ahuston-0/nix-dotfiles
1
0
Fork 0
Code Issues Pull Requests 3 Actions 1 Packages Projects Releases Wiki Activity

Compare commits

base: ahuston-0:feature/pii
Branches Tags
ahuston-0:main ahuston-0:feature/pii ahuston-0:update-flake-lock ahuston-0:feature/add-parthenon ahuston-0:feature/add-jessica ahuston-0:feature/ftb-app ahuston-0:feature/hetzner-bridge ahuston-0:feature/setting-up-greylog ahuston-0:feature/build-cache ahuston-0:hotfix/zfs-import ahuston-0:feature/add-unpackerr ahuston-0:feature/pscsd-yubikey ahuston-0:feature/overseerr ahuston-0:feature/onboarding-kubernetes
..
compare: ahuston-0:2f76e8b8a5bd8c2fa91d6e979af17340fd5438a6
Branches Tags
ahuston-0:feature/pii ahuston-0:main ahuston-0:update-flake-lock ahuston-0:feature/add-parthenon ahuston-0:feature/add-jessica ahuston-0:feature/ftb-app ahuston-0:feature/hetzner-bridge ahuston-0:feature/setting-up-greylog ahuston-0:feature/build-cache ahuston-0:hotfix/zfs-import ahuston-0:feature/add-unpackerr ahuston-0:feature/pscsd-yubikey ahuston-0:feature/overseerr ahuston-0:feature/onboarding-kubernetes

1 Commits
feature/pi ... 2f76e8b8a5

Author SHA1 Message Date
ahuston-0
2f76e8b8a5 update flake lock, swap off of adb and nixfmt-rfc-style
Some checks failed
Check Nix flake / Perform Nix flake checks (pull_request) Failing after 14m39s
Details
2026-01-16 12:30:30 -05:00
9 changed files with 141 additions and 191 deletions
Expand all files Collapse all files

12
hydra/jobs.nix
View File

@@ -8,7 +8,10 @@ let
pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux;
getCfg = _: cfg: cfg.config.system.build.toplevel; getCfg = _: cfg: cfg.config.system.build.toplevel;
hostToAgg = _: cfg: cfg;
getHome = _: cfg: cfg.config.home.activationPackage; getHome = _: cfg: cfg.config.home.activationPackage;
homeToAgg = _: cfg: cfg;
# get per-system check derivation (with optional postfix) # get per-system check derivation (with optional postfix)
mapSystems = mapSystems =
@@ -24,6 +27,15 @@ rec {
host = lib.mapAttrs getCfg outputs.nixosConfigurations; host = lib.mapAttrs getCfg outputs.nixosConfigurations;
home = lib.mapAttrs getHome outputs.homeConfigurations; # homeConfigurations.alice.config.home.activationPackage home = lib.mapAttrs getHome outputs.homeConfigurations; # homeConfigurations.alice.config.home.activationPackage
hosts = pkgs.releaseTools.aggregate {
name = "hosts";
constituents = lib.mapAttrsToList hostToAgg host;
};
homes = pkgs.releaseTools.aggregate {
name = "homes";
constituents = lib.mapAttrsToList homeToAgg home;
};
devChecks = pkgs.releaseTools.aggregate { devChecks = pkgs.releaseTools.aggregate {
name = "devChecks"; name = "devChecks";
constituents = lib.flatten [ constituents = lib.flatten [

2
systems/artemision/configuration.nix
View File

@@ -82,6 +82,8 @@
system.stateVersion = "24.05"; system.stateVersion = "24.05";
programs.adb.enable = true;
environment.variables = { environment.variables = {
"KWIN_DRM_NO_DIRECT_SCANOUT" = "1"; "KWIN_DRM_NO_DIRECT_SCANOUT" = "1";
}; };

3
systems/artemision/programs.nix
View File

@@ -37,9 +37,6 @@
ipmiview ipmiview
iperf3 iperf3
# ipscan # ipscan
javaPackages.compiler.temurin-bin.jdk-25
javaPackages.compiler.temurin-bin.jdk-21
javaPackages.compiler.temurin-bin.jdk-17
jp2a jp2a
jq jq
kdePackages.kdenlive kdePackages.kdenlive

