From 4e489a8145e3e55137cbd1437a3adb0659a4c76b Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Tue, 20 Aug 2024 19:17:08 -0400 Subject: [PATCH 01/66] rotate --- systems/artemision/configuration.nix | 3 ++- systems/palatine-hill/configuration.nix | 1 + users/alice/secrets.yaml | 7 ++++--- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/systems/artemision/configuration.nix b/systems/artemision/configuration.nix index 05af60e..b436f49 100644 --- a/systems/artemision/configuration.nix +++ b/systems/artemision/configuration.nix @@ -70,9 +70,10 @@ }) { inherit (pkgs) system; }).fwupd; }; - fprintd.enable = true; + fprintd.enable = lib.mkForce false; openssh.enable = lib.mkForce false; + journald.storage = "volatile"; spotifyd = { enable = true; settings = { diff --git a/systems/palatine-hill/configuration.nix b/systems/palatine-hill/configuration.nix index 1c48d0a..23b2789 100644 --- a/systems/palatine-hill/configuration.nix +++ b/systems/palatine-hill/configuration.nix @@ -63,6 +63,7 @@ nfs.server.enable = true; openssh.ports = [ 666 ]; smartd.enable = true; + journald.storage = "volatile"; postgresql = { enable = true; diff --git a/users/alice/secrets.yaml b/users/alice/secrets.yaml index 14074d7..6a7b6c9 100644 --- a/users/alice/secrets.yaml +++ b/users/alice/secrets.yaml @@ -1,5 +1,6 @@ alice: - user-password: ENC[AES256_GCM,data:ew2R77T02LYby9fclYYqYXQBgDtKf7miFYMeS70/hj30fFw580qRCPeVicILB5UTnZCIoPf24ZCr2DGJ3UBrk8cvYQ285i0FWD/OfLAqZ/Tosi36MJKv6Nob/Z/vAltHIVqBJA5UiAU58UohbBos1lfZMWGFsg==,iv:mpIf9n4MgbbjD2jFkVGAL/lGNh5VW81FIzvmb1x/H1I=,tag:MVZRrHxxyDwu2mbRQMz9VA==,type:str] + user-password: ENC[AES256_GCM,data:+cM85X1vapqfQdJ+Dv6YvT5qHlvsmaXPRbvKRHtCkPT3wdw4f7tLHLFmvWnak7CRezI00PxVEtCZL5mqLyN2HaU4OqIk/9fgqczIzemwBlMGJt+ndwG4oqBqE0ymtzmy8MA59wonRqoxzYKQfAGQsprdCIovrg==,iv:BtSDBgvQeZdTY1KUClnt9V8qHcS/gouaaQw342tk4Sg=,tag:T7tzyKuCo83s78ca7f4KDQ==,type:str] + #ENC[AES256_GCM,data:6+dLs8opC27IrHJCPfL2c7KiLbaQTqI6oRKpIZLR4+P9gTupziAhCm/G7RY01gVPSgxdBpJ6L4xVbcMEg9hDKBMI4naF9arNrFsV6WXNc+LA5BYyT9L9G1nDea8fPFYDSF2537eLgLqWNE1WSsUOrz/WOxbE6g==,iv:AxsdKmGz6qEYlWY08q/2hqsm0EXaqodwD/7OJg4FAIY=,tag:EgfL3I1VBXtFgIdTOW5eBA==,type:comment] #ENC[AES256_GCM,data:vUMcowHjlQA0RWflfaQhZKkalO39epYi6N9PPW8=,iv:6DFqHlQR+mi+ZkfMUhlhwvpMwnxXNfQV6+sYgPzSj4I=,tag:Pz1zJayscGckPO8Q2ZVb4g==,type:comment] gha-hydra-token: ENC[AES256_GCM,data:rYDYIn7MAF4pSZQj+Nln2z9J+AxvuSzumthL86njpKETutArrw+9iX2hHJt5t513NHH03tMtZOFqM60/pzWg4YXVQOSpQmq8QOelD7qCdfCr4Z2QSeOHqXqwKy21iWtoVbxOXWunVxLzkWMJrpHkpVsiBA75Nv66ftKEjN80QNGik6xQE1iPsCB2JHeqYNIr8gtPkCr7H5Pt4yBBO/1rsyONrbNlwmzVX78eqXxmc43XOiNVjEsk8ekJxJ9mn5S6JcPNehBcnZA0kWAIxvtDIPYKnz4YBIXoilBbjgytXL8nw3PkEX27x5yeg9KfxPxO/4CGoi5wfKsYuEynBdWbHtj6a3H0AvA9KIZzktTRNJFU3ZW8UveSCXY4YHl0NREJ8kbIUgkkE7PWeyzGenGFTPMahTA0rKSa+tWPQ1c00lvo9VS3/7pfeJfZEKS7R2xBaEDZrfffHyB5PLTQOGpWl5y40wTn4HdBlyQwoREvobOaKVZEyWtVvJcUeHDPepgEHGVDzwyTelX8Btb6ZNA0Fur8xvpkLZcLmMhbvCdkjq84ztJ36nQQ5JZthecyqcZTWPyfWtPeoUPVIaxn31oLjwsriDwdQmID6twTjC9PT8nBZD/u0JebOCdeYf8fm9q49SaN2w/ZMdSRWucHUsRXeN9O149vYoOqR28H+8v/tYJdqofJpHKrIBs=,iv:GcEV6f4rqkrpCafeaLNMqqU/vBNE0xHbqokL2gMXHYw=,tag:sCHvUgq1w8npedjIAninrA==,type:str] wakatime-api-key: ENC[AES256_GCM,data:ITu5pRySYGCJ6q9IQ35NfpGX2FyIJRYHGDeBiq0btzIrqitxcFox1Vc=,iv:HsXpyFHV7dG5qORk26BtD+kFo4Jdq2c4fozMpoqyDfU=,tag:uaQoXvvYqNfmRXVDVH8AoQ==,type:str] @@ -54,8 +55,8 @@ sops: cGtqTDlOYzhpTEFuZlpvL0c2QmpWWGcKbTQUBfg4yEtTPx8srahWcJyZ3C2w9qZV Jd9406qhXOXDKS/zlNXofYC00TWRFBR85gbZIqBq/VQd0lD93Xue6A== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-07-28T03:34:45Z" - mac: ENC[AES256_GCM,data:Un+CZxIrsY/z529dbbmnbumgg8NYQHACYRCh9y6y86tfO4GN6wN9w8xpXYCaOtndMPiTxo9KmHlu0jsESbdJJhW2+z/lbxT+1wfcQRggu79xu6UYYZcxNWcYhDzPA87tc05dZfFTDjQHYS8uVHCjU0DrG7FhgSURqPmQjuUeKdA=,iv:W3DRJAyGR+IAG4uTqj/OjQhXYCa53BmK9F2+zp/MPEw=,tag:exhtk4PZBO8m+RdFTIIwQQ==,type:str] + lastmodified: "2024-08-20T23:15:03Z" + mac: ENC[AES256_GCM,data:VnLd4N2l7JTKA7f4eh9EKilW2f8mmEmLc06WbHASOn6N+MIGPHwyLjLbPVECuXiVl95cs0+uWsFOPEbLiS6XTB/gZE1OZMYqk0x7FVkQNxMdWwcVAQnncC6i/cdBTAx+GW1iF6Cf2eLY1wNNiASk/Bz8u3r4UJ4QFXuMovPsfxw=,iv:Cr1bAYrwlK+ClRFDsiUdEIqXDU7onubthDEQDlTM3S4=,tag:EyfcNB0xKrFRjbp517akpg==,type:str] pgp: - created_at: "2024-05-26T22:56:17Z" enc: |- From d07bc4ea1990cfb13fb2f34b15503acae4338223 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Tue, 20 Aug 2024 20:13:59 -0400 Subject: [PATCH 02/66] remove richie --- .sops.yaml | 43 +-- systems/jeeves-jr/arch_mirror.nix | 28 -- systems/jeeves-jr/configuration.nix | 47 --- systems/jeeves-jr/default.nix | 7 - systems/jeeves-jr/docker/default.nix | 11 - systems/jeeves-jr/docker/haproxy.cfg | 46 --- systems/jeeves-jr/docker/uptime_kuma.nix | 16 - systems/jeeves-jr/docker/web.nix | 41 --- systems/jeeves-jr/hardware.nix | 40 --- systems/jeeves-jr/home_assistant.nix | 49 --- systems/jeeves-jr/networking.nix | 43 --- systems/jeeves-jr/secrets.yaml | 65 ---- systems/jeeves-jr/services.nix | 33 -- systems/jeeves-jr/vars.nix | 10 - systems/jeeves/arch_mirror.nix | 29 -- systems/jeeves/configuration.nix | 165 ---------- systems/jeeves/default.nix | 7 - systems/jeeves/docker/default.nix | 11 - systems/jeeves/docker/filebrowser.nix | 15 - systems/jeeves/docker/haproxy.cfg | 68 ---- systems/jeeves/docker/internal.nix | 149 --------- systems/jeeves/docker/postgresql.nix | 37 --- systems/jeeves/docker/uptime_kuma.nix | 16 - systems/jeeves/docker/web.nix | 65 ---- systems/jeeves/hardware.nix | 45 --- systems/jeeves/networking.nix | 40 --- systems/jeeves/programs.nix | 4 - systems/jeeves/scripts/plex_permission.sh | 7 - systems/jeeves/secrets.yaml | 78 ----- systems/jeeves/services.nix | 52 --- systems/jeeves/snapshot_config.toml | 29 -- systems/jeeves/vars.nix | 23 -- systems/palatine-hill/keys/zfs-attic-key | 31 -- systems/palatine-hill/keys/zfs-backup-key | 31 -- systems/palatine-hill/keys/zfs-calibre-key | 31 -- systems/palatine-hill/keys/zfs-db-key | 31 -- systems/palatine-hill/keys/zfs-docker-key | 31 -- systems/palatine-hill/keys/zfs-games-key | 31 -- systems/palatine-hill/keys/zfs-hydra-key | 31 -- systems/palatine-hill/keys/zfs-libvirt-key | 31 -- systems/palatine-hill/keys/zfs-main-key | 31 -- systems/palatine-hill/keys/zfs-nxtcld-key | 31 -- systems/palatine-hill/keys/zfs-torr-key | 31 -- systems/palatine-hill/keys/zfs-var-docker-key | 31 -- systems/palatine-hill/secrets.yaml | 60 ++-- users/alice/secrets.yaml | 78 ++--- users/richie/default.nix | 19 -- users/richie/global/desktop.nix | 12 - .../file_server/sites/000-default.conf | 17 - users/richie/global/ssh.nix | 1 - users/richie/global/syncthing_base.nix | 18 -- users/richie/global/zerotier.nix | 6 - users/richie/home.nix | 17 - users/richie/home/cli/default.nix | 9 - users/richie/home/cli/direnv.nix | 8 - users/richie/home/cli/git.nix | 7 - users/richie/home/cli/zsh.nix | 33 -- users/richie/home/gui/default.nix | 26 -- users/richie/home/gui/firefox.nix | 297 ------------------ users/richie/home/gui/vscode/default.nix | 17 - .../home/gui/vscode/extension_manager.py | 68 ---- users/richie/home/gui/vscode/keybindings.json | 20 -- users/richie/home/gui/vscode/settings.json | 57 ---- users/richie/home/programs.nix | 48 --- users/richie/home/sshconfig.nix | 41 --- users/richie/secrets.yaml | 80 ----- 66 files changed, 52 insertions(+), 2578 deletions(-) delete mode 100644 systems/jeeves-jr/arch_mirror.nix delete mode 100644 systems/jeeves-jr/configuration.nix delete mode 100644 systems/jeeves-jr/default.nix delete mode 100644 systems/jeeves-jr/docker/default.nix delete mode 100644 systems/jeeves-jr/docker/haproxy.cfg delete mode 100644 systems/jeeves-jr/docker/uptime_kuma.nix delete mode 100644 systems/jeeves-jr/docker/web.nix delete mode 100644 systems/jeeves-jr/hardware.nix delete mode 100644 systems/jeeves-jr/home_assistant.nix delete mode 100644 systems/jeeves-jr/networking.nix delete mode 100644 systems/jeeves-jr/secrets.yaml delete mode 100644 systems/jeeves-jr/services.nix delete mode 100644 systems/jeeves-jr/vars.nix delete mode 100644 systems/jeeves/arch_mirror.nix delete mode 100644 systems/jeeves/configuration.nix delete mode 100644 systems/jeeves/default.nix delete mode 100644 systems/jeeves/docker/default.nix delete mode 100644 systems/jeeves/docker/filebrowser.nix delete mode 100644 systems/jeeves/docker/haproxy.cfg delete mode 100644 systems/jeeves/docker/internal.nix delete mode 100644 systems/jeeves/docker/postgresql.nix delete mode 100644 systems/jeeves/docker/uptime_kuma.nix delete mode 100644 systems/jeeves/docker/web.nix delete mode 100644 systems/jeeves/hardware.nix delete mode 100644 systems/jeeves/networking.nix delete mode 100644 systems/jeeves/programs.nix delete mode 100644 systems/jeeves/scripts/plex_permission.sh delete mode 100644 systems/jeeves/secrets.yaml delete mode 100644 systems/jeeves/services.nix delete mode 100644 systems/jeeves/snapshot_config.toml delete mode 100644 systems/jeeves/vars.nix delete mode 100644 systems/palatine-hill/keys/zfs-attic-key delete mode 100644 systems/palatine-hill/keys/zfs-backup-key delete mode 100644 systems/palatine-hill/keys/zfs-calibre-key delete mode 100644 systems/palatine-hill/keys/zfs-db-key delete mode 100644 systems/palatine-hill/keys/zfs-docker-key delete mode 100644 systems/palatine-hill/keys/zfs-games-key delete mode 100644 systems/palatine-hill/keys/zfs-hydra-key delete mode 100644 systems/palatine-hill/keys/zfs-libvirt-key delete mode 100644 systems/palatine-hill/keys/zfs-main-key delete mode 100644 systems/palatine-hill/keys/zfs-nxtcld-key delete mode 100644 systems/palatine-hill/keys/zfs-torr-key delete mode 100644 systems/palatine-hill/keys/zfs-var-docker-key delete mode 100644 users/richie/default.nix delete mode 100644 users/richie/global/desktop.nix delete mode 100644 users/richie/global/docker_templates/file_server/sites/000-default.conf delete mode 100644 users/richie/global/ssh.nix delete mode 100644 users/richie/global/syncthing_base.nix delete mode 100644 users/richie/global/zerotier.nix delete mode 100644 users/richie/home.nix delete mode 100644 users/richie/home/cli/default.nix delete mode 100644 users/richie/home/cli/direnv.nix delete mode 100644 users/richie/home/cli/git.nix delete mode 100644 users/richie/home/cli/zsh.nix delete mode 100644 users/richie/home/gui/default.nix delete mode 100644 users/richie/home/gui/firefox.nix delete mode 100644 users/richie/home/gui/vscode/default.nix delete mode 100644 users/richie/home/gui/vscode/extension_manager.py delete mode 100644 users/richie/home/gui/vscode/keybindings.json delete mode 100644 users/richie/home/gui/vscode/settings.json delete mode 100644 users/richie/home/programs.nix delete mode 100644 users/richie/home/sshconfig.nix delete mode 100644 users/richie/secrets.yaml diff --git a/.sops.yaml b/.sops.yaml index 29ebd08..3c5974c 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -9,20 +9,10 @@ keys: # cspell:disable - &artemision age1jd2dcpykagz20kpk2kkchte3augqncwfn6nywursx0dkfyze6feqdzxkq2 - &artemision-home age1t29a6z6cfy8m3cnc8uva0ey833vhcppue8psyumts7mtyf0zufcqvfshuc - - &bob age13jg97cvy63fzd2ccthcwvfyyxzw5vmwun8s0afq5l4xm0mhl6pjqhne063 - - &jeeves age128ehc0ssgwnuv4r8ayfyu7r80e82xrkmv63g7h9y9q4mhk4w9dyqfymc2w - - &jeeves-jr age1lffr5f5nz0nrenv3ekgy27e8sztsx4gfp3hfymkz77mqaa5a4gts0ncrrh - &palatine-hill age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej - - &rhapsody-in-green age1c7adjulcrma0m7l5ur8efxdjzyskrqcwssfkt77a9rmma7gzss5q02pgmy # cspell:enable -admins: &admins - - *admin_alice - - *admin_richie - servers: &servers - - *jeeves - - *jeeves-jr - *palatine-hill # add new users by executing: sops users//secrets.yaml @@ -31,38 +21,19 @@ servers: &servers # update keys by executing: sops updatekeys secrets.yaml # note: add .* before \.yaml if you'd like to use the mergetool config creation_rules: - - path_regex: systems/jeeves/secrets\.yaml$ - key_groups: - - pgp: *admins - age: - - *jeeves - - - path_regex: systems/jeeves-jr/secrets\.yaml$ - key_groups: - - pgp: *admins - age: - - *jeeves-jr - - path_regex: users/alice/secrets.*\.yaml$ key_groups: - pgp: - *admin_alice age: - *palatine-hill - - *jeeves - - *jeeves-jr - *artemision - *artemision-home - path_regex: systems/palatine-hill/secrets.*\.yaml$ key_groups: - - pgp: *admins - age: - - *palatine-hill - - - path_regex: systems/palatine-hill/keys/zfs-.*-key$ - key_groups: - - pgp: *admins + - pgp: + - *admin_alice age: - *palatine-hill @@ -73,13 +44,3 @@ creation_rules: age: - *artemision - - path_regex: users/richie/secrets\.yaml$ - key_groups: - - pgp: - - *admin_richie - age: - - *palatine-hill - - *jeeves - - *jeeves-jr - - *rhapsody-in-green - - *bob diff --git a/systems/jeeves-jr/arch_mirror.nix b/systems/jeeves-jr/arch_mirror.nix deleted file mode 100644 index af5fc99..0000000 --- a/systems/jeeves-jr/arch_mirror.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ inputs, pkgs, ... }: -let - vars = import ./vars.nix; -in -{ - virtualisation.oci-containers.containers.arch_mirror = { - image = "ubuntu/apache2:latest"; - volumes = [ - "${../../users/richie/global/docker_templates}/file_server/sites/:/etc/apache2/sites-enabled/" - "${vars.main_mirror}:/data" - ]; - extraOptions = [ "--network=web" ]; - autoStart = true; - }; - - systemd.services.sync_mirror = { - requires = [ "network-online.target" ]; - after = [ "network-online.target" ]; - wantedBy = [ "multi-user.target" ]; - description = "validates startup"; - path = [ pkgs.rsync ]; - serviceConfig = { - Environment = "MIRROR_DIR=${vars.main_mirror}/archlinux/"; - Type = "simple"; - ExecStart = "${inputs.system_tools.packages.x86_64-linux.default}/bin/sync_mirror"; - }; - }; -} diff --git a/systems/jeeves-jr/configuration.nix b/systems/jeeves-jr/configuration.nix deleted file mode 100644 index 7c45f78..0000000 --- a/systems/jeeves-jr/configuration.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ pkgs, ... }: -{ - imports = [ - ../../users/richie/global/ssh.nix - ./arch_mirror.nix - ./docker - ./home_assistant.nix - ./networking.nix - ./services.nix - ]; - - boot = { - zfs.extraPools = [ "Main" ]; - filesystem = "zfs"; - useSystemdBoot = true; - }; - - environment.systemPackages = with pkgs; [ docker-compose ]; - - services = { - openssh = { - ports = [ 352 ]; - listenAddresses = [ - { addr = "192.168.95.35"; } - { addr = "192.168.90.35"; } - ]; - }; - - smartd.enable = true; - - sysstat.enable = true; - - usbguard = { - enable = true; - rules = '' - allow id 1532:0241 - ''; - }; - - zfs = { - trim.enable = true; - autoScrub.enable = true; - }; - }; - - system.stateVersion = "23.05"; -} diff --git a/systems/jeeves-jr/default.nix b/systems/jeeves-jr/default.nix deleted file mode 100644 index 01f0304..0000000 --- a/systems/jeeves-jr/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ ... }: -{ - users = [ - "alice" - "richie" - ]; -} diff --git a/systems/jeeves-jr/docker/default.nix b/systems/jeeves-jr/docker/default.nix deleted file mode 100644 index e384ee5..0000000 --- a/systems/jeeves-jr/docker/default.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ lib, ... }: -{ - imports = - let - files = builtins.attrNames (builtins.readDir ./.); - nixFiles = builtins.filter (name: lib.hasSuffix ".nix" name && name != "default.nix") files; - in - map (file: ./. + "/${file}") nixFiles; - - virtualisation.oci-containers.backend = "docker"; -} diff --git a/systems/jeeves-jr/docker/haproxy.cfg b/systems/jeeves-jr/docker/haproxy.cfg deleted file mode 100644 index 67f6b58..0000000 --- a/systems/jeeves-jr/docker/haproxy.cfg +++ /dev/null @@ -1,46 +0,0 @@ -global - log stdout format raw local0 - -defaults - log global - mode http - retries 3 - maxconn 2000 - timeout connect 5s - timeout client 50s - timeout server 50s - timeout http-request 10s - timeout http-keep-alive 2s - timeout queue 5s - timeout tunnel 2m - timeout client-fin 1s - timeout server-fin 1s - - -#Application Setup -frontend ContentSwitching - bind *:80 - bind *:443 ssl crt /etc/ssl/certs/cloudflare.pem - mode http - - # tmmworkshop.com - acl host_mirror hdr(host) -i mirror.tmmworkshop.com jeeves - acl host_uptime_kuma hdr(host) -i uptimekuma-jeevesjr.tmmworkshop.com - acl host_homeassistant hdr(host) -i homeassistant.tmmworkshop.com - - use_backend mirror_nodes if host_mirror - use_backend uptime_kuma_nodes if host_uptime_kuma - use_backend home_asistant_nodes if host_homeassistant - -# tmmworkshop.com -backend mirror_nodes - mode http - server server arch_mirror:80 - -backend uptime_kuma_nodes - mode http - server server uptime_kuma:3001 - -backend home_asistant_nodes - mode http - server server 192.168.95.35:8123 diff --git a/systems/jeeves-jr/docker/uptime_kuma.nix b/systems/jeeves-jr/docker/uptime_kuma.nix deleted file mode 100644 index 3a46640..0000000 --- a/systems/jeeves-jr/docker/uptime_kuma.nix +++ /dev/null @@ -1,16 +0,0 @@ -let - vars = import ../vars.nix; -in -{ - virtualisation.oci-containers.containers = { - uptime_kuma = { - image = "louislam/uptime-kuma:latest"; - volumes = [ - "${vars.main_docker_configs}/uptime_kuma:/app/data" - "/var/run/docker.sock:/var/run/docker.sock" - ]; - extraOptions = [ "--network=web" ]; - autoStart = true; - }; - }; -} diff --git a/systems/jeeves-jr/docker/web.nix b/systems/jeeves-jr/docker/web.nix deleted file mode 100644 index c518459..0000000 --- a/systems/jeeves-jr/docker/web.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ config, ... }: -{ - virtualisation.oci-containers.containers = { - haproxy = { - image = "haproxy:latest"; - user = "600:600"; - environment = { - TZ = "Etc/EST"; - }; - volumes = [ - "${config.sops.secrets."docker/haproxy_cert".path}:/etc/ssl/certs/cloudflare.pem" - "${./haproxy.cfg}:/usr/local/etc/haproxy/haproxy.cfg" - ]; - dependsOn = [ - "arch_mirror" - "uptime_kuma" - ]; - extraOptions = [ "--network=web" ]; - autoStart = true; - }; - cloud_flare_tunnel = { - image = "cloudflare/cloudflared:latest"; - cmd = [ - "tunnel" - "run" - ]; - environmentFiles = [ config.sops.secrets."docker/cloud_flare_tunnel".path ]; - dependsOn = [ "haproxy" ]; - extraOptions = [ "--network=web" ]; - autoStart = true; - }; - }; - sops = { - defaultSopsFile = ../secrets.yaml; - secrets = { - "docker/cloud_flare_tunnel".owner = "docker-service"; - "docker/haproxy_cert".owner = "docker-service"; - }; - }; - -} diff --git a/systems/jeeves-jr/hardware.nix b/systems/jeeves-jr/hardware.nix deleted file mode 100644 index 8c7c11f..0000000 --- a/systems/jeeves-jr/hardware.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ - config, - lib, - modulesPath, - ... -}: -{ - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - swapDevices = [ { device = "/dev/disk/by-uuid/9d4ef549-d426-489d-8332-0a49589c6aed"; } ]; - boot = { - kernelModules = [ "kvm-amd" ]; - extraModulePackages = [ ]; - initrd = { - kernelModules = [ ]; - availableKernelModules = [ - "xhci_pci" - "ahci" - "nvme" - "usbhid" - "usb_storage" - "sd_mod" - ]; - }; - }; - - fileSystems = { - "/" = lib.mkDefault { - device = "/dev/disk/by-uuid/c59f7261-ebab-4cc9-8f1d-3f4c2e4b1971"; - fsType = "ext4"; - }; - - "/boot" = { - device = "/dev/disk/by-uuid/7295-A442"; - fsType = "vfat"; - }; - }; -} diff --git a/systems/jeeves-jr/home_assistant.nix b/systems/jeeves-jr/home_assistant.nix deleted file mode 100644 index 6b8e6d5..0000000 --- a/systems/jeeves-jr/home_assistant.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ - services.home-assistant = { - enable = true; - openFirewall = true; - config = { - http = { - server_port = 8123; - server_host = [ - "192.168.95.35" - "192.168.90.35" - "192.168.98.4" - ]; - use_x_forwarded_for = true; - trusted_proxies = "172.100.0.4"; - }; - homeassistant = { - time_zone = "America/New_York"; - unit_system = "imperial"; - temperature_unit = "F"; - }; - assist_pipeline = { }; - backup = { }; - bluetooth = { }; - config = { }; - dhcp = { }; - energy = { }; - history = { }; - homeassistant_alerts = { }; - image_upload = { }; - logbook = { }; - media_source = { }; - mobile_app = { }; - ssdp = { }; - sun = { }; - webhook = { }; - zeroconf = { }; - }; - extraPackages = - python3Packages: with python3Packages; [ - psycopg2 - gtts - aioesphomeapi - esphome-dashboard-api - bleak-esphome - pymetno - ]; - extraComponents = [ "isal" ]; - }; -} diff --git a/systems/jeeves-jr/networking.nix b/systems/jeeves-jr/networking.nix deleted file mode 100644 index 09d5314..0000000 --- a/systems/jeeves-jr/networking.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ - networking = { - hostId = "1beb3026"; - firewall.enable = false; - }; - - systemd.network = { - enable = true; - - netdevs = { - "20-ioit-vlan" = { - netdevConfig = { - Kind = "vlan"; - Name = "ioit-vlan"; - }; - vlanConfig.Id = 20; - }; - }; - - networks = { - "10-lan" = { - matchConfig.Name = "enp4s0"; - DHCP = "yes"; - vlan = [ "ioit-vlan" ]; - linkConfig.RequiredForOnline = "routable"; - }; - "40-ioit-vlan" = { - matchConfig.Name = "ioit-vlan"; - DHCP = "yes"; - }; - }; - }; - - services.zerotierone = { - enable = true; - joinNetworks = [ "e4da7455b2ae64ca" ]; - }; -} -# 22/tcp open ssh -# 800/tcp open mdbs_daemon -# 5355/tcp open llmnr -# 8123/tcp open polipo -# 9993/tcp open palace-2 diff --git a/systems/jeeves-jr/secrets.yaml b/systems/jeeves-jr/secrets.yaml deleted file mode 100644 index 2b231ac..0000000 --- a/systems/jeeves-jr/secrets.yaml +++ /dev/null @@ -1,65 +0,0 @@ -docker: - cloud_flare_tunnel: ENC[AES256_GCM,data:E+XYu5AxS8Ew9OVIfbH5gLkMk+rZ4yT96tSGAwL4smedkddoevRnqil78LtFNYKV8Zo3MpuA8q/c4Me0KrrlSAvwJz1T2cev0dKnuTei3MHZxK7RwWYo9UMJH+aV+l343OY9nvGBj6ryTM3wKyUIoqSmOnRCAbYmhkkqN0wFO+Mxxqjw6nf5UEeeKb36k2NwlhjjnscOKe+wo3sXhjjzVXrE3IOUQJM3hWWukMElcYewVgJmstRidKiNCRMi1/UYMk/Nfhk=,iv:yFJ5SbHB3wZ0FEF0k9KrWye55ref7OqbQPd8oMLTmH4=,tag:p3K4yGR6X2+uKIj4H6rZ+g==,type:str] - haproxy_cert: ENC[AES256_GCM,data:1n2BurHeWI+j7CMQ7qk3DUl+8MgqRsgtYQ1TxJKcPXuz0YBkg6SUp95lPZv6Jo+2OIaVxCoWpiuoLp8YgtJgnZo4S9QVG2qi60sWCSf4acMRSg0hIA/pdcslogZc5LrsBOTINZCODE4mz7Bya42f+RfVfwPGT7Buz8MniW6kfT9cr3iuq+BQc6513sHhDHgZJgwdfP5x9XrwEtaBl41Db7ejGTrza9jtsHqkrD8j3Pf1XJDhACrTeB7Uqh68sjwc2giAc/2bInDayvnKFHqHaLFTUMAbCeMPOiEZSK4UaWrSMk5I5wDVu8Ya8nBostHlPOBT06gFxT13aEe3Ox3/ctBm/83BXhFfjEaYy6AbMhbp29nxUogVjMICs3FiHG3XBz7vsVxxcBvLXp1Bw3ml5Vd7ACKQPe+r1T54aIdYMoab8DhKPMqb/6TQwrhWD3je4wwOHzzQq9psE1hlB2lJsRnAsVAy9a7M5aBpj0v2pCPVjxjkGHqUUgN+w4hzPPf10A0dWiaXc3k8bWcwc1SlJwHvYxphyZEjNQAzXrAkUPcuy4+9c7LwniMdu5qoUL/oZPW5VHWgtrUO9IlAgduiEujrAW96zfz4jfM0UBqJHT58l/WHHmBM8bMsRDHTnc43uvdoU+VgjtTiFERBi+Xm5mXCqWd4d5Y5P8ozIwGho8UdLqmR9Y2nth1mrs//FIh9mZ7i7QQGHBzoR7ICRDX2ghK98J4RMfF2ph0I+nhWpoCq056xItoVZyAEWQSR4ptpAaKMX4Crd3hrK6tZmyvaTrk5IsNaf5hrS+Fw8uTYUAM+3E6kb1TJwFvUH1plkwU83iBRlboRO5d1ahESp5nifZIVz+KBStLjUVWfXnelPCkH55LVnobgk0zekoEeNLKq+Q5wOBmR28rYXVp/q+FNCgxEW+tXIswmC72jbsDxM/oMHBQnYsmEy5dTxU2X/IzmrZfWod07fRblkWRplzLGyEjsY7CquHlG119LuHcWFOUGxYm3bgn1pGnIV3cBLvbInEAPK0apqSXMBSJw0mk/ihtdx8ANidMn8nhkHVjo/Bo9orH3tJdw8l7x+Cei347CkiQZz21jHvL1qcV/EAAxBnT4c5WtOljo13ntk8RiARdye4hcUXpORIUhH8zq88RNquOkF5QjV8C/u2EaUhQYqy3Xts49v7S9I8LLzjrrfY/IDQVqlJsAgkNuwvheTlya5JoeTasscLfLt3iJ7LsbzWWqQrfn3KQJp3H4Gxh/uqak/V5ROBahHQ4KpXzsDG++XLE0o7W4BFQbrBYV99mlGzB1blmX30C8S+b8n1u+oMXfH8oY20Jm5UQcV5/JNK8WG69ihonRDXdX7fy2WGzylql2hj+3aoYYdYpFAeHVLNzj9vAIxPHzvK0JmwdynsFLo4Hpyn7KN+6L3MSACjAOc3SxY20XxjmqJSWVEM0tq4Zbe/VdhOF1L4pyIBMKQC2XwrWyturTboh86qAfyxtYzEQXGLzz585nVnwj9PLmXQw98M8JWwsFq58ZsOdQZKhN3e0aSY2opSigmXQ9ZJeCF+6KbwElOSz4pDfkZIXqZc+LCzEl5IO1CxLWCTIIfN3Gx60W3vz8QohydoCBt2FLHH3lBiAEitWxYQhsfdlFExQa1/+0WSk3wK5dEA7SPaBWKq+xtPR0yUmuT/JN4VPX+hqqkVHigk8+XfqE/H1as9JbYo92N6xBd2ZrNzhFIkMykUOT+0etVtyOdXLkxdV9lwaBX9ARPHJV7g35e52UspX335aLGE0GtCaIbHRwJuENCIixo7sbdmB9i9xSTeg+7RBQAWpuR7O6firAEKWOGBaYzDUBnqt++Q2wUuMnQBJE/9bh,iv:3FuXEQxbTvbdnBnwPxF+T8QZvQoWX/WXx3lpDBXML1k=,tag:g1Y4qY+XoSA6K/LCKbllOw==,type:str] -server-validation: - webhook: ENC[AES256_GCM,data:/6QI+KKKJkbVO7YsxcU/gnjgp9scNzqzq56wnqAU88YdYYNU7FaRifzH00RlEb9VYvNBlT0FggnZSSX1rNN5W63tLaiYFn/GVfjlUSnwrgueTVG8Sor6HtYTIfMOdPm9B7jflpECk7ByguoDlimH0J1QrcWd+Kqx772sH63bKV1GbCaYSkRHQp9QbvbO,iv:p5W/xniUe75RqJA9PtMcNRnsY4kUBeD0p6iQDLbkSSc=,tag:dh2a8/Doyznjd1hswmXMuQ==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1lffr5f5nz0nrenv3ekgy27e8sztsx4gfp3hfymkz77mqaa5a4gts0ncrrh - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2NXJJMjBjeU9XQS9YZGxQ - V1h5RlNUVTA5Mkx3M3ZobGs5WFA0NXFGakR3CnIxVk9nYU1aWkNoZ0F0WGd0ck5Q - VWpSU0ZRdENTWnFVOVNQY0Z4ems4MEUKLS0tIFVqcGJtZWRxSTZwZWhjYm56bnkr - QmcxMmhaaGZXU1VFN0pvT1VDN3hpcGsKXUlVytBrz8sUorTSHXZaOMYA5U6qUpas - ZJiHtVGxRVwCpraHWLmQTRkO6pT36cEVsfsMnFH6NLOMOvA3vLX8/g== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-07-07T23:09:51Z" - mac: ENC[AES256_GCM,data:nZPpOrOSKc+7dcbpBdZRH5FLih6o5Ii5bLWgzZ7xP/BZ36vp7ypdncE/jS0/Rz2AiOOrK0G9ovEOoL7jOMrqaUBAJNPzXTX/IdOcFrsxPL47saZKWQHqXkGXrX49nafeea7VtEvoM4qK2AiyYl2ogir+Mw304mhDIUqHhPNNvQs=,iv:ykOg2Pxpp+Sap648UZaiaRVMutWTdUXvP+Pi2cWy86g=,tag:AARw0YmjcesHLdS31i+B3g==,type:str] - pgp: - - created_at: "2024-03-23T05:49:12Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - hQIMA84hNUGIgI/nARAAgcuMhO3nmxYY8KiW6AYxU2rFo2OQnpzZVtbMJB43wDQX - 0UAOVmUyhGM2wd3tJgnvyfnguy6p3LfjZrXdTkTzrv5yCJVvKXhORcLisjaXLS8H - TCe9Fa4I9CvKo/yyRsRYS59niql0ocTs1Eb7cLiKuX19RIuQ7TjMPnjkdj5xXooa - kPJXfwL1SpUU3kjhuTHqWlD0m5t0RPiTpDym8fExMSvbTWyMY0BPA+qD1atMeUik - i3x2boqfoyD1GZ64Z5NrxRD0dN6TQvJLX1K1XTzanUhvfsy/PvDftCHKQc2n2Opk - btnKZa1mfiiLUQly+njSvH8ERYg27j5ACEQ0V9rtGPa3xnVYZm6Z5h0v68aqsotJ - aOzJa7/k0ZV/tBD1pT+9T2a/W9v4U+KdKKL19ebNvMtFxy50jN8SQsrTtxv5G5fA - sc+HkrcnLezFHYtGG85PfbTGsKMWpwu+4BrcmuW6dBcADZ1fZdkqgi+GcYGL2xy1 - bddjuOWnzXb93t1pSIkaHcVWc6s5Atf3IB/liyNEux4kdquOHZQJi0WBi0l8GEmG - /ggJN4shRqtMqEkomaZkyZMsHnkmenusjbIlKJrwolhZSyDP8Kk5iPYXMxG21vrr - YpWHr388q8H7+ksnxYiNFXyY2cQKtOsD3UMIV8edMc/lHjTOi0BFNMHmU3WDsajS - XAGXsys00baAzcQHIS0jijU4mJQAqYL3S7FrcDGW8qhTGFpQ8ngVLvwLfqMvUn8v - LB3M5/7+Ld8xV4AZWr8mvv+7ZNNnnZzImETCLnekfvLEV9F2pTCH2Z21RPEL - =XWl7 - -----END PGP MESSAGE----- - fp: F63832C3080D6E1AC77EECF80B4245FFE305BC82 - - created_at: "2024-03-23T05:49:12Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - hQIMA29thaGx06tOARAAoI93A3cy3V2dJo8HBIrLC2RK3SKBkPiPFjWO/Zvnv8Q0 - IhfzjusX+3f8HIa3CxJjTbOktcq+A2a4EyBes2Rd4bX9H2Fs2VVrSmUf3S/dO1b5 - GiZamHnC+1zsXUB5IFcfjMSzeKKsOWYu9DmUcalsseo/XVJjxw9DzRnPUesI/aMs - y5kKKtNDcvAK4AWidME6LTP9FgiMx09sQfuAl4YCJv1trOvxt+dN932fbAkHVAq0 - Lc90rG6LDLT1w/8i9evBRRX/ZexAI3vTGn/nTqKi+B9BdFA4dY0KiHtGIS+UNtNo - vL6PTKIRejGfqt13DwUWRobKnezcpJkTkdz+Pa+cQhdwSL2tFjr0hEbZL3e76YEx - CNsgbB9h0pIm/2YvhG1k0f0skWfjXLAtR6PQPKu1OycppX02fbK9XRShb+Fik7P+ - GfFLxf4JYAMMOHsxP30EVQONiR9XsITH149GSZ3nTBX7vUsk3b7Z+ou1Ma27EhiW - iPWTqpDgLQ/VZW+027h/l8iwv52L8eE6Y+LE32jNUTQjMW3OWKw9zknX4wciNR07 - EPAy8eC9rfhUVnTB7RJlTOY03yyEiBjowJn/0e0g8+AUMKC4mAuasPUwPhptQ6pH - 8up/75WglUAg04eni0p5g6X7rGj+09OEDNMtvYVt7HglX7T86O2sBcVKa/j095jS - XAGIy2HXf+By9BFKM4q6uuAh4QceHn2QaQ/ckhYGMrHulzAeORPxYaYdXoeEj18k - auBqSPzj8E9yPi4jl+miEO9BgVhRW45cxBbn2XV2KE08PIP9mZ2jxK9Ne4HQ - =jkZ+ - -----END PGP MESSAGE----- - fp: 29F5017C95D9E60B1B1E8407072B0E0B8312DFE3 - unencrypted_suffix: _unencrypted - version: 3.8.1 diff --git a/systems/jeeves-jr/services.nix b/systems/jeeves-jr/services.nix deleted file mode 100644 index 101bcb6..0000000 --- a/systems/jeeves-jr/services.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ - config, - inputs, - pkgs, - ... -}: -{ - systemd = { - services.startup_validation = { - requires = [ "network-online.target" ]; - after = [ "network-online.target" ]; - wantedBy = [ "multi-user.target" ]; - description = "validates startup"; - path = [ pkgs.zfs ]; - serviceConfig = { - Type = "oneshot"; - EnvironmentFile = config.sops.secrets."server-validation/webhook".path; - ExecStart = "${inputs.system_tools.packages.x86_64-linux.default}/bin/validate_jeevesjr"; - }; - }; - timers.startup_validation = { - wantedBy = [ "timers.target" ]; - timerConfig = { - OnBootSec = "10min"; - Unit = "startup_validation.service"; - }; - }; - }; - sops = { - defaultSopsFile = ./secrets.yaml; - secrets."server-validation/webhook".owner = "root"; - }; -} diff --git a/systems/jeeves-jr/vars.nix b/systems/jeeves-jr/vars.nix deleted file mode 100644 index 5d3870a..0000000 --- a/systems/jeeves-jr/vars.nix +++ /dev/null @@ -1,10 +0,0 @@ -let - zfs_main = "/ZFS/Main"; -in -{ - inherit zfs_main; - # main - main_docker = "${zfs_main}/Docker"; - main_docker_configs = "${zfs_main}/Docker/configs"; - main_mirror = "${zfs_main}/Mirror"; -} diff --git a/systems/jeeves/arch_mirror.nix b/systems/jeeves/arch_mirror.nix deleted file mode 100644 index b7d1e6a..0000000 --- a/systems/jeeves/arch_mirror.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ inputs, pkgs, ... }: -let - vars = import ./vars.nix; -in -{ - virtualisation.oci-containers.containers.arch_mirror = { - image = "ubuntu/apache2:latest"; - volumes = [ - "${../../users/richie/global/docker_templates}/file_server/sites/:/etc/apache2/sites-enabled/" - "${vars.media_mirror}:/data" - ]; - ports = [ "800:80" ]; - extraOptions = [ "--network=web" ]; - autoStart = true; - }; - - systemd.services.sync_mirror = { - requires = [ "network-online.target" ]; - after = [ "network-online.target" ]; - wantedBy = [ "multi-user.target" ]; - description = "validates startup"; - path = [ pkgs.rsync ]; - serviceConfig = { - Environment = "MIRROR_DIR=${vars.media_mirror}/archlinux/"; - Type = "simple"; - ExecStart = "${inputs.system_tools.packages.x86_64-linux.default}/bin/sync_mirror"; - }; - }; -} diff --git a/systems/jeeves/configuration.nix b/systems/jeeves/configuration.nix deleted file mode 100644 index b8522af..0000000 --- a/systems/jeeves/configuration.nix +++ /dev/null @@ -1,165 +0,0 @@ -{ pkgs, ... }: -let - vars = import ./vars.nix; -in -{ - imports = [ - ../../users/richie/global/ssh.nix - ../../users/richie/global/syncthing_base.nix - ./arch_mirror.nix - ./docker - ./networking.nix - ./programs.nix - ./services.nix - ]; - - boot = { - zfs.extraPools = [ - "media" - "storage" - "torrenting" - ]; - filesystem = "zfs"; - useSystemdBoot = true; - }; - - environment = { - systemPackages = with pkgs; [ docker-compose ]; - etc = { - # Creates /etc/lynis/custom.prf - "lynis/custom.prf" = { - text = '' - skip-test=BANN-7126 - skip-test=BANN-7130 - skip-test=DEB-0520 - skip-test=DEB-0810 - skip-test=FIRE-4513 - skip-test=HRDN-7222 - skip-test=KRNL-5820 - skip-test=LOGG-2190 - skip-test=LYNIS - skip-test=TOOL-5002 - ''; - mode = "0440"; - }; - }; - }; - - services = { - nfs.server.enable = true; - - openssh.ports = [ 629 ]; - - plex = { - enable = true; - dataDir = vars.media_plex; - }; - - smartd.enable = true; - - sysstat.enable = true; - - syncthing.guiAddress = "192.168.90.40:8384"; - syncthing.settings.folders = { - "notes" = { - id = "l62ul-lpweo"; # cspell:disable-line - path = vars.media_notes; - devices = [ - "bob" - "phone" - "rhapsody-in-green" - ]; - fsWatcherEnabled = true; - }; - "books" = { - id = "6uppx-vadmy"; # cspell:disable-line - path = "${vars.storage_syncthing}/books"; - devices = [ - "bob" - "phone" - "rhapsody-in-green" - ]; - fsWatcherEnabled = true; - }; - "important" = { - id = "4ckma-gtshs"; # cspell:disable-line - path = "${vars.storage_syncthing}/important"; - devices = [ - "bob" - "phone" - "rhapsody-in-green" - ]; - fsWatcherEnabled = true; - }; - "music" = { - id = "vprc5-3azqc"; # cspell:disable-line - path = "${vars.storage_syncthing}/music"; - devices = [ - "bob" - "phone" - "rhapsody-in-green" - ]; - fsWatcherEnabled = true; - }; - "projects" = { - id = "vyma6-lqqrz"; # cspell:disable-line - path = "${vars.storage_syncthing}/projects"; - devices = [ - "bob" - "rhapsody-in-green" - ]; - fsWatcherEnabled = true; - }; - }; - - usbguard = { - enable = false; - rules = '' - allow id 1532:0241 - ''; - }; - - zfs = { - trim.enable = true; - autoScrub.enable = true; - }; - }; - systemd = { - services."snapshot_manager" = { - description = "ZFS Snapshot Manager"; - requires = [ "zfs-import.target" ]; - after = [ "zfs-import.target" ]; - serviceConfig = { - Environment = "ZFS_BIN=${pkgs.zfs}/bin/zfs"; - Type = "oneshot"; - ExecStart = "${pkgs.python3}/bin/python3 ${vars.media_scripts}/ZFS/snapshot_manager.py --config-file='${./snapshot_config.toml}'"; - }; - }; - timers."snapshot_manager" = { - wantedBy = [ "timers.target" ]; - timerConfig = { - OnBootSec = "15m"; - OnUnitActiveSec = "15m"; - Unit = "snapshot_manager.service"; - }; - }; - }; - - sops = { - defaultSopsFile = ./secrets.yaml; - secrets = { - "zfs/backup_key".path = "/root/zfs/backup_key"; - "zfs/docker_key".path = "/root/zfs/docker_key"; - "zfs/main_key".path = "/root/zfs/main_key"; - "zfs/notes_key".path = "/root/zfs/notes_key"; - "zfs/plex_key".path = "/root/zfs/plex_key"; - "zfs/postgres_key".path = "/root/zfs/postgres_key"; - "zfs/qbit_key".path = "/root/zfs/qbit_key"; - "zfs/scripts_key".path = "/root/zfs/scripts_key"; - "zfs/syncthing_key".path = "/root/zfs/syncthing_key"; - "zfs/vault_key".path = "/root/zfs/vault_key"; - }; - }; - - system.stateVersion = "23.11"; -} diff --git a/systems/jeeves/default.nix b/systems/jeeves/default.nix deleted file mode 100644 index 01f0304..0000000 --- a/systems/jeeves/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ ... }: -{ - users = [ - "alice" - "richie" - ]; -} diff --git a/systems/jeeves/docker/default.nix b/systems/jeeves/docker/default.nix deleted file mode 100644 index e384ee5..0000000 --- a/systems/jeeves/docker/default.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ lib, ... }: -{ - imports = - let - files = builtins.attrNames (builtins.readDir ./.); - nixFiles = builtins.filter (name: lib.hasSuffix ".nix" name && name != "default.nix") files; - in - map (file: ./. + "/${file}") nixFiles; - - virtualisation.oci-containers.backend = "docker"; -} diff --git a/systems/jeeves/docker/filebrowser.nix b/systems/jeeves/docker/filebrowser.nix deleted file mode 100644 index 0ff75fa..0000000 --- a/systems/jeeves/docker/filebrowser.nix +++ /dev/null @@ -1,15 +0,0 @@ -let - vars = import ../vars.nix; -in -{ - virtualisation.oci-containers.containers.filebrowser = { - image = "hurlenko/filebrowser:latest"; - extraOptions = [ "--network=web" ]; - volumes = [ - "/zfs:/data" - "${vars.media_docker_configs}/filebrowser:/config" - ]; - autoStart = true; - user = "1000:users"; - }; -} diff --git a/systems/jeeves/docker/haproxy.cfg b/systems/jeeves/docker/haproxy.cfg deleted file mode 100644 index 6b663c8..0000000 --- a/systems/jeeves/docker/haproxy.cfg +++ /dev/null @@ -1,68 +0,0 @@ -global - log stdout format raw local0 - # stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners - stats timeout 30s - -defaults - log global - mode http - retries 3 - maxconn 2000 - timeout connect 5s - timeout client 50s - timeout server 50s - timeout http-request 10s - timeout http-keep-alive 2s - timeout queue 5s - timeout tunnel 2m - timeout client-fin 1s - timeout server-fin 1s - - -#Application Setup -frontend ContentSwitching - bind *:80 - bind *:443 ssl crt /etc/ssl/certs/cloudflare.pem - mode http - # tmmworkshop.com - acl host_mirror hdr(host) -i mirror.tmmworkshop.com - acl host_dndrules hdr(host) -i dndrules.tmmworkshop.com - acl host_grafana hdr(host) -i grafana.tmmworkshop.com - acl host_filebrowser hdr(host) -i filebrowser.tmmworkshop.com - acl host_uptime_kuma hdr(host) -i uptimekuma-jeeves.tmmworkshop.com - acl host_overseerr hdr(host) -i overseerr.tmmworkshop.com - - use_backend mirror_nodes if host_mirror - use_backend dndrules_nodes if host_dndrules - use_backend grafana_nodes if host_grafana - use_backend filebrowser_nodes if host_filebrowser - use_backend uptime_kuma_nodes if host_uptime_kuma - use_backend overseerr_nodes if host_overseerr - -backend mirror_nodes - mode http - server server arch_mirror:80 - -backend mirror_rsync - mode http - server server arch_mirror:873 - -backend grafana_nodes - mode http - server server grafana:3000 - -backend dndrules_nodes - mode http - server server dnd_file_server:80 - -backend filebrowser_nodes - mode http - server server filebrowser:8080 - -backend uptime_kuma_nodes - mode http - server server uptime_kuma:3001 - -backend overseerr_nodes - mode http - server server overseerr:5055 diff --git a/systems/jeeves/docker/internal.nix b/systems/jeeves/docker/internal.nix deleted file mode 100644 index 08ddc06..0000000 --- a/systems/jeeves/docker/internal.nix +++ /dev/null @@ -1,149 +0,0 @@ -{ config, ... }: -let - vars = import ../vars.nix; -in -{ - virtualisation.oci-containers.containers = { - qbit = { - image = "ghcr.io/linuxserver/qbittorrent:latest"; - ports = [ - "6881:6881" - "6881:6881/udp" - "8082:8082" - "29432:29432" - ]; - volumes = [ - "${vars.media_docker_configs}/qbit:/config" - "${vars.torrenting_qbit}:/data" - ]; - environment = { - PUID = "600"; - PGID = "100"; - TZ = "America/New_York"; - WEBUI_PORT = "8082"; - }; - autoStart = true; - }; - qbitvpn = { - image = "binhex/arch-qbittorrentvpn:latest"; - extraOptions = [ "--cap-add=NET_ADMIN" ]; - ports = [ - "6882:6881" - "6882:6881/udp" - "8081:8081" - "8118:8118" - ]; - volumes = [ - "${vars.media_docker_configs}/qbitvpn:/config" - "${vars.torrenting_qbitvpn}:/data" - "/etc/localtime:/etc/localtime:ro" - ]; - environment = { - WEBUI_PORT = "8081"; - PUID = "600"; - PGID = "100"; - VPN_ENABLED = "yes"; - VPN_CLIENT = "openvpn"; - STRICT_PORT_FORWARD = "yes"; - ENABLE_PRIVOXY = "yes"; - LAN_NETWORK = "192.168.90.0/24"; - NAME_SERVERS = "1.1.1.1,1.0.0.1"; - UMASK = "000"; - DEBUG = "false"; - DELUGE_DAEMON_LOG_LEVEL = "debug"; - DELUGE_WEB_LOG_LEVEL = "debug"; - }; - environmentFiles = [ config.sops.secrets."docker/qbit_vpn".path ]; - autoStart = true; - }; - bazarr = { - image = "ghcr.io/linuxserver/bazarr:latest"; - ports = [ "6767:6767" ]; - environment = { - PUID = "600"; - PGID = "100"; - TZ = "America/New_York"; - }; - volumes = [ - "${vars.media_docker_configs}/bazarr:/config" - "${vars.storage_plex}/movies:/movies" - "${vars.storage_plex}/tv:/tv" - ]; - autoStart = true; - }; - prowlarr = { - image = "ghcr.io/linuxserver/prowlarr:latest"; - ports = [ "9696:9696" ]; - environment = { - PUID = "600"; - PGID = "100"; - TZ = "America/New_York"; - }; - volumes = [ "${vars.media_docker_configs}/prowlarr:/config" ]; - autoStart = true; - }; - radarr = { - image = "ghcr.io/linuxserver/radarr:latest"; - ports = [ "7878:7878" ]; - environment = { - PUID = "600"; - PGID = "100"; - TZ = "America/New_York"; - }; - volumes = [ - "${vars.media_docker_configs}/radarr:/config" - "${vars.storage_plex}/movies:/movies" - "${vars.torrenting_qbitvpn}:/data" - ]; - autoStart = true; - }; - sonarr = { - image = "ghcr.io/linuxserver/sonarr:latest"; - ports = [ "8989:8989" ]; - environment = { - PUID = "600"; - PGID = "100"; - TZ = "America/New_York"; - }; - volumes = [ - "${vars.media_docker_configs}/sonarr:/config" - "${vars.storage_plex}/tv:/tv" - "${vars.torrenting_qbitvpn}:/data" - ]; - autoStart = true; - }; - overseerr = { - image = "ghcr.io/linuxserver/overseerr"; - environment = { - PUID = "600"; - PGID = "100"; - TZ = "America/New_York"; - }; - volumes = [ "${vars.media_docker_configs}/overseerr:/config" ]; - dependsOn = [ - "radarr" - "sonarr" - ]; - extraOptions = [ "--network=web" ]; - autoStart = true; - }; - whisper = { - image = "ghcr.io/linuxserver/faster-whisper:latest"; - ports = [ "10300:10300" ]; - environment = { - PUID = "600"; - PGID = "100"; - TZ = "America/New_York"; - WHISPER_MODEL = "tiny-int8"; - WHISPER_LANG = "en"; - WHISPER_BEAM = "1"; - }; - volumes = [ "${vars.media_docker_configs}/whisper:/config" ]; - autoStart = true; - }; - }; - sops = { - defaultSopsFile = ../secrets.yaml; - secrets."docker/qbit_vpn".owner = "docker-service"; - }; -} diff --git a/systems/jeeves/docker/postgresql.nix b/systems/jeeves/docker/postgresql.nix deleted file mode 100644 index a3938b1..0000000 --- a/systems/jeeves/docker/postgresql.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ config, ... }: -let - vars = import ../vars.nix; -in -{ - users = { - users.postgres = { - isSystemUser = true; - group = "postgres"; - uid = 999; - }; - groups.postgres = { - gid = 999; - }; - }; - - virtualisation.oci-containers.containers = { - postgres = { - image = "postgres:16"; - ports = [ "5432:5432" ]; - volumes = [ "${vars.media_database}/postgres:/var/lib/postgresql/data" ]; - environment = { - POSTGRES_USER = "admin"; - POSTGRES_DB = "archive"; - POSTGRES_INITDB_ARGS = "--auth-host=scram-sha-256"; - }; - environmentFiles = [ config.sops.secrets."docker/postgres".path ]; - autoStart = true; - user = "postgres:postgres"; - }; - }; - - sops = { - defaultSopsFile = ../secrets.yaml; - secrets."docker/postgres".owner = "postgres"; - }; -} diff --git a/systems/jeeves/docker/uptime_kuma.nix b/systems/jeeves/docker/uptime_kuma.nix deleted file mode 100644 index 484c0ad..0000000 --- a/systems/jeeves/docker/uptime_kuma.nix +++ /dev/null @@ -1,16 +0,0 @@ -let - vars = import ../vars.nix; -in -{ - virtualisation.oci-containers.containers = { - uptime_kuma = { - image = "louislam/uptime-kuma:latest"; - volumes = [ - "${vars.media_docker_configs}/uptime_kuma:/app/data" - "/var/run/docker.sock:/var/run/docker.sock" - ]; - extraOptions = [ "--network=web" ]; - autoStart = true; - }; - }; -} diff --git a/systems/jeeves/docker/web.nix b/systems/jeeves/docker/web.nix deleted file mode 100644 index c30f39c..0000000 --- a/systems/jeeves/docker/web.nix +++ /dev/null @@ -1,65 +0,0 @@ -{ config, ... }: -let - vars = import ../vars.nix; -in -{ - virtualisation.oci-containers.containers = { - grafana = { - image = "grafana/grafana-enterprise:latest"; - volumes = [ "${vars.media_docker_configs}/grafana:/var/lib/grafana" ]; - user = "600:600"; - extraOptions = [ "--network=web" ]; - autoStart = true; - }; - dnd_file_server = { - image = "ubuntu/apache2:latest"; - volumes = [ - "${../../../users/richie/global/docker_templates}/file_server/sites/:/etc/apache2/sites-enabled/" - "${vars.storage_main}/Table_Top/:/data" - ]; - extraOptions = [ "--network=web" ]; - autoStart = true; - }; - haproxy = { - image = "haproxy:latest"; - user = "600:600"; - environment = { - TZ = "Etc/EST"; - }; - volumes = [ - "${config.sops.secrets."docker/haproxy_cert".path}:/etc/ssl/certs/cloudflare.pem" - "${./haproxy.cfg}:/usr/local/etc/haproxy/haproxy.cfg" - ]; - dependsOn = [ - "arch_mirror" - "dnd_file_server" - "filebrowser" - "grafana" - "overseerr" - "uptime_kuma" - ]; - extraOptions = [ "--network=web" ]; - autoStart = true; - }; - cloud_flare_tunnel = { - image = "cloudflare/cloudflared:latest"; - user = "600:600"; - cmd = [ - "tunnel" - "run" - ]; - environmentFiles = [ config.sops.secrets."docker/cloud_flare_tunnel".path ]; - dependsOn = [ "haproxy" ]; - extraOptions = [ "--network=web" ]; - autoStart = true; - }; - }; - - sops = { - defaultSopsFile = ../secrets.yaml; - secrets = { - "docker/cloud_flare_tunnel".owner = "docker-service"; - "docker/haproxy_cert".owner = "docker-service"; - }; - }; -} diff --git a/systems/jeeves/hardware.nix b/systems/jeeves/hardware.nix deleted file mode 100644 index e4bbc90..0000000 --- a/systems/jeeves/hardware.nix +++ /dev/null @@ -1,45 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ - config, - lib, - modulesPath, - ... -}: - -{ - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - - boot = { - initrd.availableKernelModules = [ - "mpt3sas" - "nvme" - "xhci_pci" - "ahci" - "uas" - "usb_storage" - "usbhid" - "sd_mod" - "sr_mod" - ]; - initrd.kernelModules = [ "dm-snapshot" ]; - kernelModules = [ "kvm-amd" ]; - extraModulePackages = [ ]; - }; - - fileSystems."/" = lib.mkDefault { - device = "/dev/disk/by-uuid/0f78fa87-30be-4173-b0fa-eaa956cf83aa"; - fsType = "ext4"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/BB77-2647"; - fsType = "vfat"; - }; - - swapDevices = [ { device = "/dev/disk/by-uuid/4c797a94-be32-43d3-89ac-7f02912c7cf5"; } ]; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/systems/jeeves/networking.nix b/systems/jeeves/networking.nix deleted file mode 100644 index 6d715b1..0000000 --- a/systems/jeeves/networking.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ - networking = { - hostId = "1beb3027"; - firewall.enable = false; - }; - - systemd.network = { - enable = true; - networks = { - "10-1GB_Primary" = { - matchConfig.Name = "enp98s0f0"; - DHCP = "yes"; - }; - }; - networks = { - "10-1GB_Secondary" = { - matchConfig.Name = "enp98s0f1"; - DHCP = "yes"; - }; - }; - networks = { - "10-10GB_Primary" = { - matchConfig.Name = "enp97s0f0np0"; - DHCP = "yes"; - linkConfig.RequiredForOnline = "routable"; - }; - }; - networks = { - "10-10GB_Secondary" = { - matchConfig.Name = "enp97s0f1np1"; - DHCP = "yes"; - }; - }; - }; - - services.zerotierone = { - enable = true; - joinNetworks = [ "e4da7455b2ae64ca" ]; - }; -} diff --git a/systems/jeeves/programs.nix b/systems/jeeves/programs.nix deleted file mode 100644 index 9828f7d..0000000 --- a/systems/jeeves/programs.