Compare commits

..

1 commit

Author SHA1 Message Date
d7898e19e8 Add hyprland 2024-06-09 19:08:00 +02:00
124 changed files with 1905 additions and 30111 deletions

2
.envrc
View file

@ -1 +1 @@
use flake
PATH_add .

2
.gitignore vendored
View file

@ -1,4 +1,2 @@
result
.direnv
.pre-commit-config.yaml
.gcroots

View file

@ -1,88 +0,0 @@
# Public keys are combination of host + user
keys:
- &sue_root age1w99m9klvc7m5qtmtmu3l0jx8ksdzp5c4p9rkvh5fdullfc6afemqv5py2q
- &sue_pim age189laethzry4ylnd790dmpuc4xjjuwqxruc76caj3ceqhqug4g9qs0upuvw
- &gamepc_root age1y5wgcxmn37drmjtpgld3xc76mw8dckhred8hecusywjlvdyfedfse8y60u
- &gamepc_pim age1qlldg2c6kptvnmvlkpf9pae3wnczk6eklcmwdvnzyvvnur3aqdcq3c3trt
- &warwick_root age1th8rdw4fs3vmgy9gzc0k9xy88tddjj4vasepckfx9h4nlzsg3q3q4cjgwu
- &niels age159whjxeyw94xmkkephmtlur8e85xd9d5vnvkwkcayfv7el0neqfq863yga
- &atlas_root age1unkshctcpucc298kmw9a0qzvtjzgdnjytrxr5p750dv0z95feymqpn68qf
- &jefke_root age1upnqu4rpxppdw9zmqu8x3rnaqq2r6m82y25zvry5cec63vjsd9gqtl9e02
- &lewis_root age108fn93z2c55g9dm9cv5v4w47pykf3khz7e3dmnpv5dhchwnaau0qs20stq
creation_rules:
- path_regex: secrets/sue/colmena.yaml
key_groups:
- age:
- *sue_root
- path_regex: secrets/sue/nixos.yaml
key_groups:
- age:
- *sue_root
- path_regex: secrets/sue/pim.yaml
key_groups:
- age:
- *sue_pim
- *sue_root
- path_regex: secrets/gamepc/colmena.yaml
key_groups:
- age:
- *sue_pim
- *sue_root
- path_regex: secrets/gamepc/pim.yaml
key_groups:
- age:
- *sue_pim
- *sue_root
- *gamepc_root
- *gamepc_pim
- path_regex: secrets/warwick/colmena.yaml
key_groups:
- age:
- *sue_pim
- *sue_root
- *niels
- path_regex: secrets/servers.yaml
key_groups:
- age:
- *warwick_root
- *atlas_root
- *jefke_root
- *lewis_root
- *sue_pim
- *sue_root
- *niels
- path_regex: secrets/atlas/colmena.yaml
key_groups:
- age:
- *sue_pim
- *sue_root
- *niels
- path_regex: secrets/kubernetes.yaml
key_groups:
- age:
- *atlas_root
- *jefke_root
- *lewis_root
- *sue_pim
- *sue_root
- *niels
- path_regex: secrets/jefke/colmena.yaml
key_groups:
- age:
- *sue_pim
- *sue_root
- *niels
- path_regex: secrets/lewis/colmena.yaml
key_groups:
- age:
- *sue_pim
- *sue_root
- *niels
- path_regex: secrets/lewis/nixos.yaml
key_groups:
- age:
- *lewis_root
- *sue_pim
- *sue_root
- *niels

View file

@ -1,35 +1,22 @@
# nixos-configs
# nixos-laptop
NixOS configurations for the machines I manage.
NixOS configuration for my laptop.
My configuration is simple: I have one personal laptop with one user.
Currently managed systems:
- **sue**: My current laptop, a Dell XPS 9315. It has two flavours:
- Default running GNOME
- Specialisation running Cosmic
- **gamepc**: My gaming PC running Cinnamon
- **warwick**: A Raspberry Pi 4 Model B, which mostly does some monitoring
- **atlas**: A Gigabyte Brix, one of my Kubernetes nodes
- **jefke**: A Gigabyte Brix, one of my Kubernetes nodes
- **lewis**: A Gigabyte Brix, one of my Kubernetes nodes. Additionally, contains my media collection and does backups.
## Features
## Deployment
I use [Colmena](https://colmena.cli.rs) for deploying my machines.
Create garbage collection roots like so:
```
colmena build --keep-result --experimental-flake-eval
```
To apply to the local machine:
```
sudo colmena apply-local --sudo --experimental-flake-eval
```
To apply to all remotely managed systems:
```
colmena apply --experimental-flake-eval
```
> [!NOTE]
> Currently the `--experimental-flake-eval` flag is necessary to properly use Colmena with flakes. See [this PR](https://github.com/zhaofengli/colmena/pull/228).
- Nixpkgs 23.11
- Flakes!
- [Nix User Repository (NUR)](https://github.com/nix-community/NUR)
- Currently only used for Firefox Plugins
- [Home Manager](https://github.com/nix-community/home-manager)
- For managing my configuration for my user
- [Agenix](https://github.com/ryantm/agenix)
- To deploy global system secrets, like:
- Wireguard private key and shared secret
- [Homeage](https://github.com/jordanisaacs/homeage)
- To deploy secrets in my home directory, like:
- SSH keys
- Syncthing private key
- [nixos-hardware](https://github.com/NixOS/nixos-hardware)
- To add hardware-specific tweaks to NixOS for my laptop (currently a Levono ThinkPad x260)

View file

@ -1,15 +0,0 @@
{
self,
flake-utils,
git-hooks,
...
}:
flake-utils.lib.eachDefaultSystem (system: {
checks.pre-commit-check = git-hooks.lib.${system}.run {
src = self;
hooks.treefmt = {
enable = true;
package = self.packages.${system}.formatter;
};
};
})

View file

@ -1,62 +0,0 @@
inputs @ {
self,
nixpkgs,
colmena,
...
}: {
colmena = {
meta = {
nixpkgs = import nixpkgs {
system = "x86_64-linux";
};
specialArgs = {
inherit inputs self;
};
};
sue = {
imports = [
(import ./machines).sue.nixosModule
./nixos
];
};
gamepc = {
imports = [
(import ./machines).gamepc.nixosModule
./nixos
];
};
warwick = {
imports = [
(import ./machines).warwick.nixosModule
./nixos
];
};
atlas = {
imports = [
(import ./machines).atlas.nixosModule
./nixos
];
};
jefke = {
imports = [
(import ./machines).jefke.nixosModule
./nixos
];
};
lewis = {
imports = [
(import ./machines).lewis.nixosModule
./nixos
];
};
};
colmenaHive = colmena.lib.makeHive self.outputs.colmena;
}

174
configuration.nix Normal file
View file

@ -0,0 +1,174 @@
{ pkgs, config, lib, ... }: {
time.timeZone = "Europe/Amsterdam";
i18n.defaultLocale = "en_US.UTF-8";
services = {
gnome.gnome-keyring.enable = lib.mkForce false;
xserver = {
enable = true;
displayManager.gdm = { enable = true; };
desktopManager.gnome.enable = true;
excludePackages = with pkgs; [ xterm ];
};
printing = {
enable = true;
drivers = [ pkgs.hplip pkgs.gutenprint ];
};
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
};
users = {
users.pim = {
isNormalUser = true;
extraGroups = [ "wheel" "docker" "input" "wireshark" "dialout" ];
};
};
environment = {
systemPackages = with pkgs; [
wget
curl
git
btop
ripgrep
vim
dogdns
tree
dig
];
gnome.excludePackages = with pkgs; with pkgs.gnome; [
totem
gnome-tour
epiphany
geary
gnome-console
gnome-music
gnome-calendar
];
};
system = {
stateVersion = "23.05";
activationScripts.diff = ''
if [[ -e /run/current-system ]]; then
${pkgs.nix}/bin/nix store diff-closures /run/current-system "$systemConfig"
fi
'';
};
programs.ssh.startAgent = true;
security = {
rtkit.enable = true;
sudo.extraConfig = ''
Defaults timestamp_timeout=30
'';
};
nix = {
package = pkgs.nixFlakes;
settings.trusted-users = [ "root" "pim" ];
extraOptions = ''
experimental-features = nix-command flakes
'';
gc = {
automatic = true;
persistent = true;
dates = "weekly";
options = "--delete-older-than 7d";
};
};
age = {
identityPaths = [ "/home/pim/.ssh/age_ed25519" ];
secrets = {
wg-quick-home-privkey.file = ./secrets/wg-quick-home-privkey.age;
wg-quick-home-preshared-key.file =
./secrets/wg-quick-home-preshared-key.age;
};
};
networking = {
useDHCP = lib.mkDefault true;
wg-quick.interfaces = {
home = {
privateKeyFile = config.age.secrets.wg-quick-home-privkey.path;
address = [ "10.225.191.4/24" "fd11:5ee:bad:c0de::4/128" ];
dns = [ "192.168.30.131" ];
autostart = false;
mtu = 1412;
peers = [{
presharedKeyFile = config.age.secrets.wg-quick-home-preshared-key.path;
endpoint = "wg.kun.is:51820";
publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg=";
allowedIPs = [ "0.0.0.0/0" "::/0" ];
}];
};
home-no-pihole = {
privateKeyFile = config.age.secrets.wg-quick-home-privkey.path;
address = [ "10.225.191.4/24" "fd11:5ee:bad:c0de::4/128" ];
dns = [ "192.168.10.1" ];
autostart = false;
mtu = 1412;
peers = [{
presharedKeyFile = config.age.secrets.wg-quick-home-preshared-key.path;
endpoint = "wg.kun.is:51820";
publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg=";
allowedIPs = [ "0.0.0.0/0" "::/0" ];
}];
};
};
};
virtualisation.docker = {
enable = true;
rootless = {
enable = true;
setSocketVariable = true;
};
};
nixpkgs = {
hostPlatform = lib.mkDefault "x86_64-linux";
config = {
permittedInsecurePackages = [ "electron-25.9.0" ];
allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "vmware-horizon-client" "libfprint-2-tod1-goodix" "vmware-workstation" ];
};
};
boot = {
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
initrd = {
availableKernelModules = [ "sd_mod" ];
kernelModules = [ ];
};
kernel.sysctl = {
"net.core.default_qdisc" = "fq";
"net.ipv4.tcp_congestion_control" = "bbr";
};
};
hardware = {
cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
pulseaudio.enable = false;
};
}

File diff suppressed because it is too large Load diff

245
flake.nix
View file

@ -2,31 +2,28 @@
description = "My NixOS configuration";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11";
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
nur.url = "github:nix-community/NUR";
stylix.url = "github:pizzapim/stylix/master";
treefmt-nix.url = "github:numtide/treefmt-nix";
nixos-facter-modules.url = "github:numtide/nixos-facter-modules";
flake-utils.url = "github:numtide/flake-utils";
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
colmena.url = "github:zhaofengli/colmena";
git-hooks = {
url = "github:cachix/git-hooks.nix";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
nix-index-database = {
url = "github:nix-community/nix-index-database";
inputs.nixpkgs.follows = "nixpkgs";
};
stylix.url = "github:danth/stylix";
home-manager = {
url = "github:nix-community/home-manager?ref=release-24.11";
url = "github:nix-community/home-manager?ref=release-24.05";
inputs.nixpkgs.follows = "nixpkgs";
};
homeage = {
url = "github:jordanisaacs/homeage";
inputs.nixpkgs.follows = "nixpkgs";
};
agenix = {
url = "github:ryantm/agenix";
inputs.nixpkgs.follows = "nixpkgs";
inputs.home-manager.follows = "home-manager";
};
lanzaboote = {
url = "github:nix-community/lanzaboote/v0.3.0";
inputs.nixpkgs.follows = "nixpkgs";
@ -37,57 +34,177 @@
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-artwork = {
hyprland = {
type = "git";
url = "https://github.com/NixOS/nixos-artwork.git";
flake = false;
};
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-cosmic = {
url = "github:lilyinstarlight/nixos-cosmic";
inputs.nixpkgs-stable.follows = "nixpkgs-unstable";
};
nix-snapshotter = {
url = "github:pdtpartners/nix-snapshotter";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
kubenix = {
url = "github:pizzapim/kubenix";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
nixng = {
url = "github:pizzapim/NixNG/dnsmasq";
inputs.nixpkgs.follows = "nixpkgs";
url = "https://github.com/hyprwm/Hyprland";
submodules = true;
};
};
outputs = inputs @ {
self,
nixpkgs,
flake-utils,
colmena,
...
}:
(flake-utils.lib.meld inputs [
./packages.nix
./formatter.nix
./nixos-configurations.nix
./checks.nix
./colmena.nix
])
// flake-utils.lib.eachDefaultSystem (system: {
devShells.default = nixpkgs.legacyPackages.${system}.mkShell {
inherit (self.checks.${system}.pre-commit-check) shellHook;
buildInputs =
self.checks.${system}.pre-commit-check.enabledPackages ++ [colmena.defaultPackage.${system}];
outputs =
{ nixpkgs
, nixpkgs-unstable
, home-manager
, homeage
, agenix
, nur
, nixos-hardware
, ...
}@inputs:
let
mkNixosSystem = extraModule: nixpkgs.lib.nixosSystem rec {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
{
nixpkgs.overlays = [
nur.overlay
(final: _prev: {
unstable = import nixpkgs-unstable {
inherit system;
config.allowUnfree = true;
};
})
];
}
./configuration.nix
./modules/nixos/lanzaboote.nix
agenix.nixosModules.default
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.pim = {
imports = [ ./home-manager homeage.homeManagerModules.homeage ];
};
}
extraModule
];
};
in
{
nixosConfigurations = {
x260 = mkNixosSystem ({ pkgs, lib, ... }: {
imports = [ nixos-hardware.nixosModules.lenovo-thinkpad-x260 ];
config = {
pim.lanzaboote.enable = true;
networking.hostName = "x260";
fprintd = {
enable = true;
tod = {
enable = true;
driver = pkgs.libfprint-2-tod1-vfs0090;
};
};
swapDevices = [{ device = "/dev/disk/by-uuid/6028bf52-404d-4143-9cb0-9b06cd60a373"; }];
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "rtsx_pci_sdmmc" ];
};
});
x201 = mkNixosSystem ({ pkgs, lib, ... }: {
imports = [ inputs.disko.nixosModules.disko ];
config = {
networking.hostName = "x201";
boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usb_storage" ];
disko.devices = {
disk = {
sda = {
device = "/dev/sda";
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
size = "1M";
type = "EF02"; # for grub MBR
priority = 1; # Needs to be first partition
};
pv_os = {
size = "100%";
content = {
type = "lvm_pv";
vg = "vg_os";
};
};
};
};
};
};
lvm_vg.vg_os = {
type = "lvm_vg";
lvs = {
swap = {
size = "3GB";
content.type = "swap";
};
root = {
size = "100%FREE";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
mountOptions = [ "defaults" ];
};
};
};
};
};
};
});
sue = mkNixosSystem ({ ... }: {
imports = [ nixos-hardware.nixosModules.dell-xps-13-9310 ];
config = {
pim.lanzaboote.enable = true;
networking.hostName = "xps-9315";
swapDevices = [{ device = "/dev/disk/by-uuid/96a43c35-0174-4e92-81f0-168a5f601f0b"; }];
fileSystems = {
"/" =
{
device = "/dev/disk/by-uuid/31638735-5cc4-4013-8037-17e30edcbb0a";
fsType = "ext4";
};
"/boot" =
{
device = "/dev/disk/by-uuid/560E-F8A2";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
};
boot.initrd.luks.devices."luks-8ffd3129-4908-4209-98c4-4eb68a35c494".device = "/dev/disk/by-uuid/8ffd3129-4908-4209-98c4-4eb68a35c494";
boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "vmd" "nvme" "usb_storage" ];
specialisation.hyprland = {
inheritParentConfig = false;
configuration = import ./hyprland;
};
};
});
hyprland = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [ ./hyprland ];
};
};
};
}

View file

@ -1,8 +0,0 @@
{
self,
flake-utils,
...
}:
flake-utils.lib.eachDefaultSystem (system: {
formatter = self.packages.${system}.formatter;
})

View file

@ -0,0 +1,20 @@
{
config = {
programs.bash = {
enable = true;
shellAliases = {
htop = "btop";
gp = "git push";
gco = "git checkout";
gd = "git diff";
gc = "git commit";
gpl = "git pull";
gb = "git branch";
ga = "git add";
gl = "git log";
gs = "git status";
tf = "tofu";
};
};
};
}

View file

@ -0,0 +1,8 @@
{
config = {
programs.bat = {
enable = true;
config.theme = "gruvbox-dark";
};
};
}