105
systems/palatine-hill/docker/minecraft.nix
View File

@@ -11,38 +11,30 @@ let
arcanum-institute = "arcanum.alicehuston.xyz"; arcanum-institute = "arcanum.alicehuston.xyz";
meits = "meits.alicehuston.xyz"; meits = "meits.alicehuston.xyz";
# bcg-plus = "bcg.alicehuston.xyz"; # bcg-plus = "bcg.alicehuston.xyz";
pii = "pii.alicehuston.xyz";
}; };
defaultServer = "rlcraft"; defaultServer = "rlcraft";
defaultEnv = { # defaultEnv = {
EULA = "true"; # EULA = "true";
TYPE = "AUTO_CURSEFORGE"; # TYPE = "AUTO_CURSEFORGE";
STOP_SERVER_ANNOUNCE_DELAY = "120"; # STOP_SERVER_ANNOUNCE_DELAY = "120";
STOP_DURATION = "600"; # STOP_DURATION = "600";
SYNC_CHUNK_WRITES = "false"; # SYNC_CHUNK_WRITES = "false";
USE_AIKAR_FLAGS = "true"; # USE_AIKAR_FLAGS = "true";
MEMORY = "12G"; # MEMORY = "8GB";
ALLOW_FLIGHT = "true"; # ALLOW_FLIGHT = "true";
MAX_TICK_TIME = "-1"; # MAX_TICK_TIME = "-1";
ENABLE_RCON = "true"; # };
TZ = "America/New_York";
REGION_FILE_COMPRESSION = "none";
OPS = ''
magpiecat
chesiregirl1105
'';
};
defaultOptions = [ # defaultOptions = [
"--stop-signal=SIGTERM" # "--stop-signal=SIGTERM"
"--stop-timeout=1800" # "--stop-timeout=1800"
"--network=minecraft-net" # "--network=minecraft-net"
]; # ];
vars = import ../vars.nix; # vars = import ../vars.nix;
minecraft_path = "${vars.primary_games}/minecraft"; # minecraft_path = "${vars.primary_games}/minecraft";
in in
{ {
virtualisation.oci-containers.containers = { virtualisation.oci-containers.containers = {
@@ -60,49 +52,23 @@ in
) )
]; ];
}; };
#rlcraft = { # rlcraft = {
# image = "itzg/minecraft-server:java8"; # image = "itzg/minecraft-server:java8";
# volumes = [ # volumes = [
# "${minecraft_path}/rlcraft/modpacks:/modpacks:ro" # "${minecraft_path}/rlcraft/modpacks:/modpacks:ro"
# "${minecraft_path}/rlcraft/data:/data" # "${minecraft_path}/rlcraft/data:/data"
# ]; # ];
# hostname = "rlcraft"; # hostname = "rlcraft";
# environment = defaultEnv // { # environment = defaultEnv // {
# VERSION = "1.12.2"; # VERSION = "1.12.2";
# CF_SLUG = "rlcraft"; # CF_SLUG = "rlcraft";
# DIFFICULTY = "hard"; # DIFFICULTY = "hard";
# ENABLE_COMMAND_BLOCK = "true"; # ENABLE_COMMAND_BLOCK = "true";
# }; # };
# extraOptions = defaultOptions; # extraOptions = defaultOptions;
# log-driver = "local"; # log-driver = "local";
# environmentFiles = [ config.sops.secrets."docker/minecraft".path ]; # environmentFiles = [ config.sops.secrets."docker/minecraft".path ];
#}; # };
prominence-ii = {
image = "itzg/minecraft-server:java25-graalvm";
volumes = [
"${minecraft_path}/prominence-ii/modpacks:/modpacks:ro"
"${minecraft_path}/prominence-ii/data:/data"
];
hostname = "pii";
environment = defaultEnv // {
VERSION = "1.20.1";
CF_SLUG = "prominence-2-hasturian-era";
CF_FILENAME_MATCHER = "3.9.14hf";
USE_AIKAR_FLAGS = "false";
USE_MEOWICE_FLAGS = "true";
USE_MEOWICE_GRAALVM_FLAGS = "true";
DIFFICULTY = "hard";
ENABLE_COMMAND_BLOCK = "true";
CF_FORCE_INCLUDE_FILES = ''
emi
'';
};
extraOptions = defaultOptions;
log-driver = "local";
environmentFiles = [ config.sops.secrets."docker/minecraft".path ];
};
#stop_signal: SIGTERM
#stop_grace_period: 5m
# bcg-plus = { # bcg-plus = {
# image = "itzg/minecraft-server:java17"; # image = "itzg/minecraft-server:java17";
# volumes = [ # volumes = [
@@ -124,6 +90,7 @@ in
}; };
sops = { sops = {
defaultSopsFile = ../secrets.yaml;
secrets = { secrets = {
"docker/minecraft".owner = "docker-service"; "docker/minecraft".owner = "docker-service";
}; };