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ pkgs, ... }: -{ - environment.systemPackages = with pkgs; [ filebot ]; -} diff --git a/systems/jeeves/scripts/plex_permission.sh b/systems/jeeves/scripts/plex_permission.sh deleted file mode 100644 index 18094e8..0000000 --- a/systems/jeeves/scripts/plex_permission.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash - -plex_dir="/zfs/storage/plex/" - -chown docker-service:users -R "$plex_dir" -find "$plex_dir" -type f -exec chmod 664 {} \; -find "$plex_dir" -type d -exec chmod 775 {} \; diff --git a/systems/jeeves/secrets.yaml b/systems/jeeves/secrets.yaml deleted file mode 100644 index 9c6c30d..0000000 --- a/systems/jeeves/secrets.yaml +++ /dev/null @@ -1,78 +0,0 @@ -docker: - postgres: ENC[AES256_GCM,data:IpXIrRDzyGFjDz908w1NNb0GBna/ce9lCtOkXrpUfyllsTWca6AeqaRo23bL4jfFGfHn0Zf9okLO,iv:IwO7vJJHFfm0SGcJETpWtdhr41jPddN9nuVAH/Ooa7Y=,tag:xstwPvpvkNOZucxvzq2+ag==,type:str] - cloud_flare_tunnel: ENC[AES256_GCM,data:Qx7g0tNSfVs9VnkuYw47XJjfF+RS9B5gvpBliGL93X8K/7iiyt0NxwWyAkmmaLat5h/Yu7C71rwBIIZsKf7Ke3YS0PfEpga76ftKt3h7VKMQNT7yAcU3LY4v2h3Molnzw2fnAhxfHkogJuAsZeJW9dIjo9H2QpSh/tn9kpC+PGb/T9dcqMm4fJPqP+rIcFCfhJl9iDOKOMQ9+xVNnKZ2HQlAwPMCz29BgGCxh0cYYk9ftXPK7ZnhjwUj4bfnaKfByIPpAtk=,iv:8yz2vXanGZfOkZF/D0RP2LPqHebbOM/XBPg2eCCGs8g=,tag:67da31iZTQaMURKf9dfiJw==,type:str] - qbit_vpn: ENC[AES256_GCM,data:SRkcWb2wTTfWlgkbDSN6j5+dXnG670qFGtG2x4fajkE8eK4U30DTxrlbzta5ZMtm0Y9bquy3DcaSMF/u9CBrLbBS8mhcJw==,iv:LpkS7O+eutPUDpY5NlYjgafK6UuFsS+18yNpB+JmzcM=,tag:0Y+vj80MAbh2U+UsyH3MEA==,type:str] - haproxy_cert: ENC[AES256_GCM,data:6yRv0cz/vBVguAPOsENhmH2uwwgL5AkOkkDQQ+PVPEEiOTIn1WPONhnG0UqR3FsWJal8qECH/zTF1XMmdK4VHQXwMA8gGScpIrgeWuhdCbXsJ7RxZBzVESOCo8ZOcR43w3Qih+0iz3SsNmX262/D7DIzKYlLovyoJDGZa5jo0n2zCZiRfbdal8m02dplaFHMsGy6+Gn3Uijo9MnnuWvgihBh1ekRnpSzVM4/IyyvUunK0vEapVsgOq+brdW2x0BQFgL3PLGaJbAbzFhXYI1MmD+D7RzOGSzNmrj1ezea+b2Lb/p8CATh05i+lz6530U6iwun0lcREDxPrJgU0TsI/JZGSq3blHn9lZuHmnwBp05LsliBO+yoxgqnC45/xTZwiSdlyqqnXHlXPuBS7UoJFlll93aIpULfNZMyqx/FO5ckmV0nuNVMCrF7JfsE+t/XNs077kB4FKYNk4TDodKyn2scfypQFK7qprW9JKJwx0Se8FWU2fMKsuMszElMLudRHagyDVO+LJ+/ta6Qj68CRU1g8cQANh4Q6PwI0HABX3J5n3ERQUxZvVeCq9FRMJ7JE0was3QfBGGPROHksK+rP9y8g8CFRgGjwzDoxslaYO+tIiIsaDcqbTiOQDTiDh4/ioqX9EENrA8qIEtKSn6m35+4pwY0xvKToAnI7vhwQ93A1mZrwKXgoNSShA4Q+MfSEIuJd6LJihLh5IFvl595iOpGDWCJsXZnDL3K8B6oofPTtLnOOQC4sy9wGiNshdgfv6aVwpdPKvOtFwHmu1n8eZInfSZgUdwUaHHMXjrXHboBQ6ZPsrdZBt9ADSUpz+uN6+TgXq6HLWHSqtmrWS6jABQfbpHH7pLZAXuii4MsnTEr1rOEbtgZTH6Sedd57Pp5MpNXDg950vd9plCkGPiRfDUWXHnRw8frWfoTS+eOqkVwJ0+v48IskuYLZSCAF0/kumtbySDQStNowF+cAp7lk24Cp8W8PXw/LqI8U8FijVxMPtgzLwRKKd10zRI+Jrsi9E8YXSKCaFMIBLottRHwdvWA7aIYnuVTxzCmHt1jhJN349bjC/yTIuIS4gW+XlriFqip17Eq/878+Uduwf1+Fxqdpv8kDleyqix0SO/JmhQijgIUhc3Im3whXicEu6vlivzJGyjA/ljFyJvV/irRK/VrIWEoA5nLX74fmF9Ku/O94pDIPaKCsCP+N/fOPLG5ucw6lPxllZS9qg2cNsl9ajXGPu8GBB4FaZUt/Ufid6xjC5YloictI3Bp5x2glhpxzQ8zAbv5vpBA0h6xhkt4NSmxWurvBmRoRnBdYIvEaeoehj10yLpiY4DsZYLTU5IrLV/aYlb2q4K2OKRvYOBQgeDtEkIMqHYWsddfKHi+1KjQ/176DDIbUoYb4XtPJmNOcIeRM2oiaCcTzerU5TXL5qBl213buTcIPaV0sVVxoH+2RYBM28mjQoj8sHwQLLuFve0MeUZzfJ8MqMM+Guhn25aw4R0tGkiRBUL5d8l86awOpqXtFiK2QTh3S7QeZoCA80YVH5r6FdqMz34UgwEFo0nfBcH2nSnDwpcBrbwzV6/Xahck4nVaIn6znJPqlIKntfeXJuXl/9ulpwx7D4mL7hLcal9WY62KZ1PQ+NHz5WjaPbgLMdeNFFr6CKGGqSPkTOhjgQ1y4ChuYfbVn+yZRqUwhFWtKuuouAZXH55KkVlsB39H+oNYp0hqAUiVkeawHqbTgOHb+llz0uF7r0TGD23aMXeV58n0i3xsDET9mhxSyj5vUo5iqY8eEqgn4mOvsdp6rkpC4c91drgV/gFJu2jgCvVVdG/mHFVnZEv5+/rA2reqdqMTBOpLQNEbL5Ih1LKG,iv:PUp78PWvy+lmcLiR295BGiVTLnAPX+du4lcw/Pvq/KE=,tag:k/3H2+jF9no751mvO5S5WQ==,type:str] -zfs: - backup_key: ENC[AES256_GCM,data:sJzR/DfM6+tmmcewZT+NAJk0gj8wmU43QfFCRCj9+2GITOS8suRL7E5rHTherCZgRe79T90ikM97bYf9RbZdtQ==,iv:j8F3BG/hh7UK3kC+pB6WO0OHlSSHn0jo90AgaTdpyNY=,tag:5hraDn8YqS/q57y26AXwjw==,type:str] - docker_key: ENC[AES256_GCM,data:HiW+3IYJCgqg9HJmPYQinhb6kWJouORABKniryY5e35tf8BQGKn1ldgj4Dw+79SYmvIUbf4ZSja0Ziz1isKTWA==,iv:6vBtbIlTHC+PUgyXYb92SnMTuWd8jCaEzZ3Vmv2QHhA=,tag:izKWtAQWRfn5tAYKyOO+ZQ==,type:str] - main_key: ENC[AES256_GCM,data:6ZZQc7TSAuK4PrxQxegPrFMjT1SZlRGgg5VgVg1e6ZM1RO9ZDjhcmpFRd1pkbm5DEJKq1VpUxTvxXGQDrMYO9A==,iv:Yp2jTtBd8gjB8Sdfb06ZBLpVd/KCjs/pfnBRT2ll/0c=,tag:F0HSbkZ8Z45WkUY/VNwvHg==,type:str] - notes_key: ENC[AES256_GCM,data:y3fTl3aNl8RaZwBR2thy7qfxilw+wGEj8+tTuRr+z+A6ol9N6droFNBHQcK3yWDWP8MhMKe1efWhgbZ0Raz17A==,iv:BbBjMtsb2ZDJjgbgkXP3SYl3xklI5xWmW3X9mlLlvdI=,tag:Ic3rLP30wApmOeLGFEYgVA==,type:str] - plex_key: ENC[AES256_GCM,data:fWzTSKkVCkWmZ9ZDv1/OYYZPsQKV54Ib98Bq4A+4ibT9mk28Zp7XeczOJVj6+K4+04EQgQj8RyP2x70tuFp3Xg==,iv:pyHzIo4ws4Lyd5zVflUa7yjNVefTTpEdkjCVmXDuucE=,tag:msn0NFXuq3zKGY5vE1nR1Q==,type:str] - postgres_key: ENC[AES256_GCM,data:mLa0A6pJXZ7BX9bYat9mQ30Dx/KWU9KHjiApuapBUbRtH+gtAJRGwLeXJPyMTOirFwuWWTdOts8dTMESWp7eOg==,iv:MFyo2LbdsYeoUyhWEv0EWKXNFhxoLjNs5M7ar6dlrjw=,tag:KpaatId8TdVzAEelD1tlzQ==,type:str] - qbit_key: ENC[AES256_GCM,data:19XIzi4waSOLdfgKo8z6NMX9Ee4Xw1/JqbjQEvKwWh+ar2r5P3sFJMHI394ebx4vITO0lOzl/EwcUiWt7LB6uw==,iv:s+TWyb5SzeCFZAZdKs28o7s8So++eLqR1Qc9ZWjUGwY=,tag:teHdPEhWkzDWizJD/czA6w==,type:str] - scripts_key: ENC[AES256_GCM,data:2htMEDCByUbCQ1loPEDCVNtXXqffCRHMpiobEDHI506hdEk6d/N7lmlUIqLa5YCNB6ozt0y6EEKBxnbouEHIWQ==,iv:eUYmsliDF49BNSpF+KSiT1rlPtzQpmhNC8Cy2tahMX8=,tag:8xCvm1LwDPArJ/woIO23Bg==,type:str] - syncthing_key: ENC[AES256_GCM,data:36zfmVuCEHFED3ODeoGuAxJvySY1SxWT9ml+DFvb01KdUqIGZDZj1cKoZCH+GsgYJMsQF6t+uqZJOGeyNmzMlg==,iv:17tLW4ytRpUmmltA4UIZGhsrNAGRjvucxxt9zLM3C54=,tag:YWirDB0fYSpu1evqVaoa+Q==,type:str] - vault_key: ENC[AES256_GCM,data:kFZa5oRVXuSp7W7311i0d8b7I0Y3P8bZbBoaaICuH1IlMLBVd6SUhL8cfFU66yj91W6uUJU/Oy7NpP3rM9mhGw==,iv:neRhOqW/b2DpUqoA5JJxLS4fSqj8ZGxRXv4pEPm7Wtc=,tag:bfAD3GAO6F2hBCZy7P7KUA==,type:str] -server-validation: - webhook: ENC[AES256_GCM,data:54MQzwEOf6uS6cgnPeJizRXMvGTGxLf6q1N3tGDxxpXKmSJedW+kpY2GoV91SxeeTWUyDKQcWp2fs5SwrdfDFHID9JN4wWJM0JjADggZ6u+BMEH01nnXpCJlhGq6cxDkI6gNSVgNVQW/eYNHDhnVmwwGpse4q62G1TmKlziBCv1Qahn4c3O+bOOEssio,iv:2Rcg7XSCmQeFd2oaX4GxSGXwgE3Ep1WsoPRRYo0dvH0=,tag:rPjDghxdcpME5SwoPKWv2w==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age128ehc0ssgwnuv4r8ayfyu7r80e82xrkmv63g7h9y9q4mhk4w9dyqfymc2w - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTREhIRUd1K3JCM29mVHVv - d2Q4eFBLWnRUTGEzelZOMS9ScXNyV3ZGbHpNCjNCSEhmTDQ4VUtta0RXdXJUY0da - Vld5WDlJS3oyWkk5KzUzam9PYXZSa1kKLS0tIHJuaktpU3hnUWEwZzc4eHNjSitI - bVhXamJyMWMvODUvajk2aDZnQ1k1blEKoNIYxUA+k+DA+1WYq5BSa0iXuQ2Lctuy - 9W7OO2m+QGzjdLLM0uS7WWGXWP2cDDgUGcqozTqM0Oqi2/OY0Bo3Jg== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-07-07T23:09:43Z" - mac: ENC[AES256_GCM,data:36CZLl3+VSFTSTj9jDT9972XZMXjaY5jo9FZ7I7L0sOSBRH8vQ+tFww7hVHe5M2w/+YA0SRGH3r8WCbie6GeRjmY+BZu42H656K0WrpRN8ERFv+io8geACdqUsLo1VLjhDrfXaGnNOHLpmMC5dqyPXlOphiolt+ArKOBLuqtrnY=,iv:jaL/l1zwYusThKeR9C62fEGHwiv4fEvCarSiavjxQ0U=,tag:xgygx6KM/J4w55CzdLeCUg==,type:str] - pgp: - - created_at: "2024-03-02T20:52:17Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - hQIMA84hNUGIgI/nARAAxQSkqnR75Rd1htAv7esbpmXlrZH+frTL6V4jGoAiqTeF - TSA46E2nl7rVqPTws74OOb+O5bN3OkHSmmWzIbj6Pc8YnqY4t9N69zoCHtsbI1kn - FQ4WwUdzofIUMKwF+E31/knyKbf/IjSKTZKcDQmn6QErOdDmsN9/z6+ixLt+rdsz - lKwMX8axgmwgRsWI1Xhlb1qs4TZxheQQ4A4WYYNB1NhH0ZTIehI+FGe+wHh36UXf - cY/Z7KRLdozoLsuuAIAoXx/dr3KpwuyKHfp9MdZLzO/tvS9vA1i+tKRXmiDs2uuv - itCOTrt1H7LEpUfdBYD9ll2mdiRnVzR4DxNnGLPkxsyAglejTxR897DcYFC9xhie - X6UfKTOIeAGXVUqphp8HB0CEFBW982246kDSKdOI/R3+X4T5fvMpLTb5XvkOlCIi - JUwXxoq3SA06a8WCS6QH8jLnXrcCKzX1TJh0RzT7/RUvKDN6uxxccxOksMExvgBG - nqfOcLiCXBzluCseDgmjcW0/arm1d88Kd7ayMv25CX1Py5uRRQOkqqnCdNIk5Yy5 - 0R+KyOPeZPThVTE1DhJ3QyF499XMoFjerHyanwIlvkAQtet1k8EKih1KSD9N38ga - K1HRowhoPMkszsU6+LZYL3MD0aUkfz53b7JvzIxYsfJgztwg3ki0qteEXUNyLMTS - XgG9xHF63wa7IwBtKgQKX/CVCwpg5EuNfwbACbIQAC9QZ/F6z+Ud2UJkSs94UUF4 - aOGb2P1QFvLbP7m+7TNmvuLT5BDcS2XE0IWRDilkeiFU6ijGW8+iQ5oTzv+TmA0= - =JbRX - -----END PGP MESSAGE----- - fp: F63832C3080D6E1AC77EECF80B4245FFE305BC82 - - created_at: "2024-03-02T20:52:17Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - hQIMA29thaGx06tOARAAm8GMWZxxY1UBYK7p60Hlw2qCOH7KZ5cby8vm9dWz3Tnt - +YKW2SsRniwY6KaSVvnUuRBY75BF6jahW6+h9Nvhsrsvq680UIaQtO6l6KmtnxHV - S6vEDmvoFZVWG1xOEGYHVQ+GF9elIwuYrzST1OU3vATMstMxrm0WQJ2lOq7YpuGi - hNoMK3nMxpmTlT49CYn2sGX3PlNA4qDOVo/fwL5m3lV5mKzJNs7q8IakbPZm6yqR - wGjfkHq3ZlKnTUC66sBX8yvSoZ2cM6vrYhxgb1Um8z9BKLpAb7Rr9AXB5IUWxSkz - jXyEi9aDySDxv2HkjP3fE4D5wtC1neS8YsYDBcSsqoXt5sKAs1DOvzLbIOkObH3Y - uSxozoGJu5CVnBrOpxXdNf1RMnww85uxSAupiLQ2fsC/0AaeGB8dPYIZr/WekWAR - RF3igqZX7KVRuomUOt9fwJoHnRr1GWCHqYTB3P7/e52JcmCggBRLcnhC/1MKgMtN - RJh8Uuu9aXCBfR148W+s76xIdVwypPWbk8l911TdL1eRKx+d+kxAa1ugIqihvkBQ - sGjZltEe0ogAsDpS0Cy/HRH8Yz1Qk2gTh1QZiv865aVVfWu0OTU27TlfCyMQQCkO - LtBfOWylV6pJG3aaO2QA+4f4ab8flxdg8DrmBlhudzYY2goHIcfe+CdPygrKB/nS - XgEx1HFw47B1YJxY7FiFgEwnI6/AJuf136u1i484nVYXAr5PtnyaXH7kqVozHouT - sPkE1v7+EpOIbhEdXQxbSG0AXKomUwu4SJgxSitdTajAQYfHHfTVjdnUqyl8QHw= - =wX5X - -----END PGP MESSAGE----- - fp: 29F5017C95D9E60B1B1E8407072B0E0B8312DFE3 - unencrypted_suffix: _unencrypted - version: 3.8.1 diff --git a/systems/jeeves/services.nix b/systems/jeeves/services.nix deleted file mode 100644 index 6861f94..0000000 --- a/systems/jeeves/services.nix +++ /dev/null @@ -1,52 +0,0 @@ -{ - config, - inputs, - pkgs, - ... -}: -{ - systemd = { - services = { - plex_permission = { - description = "maintains /zfs/storage/plex permissions"; - serviceConfig = { - Type = "oneshot"; - ExecStart = "${pkgs.bash}/bin/bash ${./scripts/plex_permission.sh}"; - }; - }; - startup_validation = { - requires = [ "network-online.target" ]; - after = [ "network-online.target" ]; - wantedBy = [ "multi-user.target" ]; - description = "validates startup"; - path = [ pkgs.zfs ]; - serviceConfig = { - EnvironmentFile = config.sops.secrets."server-validation/webhook".path; - Type = "oneshot"; - ExecStart = "${inputs.system_tools.packages.x86_64-linux.default}/bin/validate_jeeves"; - }; - }; - }; - timers = { - plex_permission = { - wantedBy = [ "timers.target" ]; - timerConfig = { - OnBootSec = "1h"; - OnCalendar = "daily 03:00"; - Unit = "plex_permission.service"; - }; - }; - startup_validation = { - wantedBy = [ "timers.target" ]; - timerConfig = { - OnBootSec = "10min"; - Unit = "startup_validation.service"; - }; - }; - }; - }; - sops = { - defaultSopsFile = ./secrets.yaml; - secrets."server-validation/webhook".owner = "root"; - }; -} diff --git a/systems/jeeves/snapshot_config.toml b/systems/jeeves/snapshot_config.toml deleted file mode 100644 index d422f02..0000000 --- a/systems/jeeves/snapshot_config.toml +++ /dev/null @@ -1,29 +0,0 @@ -["media/Notes"] -15_min = 8 -hourly = 24 -daily = 30 -monthly = 12 - -["storage/plex"] -15_min = 6 -hourly = 2 -daily = 1 -monthly = 0 - -["media/plex"] -15_min = 6 -hourly = 2 -daily = 1 -monthly = 0 - -["media/notes"] -15_min = 8 -hourly = 24 -daily = 30 -monthly = 12 - -["media/docker"] -15_min = 3 -hourly = 12 -daily = 14 -monthly = 2 diff --git a/systems/jeeves/vars.nix b/systems/jeeves/vars.nix deleted file mode 100644 index 707170f..0000000 --- a/systems/jeeves/vars.nix +++ /dev/null @@ -1,23 +0,0 @@ -let - zfs_media = "/zfs/media"; - zfs_storage = "/zfs/storage"; - zfs_torrenting = "/zfs/torrenting"; -in -{ - inherit zfs_media zfs_storage zfs_torrenting; - # media - media_database = "${zfs_media}/syncthing/database"; - media_docker = "${zfs_media}/docker"; - media_docker_configs = "${zfs_media}/docker/configs"; - media_mirror = "${zfs_media}/mirror"; - media_notes = "${zfs_media}/notes"; - media_plex = "${zfs_media}/plex/"; - media_scripts = "${zfs_media}/scripts"; - # storage - storage_main = "${zfs_storage}/main"; - storage_plex = "${zfs_storage}/plex"; - storage_syncthing = "${zfs_storage}/syncthing"; - # torrenting - torrenting_qbit = "${zfs_torrenting}/qbit"; - torrenting_qbitvpn = "${zfs_torrenting}/qbitvpn"; -} diff --git a/systems/palatine-hill/keys/zfs-attic-key b/systems/palatine-hill/keys/zfs-attic-key deleted file mode 100644 index fb34bd5..0000000 --- a/systems/palatine-hill/keys/zfs-attic-key +++ /dev/null @@ -1,31 +0,0 @@ -{ - "data": "ENC[AES256_GCM,data:WoJfZqlMPpb3ub0HGOyZvIlte5F6T7OIwJ3aFYe1tuM=,iv:2VivO2x6lIrYOHUTg3bi1p2iRSvm7J/zyL7f09bmSLo=,tag:NFRSIsp1LvupCEMuTQS/nw==,type:str]", - "sops": { - "kms": null, - "gcp_kms": null, - "azure_kv": null, - "hc_vault": null, - "age": [ - { - "recipient": "age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqeVhwUmNyN256YnowRHJa\nQldwZmpQZWR1dFJoZzF6blo3NWR6WFJhT1dVCmtnb3BPTW5NeEk5Y0FWVXFDUUR6\nV3kyaHpscWc4U1pFVDBFSE9qZCtaakkKLS0tIHF0QVZTazdVQWk3Sk5wTjYvOFNQ\ndTNUbW1UMnQ0RkYydmVQbzVwVG93TzQKSeg+Z2tFmrIAmg9Noit0hcmii6DTI0fu\nqCZCk/+WZrf53kxgpDHXlWhOKIyxiVgQyb/LwPWe3kOS8oOpiPhO5g==\n-----END AGE ENCRYPTED FILE-----\n" - } - ], - "lastmodified": "2024-04-13T21:15:26Z", - "mac": "ENC[AES256_GCM,data:3eJM5AKZRHweMxDq7NE3zLTGpPrVfAeCw8xwv0s8s7/ooILuel/vfGaqYi/12dtFiK1+Ag5nhxp4fOiLRGpgT6W02Y5FOnxv4YBQT9Tuv+/Ypr1WlMTFp4S3SWdO+6iVRJrnJYZz0QC831hxnQ/PNiH7DvKXeZjqfZGotCRpv0E=,iv:CmzxWWpkT1lLevki8ZygCnXLXwkprWJG6giCzKWZtmQ=,tag:6DESpuEhSH1dKlxZnelikw==,type:str]", - "pgp": [ - { - "created_at": "2024-06-19T16:27:36Z", - "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA84hNUGIgI/nAQ//RxBt9UJcnb5rVsV0XRhrt6CQ1bEXGTR/b5r+QRglCYQQ\nL1n5NXlNKPRk2vrRXcQE3q39dcc6xkg0LeVGSBKZKuE+9TG97KZQ6xfPUucWRQEj\nwaxgzHkZUZfZYlojFiHLIto39K63LjEYCq8KYQDMfOgx1uY2vEGHDdfpQt46zmhF\nSsMkCEDHAW5JPa+8JxP9K39xTXpz1r+M8+VyOacx4f5j8u0qdR24Lf5cPrGIOylh\n4YNS0MPxMAuXR27mblijVITUDhH4I8Zpr+hM8xa1k+1I4EjRtO8c5ADnjQ67I5kR\nE2ZrSaki+dubRYZ1XkfVrWVAmSs3kE/x3LSF9Kw5kQBIYtpZoP/cuRZX0F0OXwor\n8SDZCS8LYq3z9/zUK3Mi3A+Rfai1/eI5WJqhYMN8lSvOP73SLN3jFHkgUSILgE1q\nMapn3MVmQEtayM/CHDWzHuKhfMJje4mCpRHbr5PHzX99jsOKxpO4tTI8Cw7eCnFm\n1q9T51pSH+YsEX6lRZ1H+kz2s4DYcLBK4M5YWbAdm32X+MRi1kZnFeDyZo1d99sY\nd7seb7ITAb7lOB0qM5ZgoRczx25BbT94KEILIlpL94QtMUenuIxOA0lww/JScsja\nnphB1nvyT0wSsZlcPSHdV41Tjqk6FKQy/V96SHSQwZ7yz6SGJIDCUH3Rp1EwWg7S\nXAEY31iLhOLFv+C+8K7gWnm4kH/MFOx7f2DlyNWLAV+dzP7bo7G3YgRnJrG08mRP\nQiXwIK06/Vn3nBcW8NyDa7p1WZ6V3t9TfWOLA7iiEoz4EQYlCFIr6ELog/fm\n=FsHJ\n-----END PGP MESSAGE-----", - "fp": "F63832C3080D6E1AC77EECF80B4245FFE305BC82" - }, - { - "created_at": "2024-06-19T16:27:36Z", - "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA29thaGx06tOAQ//fWq7EbsGD12yyZb6e7+BPcWJ6nNYmnb0E0eurtV5pBG1\nt/tvn6ZPT4noUyzOk4bhyBTiHaLQMMnrRNhp3wIpQrW4AlhvURU4shLrkRWmOPQ6\nXItYNm9REO40EHaxDC9YIt3j5HLEeNqRwgiq8m8kxIHZIWw12x6tct6TEgH+FmtI\nNIZyuPPW/jkMOcU8a49KlgGfDYIr78gZGYQYuFxNbCc38uyRAXa6udM5079bAhzf\nfn5qZcdriomQq5r5dhB10MbllNkxP9f2p/ia3vPKOz+hS3GB3IScgvzJrpkdnDEa\nVmNEWm3bN+fpxA8E43LSuR9u9BJHIQjacHrqDI3Hl6lvuvKgcJvrxK0dxYwAxbPE\nvFdA18kn4HxUbRxwH7WrA4weozQDFamEtIyO8MqtGgz4MAOf3A4cMbbodSww2OGJ\nWjjwtEf5KB1R5dpNqJcFJ0OGQINAp5+TFrOOPFYcPsTBVvxiKToT0XUITbcZILcy\nhnH2Jgu8yngQaSlqLHcwaTUUmQFMxqtp9mntjAfirH3ZjEessr7b+Wj0XETBMr96\nRR/dxUAysXcr0RtKct0enpUgeuXpxPwULBsczQCkP1wULQX2VOtbkXZPWUy5AkWV\ne8X9ElcbqiVCgVQKpAjjGT/seTuo6e18/pa2a6cKLTtgOXzz56A3fK0zAu0QKArS\nXAHa2408UsGWmHTVVMFJRR9KorLX6wcuRDST0VneQnCMpLKKrE73sxi2GLES9Ddu\n9/P8AnBg9MZYv58sYie1mcJFQr/EugKWhgkolzz1/l6KOHDhWpu8i0ME6ogH\n=5eLP\n-----END PGP MESSAGE-----", - "fp": "29F5017C95D9E60B1B1E8407072B0E0B8312DFE3" - } - ], - "unencrypted_suffix": "_unencrypted", - "version": "3.8.1" - } -} \ No newline at end of file diff --git a/systems/palatine-hill/keys/zfs-backup-key b/systems/palatine-hill/keys/zfs-backup-key deleted file mode 100644 index e65c74a..0000000 --- a/systems/palatine-hill/keys/zfs-backup-key +++ /dev/null @@ -1,31 +0,0 @@ -{ - "data": "ENC[AES256_GCM,data:ZIEsrztgVYaYJU93rNUuoaVLalV7ZeSIqVtkl9SZtWs=,iv:27ulcGcA8QZ/uOrvwmanwTfbSAk/dEDEIq3aDJy9an4=,tag:8hf4qaPh3LwDUhkQA2XXXQ==,type:str]", - "sops": { - "kms": null, - "gcp_kms": null, - "azure_kv": null, - "hc_vault": null, - "age": [ - { - "recipient": "age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2WVBxTW13SmtNOElrMlRZ\nUUtBNStOUGpiVUJrYWF4QTVRYjdyMkdpNzM0CmpTeUhzRXJxSlc2T1ZNMk9HS1dF\nbVRTdEZ3WmxVbTdNYWE1bm9QT203MFkKLS0tIGVmcGdlbjg2OVVJUTNKZXdKQzFL\nWHllVS9mRDZiOUtEYk5BTTJha2EyVncKMMRWiiUDqiIIUStreYUg71gUk1/qvsqd\n6Vohxao7nF5/rzwAhVJWle+niz0GaxJxQpYCR48HsmDqg/y4ilRepg==\n-----END AGE ENCRYPTED FILE-----\n" - } - ], - "lastmodified": "2024-04-13T21:15:26Z", - "mac": "ENC[AES256_GCM,data:xIuwEx95QQw21edo37cj852AQXEDZlCqhLQZ5hs/kZHfi4E6IyRgw0EomRHhQMyMOygu57dYo29XHDH4RDfF/2pES7uMx5CufcE8qfoSNtN8JSXpyeJESPBnA8aUKafSkySx0Xc1pIVah0TGxeGhwJY2XiLLOjozl0xLXLZ6xQk=,iv:v9Ql+ERhovaON6yP3goUioz99Eso4St1MyuFxV+x51s=,tag:u6mw6IABsiVYskGpa5oRvg==,type:str]", - "pgp": [ - { - "created_at": "2024-06-19T16:29:56Z", - "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA84hNUGIgI/nAQ/+OLIrOqbanYmBf6kvOxFyEYtHFFPJ/JKLj6/sgN10S+oK\nlCU2n0VTONx2T2ZqPlUix+Yg11FAjcK9GxwauoO6EDyYtIGh104frTgET5RUanIk\ndL+kh3u+IIv9CFtJC05TxHok5gz0ArNo3SurUuMMZ08ttD4+XXa6SzrDjkEWDbKT\nIdSngRwXHaMxekRbVqt/kbwBiBwlKSomRDgQXF2F8iGE/zN694T3r6lFHC2xY4Ec\nMIeKRw3Ye1y6M/p/w8iwb5uphi1mT8+JO5pZAE/z95WvwUDOBfliGZkVeYbx9JtM\n1cDhy0Bf18KkTDCb3/Ik5wqQZ+mDGhyx4QeH6yMO7zgO7axzAzyuG8RvupwBNZzW\nlhOqOSpSpD8xg0fpJmjehbgJMFIgk+jOApsud4aYtPUN0S4m/42SUPYrForPK3ih\n5oJXJYghJjlm+ZlB6BG/fTcNRaw1qhtxF1RCz9T3LWGUDUh79m9wKMC3AkbGeEiO\nqCMr4X+vEc8UvMAjm9Mr7eHgNq5OHq0z3J4XZOX/hYZA/l9qN3y7fRye23yaL2qx\nIUOIDLZJXlnFNc/UQ7w0rZRlne0iaQj6Fr85QRsHTppjMEmJnxg3D5VcU9TDvU7o\nbcDsjP+wtRHi8l4aQztsdCeD+3AbnVF+nhru8Gn+3XWmmK6H9vWjH+Mk0p+N9rnS\nXgEhKQpcKidjyNNaVf62JHlFT031rMq3kkE6DY4omypTKegNbX7BOKCGncw0Wsd+\n/RupIZOL/UMgxYs7wcFpx+herEpfTLDtItbOJAPm0I4Hj/RL0WlzFJT6d3sWL1A=\n=0+3w\n-----END PGP MESSAGE-----", - "fp": "F63832C3080D6E1AC77EECF80B4245FFE305BC82" - }, - { - "created_at": "2024-06-19T16:29:56Z", - "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA29thaGx06tOARAAtpvA2X2ncC9NPCldlBC3ym7p0i0cQIWFNw75NXCk+ebS\nENpVLcpYxR7Vs9jcHV/7hvDUKw/G56IKvAUa158+jruSA4XdwPOQ4d5AwBMqa6MU\nQNShO4b8EjHLCEiWQTbl6EEuL6SHXoNSbrD63SF6stlgpAAJKBJIj21IDPUVERJh\nfkK5plyhv0vnuyL3/Ot/CCQ71ShEnVb4ebzsXGSXq1oktzzmxRIFkzJMiGfvdl+5\nm8OEge/hP3BL2l8GsVnUftC2tjd3WNwVUvD4zXTa31vHVHdrEj5UaDgySmLL0LJG\nOXuRncXaBFK9yeakrQHB7mxnzz9SSf42RGP4JXIOB6f8f+2TzPcuMF9EPDuzoxEv\nL4DDoWl7rtZ5DY+lHV73243QpExwLhanksUfTA7zMpMPi0vP0j7ZZ9emMJ9Q7/22\nxKnTKiTdrUUZHfaUa5UsEz1tqV0M+A5lU4oZ6Djk5j1ny+CKYKq6bH8qoRpGSQGp\nYlq+aZiganOCxXcvGPS4zf1U5HUEP+f64TNs0i2zLUeRd3zssM8rV/CJj3hLYryn\n3SGyrtwDHIj2nEktEDXUTgn42YH6fdlh99nCfx6L/AhLS0Lp2bj32VnjUgBwfY+4\nB0C6Jm7XZvaWhlMmE/KaoOY3RffuibPZo26wCKub3iendzdLcYiC/zlNVlirsJvS\nXgGUhxwvAbpSHLurcEcXQWhr8JHtmIotucHQ4iaEkZDU73+udL9FMf2K9M1JklgV\njCu/2m7EXFTg5XbsQU/++GX4gGWDzmpSNWSwRBhtdKH1qJZftD2ROg27odP0VCA=\n=GPkM\n-----END PGP MESSAGE-----", - "fp": "29F5017C95D9E60B1B1E8407072B0E0B8312DFE3" - } - ], - "unencrypted_suffix": "_unencrypted", - "version": "3.8.1" - } -} \ No newline at end of file diff --git a/systems/palatine-hill/keys/zfs-calibre-key b/systems/palatine-hill/keys/zfs-calibre-key deleted file mode 100644 index 039fe84..0000000 --- a/systems/palatine-hill/keys/zfs-calibre-key +++ /dev/null @@ -1,31 +0,0 @@ -{ - "data": "ENC[AES256_GCM,data:ENcfyj4fd8zfTbXWvMSJ0xa5wRmJzplr7bDsfce5eQk=,iv:DLDA6nJGvE+TatE2aO1zGnAc0lZmpE0oQD7ggzJC8PA=,tag:vunvPA3J/Zy73q51wW049Q==,type:str]", - "sops": { - "kms": null, - "gcp_kms": null, - "azure_kv": null, - "hc_vault": null, - "age": [ - { - "recipient": "age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0S0syeVdzcUxLSE5tRy9r\neG81QmpQWFJZNkVid3JmMHc2T3RYNUdSa2lJCkdFbnd1cHdzVzdjY0lhQ2oxNUxo\nMTh1STJEYWlyMEtCZ0dXWWtHZUtWTm8KLS0tIHpDZmYwT3cvWmZMclhxUXVUSHph\nR2F4Ty9kQnNwUkNYNXErSGQwMmhMek0KYwORT5ZfQbvyuMupijK4neUgql1cYLri\nPGbKWMeUNXcXrOtTGoMpXoXcwqirSB0+5baIII0cxmWSnSvchmiZgQ==\n-----END AGE ENCRYPTED FILE-----\n" - } - ], - "lastmodified": "2024-04-13T21:15:26Z", - "mac": "ENC[AES256_GCM,data:tqQfihnPZgB6jn2VXoRxrjcWGnIy7BpRWQVnAGoP1UvfcWsS5H0D5tB3zIHvLqe/yTIPE5iUUuBfeDOybexjl16es1SZr0qyOf+9vf489TOd02LW/33tv+jDfw8qIwuMGlfr94ZEh910SWOrFbYQbvWEH7nymKUkEANCnlu8KpY=,iv:y/kd67yhHcSJFXFN0MAx+10QXtpVz+g4O+PYNsoSwYc=,tag:muhrK1jpcTDapSPTnSBfGw==,type:str]", - "pgp": [ - { - "created_at": "2024-06-19T16:29:57Z", - "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA84hNUGIgI/nARAAsN8UTiNCUeoggyeiPKGTeAmOjqxn6zk4HD1Y9WIIBivO\nsCCpUmxMuyuWsmYgwZXSJhx8ognDBU5YS2/SzoD2Cs4k01kgZqACVJQEmc5w8YYS\npczeG15SjxKVLgi8zan6u9FuJLnhkiiGAHt7byRz5RKUpSQ+KOjyFCLnN5qwbZsr\nKqdDCBiLvba02D+oXRqBjpBQe1mSdRXRrufFqdNZ2QEP/Ws3H1t5qgFZgeAmKnhU\n3tFDvN6Kad27VtPFcspHetf81c0UeAMtO5inzu/9kdCwD95IoAtU56+WS/5RTLEi\n+qglLz3A9kHO5hLigw2ywH+epyDpxAW9dd93XObtlRUggoOynQSLtNkFOXm5bJGe\no9p1LjpB19vdk2mpVt/J/+IQhYS2OZuFtIlBz4hRPe0XsHhY0jHtB2WT+CKsiUxz\nQyVcLmMiVhaJDXS6ixGmSTlfb+pmfo0JIUsiBTUeyi6J9CIHWHRQi29c3B+HAHG5\ncrkzdVcvOnNMu4M/QbxJuQswTpmA+TNLgYa2Ap7DzWIMKdtazwPDL+Dfr5VQ9UCw\nJJqIuTCtOcBNeX7oyzMKSKPad7g8SG4AuZyaC1bE+dRP/FQaD6Rnubh19C6MIBVT\nUlObImcW+03/cKddMthyepja2gzpkMhJ89EdavgFDBd+BrVuYc/eMDkFZSU/QZvS\nXgEnVaLeYquJAMmZkfXme7RNBIrlD9OY/vzdvXXmGm983RAVpSk8HLCoJirQAc+B\nfJZiwlnxZKj1KMwCBytCTrN4yCwCF9kH7D1QW0Z6IME6I45naDLo6l/fdl5s9nQ=\n=tGYu\n-----END PGP MESSAGE-----", - "fp": "F63832C3080D6E1AC77EECF80B4245FFE305BC82" - }, - { - "created_at": "2024-06-19T16:29:57Z", - "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA29thaGx06tOAQ/+O5+c2BeGAmeiI1JQbfWeLNA3bvniHgQ3tyhcYYmyADIP\nlMIxjbzYQRR7dxixHP9Eh7d4cAq8+i2JbxsZmm6xP2YTckNH+MAA1tzFmwiLMc6l\nABwmU8fSRMef00f533yqPYWSjvt0dtvOch8ILa1Yjy/hHiCACZhHUiz28ra7uUGJ\n12XaiKgUNPWD+ImHMwfEExPQTXc4/vMWnCydmLA73SizyzvRzn0GRnhtK3ydq8jo\nDK6BTIFCOKPHdcbgm/dN2HHFyj2xLwm6ciy8+Q0BmPYP1xFLWztl5ypLqNEiOEgO\n9akgwZyA4l1dzPhWNFgETL0MsdNuSaxVmU/QsgHBn9LTeAfpTPazFxZGiuNUlJdU\nLO3HJWLwVTv/9UuLSRB6wfOmIWVGIISFPFv4TbGoBdbo/41yYVtnXaPH4eEW/vZK\nlon0HhkJtG3emOWj/Urwz0lhLA1Svp2aqVC0ebpeNnsYfFEPcRemRnCf8phXzjaP\nqlSVrEp+fveIU9SOzZMELiOD2LdLmj+a/pQLmTtAFq/e2x34wSdfebwxYpzn0r3f\nz0Zl9hAOvM/dB+sU1sNMv9pS4wksVoLlMDbjaT11VeA5Kkgz2KpZCgyt/duWF0PV\nFMHIww6uvldW21GDD9S4z/feZpaotC7x4OwwxPXolOact9t3uZt23Ct08/8l1LrS\nXgE3dY6kzMOXpEyalNgEprF2P3r0Kh/av6mGtuMw71YWvvNEzC9QUHP9EzEgtfuG\nDAzDGii8BeoA/vjw8u89ffqEK839ULCg3SYdjnCtXpmyVgConLshia3b2iyTwcs=\n=VRVx\n-----END PGP MESSAGE-----", - "fp": "29F5017C95D9E60B1B1E8407072B0E0B8312DFE3" - } - ], - "unencrypted_suffix": "_unencrypted", - "version": "3.8.1" - } -} \ No newline at end of file diff --git a/systems/palatine-hill/keys/zfs-db-key b/systems/palatine-hill/keys/zfs-db-key deleted file mode 100644 index a0f0a5e..0000000 --- a/systems/palatine-hill/keys/zfs-db-key +++ /dev/null @@ -1,31 +0,0 @@ -{ - "data": "ENC[AES256_GCM,data:yV9jh7yJlXhPApTiY6ktREqVUebyYuQiVWkzf3J/Oww=,iv:U1DM2CTxjV4h31BdXpTKyFnY5bepqsCYzUDGW8k/G8s=,tag:MZQzI5Acy8XGTIyCrUwtCA==,type:str]", - "sops": { - "kms": null, - "gcp_kms": null, - "azure_kv": null, - "hc_vault": null, - "age": [ - { - "recipient": "age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVYjlCVTVZanEzVnl3QjFS\nOUZFcGt1TzJpa2lMN1ZBYlZHT0xKQW1ZdXlvCmhTRjVHTCtER0tSQXNDYlhJM0Vv\nQ3VheXg1WWl0NmkrZUYwWm1YaHpzVXMKLS0tIE4yK0NXOFF3dDJ3YUdHbE5OcS9z\nUVFFLzhYMGV2c29VMityNEVJNVl0bUUKNyquKj+Ufk5l6gQ2UYcqHFsqjjNpfbW+\nROpTpKjmI4EuOyAV4VwLaO1EQfLDyWMbBgBXOq+HgsrWA7AGXDwA2g==\n-----END AGE ENCRYPTED FILE-----\n" - } - ], - "lastmodified": "2024-04-13T21:15:26Z", - "mac": "ENC[AES256_GCM,data:Dq+wdw3yP7dnvNJz+JfwqZosfRpKrfuWF/q6EdTsGeVsM+zPI/6Snl/sV6N8oShv5nDKWFV/My+WJiOW4CwdsSwvXOKtBfB3P7tAPfDI8Snba2v2hGyaxg7PVVLb6G7M+PXY9UNmIM1MyHcce9Bk2i++7fP8cGdx0szggeTduNo=,iv:qIoZBHm3WPn7Q0S4uE9a7+AI0kKLc54yig4++srb7UI=,tag:UpeF3yToPj5Yu1sQ6i3Waw==,type:str]", - "pgp": [ - { - "created_at": "2024-06-19T16:29:59Z", - "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA84hNUGIgI/nAQ//cyWCmjseIDy93aDPEseKQL/m/q3yf8ZJTaxUMS3YNNTc\n5Xqhx4G3ns2oRF5x3aTi/XN3w//CVxvsMHyXFjtp3kj6Qas8/sUE1Zk7oMQiyPNC\nXjGgAT+QBGI9E60kYA3Bj7uU/0DwRmUqBORntMreChCHhThkEYCTO4Whg616GzbM\nU41Y7uFdBVB/1+cN+jJbZvkDGoKmN/NawNumVZeFNAQA8NEAoemrl4FvPK6ap6dM\nT8Zp50pa7MPPKWfLICMQXOE6+7diayOMHgmD6cJALcakdi0KG4d8vKDfecrqojR9\nF+LS2/QyBKhbWMH5ydc0MkbviVbnwz3DOQ6UOi+1aUdd3XgxwS4bauIAjsqyYJwy\nKLAhbd388Y77EhCq7LquH9WDyKgpE4y+2tA1Gykutr9h6wuGLDCNcTE7ftoTnpRF\nuBtEpvtrSIdlo/ssBcH8DfWmDCvFonJlNv+3W9QgWdHKRfIOvX43LknJmVkfw+FR\nehUEszKxR5QmSf4iIQu4+Bv+iDdOHe/U8jS3Ma3V0mPPk7u8vkknE6jz85fKIjII\nGbzacQnNBWnKXg+A7bWjZi2fFxxiyEb3rtocAo7Ya2ApBQ7KLf8qTnLcuHkUYa24\nW2FRLbcqs2s/1pi/xqf4plD7pAqy+QEE5SdLyXJs/163cImcLOEOx0Y2gI5wUdHS\nUQEXI1+L8KrDWS1fMzhiFm6UQ36BvmW0A0tbLfN6QPI4Giq18onc0VPPX6Ro4SA3\nB9PpEkr0+DHVPcysLjgrPfal/NHeD+12C3bx5/WuLMb2qg==\n=rTsu\n-----END PGP MESSAGE-----", - "fp": "F63832C3080D6E1AC77EECF80B4245FFE305BC82" - }, - { - "created_at": "2024-06-19T16:29:59Z", - "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA29thaGx06tOARAAo9rHyIZiD809kZIPDKnuJO82BQ2njhpH/vsK4T1ZI0oj\noU1+B4IGBhtZxozluZCvXDNa0UN6w9AFsl+//lVG8PByw2tGDBCW25TiVueSq17g\n4xW7dZLnMJwxleK8wPhMcmyruDJJ8alrHnhHNX26KxP6W9jnVP3OcttN8eAam2n5\n2K6GdSqsEAEJfDGtA6an8b+e5TMAhfHVrMnkvvovMpA+WQnO9RPyIz/81HcsNaVx\nNBDMyIi6WzMHI4cN8x9wxN/cGX4dhvG3gSqGwhxLDL9XqAj/YMYt8uMxyfQ2W8S7\nkK0tjmEteQNnwGy8+JPW//WhscmHaUC/u2HvfhS9LQYaqImve0X4qSQbz4vZmiZX\nHVBTZQPFmYMOMPr2zyWqOlXtxNa05E4X+IMnEPT2QbiFE5uEWMHB+7W7u6QIaUPr\n4SN7im5oEJl+ztj4m1rEysb08xIFMdsvzg+BWR5LvvaISllOSyr510dWMt7anakR\nol9Pf5mnnRuQbjPOJxRkIfcZHUhiEloPJQbTZSOjqpdPVw6fVPNZ0ffdtB9FNrLz\ncXJDaWL2ytl1EVoLs11IatXdpucJs2o2Yu4Ifdws8Hg46/bXuxcj1/Vzhw8jVPcN\nTn3qUhqPytt4mAxt7w9LuIgOBsCSXUV1JH7mRUqJ84Nrx9S4fbkdVt7CkammGD7S\nUQE+hC9aYbHKJRHClWoIEkIxjRmDjRGAGbM+KN0i4yRcfYRT2bgKYrtODDtBrz9W\nQO3vB77EDMExtrEUt7ojSzmQGY47ydycPqPmh/8WvEXLow==\n=PSVh\n-----END PGP MESSAGE-----", - "fp": "29F5017C95D9E60B1B1E8407072B0E0B8312DFE3" - } - ], - "unencrypted_suffix": "_unencrypted", - "version": "3.8.1" - } -} \ No newline at end of file diff --git a/systems/palatine-hill/keys/zfs-docker-key b/systems/palatine-hill/keys/zfs-docker-key deleted file mode 100644 index 32f8f87..0000000 --- a/systems/palatine-hill/keys/zfs-docker-key +++ /dev/null @@ -1,31 +0,0 @@ -{ - "data": "ENC[AES256_GCM,data:HTOTPrSNnEbjiNJ2bQa51ugJJAfWwNciFS49PuvmEtI=,iv:Z+hlvZ0YuXDDfrE8UyLin/xL+CKVrkj5trReox95oGE=,tag:Opx9PL2GxTUOCmeAOK4bgQ==,type:str]", - "sops": { - "kms": null, - "gcp_kms": null, - "azure_kv": null, - "hc_vault": null, - "age": [ - { - "recipient": "age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzVytGMmFsby9pRXI5SlBW\nNWJnanphcGVwcHRXWTNyY2Rjd0dsMkJUV2pvClZNY2dDUmxjYSswNGZjYkRyN1Ur\neGdudGlQN0o2Sk1jL1Zsc0N5Q2FnNlUKLS0tIFlCN0I0dUxQWHRDTHBDVGVwaVRG\nZkRPWG5pV084bG5hdm1pL2w2Mi81ZTAKWfIHu1sPLzucNGsudu/MP2nn9YAPkk5l\nxZNfK1+a4dQaEI6YaurqoVgZ8tes3ZFy4XWCtw8AjcoI3WTPJEFYmQ==\n-----END AGE ENCRYPTED FILE-----\n" - } - ], - "lastmodified": "2024-04-13T21:15:26Z", - "mac": "ENC[AES256_GCM,data:ZvXM90ik5qjK8QnNRUZex5yQ7EUxk0WyDfNAKLqu4fFZuS9O+V7KX5ShaFMrilHIQt/Ab2G/s5zwbgxE6Pi9mi91g8MA5y4vtEQr8V07xEgPmKWCu+rIcQdp0ssUbiapo29XRmlwvaRFiHJaESYpYzjsNL37TLpTpIfIUp9YC0o=,iv:dXI4YUSh8yhLYLWdek73bzHFhgj0J1K4Wql0CLedepw=,tag:WZwhN5H9o3S5zZqENQ7N9w==,type:str]", - "pgp": [ - { - "created_at": "2024-06-19T16:29:59Z", - "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA84hNUGIgI/nARAAmpJUl5LDm8K2KeKLxgpPFCCo4kal64ZPy7iBx2xV7jzo\n6+S7yFqoVNcA5Xz5iIQD9eokh2mj2HBfoJwrLHxXKzzPST70yk/eAU7ggAM3IPVy\nPeTSSXNQLOB3Htp6zcBdMJpudwtx7hJ6NF0zRfA5GEODPwC1Tq6QXGMg6YhnbS6y\ngXj02Cyi/AS3PyFAfCdlMZ8v5KJcQF80Mdqoqi9oEt9J8kgKmMg7weQsUar9kkv4\n72FnKCadAPnmCOP7So0Ijtz530IKKwwy89CUQJ8Zyw3QEDU/cO8pp2qlel+uU8cC\nRscV1eV5UUHrRNhffjwmd9PG27ixXduGvUKx3IQBvVUpPQ8CKNuuXCgYfD063czI\nSa/YvdKWwGk3moNmGgXxLrCckt6aD6zbjqLPARYKypdiw4Gk4XkOx5X/9oth3H4M\nIor/hJgY+6feXENJwqkEM8ovjWchQwG8PMRgdRZPDJUgv38Dsd6SEvcAxaXS3cHB\n0hG6CueUj+kTLgyEekq8HITJ1figZpdf6Xe24Rxu5bpKH5m5yHb/dZrW7i3J4W9u\n2NPaTotnALgfs75JXbfYPtXbkgILsFcixw5Gqa8M44yjs4TrdwLVgjMEcIjnIFuD\nP5Qq6z7TTpq2r+W7/XafdSK5KZ+ptE2TASKdJNzOeep7iGE/6ILjaOr+M/6XbDjS\nXAE6prh+v/qx6U/tiTLCY0+1E44CtMc+5ECUr/5QN1mbAyEV+zV0tk6BHyPhK1st\nZRSigQV5r6ui417ObecvNNSvk+7UQVyO3KOCcO8aMWFS7g5BGtQuCQZaT8YK\n=bxEL\n-----END PGP MESSAGE-----", - "fp": "F63832C3080D6E1AC77EECF80B4245FFE305BC82" - }, - { - "created_at": "2024-06-19T16:29:59Z", - "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA29thaGx06tOARAAgYWvxwpxPfQfGaJb/MWoDnZ3SUI85C8mOFv0FnWNyuMN\n3k9tiQIejplecxdIjs9+DEG9VIkS8l2HR18fWFsoZQmVTgJJiPSBdQuIhTc3j+8V\nIdA5VMKW4DSuOYbpDUlDTaOHfg6ah2NXOuOZbgiaGSn0ikw6RU/QYreKKGKiZ4Ya\niFpftA1jRI/tQuJRn68/O9WoytEK3c7tXM9nNZyU1FnBmyPuOqKypn9nWdNFqrIJ\nWA5ktQvaX1PW0c8F07G5YwnATN9haH6u0dDUmho51p/1PNGCFRyj5HazOV3Eueep\nRPwncz69Kb+Cu5gubUfKZTTogAVqmvzR4fqycIVwsTXY5K7Pmy5PEYuT08Kr+jQZ\nMaIrEJctWxOSAoAqwsHzVVPrrEkSyv57XXyMCYYR0gVPxKMqcUvZ+npb3JM+XY4V\nptWK6KCC3wZPaVjkhjfxIGwQttVmz9wWOD/jKjmhGhHYZRdoGNyWOIFiUnRF/cV9\n2PMhc9z40L712sud3fMe+TnUgzBe2WTOjZ+VYKkYqcfVs0qKxQiNMXRuesg7J4gV\nM4QE8YqMx0bVf9rV2uusPY72uGTcUkFLklFbx/VFFxRjX7sUeV+VedR6xKUcJIYu\n1wsrL4xQClwWvvqKZJmKr+wTImifI4RWFIu5/mJrkcFFJ5ox9sBdnPmwtnUosDrS\nXAEQ1mAZ4+U4G7jyJYLsEANQCo2bjdqKSuY28LlVh6HKcsodWlawMWmWKWQW6v8s\nt3k591+Q4Kdr1YCXC+tFf/VCFLYx/yJhoDS1erwmz498SNWxCmkbAWmuoPCZ\n=tNv2\n-----END PGP MESSAGE-----", - "fp": "29F5017C95D9E60B1B1E8407072B0E0B8312DFE3" - } - ], - "unencrypted_suffix": "_unencrypted", - "version": "3.8.1" - } -} \ No newline at end of file diff --git a/systems/palatine-hill/keys/zfs-games-key b/systems/palatine-hill/keys/zfs-games-key deleted file mode 100644 index 01bc81f..0000000 --- a/systems/palatine-hill/keys/zfs-games-key +++ /dev/null @@ -1,31 +0,0 @@ -{ - "data": "ENC[AES256_GCM,data:BjADYlVY1GEGULf1p07IJPdXoxrUk4+ILv4ZST0UFLY=,iv:tw0Tbq1gXREHtPcWzSrSbP6vct41qi8LxYRqaPGO4zA=,tag:cazaZkhebxTIiBthWKWWYQ==,type:str]", - "sops": { - "kms": null, - "gcp_kms": null, - "azure_kv": null, - "hc_vault": null, - "age": [ - { - "recipient": "age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWdlU3WlJWeWFSWHcrRGh2\nUHAwNWdBSE14YTRDYkc0TTZVQnpFWGp3WFFnCk5RUm9hTDJPSVl6cE9ud0tzeHE4\nUkhKS3o5UUlDaFpTVnRycGovc3MrZkUKLS0tIEx6d3lkUHdjQ080L1hzUE41S3Zx\nL1ZPbE95SUZuZ0xHVTJHN01SR0tmZXcKIdPA9UPq9+ZUjncwjIgEuBJlQk5iOjsv\nq7U4ebqdqeioiDyDl6cJE9gaBOIClhKYe1yy4mHYvOJ49HtWnEjanQ==\n-----END AGE ENCRYPTED FILE-----\n" - } - ], - "lastmodified": "2024-04-13T21:15:26Z", - "mac": "ENC[AES256_GCM,data:8Y6goZP1qpuj+JBSfqNFkyZFMdZxnaE+ifOQjAOmkPL9cY3gVkXOoDUftsQSWyNyqbMwjYXYqar2/jtaOwAs0P557rcQp2736gVulzGi3VMJJXegEgsmg7DV+Rrfys77ZkaArbyT5sbkWAHS4xyWsS7j5sjjIs2Yngcxt+2TCaw=,iv:GubeHP/WhsUg25LwNyZvOJrsf8wSwDZK/fmmkyIHWL4=,tag:s3ojA55TMVO183kdzj89WA==,type:str]", - "pgp": [ - { - "created_at": "2024-06-19T16:30:00Z", - "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA84hNUGIgI/nARAAjlz7eeBGESXrW9f1xEUrhI3z27Q2T32cGRxgecrRcrv5\ns0VQj1TAgAQbTJ+GQh6CF8K0wZMb0TQkO+A//A+suEaSeIpW2vPFAcnysvikoekJ\nOR8Y6xG0BV+PQ074J3n/VxyL/PqcztpNHdUS4QEcXO1lBvfEeTBq+FyFRrUUusAu\nZm7U8kUKXT1/l3Q5kRiEkjAWLfJCtfNl9vh+tTWoXUKP4Xa7X7Z8aWfcKT3jxOcz\nIBPh9fRHwZGr3jHRoiqZs/QnER2xJgRgAch91aPwbEnx69QRUuSECHHKnT5N60Di\ngarN2GZrI5PSlUJ/hFz8+NE1m8/0B/WPnOJc6oRMblCftOc0E+ESHoxVuxsaE1qf\n7/gPS3A+9D0NgclnPnV8SJNcSNZzLJb/a/gmC4cmEmvceS+vAPWy2op8U1mJCbEz\nzIEADtp+m65x5Fxwtj9GbR3MRScd2dOJMeEj72qxkfdlY1fxV1g/08Mg8eE45Bcc\nIUg06IW6/TeJQsB3oWEngGTlWJKHWmZS+TL8jCBVSqJ/yvjrLwb8fm0lLvZUYLky\n6HAsswLVfcMQV4s4RGbSgOmSjxLoEmxOleES2r/9G5vPFMwYsGLnqnD8YG5fGCH6\nPpHu/pav2QGW/tOIGclieJXB8Kc4DrGgR4FQKqk/s0OU5KJqLvxKu7oE0R+gqFvS\nXgFklhtMvK9cnOqFpecermG6LUNsm0KfzpdehmFWFNkOLWpBP3I36kvLdZRiSTUA\nFgApol/tAuB8JXX+OiJ0/c1dr9czKI4vI4X3YYgKqysLcmGCSGtZ79NS4OLPI7Q=\n=JXLW\n-----END PGP MESSAGE-----", - "fp": "F63832C3080D6E1AC77EECF80B4245FFE305BC82" - }, - { - "created_at": "2024-06-19T16:30:00Z", - "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA29thaGx06tOARAAlzr+nEfpGy5g5GuOjzSTubqouSrN1GuFMeEp8NMkkTrX\n397QqCQs78ekWaRMVFTtWMWfDmAvaf21p/vBkLkdtZTJEtjnPdpbrWt5b5q+3/Yy\nUkq8pcKXhd+mBHFrEy810GRsPEvCR3gDS3agsfxZyTy2te//St87rsuqwagdhzZN\ntqzc3gB3AtZZq++RNuHofvWtFb6B9aAQ84pL1gduTBQaQiQuw7F6BhhgBIozKRfa\n3p5F+et4beilMzyWMAZgWSg1S8WUU5dHp2FyQg5o/FlPJPFXzODQsMrJ1TIatKje\nJDO7C33pC7CSfxNXAAMzBbjNW2SrU296Lu0sYnkNNx55KEW2MjNRTJ8/NssuuGWC\nrUxx3rdGWb0zetZF17Sm+555Yn8Ro6fhWyDdzDYkoYOMwkcHR+mG605kCmohRad2\n8dm+ghcuwSkNhA9QmFtV7dLXJYDrH4FLaQVIbHicVhiN1vaIBKCgCu1cXTpCrVa0\nWRowf8WOl8rlmo/kQbEqAktrc09YhBS/EhRd0izD8/YHiK89RCaA+d//tfN8eh/D\nCTsca/flHxIuqYWitzbXrFmCmxTtTRWBpQMCgEpBlHDLke2/ctvJPDFcpaG9+jl6\nIoWE3/XGU71AL7u5u1Vfg1O4jM9W5V9mkd13wAxzeod5pFssMDvJJji6WEC2eQPS\nXgHK48pLy6lGzaRcLTOwSRugItj2KMHVRYpo3CG1QE+vCXwsz7DQcjzAwBALWotw\nKtVMgowaLWyJ8ulIOeN2SezKuObPZwBgAviYz1yYX0OFfX+KlBTFmH4Dv73Y6Xo=\n=Xu0R\n-----END PGP MESSAGE-----", - "fp": "29F5017C95D9E60B1B1E8407072B0E0B8312DFE3" - } - ], - "unencrypted_suffix": "_unencrypted", - "version": "3.8.1" - } -} \ No newline at end of file diff --git a/systems/palatine-hill/keys/zfs-hydra-key b/systems/palatine-hill/keys/zfs-hydra-key deleted file mode 100644 index 370943f..0000000 --- a/systems/palatine-hill/keys/zfs-hydra-key +++ /dev/null @@ -1,31 +0,0 @@ -{ - "data": "ENC[AES256_GCM,data:/SvY3GhriSgW/nFjDcCXq3pkVYOZwBwO37P73CL9Uv4=,iv:nS27ev29GRCDcAhMkBqb58O+JeYz5IT1UFDMWDaRW/I=,tag:c8MsgCoamwH6If3XZ8OchQ==,type:str]", - "sops": { - "kms": null, - "gcp_kms": null, - "azure_kv": null, - "hc_vault": null, - "age": [ - { - "recipient": "age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6THR2a2NvcVZVajhxWDVv\nN2NEV0crUjRtVnNGL2U1YUhPbDFUVmQ3UVNvCnphRm5KRnp3RDdoczM2L3dDSWM4\nb09aSUc0RWMxY0ZaampHRnQ1dnBFUzAKLS0tIDJKeHJ4RnpCNzZpN2RKK3Z5Q2x0\nRWlIdEtMbXJDb01hQmNmWklCQjM4QXcKOHu7SUn+9wujSwlpLFzvpqYycLj5LXCX\nN/WSW7udTs7lS0250MpY3JQBhfs5kcx4CL65YdlSUagR17zP5OA33w==\n-----END AGE ENCRYPTED FILE-----\n" - } - ], - "lastmodified": "2024-04-13T21:15:26Z", - "mac": "ENC[AES256_GCM,data:VtRQXx0skfx8/x+2o5O25JC5xwgdEpjN+Q4YJ+/n30N4Hqi2qD7xslWzANtE87YEa1KvjDosHMjPNcAf7AHL8Tj6Ue0AaexqWBfYh8sDSIJBkCVMLIebAFs/Vv3NG/eiUbWOQwS27mV6kM+z/UTudWSEuQaDOfZLjlYkIwl78l0=,iv:xbzt98QY0CraJr3yA9OS5v+SGGMOtsfnpMu3gr4gkp4=,tag:txzNe1DHdbCky+td+XQ6gA==,type:str]", - "pgp": [ - { - "created_at": "2024-06-19T16:30:01Z", - "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA84hNUGIgI/nAQ//dVWN6XugkTMxu6xqGCnKWs9qnxWnTc0dm0Cy4t8KkM+R\nB4PfXNwyPFyiE7ftxhxvvbSl5GrxdTvUY2uCxeI14e2VmmbPOxSzoRQoNL3VADrS\n4NqRT1YCnwsN30vMdN71NKzk1wdcOxl2Kxb70T0xYRbn/SubBDIEW7f0CgyONAEI\nL/LEzLtUcms/Hc5WCZzOCHHPwefuyy7ggiEOHyDKWQWD6AnDKCdEtboF7bGmTaqy\nJoZXopix+zBAKx2JNfZRsi5zJ60jTj5ask8rCThhgJxh3+GGxqpPoT3Mrv0r2IwM\nv0pePeqiMit93+hWexNlsefQhFwcgtCVwqWL1taESxHS8bt6ShrrXSoZJZDhHDC9\nSJLdg274end4XtUGeEUEGUnRCmeke+w5QFVUgJP9YjDguFAZqtSFHP/DG+1sv38a\nT3dZ1DGjPYoa7APjdSHxpJfG913oAhrVsYn0nVDRfTygzl8JjsGydp0azHqbhI27\nWwd1CuyCyswd1h46mvP1HkGmeIGEFcASu5cFrrBQkochWSBn1yasJ/1qbM5zetOF\n12RsYCeyyr7IrBJ5QU0fNhZMqDRVh4Bo5G2H4EP1AjFiDtt13tDH8fUirlmF9s9S\nyRsG/mV/TJkPcayMUlJMRdoAvIY6KBCXcruS/brYtxfToH5qSGwt158MGlhYgHnS\nXgEJf4RwzqgMcvvKI5q5OAZdFIk6cFcoRZVfbihb77yGeXmLHS8aLD6yiC4kidm1\niIp7uZFSPqmguQB8+bj2Q8ZpHfqD5iWGhUEea4BThr1MyCHbhosSsB6LkV1WbzA=\n=7tpx\n-----END PGP MESSAGE-----", - "fp": "F63832C3080D6E1AC77EECF80B4245FFE305BC82" - }, - { - "created_at": "2024-06-19T16:30:01Z", - "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA29thaGx06tOAQ/9H6DtFfWX3yxcIZxWGqYOJNIpR6THeTw6yFhlgXtX3LHx\n+exbLPTJzST3sgTJRtCdUnCkiD83D7rS+rWE2hGog7O2i82S5ciLW6v7AsbQIXzR\nFbS03hJKJ+QzXERT+dEqAT3PkKe9cWlQ0EiIQb6iNMFmgbTo8GdEZkQpW5A3Jggd\nhmBvQwIrMHh8ViTxHptVsWRUNrL+bdqyGsnutlngRPP9yt1mSEujLcob1Ha21RuS\nJcclcg93zTLfTZ8dp3KebVx61PYtcNIzJxJO4/7TCuoOa7qIvLu85nO0w/hEk9dS\nU8iJ8Lj2c4Yv9hKXaul/3tS491qWzOHVN+bu4Z0bAnOioCcRS7mb+Y6cZYITB7+r\ny3lsyUJMyzpQUmgm9zvOTdK+t002rnjGtiyT/Jf9BMtBsl6UN3x5m8DtFFeMpr6/\nQXg14tvvaXHVfRM41xTACDQmu35hE8MPJxB/MIg7q8FXQb/ll+Qu4yE2kEfwPio4\nc3+5uOiTrHNe5LFIL3u2HRqPuIXZq0UnChkY79WH5OBr/6upcXOhm4gFZzqKAlHt\nZqRXArKMqJFxe5DglOCCuLYSxtZUcdQbdJQLgyrq62yzeMhUJoBo5lxVH7v82/ZA\nUh3KOCrCCEQyjvaJ0LkopkUEPTEhtw1Z+NhPZBMYdM5tajbiPmMdg3D1zHiKRX/S\nXgEexql78jtc2gLNF+5/wX1nJRkVVSuxuoluFcdO+jEzYG8cDldVKhigNJ078EPs\nS7tPft7EtpMm2MB6DWrkfNjejj4fQ67SDlDJ1xER40WrKWYpvnCL2la3BCpkxvU=\n=b+Bf\n-----END PGP MESSAGE-----", - "fp": "29F5017C95D9E60B1B1E8407072B0E0B8312DFE3" - } - ], - "unencrypted_suffix": "_unencrypted", - "version": "3.8.1" - } -} \ No newline at end of file diff --git a/systems/palatine-hill/keys/zfs-libvirt-key b/systems/palatine-hill/keys/zfs-libvirt-key deleted file mode 100644 index ab2979a..0000000 --- a/systems/palatine-hill/keys/zfs-libvirt-key +++ /dev/null @@ -1,31 +0,0 @@ -{ - "data": "ENC[AES256_GCM,data:dBSXePTzwsVsWBylfht3q2MWf9tP1IK5PeOIK3BStWo=,iv:x7R9qhOEcNeA9Gq1WF0qkQpUOAo03/nPQRqcXuy0PnQ=,tag:1nQZlFRUiueJqfFEQj2kvw==,type:str]", - "sops": { - "kms": null, - "gcp_kms": null, - "azure_kv": null, - "hc_vault": null, - "age": [ - { - "recipient": "age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzaWsvU1ZVY3U2MXJRaDFY\nKzNqOEtIWWlyd3JuMjM3ZDlSVHZnbFVXZ2lNCkpvY3E3aTVRdTY1SERGNHZHb0NC\nSk1abCtNZzNpYThzdTZqNmYycTJRbDQKLS0tIFQ5OEVQcnltUmpRaXV1UWlEQUpj\nZjVCRG5ZRW1kVTZvdG9ySmt1N1paOXcK7+H5ndruGiFg8ECF7BWgKoC4zb1zUCcX\njN6wMHl7mPhy4x3QU4mpSqdPeC74bbd8yilUyf+ttGC8JfbdBvmcqA==\n-----END AGE ENCRYPTED FILE-----\n" - } - ], - "lastmodified": "2024-04-13T21:15:26Z", - "mac": "ENC[AES256_GCM,data:rg6j+TfDftrBJ5ZoIybMTEkL4X2IyXe1MctENCUEBhj5sjUHecOcF7ZVHsFUU37rcgfL+7zZKtlRvZWws7FCaMayBSbsUsesfM8NrehoOT/eXKHj7BmsIDeGVaVOknXcNyF0o/snbCHdgLIshkNEPI2HTTfBmF62RViWZaRjLkQ=,iv:Y1prLF9n2Tl7aMRW2aXsG1adns0PAoSQQlRIci37Fns=,tag:PsDeq1r5Bs7CryBShaQhbQ==,type:str]", - "pgp": [ - { - "created_at": "2024-06-19T16:30:02Z", - "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA84hNUGIgI/nAQ//WZs3SywuWraaxwJRA0pf12uZhKp/IFPxXDvnDW74r5sT\nhrL2BOo06FRNYuChuoUMdu3E3ahdGAKdW8IxmXDcvl7b+cQchZ23ZRpdMwT5fsI6\nZTaoYN1X08KYqgWZMMJg07KYDoZTFYyoXkNr0KchqaE3SOPJmuXTiKQHoMDpTQqs\nL7y2iiXCUQRyiaG8pZJF16mkVRTiyOnUgAvOeGBe+rh88NrwX92E8IvRxfDdiq/0\ni+GpovaKUW7a4NKTLkYyCQrX1aulq/DbASfkVU/NYlsSvUlMk27LSe2di4Hkg/cz\nN1NhzN/UNd1P0HfBDHLBa8S1CfJU8t/XY1atfyBWGkZ03L3N7HaezX/3SXpty1R/\n722gu7XiN17qYbkNl8uheaGGa3Z/c3fdmd+P4Bt+j9zkXRQFGriNfqBR2cJ2bprK\nLGg7xIzHDW/TO/ilR/HUoNYX6dKgyal5HK8laESNjvjSXh+LZwHBWAddPVzuc739\nKsRTZSWjADx+IiwQHACla4Epl1rgUemG/nEIbLiZYIiQGH1XM9e4lgySTbB/0bup\nCDUoZDtE0GLJefeWbWPGwQs+WnzvAKGOpO/aYS4f2sBNmKVpHVUiuX/0+ubkU8ab\ndI7q1+k1t5SMl3UqNQ+N7o5Ah88tSWNWbRXUa/iQPUYCJwrDHqaKoCSoGJo3rBXS\nXAEtxJ/ZhBlwMDb8VbqFnltaVeKbzAWvPLhYo99ofZVV2HdkszMHU4otvyQFBpnR\nH/qF/LbFc4UbXSlFjNJYgOCGlVEQK/TYboIQEanBY0d0/zwQHrGJI1wXHSN5\n=lg9L\n-----END PGP MESSAGE-----", - "fp": "F63832C3080D6E1AC77EECF80B4245FFE305BC82" - }, - { - "created_at": "2024-06-19T16:30:02Z", - "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA29thaGx06tOARAAwDW18irq2aB9gcSpg4RbSZY4iHoN9+SvDoX12Z6cO5KU\nb8nPJbExfrOqI+lANfbdln/sDoHUYImG8SF8fdsfkKHb047K/rrnrSzOrACbpEsk\nGds1VQfB/IG5WKW3HlNnQS4wKuegGgZOUWTa923lizWT4E8S4o3K6R/z/LRz4Rd2\nNNMvyInVyuGVEQG6GjZipTjj7MQtHGjXQSVDdzl9xJ3PIui803H4X9pSWMkWrf/D\n2r0C2BEJQxssKQ7rgMSSA+08lE31ZPLJ/wBcoa8yDbEmCvYZWXO5ibqANn2Xnh4L\noVa+1TAErZZ7a0xozmDbDo6ABhjMzoh1QZ/TYS1zxOV8e9tfi49XDCBSC+lHUEhc\nPCgERsZDTJf5xbStuK2jL5LNDSeRvoYkoEMDCGULaept8wftc7mfwwrd9zmfJ4rm\n4K6I68m0NGo6BvwGnSb8phGs5QLus4n5c9gcd/V1Ky/3tQ7HJCTX4IguA2YNKGx2\nAm+EDJn6MGVdJmWnfCo2WL+baXhEK5lXGA3w2VJ9HrwwFjKwQE3afpYukaH/ckCA\nt/gCQoKTVszB5pIpRzrF98W3+zrxLlrUeQEuBBBt3ZxhlUaVPS15lx8B1FXh8HPp\n8o5DFNW8CiybeIn8LZYes5c/FBBjcfHqlfJ0TkPaFUIg7wDExgx+DJDQkCA/zr3S\nXAEHgHGLfE9TNMcXlQVADHsQZICaAqmtNicXyoHvSCNpJj2+HlB8nD7Ptuvtzz1g\nac0sd90GeRdfpOz1XRDFXS9F+J6+g8LRpT2ZZEH6Nw/nqUVADp1V51qBr/dd\n=VKRn\n-----END PGP MESSAGE-----", - "fp": "29F5017C95D9E60B1B1E8407072B0E0B8312DFE3" - } - ], - "unencrypted_suffix": "_unencrypted", - "version": "3.8.1" - } -} \ No newline at end of file diff --git a/systems/palatine-hill/keys/zfs-main-key b/systems/palatine-hill/keys/zfs-main-key deleted file mode 100644 index ed4ac80..0000000 --- a/systems/palatine-hill/keys/zfs-main-key +++ /dev/null @@ -1,31 +0,0 @@ -{ - "data": "ENC[AES256_GCM,data:sv6mzmqfecjwqSwRBELFx0sGD1rVJDydFTHG3NItNuM=,iv:Wl+PiYmV8UoAKA8d+AZhR1xR6EV9gJSA3dBsshNE7bA=,tag:46Ejkd/Ne5bRuRbnDNZeKw==,type:str]", - "sops": { - "kms": null, - "gcp_kms": null, - "azure_kv": null, - "hc_vault": null, - "age": [ - { - "recipient": "age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzcjVZYmxwNFpPdlhXOTJN\nZjJ2VkNRMVBGMGdPQ09mb1g0ekR6MS9hdFJrCmp0QVdFSmlwN3lCWTAxSVVnM21q\nY2J0c2ZWL3Fmd1FhL1M3YmgyUTVtR0UKLS0tIG4wVStNT0lGTUplUC8rOGxLT3Fj\nRVBkZTFwRXg0TnpMTUF5MDEyclBLZ00KebvF9q/bPQnbSjgfbMNJ+qZwFu4M1BrA\n7jImUpxIrFw8wqoF9XiDdZER72+wFzxgTX9MeUiVjt7C93u8iRVObg==\n-----END AGE ENCRYPTED FILE-----\n" - } - ], - "lastmodified": "2024-04-13T21:15:26Z", - "mac": "ENC[AES256_GCM,data:XJjbpp3QI7/ecRgtFlh9DN/4FQcT+1H0NqPEANCzKDpYBAQkCy46+DMVlQZvlEbUDGpfgT8ZXdQezWJHypeuu7a6h+51Lv2PFr75LXtp35LjOy7luutTknOq2d7BOK2Ki5ZiXZDq9ixQ1aFJHsKDuYz/djrG90ZTOgw4AYctB1o=,iv:u5n3YrZ6tU08Ahz4T/gnJOd2G53nGXp5KKWBxV+UnLA=,tag:pqKexgsFnKTBtHbOMJyPyQ==,type:str]", - "pgp": [ - { - "created_at": "2024-06-19T16:30:03Z", - "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA84hNUGIgI/nARAAgmxze3jr3KEophEQnNerXjW9SblQ8bSqbn335Wy5hsRY\nPQF9cExZiVbAxyfCpmFxikSMDfxcnCdbdHMcUFKveY8bLCk822c2yl5xRecxmeWc\n4jmzWLpPymrjTA9xbcZKxjlTKUDKDgXUBJ6I/+X1kCHCNqDx+wrRj3sgXPybeFLk\n1BhnXglDYicAAn/8c50vFLnYJvHggmPI3/dJJpL1ayIXtnId1smG3SnpNMyl1h/d\nBU6ss42evPqlFod5Km/q9p/ld2oHg224WrKBwKxqRm+SEIjVfi1HQ4/SXVqnOMdV\nHxEVKbfqQwRJf0ToOa82oNyP28ZRdveXp6TZmd88Q/hwaGo7soLXx4l9wA4p3mk5\nd2/UVnhpFkOvkdBBdijfYWh8hwyHlovzuTv5eRimVW9RWdHHTLScsANTBfPHC5Qd\nZg7/J6+iKIjZWfInOpYH/IlNtRuhXqOM7cyApbx1hzhUB4j4eTSQxeLGjV2f/EWm\nZcANKDfzz1wwQdT6MJm1z2F62Gp7TH/k2YKwEAksUIpuUxTG86wvPmdOxpgp5K3b\nGzn3TQPDXvSr0ejdS2sEcfewBCVxZyfNTCGGxnh+xQ804PnkVK6U5MggHNTMaJ0M\ndfDUacz1MN+6ST/vAlqM3rlzPgz6nZHlVCzw0BSbCOibpvTXpS+34LlSwl2wEg/S\nXgHDWu94k1NXAFSg5SqzRQtfWujAsXnRDpOlbSMIjzM0UtI0rvGsgzKP3Wfi7lZw\nM+XOZq7KKXhEpcge9pFGIsNM65NZnnCqj/R8kI/KyQt4Sbn84ms7814Z1xyKLhc=\n=n9vs\n-----END PGP MESSAGE-----", - "fp": "F63832C3080D6E1AC77EECF80B4245FFE305BC82" - }, - { - "created_at": "2024-06-19T16:30:03Z", - "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA29thaGx06tOARAAqgAXb/ohCDW1KPgWOxjC/apQT/OUToWmf7sd9LLLyhXe\nLlYF+RKhC3/ECxjc0EJQI6/lrrvpqMhksZ2If9z8LMpTAuAUHai7gqW8DGCxqWJO\ndB93Lnls+Gr9HahnsM7YazejK6FPEQZgMIM4u7t0kyhiuedcOZgZiB0iXDfYnue6\nZz1mEokmzzgGGi2xD+EMp5PVE4vR1Gd+i+b94QX/bG8EUl3wvVVeyjb3I7b7JaIn\n3s3ZEbIg1HSRzNHN2KnlMk/LYl/lPO3a7i1mA+z+tNbCKc8lNDa8WCCCwsx1Yg9E\n0ApxVSIfMwQtVCLBhv6A3DMwSoIHUb8MP2Eku2kV0ugMcUMnefF8hR2gzBTGOBiH\nmBGRTSvX880aJzwOFo2xO/SkDl8vR4G9VBacRKT0OYb3XzvoM3ESGXof8lzG5+c+\nTv0OIFdLDMWEwSi5lreuG7Tg6dInrW83cguOJfXQ35rMGTmG0IVmszbEU3p+dAoy\n7Jp2ujPKwN9bsLHMV5ufRaYXkoXSOWEZLXeL3T0lQ7/8FCCIKP1VgMth36phz8iJ\nYqmXGMBKrZigA55hEYsj9vL7ujFcALgzyXpqrGeJkK30sPqASfhuOO41t32waKse\nXe8QWDFBt7hKEcGX+9Fa/DzeVwele723m2hro7uKaofORxtEfkAbOgCg+I9i1PrS\nXgEAtRIMg2ZJnjQpDenqf6KrHWKWx9EzUAMc9TlGesOaAegXb9FjNKmB7qQp7Obj\nV8dWedC2wTbwjmF9E2DOEk4VHFxct1ezGgLBXrQUH5EY0n/LPSejsysyIn6hGuk=\n=9akX\n-----END PGP MESSAGE-----", - "fp": "29F5017C95D9E60B1B1E8407072B0E0B8312DFE3" - } - ], - "unencrypted_suffix": "_unencrypted", - "version": "3.8.1" - } -} \ No newline at end of file diff --git a/systems/palatine-hill/keys/zfs-nxtcld-key b/systems/palatine-hill/keys/zfs-nxtcld-key deleted file mode 100644 index 05c0450..0000000 --- a/systems/palatine-hill/keys/zfs-nxtcld-key +++ /dev/null @@ -1,31 +0,0 @@ -{ - "data": "ENC[AES256_GCM,data:MXw/3UwBlYqr4vKvfSYUvC1EGPAQVXV31VSv94B310Q=,iv:mnVUKs3AE6qwtJtnWcNfpQ46hkq4xduvNrOeOkGrVF4=,tag:SrlfFUvQamllD6Jp3zCMMQ==,type:str]", - "sops": { - "kms": null, - "gcp_kms": null, - "azure_kv": null, - "hc_vault": null, - "age": [ - { - "recipient": "age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwcTlIaTNDQ21YZ1Y2Y1pW\nVkhPUDNqdFhRYk1maDBaY0xCVnBkMDAwd1gwCnhNTjVvQ3VuUGQ5WTE1eXd4NktH\nSVBab3ZQUzFVQ1phWThsTkcvUTFxMncKLS0tIHF2Zyt2OFhpeElHUFdpSVZuS3Qy\nN2hIb3F1Y3Q1d25jb2dpTm80N3JJZ0EKc9RfRBoYNj8EDJYbbPQ9Nm5eXqDvXJUE\nAgoZAR/2i+v8M2xqvyVAib/BM7FxGhHOZzo/yJYZuE4Uv2hnRwW0Dg==\n-----END AGE ENCRYPTED FILE-----\n" - } - ], - "lastmodified": "2024-04-13T21:15:27Z", - "mac": "ENC[AES256_GCM,data:NT0uO66v5lvkH60CfZYpw3xPy/x4AHzHEd5nTI/IBHJmQJlT83Zp6Q9PveBfv3qxn8+7mBZoE720B4mYG9zjT3W1kjFV9uzpQx92UuLGJHrbEZ/VNTJiewhHB22lLq8wbaJ6I8DvwA+Ig6xJ0KViEbywQCwxlmYSG5vS2Miu8M0=,iv:dxwtH5VNs4WguiLXChx9JgXrTRCiW4Z1Gd5fJlr75AU=,tag:A5Sx7cDFOo/aSHY06JfsiQ==,type:str]", - "pgp": [ - { - "created_at": "2024-06-19T16:30:03Z", - "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA84hNUGIgI/nAQ//SLsvAWVXl1XyoKgS36czZh4Oy0doCHJ3NVgM7Cath9iK\nxJywK2AKPmaUT8PPyebL5ejf+p3Fy3ZdoNvEYEoLuFjKaVLzZHRY+g6psoCuHE07\nW6mJ2YQPA29TRmOr9EgHv7sJhN962jl6R28GtA6eYYXyADAGdzWpZTKbjHJojJ4F\n54Ai8GyRjv9CaYcWKh7tw5DvKXMo/uWIDLox1PqfkCzkVvwcQAfg4BooGEtcPfXs\n4HvgLntmuo/6bmiGY90yHHaDKkX110E+nmQzCm840ikpZmYQx0fu2mif08VjaTEZ\n1mspK++049wPP1DfgwCtvqF6xaZHIhsseuCaaMGzGLCyRyvjtd5BWZWUXKnybIAl\n4X52ZNERo3p8begm7gx0ZiH5FBB0mxmg0TJMM5BZzfqtJPgPewO7NfJdVi6TYS3m\nCywyygA2bl0TfjVVmoeaYwmP/TQNpUjn6G5akXyhm58AoihAX4INS8PSecSE65ie\nwzTfODdSK0e+Hm0ZkbPTEMEsICK/AAlz/zls0F4GDn+VTxyOsvYk0YhAjW8rjiSt\n9KT5lvVeZAint8msmeWhqpeexVJ9gtpVaLo7q4GyfzIudy4OrqraX5x399fdOJ0D\nt82cSsP2VnIeV9OiWbE/9XdBr3n7iJW0a/uGKpPn7mxlCAbTFw9eJ1VK2Nvk7+TS\nXgEQEtFvPvca9Uz6mjH9PY5kh1iru/351KSZ6fj4nbHMAg/OI8V3DXnvfrXcUUPt\nuSgIt2RLuUgiyNhXkcuu9qFz9dB5Lp38a0dAczAcudyK6y2zkL/QKdtnNWdvOHg=\n=1mZu\n-----END PGP