiments" = false; + "files.autoSave" = "onFocusChange"; + "editor.fontFamily" = "IBM Plex Mono"; + "editor.fontSize" = 15; + "editor.minimap.enabled" = false; + "window.zoomLevel" = 0.5; + "security.promptForLocalFileProtocolHandling" = false; + "security.promptForRemoteFileProtocolHandling" = false; + "explorer.confirmDelete" = false; + "explorer.confirmDragAndDrop" = false; + "editor.acceptSuggestionOnEnter" = "off"; + "editor.acceptSuggestionOnCommitCharacter" = false; + "git.openRepositoryInParentFolders" = "never"; + "git.ignoreLimitWarning" = true; + "git.blame.editorDecoration.enabled" = true; + "extensions.ignoreRecommendations" = true; + "telemetry.enableTelemetry" = false; + "telemetry.telemetryLevel" = "off"; + "window.titleBarStyle" = "custom"; + "editor.formatOnSave" = true; - # vim mode settings - "vim.handleKeys" = { - "" = false; # file tree toggle + # terminal stuff + "terminal.integrated.cursorBlinking" = true; + "terminal.integrated.cursorStyle" = "line"; + "terminal.integrated.customGlyphs" = false; + "terminal.integrated.env.linux" = { + # https://github.com/tomrijndorp/vscode-finditfaster/issues/112#issuecomment-2475227546 + FZF_DEFAULT_OPTS = "--bind ctrl-n:down,ctrl-p:up"; + }; + # don't let the workbench handle terminal keys like ctrl+n and friends + "terminal.integrated.sendKeybindingsToShell" = true; + "terminal.integrated.allowChords" = false; + + "markdown-preview-enhanced.previewTheme" = "github-dark.css"; + "nix.enableLanguageServer" = true; + "nix.serverPath" = "${lib.getExe pkgs.nil}"; + "bookmarks.saveBookmarksInProject" = true; + + "cSpell.enabledFileTypes" = { + "markdown" = true; + "*" = false; + }; + + # vim stuff + "vim.leader" = ","; + "extensions.experimental.affinity" = { + "vscodevim.vim" = 1; + }; + "vim.sneak" = true; + "vim.sneakUseIgnorecaseAndSmartcase" = true; + "vim.enableNeovim" = true; + "vim.hlsearch" = true; + "vim.easymotion" = true; + "editor.lineNumbers" = "relative"; + "vim.normalModeKeyBindings" = vimCommonKeyBindings ++ [ + { + "before" = [ ";" ]; + "after" = [ ":" ]; + "silent" = true; + } + { + "before" = [ + "" + "m" + ]; + "commands" = [ "bookmarks.toggle" ]; + } + { + "before" = [ + "" + "l" + ]; + "commands" = [ "bookmarks.toggleLabeled" ]; + } + { + "before" = [ + "" + "b" + ]; + "commands" = [ "bookmarks.list" ]; + } + { + "before" = [ + "" + "s" + ]; + "commands" = [ "workbench.action.toggleSidebarVisibility" ]; + } + { + "before" = [ + "" + "s" + ]; + "commands" = [ "workbench.action.toggleSidebarVisibility" ]; + } + { + "before" = [ + "" + "f" + "f" + ]; + "commands" = [ "find-it-faster.findFiles" ]; + } + { + "before" = [ + "" + "f" + "g" + ]; + "commands" = [ "find-it-faster.findWithinFiles" ]; + } + { + "before" = [ + "" + "f" + "t" + ]; + "commands" = [ "find-it-faster.findWithinFilesWithType" ]; + } + # "gd" for definitions is by default + { + "before" = [ + "g" + "r" + ]; + "commands" = [ "editor.action.goToReferences" ]; + } + # the default is weird when you need to go back within a file + { + "before" = [ "C-o" ]; + "commands" = [ "workbench.action.navigateBack" ]; + } + { + "before" = [ "C-i" ]; + "commands" = [ "workbench.action.navigateForward" ]; + } + # insert line without leaving normal mode + { + "before" = [ + "" + "o" + ]; + "commands" = [ "editor.action.insertLineAfter" ]; + } + { + "before" = [ + "" + "O" + ]; + "commands" = [ "editor.action.insertLineBefore" ]; + } + ]; + "vim.insertModeKeyBindings" = vimCommonKeyBindings ++ [ + { + "before" = [ "C-k" ]; + "commands" = [ "acceptSelectedSuggestion" ]; + } + ]; + "vim.visualModeKeyBindings" = vimCommonKeyBindings ++ [ + { + "before" = [ ">" ]; + "commands" = [ "editor.action.indentLines" ]; + } + { + "before" = [ "<" ]; + "commands" = [ "editor.action.outdentLines" ]; + } + ]; }; - "vim.normalModeKeyBindings" = [ - { - "before" = [ ";" ]; - "after" = [ ":" ]; - "silent" = true; - } - ]; - "workbench.startupEditor" = "none"; - }; + keybindings = [ + # repeat these vim bindings here cause otherwise they get overridden by vscode + { + "key" = "ctrl+b"; + "when" = "inputFocus"; + "command" = "cursorLeft"; + } + { + "key" = "ctrl+f"; + "when" = "inputFocus"; + "command" = "cursorRight"; + } + # clear default bindings that conflict + { + "key" = "ctrl+f"; + "command" = "-actions.find"; + } + { + "key" = "ctrl+b"; + "command" = "-workbench.action.toggleSidebarVisibility"; + } + { + "key" = "ctrl+w"; + "command" = "-workbench.action.closeActiveEditor"; + } + ]; }; }; } diff --git a/home/fish.nix b/home/fish.nix deleted file mode 100644 index 3bb9d84..0000000 --- a/home/fish.nix +++ /dev/null @@ -1,80 +0,0 @@ -{ ... }: -{ - programs.fish = { - enable = true; - shellAliases = { - "vi" = "nvim"; - "vim" = "nvim"; - "t" = "tmux"; - "tl" = "tmux list-sessions"; - "ta" = "tmux new-session -A -s"; - "se" = "sudoedit"; - "s" = "sudo"; - "nrs" = "sudo nixos-rebuild switch --flake ."; - "nrt" = "sudo nixos-rebuild test --flake ."; - "hrs" = "home-manager switch --flake ."; - "g" = "git"; - "ga" = "git add"; - "gaa" = "git add --all"; - "gb" = "git branch"; - "gc" = "git commit --verbose"; - "gcmsg" = "git commit --message"; - "gd" = "git diff"; - "gdca" = "git diff --cached"; - "gds" = "git diff --staged"; - "gl" = "git log --stat"; - "glg" = "git log --graph"; - "glga" = "git log --graph --decorate --all"; - "glo" = "git log --oneline --decorate"; - "gp" = "git push"; - "gr" = "git remote"; - "gra" = "git remote add"; - "grv" = "git remote --verbose"; - "gs" = "git status --short"; - "gss" = "git status"; - }; - - shellInit = '' - set fish_greeting - ''; - - functions = { - fish_prompt = '' - set -l last_status $status - set -l normal (set_color normal) - set -l status_color (set_color brgreen) - set -l cwd_color (set_color $fish_color_cwd) - set -l vcs_color (set_color brpurple) - set -l prompt_status "" - - # Since we display the prompt on a new line allow the directory names to be longer. - set -q fish_prompt_pwd_dir_length - or set -lx fish_prompt_pwd_dir_length 0 - - # Color the prompt differently when we're root - set -l suffix '❯' - if functions -q fish_is_root_user; and fish_is_root_user - if set -q fish_color_cwd_root - set cwd_color (set_color $fish_color_cwd_root) - end - set suffix '#' - end - - # Color the prompt in red on error - if test $last_status -ne 0 - set status_color (set_color $fish_color_error) - set prompt_status $status_color "[" $last_status "]" $normal - end - - echo -s (prompt_login) ' ' $cwd_color (prompt_pwd) $vcs_color (fish_vcs_prompt) $normal ' ' $prompt_status - echo -n -s $status_color $suffix ' ' $normal - ''; - - }; - }; - - programs.fzf.enableFishIntegration = true; - programs.zoxide.enableFishIntegration = true; - programs.eza.enableFishIntegration = true; - programs.nix-index.enableFishIntegration = true; -} diff --git a/home/foot.nix b/home/foot.nix deleted file mode 100644 index ce7cb0c..0000000 --- a/home/foot.nix +++ /dev/null @@ -1,55 +0,0 @@ -{ ... }: -{ - programs.foot = { - enable = true; - settings = { - main = { - font = "IBM Plex Mono:size=8"; - dpi-aware = "yes"; - }; - bell = { - urgent = "no"; - notify = "no"; - visual = "no"; - }; - cursor = { - style = "beam"; - blink = "yes"; - blink-rate = 500; - beam-thickness = 1.5; - color = "161821 c6c8d1"; - }; - mouse = { - hide-when-typing = "yes"; - }; - colors = { - foreground = "c6c8d1"; - background = "161821"; - regular0 = "1e2132"; - regular1 = "e27878"; - regular2 = "b4be82"; - regular3 = "e2a478"; - regular4 = "84a0c6"; - regular5 = "a093c7"; - regular6 = "89b8c2"; - regular7 = "c6c8d1"; - bright0 = "6b7089"; - bright1 = "e98989"; - bright2 = "c0ca8e"; - bright3 = "e9b189"; - bright4 = "91acd1"; - bright5 = "ada0d3"; - bright6 = "95c4ce"; - bright7 = "d2d4de"; - selection-foreground = "161821"; - selection-background = "c6c8d1"; - }; - - key-bindings = { - clipboard-copy = "Control+Shift+c XF86Copy"; - clipboard-paste = "Control+Shift+v XF86Paste"; - quit = "Control+q"; - }; - }; - }; -} diff --git a/home/ghostty.nix b/home/ghostty.nix deleted file mode 100644 index 1c592f5..0000000 --- a/home/ghostty.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ ... }: -{ - programs.ghostty = { - enable = true; - enableZshIntegration = true; - clearDefaultKeybinds = true; - settings = { - theme = "iceberg-dark"; - font-family = "IBM Plex Mono"; - font-size = "12"; - window-decoration = false; - confirm-close-surface = false; - keybind = [ - "ctrl+q=quit" - "ctrl+shift+c=copy_to_clipboard" - "ctrl+shift+v=paste_from_clipboard" - ]; - }; - }; -} diff --git a/home/kitty.nix b/home/kitty.nix index da676cb..a6ddf37 100644 --- a/home/kitty.nix +++ b/home/kitty.nix @@ -7,7 +7,6 @@ package = pkgs.ibm-plex; size = 12; }; - themeFile = "GitHub_Dark"; settings = { enable_audio_bell = true; # how many windows should be open before kitty asks @@ -17,10 +16,11 @@ # will probably lower this later but the max allowed is actually 4GB # this is NOT stored in memory and can only be viewed with scrollback_pager - "scrollback_pager_history_size" = "1024"; + "scrollback_pager_history_size" = "10"; # in MB # see https://github.com/sharkdp/bat/issues/1077#issuecomment-652785399 "scrollback_pager" = "bat --pager='less -FR +G'"; - "scrollback_lines" = 20000; + # "scrollback_lines" = 20000; + wheel_scroll_multiplier = 50; }; keybindings = { # kitty_mod is ctrl+shift by default @@ -47,24 +47,38 @@ "ctrl+alt+s" = "goto_layout stack"; "kitty_mod+enter" = "new_window_with_cwd"; "kitty_mod+r" = "resize_window"; + # this closes the *current* window, not the *OS* window + # https://sw.kovidgoyal.net/kitty/overview/#tabs-and-windows + "kitty_mod+w" = "close_window"; # tabs "kitty_mod+n" = "next_tab"; "kitty_mod+p" = "previous_tab"; "kitty_mod+alt+n" = "move_tab_forward"; "kitty_mod+alt+p" = "move_tab_backward"; - "kitty_mod+w" = "close_tab"; + "kitty_mod+q" = "close_tab"; "kitty_mod+t" = "new_tab_with_cwd"; - "ctrl+f2" = "detach_tab"; # hints # > basically means the preceding key is a prefix (think tmux) "kitty_mod+o>o" = "open_url_with_hints"; - "kitty_mod+o>p" = "kitten hints --type path --program -"; - "kitty_mod+o>n" = "kitten hints --type line --program -"; - "kitty_mod+o>w" = "kitten hints --type word --program -"; - "kitty_mod+o>h" = "kitten hints --type hash --program -"; + # `--program @` means copy to clipboard + "kitty_mod+o>u" = "kitten hints --type url --program @"; + "kitty_mod+o>p" = "kitten hints --type path --program @"; + "kitty_mod+o>n" = "kitten hints --type line --program @"; + "kitty_mod+o>w" = "kitten hints --type word --program @"; + "kitty_mod+o>h" = "kitten hints --type hash --program @"; "kitty_mod+o>l" = "kitten hints --type linenum"; + + # scrolling + "kitty_mod+u" = "scroll_page_up"; + "kitty_mod+d" = "scroll_page_down"; + "kitty_mod+a" = "scroll_home"; + "kitty_mod+e" = "scroll_end"; + "kitty_mod+z" = "scroll_to_prompt -1"; # scroll to previous shell prompt + "kitty_mod+x" = "scroll_to_prompt 1"; # scroll to next shell prompt + "kitty_mod+y" = "show_scrollback"; # browse scrollback buffer in pager + "kitty_mod+g" = "show_last_command_output"; # browse output of last command in pager }; }; diff --git a/home/niri/default.nix b/home/niri/default.nix deleted file mode 100644 index f1c8172..0000000 --- a/home/niri/default.nix +++ /dev/null @@ -1,210 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: -let - wallpaper = "${./nixos-c-book.png}"; - terminal = "kitty"; - menu = [ - "fuzzel" - "-w" - "100" - ]; - browser = "librewolf"; - file-manager = "thunar"; - clipboard = "cliphist list | ${lib.concatStringsSep " " menu} --dmenu | cliphist decode | wl-copy"; -in -{ - programs.niri.settings = { - prefer-no-csd = true; - input.keyboard.xkb.options = "ctrl:nocaps"; - spawn-at-startup = [ - { command = [ "${lib.getExe pkgs.waybar}" ]; } - { - command = [ - "${lib.getExe pkgs.swaybg}" - "-m" - "fill" - "-i" - wallpaper - ]; - } - { command = [ "${lib.getExe pkgs.xwayland-satellite}" ]; } - { - command = [ - "wl-paste" - "--watch" - "cliphist" - "store" - ]; - } - ]; - hotkey-overlay.skip-at-startup = true; - - input = { - touchpad = { - tap = true; - dwt = true; - natural-scroll = true; - click-method = "clickfinger"; - }; - warp-mouse-to-focus = false; - focus-follows-mouse.enable = false; - }; - - environment = { - DISPLAY = ":0"; # for xwayland-satellite - ANKI_WAYLAND = "1"; - }; - - layout = { - gaps = 0; - focus-ring = { - width = 4; - active.color = "#4c7899"; - inactive.color = "#333333"; - }; - always-center-single-column = true; - border.enable = false; - }; - - window-rules = [ - { - matches = [ - { app-id = "mpv"; } - { app-id = "Bitwarden"; } - { - app-id = "ghidra-Ghidra"; - # pop-up windows - title = "^win(.*)"; - } - ]; - open-floating = true; - } - { - matches = [ - { - app-id = "anki"; - title = "Add"; - } - ]; - default-column-width.proportion = .25; - } - { - matches = [ - { app-id = "foot"; } - { - app-id = "anki"; - title = "^Browse"; - } - { app-id = "com.mitchellh.ghostt"; } - { app-id = "org.kde.okular"; } - { app-id = "kitty"; } - { app-id = "VSCodium"; } - ]; - default-column-width.proportion = .5; - } - { - matches = [ { app-id = "librewolf"; } ]; - default-column-width.proportion = .75; - } - ]; - }; - - programs.niri.settings.binds = - with config.lib.niri.actions; - let - sh = spawn "sh" "-c"; - in - { - "Mod+Return".action = spawn terminal; - "Mod+D".action = spawn menu; - - "Mod+Shift+E".action = quit; - "Mod+Equal".action = set-column-width "+10%"; - "Mod+Minus".action = set-column-width "-10%"; - "Mod+Shift+Equal".action = set-window-height "+10%"; - "Mod+Shift+Minus".action = set-window-height "-10%"; - "Super+Alt+L".action = spawn "swaylock"; - "Mod+Ctrl+Q".action = close-window; - "Mod+H".action = focus-column-left; - "Mod+L".action = focus-column-right; - "Mod+K".action = focus-window-up; - "Mod+J".action = focus-window-down; - "Mod+Shift+H".action = move-column-left; - "Mod+Shift+L".action = move-column-right; - "Mod+Shift+K".action = move-window-up; - "Mod+Shift+J".action = move-window-down; - "Mod+U".action = focus-workspace-up; - "Mod+I".action = focus-workspace-down; - "Mod+Shift+U".action = move-window-to-workspace-up; - "Mod+Shift+I".action = move-window-to-workspace-down; - "Mod+W".action = maximize-column; - "Mod+E".action = set-column-width "50%"; - "Mod+R".action = set-column-width "75%"; - "Mod+Q".action = set-column-width "25%"; - "Mod+C".action = center-column; - "Mod+Shift+Space".action = toggle-window-floating; - "Mod+Space".action = switch-focus-between-floating-and-tiling; - "Print".action = screenshot; - "Alt+Print".action = screenshot-window; - "Ctrl+Print".action = screenshot-screen; - # "Mod+R".action = switch-preset-column-width; - "Mod+Shift+R".action = switch-preset-window-height; - "Mod+Ctrl+R".action = reset-window-height; - "Mod+F".action = fullscreen-window; - "Mod+WheelScrollDown" = { - cooldown-ms = 150; - action = focus-column-right; - }; - "Mod+WheelScrollUp" = { - cooldown-ms = 150; - action = focus-column-left; - }; - "Mod+Shift+WheelScrollDown" = { - cooldown-ms = 150; - action = focus-workspace-down; - }; - "Mod+Shift+WheelScrollUp" = { - cooldown-ms = 150; - action = focus-workspace-up; - }; - - "XF86AudioRaiseVolume".action = sh "wpctl set-volume @DEFAULT_AUDIO_SINK@ 1%+"; - "XF86AudioLowerVolume".action = sh "wpctl set-volume @DEFAULT_AUDIO_SINK@ 1%-"; - "XF86AudioMute".action = sh "wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle"; - "XF86MonBrightnessUp".action = sh "brightnessctl set 1%+"; - "XF86MonBrightnessDown".action = sh "brightnessctl set 1%-"; - - "Mod+1".action = focus-workspace 1; - "Mod+2".action = focus-workspace 2; - "Mod+3".action = focus-workspace 3; - "Mod+4".action = focus-workspace 4; - "Mod+5".action = focus-workspace 5; - "Mod+6".action = focus-workspace 6; - "Mod+7".action = focus-workspace 7; - "Mod+8".action = focus-workspace 8; - "Mod+9".action = focus-workspace 9; - "Mod+Shift+1".action = move-column-to-workspace 1; - "Mod+Shift+2".action = move-column-to-workspace 2; - "Mod+Shift+3".action = move-column-to-workspace 3; - "Mod+Shift+4".action = move-column-to-workspace 4; - "Mod+Shift+5".action = move-column-to-workspace 5; - "Mod+Shift+6".action = move-column-to-workspace 6; - "Mod+Shift+7".action = move-column-to-workspace 7; - "Mod+Shift+8".action = move-column-to-workspace 8; - "Mod+Shift+9".action = move-column-to-workspace 9; - - "Mod+Alt+B".action = spawn browser; - "Mod+Alt+A".action = spawn "anki"; - "Mod+Alt+F".action = spawn file-manager; - "Mod+Alt+E".action = spawn "evolution"; - "Mod+P".action = spawn "bitwarden"; - "Mod+Comma".action = sh clipboard; - - "MouseForward".action = spawn "sh" "${./scripts/remote.sh}" "btn1"; - "MouseBack".action = spawn "sh" "${./scripts/remote.sh}"; - }; -} diff --git a/home/niri/nixos-c-book.png b/home/niri/nixos-c-book.png deleted file mode 100644 index 96abf8f..0000000 Binary files a/home/niri/nixos-c-book.png and /dev/null differ diff --git a/home/niri/scripts/remote.sh b/home/niri/scripts/remote.sh deleted file mode 100755 index 0ef7c0d..0000000 --- a/home/niri/scripts/remote.