ahuston-0/nix-dotfiles
1
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity

Compare commits

base: ahuston-0:main
Branches Tags
ahuston-0:main
ahuston-0:feature/selinunte
ahuston-0:feature/ftb-app
ahuston-0:feature/hetzner-bridge
ahuston-0:feature/setting-up-greylog
ahuston-0:feature/build-cache
ahuston-0:hotfix/zfs-import
ahuston-0:feature/add-unpackerr
ahuston-0:feature/pscsd-yubikey
ahuston-0:feature/overseerr
ahuston-0:feature/onboarding-kubernetes
..
compare: ahuston-0:hotfix/zfs-import
Branches Tags
ahuston-0:main
ahuston-0:feature/selinunte
ahuston-0:feature/ftb-app
ahuston-0:feature/hetzner-bridge
ahuston-0:feature/setting-up-greylog
ahuston-0:feature/build-cache
ahuston-0:hotfix/zfs-import
ahuston-0:feature/add-unpackerr
ahuston-0:feature/pscsd-yubikey
ahuston-0:feature/overseerr
ahuston-0:feature/onboarding-kubernetes

1 Commits
main ... hotfix/zfs

Author SHA1 Message Date
ahuston-0
3e094a0a4f
fix ordering on postResumeCommands 
ZFS moved import from postDeviceCommands to postResumeCommands and now
my key import doesnt work :(

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>
 2024-10-20 18:38:40 -04:00
106 changed files with 829 additions and 4265 deletions
Show Stats Expand all files Collapse all files

9
.gitconfig
View File

@ -1,11 +1,6 @@
# run `grep -Pv "^#" .gitconfig >> .git/config` to append the merge config to your repo file :)
# run `git mergetool --tool=sops-mergetool <path to secret>/secrets.yaml` to use this once configured
# if for whatever reason the below doesn't work, try modifying the mergetool command as below
# find: $(git rev-parse --show-toplevel)/utils/sops-mergetool.sh
# replace: ./utils/sops-mergetool.sh
[mergetool "sops-mergetool"]
cmd = bash -c "$(git rev-parse --show-toplevel)/utils/sops-mergetool.sh \"\$BASE\" \"\$LOCAL\" \"\$REMOTE\" \"\$MERGED\""
cmd = bash -c "$(git --exec-path)/sops-mergetool.sh \"$BASE\" \"$LOCAL\" \"$REMOTE\" \"$MERGED\""
[merge]
tool = nvimdiff
[mergetool "nvimdiff"]
layout = MERGED
tool = nvimdiff3

69
.github/settings.yml vendored
View File

@ -4,44 +4,60 @@ repository:
# The name of the repository. Changing this will rename the repository
name: nix-dotfiles
# A short description of the repository that will show up on GitHub
description: RAD-Dev Infra
# A URL with more information about the repository
# homepage: "https://nix-community.org"
# A comma-separated list of topics to set on the repository
topics: "nixos"
# Either `true` to make the repository private, or `false` to make it public.
private: false
# Either `true` to enable issues for this repository, `false` to disable them.
has_issues: true
# Either `true` to enable projects for this repository, or `false` to disable them.
# If projects are disabled for the organization, passing `true` will cause an API error.
has_projects: true
# Either `true` to enable the wiki for this repository, `false` to disable it.
has_wiki: false
# Either `true` to enable downloads for this repository, `false` to disable them.
has_downloads: false
# Updates the default branch for this repository.
default_branch: main
# Either `true` to allow squash-merging pull requests, or `false` to prevent
# squash-merging.
allow_squash_merge: true
# Either `true` to allow merging pull requests with a merge commit, or `false`
# to prevent merging pull requests with merge commits.
allow_merge_commit: false
# Either `true` to allow rebase-merging pull requests, or `false` to prevent
# rebase-merging.
allow_rebase_merge: true
# Either `true` to enable automatic deletion of branches on merge, or `false` to disable
delete_branch_on_merge: true
# Either `true` to enable automated security fixes, or `false` to disable
# automated security fixes.
enable_automated_security_fixes: true
# Either `true` to enable vulnerability alerts, or `false` to disable
# vulnerability alerts.
enable_vulnerability_alerts: true
allow_auto_merge: true
# Labels: define labels for Issues and Pull Requests
#
labels:
@ -88,39 +104,53 @@ labels:
- name: automated
color: '#42b528'
description: PR was automatically generated (through a bot or CI/CD)
# Milestones: define milestones for Issues and Pull Requests
milestones:
- title: Go-Live
description: >-
All requirements for official go-live: - Automated testing via Hydra/Actions - Automated deployments via Hydra/Actions - 90+% testing coverage - Functional formatter with custom rules - palatine-hill is fully stable, enough so that jeeves can be migrated
All requirements for official go-live:
- Automated testing via Hydra/Actions
- Automated deployments via Hydra/Actions
- 90+% testing coverage
- Functional formatter with custom rules
- palatine-hill is fully stable, enough so that jeeves can be migrated
# The state of the milestone. Either `open` or `closed`
state: open
- title: Jeeves Migration
description: >-
Test common use-cases for Jeeves - Quadro GPU support - Multi-GPU support - Plex support - Docker support - ZFS support
Test common use-cases for Jeeves
- Quadro GPU support
- Multi-GPU support
- Plex support
- Docker support
- ZFS support
# Collaborators: give specific users access to this repository.
# See https://docs.github.com/en/rest/reference/repos#add-a-repository-collaborator for available options
collaborators:
# - username: numtide-bot
# Note: `permission` is only valid on organization-owned repositories.
# The permission to grant the collaborator. Can be one of:
# * `pull` - can pull, but not push to or administer this repository.
# * `push` - can pull and push, but not administer this repository.
# * `admin` - can pull, push and administer this repository.
# * `maintain` - Recommended for project managers who need to manage the repository without access to sensitive or destructive actions.
# * `triage` - Recommended for contributors who need to proactively manage issues and pull requests without write access.
# permission: push
# - username: numtide-bot
# Note: `permission` is only valid on organization-owned repositories.
# The permission to grant the collaborator. Can be one of:
# * `pull` - can pull, but not push to or administer this repository.
# * `push` - can pull and push, but not administer this repository.
# * `admin` - can pull, push and administer this repository.
# * `maintain` - Recommended for project managers who need to manage the repository without access to sensitive or destructive actions.
# * `triage` - Recommended for contributors who need to proactively manage issues and pull requests without write access.
# permission: push
# See https://docs.github.com/en/rest/reference/teams#add-or-update-team-repository-permissions for available options
teams:
# - name: admin
# The permission to grant the team. Can be one of:
# * `pull` - can pull, but not push to or administer this repository.
# * `push` - can pull and push, but not administer this repository.
# * `admin` - can pull, push and administer this repository.
# * `maintain` - Recommended for project managers who need to manage the repository without access to sensitive or destructive actions.
# * `triage` - Recommended for contributors who need to proactively manage issues and pull requests without write access.
# permission: admin
# - name: admin
# The permission to grant the team. Can be one of:
# * `pull` - can pull, but not push to or administer this repository.
# * `push` - can pull and push, but not administer this repository.
# * `admin` - can pull, push and administer this repository.
# * `maintain` - Recommended for project managers who need to manage the repository without access to sensitive or destructive actions.
# * `triage` - Recommended for contributors who need to proactively manage issues and pull requests without write access.
# permission: admin
branches:
# gh api -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" /repos/nix-community/infra/branches/master/protection
@ -135,6 +165,7 @@ branches:
# `Maximum pull requests to merge`: 5
# `Only merge non-failing pull requests`: true
# `Consider check failed after`: 60 minutes
- name: main
# https://docs.github.com/en/rest/reference/repos#update-branch-protection
# Branch Protection settings. Set to null to disable

33
.github/workflows/flake-health-checks.yml vendored
View File

@ -5,37 +5,16 @@ on:
pull_request:
branches: ["main"]
merge_group:
jobs:
health-check:
name: "Perform Nix flake checks"
runs-on: ubuntu-latest
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-latest]
steps:
- uses: DeterminateSystems/nix-installer-action@main
- name: Setup Attic cache
uses: ryanccn/attic-action@v0
with:
endpoint: ${{ secrets.ATTIC_ENDPOINT }}
cache: ${{ secrets.ATTIC_CACHE }}
token: ${{ secrets.ATTIC_TOKEN }}
skip-push: "true"
- uses: DeterminateSystems/magic-nix-cache-action@main
- uses: actions/checkout@v4
- run: nix flake check --accept-flake-config
- run: nix ./utils/attic-push.bash
# build-checks:
# name: "Build nix outputs"
# runs-on: ubuntu-latest
# steps:
# - uses: DeterminateSystems/nix-installer-action@main
# - name: Setup Attic cache
# uses: ryanccn/attic-action@v0
# with:
# endpoint: ${{ secrets.ATTIC_ENDPOINT }}
# cache: ${{ secrets.ATTIC_CACHE }}
# token: ${{ secrets.ATTIC_TOKEN }}
# skip-push: "true"
# - uses: actions/checkout@v4
# - name: Build all outputs
# run: nix run git+https://nayeonie.com/ahuston-0/flake-update-diff -- --build .
# - name: Push to Attic
# run: nix ./utils/attic-push.bash
# continue-on-error: true

131
.github/workflows/flake-update.yml vendored
View File

@ -5,108 +5,63 @@ on:
schedule:
- cron: "00 12 * * *"
jobs:
update_lockfile:
createPullRequest:
runs-on: ubuntu-latest
#if: github.ref == 'refs/heads/main' # ensure workflow_dispatch only runs on main
if: github.ref == 'refs/heads/main' # ensure workflow_dispatch only runs on main
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Install nix
uses: https://github.com/DeterminateSystems/nix-installer-action@main
- name: Setup Attic cache
uses: ryanccn/attic-action@v0
- uses: actions/checkout@v4
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
endpoint: ${{ secrets.ATTIC_ENDPOINT }}
cache: ${{ secrets.ATTIC_CACHE }}
token: ${{ secrets.ATTIC_TOKEN }}
skip-push: "true"
- name: Get pre-snapshot of evaluations
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Install Nix
uses: cachix/install-nix-action@v24
with:
extra_nix_config: |
experimental-features = nix-command flakes
install_url: https://releases.nixos.org/nix/nix-2.19.0/install
- uses: DeterminateSystems/magic-nix-cache-action@main
- name: Calculate pre-drv
run: nix ./utils/eval-to-drv.sh pre
- name: Update flake.lock
id: update
run: |
nix flake update 2> >(tee /dev/stderr) | awk '
/^• Updated input/ {in_update = 1; print; next}
in_update && !/^warning:/ {print}
/^$/ {in_update = 0}
' > update.log
echo "UPDATE_LOG<<EOF" >> $GITHUB_ENV
cat update.log >> $GITHUB_ENV
echo "EOF" >> $GITHUB_ENV
rm update.log
- name: Get post-snapshot of evaluations
- name: Pull latest docker images
run: nix ./utils/fetch-docker.sh
- name: Update flake.lock (part 1)
run: nix flake update
- name: Calculate post-drv
run: nix ./utils/eval-to-drv.sh post
- name: Calculate diff
run: nix ./utils/diff-evals.sh
- name: Read file contents
id: read_file
uses: guibranco/github-file-reader-action-v2@latest
with:
path: "post-diff"
- name: Write PR body template
uses: https://github.com/DamianReeves/write-file-action@v1.3
with:
path: pr_body.template
contents: |
- The following Nix Flake inputs were updated:
```
${{ env.UPDATE_LOG }}
```
```
${{ steps.read_file.outputs.contents }}
```
Auto-generated by [update.yml][1] with the help of
[create-pull-request][2].
[1]: https://nayeonie.com/ahuston-0/nix-dotfiles/src/branch/main/.github/workflows/flake-update.yml
[2]: https://forgejo.stefka.eu/jiriks74/create-pull-request
- name: Generate PR body
uses: pedrolamas/handlebars-action@v2.4.0 # v2.4.0
with:
files: "pr_body.template"
output-filename: "pr_body.md"
- name: Save PR body
id: pr_body
uses: juliangruber/read-file-action@v1
with:
path: "pr_body.md"
- name: Remove temporary files
- name: Read diff into environment
run: |
rm pr_body.template
rm pr_body.md
rm pre.json
rm post.json
rm post-diff
- name: Create Pull Request
id: create-pull-request
# uses: https://forgejo.stefka.eu/jiriks74/create-pull-request@7174d368c2e4450dea17b297819eb28ae93ee645
uses: https://nayeonie.com/ahuston-0/create-pull-request@main
delimiter="$(openssl rand -hex 8)"
{
echo "POSTDIFF<<${delimiter}"
cat post-diff
echo "${delimiter}"
} >> $GITHUB_ENV
- name: Restore flake.lock for next step
run: git restore flake.lock
- name: Update flake.lock
id: update
uses: DeterminateSystems/update-flake-lock@main
with:
token: ${{ secrets.GH_TOKEN_FOR_UPDATES }}
body: ${{ steps.pr_body.outputs.content }}
author: '"github-actions[bot]" <github-actions[bot]@users.noreply.github.com>'
title: 'automated: Update `flake.lock`'
commit-message: |
automated: Update `flake.lock`
pr-body: |
Automated changes by the [update-flake-lock](https://github.com/DeterminateSystems/update-flake-lock) GitHub Action.
${{ steps.pr_body.outputs.content }}
branch: update-flake-lock
delete-branch: true
```
{{ env.GIT_COMMIT_MESSAGE }}
```
```
{{ env.POSTDIFF }}
```
pr-labels: | # Labels to be set on the PR
dependencies
automated
- name: Push to Attic
run: nix ./utils/attic-push.bash
continue-on-error: true
- name: Print PR number
run: |
echo "Pull request number is ${{ steps.create-pull-request.outputs.pull-request-number }}."
echo "Pull Request URL - ${{ steps.cpr.outputs.pull-request-url }}"
permissions:
pull-requests: write
contents: write

1
.github/workflows/lock-health-checks.yml vendored
View File

@ -5,6 +5,7 @@ on:
pull_request:
branches: ["main"]
merge_group:
jobs:
health-check:
name: "Check health of `flake.lock`"

12
.github/workflows/nix-fmt.yml vendored
View File

@ -5,21 +5,13 @@ on:
pull_request:
branches: ["main"]
merge_group:
jobs:
health-check:
name: "Perform Nix format checks"
runs-on: ubuntu-latest
steps:
- uses: DeterminateSystems/nix-installer-action@main
- name: Setup Attic cache
uses: ryanccn/attic-action@v0
with:
endpoint: ${{ secrets.ATTIC_ENDPOINT }}
cache: ${{ secrets.ATTIC_CACHE }}
token: ${{ secrets.ATTIC_TOKEN }}
skip-push: "true"
- uses: DeterminateSystems/magic-nix-cache-action@main
- uses: actions/checkout@v4
- run: nix fmt -- --check .
- name: Push to Attic
run: nix ./utils/attic-push.bash
continue-on-error: true

12
.sops.yaml
View File

@ -1,6 +1,7 @@
keys:
# The PGP keys in keys/
- &admin_alice 5EFFB75F7C9B74EAA5C4637547940175096C1330
# Generate AGE keys from SSH keys with:
# ssh-keygen -A
# nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'
@ -10,8 +11,10 @@ keys:
#- &palatine-hill age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej
- &palatine-hill age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh
# cspell:enable
servers: &servers
- *palatine-hill
# add new users by executing: sops users/<user>/secrets.yaml
# then have someone already in the repo run the below
#
@ -26,21 +29,18 @@ creation_rules:
- *palatine-hill
- *artemision
- *artemision-home
- path_regex: systems/palatine-hill/secrets.*\.yaml$
key_groups:
- pgp:
- *admin_alice
age:
- *palatine-hill
- path_regex: systems/artemision/secrets.*\.yaml$
key_groups:
- pgp:
- *admin_alice
age:
- *artemision
- path_regex: systems/palatine-hill/docker/wg/.*\.conf$
key_groups:
- pgp:
- *admin_alice
age:
- *palatine-hill

4
.vscode/settings.json vendored
View File

@ -1,7 +1,5 @@
{
"cSpell.enableFiletypes": [
"nix"
],
"cSpell.enableFiletypes": ["nix"],
"cSpell.words": [
"aarch",
"abmlevel",

4
README.md
View File

@ -14,7 +14,9 @@ to onboard a new user or system.
Although we are not actively looking for new members to join in on this repo,
we are not strictly opposed. Please reach out to
[@ahuston-0](https://nayeonie.com/ahuston-0) for further information.
[@ahuston-0](https://github.com/ahuston-0) or
[@RichieCahill](https://github.com/RichieCahill)
for further information.
## Repo Structure

15
docs/CONTRIBUTING.md
View File

@ -40,12 +40,12 @@ and will eventually trip a check when merging to main.
| Branch Name | Use Case |
|------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| main | protected branch which all machines pull from, do not try to push directly |
| feature/\<item> | \<item> is a new feature added to the repo, for personal or common use |
| fixup/\<item> | \<item> is a non-urgent bug, PRs merging from these branches should be merged when possible, but are not considered mission-critical |
| hotfix/\<item> | \<item> is a mission-critical bug, either affecting all users or a breaking change on a user's machines. These PRs should be reviewed ASAP. This is automatically subject to the [Critical Issues](#critical-issues) process |
| urgent/\<item> | Accepted as an alias for the above, due to dev's coming from multiple standards and the criticality of these issues |
| exp/\<item> | \<item> is a non-critical experiment. This is used for shipping around potential new features or fixes to multiple branches |
| merge/\<item> | \<item> is a temporary branch and should never be merged directly to main. This is solely used for addressing merge conflicts which are too complex to be merged directly on branch |
| feature/\<item\> | \<item\> is a new feature added to the repo, for personal or common use |
| fixup/\<item\> | \<item\> is a non-urgent bug, PRs merging from these branches should be merged when possible, but are not considered mission-critical |
| hotfix/\<item\> | \<item\> is a mission-critical bug, either affecting all users or a breaking change on a user's machines. These PRs should be reviewed ASAP. This is automatically subject to the [Critical Issues](#critical-issues) process |
| urgent/\<item\> | Accepted as an alias for the above, due to dev's coming from multiple standards and the criticality of these issues |
| exp/\<item\> | \<item\> is a non-critical experiment. This is used for shipping around potential new features or fixes to multiple branches |
| merge/\<item\> | \<item\> is a temporary branch and should never be merged directly to main. This is solely used for addressing merge conflicts which are too complex to be merged directly on branch |
### Review Process
@ -107,7 +107,8 @@ rules.
We allow secrets to be embedded in the repository using `sops-nix`. As part of
the process everything is encrypted, however adding a new user is a change
that every existing SOPS user needs to participate in. Please reach out to
[@ahuston-0](https://nayeonie.com/ahuston-0) or if you are interested
[@ahuston-0](https://github.com/ahuston-0) or
[@RichieCahill](https://github.com/RichieCahill) if you are interested
in using secrets on your machines.
## CI/CD

6
docs/sample-setup.sh
View File

@ -54,6 +54,8 @@ if [ $PROCEED != "Y" ]; then
lsblk -ao NAME,FSTYPE,FSSIZE,FSUSED,SIZE,MOUNTPOINT
fi
if [ $CREATEPARTS = "Y" ]; then
# Create partition table
sudo parted "/dev/$DRIVE" -- mklabel gpt
@ -121,7 +123,7 @@ fi
DOTS="/mnt/root/dotfiles"
GC="git -C $DOTS"
sudo mkdir -p "$DOTS" || echo "directory $DOTS already exists"
sudo $GC clone https://nayeonie.com/ahuston-0/nix-dotfiles.git .
sudo $GC clone https://github.com/RAD-Development/nix-dotfiles.git .
sudo $GC checkout "$FEATUREBRANCH"
# Create ssh keys
@ -179,4 +181,4 @@ Host github.com
IdentityFile /root/.ssh/id_ed25519_ghdeploy
EOF
printf "%s" "$SSHCONFIG" | sudo tee /root/.ssh/config
sudo "$GC" remote set-url origin 'ssh://gitea@nayeonie.com:2222/ahuston-0/nix-dotfiles.git'
sudo "$GC" remote set-url origin 'git@github.com:RAD-Development/nix-dotfiles.git'