185
systems/palatine-hill/docker/torr.nix
View File

@@ -1,143 +1,130 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
let let
qbitBase = { delugeBase = {
image = "ghcr.io/linuxserver/qbittorrent:latest";
pull = "always"; pull = "always";
environment = { environment = {
PUID = "600"; PUID = "600";
PGID = "100"; PGID = "100";
TZ = "America/New_York"; TZ = "America/New_York";
UMASK = "000";
DEBUG = "true";
DELUGE_DAEMON_LOG_LEVEL = "debug";
DELUGE_WEB_LOG_LEVEL = "debug";
}; };
}; };
vars = import ../vars.nix; vars = import ../vars.nix;
#docker_path = vars.primary_docker; #docker_path = vars.primary_docker;
torr_path = vars.primary_torr; torr_path = vars.primary_torr;
qbit_path = "${torr_path}/qbit"; deluge_path = "${torr_path}/deluge";
qbitvpn_path = "${torr_path}/qbitvpn"; delugevpn_path = "${torr_path}/delugevpn";
qbitperm_path = "${torr_path}/qbitperm";
#genSopsConfWg = file: {
# "${file}" = {
# format = "binary";
# sopsFile = ./wg/${file};
# path = "${delugevpn_path}/config/wireguard/configs/${file}";
# owner = "docker-service";
# group = "users";
# restartUnits = [ "docker-delugeVPN.service" ];
# };
#};
genSopsConfOvpn = file: {
"${file}" = {
format = "binary";
sopsFile = ./openvpn/${file};
path = "${delugevpn_path}/config/openvpn/configs/${file}";
owner = "docker-service";
group = "users";
restartUnits = [ "docker-delugeVPN.service" ];
};
};
in in
{ {
virtualisation.oci-containers.containers = { virtualisation.oci-containers.containers = {
qbit = qbitBase // { deluge = delugeBase // {
# webui port is 8082, torr port is 29432 image = "binhex/arch-deluge";
environment = qbitBase.environment // {
WEBUI_PORT = "8082";
TORRENTING_PORT = "29432";
};
volumes = [ volumes = [
"${qbit_path}/config:/config" # move from docker/qbit to qbit_path "${deluge_path}/config:/config"
"${torr_path}/data/:/data" "${deluge_path}/data/:/data"
"/etc/localtime:/etc/localtime:ro" "/etc/localtime:/etc/localtime:ro"
]; ];
networks = [ "host" ];
ports = [ ports = [
"8082:8082" "8084:8112"
"29432:29432" "29433:29433"
"29432:29432/udp"
];
extraOptions = [
"--dns=9.9.9.9"
]; ];
}; };
delugeVPN = delugeBase // {
# temp instance image = "binhex/arch-delugevpn:latest";
qbitVPN = qbitBase // {
# webui port is 8081, torr port is 39274
networks = [
"container:gluetun-qbit"
];
environment = qbitBase.environment // {
WEBUI_PORT = "8081";
};
dependsOn = [ "gluetun-qbit" ];
volumes = [
"${qbitvpn_path}/config:/config"
"${torr_path}/data:/data"
"/etc/localtime:/etc/localtime:ro"
];
};
gluetun-qbit = {
image = "qmcgaw/gluetun:v3";
capabilities = { capabilities = {
NET_ADMIN = true; NET_ADMIN = true;
}; };
devices = [ autoRemoveOnStop = false;
"/dev/net/tun:/dev/net/tun" environment = delugeBase.environment // {
]; VPN_ENABLED = "yes";
ports = [ VPN_CLIENT = "openvpn";
"8081:8081" VPN_PROV = "protonvpn";
"8083:8083" ENABLE_PRIVOXY = "yes";
]; LAN_NETWORK = "192.168.0.0/16";
environment = { ENABLE_STARTUP_SCRIPTS = "yes";
TZ = "America/New_York"; #NAME_SERVERS = "194.242.2.9";
# SOPS prep #NAME_SERVERS = "9.9.9.9";
# note, delete /config/perms.txt to force a bulk permissions update
}; };
environmentFiles = [ environmentFiles = [ config.sops.secrets."docker/delugevpn".path ];
config.sops.secrets."docker/gluetun".path
config.sops.secrets."docker/gluetun-qbitvpn".path
];
};
# permanent instance
qbitPerm = qbitBase // {
# webui port is 8083, torr port is 29434
networks = [
"container:gluetun-qbit"
];
environment = qbitBase.environment // {
WEBUI_PORT = "8083";
};
dependsOn = [ "gluetun-qbit" ];
volumes = [ volumes = [
"${qbitperm_path}/config:/config" "${delugevpn_path}/config:/config"
"${torr_path}/data:/data" "${deluge_path}/data:/data" # use common torrent path yuck
"/etc/localtime:/etc/localtime:ro" "/etc/localtime:/etc/localtime:ro"
]; ];
};
gluetun-qbitperm = {
image = "qmcgaw/gluetun:v3";
capabilities = {
NET_ADMIN = true;
};
devices = [
"/dev/net/tun:/dev/net/tun"
];
ports = [ ports = [
"8083:8083" "8085:8112"
]; "8119:8118"
environment = { "39275:39275"
TZ = "America/New_York"; "39275:39275/udp"
# SOPS prep "48346:48346"
}; "48346:48346/udp"
environmentFiles = [
config.sops.secrets."docker/gluetun".path
config.sops.secrets."docker/gluetun-qbitperm".path
]; ];
}; };
}; };
sops.secrets = { systemd.services.docker-delugeVPN = {
"docker/gluetun" = { serviceConfig = {
owner = "docker-service"; ExecStartPre = [
restartUnits = [ (
"docker-gluetun-qbit.service" "${pkgs.bash}/bin/bash -c \"${pkgs.findutils}/bin/find ${delugevpn_path}/config/openvpn/configs "
"docker-gluetun-qbitperm.service" + "-type l -not -name network.ovpn "
+ "| ${pkgs.coreutils}/bin/shuf -n 1 "
+ "| ${pkgs.findutils}/bin/xargs -I {} cp -L {} ${delugevpn_path}/config/openvpn/network.ovpn &&"
+ "${pkgs.coreutils}/bin/chown docker-service:users ${delugevpn_path}/config/openvpn/network.ovpn &&"
+ "${pkgs.coreutils}/bin/chmod 440 ${delugevpn_path}/config/openvpn/network.ovpn\""
)
(
"${pkgs.bash}/bin/bash -c \"${pkgs.findutils}/bin/find ${delugevpn_path}/config/scripts/links "
+ "-type l "
+ "| ${pkgs.findutils}/bin/xargs -I {} cp -L {} ${delugevpn_path}/config/scripts/ \""
)
]; ];
ExecStopPost = [ "${pkgs.coreutils}/bin/rm ${delugevpn_path}/config/scripts/*sh" ];
}; };
"docker/gluetun-qbitvpn" = { };
sops.secrets = (genSopsConfOvpn "se.protonvpn.udp.ovpn") // {
"docker/delugevpn" = {
owner = "docker-service"; owner = "docker-service";
restartUnits = [ group = "users";
"docker-gluetun-qbit.service" restartUnits = [ "docker-delugeVPN.service" ];
];
}; };
"docker/gluetun-qbitperm" = { "docker/protonvpn-start-script" = {
path = "${delugevpn_path}/config/scripts/links/protonvpn-start-script.sh";
owner = "docker-service"; owner = "docker-service";
restartUnits = [ group = "users";
"docker-gluetun-qbitperm.service" restartUnits = [ "docker-delugeVPN.service" ];
];
}; };
}; };
} }

