ahuston-0/nix-dotfiles
1
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity

Compare commits

base: ahuston-0:main
Branches Tags
ahuston-0:main
ahuston-0:feature/selinunte
ahuston-0:feature/ftb-app
ahuston-0:feature/hetzner-bridge
ahuston-0:feature/setting-up-greylog
ahuston-0:feature/build-cache
ahuston-0:hotfix/zfs-import
ahuston-0:feature/add-unpackerr
ahuston-0:feature/pscsd-yubikey
ahuston-0:feature/overseerr
ahuston-0:feature/onboarding-kubernetes
..
compare: ahuston-0:hotfix/zfs-import
Branches Tags
ahuston-0:main
ahuston-0:feature/selinunte
ahuston-0:feature/ftb-app
ahuston-0:feature/hetzner-bridge
ahuston-0:feature/setting-up-greylog
ahuston-0:feature/build-cache
ahuston-0:hotfix/zfs-import
ahuston-0:feature/add-unpackerr
ahuston-0:feature/pscsd-yubikey
ahuston-0:feature/overseerr
ahuston-0:feature/onboarding-kubernetes

1 Commits
main ... hotfix/zfs

Author SHA1 Message Date
ahuston-0
3e094a0a4f
fix ordering on postResumeCommands 
ZFS moved import from postDeviceCommands to postResumeCommands and now
my key import doesnt work :(

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>
 2024-10-20 18:38:40 -04:00
106 changed files with 829 additions and 4265 deletions
Show Stats Expand all files Collapse all files

9
.gitconfig
View File

@ -1,11 +1,6 @@
# run `grep -Pv "^#" .gitconfig >> .git/config` to append the merge config to your repo file :) # run `grep -Pv "^#" .gitconfig >> .git/config` to append the merge config to your repo file :)
# run `git mergetool --tool=sops-mergetool <path to secret>/secrets.yaml` to use this once configured # run `git mergetool --tool=sops-mergetool <path to secret>/secrets.yaml` to use this once configured
# if for whatever reason the below doesn't work, try modifying the mergetool command as below
# find: $(git rev-parse --show-toplevel)/utils/sops-mergetool.sh
# replace: ./utils/sops-mergetool.sh
[mergetool "sops-mergetool"] [mergetool "sops-mergetool"]
cmd = bash -c "$(git rev-parse --show-toplevel)/utils/sops-mergetool.sh \"\$BASE\" \"\$LOCAL\" \"\$REMOTE\" \"\$MERGED\"" cmd = bash -c "$(git --exec-path)/sops-mergetool.sh \"$BASE\" \"$LOCAL\" \"$REMOTE\" \"$MERGED\""
[merge] [merge]
tool = nvimdiff tool = nvimdiff3
[mergetool "nvimdiff"]
layout = MERGED

35
.github/settings.yml vendored
View File

@ -4,44 +4,60 @@ repository:
# The name of the repository. Changing this will rename the repository # The name of the repository. Changing this will rename the repository
name: nix-dotfiles name: nix-dotfiles
# A short description of the repository that will show up on GitHub # A short description of the repository that will show up on GitHub
description: RAD-Dev Infra description: RAD-Dev Infra
# A URL with more information about the repository # A URL with more information about the repository
# homepage: "https://nix-community.org" # homepage: "https://nix-community.org"
# A comma-separated list of topics to set on the repository # A comma-separated list of topics to set on the repository
topics: "nixos" topics: "nixos"
# Either `true` to make the repository private, or `false` to make it public. # Either `true` to make the repository private, or `false` to make it public.
private: false private: false
# Either `true` to enable issues for this repository, `false` to disable them. # Either `true` to enable issues for this repository, `false` to disable them.
has_issues: true has_issues: true
# Either `true` to enable projects for this repository, or `false` to disable them. # Either `true` to enable projects for this repository, or `false` to disable them.
# If projects are disabled for the organization, passing `true` will cause an API error. # If projects are disabled for the organization, passing `true` will cause an API error.
has_projects: true has_projects: true
# Either `true` to enable the wiki for this repository, `false` to disable it. # Either `true` to enable the wiki for this repository, `false` to disable it.
has_wiki: false has_wiki: false
# Either `true` to enable downloads for this repository, `false` to disable them. # Either `true` to enable downloads for this repository, `false` to disable them.
has_downloads: false has_downloads: false
# Updates the default branch for this repository. # Updates the default branch for this repository.
default_branch: main default_branch: main
# Either `true` to allow squash-merging pull requests, or `false` to prevent # Either `true` to allow squash-merging pull requests, or `false` to prevent
# squash-merging. # squash-merging.
allow_squash_merge: true allow_squash_merge: true
# Either `true` to allow merging pull requests with a merge commit, or `false` # Either `true` to allow merging pull requests with a merge commit, or `false`
# to prevent merging pull requests with merge commits. # to prevent merging pull requests with merge commits.
allow_merge_commit: false allow_merge_commit: false
# Either `true` to allow rebase-merging pull requests, or `false` to prevent # Either `true` to allow rebase-merging pull requests, or `false` to prevent
# rebase-merging. # rebase-merging.
allow_rebase_merge: true allow_rebase_merge: true
# Either `true` to enable automatic deletion of branches on merge, or `false` to disable # Either `true` to enable automatic deletion of branches on merge, or `false` to disable
delete_branch_on_merge: true delete_branch_on_merge: true
# Either `true` to enable automated security fixes, or `false` to disable # Either `true` to enable automated security fixes, or `false` to disable
# automated security fixes. # automated security fixes.
enable_automated_security_fixes: true enable_automated_security_fixes: true
# Either `true` to enable vulnerability alerts, or `false` to disable # Either `true` to enable vulnerability alerts, or `false` to disable
# vulnerability alerts. # vulnerability alerts.
enable_vulnerability_alerts: true enable_vulnerability_alerts: true
allow_auto_merge: true allow_auto_merge: true
# Labels: define labels for Issues and Pull Requests # Labels: define labels for Issues and Pull Requests
# #
labels: labels:
@ -88,16 +104,29 @@ labels:
- name: automated - name: automated
color: '#42b528' color: '#42b528'
description: PR was automatically generated (through a bot or CI/CD) description: PR was automatically generated (through a bot or CI/CD)
# Milestones: define milestones for Issues and Pull Requests # Milestones: define milestones for Issues and Pull Requests
milestones: milestones:
- title: Go-Live - title: Go-Live
description: >- description: >-
All requirements for official go-live: - Automated testing via Hydra/Actions - Automated deployments via Hydra/Actions - 90+% testing coverage - Functional formatter with custom rules - palatine-hill is fully stable, enough so that jeeves can be migrated All requirements for official go-live:
- Automated testing via Hydra/Actions
- Automated deployments via Hydra/Actions
- 90+% testing coverage
- Functional formatter with custom rules
- palatine-hill is fully stable, enough so that jeeves can be migrated
# The state of the milestone. Either `open` or `closed` # The state of the milestone. Either `open` or `closed`
state: open state: open
- title: Jeeves Migration - title: Jeeves Migration
description: >- description: >-
Test common use-cases for Jeeves - Quadro GPU support - Multi-GPU support - Plex support - Docker support - ZFS support Test common use-cases for Jeeves
- Quadro GPU support
- Multi-GPU support
- Plex support
- Docker support
- ZFS support
# Collaborators: give specific users access to this repository. # Collaborators: give specific users access to this repository.
# See https://docs.github.com/en/rest/reference/repos#add-a-repository-collaborator for available options # See https://docs.github.com/en/rest/reference/repos#add-a-repository-collaborator for available options
collaborators: collaborators:
@ -121,6 +150,7 @@ teams:
# * `maintain` - Recommended for project managers who need to manage the repository without access to sensitive or destructive actions. # * `maintain` - Recommended for project managers who need to manage the repository without access to sensitive or destructive actions.
# * `triage` - Recommended for contributors who need to proactively manage issues and pull requests without write access. # * `triage` - Recommended for contributors who need to proactively manage issues and pull requests without write access.
# permission: admin # permission: admin
branches: branches:
# gh api -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" /repos/nix-community/infra/branches/master/protection # gh api -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" /repos/nix-community/infra/branches/master/protection
@ -135,6 +165,7 @@ branches:
# `Maximum pull requests to merge`: 5 # `Maximum pull requests to merge`: 5
# `Only merge non-failing pull requests`: true # `Only merge non-failing pull requests`: true
# `Consider check failed after`: 60 minutes # `Consider check failed after`: 60 minutes
- name: main - name: main
# https://docs.github.com/en/rest/reference/repos#update-branch-protection # https://docs.github.com/en/rest/reference/repos#update-branch-protection
# Branch Protection settings. Set to null to disable # Branch Protection settings. Set to null to disable

33
.github/workflows/flake-health-checks.yml vendored
View File

@ -5,37 +5,16 @@ on:
pull_request: pull_request:
branches: ["main"] branches: ["main"]
merge_group: merge_group:
jobs: jobs:
health-check: health-check:
name: "Perform Nix flake checks" name: "Perform Nix flake checks"
runs-on: ubuntu-latest runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-latest]
steps: steps:
- uses: DeterminateSystems/nix-installer-action@main - uses: DeterminateSystems/nix-installer-action@main
- name: Setup Attic cache - uses: DeterminateSystems/magic-nix-cache-action@main
uses: ryanccn/attic-action@v0
with:
endpoint: ${{ secrets.ATTIC_ENDPOINT }}
cache: ${{ secrets.ATTIC_CACHE }}
token: ${{ secrets.ATTIC_TOKEN }}
skip-push: "true"
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- run: nix flake check --accept-flake-config - run: nix flake check --accept-flake-config
- run: nix ./utils/attic-push.bash
# build-checks:
# name: "Build nix outputs"
# runs-on: ubuntu-latest
# steps:
# - uses: DeterminateSystems/nix-installer-action@main
# - name: Setup Attic cache
# uses: ryanccn/attic-action@v0
# with:
# endpoint: ${{ secrets.ATTIC_ENDPOINT }}
# cache: ${{ secrets.ATTIC_CACHE }}
# token: ${{ secrets.ATTIC_TOKEN }}
# skip-push: "true"
# - uses: actions/checkout@v4
# - name: Build all outputs
# run: nix run git+https://nayeonie.com/ahuston-0/flake-update-diff -- --build .
# - name: Push to Attic
# run: nix ./utils/attic-push.bash
# continue-on-error: true

131
.github/workflows/flake-update.yml vendored
View File

@ -5,108 +5,63 @@ on:
schedule: schedule:
- cron: "00 12 * * *" - cron: "00 12 * * *"
jobs: jobs:
update_lockfile: createPullRequest:
runs-on: ubuntu-latest runs-on: ubuntu-latest
#if: github.ref == 'refs/heads/main' # ensure workflow_dispatch only runs on main if: github.ref == 'refs/heads/main' # ensure workflow_dispatch only runs on main
steps: steps:
- name: Checkout repository - uses: actions/checkout@v4
uses: actions/checkout@v4 - name: Login to Docker Hub
- name: Install nix uses: docker/login-action@v3
uses: https://github.com/DeterminateSystems/nix-installer-action@main
- name: Setup Attic cache
uses: ryanccn/attic-action@v0
with: with:
endpoint: ${{ secrets.ATTIC_ENDPOINT }} username: ${{ secrets.DOCKERHUB_USERNAME }}
cache: ${{ secrets.ATTIC_CACHE }} password: ${{ secrets.DOCKERHUB_TOKEN }}
token: ${{ secrets.ATTIC_TOKEN }} - name: Install Nix
skip-push: "true" uses: cachix/install-nix-action@v24
- name: Get pre-snapshot of evaluations with:
extra_nix_config: |
experimental-features = nix-command flakes
install_url: https://releases.nixos.org/nix/nix-2.19.0/install
- uses: DeterminateSystems/magic-nix-cache-action@main
- name: Calculate pre-drv
run: nix ./utils/eval-to-drv.sh pre run: nix ./utils/eval-to-drv.sh pre
- name: Update flake.lock - name: Pull latest docker images
id: update run: nix ./utils/fetch-docker.sh
run: | - name: Update flake.lock (part 1)
nix flake update 2> >(tee /dev/stderr) | awk ' run: nix flake update
/^• Updated input/ {in_update = 1; print; next} - name: Calculate post-drv
in_update && !/^warning:/ {print}
/^$/ {in_update = 0}
' > update.log
echo "UPDATE_LOG<<EOF" >> $GITHUB_ENV
cat update.log >> $GITHUB_ENV
echo "EOF" >> $GITHUB_ENV
rm update.log
- name: Get post-snapshot of evaluations
run: nix ./utils/eval-to-drv.sh post run: nix ./utils/eval-to-drv.sh post
- name: Calculate diff - name: Calculate diff
run: nix ./utils/diff-evals.sh run: nix ./utils/diff-evals.sh
- name: Read file contents - name: Read diff into environment
id: read_file
uses: guibranco/github-file-reader-action-v2@latest
with:
path: "post-diff"
- name: Write PR body template
uses: https://github.com/DamianReeves/write-file-action@v1.3
with:
path: pr_body.template
contents: |
- The following Nix Flake inputs were updated:
```
${{ env.UPDATE_LOG }}
```
```
${{ steps.read_file.outputs.contents }}
```
Auto-generated by [update.yml][1] with the help of
[create-pull-request][2].
[1]: https://nayeonie.com/ahuston-0/nix-dotfiles/src/branch/main/.github/workflows/flake-update.yml
[2]: https://forgejo.stefka.eu/jiriks74/create-pull-request
- name: Generate PR body
uses: pedrolamas/handlebars-action@v2.4.0 # v2.4.0
with:
files: "pr_body.template"
output-filename: "pr_body.md"
- name: Save PR body
id: pr_body
uses: juliangruber/read-file-action@v1
with:
path: "pr_body.md"
- name: Remove temporary files
run: | run: |
rm pr_body.template delimiter="$(openssl rand -hex 8)"
rm pr_body.md {
rm pre.json echo "POSTDIFF<<${delimiter}"
rm post.json cat post-diff
rm post-diff echo "${delimiter}"
- name: Create Pull Request } >> $GITHUB_ENV
id: create-pull-request
# uses: https://forgejo.stefka.eu/jiriks74/create-pull-request@7174d368c2e4450dea17b297819eb28ae93ee645
uses: https://nayeonie.com/ahuston-0/create-pull-request@main - name: Restore flake.lock for next step
run: git restore flake.lock
- name: Update flake.lock
id: update
uses: DeterminateSystems/update-flake-lock@main
with: with:
token: ${{ secrets.GH_TOKEN_FOR_UPDATES }} token: ${{ secrets.GH_TOKEN_FOR_UPDATES }}
body: ${{ steps.pr_body.outputs.content }} pr-body: |
author: '"github-actions[bot]" <github-actions[bot]@users.noreply.github.com>' Automated changes by the [update-flake-lock](https://github.com/DeterminateSystems/update-flake-lock) GitHub Action.
title: 'automated: Update `flake.lock`'
commit-message: |
automated: Update `flake.lock`
${{ steps.pr_body.outputs.content }} ```
branch: update-flake-lock {{ env.GIT_COMMIT_MESSAGE }}
delete-branch: true ```
```
{{ env.POSTDIFF }}
```
pr-labels: | # Labels to be set on the PR pr-labels: | # Labels to be set on the PR
dependencies dependencies
automated automated
- name: Push to Attic
run: nix ./utils/attic-push.bash
continue-on-error: true
- name: Print PR number
run: |
echo "Pull request number is ${{ steps.create-pull-request.outputs.pull-request-number }}."
echo "Pull Request URL - ${{ steps.cpr.outputs.pull-request-url }}"
permissions: permissions:
pull-requests: write pull-requests: write
contents: write contents: write

1
.github/workflows/lock-health-checks.yml vendored
View File

@ -5,6 +5,7 @@ on:
pull_request: pull_request:
branches: ["main"] branches: ["main"]
merge_group: merge_group:
jobs: jobs:
health-check: health-check:
name: "Check health of `flake.lock`" name: "Check health of `flake.lock`"

12
.github/workflows/nix-fmt.yml vendored
View File

@ -5,21 +5,13 @@ on:
pull_request: pull_request:
branches: ["main"] branches: ["main"]
merge_group: merge_group:
jobs: jobs:
health-check: health-check:
name: "Perform Nix format checks" name: "Perform Nix format checks"
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: DeterminateSystems/nix-installer-action@main - uses: DeterminateSystems/nix-installer-action@main
- name: Setup Attic cache - uses: DeterminateSystems/magic-nix-cache-action@main
uses: ryanccn/attic-action@v0
with:
endpoint: ${{ secrets.ATTIC_ENDPOINT }}
cache: ${{ secrets.ATTIC_CACHE }}
token: ${{ secrets.ATTIC_TOKEN }}
skip-push: "true"
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- run: nix fmt -- --check . - run: nix fmt -- --check .
- name: Push to Attic
run: nix ./utils/attic-push.bash
continue-on-error: true

12
.sops.yaml
View File

@ -1,6 +1,7 @@
keys: keys:
# The PGP keys in keys/ # The PGP keys in keys/
- &admin_alice 5EFFB75F7C9B74EAA5C4637547940175096C1330 - &admin_alice 5EFFB75F7C9B74EAA5C4637547940175096C1330
# Generate AGE keys from SSH keys with: # Generate AGE keys from SSH keys with:
# ssh-keygen -A # ssh-keygen -A
# nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age' # nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'
@ -10,8 +11,10 @@ keys:
#- &palatine-hill age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej #- &palatine-hill age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej
- &palatine-hill age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh - &palatine-hill age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh
# cspell:enable # cspell:enable
servers: &servers servers: &servers
- *palatine-hill - *palatine-hill
# add new users by executing: sops users/<user>/secrets.yaml # add new users by executing: sops users/<user>/secrets.yaml
# then have someone already in the repo run the below # then have someone already in the repo run the below
# #
@ -26,21 +29,18 @@ creation_rules:
- *palatine-hill - *palatine-hill
- *artemision - *artemision
- *artemision-home - *artemision-home
- path_regex: systems/palatine-hill/secrets.*\.yaml$ - path_regex: systems/palatine-hill/secrets.*\.yaml$
key_groups: key_groups:
- pgp: - pgp:
- *admin_alice - *admin_alice
age: age:
- *palatine-hill - *palatine-hill
- path_regex: systems/artemision/secrets.*\.yaml$ - path_regex: systems/artemision/secrets.*\.yaml$
key_groups: key_groups:
- pgp: - pgp:
- *admin_alice - *admin_alice
age: age:
- *artemision - *artemision
- path_regex: systems/palatine-hill/docker/wg/.*\.conf$
key_groups:
- pgp:
- *admin_alice
age:
- *palatine-hill

4
.vscode/settings.json vendored
View File

@ -1,7 +1,5 @@
{ {
"cSpell.enableFiletypes": [ "cSpell.enableFiletypes": ["nix"],
"nix"
],
"cSpell.words": [ "cSpell.words": [
"aarch", "aarch",
"abmlevel", "abmlevel",

4
README.md
View File

@ -14,7 +14,9 @@ to onboard a new user or system.
Although we are not actively looking for new members to join in on this repo, Although we are not actively looking for new members to join in on this repo,
we are not strictly opposed. Please reach out to we are not strictly opposed. Please reach out to
[@ahuston-0](https://nayeonie.com/ahuston-0) for further information. [@ahuston-0](https://github.com/ahuston-0) or
[@RichieCahill](https://github.com/RichieCahill)
for further information.
## Repo Structure ## Repo Structure

15
docs/CONTRIBUTING.md
View File

@ -40,12 +40,12 @@ and will eventually trip a check when merging to main.
| Branch Name | Use Case | | Branch Name | Use Case |
|------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| |------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| main | protected branch which all machines pull from, do not try to push directly | | main | protected branch which all machines pull from, do not try to push directly |
| feature/\<item> | \<item> is a new feature added to the repo, for personal or common use | | feature/\<item\> | \<item\> is a new feature added to the repo, for personal or common use |
| fixup/\<item> | \<item> is a non-urgent bug, PRs merging from these branches should be merged when possible, but are not considered mission-critical | | fixup/\<item\> | \<item\> is a non-urgent bug, PRs merging from these branches should be merged when possible, but are not considered mission-critical |
| hotfix/\<item> | \<item> is a mission-critical bug, either affecting all users or a breaking change on a user's machines. These PRs should be reviewed ASAP. This is automatically subject to the [Critical Issues](#critical-issues) process | | hotfix/\<item\> | \<item\> is a mission-critical bug, either affecting all users or a breaking change on a user's machines. These PRs should be reviewed ASAP. This is automatically subject to the [Critical Issues](#critical-issues) process |
| urgent/\<item> | Accepted as an alias for the above, due to dev's coming from multiple standards and the criticality of these issues | | urgent/\<item\> | Accepted as an alias for the above, due to dev's coming from multiple standards and the criticality of these issues |
| exp/\<item> | \<item> is a non-critical experiment. This is used for shipping around potential new features or fixes to multiple branches | | exp/\<item\> | \<item\> is a non-critical experiment. This is used for shipping around potential new features or fixes to multiple branches |
| merge/\<item> | \<item> is a temporary branch and should never be merged directly to main. This is solely used for addressing merge conflicts which are too complex to be merged directly on branch | | merge/\<item\> | \<item\> is a temporary branch and should never be merged directly to main. This is solely used for addressing merge conflicts which are too complex to be merged directly on branch |
### Review Process ### Review Process
@ -107,7 +107,8 @@ rules.
We allow secrets to be embedded in the repository using `sops-nix`. As part of We allow secrets to be embedded in the repository using `sops-nix`. As part of
the process everything is encrypted, however adding a new user is a change the process everything is encrypted, however adding a new user is a change
that every existing SOPS user needs to participate in. Please reach out to that every existing SOPS user needs to participate in. Please reach out to
[@ahuston-0](https://nayeonie.com/ahuston-0) or if you are interested [@ahuston-0](https://github.com/ahuston-0) or
[@RichieCahill](https://github.com/RichieCahill) if you are interested
in using secrets on your machines. in using secrets on your machines.
## CI/CD ## CI/CD

6
docs/sample-setup.sh
View File

@ -54,6 +54,8 @@ if [ $PROCEED != "Y" ]; then
lsblk -ao NAME,FSTYPE,FSSIZE,FSUSED,SIZE,MOUNTPOINT lsblk -ao NAME,FSTYPE,FSSIZE,FSUSED,SIZE,MOUNTPOINT
fi fi
if [ $CREATEPARTS = "Y" ]; then if [ $CREATEPARTS = "Y" ]; then
# Create partition table # Create partition table
sudo parted "/dev/$DRIVE" -- mklabel gpt sudo parted "/dev/$DRIVE" -- mklabel gpt
@ -121,7 +123,7 @@ fi
DOTS="/mnt/root/dotfiles" DOTS="/mnt/root/dotfiles"
GC="git -C $DOTS" GC="git -C $DOTS"
sudo mkdir -p "$DOTS" || echo "directory $DOTS already exists" sudo mkdir -p "$DOTS" || echo "directory $DOTS already exists"
sudo $GC clone https://nayeonie.com/ahuston-0/nix-dotfiles.git . sudo $GC clone https://github.com/RAD-Development/nix-dotfiles.git .
sudo $GC checkout "$FEATUREBRANCH" sudo $GC checkout "$FEATUREBRANCH"
# Create ssh keys # Create ssh keys
@ -179,4 +181,4 @@ Host github.com
IdentityFile /root/.ssh/id_ed25519_ghdeploy IdentityFile /root/.ssh/id_ed25519_ghdeploy
EOF EOF
printf "%s" "$SSHCONFIG" | sudo tee /root/.ssh/config printf "%s" "$SSHCONFIG" | sudo tee /root/.ssh/config
sudo "$GC" remote set-url origin 'ssh://gitea@nayeonie.com:2222/ahuston-0/nix-dotfiles.git' sudo "$GC" remote set-url origin 'git@github.com:RAD-Development/nix-dotfiles.git'