672
flake.lock generated
View File

@ -1,85 +1,72 @@
{
"nodes": {
"base16": {
"attic": {
"inputs": {
"fromYaml": "fromYaml"
"crane": "crane",
"flake-compat": [
"flake-compat"
],
"flake-parts": [
"flake-parts"
],
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": [
"nixpkgs-stable"
]
},
"locked": {
"lastModified": 1732200724,
"narHash": "sha256-+R1BH5wHhfnycySb7Sy5KbYEaTJZWm1h+LW1OtyhiTs=",
"owner": "SenchoPens",
"repo": "base16.nix",
"rev": "153d52373b0fb2d343592871009a286ec8837aec",
"lastModified": 1728577371,
"narHash": "sha256-f3bKclEV5t1eP1OH7kTGv/tLzlToSRIe0ktkdl1jihw=",
"owner": "zhaofengli",
"repo": "attic",
"rev": "e5c8d2d50981a34602358d917e7be011b2c397a8",
"type": "github"
},
"original": {
"owner": "SenchoPens",
"repo": "base16.nix",
"owner": "zhaofengli",
"repo": "attic",
"type": "github"
}
},
"base16-fish": {
"flake": false,
"crane": {
"inputs": {
"nixpkgs": [
"attic",
"nixpkgs"
]
},
"locked": {
"lastModified": 1622559957,
"narHash": "sha256-PebymhVYbL8trDVVXxCvZgc0S5VxI7I1Hv4RMSquTpA=",
"owner": "tomyun",
"repo": "base16-fish",
"rev": "2f6dd973a9075dabccd26f1cded09508180bf5fe",
"lastModified": 1722960479,
"narHash": "sha256-NhCkJJQhD5GUib8zN9JrmYGMwt4lCRp6ZVNzIiYCl0Y=",
"owner": "ipetkov",
"repo": "crane",
"rev": "4c6c77920b8d44cd6660c1621dea6b3fc4b4c4f4",
"type": "github"
},
"original": {
"owner": "tomyun",
"repo": "base16-fish",
"type": "github"
}
},
"base16-helix": {
"flake": false,
"locked": {
"lastModified": 1736852337,
"narHash": "sha256-esD42YdgLlEh7koBrSqcT7p2fsMctPAcGl/+2sYJa2o=",
"owner": "tinted-theming",
"repo": "base16-helix",
"rev": "03860521c40b0b9c04818f2218d9cc9efc21e7a5",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "base16-helix",
"type": "github"
}
},
"base16-vim": {
"flake": false,
"locked": {
"lastModified": 1732806396,
"narHash": "sha256-e0bpPySdJf0F68Ndanwm+KWHgQiZ0s7liLhvJSWDNsA=",
"owner": "tinted-theming",
"repo": "base16-vim",
"rev": "577fe8125d74ff456cf942c733a85d769afe58b7",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "base16-vim",
"rev": "577fe8125d74ff456cf942c733a85d769afe58b7",
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"firefox-addons": {
"inputs": {
"flake-utils": [
"flake-utils"
],
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"dir": "pkgs/firefox-addons",
"lastModified": 1744500178,
"narHash": "sha256-hHXOb7UW0JyNb96ZEuNj75f4hd4T+6ZZ76ir4Yc2okw=",
"lastModified": 1728965006,
"narHash": "sha256-TXBxJMGC6P+cn5La/lIgVzb9ETutsOI3A3urHihB7FA=",
"owner": "rycee",
"repo": "nur-expressions",
"rev": "42722da72350b489b83940fcfb45769a66fdc50b",
"rev": "f4947cf2d1a469b23fee54ad948c539f6aa431a7",
"type": "gitlab"
},
"original": {
@ -89,30 +76,14 @@
"type": "gitlab"
}
},
"firefox-gnome-theme": {
"flake": false,
"locked": {
"lastModified": 1743774811,
"narHash": "sha256-oiHLDHXq7ymsMVYSg92dD1OLnKLQoU/Gf2F1GoONLCE=",
"owner": "rafaelmardojai",
"repo": "firefox-gnome-theme",
"rev": "df53a7a31872faf5ca53dd0730038a62ec63ca9e",
"type": "github"
},
"original": {
"owner": "rafaelmardojai",
"repo": "firefox-gnome-theme",
"type": "github"
}
},
"flake-compat": {
"locked": {
"lastModified": 1733328505,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
"rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
"revCount": 69,
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"revCount": 57,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.1.0/01948eb7-9cba-704f-bbf3-3fa956735b52/source.tar.gz"
"url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
},
"original": {
"type": "tarball",
@ -124,33 +95,11 @@
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1743550720,
"narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=",
"lastModified": 1727826117,
"narHash": "sha256-K5ZLCyfO/Zj9mPFldf3iwS6oZStJcU4tSpiXTMYaaL0=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "c621e8422220273271f52058f618c94e405bb0f5",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
"stylix",
"nur",
"nixpkgs"
]
},
"locked": {
"lastModified": 1733312601,
"narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
"rev": "3d04084d54bedc3d6b8b736c70ef449225c361b1",
"type": "github"
},
"original": {
@ -166,11 +115,11 @@
]
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"lastModified": 1726560853,
"narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
"type": "github"
},
"original": {
@ -179,69 +128,6 @@
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": [
"stylix",
"systems"
]
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"fromYaml": {
"flake": false,
"locked": {
"lastModified": 1731966426,
"narHash": "sha256-lq95WydhbUTWig/JpqiB7oViTcHFP8Lv41IGtayokA8=",
"owner": "SenchoPens",
"repo": "fromYaml",
"rev": "106af9e2f715e2d828df706c386a685698f3223b",
"type": "github"
},
"original": {
"owner": "SenchoPens",
"repo": "fromYaml",
"type": "github"
}
},
"git-hooks": {
"inputs": {
"flake-compat": [
"stylix",
"flake-compat"
],
"gitignore": "gitignore_2",
"nixpkgs": [
"stylix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1742649964,
"narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
@ -263,45 +149,6 @@
"type": "github"
}
},
"gitignore_2": {
"inputs": {
"nixpkgs": [
"stylix",
"git-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"gnome-shell": {
"flake": false,
"locked": {
"lastModified": 1732369855,
"narHash": "sha256-JhUWbcYPjHO3Xs3x9/Z9RuqXbcp5yhPluGjwsdE2GMg=",
"owner": "GNOME",
"repo": "gnome-shell",
"rev": "dadd58f630eeea41d645ee225a63f719390829dc",
"type": "github"
},
"original": {
"owner": "GNOME",
"ref": "47.2",
"repo": "gnome-shell",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
@ -309,11 +156,11 @@
]
},
"locked": {
"lastModified": 1744498625,
"narHash": "sha256-pL52uCt9CUoTTmysGG91c2FeU7XUvpB7Cep6yon2vDk=",
"lastModified": 1728903686,
"narHash": "sha256-ZHFrGNWDDriZ4m8CA/5kDa250SG1LiiLPApv1p/JF0o=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "db56335ca8942d86f2200664acdbd5b9212b26ad",
"rev": "e1aec543f5caf643ca0d94b6a633101942fd065f",
"type": "github"
},
"original": {
@ -322,27 +169,6 @@
"type": "github"
}
},
"hydra": {
"inputs": {
"nix": "nix",
"nix-eval-jobs": "nix-eval-jobs",
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1744212707,
"narHash": "sha256-hl9t+RAEO2Jc1lVsR4OvbwG5LTyDo0wkZZ4s7zUGsxU=",
"ref": "add-gitea-pulls",
"rev": "33a935e8ef44e07c709328235ed48c4b4de03483",
"revCount": 4364,
"type": "git",
"url": "https://nayeonie.com/ahuston-0/hydra"
},
"original": {
"ref": "add-gitea-pulls",
"type": "git",
"url": "https://nayeonie.com/ahuston-0/hydra"
}
},
"hyprland-contrib": {
"inputs": {
"nixpkgs": [
@ -350,11 +176,11 @@
]
},
"locked": {
"lastModified": 1743417258,
"narHash": "sha256-YItzk1pj8Kz+b7VlC9zN1pSZ6CuX35asYy3HuMQ3lBQ=",
"lastModified": 1725551787,
"narHash": "sha256-6LgsZHz8w3g4c9bRUwRAR+WIMwFGGf3P1VZQcKNRf2o=",
"owner": "hyprwm",
"repo": "contrib",
"rev": "bc2ad24e0b2e66c3e164994c4897cd94a933fd10",
"rev": "1e531dc49ad36c88b45bf836081a7a2c8927e072",
"type": "github"
},
"original": {
@ -363,59 +189,6 @@
"type": "github"
}
},
"nix": {
"inputs": {
"flake-compat": [
"hydra"
],
"flake-parts": [
"hydra"
],
"git-hooks-nix": [
"hydra"
],
"nixpkgs": [
"hydra",
"nixpkgs"
],
"nixpkgs-23-11": [
"hydra"
],
"nixpkgs-regression": [
"hydra"
]
},
"locked": {
"lastModified": 1744030329,
"narHash": "sha256-r+psCOW77vTSTNbxTVrYHeh6OgB0QukbnyUVDwg8s4I=",
"owner": "NixOS",
"repo": "nix",
"rev": "a4962f73b5fc874d4b16baef47921daf349addfc",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "2.28-maintenance",
"repo": "nix",
"type": "github"
}
},
"nix-eval-jobs": {
"flake": false,
"locked": {
"lastModified": 1744018595,
"narHash": "sha256-v5n6t49X7MOpqS9j0FtI6TWOXvxuZMmGsp2OfUK5QfA=",
"owner": "nix-community",
"repo": "nix-eval-jobs",
"rev": "cba718bafe5dc1607c2b6761ecf53c641a6f3b21",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-eval-jobs",
"type": "github"
}
},
"nix-index-database": {
"inputs": {
"nixpkgs": [
@ -423,11 +196,11 @@
]
},
"locked": {
"lastModified": 1744518957,
"narHash": "sha256-RLBSWQfTL0v+7uyskC5kP6slLK1jvIuhaAh8QvB75m4=",
"lastModified": 1728790083,
"narHash": "sha256-grMdAd4KSU6uPqsfLzA1B/3pb9GtGI9o8qb0qFzEU/Y=",
"owner": "Mic92",
"repo": "nix-index-database",
"rev": "4fc9ea78c962904f4ea11046f3db37c62e8a02fd",
"rev": "5c54c33aa04df5dd4b0984b7eb861d1981009b22",
"type": "github"
},
"original": {
@ -438,11 +211,11 @@
},
"nixlib": {
"locked": {
"lastModified": 1736643958,
"narHash": "sha256-tmpqTSWVRJVhpvfSN9KXBvKEXplrwKnSZNAoNPf/S/s=",
"lastModified": 1728781282,
"narHash": "sha256-hUP9oxmnOmNnKcDOf5Y55HQ+NnoT0+bLWHLQWLLw9Ks=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "1418bc28a52126761c02dd3d89b2d8ca0f521181",
"rev": "16340f605f4e8e5cf07fd74dcbe692eee2d4f51b",
"type": "github"
},
"original": {
@ -459,11 +232,11 @@
]
},
"locked": {
"lastModified": 1742568034,
"narHash": "sha256-QaMEhcnscfF2MqB7flZr+sLJMMYZPnvqO4NYf9B4G38=",
"lastModified": 1728867876,
"narHash": "sha256-NCyOA8WZNoojmXH+kBDrQj3LwvakYNzSc0h+LTXkmPE=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "42ee229088490e3777ed7d1162cb9e9d8c3dbb11",
"rev": "fdf142111597f6c6283cf5ffe092b6293a3911d0",
"type": "github"
},
"original": {
@ -474,11 +247,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1744366945,
"narHash": "sha256-OuLhysErPHl53BBifhesrRumJNhrlSgQDfYOTXfgIMg=",
"lastModified": 1728729581,
"narHash": "sha256-oazkQ/z7r43YkDLLQdMg8oIB3CwWNb+2ZrYOxtLEWTQ=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "1fe3cc2bc5d2dc9c81cb4e63d2f67c1543340df1",
"rev": "a8dd1b21995964b115b1e3ec639dd6ce24ab9806",
"type": "github"
},
"original": {
@ -494,14 +267,15 @@
],
"nixpkgs": [
"nixpkgs"
]
],
"search": "search"
},
"locked": {
"lastModified": 1744378369,
"narHash": "sha256-aCK79lB4Txu20YmQIf126CxsubgmeICpDiG6bsEMzrU=",
"lastModified": 1728919967,
"narHash": "sha256-zQl8z8iagvrekF4tFK1au7mGH8x0zoGppo6geLPioQk=",
"owner": "SuperSandro2000",
"repo": "nixos-modules",
"rev": "d331edb6574306211b8f5a652a40fcfe1913194c",
"rev": "1aba521c9cd2cd97490846ac83fd73ae84625c8a",
"type": "github"
},
"original": {
@ -512,90 +286,48 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1743987495,
"narHash": "sha256-46T2vMZ4/AfCK0Y2OjlFzJPxmdpP8GtsuEqSSJv3oe4=",
"owner": "NixOS",
"lastModified": 1728492678,
"narHash": "sha256-9UTxR8eukdg+XZeHgxW5hQA9fIKHsKCdOIUycTryeVw=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "db8f4fe18ce772a9c8f3adf321416981c8fe9371",
"rev": "5633bcff0c6162b9e4b5f1264264611e950c8ec7",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11-small",
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1743296961,
"narHash": "sha256-b1EdN3cULCqtorQ4QeWgLMrd5ZGOjLSLemfa00heasc=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "e4822aea2a6d1cdd36653c134cacfd64c97ff4fa",
"type": "github"
"lastModified": 1727825735,
"narHash": "sha256-0xHYkMkeLVQAMa7gvkddbPqpxph+hDzdu1XdGPJR+Os=",
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/fb192fec7cc7a4c26d51779e9bab07ce6fa5597a.tar.gz"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/fb192fec7cc7a4c26d51779e9bab07ce6fa5597a.tar.gz"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1744440957,
"narHash": "sha256-FHlSkNqFmPxPJvy+6fNLaNeWnF1lZSgqVCl/eWaJRc4=",
"lastModified": 1728740863,
"narHash": "sha256-u+rxA79a0lyhG+u+oPBRtTDtzz8kvkc9a6SWSt9ekVc=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "26d499fc9f1d567283d5d56fcf367edd815dba1d",
"rev": "a3f9ad65a0bf298ed5847629a57808b97e6e8077",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-24.11",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1744501611,
"narHash": "sha256-H+Q/R9FKEuuBRjjgwP6GBPfQMA7rzH7UJm/+HSYZm5o=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "208645bf60302e4eea10f9b038043205b423de21",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable-small",
"repo": "nixpkgs",
"type": "github"
}
},
"nur": {
"inputs": {
"flake-parts": "flake-parts_2",
"nixpkgs": [
"stylix",
"nixpkgs"
],
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1743884191,
"narHash": "sha256-foVcginhVvjg8ZnTzY5wwMeZ4wjJ8yX66PW5kgyivPE=",
"owner": "nix-community",
"repo": "NUR",
"rev": "fde90f5f52e13eed110a0e53a2818a2b09e4d37c",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "NUR",
"type": "github"
}
},
"pre-commit-hooks": {
"inputs": {
"flake-compat": [
@ -604,14 +336,17 @@
"gitignore": "gitignore",
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": [
"nixpkgs-stable"
]
},
"locked": {
"lastModified": 1742649964,
"narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=",
"lastModified": 1728778939,
"narHash": "sha256-WybK5E3hpGxtCYtBwpRj1E9JoiVxe+8kX83snTNaFHE=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82",
"rev": "ff68f91754be6f3427e4986d7949e6273659be1d",
"type": "github"
},
"original": {
@ -622,24 +357,23 @@
},
"root": {
"inputs": {
"attic": "attic",
"firefox-addons": "firefox-addons",
"flake-compat": "flake-compat",
"flake-parts": "flake-parts",
"flake-utils": "flake-utils",
"home-manager": "home-manager",
"hydra": "hydra",
"hyprland-contrib": "hyprland-contrib",
"nix-index-database": "nix-index-database",
"nixos-generators": "nixos-generators",
"nixos-hardware": "nixos-hardware",
"nixos-modules": "nixos-modules",
"nixpkgs": "nixpkgs_2",
"nixpkgs": "nixpkgs",
"nixpkgs-stable": "nixpkgs-stable",
"pre-commit-hooks": "pre-commit-hooks",
"rust-overlay": "rust-overlay",
"sops-nix": "sops-nix",
"stylix": "stylix",
"systems": "systems_2",
"systems": "systems",
"wired-notify": "wired-notify"
}
},
@ -650,11 +384,11 @@
]
},
"locked": {
"lastModified": 1744513456,
"narHash": "sha256-NLVluTmK8d01Iz+WyarQhwFcXpHEwU7m5hH3YQQFJS0=",
"lastModified": 1728959392,
"narHash": "sha256-fp4he1QQjE+vasDMspZYeXrwTm9otwEqLwEN6FKZ5v0=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "730fd8e82799219754418483fabe1844262fd1e2",
"rev": "4c6e317300f05b8871f585b826b6f583e7dc4a9b",
"type": "github"
},
"original": {
@ -663,18 +397,46 @@
"type": "github"
}
},
"search": {
"inputs": {
"flake-utils": [
"nixos-modules",
"flake-utils"
],
"nixpkgs": [
"nixos-modules",
"nixpkgs"
]
},
"locked": {
"lastModified": 1728423244,
"narHash": "sha256-+YwNsyIFj3dXyLVQd1ry4pCNmtOpbceKUrkNS8wp9Ho=",
"owner": "nuschtos",
"repo": "search",
"rev": "f276cc3b391493ba3a8b30170776860f9520b7fa",
"type": "github"
},
"original": {
"owner": "nuschtos",
"repo": "search",
"type": "github"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": [
"nixpkgs-stable"
]
},
"locked": {
"lastModified": 1744518500,
"narHash": "sha256-lv52pnfiRGp5+xkZEgWr56DWiRgkMFXpiGba3eJ3krE=",
"lastModified": 1728345710,
"narHash": "sha256-lpunY1+bf90ts+sA2/FgxVNIegPDKCpEoWwOPu4ITTQ=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "7e147a1ae90f0d4a374938cdc3df3cdaecb9d388",
"rev": "06535d0e3d0201e6a8080dd32dbfde339b94f01b",
"type": "github"
},
"original": {
@ -683,47 +445,6 @@
"type": "github"
}
},
"stylix": {
"inputs": {
"base16": "base16",
"base16-fish": "base16-fish",
"base16-helix": "base16-helix",
"base16-vim": "base16-vim",
"firefox-gnome-theme": "firefox-gnome-theme",
"flake-compat": [
"flake-compat"
],
"flake-utils": "flake-utils_2",
"git-hooks": "git-hooks",
"gnome-shell": "gnome-shell",
"home-manager": [
"home-manager"
],
"nixpkgs": [
"nixpkgs"
],
"nur": "nur",
"systems": "systems",
"tinted-foot": "tinted-foot",
"tinted-kitty": "tinted-kitty",
"tinted-schemes": "tinted-schemes",
"tinted-tmux": "tinted-tmux",
"tinted-zed": "tinted-zed"
},
"locked": {
"lastModified": 1744540857,
"narHash": "sha256-cDC9TBD++zBsUx9X2VhJOjxXclmY8YpSqpKHaVLEXVA=",
"owner": "danth",
"repo": "stylix",
"rev": "379ba613a68fafdd756db370f0ef878a0d3a7308",
"type": "github"
},
"original": {
"owner": "danth",
"repo": "stylix",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
@ -739,125 +460,6 @@
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"tinted-foot": {
"flake": false,
"locked": {
"lastModified": 1726913040,
"narHash": "sha256-+eDZPkw7efMNUf3/Pv0EmsidqdwNJ1TaOum6k7lngDQ=",
"owner": "tinted-theming",
"repo": "tinted-foot",
"rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "tinted-foot",
"rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4",
"type": "github"
}
},
"tinted-kitty": {
"flake": false,
"locked": {
"lastModified": 1716423189,
"narHash": "sha256-2xF3sH7UIwegn+2gKzMpFi3pk5DlIlM18+vj17Uf82U=",
"owner": "tinted-theming",
"repo": "tinted-kitty",
"rev": "eb39e141db14baef052893285df9f266df041ff8",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "tinted-kitty",
"rev": "eb39e141db14baef052893285df9f266df041ff8",
"type": "github"
}
},
"tinted-schemes": {
"flake": false,
"locked": {
"lastModified": 1742851696,
"narHash": "sha256-sR4K+OVFKeUOvNIqcCr5Br7NLxOBEwoAgsIyjsZmb8s=",
"owner": "tinted-theming",
"repo": "schemes",
"rev": "c37771c4ae8ff1667e27ddcf24991ebeb94a4e77",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "schemes",
"type": "github"
}
},
"tinted-tmux": {
"flake": false,
"locked": {
"lastModified": 1743296873,
"narHash": "sha256-8IQulrb1OBSxMwdKijO9fB70ON//V32dpK9Uioy7FzY=",
"owner": "tinted-theming",
"repo": "tinted-tmux",
"rev": "af5152c8d7546dfb4ff6df94080bf5ff54f64e3a",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "tinted-tmux",
"type": "github"
}
},
"tinted-zed": {
"flake": false,
"locked": {
"lastModified": 1725758778,
"narHash": "sha256-8P1b6mJWyYcu36WRlSVbuj575QWIFZALZMTg5ID/sM4=",
"owner": "tinted-theming",
"repo": "base16-zed",
"rev": "122c9e5c0e6f27211361a04fae92df97940eccf9",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "base16-zed",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"stylix",
"nur",
"nixpkgs"
]
},
"locked": {
"lastModified": 1733222881,
"narHash": "sha256-JIPcz1PrpXUCbaccEnrcUS8jjEb/1vJbZz5KkobyFdM=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "49717b5af6f80172275d47a418c9719a31a78b53",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"wired-notify": {
"inputs": {
"flake-parts": [
@ -871,11 +473,11 @@
]
},
"locked": {
"lastModified": 1743305055,
"narHash": "sha256-NIsi8Dno9YsOLUUTrLU4p+hxYeJr3Vkg1gIpQKVTaDs=",
"lastModified": 1727849733,
"narHash": "sha256-mqxs/nyzOEKiBHa94OtcOLYBXd65P8tO4DUVTHWHn6o=",
"owner": "Toqozz",
"repo": "wired-notify",
"rev": "75d43f54a02b15f2a15f5c1a0e1c7d15100067a6",
"rev": "a1f6965737754e7424f9468f6befef885a9ee0ad",
"type": "github"
},
"original": {

58
flake.nix
View File

@ -5,42 +5,36 @@
substituters = [
"https://cache.nixos.org/?priority=1&want-mass-query=true"
"https://nix-community.cachix.org/?priority=10&want-mass-query=true"
# "https://attic.nayeonie.com/nix-cache"
];
trusted-substituters = [
"https://cache.nixos.org"
"https://attic.alicehuston.xyz/cache-nix-dot"
"https://nix-community.cachix.org"
"https://attic.nayeonie.com/nix-cache"
];
trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"nix-cache:grGRsHhqNDhkEuTODvHJXYmoCClntC+U8XAJQzwMaZM="
];
trusted-users = [ "root" ];
allow-import-from-derivation = true;
fallback = true;
};
inputs = {
flake-compat.url = "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz";
flake-parts.url = "github:hercules-ci/flake-parts";
nixos-hardware.url = "github:NixOS/nixos-hardware";
#nixpkgs.url = "github:nuschtos/nuschtpkgs/nixos-unstable";
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable-small";
#nixpkgs.url = "github:nixos/nixpkgs/1d2fe0135f360c970aee1d57a53f816f3c9bddae?narHash=sha256-Up7YlXIupmT7fEtC4Oj676M91INg0HAoamiswAsA3rc%3D";
nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.11";
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.05";
systems.url = "github:nix-systems/default";
# attic = {
# url = "github:zhaofengli/attic";
# inputs = {
# nixpkgs.follows = "nixpkgs";
# nixpkgs-stable.follows = "nixpkgs-stable";
# flake-compat.follows = "flake-compat";
# flake-parts.follows = "flake-parts";
# };
# };
attic = {
url = "github:zhaofengli/attic";
inputs = {
nixpkgs.follows = "nixpkgs";
nixpkgs-stable.follows = "nixpkgs-stable";
flake-compat.follows = "flake-compat";
flake-parts.follows = "flake-parts";
};
};
firefox-addons = {
url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons";
@ -60,13 +54,6 @@
inputs.nixpkgs.follows = "nixpkgs";
};
hydra = {
url = "git+https://nayeonie.com/ahuston-0/hydra?ref=add-gitea-pulls";
# inputs = {
# nixpkgs.follows = "nixpkgs";
# };
};
hyprland-contrib = {
url = "github:hyprwm/contrib";
inputs.nixpkgs.follows = "nixpkgs";
@ -94,6 +81,7 @@
url = "github:cachix/git-hooks.nix";
inputs = {
nixpkgs.follows = "nixpkgs";
nixpkgs-stable.follows = "nixpkgs-stable";
flake-compat.follows = "flake-compat";
};
};
@ -109,15 +97,7 @@
url = "github:Mic92/sops-nix";
inputs = {
nixpkgs.follows = "nixpkgs";
};
};
stylix = {
url = "github:danth/stylix";
inputs = {
flake-compat.follows = "flake-compat";
home-manager.follows = "home-manager";
nixpkgs.follows = "nixpkgs";
nixpkgs-stable.follows = "nixpkgs-stable";
};
};
@ -137,7 +117,7 @@
systems = [
"x86_64-linux"
# disable arm for now as hydra isn't set up for it
# "aarch64-linuxa
# "aarch64-linux"
];
forEachSystem = lib.genAttrs systems;
@ -153,13 +133,13 @@
lib = self;
}
);
inherit (lib.adev.systems) genSystems getImages;
inherit (lib.rad-dev.systems) genSystems getImages;
inherit (self) outputs; # for hydra
in
rec {
inherit lib; # for allowing use of custom functions in nix repl
hydraJobs = import ./hydra/jobs.nix { inherit inputs outputs systems; };
#hydraJobs = import ./hydra/jobs.nix { inherit inputs outputs systems; };
formatter = forEachSystem (system: nixpkgs.legacyPackages.${system}.nixfmt-rfc-style);
nixosConfigurations = genSystems inputs outputs src (src + "/systems");
@ -169,10 +149,6 @@
qcow = getImages nixosConfigurations "qcow";
};
packages.x86_64-linux.lego-latest =
nixpkgs.legacyPackages.x86_64-linux.callPackage ./pkgs/lego-latest/default.nix
{ };
checks = import ./checks.nix { inherit inputs forEachSystem formatter; };
devShells = import ./shell.nix { inherit inputs forEachSystem checks; };

13
hydra/jobsets.nix
View File

@ -19,6 +19,7 @@ let
prs = readJSONFile pulls;
refs = readJSONFile branches;
repo = "RAD-Development/nix-dotfiles";
# template for creating a job
makeJob =
@ -27,7 +28,6 @@ let
keepnr ? 3,
description,
flake,
enabled ? 1,
}:
{
inherit
@ -35,8 +35,8 @@ let
flake
schedulingshares
keepnr
enabled
;
enabled = 1;
type = 1;
hidden = false;
checkinterval = 300; # every 5 minutes
@ -44,9 +44,7 @@ let
emailoverride = "";
};
giteaHost = "ssh://gitea@nayeonie.com:2222";
repo = "ahuston-0/nix-dotfiles";
# # Create a hydra job for a branch
# Create a hydra job for a branch
jobOfRef =
name:
{ ref, ... }:
@ -57,7 +55,7 @@ let
name = builtins.replaceStrings [ "/" ] [ "-" ] "branch-${name}";
value = makeJob {
description = "Branch ${name}";
flake = "git+${giteaHost}/${repo}?ref=${ref}";
flake = "git+ssh://git@github.com/${repo}?ref=${ref}";
};
};
@ -66,8 +64,7 @@ let
name = if info.draft then "draft-${id}" else "pr-${id}";
value = makeJob {
description = "PR ${id}: ${info.title}";
flake = "git+${giteaHost}/${repo}?ref=${info.head.ref}";
enabled = info.state == "open";
flake = "git+ssh://git@github.com/${info.head.repo.full_name}?ref=${info.head.ref}";
};
};

12
hydra/spec.json
View File

@ -1,7 +1,7 @@
{
"enabled": 1,
"hidden": false,
"description": "ahuston-0's personal server infra",
"description": "RAD Development infrastructure",
"nixexprinput": "nixexpr",
"nixexprpath": "hydra/jobsets.nix",
"checkinterval": 60,
@ -12,7 +12,7 @@
"type": 0,
"inputs": {
"nixexpr": {
"value": "ssh://gitea@nayeonie.com:2222/ahuston-0/nix-dotfiles.git main",
"value": "https://github.com/RAD-Development/nix-dotfiles main",
"type": "git",
"emailresponsible": false
},
@ -22,13 +22,13 @@
"emailresponsible": false
},
"pulls": {
"type": "giteapulls",
"value": "nayeonie.com ahuston-0 nix-dotfiles https",
"type": "githubpulls",
"value": "RAD-Development nix-dotfiles",
"emailresponsible": false
},
"branches": {
"type": "gitea_refs",
"value": "nayeonie.com ahuston-0 nix-dotfiles heads https -",
"type": "github_refs",
"value": "RAD-Development nix-dotfiles heads -",
"emailresponsible": false
}
}

43
lib/container-utils.nix
View File

@ -1,43 +0,0 @@
{ lib, ... }:
{
# Given a attrset of images and a function which generates an image spec,
# generates a set of containers (although this could in theory be used for
# other things... I'd like to see people try)
#
# container set must be in the below format
# { container-name = {image = "image-uri"; scale = n;}; }
# where image-uri gets passed in to the container-spec function as a custom
# parameter, and scale is an integer that generates the containers
#
# container-spec must be a function which accepts two parameter (the
# container name and image name) and ideally returns an oci-compliant
# container.
#
# args:
# containers: an AttrSet which specifies the imageUri and scale of each
# container
# container-spec: a function which produces an oci-compliant container spec
#
# type:
# AttrSet -> (String -> AttrSet -> AttrSet) -> AttrSet
createTemplatedContainers =
containers: container-spec:
builtins.listToAttrs (
lib.flatten (
lib.mapAttrsToList (
name: value:
(map (
num:
let
container-name = "${name}-${toString num}";
in
{
name = container-name;
value = container-spec container-name value.image;
}
) (lib.lists.range 1 value.scale))
) containers
)
);
}

21
lib/default.nix
View File

@ -1,9 +1,8 @@
{ lib, ... }:
{
# create adev namespace for lib
adev = rec {
# create rad-dev namespace for lib
rad-dev = rec {
systems = import ./systems.nix { inherit lib; };
container-utils = import ./container-utils.nix { inherit lib; };
# any(), but checks if any value in the list is true
#
@ -57,21 +56,5 @@
# type:
# fileList :: Path -> String -> [Path]
fileList = dir: map (file: dir + "/${file}") (ls dir);
# reduce an attribute set to a string
#
# example:
# given attrset {host1 = "palatine-hill"; host2 = "jeeves";}
# and func (host: hostname: host + " is " + hostname + ", " )
# mapAttrsToString would return 'host1 is palatine-hill, host2 is jeeves, '
#
# args:
# func: an function to apply to attrSet to turn each entry into one string
# attrSet: an attribute set to reduce
#
# type:
# mapAttrsToString :: AttrSet -> (String -> Any -> String) -> String
mapAttrsToString =
func: attrSet: (lib.foldl' (cur: next: cur + next) "" (lib.mapAttrsToList func attrSet));
};
}

4
lib/systems.nix
View File

@ -176,7 +176,7 @@ rec {
(configPath + "/configuration.nix")
]
++ modules
++ (lib.adev.fileList (src + "/modules"))
++ (lib.rad-dev.fileList (src + "/modules"))
++ genWrapper sops genSops args
++ genWrapper home genHome args
++ genWrapper true genUsers args
@ -222,7 +222,7 @@ rec {
// import configPath { inherit inputs; }
);
}
) (lib.adev.lsdir path)
) (lib.rad-dev.lsdir path)
);
# gets all the images of a specified format

2
modules/autopull.nix
View File

@ -61,7 +61,7 @@ in
lib.mkIf cfg.enable {
environment.systemPackages =
[ pkgs.git ]
++ lib.optionals (lib.any (ssh-key: ssh-key != "") (lib.adev.mapGetAttr "ssh-key" repos)) [
++ lib.optionals (lib.any (ssh-key: ssh-key != "") (lib.rad-dev.mapGetAttr "ssh-key" repos)) [
pkgs.openssh
];

2
modules/base.nix
View File

@ -15,7 +15,7 @@
programs = {
zsh.enable = true;
fish.enable = false;
fish.enable = true;
};
users = {

1
modules/boot.nix
View File

@ -35,6 +35,7 @@ in
config.boot = lib.mkIf cfg.default {
supportedFilesystems = [ cfg.filesystem ];
tmp.useTmpfs = true;
kernelPackages = pkgs.linuxPackages_6_10;
kernelParams =
[ "nordrand" ]
++ lib.optional (cfg.cpuType == "amd") "kvm-amd"

7
modules/docker.nix
View File

@ -7,14 +7,9 @@
extraGroups = [ "docker" ];
uid = 600;
};
groups = {
docker-service = {
groups.docker-service = {
gid = 600;
};
haproxy = {
gid = 99;
};
};
};
virtualisation.docker = {

4
modules/kub_net.nix
View File

@ -1,10 +1,10 @@
{ lib, config, ... }:
let
cfg = config.services.adev.k3s-net;
cfg = config.services.rad-dev.k3s-net;
in
{
options = {
services.adev.k3s-net = {
services.rad-dev.k3s-net = {
enable = lib.mkOption {
default = false;
example = true;

2
modules/plocate.nix
View File

@ -3,7 +3,7 @@
{
services.locate = {
enable = lib.mkDefault true;
# localuser = lib.mkDefault null;
localuser = lib.mkDefault null;
package = lib.mkDefault pkgs.plocate;
};
}

10
modules/update.nix
View File

@ -1,19 +1,19 @@
{ lib, ... }:
{
services.autopull = {
enable = lib.mkDefault true;
enable = lib.mkDefault false;
repo.dotfiles = {
enable = lib.mkDefault true;
ssh-key = lib.mkDefault "/root/.ssh/id_ed25519_giteadeploy";
enable = lib.mkDefault false;
ssh-key = lib.mkDefault "/root/.ssh/id_ed25519_ghdeploy";
path = lib.mkDefault /root/dotfiles;
};
};
system.autoUpgrade = {
enable = lib.mkDefault true;
enable = lib.mkDefault false;
flags = [ "--accept-flake-config" ];
randomizedDelaySec = "1h";
persistent = true;
flake = "git+ssh://nayeonie.com/ahuston-0/nix-dotfiles.git";
flake = "github:RAD-Development/nix-dotfiles";
};
}

4
modules/yubikey.nix
View File

@ -5,11 +5,11 @@
...
}:
let
cfg = config.services.adev.yubikey;
cfg = config.services.rad-dev.yubikey;
in
{
options = {
services.adev.yubikey = {
services.rad-dev.yubikey = {
enable = lib.mkEnableOption "enable yubikey defaults";
enable-desktop-app = lib.mkEnableOption "installs desktop application";
};

