Compare commits
1 commit
master
...
jellyseerr
Author | SHA1 | Date | |
---|---|---|---|
c4d676c9f9 |
62 changed files with 13191 additions and 8820 deletions
68
.sops.yaml
68
.sops.yaml
|
@ -1,88 +1,88 @@
|
|||
# Public keys are combination of host + user
|
||||
keys:
|
||||
- &laptop_root age1w99m9klvc7m5qtmtmu3l0jx8ksdzp5c4p9rkvh5fdullfc6afemqv5py2q
|
||||
- &laptop_pim age189laethzry4ylnd790dmpuc4xjjuwqxruc76caj3ceqhqug4g9qs0upuvw
|
||||
- &sue_root age1w99m9klvc7m5qtmtmu3l0jx8ksdzp5c4p9rkvh5fdullfc6afemqv5py2q
|
||||
- &sue_pim age189laethzry4ylnd790dmpuc4xjjuwqxruc76caj3ceqhqug4g9qs0upuvw
|
||||
- &gamepc_root age1y5wgcxmn37drmjtpgld3xc76mw8dckhred8hecusywjlvdyfedfse8y60u
|
||||
- &gamepc_pim age1qlldg2c6kptvnmvlkpf9pae3wnczk6eklcmwdvnzyvvnur3aqdcq3c3trt
|
||||
- &warwick_root age1th8rdw4fs3vmgy9gzc0k9xy88tddjj4vasepckfx9h4nlzsg3q3q4cjgwu
|
||||
- &niels age159whjxeyw94xmkkephmtlur8e85xd9d5vnvkwkcayfv7el0neqfq863yga
|
||||
- &atlas_root age1unkshctcpucc298kmw9a0qzvtjzgdnjytrxr5p750dv0z95feymqpn68qf
|
||||
- &jefke_root age1upnqu4rpxppdw9zmqu8x3rnaqq2r6m82y25zvry5cec63vjsd9gqtl9e02
|
||||
- &lewis_root age108fn93z2c55g9dm9cv5v4w47pykf3khz7e3dmnpv5dhchwnaau0qs20stq
|
||||
- &roeland_root age15qrzsk9t7uyuuy7m0xt3qzk3cmcsegt5wfe5zew4d8najwjnm30sfjc3pk
|
||||
|
||||
creation_rules:
|
||||
- path_regex: secrets/blocktech/colmena.yaml
|
||||
- path_regex: secrets/sue/colmena.yaml
|
||||
key_groups:
|
||||
- age:
|
||||
- *laptop_root
|
||||
- path_regex: secrets/blocktech/nixos.yaml
|
||||
- *sue_root
|
||||
- path_regex: secrets/sue/nixos.yaml
|
||||
key_groups:
|
||||
- age:
|
||||
- *laptop_root
|
||||
- path_regex: secrets/blocktech/pkunis.yaml
|
||||
- *sue_root
|
||||
- path_regex: secrets/sue/pim.yaml
|
||||
key_groups:
|
||||
- age:
|
||||
- *laptop_pim
|
||||
- *laptop_root
|
||||
- *sue_pim
|
||||
- *sue_root
|
||||
- path_regex: secrets/gamepc/colmena.yaml
|
||||
key_groups:
|
||||
- age:
|
||||
- *laptop_pim
|
||||
- *laptop_root
|
||||
- *sue_pim
|
||||
- *sue_root
|
||||
- path_regex: secrets/gamepc/pim.yaml
|
||||
key_groups:
|
||||
- age:
|
||||
- *laptop_pim
|
||||
- *laptop_root
|
||||
- *sue_pim
|
||||
- *sue_root
|
||||
- *gamepc_root
|
||||
- *gamepc_pim
|
||||
- path_regex: secrets/warwick/colmena.yaml
|
||||
key_groups:
|
||||
- age:
|
||||
- *laptop_pim
|
||||
- *laptop_root
|
||||
- *sue_pim
|
||||
- *sue_root
|
||||
- *niels
|
||||
- path_regex: secrets/servers.yaml
|
||||
key_groups:
|
||||
- age:
|
||||
- *warwick_root
|
||||
- *atlas_root
|
||||
- *jefke_root
|
||||
- *lewis_root
|
||||
- *roeland_root
|
||||
- *laptop_pim
|
||||
- *laptop_root
|
||||
- *sue_pim
|
||||
- *sue_root
|
||||
- *niels
|
||||
- path_regex: secrets/atlas/colmena.yaml
|
||||
key_groups:
|
||||
- age:
|
||||
- *laptop_pim
|
||||
- *laptop_root
|
||||
- *sue_pim
|
||||
- *sue_root
|
||||
- *niels
|
||||
- path_regex: secrets/kubernetes.yaml
|
||||
key_groups:
|
||||
- age:
|
||||
- *atlas_root
|
||||
- *jefke_root
|
||||
- *lewis_root
|
||||
- *roeland_root
|
||||
- *laptop_pim
|
||||
- *laptop_root
|
||||
- *sue_pim
|
||||
- *sue_root
|
||||
- *niels
|
||||
- path_regex: secrets/jefke/colmena.yaml
|
||||
key_groups:
|
||||
- age:
|
||||
- *sue_pim
|
||||
- *sue_root
|
||||
- *niels
|
||||
- path_regex: secrets/lewis/colmena.yaml
|
||||
key_groups:
|
||||
- age:
|
||||
- *laptop_pim
|
||||
- *laptop_root
|
||||
- *sue_pim
|
||||
- *sue_root
|
||||
- *niels
|
||||
- path_regex: secrets/lewis/nixos.yaml
|
||||
key_groups:
|
||||
- age:
|
||||
- *lewis_root
|
||||
- *laptop_pim
|
||||
- *laptop_root
|
||||
- *niels
|
||||
- path_regex: secrets/roeland/colmena.yaml
|
||||
key_groups:
|
||||
- age:
|
||||
- *laptop_pim
|
||||
- *laptop_root
|
||||
- *sue_pim
|
||||
- *sue_root
|
||||
- *niels
|
||||
|
|
30
README.md
30
README.md
|
@ -3,33 +3,33 @@
|
|||
NixOS configurations for the machines I manage.
|
||||
|
||||
Currently managed systems:
|
||||
|
||||
- **blocktech**: My current laptop, a ThinkPad P1 running GNOME.
|
||||
- **gamepc**: My gaming PC running Cosmic
|
||||
- **sue**: My current laptop, a Dell XPS 9315. It has two flavours:
|
||||
- Default running GNOME
|
||||
- Specialisation running Cosmic
|
||||
- **gamepc**: My gaming PC running Cinnamon
|
||||
- **warwick**: A Raspberry Pi 4 Model B, which mostly does some monitoring
|
||||
- **atlas**: A Gigabyte Brix, one of my Kubernetes nodes
|
||||
- **lewis**: A Gigabyte Brix, one of my Kubernetes nodes. Additionally, contains
|
||||
my media collection and does backups.
|
||||
- **roeland**: A Minisforum UN100P, one of my Kubernetes nodes
|
||||
- **jefke**: A Gigabyte Brix, one of my Kubernetes nodes
|
||||
- **lewis**: A Gigabyte Brix, one of my Kubernetes nodes. Additionally, contains my media collection and does backups.
|
||||
|
||||
## Deployment
|
||||
|
||||
I use [Colmena](https://colmena.cli.rs) for deploying my machines.
|
||||
|
||||
Create garbage collection roots like so:
|
||||
|
||||
```shell
|
||||
colmena build --keep-result
|
||||
```
|
||||
colmena build --keep-result --experimental-flake-eval
|
||||
```
|
||||
|
||||
To apply to the local machine:
|
||||
|
||||
```shell
|
||||
sudo colmena apply-local --sudo
|
||||
```
|
||||
sudo colmena apply-local --sudo --experimental-flake-eval
|
||||
```
|
||||
|
||||
To apply to all remotely managed systems:
|
||||
|
||||
```shell
|
||||
colmena apply
|
||||
```
|
||||
colmena apply --experimental-flake-eval
|
||||
```
|
||||
|
||||
> [!NOTE]
|
||||
> Currently the `--experimental-flake-eval` flag is necessary to properly use Colmena with flakes. See [this PR](https://github.com/zhaofengli/colmena/pull/228).
|
||||
|
|
12
colmena.nix
12
colmena.nix
|
@ -15,9 +15,9 @@ inputs @ {
|
|||
};
|
||||
};
|
||||
|
||||
blocktech = {
|
||||
sue = {
|
||||
imports = [
|
||||
(import ./machines).blocktech.nixosModule
|
||||
(import ./machines).sue.nixosModule
|
||||
./nixos
|
||||
];
|
||||
};
|
||||
|
@ -43,16 +43,16 @@ inputs @ {
|
|||
];
|
||||
};
|
||||
|
||||
lewis = {
|
||||
jefke = {
|
||||
imports = [
|
||||
(import ./machines).lewis.nixosModule
|
||||
(import ./machines).jefke.nixosModule
|
||||
./nixos
|
||||
];
|
||||
};
|
||||
|
||||
roeland = {
|
||||
lewis = {
|
||||
imports = [
|
||||
(import ./machines).roeland.nixosModule
|
||||
(import ./machines).lewis.nixosModule
|
||||
./nixos
|
||||
];
|
||||
};
|
||||
|
|
782
flake.lock
generated
782
flake.lock
generated
File diff suppressed because it is too large
Load diff
32
flake.nix
32
flake.nix
|
@ -2,26 +2,16 @@
|
|||
description = "My NixOS configuration";
|
||||
|
||||
inputs = {
|
||||
nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";
|
||||
nixpkgs-oldstable.url = "github:nixos/nixpkgs/nixos-24.11";
|
||||
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11";
|
||||
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
|
||||
nur.url = "github:nix-community/NUR";
|
||||
stylix.url = "github:pizzapim/stylix/master";
|
||||
treefmt-nix.url = "github:numtide/treefmt-nix";
|
||||
nixos-facter-modules.url = "github:numtide/nixos-facter-modules";
|
||||
flake-utils.url = "github:numtide/flake-utils";
|
||||
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
|
||||
colmena.url = "github:zhaofengli/colmena";
|
||||
|
||||
stylix = {
|
||||
url = "github:nix-community/stylix/release-25.05";
|
||||
inputs.tinted-schemes.follows = "tinted-schemes";
|
||||
};
|
||||
|
||||
nvf = {
|
||||
url = "github:notashelf/nvf";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
|
||||
git-hooks = {
|
||||
url = "github:cachix/git-hooks.nix";
|
||||
inputs.nixpkgs.follows = "nixpkgs-unstable";
|
||||
|
@ -33,7 +23,7 @@
|
|||
};
|
||||
|
||||
home-manager = {
|
||||
url = "github:nix-community/home-manager?ref=release-25.05";
|
||||
url = "github:nix-community/home-manager?ref=release-24.11";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
|
||||
|
@ -53,17 +43,16 @@
|
|||
flake = false;
|
||||
};
|
||||
|
||||
tinted-schemes = {
|
||||
type = "git";
|
||||
url = "https://github.com/tinted-theming/schemes";
|
||||
flake = false;
|
||||
};
|
||||
|
||||
sops-nix = {
|
||||
url = "github:Mic92/sops-nix";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
|
||||
nixos-cosmic = {
|
||||
url = "github:lilyinstarlight/nixos-cosmic";
|
||||
inputs.nixpkgs-stable.follows = "nixpkgs-unstable";
|
||||
};
|
||||
|
||||
nix-snapshotter = {
|
||||
url = "github:pdtpartners/nix-snapshotter";
|
||||
inputs.nixpkgs.follows = "nixpkgs-unstable";
|
||||
|
@ -73,6 +62,11 @@
|
|||
url = "github:pizzapim/kubenix";
|
||||
inputs.nixpkgs.follows = "nixpkgs-unstable";
|
||||
};
|
||||
|
||||
nixng = {
|
||||
url = "github:pizzapim/NixNG/dnsmasq";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
};
|
||||
|
||||
outputs = inputs @ {
|
||||
|
|
|
@ -4,5 +4,5 @@
|
|||
...
|
||||
}:
|
||||
flake-utils.lib.eachDefaultSystem (system: {
|
||||
inherit (self.packages.${system}) formatter;
|
||||
formatter = self.packages.${system}.formatter;
|
||||
})
|
||||
|
|
|
@ -5,6 +5,7 @@
|
|||
...
|
||||
}: {
|
||||
imports = [
|
||||
./neovim
|
||||
./firefox
|
||||
./tidal.nix
|
||||
./gnome
|
||||
|
@ -12,7 +13,6 @@
|
|||
./vscode.nix
|
||||
inputs.nix-index-database.hmModules.nix-index
|
||||
inputs.sops-nix.homeManagerModules.sops
|
||||
inputs.nvf.homeManagerModules.default
|
||||
];
|
||||
|
||||
xsession.enable = true;
|
||||
|
|
|
@ -30,7 +30,7 @@ in {
|
|||
id = 0;
|
||||
isDefault = true;
|
||||
settings = firefoxSettings;
|
||||
extensions.packages = firefoxAddons;
|
||||
extensions = firefoxAddons;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
13
home-manager/neovim/bufferline.lua
Normal file
13
home-manager/neovim/bufferline.lua
Normal file
|
@ -0,0 +1,13 @@
|
|||
require("bufferline").setup({
|
||||
options = {
|
||||
diagnostics = "nvim_lsp",
|
||||
diagnostics_indicator = function(count, level, diagnostics_dict, context)
|
||||
local icon = level:match("error") and " " or " "
|
||||
return " " .. icon .. count
|
||||
end,
|
||||
separator_style = "slant",
|
||||
hover = { enabled = true, reveal = { "close" } },
|
||||
},
|
||||
})
|
||||
|
||||
vim.keymap.set("n", "<leader>ft", ":BufferLinePick<CR>", {})
|
43
home-manager/neovim/cmp.lua
Normal file
43
home-manager/neovim/cmp.lua
Normal file
|
@ -0,0 +1,43 @@
|
|||
local cmp = require("cmp")
|
||||
local luasnip = require("luasnip")
|
||||
|
||||
require("luasnip.loaders.from_vscode").lazy_load()
|
||||
luasnip.config.setup({})
|
||||
|
||||
cmp.setup({
|
||||
snippet = {
|
||||
expand = function(args)
|
||||
luasnip.lsp_expand(args.body)
|
||||
end,
|
||||
},
|
||||
mapping = cmp.mapping.preset.insert({
|
||||
["<C-n>"] = cmp.mapping.select_next_item(),
|
||||
["<C-p>"] = cmp.mapping.select_prev_item(),
|
||||
["<C-d>"] = cmp.mapping.scroll_docs(-4),
|
||||
["<C-f>"] = cmp.mapping.scroll_docs(4),
|
||||
["<C-Space>"] = cmp.mapping.complete({}),
|
||||
["<CR>"] = cmp.mapping.confirm({
|
||||
behavior = cmp.ConfirmBehavior.Replace,
|
||||
select = true,
|
||||
}),
|
||||
["<Tab>"] = cmp.mapping(function(fallback)
|
||||
if cmp.visible() then
|
||||
cmp.select_next_item()
|
||||
elseif luasnip.expand_or_locally_jumpable() then
|
||||
luasnip.expand_or_jump()
|
||||
else
|
||||
fallback()
|
||||
end
|
||||
end, { "i", "s" }),
|
||||
["<S-Tab>"] = cmp.mapping(function(fallback)
|
||||
if cmp.visible() then
|
||||
cmp.select_prev_item()
|
||||
elseif luasnip.locally_jumpable(-1) then
|
||||
luasnip.jump(-1)
|
||||
else
|
||||
fallback()
|
||||
end
|
||||
end, { "i", "s" }),
|
||||
}),
|
||||
sources = { { name = "nvim_lsp" }, { name = "luasnip" } },
|
||||
})
|
2
home-manager/neovim/commentary.lua
Normal file
2
home-manager/neovim/commentary.lua
Normal file
|
@ -0,0 +1,2 @@
|
|||
vim.cmd([[autocmd FileType nix setlocal commentstring=#%s]])
|
||||
vim.cmd([[autocmd FileType terraform setlocal commentstring=#%s]])
|
9
home-manager/neovim/core.lua
Normal file
9
home-manager/neovim/core.lua
Normal file
|
@ -0,0 +1,9 @@
|
|||
vim.o.background = "dark"
|
||||
vim.cmd([[colorscheme gruvbox]])
|
||||
vim.g.mapleader = ";"
|
||||
vim.o.signcolumn = "yes"
|
||||
vim.wo.number = true
|
||||
vim.wo.relativenumber = true
|
||||
vim.wo.cursorline = true
|
||||
vim.opt.termguicolors = true
|
||||
vim.o.mousemoveevent = true
|
91
home-manager/neovim/default.nix
Normal file
91
home-manager/neovim/default.nix
Normal file
|
@ -0,0 +1,91 @@
|
|||
{
|
||||
pkgs,
|
||||
config,
|
||||
lib,
|
||||
...