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/usr/bin/env bash - -active_window=$(niri msg --json focused-window |jq -r .app_id) - -if [ "$1" = "btn1" ]; then - if [ "$active_window" = "anki" ]; then - wtype " " - elif [ "$active_window" = "kitty" ]; then - wtype -M ctrl -M shift -k c -m ctrl -m shift - elif [ "$active_window" = "chromium-browser" ] || [ "$active_window" = "librewolf" ]; then - wtype -M alt -P right -p right -m alt - else - wtype -M ctrl -k c -m ctrl - fi -else - if [ "$active_window" = "anki" ]; then - wtype "1" - elif [ "$active_window" = "kitty" ]; then - wtype -M ctrl -M shift -k v -m ctrl - elif [ "$active_window" = "chromium-browser" ] || [ "$active_window" = "librewolf" ]; then - wtype -M alt -P left -p left -m alt - else - wtype -M ctrl -k v -m ctrl - fi -fi diff --git a/home/nixvim/default.nix b/home/nixvim/default.nix deleted file mode 100644 index 94895c1..0000000 --- a/home/nixvim/default.nix +++ /dev/null @@ -1,256 +0,0 @@ -{ pkgs, inputs, ... }: -{ - programs.nixvim = { - enable = true; - plugins.lualine.enable = true; - opts = { - number = true; - relativenumber = true; - expandtab = true; - autoindent = true; - shiftwidth = 2; - smartindent = true; - tabstop = 2; - ignorecase = true; - incsearch = true; - smartcase = true; - }; - colorscheme = "github_dark_tritanopia"; - clipboard.register = "unnamed"; - - globals = { - mapleader = ","; - }; - - extraPlugins = [ - (pkgs.vimUtils.buildVimPlugin { - name = "github-theme"; - src = inputs.nvim-github-theme; - }) - ]; - - keymaps = [ - { - action = "Neotree toggle"; - key = "s"; - mode = "n"; - options.silent = true; - } - { - # shortcut to command mode - action = ":"; - key = ";"; - mode = [ - "n" - "x" - ]; - options.silent = true; - } - { - # insert line below without moving cursor - action = "printf('m`%so``', v:count1)"; - key = "o"; - options.expr = true; - mode = "n"; - } - { - # insert line above without moving cursor - action = "printf('m`%sO``', v:count1)"; - key = "O"; - options.expr = true; - mode = "n"; - } - # nice emacs bindings - { - action = ""; - key = ""; - mode = "i"; - } - { - action = ""; - key = ""; - mode = "i"; - } - # quick chat with copilot - { - key = "ccq"; - action.__raw = '' - function() - local input = vim.fn.input("Quick chat: ") - if input ~= "" then - require("CopilotChat").ask(input, { selection = require("CopilotChat.select").buffer }) - end - end - ''; - mode = [ - "n" - "v" - ]; - } - # ask perplexity a quick question - { - key = "ccs"; - action.__raw = '' - function() - local input = vim.fn.input("Perplexity: ") - if input ~= "" then - require("CopilotChat").ask(input, { - agent = "perplexityai", - selection = false, - }) - end - end - ''; - mode = [ - "n" - "v" - ]; - } - ]; - - plugins.cmp = { - enable = true; - settings = { - formatting.fields = [ - "abbr" - "kind" - "menu" - ]; - experimental = { - ghost_text = true; - }; - snippet.expand = '' - function(args) require('luasnip').lsp_expand(args.body) end - ''; - sources = [ - { name = "nvim_lsp"; } - { name = "emoji"; } - { name = "luasnip"; } - { name = "buffer"; } - { name = "path"; } - ]; - mapping = { - "" = "cmp.mapping.abort()"; - "" = "cmp.mapping.select_next_item()"; - "" = "cmp.mapping.select_prev_item()"; - "" = "cmp.mapping.scroll_docs(-4)"; - "" = "cmp.mapping.scroll_docs(4)"; - "" = '' - cmp.mapping(function(fallback) - if cmp.visible() then - if require("luasnip").expandable() then - require("luasnip").expand() - else - cmp.confirm({ - select = true, - }) - end - else - fallback() - end - end) - ''; - # plain tab conflicts with i try to indent - "" = '' - cmp.mapping(function(fallback) - if require("luasnip").jumpable(1) then - require("luasnip").jump(1) - else - fallback() - end - end,{"i","s"}) - ''; - "" = '' - cmp.mapping(function(fallback) - if require("luasnip").jumpable(-1) then - require("luasnip").jump(-1) - else - fallback() - end - end,{"i","s"}) - ''; - }; - }; - }; - - plugins.lsp = { - enable = true; - keymaps.lspBuf = { - "K" = "hover"; - "gd" = "definition"; - "gD" = "references"; - # "gt" = "type_definition"; # conflicts with switch tab - "gI" = "type_definition"; - "gi" = "implementation"; - }; - servers = { - bashls.enable = true; - lua_ls.enable = true; - nil_ls = { - enable = true; - settings = { - formatting.command = [ - "nix" - "fmt" - ]; - nix.flake.autoArchive = true; - }; - }; - rust_analyzer = { - enable = true; - installRustc = true; - installCargo = true; - }; - eslint.enable = true; - }; - }; - plugins.treesitter = { - enable = true; - nixGrammars = true; - settings = { - indent.enable = true; - auto_install = true; - highlight.enable = true; - }; - }; - plugins.fzf-lua = { - enable = true; - profile = "fzf-native"; - keymaps = { - "ff" = "files"; - "fg" = "live_grep"; - }; - }; - - plugins.neo-tree = { - enable = true; - buffers.followCurrentFile.enabled = true; - window.width = 30; - }; - - plugins.gitsigns = { - enable = true; - settings.current_line_blame = true; - }; - - plugins.copilot-chat = { - enable = true; - settings = { - model = "claude-3.5-sonnet"; - }; - }; - - plugins.cmp-buffer.enable = true; - plugins.cmp-emoji.enable = true; - plugins.cmp-nvim-lsp.enable = true; - plugins.cmp-path.enable = true; - plugins.cmp_luasnip.enable = true; - plugins.luasnip.enable = true; - plugins.nvim-autopairs.enable = true; - plugins.rainbow-delimiters.enable = true; - plugins.web-devicons.enable = true; - plugins.auto-save.enable = true; - plugins.indent-blankline.enable = true; - plugins.undotree.enable = true; - }; -} diff --git a/home/rofi/config.rasi b/home/rofi/config.rasi deleted file mode 100644 index ae76aeb..0000000 --- a/home/rofi/config.rasi +++ /dev/null @@ -1,156 +0,0 @@ -configuration { - modes: "drun,run,emoji:rofimoji,clipboard:/home/yt/.config/rofi/scripts/cliphist.sh"; - font: "hack 12"; -/* location: 0;*/ -/* yoffset: 0;*/ -/* xoffset: 0;*/ -/* fixed-num-lines: true;*/ - show-icons: true; - terminal: "kitty"; -/* ssh-client: "ssh";*/ -/* ssh-command: "{terminal} -e {ssh-client} {host} [-p {port}]";*/ -/* run-command: "{cmd}";*/ -/* run-list-command: "";*/ -/* run-shell-command: "{terminal} -e {cmd}";*/ -/* window-command: "wmctrl -i -R {window}";*/ -/* window-match-fields: "all";*/ - icon-theme: "Papirus"; -/* drun-match-fields: "name,generic,exec,categories,keywords";*/ -/* drun-categories: ;*/ -/* drun-show-actions: false;*/ -/* drun-display-format: "{name} [({generic})]";*/ -/* drun-url-launcher: "xdg-open";*/ -/* disable-history: false;*/ -/* ignored-prefixes: "";*/ -/* sort: false;*/ -/* sorting-method: "normal";*/ -/* case-sensitive: false;*/ -/* cycle: true;*/ -/* sidebar-mode: false;*/ -/* hover-select: false;*/ -/* eh: 1;*/ -/* auto-select: false;*/ -/* parse-hosts: false;*/ -/* parse-known-hosts: true;*/ - combi-modes: "window,run,calc,filebrowser"; -/* matching: "normal";*/ -/* tokenize: true;*/ -/* m: "-5";*/ -/* filter: ;*/ -/* dpi: -1;*/ -/* threads: 0;*/ -/* scroll-method: 0;*/ -/* window-format: "{w} {c} {t}";*/ -/* click-to-exit: true;*/ -/* global-kb: false;*/ -/* max-history-size: 25;*/ -/* combi-hide-mode-prefix: false;*/ -/* combi-display-format: "{mode} {text}";*/ -/* matching-negate-char: '-' /* unsupported */;*/ -/* cache-dir: ;*/ -/* window-thumbnail: false;*/ -/* drun-use-desktop-cache: false;*/ -/* drun-reload-desktop-cache: false;*/ -/* normalize-match: false;*/ -/* steal-focus: false;*/ -/* application-fallback-icon: ;*/ -/* refilter-timeout-limit: 300;*/ -/* xserver-i300-workaround: false;*/ -/* completer-mode: "recursivebrowser";*/ -/* pid: "/run/user/1000/rofi.pid";*/ -/* display-window: ;*/ -/* display-run: ;*/ -/* display-ssh: ;*/ -/* display-drun: ;*/ -/* display-combi: ;*/ -/* display-keys: ;*/ -/* display-filebrowser: ;*/ -/* display-recursivebrowser: ;*/ -/* kb-primary-paste: "Control+V,Shift+Insert";*/ -/* kb-secondary-paste: "Control+v,Insert";*/ -/* kb-secondary-copy: "Control+c";*/ -/* kb-clear-line: "Control+w";*/ -/* kb-move-front: "Control+a";*/ -/* kb-move-end: "Control+e";*/ -/* kb-move-word-back: "Alt+b,Control+Left";*/ -/* kb-move-word-forward: "Alt+f,Control+Right";*/ -/* kb-move-char-back: "Left,Control+b";*/ -/* kb-move-char-forward: "Right,Control+f";*/ -/* kb-remove-word-back: "Control+Alt+h,Control+BackSpace";*/ -/* kb-remove-word-forward: "Control+Alt+d";*/ -/* kb-remove-char-forward: "Delete,Control+d";*/ -/* kb-remove-char-back: "BackSpace,Shift+BackSpace,Control+h";*/ -/* kb-remove-to-eol: "Control+k";*/ -/* kb-remove-to-sol: "Control+u";*/ -/* kb-accept-entry: "Control+j,Control+m,Return,KP_Enter";*/ -/* kb-accept-custom: "Control+Return";*/ -/* kb-accept-custom-alt: "Control+Shift+Return";*/ -/* kb-accept-alt: "Shift+Return";*/ -/* kb-delete-entry: "Shift+Delete";*/ -/* kb-mode-next: "Shift+Right,Control+Tab";*/ -/* kb-mode-previous: "Shift+Left,Control+ISO_Left_Tab";*/ -/* kb-mode-complete: "Control+l";*/ -/* kb-row-left: "Control+Page_Up";*/ -/* kb-row-right: "Control+Page_Down";*/ -/* kb-row-up: "Up,Control+p";*/ -/* kb-row-down: "Down,Control+n";*/ -/* kb-row-tab: "";*/ -/* kb-element-next: "Tab";*/ -/* kb-element-prev: "ISO_Left_Tab";*/ -/* kb-page-prev: "Page_Up";*/ -/* kb-page-next: "Page_Down";*/ -/* kb-row-first: "Home,KP_Home";*/ -/* kb-row-last: "End,KP_End";*/ -/* kb-row-select: "Control+space";*/ -/* kb-screenshot: "Alt+S";*/ -/* kb-ellipsize: "Alt+period";*/ -/* kb-toggle-case-sensitivity: "grave,dead_grave";*/ -/* kb-toggle-sort: "Alt+grave";*/ -/* kb-cancel: "Escape,Control+g,Control+bracketleft";*/ -/* kb-custom-1: "Alt+1";*/ -/* kb-custom-2: "Alt+2";*/ -/* kb-custom-3: "Alt+3";*/ -/* kb-custom-4: "Alt+4";*/ -/* kb-custom-5: "Alt+5";*/ -/* kb-custom-6: "Alt+6";*/ -/* kb-custom-7: "Alt+7";*/ -/* kb-custom-8: "Alt+8";*/ -/* kb-custom-9: "Alt+9";*/ -/* kb-custom-10: "Alt+0";*/ -/* kb-custom-11: "Alt+exclam";*/ -/* kb-custom-12: "Alt+at";*/ -/* kb-custom-13: "Alt+numbersign";*/ -/* kb-custom-14: "Alt+dollar";*/ -/* kb-custom-15: "Alt+percent";*/ -/* kb-custom-16: "Alt+dead_circumflex";*/ -/* kb-custom-17: "Alt+ampersand";*/ -/* kb-custom-18: "Alt+asterisk";*/ -/* kb-custom-19: "Alt+parenleft";*/ -/* kb-select-1: "Super+1";*/ -/* kb-select-2: "Super+2";*/ -/* kb-select-3: "Super+3";*/ -/* kb-select-4: "Super+4";*/ -/* kb-select-5: "Super+5";*/ -/* kb-select-6: "Super+6";*/ -/* kb-select-7: "Super+7";*/ -/* kb-select-8: "Super+8";*/ -/* kb-select-9: "Super+9";*/ -/* kb-select-10: "Super+0";*/ -/* kb-entry-history-up: "Control+Up";*/ -/* kb-entry-history-down: "Control+Down";*/ -/* ml-row-left: "ScrollLeft";*/ -/* ml-row-right: "ScrollRight";*/ -/* ml-row-up: "ScrollUp";*/ -/* ml-row-down: "ScrollDown";*/ -/* me-select-entry: "MousePrimary";*/ -/* me-accept-entry: "MouseDPrimary";*/ -/* me-accept-custom: "Control+MouseDPrimary";*/ - timeout { - action: "kb-cancel"; - delay: 0; - } - filebrowser { - directories-first: true; - sorting-method: "name"; - } -} diff --git a/home/rofi/scripts/cliphist.sh b/home/rofi/scripts/cliphist.sh deleted file mode 100755 index d11fadf..0000000 --- a/home/rofi/scripts/cliphist.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/usr/bin/env bash - -tmp_dir="/tmp/cliphist" -rm -rf "$tmp_dir" - -if [[ -n "$1" ]]; then - cliphist decode <<<"$1" | wl-copy - exit -fi - -mkdir -p "$tmp_dir" - -read -r -d '' prog <$tmp_dir/"grp[1]"."grp[3]) - print \$0"\0icon\x1f$tmp_dir/"grp[1]"."grp[3] - next -} -1 -EOF -cliphist list | gawk "$prog" diff --git a/home/sway/config b/home/sway/config deleted file mode 100644 index 1005b61..0000000 --- a/home/sway/config +++ /dev/null @@ -1,156 +0,0 @@ -set $mod Mod4 -set $alt Mod1 -set $left h -set $down j -set $up k -set $right l - -set $term $HOME/.config/sway/scripts/terminal.sh -set $menu rofi -show run -set $screenshot grim -g "$(slurp)" - | wl-copy -set $browser librewolf -set $clipboard rofi -show clipboard -show-icons -set $emoji rofi -show emoji - -set $font_family DejaVu Sans Mono -set $font_size 11 -set $bg #000000 -set $fg #ffffff -set $fgi #888888 - -set $wallpaper $HOME/wallpapers/nixos-c-book-large.png -set $lock swaylock -f -i $wallpaper -output * bg $wallpaper fill - -floating_modifier $mod normal -default_border pixel -smart_borders on -focus_follows_mouse always -# mouse_warping container - -bindsym $mod+Return exec $term -bindsym $mod+Ctrl+q kill -bindsym $mod+d exec $menu -bindsym $mod+Shift+c reload -bindsym $mod+Shift+e exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -B 'Yes, exit sway' 'swaymsg exit' -bindsym Print exec $screenshot -bindsym $mod+comma exec $clipboard -bindsym $mod+period exec $emoji - -bindsym $mod+$alt+b exec $browser -bindsym $mod+$alt+a exec anki -bindsym $mod+$alt+f exec thunar -bindsym $mod+$alt+e exec evolution -bindsym $mod+p exec bitwarden -bindsym $mod+$alt+m exec element-desktop - -bindsym $mod+$left focus left -bindsym $mod+$down focus down -bindsym $mod+$up focus up -bindsym $mod+$right focus right - -bindsym $mod+Shift+$left move left -bindsym $mod+Shift+$down move down -bindsym $mod+Shift+$up move up -bindsym $mod+Shift+$right move right - -bindsym $mod+1 workspace number 1 -bindsym $mod+2 workspace number 2 -bindsym $mod+3 workspace number 3 -bindsym $mod+4 workspace number 4 -bindsym $mod+5 workspace number 5 -bindsym $mod+6 workspace number 6 -bindsym $mod+7 workspace number 7 -bindsym $mod+8 workspace number 8 -bindsym $mod+9 workspace number 9 -bindsym $mod+0 workspace number 10 - -bindsym $mod+Shift+1 move container to workspace number 1 -bindsym $mod+Shift+2 move container to workspace number 2 -bindsym $mod+Shift+3 move container to workspace number 3 -bindsym $mod+Shift+4 move container to workspace number 4 -bindsym $mod+Shift+5 move container to workspace number 5 -bindsym $mod+Shift+6 move container to workspace number 6 -bindsym $mod+Shift+7 move container to workspace number 7 -bindsym $mod+Shift+8 move container to workspace number 8 -bindsym $mod+Shift+9 move container to workspace number 9 -bindsym $mod+Shift+0 move container to workspace number 10 - -# mouse side buttons -bindsym --whole-window BTN_EXTRA exec ~/.config/sway/scripts/remote.sh btn1 -bindsym --whole-window BTN_SIDE exec ~/.config/sway/scripts/remote.sh - -bindsym $mod+b splith -bindsym $mod+v splitv - -bindsym $mod+s layout stacking -bindsym $mod+w layout tabbed -bindsym $mod+e layout toggle split - -bindsym $mod+f fullscreen - -bindsym $mod+Shift+space floating toggle - -bindsym $mod+space focus mode_toggle - -bindsym $mod+a focus parent -bindsym $mod+Shift+a focus child - -bindsym $mod+Shift+minus move scratchpad -bindsym $mod+minus scratchpad show - -mode "resize" { - bindsym $left resize shrink width 10px - bindsym $down resize grow height 10px - bindsym $up resize shrink height 10px - bindsym $right resize grow width 10px - bindsym Return mode "default" - bindsym Escape mode "default" -} -bindsym $mod+r mode "resize" - -# keys to adjust volue and brightness -bindsym --locked XF86AudioMute exec "amixer -q sset Master,0 toggle" -bindsym --locked XF86AudioLowerVolume exec "amixer -q set Master 1%-" -bindsym --locked XF86AudioRaiseVolume exec "amixer -q sset Master 1%+" -bindsym --locked XF86MonBrightnessDown exec brightnessctl set 1%- -bindsym --locked XF86MonBrightnessUp exec brightnessctl set 1%+ - -# lockscreen -bindsym $mod+Control+l exec $lock - -font pango:$font_family $font_size - -for_window [app_id=mpv] inhibit_idle visible, floating enable, sticky enable -for_window [app_id="LibreWolf" title="^Extension"] floating enable -for_window [floating] border csd -for_window [app_id="Bitwarden"] floating enable -for_window [app_id=anki title="Add"] floating enable - -bar { - swaybar_command waybar -} - -input "type:touchpad" { - dwt enabled - tap enabled - natural_scroll enabled -} - -input "type:keyboard" { - xkb_layout us - xkb_options ctrl:nocaps - xkb_numlock enabled -} - -exec wl-paste --watch cliphist store -exec mako >> $HOME/mako.log 2>&1 -exec dbus-update-activation-environment --all - -exec swayidle -w \ - timeout 300 'swaymsg "output * power off"' \ - timeout 305 $lock \ - resume 'swaymsg "output * power on"' \ - before-sleep 'playerctl pause; swaylock -f' - -exec system-dnotify --ready diff --git a/home/sway/scripts/remote.sh b/home/sway/scripts/remote.sh deleted file mode 100755 index 741c26d..0000000 --- a/home/sway/scripts/remote.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -active_window=$(swaymsg -t get_tree |jq -r '..|try select(.focused == true) |.app_id') - -if [ "$1" = "btn1" ]; then - if [ "$active_window" = "anki" ]; then - wtype " " - elif [ "$active_window" = "foot" ]; then - wtype -M ctrl -M shift -k c -m ctrl -m shift - elif [ "$active_window" = "chromium-browser" ] || [ "$active_window" = "librewolf" ]; then - wtype -M alt -P right -p right -m alt - else - wtype -M ctrl -k c -m ctrl - fi -else - if [ "$active_window" = "anki" ]; then - wtype "1" - elif [ "$active_window" = "foot" ]; then - wtype -M ctrl -M shift -k v - wtype -m ctrl - elif [ "$active_window" = "chromium-browser" ] || [ "$active_window" = "librewolf" ]; then - wtype -M alt -P left -p left -m alt - else - wtype -M ctrl -k v - wtype -m ctrl - fi -fi diff --git a/home/sway/scripts/terminal.sh b/home/sway/scripts/terminal.sh deleted file mode 100755 index 42653c6..0000000 --- a/home/sway/scripts/terminal.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/usr/bin/env bash - -focused_workspace=$(swaymsg -t get_workspaces | jq '.