39
pkgs/lego-latest/default.nix
View File

@ -1,39 +0,0 @@
{
lib,
fetchFromGitHub,
buildGoModule,
}:
buildGoModule rec {
pname = "lego";
version = "4.21.0";
src = fetchFromGitHub {
owner = "go-acme";
repo = pname;
rev = "v${version}";
hash = "sha256-3dSvQfkBNh8Bt10nv4xGplv4iY3gWvDu2EDN6UovSdc=";
};
vendorHash = "sha256-teA6fnKl4ATePOYL/zuemyiVy9jgsxikqmuQJwwA8wE=";
doCheck = false;
subPackages = [ "cmd/lego" ];
ldflags = [
"-s"
"-w"
"-X main.version=${version}"
];
meta = with lib; {
description = "Let's Encrypt client and ACME library written in Go";
license = licenses.mit;
homepage = "https://go-acme.github.io/lego/";
maintainers = teams.acme.members;
mainProgram = "lego";
};
#passthru.tests.lego = nixosTests.acme;
}

8
shell.nix
View File

@ -38,17 +38,13 @@ forEachSystem (
};
# constructs a custom shell with commonly used utilities
adev = pkgs.mkShell {
rad-dev = pkgs.mkShell {
packages = with pkgs; [
deadnix
pre-commit
treefmt
statix
nixfmt-rfc-style
jsonfmt
mdformat
shfmt
yamlfmt
];
};
in
@ -56,7 +52,7 @@ forEachSystem (
default = pkgs.mkShell {
inputsFrom = [
pre-commit
adev
rad-dev
sops
];
};

31
utils/sops-mergetool.sh → sops-mergetool.sh
View File

@ -1,27 +1,17 @@
#!/usr/bin/env bash
# Exit on first error and verify variables have been set/passed via CLI
#set -eu
set -v
set -x
set -eu
# Rename our variables to friendlier equivalents
# https://git-scm.com/docs/gitattributes#_defining_a_custom_merge_driver
base="$1"
local_="$2"
remote="$3"
merged="$4"
echo "$base"
echo "$local_"
echo "$remote"
echo "$merged"
base="$1"; local_="$2"; remote="$3"; merged="$4"
# Resolve our default mergetool
# https://github.com/git/git/blob/v2.8.2/git-mergetool--lib.sh#L3
mergetool="$(git config --get merge.tool)"
GIT_DIR="$(git --exec-path)"
if test "$mergetool" = ""; then
echo 'No default `merge.tool` was set for `git`. Please set one via `git config --set merge.tool <tool>`' 1>&2
echo "No default \`merge.tool\` was set for \`git\`. Please set one via \`git config --set merge.tool <tool>\`" 1>&2
exit 1
fi
@ -35,7 +25,7 @@ merged_decrypted="${base_decrypted/_BASE_/_MERGED_}"
backup_decrypted="${base_decrypted/_BASE_/_BACKUP_}"
# If anything goes wrong, then delete our decrypted files
handle_trap_exit() {
handle_trap_exit () {
rm $base_decrypted || true
rm $local_decrypted || true
rm $remote_decrypted || true
@ -45,13 +35,13 @@ handle_trap_exit() {
trap handle_trap_exit EXIT
# Decrypt our file contents
sops --decrypt --show-master-keys "$base" >"$base_decrypted"
sops --decrypt --show-master-keys "$local_" >"$local_decrypted"
sops --decrypt --show-master-keys "$remote" >"$remote_decrypted"
sops --decrypt --show-master-keys "$base" > "$base_decrypted"
sops --decrypt --show-master-keys "$local_" > "$local_decrypted"
sops --decrypt --show-master-keys "$remote" > "$remote_decrypted"
# Create a merge-diff to compare against
set +e
git merge-file -p "$local_decrypted" "$base_decrypted" "$remote_decrypted" >"$merged_decrypted"
git merge-file -p "$local_decrypted" "$base_decrypted" "$remote_decrypted" > "$merged_decrypted"
set -e
cp "$merged_decrypted" "$backup_decrypted"
@ -69,7 +59,7 @@ source "$GIT_DIR/git-mergetool--lib"
source "$GIT_DIR/mergetools/$mergetool"
# Override `check_unchanged` with a custom script
check_unchanged() {
check_unchanged () {
# If the contents haven't changed, then fail
if test "$MERGED" -nt "$BACKUP"; then
return 0
@ -85,4 +75,5 @@ merge_cmd
set -eu
# Re-encrypt content
sops --encrypt "$merged_decrypted" >"$merged"
sops --encrypt "$merged_decrypted" > "$merged"

2
statix.toml
View File

@ -1,4 +1,4 @@
disabled = ["empty_pattern"]
nix_version = '2.25'
nix_version = '2.23'
ignore = ['.direnv']

438
systems/artemision/ao3_skins/happy_17th.css
View File

@ -1,438 +0,0 @@
#footer .group,
.post fieldset fieldset,
fieldset fieldset {
background: none;
}
#header {
background: #000 url('https://media.archiveofourown.org/news/milestones/2024-08-seventeen-years-otw/2024-08-seventeen-years-otw-pattern.jpg');
background-size: 350px;
}
#header .heading a,
#header .primary .dropdown a:focus,
#header .heading a:visited,
#main .pagination .current,
h2 {
color: #ffe8b4;
}
#header .clear,
#footer {
border-color: #191919;
}
#header .actions a[href="/menu/fandoms"],
#header .actions a[href="/menu/browse"],
#header .actions a[href="/menu/search"],
#header .actions a[href="/menu/about"] {
color: #fff;
}
#footer ul {
background: url('https://live.staticflickr.com/7284/9616997915_4194b6c6f7_h.jpg');
background-size: 350px;
}
#footer ul li:nth-child(1) ul,
#footer ul li:nth-child(2) ul,
#footer ul li:nth-child(3) ul,
#footer ul li:nth-child(4) ul {
background: rgba(0, 0, 0, 0.0);
}
#header .primary {
background: #8a1a10;
}
#footer {
background: #8a1a10;
}
input[type="text"],
textarea,
select {
background: #222;
color: #fff;
}
select:focus {
background: #2a2a2a;
}
option {
background: #555;
color: #fff;
}
#work form fieldset.work.meta dl dd.warning.required fieldset,
#main form fieldset.work.meta dl dd.warning.required fieldset {
color: #fff;
}
#bookmark-form form {
background: #2a2a2a;
color: #fff;
}
#error {
color: #191919;
}
fieldset,
.verbose fieldset {
border-color: #404040;
background: #191919;
border: 1px solid #595959;
}
.search [role=tooltip] {
background: #333;
border: 1px solid #666;
}
#main a:visited {
color: #ccc;
}
#main a.tag:visited:hover {
color: #111;
}
body,
.group,
.group .group,
.region,
.flash,
form dl,
#main .verbose legend,
.notice,
ul.notes,
table,
th,
td:hover,
tr:hover,
.symbol .question:hover,
#modal,
.ui-sortable li,
.required .autocomplete,
.autocomplete .notice,
.system .intro,
.comment_error,
.kudos_error,
div.dynamic,
.dynamic form,
#ui-datepicker-div,
.ui-datepicker table {
background: #191919;
color: #eee;
border-color: #222;
outline: #111;
box-shadow: none;
}
#header .actions a:hover,
#header .actions a:focus,
#header .dropdown:hover a,
#header .open a,
#header .menu,
#small_login,
.group.listbox,
fieldset fieldset.listbox,
.listbox,
form blockquote.userstuff,
input:focus,
textarea:focus,
li.relationships a,
.group.listbox .index,
.dashboard fieldset fieldset.listbox .index,
#dashboard a:hover,
th,
#dashboard .secondary,
.secondary,
.thread .even,
.system .tweet_list li,
.ui-datepicker tr:hover {
background: #2A2A2A;
}
a,
a.tag,
a:link,
#header a:visited,
#header .primary .open a,
#header .primary .dropdown:hover a,
#header #search input:focus,
#header #search input:hover,
.userstuff h2,
#dashboard a,
#dashboard span,
#dashboard .current,
.group .heading,
.filters dt a:hover {
color: #fff;
}
#header .dropdown .menu a:hover,
#header .dropdown .menu a:focus,
.splash .favorite li:nth-of-type(odd) a,
.ui-datepicker td:hover,
#tos_prompt .heading,
#tos_prompt [disabled] {
background: #111;
color: #ffe8b4;
}
#outer,
.javascript,
.statistics .index li:nth-of-type(even),
#tos_prompt,
.announcement input[type="submit"] {
background: #191919;
}
#dashboard ul,
dl.meta,
.group.listbox,
fieldset fieldset.listbox,
#main li.blurb,
form blockquote.userstuff,
div.comment,
li.comment,
.toggled form,
form dl dt,
form.single fieldset,
#inner .module .heading,
.bookmark .status span,
.splash .news li,
.filters .group dt.bookmarker {
border-color: #555;
}
.group.listbox,
fieldset fieldset.listbox,
#main li.blurb,
.wrapper,
#dashboard .secondary,
.secondary,
form blockquote.userstuff,
.thread .comment,
.toggled form {
box-shadow: 1px 1px 3px #000;
}
#dashboard .current,
.actions a:active,
a.current,
.current a:visited,
span.unread,
.replied,
span.claimed,
dl.index dd,
.own,
.draft,
.draft .unread,
.child,
.unwrangled,
.unreviewed,
.ui-sortable li:hover {
background: #000;
border-color: #555;
box-shadow: -1px -1px 3px #000;
}
input,
textarea {
box-shadow: inset 0 1px 2px #000;
}
li.blurb,
.blurb .blurb,
.listbox .index,
fieldset fieldset.listbox,
.dashboard .listbox .index {
box-shadow: inset 1px 1px 3px #000;
}
#footer a:hover,
#footer a:focus,
.autocomplete .dropdown ul li:hover,
.autocomplete .dropdown li.selected,
a.tag:hover,
.listbox .heading a.tag:visited:hover,
.symbol .question {
background: #ffedc5;
border-color: #988352;
color: #111;
}
#header #greeting img,
#header .user a:hover,
#header .user a:focus,
#header fieldset,
#header form,
#header p,
#dashboard a:hover,
.actions a:hover,
.actions input:hover,
.delete a,
span.delete,
span.unread,
.replied,
span.claimed,
.draggable,
.droppable,
span.requested,
a.work,
.blurb h4 a:link,
.blurb h4 img,
.splash .module h3,
.splash .browse li a:before,
.required,
.error,
.comment_error,
.kudos_error,
a.cloud7,
a.cloud8,
#tos_prompt .heading {
color: #ffe8b4;
}
#greeting .icon,
#dashboard,
#dashboard.own,
.error,
.comment_error,
.kudos_error,
.LV_invalid,
.LV_invalid_field,
input.LV_invalid_field:hover,
input.LV_invalid_field:active,
textarea.LV_invalid_field:hover,
textarea.LV_invalid_field:active,
.qtip-content {
border-color: #8a1a10;
}
.splash .favorite li:nth-of-type(odd) a:hover,
.splash .favorite li:nth-of-type(odd) a:focus .splash .favorite li:nth-of-type(odd) a:visited:hover,
.splash .favorite li:nth-of-type(odd) a:visited:focus {
background: #ffe8b4;
color: #111;
}
a:visited,
.actions a:visited,
.action a:link,
.action a:visited,
.listbox .heading a:visited,
span.series .divider {
color: #999;
}
.actions a,
.actions a:link,
.action,
.action:link,
.actions input,
input[type="submit"],
button,
.current,
.actions label,
#header .actions a,
#outer .current {
background: #555;
border-color: #222;
color: #eee;
box-shadow: inset 0 -8px 4px #232323, inset 0 8px 7px #555;
text-shadow: none;
}
.actions a:hover,
.actions input:hover,
#dashboard a:hover,
.actions a:focus,
.actions input:focus,
#dashboard a:focus,
.actions .disabled select {
color: #999;
border-color: #000;
box-shadow: inset 2px 2px 2px #000;
}
.actions a:active,
.current,
a.current,
.current a:visited {
color: #fff;
background: #555;
border-color: #fff;
box-shadow: inset 1px 1px 3px #191919;
}
.delete a,
span.delete {
box-shadow: -1px -1px 2px rgba(255,255,255.25);
}
.actions label.disabled {
background: #222;
box-shadow: none;
}
ul.required-tags,
.bookmark .status span,
.blurb .icon {
opacity: 0.9;
border: 0;
}
#outer .group .heading,
#header .actions a,
fieldset.listbox .heading,
.userstuff .heading {
text-shadow: none;
color: #fff;
background: none;
}
#header .actions a,
fieldset fieldset,
.mce-container button,
.filters .expander,
.actions .disabled select {
box-shadow: none;
}
fieldset fieldset.listbox {
outline: none;
}
form dd.required {
color: #eee;
}
.mce-container input:focus {
background: #F3EFEC;
}
.announcement .userstuff a,
.announcement .userstuff a:link,
.announcement .userstuff a:visited:hover {
color: #111;
}
.announcement .userstuff a:visited {
color: #666;
}
.announcement .userstuff a:hover,
.announcement .userstuff a:focus {
color: #999;
}
.event.announcement .userstuff a,
.filters .expander {
color: #eee;
}

52
systems/artemision/configuration.nix
View File

@ -6,18 +6,17 @@
}:
{
imports = [
./audio.nix
./desktop.nix
./fingerprint.nix
./fonts.nix
./graphics.nix
./libvirt.nix
./polkit.nix
./programs.nix
./steam.nix
./stylix.nix
./desktop.nix
./wifi.nix
./zerotier.nix
./fonts.nix
./polkit.nix
./audio.nix
./fingerprint.nix
./steam.nix
./graphics.nix
./libvirt.nix
];
time.timeZone = "America/New_York";
@ -32,7 +31,7 @@
};
boot = {
#kernelPackages = lib.mkForce pkgs.linuxPackages_6_6;
kernelPackages = lib.mkForce pkgs.linuxPackages_zen;
useSystemdBoot = true;
default = true;
};
@ -45,7 +44,6 @@
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
services = {
flatpak.enable = true;
calibre-web = {
enable = true;
listen = {
@ -75,7 +73,18 @@
fprintd.enable = lib.mkForce false;
openssh.enable = lib.mkForce false;
adev.yubikey = {
spotifyd = {
enable = true;
settings = {
global = {
username = "snowinginwonderland@gmail.com";
password_cmd = "cat ${config.sops.secrets."apps/spotify".path}";
use_mpris = false;
};
};
#systemd.services.spotifyd.serviceConfig = systemd.services.spotifyd.
};
rad-dev.yubikey = {
enable = true;
enable-desktop-app = true;
};
@ -83,22 +92,19 @@
users.users.alice.extraGroups = [ "calibre-web" ];
system.autoUpgrade.enable = false;
system.stateVersion = "24.05";
programs.adb.enable = true;
environment.variables = {
"KWIN_DRM_NO_DIRECT_SCANOUT" = "1";
};
sops = {
defaultSopsFile = ./secrets.yaml;
#secrets = {
# "apps/spotify" = {
# group = "audio";
# restartUnits = [ "spotifyd.service" ];
# mode = "0440";
# };
#};
secrets = {
"apps/spotify" = {
group = "audio";
restartUnits = [ "spotifyd.service" ];
mode = "0440";
};
};
};
}

1
systems/artemision/default.nix
View File

@ -7,7 +7,6 @@
users = [ "alice" ];
modules = [
inputs.nixos-hardware.nixosModules.framework-16-7040-amd
inputs.stylix.nixosModules.stylix
{
environment.systemPackages = [
inputs.wired-notify.packages.x86_64-linux.default

9
systems/artemision/desktop.nix
View File

@ -7,9 +7,7 @@
hyprland = {
enable = true;
xwayland.enable = true;
withUWSM = true;
};
hyprlock.enable = true;
gnupg.agent = {
enable = true;
#pinentryPackage = pkgs.pinentry-rofi;
@ -56,13 +54,6 @@
};
};
powerManagement = {
enable = true;
resumeCommands = ''
${pkgs.hyprlock}/bin/hyprlock -c /home/alice/.config/hypr/hyprlock.conf
'';
};
environment.systemPackages = with pkgs; [
libsForQt5.qt5.qtwayland
qt6.qtwayland

18
systems/artemision/fonts.nix
View File

@ -3,13 +3,17 @@
fonts = {
fontconfig.enable = true;
enableDefaultPackages = true;
packages = with pkgs.nerd-fonts; [
fira-code
droid-sans-mono
hack
dejavu-sans-mono
noto
open-dyslexic
packages = with pkgs; [
(nerdfonts.override {
fonts = [
"FiraCode"
"DroidSansMono"
"Hack"
"DejaVuSansMono"
"Noto"
"OpenDyslexic"
];
})
];
};
}

2
systems/artemision/hardware.nix
View File

@ -86,7 +86,7 @@
};
};
swapDevices = [ { device = "/dev/disk/by-uuid/3ec276b5-9088-45b0-9cb4-60812f2d1a73"; } ];
swapDevices = [ { device = "/dev/disk/by-uuid/7f0dba0f-d04e-4c94-9fba-1d0811673df1"; } ];
boot.initrd.luks.devices = {
"nixos-pv" = {

24
systems/artemision/programs.nix
View File

@ -3,7 +3,6 @@
environment.systemPackages = with pkgs; [
act
alacritty
attic-client
amdgpu_top
bat
bitwarden-cli
@ -13,12 +12,12 @@
calibre
# calibre dedrm?
candy-icons
chromium
chromedriver
nemo-with-extensions
croc
deadnix
direnv
easyeffects
discord
discord-canary
eza
fanficfare
ferium
@ -30,29 +29,25 @@
glances
gpu-viewer
grim
helvum
htop
hwloc
ipmiview
iperf3
# ipscan
ipscan
jp2a
jq
kdePackages.kdenlive
kdenlive
kitty
kubectl
kubernetes-helm
libreoffice-fresh
libtool
lsof
lynis
masterpdfeditor4
minikube
mons
mpv
# nbt explorer?
ncdu
nemo-with-extensions
neofetch
neovim
nix-init
@ -62,7 +57,6 @@
nixpkgs-fmt
nmap
obs-studio
obsidian
ocrmypdf
pciutils
#disabled until wxpython compat with python3.12
@ -70,14 +64,12 @@
prismlauncher
protonmail-bridge
protontricks
proxychains
qrencode
redshift
restic
ripgrep
rpi-imager
rofi-wayland
samba
signal-desktop
# signal in tray?
siji
@ -97,18 +89,18 @@
tig
tokei
tree
unipicker
unzip
unipicker
uutils-coreutils-noprefix
ventoy
vesktop
vscode
watchman
wget
wl-clipboard
yq
xboxdrv
yt-dlp
zoom-us
zoxide
zoom
];
}

52
systems/artemision/secrets.yaml
View File

@ -1,17 +1,17 @@
hello: ENC[AES256_GCM,data:BTCBuBxHFO8vwXU/bsAZryM5rXUOEi0brlvq6DtqfZbzxGz4LaW89VO75MERHQ==,iv:fwqI3arwtlZQ5DtvpVbh21ThuZP8zcqCHsmuJuCfCsY=,tag:tkkEO8/eEDCakdlT0NvajA==,type:str]
example_key: ENC[AES256_GCM,data:xzsymSb4oD70twtoKQ==,iv:9vBmAKET2VIuDSq7AOyvdYWLGlL6cYHTWxy/Z5bB1+c=,tag:NbV4eA2aaY4cQAKUy3QOpw==,type:str]
#ENC[AES256_GCM,data:zeOCzRd/nFRhbANHxPyyjw==,iv:9MmHl3OyhJHVU+cUFJ4QitHd4SeDe3ctaky+yfvk8Zs=,tag:uPGRJtgQj1vIdLt2+w0krg==,type:comment]
hello: ENC[AES256_GCM,data:UJlsd5kvnhEv7eJeYwg+NHm9sgUAxYM5DoR0gDPLi9J7P+8FI8WPMkN1wEAHJA==,iv:NFSdZQ1OK4BT+EAGZz122NB7WrVCEzv4wwMxFIE/OKI=,tag:6YT7Vw8tFrw9iEFKxeKRFQ==,type:str]
example_key: ENC[AES256_GCM,data:KMXgMrqe7M101ZMJ2g==,iv:MJ3Iiu/0KIVhPFnqfovysqvPJAv1OsnxE4VIsuexFkE=,tag:X6KIKNGym8/9VglmG3SNRw==,type:str]
#ENC[AES256_GCM,data:QR3WNE/a1hZIXnTjFjK3kA==,iv:eXoZJ5rQaYqN7LjEp2M13OCMwuQ+80M5AXjV0uNc4C8=,tag:sCvL6pr9zAyWZziffVFMzg==,type:comment]
example_array:
- ENC[AES256_GCM,data:Nwn96XJv8xZWRYv8qws=,iv:K30LBMC8e1vUS0XE+4EIYb3xUUyn6232YmhV2vI9Qnc=,tag:HRe3S88zwj/CjG6NTvjdRQ==,type:str]
- ENC[AES256_GCM,data:l2nuwoAbwaDFHpEWV1Y=,iv:7/2rTd8agUvx73eftpOgidV4XjDUv/JppLIIsiuycnU=,tag:Ohi4JULWDNXJPWZaeXHEdw==,type:str]
example_number: ENC[AES256_GCM,data:toi1e/biUd2Tng==,iv:MPCfhhX9DDaOSzx/L5LTf2VYffin8XvxVyhNDqZLsec=,tag:tE/lml3afP/NjRtpPraoRQ==,type:float]
- ENC[AES256_GCM,data:g8PulCLrXZYSEdZJELE=,iv:irGwciFn1zXBxFpGAJtD46EQLGUO5oqdCzRgv1204JE=,tag:2MuDdRYMjhtTY++lPuj1FQ==,type:str]
- ENC[AES256_GCM,data:qv7GvmoOX8VSdaiW/90=,iv:6NOWeWqHUV9ciKPmZF4C7ijuIPFr3YZi3Dh7xWnb07k=,tag:VHXdBhWmEpb7uavCPqGZ4w==,type:str]
example_number: ENC[AES256_GCM,data:g8BIEIcwKRLSbw==,iv:Ay4aiukAvXeDhzlpMPn++zR0Tt2lMqCx362uN37S+ac=,tag:NTtNaIu5u8YsIm0M4OgL0A==,type:float]
example_booleans:
- ENC[AES256_GCM,data:02CVNA==,iv:L9GmIm9ynm2cWTyd3iYo4fgIeneUyFpEzzzxicM/YNI=,tag:k2EIboiL+c4W1H2OpA2Rqw==,type:bool]
- ENC[AES256_GCM,data:6SJ0JKI=,iv:J0qSvWoOcDwSXCKyau+a0YcCGuH5WABHVh6Kdigac20=,tag:WQdNfjcubbzoHnQW4gua8g==,type:bool]
- ENC[AES256_GCM,data:94T9mg==,iv:qKGJke4SGhgN09Yebh5MPrRBDNnguJQ+1dl5XQffGZQ=,tag:0Pa3eujmSxDCnAHKHsx6yQ==,type:bool]
- ENC[AES256_GCM,data:gEvfi+Q=,iv:0DrXoZk8OkdUShc7WAKOL8xG26RFZp3M3qYFAb1hDAs=,tag:uemBrdF87nrfLpfnQ8bD8g==,type:bool]
apps:
spotify: ENC[AES256_GCM,data:tIABPphA7Vr6VNvJpWTS9kDmidU=,iv:ciQzr8jyIcHYi797NKypPs7FhDgK5ToVZ0eZHHF8UtE=,tag:wUTL/x1p24cXyPUAL1dPfg==,type:str]
wifi-env: ENC[AES256_GCM,data:G+z+fURk4rT61I5BiFzEJJt35jywPNrGpn1QGNhjvxrqPQ/Sq/hIHmQo+bqe9yJeDgMX3RY4EaiZxFTJyxPfW1czjuMSj3vbTp0WcDmGvUJ7li2pX2pzolgly4qmgoOluGBeRZWVLLOZYFB2+kLRMJNNz/bP5k2Eq6O4+l4sljPM+abn9iz9Eh46rVOVRkmDzCltJrYiuBSiSPhTDRTP2+gUbgbaUJTkVrVLUBHg3QU6az6VPN8DPZxbx4LtdaIb93pI,iv:uUfJK/iPdyLP7LqZJolTGGTxaEzlJI59bUVNcB1etkU=,tag:tvXSXSW1MIhLJceEK1afuw==,type:str]
#ENC[AES256_GCM,data:G9ggYJ3YA+E=,iv:nZ5NgeyNKFXFIpquoY68Z2Jz9QROqvf5tv7/s1wSgKk=,tag:QAX555IsAMaWAlz9ywSzjQ==,type:comment]
spotify: ENC[AES256_GCM,data:bp1pdOfS+VGWLtepUjg7KFWw8Fk=,iv:twGO3CjzRxAU81C93mX8qIEZ/FYIQRJnMd2HIuvP9q8=,tag:AJgs0QGFH30E8+ZpaB02TQ==,type:str]
wifi-env: ENC[AES256_GCM,data:6+fHf25fx/PuutOXhMZqx2JVVSDTW7fQU8XOCc2vyUpg7HiRpOKFu5PIZoJQexvJoBNNciiQkju17+xuxnQ48dsRgsdS+wfH86Af55MfqDjG1el/htEOER9f9sTpMwGjIKD1zalkMp7oX17UlIqiCQg7HfcZFb8T4eHzu9w48umiC3WpwlKLykF5W600gYbXx1E1FjwgCwxJ1zRmBTXoz6WHvQ==,iv:DmUyn3/Q7jwqHrK7wSCqIRO1jJsOHNbmG6a/l1YdMmQ=,tag:S3CtTdFyn2Lg5nGlHVU66g==,type:str]
#ENC[AES256_GCM,data:pC2Kdy7wNc0=,iv:J7Ggfv6K3dCzL42j5MGd+BjQGseoAoYs4k6+yc3FSiA=,tag:9MriduP9SEIi+c1q4tfzlQ==,type:comment]
sops:
kms: []
gcp_kms: []
@ -21,26 +21,26 @@ sops:
- recipient: age1jd2dcpykagz20kpk2kkchte3augqncwfn6nywursx0dkfyze6feqdzxkq2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWbElNRkxyZ2VjaitiTWx2
eThsY0h3a2NCZDloWG0rU1ZwVnhOY2VJTXlFCnp3UzNDR216L2R4cVdyWjFqbkRr
cFJGQjQ4Qk9zblYyckVFY3VNekNuajQKLS0tIEdRWldHMjlpTElxQWFVUlh4L1lz
d09aSXN0ZUh3VC9XeTZ4UWoxVDNVN0UKF1eU/IQJgJ8Fg+MrfqQuEZZ775hvtUJR
D/ZS4vj+sDLWq6gy2lIBhRSIAHWrz5gHxvOOGmRnpvkqh9TS6XjLIA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGZC9aczBZekVGMVRBYlFV
MUpDZFFPRTIzL1hpR25vd2pjZzJnRE12TkhRCjdiV3VxVnJpL2l2OU1rNVE3K2kv
akF1UFNtdDFYdUNIMjVwWitOUDJ1UUEKLS0tIFJkSGU1MC90ZlM0TXJOeWlWTnJT
RFVEMjg4bjd4SUF2SjVWZVNDWlpiR1EKmWM9G8/vb1+GX4zGiIj/So4apfi3wzyp
yGi0T3fen3jzfU38xFZ25Tn0pDTQaSG7PkVKQn9YBJ4pGb9JDPfTjw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-28T18:57:09Z"
mac: ENC[AES256_GCM,data:hKhAo7rDplLm19PlrKHQwxnDVXCMU/xpAxPALLDBa0M3yypy2QVD6c6Atn897tYRKf7oeLaUKqnUYdCcZ9gVgm37LS+GtRhf66zfvcKqhZF8wh3M0zTDPYpQDhex0N4BAJ/dcaYIbxqE9pEUxJOI5jip/hptaCJItTEe7oARcF4=,iv:EUayxLaOPcnWX+S9+RlHrxzJRLlSSLIwqbAq3fFI4yg=,tag:LiBsqIodTWamO+c8FqGBag==,type:str]
lastmodified: "2024-09-20T13:52:31Z"
mac: ENC[AES256_GCM,data:IT/GEdJtQHSjzVRdIBIRq1y0Lby4k6gGVDfeg3/bjdDNWkPCnGOc5Uerz3TJ95M3oKMgFiQW2Sa4m/8QX9qhtVfH7gleMhJbzkz1DGKozoCxqWX71BBfiwcAuLG1fzDwfpT4DcRK1ppfC/9kMZ3g7r9Ug6EceXUKXP3uaUgfNjg=,iv:WpEhLffmICyR7bbe0cnT9fjqyL59gVxumz/lsE3oBfU=,tag:k0GSSZeQC9bJ1TWRwhaGQA==,type:str]
pgp:
- created_at: "2024-11-28T18:57:09Z"
- created_at: "2024-09-05T06:10:45Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DQWNzDMjrP2ISAQdALiZMzuQViM23hoFebCXYfQUIvCluWqAEeSJyE/LRHG8w
nQnIVPRIbzLzWfCf+48EW6f7zonHmNY7D9F9KohDmCTcJ5/WvXsJKjebuohR62TF
1GYBCQIQq7nEvwSfn+l5AevKIiodA4BLfM326JSx5hJ6XdrE0MzZo1uoMwKKuxig
mPbDP8Rx51v9f+9DzjBg6kQD5w411HADL8th+wSkpmasP8ozIeiNiIKzzoJc/fD6
AOsExCUt8FU=
=wRT+
hF4DQWNzDMjrP2ISAQdAVPGTjbrJcO6UTQ9bYOqiVqJMehxGkfNMtgnQQL36mQsw
CznpGVos/aNWRKmt0nkfjHuI0y71foFWt7BB/acKspE5YUu831wgrRbB8TyN69DK
1GgBCQIQjanvxCPgcaSWLqw2oXXPzTJ1PRJc2UA4kayYIzvOUP9QBoEruDki0GVi
5n+ZiGGtvx7bihZ1WeJiHcOArPr3xrrrPv6nuAxP05HbSRYhaAU79eOTT1p7MtSO
A0BHgVYuL00FHg==
=Luz2
-----END PGP MESSAGE-----
fp: 5EFFB75F7C9B74EAA5C4637547940175096C1330
unencrypted_suffix: _unencrypted
version: 3.9.1
version: 3.9.0

