dev/nixfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Compare commits

base: dev:92d506299252e91dd30a4fe58d4754bad1c326f5
Branches Tags
dev:master dev:fastback-ssh
dev:installer
...
compare: dev:installer
Branches Tags
dev:master dev:fastback-ssh
dev:installer

51 Commits
92d5062992 ... installer

Author SHA1 Message Date
Jack O'Sullivan
820bb2de5b lib: River IP update
All checks were successful
CI / Check, build and cache nixfiles (push) Successful in 1h4m34s
Details
Installer / Build installer (push) Successful in 5m54s
Details
2025-01-01 19:14:04 +00:00
Jack O'Sullivan
7d3ad52a44 devshell: Add git config safe.directory for build-n-switch
All checks were successful
CI / Check, build and cache nixfiles (push) Successful in 1h2m7s
Details
2024-12-23 10:32:13 +00:00
Jack O'Sullivan
2cdb98e898 nixos/common: Disable channels
All checks were successful
CI / Check, build and cache nixfiles (push) Successful in 53m0s
Details
2024-12-12 12:38:01 +00:00
Jack O'Sullivan
b717b1ceb4 nixos/gui: Add /dev/player0 VID
All checks were successful
CI / Check, build and cache nixfiles (push) Successful in 1h1m16s
Details
2024-12-11 17:17:33 +00:00
Jack O'Sullivan
f31ce61c2b Update borgthin
All checks were successful
CI / Check, build and cache nixfiles (push) Successful in 2h31m34s
Details
2024-11-30 19:31:58 +00:00
Jack O'Sullivan
aec22942f7 Update latest Linux kernel to 6.12 2024-11-30 19:31:43 +00:00
Jack O'Sullivan
fc8676c3bb devshell: Remove deprecated Nix command stuff 2024-11-30 19:19:23 +00:00
Jack O'Sullivan
2915e42a1d ci: Group CI jobs
Some checks failed
CI / Check, build and cache nixfiles (push) Failing after 33m39s
Details
2024-11-30 18:05:22 +00:00
Jack O'Sullivan
5783d3a51e Update nixpkgs-stable to 24.11 2024-11-30 17:45:59 +00:00
Jack O'Sullivan
2fe94bba23 nixos/git: Add longer timeout for Gitea actions runner
All checks were successful
CI / Check, build and cache Nix flake (push) Successful in 2h29m25s
Details
2024-11-27 12:29:04 +00:00
Jack O'Sullivan
4b42960d26 home-manager/gui: Update alacritty import setting to new section
Some checks failed
CI / Check, build and cache Nix flake (push) Failing after 3h1m26s
Details
2024-11-26 23:19:58 +00:00
Jack O'Sullivan
56e9abf945 ci: Build and grab path for jobs in separate calls
Some checks failed
CI / Check, build and cache Nix flake (push) Has been cancelled
Details 
The old build-n-parse seemed to output null sometimes.....
 2024-11-26 22:45:19 +00:00
Jack O'Sullivan
4e2c2f92f0 nixos/middleman: Remove config for Matrix sliding sync proxy
Some checks failed
CI / Check, build and cache Nix flake (push) Failing after 6m29s
Details
2024-11-26 22:15:53 +00:00
Jack O'Sullivan
caa208b288 nixos/netboot: Use older version of iPXE for now
Some checks failed
CI / Check, build and cache Nix flake (push) Failing after 6m33s
Details
2024-11-26 22:01:42 +00:00
Jack O'Sullivan
9e6f885c17 ci: Tweak log messages 2024-11-26 22:00:17 +00:00
Jack O'Sullivan
d8ca87bfd8 pkgs: Remove glfw-wayland-minecraft
Some checks failed
CI / Check, build and cache Nix flake (push) Failing after 6m15s
Details
2024-11-26 21:23:50 +00:00
Jack O'Sullivan
e9467e0cc7 ci: Build and cache CI jobs individually
Some checks failed
CI / Check, build and cache Nix flake (push) Failing after 6m27s
Details
2024-11-26 12:37:47 +00:00
Jack O'Sullivan
6c98ef8944 Revert "nixos/home/routing-common: Move Tailscale to home routers"
Some checks failed
CI / Check, build and cache Nix flake (push) Failing after 1h15m14s
Details 
This reverts commit 7c05b6158f.
 2024-11-26 00:04:43 +00:00
Jack O'Sullivan
18981e240b nixos/nvme: Update to libnvme v1.11.1 to fix LTS kernels 2024-11-25 23:58:15 +00:00
Jack O'Sullivan
df7e5953eb Update nixpkgs-unstable (and other inputs)
Some checks failed
CI / Check, build and cache Nix flake (push) Has been cancelled
Details
2024-11-25 23:10:24 +00:00
Jack O'Sullivan
71d1c3f9c2 Ensure borgbackup cache / config is persisted
All checks were successful
CI / Check, build and cache Nix flake (push) Successful in 32m28s
Details
2024-11-16 18:46:09 +00:00
Jack O'Sullivan
1453a755c3 Add (now unused) Enshrouded server 2024-11-16 18:08:10 +00:00
Jack O'Sullivan
970af805e9 home-manager/gui: Swap swaysome container binds
All checks were successful
CI / Check, build and cache Nix flake (push) Successful in 23m18s
Details
2024-11-08 11:47:35 +00:00
Jack O'Sullivan
383e9a9b1e home-manager/gui: Add swaysome
All checks were successful
CI / Check, build and cache Nix flake (push) Successful in 23m43s
Details
2024-11-07 18:21:09 +00:00
Jack O'Sullivan
26a16d0629 home-manager/gui: Disable ligatures in kitty
All checks were successful
CI / Check, build and cache Nix flake (push) Successful in 29m30s
Details
2024-11-06 13:16:56 +00:00
Jack O'Sullivan
208de7654e home-manager/gui: Use rofi-wayland 2024-11-06 13:16:51 +00:00
Jack O'Sullivan
f577e7d58a nixos/routing-common: Increase bandwidth for CAKE
All checks were successful
CI / Check, build and cache Nix flake (push) Successful in 28m44s
Details
2024-10-31 22:27:55 +00:00
Jack O'Sullivan
6130ee73be nixos/tower: Add brightness keybinds
All checks were successful
CI / Check, build and cache Nix flake (push) Successful in 29m59s
Details
2024-10-26 20:24:27 +01:00
Jack O'Sullivan
5d827aa00c home-manager/gui: Add xdg-utils to home.packages 2024-10-26 18:32:24 +01:00
Jack O'Sullivan
173ffc0044 home-manager/gui: Add "Activate Linux" watermark
All checks were successful
CI / Check, build and cache Nix flake (push) Successful in 30m5s
Details
2024-10-16 11:32:14 +01:00
Jack O'Sullivan
b113f2f48d home-manager/gui: Add Git LFS
All checks were successful
CI / Check, build and cache Nix flake (push) Successful in 28m47s
Details
2024-09-04 21:53:26 +01:00
Jack O'Sullivan
7c67eaff21 nixos/colony: Add qclk management container
All checks were successful
CI / Check, build and cache Nix flake (push) Successful in 34m42s
Details
2024-09-01 19:22:03 +01:00
Jack O'Sullivan
d1f1b84e82 Use fork of ragenix 2024-09-01 14:03:27 +01:00
Jack O'Sullivan
e3cb2adbb6 nixos/castle: Add recursive-nix feature 2024-09-01 14:03:05 +01:00
Jack O'Sullivan
736c406eb5 Update nixpkgs-mine for mautrix-whatsapp 0.10.9
All checks were successful
CI / Check, build and cache Nix flake (push) Successful in 27m54s
Details
2024-08-26 11:59:28 +01:00
Jack O'Sullivan
8e9b750ac8 nixos: Set up remote printing
All checks were successful
CI / Check, build and cache Nix flake (push) Successful in 27m42s
Details
2024-08-20 10:36:21 +01:00
Jack O'Sullivan
51c5578840 nixos/stream: Add OctoPrint
Some checks failed
CI / Check, build and cache Nix flake (push) Failing after 2m16s
Details
2024-08-20 01:03:49 +01:00
Jack O'Sullivan
e174af45f6 nixos/castle: Emulate ARM 2024-08-17 12:39:36 +01:00
Jack O'Sullivan
198e7188bd home-manager/gui: Use upstream unstable nixpkgs' chromium
All checks were successful
CI / Check, build and cache Nix flake (push) Successful in 27m18s
Details
2024-08-13 12:15:33 +01:00
Jack O'Sullivan
571f8f1504 home-manager/gui: Add xournalpp
All checks were successful
CI / Check, build and cache Nix flake (push) Successful in 18m42s
Details
2024-07-31 11:28:24 +01:00
Jack O'Sullivan
64c3fe682c nixos/home/routing-common: Only run Tailscale on active router
All checks were successful
CI / Check, build and cache Nix flake (push) Successful in 26m33s
Details
2024-07-31 10:20:19 +01:00
Jack O'Sullivan
7c05b6158f nixos/home/routing-common: Move Tailscale to home routers
All checks were successful
CI / Check, build and cache Nix flake (push) Successful in 18m12s
Details
2024-07-22 16:22:08 +01:00
Jack O'Sullivan
c9ab90547f Fix installer workflow short rev
Some checks failed
Installer / Build installer (push) Successful in 4m23s
Details
CI / Check, build and cache Nix flake (push) Has been cancelled
Details
2024-07-21 13:01:03 +01:00
Jack O'Sullivan
63d929c8e8 nixos: Include mutable flake in every system
All checks were successful
CI / Check, build and cache Nix flake (push) Successful in 17m41s
Details
Installer / Build installer (push) Successful in 4m20s
Details
2024-07-21 12:37:32 +01:00
Jack O'Sullivan
bbb87a2d69 devshell: Add deploy-multi command
All checks were successful
CI / Check, build and cache Nix flake (push) Successful in 17m26s
Details
2024-07-21 00:33:16 +01:00
Jack O'Sullivan
e5d5847b89 nixos/middleman: Disable zstd in nginx for now
All checks were successful
CI / Check, build and cache Nix flake (push) Successful in 25m3s
Details
2024-07-20 22:41:01 +01:00
Jack O'Sullivan
9e7294e871 nixos/shill: Rename atticd mount to harmonia 2024-07-20 21:19:25 +01:00
Jack O'Sullivan
69216c6b4c Use harmonia instead of attic for binary cache
All checks were successful
CI / Check, build and cache Nix flake (push) Successful in 2h1m7s
Details
2024-07-20 19:04:51 +01:00
Jack O'Sullivan
1ea172e690 nixos/vaultwarden: Use non-privileged port
All checks were successful
CI / Check, build and cache Nix flake (push) Successful in 18m41s
Details
2024-07-19 18:06:14 +01:00
Jack O'Sullivan
b7be45715e nixos/britway: Update headscale config
Some checks failed
CI / Check, build and cache Nix flake (push) Failing after 14m11s
Details
2024-07-15 22:58:49 +01:00
Jack O'Sullivan
3522a7078b Re-update nixpkgs 2024-07-15 22:58:42 +01:00
64 changed files with 1120 additions and 686 deletions
Expand all files Collapse all files

36
.gitea/workflows/ci.yaml
View File

@@ -6,7 +6,7 @@ on:
jobs:
check:
name: Check, build and cache Nix flake
name: Check, build and cache nixfiles
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
@@ -21,21 +21,27 @@ jobs:
# Big C++ projects fill up memory...
cores = 6
extra-substituters = https://nix-cache.nul.ie/main
extra-trusted-public-keys = main:mMChkG8LwXrFirVfudqjSHasK1jV31OVElYD3eImYl8=
- name: Set up attic
run: |
nix run .#nixpkgs.mine.x86_64-linux.attic-client -- \
login --set-default colony https://nix-cache.nul.ie "${{ secrets.NIX_CACHE_TOKEN }}"
extra-substituters = https://nix-cache.nul.ie
extra-trusted-public-keys = nix-cache.nul.ie-1:BzH5yMfF4HbzY1C977XzOxoPhEc9Zbu39ftPkUbH+m4=
- name: Check flake
run: nix flake check
- name: Build the world
run: nix flake check --no-build
- name: Build (and cache) the world
id: build
env:
HARMONIA_SSH_KEY: ${{ secrets.HARMONIA_SSH_KEY }}
run: |
path=$(nix build --no-link .#ci.x86_64-linux --json | jq -r .[0].outputs.out)
echo "path=$path" >> "$GITHUB_OUTPUT"
- name: Push to cache
run: |
nix run .#nixpkgs.mine.x86_64-linux.attic-client -- \
push main ${{ steps.build.outputs.path }}
nix eval --json --apply "builtins.attrNames" .#ci.x86_64-linux | jq -cr '.[]' | while read job; do
echo "::group::Build $job"
nix build --no-link .#ci.x86_64-linux."$job"
echo "::endgroup::"
echo "::group::Cache $job"
ci/push-to-cache.sh "$(nix eval --raw .#ci.x86_64-linux."$job")"
echo "::endgroup::"
done
echo "Building and caching CI derivation"
nix build --no-link .#ciDrv.x86_64-linux
UPDATE_PROFILE=1 ci/push-to-cache.sh "$(nix eval --raw .#ciDrv.x86_64-linux)"

10
.gitea/workflows/installer.yaml
View File

@@ -21,15 +21,13 @@ jobs:
# Make sure we're using sandbox
sandbox-fallback = false
extra-substituters = https://nix-cache.nul.ie/main
extra-trusted-public-keys = main:mMChkG8LwXrFirVfudqjSHasK1jV31OVElYD3eImYl8=
- name: Set up attic
extra-substituters = https://nix-cache.nul.ie
extra-trusted-public-keys = nix-cache.nul.ie-1:BzH5yMfF4HbzY1C977XzOxoPhEc9Zbu39ftPkUbH+m4=
- name: Set up vars
id: setup
run: |
nix run .#nixpkgs.mine.x86_64-linux.attic-client -- \
login --set-default colony https://nix-cache.nul.ie "${{ secrets.NIX_CACHE_TOKEN }}"
echo "short_rev=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT"
- name: Build installer ISO
run: |
nix build .#nixfiles.config.nixos.systems.installer.configuration.config.my.buildAs.iso

1
.keys/harmonia.pub Normal file
View File

@@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKXRXkYnBf2opIjN+bXE7HmhUpa4hyXJUGmBT+MRccT4 harmonia

1
ci/known_hosts Normal file
View File

@@ -0,0 +1 @@
object-ctr.ams1.int.nul.ie ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFdHbZErWLmTPO/aEWB1Fup/aGMf31Un5Wk66FJwTz/8