[] | select(.focused == true) | .num') - -foot_window_count=$(swaymsg -t get_tree | jq --argjson workspace "$focused_workspace" '[recurse(.nodes[]?) | select(.type == "workspace" and .num == $workspace) | recurse(.nodes[]?) | select(.app_id == "foot")] | length') - -next_session=$((focused_workspace * 10)) - -if [ "$foot_window_count" -gt 0 ] -then - next_session=$((next_session + foot_window_count)) -fi - -foot tmux new-session -A -s ${next_session} diff --git a/home/waybar/config b/home/waybar/config deleted file mode 100644 index 6038a44..0000000 --- a/home/waybar/config +++ /dev/null @@ -1,81 +0,0 @@ -{ - "layer": "top", // Waybar on highest layer so tooltips go over windows - "output": "eDP-1", // Set output to primary monitor - "height": 40, // Set height to avoid jumping due to active workspace indicator - - "margin-left": 0, - "margin-right": 0, - "margin-top": 0, - "modules-left": ["niri/workspaces", "clock#time", "clock#date", "battery"], // Sets modules for the left of the bar - "modules-center": ["niri/window"], // Set modules for the center of the bar - "modules-right": ["tray", "temperature", "cpu", "memory", "wireplumber"], // Set modules for the right of the bar - "clock#time": { - "format": "{:%H:%M:%S}", - "interval": 1, - }, - "clock#date": { - "format": "{:%Y/%m/%d}", - "tooltip-format": "{calendar}", - "interval": 360, - "calendar": { - "mode": "month", - "mode-mon-col": 4, - "weeks-pos": "right", - "on-scroll": 1, - "on-click-right": "mode", - "format": { - "months": "{}", - "days": "{}", - "weeks": "W{}", - "weekdays": "{}", - "today": "{}", - }, - }, - }, - "battery": { - "interval": 60, - "states": { - "warning": 40, - "critical": 20, - }, - "format": "{icon} {capacity}%", - "format-icons": [ - "", - "", - "", - "", - "", - ], - "format-charging": "󱐌 {capacity}%", - }, - "cpu": { - "format": "{usage}%", - "interval": 4, - }, - "memory": { - "format": "{used}GiB", - "interval": 4, - }, - "temperature": { - "hwmon-path": "/sys/class/hwmon/hwmon4/temp1_input", - "critical-threshold": 80, - "format": "{temperatureC}°C", - "format-critical": "{temperatureC}°C", - "interval": 4, - }, - "wireplumber": { - "scroll-step": 1, // %, can be a float - "format": "{icon} {volume}%", - "format-muted": "󰝟 Muted", - "format-icons": ["", "", ""], - "on-click": "pavucontrol", - "interval": 4, - }, - "niri/window": { - "max-length": 64, - }, - "tray": { - "icon-size": 22, - "spacing": 6, - } -} diff --git a/home/waybar/style.css b/home/waybar/style.css deleted file mode 100644 index 438d892..0000000 --- a/home/waybar/style.css +++ /dev/null @@ -1,70 +0,0 @@ -.module, -#clock.date, -#clock.time, -#workspaces button { - background: transparent; - padding: 0 10px; - font-family: RobotoMono Nerd Font; - font-weight: 900; - font-size: 13pt; - color: #c0caf5; -} - -/* main waybar */ -window#waybar { - background: rgba(26, 27, 38, 1); - border: 2px solid #414868; -} - -/* when hovering over modules */ -tooltip { - background: #1e1e2e; - border-radius: 0; -} - -#workspaces { - padding-right: 0; -} - -#workspaces button { - padding: 2px; -} - -#clock { - padding-right: 100px; -} - - -/* Sets active workspace to have a solid line on the bottom */ -#workspaces button.focused { - border-bottom: 2px solid #7aa2f7; - border-radius: 0; - margin-top: 0px; - transition: none; -} - -/* More workspace stuff for highlighting on hover */ -#workspaces button.focused { - color: #a6adc8; -} - -#workspaces button.urgent { - color: #f7768e; -} - -#workspaces button:hover { - background: #11111b; - color: #cdd6f4; -} - -/* Hide window module when not focused on window or empty workspace */ -window#waybar.empty #window { - padding: 0; - margin: 0; - opacity: 0; -} - -/* Set up rounding to make these modules look like separate pills */ -#tray { - margin-right: 4px; -} diff --git a/home/yt/chunk.nix b/home/yt/chunk.nix index ad024cd..474abfc 100644 --- a/home/yt/chunk.nix +++ b/home/yt/chunk.nix @@ -14,8 +14,4 @@ programs.home-manager.enable = true; systemd.user.startServices = "sd-switch"; - - home.packages = with pkgs; [ - attic-server - ]; } diff --git a/home/yt/codespace.nix b/home/yt/codespace.nix deleted file mode 100644 index 6720c17..0000000 --- a/home/yt/codespace.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ - pkgs, - ... -}: -{ - imports = [ - ./common.nix - ]; - home = { - username = "codespace"; - homeDirectory = "/home/codespace"; - stateVersion = "24.05"; - }; - programs.home-manager.enable = true; - - systemd.user.startServices = "sd-switch"; - - home.packages = with pkgs; [ - foot.terminfo - attic-client - ]; -} diff --git a/home/yt/common.nix b/home/yt/common.nix index b7c586e..d06d67b 100644 --- a/home/yt/common.nix +++ b/home/yt/common.nix @@ -3,7 +3,6 @@ imports = [ ../tmux.nix ../zsh - ../nixvim ]; home.sessionVariables = { @@ -60,12 +59,17 @@ "mergetool \"vimdiff\"".cmd = "nvim -d $LOCAL $REMOTE $MERGED -c '$wincmd w' -c 'wincmd J'"; url = { "ssh://git@github.com/" = { - insteadOf = "https://github.com/"; + insteadOf = [ + "https://github.com/" + "github:" + "gh:" + ]; }; }; }; }; programs.ripgrep.enable = true; - programs.man.generateCaches = true; + # programs.man.generateCaches = true; # slows down eval programs.fd.enable = true; + news.display = "silent"; } diff --git a/home/yt/ytnix.nix b/home/yt/ytnix.nix index 03e3bb9..f22d425 100644 --- a/home/yt/ytnix.nix +++ b/home/yt/ytnix.nix @@ -6,8 +6,6 @@ { imports = [ ./common.nix - ../foot.nix - ../niri ../irssi.nix ../kitty.nix ../codium.nix @@ -19,30 +17,6 @@ }; programs.home-manager.enable = true; - systemd.user.startServices = "sd-switch"; - - # keep this commented when using plasma - # otherwise "system settings" in KDE will not function - # qt = { - # enable = true; - # platformTheme.name = "kde"; - # style.name = "breeze-dark"; - # style.package = pkgs.kdePackages.breeze; - # }; - - # this one too - # gtk = { - # enable = true; - # theme = { - # package = pkgs.adw-gtk3; - # name = "adw-gtk3-dark"; - # }; - # iconTheme = { - # package = pkgs.adwaita-icon-theme; - # name = "Adwaita"; - # }; - # }; - home.pointerCursor = { package = pkgs.bibata-cursors; name = "Bibata-Modern-Classic"; @@ -51,123 +25,118 @@ x11.enable = true; }; - home.packages = with pkgs; [ - firefox - ungoogled-chromium - librewolf - bitwarden-desktop - bitwarden-cli - fastfetch - nwg-look - kdePackages.gwenview - kdePackages.okular - kdePackages.qtwayland - mpv - yt-dlp - signal-desktop - pavucontrol - btop - grim - slurp - rofi-wayland - rofimoji - cliphist - jq - bash-language-server - sqlite - usbutils - clang-tools - calibre - tor-browser - wtype - bat - yarn - rclone - go - rustup - pwgen - lua-language-server - gnumake - foot - minisign - unzip - lm_sensors - sshfs - gopls - anki-bin - trezorctl - trezor-agent - q - opentofu - terraform-ls - gdb - clang - seahorse - github-cli - fuzzel - nixpkgs-review - just - hugo - ghidra - sequoia - sccache - awscli2 - lldb - (cutter.withPlugins ( - p: with p; [ - rz-ghidra - jsdec - sigdb - ] - )) - ida-free - patchelf - radare2 - p7zip - qbittorrent - # vscodium - nil - pkg-config - gtk2 - gtk2-x11 - android-tools - frida-tools - mitmproxy - openssl - (python313.withPackages ( - p: with p; [ - python-lsp-server - pip - virtualenv - ] - )) - telegram-desktop - jadx - gradle - localsend - scrcpy - syncthing + home.packages = + with pkgs; + lib.flatten [ + ungoogled-chromium + librewolf + bitwarden-desktop + bitwarden-cli + fastfetch + (with kdePackages; [ + gwenview + okular + ]) + mpv + signal-desktop + btop + jq + sqlite + usbutils + calibre + tor-browser + wtype + bat + rclone + go + (rust-bin.selectLatestNightlyWith ( + toolchain: + toolchain.default.override { + extensions = [ "rust-src" ]; + } + )) + pwgen + gnumake + unzip + anki-bin + trezorctl + q + gdb + fuzzel + hugo + ghidra + sccache + awscli2 + (cutter.withPlugins ( + p: with p; [ + rz-ghidra + jsdec + sigdb + ] + )) + p7zip + qbittorrent + android-tools + frida-tools + mitmproxy + (python313.withPackages ( + p: with p; [ + python-lsp-server + pip + virtualenv + ] + )) + jadx + scrcpy + syncthing + syncthingtray + (with llvmPackages; [ + clangUseLLVM + compiler-rt + libllvm + ]) + nix-output-monitor + wl-clipboard-rs + pixelflasher + cinny-desktop + freetube + gopls + rust-analyzer + minio-client + nil + keepassxc + ]; + + home.sessionVariables = { + # to make ghidra work on xwayland + _JAVA_AWT_WM_NONREPARENTING = 1; + + # sccache stuff + RUSTC_WRAPPER = "${lib.getExe pkgs.sccache}"; + SCCACHE_BUCKET = "sccache"; + SCCACHE_REGION = "us-east-1"; + SCCACHE_ENDPOINT = "https://s3.cy7.sh"; + SCCACHE_ALLOW_CORE_DUMPS = "true"; + SCCACHE_S3_USE_SSL = "true"; + SCCACHE_CACHE_MULTIARCH = "true"; + SCCACHE_LOG = "warn"; + AWS_DEFAULT_REGION = "us-east-1"; + AWS_ENDPOINT_URL = "https://s3.cy7.sh"; + AWS_ACCESS_KEY_ID = "$(cat /run/secrets/aws/key_id)"; + AWS_SECRET_ACCESS_KEY = "$(cat /run/secrets/aws/key_secret)"; + }; + + home.sessionPath = [ + "$HOME/.cargo/bin" + "$HOME/go/bin" ]; - programs.waybar.enable = true; programs.feh.enable = true; xdg.configFile = { - rofi.source = ../rofi; - waybar.source = ../waybar; mpv.source = ../mpv; }; - programs.newsboat = { - enable = true; - extraConfig = '' - urls-source "miniflux" - miniflux-url "https://rss.cything.io/" - miniflux-login "cy" - miniflux-passwordfile /run/secrets/newsboat/miniflux - ''; - }; - programs.direnv = { enable = true; nix-direnv.enable = true; @@ -175,29 +144,24 @@ programs.git.extraConfig = { user = { - signingKey = "~/.ssh/id.key"; + signingKey = "~/.ssh/id_ed25519"; }; gpg.format = "ssh"; commit.gpgsign = true; - core.sshCommand = "ssh -i ~/.ssh/id.key"; }; - home.sessionVariables = { - # to make ghidra work on xwayland - _JAVA_AWT_WM_NONREPARENTING = 1; + programs.nix-index-database.comma.enable = true; - # sccache stuff - RUSTC_WRAPPER = "${lib.getExe pkgs.sccache}"; - SCCACHE_BUCKET = "sccache"; - SCCACHE_REGION = "earth"; - SCCACHE_ENDPOINT = "https://sccache.s3.cy7.sh"; - SCCACHE_ALLOW_CORE_DUMPS = "true"; - SCCACHE_S3_USE_SSL = "true"; - SCCACHE_CACHE_MULTIARCH = "true"; - SCCACHE_LOG_LEVEL = "warn"; - AWS_DEFAULT_REGION = "us-east-1"; - AWS_ENDPOINT_URL = "https://s3.cy7.sh"; - AWS_ACCESS_KEY_ID = "$(cat /run/secrets/aws/key_id)"; - AWS_SECRET_ACCESS_KEY = "$(cat /run/secrets/aws/key_secret)"; + programs.neovim = { + enable = true; + viAlias = true; + vimAlias = true; }; + + programs.ssh = { + enable = true; + addKeysToAgent = "yes"; + }; + + programs.firefox.enable = true; } diff --git a/home/zsh/default.nix b/home/zsh/default.nix index 0697fbc..e599f0d 100644 --- a/home/zsh/default.nix +++ b/home/zsh/default.nix @@ -51,6 +51,7 @@ bindkey -M viins "^E" end-of-line bindkey -M viins "^A" beginning-of-line bindkey -M viins "^B" backward-char + bindkey -M viins "^F" forward-char # accept one word completion bindkey -M viins "^S" forward-word @@ -89,8 +90,8 @@ "ta" = "tmux new-session -A -s"; "se" = "sudoedit"; "s" = "sudo"; - "nrs" = "sudo nixos-rebuild switch -L --flake ."; - "nrt" = "sudo nixos-rebuild test -L --flake ."; + "nrs" = "sudo nixos-rebuild switch -L --flake . --log-format internal-json -v |& nom --json"; + "nrt" = "sudo nixos-rebuild test -L --flake . --log-format internal-json -v |& nom --json"; "hrs" = "home-manager switch -L --flake ."; "g" = "git"; "ga" = "git add"; @@ -111,12 +112,13 @@ "grv" = "git remote --verbose"; "gs" = "git status --short"; "gss" = "git status"; + "code" = "codium"; }; }; programs.fzf.enableZshIntegration = true; programs.zoxide.enableZshIntegration = true; programs.eza.enableZshIntegration = true; - programs.nix-index.enableZshIntegration = false; - programs.direnv.enableZshIntegration = false; + programs.nix-index.enableZshIntegration = true; + programs.direnv.enableZshIntegration = true; } diff --git a/hosts/chunk/adguard.nix b/hosts/chunk/adguard.nix deleted file mode 100644 index 74207fc..0000000 --- a/hosts/chunk/adguard.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ ... }: -{ - services.adguardhome = { - enable = true; - host = "127.0.0.1"; - port = 8082; - settings = { - http.port = "8083"; - users = [ - { - name = "cy"; - password = "$2y$10$BZy2zYJj5z4e8LZCq/GwuuhWUafL/MNFO.YcsAMmpDS.2krPxi7KC"; - } - ]; - # do not listen eveywhere cause podman runs it's own DNS - dns.bind_hosts = [ - "127.0.0.1" - "::1" - "31.59.129.225" - "2a0f:85c1:840:2bfb::1" - ]; - }; - }; - - services.caddy.virtualHosts."dns.cything.io".extraConfig = '' - import common - reverse_proxy localhost:8082 - ''; -} diff --git a/hosts/chunk/attic.nix b/hosts/chunk/attic.nix deleted file mode 100644 index 464c8b7..0000000 --- a/hosts/chunk/attic.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ config, ... }: -{ - services.atticd = { - enable = true; - - environmentFile = config.sops.secrets."attic/env".path; - - settings = { - listen = "[::]:8090"; - api-endpoint = "https://cache.cy7.sh/"; - allowed-hosts = [ "cache.cy7.sh" ]; - require-proof-of-possession = false; - compression.type = "zstd"; - database.url = "postgresql:///atticd?host=/run/postgresql"; - - storage = { - type = "s3"; - region = "auto"; - bucket = "attic"; - endpoint = "https://e3e97aac307d106a7becea43cef8fcbd.r2.cloudflarestorage.com"; - }; - - garbage-collection = { - default-retention-period = "2 weeks"; - }; - }; - }; - - services.caddy.virtualHosts."cache.cy7.sh".extraConfig = '' - import common - reverse_proxy localhost:8090 - ''; -} diff --git a/hosts/chunk/conduit.nix b/hosts/chunk/conduit.nix deleted file mode 100644 index 48025e1..0000000 --- a/hosts/chunk/conduit.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ - pkgs, - config, - ... -}: -{ - virtualisation.oci-containers.containers.conduit = { - image = "ghcr.io/girlbossceo/conduwuit:main"; - autoStart = true; - ports = [ "127.0.0.1:8448:8448" ]; - pull = "newer"; - environment = { - CONDUWUIT_SERVER_NAME = "cything.io"; - CONDUWUIT_DATABASE_PATH = "/var/lib/conduwuit"; - CONDUWUIT_PORT = "8448"; - CONDUWUIT_MAX_REQUEST_SIZE = "20000000"; # in bytes ~20MB - CONDUWUIT_ALLOW_REGISTRATION = "false"; - CONDUWUIT_ALLOW_FEDERATION = "true"; - CONDUWUIT_ALLOW_CHECK_FOR_UPDATES = "true"; - CONDUWUIT_TRUSTED_SERVERS = ''["matrix.org"]''; - CONDUWUIT_ADDRESS = "0.0.0.0"; - # CONDUIT_CONFIG = ""; - }; - volumes = [ - "/opt/conduit/db:/var/lib/conduwuit/" - ]; - networks = [ "conduit-net" ]; - }; - - systemd.services.create-conduit-net = { - serviceConfig.Type = "oneshot"; - wantedBy = with config.virtualisation.oci-containers; [ - "${backend}-conduit.service" - ]; - script = '' - ${pkgs.podman}/bin/podman network exists conduit-net || \ - ${pkgs.podman}/bin/podman network create conduit-net - ''; - }; -} diff --git a/hosts/chunk/conduwuit.nix b/hosts/chunk/conduwuit.nix deleted file mode 100644 index 3a6638f..0000000 --- a/hosts/chunk/conduwuit.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ ... }: -{ - services.conduwuit = { - enable = true; - settings.global = { - port = [ 8448 ]; - server_name = "cything.io"; - allow_check_for_updates = true; - }; - }; - - services.caddy.virtualHosts."chat.cything.io".extraConfig = '' - import common - reverse_proxy localhost:8448 - ''; - - services.caddy.virtualHosts."cything.io" = { - serverAliases = [ "www.cything.io" ]; - extraConfig = '' - import common - - header /.well-known/matrix/* Content-Type application/json - header /.well-known/matrix/* Access-Control-Allow-Origin * - header /.well-known/matrix/* Access-Control-Allow-Methods GET,POST,PUT,DELETE,OPTIONS,PATCH,HEAD - header /.well-known/matrix/* Access-Control-Allow-Headers X-Requested-With,Content-Type,Authorization,Origin,Accept - route { - respond /.well-known/matrix/server {"m.server":"chat.cything.io:443"} - respond /.well-known/matrix/client {"m.server":{"base_url":"https://chat.cything.io"},"m.homeserver":{"base_url":"https://chat.cything.io"},"org.matrix.msc3575.proxy":{"url":"https://chat.cything.io"}} - redir https://cy7.sh/posts{uri} permanent - } - ''; - }; -} diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index 2322005..2e4c960 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -16,14 +16,10 @@ ./redlib.nix ./vaultwarden.nix ./grafana.nix - ./conduwuit.nix ./immich.nix - ./element.nix - ./attic.nix ./forgejo.nix ./garage.nix ./tailscale.nix - ./tor.nix ]; sops.age.keyFile = "/root/.config/sops/age/keys.txt"; @@ -31,9 +27,6 @@ "borg/rsyncnet" = { sopsFile = ../../secrets/borg/chunk.yaml; }; - "services/ntfy" = { - sopsFile = ../../secrets/services/ntfy.yaml; - }; "rclone/config" = { sopsFile = ../../secrets/rclone.yaml; }; @@ -52,17 +45,14 @@ "rsyncnet/id_ed25519" = { sopsFile = ../../secrets/zh5061/chunk.yaml; }; - "attic/env" = { - sopsFile = ../../secrets/services/attic.yaml; - }; "garage/env" = { sopsFile = ../../secrets/services/garage.yaml; }; "tailscale/auth" = { sopsFile = ../../secrets/services/tailscale.yaml; }; - "zipline/env" = { - sopsFile = ../../secrets/services/zipline.yaml; + "karakeep/env" = { + sopsFile = ../../secrets/services/karakeep.yaml; }; }; @@ -75,74 +65,69 @@ system.stateVersion = "24.05"; # network stuff + networking = { + hostName = "chunk"; + networkmanager.enable = true; + firewall = { + enable = true; + trustedInterfaces = [ "tailscale0" ]; + allowedTCPPorts = [ + 22 + 80 + 443 + ]; + allowedUDPPorts = [ + 443 + ]; + extraCommands = + let + ethtool = lib.getExe pkgs.ethtool; + tc = lib.getExe' pkgs.iproute2 "tc"; + in + '' + # disable TCP segmentation offload (https://wiki.archlinux.org/title/Advanced_traffic_control#Prerequisites) + ${ethtool} -K ens18 tso off - networking.hostName = "chunk"; - networking.networkmanager.enable = true; - networking.firewall = { - enable = true; - allowedTCPPorts = [ - 22 - 80 - 443 - 53 - 853 - ]; - allowedUDPPorts = [ - 443 - 53 - 853 - ]; - extraCommands = - let - ethtool = lib.getExe pkgs.ethtool; - tc = lib.getExe' pkgs.iproute2 "tc"; - in '' - # disable TCP segmentation offload (https://wiki.archlinux.org/title/Advanced_traffic_control#Prerequisites) - ${ethtool} -K ens18 tso off + # clear existing rules + ${tc} qdisc del dev ens18 root || true - # clear existing rules - ${tc} qdisc del dev ens18 root || true + # create HTB hierarchy + ${tc} qdisc add dev ens18 root handle 1: htb default 10 + ${tc} class add dev ens18 parent 1: classid 1:1 htb rate 100% ceil 100% + # rest + ${tc} class add dev ens18 parent 1:1 classid 1:10 htb rate 60% ceil 100% + # caddy + ${tc} class add dev ens18 parent 1:1 classid 1:30 htb rate 40% ceil 100% - # create HTB hierarchy - ${tc} qdisc add dev ens18 root handle 1: htb default 20 - ${tc} class add dev ens18 parent 1: classid 1:1 htb rate 100% ceil 100% - ${tc} class add dev ens18 parent 1:1 classid 1:10 htb rate 40% ceil 100% - ${tc} class add dev ens18 parent 1:1 classid 1:20 htb rate 60% ceil 100% + # mark traffic + iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/caddy.service" -j MARK --set-mark 3 - # mark traffic - iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/tailscaled.service" -j MARK --set-mark 1 - - # route marked packets - ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 1 fw flowid 1:10 - ''; - }; - networking.interfaces.ens18 = { - ipv6.addresses = [ - { - address = "2a0f:85c1:840:2bfb::1"; - prefixLength = 64; - } - ]; - ipv4.addresses = [ - { - address = "31.59.129.225"; - prefixLength = 24; - } - ]; - }; - networking.defaultGateway6 = { - address = "2a0f:85c1:840::1"; - interface = "ens18"; - }; - networking.defaultGateway = { - address = "31.59.129.1"; - interface = "ens18"; - }; - - i18n.defaultLocale = "en_US.UTF-8"; - console = { - font = "Lat2-Terminus16"; - useXkbConfig = true; + # route marked packets + ${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 3 fw flowid 1:30 + ''; + }; + interfaces.ens18 = { + ipv6.addresses = [ + { + address = "2a0f:85c1:840:2bfb::1"; + prefixLength = 64; + } + ]; + ipv4.addresses = [ + { + address = "31.59.129.225"; + prefixLength = 24; + } + ]; + }; + defaultGateway6 = { + address = "2a0f:85c1:840::1"; + interface = "ens18"; + }; + defaultGateway = { + address = "31.59.129.1"; + interface = "ens18"; + }; }; users.users.yt = { @@ -152,13 +137,15 @@ "podman" ]; openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPdhAQYy0+vS+QmyCd0MAbqbgzyMGcsuuFyf6kg2yKge yt@ytlinux" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINyn2+OoRN4nExti+vFQ1NHEZip0slAoCH9C5/FzvgZD yt@ytnix" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPdhAQYy0+vS+QmyCd0MAbqbgzyMGcsuuFyf6kg2yKge" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOfubDWr0kRm2o4DqaK6l1s4NCdTkljXZWKWCiF5nX+6" + "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIA/IX9OFEhHS9Dl8nrtHkL7j7hhy7in9OAY/hVuzEGL0AAAABHNzaDo=" ]; }; users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPdhAQYy0+vS+QmyCd0MAbqbgzyMGcsuuFyf6kg2yKge yt@ytlinux" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINyn2+OoRN4nExti+vFQ1NHEZip0slAoCH9C5/FzvgZD yt@ytnix" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOfubDWr0kRm2o4DqaK6l1s4NCdTkljXZWKWCiF5nX+6" + "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIA/IX9OFEhHS9Dl8nrtHkL7j7hhy7in9OAY/hVuzEGL0AAAABHNzaDo=" ]; # for forgejo users.users.git = { @@ -176,7 +163,6 @@ tmux file sops - attic-server ]; environment.variables = { @@ -192,33 +178,13 @@ security.sudo.enable = true; security.sudo.wheelNeedsPassword = false; - programs.gnupg.agent.enable = true; programs.git.enable = true; my.caddy.enable = true; - services.caddy.virtualHosts."cy7.sh" = { - serverAliases = [ "www.cy7.sh" ]; - extraConfig = '' - import common - redir https://cything.io temporary - ''; + my.containerization.enable = true; + my.authelia.enable = true; + my.karakeep = { + enable = false; + dataDir = "/opt/karakeep"; }; - - # container stuff - virtualisation.containers.enable = true; - virtualisation.podman = { - enable = true; - # create 'docker' alias for podman, to use as - # drop-in replacement - dockerCompat = true; - defaultNetwork.settings = { - dns_enabled = true; - ipv6_enabled = true; - }; - }; - virtualisation.oci-containers.backend = "podman"; - environment.enableAllTerminfo = true; - - my.roundcube.enable = true; - my.zipline.enable = true; } diff --git a/hosts/chunk/deluge.nix b/hosts/chunk/deluge.nix deleted file mode 100644 index 5dd3fd4..0000000 --- a/hosts/chunk/deluge.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ ... }: -{ - services.deluge = { - enable = true; - web = { - enable = true; - port = 8112; - }; - }; - - services.caddy.virtualHosts."t.cy7.sh".extraConfig = '' - import common - reverse_proxy localhost:8112 - ''; -} diff --git a/hosts/chunk/element.nix b/hosts/chunk/element.nix deleted file mode 100644 index 5a12e1e..0000000 --- a/hosts/chunk/element.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ - pkgs, - config, - ... -}: -{ - virtualisation.oci-containers.containers.element = { - image = "vectorim/element-web"; - autoStart = true; - ports = [ "127.0.0.1:8089:8089" ]; - pull = "newer"; - networks = [ "element-net" ]; - environment = { - ELEMENT_WEB_PORT = "8089"; - }; - }; - - systemd.services.create-element-net = { - serviceConfig.Type = "oneshot"; - wantedBy = with config.virtualisation.oci-containers; [ - "${backend}-element.service" - ]; - script = '' - ${pkgs.podman}/bin/podman network exists element-net || \ - ${pkgs.podman}/bin/podman network create element-net - ''; - }; - - services.caddy.virtualHosts."element.cy7.sh".extraConfig = '' - import common - reverse_proxy localhost:8089 - ''; -} diff --git a/hosts/chunk/garage.nix b/hosts/chunk/garage.nix index 0dade9f..a36dc49 100644 --- a/hosts/chunk/garage.nix +++ b/hosts/chunk/garage.nix @@ -12,15 +12,20 @@ }; s3_web = { bind_addr = "[::]:3902"; - root_domain = ".web.s3.cy7.sh"; - index = "index.html"; + root_domain = ".web.cy7.sh"; + add_host_to_metrics = true; }; admin.api_bind_addr = "[::]:3903"; rpc_bind_addr = "[::]:3901"; + rpc_public_addr = "100.122.132.30:3901"; replication_factor = 1; db_engine = "lmdb"; + disable_scrub = true; + block_size = "128M"; + compression_level = "none"; }; environmentFile = config.sops.secrets."garage/env".path; + logLevel = "warn"; }; services.caddy.virtualHosts = { @@ -31,13 +36,24 @@ reverse_proxy localhost:3900 ''; }; - "*.web.s3.cy7.sh".extraConfig = '' - import common - reverse_proxy localhost:3902 - ''; "admin.s3.cy7.sh".extraConfig = '' import common reverse_proxy localhost:3903 ''; + "*.web.cy7.sh" = { + serverAliases = [ "nixcache.cy7.sh" "staging.cy7.sh" ]; + extraConfig = '' + import common + @plain { + host nixcache.cy7.sh nixcache.web.cy7.sh + path / /nix-cache-info + } + header @plain { + >content-type text/plain + } + + reverse_proxy localhost:3902 + ''; + }; }; } diff --git a/hosts/chunk/gitlab.nix b/hosts/chunk/gitlab.nix deleted file mode 100644 index 753bcbd..0000000 --- a/hosts/chunk/gitlab.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ config, ... }: -{ - services.gitlab = { - enable = true; - https = true; - host = "git.cything.io"; - user = "git"; # so that you can ssh with git@git.cything.io - group = "git"; - port = 443; # this *not* the port gitlab will run on - puma.workers = 0; # https://docs.gitlab.com/omnibus/settings/memory_constrained_envs.html#optimize-puma - sidekiq.concurrency = 5; - databaseUsername = "git"; # needs to be same as user - initialRootEmail = "hi@cything.io"; - initialRootPasswordFile = config.sops.secrets."gitlab/root".path; - secrets = { - secretFile = config.sops.secrets."gitlab/secret".path; - otpFile = config.sops.secrets."gitlab/otp".path; - jwsFile = config.sops.secrets."gitlab/jws".path; - dbFile = config.sops.secrets."gitlab/db".path; - }; - backup = { - startAt = "daily"; - # we already postgresqlbackup.service - skip = [ "db" ]; - keepTime = 48; # hours - }; - extraConfig = { - gitlab = { - # NOTE: default_syntax_highlighting_theme needs to be set in the application_settings table in the database - default_color_mode = 2; - }; - prometheus.enabled = false; - }; - }; -} diff --git a/hosts/chunk/grafana.nix b/hosts/chunk/grafana.nix index ee5a382..33a77a0 100644 --- a/hosts/chunk/grafana.nix +++ b/hosts/chunk/grafana.nix @@ -29,11 +29,20 @@ } ]; } + { + job_name = "garage"; + static_configs = [ + { + targets = [ "127.0.0.1:3903" ]; + } + ]; + } ]; }; services.caddy.virtualHosts."grafana.cy7.sh".extraConfig = '' import common + import authelia reverse_proxy localhost:8088 ''; } diff --git a/hosts/chunk/hedgedoc.nix b/hosts/chunk/hedgedoc.nix index 62505f9..1e7e497 100644 --- a/hosts/chunk/hedgedoc.nix +++ b/hosts/chunk/hedgedoc.nix @@ -11,7 +11,7 @@ dialect = "postgresql"; }; port = 8085; - domain = "pad.cything.io"; + domain = "pad.cy7.sh"; allowEmailRegister = false; protocolUseSSL = true; }; diff --git a/hosts/chunk/immich.nix b/hosts/chunk/immich.nix index 9661e8c..7dc7824 100644 --- a/hosts/chunk/immich.nix +++ b/hosts/chunk/immich.nix @@ -1,13 +1,15 @@ { pkgs, config, + lib, ... }: let uploadLocation = "/mnt/photos/immich"; - thumbsLocation = "/opt/immich/thumbs"; + # thumbsLocation = "/opt/immich/thumbs"; profileLocation = "/opt/immich/profile"; dbDataLocation = "/opt/immich/postgres"; + backupsLocation = "/opt/immich/backups"; in { virtualisation.oci-containers.containers = { @@ -18,8 +20,9 @@ in pull = "newer"; volumes = [ "${uploadLocation}:/usr/src/app/upload" - "${thumbsLocation}:/usr/src/app/upload/thumbs" + # "${thumbsLocation}:/usr/src/app/upload/thumbs" "${profileLocation}:/usr/src/app/upload/profile" + "${backupsLocation}:/usr/src/app/upload/backups" ]; environment = { REDIS_HOSTNAME = "immich-redis"; @@ -67,21 +70,9 @@ in ]; networks = [ "immich-net" ]; }; - - # immich-ml = { - # image = "ghcr.io/immich-app/immich-machine-learning:release"; - # autoStart = true; - # pull = "newer"; - # environment = { - # REDIS_HOSTNAME = "immich-redis"; - # DB_HOSTNAME = "immich-db"; - # }; - # volumes = [ "${modelCache}:/cache" ]; - # networks = [ "immich-net" ]; - # }; }; - systemd.services.create-immich-net = { + systemd.services.create-immich-net = rec { serviceConfig.Type = "oneshot"; requiredBy = with config.virtualisation.oci-containers; [ "${backend}-immich.service" @@ -89,10 +80,10 @@ in "${backend}-immich-redis.service" # "${backend}-immich-ml.service" ]; - before = config.systemd.services.create-immich-net.requiredBy; + before = requiredBy; script = '' - ${pkgs.podman}/bin/podman network exists immich-net || \ - ${pkgs.podman}/bin/podman network create immich-net + ${lib.getExe pkgs.podman} network exists immich-net || \ + ${lib.getExe pkgs.podman} network create immich-net ''; }; diff --git a/hosts/chunk/jellyfin.nix b/hosts/chunk/jellyfin.nix deleted file mode 100644 index c6e0dec..0000000 --- a/hosts/chunk/jellyfin.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ ... }: -{ - services.jellyfin = { - enable = true; - dataDir = "/mnt/jellyfin"; - configDir = "/var/lib/jellyfin/config"; - }; -} diff --git a/hosts/chunk/miniflux.nix b/hosts/chunk/miniflux.nix index 84783f6..9c6a8c7 100644 --- a/hosts/chunk/miniflux.nix +++ b/hosts/chunk/miniflux.nix @@ -12,6 +12,7 @@ services.caddy.virtualHosts."rss.cy7.sh".extraConfig = '' import common + import authelia reverse_proxy localhost:8080 ''; } diff --git a/hosts/chunk/rclone.nix b/hosts/chunk/rclone.nix index 4b33e34..1c474af 100644 --- a/hosts/chunk/rclone.nix +++ b/hosts/chunk/rclone.nix @@ -4,6 +4,34 @@ lib, ... }: +let + mkServiceConfig = remote: mount: { + Type = "notify"; + TimeoutSec = "5min 20s"; + ExecStartPre = "/usr/bin/env mkdir -p ${mount}"; + ExecStart = '' + ${lib.getExe pkgs.rclone} mount \ + --config ${config.sops.secrets."rclone/config".path} \ + --allow-other \ + --cache-dir /var/cache/rclone \ + --transfers 64 \ + --vfs-cache-mode full \ + --vfs-cache-min-free-space 5G \ + --dir-cache-time 30d \ + --no-checksum \ + --no-modtime \ + --vfs-fast-fingerprint \ + --vfs-read-chunk-size 8M \ + --vfs-read-chunk-streams 16 \ + --sftp-concurrency 128 \ + --sftp-chunk-size 255k \ + --buffer-size 0 \ + --write-back-cache \ + ${remote} ${mount} + ''; + ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -zu ${mount}"; + }; +in { systemd.services.immich-mount = { enable = true; @@ -12,31 +40,7 @@ after = [ "network-online.target" ]; requiredBy = [ "podman-immich-server.service" ]; before = [ "podman-immich-server.service" ]; - serviceConfig = { - Type = "notify"; - ExecStartPre = "/usr/bin/env mkdir -p /mnt/photos"; - ExecStart = "${lib.getExe pkgs.rclone} mount --config ${ - config.sops.secrets."rclone/config".path - } --cache-dir /var/cache/rclone --transfers=32 --checkers=32 --dir-cache-time 72h --vfs-cache-mode writes --vfs-cache-max-size 2G photos: /mnt/photos "; - ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/photos"; - }; - }; - - systemd.services.attic-mount = { - enable = true; - description = "Mount the attic data remote"; - requires = [ "network-online.target" ]; - after = [ "network-online.target" ]; - requiredBy = [ "atticd.service" ]; - before = [ "atticd.service" ]; - serviceConfig = { - Type = "notify"; - ExecStartPre = "/usr/bin/env mkdir -p /mnt/attic"; - ExecStart = "${lib.getExe pkgs.rclone} mount --config ${ - config.sops.secrets."rclone/config".path - } --cache-dir /var/cache/rclone --transfers=32 --checkers=32 --vfs-cache-mode writes --vfs-cache-max-size 2G --allow-other rsyncnet:attic /mnt/attic "; - ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/attic"; - }; + serviceConfig = mkServiceConfig "photos:" "/mnt/photos"; }; systemd.services.garage-mount = { @@ -46,13 +50,6 @@ after = [ "network-online.target" ]; requiredBy = [ "garage.service" ]; before = [ "garage.service" ]; - serviceConfig = { - Type = "notify"; - ExecStartPre = "/usr/bin/env mkdir -p /mnt/garage"; - ExecStart = "${lib.getExe pkgs.rclone} mount --config ${ - config.sops.secrets."rclone/config".path - } --cache-dir /var/cache/rclone --transfers=32 --checkers=32 --vfs-cache-mode writes --vfs-cache-max-size 5G --allow-other rsyncnet:garage /mnt/garage "; - ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/garage"; - }; + serviceConfig = mkServiceConfig "rsyncnet:garage" "/mnt/garage"; }; } diff --git a/hosts/chunk/redlib.nix b/hosts/chunk/redlib.nix index d095da5..fac65cd 100644 --- a/hosts/chunk/redlib.nix +++ b/hosts/chunk/redlib.nix @@ -13,6 +13,7 @@ services.caddy.virtualHosts."red.cy7.sh".extraConfig = '' import common + import authelia reverse_proxy localhost:8087 ''; } diff --git a/hosts/chunk/tor.nix b/hosts/chunk/tor.nix deleted file mode 100644 index 2ad4a89..0000000 --- a/hosts/chunk/tor.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ ... }: -{ - services.tor = { - enable = true; - openFirewall = true; - relay = { - enable = true; - role = "relay"; - }; - settings = { - ORPort = 9001; - Nickname = "chunk"; - # MaxAdvertisedBandwidth = "20MBytes"; - }; - }; -} diff --git a/hosts/chunk/vaultwarden.nix b/hosts/chunk/vaultwarden.nix index 7529610..cedece2 100644 --- a/hosts/chunk/vaultwarden.nix +++ b/hosts/chunk/vaultwarden.nix @@ -1,15 +1,6 @@ -{ config, ... }: +{ ... }: { - services.vaultwarden = { - enable = true; - dbBackend = "postgresql"; - environmentFile = config.sops.secrets."vaultwarden/env".path; - config = { - ROCKET_ADDRESS = "127.0.0.1"; - ROCKET_PORT = "8081"; - DATABASE_URL = "postgresql://vaultwarden:vaultwarden@127.0.0.1:5432/vaultwarden"; - }; - }; + my.vaultwarden.enable = true; services.caddy.virtualHosts."pass.cy7.sh".extraConfig = '' import common diff --git a/hosts/common.nix b/hosts/common.nix index 748f6d5..b1989b1 100644 --- a/hosts/common.nix +++ b/hosts/common.nix @@ -1,6 +1,7 @@ -{ inputs, ... }: +{ inputs, config, pkgs, ... }: { nix = { + package = pkgs.lix; settings = { experimental-features = "nix-command flakes"; auto-optimise-store = true; @@ -9,18 +10,16 @@ "root" "@wheel" ]; - trusted-public-keys = [ - "niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964=" + extra-trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" - "cything.cachix.org-1:xqW1W5NNL+wrM9wfSELb0MLj/harD2ZyB4HbdaMyvPI=" + "nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8=" ]; - substituters = [ - "https://aseipp-nix-cache.global.ssl.fastly.net" - "https://niri.cachix.org" + extra-substituters = [ "https://nix-community.cachix.org" - "https://cache.garnix.io" - "https://cything.cachix.org" + "https://nixcache.cy7.sh" + ]; + secret-key-files = [ + config.sops.secrets.cache-priv-key.path ]; }; channel.enable = false; @@ -34,41 +33,56 @@ persistent = true; options = "--delete-older-than 14d"; }; - extraOptions = '' - builders-use-substitutes = true - ''; registry.nixpkgs.flake = inputs.nixpkgs; }; + i18n.defaultLocale = "en_US.UTF-8"; time.timeZone = "America/New_York"; networking = { firewall.logRefusedConnections = false; nameservers = [ - # quad9 - "2620:fe::fe" - "2620:fe::9" - "9.9.9.9" - "149.112.112.112" + # quad9 (unfiltered) + "2620:fe::10" + "2620:fe::fe:10" + "9.9.9.10" + "149.112.112.110" ]; timeServers = [ + # https://github.com/jauderho/nts-servers + "ntp3.fau.de" "ntppool1.time.nl" - "nts.netnod.se" - "ptbtime1.ptb.de" - "ohio.time.system76.com" - "time.txryan.com" - "time.dfm.dk" + "ntpmon.dcs1.biz" + "stratum1.time.cifelli.xyz" + "nts.teambelgium.net" + "c.st1.ntp.br" ]; }; services.chrony = { enable = true; enableNTS = true; + enableMemoryLocking = true; + extraConfig = '' + # Expedited Forwarding + dscp 46 + # disable command port + cmdport 0 + # only allow NTS + authselectmode require + # update the clock only when at least 3 sources agree on the correct time + minsources 3 + ''; }; - # this is true by default and mutually exclusive with - # programs.nix-index - programs.command-not-found.enable = false; - programs.nix-index.enable = false; # set above to false to use this - # see journald.conf(5) services.journald.extraConfig = "MaxRetentionSec=2d"; + + services.thermald.enable = true; + environment.enableAllTerminfo = true; + + sops.secrets.cache-priv-key = { + format = "binary"; + sopsFile = ../secrets/cache-priv-key.pem; + mode = "0440"; + group = "users"; + }; } diff --git a/hosts/titan/Caddyfile b/hosts/titan/Caddyfile deleted file mode 100644 index c306399..0000000 --- a/hosts/titan/Caddyfile +++ /dev/null @@ -1,41 +0,0 @@ -{ - acme_ca https://acme.zerossl.com/v2/DV90 - acme_eab { - key_id {$EAB_KEY_ID} - mac_key {$EAB_MAC_KEY} - } -} - -(common) { - encode zstd gzip - header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" -} - -cything.io { - import common - - header /.well-known/matrix/* Content-Type application/json - header /.well-known/matrix/* Access-Control-Allow-Origin * - header /.well-known/matrix/* Access-Control-Allow-Methods GET,POST,PUT,DELETE,OPTIONS,PATCH,HEAD - header /.well-known/matrix/* Access-Control-Allow-Headers X-Requested-With,Content-Type,Authorization,Origin,Accept - route { - respond /.well-known/matrix/server {"m.server":"chat.cything.io:443"} - respond /.well-known/matrix/client {"m.server":{"base_url":"https://chat.cything.io"},"m.homeserver":{"base_url":"https://chat.cything.io"},"org.matrix.msc3575.proxy":{"url":"https://chat.cything.io"}} - redir https://cy7.sh/posts{uri} permanent - } -} - -www.cything.io { - import common - redir https://cything.io{uri} permanent -} - -ntfy.cything.io { - import common - reverse_proxy localhost:8083 -} - -status.cything.io { - import common - reverse_proxy localhost:3001 -} diff --git a/hosts/titan/backup.nix b/hosts/titan/backup.nix deleted file mode 100644 index ad09978..0000000 --- a/hosts/titan/backup.