|
||||
}: let
|
||||
cfg = config.pim.neovim;
|
||||
in {
|
||||
options.pim.neovim.enable = lib.mkEnableOption "neovim";
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
programs.neovim = {
|
||||
enable = true;
|
||||
viAlias = true;
|
||||
vimAlias = true;
|
||||
vimdiffAlias = true;
|
||||
defaultEditor = true;
|
||||
extraLuaConfig = builtins.readFile ./core.lua;
|
||||
|
||||
extraPackages = with pkgs; [
|
||||
nil
|
||||
pyright
|
||||
gopls
|
||||
terraform-ls
|
||||
nixfmt-classic
|
||||
stylua
|
||||
black
|
||||
nixpkgs-fmt
|
||||
];
|
||||
|
||||
plugins = with pkgs.vimPlugins; [
|
||||
{
|
||||
plugin = nvim-lspconfig;
|
||||
type = "lua";
|
||||
config = builtins.readFile ./lspconfig.lua;
|
||||
}
|
||||
gruvbox-nvim
|
||||
{
|
||||
plugin = leap-nvim;
|
||||
type = "lua";
|
||||
config = builtins.readFile ./leap.lua;
|
||||
}
|
||||
{
|
||||
plugin = telescope-nvim;
|
||||
type = "lua";
|
||||
config = builtins.readFile ./telescope.lua;
|
||||
}
|
||||
{
|
||||
plugin = vim-commentary;
|
||||
type = "lua";
|
||||
config = builtins.readFile ./commentary.lua;
|
||||
}
|
||||
vim-sleuth
|
||||
{
|
||||
plugin = gitsigns-nvim;
|
||||
type = "lua";
|
||||
config = ''require("gitsigns").setup()'';
|
||||
}
|
||||
{
|
||||
plugin = nvim-cmp;
|
||||
type = "lua";
|
||||
config = builtins.readFile ./cmp.lua;
|
||||
}
|
||||
cmp-nvim-lsp
|
||||
friendly-snippets
|
||||
neodev-nvim
|
||||
luasnip
|
||||
cmp_luasnip
|
||||
{
|
||||
plugin = nvim-treesitter.withAllGrammars;
|
||||
type = "lua";
|
||||
config = builtins.readFile ./treesitter.lua;
|
||||
}
|
||||
{
|
||||
plugin = bufferline-nvim;
|
||||
type = "lua";
|
||||
config = builtins.readFile ./bufferline.lua;
|
||||
}
|
||||
nvim-web-devicons
|
||||
lsp-format-nvim
|
||||
{
|
||||
plugin = pkgs.vimPlugins.none-ls-nvim;
|
||||
type = "lua";
|
||||
config = builtins.readFile ./none-ls.lua;
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
programs.git.extraConfig.core.editor = "nvim";
|
||||
};
|
||||
}
|
4
home-manager/neovim/leap.lua
Normal file
4
home-manager/neovim/leap.lua
Normal file
|
@ -0,0 +1,4 @@
|
|||
require("leap").add_default_mappings()
|
||||
-- Don't remap 'x' in visual mode.
|
||||
vim.keymap.del({ "x", "o" }, "x")
|
||||
vim.keymap.del({ "x", "o" }, "X")
|
65
home-manager/neovim/lspconfig.lua
Normal file
65
home-manager/neovim/lspconfig.lua
Normal file
|
@ -0,0 +1,65 @@
|
|||
require("lsp-format").setup({})
|
||||
|
||||
local on_attach = function(client, bufnr)
|
||||
local bufmap = function(keys, func)
|
||||
vim.keymap.set("n", keys, func, { buffer = bufnr })
|
||||
end
|
||||
|
||||
bufmap("<leader>r", vim.lsp.buf.rename)
|
||||
bufmap("<leader>a", vim.lsp.buf.code_action)
|
||||
|
||||
bufmap("gd", vim.lsp.buf.definition)
|
||||
bufmap("gD", vim.lsp.buf.declaration)
|
||||
bufmap("gI", vim.lsp.buf.implementation)
|
||||
bufmap("<leader>D", vim.lsp.buf.type_definition)
|
||||
|
||||
bufmap("gr", require("telescope.builtin").lsp_references)
|
||||
bufmap("<leader>s", require("telescope.builtin").lsp_document_symbols)
|
||||
bufmap("<leader>S", require("telescope.builtin").lsp_dynamic_workspace_symbols)
|
||||
|
||||
bufmap("K", vim.lsp.buf.hover)
|
||||
|
||||
vim.api.nvim_buf_create_user_command(bufnr, "Format", function(_)
|
||||
vim.lsp.buf.format()
|
||||
end, {})
|
||||
end
|
||||
|
||||
local capabilities = vim.lsp.protocol.make_client_capabilities()
|
||||
capabilities = require("cmp_nvim_lsp").default_capabilities(capabilities)
|
||||
|
||||
require("neodev").setup()
|
||||
require("lspconfig").nil_ls.setup({
|
||||
on_attach = on_attach,
|
||||
capabilities = capabilities,
|
||||
})
|
||||
require("lspconfig").pyright.setup({
|
||||
on_attach = on_attach,
|
||||
capabilities = capabilities,
|
||||
})
|
||||
require("lspconfig").gopls.setup({
|
||||
on_attach = on_attach,
|
||||
capabilities = capabilities,
|
||||
})
|
||||
require("lspconfig").terraformls.setup({
|
||||
on_attach = on_attach,
|
||||
capabilities = capabilities,
|
||||
})
|
||||
|
||||
local function has_treefmt()
|
||||
local git_root = vim.fn.systemlist("git rev-parse --show-toplevel")[1]
|
||||
if vim.v.shell_error ~= 0 then
|
||||
return false
|
||||
end
|
||||
local treefmt_path = git_root .. "/treefmt.nix"
|
||||
return vim.fn.filereadable(treefmt_path) == 1
|
||||
end
|
||||
|
||||
vim.api.nvim_create_autocmd("BufWritePost", {
|
||||
pattern = "*",
|
||||
callback = function()
|
||||
if vim.fn.expand("%:p") ~= vim.fn.getcwd() .. "/.git/COMMIT_EDITMSG" and has_treefmt() then
|
||||
vim.cmd("silent !treefmt > /dev/null 2>&1")
|
||||
end
|
||||
end,
|
||||
group = vim.api.nvim_create_augroup("TreefmtAutoformat", { clear = true }),
|
||||
})
|
53
home-manager/neovim/none-ls.lua
Normal file
53
home-manager/neovim/none-ls.lua
Normal file
|
@ -0,0 +1,53 @@
|
|||
-- renamed to none-ls
|
||||
local null_ls_status_ok, null_ls = pcall(require, "null-ls")
|
||||
if not null_ls_status_ok then
|
||||
return
|
||||
end
|
||||
|
||||
local formatting = null_ls.builtins.formatting
|
||||
local diagnostics = null_ls.builtins.diagnostics
|
||||
local code_actions = null_ls.builtins.code_actions
|
||||
|
||||
-- to setup format on save
|
||||
local augroup = vim.api.nvim_create_augroup("LspFormatting", {})
|
||||
|
||||
require("null-ls").setup({
|
||||
sources = {
|
||||
formatting.stylua,
|
||||
formatting.black,
|
||||
formatting.nixpkgs_fmt,
|
||||
formatting.mix,
|
||||
},
|
||||
|
||||
-- configure format on save
|
||||
-- on_attach = function(current_client, bufnr)
|
||||
-- if current_client.supports_method("textDocument/formatting") then
|
||||
-- vim.api.nvim_clear_autocmds({ group = augroup, buffer = bufnr })
|
||||
-- vim.api.nvim_create_autocmd("BufWritePre", {
|
||||
-- group = augroup,
|
||||
-- buffer = bufnr,
|
||||
-- callback = function()
|
||||
-- vim.lsp.buf.format({
|
||||
-- filter = function(client)
|
||||
-- -- only use null-ls for formatting instead of lsp server
|
||||
-- return client.name == "null-ls"
|
||||
-- end,
|
||||
-- bufnr = bufnr,
|
||||
-- })
|
||||
-- end,
|
||||
-- })
|
||||
-- end
|
||||
-- end,
|
||||
})
|
||||
|
||||
-- formatting command
|
||||
vim.api.nvim_create_user_command("Format", function()
|
||||
vim.lsp.buf.format(nil, 10000)
|
||||
end, {})
|
||||
|
||||
vim.keymap.set(
|
||||
"n",
|
||||
"<leader>fm",
|
||||
":Format<CR>",
|
||||
{ desc = "Format current buffer (also done on save)", noremap = true, silent = true }
|
||||
)
|
17
home-manager/neovim/telescope.lua
Normal file
17
home-manager/neovim/telescope.lua
Normal file
|
@ -0,0 +1,17 @@
|
|||
local builtin = require("telescope.builtin")
|
||||
|
||||
vim.keymap.set("n", "<leader>ff", builtin.find_files, {})
|
||||
vim.keymap.set("n", "<leader>fg", builtin.live_grep, {})
|
||||
vim.keymap.set("n", "<leader>fb", builtin.buffers, {})
|
||||
vim.keymap.set("n", "<leader>fr", builtin.lsp_references, {})
|
||||
vim.keymap.set("n", "<leader>fs", builtin.lsp_document_symbols, {})
|
||||
|
||||
require("telescope").setup({
|
||||
pickers = {
|
||||
find_files = { theme = "dropdown" },
|
||||
live_grep = { theme = "dropdown" },
|
||||
buffers = { theme = "dropdown" },
|
||||
lsp_references = { theme = "dropdown" },
|
||||
lsp_document_symbols = { theme = "dropdown" },
|
||||
},
|
||||
})
|
9
home-manager/neovim/treesitter.lua
Normal file
9
home-manager/neovim/treesitter.lua
Normal file
|
@ -0,0 +1,9 @@
|
|||
require("nvim-treesitter.configs").setup({
|
||||
ensure_installed = {},
|
||||
|
||||
auto_install = false,
|
||||
|
||||
highlight = { enable = true },
|
||||
|
||||
indent = { enable = true },
|
||||
})
|
|
@ -12,22 +12,20 @@ in {
|
|||
programs.vscode = {
|
||||
enable = true;
|
||||
package = pkgs.vscodium;
|
||||
profiles.default = {
|
||||
extensions = with pkgs.vscode-extensions; [
|
||||
vscodevim.vim
|
||||
marp-team.marp-vscode
|
||||
jnoortheen.nix-ide
|
||||
mkhl.direnv
|
||||
];
|
||||
extensions = with pkgs.vscode-extensions; [
|
||||
vscodevim.vim
|
||||
marp-team.marp-vscode
|
||||
jnoortheen.nix-ide
|
||||
mkhl.direnv
|
||||
];
|
||||
|
||||
userSettings = {
|
||||
"nix.enableLanguageServer" = true;
|
||||
"nix.serverPath" = lib.getExe pkgs.nil;
|
||||
"terminal.integrated.defaultProfile.linux" = "fish";
|
||||
"explorer.confirmDragAndDrop" = false;
|
||||
"explorer.confirmPasteNative" = false;
|
||||
"explorer.confirmDelete" = false;
|
||||
};
|
||||
userSettings = {
|
||||
"nix.enableLanguageServer" = true;
|
||||
"nix.serverPath" = lib.getExe pkgs.nil;
|
||||
"terminal.integrated.defaultProfile.linux" = "fish";
|
||||
"explorer.confirmDragAndDrop" = false;
|
||||
"explorer.confirmPasteNative" = false;
|
||||
"explorer.confirmDelete" = false;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -1,129 +1,27 @@
|
|||
{config, ...}: {
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
imports = [./jellyseerr-module.nix];
|
||||
|
||||
disabledModules = ["services/misc/jellyseerr.nix"];
|
||||
|
||||
config = {
|
||||
facter.reportPath = ./facter.json;
|
||||
system.stateVersion = "23.05";
|
||||
users.users.root.openssh.authorizedKeys.keys = config.pim.ssh.keys.pim ++ config.pim.ssh.keys.niels;
|
||||
pim.k3s.serverAddr = "https://lewis.dmz:6443";
|
||||
|
||||
pim.backups.borgBackups = {
|
||||
freshrss = {
|
||||
paths = ["/mnt/longhorn/persistent/volumes/freshrss"];
|
||||
deploymentName = "server";
|
||||
deploymentNamespace = "freshrss";
|
||||
};
|
||||
|
||||
nextcloud = {
|
||||
paths = ["/mnt/longhorn/persistent/volumes/nextcloud"];
|
||||
deploymentName = "server";
|
||||
deploymentNamespace = "nextcloud";
|
||||
};
|
||||
|
||||
nextcloud-db = {
|
||||
paths = ["/mnt/longhorn/persistent/volumes/nextcloud-db"];
|
||||
deploymentName = "database";
|
||||
deploymentNamespace = "nextcloud";
|
||||
};
|
||||
|
||||
authentik = {
|
||||
paths = ["/mnt/longhorn/persistent/volumes/authentik-db" "/mnt/longhorn/persistent/volumes/authentik-redis"];
|
||||
scaleDeployments = false;
|
||||
};
|
||||
|
||||
radicale = {
|
||||
paths = ["/mnt/longhorn/persistent/volumes/radicale"];
|
||||
deploymentName = "server";
|
||||
deploymentNamespace = "radicale";
|
||||
};
|
||||
|
||||
forgejo = {
|
||||
paths = ["/mnt/longhorn/persistent/volumes/forgejo"];
|
||||
deploymentName = "server";
|
||||
deploymentNamespace = "forgejo";
|
||||
};
|
||||
|
||||
syncthing = {
|
||||
paths = ["/mnt/longhorn/persistent/volumes/syncthing" "/mnt/longhorn/persistent/volumes/keepassxc"];
|
||||
deploymentName = "syncthing";
|
||||
deploymentNamespace = "syncthing";
|
||||
};
|
||||
|
||||
ntfy = {
|
||||
paths = ["/mnt/longhorn/persistent/volumes/ntfy"];
|
||||
deploymentName = "ntfy";
|
||||
deploymentNamespace = "ntfy";
|
||||
};
|
||||
|
||||
hedgedoc-uploads = {
|
||||
paths = ["/mnt/longhorn/persistent/volumes/hedgedoc-uploads"];
|
||||
deploymentName = "server";
|
||||
deploymentNamespace = "hedgedoc";
|
||||
};
|
||||
|
||||
hedgedoc-db = {
|
||||
paths = ["/mnt/longhorn/persistent/volumes/hedgedoc-db"];
|
||||
deploymentName = "database";
|
||||
deploymentNamespace = "hedgedoc";
|
||||
};
|
||||
|
||||
atuin-db = {
|
||||
paths = ["/mnt/longhorn/persistent/volumes/atuin-db"];
|
||||
deploymentName = "server";
|
||||
deploymentNamespace = "atuin";
|
||||
};
|
||||
|
||||
paperless-data = {
|
||||
paths = ["/mnt/longhorn/persistent/volumes/paperless-data"];
|
||||
deploymentName = "server";
|
||||
deploymentNamespace = "paperless";
|
||||
};
|
||||
|
||||
paperless-redisdata = {
|
||||
paths = ["/mnt/longhorn/persistent/volumes/paperless-redisdata"];
|
||||
deploymentName = "redis";
|
||||
deploymentNamespace = "paperless";
|
||||
};
|
||||
|
||||
paperless-db = {
|
||||
paths = ["/mnt/longhorn/persistent/volumes/paperless-db"];
|
||||
deploymentName = "database";
|
||||
deploymentNamespace = "paperless";
|
||||
};
|
||||
|
||||
immich = {
|
||||
paths = ["/mnt/longhorn/persistent/volumes/immich"];
|
||||
deploymentName = "immich";
|
||||
deploymentNamespace = "immich";
|
||||
};
|
||||
|
||||
immich-db = {
|
||||
paths = ["/mnt/longhorn/persistent/volumes/immich-db"];
|
||||
deploymentName = "database";
|
||||
deploymentNamespace = "immich";
|
||||
};
|
||||
|
||||
attic = {
|
||||
paths = ["/mnt/longhorn/persistent/volumes/attic"];
|
||||
deploymentName = "attic";
|
||||
deploymentNamespace = "attic";
|
||||
};
|
||||
|
||||
attic-db = {
|
||||
paths = ["/mnt/longhorn/persistent/volumes/attic-db"];
|
||||
deploymentName = "attic-db";
|
||||
deploymentNamespace = "attic";
|
||||
};
|
||||
|
||||
kitchenowl = {
|
||||
paths = ["/mnt/longhorn/persistent/volumes/kitchenowl"];
|
||||
deploymentName = "server";
|
||||
deploymentNamespace = "kitchenowl";
|
||||
};
|
||||
};
|
||||
pim.k3s.serverAddr = "https://jefke.dmz:6443";
|
||||
|
||||
deployment = {
|
||||
targetHost = "atlas";
|
||||
targetUser = "root";
|
||||
tags = ["server" "kubernetes"];
|
||||
};
|
||||
|
||||
services.jellyseerr = {
|
||||
enable = true;
|
||||
package = pkgs.callPackage ./jellyseerr.nix {};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
File diff suppressed because it is too large
Load diff
76
machines/atlas/jellyseerr-module.nix
Normal file
76
machines/atlas/jellyseerr-module.nix
Normal file
|
@ -0,0 +1,76 @@
|
|||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}: let
|
||||
cfg = config.services.jellyseerr;
|
||||
in {
|
||||
meta.maintainers = with lib.maintainers; [camillemndn pizzapim];
|
||||
|
||||
options.services.jellyseerr = {
|
||||
enable = lib.mkEnableOption ''Jellyseerr, a requests manager for Jellyfin'';
|
||||
package = lib.mkPackageOption pkgs "jellyseerr" {};
|
||||
|
||||
openFirewall = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
description = ''Open port in the firewall for the Jellyseerr web interface.'';
|
||||
};
|
||||
|
||||
port = lib.mkOption {
|
||||
type = lib.types.port;
|
||||
default = 5055;
|
||||
description = ''The port which the Jellyseerr web UI should listen to.'';
|
||||
};
|
||||
|
||||
config_directory = lib.mkOption {
|
||||
description = ''
|
||||
The directory to save run-time configuration.