MESSAGE-----", - "fp": "F63832C3080D6E1AC77EECF80B4245FFE305BC82" - }, - { - "created_at": "2024-06-19T16:30:03Z", - "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA29thaGx06tOAQ/+L9EBljfcWvSi8Z3xo+iqPSuDWcArBswAFUwbJPaAU/Ou\nTWvBChUyxvlMZq3hLGMscT7MtoSz1NLHOkc1kaSXL/5O8bjAYl0H80UUghBvtxFJ\n5bjXt3XTs7xnCdsz6BwxrbgjGva8nkcSpkBBLyyPG514OYr4Eakakbq9gIRbHrsf\n+R52BJDGjuccahF6sx6yhM+wZBlEz6pBmen7EuUBiOYGzGFNyl1U7kAiarUZL7+F\n3yF9nb8tLG+kVcmJQbjOLtxguB/V4yfTit0r7NimAufhp4XLCXnZQrOw2oime0vO\nIgrziC4+RsDuGLrAaMV19qonXp+RzaZEgztiujIY0CcHk6XOwKtABQHGMiVgS/1m\nCi2iZKtJ6f3g/v/Q6Zt33ItoJ9MNAFgQwOdiWCvXlTKLHLErKXs/hrSrTzAAQvkt\nrA8QDBQIWz29Xmv7WOQ6dgsV7c/VrDKLuOJNHprimcYMI1lp4QKtt25Avly3APQA\nVq7MLIx+XfY1QOTTCgRGjPA5NlxVfs0IE4L+Ap9rrtVd6zMW/2oVRrbNJL5Trcgz\nNuEs88SKGQdF6W2Fb9ed3fZGX4EPsSET46oAr+qJaGKHC2otrh3Qa3p+M6kkMB+E\nVm/pN+47pz844/JDnieQ4dPTIJ3tgBd3MqkcV3onCH422jYYb63C4/EJFEJq6nHS\nXgEXTv8S0UnePWLwwFGzlPsUTzRaQIG5Bx9ROydkC0Nw7KtuaZ8Yy5/XhCKftxDg\nZ8a/Vvy0n+icrl4vDypuHuPVQ5oF71ia6zZewWj3Iu1TaEJXV1Sst9oW8kEEFTA=\n=Bs2C\n-----END PGP MESSAGE-----", - "fp": "29F5017C95D9E60B1B1E8407072B0E0B8312DFE3" - } - ], - "unencrypted_suffix": "_unencrypted", - "version": "3.8.1" - } -} \ No newline at end of file diff --git a/systems/palatine-hill/keys/zfs-torr-key b/systems/palatine-hill/keys/zfs-torr-key deleted file mode 100644 index e8a35d0..0000000 --- a/systems/palatine-hill/keys/zfs-torr-key +++ /dev/null @@ -1,31 +0,0 @@ -{ - "data": "ENC[AES256_GCM,data:4kEKyga4w14ZEJODrGRLYE3/QNXdfwE5waX3XCacGyI=,iv:MdkharxcHgKIqY3PuxidrCfgilr3krERTzZ5AP0k4GA=,tag:IRu+J4uKmoFwUK9h03cmLg==,type:str]", - "sops": { - "kms": null, - "gcp_kms": null, - "azure_kv": null, - "hc_vault": null, - "age": [ - { - "recipient": "age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXM2tWV2FacS9KbkZwQ3JH\nZ3RyL0ZhTVBkeGkwYm5pTTVZeGY3dXRBdnlRClVxQ3krOC9SZ2V5MkQybFVteWZ4\nSG1wM2NaOXo0Q2FQd3EzNVVYUTdURDAKLS0tIHhQYlBKTDVXZXFlZStwWUJKTkhN\nWENYMUp6emdNdDVUdjJXVGdVMkNMTWcK1yhjh3bKjg5B6FhqzeeJ4u7IMxctUgLb\n8GRJDg1d7PALxu0+pmN7gxYRXaNu11b3UXciNh8i/EBJydxrsGV0pQ==\n-----END AGE ENCRYPTED FILE-----\n" - } - ], - "lastmodified": "2024-04-13T21:15:27Z", - "mac": "ENC[AES256_GCM,data:+jEfFy/TYSIPjEtBlx3YuRG+g6zNQq2CBGb/4sQO98lQuY+0fWjGhj0KxYwJmzclwvu89YS7q/dFBD9pbCRcwYk+W+v7LcA2CQuPmmrJC0WzlfZLx9RiSeXW44Xzl04MdMPyVW6i4p8+oxrmyNanV+T/uXNOH9Baz3vfvzfSy7M=,iv:7RWvMp5hTawt3+TTx+rf7E4Bc6KErxae5BGVPr2hsq4=,tag:cCK2CuBWKVpPY7gvdboaKA==,type:str]", - "pgp": [ - { - "created_at": "2024-06-19T16:30:04Z", - "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA84hNUGIgI/nARAAm32EsBGEgvvnjAVKnD+PQIE1BUNBkxbw6Tr5Ac+chanu\nxvNbvZsCvWjMl0CyU9p3nkmAMXCJQ0dEwEXJRctLJefNX4ZXefBWMhOOKpsN6o68\npwUYpHCtEdT4mJHGG6y/3ZH6HGmQ/eSH/I0YigimNBuqlJuKY2cXxlEvdpy/12tc\nFAnIBh5RcjMEwR9s+vC5DZsTyUuLdAbsBJ2bUn25SK5fYe83LPYRFrJ9vpFijdYu\nn/dqbb9PlIydkBwPpuD50GZEtpfQJKQDFwAhrw5A8J5snyeJVnEijFmQsM7n2DZl\n9l8t/Qm1Yl0cHBtRjKPXwMYL5FTXn2MUTK7rgSA2+h8OxNxikWKv8DqtB3ZHaEnV\nRotm4Q6HS4QdaGIjC3wq1PoDD9lQQ/b5G0zfD8UsOXmG4UwAAtgYCTnGpNYtFAt5\noOJbS4n5teJ+nr2bYHMrWNHQxXD6MQj2xeP2BYBnK+zBQQuXEjFmCExdpo6aq2Tt\nVc44Co7+/F0Ct8lJw0HyQa96RMmHGZV5R3go7HeRhwDGJQsaGKLDuK9fvZPGJ7yD\nS0bUox1rK0bRqaMHa7TWPktN5rqvyYa+cCZKSu/WiToyfjFKsWz58DyxbSXoNewJ\nfppDrILA7SRLU9IO0irdlRktuhYiWZXVinb+Qe2VgMZ3U/50de4klyCPocrrBRrS\nXAEQe4oG2cd6T0lDpQFwjz5oO+9u3p9ulfWpRupighhICSP6c2OO838ZLJ3F8zJZ\nRxvX5JGxrh33orViJugjKauiYLxgf4E9dn2svY3ICEk9391LNTsTL785lvK4\n=ddWM\n-----END PGP MESSAGE-----", - "fp": "F63832C3080D6E1AC77EECF80B4245FFE305BC82" - }, - { - "created_at": "2024-06-19T16:30:04Z", - "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA29thaGx06tOARAA20lKyRAc5dLXSxzsS1nNUAWnsy3hNcsQWtR93Sgglh8g\n3PJy68lw9ADkWmVP6H3hwhsyUofmVqbDnb3MRel9QlDGTgcj0gW+5g8IyeYmzDjZ\ncEgZ3g6Q1ZpJOcfFB3DrcC5qTcaMyGMP2Kl/8JYpXbDJ18i8FSrnNuxc7kGif6oq\nP/XnZnh3wPHS9KimcTmtBRg1ZzqYbIz+wrsYxvkZF4GCj5SS02kkvFNMwkAElpq8\nsVSYENMIyD+vYCTBMDaed0btUyMtzOyCk33mGStmXf3oV8z5gUJCIoFJ9K9YRY2j\n0PVxBxf76Bp1kSemNvsi3d2/7oZyYn2vMz8Qbi7rLKZZCQV66jxSQB536D86KJlh\nb1tLwtsSIMdY+IiCM1EJ6zAVys/MHUxXXi8kLqa94m90C5ocFa2XOWIA7JsIdV91\nNzXcDMeF4jDgCDNXiuI5wZzfI5lufJOhi6oanPzjM3ueFZKlY84StQxcAFSu3CA1\nRYGWTn7ybBQQ4fvaYqQf9IGTnibZ4/w/hATOL+xGsutok7vm00B6B2q9/JtBdAsW\n3uqC+ZBiOPCSUzIDQA2K1nm6BrGnNbEKpxYp8itfO73mSGBfHA22gRElXlEE6r1N\nt05OekpzR17WKtnCFytP++2GMX0IlInznaBeKdUlqwMcAHtSxGUIV8YtFN1Lu+zS\nXAHNWs7ARPeL2ORhDNQV0O+JMxMx08hkwb8ZLzemtqqy8FB6Z95HGKjxXNtOzl4w\nqletmbAYwjK+rTaEt/DqO2LaVHQENLzZSb+sJceQkT+PIcQqt4LxU7ukzhdY\n=Vx1G\n-----END PGP MESSAGE-----", - "fp": "29F5017C95D9E60B1B1E8407072B0E0B8312DFE3" - } - ], - "unencrypted_suffix": "_unencrypted", - "version": "3.8.1" - } -} \ No newline at end of file diff --git a/systems/palatine-hill/keys/zfs-var-docker-key b/systems/palatine-hill/keys/zfs-var-docker-key deleted file mode 100644 index b6cac78..0000000 --- a/systems/palatine-hill/keys/zfs-var-docker-key +++ /dev/null @@ -1,31 +0,0 @@ -{ - "data": "ENC[AES256_GCM,data:enImcuxScby8hnET/8031kdP27BhZwWHKjpYvWsyVc0=,iv:RZ+Etysb0QTQpOmuFULaOFTi1o+v8zOldI36DNNQcEI=,tag:tqtC7fkKbY8nnoUlkqFgAA==,type:str]", - "sops": { - "kms": null, - "gcp_kms": null, - "azure_kv": null, - "hc_vault": null, - "age": [ - { - "recipient": "age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCVHpybzFCYVlnSjRTWEtY\nUzJpcStjM0U5Mktld3dVeEpYRExKQ2hGbkVFClRoL3hycWhURXJiUmsxckVMdlMx\nbDZ1S3JhWTZwdEdYWGdVbndmaDluN2cKLS0tIFRqZGo0WTFUUmxCNEczbysrNEcr\ncWczYWNHdmZxMnJPOGNRZUNZbnNZaDQKW3qh1qk1nVmytZv0SrZHfAXc9lw3CXrh\ni7b7O/jrODlgjb5Ji6qquLkTS1PFr61tl735U9Aao5uY62ZAC7Fdag==\n-----END AGE ENCRYPTED FILE-----\n" - } - ], - "lastmodified": "2024-04-13T21:15:27Z", - "mac": "ENC[AES256_GCM,data:aDxxjyyupxK0P3/ZpkEkfCVoFJQcjDNV0w5xe9P97hJvqJlf3zgOvdcTkcMvcQiZv2P0jY0NpR8z2jX9VhrZn4OXKxlcPnEmXA81lJkpjsZkRj55Lygm+/9su3eJpjcVOoFyikK74qs/NMcR5yjslcgpJxt2/3cIHXD8SFyBjbA=,iv:6nGCEOQhWAQdjQAR8AaF9huHhIx8WyCO57hvwx8VjVs=,tag:LWcQkNZMu/8tGTEmkxjdMA==,type:str]", - "pgp": [ - { - "created_at": "2024-06-19T16:30:04Z", - "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA84hNUGIgI/nAQ/+P5IweGMw2kjASZtbYI6l0jMbtuP3m4JpQ9fsbOCNEb6G\nqjVS/qgQS8QHzwkCR9en40FOIY1aqrd8BbGiUh+Zdghse3Ovdo3oeXD93I69nWS/\nzPSepCZkWjK8cmj+99uYwprmjz/bPWXrc/rOlLcZ7SB5Cdfmc0c9qRtZvj0R/zO9\nlR6Z0f2y3ZOx/pCsMb6Iie17GbDhBGXbi2v3IpVLo7uuxPRzXiWajiz1wRDeZOAd\nDMLYUmmvyGlDewZVJ5+6qE+JM8tNuV4NmIg76dFq2x/k63w9Ju7uFotY5jdOf8gJ\n6xlFnSb75xepbzujQhKzEXqVZxYpNiBIZJsHfC7wwiFYaBRFZ2G8nnshrlOMRBmP\nrihVG3pxNEF+CcMMkoSnD3mewHt94G3DP1+Ym69YrYOtqmP3J2xBUMXFnx6ZjRTR\nbvL1JFFNnmtXzITRQKLxwm07hwYKUzEV4GBlh1Q4QNsHR7hloufT2NJQYoA6lmYG\nO2IkJk5xgKDieD5GCfbZXcPIf5wymRMrWECqOUe4c1yF72XLmLDVvqvfGKRbHIea\n78+nsSlJqeHIJL1rHM8ufYs7nQ0M7prJVIHOruZFCxNKTN1fkuRBWEwX2xtSnTle\n3he6La1K9qvKsZSjI19xLiNuNgPR6IadSDnYiXXS1oJogHi5pFbLbUysp30aqtbS\nXAFudzN0Igd0Emfkn/UcpHd4Ixda5KQAXnW4grcvva1xiWyyTjTdtCbMMeMsZMvG\nVDvHbT9vjQdHOhcJp9kgGI8hd1Y5PNnuig+GZgekhCf2o3adZg/ojvWAsDTn\n=eyl2\n-----END PGP MESSAGE-----", - "fp": "F63832C3080D6E1AC77EECF80B4245FFE305BC82" - }, - { - "created_at": "2024-06-19T16:30:04Z", - "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA29thaGx06tOAQ//XsDBTXGCR3Tq/0gorXDc33ZF7M3J4tQQzK1MpkAhIEKr\nWcn5FOuYEPqJ/hgyCN8xHvd8TVS7B3XjesL/CouQVXlUH2fgY/kP5nhza+hALirj\nbeN5qDm7KThz/KWM/pZus2DEQ8Lf+So1iUvR6Fe30hgkmqzDpklRWqDPpcmE6iEU\nkiu9/pweivYOhgqZgeyaJRIDRXRYyAKKfgqQcKY7xH563TkqoIoQvqaayZ43kf57\nvFytIHdzUBFhesOvK+T1kCGO+Jby8MAhnNPCysOGYYIxEQzCzpq47SqfhTadd467\nYOl0pNHP4+8Ve049WpTfwQUs5LXk0/isbVGpwbA2/zt+9YW9kJfBW78jZZZXWtp/\n4h7N5BvABGyEaupGSWzYITJdOW+t1+IFalJGBEcjCs87FU6d2/QWg80Wat8YabhY\nkocOZzLNupXREV1BKxynOnYtT974/pjtbpIptthQ3x4aN/DHBj58mioPdxkWW+5i\n37OFndG35OCyGBvin19AZjzSAXgy3w1d2H/Qif+LLwd3OCS2PsEQWL22KIqP+Zbe\nA4nB0movV4YqyN1aWLEpLGlKwLYnNSOIvalCFOUBel09W2obhLE9eiUGyOA5U3BU\nT2s0Idfkletz9jz8vkNq4JVQ+ENv8ooFFwHMoya9gHvYRfrcT7m9VM/8ellOaZbS\nXAGo7Ob3GuweaH4AFS2iu4eKBnAyEdkZg20Hr4PJ6sNuHwO5KTXiyPBMuRsRmpkh\nlhTIAhqR+xGAS4klowlLUKaDr2UnqB6d2Ktm4AFHTbRPgfsAtL6BkaitTv9v\n=JRy4\n-----END PGP MESSAGE-----", - "fp": "29F5017C95D9E60B1B1E8407072B0E0B8312DFE3" - } - ], - "unencrypted_suffix": "_unencrypted", - "version": "3.8.1" - } -} \ No newline at end of file diff --git a/systems/palatine-hill/secrets.yaml b/systems/palatine-hill/secrets.yaml index 178b81b..2b86309 100644 --- a/systems/palatine-hill/secrets.yaml +++ b/systems/palatine-hill/secrets.yaml @@ -23,54 +23,34 @@ sops: - recipient: age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPWmM1Q0NMQytCaW5vZWhT - M0JQajhHc1Z0RXBoSnBBMlZGZ3dhajNkcEY0CjBMeDNIS0RhUUxxUDY0ZXNyb0Rj - NHhUNFVPSjVScC96Tnl2R1FmWGNQa1EKLS0tIE5iRUpPUEtWMW9nUllzT1ZEZDE1 - bTdhU1VVMWdWVzBkTDB4MkxFcWtQSTQKsASNOoF5NjJLIedaBUWCMx1uJziEZZSx - AlaF0gp4bNP4G58rndIe8XtsM10BseGvM512kMGWd3XbQPz3firk5w== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBZzhuWkE1czhNdm1zMjRK + cTVhZWlmZnVqRG5RQ2FxSEpyVTdEWHdvUFRzCkJOVFJ4eTk4bUpVVlVoUnZSRTdw + SVdhc29UQktlb2lEN3VQcVZhVjFsRlUKLS0tIFpHWXZRSk1leWpIeGxub3hXOUU4 + bDRzTzhIa1N2Q1lHcG54akdOV2RyQ0EKHM4aD6KEyn8+JglVSGui3ROHyStDdAgh + BXXeg6BRwANFzxfUrpAZLoVh/pc1q9rmaxBUQ4NOM3mw+gKuv2NFrA== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-07-07T23:09:33Z" mac: ENC[AES256_GCM,data:nr1JAEr2FGrYtiUhrQFsBPbiR+toxzYRZVPqq7zYBMeNy70a5jMgw6qm37M8Hmt7omO/KePE+Ol27FI9Aqn8OP3CQZoSWZbul+TTItV5UWC84G3MebaesnIiFQwbpM9hz08VoQ1zxUiUFnUY4bBr6okNSyJeqq/QmkkyqhK4Wlo=,iv:0MR7AiQEX2Cl7FUtRlxaY+R2oqSbanIhwaXAN/UnHH0=,tag:RpQCtsuelu3VQVB9HzJE+g==,type:str] pgp: - - created_at: "2024-06-19T16:27:11Z" + - created_at: "2024-08-21T00:13:00Z" enc: |- -----BEGIN PGP MESSAGE----- - hQILA84hNUGIgI/nAQ/3dupmdOAwhgOEF7K5s8+KxlXlmz7POXkO3zDXbFQrZrKR - JNncfi22Nri57Jlud5ku2W/0jJ5B812/1oIpClHFkdWqg4b3ZIrOpg1239IJX7Gg - rvacIsgejrAMA/aT4F7a8QAwWdBy33aB8AgquGRYo6STn9fLssQ78Q1P3ps1oT7R - 639EF7Sb+I47yO9rq6YDA1391rHrkS5PvW3ztW485f3nKJ5o7gD1fK4ghZPuoyy9 - VppgkzpaaMXUBSJNglsBy6uReq/aupgRnhcmZu+vFdgxY2R4Ff6M/AhpJLOz9B6G - 4QGb9uj3nBKT/D9PFqbSCn/oreSJzxd6DTOdM7NOMu+CgPsdJ5FoivH1Um990vfB - V7y3eWvJ4HMHHIr0QdWYUpr7Wd48m+fhWFI6SQB1kRWCY9rgb1SOmsvDKDmzGd78 - H2tdweS9Bjdvwedn24IpPJh90do50HOnFVa5zlGj8AA43IOOhXwxvEhelgY+xoNK - kTLmARqLAHYqq9MwjBZhiIGwuLemyXP7TU2U9jXUIsXPMejdaInrCt2gHkjkI9Wy - FollcgzeBG3WqNAGZ+rnfmNN1rAela7P7MCUqroVsXIDi+4C1nbnMlRnQTu6e5nn - VLP9VEJqYobLwm+kZVHG6SJM+yOmyAU14YKOYGWsZkjnNPeNb6tUCs/Ml4Ob6NJe - ARVQKVwy0wP/sCkeYjWTRrWcITpEOzwn/SVbiDMlnh05/jLtKXzm0FVXtutiYQZ/ - SjBYpYARV6pZhbjA4DjnPba6uwFca0UnWk4coM+i2doFsJKQJe0iHwzgyyy+/Q== - =XzRR + hQIMA/3GV3g+HEdPAQ//dEHZoDJ9BWiaZQVE8CTsKz6nvngBoAJZ/t9FH8RSaSo2 + 8K/Ix9VwpxZt5T7SDh6w6gAHPmb4gjvMFZU85DiNTumrK6zDecl3XVlcb1FaI6AY + vxIpAbHhvv6on6Yp3rst1fTvm7FQfxwPkRhR/IwQsehaXbXHw03HBpah/KAAhac/ + KVyqy8BfT0iK1YU1CEMroIAKEJi2jwBY5K0ur7u4He9IYZmJzp8kI3N/GQo9fj0R + lnGov/Q139dwA7Xi+nf0pwGeWMJ4DfJXRzEwqD0PfhYeS8qXxnMjNESojTttrOgD + 3yZ5D1Z+SHUeOEwmgyinFx5ls04TYl/XoQFnt1YwOvs8FVrnRTDKPrZ72CcGYNAG + 8Wj5SzGMlL969q/luslqyVMvRf9sxAOApjPu0be4tYoL5WfDPs1aDdSAvK/3nW8x + VTBtQu4uIqmdfP5KAbt/HyIIKQ+93dkxYVd0vOODR6fbM97cN7TCzgqnSUUhA3e8 + sIBx98SbvDbfsXVSlkPM6dLSQhvdisvlI0FkPnmDk1xFlxlOqN7Yo5iO0pk2yNDw + tW0BY2CiRNZCRshSCbQXF6yJGl76WgfIZ69NgoACB5FjXdG5t+6CHqKGIpaybowj + zb/w4wiGCxDw0GmHTfN16etKEn+GkxPR6jOzMzBc3fgwF4eyd5/+daUcU67SpTPS + XgHkZPTOPP9f2AvGDjvK6pc58LE2SzVB+eGdg8W7wc5MYpLlwsCjpH9RJUiVjj40 + 0P3V5BbGFFHHMRrpE8F8Lc2iUHRTeWHQtzv2ks2ywqmKA4bu5/tT+R6GxvRNBl0= + =MxRN -----END PGP MESSAGE----- fp: F63832C3080D6E1AC77EECF80B4245FFE305BC82 - - created_at: "2024-06-19T16:27:11Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - hQIMA29thaGx06tOAQ//Thyg4cyx5/r+wrU0TVspF3zVRLNHcwHmuaaXGebOUMxd - UuL3usmi5lC1/otK9XshTg9ODRsTtZ8qjoj2oHOYgZHhRZRsWMNMnZGY2P9iVC6p - ZwzIcDaBwDqaw6nEjXqR6eSB+P7XzHGMVqa/EhmwBrEwa4qtv8R4huUl9G2CY2RM - eWuTSgD5MEb3mPveemkvVvE+gquBseZ8wfkMA5eBZZYvEBhb2nKlSoqWRKv0Sp/a - V5MQSWZrkFfbA92g9S8AJZcwMuNJHf//N5Z9UofK4yfC+dC5PnL52iU0/M58HeXu - w7X+cvcYfEHlQF4b1v/W4C3YnMhaEoKDuSAE+PdM5TeZfZYnGglVDxNogYAAfdIP - l5gkSWhl5Dzu+lNg+k+kIVngHr0XDZ4IrTgXqrl/wtWtBf+xrjnlnhPMoRfTvUD5 - 2TRRyr9gwu6t+bIW1kSjcpouYhnSXtiCGb/5DN8W8Nw7sdOXQyeMfTI3oGhUKKrU - Qa4ogWFIS9GN1wYo18CfdXiBtfVnRIH485iu7d0bdvbkCXyweAoNTmIbBLNfzg2R - m4eN5Z8sXWjSpFOGiWf82IlF86xvulDxeuUy+synoHsD+WQg5rB5MZfhCwXoB0Cn - c+yCr6Ocv/KjoNDn3TdI6hkW5Inv0eYqx5sVRKbita3eAY60VRz5BqAC6MeKGHrS - XgH3doi5V8HoZOMfHtxhYk9/wUQO6ABB0Z3N05DlugtaRER6DdNLw9zrIqWQhFA8 - YyR50KJPlC7+3PFxfWVg3iWCZ1gvyXMyC/HoTmC5uYY3avUZ43QqsnepXJgBBz4= - =+84s - -----END PGP MESSAGE----- - fp: 29F5017C95D9E60B1B1E8407072B0E0B8312DFE3 unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/users/alice/secrets.yaml b/users/alice/secrets.yaml index 6a7b6c9..50ac581 100644 --- a/users/alice/secrets.yaml +++ b/users/alice/secrets.yaml @@ -13,69 +13,51 @@ sops: - recipient: age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0Y2tHVVRBZXdjSVpQSTZa - Sm9aMitGSXYwakRKRGgyeHM1bE9RTnRnblc4ClhNV3NoUTlmZ0NNYXF1a2dqbi9E - NjFtbXFUS3VYSW5waFR2L2QraW0yd2cKLS0tIEsxNTArMlVKcGN5K3V2OVpsWHhu - MTNjb2UrWlQ4bHFOT0hkYTd5eUNXOE0KLA9Lp7jnjJkEksOPTOmJ4BK4aF1vKwIp - Smz5rz0aIlK8PyYxWgye1Pe3/pHSgmQBN//r59h+G0Y+MuNUhQoCWg== - -----END AGE ENCRYPTED FILE----- - - recipient: age128ehc0ssgwnuv4r8ayfyu7r80e82xrkmv63g7h9y9q4mhk4w9dyqfymc2w - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSdEpLTGN2Y1d0RnpxL2wz - VWZjcHo5Q1JJbVlPbU9NOW9pVjZMWEVUajBJCndnbVp3Uk9TVm9oUlhhdjJhNkUz - QVpUYmpUZnYxYStYbXRVZWFVTExwS0EKLS0tIGNYK0lHb0dndXBnczJiMW9pdTV5 - SDBncjNVaWIxOExPemdqTGF6OXZqeEEKZz3TuV/Hh6DzwU2Ln3HGv7q88XRTwi+D - Yji5RmjUm/1xUqfHwnQBrHhFuDlg/N3daYBjjihgM6znYrgpYV0m3Q== - -----END AGE ENCRYPTED FILE----- - - recipient: age1lffr5f5nz0nrenv3ekgy27e8sztsx4gfp3hfymkz77mqaa5a4gts0ncrrh - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwMmpqUk1BV1pKN3JNODBi - UmNYTkV5STNWMWxsTVZpcXRSWGhpbC8wU2pnCm10S25iNm1RYlZYV0pTQmJHSnhG - NHVUSXB1eUNBalAwU055ZUp4ZDkvcFUKLS0tIHViL3liRFdjS1U0VElZUlAvTkdK - SFRvTC90L3QvL0YyRXp3QmFxRkt6aHMKs1ZSLYmRjoJiDJMbzA9nY7YM1jCfwlH8 - qK1/cedXWGRdoreKSoHwQhU/6NRhU+gszUos+ol2f5xRqCaHXf5mnQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMS3FUUUxLVDBWeEw3eGNW + anowRVpiVjJ6OWM0ZHVFdXY0R0Z2aGRicmxBClFFK3RhLzg1MVBxcHFjQ05IOS9m + cDhTeVRibEhIRXFvbWR2THRFS3daWHcKLS0tIGdKajh0LzJIemo2d3U1TkgrZTdn + YXh5SzE1L2F1aUpMQXF3RGhja3h2ZXMKnMA+Ctvat+FHjLJVE77vLCiFLT12E9G3 + H+h61DkKf8huLpQOXlqhhyDVzuBXL/zdfHfD+MwYyJ9qDV7NICQx4Q== -----END AGE ENCRYPTED FILE----- - recipient: age1jd2dcpykagz20kpk2kkchte3augqncwfn6nywursx0dkfyze6feqdzxkq2 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0cC9sUzVqekRsYW5pd2hk - bitqZHZJM3pUbkYzenlvdkdFKytMN2kyUkZjCndmZ01jRnJTeGxYUnI2MlA3c2ZZ - M3RyQ1FXM3djQ09raU1haXBtSkxhMkEKLS0tIHlnQUpzeUE1S0pMYU5tSmV2TnZm - MmVwc0dWbzhTalFpcVlaMEM5Wno2S1EKz5lsEy/OvJoZxQdUzRoqkoIyvW7/tnrn - TDQlbkYGoVKd27d8CkohGIXtdmVBtf+Q4W/eGQ0y0aNPzOZ3EY2xRg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYN1FCUmU3c2dudjVoWUQx + YkZRTEZiYVlBOURNemVXelhFeXBjTXBsMkR3CkF6b1AzaTdqalgzNnBDS0dySmRZ + QkhKSUNtY09xZklIdzNLRHV2dHRtT3cKLS0tIEdTN3JRbHQ1clhDOXA5THQyS3Za + bUJIR2NnelBIUHZLT3lxRnZBLytMajQK9jD4Vp/Ezqw+X0RCQUSzrUN8VdpDJEnQ + jDu3xNLIgV0e28O/gPIeQQG1VVM05e+1v9CJheXLNmzyqv5SWVyoLg== -----END AGE ENCRYPTED FILE----- - recipient: age1t29a6z6cfy8m3cnc8uva0ey833vhcppue8psyumts7mtyf0zufcqvfshuc enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoWnkzSWd0aTkxSTFBd0hH - YVRXMWhnWlRINFpNV2hlaFlsMTdSbGhOM1VzCjh0QzM3T0ovY0o2RUZCUHJ4b0VM - VTNmbllyQzdJNWNwOHpidGNtaWJRbnMKLS0tIEp3VVBHZE4wR1NZVWljNTVPQzJv - cGtqTDlOYzhpTEFuZlpvL0c2QmpWWGcKbTQUBfg4yEtTPx8srahWcJyZ3C2w9qZV - Jd9406qhXOXDKS/zlNXofYC00TWRFBR85gbZIqBq/VQd0lD93Xue6A== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHNGQ0SitVVjdDb0VjU0ZZ + QnVYTG1TSDI2RE5qUmh4ZlFmSE9RSjJ2eEVZCm5XY2NrNjdZK0FXaFB1MllBL2lM + ZUUvelNtNk8rVmhEVjVRbEhvTFZaWkEKLS0tIE5vRmp4NTk5a3lyd0FneUZYVHJq + enFCZXpLRVo2cEVnVkRLQVJSSjc0WDAKBc1Pn6xYLRzA85Brw8Kv/8gvH6W3pg1h + nnQk3T7wKQ/uG/rlTGEEVV+maQ8g+nhLI/kzeyTNnkGBiLDUrlaUmg== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-08-20T23:15:03Z" mac: ENC[AES256_GCM,data:VnLd4N2l7JTKA7f4eh9EKilW2f8mmEmLc06WbHASOn6N+MIGPHwyLjLbPVECuXiVl95cs0+uWsFOPEbLiS6XTB/gZE1OZMYqk0x7FVkQNxMdWwcVAQnncC6i/cdBTAx+GW1iF6Cf2eLY1wNNiASk/Bz8u3r4UJ4QFXuMovPsfxw=,iv:Cr1bAYrwlK+ClRFDsiUdEIqXDU7onubthDEQDlTM3S4=,tag:EyfcNB0xKrFRjbp517akpg==,type:str] pgp: - - created_at: "2024-05-26T22:56:17Z" + - created_at: "2024-08-21T00:11:50Z" enc: |- -----BEGIN PGP MESSAGE----- - hQIMA84hNUGIgI/nAQ/8CHUIO/T7MGRtbkJ/GLRd7wm99g2gQmurGTQd+eQY4YEa - mGdR/UKfvXTHVwrHRlmOb2GqtuNBBX5R2I4JTA9Yg/sWk8KNTIW4lJRHahQaxZte - bTWwsMleXriJhshf61NjX7kHpi79vFiRqr/M8jQpC+bgxpk9yXV7CdCHtU1RUCdf - xG3Nb509/E7LhBqwkfmPqmDQGaoRuMtZNwjgq8VoCtcEf6vnLuiSSxi9ASoqdmgL - CiVNcDNGyWDZvYkS6Pd07TnE3ldNnfjJeZoWtCRoBafKaMYJ6CCeKBq+whVCwPm4 - K2phOZ6i1v2XBTjmC5jpCyERNsFr4EKoNrQRQwt0jXpQ5T1kUG5O0ek/KYondEzY - cso3MqPlQgOJTLyeYLg8xd6ECGDMh4E7UhtEEcIxByT7E5othIJT11Eao2LukNYq - MWAaYcl2gVc4S8ervN5BdU1/+wEMRu57py8DwWw9Cw8VqUJFbuxWSx86bTaRIaqs - UV0dxmH9bJ00/g0f9wWau1wgzshvzj6nHGOQArjTxLJvgulMmBhlWt4MrHEeYuRI - Gj7N9QV7Nu1e6vn+M2/2qVXAbyyrQDPG7PhHS1A4wJEEs3zjmMTnHK0zo5yBw+Qo - t8cUEN4L95p4A2tKHtJZCHS42D05aP1koHWcXxf/6b+ZFtgL8pqBelWo/ddEImTS - XgEK6oUHm3FzRGMfDeyn3sowy2IpBriYZjKASEo/Z7lt3A6esSESxrVV0x7Oc/Mr - qNhLsDbcL2yQKHhfQw7tIvTgVO1HNISQ2cKnXqAJsSZnFwwA2iRjgfulsyFV3uc= - =luT0 + hQIMA/3GV3g+HEdPAQ//Swqj1mjfLI4ZbGkiFSRVM6LrJWT7aVhKiw9/w7TISHA/ + w1AK7uiBI1uJqjx/B1z9Vi+8ASauB9BPDYwB5D/m8vfRXXG5mN3Z3othTNlV3wqX + lkADSe3gDCrHd575esNBiYgzdEns7nBbve4wN/rIjlOonQzkiqZpmTXXP2zVmxmZ + SMYWInqEjhlU1Jlzj4iPBsiTy1NG/llQC61mk8lyILjkSq6NzZh2qZIdYDsM8S5c + Q86aleiMRsNSMJb7sI7VoqEkQa/IBc+kA8UAwl1E5OkJ44bJPCnV03/XBqHtY4mk + M+3wnzM5TuFDAAtAkml+5+etDFQi7FeBlursvX7x0tgGOix+1xC4CmSO1HjFp/Yf + /qIuGXFHXTXmPOJ/bP/i5UB6H1G7tLi/tRfadoaz7wXJ6OFox3mtJn0kngW2qEP0 + GdJ1bL81rV2zaMG6QaupCZaqYbdHtgCEAYsrSAuV8kIO/5Ws/pRtXGBjBwIuIvVU + rE8u7KYVlifoiIPGJHVNcmTLLYivlp3AZi8RFRNA4feYpyjC/njbOqrT42GH5GR3 + yFiID9PQXH4S4AFGOYZqWOj62AZzTJji/trhns63iY4CQSvjjxUlDm3hJpkOxTo7 + 7LbvnDwyAMI6+qINyRPoH1l5gSofEzCcADaz3+YlppWwkboC6gburwjnoSrs+V7S + XgG/T52nzYf6sClT7ixoCouRviQs+JSSUGLRv7ON10x/A4NdRDG1xbszaaaNikzC + o/+ybpz463WkQkUAMhDKs4WD0TIJ8RxjWXN+fP+2hRpjv9Q2l+l7XGlNDH0IVHw= + =aq7X -----END PGP MESSAGE----- fp: F63832C3080D6E1AC77EECF80B4245FFE305BC82 unencrypted_suffix: _unencrypted diff --git a/users/richie/default.nix b/users/richie/default.nix deleted file mode 100644 index 24a1ab9..0000000 --- a/users/richie/default.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ - pkgs, - lib, - config, - name, - ... -}: -import ../default.nix { - inherit - pkgs - lib - config - name - ; - publicKeys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMtRuAqeERMet9sFh1NEkG+pHLq/JRAAGDtv29flXF59 Richie@tmmworkshop.com Desktop" # cspell:disable-line - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHJSlv8ujrMpr8qjpX2V+UBXSP5FGhM1l+/5aGnfb2MV Richie@tmmworkshop.com Laptop" # cspell:disable-line - ]; -} diff --git a/users/richie/global/desktop.nix b/users/richie/global/desktop.nix deleted file mode 100644 index 6b14bbb..0000000 --- a/users/richie/global/desktop.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ - services = { - desktopManager.plasma6.enable = true; - xserver = { - enable = true; - xkb = { - layout = "us"; - variant = ""; - }; - }; - }; -} diff --git a/users/richie/global/docker_templates/file_server/sites/000-default.conf b/users/richie/global/docker_templates/file_server/sites/000-default.conf deleted file mode 100644 index 06c715a..0000000 --- a/users/richie/global/docker_templates/file_server/sites/000-default.conf +++ /dev/null @@ -1,17 +0,0 @@ - - ServerAdmin admin@domain.com - - DocumentRoot /data/ - - Options Indexes FollowSymLinks - AllowOverride All - Require all granted - - - ErrorLog ${APACHE_LOG_DIR}/error.log - - # Possible values include: debug, info, notice, warn, error, crit, alert, emerg. - LogLevel warn - - CustomLog ${APACHE_LOG_DIR}/access.log combined - \ No newline at end of file diff --git a/users/richie/global/ssh.nix b/users/richie/global/ssh.nix deleted file mode 100644 index 9d38997..0000000 --- a/users/richie/global/ssh.nix +++ /dev/null @@ -1 +0,0 @@ -{ services.openssh.settings.AllowTcpForwarding = "yes"; } diff --git a/users/richie/global/syncthing_base.nix b/users/richie/global/syncthing_base.nix deleted file mode 100644 index bd1e78e..0000000 --- a/users/richie/global/syncthing_base.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ - services.syncthing = { - enable = true; - user = "richie"; - overrideDevices = true; - overrideFolders = true; - dataDir = "/home/richie/Syncthing"; - configDir = "/home/richie/.config/syncthing"; - settings = { - devices = { - phone.id = "LTGPLAE-M4ZDJTM-TZ3DJGY-SLLAVWF-CQDVEVS-RGCS75T-GAPZYK3-KUM6LA5"; # cspell:disable-line - jeeves.id = "7YQ4UEW-OPQEBH4-6YKJH4B-ZCE3SAX-5EIK5JL-WJDIWUA-WA2N3D5-MNK6GAV"; # cspell:disable-line - rhapsody-in-green.id = "INKUNKN-KILXGL5-2TQ5JTH-ORJOLOM-WYD2PYO-YRDLQIX-3AKZFWT-ZN7OJAE"; # cspell:disable-line - bob.id = "YP6UYKF-KFZ3FG3-5XM3XM3-5Q24AZS-LZK67PN-LAERKU2-K4WMYBH-N57ZBA5"; # cspell:disable-line - }; - }; - }; -} diff --git a/users/richie/global/zerotier.nix b/users/richie/global/zerotier.nix deleted file mode 100644 index dabac6b..0000000 --- a/users/richie/global/zerotier.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - services.zerotierone = { - enable = true; - joinNetworks = [ "e4da7455b2ae64ca" ]; - }; -} diff --git a/users/richie/home.nix b/users/richie/home.nix deleted file mode 100644 index adf3196..0000000 --- a/users/richie/home.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ lib, machineConfig, ... }: -{ - imports = [ - ./home/programs.nix - ./home/sshconfig.nix - ./home/cli - ] ++ lib.optionals (!machineConfig.server) [ ./home/gui ]; - - nixpkgs.config.allowUnfree = true; - - home = { - username = "richie"; - homeDirectory = "/home/richie"; - }; - - home.stateVersion = "23.11"; -} diff --git a/users/richie/home/cli/default.nix b/users/richie/home/cli/default.nix deleted file mode 100644 index fe4bda2..0000000 --- a/users/richie/home/cli/default.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ - imports = [ - ./git.nix - ./zsh.nix - ./direnv.nix - ]; - - programs.starship.enable = true; -} diff --git a/users/richie/home/cli/direnv.nix b/users/richie/home/cli/direnv.nix deleted file mode 100644 index 75129d9..0000000 --- a/users/richie/home/cli/direnv.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ - - programs.direnv = { - enable = true; - enableZshIntegration = true; - nix-direnv.enable = true; - }; -} diff --git a/users/richie/home/cli/git.nix b/users/richie/home/cli/git.nix deleted file mode 100644 index 405f1c9..0000000 --- a/users/richie/home/cli/git.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ - programs.git = { - enable = true; - userEmail = "Richie@tmmworkshop.com"; - userName = "Richie Cahill"; - }; -} diff --git a/users/richie/home/cli/zsh.nix b/users/richie/home/cli/zsh.nix deleted file mode 100644 index 810d00b..0000000 --- a/users/richie/home/cli/zsh.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ - programs.zsh = { - enable = true; - syntaxHighlighting.enable = true; - history.size = 10000; - oh-my-zsh = { - enable = true; - plugins = [ - "git" - "docker" - "docker-compose" - "colored-man-pages" - "rust" - "systemd" - "tmux" - "ufw" - "z" - ]; - }; - shellAliases = { - "sgc" = "sudo git -C /root/dotfiles"; - - ## Utilities - "lrt" = "eza --icons -lsnew"; - "ls" = "eza"; - "ll" = "eza --long --group"; - "la" = "eza --all"; - - "rspace" = "'for f in *\ *; do mv \"$f\" \"\${f// /_}\"; done'"; - "rebuild" = "sudo nixos-rebuild switch --flake /home/richie/projects/nix-dotfiles#$HOST"; - }; - }; -} diff --git a/users/richie/home/gui/default.nix b/users/richie/home/gui/default.nix deleted file mode 100644 index f980bf2..0000000 --- a/users/richie/home/gui/default.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ pkgs, ... }: -{ - imports = [ - ./firefox.nix - ./vscode - ]; - - home.packages = with pkgs; [ - beeper - candy-icons - nemo - nemo-fileroller - discord-canary - gimp - gparted - mediainfo - obs-studio - obsidian - proxychains - sweet-nova - util-linux - vlc - zoom-us - prusa-slicer - ]; -} diff --git a/users/richie/home/gui/firefox.nix b/users/richie/home/gui/firefox.nix deleted file mode 100644 index 201631b..0000000 --- a/users/richie/home/gui/firefox.nix +++ /dev/null @@ -1,297 +0,0 @@ -{ - pkgs, - inputs, - machineConfig, - ... -}: -{ - programs.firefox = { - enable = true; - profiles.richie = { - extensions = with inputs.firefox-addons.packages.${machineConfig.system}; [ - bitwarden - darkreader - dearrow - fastforwardteam - return-youtube-dislikes - sponsorblock - ublock-origin - ]; - search.engines = { - "Nix Options" = { - urls = [ - { - template = "https://search.nixos.org/options"; - params = [ - { - name = "type"; - value = "packages"; - } - { - name = "channel"; - value = "unstable"; - } - { - name = "query"; - value = "{searchTerms}"; - } - ]; - } - ]; - icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; - definedAliases = [ "@o" ]; - }; - "Nix Packages" = { - urls = [ - { - template = "https://search.nixos.org/packages"; - params = [ - { - name = "type"; - value = "packages"; - } - { - name = "channel"; - value = "unstable"; - } - { - name = "query"; - value = "{searchTerms}"; - } - ]; - } - ]; - icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; - definedAliases = [ "@n" ]; - }; - }; - search.force = true; - settings = { - # SECTION: FASTFOX - # GENERAL - "content.notify.interval" = 100000; - - # GFX - "gfx.canvas.accelerated.cache-items" = 4096; - "gfx.canvas.accelerated.cache-size" = 512; - "gfx.content.skia-font-cache-size" = 20; - - # DISK CACHE - "browser.cache.jsbc_compression_level" = 3; - - # MEDIA CACHE - "media.memory_cache_max_size" = 65536; - "media.cache_readahead_limit" = 7200; - "media.cache_resume_threshold" = 3600; - - # IMAGE CACHE - "image.mem.decode_bytes_at_a_time" = 32768; - - # NETWORK - "network.buffer.cache.size" = 262144; - "network.buffer.cache.count" = 128; - "network.http.max-connections" = 1800; - "network.http.max-persistent-connections-per-server" = 10; - "network.http.max-urgent-start-excessive-connections-per-host" = 5; - "network.http.pacing.requests.enabled" = false; - "network.dnsCacheExpiration" = 3600; - "network.dns.max_high_priority_threads" = 8; - "network.ssl_tokens_cache_capacity" = 10240; - - # SPECULATIVE LOADING - "network.dns.disablePrefetch" = true; - "network.prefetch-next" = false; - "network.predictor.enabled" = false; - - # EXPERIMENTAL - "layout.css.grid-template-masonry-value.enabled" = true; - "dom.enable_web_task_scheduling" = true; - "layout.css.has-selector.enabled" = true; - "dom.security.sanitizer.enabled" = true; - - # SECTION: SECUREFOX - # TRACKING PROTECTION - "browser.contentblocking.category" = "strict"; - "urlclassifier.trackingSkipURLs" = "*.reddit.com, *.twitter.com, *.twimg.com, *.tiktok.com"; - "urlclassifier.features.socialtracking.skipURLs" = "*.instagram.com, *.twitter.com, *.twimg.com"; - "network.cookie.sameSite.noneRequiresSecure" = true; - "browser.download.start_downloads_in_tmp_dir" = true; - "browser.helperApps.deleteTempFileOnExit" = true; - "browser.uitour.enabled" = false; - "privacy.globalprivacycontrol.enabled" = true; - - # OCSP & CERTS / HPKP - "security.OCSP.enabled" = 0; - "security.remote_settings.crlite_filters.enabled" = true; - "security.pki.crlite_mode" = 2; - - # SSL / TLS - "security.ssl.treat_unsafe_negotiation_as_broken" = true; - "browser.xul.error_pages.expert_bad_cert" = true; - "security.tls.enable_0rtt_data" = false; - - # DISK AVOIDANCE - "browser.privatebrowsing.forceMediaMemoryCache" = true; - "browser.sessionstore.interval" = 60000; - - # SHUTDOWN & SANITIZING - "privacy.history.custom" = true; - - # SEARCH / URL BAR - "browser.search.separatePrivateDefault.ui.enabled" = true; - "browser.urlbar.update2.engineAliasRefresh" = true; - # PREF: restore search engine suggestions - "browser.search.suggest.enabled" = true; - "browser.urlbar.suggest.quicksuggest.sponsored" = false; - "browser.urlbar.suggest.quicksuggest.nonsponsored" = false; - "browser.formfill.enable" = false; - "security.insecure_connection_text.enabled" = true; - "security.insecure_connection_text.pbmode.enabled" = true; - "network.IDN_show_punycode" = true; - - # HTTPS-FIRST POLICY - "dom.security.https_first" = true; - "dom.security.https_first_schemeless" = true; - - # PASSWORDS - "signon.formlessCapture.enabled" = false; - "signon.rememberSignons" = false; - "signon.privateBrowsingCapture.enabled" = false; - "network.auth.subresource-http-auth-allow" = 1; - "editor.truncate_user_pastes" = false; - - # MIXED CONTENT + CROSS-SITE - "security.mixed_content.block_display_content" = true; - "security.mixed_content.upgrade_display_content" = true; - "security.mixed_content.upgrade_display_content.image" = true; - "pdfjs.enableScripting" = false; - "extensions.postDownloadThirdPartyPrompt" = false; - - # HEADERS / REFERERS - "network.http.referer.XOriginTrimmingPolicy" = 2; - - # CONTAINERS - "privacy.userContext.ui.enabled" = true; - - # WEBRTC - "media.peerconnection.ice.proxy_only_if_behind_proxy" = true; - "media.peerconnection.ice.default_address_only" = true; - - # SAFE BROWSING - "browser.safebrowsing.downloads.remote.enabled" = false; - - # MOZILLA - # PREF: allow websites to ask you to receive site notifications - "permissions.default.desktop-notification" = 0; # allow websites to ask - # PREF: allow websites to ask you for your location - "permissions.default.geo" = 0; - "geo.provider.network.url" = "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%"; - "permissions.manager.defaultsUrl" = ""; - "webchannel.allowObject.urlWhitelist" = ""; - - # TELEMETRY - "datareporting.policy.dataSubmissionEnabled" = false; - "datareporting.healthreport.uploadEnabled" = false; - "toolkit.telemetry.unified" = false; - "toolkit.telemetry.enabled" = false; - "toolkit.telemetry.server" = "data:,"; - "toolkit.telemetry.archive.enabled" = false; - "toolkit.telemetry.newProfilePing.enabled" = false; - "toolkit.telemetry.shutdownPingSender.enabled" = false; - "toolkit.telemetry.updatePing.enabled" = false; - "toolkit.telemetry.bhrPing.enabled" = false; - "toolkit.telemetry.firstShutdownPing.enabled" = false; - "toolkit.telemetry.coverage.opt-out" = true; - "toolkit.coverage.opt-out" = true; - "toolkit.coverage.endpoint.base" = ""; - "browser.ping-centre.telemetry" = false; - "browser.newtabpage.activity-stream.feeds.telemetry" = false; - "browser.newtabpage.activity-stream.telemetry" = false; - - # EXPERIMENTS - "app.shield.optoutstudies.enabled" = false; - "app.normandy.enabled" = false; - "app.normandy.api_url" = ""; - - # CRASH REPORTS - "breakpad.reportURL" = ""; - "browser.tabs.crashReporting.sendReport" = false; - "browser.crashReports.unsubmittedCheck.autoSubmit2" = false; - - # DETECTION - "captivedetect.canonicalURL" = ""; - "network.captive-portal-service.enabled" = false; - "network.connectivity-service.enabled" = false; - - # SECTION: PESKYFOX - # MOZILLA UI - "browser.privatebrowsing.vpnpromourl" = ""; - "extensions.getAddons.showPane" = false; - "extensions.htmlaboutaddons.recommendations.enabled" = false; - "browser.discovery.enabled" = false; - "browser.shell.checkDefaultBrowser" = false; - "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons" = false; - "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features" = false; - "browser.preferences.moreFromMozilla" = false; - "browser.tabs.tabmanager.enabled" = false; - "browser.aboutConfig.showWarning" = false; - "browser.aboutwelcome.enabled" = false; - - # THEME ADJUSTMENTS - "toolkit.legacyUserProfileCustomizations.stylesheets" = true; - "browser.compactmode.show" = true; - "browser.display.focus_ring_on_anything" = true; - "browser.display.focus_ring_style" = 0; - "browser.display.focus_ring_width" = 0; - "layout.css.prefers-color-scheme.content-override" = 2; - - # COOKIE BANNER HANDLING - "cookiebanners.service.mode" = 1; - "cookiebanners.service.mode.privateBrowsing" = 1; - - # FULLSCREEN NOTICE - "full-screen-api.transition-duration.enter" = "0 0"; - "full-screen-api.transition-duration.leave" = "0 0"; - "full-screen-api.warning.delay" = -1; - "full-screen-api.warning.timeout" = 0; - - # URL BAR - "browser.urlbar.suggest.calculator" = true; - "browser.urlbar.unitConversion.enabled" = true; - "browser.urlbar.trending.featureGate" = false; - - # NEW TAB PAGE - "browser.newtabpage.activity-stream.feeds.topsites" = false; - "browser.newtabpage.activity-stream.feeds.section.topstories" = false; - - # POCKET - "extensions.pocket.enabled" = false; - - # DOWNLOADS - "browser.download.always_ask_before_handling_new_types" = true; - "browser.download.manager.addToRecentDocs" = false; - - # PDF - "browser.download.open_pdf_attachments_inline" = true; - - # TAB BEHAVIOR - "browser.bookmarks.openInTabClosesMenu" = false; - "browser.menu.showViewImageInfo" = true; - "findbar.highlightAll" = true; - "layout.word_select.eat_space_to_next_word" = false; - - # SECTION: MY OVERRIDES - "browser.startup.homepage" = "https://google.com"; - "identity.fxaccounts.enabled" = false; - - # SECTION SMOOTHFOX - # OPTION: SHARPEN SCROLLING * - "apz.overscroll.enabled" = true; # DEFAULT NON-LINUX - "mousewheel.min_line_scroll_amount" = 10; # 10-40; adjust this number to your liking; default=5 - "general.smoothScroll.mouseWheel.durationMinMS" = 80; # default=50 - "general.smoothScroll.currentVelocityWeighting" = "0.15"; # default=.25 - "general.smoothScroll.stopDecelerationWeighting" = "0.6"; # default=.4 - }; - }; - }; -} diff --git a/users/richie/home/gui/vscode/default.nix b/users/richie/home/gui/vscode/default.nix deleted file mode 100644 index 68b71b7..0000000 --- a/users/richie/home/gui/vscode/default.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ config, pkgs, ... }: -let - vscode_dir = "/home/richie/projects/nix-dotfiles/users/richie/home/gui/vscode"; -in -{ - # mutable symlinks to key binds and settings - xdg.configFile."Code/User/settings.json".source = config.lib.file.mkOutOfStoreSymlink "${vscode_dir}/settings.json"; - xdg.configFile."Code/User/keybindings.json".source = config.lib.file.mkOutOfStoreSymlink "${vscode_dir}/keybindings.json"; - - home.packages = with pkgs; [ nil ]; - - programs.vscode = { - enable = true; - package = pkgs.vscode; - mutableExtensionsDir = true; - }; -} diff --git a/users/richie/home/gui/vscode/extension_manager.py b/users/richie/home/gui/vscode/extension_manager.py deleted file mode 100644 index 8a4162c..0000000 --- a/users/richie/home/gui/vscode/extension_manager.py +++ /dev/null @@ -1,68 +0,0 @@ -from subprocess import run - - -def get_installed_extensions(): - process = run("code --list-extensions".split(), check=True, capture_output=True) - return set(process.stdout.decode("utf-8").strip().split("\n")) - - -def main(): - print("starting vscode extension manager") - - extensions = { - # vscode - "ms-azuretools.vscode-docker", - "ms-vscode-remote.remote-containers", - "ms-vscode-remote.remote-ssh-edit", - "ms-vscode-remote.remote-ssh", - "ms-vscode.hexeditor", - "ms-vscode.remote-explorer", - "ms-vsliveshare.vsliveshare", - "oderwat.indent-rainbow", - "usernamehw.errorlens", - # git - "codezombiech.gitignore", - "eamodio.gitlens", - "gitHub.vscode-github-actions", - # python - "charliermarsh.ruff", - "ms-python.python", - "ms-python.vscode-pylance", - "ms-python.debugpy", - # rust - "rust-lang.rust-analyzer", - # MD - "davidanson.vscode-markdownlint", - "yzhang.markdown-all-in-one", - # configs - "redhat.vscode-yaml", - "tamasfe.even-better-toml", - # shell - "timonwong.shellcheck", - "foxundermoon.shell-format", - # nix - "jnoortheen.nix-ide", - # database - "mtxr.sqltools-driver-pg", - "mtxr.sqltools", - # other - "esbenp.prettier-vscode", - "mechatroner.rainbow-csv", - "streetsidesoftware.code-spell-checker", - "supermaven.supermaven", - } - - installed_extensions = get_installed_extensions() - - missing_extensions = extensions.difference(installed_extensions) - for extension in missing_extensions: - run(f"code --install-extension {extension} --force".split(), check=True) - - if extra_extensions := installed_extensions.difference(extensions): - print(f"Extra extensions installed: {extra_extensions}") - - print("vscode extension manager finished") - - -if __name__ == "__main__": - main() diff --git a/users/richie/home/gui/vscode/keybindings.json b/users/richie/home/gui/vscode/keybindings.json deleted file mode 100644 index 091d316..0000000 --- a/users/richie/home/gui/vscode/keybindings.json +++ /dev/null @@ -1,20 +0,0 @@ -[ - { - "key": "shift+alt+f", - "command": "editor.action.formatDocument", - "when": "editorHasDocumentFormattingProvider && editorTextFocus && !editorReadonly && !inCompositeEditor" - }, - { - "key": "alt+a d", - "command": "cSpell.addWordToWorkspaceSettings" - }, - { - "key": "ctrl+shift+`", - "command": "workbench.action.createTerminalEditor" - }, - { - "key": "ctrl+shift+`", - "command": "-workbench.action.terminal.new", - "when": "terminalProcessSupported || terminalWebExtensionContributedProfile" - } -] diff --git a/users/richie/home/gui/vscode/settings.json b/users/richie/home/gui/vscode/settings.json deleted file mode 100644 index 1591c55..0000000 --- a/users/richie/home/gui/vscode/settings.json +++ /dev/null @@ -1,57 +0,0 @@ -{ - // vscode settings - "diffEditor.ignoreTrimWhitespace": false, - "editor.formatOnSave": true, - "editor.minimap.renderCharacters": false, - "editor.minimap.showSlider": "always", - "explorer.confirmDelete": false, - "explorer.confirmDragAndDrop": false, - "explorer.confirmPasteNative": false, - "files.autoSave": "afterDelay", - "git.autofetch": true, - "git.confirmSync": false, - "git.fetchOnPull": true, - "git.pruneOnFetch": true, - "terminal.integrated.scrollback": 10000, - "update.mode": "none", - "workbench.colorTheme": "Default Dark+", - - // turns off all sounds and announcements - "accessibility.signals.terminalCommandFailed": { - "sound": "off", - "announcement": "off" - }, - "accessibility.signals.terminalQuickFix": { - "sound": "off", - "announcement": "off" - }, - "accessibility.signals.terminalBell": { - "sound": "off", - "announcement": "off" - }, - - // formatters - "[html]": { "editor.defaultFormatter": "esbenp.prettier-vscode" }, - "[jsonc]": { "editor.defaultFormatter": "esbenp.prettier-vscode" }, - "[markdown]": { "editor.defaultFormatter": "esbenp.prettier-vscode" }, - "[nix]": { "editor.defaultFormatter": "jnoortheen.nix-ide" }, - "[python]": { "editor.defaultFormatter": "charliermarsh.ruff" }, - "[yaml]": { "editor.defaultFormatter": "redhat.vscode-yaml" }, - - // spell check - "cSpell.enabled": true, - "cSpell.language": "en,en-US", - "cSpell.enableFiletypes": ["bat", "csv", "nix", "toml"], - "cSpell.userWords": ["Cahill", "syncthing"], - - // nix - "nix.enableLanguageServer": true, - "nix.serverPath": "nil", - - // force the use of rust-analyzer from dev shell - "rust-analyzer.server.path": "rust-analyzer", - "redhat.telemetry.enabled": true, - "gitlens.plusFeatures.enabled": false, - // new - "hediet.vscode-drawio.resizeImages": null -} diff --git a/users/richie/home/programs.nix b/users/richie/home/programs.nix deleted file mode 100644 index 07461f5..0000000 --- a/users/richie/home/programs.nix +++ /dev/null @@ -1,48 +0,0 @@ -{ pkgs, inputs, ... }: -{ - home.packages = with pkgs; [ - # cli - bat - btop - eza - git - gnupg - ncdu - neofetch - rar - ripgrep - sops - starship - tmux - zoxide - # system info - hwloc - lynis - pciutils - smartmontools - usbutils - # networking - iperf3 - nmap - wget - # python - poetry - python312 - ruff - # Rust packages - topgrade - trunk - wasm-pack - cargo-watch - cargo-generate - cargo-audit - cargo-update - # nix - nix-init - nix-output-monitor - nix-prefetch - nix-tree - nixpkgs-fmt - inputs.system_tools.packages.x86_64-linux.default - ]; -} diff --git a/users/richie/home/sshconfig.nix b/users/richie/home/sshconfig.nix deleted file mode 100644 index 53d407f..0000000 --- a/users/richie/home/sshconfig.