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ - config, - ... -}: -{ - my.backup = { - enable = true; - jobName = "titanRsync"; - repo = "titan"; - passFile = config.sops.secrets."borg/rsyncnet".path; - sshKeyFile = config.sops.secrets."rsyncnet/id_ed25519".path; - }; -} diff --git a/hosts/titan/default.nix b/hosts/titan/default.nix deleted file mode 100644 index e8b03f0..0000000 --- a/hosts/titan/default.nix +++ /dev/null @@ -1,98 +0,0 @@ -{ - modulesPath, - config, - lib, - pkgs, - ... -}: -{ - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - (modulesPath + "/profiles/qemu-guest.nix") - ../common.nix - ./disk-config.nix - ./hardware-configuration.nix - ./ghost.nix - ./ntfy.nix - ./uptime-kuma.nix - ./backup.nix - ]; - - sops.age.keyFile = "/root/.config/sops/age/keys.txt"; - sops.secrets = { - "caddy/env" = { - sopsFile = ../../secrets/services/caddy.yaml; - }; - "services/ntfy" = { - sopsFile = ../../secrets/services/ntfy.yaml; - }; - "borg/rsyncnet" = { - sopsFile = ../../secrets/borg/titan.yaml; - }; - "rsyncnet/id_ed25519" = { - sopsFile = ../../secrets/zh5061/titan.yaml; - }; - }; - - boot = { - loader = { - systemd-boot.enable = true; - efi.canTouchEfiVariables = true; - }; - tmp.cleanOnBoot = true; - kernelPackages = pkgs.linuxPackages_latest; - }; - - services.openssh = { - enable = true; - settings.PasswordAuthentication = false; - }; - - users.users.root.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPdhAQYy0+vS+QmyCd0MAbqbgzyMGcsuuFyf6kg2yKge yt@ytlinux" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINyn2+OoRN4nExti+vFQ1NHEZip0slAoCH9C5/FzvgZD yt@ytnix" - ]; - - system.stateVersion = "24.05"; - - environment.systemPackages = with pkgs; [ - curl - git - ]; - - # network stuff - networking.hostName = "titan"; - networking.networkmanager.enable = true; - networking.firewall = { - enable = true; - allowedTCPPorts = [ - 22 - 80 - 443 - ]; - allowedUDPPorts = [ - 443 - ]; - }; - - # container stuff - virtualisation.containers.enable = true; - virtualisation.podman = { - enable = true; - # create 'docker' alias for podman, to use as - # drop-in replacement - dockerCompat = true; - defaultNetwork.settings = { - dns_enabled = true; - ipv6_enabled = true; - }; - }; - virtualisation.oci-containers.backend = "podman"; - - services.caddy = { - enable = true; - configFile = ./Caddyfile; - environmentFile = config.sops.secrets."caddy/env".path; - logFormat = lib.mkForce "level INFO"; - }; -} diff --git a/hosts/titan/disk-config.nix b/hosts/titan/disk-config.nix deleted file mode 100644 index 7c67624..0000000 --- a/hosts/titan/disk-config.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ - disko.devices = { - disk = { - main = { - device = "/dev/sda"; - type = "disk"; - content = { - type = "gpt"; - partitions = { - ESP = { - type = "EF00"; - size = "500M"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ "umask=0077" ]; - }; - }; - root = { - size = "100%"; - content = { - type = "filesystem"; - format = "ext4"; - mountpoint = "/"; - }; - }; - }; - }; - }; - }; - }; -} diff --git a/hosts/titan/ghost.nix b/hosts/titan/ghost.nix deleted file mode 100644 index a9f8293..0000000 --- a/hosts/titan/ghost.nix +++ /dev/null @@ -1,52 +0,0 @@ -{ - pkgs, - config, - ... -}: -{ - virtualisation.oci-containers.containers.ghost = { - image = "ghost:5-alpine"; - autoStart = true; - ports = [ "127.0.0.1:8084:2368" ]; - pull = "newer"; - environment = { - database__client = "mysql"; - database__connection__host = "ghost-db"; - database__connection__user = "root"; - database__connection__password = "example"; - database__connection__database = "ghost"; - url = "https://cything.io"; - NODE_ENV = "production"; - }; - volumes = [ - "/opt/ghost/data:/var/lib/ghost/content" - ]; - networks = [ "ghost-net" ]; - dependsOn = [ "ghost-db" ]; - }; - - virtualisation.oci-containers.containers.ghost-db = { - image = "mysql:8.0"; - autoStart = true; - pull = "newer"; - environment = { - MYSQL_ROOT_PASSWORD = "example"; - }; - volumes = [ - "/opt/ghost/db:/var/lib/mysql" - ]; - networks = [ "ghost-net" ]; - }; - - systemd.services.create-ghost-net = { - serviceConfig.Type = "oneshot"; - wantedBy = with config.virtualisation.oci-containers; [ - "${backend}-ghost.service" - "${backend}-ghost-db.service" - ]; - script = '' - ${pkgs.podman}/bin/podman network exists ghost-net || \ - ${pkgs.podman}/bin/podman network create ghost-net - ''; - }; -} diff --git a/hosts/titan/hardware-configuration.nix b/hosts/titan/hardware-configuration.nix deleted file mode 100644 index 2730f0c..0000000 --- a/hosts/titan/hardware-configuration.nix +++ /dev/null @@ -1,26 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ - lib, - ... -}: - -{ - imports = [ ]; - - boot.initrd.availableKernelModules = [ "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.eth0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - virtualisation.hypervGuest.enable = true; -} diff --git a/hosts/titan/ntfy.nix b/hosts/titan/ntfy.nix deleted file mode 100644 index cc2cb47..0000000 --- a/hosts/titan/ntfy.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ ... }: -{ - services.ntfy-sh = { - enable = true; - settings = { - listen-http = "127.0.0.1:8083"; - base-url = "https://ntfy.cything.io"; - upstream-base-url = "https://ntfy.sh"; - auth-default-access = "deny-all"; - behind-proxy = true; - }; - }; -} diff --git a/hosts/titan/uptime-kuma.nix b/hosts/titan/uptime-kuma.nix deleted file mode 100644 index 8bc0251..0000000 --- a/hosts/titan/uptime-kuma.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ ... }: -{ - # data stored at /var/lib/uptime-kuma/ but does not expose - # an option to change it - services.uptime-kuma = { - enable = true; - settings.PORT = "3001"; - }; -} diff --git a/hosts/ytnix/containers.nix b/hosts/ytnix/containers.nix new file mode 100644 index 0000000..4ef858c --- /dev/null +++ b/hosts/ytnix/containers.nix @@ -0,0 +1,38 @@ +{ + config, + pkgs, + lib, + ... +}: +{ + virtualisation.oci-containers.containers = { + immich-ml = + let + modelCache = "/opt/immich-ml"; + in + { + image = "ghcr.io/immich-app/immich-machine-learning:release"; + autoStart = true; + pull = "newer"; + ports = [ "3003:3003" ]; + environment = { + REDIS_HOSTNAME = "immich-redis"; + DB_HOSTNAME = "immich-db"; + }; + volumes = [ "${modelCache}:/cache" ]; + networks = [ "immich-net" ]; + }; + }; + + systemd.services.create-immich-net = rec { + serviceConfig.Type = "oneshot"; + requiredBy = with config.virtualisation.oci-containers; [ + "${backend}-immich-ml.service" + ]; + before = requiredBy; + script = '' + ${lib.getExe pkgs.podman} network exists immich-net || \ + ${lib.getExe pkgs.podman} network create immich-net + ''; + }; +} diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index a3d4e13..ddf1364 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -10,6 +10,7 @@ ../common.nix ../zsh.nix ./tailscale.nix + ./containers.nix ]; sops.age.keyFile = "/root/.config/sops/age/keys.txt"; @@ -17,16 +18,9 @@ "borg/rsyncnet" = { sopsFile = ../../secrets/borg/yt.yaml; }; - "services/ntfy" = { - sopsFile = ../../secrets/services/ntfy.yaml; - }; "rsyncnet/id_ed25519" = { sopsFile = ../../secrets/zh5061/yt.yaml; }; - "newsboat/miniflux" = { - sopsFile = ../../secrets/newsboat.yaml; - owner = "yt"; - }; "tailscale/auth" = { sopsFile = ../../secrets/services/tailscale.yaml; }; @@ -38,16 +32,18 @@ sopsFile = ../../secrets/yt/aws.yaml; owner = "yt"; }; + "vaultwarden/env" = { + sopsFile = ../../secrets/services/vaultwarden.yaml; + }; }; boot = { loader = { # lanzaboote replaces systemd-boot systemd-boot.enable = lib.mkForce false; - efi.canTouchEfiVariables = false; # toggle when installing + efi.canTouchEfiVariables = true; }; tmp.cleanOnBoot = true; - # upgrade after https://github.com/tomaspinho/rtl8821ce/issues/356 is fixed kernelPackages = pkgs.linuxKernel.packages.linux_zen; extraModulePackages = with config.boot.kernelPackages; [ rtl8821ce @@ -91,13 +87,17 @@ resolvconf.enable = true; firewall = { enable = true; - allowedTCPPorts = [ - 8080 # mitmproxy - 22000 # syncthing - ]; + trustedInterfaces = [ "tailscale0" ]; + # allowedTCPPorts = [ + # 8080 # mitmproxy + # 22000 # syncthing + # 3003 # immich-ml + # ]; + }; + hosts = { + "100.122.132.30" = [ "s3.cy7.sh" ]; }; }; - programs.nm-applet.enable = true; security.rtkit.enable = true; services.pipewire = { @@ -146,43 +146,52 @@ "docker" "disk" "adbusers" + "podman" ]; - environment.systemPackages = with pkgs; [ - tmux - vim - wget - neovim - git - python3 - wl-clipboard - # mako # sway config uses this - tree - kitty - borgbackup - brightnessctl - alsa-utils - nixd - bluetuith - libimobiledevice - pass-wayland - htop - file - dnsutils - age - compsize - wireguard-tools - traceroute - sops - restic - haskell-language-server - ghc - sbctl # secure boot - wine-wayland - wine64 - solaar - gtk3 - ]; + environment.systemPackages = + with pkgs; + lib.flatten [ + tmux + vim + wget + tree + kitty + borgbackup + htop + file + dnsutils + q + age + compsize + wireguard-tools + traceroute + sops + sbctl # secure boot + lm_sensors + sshfs + openssl + just + killall + lshw + bubblewrap + fuse-overlayfs + dwarfs + wineWowPackages.stagingFull + (with gst_all_1; [ + gst-plugins-good + gst-plugins-bad + gst-plugins-ugly + gst-plugins-base + ]) + vulkan-loader + (heroic.override { + extraPkgs = pkgs: [ + pkgs.gamescope + pkgs.gamemode + ]; + }) + ]; environment.sessionVariables = { NIXOS_OZONE_WL = "1"; @@ -203,18 +212,19 @@ }; }; - fonts.packages = with pkgs; [ - nerd-fonts.roboto-mono - ibm-plex - ]; - fonts.enableDefaultPackages = true; + fonts = { + packages = with pkgs; [ + nerd-fonts.roboto-mono + ibm-plex + ]; + enableDefaultPackages = true; + }; hardware.enableAllFirmware = true; hardware.bluetooth = { enable = true; powerOnBoot = true; }; - services.blueman.enable = true; my.backup = { enable = true; @@ -227,68 +237,37 @@ "**/.wine" "/home/yt/Games" "/home/yt/Videos" + "/home/yt/.bitmonero" ]; repo = "yt"; passFile = config.sops.secrets."borg/rsyncnet".path; sshKeyFile = config.sops.secrets."rsyncnet/id_ed25519".path; }; - services.btrbk.instances.local = { - onCalendar = "hourly"; - # only create snapshots automatically. backups are triggered manually with `btrbk resume` - snapshotOnly = true; - settings = { - snapshot_preserve_min = "latest"; - target_preserve = "*d"; - target_preserve_min = "no"; - target = "/mnt/external/btr_backup/ytnix"; - stream_compress = "zstd"; - stream_compress_level = "8"; - snapshot_dir = "/snapshots"; - subvolume = { - "/home" = { }; - "/" = { }; - }; - }; - }; - programs.steam = { enable = true; extest.enable = true; extraCompatPackages = with pkgs; [ proton-ge-bin ]; }; - hardware.steam-hardware.enable = true; + programs.gamescope.enable = true; services.logind = { - lidSwitch = "hibernate"; - powerKey = "hibernate"; + lidSwitch = "suspend"; + powerKey = "poweroff"; + suspendKey = "hibernate"; }; xdg.mime.defaultApplications = { "application/pdf" = "okular.desktop"; "image/*" = "gwenview.desktop"; - "*/html" = "chromium-browser.desktop"; }; - programs.thunar = { + virtualisation.libvirtd = { enable = true; - plugins = with pkgs.xfce; [ - thunar-archive-plugin - thunar-volman - ]; - }; - # preference changes don't work in thunar without this - programs.xfconf.enable = true; - # mount, trash and stuff in thunar - services.gvfs.enable = true; - # thumbnails in thunar - services.tumbler.enable = true; - - virtualisation = { - libvirtd.enable = true; - docker.enable = true; + qemu.vhostUserPackages = with pkgs; [ virtiofsd ]; }; programs.virt-manager.enable = true; + my.containerization.enable = true; services.usbmuxd.enable = true; programs.nix-ld.dev = { @@ -302,6 +281,7 @@ fontconfig libxkbcommon zlib + libz libxml2 dbus freetype @@ -348,6 +328,8 @@ curl pcre2 gsettings-desktop-schemas + fzf + systemd ]; }; programs.evolution.enable = true; @@ -366,6 +348,7 @@ enable = true; plugins = with pkgs.obs-studio-plugins; [ wlrobs + obs-pipewire-audio-capture ]; }; @@ -379,7 +362,7 @@ services.ollama.enable = false; - services.trezord.enable = false; + services.trezord.enable = true; programs.niri.enable = false; programs.niri.package = pkgs.niri-unstable; @@ -389,12 +372,6 @@ SUBSYSTEM=="usb", SYSFS{idVendor}=="090c", SYSFS{idProduct}=="1000", ACTION=="add", GROUP="users", MODE="0664" ''; - programs.ssh = { - askPassword = "${pkgs.seahorse}/libexec/seahorse/ssh-askpass"; - startAgent = true; - enableAskPassword = true; - }; - services.desktopManager.plasma6 = { enable = true; enableQt5Integration = true; @@ -410,8 +387,10 @@ programs.kdeconnect.enable = true; programs.dconf.enable = true; - programs.java = { - enable = true; - binfmt = true; - }; + programs.ccache.enable = true; + nix.settings.extra-sandbox-paths = [ config.programs.ccache.cacheDir ]; + programs.fuse.userAllowOther = true; + nix.settings.sandbox = false; + + programs.ssh.startAgent = true; } diff --git a/justfile b/justfile index 68b7e5c..9f6236c 100644 --- a/justfile +++ b/justfile @@ -1,9 +1,7 @@ update: git branch -D update || true git switch -c update - nix flake update - git add flake.lock - git commit -s -m "flake update" + nix flake update --commit-lock-file git push -f git switch main diff --git a/modules/attic.nix b/modules/attic.nix new file mode 100644 index 0000000..e546a9e --- /dev/null +++ b/modules/attic.nix @@ -0,0 +1,72 @@ +{ + config, + lib, + ... +}: +let + cfg = config.my.attic; +in +{ + options.my.attic = { + enable = lib.mkEnableOption "attic"; + }; + + config = lib.mkIf cfg.enable { + services.atticd = { + enable = true; + environmentFile = config.sops.secrets."attic/env".path; + settings = { + listen = "[::]:8091"; + api-endpoint = "https://cache.cy7.sh/"; + allowed-hosts = [ + "cache.cy7.sh" + "cdn.cy7.sh" + ]; + require-proof-of-possession = false; + compression = { + type = "none"; + level = 3; + }; + database.url = "postgresql:///atticd?host=/run/postgresql"; + + storage = { + type = "s3"; + region = "us-east-1"; + bucket = "attic"; + # attic must be patched to never serve pre-signed s3 urls directly + # otherwise it will redirect clients to this localhost endpoint + endpoint = "http://127.0.0.1:3900"; + }; + + garbage-collection = { + default-retention-period = "1 month"; + }; + + chunking = { + # disable chunking since garage does its own + nar-size-threshold = 0; + # defaults + min-size = 16384; + avg-size = 65536; + max-size = 262144; + }; + }; + }; + + systemd.services.atticd = { + requires = [ "garage.service" ]; + after = [ "garage.service" ]; + environment = { + RUST_LOG = "INFO"; + }; + }; + + services.caddy.virtualHosts."cache.cy7.sh" = { + serverAliases = [ "cdn.cy7.sh" ]; + extraConfig = '' + import common + reverse_proxy localhost:8091 + ''; + }; + }; +} diff --git a/modules/authelia.nix b/modules/authelia.nix new file mode 100644 index 0000000..f231f50 --- /dev/null +++ b/modules/authelia.nix @@ -0,0 +1,137 @@ +{ + config, + lib, + ... +}: +let + cfg = config.my.authelia; + getSecret = path: config.sops.secrets.