31
ci/push-to-cache.sh Executable file
View File

@@ -0,0 +1,31 @@
#!/bin/sh
set -e
REMOTE_STORE=/var/lib/harmonia
SSH_HOST="harmonia@object-ctr.ams1.int.nul.ie"
SSH_KEY=/tmp/harmonia.key
STORE_URI="ssh-ng://$SSH_HOST?ssh-key=$SSH_KEY&remote-store=$REMOTE_STORE"
remote_cmd() {
ssh -i "$SSH_KEY" "$SSH_HOST" env HOME=/run/harmonia NIX_REMOTE="$REMOTE_STORE" "$@"
}
umask_old=$(umask)
umask 0066
echo "$HARMONIA_SSH_KEY" | base64 -d > "$SSH_KEY"
umask $umask_old
mkdir -p ~/.ssh
cp ci/known_hosts ~/.ssh/
path="$1"
echo "Pushing $path to cache..."
nix copy --no-check-sigs --to "$STORE_URI" "$path"
if [ -n "$UPDATE_PROFILE" ]; then
echo "Updating profile..."
remote_cmd nix-env -p "$REMOTE_STORE"/nix/var/nix/profiles/nixfiles --set "$path"
echo "Collecting garbage..."
remote_cmd nix-collect-garbage --delete-older-than 60d
fi

33
devshell/commands.nix
View File

@@ -77,7 +77,12 @@ in
name = "build-n-switch";
category = "tasks";
help = "Shortcut to nixos-rebuild for this flake";
command = ''doas nixos-rebuild --flake . "$@"'';
command = ''
# HACK: Upstream changes in Git + Nix makes this necessary
# https://github.com/NixOS/nix/issues/10202
doas git config --global --add safe.directory "$PWD"
doas nixos-rebuild --flake . "$@"
'';
}
{
name = "run-vm";
@@ -115,29 +120,17 @@ in
help = "Build home-manager configuration";
command = ''nix build "''${@:2}" ".#homeConfigurations.\"$1\".activationPackage"'';
}
{
name = "update-inputs";
category = "tasks";
help = "Update flake inputs";
command = ''
args=()
for f in "$@"; do
args+=(--update-input "$f")
done
nix flake lock "''${args[@]}"
'';
}
{
name = "update-nixpkgs";
category = "tasks";
help = "Update nixpkgs flake inputs";
command = ''update-inputs nixpkgs-{unstable,stable,mine,mine-stable}'';
command = ''nix flake update nixpkgs-{unstable,stable,mine,mine-stable}'';
}
{
name = "update-home-manager";
category = "tasks";
help = "Update home-manager flake inputs";
command = ''update-inputs home-manager-{unstable,stable}'';
command = ''nix flake update home-manager-{unstable,stable}'';
}
{
name = "update-installer";
@@ -145,5 +138,15 @@ in
help = "Update installer tag (to trigger new release)";
command = ''git tag -f installer && git push -f origin installer'';
}
{
name = "deploy-multi";
category = "tasks";
help = "Deploy multiple flakes at once";
command = ''
for f in $@; do
deploy "$O" $f
done
'';
}
];
}

4
devshell/default.nix
View File

@@ -11,7 +11,7 @@ in
NIX_USER_CONF_FILES = toString (pkgs.writeText "nix.conf"
''
experimental-features = nix-command flakes ca-derivations repl-flake
experimental-features = nix-command flakes ca-derivations
connect-timeout = 5
fallback = true
${lib.my.c.nix.cache.conf}
@@ -24,10 +24,10 @@ in
coreutils
nixVersions.stable
rage
wireguard-tools
(pkgs.writeShellScriptBin "deploy" ''
exec ${deploy-rs.deploy-rs}/bin/deploy --skip-checks "$@"
'')
home-manager
attic-client
];
}

370
flake.lock generated
View File

@@ -8,14 +8,14 @@
"ragenix",
"nixpkgs"
],
"systems": "systems_8"
"systems": "systems_7"
},
"locked": {
"lastModified": 1707830867,
"narHash": "sha256-PAdwm5QqdlwIqGrfzzvzZubM+FXtilekQ/FA0cI49/o=",
"lastModified": 1723293904,
"narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=",
"owner": "ryantm",
"repo": "agenix",
"rev": "8cb01a0e717311680e0cbca06a76cbceba6f3ed6",
"rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41",
"type": "github"
},
"original": {
@@ -24,36 +24,10 @@
"type": "github"
}
},
"attic": {
"inputs": {
"crane": "crane",
"flake-compat": "flake-compat",
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs-unstable"
],
"nixpkgs-stable": [
"nixpkgs-stable"
]
},
"locked": {
"lastModified": 1720542474,
"narHash": "sha256-aKjJ/4l2I9+wNGTaOGRsuS3M1+IoTibqgEMPDikXm04=",
"owner": "zhaofengli",
"repo": "attic",
"rev": "6139576a3ce6bb992e0f6c3022528ec233e45f00",
"type": "github"
},
"original": {
"owner": "zhaofengli",
"repo": "attic",
"type": "github"
}
},
"boardie": {
"inputs": {
"devshell": "devshell",
"flake-utils": "flake-utils_3",
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixpkgs-unstable"
],
@@ -76,17 +50,17 @@
"borgthin": {
"inputs": {
"devshell": "devshell_2",
"flake-utils": "flake-utils_6",
"flake-utils": "flake-utils_5",
"nixpkgs": [
"nixpkgs-mine"
]
},
"locked": {
"lastModified": 1692446555,
"narHash": "sha256-Uzl8TiGKVBCjwYhkprSwbcu8xlcQwnDNIqsk9rM+P9w=",
"lastModified": 1732994213,
"narHash": "sha256-3v8cTsPB+TIdWmc1gmRNd0Mi0elpfi39CXRsA/2x/Oo=",
"owner": "devplayer0",
"repo": "borg",
"rev": "44a3dc19b014ebc8d33db0b3e145ed7bfc9a0cb7",
"rev": "795f5009445987d42f32de1b49fdeb2d88326a64",
"type": "github"
},
"original": {
@@ -96,39 +70,12 @@
}
},
"crane": {
"inputs": {
"nixpkgs": [
"attic",
"nixpkgs"
]
},
"locked": {
"lastModified": 1717025063,
"narHash": "sha256-dIubLa56W9sNNz0e8jGxrX3CAkPXsq7snuFA/Ie6dn8=",
"lastModified": 1725409566,
"narHash": "sha256-PrtLmqhM6UtJP7v7IGyzjBFhbG4eOAHT6LPYOFmYfbk=",
"owner": "ipetkov",
"repo": "crane",
"rev": "480dff0be03dac0e51a8dfc26e882b0d123a450e",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"crane_2": {
"inputs": {
"nixpkgs": [
"ragenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1708794349,
"narHash": "sha256-jX+B1VGHT0ruHHL5RwS8L21R6miBn4B6s9iVyUJsJJY=",
"owner": "ipetkov",
"repo": "crane",
"rev": "2c94ff9a6fbeb9f3ea0107f28688edbe9c81deaa",
"rev": "7e4586bad4e3f8f97a9271def747cf58c4b68f3c",
"type": "github"
},
"original": {
@@ -162,18 +109,18 @@
},
"deploy-rs": {
"inputs": {
"flake-compat": "flake-compat_2",
"flake-compat": "flake-compat",
"nixpkgs": [
"nixpkgs-unstable"
],
"utils": "utils"
},
"locked": {
"lastModified": 1718194053,
"narHash": "sha256-FaGrf7qwZ99ehPJCAwgvNY5sLCqQ3GDiE/6uLhxxwSY=",
"lastModified": 1727447169,
"narHash": "sha256-3KyjMPUKHkiWhwR91J1YchF6zb6gvckCAY1jOE+ne0U=",
"owner": "serokell",
"repo": "deploy-rs",
"rev": "3867348fa92bc892eba5d9ddb2d7a97b9e127a8a",
"rev": "aa07eb05537d4cd025e2310397a6adcedfe72c76",
"type": "github"
},
"original": {
@@ -184,7 +131,7 @@
},
"devshell": {
"inputs": {
"flake-utils": "flake-utils_2",
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs"
},
"locked": {
@@ -203,7 +150,7 @@
},
"devshell-tools": {
"inputs": {
"flake-utils": "flake-utils_11",
"flake-utils": "flake-utils_9",
"nixpkgs": "nixpkgs_4"
},
"locked": {
@@ -222,7 +169,7 @@
},
"devshell_2": {
"inputs": {
"flake-utils": "flake-utils_5",
"flake-utils": "flake-utils_4",
"nixpkgs": "nixpkgs_3"
},
"locked": {
@@ -241,17 +188,16 @@
},
"devshell_3": {
"inputs": {
"flake-utils": "flake-utils_7",
"nixpkgs": [
"nixpkgs-unstable"
]
},
"locked": {
"lastModified": 1713532798,
"narHash": "sha256-wtBhsdMJA3Wa32Wtm1eeo84GejtI43pMrFrmwLXrsEc=",
"lastModified": 1728330715,
"narHash": "sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg=",
"owner": "numtide",
"repo": "devshell",
"rev": "12e914740a25ea1891ec619bb53cf5e6ca922e40",
"rev": "dd6b80932022cea34a019e2bb32f6fa9e494dfef",
"type": "github"
},
"original": {
@@ -261,22 +207,6 @@
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1696426674,
@@ -293,90 +223,6 @@
}
},
"flake-utils": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_10": {
"inputs": {
"systems": "systems_9"
},
"locked": {
"lastModified": 1705309234,
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_11": {
"inputs": {
"systems": "systems_10"
},
"locked": {
"lastModified": 1709126324,
"narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "d465f4819400de7c8d874d50b982301f28a84605",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_12": {
"inputs": {
"systems": "systems_11"
},
"locked": {
"lastModified": 1705309234,
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_13": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems"
},
@@ -394,7 +240,40 @@
"type": "github"
}
},
"flake-utils_3": {
"flake-utils_10": {
"inputs": {
"systems": "systems_10"
},
"locked": {
"lastModified": 1705309234,
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_11": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_2"
},
@@ -412,7 +291,7 @@
"type": "github"
}
},
"flake-utils_4": {
"flake-utils_3": {
"inputs": {
"systems": "systems_3"
},
@@ -430,7 +309,7 @@
"type": "github"
}
},
"flake-utils_5": {
"flake-utils_4": {
"locked": {
"lastModified": 1642700792,
"narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=",
@@ -445,7 +324,7 @@
"type": "github"
}
},
"flake-utils_6": {
"flake-utils_5": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
@@ -460,16 +339,31 @@
"type": "github"
}
},
"flake-utils_7": {
"flake-utils_6": {
"inputs": {
"systems": "systems_6"
},
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_7": {
"locked": {
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"type": "github"
},
"original": {
@@ -480,7 +374,7 @@
},
"flake-utils_8": {
"inputs": {
"systems": "systems_7"
"systems": "systems_8"
},
"locked": {
"lastModified": 1710146030,
@@ -497,12 +391,15 @@
}
},
"flake-utils_9": {
"inputs": {
"systems": "systems_9"
},
"locked": {
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"lastModified": 1709126324,
"narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"rev": "d465f4819400de7c8d874d50b982301f28a84605",
"type": "github"
},
"original": {
@@ -540,16 +437,16 @@
]
},
"locked": {
"lastModified": 1719827415,
"narHash": "sha256-pvh+1hStXXAZf0sZ1xIJbWGx4u+OGBC1rVx6Wsw0fBw=",
"lastModified": 1732466619,
"narHash": "sha256-T1e5oceypZu3Q8vzICjv1X/sGs9XfJRMW5OuXHgpB3c=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "f2e3c19867262dbe84fdfab42467fc8dd83a2005",
"rev": "f3111f62a23451114433888902a55cf0692b408d",
"type": "github"
},
"original": {
"id": "home-manager",
"ref": "release-23.11",
"ref": "release-24.11",
"type": "indirect"
}
},
@@ -560,11 +457,11 @@
]
},
"locked": {
"lastModified": 1720734513,
"narHash": "sha256-neWQ8eNtLTd+YMesb7WjKl1SVCbDyCm46LUgP/g/hdo=",
"lastModified": 1732884235,
"narHash": "sha256-r8j6R3nrvwbT1aUp4EPQ1KC7gm0pu9VcV1aNaB+XG6Q=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "90ae324e2c56af10f20549ab72014804a3064c7f",
"rev": "819f682269f4e002884702b87e445c82840c68f2",
"type": "github"
},
"original": {
@@ -574,11 +471,11 @@
},
"impermanence": {
"locked": {
"lastModified": 1719091691,
"narHash": "sha256-AxaLX5cBEcGtE02PeGsfscSb/fWMnyS7zMWBXQWDKbE=",
"lastModified": 1731242966,
"narHash": "sha256-B3C3JLbGw0FtLSWCjBxU961gLNv+BOOBC6WvstKLYMw=",
"owner": "nix-community",
"repo": "impermanence",
"rev": "23c1f06316b67cb5dabdfe2973da3785cfe9c34a",
"rev": "3ed3f0eaae9fcc0a8331e77e9319c8a4abd8a71a",
"type": "github"
},
"original": {
@@ -611,7 +508,7 @@
},
"nixGL": {
"inputs": {
"flake-utils": "flake-utils_9",
"flake-utils": "flake-utils_7",
"nixpkgs": [
"nixpkgs-unstable"
]
@@ -648,11 +545,11 @@
},
"nixpkgs-mine": {
"locked": {
"lastModified": 1720115894,
"narHash": "sha256-oWiGxG2JRchzTYP11jSCHOnbom5tOwbZofV2IjbTdnk=",
"lastModified": 1732985787,
"narHash": "sha256-6rSJ9L4QywpHLi/xvpOHdTuPm6/eOJcXxnYzDbP3U1k=",
"owner": "devplayer0",
"repo": "nixpkgs",
"rev": "f05b4fdd5610255bd674ce75faaf573a614bdb60",
"rev": "a28c46933ef5038fb7a2dd483b85152a539c7969",
"type": "github"
},
"original": {
@@ -664,11 +561,11 @@
},
"nixpkgs-mine-stable": {
"locked": {
"lastModified": 1720116136,
"narHash": "sha256-cUfR+WCV5xz3nga7uGPdAMvlYaITpP7qEcVbEdoMRXU=",
"lastModified": 1732985894,
"narHash": "sha256-YYuQQCcSF6KjgtAenZJiBmqt5jqP3UvYgC424VQ+22s=",
"owner": "devplayer0",
"repo": "nixpkgs",
"rev": "281333a642d6f8156554e0d8457083d8a0d435c2",
"rev": "e0a3f4e2bbc5f7b681e344b389dcbab23f2e92a8",
"type": "github"
},
"original": {
@@ -680,26 +577,26 @@
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1720535198,
"narHash": "sha256-zwVvxrdIzralnSbcpghA92tWu2DV2lwv89xZc8MTrbg=",
"lastModified": 1732824227,
"narHash": "sha256-fYNXgpu1AEeLyd3fQt4Ym0tcVP7cdJ8wRoqJ+CtTRyY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "205fd4226592cc83fd4c0885a3e4c9c400efabb5",
"rev": "c71ad5c34d51dcbda4c15f44ea4e4aa6bb6ac1e9",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-23.11",
"ref": "nixos-24.11",
"type": "indirect"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1720768451,
"narHash": "sha256-EYekUHJE2gxeo2pM/zM9Wlqw1Uw2XTJXOSAO79ksc4Y=",
"lastModified": 1732758367,
"narHash": "sha256-RzaI1RO0UXqLjydtz3GAXSTzHkpb/lLD1JD8a0W4Wpo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "7e7c39ea35c5cdd002cd4588b03a3fb9ece6fad9",
"rev": "fa42b5a5f401aab8a32bd33c9a4de0738180dc59",
"type": "github"
},
"original": {
@@ -774,7 +671,7 @@
},
"poetry2nix": {
"inputs": {
"flake-utils": "flake-utils_4",
"flake-utils": "flake-utils_3",
"nix-github-actions": "nix-github-actions",
"nixpkgs": "nixpkgs_2",
"systems": "systems_4",
@@ -797,35 +694,35 @@
"ragenix": {
"inputs": {
"agenix": "agenix",
"crane": "crane_2",
"flake-utils": "flake-utils_10",
"crane": "crane",
"flake-utils": "flake-utils_8",
"nixpkgs": [
"nixpkgs-unstable"
],
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1718869541,
"narHash": "sha256-smhpGh1x/8mNl+sFL8SbeWnx0bK4HWjmdRA3mIwGjPU=",
"owner": "yaxitech",
"lastModified": 1731774781,
"narHash": "sha256-vwsUUYOIs8J6weeSK1n1mbZf8fgvygGUMsadx0JmG70=",
"owner": "devplayer0",
"repo": "ragenix",
"rev": "8a254bbaa93fbd38e16f70fa81af6782794e046e",
"rev": "ec4115da7b67c783b1091811e17dbcba50edd1c6",
"type": "github"
},
"original": {
"owner": "yaxitech",
"owner": "devplayer0",
"ref": "add-rekey-one-flag",
"repo": "ragenix",
"type": "github"
}
},
"root": {
"inputs": {
"attic": "attic",
"boardie": "boardie",
"borgthin": "borgthin",
"deploy-rs": "deploy-rs",
"devshell": "devshell_3",
"flake-utils": "flake-utils_8",
"flake-utils": "flake-utils_6",
"home-manager-stable": "home-manager-stable",
"home-manager-unstable": "home-manager-unstable",
"impermanence": "impermanence",
@@ -840,21 +737,17 @@
},
"rust-overlay": {
"inputs": {
"flake-utils": [
"ragenix",
"flake-utils"
],
"nixpkgs": [
"ragenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1708740535,
"narHash": "sha256-NCTw235XwSDbeTAtAwg/hOeNOgwYhVq7JjDdbkOgBeA=",
"lastModified": 1725675754,
"narHash": "sha256-hXW3csqePOcF2e/PYnpXj72KEYyNj2HzTrVNmS/F7Ug=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "9b24383d77f598716fa0cbb8b48c97249f5ee1af",
"rev": "8cc45e678e914a16c8e224c3237fb07cf21e5e54",
"type": "github"
},
"original": {
@@ -865,7 +758,7 @@
},
"sbt": {
"inputs": {
"flake-utils": "flake-utils_13",
"flake-utils": "flake-utils_11",
"nixpkgs": "nixpkgs_5"
},
"locked": {
@@ -885,7 +778,7 @@
"sharry": {
"inputs": {
"devshell-tools": "devshell-tools",
"flake-utils": "flake-utils_12",
"flake-utils": "flake-utils_10",
"nixpkgs": [
"nixpkgs-unstable"
],
@@ -935,21 +828,6 @@
"type": "github"
}
},
"systems_11": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,