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ - programs.ssh = { - enable = true; - - matchBlocks = { - jeeves = { - hostname = "192.168.90.40"; - user = "richie"; - identityFile = "~/.ssh/id_ed25519"; - port = 629; - dynamicForwards = [ { port = 9050; } ]; - }; - jeevesjr = { - hostname = "192.168.90.35"; - user = "richie"; - identityFile = "~/.ssh/id_ed25519"; - port = 352; - dynamicForwards = [ { port = 9050; } ]; - }; - bob = { - hostname = "192.168.90.25"; - user = "richie"; - identityFile = "~/.ssh/id_ed25519"; - port = 262; - dynamicForwards = [ { port = 9050; } ]; - }; - rhapsody-in-green = { - hostname = "192.168.90.221"; - user = "richie"; - identityFile = "~/.ssh/id_ed25519"; - port = 922; - }; - palatine-hill = { - hostname = "192.168.76.2"; - user = "richie"; - identityFile = "~/.ssh/id_ed25519"; - port = 666; - }; - }; - }; -} diff --git a/users/richie/secrets.yaml b/users/richie/secrets.yaml deleted file mode 100644 index 0870c25..0000000 --- a/users/richie/secrets.yaml +++ /dev/null @@ -1,80 +0,0 @@ -richie: - user-password: ENC[AES256_GCM,data:l1WF7bwzEDKoDh3lv60H2A35ndPmTSsBQeso8YksZO4UstOjtSKFF5IZJYlE6Amonl9ZFUsQFtgVN+Rg2Yh/rmlI1TBL7CZDadlYIueQh8Si1Xr6qJJMBxqT/dV7G9tH24auUVdWc7tfoEYh6qZ+n9JR47H73A==,iv:d/Xe6qxaNSWo//gPES4h1XqWPGjALQ2316LPPZZyM68=,tag:2lJEc7UrpdmeAVfNXxy7Kw==,type:str] -syncthing: - password: ENC[AES256_GCM,data:iITyXH47YLdbD4t7k27SFpfN,iv:jzBh69brKJSxLNCd/ntY7O/GcpjmGc1Gli7yuxwwe2E=,tag:6fglnQjYXCnilgy8p+KWuw==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4VGsycE1JQUFXbmZOQ3dP - VlMzVllzemN3WWd2dFc4UEdKSnVmcHhNaFZNCmVLZG54RWIybVl3dXNpQ2NLVnBh - dUdKWlJ1dXZ3MFZ1Y2tQVzNJR3pYcjAKLS0tIFFiRHIzZEpjNml3Mm1GOUhRWjBy - UVMwemZIY1RTWkVmQXE3allUNzdLWlkKPBVTtbgPXXnbclANx4nysXeTWmSoIuAg - NfCnCPPgYqe+zW3XL9czEjxyTyH25lnkAWckUhCch3g2uA/7uV1xlg== - -----END AGE ENCRYPTED FILE----- - - recipient: age128ehc0ssgwnuv4r8ayfyu7r80e82xrkmv63g7h9y9q4mhk4w9dyqfymc2w - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2blVUSngvekRPMFRmanhy - c08rZ05TdGtLMVZIdjRrY3Nmclo1eVhqNDFzCnhLQlg5YURCUzR3dStva0llN0Z0 - ZzJxVDdRK3pER0RTTVZRS0dhZkkxTEUKLS0tIExNd0ptYm9PY3FnelZmcmgyc3l4 - SE1hU1hzOFVhTThBTmg3LzlvMUljdEUKCwkZlOduNCrNZ7S/aDJfVkUny6uCIdQu - 3sVk5mtz5hwWtycfMNC8+y67S+VzSZPY3GeBN3f9ShWEFT+sM6k3Dg== - -----END AGE ENCRYPTED FILE----- - - recipient: age1lffr5f5nz0nrenv3ekgy27e8sztsx4gfp3hfymkz77mqaa5a4gts0ncrrh - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0RE9lK0xUTXhTQWtJL2V5 - SURFZ0Q4R3FiVkFnbUVEeE0yWUNsRjh6WjFzCjdHVnBNTDVVTk0zOWtuWTdMbXZQ - eVpmNE90RzkyTWN4eWs2SUdubFZ2ek0KLS0tIEZaQis2Z1R6SURhT3g3ZHVTQU1R - M1h3dFZXQStBSGtveENQTi9jeGVSRGcKFoTwIJFF4gMX9854JaGt1M8lcKDWijk0 - LU22l0GOL9h4EFlIFE3keahXO+47Cjr92uMrlAnsX+xdnH0uPdxrNA== - -----END AGE ENCRYPTED FILE----- - - recipient: age1c7adjulcrma0m7l5ur8efxdjzyskrqcwssfkt77a9rmma7gzss5q02pgmy - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzWUhhS0RjcVQvMnRYZDl4 - eFRZbjNDN1ZlRS9neURWdW9tMmV5RiszSGkwCm91b3dWQXVxRlEzMEVnd1lkT3hI - U2oxK1psMHZROTRNd2gremxmS1l1WXcKLS0tIHlsTy9qcUlySlZ4dHo2czBiaVlE - REg4THhDRmdZOHJGVmxZcmIxUThTMUkKeyTq4ibHWukJx+9ApBSt9y3sfy9895Sf - pa2Kkw1VsnQhvEW0+IeRoQnxeQB6rAXlftNhtEodc6d3w+ny/tI3kA== - -----END AGE ENCRYPTED FILE----- - - recipient: age13jg97cvy63fzd2ccthcwvfyyxzw5vmwun8s0afq5l4xm0mhl6pjqhne063 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2bU5OTWFBNkRRdEFzblhk - VDE1cUdUTHNVUmkzdDFkWHBXL0gxMHVjMjFjCjVLQXROWWErTFhVckorSHZJWG9D - a1BobEorVXdNTC8xcGpvdUZKem04R2cKLS0tIG1TU2ViWTJ2SUxVMG9jOE41bGVk - QWVIUEJxV1diZG0xaUNNMmJaUUhIRHcKlAweCd38TNHdyIhzXIdjgEBj10bn6KK/ - 0e0qgyWNfkJtBYF2PhaBcr7l58dHSbQXXomgG2npGxPGVYMtoLPTsg== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-04-13T17:27:06Z" - mac: ENC[AES256_GCM,data:xzVCCVSfQz7fH+z3veZI5uJA6eBDRMT5kPT2Qq/KlESKJC4MVn6ErTbdDEFEnfa7vmqnBArPIEWdkSSbPTAvZbCMzuQTUVsjKbHnnvZsVypl0ScVgupGYq/+UhVoW8vKukXMAZ2dZfMWGn3Sso+DpWhR83Pf8FF8Xey4YcJzpIs=,iv:5oDREhX2gxypLurd0lyINklrf2DU/1SyD4sXiO/THUI=,tag:MvlitzHGiRCHJszLn5zoWg==,type:str] - pgp: - - created_at: "2024-06-09T00:29:47Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - hQIMA29thaGx06tOAQ//RvcNg6H6CeLvrdLSb7ohPkZGPwgxkIyn8a384ybg5nX3 - TiV1aDlg4RNyvQY371ixYVIO4ddjC2OMyt43ghHIUvH2Lp6dn2anPuqlMXXOTeYL - nEH09fsuZ3Mkg6F30MQH3tBOHvkroKPQCA9Y2JSQhkfO1GsAAm1PhCUgqJDKDK38 - /fwWSPvrOQDhdRDhTVmAHKRpH6XvSN8d5QUWqwaII+34JkQRFNNhqJZCu04QP0Yy - CaceNJg9IoBy2n2nJZ3zQfzOvxujPEnsXnuQ67Oa2GCwwNEsxfjjeFApi97zOeQA - 0LwM6iZGz/d5hdb7HVCVUuU2H9QPNuYWYNEIFJTJjOUY0osaBe+a7xPY4dm5YNsS - Y5VMup6SQINoXQcabkwU2zjbEEEEFWjDrszweLn/YBEdkT1vkJ/Gnrl8j3udYZs4 - /xC/xIbIFjOhXmIi+I4WbeQK8bspS+EbEGT/t+iE2mf3zEjZsjVppGtX1rVoGE1x - 1H3P2IK6CBiT9d8A7ocLFYdGRoXreQyDNJqd4u0XRMjbTgC2rWbOsaBJDzjyQKXV - oAR8o04wwB0wZZaAYYwb6bIqa/UFO2ZKUvQVu8wDVMt0NBwHSMVivu5ArqZwl+pj - Fyy+t6+JVdvATsBfWEyejJ3Y4jjGUCJPkbAdkAxACdmfikye0A+Je4QGOBctMOzS - XgE9V6KGRqKrr2aZBCMgg4H2hoqQLGpQAEKadJ8RvU7PM6C0wbF/5XNPce8rUqOw - 87Bn3wdcQcxCtWHSOj1o0SKRrQ9PlxfnvnVcCGW/vyKbWGvs5JNYMs3IfQ6xXnA= - =OVS5 - -----END PGP MESSAGE----- - fp: 29F5017C95D9E60B1B1E8407072B0E0B8312DFE3 - unencrypted_suffix: _unencrypted - version: 3.8.1 From 080a382242e5335d2d267a6d7d05bed3aa4896cb Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Wed, 21 Aug 2024 18:59:20 -0400 Subject: [PATCH 03/66] add wifi, remove richie pub key, disable auto-pull/update --- keys/richie.asc | 67 --------------------------------- modules/update.nix | 6 +-- systems/artemision/secrets.yaml | 6 +-- systems/artemision/wifi.nix | 1 + users/alice/default.nix | 11 +----- users/alice/home/zsh.nix | 2 +- 6 files changed, 9 insertions(+), 84 deletions(-) delete mode 100644 keys/richie.asc diff --git a/keys/richie.asc b/keys/richie.asc deleted file mode 100644 index 7b60a0b..0000000 --- a/keys/richie.asc +++ /dev/null @@ -1,67 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- - -mQINBGQ4gGgBEAC2s0Q4nQ5aTlpTg4u/Hl9gq56IAGoUW9wlgEoStHXyA1WziY2s -1pt45l4Q6kORswXoXv0ULTWBQAGponjY3l+HNm+B0XMr6EogjV/EP/UCyEi8zpqs -PaoJiB95s8rTsh+E7GzWR8KDhazOrGFY+QQOsTWEhLF8jkISd9aC05pf+WnKyxLC -wFjNFXRWUgPKyKPWIUd3SJP2IH6rSSkp7SMCAUiteQx2c43thnr4c/wcfGANKbFO -PhYrkTJKSqt38NoFtNB/Eo/MaVwdEnTMmeovF9sA2s0SLat8+FngSEcIXvL5UpA4 -K73+lOQUROWFju7LrIyOhksSZXyQvP+64PxfpbtHadH6wQ4Ckz0GYIYnDQ1q66dh -OKQq9efIlxb7ky47qXRMY8u6d2d4bceLM4a24lYajZ70HZTEF4hy5KCMd8DAmAzU -WLCkaz6SQVDsme60jH3Mavd18B8HZ1d5Vi75hNaylMRtq7o6IA60NnVXh07U+Zto -n8QOze0JqO/GaM7FzfijfsW670j//FSu5wUGnBYprBz7SFh2nCy/XPZYThtHtPbI -YeESs8WZtqkfs4RpmMkOKcTLNiTFXIsCqHIhR8lDnJl+skEMxg7L8FF2txph4ssU -BZ6dAbFy8KsH+2Sr2qfK0yHOVs37ymv+/WaxC0d+QpLAupRhzL+s2kIYGQARAQAB -tB9SaWNoaWUgPFJpY2hpZUB0bW13b3Jrc2hvcC5jb20+iQJOBBMBCAA4FiEEKfUB -fJXZ5gsbHoQHBysOC4MS3+MFAmQ4gGgCGwMFCwkIBwIGFQoJCAsCBBYCAwECHgEC -F4AACgkQBysOC4MS3+PnKA//YUDZbuaas5MIWRqZsh02GEXVX4n727JP4iqZU4R0 -Cndq7KCl+8XJ9RqmpRZab1FhEj/DQZYisKvloMvBop4q1XLLkabaQF5NsbDvIQG6 -5TgbeSUmVWP6JS4Ka05FKIEwjKFS6ogbd1tscVs50zFWW+veewWMwwQF1mw+N5wx -LsnHRDIBPOj8Z+p07fyYlP2RMtqdjUqHOtDBiAvbFaXd1huEHd6H2bhnVLaxsJUf -EEGu92ND0GgW2tDrJIL+bNhZfsnHZEZPyruLZXcwW0JIyLf+sgob/iY0duDH1JDS -ty5tS3ke9O3Q56mPogHP7jlMwtVHzQQPlviVtNvYhRamb5hUDc9Qu9uXNM0HOWdg -MI5KE1xbdjz1OmymakfcfbVcSz1vu3k4XpqChiKt+psw8BnHGcguPchetkroCJcM -OLwnCoKH3TFxZfaZQGPDhHCGU484Nj1M/wHo9RcoWtrPWz+Y7W0U+47EdmGM1Vpl -9hIoXqjEWENz6Ph5DD0vxMptQPrRfmtLiJsWxAJRS9MH+ZWXxjJ2byKXiEHdR7la -Xgj8ejtzaZB04Ow9+zptFH6nwTygGGodcRkYYFtYSS7C46aihvMRLj68uHB2yC2b -zYutMtU6eregDaWiAeGycZcanGnU36JDifjaCF84oty6a3EpfdGCc9KkHk1Is+sR -TVe5Ag0EZDiAaAEQANy3ekveJexjqdhWmGjqF1rp90uWYJeVwg0Dlc621SNEzrfu -suC1BEHC2xdZz85yPbfdUPThAn/AmaMYlNIvzXmsGJdfIIsL7ZT+K6K+9ClbFhR8 -eIZZjhpSOMwLEfNroyZPcOwEua9bSr3mwU+i2ED+dCKcxG4/wAtmeK2PNOz0t0/F -umLHW9Zk8YZBVSq7sGZ77TBi7GHOVzR/3wWy0qXgVMSQXtmOoDCmd1B1pD/BOkBA -2iI4spRLiDPW3XVDeAGydYPPEIXtFax7ZCs4BhjT4witJ2110fddrAh6e48yU4Hn -ca5F+QD6hVvUgHmdM/9GMqYf2mMC8tqNQf33Ib148zIhtQN5OtDz/sce5Xj8rk0j -HUuZ3E0jViK72ZRnZD46CyIc99ZcLCAhsHZDaMTEDfWX8ToQzA+Ahyth0RMykwhX -6NPKvOw2VqRK+j6iyYvtDXLmcsR890dzHDJLfrJWCJ0scpeWFvlLkVhQaT3NEqEK -oUENBFf8zxfTQ7BksyV2ESTwu5xqfYeJ1g1FoTfL30+/W0003K7hoPQuU3ebj3wY -3mMrG0hgo0iM9wHk83WWt+fDYj09yptGWAgBQNOpRR/0EbwEd74C3UxZQtUmxwPz -YW2g1GWyEgtA76UJ00TuQHBGklcKtY0IbHKwjn7NwHbYWu67R7Le3+cj3LOVABEB -AAGJAjYEGAEIACAWIQQp9QF8ldnmCxsehAcHKw4LgxLf4wUCZDiAaAIbDAAKCRAH -Kw4LgxLf462sEACDweQr1ik35sbw3qlPn3b/d2UYBK+r8G3Pk1RhNra2rFtkRY8Y -rEAlFeYOCBplsyg8swIClPjKpqIEehMV4X2E0N6WpyPzuOgNP4OPAmJngUYM9uxr -kcVhYubgp2Hcxk5TkbvHIc31P5ItCl7UUYC3bXf32K5GVeOAxsZBS6elwdxlFteY -WKjkwoZklPPfce4ctG/phy8dnn+pFMFnyisFFp81R2P+ztdSDLm/U27d8g9cjcWK -mhZtGox4zf7250p+gIUnlnBdtXIWBaUFidha5qql0/iSsMrhu2m12XaLc5HiubYY -RNIHcCRitG0Qc/pWVjZAD/bqOTl4/M1AeN7qZ/8Y1II1tCdBZ1MGinKS/3aGjTn5 -RzvYrQeP7YTInyah7MpUTYoxI+VHHeD7hTy/y0GPZBtZ24B/s3ICuMemejILeI8M -aHj8FmBSXJ3dD8195QyONuQB5hNB3qGhc995KsDK3leCwJc3+MFLZPaEZnB+f+uo -+pdngVsKH2IAVOtJN+QULmuEFmiEGRAghJwxfA4M92Bn0jSa9KMyTsM41b3zdSVU -ipnn9FVX7RemSdF/z2SXAczwMLwVjai4j8b/U9O3oc0wrDF4QgrKKKIESlID/0Jf -QLwhRYHy03r2yENO9lEeTBaSF94HsN1UjrZtzpGx6QTGBohA2RrztXkosLgzBGWP -FicWCSsGAQQB2kcPAQEHQBlJ0lXDQnpcV7nR/MWPifi0WVTDPe0njjVIHNq/Z/xI -iQKtBBgBCAAgFiEEKfUBfJXZ5gsbHoQHBysOC4MS3+MFAmWPFicCGwIAgQkQBysO -C4MS3+N2IAQZFgoAHRYhBAA/2xaaamErUuSen5+R1096JyceBQJljxYnAAoJEJ+R -1096Jycejy0A/2BmBatOihlxnO1G0U5qy3eiFkzmYKhm9WEW+w461hjuAP40cTMS -xgnpUzUrsEs6+3Om7TLAa0VAqYLjA8NTVJs6AiPGEACuGgYn4uBzeXGLgHHUmLsY -25rOajs/zAZnQkMz1epMKJDZ658cIDKyjJ6mLkkBwHwARrMhb38AEphXgyuAtHMN -mEPRzABZutleW33KCk6zzVLyYVFBDWEI7hIFdNfJcJjXsDX0oGKB/oT5vlU25YgN -cBAC7q9PGfq/XkeFOz9j3UOXMuzTKmtrX28IiSPqk+IkzeL35otzrG1wsUPLDLRS -nlmwtnP4oQ50cUvTiDesk3QqPQn+2wPYakMydq7bvUcv/jakCADJq8Lsg4AmUxpQ -bZNj2Zu/j8g+0KYUTriuQpZHf+mjVoNzwxiDKobMvKNzyNrZwMnZhAcDnCXSHpZL -KnBcQGpsOjZicA9HodVRdU80DM46MSsncxAN+jwdHUOtCtONP059kF8JegwyevFS -1hY/6ZTMETtKckWbs2gMTEK48SXF3EQ2jMq8lbD9SccuEi6R19R5qiLwQBgUHawT -PcirlASclpR2zjLH1/MovxMFykCUUaQgGH0TjCe5X95Y7QdVgw6ocHkSFUsLN8V1 -L3UfOIobFFW6EuRg5urKpljoi20dYsAyorqye9q825RyuWa5oLDtqXshCuOzLy6O -BgnM2FIvUpxAFmlXlC9eG8bUChfqEakio68Iwl6LUQouDR9gprWcookZV716YBVC -/IKQxyKTQK+nas4pfaUhYw== -=in5n ------END PGP PUBLIC KEY BLOCK----- diff --git a/modules/update.nix b/modules/update.nix index 3a0e630..143a4f8 100644 --- a/modules/update.nix +++ b/modules/update.nix @@ -1,16 +1,16 @@ { lib, ... }: { services.autopull = { - enable = lib.mkDefault true; + enable = lib.mkDefault false; repo.dotfiles = { - enable = lib.mkDefault true; + enable = lib.mkDefault false; ssh-key = lib.mkDefault "/root/.ssh/id_ed25519_ghdeploy"; path = lib.mkDefault /root/dotfiles; }; }; system.autoUpgrade = { - enable = lib.mkDefault true; + enable = lib.mkDefault false; flags = [ "--accept-flake-config" ]; randomizedDelaySec = "1h"; persistent = true; diff --git a/systems/artemision/secrets.yaml b/systems/artemision/secrets.yaml index e5fd5d9..a8d4080 100644 --- a/systems/artemision/secrets.yaml +++ b/systems/artemision/secrets.yaml @@ -10,7 +10,7 @@ example_booleans: - ENC[AES256_GCM,data:gEvfi+Q=,iv:0DrXoZk8OkdUShc7WAKOL8xG26RFZp3M3qYFAb1hDAs=,tag:uemBrdF87nrfLpfnQ8bD8g==,type:bool] apps: spotify: ENC[AES256_GCM,data:bp1pdOfS+VGWLtepUjg7KFWw8Fk=,iv:twGO3CjzRxAU81C93mX8qIEZ/FYIQRJnMd2HIuvP9q8=,tag:AJgs0QGFH30E8+ZpaB02TQ==,type:str] -wifi-env: ENC[AES256_GCM,data:NGI090aVGojJ7+lvcknJfZBQKb0b/tUrd2AqEl5IWQWCJdqqaO4pCrs3C+IW06/pz9FWgMxx9tPu32xmMZaPnnlLD+XyVJ71L2P22U6YufRPRfvyv6swOlihscOZ5tsFFYShjXpow0PfmYS+tP9mYLb2RYFLGQmvI4fa4LaVjuwPXAMg3RN/gVXR6bMEpd/7OIr+tIxC5sTE7V7fIbyzcn4=,iv:VbtgvwMHo1iLuTKCA7KjEXC1d1MY4aHfmXI6yuCGZVI=,tag:dGmw+icLKL9dJQExy83m1A==,type:str] +wifi-env: ENC[AES256_GCM,data:H9rGALffVG0tzRl8cf/vu9f0b8h+9Iaew4oYnyrD1NNWwPpotP6jf+JOVBub9u9Iv6gc5IzE59WWhWJKF383zNcz+sDCGxcwaf54yr4x0bhX7HkrQyeQyJtlTa1ceqsTEKR0ejrSujyiQwJDl2xAnjLima5LuUJyTWLU19WC5VbXkbGr+DdtguL3i0GNn7SgP6m4Bihm4lZXrX4nFIBMTK0cWGDWYIM=,iv:4fzYhpYk+TDDszelOwKfZtwllcGxJpfKI3mAWHcJ7Ug=,tag:73OJSIfH8QMjow2xvR/TUg==,type:str] #ENC[AES256_GCM,data:pC2Kdy7wNc0=,iv:J7Ggfv6K3dCzL42j5MGd+BjQGseoAoYs4k6+yc3FSiA=,tag:9MriduP9SEIi+c1q4tfzlQ==,type:comment] sops: kms: [] @@ -27,8 +27,8 @@ sops: UlhhNzNjTHdVaXlPOFJhc0EyZGh3RDQK1c7nctmrorze4Kr0Grmcmx3N/UYXPwJc FfClOoGxO+4ZDtxG61SDU1UdYae4loQ8roM8jDIPFMfoEum2bT8oXw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-08-03T02:45:15Z" - mac: ENC[AES256_GCM,data:PsEeb2leFb500YYHg+5YHwGVHKUPB7qVqaJY66hnkmCa5MKAZkHqSgtVvh+Ai4fN9E+WFtjlso2a4oasQMNwVXsmt54+q1/Mz5zF2D/1nvaNL76fEod2YXp2jlGxNniyPfRaZXDu+QQLhoz2PBoe6OQ9E5WRDV88j7gksy6GePw=,iv:H7Q9fbvdgh+NZNyyupByQETWsgpXVXn0blQV1Ww7eQM=,tag:cpWykzgH9/mWTKxmEDZ9PA==,type:str] + lastmodified: "2024-08-21T00:27:31Z" + mac: ENC[AES256_GCM,data:rST3ZwVMS/Us5pufse75X+j1Z2g6Kgb88luYTErBG79IvnoX//GdF7R3JPcQVp2o4rqFO7AU6zvh6PdGZjH3DS28k2iKe1qX1PKxMVihXnFFf8Zh/a/Uc0zvG7nDZ9FrLn4mv98LmKaqSjqsmgycpTY8HgRRaeAo4gXgtOwcF7U=,iv:6mQj3CMCk4yb02HW6y+VyvaHIOS4Dxt5P0krOtQ/pOE=,tag:SQHVH+ZbtdTUsmDRF8oMvA==,type:str] pgp: - created_at: "2024-03-23T05:46:35Z" enc: |- diff --git a/systems/artemision/wifi.nix b/systems/artemision/wifi.nix index 59982fe..d431ffa 100644 --- a/systems/artemision/wifi.nix +++ b/systems/artemision/wifi.nix @@ -25,6 +25,7 @@ in "Verizon_ZLHQ3H".psk = "@PASS_angie@"; "optimumwifi" = { }; "CableWiFi" = { }; + "JPMCVisitor" = { }; }; }; diff --git a/users/alice/default.nix b/users/alice/default.nix index fa87e4f..ff0f9b8 100644 --- a/users/alice/default.nix +++ b/users/alice/default.nix @@ -13,15 +13,6 @@ import ../default.nix { name ; publicKeys = [ - # photon - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOGcqhLaKsjwAnb6plDavAhEyQHNvFS9Uh5lMTuwMhGF alice@parthenon-7588" - # gh - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGoaEmzaS9vANckvBmqrYSHdFR0sPL4Xgeonbh9KcgFe gitlab keypair" - # janus - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfcO9p5opG8Tym6tcLkat6YGCcE6vwg0+V4MTC5WKop alice@parthenon-7588" - # palatine - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP59pDsx34k2ikrKa0eVacj0APSGivaij3lP9L0Zd9au alice@parthenon-7588" - # jeeves - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJDgkUndkfns6f779T5ckHOVhyOKP8GttQ9RfaO9uJdx alice@parthenon-7588" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPvF14bwJtV3r6O4KPydaIHmeiwJAYBs17nGDQUZgd5P alice@artemision" ]; } diff --git a/users/alice/home/zsh.nix b/users/alice/home/zsh.nix index 25064c6..49ec7f0 100644 --- a/users/alice/home/zsh.nix +++ b/users/alice/home/zsh.nix @@ -48,7 +48,7 @@ shellAliases = { "sgc" = "sudo git -C /root/dotfiles"; ## SSH - "ssh-init" = "ssh-add -t 24h ~/.ssh/id_ed25519_janus ~/.ssh/id_ed25519_dennis ~/.ssh/id_ed25519_hetzner ~/.ssh/id_rsa_tails ~/.ssh/id_ed25519_tails ~/.ssh/id_ed25519_gl ~/.ssh/id_ed25519_jeeves2 ~/.ssh/id_ed25519_jeeves ~/.ssh/id_rsa_palatine ~/.ssh/id_ed25519_palatine"; + "ssh-init" = "ssh-add -t 2h ~/.ssh/id_rsa_tails ~/.ssh/id_ed25519_tails ~/.ssh/id_ed25519_gl ~/.ssh/id_rsa_palatine ~/.ssh/id_ed25519_palatine ~/.ssh/id_ed25519_rota"; ## Backups "borgmatic-backup-quick" = "sudo borgmatic --log-file-verbosity 2 -v1 --progress --log-file=/var/log/borgmatic.log -c /etc/borgmatic/config_checkless.yaml"; From cadfdc62aba65f1fdf7d9273311970673cbcc455 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Thu, 22 Aug 2024 00:47:02 -0400 Subject: [PATCH 04/66] reduce number of keys --- users/alice/home/zsh.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/users/alice/home/zsh.nix b/users/alice/home/zsh.nix index 49ec7f0..10b346e 100644 --- a/users/alice/home/zsh.nix +++ b/users/alice/home/zsh.nix @@ -48,7 +48,7 @@ shellAliases = { "sgc" = "sudo git -C /root/dotfiles"; ## SSH - "ssh-init" = "ssh-add -t 2h ~/.ssh/id_rsa_tails ~/.ssh/id_ed25519_tails ~/.ssh/id_ed25519_gl ~/.ssh/id_rsa_palatine ~/.ssh/id_ed25519_palatine ~/.ssh/id_ed25519_rota"; + "ssh-init" = "ssh-add -t 2h ~/.ssh/id_rsa_tails ~/.ssh/id_ed25519_tails ~/.ssh/id_rsa_palatine ~/.ssh/id_ed25519_palatine ~/.ssh/id_ed25519_rota"; ## Backups "borgmatic-backup-quick" = "sudo borgmatic --log-file-verbosity 2 -v1 --progress --log-file=/var/log/borgmatic.log -c /etc/borgmatic/config_checkless.yaml"; From 83a4fa2e67b2c86312c97aec74bbeaedfbfecc5f Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Thu, 22 Aug 2024 00:48:36 -0400 Subject: [PATCH 05/66] remove richie from palatine-hill --- systems/palatine-hill/default.nix | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/systems/palatine-hill/default.nix b/systems/palatine-hill/default.nix index 94d5707..2523b31 100644 --- a/systems/palatine-hill/default.nix +++ b/systems/palatine-hill/default.nix @@ -1,8 +1,5 @@ { inputs, ... }: { - users = [ - "alice" - "richie" - ]; + users = [ "alice" ]; modules = [ inputs.attic.nixosModules.atticd ]; } From ab6af4eae35e6e2ed404e4ef83ce81321c367380 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Thu, 22 Aug 2024 00:50:54 -0400 Subject: [PATCH 06/66] palatine-hill revamp --- .sops.yaml | 3 +- systems/palatine-hill/hardware.nix | 63 +++++++++++++++++++----------- systems/palatine-hill/secrets.yaml | 42 ++++++++++---------- 3 files changed, 63 insertions(+), 45 deletions(-) diff --git a/.sops.yaml b/.sops.yaml index 3c5974c..2732bf9 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -9,7 +9,8 @@ keys: # cspell:disable - &artemision age1jd2dcpykagz20kpk2kkchte3augqncwfn6nywursx0dkfyze6feqdzxkq2 - &artemision-home age1t29a6z6cfy8m3cnc8uva0ey833vhcppue8psyumts7mtyf0zufcqvfshuc - - &palatine-hill age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej + #- &palatine-hill age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej + - &palatine-hill age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh # cspell:enable servers: &servers diff --git a/systems/palatine-hill/hardware.nix b/systems/palatine-hill/hardware.nix index 2e08fcd..517ec12 100644 --- a/systems/palatine-hill/hardware.nix +++ b/systems/palatine-hill/hardware.nix @@ -1,48 +1,65 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. { config, lib, + pkgs, modulesPath, ... }: + { imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - swapDevices = [ { device = "/dev/disk/by-uuid/2b01e592-2297-4eb1-854b-17a63f1d4cf6"; } ]; boot = { + initrd.availableKernelModules = [ + "xhci_pci" + "mpt3sas" + "ahci" + "nvme" + "usb_storage" + "usbhid" + "sd_mod" + ]; + initrd.kernelModules = [ "dm-snapshot" ]; kernelModules = [ "kvm-amd" ]; extraModulePackages = [ ]; - initrd = { - kernelModules = [ ]; - availableKernelModules = [ - "ahci" - "mpt3sas" - "nvme" - "sd_mod" - "usb_storage" - "usbhid" - "xhci_pci" - ]; - }; }; fileSystems = { - "/" = lib.mkDefault { - device = "/dev/disk/by-uuid/b3b709ce-fe88-4267-be47-bf991a512cbe"; + "/" = { + device = "/dev/disk/by-uuid/8bfaa32b-09dd-45c8-831e-05e80be82f9e"; fsType = "ext4"; }; - "/boot" = { - device = "/dev/disk/by-uuid/4CBA-2451"; - fsType = "vfat"; + "/home" = { + device = "/dev/disk/by-uuid/4f1e4cc5-b0e1-402c-895c-b28368905ccc"; + fsType = "ext4"; }; + "/nix" = { device = "ZFS-primary/nix"; fsType = "zfs"; - depends = [ "/crypto/keys" ]; - neededForBoot = true; - options = [ "noatime" ]; }; + + "/boot" = { + device = "/dev/disk/by-uuid/F774-5A2D"; + fsType = "vfat"; + }; + }; + swapDevices = [ { device = "/dev/disk/by-uuid/96f3107b-db94-47b3-963e-6a2cb8b4e66a"; } ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.eno1.useDHCP = lib.mkDefault true; + # networking.interfaces.eno2.useDHCP = lib.mkDefault true; + # networking.interfaces.enp72s0f3u1u2c2.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; } diff --git a/systems/palatine-hill/secrets.yaml b/systems/palatine-hill/secrets.yaml index 2b86309..63fc7a2 100644 --- a/systems/palatine-hill/secrets.yaml +++ b/systems/palatine-hill/secrets.yaml @@ -20,36 +20,36 @@ sops: azure_kv: [] hc_vault: [] age: - - recipient: age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej + - recipient: age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBZzhuWkE1czhNdm1zMjRK - cTVhZWlmZnVqRG5RQ2FxSEpyVTdEWHdvUFRzCkJOVFJ4eTk4bUpVVlVoUnZSRTdw - SVdhc29UQktlb2lEN3VQcVZhVjFsRlUKLS0tIFpHWXZRSk1leWpIeGxub3hXOUU4 - bDRzTzhIa1N2Q1lHcG54akdOV2RyQ0EKHM4aD6KEyn8+JglVSGui3ROHyStDdAgh - BXXeg6BRwANFzxfUrpAZLoVh/pc1q9rmaxBUQ4NOM3mw+gKuv2NFrA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArVTd5WENRV3UzbGx6MVRw + OGRJSmZFRlV5cmJsK254dzUxNzhOT25hWERjCkJnTDErMWFEMXBucExjczBsdzU3 + akdrK3FndmgxalRGNUNnaXlNU1Y3NU0KLS0tIGNHWVh0cmlGY2xaYzZ4M0dhTU1j + TkYva25xYUxySkRuL0pPakZRdlhnMnMK/PapdNI40z/pALp9+uaZCIYmpD6uWfN9 + Cl2wD8f8wOuBxI/Mw1hxtJtcF+XubW/Lexjft27lcbuw76N9//ngWA== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-07-07T23:09:33Z" mac: ENC[AES256_GCM,data:nr1JAEr2FGrYtiUhrQFsBPbiR+toxzYRZVPqq7zYBMeNy70a5jMgw6qm37M8Hmt7omO/KePE+Ol27FI9Aqn8OP3CQZoSWZbul+TTItV5UWC84G3MebaesnIiFQwbpM9hz08VoQ1zxUiUFnUY4bBr6okNSyJeqq/QmkkyqhK4Wlo=,iv:0MR7AiQEX2Cl7FUtRlxaY+R2oqSbanIhwaXAN/UnHH0=,tag:RpQCtsuelu3VQVB9HzJE+g==,type:str] pgp: - - created_at: "2024-08-21T00:13:00Z" + - created_at: "2024-08-22T04:47:56Z" enc: |- -----BEGIN PGP MESSAGE----- - hQIMA/3GV3g+HEdPAQ//dEHZoDJ9BWiaZQVE8CTsKz6nvngBoAJZ/t9FH8RSaSo2 - 8K/Ix9VwpxZt5T7SDh6w6gAHPmb4gjvMFZU85DiNTumrK6zDecl3XVlcb1FaI6AY - vxIpAbHhvv6on6Yp3rst1fTvm7FQfxwPkRhR/IwQsehaXbXHw03HBpah/KAAhac/ - KVyqy8BfT0iK1YU1CEMroIAKEJi2jwBY5K0ur7u4He9IYZmJzp8kI3N/GQo9fj0R - lnGov/Q139dwA7Xi+nf0pwGeWMJ4DfJXRzEwqD0PfhYeS8qXxnMjNESojTttrOgD - 3yZ5D1Z+SHUeOEwmgyinFx5ls04TYl/XoQFnt1YwOvs8FVrnRTDKPrZ72CcGYNAG - 8Wj5SzGMlL969q/luslqyVMvRf9sxAOApjPu0be4tYoL5WfDPs1aDdSAvK/3nW8x - VTBtQu4uIqmdfP5KAbt/HyIIKQ+93dkxYVd0vOODR6fbM97cN7TCzgqnSUUhA3e8 - sIBx98SbvDbfsXVSlkPM6dLSQhvdisvlI0FkPnmDk1xFlxlOqN7Yo5iO0pk2yNDw - tW0BY2CiRNZCRshSCbQXF6yJGl76WgfIZ69NgoACB5FjXdG5t+6CHqKGIpaybowj - zb/w4wiGCxDw0GmHTfN16etKEn+GkxPR6jOzMzBc3fgwF4eyd5/+daUcU67SpTPS - XgHkZPTOPP9f2AvGDjvK6pc58LE2SzVB+eGdg8W7wc5MYpLlwsCjpH9RJUiVjj40 - 0P3V5BbGFFHHMRrpE8F8Lc2iUHRTeWHQtzv2ks2ywqmKA4bu5/tT+R6GxvRNBl0= - =MxRN + hQIMA/3GV3g+HEdPAQ/+PqkO8Jpr3v4NRB6jvlx4pXcrC2uJfZiB+EYamQ9ROqGH + oy9K7DTcn0q8Y0kfMs9AwOo26nSeuZqTRpF9NJw5p19r686Hibbg64FkmCjw8Egj + VPxzVi1GFOJo+hTuesqFJWSRHo5tPnx2mGq1L1oBAAFu43xjKRHAiJUCaAYQpXVz + aBQmr199+JAMIW2laW6SOtBbz+LeeY+1QH4VHOWT2SYzuDh9pW7CvGMKmfI1wy/A + Rh/OWC1rdZmoYHbvf9907qCId9+hnq+ybvsX8NoDhhn00dmHGPpQTVN2NbAoi0PS + N5AqsEeZGP0oYeMJ8Dh3fXNxkGjxZ95w+TpaqPF5Mj2RQVMr6zo0edUYxzgS/nBQ + hI+UufnX0qflciuv95DRPL4BAP4oRHWIClHKp0dWQU19vQPglfoPO2Jd3q8J3tB3 + TsgthVCJYGftlafuDdolofoulOmM2gya/aNvhghlnri+PmBt3b4GI4rDW1IVnIk5 + aIlhyCZ7BJog6RCd/dJts+q+RXdxYxjGGSdpgcGkFJ/EmDpdqpXizdZK5Ws9o7dY + h8M0JErrC5FXyQ27wfaSVugT5dDIflHFM2nqkV8CQlUtCU2voy77/468KHTgPKz/ + Swl2BazGpK3g1x3aMRGTTA5NNDVMDy3HDimRi1IW2Yxf1wDXn3sHS917SVpdaBjS + XgG0FUKo/jmOHQjQTK9/2LvclPAlCdPwbXv/ZUFcvAV225rDyYHMevjlEseq2v1J + 6IU6IB50LT0IbRuLdpLFYYM8NFg2BFJAG0QWTpNCQzagUEbHDWp5vSoOwXdEWbM= + =3GbE -----END PGP MESSAGE----- fp: F63832C3080D6E1AC77EECF80B4245FFE305BC82 unencrypted_suffix: _unencrypted From b03e1ea9c256aa99f5bef4d4236f665db315344e Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Thu, 22 Aug 2024 00:54:52 -0400 Subject: [PATCH 07/66] sops rotation --- users/alice/secrets.yaml | 62 ++++++++++++++++++++-------------------- 1 file changed, 31 insertions(+), 31 deletions(-) diff --git a/users/alice/secrets.yaml b/users/alice/secrets.yaml index 50ac581..ae7dc04 100644 --- a/users/alice/secrets.yaml +++ b/users/alice/secrets.yaml @@ -10,54 +10,54 @@ sops: azure_kv: [] hc_vault: [] age: - - recipient: age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej + - recipient: age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMS3FUUUxLVDBWeEw3eGNW - anowRVpiVjJ6OWM0ZHVFdXY0R0Z2aGRicmxBClFFK3RhLzg1MVBxcHFjQ05IOS9m - cDhTeVRibEhIRXFvbWR2THRFS3daWHcKLS0tIGdKajh0LzJIemo2d3U1TkgrZTdn - YXh5SzE1L2F1aUpMQXF3RGhja3h2ZXMKnMA+Ctvat+FHjLJVE77vLCiFLT12E9G3 - H+h61DkKf8huLpQOXlqhhyDVzuBXL/zdfHfD+MwYyJ9qDV7NICQx4Q== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHWHJqZWlkNDZzMVgxMWxt + SGZXbVBTbnNnWlhYMWUrK1JjajhPYWlxWkdjCkE1a1NxYWVKSUNmSXd1b3R6SDBX + TVk0QUZaUnNyMm5iRitlZmxqd0hMME0KLS0tIE1RSnhrTkQ0ZXI5bFAxVjVtaFY5 + bXZVSkwxNnhCV245dEpkTlhPNncwSG8Kv7nxSMVBv/a/ZyIMZYmE3Cx1AWykxHal + /cuADtu+KoOEM+1iGJMuP2ZfpqXSEAXBb2Zj4tnn+Jy8eGvvndHn5A== -----END AGE ENCRYPTED FILE----- - recipient: age1jd2dcpykagz20kpk2kkchte3augqncwfn6nywursx0dkfyze6feqdzxkq2 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYN1FCUmU3c2dudjVoWUQx - YkZRTEZiYVlBOURNemVXelhFeXBjTXBsMkR3CkF6b1AzaTdqalgzNnBDS0dySmRZ - QkhKSUNtY09xZklIdzNLRHV2dHRtT3cKLS0tIEdTN3JRbHQ1clhDOXA5THQyS3Za - bUJIR2NnelBIUHZLT3lxRnZBLytMajQK9jD4Vp/Ezqw+X0RCQUSzrUN8VdpDJEnQ - jDu3xNLIgV0e28O/gPIeQQG1VVM05e+1v9CJheXLNmzyqv5SWVyoLg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3eGJyTjdvNTQ2Q1doMHEv + Y01BbFIzZTlRSlA4Qkh1QmFFTlRGUDRzamdRCkh0Ym5FRVJDc3JqOUhRc2IvZEla + OWxsVnp3TTM4YUJ6QzdRbjhsMEVZT28KLS0tIHgydk1kOXh4K0hPSUxRSElnb1kz + RHQveUtwUFcvM2hrc1RnWHBZNFdyRG8K+CaW3iXDHzCKCxiO0id0ywLNdG5gj7XF + 0+iKle8o2HPaoxdYjUSQZgVsD8eOMtML7sU/TAnqwrcWiN27WuFkAw== -----END AGE ENCRYPTED FILE----- - recipient: age1t29a6z6cfy8m3cnc8uva0ey833vhcppue8psyumts7mtyf0zufcqvfshuc enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHNGQ0SitVVjdDb0VjU0ZZ - QnVYTG1TSDI2RE5qUmh4ZlFmSE9RSjJ2eEVZCm5XY2NrNjdZK0FXaFB1MllBL2lM - ZUUvelNtNk8rVmhEVjVRbEhvTFZaWkEKLS0tIE5vRmp4NTk5a3lyd0FneUZYVHJq - enFCZXpLRVo2cEVnVkRLQVJSSjc0WDAKBc1Pn6xYLRzA85Brw8Kv/8gvH6W3pg1h - nnQk3T7wKQ/uG/rlTGEEVV+maQ8g+nhLI/kzeyTNnkGBiLDUrlaUmg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArS3hsYkhJZVdacVllQjgz + Q0JnT1JsWmsraHlxZTBqOC9TZDd2YmVEdHpNCjNTOUNPaW5yUDZvSXRhVW0zcHJH + enNNb2VOUXloVTlXcjIxM2h0UG4wZHcKLS0tIExHaUd2Y3libGR0a2phdE9MWlcv + czhrU1QzdU55Z2R5Vy9JRzgwdjhTOFUKuJTq12VT9gNzgIN0FWsJxEQm0U/bpZd0 + sWtTE7oNlOomtD5wrQOUz8iJ0GNA5oyGvxFW6A6lMw8tzDm8y7MOmA== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-08-20T23:15:03Z" mac: ENC[AES256_GCM,data:VnLd4N2l7JTKA7f4eh9EKilW2f8mmEmLc06WbHASOn6N+MIGPHwyLjLbPVECuXiVl95cs0+uWsFOPEbLiS6XTB/gZE1OZMYqk0x7FVkQNxMdWwcVAQnncC6i/cdBTAx+GW1iF6Cf2eLY1wNNiASk/Bz8u3r4UJ4QFXuMovPsfxw=,iv:Cr1bAYrwlK+ClRFDsiUdEIqXDU7onubthDEQDlTM3S4=,tag:EyfcNB0xKrFRjbp517akpg==,type:str] pgp: - - created_at: "2024-08-21T00:11:50Z" + - created_at: "2024-08-22T04:54:41Z" enc: |- -----BEGIN PGP MESSAGE----- - hQIMA/3GV3g+HEdPAQ//Swqj1mjfLI4ZbGkiFSRVM6LrJWT7aVhKiw9/w7TISHA/ - w1AK7uiBI1uJqjx/B1z9Vi+8ASauB9BPDYwB5D/m8vfRXXG5mN3Z3othTNlV3wqX - lkADSe3gDCrHd575esNBiYgzdEns7nBbve4wN/rIjlOonQzkiqZpmTXXP2zVmxmZ - SMYWInqEjhlU1Jlzj4iPBsiTy1NG/llQC61mk8lyILjkSq6NzZh2qZIdYDsM8S5c - Q86aleiMRsNSMJb7sI7VoqEkQa/IBc+kA8UAwl1E5OkJ44bJPCnV03/XBqHtY4mk - M+3wnzM5TuFDAAtAkml+5+etDFQi7FeBlursvX7x0tgGOix+1xC4CmSO1HjFp/Yf - /qIuGXFHXTXmPOJ/bP/i5UB6H1G7tLi/tRfadoaz7wXJ6OFox3mtJn0kngW2qEP0 - GdJ1bL81rV2zaMG6QaupCZaqYbdHtgCEAYsrSAuV8kIO/5Ws/pRtXGBjBwIuIvVU - rE8u7KYVlifoiIPGJHVNcmTLLYivlp3AZi8RFRNA4feYpyjC/njbOqrT42GH5GR3 - yFiID9PQXH4S4AFGOYZqWOj62AZzTJji/trhns63iY4CQSvjjxUlDm3hJpkOxTo7 - 7LbvnDwyAMI6+qINyRPoH1l5gSofEzCcADaz3+YlppWwkboC6gburwjnoSrs+V7S - XgG/T52nzYf6sClT7ixoCouRviQs+JSSUGLRv7ON10x/A4NdRDG1xbszaaaNikzC - o/+ybpz463WkQkUAMhDKs4WD0TIJ8RxjWXN+fP+2hRpjv9Q2l+l7XGlNDH0IVHw= - =aq7X + hQIMA/3GV3g+HEdPAQ/+JxMX+qu167TOz6o1Us3dd+sYgJA5Z3lrzRkQHkNt5dvT + mDL7uRKoyEjhHl4RSMxLUpquFialHDvGiF5LkuouC0Ajo28W1rp+6lAl0GG/Ledv + 5N0lhYldIKCJDieeXUSn5hr+0EUIA9Eg5h8lup55oDS147FDk6FwysTFzr/1ybgE + cpLNEg5lliEafBszZ/3rwSZ2e7LvMag4wy4aTCMq+beoacUA6G4K6IO1+kTBeFVt + EGrktRGIXGHJft/JxOF8Kq0jsoQ6fnMMIlAx1c5QnvCAe8TSYLBRLeyAwP3oNrME + pDciQJ4jMxzu0yNsGEuQUW6gAbaCKNG+BLDFhx1B7Yfh1S5Fz+/Z4wuLyaDC1soW + F1j1J3+PCrijEV2Tt+eqipZrP3LrXvNqSla1hjVIkKHrkAGsO/WpqN3lCUxW2xbE + t34DD3RQrXo81RPdHmIMwn84DDyYxwe5ETns9OmDkmMVNTdvmJ+MsGW5c1XMXjfT + k4Pq0ErZswGxTefu+USpaBvRR9YJ8OcBb9a1gs4Kxd7L4qo1NR8ipPej/5esQkji + VgIas10Uz0nSKKCg/4dYDsMQ6N9BadxAk5kK+TdjwCxWVgTLXdsvpfqj0gOAMDG4 + Swgx3jt/AGs4ZS9nr6VCjF04lkzX0UfWYGkD9D7KRewP0lEjAzdzDnhlgvN9KlXS + XgHATRuBC/EdSnhwttoXJ9r8pkoyd6pLsMIhtZ4GkVjhdxpTIoQn9s5Ch+/p+/eO + VzNAuBDbuMU/WPDNgsxA7hwGgwogSyyFHzZkuqBHJPgnPHNpd8thESMURPATxW8= + =IGLA -----END PGP MESSAGE----- fp: F63832C3080D6E1AC77EECF80B4245FFE305BC82 unencrypted_suffix: _unencrypted From b43e9054fb5914d1b9c87581f37b87f0a41c72dc Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Thu, 22 Aug 2024 01:21:49 -0400 Subject: [PATCH 08/66] move to luks --- systems/palatine-hill/configuration.nix | 1 + systems/palatine-hill/hardware-changes.nix | 32 ++++++++++++++++++++++ systems/palatine-hill/zfs.nix | 21 -------------- 3 files changed, 33 insertions(+), 21 deletions(-) create mode 100644 systems/palatine-hill/hardware-changes.nix diff --git a/systems/palatine-hill/configuration.nix b/systems/palatine-hill/configuration.nix index 23b2789..a9eeb7e 100644 --- a/systems/palatine-hill/configuration.nix +++ b/systems/palatine-hill/configuration.nix @@ -8,6 +8,7 @@ imports = [ ./attic.nix ./docker.nix + ./hardware-changes.nix ./hydra.nix ./minio.nix ./networking.nix diff --git a/systems/palatine-hill/hardware-changes.nix b/systems/palatine-hill/hardware-changes.nix new file mode 100644 index 0000000..00a2a81 --- /dev/null +++ b/systems/palatine-hill/hardware-changes.nix @@ -0,0 +1,32 @@ +{ ... }: +{ + + boot.initrd.luks.devices = { + "nixos-pv" = { + device = "/dev/disk/by-uuid/l1H5s7-l3Tx-tDci-zgcx-iKPz-R7jg-Vnp8J2"; + preLVM = true; + allowDiscards = true; + }; + }; + + fileSystems = { + "/".options = [ + "noatime" + "nodiratime" + "discard" + ]; + + "/home".options = [ + "noatime" + "nodiratime" + "discard" + ]; + + "/boot".option = [ + "noatime" + "nodiratime" + "discard" + ]; + + }; +} diff --git a/systems/palatine-hill/zfs.nix b/systems/palatine-hill/zfs.nix index 4363162..fc2fc58 100644 --- a/systems/palatine-hill/zfs.nix +++ b/systems/palatine-hill/zfs.nix @@ -4,31 +4,10 @@ pkgs, ... }: -let - bootkey = key: { "/crypto/keys/${key}" = /crypto/keys/${key}; }; - zfskeys = [ - "zfs-attic-key" - "zfs-backup-key" - "zfs-calibre-key" - "zfs-db-key" - "zfs-docker-key" - "zfs-games-key" - "zfs-hydra-key" - "zfs-libvirt-key" - "zfs-main-key" - "zfs-nxtcld-key" - "zfs-torr-key" - "zfs-var-docker-key" - "zfs-nix-store-key" - "zfs-archiveteam-key" - "zfs-minio-key" - ]; -in { boot = { zfs.extraPools = [ "ZFS-primary" ]; filesystem = "zfs"; - initrd.secrets = lib.mergeAttrsList (map bootkey zfskeys); extraModprobeConfig = '' options zfs zfs_arc_min=82463372083 options zfs zfs_arc_max=192414534860 From e3d18ef14256b475a19afc43a3af76d582337a5b Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Thu, 22 Aug 2024 01:37:20 -0400 Subject: [PATCH 09/66] fix hardware --- systems/palatine-hill/hardware-changes.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/palatine-hill/hardware-changes.nix b/systems/palatine-hill/hardware-changes.nix index 00a2a81..52253d7 100644 --- a/systems/palatine-hill/hardware-changes.nix +++ b/systems/palatine-hill/hardware-changes.nix @@ -22,7 +22,7 @@ "discard" ]; - "/boot".option = [ + "/boot".options = [ "noatime" "nodiratime" "discard" From 15b4ae0a39d543a4174af0bd3da2c7fdc97cd339 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Thu, 22 Aug 2024 02:40:56 -0400 Subject: [PATCH 10/66] add bwm --- systems/artemision/desktop.nix | 41 +++--- users/alice/home/doom/init-new.el | 191 ++++++++++++++++++++++++++++ users/alice/home/hypr/hyprland.conf | 5 +- users/alice/non-server.nix | 2 + users/default.nix | 1 + 5 files changed, 220 insertions(+), 20 deletions(-) create mode 100644 users/alice/home/doom/init-new.el diff --git a/systems/artemision/desktop.nix b/systems/artemision/desktop.nix index ea51679..6094994 100644 --- a/systems/artemision/desktop.nix +++ b/systems/artemision/desktop.nix @@ -3,9 +3,28 @@ { # installs hyprland, and its dependencies - programs.hyprland = { - enable = true; - xwayland.enable = true; + programs = { + hyprland = { + enable = true; + xwayland.enable = true; + }; + gnupg.agent = { + enable = true; + #pinentryPackage = pkgs.pinentry-rofi; + pinentryPackage = pkgs.pinentry-gnome3; + #settings = { + # keyserver-options = "auto-key-retrieve"; + # auto-key-locate = "hkps://keys.openpgp.org"; + # keyserver = "hkps://keys.openpgp.org"; + #keyserver = "hkp://pgp.mit.edu"; + # "na.pool.sks-keyservers.net" + # "ipv4.pool.sks-keyservers.net" + # "p80.pool.sks-keyservers.net" + # ]; + #}; + }; + + ydotool.enable = true; }; # Optional, hint electron apps to use wayland: environment.sessionVariables.NIXOS_OZONE_WL = "1"; @@ -35,22 +54,6 @@ }; }; - programs.gnupg.agent = { - enable = true; - #pinentryPackage = pkgs.pinentry-rofi; - pinentryPackage = pkgs.pinentry-gnome3; - #settings = { - # keyserver-options = "auto-key-retrieve"; - # auto-key-locate = "hkps://keys.openpgp.org"; - # keyserver = "hkps://keys.openpgp.org"; - #keyserver = "hkp://pgp.mit.edu"; - # "na.pool.sks-keyservers.net" - # "ipv4.pool.sks-keyservers.net" - # "p80.pool.sks-keyservers.net" - # ]; - #}; - }; - environment.systemPackages = with pkgs; [ libsForQt5.qt5.qtwayland qt6.qtwayland diff --git a/users/alice/home/doom/init-new.el b/users/alice/home/doom/init-new.el new file mode 100644 index 0000000..f18e9c4 --- /dev/null +++ b/users/alice/home/doom/init-new.el @@ -0,0 +1,191 @@ +;;; init.el -*- lexical-binding: t; -*- + +;; This file controls what Doom modules are enabled and what order they load +;; in. Remember to run 'doom sync' after modifying it! + +;; NOTE Press 'SPC h d h' (or 'C-h d h' for non-vim users) to access Doom's +;; documentation. There you'll find a link to Doom's Module Index where all +;; of our modules are listed, including what flags they support. + +;; NOTE Move your cursor over a module's name (or its flags) and press 'K' (or +;; 'C-c c k' for non-vim users) to view its documentation. This works on +;; flags as well (those symbols that start with a plus). +;; +;; Alternatively, press 'gd' (or 'C-c c d') on a module to browse its +;; directory (for easy access to its source code). + +(doom! :input + ;;bidi ; (tfel ot) thgir etirw uoy gnipleh + ;;chinese + ;;japanese + ;;layout ; auie,ctsrnm is the superior home row + + :completion + ;;company ; the ultimate code completion backend + (corfu +orderless) ; complete with cap(f), cape and a flying feather! + ;;helm ; the *other* search engine for love and life + ;;ido ; the other *other* search engine... + ;;ivy ; a search engine for love and life + vertico ; the search engine of the future + + :ui + ;;deft ; notational velocity for Emacs + doom ; what makes DOOM look the way it does + doom-dashboard ; a nifty splash screen for Emacs + ;;doom-quit ; DOOM quit-message prompts when you quit Emacs + ;;(emoji +unicode) ; 🙂 + hl-todo ; highlight TODO/FIXME/NOTE/DEPRECATED/HACK/REVIEW + ;;indent-guides ; highlighted indent columns + ;;ligatures ; ligatures and symbols to make your code pretty again + ;;minimap ; show a map of the code on the side + modeline ; snazzy, Atom-inspired modeline, plus API + ;;nav-flash ; blink cursor line after big motions + ;;neotree ; a project drawer, like NERDTree for vim + ophints ; highlight the region an operation acts on + (popup +defaults) ; tame sudden yet inevitable temporary windows + ;;tabs ; a tab bar for Emacs + ;;treemacs ; a project drawer, like neotree but cooler + ;;unicode ; extended unicode support for various languages + (vc-gutter +pretty) ; vcs diff in the fringe + vi-tilde-fringe ; fringe tildes to mark beyond EOB + ;;window-select ; visually switch windows + workspaces ; tab emulation, persistence & separate workspaces + ;;zen ; distraction-free coding or writing + + :editor + (evil +everywhere); come to the dark side, we have cookies + file-templates ; auto-snippets for empty files + fold ; (nigh) universal code folding + ;;(format +onsave) ; automated prettiness + ;;god ; run Emacs commands without modifier keys + ;;lispy ; vim for lisp, for people who don't like vim + ;;multiple-cursors ; editing in many places at once + ;;objed ; text object editing for the innocent + ;;parinfer ; turn lisp into python, sort of + ;;rotate-text ; cycle region at point between text candidates + snippets ; my elves. They type so I don't have to + ;;word-wrap ; soft wrapping with language-aware indent + + :emacs + dired ; making dired pretty [functional] + electric ; smarter, keyword-based electric-indent + ;;ibuffer ; interactive buffer management + undo ; persistent, smarter undo for your inevitable mistakes + vc ; version-control and Emacs, sitting in a tree + + :term + ;;eshell ; the elisp shell that works everywhere + ;;shell ; simple shell REPL for Emacs + ;;term ; basic terminal emulator for Emacs + ;;vterm ; the best terminal emulation in Emacs + + :checkers + syntax ; tasing you for every semicolon you forget + ;;(spell +flyspell) ; tasing you for misspelling mispelling + ;;grammar ; tasing grammar mistake every you make + + :tools + ;;ansible + ;;biblio ; Writes a PhD for you (citation needed) + ;;collab ; buffers with friends + ;;debugger ; FIXME stepping through code, to help you add bugs + ;;direnv + ;;docker + ;;editorconfig ; let someone else argue about tabs vs spaces + ;;ein ; tame Jupyter notebooks with emacs + (eval +overlay) ; run code, run (also, repls) + lookup ; navigate your code and its documentation + ;;lsp ; M-x vscode + magit ; a git porcelain for Emacs + ;;make ; run make tasks from Emacs + ;;pass ; password manager for nerds + ;;pdf ; pdf enhancements + ;;prodigy ; FIXME managing external services & code builders + ;;terraform ; infrastructure as code + ;;tmux ; an API for interacting with tmux + ;;tree-sitter ; syntax and parsing, sitting in a tree... + ;;upload ; map local to remote projects via ssh/ftp + + :os + (:if (featurep :system 'macos) macos) ; improve compatibility with macOS + ;;tty ; improve the terminal Emacs experience + + :lang + ;;agda ; types of types of types of types... + ;;beancount ; mind the GAAP + ;;(cc +lsp) ; C > C++ == 1 + ;;clojure ; java with a lisp + ;;common-lisp ; if you've seen one lisp, you've seen them all + ;;coq ; proofs-as-programs + ;;crystal ; ruby at the speed of c + ;;csharp ; unity, .NET, and mono shenanigans + ;;data ; config/data formats + ;;(dart +flutter) ; paint ui and not much else + ;;dhall + ;;elixir ; erlang done right + ;;elm ; care for a cup of TEA? + emacs-lisp ; drown in parentheses + ;;erlang ; an elegant language for a more civilized age + ;;ess ; emacs speaks statistics + ;;factor + ;;faust ; dsp, but you get to keep your soul + ;;fortran ; in FORTRAN, GOD is REAL (unless declared INTEGER) + ;;fsharp ; ML stands for Microsoft's Language + ;;fstar ; (dependent) types and (monadic) effects and Z3 + ;;gdscript ; the language you waited for + ;;(go +lsp) ; the hipster dialect + ;;(graphql +lsp) ; Give queries a REST + ;;(haskell +lsp) ; a language that's lazier than I am + ;;hy ; readability of scheme w/ speed of python + ;;idris ; a language you can depend on + ;;json ; At least it ain't XML + ;;(java +lsp) ; the poster child for carpal tunnel syndrome + ;;javascript ; all(hope(abandon(ye(who(enter(here)))))) + ;;julia ; a better, faster MATLAB + ;;kotlin ; a better, slicker Java(Script) + ;;latex ; writing papers in Emacs has never been so fun + ;;lean ; for folks with too much to prove + ;;ledger ; be audit you can be + ;;lua ; one-based indices? one-based indices + markdown ; writing docs for people to ignore + ;;nim ; python + lisp at the speed of c + ;;nix ; I hereby declare "nix geht mehr!" + ;;ocaml ; an objective camel + org ; organize your plain life in plain text + ;;php ; perl's insecure younger brother + ;;plantuml ; diagrams for confusing people more + ;;purescript ; javascript, but functional + ;;python ; beautiful is better than ugly + ;;qt ; the 'cutest' gui framework ever + ;;racket ; a DSL for DSLs + ;;raku ; the artist formerly known as perl6 + ;;rest ; Emacs as a REST client + ;;rst ; ReST in peace + ;;(ruby +rails) ; 1.step {|i| p "Ruby is #{i.even? ? 'love' : 'life'}"} + ;;(rust +lsp) ; Fe2O3.unwrap().unwrap().unwrap().unwrap() + ;;scala ; java, but good + ;;(scheme +guile) ; a fully conniving family of lisps + sh ; she sells {ba,z,fi}sh shells on the C xor + ;;sml + ;;solidity ; do you need a blockchain? No. + ;;swift ; who asked for emoji variables? + ;;terra ; Earth and Moon in alignment for performance. + ;;web ; the tubes + ;;yaml ; JSON, but readable + ;;zig ; C, but simpler + + :email + ;;(mu4e +org +gmail) + ;;notmuch + ;;(wanderlust +gmail) + + :app + ;;calendar + ;;emms + ;;everywhere ; *leave* Emacs!? You must be joking + ;;irc ; how neckbeards socialize + ;;(rss +org) ; emacs as an RSS reader + + :config + ;;literate + (default +bindings +smartparens)) diff --git a/users/alice/home/hypr/hyprland.conf b/users/alice/home/hypr/hyprland.conf index e6fc75f..0d18f6e 100644 --- a/users/alice/home/hypr/hyprland.conf +++ b/users/alice/home/hypr/hyprland.conf @@ -144,7 +144,7 @@ bind = $mainMod, W, killactive, bind = $mainMod, E, exec, $fileManager bind = $mainMod, V, togglefloating, bind = $mainMod, SPACE, exec, $menu -bind = $mainMod, P, pseudo, # dwindle +bind = $mainMod, O, pseudo, # dwindle bind = $mainMod, J, togglesplit, # dwindle # Move focus with mainMod + arrow keys @@ -198,3 +198,6 @@ bind = $mainMod, K, exec, pkill zoom; zoom # reload hyprland config bind = $mainMod, escape, exec, hyprctl reload + +# open bwm +bind = $mainMod, O, exec, bwm diff --git a/users/alice/non-server.nix b/users/alice/non-server.nix index 739cecb..f2bbcb8 100644 --- a/users/alice/non-server.nix +++ b/users/alice/non-server.nix @@ -55,5 +55,7 @@ treefmt nextcloud-client + bitwarden-cli + bitwarden-menu ]; } diff --git a/users/default.nix b/users/default.nix index 67868f7..bd221ef 100644 --- a/users/default.nix +++ b/users/default.nix @@ -25,5 +25,6 @@ "dialout" "plugdev" "uaccess" + "ydotool" ]; } From 31542edb86aa0b8d88d5266cd6472244e34f34d6 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Thu, 22 Aug 2024 02:41:08 -0400 Subject: [PATCH 11/66] fix uuid --- flake.nix | 2 +- systems/palatine-hill/hardware-changes.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/flake.nix b/flake.nix index 2adb1fc..48e73e5 100644 --- a/flake.nix +++ b/flake.nix @@ -4,7 +4,7 @@ nixConfig = { substituters = [ "https://cache.nixos.org/?priority=1&want-mass-query=true" - "https://attic.alicehuston.xyz/cache-nix-dot?priority=4&want-mass-query=true" + #"https://attic.alicehuston.xyz/cache-nix-dot?priority=4&want-mass-query=true" "https://nix-community.cachix.org/?priority=10&want-mass-query=true" ]; trusted-substituters = [ diff --git a/systems/palatine-hill/hardware-changes.nix b/systems/palatine-hill/hardware-changes.nix index 52253d7..ece3b75 100644 --- a/systems/palatine-hill/hardware-changes.nix +++ b/systems/palatine-hill/hardware-changes.nix @@ -3,7 +3,7 @@ boot.initrd.luks.devices = { "nixos-pv" = { - device = "/dev/disk/by-uuid/l1H5s7-l3Tx-tDci-zgcx-iKPz-R7jg-Vnp8J2"; + device = "/dev/disk/by-uuid/614787a6-784a-4932-b787-cb6424725444"; preLVM = true; allowDiscards = true; }; From 0db3f9b6d133fd22221e590976b81b20b373b528 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Thu, 22 Aug 2024 03:04:31 -0400 Subject: [PATCH 12/66] enable lvm in stage 1 --- systems/palatine-hill/hardware-changes.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/systems/palatine-hill/hardware-changes.nix b/systems/palatine-hill/hardware-changes.nix index ece3b75..cc820bc 100644 --- a/systems/palatine-hill/hardware-changes.nix +++ b/systems/palatine-hill/hardware-changes.nix @@ -1,6 +1,8 @@ { ... }: { + boot.initrd.services.lvm.enable = true; + boot.initrd.luks.devices = { "nixos-pv" = { device = "/dev/disk/by-uuid/614787a6-784a-4932-b787-cb6424725444"; @@ -28,5 +30,10 @@ "discard" ]; + "/nix".depends = [ + "/" + "/crypto" + ]; + }; } From 384964759c895eaea4b752372f222920807bf92f Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Thu, 22 Aug 2024 09:35:39 -0400 Subject: [PATCH 13/66] lvm stage 1, bwmenu --- flake.nix | 4 ++ pkgs/bitwarden-rofi/default.nix | 70 ++++++++++++++++++++++ systems/palatine-hill/hardware-changes.nix | 2 + users/alice/home/hypr/hyprland.conf | 2 +- users/alice/non-server.nix | 1 + 5 files changed, 78 insertions(+), 1 deletion(-) create mode 100644 pkgs/bitwarden-rofi/default.nix diff --git a/flake.nix b/flake.nix index 48e73e5..0f0e4ba 100644 --- a/flake.nix +++ b/flake.nix @@ -162,5 +162,9 @@ checks = import ./checks.nix { inherit inputs forEachSystem formatter; }; devShells = import ./shell.nix { inherit inputs forEachSystem checks; }; + + packages.bitwarden-rofi = + inputs.nixpkgs.legacyPackages.x86-64_linux.callPackage ./pkgs/bitwarden-rofi + { }; }; } diff --git a/pkgs/bitwarden-rofi/default.nix b/pkgs/bitwarden-rofi/default.nix new file mode 100644 index 0000000..c99fdc8 --- /dev/null +++ b/pkgs/bitwarden-rofi/default.nix @@ -0,0 +1,70 @@ +# source: https://github.com/kylesferrazza/nix/blob/288edcd1d34884b9b7083c6d718fbe10febe0623/overlay/bitwarden-rofi.nix +# TODO https://github.com/mattydebie/bitwarden-rofi/issues/34 + +{ + stdenv, + lib, + fetchFromGitHub, + makeWrapper, + unixtools, + xsel, + xclip, + wl-clipboard, + xdotool, + ydotool, + bitwarden-cli, + rofi, + jq, + keyutils, + libnotify, +}: +let + bins = [ + jq + bitwarden-cli + unixtools.getopt + rofi + xsel + xclip + wl-clipboard + xdotool + ydotool + keyutils + libnotify + ]; +in +stdenv.mkDerivation { + pname = "bitwarden-rofi"; + version = "git-2024-08-22"; + + src = fetchFromGitHub { + owner = "mattydebie"; + repo = "bitwarden-rofi"; + rev = "8be76fdd647c2bdee064e52603331d8e6ed5e8e2"; + sha256 = ""; + }; + + buildInputs = [ makeWrapper ]; + + installPhase = '' + mkdir -p "$out/bin" + install -Dm755 "bwmenu" "$out/bin/bwmenu" + install -Dm755 "lib-bwmenu" "$out/bin/lib-bwmenu" # TODO don't put this in bin + + install -Dm755 -d "$out/usr/share/doc/bitwarden-rofi" + install -Dm755 -d "$out/usr/share/doc/bitwarden-rofi/img" + + install -Dm644 "README.md" "$out/usr/share/doc/bitwarden-rofi/README.md" + install -Dm644 img/* "$out/usr/share/doc/bitwarden-rofi/img/" + + wrapProgram "$out/bin/bwmenu" --prefix PATH : ${lib.makeBinPath bins} + ''; + + meta = with lib; { + description = "Wrapper for Bitwarden and Rofi"; + homepage = "https://github.com/mattydebie/bitwarden-rofi"; + license = licenses.gpl3; + platforms = platforms.linux; + }; + +} diff --git a/systems/palatine-hill/hardware-changes.nix b/systems/palatine-hill/hardware-changes.nix index cc820bc..94b099b 100644 --- a/systems/palatine-hill/hardware-changes.nix +++ b/systems/palatine-hill/hardware-changes.nix @@ -28,6 +28,8 @@ "noatime" "nodiratime" "discard" + "fmask=0077" + "dmask=0077" ]; "/nix".depends = [ diff --git a/users/alice/home/hypr/hyprland.conf b/users/alice/home/hypr/hyprland.conf index 0d18f6e..d1381a6 100644 --- a/users/alice/home/hypr/hyprland.conf +++ b/users/alice/home/hypr/hyprland.conf @@ -200,4 +200,4 @@ bind = $mainMod, K, exec, pkill zoom; zoom bind = $mainMod, escape, exec, hyprctl reload # open bwm -bind = $mainMod, O, exec, bwm +bind = $mainMod, P, exec, bwm diff --git a/users/alice/non-server.nix b/users/alice/non-server.nix index f2bbcb8..b171b2d 100644 --- a/users/alice/non-server.nix +++ b/users/alice/non-server.nix @@ -57,5 +57,6 @@ nextcloud-client bitwarden-cli bitwarden-menu + wtype ]; } From 6402e70d2301d488a49d5759f2f15022817f8c0a Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Thu, 22 Aug 2024 10:08:28 -0400 Subject: [PATCH 14/66] add bitwarden-rofi --- flake.nix | 4 +- lib/systems.nix | 17 +++++- modules/base.nix | 3 +- pkgs/bitwarden-rofi/default.nix | 2 +- users/alice/non-server.nix | 102 +++++++++++++++++--------------- 5 files changed, 72 insertions(+), 56 deletions(-) diff --git a/flake.nix b/flake.nix index 0f0e4ba..e5e2f4b 100644 --- a/flake.nix +++ b/flake.nix @@ -153,7 +153,7 @@ hydraJobs = import ./hydra/jobs.nix { inherit inputs outputs systems; }; formatter = forEachSystem (system: nixpkgs.legacyPackages.