8
systems/palatine-hill/firewall.nix
View File

@@ -45,14 +45,6 @@
8686 8686
8787 8787
5055 5055
# torr
29432
];
allowedUDPPorts = [
# torr
29432
]; ];
}; };

9
systems/palatine-hill/secrets.yaml
View File

@@ -17,7 +17,7 @@ minio:
credentials: ENC[AES256_GCM,data:5Z/cTmxSuMq8BfRgYLGZZJ7o6AtmrQM3yNjR17YHr29S7ZWvGsjfM7DsLKectem01nvv3HoT4uyWSdhkOmZahzDb5OF1NEgjJhLqkKlCETMu0mmpwe1cx6iOd7kjB3E6Az/MWpXqZ/TrryL9FrQD2nnx9bHyWWIHRQv8,iv:jiYZXfU+OssC0rh/3yFZLEzD1+5mVDDl6gQ3oyk76E4=,tag:bevDszFv1zSa+/2qQIgC0w==,type:str] credentials: ENC[AES256_GCM,data:5Z/cTmxSuMq8BfRgYLGZZJ7o6AtmrQM3yNjR17YHr29S7ZWvGsjfM7DsLKectem01nvv3HoT4uyWSdhkOmZahzDb5OF1NEgjJhLqkKlCETMu0mmpwe1cx6iOd7kjB3E6Az/MWpXqZ/TrryL9FrQD2nnx9bHyWWIHRQv8,iv:jiYZXfU+OssC0rh/3yFZLEzD1+5mVDDl6gQ3oyk76E4=,tag:bevDszFv1zSa+/2qQIgC0w==,type:str]
loki: ENC[AES256_GCM,data:ShC6hfsKifVaxLWRo1fqaOpsrYh4+w==,iv:KVSlPd0mBvPZikg/Agnl6q0UhxTmsNOeYdercYOhqMg=,tag:cj6ex9m7vDjInTJDGUlqFQ==,type:str] loki: ENC[AES256_GCM,data:ShC6hfsKifVaxLWRo1fqaOpsrYh4+w==,iv:KVSlPd0mBvPZikg/Agnl6q0UhxTmsNOeYdercYOhqMg=,tag:cj6ex9m7vDjInTJDGUlqFQ==,type:str]
docker: docker:
minecraft: ENC[AES256_GCM,data:krSM870t/IATwpUWNuKX8D5HHEvk+HeimKgodXssIYcBmdF1SZAwjUsSlx9fL3JiRtxfu0jSbhyD/2jLHMWqcix1WQGOVgs=,iv:ZTMxmzeSLQRCBF2t6r3dCDlcZ5BsBwZen6jOZN/HvGU=,tag:SES3lhRrRI8zBH1jnaV82w==,type:str] minecraft: ENC[AES256_GCM,data:2k/m0ksnE92fACxQuBlOO72b19T7Nbnr58ezRddmKUVvePEgrdSnIsR3sh7PnmzwmG/ez0WTD+NKbtkQmRMDQ25vruA8gCf8Ig==,iv:X2SUidKTNAPZfbyiXFKprUbAhBxJcbF5bz+YTy4nuEA=,tag:AAvLXO888r9XvtnNfQgCpA==,type:str]
foundry: ENC[AES256_GCM,data:5Z0FvVhJBzTwDPRN6c//caZokiTnkdqiLGFFuyen+tYsdjbQ3AXH5y7HfxKbxsJvU5uShOuIg0jVMvow2NYmzyYDDKBKPOz0bgXOmFq06wzCJubjyZmR/mDcWBBDzAFzaazpyW8=,iv:6wLS00zhX0tjJUe5uADAjzEshJP8QOkF2i4Aw+Y9RSk=,tag:sNr/exY1u3evYGcImyCUlA==,type:str] foundry: ENC[AES256_GCM,data:5Z0FvVhJBzTwDPRN6c//caZokiTnkdqiLGFFuyen+tYsdjbQ3AXH5y7HfxKbxsJvU5uShOuIg0jVMvow2NYmzyYDDKBKPOz0bgXOmFq06wzCJubjyZmR/mDcWBBDzAFzaazpyW8=,iv:6wLS00zhX0tjJUe5uADAjzEshJP8QOkF2i4Aw+Y9RSk=,tag:sNr/exY1u3evYGcImyCUlA==,type:str]