28
flake.nix
View File

@@ -7,17 +7,18 @@
devshell.inputs.nixpkgs.follows = "nixpkgs-unstable";
nixpkgs-unstable.url = "nixpkgs/nixos-unstable";
nixpkgs-stable.url = "nixpkgs/nixos-23.11";
nixpkgs-stable.url = "nixpkgs/nixos-24.11";
nixpkgs-mine.url = "github:devplayer0/nixpkgs/devplayer0";
nixpkgs-mine-stable.url = "github:devplayer0/nixpkgs/devplayer0-stable";
home-manager-unstable.url = "home-manager";
home-manager-unstable.inputs.nixpkgs.follows = "nixpkgs-unstable";
home-manager-stable.url = "home-manager/release-23.11";
home-manager-stable.url = "home-manager/release-24.11";
home-manager-stable.inputs.nixpkgs.follows = "nixpkgs-stable";
# Stuff used by the flake for build / deployment
ragenix.url = "github:yaxitech/ragenix";
# ragenix.url = "github:yaxitech/ragenix";
ragenix.url = "github:devplayer0/ragenix/add-rekey-one-flag";
ragenix.inputs.nixpkgs.follows = "nixpkgs-unstable";
deploy-rs.url = "github:serokell/deploy-rs";
deploy-rs.inputs.nixpkgs.follows = "nixpkgs-unstable";
@@ -34,9 +35,6 @@
sharry.inputs.nixpkgs.follows = "nixpkgs-unstable";
borgthin.url = "github:devplayer0/borg";
borgthin.inputs.nixpkgs.follows = "nixpkgs-mine";
attic.url = "github:zhaofengli/attic";
attic.inputs.nixpkgs.follows = "nixpkgs-unstable";
attic.inputs.nixpkgs-stable.follows = "nixpkgs-stable";
};
outputs =
@@ -51,7 +49,7 @@
...
}:
let
inherit (builtins) mapAttrs replaceStrings;
inherit (builtins) mapAttrs replaceStrings elem;
inherit (lib) mapAttrs' filterAttrs nameValuePair recurseIntoAttrs evalModules;
inherit (lib.flake) flattenTree eachDefaultSystem;
inherit (lib.my) mkDefaultSystemsPkgs flakePackageOverlay;
@@ -95,7 +93,6 @@
inputs.ragenix.overlays.default
inputs.deploy-rs.overlay
(flakePackageOverlay inputs.home-manager-unstable system)
inputs.attic.overlays.default
];
}))
pkgsFlakes;
@@ -107,6 +104,16 @@
pkgsLibOverlay
myPkgsOverlay
];
config = {
# RMS forgive me...
# Normally this is set modularly, but sometimes we need to use other pkgs
allowUnfreePredicate = p: elem (lib.getName p) [
"widevine-cdm"
"chromium-unwrapped"
"chromium"
];
};
}))
pkgsFlakes;
@@ -197,8 +204,9 @@
systems' = mapAttrs' (n: v: nameValuePair "system-${n}" v) systems;
packages' = mapAttrs' (n: v: nameValuePair "package-${n}" v) packages;
in
pkgs.linkFarm "ci" (homes' // systems' // packages' // {
homes' // systems' // packages' // {
inherit shell;
});
};
ciDrv = pkgs.linkFarm "ci" ci;
}));
}

155
home-manager/modules/gui/default.nix
View File

@@ -1,6 +1,6 @@
{ lib, pkgs, config, ... }:
{ lib, pkgs', pkgs, config, ... }:
let
inherit (lib) genAttrs mkIf mkMerge mkForce;
inherit (lib) genAttrs mkIf mkMerge mkForce mapAttrs mkOptionDefault;
inherit (lib.my) mkBoolOpt';
cfg = config.my.gui;
@@ -39,10 +39,11 @@ in
{
home = {
packages = with pkgs; [
xdg-utils
font.package
(nerdfonts.override {
fonts = [ "DroidSansMono" "SourceCodePro" ];
})
nerd-fonts.sauce-code-pro
nerd-fonts.droid-sans-mono
noto-fonts-emoji
grim
@@ -62,6 +63,8 @@ in
neofetch
cmatrix
doomsaver
xournalpp
];
};
@@ -76,7 +79,7 @@ in
alacritty = {
enable = true;
settings = {
import = [ ./alacritty-xterm.toml ];
general.import = [ ./alacritty-xterm.toml ];
font = {
size = font.size;
@@ -95,6 +98,7 @@ in
background_opacity = "0.65";
tab_bar_edge = "top";
shell_integration = "no-sudo";
font_features = "${font.name} -liga";
};
};
@@ -160,6 +164,19 @@ in
};
Install.RequiredBy = [ "sway-session.target" ];
};
activate-linux = {
Unit = {
Description = "Linux activation watermark";
After = "graphical-session.target";
PartOf = "graphical-session.target";
};
Service = {
Type = "simple";
ExecStart = "${pkgs.activate-linux}/bin/activate-linux";
};
Install.RequiredBy = [ "graphical-session.target" ];
};
};
};
@@ -169,6 +186,7 @@ in
wl-clipboard
wev
wdisplays
swaysome
pavucontrol
libsecret
@@ -191,9 +209,36 @@ in
xsession.preferStatusNotifierItems = true;
wayland = {
windowManager = {
sway = {
sway =
let
cfg = config.wayland.windowManager.sway.config;
mod = cfg.modifier;
renameWs = pkgs.writeShellScript "sway-rename-ws" ''
focused_ws="$(swaymsg -t get_workspaces | jq ".[] | select(.focused)")"
focused_num="$(jq -r ".num" <<< "$focused_ws")"
focused_name="$(jq -r ".name" <<< "$focused_ws")"
placeholder="$(sed -E 's/[0-9]+: //' <<< "$focused_name")"
name="$(rofi -dmenu -p "rename ws $focused_num" -theme+entry+placeholder "\"$placeholder\"")"
if [ -n "$name" ]; then
swaymsg rename workspace "$focused_name" to "$focused_num: $name"
fi
'';
clearWsName = pkgs.writeShellScript "sway-clear-ws-name" ''
focused_ws="$(swaymsg -t get_workspaces | jq ".[] | select(.focused)")"
focused_num="$(jq -r ".num" <<< "$focused_ws")"
focused_name="$(jq -r ".name" <<< "$focused_ws")"
swaymsg rename workspace "$focused_name" to "$focused_num"
'';
in
{
enable = true;
xwayland = true;
extraConfigEarly = ''
set $mod ${mod}
'';
config = {
input = {
"type:touchpad" = {
@@ -208,23 +253,87 @@ in
modifier = "Mod4";
terminal = "kitty";
keybindings =
let
cfg = config.wayland.windowManager.sway.config;
mod = cfg.modifier;
in
lib.mkOptionDefault {
keybindings = mapAttrs (k: mkOptionDefault) {
"${mod}+Left" = "focus left";
"${mod}+Down" = "focus down";
"${mod}+Up" = "focus up";
"${mod}+Right" = "focus right";
"${mod}+Shift+Left" = "move left";
"${mod}+Shift+Down" = "move down";
"${mod}+Shift+Up" = "move up";
"${mod}+Shift+Right" = "move right";
"${mod}+b" = "splith";
"${mod}+v" = "splitv";
"${mod}+f" = "fullscreen toggle";
"${mod}+a" = "focus parent";
"${mod}+s" = "layout stacking";
"${mod}+w" = "layout tabbed";
"${mod}+e" = "layout toggle split";
"${mod}+Shift+space" = "floating toggle";
"${mod}+space" = "focus mode_toggle";
"${mod}+1" = "workspace number 1";
"${mod}+2" = "workspace number 2";
"${mod}+3" = "workspace number 3";
"${mod}+4" = "workspace number 4";
"${mod}+5" = "workspace number 5";
"${mod}+6" = "workspace number 6";
"${mod}+7" = "workspace number 7";
"${mod}+8" = "workspace number 8";
"${mod}+9" = "workspace number 9";
"${mod}+0" = "workspace number 10";
"${mod}+Shift+1" =
"move container to workspace number 1";
"${mod}+Shift+2" =
"move container to workspace number 2";
"${mod}+Shift+3" =
"move container to workspace number 3";
"${mod}+Shift+4" =
"move container to workspace number 4";
"${mod}+Shift+5" =
"move container to workspace number 5";
"${mod}+Shift+6" =
"move container to workspace number 6";
"${mod}+Shift+7" =
"move container to workspace number 7";
"${mod}+Shift+8" =
"move container to workspace number 8";
"${mod}+Shift+9" =
"move container to workspace number 9";
"${mod}+Shift+0" =
"move container to workspace number 10";
"${mod}+Shift+minus" = "move scratchpad";
"${mod}+minus" = "scratchpad show";
"${mod}+Return" = "exec ${cfg.terminal}";
"${mod}+r" = "mode resize";
"${mod}+d" = null;
"${mod}+l" = "exec ${doomsaver}/bin/doomsaver";
"${mod}+q" = "kill";
"${mod}+Shift+c" = "reload";
"${mod}+Shift+q" = "exec swaynag -t warning -m 'bruh you really wanna kill sway?' -b 'ye' 'systemctl --user stop graphical-session.target && swaymsg exit'";
# rofi
"${mod}+x" = "exec ${cfg.menu}";
"${mod}+Shift+x" = "exec rofi -show drun";
"${mod}+q" = "kill";
"${mod}+Shift+q" = "exec swaynag -t warning -m 'bruh you really wanna kill sway?' -b 'ye' 'systemctl --user stop graphical-session.target && swaymsg exit'";
"${mod}+Shift+d" = ''exec grim - | swappy -f -'';
"${mod}+Shift+s" = ''exec grim -g "$(slurp)" - | swappy -f -'';
"${mod}+Shift+e" = "exec rofi -show emoji";
# Config for this doesn't seem to work :/
"${mod}+c" = ''exec rofi -show calc -calc-command "echo -n '{result}' | ${pkgs.wl-clipboard}/bin/wl-copy"'';
"${mod}+Shift+r" = "exec ${renameWs}";
"${mod}+Shift+n" = "exec ${clearWsName}";
# Screenshots
"${mod}+Shift+d" = ''exec grim - | swappy -f -'';
"${mod}+Shift+s" = ''exec grim -g "$(slurp)" - | swappy -f -'';
"XF86MonBrightnessDown" = "exec ${pkgs.brightnessctl}/bin/brightnessctl set 5%-";
"XF86MonBrightnessUp" = "exec ${pkgs.brightnessctl}/bin/brightnessctl set +5%";
"XF86AudioRaiseVolume" = "exec ${pkgs.pamixer}/bin/pamixer -i 5";
"XF86AudioLowerVolume" = "exec ${pkgs.pamixer}/bin/pamixer -d 5";
@@ -241,6 +350,9 @@ in
menu = "rofi -show run";
bars = mkForce [ ];
};
extraConfig = ''
include ${./swaysome.conf}
'';
swaynag = {
enable = true;
@@ -291,6 +403,7 @@ in
diff-so-fancy.enable = true;
userEmail = "jackos1998@gmail.com";
userName = "Jack O'Sullivan";
lfs.enable = true;
extraConfig = {
pull.rebase = true;
};
@@ -298,11 +411,13 @@ in
waybar = import ./waybar.nix { inherit lib pkgs config font; };
rofi = {
package = pkgs.rofi-wayland;
enable = true;
font = "${font.name} ${toString font.size}";
plugins = with pkgs; [
plugins = with pkgs; (map (p: p.override { rofi-unwrapped = rofi-wayland-unwrapped; }) [
rofi-calc
rofi-emoji
]) ++ [
rofi-emoji-wayland
];
extraConfig = {
modes = "window,run,ssh,filebrowser,calc,emoji";
@@ -317,7 +432,7 @@ in
chromium = {
enable = true;
package = (pkgs.chromium.override { enableWideVine = true; }).overrideAttrs (old: {
package = (pkgs'.unstable.chromium.override { enableWideVine = true; }).overrideAttrs (old: {
buildCommand = ''
${old.buildCommand}

