diff --git a/aws-credentials.age b/aws-credentials.age new file mode 100644 index 0000000..3e1ea6e Binary files /dev/null and b/aws-credentials.age differ diff --git a/checks/default.nix b/checks/default.nix index e1702f8..21ccf80 100644 --- a/checks/default.nix +++ b/checks/default.nix @@ -26,10 +26,10 @@ build = _: nc: nc.config.system.build.toplevel; in { x86_64-linux = lib.mapAttrs build { - inherit (self.nixosConfigurations) hs thinkpad mothership; + inherit (self.nixosConfigurations) thinkpad mothership; }; aarch64-linux = { - inherit (self.nixosConfigurations) pbp rock5b; + inherit (self.nixosConfigurations) rock5b; #pbp; }; }; } diff --git a/flake.lock b/flake.lock index fecaa14..0022ec2 100644 --- a/flake.lock +++ b/flake.lock @@ -3,14 +3,15 @@ "agenix": { "inputs": { "darwin": "darwin", + "home-manager": "home-manager", "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1680281360, - "narHash": "sha256-XdLTgAzjJNDhAG2V+++0bHpSzfvArvr2pW6omiFfEJk=", + "lastModified": 1690228878, + "narHash": "sha256-9Xe7JV0krp4RJC9W9W9WutZVlw6BlHTFMiUP/k48LQY=", "owner": "ryantm", "repo": "agenix", - "rev": "e64961977f60388dd0b49572bb0fc453b871f896", + "rev": "d8c973fd228949736dedf61b7f8cc1ece3236792", "type": "github" }, "original": { @@ -44,20 +45,20 @@ "ccrEmacs": { "inputs": { "emacs-overlay": "emacs-overlay", - "emacs-src": "emacs-src", + "extra-package-agenix-el": "extra-package-agenix-el", + "extra-package-combobulate": "extra-package-combobulate", + "extra-package-dracula-theme": "extra-package-dracula-theme", + "extra-package-indent-bars": "extra-package-indent-bars", + "extra-package-nix-ts-mode": "extra-package-nix-ts-mode", "flake-parts": "flake-parts", - "nixpkgs": [ - "ccrEmacs", - "emacs-overlay", - "nixpkgs" - ] + "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1683798766, - "narHash": "sha256-HY0Arq4uGqfMM0WiSKrOlVt7KTTN9jtpxCHDAtEp8Vs=", + "lastModified": 1695376716, + "narHash": "sha256-2BmSjPbrJMQZZGRRkwILFxtDLYbkgFUCmrEv9qBDgbQ=", "owner": "aciceri", "repo": "emacs", - "rev": "7f3ee2413d6b0756ade8435e0fa9ff3317e4c000", + "rev": "2f02170401205c5473d720a9c781fd32a43f68d1", "type": "github" }, "original": { @@ -95,7 +96,7 @@ "inputs": { "flake-compat": "flake-compat_2", "naersk": "naersk", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_4", "utils": "utils" }, "locked": { @@ -302,14 +303,15 @@ "emacs-overlay": { "inputs": { "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs_2", + "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1678296165, - "narHash": "sha256-nEU+1PKIvYfD+oQ53KO13J2LwMPzUgWc89tFzrES9K4=", + "lastModified": 1694602127, + "narHash": "sha256-8lcpkk35COSkygePlvsOtSpR7tZx1SIgxdltZ0UZvXM=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "5b3d95676be5c6963c4d16f21ecf82beb14c6c05", + "rev": "b99f00b0bc835dd490b455c8df0bab2acc16021c", "type": "github" }, "original": { @@ -318,21 +320,85 @@ "type": "github" } }, - "emacs-src": { + "extra-package-agenix-el": { "flake": false, "locked": { - "lastModified": 1677076548, - "narHash": "sha256-yWln8CoiNJpQ8CmjNYaXFj00aJa5mSUIYLdkN+c5KbQ=", - "ref": "emacs-29", - "rev": "20c654b6f8fa24ff458e09a1eb101ba198e671f8", - "revCount": 164627, - "type": "git", - "url": "git://git.savannah.gnu.org/emacs.git" + "lastModified": 1695352156, + "narHash": "sha256-3170HgBX27W1XiKP8fP5NrqNBEBadFj3TLHPyLpmmyM=", + "owner": "t4ccer", + "repo": "agenix.el", + "rev": "ca6cc147c6d7593bc8456cdac47b7bc31c58b736", + "type": "github" }, "original": { - "ref": "emacs-29", - "type": "git", - "url": "git://git.savannah.gnu.org/emacs.git" + "owner": "t4ccer", + "repo": "agenix.el", + "type": "github" + } + }, + "extra-package-combobulate": { + "flake": false, + "locked": { + "lastModified": 1695034590, + "narHash": "sha256-YZgYaRVX8cO5W90MUD9CJO8sfiqhDyJDV58hE7utbVI=", + "owner": "mickeynp", + "repo": "combobulate", + "rev": "d51ca57221f8c2689665da4dbe55dc618f0d04e0", + "type": "github" + }, + "original": { + "owner": "mickeynp", + "repo": "combobulate", + "type": "github" + } + }, + "extra-package-dracula-theme": { + "flake": false, + "locked": { + "lastModified": 1695368802, + "narHash": "sha256-i/xIb8jYONVNxADFcU5HVKhejkL+Ou6NlF92QTMFyiY=", + "owner": "dracula", + "repo": "emacs", + "rev": "dabe74904036717b06546c382df6e77a28921cff", + "type": "github" + }, + "original": { + "owner": "dracula", + "repo": "emacs", + "type": "github" + } + }, + "extra-package-indent-bars": { + "flake": false, + "locked": { + "lastModified": 1695000820, + "narHash": "sha256-qJy9g/tdce74Rh7FyMxCSBZjK6paZrPaL4UpS/uxPSg=", + "owner": "jdtsmith", + "repo": "indent-bars", + "rev": "2b0a4ad16804fb48821f661cd6be4652c0e37d72", + "type": "github" + }, + "original": { + "owner": "jdtsmith", + "repo": "indent-bars", + "type": "github" + } + }, + "extra-package-nix-ts-mode": { + "flake": false, + "locked": { + "lastModified": 1694965545, + "narHash": "sha256-HijDb+2ojDk1Evv/KEIrZ/xW+QXz6IJoUllniTsE3hs=", + "owner": "aciceri", + "repo": "nix-ts-mode", + "rev": "8da9a76cd014d56ee734553a32c9e006e375bce4", + "type": "github" + }, + "original": { + "owner": "aciceri", + "ref": "improved", + "repo": "nix-ts-mode", + "type": "github" } }, "fan-control": { @@ -496,11 +562,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1675933616, - "narHash": "sha256-/rczJkJHtx16IFxMmAWu5nNYcSXNg1YYXTHoGjLrLUA=", + "lastModified": 1690933134, + "narHash": "sha256-ab989mN63fQZBFrkk4Q8bYxQCktuHmBIBqUG1jl6/FQ=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "47478a4a003e745402acf63be7f9a092d51b83d7", + "rev": "59cf3f1447cfc75087e7273b04b31e689a8599fb", "type": "github" }, "original": { @@ -513,6 +579,45 @@ "inputs": { "nixpkgs-lib": "nixpkgs-lib_4" }, + "locked": { + "lastModified": 1685662779, + "narHash": "sha256-cKDDciXGpMEjP1n6HlzKinN0H+oLmNpgeCTzYnsA2po=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "71fb97f0d875fd4de4994dfb849f2c75e17eb6c3", + "type": "github" + }, + "original": { + "id": "flake-parts", + "type": "indirect" + } + }, + "flake-parts_3": { + "inputs": { + "nixpkgs-lib": [ + "hercules-ci-effects", + "hercules-ci-agent", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1685662779, + "narHash": "sha256-cKDDciXGpMEjP1n6HlzKinN0H+oLmNpgeCTzYnsA2po=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "71fb97f0d875fd4de4994dfb849f2c75e17eb6c3", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_4": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib_5" + }, "locked": { "lastModified": 1678379998, "narHash": "sha256-TZdfNqftHhDuIFwBcN9MUThx5sQXCTeZk9je5byPKRw=", @@ -528,12 +633,15 @@ } }, "flake-utils": { + "inputs": { + "systems": "systems" + }, "locked": { - "lastModified": 1667395993, - "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "lastModified": 1694529238, + "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", "owner": "numtide", "repo": "flake-utils", - "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", "type": "github" }, "original": { @@ -559,7 +667,7 @@ }, "flake-utils_3": { "inputs": { - "systems": "systems" + "systems": "systems_2" }, "locked": { "lastModified": 1681202837, @@ -576,12 +684,15 @@ } }, "flake-utils_4": { + "inputs": { + "systems": "systems_4" + }, "locked": { - "lastModified": 1678901627, - "narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=", + "lastModified": 1687709756, + "narHash": "sha256-Y5wKlQSkgEK2weWdOu4J3riRd+kV/VCgHsqLNTTWQ/0=", "owner": "numtide", "repo": "flake-utils", - "rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6", + "rev": "dbabf0ca0c0c4bce6ea5eaf65af5cb694d2082c7", "type": "github" }, "original": { @@ -696,10 +807,26 @@ "type": "github" } }, + "haskell-flake": { + "locked": { + "lastModified": 1684780604, + "narHash": "sha256-2uMZsewmRn7rRtAnnQNw1lj0uZBMh4m6Cs/7dV5YF08=", + "owner": "srid", + "repo": "haskell-flake", + "rev": "74210fa80a49f1b6f67223debdbf1494596ff9f2", + "type": "github" + }, + "original": { + "owner": "srid", + "ref": "0.3.0", + "repo": "haskell-flake", + "type": "github" + } + }, "helix": { "inputs": { "nci": "nci", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_5", "parts": "parts_2", "rust-overlay": "rust-overlay" }, @@ -717,6 +844,66 @@ "type": "github" } }, + "hercules-ci-agent": { + "inputs": { + "flake-parts": "flake-parts_3", + "haskell-flake": "haskell-flake", + "nixpkgs": "nixpkgs_6" + }, + "locked": { + "lastModified": 1686721748, + "narHash": "sha256-ilD6ANYID+b0/+GTFbuZXfmu92bqVqY5ITKXSxqIp5A=", + "owner": "hercules-ci", + "repo": "hercules-ci-agent", + "rev": "7192b83935ab292a8e894db590dfd44f976e183b", + "type": "github" + }, + "original": { + "id": "hercules-ci-agent", + "type": "indirect" + } + }, + "hercules-ci-effects": { + "inputs": { + "flake-parts": "flake-parts_2", + "hercules-ci-agent": "hercules-ci-agent", + "nixpkgs": "nixpkgs_7" + }, + "locked": { + "lastModified": 1686830987, + "narHash": "sha256-1XLTM0lFr3NV+0rd55SQW/8oQ3ACnqlYcda3FelIwHU=", + "owner": "hercules-ci", + "repo": "hercules-ci-effects", + "rev": "04e4ab63b9eed2452edee1bb698827e1cb8265c6", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "hercules-ci-effects", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1682203081, + "narHash": "sha256-kRL4ejWDhi0zph/FpebFYhzqlOBrk0Pl3dzGEKSAlEw=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "32d3e39c491e2f91152c84f8ad8b003420eab0a1", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, "homeManager": { "inputs": { "nixpkgs": [ @@ -724,11 +911,11 @@ ] }, "locked": { - "lastModified": 1685480784, - "narHash": "sha256-pkk3J9gX745LEkkeTGhSRJqPJkmCPQzwI/q7a720XaY=", + "lastModified": 1694585439, + "narHash": "sha256-70BlfEsdURx5f8sioj8JuM+R4/SZFyE8UYrULMknxlI=", "owner": "nix-community", "repo": "home-manager", - "rev": "54a9d6456eaa6195998a0f37bdbafee9953ca0fb", + "rev": "a0ddf43b6268f1717afcda54133dea30435eb178", "type": "github" }, "original": { @@ -741,15 +928,14 @@ "inputs": { "nixpkgs": [ "nixpkgsUnstable" - ], - "utils": "utils_3" + ] }, "locked": { - "lastModified": 1679846261, - "narHash": "sha256-mclwhl8Di7v5MvF4yNjX7wBdepLFgDXu9XJeDLHsFlE=", + "lastModified": 1688808072, + "narHash": "sha256-ab+PJuoqJmxNDuWrqgC6yZD2AWsN/AT2amgwEFfKUkc=", "owner": "aciceri", "repo": "home-manager", - "rev": "3fb549b2b8823946ba4d5ee28d85a0a66471668a", + "rev": "761f77e1454f6cfe653fd2750bea6ea23b637427", "type": "github" }, "original": { @@ -762,23 +948,21 @@ "hyprland": { "inputs": { "hyprland-protocols": "hyprland-protocols", - "nixpkgs": [ - "nixpkgsUnstable" - ], + "nixpkgs": "nixpkgs_8", + "systems": "systems_3", "wlroots": "wlroots", "xdph": "xdph" }, "locked": { - "lastModified": 1685380658, - "narHash": "sha256-LPih0Q//p8IurXG9kGRVGAqV4AUKVYj9xkk3sYYAj6I=", + "lastModified": 1693256615, + "narHash": "sha256-1EznFZBr21tuU795UzJFkBKU7aAv7sDCoSVGwzuvTFY=", "owner": "hyprwm", "repo": "hyprland", - "rev": "51a930f802c71a0e67f05e7b176ded74e8e95f87", + "rev": "0a78f6031c8fcc6773f136fccde3d560aaac239d", "type": "github" }, "original": { "owner": "hyprwm", - "ref": "v0.26.0", "repo": "hyprland", "type": "github" } @@ -788,14 +972,18 @@ "nixpkgs": [ "hyprland", "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" ] }, "locked": { - "lastModified": 1684265364, - "narHash": "sha256-AxNnWbthsuNx73HDQr0eBxrcE3+yfl/WsaXZqUFmkpQ=", + "lastModified": 1691753796, + "narHash": "sha256-zOEwiWoXk3j3+EoF3ySUJmberFewWlagvewDRuWYAso=", "owner": "hyprwm", "repo": "hyprland-protocols", - "rev": "8c279b9fb0f2b031427dc5ef4eab53f2ed835530", + "rev": "0c2ce70625cb30aef199cb388f99e19a61a6ce03", "type": "github" }, "original": { @@ -932,15 +1120,15 @@ "nil": { "inputs": { "flake-utils": "flake-utils_4", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_9", "rust-overlay": "rust-overlay_2" }, "locked": { - "lastModified": 1680544266, - "narHash": "sha256-d/TusDXmIo8IT5DNRA21lN+nOVSER8atIx9TJteR6LQ=", + "lastModified": 1691372739, + "narHash": "sha256-fZ8KfBMcIFO/R7xaWtB85SFeuUjb9SCH8fxYBnY8068=", "owner": "oxalica", "repo": "nil", - "rev": "56a1fa87b98a9508920f4b0ab8fe36d5b54b2362", + "rev": "97abe7d3d48721d4e0fcc1876eea83bb4247825b", "type": "github" }, "original": { @@ -955,7 +1143,7 @@ "nixpkgs": [ "nixpkgsUnstable" ], - "utils": "utils_4" + "utils": "utils_3" }, "locked": { "lastModified": 1677512347, @@ -1009,7 +1197,7 @@ }, "nixos-vscode-server": { "inputs": { - "nixpkgs": "nixpkgs_6" + "nixpkgs": "nixpkgs_10" }, "locked": { "lastModified": 1676501444, @@ -1075,11 +1263,11 @@ "nixpkgs-lib": { "locked": { "dir": "lib", - "lastModified": 1675183161, - "narHash": "sha256-Zq8sNgAxDckpn7tJo7V1afRSk2eoVbu3OjI1QklGLNg=", + "lastModified": 1690881714, + "narHash": "sha256-h/nXluEqdiQHs1oSgkOOWF+j8gcJMWhwnZ9PFabN6q0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e1e1b192c1a5aab2960bf0a0bd53a2e8124fa18e", + "rev": "9e1960bc196baf6881340d53dccb203a951745a2", "type": "github" }, "original": { @@ -1127,6 +1315,24 @@ } }, "nixpkgs-lib_4": { + "locked": { + "dir": "lib", + "lastModified": 1685564631, + "narHash": "sha256-8ywr3AkblY4++3lIVxmrWZFzac7+f32ZEhH/A8pNscI=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "4f53efe34b3a8877ac923b9350c874e3dcd5dc0a", + "type": "github" + }, + "original": { + "dir": "lib", + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-lib_5": { "locked": { "dir": "lib", "lastModified": 1678375444, @@ -1145,6 +1351,22 @@ } }, "nixpkgs-stable": { + "locked": { + "lastModified": 1694499547, + "narHash": "sha256-R7xMz1Iia6JthWRHDn36s/E248WB1/je62ovC/dUVKI=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "e5f018cf150e29aac26c61dac0790ea023c46b24", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-23.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable_2": { "locked": { "lastModified": 1671271954, "narHash": "sha256-cSvu+bnvN08sOlTBWbBrKaBHQZq8mvk8bgpt0ZJ2Snc=", @@ -1162,32 +1384,16 @@ }, "nixpkgsStable": { "locked": { - "lastModified": 1686656800, - "narHash": "sha256-duScdQZNeZcde0JwmQ9W4XfqlO/Z24MDhlTq2MokuSM=", + "lastModified": 1689956312, + "narHash": "sha256-NV9yamMhE5jgz+ZSM2IgXeYqOvmGIbIIJ+AFIhfD7Ek=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2b273c2351fe1ab490158cf8acc8aafad02592ce", + "rev": "6da4bc6cb07cba1b8e53d139cbf1d2fb8061d967", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-22.11", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgsUnstable": { - "locked": { - "lastModified": 1686592866, - "narHash": "sha256-riGg89eWhXJcPNrQGcSwTEEm7CGxWC06oSX44hajeMw=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "0eeebd64de89e4163f4d3cf34ffe925a5cf67a05", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", + "ref": "nixos-23.05", "repo": "nixpkgs", "type": "github" } @@ -1207,71 +1413,7 @@ "type": "indirect" } }, - "nixpkgs_2": { - "locked": { - "lastModified": 1673540789, - "narHash": "sha256-xqnxBOK3qctIeUVxecydrEDbEXjsvHCPGPbvsl63M/U=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "0f213d0fee84280d8c3a97f7469b988d6fe5fcdf", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { - "locked": { - "lastModified": 1663235518, - "narHash": "sha256-q8zLK6rK/CLXEguaPgm9yQJcY0VQtOBhAT9EV2UFK/A=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "2277e4c9010b0f27585eb0bed0a86d7cbc079354", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_4": { - "locked": { - "lastModified": 1683408522, - "narHash": "sha256-9kcPh6Uxo17a3kK3XCHhcWiV1Yu1kYj22RHiymUhMkU=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "897876e4c484f1e8f92009fd11b7d988a121a4e7", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_5": { - "locked": { - "lastModified": 1680487167, - "narHash": "sha256-9FNIqrxDZgSliGGN2XJJSvcDYmQbgOANaZA4UWnTdg4=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "53dad94e874c9586e71decf82d972dfb640ef044", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_6": { + "nixpkgs_10": { "locked": { "lastModified": 1672441588, "narHash": "sha256-jx5kxOyeObnVD44HRebKYL3cjWrcKhhcDmEYm0/naDY=", @@ -1285,7 +1427,7 @@ "type": "indirect" } }, - "nixpkgs_7": { + "nixpkgs_11": { "locked": { "lastModified": 1675942811, "narHash": "sha256-/v4Z9mJmADTpXrdIlAjFa1e+gkpIIROR670UVDQFwIw=", @@ -1300,7 +1442,7 @@ "type": "indirect" } }, - "nixpkgs_8": { + "nixpkgs_12": { "locked": { "lastModified": 1678470307, "narHash": "sha256-OEeMUr3ueLIXyW/OaFUX5jUdimyQwMg/7e+/Q0gC/QE=", @@ -1316,10 +1458,137 @@ "type": "github" } }, + "nixpkgs_2": { + "locked": { + "lastModified": 1694422566, + "narHash": "sha256-lHJ+A9esOz9vln/3CJG23FV6Wd2OoOFbDeEs4cMGMqc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "3a2786eea085f040a66ecde1bc3ddc7099f6dbeb", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1694422566, + "narHash": "sha256-lHJ+A9esOz9vln/3CJG23FV6Wd2OoOFbDeEs4cMGMqc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "3a2786eea085f040a66ecde1bc3ddc7099f6dbeb", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { + "locked": { + "lastModified": 1663235518, + "narHash": "sha256-q8zLK6rK/CLXEguaPgm9yQJcY0VQtOBhAT9EV2UFK/A=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "2277e4c9010b0f27585eb0bed0a86d7cbc079354", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_5": { + "locked": { + "lastModified": 1683408522, + "narHash": "sha256-9kcPh6Uxo17a3kK3XCHhcWiV1Yu1kYj22RHiymUhMkU=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "897876e4c484f1e8f92009fd11b7d988a121a4e7", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_6": { + "locked": { + "lastModified": 1686501370, + "narHash": "sha256-G0WuM9fqTPRc2URKP9Lgi5nhZMqsfHGrdEbrLvAPJcg=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "75a5ebf473cd60148ba9aec0d219f72e5cf52519", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_7": { + "locked": { + "lastModified": 1686804192, + "narHash": "sha256-+VyQUManoec9GcNAS10HM83DkvFuS8IB/efIfSbNU5A=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "979b4232b33873e4e52692e7d1d0ebadc87d0633", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_8": { + "locked": { + "lastModified": 1692638711, + "narHash": "sha256-J0LgSFgJVGCC1+j5R2QndadWI1oumusg6hCtYAzLID4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "91a22f76cd1716f9d0149e8a5c68424bb691de15", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_9": { + "locked": { + "lastModified": 1690441914, + "narHash": "sha256-Ac+kJQ5z9MDAMyzSc0i0zJDx2i3qi9NjlW5Lz285G/I=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "db8672b8d0a2593c2405aed0c1dfa64b2a2f428f", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nom": { "inputs": { "flake-utils": "flake-utils_5", - "nixpkgs": "nixpkgs_7", + "nixpkgs": "nixpkgs_11", "pre-commit-hooks": "pre-commit-hooks" }, "locked": { @@ -1338,11 +1607,11 @@ }, "nur": { "locked": { - "lastModified": 1687407028, - "narHash": "sha256-vF/K3nSxz1gTZzqZEBG2r0sVnRVbEK5y0IgjVAXS6kY=", + "lastModified": 1693819787, + "narHash": "sha256-1XFgL4NZpiuIVRz0X4xojH4kBgXyso9Cmw/AC3p+1fQ=", "owner": "nix-community", "repo": "NUR", - "rev": "1a18d5854e100699f4bb280cc49e95fc92ea4570", + "rev": "c0d7881ab65e8e91e7928070e6ff2c71e57ce45e", "type": "github" }, "original": { @@ -1419,7 +1688,7 @@ "nom", "nixpkgs" ], - "nixpkgs-stable": "nixpkgs-stable" + "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { "lastModified": 1672050129, @@ -1464,20 +1733,20 @@ "rock5b": { "inputs": { "fan-control": "fan-control", - "flake-parts": "flake-parts_2", + "flake-parts": "flake-parts_4", "kernel-src": "kernel-src", - "nixpkgs": "nixpkgs_8", + "nixpkgs": "nixpkgs_12", "nixpkgs-kernel": "nixpkgs-kernel", "panfork": "panfork", "tow-boot": "tow-boot", "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1679242046, - "narHash": "sha256-CeGpTKnPQ++m11CV7Iisppwx+8fNwJSW8Q1ML6NxSJY=", + "lastModified": 1685695782, + "narHash": "sha256-zBQFjZhFWsxCA31jI4Ui3l8KhrqQaG0dHi/v/vIvZcM=", "owner": "aciceri", "repo": "rock5b-nixos", - "rev": "e1099dd4a6be8018a5cc489fb2ee1d50e4e285a0", + "rev": "3868939df4a6d5292077e154c8cb36de1fde4d30", "type": "github" }, "original": { @@ -1497,6 +1766,7 @@ "disko": "disko", "flakeParts": "flakeParts", "helix": "helix", + "hercules-ci-effects": "hercules-ci-effects", "homeManager": "homeManager", "homeManagerGitWorkspace": "homeManagerGitWorkspace", "hyprland": "hyprland", @@ -1507,7 +1777,10 @@ "nixos-vscode-server": "nixos-vscode-server", "nixosHardware": "nixosHardware", "nixpkgsStable": "nixpkgsStable", - "nixpkgsUnstable": "nixpkgsUnstable", + "nixpkgsUnstable": [ + "hyprland", + "nixpkgs" + ], "nom": "nom", "nur": "nur", "pre-commit-hooks": "pre-commit-hooks_2", @@ -1584,11 +1857,11 @@ ] }, "locked": { - "lastModified": 1680488274, - "narHash": "sha256-0vYMrZDdokVmPQQXtFpnqA2wEgCCUXf5a3dDuDVshn0=", + "lastModified": 1688783586, + "narHash": "sha256-HHaM2hk2azslv1kH8zmQxXo2e7i5cKgzNIuK4yftzB0=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "7ec2ff598a172c6e8584457167575b3a1a5d80d8", + "rev": "7a29283cc242c2486fc67f60b431ef708046d176", "type": "github" }, "original": { @@ -1633,6 +1906,51 @@ "type": "github" } }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_3": { + "locked": { + "lastModified": 1689347949, + "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", + "owner": "nix-systems", + "repo": "default-linux", + "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default-linux", + "type": "github" + } + }, + "systems_4": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "tow-boot": { "flake": false, "locked": { @@ -1722,21 +2040,6 @@ } }, "utils_3": { - "locked": { - "lastModified": 1676283394, - "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "utils_4": { "locked": { "lastModified": 1667395993, "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", @@ -1755,17 +2058,18 @@ "flake": false, "locked": { "host": "gitlab.freedesktop.org", - "lastModified": 1685491729, - "narHash": "sha256-YfpP8tKpcr0Lxlr3PdoMaY3GD/uJRl6E5pp5KQCEuzg=", + "lastModified": 1692976565, + "narHash": "sha256-eBKkG7tMxg92NskEn8dHRFY245JwjirWRoOZzW6DnUw=", "owner": "wlroots", "repo": "wlroots", - "rev": "3f0487d310974f6ff889ca80e4fb4005553814ed", + "rev": "717ded9bb0191ea31bf4368be32e7a15fe1b8294", "type": "gitlab" }, "original": { "host": "gitlab.freedesktop.org", "owner": "wlroots", "repo": "wlroots", + "rev": "717ded9bb0191ea31bf4368be32e7a15fe1b8294", "type": "gitlab" } }, @@ -1778,14 +2082,18 @@ "nixpkgs": [ "hyprland", "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" ] }, "locked": { - "lastModified": 1685385764, - "narHash": "sha256-r+XMyOoRXq+hlfjayb+fyi9kq2JK48TrwuNIAXqlj7U=", + "lastModified": 1691841170, + "narHash": "sha256-RCTm1/MVWYPnReMgyp7tr2ogGYo/pvw38jZaFwemgPU=", "owner": "hyprwm", "repo": "xdg-desktop-portal-hyprland", - "rev": "4d9ff0c17716936e0b5ca577a39e263633901ed1", + "rev": "57a3a41ba6b358109e4fc25c6a4706b5f7d93c6b", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index b9b90f9..9911a6a 100644 --- a/flake.nix +++ b/flake.nix @@ -3,8 +3,9 @@ inputs = { flakeParts.url = "github:hercules-ci/flake-parts"; - nixpkgsUnstable.url = "github:NixOS/nixpkgs/nixos-unstable"; - nixpkgsStable.url = "github:NixOS/nixpkgs/nixos-22.11"; + # nixpkgsUnstable.url = "github:NixOS/nixpkgs/nixos-unstable"; + nixpkgsUnstable.follows = "hyprland/nixpkgs"; + nixpkgsStable.url = "github:NixOS/nixpkgs/nixos-23.05"; nixosHardware.url = "github:NixOS/nixos-hardware"; homeManager = { url = "github:nix-community/home-manager"; @@ -33,8 +34,7 @@ ccrEmacs.url = "github:aciceri/emacs"; # ccrEmacs.url = "/home/ccr/.config/emacs"; hyprland = { - url = "github:hyprwm/hyprland/v0.26.0"; - inputs.nixpkgs.follows = "nixpkgsUnstable"; + url = "github:hyprwm/hyprland"; }; hyprpaper = { url = "github:hyprwm/hyprpaper"; @@ -76,10 +76,12 @@ url = "github:kamadorueda/alejandra"; inputs.nixpkgs.follows = "nixpkgsUnstable"; }; + hercules-ci-effects.url = "github:hercules-ci/hercules-ci-effects"; + # nixpkgsImmich.url = "github:oddlama/nixpkgs/init-immich"; }; outputs = inputs @ {flakeParts, ...}: - flakeParts.lib.mkFlake {inherit inputs;} { + flakeParts.lib.mkFlake {inherit inputs;} ({lib, ...}: { imports = [ # TODO export modules as flake outputs # ./modules @@ -88,24 +90,21 @@ ./packages ./shell ./checks + inputs.hercules-ci-effects.flakeModule ]; systems = ["x86_64-linux" "aarch64-linux"]; - }; + herculesCI.ciSystems = [ + "x86_64-linux" + # "aarch64-linux" + ]; + }); nixConfig = { extra-substituters = [ - "https://nix-community.cachix.org" - "https://aciceri-fleet.cachix.org" - "https://aciceri-emacs.cachix.org" - "https://rock5b-nixos.cachix.org" - "https://helix.cachix.org" + "https://hyprland.cachix.org" ]; extra-trusted-public-keys = [ - "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - "aciceri-fleet.cachix.org-1:e1AodrwmzRWy0eQi3lUY71M41fp9Sq+UpuKKv705xsI=" - "aciceri-emacs.cachix.org-1:kxDGDFWV6LUj41tb8xmPRBI56UJSZOVveN49LZDUKdA=" - "rock5b-nixos.cachix.org-1:bXHDewFS0d8pT90A+/YZan/3SjcyuPZ/QRgRSuhSPnA=" - "helix.cachix.org-1:ejp9KQpR1FBI2onstMQ34yogDm4OgU2ru6lIwPvuCVs=" + "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" ]; }; } diff --git a/hmModules/element/default.nix b/hmModules/element/default.nix index 512a533..6bbebb4 100644 --- a/hmModules/element/default.nix +++ b/hmModules/element/default.nix @@ -1,5 +1,5 @@ {pkgs, ...}: { - home.packages = [pkgs.element-desktop]; + home.packages = [pkgs.schildichat-desktop]; systemd.user.services.element-desktop = { Install.WantedBy = ["graphical-session.target"]; @@ -10,7 +10,7 @@ }; Service = { - ExecStart = "${pkgs.element-desktop}/bin/element-desktop"; + ExecStart = "${pkgs.schildichat-desktop}/bin/schildichat-desktop"; Restart = "on-failure"; RestartSec = 3; }; diff --git a/hmModules/emacs/default.nix b/hmModules/emacs/default.nix index d2860e3..3265e11 100644 --- a/hmModules/emacs/default.nix +++ b/hmModules/emacs/default.nix @@ -1,3 +1,4 @@ {lib, ...}: { ccrEmacs.enable = true; + home.sessionVariables.EDITOR = lib.mkForce "emacsclient"; } diff --git a/hmModules/firefox/default.nix b/hmModules/firefox/default.nix index f12b0dd..8218122 100644 --- a/hmModules/firefox/default.nix +++ b/hmModules/firefox/default.nix @@ -19,13 +19,9 @@ privacy-badger ublock-origin tridactyl - octotree - octolinker - org-capture browserpass # bypass-paywalls-clean ghosttext # or edit-with-emacs? - # fx_cast # TODO make PR to rycee NUR repo ]; settings = { "browser.startup.homepage" = "https://google.it"; diff --git a/hmModules/git-workspace/default.nix b/hmModules/git-workspace/default.nix index dd14105..56cdfe4 100644 --- a/hmModules/git-workspace/default.nix +++ b/hmModules/git-workspace/default.nix @@ -1,5 +1,4 @@ {age, ...}: { - programs.git-workspace.enable = true; services.git-workspace = { enable = true; frequency = "04:00:00"; diff --git a/hmModules/git/default.nix b/hmModules/git/default.nix index 2305728..edc5e09 100644 --- a/hmModules/git/default.nix +++ b/hmModules/git/default.nix @@ -19,7 +19,7 @@ in { gpg.format = "ssh"; commit.gpgsign = true; - core.editor = "hx"; + core.editor = "emacsclient"; }; userName = config.name; @@ -37,7 +37,7 @@ in { }; delta = { - enable = false; # Playing with difftastic at the moment + enable = false; options = { features = "decorations"; delta = { @@ -50,5 +50,9 @@ in { enable = true; background = "dark"; }; + + diff-so-fancy.enable = false; }; + + home.packages = with pkgs; [delta]; } diff --git a/hmModules/gnome-keyring/default.nix b/hmModules/gnome-keyring/default.nix new file mode 100644 index 0000000..b0135ff --- /dev/null +++ b/hmModules/gnome-keyring/default.nix @@ -0,0 +1,21 @@ +{ + pkgs, + lib, + config, + ... +}: { + services.gnome-keyring = { + enable = false; # Is this broken? https://github.com/nix-community/home-manager/issues/1454 + components = lib.mkForce [ + "secrets" + "ssh" + ]; + }; + + home.packages = [pkgs.gcr]; # Needed in PATH + + # Workaround + wayland.windowManager.hyprland.extraConfig = '' + exec-once = ${pkgs.gnome.gnome-keyring}/bin/gnome-keyring-daemon --start --foreground --components=secrets,ssh,pkcs + ''; +} diff --git a/hmModules/helix/default.nix b/hmModules/helix/default.nix index 98b1278..0324ce8 100644 --- a/hmModules/helix/default.nix +++ b/hmModules/helix/default.nix @@ -18,6 +18,6 @@ }; }; }; - home.sessionVariables.EDITOR = lib.mkForce "${config.programs.helix.package}/bin/helix"; - programs.nushell.environmentVariables.EDITOR = lib.mkForce config.home.sessionVariables.EDITOR; + # home.sessionVariables.EDITOR = lib.mkForce "${config.programs.helix.package}/bin/helix"; + # programs.nushell.environmentVariables.EDITOR = lib.mkForce config.home.sessionVariables.EDITOR; } diff --git a/hmModules/hyprland/default.nix b/hmModules/hyprland/default.nix index 268d17a..b4cfd5b 100644 --- a/hmModules/hyprland/default.nix +++ b/hmModules/hyprland/default.nix @@ -9,6 +9,16 @@ ${pkgs.grim}/bin/grim -t png -g "$coords" "$filename" wl-copy -t image/png < $filename ''; + hyprland = config.wayland.windowManager.hyprland.package; + switchMonitorScript = pkgs.writeShellScript "switch-monitor.sh" '' + if [[ "$(${hyprland}/bin/hyprctl monitors) | grep '\sDP-[0-9]+'" ]]; then + if [[ $1 == "open" ]]; then + ${hyprland}/bin/hyprctl keyword monitor "eDP-1,1920x1080,3760x230,1" + else + ${hyprland}/bin/hyprctl keyword monitor "eDP-1,disable" + fi + fi + ''; in { imports = [ ./hyprpaper.nix @@ -17,6 +27,7 @@ in { ../mako ../gammastep ../kitty + ../wezterm ]; home.packages = with pkgs; [wl-clipboard]; @@ -41,6 +52,33 @@ in { }; }; + services.kanshi = { + enable = false; + systemdTarget = "hyprland-session.target"; + profiles = { + undocked = { + outputs = [ + { + status = "enable"; + criteria = "eDP-1"; + } + ]; + }; + docked = { + outputs = [ + { + status = "disable"; + criteria = "eDP-1"; + } + { + status = "enable"; + criteria = "DP-1"; + } + ]; + }; + }; + }; + wayland.windowManager.hyprland = { enable = true; extraConfig = '' @@ -50,24 +88,31 @@ in { } } - monitor = DP-2, 1920x1200, 0x0, 1, transform, 3 - monitor = DP-1, 2560x1440, 1200x320, 1 + # monitor = DP-2, 1920x1200, 0x0, 1, transform, 3 + # monitor = DP-1, 2560x1440, 1200x320, 1 + # monitor = eDP-1, 1920x1080, 3760x230, 1 + + monitor = DP-2, 2560x1440, 1200x320, 1 monitor = eDP-1, 1920x1080, 3760x230, 1 - exec-once = ${config.programs.waybar.package}/bin/waybar + bindl=,switch:off:Lid Switch,exec,${switchMonitorScript} open + bindl=,switch:on:Lid Switch,exec,${switchMonitorScript} close + exec-once = ${config.services.mako.package}/bin/mako exec-once = ${pkgs.hyprpaper}/bin/hyprpaper - exec-once = ${config.programs.thunderbird.package}/bin/thunderbird windowrulev2 = tile, class:^(Spotify)$ windowrulev2 = workspace 9, class:^(Spotify)$ - windowrulev2 = workspace 8, class:thunderbird + windowrulev2 = tile, class:^(fluffychat)$ + windowrulev2 = workspace 8, class:^(fluffychat)$ + windowrulev2 = tile, class:^(WhatsApp for Linux)$ + windowrulev2 = workspace 7, class:^(WhatsApp for Linux)$ bind = SUPER, b, exec, firefox bind = SUPER SHIFT, b , exec, ${pkgs.waypipe}/bin/waypipe --compress lz4=10 ssh mothership.fleet firefox - bind = SUPER SHIFT, RETURN, exec, ${config.programs.kitty.package}/bin/kitty ssh mothership.fleet - bind = SUPER, m, exec, ${config.programs.kitty.package}/bin/kitty mosh mothership.fleet - bind = SUPER, RETURN, exec, ${config.programs.kitty.package}/bin/kitty + bind = SUPER SHIFT, RETURN, exec, ${config.programs.wezterm.package}/bin/wezterm ssh mothership.fleet + bind = SUPER, m, exec, ${config.programs.wezterm.package}/bin/wezterm start -- mosh mothership.fleet + bind = SUPER, RETURN, exec, ${config.programs.wezterm.package}/bin/wezterm bind = SUPER, x, exec, emacsclient -c bind = SUPER, y, exec, ${pkgs.waypipe}/bin/waypipe --compress lz4=10 ssh mothership.fleet emacsclient -c bind = SUPER, d, exec, ${pkgs.fuzzel}/bin/fuzzel --background-color=253559cc --border-radius=5 --border-width=0 @@ -120,10 +165,10 @@ in { # See https://wiki.hyprland.org/Configuring/Variables/ for more rounding = 4 - blur = true - blur_size = 8 - blur_passes = 1 - blur_new_optimizations = true + # blur = true + # blur_size = 8 + # blur_passes = 1 + # blur_new_optimizations = true drop_shadow = true shadow_range = 4 diff --git a/hmModules/lazygit/default.nix b/hmModules/lazygit/default.nix index 7817008..1689ddc 100644 --- a/hmModules/lazygit/default.nix +++ b/hmModules/lazygit/default.nix @@ -4,7 +4,8 @@ settings = { git.paging = { colorArg = "always"; - useConfig = true; + useConfig = false; + # pager = "${pkgs.diff-so-fancy}/bin/diff-so-fancy"; pager = "${pkgs.delta}/bin/delta --dark --paging=never"; }; }; diff --git a/hmModules/nheko/default.nix b/hmModules/nheko/default.nix new file mode 100644 index 0000000..9a4a89e --- /dev/null +++ b/hmModules/nheko/default.nix @@ -0,0 +1,18 @@ +{pkgs, ...