|
||||
'';
|
||||
type = lib.types.str;
|
||||
example = "/jellyseerr";
|
||||
default = "/var/lib/jellyseerr";
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
systemd.services.jellyseerr = {
|
||||
description = "Jellyseerr, a requests manager for Jellyfin";
|
||||
after = ["network.target"];
|
||||
wantedBy = ["multi-user.target"];
|
||||
environment = {
|
||||
PORT = toString cfg.port;
|
||||
CONFIG_DIRECTORY = cfg.config_directory;
|
||||
};
|
||||
serviceConfig = {
|
||||
Type = "exec";
|
||||
StateDirectory = "jellyseerr";
|
||||
# WorkingDirectory = "${cfg.package}/libexec/jellyseerr/deps/jellyseerr";
|
||||
DynamicUser = true;
|
||||
ExecStart = lib.getExe cfg.package;
|
||||
# BindPaths = ["/var/lib/jellyseerr/:${cfg.package}/libexec/jellyseerr/deps/jellyseerr/config/"];
|
||||
Restart = "on-failure";
|
||||
ProtectHome = true;
|
||||
ProtectSystem = "strict";
|
||||
PrivateTmp = true;
|
||||
PrivateDevices = true;
|
||||
ProtectHostname = true;
|
||||
ProtectClock = true;
|
||||
ProtectKernelTunables = true;
|
||||
ProtectKernelModules = true;
|
||||
ProtectKernelLogs = true;
|
||||
ProtectControlGroups = true;
|
||||
NoNewPrivileges = true;
|
||||
RestrictRealtime = true;
|
||||
RestrictSUIDSGID = true;
|
||||
RemoveIPC = true;
|
||||
PrivateMounts = true;
|
||||
};
|
||||
};
|
||||
|
||||
networking.firewall = lib.mkIf cfg.openFirewall {
|
||||
allowedTCPPorts = [cfg.port];
|
||||
};
|
||||
};
|
||||
}
|
89
machines/atlas/jellyseerr.nix
Normal file
89
machines/atlas/jellyseerr.nix
Normal file
|
@ -0,0 +1,89 @@
|
|||
{
|
||||
lib,
|
||||
fetchFromGitHub,
|
||||
makeWrapper,
|
||||
node-pre-gyp,
|
||||
nodejs,
|
||||
pnpm_9,
|
||||
python3,
|
||||
stdenv,
|
||||
}:
|
||||
stdenv.mkDerivation (finalAttrs: {
|
||||
pname = "jellyseerr";
|
||||
version = "2.1.0";
|
||||
|
||||
src = with finalAttrs;
|
||||
fetchFromGitHub {
|
||||
owner = "Fallenbagel";
|
||||
repo = "jellyseerr";
|
||||
rev = "v${version}";
|
||||
hash = "sha256-5kaeqhjUy9Lgx4/uFcGRlAo+ROEOdTWc2m49rq8R8Hs=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
nodejs
|
||||
makeWrapper
|
||||
pnpm_9.configHook
|
||||
|
||||
# Needed for compiling sqlite3 and bcrypt from source
|
||||
node-pre-gyp
|
||||
python3
|
||||
];
|
||||
|
||||
pnpmDeps = pnpm_9.fetchDeps {
|
||||
inherit (finalAttrs) pname version src;
|
||||
hash = "sha256-xu6DeaBArQmnqEnIgjc1DTZujQebSkjuai9tMHeQWCk=";
|
||||
};
|
||||
|
||||
buildPhase = ''
|
||||
runHook preBuild
|
||||
pnpm build
|
||||
|
||||
# Fixes "SQLite package has not been found installed" at launch
|
||||
pushd node_modules/sqlite3
|
||||
export CPPFLAGS="-I${nodejs}/include/node"
|
||||
npm run install --build-from-source --nodedir=${nodejs}/include/node
|
||||
popd
|
||||
|
||||
pushd node_modules/bcrypt
|
||||
export CPPFLAGS="-I${nodejs}/include/node"
|
||||
npm run install --build-from-source --nodedir=${nodejs}/include/node
|
||||
popd
|
||||
|
||||
runHook postBuild
|
||||
'';
|
||||
|
||||
preInstall = ''
|
||||
mkdir $out
|
||||
cp ./package.json $out
|
||||
rm -r .next/cache
|
||||
cp -R ./.next $out
|
||||
cp -R ./dist $out
|
||||
cp ./overseerr-api.yml $out
|
||||
cp -R ./node_modules $out
|
||||
'';
|
||||
|
||||
postInstall = ''
|
||||
makeWrapper '${nodejs}/bin/node' "$out/bin/jellyseerr" \
|
||||
--chdir $out \
|
||||
--add-flags "$out/dist/index.js" \
|
||||
--set NODE_ENV production
|
||||
'';
|
||||
|
||||
meta = with lib; {
|
||||
description = "Fork of overseerr for jellyfin support";
|
||||
homepage = "https://github.com/Fallenbagel/jellyseerr";
|
||||
longDescription = ''
|
||||
Jellyseerr is a free and open source software application for managing
|
||||
requests for your media library. It is a a fork of Overseerr built to
|
||||
bring support for Jellyfin & Emby media servers!
|
||||
'';
|
||||
license = licenses.mit;
|
||||
maintainers = with maintainers; [
|
||||
camillemndn
|
||||
pizzapim
|
||||
];
|
||||
platforms = platforms.linux;
|
||||
mainProgram = "jellyseerr";
|
||||
};
|
||||
})
|
|
@ -1,80 +0,0 @@
|
|||
{
|
||||
self,
|
||||
pkgs,
|
||||
lib,
|
||||
inputs,
|
||||
config,
|
||||
...
|
||||
}: {
|
||||
config = {
|
||||
pim = {
|
||||
lanzaboote.enable = false;
|
||||
tidal.enable = false;
|
||||
gnome.enable = true;
|
||||
stylix.enable = true;
|
||||
wireguard.enable = true;
|
||||
sops-nix.usersWithSopsKeys = ["pkunis"];
|
||||
};
|
||||
|
||||
users.users.pkunis = {
|
||||
isNormalUser = true;
|
||||
extraGroups = ["wheel" "docker" "input" "wireshark" "dialout"];
|
||||
};
|
||||
|
||||
deployment = {
|
||||
allowLocalDeployment = true;
|
||||
targetHost = null;
|
||||
tags = ["desktop"];
|
||||
};
|
||||
|
||||
facter.reportPath = ./facter.json;
|
||||
home-manager.users.pkunis.imports = [./pkunis.home.nix];
|
||||
nix.settings.trusted-users = ["pkunis"];
|
||||
system.stateVersion = "23.05";
|
||||
sops.defaultSopsFile = "${self}/secrets/blocktech/nixos.yaml";
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
borgbackup
|
||||
kubectl
|
||||
nmap
|
||||
poppler_utils # For pdfunite
|
||||
silicon
|
||||
units
|
||||
];
|
||||
|
||||
virtualisation = {
|
||||
libvirtd.enable = true;
|
||||
|
||||
docker = {
|
||||
enable = true;
|
||||
|
||||
rootless = {
|
||||
enable = true;
|
||||
setSocketVariable = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
swapDevices = [
|
||||
{device = "/dev/disk/by-uuid/949815d4-cfc4-4cf3-bbbe-22516f91119c";}
|
||||
];
|
||||
|
||||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-uuid/06710546-327b-402a-b221-8d88b75301d2";
|
||||
fsType = "ext4";
|
||||
};
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/disk/by-uuid/E547-7E6C";
|
||||
fsType = "vfat";
|
||||
options = ["fmask=0077" "dmask=0077"];
|
||||
};
|
||||
|
||||
boot = {
|
||||
initrd.luks.devices."luks-4cc1ad7c-a794-4c54-adc8-c9f666c9b781".device = "/dev/disk/by-uuid/4cc1ad7c-a794-4c54-adc8-c9f666c9b781";
|
||||
initrd.luks.devices."luks-161f5109-c2d7-4307-91f6-27c655d6ab3e".device = "/dev/disk/by-uuid/161f5109-c2d7-4307-91f6-27c655d6ab3e";
|
||||
|
||||
loader.systemd-boot.enable = true;
|
||||
loader.efi.canTouchEfiVariables = true;
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,7 +1,7 @@
|
|||
{
|
||||
blocktech = {
|
||||
sue = {
|
||||
system = "x86_64-linux";
|
||||
nixosModule = import ./blocktech/configuration.nix;
|
||||
nixosModule = import ./sue/configuration.nix;
|
||||
};
|
||||
|
||||
gamepc = {
|
||||
|
@ -19,13 +19,13 @@
|
|||
nixosModule = import ./atlas/configuration.nix;
|
||||
};
|
||||
|
||||
jefke = {
|
||||
system = "x86_64-linux";
|
||||
nixosModule = import ./jefke/configuration.nix;
|
||||
};
|
||||
|
||||
lewis = {
|
||||
system = "x86_64-linux";
|
||||
nixosModule = import ./lewis/configuration.nix;
|
||||
};
|
||||
|
||||
roeland = {
|
||||
system = "x86_64-linux";
|
||||
nixosModule = import ./roeland/configuration.nix;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -5,6 +5,7 @@
|
|||
}: {
|
||||
config = {
|
||||
pim = {
|
||||
cinnamon.enable = true;
|
||||
sops-nix.usersWithSopsKeys = ["pim"];
|
||||
};
|
||||
|
||||
|
@ -31,24 +32,27 @@
|
|||
|
||||
services = {
|
||||
openssh.enable = true;
|
||||
displayManager.cosmic-greeter.enable = true;
|
||||
desktopManager.cosmic.enable = true;
|
||||
|
||||
xserver.displayManager.lightdm.extraSeatDefaults = ''
|
||||
autologin-user=pim
|
||||
'';
|
||||
|
||||
sunshine = {
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
|
||||
settings = {
|
||||
sunshine_name = config.networking.hostName;
|
||||
origin_web_ui_allowed = "wan";
|
||||
credentials_file = "/home/pim/.config/sunshine/sunshine_credentials.json";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
boot = {
|
||||
loader.grub = {
|
||||
enable = true;
|
||||
efiSupport = true;
|
||||
efiInstallAsRemovable = true;
|
||||
};
|
||||
|
||||
swraid.mdadmConf = ''
|
||||
MAILADDR pim@kunis.nl
|
||||
'';
|
||||
boot.loader.grub = {
|
||||
enable = true;
|
||||
efiSupport = true;
|
||||
efiInstallAsRemovable = true;
|
||||
};
|
||||
|
||||
disko.devices.disk = lib.genAttrs ["0" "1"] (name: {
|
||||
|
|
|
@ -14,7 +14,6 @@
|
|||
vlc
|
||||
handbrake
|
||||
lutris
|
||||
chromium
|
||||
];
|
||||
};
|
||||
|
||||
|
@ -22,5 +21,6 @@
|
|||
defaultSopsFile = "${self}/secrets/gamepc/pim.yaml";
|
||||
# TODO: should be set automatically?
|
||||
age.keyFile = "${config.xdg.configHome}/sops/age/keys.txt";
|
||||
secrets."sunshine_credentials".path = "${config.xdg.configHome}/sunshine/sunshine_credentials.json";
|
||||
};
|
||||
}
|
||||
|
|
14
machines/jefke/configuration.nix
Normal file
14
machines/jefke/configuration.nix
Normal file
|
@ -0,0 +1,14 @@
|
|||
{config, ...}: {
|
||||
config = {
|
||||
pim.k3s.clusterInit = true;
|
||||
facter.reportPath = ./facter.json;
|
||||
system.stateVersion = "23.05";
|
||||
users.users.root.openssh.authorizedKeys.keys = config.pim.ssh.keys.pim ++ config.pim.ssh.keys.niels;
|
||||
|
||||
deployment = {
|
||||
targetHost = "jefke";
|
||||
targetUser = "root";
|
||||
tags = ["server" "kubernetes"];
|
||||
};
|
||||
};
|
||||
}
|
3593
machines/jefke/facter.json
Normal file
3593
machines/jefke/facter.json
Normal file
File diff suppressed because it is too large
Load diff
|
@ -2,7 +2,6 @@
|
|||
self,
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}: {
|
||||
config = {
|
||||
|
@ -19,100 +18,9 @@
|
|||
};
|
||||
|
||||
pim = {
|
||||
k3s.serverAddr = "https://atlas.dmz:6443";
|
||||
|
||||
backups.borgBackups = {
|
||||
bazarr = {
|
||||
paths = ["/mnt/longhorn/persistent/volumes/bazarr"];
|
||||
deploymentName = "bazarr";
|
||||
deploymentNamespace = "media";
|
||||
};
|
||||
|
||||
deluge = {
|
||||
paths = ["/mnt/longhorn/persistent/volumes/deluge"];
|
||||
deploymentName = "deluge";
|
||||
deploymentNamespace = "media";
|
||||
};
|
||||
|
||||
jellyfin = {
|
||||
paths = ["/mnt/longhorn/persistent/volumes/jellyfin"];
|
||||
deploymentName = "jellyfin";
|
||||
deploymentNamespace = "media";
|
||||
};
|
||||
|
||||
jellyseerr = {
|
||||
paths = ["/mnt/longhorn/persistent/volumes/jellyseerr"];
|
||||
deploymentName = "jellyseerr";
|
||||
deploymentNamespace = "media";
|
||||
};
|
||||
|
||||
prowlarr = {
|
||||
paths = ["/mnt/longhorn/persistent/volumes/prowlarr"];
|
||||
deploymentName = "prowlarr";
|
||||
deploymentNamespace = "media";
|
||||
};
|
||||
|
||||
radarr = {
|
||||
paths = ["/mnt/longhorn/persistent/volumes/radarr"];
|
||||
deploymentName = "radarr";
|
||||
deploymentNamespace = "media";
|
||||
};
|
||||
|
||||
sonarr = {
|
||||
paths = ["/mnt/longhorn/persistent/volumes/sonarr"];
|
||||
deploymentName = "sonarr";
|
||||
deploymentNamespace = "media";
|
||||
};
|
||||
};
|
||||
k3s.serverAddr = "https://jefke.dmz:6443";
|
||||
data-sharing.enable = true;
|
||||
backups.enable = true;
|
||||
};
|
||||
|
||||
systemd = {
|
||||
timers.read-dir-sizes = {
|
||||
wantedBy = ["timers.target"];
|
||||
timerConfig = {
|
||||
OnBootSec = "5m";
|
||||
OnUnitActiveSec = "5m";
|
||||
Unit = "read-dir-sizes.service";
|
||||
};
|
||||
};
|
||||
|
||||
services."read-dir-sizes" = {
|
||||
script = let
|
||||
script = pkgs.writeShellScriptBin "read-dir-sizes.sh" ''
|
||||
DIRS=(
|
||||
"/mnt/longhorn/persistent/media/movies"
|
||||
"/mnt/longhorn/persistent/media/shows"
|
||||
)
|
||||
|
||||
temp_file=$(mktemp)
|
||||
trap 'rm -f "$temp_file"' EXIT
|
||||
|
||||
for DIR_PATH in "''${DIRS[@]}"; do
|
||||
# Find all top-level subdirectories and calculate their size
|
||||
find "$DIR_PATH" -mindepth 1 -maxdepth 1 -type d | while read -r subdir; do
|
||||
# Calculate the size of the top-level subdirectory
|
||||
du --block-size=1 -s "$subdir" | while read -r size path; do
|
||||
# Print size in Prometheus format
|
||||
echo "directory_size_bytes{dir=\"$path\"} $size" >> $temp_file
|
||||
done
|
||||
done
|
||||
done
|
||||
mkdir -p /var/lib/node_exporter/textfile_collector
|
||||
cp $temp_file /var/lib/node_exporter/textfile_collector/dir_sizes.prom
|
||||
chmod o=r /var/lib/node_exporter/textfile_collector/dir_sizes.prom
|
||||
'';
|
||||
in "${lib.getExe script}";
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
User = "root";
|
||||
};
|
||||
};
|
||||
|
||||
tmpfiles.rules = [
|
||||
"d /mnt/longhorn/persistent/media/torrents 775 414 51 8d"
|
||||
];
|
||||
};
|
||||
|
||||
services.prometheus.exporters.node.extraFlags = ["--collector.textfile.directory=/var/lib/node_exporter/textfile_collector"];
|
||||
};
|
||||
}
|
||||
|
|
File diff suppressed because it is too large
Load diff
|
@ -1,72 +0,0 @@
|
|||
{
|
||||
lib,
|
||||
config,
|
||||
...
|
||||
}: {
|
||||
config = {
|
||||
facter.reportPath = ./facter.json;
|
||||
system.stateVersion = "25.05";
|
||||
users.users.root.openssh.authorizedKeys.keys = config.pim.ssh.keys.pim ++ config.pim.ssh.keys.niels;
|
||||
pim.k3s.serverAddr = "https://atlas.dmz:6443";
|
||||
pim.hasK8sStorageSetup = lib.mkForce false;
|
||||
|
||||
deployment = {
|
||||
targetHost = "roeland";
|
||||
targetUser = "root";
|
||||
tags = ["server" "kubernetes"];
|
||||
};
|
||||
|
||||
disko.devices = {
|
||||
disk.disk1 = {
|
||||
device = lib.mkDefault "/dev/nvme0n1";
|
||||
type = "disk";
|
||||
content = {
|
||||
type = "gpt";
|
||||
partitions = {
|
||||
boot = {
|
||||
name = "boot";
|
||||
size = "1M";
|
||||
type = "EF02";
|
||||
};
|
||||
esp = {
|
||||
name = "ESP";
|
||||
size = "500M";
|
||||
type = "EF00";
|
||||
content = {
|
||||
type = "filesystem";
|
||||
format = "vfat";
|
||||
mountpoint = "/boot";
|
||||
};
|
||||
};
|
||||
root = {
|
||||
name = "root";
|
||||
size = "100%";
|
||||
content = {
|
||||
type = "lvm_pv";
|
||||
vg = "pool";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
lvm_vg = {
|
||||
pool = {
|
||||
type = "lvm_vg";
|
||||
lvs = {
|
||||
root = {
|
||||
size = "100%FREE";
|
||||
content = {
|
||||
type = "filesystem";
|
||||
format = "ext4";
|
||||
mountpoint = "/";
|
||||
mountOptions = [
|
||||
"defaults"
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
File diff suppressed because it is too large
Load diff
97
machines/sue/configuration.nix
Normal file
97
machines/sue/configuration.nix
Normal file
|
@ -0,0 +1,97 @@
|
|||
{
|
||||
self,
|
||||
pkgs,
|
||||
lib,
|
||||
inputs,
|
||||
config,
|
||||
...