66
home-manager/modules/gui/swaysome.conf Normal file
View File

@@ -0,0 +1,66 @@
# Use (un)bindcode or (un)bindsym, depending on what you used in your main sway config file.
# The `--no-warn` setting is only added to shortcuts that exist in the default config. You may want to add or remove
# that flag on some bindings depending on your config.
# Change focus between workspaces
bindsym $mod+Alt+1 exec "swaysome focus 1"
bindsym $mod+Alt+2 exec "swaysome focus 2"
bindsym $mod+Alt+3 exec "swaysome focus 3"
bindsym $mod+Alt+4 exec "swaysome focus 4"
bindsym $mod+Alt+5 exec "swaysome focus 5"
bindsym $mod+Alt+6 exec "swaysome focus 6"
bindsym $mod+Alt+7 exec "swaysome focus 7"
bindsym $mod+Alt+8 exec "swaysome focus 8"
bindsym $mod+Alt+9 exec "swaysome focus 9"
bindsym $mod+Alt+0 exec "swaysome focus 0"
# Focus workspace groups
bindsym --no-warn $mod+1 exec "swaysome focus-group 1"
bindsym --no-warn $mod+2 exec "swaysome focus-group 2"
bindsym --no-warn $mod+3 exec "swaysome focus-group 3"
bindsym --no-warn $mod+4 exec "swaysome focus-group 4"
bindsym --no-warn $mod+5 exec "swaysome focus-group 5"
bindsym --no-warn $mod+6 exec "swaysome focus-group 6"
bindsym --no-warn $mod+7 exec "swaysome focus-group 7"
bindsym --no-warn $mod+8 exec "swaysome focus-group 8"
bindsym --no-warn $mod+9 exec "swaysome focus-group 9"
bindsym --no-warn $mod+0 exec "swaysome focus-group 0"
# Move containers between workspaces
bindsym $mod+Alt+Shift+1 exec "swaysome move 1"
bindsym $mod+Alt+Shift+2 exec "swaysome move 2"
bindsym $mod+Alt+Shift+3 exec "swaysome move 3"
bindsym $mod+Alt+Shift+4 exec "swaysome move 4"
bindsym $mod+Alt+Shift+5 exec "swaysome move 5"
bindsym $mod+Alt+Shift+6 exec "swaysome move 6"
bindsym $mod+Alt+Shift+7 exec "swaysome move 7"
bindsym $mod+Alt+Shift+8 exec "swaysome move 8"
bindsym $mod+Alt+Shift+9 exec "swaysome move 9"
bindsym $mod+Alt+Shift+0 exec "swaysome move 0"
# Move containers to other workspace groups
bindsym --no-warn $mod+Shift+1 exec "swaysome move-to-group 1"
bindsym --no-warn $mod+Shift+2 exec "swaysome move-to-group 2"
bindsym --no-warn $mod+Shift+3 exec "swaysome move-to-group 3"
bindsym --no-warn $mod+Shift+4 exec "swaysome move-to-group 4"
bindsym --no-warn $mod+Shift+5 exec "swaysome move-to-group 5"
bindsym --no-warn $mod+Shift+6 exec "swaysome move-to-group 6"
bindsym --no-warn $mod+Shift+7 exec "swaysome move-to-group 7"
bindsym --no-warn $mod+Shift+8 exec "swaysome move-to-group 8"
bindsym --no-warn $mod+Shift+9 exec "swaysome move-to-group 9"
bindsym --no-warn $mod+Shift+0 exec "swaysome move-to-group 0"
# Move focused container to next output
bindsym $mod+Alt+Right exec "swaysome next-output"
# Move focused container to previous output
bindsym $mod+Alt+Left exec "swaysome prev-output"
# Move focused workspace group to next output
bindsym $mod+Shift+Alt+Right exec "swaysome workspace-group-next-output"
# Move focused workspace group to previous output
bindsym $mod+Shift+Alt+Left exec "swaysome workspace-group-prev-output"
# Init workspaces for every screen
exec "swaysome init 1"

33
lib/constants.nix
View File

@@ -27,7 +27,7 @@ rec {
kernel = {
lts = pkgs: pkgs.linuxKernel.packages.linux_6_6;
latest = pkgs: pkgs.linuxKernel.packages.linux_6_9;
latest = pkgs: pkgs.linuxKernel.packages.linux_6_12;
};
nginx = rec {
@@ -98,10 +98,10 @@ rec {
nix = {
cache = rec {
substituters = [
"https://nix-cache.${pubDomain}/main"
"https://nix-cache.${pubDomain}"
];
keys = [
"main:mMChkG8LwXrFirVfudqjSHasK1jV31OVElYD3eImYl8="
"nix-cache.nul.ie-1:BzH5yMfF4HbzY1C977XzOxoPhEc9Zbu39ftPkUbH+m4="
];
conf = ''
extra-substituters = ${concatStringsSep " " substituters}
@@ -135,6 +135,9 @@ rec {
v4 = subnet 8 3 all.v4;
v6 = subnet 4 3 all.v6;
};
qclk = {
v4 = subnet 8 4 all.v4;
};
cust = {
v4 = subnet 8 100 all.v4; # single ip for routing only
@@ -170,6 +173,10 @@ rec {
jam-ctr = host 3 prefixes.cust.v4;
};
qclk = {
wgPort = 51821;
};
firewallForwards = aa: [
{
port = "http";
@@ -220,6 +227,23 @@ rec {
dst = aa.simpcraft-oci.internal.ipv4.address;
proto = "udp";
}
{
port = 15636;
dst = aa.enshrouded-oci.internal.ipv4.address;
proto = "udp";
}
{
port = 15637;
dst = aa.enshrouded-oci.internal.ipv4.address;
proto = "udp";
}
{
port = qclk.wgPort;
dst = aa.qclk.internal.ipv4.address;
proto = "udp";
}
];
fstrimConfig = {
@@ -243,7 +267,7 @@ rec {
"stream"
];
routersPubV4 = [
"80.111.122.16"
"109.255.31.155"
"109.255.252.63"
];
@@ -359,6 +383,7 @@ rec {
deploy = ../.keys/deploy.pub;
rsyncNet = ../.keys/zh2855.rsync.net.pub;
mailcowAcme = ../.keys/mailcow-acme.pub;
harmonia = ../.keys/harmonia.pub;
};
sshHostKeys = {
mail-vm = ../.keys/mail-vm-host.pub;

4
lib/default.nix
View File

@@ -248,8 +248,8 @@ rec {
in
{
trivial = prev.trivial // {
release = "24.07:u-${prev.trivial.release}";
codeName = "Diffed";
release = "24.12:u-${prev.trivial.release}";
codeName = "Epic";
revisionWithDefault = default: self.rev or default;
versionSuffix = ".${date}.${revCode self}:u-${revCode pkgsFlake}";
};

4
nixos/boxes/britway/default.nix
View File

@@ -106,7 +106,7 @@ in
{
matchConfig.Name = "as211024";
networkConfig.IPv6AcceptRA = mkForce false;
routes = map (r: { routeConfig = r; }) [
routes = [
{
Destination = lib.my.c.colony.prefixes.all.v4;
Gateway = allAssignments.estuary.as211024.ipv4.address;
@@ -123,7 +123,7 @@ in
Table = "ts-extra";
}
];
routingPolicyRules = map (r: { routingPolicyRuleConfig = r; }) [
routingPolicyRules = [
{
IncomingInterface = "tailscale0";
To = lib.my.c.colony.prefixes.all.v6;

2
nixos/boxes/britway/nginx.nix
View File

@@ -80,7 +80,7 @@ in
};
};
"ts.${pubDomain}" = {
"hs.${pubDomain}" = {
locations."/" = {
proxyPass = "http://localhost:${toString config.services.headscale.port}";
proxyWebsockets = true;

20
nixos/boxes/britway/tailscale.nix
View File

@@ -5,7 +5,7 @@ let
inherit (lib.my.c.britway) prefixes domain;
# Can't use overrideAttrs because we need to override `vendorHash` within `buildGoModule`
headscale = (pkgs.headscale.override {
headscale' = (pkgs.headscale.override {
buildGoModule = args: pkgs.buildGoModule (args // rec {
version = "0.23.0-alpha12";
src = pkgs.fetchFromGitHub {
@@ -41,19 +41,20 @@ in
services = {
headscale = {
enable = true;
package = headscale;
settings = {
disable_check_updates = true;
unix_socket_permission = "0770";
server_url = "https://ts.${pubDomain}";
db_type = "sqlite3";
db_path = "/var/lib/headscale/db.sqlite3";
server_url = "https://hs.${pubDomain}";
database = {
type = "sqlite3";
sqlite.path = "/var/lib/headscale/db.sqlite3";
};
noise.private_key_path = "/var/lib/headscale/noise_private.key";
ip_prefixes = with lib.my.c.tailscale.prefix; [ v4 v6 ];
dns_config = {
prefixes = with lib.my.c.tailscale.prefix; { inherit v4 v6; };
dns = {
# Use IPs that will route inside the VPN to prevent interception
# (e.g. DNS rebinding filtering)
restricted_nameservers = {
nameservers.split = {
"${domain}" = pubNameservers;
"${lib.my.c.colony.domain}" = with allAssignments.estuary.base; [
ipv4.address ipv6.address
@@ -67,7 +68,6 @@ in
};
magic_dns = true;
base_domain = "ts.${pubDomain}";
override_local_dns = false;
};
oidc = {
only_start_if_oidc_is_available = true;
@@ -87,7 +87,7 @@ in
interfaceName = "tailscale0";
extraUpFlags = [
"--operator=${config.my.user.config.name}"
"--login-server=https://ts.nul.ie"
"--login-server=https://hs.nul.ie"
"--netfilter-mode=off"
"--advertise-exit-node"
"--advertise-routes=${advRoutes}"

19
nixos/boxes/colony/default.nix
View File

@@ -252,10 +252,10 @@ in
};
ipv6Prefixes = [
{
ipv6PrefixConfig.Prefix = prefixes.vms.v6;
Prefix = prefixes.vms.v6;
}
];
routes = map (r: { routeConfig = r; }) [
routes = [
{
Destination = prefixes.ctrs.v4;
Gateway = allAssignments.shill.routing.ipv4.address;
@@ -264,10 +264,12 @@ in
Destination = prefixes.ctrs.v6;
Gateway = allAssignments.shill.internal.ipv6.address;
}
{
Destination = allAssignments.shill.internal.ipv4.address;
Gateway = allAssignments.shill.routing.ipv4.address;
}
{
Destination = lib.my.c.tailscale.prefix.v4;
Gateway = allAssignments.shill.routing.ipv4.address;
@@ -276,6 +278,11 @@ in
Destination = lib.my.c.tailscale.prefix.v6;
Gateway = allAssignments.shill.internal.ipv6.address;
}
{
Destination = prefixes.qclk.v4;
Gateway = allAssignments.shill.routing.ipv4.address;
}
{
Destination = prefixes.jam.v6;
Gateway = allAssignments.shill.internal.ipv6.address;
@@ -320,10 +327,10 @@ in
};
ipv6Prefixes = [
{
ipv6PrefixConfig.Prefix = prefixes.mail.v6;
Prefix = prefixes.mail.v6;
}
];
routes = map (r: { routeConfig = r; }) [
routes = [
{
Destination = prefixes.mail.v4;
Scope = "link";
@@ -343,10 +350,10 @@ in
};
ipv6Prefixes = [
{
ipv6PrefixConfig.Prefix = prefixes.darts.v6;
Prefix = prefixes.darts.v6;
}
];
routes = map (r: { routeConfig = r; }) [
routes = [
{
Destination = prefixes.darts.v4;
Scope = "link";

2
nixos/boxes/colony/vms/default.nix
View File

@@ -133,7 +133,7 @@
(vm.lvmDisk "media")
(vm.lvmDisk "minio")
(vm.lvmDisk "nix-atticd")
(vm.lvmDisk "nix-cache")
(vm.lvmDisk "jam")
]);
};

19
nixos/boxes/colony/vms/estuary/default.nix
View File

@@ -164,11 +164,9 @@ in
};
wireguardPeers = [
{
wireguardPeerConfig = {
PublicKey = "7N9YdQaCMWWIwAnW37vrthm9ZpbnG4Lx3gheHeRYz2E=";
AllowedIPs = [ allAssignments.kelder.estuary.ipv4.address ];
PersistentKeepalive = 25;
};
}
];
};
@@ -278,11 +276,10 @@ in
};
ipv6Prefixes = [
{
ipv6PrefixConfig.Prefix = prefixes.base.v6;
Prefix = prefixes.base.v6;
}
];
routes = map (r: { routeConfig = r; }) (flatten
([
routes = flatten ([
{
Destination = prefixes.vip1;
Gateway = allAssignments.colony.routing.ipv4.address;
@@ -308,6 +305,11 @@ in
Destination = lib.my.c.tailscale.prefix.v6;
Gateway = allAssignments.colony.internal.ipv6.address;
}
{
Destination = prefixes.qclk.v4;
Gateway = allAssignments.colony.routing.ipv4.address;
}
] ++
(map (pName: [
{
@@ -318,7 +320,7 @@ in
Destination = prefixes."${pName}".v6;
Gateway = allAssignments.colony.internal.ipv6.address;
}
]) [ "vms" "ctrs" "oci" ])));
]) [ "vms" "ctrs" "oci" ]));
}
];
@@ -327,7 +329,7 @@ in
{
matchConfig.Name = "as211024";
networkConfig.IPv6AcceptRA = mkForce false;
routes = map (r: { routeConfig = r; }) [
routes = [
{
Destination = lib.my.c.home.prefixes.all.v4;
Gateway = lib.my.c.home.vips.as211024.v4;
@@ -339,10 +341,8 @@ in
matchConfig.Name = "kelder";
routes = [
{
routeConfig = {
Destination = allAssignments.kelder.estuary.ipv4.address;
Scope = "link";
};
}
];
};
@@ -407,6 +407,7 @@ in
ip6 daddr ${aa.valheim-oci.internal.ipv6.address} udp dport { 2456-2457 } accept
ip6 daddr ${aa.waffletail.internal.ipv6.address} udp dport 41641 accept
ip6 daddr ${aa.simpcraft-oci.internal.ipv6.address} udp dport 25565 accept
ip6 daddr ${aa.enshrouded-oci.internal.ipv6.address} udp dport { 15636-15637 } accept
return
}
chain filter-routing {