672
flake.lock generated
View File

@ -1,85 +1,72 @@
{ {
"nodes": { "nodes": {
"base16": { "attic": {
"inputs": { "inputs": {
"fromYaml": "fromYaml" "crane": "crane",
"flake-compat": [
"flake-compat"
],
"flake-parts": [
"flake-parts"
],
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": [
"nixpkgs-stable"
]
}, },
"locked": { "locked": {
"lastModified": 1732200724, "lastModified": 1728577371,
"narHash": "sha256-+R1BH5wHhfnycySb7Sy5KbYEaTJZWm1h+LW1OtyhiTs=", "narHash": "sha256-f3bKclEV5t1eP1OH7kTGv/tLzlToSRIe0ktkdl1jihw=",
"owner": "SenchoPens", "owner": "zhaofengli",
"repo": "base16.nix", "repo": "attic",
"rev": "153d52373b0fb2d343592871009a286ec8837aec", "rev": "e5c8d2d50981a34602358d917e7be011b2c397a8",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "SenchoPens", "owner": "zhaofengli",
"repo": "base16.nix", "repo": "attic",
"type": "github" "type": "github"
} }
}, },
"base16-fish": { "crane": {
"flake": false, "inputs": {
"nixpkgs": [
"attic",
"nixpkgs"
]
},
"locked": { "locked": {
"lastModified": 1622559957, "lastModified": 1722960479,
"narHash": "sha256-PebymhVYbL8trDVVXxCvZgc0S5VxI7I1Hv4RMSquTpA=", "narHash": "sha256-NhCkJJQhD5GUib8zN9JrmYGMwt4lCRp6ZVNzIiYCl0Y=",
"owner": "tomyun", "owner": "ipetkov",
"repo": "base16-fish", "repo": "crane",
"rev": "2f6dd973a9075dabccd26f1cded09508180bf5fe", "rev": "4c6c77920b8d44cd6660c1621dea6b3fc4b4c4f4",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "tomyun", "owner": "ipetkov",
"repo": "base16-fish", "repo": "crane",
"type": "github"
}
},
"base16-helix": {
"flake": false,
"locked": {
"lastModified": 1736852337,
"narHash": "sha256-esD42YdgLlEh7koBrSqcT7p2fsMctPAcGl/+2sYJa2o=",
"owner": "tinted-theming",
"repo": "base16-helix",
"rev": "03860521c40b0b9c04818f2218d9cc9efc21e7a5",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "base16-helix",
"type": "github"
}
},
"base16-vim": {
"flake": false,
"locked": {
"lastModified": 1732806396,
"narHash": "sha256-e0bpPySdJf0F68Ndanwm+KWHgQiZ0s7liLhvJSWDNsA=",
"owner": "tinted-theming",
"repo": "base16-vim",
"rev": "577fe8125d74ff456cf942c733a85d769afe58b7",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "base16-vim",
"rev": "577fe8125d74ff456cf942c733a85d769afe58b7",
"type": "github" "type": "github"
} }
}, },
"firefox-addons": { "firefox-addons": {
"inputs": { "inputs": {
"flake-utils": [
"flake-utils"
],
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"dir": "pkgs/firefox-addons", "dir": "pkgs/firefox-addons",
"lastModified": 1744500178, "lastModified": 1728965006,
"narHash": "sha256-hHXOb7UW0JyNb96ZEuNj75f4hd4T+6ZZ76ir4Yc2okw=", "narHash": "sha256-TXBxJMGC6P+cn5La/lIgVzb9ETutsOI3A3urHihB7FA=",
"owner": "rycee", "owner": "rycee",
"repo": "nur-expressions", "repo": "nur-expressions",
"rev": "42722da72350b489b83940fcfb45769a66fdc50b", "rev": "f4947cf2d1a469b23fee54ad948c539f6aa431a7",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
@ -89,30 +76,14 @@
"type": "gitlab" "type": "gitlab"
} }
}, },
"firefox-gnome-theme": {
"flake": false,
"locked": {
"lastModified": 1743774811,
"narHash": "sha256-oiHLDHXq7ymsMVYSg92dD1OLnKLQoU/Gf2F1GoONLCE=",
"owner": "rafaelmardojai",
"repo": "firefox-gnome-theme",
"rev": "df53a7a31872faf5ca53dd0730038a62ec63ca9e",
"type": "github"
},
"original": {
"owner": "rafaelmardojai",
"repo": "firefox-gnome-theme",
"type": "github"
}
},
"flake-compat": { "flake-compat": {
"locked": { "locked": {
"lastModified": 1733328505, "lastModified": 1696426674,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"revCount": 69, "revCount": 57,
"type": "tarball", "type": "tarball",
"url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.1.0/01948eb7-9cba-704f-bbf3-3fa956735b52/source.tar.gz" "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
}, },
"original": { "original": {
"type": "tarball", "type": "tarball",
@ -124,33 +95,11 @@
"nixpkgs-lib": "nixpkgs-lib" "nixpkgs-lib": "nixpkgs-lib"
}, },
"locked": { "locked": {
"lastModified": 1743550720, "lastModified": 1727826117,
"narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", "narHash": "sha256-K5ZLCyfO/Zj9mPFldf3iwS6oZStJcU4tSpiXTMYaaL0=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "c621e8422220273271f52058f618c94e405bb0f5", "rev": "3d04084d54bedc3d6b8b736c70ef449225c361b1",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
"stylix",
"nur",
"nixpkgs"
]
},
"locked": {
"lastModified": 1733312601,
"narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -166,11 +115,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1731533236, "lastModified": 1726560853,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -179,69 +128,6 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_2": {
"inputs": {
"systems": [
"stylix",
"systems"
]
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"fromYaml": {
"flake": false,
"locked": {
"lastModified": 1731966426,
"narHash": "sha256-lq95WydhbUTWig/JpqiB7oViTcHFP8Lv41IGtayokA8=",
"owner": "SenchoPens",
"repo": "fromYaml",
"rev": "106af9e2f715e2d828df706c386a685698f3223b",
"type": "github"
},
"original": {
"owner": "SenchoPens",
"repo": "fromYaml",
"type": "github"
}
},
"git-hooks": {
"inputs": {
"flake-compat": [
"stylix",
"flake-compat"
],
"gitignore": "gitignore_2",
"nixpkgs": [
"stylix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1742649964,
"narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"gitignore": { "gitignore": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -263,45 +149,6 @@
"type": "github" "type": "github"
} }
}, },
"gitignore_2": {
"inputs": {
"nixpkgs": [
"stylix",
"git-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"gnome-shell": {
"flake": false,
"locked": {
"lastModified": 1732369855,
"narHash": "sha256-JhUWbcYPjHO3Xs3x9/Z9RuqXbcp5yhPluGjwsdE2GMg=",
"owner": "GNOME",
"repo": "gnome-shell",
"rev": "dadd58f630eeea41d645ee225a63f719390829dc",
"type": "github"
},
"original": {
"owner": "GNOME",
"ref": "47.2",
"repo": "gnome-shell",
"type": "github"
}
},
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -309,11 +156,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1744498625, "lastModified": 1728903686,
"narHash": "sha256-pL52uCt9CUoTTmysGG91c2FeU7XUvpB7Cep6yon2vDk=", "narHash": "sha256-ZHFrGNWDDriZ4m8CA/5kDa250SG1LiiLPApv1p/JF0o=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "db56335ca8942d86f2200664acdbd5b9212b26ad", "rev": "e1aec543f5caf643ca0d94b6a633101942fd065f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -322,27 +169,6 @@
"type": "github" "type": "github"
} }
}, },
"hydra": {
"inputs": {
"nix": "nix",
"nix-eval-jobs": "nix-eval-jobs",
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1744212707,
"narHash": "sha256-hl9t+RAEO2Jc1lVsR4OvbwG5LTyDo0wkZZ4s7zUGsxU=",
"ref": "add-gitea-pulls",
"rev": "33a935e8ef44e07c709328235ed48c4b4de03483",
"revCount": 4364,
"type": "git",
"url": "https://nayeonie.com/ahuston-0/hydra"
},
"original": {
"ref": "add-gitea-pulls",
"type": "git",
"url": "https://nayeonie.com/ahuston-0/hydra"
}
},
"hyprland-contrib": { "hyprland-contrib": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -350,11 +176,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1743417258, "lastModified": 1725551787,
"narHash": "sha256-YItzk1pj8Kz+b7VlC9zN1pSZ6CuX35asYy3HuMQ3lBQ=", "narHash": "sha256-6LgsZHz8w3g4c9bRUwRAR+WIMwFGGf3P1VZQcKNRf2o=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "contrib", "repo": "contrib",
"rev": "bc2ad24e0b2e66c3e164994c4897cd94a933fd10", "rev": "1e531dc49ad36c88b45bf836081a7a2c8927e072",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -363,59 +189,6 @@
"type": "github" "type": "github"
} }
}, },
"nix": {
"inputs": {
"flake-compat": [
"hydra"
],
"flake-parts": [
"hydra"
],
"git-hooks-nix": [
"hydra"
],
"nixpkgs": [
"hydra",
"nixpkgs"
],
"nixpkgs-23-11": [
"hydra"
],
"nixpkgs-regression": [
"hydra"
]
},
"locked": {
"lastModified": 1744030329,
"narHash": "sha256-r+psCOW77vTSTNbxTVrYHeh6OgB0QukbnyUVDwg8s4I=",
"owner": "NixOS",
"repo": "nix",
"rev": "a4962f73b5fc874d4b16baef47921daf349addfc",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "2.28-maintenance",
"repo": "nix",
"type": "github"
}
},
"nix-eval-jobs": {
"flake": false,
"locked": {
"lastModified": 1744018595,
"narHash": "sha256-v5n6t49X7MOpqS9j0FtI6TWOXvxuZMmGsp2OfUK5QfA=",
"owner": "nix-community",
"repo": "nix-eval-jobs",
"rev": "cba718bafe5dc1607c2b6761ecf53c641a6f3b21",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-eval-jobs",
"type": "github"
}
},
"nix-index-database": { "nix-index-database": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -423,11 +196,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1744518957, "lastModified": 1728790083,
"narHash": "sha256-RLBSWQfTL0v+7uyskC5kP6slLK1jvIuhaAh8QvB75m4=", "narHash": "sha256-grMdAd4KSU6uPqsfLzA1B/3pb9GtGI9o8qb0qFzEU/Y=",
"owner": "Mic92", "owner": "Mic92",
"repo": "nix-index-database", "repo": "nix-index-database",
"rev": "4fc9ea78c962904f4ea11046f3db37c62e8a02fd", "rev": "5c54c33aa04df5dd4b0984b7eb861d1981009b22",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -438,11 +211,11 @@
}, },
"nixlib": { "nixlib": {
"locked": { "locked": {
"lastModified": 1736643958, "lastModified": 1728781282,
"narHash": "sha256-tmpqTSWVRJVhpvfSN9KXBvKEXplrwKnSZNAoNPf/S/s=", "narHash": "sha256-hUP9oxmnOmNnKcDOf5Y55HQ+NnoT0+bLWHLQWLLw9Ks=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixpkgs.lib", "repo": "nixpkgs.lib",
"rev": "1418bc28a52126761c02dd3d89b2d8ca0f521181", "rev": "16340f605f4e8e5cf07fd74dcbe692eee2d4f51b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -459,11 +232,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1742568034, "lastModified": 1728867876,
"narHash": "sha256-QaMEhcnscfF2MqB7flZr+sLJMMYZPnvqO4NYf9B4G38=", "narHash": "sha256-NCyOA8WZNoojmXH+kBDrQj3LwvakYNzSc0h+LTXkmPE=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixos-generators", "repo": "nixos-generators",
"rev": "42ee229088490e3777ed7d1162cb9e9d8c3dbb11", "rev": "fdf142111597f6c6283cf5ffe092b6293a3911d0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -474,11 +247,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1744366945, "lastModified": 1728729581,
"narHash": "sha256-OuLhysErPHl53BBifhesrRumJNhrlSgQDfYOTXfgIMg=", "narHash": "sha256-oazkQ/z7r43YkDLLQdMg8oIB3CwWNb+2ZrYOxtLEWTQ=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "1fe3cc2bc5d2dc9c81cb4e63d2f67c1543340df1", "rev": "a8dd1b21995964b115b1e3ec639dd6ce24ab9806",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -494,14 +267,15 @@
], ],
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ],
"search": "search"
}, },
"locked": { "locked": {
"lastModified": 1744378369, "lastModified": 1728919967,
"narHash": "sha256-aCK79lB4Txu20YmQIf126CxsubgmeICpDiG6bsEMzrU=", "narHash": "sha256-zQl8z8iagvrekF4tFK1au7mGH8x0zoGppo6geLPioQk=",
"owner": "SuperSandro2000", "owner": "SuperSandro2000",
"repo": "nixos-modules", "repo": "nixos-modules",
"rev": "d331edb6574306211b8f5a652a40fcfe1913194c", "rev": "1aba521c9cd2cd97490846ac83fd73ae84625c8a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -512,90 +286,48 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1743987495, "lastModified": 1728492678,
"narHash": "sha256-46T2vMZ4/AfCK0Y2OjlFzJPxmdpP8GtsuEqSSJv3oe4=", "narHash": "sha256-9UTxR8eukdg+XZeHgxW5hQA9fIKHsKCdOIUycTryeVw=",
"owner": "NixOS", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "db8f4fe18ce772a9c8f3adf321416981c8fe9371", "rev": "5633bcff0c6162b9e4b5f1264264611e950c8ec7",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "nixos",
"ref": "nixos-24.11-small", "ref": "nixos-unstable",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs-lib": { "nixpkgs-lib": {
"locked": { "locked": {
"lastModified": 1743296961, "lastModified": 1727825735,
"narHash": "sha256-b1EdN3cULCqtorQ4QeWgLMrd5ZGOjLSLemfa00heasc=", "narHash": "sha256-0xHYkMkeLVQAMa7gvkddbPqpxph+hDzdu1XdGPJR+Os=",
"owner": "nix-community", "type": "tarball",
"repo": "nixpkgs.lib", "url": "https://github.com/NixOS/nixpkgs/archive/fb192fec7cc7a4c26d51779e9bab07ce6fa5597a.tar.gz"
"rev": "e4822aea2a6d1cdd36653c134cacfd64c97ff4fa",
"type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "type": "tarball",
"repo": "nixpkgs.lib", "url": "https://github.com/NixOS/nixpkgs/archive/fb192fec7cc7a4c26d51779e9bab07ce6fa5597a.tar.gz"
"type": "github"
} }
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1744440957, "lastModified": 1728740863,
"narHash": "sha256-FHlSkNqFmPxPJvy+6fNLaNeWnF1lZSgqVCl/eWaJRc4=", "narHash": "sha256-u+rxA79a0lyhG+u+oPBRtTDtzz8kvkc9a6SWSt9ekVc=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "26d499fc9f1d567283d5d56fcf367edd815dba1d", "rev": "a3f9ad65a0bf298ed5847629a57808b97e6e8077",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nixos", "owner": "nixos",
"ref": "nixos-24.11", "ref": "nixos-24.05",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs_2": {
"locked": {
"lastModified": 1744501611,
"narHash": "sha256-H+Q/R9FKEuuBRjjgwP6GBPfQMA7rzH7UJm/+HSYZm5o=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "208645bf60302e4eea10f9b038043205b423de21",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable-small",
"repo": "nixpkgs",
"type": "github"
}
},
"nur": {
"inputs": {
"flake-parts": "flake-parts_2",
"nixpkgs": [
"stylix",
"nixpkgs"
],
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1743884191,
"narHash": "sha256-foVcginhVvjg8ZnTzY5wwMeZ4wjJ8yX66PW5kgyivPE=",
"owner": "nix-community",
"repo": "NUR",
"rev": "fde90f5f52e13eed110a0e53a2818a2b09e4d37c",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "NUR",
"type": "github"
}
},
"pre-commit-hooks": { "pre-commit-hooks": {
"inputs": { "inputs": {
"flake-compat": [ "flake-compat": [
@ -604,14 +336,17 @@
"gitignore": "gitignore", "gitignore": "gitignore",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
],
"nixpkgs-stable": [
"nixpkgs-stable"
] ]
}, },
"locked": { "locked": {
"lastModified": 1742649964, "lastModified": 1728778939,
"narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=", "narHash": "sha256-WybK5E3hpGxtCYtBwpRj1E9JoiVxe+8kX83snTNaFHE=",
"owner": "cachix", "owner": "cachix",
"repo": "git-hooks.nix", "repo": "git-hooks.nix",
"rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82", "rev": "ff68f91754be6f3427e4986d7949e6273659be1d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -622,24 +357,23 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"attic": "attic",
"firefox-addons": "firefox-addons", "firefox-addons": "firefox-addons",
"flake-compat": "flake-compat", "flake-compat": "flake-compat",
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
"home-manager": "home-manager", "home-manager": "home-manager",
"hydra": "hydra",
"hyprland-contrib": "hyprland-contrib", "hyprland-contrib": "hyprland-contrib",
"nix-index-database": "nix-index-database", "nix-index-database": "nix-index-database",
"nixos-generators": "nixos-generators", "nixos-generators": "nixos-generators",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixos-modules": "nixos-modules", "nixos-modules": "nixos-modules",
"nixpkgs": "nixpkgs_2", "nixpkgs": "nixpkgs",
"nixpkgs-stable": "nixpkgs-stable", "nixpkgs-stable": "nixpkgs-stable",
"pre-commit-hooks": "pre-commit-hooks", "pre-commit-hooks": "pre-commit-hooks",
"rust-overlay": "rust-overlay", "rust-overlay": "rust-overlay",
"sops-nix": "sops-nix", "sops-nix": "sops-nix",
"stylix": "stylix", "systems": "systems",
"systems": "systems_2",
"wired-notify": "wired-notify" "wired-notify": "wired-notify"
} }
}, },
@ -650,11 +384,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1744513456, "lastModified": 1728959392,
"narHash": "sha256-NLVluTmK8d01Iz+WyarQhwFcXpHEwU7m5hH3YQQFJS0=", "narHash": "sha256-fp4he1QQjE+vasDMspZYeXrwTm9otwEqLwEN6FKZ5v0=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "730fd8e82799219754418483fabe1844262fd1e2", "rev": "4c6e317300f05b8871f585b826b6f583e7dc4a9b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -663,18 +397,46 @@
"type": "github" "type": "github"
} }
}, },
"search": {
"inputs": {
"flake-utils": [
"nixos-modules",
"flake-utils"
],
"nixpkgs": [
"nixos-modules",
"nixpkgs"
]
},
"locked": {
"lastModified": 1728423244,
"narHash": "sha256-+YwNsyIFj3dXyLVQd1ry4pCNmtOpbceKUrkNS8wp9Ho=",
"owner": "nuschtos",
"repo": "search",
"rev": "f276cc3b391493ba3a8b30170776860f9520b7fa",
"type": "github"
},
"original": {
"owner": "nuschtos",
"repo": "search",
"type": "github"
}
},
"sops-nix": { "sops-nix": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
],
"nixpkgs-stable": [
"nixpkgs-stable"
] ]
}, },
"locked": { "locked": {
"lastModified": 1744518500, "lastModified": 1728345710,
"narHash": "sha256-lv52pnfiRGp5+xkZEgWr56DWiRgkMFXpiGba3eJ3krE=", "narHash": "sha256-lpunY1+bf90ts+sA2/FgxVNIegPDKCpEoWwOPu4ITTQ=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "7e147a1ae90f0d4a374938cdc3df3cdaecb9d388", "rev": "06535d0e3d0201e6a8080dd32dbfde339b94f01b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -683,47 +445,6 @@
"type": "github" "type": "github"
} }
}, },
"stylix": {
"inputs": {
"base16": "base16",
"base16-fish": "base16-fish",
"base16-helix": "base16-helix",
"base16-vim": "base16-vim",
"firefox-gnome-theme": "firefox-gnome-theme",
"flake-compat": [
"flake-compat"
],
"flake-utils": "flake-utils_2",
"git-hooks": "git-hooks",
"gnome-shell": "gnome-shell",
"home-manager": [
"home-manager"
],
"nixpkgs": [
"nixpkgs"
],
"nur": "nur",
"systems": "systems",
"tinted-foot": "tinted-foot",
"tinted-kitty": "tinted-kitty",
"tinted-schemes": "tinted-schemes",
"tinted-tmux": "tinted-tmux",
"tinted-zed": "tinted-zed"
},
"locked": {
"lastModified": 1744540857,
"narHash": "sha256-cDC9TBD++zBsUx9X2VhJOjxXclmY8YpSqpKHaVLEXVA=",
"owner": "danth",
"repo": "stylix",
"rev": "379ba613a68fafdd756db370f0ef878a0d3a7308",
"type": "github"
},
"original": {
"owner": "danth",
"repo": "stylix",
"type": "github"
}
},
"systems": { "systems": {
"locked": { "locked": {
"lastModified": 1681028828, "lastModified": 1681028828,
@ -739,125 +460,6 @@
"type": "github" "type": "github"
} }
}, },
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"tinted-foot": {
"flake": false,
"locked": {
"lastModified": 1726913040,
"narHash": "sha256-+eDZPkw7efMNUf3/Pv0EmsidqdwNJ1TaOum6k7lngDQ=",
"owner": "tinted-theming",
"repo": "tinted-foot",
"rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "tinted-foot",
"rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4",
"type": "github"
}
},
"tinted-kitty": {
"flake": false,
"locked": {
"lastModified": 1716423189,
"narHash": "sha256-2xF3sH7UIwegn+2gKzMpFi3pk5DlIlM18+vj17Uf82U=",
"owner": "tinted-theming",
"repo": "tinted-kitty",
"rev": "eb39e141db14baef052893285df9f266df041ff8",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "tinted-kitty",
"rev": "eb39e141db14baef052893285df9f266df041ff8",
"type": "github"
}
},
"tinted-schemes": {
"flake": false,
"locked": {
"lastModified": 1742851696,
"narHash": "sha256-sR4K+OVFKeUOvNIqcCr5Br7NLxOBEwoAgsIyjsZmb8s=",
"owner": "tinted-theming",
"repo": "schemes",
"rev": "c37771c4ae8ff1667e27ddcf24991ebeb94a4e77",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "schemes",
"type": "github"
}
},
"tinted-tmux": {
"flake": false,
"locked": {
"lastModified": 1743296873,
"narHash": "sha256-8IQulrb1OBSxMwdKijO9fB70ON//V32dpK9Uioy7FzY=",
"owner": "tinted-theming",
"repo": "tinted-tmux",
"rev": "af5152c8d7546dfb4ff6df94080bf5ff54f64e3a",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "tinted-tmux",
"type": "github"
}
},
"tinted-zed": {
"flake": false,
"locked": {
"lastModified": 1725758778,
"narHash": "sha256-8P1b6mJWyYcu36WRlSVbuj575QWIFZALZMTg5ID/sM4=",
"owner": "tinted-theming",
"repo": "base16-zed",
"rev": "122c9e5c0e6f27211361a04fae92df97940eccf9",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "base16-zed",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"stylix",
"nur",
"nixpkgs"
]
},
"locked": {
"lastModified": 1733222881,
"narHash": "sha256-JIPcz1PrpXUCbaccEnrcUS8jjEb/1vJbZz5KkobyFdM=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "49717b5af6f80172275d47a418c9719a31a78b53",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"wired-notify": { "wired-notify": {
"inputs": { "inputs": {
"flake-parts": [ "flake-parts": [
@ -871,11 +473,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1743305055, "lastModified": 1727849733,
"narHash": "sha256-NIsi8Dno9YsOLUUTrLU4p+hxYeJr3Vkg1gIpQKVTaDs=", "narHash": "sha256-mqxs/nyzOEKiBHa94OtcOLYBXd65P8tO4DUVTHWHn6o=",
"owner": "Toqozz", "owner": "Toqozz",
"repo": "wired-notify", "repo": "wired-notify",
"rev": "75d43f54a02b15f2a15f5c1a0e1c7d15100067a6", "rev": "a1f6965737754e7424f9468f6befef885a9ee0ad",
"type": "github" "type": "github"
}, },
"original": { "original": {

58
flake.nix
View File

@ -5,42 +5,36 @@
substituters = [ substituters = [
"https://cache.nixos.org/?priority=1&want-mass-query=true" "https://cache.nixos.org/?priority=1&want-mass-query=true"
"https://nix-community.cachix.org/?priority=10&want-mass-query=true" "https://nix-community.cachix.org/?priority=10&want-mass-query=true"
# "https://attic.nayeonie.com/nix-cache"
]; ];
trusted-substituters = [ trusted-substituters = [
"https://cache.nixos.org" "https://cache.nixos.org"
"https://attic.alicehuston.xyz/cache-nix-dot"
"https://nix-community.cachix.org" "https://nix-community.cachix.org"
"https://attic.nayeonie.com/nix-cache"
]; ];
trusted-public-keys = [ trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"nix-cache:grGRsHhqNDhkEuTODvHJXYmoCClntC+U8XAJQzwMaZM="
]; ];
trusted-users = [ "root" ]; trusted-users = [ "root" ];
allow-import-from-derivation = true;
fallback = true;
}; };
inputs = { inputs = {
flake-compat.url = "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"; flake-compat.url = "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz";
flake-parts.url = "github:hercules-ci/flake-parts"; flake-parts.url = "github:hercules-ci/flake-parts";
nixos-hardware.url = "github:NixOS/nixos-hardware"; nixos-hardware.url = "github:NixOS/nixos-hardware";
#nixpkgs.url = "github:nuschtos/nuschtpkgs/nixos-unstable"; nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable-small"; nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.05";
#nixpkgs.url = "github:nixos/nixpkgs/1d2fe0135f360c970aee1d57a53f816f3c9bddae?narHash=sha256-Up7YlXIupmT7fEtC4Oj676M91INg0HAoamiswAsA3rc%3D";
nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.11";
systems.url = "github:nix-systems/default"; systems.url = "github:nix-systems/default";
# attic = { attic = {
# url = "github:zhaofengli/attic"; url = "github:zhaofengli/attic";
# inputs = { inputs = {
# nixpkgs.follows = "nixpkgs"; nixpkgs.follows = "nixpkgs";
# nixpkgs-stable.follows = "nixpkgs-stable"; nixpkgs-stable.follows = "nixpkgs-stable";
# flake-compat.follows = "flake-compat"; flake-compat.follows = "flake-compat";
# flake-parts.follows = "flake-parts"; flake-parts.follows = "flake-parts";
# }; };
# }; };
firefox-addons = { firefox-addons = {
url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons"; url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons";
@ -60,13 +54,6 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
hydra = {
url = "git+https://nayeonie.com/ahuston-0/hydra?ref=add-gitea-pulls";
# inputs = {
# nixpkgs.follows = "nixpkgs";
# };
};
hyprland-contrib = { hyprland-contrib = {
url = "github:hyprwm/contrib"; url = "github:hyprwm/contrib";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@ -94,6 +81,7 @@
url = "github:cachix/git-hooks.nix"; url = "github:cachix/git-hooks.nix";
inputs = { inputs = {
nixpkgs.follows = "nixpkgs"; nixpkgs.follows = "nixpkgs";
nixpkgs-stable.follows = "nixpkgs-stable";
flake-compat.follows = "flake-compat"; flake-compat.follows = "flake-compat";
}; };
}; };
@ -109,15 +97,7 @@
url = "github:Mic92/sops-nix"; url = "github:Mic92/sops-nix";
inputs = { inputs = {
nixpkgs.follows = "nixpkgs"; nixpkgs.follows = "nixpkgs";
}; nixpkgs-stable.follows = "nixpkgs-stable";
};
stylix = {
url = "github:danth/stylix";
inputs = {
flake-compat.follows = "flake-compat";
home-manager.follows = "home-manager";
nixpkgs.follows = "nixpkgs";
}; };
}; };
@ -137,7 +117,7 @@
systems = [ systems = [
"x86_64-linux" "x86_64-linux"
# disable arm for now as hydra isn't set up for it # disable arm for now as hydra isn't set up for it
# "aarch64-linuxa # "aarch64-linux"
]; ];
forEachSystem = lib.genAttrs systems; forEachSystem = lib.genAttrs systems;
@ -153,13 +133,13 @@
lib = self; lib = self;
} }
); );
inherit (lib.adev.systems) genSystems getImages; inherit (lib.rad-dev.systems) genSystems getImages;
inherit (self) outputs; # for hydra inherit (self) outputs; # for hydra
in in
rec { rec {
inherit lib; # for allowing use of custom functions in nix repl inherit lib; # for allowing use of custom functions in nix repl
hydraJobs = import ./hydra/jobs.nix { inherit inputs outputs systems; }; #hydraJobs = import ./hydra/jobs.nix { inherit inputs outputs systems; };
formatter = forEachSystem (system: nixpkgs.legacyPackages.${system}.nixfmt-rfc-style); formatter = forEachSystem (system: nixpkgs.legacyPackages.${system}.nixfmt-rfc-style);
nixosConfigurations = genSystems inputs outputs src (src + "/systems"); nixosConfigurations = genSystems inputs outputs src (src + "/systems");
@ -169,10 +149,6 @@
qcow = getImages nixosConfigurations "qcow"; qcow = getImages nixosConfigurations "qcow";
}; };
packages.x86_64-linux.lego-latest =
nixpkgs.legacyPackages.x86_64-linux.callPackage ./pkgs/lego-latest/default.nix
{ };
checks = import ./checks.nix { inherit inputs forEachSystem formatter; }; checks = import ./checks.nix { inherit inputs forEachSystem formatter; };
devShells = import ./shell.nix { inherit inputs forEachSystem checks; }; devShells = import ./shell.nix { inherit inputs forEachSystem checks; };

13
hydra/jobsets.nix
View File

@ -19,6 +19,7 @@ let
prs = readJSONFile pulls; prs = readJSONFile pulls;
refs = readJSONFile branches; refs = readJSONFile branches;
repo = "RAD-Development/nix-dotfiles";
# template for creating a job # template for creating a job
makeJob = makeJob =
@ -27,7 +28,6 @@ let
keepnr ? 3, keepnr ? 3,
description, description,
flake, flake,
enabled ? 1,
}: }:
{ {
inherit inherit
@ -35,8 +35,8 @@ let
flake flake
schedulingshares schedulingshares
keepnr keepnr
enabled
; ;
enabled = 1;
type = 1; type = 1;
hidden = false; hidden = false;
checkinterval = 300; # every 5 minutes checkinterval = 300; # every 5 minutes
@ -44,9 +44,7 @@ let
emailoverride = ""; emailoverride = "";
}; };
giteaHost = "ssh://gitea@nayeonie.com:2222"; # Create a hydra job for a branch
repo = "ahuston-0/nix-dotfiles";
# # Create a hydra job for a branch
jobOfRef = jobOfRef =
name: name:
{ ref, ... }: { ref, ... }:
@ -57,7 +55,7 @@ let
name = builtins.replaceStrings [ "/" ] [ "-" ] "branch-${name}"; name = builtins.replaceStrings [ "/" ] [ "-" ] "branch-${name}";
value = makeJob { value = makeJob {
description = "Branch ${name}"; description = "Branch ${name}";
flake = "git+${giteaHost}/${repo}?ref=${ref}"; flake = "git+ssh://git@github.com/${repo}?ref=${ref}";
}; };
}; };
@ -66,8 +64,7 @@ let
name = if info.draft then "draft-${id}" else "pr-${id}"; name = if info.draft then "draft-${id}" else "pr-${id}";
value = makeJob { value = makeJob {
description = "PR ${id}: ${info.title}"; description = "PR ${id}: ${info.title}";
flake = "git+${giteaHost}/${repo}?ref=${info.head.ref}"; flake = "git+ssh://git@github.com/${info.head.repo.full_name}?ref=${info.head.ref}";
enabled = info.state == "open";
}; };
}; };

12
hydra/spec.json
View File

@ -1,7 +1,7 @@
{ {
"enabled": 1, "enabled": 1,
"hidden": false, "hidden": false,
"description": "ahuston-0's personal server infra", "description": "RAD Development infrastructure",
"nixexprinput": "nixexpr", "nixexprinput": "nixexpr",
"nixexprpath": "hydra/jobsets.nix", "nixexprpath": "hydra/jobsets.nix",
"checkinterval": 60, "checkinterval": 60,
@ -12,7 +12,7 @@
"type": 0, "type": 0,
"inputs": { "inputs": {
"nixexpr": { "nixexpr": {
"value": "ssh://gitea@nayeonie.com:2222/ahuston-0/nix-dotfiles.git main", "value": "https://github.com/RAD-Development/nix-dotfiles main",
"type": "git", "type": "git",
"emailresponsible": false "emailresponsible": false
}, },
@ -22,13 +22,13 @@
"emailresponsible": false "emailresponsible": false
}, },
"pulls": { "pulls": {
"type": "giteapulls", "type": "githubpulls",
"value": "nayeonie.com ahuston-0 nix-dotfiles https", "value": "RAD-Development nix-dotfiles",
"emailresponsible": false "emailresponsible": false
}, },
"branches": { "branches": {
"type": "gitea_refs", "type": "github_refs",
"value": "nayeonie.com ahuston-0 nix-dotfiles heads https -", "value": "RAD-Development nix-dotfiles heads -",
"emailresponsible": false "emailresponsible": false
} }
} }

43
lib/container-utils.nix
View File

@ -1,43 +0,0 @@
{ lib, ... }:
{
# Given a attrset of images and a function which generates an image spec,
# generates a set of containers (although this could in theory be used for
# other things... I'd like to see people try)
#
# container set must be in the below format
# { container-name = {image = "image-uri"; scale = n;}; }
# where image-uri gets passed in to the container-spec function as a custom
# parameter, and scale is an integer that generates the containers
#
# container-spec must be a function which accepts two parameter (the
# container name and image name) and ideally returns an oci-compliant
# container.
#
# args:
# containers: an AttrSet which specifies the imageUri and scale of each
# container
# container-spec: a function which produces an oci-compliant container spec
#
# type:
# AttrSet -> (String -> AttrSet -> AttrSet) -> AttrSet
createTemplatedContainers =
containers: container-spec:
builtins.listToAttrs (
lib.flatten (
lib.mapAttrsToList (
name: value:
(map (
num:
let
container-name = "${name}-${toString num}";
in
{
name = container-name;
value = container-spec container-name value.image;
}
) (lib.lists.range 1 value.scale))
) containers
)
);
}

21
lib/default.nix
View File

@ -1,9 +1,8 @@
{ lib, ... }: { lib, ... }:
{ {
# create adev namespace for lib # create rad-dev namespace for lib
adev = rec { rad-dev = rec {
systems = import ./systems.nix { inherit lib; }; systems = import ./systems.nix { inherit lib; };
container-utils = import ./container-utils.nix { inherit lib; };
# any(), but checks if any value in the list is true # any(), but checks if any value in the list is true
# #
@ -57,21 +56,5 @@
# type: # type:
# fileList :: Path -> String -> [Path] # fileList :: Path -> String -> [Path]
fileList = dir: map (file: dir + "/${file}") (ls dir); fileList = dir: map (file: dir + "/${file}") (ls dir);
# reduce an attribute set to a string
#
# example:
# given attrset {host1 = "palatine-hill"; host2 = "jeeves";}
# and func (host: hostname: host + " is " + hostname + ", " )
# mapAttrsToString would return 'host1 is palatine-hill, host2 is jeeves, '
#
# args:
# func: an function to apply to attrSet to turn each entry into one string
# attrSet: an attribute set to reduce
#
# type:
# mapAttrsToString :: AttrSet -> (String -> Any -> String) -> String
mapAttrsToString =
func: attrSet: (lib.foldl' (cur: next: cur + next) "" (lib.mapAttrsToList func attrSet));
}; };
} }

4
lib/systems.nix
View File

@ -176,7 +176,7 @@ rec {
(configPath + "/configuration.nix") (configPath + "/configuration.nix")
] ]
++ modules ++ modules
++ (lib.adev.fileList (src + "/modules")) ++ (lib.rad-dev.fileList (src + "/modules"))
++ genWrapper sops genSops args ++ genWrapper sops genSops args
++ genWrapper home genHome args ++ genWrapper home genHome args
++ genWrapper true genUsers args ++ genWrapper true genUsers args
@ -222,7 +222,7 @@ rec {
// import configPath { inherit inputs; } // import configPath { inherit inputs; }
); );
} }
) (lib.adev.lsdir path) ) (lib.rad-dev.lsdir path)
); );
# gets all the images of a specified format # gets all the images of a specified format