View file

@ -1,223 +1,105 @@
{
lib,
config,
inputs,
...
}: {
{ pkgs, lib, config, ... }: {
imports = [
./bash
./neovim
./firefox
./tidal.nix
./gnome
./syncthing.nix
./vscode.nix
inputs.nix-index-database.hmModules.nix-index
inputs.sops-nix.homeManagerModules.sops
./ssh
./syncthing
./keepassxc
./git
./direnv
./thunderbird
./fzf
./bat
];
xsession.enable = true;
home = {
username = "pim";
homeDirectory = "/home/pim";
stateVersion = "23.05";
xdg = {
userDirs.enable = true;
mimeApps = {
enable = true;
defaultApplications = let
applications = {
telegram = {
mimeApp = "org.telegram.desktop.desktop";
mimeTypes = ["x-scheme-handler/tg"];
};
librewolf = {
mimeApp = "librewolf.desktop";
mimeTypes = [
"x-scheme-handler/http"
"text/html"
"application/xhtml+xml"
"x-scheme-handler/https"
"application/pdf"
packages = with pkgs; [
unstable.moonlight-qt
unstable.vlc
unstable.nicotine-plus
unstable.logseq
unstable.signal-desktop
unstable.telegram-desktop
unstable.strawberry
unstable.gimp
unstable.libreoffice
(pkgs.nerdfonts.override { fonts = [ "Hack" ]; })
virt-manager
gnome.gnome-tweaks
unstable.impression
poppler_utils # For pdfunite
silicon
unstable.dbeaver-bin
unstable.wireshark
units
btrfs-progs
exfat
unstable.qFlipper
f3
unstable.insomnia
unstable.vorta
jellyfin-media-player
jq
kubectl
file
yq
age
sops
nmap
unstable.devenv
unstable.attic-client
unstable.hexchat
sbctl
borgbackup
unstable.krita
unstable.bottles-unwrapped
];
};
gnomeTextEditor = {
mimeApp = "org.gnome.TextEditor.desktop";
mimeTypes = ["text/plain"];
};
loupe = {
mimeApp = "org.gnome.Loupe.desktop";
mimeTypes = [
"image/jpeg"
"image/png"
"image/gif"
"image/webp"
"image/tiff"
"image/x-tga"
"image/vnd-ms.dds"
"image/x-dds"
"image/bmp"
"image/vnd.microsoft.icon"
"image/vnd.radiance"
"image/x-exr"
"image/x-portable-bitmap"
"image/x-portable-graymap"
"image/x-portable-pixmap"
"image/x-portable-anymap"
"image/x-qoi"
"image/svg+xml"
"image/svg+xml-compressed"
"image/avif"
"image/heic"
"image/jxl"
];
};
};
mimeTypesForApp = {
mimeApp,
mimeTypes,
}:
map
(
mimeType: {"${mimeType}" = mimeApp;}
)
mimeTypes;
in
lib.zipAttrs (lib.flatten (map mimeTypesForApp (builtins.attrValues applications)));
};
};
programs = {
home-manager.enable = true;
bat.enable = true;
chromium.enable = true;
git.delta = {
terminator = {
enable = true;
options.syntax-theme = "gruvbox-dark";
config = {
profiles.default = {
# Gruvbox theme: https://github.com/egel/terminator-gruvbox
background_color = "#282828";
cursor_color = "#7c6f64";
foreground_color = "#ebdbb2";
palette =
"#181818:#cc241d:#98971a:#d79921:#458588:#b16286:#689d6a:#a89984:#928374:#fb4934:#b8bb26:#fabd2f:#83a598:#d3869b:#8ec07c:#ebdbb2";
};
fzf = {
enable = true;
enableZshIntegration = true;
keybindings = {
zoom_in = "<Ctrl>plus";
zoom_out = "<Ctrl>minus";
new_tab = "<Ctrl><Shift>T";
cycle_next = "<Ctrl>Tab";
cycle_prev = "<Ctrl><Shift>Tab";
split_horiz = "<Alt>C";
split_vert = "<Alt>V";
go_left = "<Alt>H";
go_right = "<Alt>L";
go_up = "<Alt>K";
go_down = "<Alt>J";
copy = "<Ctrl><Shift>C";
paste = "<Ctrl><Shift>V";
layout_launcher = ""; # Default <Alt>L
};
alacritty = {
enable = true;
settings.terminal.shell = {
program = lib.getExe config.programs.tmux.package;
args = ["attach"];
};
};
direnv = {
enable = true;
enableBashIntegration = true;
nix-direnv.enable = true;
};
atuin = {
enable = true;
flags = ["--disable-up-arrow"];
enableFishIntegration = true;
settings = {
auto_sync = true;
sync_frequency = "5m";
sync_address = "https://atuin.kun.is";
};
};
fish = {
enable = true;
interactiveShellInit = ''
set -U fish_greeting
'';
shellAbbrs = {
htop = "btop";
gp = "git push";
gpf = "git push --force";
gco = "git checkout";
gd = "git diff";
gc = "git commit";
gca = "git commit --amend";
gpl = "git pull";
gb = "git branch";
ga = "git add";
gl = "git log";
gs = "git status";
tf = "tofu";
};
};
starship = {
enable = true;
enableFishIntegration = true;
enableTransience = true;
settings.nix_shell.heuristic = true;
};
nix-index = {
enable = true;
enableFishIntegration = true;
};
tmux = {
enable = true;
shell = lib.getExe config.programs.fish.package;
shortcut = "a";
clock24 = true;
newSession = true;
mouse = true;
escapeTime = 10;
terminal = "screen-256color";
extraConfig = ''
unbind _
bind _ split-window -h
unbind -
bind - split-window -v
unbind h
bind h select-pane -L
unbind j
bind j select-pane -D
unbind k
bind k select-pane -U
unbind l
bind l select-pane -R
'';
};
ssh = {
enable = true;
extraConfig = "User root";
matchBlocks.github = lib.hm.dag.entryBefore ["*"] {
hostname = "github.com";
user = "pizzapim";
identitiesOnly = true;
};
};
git = {
enable = true;
userName = "Pim Kunis";
userEmail = "pim@kunis.nl";
extraConfig = {
push.autoSetupRemote = true;
commit.verbose = true;
pull.rebase = true;
init.defaultBranch = "master";
};
};
# Currently, it is not possible to have Home Manager manage Librewolf extensions.
# Currently, it is not possible to have Home Manager manage Liberwolf extensions.
# There is a draft PR which addresses this:
# https://github.com/nix-community/home-manager/pull/3339
# The extensions I currently use are:
@ -233,7 +115,6 @@
# - refined-github
librewolf = {
enable = true;
settings = {
"identity.fxaccounts.enabled" = true;
"privacy.clearOnShutdown.history" = false;
@ -244,4 +125,59 @@
};
};
};
# Let home-manager manage the X session
xsession = { enable = true; };
xdg = {
userDirs.enable = true;
configFile."home/postgresql_server.crt".source = ./postgresql_server.crt;
configFile."home/postgresql_client.crt".source = ./postgresql_client.crt;
};
homeage = {
identityPaths = [ "/home/pim/.ssh/age_ed25519" ];
installationType = "systemd";
file."common-pg-tfbackend" = {
source = ../secrets/common-pg-tfbackend.age;
symlinks = [ "${config.xdg.configHome}/home/common.pg.tfbackend" ];
};
file."ansible-vault-secret" = {
source = ../secrets/ansible-vault-secret.age;
symlinks = [ "${config.xdg.configHome}/home/ansible-vault-secret" ];
};
file."powerdns-api-key" = {
source = ../secrets/powerdns-api-key.json.age;
symlinks = [ "${config.xdg.configHome}/home/powerdns-api-key.json" ];
};
file."postgresql_client.key" = {
source = ../secrets/postgresql_client.key.age;
symlinks = [ "${config.xdg.configHome}/home/postgresql_client.key" ];
};
};
fonts.fontconfig.enable = true;
dconf.settings = with lib.hm.gvariant; {
"org/gnome/desktop/input-sources" = {
sources = [ (mkTuple [ "xkb" "us" ]) ];
xkb-options = [ "terminate:ctrl_alt_bksp" "caps:escape" ];
};
"org/gnome/desktop/interface" = {
monospace-font-name = "Hack Nerd Font Mono 10";
};
"org/gnome/desktop/sound" = {
allow-volume-above-100-percent = true;
};
"org.gnome.desktop.wm.preferences" = {
auto-raise = true;
};
};
}

View file

@ -0,0 +1,9 @@
{
config = {
programs.direnv = {
enable = true;
enableBashIntegration = true;
nix-direnv.enable = true;
};
};
}

View file

@ -1,4 +1,5 @@
pkgs: lib: let
pkgs: lib:
let
rycee-addons = pkgs.nur.repos.rycee.firefox-addons;
custom-addons = import ./custom-addons.nix pkgs lib;
in

View file

@ -1,15 +1,8 @@
pkgs: lib: let
pkgs: lib:
let
# Stolen from: https://github.com/nix-community/nur-combined/blob/master/repos/rycee/pkgs/firefox-addons/default.nix
buildFirefoxXpiAddon = lib.makeOverridable ({
stdenv ? pkgs.stdenv,
fetchurl ? pkgs.fetchurl,
pname,
version,
addonId,
url,
sha256,
meta,
...
buildFirefoxXpiAddon = lib.makeOverridable ({ stdenv ? pkgs.stdenv
, fetchurl ? pkgs.fetchurl, pname, version, addonId, url, sha256, meta, ...
}:
stdenv.mkDerivation {
name = "${pname}-${version}";
@ -32,11 +25,13 @@ in {
pname = "http-version-indicator";
version = "3.2.1";
addonId = "spdyindicator@chengsun.github.com";
url = "https://addons.mozilla.org/firefox/downloads/file/3767224/http2_indicator-3.2.1.xpi";
url =
"https://addons.mozilla.org/firefox/downloads/file/3767224/http2_indicator-3.2.1.xpi";
sha256 = "be9518017334ce502a1da514542c2ca4f974217d0c8e6c7c31d518aba57c09a8";
meta = with lib; {
homepage = "https://github.com/bsiegel/http-version-indicator";
description = "An indicator showing the HTTP version used to load the page in the address bar.";
description =
"An indicator showing the HTTP version used to load the page in the address bar.";
mozPermissions = [ "<all_urls>" "tabs" "webNavigation" "webRequest" ];
platforms = platforms.all;
};
@ -45,11 +40,13 @@ in {
pname = "indicatetls";
version = "0.3.0";
addonId = "{252ee273-8c8d-4609-b54d-62ae345be0a1}";
url = "https://addons.mozilla.org/firefox/downloads/file/3608595/indicatetls-0.3.0.xpi";
url =
"https://addons.mozilla.org/firefox/downloads/file/3608595/indicatetls-0.3.0.xpi";
sha256 = "7a3b7edb1085f7b15d279c1013fac1d68f5247cfd6312d5275cb053e24a79465";
meta = with lib; {
homepage = "https://github.com/jannispinter/indicatetls";
description = "Displays negotiated SSL/TLS protocol version and additional security information in the address bar";
description =
"Displays negotiated SSL/TLS protocol version and additional security information in the address bar";
license = licenses.mpl20;
mozPermissions = [
"tabs"
@ -66,11 +63,13 @@ in {
pname = "sixindicator";
version = "1.3.0";
addonId = "{8c9cad02-c069-4e93-909d-d874da819c49}";
url = "https://addons.mozilla.org/firefox/downloads/file/3493442/sixindicator-1.3.0.xpi";
url =
"https://addons.mozilla.org/firefox/downloads/file/3493442/sixindicator-1.3.0.xpi";
sha256 = "415ab83ed4ac94d1efe114752a09df29536d1bd54cc9b7e5ce5d9ee55a84226d";
meta = with lib; {
homepage = "https://github.com/HostedDinner/SixIndicator";
description = "Shows a simple icon, if IPv6 or IPv4 was used for the request of the site. When clicking on the icon, more information is shown, like the number of requests per domain and if these requests were made via IPv6 or IPv4.";
description =
"Shows a simple icon, if IPv6 or IPv4 was used for the request of the site. When clicking on the icon, more information is shown, like the number of requests per domain and if these requests were made via IPv6 or IPv4.";
license = licenses.mit;
mozPermissions = [ "tabs" "webRequest" "<all_urls>" ];
platforms = platforms.all;
@ -80,7 +79,8 @@ in {
pname = "simple-style-fox-2";
version = "10.0";
addonId = "{317526c6-ff2b-49c9-822e-d77b4a3da1d1}";
url = "https://addons.mozilla.org/firefox/downloads/file/3934220/simple_style_fox_2-10.0.xpi";
url =
"https://addons.mozilla.org/firefox/downloads/file/3934220/simple_style_fox_2-10.0.xpi";
sha256 = "1aaac3ba08d21086d7087015f92a27661940df45a97bf5680588c883f799a97d";
meta = with lib; {
description = "Simple style fox 2";

View file

@ -1,9 +1,5 @@
{
pkgs,
lib,
config,
...
}: let
{ pkgs, lib, ... }:
let
firefoxAddons = import ./addons.nix pkgs lib;
firefoxSettings = {
"browser.aboutConfig.showWarning" = false;
@ -18,11 +14,9 @@
"browser.newtabpage.activity-stream.showSponsored" = false;
"browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
};
cfg = config.pim.firefox;
in {
options.pim.firefox.enable = lib.mkEnableOption "firefox";
config = lib.mkIf cfg.enable {
in
{
config = {
programs.firefox = {
enable = true;
profiles = {

View file

@ -0,0 +1,8 @@
{
config = {
programs.fzf = {
enable = true;
enableBashIntegration = true;
};
};
}

View file

@ -0,0 +1,18 @@
{
config = {
programs.git = {
enable = true;
userName = "Pim Kunis";
userEmail = "pim@kunis.nl";
extraConfig = {
push.autoSetupRemote = true;
commit.verbose = true;
pull.rebase = true;
};
includes = [{
path = "~/git/suecode/.gitconfig";
condition = "gitdir:~/git/suecode/**";
}];
};
};
}

View file

@ -1,94 +0,0 @@
{
pkgs,
lib,
self,
config,
...
}: let
cfg = config.pim.gnome;
in {
options.pim.gnome.enable = lib.mkEnableOption "gnome";
config = lib.mkIf cfg.enable {
home.packages = [pkgs.gnome-tweaks];
dconf.settings = with lib.hm.gvariant; {
"org/gnome/desktop/sound".allow-volume-above-100-percent = true;
"org/gnome/desktop/wm/preferences".num-workspaces = 4;
"org/gnome/mutter".edge-tiling = true;
"org/gnome/shell" = {
disable-extension-version-validation = true;
enabled-extensions = [
"workspaces-by-open-apps@favo02.github.com"
"pop-shell@system76.com"
"windowIsReady_Remover@nunofarruca@gmail.com"
"randomwallpaper@iflow.space"
"Vitals@CoreCoding.com"
"tailscale-status@maxgallup.github.com"
];
};
"org/gnome/desktop/input-sources" = {
sources = [(mkTuple ["xkb" "us"])];
xkb-options = ["terminate:ctrl_alt_bksp" "caps:escape"];
};
"org/gnome/shell/extensions/pop-shell" = {
active-hint = true;
fullscreen-launcher = false;
mouse-cursor-focus-location = mkUint32 4;
mouse-cursor-follows-active-window = true;
show-skip-taskbar = false;
show-title = true;
smart-gaps = false;
snap-to-grid = false;
stacking-with-mouse = true;
tile-by-default = true;
};
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = {
binding = "<Super>t";
command = lib.getExe config.programs.alacritty.package;
name = "Terminal";
};
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1" = {
binding = "<Super>e";
command = "${lib.getExe config.programs.librewolf.package} --browser";
name = "Browser";
};
"org/gnome/desktop/wm/keybindings" = {
close = ["<Shift><Super>q"];
minimize = mkEmptyArray type.string;
move-to-workspace-1 = ["<Shift><Super>1"];
move-to-workspace-2 = ["<Shift><Super>2"];
move-to-workspace-3 = ["<Shift><Super>3"];
move-to-workspace-4 = ["<Shift><Super>4"];
switch-applications = mkEmptyArray type.string;
switch-applications-backward = mkEmptyArray type.string;
switch-to-workspace-1 = ["<Super>1"];
switch-to-workspace-2 = ["<Super>2"];
switch-to-workspace-3 = ["<Super>3"];
switch-to-workspace-4 = ["<Super>4"];
toggle-fullscreen = ["<Super>f"];
};
"org/gnome/shell/extensions/space-iflow-randomwallpaper" = {
auto-fetch = true;
change-type = 2;
hide-panel-icon = true;
history-length = 1;
hours = 0;
minutes = 30;
sources = ["42"];
fetch-on-startup = true;
};
"org/gnome/shell/extensions/space-iflow-randomwallpaper/sources/general/42".type = 4;
"org/gnome/shell/extensions/space-iflow-randomwallpaper/sources/localFolder/42".folder = builtins.toString ./wallpapers;
};
};
}

View file

@ -0,0 +1,9 @@
{ pkgs, config, ... }: {
config = {
home.packages = [ pkgs.unstable.keepassxc ];
homeage.file."keepassxc.ini" = {
source = ../../secrets/keepassxc.ini.age;
symlinks = [ "${config.xdg.configHome}/keepassxc/keepassxc.ini" ];
};
};
}

View file

@ -1,18 +1,5 @@
{
pkgs,
config,
lib,
...
}: let
cfg = config.pim.neovim;
in {
options.pim.neovim.enable = lib.mkEnableOption "neovim";
config = lib.mkIf cfg.enable {
# Disable Stylix styling of Neovim,
# because we have a plugin for that.
stylix.targets.neovim.enable = false;
{ pkgs, ... }: {
config = {
programs.neovim = {
enable = true;
viAlias = true;
@ -23,7 +10,8 @@ in {
extraPackages = with pkgs; [
nil
pyright
nodePackages.pyright
neofetch
gopls
terraform-ls
nixfmt-classic

View file

@ -45,21 +45,14 @@ require("lspconfig").terraformls.setup({
capabilities = capabilities,
})
local function has_treefmt()
local git_root = vim.fn.systemlist("git rev-parse --show-toplevel")[1]
if vim.v.shell_error ~= 0 then
return false
end
local treefmt_path = git_root .. "/treefmt.nix"
return vim.fn.filereadable(treefmt_path) == 1
end
vim.api.nvim_create_autocmd("BufWritePost", {
pattern = "*",
callback = function()
if vim.fn.expand("%:p") ~= vim.fn.getcwd() .. "/.git/COMMIT_EDITMSG" and has_treefmt() then
vim.cmd("silent !treefmt > /dev/null 2>&1")
end
end,
group = vim.api.nvim_create_augroup("TreefmtAutoformat", { clear = true }),
})
-- require'lspconfig'.efm.setup {
-- on_attach = require("lsp-format").on_attach,
-- init_options = {documentFormatting = true},
-- settings = {
-- languages = {
-- lua = {{formatCommand = "lua-format -i", formatStdin = true}},
-- nix = {{formatCommand = "nixfmt", formatStdin = true}}
-- }
-- },
-- filetypes = {"lua", "nix"}
-- }

View file

@ -20,24 +20,24 @@ require("null-ls").setup({
},
-- configure format on save
-- on_attach = function(current_client, bufnr)
-- if current_client.supports_method("textDocument/formatting") then
-- vim.api.nvim_clear_autocmds({ group = augroup, buffer = bufnr })
-- vim.api.nvim_create_autocmd("BufWritePre", {
-- group = augroup,
-- buffer = bufnr,
-- callback = function()
-- vim.lsp.buf.format({
-- filter = function(client)
-- -- only use null-ls for formatting instead of lsp server
-- return client.name == "null-ls"
-- end,
-- bufnr = bufnr,
-- })
-- end,
-- })
-- end
-- end,
on_attach = function(current_client, bufnr)
if current_client.supports_method("textDocument/formatting") then
vim.api.nvim_clear_autocmds({ group = augroup, buffer = bufnr })
vim.api.nvim_create_autocmd("BufWritePre", {
group = augroup,
buffer = bufnr,
callback = function()
vim.lsp.buf.format({
filter = function(client)
-- only use null-ls for formatting instead of lsp server
return client.name == "null-ls"
end,
bufnr = bufnr,
})
end,
})
end
end,
})
-- formatting command

View file

@ -0,0 +1,17 @@
-----BEGIN CERTIFICATE-----
MIICrzCCAZcCFApupXAa2tPytpi3av47+az0Ggb4MA0GCSqGSIb3DQEBCwUAMBQx
EjAQBgNVBAMMCWplZmtlLmh5cDAeFw0yMzExMjQyMjAzMjhaFw0yNDExMjMyMjAz
MjhaMBQxEjAQBgNVBAMMCXRlcnJhZm9ybTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALeJ/fYUCmwislUw4XcCxivCUuWuUWI+t/nke9/hWEWTmDG4Z7/a
IAKqsGk0zNATQViAXmYZwdYK70AKQhxat3OJcuZarsurOXVjVJdT4Wr5SxHGHjd0
bwd8JzFZPIfgYCILCISFjCIfpD58kBq2bkvI4rpn4tb2iPunXp0+S8iHDMB5wAOb
FgT0muuz9ua4R76nq79O9wLbAVf38CDR9bMGcPcKknz0sl37jr7A/pDvQzpFWO33
eJb64b7Qe4CHslWFj1tdEkXaMpMNWHhc2TmtLtlt6a+RY1R9KdX5x0lQTyJnEwJZ
8YTKnlMoNvkfBznuARFmNNmUYPoHE6WgonMCAwEAATANBgkqhkiG9w0BAQsFAAOC
AQEAaH1HVPThhAkrXE4Zmh49D1zvq5uy6moV326/ovnPQfco2jYBYO5mYxBF32mx
ShEanbJJKkFjWkQHmsWt7nrkeloz6q8sD19nLyyWmMj0Pd6wcLv017Zdo902fh27
Rl8qZS44vEc+N/5gc2eINMfXm/JOdXYntOVpFO/I+6b9Q2iWFX3YUAXiIDiEYBvS
BBqyXC2nVg6Lp1KVg+EaYW27sj8b5HHXnpEGdXduVmOWttdaQVjYslqmH7mUKi9f
2U9FicMvw6KvkRki+SLKeZr2yIP1QQOnWg0BPbeCpMfdMSu/AtLkAtugZeT8p1Ko
3hMMyKKzyyhiwpzvk21QFNZ5LA==
-----END CERTIFICATE-----