|
||||
}: {
|
||||
options = {
|
||||
pim.cosmic.enable = lib.mkEnableOption "cosmic";
|
||||
};
|
||||
|
||||
config = {
|
||||
pim = {
|
||||
lanzaboote.enable = true;
|
||||
tidal.enable = true;
|
||||
gnome.enable = true;
|
||||
stylix.enable = true;
|
||||
wireguard.enable = true;
|
||||
compliance.enable = true;
|
||||
sops-nix.usersWithSopsKeys = ["pim"];
|
||||
};
|
||||
|
||||
users.users.pim = {
|
||||
isNormalUser = true;
|
||||
extraGroups = ["wheel" "docker" "input" "wireshark" "dialout"];
|
||||
};
|
||||
|
||||
deployment = {
|
||||
allowLocalDeployment = true;
|
||||
targetHost = null;
|
||||
tags = ["desktop"];
|
||||
};
|
||||
|
||||
facter.reportPath = ./facter.json;
|
||||
home-manager.users.pim.imports = [./pim.home.nix];
|
||||
nix.settings.trusted-users = ["pim"];
|
||||
system.stateVersion = "23.05";
|
||||
sops.defaultSopsFile = "${self}/secrets/sue/nixos.yaml";
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
borgbackup
|
||||
kubectl
|
||||
nmap
|
||||
poppler_utils # For pdfunite
|
||||
silicon
|
||||
units
|
||||
];
|
||||
|
||||
virtualisation = {
|
||||
libvirtd.enable = true;
|
||||
|
||||
docker = {
|
||||
enable = true;
|
||||
|
||||
rootless = {
|
||||
enable = true;
|
||||
setSocketVariable = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
swapDevices = [{device = "/dev/disk/by-uuid/96a43c35-0174-4e92-81f0-168a5f601f0b";}];
|
||||
fileSystems = {
|
||||
"/" = {
|
||||
device = "/dev/disk/by-uuid/31638735-5cc4-4013-8037-17e30edcbb0a";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
"/boot" = {
|
||||
device = "/dev/disk/by-uuid/560E-F8A2";
|
||||
fsType = "vfat";
|
||||
options = ["fmask=0022" "dmask=0022"];
|
||||
};
|
||||
};
|
||||
|
||||
nix.settings = {
|
||||
substituters = ["https://cosmic.cachix.org/"];
|
||||
trusted-public-keys = ["cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="];
|
||||
};
|
||||
|
||||
boot.initrd.luks.devices."luks-8ffd3129-4908-4209-98c4-4eb68a35c494".device = "/dev/disk/by-uuid/8ffd3129-4908-4209-98c4-4eb68a35c494";
|
||||
|
||||
specialisation.cosmic = lib.mkIf config.pim.cosmic.enable {
|
||||
configuration = {
|
||||
imports = [
|
||||
inputs.nixos-cosmic.nixosModules.default
|
||||
];
|
||||
|
||||
services = {
|
||||
desktopManager.cosmic.enable = true;
|
||||
displayManager.cosmic-greeter.enable = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
File diff suppressed because it is too large
Load diff
|
@ -1,54 +1,43 @@
|
|||
{
|
||||
lib,
|
||||
self,
|
||||
pkgs,
|
||||
config,
|
||||
...
|
||||
}: let
|
||||
inherit (self.packages.${pkgs.system}) neovim;
|
||||
in {
|
||||
}: {
|
||||
config = {
|
||||
pim = {
|
||||
tidal.enable = false;
|
||||
tidal.enable = true;
|
||||
gnome.enable = true;
|
||||
vscode.enable = true;
|
||||
syncthing.enable = true;
|
||||
neovim.enable = true;
|
||||
firefox.enable = true;
|
||||
};
|
||||
|
||||
programs = {
|
||||
chromium.enable = true;
|
||||
git.extraConfig.core.editor = lib.getExe neovim;
|
||||
};
|
||||
programs.chromium.enable = true;
|
||||
|
||||
home = {
|
||||
username = "pkunis";
|
||||
homeDirectory = "/home/pkunis";
|
||||
username = "pim";
|
||||
homeDirectory = "/home/pim";
|
||||
stateVersion = "23.05";
|
||||
sessionVariables = {
|
||||
MANPAGER = "${lib.getExe neovim} +Man!";
|
||||
EDITOR = lib.getExe neovim;
|
||||
};
|
||||
};
|
||||
|
||||
sops = {
|
||||
defaultSopsFile = "${self}/secrets/blocktech/pkunis.yaml";
|
||||
defaultSopsFile = "${self}/secrets/sue/pim.yaml";
|
||||
age.keyFile = "${config.xdg.configHome}/sops/age/keys.txt";
|
||||
secrets."keepassxc".path = "${config.xdg.configHome}/keepassxc/keepassxc.ini";
|
||||
};
|
||||
|
||||
home.packages =
|
||||
[self.packages.${pkgs.system}.neovim]
|
||||
++ (with pkgs; [
|
||||
(with pkgs; [
|
||||
jellyfin-media-player
|
||||
virt-manager
|
||||
bottles-unwrapped
|
||||
feishin
|
||||
])
|
||||
++ (with pkgs.unstable; [
|
||||
attic-client
|
||||
dbeaver-bin
|
||||
devenv
|
||||
bottles-unwrapped
|
||||
gimp
|
||||
hexchat
|
||||
impression
|
||||
|
@ -57,6 +46,7 @@ in {
|
|||
krita
|
||||
libreoffice
|
||||
# logseq # Has insecure electron dependency
|
||||
moonlight-qt
|
||||
nicotine-plus
|
||||
qFlipper
|
||||
signal-desktop
|
||||
|
@ -67,6 +57,7 @@ in {
|
|||
wireshark
|
||||
# nheko # Has insecure olm dependency
|
||||
handbrake
|
||||
feishin
|
||||
redfishtool
|
||||
]);
|
||||
};
|
|
@ -3,9 +3,7 @@
|
|||
config,
|
||||
inputs,
|
||||
...
|
||||
}: let
|
||||
gatusPort = 8080;
|
||||
in {
|
||||
}: {
|
||||
imports = [inputs.nixos-hardware.nixosModules.raspberry-pi-4];
|
||||
|
||||
config = {
|
||||
|
@ -37,289 +35,5 @@ in {
|
|||
fsType = "ext4";
|
||||
options = ["noatime"];
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [gatusPort];
|
||||
|
||||
services.gatus = {
|
||||
enable = true;
|
||||
environmentFile = config.sops.secrets."gatus/env".path;
|
||||
|
||||
settings = {
|
||||
maintenance = {
|
||||
start = "00:00";
|
||||
duration = "5h";
|
||||
timezone = "Europe/Amsterdam";
|
||||
};
|
||||
|
||||
alerting = let
|
||||
default-alert = {
|
||||
enabled = true;
|
||||
failure-threshold = 2;
|
||||
success-threshold = 1;
|
||||
send-on-resolved = true;
|
||||
};
|
||||
in {
|
||||
email = {
|
||||
from = "gatus@kun.is";
|
||||
host = "mail.smtp2go.com";
|
||||
port = 2525;
|
||||
to = "pim@kunis.nl";
|
||||
client.insecure = true;
|
||||
username = "$SMTP_USERNAME";
|
||||
password = "$SMTP_PASSWORD";
|
||||
click = "http://warwick:${toString gatusPort}";
|
||||
inherit default-alert;
|
||||
};
|
||||
|
||||
ntfy = {
|
||||
url = "https://ntfy.kun.is";
|
||||
token = "$NTFY_ACCESS_TOKEN";
|
||||
topic = "gatus";
|
||||
inherit default-alert;
|
||||
};
|
||||
};
|
||||
|
||||
web.port = gatusPort;
|
||||
endpoints = let
|
||||
status = code: "[STATUS] == ${toString code}";
|
||||
bodyContains = text: "[BODY] == pat(*${text}*)";
|
||||
maxResponseTime = ms: "[RESPONSE_TIME] < ${toString ms}";
|
||||
serviceEndpoints = [
|
||||
{
|
||||
name = "Blog";
|
||||
url = "https://pim.kun.is";
|
||||
conditions = [
|
||||
(status 200)
|
||||
(maxResponseTime 300)
|
||||
];
|
||||
}
|
||||
{
|
||||
name = "Cyberchef";
|
||||
url = "https://cyberchef.kun.is";
|
||||
conditions = [
|
||||
(status 200)
|
||||
(maxResponseTime 300)
|
||||
(bodyContains "CyberChef - The Cyber Swiss Army Knife")
|
||||
];
|
||||
}
|
||||
{
|
||||
name = "HedgeDoc";
|
||||
url = "https://md.kun.is/status";
|
||||
conditions = [
|
||||
(status 200)
|
||||
(maxResponseTime 300)
|
||||
"[BODY].notesCount > 0"
|
||||
];
|
||||
}
|
||||
{
|
||||
name = "Forgejo";
|
||||
url = "https://git.kun.is";
|
||||
conditions = [
|
||||
(status 200)
|
||||
(maxResponseTime 300)
|
||||
(bodyContains "Forgejo: Beyond coding. We forge.")
|
||||
];
|
||||
}
|
||||
{
|
||||
name = "Authentik";
|
||||
url = "https://authentik.kun.is/-/health/live/";
|
||||
conditions = [
|
||||
(status 200)
|
||||
(maxResponseTime 300)
|
||||
];
|
||||
}
|
||||
{
|
||||
name = "Ntfy";
|
||||
url = "https://ntfy.kun.is";
|
||||
conditions = [
|
||||
(status 200)
|
||||
(maxResponseTime 300)
|
||||
];
|
||||
}
|
||||
{
|
||||
name = "Jellyfin";
|
||||
url = "https://media.kun.is/health";
|
||||
conditions = [
|
||||
(status 200)
|
||||
(maxResponseTime 300)
|
||||
];
|
||||
}
|
||||
{
|
||||
name = "Attic";
|
||||
url = "https://attic.kun.is";
|
||||
conditions = [
|
||||
(status 200)
|
||||
(bodyContains "attic push")
|
||||
(maxResponseTime 300)
|
||||
];
|
||||
}
|
||||
{
|
||||
name = "Esrom";
|
||||
url = "https://esrom.kun.is/seinlamp";
|
||||
conditions = [
|
||||
(status 200)
|
||||
(bodyContains "Welcome to")
|
||||
(maxResponseTime 300)
|
||||
];
|
||||
}
|
||||
{
|
||||
name = "Atuin";
|
||||
url = "https://atuin.kun.is";
|
||||
conditions = [
|
||||
(status 200)
|
||||
(maxResponseTime 300)
|
||||
"[BODY].total_history > 0"
|
||||
];
|
||||
}
|
||||
{
|
||||
name = "KitchenOwl";
|
||||
url = "https://boodschappen.kun.is";
|
||||
conditions = [
|
||||
(status 200)
|
||||
(maxResponseTime 300)
|
||||
(bodyContains "<title>KitchenOwl</title>")
|
||||
];
|
||||
}
|
||||
{
|
||||
name = "Inbucket";
|
||||
url = "https://inbucket.griffin-mermaid.ts.net/status";
|
||||
conditions = [
|
||||
(status 200)
|
||||
(maxResponseTime 300)
|
||||
];
|
||||
}
|
||||
{
|
||||
name = "FreshRSS";
|
||||
url = "https://freshrss.griffin-mermaid.ts.net/i";
|
||||
conditions = [
|
||||
(status 401)
|
||||
(maxResponseTime 300)
|
||||
];
|
||||
}
|
||||
{
|
||||
name = "Paperless-ngx";
|
||||
url = "https://paperless.griffin-mermaid.ts.net/accounts/login/";
|
||||
conditions = [
|
||||
(status 200)
|
||||
(maxResponseTime 300)
|
||||
(bodyContains "Please sign in.")
|
||||
];
|
||||
}
|
||||
{
|
||||
name = "Jellyseerr";
|
||||
url = "https://jellyseerr.griffin-mermaid.ts.net/login";
|
||||
conditions = [
|
||||
(status 200)
|
||||
(maxResponseTime 300)
|
||||
];
|
||||
}
|
||||
{
|
||||
name = "Radarr";
|
||||
url = "https://radarr.griffin-mermaid.ts.net";
|
||||
conditions = [
|
||||
(status 200)
|
||||
(maxResponseTime 300)
|
||||
];
|
||||
}
|
||||
{
|
||||
name = "Sonarr";
|
||||
url = "https://sonarr.griffin-mermaid.ts.net/login";
|
||||
conditions = [
|
||||
(status 200)
|
||||
(maxResponseTime 300)
|
||||
];
|
||||
}
|
||||
{
|
||||
name = "Bazarr";
|
||||
url = "https://bazarr.griffin-mermaid.ts.net/system/status";
|
||||
conditions = [
|
||||
(status 200)
|
||||
(maxResponseTime 300)
|
||||
(bodyContains "<title>Bazarr</title>")
|
||||
];
|
||||
}
|
||||
{
|
||||
name = "Prowlarr";
|
||||
url = "https://prowlarr.griffin-mermaid.ts.net/login";
|
||||
conditions = [
|
||||
(status 200)
|
||||
(maxResponseTime 300)
|
||||
];
|
||||
}
|
||||
{
|
||||
name = "Deluge";
|
||||
url = "https://deluge.griffin-mermaid.ts.net";
|
||||
conditions = [
|
||||
(status 200)
|
||||
(maxResponseTime 300)
|
||||
];
|
||||
}
|
||||
{
|
||||
name = "SyncThing";
|
||||
url = "https://syncthing.griffin-mermaid.ts.net/";
|
||||
conditions = [
|
||||
(status 200)
|
||||
(maxResponseTime 300)
|
||||
];
|
||||
}
|
||||
{
|
||||
name = "Radicale";
|
||||
url = "https://radicale.griffin-mermaid.ts.net/.web/";
|
||||
conditions = [
|
||||
(status 200)
|
||||
(maxResponseTime 300)
|
||||
(bodyContains "Sign in")
|
||||
];
|
||||
}
|
||||
{
|
||||
name = "Nextcloud";
|
||||
url = "https://nextcloud.griffin-mermaid.ts.net/status.php";
|
||||
conditions = [
|
||||
(status 200)
|
||||
(maxResponseTime 300)
|
||||
"[BODY].installed == true"
|
||||
"[BODY].maintenance == false"
|
||||
"[BODY].needsDbUpgrade == false"
|
||||
];
|
||||
}
|
||||
{
|
||||
name = "kms";
|
||||
url = "tcp://kms.kun.is:1688";
|
||||
conditions = [
|
||||
"[CONNECTED] == true"
|
||||
];
|
||||
}
|
||||
{
|
||||
name = "BIND";
|
||||
url = "192.168.30.134";
|
||||
dns = {
|
||||
query-type = "SOA";
|
||||
query-name = "kun.is";
|
||||
};
|
||||
conditions = [
|
||||
"[DNS_RCODE] == NOERROR"
|
||||
];
|
||||
}
|
||||
{
|
||||
name = "Immich";
|
||||
url = "https://immich.griffin-mermaid.ts.net";
|
||||
conditions = [
|
||||
(status 200)
|
||||
(maxResponseTime 300)
|
||||
(bodyContains "To use Immich, you must enable JavaScript or use a JavaScript compatible browser.")
|
||||
];
|
||||
}
|
||||
];
|
||||
in
|
||||
map
|
||||
(endpoint:
|
||||
endpoint
|
||||
// {
|
||||
interval = "5m";
|
||||
alerts = [{type = "email";} {type = "ntfy";}];
|
||||
})
|
||||
serviceEndpoints;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
File diff suppressed because it is too large
Load diff
|
@ -3,7 +3,7 @@ inputs @ {
|
|||
self,
|
||||
...
|
||||
}: {
|
||||
nixosConfigurations = nixpkgs.lib.mapAttrs (_: {
|
||||
nixosConfigurations = nixpkgs.lib.mapAttrs (name: {
|
||||
system,
|
||||
nixosModule,
|
||||
}:
|
||||
|
|
|
@ -1,75 +0,0 @@
|
|||
{
|
||||
lib,
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}: let
|
||||
borgBackupOpts = {
|
||||
options = {
|
||||
paths = lib.mkOption {
|
||||
type = with lib.types; listOf str;
|
||||
};
|
||||
scaleDeployments = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = true;
|
||||
};
|
||||
deploymentName = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
};
|
||||
deploymentNamespace = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
};
|
||||
replicaCount = lib.mkOption {
|
||||
type = lib.types.int;
|
||||
default = 1;
|
||||
};
|
||||
};
|
||||
};
|
||||
in {
|
||||
options.pim.backups = {
|
||||
borgBackups = lib.mkOption {
|
||||
type = with lib.types; attrsOf (submodule borgBackupOpts);
|
||||
default = {};
|
||||
};
|
||||
};
|
||||
|
||||
# TODO: should have some timeout and alerting?
|
||||
config = {
|
||||
services.borgbackup.jobs =
|
||||
lib.mapAttrs (name: c: let
|
||||
preHook = ''
|
||||
${pkgs.k3s}/bin/kubectl scale deployment -n ${c.deploymentNamespace} ${c.deploymentName} --replicas=0
|
||||
|
||||
while [ -n "$(${pkgs.k3s}/bin/kubectl get deployment -n ${c.deploymentNamespace} ${c.deploymentName} -o jsonpath='{.status.replicas}')" ]; do
|
||||
echo "Waiting for replicas to scale down to 0..."