2
modules/autopull.nix
View File

@ -61,7 +61,7 @@ in
lib.mkIf cfg.enable { lib.mkIf cfg.enable {
environment.systemPackages = environment.systemPackages =
[ pkgs.git ] [ pkgs.git ]
++ lib.optionals (lib.any (ssh-key: ssh-key != "") (lib.adev.mapGetAttr "ssh-key" repos)) [ ++ lib.optionals (lib.any (ssh-key: ssh-key != "") (lib.rad-dev.mapGetAttr "ssh-key" repos)) [
pkgs.openssh pkgs.openssh
]; ];

2
modules/base.nix
View File

@ -15,7 +15,7 @@
programs = { programs = {
zsh.enable = true; zsh.enable = true;
fish.enable = false; fish.enable = true;
}; };
users = { users = {

1
modules/boot.nix
View File

@ -35,6 +35,7 @@ in
config.boot = lib.mkIf cfg.default { config.boot = lib.mkIf cfg.default {
supportedFilesystems = [ cfg.filesystem ]; supportedFilesystems = [ cfg.filesystem ];
tmp.useTmpfs = true; tmp.useTmpfs = true;
kernelPackages = pkgs.linuxPackages_6_10;
kernelParams = kernelParams =
[ "nordrand" ] [ "nordrand" ]
++ lib.optional (cfg.cpuType == "amd") "kvm-amd" ++ lib.optional (cfg.cpuType == "amd") "kvm-amd"

7
modules/docker.nix
View File

@ -7,14 +7,9 @@
extraGroups = [ "docker" ]; extraGroups = [ "docker" ];
uid = 600; uid = 600;
}; };
groups = { groups.docker-service = {
docker-service = {
gid = 600; gid = 600;
}; };
haproxy = {
gid = 99;
};
};
}; };
virtualisation.docker = { virtualisation.docker = {

4
modules/kub_net.nix
View File

@ -1,10 +1,10 @@
{ lib, config, ... }: { lib, config, ... }:
let let
cfg = config.services.adev.k3s-net; cfg = config.services.rad-dev.k3s-net;
in in
{ {
options = { options = {
services.adev.k3s-net = { services.rad-dev.k3s-net = {
enable = lib.mkOption { enable = lib.mkOption {
default = false; default = false;
example = true; example = true;

2
modules/plocate.nix
View File

@ -3,7 +3,7 @@
{ {
services.locate = { services.locate = {
enable = lib.mkDefault true; enable = lib.mkDefault true;
# localuser = lib.mkDefault null; localuser = lib.mkDefault null;
package = lib.mkDefault pkgs.plocate; package = lib.mkDefault pkgs.plocate;
}; };
} }

10
modules/update.nix
View File

@ -1,19 +1,19 @@
{ lib, ... }: { lib, ... }:
{ {
services.autopull = { services.autopull = {
enable = lib.mkDefault true; enable = lib.mkDefault false;
repo.dotfiles = { repo.dotfiles = {
enable = lib.mkDefault true; enable = lib.mkDefault false;
ssh-key = lib.mkDefault "/root/.ssh/id_ed25519_giteadeploy"; ssh-key = lib.mkDefault "/root/.ssh/id_ed25519_ghdeploy";
path = lib.mkDefault /root/dotfiles; path = lib.mkDefault /root/dotfiles;
}; };
}; };
system.autoUpgrade = { system.autoUpgrade = {
enable = lib.mkDefault true; enable = lib.mkDefault false;
flags = [ "--accept-flake-config" ]; flags = [ "--accept-flake-config" ];
randomizedDelaySec = "1h"; randomizedDelaySec = "1h";
persistent = true; persistent = true;
flake = "git+ssh://nayeonie.com/ahuston-0/nix-dotfiles.git"; flake = "github:RAD-Development/nix-dotfiles";
}; };
} }

4
modules/yubikey.nix
View File

@ -5,11 +5,11 @@
... ...
}: }:
let let
cfg = config.services.adev.yubikey; cfg = config.services.rad-dev.yubikey;
in in
{ {
options = { options = {
services.adev.yubikey = { services.rad-dev.yubikey = {
enable = lib.mkEnableOption "enable yubikey defaults"; enable = lib.mkEnableOption "enable yubikey defaults";
enable-desktop-app = lib.mkEnableOption "installs desktop application"; enable-desktop-app = lib.mkEnableOption "installs desktop application";
}; };

39
pkgs/lego-latest/default.nix
View File

@ -1,39 +0,0 @@
{
lib,
fetchFromGitHub,
buildGoModule,
}:
buildGoModule rec {
pname = "lego";
version = "4.21.0";
src = fetchFromGitHub {
owner = "go-acme";
repo = pname;
rev = "v${version}";
hash = "sha256-3dSvQfkBNh8Bt10nv4xGplv4iY3gWvDu2EDN6UovSdc=";
};
vendorHash = "sha256-teA6fnKl4ATePOYL/zuemyiVy9jgsxikqmuQJwwA8wE=";
doCheck = false;
subPackages = [ "cmd/lego" ];
ldflags = [
"-s"
"-w"
"-X main.version=${version}"
];
meta = with lib; {
description = "Let's Encrypt client and ACME library written in Go";
license = licenses.mit;
homepage = "https://go-acme.github.io/lego/";
maintainers = teams.acme.members;
mainProgram = "lego";
};
#passthru.tests.lego = nixosTests.acme;
}

8
shell.nix
View File

@ -38,17 +38,13 @@ forEachSystem (
}; };
# constructs a custom shell with commonly used utilities # constructs a custom shell with commonly used utilities
adev = pkgs.mkShell { rad-dev = pkgs.mkShell {
packages = with pkgs; [ packages = with pkgs; [
deadnix deadnix
pre-commit pre-commit
treefmt treefmt
statix statix
nixfmt-rfc-style nixfmt-rfc-style
jsonfmt
mdformat
shfmt
yamlfmt
]; ];
}; };
in in
@ -56,7 +52,7 @@ forEachSystem (
default = pkgs.mkShell { default = pkgs.mkShell {
inputsFrom = [ inputsFrom = [
pre-commit pre-commit
adev rad-dev
sops sops
]; ];
}; };

17
utils/sops-mergetool.sh → sops-mergetool.sh
View File

@ -1,27 +1,17 @@
#!/usr/bin/env bash #!/usr/bin/env bash
# Exit on first error and verify variables have been set/passed via CLI # Exit on first error and verify variables have been set/passed via CLI
#set -eu set -eu
set -v
set -x
# Rename our variables to friendlier equivalents # Rename our variables to friendlier equivalents
# https://git-scm.com/docs/gitattributes#_defining_a_custom_merge_driver # https://git-scm.com/docs/gitattributes#_defining_a_custom_merge_driver
base="$1" base="$1"; local_="$2"; remote="$3"; merged="$4"
local_="$2"
remote="$3"
merged="$4"
echo "$base"
echo "$local_"
echo "$remote"
echo "$merged"
# Resolve our default mergetool # Resolve our default mergetool
# https://github.com/git/git/blob/v2.8.2/git-mergetool--lib.sh#L3 # https://github.com/git/git/blob/v2.8.2/git-mergetool--lib.sh#L3
mergetool="$(git config --get merge.tool)" mergetool="$(git config --get merge.tool)"
GIT_DIR="$(git --exec-path)" GIT_DIR="$(git --exec-path)"
if test "$mergetool" = ""; then if test "$mergetool" = ""; then
echo 'No default `merge.tool` was set for `git`. Please set one via `git config --set merge.tool <tool>`' 1>&2 echo "No default \`merge.tool\` was set for \`git\`. Please set one via \`git config --set merge.tool <tool>\`" 1>&2
exit 1 exit 1
fi fi
@ -86,3 +76,4 @@ set -eu
# Re-encrypt content # Re-encrypt content
sops --encrypt "$merged_decrypted" > "$merged" sops --encrypt "$merged_decrypted" > "$merged"

2
statix.toml
View File

@ -1,4 +1,4 @@
disabled = ["empty_pattern"] disabled = ["empty_pattern"]
nix_version = '2.25' nix_version = '2.23'
ignore = ['.direnv'] ignore = ['.direnv']

438
systems/artemision/ao3_skins/happy_17th.css
View File

@ -1,438 +0,0 @@
#footer .group,
.post fieldset fieldset,
fieldset fieldset {
background: none;
}
#header {
background: #000 url('https://media.archiveofourown.org/news/milestones/2024-08-seventeen-years-otw/2024-08-seventeen-years-otw-pattern.jpg');
background-size: 350px;
}
#header .heading a,
#header .primary .dropdown a:focus,
#header .heading a:visited,
#main .pagination .current,
h2 {
color: #ffe8b4;
}
#header .clear,
#footer {
border-color: #191919;
}
#header .actions a[href="/menu/fandoms"],
#header .actions a[href="/menu/browse"],
#header .actions a[href="/menu/search"],
#header .actions a[href="/menu/about"] {
color: #fff;
}
#footer ul {
background: url('https://live.staticflickr.com/7284/9616997915_4194b6c6f7_h.jpg');
background-size: 350px;
}
#footer ul li:nth-child(1) ul,
#footer ul li:nth-child(2) ul,
#footer ul li:nth-child(3) ul,
#footer ul li:nth-child(4) ul {
background: rgba(0, 0, 0, 0.0);
}
#header .primary {
background: #8a1a10;
}
#footer {
background: #8a1a10;
}
input[type="text"],
textarea,
select {
background: #222;
color: #fff;
}
select:focus {
background: #2a2a2a;
}
option {
background: #555;
color: #fff;
}
#work form fieldset.work.meta dl dd.warning.required fieldset,
#main form fieldset.work.meta dl dd.warning.required fieldset {
color: #fff;
}
#bookmark-form form {
background: #2a2a2a;
color: #fff;
}
#error {
color: #191919;
}
fieldset,
.verbose fieldset {
border-color: #404040;
background: #191919;
border: 1px solid #595959;
}
.search [role=tooltip] {
background: #333;
border: 1px solid #666;
}
#main a:visited {
color: #ccc;
}
#main a.tag:visited:hover {
color: #111;
}
body,
.group,
.group .group,
.region,
.flash,
form dl,
#main .verbose legend,
.notice,
ul.notes,
table,
th,
td:hover,
tr:hover,
.symbol .question:hover,
#modal,
.ui-sortable li,
.required .autocomplete,
.autocomplete .notice,
.system .intro,
.comment_error,
.kudos_error,
div.dynamic,
.dynamic form,
#ui-datepicker-div,
.ui-datepicker table {
background: #191919;
color: #eee;
border-color: #222;
outline: #111;
box-shadow: none;
}
#header .actions a:hover,
#header .actions a:focus,
#header .dropdown:hover a,
#header .open a,
#header .menu,
#small_login,
.group.listbox,
fieldset fieldset.listbox,
.listbox,
form blockquote.userstuff,
input:focus,
textarea:focus,
li.relationships a,
.group.listbox .index,
.dashboard fieldset fieldset.listbox .index,
#dashboard a:hover,
th,
#dashboard .secondary,
.secondary,
.thread .even,
.system .tweet_list li,
.ui-datepicker tr:hover {
background: #2A2A2A;
}
a,
a.tag,
a:link,
#header a:visited,
#header .primary .open a,
#header .primary .dropdown:hover a,
#header #search input:focus,
#header #search input:hover,
.userstuff h2,
#dashboard a,
#dashboard span,
#dashboard .current,
.group .heading,
.filters dt a:hover {
color: #fff;
}
#header .dropdown .menu a:hover,
#header .dropdown .menu a:focus,
.splash .favorite li:nth-of-type(odd) a,
.ui-datepicker td:hover,
#tos_prompt .heading,
#tos_prompt [disabled] {
background: #111;
color: #ffe8b4;
}
#outer,
.javascript,
.statistics .index li:nth-of-type(even),
#tos_prompt,
.announcement input[type="submit"] {
background: #191919;
}
#dashboard ul,
dl.meta,
.group.listbox,
fieldset fieldset.listbox,
#main li.blurb,
form blockquote.userstuff,
div.comment,
li.comment,
.toggled form,
form dl dt,
form.single fieldset,
#inner .module .heading,
.bookmark .status span,
.splash .news li,
.filters .group dt.bookmarker {
border-color: #555;
}
.group.listbox,
fieldset fieldset.listbox,
#main li.blurb,
.wrapper,
#dashboard .secondary,
.secondary,
form blockquote.userstuff,
.thread .comment,
.toggled form {
box-shadow: 1px 1px 3px #000;
}
#dashboard .current,
.actions a:active,
a.current,
.current a:visited,
span.unread,
.replied,
span.claimed,
dl.index dd,
.own,
.draft,
.draft .unread,
.child,
.unwrangled,
.unreviewed,
.ui-sortable li:hover {
background: #000;
border-color: #555;
box-shadow: -1px -1px 3px #000;
}
input,
textarea {
box-shadow: inset 0 1px 2px #000;
}
li.blurb,
.blurb .blurb,
.listbox .index,
fieldset fieldset.listbox,
.dashboard .listbox .index {
box-shadow: inset 1px 1px 3px #000;
}
#footer a:hover,
#footer a:focus,
.autocomplete .dropdown ul li:hover,
.autocomplete .dropdown li.selected,
a.tag:hover,
.listbox .heading a.tag:visited:hover,
.symbol .question {
background: #ffedc5;
border-color: #988352;
color: #111;
}
#header #greeting img,
#header .user a:hover,
#header .user a:focus,
#header fieldset,
#header form,
#header p,
#dashboard a:hover,
.actions a:hover,
.actions input:hover,
.delete a,
span.delete,
span.unread,
.replied,
span.claimed,
.draggable,
.droppable,
span.requested,
a.work,
.blurb h4 a:link,
.blurb h4 img,
.splash .module h3,
.splash .browse li a:before,
.required,
.error,
.comment_error,
.kudos_error,
a.cloud7,
a.cloud8,
#tos_prompt .heading {
color: #ffe8b4;
}
#greeting .icon,
#dashboard,
#dashboard.own,
.error,
.comment_error,
.kudos_error,
.LV_invalid,
.LV_invalid_field,
input.LV_invalid_field:hover,
input.LV_invalid_field:active,
textarea.LV_invalid_field:hover,
textarea.LV_invalid_field:active,
.qtip-content {
border-color: #8a1a10;
}
.splash .favorite li:nth-of-type(odd) a:hover,
.splash .favorite li:nth-of-type(odd) a:focus .splash .favorite li:nth-of-type(odd) a:visited:hover,
.splash .favorite li:nth-of-type(odd) a:visited:focus {
background: #ffe8b4;
color: #111;
}
a:visited,
.actions a:visited,
.action a:link,
.action a:visited,
.listbox .heading a:visited,
span.series .divider {
color: #999;
}
.actions a,
.actions a:link,
.action,
.action:link,
.actions input,
input[type="submit"],
button,
.current,
.actions label,
#header .actions a,
#outer .current {
background: #555;
border-color: #222;
color: #eee;
box-shadow: inset 0 -8px 4px #232323, inset 0 8px 7px #555;
text-shadow: none;
}
.actions a:hover,
.actions input:hover,
#dashboard a:hover,
.actions a:focus,
.actions input:focus,
#dashboard a:focus,
.actions .disabled select {
color: #999;
border-color: #000;
box-shadow: inset 2px 2px 2px #000;
}
.actions a:active,
.current,
a.current,
.current a:visited {
color: #fff;
background: #555;
border-color: #fff;
box-shadow: inset 1px 1px 3px #191919;
}
.delete a,
span.delete {
box-shadow: -1px -1px 2px rgba(255,255,255.25);
}
.actions label.disabled {
background: #222;
box-shadow: none;
}
ul.required-tags,
.bookmark .status span,
.blurb .icon {
opacity: 0.9;
border: 0;
}
#outer .group .heading,
#header .actions a,
fieldset.listbox .heading,
.userstuff .heading {
text-shadow: none;
color: #fff;
background: none;
}
#header .actions a,
fieldset fieldset,
.mce-container button,
.filters .expander,
.actions .disabled select {
box-shadow: none;
}
fieldset fieldset.listbox {
outline: none;
}
form dd.required {
color: #eee;
}
.mce-container input:focus {
background: #F3EFEC;
}
.announcement .userstuff a,
.announcement .userstuff a:link,
.announcement .userstuff a:visited:hover {
color: #111;
}
.announcement .userstuff a:visited {
color: #666;
}
.announcement .userstuff a:hover,
.announcement .userstuff a:focus {
color: #999;
}
.event.announcement .userstuff a,
.filters .expander {
color: #eee;
}

52
systems/artemision/configuration.nix
View File

@ -6,18 +6,17 @@
}: }:
{ {
imports = [ imports = [
./audio.nix
./desktop.nix
./fingerprint.nix
./fonts.nix
./graphics.nix
./libvirt.nix
./polkit.nix
./programs.nix ./programs.nix
./steam.nix ./desktop.nix
./stylix.nix
./wifi.nix ./wifi.nix
./zerotier.nix ./zerotier.nix
./fonts.nix
./polkit.nix
./audio.nix
./fingerprint.nix
./steam.nix
./graphics.nix
./libvirt.nix
]; ];
time.timeZone = "America/New_York"; time.timeZone = "America/New_York";
@ -32,7 +31,7 @@
}; };
boot = { boot = {
#kernelPackages = lib.mkForce pkgs.linuxPackages_6_6; kernelPackages = lib.mkForce pkgs.linuxPackages_zen;
useSystemdBoot = true; useSystemdBoot = true;
default = true; default = true;
}; };
@ -45,7 +44,6 @@
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
services = { services = {
flatpak.enable = true;
calibre-web = { calibre-web = {
enable = true; enable = true;
listen = { listen = {
@ -75,7 +73,18 @@
fprintd.enable = lib.mkForce false; fprintd.enable = lib.mkForce false;
openssh.enable = lib.mkForce false; openssh.enable = lib.mkForce false;
adev.yubikey = { spotifyd = {
enable = true;
settings = {
global = {
username = "snowinginwonderland@gmail.com";
password_cmd = "cat ${config.sops.secrets."apps/spotify".path}";
use_mpris = false;
};
};
#systemd.services.spotifyd.serviceConfig = systemd.services.spotifyd.
};
rad-dev.yubikey = {
enable = true; enable = true;
enable-desktop-app = true; enable-desktop-app = true;
}; };
@ -83,22 +92,19 @@
users.users.alice.extraGroups = [ "calibre-web" ]; users.users.alice.extraGroups = [ "calibre-web" ];
system.autoUpgrade.enable = false;
system.stateVersion = "24.05"; system.stateVersion = "24.05";
programs.adb.enable = true; programs.adb.enable = true;
environment.variables = {
"KWIN_DRM_NO_DIRECT_SCANOUT" = "1";
};
sops = { sops = {
defaultSopsFile = ./secrets.yaml; defaultSopsFile = ./secrets.yaml;
#secrets = { secrets = {
# "apps/spotify" = { "apps/spotify" = {
# group = "audio"; group = "audio";
# restartUnits = [ "spotifyd.service" ]; restartUnits = [ "spotifyd.service" ];
# mode = "0440"; mode = "0440";
# }; };
#}; };
}; };
} }

1
systems/artemision/default.nix
View File

@ -7,7 +7,6 @@
users = [ "alice" ]; users = [ "alice" ];
modules = [ modules = [
inputs.nixos-hardware.nixosModules.framework-16-7040-amd inputs.nixos-hardware.nixosModules.framework-16-7040-amd
inputs.stylix.nixosModules.stylix
{ {
environment.systemPackages = [ environment.systemPackages = [
inputs.wired-notify.packages.x86_64-linux.default inputs.wired-notify.packages.x86_64-linux.default

9
systems/artemision/desktop.nix
View File

@ -7,9 +7,7 @@
hyprland = { hyprland = {
enable = true; enable = true;
xwayland.enable = true; xwayland.enable = true;
withUWSM = true;
}; };
hyprlock.enable = true;
gnupg.agent = { gnupg.agent = {
enable = true; enable = true;
#pinentryPackage = pkgs.pinentry-rofi; #pinentryPackage = pkgs.pinentry-rofi;
@ -56,13 +54,6 @@
}; };
}; };
powerManagement = {
enable = true;
resumeCommands = ''
${pkgs.hyprlock}/bin/hyprlock -c /home/alice/.config/hypr/hyprlock.conf
'';
};
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
libsForQt5.qt5.qtwayland libsForQt5.qt5.qtwayland
qt6.qtwayland qt6.qtwayland

18
systems/artemision/fonts.nix
View File

@ -3,13 +3,17 @@
fonts = { fonts = {
fontconfig.enable = true; fontconfig.enable = true;
enableDefaultPackages = true; enableDefaultPackages = true;
packages = with pkgs.nerd-fonts; [ packages = with pkgs; [
fira-code (nerdfonts.override {
droid-sans-mono fonts = [
hack "FiraCode"
dejavu-sans-mono "DroidSansMono"
noto "Hack"
open-dyslexic "DejaVuSansMono"
"Noto"
"OpenDyslexic"
];
})
]; ];
}; };
} }

2
systems/artemision/hardware.nix
View File

@ -86,7 +86,7 @@
}; };
}; };
swapDevices = [ { device = "/dev/disk/by-uuid/3ec276b5-9088-45b0-9cb4-60812f2d1a73"; } ]; swapDevices = [ { device = "/dev/disk/by-uuid/7f0dba0f-d04e-4c94-9fba-1d0811673df1"; } ];
boot.initrd.luks.devices = { boot.initrd.luks.devices = {
"nixos-pv" = { "nixos-pv" = {

24
systems/artemision/programs.nix
View File

@ -3,7 +3,6 @@
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
act act
alacritty alacritty
attic-client
amdgpu_top amdgpu_top
bat bat
bitwarden-cli bitwarden-cli
@ -13,12 +12,12 @@
calibre calibre
# calibre dedrm? # calibre dedrm?
candy-icons candy-icons
chromium nemo-with-extensions
chromedriver
croc croc
deadnix deadnix
direnv direnv
easyeffects discord
discord-canary
eza eza
fanficfare fanficfare
ferium ferium
@ -30,29 +29,25 @@
glances glances
gpu-viewer gpu-viewer
grim grim
helvum
htop htop
hwloc hwloc
ipmiview ipmiview
iperf3 iperf3
# ipscan ipscan
jp2a jp2a
jq jq
kdePackages.kdenlive kdenlive
kitty kitty
kubectl kubectl
kubernetes-helm kubernetes-helm
libreoffice-fresh
libtool libtool
lsof lsof
lynis lynis
masterpdfeditor4 masterpdfeditor4
minikube minikube
mons mons
mpv
# nbt explorer? # nbt explorer?
ncdu ncdu
nemo-with-extensions
neofetch neofetch
neovim neovim
nix-init nix-init
@ -62,7 +57,6 @@
nixpkgs-fmt nixpkgs-fmt
nmap nmap
obs-studio obs-studio
obsidian
ocrmypdf ocrmypdf
pciutils pciutils
#disabled until wxpython compat with python3.12 #disabled until wxpython compat with python3.12
@ -70,14 +64,12 @@
prismlauncher prismlauncher
protonmail-bridge protonmail-bridge
protontricks protontricks
proxychains
qrencode qrencode
redshift redshift
restic restic
ripgrep ripgrep
rpi-imager rpi-imager
rofi-wayland rofi-wayland
samba
signal-desktop signal-desktop
# signal in tray? # signal in tray?
siji siji
@ -97,18 +89,18 @@
tig tig
tokei tokei
tree tree
unipicker
unzip unzip
unipicker
uutils-coreutils-noprefix uutils-coreutils-noprefix
ventoy ventoy
vesktop
vscode vscode
watchman watchman
wget wget
wl-clipboard wl-clipboard
yq xboxdrv
yt-dlp yt-dlp
zoom-us zoom-us
zoxide zoxide
zoom
]; ];
} }

52
systems/artemision/secrets.yaml
View File

@ -1,17 +1,17 @@
hello: ENC[AES256_GCM,data:BTCBuBxHFO8vwXU/bsAZryM5rXUOEi0brlvq6DtqfZbzxGz4LaW89VO75MERHQ==,iv:fwqI3arwtlZQ5DtvpVbh21ThuZP8zcqCHsmuJuCfCsY=,tag:tkkEO8/eEDCakdlT0NvajA==,type:str] hello: ENC[AES256_GCM,data:UJlsd5kvnhEv7eJeYwg+NHm9sgUAxYM5DoR0gDPLi9J7P+8FI8WPMkN1wEAHJA==,iv:NFSdZQ1OK4BT+EAGZz122NB7WrVCEzv4wwMxFIE/OKI=,tag:6YT7Vw8tFrw9iEFKxeKRFQ==,type:str]
example_key: ENC[AES256_GCM,data:xzsymSb4oD70twtoKQ==,iv:9vBmAKET2VIuDSq7AOyvdYWLGlL6cYHTWxy/Z5bB1+c=,tag:NbV4eA2aaY4cQAKUy3QOpw==,type:str] example_key: ENC[AES256_GCM,data:KMXgMrqe7M101ZMJ2g==,iv:MJ3Iiu/0KIVhPFnqfovysqvPJAv1OsnxE4VIsuexFkE=,tag:X6KIKNGym8/9VglmG3SNRw==,type:str]
#ENC[AES256_GCM,data:zeOCzRd/nFRhbANHxPyyjw==,iv:9MmHl3OyhJHVU+cUFJ4QitHd4SeDe3ctaky+yfvk8Zs=,tag:uPGRJtgQj1vIdLt2+w0krg==,type:comment] #ENC[AES256_GCM,data:QR3WNE/a1hZIXnTjFjK3kA==,iv:eXoZJ5rQaYqN7LjEp2M13OCMwuQ+80M5AXjV0uNc4C8=,tag:sCvL6pr9zAyWZziffVFMzg==,type:comment]
example_array: example_array:
- ENC[AES256_GCM,data:Nwn96XJv8xZWRYv8qws=,iv:K30LBMC8e1vUS0XE+4EIYb3xUUyn6232YmhV2vI9Qnc=,tag:HRe3S88zwj/CjG6NTvjdRQ==,type:str] - ENC[AES256_GCM,data:g8PulCLrXZYSEdZJELE=,iv:irGwciFn1zXBxFpGAJtD46EQLGUO5oqdCzRgv1204JE=,tag:2MuDdRYMjhtTY++lPuj1FQ==,type:str]
- ENC[AES256_GCM,data:l2nuwoAbwaDFHpEWV1Y=,iv:7/2rTd8agUvx73eftpOgidV4XjDUv/JppLIIsiuycnU=,tag:Ohi4JULWDNXJPWZaeXHEdw==,type:str] - ENC[AES256_GCM,data:qv7GvmoOX8VSdaiW/90=,iv:6NOWeWqHUV9ciKPmZF4C7ijuIPFr3YZi3Dh7xWnb07k=,tag:VHXdBhWmEpb7uavCPqGZ4w==,type:str]
example_number: ENC[AES256_GCM,data:toi1e/biUd2Tng==,iv:MPCfhhX9DDaOSzx/L5LTf2VYffin8XvxVyhNDqZLsec=,tag:tE/lml3afP/NjRtpPraoRQ==,type:float] example_number: ENC[AES256_GCM,data:g8BIEIcwKRLSbw==,iv:Ay4aiukAvXeDhzlpMPn++zR0Tt2lMqCx362uN37S+ac=,tag:NTtNaIu5u8YsIm0M4OgL0A==,type:float]
example_booleans: example_booleans:
- ENC[AES256_GCM,data:02CVNA==,iv:L9GmIm9ynm2cWTyd3iYo4fgIeneUyFpEzzzxicM/YNI=,tag:k2EIboiL+c4W1H2OpA2Rqw==,type:bool] - ENC[AES256_GCM,data:94T9mg==,iv:qKGJke4SGhgN09Yebh5MPrRBDNnguJQ+1dl5XQffGZQ=,tag:0Pa3eujmSxDCnAHKHsx6yQ==,type:bool]
- ENC[AES256_GCM,data:6SJ0JKI=,iv:J0qSvWoOcDwSXCKyau+a0YcCGuH5WABHVh6Kdigac20=,tag:WQdNfjcubbzoHnQW4gua8g==,type:bool] - ENC[AES256_GCM,data:gEvfi+Q=,iv:0DrXoZk8OkdUShc7WAKOL8xG26RFZp3M3qYFAb1hDAs=,tag:uemBrdF87nrfLpfnQ8bD8g==,type:bool]
apps: apps:
spotify: ENC[AES256_GCM,data:tIABPphA7Vr6VNvJpWTS9kDmidU=,iv:ciQzr8jyIcHYi797NKypPs7FhDgK5ToVZ0eZHHF8UtE=,tag:wUTL/x1p24cXyPUAL1dPfg==,type:str] spotify: ENC[AES256_GCM,data:bp1pdOfS+VGWLtepUjg7KFWw8Fk=,iv:twGO3CjzRxAU81C93mX8qIEZ/FYIQRJnMd2HIuvP9q8=,tag:AJgs0QGFH30E8+ZpaB02TQ==,type:str]
wifi-env: ENC[AES256_GCM,data:G+z+fURk4rT61I5BiFzEJJt35jywPNrGpn1QGNhjvxrqPQ/Sq/hIHmQo+bqe9yJeDgMX3RY4EaiZxFTJyxPfW1czjuMSj3vbTp0WcDmGvUJ7li2pX2pzolgly4qmgoOluGBeRZWVLLOZYFB2+kLRMJNNz/bP5k2Eq6O4+l4sljPM+abn9iz9Eh46rVOVRkmDzCltJrYiuBSiSPhTDRTP2+gUbgbaUJTkVrVLUBHg3QU6az6VPN8DPZxbx4LtdaIb93pI,iv:uUfJK/iPdyLP7LqZJolTGGTxaEzlJI59bUVNcB1etkU=,tag:tvXSXSW1MIhLJceEK1afuw==,type:str] wifi-env: ENC[AES256_GCM,data:6+fHf25fx/PuutOXhMZqx2JVVSDTW7fQU8XOCc2vyUpg7HiRpOKFu5PIZoJQexvJoBNNciiQkju17+xuxnQ48dsRgsdS+wfH86Af55MfqDjG1el/htEOER9f9sTpMwGjIKD1zalkMp7oX17UlIqiCQg7HfcZFb8T4eHzu9w48umiC3WpwlKLykF5W600gYbXx1E1FjwgCwxJ1zRmBTXoz6WHvQ==,iv:DmUyn3/Q7jwqHrK7wSCqIRO1jJsOHNbmG6a/l1YdMmQ=,tag:S3CtTdFyn2Lg5nGlHVU66g==,type:str]
#ENC[AES256_GCM,data:G9ggYJ3YA+E=,iv:nZ5NgeyNKFXFIpquoY68Z2Jz9QROqvf5tv7/s1wSgKk=,tag:QAX555IsAMaWAlz9ywSzjQ==,type:comment] #ENC[AES256_GCM,data:pC2Kdy7wNc0=,iv:J7Ggfv6K3dCzL42j5MGd+BjQGseoAoYs4k6+yc3FSiA=,tag:9MriduP9SEIi+c1q4tfzlQ==,type:comment]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -21,26 +21,26 @@ sops:
- recipient: age1jd2dcpykagz20kpk2kkchte3augqncwfn6nywursx0dkfyze6feqdzxkq2 - recipient: age1jd2dcpykagz20kpk2kkchte3augqncwfn6nywursx0dkfyze6feqdzxkq2
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWbElNRkxyZ2VjaitiTWx2 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGZC9aczBZekVGMVRBYlFV
eThsY0h3a2NCZDloWG0rU1ZwVnhOY2VJTXlFCnp3UzNDR216L2R4cVdyWjFqbkRr MUpDZFFPRTIzL1hpR25vd2pjZzJnRE12TkhRCjdiV3VxVnJpL2l2OU1rNVE3K2kv
cFJGQjQ4Qk9zblYyckVFY3VNekNuajQKLS0tIEdRWldHMjlpTElxQWFVUlh4L1lz akF1UFNtdDFYdUNIMjVwWitOUDJ1UUEKLS0tIFJkSGU1MC90ZlM0TXJOeWlWTnJT
d09aSXN0ZUh3VC9XeTZ4UWoxVDNVN0UKF1eU/IQJgJ8Fg+MrfqQuEZZ775hvtUJR RFVEMjg4bjd4SUF2SjVWZVNDWlpiR1EKmWM9G8/vb1+GX4zGiIj/So4apfi3wzyp
D/ZS4vj+sDLWq6gy2lIBhRSIAHWrz5gHxvOOGmRnpvkqh9TS6XjLIA== yGi0T3fen3jzfU38xFZ25Tn0pDTQaSG7PkVKQn9YBJ4pGb9JDPfTjw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-28T18:57:09Z" lastmodified: "2024-09-20T13:52:31Z"
mac: ENC[AES256_GCM,data:hKhAo7rDplLm19PlrKHQwxnDVXCMU/xpAxPALLDBa0M3yypy2QVD6c6Atn897tYRKf7oeLaUKqnUYdCcZ9gVgm37LS+GtRhf66zfvcKqhZF8wh3M0zTDPYpQDhex0N4BAJ/dcaYIbxqE9pEUxJOI5jip/hptaCJItTEe7oARcF4=,iv:EUayxLaOPcnWX+S9+RlHrxzJRLlSSLIwqbAq3fFI4yg=,tag:LiBsqIodTWamO+c8FqGBag==,type:str] mac: ENC[AES256_GCM,data:IT/GEdJtQHSjzVRdIBIRq1y0Lby4k6gGVDfeg3/bjdDNWkPCnGOc5Uerz3TJ95M3oKMgFiQW2Sa4m/8QX9qhtVfH7gleMhJbzkz1DGKozoCxqWX71BBfiwcAuLG1fzDwfpT4DcRK1ppfC/9kMZ3g7r9Ug6EceXUKXP3uaUgfNjg=,iv:WpEhLffmICyR7bbe0cnT9fjqyL59gVxumz/lsE3oBfU=,tag:k0GSSZeQC9bJ1TWRwhaGQA==,type:str]
pgp: pgp:
- created_at: "2024-11-28T18:57:09Z" - created_at: "2024-09-05T06:10:45Z"
enc: |- enc: |-
-----BEGIN PGP MESSAGE----- -----BEGIN PGP MESSAGE-----
hF4DQWNzDMjrP2ISAQdALiZMzuQViM23hoFebCXYfQUIvCluWqAEeSJyE/LRHG8w hF4DQWNzDMjrP2ISAQdAVPGTjbrJcO6UTQ9bYOqiVqJMehxGkfNMtgnQQL36mQsw
nQnIVPRIbzLzWfCf+48EW6f7zonHmNY7D9F9KohDmCTcJ5/WvXsJKjebuohR62TF CznpGVos/aNWRKmt0nkfjHuI0y71foFWt7BB/acKspE5YUu831wgrRbB8TyN69DK
1GYBCQIQq7nEvwSfn+l5AevKIiodA4BLfM326JSx5hJ6XdrE0MzZo1uoMwKKuxig 1GgBCQIQjanvxCPgcaSWLqw2oXXPzTJ1PRJc2UA4kayYIzvOUP9QBoEruDki0GVi
mPbDP8Rx51v9f+9DzjBg6kQD5w411HADL8th+wSkpmasP8ozIeiNiIKzzoJc/fD6 5n+ZiGGtvx7bihZ1WeJiHcOArPr3xrrrPv6nuAxP05HbSRYhaAU79eOTT1p7MtSO
AOsExCUt8FU= A0BHgVYuL00FHg==
=wRT+ =Luz2
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: 5EFFB75F7C9B74EAA5C4637547940175096C1330 fp: 5EFFB75F7C9B74EAA5C4637547940175096C1330
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.1 version: 3.9.0