5
systems/artemision/steam.nix
View File

@ -4,10 +4,7 @@
environment.systemPackages = [ pkgs.steam-run ];
hardware.steam-hardware.enable = true;
programs = {
gamescope = {
enable = true;
capSysNice = true;
};
gamescope.enable = true;
steam = {
enable = true;
remotePlay.openFirewall = true;

16
systems/artemision/stylix.nix
View File

@ -1,16 +0,0 @@
{ pkgs, ... }:
# let
# randWallpaper = pkgs.runCommand "stylix-wallpaper" { } ''
# numWallpapers =
# $((1 + $RANDOM % 10))
# in
{
stylix = {
enable = true;
image = "${pkgs.hyprland}/share/hypr/wall2.png";
#image = "/home/alice/Pictures/Screenshots/screenshot_2024-12-04-2030.png";
polarity = "dark";
};
}

1
systems/artemision/wifi.nix
View File

@ -23,7 +23,6 @@ in
"5HuFios".pskRaw = "ext:PASS_longboat_home";
"24HuFios".pskRaw = "ext:PASS_longboat_home";
"Verizon_ZLHQ3H".pskRaw = "ext:PASS_angie";
"Fios-Qn3RB".pskRaw = "ext:PASS_parkridge";
"optimumwifi" = { };
"CableWiFi" = { };
"JPMCVisitor" = { };

43
systems/palatine-hill/acme.nix
View File

@ -1,43 +0,0 @@
{
config,
lib,
pkgs,
outputs,
...
}:
{
security.acme = {
acceptTerms = true;
defaults.email = "aliceghuston@gmail.com";
certs."nayeonie.com" = {
dnsProvider = "dnsimple";
environmentFile = config.sops.secrets."acme/dnsimple".path;
dnsPropagationCheck = false;
group = "haproxy";
extraDomainNames = [
"*.nayeonie.com"
# "alicehuston.xyz"
# "*.alicehuston.xyz"
];
};
};
systemd.services."acme-nayeonie.com.service".path = lib.mkForce (
with pkgs;
[
coreutils
diffutils
openssl
]
++ [
outputs.packages.x86_64-linux.lego-latest
]
);
sops.secrets = {
"acme/dnsimple" = {
owner = "root";
};
};
}

26
systems/palatine-hill/attic/default.nix
View File

@ -8,18 +8,34 @@
{
environment.systemPackages = with pkgs; [
attic-client
attic
];
services = {
postgresql = {
enable = true;
ensureDatabases = [ "atticd" ];
ensureUsers = [
{
name = "atticd";
ensureDBOwnership = true;
}
];
upgrade = {
enable = true;
stopServices = [ "atticd" ];
};
};
atticd = {
enable = true;
environmentFile = config.sops.secrets."attic/secret-key".path;
credentialsFile = config.sops.secrets."attic/secret-key".path;
settings = {
listen = "[::]:8183";
allowed-hosts = [ "attic.nayeonie.com" ];
api-endpoint = "https://attic.nayeonie.com/";
allowed-hosts = [ "attic.alicehuston.xyz" ];
api-endpoint = "https://attic.alicehuston.xyz";
compression.type = "none"; # let ZFS do the compressing
database = {
url = "postgres://atticd?host=/run/postgresql";
@ -32,7 +48,7 @@
type = "s3";
region = "us-east-1";
bucket = "cache-nix-dot";
endpoint = "https://minio.nayeonie.com";
endpoint = "https://minio.alicehuston.xyz";
};
# Warning: If you change any of the values here, it will be
@ -80,7 +96,7 @@
serviceConfig = {
User = "root";
Restart = "always";
ExecStart = "${pkgs.attic-client}/bin/attic watch-store nix-cache";
ExecStart = "${pkgs.attic}/bin/attic watch-store cache-nix-dot";
};
};
attic-sync-hydra = {

2
systems/palatine-hill/attic/sync-attic.bash
View File

@ -6,5 +6,5 @@ sync_directories=(
)
for dir in "${sync_directories[@]}"; do
find "$dir" -regex ".*\.drv$" -exec attic push nix-cache '{}' \;
find "$dir" -regex ".*\.drv$" -exec attic push cache-nix-dot '{}' \;
done

37
systems/palatine-hill/configuration.nix
View File

@ -6,19 +6,14 @@
}:
{
imports = [
./acme.nix
./attic
./docker
./gitea.nix
./firewall.nix
./docker.nix
./haproxy
./hardware-changes.nix
./hydra.nix
./minio.nix
./networking.nix
./nextcloud.nix
./postgresql.nix
./samba.nix
./zfs.nix
];
@ -58,14 +53,10 @@
};
environment.systemPackages = with pkgs; [
chromedriver
chromium
docker-compose
intel-gpu-tools
jellyfin-ffmpeg
jq
yt-dlp
yq
];
services = {
@ -73,8 +64,32 @@
nfs.server.enable = true;
openssh.ports = [ 666 ];
smartd.enable = true;
calibre-server.enable = false;
postgresql = {
enable = true;
enableJIT = true;
identMap = ''
# ArbitraryMapName systemUser DBUser
superuser_map root postgres
superuser_map alice postgres
# Let other names login as themselves
superuser_map /^(.*)$ \1
'';
# initialScript = config.sops.secrets."postgres/init".path;
upgrade = {
enable = true;
stopServices = [
"hydra-evaluator"
"hydra-init"
"hydra-notify"
"hydra-queue-runner"
"hydra-send-stats"
"hydra-server"
];
};
};
};
nix.gc.options = "--delete-older-than 150d";

4
systems/palatine-hill/default.nix
View File

@ -1,7 +1,5 @@
{ inputs, ... }:
{
users = [ "alice" ];
modules = [
# inputs.attic.nixosModules.atticd
];
modules = [ inputs.attic.nixosModules.atticd ];
}

5
systems/palatine-hill/docker.nix Normal file
View File

@ -0,0 +1,5 @@
{ ... }:
{
virtualisation.docker.daemon.settings.data-root = "/var/lib/docker2";
}

112
systems/palatine-hill/docker/act-runner.nix
View File

@ -1,112 +0,0 @@
{
config,
...
}:
let
vars = import ../vars.nix;
act_path = vars.primary_act;
act_config_path = ./act_config.yaml;
in
{
virtualisation.oci-containers.containers = {
act-stable-latest-main = {
image = "gitea/act_runner:latest";
extraOptions = [
"--stop-signal=SIGINT"
];
labels = {
"com.centurylinklabs.watchtower.enable" = "true";
"com.centurylinklabs.watchtower.scope" = "act-runner";
};
ports = [ "8088:8088" ];
volumes = [
"${act_config_path}:/config.yaml"
"${act_path}/stable-latest-main/data:/data"
"/var/run/docker.sock:/var/run/docker.sock"
];
environment = {
CONFIG_FILE = "/config.yaml";
GITEA_RUNNER_NAME = "stable-latest-main";
};
environmentFiles = [ config.sops.secrets."docker/act-runner".path ];
log-driver = "local";
};
act-stable-latest-1 = {
image = "gitea/act_runner:latest";
extraOptions = [
"--stop-signal=SIGINT"
];
labels = {
"com.centurylinklabs.watchtower.enable" = "true";
"com.centurylinklabs.watchtower.scope" = "act-runner";
};
volumes = [
"${./act_config.yaml}:/config.yaml"
"${act_path}/stable-latest-1/data:/data"
"/var/run/docker.sock:/var/run/docker.sock"
];
environment = {
CONFIG_FILE = "/config.yaml";
GITEA_RUNNER_NAME = "stable-latest-1";
};
environmentFiles = [ config.sops.secrets."docker/act-runner".path ];
log-driver = "local";
};
act-stable-latest-2 = {
image = "gitea/act_runner:latest";
extraOptions = [
"--stop-signal=SIGINT"
];
labels = {
"com.centurylinklabs.watchtower.enable" = "true";
"com.centurylinklabs.watchtower.scope" = "act-runner";
};
volumes = [
"${act_config_path}:/config.yaml"
"${act_path}/stable-latest-2/data:/data"
"/var/run/docker.sock:/var/run/docker.sock"
];
environment = {
CONFIG_FILE = "/config.yaml";
GITEA_RUNNER_NAME = "stable-latest-2";
};
environmentFiles = [ config.sops.secrets."docker/act-runner".path ];
log-driver = "local";
};
};
systemd = {
timers."custom-watchtower@act-runner" = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "20m";
OnUnitActiveSec = "5m";
Unit = "custom-watchtower@act-runner.service";
};
};
services."custom-watchtower@act-runner" = {
bindsTo = [ "docker.service" ];
after = [ "docker.service" ];
description = "a watchtower-esque script for systemd-based oci-containers";
serviceConfig = {
Type = "oneshot";
User = "root";
ExecStart = "${config.nix.package}/bin/nix ${./watchtower.bash} 'com.centurylinklabs.watchtower.scope' 'act-runner'";
};
};
};
sops.secrets = {
"docker/act-runner" = {
owner = "root";
restartUnits = [
"docker-act-stable-latest-main.service"
"docker-act-stable-latest-1.service"
"docker-act-stable-latest-2.service"
];
};
};
}

95
systems/palatine-hill/docker/act_config.yaml
View File

@ -1,95 +0,0 @@
# Example configuration file, it's safe to copy this as the default config file without any modification.
# You don't have to copy this file to your instance,
# just run `./act_runner generate-config > config.yaml` to generate a config file.
log:
# The level of logging, can be trace, debug, info, warn, error, fatal
level: debug
runner:
# Where to store the registration result.
file: .runner
# Execute how many tasks concurrently at the same time.
capacity: 1
# Extra environment variables to run jobs.
envs:
A_TEST_ENV_NAME_1: a_test_env_value_1
A_TEST_ENV_NAME_2: a_test_env_value_2
# Extra environment variables to run jobs from a file.
# It will be ignored if it's empty or the file doesn't exist.
env_file: .env
# The timeout for a job to be finished.
# Please note that the Gitea instance also has a timeout (3h by default) for the job.
# So the job could be stopped by the Gitea instance if it's timeout is shorter than this.
timeout: 3h
# The timeout for the runner to wait for running jobs to finish when shutting down.
# Any running jobs that haven't finished after this timeout will be cancelled.
shutdown_timeout: 30m
# Whether skip verifying the TLS certificate of the Gitea instance.
insecure: false
# The timeout for fetching the job from the Gitea instance.
fetch_timeout: 5s
# The interval for fetching the job from the Gitea instance.
fetch_interval: 2s
# The labels of a runner are used to determine which jobs the runner can run, and how to run them.
# Like: "macos-arm64:host" or "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
# Find more images provided by Gitea at https://gitea.com/gitea/runner-images .
# If it's empty when registering, it will ask for inputting labels.
# If it's empty when execute `daemon`, will use labels in `.runner` file.
labels:
- "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
- "ubuntu-22.04:docker://gitea/runner-images:ubuntu-22.04"
- "ubuntu-20.04:docker://gitea/runner-images:ubuntu-20.04"
#cache:
# Enable cache server to use actions/cache.
#enabled: true
# The directory to store the cache data.
# If it's empty, the cache data will be stored in $HOME/.cache/actcache.
#dir: ""
# The host of the cache server.
# It's not for the address to listen, but the address to connect from job containers.
# So 0.0.0.0 is a bad choice, leave it empty to detect automatically.
#host: ""
# The port of the cache server.
# 0 means to use a random available port.
#port: 0
# The external cache server URL. Valid only when enable is true.
# If it's specified, act_runner will use this URL as the ACTIONS_CACHE_URL rather than start a server by itself.
# The URL should generally end with "/".
#external_server: ""
container:
# Specifies the network to which the container will connect.
# Could be host, bridge or the name of a custom network.
# If it's empty, act_runner will create a network automatically.
network: ""
# Whether to use privileged mode or not when launching task containers (privileged mode is required for Docker-in-Docker).
privileged: false
# And other options to be used when the container is started (eg, --add-host=my.gitea.url:host-gateway).
options:
# The parent directory of a job's working directory.
# NOTE: There is no need to add the first '/' of the path as act_runner will add it automatically.
# If the path starts with '/', the '/' will be trimmed.
# For example, if the parent directory is /path/to/my/dir, workdir_parent should be path/to/my/dir
# If it's empty, /workspace will be used.
workdir_parent:
# Volumes (including bind mounts) can be mounted to containers. Glob syntax is supported, see https://github.com/gobwas/glob
# You can specify multiple volumes. If the sequence is empty, no volumes can be mounted.
# For example, if you only allow containers to mount the `data` volume and all the json files in `/src`, you should change the config to:
# valid_volumes:
# - data
# - /src/*.json
# If you want to allow any volume, please use the following configuration:
# valid_volumes:
# - '**'
valid_volumes: []
# overrides the docker client host with the specified one.
# If it's empty, act_runner will find an available docker host automatically.
# If it's "-", act_runner will find an available docker host automatically, but the docker host won't be mounted to the job containers and service containers.
# If it's not empty or "-", the specified docker host will be used. An error will be returned if it doesn't work.
docker_host: ""
# Pull docker image(s) even if already present
force_pull: true
# Rebuild docker image(s) even if already present
force_rebuild: false
host:
# The parent directory of a job's working directory.
# If it's empty, $HOME/.cache/act/ will be used.
workdir_parent:

152
systems/palatine-hill/docker/archiveteam.nix
View File

@ -1,152 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
containers = {
archiveteam-imgur = {
image = "imgur-grab";
scale = 1;
};
archiveteam-telegram = {
image = "telegram-grab";
scale = 3;
};
archiveteam-reddit = {
image = "reddit-grab";
scale = 0;
};
archiveteam-dpreview = {
image = "dpreview-grab";
scale = 0;
};
archiveteam-issuu = {
image = "issuu-grab";
scale = 0;
};
archiveteam-urls = {
image = "urls-grab";
scale = 2;
};
archiveteam-urlteam = {
image = "terroroftinytown-client-grab";
scale = 2;
};
archiveteam-mediafire = {
image = "mediafire-grab";
scale = 1;
};
archiveteam-github = {
image = "github-grab";
scale = 1;
};
archiveteam-lineblog = {
image = "lineblog-grab";
scale = 0;
};
archiveteam-banciyuan = {
image = "banciyuan-grab";
scale = 0;
};
archiveteam-wysp = {
image = "wysp-grab";
scale = 0;
};
archiveteam-xuite = {
image = "xuite-grab";
scale = 0;
};
archiveteam-gfycat = {
image = "gfycat-grab";
scale = 0;
};
archiveteam-skyblog = {
image = "skyblog-grab";
scale = 0;
};
archiveteam-zowa = {
image = "zowa-grab";
scale = 0;
};
archiveteam-blogger = {
image = "blogger-grab";
scale = 1;
};
archiveteam-vbox7 = {
image = "vbox7-grab";
scale = 0;
};
archiveteam-pastebin = {
image = "pastebin-grab";
scale = 1;
};
archiveteam-youtube = {
image = "youtube-grab";
scale = 0;
};
archiveteam-deviantart = {
image = "deviantart-grab";
scale = 0;
};
archiveteam-postnews = {
image = "postnews-grab";
scale = 0;
};
archiveteam-askfm = {
image = "askfm-grab";
scale = 1;
};
archiveteam-mangz = {
image = "mangaz-grab";
scale = 1;
};
archiveteam-cohost = {
image = "cohost-grab";
scale = 1;
};
};
container-spec = container-name: container: {
image = "atdr.meo.ws/archiveteam/${container}:latest";
extraOptions = [
"--stop-signal=SIGINT"
];
labels = {
"com.centurylinklabs.watchtower.enable" = "true";
"com.centurylinklabs.watchtower.scope" = "archiveteam";
};
volumes = [ "${at_path}/${container-name}:/grab/data" ];
log-driver = "local";
cmd = lib.splitString " " "--concurrent 6 AmAnd0";
};
inherit (lib.adev.container-utils) createTemplatedContainers;
vars = import ../vars.nix;
at_path = vars.primary_archiveteam;
in
{
virtualisation.oci-containers.containers = createTemplatedContainers containers container-spec;
systemd = {
timers."custom-watchtower@archiveteam" = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "20m";
OnUnitActiveSec = "5m";
Unit = "custom-watchtower@archiveteam.service";
};
};
services."custom-watchtower@archiveteam" = {
bindsTo = [ "docker.service" ];
after = [ "docker.service" ];
description = "a watchtower-esque script for systemd-based oci-containers";
serviceConfig = {
Type = "oneshot";
User = "root";
ExecStart = "${config.nix.package}/bin/nix ${./watchtower.bash} 'com.centurylinklabs.watchtower.scope' 'archiveteam'";
};
};
};
}

32
systems/palatine-hill/docker/books.nix
View File

@ -1,32 +0,0 @@
{ ... }:
let
vars = import ../vars.nix;
docker_path = vars.primary_docker;
calibre_path = vars.primary_calibre;
in
{
virtualisation.oci-containers.containers = {
automated-ffdl-alice = {
image = "mrtyton/automated-ffdl:latest";
user = "600:100";
extraOptions = [ "--restart=unless-stopped" ];
environment = {
PUID = "600";
PGID = "100";
};
volumes = [
"${docker_path}/auto-fic/config:/config"
"${calibre_path}/ffdl-alice:/var/lib/calibre-server"
];
};
};
services.autopull = {
enable = true;
repo.FanFicFare-alice = {
enable = true;
path = /ZFS/ZFS-primary/calibre/ffdl-alice/config/FanFicFare;
};
};
}

79
systems/palatine-hill/docker/default.nix
View File

@ -1,79 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [
./act-runner.nix
# temp disable archiveteam for tiktok archiving
#./archiveteam.nix
# ./books.nix
#./firefly.nix
#./foundry.nix
./glances.nix
# ./haproxy.nix
./minecraft.nix
./nextcloud.nix
# ./postgres.nix
# ./restic.nix
./torr.nix
# ./unifi.nix
];
virtualisation.oci-containers.backend = "docker";
virtualisation.docker.daemon.settings = {
data-root = "/var/lib/docker2";
bip = "169.254.253.254/23";
fixed-cidr = "169.254.252.0/23";
default-address-pools = [
{
base = "169.254.2.0/23";
size = 28;
}
{
base = "169.254.4.0/22";
size = 28;
}
{
base = "169.254.8.0/21";
size = 28;
}
{
base = "169.254.16.0/20";
size = 28;
}
{
base = "169.254.32.0/19";
size = 28;
}
{
base = "169.254.64.0/18";
size = 28;
}
{
base = "169.254.128.0/18";
size = 28;
}
{
base = "169.254.192.0/19";
size = 28;
}
{
base = "169.254.224.0/20";
size = 28;
}
{
base = "169.254.240.0/21";
size = 28;
}
{
base = "169.254.248.0/22";
size = 28;
}
];
mtu = 9000;
};
}

25
systems/palatine-hill/docker/firefly.nix
View File

@ -1,25 +0,0 @@
{ ... }:
let
vars = import ../vars.nix;
ffiii_path = "${vars.primary_docker}/firefly-iii";
in
{
virtualisation.oci-containers.containers = {
firefly = {
image = "fireflyiii/core:latest";
extraOptions = [
"--network=firefly-iii_default"
"--network=postgres-net"
];
environmentFiles = [ "${ffiii_path}/.env" ];
ports = [ "4188:8080" ];
volumes = [ "${ffiii_path}/app/upload:/var/www/html/storage/upload" ];
};
fidi = {
image = "fireflyiii/data-importer:latest";
environmentFiles = [ "${ffiii_path}/.fidi.env" ];
ports = [ "4187:8080" ];
dependsOn = [ "firefly" ];
};
};
}

28
systems/palatine-hill/docker/foundry.nix
View File

@ -1,28 +0,0 @@
{ config, ... }:
let
vars = import ../vars.nix;
fvtt_path = "${vars.primary_games}/foundryvtt";
in
{
virtualisation.oci-containers.containers = {
foundryvtt = {
image = "felddy/foundryvtt:11";
hostname = "foundryvtt";
environment = {
#CONTAINER_PRESERVE_CONFIG= "true";
TIMEZONE = "America/New_York";
FOUNDRY_MINIFY_STATIC_FILES = "true";
};
environmentFiles = [ config.sops.secrets."docker/foundry".path ];
volumes = [ "${fvtt_path}:/data" ];
extraOptions = [
"--network=haproxy-net"
];
};
};
sops.secrets."docker/foundry" = {
owner = "docker-service";
restartUnits = [ "docker-foundryvtt.service" ];
};
}

24
systems/palatine-hill/docker/glances.nix
View File

@ -1,24 +0,0 @@
{ ... }:
let
vars = import ../vars.nix;
glances_path = "${vars.primary_docker}/glances";
in
{
virtualisation.oci-containers.containers = {
glances = {
image = "nicolargo/glances:latest-full";
extraOptions = [
"--pid=host"
"--network=haproxy-net"
];
volumes = [
"/var/run/docker.sock:/var/run/docker.sock"
"${glances_path}/glances.conf:/glances/conf/glances.conf"
];
environment = {
GLANCES_OPT = "-C /glances/conf/glances.conf -w";
};
};
};
}

207
systems/palatine-hill/docker/haproxy.cfg
View File

@ -1,207 +0,0 @@
global
# stats socket /var/run/api.sock user haproxy group haproxy mode 660 level admin expose-fd listeners
# log stdout format raw local0 info
log stdout format raw local0
crt-base /etc/ssl/certs/
maxconn 120000
defaults
log global
mode http
timeout client 2000m
timeout connect 200s
timeout server 2000m
timeout http-request 2000m
frontend stats # you can call this whatever you want
mode http
bind *:9000 # default port, but you can pick any port
stats enable # turns on stats module
stats refresh 10s # set auto-refresh rate
#Application Setup
frontend ContentSwitching
bind *:80
# bind *:443 ssl crt /etc/ssl/certs/cloudflare.pem
bind *:443 ssl crt /etc/ssl/certs/origin_ca_ecc_root_new.pem crt /var/lib/acme/nayeonie.com/full.pem strict-sni
mode http
option httplog
# max-age is mandatory
# 16000000 seconds is a bit more than 6 months
http-response set-header Strict-Transport-Security "max-age=16000000; includeSubDomains; preload;"
# Front-end acess control list
http-request return status 200 content-type text/plain lf-string "%[path,field(-1,/)].${ACCOUNT_THUMBPRINT}\n" if { path_beg '/.well-known/acme-challenge/' }
# Front-end acess control list
acl host_www hdr(host) -i www.alicehuston.xyz
acl host_www hdr(host) -i alicehuston.xyz
# acl host_ldapui hdr(host) -i authui.alicehuston.xyz
acl host_glances hdr(host) -i monit.alicehuston.xyz
acl host_glances hdr(host) -i glances.alicehuston.xyz
# acl host_foundry hdr(host) -i dnd.alicehuston.xyz
# acl host_netdata hdr(host) -i netdata.alicehuston.xyz
#acl host_terraria hdr(host) -i terraria.alicehuston.xyz
acl host_nextcloud hdr(host) -i nextcloud.alicehuston.xyz
acl host_nextcloud hdr(host) -i nayeonie.com
acl host_hydra hdr(host) -i hydra.alicehuston.xyz
acl host_attic hdr(host) -i attic.alicehuston.xyz
acl host_minio hdr(host) -i minio.alicehuston.xyz
acl host_minio_console hdr(host) -i minio-console.alicehuston.xyz
acl host_attic hdr(host) -i attic.nayeonie.com
acl host_minio hdr(host) -i minio.nayeonie.com
acl host_minio_console hdr(host) -i minio-console.nayeonie.com
#acl host_nextcloud_vol hdr(host) -i nextcloud-vol.alicehuston.xyz
# acl host_collabora hdr(host) -i collabora.alicehuston.xyz
acl host_prometheus hdr(host) -i prom.alicehuston.xyz
acl host_gitea hdr(host) -i git.alicehuston.xyz
acl host_gitea hdr(host) -i nayeonie.com
# Backend-forwarding
use_backend www_nodes if host_www
# use_backend ldapui_nodes if host_ldapui
use_backend glances_nodes if host_glances
use_backend foundry_nodes if host_foundry
# use_backend netdata_nodes if host_netdata
# use_backend terraria_nodes if host_terraria
use_backend nextcloud_nodes if host_nextcloud
use_backend hydra_nodes if host_hydra
use_backend attic_nodes if host_attic
#use_backend nextcloud_vol_nodes if host_nextcloud_vol
# use_backend collabora_nodes if host_collabora
use_backend prometheus_nodes if host_prometheus
use_backend minio_nodes if host_minio
use_backend minio_console_nodes if host_minio_console
use_backend gitea_nodes if host_gitea
#frontend ldap
# bind *:389
# bind *:636 ssl crt /etc/ssl/certs/cloudflare.pem
# mode tcp
# option tcplog
# acl host_ldap hdr(host) -i auth.alicehuston.xyz
# use_backend ldap_nodes if host_ldap
backend nextcloud_nodes
mode http
server server nextcloud:80
acl url_discovery path /.well-known/caldav /.well-known/carddav
http-request redirect location /remote.php/dav/ code 301 if url_discovery
acl h_xfh_exists req.hdr(X-Forwarded-Host) -m found
http-request set-header X-Forwarded-Host %[req.hdr(host)] unless h_xfh_exists
acl h_xfport_exists req.hdr(X-Forwarded-Port) -m found
http-request set-header X-Forwarded-Port %[dst_port] unless h_xfport_exists
acl h_xfproto_exists req.hdr(X-Forwarded-Proto) -m found
http-request set-header X-Forwarded-Proto http if !{ ssl_fc } !h_xfproto_exists
http-request set-header X-Forwarded-Proto https if { ssl_fc } !h_xfproto_exists
#backend nextcloud_nodes
# mode http
# server nxserver nextcloud:80
# acl url_discovery path /.well-known/caldav /.well-known/carddav
# http-request redirect location /remote.php/dav/ code 301 if url_discovery
# http-request set-header X-Forwarded-Host %[req.hdr(Host)]
#backend nextcloud_vol_nodes
# mode http
# server server nextcloud-vol:80
# acl url_discovery path /.well-known/caldav /.well-known/carddav
# http-request redirect location /remote.php/dav/ code 301 if url_discovery
# acl h_xfh_exists req.hdr(X-Forwarded-Host) -m found
# http-request set-header X-Forwarded-Host %[req.hdr(host)] unless h_xfh_exists
# acl h_xfport_exists req.hdr(X-Forwarded-Port) -m found
# http-request set-header X-Forwarded-Port %[dst_port] unless h_xfport_exists
# acl h_xfproto_exists req.hdr(X-Forwarded-Proto) -m found
# http-request set-header X-Forwarded-Proto http if !{ ssl_fc } !h_xfproto_exists
# http-request set-header X-Forwarded-Proto https if { ssl_fc } !h_xfproto_exists
#backend terraria_nodes
# mode http
# server server terraria:6526
#backend collabora_nodes
# mode http
# server server collabora:9980
backend www_nodes
mode http
server server grafana:3000
backend minio_nodes
mode http
server server 192.168.76.2:8500
# acl h_xfh_exists req.hdr(X-Forwarded-Host) -m found
# http-request set-header X-Forwarded-Host %[req.hdr(host)] unless h_xfh_exists
# acl h_xfport_exists req.hdr(X-Forwarded-Port) -m found
# http-request set-header X-Forwarded-Port %[dst_port] unless h_xfport_exists
# acl h_xfproto_exists req.hdr(X-Forwarded-Proto) -m found
# http-request set-header X-Forwarded-Proto http if !{ ssl_fc } !h_xfproto_exists
# http-request set-header X-Forwarded-Proto https if { ssl_fc } !h_xfproto_exists
backend minio_console_nodes
mode http
server server 192.168.76.2:8501
# backend foundry_nodes
# timeout tunnel 50s
# mode http
# server server foundryvtt:30000
#backend ldap_nodes
# mode tcp
# balance roundrobin
# option ldap-check
# server ldap1 192.168.76.2:1636 ssl ca-file /etc/ssl/certs/origin_ca_rsa_root.pem
#
#backend ldapui_nodes
# mode http
# server server 192.168.76.2:18081
backend glances_nodes
mode http
server server glances:61208
backend hydra_nodes
mode http
server server 192.168.76.2:3000
backend attic_nodes
mode http
server server 192.168.76.2:8183
backend prometheus_nodes
mode http
server server 192.168.76.2:9001
backend gitea_nodes
mode http
server server 192.168.76.2:6443
#backend netdata_nodes
# mode http
# server server 192.168.76.2:19999
# backend dnd_nodes
# mode http
# server server foundry:30000
# acl host_www hdr(host) -i www.tmmworkshop.com
frontend giteassh
mode tcp
bind :2222
default_backend giteassh_nodes
backend giteassh_nodes
mode tcp
server s1 192.168.76.2:2223
frontend minecraft
mode tcp
bind :25565
default_backend router_nodes
backend router_nodes
mode tcp
server s1 mc-router:25565