View file

@ -0,0 +1,67 @@
Certificate:
Data:
Version: 1 (0x0)
Serial Number:
ef:2f:4d:d4:26:7e:33:1b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=jefke.hyp
Validity
Not Before: Nov 22 19:12:03 2023 GMT
Not After : Oct 29 19:12:03 2123 GMT
Subject: CN=jefke.hyp
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:ab:eb:9c:d0:7f:4f:f1:ba:65:0a:8b:07:7b:
2e:5b:f0:26:82:33:c9:73:e6:91:cc:11:94:05:1c:
8d:67:29:cb:5e:67:35:02:80:54:af:99:4b:aa:ce:
e8:56:62:be:63:cb:b2:4a:b0:a9:28:12:e2:77:50:
7d:d5:d2:3b:48:d8:32:59:25:26:ff:a6:5c:f6:eb:
ae:5b:3d:7a:14:10:ba:90:9c:6f:1f:b9:d8:99:0e:
b7:09:5e:62:69:c4:c0:c6:27:b0:d3:60:0d:47:4c:
a5:11:53:f2:f1:4a:f9:a6:bc:d6:a3:35:a2:e8:e5:
a9:d1:60:e8:e5:18:ce:d2:60:80:4e:dc:48:ae:7f:
b7:ea:76:51:28:39:a4:b0:95:82:95:93:98:b2:9f:
23:c9:81:69:59:a3:e4:f7:5a:1c:01:31:96:c1:4b:
59:21:f8:a2:e6:9e:21:78:0e:6b:c1:68:c7:5c:16:
9a:06:54:df:b6:77:1d:2d:89:d0:c8:9e:db:b5:d4:
8c:fb:b9:4f:b7:6e:39:5f:39:8e:48:73:76:7d:46:
6e:1f:8d:14:cb:40:b5:ff:c6:f0:c0:44:3c:ed:52:
3f:4f:7b:69:63:93:c6:41:e6:5e:ed:33:50:20:46:
db:93:bf:e8:52:51:95:f1:81:73:58:da:67:21:7b:
12:bd
Exponent: 65537 (0x10001)
Signature Algorithm: sha256WithRSAEncryption
aa:5c:89:41:a6:b7:3d:65:87:ca:50:c4:f3:58:aa:d3:b4:55:
b1:a7:8d:18:26:17:e5:8a:21:24:a1:49:53:77:31:5b:55:63:
be:01:d8:fe:b7:06:7c:da:07:1f:94:6a:de:96:ad:ca:3b:20:
2a:e1:35:90:19:83:6d:37:d1:15:12:de:3c:0e:46:be:66:a1:
6a:1d:ec:72:dc:46:79:69:e4:af:77:c8:ff:cd:d6:7d:16:88:
ab:44:fd:70:fc:40:47:ff:43:95:11:5a:9a:56:0c:d2:dd:7c:
3b:87:aa:10:26:fa:25:a3:a0:43:8a:1b:ec:54:11:7e:65:67:
d2:06:e1:3e:3b:e1:0e:b0:80:ef:4b:35:3f:fc:34:1d:95:2e:
ee:c1:67:38:da:b3:74:86:4b:95:8c:0c:1d:51:28:c1:42:e9:
77:68:d7:ec:3b:66:30:c6:e5:2a:62:ea:15:fb:24:56:cf:02:
d0:25:54:a7:58:15:b5:2a:71:93:56:c0:69:7a:36:18:6c:31:
b1:8e:3c:77:d7:77:ac:fc:e1:94:c5:08:bb:35:ac:48:5f:6b:
8b:c8:c8:78:f4:a9:ca:4f:9d:51:54:89:97:c9:af:a1:fa:71:
df:58:f6:ff:04:7c:c8:1c:95:6b:1a:e3:a7:f6:43:1c:27:94:
10:03:ce:ec
-----BEGIN CERTIFICATE-----
MIICpjCCAY4CCQDvL03UJn4zGzANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAlq
ZWZrZS5oeXAwIBcNMjMxMTIyMTkxMjAzWhgPMjEyMzEwMjkxOTEyMDNaMBQxEjAQ
BgNVBAMMCWplZmtlLmh5cDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AMer65zQf0/xumUKiwd7LlvwJoIzyXPmkcwRlAUcjWcpy15nNQKAVK+ZS6rO6FZi
vmPLskqwqSgS4ndQfdXSO0jYMlklJv+mXPbrrls9ehQQupCcbx+52JkOtwleYmnE
wMYnsNNgDUdMpRFT8vFK+aa81qM1oujlqdFg6OUYztJggE7cSK5/t+p2USg5pLCV
gpWTmLKfI8mBaVmj5PdaHAExlsFLWSH4ouaeIXgOa8Fox1wWmgZU37Z3HS2J0Mie
27XUjPu5T7duOV85jkhzdn1Gbh+NFMtAtf/G8MBEPO1SP097aWOTxkHmXu0zUCBG
25O/6FJRlfGBc1jaZyF7Er0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAqlyJQaa3
PWWHylDE81iq07RVsaeNGCYX5YohJKFJU3cxW1VjvgHY/rcGfNoHH5Rq3patyjsg
KuE1kBmDbTfRFRLePA5Gvmahah3sctxGeWnkr3fI/83WfRaIq0T9cPxAR/9DlRFa
mlYM0t18O4eqECb6JaOgQ4ob7FQRfmVn0gbhPjvhDrCA70s1P/w0HZUu7sFnONqz
dIZLlYwMHVEowULpd2jX7DtmMMblKmLqFfskVs8C0CVUp1gVtSpxk1bAaXo2GGwx
sY48d9d3rPzhlMUIuzWsSF9ri8jIePSpyk+dUVSJl8mvofpx31j2/wR8yByVaxrj
p/ZDHCeUEAPO7A==
-----END CERTIFICATE-----

View file

@ -0,0 +1,30 @@
{ config, lib, ... }: {
config = {
programs.ssh = {
enable = true;
extraConfig = "User root";
matchBlocks = {
github = lib.hm.dag.entryBefore [ "*" ] {
hostname = "github.com";
user = "pizzapim";
identitiesOnly = true;
};
lewis = lib.hm.dag.entryBefore [ "*" ] { hostname = "lewis.dmz"; };
atlas = lib.hm.dag.entryBefore [ "*" ] { hostname = "atlas.dmz"; };
jefke = lib.hm.dag.entryBefore [ "*" ] { hostname = "jefke.dmz"; };
warwick = lib.hm.dag.entryBefore [ "*" ] { hostname = "warwick.dmz"; };
};
};
homeage.file."sue_ed25519" = {
source = ../../secrets/sue_ed25519.age;
symlinks = [ "${config.home.homeDirectory}/.ssh/sue_ed25519" ];
};
homeage.file."sue_azure_rsa" = {
source = ../../secrets/sue_azure_rsa.age;
symlinks = [ "${config.home.homeDirectory}/.ssh/sue_azure_rsa" ];
};
};
}

View file

@ -1,18 +0,0 @@
{
config,
lib,
...
}: let
cfg = config.pim.syncthing;
in {
options.pim.syncthing.enable = lib.mkEnableOption "syncthing";
config = lib.mkIf cfg.enable {
services.syncthing.enable = true;
sops.secrets = {
"syncthing/key".path = "${config.xdg.configHome}/syncthing/key.pem";
"syncthing/cert".path = "${config.xdg.configHome}/syncthing/cert.pem";
};
};
}

View file

@ -0,0 +1,15 @@
{ config, ... }: {
config = {
services.syncthing.enable = true;
homeage.file."syncthing-key.pem" = {
source = ../../secrets/syncthing-key.pem.age;
symlinks = [ "${config.xdg.configHome}/syncthing/key.pem" ];
};
homeage.file."syncthing-cert.pem" = {
source = ../../secrets/syncthing-cert.pem.age;
symlinks = [ "${config.xdg.configHome}/syncthing/cert.pem" ];
};
};
}

View file

@ -0,0 +1,8 @@
{
config = {
programs.thunderbird = {
enable = true;
profiles.default = { isDefault = true; };
};
};
}

View file

@ -1,16 +0,0 @@
{
config,
lib,
pkgs,
...
}: let
cfg = config.pim.tidal;
in {
options.pim.tidal.enable = lib.mkEnableOption "tidal";
config = lib.mkIf cfg.enable {
home.packages = with pkgs; [
supercollider-with-sc3-plugins
];
};
}

View file

@ -1,32 +0,0 @@
{
pkgs,
lib,
config,
...
}: let
cfg = config.pim.vscode;
in {
options.pim.vscode.enable = lib.mkEnableOption "vscode";
config = lib.mkIf cfg.enable {
programs.vscode = {
enable = true;
package = pkgs.vscodium;
extensions = with pkgs.vscode-extensions; [
vscodevim.vim
marp-team.marp-vscode
jnoortheen.nix-ide
mkhl.direnv
];
userSettings = {
"nix.enableLanguageServer" = true;
"nix.serverPath" = lib.getExe pkgs.nil;
"terminal.integrated.defaultProfile.linux" = "fish";
"explorer.confirmDragAndDrop" = false;
"explorer.confirmPasteNative" = false;
"explorer.confirmDelete" = false;
};
};
};
}

183
hyprland/default.nix Normal file
View file

@ -0,0 +1,183 @@
{ pkgs, config, lib, inputs, ... }: {
imports = [
inputs.stylix.nixosModules.stylix
../modules/nixos/lanzaboote.nix
inputs.nixos-hardware.nixosModules.dell-xps-13-9310
inputs.home-manager.nixosModules.home-manager
];
time.timeZone = "Europe/Amsterdam";
i18n.defaultLocale = "en_US.UTF-8";
sound.enable = true;
programs = {
hyprland = {
enable = true;
package = inputs.hyprland.packages."${pkgs.system}".hyprland;
};
dconf.enable = true;
file-roller.enable = true;
};
services = {
xserver = {
displayManager.gdm = {
enable = true;
wayland = true;
};
enable = true;
excludePackages = [ pkgs.xterm ];
};
printing.enable = true;
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
};
dbus = {
enable = true;
packages = [ pkgs.gnome3.gnome-keyring pkgs.gcr ];
};
gnome = {
gnome-keyring.enable = true;
sushi.enable = true;
};
};
users = {
users.pim = {
isNormalUser = true;
extraGroups = [ "wheel" "input" "wireshark" "dialout" ];
};
};
environment = {
variables.NIXOS_OZONE_WL = "1";
systemPackages = with pkgs; [
wget
curl
git
btop
ripgrep
vim
tree
dig
jq
file
sbctl
];
etc."greetd/environments".text = "hyprland";
};
system.stateVersion = "24.05";
security = {
rtkit.enable = true;
sudo.extraConfig = ''
Defaults timestamp_timeout=30
'';
};
nix = {
package = pkgs.nixFlakes;
settings.trusted-users = [ "root" "pim" ];
extraOptions = ''
experimental-features = nix-command flakes
'';
};
nixpkgs.hostPlatform = "x86_64-linux";
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "libfprint-2-tod1-goodix" ];
boot = {
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
initrd = {
kernelModules = [ ];
};
kernel.sysctl = {
"net.core.default_qdisc" = "fq";
"net.ipv4.tcp_congestion_control" = "bbr";
};
};
hardware = {
cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
pulseaudio.enable = false;
opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
extraPackages = with pkgs; [ vaapiVdpau libvdpau-va-gl ];
};
};
pim.lanzaboote.enable = true;
networking.hostName = "xps-9315";
swapDevices = [{ device = "/dev/disk/by-uuid/96a43c35-0174-4e92-81f0-168a5f601f0b"; }];
fileSystems = {
"/" =
{
device = "/dev/disk/by-uuid/31638735-5cc4-4013-8037-17e30edcbb0a";
fsType = "ext4";
};
"/boot" =
{
device = "/dev/disk/by-uuid/560E-F8A2";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
};
boot.initrd.luks.devices."luks-8ffd3129-4908-4209-98c4-4eb68a35c494".device = "/dev/disk/by-uuid/8ffd3129-4908-4209-98c4-4eb68a35c494";
boot.initrd.availableKernelModules = [ "sd_mod" "xhci_pci" "thunderbolt" "vmd" "nvme" "usb_storage" ];
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
extraSpecialArgs = { inherit inputs; };
users.pim = {
imports = [ ./home.nix ];
};
};
stylix = {
base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-dark-medium.yaml";
image = "${inputs.hyprland}/assets/wall2.png";
cursor = {
package = pkgs.bibata-cursors;
name = "Bibata-Modern-Ice";
};
fonts = {
monospace = {
package = pkgs.nerdfonts.override { fonts = [ "JetBrainsMono" ]; };
name = "JetBrainsMono Nerd Font Mono";
};
sansSerif = {
package = pkgs.dejavu_fonts;
name = "DejaVu Sans";
};
serif = {
package = pkgs.dejavu_fonts;
name = "DejaVu Serif";
};
};
};
}

191
hyprland/home.nix Normal file
View file

@ -0,0 +1,191 @@
{ pkgs, lib, config, inputs, ... }: {
imports = [
../home-manager/neovim
./waybar/style.css.nix
./waybar/config.jsonc.nix
];
home = {
username = "pim";
homeDirectory = "/home/pim";
stateVersion = "23.05";
packages = with pkgs; [
hyprland
telegram-desktop
signal-desktop
];
};
programs = {
home-manager.enable = true;
alacritty.enable = true;
librewolf = {
enable = true;
settings = {
"identity.fxaccounts.enabled" = true;
"privacy.clearOnShutdown.history" = false;
"privacy.clearOnShutdown.downloads" = false;
"browser.translations.automaticallyPopup" = false;
"browser.aboutConfig.showWarning" = false;
"privacy.clearOnShutdown.cookies" = false;
};
};
waybar = {
enable = true;
systemd = {
enable = true;
target = "hyprland-session.target";
};
};
};
fonts.fontconfig.enable = true;
wayland.windowManager.hyprland =
let
mainMod = "SUPER";
terminalEmulator = lib.getExe config.programs.alacritty.package;
fileManager = lib.getExe pkgs.gnome.nautilus;
webBrowser = lib.getExe config.programs.librewolf.package;
launcherCommand = "${lib.getExe pkgs.wofi} --show drun --allow-images --insensitive --matching fuzzy";
# startupScript = pkgs.writeShellScriptBin "hyprlandStart.sh" ''
# ${lib.getExe pkgs.waybar} &
# '';
in
{
enable = true;
settings = {
# exec-once = "${lib.getExe startupScript}";
monitor = ",preferred,auto,auto";
env = [
"XCURSOR_SIZE,24"
"HYPRCURSOR_SIZE,24"
];
general = {
gaps_in = 5;
gaps_out = 20;
border_size = 2;
resize_on_border = false;
layout = "dwindle";
};
decoration = {
rounding = 10;
active_opacity = "1.0";
inactive_opacity = "1.0";
drop_shadow = true;
shadow_range = 4;
shadow_render_power = 3;
blur = {
enabled = true;
size = 3;
passes = 1;
vibrancy = "0.1696";
};
};
animations = {
enabled = true;
bezier = "myBezier, 0.05, 0.9, 0.1, 1.05";
animation = [
"windows, 1, 7, myBezier"
"windowsOut, 1, 7, default, popin 80%"
"border, 1, 10, default"
"borderangle, 1, 8, default"
"fade, 1, 7, default"
"workspaces, 1, 6, default"
];
};
dwindle = {
pseudotile = true;
preserve_split = true;
};
master.new_is_master = true;
misc = {
force_default_wallpaper = -1;
disable_hyprland_logo = false;
};
input = {
follow_mouse = 1;
sensitivity = 0;
touchpad.natural_scroll = true;
};
gestures.workspace_swipe = false;
bind = [
"${mainMod}, T, exec, ${terminalEmulator}"
"${mainMod}, D, exec, ${fileManager}"
"${mainMod}, E, exec, ${webBrowser}"
"${mainMod}, W, exec, ${launcherCommand}"
"${mainMod} SHIFT, Q, killactive"
"${mainMod}, M, exit"
"${mainMod}, V, togglefloating"
"${mainMod}, P, pseudo,"
"${mainMod}, C, togglesplit,"
"${mainMod}, F, fullscreen, 0"
"${mainMod}, left, movefocus, l"
"${mainMod}, right, movefocus, r"
"${mainMod}, up, movefocus, u"
"${mainMod}, down, movefocus, d"
"${mainMod}, H, movefocus, l"
"${mainMod}, L, movefocus, r"
"${mainMod}, K, movefocus, u"
"${mainMod}, J, movefocus, d"
"${mainMod} SHIFT, H, movewindow, l"
"${mainMod} SHIFT, L, movewindow, r"
"${mainMod} SHIFT, K, movewindow, u"
"${mainMod} SHIFT, J, movewindow, d"
"${mainMod} Control&SHIFT, H, resizeactive, exact -10% 0"
"${mainMod} Control&SHIFT, L, resizeactive, exact 10% 0"
"${mainMod} Control&SHIFT, K, resizeactive, exact 0 -10%"
"${mainMod} Control&SHIFT, J, resizeactive, exact 0 10%"
"${mainMod}, 1, workspace, 1"
"${mainMod}, 2, workspace, 2"
"${mainMod}, 3, workspace, 3"
"${mainMod}, 4, workspace, 4"
"${mainMod}, 5, workspace, 5"
"${mainMod}, 6, workspace, 6"
"${mainMod}, 7, workspace, 7"
"${mainMod}, 8, workspace, 8"
"${mainMod}, 9, workspace, 9"
"${mainMod}, 0, workspace, 10"
"${mainMod} SHIFT, 1, movetoworkspace, 1"
"${mainMod} SHIFT, 2, movetoworkspace, 2"
"${mainMod} SHIFT, 3, movetoworkspace, 3"
"${mainMod} SHIFT, 4, movetoworkspace, 4"
"${mainMod} SHIFT, 5, movetoworkspace, 5"
"${mainMod} SHIFT, 6, movetoworkspace, 6"
"${mainMod} SHIFT, 7, movetoworkspace, 7"
"${mainMod} SHIFT, 8, movetoworkspace, 8"
"${mainMod} SHIFT, 9, movetoworkspace, 9"
"${mainMod} SHIFT, 0, movetoworkspace, 10"
"${mainMod}, mouse_down, workspace, e+1"
"${mainMod}, mouse_up, workspace, e-1"
];
bindm = [
"${mainMod}, mouse:272, movewindow"
"${mainMod}, mouse:273, resizewindow"
];
windowrulev2 = "suppressevent maximize, class:.*";
};
};
}