${system}.nixfmt-rfc-style); - nixosConfigurations = genSystems inputs src (src + "/systems"); + nixosConfigurations = genSystems inputs outputs src (src + "/systems"); images = { install-iso = getImages nixosConfigurations "install-iso"; iso = getImages nixosConfigurations "iso"; @@ -164,7 +164,7 @@ devShells = import ./shell.nix { inherit inputs forEachSystem checks; }; packages.bitwarden-rofi = - inputs.nixpkgs.legacyPackages.x86-64_linux.callPackage ./pkgs/bitwarden-rofi + inputs.nixpkgs.legacyPackages.x86_64-linux.callPackage ./pkgs/bitwarden-rofi { }; }; } diff --git a/lib/systems.nix b/lib/systems.nix index 656bc20..a3188f2 100644 --- a/lib/systems.nix +++ b/lib/systems.nix @@ -149,6 +149,7 @@ rec { configPath, hostname, inputs, + outputs, src, users, home ? true, @@ -160,7 +161,12 @@ rec { lib.nixosSystem { inherit system; specialArgs = { - inherit inputs server system; + inherit + inputs + outputs + server + system + ; }; modules = [ @@ -194,7 +200,7 @@ rec { # type: # genSystems :: AttrSet -> Path -> Path -> AttrSet genSystems = - inputs: src: path: + inputs: outputs: src: path: builtins.listToAttrs ( map ( name: @@ -205,7 +211,12 @@ rec { inherit name; value = constructSystem ( { - inherit inputs src configPath; + inherit + inputs + outputs + src + configPath + ; hostname = name; } // import configPath { inherit inputs; } diff --git a/modules/base.nix b/modules/base.nix index 85d886b..d9882ba 100644 --- a/modules/base.nix +++ b/modules/base.nix @@ -1,6 +1,7 @@ { lib, inputs, + outputs, server, system, ... @@ -26,7 +27,7 @@ useUserPackages = true; sharedModules = [ inputs.sops-nix.homeManagerModules.sops ]; extraSpecialArgs = { - inherit inputs; + inherit inputs outputs; machineConfig = { inherit server system; }; diff --git a/pkgs/bitwarden-rofi/default.nix b/pkgs/bitwarden-rofi/default.nix index c99fdc8..50c49bc 100644 --- a/pkgs/bitwarden-rofi/default.nix +++ b/pkgs/bitwarden-rofi/default.nix @@ -41,7 +41,7 @@ stdenv.mkDerivation { owner = "mattydebie"; repo = "bitwarden-rofi"; rev = "8be76fdd647c2bdee064e52603331d8e6ed5e8e2"; - sha256 = ""; + sha256 = "1h5d21kv8g5g725chn3n0i1frvmsrk3pm67lfxqcg50kympg0wwd"; }; buildInputs = [ makeWrapper ]; diff --git a/users/alice/non-server.nix b/users/alice/non-server.nix index b171b2d..d4421ef 100644 --- a/users/alice/non-server.nix +++ b/users/alice/non-server.nix @@ -1,62 +1,66 @@ -{ pkgs, ... }: +{ pkgs, outputs, ... }: { programs.emacs = { enable = true; package = pkgs.emacs29-pgtk; }; - home.packages = with pkgs; [ - cmake - shellcheck - glslang - pipenv - python312Packages.isort - python312Packages.pytest + home.packages = + with pkgs; + [ + cmake + shellcheck + glslang + pipenv + python312Packages.isort + python312Packages.pytest - # rust tools - trunk - wasm-pack - cargo-tarpaulin - cargo-watch - cargo-generate - diesel-cli - cargo-audit - gitoxide + # rust tools + trunk + wasm-pack + cargo-tarpaulin + cargo-watch + cargo-generate + diesel-cli + cargo-audit + gitoxide - # nix tools - nil - nixfmt-rfc-style - nix-init + # nix tools + nil + nixfmt-rfc-style + nix-init - # markdown - nodePackages.markdownlint-cli + # markdown + nodePackages.markdownlint-cli - # doom emacs dependencies - yaml-language-server - nodePackages.typescript-language-server - nodePackages.bash-language-server - pyright - cmake-language-server - multimarkdown - rustc - cargo - rust-analyzer - clang - clang-tools - wakatime - enchant - nuspell - hunspellDicts.en-us - languagetool + # doom emacs dependencies + yaml-language-server + nodePackages.typescript-language-server + nodePackages.bash-language-server + pyright + cmake-language-server + multimarkdown + rustc + cargo + rust-analyzer + clang + clang-tools + wakatime + enchant + nuspell + hunspellDicts.en-us + languagetool - # dependencies for nix-dotfiles/hydra-check-action - nodejs_20 - nodePackages.prettier - treefmt + # dependencies for nix-dotfiles/hydra-check-action + nodejs_20 + nodePackages.prettier + treefmt - nextcloud-client - bitwarden-cli - bitwarden-menu - wtype - ]; + nextcloud-client + bitwarden-cli + bitwarden-menu + wtype + + ] + ++ [ outputs.packages.bitwarden-rofi ]; } From f780780523be8287e090059e93d515ce105ee1c6 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Thu, 22 Aug 2024 10:09:10 -0400 Subject: [PATCH 15/66] remove richie machines --- systems/bob/configuration.nix | 106 -------------------- systems/bob/default.nix | 8 -- systems/bob/hardware.nix | 66 ------------ systems/bob/nvidia.nix | 13 --- systems/bob/steam.nix | 15 --- systems/rhapsody-in-green/configuration.nix | 100 ------------------ systems/rhapsody-in-green/default.nix | 9 -- systems/rhapsody-in-green/hardware.nix | 50 --------- 8 files changed, 367 deletions(-) delete mode 100644 systems/bob/configuration.nix delete mode 100644 systems/bob/default.nix delete mode 100644 systems/bob/hardware.nix delete mode 100644 systems/bob/nvidia.nix delete mode 100644 systems/bob/steam.nix delete mode 100644 systems/rhapsody-in-green/configuration.nix delete mode 100644 systems/rhapsody-in-green/default.nix delete mode 100644 systems/rhapsody-in-green/hardware.nix diff --git a/systems/bob/configuration.nix b/systems/bob/configuration.nix deleted file mode 100644 index c49540c..0000000 --- a/systems/bob/configuration.nix +++ /dev/null @@ -1,106 +0,0 @@ -{ - imports = [ - ../../users/richie/global/desktop.nix - ../../users/richie/global/ssh.nix - ../../users/richie/global/syncthing_base.nix - ../../users/richie/global/zerotier.nix - ./hardware.nix - ./nvidia.nix - ./steam.nix - ]; - - boot = { - useSystemdBoot = true; - default = true; - }; - - networking = { - networkmanager.enable = true; - hostId = "9ab3b18e"; - }; - - hardware = { - pulseaudio.enable = false; - bluetooth = { - enable = true; - powerOnBoot = true; - }; - }; - - security.rtkit.enable = true; - - services = { - autopull.enable = false; - - displayManager.sddm.enable = true; - - openssh.ports = [ 262 ]; - - printing.enable = true; - - pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - }; - - rad-dev.k3s-net.enable = false; - - syncthing.settings.folders = { - "notes" = { - id = "l62ul-lpweo"; # cspell:disable-line - path = "/home/richie/notes"; - devices = [ - "phone" - "jeeves" - "rhapsody-in-green" - ]; - fsWatcherEnabled = true; - }; - "books" = { - id = "6uppx-vadmy"; # cspell:disable-line - path = "/home/richie/books"; - devices = [ - "phone" - "jeeves" - "rhapsody-in-green" - ]; - fsWatcherEnabled = true; - }; - "important" = { - id = "4ckma-gtshs"; # cspell:disable-line - path = "/home/richie/important"; - devices = [ - "phone" - "jeeves" - "rhapsody-in-green" - ]; - fsWatcherEnabled = true; - }; - "music" = { - id = "vprc5-3azqc"; # cspell:disable-line - path = "/home/richie/music"; - devices = [ - "phone" - "jeeves" - "rhapsody-in-green" - ]; - fsWatcherEnabled = true; - }; - "projects" = { - id = "vyma6-lqqrz"; # cspell:disable-line - path = "/home/richie/projects"; - devices = [ - "jeeves" - "rhapsody-in-green" - ]; - fsWatcherEnabled = true; - }; - }; - }; - - system.autoUpgrade.enable = false; - - system.stateVersion = "23.11"; -} diff --git a/systems/bob/default.nix b/systems/bob/default.nix deleted file mode 100644 index 712e2ed..0000000 --- a/systems/bob/default.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ ... }: -{ - users = [ "richie" ]; - system = "x86_64-linux"; - home = true; - sops = true; - server = false; -} diff --git a/systems/bob/hardware.nix b/systems/bob/hardware.nix deleted file mode 100644 index db9f28a..0000000 --- a/systems/bob/hardware.nix +++ /dev/null @@ -1,66 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ - config, - lib, - modulesPath, - ... -}: - -{ - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - - boot = { - initrd = { - availableKernelModules = [ - "nvme" - "xhci_pci" - "ahci" - "usb_storage" - "sd_mod" - ]; - kernelModules = [ ]; - luks.devices = { - "luks-rpool-nvme-Samsung_SSD_970_EVO_Plus_1TB_S6S1NS0T617615W-part2".device = "/dev/disk/by-id/nvme-Samsung_SSD_970_EVO_Plus_1TB_S6S1NS0T617615W-part2"; - }; - }; - kernelModules = [ "kvm-amd" ]; - extraModulePackages = [ ]; - }; - - fileSystems = { - "/" = lib.mkDefault { - device = "rpool/root"; - fsType = "zfs"; - }; - - "/home" = { - device = "rpool/home"; - fsType = "zfs"; - }; - - "/boot" = { - device = "/dev/disk/by-uuid/8AE6-270D"; - fsType = "vfat"; - options = [ - "fmask=0077" - "dmask=0077" - ]; - }; - }; - - swapDevices = [ ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.eno1.useDHCP = lib.mkDefault true; - # networking.interfaces.enp5s0.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp11s0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/systems/bob/nvidia.nix b/systems/bob/nvidia.nix deleted file mode 100644 index 2970577..0000000 --- a/systems/bob/nvidia.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ config, ... }: -{ - services.xserver.videoDrivers = [ "nvidia" ]; - hardware = { - nvidia = { - modesetting.enable = true; - powerManagement.enable = true; - package = config.boot.kernelPackages.nvidiaPackages.production; - nvidiaSettings = true; - }; - nvidia-container-toolkit.enable = true; - }; -} diff --git a/systems/bob/steam.nix b/systems/bob/steam.nix deleted file mode 100644 index 17c2e23..0000000 --- a/systems/bob/steam.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ pkgs, ... }: - -{ - environment.systemPackages = [ pkgs.steam-run ]; - hardware.steam-hardware.enable = true; - programs = { - steam = { - enable = true; - remotePlay.openFirewall = true; - localNetworkGameTransfers.openFirewall = true; - extraCompatPackages = with pkgs; [ proton-ge-bin ]; - extest.enable = true; - }; - }; -} diff --git a/systems/rhapsody-in-green/configuration.nix b/systems/rhapsody-in-green/configuration.nix deleted file mode 100644 index b468259..0000000 --- a/systems/rhapsody-in-green/configuration.nix +++ /dev/null @@ -1,100 +0,0 @@ -{ - imports = [ - ../../users/richie/global/desktop.nix - ../../users/richie/global/syncthing_base.nix - ../../users/richie/global/zerotier.nix - ./hardware.nix - ]; - - boot = { - useSystemdBoot = true; - default = true; - }; - - networking = { - networkmanager.enable = true; - hostId = "9b68eb32"; - }; - - hardware = { - pulseaudio.enable = false; - bluetooth = { - enable = true; - powerOnBoot = true; - }; - }; - - security.rtkit.enable = true; - - services = { - autopull.enable = false; - - displayManager.sddm.enable = true; - - openssh.ports = [ 922 ]; - - printing.enable = true; - - pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - }; - - syncthing.settings.folders = { - "notes" = { - id = "l62ul-lpweo"; # cspell:disable-line - path = "/home/richie/notes"; - devices = [ - "bob" - "phone" - "jeeves" - ]; - fsWatcherEnabled = true; - }; - "books" = { - id = "6uppx-vadmy"; # cspell:disable-line - path = "/home/richie/books"; - devices = [ - "bob" - "phone" - "jeeves" - ]; - fsWatcherEnabled = true; - }; - "important" = { - id = "4ckma-gtshs"; # cspell:disable-line - path = "/home/richie/important"; - devices = [ - "bob" - "phone" - "jeeves" - ]; - fsWatcherEnabled = true; - }; - "music" = { - id = "vprc5-3azqc"; # cspell:disable-line - path = "/home/richie/music"; - devices = [ - "bob" - "phone" - "jeeves" - ]; - fsWatcherEnabled = true; - }; - "projects" = { - id = "vyma6-lqqrz"; # cspell:disable-line - path = "/home/richie/projects"; - devices = [ - "bob" - "jeeves" - ]; - fsWatcherEnabled = true; - }; - }; - }; - - system.autoUpgrade.enable = false; - system.stateVersion = "23.11"; -} diff --git a/systems/rhapsody-in-green/default.nix b/systems/rhapsody-in-green/default.nix deleted file mode 100644 index 3fdacca..0000000 --- a/systems/rhapsody-in-green/default.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ inputs, ... }: -{ - users = [ "richie" ]; - system = "x86_64-linux"; - home = true; - sops = true; - server = false; - modules = [ inputs.nixos-hardware.nixosModules.framework-13-7040-amd ]; -} diff --git a/systems/rhapsody-in-green/hardware.nix b/systems/rhapsody-in-green/hardware.nix deleted file mode 100644 index 6faf14e..0000000 --- a/systems/rhapsody-in-green/hardware.nix +++ /dev/null @@ -1,50 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ - config, - lib, - modulesPath, - ... -}: - -{ - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - - boot = { - - initrd.availableKernelModules = [ - "nvme" - "xhci_pci" - "thunderbolt" - "usbhid" - ]; - initrd.kernelModules = [ ]; - kernelModules = [ "kvm-amd" ]; - extraModulePackages = [ ]; - }; - - fileSystems."/" = lib.mkDefault { - device = "/dev/disk/by-uuid/c5cc486b-0076-40b0-9402-7ddb2b4a7fdf"; - fsType = "ext4"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/D571-3949"; - fsType = "vfat"; - }; - - swapDevices = [ { device = "/dev/disk/by-uuid/57a25825-69a9-41ac-999e-5137a01edc9e"; } ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.docker0.useDHCP = lib.mkDefault true; - # networking.interfaces.enp195s0f3u1u3.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} From 12555ebc3a771508d50f1f65df0c0b43686579a7 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Sat, 24 Aug 2024 00:34:09 -0400 Subject: [PATCH 16/66] and palatine-hill is booting! Signed-off-by: ahuston-0 --- systems/artemision/configuration.nix | 1 - systems/artemision/hardware.nix | 4 --- systems/palatine-hill/configuration.nix | 1 - systems/palatine-hill/hardware-changes.nix | 40 ++++++++++++++++------ users/alice/default.nix | 2 +- 5 files changed, 31 insertions(+), 17 deletions(-) diff --git a/systems/artemision/configuration.nix b/systems/artemision/configuration.nix index b436f49..910b165 100644 --- a/systems/artemision/configuration.nix +++ b/systems/artemision/configuration.nix @@ -73,7 +73,6 @@ fprintd.enable = lib.mkForce false; openssh.enable = lib.mkForce false; - journald.storage = "volatile"; spotifyd = { enable = true; settings = { diff --git a/systems/artemision/hardware.nix b/systems/artemision/hardware.nix index 2938ede..b151432 100644 --- a/systems/artemision/hardware.nix +++ b/systems/artemision/hardware.nix @@ -52,7 +52,6 @@ options = [ "noatime" "nodiratime" - "discard" ]; }; @@ -62,7 +61,6 @@ options = [ "noatime" "nodiratime" - "discard" ]; }; @@ -72,7 +70,6 @@ options = [ "noatime" "nodiratime" - "discard" ]; }; @@ -82,7 +79,6 @@ options = [ "noatime" "nodiratime" - "discard" ]; }; }; diff --git a/systems/palatine-hill/configuration.nix b/systems/palatine-hill/configuration.nix index a9eeb7e..4eacd9b 100644 --- a/systems/palatine-hill/configuration.nix +++ b/systems/palatine-hill/configuration.nix @@ -64,7 +64,6 @@ nfs.server.enable = true; openssh.ports = [ 666 ]; smartd.enable = true; - journald.storage = "volatile"; postgresql = { enable = true; diff --git a/systems/palatine-hill/hardware-changes.nix b/systems/palatine-hill/hardware-changes.nix index 94b099b..0cedbe9 100644 --- a/systems/palatine-hill/hardware-changes.nix +++ b/systems/palatine-hill/hardware-changes.nix @@ -1,33 +1,53 @@ -{ ... }: +{ lib, ... }: { - boot.initrd.services.lvm.enable = true; + boot.zfs.requestEncryptionCredentials = lib.mkForce false; - boot.initrd.luks.devices = { - "nixos-pv" = { - device = "/dev/disk/by-uuid/614787a6-784a-4932-b787-cb6424725444"; - preLVM = true; - allowDiscards = true; + boot.initrd = { + services.lvm.enable = true; + luks.devices = { + "nixos-pv" = { + device = "/dev/disk/by-uuid/614787a6-784a-4932-b787-cb6424725444"; + preLVM = true; + allowDiscards = true; + }; }; + + postResumeCommands = '' + # let root mount and everything, then manually unlock stuff + load_zfs_nix() { + local device="/dev/disk/by-uuid/8bfaa32b-09dd-45c8-831e-05e80be82f9e" + local mountPoint="/" + local options="x-initrd.mount,noatime,nodiratime" + local fsType="ext4" + + echo "manually mounting key location, then unmounting" + udevadm settle + + mountFS "$device" "$(escapeFstab "$mountPoint")" "$(escapeFstab "$options")" "$fsType" + + zfs load-key -L "file://$targetRoot/crypto/keys/zfs-nix-store-key" "ZFS-primary/nix" + umount "$targetRoot/" + } + + load_zfs_nix + ''; }; fileSystems = { "/".options = [ "noatime" "nodiratime" - "discard" ]; "/home".options = [ "noatime" "nodiratime" - "discard" ]; "/boot".options = [ "noatime" "nodiratime" - "discard" "fmask=0077" "dmask=0077" ]; diff --git a/users/alice/default.nix b/users/alice/default.nix index ff0f9b8..5c337a2 100644 --- a/users/alice/default.nix +++ b/users/alice/default.nix @@ -13,6 +13,6 @@ import ../default.nix { name ; publicKeys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPvF14bwJtV3r6O4KPydaIHmeiwJAYBs17nGDQUZgd5P alice@artemision" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP7oJjIYNRCRrUlhdGJgst6bzqubbKH0gjZYulQ1eVcZ alice@artemision" ]; } From 164e86468dc0b2299f9de6adad1454b2c5abac30 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Sat, 24 Aug 2024 00:48:40 -0400 Subject: [PATCH 17/66] import all the keys Signed-off-by: ahuston-0 --- systems/palatine-hill/hardware-changes.nix | 66 ++++++++++++---------- 1 file changed, 35 insertions(+), 31 deletions(-) diff --git a/systems/palatine-hill/hardware-changes.nix b/systems/palatine-hill/hardware-changes.nix index 0cedbe9..81bc87c 100644 --- a/systems/palatine-hill/hardware-changes.nix +++ b/systems/palatine-hill/hardware-changes.nix @@ -1,37 +1,41 @@ -{ lib, ... }: +{ lib, pkgs, ... }: { - boot.zfs.requestEncryptionCredentials = lib.mkForce false; - - boot.initrd = { - services.lvm.enable = true; - luks.devices = { - "nixos-pv" = { - device = "/dev/disk/by-uuid/614787a6-784a-4932-b787-cb6424725444"; - preLVM = true; - allowDiscards = true; - }; - }; - - postResumeCommands = '' - # let root mount and everything, then manually unlock stuff - load_zfs_nix() { - local device="/dev/disk/by-uuid/8bfaa32b-09dd-45c8-831e-05e80be82f9e" - local mountPoint="/" - local options="x-initrd.mount,noatime,nodiratime" - local fsType="ext4" - - echo "manually mounting key location, then unmounting" - udevadm settle - - mountFS "$device" "$(escapeFstab "$mountPoint")" "$(escapeFstab "$options")" "$fsType" - - zfs load-key -L "file://$targetRoot/crypto/keys/zfs-nix-store-key" "ZFS-primary/nix" - umount "$targetRoot/" - } - - load_zfs_nix + boot = { + zfs.requestEncryptionCredentials = lib.mkForce false; + postBootCommands = '' + ${pkgs.zfs}/bin/zfs load-key -a ''; + initrd = { + services.lvm.enable = true; + luks.devices = { + "nixos-pv" = { + device = "/dev/disk/by-uuid/614787a6-784a-4932-b787-cb6424725444"; + preLVM = true; + allowDiscards = true; + }; + }; + + postResumeCommands = '' + # let root mount and everything, then manually unlock stuff + load_zfs_nix() { + local device="/dev/disk/by-uuid/8bfaa32b-09dd-45c8-831e-05e80be82f9e" + local mountPoint="/" + local options="x-initrd.mount,noatime,nodiratime" + local fsType="ext4" + + echo "manually mounting key location, then unmounting" + udevadm settle + + mountFS "$device" "$(escapeFstab "$mountPoint")" "$(escapeFstab "$options")" "$fsType" + + zfs load-key -L "file://$targetRoot/crypto/keys/zfs-nix-store-key" "ZFS-primary/nix" + umount "$targetRoot/" + } + + load_zfs_nix + ''; + }; }; fileSystems = { From d140f77246be893f85cd4c58a1a06410777834d3 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Sat, 24 Aug 2024 00:53:43 -0400 Subject: [PATCH 18/66] remove attic Signed-off-by: ahuston-0 --- modules/nix.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nix.nix b/modules/nix.nix index 9912ed7..ea0943c 100644 --- a/modules/nix.nix +++ b/modules/nix.nix @@ -13,7 +13,7 @@ connect-timeout = 20; substituters = [ "https://cache.nixos.org/?priority=1&want-mass-query=true" - "https://attic.alicehuston.xyz/cache-nix-dot?priority=4&want-mass-query=true" + #"https://attic.alicehuston.xyz/cache-nix-dot?priority=4&want-mass-query=true" "https://nix-community.cachix.org/?priority=10&want-mass-query=true" ]; trusted-substituters = [ From 72c617619cc02b68b148daeb4cbab95eb7a78c77 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Sat, 24 Aug 2024 01:07:27 -0400 Subject: [PATCH 19/66] little firewalls everywhere Signed-off-by: ahuston-0 --- modules/base.nix | 2 ++ modules/openssh.nix | 1 + systems/palatine-hill/networking.nix | 1 - 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/base.nix b/modules/base.nix index d9882ba..e1e6793 100644 --- a/modules/base.nix +++ b/modules/base.nix @@ -33,4 +33,6 @@ }; }; }; + + firewall.enable = lib.mkDefault true; } diff --git a/modules/openssh.nix b/modules/openssh.nix index d05b702..ca49822 100644 --- a/modules/openssh.nix +++ b/modules/openssh.nix @@ -2,6 +2,7 @@ { services.openssh = { enable = lib.mkDefault true; + openFirewall = lib.mkDefault true; fixPermissions = true; extraConfig = "StreamLocalBindUnlink yes"; diff --git a/systems/palatine-hill/networking.nix b/systems/palatine-hill/networking.nix index 56556d7..7e8789f 100644 --- a/systems/palatine-hill/networking.nix +++ b/systems/palatine-hill/networking.nix @@ -9,7 +9,6 @@ networking = { hostId = "dc2f9781"; - firewall.enable = false; }; systemd.network = { From df83fa864c3cbe0f562c4c7db8910c91fdc112fb Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Sat, 24 Aug 2024 01:16:09 -0400 Subject: [PATCH 20/66] fix ref to firewall Signed-off-by: ahuston-0 --- modules/base.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/base.nix b/modules/base.nix index e1e6793..14c783f 100644 --- a/modules/base.nix +++ b/modules/base.nix @@ -34,5 +34,5 @@ }; }; - firewall.enable = lib.mkDefault true; + networking.firewall.enable = lib.mkDefault true; } From 94f0d55d85487840706c7e83a2896b1001918746 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Sat, 24 Aug 2024 01:34:05 -0400 Subject: [PATCH 21/66] refactoring woop Signed-off-by: ahuston-0 --- systems/palatine-hill/{attic.nix => attic/default.nix} | 0 systems/palatine-hill/configuration.nix | 3 ++- systems/palatine-hill/haproxy/default.nix | 1 + 3 files changed, 3 insertions(+), 1 deletion(-) rename systems/palatine-hill/{attic.nix => attic/default.nix} (100%) create mode 100644 systems/palatine-hill/haproxy/default.nix diff --git a/systems/palatine-hill/attic.nix b/systems/palatine-hill/attic/default.nix similarity index 100% rename from systems/palatine-hill/attic.nix rename to systems/palatine-hill/attic/default.nix diff --git a/systems/palatine-hill/configuration.nix b/systems/palatine-hill/configuration.nix index 4eacd9b..58ddf98 100644 --- a/systems/palatine-hill/configuration.nix +++ b/systems/palatine-hill/configuration.nix @@ -6,8 +6,9 @@ }: { imports = [ - ./attic.nix + ./attic ./docker.nix + ./haproxy ./hardware-changes.nix ./hydra.nix ./minio.nix diff --git a/systems/palatine-hill/haproxy/default.nix b/systems/palatine-hill/haproxy/default.nix new file mode 100644 index 0000000..c915eb0 --- /dev/null +++ b/systems/palatine-hill/haproxy/default.nix @@ -0,0 +1 @@ +{ ... }: { } From d230b39dd338171589a4604caee339143e83bad9 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Sat, 24 Aug 2024 01:34:41 -0400 Subject: [PATCH 22/66] fix attic-watch-store (refactor) Signed-off-by: ahuston-0 --- systems/palatine-hill/attic/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/palatine-hill/attic/default.nix b/systems/palatine-hill/attic/default.nix index 4641a2b..b95f660 100644 --- a/systems/palatine-hill/attic/default.nix +++ b/systems/palatine-hill/attic/default.nix @@ -114,7 +114,7 @@ serviceConfig = { Type = "oneshot"; User = "root"; - ExecStart = "${config.nix.package}/bin/nix ${./attic/sync-attic.bash}"; + ExecStart = "${config.nix.package}/bin/nix ${./sync-attic.bash}"; }; }; }; From ce7ced5b6e14cd48a1f1d4b8184c70b01e9db061 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Sat, 24 Aug 2024 01:53:50 -0400 Subject: [PATCH 23/66] duplicate value cleanup Signed-off-by: ahuston-0 --- systems/palatine-hill/attic/default.nix | 1 - systems/palatine-hill/hydra.nix | 1 - systems/palatine-hill/minio.nix | 1 - systems/palatine-hill/services.nix | 1 - 4 files changed, 4 deletions(-) diff --git a/systems/palatine-hill/attic/default.nix b/systems/palatine-hill/attic/default.nix index b95f660..fc4e293 100644 --- a/systems/palatine-hill/attic/default.nix +++ b/systems/palatine-hill/attic/default.nix @@ -132,7 +132,6 @@ }; sops = { - defaultSopsFile = ./secrets.yaml; secrets = { "attic/secret-key".owner = "root"; "attic/database-url".owner = "root"; diff --git a/systems/palatine-hill/hydra.nix b/systems/palatine-hill/hydra.nix index a4b40c6..7ad5635 100644 --- a/systems/palatine-hill/hydra.nix +++ b/systems/palatine-hill/hydra.nix @@ -132,7 +132,6 @@ in ]; sops = { - defaultSopsFile = ./secrets.yaml; secrets = { "hydra/environment".owner = "hydra"; "nix-serve/secret-key".owner = "root"; diff --git a/systems/palatine-hill/minio.nix b/systems/palatine-hill/minio.nix index af8fabe..120555a 100644 --- a/systems/palatine-hill/minio.nix +++ b/systems/palatine-hill/minio.nix @@ -14,7 +14,6 @@ in }; sops = { - defaultSopsFile = ./secrets.yaml; secrets = { "minio/credentials" = { owner = "minio"; diff --git a/systems/palatine-hill/services.nix b/systems/palatine-hill/services.nix index ab6b53c..322400f 100644 --- a/systems/palatine-hill/services.nix +++ b/systems/palatine-hill/services.nix @@ -27,7 +27,6 @@ }; }; sops = { - defaultSopsFile = ./secrets.yaml; secrets."server-validation/webhook".owner = "root"; }; } From 56c5deceb957cdd9e33687340a5467343b9a7769 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Sat, 24 Aug 2024 01:54:33 -0400 Subject: [PATCH 24/66] update flake lock Signed-off-by: ahuston-0 --- flake.lock | 96 +++++++++++++++++++++++++++--------------------------- 1 file changed, 48 insertions(+), 48 deletions(-) diff --git a/flake.lock b/flake.lock index 1083353..5fd01a5 100644 --- a/flake.lock +++ b/flake.lock @@ -17,11 +17,11 @@ ] }, "locked": { - "lastModified": 1722472866, - "narHash": "sha256-GJIz4M5HDB948Ex/8cPvbkrNzl/eKUE7/c21JBu4lb8=", + "lastModified": 1724226964, + "narHash": "sha256-cltFh4su2vcFidxKp7LuEgX3ZGLfPy0DCdrQZ/QTe68=", "owner": "zhaofengli", "repo": "attic", - "rev": "e127acbf9a71ebc0c26bc8e28346822e0a6e16ba", + "rev": "6d9aeaef0a067d664cb11bb7704f7ec373d47fb2", "type": "github" }, "original": { @@ -38,11 +38,11 @@ ] }, "locked": { - "lastModified": 1717025063, - "narHash": "sha256-dIubLa56W9sNNz0e8jGxrX3CAkPXsq7snuFA/Ie6dn8=", + "lastModified": 1722960479, + "narHash": "sha256-NhCkJJQhD5GUib8zN9JrmYGMwt4lCRp6ZVNzIiYCl0Y=", "owner": "ipetkov", "repo": "crane", - "rev": "480dff0be03dac0e51a8dfc26e882b0d123a450e", + "rev": "4c6c77920b8d44cd6660c1621dea6b3fc4b4c4f4", "type": "github" }, "original": { @@ -62,11 +62,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1722917006, - "narHash": "sha256-29qBs5HlcegrLP8oQe8T9hHx7u94TEz9ivPwZlorAJU=", + "lastModified": 1724472190, + "narHash": "sha256-t1+LogHyWRUh89u2Xintc/kybDVJOe4OtxWcW2aeC3M=", "owner": "rycee", "repo": "nur-expressions", - "rev": "8552abe55a4f364d94efb84502a550c2c9c3101c", + "rev": "7e7335b5f870ece12ab5c3a8c6c095dddaa1e523", "type": "gitlab" }, "original": { @@ -156,11 +156,11 @@ ] }, "locked": { - "lastModified": 1722936497, - "narHash": "sha256-UBst8PkhY0kqTgdKiR8MtTBt4c1XmjJoOV11efjsC/o=", + "lastModified": 1724435763, + "narHash": "sha256-UNky3lJNGQtUEXT2OY8gMxejakSWPTfWKvpFkpFlAfM=", "owner": "nix-community", "repo": "home-manager", - "rev": "a6c743980e23f4cef6c2a377f9ffab506568413a", + "rev": "c2cd2a52e02f1dfa1c88f95abeb89298d46023be", "type": "github" }, "original": { @@ -218,11 +218,11 @@ ] }, "locked": { - "lastModified": 1722740924, - "narHash": "sha256-UQPgA5d8azLZuDHZMPmvDszhuKF1Ek89SrTRtqsQ4Ss=", + "lastModified": 1723950649, + "narHash": "sha256-dHMkGjwwCGj0c2MKyCjRXVBXq2Sz3TWbbM23AS7/5Hc=", "owner": "Mic92", "repo": "nix-index-database", - "rev": "97ca0a0fca0391de835f57e44f369a283e37890f", + "rev": "392828aafbed62a6ea6ccab13728df2e67481805", "type": "github" }, "original": { @@ -233,11 +233,11 @@ }, "nixlib": { "locked": { - "lastModified": 1722732880, - "narHash": "sha256-do2Mfm3T6SR7a5A804RhjQ+JTsF5hk4JTPGjCTRM/m8=", + "lastModified": 1723942470, + "narHash": "sha256-QdSArN0xKESEOTcv+3kE6yu4B4WX9lupZ4+Htx3RXGg=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "8bebd4c74f368aacb047f0141db09ec6b339733c", + "rev": "531a2e8416a6d8200a53eddfbdb8f2c8dc4a1251", "type": "github" }, "original": { @@ -254,11 +254,11 @@ ] }, "locked": { - "lastModified": 1722819251, - "narHash": "sha256-f99it92NQSZsrZ8AYbiwAUfrtb/ZpZRqUsl4q6rMA5s=", + "lastModified": 1724288137, + "narHash": "sha256-ZsDarezhjZ7kloarJlA2KxTrLHrLVUtLyYcXr/0wbCw=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "c8c3a20b8191819219dba1af79388aa6d555f634", + "rev": "0552f784af9f211481c5dda6df9b918733492826", "type": "github" }, "original": { @@ -269,11 +269,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1722332872, - "narHash": "sha256-2xLM4sc5QBfi0U/AANJAW21Bj4ZX479MHPMPkB+eKBU=", + "lastModified": 1724067415, + "narHash": "sha256-WJBAEFXAtA41RMpK8mvw0cQ62CJkNMBtzcEeNIJV7b0=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "14c333162ba53c02853add87a0000cbd7aa230c2", + "rev": "b09c46430ffcf18d575acf5c339b38ac4e1db5d2", "type": "github" }, "original": { @@ -293,11 +293,11 @@ "search": "search" }, "locked": { - "lastModified": 1722894082, - "narHash": "sha256-TEJNZ/8er454mMv+YyLjWpz3yTPuSi6Nq+Tg0N8E80M=", + "lastModified": 1723969476, + "narHash": "sha256-ln9SBqW8WAkvn/ilX//lISgLB08VgIgVxHXmfkb6jl4=", "owner": "SuperSandro2000", "repo": "nixos-modules", - "rev": "b871b68e76b092dfbc6fad38a8ebea99893be498", + "rev": "da5286bc062adee0e0aaf2bd3b784b477c623422", "type": "github" }, "original": { @@ -308,11 +308,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1722813957, - "narHash": "sha256-IAoYyYnED7P8zrBFMnmp7ydaJfwTnwcnqxUElC1I26Y=", + "lastModified": 1724224976, + "narHash": "sha256-Z/ELQhrSd7bMzTO8r7NZgi9g5emh+aRKoCdaAv5fiO0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "cb9a96f23c491c081b38eab96d22fa958043c9fa", + "rev": "c374d94f1536013ca8e92341b540eba4c22f9c62", "type": "github" }, "original": { @@ -336,11 +336,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1722869614, - "narHash": "sha256-7ojM1KSk3mzutD7SkrdSflHXEujPvW1u7QuqWoTLXQU=", + "lastModified": 1724316499, + "narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "883180e6550c1723395a3a342f830bfc5c371f6b", + "rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841", "type": "github" }, "original": { @@ -392,11 +392,11 @@ ] }, "locked": { - "lastModified": 1722857853, - "narHash": "sha256-3Zx53oz/MSIyevuWO/SumxABkrIvojnB7g9cimxkhiE=", + "lastModified": 1724440431, + "narHash": "sha256-9etXEOUtzeMgqg1u0wp+EdwG7RpmrAZ2yX516bMj2aE=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "06939f6b7ec4d4f465bf3132a05367cccbbf64da", + "rev": "c8a54057aae480c56e28ef3e14e4960628ac495b", "type": "github" }, "original": { @@ -435,11 +435,11 @@ ] }, "locked": { - "lastModified": 1722910815, - "narHash": "sha256-v6Vk/xlABhw2QzOa6xh3Jx/IvmlbKbOazFM+bDFQlWU=", + "lastModified": 1724466314, + "narHash": "sha256-ltKuK6shQ64uej1mYNtBsDYxttUNFiv9AcHqk0+0NQM=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "7df2ac544c203d21b63aac23bfaec7f9b919a733", + "rev": "2b5b3edd96ef336b00622dcabc13788fdef9e3ca", "type": "github" }, "original": { @@ -460,11 +460,11 @@ ] }, "locked": { - "lastModified": 1722493084, - "narHash": "sha256-ktjl908zZKWcGdMyz6kX1kHSg7LFFGPYBvTi9FgQleM=", + "lastModified": 1723367906, + "narHash": "sha256-v1qA4WBGDI2uH/TVqRwuXSBP341W681psbzYJ8zrjog=", "owner": "nuschtos", "repo": "search", - "rev": "3f5abffa5f28b4ac3c9212c81c5e8d2d22876071", + "rev": "6ca2c3ae05a915c160512bd41f6810f456c9b30d", "type": "github" }, "original": { @@ -483,11 +483,11 @@ ] }, "locked": { - "lastModified": 1722897572, - "narHash": "sha256-3m/iyyjCdRBF8xyehf59QlckIcmShyTesymSb+N4Ap4=", + "lastModified": 1723501126, + "narHash": "sha256-N9IcHgj/p1+2Pvk8P4Zc1bfrMwld5PcosVA0nL6IGdE=", "owner": "Mic92", "repo": "sops-nix", - "rev": "8ae477955dfd9cbf5fa4eb82a8db8ddbb94e79d9", + "rev": "be0eec2d27563590194a9206f551a6f73d52fa34", "type": "github" }, "original": { @@ -584,11 +584,11 @@ ] }, "locked": { - "lastModified": 1721535277, - "narHash": "sha256-A6qIy2n3aomj5XooUmqz0s3G/A44Y3+GoFrGxIOolIM=", + "lastModified": 1723726454, + "narHash": "sha256-CdsBLja4rJ7VPvtsivyZm9VFKAt4hzL3jZbKrfiDvsQ=", "owner": "Toqozz", "repo": "wired-notify", - "rev": "d079126c43f22179650f3d4c59f580c5993b9217", + "rev": "946adddcb704806195d976b738066f591b41b7d4", "type": "github" }, "original": { From b62c64796feb2db49e019c199b0fdcabc50e2774 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Sat, 24 Aug 2024 01:56:58 -0400 Subject: [PATCH 25/66] disable kub_net Signed-off-by: ahuston-0 --- modules/kub_net.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/kub_net.nix b/modules/kub_net.nix index e500bc8..5361106 100644 --- a/modules/kub_net.nix +++ b/modules/kub_net.nix @@ -6,7 +6,7 @@ in options = { services.rad-dev.k3s-net = { enable = lib.mkOption { - default = true; + default = false; example = true; description = "Whether to enable k3s-net."; type = lib.types.bool; From 81caeef4f0eeb6d245a47c80c021a2cae57fa573 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Thu, 5 Sep 2024 01:19:07 -0400 Subject: [PATCH 26/66] zsh changes, k8s, disable cache --- flake.nix | 3 --- modules/nix.nix | 4 ---- systems/artemision/hardware.nix | 3 +++ systems/artemision/programs.nix | 9 ++++++++- users/alice/home/git.nix | 1 + users/alice/home/zsh.nix | 4 ++++ 6 files changed, 16 insertions(+), 8 deletions(-) diff --git a/flake.nix b/flake.nix index e5e2f4b..2676282 100644 --- a/flake.nix +++ b/flake.nix @@ -4,7 +4,6 @@ nixConfig = { substituters = [ "https://cache.nixos.org/?priority=1&want-mass-query=true" - #"https://attic.alicehuston.xyz/cache-nix-dot?priority=4&want-mass-query=true" "https://nix-community.cachix.org/?priority=10&want-mass-query=true" ]; trusted-substituters = [ @@ -14,8 +13,6 @@ ]; trusted-public-keys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" - "cache.alicehuston.xyz:SJAm8HJVTWUjwcTTLAoi/5E1gUOJ0GWum2suPPv7CUo=%" - "cache-nix-dot:Od9KN34LXc6Lu7y1ozzV1kIXZa8coClozgth/SYE7dU=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" ]; trusted-users = [ "root" ]; diff --git a/modules/nix.nix b/modules/nix.nix index ea0943c..aaee247 100644 --- a/modules/nix.nix +++ b/modules/nix.nix @@ -13,19 +13,15 @@ connect-timeout = 20; substituters = [ "https://cache.nixos.org/?priority=1&want-mass-query=true" - #"https://attic.alicehuston.xyz/cache-nix-dot?priority=4&want-mass-query=true" "https://nix-community.cachix.org/?priority=10&want-mass-query=true" ]; trusted-substituters = [ "https://cache.nixos.org" - "https://attic.alicehuston.xyz/cache-nix-dot" "https://nix-community.cachix.org" ]; trusted-public-keys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" - "cache.alicehuston.xyz:SJAm8HJVTWUjwcTTLAoi/5E1gUOJ0GWum2suPPv7CUo=%" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - "cache-nix-dot:Od9KN34LXc6Lu7y1ozzV1kIXZa8coClozgth/SYE7dU=" ]; trusted-users = [ "root" diff --git a/systems/artemision/hardware.nix b/systems/artemision/hardware.nix index b151432..18593c6 100644 --- a/systems/artemision/hardware.nix +++ b/systems/artemision/hardware.nix @@ -20,6 +20,9 @@ "usb_storage" "usbhid" "sd_mod" + "ip_vs" + "ip_vs_rr" + "nf_conntrack" ]; initrd.kernelModules = [ "dm-snapshot" diff --git a/systems/artemision/programs.nix b/systems/artemision/programs.nix index 9cabd3f..9c379c1 100644 --- a/systems/artemision/programs.nix +++ b/systems/artemision/programs.nix @@ -28,8 +28,8 @@ git glances gpu-viewer + grapejuice grim - headsetcontrol htop hwloc ipmiview @@ -37,11 +37,15 @@ ipscan jp2a jq + kdenlive kitty + kubectl + kubernetes-helm libtool lsof lynis masterpdfeditor4 + minikube mons # nbt explorer? ncdu @@ -53,6 +57,7 @@ nix-tree nixpkgs-fmt nmap + obs-studio ocrmypdf pciutils #disabled until wxpython compat with python3.12 @@ -70,6 +75,7 @@ # signal in tray? siji simple-mtpfs + skaffold slack slurp smartmontools @@ -93,6 +99,7 @@ wget wl-clipboard xboxdrv + yt-dlp zoom-us zoxide zoom diff --git a/users/alice/home/git.nix b/users/alice/home/git.nix index 9ce2d15..a2ea026 100644 --- a/users/alice/home/git.nix +++ b/users/alice/home/git.nix @@ -26,6 +26,7 @@ push.autosetupremote = true; pull.rebase = true; color.ui = true; + init.defaultBranch = "main"; }; }; } diff --git a/users/alice/home/zsh.nix b/users/alice/home/zsh.nix index 10b346e..e9397ab 100644 --- a/users/alice/home/zsh.nix +++ b/users/alice/home/zsh.nix @@ -12,7 +12,11 @@ "docker" "docker-compose" "colored-man-pages" + "helm" + "kubectl" + "minikube" "rust" + "skaffold" "systemd" "tmux" "ufw" From 945674b2848d52a3d99dc3e3f32715e4b8fbc22f Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Thu, 5 Sep 2024 01:27:56 -0400 Subject: [PATCH 27/66] update flake, remove grapejuice, remove system_tools also temporarily removes hydra jobs --- flake.lock | 237 ++++++++---------------- flake.nix | 12 +- systems/artemision/programs.nix | 1 - systems/palatine-hill/configuration.nix | 1 - systems/palatine-hill/services.nix | 32 ---- 5 files changed, 76 insertions(+), 207 deletions(-) delete mode 100644 systems/palatine-hill/services.nix diff --git a/flake.lock b/flake.lock index 5fd01a5..fb3a6f8 100644 --- a/flake.lock +++ b/flake.lock @@ -6,6 +6,7 @@ "flake-compat": [ "flake-compat" ], + "flake-parts": "flake-parts", "flake-utils": [ "flake-utils" ], @@ -17,11 +18,11 @@ ] }, "locked": { - "lastModified": 1724226964, - "narHash": "sha256-cltFh4su2vcFidxKp7LuEgX3ZGLfPy0DCdrQZ/QTe68=", + "lastModified": 1725300620, + "narHash": "sha256-IdM+pZ6BnmD3o1fTJZ2BD43k7dwi1BbVfLDLpM1nE5s=", "owner": "zhaofengli", "repo": "attic", - "rev": "6d9aeaef0a067d664cb11bb7704f7ec373d47fb2", + "rev": "bea72d75b6165dfb529ba0c39cc6c7e9c7f0d234", "type": "github" }, "original": { @@ -62,11 +63,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1724472190, - "narHash": "sha256-t1+LogHyWRUh89u2Xintc/kybDVJOe4OtxWcW2aeC3M=", + "lastModified": 1725467431, + "narHash": "sha256-eQLdO69XeRTLbUE00Zy2B1vOfclvo0+MPjMoyRQ2nbU=", "owner": "rycee", "repo": "nur-expressions", - "rev": "7e7335b5f870ece12ab5c3a8c6c095dddaa1e523", + "rev": "7386e62c38ffe9669431ec2addcb0f591b66a62f", "type": "gitlab" }, "original": { @@ -92,7 +93,10 @@ }, "flake-parts": { "inputs": { - "nixpkgs-lib": "nixpkgs-lib" + "nixpkgs-lib": [ + "attic", + "nixpkgs" + ] }, "locked": { "lastModified": 1722555600, @@ -108,6 +112,24 @@ "type": "github" } }, + "flake-parts_2": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1725234343, + "narHash": "sha256-+ebgonl3NbiKD2UD0x4BszCZQ6sTfL4xioaM49o5B3Y=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "567b938d64d4b4112ee253b9274472dc3a346eb6", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "flake-utils": { "inputs": { "systems": [ @@ -156,11 +178,11 @@ ] }, "locked": { - "lastModified": 1724435763, - "narHash": "sha256-UNky3lJNGQtUEXT2OY8gMxejakSWPTfWKvpFkpFlAfM=", + "lastModified": 1725180166, + "narHash": "sha256-fzssXuGR/mCeGbzM1ExaTqDz7QDGta3WA4jJsZyRruo=", "owner": "nix-community", "repo": "home-manager", - "rev": "c2cd2a52e02f1dfa1c88f95abeb89298d46023be", + "rev": "471e3eb0a114265bcd62d11d58ba8d3421ee68eb", "type": "github" }, "original": { @@ -176,11 +198,11 @@ ] }, "locked": { - "lastModified": 1722636442, - "narHash": "sha256-+7IS0n3/F0I5j6ZbrVlLcIIPHY3o+/vLAqg/G48sG+w=", + "lastModified": 1725276753, + "narHash": "sha256-kcV2M7xIoQvLRIrMndysM4E0d2zGSwIDejamT4LKnDg=", "owner": "hyprwm", "repo": "contrib", - "rev": "9d67858b437d4a1299be496d371b66fc0d3e01f6", + "rev": "ae618eafa81b596db034c5df1d75d4eddf785824", "type": "github" }, "original": { @@ -189,28 +211,6 @@ "type": "github" } }, - "nix-github-actions": { - "inputs": { - "nixpkgs": [ - "system_tools", - "poetry2nix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1703863825, - "narHash": "sha256-rXwqjtwiGKJheXB43ybM8NwWB8rO2dSRrEqes0S7F5Y=", - "owner": "nix-community", - "repo": "nix-github-actions", - "rev": "5163432afc817cf8bd1f031418d1869e4c9d5547", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nix-github-actions", - "type": "github" - } - }, "nix-index-database": { "inputs": { "nixpkgs": [ @@ -218,11 +218,11 @@ ] }, "locked": { - "lastModified": 1723950649, - "narHash": "sha256-dHMkGjwwCGj0c2MKyCjRXVBXq2Sz3TWbbM23AS7/5Hc=", + "lastModified": 1725161148, + "narHash": "sha256-WfAHq3Ag3vLNFfWxKHjFBFdPI6JIideWFJod9mx1eoo=", "owner": "Mic92", "repo": "nix-index-database", - "rev": "392828aafbed62a6ea6ccab13728df2e67481805", + "rev": "32058e9138248874773630c846563b1a78ee7a5b", "type": "github" }, "original": { @@ -233,11 +233,11 @@ }, "nixlib": { "locked": { - "lastModified": 1723942470, - "narHash": "sha256-QdSArN0xKESEOTcv+3kE6yu4B4WX9lupZ4+Htx3RXGg=", + "lastModified": 1725152544, + "narHash": "sha256-Tm344cnFM9f2YZsgWtJduvhIrvLr3Bi8J4Xc+UZDKYE=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "531a2e8416a6d8200a53eddfbdb8f2c8dc4a1251", + "rev": "7f0b9e4fbd91826cb9ce6babbc11c87903191051", "type": "github" }, "original": { @@ -254,11 +254,11 @@ ] }, "locked": { - "lastModified": 1724288137, - "narHash": "sha256-ZsDarezhjZ7kloarJlA2KxTrLHrLVUtLyYcXr/0wbCw=", + "lastModified": 1725497951, + "narHash": "sha256-fayKyVs/9FQdYH+3SCOkQM1GCsEPPVE+lSiVGlYQ7i0=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "0552f784af9f211481c5dda6df9b918733492826", + "rev": "15a07ebf4a041bf232026263f1f96f2af390f3bc", "type": "github" }, "original": { @@ -269,11 +269,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1724067415, - "narHash": "sha256-WJBAEFXAtA41RMpK8mvw0cQ62CJkNMBtzcEeNIJV7b0=", + "lastModified": 1725477728, + "narHash": "sha256-ahej1VRqKmWbG7gewty+GlrSBEeGY/J2Zy8Nt8+3fdg=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "b09c46430ffcf18d575acf5c339b38ac4e1db5d2", + "rev": "880be1ab837e1e9fe0449dae41ac4d034694d4ce", "type": "github" }, "original": { @@ -293,11 +293,11 @@ "search": "search" }, "locked": { - "lastModified": 1723969476, - "narHash": "sha256-ln9SBqW8WAkvn/ilX//lISgLB08VgIgVxHXmfkb6jl4=", + "lastModified": 1725181790, + "narHash": "sha256-/Z49VwbQQjk4DCRtruSOvgGUVu7a96qpzLdeokoDoak=", "owner": "SuperSandro2000", "repo": "nixos-modules", - "rev": "da5286bc062adee0e0aaf2bd3b784b477c623422", + "rev": "824522bf64bdb8366071613e93363750d9f354a8", "type": "github" }, "original": { @@ -308,11 +308,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1724224976, - "narHash": "sha256-Z/ELQhrSd7bMzTO8r7NZgi9g5emh+aRKoCdaAv5fiO0=", + "lastModified": 1725103162, + "narHash": "sha256-Ym04C5+qovuQDYL/rKWSR+WESseQBbNAe5DsXNx5trY=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c374d94f1536013ca8e92341b540eba4c22f9c62", + "rev": "12228ff1752d7b7624a54e9c1af4b222b3c1073b", "type": "github" }, "original": { @@ -324,23 +324,23 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1722555339, - "narHash": "sha256-uFf2QeW7eAHlYXuDktm9c25OxOyCoUOQmh5SZ9amE5Q=", + "lastModified": 1725233747, + "narHash": "sha256-Ss8QWLXdr2JCBPcYChJhz4xJm+h/xjl4G0c0XlP6a74=", "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/356624c12086a18f2ea2825fed34523d60ccc4e3.tar.gz" }, "original": { "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/356624c12086a18f2ea2825fed34523d60ccc4e3.tar.gz" } }, "nixpkgs-stable": { "locked": { - "lastModified": 1724316499, - "narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=", + "lastModified": 1725001927, + "narHash": "sha256-eV+63gK0Mp7ygCR0Oy4yIYSNcum2VQwnZamHxYTNi+M=", "owner": "nixos", "repo": "nixpkgs", - "rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841", + "rev": "6e99f2a27d600612004fbd2c3282d614bfee6421", "type": "github" }, "original": { @@ -350,34 +350,6 @@ "type": "github" } }, - "poetry2nix": { - "inputs": { - "flake-utils": [ - "system_tools", - "flake-utils" - ], - "nix-github-actions": "nix-github-actions", - "nixpkgs": [ - "system_tools", - "nixpkgs" - ], - "systems": "systems", - "treefmt-nix": "treefmt-nix" - }, - "locked": { - "lastModified": 1723343306, - "narHash": "sha256-/6sRkPq7/5weX2y0V8sQ29Sz35nt8kyj+BsFtkhgbJE=", - "owner": "nix-community", - "repo": "poetry2nix", - "rev": "4a1c112ff0c67f496573dc345bd0b2247818fc29", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "poetry2nix", - "type": "github" - } - }, "pre-commit-hooks": { "inputs": { "flake-compat": [ @@ -392,11 +364,11 @@ ] }, "locked": { - "lastModified": 1724440431, - "narHash": "sha256-9etXEOUtzeMgqg1u0wp+EdwG7RpmrAZ2yX516bMj2aE=", + "lastModified": 1725513492, + "narHash": "sha256-tyMUA6NgJSvvQuzB7A1Sf8+0XCHyfSPRx/b00o6K0uo=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "c8a54057aae480c56e28ef3e14e4960628ac495b", + "rev": "7570de7b9b504cfe92025dd1be797bf546f66528", "type": "github" }, "original": { @@ -410,7 +382,7 @@ "attic": "attic", "firefox-addons": "firefox-addons", "flake-compat": "flake-compat", - "flake-parts": "flake-parts", + "flake-parts": "flake-parts_2", "flake-utils": "flake-utils", "home-manager": "home-manager", "hyprland-contrib": "hyprland-contrib", @@ -423,8 +395,7 @@ "pre-commit-hooks": "pre-commit-hooks", "rust-overlay": "rust-overlay", "sops-nix": "sops-nix", - "system_tools": "system_tools", - "systems": "systems_2", + "systems": "systems", "wired-notify": "wired-notify" } }, @@ -435,11 +406,11 @@ ] }, "locked": { - "lastModified": 1724466314, - "narHash": "sha256-ltKuK6shQ64uej1mYNtBsDYxttUNFiv9AcHqk0+0NQM=", + "lastModified": 1725503082, + "narHash": "sha256-sgIkegun2+PwJEDHlvmADhSbxgjVR+8pYSMuXmB3/do=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "2b5b3edd96ef336b00622dcabc13788fdef9e3ca", + "rev": "17d3930e54a50df2afe52a2d1d1f506edb262bbe", "type": "github" }, "original": { @@ -460,11 +431,11 @@ ] }, "locked": { - "lastModified": 1723367906, - "narHash": "sha256-v1qA4WBGDI2uH/TVqRwuXSBP341W681psbzYJ8zrjog=", + "lastModified": 1724584782, + "narHash": "sha256-7FfHv7b1jwMPSu9SPY9hdxStk8E6EeSwzqdvV69U4BM=", "owner": "nuschtos", "repo": "search", - "rev": "6ca2c3ae05a915c160512bd41f6810f456c9b30d", + "rev": "5a08d691de30b6fc28d58ce71a5e420f2694e087", "type": "github" }, "original": { @@ -483,11 +454,11 @@ ] }, "locked": { - "lastModified": 1723501126, - "narHash": "sha256-N9IcHgj/p1+2Pvk8P4Zc1bfrMwld5PcosVA0nL6IGdE=", + "lastModified": 1725201042, + "narHash": "sha256-lj5pxOwidP0W//E7IvyhbhXrnEUW99I07+QpERnzTS4=", "owner": "Mic92", "repo": "sops-nix", - "rev": "be0eec2d27563590194a9206f551a6f73d52fa34", + "rev": "5db5921e40ae382d6716dce591ea23b0a39d96f7", "type": "github" }, "original": { @@ -496,30 +467,6 @@ "type": "github" } }, - "system_tools": { - "inputs": { - "flake-utils": [ - "flake-utils" - ], - "nixpkgs": [ - "nixpkgs" - ], - "poetry2nix": "poetry2nix" - }, - "locked": { - "lastModified": 1723392261, - "narHash": "sha256-Csa4yuYWcB3aLf7VP14v+Mp0lRzOOCCt9BdmAeeQcYU=", - "owner": "RAD-Development", - "repo": "system_tools", - "rev": "51bcc923b2b3cfb832b05687a01805c5a905b0c9", - "type": "github" - }, - "original": { - "owner": "RAD-Development", - "repo": "system_tools", - "type": "github" - } - }, "systems": { "locked": { "lastModified": 1681028828, @@ -530,44 +477,8 @@ "type": "github" }, "original": { - "id": "systems", - "type": "indirect" - } - }, - "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", "owner": "nix-systems", "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "treefmt-nix": { - "inputs": { - "nixpkgs": [ - "system_tools", - "poetry2nix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1719749022, - "narHash": "sha256-ddPKHcqaKCIFSFc/cvxS14goUhCOAwsM1PbMr0ZtHMg=", - "owner": "numtide", - "repo": "treefmt-nix", - "rev": "8df5ff62195d4e67e2264df0b7f5e8c9995fd0bd", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "treefmt-nix", "type": "github" } }, diff --git a/flake.nix b/flake.nix index 2676282..98741e4 100644 --- a/flake.nix +++ b/flake.nix @@ -1,5 +1,5 @@ { - description = "NixOS configuration for RAD-Development Servers"; + description = "NixOS configuration for my machines"; nixConfig = { substituters = [ @@ -101,14 +101,6 @@ }; }; - system_tools = { - url = "github:RAD-Development/system_tools"; - inputs = { - nixpkgs.follows = "nixpkgs"; - flake-utils.follows = "flake-utils"; - }; - }; - wired-notify = { url = "github:Toqozz/wired-notify"; inputs = { @@ -147,7 +139,7 @@ rec { inherit lib; # for allowing use of custom functions in nix repl - hydraJobs = import ./hydra/jobs.nix { inherit inputs outputs systems; }; + #hydraJobs = import ./hydra/jobs.nix { inherit inputs outputs systems; }; formatter = forEachSystem (system: nixpkgs.legacyPackages.