1
nixos/boxes/colony/vms/estuary/dns.nix
View File

@@ -153,6 +153,7 @@ in
simpcraft IN AAAA ${allAssignments.simpcraft-oci.internal.ipv6.address}
simpcraft-staging IN A ${assignments.internal.ipv4.address}
simpcraft-staging IN AAAA ${allAssignments.simpcraft-staging-oci.internal.ipv6.address}
enshrouded IN A ${assignments.internal.ipv4.address}
mail-vm IN A ${net.cidr.host 0 prefixes.mail.v4}
mail-vm IN AAAA ${net.cidr.host 1 prefixes.mail.v6}

5
nixos/boxes/colony/vms/git/gitea-actions.nix
View File

@@ -35,6 +35,11 @@ in
];
url = "https://git.${pubDomain}";
tokenFile = config.age.secrets."gitea/actions-runner.env".path;
settings = {
runner = {
timeout = "8h";
};
};
};
};
};

4
nixos/boxes/colony/vms/shill/containers-ext.nix
View File

@@ -47,10 +47,10 @@ in
};
ipv6Prefixes = [
{
ipv6PrefixConfig.Prefix = prefixes.jam.v6;
Prefix = prefixes.jam.v6;
}
];
routes = map (r: { routeConfig = r; }) [
routes = [
{
Destination = prefixes.jam.v4;
Scope = "link";

48
nixos/boxes/colony/vms/shill/containers/chatterbox.nix
View File

@@ -50,11 +50,6 @@ in
group = "matrix-synapse";
};
"chatterbox/syncv3.env" = {
owner = "matrix-syncv3";
group = "matrix-syncv3";
};
"chatterbox/mautrix-whatsapp.env" = {
owner = "mautrix-whatsapp";
group = "mautrix-whatsapp";
@@ -80,32 +75,21 @@ in
matrix-synapse.extraGroups = [
"mautrix-whatsapp"
];
matrix-syncv3 = {
isSystemUser = true;
uid = uids.matrix-syncv3;
group = "matrix-syncv3";
};
};
groups = {
matrix-syncv3.gid = gids.matrix-syncv3;
};
groups = { };
};
systemd = {
network.networks."80-container-host0" = networkdAssignment "host0" assignments.internal;
services = {
matrix-sliding-sync.serviceConfig = {
# Needs to be able to read its secrets
DynamicUser = mkForce false;
User = "matrix-syncv3";
Group = "matrix-syncv3";
};
} // (genAttrs [ "mautrix-whatsapp" "mautrix-meta-messenger" "mautrix-meta-instagram" ] (_: {
services = { } // (genAttrs [ "mautrix-whatsapp" "mautrix-meta-messenger" "mautrix-meta-instagram" ] (_: {
# ffmpeg needed to convert GIFs to video
path = with pkgs; [ ffmpeg ];
}));
};
# TODO/FIXME: https://github.com/NixOS/nixpkgs/issues/336052
nixpkgs.config.permittedInsecurePackages = [ "olm-3.2.16" ];
services = {
netdata.enable = true;
matrix-synapse = {
@@ -193,20 +177,10 @@ in
app_service_config_files = [
"/var/lib/heisenbridge/registration.yml"
config.age.secrets."chatterbox/doublepuppet.yaml".path
"/var/lib/mautrix-whatsapp/whatsapp-registration.yaml"
];
};
};
matrix-sliding-sync = {
enable = true;
createDatabase = false;
environmentFile = config.age.secrets."chatterbox/syncv3.env".path;
settings = {
SYNCV3_BINDADDR = "[::]:8009";
SYNCV3_SERVER = "http://localhost:8008";
};
};
heisenbridge = {
enable = true;
@@ -285,10 +259,12 @@ in
avatar = "mxc://maunium.net/ygtkteZsXnGJLJHRchUwYWak";
};
};
meta.mode = "messenger";
network = {
mode = "messenger";
displayname_template = ''{{or .DisplayName .Username "Unknown user"}} (FBM)'';
};
bridge = {
username_template = "fbm2_{{.}}";
displayname_template = ''{{or .DisplayName .Username "Unknown user"}} (FBM)'';
personal_filtering_spaces = true;
delivery_receipts = true;
management_room_text.welcome = "Hello, I'm a Messenger bridge bot.";
@@ -331,10 +307,12 @@ in
avatar = "mxc://maunium.net/JxjlbZUlCPULEeHZSwleUXQv";
};
};
meta.mode = "instagram";
network = {
mode = "instagram";
displayname_template = ''{{or .DisplayName .Username "Unknown user"}} (IG)'';
};
bridge = {
username_template = "ig_{{.}}";
displayname_template = ''{{or .DisplayName .Username "Unknown user"}} (IG)'';
personal_filtering_spaces = true;
delivery_receipts = true;
management_room_text.welcome = "Hello, I'm an Instagram bridge bot.";

1
nixos/boxes/colony/vms/shill/containers/default.nix
View File

@@ -8,5 +8,6 @@
./object.nix
./toot.nix
./waffletail.nix
./qclk
];
}

8
nixos/boxes/colony/vms/shill/containers/jackflix/default.nix
View File

@@ -94,6 +94,14 @@ in
};
};
nixpkgs.config.permittedInsecurePackages = [
# FIXME: This is needed for Sonarr
"aspnetcore-runtime-wrapped-6.0.36"
"aspnetcore-runtime-6.0.36"
"dotnet-sdk-wrapped-6.0.428"
"dotnet-sdk-6.0.428"
];
services = {
netdata.enable = true;

6
nixos/boxes/colony/vms/shill/containers/jackflix/networking.nix
View File

@@ -71,14 +71,12 @@ in
RouteTable = routeTable;
};
wireguardPeers = [
{
# AirVPN NL
wireguardPeerConfig = {
{
Endpoint = "2a00:1678:1337:2329:e5f:35d4:4404:ef9f:1637";
PublicKey = "PyLCXAQT8KkM4T+dUsOQfn+Ub3pGxfGlxkIApuig+hk=";
PresharedKeyFile = config.age.secrets."${pskFile}".path;
AllowedIPs = [ "0.0.0.0/0" "::/0" ];
};
}
];
};
@@ -94,7 +92,7 @@ in
matchConfig.Name = "vpn";
address = [ "10.182.97.37/32" "fd7d:76ee:e68f:a993:735d:ef5e:6907:b122/128" ];
dns = [ "10.128.0.1" "fd7d:76ee:e68f:a993::1" ];
routingPolicyRules = map (r: { routingPolicyRuleConfig = r; }) [
routingPolicyRules = [
{
Family = "both";
SuppressPrefixLength = 0;

3
nixos/boxes/colony/vms/shill/containers/middleman/default.nix
View File

@@ -239,6 +239,9 @@ in
];
recommendedTlsSettings = true;
recommendedBrotliSettings = true;
# Uh so nginx is hanging with zstd enabled... maybe let's not for now
# recommendedZstdSettings = true;
clientMaxBodySize = "0";
serverTokens = true;
resolver = {

42
nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix
View File

@@ -2,7 +2,7 @@
let
inherit (builtins) mapAttrs toJSON;
inherit (lib) mkMerge mkDefault genAttrs flatten concatStringsSep;
inherit (lib.my.c) pubDomain;
inherit (lib.my.c) pubDomain home;
inherit (lib.my.c.nginx) proxyHeaders;
inherit (config.networking) domain;
@@ -35,7 +35,6 @@ let
# For clients
(mkWellKnown "matrix/client" (toJSON {
"m.homeserver".base_url = "https://matrix.nul.ie";
"org.matrix.msc3575.proxy".url = "https://matrix-syncv3.nul.ie";
}))
];
};
@@ -145,7 +144,7 @@ in
"pass.${pubDomain}" =
let
upstream = "http://vaultwarden-ctr.${domain}";
upstream = "http://vaultwarden-ctr.${domain}:8080";
in
{
locations = {
@@ -182,10 +181,6 @@ in
];
useACMEHost = pubDomain;
};
"matrix-syncv3.${pubDomain}" = {
locations."/".proxyPass = "http://chatterbox-ctr.${domain}:8009";
useACMEHost = pubDomain;
};
"element.${pubDomain}" =
let
@@ -396,6 +391,28 @@ in
};
useACMEHost = pubDomain;
};
"pront.${pubDomain}" = mkMerge [
{
locations."/" = mkMerge [
{
proxyPass = "http://stream-hi.${home.domain}:5000";
proxyWebsockets = true;
extraConfig = proxyHeaders;
}
(ssoLoc "generic")
];
locations."~* ^/webcam/(.*)" = mkMerge [
{
proxyPass = "http://stream-hi.${home.domain}:5050/$1$is_args$args";
extraConfig = proxyHeaders;
}
(ssoLoc "generic")
];
useACMEHost = pubDomain;
}
(ssoServer "generic")
];
};
minio =
@@ -407,10 +424,13 @@ in
ignore_invalid_headers off;
'';
nixCacheableRegex = ''^\/(\S+\.narinfo|nar\/\S+\.nar\.\S+)$'';
nixCacheableRegex = ''^\/(\S+\.narinfo|nar\/\S+\.nar.*|serve\/.+)$'';
nixCacheHeaders = ''
add_header Cache-Control $nix_cache_control;
add_header Expires $nix_expires;
brotli on;
brotli_types application/x-nix-archive;
'';
in
{
@@ -452,9 +472,11 @@ in
"nix-cache.${pubDomain}" = {
locations = {
"/".proxyPass = "http://${host}:8069";
"/" = {
proxyPass = "http://${host}:5000";
};
"~ ${nixCacheableRegex}" = {
proxyPass = "http://${host}:8069";
proxyPass = "http://${host}:5000";
extraConfig = nixCacheHeaders;
};
};

46
nixos/boxes/colony/vms/shill/containers/object.nix
View File

@@ -31,6 +31,13 @@ in
{
config = mkMerge [
{
fileSystems = {
"/var/lib/harmonia" = {
device = "/mnt/nix-cache";
options = [ "bind" ];
};
};
my = {
deploy.enable = false;
server.enable = true;
@@ -48,6 +55,7 @@ in
group = config.my.user.config.group;
};
"object/atticd.env" = {};
"nix-cache.key" = {};
"object/hedgedoc.env" = {};
"object/wastebin.env" = {};
};
@@ -58,6 +66,7 @@ in
9000 9001
config.services.sharry.config.bind.port
8069
5000
config.services.hedgedoc.settings.port
8088
];
@@ -68,14 +77,26 @@ in
};
};
users = with lib.my.c.ids; let inherit (config.services.atticd) user group; in {
users = with lib.my.c.ids; mkMerge [
(let inherit (config.services.atticd) user group; in {
users."${user}" = {
isSystemUser = true;
uid = uids.atticd;
group = group;
};
groups."${user}".gid = gids.atticd;
})
{
users = {
harmonia = {
shell = pkgs.bashInteractive;
openssh.authorizedKeys.keyFiles = [
lib.my.c.sshKeyFiles.harmonia
];
};
};
}
];
systemd = {
network.networks."80-container-host0" = networkdAssignment "host0" assignments.internal;
@@ -93,7 +114,9 @@ in
MINIO_BROWSER_REDIRECT_URL = "https://minio.nul.ie";
};
};
sharry = awaitPostgres;
atticd = mkMerge [
awaitPostgres
{
@@ -104,6 +127,15 @@ in
};
}
];
harmonia = {
environment.NIX_REMOTE = "/var/lib/harmonia";
preStart = ''
${config.nix.package}/bin/nix store ping
'';
serviceConfig = {
StateDirectory = "harmonia";
};
};
};
};
@@ -183,8 +215,8 @@ in
};
atticd = {
enable = true;
credentialsFile = config.age.secrets."object/atticd.env".path;
enable = false;
environmentFile = config.age.secrets."object/atticd.env".path;
settings = {
listen = "[::]:8069";
allowed-hosts = [ "nix-cache.${pubDomain}" ];
@@ -203,6 +235,14 @@ in
};
};
harmonia = {
enable = true;
signKeyPaths = [ config.age.secrets."nix-cache.key".path ];
settings = {
priority = 30;
};
};
hedgedoc = {
enable = true;
environmentFile = config.age.secrets."object/hedgedoc.env".path;

115
nixos/boxes/colony/vms/shill/containers/qclk/default.nix Normal file
View File

@@ -0,0 +1,115 @@
{ lib, ... }:
let
inherit (lib.my) net;
inherit (lib.my.c.colony) domain prefixes qclk;
in
{
nixos.systems.qclk = { config, ... }: {
system = "x86_64-linux";
nixpkgs = "mine";
rendered = config.configuration.config.my.asContainer;
assignments = {
internal = {
name = "qclk-ctr";
inherit domain;
ipv4.address = net.cidr.host 10 prefixes.ctrs.v4;
ipv6 = {
iid = "::a";
address = net.cidr.host 10 prefixes.ctrs.v6;
};
};
qclk = {
ipv4 = {
address = net.cidr.host 1 prefixes.qclk.v4;
gateway = null;
};
};
};
configuration = { lib, pkgs, config, assignments, ... }:
let
inherit (lib) concatStringsSep mkMerge mkIf mkForce;
inherit (lib.my) networkdAssignment;
apiPort = 8080;
instances = [
{
host = 2;
wgKey = "D7z1FhcdxpnrGCE0wBW5PZb5BKuhCu6tcZ/5ZaYxdwQ=";
}
];
ipFor = i: net.cidr.host i.host prefixes.qclk.v4;
in
{
config = {
environment = {
systemPackages = with pkgs; [
wireguard-tools
];
};
my = {
deploy.enable = false;
server.enable = true;
secrets = {
key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC1kcfvahYmSk8IJKaUIcGkhxf/8Yse2XnU7Qqgcglyq";
files = {
"qclk/wg.key" = {
group = "systemd-network";
mode = "440";
};
};
};
firewall = {
udp.allowed = [ qclk.wgPort ];
extraRules = ''
table inet filter {
chain input {
iifname management tcp dport ${toString apiPort} accept
}
chain forward {
iifname host0 oifname management ip saddr { ${concatStringsSep ", " lib.my.c.as211024.trusted.v4} } accept
}
}
table inet nat {
chain postrouting {
iifname host0 oifname management snat ip to ${assignments.qclk.ipv4.address}
}
}
'';
};
};
systemd = {
network = {
netdevs."30-management" = {
netdevConfig = {
Name = "management";
Kind = "wireguard";
};
wireguardConfig = {
PrivateKeyFile = config.age.secrets."qclk/wg.key".path;
ListenPort = qclk.wgPort;
};
wireguardPeers = map (i: {
PublicKey = i.wgKey;
AllowedIPs = [ (ipFor i) ];
}) instances;
};
networks = {
"30-container-host0" = networkdAssignment "host0" assignments.internal;
"30-management" = networkdAssignment "management" assignments.qclk;
};
};
};
services = { };
};
};
};
}