View file

@ -0,0 +1,183 @@
{ pkgs, config, lib, ... }: {
xdg.configFile."waybar/config" = {
onChange = ''
${pkgs.procps}/bin/pkill -u $USER -USR2 waybar || true
'';
text =
let
palette = config.stylix.generated.palette;
in
''
{
"layer": "top",
// "output": [],
"position": "top",
"height": 36,
// "width": 900,
// "margin": "",
"margin-top": 10,
"margin-bottom": 0,
"margin-left": 10,
"margin-right": 10,
"spacing": 10,
"gtk-layer-shell": true,
"border-radius": 10,
"clock": {
"interval": 1,
"format": " {:%I:%M} ",
"format-alt": " {:%A, %d %B} ",
// "on-click": "gnome-calendar",
"tooltip": true,
"tooltip-format": "{calendar}",
"calendar": {
"mode": "year",
"mode-mon-col": 3,
"format": {
"today": "<span color='#${palette.base0F}'>{}</span>"
}
}
},
"modules-left": [
"clock",
"hyprland/workspaces",
"custom/notification"
],
"modules-center": [
"hyprland/submap",
"hyprland/window"
],
"modules-right": [
// "cpu",
// "memory",
"network#wlp2s0",
"bluetooth",
"backlight",
// "pulseaudio#microphone",
"pulseaudio#audio",
"battery",
"tray"
],
"hyprland/workspaces": {
"format": " {icon} ",
"format-icons": {
"default": "󰄰",
"active": ""
},
"on-click": "activate"
},
"hyprland/submap": {
"format": "{}",
"tooltip": false
},
"hyprland/window": {
"format": " {} ",
"separate-outputs": false
},
"tray": {
"icon-size": 15,
"spacing": 10
},
"cpu": {
"format": " {usage}%",
"on-click": "",
"tooltip": false
},
"memory": {
"format": "󰍛 {used:0.1f}GB ({percentage}%) / {total:0.1f}GB",
"on-click": "",
"tooltip": false
},
"backlight": {
"format": " {icon} {percent} ",
"format-icons": [
"󰃟"
],
"on-scroll-up": "${lib.getExe pkgs.brightnessctl} set +5%",
"on-scroll-down": "${lib.getExe pkgs.brightnessctl} set 5%-",
"on-click": "${lib.getExe pkgs.brightnessctl} set 1",
"tooltip": false
},
"pulseaudio#audio": {
"format": " {icon} {volume:2} ",
"format-bluetooth": " {icon} {volume}% ",
"format-muted": " {icon} Muted ",
"format-icons": {
"headphones": "",
"default": [
"",
""
]
},
"scroll-step": 5,
"on-click": "pavucontrol",
"on-click-right": "pamixer -t"
},
"network#wlp2s0": {
"interval": 1,
"interface": "wlan0",
"format-icons": [
"󰤯",
"󰤟",
"󰤢",
"󰤥",
"󰤨"
],
"format-wifi": " {icon} ", // added multiple spaces to the right, was not aligning center correctly, still is not :(
"format-disconnected": "󰤮",
"on-click": "iwgtk",
"tooltip": true,
"tooltip-format": "󰢮 {ifname}\n󰩟 {ipaddr}/{cidr}\n{icon} {essid}\n󱑽 {signalStrength}% {signaldBm} dBm {frequency} MHz\n󰞒 {bandwidthDownBytes}\n󰞕 {bandwidthUpBytes}"
},
"bluetooth": {
"format-disabled": " 󰂲 ",
"format-off": " 󰂲 ",
"format-on": " 󰂯 ",
"format-connected": " 󰂯 ",
"format-connected-battery": " 󰂯 ",
"tooltip-format-connected": " {device_alias} 󰂄{device_battery_percentage} ",
"on-click": "blueberry",
"tooltip": true
},
"battery": {
"states": {
"warning": 20,
"critical": 10
},
"format": " {icon} {capacity} ",
"format-charging": " 󰂄 {capacity} ",
"format-plugged": " 󱘖 {capacity} ",
"format-icons": [
"󰁺",
"󰁻",
"󰁼",
"󰁽",
"󰁾",
"󰁿",
"󰂀",
"󰂁",
"󰂂",
"󰁹"
],
"on-click": "",
"tooltip": false
}
}
'';
};
}

View file

@ -0,0 +1,204 @@
{ config, ... }: {
programs.waybar.style =
let
palette = config.stylix.generated.palette;
in
''
* {
font-size: 14px;
font-family: "Hack Nerd Font";
border-radius: 10;
}
window#waybar {
background-color: transparent;
color: #${palette.base05};
/* border-radius: 20px; */
/* border: 1px solid #${palette.base00}; */
}
tooltip {
background: #${palette.base00};
border: 1px solid #${palette.base05};
border-radius: 10px;
}
tooltip label {
color: #${palette.base05};
}
#workspaces {
background-color: transparent;
margin-top: 0;
margin-bottom: 0;
}
#workspaces button {
background-color: #${palette.base00};
color: #${palette.base05};
border-radius: 10px;
transition: all 0.3s ease;
margin-right: 10;
}
#workspaces button:hover {
box-shadow: inherit;
text-shadow: inherit;
background-color: #${palette.base04};
color: #${palette.base09};
min-width: 30px;
transition: all 0.3s ease;
}
#workspaces button.focused,
#workspaces button.active {
background-color: #${palette.base02};
color: #${palette.base09};
min-width: 30px;
transition: all 0.3s ease;
animation: colored-gradient 10s ease infinite;
}
/* #workspaces button.focused:hover,
#workspaces button.active:hover {
background-color: #${palette.base09};
transition: all 1s ease;
} */
#workspaces button.urgent {
background-color: #${palette.base0F};
color: #${palette.base00};
transition: all 0.3s ease;
}
/* #workspaces button.hidden {} */
#taskbar {
border-radius: 8px;
margin-top: 4px;
margin-bottom: 4px;
margin-left: 1px;
margin-right: 1px;
}
#taskbar button {
color: #${palette.base05};
padding: 1px 8px;
margin-left: 1px;
margin-right: 1px;
}
#taskbar button:hover {
background: transparent;
border: 1px solid #${palette.base02};
border-radius: 8px;
transition: all 0.3s ease;
animation: colored-gradient 10s ease infinite;
}
/* #taskbar button.maximized {} */
/* #taskbar button.minimized {} */
#taskbar button.active {
border: 1px solid #${palette.base02};
border-radius: 8px;
transition: all 0.3s ease;
animation: colored-gradient 10s ease infinite;
}
/* #taskbar button.fullscreen {} */
/* -------------------------------------------------------------------------------- */
#custom-launcher,
/* #window, */
#submap
#mode,
/* #tray, */
#cpu,
#memory,
#backlight,
#window { background-color: #${palette.base02}; }
#pulseaudio.audio { background-color: #${palette.base02}; }
#pulseaudio.microphone,
#network { background-color: #${palette.base02}; }
#bluetooth { background-color: #${palette.base02}; }
#battery { background-color: #${palette.base02}; }
#clock { background-color: #${palette.base02}; }
#custom-powermenu,
#custom-notification {
background-color: transparent;
color: #${palette.base05};
padding: 1px 8px;
margin-top: 5px;
margin-bottom: 5px;
margin-left: 2px;
margin-right: 2px;
border-radius: 20px;
transition: all 0.3s ease;
}
#submap {
background-color: #${palette.base00};
border: 0;
}
/* If workspaces is the leftmost module, omit left margin */
/* .modules-left > widget:first-child > #workspaces, */
.modules-left > widget:first-child > #workspaces button,
.modules-left > widget:first-child > #taskbar button,
.modules-left > widget:first-child > #custom-launcher,
.modules-left > widget:first-child > #window,
.modules-left > widget:first-child > #tray,
.modules-left > widget:first-child > #cpu,
.modules-left > widget:first-child > #memory,
.modules-left > widget:first-child > #backlight,
.modules-left > widget:first-child > #pulseaudio.audio,
.modules-left > widget:first-child > #pulseaudio.microphone,
.modules-left > widget:first-child > #network,
.modules-left > widget:first-child > #bluetooth,
.modules-left > widget:first-child > #battery,
.modules-left > widget:first-child > #clock,
.modules-left > widget:first-child > #custom-powermenu,
.modules-left > widget:first-child > #custom-notification {
margin-left: 5px;
}
/* If workspaces is the rightmost module, omit right margin */
/* .modules-right > widget:last-child > #workspaces, */
/* .modules-right > widget:last-child > #workspaces, */
.modules-right > widget:last-child > #workspaces button,
.modules-right > widget:last-child > #taskbar button,
.modules-right > widget:last-child > #custom-launcher,
.modules-right > widget:last-child > #window,
.modules-right > widget:last-child > #tray,
.modules-right > widget:last-child > #cpu,
.modules-right > widget:last-child > #memory,
.modules-right > widget:last-child > #backlight,
.modules-right > widget:last-child > #pulseaudio.audio,
.modules-right > widget:last-child > #pulseaudio.microphone,
.modules-right > widget:last-child > #network,
.modules-right > widget:last-child > #bluetooth,
.modules-right > widget:last-child > #battery,
.modules-right > widget:last-child > #clock,
.modules-right > widget:last-child > #custom-powermenu,
.modules-right > widget:last-child > #custom-notification {
margin-right: 5px;
}
/* -------------------------------------------------------------------------------- */
#tray {
background-color: #${palette.base00};
padding: 1px 8px;
}
#tray > .passive {
-gtk-icon-effect: dim;
}
#tray > .needs-attention {
-gtk-icon-effect: highlight;
background-color: #${palette.base0F};
}
'';
}

View file

@ -1,14 +0,0 @@
{config, ...}: {
config = {
facter.reportPath = ./facter.json;
system.stateVersion = "23.05";
users.users.root.openssh.authorizedKeys.keys = config.pim.ssh.keys.pim ++ config.pim.ssh.keys.niels;
pim.k3s.serverAddr = "https://jefke.dmz:6443";
deployment = {
targetHost = "atlas";
targetUser = "root";
tags = ["server" "kubernetes"];
};
};
}

File diff suppressed because it is too large Load diff

View file

@ -1,31 +0,0 @@
{
sue = {
system = "x86_64-linux";
nixosModule = import ./sue/configuration.nix;
};
gamepc = {
system = "x86_64-linux";
nixosModule = import ./gamepc/configuration.nix;
};
warwick = {
system = "aarch64-linux";
nixosModule = import ./warwick/configuration.nix;
};
atlas = {
system = "x86_64-linux";
nixosModule = import ./atlas/configuration.nix;
};
jefke = {
system = "x86_64-linux";
nixosModule = import ./jefke/configuration.nix;
};
lewis = {
system = "x86_64-linux";
nixosModule = import ./lewis/configuration.nix;
};
}

View file

@ -1,123 +0,0 @@
{
config,
lib,
...
}: {
config = {
pim = {
cinnamon.enable = true;
sops-nix.usersWithSopsKeys = ["pim"];
};
facter.reportPath = ./facter.json;
home-manager.users.pim.imports = [./pim.home.nix];
programs.steam.enable = true;
system.stateVersion = "24.05";
users.users = {
root.openssh.authorizedKeys.keys = config.pim.ssh.keys.pim;
pim = {
isNormalUser = true;
extraGroups = ["autologin"];
openssh.authorizedKeys.keys = config.pim.ssh.keys.pim;
};
};
deployment = {
targetHost = "gamepc";
targetUser = "root";
tags = ["desktop"];
};
services = {
openssh.enable = true;
xserver.displayManager.lightdm.extraSeatDefaults = ''
autologin-user=pim
'';
sunshine = {
enable = true;
openFirewall = true;
settings = {
sunshine_name = config.networking.hostName;
origin_web_ui_allowed = "wan";
credentials_file = "/home/pim/.config/sunshine/sunshine_credentials.json";
};
};
};
boot.loader.grub = {
enable = true;
efiSupport = true;
efiInstallAsRemovable = true;
};
disko.devices.disk = lib.genAttrs ["0" "1"] (name: {
type = "disk";
device = "/dev/nvme${name}n1";
content = {
type = "gpt";
partitions = {
boot = {
size = "1M";
type = "EF02"; # for grub MBR
};
ESP = {
size = "500M";
type = "EF00";
content = {
type = "mdraid";
name = "boot";
};
};
mdadm = {
size = "100%";
content = {
type = "mdraid";
name = "raid0";
};
};
};
};
});
disko.devices.mdadm = {
boot = {
type = "mdadm";
level = 1;
metadata = "1.0";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
raid0 = {
type = "mdadm";
level = 0;
content = {
type = "gpt";
partitions = {
primary = {
end = "-4G";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
swap = {
size = "100%";
content = {
type = "swap";
};
};
};
};
};
};
};
}

File diff suppressed because it is too large Load diff

View file

@ -1,26 +0,0 @@
{
self,
pkgs,
config,
...
}: {
home = {
username = "pim";
homeDirectory = "/home/pim";
stateVersion = "24.05";
packages = with pkgs.unstable; [
devenv
vlc
handbrake
lutris
];
};
sops = {
defaultSopsFile = "${self}/secrets/gamepc/pim.yaml";
# TODO: should be set automatically?
age.keyFile = "${config.xdg.configHome}/sops/age/keys.txt";
secrets."sunshine_credentials".path = "${config.xdg.configHome}/sunshine/sunshine_credentials.json";
};
}

View file

@ -1,14 +0,0 @@
{config, ...}: {
config = {
pim.k3s.clusterInit = true;
facter.reportPath = ./facter.json;
system.stateVersion = "23.05";
users.users.root.openssh.authorizedKeys.keys = config.pim.ssh.keys.pim ++ config.pim.ssh.keys.niels;
deployment = {
targetHost = "jefke";
targetUser = "root";
tags = ["server" "kubernetes"];
};
};
}

File diff suppressed because it is too large Load diff

View file

@ -1,26 +0,0 @@
{
self,
config,
pkgs,
...
}: {
config = {
facter.reportPath = ./facter.json;
system.stateVersion = "23.05";
users.users.root.openssh.authorizedKeys.keys = config.pim.ssh.keys.pim ++ config.pim.ssh.keys.niels;
sops.defaultSopsFile = "${self}/secrets/lewis/nixos.yaml";
environment.systemPackages = [pkgs.beets];
deployment = {
targetHost = "lewis";
targetUser = "root";
tags = ["server" "kubernetes"];
};
pim = {
k3s.serverAddr = "https://jefke.dmz:6443";
data-sharing.enable = true;
backups.enable = true;
};
};
}

File diff suppressed because it is too large Load diff

View file

@ -1,98 +0,0 @@
{
self,
pkgs,
lib,
inputs,
config,
...
}: {
options = {
pim.cosmic.enable = lib.mkEnableOption "cosmic";
};
config = {
pim = {
lanzaboote.enable = true;
tidal.enable = true;
gnome.enable = true;
stylix.enable = true;
wireguard.enable = true;
compliance.enable = true;
sops-nix.usersWithSopsKeys = ["pim"];
};
users.users.pim = {
isNormalUser = true;
extraGroups = ["wheel" "docker" "input" "wireshark" "dialout"];
};
deployment = {
allowLocalDeployment = true;
targetHost = null;
tags = ["desktop"];
};
facter.reportPath = ./facter.json;
home-manager.users.pim.imports = [./pim.home.nix];
nix.settings.trusted-users = ["pim"];
system.stateVersion = "23.05";
sops.defaultSopsFile = "${self}/secrets/sue/nixos.yaml";
boot.kernelPackages = pkgs.unstable.linuxKernel.packages.linux_6_12;
environment.systemPackages = with pkgs; [
borgbackup
kubectl
nmap
poppler_utils # For pdfunite
silicon
units
];
virtualisation = {
libvirtd.enable = true;
docker = {
enable = true;
rootless = {
enable = true;
setSocketVariable = true;
};
};
};
swapDevices = [{device = "/dev/disk/by-uuid/96a43c35-0174-4e92-81f0-168a5f601f0b";}];
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/31638735-5cc4-4013-8037-17e30edcbb0a";
fsType = "ext4";
};
"/boot" = {
device = "/dev/disk/by-uuid/560E-F8A2";
fsType = "vfat";
options = ["fmask=0022" "dmask=0022"];
};
};
nix.settings = {
substituters = ["https://cosmic.cachix.org/"];
trusted-public-keys = ["cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="];
};
boot.initrd.luks.devices."luks-8ffd3129-4908-4209-98c4-4eb68a35c494".device = "/dev/disk/by-uuid/8ffd3129-4908-4209-98c4-4eb68a35c494";
specialisation.cosmic = lib.mkIf config.pim.cosmic.enable {
configuration = {
imports = [
inputs.nixos-cosmic.nixosModules.default
];
services = {
desktopManager.cosmic.enable = true;
displayManager.cosmic-greeter.enable = true;
};
};
};
};
}

File diff suppressed because it is too large Load diff

View file

@ -1,64 +0,0 @@
{
self,
pkgs,
config,
...
}: {
config = {
pim = {
tidal.enable = true;
gnome.enable = true;
vscode.enable = true;
syncthing.enable = true;
neovim.enable = true;
firefox.enable = true;
};
programs.chromium.enable = true;
home = {
username = "pim";
homeDirectory = "/home/pim";
stateVersion = "23.05";
};
sops = {
defaultSopsFile = "${self}/secrets/sue/pim.yaml";
age.keyFile = "${config.xdg.configHome}/sops/age/keys.txt";
secrets."keepassxc".path = "${config.xdg.configHome}/keepassxc/keepassxc.ini";
};
home.packages =
(with pkgs; [
jellyfin-media-player
virt-manager
bottles-unwrapped
feishin
])
++ (with pkgs.unstable; [
attic-client
dbeaver-bin
devenv
gimp
hexchat
impression
insomnia
keepassxc
krita
libreoffice
# logseq # Has insecure electron dependency
moonlight-qt
nicotine-plus
qFlipper
signal-desktop
strawberry
telegram-desktop
vlc
vorta
wireshark
# nheko # Has insecure olm dependency
handbrake
redfishtool
]);
};
}

View file

@ -1,39 +0,0 @@
{
lib,
config,
inputs,
...
}: {
imports = [inputs.nixos-hardware.nixosModules.raspberry-pi-4];
config = {
pim = {
tailscale.advertiseExitNode = true;
prometheus.enable = true;
};
facter.reportPath = ./facter.json;
system.stateVersion = "23.05";
systemd.network.networks."30-main-nic" = {
matchConfig.Name = lib.mkForce "end*";
networkConfig.IPv6AcceptRA = true;
};
deployment = {
targetHost = "warwick";
targetUser = "root";
tags = ["server"];
buildOnTarget = true;
};
boot.loader.systemd-boot.enable = lib.mkForce false;
users.users.root.openssh.authorizedKeys.keys = config.pim.ssh.keys.pim ++ config.pim.ssh.keys.niels;
fileSystems."/" = {
device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4";
options = ["noatime"];
};
};
}

File diff suppressed because it is too large Load diff

View file

@ -1,9 +1,4 @@
{
config,
lib,
inputs,
...
}: {
{ config, lib, inputs, ... }: {
imports = [
inputs.lanzaboote.nixosModules.lanzaboote
];

View file

@ -1,18 +0,0 @@
inputs @ {
nixpkgs,
self,
...
}: {
nixosConfigurations = nixpkgs.lib.mapAttrs (name: {
system,
nixosModule,
}:
nixpkgs.lib.nixosSystem {
inherit system;
modules = [./nixos nixosModule];
specialArgs = {
inherit inputs system self;
};
}) (import ./machines);
}