${system}.nixfmt-rfc-style); nixosConfigurations = genSystems inputs outputs src (src + "/systems"); diff --git a/systems/artemision/programs.nix b/systems/artemision/programs.nix index 9c379c1..e50b014 100644 --- a/systems/artemision/programs.nix +++ b/systems/artemision/programs.nix @@ -28,7 +28,6 @@ git glances gpu-viewer - grapejuice grim htop hwloc diff --git a/systems/palatine-hill/configuration.nix b/systems/palatine-hill/configuration.nix index 58ddf98..1c9b253 100644 --- a/systems/palatine-hill/configuration.nix +++ b/systems/palatine-hill/configuration.nix @@ -14,7 +14,6 @@ ./minio.nix ./networking.nix ./nextcloud.nix - ./services.nix ./zfs.nix ]; diff --git a/systems/palatine-hill/services.nix b/systems/palatine-hill/services.nix deleted file mode 100644 index 322400f..0000000 --- a/systems/palatine-hill/services.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ - config, - inputs, - pkgs, - ... -}: -{ - systemd = { - services.startup_validation = { - requires = [ "network-online.target" ]; - after = [ "network-online.target" ]; - wantedBy = [ "multi-user.target" ]; - description = "validates startup"; - path = [ pkgs.zfs ]; - serviceConfig = { - Type = "oneshot"; - EnvironmentFile = config.sops.secrets."server-validation/webhook".path; - ExecStart = "${inputs.system_tools.packages.x86_64-linux.default}/bin/validate_palatine_hill"; - }; - }; - timers.startup_validation = { - wantedBy = [ "timers.target" ]; - timerConfig = { - OnBootSec = "10min"; - Unit = "startup_validation.service"; - }; - }; - }; - sops = { - secrets."server-validation/webhook".owner = "root"; - }; -} From cda8f4abd4e20888e87128560293c8d460edf5a0 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Thu, 5 Sep 2024 01:29:48 -0400 Subject: [PATCH 28/66] fix networking warning on palatine-hill --- systems/palatine-hill/networking.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/systems/palatine-hill/networking.nix b/systems/palatine-hill/networking.nix index 7e8789f..b951746 100644 --- a/systems/palatine-hill/networking.nix +++ b/systems/palatine-hill/networking.nix @@ -9,6 +9,7 @@ networking = { hostId = "dc2f9781"; + useDHCP = false; }; systemd.network = { From 0d9752b738cb057435dccf5ec850c23b5ba949cf Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Thu, 5 Sep 2024 01:30:33 -0400 Subject: [PATCH 29/66] add onefetch --- users/alice/home.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/users/alice/home.nix b/users/alice/home.nix index 4b9b6ae..11a53d8 100644 --- a/users/alice/home.nix +++ b/users/alice/home.nix @@ -57,6 +57,7 @@ wget glances obsidian + onefetch # Rust packages bat From f2bc6ad584b6e04e4a8eb7c5936808fcec9bdbb5 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Thu, 5 Sep 2024 02:03:35 -0400 Subject: [PATCH 30/66] revert previous update --- flake.lock | 237 ++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 163 insertions(+), 74 deletions(-) diff --git a/flake.lock b/flake.lock index fb3a6f8..5fd01a5 100644 --- a/flake.lock +++ b/flake.lock @@ -6,7 +6,6 @@ "flake-compat": [ "flake-compat" ], - "flake-parts": "flake-parts", "flake-utils": [ "flake-utils" ], @@ -18,11 +17,11 @@ ] }, "locked": { - "lastModified": 1725300620, - "narHash": "sha256-IdM+pZ6BnmD3o1fTJZ2BD43k7dwi1BbVfLDLpM1nE5s=", + "lastModified": 1724226964, + "narHash": "sha256-cltFh4su2vcFidxKp7LuEgX3ZGLfPy0DCdrQZ/QTe68=", "owner": "zhaofengli", "repo": "attic", - "rev": "bea72d75b6165dfb529ba0c39cc6c7e9c7f0d234", + "rev": "6d9aeaef0a067d664cb11bb7704f7ec373d47fb2", "type": "github" }, "original": { @@ -63,11 +62,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1725467431, - "narHash": "sha256-eQLdO69XeRTLbUE00Zy2B1vOfclvo0+MPjMoyRQ2nbU=", + "lastModified": 1724472190, + "narHash": "sha256-t1+LogHyWRUh89u2Xintc/kybDVJOe4OtxWcW2aeC3M=", "owner": "rycee", "repo": "nur-expressions", - "rev": "7386e62c38ffe9669431ec2addcb0f591b66a62f", + "rev": "7e7335b5f870ece12ab5c3a8c6c095dddaa1e523", "type": "gitlab" }, "original": { @@ -93,10 +92,7 @@ }, "flake-parts": { "inputs": { - "nixpkgs-lib": [ - "attic", - "nixpkgs" - ] + "nixpkgs-lib": "nixpkgs-lib" }, "locked": { "lastModified": 1722555600, @@ -112,24 +108,6 @@ "type": "github" } }, - "flake-parts_2": { - "inputs": { - "nixpkgs-lib": "nixpkgs-lib" - }, - "locked": { - "lastModified": 1725234343, - "narHash": "sha256-+ebgonl3NbiKD2UD0x4BszCZQ6sTfL4xioaM49o5B3Y=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "567b938d64d4b4112ee253b9274472dc3a346eb6", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, "flake-utils": { "inputs": { "systems": [ @@ -178,11 +156,11 @@ ] }, "locked": { - "lastModified": 1725180166, - "narHash": "sha256-fzssXuGR/mCeGbzM1ExaTqDz7QDGta3WA4jJsZyRruo=", + "lastModified": 1724435763, + "narHash": "sha256-UNky3lJNGQtUEXT2OY8gMxejakSWPTfWKvpFkpFlAfM=", "owner": "nix-community", "repo": "home-manager", - "rev": "471e3eb0a114265bcd62d11d58ba8d3421ee68eb", + "rev": "c2cd2a52e02f1dfa1c88f95abeb89298d46023be", "type": "github" }, "original": { @@ -198,11 +176,11 @@ ] }, "locked": { - "lastModified": 1725276753, - "narHash": "sha256-kcV2M7xIoQvLRIrMndysM4E0d2zGSwIDejamT4LKnDg=", + "lastModified": 1722636442, + "narHash": "sha256-+7IS0n3/F0I5j6ZbrVlLcIIPHY3o+/vLAqg/G48sG+w=", "owner": "hyprwm", "repo": "contrib", - "rev": "ae618eafa81b596db034c5df1d75d4eddf785824", + "rev": "9d67858b437d4a1299be496d371b66fc0d3e01f6", "type": "github" }, "original": { @@ -211,6 +189,28 @@ "type": "github" } }, + "nix-github-actions": { + "inputs": { + "nixpkgs": [ + "system_tools", + "poetry2nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1703863825, + "narHash": "sha256-rXwqjtwiGKJheXB43ybM8NwWB8rO2dSRrEqes0S7F5Y=", + "owner": "nix-community", + "repo": "nix-github-actions", + "rev": "5163432afc817cf8bd1f031418d1869e4c9d5547", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-github-actions", + "type": "github" + } + }, "nix-index-database": { "inputs": { "nixpkgs": [ @@ -218,11 +218,11 @@ ] }, "locked": { - "lastModified": 1725161148, - "narHash": "sha256-WfAHq3Ag3vLNFfWxKHjFBFdPI6JIideWFJod9mx1eoo=", + "lastModified": 1723950649, + "narHash": "sha256-dHMkGjwwCGj0c2MKyCjRXVBXq2Sz3TWbbM23AS7/5Hc=", "owner": "Mic92", "repo": "nix-index-database", - "rev": "32058e9138248874773630c846563b1a78ee7a5b", + "rev": "392828aafbed62a6ea6ccab13728df2e67481805", "type": "github" }, "original": { @@ -233,11 +233,11 @@ }, "nixlib": { "locked": { - "lastModified": 1725152544, - "narHash": "sha256-Tm344cnFM9f2YZsgWtJduvhIrvLr3Bi8J4Xc+UZDKYE=", + "lastModified": 1723942470, + "narHash": "sha256-QdSArN0xKESEOTcv+3kE6yu4B4WX9lupZ4+Htx3RXGg=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "7f0b9e4fbd91826cb9ce6babbc11c87903191051", + "rev": "531a2e8416a6d8200a53eddfbdb8f2c8dc4a1251", "type": "github" }, "original": { @@ -254,11 +254,11 @@ ] }, "locked": { - "lastModified": 1725497951, - "narHash": "sha256-fayKyVs/9FQdYH+3SCOkQM1GCsEPPVE+lSiVGlYQ7i0=", + "lastModified": 1724288137, + "narHash": "sha256-ZsDarezhjZ7kloarJlA2KxTrLHrLVUtLyYcXr/0wbCw=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "15a07ebf4a041bf232026263f1f96f2af390f3bc", + "rev": "0552f784af9f211481c5dda6df9b918733492826", "type": "github" }, "original": { @@ -269,11 +269,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1725477728, - "narHash": "sha256-ahej1VRqKmWbG7gewty+GlrSBEeGY/J2Zy8Nt8+3fdg=", + "lastModified": 1724067415, + "narHash": "sha256-WJBAEFXAtA41RMpK8mvw0cQ62CJkNMBtzcEeNIJV7b0=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "880be1ab837e1e9fe0449dae41ac4d034694d4ce", + "rev": "b09c46430ffcf18d575acf5c339b38ac4e1db5d2", "type": "github" }, "original": { @@ -293,11 +293,11 @@ "search": "search" }, "locked": { - "lastModified": 1725181790, - "narHash": "sha256-/Z49VwbQQjk4DCRtruSOvgGUVu7a96qpzLdeokoDoak=", + "lastModified": 1723969476, + "narHash": "sha256-ln9SBqW8WAkvn/ilX//lISgLB08VgIgVxHXmfkb6jl4=", "owner": "SuperSandro2000", "repo": "nixos-modules", - "rev": "824522bf64bdb8366071613e93363750d9f354a8", + "rev": "da5286bc062adee0e0aaf2bd3b784b477c623422", "type": "github" }, "original": { @@ -308,11 +308,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1725103162, - "narHash": "sha256-Ym04C5+qovuQDYL/rKWSR+WESseQBbNAe5DsXNx5trY=", + "lastModified": 1724224976, + "narHash": "sha256-Z/ELQhrSd7bMzTO8r7NZgi9g5emh+aRKoCdaAv5fiO0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "12228ff1752d7b7624a54e9c1af4b222b3c1073b", + "rev": "c374d94f1536013ca8e92341b540eba4c22f9c62", "type": "github" }, "original": { @@ -324,23 +324,23 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1725233747, - "narHash": "sha256-Ss8QWLXdr2JCBPcYChJhz4xJm+h/xjl4G0c0XlP6a74=", + "lastModified": 1722555339, + "narHash": "sha256-uFf2QeW7eAHlYXuDktm9c25OxOyCoUOQmh5SZ9amE5Q=", "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/356624c12086a18f2ea2825fed34523d60ccc4e3.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz" }, "original": { "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/356624c12086a18f2ea2825fed34523d60ccc4e3.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz" } }, "nixpkgs-stable": { "locked": { - "lastModified": 1725001927, - "narHash": "sha256-eV+63gK0Mp7ygCR0Oy4yIYSNcum2VQwnZamHxYTNi+M=", + "lastModified": 1724316499, + "narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "6e99f2a27d600612004fbd2c3282d614bfee6421", + "rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841", "type": "github" }, "original": { @@ -350,6 +350,34 @@ "type": "github" } }, + "poetry2nix": { + "inputs": { + "flake-utils": [ + "system_tools", + "flake-utils" + ], + "nix-github-actions": "nix-github-actions", + "nixpkgs": [ + "system_tools", + "nixpkgs" + ], + "systems": "systems", + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1723343306, + "narHash": "sha256-/6sRkPq7/5weX2y0V8sQ29Sz35nt8kyj+BsFtkhgbJE=", + "owner": "nix-community", + "repo": "poetry2nix", + "rev": "4a1c112ff0c67f496573dc345bd0b2247818fc29", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "poetry2nix", + "type": "github" + } + }, "pre-commit-hooks": { "inputs": { "flake-compat": [ @@ -364,11 +392,11 @@ ] }, "locked": { - "lastModified": 1725513492, - "narHash": "sha256-tyMUA6NgJSvvQuzB7A1Sf8+0XCHyfSPRx/b00o6K0uo=", + "lastModified": 1724440431, + "narHash": "sha256-9etXEOUtzeMgqg1u0wp+EdwG7RpmrAZ2yX516bMj2aE=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "7570de7b9b504cfe92025dd1be797bf546f66528", + "rev": "c8a54057aae480c56e28ef3e14e4960628ac495b", "type": "github" }, "original": { @@ -382,7 +410,7 @@ "attic": "attic", "firefox-addons": "firefox-addons", "flake-compat": "flake-compat", - "flake-parts": "flake-parts_2", + "flake-parts": "flake-parts", "flake-utils": "flake-utils", "home-manager": "home-manager", "hyprland-contrib": "hyprland-contrib", @@ -395,7 +423,8 @@ "pre-commit-hooks": "pre-commit-hooks", "rust-overlay": "rust-overlay", "sops-nix": "sops-nix", - "systems": "systems", + "system_tools": "system_tools", + "systems": "systems_2", "wired-notify": "wired-notify" } }, @@ -406,11 +435,11 @@ ] }, "locked": { - "lastModified": 1725503082, - "narHash": "sha256-sgIkegun2+PwJEDHlvmADhSbxgjVR+8pYSMuXmB3/do=", + "lastModified": 1724466314, + "narHash": "sha256-ltKuK6shQ64uej1mYNtBsDYxttUNFiv9AcHqk0+0NQM=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "17d3930e54a50df2afe52a2d1d1f506edb262bbe", + "rev": "2b5b3edd96ef336b00622dcabc13788fdef9e3ca", "type": "github" }, "original": { @@ -431,11 +460,11 @@ ] }, "locked": { - "lastModified": 1724584782, - "narHash": "sha256-7FfHv7b1jwMPSu9SPY9hdxStk8E6EeSwzqdvV69U4BM=", + "lastModified": 1723367906, + "narHash": "sha256-v1qA4WBGDI2uH/TVqRwuXSBP341W681psbzYJ8zrjog=", "owner": "nuschtos", "repo": "search", - "rev": "5a08d691de30b6fc28d58ce71a5e420f2694e087", + "rev": "6ca2c3ae05a915c160512bd41f6810f456c9b30d", "type": "github" }, "original": { @@ -454,11 +483,11 @@ ] }, "locked": { - "lastModified": 1725201042, - "narHash": "sha256-lj5pxOwidP0W//E7IvyhbhXrnEUW99I07+QpERnzTS4=", + "lastModified": 1723501126, + "narHash": "sha256-N9IcHgj/p1+2Pvk8P4Zc1bfrMwld5PcosVA0nL6IGdE=", "owner": "Mic92", "repo": "sops-nix", - "rev": "5db5921e40ae382d6716dce591ea23b0a39d96f7", + "rev": "be0eec2d27563590194a9206f551a6f73d52fa34", "type": "github" }, "original": { @@ -467,6 +496,30 @@ "type": "github" } }, + "system_tools": { + "inputs": { + "flake-utils": [ + "flake-utils" + ], + "nixpkgs": [ + "nixpkgs" + ], + "poetry2nix": "poetry2nix" + }, + "locked": { + "lastModified": 1723392261, + "narHash": "sha256-Csa4yuYWcB3aLf7VP14v+Mp0lRzOOCCt9BdmAeeQcYU=", + "owner": "RAD-Development", + "repo": "system_tools", + "rev": "51bcc923b2b3cfb832b05687a01805c5a905b0c9", + "type": "github" + }, + "original": { + "owner": "RAD-Development", + "repo": "system_tools", + "type": "github" + } + }, "systems": { "locked": { "lastModified": 1681028828, @@ -477,8 +530,44 @@ "type": "github" }, "original": { + "id": "systems", + "type": "indirect" + } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", "owner": "nix-systems", "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "system_tools", + "poetry2nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1719749022, + "narHash": "sha256-ddPKHcqaKCIFSFc/cvxS14goUhCOAwsM1PbMr0ZtHMg=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "8df5ff62195d4e67e2264df0b7f5e8c9995fd0bd", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", "type": "github" } }, From 6784cfe8718312c9075e2a931891ce72c14311cc Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Thu, 5 Sep 2024 02:03:52 -0400 Subject: [PATCH 31/66] revert previous update --- flake.lock | 113 +---------------------------------------------------- 1 file changed, 1 insertion(+), 112 deletions(-) diff --git a/flake.lock b/flake.lock index 5fd01a5..d4688ce 100644 --- a/flake.lock +++ b/flake.lock @@ -189,28 +189,6 @@ "type": "github" } }, - "nix-github-actions": { - "inputs": { - "nixpkgs": [ - "system_tools", - "poetry2nix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1703863825, - "narHash": "sha256-rXwqjtwiGKJheXB43ybM8NwWB8rO2dSRrEqes0S7F5Y=", - "owner": "nix-community", - "repo": "nix-github-actions", - "rev": "5163432afc817cf8bd1f031418d1869e4c9d5547", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nix-github-actions", - "type": "github" - } - }, "nix-index-database": { "inputs": { "nixpkgs": [ @@ -350,34 +328,6 @@ "type": "github" } }, - "poetry2nix": { - "inputs": { - "flake-utils": [ - "system_tools", - "flake-utils" - ], - "nix-github-actions": "nix-github-actions", - "nixpkgs": [ - "system_tools", - "nixpkgs" - ], - "systems": "systems", - "treefmt-nix": "treefmt-nix" - }, - "locked": { - "lastModified": 1723343306, - "narHash": "sha256-/6sRkPq7/5weX2y0V8sQ29Sz35nt8kyj+BsFtkhgbJE=", - "owner": "nix-community", - "repo": "poetry2nix", - "rev": "4a1c112ff0c67f496573dc345bd0b2247818fc29", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "poetry2nix", - "type": "github" - } - }, "pre-commit-hooks": { "inputs": { "flake-compat": [ @@ -423,8 +373,7 @@ "pre-commit-hooks": "pre-commit-hooks", "rust-overlay": "rust-overlay", "sops-nix": "sops-nix", - "system_tools": "system_tools", - "systems": "systems_2", + "systems": "systems", "wired-notify": "wired-notify" } }, @@ -496,30 +445,6 @@ "type": "github" } }, - "system_tools": { - "inputs": { - "flake-utils": [ - "flake-utils" - ], - "nixpkgs": [ - "nixpkgs" - ], - "poetry2nix": "poetry2nix" - }, - "locked": { - "lastModified": 1723392261, - "narHash": "sha256-Csa4yuYWcB3aLf7VP14v+Mp0lRzOOCCt9BdmAeeQcYU=", - "owner": "RAD-Development", - "repo": "system_tools", - "rev": "51bcc923b2b3cfb832b05687a01805c5a905b0c9", - "type": "github" - }, - "original": { - "owner": "RAD-Development", - "repo": "system_tools", - "type": "github" - } - }, "systems": { "locked": { "lastModified": 1681028828, @@ -530,44 +455,8 @@ "type": "github" }, "original": { - "id": "systems", - "type": "indirect" - } - }, - "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", "owner": "nix-systems", "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "treefmt-nix": { - "inputs": { - "nixpkgs": [ - "system_tools", - "poetry2nix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1719749022, - "narHash": "sha256-ddPKHcqaKCIFSFc/cvxS14goUhCOAwsM1PbMr0ZtHMg=", - "owner": "numtide", - "repo": "treefmt-nix", - "rev": "8df5ff62195d4e67e2264df0b7f5e8c9995fd0bd", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "treefmt-nix", "type": "github" } }, From 92c47c6f3158bc02fbdc37cd9111a77bb3813e11 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Thu, 5 Sep 2024 02:00:42 -0400 Subject: [PATCH 32/66] cycle gpg keys --- .sops.yaml | 5 ++- systems/artemision/secrets.yaml | 52 ++++++++++++--------- systems/palatine-hill/secrets.yaml | 52 ++++++++++++--------- users/alice/secrets.yaml | 72 +++++++++++++++++------------- 4 files changed, 110 insertions(+), 71 deletions(-) diff --git a/.sops.yaml b/.sops.yaml index 2732bf9..13fcf03 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,7 +1,7 @@ keys: # The PGP keys in keys/ - &admin_alice F63832C3080D6E1AC77EECF80B4245FFE305BC82 - - &admin_richie 29F5017C95D9E60B1B1E8407072B0E0B8312DFE3 + - &admin_alice2 5EFFB75F7C9B74EAA5C4637547940175096C1330 # Generate AGE keys from SSH keys with: # ssh-keygen -A @@ -26,6 +26,7 @@ creation_rules: key_groups: - pgp: - *admin_alice + - *admin_alice2 age: - *palatine-hill - *artemision @@ -35,6 +36,7 @@ creation_rules: key_groups: - pgp: - *admin_alice + - *admin_alice2 age: - *palatine-hill @@ -42,6 +44,7 @@ creation_rules: key_groups: - pgp: - *admin_alice + - *admin_alice2 age: - *artemision diff --git a/systems/artemision/secrets.yaml b/systems/artemision/secrets.yaml index a8d4080..8c33534 100644 --- a/systems/artemision/secrets.yaml +++ b/systems/artemision/secrets.yaml @@ -21,34 +21,46 @@ sops: - recipient: age1jd2dcpykagz20kpk2kkchte3augqncwfn6nywursx0dkfyze6feqdzxkq2 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRZUNHeDdqaGt0QnFIejdM - MU5uaDNiN2xOeVlZNzQyZXZ0R2NYUU83ZWxrCmNDL3J6ZjNmejBuUXk3cldwZUEz - UWVqMTVPelN1MTJDNzc0UU9XNWkralUKLS0tIDU2b053Uk5VZGlWUk9XMXZ5Wllk - UlhhNzNjTHdVaXlPOFJhc0EyZGh3RDQK1c7nctmrorze4Kr0Grmcmx3N/UYXPwJc - FfClOoGxO+4ZDtxG61SDU1UdYae4loQ8roM8jDIPFMfoEum2bT8oXw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxQUlsRm44UFpPMmJFbnRU + Vm9wNXFiRHpibzRXUGpPYmxrRGFlT0kwV2s4CnE2cEFQNmpmaENpMDB3TXA3WTBZ + Z2Y5ZGROM3NhelV1THlXcWZtdWYxV28KLS0tIGxUV2NxOGx4SENvTUsxRVNkUkdq + NW83ZllxWHo1MnNHcGg3NG9lQzM0dncK6HtsXAg8vnELLSaFRz6X5TrWsuIkAfFA + Sq8ld4/P4pmFE90MnRh04F4dVJ70QrHPV2zZzzHHHLK06pemwkGdlQ== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-08-21T00:27:31Z" mac: ENC[AES256_GCM,data:rST3ZwVMS/Us5pufse75X+j1Z2g6Kgb88luYTErBG79IvnoX//GdF7R3JPcQVp2o4rqFO7AU6zvh6PdGZjH3DS28k2iKe1qX1PKxMVihXnFFf8Zh/a/Uc0zvG7nDZ9FrLn4mv98LmKaqSjqsmgycpTY8HgRRaeAo4gXgtOwcF7U=,iv:6mQj3CMCk4yb02HW6y+VyvaHIOS4Dxt5P0krOtQ/pOE=,tag:SQHVH+ZbtdTUsmDRF8oMvA==,type:str] pgp: - - created_at: "2024-03-23T05:46:35Z" + - created_at: "2024-09-05T05:59:59Z" enc: |- -----BEGIN PGP MESSAGE----- - hQIMA84hNUGIgI/nAQ/+IwyPDjs/jDCBlnYFboHh6TXx8ulysESst4hz5crM4L0u - wylKyfEIBx0eLy0mLLA4DhcpYza0Nry5RLdwDNfimhATErfQxnwqlZ6RnYKnh3Hk - 93L66+BEKPd3EZOH+RC/wb0qiTDmU0yna8jtVO0uU7s6//hm/g7bdmQAK0YIJLcb - sd83n99R4oHVrq7iFc74/AV5isW9GcfmvLI94eodFpaE1dpqm4KzNpLueDCOvA/1 - vPo5Lgtp9WM4FhXUqMiplCNqMIt+Hyj3F+p+9jgQ2dLfHuVkI8pzd47gOHyMDYPy - fn6SVKZtOyfNDwhs7L5piiarSXISBGtx36ISDvtvtr/vgMydTdvILIOo9pkSGVtN - 4W7+ywMaFjfAeShTVtUJNJqmp/8agt2WtaUX4kPPha4SxlNSOMpeTQ31bs89gBtc - g2325afL2WPK4NSAOmU8VMXqmFc2A10aFlx5nsfT4S1wkoNbitTWgoAcCa7kGRPW - xZca225cwLUzkggv74cfYT3YnQL40AMSOMqSRS8pbTFEENG1BtsB5A++Jji2i4tO - xoGIL8LRCEfiHpTC7eBwDDVmKb5StgKsXs6yYbQG5XW2W+/Jgum64Sb7+LviQ9Mq - WHNiu5MZPeKyHFu9jI9Ne1HpYJnb7/X9AxFw2e/vFwVn+kjaXcH/PhsYuPUyqkzS - XgG3tFbcgNtMWyoLU2EL1Qvwq1pHVrwmeNXHidESx23HeJtnIwoKkdopl4qqqNle - uQYP89bvb6zFWlqOSwLORZmj1W1wVTYV9eXplDbJob8agBKIcIuhtwri5e96gf4= - =XdJo + hQIMA/3GV3g+HEdPAQ/8CZSMluFpMY9uZEdbtwtWEIawSaTCJl55+0xNVwt0xPBH + v/JHTWPtsW5UCJ7+z7D0slT13vsEjewhhTUO9lGXNXGBfJQ8NP1oq1NHs6v22+PZ + Nbe7fWm3tJ44ic5mITBzj2+3lY3QtOcuXXfbU8X3ZaO0ZFwzUuUSSEaJRYuTixsZ + oUd2eXs56H4omDfkUkyzuuukVDshmWYnuKvpKAJGNCfARYH9bGlCPk26bC3BRWEx + nKZDfoFmdmWtpxMzFvAmH9ODkLrowqGz0ZsAGR9B3OMVN9Iqr4ZFu8bA37Zkrrz6 + VsV1Ru1/dZR5Xcis3QWOAcPWJxJCL7KFS8NLb9VdDYx4UEBJ9ptPxyBORwIz2Ghv + LTr50DzUSyndVWcs4mW3uGrBmHqVnGZV5CxMPvzJFjLIJ5Ibw0nWfOlkTV5mBXtg + NHd+x6mvQmyj8adMUNyPckFG11xqqXUQ9Rtzv49CfNLBgs4U08u3iSi+qCR4zTpt + FFfAF9nplMheN2gbkv9G/CSlAMMabNqZmcKdGwTx7USeSmukc7Fum1SqLjL5wsIn + E6QMnDLdOLOO7MhCfD7osCTE7+UnGf9V/y6wu9tEUp17EYc0FqyK74UUxLjwXuBK + tIMhc4ZPXnLCyJ8SrdwmO+sPOQAqLx4oN9DrDlUMpHjI3ccQP8GsGK5CcRUba/jS + XgGlG6/ltgf9j9DnI5KnOwey1MiSaTLogJ389rQc0E6TVI0qpKPXvtwl2/oC6cfG + dIuJXfRRpteqjis1O7c+V3X/lE6SPQEHGWluGkoZXq4+mCieYMioAou5muXWwKQ= + =gXac -----END PGP MESSAGE----- fp: F63832C3080D6E1AC77EECF80B4245FFE305BC82 + - created_at: "2024-09-05T05:59:59Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DQWNzDMjrP2ISAQdAyv391rYONuDgILtlxbFJRYNvN29bwY8mHm9VTNZGKj8w + tuKsAMrjUQ07V4+0vLlIqXjRJk2DPIHA43jY3asxDwZNYA9cstYwcYaBegStKp+O + 1GgBCQIQtl/y2CJX+hYNQWo8b+r3T2bUbibkGDYhTAzexT23mwmR1cknYvEaCRw0 + n0FPL/N9WJt09T0Xf1PrA3wwqzZTGSwK4UxhselmeubOPcO/fmeddws9X6f6mFXT + c4lKZbQpwKafsA== + =uYBb + -----END PGP MESSAGE----- + fp: 5EFFB75F7C9B74EAA5C4637547940175096C1330 unencrypted_suffix: _unencrypted version: 3.9.0 diff --git a/systems/palatine-hill/secrets.yaml b/systems/palatine-hill/secrets.yaml index 63fc7a2..c0e37f5 100644 --- a/systems/palatine-hill/secrets.yaml +++ b/systems/palatine-hill/secrets.yaml @@ -23,34 +23,46 @@ sops: - recipient: age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArVTd5WENRV3UzbGx6MVRw - OGRJSmZFRlV5cmJsK254dzUxNzhOT25hWERjCkJnTDErMWFEMXBucExjczBsdzU3 - akdrK3FndmgxalRGNUNnaXlNU1Y3NU0KLS0tIGNHWVh0cmlGY2xaYzZ4M0dhTU1j - TkYva25xYUxySkRuL0pPakZRdlhnMnMK/PapdNI40z/pALp9+uaZCIYmpD6uWfN9 - Cl2wD8f8wOuBxI/Mw1hxtJtcF+XubW/Lexjft27lcbuw76N9//ngWA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUZmNheDRnVW1US3NycDF0 + Uy9XckMxNVZtRXl6R1BHVitqenp4Z0xXN1JvCmJkV2dhWlliL2lsUVQzUVl6Qzdk + VzkvS1ZXZHp1Q3hVeDBpU1Fta29pRXMKLS0tIGJGc1l6TzZjTkNzNWd2Q0RwQi92 + TnpjY2wzMHppMm92VVIrbFRkMTVVQ0kK8U+4g91R5N9Kb2DaJ7Jo3GQUA9rbJOa1 + wZM9//l/el5DxkNf0Tya/6tLzutDWigIB8nUpuesu20QLa8PrqchEQ== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-07-07T23:09:33Z" mac: ENC[AES256_GCM,data:nr1JAEr2FGrYtiUhrQFsBPbiR+toxzYRZVPqq7zYBMeNy70a5jMgw6qm37M8Hmt7omO/KePE+Ol27FI9Aqn8OP3CQZoSWZbul+TTItV5UWC84G3MebaesnIiFQwbpM9hz08VoQ1zxUiUFnUY4bBr6okNSyJeqq/QmkkyqhK4Wlo=,iv:0MR7AiQEX2Cl7FUtRlxaY+R2oqSbanIhwaXAN/UnHH0=,tag:RpQCtsuelu3VQVB9HzJE+g==,type:str] pgp: - - created_at: "2024-08-22T04:47:56Z" + - created_at: "2024-09-05T06:00:04Z" enc: |- -----BEGIN PGP MESSAGE----- - hQIMA/3GV3g+HEdPAQ/+PqkO8Jpr3v4NRB6jvlx4pXcrC2uJfZiB+EYamQ9ROqGH - oy9K7DTcn0q8Y0kfMs9AwOo26nSeuZqTRpF9NJw5p19r686Hibbg64FkmCjw8Egj - VPxzVi1GFOJo+hTuesqFJWSRHo5tPnx2mGq1L1oBAAFu43xjKRHAiJUCaAYQpXVz - aBQmr199+JAMIW2laW6SOtBbz+LeeY+1QH4VHOWT2SYzuDh9pW7CvGMKmfI1wy/A - Rh/OWC1rdZmoYHbvf9907qCId9+hnq+ybvsX8NoDhhn00dmHGPpQTVN2NbAoi0PS - N5AqsEeZGP0oYeMJ8Dh3fXNxkGjxZ95w+TpaqPF5Mj2RQVMr6zo0edUYxzgS/nBQ - hI+UufnX0qflciuv95DRPL4BAP4oRHWIClHKp0dWQU19vQPglfoPO2Jd3q8J3tB3 - TsgthVCJYGftlafuDdolofoulOmM2gya/aNvhghlnri+PmBt3b4GI4rDW1IVnIk5 - aIlhyCZ7BJog6RCd/dJts+q+RXdxYxjGGSdpgcGkFJ/EmDpdqpXizdZK5Ws9o7dY - h8M0JErrC5FXyQ27wfaSVugT5dDIflHFM2nqkV8CQlUtCU2voy77/468KHTgPKz/ - Swl2BazGpK3g1x3aMRGTTA5NNDVMDy3HDimRi1IW2Yxf1wDXn3sHS917SVpdaBjS - XgG0FUKo/jmOHQjQTK9/2LvclPAlCdPwbXv/ZUFcvAV225rDyYHMevjlEseq2v1J - 6IU6IB50LT0IbRuLdpLFYYM8NFg2BFJAG0QWTpNCQzagUEbHDWp5vSoOwXdEWbM= - =3GbE + hQIMA/3GV3g+HEdPAQ//b+qxOzgdK1y9nBwNVCSmfqHGFG9xckevXoSRaKqDgJvq + fBCUZDoJZA1A+PlGe5ufHHF7s+r7ou1cxft789OJ2wSEu1HlN57y2WQvErrGstPa + IZ4MS4UFc9Ic0ImpqRKPoUBpfCPujJel//Sg61IGL+bL7L2Get/U03mJ6Y79zIRf + mz+wdzCApDDtHL80KOjL1bjPDBxrvgTw9FxGirYDyM5wykrAaCSd99g7TkK7AdwE + XO92JKHFRs9w567Skuw9JOkLnnMVQlw+gr8eDehZgozqMIV4/EC/LiDU5WYfewUy + hru10OI4LzztjuO9bT69BwIM8OVqkEdoxCWpKqosVdmFV9VXSrUJqbGL1SlXMxN7 + 10SDNtsoVrsP9t8+L1eYrMNOMtgo4fykq4JNaVKQF9haR4Fiw0+B85eV6CrF+lhF + BmLZay4S1C/66TIA5O1WQa+kN68Fhz7UgtnRnMAN1bA/aQ6exYzPvlDebxjSRgSt + DzDEfJlOgjha9l5VhYK+gdRSm9VJ5tzm59KVNow9gmw4Kq4OL5CQ9HzeIYm0ER4X + pahmWBIGcl8lSEcCp+TWIUPwpB1spe62nzQQ214qk3mjXSzi6KccuMORuXDo0ATw + SltCrem2o3T/UgCXUKcvvKkF3DQhudSywtPcsRtRMTyppBTSSLKNkEa+FBAoAw7S + XgG2EVqItArHLClrzVOu/ZFZnsB+zwNwIxUWUxwehhbwEM2kGAGDRqz+9/riIs5B + DTN99fw0f9ruiD6tdQWDz/IkGmYcei3DU6Q5k6Pn56Q1Jyj2ktvP1sxQuwmsW94= + =+NhU -----END PGP MESSAGE----- fp: F63832C3080D6E1AC77EECF80B4245FFE305BC82 + - created_at: "2024-09-05T06:00:04Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DQWNzDMjrP2ISAQdAp8XOoP9nVWm6O8Z2BoN6GAo+H2oEG/j/EOUvtRtCegEw + FOpcpcPbr5nN0oS/WSzWsC/ZdOA7FHUgshYz1zDT99kXRX/Te8jCKuTagKjASq80 + 1GgBCQIQykxkYHaJcp2+489tiyGuzEDLpOLsvCi6QJLhlF2JCepYiNDDfMQkFKHD + se35qeCTR1+22Sv7FU7vqu5Z2iN3+qMYcoB0wyI6Ij7TbYPZ9ix62Caf18V4FxHb + DHHQvNiwaQ2/tA== + =HD// + -----END PGP MESSAGE----- + fp: 5EFFB75F7C9B74EAA5C4637547940175096C1330 unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/users/alice/secrets.yaml b/users/alice/secrets.yaml index ae7dc04..27dd635 100644 --- a/users/alice/secrets.yaml +++ b/users/alice/secrets.yaml @@ -13,52 +13,64 @@ sops: - recipient: age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHWHJqZWlkNDZzMVgxMWxt - SGZXbVBTbnNnWlhYMWUrK1JjajhPYWlxWkdjCkE1a1NxYWVKSUNmSXd1b3R6SDBX - TVk0QUZaUnNyMm5iRitlZmxqd0hMME0KLS0tIE1RSnhrTkQ0ZXI5bFAxVjVtaFY5 - bXZVSkwxNnhCV245dEpkTlhPNncwSG8Kv7nxSMVBv/a/ZyIMZYmE3Cx1AWykxHal - /cuADtu+KoOEM+1iGJMuP2ZfpqXSEAXBb2Zj4tnn+Jy8eGvvndHn5A== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlYkNuSWZLbTV6OHVHYUtX + dm5MY0J4eEhYbktkZVVrSVd6L0l2VjZzMVc4ClRNUFJocGU2K2poNzg3MlIvcndL + VzVPUk13U2xIQ0phemFBQkhtWlpOdE0KLS0tIElpeHYrTFpRSlcwQWZXUXA5ZVZ4 + S3lvb0VUTXo5OGN3Y3dyM0lRZ1NGaDgKBSf4zJsD7eF9/nzikvB0VLY2A1NXPs7i + X9/wslywHCOFMMqExsllhW/BBQQIAYdh4O2ZdOrjfwB0BZFsJzL9Wg== -----END AGE ENCRYPTED FILE----- - recipient: age1jd2dcpykagz20kpk2kkchte3augqncwfn6nywursx0dkfyze6feqdzxkq2 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3eGJyTjdvNTQ2Q1doMHEv - Y01BbFIzZTlRSlA4Qkh1QmFFTlRGUDRzamdRCkh0Ym5FRVJDc3JqOUhRc2IvZEla - OWxsVnp3TTM4YUJ6QzdRbjhsMEVZT28KLS0tIHgydk1kOXh4K0hPSUxRSElnb1kz - RHQveUtwUFcvM2hrc1RnWHBZNFdyRG8K+CaW3iXDHzCKCxiO0id0ywLNdG5gj7XF - 0+iKle8o2HPaoxdYjUSQZgVsD8eOMtML7sU/TAnqwrcWiN27WuFkAw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0TWwraVZyRDFKVG1sUWdE + WTlxaHBidmErd1RUNUVsUUx6YXUzQWlPMkVRCjdTNDlocENzcHFoUjBpZjJiTmFT + bnFNOTFneDMvbmx0MDFwRGdtdGM3Z2MKLS0tIGlqQysxQ3RjTys1R0hmbVJpenln + ZVVKR2NuSDZKUHA4N2MvclhKMEJ6dHcK3sEMicz/rhfyRshxpGx+e5ReEw+lD/7c + nRNunhIZtf+pTBPG7ElD3FOuStCv6DTFXhztqu3Aja+w628bLx37xg== -----END AGE ENCRYPTED FILE----- - recipient: age1t29a6z6cfy8m3cnc8uva0ey833vhcppue8psyumts7mtyf0zufcqvfshuc enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArS3hsYkhJZVdacVllQjgz - Q0JnT1JsWmsraHlxZTBqOC9TZDd2YmVEdHpNCjNTOUNPaW5yUDZvSXRhVW0zcHJH - enNNb2VOUXloVTlXcjIxM2h0UG4wZHcKLS0tIExHaUd2Y3libGR0a2phdE9MWlcv - czhrU1QzdU55Z2R5Vy9JRzgwdjhTOFUKuJTq12VT9gNzgIN0FWsJxEQm0U/bpZd0 - sWtTE7oNlOomtD5wrQOUz8iJ0GNA5oyGvxFW6A6lMw8tzDm8y7MOmA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjU3JaZHJvUHM0b05VdE1E + dHFQU1ZHOWNlSWpsVEMySjMzaWNGVFpUVjJnCklwM3lRYVhKdjJ0L0FMcXZnVXNw + SFoxRFhUeGhEVnZOTllLb2ZxekRWVTgKLS0tIDJSN3FucklieUMrS3NBQUdPMWU4 + YnJRczE0RHpBM0RpbjdkM3BmUTdzT2cKIffP7kl+tuUWdM5Jqw9bacVZhniD9bCj + kF9/HblNay401P265LnBStbXxcTFJFdFGej7nvRr0dUo5sRJLVX/3A== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-08-20T23:15:03Z" mac: ENC[AES256_GCM,data:VnLd4N2l7JTKA7f4eh9EKilW2f8mmEmLc06WbHASOn6N+MIGPHwyLjLbPVECuXiVl95cs0+uWsFOPEbLiS6XTB/gZE1OZMYqk0x7FVkQNxMdWwcVAQnncC6i/cdBTAx+GW1iF6Cf2eLY1wNNiASk/Bz8u3r4UJ4QFXuMovPsfxw=,iv:Cr1bAYrwlK+ClRFDsiUdEIqXDU7onubthDEQDlTM3S4=,tag:EyfcNB0xKrFRjbp517akpg==,type:str] pgp: - - created_at: "2024-08-22T04:54:41Z" + - created_at: "2024-09-05T05:59:35Z" enc: |- -----BEGIN PGP MESSAGE----- - hQIMA/3GV3g+HEdPAQ/+JxMX+qu167TOz6o1Us3dd+sYgJA5Z3lrzRkQHkNt5dvT - mDL7uRKoyEjhHl4RSMxLUpquFialHDvGiF5LkuouC0Ajo28W1rp+6lAl0GG/Ledv - 5N0lhYldIKCJDieeXUSn5hr+0EUIA9Eg5h8lup55oDS147FDk6FwysTFzr/1ybgE - cpLNEg5lliEafBszZ/3rwSZ2e7LvMag4wy4aTCMq+beoacUA6G4K6IO1+kTBeFVt - EGrktRGIXGHJft/JxOF8Kq0jsoQ6fnMMIlAx1c5QnvCAe8TSYLBRLeyAwP3oNrME - pDciQJ4jMxzu0yNsGEuQUW6gAbaCKNG+BLDFhx1B7Yfh1S5Fz+/Z4wuLyaDC1soW - F1j1J3+PCrijEV2Tt+eqipZrP3LrXvNqSla1hjVIkKHrkAGsO/WpqN3lCUxW2xbE - t34DD3RQrXo81RPdHmIMwn84DDyYxwe5ETns9OmDkmMVNTdvmJ+MsGW5c1XMXjfT - k4Pq0ErZswGxTefu+USpaBvRR9YJ8OcBb9a1gs4Kxd7L4qo1NR8ipPej/5esQkji - VgIas10Uz0nSKKCg/4dYDsMQ6N9BadxAk5kK+TdjwCxWVgTLXdsvpfqj0gOAMDG4 - Swgx3jt/AGs4ZS9nr6VCjF04lkzX0UfWYGkD9D7KRewP0lEjAzdzDnhlgvN9KlXS - XgHATRuBC/EdSnhwttoXJ9r8pkoyd6pLsMIhtZ4GkVjhdxpTIoQn9s5Ch+/p+/eO - VzNAuBDbuMU/WPDNgsxA7hwGgwogSyyFHzZkuqBHJPgnPHNpd8thESMURPATxW8= - =IGLA + hQIMA/3GV3g+HEdPAQ/+KWdXOEd1sfP9+/0Yhc1PFzdjr2yYTK2tEcCAMmri0BMD + nMI8OTXgu7b+viZpWAyZAfC7/1h2CHOmOUIwlEartB23AlyqjwUOsDYkXSG9MZkI + 3W87fn29I5igY6wsGbatkzG5S1OsBoQr66hP7w/1Rua17UXmWFOR55RfDwqpK6Qd + e/L93sbOL9cPak/EFNIP0pJJR/eQUqfYRZVzQKE/XrWKpJWfQK1iNae3n9ne0w09 + ECwm+tf9iLzrvEC6hAE2FoG8gRvqFsNxVELzP9o0XQnr+zKuDJu/vN6sqeGgkJ8Q + GQ/lhJMtT2Sef5dzuNPSSOk035k4o9HfCPCr/5pFM/nuW+Uy9jQkUboxepvVf91h + rx5N3bXo2hzdhFIp9HGNQ25HlJG6eF3R10BPP9/wKtRtgQZY+zTbgBdMHvZB/qr1 + m3ou9wasKkpjkC+z/dXM8lShe/J6F3uXMpbofKVcr+IroX2/I8RHUZXKTSk0o8w3 + hZZtcadkp5j5XAV8AnUjFq68ZXVz56lzFF039WSGf9sBCWIhseTmUCjSv+QO9Zcd + B7iAr6+lEuglgM8aME19wPxQu3dj9eRWNWdlwpMjVEnucPvOcIidnXvvRah+lupy + dr6SlTd2dQDK7T15u/VE7Hx0Fo6kA1nsIiQ9A3u1gTY8LPzzWbKQYlrjfMXRKT/S + XgHlnhsvUP2PFHozwmg0AmIL6E+D0tRau/cjPUC1z5iOlwZGLlClcFkgtVozjXs7 + L7VnkjlmgBUfYZLdL1Lf9p79Fc3iP4zizLGr34Aw/6JsbefDALsrTGEEhTNvQuA= + =x21j -----END PGP MESSAGE----- fp: F63832C3080D6E1AC77EECF80B4245FFE305BC82 + - created_at: "2024-09-05T05:59:35Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DQWNzDMjrP2ISAQdAJGw2HnSZ7MQ8gBHzGkIEr5oVsJIIq83l2ZD98/r3uxIw + fFb07OKAwOcLy6YJlQNjKktMQxdwW3hyGxuAPyfT9cdXt9sed3KLzgAZy/vf4ksm + 1GgBCQIQCi8U25A1PgCh1bEWhg5S6nBEtck5bi6migHxINyTICWt38VZ/xOmbNgs + tCdIsCYGbYM4IOvtm+avMawa6ExCaCBoXAeJrf9k00ja/g0ToxrxtdPrNsr928P/ + ECydB5vtljkxIg== + =Alcd + -----END PGP MESSAGE----- + fp: 5EFFB75F7C9B74EAA5C4637547940175096C1330 unencrypted_suffix: _unencrypted version: 3.9.0 From 4e7ff1e02e261c9b848e8f3cfba477741d09f15f Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Thu, 5 Sep 2024 02:02:19 -0400 Subject: [PATCH 33/66] update signing key in git --- users/alice/home/git.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/users/alice/home/git.nix b/users/alice/home/git.nix index a2ea026..24f7c6e 100644 --- a/users/alice/home/git.nix +++ b/users/alice/home/git.nix @@ -4,7 +4,7 @@ programs.git = { enable = true; signing = { - key = "F63832C3080D6E1AC77EECF80B4245FFE305BC82"; + key = "5EFFB75F7C9B74EAA5C4637547940175096C1330"; signByDefault = true; }; userEmail = "aliceghuston@gmail.com"; From 9ce801e14436c02b735152fb5bf737617ba0d415 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Thu, 5 Sep 2024 02:11:06 -0400 Subject: [PATCH 34/66] finish gpg rotation --- .sops.yaml | 6 +-- systems/artemision/secrets.yaml | 44 ++++++-------------- systems/palatine-hill/secrets.yaml | 44 ++++++-------------- users/alice/secrets.yaml | 64 ++++++++++-------------------- 4 files changed, 47 insertions(+), 111 deletions(-) diff --git a/.sops.yaml b/.sops.yaml index 13fcf03..a7fca05 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,7 +1,6 @@ keys: # The PGP keys in keys/ - - &admin_alice F63832C3080D6E1AC77EECF80B4245FFE305BC82 - - &admin_alice2 5EFFB75F7C9B74EAA5C4637547940175096C1330 + - &admin_alice 5EFFB75F7C9B74EAA5C4637547940175096C1330 # Generate AGE keys from SSH keys with: # ssh-keygen -A @@ -26,7 +25,6 @@ creation_rules: key_groups: - pgp: - *admin_alice - - *admin_alice2 age: - *palatine-hill - *artemision @@ -36,7 +34,6 @@ creation_rules: key_groups: - pgp: - *admin_alice - - *admin_alice2 age: - *palatine-hill @@ -44,7 +41,6 @@ creation_rules: key_groups: - pgp: - *admin_alice - - *admin_alice2 age: - *artemision diff --git a/systems/artemision/secrets.yaml b/systems/artemision/secrets.yaml index 8c33534..56f005f 100644 --- a/systems/artemision/secrets.yaml +++ b/systems/artemision/secrets.yaml @@ -21,45 +21,25 @@ sops: - recipient: age1jd2dcpykagz20kpk2kkchte3augqncwfn6nywursx0dkfyze6feqdzxkq2 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxQUlsRm44UFpPMmJFbnRU - Vm9wNXFiRHpibzRXUGpPYmxrRGFlT0kwV2s4CnE2cEFQNmpmaENpMDB3TXA3WTBZ - Z2Y5ZGROM3NhelV1THlXcWZtdWYxV28KLS0tIGxUV2NxOGx4SENvTUsxRVNkUkdq - NW83ZllxWHo1MnNHcGg3NG9lQzM0dncK6HtsXAg8vnELLSaFRz6X5TrWsuIkAfFA - Sq8ld4/P4pmFE90MnRh04F4dVJ70QrHPV2zZzzHHHLK06pemwkGdlQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGZC9aczBZekVGMVRBYlFV + MUpDZFFPRTIzL1hpR25vd2pjZzJnRE12TkhRCjdiV3VxVnJpL2l2OU1rNVE3K2kv + akF1UFNtdDFYdUNIMjVwWitOUDJ1UUEKLS0tIFJkSGU1MC90ZlM0TXJOeWlWTnJT + RFVEMjg4bjd4SUF2SjVWZVNDWlpiR1EKmWM9G8/vb1+GX4zGiIj/So4apfi3wzyp + yGi0T3fen3jzfU38xFZ25Tn0pDTQaSG7PkVKQn9YBJ4pGb9JDPfTjw== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-08-21T00:27:31Z" mac: ENC[AES256_GCM,data:rST3ZwVMS/Us5pufse75X+j1Z2g6Kgb88luYTErBG79IvnoX//GdF7R3JPcQVp2o4rqFO7AU6zvh6PdGZjH3DS28k2iKe1qX1PKxMVihXnFFf8Zh/a/Uc0zvG7nDZ9FrLn4mv98LmKaqSjqsmgycpTY8HgRRaeAo4gXgtOwcF7U=,iv:6mQj3CMCk4yb02HW6y+VyvaHIOS4Dxt5P0krOtQ/pOE=,tag:SQHVH+ZbtdTUsmDRF8oMvA==,type:str] pgp: - - created_at: "2024-09-05T05:59:59Z" + - created_at: "2024-09-05T06:10:45Z" enc: |- -----BEGIN PGP MESSAGE----- - hQIMA/3GV3g+HEdPAQ/8CZSMluFpMY9uZEdbtwtWEIawSaTCJl55+0xNVwt0xPBH - v/JHTWPtsW5UCJ7+z7D0slT13vsEjewhhTUO9lGXNXGBfJQ8NP1oq1NHs6v22+PZ - Nbe7fWm3tJ44ic5mITBzj2+3lY3QtOcuXXfbU8X3ZaO0ZFwzUuUSSEaJRYuTixsZ - oUd2eXs56H4omDfkUkyzuuukVDshmWYnuKvpKAJGNCfARYH9bGlCPk26bC3BRWEx - nKZDfoFmdmWtpxMzFvAmH9ODkLrowqGz0ZsAGR9B3OMVN9Iqr4ZFu8bA37Zkrrz6 - VsV1Ru1/dZR5Xcis3QWOAcPWJxJCL7KFS8NLb9VdDYx4UEBJ9ptPxyBORwIz2Ghv - LTr50DzUSyndVWcs4mW3uGrBmHqVnGZV5CxMPvzJFjLIJ5Ibw0nWfOlkTV5mBXtg - NHd+x6mvQmyj8adMUNyPckFG11xqqXUQ9Rtzv49CfNLBgs4U08u3iSi+qCR4zTpt - FFfAF9nplMheN2gbkv9G/CSlAMMabNqZmcKdGwTx7USeSmukc7Fum1SqLjL5wsIn - E6QMnDLdOLOO7MhCfD7osCTE7+UnGf9V/y6wu9tEUp17EYc0FqyK74UUxLjwXuBK - tIMhc4ZPXnLCyJ8SrdwmO+sPOQAqLx4oN9DrDlUMpHjI3ccQP8GsGK5CcRUba/jS - XgGlG6/ltgf9j9DnI5KnOwey1MiSaTLogJ389rQc0E6TVI0qpKPXvtwl2/oC6cfG - dIuJXfRRpteqjis1O7c+V3X/lE6SPQEHGWluGkoZXq4+mCieYMioAou5muXWwKQ= - =gXac - -----END PGP MESSAGE----- - fp: F63832C3080D6E1AC77EECF80B4245FFE305BC82 - - created_at: "2024-09-05T05:59:59Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - hF4DQWNzDMjrP2ISAQdAyv391rYONuDgILtlxbFJRYNvN29bwY8mHm9VTNZGKj8w - tuKsAMrjUQ07V4+0vLlIqXjRJk2DPIHA43jY3asxDwZNYA9cstYwcYaBegStKp+O - 1GgBCQIQtl/y2CJX+hYNQWo8b+r3T2bUbibkGDYhTAzexT23mwmR1cknYvEaCRw0 - n0FPL/N9WJt09T0Xf1PrA3wwqzZTGSwK4UxhselmeubOPcO/fmeddws9X6f6mFXT - c4lKZbQpwKafsA== - =uYBb + hF4DQWNzDMjrP2ISAQdAVPGTjbrJcO6UTQ9bYOqiVqJMehxGkfNMtgnQQL36mQsw + CznpGVos/aNWRKmt0nkfjHuI0y71foFWt7BB/acKspE5YUu831wgrRbB8TyN69DK + 1GgBCQIQjanvxCPgcaSWLqw2oXXPzTJ1PRJc2UA4kayYIzvOUP9QBoEruDki0GVi + 5n+ZiGGtvx7bihZ1WeJiHcOArPr3xrrrPv6nuAxP05HbSRYhaAU79eOTT1p7MtSO + A0BHgVYuL00FHg== + =Luz2 -----END PGP MESSAGE----- fp: 5EFFB75F7C9B74EAA5C4637547940175096C1330 unencrypted_suffix: _unencrypted diff --git a/systems/palatine-hill/secrets.yaml b/systems/palatine-hill/secrets.yaml index c0e37f5..0ff3f91 100644 --- a/systems/palatine-hill/secrets.yaml +++ b/systems/palatine-hill/secrets.yaml @@ -23,45 +23,25 @@ sops: - recipient: age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUZmNheDRnVW1US3NycDF0 - Uy9XckMxNVZtRXl6R1BHVitqenp4Z0xXN1JvCmJkV2dhWlliL2lsUVQzUVl6Qzdk - VzkvS1ZXZHp1Q3hVeDBpU1Fta29pRXMKLS0tIGJGc1l6TzZjTkNzNWd2Q0RwQi92 - TnpjY2wzMHppMm92VVIrbFRkMTVVQ0kK8U+4g91R5N9Kb2DaJ7Jo3GQUA9rbJOa1 - wZM9//l/el5DxkNf0Tya/6tLzutDWigIB8nUpuesu20QLa8PrqchEQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzcTQ4SVM3dVN4UWZCSXBs + dFo1S0ZyOEM3c3ZtYTcvZlVNYStDdXd0NjB3CjY0NWc4UkVGUk1ZdTBBLyt2L0lX + M0lRbXFwRzFWSTNndC92SU5kSkowb28KLS0tIFhjMnJzZHRoTmJONDk1RjVsRVZq + d241ZnZ2MWg3YVNBbkh2S0NqeE5PdFEKWqnQH4kZszkKZTSgur0c5hGMoMx9zBdz + tSvUbe2+WKX7q6y7XqsD1KjFI+POVDF+YN7H9ja96+JqvKRteXNhCg== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-07-07T23:09:33Z" mac: ENC[AES256_GCM,data:nr1JAEr2FGrYtiUhrQFsBPbiR+toxzYRZVPqq7zYBMeNy70a5jMgw6qm37M8Hmt7omO/KePE+Ol27FI9Aqn8OP3CQZoSWZbul+TTItV5UWC84G3MebaesnIiFQwbpM9hz08VoQ1zxUiUFnUY4bBr6okNSyJeqq/QmkkyqhK4Wlo=,iv:0MR7AiQEX2Cl7FUtRlxaY+R2oqSbanIhwaXAN/UnHH0=,tag:RpQCtsuelu3VQVB9HzJE+g==,type:str] pgp: - - created_at: "2024-09-05T06:00:04Z" + - created_at: "2024-09-05T06:10:49Z" enc: |- -----BEGIN PGP MESSAGE----- - hQIMA/3GV3g+HEdPAQ//b+qxOzgdK1y9nBwNVCSmfqHGFG9xckevXoSRaKqDgJvq - fBCUZDoJZA1A+PlGe5ufHHF7s+r7ou1cxft789OJ2wSEu1HlN57y2WQvErrGstPa - IZ4MS4UFc9Ic0ImpqRKPoUBpfCPujJel//Sg61IGL+bL7L2Get/U03mJ6Y79zIRf - mz+wdzCApDDtHL80KOjL1bjPDBxrvgTw9FxGirYDyM5wykrAaCSd99g7TkK7AdwE - XO92JKHFRs9w567Skuw9JOkLnnMVQlw+gr8eDehZgozqMIV4/EC/LiDU5WYfewUy - hru10OI4LzztjuO9bT69BwIM8OVqkEdoxCWpKqosVdmFV9VXSrUJqbGL1SlXMxN7 - 10SDNtsoVrsP9t8+L1eYrMNOMtgo4fykq4JNaVKQF9haR4Fiw0+B85eV6CrF+lhF - BmLZay4S1C/66TIA5O1WQa+kN68Fhz7UgtnRnMAN1bA/aQ6exYzPvlDebxjSRgSt - DzDEfJlOgjha9l5VhYK+gdRSm9VJ5tzm59KVNow9gmw4Kq4OL5CQ9HzeIYm0ER4X - pahmWBIGcl8lSEcCp+TWIUPwpB1spe62nzQQ214qk3mjXSzi6KccuMORuXDo0ATw - SltCrem2o3T/UgCXUKcvvKkF3DQhudSywtPcsRtRMTyppBTSSLKNkEa+FBAoAw7S - XgG2EVqItArHLClrzVOu/ZFZnsB+zwNwIxUWUxwehhbwEM2kGAGDRqz+9/riIs5B - DTN99fw0f9ruiD6tdQWDz/IkGmYcei3DU6Q5k6Pn56Q1Jyj2ktvP1sxQuwmsW94= - =+NhU - -----END PGP MESSAGE----- - fp: F63832C3080D6E1AC77EECF80B4245FFE305BC82 - - created_at: "2024-09-05T06:00:04Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - hF4DQWNzDMjrP2ISAQdAp8XOoP9nVWm6O8Z2BoN6GAo+H2oEG/j/EOUvtRtCegEw - FOpcpcPbr5nN0oS/WSzWsC/ZdOA7FHUgshYz1zDT99kXRX/Te8jCKuTagKjASq80 - 1GgBCQIQykxkYHaJcp2+489tiyGuzEDLpOLsvCi6QJLhlF2JCepYiNDDfMQkFKHD - se35qeCTR1+22Sv7FU7vqu5Z2iN3+qMYcoB0wyI6Ij7TbYPZ9ix62Caf18V4FxHb - DHHQvNiwaQ2/tA== - =HD// + hF4DQWNzDMjrP2ISAQdAA1DGmMjNYHKHtel++ftsHqmQGqrjfL4VJTe62bEMfXcw + EQmF0itX7ns+GogeYeYaqxa0qraWzzGwsEDJOp+VJMmLPtw5999kdO1PikgyGkcV + 1GgBCQIQd5DwJiXbQ7bFPYPGg8xxEBeDsHYtKo0tv9uQi9Is0nYYHbI8+TuFUv2o + Av5c+/hAX/1D4F8JDTnz7WbEO3X2H7VXNMQKQkYR1Ndds6ueyx1V4kFqQTD5qLG/ + BpnwAmW4i9XVMg== + =2NK4 -----END PGP MESSAGE----- fp: 5EFFB75F7C9B74EAA5C4637547940175096C1330 unencrypted_suffix: _unencrypted diff --git a/users/alice/secrets.yaml b/users/alice/secrets.yaml index 27dd635..ad47251 100644 --- a/users/alice/secrets.yaml +++ b/users/alice/secrets.yaml @@ -13,63 +13,43 @@ sops: - recipient: age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlYkNuSWZLbTV6OHVHYUtX - dm5MY0J4eEhYbktkZVVrSVd6L0l2VjZzMVc4ClRNUFJocGU2K2poNzg3MlIvcndL - VzVPUk13U2xIQ0phemFBQkhtWlpOdE0KLS0tIElpeHYrTFpRSlcwQWZXUXA5ZVZ4 - S3lvb0VUTXo5OGN3Y3dyM0lRZ1NGaDgKBSf4zJsD7eF9/nzikvB0VLY2A1NXPs7i - X9/wslywHCOFMMqExsllhW/BBQQIAYdh4O2ZdOrjfwB0BZFsJzL9Wg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4MktuVFpreWpSQ3htUjRa + akM2WTZQL0F5QWNhVkUxVVA1ampWcktyTkdBCjdoZEo5Y3ZmT0lseENZQ2doL3lW + UlFzcDRMSUxsVWF2OUpPdk5keG5oM0UKLS0tIGZOODA4RE9oZ2dnQ1JOK3NrckFY + UFRHcXVwNE5Qd21QU2loWWsyREU2YUUK+W9PpahNvMMvm5ODP/2zSq9OLlUSaZwL + DF3VrtlWLvT0q+YPCBt1rIGrVRx9T8BgMfjqw1cU5H42JTMqgnFf4Q== -----END AGE ENCRYPTED FILE----- - recipient: age1jd2dcpykagz20kpk2kkchte3augqncwfn6nywursx0dkfyze6feqdzxkq2 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0TWwraVZyRDFKVG1sUWdE - WTlxaHBidmErd1RUNUVsUUx6YXUzQWlPMkVRCjdTNDlocENzcHFoUjBpZjJiTmFT - bnFNOTFneDMvbmx0MDFwRGdtdGM3Z2MKLS0tIGlqQysxQ3RjTys1R0hmbVJpenln - ZVVKR2NuSDZKUHA4N2MvclhKMEJ6dHcK3sEMicz/rhfyRshxpGx+e5ReEw+lD/7c - nRNunhIZtf+pTBPG7ElD3FOuStCv6DTFXhztqu3Aja+w628bLx37xg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1RWtXK2xkczZoRGhuOHFv + RzhveW5mZVNGUjhkb3M2YkYvc0FzemZJa0VFCjVvRnJBZEQ5dTNOeGhUY3RwQmVF + UHk2SGpJbUk3SC92TFpMcGVEUFdNdlEKLS0tIDdKTWpSQllDWXJmQTRTNkJwNUN6 + TDVKMWd2T3EyR2FRbWdkN0IxZU1aUDgKAr/wWRwHL4ozrjwe2WxSsDWMcjoRvOxb + Dak2g6hcDa5CdHFXNen7BP7v+AX15JMWhAFkpnbJD6ZzWdsWG01GOA== -----END AGE ENCRYPTED FILE----- - recipient: age1t29a6z6cfy8m3cnc8uva0ey833vhcppue8psyumts7mtyf0zufcqvfshuc enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjU3JaZHJvUHM0b05VdE1E - dHFQU1ZHOWNlSWpsVEMySjMzaWNGVFpUVjJnCklwM3lRYVhKdjJ0L0FMcXZnVXNw - SFoxRFhUeGhEVnZOTllLb2ZxekRWVTgKLS0tIDJSN3FucklieUMrS3NBQUdPMWU4 - YnJRczE0RHpBM0RpbjdkM3BmUTdzT2cKIffP7kl+tuUWdM5Jqw9bacVZhniD9bCj - kF9/HblNay401P265LnBStbXxcTFJFdFGej7nvRr0dUo5sRJLVX/3A== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByUk5JUEN5cGFvQXlSbWlM + UW55c0ZXWGUrYzlkOG5vTExDbWxkcVp0emdrCnV4VW56YTFDa21YYkdsblRhODNH + NU5TS2Q5K0lQc1dIT2U1RUdBVjM0WDQKLS0tIFRSUld1NnRvSzRQUGdoRUdyRDhh + ZERFTlFyNjhOb3VCaW43ZXFHT1Vxc0UK7YV+BU7dCEOZxpqkQA394eDsnthvorj6 + 7bqrCdeU+6DU7DmFs6++BrNO2tx8vvOa1im+ZGrM/gZAJdv/7R2d6Q== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-08-20T23:15:03Z" mac: ENC[AES256_GCM,data:VnLd4N2l7JTKA7f4eh9EKilW2f8mmEmLc06WbHASOn6N+MIGPHwyLjLbPVECuXiVl95cs0+uWsFOPEbLiS6XTB/gZE1OZMYqk0x7FVkQNxMdWwcVAQnncC6i/cdBTAx+GW1iF6Cf2eLY1wNNiASk/Bz8u3r4UJ4QFXuMovPsfxw=,iv:Cr1bAYrwlK+ClRFDsiUdEIqXDU7onubthDEQDlTM3S4=,tag:EyfcNB0xKrFRjbp517akpg==,type:str] pgp: - - created_at: "2024-09-05T05:59:35Z" + - created_at: "2024-09-05T06:10:22Z" enc: |- -----BEGIN PGP MESSAGE----- - hQIMA/3GV3g+HEdPAQ/+KWdXOEd1sfP9+/0Yhc1PFzdjr2yYTK2tEcCAMmri0BMD - nMI8OTXgu7b+viZpWAyZAfC7/1h2CHOmOUIwlEartB23AlyqjwUOsDYkXSG9MZkI - 3W87fn29I5igY6wsGbatkzG5S1OsBoQr66hP7w/1Rua17UXmWFOR55RfDwqpK6Qd - e/L93sbOL9cPak/EFNIP0pJJR/eQUqfYRZVzQKE/XrWKpJWfQK1iNae3n9ne0w09 - ECwm+tf9iLzrvEC6hAE2FoG8gRvqFsNxVELzP9o0XQnr+zKuDJu/vN6sqeGgkJ8Q - GQ/lhJMtT2Sef5dzuNPSSOk035k4o9HfCPCr/5pFM/nuW+Uy9jQkUboxepvVf91h - rx5N3bXo2hzdhFIp9HGNQ25HlJG6eF3R10BPP9/wKtRtgQZY+zTbgBdMHvZB/qr1 - m3ou9wasKkpjkC+z/dXM8lShe/J6F3uXMpbofKVcr+IroX2/I8RHUZXKTSk0o8w3 - hZZtcadkp5j5XAV8AnUjFq68ZXVz56lzFF039WSGf9sBCWIhseTmUCjSv+QO9Zcd - B7iAr6+lEuglgM8aME19wPxQu3dj9eRWNWdlwpMjVEnucPvOcIidnXvvRah+lupy - dr6SlTd2dQDK7T15u/VE7Hx0Fo6kA1nsIiQ9A3u1gTY8LPzzWbKQYlrjfMXRKT/S - XgHlnhsvUP2PFHozwmg0AmIL6E+D0tRau/cjPUC1z5iOlwZGLlClcFkgtVozjXs7 - L7VnkjlmgBUfYZLdL1Lf9p79Fc3iP4zizLGr34Aw/6JsbefDALsrTGEEhTNvQuA= - =x21j - -----END PGP MESSAGE----- - fp: F63832C3080D6E1AC77EECF80B4245FFE305BC82 - - created_at: "2024-09-05T05:59:35Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - hF4DQWNzDMjrP2ISAQdAJGw2HnSZ7MQ8gBHzGkIEr5oVsJIIq83l2ZD98/r3uxIw - fFb07OKAwOcLy6YJlQNjKktMQxdwW3hyGxuAPyfT9cdXt9sed3KLzgAZy/vf4ksm - 1GgBCQIQCi8U25A1PgCh1bEWhg5S6nBEtck5bi6migHxINyTICWt38VZ/xOmbNgs - tCdIsCYGbYM4IOvtm+avMawa6ExCaCBoXAeJrf9k00ja/g0ToxrxtdPrNsr928P/ - ECydB5vtljkxIg== - =Alcd + hF4DQWNzDMjrP2ISAQdAsKZuBCB8RlxBmAlEjm9E+SClVYtlKlGEwxpp/rXZJhMw + yUKONA7CFw9RIfhyOCEQIMUK1v4zOofJ+KwDDOCySg7inWQwt9MRmNzT/eSvBpzk + 1GgBCQIQzP1qxZbFdqNpVLuW6f6MplUSIRrtIXk55oExkldT2QEaltetRbTf7mwc + KO4l5rUhQBYrGrFWs+HSNJKU3039lYfoTmDyvBYsirYyG7WpPKSlVHjW2Tg93itY + qeyGv1rFUVAanQ== + =PM4s -----END PGP MESSAGE----- fp: 5EFFB75F7C9B74EAA5C4637547940175096C1330 unencrypted_suffix: _unencrypted From 6e23a0b499a2ed6f4d427c45af7399d2369c070e Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Fri, 6 Sep 2024 12:06:42 -0400 Subject: [PATCH 35/66] update flake lock --- flake.lock | 124 +++++++++++++++++++++++++++++++---------------------- 1 file changed, 73 insertions(+), 51 deletions(-) diff --git a/flake.lock b/flake.lock index d4688ce..7320046 100644 --- a/flake.lock +++ b/flake.lock @@ -6,6 +6,7 @@ "flake-compat": [ "flake-compat" ], + "flake-parts": "flake-parts", "flake-utils": [ "flake-utils" ], @@ -17,11 +18,11 @@ ] }, "locked": { - "lastModified": 1724226964, - "narHash": "sha256-cltFh4su2vcFidxKp7LuEgX3ZGLfPy0DCdrQZ/QTe68=", + "lastModified": 1725300620, + "narHash": "sha256-IdM+pZ6BnmD3o1fTJZ2BD43k7dwi1BbVfLDLpM1nE5s=", "owner": "zhaofengli", "repo": "attic", - "rev": "6d9aeaef0a067d664cb11bb7704f7ec373d47fb2", + "rev": "bea72d75b6165dfb529ba0c39cc6c7e9c7f0d234", "type": "github" }, "original": { @@ -62,11 +63,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1724472190, - "narHash": "sha256-t1+LogHyWRUh89u2Xintc/kybDVJOe4OtxWcW2aeC3M=", + "lastModified": 