5
systems/artemision/steam.nix
View File

@ -4,10 +4,7 @@
environment.systemPackages = [ pkgs.steam-run ]; environment.systemPackages = [ pkgs.steam-run ];
hardware.steam-hardware.enable = true; hardware.steam-hardware.enable = true;
programs = { programs = {
gamescope = { gamescope.enable = true;
enable = true;
capSysNice = true;
};
steam = { steam = {
enable = true; enable = true;
remotePlay.openFirewall = true; remotePlay.openFirewall = true;

16
systems/artemision/stylix.nix
View File

@ -1,16 +0,0 @@
{ pkgs, ... }:
# let
# randWallpaper = pkgs.runCommand "stylix-wallpaper" { } ''
# numWallpapers =
# $((1 + $RANDOM % 10))
# in
{
stylix = {
enable = true;
image = "${pkgs.hyprland}/share/hypr/wall2.png";
#image = "/home/alice/Pictures/Screenshots/screenshot_2024-12-04-2030.png";
polarity = "dark";
};
}

1
systems/artemision/wifi.nix
View File

@ -23,7 +23,6 @@ in
"5HuFios".pskRaw = "ext:PASS_longboat_home"; "5HuFios".pskRaw = "ext:PASS_longboat_home";
"24HuFios".pskRaw = "ext:PASS_longboat_home"; "24HuFios".pskRaw = "ext:PASS_longboat_home";
"Verizon_ZLHQ3H".pskRaw = "ext:PASS_angie"; "Verizon_ZLHQ3H".pskRaw = "ext:PASS_angie";
"Fios-Qn3RB".pskRaw = "ext:PASS_parkridge";
"optimumwifi" = { }; "optimumwifi" = { };
"CableWiFi" = { }; "CableWiFi" = { };
"JPMCVisitor" = { }; "JPMCVisitor" = { };

43
systems/palatine-hill/acme.nix
View File

@ -1,43 +0,0 @@
{
config,
lib,
pkgs,
outputs,
...
}:
{
security.acme = {
acceptTerms = true;
defaults.email = "aliceghuston@gmail.com";
certs."nayeonie.com" = {
dnsProvider = "dnsimple";
environmentFile = config.sops.secrets."acme/dnsimple".path;
dnsPropagationCheck = false;
group = "haproxy";
extraDomainNames = [
"*.nayeonie.com"
# "alicehuston.xyz"
# "*.alicehuston.xyz"
];
};
};
systemd.services."acme-nayeonie.com.service".path = lib.mkForce (
with pkgs;
[
coreutils
diffutils
openssl
]
++ [
outputs.packages.x86_64-linux.lego-latest
]
);
sops.secrets = {
"acme/dnsimple" = {
owner = "root";
};
};
}

26
systems/palatine-hill/attic/default.nix
View File

@ -8,18 +8,34 @@
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
attic-client attic-client
attic
]; ];
services = { services = {
postgresql = {
enable = true;
ensureDatabases = [ "atticd" ];
ensureUsers = [
{
name = "atticd";
ensureDBOwnership = true;
}
];
upgrade = {
enable = true;
stopServices = [ "atticd" ];
};
};
atticd = { atticd = {
enable = true; enable = true;
environmentFile = config.sops.secrets."attic/secret-key".path; credentialsFile = config.sops.secrets."attic/secret-key".path;
settings = { settings = {
listen = "[::]:8183"; listen = "[::]:8183";
allowed-hosts = [ "attic.nayeonie.com" ]; allowed-hosts = [ "attic.alicehuston.xyz" ];
api-endpoint = "https://attic.nayeonie.com/"; api-endpoint = "https://attic.alicehuston.xyz";
compression.type = "none"; # let ZFS do the compressing compression.type = "none"; # let ZFS do the compressing
database = { database = {
url = "postgres://atticd?host=/run/postgresql"; url = "postgres://atticd?host=/run/postgresql";
@ -32,7 +48,7 @@
type = "s3"; type = "s3";
region = "us-east-1"; region = "us-east-1";
bucket = "cache-nix-dot"; bucket = "cache-nix-dot";
endpoint = "https://minio.nayeonie.com"; endpoint = "https://minio.alicehuston.xyz";
}; };
# Warning: If you change any of the values here, it will be # Warning: If you change any of the values here, it will be
@ -80,7 +96,7 @@
serviceConfig = { serviceConfig = {
User = "root"; User = "root";
Restart = "always"; Restart = "always";
ExecStart = "${pkgs.attic-client}/bin/attic watch-store nix-cache"; ExecStart = "${pkgs.attic}/bin/attic watch-store cache-nix-dot";
}; };
}; };
attic-sync-hydra = { attic-sync-hydra = {

2
systems/palatine-hill/attic/sync-attic.bash
View File

@ -6,5 +6,5 @@ sync_directories=(
) )
for dir in "${sync_directories[@]}"; do for dir in "${sync_directories[@]}"; do
find "$dir" -regex ".*\.drv$" -exec attic push nix-cache '{}' \; find "$dir" -regex ".*\.drv$" -exec attic push cache-nix-dot '{}' \;
done done

37
systems/palatine-hill/configuration.nix
View File

@ -6,19 +6,14 @@
}: }:
{ {
imports = [ imports = [
./acme.nix
./attic ./attic
./docker ./docker.nix
./gitea.nix
./firewall.nix
./haproxy ./haproxy
./hardware-changes.nix ./hardware-changes.nix
./hydra.nix ./hydra.nix
./minio.nix ./minio.nix
./networking.nix ./networking.nix
./nextcloud.nix ./nextcloud.nix
./postgresql.nix
./samba.nix
./zfs.nix ./zfs.nix
]; ];
@ -58,14 +53,10 @@
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
chromedriver
chromium
docker-compose docker-compose
intel-gpu-tools intel-gpu-tools
jellyfin-ffmpeg jellyfin-ffmpeg
jq jq
yt-dlp
yq
]; ];
services = { services = {
@ -73,8 +64,32 @@
nfs.server.enable = true; nfs.server.enable = true;
openssh.ports = [ 666 ]; openssh.ports = [ 666 ];
smartd.enable = true; smartd.enable = true;
calibre-server.enable = false;
postgresql = {
enable = true;
enableJIT = true;
identMap = ''
# ArbitraryMapName systemUser DBUser
superuser_map root postgres
superuser_map alice postgres
# Let other names login as themselves
superuser_map /^(.*)$ \1
'';
# initialScript = config.sops.secrets."postgres/init".path;
upgrade = {
enable = true;
stopServices = [
"hydra-evaluator"
"hydra-init"
"hydra-notify"
"hydra-queue-runner"
"hydra-send-stats"
"hydra-server"
];
};
};
}; };
nix.gc.options = "--delete-older-than 150d"; nix.gc.options = "--delete-older-than 150d";

4
systems/palatine-hill/default.nix
View File

@ -1,7 +1,5 @@
{ inputs, ... }: { inputs, ... }:
{ {
users = [ "alice" ]; users = [ "alice" ];
modules = [ modules = [ inputs.attic.nixosModules.atticd ];
# inputs.attic.nixosModules.atticd
];
} }

5
systems/palatine-hill/docker.nix Normal file
View File

@ -0,0 +1,5 @@
{ ... }:
{
virtualisation.docker.daemon.settings.data-root = "/var/lib/docker2";
}

112
systems/palatine-hill/docker/act-runner.nix
View File

@ -1,112 +0,0 @@
{
config,
...
}:
let
vars = import ../vars.nix;
act_path = vars.primary_act;
act_config_path = ./act_config.yaml;
in
{
virtualisation.oci-containers.containers = {
act-stable-latest-main = {
image = "gitea/act_runner:latest";
extraOptions = [
"--stop-signal=SIGINT"
];
labels = {
"com.centurylinklabs.watchtower.enable" = "true";
"com.centurylinklabs.watchtower.scope" = "act-runner";
};
ports = [ "8088:8088" ];
volumes = [
"${act_config_path}:/config.yaml"
"${act_path}/stable-latest-main/data:/data"
"/var/run/docker.sock:/var/run/docker.sock"
];
environment = {
CONFIG_FILE = "/config.yaml";
GITEA_RUNNER_NAME = "stable-latest-main";
};
environmentFiles = [ config.sops.secrets."docker/act-runner".path ];
log-driver = "local";
};
act-stable-latest-1 = {
image = "gitea/act_runner:latest";
extraOptions = [
"--stop-signal=SIGINT"
];
labels = {
"com.centurylinklabs.watchtower.enable" = "true";
"com.centurylinklabs.watchtower.scope" = "act-runner";
};
volumes = [
"${./act_config.yaml}:/config.yaml"
"${act_path}/stable-latest-1/data:/data"
"/var/run/docker.sock:/var/run/docker.sock"
];
environment = {
CONFIG_FILE = "/config.yaml";
GITEA_RUNNER_NAME = "stable-latest-1";
};
environmentFiles = [ config.sops.secrets."docker/act-runner".path ];
log-driver = "local";
};
act-stable-latest-2 = {
image = "gitea/act_runner:latest";
extraOptions = [
"--stop-signal=SIGINT"
];
labels = {
"com.centurylinklabs.watchtower.enable" = "true";
"com.centurylinklabs.watchtower.scope" = "act-runner";
};
volumes = [
"${act_config_path}:/config.yaml"
"${act_path}/stable-latest-2/data:/data"
"/var/run/docker.sock:/var/run/docker.sock"
];
environment = {
CONFIG_FILE = "/config.yaml";
GITEA_RUNNER_NAME = "stable-latest-2";
};
environmentFiles = [ config.sops.secrets."docker/act-runner".path ];
log-driver = "local";
};
};
systemd = {
timers."custom-watchtower@act-runner" = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "20m";
OnUnitActiveSec = "5m";
Unit = "custom-watchtower@act-runner.service";
};
};
services."custom-watchtower@act-runner" = {
bindsTo = [ "docker.service" ];
after = [ "docker.service" ];
description = "a watchtower-esque script for systemd-based oci-containers";
serviceConfig = {
Type = "oneshot";
User = "root";
ExecStart = "${config.nix.package}/bin/nix ${./watchtower.bash} 'com.centurylinklabs.watchtower.scope' 'act-runner'";
};
};
};
sops.secrets = {
"docker/act-runner" = {
owner = "root";
restartUnits = [
"docker-act-stable-latest-main.service"
"docker-act-stable-latest-1.service"
"docker-act-stable-latest-2.service"
];
};
};
}

95
systems/palatine-hill/docker/act_config.yaml
View File

@ -1,95 +0,0 @@
# Example configuration file, it's safe to copy this as the default config file without any modification.
# You don't have to copy this file to your instance,
# just run `./act_runner generate-config > config.yaml` to generate a config file.
log:
# The level of logging, can be trace, debug, info, warn, error, fatal
level: debug
runner:
# Where to store the registration result.
file: .runner
# Execute how many tasks concurrently at the same time.
capacity: 1
# Extra environment variables to run jobs.
envs:
A_TEST_ENV_NAME_1: a_test_env_value_1
A_TEST_ENV_NAME_2: a_test_env_value_2
# Extra environment variables to run jobs from a file.
# It will be ignored if it's empty or the file doesn't exist.
env_file: .env
# The timeout for a job to be finished.
# Please note that the Gitea instance also has a timeout (3h by default) for the job.
# So the job could be stopped by the Gitea instance if it's timeout is shorter than this.
timeout: 3h
# The timeout for the runner to wait for running jobs to finish when shutting down.
# Any running jobs that haven't finished after this timeout will be cancelled.
shutdown_timeout: 30m
# Whether skip verifying the TLS certificate of the Gitea instance.
insecure: false
# The timeout for fetching the job from the Gitea instance.
fetch_timeout: 5s
# The interval for fetching the job from the Gitea instance.
fetch_interval: 2s
# The labels of a runner are used to determine which jobs the runner can run, and how to run them.
# Like: "macos-arm64:host" or "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
# Find more images provided by Gitea at https://gitea.com/gitea/runner-images .
# If it's empty when registering, it will ask for inputting labels.
# If it's empty when execute `daemon`, will use labels in `.runner` file.
labels:
- "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
- "ubuntu-22.04:docker://gitea/runner-images:ubuntu-22.04"
- "ubuntu-20.04:docker://gitea/runner-images:ubuntu-20.04"
#cache:
# Enable cache server to use actions/cache.
#enabled: true
# The directory to store the cache data.
# If it's empty, the cache data will be stored in $HOME/.cache/actcache.
#dir: ""
# The host of the cache server.
# It's not for the address to listen, but the address to connect from job containers.
# So 0.0.0.0 is a bad choice, leave it empty to detect automatically.
#host: ""
# The port of the cache server.
# 0 means to use a random available port.
#port: 0
# The external cache server URL. Valid only when enable is true.
# If it's specified, act_runner will use this URL as the ACTIONS_CACHE_URL rather than start a server by itself.
# The URL should generally end with "/".
#external_server: ""
container:
# Specifies the network to which the container will connect.
# Could be host, bridge or the name of a custom network.
# If it's empty, act_runner will create a network automatically.
network: ""
# Whether to use privileged mode or not when launching task containers (privileged mode is required for Docker-in-Docker).
privileged: false
# And other options to be used when the container is started (eg, --add-host=my.gitea.url:host-gateway).
options:
# The parent directory of a job's working directory.
# NOTE: There is no need to add the first '/' of the path as act_runner will add it automatically.
# If the path starts with '/', the '/' will be trimmed.
# For example, if the parent directory is /path/to/my/dir, workdir_parent should be path/to/my/dir
# If it's empty, /workspace will be used.
workdir_parent:
# Volumes (including bind mounts) can be mounted to containers. Glob syntax is supported, see https://github.com/gobwas/glob
# You can specify multiple volumes. If the sequence is empty, no volumes can be mounted.
# For example, if you only allow containers to mount the `data` volume and all the json files in `/src`, you should change the config to:
# valid_volumes:
# - data
# - /src/*.json
# If you want to allow any volume, please use the following configuration:
# valid_volumes:
# - '**'
valid_volumes: []
# overrides the docker client host with the specified one.
# If it's empty, act_runner will find an available docker host automatically.
# If it's "-", act_runner will find an available docker host automatically, but the docker host won't be mounted to the job containers and service containers.
# If it's not empty or "-", the specified docker host will be used. An error will be returned if it doesn't work.
docker_host: ""
# Pull docker image(s) even if already present
force_pull: true
# Rebuild docker image(s) even if already present
force_rebuild: false
host:
# The parent directory of a job's working directory.
# If it's empty, $HOME/.cache/act/ will be used.
workdir_parent:

152
systems/palatine-hill/docker/archiveteam.nix
View File

@ -1,152 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
containers = {
archiveteam-imgur = {
image = "imgur-grab";
scale = 1;
};
archiveteam-telegram = {
image = "telegram-grab";
scale = 3;
};
archiveteam-reddit = {
image = "reddit-grab";
scale = 0;
};
archiveteam-dpreview = {
image = "dpreview-grab";
scale = 0;
};
archiveteam-issuu = {
image = "issuu-grab";
scale = 0;
};
archiveteam-urls = {
image = "urls-grab";
scale = 2;
};
archiveteam-urlteam = {
image = "terroroftinytown-client-grab";
scale = 2;
};
archiveteam-mediafire = {
image = "mediafire-grab";
scale = 1;
};
archiveteam-github = {
image = "github-grab";
scale = 1;
};
archiveteam-lineblog = {
image = "lineblog-grab";
scale = 0;
};
archiveteam-banciyuan = {
image = "banciyuan-grab";
scale = 0;
};
archiveteam-wysp = {
image = "wysp-grab";
scale = 0;
};
archiveteam-xuite = {
image = "xuite-grab";
scale = 0;
};
archiveteam-gfycat = {
image = "gfycat-grab";
scale = 0;
};
archiveteam-skyblog = {
image = "skyblog-grab";
scale = 0;
};
archiveteam-zowa = {
image = "zowa-grab";
scale = 0;
};
archiveteam-blogger = {
image = "blogger-grab";
scale = 1;
};
archiveteam-vbox7 = {
image = "vbox7-grab";
scale = 0;
};
archiveteam-pastebin = {
image = "pastebin-grab";
scale = 1;
};
archiveteam-youtube = {
image = "youtube-grab";
scale = 0;
};
archiveteam-deviantart = {
image = "deviantart-grab";
scale = 0;
};
archiveteam-postnews = {
image = "postnews-grab";
scale = 0;
};
archiveteam-askfm = {
image = "askfm-grab";
scale = 1;
};
archiveteam-mangz = {
image = "mangaz-grab";
scale = 1;
};
archiveteam-cohost = {
image = "cohost-grab";
scale = 1;
};
};
container-spec = container-name: container: {
image = "atdr.meo.ws/archiveteam/${container}:latest";
extraOptions = [
"--stop-signal=SIGINT"
];
labels = {
"com.centurylinklabs.watchtower.enable" = "true";
"com.centurylinklabs.watchtower.scope" = "archiveteam";
};
volumes = [ "${at_path}/${container-name}:/grab/data" ];
log-driver = "local";
cmd = lib.splitString " " "--concurrent 6 AmAnd0";
};
inherit (lib.adev.container-utils) createTemplatedContainers;
vars = import ../vars.nix;
at_path = vars.primary_archiveteam;
in
{
virtualisation.oci-containers.containers = createTemplatedContainers containers container-spec;
systemd = {
timers."custom-watchtower@archiveteam" = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "20m";
OnUnitActiveSec = "5m";
Unit = "custom-watchtower@archiveteam.service";
};
};
services."custom-watchtower@archiveteam" = {
bindsTo = [ "docker.service" ];
after = [ "docker.service" ];
description = "a watchtower-esque script for systemd-based oci-containers";
serviceConfig = {
Type = "oneshot";
User = "root";
ExecStart = "${config.nix.package}/bin/nix ${./watchtower.bash} 'com.centurylinklabs.watchtower.scope' 'archiveteam'";
};
};
};
}

32
systems/palatine-hill/docker/books.nix
View File

@ -1,32 +0,0 @@
{ ... }:
let
vars = import ../vars.nix;
docker_path = vars.primary_docker;
calibre_path = vars.primary_calibre;
in
{
virtualisation.oci-containers.containers = {
automated-ffdl-alice = {
image = "mrtyton/automated-ffdl:latest";
user = "600:100";
extraOptions = [ "--restart=unless-stopped" ];
environment = {
PUID = "600";
PGID = "100";
};
volumes = [
"${docker_path}/auto-fic/config:/config"
"${calibre_path}/ffdl-alice:/var/lib/calibre-server"
];
};
};
services.autopull = {
enable = true;
repo.FanFicFare-alice = {
enable = true;
path = /ZFS/ZFS-primary/calibre/ffdl-alice/config/FanFicFare;
};
};
}

79
systems/palatine-hill/docker/default.nix
View File

@ -1,79 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [
./act-runner.nix
# temp disable archiveteam for tiktok archiving
#./archiveteam.nix
# ./books.nix
#./firefly.nix
#./foundry.nix
./glances.nix
# ./haproxy.nix
./minecraft.nix
./nextcloud.nix
# ./postgres.nix
# ./restic.nix
./torr.nix
# ./unifi.nix
];
virtualisation.oci-containers.backend = "docker";
virtualisation.docker.daemon.settings = {
data-root = "/var/lib/docker2";
bip = "169.254.253.254/23";
fixed-cidr = "169.254.252.0/23";
default-address-pools = [
{
base = "169.254.2.0/23";
size = 28;
}
{
base = "169.254.4.0/22";
size = 28;
}
{
base = "169.254.8.0/21";
size = 28;
}
{
base = "169.254.16.0/20";
size = 28;
}
{
base = "169.254.32.0/19";
size = 28;
}
{
base = "169.254.64.0/18";
size = 28;
}
{
base = "169.254.128.0/18";
size = 28;
}
{
base = "169.254.192.0/19";
size = 28;
}
{
base = "169.254.224.0/20";
size = 28;
}
{
base = "169.254.240.0/21";
size = 28;
}
{
base = "169.254.248.0/22";
size = 28;
}
];
mtu = 9000;
};
}

25
systems/palatine-hill/docker/firefly.nix
View File

@ -1,25 +0,0 @@
{ ... }:
let
vars = import ../vars.nix;
ffiii_path = "${vars.primary_docker}/firefly-iii";
in
{
virtualisation.oci-containers.containers = {
firefly = {
image = "fireflyiii/core:latest";
extraOptions = [
"--network=firefly-iii_default"
"--network=postgres-net"
];
environmentFiles = [ "${ffiii_path}/.env" ];
ports = [ "4188:8080" ];
volumes = [ "${ffiii_path}/app/upload:/var/www/html/storage/upload" ];
};
fidi = {
image = "fireflyiii/data-importer:latest";
environmentFiles = [ "${ffiii_path}/.fidi.env" ];
ports = [ "4187:8080" ];
dependsOn = [ "firefly" ];
};
};
}

28
systems/palatine-hill/docker/foundry.nix
View File

@ -1,28 +0,0 @@
{ config, ... }:
let
vars = import ../vars.nix;
fvtt_path = "${vars.primary_games}/foundryvtt";
in
{
virtualisation.oci-containers.containers = {
foundryvtt = {
image = "felddy/foundryvtt:11";
hostname = "foundryvtt";
environment = {
#CONTAINER_PRESERVE_CONFIG= "true";
TIMEZONE = "America/New_York";
FOUNDRY_MINIFY_STATIC_FILES = "true";
};
environmentFiles = [ config.sops.secrets."docker/foundry".path ];
volumes = [ "${fvtt_path}:/data" ];
extraOptions = [
"--network=haproxy-net"
];
};
};
sops.secrets."docker/foundry" = {
owner = "docker-service";
restartUnits = [ "docker-foundryvtt.service" ];
};
}

24
systems/palatine-hill/docker/glances.nix
View File

@ -1,24 +0,0 @@
{ ... }:
let
vars = import ../vars.nix;
glances_path = "${vars.primary_docker}/glances";
in
{
virtualisation.oci-containers.containers = {
glances = {
image = "nicolargo/glances:latest-full";
extraOptions = [
"--pid=host"
"--network=haproxy-net"
];
volumes = [
"/var/run/docker.sock:/var/run/docker.sock"
"${glances_path}/glances.conf:/glances/conf/glances.conf"
];
environment = {
GLANCES_OPT = "-C /glances/conf/glances.conf -w";
};
};
};
}