33
systems/palatine-hill/docker/haproxy.nix
View File

@ -1,33 +0,0 @@
{ ... }:
{
virtualisation.oci-containers.containers = {
haproxy = {
image = "haproxy:latest";
extraOptions = [
"--restart=always"
"--network=haproxy-net"
];
volumes = [
"${./haproxy.cfg}:/usr/local/etc/haproxy/haproxy.cfg:ro"
"/ZFS/ZFS-primary/docker/haproxy/certs:/etc/ssl/certs:ro"
];
ports = [
"80:80"
"443:443"
"25565:25565"
];
environment = {
PUID = "600";
PGID = "600";
};
dependsOn = [
"nextcloud"
"grafana"
"foundryvtt"
"glances"
"mc-router"
];
};
};
}

96
systems/palatine-hill/docker/minecraft.nix
View File

@ -1,96 +0,0 @@
{ config, lib, ... }:
let
servers = {
atm6 = "atm6.alicehuston.xyz";
stoneblock3 = "sb3.alicehuston.xyz";
RAD2 = "rad.alicehuston.xyz";
skyfactory = "sf.alicehuston.xyz";
divinejourney = "dj.alicehuston.xyz";
rlcraft = "rlcraft.alicehuston.xyz";
arcanum-institute = "arcanum.alicehuston.xyz";
# bcg-plus = "bcg.alicehuston.xyz";
};
defaultServer = "rlcraft";
# defaultEnv = {
# EULA = "true";
# TYPE = "AUTO_CURSEFORGE";
# STOP_SERVER_ANNOUNCE_DELAY = "120";
# STOP_DURATION = "600";
# SYNC_CHUNK_WRITES = "false";
# USE_AIKAR_FLAGS = "true";
# MEMORY = "8GB";
# ALLOW_FLIGHT = "true";
# MAX_TICK_TIME = "-1";
# };
# defaultOptions = [
# "--stop-signal=SIGTERM"
# "--stop-timeout=1800"
# "--network=minecraft-net"
# ];
# vars = import ../vars.nix;
# minecraft_path = "${vars.primary_games}/minecraft";
in
{
virtualisation.oci-containers.containers = {
mc-router = {
image = "itzg/mc-router:latest";
extraOptions = [
"--network=haproxy-net"
"--network=minecraft-net"
];
cmd = [
(
"--mapping=mc.alicehuston.xyz=${defaultServer}:25565"
+ (lib.adev.mapAttrsToString (hostname: url: "," + url + "=" + hostname + ":25565") servers)
)
];
};
# rlcraft = {
# image = "itzg/minecraft-server:java8";
# volumes = [
# "${minecraft_path}/rlcraft/modpacks:/modpacks:ro"
# "${minecraft_path}/rlcraft/data:/data"
# ];
# hostname = "rlcraft";
# environment = defaultEnv // {
# VERSION = "1.12.2";
# CF_SLUG = "rlcraft";
# DIFFICULTY = "hard";
# ENABLE_COMMAND_BLOCK = "true";
# };
# extraOptions = defaultOptions;
# log-driver = "local";
# environmentFiles = [ config.sops.secrets."docker/minecraft".path ];
# };
# bcg-plus = {
# image = "itzg/minecraft-server:java17";
# volumes = [
# "${minecraft_path}/bcg-plus/modpacks:/modpacks:ro"
# "${minecraft_path}/bcg-plus/data:/data"
# ];
# hostname = "bcg-plus";
# environment = defaultEnv // {
# VERSION = "1.17";
# CF_SLUG = "bcg";
# DIFFICULTY = "normal";
# DEBUG = "true";
# # ENABLE_COMMAND_BLOCK = "true";
# };
# extraOptions = defaultOptions;
# log-driver = "local";
# environmentFiles = [ config.sops.secrets."docker/minecraft".path ];
# };
};
sops = {
defaultSopsFile = ../secrets.yaml;
secrets = {
"docker/minecraft".owner = "docker-service";
};
};
}

7
systems/palatine-hill/docker/nextcloud-image/nextcloud-apache.nix Normal file
View File

@ -0,0 +1,7 @@
{
imageName = "nextcloud";
imageDigest = "sha256:fe7f941cc514fe01e343a515c7b33e6b12707c718157f6e25a67119e9918a061";
sha256 = "07w9rvmr2qy037ljdmk6w1n2dmwwa31ig7gzfb084wiv18hjfrg4";
finalImageName = "nextcloud";
finalImageTag = "apache";
}

107
systems/palatine-hill/docker/nextcloud.nix
View File

@ -1,107 +0,0 @@
{ config, ... }:
let
vars = import ../vars.nix;
nextcloud_path = vars.primary_nextcloud;
redis_path = vars.primary_redis;
# nextcloud-image = import ./nextcloud-image { inherit pkgs; };
nextcloud-base = {
# image comes from running docker compose build in nextcloud-docker/.examples/full/apache
image = "nextcloud-nextcloud";
hostname = "nextcloud";
volumes = [
"${nextcloud_path}/nc_data:/var/www/html:z"
"${nextcloud_path}/nc_php:/usr/local/etc/php"
"${nextcloud_path}/nc_prehooks:/docker-entrypoint-hooks.d/before-starting"
#"${nextcloud_path}/remoteip.conf:/etc/apache2/conf-enabled/remoteip.conf:ro"
];
extraOptions = [
"--network=haproxy-net"
"--network=postgres-net"
"--network=nextcloud_default"
];
dependsOn = [ "redis" ];
environmentFiles = [ config.sops.secrets."docker/nextcloud".path ];
};
in
{
virtualisation.oci-containers.containers = {
nextcloud = nextcloud-base // {
ports = [ "9999:80" ];
};
redis = {
image = "redis:latest";
user = "600:600";
volumes = [
"${config.sops.secrets."docker/redis".path}:/usr/local/etc/redis/redis.conf"
"${redis_path}:/data"
];
extraOptions = [
"--network=nextcloud_default"
];
cmd = [
"redis-server"
"/usr/local/etc/redis/redis.conf"
];
};
go-vod = {
image = "radialapps/go-vod:latest";
dependsOn = [ "nextcloud" ];
environment = {
NEXTCLOUD_HOST = "https://nextcloud.alicehuston.xyz";
};
volumes = [ "${nextcloud_path}/nc_data:/var/www/html:ro" ];
extraOptions = [
"--device=/dev/dri:/dev/dri"
];
};
collabora-code = {
image = "collabora/code:latest";
dependsOn = [ "nextcloud" ];
environment = {
aliasgroup1 = "https://collabora.nayenoie.com:443";
aliasgroup2 = "https://nextcloud.alicehuston.xyz:443";
aliasgroup3 = "https://.*:443";
extra_params = "--o:ssl.enable=false --o:ssl.termination=true";
};
environmentFiles = [
config.sops.secrets."docker/collabora".path
];
extraOptions = [
"--network=haproxy-net"
"--privileged"
];
ports = [ "9980:9980" ];
};
};
users.users.www-data = {
uid = 33;
isSystemUser = true;
group = "www-data";
};
users.groups.www-data = {
gid = 33;
members = [ "www-data" ];
};
sops = {
defaultSopsFile = ../secrets.yaml;
secrets = {
"docker/redis" = {
owner = "docker-service";
restartUnits = [ "docker-redis.service" ];
};
"docker/nextcloud" = {
owner = "www-data";
restartUnits = [ "docker-nextcloud.service" ];
};
"docker/collabora" = {
owner = "www-data";
restartUnits = [ "docker-collabora-code.service" ];
};
};
};
}

67
systems/palatine-hill/docker/postgres.nix
View File

@ -1,67 +0,0 @@
{ config, ... }:
let
vars = import ../vars.nix;
psql_path = "${vars.primary_db}/postgresql";
in
{
virtualisation.oci-containers.containers = {
postgres = {
image = "postgres:16";
user = "600:600";
volumes = [
"${psql_path}/primary_new:/var/lib/postgresql/data"
"${psql_path}/pg_archives:/opt/pg_archives"
];
log-driver = "local";
extraOptions = [
"--network=postgres-net"
"--health-cmd='pg_isready -U firefly'"
"--health-interval=1s"
"--health-timeout=5s"
"--health-retries=15"
"--shm-size=1gb"
"--restart=always"
];
environmentFiles = [ config.sops.secrets."docker/pg".path ];
};
postgres-secondary = {
image = "postgres:16";
user = "600:600";
volumes = [
"${psql_path}/secondary_new:/var/lib/postgresql/data"
"${psql_path}/pg_archives:/opt/pg_archives"
];
log-driver = "local";
extraOptions = [
"--network=postgres-net"
"--health-cmd='pg_isready -U firefly'"
"--health-interval=1s"
"--health-timeout=5s"
"--health-retries=15"
"--shm-size=1gb"
"--restart=always"
];
environmentFiles = [ config.sops.secrets."docker/pg".path ];
};
postgres-adminer = {
image = "adminer/latest";
user = "600:600";
ports = [ "4191:8080" ];
dependsOn = [ "postgres" ];
extraOptions = [
"--restart=always"
"--network=postgres-net"
];
};
};
sops = {
defaultSopsFile = ../secrets.yaml;
secrets = {
"docker/pg".owner = "docker-service";
};
};
}

38
systems/palatine-hill/docker/restic.nix
View File

@ -1,38 +0,0 @@
{ ... }:
let
vars = import ../vars.nix;
restic_path = "${vars.primary_backups}/restic";
in
{
virtualisation.oci-containers.containers = {
restic = {
image = "restic/rest-server:latest";
volumes = [ "${restic_path}:/data" ];
environment = {
OPTIONS = "--prometheus --htpasswd-file /data/.htpasswd";
};
ports = [ "8010:8000" ];
extraOptions = [
"--restart=always"
"--network=restic_restic"
];
};
grafana = {
image = "grafana/grafana:latest";
extraOptions = [
"--restart=always"
"--network=haproxy-net"
];
volumes = [
"grafanadata:/var/lib/grafana"
"${restic_path}/dashboards:/dashboards"
"${restic_path}/grafana.ini:/etc/grafana/grafana.ini"
];
environment = {
GF_USERS_DEFAULT_THEME = "dark";
};
};
};
}

103
systems/palatine-hill/docker/torr.nix
View File

@ -1,103 +0,0 @@
{ pkgs, ... }:
let
delugeBase = {
environment = {
PUID = "600";
PGID = "100";
TZ = "America/New_York";
UMASK = "000";
DEBUG = "true";
DELUGE_DAEMON_LOG_LEVEL = "debug";
DELUGE_WEB_LOG_LEVEL = "debug";
};
};
vars = import ../vars.nix;
#docker_path = vars.primary_docker;
torr_path = vars.primary_torr;
deluge_path = "${torr_path}/deluge";
delugevpn_path = "${torr_path}/delugevpn";
genSopsConf = file: {
"${file}" = {
format = "binary";
sopsFile = ./wg/${file};
path = "${delugevpn_path}/config/wireguard/configs/${file}";
owner = "docker-service";
group = "users";
restartUnits = [ "docker-delugeVPN.service" ];
};
};
in
{
virtualisation.oci-containers.containers = {
deluge = delugeBase // {
image = "binhex/arch-deluge";
volumes = [
"${deluge_path}/config:/config"
"${deluge_path}/data/:/data"
"/etc/localtime:/etc/localtime:ro"
];
ports = [
"8084:8112"
"29433:29433"
];
};
delugeVPN = delugeBase // {
image = "binhex/arch-delugevpn";
extraOptions = [
"--privileged=true"
"--sysctl"
"net.ipv4.conf.all.src_valid_mark=1"
];
environment = delugeBase.environment // {
VPN_ENABLED = "yes";
VPN_CLIENT = "wireguard";
VPN_PROV = "custom";
ENABLE_PRIVOXY = "yes";
LAN_NETWORK = "192.168.0.0/16";
NAME_SERVERS = "194.242.2.9";
# note, delete /config/perms.txt to force a bulk permissions update
};
volumes = [
"${delugevpn_path}/config:/config"
"${delugevpn_path}/data:/data"
"/etc/localtime:/etc/localtime:ro"
];
ports = [
"8085:8112"
"8119:8118"
"39275:39275"
"39275:39275/udp"
];
};
};
systemd.services.docker-delugeVPN = {
serviceConfig = {
ExecStartPre = [
(
"${pkgs.bash}/bin/bash -c \"${pkgs.findutils}/bin/find ${delugevpn_path}/config/wireguard/configs "
+ "-type l -not -name wg0.conf "
+ "| ${pkgs.coreutils}/bin/shuf -n 1 "
+ "| ${pkgs.findutils}/bin/xargs -I {} cp -L {} ${delugevpn_path}/config/wireguard/wg0.conf &&"
+ "${pkgs.coreutils}/bin/chown docker-service:users ${delugevpn_path}/config/wireguard/wg0.conf &&"
+ "${pkgs.coreutils}/bin/chmod 440 ${delugevpn_path}/config/wireguard/wg0.conf\""
)
];
ExecStopPost = [ "${pkgs.coreutils}/bin/rm ${delugevpn_path}/config/wireguard/wg0.conf" ];
};
};
sops.secrets =
(genSopsConf "se-mma-wg-001.conf")
// (genSopsConf "se-mma-wg-002.conf")
// (genSopsConf "se-mma-wg-003.conf")
// (genSopsConf "se-mma-wg-004.conf")
// (genSopsConf "se-mma-wg-005.conf")
// (genSopsConf "se-mma-wg-101.conf")
// (genSopsConf "se-mma-wg-102.conf")
// (genSopsConf "se-mma-wg-103.conf");
}

61
systems/palatine-hill/docker/unifi.nix
View File

@ -1,61 +0,0 @@
{ config, ... }:
let
vars = import ../vars.nix;
unifi_path = "${vars.primary_docker}/unifi-2.0";
mongo_path = "${vars.primary_db}/mongo";
in
{
virtualisation.oci-containers.containers = {
unifi-controller = {
image = "lscr.io/linuxserver/unifi-network-application:latest";
volumes = [ "${unifi_path}/config:/config" ];
log-driver = "local";
dependsOn = [ "mongodb" ];
extraOptions = [ "--restart=unless-stopped" ];
ports = [
"8443:8443"
"3478:3478/udp"
"10001:10001/udp"
"8080:8080"
"1900:1900/udp" # optional
"8843:8843" # optional
"8880:8880" # optional
"6789:6789" # optional
"5514:5514/udp" # optional
];
environment = {
PUID = "1000";
PGID = "100";
TZ = "America/New_York";
MEM_LIMIT = "1024"; # optional
MEM_STARTUP = "1024"; # optional
MONGO_USER = "unifi";
MONGO_HOST = "mongodb";
MONGO_PORT = "27017";
MONGO_DBNAME = "unifi";
};
environmentFiles = [ config.sops.secrets."docker/unifi".path ];
};
mongodb = {
image = "docker.io/mongo:7.0";
environment = {
PUID = "1000";
PGID = "100";
TZ = "America/New_York";
};
extraOptions = [ "--restart=unless-stopped" ];
volumes = [
"${mongo_path}/unifi:/data/db"
"${unifi_path}/init-mongo.js:/docker-entrypoint-initdb.d/init-mongo.js:ro"
];
};
};
sops = {
defaultSopsFile = ../secrets.yaml;
secrets = {
"docker/unifi".owner = "docker-service";
};
};
}

26
systems/palatine-hill/docker/watchtower.bash
View File

@ -1,26 +0,0 @@
#! /usr/bin/env nix
#! nix shell nixpkgs#docker nixpkgs#bash nixpkgs#gawk --command bash
outdated_msg="Project code is out of date and needs to be upgraded. To remedy this problem immediately, you may reboot your warrior."
label="$1"
label_val="$2"
if (($# != 2)); then
echo "usage: $0 label label_value"
fi
containers=$(docker ps --format '{{.Names}}' -f "label=${label}=${label_val}")
for container in ${containers[@]}; do
echo "checking ${container}"
last_msg=$(docker logs -n 1 "${container}")
if [[ $last_msg =~ $outdated_msg ]]; then
echo "${container} is outdated, restarting"
imageTag=$(docker ps --format '{{.Names}}\t{{.Image}}' -f "name=$container" | grep -w "$container" | awk '{print $NF}')
docker pull "$imageTag"
systemctl restart "docker-${container}"
fi
done

26
systems/palatine-hill/docker/wg/se-mma-wg-001.conf
View File

@ -1,26 +0,0 @@
{
"data": "ENC[AES256_GCM,data:PytLIf5ceSyhxNs3p4N89GKxh7zTvTTbzKhw6SqEPrWSgRo+ntOZQgkUWBwFRGmWjFjMoMmkxaHkyrBLo/lYb6MAKuPNCb4Ss2ArSHk1qOl9u39lXYSs4NNaZYx6r5vs9IspYsIzfbkz2mad5ZaeEuDjiGCethaw9SthXNyjOOEIo/zYB/9Qju963kPXCpexu2/nbhwr/ilXzP8zzhzl712CMULV2GwISrKQcnJYyhqwzAuLmmsG50J3It3BZBUwTbyiIRK4ka0wrycqVmVDKyasUX71LYlq9MifttFCjQCN8xE7FmDl8nSBBaub9Vss5IAF+DcIRNRIQ7f6INuo,iv:CbvR5AEtENWTKP7UPqjYl7qNvyZvPZRFawrU8xoYdL4=,tag:9C5KmHeZkt62Ujkg2Wzt3A==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkNTh3RHN5bGVDZ29YS0pD\nbXpoL3E1emlJeEJMUWo3SzM2ODQ4c2FndWxNCnZUN3dIaTM3bXpOWDcxSzhROHlM\nQlJTTGl2WEs1NlczUlhhMEcvWWlXaGsKLS0tIENlY3dvNEF4UEllQnR2aDJFbSs2\nVE05RnRDSVphNHcrR3paQ3BFOU8vNkUKOtItYEU8P0Wu6TDzPylTTGhwlAiSgDEq\nJnRYAH6kE+qAnpK2xQyG4n0xbhNiASUVQgNJJyN+5BZi0dDf7k9CQA==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-11-18T06:49:09Z",
"mac": "ENC[AES256_GCM,data:g/ba90H1dGisB71/MWXkJDCQEXphWu0tOv04ScmEjKPm58TRM0W1oUVDPa7QWHrcdozz0LnQndhs4enW+SqRF39YBmL8OziddStVgTWC4chBazAPHBcGCgLApP9RAjNhiyosTIypLqppY08UIGU1Q1qEzcoHendu6hSMX09jG+A=,iv:6UPwNmUbjt+z7Vr7yuQ3fdsmTwBwE5AUQw3IzonqXZ4=,tag:nmloGiYkKXNGcbn8aBmNAQ==,type:str]",
"pgp": [
{
"created_at": "2024-11-18T06:49:09Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DQWNzDMjrP2ISAQdAtZwfBH7XpTMkoZMd7QojukRfwU1Z7O/ZHcBzW0rYiTgw\nuYKmkKxSPqY9E/zzNpO0C52NwyAUerM851DaOHkZvcNBkMGdFLKvLf53wgPZKlkc\n1GgBCQIQNLHtkosd/X7cb8VScXNk8CVsckRQJWiHFkPtbYcyz9O55hJOdg0TGmbQ\nf4v9yNrVG6OFQTfV8IXbIJ7fANPNDTu/gDE/XB4W8GzgmLReAsaUnxJWd7a2LSFn\nCkiJsF+JY3QsYg==\n=55xj\n-----END PGP MESSAGE-----",
"fp": "5EFFB75F7C9B74EAA5C4637547940175096C1330"
}
],
"unencrypted_suffix": "_unencrypted",
"version": "3.9.1"
}
}

26
systems/palatine-hill/docker/wg/se-mma-wg-002.conf
View File

@ -1,26 +0,0 @@
{
"data": "ENC[AES256_GCM,data:ULynEBONpLJNPcSGjnFTLkrc4PNDNVqvpQ7LWqsMC0mW6SaDFn1e8MJkK4SSLjx2UCajMOyuvzNYzLd5AxMKBgsH/P1KAAednunOEU0ADKIzsrmEqr/zrX709yXPQY2783Os29jFFpCeQra8z3YR2vfU/PcOtqzoOuipRo0p1yUtehBLN40ogP9aLc+zxkoQxts20sU2EOe7rivU9WsBGQ2m3/Eg8ucH0aNdiN1BF/pIwyXbwMxcXtUCs0jVINJqsgFx2Ntmuz24dgZnTr8Hibz0v3F1LXcFbIIiH8OaCb3S4X2Zd/nCJqxRFz+cmzvcMplQHyE1XOYqP0OTA6s=,iv:skT932uptVD/zmbm/nxtzciD9dlYbJU4HzgHZtuathY=,tag:a/x3/an0q8hhexm4dpsVYA==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4T0p1alJDd05KOTBjTVhL\nMVlPZno5YVlWRG0xUWZoUkJyVVZWRitLUTFZCmJmWXdzZHlGdG5GWWI2QWZXRUhY\nVVV1WUxaNWtVcmVtakI2dHpheS9HcTAKLS0tIDFsK0ZIR040dEdQQXV1NUpCQnVB\nOU9YU0NQSkwxMEtPdnRQeUYwc2hiczAKSynE6XsoUXyoLbUuuzqXbIbGoSeZR0S/\npMhZwI2fzh3vuLO0GpREkQRJ0azEvbbFPYdhJAFIBu/eRYd70IySlA==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-11-18T06:49:09Z",
"mac": "ENC[AES256_GCM,data:pk7jtod+BCMqF6Hwgkd2AReDqkLGZvnBsDBJIipi/PNQQnq04BgT3TKDL3aQD4sKREjc0dyubQtvq4pAE3Fs+fOLgfhW6uYgvkreSg7Q7aSx299l2OaIc+pI47Emt0s+QIjFz2hd3KHxBkKr9xg5m3aITVex+96VqPUO5DPusqs=,iv:nsv3uPIz8iwrXAlQ0sd7J7T7jg3Yif4DsJV9g9aAAXY=,tag:xAIvz4KPTlpIuDZZfv3qkw==,type:str]",
"pgp": [
{
"created_at": "2024-11-18T06:49:09Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DQWNzDMjrP2ISAQdAGNsLJiDmbwfugWEdArQwUDMm6yL6bHbRhQsniyz6RFYw\nbmOG9HElDZGrQor2N+OmjRJzBnmrC3H00PBuM1dx6L9pHZpf8/CT477ZE66IDxOw\n1GgBCQIQUtKFTM34FXDEV4sTfawGatyVDoqFq+gxtI6iJA+1YgrJkZzV/5yAlINb\nsiiO0h1dvUS7uMZT/EPEBDvprXwDXrk6GHTtxAQTP3XQzO3bz0x6RhMJOEj+7hEB\nrkne981/Q2FiDg==\n=kGYU\n-----END PGP MESSAGE-----",
"fp": "5EFFB75F7C9B74EAA5C4637547940175096C1330"
}
],
"unencrypted_suffix": "_unencrypted",
"version": "3.9.1"
}
}

26
systems/palatine-hill/docker/wg/se-mma-wg-003.conf
View File

@ -1,26 +0,0 @@
{
"data": "ENC[AES256_GCM,data:1pgCvsAcTSFMhb6OKujAtyEfR+Uu544RecoLxy6hhbj8PupUuosJ+lt5gOMqOzHvjUBMvKM/mqJ+JuahChclwXg+XCgB/7yh0tlwPyftPNoWltEwu/AsP7QUwXomfj/AbwzxfB8oTw4U2Ot4DfObDNvhfA88Sva2OE6mkapoRAAFND4CoglOoJ5F+vjLf0XsRCaHTVXCTwmd6BNb+ZHs+heztlaFRp5Mv8TINOlDl3yhW8V10r8ZhLoF421DVAtVLsuOQ6rbzGOZy9A+HfZJlaEZcgFHLKi40pBKQWw5xFrDp8gml/eMtkkKRZR88v+eXT+QCrg3biVYrdIhJlA=,iv:kIOTAido5Xm1fB5Xz7bsrwNM9dbjMIxvqIcNfXbUU6w=,tag:mrzFeyo4D3Y8lah9DU4kqg==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZbFdnRDlGNUxhTFd3NHhM\nanZmMksxV2xJdUVRL1NFQlJySjU2ZUJSQkg0CnIxb0FIeWMzMzdNalVNUmhQM1lX\nd0h6RWdPak5QeS9WYksrcHhERmd6Y2MKLS0tIDc5ZEFhK0dycFM2N29wN09BOVNK\nTWJjNThyTUxqNWxsTmw5WmlBV0xlK2sKE3L8/VvO8vmsqUV939JM2qdVUOsHAN3p\nwFfeldy2T6ojCVLWdl3CnZ7DmRumweEsSq1JP1mkZzfxotZloMUH5w==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-11-18T06:49:09Z",
"mac": "ENC[AES256_GCM,data:hmYfiTiGuO3oF/nGMP7vizC7nJtxYp1nFKoYsZR+GogpN3m3pqdKbLfqWLHXCI5o1l2nZjCo8VgUQYGrwePertOtlTF2rUz9fSxl3EsmoPbZOkt/NawjiIN3lARYTyoxwAq4Qtsna0OJTq9Yb+DlnMUTH+zk3/32K8dF2STRB84=,iv:8jYMtSSVOu5OIR4/TsM/upnZvvTh+ObkHcUiZtNLf+M=,tag:ANLwWSNxZxUM731LdQIO0A==,type:str]",
"pgp": [
{
"created_at": "2024-11-18T06:49:09Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DQWNzDMjrP2ISAQdADhzkz5iF5geZvou70PeWpN718CeGgvbs97VWhxL25gEw\nphKaEn/73p0Qjqnpu5xVQi0GwSOFVt2UFjLf55aEjdBPb/RwVp0kAeDzzaDSR6/m\n1GgBCQIQXglRmyXJWRT4RdsWOFM1SpuFV1F235UJIEn/O0yGiQvuBQF6OVuvqYgV\nYNi2KFUU+99WaQvxUYddGzCHMEC2AAuKSSNBvs2LSGu0Ic/KWjrcn6yeXEPuv8a/\nHsvjhXACkXWN/Q==\n=JWpI\n-----END PGP MESSAGE-----",
"fp": "5EFFB75F7C9B74EAA5C4637547940175096C1330"
}
],
"unencrypted_suffix": "_unencrypted",
"version": "3.9.1"
}
}