1725467431, + "narHash": "sha256-eQLdO69XeRTLbUE00Zy2B1vOfclvo0+MPjMoyRQ2nbU=", "owner": "rycee", "repo": "nur-expressions", - "rev": "7e7335b5f870ece12ab5c3a8c6c095dddaa1e523", + "rev": "7386e62c38ffe9669431ec2addcb0f591b66a62f", "type": "gitlab" }, "original": { @@ -92,7 +93,10 @@ }, "flake-parts": { "inputs": { - "nixpkgs-lib": "nixpkgs-lib" + "nixpkgs-lib": [ + "attic", + "nixpkgs" + ] }, "locked": { "lastModified": 1722555600, @@ -108,6 +112,24 @@ "type": "github" } }, + "flake-parts_2": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1725234343, + "narHash": "sha256-+ebgonl3NbiKD2UD0x4BszCZQ6sTfL4xioaM49o5B3Y=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "567b938d64d4b4112ee253b9274472dc3a346eb6", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "flake-utils": { "inputs": { "systems": [ @@ -156,11 +178,11 @@ ] }, "locked": { - "lastModified": 1724435763, - "narHash": "sha256-UNky3lJNGQtUEXT2OY8gMxejakSWPTfWKvpFkpFlAfM=", + "lastModified": 1725180166, + "narHash": "sha256-fzssXuGR/mCeGbzM1ExaTqDz7QDGta3WA4jJsZyRruo=", "owner": "nix-community", "repo": "home-manager", - "rev": "c2cd2a52e02f1dfa1c88f95abeb89298d46023be", + "rev": "471e3eb0a114265bcd62d11d58ba8d3421ee68eb", "type": "github" }, "original": { @@ -176,11 +198,11 @@ ] }, "locked": { - "lastModified": 1722636442, - "narHash": "sha256-+7IS0n3/F0I5j6ZbrVlLcIIPHY3o+/vLAqg/G48sG+w=", + "lastModified": 1725551787, + "narHash": "sha256-6LgsZHz8w3g4c9bRUwRAR+WIMwFGGf3P1VZQcKNRf2o=", "owner": "hyprwm", "repo": "contrib", - "rev": "9d67858b437d4a1299be496d371b66fc0d3e01f6", + "rev": "1e531dc49ad36c88b45bf836081a7a2c8927e072", "type": "github" }, "original": { @@ -196,11 +218,11 @@ ] }, "locked": { - "lastModified": 1723950649, - "narHash": "sha256-dHMkGjwwCGj0c2MKyCjRXVBXq2Sz3TWbbM23AS7/5Hc=", + "lastModified": 1725161148, + "narHash": "sha256-WfAHq3Ag3vLNFfWxKHjFBFdPI6JIideWFJod9mx1eoo=", "owner": "Mic92", "repo": "nix-index-database", - "rev": "392828aafbed62a6ea6ccab13728df2e67481805", + "rev": "32058e9138248874773630c846563b1a78ee7a5b", "type": "github" }, "original": { @@ -211,11 +233,11 @@ }, "nixlib": { "locked": { - "lastModified": 1723942470, - "narHash": "sha256-QdSArN0xKESEOTcv+3kE6yu4B4WX9lupZ4+Htx3RXGg=", + "lastModified": 1725152544, + "narHash": "sha256-Tm344cnFM9f2YZsgWtJduvhIrvLr3Bi8J4Xc+UZDKYE=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "531a2e8416a6d8200a53eddfbdb8f2c8dc4a1251", + "rev": "7f0b9e4fbd91826cb9ce6babbc11c87903191051", "type": "github" }, "original": { @@ -232,11 +254,11 @@ ] }, "locked": { - "lastModified": 1724288137, - "narHash": "sha256-ZsDarezhjZ7kloarJlA2KxTrLHrLVUtLyYcXr/0wbCw=", + "lastModified": 1725497951, + "narHash": "sha256-fayKyVs/9FQdYH+3SCOkQM1GCsEPPVE+lSiVGlYQ7i0=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "0552f784af9f211481c5dda6df9b918733492826", + "rev": "15a07ebf4a041bf232026263f1f96f2af390f3bc", "type": "github" }, "original": { @@ -247,11 +269,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1724067415, - "narHash": "sha256-WJBAEFXAtA41RMpK8mvw0cQ62CJkNMBtzcEeNIJV7b0=", + "lastModified": 1725477728, + "narHash": "sha256-ahej1VRqKmWbG7gewty+GlrSBEeGY/J2Zy8Nt8+3fdg=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "b09c46430ffcf18d575acf5c339b38ac4e1db5d2", + "rev": "880be1ab837e1e9fe0449dae41ac4d034694d4ce", "type": "github" }, "original": { @@ -271,11 +293,11 @@ "search": "search" }, "locked": { - "lastModified": 1723969476, - "narHash": "sha256-ln9SBqW8WAkvn/ilX//lISgLB08VgIgVxHXmfkb6jl4=", + "lastModified": 1725181790, + "narHash": "sha256-/Z49VwbQQjk4DCRtruSOvgGUVu7a96qpzLdeokoDoak=", "owner": "SuperSandro2000", "repo": "nixos-modules", - "rev": "da5286bc062adee0e0aaf2bd3b784b477c623422", + "rev": "824522bf64bdb8366071613e93363750d9f354a8", "type": "github" }, "original": { @@ -286,11 +308,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1724224976, - "narHash": "sha256-Z/ELQhrSd7bMzTO8r7NZgi9g5emh+aRKoCdaAv5fiO0=", + "lastModified": 1725432240, + "narHash": "sha256-+yj+xgsfZaErbfYM3T+QvEE2hU7UuE+Jf0fJCJ8uPS0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c374d94f1536013ca8e92341b540eba4c22f9c62", + "rev": "ad416d066ca1222956472ab7d0555a6946746a80", "type": "github" }, "original": { @@ -302,23 +324,23 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1722555339, - "narHash": "sha256-uFf2QeW7eAHlYXuDktm9c25OxOyCoUOQmh5SZ9amE5Q=", + "lastModified": 1725233747, + "narHash": "sha256-Ss8QWLXdr2JCBPcYChJhz4xJm+h/xjl4G0c0XlP6a74=", "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/356624c12086a18f2ea2825fed34523d60ccc4e3.tar.gz" }, "original": { "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/356624c12086a18f2ea2825fed34523d60ccc4e3.tar.gz" } }, "nixpkgs-stable": { "locked": { - "lastModified": 1724316499, - "narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=", + "lastModified": 1725407940, + "narHash": "sha256-tiN5Rlg/jiY0tyky+soJZoRzLKbPyIdlQ77xVgREDNM=", "owner": "nixos", "repo": "nixpkgs", - "rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841", + "rev": "6f6c45b5134a8ee2e465164811e451dcb5ad86e3", "type": "github" }, "original": { @@ -342,11 +364,11 @@ ] }, "locked": { - "lastModified": 1724440431, - "narHash": "sha256-9etXEOUtzeMgqg1u0wp+EdwG7RpmrAZ2yX516bMj2aE=", + "lastModified": 1725513492, + "narHash": "sha256-tyMUA6NgJSvvQuzB7A1Sf8+0XCHyfSPRx/b00o6K0uo=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "c8a54057aae480c56e28ef3e14e4960628ac495b", + "rev": "7570de7b9b504cfe92025dd1be797bf546f66528", "type": "github" }, "original": { @@ -360,7 +382,7 @@ "attic": "attic", "firefox-addons": "firefox-addons", "flake-compat": "flake-compat", - "flake-parts": "flake-parts", + "flake-parts": "flake-parts_2", "flake-utils": "flake-utils", "home-manager": "home-manager", "hyprland-contrib": "hyprland-contrib", @@ -384,11 +406,11 @@ ] }, "locked": { - "lastModified": 1724466314, - "narHash": "sha256-ltKuK6shQ64uej1mYNtBsDYxttUNFiv9AcHqk0+0NQM=", + "lastModified": 1725575741, + "narHash": "sha256-LaW4WaeNIaju+bo7F7/+TK073JqcuoUvhcxzWp/9OrE=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "2b5b3edd96ef336b00622dcabc13788fdef9e3ca", + "rev": "6bf986d20552384209907fa0d5f3fa9a34d00995", "type": "github" }, "original": { @@ -409,11 +431,11 @@ ] }, "locked": { - "lastModified": 1723367906, - "narHash": "sha256-v1qA4WBGDI2uH/TVqRwuXSBP341W681psbzYJ8zrjog=", + "lastModified": 1724584782, + "narHash": "sha256-7FfHv7b1jwMPSu9SPY9hdxStk8E6EeSwzqdvV69U4BM=", "owner": "nuschtos", "repo": "search", - "rev": "6ca2c3ae05a915c160512bd41f6810f456c9b30d", + "rev": "5a08d691de30b6fc28d58ce71a5e420f2694e087", "type": "github" }, "original": { @@ -432,11 +454,11 @@ ] }, "locked": { - "lastModified": 1723501126, - "narHash": "sha256-N9IcHgj/p1+2Pvk8P4Zc1bfrMwld5PcosVA0nL6IGdE=", + "lastModified": 1725540166, + "narHash": "sha256-htc9rsTMSAY5ek+DB3tpntdD/es0eam2hJgO92bWSys=", "owner": "Mic92", "repo": "sops-nix", - "rev": "be0eec2d27563590194a9206f551a6f73d52fa34", + "rev": "d9d781523a1463965cd1e1333a306e70d9feff07", "type": "github" }, "original": { From a86bec551a85e24bec96b5580c82846e3760acef Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Mon, 9 Sep 2024 19:49:33 -0400 Subject: [PATCH 36/66] update flake lock --- flake.lock | 81 ++++++++++++++++++++++++++---------------------------- flake.nix | 2 +- 2 files changed, 40 insertions(+), 43 deletions(-) diff --git a/flake.lock b/flake.lock index 7320046..dbe328c 100644 --- a/flake.lock +++ b/flake.lock @@ -7,9 +7,6 @@ "flake-compat" ], "flake-parts": "flake-parts", - "flake-utils": [ - "flake-utils" - ], "nixpkgs": [ "nixpkgs" ], @@ -18,11 +15,11 @@ ] }, "locked": { - "lastModified": 1725300620, - "narHash": "sha256-IdM+pZ6BnmD3o1fTJZ2BD43k7dwi1BbVfLDLpM1nE5s=", + "lastModified": 1725815284, + "narHash": "sha256-nVWCR86XDjx9Tq6RHsNvhD03nNzIeKKc7UTPnXLyrDY=", "owner": "zhaofengli", "repo": "attic", - "rev": "bea72d75b6165dfb529ba0c39cc6c7e9c7f0d234", + "rev": "aec90814a4ecbc40171d57eeef97c5cab4aaa7b4", "type": "github" }, "original": { @@ -63,11 +60,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1725467431, - "narHash": "sha256-eQLdO69XeRTLbUE00Zy2B1vOfclvo0+MPjMoyRQ2nbU=", + "lastModified": 1725896943, + "narHash": "sha256-lZO7blI+A3MTKePQ5ZDOWhun5kE62f6YVe6NNSbI+S4=", "owner": "rycee", "repo": "nur-expressions", - "rev": "7386e62c38ffe9669431ec2addcb0f591b66a62f", + "rev": "dcdb13af1b383cd8173c6dae0dbe2ea63a584507", "type": "gitlab" }, "original": { @@ -178,11 +175,11 @@ ] }, "locked": { - "lastModified": 1725180166, - "narHash": "sha256-fzssXuGR/mCeGbzM1ExaTqDz7QDGta3WA4jJsZyRruo=", + "lastModified": 1725893417, + "narHash": "sha256-fj2LxTZAncL/s5NrtXe1nLfO0XDvRixtCu3kmV9jDPw=", "owner": "nix-community", "repo": "home-manager", - "rev": "471e3eb0a114265bcd62d11d58ba8d3421ee68eb", + "rev": "10541f19c584fe9633c921903d8c095d5411e041", "type": "github" }, "original": { @@ -218,11 +215,11 @@ ] }, "locked": { - "lastModified": 1725161148, - "narHash": "sha256-WfAHq3Ag3vLNFfWxKHjFBFdPI6JIideWFJod9mx1eoo=", + "lastModified": 1725765290, + "narHash": "sha256-hwX53i24KyWzp2nWpQsn8lfGQNCP0JoW/bvQmcR1DPY=", "owner": "Mic92", "repo": "nix-index-database", - "rev": "32058e9138248874773630c846563b1a78ee7a5b", + "rev": "642275444c5a9defce57219c944b3179bf2adaa9", "type": "github" }, "original": { @@ -233,11 +230,11 @@ }, "nixlib": { "locked": { - "lastModified": 1725152544, - "narHash": "sha256-Tm344cnFM9f2YZsgWtJduvhIrvLr3Bi8J4Xc+UZDKYE=", + "lastModified": 1725757153, + "narHash": "sha256-c1a6iLmCVPFI9EUVMrBN8xdmFxFXEjcVwiTSVmqajOs=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "7f0b9e4fbd91826cb9ce6babbc11c87903191051", + "rev": "68584f89dd0eb16fea5d80ae127f3f681f6a5df7", "type": "github" }, "original": { @@ -254,11 +251,11 @@ ] }, "locked": { - "lastModified": 1725497951, - "narHash": "sha256-fayKyVs/9FQdYH+3SCOkQM1GCsEPPVE+lSiVGlYQ7i0=", + "lastModified": 1725843519, + "narHash": "sha256-Z6DglUwgFDz6fIvQ89wx/uBVWrGvEGECq0Ypyk/eigE=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "15a07ebf4a041bf232026263f1f96f2af390f3bc", + "rev": "214efbd73241d72a8f48b8b9a73bb54895cd51a7", "type": "github" }, "original": { @@ -269,11 +266,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1725477728, - "narHash": "sha256-ahej1VRqKmWbG7gewty+GlrSBEeGY/J2Zy8Nt8+3fdg=", + "lastModified": 1725885300, + "narHash": "sha256-5RLEnou1/GJQl+Wd+Bxaj7QY7FFQ9wjnFq1VNEaxTmc=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "880be1ab837e1e9fe0449dae41ac4d034694d4ce", + "rev": "166dee4f88a7e3ba1b7a243edb1aca822f00680e", "type": "github" }, "original": { @@ -293,11 +290,11 @@ "search": "search" }, "locked": { - "lastModified": 1725181790, - "narHash": "sha256-/Z49VwbQQjk4DCRtruSOvgGUVu7a96qpzLdeokoDoak=", + "lastModified": 1725895123, + "narHash": "sha256-ZKv+11HXbqHHfZSzpsukF1vy52BSVkgUryorsz3nQdI=", "owner": "SuperSandro2000", "repo": "nixos-modules", - "rev": "824522bf64bdb8366071613e93363750d9f354a8", + "rev": "cf494259b6e598f72ec22c233e421093a68c0f2c", "type": "github" }, "original": { @@ -308,11 +305,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1725432240, - "narHash": "sha256-+yj+xgsfZaErbfYM3T+QvEE2hU7UuE+Jf0fJCJ8uPS0=", + "lastModified": 1725634671, + "narHash": "sha256-v3rIhsJBOMLR8e/RNWxr828tB+WywYIoajrZKFM+0Gg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "ad416d066ca1222956472ab7d0555a6946746a80", + "rev": "574d1eac1c200690e27b8eb4e24887f8df7ac27c", "type": "github" }, "original": { @@ -336,11 +333,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1725407940, - "narHash": "sha256-tiN5Rlg/jiY0tyky+soJZoRzLKbPyIdlQ77xVgREDNM=", + "lastModified": 1725826545, + "narHash": "sha256-L64N1rpLlXdc94H+F6scnrbuEu+utC03cDDVvvJGOME=", "owner": "nixos", "repo": "nixpkgs", - "rev": "6f6c45b5134a8ee2e465164811e451dcb5ad86e3", + "rev": "f4c846aee8e1e29062aa8514d5e0ab270f4ec2f9", "type": "github" }, "original": { @@ -406,11 +403,11 @@ ] }, "locked": { - "lastModified": 1725575741, - "narHash": "sha256-LaW4WaeNIaju+bo7F7/+TK073JqcuoUvhcxzWp/9OrE=", + "lastModified": 1725848835, + "narHash": "sha256-u4lCr+tOEWhsFiww5G04U5jUNzaQJi0/ZMIDGiLeT14=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "6bf986d20552384209907fa0d5f3fa9a34d00995", + "rev": "2ef910a6276a2f34513d18f2f826a8dea72c3b3f", "type": "github" }, "original": { @@ -431,11 +428,11 @@ ] }, "locked": { - "lastModified": 1724584782, - "narHash": "sha256-7FfHv7b1jwMPSu9SPY9hdxStk8E6EeSwzqdvV69U4BM=", + "lastModified": 1725400667, + "narHash": "sha256-qawXE81/8DRgCeSGluGPP1qcrqxtSU8UVFVysnfu11A=", "owner": "nuschtos", "repo": "search", - "rev": "5a08d691de30b6fc28d58ce71a5e420f2694e087", + "rev": "9ca36bf5d8de1e51454a255208e6f6bffac24f42", "type": "github" }, "original": { @@ -454,11 +451,11 @@ ] }, "locked": { - "lastModified": 1725540166, - "narHash": "sha256-htc9rsTMSAY5ek+DB3tpntdD/es0eam2hJgO92bWSys=", + "lastModified": 1725922448, + "narHash": "sha256-ruvh8tlEflRPifs5tlpa0gkttzq4UtgXkJQS7FusgFE=", "owner": "Mic92", "repo": "sops-nix", - "rev": "d9d781523a1463965cd1e1333a306e70d9feff07", + "rev": "cede1a08039178ac12957733e97ab1006c6b6892", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 98741e4..4b4efa7 100644 --- a/flake.nix +++ b/flake.nix @@ -32,7 +32,7 @@ nixpkgs.follows = "nixpkgs"; nixpkgs-stable.follows = "nixpkgs-stable"; flake-compat.follows = "flake-compat"; - flake-utils.follows = "flake-utils"; + flake-parts.follows = "flake-parts"; }; }; From 8bfe103cc1fd2f127d37fda4a35dd88ae92ef97e Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Mon, 9 Sep 2024 19:49:56 -0400 Subject: [PATCH 37/66] fix inputs --- flake.lock | 27 ++++----------------------- 1 file changed, 4 insertions(+), 23 deletions(-) diff --git a/flake.lock b/flake.lock index dbe328c..690664e 100644 --- a/flake.lock +++ b/flake.lock @@ -6,7 +6,9 @@ "flake-compat": [ "flake-compat" ], - "flake-parts": "flake-parts", + "flake-parts": [ + "flake-parts" + ], "nixpkgs": [ "nixpkgs" ], @@ -89,27 +91,6 @@ } }, "flake-parts": { - "inputs": { - "nixpkgs-lib": [ - "attic", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1722555600, - "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "8471fe90ad337a8074e957b69ca4d0089218391d", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-parts_2": { "inputs": { "nixpkgs-lib": "nixpkgs-lib" }, @@ -379,7 +360,7 @@ "attic": "attic", "firefox-addons": "firefox-addons", "flake-compat": "flake-compat", - "flake-parts": "flake-parts_2", + "flake-parts": "flake-parts", "flake-utils": "flake-utils", "home-manager": "home-manager", "hyprland-contrib": "hyprland-contrib", From 6bdb3fac831771162e6c7bdd5c04577b743dbe8f Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Mon, 9 Sep 2024 19:50:47 -0400 Subject: [PATCH 38/66] remove bitwarden-rofi --- flake.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/flake.nix b/flake.nix index 4b4efa7..87b7786 100644 --- a/flake.nix +++ b/flake.nix @@ -152,8 +152,5 @@ checks = import ./checks.nix { inherit inputs forEachSystem formatter; }; devShells = import ./shell.nix { inherit inputs forEachSystem checks; }; - packages.bitwarden-rofi = - inputs.nixpkgs.legacyPackages.x86_64-linux.callPackage ./pkgs/bitwarden-rofi - { }; }; } From 3b48708e1535c3821d7ceca21953eebd7376b568 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Mon, 9 Sep 2024 19:52:30 -0400 Subject: [PATCH 39/66] remove bitwarden-rofi --- users/alice/non-server.nix | 99 ++++++++++++++++++-------------------- 1 file changed, 48 insertions(+), 51 deletions(-) diff --git a/users/alice/non-server.nix b/users/alice/non-server.nix index d4421ef..0d4e59e 100644 --- a/users/alice/non-server.nix +++ b/users/alice/non-server.nix @@ -5,62 +5,59 @@ enable = true; package = pkgs.emacs29-pgtk; }; - home.packages = - with pkgs; - [ - cmake - shellcheck - glslang - pipenv - python312Packages.isort - python312Packages.pytest + home.packages = with pkgs; [ + cmake + shellcheck + glslang + pipenv + python312Packages.isort + python312Packages.pytest - # rust tools - trunk - wasm-pack - cargo-tarpaulin - cargo-watch - cargo-generate - diesel-cli - cargo-audit - gitoxide + # rust tools + trunk + wasm-pack + cargo-tarpaulin + cargo-watch + cargo-generate + diesel-cli + cargo-audit + gitoxide - # nix tools - nil - nixfmt-rfc-style - nix-init + # nix tools + nil + nixfmt-rfc-style + nix-init - # markdown - nodePackages.markdownlint-cli + # markdown + nodePackages.markdownlint-cli - # doom emacs dependencies - yaml-language-server - nodePackages.typescript-language-server - nodePackages.bash-language-server - pyright - cmake-language-server - multimarkdown - rustc - cargo - rust-analyzer - clang - clang-tools - wakatime - enchant - nuspell - hunspellDicts.en-us - languagetool + # doom emacs dependencies + yaml-language-server + nodePackages.typescript-language-server + nodePackages.bash-language-server + pyright + cmake-language-server + multimarkdown + rustc + cargo + rust-analyzer + clang + clang-tools + wakatime + enchant + nuspell + hunspellDicts.en-us + languagetool - # dependencies for nix-dotfiles/hydra-check-action - nodejs_20 - nodePackages.prettier - treefmt + # dependencies for nix-dotfiles/hydra-check-action + nodejs_20 + nodePackages.prettier + treefmt - nextcloud-client - bitwarden-cli - bitwarden-menu - wtype + nextcloud-client + bitwarden-cli + bitwarden-menu + wtype - ] - ++ [ outputs.packages.bitwarden-rofi ]; + ]; } From a575773145c2517ca9e35cab43f90d3b96e57703 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Mon, 9 Sep 2024 19:52:52 -0400 Subject: [PATCH 40/66] add manual update script --- utils/manual-update.sh | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100755 utils/manual-update.sh diff --git a/utils/manual-update.sh b/utils/manual-update.sh new file mode 100755 index 0000000..ed5c5ca --- /dev/null +++ b/utils/manual-update.sh @@ -0,0 +1,11 @@ +#!/usr/bin/env bash + +set -e +set -v +set -x + +git checkout main +git branch -D update_flake_lock_action || true +git checkout -b update_flake_lock_action +nix flake update +nix flake check From b43144cc17415a6ae98cd7236238370f35b3fd8d Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Sun, 15 Sep 2024 15:11:04 -0400 Subject: [PATCH 41/66] update flake --- flake.lock | 72 ++++++++++++++++++------------------- systems/artemision/wifi.nix | 18 +++++----- 2 files changed, 45 insertions(+), 45 deletions(-) diff --git a/flake.lock b/flake.lock index 690664e..36b8c93 100644 --- a/flake.lock +++ b/flake.lock @@ -17,11 +17,11 @@ ] }, "locked": { - "lastModified": 1725815284, - "narHash": "sha256-nVWCR86XDjx9Tq6RHsNvhD03nNzIeKKc7UTPnXLyrDY=", + "lastModified": 1726069220, + "narHash": "sha256-dAUWlC8uMJX9iovycfvJcg5nm3PzqJIRAOwN4z322zM=", "owner": "zhaofengli", "repo": "attic", - "rev": "aec90814a4ecbc40171d57eeef97c5cab4aaa7b4", + "rev": "416687e59c4f0b32742423458cab2c5ff8fe748a", "type": "github" }, "original": { @@ -62,11 +62,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1725896943, - "narHash": "sha256-lZO7blI+A3MTKePQ5ZDOWhun5kE62f6YVe6NNSbI+S4=", + "lastModified": 1726372998, + "narHash": "sha256-JPFENJ3kiEm06AhXLM6lZGQ1EJSwVwJQcdM/6PFqMRs=", "owner": "rycee", "repo": "nur-expressions", - "rev": "dcdb13af1b383cd8173c6dae0dbe2ea63a584507", + "rev": "e8d764f10084bb5ba96300adbb9b3e82550347e9", "type": "gitlab" }, "original": { @@ -95,11 +95,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1725234343, - "narHash": "sha256-+ebgonl3NbiKD2UD0x4BszCZQ6sTfL4xioaM49o5B3Y=", + "lastModified": 1726153070, + "narHash": "sha256-HO4zgY0ekfwO5bX0QH/3kJ/h4KvUDFZg8YpkNwIbg1U=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "567b938d64d4b4112ee253b9274472dc3a346eb6", + "rev": "bcef6817a8b2aa20a5a6dbb19b43e63c5bf8619a", "type": "github" }, "original": { @@ -156,11 +156,11 @@ ] }, "locked": { - "lastModified": 1725893417, - "narHash": "sha256-fj2LxTZAncL/s5NrtXe1nLfO0XDvRixtCu3kmV9jDPw=", + "lastModified": 1726357542, + "narHash": "sha256-p4OrJL2weh0TRtaeu1fmNYP6+TOp/W2qdaIJxxQay4c=", "owner": "nix-community", "repo": "home-manager", - "rev": "10541f19c584fe9633c921903d8c095d5411e041", + "rev": "e524c57b1fa55d6ca9d8354c6ce1e538d2a1f47f", "type": "github" }, "original": { @@ -196,11 +196,11 @@ ] }, "locked": { - "lastModified": 1725765290, - "narHash": "sha256-hwX53i24KyWzp2nWpQsn8lfGQNCP0JoW/bvQmcR1DPY=", + "lastModified": 1726370017, + "narHash": "sha256-CJOV4JiLhd++w9K+h2z00DiB4R1CCuElWzhldrXSq5w=", "owner": "Mic92", "repo": "nix-index-database", - "rev": "642275444c5a9defce57219c944b3179bf2adaa9", + "rev": "0a2fba621b6bbf06be0b4edd974236e3d2fcc1a9", "type": "github" }, "original": { @@ -232,11 +232,11 @@ ] }, "locked": { - "lastModified": 1725843519, - "narHash": "sha256-Z6DglUwgFDz6fIvQ89wx/uBVWrGvEGECq0Ypyk/eigE=", + "lastModified": 1726102718, + "narHash": "sha256-u89QyfjtXryLHrO3Wre4kuWK5KDKiXe8lgRi6+cUOEw=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "214efbd73241d72a8f48b8b9a73bb54895cd51a7", + "rev": "5ae384b83b91080f0fead6bc1add1cff8277cb3f", "type": "github" }, "original": { @@ -271,11 +271,11 @@ "search": "search" }, "locked": { - "lastModified": 1725895123, - "narHash": "sha256-ZKv+11HXbqHHfZSzpsukF1vy52BSVkgUryorsz3nQdI=", + "lastModified": 1726392876, + "narHash": "sha256-+3AevmxWvC/H4I9TWAJSa+Y6QDY2+2cSZiSrOkLGJ/8=", "owner": "SuperSandro2000", "repo": "nixos-modules", - "rev": "cf494259b6e598f72ec22c233e421093a68c0f2c", + "rev": "fb562371c3773fc1554cf450c93db35c377f4b3b", "type": "github" }, "original": { @@ -286,11 +286,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1725634671, - "narHash": "sha256-v3rIhsJBOMLR8e/RNWxr828tB+WywYIoajrZKFM+0Gg=", + "lastModified": 1726243404, + "narHash": "sha256-sjiGsMh+1cWXb53Tecsm4skyFNag33GPbVgCdfj3n9I=", "owner": "nixos", "repo": "nixpkgs", - "rev": "574d1eac1c200690e27b8eb4e24887f8df7ac27c", + "rev": "345c263f2f53a3710abe117f28a5cb86d0ba4059", "type": "github" }, "original": { @@ -314,11 +314,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1725826545, - "narHash": "sha256-L64N1rpLlXdc94H+F6scnrbuEu+utC03cDDVvvJGOME=", + "lastModified": 1726320982, + "narHash": "sha256-RuVXUwcYwaUeks6h3OLrEmg14z9aFXdWppTWPMTwdQw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "f4c846aee8e1e29062aa8514d5e0ab270f4ec2f9", + "rev": "8f7492cce28977fbf8bd12c72af08b1f6c7c3e49", "type": "github" }, "original": { @@ -384,11 +384,11 @@ ] }, "locked": { - "lastModified": 1725848835, - "narHash": "sha256-u4lCr+tOEWhsFiww5G04U5jUNzaQJi0/ZMIDGiLeT14=", + "lastModified": 1726382494, + "narHash": "sha256-T7W+ohiXe1IY0yf/PpS4wQItZ0SyRO+/v8kqNpMXlI4=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "2ef910a6276a2f34513d18f2f826a8dea72c3b3f", + "rev": "ff13821613ffe5dbfeb4fe353b1f4bf291d831db", "type": "github" }, "original": { @@ -409,11 +409,11 @@ ] }, "locked": { - "lastModified": 1725400667, - "narHash": "sha256-qawXE81/8DRgCeSGluGPP1qcrqxtSU8UVFVysnfu11A=", + "lastModified": 1726208959, + "narHash": "sha256-Bq2YtXyHhDpBrqDlJysQgbhvauyiYTQXt7d6xxZdRck=", "owner": "nuschtos", "repo": "search", - "rev": "9ca36bf5d8de1e51454a255208e6f6bffac24f42", + "rev": "4267d5c5b51591a9553eefbd12172da050ee3433", "type": "github" }, "original": { @@ -432,11 +432,11 @@ ] }, "locked": { - "lastModified": 1725922448, - "narHash": "sha256-ruvh8tlEflRPifs5tlpa0gkttzq4UtgXkJQS7FusgFE=", + "lastModified": 1726218807, + "narHash": "sha256-z7CoWbSOtsOz8TmRKDnobURkKfv6nPZCo3ayolNuQGc=", "owner": "Mic92", "repo": "sops-nix", - "rev": "cede1a08039178ac12957733e97ab1006c6b6892", + "rev": "f30b1bac192e2dc252107ac8a59a03ad25e1b96e", "type": "github" }, "original": { diff --git a/systems/artemision/wifi.nix b/systems/artemision/wifi.nix index d431ffa..9223502 100644 --- a/systems/artemision/wifi.nix +++ b/systems/artemision/wifi.nix @@ -6,23 +6,23 @@ in { networking.wireless = { enable = true; - environmentFile = config.sops.secrets."wifi-env".path; + secretsFile = config.sops.secrets."wifi-env".path; userControlled.enable = true; networks = { "taetaethegae-2.0" = { - psk = "@PASS_taetaethegae_20@"; + psk = "ext:PASS_taetaethegae_20"; priority = home; }; "k" = { - psk = "@PASS_k@"; + psk = "ext:PASS_k"; priority = always; }; - "Bloomfield".psk = "@PASS_bloomfield@"; - "9872441500".psk = "@PASS_longboat_home@"; - "9872441561".psk = "@PASS_longboat_home@"; - "5HuFios".psk = "@PASS_longboat_home@"; - "24HuFios".psk = "@PASS_longboat_home@"; - "Verizon_ZLHQ3H".psk = "@PASS_angie@"; + "Bloomfield".psk = "ext:PASS_bloomfield"; + "9872441500".psk = "ext:PASS_longboat_home"; + "9872441561".psk = "ext:PASS_longboat_home"; + "5HuFios".psk = "ext:PASS_longboat_home"; + "24HuFios".psk = "ext:PASS_longboat_home"; + "Verizon_ZLHQ3H".psk = "ext:PASS_angie"; "optimumwifi" = { }; "CableWiFi" = { }; "JPMCVisitor" = { }; From 46fcbccdd8eaefe4e1e9122b59337bac78593cf0 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Fri, 20 Sep 2024 09:52:50 -0400 Subject: [PATCH 42/66] test patch --- flake.lock | 12 ++++++------ flake.nix | 3 ++- systems/artemision/secrets.yaml | 6 +++--- 3 files changed, 11 insertions(+), 10 deletions(-) diff --git a/flake.lock b/flake.lock index 36b8c93..5154929 100644 --- a/flake.lock +++ b/flake.lock @@ -286,16 +286,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1726243404, - "narHash": "sha256-sjiGsMh+1cWXb53Tecsm4skyFNag33GPbVgCdfj3n9I=", - "owner": "nixos", + "lastModified": 1726668377, + "narHash": "sha256-M+e6hbPy9YF8/Gb6EmmvkL0HGcz51jdRJKv3xrp9g1s=", + "owner": "rnhmjoj", "repo": "nixpkgs", - "rev": "345c263f2f53a3710abe117f28a5cb86d0ba4059", + "rev": "98c67f661daa23112cef0bedffebf9f285f24dbe", "type": "github" }, "original": { - "owner": "nixos", - "ref": "nixos-unstable", + "owner": "rnhmjoj", + "ref": "pr-wpa-fix", "repo": "nixpkgs", "type": "github" } diff --git a/flake.nix b/flake.nix index 87b7786..ee8a0a6 100644 --- a/flake.nix +++ b/flake.nix @@ -22,7 +22,8 @@ flake-compat.url = "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"; flake-parts.url = "github:hercules-ci/flake-parts"; nixos-hardware.url = "github:NixOS/nixos-hardware"; - nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + #nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + nixpkgs.url = "github:rnhmjoj/nixpkgs/pr-wpa-fix"; nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.05"; systems.url = "github:nix-systems/default"; diff --git a/systems/artemision/secrets.yaml b/systems/artemision/secrets.yaml index 56f005f..63d7cda 100644 --- a/systems/artemision/secrets.yaml +++ b/systems/artemision/secrets.yaml @@ -10,7 +10,7 @@ example_booleans: - ENC[AES256_GCM,data:gEvfi+Q=,iv:0DrXoZk8OkdUShc7WAKOL8xG26RFZp3M3qYFAb1hDAs=,tag:uemBrdF87nrfLpfnQ8bD8g==,type:bool] apps: spotify: ENC[AES256_GCM,data:bp1pdOfS+VGWLtepUjg7KFWw8Fk=,iv:twGO3CjzRxAU81C93mX8qIEZ/FYIQRJnMd2HIuvP9q8=,tag:AJgs0QGFH30E8+ZpaB02TQ==,type:str] -wifi-env: ENC[AES256_GCM,data:H9rGALffVG0tzRl8cf/vu9f0b8h+9Iaew4oYnyrD1NNWwPpotP6jf+JOVBub9u9Iv6gc5IzE59WWhWJKF383zNcz+sDCGxcwaf54yr4x0bhX7HkrQyeQyJtlTa1ceqsTEKR0ejrSujyiQwJDl2xAnjLima5LuUJyTWLU19WC5VbXkbGr+DdtguL3i0GNn7SgP6m4Bihm4lZXrX4nFIBMTK0cWGDWYIM=,iv:4fzYhpYk+TDDszelOwKfZtwllcGxJpfKI3mAWHcJ7Ug=,tag:73OJSIfH8QMjow2xvR/TUg==,type:str] +wifi-env: ENC[AES256_GCM,data:6+fHf25fx/PuutOXhMZqx2JVVSDTW7fQU8XOCc2vyUpg7HiRpOKFu5PIZoJQexvJoBNNciiQkju17+xuxnQ48dsRgsdS+wfH86Af55MfqDjG1el/htEOER9f9sTpMwGjIKD1zalkMp7oX17UlIqiCQg7HfcZFb8T4eHzu9w48umiC3WpwlKLykF5W600gYbXx1E1FjwgCwxJ1zRmBTXoz6WHvQ==,iv:DmUyn3/Q7jwqHrK7wSCqIRO1jJsOHNbmG6a/l1YdMmQ=,tag:S3CtTdFyn2Lg5nGlHVU66g==,type:str] #ENC[AES256_GCM,data:pC2Kdy7wNc0=,iv:J7Ggfv6K3dCzL42j5MGd+BjQGseoAoYs4k6+yc3FSiA=,tag:9MriduP9SEIi+c1q4tfzlQ==,type:comment] sops: kms: [] @@ -27,8 +27,8 @@ sops: RFVEMjg4bjd4SUF2SjVWZVNDWlpiR1EKmWM9G8/vb1+GX4zGiIj/So4apfi3wzyp yGi0T3fen3jzfU38xFZ25Tn0pDTQaSG7PkVKQn9YBJ4pGb9JDPfTjw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-08-21T00:27:31Z" - mac: ENC[AES256_GCM,data:rST3ZwVMS/Us5pufse75X+j1Z2g6Kgb88luYTErBG79IvnoX//GdF7R3JPcQVp2o4rqFO7AU6zvh6PdGZjH3DS28k2iKe1qX1PKxMVihXnFFf8Zh/a/Uc0zvG7nDZ9FrLn4mv98LmKaqSjqsmgycpTY8HgRRaeAo4gXgtOwcF7U=,iv:6mQj3CMCk4yb02HW6y+VyvaHIOS4Dxt5P0krOtQ/pOE=,tag:SQHVH+ZbtdTUsmDRF8oMvA==,type:str] + lastmodified: "2024-09-20T13:52:31Z" + mac: ENC[AES256_GCM,data:IT/GEdJtQHSjzVRdIBIRq1y0Lby4k6gGVDfeg3/bjdDNWkPCnGOc5Uerz3TJ95M3oKMgFiQW2Sa4m/8QX9qhtVfH7gleMhJbzkz1DGKozoCxqWX71BBfiwcAuLG1fzDwfpT4DcRK1ppfC/9kMZ3g7r9Ug6EceXUKXP3uaUgfNjg=,iv:WpEhLffmICyR7bbe0cnT9fjqyL59gVxumz/lsE3oBfU=,tag:k0GSSZeQC9bJ1TWRwhaGQA==,type:str] pgp: - created_at: "2024-09-05T06:10:45Z" enc: |- From 38b05e905ce4dfe0c0462246330726516953df54 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Fri, 20 Sep 2024 14:11:45 -0400 Subject: [PATCH 43/66] fix psk -> pskRaw --- systems/artemision/wifi.nix | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/systems/artemision/wifi.nix b/systems/artemision/wifi.nix index 9223502..20ba954 100644 --- a/systems/artemision/wifi.nix +++ b/systems/artemision/wifi.nix @@ -10,19 +10,19 @@ in userControlled.enable = true; networks = { "taetaethegae-2.0" = { - psk = "ext:PASS_taetaethegae_20"; + pskRaw = "ext:PASS_taetaethegae_20"; priority = home; }; "k" = { - psk = "ext:PASS_k"; + pskRaw = "ext:PASS_k"; priority = always; }; - "Bloomfield".psk = "ext:PASS_bloomfield"; - "9872441500".psk = "ext:PASS_longboat_home"; - "9872441561".psk = "ext:PASS_longboat_home"; - "5HuFios".psk = "ext:PASS_longboat_home"; - "24HuFios".psk = "ext:PASS_longboat_home"; - "Verizon_ZLHQ3H".psk = "ext:PASS_angie"; + "Bloomfield".pskRaw = "ext:PASS_bloomfield"; + "9872441500".pskRaw = "ext:PASS_longboat_home"; + "9872441561".pskRaw = "ext:PASS_longboat_home"; + "5HuFios".pskRaw = "ext:PASS_longboat_home"; + "24HuFios".pskRaw = "ext:PASS_longboat_home"; + "Verizon_ZLHQ3H".pskRaw = "ext:PASS_angie"; "optimumwifi" = { }; "CableWiFi" = { }; "JPMCVisitor" = { }; From 588ea886ac598966c147f41efb305920cb57efdf Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Sun, 15 Sep 2024 19:51:29 -0400 Subject: [PATCH 44/66] add zathura --- users/alice/non-server.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/users/alice/non-server.nix b/users/alice/non-server.nix index 0d4e59e..cab5e8f 100644 --- a/users/alice/non-server.nix +++ b/users/alice/non-server.nix @@ -58,6 +58,7 @@ bitwarden-cli bitwarden-menu wtype + zathura ]; } From a34e4e2485e197e550dba07ded78b5a8fa0609fb Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Thu, 3 Oct 2024 23:00:23 -0400 Subject: [PATCH 45/66] add gh --- users/alice/home/zsh.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/users/alice/home/zsh.nix b/users/alice/home/zsh.nix index e9397ab..dc4ffe1 100644 --- a/users/alice/home/zsh.nix +++ b/users/alice/home/zsh.nix @@ -52,7 +52,7 @@ shellAliases = { "sgc" = "sudo git -C /root/dotfiles"; ## SSH - "ssh-init" = "ssh-add -t 2h ~/.ssh/id_rsa_tails ~/.ssh/id_ed25519_tails ~/.ssh/id_rsa_palatine ~/.ssh/id_ed25519_palatine ~/.ssh/id_ed25519_rota"; + "ssh-init" = "ssh-add -t 2h ~/.ssh/id_rsa_tails ~/.ssh/id_ed25519_tails ~/.ssh/id_rsa_palatine ~/.ssh/id_ed25519_palatine ~/.ssh/id_ed25519_rota ~/.ssh/id_ed25519_gh"; ## Backups "borgmatic-backup-quick" = "sudo borgmatic --log-file-verbosity 2 -v1 --progress --log-file=/var/log/borgmatic.log -c /etc/borgmatic/config_checkless.yaml"; From 30291209bd2e6d92ac64f4d10008507dcdc6e281 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Tue, 8 Oct 2024 23:39:17 -0400 Subject: [PATCH 46/66] flip back to unstable, fix kernel warning --- flake.lock | 116 +++++++++++++++++++++++------------------------ flake.nix | 3 +- modules/boot.nix | 3 +- 3 files changed, 61 insertions(+), 61 deletions(-) diff --git a/flake.lock b/flake.lock index 5154929..760284b 100644 --- a/flake.lock +++ b/flake.lock @@ -17,11 +17,11 @@ ] }, "locked": { - "lastModified": 1726069220, - "narHash": "sha256-dAUWlC8uMJX9iovycfvJcg5nm3PzqJIRAOwN4z322zM=", + "lastModified": 1728241390, + "narHash": "sha256-icNt2T1obK3hFNgBOgiiyOoiScUfz9blmRbNp3aOUBE=", "owner": "zhaofengli", "repo": "attic", - "rev": "416687e59c4f0b32742423458cab2c5ff8fe748a", + "rev": "1b29816235b7573fca7f964709fd201e1a187024", "type": "github" }, "original": { @@ -62,11 +62,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1726372998, - "narHash": "sha256-JPFENJ3kiEm06AhXLM6lZGQ1EJSwVwJQcdM/6PFqMRs=", + "lastModified": 1728360193, + "narHash": "sha256-UpN2xQiIzHLD3WZcr51BKtJTDLbjzB5H8cdg4Zn/LX4=", "owner": "rycee", "repo": "nur-expressions", - "rev": "e8d764f10084bb5ba96300adbb9b3e82550347e9", + "rev": "4728d8775b311938b985c1b8ba07e077990d2a4b", "type": "gitlab" }, "original": { @@ -95,11 +95,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1726153070, - "narHash": "sha256-HO4zgY0ekfwO5bX0QH/3kJ/h4KvUDFZg8YpkNwIbg1U=", + "lastModified": 1727826117, + "narHash": "sha256-K5ZLCyfO/Zj9mPFldf3iwS6oZStJcU4tSpiXTMYaaL0=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "bcef6817a8b2aa20a5a6dbb19b43e63c5bf8619a", + "rev": "3d04084d54bedc3d6b8b736c70ef449225c361b1", "type": "github" }, "original": { @@ -115,11 +115,11 @@ ] }, "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "lastModified": 1726560853, + "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", "type": "github" }, "original": { @@ -156,11 +156,11 @@ ] }, "locked": { - "lastModified": 1726357542, - "narHash": "sha256-p4OrJL2weh0TRtaeu1fmNYP6+TOp/W2qdaIJxxQay4c=", + "lastModified": 1728337164, + "narHash": "sha256-VdRTjJFyq4Q9U7Z/UoC2Q5jK8vSo6E86lHc2OanXtvc=", "owner": "nix-community", "repo": "home-manager", - "rev": "e524c57b1fa55d6ca9d8354c6ce1e538d2a1f47f", + "rev": "038630363e7de57c36c417fd2f5d7c14773403e4", "type": "github" }, "original": { @@ -196,11 +196,11 @@ ] }, "locked": { - "lastModified": 1726370017, - "narHash": "sha256-CJOV4JiLhd++w9K+h2z00DiB4R1CCuElWzhldrXSq5w=", + "lastModified": 1728263287, + "narHash": "sha256-GJDtsxz2/zw6g/Nrp4XVWBS5IaZ7ZUkuvxPOBEDe7pg=", "owner": "Mic92", "repo": "nix-index-database", - "rev": "0a2fba621b6bbf06be0b4edd974236e3d2fcc1a9", + "rev": "5fce10c871bab6d7d5ac9e5e7efbb3a2783f5259", "type": "github" }, "original": { @@ -211,11 +211,11 @@ }, "nixlib": { "locked": { - "lastModified": 1725757153, - "narHash": "sha256-c1a6iLmCVPFI9EUVMrBN8xdmFxFXEjcVwiTSVmqajOs=", + "lastModified": 1728176478, + "narHash": "sha256-px3Q0W//c+mZ4kPMXq4poztsjtXM1Ja1rN+825YMDUQ=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "68584f89dd0eb16fea5d80ae127f3f681f6a5df7", + "rev": "b61309c3c1b6013d36299bc8285612865b3b9e4c", "type": "github" }, "original": { @@ -232,11 +232,11 @@ ] }, "locked": { - "lastModified": 1726102718, - "narHash": "sha256-u89QyfjtXryLHrO3Wre4kuWK5KDKiXe8lgRi6+cUOEw=", + "lastModified": 1728308313, + "narHash": "sha256-GThSJ4OcPOOtf8j8ge7ik4141BHVbBALu0N7Ju+Nw18=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "5ae384b83b91080f0fead6bc1add1cff8277cb3f", + "rev": "71f9c8bcc87f15dba12515e94e40de243b5db103", "type": "github" }, "original": { @@ -247,11 +247,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1725885300, - "narHash": "sha256-5RLEnou1/GJQl+Wd+Bxaj7QY7FFQ9wjnFq1VNEaxTmc=", + "lastModified": 1728269138, + "narHash": "sha256-oKxDImsOvgUZMY4NwXVyUc/c1HiU2qInX+b5BU0yXls=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "166dee4f88a7e3ba1b7a243edb1aca822f00680e", + "rev": "ecfcd787f373f43307d764762e139a7cdeb9c22b", "type": "github" }, "original": { @@ -271,11 +271,11 @@ "search": "search" }, "locked": { - "lastModified": 1726392876, - "narHash": "sha256-+3AevmxWvC/H4I9TWAJSa+Y6QDY2+2cSZiSrOkLGJ/8=", + "lastModified": 1728343657, + "narHash": "sha256-ZDab/JvQCd1SjBhircwy/d61ifZCLq18z/HqxXPrDwE=", "owner": "SuperSandro2000", "repo": "nixos-modules", - "rev": "fb562371c3773fc1554cf450c93db35c377f4b3b", + "rev": "74c3fda68e38372df97c9c1888543bc630341c25", "type": "github" }, "original": { @@ -286,39 +286,39 @@ }, "nixpkgs": { "locked": { - "lastModified": 1726668377, - "narHash": "sha256-M+e6hbPy9YF8/Gb6EmmvkL0HGcz51jdRJKv3xrp9g1s=", - "owner": "rnhmjoj", + "lastModified": 1728241625, + "narHash": "sha256-yumd4fBc/hi8a9QgA9IT8vlQuLZ2oqhkJXHPKxH/tRw=", + "owner": "nixos", "repo": "nixpkgs", - "rev": "98c67f661daa23112cef0bedffebf9f285f24dbe", + "rev": "c31898adf5a8ed202ce5bea9f347b1c6871f32d1", "type": "github" }, "original": { - "owner": "rnhmjoj", - "ref": "pr-wpa-fix", + "owner": "nixos", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } }, "nixpkgs-lib": { "locked": { - "lastModified": 1725233747, - "narHash": "sha256-Ss8QWLXdr2JCBPcYChJhz4xJm+h/xjl4G0c0XlP6a74=", + "lastModified": 1727825735, + "narHash": "sha256-0xHYkMkeLVQAMa7gvkddbPqpxph+hDzdu1XdGPJR+Os=", "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/356624c12086a18f2ea2825fed34523d60ccc4e3.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/fb192fec7cc7a4c26d51779e9bab07ce6fa5597a.tar.gz" }, "original": { "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/356624c12086a18f2ea2825fed34523d60ccc4e3.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/fb192fec7cc7a4c26d51779e9bab07ce6fa5597a.tar.gz" } }, "nixpkgs-stable": { "locked": { - "lastModified": 1726320982, - "narHash": "sha256-RuVXUwcYwaUeks6h3OLrEmg14z9aFXdWppTWPMTwdQw=", + "lastModified": 1728193676, + "narHash": "sha256-PbDWAIjKJdlVg+qQRhzdSor04bAPApDqIv2DofTyynk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "8f7492cce28977fbf8bd12c72af08b1f6c7c3e49", + "rev": "ecbc1ca8ffd6aea8372ad16be9ebbb39889e55b6", "type": "github" }, "original": { @@ -342,11 +342,11 @@ ] }, "locked": { - "lastModified": 1725513492, - "narHash": "sha256-tyMUA6NgJSvvQuzB7A1Sf8+0XCHyfSPRx/b00o6K0uo=", + "lastModified": 1728092656, + "narHash": "sha256-eMeCTJZ5xBeQ0f9Os7K8DThNVSo9gy4umZLDfF5q6OM=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "7570de7b9b504cfe92025dd1be797bf546f66528", + "rev": "1211305a5b237771e13fcca0c51e60ad47326a9a", "type": "github" }, "original": { @@ -384,11 +384,11 @@ ] }, "locked": { - "lastModified": 1726382494, - "narHash": "sha256-T7W+ohiXe1IY0yf/PpS4wQItZ0SyRO+/v8kqNpMXlI4=", + "lastModified": 1728354625, + "narHash": "sha256-r+Sa1NRRT7LXKzCaVaq75l1GdZcegODtF06uaxVVVbI=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "ff13821613ffe5dbfeb4fe353b1f4bf291d831db", + "rev": "d216ade5a0091ce60076bf1f8bc816433a1fc5da", "type": "github" }, "original": { @@ -409,11 +409,11 @@ ] }, "locked": { - "lastModified": 1726208959, - "narHash": "sha256-Bq2YtXyHhDpBrqDlJysQgbhvauyiYTQXt7d6xxZdRck=", + "lastModified": 1728017046, + "narHash": "sha256-ofWYux/uUAv8wq7sWw8XWke0sh8p4qYxSOn8d+EaJ8c=", "owner": "nuschtos", "repo": "search", - "rev": "4267d5c5b51591a9553eefbd12172da050ee3433", + "rev": "ba81d9c1eae20fc3a1cd066062a05ac2e799e629", "type": "github" }, "original": { @@ -432,11 +432,11 @@ ] }, "locked": { - "lastModified": 1726218807, - "narHash": "sha256-z7CoWbSOtsOz8TmRKDnobURkKfv6nPZCo3ayolNuQGc=", + "lastModified": 1728345710, + "narHash": "sha256-lpunY1+bf90ts+sA2/FgxVNIegPDKCpEoWwOPu4ITTQ=", "owner": "Mic92", "repo": "sops-nix", - "rev": "f30b1bac192e2dc252107ac8a59a03ad25e1b96e", + "rev": "06535d0e3d0201e6a8080dd32dbfde339b94f01b", "type": "github" }, "original": { @@ -473,11 +473,11 @@ ] }, "locked": { - "lastModified": 1723726454, - "narHash": "sha256-CdsBLja4rJ7VPvtsivyZm9VFKAt4hzL3jZbKrfiDvsQ=", + "lastModified": 1727849733, + "narHash": "sha256-mqxs/nyzOEKiBHa94OtcOLYBXd65P8tO4DUVTHWHn6o=", "owner": "Toqozz", "repo": "wired-notify", - "rev": "946adddcb704806195d976b738066f591b41b7d4", + "rev": "a1f6965737754e7424f9468f6befef885a9ee0ad", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index ee8a0a6..87b7786 100644 --- a/flake.nix +++ b/flake.nix @@ -22,8 +22,7 @@ flake-compat.url = "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"; flake-parts.url = "github:hercules-ci/flake-parts"; nixos-hardware.url = "github:NixOS/nixos-hardware"; - #nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; - nixpkgs.url = "github:rnhmjoj/nixpkgs/pr-wpa-fix"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.05"; systems.url = "github:nix-systems/default"; diff --git a/modules/boot.nix b/modules/boot.nix index 3680e5e..fa4bfa2 100644 --- a/modules/boot.nix +++ b/modules/boot.nix @@ -2,6 +2,7 @@ config, lib, libS, + pkgs, ... }: @@ -34,7 +35,7 @@ in config.boot = lib.mkIf cfg.default { supportedFilesystems = [ cfg.filesystem ]; tmp.useTmpfs = true; - kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; + kernelPackages = pkgs.linuxPackages_6_10; kernelParams = [ "nordrand" ] ++ lib.optional (cfg.cpuType == "amd") "kvm-amd" From 8c1762a28d867ed1cc61e56c0f950a3e6e63c022 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Thu, 10 Oct 2024 13:57:03 -0400 Subject: [PATCH 47/66] update flake lock --- flake.lock | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index 760284b..a6c3f34 100644 --- a/flake.lock +++ b/flake.lock @@ -62,11 +62,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1728360193, - "narHash": "sha256-UpN2xQiIzHLD3WZcr51BKtJTDLbjzB5H8cdg4Zn/LX4=", + "lastModified": 1728533014, + "narHash": "sha256-fDu4kCTw82r79DpDRjoX9sh2INwZ5l9Alv1kYXVtyHY=", "owner": "rycee", "repo": "nur-expressions", - "rev": "4728d8775b311938b985c1b8ba07e077990d2a4b", + "rev": "a19c9b6e6fd1d4d82263963345cd8e672dc67aff", "type": "gitlab" }, "original": { @@ -232,11 +232,11 @@ ] }, "locked": { - "lastModified": 1728308313, - "narHash": "sha256-GThSJ4OcPOOtf8j8ge7ik4141BHVbBALu0N7Ju+Nw18=", + "lastModified": 1728522165, + "narHash": "sha256-UQpsJ0Ev6JBGsCYRlS2oOVvb+eWcDD0xTV3RVlqbeVU=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "71f9c8bcc87f15dba12515e94e40de243b5db103", + "rev": "40c8d30c490414910fc63626ad1b67af7db40cd3", "type": "github" }, "original": { @@ -271,11 +271,11 @@ "search": "search" }, "locked": { - "lastModified": 1728343657, - "narHash": "sha256-ZDab/JvQCd1SjBhircwy/d61ifZCLq18z/HqxXPrDwE=", + "lastModified": 1728511815, + "narHash": "sha256-AwNRSJSSZWZvWYZiETFcseHwYlLl3tO7F4ANpo7F0OQ=", "owner": "SuperSandro2000", "repo": "nixos-modules", - "rev": "74c3fda68e38372df97c9c1888543bc630341c25", + "rev": "be772d418be283dd9d08e72857935f25902d8d12", "type": "github" }, "original": { @@ -286,11 +286,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1728241625, - "narHash": "sha256-yumd4fBc/hi8a9QgA9IT8vlQuLZ2oqhkJXHPKxH/tRw=", + "lastModified": 1728492678, + "narHash": "sha256-9UTxR8eukdg+XZeHgxW5hQA9fIKHsKCdOIUycTryeVw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c31898adf5a8ed202ce5bea9f347b1c6871f32d1", + "rev": "5633bcff0c6162b9e4b5f1264264611e950c8ec7", "type": "github" }, "original": { @@ -314,11 +314,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1728193676, - "narHash": "sha256-PbDWAIjKJdlVg+qQRhzdSor04bAPApDqIv2DofTyynk=", + "lastModified": 1728500571, + "narHash": "sha256-dOymOQ3AfNI4Z337yEwHGohrVQb4yPODCW9MDUyAc4w=", "owner": "nixos", "repo": "nixpkgs", - "rev": "ecbc1ca8ffd6aea8372ad16be9ebbb39889e55b6", + "rev": "d51c28603def282a24fa034bcb007e2bcb5b5dd0", "type": "github" }, "original": { @@ -384,11 +384,11 @@ ] }, "locked": { - "lastModified": 1728354625, - "narHash": "sha256-r+Sa1NRRT7LXKzCaVaq75l1GdZcegODtF06uaxVVVbI=", + "lastModified": 1728527353, + "narHash": "sha256-GY755PX8CbGH3O9iKqauhkFTdP9WSKcOfOkZBe3SOqw=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "d216ade5a0091ce60076bf1f8bc816433a1fc5da", + "rev": "94749eee5a2b351b6893d5bddb0a18f7f01251ac", "type": "github" }, "original": { @@ -409,11 +409,11 @@ ] }, "locked": { - "lastModified": 1728017046, - "narHash": "sha256-ofWYux/uUAv8wq7sWw8XWke0sh8p4qYxSOn8d+EaJ8c=", + "lastModified": 1728423244, + "narHash": "sha256-+YwNsyIFj3dXyLVQd1ry4pCNmtOpbceKUrkNS8wp9Ho=", "owner": "nuschtos", "repo": "search", - "rev": "ba81d9c1eae20fc3a1cd066062a05ac2e799e629", + "rev": "f276cc3b391493ba3a8b30170776860f9520b7fa", "type": "github" }, "original": { From cff3cd30dd4f9cc0e318eec4866bed32bb1e82b8 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Sat, 12 Oct 2024 14:53:25 -0400 Subject: [PATCH 48/66] update flake lock --- flake.lock | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/flake.lock b/flake.lock index a6c3f34..ea6f304 100644 --- a/flake.lock +++ b/flake.lock @@ -17,11 +17,11 @@ ] }, "locked": { - "lastModified": 1728241390, - "narHash": "sha256-icNt2T1obK3hFNgBOgiiyOoiScUfz9blmRbNp3aOUBE=", + "lastModified": 1728577371, + "narHash": "sha256-f3bKclEV5t1eP1OH7kTGv/tLzlToSRIe0ktkdl1jihw=", "owner": "zhaofengli", "repo": "attic", - "rev": "1b29816235b7573fca7f964709fd201e1a187024", + "rev": "e5c8d2d50981a34602358d917e7be011b2c397a8", "type": "github" }, "original": { @@ -62,11 +62,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1728533014, - "narHash": "sha256-fDu4kCTw82r79DpDRjoX9sh2INwZ5l9Alv1kYXVtyHY=", + "lastModified": 1728728052, + "narHash": "sha256-c3a3lFl+dscjyQHgTwZ8cxmn3ZL2haU6pBEpWdYSMcA=", "owner": "rycee", "repo": "nur-expressions", - "rev": "a19c9b6e6fd1d4d82263963345cd8e672dc67aff", + "rev": "8f2c44880171bdb4ddf3d2ab55227259b02e61e2", "type": "gitlab" }, "original": { @@ -156,11 +156,11 @@ ] }, "locked": { - "lastModified": 1728337164, - "narHash": "sha256-VdRTjJFyq4Q9U7Z/UoC2Q5jK8vSo6E86lHc2OanXtvc=", + "lastModified": 