207
systems/palatine-hill/docker/haproxy.cfg
View File

@ -1,207 +0,0 @@
global
# stats socket /var/run/api.sock user haproxy group haproxy mode 660 level admin expose-fd listeners
# log stdout format raw local0 info
log stdout format raw local0
crt-base /etc/ssl/certs/
maxconn 120000
defaults
log global
mode http
timeout client 2000m
timeout connect 200s
timeout server 2000m
timeout http-request 2000m
frontend stats # you can call this whatever you want
mode http
bind *:9000 # default port, but you can pick any port
stats enable # turns on stats module
stats refresh 10s # set auto-refresh rate
#Application Setup
frontend ContentSwitching
bind *:80
# bind *:443 ssl crt /etc/ssl/certs/cloudflare.pem
bind *:443 ssl crt /etc/ssl/certs/origin_ca_ecc_root_new.pem crt /var/lib/acme/nayeonie.com/full.pem strict-sni
mode http
option httplog
# max-age is mandatory
# 16000000 seconds is a bit more than 6 months
http-response set-header Strict-Transport-Security "max-age=16000000; includeSubDomains; preload;"
# Front-end acess control list
http-request return status 200 content-type text/plain lf-string "%[path,field(-1,/)].${ACCOUNT_THUMBPRINT}\n" if { path_beg '/.well-known/acme-challenge/' }
# Front-end acess control list
acl host_www hdr(host) -i www.alicehuston.xyz
acl host_www hdr(host) -i alicehuston.xyz
# acl host_ldapui hdr(host) -i authui.alicehuston.xyz
acl host_glances hdr(host) -i monit.alicehuston.xyz
acl host_glances hdr(host) -i glances.alicehuston.xyz
# acl host_foundry hdr(host) -i dnd.alicehuston.xyz
# acl host_netdata hdr(host) -i netdata.alicehuston.xyz
#acl host_terraria hdr(host) -i terraria.alicehuston.xyz
acl host_nextcloud hdr(host) -i nextcloud.alicehuston.xyz
acl host_nextcloud hdr(host) -i nayeonie.com
acl host_hydra hdr(host) -i hydra.alicehuston.xyz
acl host_attic hdr(host) -i attic.alicehuston.xyz
acl host_minio hdr(host) -i minio.alicehuston.xyz
acl host_minio_console hdr(host) -i minio-console.alicehuston.xyz
acl host_attic hdr(host) -i attic.nayeonie.com
acl host_minio hdr(host) -i minio.nayeonie.com
acl host_minio_console hdr(host) -i minio-console.nayeonie.com
#acl host_nextcloud_vol hdr(host) -i nextcloud-vol.alicehuston.xyz
# acl host_collabora hdr(host) -i collabora.alicehuston.xyz
acl host_prometheus hdr(host) -i prom.alicehuston.xyz
acl host_gitea hdr(host) -i git.alicehuston.xyz
acl host_gitea hdr(host) -i nayeonie.com
# Backend-forwarding
use_backend www_nodes if host_www
# use_backend ldapui_nodes if host_ldapui
use_backend glances_nodes if host_glances
use_backend foundry_nodes if host_foundry
# use_backend netdata_nodes if host_netdata
# use_backend terraria_nodes if host_terraria
use_backend nextcloud_nodes if host_nextcloud
use_backend hydra_nodes if host_hydra
use_backend attic_nodes if host_attic
#use_backend nextcloud_vol_nodes if host_nextcloud_vol
# use_backend collabora_nodes if host_collabora
use_backend prometheus_nodes if host_prometheus
use_backend minio_nodes if host_minio
use_backend minio_console_nodes if host_minio_console
use_backend gitea_nodes if host_gitea
#frontend ldap
# bind *:389
# bind *:636 ssl crt /etc/ssl/certs/cloudflare.pem
# mode tcp
# option tcplog
# acl host_ldap hdr(host) -i auth.alicehuston.xyz
# use_backend ldap_nodes if host_ldap
backend nextcloud_nodes
mode http
server server nextcloud:80
acl url_discovery path /.well-known/caldav /.well-known/carddav
http-request redirect location /remote.php/dav/ code 301 if url_discovery
acl h_xfh_exists req.hdr(X-Forwarded-Host) -m found
http-request set-header X-Forwarded-Host %[req.hdr(host)] unless h_xfh_exists
acl h_xfport_exists req.hdr(X-Forwarded-Port) -m found
http-request set-header X-Forwarded-Port %[dst_port] unless h_xfport_exists
acl h_xfproto_exists req.hdr(X-Forwarded-Proto) -m found
http-request set-header X-Forwarded-Proto http if !{ ssl_fc } !h_xfproto_exists
http-request set-header X-Forwarded-Proto https if { ssl_fc } !h_xfproto_exists
#backend nextcloud_nodes
# mode http
# server nxserver nextcloud:80
# acl url_discovery path /.well-known/caldav /.well-known/carddav
# http-request redirect location /remote.php/dav/ code 301 if url_discovery
# http-request set-header X-Forwarded-Host %[req.hdr(Host)]
#backend nextcloud_vol_nodes
# mode http
# server server nextcloud-vol:80
# acl url_discovery path /.well-known/caldav /.well-known/carddav
# http-request redirect location /remote.php/dav/ code 301 if url_discovery
# acl h_xfh_exists req.hdr(X-Forwarded-Host) -m found
# http-request set-header X-Forwarded-Host %[req.hdr(host)] unless h_xfh_exists
# acl h_xfport_exists req.hdr(X-Forwarded-Port) -m found
# http-request set-header X-Forwarded-Port %[dst_port] unless h_xfport_exists
# acl h_xfproto_exists req.hdr(X-Forwarded-Proto) -m found
# http-request set-header X-Forwarded-Proto http if !{ ssl_fc } !h_xfproto_exists
# http-request set-header X-Forwarded-Proto https if { ssl_fc } !h_xfproto_exists
#backend terraria_nodes
# mode http
# server server terraria:6526
#backend collabora_nodes
# mode http
# server server collabora:9980
backend www_nodes
mode http
server server grafana:3000
backend minio_nodes
mode http
server server 192.168.76.2:8500
# acl h_xfh_exists req.hdr(X-Forwarded-Host) -m found
# http-request set-header X-Forwarded-Host %[req.hdr(host)] unless h_xfh_exists
# acl h_xfport_exists req.hdr(X-Forwarded-Port) -m found
# http-request set-header X-Forwarded-Port %[dst_port] unless h_xfport_exists
# acl h_xfproto_exists req.hdr(X-Forwarded-Proto) -m found
# http-request set-header X-Forwarded-Proto http if !{ ssl_fc } !h_xfproto_exists
# http-request set-header X-Forwarded-Proto https if { ssl_fc } !h_xfproto_exists
backend minio_console_nodes
mode http
server server 192.168.76.2:8501
# backend foundry_nodes
# timeout tunnel 50s
# mode http
# server server foundryvtt:30000
#backend ldap_nodes
# mode tcp
# balance roundrobin
# option ldap-check
# server ldap1 192.168.76.2:1636 ssl ca-file /etc/ssl/certs/origin_ca_rsa_root.pem
#
#backend ldapui_nodes
# mode http
# server server 192.168.76.2:18081
backend glances_nodes
mode http
server server glances:61208
backend hydra_nodes
mode http
server server 192.168.76.2:3000
backend attic_nodes
mode http
server server 192.168.76.2:8183
backend prometheus_nodes
mode http
server server 192.168.76.2:9001
backend gitea_nodes
mode http
server server 192.168.76.2:6443
#backend netdata_nodes
# mode http
# server server 192.168.76.2:19999
# backend dnd_nodes
# mode http
# server server foundry:30000
# acl host_www hdr(host) -i www.tmmworkshop.com
frontend giteassh
mode tcp
bind :2222
default_backend giteassh_nodes
backend giteassh_nodes
mode tcp
server s1 192.168.76.2:2223
frontend minecraft
mode tcp
bind :25565
default_backend router_nodes
backend router_nodes
mode tcp
server s1 mc-router:25565

33
systems/palatine-hill/docker/haproxy.nix
View File

@ -1,33 +0,0 @@
{ ... }:
{
virtualisation.oci-containers.containers = {
haproxy = {
image = "haproxy:latest";
extraOptions = [
"--restart=always"
"--network=haproxy-net"
];
volumes = [
"${./haproxy.cfg}:/usr/local/etc/haproxy/haproxy.cfg:ro"
"/ZFS/ZFS-primary/docker/haproxy/certs:/etc/ssl/certs:ro"
];
ports = [
"80:80"
"443:443"
"25565:25565"
];
environment = {
PUID = "600";
PGID = "600";
};
dependsOn = [
"nextcloud"
"grafana"
"foundryvtt"
"glances"
"mc-router"
];
};
};
}

96
systems/palatine-hill/docker/minecraft.nix
View File

@ -1,96 +0,0 @@
{ config, lib, ... }:
let
servers = {
atm6 = "atm6.alicehuston.xyz";
stoneblock3 = "sb3.alicehuston.xyz";
RAD2 = "rad.alicehuston.xyz";
skyfactory = "sf.alicehuston.xyz";
divinejourney = "dj.alicehuston.xyz";
rlcraft = "rlcraft.alicehuston.xyz";
arcanum-institute = "arcanum.alicehuston.xyz";
# bcg-plus = "bcg.alicehuston.xyz";
};
defaultServer = "rlcraft";
# defaultEnv = {
# EULA = "true";
# TYPE = "AUTO_CURSEFORGE";
# STOP_SERVER_ANNOUNCE_DELAY = "120";
# STOP_DURATION = "600";
# SYNC_CHUNK_WRITES = "false";
# USE_AIKAR_FLAGS = "true";
# MEMORY = "8GB";
# ALLOW_FLIGHT = "true";
# MAX_TICK_TIME = "-1";
# };
# defaultOptions = [
# "--stop-signal=SIGTERM"
# "--stop-timeout=1800"
# "--network=minecraft-net"
# ];
# vars = import ../vars.nix;
# minecraft_path = "${vars.primary_games}/minecraft";
in
{
virtualisation.oci-containers.containers = {
mc-router = {
image = "itzg/mc-router:latest";
extraOptions = [
"--network=haproxy-net"
"--network=minecraft-net"
];
cmd = [
(
"--mapping=mc.alicehuston.xyz=${defaultServer}:25565"
+ (lib.adev.mapAttrsToString (hostname: url: "," + url + "=" + hostname + ":25565") servers)
)
];
};
# rlcraft = {
# image = "itzg/minecraft-server:java8";
# volumes = [
# "${minecraft_path}/rlcraft/modpacks:/modpacks:ro"
# "${minecraft_path}/rlcraft/data:/data"
# ];
# hostname = "rlcraft";
# environment = defaultEnv // {
# VERSION = "1.12.2";
# CF_SLUG = "rlcraft";
# DIFFICULTY = "hard";
# ENABLE_COMMAND_BLOCK = "true";
# };
# extraOptions = defaultOptions;
# log-driver = "local";
# environmentFiles = [ config.sops.secrets."docker/minecraft".path ];
# };
# bcg-plus = {
# image = "itzg/minecraft-server:java17";
# volumes = [
# "${minecraft_path}/bcg-plus/modpacks:/modpacks:ro"
# "${minecraft_path}/bcg-plus/data:/data"
# ];
# hostname = "bcg-plus";
# environment = defaultEnv // {
# VERSION = "1.17";
# CF_SLUG = "bcg";
# DIFFICULTY = "normal";
# DEBUG = "true";
# # ENABLE_COMMAND_BLOCK = "true";
# };
# extraOptions = defaultOptions;
# log-driver = "local";
# environmentFiles = [ config.sops.secrets."docker/minecraft".path ];
# };
};
sops = {
defaultSopsFile = ../secrets.yaml;
secrets = {
"docker/minecraft".owner = "docker-service";
};
};
}

7
systems/palatine-hill/docker/nextcloud-image/nextcloud-apache.nix Normal file
View File

@ -0,0 +1,7 @@
{
imageName = "nextcloud";
imageDigest = "sha256:fe7f941cc514fe01e343a515c7b33e6b12707c718157f6e25a67119e9918a061";
sha256 = "07w9rvmr2qy037ljdmk6w1n2dmwwa31ig7gzfb084wiv18hjfrg4";
finalImageName = "nextcloud";
finalImageTag = "apache";
}

107
systems/palatine-hill/docker/nextcloud.nix
View File

@ -1,107 +0,0 @@
{ config, ... }:
let
vars = import ../vars.nix;
nextcloud_path = vars.primary_nextcloud;
redis_path = vars.primary_redis;
# nextcloud-image = import ./nextcloud-image { inherit pkgs; };
nextcloud-base = {
# image comes from running docker compose build in nextcloud-docker/.examples/full/apache
image = "nextcloud-nextcloud";
hostname = "nextcloud";
volumes = [
"${nextcloud_path}/nc_data:/var/www/html:z"
"${nextcloud_path}/nc_php:/usr/local/etc/php"
"${nextcloud_path}/nc_prehooks:/docker-entrypoint-hooks.d/before-starting"
#"${nextcloud_path}/remoteip.conf:/etc/apache2/conf-enabled/remoteip.conf:ro"
];
extraOptions = [
"--network=haproxy-net"
"--network=postgres-net"
"--network=nextcloud_default"
];
dependsOn = [ "redis" ];
environmentFiles = [ config.sops.secrets."docker/nextcloud".path ];
};
in
{
virtualisation.oci-containers.containers = {
nextcloud = nextcloud-base // {
ports = [ "9999:80" ];
};
redis = {
image = "redis:latest";
user = "600:600";
volumes = [
"${config.sops.secrets."docker/redis".path}:/usr/local/etc/redis/redis.conf"
"${redis_path}:/data"
];
extraOptions = [
"--network=nextcloud_default"
];
cmd = [
"redis-server"
"/usr/local/etc/redis/redis.conf"
];
};
go-vod = {
image = "radialapps/go-vod:latest";
dependsOn = [ "nextcloud" ];
environment = {
NEXTCLOUD_HOST = "https://nextcloud.alicehuston.xyz";
};
volumes = [ "${nextcloud_path}/nc_data:/var/www/html:ro" ];
extraOptions = [
"--device=/dev/dri:/dev/dri"
];
};
collabora-code = {
image = "collabora/code:latest";
dependsOn = [ "nextcloud" ];
environment = {
aliasgroup1 = "https://collabora.nayenoie.com:443";
aliasgroup2 = "https://nextcloud.alicehuston.xyz:443";
aliasgroup3 = "https://.*:443";
extra_params = "--o:ssl.enable=false --o:ssl.termination=true";
};
environmentFiles = [
config.sops.secrets."docker/collabora".path
];
extraOptions = [
"--network=haproxy-net"
"--privileged"
];
ports = [ "9980:9980" ];
};
};
users.users.www-data = {
uid = 33;
isSystemUser = true;
group = "www-data";
};
users.groups.www-data = {
gid = 33;
members = [ "www-data" ];
};
sops = {
defaultSopsFile = ../secrets.yaml;
secrets = {
"docker/redis" = {
owner = "docker-service";
restartUnits = [ "docker-redis.service" ];
};
"docker/nextcloud" = {
owner = "www-data";
restartUnits = [ "docker-nextcloud.service" ];
};
"docker/collabora" = {
owner = "www-data";
restartUnits = [ "docker-collabora-code.service" ];
};
};
};
}

67
systems/palatine-hill/docker/postgres.nix
View File

@ -1,67 +0,0 @@
{ config, ... }:
let
vars = import ../vars.nix;
psql_path = "${vars.primary_db}/postgresql";
in
{
virtualisation.oci-containers.containers = {
postgres = {
image = "postgres:16";
user = "600:600";
volumes = [
"${psql_path}/primary_new:/var/lib/postgresql/data"
"${psql_path}/pg_archives:/opt/pg_archives"
];
log-driver = "local";
extraOptions = [
"--network=postgres-net"
"--health-cmd='pg_isready -U firefly'"
"--health-interval=1s"
"--health-timeout=5s"
"--health-retries=15"
"--shm-size=1gb"
"--restart=always"
];
environmentFiles = [ config.sops.secrets."docker/pg".path ];
};
postgres-secondary = {
image = "postgres:16";
user = "600:600";
volumes = [
"${psql_path}/secondary_new:/var/lib/postgresql/data"
"${psql_path}/pg_archives:/opt/pg_archives"
];
log-driver = "local";
extraOptions = [
"--network=postgres-net"
"--health-cmd='pg_isready -U firefly'"
"--health-interval=1s"
"--health-timeout=5s"
"--health-retries=15"
"--shm-size=1gb"
"--restart=always"
];
environmentFiles = [ config.sops.secrets."docker/pg".path ];
};
postgres-adminer = {
image = "adminer/latest";
user = "600:600";
ports = [ "4191:8080" ];
dependsOn = [ "postgres" ];
extraOptions = [
"--restart=always"
"--network=postgres-net"
];
};
};
sops = {
defaultSopsFile = ../secrets.yaml;
secrets = {
"docker/pg".owner = "docker-service";
};
};
}

38
systems/palatine-hill/docker/restic.nix
View File

@ -1,38 +0,0 @@
{ ... }:
let
vars = import ../vars.nix;
restic_path = "${vars.primary_backups}/restic";
in
{
virtualisation.oci-containers.containers = {
restic = {
image = "restic/rest-server:latest";
volumes = [ "${restic_path}:/data" ];
environment = {
OPTIONS = "--prometheus --htpasswd-file /data/.htpasswd";
};
ports = [ "8010:8000" ];
extraOptions = [
"--restart=always"
"--network=restic_restic"
];
};
grafana = {
image = "grafana/grafana:latest";
extraOptions = [
"--restart=always"
"--network=haproxy-net"
];
volumes = [
"grafanadata:/var/lib/grafana"
"${restic_path}/dashboards:/dashboards"
"${restic_path}/grafana.ini:/etc/grafana/grafana.ini"
];
environment = {
GF_USERS_DEFAULT_THEME = "dark";
};
};
};
}

103
systems/palatine-hill/docker/torr.nix
View File

@ -1,103 +0,0 @@
{ pkgs, ... }:
let
delugeBase = {
environment = {
PUID = "600";
PGID = "100";
TZ = "America/New_York";
UMASK = "000";
DEBUG = "true";
DELUGE_DAEMON_LOG_LEVEL = "debug";
DELUGE_WEB_LOG_LEVEL = "debug";
};
};
vars = import ../vars.nix;
#docker_path = vars.primary_docker;
torr_path = vars.primary_torr;
deluge_path = "${torr_path}/deluge";
delugevpn_path = "${torr_path}/delugevpn";
genSopsConf = file: {
"${file}" = {
format = "binary";
sopsFile = ./wg/${file};
path = "${delugevpn_path}/config/wireguard/configs/${file}";
owner = "docker-service";
group = "users";
restartUnits = [ "docker-delugeVPN.service" ];
};
};
in
{
virtualisation.oci-containers.containers = {
deluge = delugeBase // {
image = "binhex/arch-deluge";
volumes = [
"${deluge_path}/config:/config"
"${deluge_path}/data/:/data"
"/etc/localtime:/etc/localtime:ro"
];
ports = [
"8084:8112"
"29433:29433"
];
};
delugeVPN = delugeBase // {
image = "binhex/arch-delugevpn";
extraOptions = [
"--privileged=true"
"--sysctl"
"net.ipv4.conf.all.src_valid_mark=1"
];
environment = delugeBase.environment // {
VPN_ENABLED = "yes";
VPN_CLIENT = "wireguard";
VPN_PROV = "custom";
ENABLE_PRIVOXY = "yes";
LAN_NETWORK = "192.168.0.0/16";
NAME_SERVERS = "194.242.2.9";
# note, delete /config/perms.txt to force a bulk permissions update
};
volumes = [
"${delugevpn_path}/config:/config"
"${delugevpn_path}/data:/data"
"/etc/localtime:/etc/localtime:ro"
];
ports = [
"8085:8112"
"8119:8118"
"39275:39275"
"39275:39275/udp"
];
};
};
systemd.services.docker-delugeVPN = {
serviceConfig = {
ExecStartPre = [
(
"${pkgs.bash}/bin/bash -c \"${pkgs.findutils}/bin/find ${delugevpn_path}/config/wireguard/configs "
+ "-type l -not -name wg0.conf "
+ "| ${pkgs.coreutils}/bin/shuf -n 1 "
+ "| ${pkgs.findutils}/bin/xargs -I {} cp -L {} ${delugevpn_path}/config/wireguard/wg0.conf &&"
+ "${pkgs.coreutils}/bin/chown docker-service:users ${delugevpn_path}/config/wireguard/wg0.conf &&"
+ "${pkgs.coreutils}/bin/chmod 440 ${delugevpn_path}/config/wireguard/wg0.conf\""
)
];
ExecStopPost = [ "${pkgs.coreutils}/bin/rm ${delugevpn_path}/config/wireguard/wg0.conf" ];
};
};
sops.secrets =
(genSopsConf "se-mma-wg-001.conf")
// (genSopsConf "se-mma-wg-002.conf")
// (genSopsConf "se-mma-wg-003.conf")
// (genSopsConf "se-mma-wg-004.conf")
// (genSopsConf "se-mma-wg-005.conf")
// (genSopsConf "se-mma-wg-101.conf")
// (genSopsConf "se-mma-wg-102.conf")
// (genSopsConf "se-mma-wg-103.conf");
}

61
systems/palatine-hill/docker/unifi.nix
View File

@ -1,61 +0,0 @@
{ config, ... }:
let
vars = import ../vars.nix;
unifi_path = "${vars.primary_docker}/unifi-2.0";
mongo_path = "${vars.primary_db}/mongo";
in
{
virtualisation.oci-containers.containers = {
unifi-controller = {
image = "lscr.io/linuxserver/unifi-network-application:latest";
volumes = [ "${unifi_path}/config:/config" ];
log-driver = "local";
dependsOn = [ "mongodb" ];
extraOptions = [ "--restart=unless-stopped" ];
ports = [
"8443:8443"
"3478:3478/udp"
"10001:10001/udp"
"8080:8080"
"1900:1900/udp" # optional
"8843:8843" # optional
"8880:8880" # optional
"6789:6789" # optional
"5514:5514/udp" # optional
];
environment = {
PUID = "1000";
PGID = "100";
TZ = "America/New_York";
MEM_LIMIT = "1024"; # optional
MEM_STARTUP = "1024"; # optional
MONGO_USER = "unifi";
MONGO_HOST = "mongodb";
MONGO_PORT = "27017";
MONGO_DBNAME = "unifi";
};
environmentFiles = [ config.sops.secrets."docker/unifi".path ];
};
mongodb = {
image = "docker.io/mongo:7.0";
environment = {
PUID = "1000";
PGID = "100";
TZ = "America/New_York";
};
extraOptions = [ "--restart=unless-stopped" ];
volumes = [
"${mongo_path}/unifi:/data/db"
"${unifi_path}/init-mongo.js:/docker-entrypoint-initdb.d/init-mongo.js:ro"
];
};
};
sops = {
defaultSopsFile = ../secrets.yaml;
secrets = {
"docker/unifi".owner = "docker-service";
};
};
}

26
systems/palatine-hill/docker/watchtower.bash
View File

@ -1,26 +0,0 @@
#! /usr/bin/env nix
#! nix shell nixpkgs#docker nixpkgs#bash nixpkgs#gawk --command bash
outdated_msg="Project code is out of date and needs to be upgraded. To remedy this problem immediately, you may reboot your warrior."
label="$1"
label_val="$2"
if (($# != 2)); then
echo "usage: $0 label label_value"
fi
containers=$(docker ps --format '{{.Names}}' -f "label=${label}=${label_val}")
for container in ${containers[@]}; do
echo "checking ${container}"
last_msg=$(docker logs -n 1 "${container}")
if [[ $last_msg =~ $outdated_msg ]]; then
echo "${container} is outdated, restarting"
imageTag=$(docker ps --format '{{.Names}}\t{{.Image}}' -f "name=$container" | grep -w "$container" | awk '{print $NF}')
docker pull "$imageTag"
systemctl restart "docker-${container}"
fi
done

26
systems/palatine-hill/docker/wg/se-mma-wg-001.conf
View File

@ -1,26 +0,0 @@
{
"data": "ENC[AES256_GCM,data:PytLIf5ceSyhxNs3p4N89GKxh7zTvTTbzKhw6SqEPrWSgRo+ntOZQgkUWBwFRGmWjFjMoMmkxaHkyrBLo/lYb6MAKuPNCb4Ss2ArSHk1qOl9u39lXYSs4NNaZYx6r5vs9IspYsIzfbkz2mad5ZaeEuDjiGCethaw9SthXNyjOOEIo/zYB/9Qju963kPXCpexu2/nbhwr/ilXzP8zzhzl712CMULV2GwISrKQcnJYyhqwzAuLmmsG50J3It3BZBUwTbyiIRK4ka0wrycqVmVDKyasUX71LYlq9MifttFCjQCN8xE7FmDl8nSBBaub9Vss5IAF+DcIRNRIQ7f6INuo,iv:CbvR5AEtENWTKP7UPqjYl7qNvyZvPZRFawrU8xoYdL4=,tag:9C5KmHeZkt62Ujkg2Wzt3A==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkNTh3RHN5bGVDZ29YS0pD\nbXpoL3E1emlJeEJMUWo3SzM2ODQ4c2FndWxNCnZUN3dIaTM3bXpOWDcxSzhROHlM\nQlJTTGl2WEs1NlczUlhhMEcvWWlXaGsKLS0tIENlY3dvNEF4UEllQnR2aDJFbSs2\nVE05RnRDSVphNHcrR3paQ3BFOU8vNkUKOtItYEU8P0Wu6TDzPylTTGhwlAiSgDEq\nJnRYAH6kE+qAnpK2xQyG4n0xbhNiASUVQgNJJyN+5BZi0dDf7k9CQA==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-11-18T06:49:09Z",
"mac": "ENC[AES256_GCM,data:g/ba90H1dGisB71/MWXkJDCQEXphWu0tOv04ScmEjKPm58TRM0W1oUVDPa7QWHrcdozz0LnQndhs4enW+SqRF39YBmL8OziddStVgTWC4chBazAPHBcGCgLApP9RAjNhiyosTIypLqppY08UIGU1Q1qEzcoHendu6hSMX09jG+A=,iv:6UPwNmUbjt+z7Vr7yuQ3fdsmTwBwE5AUQw3IzonqXZ4=,tag:nmloGiYkKXNGcbn8aBmNAQ==,type:str]",
"pgp": [
{
"created_at": "2024-11-18T06:49:09Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DQWNzDMjrP2ISAQdAtZwfBH7XpTMkoZMd7QojukRfwU1Z7O/ZHcBzW0rYiTgw\nuYKmkKxSPqY9E/zzNpO0C52NwyAUerM851DaOHkZvcNBkMGdFLKvLf53wgPZKlkc\n1GgBCQIQNLHtkosd/X7cb8VScXNk8CVsckRQJWiHFkPtbYcyz9O55hJOdg0TGmbQ\nf4v9yNrVG6OFQTfV8IXbIJ7fANPNDTu/gDE/XB4W8GzgmLReAsaUnxJWd7a2LSFn\nCkiJsF+JY3QsYg==\n=55xj\n-----END PGP MESSAGE-----",
"fp": "5EFFB75F7C9B74EAA5C4637547940175096C1330"
}
],
"unencrypted_suffix": "_unencrypted",
"version": "3.9.1"
}
}

26
systems/palatine-hill/docker/wg/se-mma-wg-002.conf
View File

@ -1,26 +0,0 @@
{
"data": "ENC[AES256_GCM,data:ULynEBONpLJNPcSGjnFTLkrc4PNDNVqvpQ7LWqsMC0mW6SaDFn1e8MJkK4SSLjx2UCajMOyuvzNYzLd5AxMKBgsH/P1KAAednunOEU0ADKIzsrmEqr/zrX709yXPQY2783Os29jFFpCeQra8z3YR2vfU/PcOtqzoOuipRo0p1yUtehBLN40ogP9aLc+zxkoQxts20sU2EOe7rivU9WsBGQ2m3/Eg8ucH0aNdiN1BF/pIwyXbwMxcXtUCs0jVINJqsgFx2Ntmuz24dgZnTr8Hibz0v3F1LXcFbIIiH8OaCb3S4X2Zd/nCJqxRFz+cmzvcMplQHyE1XOYqP0OTA6s=,iv:skT932uptVD/zmbm/nxtzciD9dlYbJU4HzgHZtuathY=,tag:a/x3/an0q8hhexm4dpsVYA==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4T0p1alJDd05KOTBjTVhL\nMVlPZno5YVlWRG0xUWZoUkJyVVZWRitLUTFZCmJmWXdzZHlGdG5GWWI2QWZXRUhY\nVVV1WUxaNWtVcmVtakI2dHpheS9HcTAKLS0tIDFsK0ZIR040dEdQQXV1NUpCQnVB\nOU9YU0NQSkwxMEtPdnRQeUYwc2hiczAKSynE6XsoUXyoLbUuuzqXbIbGoSeZR0S/\npMhZwI2fzh3vuLO0GpREkQRJ0azEvbbFPYdhJAFIBu/eRYd70IySlA==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-11-18T06:49:09Z",
"mac": "ENC[AES256_GCM,data:pk7jtod+BCMqF6Hwgkd2AReDqkLGZvnBsDBJIipi/PNQQnq04BgT3TKDL3aQD4sKREjc0dyubQtvq4pAE3Fs+fOLgfhW6uYgvkreSg7Q7aSx299l2OaIc+pI47Emt0s+QIjFz2hd3KHxBkKr9xg5m3aITVex+96VqPUO5DPusqs=,iv:nsv3uPIz8iwrXAlQ0sd7J7T7jg3Yif4DsJV9g9aAAXY=,tag:xAIvz4KPTlpIuDZZfv3qkw==,type:str]",
"pgp": [
{
"created_at": "2024-11-18T06:49:09Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DQWNzDMjrP2ISAQdAGNsLJiDmbwfugWEdArQwUDMm6yL6bHbRhQsniyz6RFYw\nbmOG9HElDZGrQor2N+OmjRJzBnmrC3H00PBuM1dx6L9pHZpf8/CT477ZE66IDxOw\n1GgBCQIQUtKFTM34FXDEV4sTfawGatyVDoqFq+gxtI6iJA+1YgrJkZzV/5yAlINb\nsiiO0h1dvUS7uMZT/EPEBDvprXwDXrk6GHTtxAQTP3XQzO3bz0x6RhMJOEj+7hEB\nrkne981/Q2FiDg==\n=kGYU\n-----END PGP MESSAGE-----",
"fp": "5EFFB75F7C9B74EAA5C4637547940175096C1330"
}
],
"unencrypted_suffix": "_unencrypted",
"version": "3.9.1"
}
}