26
systems/palatine-hill/docker/wg/se-mma-wg-004.conf
View File

@ -1,26 +0,0 @@
{
"data": "ENC[AES256_GCM,data:s8ANdI9fL6hX9K3ypZcmxhQv3VWZ0BYCMmEWatNpQv+0t4kLMmDIbtvLVBTjLoFvWcfy31vAEhbhZPOE0iQXUohiwfVu67/nR3gzcVpeERvtYlqb4q4RwDIgFXKZUd7y55CIcJbpFRR6U5/NCG2+PEAD5J4OtNTkjnpleipNqcI7Ccg062jVqiavOeKw+eoLMomJsJYqdeTUb9nwYlYoe87aIhZFmAKe0Z1ps6ClzaHSWsr0RSbaDFgBJxUo1brEETsIkphNktIe2kVY72PaOqiNZavEhgPfIc42Ldr4zyaW9nrau8ZsiGM/1VxrHwEOlqW6QimZO9epv6jQgTm0,iv:lSZ5H1kkokiwr6o/X42ElkLvNnWOJZkuD4Tt+vkX8uc=,tag:G+bcX3QzEIcmkxjBsSGLNw==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5R0J6UmFPVWo5ME84Q3Rq\nN0J3MmowemJNa0pwNlVqQjdUR0NOWTh2MEU4CitGbkt4UDhuYlRFTlp3eHNGV1JG\nc0p6ZVlxUURhQ1NLbDhvc3VPazh5MmMKLS0tIERTcW54OTFhYjcxUVliRFFmOExk\nL1JMb0VyTDAzd1h3TXgwQ1V3VzZmdWcKZLwB3/3M5Ph9xvkBUrTZXvE13R83NCaT\nHYCKZoJx/CexdDXpij/H9fMI2BgRP1UBgxyWVg0pAAPrxhNhpiteVA==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-11-18T06:49:09Z",
"mac": "ENC[AES256_GCM,data:PC2Gk57K2IQbGsAjXvN7BDaYO09vg+MKZcrieA6kPFeWVK7Nbic9iQiRsqs8cMOgQ4ZWNFJqyCmSPNKhWAkhmcuc3TNXTCGUl9AsWUyVLU1KL0I48320U+72ce4RY0vtO8FjgPjeFRtuzrHO4eOQhULrX7FhtUYq3/meZjP3PmM=,iv:P3LfN/+LS8wbRFcTvJhCU1LEqayWCUwqtHAmPodUXZE=,tag:DMuEdIKy8hBo/jdvnv7yaQ==,type:str]",
"pgp": [
{
"created_at": "2024-11-18T06:49:09Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DQWNzDMjrP2ISAQdAAVsYsC/Di95MPmvkveVSZVZLPDuyWGdmgFFjGz1/l0Qw\nklzbhejv4x04f9j8zWG1Nsnvkkgv2wf++514BCGBN/DvlcFrv1xVPcA2RCqxr49t\n1GYBCQIQJvmrC8GUr9qp0yYEcUzXAaYh9hUA+fGPc1L45PmWVwjnY2wRtco4Y/uu\nLI09Esz6GH9vVesL3oO9A1uXArKw9dqph+Q6l3XAbtUp/y2vSU2xZlaQ83hAP3S1\nTryM3Ex9a80=\n=d/cZ\n-----END PGP MESSAGE-----",
"fp": "5EFFB75F7C9B74EAA5C4637547940175096C1330"
}
],
"unencrypted_suffix": "_unencrypted",
"version": "3.9.1"
}
}

26
systems/palatine-hill/docker/wg/se-mma-wg-005.conf
View File

@ -1,26 +0,0 @@
{
"data": "ENC[AES256_GCM,data:lre1gMfmXwB/FxXrF7VguPFmunswv7Y2+GhIOJYu5ijTpDV0O3mumM5Xmk8dZ//3xPQuqFJBJEpMI8nggAWG3pEd4x5otDimJR0OHb0zoHbDE2YyNWR6pwUk07QkhTYJ0UzLFtReRCSgkQmbR20nfew1Ta9HYEDeqBH9+nFBBqlhJkYXybmjC+sWpyEkhnAUk2cjz74WiE4cFemLj8M1+pZYany9uSeY8MI+zO3PU6XyMEdEx9+H2vmvUR+MMzR01cZlHBPghgVlPtDAerTOOFo7Med/HSKUsFLm84K+DerjZ7tIP34xEY7NjW3epxk53UmUdbY8DJ+pBPVcL8k=,iv:CIHbLf6ARlXs3QQKg6hfO47WfQXYMtzCt/2Qv9Vmmgo=,tag:/uR4nPjpqEJ8zv8/H54xxg==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByWkhMT1dHNklvK2VXNGtq\nUG9tUS8xM0VoVDZTSTNvZ21teGYrSHRMelJrClU2Q2ovR01OK2E4d2F1aXRmaXRK\nckZ2WFhDYVA4bEVLMUl6WU0xd1p2NlkKLS0tIHZJV3FUYk5oNi9CQXlzSFUxSlVV\nV3Y3Q3RrT3JMVUh0Tmg5V3dtaURpcVEKRZ3dja+pVm2sAdQexiSw/si+CM2esjQM\nq0/9AfMPrULAdHrkvxLfyJRFWQlr2/g02QbeCE8HHYbVWSGaN2pJng==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-11-18T06:49:09Z",
"mac": "ENC[AES256_GCM,data:lxWz7NnYyAUyY52ewC1Eh9k1xDdJr0I2rEhiGukdKxg0G1gVhrj0UjFEdnkrMALrYbPh3yE1vj/E+xcPJZtrkuCQNTJkxnLlLijhXM39Um3M1KpIMDx5qOHggaT4T+HhdgJBqvkMiBypyP1ph9MPEYvg+mL4au6jd8fRaw2TUII=,iv:IbqBUWb1MrEcVy9rONDYzbB454XVYRi4mdtWo15RZ28=,tag:Cefs9e7CBk2/QsPS1LD3+A==,type:str]",
"pgp": [
{
"created_at": "2024-11-18T06:49:09Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DQWNzDMjrP2ISAQdARE07oxCX7FzLNlR9Pjmc1hUVGGD2KJdkFlM0cZl9uUEw\n1zW5R66Wy37KlREIRWXz2lnmN2Txpou+fC8zkxPcYXu+s+nWjbJbCRcv233RspPi\n1GgBCQIQWfGy65DBWWjSp2Sr9Ny/Pxvhzy0IF58AW32gTsxYmoeT+9qVuFcne3ut\nOEPyRqyBtnY3BOefXtBWsVBdtasFajhpp7rC2bSmd4sxacBL7DIwSVnTKpGs8Bsh\n8eCj7MwO/uRDFA==\n=frH4\n-----END PGP MESSAGE-----",
"fp": "5EFFB75F7C9B74EAA5C4637547940175096C1330"
}
],
"unencrypted_suffix": "_unencrypted",
"version": "3.9.1"
}
}

26
systems/palatine-hill/docker/wg/se-mma-wg-101.conf
View File

@ -1,26 +0,0 @@
{
"data": "ENC[AES256_GCM,data:iqmUJoBrXT91fFKdujhbHaLHcQF6J7+zjgaVsOwRkSwnB1OF/2BAf3jwvXjZiAIf7ytdrGjDR8t+Ze1hrncwJ/CuJuWtciX0qN9pky8p3Gpd85c5yZ1kWkC/wfT9VJ70EOe6gHYVnEk8PYqWfb+HaYWolUm4dqnMQcyZ1dkGJAyedvmrZvU/EyWPwwR3bVmVkup5skjExEx0POQSTJjE36Kewm/K4AQ3yBcCmmj7ZgYWQotViYW0iIQt3ZH+oItro+SqWb8/EcNjqQbU/1CkVtFEtIgyOpy1tZ7HFhaQI6xha78KC5nPn+dgckw1rrqbH5tUMEs0GHuAhi3v,iv:83eA9Rioryf5nDtcmput665AAR622yhd1ccbIz2aYQ4=,tag:b+j9T/tuEWORm3G9dDbVuA==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0Tjl2S2tsVGZPS09HaDFO\neHZ2NlN5OUJuRmlZem1xeGtISVMrU2g3WmtZCndobDRnenlWSUl3L00yQUVJUnYx\nR2pxbGJuTkJqT1Nocm9jK1Yra3QzQ1EKLS0tIGE4SjZIMzN5WEl2dnFWZkIwc2ps\nVENuVUUvK1FsTmQ4UFdDQ2hnL0laRUUKYAvGtZrZ5iHls6kXlkXjRZKLB+VotxBI\nqjsPoW1o/2HJ0IQt1HByaxxw80FFcaY79FMVBkJcdQjYOEHFuQjw+Q==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-11-18T06:49:09Z",
"mac": "ENC[AES256_GCM,data:xo7PG3dqcfwMra7b4AKA7tjBmdwGq6hmQdGCiVT+dx5U8u60B7iIhZA1Nlkrwj1tCqUDpBjVp5iGReYJ+fckYriBBRURFtSaNjmrBSUiswaR2FqxGiNKzW83TdLEncTMXlNdTWKxhPy8uRh0Xso/ZFqAWgPd3fvfUAVXgGmnCuw=,iv:zi0v2nJPhVmPeE7pNY5KGhJimYMtWhmHzareuZ39YN8=,tag:/2NKODtUaXJhxkJLqjn6gw==,type:str]",
"pgp": [
{
"created_at": "2024-11-18T06:49:09Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DQWNzDMjrP2ISAQdAxkXTiqh3KhrshdFSX+QUvPyxL23iLm0y1nCsQGwCcBMw\nIg4RMlZVlbSUya2IPRc2J2gt7E0Fyp/oYw9Ytsa3u6cR5L41dRS4tZcpHkyJpU9h\n1GYBCQIQqCh2mj3ErvL1BYA+sgvIh8hbzmBH8uWWNpCHCP1StjtduMyLT6rBiWuv\nPvoCvz3WWXufEvn7DEutAs+T92oNMcEHcGWWbsn8U1dIXQ+7Cl2CWDNMlxIoKtVN\nuBcXPqKFZho=\n=M3My\n-----END PGP MESSAGE-----",
"fp": "5EFFB75F7C9B74EAA5C4637547940175096C1330"
}
],
"unencrypted_suffix": "_unencrypted",
"version": "3.9.1"
}
}

26
systems/palatine-hill/docker/wg/se-mma-wg-102.conf
View File

@ -1,26 +0,0 @@
{
"data": "ENC[AES256_GCM,data:MvHQjTIH2RUsf/Re8piWc+foojfH1GpkDdgTgN5uGkBd+hFABF58ATN02SyrSJilwZiUIcmmd9yei59JKNumhY6daIcVzwpipGp2E/5ziLE0LzJ2+9Ov084TEclMe5vbEnJqtiB3Vu0w/9wKzbiXGWi/doqpNV1YKgore90Z3Mol4bVC/4ZSmm/YvRNZg51HPHtX65uZKuER54KqqkZOj0zPB8YiJHDbvtdoX2u8gEAenOjboHkRXRU9jgjytoP2Pw8W1dikajTXvtcjTzJijHVXZb70b0Yr5QnLOZaT4ovZA2Y4lkllpmQ4m+up5V3AkIk8iSLlFHOSaYNY,iv:0JpG17m9kD7xJ5vEBibuKG+yLL+xiIHlldFQ9TuWZwU=,tag:mPI3NUTmCnAXhcZ1jyAgrg==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLWklBZUQ3MFo1bUZuY1dy\nVGdUK0FlM1dSNFBYOEhkZUFMd1g0b2ErZXd3Clk2TlQ4aEROUEJFbmpwYXRQK21t\nalJ4Z0k5dlVHQzJzdWNUMnYvTFMvWTQKLS0tIE04TzNIcVlzby9IM0FNMWlOd1Z3\ndTFwa1ZoYjdqUGhUTVVqcmxPVThMV0UKa07ux2wYZCn/9pgejH2o2wAknVLo2YV+\npb49PUwm1wvXaUVOrgGWAEGV1WBkH0FjSUKpTGLZ1V5MJ+wBk1fzRg==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-11-18T06:49:10Z",
"mac": "ENC[AES256_GCM,data:X6AY8uht59ISavkd199WKj+Tnvf6YRxLccRJe/TeEwYN6M9TDIkIDEJmiw25LuLWHq96k6kJ5LXg2XapvTddZs6XavANxVoafyB97JYcofsFgrt5ziVJQisLxxjwnOP7twUHtHN60TS+2Om4LKnx2qm4piMJpt1RTFQPquSrNGg=,iv:Zgl/L3ugPEyQTXnHqctDnRORC3fPTx/z/wAHFfo5ZS4=,tag:o3jdq1bHCzfavdNRwKk1Ww==,type:str]",
"pgp": [
{
"created_at": "2024-11-18T06:49:10Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DQWNzDMjrP2ISAQdAWiLRFVRksLnX7OthQw84hoyjSEnsQyekp7kF/dbFAW4w\n4byTxDKfHHmSUvf9G96wOH/mNWpdAJiWlOQ7tPstVwoeHVBHSgf2vgd8MRTmrRzo\n1GgBCQIQjpgEmL08FuHrEGvT/WUSAIBXKhN56fyHOgT62NzOthiIIp6qxq27UjlX\np+ZUIR/X7qeJSVHJUKssNRnTKm1bbmbK/9ydXZtk/xHdFAD5YLZaz26ZknhaR7J1\ncHEHK6TQRL54lA==\n=DD6O\n-----END PGP MESSAGE-----",
"fp": "5EFFB75F7C9B74EAA5C4637547940175096C1330"
}
],
"unencrypted_suffix": "_unencrypted",
"version": "3.9.1"
}
}

26
systems/palatine-hill/docker/wg/se-mma-wg-103.conf
View File

@ -1,26 +0,0 @@
{
"data": "ENC[AES256_GCM,data:K1RimM2itH8391EFz2SYMn+tDlTcf9bopuci3hkZPqi0Obr4M1pgQGEbs8xxcCYknE5HLGuW/zbMXL5UvFcGIVlvX0q/eZBerTuUz/VMbkzWiQ5Gqy9BpdXbb1i6vBDnNkDpfxrAu8vadUMifoUVTUconhoOzoR5byOMmUdx84z9W1S/9oztd9fRXhJIkoI23mxbaKr+zK7bX8CS73tVk8+oBFjeUPSt6+IwlmWx1iKVBs5tY/RPQ7kGTe3lIdbe2QIgPS/T7/W4xMoI+i9Z+SrW3eLOUyHNWQg/3gCPbOwvYt3xhj8RaScmW5L1a0SMPDQ/5CatOoiV/vrA,iv:NreCE5+5wyEKowJgtFXw7YPhbixpn+qCK403zzrkkjo=,tag:ptYXTDaKEs17fZichb+lbg==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4YlBUcWdWVGNwaUlqMjdt\nTWVqUW5LdVlZWC9Uem0zQXI0UldFMDYweDNBClVJSTJHL0c4anFnOSsvcmhBaldD\nSHNUem9aQk8rTTdLUFpML01uMFJjNkUKLS0tIGY4dXFUVm1mVThrWmFyS3BkTlhS\nblA1MmN1Q3MzRERlN3pLMTExSkx1RjAKonRli3BpI6iucyJAbWvERBPR0f6ewrIp\nBIQVkEBod/pdSiahMWfXjFVH0nmU9Ip2CwhZl1pGNOaHhnLtrUWmBg==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-11-18T06:49:10Z",
"mac": "ENC[AES256_GCM,data:kDO0Y1wIe/ZWTiXeuAQtCS+fn1gR6L514e8qs7mzt1B6/u5hChy2L3WRR0DQN9V0wjl2bp6muAdfTEDbO7PmAbSE8wKHjCy97tzDgVSrtodUvGZUbm62bA0cx1VzgcKrCYHglSDsxmnYc3atxKlM8uWJ9GM4F4O+wRj/AH1QLYM=,iv:DgTrwKlftGmyuRDbROApudP9xANL7aBTbGgYRYqN5ZA=,tag:ek8rci9l2iDrYxP3b2EBvA==,type:str]",
"pgp": [
{
"created_at": "2024-11-18T06:49:10Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DQWNzDMjrP2ISAQdA0ZIzTIWsWHwek/Z0bIQvfCa49t6aaM51M4HJFyCRpxQw\nJ7mW22C1kf35WAz5Hmm251B+UuW1wUITdavE3tYH9/yB1yQsTSgKd3Vze/r5Ebvu\n1GgBCQIQQJk9Blm+/vA3//hafY4tDtuCr7N+utLdDFK1lBy9+Qg8UtAiNP4fFffF\n8Eh0tx/Fg5n/2r4p9NGLFn/ZMMe9SnP19VsmGQQjA3RlK8jVmxvSCXLFzM85uZge\nYJDAMSU+8Q3qdg==\n=4Asa\n-----END PGP MESSAGE-----",
"fp": "5EFFB75F7C9B74EAA5C4637547940175096C1330"
}
],
"unencrypted_suffix": "_unencrypted",
"version": "3.9.1"
}
}

29
systems/palatine-hill/firewall.nix
View File

@ -1,29 +0,0 @@
{ ... }:
{
networking.firewall.allowedTCPPorts = [
# qbit
8081
8082
8443
# hydra
3000
# minio
8500
8501
# gitea
2222
2223
8088
# attic
8183
# collabora
9980
];
}

64
systems/palatine-hill/gitea.nix
View File

@ -1,64 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
base_path = "/ZFS/ZFS-primary/gitea";
in
{
services.gitea = {
enable = true;
appName = "The Hearth";
database = {
type = "postgres";
passwordFile = config.sops.secrets."gitea/dbpass".path;
createDatabase = false;
host = "127.0.0.1";
name = "giteadb";
port = 5433;
};
settings = {
server = {
DOMAIN = "nayeonie.com";
ROOT_URL = "https://nayeonie.com/";
HTTP_PORT = 6443;
SSH_PORT = 2222;
SSH_LISTEN_PORT = 2223;
START_SSH_SERVER = true;
};
service = {
DISABLE_REGISTRATION = true;
};
log = {
LEVEL = "Trace";
ENABLE_SSH_LOG = true;
};
"log.console-warn" = {
LEVEL = "Trace";
ENABLE_SSH_LOG = true;
};
cache = {
enabled = true;
dir = "";
host = "192.168.76.2";
port = "8088";
};
};
stateDir = base_path;
lfs.enable = true;
recommendedDefaults = true;
};
systemd.services.gitea = {
requires = [ "docker.service" ];
after = [ "docker.service" ];
};
networking.firewall.allowedTCPPorts = [ 6443 ];
sops.secrets = {
"gitea/dbpass".owner = "gitea";
};
}

4
systems/palatine-hill/hydra.nix
View File

@ -1,6 +1,7 @@
{
config,
inputs,
lib,
pkgs,
...
}:
let
@ -42,7 +43,6 @@ in
services = {
hydra = {
enable = true;
package = inputs.hydra.packages.x86_64-linux.hydra;
hydraURL = "https://hydra.alicehuston.xyz";
smtpHost = "alicehuston.xyz";
notificationSender = "hydra@alicehuston.xyz";

242
systems/palatine-hill/loki.nix
View File

@ -1,242 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
vars = import ./vars.nix;
loki_storage = vars.primary_loki;
in
{
# loki: port 3030 (8030)
#
services = {
loki = {
enable = true;
configuration = {
server.http_listen_port = 3030;
# auth_enabled = false;
ingester = {
lifecycler = {
address = "127.0.0.1";
ring = {
kvstore = {
store = "inmemory";
};
replication_factor = 1;
};
};
chunk_idle_period = "1h";
max_chunk_age = "1h";
chunk_target_size = 999999;
chunk_retain_period = "30s";
max_transfer_retries = 0;
};
schema_config = {
configs = [
{
from = "2023-07-01";
store = "tsdb";
object_store = "aws";
schema = "v13";
index = {
prefix = "index_";
period = "24h";
};
}
];
};
storage_config = {
tsdb_shipper = {
active_index_directory = "${loki_storage}/boltdb-shipper-active";
cache_location = "${loki_storage}/boltdb-shipper-cache";
cache_ttl = "24h";
shared_store = "filesystem";
};
aws = {
directory = "${loki_storage}/chunks";
s3 = "s3://access_key:\${LOKI_S3_KEY}@custom_endpoint/bucket_name";
};
};
limits_config = {
reject_old_samples = true;
reject_old_samples_max_age = "168h";
};
chunk_store_config = {
max_look_back_period = "0s";
};
table_manager = {
retention_deletes_enabled = false;
retention_period = "0s";
};
compactor = {
working_directory = loki_storage;
shared_store = "filesystem";
compactor_ring = {
kvstore = {
store = "inmemory";
};
};
};
};
# user, group, dataDir, extraFlags, (configFile)
};
# promtail: port 3031 (8031)
#
promtail = {
enable = true;
configuration = {
server = {
http_listen_port = 3031;
grpc_listen_port = 0;
};
positions = {
filename = "/tmp/positions.yaml";
};
clients = [
{
url = "http://127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}/loki/api/v1/push";
}
];
scrape_configs = [
{
job_name = "journal";
journal = {
max_age = "12h";
labels = {
job = "systemd-journal";
host = "pihole";
};
};
relabel_configs = [
{
source_labels = [ "__journal__systemd_unit" ];
target_label = "unit";
}
];
}
];
};
# extraFlags
};
# grafana: port 3010 (8010)
#
grafana = {
port = 3010;
# WARNING: this should match nginx setup!
# prevents "Request origin is not authorized"
rootUrl = "http://192.168.1.10:8010"; # helps with nginx / ws / live
protocol = "http";
addr = "127.0.0.1";
analytics.reporting.enable = false;
enable = true;
provision = {
enable = true;
datasources = [
{
name = "Prometheus";
type = "prometheus";
access = "proxy";
url = "http://127.0.0.1:${toString config.services.prometheus.port}";
}
{
name = "Loki";
type = "loki";
access = "proxy";
url = "http://127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}";
}
];
};
};
};
/*
# nginx reverse proxy
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
# recommendedTlsSettings = true;
upstreams = {
"grafana" = {
servers = {
"127.0.0.1:${toString config.services.grafana.port}" = {};
};
};
"prometheus" = {
servers = {
"127.0.0.1:${toString config.services.prometheus.port}" = {};
};
};
"loki" = {
servers = {
"127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}" = {};
};
};
"promtail" = {
servers = {
"127.0.0.1:${toString config.services.promtail.configuration.server.http_listen_port}" = {};
};
};
};
virtualHosts.grafana = {
locations."/" = {
proxyPass = "http://grafana";
proxyWebsockets = true;
};
listen = [{
addr = "192.168.1.10";
port = 8010;
}];
};
virtualHosts.prometheus = {
locations."/".proxyPass = "http://prometheus";
listen = [{
addr = "192.168.1.10";
port = 8020;
}];
};
# confirm with http://192.168.1.10:8030/loki/api/v1/status/buildinfo
# (or) /config /metrics /ready
virtualHosts.loki = {
locations."/".proxyPass = "http://loki";
listen = [{
addr = "192.168.1.10";
port = 8030;
}];
};
virtualHosts.promtail = {
locations."/".proxyPass = "http://promtail";
listen = [{
addr = "192.168.1.10";
port = 8031;
}];
};
};
*/
systemd.services.loki.serviceConfig.environmentFile = config.sops.secrets."minio/loki".path;
sops.secrets = {
"minio/loki".owner = "root";
};
}

10
systems/palatine-hill/nextcloud.nix
View File

@ -17,10 +17,12 @@
systemd.services."nextcloud-pre-generate" = {
requires = [
"docker-nextcloud.service"
"docker.service"
"multi-user.target"
];
after = [
"docker-nextcloud.service"
"docker.service"
"multi-user.target"
];
description = "incremental pre-generation of previews on nextcloud";
serviceConfig = {
@ -29,10 +31,10 @@
Group = "docker";
ExecStart = [
''
${pkgs.bash}/bin/bash -c '${pkgs.docker}/bin/docker ps --format "{{.Names}}" | ${pkgs.gnugrep}/bin/grep -q "^nextcloud$"'
${pkgs.bash}/bin/bash -c '${pkgs.docker}/bin/docker ps --format "{{.Names}}" | ${pkgs.gnugrep}/bin/grep -q "^nextcloud-nextcloud-1$"'
''
''
${pkgs.docker}/bin/docker exec --user www-data nextcloud php occ preview:pre-generate
${pkgs.docker}/bin/docker exec --user www-data nextcloud-nextcloud-1 php occ preview:pre-generate
''
];
};

77
systems/palatine-hill/postgresql.nix
View File

@ -1,77 +0,0 @@
{
config,
lib,
pkgs,
...
}:
# sudo -u postgres vacuumdb --all --analyze-in-stages
# /var/lib/postgresql/16/delete_old_cluster.sh
let
vars = import ./vars.nix;
dataDir = "${vars.primary_db}/postgresql/nix/${config.services.postgresql.package.psqlSchema}";
backupLocation = "${vars.primary_db}/postgresql/nix_backups";
in
{
services = {
postgresql = {
inherit dataDir;
enable = true;
enableJIT = true;
package = pkgs.postgresql_16;
identMap = ''
# ArbitraryMapName systemUser DBUser
superuser_map root postgres
superuser_map alice postgres
# Let other names login as themselves
superuser_map /^(.*)$ \1
'';
# initialScript = config.sops.secrets."postgres/init".path;
ensureDatabases = [
"atticd"
"alice"
];
ensureUsers = [
{
name = "atticd";
ensureDBOwnership = true;
}
{
name = "alice";
ensureDBOwnership = true;
ensureClauses = {
superuser = true;
login = true;
createrole = true;
createdb = true;
replication = true;
};
}
];
refreshCollation = true;
vacuumAnalyzeTimer.enable = true;
upgrade = {
enable = true;
stopServices = [
"hydra-evaluator"
"hydra-init"
"hydra-notify"
"hydra-queue-runner"
"hydra-send-stats"
"hydra-server"
"atticd"
"gitea"
];
};
};
postgresqlBackup = {
enable = true;
compression = "zstd";
compressionLevel = 19;
pgdumpOptions = "--create --clean";
location = backupLocation;
};
};
}