1728726232, + "narHash": "sha256-8ZWr1HpciQsrFjvPMvZl0W+b0dilZOqXPoKa2Ux36bc=", "owner": "nix-community", "repo": "home-manager", - "rev": "038630363e7de57c36c417fd2f5d7c14773403e4", + "rev": "d57112db877f07387ce7104b5ac346ede556d2d7", "type": "github" }, "original": { @@ -247,11 +247,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1728269138, - "narHash": "sha256-oKxDImsOvgUZMY4NwXVyUc/c1HiU2qInX+b5BU0yXls=", + "lastModified": 1728729581, + "narHash": "sha256-oazkQ/z7r43YkDLLQdMg8oIB3CwWNb+2ZrYOxtLEWTQ=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "ecfcd787f373f43307d764762e139a7cdeb9c22b", + "rev": "a8dd1b21995964b115b1e3ec639dd6ce24ab9806", "type": "github" }, "original": { @@ -271,11 +271,11 @@ "search": "search" }, "locked": { - "lastModified": 1728511815, - "narHash": "sha256-AwNRSJSSZWZvWYZiETFcseHwYlLl3tO7F4ANpo7F0OQ=", + "lastModified": 1728695763, + "narHash": "sha256-LCaXkWWL70pHfqCBd49v9j7KvMKoAdCC167Cb2ibRzg=", "owner": "SuperSandro2000", "repo": "nixos-modules", - "rev": "be772d418be283dd9d08e72857935f25902d8d12", + "rev": "f7bf9fb1fea05a56adb0857c93fae71d0e6e55a4", "type": "github" }, "original": { @@ -314,11 +314,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1728500571, - "narHash": "sha256-dOymOQ3AfNI4Z337yEwHGohrVQb4yPODCW9MDUyAc4w=", + "lastModified": 1728627514, + "narHash": "sha256-r+SF9AnHrTg+bk6YszoKfV9lgyw+yaFUQe0dOjI0Z2o=", "owner": "nixos", "repo": "nixpkgs", - "rev": "d51c28603def282a24fa034bcb007e2bcb5b5dd0", + "rev": "c505ebf777526041d792a49d5f6dd4095ea391a7", "type": "github" }, "original": { @@ -342,11 +342,11 @@ ] }, "locked": { - "lastModified": 1728092656, - "narHash": "sha256-eMeCTJZ5xBeQ0f9Os7K8DThNVSo9gy4umZLDfF5q6OM=", + "lastModified": 1728727368, + "narHash": "sha256-7FMyNISP7K6XDSIt1NJxkXZnEdV3HZUXvFoBaJ/qdOg=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "1211305a5b237771e13fcca0c51e60ad47326a9a", + "rev": "eb74e0be24a11a1531b5b8659535580554d30b28", "type": "github" }, "original": { @@ -384,11 +384,11 @@ ] }, "locked": { - "lastModified": 1728527353, - "narHash": "sha256-GY755PX8CbGH3O9iKqauhkFTdP9WSKcOfOkZBe3SOqw=", + "lastModified": 1728700003, + "narHash": "sha256-Ox1pvEHxLK6lAdaKQW21Zvk65SPDag+cD8YA444R/og=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "94749eee5a2b351b6893d5bddb0a18f7f01251ac", + "rev": "fc1e58ebabe0cef4442eedea07556ff0c9eafcfe", "type": "github" }, "original": { From 5a6975bfd8b23a10ebcb284a4725300379e45dd7 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Tue, 15 Oct 2024 01:45:58 -0400 Subject: [PATCH 49/66] update flake lock --- flake.lock | 54 +++++++++++++++++++++++++++--------------------------- 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/flake.lock b/flake.lock index ea6f304..5d161e7 100644 --- a/flake.lock +++ b/flake.lock @@ -62,11 +62,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1728728052, - "narHash": "sha256-c3a3lFl+dscjyQHgTwZ8cxmn3ZL2haU6pBEpWdYSMcA=", + "lastModified": 1728965006, + "narHash": "sha256-TXBxJMGC6P+cn5La/lIgVzb9ETutsOI3A3urHihB7FA=", "owner": "rycee", "repo": "nur-expressions", - "rev": "8f2c44880171bdb4ddf3d2ab55227259b02e61e2", + "rev": "f4947cf2d1a469b23fee54ad948c539f6aa431a7", "type": "gitlab" }, "original": { @@ -156,11 +156,11 @@ ] }, "locked": { - "lastModified": 1728726232, - "narHash": "sha256-8ZWr1HpciQsrFjvPMvZl0W+b0dilZOqXPoKa2Ux36bc=", + "lastModified": 1728903686, + "narHash": "sha256-ZHFrGNWDDriZ4m8CA/5kDa250SG1LiiLPApv1p/JF0o=", "owner": "nix-community", "repo": "home-manager", - "rev": "d57112db877f07387ce7104b5ac346ede556d2d7", + "rev": "e1aec543f5caf643ca0d94b6a633101942fd065f", "type": "github" }, "original": { @@ -196,11 +196,11 @@ ] }, "locked": { - "lastModified": 1728263287, - "narHash": "sha256-GJDtsxz2/zw6g/Nrp4XVWBS5IaZ7ZUkuvxPOBEDe7pg=", + "lastModified": 1728790083, + "narHash": "sha256-grMdAd4KSU6uPqsfLzA1B/3pb9GtGI9o8qb0qFzEU/Y=", "owner": "Mic92", "repo": "nix-index-database", - "rev": "5fce10c871bab6d7d5ac9e5e7efbb3a2783f5259", + "rev": "5c54c33aa04df5dd4b0984b7eb861d1981009b22", "type": "github" }, "original": { @@ -211,11 +211,11 @@ }, "nixlib": { "locked": { - "lastModified": 1728176478, - "narHash": "sha256-px3Q0W//c+mZ4kPMXq4poztsjtXM1Ja1rN+825YMDUQ=", + "lastModified": 1728781282, + "narHash": "sha256-hUP9oxmnOmNnKcDOf5Y55HQ+NnoT0+bLWHLQWLLw9Ks=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "b61309c3c1b6013d36299bc8285612865b3b9e4c", + "rev": "16340f605f4e8e5cf07fd74dcbe692eee2d4f51b", "type": "github" }, "original": { @@ -232,11 +232,11 @@ ] }, "locked": { - "lastModified": 1728522165, - "narHash": "sha256-UQpsJ0Ev6JBGsCYRlS2oOVvb+eWcDD0xTV3RVlqbeVU=", + "lastModified": 1728867876, + "narHash": "sha256-NCyOA8WZNoojmXH+kBDrQj3LwvakYNzSc0h+LTXkmPE=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "40c8d30c490414910fc63626ad1b67af7db40cd3", + "rev": "fdf142111597f6c6283cf5ffe092b6293a3911d0", "type": "github" }, "original": { @@ -271,11 +271,11 @@ "search": "search" }, "locked": { - "lastModified": 1728695763, - "narHash": "sha256-LCaXkWWL70pHfqCBd49v9j7KvMKoAdCC167Cb2ibRzg=", + "lastModified": 1728919967, + "narHash": "sha256-zQl8z8iagvrekF4tFK1au7mGH8x0zoGppo6geLPioQk=", "owner": "SuperSandro2000", "repo": "nixos-modules", - "rev": "f7bf9fb1fea05a56adb0857c93fae71d0e6e55a4", + "rev": "1aba521c9cd2cd97490846ac83fd73ae84625c8a", "type": "github" }, "original": { @@ -314,11 +314,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1728627514, - "narHash": "sha256-r+SF9AnHrTg+bk6YszoKfV9lgyw+yaFUQe0dOjI0Z2o=", + "lastModified": 1728740863, + "narHash": "sha256-u+rxA79a0lyhG+u+oPBRtTDtzz8kvkc9a6SWSt9ekVc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c505ebf777526041d792a49d5f6dd4095ea391a7", + "rev": "a3f9ad65a0bf298ed5847629a57808b97e6e8077", "type": "github" }, "original": { @@ -342,11 +342,11 @@ ] }, "locked": { - "lastModified": 1728727368, - "narHash": "sha256-7FMyNISP7K6XDSIt1NJxkXZnEdV3HZUXvFoBaJ/qdOg=", + "lastModified": 1728778939, + "narHash": "sha256-WybK5E3hpGxtCYtBwpRj1E9JoiVxe+8kX83snTNaFHE=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "eb74e0be24a11a1531b5b8659535580554d30b28", + "rev": "ff68f91754be6f3427e4986d7949e6273659be1d", "type": "github" }, "original": { @@ -384,11 +384,11 @@ ] }, "locked": { - "lastModified": 1728700003, - "narHash": "sha256-Ox1pvEHxLK6lAdaKQW21Zvk65SPDag+cD8YA444R/og=", + "lastModified": 1728959392, + "narHash": "sha256-fp4he1QQjE+vasDMspZYeXrwTm9otwEqLwEN6FKZ5v0=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "fc1e58ebabe0cef4442eedea07556ff0c9eafcfe", + "rev": "4c6e317300f05b8871f585b826b6f583e7dc4a9b", "type": "github" }, "original": { From f024f7e49ae3a46e2a07a324de252a1eaa67a078 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Sat, 19 Oct 2024 16:17:31 -0400 Subject: [PATCH 50/66] enable ADB on artemision Signed-off-by: ahuston-0 --- systems/artemision/configuration.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/systems/artemision/configuration.nix b/systems/artemision/configuration.nix index 910b165..abbc58c 100644 --- a/systems/artemision/configuration.nix +++ b/systems/artemision/configuration.nix @@ -95,6 +95,8 @@ system.autoUpgrade.enable = false; system.stateVersion = "24.05"; + programs.adb.enable = true; + sops = { defaultSopsFile = ./secrets.yaml; secrets = { From bfccadf416b53bfb3094b6b08110f7db5a32214a Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Sun, 20 Oct 2024 01:26:35 -0400 Subject: [PATCH 51/66] add hyprlock and hypridle Signed-off-by: ahuston-0 --- systems/artemision/desktop.nix | 8 +++ users/alice/home/doom/custom.el | 3 ++ users/alice/home/hypr/default.nix | 5 ++ users/alice/home/hypr/hypridle.nix | 47 +++++++++++++++++ users/alice/home/hypr/hyprlock.nix | 84 ++++++++++++++++++++++++++++++ 5 files changed, 147 insertions(+) create mode 100644 users/alice/home/hypr/hypridle.nix create mode 100644 users/alice/home/hypr/hyprlock.nix diff --git a/systems/artemision/desktop.nix b/systems/artemision/desktop.nix index 6094994..a8e4065 100644 --- a/systems/artemision/desktop.nix +++ b/systems/artemision/desktop.nix @@ -8,6 +8,7 @@ enable = true; xwayland.enable = true; }; + hyprlock.enable = true; gnupg.agent = { enable = true; #pinentryPackage = pkgs.pinentry-rofi; @@ -54,6 +55,13 @@ }; }; + powerManagement = { + enable = true; + resumeCommands = '' + ${pkgs.hyprlock}/bin/hyprlock -c /home/alice/.config/hypr/hyprlock.conf + ''; + }; + environment.systemPackages = with pkgs; [ libsForQt5.qt5.qtwayland qt6.qtwayland diff --git a/users/alice/home/doom/custom.el b/users/alice/home/doom/custom.el index 358c338..12a953b 100644 --- a/users/alice/home/doom/custom.el +++ b/users/alice/home/doom/custom.el @@ -19,3 +19,6 @@ (setq! lsp-enable-suggest-server-download nil) ;; (keychain-refresh-environment) + +(setq! lsp-nix-nil-max-mem 20000) +(setq! lsp-nix-nil-formatter ["nixfmt"]) diff --git a/users/alice/home/hypr/default.nix b/users/alice/home/hypr/default.nix index 09f1d5d..04280e6 100644 --- a/users/alice/home/hypr/default.nix +++ b/users/alice/home/hypr/default.nix @@ -9,4 +9,9 @@ xdg.configFile = { "hypr/hyprland.conf".source = ./hyprland.conf; }; + + imports = [ + ./hyprlock.nix + ./hypridle.nix + ]; } diff --git a/users/alice/home/hypr/hypridle.nix b/users/alice/home/hypr/hypridle.nix new file mode 100644 index 0000000..1d6341f --- /dev/null +++ b/users/alice/home/hypr/hypridle.nix @@ -0,0 +1,47 @@ +{ + config, + lib, + pkgs, + ... +}: + +{ + services.hypridle = { + enable = true; + settings = { + general = { + lock_cmd = "pidof hyprlock || hyprlock --immediate --immediate-render"; # avoid starting multiple hyprlock instances. + before_sleep_cmd = "loginctl lock-session"; # lock before suspend. + after_sleep_cmd = "hyprctl dispatch dpms on"; # to avoid having to press a key twice to turn on the display. + }; + + listener = [ + { + timeout = 150; # 2.5min. + on-timeout = "brightnessctl -s set 1"; # set monitor backlight to minimum, avoid 0 on OLED monitor. + on-resume = "brightnessctl -r"; # monitor backlight restore. + } + # turn off keyboard backlight, comment out this section if you dont have a keyboard backlight. + { + timeout = 150; # 2.5min. + on-timeout = "brightnessctl -sd rgb:kbd_backlight set 0"; # turn off keyboard backlight. + on-resume = "brightnessctl -rd rgb:kbd_backlight"; # turn on keyboard backlight. + } + { + timeout = 300; # 5min + on-timeout = "loginctl lock-session"; # lock screen when timeout has passed + + } + { + timeout = 330; # 5.5min + on-timeout = "hyprctl dispatch dpms off"; # screen off when timeout has passed + on-resume = "hyprctl dispatch dpms on"; # screen on when activity is detected after timeout has fired. + } + { + timeout = 1800; # 30min + on-timeout = "systemctl suspend"; # suspend pc + } + ]; + }; + }; +} diff --git a/users/alice/home/hypr/hyprlock.nix b/users/alice/home/hypr/hyprlock.nix new file mode 100644 index 0000000..b90b2e6 --- /dev/null +++ b/users/alice/home/hypr/hyprlock.nix @@ -0,0 +1,84 @@ +{ + config, + lib, + pkgs, + ... +}: + +{ + programs.hyprlock = { + enable = true; + settings = { + general = { + immediate_render = true; + no_fade_in = true; + }; + background = { + monitor = ""; + #path = /home/me/someImage.png # supports png, jpg, webp (no animations, though) + path = "screenshot"; + color = "rgba(25, 20, 20, 1.0)"; + + # all these options are taken from hyprland, see https://wiki.hyprland.org/Configuring/Variables/#blur for explanations + blur_passes = 3; # 0 disables blurring + blur_size = 7; + noise = 1.17e-2; + contrast = 0.8916; + brightness = 0.8172; + vibrancy = 0.1696; + vibrancy_darkness = 0.0; + }; + + image = { + monitor = ""; + path = "/home/alice/Pictures/PXL_20240408_192537608-EDIT.jpg"; + size = 350; # lesser side if not 1:1 ratio + rounding = -1; # negative values mean circle + border_size = 4; + border_color = "rgb(221, 221, 221)"; + rotate = 0; # degrees, counter-clockwise + reload_time = -1; # seconds between reloading, 0 to reload with SIGUSR2 + reload_cmd = ""; # command to get new path. if empty, old path will be used. don't run "follow" commands like tail -F + + position = "0, 100"; + halign = "center"; + valign = "center"; + }; + + input-field = { + monitor = ""; + size = "400, 50"; + outline_thickness = 3; + dots_size = 0.33; # Scale of input-field height, 0.2 - 0.8 + dots_spacing = 0.15; # Scale of dots' absolute size, -1.0 - 1.0 + dots_center = false; + dots_rounding = -1; # -1 default circle, -2 follow input-field rounding + dots_fade_time = 200; # Milliseconds until a dot fully fades in + dots_text_format = ""; # Text character used for the input indicator. Leave empty for a rectangle that will be rounded via dots_rounding (default). + outer_color = "rgb(151515)"; + inner_color = "rgb(200, 200, 200)"; + font_color = "rgb(10, 10, 10)"; + font_family = "Noto Sans"; # Font used for placeholder_text, fail_text and dots_text_format. + fade_on_empty = false; + fade_timeout = 1000; # Milliseconds before fade_on_empty is triggered. + placeholder_text = "Input Password..."; # Text rendered in the input box when it's empty. + hide_input = false; + rounding = -1; # -1 means complete rounding (circle/oval) + check_color = "rgb(204, 136, 34)"; + fail_color = "rgb(204, 34, 34)"; # if authentication failed, changes outer_color and fail message color + fail_text = "$FAIL ($ATTEMPTS)"; # can be set to empty + fail_timeout = 2000; # milliseconds before fail_text and fail_color disappears + fail_transition = 300; # transition time in ms between normal outer_color and fail_color + capslock_color = -1; + numlock_color = -1; + bothlock_color = -1; # when both locks are active. -1 means don't change outer color (same for above) + invert_numlock = false; # change color if numlock is off + swap_font_color = false; # see below + + position = "0, -200"; + halign = "center"; + valign = "center"; + }; + }; + }; +} From 4bf03a22fd5c5dcd7a20055ea20eff963b999bcd Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Sun, 20 Oct 2024 18:41:49 -0400 Subject: [PATCH 52/66] add gitea Signed-off-by: ahuston-0 --- modules/update.nix | 2 +- systems/palatine-hill/configuration.nix | 1 + systems/palatine-hill/gitea.nix | 30 +++++++++++++++++++++++++ systems/palatine-hill/secrets.yaml | 8 ++++--- 4 files changed, 37 insertions(+), 4 deletions(-) create mode 100644 systems/palatine-hill/gitea.nix diff --git a/modules/update.nix b/modules/update.nix index 143a4f8..0146082 100644 --- a/modules/update.nix +++ b/modules/update.nix @@ -1,7 +1,7 @@ { lib, ... }: { services.autopull = { - enable = lib.mkDefault false; + enable = lib.mkDefault true; repo.dotfiles = { enable = lib.mkDefault false; ssh-key = lib.mkDefault "/root/.ssh/id_ed25519_ghdeploy"; diff --git a/systems/palatine-hill/configuration.nix b/systems/palatine-hill/configuration.nix index 1c9b253..3767cdb 100644 --- a/systems/palatine-hill/configuration.nix +++ b/systems/palatine-hill/configuration.nix @@ -8,6 +8,7 @@ imports = [ ./attic ./docker.nix + ./gitea.nix ./haproxy ./hardware-changes.nix ./hydra.nix diff --git a/systems/palatine-hill/gitea.nix b/systems/palatine-hill/gitea.nix new file mode 100644 index 0000000..ae0050e --- /dev/null +++ b/systems/palatine-hill/gitea.nix @@ -0,0 +1,30 @@ +{ + config, + lib, + pkgs, + ... +}: +let + base_path = "/ZFS/ZFS-primary/gitea"; +in +{ + services.gitea = { + enable = true; + appName = "Nyx's Gitea"; # Give the site a name + database = { + type = "postgres"; + passwordFile = config.sops.secrets."gitea/dbpass".path; + host = "127.0.0.1:5432"; + }; + domain = "git.alicehuston.xyz"; + rootUrl = "https://git.alicehuston.xyz/"; + httpPort = 443; + stateDir = base_path; + lfs.enable = true; + recommendedDefaults = true; + }; + + sops.secrets = { + "gitea/dbpass".owner = "gitea"; + }; +} diff --git a/systems/palatine-hill/secrets.yaml b/systems/palatine-hill/secrets.yaml index 0ff3f91..50bf7f5 100644 --- a/systems/palatine-hill/secrets.yaml +++ b/systems/palatine-hill/secrets.yaml @@ -8,6 +8,8 @@ attic: adm: ENC[AES256_GCM,data:fTXg7sVtyjzm2zPLBSYX0wsAjhPZz/fwOWjk6bYEFNDAz9Esw2VFqG84E53cSj62KxClx8jlakA6RyXH5betcrxoRybrEuvdej76TS4kAP3cgK1OUEbcw0gWsgJPleH2BVAn6/5AhtISmglx0RykyKDtjBoxO1ewwwKesd5brIBD2DhLyaYJLFB42to1HmLe7FgYDaR2Q/W5B6W7RMueFwjA4/Y2ELoFQpwqF2HvcyFO58x8BFhIla6T+MB5l5I2qoYNlN5AayUur5xlALRUGH2PCJEiTrt8hXhYPkSlkiiwORBwwK7w89kO+tsHoDW8u3F/aKBbBnikIkaXnSa694mg0twmTOYL,iv:OBk9nrRA2t/9DvEI/OJTwp8nX4iP+foohueZON9Tlgs=,tag:Y1hVX2wva9QridJ5els9Fg==,type:str] postgres: init: ENC[AES256_GCM,data:Pq24kdMXLAbePqIHPiJx3xXYEm2UbY598iNDf+z2k1HDhStHAd10CCyJYEgppCw2lkDNY54A3PQ=,iv:RE9DQ9Xw4tDFBD67dk3ggyqYqoGVhZf5kO53WoF3fJ4=,tag:dZwZfgI2H9JTClkyUI1MqQ==,type:str] +gitea: + dbpass: ENC[AES256_GCM,data:UXc/5vBoe07DUbWrw6o=,iv:sDNK+g+9YLoN54UVVCe0ZSZQ1BrUCLVCSDfp5/A65A0=,tag:La0PXWzplDiT5eoXDheP7w==,type:str] upsmon: password: ENC[AES256_GCM,data:0tZKzQOYaij9jdnDTv61ma8i,iv:GEqlCOOUHTjUzfz+X5lCnqcX9SjAG6bVc8Luv97wnSg=,tag:XLvsucW6sIMHKG2AHmxZEw==,type:str] minio: @@ -29,8 +31,8 @@ sops: d241ZnZ2MWg3YVNBbkh2S0NqeE5PdFEKWqnQH4kZszkKZTSgur0c5hGMoMx9zBdz tSvUbe2+WKX7q6y7XqsD1KjFI+POVDF+YN7H9ja96+JqvKRteXNhCg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-07-07T23:09:33Z" - mac: ENC[AES256_GCM,data:nr1JAEr2FGrYtiUhrQFsBPbiR+toxzYRZVPqq7zYBMeNy70a5jMgw6qm37M8Hmt7omO/KePE+Ol27FI9Aqn8OP3CQZoSWZbul+TTItV5UWC84G3MebaesnIiFQwbpM9hz08VoQ1zxUiUFnUY4bBr6okNSyJeqq/QmkkyqhK4Wlo=,iv:0MR7AiQEX2Cl7FUtRlxaY+R2oqSbanIhwaXAN/UnHH0=,tag:RpQCtsuelu3VQVB9HzJE+g==,type:str] + lastmodified: "2024-10-20T05:31:08Z" + mac: ENC[AES256_GCM,data:YA4sgsQkb5wdz5dYpFZ7tA7ioOijurTbmfHdWXPC6bvvfyZymR+SwlLtAxoD/oN0/AUYgPJWzOuisARuxLB+zmZf6fHs/mOAlzNVZreigACJkKqRwtOfY0K8IlaWZgANB7Y524UNmDzsalnmNAsdp0pWkeuvKTUw5FwJHoUHOxU=,iv:r+DTXMqTHf+SQbgI6WodYLt0E7CTmz4CtgotE+lNdSg=,tag:Zh3/4IYIkCb1mq4foj4PqQ==,type:str] pgp: - created_at: "2024-09-05T06:10:49Z" enc: |- @@ -45,4 +47,4 @@ sops: -----END PGP MESSAGE----- fp: 5EFFB75F7C9B74EAA5C4637547940175096C1330 unencrypted_suffix: _unencrypted - version: 3.8.1 + version: 3.9.1 From 3c3f7d0b5eaec3717395647e18e3ce8a7409294b Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Sun, 20 Oct 2024 18:43:55 -0400 Subject: [PATCH 53/66] add lock shortcut Signed-off-by: ahuston-0 --- users/alice/home/hypr/hyprland.conf | 3 +++ 1 file changed, 3 insertions(+) diff --git a/users/alice/home/hypr/hyprland.conf b/users/alice/home/hypr/hyprland.conf index d1381a6..f430319 100644 --- a/users/alice/home/hypr/hyprland.conf +++ b/users/alice/home/hypr/hyprland.conf @@ -201,3 +201,6 @@ bind = $mainMod, escape, exec, hyprctl reload # open bwm bind = $mainMod, P, exec, bwm + +# lock screen +bind = $mainMod, L, exec, loginctl lock-session From e13ad85d0a69d0e581bb5331dd836250cc62d463 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Sun, 20 Oct 2024 18:38:40 -0400 Subject: [PATCH 54/66] fix ordering on postResumeCommands ZFS moved import from postDeviceCommands to postResumeCommands and now my key import doesnt work :( Signed-off-by: ahuston-0 --- systems/palatine-hill/hardware-changes.nix | 19 ------- systems/palatine-hill/zfs.nix | 66 ++++++++++++++++++++++ 2 files changed, 66 insertions(+), 19 deletions(-) diff --git a/systems/palatine-hill/hardware-changes.nix b/systems/palatine-hill/hardware-changes.nix index 81bc87c..4fc5d51 100644 --- a/systems/palatine-hill/hardware-changes.nix +++ b/systems/palatine-hill/hardware-changes.nix @@ -16,25 +16,6 @@ }; }; - postResumeCommands = '' - # let root mount and everything, then manually unlock stuff - load_zfs_nix() { - local device="/dev/disk/by-uuid/8bfaa32b-09dd-45c8-831e-05e80be82f9e" - local mountPoint="/" - local options="x-initrd.mount,noatime,nodiratime" - local fsType="ext4" - - echo "manually mounting key location, then unmounting" - udevadm settle - - mountFS "$device" "$(escapeFstab "$mountPoint")" "$(escapeFstab "$options")" "$fsType" - - zfs load-key -L "file://$targetRoot/crypto/keys/zfs-nix-store-key" "ZFS-primary/nix" - umount "$targetRoot/" - } - - load_zfs_nix - ''; }; }; diff --git a/systems/palatine-hill/zfs.nix b/systems/palatine-hill/zfs.nix index fc2fc58..8b1bb53 100644 --- a/systems/palatine-hill/zfs.nix +++ b/systems/palatine-hill/zfs.nix @@ -80,4 +80,70 @@ }; }; }; + + # hack to make sure pool is imported before keys are loaded, + # and also keys are imported before things get mounted + # note to self: move zfs encryption over to luks lol + boot.initrd.postResumeCommands = '' + ZFS_FORCE="-f" + + for o in $(cat /proc/cmdline); do + case $o in + zfs_force|zfs_force=1|zfs_force=y) + ZFS_FORCE="-f" + ;; + esac + done + poolReady() { + pool="$1" + state="$("zpool" import -d "/dev/disk/by-id/" 2>/dev/null | "awk" "/pool: $pool/ { found = 1 }; /state:/ { if (found == 1) { print \$2; exit } }; END { if (found == 0) { print \"MISSING\" } }")" + if [[ "$state" = "ONLINE" ]]; then + return 0 + else + echo "Pool $pool in state $state, waiting" + return 1 + fi + } + poolImported() { + pool="$1" + "zpool" list "$pool" >/dev/null 2>/dev/null + } + poolImport() { + pool="$1" + "zpool" import -d "/dev/disk/by-id/" -N $ZFS_FORCE "$pool" + } + + echo -n "importing root ZFS pool \"ZFS-primary\"..." + # Loop across the import until it succeeds, because the devices needed may not be discovered yet. + if ! poolImported "ZFS-primary"; then + for trial in `seq 1 60`; do + poolReady "ZFS-primary" > /dev/null && msg="$(poolImport "ZFS-primary" 2>&1)" && break + sleep 1 + echo -n . + done + echo + if [[ -n "$msg" ]]; then + echo "$msg"; + fi + poolImported "ZFS-primary" || poolImport "ZFS-primary" # Try one last time, e.g. to import a degraded pool. + fi + + # let root mount and everything, then manually unlock stuff + load_zfs_nix() { + local device="/dev/disk/by-uuid/8bfaa32b-09dd-45c8-831e-05e80be82f9e" + local mountPoint="/" + local options="x-initrd.mount,noatime,nodiratime" + local fsType="ext4" + + echo "manually mounting key location, then unmounting" + udevadm settle + + mountFS "$device" "$(escapeFstab "$mountPoint")" "$(escapeFstab "$options")" "$fsType" + + zfs load-key -L "file://$targetRoot/crypto/keys/zfs-nix-store-key" "ZFS-primary/nix" + umount "$targetRoot/" + } + + load_zfs_nix + ''; } From e2bc5a3235dde2410d49cf87e22cbee337ac8104 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Sun, 20 Oct 2024 19:06:35 -0400 Subject: [PATCH 55/66] update flake, fix breaking changes --- flake.lock | 124 +++++++----------------- flake.nix | 18 ++-- systems/palatine-hill/attic/default.nix | 5 +- systems/palatine-hill/default.nix | 4 +- systems/palatine-hill/gitea.nix | 8 +- users/alice/home.nix | 2 +- 6 files changed, 56 insertions(+), 105 deletions(-) diff --git a/flake.lock b/flake.lock index 5d161e7..beda323 100644 --- a/flake.lock +++ b/flake.lock @@ -1,56 +1,5 @@ { "nodes": { - "attic": { - "inputs": { - "crane": "crane", - "flake-compat": [ - "flake-compat" - ], - "flake-parts": [ - "flake-parts" - ], - "nixpkgs": [ - "nixpkgs" - ], - "nixpkgs-stable": [ - "nixpkgs-stable" - ] - }, - "locked": { - "lastModified": 1728577371, - "narHash": "sha256-f3bKclEV5t1eP1OH7kTGv/tLzlToSRIe0ktkdl1jihw=", - "owner": "zhaofengli", - "repo": "attic", - "rev": "e5c8d2d50981a34602358d917e7be011b2c397a8", - "type": "github" - }, - "original": { - "owner": "zhaofengli", - "repo": "attic", - "type": "github" - } - }, - "crane": { - "inputs": { - "nixpkgs": [ - "attic", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1722960479, - "narHash": "sha256-NhCkJJQhD5GUib8zN9JrmYGMwt4lCRp6ZVNzIiYCl0Y=", - "owner": "ipetkov", - "repo": "crane", - "rev": "4c6c77920b8d44cd6660c1621dea6b3fc4b4c4f4", - "type": "github" - }, - "original": { - "owner": "ipetkov", - "repo": "crane", - "type": "github" - } - }, "firefox-addons": { "inputs": { "flake-utils": [ @@ -62,11 +11,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1728965006, - "narHash": "sha256-TXBxJMGC6P+cn5La/lIgVzb9ETutsOI3A3urHihB7FA=", + "lastModified": 1729460064, + "narHash": "sha256-xhxuD0NKyQf+WrQL2qWvrZFHmZ22g/+1TUT+kOukL0k=", "owner": "rycee", "repo": "nur-expressions", - "rev": "f4947cf2d1a469b23fee54ad948c539f6aa431a7", + "rev": "7aeeff126b300e2977fe04b3606669b28a5b4dfd", "type": "gitlab" }, "original": { @@ -156,11 +105,11 @@ ] }, "locked": { - "lastModified": 1728903686, - "narHash": "sha256-ZHFrGNWDDriZ4m8CA/5kDa250SG1LiiLPApv1p/JF0o=", + "lastModified": 1729459288, + "narHash": "sha256-gBOVJv+q6Mx8jGvwX7cE6J8+sZmi1uxpRVsO7WxvVuQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "e1aec543f5caf643ca0d94b6a633101942fd065f", + "rev": "1e27f213d77fc842603628bcf2df6681d7d08f7e", "type": "github" }, "original": { @@ -176,11 +125,11 @@ ] }, "locked": { - "lastModified": 1725551787, - "narHash": "sha256-6LgsZHz8w3g4c9bRUwRAR+WIMwFGGf3P1VZQcKNRf2o=", + "lastModified": 1729224425, + "narHash": "sha256-w9dNUedNe2qnhHuhcRf7A1l29+/6DxdMfwN6g4U3c/w=", "owner": "hyprwm", "repo": "contrib", - "rev": "1e531dc49ad36c88b45bf836081a7a2c8927e072", + "rev": "d72bc8b1cd30d448bd438e8328f8eeb4c0f2ddb6", "type": "github" }, "original": { @@ -196,11 +145,11 @@ ] }, "locked": { - "lastModified": 1728790083, - "narHash": "sha256-grMdAd4KSU6uPqsfLzA1B/3pb9GtGI9o8qb0qFzEU/Y=", + "lastModified": 1729394935, + "narHash": "sha256-2ntUG+NJKdfhlrh/tF+jOU0fOesO7lm5ZZVSYitsvH8=", "owner": "Mic92", "repo": "nix-index-database", - "rev": "5c54c33aa04df5dd4b0984b7eb861d1981009b22", + "rev": "04f8a11f247ba00263b060fbcdc95484fd046104", "type": "github" }, "original": { @@ -232,11 +181,11 @@ ] }, "locked": { - "lastModified": 1728867876, - "narHash": "sha256-NCyOA8WZNoojmXH+kBDrQj3LwvakYNzSc0h+LTXkmPE=", + "lastModified": 1729127034, + "narHash": "sha256-42AMGl+dh4I2wGgICSeDI1mqYaDEJhwqquHJ1vA0QiQ=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "fdf142111597f6c6283cf5ffe092b6293a3911d0", + "rev": "dd28a0806e7124fe392c33c9ccaa12f21970401f", "type": "github" }, "original": { @@ -247,11 +196,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1728729581, - "narHash": "sha256-oazkQ/z7r43YkDLLQdMg8oIB3CwWNb+2ZrYOxtLEWTQ=", + "lastModified": 1729455275, + "narHash": "sha256-THqzn/7um3oMHUEGXyq+1CJQE7EogwR3HjLMNOlhFBE=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "a8dd1b21995964b115b1e3ec639dd6ce24ab9806", + "rev": "9fcf30fccf8435f6390efec4a4d38e69c2268a36", "type": "github" }, "original": { @@ -271,11 +220,11 @@ "search": "search" }, "locked": { - "lastModified": 1728919967, - "narHash": "sha256-zQl8z8iagvrekF4tFK1au7mGH8x0zoGppo6geLPioQk=", + "lastModified": 1729353767, + "narHash": "sha256-mrHq16rogwfLP3ivrx4O5NKNc0gBuBNyMcAfYWMcvEc=", "owner": "SuperSandro2000", "repo": "nixos-modules", - "rev": "1aba521c9cd2cd97490846ac83fd73ae84625c8a", + "rev": "0ea540261e88e3afc126e7df544ef0d2acd28ca4", "type": "github" }, "original": { @@ -286,11 +235,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1728492678, - "narHash": "sha256-9UTxR8eukdg+XZeHgxW5hQA9fIKHsKCdOIUycTryeVw=", + "lastModified": 1729256560, + "narHash": "sha256-/uilDXvCIEs3C9l73JTACm4quuHUsIHcns1c+cHUJwA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5633bcff0c6162b9e4b5f1264264611e950c8ec7", + "rev": "4c2fcb090b1f3e5b47eaa7bd33913b574a11e0a0", "type": "github" }, "original": { @@ -314,11 +263,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1728740863, - "narHash": "sha256-u+rxA79a0lyhG+u+oPBRtTDtzz8kvkc9a6SWSt9ekVc=", + "lastModified": 1729181673, + "narHash": "sha256-LDiPhQ3l+fBjRATNtnuDZsBS7hqoBtPkKBkhpoBHv3I=", "owner": "nixos", "repo": "nixpkgs", - "rev": "a3f9ad65a0bf298ed5847629a57808b97e6e8077", + "rev": "4eb33fe664af7b41a4c446f87d20c9a0a6321fa3", "type": "github" }, "original": { @@ -342,11 +291,11 @@ ] }, "locked": { - "lastModified": 1728778939, - "narHash": "sha256-WybK5E3hpGxtCYtBwpRj1E9JoiVxe+8kX83snTNaFHE=", + "lastModified": 1729104314, + "narHash": "sha256-pZRZsq5oCdJt3upZIU4aslS9XwFJ+/nVtALHIciX/BI=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "ff68f91754be6f3427e4986d7949e6273659be1d", + "rev": "3c3e88f0f544d6bb54329832616af7eb971b6be6", "type": "github" }, "original": { @@ -357,7 +306,6 @@ }, "root": { "inputs": { - "attic": "attic", "firefox-addons": "firefox-addons", "flake-compat": "flake-compat", "flake-parts": "flake-parts", @@ -384,11 +332,11 @@ ] }, "locked": { - "lastModified": 1728959392, - "narHash": "sha256-fp4he1QQjE+vasDMspZYeXrwTm9otwEqLwEN6FKZ5v0=", + "lastModified": 1729391507, + "narHash": "sha256-as0I9xieJUHf7kiK2a9znDsVZQTFWhM1pLivII43Gi0=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "4c6e317300f05b8871f585b826b6f583e7dc4a9b", + "rev": "784981a9feeba406de38c1c9a3decf966d853cca", "type": "github" }, "original": { @@ -432,11 +380,11 @@ ] }, "locked": { - "lastModified": 1728345710, - "narHash": "sha256-lpunY1+bf90ts+sA2/FgxVNIegPDKCpEoWwOPu4ITTQ=", + "lastModified": 1729394972, + "narHash": "sha256-fADlzOzcSaGsrO+THUZ8SgckMMc7bMQftztKFCLVcFI=", "owner": "Mic92", "repo": "sops-nix", - "rev": "06535d0e3d0201e6a8080dd32dbfde339b94f01b", + "rev": "c504fd7ac946d7a1b17944d73b261ca0a0b226a5", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 87b7786..a5b79f6 100644 --- a/flake.nix +++ b/flake.nix @@ -26,15 +26,15 @@ nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.05"; systems.url = "github:nix-systems/default"; - attic = { - url = "github:zhaofengli/attic"; - inputs = { - nixpkgs.follows = "nixpkgs"; - nixpkgs-stable.follows = "nixpkgs-stable"; - flake-compat.follows = "flake-compat"; - flake-parts.follows = "flake-parts"; - }; - }; + # attic = { + # url = "github:zhaofengli/attic"; + # inputs = { + # nixpkgs.follows = "nixpkgs"; + # nixpkgs-stable.follows = "nixpkgs-stable"; + # flake-compat.follows = "flake-compat"; + # flake-parts.follows = "flake-parts"; + # }; + # }; firefox-addons = { url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons"; diff --git a/systems/palatine-hill/attic/default.nix b/systems/palatine-hill/attic/default.nix index fc4e293..ecce229 100644 --- a/systems/palatine-hill/attic/default.nix +++ b/systems/palatine-hill/attic/default.nix @@ -8,7 +8,6 @@ { environment.systemPackages = with pkgs; [ attic-client - attic ]; services = { @@ -30,7 +29,7 @@ atticd = { enable = true; - credentialsFile = config.sops.secrets."attic/secret-key".path; + environmentFile = config.sops.secrets."attic/secret-key".path; settings = { listen = "[::]:8183"; @@ -96,7 +95,7 @@ serviceConfig = { User = "root"; Restart = "always"; - ExecStart = "${pkgs.attic}/bin/attic watch-store cache-nix-dot"; + ExecStart = "${pkgs.attic-client}/bin/attic watch-store cache-nix-dot"; }; }; attic-sync-hydra = { diff --git a/systems/palatine-hill/default.nix b/systems/palatine-hill/default.nix index 2523b31..d469ee0 100644 --- a/systems/palatine-hill/default.nix +++ b/systems/palatine-hill/default.nix @@ -1,5 +1,7 @@ { inputs, ... }: { users = [ "alice" ]; - modules = [ inputs.attic.nixosModules.atticd ]; + modules = [ + # inputs.attic.nixosModules.atticd + ]; } diff --git a/systems/palatine-hill/gitea.nix b/systems/palatine-hill/gitea.nix index ae0050e..16be428 100644 --- a/systems/palatine-hill/gitea.nix +++ b/systems/palatine-hill/gitea.nix @@ -16,9 +16,11 @@ in passwordFile = config.sops.secrets."gitea/dbpass".path; host = "127.0.0.1:5432"; }; - domain = "git.alicehuston.xyz"; - rootUrl = "https://git.alicehuston.xyz/"; - httpPort = 443; + settings.server = { + domain = "git.alicehuston.xyz"; + rootUrl = "https://git.alicehuston.xyz/"; + httpPort = 443; + }; stateDir = base_path; lfs.enable = true; recommendedDefaults = true; diff --git a/users/alice/home.nix b/users/alice/home.nix index 11a53d8..b8b1afb 100644 --- a/users/alice/home.nix +++ b/users/alice/home.nix @@ -105,7 +105,7 @@ eza = { enable = true; - icons = true; + icons = "auto"; git = true; }; From 084a8694425498b71690917817dabfc3d0b77d22 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Sun, 20 Oct 2024 19:54:09 -0400 Subject: [PATCH 56/66] migrate back to nixos-unstable-small Signed-off-by: ahuston-0 --- flake.lock | 8 ++++---- flake.nix | 2 +- systems/artemision/programs.nix | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index beda323..208645b 100644 --- a/flake.lock +++ b/flake.lock @@ -235,16 +235,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1729256560, - "narHash": "sha256-/uilDXvCIEs3C9l73JTACm4quuHUsIHcns1c+cHUJwA=", + "lastModified": 1729450260, + "narHash": "sha256-3GNZr0V4b19RZ5mlyiY/4F8N2pzitvjDU6aHMWjAqLI=", "owner": "nixos", "repo": "nixpkgs", - "rev": "4c2fcb090b1f3e5b47eaa7bd33913b574a11e0a0", + "rev": "e3f55158e7587c5a5fdb0e86eb7ca4f455f0928f", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-unstable", + "ref": "nixos-unstable-small", "repo": "nixpkgs", "type": "github" } diff --git a/flake.nix b/flake.nix index a5b79f6..495188a 100644 --- a/flake.nix +++ b/flake.nix @@ -22,7 +22,7 @@ flake-compat.url = "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"; flake-parts.url = "github:hercules-ci/flake-parts"; nixos-hardware.url = "github:NixOS/nixos-hardware"; - nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable-small"; nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.05"; systems.url = "github:nix-systems/default"; diff --git a/systems/artemision/programs.nix b/systems/artemision/programs.nix index e50b014..3c08cb7 100644 --- a/systems/artemision/programs.nix +++ b/systems/artemision/programs.nix @@ -33,7 +33,7 @@ hwloc ipmiview iperf3 - ipscan + # ipscan jp2a jq kdenlive From 8266fa23a1ef56960d7f16c936ea551271afb506 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Sun, 20 Oct 2024 20:36:35 -0400 Subject: [PATCH 57/66] remove sops and obsidian from servers Signed-off-by: ahuston-0 --- users/alice/home.nix | 3 +-- users/alice/non-server.nix | 1 + 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/users/alice/home.nix b/users/alice/home.nix index b8b1afb..6502869 100644 --- a/users/alice/home.nix +++ b/users/alice/home.nix @@ -56,7 +56,6 @@ smartmontools wget glances - obsidian onefetch # Rust packages @@ -160,7 +159,7 @@ }; }; - sops = { + sops = lib.mkIf (!machineConfig.server) { age.sshKeyPaths = [ "/home/alice/.ssh/id_ed25519_sops" ]; defaultSopsFile = ./secrets.yaml; secrets."alice/wakatime-api-key".path = "/home/alice/.config/doom/wakatime"; diff --git a/users/alice/non-server.nix b/users/alice/non-server.nix index cab5e8f..5137c0b 100644 --- a/users/alice/non-server.nix +++ b/users/alice/non-server.nix @@ -59,6 +59,7 @@ bitwarden-menu wtype zathura + obsidian ]; } From 535081b790d69bb1131b4a3c8dec11608945e4ab Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Sun, 20 Oct 2024 20:57:19 -0400 Subject: [PATCH 58/66] rename gitea, fix db Signed-off-by: ahuston-0 --- systems/palatine-hill/gitea.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/systems/palatine-hill/gitea.nix b/systems/palatine-hill/gitea.nix index 16be428..0feaf9e 100644 --- a/systems/palatine-hill/gitea.nix +++ b/systems/palatine-hill/gitea.nix @@ -10,11 +10,13 @@ in { services.gitea = { enable = true; - appName = "Nyx's Gitea"; # Give the site a name + appName = "The Hearth"; database = { type = "postgres"; passwordFile = config.sops.secrets."gitea/dbpass".path; - host = "127.0.0.1:5432"; + host = "127.0.0.1"; + name = "giteadb"; + port = "5433"; }; settings.server = { domain = "git.alicehuston.xyz"; From ad5ac179d765cd73be5aca994980f1261f7d59e4 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Sun, 20 Oct 2024 20:59:38 -0400 Subject: [PATCH 59/66] add home-manager nix gc Signed-off-by: ahuston-0 --- users/alice/home.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/users/alice/home.nix b/users/alice/home.nix index 6502869..56bc27e 100644 --- a/users/alice/home.nix +++ b/users/alice/home.nix @@ -165,5 +165,11 @@ secrets."alice/wakatime-api-key".path = "/home/alice/.config/doom/wakatime"; }; + nix.gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 30d"; + }; + home.stateVersion = "23.11"; } From 5f52f21539a5cd620b5fd3efbf2763e2849ce158 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Sun, 20 Oct 2024 23:19:44 -0400 Subject: [PATCH 60/66] disable gitea createDatabase, fix nix gc Signed-off-by: ahuston-0 --- systems/palatine-hill/gitea.nix | 3 ++- users/alice/home.nix | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/systems/palatine-hill/gitea.nix b/systems/palatine-hill/gitea.nix index 0feaf9e..7ddd815 100644 --- a/systems/palatine-hill/gitea.nix +++ b/systems/palatine-hill/gitea.nix @@ -14,9 +14,10 @@ in database = { type = "postgres"; passwordFile = config.sops.secrets."gitea/dbpass".path; + createDatabase = false; host = "127.0.0.1"; name = "giteadb"; - port = "5433"; + port = 5433; }; settings.server = { domain = "git.alicehuston.xyz"; diff --git a/users/alice/home.nix b/users/alice/home.nix index 56bc27e..e63c2a0 100644 --- a/users/alice/home.nix +++ b/users/alice/home.nix @@ -167,7 +167,7 @@ nix.gc = { automatic = true; - dates = "weekly"; + frequency = "weekly"; options = "--delete-older-than 30d"; }; From 2440f3afe12e4ef243da71fee426a2cc3eb30991 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Sun, 20 Oct 2024 23:48:46 -0400 Subject: [PATCH 61/66] fix password special chars Signed-off-by: ahuston-0 --- systems/palatine-hill/secrets.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/systems/palatine-hill/secrets.yaml b/systems/palatine-hill/secrets.yaml index 50bf7f5..8dbc233 100644 --- a/systems/palatine-hill/secrets.yaml +++ b/systems/palatine-hill/secrets.yaml @@ -9,7 +9,7 @@ attic: postgres: init: ENC[AES256_GCM,data:Pq24kdMXLAbePqIHPiJx3xXYEm2UbY598iNDf+z2k1HDhStHAd10CCyJYEgppCw2lkDNY54A3PQ=,iv:RE9DQ9Xw4tDFBD67dk3ggyqYqoGVhZf5kO53WoF3fJ4=,tag:dZwZfgI2H9JTClkyUI1MqQ==,type:str] gitea: - dbpass: ENC[AES256_GCM,data:UXc/5vBoe07DUbWrw6o=,iv:sDNK+g+9YLoN54UVVCe0ZSZQ1BrUCLVCSDfp5/A65A0=,tag:La0PXWzplDiT5eoXDheP7w==,type:str] + dbpass: ENC[AES256_GCM,data:BXcVMcG01PV2ri0mPXBmAw==,iv:e8y0bPf/yC24FXfw6U5bDz5k/FLVyMd2lWNKMMuntZ0=,tag:7gP32RszzISJfktxnOFF+g==,type:str] upsmon: password: ENC[AES256_GCM,data:0tZKzQOYaij9jdnDTv61ma8i,iv:GEqlCOOUHTjUzfz+X5lCnqcX9SjAG6bVc8Luv97wnSg=,tag:XLvsucW6sIMHKG2AHmxZEw==,type:str] minio: @@ -31,8 +31,8 @@ sops: d241ZnZ2MWg3YVNBbkh2S0NqeE5PdFEKWqnQH4kZszkKZTSgur0c5hGMoMx9zBdz tSvUbe2+WKX7q6y7XqsD1KjFI+POVDF+YN7H9ja96+JqvKRteXNhCg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-10-20T05:31:08Z" - mac: ENC[AES256_GCM,data:YA4sgsQkb5wdz5dYpFZ7tA7ioOijurTbmfHdWXPC6bvvfyZymR+SwlLtAxoD/oN0/AUYgPJWzOuisARuxLB+zmZf6fHs/mOAlzNVZreigACJkKqRwtOfY0K8IlaWZgANB7Y524UNmDzsalnmNAsdp0pWkeuvKTUw5FwJHoUHOxU=,iv:r+DTXMqTHf+SQbgI6WodYLt0E7CTmz4CtgotE+lNdSg=,tag:Zh3/4IYIkCb1mq4foj4PqQ==,type:str] + lastmodified: "2024-10-21T03:48:29Z" + mac: ENC[AES256_GCM,data:4Pt9+NLI9fawOFo8eljafNF8UgIlkSWAuZKGi9GHlVTSqBnpVuVBb5WYhNxLJ/02a2kJ4M1v/YdFIOuLiUVjLopF0phpWZU96eCrblO+9qzss+LvwCTVoTWTzA3Mqh5nKOo2PC8pPi/LeNjdpbIkPZB56O3o8oq0IAQ92h+jCJo=,iv:SU1v+xDK2WW6ugf2Z9QkuwtghavBuKceOr0gQ38tF+0=,tag:U6l+qQZpEZF6TApBbBaqYg==,type:str] pgp: - created_at: "2024-09-05T06:10:49Z" enc: |- From 81df9aed70f1ef0ee84ce5ef1f27ef662b9837ce Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Mon, 21 Oct 2024 00:08:16 -0400 Subject: [PATCH 62/66] firewall issues on gitea Signed-off-by: ahuston-0 --- systems/palatine-hill/gitea.nix | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/systems/palatine-hill/gitea.nix b/systems/palatine-hill/gitea.nix index 7ddd815..3354980 100644 --- a/systems/palatine-hill/gitea.nix +++ b/systems/palatine-hill/gitea.nix @@ -20,15 +20,17 @@ in port = 5433; }; settings.server = { - domain = "git.alicehuston.xyz"; - rootUrl = "https://git.alicehuston.xyz/"; - httpPort = 443; + DOMAIN = "git.alicehuston.xyz"; + ROOT_URL = "https://git.alicehuston.xyz/"; + HTTP_PORT = 6443; }; stateDir = base_path; lfs.enable = true; recommendedDefaults = true; }; + networking.firewall.allowedTCPPorts = [ 6443 ]; + sops.secrets = { "gitea/dbpass".owner = "gitea"; }; From f34b409f309d316ff17586f4730985b447250599 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Mon, 21 Oct 2024 00:27:46 -0400 Subject: [PATCH 63/66] disable registration on gitea Signed-off-by: ahuston-0 --- systems/palatine-hill/gitea.nix | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/systems/palatine-hill/gitea.nix b/systems/palatine-hill/gitea.nix index 3354980..3fe2c92 100644 --- a/systems/palatine-hill/gitea.nix +++ b/systems/palatine-hill/gitea.nix @@ -19,10 +19,15 @@ in name = "giteadb"; port = 5433; }; - settings.server = { - DOMAIN = "git.alicehuston.xyz"; - ROOT_URL = "https://git.alicehuston.xyz/"; - HTTP_PORT = 6443; + settings = { + server = { + DOMAIN = "git.alicehuston.xyz"; + ROOT_URL = "https://git.alicehuston.xyz/"; + HTTP_PORT = 6443; + }; + service = { + DISABLE_REGISTRATION = true; + }; }; stateDir = base_path; lfs.enable = true; From 73dee69fa6ce18ac59ec78d8f6a57eec7e75ecd5 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Tue, 22 Oct 2024 17:37:30 -0400 Subject: [PATCH 64/66] add firewall for docker --- systems/palatine-hill/firewall.nix | 10 ++++++++++ users/alice/home.nix | 1 + 2 files changed, 11 insertions(+) create mode 100644 systems/palatine-hill/firewall.nix diff --git a/systems/palatine-hill/firewall.nix b/systems/palatine-hill/firewall.nix new file mode 100644 index 0000000..63bbb2f --- /dev/null +++ b/systems/palatine-hill/firewall.nix @@ -0,0 +1,10 @@ +{ ... }: + +{ + networking.firewall.allowedTCPPorts = [ + 8081 + 8082 + 8443 + ]; + +} diff --git a/users/alice/home.nix b/users/alice/home.nix index e63c2a0..b624fef 100644 --- a/users/alice/home.nix +++ b/users/alice/home.nix @@ -135,6 +135,7 @@ "system" "nix" "shell" + "poetry" ]; }; }; From d7a1969ad2b5a473c5da0123d56f4e7fb6094cab Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Tue, 22 Oct 2024 17:43:51 -0400 Subject: [PATCH 65/66] add firewall oops --- systems/palatine-hill/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/systems/palatine-hill/configuration.nix b/systems/palatine-hill/configuration.nix index 3767cdb..565ad75 100644 --- a/systems/palatine-hill/configuration.nix +++ b/systems/palatine-hill/configuration.nix @@ -9,6 +9,7 @@ ./attic ./docker.nix ./gitea.nix + ./firewall.nix ./haproxy ./hardware-changes.nix ./hydra.nix From 7b940c1150f4468db7c3026f5716336645ac92e2 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Tue, 22 Oct 2024 17:48:51 -0400 Subject: [PATCH 66/66] remove attic watch for now --- systems/palatine-hill/attic/default.nix | 102 ++++++++++++------------ 1 file changed, 51 insertions(+), 51 deletions(-) diff --git a/systems/palatine-hill/attic/default.nix b/systems/palatine-hill/attic/default.nix index ecce229..1d52dc2 100644 --- a/systems/palatine-hill/attic/default.nix +++ b/systems/palatine-hill/attic/default.nix @@ -77,58 +77,58 @@ # borrowing from https://github.com/Shawn8901/nix-configuration/blob/4b8d1d44f47aec60feb58ca7b7ab5ed000506e90/modules/nixos/private/hydra.nix # configured default webstore for this on root user separately - systemd = { - services = { - attic-watch-store = { - wantedBy = [ "multi-user.target" ]; - after = [ - "network-online.target" - "docker.service" - "atticd.service" - ]; - requires = [ - "network-online.target" - "docker.service" - "atticd.service" - ]; - description = "Upload all store content to binary cache"; - serviceConfig = { - User = "root"; - Restart = "always"; - ExecStart = "${pkgs.attic-client}/bin/attic watch-store cache-nix-dot"; - }; - }; - attic-sync-hydra = { - after = [ - "network-online.target" - "docker.service" - "atticd.service" - ]; - requires = [ - "network-online.target" - "docker.service" - "atticd.service" - ]; - description = "Force resync of hydra derivations with attic"; - serviceConfig = { - Type = "oneshot"; - User = "root"; - ExecStart = "${config.nix.package}/bin/nix ${./sync-attic.bash}"; - }; - }; - }; + # systemd = { + # services = { + # attic-watch-store = { + # wantedBy = [ "multi-user.target" ]; + # after = [ + # "network-online.target" + # "docker.service" + # "atticd.service" + # ]; + # requires = [ + # "network-online.target" + # "docker.service" + # "atticd.service" + # ]; + # description = "Upload all store content to binary cache"; + # serviceConfig = { + # User = "root"; + # Restart = "always"; + # ExecStart = "${pkgs.attic-client}/bin/attic watch-store cache-nix-dot"; + # }; + # }; + # attic-sync-hydra = { + # after = [ + # "network-online.target" + # "docker.service" + # "atticd.service" + # ]; + # requires = [ + # "network-online.target" + # "docker.service" + # "atticd.service" + # ]; + # description = "Force resync of hydra derivations with attic"; + # serviceConfig = { + # Type = "oneshot"; + # User = "root"; + # ExecStart = "${config.nix.package}/bin/nix ${./sync-attic.bash}"; + # }; + # }; + # }; - timers = { - attic-sync-hydra = { - wantedBy = [ "timers.target" ]; - timerConfig = { - OnBootSec = 600; - OnUnitActiveSec = 86400; - Unit = "attic-sync-hydra.service"; - }; - }; - }; - }; + # timers = { + # attic-sync-hydra = { + # wantedBy = [ "timers.target" ]; + # timerConfig = { + # OnBootSec = 600; + # OnUnitActiveSec = 86400; + # Unit = "attic-sync-hydra.service"; + # }; + # }; + # }; + # }; sops = { secrets = {