View file

@ -1,94 +0,0 @@
{
pkgs,
lib,
config,
...
}: let
cfg = config.pim.backups;
borgmaticConfig = pkgs.writeTextFile {
name = "borgmatic-config.yaml";
text = lib.generators.toYAML {} {
source_directories = ["/mnt/longhorn/persistent/longhorn-backup"];
repositories = [
{
path = cfg.repoLocation;
label = "nfs";
}
{
path = "ssh://s6969ym3@s6969ym3.repo.borgbase.com/./repo";
label = "borgbase";
}
];
ssh_command = "${pkgs.openssh}/bin/ssh -i ${config.sops.secrets."borg/borgbasePrivateKey".path} -o StrictHostKeychecking=no";
keep_daily = 7;
keep_weekly = 4;
keep_monthly = 12;
keep_yearly = -1;
encryption_passcommand = "${pkgs.coreutils}/bin/cat ${config.sops.secrets."borg/borgPassphrase".path}";
};
};
in {
options.pim.backups = {
enable = lib.mkOption {
default = false;
type = lib.types.bool;
description = ''
Whether to enable backups of persistent data on this machine.
'';
};
repoLocation = lib.mkOption {
default = "/mnt/longhorn/persistent/nfs.borg";
type = lib.types.str;
description = ''
Location of the Borg repository to back up to.
'';
};
};
config = lib.mkIf cfg.enable {
environment.systemPackages = with pkgs; [borgbackup];
# Converted from:
# https://github.com/borgmatic-collective/borgmatic/tree/84823dfb912db650936e3492f6ead7e0e0d32a0f/sample/systemd
systemd.services.borgmatic = {
description = "borgmatic backup";
wants = ["network-online.target"];
after = ["network-online.target"];
unitConfig.ConditionACPower = true;
preStart = "${pkgs.coreutils}/bin/sleep 10s";
serviceConfig = {
Type = "oneshot";
Nice = 19;
CPUSchedulingPolicy = "batch";
IOSchedulingClass = "best-effort";
IOSchedulingPriority = 7;
IOWeight = 100;
Restart = "no";
LogRateLimitIntervalSec = 0;
Environment = "BORG_PASSPHRASE_FILE=${config.sops.secrets."borg/borgPassphrase".path}";
};
script = "${pkgs.systemd}/bin/systemd-inhibit --who=\"borgmatic\" --what=\"sleep:shutdown\" --why=\"Prevent interrupting scheduled backup\" ${pkgs.borgmatic}/bin/borgmatic --verbosity -2 --syslog-verbosity 1 -c ${borgmaticConfig}";
};
systemd.timers.borgmatic = {
description = "Run borgmatic backup";
wantedBy = ["timers.target"];
timerConfig = {
OnCalendar = "*-*-* 3:00:00";
Persistent = true;
RandomizedDelaySec = "1h";
};
};
sops.secrets = {
"borg/borgPassphrase" = {};
"borg/borgbasePrivateKey" = {};
};
};
}

View file

@ -1,24 +0,0 @@
{
pkgs,
config,
lib,
...
}: let
cfg = config.pim.cinnamon;
in {
options.pim.cinnamon.enable = lib.mkEnableOption "cinnamon";
config = lib.mkIf cfg.enable {
services = {
displayManager.defaultSession = "cinnamon";
libinput.enable = true;
xserver = {
desktopManager.cinnamon.enable = true;
displayManager.lightdm.enable = true;
};
};
environment.cinnamon.excludePackages = [
pkgs.gnome-terminal
];
};
}

View file

@ -1,14 +0,0 @@
{
config,
lib,
...
}: let
cfg = config.pim.compliance;
in {
options.pim.compliance.enable = lib.mkEnableOption "compliance";
config = lib.mkIf cfg.enable {
services.clamav = {
daemon.enable = true;
};
};
}

View file

@ -1,47 +0,0 @@
{
lib,
config,
...
}: let
cfg = config.pim.data-sharing;
nfsShares = [
"/mnt/longhorn/persistent/media"
"/mnt/longhorn/persistent/media/books"
"/mnt/longhorn/persistent/media/movies"
"/mnt/longhorn/persistent/media/music"
"/mnt/longhorn/persistent/media/shows"
"/mnt/longhorn/persistent/longhorn-backup"
];
nfsExports = lib.strings.concatLines (
builtins.map
(
share: "${share} 192.168.30.0/16(rw,sync,no_subtree_check,no_root_squash) 127.0.0.1/8(rw,sync,no_subtree_check,no_root_squash) 10.0.0.0/8(rw,sync,no_subtree_check,no_root_squash)"
)
nfsShares
);
in {
options.pim.data-sharing = {
enable = lib.mkOption {
default = false;
type = lib.types.bool;
description = ''
Configure this server to serve our data using NFS.
'';
};
};
config = lib.mkIf cfg.enable {
networking.firewall.allowedTCPPorts = [
2049 # NFS
111 # NFS
20048 # NFS
];
services.nfs.server = {
enable = true;
exports = nfsExports;
};
};
}

View file

@ -1,209 +0,0 @@
{
pkgs,
config,
lib,
inputs,
self,
name,
...
}: {
imports = [
inputs.home-manager.nixosModules.home-manager
inputs.nixos-facter-modules.nixosModules.facter
inputs.disko.nixosModules.disko
inputs.sops-nix.nixosModules.sops
inputs.nix-snapshotter.nixosModules.nix-snapshotter
./lanzaboote.nix
./tidal.nix
./stylix.nix
./wireguard.nix
./gnome.nix
./compliance.nix
./cinnamon.nix
./ssh.nix
./desktop.nix
./server.nix
./prometheus.nix
./kubernetes
./data-sharing.nix
./backups.nix
];
options = {
pim.sops-nix = {
colmenaSopsFile = lib.mkOption {
type = lib.types.path;
default = "${self}/secrets/${name}/colmena.yaml";
};
usersWithSopsKeys = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = lib.optional (! config.deployment.allowLocalDeployment) "root";
};
};
};
config = {
time.timeZone = "Europe/Amsterdam";
hardware.pulseaudio.enable = false;
sops.age.keyFile = "/root/.config/sops/age/keys.txt";
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = let
extraLocale = "nl_NL.UTF-8";
in {
LC_ADDRESS = extraLocale;
LC_IDENTIFICATION = extraLocale;
LC_MEASUREMENT = extraLocale;
LC_MONETARY = extraLocale;
LC_NAME = extraLocale;
LC_NUMERIC = extraLocale;
LC_PAPER = extraLocale;
LC_TELEPHONE = extraLocale;
LC_TIME = extraLocale;
};
};
deployment.keys = lib.pipe config.pim.sops-nix.usersWithSopsKeys [
(lib.map (
user: let
homeDirectory =
if user == "root"
then "/root"
else "/home/${user}";
sopsFile = config.pim.sops-nix.colmenaSopsFile;
in {
name = "${user}-sops-age";
value = {
keyCommand = ["nix" "run" "nixpkgs#sops" "--" "--extract" "[\"sops_nix_keys\"][\"${user}\"]" "-d" (builtins.toString sopsFile)];
name = "keys.txt";
destDir = "${homeDirectory}/.config/sops/age";
inherit user;
group = "users";
};
}
))
builtins.listToAttrs
];
systemd = {
services.NetworkManager-wait-online.enable = lib.mkForce false;
network.wait-online.enable = lib.mkForce false;
};
services = {
xserver.excludePackages = [pkgs.xterm];
printing.drivers = [pkgs.hplip pkgs.gutenprint];
tailscale.enable = true;
pipewire = {
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
};
};
environment = {
systemPackages = with pkgs; [
age
btop
btrfs-progs
curl
dig
exfat
f3
fastfetch
file
git
jq
ripgrep
sbctl
tree
vim
wget
yq
ncdu
lshw
sops
];
};
system.activationScripts.diff = ''
if [[ -e /run/current-system ]]; then
${pkgs.nix}/bin/nix store diff-closures /run/current-system "$systemConfig"
fi
'';
security = {
rtkit.enable = true;
sudo.extraConfig = ''
Defaults timestamp_timeout=30
'';
};
nix = {
package = pkgs.nixVersions.stable;
extraOptions = ''
experimental-features = nix-command flakes
'';
gc = {
automatic = true;
persistent = true;
dates = "weekly";
options = "--delete-older-than 7d";
};
};
networking = {
hostName = name;
useDHCP = lib.mkDefault true;
networkmanager.unmanaged = lib.mkIf config.services.tailscale.enable ["tailscale0"];
wireless.extraConfig = ''
p2p_disabled=1
'';
};
nixpkgs = {
# hostPlatform = lib.mkDefault "x86_64-linux";
config = {
allowUnfreePredicate = pkg:
builtins.elem (lib.getName pkg) [
"libfprint-2-tod1-goodix"
"steam"
"steam-original"
"steam-run"
"steam-unwrapped"
];
};
overlays = [
inputs.nur.overlay
(final: _prev: {
unstable = import inputs.nixpkgs-unstable {
inherit (pkgs) system;
config.allowUnfree = true;
};
})
];
};
boot.kernel.sysctl = {
"net.core.default_qdisc" = "fq";
"net.ipv4.tcp_congestion_control" = "bbr";
};
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
extraSpecialArgs = {inherit self inputs;};
sharedModules = ["${self}/home-manager"];
};
};
}

View file

@ -1,20 +0,0 @@
{
lib,
config,
...
}: {
config = lib.mkIf (builtins.elem "desktop" config.deployment.tags) {
programs.ssh.startAgent = true;
services = {
xserver.enable = true;
printing.enable = true;
pipewire.enable = true;
tailscale = {
useRoutingFeatures = "client";
extraSetFlags = ["--accept-routes"];
};
};
};
}

View file

@ -1,54 +0,0 @@
{
pkgs,
config,
lib,
...
}: let
cfg = config.pim.gnome;
in {
options.pim.gnome.enable = lib.mkEnableOption "gnome";
config = lib.mkIf cfg.enable {
services = {
gnome.gnome-keyring.enable = lib.mkForce false;
xserver = {
desktopManager.gnome.enable = true;
displayManager.gdm.enable = true;
};
};
environment = {
systemPackages =
[
pkgs.gnome-shell-extensions
]
++ (with pkgs.gnomeExtensions; [
pop-shell
window-is-ready-remover
random-wallpaper
workspaces-indicator-by-open-apps
])
++ lib.optional config.services.tailscale.enable pkgs.gnomeExtensions.tailscale-status;
gnome.excludePackages = with pkgs; [
epiphany
gnome-connections
gnome-console
gnome-tour
geary
gnome-calendar
gnome-clocks
gnome-contacts
gnome-font-viewer
gnome-logs
gnome-maps
gnome-music
seahorse
totem
yelp
gnome-weather
];
};
};
}

View file

@ -1,17 +0,0 @@
{
lib,
config,
...
}: {
imports = [
./k3s
./storage.nix
];
config = lib.mkIf (builtins.elem "kubernetes" config.deployment.tags) {
pim = {
k3s.enable = true;
hasK8sStorageSetup = true;
};
};
}

View file

@ -1,20 +0,0 @@
{kubenix, ...}: {
imports = [kubenix.modules.k8s];
kubernetes.resources.clusterRoleBindings.cluster-admins = {
roleRef = {
apiGroup = "rbac.authorization.k8s.io";
kind = "ClusterRole";
name = "cluster-admin";
};
subjects = [
{
kind = "User";
name = "pim";
}
{
kind = "User";
name = "niels";
}
];
};
}

View file

@ -1,81 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIDZjCCAU6gAwIBAgIIK1UyUU0zJ3cwDQYJKoZIhvcNAQELBQAwKTEnMCUGA1UE
AwweazNzLWludGVybWVkaWF0ZS1jYUAxNzE1MjU3ODEzMB4XDTI0MDUwOTEyMzAy
MFoXDTQ0MDEyNTEyMzAyMFowIzEhMB8GA1UEAwwYazNzLWNsaWVudC1jYUAxNzE1
MjU3ODEzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEBB8Y6sNAW10pxocoKo71
BTJXo7gwFSxotKxht5rinAmpvVEZnRlIDcjtdRZ0mqTT3I8SXrhGtWjdTP37cmM1
/KNjMGEwHQYDVR0OBBYEFA0aYftOY6QKQhCiWi2U3JEkGfqJMB8GA1UdIwQYMBaA
FPr9VQZaChg8JC0u+mpfJyqQvjdiMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/
BAQDAgKkMA0GCSqGSIb3DQEBCwUAA4ICAQDDGSh4gVbI5zjCrHn4yFt/XdGq1MML
8wJf2UvRCddQULwhuWae21P5i6cGks3v3Yqd9h+uZJ2JKl6heChuq1/vZBQ9Y31G
LuRvaGdJnzgu2S1UQMUbkc39lgJf8j20XMK4NsIOP1N3rU5i5htEzjMsi9MtiabO
yjC9fzYXVW0j5uTi14swYG9ESKPJ7WQ1nETWWRiBrs4IlPRq3jIVOJTBAHxWjMtg
96zfvqK+jgH+rx3QolwiwV7ai0D1RbCvGoOhkoQcy506SztdlNRXfGpAbcXFJ+uP
esw9xLilIjF4o42Ga9uizBGjbk/gyN4r4lZ6ojSXGKDczcQxM6i2bGRvn96KbK/R
o0gbsb56niVt1ZQDCuYdOs3B9JlrQeZaeCUypx/UbAoYnVy1FECj0OcPDI69Es60
wHjyp3EAOTJ/gSiUhdvDjwUYT2klP0d+GvsXWbPAcqJJJS8SuVhXIZZfZW5e7Cbn
+TwO3omtxg6b7Wh7QWTUajWtmLjFSoP0MlOp56u9U5R0rfNDG5mrV4gCh0QTNyzt
+CEIC8fHDUUDAphJnirYLZszzmg14vNQUR2gm3T9/j7XYHtmzrWA7eT2pk6h1HQz
yJwoW2EsGyT6GELjztXQN+lWlBqW05cedkMsGnfym2A4Y06MaUwjNmTA3kiAoUUr
Z6PMef1lNVlmUA==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFLzCCAxegAwIBAgIIK1UyUU0zJ3YwDQYJKoZIhvcNAQELBQAwITEfMB0GA1UE
AwwWazNzLXJvb3QtY2FAMTcxNTI1NzgxMzAeFw0yNDA1MDkxMjMwMjBaFw00NDAx
MjUxMjMwMjBaMCkxJzAlBgNVBAMMHmszcy1pbnRlcm1lZGlhdGUtY2FAMTcxNTI1
NzgxMzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMZQkDW8ULwu2iUP
ZeXf+v3alHj6MQioEebJqe8ZaCFwyzQuz6VgyJIkxc0qUtvAuan2WVek22+EqLnk
uQfmEgsfuWwHt8n69SGMqZ3SA+sH5eZt+KTGEWUNzyIFZumtNgsRkeJmF+oX5QQ4
yVWqclLrEaYkfPAr0+pf5CPugY51G8v4ezuYU4wFPjXfja4ewZj9Otpmn+X/18OS
TkSMfKG6SoY6hQPoq0rqe/C9BdilWX79C6+2Hw3fs+jzXWPaq7hkRjYEzzBPSzNW
aDl4lYQi/70wZYC85LC0J0VW0NrbrgmxieMmATnTuQAb3Ud4iQGGlqUUV7pgJO/A
vywHNR+V6xyBV2riHloy50jVkQ2ecbdqYlWn89S2Yanca/DvEYm1URWroDvhtTsm
3QPHC/Y5B04+qBaGZif7PayvRWE1WM5h130jpeTEGRRhQ7e1hM+0rvP8gyBEMiFE
HhyYGFBJ4SmZu5kbSGVQNXwS9/F9Tm47yEFEKuMQ0eFw5OASVXX4sglT/5kn8/h0
N6EyrFMgXAo4wyCJ/m3q8ngG9VLcz+vcbSBMtt8cWxs5LyhDvK06oPsy+aGq74Pb
ripTJHysnueCqG51jC/My/vL1TAXQH8kAsz2hHFnqi5LqvY2dpeHqPa4N/9oi7i5
IN7hw1+9kD5zO6mYMnaEQnEiYLVRAgMBAAGjYzBhMB0GA1UdDgQWBBT6/VUGWgoY
PCQtLvpqXycqkL43YjAfBgNVHSMEGDAWgBTLIkPmeEX9fvysxUa/HvlxbPKG2TAP
BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwICpDANBgkqhkiG9w0BAQsFAAOC
AgEAE4Z9is2j6K6Kk7BvDbDjW83Gew7TIIP8kTC0jZIu1loV2K8YOnmhKjer7XN5
VpcABZ2GOzKw0syN+Z+l54az/dnp1m81MlFhUoZCiNdIDjNwSOJuF/PuBszpODcy
P6LapwD52T0WH7HyUC1Grm84Bvmzwf87rpt29PBgRyt1ZPRgOCD96RvCH9v8/jWx
KkxrtjYpsje7SIagepWEsu4w+ZXMSCsJejj4bqH/mFpkUNGDSu+kgiHh2RXHSqTx
W1ZLHoz243vFyv1wrH1hFpZfEaOxa17zGEn8kdOXcRqkPMOEokKVrbjmv334SeE6
36eWyFtcbrFLWES6wKw4/KLWEzBAuGWz+ujoy9G7ahpylJGTMk74+/njqLbgrOcR
dQom/UAoynkUY+U0Rj7bW1rYpxcjimpTPGyXsJ9AGz4nYtOwQEpQ441/nPxH6hAY
i7tODC4YSbP+HH8aGIkb+oSMExVnHLeypjUcbQWPLQ940p0bLIUu378yl62N9dOC
1JYW68PslezrIN/YViAF9aW7CxxI9mJQeGZlO8+4gpUTLkHX7vLws9GK2giCbvEY
JXnrtd3C2sY8BmP5Ps6hQKd//NyT0D+mIhOmoNXaTufvWSdRdWjgClcdNtEqk88E
XPWn6g0sW7r1usZQCms+bDSmO88ZZ0SDOg+Yw76pBHRAkAo=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFMzCCAxugAwIBAgIUVmq/U/xnr7TE0GqtUK9fdm6ClgAwDQYJKoZIhvcNAQEL
BQAwITEfMB0GA1UEAwwWazNzLXJvb3QtY2FAMTcxNTI1NzgxMzAeFw0yNDA1MDkx
MjMwMThaFw00NDA1MDQxMjMwMThaMCExHzAdBgNVBAMMFmszcy1yb290LWNhQDE3
MTUyNTc4MTMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDAcIqRzsAP
tWnAxd3nkSyVutRe1gYGe4cqYExgwn6JLi34/ENZ8PTkUTA7crZ9okm66vn8Wcot
RCIrIQV/4FoQBKnTQgCv0TRaA59TyvLiES1W9EaFOpggrIz5TKx06DN+UhxhEOeQ
OaYpBfigVzODv3qw5+7V10a/9QErpy4PDv915zAO3fu6n/9Y3OJxpzb3vVwfQpLd
6vMl4o13gZq3Tp17DJ3pbs3RT1TMYiECCLEhuEgML9dXVFdW5HNcdiGx9mepzwcw
qyrlD4BufIJ9K6PPu3Ppp1311y0acvTLgYuRUBl9qOlrsMv0rS/7XcNEG6b9Vg+T
1s38y9FJIbtIwvLBlKPonfMatem2bkGcijlf7LHlkDmCd0GLsQtvklwzGPPa2lg9
bCB909ivzRWtSW1ba0kLaQUbCJG7yRH/nqE+fA72IlUzxN01AvXUFtq7Hi3cw2Yc
zyyVk8IRRJLYq9EjFy8+14e1QAWCP4M4RbGLSRb53aVcOWm22KFyczaDg+NnnHtB
ASS6ODfYEeAujVj7tq90IPspT6ewPaZ91qRSanr2lABkEEEaX58ErQ6G2g4yuQLQ
8pzXX9v1crCIWGsclx77a5CV599loKcZOIIxT4e1u7Dhy0EQD0yX1tru3XaVkdP/
TyidJLH2GS5MJ1vLuY7ezrocZJUrkSZOIwIDAQABo2MwYTAdBgNVHQ4EFgQUyyJD
5nhF/X78rMVGvx75cWzyhtkwHwYDVR0jBBgwFoAUyyJD5nhF/X78rMVGvx75cWzy
htkwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAqQwDQYJKoZIhvcNAQEL
BQADggIBAEM7KOB7myKORjA+smmMHXeHrfWMtS5R1mlp+JFeEZaMks6ktsicynRQ
PdD49F8Kk35XtB97sfNeM0/csIngq9ES0xhRvDbfEq68edFUUD/WpyPYIFjd1MGf
MiIbOYZSVG60xOJSFgE7f+ymK6XTwd61PRojNyIvb+2lVASKT//aWMlHU1ox+2rx
kihi0YJHH8yKhFyps4oJQyW7f+0NFfy2rknvLP55EIKiLCFPHmh636vx+bJ8AbUY
j96VEN96KqZE6YTygqHmYz5n/Vl9FibOBN1hQmHwyBy6mJI8Q0RxS4PMsxSEwKoE
H5RdpAdYPF4F23gsN0rbIFzEmgwXMnJkKPgGEIMniTHcKIEjSPTPnLWScQynqRu0
jpNXpgJ9N22sRFAzJWAaB+67YSwymClOzzAe18A7lwBrQRFZldR+GYjpywBNVI0R
G8WVmyOcQCqNeycwED+z2UvRJcGR1yxkZFDhJjcV/kLbvQQj9zNRpS8cEHWyqXZ0
RYqQMvYebLwydDkmZ9e73NaJPFTtWciFUzzxfDid9Ql6C1sMFURl4XxBthUXNH6+
09T9IIivtoyHV+EWPo/9yr3cO+4B18PXJv3vlmFf1PGOGjpzNLnOxiPU+fDEmAhm
KasQJscK9c2FT6/6XnJjdOnyvgTBlLM7UrZ+9M0icf8vQSVjDudq
-----END CERTIFICATE-----