nextcloud: ENC[AES256_GCM,data:dm2Cha+CvFORgdcBvJAzzdOGcJ95vLJYTZcUJnjNp6HOQIIoJrDone1NOAYJh9rdWG/17/ntOmd+TysAj4AsD0dw/PatZmy3I+dcVghkt2XNTc7jD64QjctIHzR+om1joAbKemG1R3St7qDU68TWYxoxIfYZcJvg3ds/lJcYgFRh079UZ/IRlGVR6sWPEXyY+UUrwtk0Fr+y8UtwwWZiLp0akUbIV06huRGiAp/PeWETuPPuacl2++ayIgJFZkJjUl/a52RI1Q0nLG5iyK6QYpY1JSRJTOkiQQ4PB5GRdLCdoM5/ZXTQ6gGcoM5jXFllsTn+yRicNRucuBp7Z2achbk6eITCdjjdXVI7zM4YXpzVLu5fJckLAu07aEIGYCBT7ZXd7TRgfB68POwtwaJGBozg+nuhq8xEH04yi8jFODH6aFplIgJ+bbaP72zw+92lzZa33FEtOwKdtx+YUv0eLLDJs+8Z6Sn6RyN8prwIz1/9LuIMx39g4R7id9W2bV2MXqTU4nN8f0TXWqe+hnb5pDLBaZOBMkwbRka6Vptsi4dbL5Lnexa2DoIHZ2unyxZ+4SkRt9LH39j8fXf2w5JPFCSLstf7+Zu7xzRS0TTCug7k,iv:oOWcFdQJb/+KZKJmQChhJ5jOCcM3o+ojZSMyiRnO9n8=,tag:PWGQkwPe0juLgAdlKiWKpg==,type:str] nextcloud: ENC[AES256_GCM,data:dm2Cha+CvFORgdcBvJAzzdOGcJ95vLJYTZcUJnjNp6HOQIIoJrDone1NOAYJh9rdWG/17/ntOmd+TysAj4AsD0dw/PatZmy3I+dcVghkt2XNTc7jD64QjctIHzR+om1joAbKemG1R3St7qDU68TWYxoxIfYZcJvg3ds/lJcYgFRh079UZ/IRlGVR6sWPEXyY+UUrwtk0Fr+y8UtwwWZiLp0akUbIV06huRGiAp/PeWETuPPuacl2++ayIgJFZkJjUl/a52RI1Q0nLG5iyK6QYpY1JSRJTOkiQQ4PB5GRdLCdoM5/ZXTQ6gGcoM5jXFllsTn+yRicNRucuBp7Z2achbk6eITCdjjdXVI7zM4YXpzVLu5fJckLAu07aEIGYCBT7ZXd7TRgfB68POwtwaJGBozg+nuhq8xEH04yi8jFODH6aFplIgJ+bbaP72zw+92lzZa33FEtOwKdtx+YUv0eLLDJs+8Z6Sn6RyN8prwIz1/9LuIMx39g4R7id9W2bV2MXqTU4nN8f0TXWqe+hnb5pDLBaZOBMkwbRka6Vptsi4dbL5Lnexa2DoIHZ2unyxZ+4SkRt9LH39j8fXf2w5JPFCSLstf7+Zu7xzRS0TTCug7k,iv:oOWcFdQJb/+KZKJmQChhJ5jOCcM3o+ojZSMyiRnO9n8=,tag:PWGQkwPe0juLgAdlKiWKpg==,type:str]
redis: ENC[AES256_GCM,data:c+55cN6IpUNeKd+wC2zv3eunYjBsmZtXTczokqaxB2Q=,iv:M3pwNUlT9kUMv4JDE6bp/gub9CdBGxdApIvpOt3JpgE=,tag:3rPlV3U0AP9zAeF7xDouKw==,type:str] redis: ENC[AES256_GCM,data:c+55cN6IpUNeKd+wC2zv3eunYjBsmZtXTczokqaxB2Q=,iv:M3pwNUlT9kUMv4JDE6bp/gub9CdBGxdApIvpOt3JpgE=,tag:3rPlV3U0AP9zAeF7xDouKw==,type:str]
@@ -32,9 +32,6 @@ docker:
sonarr: ENC[AES256_GCM,data:X/hM31ZyHybvy2eQzVnmq8CH1AqBgz1pxq7tKC4lZB3ryAbnEIJksffem8+35tWt/0r5cEH4aaIKD1kS7Q+Ma+8JrRLcWkt6CZq/wspz,iv:44FfdVpQCposXshzNe5DXAxExeQzjVKhkZaVbgKo8KU=,tag:WIWWUt1XBngUTwwqhCrcNw==,type:str] sonarr: ENC[AES256_GCM,data:X/hM31ZyHybvy2eQzVnmq8CH1AqBgz1pxq7tKC4lZB3ryAbnEIJksffem8+35tWt/0r5cEH4aaIKD1kS7Q+Ma+8JrRLcWkt6CZq/wspz,iv:44FfdVpQCposXshzNe5DXAxExeQzjVKhkZaVbgKo8KU=,tag:WIWWUt1XBngUTwwqhCrcNw==,type:str]
lidarr: ENC[AES256_GCM,data:xERBECneutNUMZRrHukp8CaNrpI7SXUB16zUkauNP2+wto3eIc/K+2nMCkbwSC9AKlSjnUGSiORmAWn/jofTAuEzQljkCR1XCSkJRMmL,iv:iKf4fZtCfdjT/KuMFK5VFoLAV+Lll8uJowe9Q4cHyYw=,tag:xzmATTkrYRYm9Mw23zEO5g==,type:str] lidarr: ENC[AES256_GCM,data:xERBECneutNUMZRrHukp8CaNrpI7SXUB16zUkauNP2+wto3eIc/K+2nMCkbwSC9AKlSjnUGSiORmAWn/jofTAuEzQljkCR1XCSkJRMmL,iv:iKf4fZtCfdjT/KuMFK5VFoLAV+Lll8uJowe9Q4cHyYw=,tag:xzmATTkrYRYm9Mw23zEO5g==,type:str]