26
systems/palatine-hill/docker/wg/se-mma-wg-003.conf
View File

@ -1,26 +0,0 @@
{
"data": "ENC[AES256_GCM,data:1pgCvsAcTSFMhb6OKujAtyEfR+Uu544RecoLxy6hhbj8PupUuosJ+lt5gOMqOzHvjUBMvKM/mqJ+JuahChclwXg+XCgB/7yh0tlwPyftPNoWltEwu/AsP7QUwXomfj/AbwzxfB8oTw4U2Ot4DfObDNvhfA88Sva2OE6mkapoRAAFND4CoglOoJ5F+vjLf0XsRCaHTVXCTwmd6BNb+ZHs+heztlaFRp5Mv8TINOlDl3yhW8V10r8ZhLoF421DVAtVLsuOQ6rbzGOZy9A+HfZJlaEZcgFHLKi40pBKQWw5xFrDp8gml/eMtkkKRZR88v+eXT+QCrg3biVYrdIhJlA=,iv:kIOTAido5Xm1fB5Xz7bsrwNM9dbjMIxvqIcNfXbUU6w=,tag:mrzFeyo4D3Y8lah9DU4kqg==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZbFdnRDlGNUxhTFd3NHhM\nanZmMksxV2xJdUVRL1NFQlJySjU2ZUJSQkg0CnIxb0FIeWMzMzdNalVNUmhQM1lX\nd0h6RWdPak5QeS9WYksrcHhERmd6Y2MKLS0tIDc5ZEFhK0dycFM2N29wN09BOVNK\nTWJjNThyTUxqNWxsTmw5WmlBV0xlK2sKE3L8/VvO8vmsqUV939JM2qdVUOsHAN3p\nwFfeldy2T6ojCVLWdl3CnZ7DmRumweEsSq1JP1mkZzfxotZloMUH5w==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-11-18T06:49:09Z",
"mac": "ENC[AES256_GCM,data:hmYfiTiGuO3oF/nGMP7vizC7nJtxYp1nFKoYsZR+GogpN3m3pqdKbLfqWLHXCI5o1l2nZjCo8VgUQYGrwePertOtlTF2rUz9fSxl3EsmoPbZOkt/NawjiIN3lARYTyoxwAq4Qtsna0OJTq9Yb+DlnMUTH+zk3/32K8dF2STRB84=,iv:8jYMtSSVOu5OIR4/TsM/upnZvvTh+ObkHcUiZtNLf+M=,tag:ANLwWSNxZxUM731LdQIO0A==,type:str]",
"pgp": [
{
"created_at": "2024-11-18T06:49:09Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DQWNzDMjrP2ISAQdADhzkz5iF5geZvou70PeWpN718CeGgvbs97VWhxL25gEw\nphKaEn/73p0Qjqnpu5xVQi0GwSOFVt2UFjLf55aEjdBPb/RwVp0kAeDzzaDSR6/m\n1GgBCQIQXglRmyXJWRT4RdsWOFM1SpuFV1F235UJIEn/O0yGiQvuBQF6OVuvqYgV\nYNi2KFUU+99WaQvxUYddGzCHMEC2AAuKSSNBvs2LSGu0Ic/KWjrcn6yeXEPuv8a/\nHsvjhXACkXWN/Q==\n=JWpI\n-----END PGP MESSAGE-----",
"fp": "5EFFB75F7C9B74EAA5C4637547940175096C1330"
}
],
"unencrypted_suffix": "_unencrypted",
"version": "3.9.1"
}
}

26
systems/palatine-hill/docker/wg/se-mma-wg-004.conf
View File

@ -1,26 +0,0 @@
{
"data": "ENC[AES256_GCM,data:s8ANdI9fL6hX9K3ypZcmxhQv3VWZ0BYCMmEWatNpQv+0t4kLMmDIbtvLVBTjLoFvWcfy31vAEhbhZPOE0iQXUohiwfVu67/nR3gzcVpeERvtYlqb4q4RwDIgFXKZUd7y55CIcJbpFRR6U5/NCG2+PEAD5J4OtNTkjnpleipNqcI7Ccg062jVqiavOeKw+eoLMomJsJYqdeTUb9nwYlYoe87aIhZFmAKe0Z1ps6ClzaHSWsr0RSbaDFgBJxUo1brEETsIkphNktIe2kVY72PaOqiNZavEhgPfIc42Ldr4zyaW9nrau8ZsiGM/1VxrHwEOlqW6QimZO9epv6jQgTm0,iv:lSZ5H1kkokiwr6o/X42ElkLvNnWOJZkuD4Tt+vkX8uc=,tag:G+bcX3QzEIcmkxjBsSGLNw==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5R0J6UmFPVWo5ME84Q3Rq\nN0J3MmowemJNa0pwNlVqQjdUR0NOWTh2MEU4CitGbkt4UDhuYlRFTlp3eHNGV1JG\nc0p6ZVlxUURhQ1NLbDhvc3VPazh5MmMKLS0tIERTcW54OTFhYjcxUVliRFFmOExk\nL1JMb0VyTDAzd1h3TXgwQ1V3VzZmdWcKZLwB3/3M5Ph9xvkBUrTZXvE13R83NCaT\nHYCKZoJx/CexdDXpij/H9fMI2BgRP1UBgxyWVg0pAAPrxhNhpiteVA==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-11-18T06:49:09Z",
"mac": "ENC[AES256_GCM,data:PC2Gk57K2IQbGsAjXvN7BDaYO09vg+MKZcrieA6kPFeWVK7Nbic9iQiRsqs8cMOgQ4ZWNFJqyCmSPNKhWAkhmcuc3TNXTCGUl9AsWUyVLU1KL0I48320U+72ce4RY0vtO8FjgPjeFRtuzrHO4eOQhULrX7FhtUYq3/meZjP3PmM=,iv:P3LfN/+LS8wbRFcTvJhCU1LEqayWCUwqtHAmPodUXZE=,tag:DMuEdIKy8hBo/jdvnv7yaQ==,type:str]",
"pgp": [
{
"created_at": "2024-11-18T06:49:09Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DQWNzDMjrP2ISAQdAAVsYsC/Di95MPmvkveVSZVZLPDuyWGdmgFFjGz1/l0Qw\nklzbhejv4x04f9j8zWG1Nsnvkkgv2wf++514BCGBN/DvlcFrv1xVPcA2RCqxr49t\n1GYBCQIQJvmrC8GUr9qp0yYEcUzXAaYh9hUA+fGPc1L45PmWVwjnY2wRtco4Y/uu\nLI09Esz6GH9vVesL3oO9A1uXArKw9dqph+Q6l3XAbtUp/y2vSU2xZlaQ83hAP3S1\nTryM3Ex9a80=\n=d/cZ\n-----END PGP MESSAGE-----",
"fp": "5EFFB75F7C9B74EAA5C4637547940175096C1330"
}
],
"unencrypted_suffix": "_unencrypted",
"version": "3.9.1"
}
}

26
systems/palatine-hill/docker/wg/se-mma-wg-005.conf
View File

@ -1,26 +0,0 @@
{
"data": "ENC[AES256_GCM,data:lre1gMfmXwB/FxXrF7VguPFmunswv7Y2+GhIOJYu5ijTpDV0O3mumM5Xmk8dZ//3xPQuqFJBJEpMI8nggAWG3pEd4x5otDimJR0OHb0zoHbDE2YyNWR6pwUk07QkhTYJ0UzLFtReRCSgkQmbR20nfew1Ta9HYEDeqBH9+nFBBqlhJkYXybmjC+sWpyEkhnAUk2cjz74WiE4cFemLj8M1+pZYany9uSeY8MI+zO3PU6XyMEdEx9+H2vmvUR+MMzR01cZlHBPghgVlPtDAerTOOFo7Med/HSKUsFLm84K+DerjZ7tIP34xEY7NjW3epxk53UmUdbY8DJ+pBPVcL8k=,iv:CIHbLf6ARlXs3QQKg6hfO47WfQXYMtzCt/2Qv9Vmmgo=,tag:/uR4nPjpqEJ8zv8/H54xxg==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByWkhMT1dHNklvK2VXNGtq\nUG9tUS8xM0VoVDZTSTNvZ21teGYrSHRMelJrClU2Q2ovR01OK2E4d2F1aXRmaXRK\nckZ2WFhDYVA4bEVLMUl6WU0xd1p2NlkKLS0tIHZJV3FUYk5oNi9CQXlzSFUxSlVV\nV3Y3Q3RrT3JMVUh0Tmg5V3dtaURpcVEKRZ3dja+pVm2sAdQexiSw/si+CM2esjQM\nq0/9AfMPrULAdHrkvxLfyJRFWQlr2/g02QbeCE8HHYbVWSGaN2pJng==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-11-18T06:49:09Z",
"mac": "ENC[AES256_GCM,data:lxWz7NnYyAUyY52ewC1Eh9k1xDdJr0I2rEhiGukdKxg0G1gVhrj0UjFEdnkrMALrYbPh3yE1vj/E+xcPJZtrkuCQNTJkxnLlLijhXM39Um3M1KpIMDx5qOHggaT4T+HhdgJBqvkMiBypyP1ph9MPEYvg+mL4au6jd8fRaw2TUII=,iv:IbqBUWb1MrEcVy9rONDYzbB454XVYRi4mdtWo15RZ28=,tag:Cefs9e7CBk2/QsPS1LD3+A==,type:str]",
"pgp": [
{
"created_at": "2024-11-18T06:49:09Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DQWNzDMjrP2ISAQdARE07oxCX7FzLNlR9Pjmc1hUVGGD2KJdkFlM0cZl9uUEw\n1zW5R66Wy37KlREIRWXz2lnmN2Txpou+fC8zkxPcYXu+s+nWjbJbCRcv233RspPi\n1GgBCQIQWfGy65DBWWjSp2Sr9Ny/Pxvhzy0IF58AW32gTsxYmoeT+9qVuFcne3ut\nOEPyRqyBtnY3BOefXtBWsVBdtasFajhpp7rC2bSmd4sxacBL7DIwSVnTKpGs8Bsh\n8eCj7MwO/uRDFA==\n=frH4\n-----END PGP MESSAGE-----",
"fp": "5EFFB75F7C9B74EAA5C4637547940175096C1330"
}
],
"unencrypted_suffix": "_unencrypted",
"version": "3.9.1"
}
}

26
systems/palatine-hill/docker/wg/se-mma-wg-101.conf
View File

@ -1,26 +0,0 @@
{
"data": "ENC[AES256_GCM,data:iqmUJoBrXT91fFKdujhbHaLHcQF6J7+zjgaVsOwRkSwnB1OF/2BAf3jwvXjZiAIf7ytdrGjDR8t+Ze1hrncwJ/CuJuWtciX0qN9pky8p3Gpd85c5yZ1kWkC/wfT9VJ70EOe6gHYVnEk8PYqWfb+HaYWolUm4dqnMQcyZ1dkGJAyedvmrZvU/EyWPwwR3bVmVkup5skjExEx0POQSTJjE36Kewm/K4AQ3yBcCmmj7ZgYWQotViYW0iIQt3ZH+oItro+SqWb8/EcNjqQbU/1CkVtFEtIgyOpy1tZ7HFhaQI6xha78KC5nPn+dgckw1rrqbH5tUMEs0GHuAhi3v,iv:83eA9Rioryf5nDtcmput665AAR622yhd1ccbIz2aYQ4=,tag:b+j9T/tuEWORm3G9dDbVuA==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0Tjl2S2tsVGZPS09HaDFO\neHZ2NlN5OUJuRmlZem1xeGtISVMrU2g3WmtZCndobDRnenlWSUl3L00yQUVJUnYx\nR2pxbGJuTkJqT1Nocm9jK1Yra3QzQ1EKLS0tIGE4SjZIMzN5WEl2dnFWZkIwc2ps\nVENuVUUvK1FsTmQ4UFdDQ2hnL0laRUUKYAvGtZrZ5iHls6kXlkXjRZKLB+VotxBI\nqjsPoW1o/2HJ0IQt1HByaxxw80FFcaY79FMVBkJcdQjYOEHFuQjw+Q==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-11-18T06:49:09Z",
"mac": "ENC[AES256_GCM,data:xo7PG3dqcfwMra7b4AKA7tjBmdwGq6hmQdGCiVT+dx5U8u60B7iIhZA1Nlkrwj1tCqUDpBjVp5iGReYJ+fckYriBBRURFtSaNjmrBSUiswaR2FqxGiNKzW83TdLEncTMXlNdTWKxhPy8uRh0Xso/ZFqAWgPd3fvfUAVXgGmnCuw=,iv:zi0v2nJPhVmPeE7pNY5KGhJimYMtWhmHzareuZ39YN8=,tag:/2NKODtUaXJhxkJLqjn6gw==,type:str]",
"pgp": [
{
"created_at": "2024-11-18T06:49:09Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DQWNzDMjrP2ISAQdAxkXTiqh3KhrshdFSX+QUvPyxL23iLm0y1nCsQGwCcBMw\nIg4RMlZVlbSUya2IPRc2J2gt7E0Fyp/oYw9Ytsa3u6cR5L41dRS4tZcpHkyJpU9h\n1GYBCQIQqCh2mj3ErvL1BYA+sgvIh8hbzmBH8uWWNpCHCP1StjtduMyLT6rBiWuv\nPvoCvz3WWXufEvn7DEutAs+T92oNMcEHcGWWbsn8U1dIXQ+7Cl2CWDNMlxIoKtVN\nuBcXPqKFZho=\n=M3My\n-----END PGP MESSAGE-----",
"fp": "5EFFB75F7C9B74EAA5C4637547940175096C1330"
}
],
"unencrypted_suffix": "_unencrypted",
"version": "3.9.1"
}
}

26
systems/palatine-hill/docker/wg/se-mma-wg-102.conf
View File

@ -1,26 +0,0 @@
{
"data": "ENC[AES256_GCM,data:MvHQjTIH2RUsf/Re8piWc+foojfH1GpkDdgTgN5uGkBd+hFABF58ATN02SyrSJilwZiUIcmmd9yei59JKNumhY6daIcVzwpipGp2E/5ziLE0LzJ2+9Ov084TEclMe5vbEnJqtiB3Vu0w/9wKzbiXGWi/doqpNV1YKgore90Z3Mol4bVC/4ZSmm/YvRNZg51HPHtX65uZKuER54KqqkZOj0zPB8YiJHDbvtdoX2u8gEAenOjboHkRXRU9jgjytoP2Pw8W1dikajTXvtcjTzJijHVXZb70b0Yr5QnLOZaT4ovZA2Y4lkllpmQ4m+up5V3AkIk8iSLlFHOSaYNY,iv:0JpG17m9kD7xJ5vEBibuKG+yLL+xiIHlldFQ9TuWZwU=,tag:mPI3NUTmCnAXhcZ1jyAgrg==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLWklBZUQ3MFo1bUZuY1dy\nVGdUK0FlM1dSNFBYOEhkZUFMd1g0b2ErZXd3Clk2TlQ4aEROUEJFbmpwYXRQK21t\nalJ4Z0k5dlVHQzJzdWNUMnYvTFMvWTQKLS0tIE04TzNIcVlzby9IM0FNMWlOd1Z3\ndTFwa1ZoYjdqUGhUTVVqcmxPVThMV0UKa07ux2wYZCn/9pgejH2o2wAknVLo2YV+\npb49PUwm1wvXaUVOrgGWAEGV1WBkH0FjSUKpTGLZ1V5MJ+wBk1fzRg==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-11-18T06:49:10Z",
"mac": "ENC[AES256_GCM,data:X6AY8uht59ISavkd199WKj+Tnvf6YRxLccRJe/TeEwYN6M9TDIkIDEJmiw25LuLWHq96k6kJ5LXg2XapvTddZs6XavANxVoafyB97JYcofsFgrt5ziVJQisLxxjwnOP7twUHtHN60TS+2Om4LKnx2qm4piMJpt1RTFQPquSrNGg=,iv:Zgl/L3ugPEyQTXnHqctDnRORC3fPTx/z/wAHFfo5ZS4=,tag:o3jdq1bHCzfavdNRwKk1Ww==,type:str]",
"pgp": [
{
"created_at": "2024-11-18T06:49:10Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DQWNzDMjrP2ISAQdAWiLRFVRksLnX7OthQw84hoyjSEnsQyekp7kF/dbFAW4w\n4byTxDKfHHmSUvf9G96wOH/mNWpdAJiWlOQ7tPstVwoeHVBHSgf2vgd8MRTmrRzo\n1GgBCQIQjpgEmL08FuHrEGvT/WUSAIBXKhN56fyHOgT62NzOthiIIp6qxq27UjlX\np+ZUIR/X7qeJSVHJUKssNRnTKm1bbmbK/9ydXZtk/xHdFAD5YLZaz26ZknhaR7J1\ncHEHK6TQRL54lA==\n=DD6O\n-----END PGP MESSAGE-----",
"fp": "5EFFB75F7C9B74EAA5C4637547940175096C1330"
}
],
"unencrypted_suffix": "_unencrypted",
"version": "3.9.1"
}
}

26
systems/palatine-hill/docker/wg/se-mma-wg-103.conf
View File

@ -1,26 +0,0 @@
{
"data": "ENC[AES256_GCM,data:K1RimM2itH8391EFz2SYMn+tDlTcf9bopuci3hkZPqi0Obr4M1pgQGEbs8xxcCYknE5HLGuW/zbMXL5UvFcGIVlvX0q/eZBerTuUz/VMbkzWiQ5Gqy9BpdXbb1i6vBDnNkDpfxrAu8vadUMifoUVTUconhoOzoR5byOMmUdx84z9W1S/9oztd9fRXhJIkoI23mxbaKr+zK7bX8CS73tVk8+oBFjeUPSt6+IwlmWx1iKVBs5tY/RPQ7kGTe3lIdbe2QIgPS/T7/W4xMoI+i9Z+SrW3eLOUyHNWQg/3gCPbOwvYt3xhj8RaScmW5L1a0SMPDQ/5CatOoiV/vrA,iv:NreCE5+5wyEKowJgtFXw7YPhbixpn+qCK403zzrkkjo=,tag:ptYXTDaKEs17fZichb+lbg==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4YlBUcWdWVGNwaUlqMjdt\nTWVqUW5LdVlZWC9Uem0zQXI0UldFMDYweDNBClVJSTJHL0c4anFnOSsvcmhBaldD\nSHNUem9aQk8rTTdLUFpML01uMFJjNkUKLS0tIGY4dXFUVm1mVThrWmFyS3BkTlhS\nblA1MmN1Q3MzRERlN3pLMTExSkx1RjAKonRli3BpI6iucyJAbWvERBPR0f6ewrIp\nBIQVkEBod/pdSiahMWfXjFVH0nmU9Ip2CwhZl1pGNOaHhnLtrUWmBg==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-11-18T06:49:10Z",
"mac": "ENC[AES256_GCM,data:kDO0Y1wIe/ZWTiXeuAQtCS+fn1gR6L514e8qs7mzt1B6/u5hChy2L3WRR0DQN9V0wjl2bp6muAdfTEDbO7PmAbSE8wKHjCy97tzDgVSrtodUvGZUbm62bA0cx1VzgcKrCYHglSDsxmnYc3atxKlM8uWJ9GM4F4O+wRj/AH1QLYM=,iv:DgTrwKlftGmyuRDbROApudP9xANL7aBTbGgYRYqN5ZA=,tag:ek8rci9l2iDrYxP3b2EBvA==,type:str]",
"pgp": [
{
"created_at": "2024-11-18T06:49:10Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DQWNzDMjrP2ISAQdA0ZIzTIWsWHwek/Z0bIQvfCa49t6aaM51M4HJFyCRpxQw\nJ7mW22C1kf35WAz5Hmm251B+UuW1wUITdavE3tYH9/yB1yQsTSgKd3Vze/r5Ebvu\n1GgBCQIQQJk9Blm+/vA3//hafY4tDtuCr7N+utLdDFK1lBy9+Qg8UtAiNP4fFffF\n8Eh0tx/Fg5n/2r4p9NGLFn/ZMMe9SnP19VsmGQQjA3RlK8jVmxvSCXLFzM85uZge\nYJDAMSU+8Q3qdg==\n=4Asa\n-----END PGP MESSAGE-----",
"fp": "5EFFB75F7C9B74EAA5C4637547940175096C1330"
}
],
"unencrypted_suffix": "_unencrypted",
"version": "3.9.1"
}
}

29
systems/palatine-hill/firewall.nix
View File

@ -1,29 +0,0 @@
{ ... }:
{
networking.firewall.allowedTCPPorts = [
# qbit
8081
8082
8443
# hydra
3000
# minio
8500
8501
# gitea
2222
2223
8088
# attic
8183
# collabora
9980
];
}

64
systems/palatine-hill/gitea.nix
View File

@ -1,64 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
base_path = "/ZFS/ZFS-primary/gitea";
in
{
services.gitea = {
enable = true;
appName = "The Hearth";
database = {
type = "postgres";
passwordFile = config.sops.secrets."gitea/dbpass".path;
createDatabase = false;
host = "127.0.0.1";
name = "giteadb";
port = 5433;
};
settings = {
server = {
DOMAIN = "nayeonie.com";
ROOT_URL = "https://nayeonie.com/";
HTTP_PORT = 6443;
SSH_PORT = 2222;
SSH_LISTEN_PORT = 2223;
START_SSH_SERVER = true;
};
service = {
DISABLE_REGISTRATION = true;
};
log = {
LEVEL = "Trace";
ENABLE_SSH_LOG = true;
};
"log.console-warn" = {
LEVEL = "Trace";
ENABLE_SSH_LOG = true;
};
cache = {
enabled = true;
dir = "";
host = "192.168.76.2";
port = "8088";
};
};
stateDir = base_path;
lfs.enable = true;
recommendedDefaults = true;
};
systemd.services.gitea = {
requires = [ "docker.service" ];
after = [ "docker.service" ];
};
networking.firewall.allowedTCPPorts = [ 6443 ];
sops.secrets = {
"gitea/dbpass".owner = "gitea";
};
}

4
systems/palatine-hill/hydra.nix
View File

@ -1,6 +1,7 @@
{ {
config, config,
inputs, lib,
pkgs,
... ...
}: }:
let let
@ -42,7 +43,6 @@ in
services = { services = {
hydra = { hydra = {
enable = true; enable = true;
package = inputs.hydra.packages.x86_64-linux.hydra;
hydraURL = "https://hydra.alicehuston.xyz"; hydraURL = "https://hydra.alicehuston.xyz";
smtpHost = "alicehuston.xyz"; smtpHost = "alicehuston.xyz";
notificationSender = "hydra@alicehuston.xyz"; notificationSender = "hydra@alicehuston.xyz";

242
systems/palatine-hill/loki.nix
View File

@ -1,242 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
vars = import ./vars.nix;
loki_storage = vars.primary_loki;
in
{
# loki: port 3030 (8030)
#
services = {
loki = {
enable = true;
configuration = {
server.http_listen_port = 3030;
# auth_enabled = false;
ingester = {
lifecycler = {
address = "127.0.0.1";
ring = {
kvstore = {
store = "inmemory";
};
replication_factor = 1;
};
};
chunk_idle_period = "1h";
max_chunk_age = "1h";
chunk_target_size = 999999;
chunk_retain_period = "30s";
max_transfer_retries = 0;
};
schema_config = {
configs = [
{
from = "2023-07-01";
store = "tsdb";
object_store = "aws";
schema = "v13";
index = {
prefix = "index_";
period = "24h";
};
}
];
};
storage_config = {
tsdb_shipper = {
active_index_directory = "${loki_storage}/boltdb-shipper-active";
cache_location = "${loki_storage}/boltdb-shipper-cache";
cache_ttl = "24h";
shared_store = "filesystem";
};
aws = {
directory = "${loki_storage}/chunks";
s3 = "s3://access_key:\${LOKI_S3_KEY}@custom_endpoint/bucket_name";
};
};
limits_config = {
reject_old_samples = true;
reject_old_samples_max_age = "168h";
};
chunk_store_config = {
max_look_back_period = "0s";
};
table_manager = {
retention_deletes_enabled = false;
retention_period = "0s";
};
compactor = {
working_directory = loki_storage;
shared_store = "filesystem";
compactor_ring = {
kvstore = {
store = "inmemory";
};
};
};
};
# user, group, dataDir, extraFlags, (configFile)
};
# promtail: port 3031 (8031)
#
promtail = {
enable = true;
configuration = {
server = {
http_listen_port = 3031;
grpc_listen_port = 0;
};
positions = {
filename = "/tmp/positions.yaml";
};
clients = [
{
url = "http://127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}/loki/api/v1/push";
}
];
scrape_configs = [
{
job_name = "journal";
journal = {
max_age = "12h";
labels = {
job = "systemd-journal";
host = "pihole";
};
};
relabel_configs = [
{
source_labels = [ "__journal__systemd_unit" ];
target_label = "unit";
}
];
}
];
};
# extraFlags
};
# grafana: port 3010 (8010)
#
grafana = {
port = 3010;
# WARNING: this should match nginx setup!
# prevents "Request origin is not authorized"
rootUrl = "http://192.168.1.10:8010"; # helps with nginx / ws / live
protocol = "http";
addr = "127.0.0.1";
analytics.reporting.enable = false;
enable = true;
provision = {
enable = true;
datasources = [
{
name = "Prometheus";
type = "prometheus";
access = "proxy";
url = "http://127.0.0.1:${toString config.services.prometheus.port}";
}
{
name = "Loki";
type = "loki";
access = "proxy";
url = "http://127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}";
}
];
};
};
};
/*
# nginx reverse proxy
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
# recommendedTlsSettings = true;
upstreams = {
"grafana" = {
servers = {
"127.0.0.1:${toString config.services.grafana.port}" = {};
};
};
"prometheus" = {
servers = {
"127.0.0.1:${toString config.services.prometheus.port}" = {};
};
};
"loki" = {
servers = {
"127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}" = {};
};
};
"promtail" = {
servers = {
"127.0.0.1:${toString config.services.promtail.configuration.server.http_listen_port}" = {};
};
};
};
virtualHosts.grafana = {
locations."/" = {
proxyPass = "http://grafana";
proxyWebsockets = true;
};
listen = [{
addr = "192.168.1.10";
port = 8010;
}];
};
virtualHosts.prometheus = {
locations."/".proxyPass = "http://prometheus";
listen = [{
addr = "192.168.1.10";
port = 8020;
}];
};
# confirm with http://192.168.1.10:8030/loki/api/v1/status/buildinfo
# (or) /config /metrics /ready
virtualHosts.loki = {
locations."/".proxyPass = "http://loki";
listen = [{
addr = "192.168.1.10";
port = 8030;
}];
};
virtualHosts.promtail = {
locations."/".proxyPass = "http://promtail";
listen = [{
addr = "192.168.1.10";
port = 8031;
}];
};
};
*/
systemd.services.loki.serviceConfig.environmentFile = config.sops.secrets."minio/loki".path;
sops.secrets = {
"minio/loki".owner = "root";
};
}

10
systems/palatine-hill/nextcloud.nix
View File

@ -17,10 +17,12 @@
systemd.services."nextcloud-pre-generate" = { systemd.services."nextcloud-pre-generate" = {
requires = [ requires = [
"docker-nextcloud.service" "docker.service"
"multi-user.target"
]; ];
after = [ after = [
"docker-nextcloud.service" "docker.service"
"multi-user.target"
]; ];
description = "incremental pre-generation of previews on nextcloud"; description = "incremental pre-generation of previews on nextcloud";
serviceConfig = { serviceConfig = {
@ -29,10 +31,10 @@
Group = "docker"; Group = "docker";
ExecStart = [ ExecStart = [
'' ''
${pkgs.bash}/bin/bash -c '${pkgs.docker}/bin/docker ps --format "{{.Names}}" | ${pkgs.gnugrep}/bin/grep -q "^nextcloud$"' ${pkgs.bash}/bin/bash -c '${pkgs.docker}/bin/docker ps --format "{{.Names}}" | ${pkgs.gnugrep}/bin/grep -q "^nextcloud-nextcloud-1$"'
'' ''
'' ''
${pkgs.docker}/bin/docker exec --user www-data nextcloud php occ preview:pre-generate ${pkgs.docker}/bin/docker exec --user www-data nextcloud-nextcloud-1 php occ preview:pre-generate
'' ''
]; ];
}; };

77
systems/palatine-hill/postgresql.nix
View File

@ -1,77 +0,0 @@
{
config,
lib,
pkgs,
...
}:
# sudo -u postgres vacuumdb --all --analyze-in-stages
# /var/lib/postgresql/16/delete_old_cluster.sh
let
vars = import ./vars.nix;
dataDir = "${vars.primary_db}/postgresql/nix/${config.services.postgresql.package.psqlSchema}";
backupLocation = "${vars.primary_db}/postgresql/nix_backups";
in
{
services = {
postgresql = {
inherit dataDir;
enable = true;
enableJIT = true;
package = pkgs.postgresql_16;
identMap = ''
# ArbitraryMapName systemUser DBUser
superuser_map root postgres
superuser_map alice postgres
# Let other names login as themselves
superuser_map /^(.*)$ \1
'';
# initialScript = config.sops.secrets."postgres/init".path;
ensureDatabases = [
"atticd"
"alice"
];
ensureUsers = [
{
name = "atticd";
ensureDBOwnership = true;
}
{
name = "alice";
ensureDBOwnership = true;
ensureClauses = {
superuser = true;
login = true;
createrole = true;
createdb = true;
replication = true;
};
}
];
refreshCollation = true;
vacuumAnalyzeTimer.enable = true;
upgrade = {
enable = true;
stopServices = [
"hydra-evaluator"
"hydra-init"
"hydra-notify"
"hydra-queue-runner"
"hydra-send-stats"
"hydra-server"
"atticd"
"gitea"
];
};
};
postgresqlBackup = {
enable = true;
compression = "zstd";
compressionLevel = 19;
pgdumpOptions = "--create --clean";
location = backupLocation;
};
};
}

37
systems/palatine-hill/samba.nix
View File

@ -1,37 +0,0 @@
{ ... }:
{
services.samba = {
enable = true;
securityType = "user";
openFirewall = true;
settings = {
global = {
"workgroup" = "WORKGROUP";
"server string" = "palatine-hill";
"netbios name" = "palatine-hill";
"security" = "user";
#"use sendfile" = "yes";
#"max protocol" = "smb2";
# note: localhost is the ipv6 localhost ::1
"hosts allow" = "192.168.76. 127.0.0.1 localhost";
"hosts deny" = "0.0.0.0/0";
"guest account" = "nobody";
"map to guest" = "bad user";
};
zfs-primary-backups = {
path = "/ZFS/ZFS-primary/backups";
writeable = "yes";
browseable = "yes";
};
};
};
services.samba-wsdd = {
enable = true;
openFirewall = true;
};
networking.firewall.enable = true;
networking.firewall.allowPing = true;
}