}: { + home.packages = [pkgs.nheko]; + + # systemd.user.services.nheko = { + # Install.WantedBy = ["graphical-session.target"]; + + # Unit = { + # Description = "Nheko"; + # PartOf = ["graphical-session.target"]; + # }; + + # Service = { + # ExecStart = "${pkgs.nheko}/bin/nheko"; + # Restart = "on-failure"; + # RestartSec = 3; + # }; + # }; +} diff --git a/hmModules/pantalaimon/default.nix b/hmModules/pantalaimon/default.nix new file mode 100644 index 0000000..36331cc --- /dev/null +++ b/hmModules/pantalaimon/default.nix @@ -0,0 +1,13 @@ +{ + services.pantalaimon = { + enable = true; + settings = { + local-matrix = { + Homeserver = "https://nixos.dev"; + ListenAddress = "127.0.0.1"; + ListenPort = 8008; + }; + }; + }; + systemd.user.services.pantalaimon.Unit.Requires = ["dbus.socket"]; +} diff --git a/hmModules/shell/default.nix b/hmModules/shell/default.nix index b776865..7f6da64 100644 --- a/hmModules/shell/default.nix +++ b/hmModules/shell/default.nix @@ -41,7 +41,7 @@ # Playing with it sometimes programs.nushell = { - enable = true; + enable = false; configFile.text = '' let carapace_completer = {|spans| carapace $spans.0 nushell $spans | from json @@ -93,7 +93,7 @@ }; programs.zsh = { - enable = false; # Disabled in favor on nushell but still here for posterity + enable = true; enableAutosuggestions = true; enableCompletion = true; enableSyntaxHighlighting = true; @@ -117,17 +117,42 @@ "thefuck" ]; }; + plugins = [ + { + name = "fzf-tab"; + src = pkgs.fetchFromGitHub { + owner = "Aloxaf"; + repo = "fzf-tab"; + rev = "c2b4aa5ad2532cca91f23908ac7f00efb7ff09c9"; + sha256 = "sha256-gvZp8P3quOtcy1Xtt1LAW1cfZ/zCtnAmnWqcwrKel6w="; + }; + } + { + name = "fzf-tab"; + src = pkgs.fetchFromGitHub { + owner = "Aloxaf"; + repo = "fzf-tab"; + rev = "c2b4aa5ad2532cca91f23908ac7f00efb7ff09c9"; + sha256 = "sha256-gvZp8P3quOtcy1Xtt1LAW1cfZ/zCtnAmnWqcwrKel6w="; + }; + } + { + name = "fast-syntax-highlighting"; + src = pkgs.fetchFromGitHub { + owner = "zdharma-continuum"; + repo = "fast-syntax-highlighting"; + rev = "13d7b4e63468307b6dcb2dadf6150818f242cbff"; + sha256 = "sha256-AmsexwVombgVmRvl4O9Kd/WbnVJHPTXETxBv18PDHz4="; + }; + } + ]; shellAliases = { "cat" = "bat"; - "emw" = "emacsclient -c"; - "emnw" = "emacsclient -c -nw"; - "pass-clone" = "[ -d .password-store ] && echo 'Password store archive already exists' || git clone git@git.sr.ht:~zrsk/pass ~/.password-store"; - "getpass" = "pass show $(find .password-store/ -name \"*.gpg\" | sed \"s/\\.password-store\\/\\(.*\\)\\.gpg$/\\1/g\" | fzf) | wl-copy; ((sleep 60 && wl-copy --clear) &)"; - "n" = "nom"; + "em" = "TERM=wezterm emacsclient -nw"; }; - loginExtra = "[[ -z $DISPLAY && $TTY = /dev/tty1 ]] && exec sway"; + loginExtra = "[[ -z $DISPLAY && $TTY = /dev/tty1 ]] && exec dbus-run-session Hyprland"; envExtra = '' - [ $TERM = "dumb" ] && unsetopt zle && PS1='$ ' # for Emacs TRAMP mode + # [ $TERM = "dumb" ] && unsetopt zle && PS1='$ ' # for Emacs TRAMP mode ''; initExtra = '' export CACHIX_AUTH_TOKEN=$(cat ${age.secrets.cachix-personal-token.path}) @@ -149,6 +174,8 @@ zsh-completions nix-zsh-completions carapace # used by nushell + nil # TODO probably not best place + terraform-lsp # TODO probably not best place # nom # FIXME disable on aarch64-linux, breaks everything :( ]; } diff --git a/hmModules/spotify/default.nix b/hmModules/spotify/default.nix index c566a79..db39efa 100644 --- a/hmModules/spotify/default.nix +++ b/hmModules/spotify/default.nix @@ -1,3 +1,20 @@ -{pkgs, ...}: { - home.packages = [pkgs.nur.repos.nltch.spotify-adblock.spotify-adblocked]; +{pkgs, ...}: let + spotify-adblock = pkgs.nur.repos.nltch.spotify-adblock; +in { + home.packages = [spotify-adblock]; + + systemd.user.services.spotify-adblocked = { + Install.WantedBy = ["graphical-session.target"]; + + Unit = { + Description = "Spotify"; + PartOf = ["graphical-session.target"]; + }; + + Service = { + ExecStart = "${spotify-adblock}/bin/spotify"; + Restart = "on-failure"; + RestartSec = 3; + }; + }; } diff --git a/hmModules/swayidle/default.nix b/hmModules/swayidle/default.nix index 0c0b3a2..dbc73ba 100644 --- a/hmModules/swayidle/default.nix +++ b/hmModules/swayidle/default.nix @@ -55,5 +55,8 @@ }; # Otherwise it will start only after Sway and will not work with Hyprland - systemd.user.services.swayidle.Unit.PartOf = lib.mkForce []; + systemd.user.services.swayidle = { + Unit.PartOf = lib.mkForce []; + Install.WantedBy = lib.mkForce ["hyprland-session.target"]; + }; } diff --git a/hmModules/waybar/default.nix b/hmModules/waybar/default.nix index 61fe421..90794cf 100644 --- a/hmModules/waybar/default.nix +++ b/hmModules/waybar/default.nix @@ -1,12 +1,15 @@ -{pkgs, ...}: { +{ + pkgs, + lib, + fleetFlake, + ... +}: { programs.waybar = { - package = pkgs.waybar.overrideAttrs (old: { - mesonFlags = old.mesonFlags ++ ["-Dexperimental=true"]; - patchPhase = '' - sed -i -e 's/zext_workspace_handle_v1_activate(workspace_handle_);/const std::string command = "hyprctl dispatch workspace " + name_;\n\tsystem(command.c_str());/g' src/modules/wlr/workspace_manager.cpp - ''; - }); + # package = fleetFlake.packages.${pkgs.system}.waybar-hyprland; enable = true; + systemd = { + enable = true; + }; style = builtins.readFile ./style.css; settings = { mainBar = { @@ -17,7 +20,7 @@ modules-left = [ "wlr/mode" - "wlr/workspaces" + "hyprland/workspaces" ]; modules-center = ["wlr/window"]; modules-right = [ @@ -31,7 +34,7 @@ "clock" ]; - "wlr/workspaces" = { + "hyprland/workspaces" = { all-outputs = true; disable-scroll-wraparound = true; # format = "{icon}"; @@ -56,8 +59,8 @@ format = "{capacity}% {icon}"; format-alt = "{time} {icon}"; format-charging = "{capacity}% "; - format-icons = ["" "" "" "" ""]; - format-plugged = "{capacity}% "; + format-icons = [" " " " " " " " " "]; + format-plugged = "{capacity}%  "; states = { critical = 15; warning = 30; @@ -76,9 +79,9 @@ interval = 1; format-alt = "{ifname}: {ipaddr}/{cidr}"; format-disconnected = "Disconnected ⚠"; - format-ethernet = "{ifname}: {ipaddr}/{cidr}  up: {bandwidthUpBits} down: {bandwidthDownBits}"; + format-ethernet = "{ifname}: {ipaddr}/{cidr} 󰈀 up: {bandwidthUpBits} down: {bandwidthDownBits}"; format-linked = "{ifname} (No IP) "; - format-wifi = "{essid} ({signalStrength}%) "; + format-wifi = "{essid} ({signalStrength}%)  {ipaddr}/{cidr} up: {bandwidthUpBits} down: {bandwidthDownBits}"; }; pulseaudio = { format = "{volume}% {icon} {format_source}"; @@ -86,9 +89,9 @@ format-bluetooth-muted = " {icon} {format_source}"; format-icons = { car = ""; - default = ["" "" ""]; + default = [" " " " " "]; handsfree = ""; - headphones = ""; + headphones = " "; headset = ""; phone = ""; portable = ""; @@ -108,4 +111,7 @@ }; }; }; + + # waybar needs the hyprctl binary in PATH when started in hyprland + systemd.user.services.waybar.Service.Environment = "PATH=${lib.makeBinPath [pkgs.hyprland]}"; } diff --git a/hmModules/wezterm/default.nix b/hmModules/wezterm/default.nix new file mode 100644 index 0000000..09d066d --- /dev/null +++ b/hmModules/wezterm/default.nix @@ -0,0 +1,30 @@ +{...}: { + programs.wezterm = { + enable = true; + extraConfig = '' + return { + font = wezterm.font_with_fallback { + { + family = 'Iosevka Comfy', + stretch = 'Expanded', + weight = 'Regular', + harfbuzz_features = { 'dlig=1' } + }, + }; + font_size = 13; + allow_square_glyphs_to_overflow_width = "Always"; + color_scheme = "Dracula (Official)"; + window_background_opacity = 1; + enable_tab_bar = false; + hide_mouse_cursor_when_typing = false; + window_close_confirmation = "NeverPrompt"; + window_padding = { + left = '1cell', + right = '1cell', + top = '0.5cell', + bottom = '0.5cell', + }; + } + ''; + }; +} diff --git a/hmModules/whatsapp/default.nix b/hmModules/whatsapp/default.nix new file mode 100644 index 0000000..5d0335a --- /dev/null +++ b/hmModules/whatsapp/default.nix @@ -0,0 +1,18 @@ +{pkgs, ...}: { + home.packages = [pkgs.whatsapp-for-linux]; + + systemd.user.services.whatsapp = { + Install.WantedBy = ["graphical-session.target"]; + + Unit = { + Description = "Whatsapp"; + PartOf = ["graphical-session.target"]; + }; + + Service = { + ExecStart = "${pkgs.whatsapp-for-linux}/bin/whatsapp-for-linux"; + Restart = "on-failure"; + RestartSec = 3; + }; + }; +} diff --git a/hmModules/xdg/default.nix b/hmModules/xdg/default.nix index 16c3c60..858798f 100644 --- a/hmModules/xdg/default.nix +++ b/hmModules/xdg/default.nix @@ -1,7 +1,12 @@ -{ +{pkgs, ...}: { xdg = { enable = true; mimeApps.enable = true; + mimeApps.defaultApplications = { + "text/html" = ["firefox.desktop"]; + "x-scheme-handler/http" = ["firefox.desktop"]; + "x-scheme-handler/https" = ["firefox.desktop"]; + }; desktopEntries = { org-protocol = { name = "org-protocol"; @@ -10,6 +15,14 @@ terminal = false; mimeType = ["x-scheme-handler/org-protocol"]; }; + firefox = { + name = "firefox"; + genericName = "Firefox protocol"; + exec = "firefox -- %U"; + terminal = false; + mimeType = ["text/html" "text/xml" "text/uri"]; + }; }; }; + home.packages = [pkgs.xdg-utils]; } diff --git a/hosts/default.nix b/hosts/default.nix index 669dfc6..44e477e 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -141,7 +141,10 @@ ({config, ...}: { home-manager.users."${user}" = { imports = extraHmModules; - _module.args.age = config.age or {}; + _module.args = { + age = config.age or {}; + fleetFlake = self; + }; }; }) ])) @@ -187,27 +190,32 @@ secrets = { "rock5b-wireguard-private-key" = {}; "hercules-ci-join-token".owner = "hercules-ci-agent"; + "hercules-ci-binary-caches".owner = "hercules-ci-agent"; + "cachix-personal-token".owner = "ccr"; + "home-planimetry".owner = "hass"; + # "nextcloud-admin-pass".owner = "nextcloud"; + # "aws-credentials" = {}; }; colmena.deployment.buildOnTarget = true; }; - pbp = { - system = "aarch64-linux"; - extraModules = with inputs; [ - nixosHardware.nixosModules.pine64-pinebook-pro - disko.nixosModules.disko - ]; - extraHmModules = [ - inputs.ccrEmacs.hmModules.default - ]; - secrets = { - "pbp-wireguard-private-key" = {}; - }; - }; - hs = {}; + # pbp = { + # system = "aarch64-linux"; + # extraModules = with inputs; [ + # nixosHardware.nixosModules.pine64-pinebook-pro + # disko.nixosModules.disko + # ]; + # extraHmModules = [ + # # inputs.ccrEmacs.hmModules.default + # ]; + # secrets = { + # "pbp-wireguard-private-key" = {}; + # }; + # }; + # hs = {}; mothership = { extraModules = with inputs; [ disko.nixosModules.disko - nix-serve-ng.nixosModules.default + # nix-serve-ng.nixosModules.default # hydra.nixosModules.hydra ]; extraHmModules = [ @@ -217,7 +225,6 @@ imports = let hmModules = "${inputs.homeManagerGitWorkspace}/modules"; in [ - "${hmModules}/programs/git-workspace.nix" "${hmModules}/services/git-workspace.nix" ]; } @@ -230,8 +237,11 @@ "magit-forge-github-token".owner = "ccr"; # "hydra-admin-password".owner = "root"; # "hydra-github-token".group = "hydra"; - "cache-private-key".owner = "nix-serve"; + # "cache-private-key".owner = "nix-serve"; "hercules-ci-join-token".owner = "hercules-ci-agent"; + "hercules-ci-binary-caches".owner = "hercules-ci-agent"; + # "minio-credentials".owner = "minio"; + # "aws-credentials" = {}; }; }; }; diff --git a/hosts/devbox/default.nix b/hosts/devbox/default.nix index 36590ba..a3b3793 100644 --- a/hosts/devbox/default.nix +++ b/hosts/devbox/default.nix @@ -21,7 +21,7 @@ enable = true; autologin = true; modules = [ - "emacs" + # "emacs" "git" "gpg" "helix" diff --git a/hosts/mothership/default.nix b/hosts/mothership/default.nix index c675fba..f5d12c6 100644 --- a/hosts/mothership/default.nix +++ b/hosts/mothership/default.nix @@ -15,12 +15,16 @@ "nix" # "vm-sala" "vm-mara" + # "vm-ubuntu" # "hydra" "hercules-ci" "nix-serve" "cgit" "docker" + # "minio" + "proxy" # "binfmt" + "xdg" ]; ccr = { @@ -60,6 +64,8 @@ }; }; + environment.enableAllTerminfo = true; + nixpkgs.config.joypixels.acceptLicense = true; environment.systemPackages = with pkgs; [waypipe]; diff --git a/hosts/rock5b/default.nix b/hosts/rock5b/default.nix index 8b3d2db..9f1ab79 100644 --- a/hosts/rock5b/default.nix +++ b/hosts/rock5b/default.nix @@ -12,9 +12,16 @@ "ssh" "ccr" "wireguard-client" - "minidlna" + # "minidlna" + "mediatomb" "transmission" "hercules-ci" + # "bubbleupnp" + # "nextcloud" + "home-assistant" + # "immich" + "adguard-home" + # "mount-hetzner-box" ] ++ [ ./disko.nix @@ -54,6 +61,12 @@ # in ["credentials=${credentials},x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s"]; # }; + fileSystems."/mnt/hd" = { + device = "/dev/disk/by-id/ata-WDC_WD10EADS-22M2B0_WD-WCAV52709550-part1"; + fsType = "ext4"; + options = ["nofail"]; + }; + environment.systemPackages = with pkgs; [ # kodi-rock5b cifs-utils diff --git a/hosts/rock5b/disko.nix b/hosts/rock5b/disko.nix index 2ec37e7..2ae727d 100644 --- a/hosts/rock5b/disko.nix +++ b/hosts/rock5b/disko.nix @@ -1,7 +1,8 @@ let emmc = "/dev/mmcblk0"; - hd1 = "/dev/disk/by-id/ata-WDC_WD10EADS-22M2B0_WD-WCAV52709550"; - hd2 = "/dev/disk/by-id/ata-WDC_WD10EADX-22TDHB0_WD-WCAV5V359530"; + # hd1 = "/dev/disk/by-id/ata-WDC_WD10EADS-22M2B0_WD-WCAV52709550"; + # hd2 = "/dev/disk/by-id/ata-WDC_WD10EADX-22TDHB0_WD-WCAV5V359530"; + hd = "/dev/disk/by-id/ata-WDC_WD10EADS-22M2B0_WD-WCAV52709550-part1"; # old_hd = "/dev/disk/by-id/ata-WDC_WD5000AAKX-08U6AA0_WD-WCC2E5TR40FU"; in { disko.devices = { @@ -33,67 +34,87 @@ in { ]; }; }; - hd1 = { - type = "disk"; - device = hd1; - content = { - type = "table"; - format = "gpt"; - partitions = [ - { - name = "primary"; - start = "0"; - end = "100%"; - content = { - type = "mdraid"; - name = "raid1"; - }; - } - ]; - }; - }; - hd2 = { - type = "disk"; - device = hd2; - content = { - type = "table"; - format = "gpt"; - partitions = [ - { - name = "primary"; - start = "0"; - end = "100%"; - content = { - type = "mdraid"; - name = "raid1"; - }; - } - ]; - }; - }; + # hd = { + # type = "disk"; + # device = hd; + # content = { + # type = "table"; + # format = "gpt"; + # partitions = [ + # { + # name = "hd"; + # start = "0%"; + # end = "100%"; + # content = { + # type = "filesystem"; + # format = "ext4"; + # mountpoint = "/mnt/hd"; + # }; + # } + # ]; + # }; + # }; + # hd1 = { + # type = "disk"; + # device = hd1; + # content = { + # type = "table"; + # format = "gpt"; + # partitions = [ + # { + # name = "primary"; + # start = "0"; + # end = "100%"; + # content = { + # type = "mdraid"; + # name = "raid1"; + # }; + # } + # ]; + # }; + # }; + # hd2 = { + # type = "disk"; + # device = hd2; + # content = { + # type = "table"; + # format = "gpt"; + # partitions = [ + # { + # name = "primary"; + # start = "0"; + # end = "100%"; + # content = { + # type = "mdraid"; + # name = "raid1"; + # }; + # } + # ]; + # }; + # }; }; - mdadm = { - raid1 = { - type = "mdadm"; - level = 1; - content = { - type = "table"; - format = "gpt"; - partitions = [ - { - name = "primary"; - start = "0"; - end = "100%"; - content = { - type = "filesystem"; - format = "ext4"; - mountpoint = "/mnt/raid"; - }; - } - ]; - }; - }; - }; + # mdadm = { + # raid1 = { + # type = "mdadm"; + # level = 1; + # content = { + # type = "table"; + # format = "gpt"; + # partitions = [ + # { + # name = "primary"; + # start = "0"; + # end = "100%"; + # content = { + # type = "filesystem"; + # format = "ext4"; + # mountpoint = "/mnt/raid"; + # }; + # } + # ]; + # }; + # }; + # }; }; } diff --git a/hosts/thinkpad/default.nix b/hosts/thinkpad/default.nix index 1e83852..0950b16 100644 --- a/hosts/thinkpad/default.nix +++ b/hosts/thinkpad/default.nix @@ -32,6 +32,8 @@ "xdg" "nix-development" "clamav" + "waydroid" + # "gnome-keyring" ]; ccr = { @@ -42,12 +44,14 @@ "digikam" "discord" "element" + # "nheko" # "thunderbird" "aerc" "emacs" "firefox" "git" "gpg" + "gnome-keyring" "helix" "mopidy" "mpv" @@ -68,11 +72,14 @@ "lutris" "wine" "remmina" + "whatsapp" + # "pantalaimon" ]; packages = with pkgs; [ comma dolphin-emu-beta sc-controller + libreoffice ]; extraGroups = [ "wheel" @@ -173,7 +180,7 @@ # services.openssh.enable = true; # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ 5000]; + networking.firewall.allowedTCPPorts = [8000]; # networking.firewall.allowedUDPPorts = [ 5000 ]; # Or disable the firewall altogether. # networking.firewall.enable = false; diff --git a/lib/default.nix b/lib/default.nix index ec40a1c..f751fa9 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -4,11 +4,12 @@ ccr-gpg = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5cEUx25pnZiH3eBrE2xNbJ92gJiKSznDUNRzcEL4ti6FlJm+75p4q0hgdqHwStR8+uCWBL6viVFCGutOVMFE5MX1Oc3A8fJdR6H9Rrwvk/1UQzqzc9tWxw1qPLKz+fnPDomjOvNofghCWQRwX3Xf1HnIqvRwELpNbR9i+/cHkDGzLJxkstbt4gol8ywMPkw02QdKk8s5MEd1vawxc+7Chs0JPW57RDqDYFErYys52JLeAViCBB9bofF+KT42LuRXKSjWlvCV9kR5TL49vUeBgzMQWMh++WQdN4m9lpqFqYyc75I49/E0HGf8LChDSS+hvRnb5MbtnVGjEA4WDHyldmJCvUNob5CUo4FjoSPRi+S/J3Ads8D4JVwaJOJEVqmMKEhiQ0Hzk4hwe3eV/VumlZj4U/QjaCrqqi4TW/iP0gNRfzcfiM+G/z5R7w1NMUpTX7oilyKjMQmGnXB857D3SSptS7dwh5OiKhVmrQMRCduooUsj236abqLU28K//RnxhOgh8kDGgoUHApnTiMZNKhgLiR42lKrubNcW1tAAqoNyFLMwwXeMLjh0iP1b5y8ntfNPNIcGb7vcwpS24z/aIjW7rQ4J7x5EBphHGhys6ne+irdhOM8c7kFr+c8+Q2oU0YAtFuMYztAFOHm1e20X00Zvys2nuee+hT9F1NungAQ== andrea.ciceri@autistici.org"; ccr-ssh = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCzCmDCtlGscpesHuoiruVWD2IjYEFtaIl9Y2JZGiOAyf3V17KPx0MikcknfmxSHi399SxppiaXQHxo/1wjGxXkXNTTv6h1fBuqwhJE6C8+ZSV+gal81vEnXX+/9w2FQqtVgnG2/mO7oJ0e3FY+6kFpOsGEhYexoGt/UxIpAZoqIN+CWNhJIASUkneaZWtgwiL8Afb59kJQ2E7WbBu+PjYZ/s5lhPobhlkz6s8rkhItvYdiSHT0DPDKvp1oEbxsxd4E4cjJFbahyS8b089NJd9gF5gs0b74H/2lUUymnl63cV37Mp4iXB4rtE69MbjqsGEBKTPumLualmc8pOGBHqWIdhAqGdZQeBajcb6VK0E3hcU0wBB+GJgm7KUzlAHGdC3azY0KlHMrLaZN0pBrgCVR6zBNWtZz2B2qMBZ8Cw+K4vut8GuspdXZscID10U578GxQvJAB9CdxNUtrzSmKX2UtZPB1udWjjIAlejzba4MG73uXgQEdv0NcuHNwaLuCWxTUT5QQF18IwlJ23Mg8aPK8ojUW5A+kGHAu9wtgZVcX1nS5cmYKSgLzcP1LA1l9fTJ1vqBSuy38GTdUzfzz7AbnkRfGPj2ALDgyx17Rc5ommjc1k0gFoeIqiLaxEs5FzDcRyo7YvZXPsGeIqNCYwQWw3+U+yUEJby8bxGb2d/6YQ== andrea.ciceri@autistici.org"; oneplus6t = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1xBMLABwQQGOrbFXDqJEvcBQFvTx/Fj+k/qBa+FXPobH2BcOj8NxrExliP3krPTi+srEaA0fQHBy/tFktiZQvx82KPan9dpmRlc6G970Ej9M6dNbwl4zTMAgZ3E8U5HCvoXTaFeSS2mrlRq5pyy7dZcVkPMvhgP65d+gx6fJbQhiDGBGJg2CWU8b1bUG703EkYcKAZY57Db+j/8/VoBsS3TAAJzW8CVxN1nqKeYCcgPR7y2HjZihlSUPJsdwV4D46qj1gLh+NdYh5iBUICOXBIt26hiQhRPtY+mtH2eWW1NdnCp2gk6IaMQEHKCy9t5L3VybQJzaqDZwQAyQZIbonb+X8hlkhvf9CjlrjILoroLN3RE5te/WQQzyTR4Ni8A6+Mu+1JHW5JWM3Iz9u77ceLc9/4UFkdFSALZjFUYIevQLUitVZCdJkqNxizyJmpCgjAnArhjItX6hO4Dq96TRWcHDtCsk1jJ1CCUZRwkkzZjmob86CS58zERkwWbWKGSejxSO6YQZTFsgon76r2x5Cd1GoG4vCtFMqyOQzDTHZqVxYjWJrySFg2GnCIy4wth1tpwB/uzobM9Xn01V6vdQNDI7a/4XHZ7IQWiGy2dme6R+PmAma1RgxAioPt5IZrv8nlb2YWXuoXS66RSwV9A9U+98hVfZc29KJ+2fKVy/JBQ== oneplus6t"; + hercules-ci-agent = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGPupm00BiveTIYF6CNwuMijF5VvEaPDMjvt+vMlAy+N hercules-ci-agent"; }; hosts = { thinkpad = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDZMyLFfuBeDfPLn8WL6JazYpYq3oVvCdD4ktyt915TL"; mothership = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFlepPWHE9GvQIBcAQBQPd80oiePSPxGDnMdqpdEqx6I"; - rock5b = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOj/9N6A/tGAg3bMYsD3d3Ctacguf5OQkoZlnaBqMjVi"; + rock5b = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDlpd0GhZv0NyDQBTJ130JfC5/r+PvdkHIOaGssm8cPG"; pbp = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFF05LScu9m5BXMlFAT1g+g/AkAi7kvq1dY6W3Rzqq3f"; }; }; diff --git a/modules/adguard-home/default.nix b/modules/adguard-home/default.nix new file mode 100644 index 0000000..72f18a2 --- /dev/null +++ b/modules/adguard-home/default.nix @@ -0,0 +1,11 @@ +{ + services.adguardhome = { + enable = true; + settings = { + bind_port = 3000; + openFirewall = true; + }; + }; + networking.firewall.allowedTCPPorts = [3000 53]; + networking.firewall.allowedUDPPorts = [53]; +} diff --git a/modules/binfmt/default.nix b/modules/binfmt/default.nix index 8bf9fa8..94480de 100644 --- a/modules/binfmt/default.nix +++ b/modules/binfmt/default.nix @@ -4,7 +4,7 @@ pkgs, ... }: { - boot.binfmt.emulatedSystems = ["aarch64-linux" "i686-linux"]; + boot.binfmt.emulatedSystems = ["aarch64-linux" "i686-linux" "riscv64-linux"]; nix.extraOptions = '' extra-platforms = aarch64-linux arm-linux i686-linux ''; diff --git a/modules/bubbleupnp/default.nix b/modules/bubbleupnp/default.nix new file mode 100644 index 0000000..64c304f --- /dev/null +++ b/modules/bubbleupnp/default.nix @@ -0,0 +1,11 @@ +{ + virtualisation.oci-containers.containers = { + bubbleupnpserver = { + image = "bubblesoftapps/bubbleupnpserver"; + ports = ["58050:58050"]; + extraOptions = ["--network=host" "-device /dev/dri:/dev/dri"]; + }; + }; + + networking.firewall.allowedTCPPorts = [58050]; +} diff --git a/modules/ccr/default.nix b/modules/ccr/default.nix index 995fe93..5a8eae0 100644 --- a/modules/ccr/default.nix +++ b/modules/ccr/default.nix @@ -52,10 +52,12 @@ description = "Andrea Ciceri"; isNormalUser = true; inherit (config.ccr) extraGroups; - shell = pkgs.nushell; + shell = pkgs.zsh; openssh.authorizedKeys.keys = config.ccr.authorizedKeys; }; + programs.zsh.enable = true; + services.getty.autologinUser = if config.ccr.autologin then "ccr" diff --git a/modules/docker/default.nix b/modules/docker/default.nix index ff20993..b349dcf 100644 --- a/modules/docker/default.nix +++ b/modules/docker/default.nix @@ -5,8 +5,10 @@ ... }: { virtualisation.docker.enable = true; + virtualisation.podman.enable = true; users.users.ccr.extraGroups = ["docker"]; environment.systemPackages = with pkgs; [ docker-compose + podman-compose ]; } diff --git a/modules/fonts/default.nix b/modules/fonts/default.nix index 94f3e8d..fdda365 100644 --- a/modules/fonts/default.nix +++ b/modules/fonts/default.nix @@ -1,6 +1,6 @@ {pkgs, ...}: { fonts = { - fonts = with pkgs; [powerline-fonts dejavu_fonts fira-code fira-code-symbols emacs-all-the-icons-fonts nerdfonts joypixels etBook]; + fonts = with pkgs; [powerline-fonts dejavu_fonts fira-code fira-code-symbols iosevka iosevka-comfy.comfy emacs-all-the-icons-fonts nerdfonts joypixels etBook]; fontconfig.defaultFonts = { monospace = ["DejaVu Sans Mono for Powerline"]; sansSerif = ["DejaVu Sans"]; diff --git a/modules/gnome-keyring/default.nix b/modules/gnome-keyring/default.nix new file mode 100644 index 0000000..9dd1656 --- /dev/null +++ b/modules/gnome-keyring/default.nix @@ -0,0 +1,3 @@ +{ + services.gnome.gnome-keyring.enable = true; +} diff --git a/modules/grocy/default.nix b/modules/grocy/default.nix new file mode 100644 index 0000000..72ba8bc --- /dev/null +++ b/modules/grocy/default.nix @@ -0,0 +1,45 @@ +{ + pkgs, + config, + ... +}: { + nixpkgs.overlays = [ + (self: super: { + grocy = super.grocy.overrideAttrs (old: { + meta.broken = false; + version = "4.0.1"; + src = pkgs.fetchFromGitHub { + owner = "grocy"; + repo = "grocy"; + rev = "v4.0.1"; + hash = "sha256-bCUH2dRCSNkpWyUxGdTdjgVsagbBghcHsBX01+NuHGc="; + }; + }); + }) + ]; + services.grocy = { + enable = true; + hostName = "grocy.aciceri.dev"; + nginx.enableSSL = false; + settings = { + culture = "it"; + currency = "EUR"; + calendar = { + firstDayOfWeek = 1; + showWeekNumber = true; + }; + }; + }; + services.nginx.virtualHosts.${config.services.grocy.hostName}.listen = [ + { + addr = "0.0.0.0"; + port = 6789; + ssl = false; + } + ]; + networking.firewall.interfaces."wg0" = { + allowedTCPPorts = [ + 6789 + ]; + }; +} diff --git a/modules/hercules-ci/default.nix b/modules/hercules-ci/default.nix index 10beff5..14b9940 100644 --- a/modules/hercules-ci/default.nix +++ b/modules/hercules-ci/default.nix @@ -8,9 +8,29 @@ settings = { concurrentTasks = 8; clusterJoinTokenPath = config.age.secrets.hercules-ci-join-token.path; - # Don't need using private caches, if I would ever need remember to use agenix! - binaryCachesPath = pkgs.writeText "binary-caches-path" (builtins.toJSON {}); - # secretsJsonPath = config.hci-secrets.hci-mlabs-haskell.target; + binaryCachesPath = config.age.secrets.hercules-ci-binary-caches.path; + # secretsJsonPath = config.hercules-ci-secrets.path; }; }; + + # Popola /var/lib/hercules-ci-agent/.ssh/ e /root/ con chiavi in grado di accedere root@cache.aciceri.dev + + # systemd.tmpfiles.rules = [ + # "d ${config.users.users.root.home}/.aws 770 root root" + # "d ${config.users.users.hercules-ci-agent.home}/.aws 770 hercules-ci-agent hercules-ci-agent" + # ]; + + # system.activationScripts.aws-credentials = '' + # install ${config.age.secrets.aws-credentials.path} \ + # ${config.users.users.hercules-ci-agent.home}/.aws/credentials \ + # -D \ + # --owner=hercules-ci-agent \ + # --group=hercules-ci-agent \ + # --mode=770 + + # install \ + # ${config.age.secrets.aws-credentials.path} \ + # -D \ + # ${config.users.users.root.home}/.aws/credentials + # ''; } diff --git a/modules/home-assistant/default.nix b/modules/home-assistant/default.nix new file mode 100644 index 0000000..558b941 --- /dev/null +++ b/modules/home-assistant/default.nix @@ -0,0 +1,174 @@ +{ + pkgs, + config, + ... +}: let + smartthings-fork = pkgs.fetchFromGitHub { + owner = "veista"; + repo = "smartthings"; + rev = "ba1a6f33c6ac37d81f4263073571628803e79697"; + sha256 = "sha256-X3SYkg0B5pzEich7/4iUmlADJneVuT8HTVnIiC7odRE="; + }; + pun_sensor = pkgs.fetchFromGitHub { + owner = "virtualdj"; + repo = "pun_sensor"; + rev = "19f270b353594ab536f9dc42adf31427e7a81562"; + hash = "sha256-3pL+8CXzjmR54Ff9qLhHzC/C+uns0qWEgJFHv+K4MFs="; + }; + cozy_life = pkgs.fetchFromGitHub { + owner = "yangqian"; + repo = "hass-cozylife"; + rev = "9a40a2fa09b0f74aee0b278e2858f5600b3487a9"; + hash = "sha256-i+82EUamV1Fhwhb1vhRqn9aA9dJ0FxSSMD734domyhw="; + }; + localtuya = pkgs.fetchFromGitHub { + owner = "rospogrigio"; + repo = "localtuya"; + rev = "f06e4848e67997edfa696aa9a89372fb17077bd0"; + hash = "sha256-hA/1FxH0wfM0jz9VqGCT95rXlrWjxV5oIkSiBf0G0ac="; + }; +in { + services.home-assistant = { + enable = true; + openFirewall = true; + package = pkgs.home-assistant.overrideAttrs (old: { + doInstallCheck = false; + prePatch = + '' + rm -rf homeassistant/components/smartthings + cp -r ${smartthings-fork}/custom_components/smartthings homeassistant/components/smartthings + '' + + old.prePatch; + }); + extraComponents = [ + # components required to complete the onboarding + # "esphome" + "met" + "radio_browser" + "frontend" + "cloud" + "google_translate" + "smartthings" # samsung devices + "tuya" + "timer" + "cast" + "weather" + "backup" + "brother" + "webostv" + "media_player" + "wyoming" + ]; + extraPackages = python3Packages: + with python3Packages; [ + # used by pun_sensor + holidays + beautifulsoup4 + ]; + config = { + default_config = {}; + http = { + use_x_forwarded_for = true; + trusted_proxies = ["10.100.0.1"]; + }; + # ffmpeg = {}; + # camera = [ + # { + # name = "EyeToy"; + # platform = "ffmpeg"; + # input = "/dev/video1"; + # extra_arguments = "-vcodec h264"; + # } + # ]; + homeassistant = { + unit_system = "metric"; + time_zone = "Europe/Rome"; + temperature_unit = "C"; + external_url = "https://home.aciceri.dev"; + internal_url = "http://rock5b.fleet:8123"; + }; + logger.default = "WARNING"; + # backup = {}; + # media_player = [{ + # platform = "webostv"; + # host = "10.1.1.213"; + # name = "TV"; + # timeout = "5"; + # turn_on_action = { + # service = "wake_on_lan.send_magic_packet"; + # data.mac = "20:28:bc:74:14:c2"; + # }; + # }]; + }; + }; + + # services.avahi.enable = true; + # services.avahi.nssmdns = true; + + # systemd.services.home-assistant.serviceConfig = { + # SupplementaryGroups = ["video"]; + # DeviceAllow = ["/dev/video1"]; + # }; + # users.users.hass.extraGroups = ["video"]; + + systemd.tmpfiles.rules = [ + "d ${config.services.home-assistant.configDir}/custom_components 770 hass hass" + "L+ ${config.services.home-assistant.configDir}/custom_components/pun_sensor - - - - ${pun_sensor}/custom_components/pun_sensor" + "L+ ${config.services.home-assistant.configDir}/custom_components/cozy_life - - - - ${cozy_life}/custom_components/cozylife" + "L+ ${config.services.home-assistant.configDir}/custom_components/localtuya - - - - ${localtuya}/custom_components/localtuya" + "d ${config.services.home-assistant.configDir}/www 770 hass hass" + "C ${config.services.home-assistant.configDir}/www/home.png - - - - ${config.age.secrets.home-planimetry.path}" + ]; + + networking.firewall.interfaces."wg0" = { + allowedTCPPorts = [ + config.services.home-assistant.config.http.server_port + 56000 + ]; + }; + + # virtualisation.oci-containers.containers = { + # cam2ip = { + # image = "gen2brain/cam2ip:arm"; + # ports = ["56000:56000"]; + # extraOptions = [ "--device=/dev/video1:/dev/video1"]; + # environment.CAM2IP_INDEX = "1"; + # }; + # }; + + virtualisation.oci-containers = { + containers = { + whisper = { + image = "rhasspy/wyoming-whisper:latest"; + ports = ["10300:10300"]; + cmd = [ + "--model" + "medium-int8" + "--language" + "it" + ]; + }; + piper = { + image = "rhasspy/wyoming-piper:latest"; + ports = ["10200:10200"]; + cmd = [ + "--voice" + "it_IT-riccardo-x_low" + ]; + }; + }; + }; + + # virtualisation.oci-containers = { + # backend = "podman"; + # containers.homeassistant = { + # volumes = [ "home-assistant:/config" ]; + # environment.TZ = "Europe/Rome"; + # image = "ghcr.io/home-assistant/home-assistant:stable"; # Warning: if the tag does not change, the image will not be updated + # extraOptions = [ + # "--network=host" + # "--device=/dev/ttyACM0:/dev/ttyACM0" # Example, change this to match your own hardware + # ]; + # }; + # };s +} diff --git a/modules/home-assistant/home.png b/modules/home-assistant/home.png new file mode 100644 index 0000000..8a65c4f Binary files /dev/null and b/modules/home-assistant/home.png differ diff --git a/modules/immich/default.nix b/modules/immich/default.nix new file mode 100644 index 0000000..c632f0d --- /dev/null +++ b/modules/immich/default.nix @@ -0,0 +1,81 @@ +{ + config, + fleetFlake, + pkgs, + lib, + ... +}: let + typesenseApiKeyFile = pkgs.writeText "typesense-api-key" "12318551487654187654"; # api key not ime, stolen from upstram PR + pkgsImmich = fleetFlake.inputs.nixpkgsImmich.legacyPackages.