37
systems/palatine-hill/samba.nix
View File

@ -1,37 +0,0 @@
{ ... }:
{
services.samba = {
enable = true;
securityType = "user";
openFirewall = true;
settings = {
global = {
"workgroup" = "WORKGROUP";
"server string" = "palatine-hill";
"netbios name" = "palatine-hill";
"security" = "user";
#"use sendfile" = "yes";
#"max protocol" = "smb2";
# note: localhost is the ipv6 localhost ::1
"hosts allow" = "192.168.76. 127.0.0.1 localhost";
"hosts deny" = "0.0.0.0/0";
"guest account" = "nobody";
"map to guest" = "bad user";
};
zfs-primary-backups = {
path = "/ZFS/ZFS-primary/backups";
writeable = "yes";
browseable = "yes";
};
};
};
services.samba-wsdd = {
enable = true;
openFirewall = true;
};
networking.firewall.enable = true;
networking.firewall.allowPing = true;
}

63
systems/palatine-hill/secrets.yaml
View File

@ -1,34 +1,19 @@
hydra:
environment: ENC[AES256_GCM,data:G/6DOeRdjjp5PGpsHCHneW2X/OQzSH6gozKmgOlK6/bSdQltv4U00AYNOrUYYlH9Yab7JSYBfQinsqRKyDVEp7LLPdlxBaztJiSZGGAdio+JHWwR7UAhAEXSgOh4qFq0SjdZzQduEOdfSYfksut3dJiAvpj6oo6hxuo8mkW4+UacpBmvpnrzHjJHeYYbb3krIhKG6bBqHLT403rLf5oYjnY16XUuYO7deAH99JkfCJKlKnDf3GLfnX78XoXSdOMUyf57PPq5EKA8mFdtZsbAmis=,iv:s903rYHyocGtVJ594+HtCyULGtuom6aUVDcbXPbH93I=,tag:YFkFAIU7cNHSuYnN+lShgA==,type:str]
environment: ENC[AES256_GCM,data:XUS68hCXWGMCoxxfecspEpFF8sxVJJVAm74ZZJM5/TiMAyzG0VTw17XQOgv+pP5aYABnQ3Rt9KFaxacaljrjFJ44O8qdGCQOi+g5+EpztHAI+yyeWkEqcVrcDKeb0jM0qygBUtyez5aLJyFwT7znqfNi3CHMP+cJTNVUAQkfL3RrU/lNzAZpIJ5tVG5PzDqMLDWMQXiDRICNdp9fUXyGee64bQ1NxGJALmYS9o1YT75e0nCBsIBD50+ChQvOTUfTGfxpG5SbnDGmL0JIUGB3MqM=,iv:TRsVfNxLnMuq5Wvu0ZX4JVHoIXQaj3Li3KsBXmoFiK8=,tag:gGTQo66uzdUBqCuUYHSE4A==,type:str]
nix-serve:
secret-key: ENC[AES256_GCM,data:M8MJHHO8Hd/Gm6Nxy7/IPr0s6jHEDBB9LpZq8lIWQirvZPpgNrMrnP2xFJWEuJF/ND9hU09ZHA3efIBej2siRPOWSEu4gE65W/GMtpCcwEXF0hR/ISvBsH0fci/6KGbUCVg1x9AJpjJsqevPN7I=,iv:Weuziu2me+kdB9zk68nvLnyxv0ICwB1qA4z0Q39tT6k=,tag:nhcFfRQOxEandrf6CivahA==,type:str]
secret-key: ENC[AES256_GCM,data:dXpfTamvU17kkMwp0DZIktkh/iI96wgcQerEC9G0tdm7tL7NQSlS4giocf9uckXK1JNkK9q7urZznx82ZBV3kaZE8oZKgYtkR5xpHgGsbYgQbLx6gowKfBkPusikFl/BqUvUBLznYsYSkJddXJ4=,iv:yeHyAMY2NxQUyzirU9+ggF1O6kRsrM0lEJCY9U0qJN8=,tag:cSm1Obe6WnpHloF/JleVEA==,type:str]
attic:
secret-key: ENC[AES256_GCM,data:/wYnCD7qggeHdsNqkp1rZK839o/1olhJUlT1lrZpv1hTOZDduP2OGhz8kh2PrQR6Mq2Y/ALgHG3cFpJs7G64xDK0qRVGIDlC/9sTQIcF2JL49Free8vADe5ads64EN3vWgfmFoBMPmL0mc4qnDBGnBkDueFN5gy+1szK9tWK23tMl1wEWVsiqBwhuWqQBNRxeaHR2tQXI2Yg3fefq5+laOUjnSe1a8Kx4dJ7rXZuXe+H4uyU7roYFxlLpI8qZig0eUO9WUMX9WP0tKOr5OjsbJzBbdVlVT7lZ9ROYUceoxmcWecLlcyv3Q==,iv:DjH78Getnt3zzK9QLj+HS0cF1wtaBeadxSTrRb1uic0=,tag:KMPtWCq1KT1SSthh3fdsew==,type:str]
database-url: ENC[AES256_GCM,data:WHdAxNbkRxvNvfUWdPSbgeQXOS7f46OuDKTRuxf3cEyhbU5NAsGlCgfarUBXsHrCH79t7zDGlcRE,iv:trOxDY/ifsibKoX5YPOfKvX/q2ny6SgykiIBusgHxag=,tag:Cx9hhiJIhDLiojJmDdSDtg==,type:str]
adm: ENC[AES256_GCM,data:mP4xFGK3+YwyiUMwFaG6tY3tWLGY2YTGa4DRuHzW5Za3McmwEFUzlQQ4hGS2bPKOKwM2Pe5HYBwJnFkd6KRwx5civqsBMwFt4dfZ31xDEi9RxpEm9jCnCcvB1CY8cxNARIhceC12X/ZR8ianUpoINYSjOj4BRy4TEEigi5+V4DkAXeG8+x8SWjj/mRMQMcZud4i69Ul7tpzbjUHm0s/Aasvmib13u4ZbGX/AyoOX8pQwkRHoyfMK2OvRbaeQf9fPcQxOSBALYOIXk9mEGxN1FTFHrTvrY5s0w+hC1mAjX4qm4ZM77RneAI0fJaq1hHSZETIpJOCiQfR3bLuyzWKVestOE29V8Pwq,iv:bjK1QkWUc2vs+oUoC5Z0AKR1/tmrhSLvP8BP8gzghOg=,tag:dmSDM+gbsJMDkqgIPWBfGQ==,type:str]
secret-key: ENC[AES256_GCM,data:0pVok0M5Ob08BdFBV57Ijr4MW6msdGuvgq7v5lunJocv/sM0u0Cy7ye67+me21YBy4xGqidAfQo0j4OQkn71Z7ouKJGQ6izqOuTvRerBLmY/V3GMnSrBgtb+gjKhwswf/T/WV/I2lc0GTrdiJi6JJC0VL14kJYWRQIdcadeGEoF+cZyzyHWV32TxyJrNlDGFu1aFhjKiHP50aDFxibIPwz1h9+lN6jEGEwsOa29K3gnL9zOmzaoS/F4wXEZlCXNETj6lvCd6Ywt3erkGmCvA4FTzfs/CdW/QcS2GneGUzoCy4NRcxx9dKQ==,iv:4QiN6tupBkIZbVkKt7MyLMiy5z/y0ExAT9xWVBL+pko=,tag:CT4F8y/rObKlIMCwtJk7AA==,type:str]
database-url: ENC[AES256_GCM,data:CrtsSB9KaA+KT9F34eM+z5trjb72wRKKy2LKOWDxBgvVtrNy5jj9c9KPnPCRWue1eABC1FdThKH1,iv:n3n16Qs/s77CxDNHws4lLTJaXx++DpqUrrVDp+Rpj2E=,tag:gkQhzX4gHPRmAQjZKBZF4Q==,type:str]
adm: ENC[AES256_GCM,data:fTXg7sVtyjzm2zPLBSYX0wsAjhPZz/fwOWjk6bYEFNDAz9Esw2VFqG84E53cSj62KxClx8jlakA6RyXH5betcrxoRybrEuvdej76TS4kAP3cgK1OUEbcw0gWsgJPleH2BVAn6/5AhtISmglx0RykyKDtjBoxO1ewwwKesd5brIBD2DhLyaYJLFB42to1HmLe7FgYDaR2Q/W5B6W7RMueFwjA4/Y2ELoFQpwqF2HvcyFO58x8BFhIla6T+MB5l5I2qoYNlN5AayUur5xlALRUGH2PCJEiTrt8hXhYPkSlkiiwORBwwK7w89kO+tsHoDW8u3F/aKBbBnikIkaXnSa694mg0twmTOYL,iv:OBk9nrRA2t/9DvEI/OJTwp8nX4iP+foohueZON9Tlgs=,tag:Y1hVX2wva9QridJ5els9Fg==,type:str]
postgres:
init: ENC[AES256_GCM,data:trwA30EswHEPa6V2GuHsGgU4NK/j/UQveldwHng0Ilwyqh9aZCgF3axP48MmcciBssux8DZ4O5U=,iv:VC+tpG5yuiBE7pjZ85lYCwHG/bTePxeXQDz2zyLyLYA=,tag:5+jwWTv5T5YWwQpR58QfOA==,type:str]
gitea:
dbpass: ENC[AES256_GCM,data:8jECcEJ8JnK7fztTckzLrQ==,iv:yQMp5VrierOKXwiop0NUA7Qbn2eH5iUCVlKppZwKLIQ=,tag:rI9WT7zLIaFxVcTu3ufW4g==,type:str]
init: ENC[AES256_GCM,data:Pq24kdMXLAbePqIHPiJx3xXYEm2UbY598iNDf+z2k1HDhStHAd10CCyJYEgppCw2lkDNY54A3PQ=,iv:RE9DQ9Xw4tDFBD67dk3ggyqYqoGVhZf5kO53WoF3fJ4=,tag:dZwZfgI2H9JTClkyUI1MqQ==,type:str]
upsmon:
password: ENC[AES256_GCM,data:52Rxsh7KUq+aYjQORBC+Yq5B,iv:F05g/a5bv7DQ+eLlMqsNeRHLxzl7AyXU1zAlmFevQ6o=,tag:xkGDD3hDF+u5fUbP33OrlA==,type:str]
password: ENC[AES256_GCM,data:0tZKzQOYaij9jdnDTv61ma8i,iv:GEqlCOOUHTjUzfz+X5lCnqcX9SjAG6bVc8Luv97wnSg=,tag:XLvsucW6sIMHKG2AHmxZEw==,type:str]
minio:
credentials: ENC[AES256_GCM,data:5Z/cTmxSuMq8BfRgYLGZZJ7o6AtmrQM3yNjR17YHr29S7ZWvGsjfM7DsLKectem01nvv3HoT4uyWSdhkOmZahzDb5OF1NEgjJhLqkKlCETMu0mmpwe1cx6iOd7kjB3E6Az/MWpXqZ/TrryL9FrQD2nnx9bHyWWIHRQv8,iv:jiYZXfU+OssC0rh/3yFZLEzD1+5mVDDl6gQ3oyk76E4=,tag:bevDszFv1zSa+/2qQIgC0w==,type:str]
loki: ENC[AES256_GCM,data:ShC6hfsKifVaxLWRo1fqaOpsrYh4+w==,iv:KVSlPd0mBvPZikg/Agnl6q0UhxTmsNOeYdercYOhqMg=,tag:cj6ex9m7vDjInTJDGUlqFQ==,type:str]
docker:
minecraft: ENC[AES256_GCM,data:2k/m0ksnE92fACxQuBlOO72b19T7Nbnr58ezRddmKUVvePEgrdSnIsR3sh7PnmzwmG/ez0WTD+NKbtkQmRMDQ25vruA8gCf8Ig==,iv:X2SUidKTNAPZfbyiXFKprUbAhBxJcbF5bz+YTy4nuEA=,tag:AAvLXO888r9XvtnNfQgCpA==,type:str]
foundry: ENC[AES256_GCM,data:5Z0FvVhJBzTwDPRN6c//caZokiTnkdqiLGFFuyen+tYsdjbQ3AXH5y7HfxKbxsJvU5uShOuIg0jVMvow2NYmzyYDDKBKPOz0bgXOmFq06wzCJubjyZmR/mDcWBBDzAFzaazpyW8=,iv:6wLS00zhX0tjJUe5uADAjzEshJP8QOkF2i4Aw+Y9RSk=,tag:sNr/exY1u3evYGcImyCUlA==,type:str]
nextcloud: ENC[AES256_GCM,data:dm2Cha+CvFORgdcBvJAzzdOGcJ95vLJYTZcUJnjNp6HOQIIoJrDone1NOAYJh9rdWG/17/ntOmd+TysAj4AsD0dw/PatZmy3I+dcVghkt2XNTc7jD64QjctIHzR+om1joAbKemG1R3St7qDU68TWYxoxIfYZcJvg3ds/lJcYgFRh079UZ/IRlGVR6sWPEXyY+UUrwtk0Fr+y8UtwwWZiLp0akUbIV06huRGiAp/PeWETuPPuacl2++ayIgJFZkJjUl/a52RI1Q0nLG5iyK6QYpY1JSRJTOkiQQ4PB5GRdLCdoM5/ZXTQ6gGcoM5jXFllsTn+yRicNRucuBp7Z2achbk6eITCdjjdXVI7zM4YXpzVLu5fJckLAu07aEIGYCBT7ZXd7TRgfB68POwtwaJGBozg+nuhq8xEH04yi8jFODH6aFplIgJ+bbaP72zw+92lzZa33FEtOwKdtx+YUv0eLLDJs+8Z6Sn6RyN8prwIz1/9LuIMx39g4R7id9W2bV2MXqTU4nN8f0TXWqe+hnb5pDLBaZOBMkwbRka6Vptsi4dbL5Lnexa2DoIHZ2unyxZ+4SkRt9LH39j8fXf2w5JPFCSLstf7+Zu7xzRS0TTCug7k,iv:oOWcFdQJb/+KZKJmQChhJ5jOCcM3o+ojZSMyiRnO9n8=,tag:PWGQkwPe0juLgAdlKiWKpg==,type:str]
redis: ENC[AES256_GCM,data:c+55cN6IpUNeKd+wC2zv3eunYjBsmZtXTczokqaxB2Q=,iv:M3pwNUlT9kUMv4JDE6bp/gub9CdBGxdApIvpOt3JpgE=,tag:3rPlV3U0AP9zAeF7xDouKw==,type:str]
act-runner: ENC[AES256_GCM,data:gdrqXBBzdMW26MgNfP6P1c/m7pLANCXjcZLvVsxlWcgpAZd8IaO2FUqomL3xFI3UDPveQh0UvC3044ueoWhYJOq7ZmKJGvdf0ZrpP1MkXZKvjFjbTsuf/6/SYKhPqnP28HqznUWIVJYcRmP+A2oVeJY=,iv:/yOqJYDpxbqCm1whqcypp7Ba1Xlaebrv+h6lHr57Qa8=,tag:PzVqxP+QwQq69jqhmagj3w==,type:str]
collabora: ENC[AES256_GCM,data:LPRkzPEv5qfzeWSDbf+L+0asfmiK5Mhj8jCdfVyvVQAaD75Cbo4qLD0Nc80z,iv:/l2vAyYYJChhv6T+JkHT4I74ZpdhvbVqxlDWIM4Y4bw=,tag:/+uzn1vtd1RnO9/lGiQAKA==,type:str]
acme:
bunny: ENC[AES256_GCM,data:P2yROVUga9mORcq8VR/l0i4/2Vod1zvlYq+ZJLLNKow0SpblkwQX/i1ucQYAOkTTRddN+3C+t0zj1rMWkdLoaLjEUJJi3VsSxi+chV2FFiVKFQGEcg24,iv:aQvGgGLsgRGoEmwTgZHR8Jm/MYxmGtVTT/fZKaTLeMs=,tag:m3ssF4O8qs4yxvMu6yUcjw==,type:str]
dnsimple: ENC[AES256_GCM,data:37FKyBibFtXZgI4EduJQ0z8F+shBc5Q6YlLa3YkVPh9XuJVS20eybi75bfJxiozcZ9d+YRaqcbkBQCSdFOCotDU=,iv:oq3JjqbfAm2C4jcL1lvUb2EOmnwlR07vPoO8H0BmydQ=,tag:E3NO/jMElL6Q817666gIyg==,type:str]
credentials: ENC[AES256_GCM,data:78ANAQ2756IISlkUFPxy9lQYRml8C9PvkkiXME4nMjtWwPgybvSM2nrO3yVhTgyOyUZjYYWzJlpwstfIAbuWEgGFhbMixSSNSgsWozojm0hWfPBWZ5x4iX++0ARFdfxIAjiGlM/HGa0YO/2tSA6oW6FqM4RbC1vPnqJc,iv:8Y+SilqKsUH/J6M+l4Wpm2J3nPXeoUhA1+GvhzlqMHE=,tag:5dYBlYPIUjd+U+r/dqJWIA==,type:str]
server-validation:
webhook: ENC[AES256_GCM,data:Lwqy4UhyFutpXjai7EJPKp8MDlI+ayDna4T8jluvC6qkeJ7o1UaaDCOsgLy4Fw7LC77tXhJtkcmep9w37JaiHp2CoDOfy2iAaq8o9CCSi/a0zqMJx+HdZYZNemvmpc6E/be0K+JDrFZLbjr3unSpCidQ3whccC6XyY013R12swN3bFZIu1gtzXCgUZ4U,iv:pVbrRwH3ziu4+R5BfimPV7N71QmyerJEc9M5K4eofOc=,tag:zNrCXrIioQWPEPVz/wMDpQ==,type:str]
typhon:
hashedPassword: ENC[AES256_GCM,data:gMyY8gxUn3HzycQRu2cminqRFWghqWcjzZzTxAQZ5PJqn604iSwDiVdr7icHB7drJfCAfsE7L4oKRJgxaIAE32043oOkb2T7DDH8y2jxMzqmZCfbvrfMI4wdfRTHGqzxb6X/aZ5ai2rr1Q==,iv:4EsTo/lQld0o9iktDX9gobMlPUCitx1i9wn8EL16sIs=,tag:FgVDRHk2glDwpC/mprrPqQ==,type:str]
webhook: ENC[AES256_GCM,data:d8drMmXcbWCGwOanYr6jUCz5+d1bgTrPKMl4yxFi49oapqFUFSQo2pA3bP9DA2n0b63ZJp1IDyJGBRGjFUsSC8EkKQsYMIm962o++D4h7/l9GZU2TBcn5VgvSldETgwloMg92i3zEApNCeZTtwFwJuJTwmUsZmg528Kj7SBcDw4H18dW8MMfgzBTkZUh,iv:F/UtYjWNoG1la1xaNevRXP/4lNT2TgYfmukbncHILDA=,tag:fJpdG5di6j8Wm54KLHZEsg==,type:str]
sops:
kms: []
gcp_kms: []
@ -38,26 +23,26 @@ sops:
- recipient: age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFcWo4V1QyZS9HbHNwT3Jl
ZktNR2gwZ3BiWnYwZHpLUzR2YTlmN0ZUeEhnCkF6ekdkN0U2VGM1RFVhdTM0RW5u
bWdreGZrU0JwNDY1TnR2S1M3OTdKaWcKLS0tIEVBekE2eU8rcEhpVkhhWmxPc3JN
cXNZWmZqd0R0SmhINExscHBKWmxvblUKEFEQvt/zQFARba4S8vHz/1SoKdKg69At
LZ58XQGOmlGbBhPr7EzYQ2XSY4flWbnnD174cmCR8DNFm15DsNA5fw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzcTQ4SVM3dVN4UWZCSXBs
dFo1S0ZyOEM3c3ZtYTcvZlVNYStDdXd0NjB3CjY0NWc4UkVGUk1ZdTBBLyt2L0lX
M0lRbXFwRzFWSTNndC92SU5kSkowb28KLS0tIFhjMnJzZHRoTmJONDk1RjVsRVZq
d241ZnZ2MWg3YVNBbkh2S0NqeE5PdFEKWqnQH4kZszkKZTSgur0c5hGMoMx9zBdz
tSvUbe2+WKX7q6y7XqsD1KjFI+POVDF+YN7H9ja96+JqvKRteXNhCg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-26T05:47:58Z"
mac: ENC[AES256_GCM,data:ZP9HglMmn9FDv6/vtQAxz/qP76QniPqM6bzMQVvVU/OhDmjuneGKZY7d1Es7LC9o5qmJ+T3Dh3/bkmuRdgdnd2TO6iuvM++DEPxwnoHis+0lbMxv5a6ibzvoXXm2CrL4HPETqLKbLahGJRmDNgnkCEWxAs16zrqe5kgDpD53R5c=,iv:DcCXNGyb41ToV9uSnrnrl0dWiw2pvykM8z86Yk814P4=,tag:T9PFl48qABwBSy7vIhSmLA==,type:str]
lastmodified: "2024-07-07T23:09:33Z"
mac: ENC[AES256_GCM,data:nr1JAEr2FGrYtiUhrQFsBPbiR+toxzYRZVPqq7zYBMeNy70a5jMgw6qm37M8Hmt7omO/KePE+Ol27FI9Aqn8OP3CQZoSWZbul+TTItV5UWC84G3MebaesnIiFQwbpM9hz08VoQ1zxUiUFnUY4bBr6okNSyJeqq/QmkkyqhK4Wlo=,iv:0MR7AiQEX2Cl7FUtRlxaY+R2oqSbanIhwaXAN/UnHH0=,tag:RpQCtsuelu3VQVB9HzJE+g==,type:str]
pgp:
- created_at: "2024-11-28T18:56:39Z"
- created_at: "2024-09-05T06:10:49Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DQWNzDMjrP2ISAQdAPOYlp/3ZJrcXZbu5+XI+BHNzMbzw7+YhTYOfNgujU1gw
QfJDWAhiMd8cZF5PpX+RdN+Zrk5CCMgZH4hotv9gjf1oxitWuF2hv14k/RlAx8kr
1GgBCQIQB+LOoKIo7AHeucdV9NsM6H4Akv+Bzy8boarA4BGcyvgRWhS2u8zOQJc5
RKfRonTO51yjlKm0MEspvwrClO+aIuBaNNemuHdk4yhDUnNKVBFyLLOuqXbsFd+G
aSTmqvI3a/T5Cw==
=ph+p
hF4DQWNzDMjrP2ISAQdAA1DGmMjNYHKHtel++ftsHqmQGqrjfL4VJTe62bEMfXcw
EQmF0itX7ns+GogeYeYaqxa0qraWzzGwsEDJOp+VJMmLPtw5999kdO1PikgyGkcV
1GgBCQIQd5DwJiXbQ7bFPYPGg8xxEBeDsHYtKo0tv9uQi9Is0nYYHbI8+TuFUv2o
Av5c+/hAX/1D4F8JDTnz7WbEO3X2H7VXNMQKQkYR1Ndds6ueyx1V4kFqQTD5qLG/
BpnwAmW4i9XVMg==
=2NK4
-----END PGP MESSAGE-----
fp: 5EFFB75F7C9B74EAA5C4637547940175096C1330
unencrypted_suffix: _unencrypted
version: 3.9.4
version: 3.8.1

17
systems/palatine-hill/typhon.nix
View File

@ -1,17 +0,0 @@
{ config, ... }:
let
vars = import ./vars.nix;
typhon_path = vars.primary_typhon;
in
{
services.typhon = {
enable = true;
hashedPasswordFile = config.sops.secrets."typhon/hashedPassword".path;
home = typhon_path;
};
sops.secrets = {
"typhon/hashedPassword".owner = "root";
};
}

20
systems/palatine-hill/vars.nix
View File

@ -1,20 +0,0 @@
rec {
zfs_primary = "/ZFS/ZFS-primary";
# primary
primary_act = "${zfs_primary}/act-runner";
primary_archiveteam = "${zfs_primary}/archiveteam";
primary_attic = "${zfs_primary}/attic";
primary_backups = "${zfs_primary}/backups";
primary_calibre = "${zfs_primary}/calibre";
primary_db = "${zfs_primary}/db";
primary_docker = "${zfs_primary}/docker";
primary_games = "${zfs_primary}/games";
primary_hydra = "${zfs_primary}/hydra";
primary_libvirt = "${zfs_primary}/libvirt";
primary_loki = "${zfs_primary}/loki";
primary_minio = "${zfs_primary}/minio";
primary_nextcloud = "${zfs_primary}/nextcloud";
primary_redis = "${zfs_primary}/redis";
primary_torr = "${zfs_primary}/torr";
}

18
treefmt.toml
View File

@ -12,21 +12,3 @@ command = "nixfmt"
#options = []
# Glob pattern of files to include
includes = [ "*.nix" ]
[formatter.jsonfmt]
command = "jsonfmt"
excludes = []
includes = ["*.json"]
options = ["-w"]
[formatter.shfmt]
command = "shfmt"
excludes = []
includes = ["*.sh", "*.bash", "*.envrc", "*.envrc.*"]
options = ["-i", "2", "-s", "-w"]
[formatter.yamlfmt]
command = "yamlfmt"
excludes = []
includes = ["*.yaml", "*.yml"]
options = ["-formatter","indent=4"]

21
users/alice/home.nix
View File

@ -16,7 +16,6 @@
./home/gammastep.nix
./home/doom
./home/hypr
./home/waybar.nix
./non-server.nix
];
@ -52,15 +51,12 @@
nil
# useful tools
file
sqlite
ncdu
neofetch
onefetch
hyfetch
smartmontools
wget
glances
obsidian
onefetch
# Rust packages
@ -69,7 +65,6 @@
diesel-cli
tealdeer
helix
ripunzip
# nix specific packages
nix-output-monitor
@ -90,9 +85,6 @@
nodejs_20
nodePackages.prettier
treefmt
gocryptfs
awscli2
];
};
@ -113,7 +105,7 @@
eza = {
enable = true;
icons = "auto";
icons = true;
git = true;
};
@ -144,7 +136,6 @@
"system"
"nix"
"shell"
"poetry"
];
};
};
@ -169,17 +160,11 @@
};
};
sops = lib.mkIf (!machineConfig.server) {
sops = {
age.sshKeyPaths = [ "/home/alice/.ssh/id_ed25519_sops" ];
defaultSopsFile = ./secrets.yaml;
secrets."alice/wakatime-api-key".path = "/home/alice/.config/doom/wakatime";
};
nix.gc = {
automatic = true;
frequency = "weekly";
options = "--delete-older-than 30d";
};
home.stateVersion = "23.11";
}

6
users/alice/home/doom/custom.el
View File

@ -19,9 +19,3 @@
(setq! lsp-enable-suggest-server-download nil)
;; (keychain-refresh-environment)
(setq! lsp-nix-nil-max-mem 20000)
(setq! lsp-nix-nil-formatter ["nixfmt"])
;; (add-hook 'python-mode-hook (lambda ()
;; (require 'sphinx-doc)
;; (sphinx-doc-mode t)))

2
users/alice/home/doom/init.el
View File

@ -133,7 +133,7 @@
;;fsharp ; ML stands for Microsoft's Language
;;fstar ; (dependent) types and (monadic) effects and Z3
;;gdscript ; the language you waited for
(go +lsp +tree-sitter) ; the hipster dialect
;;(go +lsp +tree-sitter) ; the hipster dialect
;;(graphql +lsp) ; Give queries a REST
;;(haskell +lsp) ; a language that's lazier than I am
;;hy ; readability of scheme w/ speed of python

7
users/alice/home/doom/packages.el
View File

@ -80,10 +80,3 @@
(package! pacdiff.el
:recipe (:host github :repo "fbrosda/pacdiff.el" :files ("pacdiff.el" "README.org" "LICENSE")))
;;(package! python-docstring-mode
;; :recipe (:host github :repo "glyph/python-docstring-mode" :files ("python-docstring.el" "docstring_wrap.py")))
;;(package! sphinx-doc)
;; https://github.com/glyph/python-docstring-mode.git