jellyseerr: ENC[AES256_GCM,data:7dDfHFp8+WbJqrf7Ms/gmfroBePwegXh5CXn5FcOz8IEK7rTvr9KZfz9x/1BwdD8,iv:ZPi3OcMfH76A08piKY4P7hFbeMyouwBoeN5oL3ExzKU=,tag:oOZ37dy/y+DFqNRfAHexvQ==,type:str] jellyseerr: ENC[AES256_GCM,data:7dDfHFp8+WbJqrf7Ms/gmfroBePwegXh5CXn5FcOz8IEK7rTvr9KZfz9x/1BwdD8,iv:ZPi3OcMfH76A08piKY4P7hFbeMyouwBoeN5oL3ExzKU=,tag:oOZ37dy/y+DFqNRfAHexvQ==,type:str]
gluetun: ENC[AES256_GCM,data:ryhYVOYEZl5zDs+xMgbWI6q/Ei2AiNZJMxT/TcaHzTEocINgbczWk9GKeeZKno71vFXiF9/tPpYavLqvjWNL77doWDB+wiYrtBJ97PkQ70dqWntua9E8eCalYlIZpRbLsl5OA9ZHorIMPjjSB2CRYLCqq30PPi5I2TtRvs/g6LRUN4sZ/E2TTUjz7AEY7228ZEuHt1UkU+dY/jEbx6fwrm/ocP8xKvYUuAR1/Cx/z4N0mqmVl+FX/5dRSkmhpfAxO9ss898XKiJW4rewQIbG5ccYal+reZZr70TaEJQqg5KIfAnbp6dEjAsSXnRiEF801JXM0h+d14ECT4tQmdyvYBdCVnJ/Ibqw9D15cViHmeDbR68spqOCj67FSMKxgCVx4KFrxPOualsULX7RL/UbHq2cwyziSFkH4n2ljFlKohyj39F7EparJbiCOumNfhRWknDDwvXY+BjJhbAe19ccKP6QWrS68uBp0cTXqb0rVN/qlfz6Sj5EYj5M/u0rl6d5xctnKmOzfLjI2m5+E9WfDJaAUcP/Ihs+p2eD7aSQTIj+O7I66ju+UAz66D9ZoU1U3uVQ9gaPI5dOMmYdLKS3b19EVytwW2W13d0WXKIw5Vfb7MvFh9I0iPWq+ntL4jQzMYSwV5Y=,iv:Cy3h5I3vbqKORdqw91SHL4tRMeGHMLsXgQ0USJ2jtzk=,tag:0J/p1sUQfXR4ujjY7VzZuQ==,type:str]
gluetun-qbitvpn: ENC[AES256_GCM,data:3IdmuLvWs5YRQZuG9y1GRTMKMbR7OynUUVluezviDOV22EkABvo3Ic/+xZrWi/lzAhQRwRsCGjinlUJf7lBvPLg53HaIplbzSIyd3IPLbKzEVAK32WYB/M5cGNQW+XV8TiKK72HO8+WG588A0bsuvp/wQ86ohpRHVrnlboANLS3diCNXI3VdFIHPGpvM77TqB3/vo2AFLKjxi2es4l6KRam8cEUFAz0eH03tTUYaxy+ewA5IZCQSbMURLFKKdh0EATTG5jIz3jFp372fnk8UBgFPeH8+N9VHNM6rnV6zAsC2Vlj2E1YQRTRqOwSK0NRAAV5NBbr7zumS3VS0rVUpIbZVrW/C2BSAVbzowkHuo5o1B7UFsryb3s2FJJGF2biaDoL+ijM5a0Qi4LfNeaSLNKrzaTin0wYq8rPrQKOUBZL4t6FsRbG7KHmfwM4uYdWqV5h1syjI9WWReuePVb416YvqSH9p8HhNsDTka8IGgYkHcYAXYuuxUc6sgQONBwrsdeN5Dhq1IedhuOW+3qAV+hHl8qmVgiWZ8Ss+nmo016nsikifEp08N7J8t3f86/SFZO+YMBxQ/K9PJLsJzR2jsBcf2aTlq0cuzXDvb4cMtro=,iv:N9zdyKJDsj049j5hZOSnAkS/VTWlC3crTODJKIpYYko=,tag:uYHq3CZj0P/BAv+0Ak5ZEw==,type:str]
gluetun-qbitperm: ENC[AES256_GCM,data:kzSrILs78UkzNeAvxoDU3QsLKdapQNyQW9nq0it+7HhhwDQ0MJB1s2Ek8zKErTatpwzG8xiUK0HwX5hFLgNZYc+OE0CH4PUrgX1t6dykuPLD2rKQL7veElNgqhX0/39xNyopyJk2UMVFNSqoV1DCC/ja9MqX9+jBYk++7DeX7v1Gl1ntjzJ+zIscg0nOTN1eQAHtiOWtFU0COC/aA8KS+HLIsMkjrIk9UD4C/DE8AOS07s+gDxPRtl6L7324FRqjEHNyxAobWOOLeG711RZcskF7dlminVJu4aVGbBwIy/zDdHFxRwO6yaLr/AqrTlRVOa2O8Qu2Ydpv8ZNj2F6fHrVNNmVwvMEKYibV6oMVo72uT+DTz/mFaYuTUeuJfkdCy7tnQYhBnpbd5J4mKfVb8uOF9Tx02kL2fTFKyvtET3nrtakQUjv8mEqHn4F8136O2JvUBN5RmC3B3vRdFjYgdfwy8hUT9b0Cmi8w0Zzs+XGMRdvWv2g6b5fmlAn0K+a0KB1fdDLhvbIXhY+sYzR3yOH01K0lW3xVdnl1eMIFjZkUGRTi32HyCYb0SUA1EcXmtA4XmyZ6HHFEXFA5y2guVqU4xLyXXldM+lGB7yGLMcM=,iv:kuueHxYafrEdyBxGUBoU2ks7kdr/rWMnXZmE3Kx/iK4=,tag:bNIfP3H5/Kh3ofuCGGx5Hg==,type:str]
acme: acme:
bunny: ENC[AES256_GCM,data:P2yROVUga9mORcq8VR/l0i4/2Vod1zvlYq+ZJLLNKow0SpblkwQX/i1ucQYAOkTTRddN+3C+t0zj1rMWkdLoaLjEUJJi3VsSxi+chV2FFiVKFQGEcg24,iv:aQvGgGLsgRGoEmwTgZHR8Jm/MYxmGtVTT/fZKaTLeMs=,tag:m3ssF4O8qs4yxvMu6yUcjw==,type:str] bunny: ENC[AES256_GCM,data:P2yROVUga9mORcq8VR/l0i4/2Vod1zvlYq+ZJLLNKow0SpblkwQX/i1ucQYAOkTTRddN+3C+t0zj1rMWkdLoaLjEUJJi3VsSxi+chV2FFiVKFQGEcg24,iv:aQvGgGLsgRGoEmwTgZHR8Jm/MYxmGtVTT/fZKaTLeMs=,tag:m3ssF4O8qs4yxvMu6yUcjw==,type:str]
dnsimple: ENC[AES256_GCM,data:37FKyBibFtXZgI4EduJQ0z8F+shBc5Q6YlLa3YkVPh9XuJVS20eybi75bfJxiozcZ9d+YRaqcbkBQCSdFOCotDU=,iv:oq3JjqbfAm2C4jcL1lvUb2EOmnwlR07vPoO8H0BmydQ=,tag:E3NO/jMElL6Q817666gIyg==,type:str] dnsimple: ENC[AES256_GCM,data:37FKyBibFtXZgI4EduJQ0z8F+shBc5Q6YlLa3YkVPh9XuJVS20eybi75bfJxiozcZ9d+YRaqcbkBQCSdFOCotDU=,iv:oq3JjqbfAm2C4jcL1lvUb2EOmnwlR07vPoO8H0BmydQ=,tag:E3NO/jMElL6Q817666gIyg==,type:str]
@@ -53,8 +50,8 @@ sops:
cXNZWmZqd0R0SmhINExscHBKWmxvblUKEFEQvt/zQFARba4S8vHz/1SoKdKg69At cXNZWmZqd0R0SmhINExscHBKWmxvblUKEFEQvt/zQFARba4S8vHz/1SoKdKg69At
LZ58XQGOmlGbBhPr7EzYQ2XSY4flWbnnD174cmCR8DNFm15DsNA5fw== LZ58XQGOmlGbBhPr7EzYQ2XSY4flWbnnD174cmCR8DNFm15DsNA5fw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2026-01-17T01:50:50Z" lastmodified: "2025-12-25T17:45:31Z"
mac: ENC[AES256_GCM,data:8TGSqwEcfmrW1PjuzTVNyDTNs6s3oWbT0tI+rg7u2w5Dcw1EEU+SjJ6VpNY06AZHTjSD6E0O7NzUxybtMpslHUGitOGWwQCk+sbqRJuUseFe7bWFboEVoJpEoYGN5pnn52opMT+NeHGkXumaxjhDjCxfwn1RBHR7TgD4ZHEH6pE=,iv:szBUnn3HL/osWhmTwYmHrUghobWdBR60Lc6uUD/eGMY=,tag:6vgdJeJjL4ZYKc8WjixClg==,type:str] mac: ENC[AES256_GCM,data:lVRqQWnO1RvmoW13/xCpP2SvibccRWwmr1Gyj6EgrE+V+Iu1bfnZRkTkHiFIQqQLQgCy2qBiSHeZF/dNERe83eEwpXgRQAduarpE/qL8K1mxcwf5HMMYACjlNfsL/I1/TCJrJ7DZBxI4neRLetc5OpScVXqHj1neOodD/g8n+ls=,iv:+gZpo0I2NVYz24o42mUW/OkfONqNSjgaJeKeFdKx7dg=,tag:EJnpiotQuBKth21mdhvjZQ==,type:str]
pgp: pgp:
- created_at: "2024-11-28T18:56:39Z" - created_at: "2024-11-28T18:56:39Z"
enc: |- enc: |-