View file

@ -1,81 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIDaTCCAVGgAwIBAgIIK1UyUU0zJ3owDQYJKoZIhvcNAQELBQAwKTEnMCUGA1UE
AwweazNzLWludGVybWVkaWF0ZS1jYUAxNzE1MjU3ODEzMB4XDTI0MDUwOTEyMzAy
MFoXDTQ0MDEyNTEyMzAyMFowJjEkMCIGA1UEAwwbazNzLWV0Y2QtcGVlci1jYUAx
NzE1MjU3ODEzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEnl/F0abKbhtunsAE
gFB/NapdHORdwEku2AlLLFZuBTWTm7bDPV6aL/QrSlqKOscrh0WqCJMAy+OrC3Uz
MgKgQKNjMGEwHQYDVR0OBBYEFH8weUS7ylk6JshWGj/UTH3vt/L6MB8GA1UdIwQY
MBaAFPr9VQZaChg8JC0u+mpfJyqQvjdiMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgKkMA0GCSqGSIb3DQEBCwUAA4ICAQASumDCrfrfm9AAjCou3V1YEbZA
bM20GyWfFHIWzZOtCyKJQt0oOr2tXXv8RwsG0qWeVU7C0CeGUEhF8IFe/O01idWT
wv8Fiatugen6gx2ufawyEv4ATW3tPAizt+r4eZz0euYntGevPx2iM1R5xEcaNj01
kRiydyeP/m1C+uEXTCemIcP0vC67UE5OFBntjub7+K5h+iFApt/3MpdAW51GSDZn
t+EgaMa98ozHhTRWpA0QlmbDzQLX8hIALvFvzqyJcUHSoVeJEo0J25IXi7mJKQP3
kTG/1WjEXlZ2LUfWtBRlhfgxjdupLTULdOpHY3E0Zl5K7gBvDayMcrdcGNIgJ0iJ
qMRfB30Qwa1Hypgio5GOi4aOEyE3dNQke+M8UtI1oMXCyPeLTBMoc7rzZii0AnwD
5IuT4Uwx8SMHBuBPlU6TVe4UsChaw+k7kPDAWJ9yULW4x4o/zHQB/opjWMSpQqc0
nrBfFEhgFyUbwYnGutfEczwhxPlDhdICKPK2bO5dh6LEPohvmoXVks6Dp98Ha371
61/1ZLsMqO8spMrzlkONdSjZmoyFSIWiUivzXcnGVyiuSqYEbRokgoKg1mv61c3x
lcw7ChGafWws1odaHV0A6nXf7G5+K3I6wnKW5601GwrAiQVgEba8x290WWun4k8d
USo2/Dqkd9+wVScQHw==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFLzCCAxegAwIBAgIIK1UyUU0zJ3YwDQYJKoZIhvcNAQELBQAwITEfMB0GA1UE
AwwWazNzLXJvb3QtY2FAMTcxNTI1NzgxMzAeFw0yNDA1MDkxMjMwMjBaFw00NDAx
MjUxMjMwMjBaMCkxJzAlBgNVBAMMHmszcy1pbnRlcm1lZGlhdGUtY2FAMTcxNTI1
NzgxMzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMZQkDW8ULwu2iUP
ZeXf+v3alHj6MQioEebJqe8ZaCFwyzQuz6VgyJIkxc0qUtvAuan2WVek22+EqLnk
uQfmEgsfuWwHt8n69SGMqZ3SA+sH5eZt+KTGEWUNzyIFZumtNgsRkeJmF+oX5QQ4
yVWqclLrEaYkfPAr0+pf5CPugY51G8v4ezuYU4wFPjXfja4ewZj9Otpmn+X/18OS
TkSMfKG6SoY6hQPoq0rqe/C9BdilWX79C6+2Hw3fs+jzXWPaq7hkRjYEzzBPSzNW
aDl4lYQi/70wZYC85LC0J0VW0NrbrgmxieMmATnTuQAb3Ud4iQGGlqUUV7pgJO/A
vywHNR+V6xyBV2riHloy50jVkQ2ecbdqYlWn89S2Yanca/DvEYm1URWroDvhtTsm
3QPHC/Y5B04+qBaGZif7PayvRWE1WM5h130jpeTEGRRhQ7e1hM+0rvP8gyBEMiFE
HhyYGFBJ4SmZu5kbSGVQNXwS9/F9Tm47yEFEKuMQ0eFw5OASVXX4sglT/5kn8/h0
N6EyrFMgXAo4wyCJ/m3q8ngG9VLcz+vcbSBMtt8cWxs5LyhDvK06oPsy+aGq74Pb
ripTJHysnueCqG51jC/My/vL1TAXQH8kAsz2hHFnqi5LqvY2dpeHqPa4N/9oi7i5
IN7hw1+9kD5zO6mYMnaEQnEiYLVRAgMBAAGjYzBhMB0GA1UdDgQWBBT6/VUGWgoY
PCQtLvpqXycqkL43YjAfBgNVHSMEGDAWgBTLIkPmeEX9fvysxUa/HvlxbPKG2TAP
BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwICpDANBgkqhkiG9w0BAQsFAAOC
AgEAE4Z9is2j6K6Kk7BvDbDjW83Gew7TIIP8kTC0jZIu1loV2K8YOnmhKjer7XN5
VpcABZ2GOzKw0syN+Z+l54az/dnp1m81MlFhUoZCiNdIDjNwSOJuF/PuBszpODcy
P6LapwD52T0WH7HyUC1Grm84Bvmzwf87rpt29PBgRyt1ZPRgOCD96RvCH9v8/jWx
KkxrtjYpsje7SIagepWEsu4w+ZXMSCsJejj4bqH/mFpkUNGDSu+kgiHh2RXHSqTx
W1ZLHoz243vFyv1wrH1hFpZfEaOxa17zGEn8kdOXcRqkPMOEokKVrbjmv334SeE6
36eWyFtcbrFLWES6wKw4/KLWEzBAuGWz+ujoy9G7ahpylJGTMk74+/njqLbgrOcR
dQom/UAoynkUY+U0Rj7bW1rYpxcjimpTPGyXsJ9AGz4nYtOwQEpQ441/nPxH6hAY
i7tODC4YSbP+HH8aGIkb+oSMExVnHLeypjUcbQWPLQ940p0bLIUu378yl62N9dOC
1JYW68PslezrIN/YViAF9aW7CxxI9mJQeGZlO8+4gpUTLkHX7vLws9GK2giCbvEY
JXnrtd3C2sY8BmP5Ps6hQKd//NyT0D+mIhOmoNXaTufvWSdRdWjgClcdNtEqk88E
XPWn6g0sW7r1usZQCms+bDSmO88ZZ0SDOg+Yw76pBHRAkAo=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFMzCCAxugAwIBAgIUVmq/U/xnr7TE0GqtUK9fdm6ClgAwDQYJKoZIhvcNAQEL
BQAwITEfMB0GA1UEAwwWazNzLXJvb3QtY2FAMTcxNTI1NzgxMzAeFw0yNDA1MDkx
MjMwMThaFw00NDA1MDQxMjMwMThaMCExHzAdBgNVBAMMFmszcy1yb290LWNhQDE3
MTUyNTc4MTMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDAcIqRzsAP
tWnAxd3nkSyVutRe1gYGe4cqYExgwn6JLi34/ENZ8PTkUTA7crZ9okm66vn8Wcot
RCIrIQV/4FoQBKnTQgCv0TRaA59TyvLiES1W9EaFOpggrIz5TKx06DN+UhxhEOeQ
OaYpBfigVzODv3qw5+7V10a/9QErpy4PDv915zAO3fu6n/9Y3OJxpzb3vVwfQpLd
6vMl4o13gZq3Tp17DJ3pbs3RT1TMYiECCLEhuEgML9dXVFdW5HNcdiGx9mepzwcw
qyrlD4BufIJ9K6PPu3Ppp1311y0acvTLgYuRUBl9qOlrsMv0rS/7XcNEG6b9Vg+T
1s38y9FJIbtIwvLBlKPonfMatem2bkGcijlf7LHlkDmCd0GLsQtvklwzGPPa2lg9
bCB909ivzRWtSW1ba0kLaQUbCJG7yRH/nqE+fA72IlUzxN01AvXUFtq7Hi3cw2Yc
zyyVk8IRRJLYq9EjFy8+14e1QAWCP4M4RbGLSRb53aVcOWm22KFyczaDg+NnnHtB
ASS6ODfYEeAujVj7tq90IPspT6ewPaZ91qRSanr2lABkEEEaX58ErQ6G2g4yuQLQ
8pzXX9v1crCIWGsclx77a5CV599loKcZOIIxT4e1u7Dhy0EQD0yX1tru3XaVkdP/
TyidJLH2GS5MJ1vLuY7ezrocZJUrkSZOIwIDAQABo2MwYTAdBgNVHQ4EFgQUyyJD
5nhF/X78rMVGvx75cWzyhtkwHwYDVR0jBBgwFoAUyyJD5nhF/X78rMVGvx75cWzy
htkwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAqQwDQYJKoZIhvcNAQEL
BQADggIBAEM7KOB7myKORjA+smmMHXeHrfWMtS5R1mlp+JFeEZaMks6ktsicynRQ
PdD49F8Kk35XtB97sfNeM0/csIngq9ES0xhRvDbfEq68edFUUD/WpyPYIFjd1MGf
MiIbOYZSVG60xOJSFgE7f+ymK6XTwd61PRojNyIvb+2lVASKT//aWMlHU1ox+2rx
kihi0YJHH8yKhFyps4oJQyW7f+0NFfy2rknvLP55EIKiLCFPHmh636vx+bJ8AbUY
j96VEN96KqZE6YTygqHmYz5n/Vl9FibOBN1hQmHwyBy6mJI8Q0RxS4PMsxSEwKoE
H5RdpAdYPF4F23gsN0rbIFzEmgwXMnJkKPgGEIMniTHcKIEjSPTPnLWScQynqRu0
jpNXpgJ9N22sRFAzJWAaB+67YSwymClOzzAe18A7lwBrQRFZldR+GYjpywBNVI0R
G8WVmyOcQCqNeycwED+z2UvRJcGR1yxkZFDhJjcV/kLbvQQj9zNRpS8cEHWyqXZ0
RYqQMvYebLwydDkmZ9e73NaJPFTtWciFUzzxfDid9Ql6C1sMFURl4XxBthUXNH6+
09T9IIivtoyHV+EWPo/9yr3cO+4B18PXJv3vlmFf1PGOGjpzNLnOxiPU+fDEmAhm
KasQJscK9c2FT6/6XnJjdOnyvgTBlLM7UrZ+9M0icf8vQSVjDudq
-----END CERTIFICATE-----

View file

@ -1,81 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIDazCCAVOgAwIBAgIIK1UyUU0zJ3swDQYJKoZIhvcNAQELBQAwKTEnMCUGA1UE
AwweazNzLWludGVybWVkaWF0ZS1jYUAxNzE1MjU3ODEzMB4XDTI0MDUwOTEyMzAy
MFoXDTQ0MDEyNTEyMzAyMFowKDEmMCQGA1UEAwwdazNzLWV0Y2Qtc2VydmVyLWNh
QDE3MTUyNTc4MTMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARjDMY4U81p+y3C
k+g4MloNceEQ0+TKbnGc0xlGmJBXXKqB6zrolIdv/J9GABZ9eIUGEs8Xw0E4VEPM
l2iFGyoOo2MwYTAdBgNVHQ4EFgQUm/3f0yXxqbgLmU4a+H2QMavLUX0wHwYDVR0j
BBgwFoAU+v1VBloKGDwkLS76al8nKpC+N2IwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
HQ8BAf8EBAMCAqQwDQYJKoZIhvcNAQELBQADggIBADcxOaGyetgWEqo5BqNZd9X6
6Lj3rJZTYBmAJeISscG/Dwnv0MmRWw911zmRhikEu8jmLiGMQZUwFD1KoJ6Z/D2M
0Iqk87Ur4aS+mw2Yc60QatkZ2D1XBhrzk3gMaCtWMQBRiexA4qvaw8qlDkDR2eW9
wyks+WsD6Am1Vb/9k7fIfDR1KkScpl07fAMil73URy+KNDZ6r8hW3xZulvZd5IWp
g2px4A+i4eUbevBU1xljpXjP5lrEqoApk5YQDlHHKARszWlQC9PbvyiRRn8dH69m
mC0cdt5tSWWT49bCRtfigoejeFr8SaYzDuvR4Wb31CgbH+qVZADfgggE1N6pQCsY
w+b8xvoZGAcKEWAlX3J159Rc1mV9HRCEzaGEt5kgJuPFyJUXCjQzrKTADOawFxGb
IYeKcmUJuJG0yDkYb5lNa5fv02PAqXVM+Wz+YpFryHRphKt/gGLlhg1HyqnLVowi
UhlRyPLj9XG8PH1ZRVF6/havkg9H78voMXdFMcotIF34wSP5k/wsDjmgsvuLUIek
ryImLiMuJT5sTM/xVdLT2B9cJrFz4XIAFV209PvIldDDp1ySsh7Tz8fWHdCjvd5o
8FTAcyBW72mpS5WP+FUnq0mgpHp9HrLCC3q4AQ7juJszD1PExGNW710rjMHlnrrF
w4VKyOziEAxsiuA390Ds
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFLzCCAxegAwIBAgIIK1UyUU0zJ3YwDQYJKoZIhvcNAQELBQAwITEfMB0GA1UE
AwwWazNzLXJvb3QtY2FAMTcxNTI1NzgxMzAeFw0yNDA1MDkxMjMwMjBaFw00NDAx
MjUxMjMwMjBaMCkxJzAlBgNVBAMMHmszcy1pbnRlcm1lZGlhdGUtY2FAMTcxNTI1
NzgxMzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMZQkDW8ULwu2iUP
ZeXf+v3alHj6MQioEebJqe8ZaCFwyzQuz6VgyJIkxc0qUtvAuan2WVek22+EqLnk
uQfmEgsfuWwHt8n69SGMqZ3SA+sH5eZt+KTGEWUNzyIFZumtNgsRkeJmF+oX5QQ4
yVWqclLrEaYkfPAr0+pf5CPugY51G8v4ezuYU4wFPjXfja4ewZj9Otpmn+X/18OS
TkSMfKG6SoY6hQPoq0rqe/C9BdilWX79C6+2Hw3fs+jzXWPaq7hkRjYEzzBPSzNW
aDl4lYQi/70wZYC85LC0J0VW0NrbrgmxieMmATnTuQAb3Ud4iQGGlqUUV7pgJO/A
vywHNR+V6xyBV2riHloy50jVkQ2ecbdqYlWn89S2Yanca/DvEYm1URWroDvhtTsm
3QPHC/Y5B04+qBaGZif7PayvRWE1WM5h130jpeTEGRRhQ7e1hM+0rvP8gyBEMiFE
HhyYGFBJ4SmZu5kbSGVQNXwS9/F9Tm47yEFEKuMQ0eFw5OASVXX4sglT/5kn8/h0
N6EyrFMgXAo4wyCJ/m3q8ngG9VLcz+vcbSBMtt8cWxs5LyhDvK06oPsy+aGq74Pb
ripTJHysnueCqG51jC/My/vL1TAXQH8kAsz2hHFnqi5LqvY2dpeHqPa4N/9oi7i5
IN7hw1+9kD5zO6mYMnaEQnEiYLVRAgMBAAGjYzBhMB0GA1UdDgQWBBT6/VUGWgoY
PCQtLvpqXycqkL43YjAfBgNVHSMEGDAWgBTLIkPmeEX9fvysxUa/HvlxbPKG2TAP
BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwICpDANBgkqhkiG9w0BAQsFAAOC
AgEAE4Z9is2j6K6Kk7BvDbDjW83Gew7TIIP8kTC0jZIu1loV2K8YOnmhKjer7XN5
VpcABZ2GOzKw0syN+Z+l54az/dnp1m81MlFhUoZCiNdIDjNwSOJuF/PuBszpODcy
P6LapwD52T0WH7HyUC1Grm84Bvmzwf87rpt29PBgRyt1ZPRgOCD96RvCH9v8/jWx
KkxrtjYpsje7SIagepWEsu4w+ZXMSCsJejj4bqH/mFpkUNGDSu+kgiHh2RXHSqTx
W1ZLHoz243vFyv1wrH1hFpZfEaOxa17zGEn8kdOXcRqkPMOEokKVrbjmv334SeE6
36eWyFtcbrFLWES6wKw4/KLWEzBAuGWz+ujoy9G7ahpylJGTMk74+/njqLbgrOcR
dQom/UAoynkUY+U0Rj7bW1rYpxcjimpTPGyXsJ9AGz4nYtOwQEpQ441/nPxH6hAY
i7tODC4YSbP+HH8aGIkb+oSMExVnHLeypjUcbQWPLQ940p0bLIUu378yl62N9dOC
1JYW68PslezrIN/YViAF9aW7CxxI9mJQeGZlO8+4gpUTLkHX7vLws9GK2giCbvEY
JXnrtd3C2sY8BmP5Ps6hQKd//NyT0D+mIhOmoNXaTufvWSdRdWjgClcdNtEqk88E
XPWn6g0sW7r1usZQCms+bDSmO88ZZ0SDOg+Yw76pBHRAkAo=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFMzCCAxugAwIBAgIUVmq/U/xnr7TE0GqtUK9fdm6ClgAwDQYJKoZIhvcNAQEL
BQAwITEfMB0GA1UEAwwWazNzLXJvb3QtY2FAMTcxNTI1NzgxMzAeFw0yNDA1MDkx
MjMwMThaFw00NDA1MDQxMjMwMThaMCExHzAdBgNVBAMMFmszcy1yb290LWNhQDE3
MTUyNTc4MTMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDAcIqRzsAP
tWnAxd3nkSyVutRe1gYGe4cqYExgwn6JLi34/ENZ8PTkUTA7crZ9okm66vn8Wcot
RCIrIQV/4FoQBKnTQgCv0TRaA59TyvLiES1W9EaFOpggrIz5TKx06DN+UhxhEOeQ
OaYpBfigVzODv3qw5+7V10a/9QErpy4PDv915zAO3fu6n/9Y3OJxpzb3vVwfQpLd
6vMl4o13gZq3Tp17DJ3pbs3RT1TMYiECCLEhuEgML9dXVFdW5HNcdiGx9mepzwcw
qyrlD4BufIJ9K6PPu3Ppp1311y0acvTLgYuRUBl9qOlrsMv0rS/7XcNEG6b9Vg+T
1s38y9FJIbtIwvLBlKPonfMatem2bkGcijlf7LHlkDmCd0GLsQtvklwzGPPa2lg9
bCB909ivzRWtSW1ba0kLaQUbCJG7yRH/nqE+fA72IlUzxN01AvXUFtq7Hi3cw2Yc
zyyVk8IRRJLYq9EjFy8+14e1QAWCP4M4RbGLSRb53aVcOWm22KFyczaDg+NnnHtB
ASS6ODfYEeAujVj7tq90IPspT6ewPaZ91qRSanr2lABkEEEaX58ErQ6G2g4yuQLQ
8pzXX9v1crCIWGsclx77a5CV599loKcZOIIxT4e1u7Dhy0EQD0yX1tru3XaVkdP/
TyidJLH2GS5MJ1vLuY7ezrocZJUrkSZOIwIDAQABo2MwYTAdBgNVHQ4EFgQUyyJD
5nhF/X78rMVGvx75cWzyhtkwHwYDVR0jBBgwFoAUyyJD5nhF/X78rMVGvx75cWzy
htkwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAqQwDQYJKoZIhvcNAQEL
BQADggIBAEM7KOB7myKORjA+smmMHXeHrfWMtS5R1mlp+JFeEZaMks6ktsicynRQ
PdD49F8Kk35XtB97sfNeM0/csIngq9ES0xhRvDbfEq68edFUUD/WpyPYIFjd1MGf
MiIbOYZSVG60xOJSFgE7f+ymK6XTwd61PRojNyIvb+2lVASKT//aWMlHU1ox+2rx
kihi0YJHH8yKhFyps4oJQyW7f+0NFfy2rknvLP55EIKiLCFPHmh636vx+bJ8AbUY
j96VEN96KqZE6YTygqHmYz5n/Vl9FibOBN1hQmHwyBy6mJI8Q0RxS4PMsxSEwKoE
H5RdpAdYPF4F23gsN0rbIFzEmgwXMnJkKPgGEIMniTHcKIEjSPTPnLWScQynqRu0
jpNXpgJ9N22sRFAzJWAaB+67YSwymClOzzAe18A7lwBrQRFZldR+GYjpywBNVI0R
G8WVmyOcQCqNeycwED+z2UvRJcGR1yxkZFDhJjcV/kLbvQQj9zNRpS8cEHWyqXZ0
RYqQMvYebLwydDkmZ9e73NaJPFTtWciFUzzxfDid9Ql6C1sMFURl4XxBthUXNH6+
09T9IIivtoyHV+EWPo/9yr3cO+4B18PXJv3vlmFf1PGOGjpzNLnOxiPU+fDEmAhm
KasQJscK9c2FT6/6XnJjdOnyvgTBlLM7UrZ+9M0icf8vQSVjDudq
-----END CERTIFICATE-----