|
||||
sleep 2
|
||||
done
|
||||
'';
|
||||
postHook = "${pkgs.k3s}/bin/kubectl scale deployment -n ${c.deploymentNamespace} ${c.deploymentName} --replicas=${toString c.replicaCount}";
|
||||
in {
|
||||
inherit (c) paths;
|
||||
repo = "ssh://w553a7cb@w553a7cb.repo.borgbase.com/./repo";
|
||||
startAt = "*-*-* 00:00:00";
|
||||
# TODO: low benefit, but we could set borgbase's host keys here as they are published online.
|
||||
environment.BORG_RSH = "ssh -i ${config.sops.secrets."borg/borgbasePrivateKey".path} -o StrictHostKeychecking=no";
|
||||
postHook = lib.mkIf c.scaleDeployments postHook;
|
||||
archiveBaseName = name;
|
||||
|
||||
prune.keep = {
|
||||
within = "7d";
|
||||
weekly = 4;
|
||||
monthly = 6;
|
||||
};
|
||||
|
||||
preHook = lib.mkIf c.scaleDeployments preHook;
|
||||
|
||||
encryption = {
|
||||
passCommand = "cat ${config.sops.secrets."borg/borgPassphrase".path}";
|
||||
mode = "repokey-blake2";
|
||||
};
|
||||
})
|
||||
config.pim.backups.borgBackups;
|
||||
|
||||
systemd.timers = lib.mapAttrs' (name: _c: lib.nameValuePair "borgbackup-job-${name}" {timerConfig.RandomizedDelaySec = "5h";}) config.pim.backups.borgBackups;
|
||||
};
|
||||
}
|
94
nixos/backups.nix
Normal file
94
nixos/backups.nix
Normal file
|
@ -0,0 +1,94 @@
|
|||
{
|
||||
pkgs,
|
||||
lib,
|
||||
config,
|
||||
...
|
||||
}: let
|
||||
cfg = config.pim.backups;
|
||||
|
||||
borgmaticConfig = pkgs.writeTextFile {
|
||||
name = "borgmatic-config.yaml";
|
||||
|
||||
text = lib.generators.toYAML {} {
|
||||
source_directories = ["/mnt/longhorn/persistent/longhorn-backup"];
|
||||
|
||||
repositories = [
|
||||
{
|
||||
path = cfg.repoLocation;
|
||||
label = "nfs";
|
||||
}
|
||||
{
|
||||
path = "ssh://s6969ym3@s6969ym3.repo.borgbase.com/./repo";
|
||||
label = "borgbase";
|
||||
}
|
||||
];
|
||||
|
||||
ssh_command = "${pkgs.openssh}/bin/ssh -i ${config.sops.secrets."borg/borgbasePrivateKey".path} -o StrictHostKeychecking=no";
|
||||
keep_daily = 7;
|
||||
keep_weekly = 4;
|
||||
keep_monthly = 12;
|
||||
keep_yearly = -1;
|
||||
encryption_passcommand = "${pkgs.coreutils}/bin/cat ${config.sops.secrets."borg/borgPassphrase".path}";
|
||||
};
|
||||
};
|
||||
in {
|
||||
options.pim.backups = {
|
||||
enable = lib.mkOption {
|
||||
default = false;
|
||||
type = lib.types.bool;
|
||||
description = ''
|
||||
Whether to enable backups of persistent data on this machine.
|
||||
'';
|
||||
};
|
||||
|
||||
repoLocation = lib.mkOption {
|
||||
default = "/mnt/longhorn/persistent/nfs.borg";
|
||||
type = lib.types.str;
|
||||
description = ''
|
||||
Location of the Borg repository to back up to.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
environment.systemPackages = with pkgs; [borgbackup];
|
||||
# Converted from:
|
||||
# https://github.com/borgmatic-collective/borgmatic/tree/84823dfb912db650936e3492f6ead7e0e0d32a0f/sample/systemd
|
||||
systemd.services.borgmatic = {
|
||||
description = "borgmatic backup";
|
||||
wants = ["network-online.target"];
|
||||
after = ["network-online.target"];
|
||||
unitConfig.ConditionACPower = true;
|
||||
preStart = "${pkgs.coreutils}/bin/sleep 10s";
|
||||
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
Nice = 19;
|
||||
CPUSchedulingPolicy = "batch";
|
||||
IOSchedulingClass = "best-effort";
|
||||
IOSchedulingPriority = 7;
|
||||
IOWeight = 100;
|
||||
Restart = "no";
|
||||
LogRateLimitIntervalSec = 0;
|
||||
Environment = "BORG_PASSPHRASE_FILE=${config.sops.secrets."borg/borgPassphrase".path}";
|
||||
};
|
||||
|
||||
script = "${pkgs.systemd}/bin/systemd-inhibit --who=\"borgmatic\" --what=\"sleep:shutdown\" --why=\"Prevent interrupting scheduled backup\" ${pkgs.borgmatic}/bin/borgmatic --verbosity -2 --syslog-verbosity 1 -c ${borgmaticConfig}";
|
||||
};
|
||||
|
||||
systemd.timers.borgmatic = {
|
||||
description = "Run borgmatic backup";
|
||||
wantedBy = ["timers.target"];
|
||||
timerConfig = {
|
||||
OnCalendar = "*-*-* 3:00:00";
|
||||
Persistent = true;
|
||||
RandomizedDelaySec = "1h";
|
||||
};
|
||||
};
|
||||
|
||||
sops.secrets = {
|
||||
"borg/borgPassphrase" = {};
|
||||
"borg/borgbasePrivateKey" = {};
|
||||
};
|
||||
};
|
||||
}
|
24
nixos/cinnamon.nix
Normal file
24
nixos/cinnamon.nix
Normal file
|
@ -0,0 +1,24 @@
|
|||
{
|
||||
pkgs,
|
||||
config,
|
||||
lib,
|
||||
...
|
||||
}: let
|
||||
cfg = config.pim.cinnamon;
|
||||
in {
|
||||
options.pim.cinnamon.enable = lib.mkEnableOption "cinnamon";
|
||||
config = lib.mkIf cfg.enable {
|
||||
services = {
|
||||
displayManager.defaultSession = "cinnamon";
|
||||
libinput.enable = true;
|
||||
xserver = {
|
||||
desktopManager.cinnamon.enable = true;
|
||||
displayManager.lightdm.enable = true;
|
||||
};
|
||||
};
|
||||
|
||||
environment.cinnamon.excludePackages = [
|
||||
pkgs.gnome-terminal
|
||||
];
|
||||
};
|
||||
}
|
14
nixos/compliance.nix
Normal file
14
nixos/compliance.nix
Normal file
|
@ -0,0 +1,14 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
...
|
||||
}: let
|
||||
cfg = config.pim.compliance;
|
||||
in {
|
||||
options.pim.compliance.enable = lib.mkEnableOption "compliance";
|
||||
config = lib.mkIf cfg.enable {
|
||||
services.clamav = {
|
||||
daemon.enable = true;
|
||||
};
|
||||
};
|
||||
}
|
47
nixos/data-sharing.nix
Normal file
47
nixos/data-sharing.nix
Normal file
|
@ -0,0 +1,47 @@
|
|||
{
|
||||
lib,
|
||||
config,
|
||||
...
|
||||
}: let
|
||||
cfg = config.pim.data-sharing;
|
||||
|
||||
nfsShares = [
|
||||
"/mnt/longhorn/persistent/media"
|
||||
"/mnt/longhorn/persistent/media/books"
|
||||
"/mnt/longhorn/persistent/media/movies"
|
||||
"/mnt/longhorn/persistent/media/music"
|
||||
"/mnt/longhorn/persistent/media/shows"
|
||||
"/mnt/longhorn/persistent/longhorn-backup"
|
||||
];
|
||||
|
||||
nfsExports = lib.strings.concatLines (
|
||||
builtins.map
|
||||
(
|
||||
share: "${share} 192.168.30.0/16(rw,sync,no_subtree_check,no_root_squash) 127.0.0.1/8(rw,sync,no_subtree_check,no_root_squash) 10.0.0.0/8(rw,sync,no_subtree_check,no_root_squash)"
|
||||
)
|
||||
nfsShares
|
||||
);
|
||||
in {
|
||||
options.pim.data-sharing = {
|
||||
enable = lib.mkOption {
|
||||
default = false;
|
||||
type = lib.types.bool;
|
||||
description = ''
|
||||
Configure this server to serve our data using NFS.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
2049 # NFS
|
||||
111 # NFS
|
||||
20048 # NFS
|
||||
];
|
||||
|
||||
services.nfs.server = {
|
||||
enable = true;
|
||||
exports = nfsExports;
|
||||
};
|
||||
};
|
||||
}
|
|
@ -18,12 +18,15 @@
|
|||
./stylix.nix
|
||||
./wireguard.nix
|
||||
./gnome.nix
|
||||
./compliance.nix
|
||||
./cinnamon.nix
|
||||
./ssh.nix
|
||||
./desktop.nix
|
||||
./server.nix
|
||||
./prometheus.nix
|
||||
./kubernetes
|
||||
./backups-ng.nix
|
||||
./data-sharing.nix
|
||||
./backups.nix
|
||||
];
|
||||
|
||||
options = {
|
||||
|
@ -42,6 +45,7 @@
|
|||
|
||||
config = {
|
||||
time.timeZone = "Europe/Amsterdam";
|
||||
hardware.pulseaudio.enable = false;
|
||||
sops.age.keyFile = "/root/.config/sops/age/keys.txt";
|
||||
|
||||
i18n = {
|
||||
|
@ -93,7 +97,6 @@
|
|||
xserver.excludePackages = [pkgs.xterm];
|
||||
printing.drivers = [pkgs.hplip pkgs.gutenprint];
|
||||
tailscale.enable = true;
|
||||
pulseaudio.enable = false;
|
||||
|
||||
pipewire = {
|
||||
alsa.enable = true;
|
||||
|
@ -125,8 +128,6 @@
|
|||
ncdu
|
||||
lshw
|
||||
sops
|
||||
nix-tree
|
||||
fd
|
||||
];
|
||||
};
|
||||
|
||||
|
@ -145,8 +146,7 @@
|
|||
};
|
||||
|
||||
nix = {
|
||||
package = lib.mkDefault pkgs.nixVersions.stable;
|
||||
channel.enable = false;
|
||||
package = pkgs.nixVersions.stable;
|
||||
|
||||
extraOptions = ''
|
||||
experimental-features = nix-command flakes
|
||||
|
@ -170,6 +170,8 @@
|
|||
};
|
||||
|
||||
nixpkgs = {
|
||||
# hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
|
||||
config = {
|
||||
allowUnfreePredicate = pkg:
|
||||
builtins.elem (lib.getName pkg) [
|
||||
|
@ -179,16 +181,11 @@
|
|||
"steam-run"
|
||||
"steam-unwrapped"
|
||||
];
|
||||
|
||||
permittedInsecurePackages = [
|
||||
"electron-33.4.11"
|
||||
];
|
||||
};
|
||||
|
||||
overlays = [
|
||||
inputs.nur.overlays.default
|
||||
(_final: _prev: {
|
||||
inherit (inputs.nixpkgs-oldstable.legacyPackages.x86_64-linux) containerd;
|
||||
inputs.nur.overlay
|
||||
(final: _prev: {
|
||||
unstable = import inputs.nixpkgs-unstable {
|
||||
inherit (pkgs) system;
|
||||
config.allowUnfree = true;
|
||||
|
@ -197,13 +194,9 @@
|
|||
];
|
||||
};
|
||||
|
||||
boot = {
|
||||
kernelPackages = pkgs.linuxKernel.packages.linux_6_14;
|
||||
|
||||
kernel.sysctl = {
|
||||
"net.core.default_qdisc" = "fq";
|
||||
"net.ipv4.tcp_congestion_control" = "bbr";
|
||||
};
|
||||
boot.kernel.sysctl = {
|
||||
"net.core.default_qdisc" = "fq";
|
||||
"net.ipv4.tcp_congestion_control" = "bbr";
|
||||
};
|
||||
|
||||
home-manager = {
|
||||
|
|
|
@ -6,11 +6,6 @@
|
|||
config = lib.mkIf (builtins.elem "desktop" config.deployment.tags) {
|
||||
programs.ssh.startAgent = true;
|
||||
|
||||
hardware.graphics = {
|
||||
enable = true;
|
||||
enable32Bit = true;
|
||||
};
|
||||
|
||||
services = {
|
||||
xserver.enable = true;
|
||||
printing.enable = true;
|
||||
|
|
|
@ -46,6 +46,8 @@ in {
|
|||
config = lib.mkIf cfg.enable {
|
||||
environment.systemPackages = with pkgs; [
|
||||
k3s
|
||||
openiscsi # Required for Longhorn
|
||||
nfs-utils # Required for Longhorn
|
||||
];
|
||||
|
||||
# TODO!!!!!
|
||||
|
@ -119,13 +121,27 @@ in {
|
|||
serverFlags = builtins.concatStringsSep " " serverFlagList;
|
||||
in {
|
||||
enable = true;
|
||||
inherit (cfg) role clusterInit;
|
||||
role = cfg.role;
|
||||
tokenFile = config.sops.secrets."k3s/serverToken".path;
|
||||
extraFlags = lib.mkIf (cfg.role == "server") (lib.mkForce serverFlags);
|
||||
clusterInit = cfg.clusterInit;
|
||||
serverAddr = lib.mkIf (! (cfg.serverAddr == null)) cfg.serverAddr;
|
||||
};
|
||||
|
||||
# Required for Longhorn
|
||||
openiscsi = {
|
||||
enable = true;
|
||||
name = "iqn.2016-04.com.open-iscsi:${config.networking.fqdn}";
|
||||
};
|
||||
};
|
||||
|
||||
# HACK: Symlink binaries to /usr/local/bin such that Longhorn can find them
|
||||
# when they use nsenter.
|
||||
# https://github.com/longhorn/longhorn/issues/2166#issuecomment-1740179416
|
||||
systemd.tmpfiles.rules = [
|
||||
"L+ /usr/local/bin - - - - /run/current-system/sw/bin/"
|
||||
];
|
||||
|
||||
system.activationScripts = {
|
||||
k3s-bootstrap = lib.mkIf (cfg.role == "server") {
|
||||
text = (
|
||||
|
|
|
@ -12,39 +12,42 @@
|
|||
services.prometheus = {
|
||||
enable = true;
|
||||
|
||||
scrapeConfigs = let
|
||||
node = {
|
||||
job_name = "node";
|
||||
static_configs = [
|
||||
{
|
||||
targets = lib.pipe nodes [
|
||||
(lib.filterAttrs (_name: node: node.config.services.prometheus.exporters.node.enable))
|
||||
(lib.attrsets.mapAttrsToList
|
||||
(_name: node: "${node.config.networking.fqdn}:${toString node.config.services.prometheus.exporters.node.port}"))
|
||||
];
|
||||
}
|
||||
scrapeConfigs = (
|
||||
let
|
||||
generated = lib.pipe nodes [
|
||||
(lib.filterAttrs (name: node: node.config.services.prometheus.exporters.node.enable))
|
||||
(lib.attrsets.mapAttrsToList
|
||||
(name: node: {
|
||||
job_name = name;
|
||||
static_configs = [
|
||||
{
|
||||
targets = ["${node.config.networking.fqdn}:${toString node.config.services.prometheus.exporters.node.port}"];
|
||||
}
|
||||
];
|
||||
}))
|
||||
];
|
||||
};
|
||||
|
||||
pikvm = {
|
||||
job_name = "pikvm";
|
||||
metrics_path = "/api/export/prometheus/metrics";
|
||||
scheme = "https";
|
||||
tls_config.insecure_skip_verify = true;
|
||||
pikvm = {
|
||||
job_name = "pikvm";
|
||||
metrics_path = "/api/export/prometheus/metrics";
|
||||
scheme = "https";
|
||||
tls_config.insecure_skip_verify = true;
|
||||
|
||||
# We don't care about security here, it's behind a VPN.
|
||||
basic_auth = {
|
||||
username = "admin";
|
||||
password = "admin";