${path}.path; + sopsConfig = { + sopsFile = ../secrets/services/authelia.yaml; + owner = "authelia-main"; + }; + domain = "auth.cy7.sh"; + varPath = "/var/lib/authelia-main"; +in +{ + options.my.authelia = { + enable = lib.mkEnableOption "authelia"; + }; + + config = lib.mkIf cfg.enable { + services.authelia.instances.main = { + enable = true; + settings = { + theme = "dark"; + default_2fa_method = "webauthn"; + log.level = "info"; + log.format = "text"; + server = { + disable_healthcheck = true; + endpoints.authz.forward-auth.implementation = "ForwardAuth"; + }; + authentication_backend.file.path = "${varPath}/users_database.yaml"; + access_control = { + default_policy = "deny"; + rules = [ + { + domain = "*.cy7.sh"; + policy = "one_factor"; + } + ]; + }; + session.cookies = [{ + domain = "cy7.sh"; + authelia_url = "https://${domain}"; + }]; + storage.local.path = "${varPath}/db.sqlite3"; + notifier.filesystem.filename = "${varPath}/notifications.txt"; + webauthn = { + enable_passkey_login = true; + }; + identity_providers.oidc.claims_policies = { + # https://github.com/karakeep-app/karakeep/issues/410 + # https://www.authelia.com/integration/openid-connect/openid-connect-1.0-claims/#restore-functionality-prior-to-claims-parameter + karakeep.id_token = [ "email" ]; + }; + identity_providers.oidc.clients = [ + { + client_id = "4EIrpRb9rnwHWjYWvlz2gYrtTmoOLF1D5gqXw28BvmOS0f-9T2p4CFwuctf4Co1hkpo2sd4Y"; + client_name = "immich"; + client_secret = "$argon2id$v=19$m=65536,t=3,p=4$Vny2G8EbSPafSwnIuq2Zkg$eF2om4WDEaqCFmrAG27h2mYl+cXxXyttPJ7gaPLs+f8"; + public = false; + authorization_policy = "two_factor"; + redirect_uris = [ + "https://photos.cy7.sh/auth/login" + "https://photos.cy7.sh/user-settings" + "app.immich:///oauth-callback" + ]; + scopes = [ "openid" "profile" "email" ]; + userinfo_signed_response_alg = "none"; + } + { + client_id = "_kuUEYxyfXjInJCniwugpw2Qn6iI-YW24NOkHZG~63BAhnAACDZ.xsLqOdGghj2DNZxXR0sU"; + client_name = "Forgejo"; + client_secret = "$argon2id$v=19$m=65536,t=3,p=4$O2O5r/7A8hc4EMvernQ4Dw$YOVqtwY3jv0HlcxmviPq2CRnD7Dw85V9KDtTSUQE7bA"; + public = false; + authorization_policy = "two_factor"; + redirect_uris = [ + "https://git.cy7.sh/user/oauth2/authelia/callback" + ]; + scopes = [ "openid" "profile" "email" ]; + userinfo_signed_response_alg = "none"; + token_endpoint_auth_method = "client_secret_basic"; + } + { + client_id = "b_ITCG0uNzy9lZ5nVC~Ny5R35te8I3hoQW1uraCbdxeiE9VuiCIelMmZZ7dAZLg_anTUWSQG"; + client_name = "HedgeDoc"; + client_secret = "$argon2id$v=19$m=65536,t=3,p=4$MFSXW3gjIZf0M3e8s8RJCg$6KWwksJe2vdUebPEdYc0Zy88fzGcHPrbStcqkiXl+Hg"; + public = false; + authorization_policy = "two_factor"; + redirect_uris = [ + "https://pad.cy7.sh/auth/oauth2/callback" + ]; + scopes = [ "openid" "profile" "email" ]; + userinfo_signed_response_alg = "none"; + grant_types = [ "refresh_token" "authorization_code" ]; + response_types = [ "code" ]; + response_modes = [ "form_post" "query" "fragment" ]; + audience = []; + token_endpoint_auth_method = "client_secret_post"; + } + { + client_id = "0SbsGvw5APYJ4px~dv38rCVgXtK2XWrF1QvyuaFz48cgsNm-rAXkSgNOctfxS21IWOFSfsm5"; + client_name = "Karakeep"; + client_secret = "$pbkdf2-sha512$310000$4UanDZq.6oholJW3CmKwtQ$9e3hqR8qGU4LoneR/Y9jtJTx0iSzATI4iXymrs8QrmGw4JY1BPF4.IJ9Jbc.8cikU4qpfUIFO6r2dG7JHznCnw"; + public = false; + authorization_policy = "two_factor"; + redirect_uris = [ "https://keep.cy7.sh/api/auth/callback/custom" ]; + scopes = [ "openid" "profile" "email" ]; + userinfo_signed_response_alg = "none"; + claims_policy = "karakeep"; + } + ]; + }; + secrets = { + sessionSecretFile = getSecret "authelia/session"; + storageEncryptionKeyFile = getSecret "authelia/storage"; + jwtSecretFile = getSecret "authelia/jwt"; + oidcHmacSecretFile = getSecret "authelia/hmac"; + oidcIssuerPrivateKeyFile = getSecret "authelia/oidc_private"; + }; + }; + + sops.secrets = { + "authelia/jwt" = sopsConfig; + "authelia/storage" = sopsConfig; + "authelia/session" = sopsConfig; + "authelia/hmac" = sopsConfig; + "authelia/oidc_private" = sopsConfig; + }; + + services.caddy.virtualHosts.${domain}.extraConfig = '' + import common + reverse_proxy localhost:9091 + ''; + }; +} diff --git a/modules/backup.nix b/modules/backup.nix index 52913b4..2715deb 100644 --- a/modules/backup.nix +++ b/modules/backup.nix @@ -6,7 +6,6 @@ }: let cfg = config.my.backup; - hostname = config.networking.hostName; defaultPaths = [ "/root" "/home" @@ -97,23 +96,6 @@ in ]; # warnings are often not that serious failOnWarnings = false; - postHook = '' - invocationId=$(systemctl show -p InvocationID --value borgbackup-job-${cfg.jobName}.service) - title="${hostname}: backup completed with exit code: $exitStatus" - msg=$(journalctl -o cat _SYSTEMD_INVOCATION_ID=$invocationId) - - if [ "$exitStatus" -eq 0 ]; then - tag="v" - else - tag="rotating_light" - fi - - ${pkgs.curl}/bin/curl -sL -u $(cat ${config.sops.secrets."services/ntfy".path}) \ - -H "Title: $title" \ - -H "Tags: $tag" \ - -d "$msg" \ - https://ntfy.cything.io/backups > /dev/null - ''; prune.keep = { within = "2d"; diff --git a/modules/caddy.nix b/modules/caddy.nix index 03d7a4a..c5de226 100644 --- a/modules/caddy.nix +++ b/modules/caddy.nix @@ -19,9 +19,9 @@ in plugins = [ # error message will tell you the correct version tag to use # (still need the @ to pass nix config check) - "github.com/caddy-dns/cloudflare@v0.0.0-20240703190432-89f16b99c18e" + "github.com/caddy-dns/cloudflare@v0.0.0-20250228175314-1fb64108d4de" ]; - hash = "sha256-jCcSzenewQiW897GFHF9WAcVkGaS/oUu63crJu7AyyQ="; + hash = "sha256-pfh9DXUj35jlAntkWc4D5wuW04xxQfM1rZ4KFauMzvc="; }; logFormat = lib.mkForce "level INFO"; acmeCA = "https://acme-v02.api.letsencrypt.org/directory"; @@ -29,12 +29,30 @@ in (common) { encode zstd gzip header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" + tls { + dns cloudflare {$CLOUDFLARE_KEY} + resolvers 1.1.1.1 8.8.8.8 + } + } + + (authelia) { + forward_auth localhost:9091 { + uri /api/authz/forward-auth + copy_headers Remote-User Remote-Groups Remote-Name Remote-Email + } } ''; - globalConfig = '' - acme_dns cloudflare {$CLOUDFLARE_KEY} - ''; environmentFile = config.sops.secrets."caddy/env".path; + + virtualHosts."keys.cy7.sh".extraConfig = '' + import common + respond / 200 { + body "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOfubDWr0kRm2o4DqaK6l1s4NCdTkljXZWKWCiF5nX+6 + ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPhUt9h5dCcrwOrZNKkStCX5OxumPzEwYXSU/0DgtWgP + ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINyn2+OoRN4nExti+vFQ1NHEZip0slAoCH9C5/FzvgZD + sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIA/IX9OFEhHS9Dl8nrtHkL7j7hhy7in9OAY/hVuzEGL0AAAABHNzaDo=" + } + ''; }; }; } diff --git a/modules/containerization.nix b/modules/containerization.nix new file mode 100644 index 0000000..2bcc8dd --- /dev/null +++ b/modules/containerization.nix @@ -0,0 +1,42 @@ +{ + config, + lib, + ... +}: +let + cfg = config.my.containerization; +in +{ + options.my.containerization = { + enable = lib.mkEnableOption "containerization"; + usePodman = lib.mkOption { + type = lib.types.bool; + default = true; + description = "whether to use podman instead of docker"; + }; + }; + + config = lib.mkIf cfg.enable { + virtualisation = { + containers.enable = true; + podman = lib.mkIf cfg.usePodman { + enable = true; + # create 'docker' alias for podman, to use as + # drop-in replacement + dockerCompat = true; + defaultNetwork.settings = { + dns_enabled = true; + ipv6_enabled = true; + }; + # answer on /var/run/docker.sock + dockerSocket.enable = true; + autoPrune = { + enable = true; + dates = "daily"; + }; + }; + docker.enable = lib.mkIf (!cfg.usePodman) true; + oci-containers.backend = lib.mkIf (!cfg.usePodman) "docker"; + }; + }; +} diff --git a/modules/default.nix b/modules/default.nix index 96ea519..0d4638f 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -5,5 +5,11 @@ ./caddy.nix ./roundcube.nix ./zipline.nix + ./containerization.nix + ./vaultwarden.nix + ./searx.nix + ./attic.nix + ./authelia.nix + ./karakeep.nix ]; } diff --git a/modules/karakeep.nix b/modules/karakeep.nix new file mode 100644 index 0000000..3e75f74 --- /dev/null +++ b/modules/karakeep.nix @@ -0,0 +1,81 @@ +{ config, lib, ... }: +let + cfg = config.my.karakeep; +in +{ + options.my.karakeep = { + enable = lib.mkEnableOption "karakeep"; + dataDir = lib.mkOption { + type = lib.types.path; + }; + port = lib.mkOption { + default = 3002; + description = "port for the web service"; + type = lib.types.port; + }; + domain = lib.mkOption { + default = "keep.cy7.sh"; + type = lib.types.str; + }; + environmentFile = lib.mkOption { + default = config.sops.secrets."karakeep/env".path; + type = lib.types.path; + }; + }; + + config = lib.mkIf cfg.enable { + virtualisation.oci-containers.containers = { + karakeep-web = { + image = "ghcr.io/karakeep-app/karakeep:release"; + pull = "newer"; + volumes = [ "${cfg.dataDir}:/data" ]; + ports = [ "${toString cfg.port}:3000"]; + dependsOn = [ + "karakeep-chrome" + "karakeep-meilisearch" + ]; + environment = { + MEILI_ADDR = "http://karakeep-meilisearch:7700"; + BROWSER_WEB_URL = "http://karakeep-chrome:9222"; + DATA_DIR = "/data"; + NEXTAUTH_URL = "https://${cfg.domain}"; + DISABLE_PASSWORD_AUTH = "true"; + OAUTH_WELLKNOWN_URL = "https://auth.cy7.sh/.well-known/openid-configuration"; + OAUTH_CLIENT_ID = "0SbsGvw5APYJ4px~dv38rCVgXtK2XWrF1QvyuaFz48cgsNm-rAXkSgNOctfxS21IWOFSfsm5"; + OAUTH_PROVIDER_NAME = "Authelia"; + OAUTH_ALLOW_DANGEROUS_EMAIL_ACCOUNT_LINKING = "true"; + }; + # needs NEXTAUTH_SECRET + environmentFiles = [ "${cfg.environmentFile}" ]; + }; + + karakeep-chrome = { + image = "ghcr.io/zenika/alpine-chrome:latest"; + pull = "newer"; + cmd = [ + "--no-sandbox" + "--disable-gpu" + "--disable-dev-shm-usage" + "--remote-debugging-address=0.0.0.0" + "--remote-debugging-port=9222" + "--hide-scrollbars" + ]; + }; + + karakeep-meilisearch = { + image = "getmeili/meilisearch:latest"; + volumes = [ "meilisearch:/meili_data" ]; + environment = { + MEILI_NO_ANALYTICS = "true"; + }; + # needs MEILI_MASTER_KEY + environmentFiles = [ "${cfg.environmentFile}" ]; + }; + }; + + services.caddy.virtualHosts.${cfg.domain}.extraConfig = '' + import common + reverse_proxy localhost:${toString cfg.port} + ''; + }; +} \ No newline at end of file diff --git a/modules/searx.nix b/modules/searx.nix new file mode 100644 index 0000000..db22bed --- /dev/null +++ b/modules/searx.nix @@ -0,0 +1,47 @@ +{ + config, + lib, + ... +}: +let + cfg = config.my.searx; +in +{ + options.my.searx = { + enable = lib.mkEnableOption "searx"; + }; + + config = lib.mkIf cfg.enable { + services.searx = { + enable = true; + runInUwsgi = true; + uwsgiConfig = { + disable-logging = true; + http = "127.0.0.1:8090"; + }; + settings = { + # get secret from env + server.secret_key = "@SEARX_SECRET_KEY@"; + }; + environmentFile = config.sops.secrets."searx/env".path; + redisCreateLocally = true; # required for limiter + limiterSettings = { + real_ip = { + x_for = 1; + ipv4_prefix = 32; + ipv6_prefix = 56; + }; + botdetection.ip_lists.pass_ip = [ + "100.121.152.86" + "100.66.32.54" + ]; + link_token = true; + }; + }; + + services.caddy.virtualHosts."x.cy7.sh".extraConfig = '' + import common + reverse_proxy 127.0.0.1:8090 + ''; + }; +} diff --git a/modules/vault.nix b/modules/vault.nix new file mode 100644 index 0000000..1e3772d --- /dev/null +++ b/modules/vault.nix @@ -0,0 +1,19 @@ +{ + config, + lib, + ... +}: +let + cfg = config.my.vault; +in +{ + options.my.vault = { + enable = lib.mkEnableOption "hashicorp vault"; + }; + + config = lib.mkIf cfg.enable { + services.vault = { + + }; + }; +} \ No newline at end of file diff --git a/modules/vaultwarden.nix b/modules/vaultwarden.nix new file mode 100644 index 0000000..443d886 --- /dev/null +++ b/modules/vaultwarden.nix @@ -0,0 +1,32 @@ +{ + config, + lib, + ... +}: +let + cfg = config.my.vaultwarden; +in +{ + options.my.vaultwarden = { + enable = lib.mkEnableOption "vaultwarden"; + domain = lib.mkOption { + type = lib.types.str; + default = "https://pass.cy7.sh"; + }; + }; + + config = lib.mkIf cfg.enable { + services.vaultwarden = { + enable = true; + dbBackend = "postgresql"; + environmentFile = config.sops.secrets."vaultwarden/env".path; + config = { + ROCKET_ADDRESS = "0.0.0.0"; + ROCKET_PORT = "8081"; + DATABASE_URL = "postgresql://vaultwarden:vaultwarden@127.0.0.1:5432/vaultwarden"; + EXPERIMENTAL_CLIENT_FEATURE_FLAGS = "fido2-vault-credentials,ssh-agent,ssh-key-vault-item,autofill-v2"; + DOMAIN = cfg.domain; + }; + }; + }; +} diff --git a/overlay/attic/concurrent-32.patch b/overlay/attic/concurrent-32.patch deleted file mode 100644 index 639c1ec..0000000 --- a/overlay/attic/concurrent-32.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/server/src/config.rs b/server/src/config.rs -index 4412cbf..6dd483a 100644 ---- a/server/src/config.rs -+++ b/server/src/config.rs -@@ -565,7 +565,7 @@ fn default_default_retention_period() -> Duration { - } - - fn default_concurrent_chunk_uploads() -> usize { -- 10 -+ 32 - } - - fn load_config_from_path(path: &Path) -> Result { diff --git a/overlay/attic/default.nix b/overlay/attic/default.nix deleted file mode 100644 index ea0cb05..0000000 --- a/overlay/attic/default.nix +++ /dev/null @@ -1,26 +0,0 @@ -final: prev: { - attic-client = prev.attic-client.override (old: { - rustPlatform = old.rustPlatform // { - buildRustPackage = - args: - old.rustPlatform.buildRustPackage ( - args - // { - version = "0.1.1"; - src = final.fetchFromGitHub { - owner = "cything"; - repo = "attic"; - rev = "d660c85bdb6bb10499a23a846a13107ea0c72769"; - hash = "sha256-E22d2OLV02L2QdiSeK58flveehR8z8WIKkcN/njAMdg="; - }; - cargoLock = null; - cargoHash = "sha256-AbpWnYfBMrR6oOfy2LkQvIPYsClCWE89bJav+iHTtLM="; - useFetchCargoVendor = true; - patches = [ - ./concurrent-32.patch - ]; - } - ); - }; - }); -} diff --git a/overlay/conduwuit/default.nix b/overlay/conduwuit/default.nix deleted file mode 100644 index 1222c83..0000000 --- a/overlay/conduwuit/default.nix +++ /dev/null @@ -1,44 +0,0 @@ -final: prev: -let - newRust = final.rust-bin.fromRustupToolchainFile ./rust-toolchain.toml; - newRustPlatform = final.makeRustPlatform { - cargo = newRust; - rustc = newRust; - }; -in -{ - conduwuit = prev.conduwuit.override (old: { - rustPlatform = newRustPlatform // { - buildRustPackage = - args: - newRustPlatform.buildRustPackage ( - args - // { - version = "0.5.0-rc2"; - src = final.fetchFromGitHub { - owner = "girlbossceo"; - repo = "conduwuit"; - rev = "5b8464252c2c03edf65e43153be026dbb768a12a"; - hash = "sha256-yNdxoVZX13QUDJYM6zTMY9ExvacTqB+f0MLvDreSW8U="; - }; - doCheck = false; - cargoHash = "sha256-g19UujLI9d4aw+1273gfC17LDLOciqBvuLhe/VCsh80="; - # unstable has this set to "conduit" - meta.mainProgram = "conduwuit"; - - buildFeatures = [ - "brotli_compression" - "element_hacks" - "gzip_compression" - "release_max_log_level" # without this feature to enable debug logging - "sentry_telemetry" - "systemd" - "zstd_compression" - "jemalloc" - "io_uring" - ]; - } - ); - }; - }); -} diff --git a/overlay/conduwuit/rust-toolchain.toml b/overlay/conduwuit/rust-toolchain.toml deleted file mode 100644 index 97e33c9..0000000 --- a/overlay/conduwuit/rust-toolchain.toml +++ /dev/null @@ -1,28 +0,0 @@ -# This is the authoritiative configuration of this project's Rust toolchain. -# -# Other files that need upkeep when this changes: -# -# * `Cargo.toml` -# * `flake.nix` -# -# Search in those files for `rust-toolchain.toml` to find the relevant places. -# If you're having trouble making the relevant changes, bug a maintainer. - -[toolchain] -channel = "1.84.0" -profile = "minimal" -components = [ - # For rust-analyzer - "rust-src", - "rust-analyzer", - # For CI and editors - "rustfmt", - "clippy", -] -targets = [ - #"x86_64-apple-darwin", - "x86_64-unknown-linux-gnu", - "x86_64-unknown-linux-musl", - "aarch64-unknown-linux-musl", - #"aarch64-apple-darwin", -] diff --git a/overlay/default.nix b/overlay/default.nix index 6a824d1..67d855e 100644 --- a/overlay/default.nix +++ b/overlay/default.nix @@ -1,22 +1,18 @@ { inputs }: -let - overlays = [ - ./attic - ./zipline - ]; - importedOverlays = map (m: import m) overlays; -in -importedOverlays -++ [ +[ ( final: prev: let - pkgFrom = flake: pkg: flake.legacyPackages.${prev.system}.${pkg}; - stable = inputs.nixpkgs-stable; + nixpkgsFrom = flake: pkg: flake.legacyPackages.${prev.system}.${pkg}; + pkgFrom = flake: pkg: flake.packages.${prev.system}.