4
nixos/boxes/colony/vms/shill/containers/vaultwarden.nix
View File

@@ -83,7 +83,7 @@ in
DOMAIN = "https://pass.${lib.my.c.pubDomain}";
ROCKET_ADDRESS = "::";
ROCKET_PORT = 80;
ROCKET_PORT = 8080;
SMTP_HOST = "mail.nul.ie";
SMTP_FROM = "pass@nul.ie";
@@ -99,6 +99,8 @@ in
};
borgbackup.jobs.vaultwarden = {
readWritePaths = [ "/var/lib/borgbackup" "/var/cache/borgbackup" ];
paths = [ vwData ];
repo = "zh2855@zh2855.rsync.net:borg/vaultwarden2";
doInit = true;

2
nixos/boxes/colony/vms/shill/containers/waffletail.nix
View File

@@ -86,7 +86,7 @@ in
interfaceName = "tailscale0";
extraUpFlags = [
"--operator=${config.my.user.config.name}"
"--login-server=https://ts.nul.ie"
"--login-server=https://hs.nul.ie"
"--netfilter-mode=off"
"--advertise-exit-node"
"--advertise-routes=${advRoutes}"

16
nixos/boxes/colony/vms/shill/default.nix
View File

@@ -94,8 +94,8 @@ in
device = "/dev/disk/by-label/minio";
fsType = "xfs";
};
"/mnt/atticd" = {
device = "/dev/disk/by-label/atticd";
"/mnt/nix-cache" = {
device = "/dev/disk/by-label/nix-cache";
fsType = "ext4";
};
};
@@ -140,10 +140,10 @@ in
};
ipv6Prefixes = [
{
ipv6PrefixConfig.Prefix = prefixes.ctrs.v6;
Prefix = prefixes.ctrs.v6;
}
];
routes = map (r: { routeConfig = r; }) [
routes = [
{
Destination = lib.my.c.tailscale.prefix.v4;
Gateway = allAssignments.waffletail.internal.ipv4.address;
@@ -152,6 +152,11 @@ in
Destination = lib.my.c.tailscale.prefix.v6;
Gateway = allAssignments.waffletail.internal.ipv6.address;
}
{
Destination = prefixes.qclk.v4;
Gateway = allAssignments.qclk.internal.ipv4.address;
}
];
}
];
@@ -206,11 +211,12 @@ in
object = {
bindMounts = {
"/mnt/minio".readOnly = false;
"/mnt/atticd".readOnly = false;
"/mnt/nix-cache".readOnly = false;
};
};
toot = {};
waffletail = {};
qclk = {};
};
in
mkMerge [

2
nixos/boxes/colony/vms/whale2/default.nix
View File

@@ -52,6 +52,7 @@ in
valheim-oci = 2;
simpcraft-oci = 3;
simpcraft-staging-oci = 4;
enshrouded-oci = 5;
};
configuration = { lib, pkgs, modulesPath, config, assignments, allAssignments, ... }:
@@ -66,6 +67,7 @@ in
./valheim.nix
./minecraft
# ./enshrouded.nix
];
config = mkMerge [

35
nixos/boxes/colony/vms/whale2/enshrouded.nix Normal file
View File

@@ -0,0 +1,35 @@
{ lib, config, allAssignments, ... }:
let
inherit (lib) concatStringsSep;
inherit (lib.my) dockerNetAssignment;
in
{
config = {
virtualisation.oci-containers.containers = {
enshrouded = {
image = "sknnr/enshrouded-dedicated-server@sha256:f163e8ba9caa2115d8a0a7b16c3696968242fb6fba82706d9a77a882df083497";
environment = {
SERVER_NAME = "UWUshrouded";
# SERVER_IP = "::"; # no IPv6?? :(
TZ = "Europe/Dublin";
};
environmentFiles = [ config.age.secrets."whale2/enshrouded.env".path ];
volumes = [
"enshrouded:/home/steam/enshrouded/savegame"
];
extraOptions = [
''--network=colony:${dockerNetAssignment allAssignments "enshrouded-oci"}''
];
};
};
my = {
secrets.files = {
"whale2/enshrouded.env" = {};
};
};
};
}

1
nixos/boxes/colony/vms/whale2/minecraft/default.nix
View File

@@ -123,6 +123,7 @@ in
within = "12H";
hourly = 48;
};
readWritePaths = [ "/var/lib/borgbackup" "/var/cache/borgbackup" ];
# Avoid Minecraft poking the files while we back up
preHook = rconCommand "save-off";

8
nixos/boxes/home/castle/default.nix
View File

@@ -36,7 +36,7 @@ in
cpu = {
amd.updateMicrocode = true;
};
opengl.extraPackages = with pkgs; [
graphics.extraPackages = with pkgs; [
intel-media-driver
];
bluetooth.enable = true;
@@ -75,6 +75,8 @@ in
};
};
};
binfmt.emulatedSystems = [ "aarch64-linux" "armv7l-linux" ];
};
fileSystems = {
@@ -152,6 +154,10 @@ in
nix = {
gc.automatic = false;
settings = {
experimental-features = [ "recursive-nix" ];
system-features = [ "nixos-test" "benchmark" "big-parallel" "kvm" "recursive-nix" ];
};
};
systemd = {

1
nixos/boxes/home/palace/vms/sfh/containers/unifi.nix
View File

@@ -56,6 +56,7 @@ in
enable = true;
openFirewall = true;
unifiPackage = pkgs.unifi8;
mongodbPackage = pkgs.mongodb-6_0;
};
};
};

8
nixos/boxes/home/routing-common/default.nix
View File

@@ -227,7 +227,7 @@ in
networkConfig = networkd.noL3;
extraConfig = ''
[CAKE]
Bandwidth=235M
Bandwidth=490M
RTTSec=50ms
PriorityQueueingPreset=besteffort
# DOCSIS preset
@@ -251,7 +251,7 @@ in
extraConfig = ''
[CAKE]
Parent=root
Bandwidth=24M
Bandwidth=48M
RTTSec=50ms
'';
}
@@ -276,7 +276,7 @@ in
{
matchConfig.Name = "as211024";
networkConfig.IPv6AcceptRA = mkForce false;
routes = map (r: { routeConfig = r; }) [
routes = [
{
Destination = lib.my.c.colony.prefixes.all.v4;
Gateway = allAssignments.estuary.as211024.ipv4.address;
@@ -301,7 +301,7 @@ in
{
"60-lan-hi" = {
routes = map (r: { routeConfig = r; }) [
routes = [
{
Destination = elemAt routersPubV4 otherIndex;
Gateway = net.cidr.host (otherIndex + 1) prefixes.hi.v4;

4
nixos/boxes/home/routing-common/dns.nix
View File

@@ -170,8 +170,8 @@ in
hostname = "${otherName}.${config.networking.domain}";
server = net.cidr.host (otherIndex + 1) prefixes.hi.v4;
}}
${elemAt routers 0} IN AAAA ${net.cidr.host 1 prefixes.hi.v6}
${elemAt routers 1} IN AAAA ${net.cidr.host 2 prefixes.hi.v6}
${elemAt routers 0} IN AAAA ${allAssignments."${elemAt routers 0}".as211024.ipv6.address}
${elemAt routers 1} IN AAAA ${allAssignments."${elemAt routers 1}".as211024.ipv6.address}
boot IN CNAME river-hi.${config.networking.domain}.
@ IN NS ns1

32
nixos/boxes/home/stream.nix
View File

@@ -43,6 +43,38 @@
};
};
services = {
mjpg-streamer = {
enable = true;
inputPlugin = "input_uvc.so";
outputPlugin = "output_http.so -w @www@ -n -p 5050";
};
octoprint = {
enable = true;
host = "::";
extraConfig = {
plugins = {
classicwebcam = {
snapshot = "/webcam/?action=snapshot";
stream = "/webcam/?action=stream";
streamRatio = "4:3";
};
};
serial = {
port = "/dev/ttyACM0";
baudrate = 115200;
};
temperature.profiles = [
{
bed = 60;
extruder = 215;
name = "PLA";
}
];
};
};
};
systemd.network = {
netdevs = {
"25-lan" = {

10
nixos/boxes/kelder/containers/acquisition/default.nix
View File

@@ -26,7 +26,7 @@ in
config = {
# Hardware acceleration for Jellyfin
hardware.opengl = {
hardware.graphics = {
enable = true;
extraPackages = with pkgs; [
vaapiIntel
@@ -78,6 +78,14 @@ in
};
};
nixpkgs.config.permittedInsecurePackages = [
# FIXME: This is needed for Sonarr
"aspnetcore-runtime-wrapped-6.0.36"
"aspnetcore-runtime-6.0.36"
"dotnet-sdk-wrapped-6.0.428"
"dotnet-sdk-6.0.428"
];
services = {
transmission = {
enable = true;

6
nixos/boxes/kelder/containers/acquisition/networking.nix
View File

@@ -73,14 +73,12 @@ in
RouteTable = routeTable;
};
wireguardPeers = [
{
# AirVPN IE
wireguardPeerConfig = {
{
Endpoint = "146.70.94.2:1637";
PublicKey = "PyLCXAQT8KkM4T+dUsOQfn+Ub3pGxfGlxkIApuig+hk=";
PresharedKeyFile = config.age.secrets."${pskFile}".path;
AllowedIPs = [ "0.0.0.0/0" "::/0" ];
};
}
];
};
@@ -97,7 +95,7 @@ in
matchConfig.Name = "vpn";
address = [ "10.161.170.28/32" "fd7d:76ee:e68f:a993:b12d:6d15:c80a:9516/128" ];
dns = [ "10.128.0.1" "fd7d:76ee:e68f:a993::1" ];
routingPolicyRules = map (r: { routingPolicyRuleConfig = r; }) [
routingPolicyRules = [
{
Family = "both";
SuppressPrefixLength = 0;

9
nixos/boxes/kelder/default.nix
View File

@@ -121,8 +121,7 @@ in
samba = {
enable = true;
enableNmbd = true;
shares = {
settings = {
storage = {
path = "/mnt/storage";
browseable = "yes";
@@ -131,6 +130,8 @@ in
"directory mask" = "0775";
};
};
nmbd.enable = true;
};
samba-wsdd.enable = true;
@@ -180,12 +181,10 @@ in
};
wireguardPeers = [
{
wireguardPeerConfig = {
PublicKey = "bP1XUNxp9i8NLOXhgPaIaRzRwi5APbam44/xjvYcyjU=";
Endpoint = "${allAssignments.estuary.internal.ipv4.address}:${toString lib.my.c.kelder.vpn.port}";
AllowedIPs = [ "0.0.0.0/0" ];
PersistentKeepalive = 25;
};
}
];
};
@@ -213,7 +212,7 @@ in
address = with assignments.estuary; [
(with ipv4; "${address}/${toString mask}")
];
routingPolicyRules = map (r: { routingPolicyRuleConfig = r; }) [
routingPolicyRules = [
{
Family = "both";
SuppressPrefixLength = 0;

4
nixos/boxes/tower/default.nix
View File

@@ -14,7 +14,7 @@
cpu = {
intel.updateMicrocode = true;
};
opengl.extraPackages = with pkgs; [
graphics.extraPackages = with pkgs; [
intel-media-driver
];
bluetooth.enable = true;
@@ -177,7 +177,7 @@
programs = {
fish = {
shellAbbrs = {
tsup = "doas tailscale up --login-server=https://ts.nul.ie --accept-routes";
tsup = "doas tailscale up --login-server=https://hs.nul.ie --accept-routes";
};
};
};

2
nixos/default.nix
View File

@@ -35,7 +35,7 @@ let
system = null;
# Put the inputs in specialArgs to avoid infinite recursion when modules try to do imports
specialArgs = { inherit inputs pkgsFlakes pkgsFlake allAssignments; inherit (cfg) systems; };
specialArgs = { inherit self inputs pkgsFlakes pkgsFlake allAssignments; inherit (cfg) systems; };
# `baseModules` informs the manual which modules to document
baseModules =

4
nixos/installer.nix
View File

@@ -61,8 +61,8 @@
};
networking = {
# Will be set dynamically
hostName = "";
# Will be set dynamically, but need something to satisfy `/etc/os-release` stuff
hostName = "installer";
useNetworkd = false;
};

39
nixos/modules/common.nix
View File

@@ -1,4 +1,4 @@
{ lib, pkgsFlake, pkgs, pkgs', inputs, config, ... }:
{ lib, pkgsFlake, pkgs, pkgs', self, inputs, config, ... }:
let
inherit (lib) mkIf mkDefault mkMerge;
inherit (lib.my) mkDefault';
@@ -12,7 +12,6 @@ in
inputs.impermanence.nixosModule
inputs.ragenix.nixosModules.age
inputs.sharry.nixosModules.default
inputs.attic.nixosModules.atticd
];
config = mkMerge [
@@ -41,6 +40,7 @@ in
nix = {
package = pkgs'.mine.nix;
channel.enable = false;
settings = with lib.my.c.nix; {
trusted-users = [ "@wheel" ];
experimental-features = [ "nix-command" "flakes" "ca-derivations" ];
@@ -127,6 +127,9 @@ in
};
};
environment.etc = {
"nixos/flake.nix".source = "/run/nixfiles/flake.nix";
};
environment.systemPackages = with pkgs; mkMerge [
[
bash-completion
@@ -142,7 +145,10 @@ in
fish.enable = mkDefault true;
# TODO: This is expecting to look up the channel for the database...
command-not-found.enable = mkDefault false;
vim.defaultEditor = true;
vim = {
enable = true;
defaultEditor = true;
};
};
services = {
@@ -209,14 +215,35 @@ in
# python.d plugin script does #!/usr/bin/env bash
path = with pkgs; [ bash ];
};
nixfiles-mutable = {
description = "Mutable nixfiles";
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
path = with pkgs; [ util-linux ];
script = ''
nixfilesDir="${self}"
mkdir -p /run/nixfiles{,/.rw,/.work}
mount -t overlay overlay -o lowerdir="$nixfilesDir",upperdir=/run/nixfiles/.rw,workdir=/run/nixfiles/.work /run/nixfiles
chmod -R u+w /run/nixfiles
'';
preStop = ''
umount /run/nixfiles
rm -rf /run/nixfiles
'';
wantedBy = [ "multi-user.target" ];
};
};
};
}
(mkIf config.services.kmscon.enable {
fonts.fonts = with pkgs; [
(nerdfonts.override {
fonts = [ "SourceCodePro" ];
})
nerd-fonts.sauce-code-pro
];
})
];