15
users/alice/home/git.nix
View File

@ -11,15 +11,15 @@
userName = "ahuston-0";
aliases = {
gone = ''
!git for-each-ref --format '%(refname:short) %(upstream)' | # dump all older branches
awk 'NF < 2 {print $1}' | # get nuked branches
grep -Pv "(^origin/|^origin$|stash)" | # filter out remotes & stash
!git fetch -p && git for-each-ref --format '%(refname:short) %(upstream:track)' | # dump all branches
awk '$2 == "[gone]" {print $1}' | # get nuked branches
sed 's/\\x27/\\x5C\\x27/' | # remove single quotes, for xargs reasons
xargs -r git branch -D # nuke the branches
# !git fetch -p && git for-each-ref --format '%(refname:short) %(upstream:track)' | # dump all branches
# awk '$2 == "[gone]" {print $1}' | # get nuked branches
xargs -r git branch -D; # nuke the branches
# git for-each-ref --format '%(refname:short) %(upstream)' | # dump all older branches
# awk 'NF < 2 {print $1}' | # get nuked branches
# grep -Pv "(^origin/|^origin$|stash)" | # filter out remotes & stash
# sed 's/\\x27/\\x5C\\x27/' | # remove single quotes, for xargs reasons
# xargs -r git branch -D; # nuke the branches #
# xargs -r git branch -D # nuke the branches
'';
};
extraConfig = {
@ -27,7 +27,6 @@
pull.rebase = true;
color.ui = true;
init.defaultBranch = "main";
format.signoff = true;
};
};
}

6
users/alice/home/hypr/default.nix
View File

@ -8,11 +8,5 @@
{
xdg.configFile = {
"hypr/hyprland.conf".source = ./hyprland.conf;
"hypr/show-hide.sh".source = ./show-hide.sh;
};
imports = [
./hyprlock.nix
./hypridle.nix
];
}

47
users/alice/home/hypr/hypridle.nix
View File

@ -1,47 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
services.hypridle = {
enable = true;
settings = {
general = {
lock_cmd = "pidof hyprlock || hyprlock --immediate --immediate-render"; # avoid starting multiple hyprlock instances.
before_sleep_cmd = "loginctl lock-session"; # lock before suspend.
after_sleep_cmd = "hyprctl dispatch dpms on"; # to avoid having to press a key twice to turn on the display.
};
listener = [
{
timeout = 150; # 2.5min.
on-timeout = "${pkgs.brightnessctl}/bin/brightnessctl -s set 1"; # set monitor backlight to minimum, avoid 0 on OLED monitor.
on-resume = "${pkgs.brightnessctl}/bin/brightnessctl -r"; # monitor backlight restore.
}
# turn off keyboard backlight, comment out this section if you dont have a keyboard backlight.
{
timeout = 150; # 2.5min.
on-timeout = "${pkgs.brightnessctl}/bin/brightnessctl -sd rgb:kbd_backlight set 0"; # turn off keyboard backlight.
on-resume = "${pkgs.brightnessctl}/bin/brightnessctl -rd rgb:kbd_backlight"; # turn on keyboard backlight.
}
{
timeout = 300; # 5min
on-timeout = "loginctl lock-session"; # lock screen when timeout has passed
}
{
timeout = 330; # 5.5min
on-timeout = "hyprctl dispatch dpms off"; # screen off when timeout has passed
on-resume = "hyprctl dispatch dpms on"; # screen on when activity is detected after timeout has fired.
}
{
timeout = 1800; # 30min
on-timeout = "systemctl suspend"; # suspend pc
}
];
};
};
}

23
users/alice/home/hypr/hyprland.conf
View File

@ -20,10 +20,6 @@ monitor=,preferred,auto,auto
# Execute your favorite apps at launch
# exec-once = waybar & hyprpaper & firefox
exec-once = wired &
exec-once = wired
exec-once = systemctl --user start polkit-gnome-authentication-agent-1.service
# Source a file (multi-file configs)
# source = ~/.config/hypr/myColors.conf
@ -81,12 +77,10 @@ decoration {
passes = 1
}
shadow {
enabled = yes
range = 4
render_power = 3
color = rgba(1a1a1aee)
}
drop_shadow = yes
shadow_range = 4
shadow_render_power = 3
col.shadow = rgba(1a1a1aee)
}
animations {
@ -197,7 +191,7 @@ bindm = $mainMod, mouse:273, resizewindow
# screenshots
bind = $mainMod, A, exec, grimblast copy area
bind = $mainMod SHIFT, A, exec, grimblast save area "/home/alice/Pictures/Screenshots/screenshot_$(date +%Y-%m-%d-%H%M ).png"
bind = $mainMod SHIFT, A, exec, grimblast save area "~/Pictures/Screenshots/screenshot_$(date +%Y-%m-%d-%H%M ).png"
# zoom issue
bind = $mainMod, K, exec, pkill zoom; zoom
@ -207,10 +201,3 @@ bind = $mainMod, escape, exec, hyprctl reload
# open bwm
bind = $mainMod, P, exec, bwm
# lock screen
bind = $mainMod, L, exec, loginctl lock-session
# hide active window
bind = $mainMod,H,exec,/home/alice/config/hypr/hide_unhide_window.sh h
# show hide window
bind = $mainMod,I,exec,/home/alice/config/hypr/hide_unhide_window.sh s

89
users/alice/home/hypr/hyprlock.nix
View File

@ -1,89 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
programs.hyprlock = {
enable = true;
settings = {
general = {
immediate_render = true;
# disabling as config doesn't exist
#no_fade_in = true;
};
background = {
monitor = "";
# path = /home/me/someImage.png # supports png, jpg, webp (no animations, though)
path = lib.mkForce "screenshot";
# disabling due to stylix
# color = "rgba(25, 20, 20, 1.0)";
# all these options are taken from hyprland, see https://wiki.hyprland.org/Configuring/Variables/#blur for explanations
blur_passes = 3; # 0 disables blurring
blur_size = 7;
noise = 1.17e-2;
contrast = 0.8916;
brightness = 0.8172;
vibrancy = 0.1696;
vibrancy_darkness = 0.0;
};
image = {
monitor = "";
path = "/home/alice/Pictures/PXL_20240408_192537608-EDIT.jpg";
size = 350; # lesser side if not 1:1 ratio
rounding = -1; # negative values mean circle
border_size = 4;
border_color = "rgb(221, 221, 221)";
rotate = 0; # degrees, counter-clockwise
reload_time = -1; # seconds between reloading, 0 to reload with SIGUSR2
reload_cmd = ""; # command to get new path. if empty, old path will be used. don't run "follow" commands like tail -F
position = "0, 100";
halign = "center";
valign = "center";
};
input-field = {
monitor = "";
size = "400, 50";
outline_thickness = 3;
dots_size = 0.33; # Scale of input-field height, 0.2 - 0.8
dots_spacing = 0.15; # Scale of dots' absolute size, -1.0 - 1.0
dots_center = false;
dots_rounding = -1; # -1 default circle, -2 follow input-field rounding
# disabling as config doesn't exist
# dots_fade_time = 200; # Milliseconds until a dot fully fades in
dots_text_format = ""; # Text character used for the input indicator. Leave empty for a rectangle that will be rounded via dots_rounding (default).
# disabling due to stylix
# outer_color = "rgb(151515)";
# inner_color = "rgb(200, 200, 200)";
# font_color = "rgb(10, 10, 10)";
font_family = "Noto Sans"; # Font used for placeholder_text, fail_text and dots_text_format.
fade_on_empty = false;
fade_timeout = 1000; # Milliseconds before fade_on_empty is triggered.
placeholder_text = "<i>Input Password...</i>"; # Text rendered in the input box when it's empty.
hide_input = false;
rounding = -1; # -1 means complete rounding (circle/oval)
#check_color = "rgb(204, 136, 34)";
#fail_color = "rgb(204, 34, 34)"; # if authentication failed, changes outer_color and fail message color
fail_text = "<i>$FAIL <b>($ATTEMPTS)</b></i>"; # can be set to empty
fail_timeout = 2000; # milliseconds before fail_text and fail_color disappears
# disabling as config doesn't exist
#fail_transition = 300; # transition time in ms between normal outer_color and fail_color
capslock_color = -1;
numlock_color = -1;
bothlock_color = -1; # when both locks are active. -1 means don't change outer color (same for above)
invert_numlock = false; # change color if numlock is off
swap_font_color = false; # see below
position = "0, -200";
halign = "center";
valign = "center";
};
};
};
}

25
users/alice/home/hypr/show-hide.sh
View File

@ -1,25 +0,0 @@
#!/usr/bin/env bash
stack_file="/tmp/hide_window_pid_stack.txt"
function hide_window() {
pid=$(hyprctl activewindow -j | jq '.pid')
hyprctl dispatch movetoworkspacesilent "88,pid:$pid"
echo "$pid" >>$stack_file
}
function show_window() {
pid=$(tail -1 $stack_file && sed -i '$d' $stack_file)
[ -z "$pid" ] && exit
current_workspace=$(hyprctl activeworkspace -j | jq '.id')
hyprctl dispatch movetoworkspacesilent "$current_workspace,pid:$pid"
}
if [ -n "$1" ]; then
if [ "$1" == "h" ]; then
hide_window >>/dev/null
else
show_window >>/dev/null
fi
fi

40
users/alice/home/waybar.json
View File

@ -1,40 +0,0 @@
[
{
"height": 20,
"layer": "top",
"position": "top",
"output": [
"eDP-2",
"eDP-1",
"HDMI-0",
"DP-0"
],
"hyprland/workspaces": {
"active-only": true,
"all-outputs": false,
"show-special": true,
"move-to-monitor": true,
"format": "{icon} {windows}",
"format-window-separator": " ",
"format-icons": {
"1": "󰎤",
"2": "󰎧",
"3": "󰎪",
"default": "",
"empty": "󱓼",
"urgent": "󱨇"
},
"persistent-workspaces": {
"1": "HDMI-0"
},
"on-scroll-down": "hyprctl dispatch workspace e-1",
"on-scroll-up": "hyprctl dispatch workspace e+1",
"window-rewrite": {
"title<Steam>": ""
},
"window-rewrite-default": "",
"window-rewrite-separator": " ",
"sort-by": "number"
}
}
]

2
users/alice/home/waybar.nix
View File

@ -2,6 +2,6 @@
lib.mkIf (!machineConfig.server) {
programs.waybar = {
enable = true;
settings = builtins.fromJSON (builtins.readFile ./waybar.json);
#settings = builtins.fromJSON (import ./waybar.json);
};
}

16
users/alice/home/zsh.nix
View File

@ -4,6 +4,7 @@
programs.zsh = {
enable = true;
# autosuggestion.enable = true;
oh-my-zsh = {
enable = true;
plugins = [
@ -51,16 +52,12 @@
shellAliases = {
"sgc" = "sudo git -C /root/dotfiles";
## SSH
"ssh-init" =
"ssh-add -t 2h ~/.ssh/id_rsa_tails ~/.ssh/id_ed25519_tails ~/.ssh/id_rsa_palatine ~/.ssh/id_ed25519_palatine ~/.ssh/id_ed25519_rota ~/.ssh/id_ed25519_gh";
"ssh-init" = "ssh-add -t 2h ~/.ssh/id_rsa_tails ~/.ssh/id_ed25519_tails ~/.ssh/id_rsa_palatine ~/.ssh/id_ed25519_palatine ~/.ssh/id_ed25519_rota ~/.ssh/id_ed25519_gh";
## Backups
"borgmatic-backup-quick" =
"sudo borgmatic --log-file-verbosity 2 -v1 --progress --log-file=/var/log/borgmatic.log -c /etc/borgmatic/config_checkless.yaml";
"borgmatic-backup-full" =
"sudo borgmatic --log-file-verbosity 2 -v1 --log-file=/var/log/borgmatic.log -c /etc/borgmatic/config_full_arch.yaml";
"umount-backup" =
"sudo borgmatic umount --mount-point /home/alice/backup -c /etc/borgmatic/config_checkless.yaml";
"borgmatic-backup-quick" = "sudo borgmatic --log-file-verbosity 2 -v1 --progress --log-file=/var/log/borgmatic.log -c /etc/borgmatic/config_checkless.yaml";
"borgmatic-backup-full" = "sudo borgmatic --log-file-verbosity 2 -v1 --log-file=/var/log/borgmatic.log -c /etc/borgmatic/config_full_arch.yaml";
"umount-backup" = "sudo borgmatic umount --mount-point /home/alice/backup -c /etc/borgmatic/config_checkless.yaml";
"restic-backup" = "/home/alice/Scripts/restic/backup.sh";
## VPN
@ -92,8 +89,7 @@
# applications (rofi entries)
"ARMEclipse" = "nohup /opt/DS-5_CE/bin/eclipse &";
"Wizard101-old" = "prime-run playonlinux --run Wizard\\ 101";
"Wizard101" =
"prime-run ~/.wine/drive_c/ProgramData/KingsIsle Entertainment/Wizard101/Wizard101.exe";
"Wizard101" = "prime-run ~/.wine/drive_c/ProgramData/KingsIsle Entertainment/Wizard101/Wizard101.exe";
"Pirate101" = "prime-run playonlinux --run Pirate\\ 101";
"octave" = "prime-run octave --gui";
"pc-firefox" = "proxychains firefox -P qbit -no-remote -P 127.0.0.1:9050";

9
users/alice/non-server.nix
View File

@ -3,7 +3,7 @@
{
programs.emacs = {
enable = true;
package = pkgs.emacs30-pgtk;
package = pkgs.emacs29-pgtk;
};
home.packages = with pkgs; [
cmake
@ -49,9 +49,6 @@
hunspellDicts.en-us
languagetool
# latex
texlive.combined.scheme-medium
# dependencies for nix-dotfiles/hydra-check-action
nodejs_20
nodePackages.prettier
@ -62,8 +59,6 @@
bitwarden-menu
wtype
zathura
obsidian
libreoffice-qt-fresh
wlr-randr
];
}

18
users/alice/secrets.yaml
View File

@ -2,15 +2,13 @@ alice:
user-password: ENC[AES256_GCM,data:+cM85X1vapqfQdJ+Dv6YvT5qHlvsmaXPRbvKRHtCkPT3wdw4f7tLHLFmvWnak7CRezI00PxVEtCZL5mqLyN2HaU4OqIk/9fgqczIzemwBlMGJt+ndwG4oqBqE0ymtzmy8MA59wonRqoxzYKQfAGQsprdCIovrg==,iv:BtSDBgvQeZdTY1KUClnt9V8qHcS/gouaaQw342tk4Sg=,tag:T7tzyKuCo83s78ca7f4KDQ==,type:str]
#ENC[AES256_GCM,data:6+dLs8opC27IrHJCPfL2c7KiLbaQTqI6oRKpIZLR4+P9gTupziAhCm/G7RY01gVPSgxdBpJ6L4xVbcMEg9hDKBMI4naF9arNrFsV6WXNc+LA5BYyT9L9G1nDea8fPFYDSF2537eLgLqWNE1WSsUOrz/WOxbE6g==,iv:AxsdKmGz6qEYlWY08q/2hqsm0EXaqodwD/7OJg4FAIY=,tag:EgfL3I1VBXtFgIdTOW5eBA==,type:comment]
#ENC[AES256_GCM,data:vUMcowHjlQA0RWflfaQhZKkalO39epYi6N9PPW8=,iv:6DFqHlQR+mi+ZkfMUhlhwvpMwnxXNfQV6+sYgPzSj4I=,tag:Pz1zJayscGckPO8Q2ZVb4g==,type:comment]
gha-hydra-token: ENC[AES256_GCM,data:CXdOiW9oYaVj4oqfiXSz9O9xIsB5ZyUac2WFSFD1ankZpnmQpv9TwolJxb6h8r+UM7Q9QzCCWk7KHe80lolZhpHa79bpcj+wt9v51ydj0Zy+3sufHS+JnGwmqBbw6dVqJ2uBr4nW2NADzHEbG8N367uKYEq2vazB4y02JiopXL8DHsYcx+Z4u7GJC/gYbpm9vnt8OVdYmfYRQ9BGSiaJOghDzpmCisEZdLpCLXM3cULn8yVUXIFWx8yF/6JrWN+myeoZiUFCL2sZmeSIswFg9kwBKXIsjBrz+EDXZzDCEr88UrEJ0j2+egsrG9BNlstVwC8oscYdbXWmYUdsCBNVxK3xjJYm9gDdSyo0DfSvTzK1t+/s9L1zC8uqj2TXYdVd6QyH2TRXxiPeNLYClRHT2UljymSpIVXOn/Okuo7dte+ZZqZVndT1lwK//2y8V3Hng+5wixfFFsQAd5oJzfraRSnM+RLZtjI3TMoyc5no3pVwV6zsCqRd2nvr7gieXUMWtSLb6YrM6tvhRpeiieYUqQ8NwHV0Avqco0I838o5yywVGSnUflGxnwYoGQIX70qoTcxNPGuiiiqSynh64e3nrlC9xN6EWuFpUNVfkBibZNRi+EyDAhK7LKwiPbL2z919N54vyzzoWA1KUFqxow+JsX+Q8rpnfJtag44F5qFt3/Be5PIMYVU7acXTiVJvM3cKPMQIBPXpQFX5OshwGhttGFuB53aWPHCzlhT4NDQbcZ/rLQ3bcytVpnH55WWze0Oe0zUZYGFc/rV9Fc4QjhR7/8pAi9kGUlKy2MYBamjmnCWlOnHPIQQLpPs/oiW+,iv:KL2P3O8Fnbn56hLX8PWIrigoPTBfIvMUpizKy3C3RIA=,tag:G0M/9iT9IWUSJ5ktUc/g5A==,type:str]
gha-hydra-token: ENC[AES256_GCM,data:rYDYIn7MAF4pSZQj+Nln2z9J+AxvuSzumthL86njpKETutArrw+9iX2hHJt5t513NHH03tMtZOFqM60/pzWg4YXVQOSpQmq8QOelD7qCdfCr4Z2QSeOHqXqwKy21iWtoVbxOXWunVxLzkWMJrpHkpVsiBA75Nv66ftKEjN80QNGik6xQE1iPsCB2JHeqYNIr8gtPkCr7H5Pt4yBBO/1rsyONrbNlwmzVX78eqXxmc43XOiNVjEsk8ekJxJ9mn5S6JcPNehBcnZA0kWAIxvtDIPYKnz4YBIXoilBbjgytXL8nw3PkEX27x5yeg9KfxPxO/4CGoi5wfKsYuEynBdWbHtj6a3H0AvA9KIZzktTRNJFU3ZW8UveSCXY4YHl0NREJ8kbIUgkkE7PWeyzGenGFTPMahTA0rKSa+tWPQ1c00lvo9VS3/7pfeJfZEKS7R2xBaEDZrfffHyB5PLTQOGpWl5y40wTn4HdBlyQwoREvobOaKVZEyWtVvJcUeHDPepgEHGVDzwyTelX8Btb6ZNA0Fur8xvpkLZcLmMhbvCdkjq84ztJ36nQQ5JZthecyqcZTWPyfWtPeoUPVIaxn31oLjwsriDwdQmID6twTjC9PT8nBZD/u0JebOCdeYf8fm9q49SaN2w/ZMdSRWucHUsRXeN9O149vYoOqR28H+8v/tYJdqofJpHKrIBs=,iv:GcEV6f4rqkrpCafeaLNMqqU/vBNE0xHbqokL2gMXHYw=,tag:sCHvUgq1w8npedjIAninrA==,type:str]
wakatime-api-key: ENC[AES256_GCM,data:ITu5pRySYGCJ6q9IQ35NfpGX2FyIJRYHGDeBiq0btzIrqitxcFox1Vc=,iv:HsXpyFHV7dG5qORk26BtD+kFo4Jdq2c4fozMpoqyDfU=,tag:uaQoXvvYqNfmRXVDVH8AoQ==,type:str]
attic-nix-cache-creator: ENC[AES256_GCM,data:ygWuPJfFZQVHtJ83DfB7VB84PNF0knLkOwD4A67NMNp8pU9pA9lI56RSyKDkFd+qYRBSeEXSepbSOA+BhvQaCZiVEiao3LBlh7/6Sp5ni+Rdt3hGKcd+JRQyedEmTkg9h8NbtR6LvI90EiMhyVg6WLCzlGAtFFBcSvIqssrC/KDHCjd4uMzXeW23wUB40dU1PpwkLPtcNVvIzgxqYRsRPFOXZxGxQYGpBWtzDveqgmeLwavhU481wHfCwqpyXJZflbR+UzWdr+zbmSFdJadlLdHeooNGvRC+av0MK4YMCCgu1Em34IeawpiesFhhj/IVGa2xQWjXE0MF3SDLvlh5yMqNPodTZ7FAEZgD7rTYIbaH8JHiYbgI6v7/ANPcFqw2eKT7wVP8cTL1yPedcZcU,iv:J7JYA98NHxM0tExfUdjkir6/+tkOkPLMBNdjXBP9fbA=,tag:WaCWmrzLgr9lDUL+jxeMNA==,type:str]
attic-nix-cache-reader: ENC[AES256_GCM,data:78jJJh332XvFx29HxNW7CULMNMsQ2xMTCIIk5oX5AimBoFXXVH7z9EGFbDimwfaYlsPK6xuU+9mnCnhCjCoGFRX9GQbW+Z2D9TGMsBfe3eztbWlcJ++EkWSCbHKEIGKTF13aRGrKRIOjIy9Gl3qZt4BnZtQPFMOzQO8u80M116u3w4ttqz9rzaIrXWB6GIMI5lWF5rQe5ML1vDgvL2KNMNkPAAm5O1Fv887woVcqxbPhiNhJGXBSiPZpe3PG8wP6z0GTe/GhMTPCOlVJIdsxKnEaRaTSAtVazFos5zSMvLYYrbj6ISoS9tEQ6bFMy6xl,iv:dGDSTtsQlwElerRXpT97uapzOh766bysZTQMjUEEJnM=,tag:OQOYmQqKywdSjUUXnELdpQ==,type:str]
attic-nix-cache-writer: ENC[AES256_GCM,data:IIrGw+MtZEZqJdNGPryN5xKg7UOP+0kjzpthhyRdQz0P3yS/vThSaV+VuduQq5WgnaNjXLA6LBU+cufmVmvrkeTkZ281976sLTbYzrPCW/hCy1+w7qdv6vauaFsLqtnmWlHNwCIkXbUvQWq56WvP6m1PuYaUIFYn3SUprQ1du+X0buK1FUOhSH4HXfiqpNJOomLhok9M0Tyzn8yK5Fn1dzmJ8tsgBczzhWeZzsj4TuksFLV2r6NXzeQp2jWQkxv39Eg6Lf+0eaHxWQFR4s2uKYzwdsDOnpSmUgXFTzVB6RGAEpasKkVZ2NfG4GeUKBFPDVJoR6ilLZA=,iv:e58OGCbgLIIzKfBALtrsYmWg9Gp0nySNYsJ3X5IWp4I=,tag:bnwBipVK3BSOizg8twQ4lQ==,type:str]
attic-nix-cache-admin: ENC[AES256_GCM,data:xHJGeU4EUn1HRy2nIValiJ6iLZnYmmT6Njv/cGMh15Q0hJXKNBSsi8f0mAfLI7EX+GaC299VKh2uTlU25jptrAvogLxNJIc+LZBLsSkyGE/ojqqevHMKmZ/6eciLZRQL5ey9TM3V9HHyDOhGaFgdfawtwg/vyvbV13lZBKpqneAX9T3gPRuKRjV4/Uc/5cUckiOF8bQ50xVFN8Cql9HgGDJEGWgg4XUTPu5eYspof2EN63pYvU7wg6HD2begeLDvqc2/i2DIcsc0wqc5DgkY/dH2YtcssBtU8AR9vKpl+HmH/wvt6dfaEyZ7hF7ITGwWnOO6H2ko3SjYRfHkFK3XDmm1YRRjfkptnw==,iv:BdVgNyZ1azl5tKfH+RTeXuNV/rYY6hPvrareKlIXSeQ=,tag:/ar87eAjMod4TmQXoerNBQ==,type:str]
gitea-actions-token: ENC[AES256_GCM,data:QTEPMAh1RWWJ/O3yhkQkEBTdVL8XhIRGCDbiM0lLjfILKF4SpSJ2sA==,iv:mBaaB1JHb2KVc9n2pdeX4pSMvb7q5z3joMT7rR5Whgs=,tag:ef+58SI4AUeqUsk3RVDsRQ==,type:str]
gitea-pr-token: ENC[AES256_GCM,data:ybTya4X2wd65pNFSGbQkg73lu66GNtSba4yf8J6tT8XkuOtfvtBS4g==,iv:39mJiAlw4kud4l06jOpxOCRumChE/5q8IBNsPHG1rMc=,tag:MEvHD2b9E3fVHLlz7haNyw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh
enc: |
@ -39,8 +37,8 @@ sops:
ZERFTlFyNjhOb3VCaW43ZXFHT1Vxc0UK7YV+BU7dCEOZxpqkQA394eDsnthvorj6
7bqrCdeU+6DU7DmFs6++BrNO2tx8vvOa1im+ZGrM/gZAJdv/7R2d6Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-04-07T23:43:57Z"
mac: ENC[AES256_GCM,data:ygQzxSpGJqXwkOq7jGDeflA2FTSSxnre/PXm0LxmxzQQW5s7LeIVSI75fMqWir0WU3Pi/xroYGEWjpCG6JvxV5RiJycTONk8VE7c3jtw3AbrHSS0b1K5tJ+Sf+q3rHJFWWk/COrPk8IsRFNb+taqH4jnaH3AAVNo5u0C1CHKMes=,iv:FO2GVDXE8SjjA81/9cDwc+dX8kJ2oHt5kqkhNBuMb54=,tag:hgzRAmsh32SCvJEvKyV+vg==,type:str]
lastmodified: "2024-08-20T23:15:03Z"
mac: ENC[AES256_GCM,data:VnLd4N2l7JTKA7f4eh9EKilW2f8mmEmLc06WbHASOn6N+MIGPHwyLjLbPVECuXiVl95cs0+uWsFOPEbLiS6XTB/gZE1OZMYqk0x7FVkQNxMdWwcVAQnncC6i/cdBTAx+GW1iF6Cf2eLY1wNNiASk/Bz8u3r4UJ4QFXuMovPsfxw=,iv:Cr1bAYrwlK+ClRFDsiUdEIqXDU7onubthDEQDlTM3S4=,tag:EyfcNB0xKrFRjbp517akpg==,type:str]
pgp:
- created_at: "2024-09-05T06:10:22Z"
enc: |-
@ -55,4 +53,4 @@ sops:
-----END PGP MESSAGE-----
fp: 5EFFB75F7C9B74EAA5C4637547940175096C1330
unencrypted_suffix: _unencrypted
version: 3.10.1
version: 3.9.0

26
utils/attic-push.bash
View File

@ -1,26 +0,0 @@
#!/usr/bin/env nix
#! nix shell nixpkgs#bash nixpkgs#jq nixpkgs#gnused nixpkgs#nixVersions.latest nixpkgs#attic-client --command bash
#set -x
#set -v
set -e
# retrieve all paths under 2G
# nix_paths=$(nix path-info --json --all --closure-size \
# | jq 'map_values(.closureSize | select(. < 2e9)) | to_entries | sort_by(.value)' \
# | jq 'map(.key) | join("\n")' | sed -E -e 's/\\n/\n/g;s/^"//g;s/"$//g')
# retrieve all paths
nix_paths=$(nix path-info --json --all --closure-size |
jq 'map_values(.closureSize | select(true)) | to_entries | sort_by(.value)' |
jq 'map(.key) | join("\n")' | sed -E -e 's/\\n/\n/g;s/^"//g;s/"$//g')
readarray -t nix_path_array < <(echo "$nix_paths")
batchsize=1000
for ((i = 0; i < ${#nix_path_array[@]}; i += batchsize)); do
part=("${nix_path_array[@]:i:batchsize}")
attic push nix-cache "${part[@]}"
done

Some files were not shown because too many files have changed in this diff Show More