View file

@ -1,81 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIDbjCCAVagAwIBAgIIK1UyUU0zJ3kwDQYJKoZIhvcNAQELBQAwKTEnMCUGA1UE
AwweazNzLWludGVybWVkaWF0ZS1jYUAxNzE1MjU3ODEzMB4XDTI0MDUwOTEyMzAy
MFoXDTQ0MDEyNTEyMzAyMFowKzEpMCcGA1UEAwwgazNzLXJlcXVlc3QtaGVhZGVy
LWNhQDE3MTUyNTc4MTMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARAACYmLLW4
6vaF9q1cqBefK/FQebhkwoDcuYuG597sjxQPEz8sO/yYVaNnNcVZZPqDsiF4OCOz
i9ge02pJJVXJo2MwYTAdBgNVHQ4EFgQUrVPDbR8zlHplrCIASYmcn8IrbDEwHwYD
VR0jBBgwFoAU+v1VBloKGDwkLS76al8nKpC+N2IwDwYDVR0TAQH/BAUwAwEB/zAO
BgNVHQ8BAf8EBAMCAqQwDQYJKoZIhvcNAQELBQADggIBABlvTQJx7B0LI95sOKjM
zul35QpHoMTJOM4IrtDVUQfRutsRVaJ8z2M/2PXY0OiP8ZURaUTR63fL1lklQOMq
xDM59mcyWTEB50+yTYZNCi0qUrxI7kiOGmsCWJ1JDcRRnXonF2htPdMUr8wIOrzR
CL/HIYObEqasmTZeBlaHMc7clLB+yROveCRG91MeC8iftu/ORoqUIMVhXuR2PEQn
mupksalzL71RdOPLdL7UQzhVaABDRD0JrWsb6F198PLWiGpslwqFumyxucgd4+Xq
lb9AB/Sac/2KJH2GEGUoUMac7tJ+BNNc1T6VQUeyKDCacNRemjKxOa58ilFGvGPK
xKuuPhaN/mdZNBI1EX1m8JbCTByP5naGB7DDsP8ekMg1jvfszU+BDZSZoBgDhMmu
7Hsu/CpS8LWDzZ0KRuBsCLTYwlA1H0rp3C2ZYc/cbBexo8oyHMisMvpzM/5NMkuT
aKCQFt3HOncNG6rTltTrFaJaH9sZJxaaR6Q+pKzTtRGpx3SabZnNQkmu2MoFTKoE
vApW1wYptjOm7k5+o0a7IcWWK8FbqGOwfTAiI+mNYkiwo+qunALY0q/MiX0c7beI
qDzvjAHEt/xuWLCVqXhCy7bsgAmiukICMVflWd1Bg5OlXHa9H6sXqE1hP74Wv2bo
kBKEUETfs+HldaQgT5ontb+T
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFLzCCAxegAwIBAgIIK1UyUU0zJ3YwDQYJKoZIhvcNAQELBQAwITEfMB0GA1UE
AwwWazNzLXJvb3QtY2FAMTcxNTI1NzgxMzAeFw0yNDA1MDkxMjMwMjBaFw00NDAx
MjUxMjMwMjBaMCkxJzAlBgNVBAMMHmszcy1pbnRlcm1lZGlhdGUtY2FAMTcxNTI1
NzgxMzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMZQkDW8ULwu2iUP
ZeXf+v3alHj6MQioEebJqe8ZaCFwyzQuz6VgyJIkxc0qUtvAuan2WVek22+EqLnk
uQfmEgsfuWwHt8n69SGMqZ3SA+sH5eZt+KTGEWUNzyIFZumtNgsRkeJmF+oX5QQ4
yVWqclLrEaYkfPAr0+pf5CPugY51G8v4ezuYU4wFPjXfja4ewZj9Otpmn+X/18OS
TkSMfKG6SoY6hQPoq0rqe/C9BdilWX79C6+2Hw3fs+jzXWPaq7hkRjYEzzBPSzNW
aDl4lYQi/70wZYC85LC0J0VW0NrbrgmxieMmATnTuQAb3Ud4iQGGlqUUV7pgJO/A
vywHNR+V6xyBV2riHloy50jVkQ2ecbdqYlWn89S2Yanca/DvEYm1URWroDvhtTsm
3QPHC/Y5B04+qBaGZif7PayvRWE1WM5h130jpeTEGRRhQ7e1hM+0rvP8gyBEMiFE
HhyYGFBJ4SmZu5kbSGVQNXwS9/F9Tm47yEFEKuMQ0eFw5OASVXX4sglT/5kn8/h0
N6EyrFMgXAo4wyCJ/m3q8ngG9VLcz+vcbSBMtt8cWxs5LyhDvK06oPsy+aGq74Pb
ripTJHysnueCqG51jC/My/vL1TAXQH8kAsz2hHFnqi5LqvY2dpeHqPa4N/9oi7i5
IN7hw1+9kD5zO6mYMnaEQnEiYLVRAgMBAAGjYzBhMB0GA1UdDgQWBBT6/VUGWgoY
PCQtLvpqXycqkL43YjAfBgNVHSMEGDAWgBTLIkPmeEX9fvysxUa/HvlxbPKG2TAP
BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwICpDANBgkqhkiG9w0BAQsFAAOC
AgEAE4Z9is2j6K6Kk7BvDbDjW83Gew7TIIP8kTC0jZIu1loV2K8YOnmhKjer7XN5
VpcABZ2GOzKw0syN+Z+l54az/dnp1m81MlFhUoZCiNdIDjNwSOJuF/PuBszpODcy
P6LapwD52T0WH7HyUC1Grm84Bvmzwf87rpt29PBgRyt1ZPRgOCD96RvCH9v8/jWx
KkxrtjYpsje7SIagepWEsu4w+ZXMSCsJejj4bqH/mFpkUNGDSu+kgiHh2RXHSqTx
W1ZLHoz243vFyv1wrH1hFpZfEaOxa17zGEn8kdOXcRqkPMOEokKVrbjmv334SeE6
36eWyFtcbrFLWES6wKw4/KLWEzBAuGWz+ujoy9G7ahpylJGTMk74+/njqLbgrOcR
dQom/UAoynkUY+U0Rj7bW1rYpxcjimpTPGyXsJ9AGz4nYtOwQEpQ441/nPxH6hAY
i7tODC4YSbP+HH8aGIkb+oSMExVnHLeypjUcbQWPLQ940p0bLIUu378yl62N9dOC
1JYW68PslezrIN/YViAF9aW7CxxI9mJQeGZlO8+4gpUTLkHX7vLws9GK2giCbvEY
JXnrtd3C2sY8BmP5Ps6hQKd//NyT0D+mIhOmoNXaTufvWSdRdWjgClcdNtEqk88E
XPWn6g0sW7r1usZQCms+bDSmO88ZZ0SDOg+Yw76pBHRAkAo=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFMzCCAxugAwIBAgIUVmq/U/xnr7TE0GqtUK9fdm6ClgAwDQYJKoZIhvcNAQEL
BQAwITEfMB0GA1UEAwwWazNzLXJvb3QtY2FAMTcxNTI1NzgxMzAeFw0yNDA1MDkx
MjMwMThaFw00NDA1MDQxMjMwMThaMCExHzAdBgNVBAMMFmszcy1yb290LWNhQDE3
MTUyNTc4MTMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDAcIqRzsAP
tWnAxd3nkSyVutRe1gYGe4cqYExgwn6JLi34/ENZ8PTkUTA7crZ9okm66vn8Wcot
RCIrIQV/4FoQBKnTQgCv0TRaA59TyvLiES1W9EaFOpggrIz5TKx06DN+UhxhEOeQ
OaYpBfigVzODv3qw5+7V10a/9QErpy4PDv915zAO3fu6n/9Y3OJxpzb3vVwfQpLd
6vMl4o13gZq3Tp17DJ3pbs3RT1TMYiECCLEhuEgML9dXVFdW5HNcdiGx9mepzwcw
qyrlD4BufIJ9K6PPu3Ppp1311y0acvTLgYuRUBl9qOlrsMv0rS/7XcNEG6b9Vg+T
1s38y9FJIbtIwvLBlKPonfMatem2bkGcijlf7LHlkDmCd0GLsQtvklwzGPPa2lg9
bCB909ivzRWtSW1ba0kLaQUbCJG7yRH/nqE+fA72IlUzxN01AvXUFtq7Hi3cw2Yc
zyyVk8IRRJLYq9EjFy8+14e1QAWCP4M4RbGLSRb53aVcOWm22KFyczaDg+NnnHtB
ASS6ODfYEeAujVj7tq90IPspT6ewPaZ91qRSanr2lABkEEEaX58ErQ6G2g4yuQLQ
8pzXX9v1crCIWGsclx77a5CV599loKcZOIIxT4e1u7Dhy0EQD0yX1tru3XaVkdP/
TyidJLH2GS5MJ1vLuY7ezrocZJUrkSZOIwIDAQABo2MwYTAdBgNVHQ4EFgQUyyJD
5nhF/X78rMVGvx75cWzyhtkwHwYDVR0jBBgwFoAUyyJD5nhF/X78rMVGvx75cWzy
htkwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAqQwDQYJKoZIhvcNAQEL
BQADggIBAEM7KOB7myKORjA+smmMHXeHrfWMtS5R1mlp+JFeEZaMks6ktsicynRQ
PdD49F8Kk35XtB97sfNeM0/csIngq9ES0xhRvDbfEq68edFUUD/WpyPYIFjd1MGf
MiIbOYZSVG60xOJSFgE7f+ymK6XTwd61PRojNyIvb+2lVASKT//aWMlHU1ox+2rx
kihi0YJHH8yKhFyps4oJQyW7f+0NFfy2rknvLP55EIKiLCFPHmh636vx+bJ8AbUY
j96VEN96KqZE6YTygqHmYz5n/Vl9FibOBN1hQmHwyBy6mJI8Q0RxS4PMsxSEwKoE
H5RdpAdYPF4F23gsN0rbIFzEmgwXMnJkKPgGEIMniTHcKIEjSPTPnLWScQynqRu0
jpNXpgJ9N22sRFAzJWAaB+67YSwymClOzzAe18A7lwBrQRFZldR+GYjpywBNVI0R
G8WVmyOcQCqNeycwED+z2UvRJcGR1yxkZFDhJjcV/kLbvQQj9zNRpS8cEHWyqXZ0
RYqQMvYebLwydDkmZ9e73NaJPFTtWciFUzzxfDid9Ql6C1sMFURl4XxBthUXNH6+
09T9IIivtoyHV+EWPo/9yr3cO+4B18PXJv3vlmFf1PGOGjpzNLnOxiPU+fDEmAhm
KasQJscK9c2FT6/6XnJjdOnyvgTBlLM7UrZ+9M0icf8vQSVjDudq
-----END CERTIFICATE-----