|
||||
# We don't care about security here, it's behind a VPN.
|
||||
basic_auth = {
|
||||
username = "admin";
|
||||
password = "admin";
|
||||
};
|
||||
|
||||
static_configs = [
|
||||
{
|
||||
targets = ["pikvm.dmz"];
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
static_configs = [
|
||||
{
|
||||
targets = ["pikvm.dmz"];
|
||||
}
|
||||
];
|
||||
};
|
||||
in [node pikvm];
|
||||
in
|
||||
generated ++ [pikvm]
|
||||
);
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
|
|
|
@ -2,7 +2,6 @@
|
|||
lib,
|
||||
config,
|
||||
self,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
options.pim.tailscale.advertiseExitNode = lib.mkOption {
|
||||
|
@ -11,8 +10,6 @@
|
|||
};
|
||||
|
||||
config = lib.mkIf (builtins.elem "server" config.deployment.tags) {
|
||||
environment.systemPackages = [pkgs.unar];
|
||||
|
||||
networking = {
|
||||
firewall.allowedTCPPorts = [config.services.prometheus.exporters.node.port];
|
||||
domain = "dmz";
|
||||
|
@ -55,11 +52,7 @@
|
|||
|
||||
extraUpFlags =
|
||||
[
|
||||
(
|
||||
if builtins.elem "kubernetes" config.deployment.tags
|
||||
then "--accept-dns=false"
|
||||
else "--accept-dns=true"
|
||||
)
|
||||
"--accept-dns=false"
|
||||
"--hostname=${config.networking.hostName}"
|
||||
]
|
||||
++ lib.lists.optional config.pim.tailscale.advertiseExitNode "--advertise-exit-node"
|
||||
|
@ -67,11 +60,8 @@
|
|||
};
|
||||
};
|
||||
|
||||
sops.secrets = {
|
||||
"tailscale/authKey".sopsFile = "${self}/secrets/servers.yaml";
|
||||
"borg/borgPassphrase".sopsFile = "${self}/secrets/servers.yaml";
|
||||
"borg/borgbasePrivateKey".sopsFile = "${self}/secrets/servers.yaml";
|
||||
"gatus/env".sopsFile = "${self}/secrets/servers.yaml";
|
||||
sops.secrets."tailscale/authKey" = {
|
||||
sopsFile = "${self}/secrets/servers.yaml";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -19,11 +19,6 @@ in {
|
|||
enable = true;
|
||||
base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-dark-medium.yaml";
|
||||
|
||||
# targets = {
|
||||
# firefox.profileNames = ["default"];
|
||||
# librewolf.profileNames = ["default"];
|
||||
# };
|
||||
|
||||
cursor = {
|
||||
package = pkgs.bibata-cursors;
|
||||
name = "Bibata-Modern-Classic";
|
||||
|
@ -31,7 +26,10 @@ in {
|
|||
};
|
||||
|
||||
fonts = {
|
||||
monospace.package = pkgs.nerd-fonts.jetbrains-mono;
|
||||
monospace = {
|
||||
package = pkgs.nerdfonts.override {fonts = ["JetBrainsMono"];};
|
||||
name = "JetBrainsMono Nerd Font Mono";
|
||||
};
|
||||
|
||||
sansSerif = {
|
||||
package = pkgs.dejavu_fonts;
|
||||
|
|
|
@ -5,7 +5,6 @@
|
|||
}: let
|
||||
cfg = config.pim.tidal;
|
||||
in {
|
||||
# TODO: this is bad and broken
|
||||
options.pim.tidal.enable = lib.mkEnableOption "tidal";
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
|
|
|
@ -15,16 +15,32 @@ in {
|
|||
wg-quick.interfaces = {
|
||||
home = {
|
||||
privateKeyFile = config.sops.secrets."wireguard/home/privateKey".path;
|
||||
address = ["10.225.191.7/24" "5ee:bad:c0de::7/128"];
|
||||
dns = ["10.225.191.1"];
|
||||
address = ["10.225.191.4/24"];
|
||||
dns = ["192.168.30.131"];
|
||||
autostart = false;
|
||||
mtu = 1412;
|
||||
peers = [
|
||||
{
|
||||
presharedKeyFile = config.sops.secrets."wireguard/home/presharedKey".path;
|
||||
endpoint = "wg.kun.is:51820";
|
||||
publicKey = "1+gTBx8ghAt/BJICtgUKMKu52rufxuM6e46MN2g0Dlc=";
|
||||
allowedIPs = ["0.0.0.0/0" "::/0"];
|
||||
publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg=";
|
||||
allowedIPs = ["0.0.0.0/0"];
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
home-no-pihole = {
|
||||
privateKeyFile = config.sops.secrets."wireguard/home/privateKey".path;
|
||||
address = ["10.225.191.4/24"];
|
||||
dns = ["192.168.10.1"];
|
||||
autostart = false;
|
||||
mtu = 1412;
|
||||
peers = [
|
||||
{
|
||||
presharedKeyFile = config.sops.secrets."wireguard/home/presharedKey".path;
|
||||
endpoint = "wg.kun.is:51820";
|
||||
publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg=";
|
||||
allowedIPs = ["0.0.0.0/0"];
|
||||
}
|
||||
];
|
||||
};
|
||||
|
|
119
packages.nix
119
packages.nix
|
@ -2,129 +2,12 @@
|
|||
nixpkgs,
|
||||
flake-utils,
|
||||
treefmt-nix,
|
||||
nvf,
|
||||
...
|
||||
}:
|
||||
flake-utils.lib.eachDefaultSystem (system: let
|
||||
pkgs = nixpkgs.legacyPackages.${system};
|
||||
treefmtEval = treefmt-nix.lib.evalModule pkgs ./treefmt.nix;
|
||||
treefmtWrapper = treefmtEval.config.build.wrapper;
|
||||
neovimConfigured = nvf.lib.neovimConfiguration {
|
||||
inherit pkgs;
|
||||
modules = [
|
||||
{
|
||||
config.vim = {
|
||||
preventJunkFiles = true;
|
||||
telescope.enable = true;
|
||||
autopairs.nvim-autopairs.enable = true;
|
||||
autocomplete.nvim-cmp.enable = true;
|
||||
snippets.luasnip.enable = true;
|
||||
filetree.neo-tree.enable = true;
|
||||
tabline.nvimBufferline.enable = true;
|
||||
dashboard.alpha.enable = true;
|
||||
notify.nvim-notify.enable = true;
|
||||
projects.project-nvim.enable = true;
|
||||
comments.comment-nvim.enable = true;
|
||||
extraPlugins.vim-sleuth.package = pkgs.vimPlugins.vim-sleuth;
|
||||
|
||||
keymaps = [
|
||||
{
|
||||
key = "<C-e>";
|
||||
mode = ["n"];
|
||||
action = ":Neotree toggle<CR>";
|
||||
silent = true;
|
||||
desc = "Toggle Neotree";
|
||||
}
|
||||
];
|
||||
|
||||
lsp = {
|
||||
enable = true;
|
||||
formatOnSave = true;
|
||||
lightbulb.enable = true;
|
||||
trouble.enable = true;
|
||||
lspSignature.enable = true;
|
||||
otter-nvim.enable = true;
|
||||
};
|
||||
|
||||
languages = {
|
||||
enableFormat = true;
|
||||
enableTreesitter = true;
|
||||
enableExtraDiagnostics = true;
|
||||
nix.enable = true;
|
||||
markdown.enable = true;
|
||||
bash.enable = true;
|
||||
clang.enable = true;
|
||||
css.enable = true;
|
||||
html.enable = true;
|
||||
sql.enable = true;
|
||||
go.enable = true;
|
||||
python.enable = true;
|
||||
|
||||
rust = {
|
||||
enable = true;
|
||||
crates.enable = true;
|
||||
};
|
||||
};
|
||||
|
||||
visuals = {
|
||||
nvim-web-devicons.enable = true;
|
||||
cinnamon-nvim.enable = true;
|
||||
fidget-nvim.enable = true;
|
||||
highlight-undo.enable = true;
|
||||
cellular-automaton.enable = true;
|
||||
};
|
||||
|
||||
statusline.lualine = {
|
||||
enable = true;
|
||||
theme = "gruvbox";
|
||||
};
|
||||
|
||||
theme = {
|
||||
enable = true;
|
||||
name = "gruvbox";
|
||||
style = "dark";
|
||||
transparent = false;
|
||||
};
|
||||
|
||||
binds = {
|
||||
whichKey.enable = true;
|
||||
cheatsheet.enable = true;
|
||||
};
|
||||
|
||||
git = {
|
||||
enable = true;
|
||||
gitsigns.enable = true;
|
||||
};
|
||||
|
||||
utility = {
|
||||
surround.enable = true;
|
||||
diffview-nvim.enable = true;
|
||||
|
||||
motion = {
|
||||
hop.enable = true;
|
||||
leap.enable = true;
|
||||
};
|
||||
};
|
||||
|
||||
terminal.toggleterm = {
|
||||
enable = true;
|
||||
lazygit.enable = true;
|
||||
};
|
||||
|
||||
ui = {
|
||||
borders.enable = true;
|
||||
noice.enable = true;
|
||||
colorizer.enable = true;
|
||||
smartcolumn.enable = true;
|
||||
fastaction.enable = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
in {
|
||||
packages = {
|
||||
formatter = treefmtWrapper;
|
||||
inherit (neovimConfigured) neovim;
|
||||
};
|
||||
packages.formatter = treefmtWrapper;
|
||||
})
|
||||
|
|
|
@ -1,19 +0,0 @@
|
|||
wireguard:
|
||||
home:
|
||||
presharedKey: ENC[AES256_GCM,data:ayLbDjTDMnLNr5v7hDVtV2iCQ4/VMXk6qWpp2CjJI+NCIMxUOb2Ozd+6hMs=,iv:jkfYVgJebkbRFXfUMefn6A1+rkQW/md13rpoaJKCdik=,tag:itsm94ieGagpoiPqfyNGcQ==,type:str]
|
||||
privateKey: ENC[AES256_GCM,data:DkVLF6YZsNYEMS7pKK5BWPxgcar2Bv8U/Nk9Wssktbfvt60vqa4YBCnO314=,iv:PZ6adaCeEXhodO2k5O2E1GRLLajyE3aMzUtWYPfsDZM=,tag:d4EMsDlPiOvTHOMIktVV5A==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age1w99m9klvc7m5qtmtmu3l0jx8ksdzp5c4p9rkvh5fdullfc6afemqv5py2q
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoWEc5K3p3QytpZ1pxeEJy
|
||||
TUtENXdnT3ZJUGNXaHo0ZktwK21OMVJmNzA4CjdlMUtWY2hBc3U1UVZQZEllK2xC
|
||||
NGZSK2VyQVdBRmZYejBWM0FIeFE5K2MKLS0tIEQ3MHhOcW92dlo4NUdBdFlKdEM0
|
||||
N1Rab3RNZ00vd0xPOVBYRHphaldWU1EKNKnKPWO1l8NwWXG2e15Y3td9I0rN9Wwn
|
||||
QdoeVf2+cPJOO5g9stZpl2DBF3QxJojt+dQhwjuEbP9nQtlVQPAlMQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-07-02T19:43:11Z"
|
||||
mac: ENC[AES256_GCM,data:GtaZa2Ce0rr6c5rB+u2q8R8y0zDfNRbFesEnbSaQlxGjXF/6tzEfARbMhVjpjrUn7HCvNK3dbtm5QtCOFqtjyUkbS5NoelH9fdNj1SqzITuhLynxwldfkWpo0TpDf0MA3OjzxPhQz9FiIN58d94wCEhS4ma3yyPq0kvNmYopQN0=,iv:nmtkdSnSwKGNlantq6aWBQMySpkRMJ+cxdEji46DL5I=,tag:Ix0EnzWJXZzyNR4FQx5Rag==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.10.2
|
|
@ -1,3 +1,4 @@
|
|||
sunshine_credentials: ENC[AES256_GCM,data:P1sttD3H65DQje+Cs5CVLqvhtXWtoBgu/TBZ3WFIWqErRKtKa31V2lLrgixrty4TVM5qq06zE5z3lQ78ZAHLNh80jMPvoAcCqTXXoWwIYwdHJT0iG09f0ZfpiVTZU4MuCn0uuaJ6873AYe60siZW8uFntu3v230izoAqY9Ex+BzIOOliuqrnIRzdw06TCrrBTJUr,iv:WZqkSZOsiCWx7VPuTDA1Js1DcHZLK9YLDxTQ2nVlFQ8=,tag:iJ6bSofnPWWm7B+VPm+MyQ==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
|
40
secrets/jefke/colmena.yaml
Normal file
40
secrets/jefke/colmena.yaml
Normal file
|
@ -0,0 +1,40 @@
|
|||
sops_nix_keys:
|
||||
root: ENC[AES256_GCM,data:BvaIcGQhrYyq+2OA4r1n8Jg5NS6RZXFarzcOGAlRMpYZSJkP3x4difJgorSGEqufRxKtm2aboLWmyTSso1EXxcICb0B+RRLXIJc=,iv:eLPkpCnS7qr8/nu/xKU1qPx9BIMrWUNtqbeDeeNohJw=,tag:4EljW04w9qM4xx2xHzVzxA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age189laethzry4ylnd790dmpuc4xjjuwqxruc76caj3ceqhqug4g9qs0upuvw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIenFvSVdyZ3kxSXMwdnha
|
||||
MTNyT2RUTTh3OHkrSFpzYkhmSW81aEx6MURJClpoQVNWTXI3d0F0aEgwSjJJZTVK
|
||||
aEZFSFJ1OXRsUjVvM0dWZFlwcEYyYlEKLS0tIEgyUHU5RkdldUUrNnhZTHFQaG0w
|
||||
TkFXcGNURFo0d1U1UXZ5a2pwMHRtMmsKODDUjZ+PdbmTMYKfmHNqG2t7FG6ItdRA
|
||||
A+usHM6Y/fwwN1j4+Uszcy69874XhVMOFXkcODmf/12RRpHNuI2W/g==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1w99m9klvc7m5qtmtmu3l0jx8ksdzp5c4p9rkvh5fdullfc6afemqv5py2q
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOSjY1WXMwcHhmY0xFMVFx
|
||||
WFhiUmN1VGh1NGIyQ0ViRDh1ME1nVStTYVJzCm1wMHhHcWhNdXlENGlNVnJnbmND
|
||||
MlB4T3NvRDJhRzFTU28wUDdKY3c5NkUKLS0tIHh6VUxqRUxWYlZ4eWtQby9DRVZp
|
||||
UjdxZGF6dEIzQXR0eGNiQUh4bjZjSVkKZfMdF9BuvVQQbKloZ57WJXYzpUFfwB/5
|
||||
Hsdr5DySNaObp/gkddAIB6y79ogx/pl8jV58/ptYKEVk4rq+ga5NJg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age159whjxeyw94xmkkephmtlur8e85xd9d5vnvkwkcayfv7el0neqfq863yga
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYMHRrejBrcU55bHAvd0tL
|
||||