4
nixos/modules/gui.nix
View File

@@ -12,7 +12,7 @@ in
config = mkIf cfg.enable {
hardware = {
opengl.enable = mkDefault true;
graphics.enable = mkDefault true;
};
systemd = {
@@ -53,6 +53,8 @@ in
SUBSYSTEM=="usb", ATTR{idVendor}=="057e", MODE="0664", GROUP="wheel"
# FT
SUBSYSTEM=="usb", ATTR{idVendor}=="0403", MODE="0664", GROUP="wheel"
# /dev/player0
SUBSYSTEM=="usb", ATTR{idVendor}=="6969", MODE="0664", GROUP="wheel"
'';
};
};

2
nixos/modules/l2mesh.nix
View File

@@ -44,10 +44,8 @@ let
toString (mesh.baseMTU - overhead);
bridgeFDBs = mapAttrsToList (n: peer: {
bridgeFDBConfig = {
MACAddress = "00:00:00:00:00:00";
Destination = peer.addr;
};
}) otherPeers;
};
};

11
nixos/modules/netboot/default.nix
View File

@@ -5,10 +5,19 @@ let
cfg = config.my.netboot;
ipxe = pkgs.ipxe.overrideAttrs (o: rec {
version = "1.21.1-unstable-2024-06-27";
src = pkgs.fetchFromGitHub {
owner = "ipxe";
repo = "ipxe";
rev = "b66e27d9b29a172a097c737ab4d378d60fe01b05";
hash = "sha256-TKZ4WjNV2oZIYNefch7E7m1JpeoC/d7O1kofoNv8G40=";
};
});
tftpRoot = pkgs.linkFarm "tftp-root" [
{
name = "ipxe-x86_64.efi";
path = "${pkgs.ipxe}/ipxe.efi";
path = "${ipxe}/ipxe.efi";
}
];
menuFile = pkgs.runCommand "menu.ipxe" {

10
nixos/modules/nvme/default.nix
View File

@@ -5,7 +5,15 @@ let
cfg = config.my.nvme;
nvme-cli = pkgs.nvme-cli.override {
libnvme = pkgs.libnvme.overrideAttrs (o: {
libnvme = pkgs.libnvme.overrideAttrs (o: rec {
# TODO: Remove when 1.11.1 releases (see https://github.com/linux-nvme/libnvme/pull/914)
version = "1.11.1";
src = pkgs.fetchFromGitHub {
owner = "linux-nvme";
repo = "libnvme";
rev = "v${version}";
hash = "sha256-CEGr7PDOVRi210XvICH8iLYDKn8S9bGruBO4tycvsT8=";
};
patches = (if (o ? patches) then o.patches else [ ]) ++ [ ./libnvme-hostconf.patch ];
});
};

36
nixos/modules/tmproot.nix
View File

@@ -147,6 +147,15 @@ in
"/var/lib/systemd"
{ directory = "/root/.cache/nix"; mode = "0700"; }
# Including these unconditionally due to infinite recursion problems...
{
directory = "/etc/lvm/archive";
mode = "0700";
}
{
directory = "/etc/lvm/backup";
mode = "0700";
}
];
files = [
"/etc/machine-id"
@@ -260,18 +269,6 @@ in
my.tmproot.persistence.config.files =
concatMap (k: [ k.path "${k.path}.pub" ]) config.services.openssh.hostKeys;
})
(mkIf config.services.lvm.enable {
my.tmproot.persistence.config.directories = [
{
directory = "/etc/lvm/archive";
mode = "0700";
}
{
directory = "/etc/lvm/backup";
mode = "0700";
}
];
})
(mkIf (config.security.acme.certs != { }) {
my.tmproot.persistence.config.directories = [
{
@@ -539,6 +536,21 @@ in
}
];
})
(persistSimpleSvc "octoprint")
(mkIf (config.services.borgbackup.jobs != { }) {
my.tmproot.persistence.config.directories = [
"/var/lib/borgbackup"
"/var/cache/borgbackup"
];
services.borgbackup.package = pkgs.borgbackup.overrideAttrs (o: {
makeWrapperArgs = o.makeWrapperArgs ++ [
"--set-default BORG_BASE_DIR /var/lib/borgbackup"
"--set-default BORG_CONFIG_DIR /var/lib/borgbackup/config"
"--set-default BORG_CACHE_DIR /var/cache/borgbackup"
];
});
})
]))
]);

4
nixos/modules/user.nix
View File

@@ -82,6 +82,10 @@ in
# NOTE: As the "outermost" module is still being evaluated in NixOS land, special params (e.g. pkgs) won't be
# passed to it
home-manager.users.${user'.name} = mkAliasDefinitions options.my.user.homeConfig;
systemd.services.nixfiles-mutable.script = ''
chown -R ${user'.name} /run/nixfiles
'';
}
(mkIf (cfg.passwordSecret != null) {
my = {

1
pkgs/default.nix
View File

@@ -8,7 +8,6 @@ in
vfio-pci-bind = callPackage ./vfio-pci-bind.nix { };
librespeed-go = callPackage ./librespeed-go.nix { };
# modrinth-app = callPackage ./modrinth-app { };
glfw-minecraft = callPackage ./glfw-minecraft { };
chocolate-doom2xx = callPackage ./chocolate-doom2xx { };
windowtolayer = callPackage ./windowtolayer.nix { };
swaylock-plugin = callPackage ./swaylock-plugin.nix { };

6
pkgs/glfw-minecraft/default.nix
View File

@@ -1,6 +0,0 @@
{ lib, glfw-wayland-minecraft, ... }:
glfw-wayland-minecraft.overrideAttrs (o: {
patches = [
./suppress-wayland-errors.patch
];
})

43
pkgs/glfw-minecraft/suppress-wayland-errors.patch
View File

@@ -1,43 +0,0 @@
diff --git a/src/wl_window.c b/src/wl_window.c
index 7c509896..db9a6451 100644
--- a/src/wl_window.c
+++ b/src/wl_window.c
@@ -2115,25 +2115,21 @@ void _glfwSetWindowTitleWayland(_GLFWwindow* window, const char* title)
void _glfwSetWindowIconWayland(_GLFWwindow* window,
int count, const GLFWimage* images)
{
- _glfwInputError(GLFW_FEATURE_UNAVAILABLE,
- "Wayland: The platform does not support setting the window icon");
+ fprintf(stderr, "!!! Ignoring Error: Wayland: The platform does not support setting the window icon\n");
}
void _glfwGetWindowPosWayland(_GLFWwindow* window, int* xpos, int* ypos)
{
// A Wayland client is not aware of its position, so just warn and leave it
// as (0, 0)
-
- _glfwInputError(GLFW_FEATURE_UNAVAILABLE,
- "Wayland: The platform does not provide the window position");
+ fprintf(stderr, "!!! Ignoring Error: Wayland: The platform does not provide the window position\n");
}
void _glfwSetWindowPosWayland(_GLFWwindow* window, int xpos, int ypos)
{
// A Wayland client can not set its position, so just warn
- _glfwInputError(GLFW_FEATURE_UNAVAILABLE,
- "Wayland: The platform does not support setting the window position");
+ fprintf(stderr, "!!! Ignoring Error: Wayland: The platform does not support setting the window position\n");
}
void _glfwGetWindowSizeWayland(_GLFWwindow* window, int* width, int* height)
@@ -2359,8 +2355,7 @@ void _glfwRequestWindowAttentionWayland(_GLFWwindow* window)
void _glfwFocusWindowWayland(_GLFWwindow* window)
{
- _glfwInputError(GLFW_FEATURE_UNAVAILABLE,
- "Wayland: The platform does not support setting the input focus");
+ fprintf(stderr, "!!! Ignoring Error: Wayland: The platform does not support setting the input focus\n");
}
void _glfwSetWindowMonitorWayland(_GLFWwindow* window,

16
secrets/chatterbox/syncv3.env.age
View File

@@ -1,16 +0,0 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpCM2U2USBQMEJB
VVhIL2ViVUx1Ym9IbFV1UW52NjZYMmJlYmpjY0RuMzhiclJVS0ZnCkY5dEZHTHlC
K29uamorWWNJSVV0VlVJNG1VNm9GQ3VPdldJRDNSODVoOVUKLT4gWDI1NTE5IEM0
UVQvLzFYRTRRMldWSnNnd3V3aXJTeS8vZ1hkdENYVHk1QVVaQVEyQnMKVmN4OUFH
WCtVSW9tREV5RExycnFJejk5UW91dzd5Rm8vcFBTT0ZCdytFWQotPiBCPC0lLTJW
LS1ncmVhc2UgRSBjOlg5a0pdQSBSb2YKN0pkalY4VlFDMm8vZzJpQUV4TmdSRHA2
dnB4UzJaWTRXeDdmKzFrUGVMSEFlbFhlNFFycFRQU005d1I2Si9VUQpHbDVxcGxn
SVdjZzduSGluYlZnY3lmZmtnOWJYKzkydDhKU0VCNmNvV0EKLS0tIGdaUkpGNy9P
Y3BGVGVJenJkTG51c3Z3WFU0eTFXT09pSVFseGRLMmxJVU0KhH9EjbL0zv821Yox
FXc54SXGEkq97qPi3xIoPydWd3FbIuftAhe0xPFGfUOO5/zDni4h+PoNJs2hnkOK
kHhxtaOj1S6RulI/eYLK/fJjl2aRrTaRFN0TGhFwz5X8HOQe2+Qrq/9wT7pyzOFU
LsMwe71OhTjA5XrBTawU9QkWjPx2LZyb/WEkzlLOCGoHTUm4X03xY/1UeHVYZt2k
wbLses0JHK1h2ttWnO5y68LovZWJqFdIjoCCkgfo0nNUD5i+e51xEju9OBJMngj+
LnPb6YCqFh4Fxy09WORD0A==
-----END AGE ENCRYPTED FILE-----

21
secrets/middleman/htpasswd.age
View File

@@ -1,12 +1,13 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFZGY3c1ZyB1YlJt
UDI5MStrbTBGNzZhMTdvTm5wczBRdXd1dlFSYitOTmpMcytXdHlBCkR5aHpSSWRJ
OWp2RzlNZFRFUkxoOTZzcTQ1VDVuYmxKbTQrS29pR1gyb28KLT4gWDI1NTE5IDVz
aEJyU3R0Z0Njd283QjVJK1gvRUxFVllYdStEbElPSG9yNmc2TnZaemsKaVFNOEd5
L3hNVlFSUGhoMUxPSE5tK0JUU1FnMGtRNXkvODl0bmNiY0F5RQotPiBwdiR3UD8t
Z3JlYXNlIGpBbSNeVSBMYVogdFxFZicgTiNDOgpJQnNyMFEKLS0tIEdDZ3oxbDZ0
VkxETUVnSHRuTDFjTGVYSE9jcWhWT2RCOExDeitKcmZ4TXMKyClXNLb/8j0JtKrc
OQ2Fd4Ej16Pe8aEfHmwd1VT/XKyE9bOYE4tY5wAhGYLbO6A3SxzeKlZPvfKA4/el
dCh8mOBvBMV9m/RYvjux7mCQNzXiq38IVYE+BqD9fJIXw2iGMDwpYOmz2J+41CMd
EiuA1Ms2OlELFw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFZGY3c1ZyBRQlp2
ajRjbFlJcnYxY1ViYmxLS0hWcTIzdTM4aXpzRkNER3NDVEp1UkdnCkNkQUkzWlZh
Qy9RdmIrdEtRZk5aNDI2ajVCNDZvQ3VCcGpha1QwUHMxamcKLT4gWDI1NTE5IHc5
bzhCNVFvalpaa3Frc0U3UE5GT0V3Y0MySGdBeHNTdzBNMWJtTnNmeDAKOS9KTSs1
eitCUHNlSnBMSWVkOEdaSEt4MFRoTTVsVldnNnoyNk5hRStORQotPiBzZzNrSyVj
LWdyZWFzZSBgTiBxXlosJTYlYiBBYyZVIy03Cm96UFpTSGR1S25UVzExTnZNRFdB
L0UzR1FKSzA5VXYva1EKLS0tIEM1QXFXcFJPUEJRTmJVK25jNFM2eUkzd3VSaVpJ
MW0wTTlDZGFmMFhBMVEKRHzl+MWwD1N16bywVC9LFKmLTJeTVLww0pa20th9HEhE
AePSzNsp2xUhESxBDmQDjS3E+s88oCd0D8y3pFmV4Nmf2yPNxbMu8gPVvNmhLAFA
UR6aTjnfUFJpIXQgPgTncT99kF1YPgF0/X5hqe1DjZneRRTLgPp83me2cF43RDqf
C4QhJWaqKf8ofqNKfqxvmcKmXNhJG1KEokMyKqPzaw==
-----END AGE ENCRYPTED FILE-----

12
secrets/nix-cache.key.age Normal file
View File

@@ -0,0 +1,12 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGhrYnR2ZyBpdExl
TlRVTE44RlA1NVhHWGZoQWc0bWpCOHFySytnVmJsZlE4SXFQVnp3CjRoSXE4WWhr
N1djTEtqNDFZdTJUcFVOc3RKUlpndHFBMFNQMnFBdVBpbzQKLT4gWDI1NTE5IEFV
eHlMUTJlL3Bad1gxTFpJaTFONEkrc2dNUk55dVJqYmNubXNUcGtDRTQKRzRmWTVp
L3FuaTg2UXpQbVdzTzk5R09VZzVTZzJHM010MUpadEZzU2d6SQotPiAuOlBBNGEt
Z3JlYXNlIEI3VmMzNCQKUzFLS2NBeVloTnNvMTE2QgotLS0gY1ZuZFdnTmMzOUc0
TzQyU3RSREE1a3RXZkJ1dXFmc0FqT0dKNVNoUklEUQoXL7+OqcAg1iXZUO1Hhh9T
BD7Yk9PKVyq7KGDeXMo4HtYll8sWig14PmR7+XOr9Al/1w1WYOD5AAtIkk3G7veq
TtWlJ76Lu9GZpaNR/47d/z0AzFbBBmu9F+WVWBiZqFEx7m4ZlvyiKgZK6E9IyioK
8lT5QYaw8WhXcHPoE8a+DOnd9mY93D8MV0ob
-----END AGE ENCRYPTED FILE-----