${pkgs.system}.extend (final: prev: { + python = prev.python.override { + packageOverrides = final: prev: { + insightface = prev.insightface.overrideAttrs (_: { + pythonCatchConflictsPhase = ""; + }); + }; + }; + }); +in { + imports = ["${fleetFlake.inputs.nixpkgsImmich}/nixos/modules/services/web-apps/immich.nix"]; + + services.immich = { + package = pkgsImmich.immich; + enable = true; + server.mediaDir = "/mnt/hd/immich"; + server.typesense.apiKeyFile = typesenseApiKeyFile; + }; + + services.typesense = { + enable = true; + # In a real setup you should generate an api key for immich + # and not use the admin key! + apiKeyFile = typesenseApiKeyFile; + settings.server.api-address = "127.0.0.1"; + }; + + systemd.tmpfiles.rules = [ + "d /mnt/hd/immich 770 immich immich" + ]; + + # networking.firewall.allowedTCPPorts = [8080]; + # virtualisation.oci-containers.containers.immich = { + # image = "ghcr.io/imagegenius/immich:latest"; + # extraOptions = ["--network=host"]; + # volumes = [ + # "/mnt/immich/photos:/photos" + # "/mnt/immich/config:/config" + # ]; + # environment = { + # PUID=builtins.toString config.users.users.ccr.uid; + # PGID=builtins.toString config.users.groups.wheel.gid; + # TZ="Europe/Rome"; + # DB_HOSTNAME="localhost"; + # DB_USERNAME="postgres"; + # DB_PASSWORD="postgres"; + # DB_DATABASE_NAME="immich"; + # DB_PORT="54320"; + # REDIS_HOSTNAME="localhost"; + # DISABLE_MACHINE_LEARNING="false"; + # DISABLE_TYPESENSE="false"; + # }; + # }; + + # virtualisation.oci-containers.containers.immich-redis = { + # image = "redis"; + # extraOptions = ["--network=host"]; + # }; + + # virtualisation.oci-containers.containers.immich-postgres = { + # image = "postgres:14"; + # extraOptions = ["--network=host"]; + # environment = { + # POSTGRES_USER = "postgres"; + # POSTGRES_PASSWORD = "postgres"; + # POSTGRES_DB = "immich"; + # PGPORT = "54320"; + # }; + # volumes = [ + # "/mnt/immich/postgres:/var/lib/postgresql/data" + # ]; + # }; +} diff --git a/modules/immich/module.nix b/modules/immich/module.nix new file mode 100644 index 0000000..b31f11f --- /dev/null +++ b/modules/immich/module.nix @@ -0,0 +1,608 @@ +{ + config, + lib, + pkgs, + ... +}: let + inherit + (lib) + hasAttr + hasPrefix + maintainers + mapAttrs + mkDefault + mkEnableOption + mkIf + mkMerge + mkOption + mkPackageOption + optional + optionalAttrs + optionalString + types + ; + + cfg = config.services.immich; + serverCfg = config.services.immich.server; + backendCfg = serverCfg.backend; + microservicesCfg = serverCfg.microservices; + webCfg = cfg.web; + mlCfg = cfg.machineLearning; + + isServerPostgresUnix = hasPrefix "/" serverCfg.postgres.host; + postgresEnv = + if isServerPostgresUnix + then { + # If passwordFile is given, this will be overwritten in ExecStart + DB_URL = "socket://${serverCfg.postgres.host}?dbname=${serverCfg.postgres.database}"; + } + else { + DB_HOSTNAME = serverCfg.postgres.host; + DB_PORT = toString serverCfg.postgres.port; + DB_DATABASE_NAME = serverCfg.postgres.database; + DB_USERNAME = serverCfg.postgres.username; + }; + + typesenseEnv = + { + TYPESENSE_ENABLED = toString serverCfg.typesense.enable; + } + // optionalAttrs serverCfg.typesense.enable { + TYPESENSE_HOST = serverCfg.typesense.host; + TYPESENSE_PORT = toString serverCfg.typesense.port; + TYPESENSE_PROTOCOL = serverCfg.typesense.protocol; + }; + + # Don't start a redis instance if the user sets a custom redis connection + enableRedis = !hasAttr "REDIS_URL" serverCfg.extraConfig && !hasAttr "REDIS_SOCKET" serverCfg.extraConfig; + redisServerCfg = config.services.redis.servers.immich; + redisEnv = optionalAttrs enableRedis { + REDIS_SOCKET = redisServerCfg.unixSocket; + }; + + serverEnv = + postgresEnv + // typesenseEnv + // redisEnv + // { + NODE_ENV = "production"; + + IMMICH_MEDIA_LOCATION = serverCfg.mediaDir; + IMMICH_MACHINE_LEARNING_URL = + if serverCfg.machineLearningUrl != null + then serverCfg.machineLearningUrl + else "false"; + }; + + serverStartWrapper = program: '' + set -euo pipefail + mkdir -p ${serverCfg.mediaDir} + + ${optionalString (serverCfg.postgres.passwordFile != null) ( + if isServerPostgresUnix + then ''export DB_URL="socket://${serverCfg.postgres.username}:$(cat ${serverCfg.postgres.passwordFile})@${serverCfg.postgres.host}?dbname=${serverCfg.postgres.database}"'' + else "export DB_PASSWORD=$(cat ${serverCfg.postgres.passwordFile})" + )} + + ${optionalString serverCfg.typesense.enable '' + export TYPESENSE_API_KEY=$(cat ${serverCfg.typesense.apiKeyFile}) + ''} + + exec ${program} + ''; + + commonServiceConfig = { + Restart = "on-failure"; + + # Hardening + CapabilityBoundingSet = ""; + LockPersonality = true; + MemoryDenyWriteExecute = true; + NoNewPrivileges = true; + PrivateUsers = true; + PrivateTmp = true; + PrivateDevices = true; + PrivateMounts = true; + ProtectClock = true; + ProtectControlGroups = true; + ProtectHome = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectProc = "invisible"; + ProcSubset = "pid"; + # Would re-mount paths ignored by temporary root + # TODO ProtectSystem = "strict"; + RemoveIPC = true; + RestrictAddressFamilies = [ + "AF_INET" + "AF_INET6" + "AF_UNIX" + ]; + RestrictNamespaces = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + SystemCallArchitectures = "native"; + SystemCallFilter = [ + "@system-service" + "~@privileged" + "@pkey" + ]; + UMask = "0077"; + }; + + serverServiceConfig = { + DynamicUser = true; + User = "immich"; + Group = "immich"; + SupplementaryGroups = optional enableRedis redisServerCfg.user; + + StateDirectory = "immich"; + StateDirectoryMode = "0750"; + WorkingDirectory = "/var/lib/immich"; + + MemoryDenyWriteExecute = false; # nodejs requires this. + EnvironmentFile = mkIf (serverCfg.environmentFile != null) serverCfg.environmentFile; + + TemporaryFileSystem = "/:ro"; + BindReadOnlyPaths = + [ + "/nix/store" + "-/etc/resolv.conf" + "-/etc/nsswitch.conf" + "-/etc/hosts" + "-/etc/localtime" + "-/run/postgresql" + ] + ++ optional enableRedis redisServerCfg.unixSocket; + }; +in { + options.services.immich = { + enable = + mkEnableOption "immich" + // { + description = '' + Enables immich which consists of a backend server, microservices, + machine-learning and web ui. You can disable or reconfigure components + individually using the subsections. + ''; + }; + + package = mkPackageOption pkgs "immich" {}; + + server = { + mediaDir = mkOption { + type = types.str; + default = "/var/lib/immich/media"; + description = "Directory used to store media files."; + }; + + backend = { + enable = + mkEnableOption "immich backend server" + // { + default = true; + }; + port = mkOption { + type = types.port; + default = 3001; + description = "Port to bind to."; + }; + + openFirewall = mkOption { + default = false; + type = types.bool; + description = "Whether to open the firewall for the specified port."; + }; + + extraConfig = mkOption { + type = types.attrs; + default = {}; + example = { + LOG_LEVEL = "debug"; + }; + description = '' + Extra configuration options (environment variables). + Refer to [the documented variables](https://documentation.immich.app/docs/install/environment-variables) tagged with 'server' for available options. + ''; + }; + + environmentFile = mkOption { + type = types.nullOr types.path; + default = null; + description = '' + Environment file as defined in systemd.exec(5). May be used to provide + additional secret variables to the service without adding them to the + world-readable Nix store. + ''; + }; + }; + + microservices = { + enable = + mkEnableOption "immich microservices" + // { + default = true; + }; + + port = mkOption { + type = types.port; + default = 3002; + description = "Port to bind to."; + }; + + openFirewall = mkOption { + default = false; + type = types.bool; + description = "Whether to open the firewall for the specified port."; + }; + + extraConfig = mkOption { + type = types.attrs; + default = {}; + example = { + REVERSE_GEOCODING_PRECISION = 1; + }; + description = '' + Extra configuration options (environment variables). + Refer to [the documented variables](https://documentation.immich.app/docs/install/environment-variables) tagged with 'microservices' for available options. + ''; + }; + + environmentFile = mkOption { + type = types.nullOr types.path; + default = null; + description = '' + Environment file as defined in systemd.exec(5). May be used to provide + additional secret variables to the service without adding them to the + world-readable Nix store. + ''; + }; + }; + + typesense = { + enable = + mkEnableOption "typesense" + // { + default = true; + }; + + host = mkOption { + type = types.str; + default = "127.0.0.1"; + example = "typesense.example.com"; + description = "Hostname/address of the typesense server to use."; + }; + + port = mkOption { + type = types.port; + default = 8108; + description = "The port of the typesense server to use."; + }; + + protocol = mkOption { + type = types.str; + default = "http"; + description = "The protocol to use when connecting to the typesense server."; + }; + + apiKeyFile = mkOption { + type = types.path; + description = "Sets the api key for authentication with typesense."; + }; + }; + + postgres = { + host = mkOption { + type = types.str; + default = "/run/postgresql"; + description = "Hostname/address of the postgres server to use. If an absolute path is given here, it will be interpreted as a unix socket path."; + }; + + port = mkOption { + type = types.port; + default = 5432; + description = "The port of the postgres server to use."; + }; + + username = mkOption { + type = types.str; + default = "immich"; + description = "The postgres username to use."; + }; + + passwordFile = mkOption { + type = types.nullOr types.path; + default = null; + description = '' + Sets the password for authentication with postgres. + May be unset when using socket authentication. + ''; + }; + + database = mkOption { + type = types.str; + default = "immich"; + description = "The postgres database to use."; + }; + }; + + useMachineLearning = mkOption { + description = "Use the given machine learning server endpoint to enable ML functionality in immich."; + default = true; + type = types.bool; + }; + + machineLearningUrl = mkOption { + type = types.str; + default = "http://127.0.0.1:3003"; + example = "https://immich-ml.internal.example.com"; + description = "The machine learning server endpoint to use."; + }; + + extraConfig = mkOption { + type = types.attrs; + default = {}; + example = { + REDIS_SOCKET = "/run/custom-redis"; + }; + description = '' + Extra configuration options (environment variables) for both backend and microservices. + Refer to [the documented variables](https://documentation.immich.app/docs/install/environment-variables) tagged with both 'server' and 'microservices' for available options. + ''; + }; + + environmentFile = mkOption { + type = types.nullOr types.path; + default = null; + description = '' + Environment file as defined in systemd.exec(5). May be used to provide + additional secret variables to the backend and microservices servers without + adding them to the world-readable Nix store. + ''; + }; + }; + + web = { + enable = + mkEnableOption "immich web frontend" + // { + default = true; + }; + + port = mkOption { + type = types.port; + default = 3000; + description = "Port to bind to."; + }; + + openFirewall = mkOption { + default = false; + type = types.bool; + description = "Whether to open the firewall for the specified port."; + }; + + serverUrl = mkOption { + type = types.str; + default = "http://127.0.0.1:3001"; + example = "https://immich-backend.internal.example.com"; + description = "The backend server url to use."; + }; + + apiUrlExternal = mkOption { + type = types.str; + default = "/web"; + description = "The api url to use for external requests."; + }; + + extraConfig = mkOption { + type = types.attrs; + default = {}; + example = { + PUBLIC_LOGIN_PAGE_MESSAGE = "My awesome Immich instance!"; + }; + description = '' + Extra configuration options (environment variables). + Refer to [the documented variables](https://documentation.immich.app/docs/install/environment-variables) tagged with 'web' for available options. + ''; + }; + }; + + machineLearning = { + enable = + mkEnableOption "immich machine-learning server" + // { + default = true; + }; + + port = mkOption { + type = types.port; + default = 3003; + description = "Port to bind to."; + }; + + openFirewall = mkOption { + default = false; + type = types.bool; + description = "Whether to open the firewall for the specified port."; + }; + + extraConfig = mkOption { + type = types.attrs; + default = {}; + example = { + MACHINE_LEARNING_MODEL_TTL = 600; + }; + description = '' + Extra configuration options (environment variables). + Refer to [the documented variables](https://documentation.immich.app/docs/install/environment-variables) tagged with 'machine learning' for available options. + ''; + }; + }; + }; + + config = mkIf cfg.enable { + assertions = [ + { + assertion = !isServerPostgresUnix -> serverCfg.postgres.passwordFile != null; + message = "A database password must be provided when unix sockets are not used."; + } + ]; + + networking.firewall.allowedTCPPorts = mkMerge [ + (mkIf (backendCfg.enable && backendCfg.openFirewall) [backendCfg.port]) + (mkIf (microservicesCfg.enable && microservicesCfg.openFirewall) [microservicesCfg.port]) + (mkIf (webCfg.enable && webCfg.openFirewall) [webCfg.port]) + (mkIf (mlCfg.enable && mlCfg.openFirewall) [mlCfg.port]) + ]; + + services.redis.servers.immich.enable = mkIf enableRedis true; + services.redis.vmOverCommit = mkIf enableRedis (mkDefault true); + + systemd.services.immich-server = mkIf backendCfg.enable { + description = "Immich backend server (Self-hosted photo and video backup solution)"; + after = + [ + "network.target" + "typesense.service" + "postgresql.service" + "immich-machine-learning.service" + ] + ++ optional enableRedis "redis-immich.service"; + wantedBy = ["multi-user.target"]; + + environment = + serverEnv + // { + SERVER_PORT = toString backendCfg.port; + } + // mapAttrs (_: toString) serverCfg.extraConfig + // mapAttrs (_: toString) backendCfg.extraConfig; + + script = serverStartWrapper "${cfg.package}/bin/server"; + serviceConfig = mkMerge [ + (commonServiceConfig // serverServiceConfig) + { + EnvironmentFile = mkIf (backendCfg.environmentFile != null) backendCfg.environmentFile; + } + ]; + }; + + systemd.services.immich-microservices = mkIf microservicesCfg.enable { + description = "Immich microservices (Self-hosted photo and video backup solution)"; + after = + [ + "network.target" + "typesense.service" + "postgresql.service" + "immich-machine-learning.service" + ] + ++ optional enableRedis "redis-immich.service"; + wantedBy = ["multi-user.target"]; + + environment = + serverEnv + // { + MICROSERVICES_PORT = toString microservicesCfg.port; + } + // mapAttrs (_: toString) serverCfg.extraConfig + // mapAttrs (_: toString) microservicesCfg.extraConfig; + + script = serverStartWrapper "${cfg.package}/bin/microservices"; + serviceConfig = mkMerge [ + (commonServiceConfig // serverServiceConfig) + { + EnvironmentFile = mkIf (microservicesCfg.environmentFile != null) microservicesCfg.environmentFile; + } + ]; + }; + + systemd.services.immich-web = mkIf webCfg.enable { + description = "Immich web (Self-hosted photo and video backup solution)"; + after = [ + "network.target" + "immich-server.service" + ]; + wantedBy = ["multi-user.target"]; + + environment = + { + NODE_ENV = "production"; + PORT = toString webCfg.port; + IMMICH_SERVER_URL = webCfg.serverUrl; + IMMICH_API_URL_EXTERNAL = webCfg.apiUrlExternal; + } + // mapAttrs (_: toString) webCfg.extraConfig; + + script = '' + set -euo pipefail + export PUBLIC_IMMICH_SERVER_URL=$IMMICH_SERVER_URL + export PUBLIC_IMMICH_API_URL_EXTERNAL=$IMMICH_API_URL_EXTERNAL + exec ${cfg.package.web}/bin/web + ''; + serviceConfig = + commonServiceConfig + // { + DynamicUser = true; + User = "immich-web"; + Group = "immich-web"; + + MemoryDenyWriteExecute = false; # nodejs requires this. + + TemporaryFileSystem = "/:ro"; + BindReadOnlyPaths = [ + "/nix/store" + "-/etc/resolv.conf" + "-/etc/nsswitch.conf" + "-/etc/hosts" + "-/etc/localtime" + ]; + }; + }; + + systemd.services.immich-machine-learning = mkIf mlCfg.enable { + description = "Immich machine learning (Self-hosted photo and video backup solution)"; + after = ["network.target"]; + wantedBy = ["multi-user.target"]; + + environment = + { + NODE_ENV = "production"; + MACHINE_LEARNING_PORT = toString mlCfg.port; + + MACHINE_LEARNING_CACHE_FOLDER = "/var/cache/immich-ml"; + TRANSFORMERS_CACHE = "/var/cache/immich-ml"; + } + // mapAttrs (_: toString) mlCfg.extraConfig; + + serviceConfig = + commonServiceConfig + // { + ExecStart = "${cfg.package.machine-learning}/bin/machine-learning"; + DynamicUser = true; + User = "immich-ml"; + Group = "immich-ml"; + + MemoryDenyWriteExecute = false; # onnxruntime_pybind11 requires this. + ProcSubset = "all"; # Needs /proc/cpuinfo + + CacheDirectory = "immich-ml"; + CacheDirectoryMode = "0700"; + + # TODO gpu access + + TemporaryFileSystem = "/:ro"; + BindReadOnlyPaths = [ + "/nix/store" + "-/etc/resolv.conf" + "-/etc/nsswitch.conf" + "-/etc/hosts" + "-/etc/localtime" + ]; + }; + }; + + meta.maintainers = with maintainers; [oddlama]; + }; +} diff --git a/modules/mediatomb/default.nix b/modules/mediatomb/default.nix new file mode 100644 index 0000000..e09bd65 --- /dev/null +++ b/modules/mediatomb/default.nix @@ -0,0 +1,15 @@ +{ + services.mediatomb = { + enable = true; + openFirewall = true; + serverName = "Rock 5B"; + mediaDirectories = [ + { + path = "/mnt/hd/torrent"; + recursive = true; + } + ]; + }; + + users.users.mediatomb.extraGroups = ["transmission"]; +} diff --git a/modules/minidlna/default.nix b/modules/minidlna/default.nix index b19fc73..6a813bd 100644 --- a/modules/minidlna/default.nix +++ b/modules/minidlna/default.nix @@ -6,14 +6,11 @@ friendly_name = config.networking.hostName; inotify = "yes"; media_dir = [ - "/mnt/raid" + "/mnt/torrent" ]; }; }; - systemd.tmpfiles.rules = [ - "d /mnt/raid/film 770 minidlna minidlna" - ]; - ccr.extraGroups = ["minidlna"]; + users.users.minidlna.extraGroups = ["transmission"]; } diff --git a/modules/minio/default.nix b/modules/minio/default.nix new file mode 100644 index 0000000..8d13d92 --- /dev/null +++ b/modules/minio/default.nix @@ -0,0 +1,17 @@ +{config, ...