ajNkT0N3SmcyaVZEbXB5ZXpRbHk5cVF2Y0N3CitBa2x5N1FRNDg2SzlJKzhjeXBF
|
||||
SXh3cWxiZnlINmtnY2hrb2lVOG5LSEkKLS0tIGhEREZnWHRnSUF5bjlmNHB1ZDZt
|
||||
SW1jaG02MEZzTVV6OHQrWDNkcG1Oc3MK63Z6TyYvNus/+25GaSVDCNFajfdKDCtb
|
||||
zgMKIpx9BsJH1NHfx711MwQVD1r5Vx0Tuwg7j6A6UdGOf2GdIhNiaA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-12-01T14:09:02Z"
|
||||
mac: ENC[AES256_GCM,data:gO7uviWsVA28EmhJuc7M8/lrRdZPfsXsyCWHJEt6m5EofIk96Il0GAbcI5VNmbIPCjt5Ihlm6MFp7MHo0+6AnOseW53wgZy4jMdQ9JmdgL6Mw8kuqrxublOZD56TqmRDYdMZo5IYxgBZcRFQm7UfjEgAjp4cradcAv/vhbQNN7k=,iv:hcCJLD8zdLPQ2qcvknsJ7eENcjR0RNZbI9iIAqaMFZ0=,tag:AYROyHfhcE0dqfIMVkFM3w==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.1
|
|
@ -9,71 +9,67 @@ k3s:
|
|||
peerCAKey: ENC[AES256_GCM,data:guzHtQx+rn778FE3omR7h5VrFvMcR1pVeIRT19b6i1ZyfR1YLAEyzZU/gAiokb3XDNF+UcR2D0zR7ra9k7WcNtyHlskU7vctT2iURssexMS9XbbS3nlklx0utsqO1KKeuLI+bU+/cuf4zAYxoSKpO8NcqBhfTRlNu53IBF+mHZtSQ5BbWlOjvHiBXMxRMNiTRvzC0XlkSFOF7ERslWPkOWDkIuKv6Jd+LuQ3tnxIpjp4g9HSsmLlARf9IdVp9qpeZMXrnjfyLmbNABVYPL6XJHyMudYtzG+tpwW08Q6qKZy2KEw=,iv:tnGOwMyDQOXzguTh4pBJumpaV5ObgAT50qtPIu5u9O4=,tag:agUs9H7i7Mm5rAFj3eligw==,type:str]
|
||||
serverCAKey: ENC[AES256_GCM,data:S79OqkFK+z7+YecsH8Mdlel8+T50rhBnixfB9047uCZIIZ6LsxknGs1wkCAFPnymUVEzIIGW3lCog9xIvIWJSfV4wh2TMOetPGj95OBV0zQy4vdMhHHt2OV5+R6e262n0FwaQkn+kndPlVvnlPnFbkiQys0vO8GashWWddyBGQf6P/5TvYuJtz+qjW1FsrtjDTu77Vn85y7bYRENQ1o6sZxevftTHnEjSmvWHgcYey0TytkIYZpMHm1G1Up3+HtgiFAFDy1VtSv913El5W4EfLeRhV3B51ktG+SR0bxfMv/P+qU=,iv:UkWTAXYiaRqptN4PyCfMDot20Ln+/QkPIBSGabJSj+c=,tag:I056m8hcwNyOkoxsNRjYXw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1unkshctcpucc298kmw9a0qzvtjzgdnjytrxr5p750dv0z95feymqpn68qf
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBNUQwMFR5cTQ2UmFkQUdp
|
||||
WEZGNHZnMWlLRVBhdEdzeERMc0JQL25ORzFRCnZqQTFiak9UTTlyVnZrOTVFbDJv
|
||||
VUdCUXcwazhZelB6VDRCRWd1KzhjT1UKLS0tIEpyeGNHcjRNQWVBYS9YNzVEY3Vr
|
||||
S1JMakx0VURKMFcyMXdheVhJeVJ3WG8KTRcEpMxIXVlVmh2u1+GIEWWPgR4ETK3W
|
||||
t0ISYfu/7+SsVtkWDSydWlrXLjn6yiWG3qXBI7xVLszO56a6/dRklw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2anAraGp2YlNWZnNENWMw
|
||||
WVFqMW4zQUl6UWNRK0lSVnNZMVl0SjJGdFJFCndyVnQwejFFWUxTQ0pmRnNDbUJK
|
||||
VjM1ajl5cHhHN1A1cjdhdFhtcnVEcWMKLS0tIHNUQWx2endUUFNMUENUNjhvdDZl
|
||||
Qk9yY0N5N05UZG4rcG5iS3NkR2hVaVUKxRS9Mf17cG8WyDdCLwpqPiMObbKCTz/4
|
||||
iejyULwJNOBcl3Tvzgc9FANNZpC4UrO51HTCzQvmw9tBboVkEkLA0Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1upnqu4rpxppdw9zmqu8x3rnaqq2r6m82y25zvry5cec63vjsd9gqtl9e02
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYL2xkV2FhTUp2ekFSOHpW
|
||||
QnF6Y0xoRXFqd2R2Q1ZNYTE5Y1ptYTVHZG1zCjhwQk5pMXZDWVlVZitUSExvb3Vj
|
||||
VEw3dVUxbmFJN1NrYU83bzhmL3UyZDQKLS0tIDQ4MUdQb2Y1Q2l6UHpXdWNFUUJs
|
||||
WG5qdkVNWHBSN2lZd1UxY3o0NWdSYW8KtGdyCOGNnCsuDW+H2E6HBxwGUh6ZjkY2
|
||||
Kc2W8kzxfsRLLzll2n61G2dG0Rg/oRwj2CKJR3PfCsrmK4RAdy2ogQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpY1lJQ3BKSFhia0RUZFdV
|
||||
dldKbmoxN1pwY2Z4V1VXNlY3cWE4cnJOYm5BCkNMc3hZbzF3RHlUMmdSRndMWDBy
|
||||
eUFjOCtMaXZQY2R6N2RsRDNDNDhOZkkKLS0tIFVSRzFySG00VktGa1ZmYkx6Um1W
|
||||
V25mbkcxQjhqb1cxa0hkTWlFNkVsS2sKbP1bqNh0DRiZtK3fXaZ4J1d2b+nYwFqQ
|
||||
knwond7pkN9YBRsU4/HHtFCp1XPxRiNQCXXfzWy0X365VzON32huqQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age108fn93z2c55g9dm9cv5v4w47pykf3khz7e3dmnpv5dhchwnaau0qs20stq
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvTzIxSXJjRFExS1JocFNt
|
||||
cm5TVWdYS2RsR3FVOWtyblJvOTgxSUlGdnpjClhhM2poSHZrK1QyMENqaTgrdlo4
|
||||
bmw0ODlJWnByclZEZ3pmTE91QXRmcXMKLS0tIFJFbXJoZkM2Y2d1SERJeDFoVitm
|
||||
Z3JySC9zRGl0MUQwZXdVajkwamxHVXMKoxxZjUpYyG3XqHNmDXv3SwMqdST74gK7
|
||||
KvdWf65QRCX1M0bgg+5CKmd69fS6KkBqUvy/i/jNO57QHuGIL4/4Dg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age15qrzsk9t7uyuuy7m0xt3qzk3cmcsegt5wfe5zew4d8najwjnm30sfjc3pk
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxS3d1YzVyRmZ1N042Vllw
|
||||
VmFxUzBEeS9lTHoxSUpFVlRzWUxuaS9DRW1ZCmpCMEVxbGpvL2hueW16UlJuR0xw
|
||||
MEF2RExSYWdIUDFtV3dBVnVsWGZ6VWcKLS0tIDNNV1V1UGVMNEc2SUtXMkZtQzcx
|
||||
dURxSVdiMWdEOVpldUloRmhzUFVXeWMKaaOOD9i6HrhvqPICJRqSR454zFr0NAgP
|
||||
5eYj00O9TVZwVzmjxd/tqecLKVDKeCelyHjKerQvAUy1TPVhRCxqCQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLL0xwbXNENzQ2N1BIZGZC
|
||||
YzhMdFdyREpMQlRHaTZmRTllUnhEUm1lcm40Cmc3MzRheDYrQjgvaWVaZE1tNUp5
|
||||
RTFZbXltV05lRDNBdVJ3VFEyeFlxQTgKLS0tIEx1ZG1IMHF5a25LZGlzWjNrZTJ1
|
||||
c3VCWjRmKytyVzE1SzBlMXQvblptNmsKNnl6VQIBn2Gfkrlatf23kOMWW+1Ej2wv
|
||||
O9Q8twttjPoTPx/9pWHOCNHmbnkabwi94lRujbXgIAQXUAL00n3M7Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age189laethzry4ylnd790dmpuc4xjjuwqxruc76caj3ceqhqug4g9qs0upuvw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUTFlUSG0yNkZRRDlZMTZz
|
||||
WUVTNEJTZkcwbURWY1NMcktNZDhHMFhyWlVNCnY2OEpzamxzNGR2OEY0a0NKRkQ0
|
||||
NmgySjJIWUIxeGpRbUQ3c0JvcU5CSGMKLS0tIGZBcEl6dVRBNFh2c05QeW1ROWhl
|
||||
MWdUS3lmREJGMFI3bUZzSzlsZ1loNjQKET1S0K1Rq8VeK1DfD0CFUI7Mewp+dDVQ
|
||||
+TzooK5oDHD3RsUqN1zDILxH7Iz/+IZps/HigdpBVtEU6jmxANtCVA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPTGdrWlE2SER5OUNjQWEw
|
||||
MUdEZ3VJbCtwTytZU3ZWM3lNclJBUXhBdm5VCmRpQXNxVVV1cGxlMUJNa1lEcUdx
|
||||
Qkt4clg1cVpOV0FhdEd6aEQ2ZkdlUTgKLS0tIGl3YWxjRlM0MHFncm5wdlpSeEdj
|
||||
TkRSZmJyQmg2QnpYanZLVFRlWnowY3MKvM9kUm/F0vtQcwdnIKff3HWUtGbR2vmH
|
||||
eOKnbOE5WMAWIi8oSR/uBMzE9lK2kyisby19XZUf5JcG4wS4YRlC1Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1w99m9klvc7m5qtmtmu3l0jx8ksdzp5c4p9rkvh5fdullfc6afemqv5py2q
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0OWxRVGdqYnc4YXF2UGI2
|
||||
cERlbFJlUkloSkI1RFZuTlZyZnVVRmJCWDFzCnBqNDR5NWo4bGFGQ3Y1WkNTSFlh
|
||||
WWU3dmZOVE4xcGpmZk1wSGxYVHYyNk0KLS0tIFAzaFI1T1djMDBCS0p5SE5UR1dK
|
||||
eVZweUhBOXVoN21QQzNvbWFDU0VpTEkKpvI0Fy+ybDcasrT/IvIecMnr8kTKTFmV
|
||||
+RC9+6+oSHCHScl3nVloA8ewAO3U4ChTvNKiHy0QAr5iT4BNtklxxQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCZDhSMEw3RVcyQ2NmZkpD
|
||||
bVp6SFpMckZmNGdoeCtzQVo0VDFEWkZ0dVUwClA2WVd5NG90MkVRZEUyeW9JaW1r
|
||||
YVpJbEpDV0VCREFVMy9taFJBODlGWkUKLS0tIHN0eCtrNUM2K3VTaHNMWTRXUFA4
|
||||
WEhTSHNtdE9qSVJVay93R2ZxeXI5SEkK7ZjIfQevnd1yyz8Ra9kBJb2DvlajgNEn
|
||||
88JXgtSrxtiVfrCFUKEIsEV6v/fT7BECOGCYaoxskwgLgCZ9mL6sTA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age159whjxeyw94xmkkephmtlur8e85xd9d5vnvkwkcayfv7el0neqfq863yga
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2SURHU2laa3k0TXhlMkZq
|
||||
eXZOVWRxWVdsc0FKWFRUbUhmZDh2QVkxMVhzCklvTU5ReTA5MGNLcUsvTUlCWE90
|
||||
S3l6dDJ5ajhSY0RGRnFCTldkeFhKOVEKLS0tIG9lUzJxRFNKUTRTcnd3cTlUbnNC
|
||||
aFRKNlRXZTZEWllHeWNlTEJ3NUNXc00KHDPf+CN63UqMslALi8g5bjryE8TtTF5f
|
||||
XPjlIt0jUm1EDIyFWTjeHwgmRaC6VBfO1qCNiELEUVWOHrpycqGQBg==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyR2xBS291Q1lHc3UrT293
|
||||
TlUvVnRxcUFHT01iNWJ5NFJtcVYyd3dLVFdnCjVqQlVLVzBEMlRFbjdDZkV2VWJa
|
||||
c1RyKzh0S25VTk1wQ04xdEFCOHVySkEKLS0tIHkxMXJUbWxZNDU2VmFuRVpobUpF
|
||||
djd1d01oTzh3WGNVaml1RWJ6alllQ3MKfiUTGCuQ0+6CbkRPFAKnIh2icOScNSVq
|
||||
qbhQZVbF1zkTAACtJYRsw9LYhjK0QlT52fcLVuyWL9GRI5ZL6n3GRg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-12-01T11:24:36Z"
|
||||
mac: ENC[AES256_GCM,data:aQQPjSLHgvBPU0eZA95qFoRsklw3Jaj2N42DpKSheDoSJ5SwWV1GK0IJqkis71eBpMG9Mjn2wWj/1IdU1upRqfZU5dwNPdVXFb2+qPZyTkz1jhvBVTRGUNedd/L3t2a2nsaj5frZyzUPBELMs7n335pB9I36e+xOgTmA8OW3XAE=,iv:UI82ZmzcXtjO9fv2bSBZVVzNs7uvlopyxKXW+wBmNf8=,tag:HySaRX4Ihpnx+a8lASHicw==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.1
|
||||
|
|
|
@ -1,35 +0,0 @@
|
|||
sops_nix_keys:
|
||||
root: ENC[AES256_GCM,data:+V4RZsyfGlaZokQ0LFxfbUuWuNnOGxdAkxerIgA+fnwdsz+3msXWPwAVcCsGM5PLRSGtJ5NhDPT2J7yVmB6RxVqaVHBsxHp5kPs=,iv:ooHX2MQfddREDyWanVtkBzJhf78s9gb6P73Qgn+db7M=,tag:+Ky7upH2Lph9IcnjAiSbJQ==,type:str]
|
||||
sops:
|
||||
age:
|
||||
- recipient: age189laethzry4ylnd790dmpuc4xjjuwqxruc76caj3ceqhqug4g9qs0upuvw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByc3JPZmlzeUFqU252bXAw
|
||||
UFhEWk53V1VLVE5PMC9EeHlhZkdZcHhRbVJZClFObnhYVDBxS21HWWNoUWxrdXVj
|
||||
RGY4T0djdmVSMXdrdG1iWTlDVTRkTDQKLS0tIFRNVTdJYmZjMkNLdUoyWXZFZkNn
|
||||
ckdSTUdyWUtacDVMc3FPMTFQbGpSa0kKlo3KBNj4OIn4BepD7PTebBQVBjR+agxv
|
||||
h0SE/t+0TTYcVe6Aq6l1w/IDFumpSmoNMYOyzkA4ABbqQy0WHkNfOA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1w99m9klvc7m5qtmtmu3l0jx8ksdzp5c4p9rkvh5fdullfc6afemqv5py2q
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVRE1OWUN5OTg4TTJaY0dy
|
||||
eXJTVmpuTWVEQ2tGb1RKMlU5ZGlRMXo2enh3CnpTdTkyVG1wcGt6bkhoM3YwdTZG
|
||||
K1llQVM4ajZXT1ZMU2dPSUI1NEQ2Tk0KLS0tIC83aVZQZFNsa3VnT2FlbGEya1Ir
|
||||
WmJGeEh4QUg4bDk5U3dRNG1VaUthVjAKNiD5srj8mCy9QO4PwjdKR/Y4qyie04dQ
|
||||
NOSpfDnVNKUF65oR4xr4B6eyQahctFt4yrk4IoYQBlG4N0zqE1bu2w==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age159whjxeyw94xmkkephmtlur8e85xd9d5vnvkwkcayfv7el0neqfq863yga
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2VFB6WDcwOVhqZWs5RDJ6
|
||||
L0J4TXY2bWZDTmEwL3d1bGZLdzVuQi96Nm1BClc3WlBENkhwTW9PT1J1MHdtZ3pz
|
||||
a2s2S3ZLS204MGZ2Tms1TGpPYnFOK0kKLS0tIFhFWFJDblBWQngwMTZDbWlIdGhJ
|
||||
OFIwVUxQTlFsSldFRG5qdkJ3NWxEUGsKzUNf6dUX8CA6sD2P0blrvAyso4dnDcwi
|
||||
4mE7veq3arjyd0qcvoNIifs8omM4jgE97zjQfY1AOTEgAlFykgqhzA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-07-05T14:18:20Z"
|
||||
mac: ENC[AES256_GCM,data:5K+tBj8JFF2wY1bdzOc8nYThH39sYAmDGp/8gylINV6s87ROUy4XPdQhRGkd5y5BknGfIh8XnxrUmRvsf9t1FYSJwgPed0V/nU+Bl8cnMlzN87V5qgjbRKV8Aqd7fKm9SJKejdx3S7WoT2VLg6avc8PSOlqSaBVBjLp3F816XiA=,iv:GBLL+7MhfiGo4Alt6ffwlud4+ugeHAH8Yq5wXW9Book=,tag:xrQwBHTKMtWtycV279zxDg==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.10.2
|
|
@ -1,85 +1,76 @@
|
|||
tailscale:
|
||||
authKey: ENC[AES256_GCM,data:3eXxQBY6AVqU4R1NlsyhGCfXW5wL58ODRH/f+zo5YFRad/ys1vB9JeKagq0SJSj/w4zxRAEpCf1o47Ypww==,iv:QklyIFuXlbH6cM/I0gqDH/Xeay9gqxqeyulQ7W/dbig=,tag:E/3UqtsfSVOi6otSlReO0Q==,type:str]
|
||||
borg:
|
||||
borgPassphrase: ENC[AES256_GCM,data:UWA2sBLPi63MRVOPTYPWYLujF2M=,iv:FQq/IsZK7LWo30gZc7oT2E9feCLn7Oeg6wDGuezkhu8=,tag:fWYaZUwJrM8x6cemXzz6xg==,type:str]
|
||||
borgbasePrivateKey: ENC[AES256_GCM,data:O7eIY1yvbnBTS96tt5a8vcOEOzit4tEbIHmxnSbNsowC7YNk2g6MShQ6ll86GDiunLY33/Px0bqq9+4z/dk4N3FWQ1v5KQjr/gh+CS8VpIrv9zLv+Ru9UzeWQusbYxqnCu/IAQ1aB8UGV2LSCesQ0r/B6XEe51Phi65uWkbUYa/8voSiws3T3hnNrUDqiHdzfBgWZIQszz7zD92Q+aXu/kGNSxVKbXjWVfqBiyDEtuLEWoC1eENeEs41Ov5YT0Lm6+CUWadPqEwkDSvZWnBhoPwPLTZ/+ftZ/nizXUujsTdRwjcbOwJER+ObhgWDxbJE2WifxFOmHt3ggfSmAN842u5PjfT5gqpXMlTdCwYAYEJvDMqGsADe4p7+vPWJbetaahFrFGN8uBw7rs7W2wIiUKB5bAbAG0o6hdTpWfysuzMOFK/fROvCJsNhhKbbdiQbI0+SogtCkwv69+3uaRTFi33uqKCO6PQ6rMIahjo1lutm9iWq2nX4oI40W1KPC6EU/wF2,iv:rzkjjSnyrs58ZEO8XLsCSFsPHbtnL39SF6NJ6lUg3Ww=,tag:q0sunVc+9bLFoSdeykuT6g==,type:str]