63
systems/palatine-hill/secrets.yaml
View File

@ -1,34 +1,19 @@
hydra: hydra:
environment: ENC[AES256_GCM,data:G/6DOeRdjjp5PGpsHCHneW2X/OQzSH6gozKmgOlK6/bSdQltv4U00AYNOrUYYlH9Yab7JSYBfQinsqRKyDVEp7LLPdlxBaztJiSZGGAdio+JHWwR7UAhAEXSgOh4qFq0SjdZzQduEOdfSYfksut3dJiAvpj6oo6hxuo8mkW4+UacpBmvpnrzHjJHeYYbb3krIhKG6bBqHLT403rLf5oYjnY16XUuYO7deAH99JkfCJKlKnDf3GLfnX78XoXSdOMUyf57PPq5EKA8mFdtZsbAmis=,iv:s903rYHyocGtVJ594+HtCyULGtuom6aUVDcbXPbH93I=,tag:YFkFAIU7cNHSuYnN+lShgA==,type:str] environment: ENC[AES256_GCM,data:XUS68hCXWGMCoxxfecspEpFF8sxVJJVAm74ZZJM5/TiMAyzG0VTw17XQOgv+pP5aYABnQ3Rt9KFaxacaljrjFJ44O8qdGCQOi+g5+EpztHAI+yyeWkEqcVrcDKeb0jM0qygBUtyez5aLJyFwT7znqfNi3CHMP+cJTNVUAQkfL3RrU/lNzAZpIJ5tVG5PzDqMLDWMQXiDRICNdp9fUXyGee64bQ1NxGJALmYS9o1YT75e0nCBsIBD50+ChQvOTUfTGfxpG5SbnDGmL0JIUGB3MqM=,iv:TRsVfNxLnMuq5Wvu0ZX4JVHoIXQaj3Li3KsBXmoFiK8=,tag:gGTQo66uzdUBqCuUYHSE4A==,type:str]
nix-serve: nix-serve:
secret-key: ENC[AES256_GCM,data:M8MJHHO8Hd/Gm6Nxy7/IPr0s6jHEDBB9LpZq8lIWQirvZPpgNrMrnP2xFJWEuJF/ND9hU09ZHA3efIBej2siRPOWSEu4gE65W/GMtpCcwEXF0hR/ISvBsH0fci/6KGbUCVg1x9AJpjJsqevPN7I=,iv:Weuziu2me+kdB9zk68nvLnyxv0ICwB1qA4z0Q39tT6k=,tag:nhcFfRQOxEandrf6CivahA==,type:str] secret-key: ENC[AES256_GCM,data:dXpfTamvU17kkMwp0DZIktkh/iI96wgcQerEC9G0tdm7tL7NQSlS4giocf9uckXK1JNkK9q7urZznx82ZBV3kaZE8oZKgYtkR5xpHgGsbYgQbLx6gowKfBkPusikFl/BqUvUBLznYsYSkJddXJ4=,iv:yeHyAMY2NxQUyzirU9+ggF1O6kRsrM0lEJCY9U0qJN8=,tag:cSm1Obe6WnpHloF/JleVEA==,type:str]
attic: attic:
secret-key: ENC[AES256_GCM,data:/wYnCD7qggeHdsNqkp1rZK839o/1olhJUlT1lrZpv1hTOZDduP2OGhz8kh2PrQR6Mq2Y/ALgHG3cFpJs7G64xDK0qRVGIDlC/9sTQIcF2JL49Free8vADe5ads64EN3vWgfmFoBMPmL0mc4qnDBGnBkDueFN5gy+1szK9tWK23tMl1wEWVsiqBwhuWqQBNRxeaHR2tQXI2Yg3fefq5+laOUjnSe1a8Kx4dJ7rXZuXe+H4uyU7roYFxlLpI8qZig0eUO9WUMX9WP0tKOr5OjsbJzBbdVlVT7lZ9ROYUceoxmcWecLlcyv3Q==,iv:DjH78Getnt3zzK9QLj+HS0cF1wtaBeadxSTrRb1uic0=,tag:KMPtWCq1KT1SSthh3fdsew==,type:str] secret-key: ENC[AES256_GCM,data:0pVok0M5Ob08BdFBV57Ijr4MW6msdGuvgq7v5lunJocv/sM0u0Cy7ye67+me21YBy4xGqidAfQo0j4OQkn71Z7ouKJGQ6izqOuTvRerBLmY/V3GMnSrBgtb+gjKhwswf/T/WV/I2lc0GTrdiJi6JJC0VL14kJYWRQIdcadeGEoF+cZyzyHWV32TxyJrNlDGFu1aFhjKiHP50aDFxibIPwz1h9+lN6jEGEwsOa29K3gnL9zOmzaoS/F4wXEZlCXNETj6lvCd6Ywt3erkGmCvA4FTzfs/CdW/QcS2GneGUzoCy4NRcxx9dKQ==,iv:4QiN6tupBkIZbVkKt7MyLMiy5z/y0ExAT9xWVBL+pko=,tag:CT4F8y/rObKlIMCwtJk7AA==,type:str]
database-url: ENC[AES256_GCM,data:WHdAxNbkRxvNvfUWdPSbgeQXOS7f46OuDKTRuxf3cEyhbU5NAsGlCgfarUBXsHrCH79t7zDGlcRE,iv:trOxDY/ifsibKoX5YPOfKvX/q2ny6SgykiIBusgHxag=,tag:Cx9hhiJIhDLiojJmDdSDtg==,type:str] database-url: ENC[AES256_GCM,data:CrtsSB9KaA+KT9F34eM+z5trjb72wRKKy2LKOWDxBgvVtrNy5jj9c9KPnPCRWue1eABC1FdThKH1,iv:n3n16Qs/s77CxDNHws4lLTJaXx++DpqUrrVDp+Rpj2E=,tag:gkQhzX4gHPRmAQjZKBZF4Q==,type:str]
adm: ENC[AES256_GCM,data:mP4xFGK3+YwyiUMwFaG6tY3tWLGY2YTGa4DRuHzW5Za3McmwEFUzlQQ4hGS2bPKOKwM2Pe5HYBwJnFkd6KRwx5civqsBMwFt4dfZ31xDEi9RxpEm9jCnCcvB1CY8cxNARIhceC12X/ZR8ianUpoINYSjOj4BRy4TEEigi5+V4DkAXeG8+x8SWjj/mRMQMcZud4i69Ul7tpzbjUHm0s/Aasvmib13u4ZbGX/AyoOX8pQwkRHoyfMK2OvRbaeQf9fPcQxOSBALYOIXk9mEGxN1FTFHrTvrY5s0w+hC1mAjX4qm4ZM77RneAI0fJaq1hHSZETIpJOCiQfR3bLuyzWKVestOE29V8Pwq,iv:bjK1QkWUc2vs+oUoC5Z0AKR1/tmrhSLvP8BP8gzghOg=,tag:dmSDM+gbsJMDkqgIPWBfGQ==,type:str] adm: ENC[AES256_GCM,data:fTXg7sVtyjzm2zPLBSYX0wsAjhPZz/fwOWjk6bYEFNDAz9Esw2VFqG84E53cSj62KxClx8jlakA6RyXH5betcrxoRybrEuvdej76TS4kAP3cgK1OUEbcw0gWsgJPleH2BVAn6/5AhtISmglx0RykyKDtjBoxO1ewwwKesd5brIBD2DhLyaYJLFB42to1HmLe7FgYDaR2Q/W5B6W7RMueFwjA4/Y2ELoFQpwqF2HvcyFO58x8BFhIla6T+MB5l5I2qoYNlN5AayUur5xlALRUGH2PCJEiTrt8hXhYPkSlkiiwORBwwK7w89kO+tsHoDW8u3F/aKBbBnikIkaXnSa694mg0twmTOYL,iv:OBk9nrRA2t/9DvEI/OJTwp8nX4iP+foohueZON9Tlgs=,tag:Y1hVX2wva9QridJ5els9Fg==,type:str]
postgres: postgres:
init: ENC[AES256_GCM,data:trwA30EswHEPa6V2GuHsGgU4NK/j/UQveldwHng0Ilwyqh9aZCgF3axP48MmcciBssux8DZ4O5U=,iv:VC+tpG5yuiBE7pjZ85lYCwHG/bTePxeXQDz2zyLyLYA=,tag:5+jwWTv5T5YWwQpR58QfOA==,type:str] init: ENC[AES256_GCM,data:Pq24kdMXLAbePqIHPiJx3xXYEm2UbY598iNDf+z2k1HDhStHAd10CCyJYEgppCw2lkDNY54A3PQ=,iv:RE9DQ9Xw4tDFBD67dk3ggyqYqoGVhZf5kO53WoF3fJ4=,tag:dZwZfgI2H9JTClkyUI1MqQ==,type:str]
gitea:
dbpass: ENC[AES256_GCM,data:8jECcEJ8JnK7fztTckzLrQ==,iv:yQMp5VrierOKXwiop0NUA7Qbn2eH5iUCVlKppZwKLIQ=,tag:rI9WT7zLIaFxVcTu3ufW4g==,type:str]
upsmon: upsmon:
password: ENC[AES256_GCM,data:52Rxsh7KUq+aYjQORBC+Yq5B,iv:F05g/a5bv7DQ+eLlMqsNeRHLxzl7AyXU1zAlmFevQ6o=,tag:xkGDD3hDF+u5fUbP33OrlA==,type:str] password: ENC[AES256_GCM,data:0tZKzQOYaij9jdnDTv61ma8i,iv:GEqlCOOUHTjUzfz+X5lCnqcX9SjAG6bVc8Luv97wnSg=,tag:XLvsucW6sIMHKG2AHmxZEw==,type:str]
minio: minio:
credentials: ENC[AES256_GCM,data:5Z/cTmxSuMq8BfRgYLGZZJ7o6AtmrQM3yNjR17YHr29S7ZWvGsjfM7DsLKectem01nvv3HoT4uyWSdhkOmZahzDb5OF1NEgjJhLqkKlCETMu0mmpwe1cx6iOd7kjB3E6Az/MWpXqZ/TrryL9FrQD2nnx9bHyWWIHRQv8,iv:jiYZXfU+OssC0rh/3yFZLEzD1+5mVDDl6gQ3oyk76E4=,tag:bevDszFv1zSa+/2qQIgC0w==,type:str] credentials: ENC[AES256_GCM,data:78ANAQ2756IISlkUFPxy9lQYRml8C9PvkkiXME4nMjtWwPgybvSM2nrO3yVhTgyOyUZjYYWzJlpwstfIAbuWEgGFhbMixSSNSgsWozojm0hWfPBWZ5x4iX++0ARFdfxIAjiGlM/HGa0YO/2tSA6oW6FqM4RbC1vPnqJc,iv:8Y+SilqKsUH/J6M+l4Wpm2J3nPXeoUhA1+GvhzlqMHE=,tag:5dYBlYPIUjd+U+r/dqJWIA==,type:str]
loki: ENC[AES256_GCM,data:ShC6hfsKifVaxLWRo1fqaOpsrYh4+w==,iv:KVSlPd0mBvPZikg/Agnl6q0UhxTmsNOeYdercYOhqMg=,tag:cj6ex9m7vDjInTJDGUlqFQ==,type:str]
docker:
minecraft: ENC[AES256_GCM,data:2k/m0ksnE92fACxQuBlOO72b19T7Nbnr58ezRddmKUVvePEgrdSnIsR3sh7PnmzwmG/ez0WTD+NKbtkQmRMDQ25vruA8gCf8Ig==,iv:X2SUidKTNAPZfbyiXFKprUbAhBxJcbF5bz+YTy4nuEA=,tag:AAvLXO888r9XvtnNfQgCpA==,type:str]
foundry: ENC[AES256_GCM,data:5Z0FvVhJBzTwDPRN6c//caZokiTnkdqiLGFFuyen+tYsdjbQ3AXH5y7HfxKbxsJvU5uShOuIg0jVMvow2NYmzyYDDKBKPOz0bgXOmFq06wzCJubjyZmR/mDcWBBDzAFzaazpyW8=,iv:6wLS00zhX0tjJUe5uADAjzEshJP8QOkF2i4Aw+Y9RSk=,tag:sNr/exY1u3evYGcImyCUlA==,type:str]
nextcloud: ENC[AES256_GCM,data:dm2Cha+CvFORgdcBvJAzzdOGcJ95vLJYTZcUJnjNp6HOQIIoJrDone1NOAYJh9rdWG/17/ntOmd+TysAj4AsD0dw/PatZmy3I+dcVghkt2XNTc7jD64QjctIHzR+om1joAbKemG1R3St7qDU68TWYxoxIfYZcJvg3ds/lJcYgFRh079UZ/IRlGVR6sWPEXyY+UUrwtk0Fr+y8UtwwWZiLp0akUbIV06huRGiAp/PeWETuPPuacl2++ayIgJFZkJjUl/a52RI1Q0nLG5iyK6QYpY1JSRJTOkiQQ4PB5GRdLCdoM5/ZXTQ6gGcoM5jXFllsTn+yRicNRucuBp7Z2achbk6eITCdjjdXVI7zM4YXpzVLu5fJckLAu07aEIGYCBT7ZXd7TRgfB68POwtwaJGBozg+nuhq8xEH04yi8jFODH6aFplIgJ+bbaP72zw+92lzZa33FEtOwKdtx+YUv0eLLDJs+8Z6Sn6RyN8prwIz1/9LuIMx39g4R7id9W2bV2MXqTU4nN8f0TXWqe+hnb5pDLBaZOBMkwbRka6Vptsi4dbL5Lnexa2DoIHZ2unyxZ+4SkRt9LH39j8fXf2w5JPFCSLstf7+Zu7xzRS0TTCug7k,iv:oOWcFdQJb/+KZKJmQChhJ5jOCcM3o+ojZSMyiRnO9n8=,tag:PWGQkwPe0juLgAdlKiWKpg==,type:str]
redis: ENC[AES256_GCM,data:c+55cN6IpUNeKd+wC2zv3eunYjBsmZtXTczokqaxB2Q=,iv:M3pwNUlT9kUMv4JDE6bp/gub9CdBGxdApIvpOt3JpgE=,tag:3rPlV3U0AP9zAeF7xDouKw==,type:str]
act-runner: ENC[AES256_GCM,data:gdrqXBBzdMW26MgNfP6P1c/m7pLANCXjcZLvVsxlWcgpAZd8IaO2FUqomL3xFI3UDPveQh0UvC3044ueoWhYJOq7ZmKJGvdf0ZrpP1MkXZKvjFjbTsuf/6/SYKhPqnP28HqznUWIVJYcRmP+A2oVeJY=,iv:/yOqJYDpxbqCm1whqcypp7Ba1Xlaebrv+h6lHr57Qa8=,tag:PzVqxP+QwQq69jqhmagj3w==,type:str]
collabora: ENC[AES256_GCM,data:LPRkzPEv5qfzeWSDbf+L+0asfmiK5Mhj8jCdfVyvVQAaD75Cbo4qLD0Nc80z,iv:/l2vAyYYJChhv6T+JkHT4I74ZpdhvbVqxlDWIM4Y4bw=,tag:/+uzn1vtd1RnO9/lGiQAKA==,type:str]
acme:
bunny: ENC[AES256_GCM,data:P2yROVUga9mORcq8VR/l0i4/2Vod1zvlYq+ZJLLNKow0SpblkwQX/i1ucQYAOkTTRddN+3C+t0zj1rMWkdLoaLjEUJJi3VsSxi+chV2FFiVKFQGEcg24,iv:aQvGgGLsgRGoEmwTgZHR8Jm/MYxmGtVTT/fZKaTLeMs=,tag:m3ssF4O8qs4yxvMu6yUcjw==,type:str]
dnsimple: ENC[AES256_GCM,data:37FKyBibFtXZgI4EduJQ0z8F+shBc5Q6YlLa3YkVPh9XuJVS20eybi75bfJxiozcZ9d+YRaqcbkBQCSdFOCotDU=,iv:oq3JjqbfAm2C4jcL1lvUb2EOmnwlR07vPoO8H0BmydQ=,tag:E3NO/jMElL6Q817666gIyg==,type:str]
server-validation: server-validation:
webhook: ENC[AES256_GCM,data:Lwqy4UhyFutpXjai7EJPKp8MDlI+ayDna4T8jluvC6qkeJ7o1UaaDCOsgLy4Fw7LC77tXhJtkcmep9w37JaiHp2CoDOfy2iAaq8o9CCSi/a0zqMJx+HdZYZNemvmpc6E/be0K+JDrFZLbjr3unSpCidQ3whccC6XyY013R12swN3bFZIu1gtzXCgUZ4U,iv:pVbrRwH3ziu4+R5BfimPV7N71QmyerJEc9M5K4eofOc=,tag:zNrCXrIioQWPEPVz/wMDpQ==,type:str] webhook: ENC[AES256_GCM,data:d8drMmXcbWCGwOanYr6jUCz5+d1bgTrPKMl4yxFi49oapqFUFSQo2pA3bP9DA2n0b63ZJp1IDyJGBRGjFUsSC8EkKQsYMIm962o++D4h7/l9GZU2TBcn5VgvSldETgwloMg92i3zEApNCeZTtwFwJuJTwmUsZmg528Kj7SBcDw4H18dW8MMfgzBTkZUh,iv:F/UtYjWNoG1la1xaNevRXP/4lNT2TgYfmukbncHILDA=,tag:fJpdG5di6j8Wm54KLHZEsg==,type:str]
typhon:
hashedPassword: ENC[AES256_GCM,data:gMyY8gxUn3HzycQRu2cminqRFWghqWcjzZzTxAQZ5PJqn604iSwDiVdr7icHB7drJfCAfsE7L4oKRJgxaIAE32043oOkb2T7DDH8y2jxMzqmZCfbvrfMI4wdfRTHGqzxb6X/aZ5ai2rr1Q==,iv:4EsTo/lQld0o9iktDX9gobMlPUCitx1i9wn8EL16sIs=,tag:FgVDRHk2glDwpC/mprrPqQ==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -38,26 +23,26 @@ sops:
- recipient: age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh - recipient: age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFcWo4V1QyZS9HbHNwT3Jl YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzcTQ4SVM3dVN4UWZCSXBs
ZktNR2gwZ3BiWnYwZHpLUzR2YTlmN0ZUeEhnCkF6ekdkN0U2VGM1RFVhdTM0RW5u dFo1S0ZyOEM3c3ZtYTcvZlVNYStDdXd0NjB3CjY0NWc4UkVGUk1ZdTBBLyt2L0lX
bWdreGZrU0JwNDY1TnR2S1M3OTdKaWcKLS0tIEVBekE2eU8rcEhpVkhhWmxPc3JN M0lRbXFwRzFWSTNndC92SU5kSkowb28KLS0tIFhjMnJzZHRoTmJONDk1RjVsRVZq
cXNZWmZqd0R0SmhINExscHBKWmxvblUKEFEQvt/zQFARba4S8vHz/1SoKdKg69At d241ZnZ2MWg3YVNBbkh2S0NqeE5PdFEKWqnQH4kZszkKZTSgur0c5hGMoMx9zBdz
LZ58XQGOmlGbBhPr7EzYQ2XSY4flWbnnD174cmCR8DNFm15DsNA5fw== tSvUbe2+WKX7q6y7XqsD1KjFI+POVDF+YN7H9ja96+JqvKRteXNhCg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-26T05:47:58Z" lastmodified: "2024-07-07T23:09:33Z"
mac: ENC[AES256_GCM,data:ZP9HglMmn9FDv6/vtQAxz/qP76QniPqM6bzMQVvVU/OhDmjuneGKZY7d1Es7LC9o5qmJ+T3Dh3/bkmuRdgdnd2TO6iuvM++DEPxwnoHis+0lbMxv5a6ibzvoXXm2CrL4HPETqLKbLahGJRmDNgnkCEWxAs16zrqe5kgDpD53R5c=,iv:DcCXNGyb41ToV9uSnrnrl0dWiw2pvykM8z86Yk814P4=,tag:T9PFl48qABwBSy7vIhSmLA==,type:str] mac: ENC[AES256_GCM,data:nr1JAEr2FGrYtiUhrQFsBPbiR+toxzYRZVPqq7zYBMeNy70a5jMgw6qm37M8Hmt7omO/KePE+Ol27FI9Aqn8OP3CQZoSWZbul+TTItV5UWC84G3MebaesnIiFQwbpM9hz08VoQ1zxUiUFnUY4bBr6okNSyJeqq/QmkkyqhK4Wlo=,iv:0MR7AiQEX2Cl7FUtRlxaY+R2oqSbanIhwaXAN/UnHH0=,tag:RpQCtsuelu3VQVB9HzJE+g==,type:str]
pgp: pgp:
- created_at: "2024-11-28T18:56:39Z" - created_at: "2024-09-05T06:10:49Z"
enc: |- enc: |-
-----BEGIN PGP MESSAGE----- -----BEGIN PGP MESSAGE-----
hF4DQWNzDMjrP2ISAQdAPOYlp/3ZJrcXZbu5+XI+BHNzMbzw7+YhTYOfNgujU1gw hF4DQWNzDMjrP2ISAQdAA1DGmMjNYHKHtel++ftsHqmQGqrjfL4VJTe62bEMfXcw
QfJDWAhiMd8cZF5PpX+RdN+Zrk5CCMgZH4hotv9gjf1oxitWuF2hv14k/RlAx8kr EQmF0itX7ns+GogeYeYaqxa0qraWzzGwsEDJOp+VJMmLPtw5999kdO1PikgyGkcV
1GgBCQIQB+LOoKIo7AHeucdV9NsM6H4Akv+Bzy8boarA4BGcyvgRWhS2u8zOQJc5 1GgBCQIQd5DwJiXbQ7bFPYPGg8xxEBeDsHYtKo0tv9uQi9Is0nYYHbI8+TuFUv2o
RKfRonTO51yjlKm0MEspvwrClO+aIuBaNNemuHdk4yhDUnNKVBFyLLOuqXbsFd+G Av5c+/hAX/1D4F8JDTnz7WbEO3X2H7VXNMQKQkYR1Ndds6ueyx1V4kFqQTD5qLG/
aSTmqvI3a/T5Cw== BpnwAmW4i9XVMg==
=ph+p =2NK4
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: 5EFFB75F7C9B74EAA5C4637547940175096C1330 fp: 5EFFB75F7C9B74EAA5C4637547940175096C1330
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.4 version: 3.8.1

17
systems/palatine-hill/typhon.nix
View File

@ -1,17 +0,0 @@
{ config, ... }:
let
vars = import ./vars.nix;
typhon_path = vars.primary_typhon;
in
{
services.typhon = {
enable = true;
hashedPasswordFile = config.sops.secrets."typhon/hashedPassword".path;
home = typhon_path;
};
sops.secrets = {
"typhon/hashedPassword".owner = "root";
};
}

20
systems/palatine-hill/vars.nix
View File

@ -1,20 +0,0 @@
rec {
zfs_primary = "/ZFS/ZFS-primary";
# primary
primary_act = "${zfs_primary}/act-runner";
primary_archiveteam = "${zfs_primary}/archiveteam";
primary_attic = "${zfs_primary}/attic";
primary_backups = "${zfs_primary}/backups";
primary_calibre = "${zfs_primary}/calibre";
primary_db = "${zfs_primary}/db";
primary_docker = "${zfs_primary}/docker";
primary_games = "${zfs_primary}/games";
primary_hydra = "${zfs_primary}/hydra";
primary_libvirt = "${zfs_primary}/libvirt";
primary_loki = "${zfs_primary}/loki";
primary_minio = "${zfs_primary}/minio";
primary_nextcloud = "${zfs_primary}/nextcloud";
primary_redis = "${zfs_primary}/redis";
primary_torr = "${zfs_primary}/torr";
}

18
treefmt.toml
View File

@ -12,21 +12,3 @@ command = "nixfmt"
#options = [] #options = []
# Glob pattern of files to include # Glob pattern of files to include
includes = [ "*.nix" ] includes = [ "*.nix" ]
[formatter.jsonfmt]
command = "jsonfmt"
excludes = []
includes = ["*.json"]
options = ["-w"]
[formatter.shfmt]
command = "shfmt"
excludes = []
includes = ["*.sh", "*.bash", "*.envrc", "*.envrc.*"]
options = ["-i", "2", "-s", "-w"]
[formatter.yamlfmt]
command = "yamlfmt"
excludes = []
includes = ["*.yaml", "*.yml"]
options = ["-formatter","indent=4"]

21
users/alice/home.nix
View File

@ -16,7 +16,6 @@
./home/gammastep.nix ./home/gammastep.nix
./home/doom ./home/doom
./home/hypr ./home/hypr
./home/waybar.nix
./non-server.nix ./non-server.nix
]; ];
@ -52,15 +51,12 @@
nil nil
# useful tools # useful tools
file
sqlite
ncdu ncdu
neofetch neofetch
onefetch
hyfetch
smartmontools smartmontools
wget wget
glances glances
obsidian
onefetch onefetch
# Rust packages # Rust packages
@ -69,7 +65,6 @@
diesel-cli diesel-cli
tealdeer tealdeer
helix helix
ripunzip
# nix specific packages # nix specific packages
nix-output-monitor nix-output-monitor
@ -90,9 +85,6 @@
nodejs_20 nodejs_20
nodePackages.prettier nodePackages.prettier
treefmt treefmt
gocryptfs
awscli2
]; ];
}; };
@ -113,7 +105,7 @@
eza = { eza = {
enable = true; enable = true;
icons = "auto"; icons = true;
git = true; git = true;
}; };
@ -144,7 +136,6 @@
"system" "system"
"nix" "nix"
"shell" "shell"
"poetry"
]; ];
}; };
}; };
@ -169,17 +160,11 @@
}; };
}; };
sops = lib.mkIf (!machineConfig.server) { sops = {
age.sshKeyPaths = [ "/home/alice/.ssh/id_ed25519_sops" ]; age.sshKeyPaths = [ "/home/alice/.ssh/id_ed25519_sops" ];
defaultSopsFile = ./secrets.yaml; defaultSopsFile = ./secrets.yaml;
secrets."alice/wakatime-api-key".path = "/home/alice/.config/doom/wakatime"; secrets."alice/wakatime-api-key".path = "/home/alice/.config/doom/wakatime";
}; };
nix.gc = {
automatic = true;
frequency = "weekly";
options = "--delete-older-than 30d";
};
home.stateVersion = "23.11"; home.stateVersion = "23.11";
} }

6
users/alice/home/doom/custom.el
View File

@ -19,9 +19,3 @@
(setq! lsp-enable-suggest-server-download nil) (setq! lsp-enable-suggest-server-download nil)
;; (keychain-refresh-environment) ;; (keychain-refresh-environment)
(setq! lsp-nix-nil-max-mem 20000)
(setq! lsp-nix-nil-formatter ["nixfmt"])
;; (add-hook 'python-mode-hook (lambda ()
;; (require 'sphinx-doc)
;; (sphinx-doc-mode t)))

2
users/alice/home/doom/init.el
View File

@ -133,7 +133,7 @@
;;fsharp ; ML stands for Microsoft's Language ;;fsharp ; ML stands for Microsoft's Language
;;fstar ; (dependent) types and (monadic) effects and Z3 ;;fstar ; (dependent) types and (monadic) effects and Z3
;;gdscript ; the language you waited for ;;gdscript ; the language you waited for
(go +lsp +tree-sitter) ; the hipster dialect ;;(go +lsp +tree-sitter) ; the hipster dialect
;;(graphql +lsp) ; Give queries a REST ;;(graphql +lsp) ; Give queries a REST
;;(haskell +lsp) ; a language that's lazier than I am ;;(haskell +lsp) ; a language that's lazier than I am
;;hy ; readability of scheme w/ speed of python ;;hy ; readability of scheme w/ speed of python

7
users/alice/home/doom/packages.el
View File

@ -80,10 +80,3 @@
(package! pacdiff.el (package! pacdiff.el
:recipe (:host github :repo "fbrosda/pacdiff.el" :files ("pacdiff.el" "README.org" "LICENSE"))) :recipe (:host github :repo "fbrosda/pacdiff.el" :files ("pacdiff.el" "README.org" "LICENSE")))
;;(package! python-docstring-mode
;; :recipe (:host github :repo "glyph/python-docstring-mode" :files ("python-docstring.el" "docstring_wrap.py")))
;;(package! sphinx-doc)
;; https://github.com/glyph/python-docstring-mode.git

15
users/alice/home/git.nix
View File

@ -11,15 +11,15 @@
userName = "ahuston-0"; userName = "ahuston-0";
aliases = { aliases = {
gone = '' gone = ''
!git for-each-ref --format '%(refname:short) %(upstream)' | # dump all older branches !git fetch -p && git for-each-ref --format '%(refname:short) %(upstream:track)' | # dump all branches
awk 'NF < 2 {print $1}' | # get nuked branches awk '$2 == "[gone]" {print $1}' | # get nuked branches
grep -Pv "(^origin/|^origin$|stash)" | # filter out remotes & stash
sed 's/\\x27/\\x5C\\x27/' | # remove single quotes, for xargs reasons sed 's/\\x27/\\x5C\\x27/' | # remove single quotes, for xargs reasons
xargs -r git branch -D # nuke the branches xargs -r git branch -D; # nuke the branches
# !git fetch -p && git for-each-ref --format '%(refname:short) %(upstream:track)' | # dump all branches # git for-each-ref --format '%(refname:short) %(upstream)' | # dump all older branches
# awk '$2 == "[gone]" {print $1}' | # get nuked branches # awk 'NF < 2 {print $1}' | # get nuked branches
# grep -Pv "(^origin/|^origin$|stash)" | # filter out remotes & stash
# sed 's/\\x27/\\x5C\\x27/' | # remove single quotes, for xargs reasons # sed 's/\\x27/\\x5C\\x27/' | # remove single quotes, for xargs reasons
# xargs -r git branch -D; # nuke the branches # # xargs -r git branch -D # nuke the branches
''; '';
}; };
extraConfig = { extraConfig = {
@ -27,7 +27,6 @@
pull.rebase = true; pull.rebase = true;
color.ui = true; color.ui = true;
init.defaultBranch = "main"; init.defaultBranch = "main";
format.signoff = true;
}; };
}; };
} }

6
users/alice/home/hypr/default.nix
View File

@ -8,11 +8,5 @@
{ {
xdg.configFile = { xdg.configFile = {
"hypr/hyprland.conf".source = ./hyprland.conf; "hypr/hyprland.conf".source = ./hyprland.conf;
"hypr/show-hide.sh".source = ./show-hide.sh;
}; };
imports = [
./hyprlock.nix
./hypridle.nix
];
} }