}: { + imports = [../nginx-base]; + + services.minio = { + enable = true; + rootCredentialsFile = config.age.secrets.minio-credentials.path; + region = "eu-central-1"; + }; + + services.nginx.virtualHosts."cache.aciceri.dev" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://127.0.0.1:9000"; + }; + }; +} diff --git a/modules/nextcloud/default.nix b/modules/nextcloud/default.nix new file mode 100644 index 0000000..0346551 --- /dev/null +++ b/modules/nextcloud/default.nix @@ -0,0 +1,27 @@ +{ + config, + pkgs, + ... +}: let + cfg = config.services.nextcloud; +in { + systemd.tmpfiles.rules = [ + "d /mnt/raid/nextcloud 770 nextcloud nextcloud" + ]; + + ccr.extraGroups = ["nextcloud"]; + + services.nextcloud = { + enable = true; + package = pkgs.nextcloud26; + database.createLocally = true; + home = "/mnt/raid/nextcloud"; + hostName = "nextcloud.aciceri.dev"; + config = { + adminpassFile = config.age.secrets.nextcloud-admin-pass.path; + overwriteProtocol = "https"; + }; + }; + + networking.firewall.allowedTCPPorts = [80]; +} diff --git a/modules/nix-serve/default.nix b/modules/nix-serve/default.nix index 7fd1f2c..bcb1bd5 100644 --- a/modules/nix-serve/default.nix +++ b/modules/nix-serve/default.nix @@ -15,8 +15,8 @@ in { config = { services.nix-serve = { enable = true; - secretKeyFile = config.age.secrets.cache-private-key.path; - # Public key: cache.aciceri.dev:4e9sFjWPUOjGwTJE98PXinJJZLwPz0m5nKsAe63MY3E= + # secretKeyFile = config.age.secrets.cache-private-key.path; + # Public key: cache.aciceri.dev-1B:aNP6f+BrRTuDHi/45L1VBzlGchuj54/mI2N/22qTWgzE= }; services.nginx.virtualHosts."${cfg.domain}" = { forceSSL = true; diff --git a/modules/org-roam-ui/default.nix b/modules/org-roam-ui/default.nix new file mode 100644 index 0000000..f3abe34 --- /dev/null +++ b/modules/org-roam-ui/default.nix @@ -0,0 +1,20 @@ +{...}: { + networking.firewall.interfaces."wg0" = { + allowedTCPPorts = [ + 35901 + ]; + }; + imports = [../nginx-base]; + services.nginx.virtualHosts = { + "roam.aciceri.dev" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://localhost:35901"; + proxyWebsockets = true; + }; + }; + }; + + # TODO use oauth2 proxy +} diff --git a/modules/plex/default.nix b/modules/plex/default.nix new file mode 100644 index 0000000..650a29a --- /dev/null +++ b/modules/plex/default.nix @@ -0,0 +1,13 @@ +{ + services.plex = { + enable = true; + openFirewall = true; + dataDir = "/mnt/raid/plex"; + }; + + systemd.tmpfiles.rules = [ + "d /mnt/raid/plex 770 plex plex" + ]; + + users.users.plex.extraGroups = ["transmission"]; +} diff --git a/modules/printing/default.nix b/modules/printing/default.nix index 2403aba..4e534c3 100644 --- a/modules/printing/default.nix +++ b/modules/printing/default.nix @@ -8,5 +8,17 @@ # Important to resolve .local domains of printers, otherwise you get an error # like "Impossible to connect to XXX.local: Name or service not known" services.avahi.nssmdns = true; - services.printing.enable = true; + hardware.sane.enable = true; + + services.paperless = { + enable = true; + passwordFile = builtins.toFile "password" "admin"; + }; + + services.printing = { + enable = true; + drivers = [ + (pkgs.callPackage ./driver.nix {}) + ]; + }; } diff --git a/modules/printing/driver.nix b/modules/printing/driver.nix new file mode 100644 index 0000000..e2c5c2d --- /dev/null +++ b/modules/printing/driver.nix @@ -0,0 +1,86 @@ +{ + lib, + stdenv, + fetchurl, + dpkg, + autoPatchelfHook, + makeWrapper, + perl, + gnused, + ghostscript, + file, + coreutils, + gnugrep, + which, +}: let + arches = ["x86_64" "i686" "armv7l"]; + + runtimeDeps = [ + ghostscript + file + gnused + gnugrep + coreutils + which + ]; +in + stdenv.mkDerivation rec { + pname = "cups-brother-mfcl2710dw"; + version = "4.0.0-1"; + + nativeBuildInputs = [dpkg makeWrapper autoPatchelfHook]; + buildInputs = [perl]; + + dontUnpack = true; + + src = fetchurl { + url = "https://download.brother.com/welcome/dlf103526/mfcl2710dwpdrv-${version}.i386.deb"; + hash = "sha256-OOTvbCuyxw4k01CTMuBqG2boMN13q5xC7LacaweGmyw="; + }; + + installPhase = + '' + runHook preInstall + + mkdir -p $out + dpkg-deb -x $src $out + + # delete unnecessary files for the current architecture + '' + + lib.concatMapStrings (arch: '' + echo Deleting files for ${arch} + rm -r "$out/opt/brother/Printers/MFCL2710DW/lpd/${arch}" + '') (builtins.filter (arch: arch != stdenv.hostPlatform.linuxArch) arches) + + '' + + # bundled scripts don't understand the arch subdirectories for some reason + ln -s \ + "$out/opt/brother/Printers/MFCL2710DW/lpd/${stdenv.hostPlatform.linuxArch}/"* \ + "$out/opt/brother/Printers/MFCL2710DW/lpd/" + + # Fix global references and replace auto discovery mechanism with hardcoded values + substituteInPlace $out/opt/brother/Printers/MFCL2710DW/lpd/lpdfilter \ + --replace /opt "$out/opt" \ + --replace "my \$BR_PRT_PATH =" "my \$BR_PRT_PATH = \"$out/opt/brother/Printers/MFCL2710DW\"; #" \ + --replace "PRINTER =~" "PRINTER = \"MFCL2710DW\"; #" + + # Make sure all executables have the necessary runtime dependencies available + find "$out" -executable -and -type f | while read file; do + wrapProgram "$file" --prefix PATH : "${lib.makeBinPath runtimeDeps}" + done + + # Symlink filter and ppd into a location where CUPS will discover it + mkdir -p $out/lib/cups/filter + mkdir -p $out/share/cups/model + + ln -s \ + $out/opt/brother/Printers/MFCL2710DW/lpd/lpdfilter \ + $out/lib/cups/filter/brother_lpdwrapper_MFCL2710DW + + ln -s \ + $out/opt/brother/Printers/MFCL2710DW/cupswrapper/brother-MFCL2710DW-cups-en.ppd \ + $out/share/cups/model/ + + runHook postInstall + ''; + } diff --git a/modules/proxy/default.nix b/modules/proxy/default.nix new file mode 100644 index 0000000..3e8eaab --- /dev/null +++ b/modules/proxy/default.nix @@ -0,0 +1,39 @@ +{config, ...}: { + imports = [../nginx-base]; + services.nginx.virtualHosts = { + "bubbleupnp.mothership.aciceri.dev" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://rock5b.fleet:58050"; + }; + }; + "home.aciceri.dev" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://rock5b.fleet:8123"; + proxyWebsockets = true; + }; + extraConfig = '' + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + ''; + }; + "transmission.mothership.aciceri.dev" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://rock5b.fleet:9091"; + }; + }; + "photos.aciceri.dev" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://localhost:8080"; + proxyWebsockets = true; + }; + }; + }; +} diff --git a/modules/transmission/default.nix b/modules/transmission/default.nix index 04b85f2..b2ad0aa 100644 --- a/modules/transmission/default.nix +++ b/modules/transmission/default.nix @@ -4,14 +4,19 @@ openRPCPort = true; openPeerPorts = true; settings = { - download-dir = "/mnt/raid/torrent"; - incomplete-dir = "/mnt/raid/torrent/.incomplete"; + download-dir = "/mnt/hd/torrent"; + incomplete-dir = "/mnt/hd/torrent/.incomplete"; rpc-bind-address = "0.0.0.0"; peer-port = 51413; # Forward both TCP and UDP on router traffic from router rpc-whitelist-enabled = false; rpc-host-whitelist-enabled = false; + rpc-authentication-required = true; + rpc-username = "andrea"; + # Generated with https://github.com/tomwijnroks/transmission-pwgen + rpc-password = "{9d03dda3243ebddfa44b0bebe099f611941e2fc31/0vvwdP"; + upload-slots-per-torrent = 1000; alt-speed-up = 1000; # 1MB/s @@ -31,8 +36,8 @@ ]; systemd.tmpfiles.rules = [ - "d /mnt/raid/torrent 770 transmission transmission" - "d /mnt/raid/torrent/.incomplete 770 transmission transmission" + "d /mnt/hd/torrent 770 transmission transmission" + "d /mnt/hd/torrent/.incomplete 770 transmission transmission" ]; ccr.extraGroups = ["transmission"]; diff --git a/modules/vm-mara/adls_dmc_ver2_01.bin b/modules/vm-mara/adls_dmc_ver2_01.bin new file mode 100644 index 0000000..492d27e Binary files /dev/null and b/modules/vm-mara/adls_dmc_ver2_01.bin differ diff --git a/modules/vm-mara/default.nix b/modules/vm-mara/default.nix index b220c49..b1e8051 100644 --- a/modules/vm-mara/default.nix +++ b/modules/vm-mara/default.nix @@ -1,5 +1,5 @@ { - # config, + config, pkgs, # lib, # fleetFlake, @@ -29,12 +29,27 @@ ]; }; - # boot.kernelParams = [ - # "intel_iommu=on" - # # "iommu=pt" - # "i915.enable_guc=3" - # "i915.max_vfs=7" - # ]; + hardware.opengl.enable = true; + virtualisation.spiceUSBRedirection.enable = true; + + boot = { + initrd.kernelModules = [ + "vfio_pci" + "vfio" + "vfio_iommu_type1" + "vfio_virqfd" + + # "i915" + ]; + }; + + boot.kernelParams = [ + "intel_iommu=on" + "vfio-pci.ids=8086:4680" + # "iommu=pt" + "i915.enable_guc=3" + "i915.max_vfs=7" + ]; # boot.blacklistedKernelModules = ["i915"]; @@ -47,9 +62,9 @@ # (config.boot.kernelPackages.callPackage ./i915-sriov-dkms.nix {} ) # ]; - # boot.initrd.availableKernelModules = [ - # "i915" - # ]; + boot.initrd.availableKernelModules = [ + # "i915" + ]; # boot.initrd.kernelModules = [ # "i915" @@ -94,9 +109,9 @@ # } ]; - # boot.kernel.sysctl = { - # "devices/pci0000:00/0000:00:02.0/sriov_numvfs" = 7; - # }; + boot.kernel.sysctl = { + "devices/pci0000:00/0000:00:02.0/sriov_numvfs" = 7; + }; # -vnc :0 \ # -audiodev alsa,id=snd0,out.try-poll=off -device ich9-intel-hda -device hda-output,audiodev=snd0 \ @@ -112,7 +127,7 @@ qemu-system-x86_64 \ -enable-kvm \ - -cpu host,kvm=on,hv-vendor_id="GenuineIntel" \ + -cpu host,kvm=off,hv-spinlocks=819,hv-vapic=on,hv-relaxed=on,hv-vendor-id="IrisXE" \ -smp 4 \ -m 8192 \ -nic user,model=virtio-net-pci,hostfwd=tcp::3389-:3389,hostfwd=tcp::47989-:47989,hostfwd=tcp::47990-:47990,hostfwd=tcp::47984-:47984,hostfwd=tcp::48010-:48010,hostfwd=udp::47998-:47988,hostfwd=udp::47999-:47999,hostfwd=udp::48000-:48000,hostfwd=udp::48002-:48002,hostfwd=udp::48003-:48003,hostfwd=udp::48004-:48004,hostfwd=udp::48005-:48005,hostfwd=udp::48006-:48006,hostfwd=udp::48007-:48007,hostfwd=udp::48008-:48008,hostfwd=udp::48009-:48009,hostfwd=udp::48010-:48010 \ @@ -121,7 +136,9 @@ -device usb-tablet \ -vnc :0 \ -nographic \ - -drive file=/var/lib/vm-mara/w10.qcow2 + -vga none \ + -drive file=/var/lib/vm-mara/w10.qcow2 \ + -device vfio-pci,host=00:02.0,addr=03.0,x-vga=on,multifunction=on,romfile=${./adls_dmc_ver2_01.bin} ''; }; in { diff --git a/modules/vm-mara/i915-sriov-dkms.nix b/modules/vm-mara/i915-sriov-dkms.nix index b94203f..894ee01 100644 --- a/modules/vm-mara/i915-sriov-dkms.nix +++ b/modules/vm-mara/i915-sriov-dkms.nix @@ -12,8 +12,8 @@ src = fetchFromGitHub { owner = "strongtz"; repo = "i915-sriov-dkms"; - rev = version; - sha256 = "sha256-LNKDNi7oEhO3FY47oKYbg8wt+268GlBVxQpHdNLNrwM="; + rev = "db4e8ccd9bd31fad79361e27afc032487426fe6a"; + hash = "sha256-WCDwy39jpnc2wkM/883gFwChVD7wAP2nCR8Aw+CfDw8="; }; nativeBuildInputs = kernel.moduleBuildDependencies; diff --git a/modules/vm-ubuntu/default.nix b/modules/vm-ubuntu/default.nix new file mode 100644 index 0000000..9c07fe5 --- /dev/null +++ b/modules/vm-ubuntu/default.nix @@ -0,0 +1,34 @@ +{pkgs, ...}: { + virtualisation.libvirtd.enable = true; + + networking.firewall.interfaces."wg0" = { + allowedTCPPorts = [ + 5900 # vnc by QEMU + 2233 + 60022 + 8545 + ]; + }; + + systemd.services.vm-ubuntu = let + start-vm = pkgs.writeShellApplication { + name = "start-vm"; + runtimeInputs = with pkgs; [qemu]; + text = '' + qemu-system-x86_64 \ + -enable-kvm \ + -cpu host,kvm=on,hv-vendor_id="GenuineIntel" \ + -smp 4 \ + -m 8192 \ + -nic user,model=virtio-net-pci,hostfwd=tcp::60022-:22,hostfwd=tcp::8545-:8545 \ + -drive file=/var/lib/vm-ubuntu/ubuntu.qcow2 + ''; + }; + in { + wantedBy = ["multi-user.target"]; + after = ["network.target"]; + serviceConfig = { + ExecStart = "${start-vm}/bin/start-vm"; + }; + }; +} diff --git a/modules/waydroid/default.nix b/modules/waydroid/default.nix new file mode 100644 index 0000000..00ff0d9 --- /dev/null +++ b/modules/waydroid/default.nix @@ -0,0 +1,3 @@ +{ + virtualisation.waydroid.enable = true; +} diff --git a/packages/default.nix b/packages/default.nix index f51f1d3..d5d4020 100644 --- a/packages/default.nix +++ b/packages/default.nix @@ -48,7 +48,9 @@ lib.mapAttrs' (name: value: { inherit name; - value = pkgs.callPackage "${self}/packages/${name}" {}; + value = pkgs.callPackage "${self}/packages/${name}" { + pkgsStable = inputs.nixpkgsStable.legacyPackages.${system}; + }; }) (lib.filterAttrs (_: type: type == "directory") diff --git a/secrets/autistici-password.age b/secrets/autistici-password.age index b6793ce..3f767ae 100644 --- a/secrets/autistici-password.age +++ b/secrets/autistici-password.age @@ -1,31 +1,32 @@ age-encryption.org/v1 -> ssh-rsa /AagBw -Klg0lEeYAlohVeUjeeuJpRPcNYLHpglVpV+7xy59WSe+O9ZGaUwKqHhe2fVwk/8D -AFaT1ZTLTJhXnYPdBnwX0y8ALbjOaRRzvnWSeiC4upGW+cCxllwrP1A1TtHRQ3n0 -KgZzn7CMo4AvScZtR/LBRDkFZSYTg7R1lwy0tRoGAbUZkpFF0628QadRKvwuWRNq -BpHkvMxEt6f5LTnUz7AJuMp8IvpoY2Ixops8RUfANcgm4tBa+mUpo4vEPdaYRX6v -2QM6/Y3lexxbvbuT+5Y8tQCZrNJ+mhx9AZtYEPS46RNv+VuEJvg6v8PRctvc8Zcf -P0MED1QIrvJQdT0g67of2NZtPLdyPSVHBYlmuZWSlgQ9Ev52GsgxkR15foF7OHXT -iNTnMgWDQ40ogyEXMFg8PiLDsSpTVdaW+mFblCBGAD/T6I/VgmUaCFpduTiTIiLn -nPLpYgSkHPyxA5rQAfIroVaSTzc856mfSiw/ufW6uvnF+jh4IfmSIAS7eBPXh14B -MgOavQeCwGOWJ9+3FSVem4ySmHXDr5GdygOUAsItCFaqvXYKRlIKYRtK7fQIS4Je -GGBf6PMFN/L/dzO3FsWULVcneVT1NL5TApsZYTywTOkMv+ncKMX3y+vKoyth7feC -F00108iy2YNo8ATRG0+vcJQbLA7Krzb/VJl9XtUp9fA +OE/YN4ShL6UsWB1vzNpOkSuPSOaM4InXNhn8mZMBXHQKFv3RptKI3XHZc+tzPtA2 +AOYz3Uptswb3Czd5DaJAyPyb3QXPLgt2govM/8rfALn59me3RnvT3xL5pLzQO3Qi +oK1mpW13iJS+WCXuzmR/5eGxY1weXS0Uw3SIzxVPlm0cf1raq7XpfWWvji7xbSVv +8YB8JpIMmusax5jQQN4qQ7OJNt4fb9wo2lOe2s0SIWFyeJ4aFbvxUIirSeFYUlRY +ruCEo6SLg80YJXNWuKNG8q39N3s9aG+KzcYdtnbNGlEalGLzN/8CxomUg7XSYsB7 +73Peo/f0d9hFHKbCdunZt+oQdLTZpFXUnVn8Gzc0rAEMVigW4PSAJxlbf4hVMMb5 +RPHdjJ+kB4GzeKrDj7XzF2YXxUqlbsDbXqUQXXPbPbSKwlUCtBuMMF2gFs/v9WuL +I5eI5XDRAqrWzvutx6rcQnVcceRXk5m2hnXr3shWDbCFqYza2RVKRDRKACWz4ugY +fHp5Vr5ibNSmMpcKMmUIMPOXS1G6Y30ReiSf2DCoUnDZLIGuvyzYHCbPE/czIQq4 +9NWMtx8k4C3y78dHBBBOh4QGSrx9Ewi8FbFtr8J9lOsSfK+JIcriTDnwpRN1zDgn +qv+XhACIkP4wawuIBMW0jIgJBggvxprFUwCrh2kwSy0 -> ssh-rsa QHr3/A -hjpOIFi3jK+XeRIb7GLOudMnOoM8QHRlHslUdQQDOZKfgmoAXW6XkEC2dx8GeEmK -KPn+5crZuPN34d/VZ3oTGCD4zNiAHvz0uDt1K6vysnVYyvCadiIyYu0ylympPjN8 -JUQRVXxAKj5S2QgfGiengsvo7cIwDO8K0JM22viQQRU4smxc/guf9/UVSH+2zm+Z -yhlhZVUs8k5fAkJrn3Zyt5kKf4yv4XKvlNUQ65EG5czKsvNgxR7CQlHB1JYiwCFR -W93hYDiLaRQaNLRJGLty2gmAGB6mmNsriAlkSyBtlKSjeQovVAzt2D57wGdbG300 -lvRkGPdaD28qSXczJ1U5ZvMBxtpw8gEq92vZDS2MKv56Kscxg0KlFgaLzRupEEru -wfaGoxUkUpTKLQMK+ZCnYwgJy0y9fDbDsXd+yid/yBcOUuoAEkpq3/dJcaTpCv5C -b4ERHM0wPubyoscyk1InGP7zaUaBtOHzfwDamKZ2ahu86+skf/NPmeo85mdJiLSZ -lZ7gs5X92+hgxdxr+8NI2AJxy72emVmGpKzr914+hIa0BrKQhtadqaZc2cqyMCmm -+jTwXliBY6PE5Uv/yrTPL+hJ5yfc4RM6T21BsKzqR08/496lvFWYY2uPEMAaubnZ -yrFX5ne4m4uXj0d2OcGa4H3Z8OnrLdfmgysx5IJIxj4 --> ssh-ed25519 GVMLQg 4Fd61NYElKYQqZacALS/QuQ2yL4vOLrSpuEVKpQAo0w -OhnGd5pXN6Uvxblw2VIwWjFldc9t1BerpQa4KAi21q0 --> j=-grease yOMTm"#> -QQBUO+uWgj1YmqLea1rmUVRxy9hA/k7SCi7S ---- JqsFWi0axwaVJ2K4bxi8suyGdKYopsIl7h1jEw5ivss -o ssh-ed25519 GVMLQg +IEbWWacFYy8B/C4jPBgXLkQdAwBrPOVJm3uJiOJuz0 +o57ovCYyNHS24J271alYH+53pcVklKTvfQ1X7VlPcPM +-> w}a'9-grease 4~HbE jp% Y&4 +1q5U5Z87X2RmgS0XVcYJBKJmjS/A1KCflbo2vAkwHozgE5IMoXRBW1g53s3rzU1w +Oq5PGHDi2K/OycKLw/NJgCS5EExi9twsjJlbfA +--- F0/OApjmkJ5cvr5fQTd/vZXGeE161i175DBODHCVqPw + y c}ܢӟ,YJ`$f \ No newline at end of file diff --git a/secrets/aws-credentials.age b/secrets/aws-credentials.age new file mode 100644 index 0000000..4f19403 --- /dev/null +++ b/secrets/aws-credentials.age @@ -0,0 +1,36 @@ +age-encryption.org/v1 +-> ssh-rsa /AagBw +YAXDXxZMYlqNLA/JNjak9lG2M16wK130uiwvL5wpiiwoRfML28ep6TYwJAckvvb2 +3rB9zSpyF8tLerdeIx+pn6Sq2Z9aBTwCLSv/4QYhAW9WvWFCamfJHQavmPeKEZaP +e1wQv9D13cqiewSgZAInioNyd+6ZB9Ex9YlQojkIPyGBBfob6v7mZw9Dz0E12Ql8 +Lx0atpIDmuHhoh52HpDopMlNbmCvzKb3+5rfniLcDq9pSc9/QaWEcfkh8CSIhQyl +BI74ajUrViMwQXa3U36qDkb41NsmTLXXd3mZ9FKx9Go7RDSLujRO+exlBWfHS5Eg +CvPmGDJfxF0pHeT3iQT2/Mw1qwyR9nwa2Cubdoox/2P6gHvw64m9OgQo3dA8ttwL +TR8JtbjbyRv9m5TOfHWhhyDH6vh2RMflmAC4aDF1p0sTTEiLaDs4u5wVbl+qmg2X +sutTRje9W5smYwYvglVgGCb5TXcLnSAOtZhSubt51DfAkGhspL8+oAmf6VqXAom1 +ZVlA+XO48Y2Iktc27lVGZU5dI9TwNsksb+mibXV0fka0PHW6hn+gXBL7c83yJytv +ypZQ8Cb3hY1kL30m7Yy5owSTpOeoy/iuhIgvbt0MAJdrJKUNQvpsgn33Fdu6iBf+ +YQPdauBHdclnyBSuBYc5Uf9siNsx/fyr+l+GTTB+8zg +-> ssh-rsa QHr3/A +gNkisYjqqQ4gGgOwnw1rAda2E7CKZzQdJNMV85sVhWN40FaH/wpt1BOusiwAhVMm +0M+64T6wWSDgNIsXlFK++q3QIt7JbOu5CLSb6cTNjlQJpRRWua6X1+ITyum4bdrL +LrWsRAKOUnIRIlc39v7PtTkx+p4nn0NiurUR+moT7FnMbtdxc11uUk2DzVUPtuDV +ad6Rwga3xgt+AfTeZw1rZL1MQLH1AwD7xzF8Se4Yg8stY5wQQHSGP+/xhygaXEQ5 +cfeYeBOHqSN8AK2KIkw2U4eShWQVCVzCfoIos1dpc11lemziAiXwu+kbs/jD+a2H +kAp6RkY0wWJnEN4DQ3jj6Wh2Rq91gT0WO1zy1mlMS2n1W7O2HafokNGb0Uig1KO6 +bDdjI5tJnIfZYiQgASfFq4sbFrulkXyswO8E31fVQV4aG/fjUTCAOtkL34xoATa6 +SiR4piD+yDzaEAIwTl02cMo6XePq5ef9WVY1ghBOCvdqEuw78mVJ2gZcOem3DbTe +suekI890f/hiLK1LQy6sQB4Njp3CY+lEa9J+B1u3yOFLWyzne5Pnm8Lkz2fPGd8t +PuAoR5rkLTv+Vh1wpNSugYuvjSK9G0Sbrjx00MnB69O6jn+o9UBi/Z3+bPDNp63Z +WZ8LLhjNgiNGI/RE9nOLmcFfRRHQbxeqf7jOU7/VDBk +-> ssh-ed25519 q+UPnA 3qms9CTky6SMQ6Y0SQOYQWsIGyAQ/sVOWKaunNb3vzM +8l7C9Rsdded2en6pJBVMk3s8FHM731mnqm0UV1b4BC4 +-> ssh-ed25519 OgJHCw /ZW41zdrm1t/aSJcHqKWVrc1RkzxgI+qyyE4wBfojV8 +5ot6/elzltuSe38nlY8GonNZTSG5+VF06EDfvR7Xvqo +-> 65(:&-grease *(d/z;<. +BedDGfpeThSCBPc85b9G4eZe2RKGljYGY1sK1o6YR35u9VJJ4UEdZszkQavpAKii +J7z9BmLqxPQot1VtkGK8V4ztRb8Jw3NPnt1pjSBNGCZrJQU9WB3SQQ1p0BrKXsGK + +--- rPPPbtLmgA1Dp4LmNbGCnnhd+nNXOITnDnj6UstZX/E +rCR.