|
||||
gatus:
|
||||
env: ENC[AES256_GCM,data:HKZFD9yKUxUl42ucUvV/i6gzzIkQ9zlUQ1p06ImRwW0T/DIOHp6G2QHlWr60Q5Xc9HWfVCSNby5Su5DLAso3pX/a+b4CoG7q4pRhekVNQwcDYVWzfek33onDLtAhL/AUVLfT1m3LXFR1xBJc87lbP/KWG4IEYI5+ZVgQXKC47HVADXE=,iv:EbiHksIFeG6j90fdAACnD5ukalI58So5DV9ztytR5p8=,tag:OLDa4NOpYs+UWLMlndEqow==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1th8rdw4fs3vmgy9gzc0k9xy88tddjj4vasepckfx9h4nlzsg3q3q4cjgwu
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnazB6cTFiNHVrWXBuQjk2
|
||||
NmYxT0FldVE5Qk8rMkRrdHlFeUFPYlJKUkNRCmpGMVpyVmgrVDZ5R0pZQVNraFht
|
||||
enRUSU81eG5ZOGQ5TVVKUkp0NGs4cWcKLS0tIDBJczllVVRJQ3UyVEs2UlRyalJa
|
||||
RTZKdTU4QjNxWFpYYzBmZ2o4QWhuY1UKR2L8Og8LIXlAyiseRbexCn2S67y549Lx
|
||||
Fi78+c5Kn+FDep6GDpaO/cGzFyJ1cG3OX3nT9KdRiGiNg54dOH31DQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBielJoNjNXQW9SRDY1dE9y
|
||||
akw5M2hTSkgvbWJxaGZqZnNsdGVhVWFlRnkwCmN6bDRYclJNY2d5NVJvcllCdjhu
|
||||
UkJxMDRyMmFMc3hQVUp3Q2RKRDJaN3cKLS0tIHlFV21zZ3RNYW10UTQ0SmdBbVpG
|
||||
TFI2eVorL3BCYUZpcGNCU21mcHpBNXMK0JBvnhT2fNNWfLcXFYbelee5OlkCrRyv
|
||||
ZHKawtyH60g1nUB+AQqneUJhiYH0UJ40Ttz06rVyzOYUCV8M6tghsQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1unkshctcpucc298kmw9a0qzvtjzgdnjytrxr5p750dv0z95feymqpn68qf
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5U0IvTnJwUEdqM0tXV3h4
|
||||
WllxZHBEblNoMmRub1FCaldJTlgwMDBUYVhrCm1iSmVFK2NTU2tjazdwdnIxT2xT
|
||||
ZWJ0cm9qZURrUnZaWnJVRkIvZ3pJbFkKLS0tIEFsbDJaT3piUENuVHJPNkFuSVhO
|
||||
VDFQcnBiMjNyQUFjdTJGZk92R1cydTQKlodgshGR87gz+qhrBFzmFZ2iKy4yPVWk
|
||||
1YYfPkN6PvJr3JZ2grcVLbjFF+/gQnIGcSrluv8WikvBb3TqVuDGyg==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyc29QQ1FoT1RIbE9neG56
|
||||
T1MrQzdHWEFORnF3ZlRBMUVvdVRtWjRxYUFzCjd5aDBISHlVdUFSQ3dySmFRZ284
|
||||
SHNjdjlBeVFjbW5kSmVKM2doTHczS2cKLS0tIDkrOVpHUVIwSUl4Zno3cENoTDJu
|
||||
V3krQU1VUjFaY0pFbVJkQ0E2STF1N00KrqqxZo8CzJLwiE/uibJMA6V/g4vlRFhB
|
||||
mj/lWkEAek7MhncNKFPgoNON+5rU1bqmEHufhpLaBV8NYEWMTM5/XQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1upnqu4rpxppdw9zmqu8x3rnaqq2r6m82y25zvry5cec63vjsd9gqtl9e02
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0VjZzME9VMFlLR0Z3L2VH
|
||||
amFncUlka3BVbEdVSlB0S09seGZWd0lpblJvCmFJcmJZM0RUL0xkR0psSEp2U1dz
|
||||
eEYvenl6NEZyb0FnK0Z3SFhNK1BhazQKLS0tIDU3djVua256ak5JdDFKbGlQbXVk
|
||||
Z0FybjFQakJPQmtLM3djRElpYnlPK0kKl48acrM96svviQh3wGNFW1cTnX9l/8L2
|
||||
IzHpGGg47lEsEaefm1wQuR89AzToWECLKgz3uFrl1vtXFzmQ/qGJag==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByZVJCblJHZGo3bFA3NitQ
|
||||
OXMvakVVOUdISUlCYW9SL0xIZEluUzZENEVNCmNqMGg0azVac3pRVW9obzVOUEpz
|
||||
RFZTYnhIU0E3c2h5aS9mL3NvK1lGMkkKLS0tIGdZOUlhbjMxTUcrdHN0VTFqK0lj
|
||||
bzFiakFNNUE4RllrdkR4WW4rN1hJTE0KnIrPDg9U2eXrQU20hpFBULFv4AQZn18J
|
||||
TGrgn5CzRHEjWrDBxQfN5u0tNu/07KJN5xRvd3MroH1KVe2Z0pQn4g==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age108fn93z2c55g9dm9cv5v4w47pykf3khz7e3dmnpv5dhchwnaau0qs20stq
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWbXgveXJxc1BlYXlxRjNQ
|
||||
aXEyUVRvS3ZqTTNXVmdtaytsT2Y0YWgwR3hFCkZpd1VGQ1NVVC9FaVNOc2c4K2ZX
|
||||
aWVjd2FXU1BzS3MyWVorRzJJRnRpWG8KLS0tIDNsZjhwOXZhTjN1c1Z2SXV2Q0Ey
|
||||
MzFCRFFLR1dqVUlMOEJhdVNoR2hZaHcKY6bNAv9EnGQg83wC0cvm3Sd+WXCGb1bW
|
||||
WSGMbrEWULo1kTbtzal9LbM3uiEytp1Ei7WDtEy9knfhuV+RggwVyg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age15qrzsk9t7uyuuy7m0xt3qzk3cmcsegt5wfe5zew4d8najwjnm30sfjc3pk
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxQWlhclFKRTgvdmU5aWwr
|
||||
VlhxVGk3cmkrTGo0RjlXSVlPZ3ZJMVhIa1U4Ci9MT3ZQZUNVZ0VuZ0t3eFZRVkN0
|
||||
bUEwQThSSmJ0OUhRc1F0RVZ6aHcwODAKLS0tIHgrM3NxaWhpaHA5QVlYL014aWlB
|
||||
dlNQS3UwdEVQVEV1TGE4ai9RU0xzaHMKA0NpL+bikvjJFd4UJOOqaRINXVX64uZA
|
||||
3cOqv0PbUfsp2ON3Nm8SX5g74hraDaKGRtTA2XWJBHfXv0C+WDbbiA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiS2lpSWQ4R3U4QVhRcU8y
|
||||
OXVKcVNWTzJ1L3k1a2lIUE1FeE50VzcwOXlnCm1na1JiSmVPUHlVVFdGVzkwZzNB
|
||||
b3ZlN2R5NExBeU9YZlhBRHY5VThrb1kKLS0tIC93bEFLdWxZaDRpanJDV3V5VXVM
|
||||
ZGExZXl1ZWtTMExLalhMUlJqWk01MUkKhCweI+hyY3qCf+XA5XP/QiMG57LQ98/i
|
||||
msKrrNp6yX5FX32n0mPiVehb/6xY2/mTAtGtIt17MxdMY6QwXjQmEg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age189laethzry4ylnd790dmpuc4xjjuwqxruc76caj3ceqhqug4g9qs0upuvw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArTklFei8xcUYyKys3WFN4
|
||||
UXlubmpWdC9WdUlOVm9nTlVGdUdTaE12SXlBCkZkNVN4aGUxTkJNb1dxLzVMczE1
|
||||
ZzdjdWR0SE10Qkx2eXJ3TFltV1pRb0EKLS0tIHJNNmZhV3BCQUtoRjFNM2lLRlh1
|
||||
VTA1K0luREtnMU9kSVUrMTBLNEo2WlkK23HeYnA/NIsdXqhqTQIOGSNGmWcgp8KV
|
||||
yXdyozkRxnBm0xFgGJ+qjCDlOIIBQbgzT66SX+arGEY3g8UGDFEsrA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyU1Nnc2taYWIyVVhEZXVE
|
||||
MTJLSjhNcG13S2Nqa0E4YnU2ZklZUS9QVUNJCkVUdWRWMGNnRTNSYjNvMjA1YTIx
|
||||
UXZhTkNwY0Z6VXI1b09yRHl4aUVpYmsKLS0tIE5CZ0VmVHFZTlZJSzB3OTRKeUlz
|
||||
L2gzMDdySit6VWd4RzBMcENobTJLVGcKMYhRprFglCN5gUpcZ2ZKV8YgwdcRNuOs
|
||||
h+rEUaHuMlPSGe/t29hU6FfRGJ3vbPAKJpYDWANC6QTF+/TnFokzew==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1w99m9klvc7m5qtmtmu3l0jx8ksdzp5c4p9rkvh5fdullfc6afemqv5py2q
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2aFQrVjcrUFBTVkhkNlhx
|
||||
cnR6WFdJNW43bDhxWWNLcUtqTENGUkFHVkVZCjBNbHQrNWMzWk9zdE95Wm9CR3hU
|
||||
RDhBMHdVUXgzditLMTJaM2tJU3ZBVDAKLS0tIGc4MEgwUXBaT2gyNGhnUytjMld5
|
||||
OVQzNFJJT0VQT1ZOZ3YwaTUzV09ZbUUK6ZX7XonLQGVQKawwyFAJSlZq9jwKyR+l
|
||||
MJYtGMFAZv+qGTe/TN2Lhxkfo5VIXQUknt/ud94ceOW8A87WJ5RFIw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGQktCL0QrRGNpVkI5UXQx
|
||||
bUNQZnc0ZUI0Q3lHQkNnbTk2VGZ1ZDYwY0NnCi9OZkhUc3hSTWhiejZPWVhhdHc1
|
||||
d2llWjBKNTVNS21LODIwTlVLNTFUVFEKLS0tIGJLWEZaUGR5YXYvVHIvQUpBU2Jr
|
||||
QjF6SDZhWktHR1BwdVdBRWIvVTFpT1kK4id9BOXza/HPySMgGi+kjLuQvokUZNlf
|
||||
0+vleCcyAIT/9sv/RHm7ctAxsGp/NkdUBr//ED0hhYVd2zszejXHFw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age159whjxeyw94xmkkephmtlur8e85xd9d5vnvkwkcayfv7el0neqfq863yga
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwYlVTci8wU0Q3aWhMKzY0
|
||||
UmxIMWRxaHVORS90Tm5rQjJPRERVNSs5VURrCmNCWGN0MEtBMWxGTUsrYlcvWG5s
|
||||
RTNwc3pFV0J4MERqWENESFFDKzEyYzAKLS0tIGwvM3Y0QU9SM1F6dk9STHJmYnhO
|
||||
OXptbEVubTdZdHhKc01sdmJ2bTh4L1kKusHQnya/o0TzGK3y084bKrWD67tdQ/aW
|
||||
6va2HjLoCBu/dO6yPl9XU+Ocub9AY8p+Rs8XcQS+ypi2sSNi4i2Syw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGd2tSVmR5SjhmR3BSTCtH
|
||||
NzJLNEYvSVVvaytZOEM0NnJsRjdoL3d2VDJJCi9nbVZzdlJZS2plUjlKWEt3SWxm
|
||||
WEVrVlpqRUIzYjJTOGFveWR4UjIyWTAKLS0tIEFFajNrLzdXT1JXSXN3eXhGd1Vr
|
||||
Y2cwK05uWXFhbndyRlhrSFNjYUlmZ1UKZ1vFRu1QhGGf7BIP8TxK2BIlMZlP3muA
|
||||
R3qLr1lEQmob4O0ilwn65nSCEd1/9W6dUWqeSlJ6CavjG59AvSHfIA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-06-07T16:08:34Z"
|
||||
mac: ENC[AES256_GCM,data:uMpavfH72TyTc+tRTw+hyv5N+NHdTvO7J4TThOTqV1ACOl9DOIBimUsREDONEgUn4cOdDOZzSR6LDlva60+B30xoJUL8fsRzNXtHkZ/aR0WJmkFcKu5rkVvRQjJt378ICid/et0R4SEojxeIvhI3MzGxyF25NdhIswGKgDh2lMU=,iv:gUbAdaxBJFBXxJHJXeRXTynC4cwaP8vL9Z61TN2pIEw=,tag:lUFk/ydWRO/ZjA4V89IdHw==,type:str]
|
||||
lastmodified: "2024-11-30T18:44:29Z"
|
||||
mac: ENC[AES256_GCM,data:SG6a5pWa3gMaSz9d9fOchUXtXbRTpMOXmbOjZo5Fdx8Es1MEDwezwscQaj9p1dzmGa+7U8UUUzMYxlg2SmGgGdPgCs0a5RQVYvQFNdgpRiuknflFMcdgXLv7XFsTqsqSmbN0O662YDvCcz4DWRKjNCZAimlLym8pwDihj1D8dcU=,iv:JmCbcazDK2KPyYsoVy39sr4IbfiGfmGoopit5ojVADk=,tag:6tKYfMkJBjsThaa4qLqobw==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.10.2
|
||||
version: 3.9.1
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
sops_nix_keys:
|
||||
root: ENC[AES256_GCM,data:CxF2wjcQ2OFuS7Pgjnc8zc7sqGEz3dcHt4NXkL+V6w7kGPP+b4wBhOlT7b+bEESNslpK2htLY7x+IZWIA8JQpeRKHAKymAUK86I=,iv:5qNFDb86/Vr9Iqzx1eES4wUVY5XTq3iOR4VQliuP1lg=,tag:gx/Q7t52l9kMhPRXdpsB6A==,type:str]
|
||||
pkunis: ENC[AES256_GCM,data:192vkgOdMoDEhPU6yilatIfaFS/1LJFvteEMYI1/3SBP773lN62pWoDiJDiBtjBCisA/3yHriL3Dpvs1PwbV0BChmbL+svwKrFE=,iv:/YyZ+NSyZwyGp4NJYUSeYOOUfGaH5jOiVUH8QeWnFUA=,tag:sWN0bQvm8Ejw5+XST0pAEQ==,type:str]
|
||||
pim: ENC[AES256_GCM,data:PWFlRBaqImbCpj3IXU+BtNIRvwru+GRwxDQO4QwINRvxRqC36LE6JpMqaJNrTdCPy+aQ01brTN8y99qXTDlrul32cZnopc37r78=,iv:1tG7rDB5D7D2myes6Ro8hXC140ugjXpiwNpivWFw/xw=,tag:BNm/Ep55tt7xBWZFyzTR5g==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -16,8 +16,8 @@ sops:
|
|||
NkJzL3JSN2sxbnF6NGNhQlJqTHpHRTAKK+3FqqBAGxdlMtnbsySEcZT1lkQwJWvK
|
||||
GFB+6CtH9UtyIGrdK8Pm/0ahsolYGAim2OjeiKBbs3Q8kLm5WAsgRg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-02-25T13:53:06Z"
|
||||
mac: ENC[AES256_GCM,data:lLojNOq2QtdeqiCHOg6+Kssfa+Ey6JefPQulFkgnr1Onrt60ds2qWg5TTMHMlUaa6vB1S78WqyquTRBLv9Ek/alOae+CgdDi+vVX8hG5Mc2Edcfl+z8rRNFB+2mOEl1gJwKntyxySx6YBiDhZsH0p+Xflw9WGm/lL/FyRCJCwq0=,iv:8PqXupgwdfgdfIzsymVSrjQACoMODR+XYPgLMvASjos=,tag:rLGJlL3alm/qy+3qeS637g==,type:str]
|
||||
lastmodified: "2024-11-30T23:42:51Z"
|
||||
mac: ENC[AES256_GCM,data:fo856uaz54nxHDJVDpMOPc6GHAzMdVJTfqBiMtJkEwm3AVICtRcI8ucceBnmfKZf9DM2MC2DffU1tvJd5iqpqFZMXCElRnBxWVZGhvrZqIZtmoAin5zBgwOudf1o6msmdNGmZk1ECq/HpHNO/QMQ3rnFdBvOZwL0zu6iZm9XwC0=,iv:T6Tv1ukk0CWbTRVWYdfn/bWQoETk8DRVMOzpJE9mCWE=,tag:eICIYTBvAJLUTpRcMYqc5Q==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.1
|
24
secrets/sue/nixos.yaml
Normal file
24
secrets/sue/nixos.yaml
Normal file
|
@ -0,0 +1,24 @@
|
|||
wireguard:
|
||||
home:
|
||||
presharedKey: ENC[AES256_GCM,data:nFOqWcdo8zG83v1ceod8Uy4wX3w2LHmDPp2PaAAJ/lUexU4DhY9RZ4wtgC8=,iv:UvzQSZZ62I+QVFHMkHczC2KPeqX8z+DodS7nxLmXr4U=,tag:otwdNc2636DJdkzg22puqQ==,type:str]
|
||||
privateKey: ENC[AES256_GCM,data:RCQ3hvrnxCerTmKYfZFV7c9smMj5tbP+iFWouo1oxfhbec5K3uXipkL+KSg=,iv:zKSPvtDH3WcuxVpQydGScX6m0isZzLKk/F+/Wlpt/YQ=,tag:BDag2DSoHQDzg8xTS3SX3A==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1w99m9klvc7m5qtmtmu3l0jx8ksdzp5c4p9rkvh5fdullfc6afemqv5py2q
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoWEc5K3p3QytpZ1pxeEJy
|
||||
TUtENXdnT3ZJUGNXaHo0ZktwK21OMVJmNzA4CjdlMUtWY2hBc3U1UVZQZEllK2xC
|
||||
NGZSK2VyQVdBRmZYejBWM0FIeFE5K2MKLS0tIEQ3MHhOcW92dlo4NUdBdFlKdEM0
|
||||
N1Rab3RNZ00vd0xPOVBYRHphaldWU1EKNKnKPWO1l8NwWXG2e15Y3td9I0rN9Wwn
|
||||
QdoeVf2+cPJOO5g9stZpl2DBF3QxJojt+dQhwjuEbP9nQtlVQPAlMQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-11-30T23:42:09Z"
|
||||
mac: ENC[AES256_GCM,data:nHLeqi4DAoyIi0CfARfx9b753BFdMmIR/fkOrhV5yehl7rUWvSh0+H7sb/ncgW6Blrc5g6Ek8BxXAt8a2SXfCEQaFU6tI1wJ/3mPtEPSvWQnZ75wAQLRgaBE3oxdL2FxSu3sjXMRjipPa/ACbau60FpNFzVbGuwNYfQAquwWtFg=,iv:LYn+36pfIw8zCnhQE4nCyt9yhetoHZRVNrBXL8N12Jo=,tag:aZsxtfEdK99+aBQS6OEwWg==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.1
|
Loading…
Add table
Add a link
Reference in a new issue