View file

@ -1,81 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIDZjCCAU6gAwIBAgIIK1UyUU0zJ3gwDQYJKoZIhvcNAQELBQAwKTEnMCUGA1UE
AwweazNzLWludGVybWVkaWF0ZS1jYUAxNzE1MjU3ODEzMB4XDTI0MDUwOTEyMzAy
MFoXDTQ0MDEyNTEyMzAyMFowIzEhMB8GA1UEAwwYazNzLXNlcnZlci1jYUAxNzE1
MjU3ODEzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEDhZobdYwh9+5PmK68/Pi
CETLWdTMftlpf4Kws1c1pu9diaQ2p2uAhgsdMxe8k5Su22HUG9soOsLpMfGn1fwS
dqNjMGEwHQYDVR0OBBYEFH4kXKFZ+MJI3cnwRtm2URRJk4ghMB8GA1UdIwQYMBaA
FPr9VQZaChg8JC0u+mpfJyqQvjdiMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/
BAQDAgKkMA0GCSqGSIb3DQEBCwUAA4ICAQCWi/YtfU0RFX8vZenOolcbrtSiZDYO
yYuUUI3h7U1AW7Hmn3Gk0SYdNxUbJLB2sFt8s8TX+N80M5483prUi8O3CL/DTXxD
Ae4uag2MFGh0710JY0I/7paB9H9GU6T+BAKrjdru2mwlNC+DcUIY7UX5/PrmnG9z
HMt6tSdy6RuKTBu69tr/Mpdb3VZIjrEuJ/d1LrkbxEXXW+12AvBMociBXUW+7ooO
LlKji2LGFJUYvh7yjOXykjB5U75/9oBrRpASFkGqwcXk7c89UEL9RiPDLqAm6u1U
YoE8U9mZtgTV2E4DKUbamdeVRFalJMw1Pp6WrSLsK1wBgWxydEz8djUg8WLf01ml
mRtLH7AKgFy3u5s+fxMQMGSfSmSjzsV3HCKb8bssk8bm0Q4wLznqW1ClKTbBRdDb
lE0BkI0cJqaTkjBkcuPUd9yCEUT3mCFRPIqpiYAqzPwudZ9PynZVd4NfrItpEw1V
7hVFjN2q524LK3moPFd/adfEenZEXbkaUimUloADmnR/fuTjvqkUh0OVCta3SMTd
GjhMBidfBaDPs+b/wpI4oo3JzKL9U0AqDH9/KOsJk2W38VE8z+exgY0eU2E6HOaz
O18nrHF+eMY65Zxird7xLmu+I0h1aF0qp37ejBZnWMxawQwb0km0IcVE4xzixQ9F
NBWX9TfSjd17Tg==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFLzCCAxegAwIBAgIIK1UyUU0zJ3YwDQYJKoZIhvcNAQELBQAwITEfMB0GA1UE
AwwWazNzLXJvb3QtY2FAMTcxNTI1NzgxMzAeFw0yNDA1MDkxMjMwMjBaFw00NDAx
MjUxMjMwMjBaMCkxJzAlBgNVBAMMHmszcy1pbnRlcm1lZGlhdGUtY2FAMTcxNTI1
NzgxMzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMZQkDW8ULwu2iUP
ZeXf+v3alHj6MQioEebJqe8ZaCFwyzQuz6VgyJIkxc0qUtvAuan2WVek22+EqLnk
uQfmEgsfuWwHt8n69SGMqZ3SA+sH5eZt+KTGEWUNzyIFZumtNgsRkeJmF+oX5QQ4
yVWqclLrEaYkfPAr0+pf5CPugY51G8v4ezuYU4wFPjXfja4ewZj9Otpmn+X/18OS
TkSMfKG6SoY6hQPoq0rqe/C9BdilWX79C6+2Hw3fs+jzXWPaq7hkRjYEzzBPSzNW
aDl4lYQi/70wZYC85LC0J0VW0NrbrgmxieMmATnTuQAb3Ud4iQGGlqUUV7pgJO/A
vywHNR+V6xyBV2riHloy50jVkQ2ecbdqYlWn89S2Yanca/DvEYm1URWroDvhtTsm
3QPHC/Y5B04+qBaGZif7PayvRWE1WM5h130jpeTEGRRhQ7e1hM+0rvP8gyBEMiFE
HhyYGFBJ4SmZu5kbSGVQNXwS9/F9Tm47yEFEKuMQ0eFw5OASVXX4sglT/5kn8/h0
N6EyrFMgXAo4wyCJ/m3q8ngG9VLcz+vcbSBMtt8cWxs5LyhDvK06oPsy+aGq74Pb
ripTJHysnueCqG51jC/My/vL1TAXQH8kAsz2hHFnqi5LqvY2dpeHqPa4N/9oi7i5
IN7hw1+9kD5zO6mYMnaEQnEiYLVRAgMBAAGjYzBhMB0GA1UdDgQWBBT6/VUGWgoY
PCQtLvpqXycqkL43YjAfBgNVHSMEGDAWgBTLIkPmeEX9fvysxUa/HvlxbPKG2TAP
BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwICpDANBgkqhkiG9w0BAQsFAAOC
AgEAE4Z9is2j6K6Kk7BvDbDjW83Gew7TIIP8kTC0jZIu1loV2K8YOnmhKjer7XN5
VpcABZ2GOzKw0syN+Z+l54az/dnp1m81MlFhUoZCiNdIDjNwSOJuF/PuBszpODcy
P6LapwD52T0WH7HyUC1Grm84Bvmzwf87rpt29PBgRyt1ZPRgOCD96RvCH9v8/jWx
KkxrtjYpsje7SIagepWEsu4w+ZXMSCsJejj4bqH/mFpkUNGDSu+kgiHh2RXHSqTx
W1ZLHoz243vFyv1wrH1hFpZfEaOxa17zGEn8kdOXcRqkPMOEokKVrbjmv334SeE6
36eWyFtcbrFLWES6wKw4/KLWEzBAuGWz+ujoy9G7ahpylJGTMk74+/njqLbgrOcR
dQom/UAoynkUY+U0Rj7bW1rYpxcjimpTPGyXsJ9AGz4nYtOwQEpQ441/nPxH6hAY
i7tODC4YSbP+HH8aGIkb+oSMExVnHLeypjUcbQWPLQ940p0bLIUu378yl62N9dOC
1JYW68PslezrIN/YViAF9aW7CxxI9mJQeGZlO8+4gpUTLkHX7vLws9GK2giCbvEY
JXnrtd3C2sY8BmP5Ps6hQKd//NyT0D+mIhOmoNXaTufvWSdRdWjgClcdNtEqk88E
XPWn6g0sW7r1usZQCms+bDSmO88ZZ0SDOg+Yw76pBHRAkAo=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFMzCCAxugAwIBAgIUVmq/U/xnr7TE0GqtUK9fdm6ClgAwDQYJKoZIhvcNAQEL
BQAwITEfMB0GA1UEAwwWazNzLXJvb3QtY2FAMTcxNTI1NzgxMzAeFw0yNDA1MDkx
MjMwMThaFw00NDA1MDQxMjMwMThaMCExHzAdBgNVBAMMFmszcy1yb290LWNhQDE3
MTUyNTc4MTMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDAcIqRzsAP
tWnAxd3nkSyVutRe1gYGe4cqYExgwn6JLi34/ENZ8PTkUTA7crZ9okm66vn8Wcot
RCIrIQV/4FoQBKnTQgCv0TRaA59TyvLiES1W9EaFOpggrIz5TKx06DN+UhxhEOeQ
OaYpBfigVzODv3qw5+7V10a/9QErpy4PDv915zAO3fu6n/9Y3OJxpzb3vVwfQpLd
6vMl4o13gZq3Tp17DJ3pbs3RT1TMYiECCLEhuEgML9dXVFdW5HNcdiGx9mepzwcw
qyrlD4BufIJ9K6PPu3Ppp1311y0acvTLgYuRUBl9qOlrsMv0rS/7XcNEG6b9Vg+T
1s38y9FJIbtIwvLBlKPonfMatem2bkGcijlf7LHlkDmCd0GLsQtvklwzGPPa2lg9
bCB909ivzRWtSW1ba0kLaQUbCJG7yRH/nqE+fA72IlUzxN01AvXUFtq7Hi3cw2Yc
zyyVk8IRRJLYq9EjFy8+14e1QAWCP4M4RbGLSRb53aVcOWm22KFyczaDg+NnnHtB
ASS6ODfYEeAujVj7tq90IPspT6ewPaZ91qRSanr2lABkEEEaX58ErQ6G2g4yuQLQ
8pzXX9v1crCIWGsclx77a5CV599loKcZOIIxT4e1u7Dhy0EQD0yX1tru3XaVkdP/
TyidJLH2GS5MJ1vLuY7ezrocZJUrkSZOIwIDAQABo2MwYTAdBgNVHQ4EFgQUyyJD
5nhF/X78rMVGvx75cWzyhtkwHwYDVR0jBBgwFoAUyyJD5nhF/X78rMVGvx75cWzy
htkwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAqQwDQYJKoZIhvcNAQEL
BQADggIBAEM7KOB7myKORjA+smmMHXeHrfWMtS5R1mlp+JFeEZaMks6ktsicynRQ
PdD49F8Kk35XtB97sfNeM0/csIngq9ES0xhRvDbfEq68edFUUD/WpyPYIFjd1MGf
MiIbOYZSVG60xOJSFgE7f+ymK6XTwd61PRojNyIvb+2lVASKT//aWMlHU1ox+2rx
kihi0YJHH8yKhFyps4oJQyW7f+0NFfy2rknvLP55EIKiLCFPHmh636vx+bJ8AbUY
j96VEN96KqZE6YTygqHmYz5n/Vl9FibOBN1hQmHwyBy6mJI8Q0RxS4PMsxSEwKoE
H5RdpAdYPF4F23gsN0rbIFzEmgwXMnJkKPgGEIMniTHcKIEjSPTPnLWScQynqRu0
jpNXpgJ9N22sRFAzJWAaB+67YSwymClOzzAe18A7lwBrQRFZldR+GYjpywBNVI0R
G8WVmyOcQCqNeycwED+z2UvRJcGR1yxkZFDhJjcV/kLbvQQj9zNRpS8cEHWyqXZ0
RYqQMvYebLwydDkmZ9e73NaJPFTtWciFUzzxfDid9Ql6C1sMFURl4XxBthUXNH6+
09T9IIivtoyHV+EWPo/9yr3cO+4B18PXJv3vlmFf1PGOGjpzNLnOxiPU+fDEmAhm
KasQJscK9c2FT6/6XnJjdOnyvgTBlLM7UrZ+9M0icf8vQSVjDudq
-----END CERTIFICATE-----

View file

@ -1,213 +0,0 @@
{
self,
inputs,
pkgs,
lib,
config,
...
}: let
cfg = config.pim.k3s;
in {
options.pim.k3s = {
enable = lib.mkOption {
default = false;
type = lib.types.bool;
description = ''
Whether to run k3s on this server.
'';
};
role = lib.mkOption {
default = "server";
type = lib.types.str;
description = ''
Whether to run k3s as a server or an agent.
'';
};
clusterInit = lib.mkOption {
default = false;
type = lib.types.bool;
description = ''
Whether this node should initialize the K8s cluster.
'';
};
serverAddr = lib.mkOption {
default = null;
type = with lib.types; nullOr str;
description = ''
Address of the server whose cluster this server should join.
Leaving this empty will make the server initialize the cluster.
'';
};
};
config = lib.mkIf cfg.enable {
environment.systemPackages = with pkgs; [
k3s
openiscsi # Required for Longhorn
nfs-utils # Required for Longhorn
];
# TODO!!!!!
networking = {
nftables.enable = lib.mkForce false;
firewall.enable = lib.mkForce false;
};
virtualisation.containerd = {
enable = true;
settings = {
version = 2;
proxy_plugins.nix = {
type = "snapshot";
address = "/run/nix-snapshotter/nix-snapshotter.sock";
};
plugins = let
k3s-cni-plugins = pkgs.buildEnv {
name = "k3s-cni-plugins";
paths = with pkgs; [
cni-plugins
cni-plugin-flannel
];
};
in {
"io.containerd.grpc.v1.cri" = {
stream_server_address = "127.0.0.1";
stream_server_port = "10010";
enable_selinux = false;
enable_unprivileged_ports = true;
enable_unprivileged_icmp = true;
disable_apparmor = true;
disable_cgroup = true;
restrict_oom_score_adj = true;
sandbox_image = "rancher/mirrored-pause:3.6";
containerd.snapshotter = "nix";
cni = {
conf_dir = "/var/lib/rancher/k3s/agent/etc/cni/net.d/";
bin_dir = "${k3s-cni-plugins}/bin";
};
};
"io.containerd.transfer.v1.local".unpack_config = [
{
platform = "linux/amd64";
snapshotter = "nix";
}
];
};
};
};
services = {
nix-snapshotter.enable = true;
k3s = let
serverFlagList = [
"--image-service-endpoint=unix:///run/nix-snapshotter/nix-snapshotter.sock"
"--snapshotter=overlayfs"
"--container-runtime-endpoint=unix:///run/containerd/containerd.sock"
"--tls-san=${config.networking.fqdn}"
"--disable=servicelb"
"--cluster-cidr=10.42.0.0/16,2001:cafe:42::/56"
"--service-cidr=10.43.0.0/16,2001:cafe:43::/112"
];
serverFlags = builtins.concatStringsSep " " serverFlagList;
in {
enable = true;
role = cfg.role;
tokenFile = config.sops.secrets."k3s/serverToken".path;
extraFlags = lib.mkIf (cfg.role == "server") (lib.mkForce serverFlags);
clusterInit = cfg.clusterInit;
serverAddr = lib.mkIf (! (cfg.serverAddr == null)) cfg.serverAddr;
};
# Required for Longhorn
openiscsi = {
enable = true;
name = "iqn.2016-04.com.open-iscsi:${config.networking.fqdn}";
};
};
# HACK: Symlink binaries to /usr/local/bin such that Longhorn can find them
# when they use nsenter.
# https://github.com/longhorn/longhorn/issues/2166#issuecomment-1740179416
systemd.tmpfiles.rules = [
"L+ /usr/local/bin - - - - /run/current-system/sw/bin/"
];
system.activationScripts = {
k3s-bootstrap = lib.mkIf (cfg.role == "server") {
text = (
let
k3sBootstrapFile =
(inputs.kubenix.evalModules.x86_64-linux {
module = import ./bootstrap.nix;
})
.config
.kubernetes
.result;
in ''
mkdir -p /var/lib/rancher/k3s/server/manifests
ln -sf ${k3sBootstrapFile} /var/lib/rancher/k3s/server/manifests/k3s-bootstrap.json
''
);
};
k3s-certs = lib.mkIf (cfg.role == "server") {
text = ''
mkdir -p /var/lib/rancher/k3s/server/tls/etcd
cp -f ${./ca/server-ca.crt} /var/lib/rancher/k3s/server/tls/server-ca.crt
cp -f ${./ca/client-ca.crt} /var/lib/rancher/k3s/server/tls/client-ca.crt
cp -f ${./ca/request-header-ca.crt} /var/lib/rancher/k3s/server/tls/request-header-ca.crt
cp -f ${./ca/etcd/peer-ca.crt} /var/lib/rancher/k3s/server/tls/etcd/peer-ca.crt
cp -f ${./ca/etcd/server-ca.crt} /var/lib/rancher/k3s/server/tls/etcd/server-ca.crt
'';
};
};
sops.secrets = let
keyPathBase = "/var/lib/rancher/k3s/server/tls";
in {
"k3s/serverToken" = {
sopsFile = "${self}/secrets/kubernetes.yaml";
};
"k3s/keys/clientCAKey" = {
sopsFile = "${self}/secrets/kubernetes.yaml";
path = "${keyPathBase}/client-ca.key";
};
"k3s/keys/requestHeaderCAKey" = {
sopsFile = "${self}/secrets/kubernetes.yaml";
path = "${keyPathBase}/request-header-ca.key";
};
"k3s/keys/serverCAKey" = {
sopsFile = "${self}/secrets/kubernetes.yaml";
path = "${keyPathBase}/server-ca.key";
};
"k3s/keys/serviceKey" = {
sopsFile = "${self}/secrets/kubernetes.yaml";
path = "${keyPathBase}/service.key";
};
"k3s/keys/etcd/peerCAKey" = {
sopsFile = "${self}/secrets/kubernetes.yaml";
path = "${keyPathBase}/etcd/peer-ca.key";
};
"k3s/keys/etcd/serverCAKey" = {
sopsFile = "${self}/secrets/kubernetes.yaml";
path = "${keyPathBase}/etcd/server-ca.key";
};
};
};
}

View file

@ -1,112 +0,0 @@
{
lib,
config,
...
}: {
options.pim.hasK8sStorageSetup = lib.mkOption {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.pim.hasK8sStorageSetup {
disko.devices = {
disk = {
nvme = {
device = "/dev/nvme0n1";
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
type = "EF00";
size = "500M";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
pv_os = {
size = "79G";
content = {
type = "lvm_pv";
vg = "vg_os";
};
};
pv_nvme_extra = {
size = "100%";
content = {
type = "lvm_pv";
vg = "vg_data";
};
};
};
};
};
sata = {
device = "/dev/sda";
type = "disk";
content = {
type = "gpt";
partitions.pv_sata = {
size = "100%";
content = {
type = "lvm_pv";
vg = "vg_data";
};
};
};
};
};
lvm_vg = {
vg_os = {
type = "lvm_vg";
lvs = {
root = {
size = "75G";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
mountOptions = ["defaults"];
};
};
swap = {
size = "100%FREE";
content.type = "swap";
};
};
};
vg_data = {
type = "lvm_vg";
lvs.longhorn = {
size = "100%FREE";
content = {
type = "filesystem";
format = "xfs";
mountpoint = "/mnt/longhorn";
};
};
};
};
};
};
}

View file

@ -1,64 +0,0 @@
{
lib,
config,
nodes,
...
}: {
options.pim.prometheus.enable = lib.mkEnableOption "prometheus";
config = lib.mkIf config.pim.prometheus.enable {
networking.firewall.allowedTCPPorts = [80];
services.prometheus = {
enable = true;
scrapeConfigs = (
let
generated = lib.pipe nodes [
(lib.filterAttrs (name: node: node.config.services.prometheus.exporters.node.enable))
(lib.attrsets.mapAttrsToList
(name: node: {
job_name = name;
static_configs = [
{
targets = ["${node.config.networking.fqdn}:${toString node.config.services.prometheus.exporters.node.port}"];
}
];
}))
];
pikvm = {
job_name = "pikvm";
metrics_path = "/api/export/prometheus/metrics";
scheme = "https";
tls_config.insecure_skip_verify = true;
# We don't care about security here, it's behind a VPN.
basic_auth = {
username = "admin";
password = "admin";
};
static_configs = [
{
targets = ["pikvm.dmz"];
}
];
};
in
generated ++ [pikvm]
);
};
services.nginx = {
enable = true;
virtualHosts."${config.networking.fqdn}" = {
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.prometheus.port}";
recommendedProxySettings = true;
};
};
};
};
}

View file

@ -1,67 +0,0 @@
{
lib,
config,
self,
...
}: {
options.pim.tailscale.advertiseExitNode = lib.mkOption {
type = lib.types.bool;
default = false;
};
config = lib.mkIf (builtins.elem "server" config.deployment.tags) {
networking = {
firewall.allowedTCPPorts = [config.services.prometheus.exporters.node.port];
domain = "dmz";
useDHCP = false;
nftables.enable = lib.mkDefault true;
firewall.enable = lib.mkDefault true;
};
systemd.network = {
enable = true;
networks = {
"30-main-nic" = {
matchConfig.Name = "en*";
networkConfig.DHCP = "yes";
};
};
};
boot = {
# Increase this from 128.
# It seems containerization solutions use this a lot.
# Then, if exhausted, deployment of sops keys fail.
kernel.sysctl."fs.inotify.max_user_instances" = 256;
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
};
services = {
openssh.enable = true;
prometheus.exporters.node.enable = true;
tailscale = {
authKeyFile = config.sops.secrets."tailscale/authKey".path;
useRoutingFeatures = "server";
openFirewall = true;
extraUpFlags =
[
"--accept-dns=false"
"--hostname=${config.networking.hostName}"
]
++ lib.lists.optional config.pim.tailscale.advertiseExitNode "--advertise-exit-node"
++ lib.lists.optional config.pim.tailscale.advertiseExitNode "--advertise-routes=192.168.30.0/24";
};
};
sops.secrets."tailscale/authKey" = {
sopsFile = "${self}/secrets/servers.yaml";
};
};
}

View file

@ -1,27 +0,0 @@
{lib, ...}: {
options = {
pim.ssh.keys = lib.mkOption {
type = lib.types.attrsOf (lib.types.listOf lib.types.str);
};
};
config = {
pim.ssh.keys = {
pim = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOodpLr+FDRyKyHjucHizNLVFHZ5AQmE9GmxMnOsSoaw pimkunis@thinkpadpim"];
niels = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINUZp4BCxf7uLa1QWonx/Crf8tYZ5MKIZ+EuaBa82LrV user@user-laptop"];
};
services = {
openssh = {
openFirewall = true;
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
GSSAPIAuthentication = false;
UseDns = false;
};
};
};
};
}

View file

@ -1,47 +0,0 @@
{
pkgs,
inputs,
config,
lib,
...
}: let
cfg = config.pim.stylix;
in {
imports = [inputs.stylix.nixosModules.stylix];
options.pim.stylix.enable = lib.mkEnableOption "stylix";
config = {
stylix = lib.mkMerge [
{
image = "${inputs.nixos-artwork}/wallpapers/nix-wallpaper-binary-blue.png";
}
(lib.mkIf cfg.enable {
enable = true;
base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-dark-medium.yaml";
cursor = {
package = pkgs.bibata-cursors;
name = "Bibata-Modern-Classic";
size = 28;
};
fonts = {
monospace = {
package = pkgs.nerdfonts.override {fonts = ["JetBrainsMono"];};
name = "JetBrainsMono Nerd Font Mono";
};
sansSerif = {
package = pkgs.dejavu_fonts;
name = "DejaVu Sans";
};
serif = {
package = pkgs.dejavu_fonts;
name = "DejaVu Serif";
};
};
})
];
};
}

View file

@ -1,13 +0,0 @@
{
lib,
config,
...
}: let
cfg = config.pim.tidal;
in {
options.pim.tidal.enable = lib.mkEnableOption "tidal";
config = lib.mkIf cfg.enable {
users.users.pim.extraGroups = ["audio"];
};
}

View file

@ -1,55 +0,0 @@
{
lib,
config,
...
}: let
cfg = config.pim.wireguard;
in {
options.pim.wireguard.enable = lib.mkEnableOption "wireguard";
config = lib.mkIf cfg.enable {
networking = {
useDHCP = lib.mkDefault true;
networkmanager.unmanaged = ["tailscale0"];
wg-quick.interfaces = {
home = {
privateKeyFile = config.sops.secrets."wireguard/home/privateKey".path;
address = ["10.225.191.4/24"];
dns = ["192.168.30.131"];
autostart = false;
mtu = 1412;
peers = [
{
presharedKeyFile = config.sops.secrets."wireguard/home/presharedKey".path;
endpoint = "wg.kun.is:51820";
publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg=";
allowedIPs = ["0.0.0.0/0"];
}
];
};
home-no-pihole = {
privateKeyFile = config.sops.secrets."wireguard/home/privateKey".path;
address = ["10.225.191.4/24"];
dns = ["192.168.10.1"];
autostart = false;
mtu = 1412;
peers = [
{
presharedKeyFile = config.sops.secrets."wireguard/home/presharedKey".path;
endpoint = "wg.kun.is:51820";
publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg=";
allowedIPs = ["0.0.0.0/0"];
}
];
};
};
};
sops.secrets = {
"wireguard/home/presharedKey" = {};
"wireguard/home/privateKey" = {};
};
};
}

View file

@ -1,13 +0,0 @@
{
nixpkgs,
flake-utils,
treefmt-nix,
...
}:
flake-utils.lib.eachDefaultSystem (system: let
pkgs = nixpkgs.legacyPackages.${system};
treefmtEval = treefmt-nix.lib.evalModule pkgs ./treefmt.nix;
treefmtWrapper = treefmtEval.config.build.wrapper;
in {
packages.formatter = treefmtWrapper;
})

3
secrets/README.md Normal file
View file

@ -0,0 +1,3 @@
```bash
nix run github:ryantm/agenix# -- -e secret1.age
```

Binary file not shown.

Some files were not shown because too many files have changed in this diff Show more