=H@v hfmK^dN(2WC 2>BrZxʼ6zsk#M,Vhi{ch- _=W qr2n4 +i;Աvպ. \ No newline at end of file diff --git a/secrets/cache-private-key.age b/secrets/cache-private-key.age index 43af2dc..4a5f20a 100644 Binary files a/secrets/cache-private-key.age and b/secrets/cache-private-key.age differ diff --git a/secrets/cachix-personal-token.age b/secrets/cachix-personal-token.age index 7f9540d..3ff7ea2 100644 Binary files a/secrets/cachix-personal-token.age and b/secrets/cachix-personal-token.age differ diff --git a/secrets/default.nix b/secrets/default.nix index f44fd85..81b631a 100644 --- a/secrets/default.nix +++ b/secrets/default.nix @@ -3,7 +3,7 @@ let in with keys.hosts; with keys.users; { - "cachix-personal-token.age".publicKeys = [ccr-ssh ccr-gpg mothership thinkpad]; + "cachix-personal-token.age".publicKeys = [ccr-ssh ccr-gpg mothership thinkpad rock5b]; "magit-forge-github-token.age".publicKeys = [ccr-ssh ccr-gpg mothership thinkpad]; "git-workspace-tokens.age".publicKeys = [ccr-ssh ccr-gpg mothership thinkpad]; "hydra-admin-password.age".publicKeys = [ccr-ssh ccr-gpg mothership]; @@ -11,6 +11,11 @@ in "cache-private-key.age".publicKeys = [ccr-ssh ccr-gpg mothership]; "autistici-password.age".publicKeys = [ccr-ssh ccr-gpg thinkpad]; "hercules-ci-join-token.age".publicKeys = [ccr-ssh ccr-gpg mothership rock5b]; + "hercules-ci-binary-caches.age".publicKeys = [ccr-ssh ccr-gpg mothership rock5b]; + "minio-credentials.age".publicKeys = [ccr-ssh ccr-gpg mothership]; + "aws-credentials.age".publicKeys = [ccr-ssh ccr-gpg mothership rock5b]; + "nextcloud-admin-pass.age".publicKeys = [ccr-ssh ccr-gpg rock5b]; + "home-planimetry.age".publicKeys = [ccr-ssh ccr-gpg rock5b]; # WireGuard "thinkpad-wireguard-private-key.age".publicKeys = [ccr-ssh ccr-gpg thinkpad]; diff --git a/secrets/git-workspace-tokens.age b/secrets/git-workspace-tokens.age index 3cfd946..c15e76e 100644 --- a/secrets/git-workspace-tokens.age +++ b/secrets/git-workspace-tokens.age @@ -1,34 +1,35 @@ age-encryption.org/v1 -> ssh-rsa /AagBw -kR8vBBJWJ+n5oB5dM+RqqgYBN9y4IFIz66W8F6h+8eNQ7WLsp7qggwztqzkDveuC -yz37rnq7Uq8ExsP8bdBNoJKLJYGeoF2nX1/LsJQJg0qutwzxCIdqqFxGeLKB1Bn+ -n1XNdpoIXBbKajSh9uGGigPZDSlpS8eoAesY6JIqDZwCuups+Ajja1VQEPk2gFAV -3kg33xJc7l+32E3ONuixiIcz8xBnggs0n3zDKTIIigUoW4rrRnx6dI7urkquA7WX -8huykb2lchEIAZVlgEjSNxT8JjifmjUjouNsp79//H9sqpxfGW6GQYQa8uwXuIs4 -cbDC/3TKalQBOnS91WrO2FUHFcgESsAySIeerbAIAwUarEAoYzIz0fA6rY6S5e9Q -whzHPS9TCx+Vk3rj5sJpfKaJctg1XkTdeYpwSbZQmvQHzFd6pwfnUVLLLdWpNptO -VNmtlqwkrQiy0JajyaObyJkdIrjxWq9uDGAGrNxyTpFJJ+KpcYXnGP2vIMxObtTN -En/qWqPlMg7w7s8zoz3OHtjleLWVe1yy442XdLOtjn46KDBjMx1smpV3jxfsiq6Y -I+VOMXZ9MscDrsfyy1L6r9VfLyv65e4ZZ8iu31UBmCwDQvLro9xkXCW7D3iTtCua -WgM9l3PqbrnrdAiqtmh/dCiXE2LBZOyoiNDGeqa1sUs +JrF1G2w7v9ItfrVsTAKMxkPvO51bDSgCVJSr6cW6QcQX0gBP3X/lff1swlUBIA1k +XXwPXfFEbB4lpeal2SeXbLaXMdr0IL95to8IixFhQC3Q+nEWDVCMpIHlCZKOmMKD ++xyQdCYdtFjSQKk+j8vwfrMwrP8dKsPFLOgu18hyRX4PLM9x3JcMSknYwDmspbN+ +OYhEKT9ZlFFrG7VVICwcrStQn6CIQS3vm4Z/UuBfBe+b8cNsoWjTubBhOWKTA9vF +M14dFC81cWsYKAXFIcgsXNl9UKo1IPc6fcP/GtVIcic2EYXbUlS7KCucDblPRUvt +69SCb5k8D/Yw7VyYhfb2EklYyxAMvNMms51ulzreM2HFWtheikN8psfp4gQtRxtQ +BQrldS3YWDgDTz3B5IDlWlfDY+Pw+X31a0mDjOkzjZaXH4QjBGtQXrwEAfBUjtDz +RSBbjaj26MkfSf79e6oknEANLMphIOmxqFKtbfizfq0yUyG7Gcu/k+NdOwRZlYL8 +AF9rh19DDZs1LIQNeWHJlssMgBdj0m14HE2TChCVppb8/euaCZ98DYlTMPDaKryD +syTJaw7eJJ1Bw3rdhjf6Bam04j60fllRg0ojY0VhMpRbYVHHOxg1O8wWJvpKA73J +eker0/+n7TzwGI8ct99opkYyv777yxxR4vrUS+VmWec -> ssh-rsa QHr3/A -JUCBXZJFKzimFZC4mg4YFUXzXkXkcC95+wFutEqedZWCwnhYq/OZ3OG8p2GgVe7s -ftIMkNSY2K+H25yKqubuhz+vDgtoTUOYnYkI9XHom7OmC/OAidVT1LTnXXwyGWSI -uM3q+r+e79MFXJJdhYbDhgKYmaS6LmFN6RGx3WG+uGoSw0ZOLCs1j/SdCvDiBf3o -ib5++OfsOHwtcqkgQMNhddQtle8vjuAdKBjuner2bMXwBuAsJLPVKMq4Edo+XHr4 -bYO0ZT38h7zU+IgWpkENNdgDoTglERih4D+7lMFy8Brw6Kr49gypv398BXrbvwtg -8YPd5x4UNFWhMhZ0qvJOI2U0tm9FV1zenJQjsLcPmfOGGO3bSKuFr6ihw5ObJSsg -TTXdUob0FII3701S2074tstRV47GMd98rPJrQ6Crnqy6puLtN2adHkLr+I8agzln -bdPhQ9pYJhICRlwdyQe1Y5l6kgsn8yZVygmMQBF69qJSnnXBuMiRoudQZDzXMdtM -+cWntBt2j6uSno7jMsOR8DZLwZQaso96UiXxstBX5uYhuqEpUk12uIUDFPVcovzx -RBt6fNjkkK1nc2JXr5td3d+rfAJxiOGr8p5YHGWW3RE24qJYVg1doiOyCsHX2XEA -oImTlruNm8MJAuGz8l3L/wKe+v+lwqI94zBPrb/SYwc --> ssh-ed25519 q+UPnA j9rU2qfTAHjL/+wdP7PcsAu6QO96RPTPszS4qWjiBRw -8ziPmZ3asg/1tOZvI8k0jvNSjeAmhDXYVGtXCi2ShxY --> ssh-ed25519 GVMLQg Pw0Rs0GhAEGADsd8tc/n5FAhyQHDO9uOh3A8IifHPmg -4o+K44rs+0KVb2LWMf4AQ6JPp6pjUi5IeGg0SZy5Eao --> g0-v_{W-grease P2 h/otU -keMrgZKkqyoyTiCUR1bqG8j9++6Tl318j3FDMPZ14l3lNbYASe+esj6W1VVQLP6F -CwOZP7mKvlS3jiNTLes ---- hJiPwZY5H5IVDPi8eeVW5bTnrR2eMV22ldDzcdQzWoE -wi=3<_3F.ي*ɟ4!U$IAڮf(03`O~;+F,^I Q%;!oF \ No newline at end of file +W0I9HcdIM477o8d+AYjFy2npH7wNiTsfzfrC1UH6pig/6iugS71kerVY7VvhT9l6 +In1VJhbAXvmRHWc41s1CFALhAP4ZZeFSRqcHdVrVjgCp879CtmIPNTS7TCHFJC7K +Rd+MIzEcm40Hhrv/OdGPngo+WYXzsPXgsdHCfHFu9VcEaOx7xk17pXww+WVWSD1q +iFKdk+kF6V1QweOSqmAnicF8tKWhVLQdpj6rrbZr2TWglS/DgDfJFUF1kXNM2oXD +2ETMgPGZH7/j3ovGuoTJspESbfjmRJODqi3ugpSeyTjMUV1xaN+RX7A450VtmKIB +FhKs9aK19B+Fmr5hY+fjiZOBYLF8Gxy/bPAaglkCLpYCZ/97+cKEoItVwpeAU6Za +yxaHuBwwqHKHfLWmeL2UwdpFweGg6ML1Pus9GwJQCPHEgI0n6nz4jwNZ1JUSI5kc +zq29qxxKI5mwEVfvHSz1XLRy7vxU8rMyN1p2nF2kfhW2ruI1dG22kIJ+GUnsx4Ts +7HSlG6yGBe7l5psbgGny18114F0cl1Ol/mwmCT/UTxkMsVKW2oy/toAW+toQSys2 ++DAWXDe0awQeHsV9FDckSCRGdX84Gjp/cBipP5PC7cRFCKdE65UOgH4I3vqyRdlU +JySDdJSo8YgKpxbyyP0lxds23+V5uWoL4DvaA5BYO14 +-> ssh-ed25519 q+UPnA P/UMtWIc88SMjo+tHSWqv4co7i4iANLXAvFfjCOfrwg +rwvRgHjtNjhQLod2tD9ILVIyyV2T9/GCai5XakZnhic +-> ssh-ed25519 GVMLQg siuPP/kuU1AUXZQpE4j77u8zItMNAthntjRdyRtbYww +rQLRO+s1WHeNO5nSUkdSvaKj0lU/3EWA2xXI+OTifLg +-> $D'?B;E^-grease s\z [Dbs @Y]/'? +BelFeEpnUs2z6P90XpDdjjh88ojbtSSW1yh2xDHunpnGRZS3cGIZS6JZ90EeL05g +kORn2Ra+uw1/HiurjzWIrOT6eL7nOL0epblQA/D8s3nGhVPHMazJIMdnbXqP3ODU +eRM +--- Rnx74lnZCGcfdWm7D7lqEAdPVvHiHOTA1vF3D8zWO/k ++ZNSlJR3f;}wutc= bG,ZזIK':}1/'8̜f^& \ No newline at end of file diff --git a/secrets/hercules-ci-binary-caches.age b/secrets/hercules-ci-binary-caches.age new file mode 100644 index 0000000..8271565 --- /dev/null +++ b/secrets/hercules-ci-binary-caches.age @@ -0,0 +1,33 @@ +age-encryption.org/v1 +-> ssh-rsa /AagBw +sJupMHG9pWdOYXhvLzhxDRsEvmGKuvd+kEL/E+Pf4LXHpIWGPtKLLrA+3otssOUu +coVYMnuipbg5qndedSwB2u++er0B7HmnZOKcBbL0+9lFLzsbQVdVFMMvSThl7u+2 +1DSH5Fs+i0N4C+YqkxjFE9iitWiimCuIwecL4QF64EKlH9ROYCd+Z+gL2wvnkEze +VLESAwSiBe9swtYc1d0WD/cvMydYsW+gniqkQrjJ4vTsBjHzP3TNhlo0ohmTyuVP +XX6JmEs84XLNYUM6lSetu7LNeCNynbVwoAy+Vy2TBRkFnyJI4DbO95GilMSpdOWA +sMhiPmykyclMsABMM49MUmiZ9Q5rrZN3/Th8AA/niX1t8HLtJAThb5PNrrhl6bNz +Ody5+0eVHmMtNq4ch0FjEXuHMD1snXI3YCXntuPx4VehLuJKOYliXtRzSMA+4RqX +7tTdOo8CZh1x6XKL2uM654TjAYvs/1RFm5faFLycemXxNYsgjJqvuBXRArCO/Zwy +EHdp7bRVqNWqVpSrIghFItdsWeoLVtYHESJQoBZrxzLpKWa01fc0/yutLNX/GXnt +0AxxlYZyuQHg0bazbReAhQujrEnguwubbrCaEgOQdieRVMnin5IAhIfATUhde42H +u9IYIiHPOLoKyBDSi6in+Ns8skAInpGEotORQaLrLRQ +-> ssh-rsa QHr3/A +QMlhLp7XhSZf6l95IdxG2InH8I+OAwQnnKdfgs3mRotsn81M6XUHxbz7UngBxz0a +GBjWm9xdfxiRiqVgJmbxqXlKCgMR+gbCVp0z/7VSQStJoCsU6dJ08WIwDi+mzzVU +OQF0vKp2Uy8401vxhnCM5Rbh1QU0C0Ts3F6QwQ4Cn+VJ52xu98GkNylgoqnhvvVw +tLO8Lar3yxc+drAUgYLi5jDgMOMdmNbdkWz3myBlO8pTsWPAQubd0LDaemmX3B2s +5EGQ4wFm6+mp7PLcCmbizZsdiNBf+jJRTNPu5jYlG1BwDbkMo7fdt/VzHwbvDI9P +vI4ddsp2PQ3FeYOcoZN4xNRTYmx4U1J6iVdhYoDeTuthH8Zc3q0zn9VHVgW9NyT4 +CHaeJeUh9tjSHi8xF3rGWDfYVJBRNuAEoYXRXw5/ts3NFkwZr5BTw7Px9gFAKQvE +Q/gTB8pJC58In5PObjAb/RbDWfdVWEmU7La4MuirOV7/sfUjHmgFxtnoTzw56gkO +64Hz4s2p1WSTrs1VwhKtvU+2R1rm3ndEiPMhJ8D8O2lyzfIDXI5l9uc4xl1M5ccw +f4wVvtvd+SRqmOD0S9rT221nehuDN2VY6QK8rEyDvy43lZRUE4Yc/HYx5J2afI2L +wstnAjyRYlpRmbqxCrxrTosh6P4OeKLyStCz4q0oV1w +-> ssh-ed25519 q+UPnA n4e+taGOqY1ZmcOBzc/wKuUxbONvOw9TiufRwjVstGk +NTFCPxdYTYEsD45ZDZAmyxARd338Pxz+9tfG3yb+/hg +-> ssh-ed25519 OgJHCw HTpnRI0K5iI3CPjvvyTCZzzPYJ5O5mq4d6tcm7FULWI +1znw0AI3awZ4kPDYgC65bWlDxlpn20Jxv8OQxrvwG0I +-> vGa-grease N7"} 5RU@*A ~qey~;7 +pPiCoiU4+wpoY4RzmizS6t35N5cKJPyyudJoQN4 +--- x7dcGSYIyKbYNe/d+jV2yNP6efmF4skCK2j3JpNCn/A +0|kop9*X}gږ瀵ָ \ No newline at end of file diff --git a/secrets/hercules-ci-join-token.age b/secrets/hercules-ci-join-token.age index 69c8170..b26355d 100644 Binary files a/secrets/hercules-ci-join-token.age and b/secrets/hercules-ci-join-token.age differ diff --git a/secrets/home-planimetry.age b/secrets/home-planimetry.age new file mode 100644 index 0000000..92ab86a Binary files /dev/null and b/secrets/home-planimetry.age differ diff --git a/secrets/hydra-admin-password.age b/secrets/hydra-admin-password.age index c481225..91e19cc 100644 Binary files a/secrets/hydra-admin-password.age and b/secrets/hydra-admin-password.age differ diff --git a/secrets/hydra-github-token.age b/secrets/hydra-github-token.age index f9dff08..164f1fd 100644 --- a/secrets/hydra-github-token.age +++ b/secrets/hydra-github-token.age @@ -1,31 +1,31 @@ age-encryption.org/v1 -> ssh-rsa /AagBw -ka5JoOnpYRlDxEeH+SKKWSvHHmkId8irgyX/YJVwM+Hdm/y5lrTgptQO64FW6sT0 -xG6jXwcI1uHrKop4k27+Q44b0jGc4B9qCEchzBpYAVtrwJhbEn5LFPqC/WwcKqmS -Lj1PPoryvh9W7dM5mFL1tppxwBcI9Si/lfXcJ/zDz9SmbsK4tnf9TjVi6A9NVRsX -/gu1vepk2eEdrZQMc6nOTttuWLzRApNz4PqAviyFL5o7Lp9StEy5h8tznzxn7vho -pgUv4uae/I5PwngluvivG9H8V0VhSmzPZODKRQQiOKkm0rrgEhrGFrkXeI0186RF -OiF16Hdlgrr08iLGG5GgTceXSyMUzy5yyTHt2mx3WTMAltRyUh8YzqoZG0dWK2/K -+OlXeFjPB1Tnx+8eZGsbKqj8ldV/faxhkm09xey3JmBbTw/8pjmq3jzb6vzTfLdA -FHI0R2oVk4UEmeG80LIMP5yJ8LfjyGGL3oUiyDWUmmGhLcMnsOnVqepQhaPDl5uv -/tr9oecwutbtliODjX/yMV84aHQHH3VCFS4zKdQsFujWtFUUGPvFGw25Ab2U+H/A -bGu/0czV6XgWFiq5Aw2B7RVaN4h49F9nD1+sh3PPdjxHDslxoYteOjw9/Zpq+NVB -VeVxxdeC+2vdBqLxBFxY6FiOP3h6GabDy8lNicnVfZ4 +mHUoVsSOA9svMr9QR+FnfdkyIhxCLKkg5FSxqKKRhbiRXLrYnAwyHPF36lGu5VYA +PD80cKlQkiYO8d6rl+GIfRIEDEcCJl9W+xDS7QjehXmweRdkhmwoqBoZ1wBMdNt2 +IWTENHtFhru3BF+XKu+pgAEKA7xLBuc1Cc36Rdyjb1Xlq+ddY/IkJkuFsaI7z87D +rvGeQ6lO8ycua/3IjLCi32mqNGVuzg+zG3GkYcImMRgwdXeVKVBHLxaJY4N6TwMe +s2RkG7Wx30uf3LXKRUcF7+cpjXqVwNjbqUNEilVJT0wEBDLAiGwwwd2Dyw5o1A04 +0nAUcqq0ktZlLJRPOw4jHC5bvVqKxFdCL5ABtfC20MoBGrmeGlufu9/MIsHrQ1QR +q5Gb2pot6YP4ANRJuPmczTQvI18gZA4kTaah3DrZ8F9hhpKBW0lZql4dSt669LnP +J+r/pTsBDqcmp4wS8QIe8LDu7GLJkTecAkthKTIpDquZVqeKEpEBqDgfWmBJrubS +E5Xfix4bIXHgYhCxuU8TCAykAY67IpjJ8qfyB6Bl9x6vnvNREoKkBXhLmcvCRPHF +JOaMSaKwiMO6JYhi85sT1Xmw2AR0c4S1Bu2Q7Iz4FkrQRHhJUIdoGEJbdEr1OmVx +4qiiYQCTLA9xf4DT6/j7AmW5K9sLQ6bPOYBQcQ1dPLc -> ssh-rsa QHr3/A -dgK9eeEPxA4l2EoD2g2Lc+4dQXTnd3u2453+mPGlXAOEG+dB9dU3Q1Tvznb1Olau -ndVHPSU9pk+Pyy2aHA8VeOU/5YBp1mnQfsNOSWAJCVeILsMxD3HFmvUqGnoTj+ou -2urD785tFJ4AEoZ09GsLjPru5bGKD966Iq9/Ehf8MKU02dsoqHG5OhTKpL/shM4M -ZP36KV1WJ7LpR9TnUTs764P9yR1SZ5ea8x9e24EoJ9V29ME0n3dhrRTtjskulhh3 -rHHck8GpM5YjIngaeAQE+JONekgGDuapnXp3XvMdNWLYuJOPQd91VutiL8R85/FQ -u5bTOEtyPC/LRlQ0QWuKYAAIFfk09fbJbsZKUIfm+EyDwy0c4N56mTd06CddyTti -Wsjwz2SdP4Xjt7sFT25c1TDOBlcVV1CIJ4hcZFvyvDTDAcc5VqEwfrIVSoMqnpRc -g1X2uRJYghvnt3x2PH4/QdxMzt3vubIvA+hbtQ3NHKP3G2OdxermourksiawzqMi -ucWkaEo+glHN3BoSVCTXp0uQ/r4WikHosf8w1gUYRFzfW3mB5FgsNGg0ymlSWG1Y -4Sctevr6kI/GUsFFNBwH8ub/L8j/jDM3FSwsBTg3MI1LPlgFxTmPrxOeAS6mox9b -NLyBTMmPTyNmHfW3KlRzfeHgBejQoI+WAPbUseNLHjU --> ssh-ed25519 q+UPnA 9dUNBGtGZUV9uALktxQS25kgBDMccgpyigcQsN2tiVw -t5QMleJquBr8LqpLttuAJfp4TUfreeOIkg3/0GW9iLU --> P~/-grease -aMeUuU0 ---- /7SUOvGhJM63EdZevk9oEh+nJa2Bsg4w9Jl7rz06VLA -Ρ7.Xa9cQ-f[1+`C,襟t ,$kuʦצƖN \ No newline at end of file +HU3b1PEZssuD2pUck/3wRa+DNCf3iXzjByhuJ1GRR6PZuyUAieL5iFwTqtPvbGaX +2nz80lWqRn+pu9oFdzatZkXqSNncZyBAKHSgNuiHTX3ZHsRUWluDEqNgcOrzd9n7 +GGNq0Irr32mneGFHEoVRNyhMyQISGi/frZBh3uPCaF5Wnp6cNwh2GLx4lFRh7682 +YObxqzDqwhcaTzhYjtx8baA7H7klgDHXozamzswi98RdgcUs0WjqTq6p7WY85YAj +pEi9eeidL7eIabPNjTPoiCogc1evYyKFqj2g3WlFWPeyTOSheJrRHsA0akejeahr +BScBS0szTgiHdwNgkmRap1q4/7+3PsOlv/KNLbbXRhuTGlIObcUzdsFMb4R49NCd +FHs7aFGy4DSbcZcNaLVAo0iGcX4Vj2AlhGXkXmcAf3sNEbNxSE+0WidqBKbsH3Zd +yl2A2S9z4ouwGkA9CGl1gaKWs6zgFCw1uidg2zdYpcwkWgtVpc+ZWlWwdzzA1T2T +PWUbP7CxO4DMIrOghsbMDxJ1uz70sGZE2mLGEvpoSRCHGCR3I4GyJlMvxbtOVun0 +7EPIK1MO3I+Onv6lsHeJyLp0xcP1e4EVGhRm87Baghpcac6nZ/1tE0rBc5Xt0G0e +8ONtpaL65RqcHqU7xGRJdHCkmUCIVePVWNn2PS3vO3Q +-> ssh-ed25519 q+UPnA M9QSFABS5vUTHeA4iG9bAGSten/cZLWO3zYi8/vBvS8 +ffvUrxE63HyK0z8azRe0MwT2FUoqNo0cv5LLKFST3X0 +-> q-grease ~^p* +ViQ0dEUyUYOFkRSmoCGu3WwLXQ2UB2/PczXH6TT/h/CtH+ST +--- Q51zYmtvyj76SNT1sjEyM8x3kwVfu8Rf5+pHXb4BWzk +#iVTtk a|=1"gӺg'_I1J' Pm -OQ=8+ \ No newline at end of file diff --git a/secrets/magit-forge-github-token.age b/secrets/magit-forge-github-token.age index 55c3bb0..f131507 100644 Binary files a/secrets/magit-forge-github-token.age and b/secrets/magit-forge-github-token.age differ diff --git a/secrets/minio-credentials.age b/secrets/minio-credentials.age new file mode 100644 index 0000000..aeec2e5 --- /dev/null +++ b/secrets/minio-credentials.age @@ -0,0 +1,32 @@ +age-encryption.org/v1 +-> ssh-rsa /AagBw +XPYf9GGWLvhqJZeqOzK0VG/DaMBuB1bTLiG2KbQfF+qDxgDJJiTcM7V8W4PHgoq4 +pfbJ5jZjabuuhR8Uq0UtxH33if3UV4igTkjPUqskjjAQuCmp3Mk5Q3ICYqKgdQ5P +7vMviInUhmDZFCyRbVm8nmU9rKxOcVN493BFDkxPx5k5sEHlBfXYxCnqhCqgkXmY +GAksH7W8mmpO915vk8lRzxVmQLuKNAa/8CyoAaxuQ3zwtomUDOSff3GhpvaI09jb +2kDw094S9iZUKXiI11T6RL1cFQjaNTYc3UlNCrTLHRVMejeTWNgHQYLdzUAHHPAk +mD3g+Kl7fndpJmfNWlmp0Y7WyXUtzPD1D3tHgeOCOVzttBP9bH20D21+8wQ7jprZ +vb0aCMNG7wk/ZAh5eSgKd1UG28bA9RxgerzZl81KMCE4IOPPQLzhzMND803Ce/KC +UXqqWlLjjG6x+3zOwDcBRozNRICpsbWqJP1Oy84zNIr7hZ2rO8d6OVg4sr03rVcW +WwHRs1T2KSql/pvtGm4CVVmD6o4oh/SC/wqP82teS7SPcPwous76SGfvYx7XZtkq ++ERh674tFe3d+o1WJZRQxObrYtf/dh0QZUK5qk0EVEIuraNYyVcmxA56/YqXLMl9 ++otw2EG+V7eORmizBYlbj7rAx2oOmscBT/SOW1H7xkI +-> ssh-rsa QHr3/A +FBdKFx4C6Lq1VYS518Omf7lVCVnuPa4UpnKdeaKOGng0cSHrBuZPU51WMLBZUX6a +rua3wb6Lp7RTBYqD/Qy7TYcxpXrS34srN8wR7re7X8S3+gXOVLBKIOwK4fVY/E6D +SmXlEKrvyXeIKc+caMA0B/od2yNs5meMCyMrO7mWwYjS1qgnbbwld4Z3azEMi407 +6NP7bNUY+XFJpQ8s9mALdSei3pRXMynl6EQX4xq2DYwGjsGkMXV2GJOeRWGytUsZ +HB06T7LCKWnY5JHX/qv7gG7OudIbm91uvrz6JXhQ8ZICwF7qugFV3GITx5ClvGQ0 ++oZo2xKxSOUitrva4p60u6FaaKKbDaJKChmWeORsadKnf6tdE2eon/YEwK0QcV1m +yBP0CwSOv4PC0inXRHwH9m3ufCk0PWFxYdTOy82D1QJW4PqrUIXe1AEyJpWoXJmn ++n0lOMg/ZJhGn1/1ruedF6z6SofG6EAWvJY/739STaegstQy4VLeZt/lz1tO1Y7C +PuUhOdJPk/k8wHVqAzpXylJFW6uUmK8Jb7ivwg9ojspzdcwfH8ZfFVeNQpoLB+f5 +zPqxEcZh4p4dqV9YKbBL3AFyM4HTXMJ30oQc1JIvqTZo3UvyJHxbajk92JSzl3LX +DK79QThXmw/+zqbo8Uz0ye5m79FViif2yPx4bUcqv7A +-> ssh-ed25519 q+UPnA tDxkahP1PKvyR+BFwECga6KBg4THfNkPCkA8LEUC4xM +9dtq1r0pVrz8Arnyae2STJ2CLkcteQiq63wXK5mmyaI +-> lk=-grease q~RgL~ s +XmwcP5ZOkzY8NoHEydrOrKuz7QIqQXf97WdoA6z0JrbVum/B5BHY8T2BNaxlO1eC +0mb0BAcv+nTkIHuOt1mQjZnCxxqLjLqwn0c3TiyWseSHauIEcYUYt97Aew +--- 9dX9gOfN7g1rVUn8HP5FeAqszNkNY1E/TCW5vVFRtt0 +L ssh-rsa /AagBw -ZyAIFd7Y1Gf2IPgt0CpjC71pUwSp+DlS+rGwQlB8IWXUULkzzbO9f/9VAK7NXScu -YaqY5PjgZ9rm7fztJU8LJR+BD8L3VxKSmNIf7UeRjAalC19l4qw4yBq43SPmEBxl -Uzql9M+w+Ad9hyM+zcZC9EBKC6NEgt7nY2V4Ar+xaZrK+422ZzoARh92UPyD2PRr -NTk9SwJnuOUH6VjbtVeTgOumdc5+ervoG+OcYbSx1J8IA+I7sVSTLGIIfyksH/Vb -ISHP6x9258HweDwuCevM6FGpSjo1pZ07vvTrwElCQTmyUI5VSsSivzBsxJW5vTOD -/ZSiNIbWGWaDzBKEZyirLtnx69ymYqQyAzXCH/Syljowan+7x92sAyNjKQ664FP0 -BIkR2Xi/ICnws2v0YmPhQgRHzEoQXYG+A5opAO2hT2hIDGYtPh9bNBjZjXyr+Hh1 -KijGogGeWHE5SxGAV46t80tvo9BbUVhBFKkwezeCoZ8/pzoh7nzkFXyDK2zgWMUW -dEPWolIMLNbvr79oUnkZqHKqtsl/phdrziSt4P8hNtVctfEhChZuTLBHPLx9ac/e -EdU/7sW+XiOJD+BCRyCthAQADSJ4A6iZCp8iCSPts4AV36DFHhX0mG8TOCPF/Djz -t4nI0R/OugAlcaeIU7VBJplAXlwz32B5freu1NF+Cqw +E8eBQYfl3B/dMAQKn/NgL0WpuDkMJETEbMCtmwvXlzMlKeDDHVrESmek7mn0xicW +/nFrAkn0cDxnJDHsb8GPmIYgtgZFOYYsxgLq0O1fwkhrcZuUGC2KM7eB0i3OHXfQ +lUvFbdpC3FLiEE3ttgW4+cNofrJKB6K8/vDqZXZ/0LK4fGxwOmJkdR5qgHuoAYUF +hgMY4hR5gyUQMYl/keNXeCoQsJv5jetTSmrT/3xksQOioncAVdb7D1tX3XMURG6X +3j4V3m0Zj/ObGFcVg2IFqab3Xl5UnR5o3TnhEpHIbbtf0aCx6Z5RBNzp1AXWmisc +9hDhxiHFSdxJ4AoN3ftTL2s98zkR0IWnyvHm7lwMy8B35iV6PQRna+3kEjw33zdP ++ZfMV6BGz1OGGjHZCcE42P7vv+pfkt6Cg7sFGBSbhHw5lf++rNvJXGPx+AEyowAZ +aJSLr2upy7xB9JuCIjl23PQ8/uYDDgmsgwMr4VKYN2gdxmmJHVpcAUBs+0TQC50L +w7IbB3kA1RX+38E3IGqHuRnOhBHGIiHjIzj6A5h4F2IP7BDCkg9WDhU20dn5P+CA +WnRSTR80xumcDgPvmzNSa1sYQ+EGMz71CcZD6iA2rm8aMwjHrhzFoOyo/BK20iOL +SbMra17kXlEpStImmjnKMiDzy7f0VeqUYgERJpPeO84 -> ssh-rsa QHr3/A -nwxD/5nnhhfoFDrfvawR9j9+eSJzeZR4wdHg78iw/YKnz+CrCvlFK9b54WXeqt8M -P9bZurxpNsa1nG31MOmMQcyNKrcrjqfBSa/311FR1NvfvpMasUg3r0f1W9K0MkbL -VV27jyhurCS0AVH5xMZ5uEcH9gXWWkaRWN9mgZ9/kJtr6VqjJdIT/l/0KwXln/EP -tPNkelQWIPhUCQ+w7+a2qg1t0q1b8MM+RXQ33+m9X6DvoNU1V0RKAl0YfBNrcVRL -7FQbeZmJLjLmMeMbLzGdAZZIyoRlllZr9Ho8/q/KHDGBOsAaJt7yZHhHGvvdGdeD -2AXcx9u952QnuL07cwYZTSwh6yfYMvZ/oAdWfVLQ7u0ZLJG4KNyVEnzUKYaJsEgv -97yvsUren+bgSa2xlRtCBDfbspxbjIC8P5pK/dDHoGbNS3dmO9+pVy1oucIBPOHq -eEU8cv4gR+L9JZ+ZyRISYKdlLX4F3rZPDGDuWI3xuv9+Wn5HmKEg6KR5txPR9enz -A/A9M+ByRZfpSHcTQnHCEDVXPA/6s3U368c+97mQkn7zHkKqBz/9xDCRAZ1zJfmX -gnxMgiu69hG40tcOt5lJ7l5Ub7JJRGcju+1LTsrk7dG8rerRcQGVD0RzWBKGs6MC -xPI1UaTSifctYwph3JIE7zSRyKWEXNfIwGUN/IeJ5Qk --> ssh-ed25519 q+UPnA TodcF2hzoDbPkcGP4WvWQ+PtTVW2ae2Nf3kvqNrjuzI -ftRwtL4Gkjj5VU4mw15teicD0aa2qMOZxVUYCVtj+v0 --> ;sH;-grease -ZcjMolRojM91kXtIOEj4C3BplSI8rSALBKn2ny2CfjAS2X5Ml0F/i4SJa7ElVBfI -IvN6OcEf/o5awlcqAC0GtccYwv1X+yASx7HC7jb9Kjd83oULGwY8BuHx0sTm ---- vnVqrDhP0rS+X3DDzDeDdY7Ah+a/+XGAjKabfYMXulk -e>{͗'f%L==J@*aQ5O)RFfcPn*D6{8}.|- \ No newline at end of file +dTFBxgeBt9Aj95j2BsDl5rz+/5JuGjX0rcCShHECHev63oaajuCwgsyk5nfEXrA7 +aJP+Q1D70SJMwc1ghBihMgJFybt9KYHOfMY8TKEVwJ8XqUwQRIrbHTrTAu/N0W/E +4foZPkZhThXlaYpiSWLymgQoU47j0OwSojNph8IcCDy5Yj5em7K9d6m5uwZNAKBk +Z7wJa1QkQPIee2rfN8s8JE6antSt/bNK1+m2wiGQmPLTczYjrDrUfJavRtBp+Y0x +9ZyjVnot24LtmB9kKy7ppcD2QYQ4glZPDyUPSlhukcBiL9yZ+3W7d7n1AqpwXji3 +sOb12Vz/cbPn16dqW9U0lmMl54s2R5gXrRFKf9AzjGg74rQW5N77H67p7it6YpSS +KIUykCP5RHNLvLYSShfMCPupNVj6xF2vg9d81rYrVPIaaFL4kTceANMQva5QISbP +jywaqwtkeTxP1h1qT3YI/wa/VkuLu6TPj/LUeFW3j3ombjVr+onzFShTis1HU63c +iu0Kr+yXTXmOSV+v2qI5g55iv4QXbxblYAH0tgNgbwSFLBanb7vGur6Mlqlz8f5P +EiG4GJFVlonypbAbwhaQcWJ1R3C3s6q4OTGmOsOaKauCfpqEKACyhic8XRGa2D12 +YUvfQsASW+8vcFSuhroVBDVuqWGusbNCoUexdh0pMEM +-> ssh-ed25519 q+UPnA HeB1cwY5NWZ7teu4sx7A4WSIJrKpo3MQFUIhLCM7IX0 +yT+jLOXVIYHw1uemnLQh5IQCWv2BFNvDeEs5oU3jlFg +-> g"BqJngW-grease +9X1m+tqdnsFSBgiKTfknVuM2QhWBpQeJ/BFP +--- usEYjLXQVNV9DyW8FaKJoiQGcvmk3hn5gBTH5Z8Nsfg +??bՌsqj[5@7=Gs_X>M!\mc)Ԏee?"~IA! +G4 \ No newline at end of file diff --git a/secrets/nextcloud-admin-pass.age b/secrets/nextcloud-admin-pass.age new file mode 100644 index 0000000..728fb4a --- /dev/null +++ b/secrets/nextcloud-admin-pass.age @@ -0,0 +1,32 @@ +age-encryption.org/v1 +-> ssh-rsa /AagBw +Cl7b/Czal+2wF9bpdmz0pW4kR3IQ6Yn2HLVm5u1SPelVPxJpvCWKccWF/QD1VZv8 +IXoy7+nKrUz3X5f9MGeVshEakhyOBoeQjAk7WNyh8iR6iOR17Q+z+rHlvL/wZeWo +vPThBhmqcwFlEPDDhg+gD0WVisEKD3JMX+8hK/r0clIoRcBfuOJxsqEOFDDTkDQs +iW0eLw+yi8pN3lnALJSEW0e3TzNLHSz3Zb5iL9ZqWSr5rWi4+K1RDmHOd9HQgn9P +ULzh8Fb4l6h+pgJ/Wn4SBzDFF6aXU/ADteUqd4nxyqeHvLjAHlNYkWGLDQvY6JlF +NoHOJeDr2KR6RFKFPpMKXyqW/MIyxmrLtBhvlPYr/WWSi3w54Y5Nn8IKkSOKZlsv +l6TqAtNL5Mvh6tqnxGIBJgC9CFYTTiHwPFVL5X3PGbnkEWl1oTBfVX9ZAHYi/rla +TsclVlrEGjr1w72FPbuTvLpk3Wam5Nyngk9/hk/ZMqZ4mQGXqHHFGwi79Ws/YvVz +d1llkt+RqKR853daWtp9XadfFRU8XSvf6Eb2Uci59RctxS57ggyE6BMu53rPlTUa +GVegJieRg4tdk2YFSvh5+ZARmynMqVHQanZXoSWvYP1tuWZrudU4AChGYq0C4qv4 +TNLoOAbqa7ZuDNLjdju264lqQK8QFl2BGZGVmEhM+c8 +-> ssh-rsa QHr3/A +UETe1pElxQXUFrVzImihkKDE70453LmOOiHH3xIHlIzJwHfvHDHGRV/Zkez+N4tE +3bDCdxYDP9ZkFaS/b2lMvPYhslsqwdjkfNX5AWaeyceDElphEaohLON0+6oi5yEq +/Y1Y4BNK7iONGlmXxTsoFQvcbt4+/7KmLY+UZsjONcCmWLcMPOjJ/Or5VB2Pglch +ynQ6cJe2i/v36Ff/w50nql2jvkGRXXg/jWDqhRz6fX2i/qnF3QN3xHf0Kxeosm2L +Tdvaj65hX7yUVq7tfiwQtEI/nwWkatyKN2TchpI3y16HnT2VQlsq1YEclLetF9ge +2TfXCTwn1TnELssOLQAk3OMA7aBBNEvD8lheyNLkwIWCDVXs06tAKJdLeeS7B+WB +wtxLXoQIHKIJa8Jt23MhVBuFUPHJr0JEfc5zf9C1weR19nIHffsq/B/0FHk/XWSQ +meNJ9UBMllRVoIRD2Vvfv3/Bj+lQy7zThxk5Wm0SN1K/yCrYZcZQrhNuDVLiW3be +O/myBXKpP+RFEoP/iWh+XXISb4vZQZwlCm5pUexjv5zjRmOp/JchdcsEcNfGNM2c +/mQI5xgssM3M+fNSRAKIw73g7dRc5C85Y13w7e1kPy6cosgmEej8Agf2p3+Xc1hk +1OMvQRGyLKQlQ2K3nrr1CVCC/06prPbNaWqs7vwCUkE +-> ssh-ed25519 OgJHCw WpYoOofNV7IpQ4k0R6RPPW01DIzmRaj+Yos4raBXyB0 +jD/1d5k0TsgUGvMP0rIPGhi3DUwuXjIyxvxG4Ma6LCE +-> R"?&j.ES-grease !S7 L^~I%z +TlbrK6/ZeBsETBs47Owfe0Epny/39QzVO+jJcbAcpP/i6+uJiLJPCW0D4b4FeI4s +bZWstAzjnBOLfA4Kh/KwSOpGnuevAcpb0w +--- uwdVZmP6cHeWJR/yCaXv/MUPy+ULRNLkiXWBp3TrSq4 + Wq+ PF.R]( ]"$So$ \ No newline at end of file diff --git a/secrets/pbp-wireguard-private-key.age b/secrets/pbp-wireguard-private-key.age index 96b410d..4f0fa0c 100644 Binary files a/secrets/pbp-wireguard-private-key.age and b/secrets/pbp-wireguard-private-key.age differ diff --git a/secrets/rock5b-wireguard-private-key.age b/secrets/rock5b-wireguard-private-key.age index 99f30e7..85f2d01 100644 --- a/secrets/rock5b-wireguard-private-key.age +++ b/secrets/rock5b-wireguard-private-key.age @@ -1,34 +1,32 @@ age-encryption.org/v1 -> ssh-rsa /AagBw -BFYnzNCrRsdN6BFF7lujlt4rk0eBMITxptFjrYh9mApIn4aSGUamfR5qHzHIWT2w -KBTlYpc/h/IhWEBVAI/XrpfxY7uYbzFAW5D9pn8nJOGpR23tI06F/lkBtmJbM6FN -c0iDzQS1EZGdDsTB42SqkWfBSMpiwBay3sQSdSjhtFP0yTLPwPL9urpAD/IRTe8c -v2XK79YjgwUHf8S3dJdzRiqaxlK+v+eHia01lRuItzHklWb14bsaFgEpyAJXYEme -e1L3xOc+x2moWwSEgnBiRzu4XkSohslSLM+CAswejW0i/YBRPveDR0YHIgqTjL7e -3s4qVo6p5Q64EDYlvO8Fi0hrz+hu0p59jpoPtrIAGjDiFJQmF1nSBLw8Q40gXy/d -jGCD1l7SKvrx4crwnzuAeMCK9RWi6LtNzXeDG2ygkMmKGWQdKM9fP0AtF1iQSFmW -Rj2JNCb7d67uitkovkwm1pcoVg0Nv3BjFTVf4dt8dxdWZcoPSf5Q2BQmKNuyScoX -Cean8TdS52c87eEklhPOchJE4461MhMYTwJozRqdTWSlFJ7GIzxDKksHY7Xs4oOZ -2CmJjSxAntY13Xm/V6x5MCl/M9yRJ5p6eejzv0nrk63MJQ+9bXCrq4gGwRYDhng3 -jWZOPSLwtPpBGCfPb8/mMmknF5QZBFMViXo1VxGlF8Y +Nw0FFWmDOcYoRT+ZdKU+P+yYRyoVX4dbPfoaBgynAC0wUuWSIorcKNWtl0hgSKTf +TuK7+SOnqeh/au2SzDYR8cDWXx85dfgH8Sqp15q8KjxwFsa3XmHJmDjN/UaSg9g8 +g4FJFyKTeENLt2bawB7UUMwdIKOy/jHaCO5EkFrnH+8sJgskL/v2LU/69jxFDVGN +p94lT0Ak++4mv/e7v5fvsWDZDa8HS1wZw6q1VS7Zhlo8/F2xddHNaW1KaiVJufU5 +hQIlJEM6Ma1lCQSM2dV3DnlD3TqFhntI451jroBfPqI9iCc4PN/FKZuTqdsylwuO +uqlzBzNjGkZmXE3lzve8BwfgL/m1OL5Zkw9rPqP6p2dx36NnG7rUrP5C4f7Rlnxj +8mNJbY+de1dMTQhGR5bciTONgXhFcVobEzlzugINfV+hTkGvC0qaAJUF9wiCZz/t +fYYw/2iKaxuROfkEFimrMbisSZNmdWGUvE/Qy6+dqhxOzy4/8Cmzc8KDalSByjUo +9vYkmBn3KdrR2QmONBPQMT6KW4Vy37jzk9E7qTB4yRNqaygsYcOKNO6hLL+7u+E6 +eDwFlPVxQiMuPejTg8XJjgAX/i2S9MZmsLmxEF8I4JzyYD7gZ6xGstwqcFUBYZN8 +R0xRFpSlh8d9d1AVKEPXnDZwDMI7NAYJDnElBl0uhtY -> ssh-rsa QHr3/A -RYlsXMb4/LEvxDc75aP5Z7MjBkiAmJy+QB6XkJ/tjEPTxH4B97WguNCrmKd1TKkv -NY5WW85mRj5xjcYNx21vXlz0y+NnTB1Jpg3PnxcfiD3F1M9E1kUKSY0Sv/bbi8KT -4JqPkkdbR55csNp76gsdRUweNPVLQCiRXyCYQbD17/KQR1e3gZ1nlHJyOzk8uwcd -6emM0XsVMjhzjwnoHy9rVvL4GYYTsRdMwRd+kDyve4punPKcEYdhnUQse7buaNJs -+tbuMhfNYVSBw5vAXreMVe7Iw6aILQ7Jp7O87eJmefDB/hOSoiXkqPnQELpUwPQO -aBVctDyRX0IoerFXx0/KMsjIO3r+rdVr4aPEqA33ouwzJhggs603023DaDtmTBkW -RZic+BtKIgdi6qQEGShp8SRMLGBWhH0911A6w0wc5k55JhmAEfxx0rcBnDuWjfMb -mPUQWnbejXWz+5UU5QTzkaULDqDXgecDq/tggsbBNF6CffoeSrHFLtfQe8Fv03nX -zwMXyxUaYJqEA+RWlmrBicq3Szin+Kryy9PHf1xpJl7kuE/eMxwK2oOeQldTxdif -H2r4TM4Qp1pAFvwH/PdDg1FzxhT7MvQRpOHOuERZaSyJbi1uxZpEhGL4xBItNiSr -pXoDEDStlcc4u2eM/5G1dHDOljWYsYrkml2ZBaq+/4I --> ssh-ed25519 uy/XKQ 3PT1CZWG9XgErLjp/4xfQA2H7YjuVLqZemPpfk1Rfzo -Maf6azjqf4OClb3Njv++lnJ+0rB86RsXb61v1C/IYkk --> x$=KD+-grease _ Q -xlWMjdHLXOR2Ghtic6ogLRpDZd5yunAKqrbNCJWWd5c+FxKdjlFvQnKE8iZoXEoj -xBGsGJxWwwe4LshbkMxyAuDz6N1kjz6GL+JO7/XrqMf0m3Supqmqir3483tTo2n2 -Xq9s ---- wFqmYwUiaNZW/4LSCZtVnob4z5rfXds3lCawk7Z8E48 -y[\PIA/gJĆ?7[līUI߻yj^Em7cO -x-)>y+KoS9 \ No newline at end of file +bwxQso2CsHig3ZYfQDa16U/8g3OUUAFDGL7xdTNV4vv70sM1QZmpjnruuoJGBb2r +KmfHMDvCVNYjADtf4i1AgOEoHtQP2/bIcuMqq1XQ2baPavF/zmoGB2X5j8dBryq1 +QCNwKHkBCW1myFfq4QVEwiKrJmEP1gH8KL1YYYNkWGpwCohDzbzuT9ccIGCW9lol +hRGPOfkFMm7VLXQ6T1FN+cTy0KgXFXpkZ9fU8x8/HGEFuVT+SJl5NkTCL5Vb1fQC +SWei4qp8eRzhNsQEXmUb6C5J7tp68gbK+0+cV9T+FdENrvgm6dyLCG0N/nR9ahAD ++XDrQgBnmjNJ1xJWj+4D+5OFZhoT5TBIM+UE0dlDutCOpdW4BBO2LlyjYw8cP73E +DsAlYA1Dec32mEcCAeXByVeKkJ4z+0KWPUcjHeHee0sxOKJEGpeRYN0RzVnHjYeQ +zWq9R38mL8DgVvnYYowEjcLGBQ2ZxYRB8BxyIghexBDWM1bxSR+/44E/sGfCvpdf +zCSQDFcHaBUpl5fZ3dhIwRZcOpdiZ6+E35+jmcidxywXftODWAfbjqDiwAFTgzdh +NyhmOFE4pfr0COR2t+dgJJgw1QL3j20uXG9SZnIpDeHcqrLI6UzGbcuRxx4ecytB +0mG9c72QOxOrheF3h3P+0t7+s0w+HHGHuWaUU6xgKak +-> ssh-ed25519 OgJHCw Lu3XhZcYnicrT4H/3gLxREbdN85/eQMvT1gSmcfNVmA +35RGwyLnc2cBB2rLR1Wc6sXrKgI7X7hxiTqS6YCuSJk +-> {G-grease +ICoSFLbdIGh8CEXHI+1dVpdXEsL+LN1GaJJHZsPM6Xp5/i8o5AqthgNproG950zC +UUyrWWjibU2OKUIq4Tm/qKsHuXSABdbcBGbNzPhSNu1PNqTSlg +--- IL5jG4bfjBiyFMDq9AFDtut6IcnC1D0pqhNs9NPzoWM +t!Sˊ4lw` e{MnꁊC qx; 5|Nb"; c`"0GpHFX@'!  \ No newline at end of file diff --git a/secrets/thinkpad-wireguard-private-key.age b/secrets/thinkpad-wireguard-private-key.age index eca3d18..8633b8e 100644 --- a/secrets/thinkpad-wireguard-private-key.age +++ b/secrets/thinkpad-wireguard-private-key.age @@ -1,31 +1,31 @@ age-encryption.org/v1 -> ssh-rsa /AagBw -saA9bW3Ya4oXdTCEKfOVaaJXacVrh6DEvdYufdUGPv7R3y0UMnqVDnADHIr5wEqY -+6iW/+N5p+Xy/4vv2g3oLALhKjv8V5HSwpa8HvMACmwHaz1rNxFEDykCFXTe5YyA -PJNU2Amdj5AGk3vy3H359jNlFPKje5/G8YuZcyGxNXAROFlKIHXyMaMppgvxfFR/ -eBpPbPSYK/Hh77jqRk6u1J0lq3lQVl7wmwVl6/A4NsDFy08uopaUwF8PSLaqaO0O -R+IPW63Ux5uzNKqmtF501FXSz2USukbE9y1+1J6C5GjgtHEYuFiSYOgwulW/m3sV -vCJarodzleKzclzvezaQWTeaOOB8HGtZ4/PBjpDn4hRHEpOpbwLm11I5uwoYoU/S -oAN7QYN+1VCuXkrnRQ3SVcnj5frg8ZiKwLov+TOWNVfdlSO26sUbgDkGwBq9X8lu -7R/Kv3cq7TCu781hxNx8CpH4MkDkkuTNe7hJ6BS3wZm2ydRCXW7y14wFzm4ikRjT -Y0bFAiAHTqA8imATqKTOqfGgMcMpkEvYjajN1/b4KkFdsU0597o6RIWfYgyNWz8k -AnMO0RQ0iS2e5ZehUI40u0CDNWNakpais9qFyuuTe/c2pFUsaG6A9rQ9j959vUDc -naQQJC1gdHM6KC6zuW68bI5cFObKI3VytMFkDf6MF8M +EoQJxS2f+mexI80wIiChd2MdTw/xOxPWwyO+6yoV7BrHA3L14gt+hLPF0yWcsNuf +vtsXpenbMVmVaQJDTE4zCFMAeSp93FW5hilZmumZJY78ItJ73RqIx5wnrp9u41LX +GU/VnUZXhSsJfios/qhCro7bMHfQc9Grqj/ocNwXlaiyH0BU736fWwmI/s84ptdt +67LXwesX/Wv8T+9z6GODObF3XVyo59WdTOzkkRSzaXv0IRV2mQXB1wAB2UxmblHy +L6lVwQkAEgV4ATYbKbTF2PePDDfyIP5gNJKnVuAXrzwjSJvKJR/LVXYlFXf5gTSR +EPrcstIPTEn1Iagc0Cv6BMhiyRENGiCSrdU+l1FQUiD3LHA8HfwfvBcHejJYLsK6 +wQ/5hjYFFtSVXN6l/vRM/JYghjShuz49vXNAOZQy01b+e1+9czReLku4L3BisBd9 +i3efplRfj+aM6PX7tDeAjSfsK2YyOScljsQCwihtf9pg65wpM6/6y+ZCkR1oOH3+ +yIWe2FOsP4yUNV6Auw4J2V2QeQpHskXI/J5YUHfoErlTPfo8CxUB6xz1+ZyEZoZJ +1Bpou/+EtcY4N8HkK279MyHaK4zLC/LezbKdF5ZZuqX8KKK93hpMWveeuSCYMbsh +e5HqPt12SkE54jXT5HTRoN+Ycog6bJF7sWDEQyxIEGw -> ssh-rsa QHr3/A -czpUMbtPlL36Uyalv73eZ5SDuembW519Lvl6+nqE1gTPkMZw75am06tRBS0L2rUH -cdu0VJxuTEia9e2dwE853MhmhK3lu8tl/ZPLsneJ4pUQXdWVMCdYqOVTaX+rWBy5 -o5vTWcPR8A8yeHfXrga8+N9dHQ3sVr5PamgwBEPtm/pSHI9K8TpKKt8zyNw9NF4Y -HzLJloaRCpmk0cQM8YNewEV16kQYrSFYFQguPy9lFJBXqIRzs6GUL7e1s1ddmVOO -J4vGsmpkFZfMoSAvo5ehlpTl3MMP4BswLt8FCJIu5KfPYhPJmJMgy1bvnSyQG433 -RS5coyYNLpJEUVYo0wr+vu/EzBdVEOOjGeyR2OoMfS/rUekqSTyqRzX1YtQqf97P -3Kx0SgIeYF/WwxDGm8thTVP1ZMWVp1deTfBPhhK/7peYZ8Fo+9GTiacdlUnyAUig -WbK+O2FjIBuKOCQ+bIcGPJmxxn4ASH3A8waBVLtuKjD5d/m7EpLDSUh319xhiwIF -zyaQaR6o+vPNCDu8z9nKAQf4uvkCnHJAa7fvnbUisbAOGc6XcplGBDYbZ9Rczsmu -NBk7BFKtKdlhYbF9EY1y/WTfEF8GPucepW6ZqA56ZpMFshTXaaaF3wcy4uMLePG0 -nkrND1PtXcjeKqIXWG6aKtFvtXAhSAsTJNIqGUDW4Dc --> ssh-ed25519 GVMLQg buruvS4d+d2gX4vHAoYR8qS/9fa30Czq0ZQvx87IlCc -RRFwfgDXGnRb5LMhIiFuRQBWeUIUyVFn+jDC2J1Q1+g --> 6+>eCI-grease -BKFvDaaOrnWMmmiATpBxWI5aAUb6Ybfd++ts/CISERSUusBLOSOpxv0 ---- 9D7RlDjroUk+AwV9zfsKwSm3FJ0Aw+YKhIiAQ2JiM88 -ۍ(-ݣ;owةU։; fÓ3Y5q*[=#p_9G2ri[dMP \ No newline at end of file +hrmdI9Wm5O7TldffJwh8uZxpMTOmbjuFC+0aBI914MDOS43jxj+1WSgvPHtUrcej +g5cEap00zy/ujQkwBJgop/dzXY4HB/ALeNlICpALZrXwf0TiszG1X5/hCR5E7THf +/18MM0DG26zoLj2SmUWCxPr9qKFMugee0fCwht5vAQmED4zgWFgSKPO3vVatIe4G +DaTKp5vInWV7M2sMepIGWwC4iq1ut/wB4ij7m6M56yoQnpI5ff9sJCDicLNzS1X2 +q1qLDNGu5miyjaC7wzrCt/ZRhO/MiDTSzjFjuJI9JBtuRlv0bx+m+agCU0IqrCZt +w503eeTOVa+8aZ/ilrfFCuzoVwOujqET2M7AeGP6S8QVNO9ChrDNaW268KiijEv9 +qiMVyZpxHNUp6Jqi4OtS0bznmoNdL9mzYccAifEfzFMZ3UjV8wrNLerPdJwROaNs +gzS7iCPqvLjrcoVLtp8OR6WhhPkhI9s+OQu0AVtVz+uHjBGGTZeDzXfOG25RxOgH +/yFiFKiq7BzvYwbKws2dhtsSYAPVoVbmF9Wb+bBiQE417Ck9d90Fqw9nTXEJ5sHM +Ike3+zHdtEZEhhW4cI/dp+EuMbUAr9xJ8WPj+3OrUV+PIDMjQlB62eVBK/SPXQC8 +tgy0Mnha/DhbzXAJqntLllFo1q92C7C5dGx1Nw0WsLM +-> ssh-ed25519 GVMLQg hmAPLGF9v96SSRNVjt8rnrpRlp1ZTTfCQCBZiuLwM08 +XCPqau2Q/fMg6Quw2STypMGi637AE8nK3B4ZbVQ2quo +-> Z-grease +M4rzohgQe3p0eqL+iwEuisj4jqK2gO7faxHx1tCpl4GTmfM +--- tIQ2y9KNde1jK2JiRZXPWIetQ2sx2zT+32bB8BhK9LI +kͷ(WL!a>rFX8\z`}mb.r*)ۺ-HK->CDwOYH>:?u \ No newline at end of file diff --git a/secrets/transmission-password.age b/secrets/transmission-password.age new file mode 100644 index 0000000..33cb322 --- /dev/null +++ b/secrets/transmission-password.age @@ -0,0 +1,31 @@ +age-encryption.org/v1 +-> ssh-rsa /AagBw +OnJJd4dsdjmw8/RsSc7GDbmM1BA+kaNNz6X3YGHcBYzh5IXTioxyoHmV9/yyx8gC +oXPRVclAfohJSGGYF6q/36WBI8iQGB7koufAosH8wobCwXwjEKJeffVdvnyAUWPU +IeG4s/vURvC5Pt3dgI7Ot2FChH3JLdl5Vvr7+TTqgymiaAw5y3LuVNsnD/AakCoZ +lmFAHE3diTdeXi5pj5FjDeEKZ0M/CWPodMPGw0naaAfgVD+pRwEvdYMPEhKL5bwf +BggDTCu8H+af0A0T+gUsQOXK1UvtSqGApMUDwTj7DDehOOJgnH0qgM0Zzt/gyYMq +GKIdCdF7iQ7g0p5GIf9MWlushX77CB54xR/tLlhkaQC7QeGDDH2QjA0nxAdzXYcO +zY3gLzLggWzDKNkQXOORRvflNXmNBuMr8xg6QpHnzgVXlPHGYwOYERsiDsw97dAq +iXLFgRB7Ie0LX9ulfolI8fkxsGov1gjLKj7y2DZjRXGDR3bW8Q/03bQS/pvdWm54 +Tw1ddJsnNaZwF9gSOaXjLalfxsc3UT+u+Dh3w/jqTOCxW07aCzEuRnWk3Ofm3M8a +vB5EM7GqrrXBDqMvkWKZDMEsQMAp4l73hnCBV6snhc88oE6y4aMrClFk9cL1IXoG +ZpeB2wAovWfsLfYGK3f3hnpUDSpBx9yXmdlTP6SqElI +-> ssh-rsa QHr3/A +otnMUWxU6M3umaEVYAAD1khz5rNOYc/SEhTls/uMuNz69JJbt5bTwQW25AhrbJM4 +XmMnyfV9uT9wUhm5Kl1RALp49Lk8O+OVU9j3I57OQfAOBqM3xHYwKvaZx/ilf4we +atQa/Loi6NiTX3Q1ZWK8X7iL9g0FujhFisC60oHedctO0LUxOuSOulV1bjwm9Fn/ +sMzq6dSWTrPn6hUg+eh02Wi4Tx0qfn5D9bzYIG4bPEqJ25Ex6LVVL1ljMoqOO8I2 +rxKdET8kjRRAorDlMxeDZXoJyUl8zCV+LejgCP8MKKlWjS96IRtKhC3Z4+hmC/Jx +PwwketOwpsRoLF216KDNPW0mx3W09zKQrb+aIZs2Q1NYvVGRe6FjwJdghl13LjQj +DXUlWgcb9Laiq69+qXUptPtb+rk72Pevf7d/1cFc5nqFEYIQ97gKsIiD9et5fJVr +PjG9SKslih2ujqb1rvGi943RDcsqPQhrWwYhffw912HEk6X7qndWluvRBv7Cbqy5 +cM3vSSRdkfzcY/ZPYTzBKgVD8d6dWKGxPi+MA3jcloJzIP7N6Jp8YJiKzEQlD4b6 +LLfriYUEbt2fZlr73sTbxW3PccvWSCXP0rK5VAx1aGoURGCfgPT6dJlvXz0XvBJT +AZl4zy8Tb9cM7gGb7URKAtgmv826Z4RoLbzMJxQA5CY +-> ssh-ed25519 uy/XKQ qbtV8pB3IfyhpYWmHhpeXhKc5afjWi0ol9FBco67emo +Qg1C5qL0uHE5oSHirkElcYfz9oGVyMym/buqhpZj7/Q +-> +RX+-grease .Y~^( +B5cjq3aMbIUhkqde3jbzNmk75u5h7UfjN2a3MCTDO4mx4z/iXdCpZYtI +--- RxhHJzByHlwEzzzV7fS5Iy/O/d/NhxQHQ5kRBHO8FdE +8̿~ue[ 4tFpKɽGnڇBPFRr<$fو7y$7PU \ No newline at end of file