3
users/alice/default.nix
View File

@@ -17,7 +17,4 @@ import ../default.nix {
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILWG3cIBju6vzX6s8JlmGNJOiWY7pQ19bHvcqDADtWzv snowi@DESKTOP-EVIR8IH" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILWG3cIBju6vzX6s8JlmGNJOiWY7pQ19bHvcqDADtWzv snowi@DESKTOP-EVIR8IH"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEMfC0IXl9sGx+9FjuYZT2OUfffGjciJIHWqZdEU1d3n alice@parthenon-7588" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEMfC0IXl9sGx+9FjuYZT2OUfffGjciJIHWqZdEU1d3n alice@parthenon-7588"
]; ];
groups = [
"adbusers"
];
} }

5
users/default.nix
View File

@@ -4,7 +4,6 @@
pkgs, pkgs,
name, name,
publicKeys ? [ ], publicKeys ? [ ],
groups ? [ ],
defaultShell ? "zsh", defaultShell ? "zsh",
}: }:
@@ -19,6 +18,7 @@
"wheel" "wheel"
"media" "media"
(lib.mkIf config.networking.networkmanager.enable "networkmanager") (lib.mkIf config.networking.networkmanager.enable "networkmanager")
(lib.mkIf config.programs.adb.enable "adbusers")
(lib.mkIf config.programs.wireshark.enable "wireshark") (lib.mkIf config.programs.wireshark.enable "wireshark")
(lib.mkIf config.virtualisation.docker.enable "docker") (lib.mkIf config.virtualisation.docker.enable "docker")
(lib.mkIf (with config.services.locate; (enable && package == pkgs.plocate)) "plocate") (lib.mkIf (with config.services.locate; (enable && package == pkgs.plocate)) "plocate")
@@ -28,6 +28,5 @@
"plugdev" "plugdev"
"uaccess" "uaccess"
"ydotool" "ydotool"
] ];
++ groups;
} }