${pkg}; in { - conduwuit = - inputs.conduwuit.packages.x86_64-linux.static-x86_64-linux-musl-all-features-x86_64-haswell-optimised; + garage = ( + (pkgFrom inputs.garage "default").overrideAttrs { + meta.mainProgram = "garage"; + } + ); + nil = pkgFrom inputs.nil "default"; } ) ] diff --git a/overlay/vscode.nix b/overlay/vscode.nix deleted file mode 100644 index 4de2d90..0000000 --- a/overlay/vscode.nix +++ /dev/null @@ -1,14 +0,0 @@ -final: prev: { - vscode-extensions = prev.vscode-extensions // { - github = prev.vscode-extensions.github // { - codespaces = prev.vscode-utils.buildVscodeMarketplaceExtension { - mktplcRef = { - publisher = "github"; - name = "codespaces"; - version = "1.17.3"; - hash = "sha256-idJFYHJ4yeqpFZBX55Y0v1yfzgqyhS0MrC4yIto7i7w="; - }; - }; - }; - }; -} diff --git a/overlay/zipline/default.nix b/overlay/zipline/default.nix deleted file mode 100644 index 72ec089..0000000 --- a/overlay/zipline/default.nix +++ /dev/null @@ -1,8 +0,0 @@ -final: prev: -{ - zipline = prev.zipline.overrideAttrs { - patches = [ - ./no-check-bucket.patch - ]; - }; -} diff --git a/overlay/zipline/no-check-bucket.patch b/overlay/zipline/no-check-bucket.patch deleted file mode 100644 index 9d1c756..0000000 --- a/overlay/zipline/no-check-bucket.patch +++ /dev/null @@ -1,45 +0,0 @@ -diff --git a/src/lib/datasource/S3.ts b/src/lib/datasource/S3.ts -index 089dd64..39dd8f4 100644 ---- a/src/lib/datasource/S3.ts -+++ b/src/lib/datasource/S3.ts -@@ -4,7 +4,6 @@ import { - DeleteObjectCommand, - DeleteObjectsCommand, - GetObjectCommand, -- ListBucketsCommand, - ListObjectsCommand, - PutObjectCommand, - S3Client, -@@ -38,32 +37,6 @@ export class S3Datasource extends Datasource { - endpoint: this.options.endpoint ?? undefined, - forcePathStyle: this.options.forcePathStyle ?? false, - }); -- -- this.ensureBucketExists(); -- } -- -- private async ensureBucketExists() { -- try { -- const res = await this.client.send(new ListBucketsCommand()); -- if (res.$metadata.httpStatusCode !== 200) { -- this.logger -- .error('there was an error while listing buckets', res.$metadata as Record) -- .error('zipline will now exit'); -- process.exit(1); -- } -- -- if (!res.Buckets?.find((bucket) => bucket.Name === this.options.bucket)) { -- this.logger.error(`bucket ${this.options.bucket} does not exist`).error('zipline will now exit'); -- process.exit(1); -- } -- } catch (e) { -- this.logger -- .error('there was an error while listing buckets', e as Record) -- .error('zipline will now exit'); -- process.exit(1); -- } finally { -- this.logger.debug(`bucket ${this.options.bucket} exists`); -- } - } - - public async get(file: string): Promise { diff --git a/secrets/cache-priv-key.pem b/secrets/cache-priv-key.pem new file mode 100644 index 0000000..c9bd80e --- /dev/null +++ b/secrets/cache-priv-key.pem @@ -0,0 +1,28 @@ +{ + "data": "ENC[AES256_GCM,data:IVRg3IqrlV1Cy3xwyVszhUnRzbWP3OSb/XZF1H0N30eKL8d0DxFGngC5qMgRcmSs203/QL3w0fENp1u0f8tVajqJVlzLjlsiQrMdtXmiMv0LKO7E+aj4UZ0wMchB0XgSVUWrKUXxZrA=,iv:3GtA07yuAAI++RsLSwY3U62k1iG9+hvkGn45HjFt/Gk=,tag:PJ13CrjcE06KMC383txqHw==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age1sy0at69err83qyml2vqu8xvwjccfws447aaadfvacj2qluw3p45s2mtrw8", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLcGd1alJmNWM3dVBmSWxs\nRHBTOVV6U3p1U3Q3bzQ3OXYrWVhNVTlxTGxvClllbFMwc3dFZW56a0d6eUhVZ2Na\nMUVJc29CNHVMcHRLaXBlRnRLZ2pNb0UKLS0tIFRERnRBZGVFRk9sYmpzVjlpdmN1\ndjUyVmRZMFlFTm4zSnZWV09WbTNoMWMKM35a6GkCZIKscqgADrbIa48T8++wkhLP\nOFr03bv6D0Hj38VLWx+kh9kmja8BaxmdSUTeAhdORwbQumJBAqjsOw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHbEh0YkFlL3dPL1FmcE9m\nbjl0dHhQZlpBREMwYzQ0NEpQQ3RZVlNsM1Q4CmYwS0VDNjFaOXhOS3JkVUtaTEJZ\nSVNyZ1lXbEhCbE5XdGxCRWhsNVR1N0EKLS0tICt2Um9wQ0pyUVpnd1dVemM4NmpU\nTHE1bi9OcmsweDZyNVpVVUlITmt3c28KdX6fO1C7Ma66AAv/RCI5z8p/7fSvKWQ7\nCL86Nl4Xzb5WWxkteO4wOoHh4y0+9dpEAbS/XP78PkC07uRttcS7pQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCRmNheTZrUWplWFZJcm53\nbC94UHdYbXdsSFB0Nk92Q29RdGMxbUxVeEhjCkZqVk13bEFvNFFLZllTN0NUeFpj\nRkhlYXl5STJrbVQzeWg3YzlQZ1ZlZncKLS0tIGhjUytJa2FXa0VVTFlMN2ZpTjF0\ncG9ZTG0zL2dNekV0NkFZWWVrcFpPU3cK/Kia/sHk5T9nlbDg2G52uQcJUoPrnu3y\n6ARJKoz0MnV4csjS6IZCFSb7Vy5DSH+at3khEw3x00eGae1Jd89vwQ==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-03-27T20:37:28Z", + "mac": "ENC[AES256_GCM,data:35iUoodcjvIn+VAE20f2sHFaTh3+aqCYQ4HalWdVz4eUSkVNcdXs2uqOZtFv3MszDiH9izM84OyHwykudJ99QE3B/NwpfIoKQaU6Qg5X/g/rC1meffMaZwcASVbepjznahbTKmJqeSrMeybrBIV+6FaSjWXn0+D72GEEM1vgH9c=,iv:N2CbttHJsczm37qdapOCrlNeSSgsZBDlvWyvUpa3mkk=,tag:btniVwaVS9h4jDo4IM2wcA==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.9.4" + } +} \ No newline at end of file diff --git a/secrets/services/attic.yaml b/secrets/services/attic.yaml index c4ba9a1..2c42101 100644 --- a/secrets/services/attic.yaml +++ b/secrets/services/attic.yaml @@ -1,5 +1,5 @@ attic: - env: ENC[AES256_GCM,data:0qElab1fenlFSuj5GnLIOeSZkj2JX4n+idEg4kwoAoulBG3RxFzHP8zcIW1aDBG3E0trFjdTsrhaIYrfLijgQeDe05kJVJkiLM+wNZGf6w18n90/zDlpbOk9ZKSaqqsqxZ+XItW9Z8VTd2ieTlh75cedBjOaqJkn+DjjxV5YvyqPFJ69xjsbJbt5zWfFeudObiPmTJ1mdto9mMkPAmy2lgUFoXH72tRbkSNqEppylmbuiUF0tO8bpTuAa+o3apcv/tdZkvl6EV7LjTcOWBSkT8OhpGjykdiBLnJmX7yGjPSATbu+RGCkS5ZVCDG0el/RmpgrSZ9uPN6IqZPiop2bHZkAFKM7XBVevOTNmmjMLt+u3yzp5Mk/WdOUEK9vQfMRxperyQhYYtIxGEr/RYpTfV4xO4uW8GQzIg9PLKLrBeHrOrivJ8W83TlzQiBvbTjMLpmh0GFwNHMBNESNrY744PFPYJyumKBTWSzvVtDT6/bWnbmUI4SIbkCPySqu6hqHJDZbwX41oQa1yn3/CnehvAaqelbNbpiOYaYa36HxCpdSZBgiXlAGhQAEgk5VhbqpoKE8OjBdORscB/IT5OXx0dBkiOeYpiCu79LaOkxgnEVWqckwOJLJptvpZGoP81MaYbyLYbxfUHywRKMA74RG4XEJgx6YPmIn1/yRZO4y+BLhNyfTGQY7P6qPVlh9wMwyzXZA2roDLbS3hiJjFaUoOViMmmhxKveBhXQ7BCYspGD0G2L8FkkqZSNRum+LRyI9okMMrRCShz35sIoO4KLcUIq/j/RUdq8tpUy0VPIxjwHVDZ54Ehg7sVdtmJIlO3apCVnSdU+Er8gLwPuOBks6HhdU9u0HXK5Q4xxRcGnmrbdrRlVvauHceyJM/r//1Vgf+0dck75a4I8k6Hh8Pe8uKT3SxQW6Z/xhhq2QN3uE4tKGitpscTVgqVDlUCbMye7b3vjSfXkNiFtp7p9wo9K87osnua0ba3KCgqEzAAT6eRnlVZp/Dq5RaP4IOkYp1F919NkDaZX5t+M2DXvKhIC08nbdqSu6vxRK4KPksUUaYja6w8hjgWsN7VAYH0nKLSOZN8fGF7nNgxLqnh+2bKEQDOQ/Gn3sr/xKONcheKu9RXfoMng0Vd1f+Udg6p6049t9AcHkY2+gd6Cm4fmyZT0Ym50kh63eNI/knDmV/WwOTGld/XcCNwUDbIZl2EHS23rVqoy4XhEHgHIrdN+wh1+zhMW7ZeTBFSIHxYfrziEM33hDQKYYxywWt81tMYjcx2nYKqep1IRuL/9IillZuJ2GTNwidPVFjxgG3/a+0/hghSMr47t/x8EO2YlIoaKkCitkNiRX/4z3t6bfO1UmXxS/hNriFtpXYBVE+v5RHG3ttatbWUxGYU/tSR3at+GJAm22lI7SpEp4kpsLEc7bCNB8m6wqD1rLJ9xQbPqgA6CqTWBCAkVyts1H9QBsRMEJRsleqGZzkjb1p44lAgLUl4YnHCaLWN2En0GmQICetuvl2YecURlXNw6eF166vALvrGB5zGAFFrv7VPIP84okU0yPoxqi/zv0QIl+1p5/avgfYRxhSigeG+caYKs0sqnw5Or7nSh3uwggkt+QvPfXvuzB5P4O2KZOgkziZngeoExLtQSJbZrUuM+qhvt0CiB9m2JyKadSUbBf6mbafSWh6gKTdZRbarWbrvwcEB/b0nBGtNz9QlXcX2msaw8gqu97FVKVtXWAXv7P8Tne/0evb4U7CBCxU3FwsNHIy9VGdbsAWrfHUtYr9NyU9Yhjrncrejbp/0ok08XC2yJ5Lx4fqpibCOD2geHkmTS1EWOMRXqaE1rtroodpzXffzXv/CUXZngH2wc1Jc1NhnTmD/NYA1QviR+wrQGBxrCUz257fER5tYGp7MKNxIEiDPvXBC4SF8XAweoQpMzXof9RHn15CMtNU8+gf9LAltA+H7OZ9N4qyW9R9eXDOOrTW5wNthXqXel+GWSYi2H9H04b+Wf+bG7OwKd2mTpJJ6CREbX7tItBybjH3d7EGU1DGD7IYJhw2IaduqnSywyqgywT1ge07hxziU8E75bpPBDbB4v2+XWBPYItnjAj2BZxBdOIrCTmrMuaewynOAKtHPOn9v/t3wN9pbfEUbFraZGCVytSMJR0lWbhUm28ViO3EHq3DbhVIOLaMimd9Op/IIxjWrcmIvBXT8D/kM+pbYRc4vhfZQXfhFSwmTi5JHTgtaF3wEl8VGMfMLo4fqUz8nrPwJtmvNHP6GvKp9eqrBCtSjvzYD4Z1az9lgQit2rS+fv4XSynNeEZ/IYlDCJDHRCMEKEcJAIxCWRLlXjHMdfWYAMDBCpdrUxFuGuES5/7T0tZS2NbG/n7rMGExJwgAjzbWDe2N0cxegDREJMPJkPq7Q4MzhcmXhvigUYF/qkkpAkaYql5TUIQeWiIu5QsDwdbmED+6X84qKbsPRZ+8vJ9VJSnxMbrV8eU6ao0iWUceRqETiE9f3icg2SsP7n9BlliEUzuGcvW6lhAwHVwaGbhH8t15iggCfbqL+sQ9kTlda+oFC2sxQ8h3gi/kdffsgKCYwSt30RFojlVgWEZ6zMoHS7jo3EItYx+8EUeIfUwkqSRWb+mMb62cBjnWo9M9pK4m7iD85zAnzdLqzTqj6E+tzRhP/SXAo6HW2jIx502tN35MYBBnhmnxlWHGhvlAG/ItP0N2Jq+VuX5XF9HU3teXuaHVZVuo630em0L5YsyyUhyRGRQuLUpTwcvXFO9UXm2p+XpKshCkbCLxO7rgpg06vvJ4/AKrpVbTEDliMr1e4YL28dKc1jDRzjmhGUqDavnCi98x0Z9I4xuC52P1RHhkwEHgGu5ii7LsIpZ2vM4R8vbp+0zWgJzjnimMGZlAqrJlGMhNnqpv3/tk63ADCBkeol10MNxTBAJKrmZXtVXUxEX1GcFUdjFvOEz8vrgm/ide2t9qYfAW2CgJnSnUJdSFiOq8n7EeH70PPpWTwQ7HqncK2J966MmUZom5Flth8rIb8tN+m9WKytDSAhIdBL6z13kaaUiEpw+0TSb3tFSGlkyPyIjgwMuUplrBczQ5r6sfwbF9jt7SLpOU83OhSPepGmCqNTeym5fJK/0h4ypZx+bjvHSM/Wf1l/N5gcq6INLmtsZqPFIFqAqZL3fGCBTRO2ViERAccTHMN8VEEk42vW3PPWx8H6QEkNK/3tHwhdndrnmvq6wBhMbKF7i/Y3n6wy6LnSVWrB17qU1ZpRSGtraQsbUMm4fksuhZBOqPZKsyQAu+7qBs7I4NBn9u2PklZ4BZuhca/hzqWfW8tHtSy6iWIwS6lTwjasC2hZ+LEepINK10bWK9nm7m7fETFukGYgLgKGXgj1lca6G/dYidc1UHE6sLYlgHmLp+GTv1Ajup/jr4oll8AEtp2QEXTQRAVtlPSgqjNXluNL00EVG+YXuOhjh6iuA7xHIq3mg3UR6sDOW6v3h9Iaf5/muVMhJb/2srx1mjRIku0QUzpxyT9jkKQFrzyi4uxqPUJBstIEBToZCQa8ScoGmW5VS7l55M4LPRyMU/JJsa7G/IDD/IbCPLlKh+yUYbCkYupbU/SyVrJoUeiYZHfzrJWXeKKte2/4CQD2MYkV/IY/K8w5T2io0/6gdfhRi2xnMpUoqAMy8ow1wGtpJyDbkXEj+KrX2jk7nSIHGes1gbmN5ayVg2WDiebERJjZBvoLt/aiIwbzSoMKUiJuNzQC9akx7qisOnFhHsKgX1aoefBFw6Q3ChKP/z9cdBpj+jIvN/yjA1fNxpdlmXRitx6Hcum6LJJw129P43MJOVNNgX0if0P7arMJOidxgIg3oB9fEEhan6tCVyLUJUH4saGO3CoVyFA2NLqOZtAQcNzadR9lQaQnqtr3V6iHcv0IgAEYde9AdO1dDkA6OQQY8H8ZiDz0dYtsYR8L+pvqgMiMo2smGFg2pnScyNTypL5PEPJdy4dx8UnMbg8BHgnGMVcXbpTACGe3rvJzwdNyPPzisvn6fJGcSQ8A2G+SUIJLxxxQ5XQMAjeSTmPoWS8DTB7g/vNXD62XoMs24HllzcksUiBJtkbl57FL1BKcwtZesMeoV1Rd+t9lKk5UBiBjqAYYRk+BNWf7LV9ue5y1K0MFPcfB92FPrYPT1LbzZZ1lLRNr260YkBiKVQYhkMmyL1OkCpIGdOKB4fsuUETlA1+KIOcXVuVgWxYkqGcAu49pb0OICjjfXoqM7wuoqttz2GzsQrvyJ+fjzRIIxiEWmVw9v2wrAE2M1aWbA7RAWYAIpy25YrW5MATt9ZWOJdlhqfZOECtwSzn80ohD5+ysmNUqh950EhTvAxqeAO/6PfTXK9EVZM7oMfjrEQ5fJYbJ21HU9kDJjIuDxewr46um8VPrj9oVowhacY0hOo38DpZEd6BvezGL1yWFnZ/s9O7A3I3/6z3Xs/GdZlqPW8pcih7OPeAqEV/E6fQHx4wAAUgIjn72WDcaes/O7SwpM6T2HfRkxfobq1tFeGwf2PNq+74EpVJCZDgjJwqPmFrrwIPxkLWD66/hp0iGEBPtfGRHCFk8PzlccTZeWYZNTOS62g4m+sHugwTMtwk1VCa1C4VNijHa7yJPfxiI1dnmS98CmIHYX3HL+NNk9S9t5w0DG7bJzfbuEgEyOcbBOOq2RhQXyBNT4Pb3avc2CzHKPxxdhiLBKEMBIp9QAQsj9sL3bFxlhU4LmDDsu8ZoTvpfbbTB1YD9gx5yOQamRuyjkErHmGizNYhemMaQszvxJon0u/+tHGMO7vyK3Ex5+apIgEFrMGwvOUTwMFMAY8kSOcoEV09y90BU9oeAjmsUQhZqAvAb3GBLEPhWc7I9cAf7vPXw0/tH+fVUAI3eYdDh5GX1pD8I3Op88LljAk8USu4eBffESKfu7A3s0OoSpQw5ptwkWR5n45TPU60pP+82T98OKQoYJ5BwUuvAjJXwU2gfLikR9SFWoqpYd/5xx3ZKoXh374P8purIDwav7YHf+AWWz2BpsDof81Eplqr5O3F/iKvnBTftOmEXYkJH2ymkUzsCUf1liuafb1kLJ6UWrtR6ieG64MMYPv3E5ok0XEkvKAYqTa4Ux8XWOqBVq9qosuTAKuaYEnaFwK0TRefzJBTJuQCFOZnCmm6erQ/ee9pcXwRNyu/ODWwBh0U5e63PlMbbMrCMwuQtOW95U6ysmJF5Cg1pRsHwRmhOhQfIQpiQx5xQZXEr/xNSFPc7dTzrzPDszOQs9HZM57YDs5hG8gboiG5hLQ1Ly/j6jP5zli0zSd1FTMA1/f8V//emhAKfS5V/J5+N4WEMMf2PZo4/E4fn9qo6q9yv9AbikxsQLmBlf+P8ZS79dJdM6tulMyYutbEhrh2oQyDJiERd+hWI7xgU6RPXmyWGzyc9ksUaPIeZdyD4s13tq9KA0GtfpjFmY2TUxSd2qaAFDqbITkZhGGFaJr0TcJUavrSFpWMpqLGjPaxqefqVdAnPp1yr/CplDVo1amO1Uhbfx9Zhmsvmv5w3kD3s0q4K3sFaW38Chbc1o5U9SiKMhenTxqthsZ/x4AH+kB6FDEH5mLQ/SZb5EMwL3wpwc3EigXiJVZhJWeTOOQyodLQTBZpxK4KIa8j8vJaY8Fk2BxHg23H1JxqP2Ryhhof/Pqt2CAJL0XiUjL13xPqPwNrpthdVZhG/Ty04qvsXUjnrVsmgYb4KuP074EZzylczRllKGANPVNfyh+cDH4HAi6yF4RlZBrOMCSLP1R7f86mFn9x3oA3/7UkjZp502EF7TLa0l7n5rMgl2pbaapKKsw9NmCnbJUqjsjwAYiYPgYa5wVUgP9YJz3Ju8wIxXtezMtFi/IJM50B1f64Q+zvWMi6zlwdOUmCHVaZ0I0u/8Wc4nsIjAZ8kgqUXkmwkBlMoWBgzifvs7EaP4AqPPZlSEh4cAMsrP3WMmnIEasooq/HvtAIsKg+pI7qK/n1aJBKVhQkBNrQQJ+XNKLFQddf7Pv28bZdcCjwDgvOwRig==,iv:XGLs0HSedykhhCR2fB0QdN/LmGkNHwA8pnVGG9ZNNp8=,tag:RRjtMpklT+MCgEDsvwyXhw==,type:str] + env: ENC[AES256_GCM,data:zaaavLrMO4pkwgt8ua32movvyeGLsqf/KBxBh17+lwIFSgrFtJ0SNEuedw1OpmjWNjjBbA3gmd2RvoYA7Ry/sSAA7cDgykr01g853c0vcr4H7u20J7gTJwSQaHVtuPwXO8VWE+xWEBJ7Gdq+fArxbHB1gW2aYtZk1w/Z40Tii6XVOuCS5YTpg+dkCuJ18q4p6o7K67W365Oq8JfcPNJ+uuOyG6UuCmoRo4iJYa+Zn53fz6soHUuC+m1G3qOB0lehbENUEapacqISz46IN1edR3+E1mcEk38q6VwbkYKBy/rycMSO9LaLeCDOD7UnxUa7Ks8Bk9BnJmI7N3IUfSHD2K+1qQuJsB1JcEnkXo+UbbSf+SG8nR/rIxj1GIJKxrJ2w1SGL1cyDw92xMJtK+kIDdvWHTsc+TwwZSL3/1pxivMIKVDhj2L2NGeIU7vBBxt0PYwgaFHA9JEH1k0c9U04Ug6P4TCOlv5C2GTL08IEnRh9ybJVHSbe8uzyofRiPjvPA8wTHwk0IPPUNKnN1Mm8MvQFNCIo3Cqnebar5r+dOY+E72Z7qNLPPM7kUWxpACwLFxDQyU9qvKeKovdmDyhpc5lC0IJbRJN84fNj50WsFI7k8txQMHkzF+GW4hRwzGnAmiZPvbYjzK+dmV0Qhk4Euiu2r5mBJNQqbHIYkwD18gk2Iz0nztLpsJLJcC9oztj+FewMNtntImYrMtv5ATYybeTuUT8wHQszOks+1EfWnISt9pU8Bn7YWmbcyD0btEjJy4BqCas5QBPamrNG3IVxT4GDqzJw8jJYmg1HF8RcGXm3wzgL0KznC8+Cd41jw1RJ6ejxkPSvZJ++rtbYg5OKQYx3Xxyl0zNSs93Agdejaqhm6twnqsan9SS1dTVJARtVYOQAN0ionHsZItKUt7zIcwm5kXxvHwvt3f9aQi8E+PxE2kfaJJdN8vnEAJOkVqUeK2zYf3X4/DSDVDB+0lPIvr5cU/Tq8P71KFgE0XtogMc7kXg8Ka4q0Ji6HIr2aY+4E4ejMVyyGH+C7/eMnTdL8BU2uZXPPbMwm7pE+3ScBaIhvtlgJtbzOW8+5xIXnPrI7k5ihTjcyPWXKghp6K2f8gTx4Ol2McJdy6zzdYvHrkKm0QplY/VnivDAUGmoimc1fdqCNq2p7iyj6+6//GIJWnzCpQP0bTs9xzZ/rfG6PLh3Y4uTETpnoyO3dZwGEWwrmsGVt03r02eY4jKEh9cARdyTfJJsoKb2403zxCUL7Gr5mA3FagA2zJuFQCuks2/HxRQyGmnd9IYde6CwXMJLUtCnoW2U0s4jscflEvfzXEPtlvuxpMX0r6aBUh4ryNryJtxCwV2Hqhcbuy73PTJT+/hSxD22HXNoNxnTb0A08mTRvXhwuciGkRr+TazPk38WzMDRV2SPIGmWTQJrsd2l1PQmo2d+aeaX2mH8Z9CQmU7l+WjzZHS3H+/LiG/Wi1TJBWLx2/MwFkFhfpCj0x9Scm9nQ5JFI3YBAc1cG2Q1uAjyCTnhY3oySfV7CrVdaF1sectScCVv2fJPFWPH3rI9noWqMh6tzaHcinB5aPnTtqoLo2p+Nu+RVwC0gKa8NZX2Py2SjsN8FBMq/EbVeUBN2pA7mEN3LEBED3qV8PzKMctZ3H8Dcwj8tuMyzxyqVMgbhyMwtE51cyg8GGi0KjFenJerI00RRnSz0MfI38PVz483i3APFrWT20/Cgcvhn+L98oZktsqzDb3qOOKVqRDv57MFT8GIlPUmgCx3T23L1SyvTetVASGdu9bE2Iv9xljikM6J/fqqs+i2d3sk+ulHZrP8OSSd/rTwhU0R1TF38PSaUvY0vj8VCKWqTDpz5zZpsWPrEXTuERcJJcPv3VMT/jXLXafj7CfxLzb/n7hp2oAXdMLdnUO6esaTFnPPm4ky8/B4uK2LB3nf3sB36aQAWKiUDk7BhNBIsGSvEf5ZT8W5EoGfZiLFVCFA4svYtbyMRyRLoofBls6FUbqzpVaQijb7coMnPdM+bPFdvNq0WhOVlhmvXGpCQejMV7SToj5tIWAz2+kSdsm/ekBu81VduCrK99lH6XX6fgkBBRcXOVnz765zD+iTIlL4ytkZ2sLq9VOunQmVD91l4/0T0Dx0L1u7jpNhvZmTW6qLEDH7SRl63mEYsXbPiIG19aK7jDQMGY58PyGPUx3q7JClbIj+2L3rro02WNf+6+RWO+ayzcHdydBPCVo4eRZb8IxwhqsRVWW57wNy37kbmWBRBq5z/O3cEaVasBHx7gTmCpfJSad+Pawizrd2+1OYPKfTls9ZOting/1lL3peT/thIjZVmw3nkISfRPayOGASqB2j80Fn5jM1em0vv3YMaQophg2JDs9AVmGr0OOOqLld9hlX3XseRPL7R9r7Q4UQ+b/v8hBGrKWAp23iTWp9kcbatzSsZ1K9LKRxRcqpNVBv0aaMun2q3NA78msQPe7nPZLoW/R3Lm7UJUqv3xRzgFgSenkuL2RaP7bg2LtHjsb9se03LslXh/spzMHjv7EX+w2NNMUChJ+eyXw5XEYXLEZzv+oiRkT13EaAKxFRHjscEXao484irI17/XYErZevsS4vIRAWjRouWTk5Em7bX1ISretbmMj2SF3N8BU+MC7uySat+FoxolN/tmtcrv7mRBVQY2sw/lYphAnydllgU7o0HFaBAGPzMvdQSf2U5kTbIXdtUiSm7/sCJXaD2X5zxvwWEKLvy4/PnGFFTgA4xnxXFPuiSA2mJhShp1DEESeJKYF+blornYiLI1Nhc6iFHOFuD2WCTeTifC46Sb3p97QqpNnbhZ8heuJVgfJ2eEjmu6dbhPX/htzPoy1mk6CUsmvg8zOCKntyuAuJW5dRusrCPhcnW2CEhY9Mmdp4B6ow4Kapb+eNmLngIqfWIea54c0BLM0U70dq6+cTeoVFdTcv8jvkn6xsj+8+V9GjMr7P4x69e+CZYAV7EA79l/xFmyVxuUyDlF6GIuk1gcR8BaANjhS7t47+pm6J/GOoKKQfQZhuqXW5bSWKXFyqr9vZZMQ3w5UWcJujCEu4f7zbL8PKTx3JamR/Rj07rZ10VdMpZpFG9JxVHUx5a46dO0xfNjshG2sFGOrSbjqLC77XG30JP5LpIKWlQe9e5yl8/2ANLgNcoErA8DS9NNvYV6IK52/eUybEl6pdjCLvEplvoMz3TdCJj2l88BtryoMU4OothUFwyAAqVE2YwINdn4JaT8Xmm/p0EyHDxZ4a1XpwjjOxHTlixPv9SPRpIPuQpyoz3nKldq21z84ZvjfWAl/RVMVzz9wyrS/xOCWzhm31tyfeQu/DbA6QQRiyKU6HuA1s2eo6pmbXQqNcUC137ruyAO+NzVzxwuGJOKyx0YIDl1AJZD7j/du3HTyMUu6Wvhx5imDdT+x1I6oM333l5ugICxK+cLgGDmkeYYVspUYqpTC24ntkmg6d8Ah0zuZG4JNXeatGRUsy3zqwkW4AQ+KWyXEFLqlfA58kGs0O4re5LOKGPg0YZtO0oGs3Iq9nE2qSx4oewzm4FWpoG7o9SrnxZvVB4HGNblc2DBHAh93Sych9tS4jRPx17giJ6NPXbkpisr27vRZuoVDE2EctpSxC9EgSdPC3RF1d4VblPmE5ki6pc2wCxtrPGiSJ7hbj4RMzPm7BCG8xL1B1CfiMHU8xdFZaov4zUfRpgtLX3XX51X8OR3kOGVZHnXP2YsqMdh+RVzm0AMETTdCzN0CAWzsqs8wFp8UtrBV8I1qLdEoKNUNN7giVGCzlsQOWl31At1axEVHdM9S/k82ZjpYatAlQyUoH5jYJrh/0D6xiyZcophD8jS21tuKU5Y5OtXmFBrzsgpa/zLXzbn8yvohHi+wXViopJLEiZ81C09zrrLxPoz0W54RaEV8EukU1XPfK56BFWdO7D55hT9wlQiQ+PlKnJj1NTDirCiHQnl1kD0xDX9sN7spOb4AXYFf7gGLUOE9z0/xU6IgYPvjiH8TYf+UqLsy09IPa4vsbc+kIrmjWFKXWru8UlMkLzBiIgS+/DWkA7pSr/scyiHFibwe4DYHkit8lUUyjZhZW+RpEr+vzYcCFrYaVycPnaoHp/c3W3nVfzhFP2rHifMC+AKMh8OBNn7J7X9KwXExtx+q/+mmPs/xkfIrHFes7km38SHSJ9dJmxaJcoJFIpldZjRMI8Qnn8LWYOoK6Mhx5ZEtXt1pAhtg7aRpJPT8olV3EPVqzFrySoz1iZay7bDYZp4TsvjVIYDS6wKKPArDDHLIR6XPYeJn41//g4TtViz2SJA4QhRttdvCAUfRzC23uGrJ3lBjJCF4rEufatZ1ohF4BV2CiWFClnKxTs92ku+Dc1hd1jda+USq+7DavojQkbgh4yQVeAZQqLPd596eoXqOog/4IVyh8fSSzMDAln6TiMPWT3XuKbSUOZDNmyvpcWtUJnpFihsVznUmjmz7NnS75d6rZsvHbEIENpgEEGjcuJy06WZa7tQ9qVazmzMXFyFGkiI1xCH3/1n/35XQSXsmtBxARzdJUXvRcsbKScGaAGzpA074qW6mFRoQDjLs8hcS+BAQpAcwMupNvMHUL6wpL4fUXqXXlEVPQ4wNG9XTqOSa0jVGWZDsm7VXh1jpkpNpckR3cxUuZ68/gr9qFPX6XlI+IBLWJfmKDYESM6vjWfQegPifOZXSdcMrtK9FnXw8SMGLdUX5XB1pm9pwS0L2h+1ePvL2lyiG/ViaUYrGFtbzYUJwy6tHne1OUATxCdLSh0EbV7zxc8XEy245Vt6PLJvbQYeZaIsu/SOrTZbnHKB0zQ70/N79D1lSPPxqR3xIJPoBoBF42oE90mXGoXdh6qQR6zZuat6+gVpuvJBWjlAff05p9xJRzKOKUm4Nzw7/zCCxx2Ah2QadW35rlrupUPZ6C2E56fKTlFnga0v1pXwEgeb4nX+AAarB7rqDqffdMRgmQHrrd0we5p9E74Eo80aBH8ETMhOOA8bJ4FRxwar8oDoNcFQfFCCYc07ZmIYzeOKdab8Uk8Fp2ZLqqCjosgv8PXAXA7RZn3krVNVCYmVzCkIq4VMc7ZtxZXO+7H3Ilnmp4ajhRBI/vzLal0eeOi70VoKIwt/uLheeqjb54HPXFq7vIsY61k3bbi+lNd3QnQUYp1+e/53d0JCNayLNNb71dUoC3RtkLrelnPXWDWkgpF3n3dZLcECZdkvbLys0CO4y2s8gMMVHDK2z19bclzglK+eKwnu/gA/k7GaTtbeKD/hm4UctIGlKERgUIHt8oGPJmxtQtEX/JcWVVi1TlSwxoRGjeNgRy7CcGISDHGn/ZwefXb2SuTQqwb0Yt9G4Ou0EmEsS5YJDsZ7WRbY2Hz47HChdB1g+6P8BC82dhkXR0/q7hljXi6mzGIUxMS5C2kyX0cqhhQJjr0kfAktcAo70O/6lKl4XDOmKeK7EGibglEmsAZmG1tQsAvir5F+SGakgjFbMlJzFde9d4fFtf8XA293MuQOAXTMlU+7SCKaG83jaebRZmxltzhX8/DXPv0T8smag7Y5KfLweyqI9sGtVAh3mknV8ZcGb5l06A2kkdmGgoKbeBD5/CSgppmDUMJAflDBLSL3K84iko2f1T7mRRyM/KKsRX4lzjXlb6ZUBYiuXbCsRMKuf/BLw1E6HPAbqUtTemPWfuBTunp/s+L4bNOLNUIScFZ5PkrM5pzNn4qz83XTTuWHZpfl1Gv4pKFCAbw4ZHdWkal8yA3tqrBXEyqxTDSMNh27/7qhY+uRTUIDzczSFuuY861gifARvg/v2ZB7fDwhLu4eI0KD33Rchgi88HV7YYS4eAoBZadZZnq5N/AcApDTLHau33pzaRIbuacPH2gjF39AiSO5cokkcfqnfXogjTtHwIzHby3x2nqAr6i6TjytEPhGHWSw9JWhmoH8gHFCzdsFpTkQQBEzawtUONC1anAtKR8buQq3/OHDzaaYp5sbI+xDlw71RXZiULrqA8LdIec+P+g4MstA==,iv:O+0WWj3qcMA+/U7jD6svoZhfk3SjtHXqgsDCdI67mCQ=,tag:HDfjSbBfNlDZniYU0L98NA==,type:str] sops: kms: [] gcp_kms: [] @@ -33,8 +33,8 @@ sops: ekFwNFp4dm9UeDU5WFU5SmJyY25lMEEKZquSaE2A4ZTSp8sNB5bjgUzdp8RtAHIH xmbtfiMcLUv7J3FdGNwmSn9P9lYgzCVEZBjI0BCj/9JEm0eGFL8Vbw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-02-25T02:25:40Z" - mac: ENC[AES256_GCM,data:LT0NJ2wwGkomokQSQ/iejmhmprS0I5ec3+k2BC0ni7zWFqMCTpNGpSNivOXZ7zVHKJMDgyabDzPU+G8qYIlL7hbY9QP3slt4TqwnF/xJkwIEDwDjV1eDM9QOfBzb5PTqbDpRv3I5oNa9d5viqVggwG7NoZA/j/Y+U5/aE4pVOuQ=,iv:I01C/Y98apE039URvIfnykaHFXOUO2UB6dgJQjj3QH4=,tag:qvVGltx2sE5wdyehF38EhQ==,type:str] + lastmodified: "2025-03-13T17:03:36Z" + mac: ENC[AES256_GCM,data:ZOCXTpjiySU1zfysnJm8u3BMFYVeI95sfEUVgep1WAvy/8RpoIgXq60hUPHSwp2+Z9u+PdTzenimlqdnVgAtfmHYO/xwOsiKuVVtBkBFuYE54U/jugr43D1mD3lHbm/0IQ+e+pCCmIp66BC6PV70lZMDzMDhf0PmxHU1hQZhgNI=,iv:4jRrIaswY2tEcx/fQrgN+DAxhLcM14DMV1et6m2W+SY=,tag:ak8/1MjIrqcgaUeKw6u6uA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.4 diff --git a/secrets/services/authelia.yaml b/secrets/services/authelia.yaml new file mode 100644 index 0000000..6aa9c33 --- /dev/null +++ b/secrets/services/authelia.yaml @@ -0,0 +1,39 @@ +authelia: + jwt: ENC[AES256_GCM,data:L20XZt1eYz1srY+xIliasq4x2guxNIUOM4mVTPe/1uS2wQY6h1uY9n7yoMQ=,iv:OhTuutHQOVLG/CjX3m839Acw9eq/Yh3Iy947km1jalQ=,tag:nq/lwsfGSzeH6RsXLzr24g==,type:str] + storage: ENC[AES256_GCM,data:RW15TzoZifv0xrVAfrM7yFXv1ISp7v1c20PL4nGkQrXwjablPKQa5IZ0Fvg=,iv:YQ7+2h4O0Qx9BqnFU7WMaZuPtKU4BUo56/KPq2NQYxI=,tag:LQ8gWhf9rblGkN5bhPHPIQ==,type:str] + session: ENC[AES256_GCM,data:fJY4uSKRIcHDyDqndT9YiolOX1HDw2BphoaZONAv8AhdPV+aG5qj9Ppy3Rw=,iv:dcFZyIdZQQlyAORudsUCCD2wx4Sc7NF0dh/v/M6iYko=,tag:vBYU58mL7DecMqhX/TUdVg==,type:str] + hmac: ENC[AES256_GCM,data:K/qiyibBlu9wNh9IINHgYQiEZMromSA9Kf0iRVHPVuuhhUBZRyyfFyd4sLYNDLWvYKRJGnTBniIscQuBR+HU3/ttFGN0EkDsuAXlW3tKyLSxTiVgEvsKhA==,iv:2femAZUtSE9DjopiRIRT3Be3T2Qi0J+b8TaNJZ9vcjw=,tag:Sb7TT+1uxtStv20oM8oa8A==,type:str] + oidc_private: ENC[AES256_GCM,data:dzrykbgRk77yDbrnayTzSyiAjvgr5RUuDG046azumPinHL9wBaKpNdx6CqY7o+W95yOyVr/Xriw/aBbSyCZE8RoMchZhnS5Z8moHrIK7RryRM/BmEpOfyFLf9kpaO5QqSGyPt13yJQSA/3TwoXD4et3rVEdEz8mwb+vIA+G3WIZrNY+95KNjhwu9W648eouGBqJFfwTw0tm8mHsu+VZE8OYdp+ujSlKWZcVDEzgMEe+egXbvSB/3sk82HjolcqCmDx+U1TWMZfZdZPaT4RxONy+4kgGDW4FOqtsgctS2uRUQ2CLuRLD8xIulBO/VbsnNuticiM86BYygobq3RUdCKAFLUpcXqNWgnDBvnYPcF6mXPTmFCD3Gr2t4uRkqIIPc3NrW6DKnSO4pu4oVlUiSd9XaHGvAuo0yR7zcG7Zl4BAzhZa1HuVq6QmSNMf1TAo5P5zBc/NKlUVUhgIEKmRkwf95ZDyph1CJJagTsRZp/D4n6gbuzmV2Pjd8GxT6X+GOK7MQ3hPWsQP8+hhf8DArnVa988Z5cVxG3CQS6wEdEfc8yoHXlXwsB6iHjG4GooJk17GkP0YnMqOkv5Y9QbWXGNN/Zce6LJrSdvpd1Z8oWHxFB9ChFEA34tTYE/1wv0C71K6VRADnshBTyg0i+7GxvW0iyplWGEB2/DRv9WbpmIze1vff0KPlwvmdPXvZM7kfJE6uRP+DH5kJeIlKezA+hwuZmTLEu8kTdIkIJVfbzuOmXtX1yO+sQmSs6anqbSBuw5dpKYFFtQ04V+P27uTdi6lbUUfaBiHMhiW2A8aj/1Xf+pOV5oIN1c7PXNhAGrsNbmumQ7mBmbfOZeLC2aze5iKLSu5xqCzMNEWdlxXkmK+eEuUgDAQgW0pRAA12wvAFT8cf5BIeEPQQF4gPJprrQ3u93AXCVXve/TPC6rSEb+uCVq30JRGvIciFAEPWjhtSSO2Mh2zxjaALXVRE456k8DQq5mvovCp003EW23Io+lKDfg73n4LLZvbpHBVa3SQY0YMazjynJTo6UcDT3J/u9kNutIRjszzohMdW4jmykawPb/FFGv4yaX199bkTT/6/ztygaUTUTtWrl40p61lMzFHsz1qPy/5Bp4fxOYk6mLHpUFBpXUlu90ZxiReu6fX9HR6oQ1OC6MmpYjvcvxOAfIszgoMmp0LABJ1XN7DMOxpRrjNqW071xnel2/NzYy/gx0r2SdusxFJckGjrnyVzjEBVFwdpc9lZ+NdyzbNaElt/duk5AhdQ/iTCDlQpFsBhcl83Sbt38P/QlsOCPvRYuOz3vvOgeRprZn4hXuvGpQKJZEy+/rHDFijVABgbqLBxhfQiCpFmfwqQrcI+vFnPBGHP96p8S7xg5Dh2007QyFk9D2zHDHY6E+Iv27UkjaCZI29IAEdBe86IMtLI7Pl0q6XE44cHwD+QqzS55YlPj/F3va9LesoylPzBJwlxogciolfBQfQjLp4OF1rBSpy1Xy/Es7+M9eEsdatX1a3qFzYCJbC8+no5ol0PaIHx4ejH9aeoIiVfq/yXtzV04pJQz0bZfpfKVwtroyHhclEsP9pZVHnnexIFY1xqVF76V0kbusiizhru5ldOWE7smwXD5+KyMCTfDuxPnEjFBZLb/BLjo46sugJTAGQJhBBWJY+h7Je5PP+FnjQG28h4n4NMshhPfnyDEAZWNpDAHi08KhHOGzbNhPl+E+pNrNoNwmJjWbiqZ+P9LVQf1s5C+UrL+uV6qpeVKcm9tjy75fgVTD4iRXb4ejQIWlwO2EVLBzI9BXYsVmly6z0C+8f3wDPswwwocna9SonBus1QGudZ8cLSihZqSYmq6fCIFqfXTlCj3H0aOBNbX7dCYrles/y6jtn0VebQa3UEflXs+4WytpXdKEelN5f1PoJVnjrRF6Wtyq23GNbo1M9BTBQfpUf5x7QnZrxyIVbgvHq3JSR6/5p6yv6SGOdypCEqMtvnw9+bJMi6bxy55tXQNNpBB/GHWPqzOE9//9pqazJzikL/x7HWg/t+tJ7yV7MCFV6Bk2cy77j7i0fftxfHqjF7MRbnIaJRqxiTqp0z2rA4L797Que6a903b/u/AStMnsm8sE9gRy7P5L/PafqpgA/kK2FIxbDDP91cnvikRi2u+oaydHLhCkaq20SIupBCbgyDVkOXZ9n5EnKJDjFOAbOQ2UiXYrQPXDEMPLLUklBeLzQBHY4ZTQ7zzMb1tqvo4UqaHVnw2FwY+PoX2IPmF1ciccFO5uHX2w2qz8Hx0ZCPa9AsR/3HhKAg9sdg0cF0k3nXqTWCSs8j+9vpJxjCmrN1bXwoRA8K/ICYDoOtjb76c1B/Ahvc2YA7OULcM0EAzsQ2Z++cU/OCIcQatxzEx+TOp5i1yN2YnCFHqDBpE1UB2UbxBCYb+oEEBqB9qeFkQI6eZmvHASjdasXUtvnBYNCc3nliGfODoOXKLmzHQZJVPguWFu7b06zWA7fy3qGMjf7h/RhKbfkL9o7HkAvHTSh0+Lpc8gjPVu+sqLNUMyk3196LJWUI3nf7L3kUxkdSBdsJ/18FZ97OzC3Ws9dhhWe02ry3Y2ptRnIlLf8f4Y/P6FpqwR8Asa6NYBq+LKNSuWfzo4ZynkPt4irAm0LDOnZzbrRbQTB7tUHIA1dZMMWueIe22mUDOzTGDPuFSfF31rYbh2rmc3Tjvkumz6g53kdCV4QnL04htkMwql4KvpMCrkkMxDRlOTf1Xh10QrO49aPd29i7LbFjorGj1872hXszPDpmdDN78VApvMzVue8dKdhlz/x/9aCJnp9oEEgdObEg2OYyc29bqd9kbCOs5F4vaI4YdMrN9QKTqjAVG0kQAKH41Q7VCe0/jPWmGpH4Kd40RQ6/NY5g312D3RKV3V30DlCOIm+w1z7XzV2EWTgb5vgg4EbYyVmh3Y7wBguv2qOqzwhGMFrWGx+fTFAe5Zq8TVwvQUfeN/vFlYz+jc8ysKBbyrrAl4vKm2pz9Geu3Rh4AfRRmxawNjE/qlrTk6sWdWNJu7i2Wgk1C2+1FZeAprPg6EsZj7rFEGOFvZIjWrTi7n+IHI+8rRKDo3J5SkAsxiDaDo8dfvGecPp9ig5l9+OiN68t29HxfGnhJsk5eim/vkuA5mdFJW0cy7h3gtP1Z0PtRYsRoBO+hPp7dcYhhh9NqkP4LbVI8graz5FEf0yMmaA6ci7xgBWe/zOa0V539Y9cWzTK5zE2wrWI+mHKsbgUH9s+7y0tTVk9mPaNKhih1MHgCQiFyctQLzVnd6fXnv7JHzkkIY7AQiCjEZ4QPUrj99rDh0bikDtKX0hAiVedGMJQ664Hhyd3sWVGfrC/Qmob+4LhpE24kAxIRf94d2cB1zRFQ02HMGkbVUbge8SPNqqq/HoWkYvNo/ltdL0Nr5Qb1OmY0LP5txGh8cCQt8SD3K/ww+ZjD0ZbqqTwIaND9reyzXL0ryf8yNkiPCTpFiNmdL1rtHw+E2s9HtdngCz9XuGW5GRa4cL5xY1Yt4WBLEnxXwmyB/EOjBIeO4aJuwAcssL3UrvS/IEERWN4XrqVM4O81ainLaXeze1jj9VJcMb+/qz8dMdgm4WGkKfbbJeIsFCrlHOJ0CFNZZmijMvkoTvZ9WTq2OpxxZdsci1UmItlU60LETfWTUK8Q3YOo+c+fukIMPv68NLQH1LsiYjFXo9yDdzfD990uI5wdwnR3S3Sx6Vp04SkzJX7BAZ2UuL0wJ564Ny4S9Ew5BfWucd70mfQaEzOl52M9mqCyJYDfMYhd65YxkAEAV1dMg3FBlpZmOr2wtEQqXz+25cSPCNwQ/obCQt12cLNGRhyNi1Stz2E67Q9sesmssF7dgq0u/TeLezzVxTk13sJj6PzMtdpOYDwsgZJdh9hz8PZ32nJMTJnlkq6zcTYsbq23+HreCx1dHJJEDjpqZlttMYqLZ8mLLob25PzFaue164MbqozFtNTOc8eeOD+hoPCP/hfPoKoNi7oARs0fvwOwCQEug0XpMcz9mF/85ZBxYuDUBEP1vpbD9MpP/ECslqGdHuJePEFiiJOrDVggpaGcgWUfS2jwWv/46Bbz+W9QH+6Y8IevMf+lXPOL294g5VOoOW5k77naeNNCbycbijFD76gR5DtA+Vn+B6pxzF7l4E4VqC0Vlc1OUvYA7GLZ4rzb4bH4cEZiIb2/skDhJOmcb2btPWKRgutbmpHmi59eVbVkKUAKXm/WBw8xLwt2sLBS5r5R7aAZpMu/NaXFTfBEBGUzrH1u8Pfz3FwRK7v0QEyzhu2bS2JkGxSsaxD5+geQlvzN8eRYW4+pst/CfcCxTES9spBnqSWIX++rs8f9/mECf4jXzZQDv0fdbGILAU=,iv:GTKiBIir9+G3Lh45x77KARxi7paEsGP1m0qVldRnuOw=,tag:eCsjDzyO1g2HvnDhR/Gb4w==,type:str] +sops: + age: + - recipient: age1sy0at69err83qyml2vqu8xvwjccfws447aaadfvacj2qluw3p45s2mtrw8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJOG1menBCTTF3YURCOThM + Q3Z4bnZJYmtQY1RmdTBSeFlhZCtUVzg4Qm5ZClo5NFJqaWg3NElKQjRLcFZGdmxP + cFMwOGxoelJlVnJNamUxWFhETWpiY3cKLS0tIFNDWGRkYVZQWTd2YXg2aGswbmJz + MVJQdDV3ZGdzd3NYL29tYU51NndiNmcKtagAZdoZQo0y0atvRI6f1tY/3j8aD4RP + yvs9RVDdNqm990O5EudjMNhoKLXnFQtX9NlzYVHzrsX0UT/HSUi7mQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0K2tGaktsdXVPN3g0bXps + ZkVWamZGc0QzNk1TaVdla1RDaW90TVpYb25rCmRPL29ZNFFCbVkrbVpseW5SZlFN + dmlLWHVBb1RMb1dvY3NKNHc3NEpMZFEKLS0tIFluRGN6U2paVzVBdCt4d3FyMVZ4 + Nkx5aHo4Qk8vU01wazdWdmhvNWRLQTAK7kiQiEdF1LpzQ/syjRjyhchShrnfhHFE + M/XWLSIcnnApt1dOyJhJlpsQTnT6Y6Fqem0y779/uOQCBJGavscOWw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzK2U3YlRLK3BuK1Q0TkYy + SE1lTkVXUUV4NFVuT2V2VjdqUFpBbVFLSTJnCjI3c0xpMnBnV0M0Q0ZHYTdUSVZl + MWNMQXowWitFVTlIMFBadVJ6OHBBR28KLS0tIHJ1M0NkZzFMSndIUjBwN2tFUmF5 + b2pGTmJva2VnOFZlRWxlOW5wMitDUkkKrZyzpch6jTSsumseBEaN8xQXfng4P7ds + JSoock3sEmL4NSfxXSu+PP8kEOXFtu1yAcmSSeVDDhV7jiwE4egu2Q== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-04-02T14:06:11Z" + mac: ENC[AES256_GCM,data:wK8Nb1Vb80UfolzqZOpifZdoEKYu847anowYiCdSluoK+dfHhDhCj7ZxznYV7SwVACIoLsqLR5syRzC861PRBrAujkhbcn7lTc1kQRCjw0gMAbPYR/xiO76EHmiYqnV2UMN0EmuQg1nIRIWY9EO9C7m1b9fjoZFgDsj/7O99aVU=,iv:CJxUKpyNgEYwqLhSvuXoHb+Hu3M7ydKh0WlsjlOtKkM=,tag:4KXmNwwFrqvBjxe656Jvug==,type:str] + unencrypted_suffix: _unencrypted + version: 3.10.1 diff --git a/secrets/services/caddy.yaml b/secrets/services/caddy.yaml index 2ff8b4c..5f3ea62 100644 --- a/secrets/services/caddy.yaml +++ b/secrets/services/caddy.yaml @@ -1,5 +1,5 @@ caddy: - env: ENC[AES256_GCM,data:XyxcCVT+rwlS7A3xzUgGqpMoLwhfUJo2++zPTgoPt3q6Edt14bYQJsoSJXnKx/lGg/0ilNfEEg8AEnru/Mzx0bWedSdWuZ380l8wlLiucqQThhEBhEJlyd94BMNzhxFdj82w0ejp4oWb5By/WjkFNesvAyxPIo/Ir4S+fTgGpA1iO2Ms8Pdjp00qeXYsK1CfjaXOYlEP+8BxntN2JKLYb8Cgs7dLmHfUwP6gTFKlTukUTtQZYUw336q3TtGy,iv:Ab/E0ljUBxzWlXfAC2BXCYxlgo0ErvKFaubgVjFR3OU=,tag:Yr24/DofYS2lM6f2/1LQ3Q==,type:str] + env: ENC[AES256_GCM,data:fyP1pPJgO9jN0ypC09s0Sz+HlUX42fl6DxWevYYevKdlKTgz5VHQfbELhy6vejmg9v+zFB3/AtSZfWJQB2dNX4Zm/L42wf5QZ7oYoa9QTujJjRgE96OXM77ioNy2DzFzpGw3w16QoC7zaR8UHSN1KL6qRj5xxKw0U6Apxhc0AuBoLvNHOgn8CHY92Q4OBcA1tJn8tgLB9uZB5Ge/2BlEjdSQ0sZMLkE+dHC4/0IILVFrrv1sWRXvXt6t5njF,iv:tF5GRPFYZSuKRgDAY1e8/J7jNQAEqDpgXlpwWW+1P4E=,tag:lK/BUErXNIPgqXPzGJvPTQ==,type:str] sops: kms: [] gcp_kms: [] @@ -33,8 +33,8 @@ sops: Q2hBZE1FOHJ3aW5rVmoyK045eG11cmsKFOmP5iWONREZvxu0rM+fKMPQKgnYq5LH AKMZFsP7nnUxjdCXEA18sDg4Rf0qp8i3uQK3D6P7417j9ye/YZA4BQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-01-30T17:26:39Z" - mac: ENC[AES256_GCM,data:saoalvnwHsv0CTw/cRZqibnH9oGoZTNwGUT7RePKRa8OwNzbUEzQt+Z1WrmmWoqR+omQXLE+lpOPv6uNYxvAWnIelzCGeBBCMSBxtjlTUsjts7oFo7d9C5SdTIOkzotDxryvjRupb0P7hAmEqcSUKRZipJy5MVR7VXR1XZ4fIPM=,iv:VaP05zj8L2pygi1/M4BnOV3Inf0ssaWMu+aTBkdDMys=,tag:nuZT8GMB4F0T5dHnTvHOhA==,type:str] + lastmodified: "2025-03-08T21:05:07Z" + mac: ENC[AES256_GCM,data:vgGCrCJMBxjiCWZYymlaPKTekA1Weprwgtc4xcoPVlDsuljkXDth+aAZPpnakE/nSXhGC6jGJOHdtrsIUTkH2R9WQHIdZDBy+VrVQoV6xE3ijfWyIujcIPwz3s1MGBqRFUYum1XMU5FAcIASiYV7PDxj/f6fsLbjKZCc9/kG3GE=,iv:PSvlssl+Gx+Gcw6/zccIKJDeNz3dJ0kHnPmCrAdBnqQ=,tag:6F/JKBFNxKEgMTyYZ3W0Vg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.4 diff --git a/secrets/services/hedgedoc.yaml b/secrets/services/hedgedoc.yaml index 84ef3d6..0c693dc 100644 --- a/secrets/services/hedgedoc.yaml +++ b/secrets/services/hedgedoc.yaml @@ -1,10 +1,6 @@ hedgedoc: - env: ENC[AES256_GCM,data:15rWiIYWyIJ0Hxl5I8m+EBV+FkNDT/OHlLK9shVS46UE7SQtuIh45N5hvwgs0rg9E9Tawu+lyE2aozWNh6HSDUZ1h4FYrB+JHwIetGkOqXSLHfXi,iv:v9ohLTtlxw3fsRoJJoOY5VYxVsxUyDEsQHRjcGKg/GY=,tag:Wncm1reqNblnVhRTYjU3Pg==,type:str] + env: ENC[AES256_GCM,data:9xnOlQrk1qCyiAHSjmu8dvj2/z/BrJlngNGAQnMwvLsL0pnyvvyJLnYWTDYix1a9o8OJUNLw6Qhq7KbY4uXfxsNZkfGdVHwvkvhySjR2rcX/r90txqHJUUIxE/TzdsBvonzQ0F85KfXhsi69gKHp016gCj+jNf6CCY+tOVpt71el4Z+jzqLHasuQET8GctKJRzHOfNfCx/X2kJeb7RQl3JFC6/VmYT45bUk7uFfveFD9ao03wJwLKi27wO1WDrfpOigFdvkmqpbWZjaILYHYmkdhdlhr7w330CiCmGHT/ssmSPcu5cYUc8tjYPgpYLjusiUzpE5jmut5GaNwZsY9hNuow/mUVnQ/tCDH0ChOq0DQisJ07VMYlRII9tMdcuT4IbjjwiRcYlORAHsTFUuo5DCaDp8a4mx846BGp1YMQsvqJQgOe4x15VMpeB/ptxm79qxcLZKZ3BkiJaKmDdWsVk9RfqVgsxqiq16Me2EQhknO2s/oBjGOaoIiT4NEuRFQl0BIPgIMD0lYzKx0uDaYyclID5W0DqMI+SrcBd+WH/BB9HPdZx92rFe34PzjZse0i6+5UZHXUu8au6CyLMqGkUlzkSFwVT5W7Lv2m9P3+6YjgPRMaYbg8b6kmavB6EtjiqWtTbMKr3nxPVYJc5FRImvebfFqiLy5MWoNV6Qe7TUGIk6QtX2OWBhQ1UB+IpR+180QH7yw7UpgJ9EM8dD2m2/smar5P0BjAaqAFib++GzoB0OfFtxJNUjrejQC11tRWBXYvcHWwa78VbKPul0xqiEMmsAZufMix4lD1EgutTf1CXfv7l0rUpLwkYbWIq2hT5UI53L0YWJDl7zlhi94ANdXV8z8kCvMeXm2Fwl/vIgJ9JuFeVeVYPpXwx2coLBwE6uI4SuFvY1d4ojvzY8KftcHWO7srVzpuwrwW+6gKLwPQyEazv+sRKXAGo0ffMO2/2KRgOu9zGwaOFaNDAZ6gYFDWbPz6TMfNWHzfLEFK5BlVAL8KDb78IODUBYcMr2CX1Y=,iv:LDkuJgxIbohEVf7wmdtOZ/vlPddMYa7uzHGkL+0MnUM=,tag:pnJiCJydjTmUbS761fPUPw==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn enc: | @@ -24,8 +20,7 @@ sops: enlDZEI2NElkZkI3UmRyQUZqQWE5ZmcK2JlwNzVJNhGjyniIg9UY5tjgUKttkT3e 9C/xag3dQCiqzX1O3o5tdhYnxXw+VxVf+qTFyyuftg5iQPZNuvX6mA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-12-17T03:25:54Z" - mac: ENC[AES256_GCM,data:1cxiK/HhqYzatT2PhZxjvtizII2QMHqbbyOujUtx4cT8x488j2wecu6hOfSkuHbQ43AxA8kDH1NAruPCSdCpj3PytMR+np+R/5WuRcK+OF/FCnWvWvvHqgDnBs/wYjllnR6HyWBlhrROpINxu9ch4fzN0Def3I7O+wJgpojnPiU=,iv:PKPykPv9zSHj9+HXnrg1v8Ty78te66D9ZH6c1V7Qlh4=,tag:JQk68u6p317r3Df+hv16+g==,type:str] - pgp: [] + lastmodified: "2025-04-05T21:08:15Z" + mac: ENC[AES256_GCM,data:cPisYUoZWd/vd+wWzz3xTnftj1RdjK20dWFo+MKssm/eu7eCOWDIaZdcJg13gkTleBpMWQy/mG1drC6GLfGQiBmkS99UCPAoo0aLTBL4FbSm6FEXdbVjoOI7URu6Sj31drWCMAm+lXYymWsHwZJrNLhjsCTQsxTPvFq8oOdNlXo=,iv:KpmJoZ/BGEEhZ75jXfXxegNglm7k6mtleRuVud6tX2g=,tag:lsiqX+YSz4mGK6mw9gdKNg==,type:str] unencrypted_suffix: _unencrypted - version: 3.9.2 + version: 3.10.1 diff --git a/secrets/services/karakeep.yaml b/secrets/services/karakeep.yaml new file mode 100644 index 0000000..cc09262 --- /dev/null +++ b/secrets/services/karakeep.yaml @@ -0,0 +1,35 @@ +karakeep: + env: ENC[AES256_GCM,data:SWc26EQaKR5d9hMDYzVHA/r7XfjwFZ0d44Co0IS6OayR24ej7yqLAtkNttROKoKFuYc0sHgN9bOy4MyX0s3qiSWYovIIUJgFiJjPQFYDAo+50WR4+5W5FgvYI6e42fcWrQhaCXWQrDyzch/zT2OITZsjXcQhT5E+IiPLVkaGOjGptE07GjM7ZXI4UxBzINFQOhxdfIO0km1o6Wq8GhJdWsz4exz4ahRslR+WjK/flV2GZVAj6EHSJ5sHohm74QlhxaShEbc/8IKP6R2gSjBFP7l8VvwFyIUD9sLzYGvS3iU=,iv:gSPQU0bZ+VRFbuaNDc90dW0ogWX2SMH7kewtq/u/11E=,tag:L0Y4EWSQUhcn2eHt+yZ7qQ==,type:str] +sops: + age: + - recipient: age1sy0at69err83qyml2vqu8xvwjccfws447aaadfvacj2qluw3p45s2mtrw8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIaWQ1Q1JwRHJxQjNjdTAx + TXRsWjVZOG1mNEptNVhscHBaK2I5MHhjdlFjCkNqOEhwT3hyOHpHQ2k0ZmowUXB4 + eks2dlpUS0V6VjBEYW9UWnhFOEw4VGsKLS0tIFo2a0FTRE5WdHBGVW5DOUFkaE9p + bitvUnJXSnB6UnV3VTEzSjlSYmEwVUEKHOwFCRu+SIyM0uJ6bNEAo+MMlsc8la6G + bLYdCoykcBu+uVXqn3BYTbrS5ylQMRYcbcPFJw5BVdmjIYF4LU5W6A== + -----END AGE ENCRYPTED FILE----- + - recipient: age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrU2ZnNVAyeVdJeHlTSW1x + QUhKRzlNclVUWE1ucHFLZW5sL1lnUDhkd0Y4CjFuekNEOE1icDNqL1JyT0hEYW16 + Q2VyajJFWWtGUnBzOENGOEZHbWROZzAKLS0tIE8wMVc3TkV5Y1VyenIvOW02NDNq + cStTeUcvY1pJWEN2MzFEeThKT0JPc1EKXrtVG49a6YZVKiL1F8Xg3t3niTYv3LwN + NeAQ8srV0F6ckky7OCkvUp9GInZCWRzULXV/x+4IUb6C+KQaNm2vYA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFdDdUSUlmMk5VcytyT01N + UmRaK2k5Wkh5SlhPT3QrczY2eW9vZk5KWFZBCnBteitnNFlHdWRaaTRxSWYvYmtG + ZnY5ZXlYa3Z5aENlRy9BQjVSU1F3UzQKLS0tIFpjN1dOaWNKaU9PaENyaXc1K3BU + K2orZ0Y2Z05LSUZ5WHQ4TnVVY0QwSzQKiUQT4aSxXnaq0kEMp+q5WnIUoGypEmZ+ + DQEhkB9yu/BrkjXH+HGQr1W5B4sJyb5rnl0+SQ+IypRIRyaX4CdFxg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-04-05T19:44:58Z" + mac: ENC[AES256_GCM,data:OmqsJI9BaICOTiH1cq4gZlNBbkAxn/pAOWBtkIjHdqpikABLG6fMY+sLpyeaovXjexIj9MZk7fPmV8dRZ5VNLHCqlYXK/cVoQBZ2HK+p/cGTAFelNAShu9NSgZdFmVgJJtOjVvFp8dtuY8VcQj861k/MPX0mNZt9pmXYdumjpNM=,iv:efHkp1KUctwtCjG9A8i5qs7nQfQqv2ya1yYlHHOt8pU=,tag:4lChpspl0oOUMiXzvGuA2Q==,type:str] + unencrypted_suffix: _unencrypted + version: 3.10.1 diff --git a/secrets/services/searx.yaml b/secrets/services/searx.yaml new file mode 100644 index 0000000..46df77e --- /dev/null +++ b/secrets/services/searx.yaml @@ -0,0 +1,31 @@ +searx: + env: ENC[AES256_GCM,data:VWLft5+85mNA8k3VynVBz2V+8zcg97UtHfucpaAcKbA+CQdGUbqLesQSu9a7tNRI7+OdI1qPJj5HTzP8tpGN5f39D4brtyo4fN8n8zAd,iv:F70wq9qJiFjEjJeZeFCyQskLdBR3nd/CR/UW/dE9gTo=,tag:/W8FhRC180aAdzjD5v0vZw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEM3VXOVZBSVdZMzBOVzJD + Y0ZvWUtFUW5pMUZnYjdxdHQvWDBEVmU1L2hBCi8zcEszZThwcGQ5WUdRTWFUWCtP + WWE0OVJIOXpCMGJZc3J6TmVCMGN2TUUKLS0tIEwxVDJLTkdrK3g2TG9iWml6aEFR + d3NOS245SmV3K1dlaHdnMHpVSzlYQk0KnDSK1C1sEeBVMX80DqjJRrGFx+WkNijg + XEf/Jq//qzgvX24fOl4X4xGTRfBMbLlznLs4N6WtIY7aVcW5N041jQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCOGFaWkY1TWhvQUhENHUx + cUk4b2FpeCs5eUMyQ2FhZzVKdHY1MVIzWUhRCmw0eEhwYjl2OFNoQkZRVW43REQy + OGpNWFRTWEF4NFFuU1lpTFdKY3lBNEEKLS0tIFNET0JBZmxoSGhWdTIwL0x2Ris3 + ZHhidlJHT08rR3ZuME9UQmovRTFGNlkK83k2wqXQvxeURrUE/hXoZMDc9lqkgBuL + W/UWt/PBorp1/WRqO6dpuu9N2S9i6VCPJH0jdoHMWEqWuRIENFKVhQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-03-08T20:52:15Z" + mac: ENC[AES256_GCM,data:UGFkCgmgRofmX2gQR2W2DD0u4LowQ9pmUxPOgpLVaKGasEoNWJMGu7A7rUIpHvuUomoL6q8aiWs3kiIuZrTQ3CB5gawmU9pPiEseOAdbww4beIcnUmumwmCLH46XYQdaooPaz8bIncW/gFePRpVB2Oef1pYeryXkbZRwBm+bPOI=,iv:GGFjerxpLH8C1m50AiKoEJxj+lGRYNMe4Y7k4u232v8=,tag:woww///+80wakvzYoyWCqQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.4 diff --git a/secrets/yt/aws.yaml b/secrets/yt/aws.yaml index 95bdf7a..0a48d33 100644 --- a/secrets/yt/aws.yaml +++ b/secrets/yt/aws.yaml @@ -1,6 +1,10 @@ aws: - key_id: ENC[AES256_GCM,data:vxa8IS5zVOStsQaQNoPy36MeCw2KD2Th5tg=,iv:TrPukr/bpkGysf1YigBlXwaCu0H1FM6ivCVQEgnst6A=,tag:yrlcsDkLkH7U2i3JgjDaBA==,type:str] - key_secret: ENC[AES256_GCM,data:R9hFgtylEW1RphrP7/9Hi7HIb7gcQX1WDEVfnUTTzh+/0LM2Rb9CdkaleO8wNlcyYVE/jUKtqdqqrospAJ7+Zw==,iv:3+yCVqH441+oXFLI5usaQdhnE3GFhbJjMsYeRvk8xEw=,tag:STxA32cSdwPBikXyVEP5+Q==,type:str] + key_id: ENC[AES256_GCM,data:euyq+QtSXv1UR5eOJfvZARhm5L2AuzKIOk8=,iv:RseSyVArmrawNzlwjNh6FScJF2O+F4FBuIq47uMQQEA=,tag:bkZJeX3rUHb1yZu8dytgcg==,type:str] + key_secret: ENC[AES256_GCM,data:27BHAU5suCIiSKAf0+1yNa/VJ0umErb6Ry8HI+Zfv6LV+7eB+wk8H3kxdV4wmY2XayHsUrD4FZa30O0a9PdJgA==,iv:oI2X7PCXDZBkUOikHM8S7gHsnMtWp7jxBqdmfbUlrwU=,tag:9mZ3H2jobKqYmw6S4NNpjw==,type:str] + _r2_key_id: ENC[AES256_GCM,data:R0xwzUx+6l9SR3Fd93PfJw+WPV0ByzOKMxoJQtn4pEE=,iv:qHmr/HssM8U3znbGznSIOwkAhNaORkCkG9lqAmCKmfw=,tag:LhuiiKSq/VnNEulgrS71vg==,type:str] + _r2_key_secret: ENC[AES256_GCM,data:Dw5Gq1URjMpy9Bh1IBYf+/EnkvQA/4yAC4kdoACpCUuJQxdQphFKwWmxJX+Q/oztO1imWoGIxlZNNDr5QCqXaA==,iv:hGePo+Ffe48n1BXI1f2V12C9Gn1CC1nTwbSsfqUGQ3c=,tag:AIy/F3jPGz2WHge3Mk43Ag==,type:str] + _garage_key_id: ENC[AES256_GCM,data:2lLS1nBhrwBkJh/ei7FwBoR6jOI6KCJkvOs=,iv:jwB7ZEaKOPIwghcGRs3qaICypoHgSxkFBOyB6e5hpYI=,tag:Iqwv3j1R1uLLUDKLhN1Atg==,type:str] + _garage_key_secret: ENC[AES256_GCM,data:5iwwMfojHrR79cOIY+9O2oVY8v1cbPcECMSOMhWuGAdc2lfCogKBwLM4TFwBH9X1Vx56QvUoxCQ2uSyfOMLR7A==,iv:Q523ttz6ijmv8/JlVZuldFR4IabEKiVN4sGmJ9xDJU0=,tag:ZZ4LRG4DXOC7LY8hEjXYHQ==,type:str] sops: kms: [] gcp_kms: [] @@ -25,8 +29,8 @@ sops: UlYrTExEUVc0dURLR1czN3BnYzZ2VGMKCbAgM50jvs9VciA1Pb/VY+2I4x62LBGe j7eHkfTFc8Gnk/rZA9/ZJDLFr/FUPMQWK/NVoz6oLjO6oVFXqN6OqA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-01-30T17:45:09Z" - mac: ENC[AES256_GCM,data:uXnJ8DCs1ZZ72PFAmSQpqvVH2UYvRX8AeUC00A6WsgNL9sz6H0b7PwXBn4SucHACwLwilMVKYpFGE1pPMsIgpHxU5coNhvTfth/ChY1KS73LAwrJUAyUoFI3mumPkklj7b/u1CbBfhuhA2QoZVl+d9BGQn5CQu3+BySUmcT+P9k=,iv:H/hUTBDNcsGBP5TA/7U1QMZogZvuoPuEAg/tBCpbf9w=,tag:W7rH84Na/tHPuJlA9tRXEQ==,type:str] + lastmodified: "2025-03-16T16:45:13Z" + mac: ENC[AES256_GCM,data:DCx4uVuy53Gz9Ha2p/GjxTigKw/dJ0gvWIAII9AtKQCURu1OfiJ6Lp/ht6ndJwn25em11uppN371pQGxa8FRtLL+dX/YgoDmOw3Tgo3lc5VLBzalRqXHInOGHfgv9k1jHNq6zokKbBLDItBnUNOCvsLTXXenVRYdnkiuf3QPGhk=,iv:gBbbH/nJExK/dEXKHo+cCr+rxQ4uJQWweK0lYT7amsM=,tag:9GaCGFrcinqGfpibUNQ75w==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.4