47
users/alice/home/hypr/hypridle.nix
View File

@ -1,47 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
services.hypridle = {
enable = true;
settings = {
general = {
lock_cmd = "pidof hyprlock || hyprlock --immediate --immediate-render"; # avoid starting multiple hyprlock instances.
before_sleep_cmd = "loginctl lock-session"; # lock before suspend.
after_sleep_cmd = "hyprctl dispatch dpms on"; # to avoid having to press a key twice to turn on the display.
};
listener = [
{
timeout = 150; # 2.5min.
on-timeout = "${pkgs.brightnessctl}/bin/brightnessctl -s set 1"; # set monitor backlight to minimum, avoid 0 on OLED monitor.
on-resume = "${pkgs.brightnessctl}/bin/brightnessctl -r"; # monitor backlight restore.
}
# turn off keyboard backlight, comment out this section if you dont have a keyboard backlight.
{
timeout = 150; # 2.5min.
on-timeout = "${pkgs.brightnessctl}/bin/brightnessctl -sd rgb:kbd_backlight set 0"; # turn off keyboard backlight.
on-resume = "${pkgs.brightnessctl}/bin/brightnessctl -rd rgb:kbd_backlight"; # turn on keyboard backlight.
}
{
timeout = 300; # 5min
on-timeout = "loginctl lock-session"; # lock screen when timeout has passed
}
{
timeout = 330; # 5.5min
on-timeout = "hyprctl dispatch dpms off"; # screen off when timeout has passed
on-resume = "hyprctl dispatch dpms on"; # screen on when activity is detected after timeout has fired.
}
{
timeout = 1800; # 30min
on-timeout = "systemctl suspend"; # suspend pc
}
];
};
};
}

23
users/alice/home/hypr/hyprland.conf
View File

@ -20,10 +20,6 @@ monitor=,preferred,auto,auto
# Execute your favorite apps at launch # Execute your favorite apps at launch
# exec-once = waybar & hyprpaper & firefox # exec-once = waybar & hyprpaper & firefox
exec-once = wired &
exec-once = wired
exec-once = systemctl --user start polkit-gnome-authentication-agent-1.service
# Source a file (multi-file configs) # Source a file (multi-file configs)
# source = ~/.config/hypr/myColors.conf # source = ~/.config/hypr/myColors.conf
@ -81,12 +77,10 @@ decoration {
passes = 1 passes = 1
} }
shadow { drop_shadow = yes
enabled = yes shadow_range = 4
range = 4 shadow_render_power = 3
render_power = 3 col.shadow = rgba(1a1a1aee)
color = rgba(1a1a1aee)
}
} }
animations { animations {
@ -197,7 +191,7 @@ bindm = $mainMod, mouse:273, resizewindow
# screenshots # screenshots
bind = $mainMod, A, exec, grimblast copy area bind = $mainMod, A, exec, grimblast copy area
bind = $mainMod SHIFT, A, exec, grimblast save area "/home/alice/Pictures/Screenshots/screenshot_$(date +%Y-%m-%d-%H%M ).png" bind = $mainMod SHIFT, A, exec, grimblast save area "~/Pictures/Screenshots/screenshot_$(date +%Y-%m-%d-%H%M ).png"
# zoom issue # zoom issue
bind = $mainMod, K, exec, pkill zoom; zoom bind = $mainMod, K, exec, pkill zoom; zoom
@ -207,10 +201,3 @@ bind = $mainMod, escape, exec, hyprctl reload
# open bwm # open bwm
bind = $mainMod, P, exec, bwm bind = $mainMod, P, exec, bwm
# lock screen
bind = $mainMod, L, exec, loginctl lock-session
# hide active window
bind = $mainMod,H,exec,/home/alice/config/hypr/hide_unhide_window.sh h
# show hide window
bind = $mainMod,I,exec,/home/alice/config/hypr/hide_unhide_window.sh s

89
users/alice/home/hypr/hyprlock.nix
View File

@ -1,89 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
programs.hyprlock = {
enable = true;
settings = {
general = {
immediate_render = true;
# disabling as config doesn't exist
#no_fade_in = true;
};
background = {
monitor = "";
# path = /home/me/someImage.png # supports png, jpg, webp (no animations, though)
path = lib.mkForce "screenshot";
# disabling due to stylix
# color = "rgba(25, 20, 20, 1.0)";
# all these options are taken from hyprland, see https://wiki.hyprland.org/Configuring/Variables/#blur for explanations
blur_passes = 3; # 0 disables blurring
blur_size = 7;
noise = 1.17e-2;
contrast = 0.8916;
brightness = 0.8172;
vibrancy = 0.1696;
vibrancy_darkness = 0.0;
};
image = {
monitor = "";
path = "/home/alice/Pictures/PXL_20240408_192537608-EDIT.jpg";
size = 350; # lesser side if not 1:1 ratio
rounding = -1; # negative values mean circle
border_size = 4;
border_color = "rgb(221, 221, 221)";
rotate = 0; # degrees, counter-clockwise
reload_time = -1; # seconds between reloading, 0 to reload with SIGUSR2
reload_cmd = ""; # command to get new path. if empty, old path will be used. don't run "follow" commands like tail -F
position = "0, 100";
halign = "center";
valign = "center";
};
input-field = {
monitor = "";
size = "400, 50";
outline_thickness = 3;
dots_size = 0.33; # Scale of input-field height, 0.2 - 0.8
dots_spacing = 0.15; # Scale of dots' absolute size, -1.0 - 1.0
dots_center = false;
dots_rounding = -1; # -1 default circle, -2 follow input-field rounding
# disabling as config doesn't exist
# dots_fade_time = 200; # Milliseconds until a dot fully fades in
dots_text_format = ""; # Text character used for the input indicator. Leave empty for a rectangle that will be rounded via dots_rounding (default).
# disabling due to stylix
# outer_color = "rgb(151515)";
# inner_color = "rgb(200, 200, 200)";
# font_color = "rgb(10, 10, 10)";
font_family = "Noto Sans"; # Font used for placeholder_text, fail_text and dots_text_format.
fade_on_empty = false;
fade_timeout = 1000; # Milliseconds before fade_on_empty is triggered.
placeholder_text = "<i>Input Password...</i>"; # Text rendered in the input box when it's empty.
hide_input = false;
rounding = -1; # -1 means complete rounding (circle/oval)
#check_color = "rgb(204, 136, 34)";
#fail_color = "rgb(204, 34, 34)"; # if authentication failed, changes outer_color and fail message color
fail_text = "<i>$FAIL <b>($ATTEMPTS)</b></i>"; # can be set to empty
fail_timeout = 2000; # milliseconds before fail_text and fail_color disappears
# disabling as config doesn't exist
#fail_transition = 300; # transition time in ms between normal outer_color and fail_color
capslock_color = -1;
numlock_color = -1;
bothlock_color = -1; # when both locks are active. -1 means don't change outer color (same for above)
invert_numlock = false; # change color if numlock is off
swap_font_color = false; # see below
position = "0, -200";
halign = "center";
valign = "center";
};
};
};
}

25
users/alice/home/hypr/show-hide.sh
View File

@ -1,25 +0,0 @@
#!/usr/bin/env bash
stack_file="/tmp/hide_window_pid_stack.txt"
function hide_window() {
pid=$(hyprctl activewindow -j | jq '.pid')
hyprctl dispatch movetoworkspacesilent "88,pid:$pid"
echo "$pid" >>$stack_file
}
function show_window() {
pid=$(tail -1 $stack_file && sed -i '$d' $stack_file)
[ -z "$pid" ] && exit
current_workspace=$(hyprctl activeworkspace -j | jq '.id')
hyprctl dispatch movetoworkspacesilent "$current_workspace,pid:$pid"
}
if [ -n "$1" ]; then
if [ "$1" == "h" ]; then
hide_window >>/dev/null
else
show_window >>/dev/null
fi
fi

40
users/alice/home/waybar.json
View File

@ -1,40 +0,0 @@
[
{
"height": 20,
"layer": "top",
"position": "top",
"output": [
"eDP-2",
"eDP-1",
"HDMI-0",
"DP-0"
],
"hyprland/workspaces": {
"active-only": true,
"all-outputs": false,
"show-special": true,
"move-to-monitor": true,
"format": "{icon} {windows}",
"format-window-separator": " ",
"format-icons": {
"1": "󰎤",
"2": "󰎧",
"3": "󰎪",
"default": "",
"empty": "󱓼",
"urgent": "󱨇"
},
"persistent-workspaces": {
"1": "HDMI-0"
},
"on-scroll-down": "hyprctl dispatch workspace e-1",
"on-scroll-up": "hyprctl dispatch workspace e+1",
"window-rewrite": {
"title<Steam>": ""
},
"window-rewrite-default": "",
"window-rewrite-separator": " ",
"sort-by": "number"
}
}
]

2
users/alice/home/waybar.nix
View File

@ -2,6 +2,6 @@
lib.mkIf (!machineConfig.server) { lib.mkIf (!machineConfig.server) {
programs.waybar = { programs.waybar = {
enable = true; enable = true;
settings = builtins.fromJSON (builtins.readFile ./waybar.json); #settings = builtins.fromJSON (import ./waybar.json);
}; };
} }

16
users/alice/home/zsh.nix
View File

@ -4,6 +4,7 @@
programs.zsh = { programs.zsh = {
enable = true; enable = true;
# autosuggestion.enable = true;
oh-my-zsh = { oh-my-zsh = {
enable = true; enable = true;
plugins = [ plugins = [
@ -51,16 +52,12 @@
shellAliases = { shellAliases = {
"sgc" = "sudo git -C /root/dotfiles"; "sgc" = "sudo git -C /root/dotfiles";
## SSH ## SSH
"ssh-init" = "ssh-init" = "ssh-add -t 2h ~/.ssh/id_rsa_tails ~/.ssh/id_ed25519_tails ~/.ssh/id_rsa_palatine ~/.ssh/id_ed25519_palatine ~/.ssh/id_ed25519_rota ~/.ssh/id_ed25519_gh";
"ssh-add -t 2h ~/.ssh/id_rsa_tails ~/.ssh/id_ed25519_tails ~/.ssh/id_rsa_palatine ~/.ssh/id_ed25519_palatine ~/.ssh/id_ed25519_rota ~/.ssh/id_ed25519_gh";
## Backups ## Backups
"borgmatic-backup-quick" = "borgmatic-backup-quick" = "sudo borgmatic --log-file-verbosity 2 -v1 --progress --log-file=/var/log/borgmatic.log -c /etc/borgmatic/config_checkless.yaml";
"sudo borgmatic --log-file-verbosity 2 -v1 --progress --log-file=/var/log/borgmatic.log -c /etc/borgmatic/config_checkless.yaml"; "borgmatic-backup-full" = "sudo borgmatic --log-file-verbosity 2 -v1 --log-file=/var/log/borgmatic.log -c /etc/borgmatic/config_full_arch.yaml";
"borgmatic-backup-full" = "umount-backup" = "sudo borgmatic umount --mount-point /home/alice/backup -c /etc/borgmatic/config_checkless.yaml";
"sudo borgmatic --log-file-verbosity 2 -v1 --log-file=/var/log/borgmatic.log -c /etc/borgmatic/config_full_arch.yaml";
"umount-backup" =
"sudo borgmatic umount --mount-point /home/alice/backup -c /etc/borgmatic/config_checkless.yaml";
"restic-backup" = "/home/alice/Scripts/restic/backup.sh"; "restic-backup" = "/home/alice/Scripts/restic/backup.sh";
## VPN ## VPN
@ -92,8 +89,7 @@
# applications (rofi entries) # applications (rofi entries)
"ARMEclipse" = "nohup /opt/DS-5_CE/bin/eclipse &"; "ARMEclipse" = "nohup /opt/DS-5_CE/bin/eclipse &";
"Wizard101-old" = "prime-run playonlinux --run Wizard\\ 101"; "Wizard101-old" = "prime-run playonlinux --run Wizard\\ 101";
"Wizard101" = "Wizard101" = "prime-run ~/.wine/drive_c/ProgramData/KingsIsle Entertainment/Wizard101/Wizard101.exe";
"prime-run ~/.wine/drive_c/ProgramData/KingsIsle Entertainment/Wizard101/Wizard101.exe";
"Pirate101" = "prime-run playonlinux --run Pirate\\ 101"; "Pirate101" = "prime-run playonlinux --run Pirate\\ 101";
"octave" = "prime-run octave --gui"; "octave" = "prime-run octave --gui";
"pc-firefox" = "proxychains firefox -P qbit -no-remote -P 127.0.0.1:9050"; "pc-firefox" = "proxychains firefox -P qbit -no-remote -P 127.0.0.1:9050";

9
users/alice/non-server.nix
View File

@ -3,7 +3,7 @@
{ {
programs.emacs = { programs.emacs = {
enable = true; enable = true;
package = pkgs.emacs30-pgtk; package = pkgs.emacs29-pgtk;
}; };
home.packages = with pkgs; [ home.packages = with pkgs; [
cmake cmake
@ -49,9 +49,6 @@
hunspellDicts.en-us hunspellDicts.en-us
languagetool languagetool
# latex
texlive.combined.scheme-medium
# dependencies for nix-dotfiles/hydra-check-action # dependencies for nix-dotfiles/hydra-check-action
nodejs_20 nodejs_20
nodePackages.prettier nodePackages.prettier
@ -62,8 +59,6 @@
bitwarden-menu bitwarden-menu
wtype wtype
zathura zathura
obsidian
libreoffice-qt-fresh
wlr-randr
]; ];
} }

18
users/alice/secrets.yaml
View File

@ -2,15 +2,13 @@ alice:
user-password: ENC[AES256_GCM,data:+cM85X1vapqfQdJ+Dv6YvT5qHlvsmaXPRbvKRHtCkPT3wdw4f7tLHLFmvWnak7CRezI00PxVEtCZL5mqLyN2HaU4OqIk/9fgqczIzemwBlMGJt+ndwG4oqBqE0ymtzmy8MA59wonRqoxzYKQfAGQsprdCIovrg==,iv:BtSDBgvQeZdTY1KUClnt9V8qHcS/gouaaQw342tk4Sg=,tag:T7tzyKuCo83s78ca7f4KDQ==,type:str] user-password: ENC[AES256_GCM,data:+cM85X1vapqfQdJ+Dv6YvT5qHlvsmaXPRbvKRHtCkPT3wdw4f7tLHLFmvWnak7CRezI00PxVEtCZL5mqLyN2HaU4OqIk/9fgqczIzemwBlMGJt+ndwG4oqBqE0ymtzmy8MA59wonRqoxzYKQfAGQsprdCIovrg==,iv:BtSDBgvQeZdTY1KUClnt9V8qHcS/gouaaQw342tk4Sg=,tag:T7tzyKuCo83s78ca7f4KDQ==,type:str]
#ENC[AES256_GCM,data:6+dLs8opC27IrHJCPfL2c7KiLbaQTqI6oRKpIZLR4+P9gTupziAhCm/G7RY01gVPSgxdBpJ6L4xVbcMEg9hDKBMI4naF9arNrFsV6WXNc+LA5BYyT9L9G1nDea8fPFYDSF2537eLgLqWNE1WSsUOrz/WOxbE6g==,iv:AxsdKmGz6qEYlWY08q/2hqsm0EXaqodwD/7OJg4FAIY=,tag:EgfL3I1VBXtFgIdTOW5eBA==,type:comment] #ENC[AES256_GCM,data:6+dLs8opC27IrHJCPfL2c7KiLbaQTqI6oRKpIZLR4+P9gTupziAhCm/G7RY01gVPSgxdBpJ6L4xVbcMEg9hDKBMI4naF9arNrFsV6WXNc+LA5BYyT9L9G1nDea8fPFYDSF2537eLgLqWNE1WSsUOrz/WOxbE6g==,iv:AxsdKmGz6qEYlWY08q/2hqsm0EXaqodwD/7OJg4FAIY=,tag:EgfL3I1VBXtFgIdTOW5eBA==,type:comment]
#ENC[AES256_GCM,data:vUMcowHjlQA0RWflfaQhZKkalO39epYi6N9PPW8=,iv:6DFqHlQR+mi+ZkfMUhlhwvpMwnxXNfQV6+sYgPzSj4I=,tag:Pz1zJayscGckPO8Q2ZVb4g==,type:comment] #ENC[AES256_GCM,data:vUMcowHjlQA0RWflfaQhZKkalO39epYi6N9PPW8=,iv:6DFqHlQR+mi+ZkfMUhlhwvpMwnxXNfQV6+sYgPzSj4I=,tag:Pz1zJayscGckPO8Q2ZVb4g==,type:comment]
gha-hydra-token: ENC[AES256_GCM,data:CXdOiW9oYaVj4oqfiXSz9O9xIsB5ZyUac2WFSFD1ankZpnmQpv9TwolJxb6h8r+UM7Q9QzCCWk7KHe80lolZhpHa79bpcj+wt9v51ydj0Zy+3sufHS+JnGwmqBbw6dVqJ2uBr4nW2NADzHEbG8N367uKYEq2vazB4y02JiopXL8DHsYcx+Z4u7GJC/gYbpm9vnt8OVdYmfYRQ9BGSiaJOghDzpmCisEZdLpCLXM3cULn8yVUXIFWx8yF/6JrWN+myeoZiUFCL2sZmeSIswFg9kwBKXIsjBrz+EDXZzDCEr88UrEJ0j2+egsrG9BNlstVwC8oscYdbXWmYUdsCBNVxK3xjJYm9gDdSyo0DfSvTzK1t+/s9L1zC8uqj2TXYdVd6QyH2TRXxiPeNLYClRHT2UljymSpIVXOn/Okuo7dte+ZZqZVndT1lwK//2y8V3Hng+5wixfFFsQAd5oJzfraRSnM+RLZtjI3TMoyc5no3pVwV6zsCqRd2nvr7gieXUMWtSLb6YrM6tvhRpeiieYUqQ8NwHV0Avqco0I838o5yywVGSnUflGxnwYoGQIX70qoTcxNPGuiiiqSynh64e3nrlC9xN6EWuFpUNVfkBibZNRi+EyDAhK7LKwiPbL2z919N54vyzzoWA1KUFqxow+JsX+Q8rpnfJtag44F5qFt3/Be5PIMYVU7acXTiVJvM3cKPMQIBPXpQFX5OshwGhttGFuB53aWPHCzlhT4NDQbcZ/rLQ3bcytVpnH55WWze0Oe0zUZYGFc/rV9Fc4QjhR7/8pAi9kGUlKy2MYBamjmnCWlOnHPIQQLpPs/oiW+,iv:KL2P3O8Fnbn56hLX8PWIrigoPTBfIvMUpizKy3C3RIA=,tag:G0M/9iT9IWUSJ5ktUc/g5A==,type:str] gha-hydra-token: ENC[AES256_GCM,data:rYDYIn7MAF4pSZQj+Nln2z9J+AxvuSzumthL86njpKETutArrw+9iX2hHJt5t513NHH03tMtZOFqM60/pzWg4YXVQOSpQmq8QOelD7qCdfCr4Z2QSeOHqXqwKy21iWtoVbxOXWunVxLzkWMJrpHkpVsiBA75Nv66ftKEjN80QNGik6xQE1iPsCB2JHeqYNIr8gtPkCr7H5Pt4yBBO/1rsyONrbNlwmzVX78eqXxmc43XOiNVjEsk8ekJxJ9mn5S6JcPNehBcnZA0kWAIxvtDIPYKnz4YBIXoilBbjgytXL8nw3PkEX27x5yeg9KfxPxO/4CGoi5wfKsYuEynBdWbHtj6a3H0AvA9KIZzktTRNJFU3ZW8UveSCXY4YHl0NREJ8kbIUgkkE7PWeyzGenGFTPMahTA0rKSa+tWPQ1c00lvo9VS3/7pfeJfZEKS7R2xBaEDZrfffHyB5PLTQOGpWl5y40wTn4HdBlyQwoREvobOaKVZEyWtVvJcUeHDPepgEHGVDzwyTelX8Btb6ZNA0Fur8xvpkLZcLmMhbvCdkjq84ztJ36nQQ5JZthecyqcZTWPyfWtPeoUPVIaxn31oLjwsriDwdQmID6twTjC9PT8nBZD/u0JebOCdeYf8fm9q49SaN2w/ZMdSRWucHUsRXeN9O149vYoOqR28H+8v/tYJdqofJpHKrIBs=,iv:GcEV6f4rqkrpCafeaLNMqqU/vBNE0xHbqokL2gMXHYw=,tag:sCHvUgq1w8npedjIAninrA==,type:str]
wakatime-api-key: ENC[AES256_GCM,data:ITu5pRySYGCJ6q9IQ35NfpGX2FyIJRYHGDeBiq0btzIrqitxcFox1Vc=,iv:HsXpyFHV7dG5qORk26BtD+kFo4Jdq2c4fozMpoqyDfU=,tag:uaQoXvvYqNfmRXVDVH8AoQ==,type:str] wakatime-api-key: ENC[AES256_GCM,data:ITu5pRySYGCJ6q9IQ35NfpGX2FyIJRYHGDeBiq0btzIrqitxcFox1Vc=,iv:HsXpyFHV7dG5qORk26BtD+kFo4Jdq2c4fozMpoqyDfU=,tag:uaQoXvvYqNfmRXVDVH8AoQ==,type:str]
attic-nix-cache-creator: ENC[AES256_GCM,data:ygWuPJfFZQVHtJ83DfB7VB84PNF0knLkOwD4A67NMNp8pU9pA9lI56RSyKDkFd+qYRBSeEXSepbSOA+BhvQaCZiVEiao3LBlh7/6Sp5ni+Rdt3hGKcd+JRQyedEmTkg9h8NbtR6LvI90EiMhyVg6WLCzlGAtFFBcSvIqssrC/KDHCjd4uMzXeW23wUB40dU1PpwkLPtcNVvIzgxqYRsRPFOXZxGxQYGpBWtzDveqgmeLwavhU481wHfCwqpyXJZflbR+UzWdr+zbmSFdJadlLdHeooNGvRC+av0MK4YMCCgu1Em34IeawpiesFhhj/IVGa2xQWjXE0MF3SDLvlh5yMqNPodTZ7FAEZgD7rTYIbaH8JHiYbgI6v7/ANPcFqw2eKT7wVP8cTL1yPedcZcU,iv:J7JYA98NHxM0tExfUdjkir6/+tkOkPLMBNdjXBP9fbA=,tag:WaCWmrzLgr9lDUL+jxeMNA==,type:str]
attic-nix-cache-reader: ENC[AES256_GCM,data:78jJJh332XvFx29HxNW7CULMNMsQ2xMTCIIk5oX5AimBoFXXVH7z9EGFbDimwfaYlsPK6xuU+9mnCnhCjCoGFRX9GQbW+Z2D9TGMsBfe3eztbWlcJ++EkWSCbHKEIGKTF13aRGrKRIOjIy9Gl3qZt4BnZtQPFMOzQO8u80M116u3w4ttqz9rzaIrXWB6GIMI5lWF5rQe5ML1vDgvL2KNMNkPAAm5O1Fv887woVcqxbPhiNhJGXBSiPZpe3PG8wP6z0GTe/GhMTPCOlVJIdsxKnEaRaTSAtVazFos5zSMvLYYrbj6ISoS9tEQ6bFMy6xl,iv:dGDSTtsQlwElerRXpT97uapzOh766bysZTQMjUEEJnM=,tag:OQOYmQqKywdSjUUXnELdpQ==,type:str]
attic-nix-cache-writer: ENC[AES256_GCM,data:IIrGw+MtZEZqJdNGPryN5xKg7UOP+0kjzpthhyRdQz0P3yS/vThSaV+VuduQq5WgnaNjXLA6LBU+cufmVmvrkeTkZ281976sLTbYzrPCW/hCy1+w7qdv6vauaFsLqtnmWlHNwCIkXbUvQWq56WvP6m1PuYaUIFYn3SUprQ1du+X0buK1FUOhSH4HXfiqpNJOomLhok9M0Tyzn8yK5Fn1dzmJ8tsgBczzhWeZzsj4TuksFLV2r6NXzeQp2jWQkxv39Eg6Lf+0eaHxWQFR4s2uKYzwdsDOnpSmUgXFTzVB6RGAEpasKkVZ2NfG4GeUKBFPDVJoR6ilLZA=,iv:e58OGCbgLIIzKfBALtrsYmWg9Gp0nySNYsJ3X5IWp4I=,tag:bnwBipVK3BSOizg8twQ4lQ==,type:str]
attic-nix-cache-admin: ENC[AES256_GCM,data:xHJGeU4EUn1HRy2nIValiJ6iLZnYmmT6Njv/cGMh15Q0hJXKNBSsi8f0mAfLI7EX+GaC299VKh2uTlU25jptrAvogLxNJIc+LZBLsSkyGE/ojqqevHMKmZ/6eciLZRQL5ey9TM3V9HHyDOhGaFgdfawtwg/vyvbV13lZBKpqneAX9T3gPRuKRjV4/Uc/5cUckiOF8bQ50xVFN8Cql9HgGDJEGWgg4XUTPu5eYspof2EN63pYvU7wg6HD2begeLDvqc2/i2DIcsc0wqc5DgkY/dH2YtcssBtU8AR9vKpl+HmH/wvt6dfaEyZ7hF7ITGwWnOO6H2ko3SjYRfHkFK3XDmm1YRRjfkptnw==,iv:BdVgNyZ1azl5tKfH+RTeXuNV/rYY6hPvrareKlIXSeQ=,tag:/ar87eAjMod4TmQXoerNBQ==,type:str]
gitea-actions-token: ENC[AES256_GCM,data:QTEPMAh1RWWJ/O3yhkQkEBTdVL8XhIRGCDbiM0lLjfILKF4SpSJ2sA==,iv:mBaaB1JHb2KVc9n2pdeX4pSMvb7q5z3joMT7rR5Whgs=,tag:ef+58SI4AUeqUsk3RVDsRQ==,type:str]
gitea-pr-token: ENC[AES256_GCM,data:ybTya4X2wd65pNFSGbQkg73lu66GNtSba4yf8J6tT8XkuOtfvtBS4g==,iv:39mJiAlw4kud4l06jOpxOCRumChE/5q8IBNsPHG1rMc=,tag:MEvHD2b9E3fVHLlz7haNyw==,type:str]
sops: sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: age:
- recipient: age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh - recipient: age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh
enc: | enc: |
@ -39,8 +37,8 @@ sops:
ZERFTlFyNjhOb3VCaW43ZXFHT1Vxc0UK7YV+BU7dCEOZxpqkQA394eDsnthvorj6 ZERFTlFyNjhOb3VCaW43ZXFHT1Vxc0UK7YV+BU7dCEOZxpqkQA394eDsnthvorj6
7bqrCdeU+6DU7DmFs6++BrNO2tx8vvOa1im+ZGrM/gZAJdv/7R2d6Q== 7bqrCdeU+6DU7DmFs6++BrNO2tx8vvOa1im+ZGrM/gZAJdv/7R2d6Q==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-04-07T23:43:57Z" lastmodified: "2024-08-20T23:15:03Z"
mac: ENC[AES256_GCM,data:ygQzxSpGJqXwkOq7jGDeflA2FTSSxnre/PXm0LxmxzQQW5s7LeIVSI75fMqWir0WU3Pi/xroYGEWjpCG6JvxV5RiJycTONk8VE7c3jtw3AbrHSS0b1K5tJ+Sf+q3rHJFWWk/COrPk8IsRFNb+taqH4jnaH3AAVNo5u0C1CHKMes=,iv:FO2GVDXE8SjjA81/9cDwc+dX8kJ2oHt5kqkhNBuMb54=,tag:hgzRAmsh32SCvJEvKyV+vg==,type:str] mac: ENC[AES256_GCM,data:VnLd4N2l7JTKA7f4eh9EKilW2f8mmEmLc06WbHASOn6N+MIGPHwyLjLbPVECuXiVl95cs0+uWsFOPEbLiS6XTB/gZE1OZMYqk0x7FVkQNxMdWwcVAQnncC6i/cdBTAx+GW1iF6Cf2eLY1wNNiASk/Bz8u3r4UJ4QFXuMovPsfxw=,iv:Cr1bAYrwlK+ClRFDsiUdEIqXDU7onubthDEQDlTM3S4=,tag:EyfcNB0xKrFRjbp517akpg==,type:str]
pgp: pgp:
- created_at: "2024-09-05T06:10:22Z" - created_at: "2024-09-05T06:10:22Z"
enc: |- enc: |-
@ -55,4 +53,4 @@ sops:
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: 5EFFB75F7C9B74EAA5C4637547940175096C1330 fp: 5EFFB75F7C9B74EAA5C4637547940175096C1330
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.10.1 version: 3.9.0

26
utils/attic-push.bash
View File

@ -1,26 +0,0 @@
#!/usr/bin/env nix
#! nix shell nixpkgs#bash nixpkgs#jq nixpkgs#gnused nixpkgs#nixVersions.latest nixpkgs#attic-client --command bash
#set -x
#set -v
set -e
# retrieve all paths under 2G
# nix_paths=$(nix path-info --json --all --closure-size \
# | jq 'map_values(.closureSize | select(. < 2e9)) | to_entries | sort_by(.value)' \
# | jq 'map(.key) | join("\n")' | sed -E -e 's/\\n/\n/g;s/^"//g;s/"$//g')
# retrieve all paths
nix_paths=$(nix path-info --json --all --closure-size |
jq 'map_values(.closureSize | select(true)) | to_entries | sort_by(.value)' |
jq 'map(.key) | join("\n")' | sed -E -e 's/\\n/\n/g;s/^"//g;s/"$//g')
readarray -t nix_path_array < <(echo "$nix_paths")
batchsize=1000
for ((i = 0; i < ${#nix_path_array[@]}; i += batchsize)); do
part=("${nix_path_array[@]:i:batchsize}")
attic push nix-cache "${part[@]}"
done

Some files were not shown because too many files have changed in this diff Show More