13
secrets/qclk/wg.key.age Normal file
View File

@@ -0,0 +1,13 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpiTEpXQSBPQjFB
R3p6OGZYOTlZcHV0djlnY2tPTVk2SDNaazM2Nm0vMytSTWJ0THo4CnNSUW4zR2Vo
V3hsVVFIOEhRM1ZpSnVmcmd6WFhKdGVNQk9IYlRoZFBGUjgKLT4gWDI1NTE5IDJs
NzlrMXQ5Ty9sdTkwNFpUVnp5MWlucUJLZWtWbGpMd1NTZm1UendPa0EKeWVTa2p6
ejROR29UYU5GcWlxb1hjWnV6V1BOK29pL2pZRFVUZkU5NU9EUQotPiBfPk5oe0Fq
LWdyZWFzZSA2Jy1xCnhpYThsOVlMWTZEWVFYemlvQ1lKZlVnc0xnT29WVEtXUHF1
SDJ1TmJ0Qmg0R1o2UTBFanAwcXVpbGtKR21UbXoKYVNUTXVweDhQUmU2TzFOc1M4
Z3d6YjdIT29meHVUU0tTV2NnSkljcgotLS0gRFRZNlc3cmRVS25wU0ZZeEpKNmZS
Q1YxQkcyOGRDQ0VMSC9Ec2xka2NMOAppbDQ9/xJxLUc0OuOFq4b6r+fYCB4hm4ZB
aEF8B3csbjrIHoboxCNaYGNh1DibseZaaWygsDfMbAmbRw2xvBNgI/oq2/RjSda9
dZm+1A==
-----END AGE ENCRYPTED FILE-----

26
secrets/tailscale-auth.key.age
View File

@@ -1,16 +1,14 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IERMTWVGZyB4Y2th
ZnZhNE42ZjJSWGx2OWQyY3lxeGc4eDdReHl1bDFXSGVnR2Q4TFhFCnRGLzJpWDVT
NmN3bElxZmpYMEhPQnBtODYyTHJPTmFpaVppL1JkODFRVVEKLT4gc3NoLWVkMjU1
MTkgT0VxTXNnIGlyMmlTV1Fvd3lXNFI1ZHdGNnk0R0RCN2ZOV3ExZHFLd2k3QnUr
T2hyUTgKMzhlZEZ2alVnM1RHWW1xUE1FQXJlQjc0S0EyYmxscURKQWtybEFWdTA4
TQotPiBYMjU1MTkgVDVkYmwzQTg0TDNnNVloeEtuS2R6OW42MFBNSys3bzVuSHY3
OHpIMi9UNAplbmE3MTZCQ3U2VHVLL1ZQSkd4YnM4a0xnSmpuRnFxcUlnT1lESDMr
MDU0Ci0+ICZUZShrPi1ncmVhc2UgSjIxRCA/U34Kd1ZFb1ZPTFJVeWs2bk1Tbktn
aW1mUXRIWkthb0JFcnlCdHRmRFZ6Zm9CbnNtWmNZUytoR2w5M28xMUViamNtQQpO
b2poelZ6cjY5ZUZjSnBJem1zeGlSQmUrQ1dUNyt6Mm5aZzNiSkt4S2tuT0JTdWRx
ZGJvQ1gwR0h5QWtpRUlPClRCSQotLS0gT1BLSmFaRS84V1BKNVMrSG9rMUZMZWZY
SlUvWnozb21JZmtPQkJVc1VTQQpuOl0YXqAckAY7DmUrZGjzFg1m6zmNKE2KBcin
sd/Dn+pZpkPk/OID6XwCRTDJB6saD5mLMPooKAYYz0oEy1UA9z+S/Xn1E4X1yktV
FQDy0wQ=
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IERMTWVGZyByYlJn
aERLcEhadS9jVUlyUmgxWEk5K0U2cE9WUlhCc0ZXbzhDRnZLTERvCmo2Vy9XeFhq
NTcwdG5PZjlDb1JIM3BYWEVzMlBFWHFmRWt2dkF2OEQ2TDQKLT4gc3NoLWVkMjU1
MTkgT0VxTXNnIHROaUlGUExERTZFaU5QL3dBcFpQVWNobGQwSEZ1YTU3NXJkekRi
c0RUMGsKUHg4V0hIdFJ0aGxwOTFhaVB6MUdVWE0wUFgrMjI2am5uZlhWL09ObjhB
VQotPiBYMjU1MTkgTWwyQjZjcUFYQ01KUHpoajRrVkpZd0czSzVrMTZxdjVHaHRh
bERCSjBqSQpYOXJibDZPM2Z6bkNCSGpMRExZT21UTzU0N0RiT2FNM0l3N1pnRkl6
WUJBCi0+IE0qLWdyZWFzZSB6TDVwIGRiQm0gajFFIEVqUXcKU3pEOFBqRVQ0dDZi
REszS1h0T2FnOFF6cHBrN2xtOHdEQkIrCi0tLSBTM3EwNHhDaEo1eldDOTN5dzQz
Q3Rpeno1K25KRU15L01wU21tczNmdlVJCqHBdFLovtLJGH9IY86pvc3xhpoLnfI/
OVAF5RdpR9T2oNCr3oAiVURkPocYXLHnbjZhLKoj3uDoSZAE52VN9l05jhyX1wwY
/Vfnp48kP8xfbQ==
-----END AGE ENCRYPTED FILE-----

137
secrets/user-passwd.txt.age
View File

@@ -1,69 +1,72 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IERMTWVGZyBnQUpP
cDBxeFZBWmVlclJZdkRWOHhnK29DRzBHQ2I1ekJGeDk3WlZpenc0CmhLMVcwbGFH
YzBHY1BEb2ZHK0FtZHEyUmw1UFVSaEsyMnR5cVUrZ1pWZXMKLT4gc3NoLWVkMjU1
MTkgM2JCM1pnIGVuVWVnYmFmWUt4bjlwNU5oVXcvTTJZTllMTk1yQTU4YTVjYlVl
dHh1WG8KdXBPeWdpNlYrUkJXeGVpTXlqWWhlTlJBQVduR3JhSDRqWmJuSkRjNDl2
VQotPiBzc2gtZWQyNTUxOSBxKzBYY3cgSzFXb0g2cUxGbUxxa291cVUvK01ZRUF2
QW5iZDA0MG9ORXlSNVBheDZtbwoyWlhIUHo0TDJWeTNOdzUzVTI3QVZVY0pEczZQ
MXE0OVpNSktkTExWcHowCi0+IHNzaC1lZDI1NTE5IFpCM2U2USAwMkg3cmZQcTdD
WnhPbjlmU2M3RnU5MHE4NERBUDNzVVB2Q29OeG1iR1dNCnVna1VRVTdxMHgxczk4
aGdiZ1VhWlNsVGhrc2ZXdFNzVU92T1dxbW4rK3MKLT4gc3NoLWVkMjU1MTkgajY3
RlhRIFFocTlvTTlJbXdKZkdqd2NlRHM3b0E0TFozTXBkWlBXa1JYWWhmM3Q4d1kK
YitLd00xUGJReElHNm9DMFhmUGh2WFF3WDJGYW1ueXlpcEQyVWhqZUduYwotPiBz
c2gtZWQyNTUxOSBjMFROYVEgRHhtOU1iWTduQVdjRCtRNWRMMU14a3p4V2gvek9s
M202c2NoU0Q5ZTVIOAp5UEt0MnZ1VTZ0anVUeldSV1lBVHZvQU1CRUsrV0pHRjlw
enJFdEVPR0tzCi0+IHNzaC1lZDI1NTE5IG44Q3BVdyAzcWk4bnozcTN0eFgwYlQr
dzRHekdmTlM4Wkdyd1p4Ujh4WnhJVnh5bEJVCkRnd0xlWkdXNE9BN0x0MjZyMDhM
YlU2OVNzTnZvZGhjSE1uMWlkMUo0T2MKLT4gc3NoLWVkMjU1MTkgakk4UkFnIDFa
QlhjWm9tZ05oYmNuanRvTkVOSUVJa09xUVFaeE41WDVRZlE3SHFZU3MKYWtkcEFP
bkMyMytEcnVjOHZ0SVJaT3lhQmZ0amxXVVV5Qy9NTml4TWNWQQotPiBzc2gtZWQy
NTUxOSBoTWE0bncgMGhKOHJCQTBsNng1U0FZbjVDZWUrVzFPQmJGUEhqTlJLS0Zn
NEdPYW9TQQpCUytPOUZ6ZkhUcCtHTHQ2WmJqWjQ5MWFuaGFPRVg0SktPVGlEUEha
Q2JNCi0+IHNzaC1lZDI1NTE5IGV5cTNkZyBrTXFLcU1oQnBtZjFuV3Q1VkpLcEt5
aDBmY0pGb0FNMG9Sek5lTUhTWkdzCmtGanpyWXJNZDJqVjdEd1dHQk1Qc1Qyd3d4
VTJKZHhpb2xzc1NYdjZoL1kKLT4gc3NoLWVkMjU1MTkgN1dROVBBIGs2ajVzVHE4
U2Z4TmdYQTFGL0RCL0YvNnNmTEdJNEkwTXQzR3JxbWlTVzQKUzl5aVlJTHRUbEpi
MEFKdmNSWWpHQUl3U01QaXgrUm1rTVNKL3JRSnYyRQotPiBzc2gtZWQyNTUxOSBn
U3hQMFEgdXAzU0NRU2J0WlJCRDFha3U3UXAreDFKb2gvVk5sTWt2L3RiWW1xUUps
QQpvemtsNGVDUStHTnRlVVV1dHBUNys4Mm9tVlUxdG9CejkxQ3FXeEVPcWc0Ci0+
IHNzaC1lZDI1NTE5IFZGY3c1ZyByQXlBUFhKT1VqUWhlcnVUak5VZVB4VnlXeHQ1
ZG9iS2tHOW9iblBnTmdJCmhJU2RSU200MEJWaDF6bnU2NktZK3ZPNFVKS1hIejBq
WW42L0Zqb1hzMjAKLT4gc3NoLWVkMjU1MTkgaGtidHZnIGpVM3h2SjJNSTNPWUFw
VFVqOHRjUm81RGRNQUNsU1NOcXZGaDMyMUp1bTAKQjIzY3lxeWxodWtxbDNyamkv
Y1hjcTc2NDNyMEMxNkkxUHluaGx3YWppUQotPiBzc2gtZWQyNTUxOSBldDJ6cFEg
ZEZYQVN4TFkvQlBwSTVzNS9RVER3Wjk4NnZFa3J0OGFhQnNSMUcvUkZVbwppR3BM
UGNoWFQza0RYQVZOcE5Ea21tYTJpMFp6UUVoMFh3Ym14dGJUUldFCi0+IHNzaC1l
ZDI1NTE5IFpOcUlvZyBXSEhQNXRMaVBsMi9QUnZBUVNWU1RjdkRjSEF1ZGtVa1hM
RnVocFRqeTNBCmVGWDhndHZ6VGFXZW1BR0VKQ0dPYXVQc0RBbmJtaFl6RlEzWDhI
VmxWUjQKLT4gc3NoLWVkMjU1MTkgcUxqcXlRIFZSYkNlNDRTa0lwbGE3MXRZeWo0
UDJnSGJDRDR3bkFPWEE1cTNwN0hPbncKU2grdG92aG5NRk9zTzd4RTAzVEo1NmlQ
dE9JdXVCa3luUWtTNXhlUjhBYwotPiBzc2gtZWQyNTUxOSBCYVFsUmcgaHREazZj
SmVubFlQS01WeTJ0N1NLWjBYMlFVUms1djg4Z0c5ZWQrdFJRRQpLYjhuOFVBamJR
MlVkTGxTMFl4YWloZDc1bTJqL2hOVG9VME5SdU51R0JrCi0+IHNzaC1lZDI1NTE5
IHMrcVJmZyBwL3NwQjhHT2JzalVCMnVjQ1RCVXdmZkVEK1hka2U1V2VSMFhqeStM
OG5vClNiVVpUQ3NpWjhLNkQxUEVxWlpEVllST2RCamFTU1R3SXdnSWEzZHJucUkK
LT4gc3NoLWVkMjU1MTkgNjJKY2NBIG5iUTE4MjlTT2VoUXBuTkZPVXhHMVJVck1N
SmNGdmJvOUFwL0dpZTRoVG8KbVMveEg2aG02V0ZDdGlpMlptYUY4TjM2S2RPVGFN
Rnd5ai9zZXBxQXBJYwotPiBzc2gtZWQyNTUxOSAvaHgvZEEgQjNGMWUrMm9ZMHBT
ZDlFVVpLNm5lQVpaSy9WVlMrUGVDS2IvSmdWbHN3UQpscXFvZnVUVXRISHBKMjBP
dGVyOU4xV3d6dFhQZGJOY0E2NnhFSjduaUVFCi0+IHNzaC1lZDI1NTE5IFd6TEdI
QSBMa2k0V3ZvZ01oVmdBd0RlZ0NNSWYzZjI1disyL21lelFxdWE4UzJqTzBRCkll
VHBvZFB2T0pFRWlsOVdpQ3ZQTnZEaW4rUzlWQWp1aTJwSzgrcEc0bnMKLT4gc3No
LWVkMjU1MTkgSEovSjdBIE5YVC84RG5wT0pHb3E1YUJaTS84VzVrNlNWSVdSd1ZJ
Y1FEbUlGV3NqMjgKYThMSHdzQkZxSWlLS3NnM25uVXRnMGN6MEdheHFNN1liV0lZ
bk1JTmtVdwotPiBzc2gtZWQyNTUxOSBPRXFNc2cgSkx3QlNMTUFLQThDRkdweWxX
eEhLNHRheGZycFdIWXRjLzNSZmFOTUZqVQpKYS9FSS9FQkdheGQ2OVpaT1Y2MGRG
Y1l5OXJZWnRETkowM3dzNDYrQUVRCi0+IHNzaC1lZDI1NTE5IC9FSlh2ZyBHeTI5
cmowT2xDU2EyNjV1djEyOXM1b1Myd2RCbmU2YjJ5ZFNKVk1UYkR3Ck9ad1RReFNM
U3JWSTdKV2FLbVIzaGIzR1BDN09UME83aGxsUkxpOU1PbE0KLT4gWDI1NTE5IG9z
VHgwWXhINTZndXpTSXdGMmdkdFpPRy8rQlJZUldDeFBVcUNvbUQrMm8KUytDdm5z
bTJTUnFwQnVkWXRrNkIrVnp4OTdZMUJqMkNnVVdGS0tJMjJiawotPiAoRCciTWs7
LWdyZWFzZSBHPWFYZC1lCjNiejRKNTB1cUlzc1FtanlLQ1AwNmhUTkNuZHptLzBK
My9FZi9uVUd0ZlR1d04zS3BjVFJHZDR1cmNmNWx0YjcKQmdLbk16UW9DRE12UnVy
Y2twSS8KLS0tIDhENUJrVVQ2RWR0MTlhbksxODZYUWpnZFJJTTFWcnpoenEzVVpJ
SDlJTkUKjRfkdYqpB50PeibFrP5Xl930/HjYfKNpFGS7n2i8dwtVC/hFem8GshQJ
NwgE1/GIPq5gKVRKaVYLaQIKCrRZl9+SDTPQB4HcKKxOD/gW0cshXyjIqiY30keZ
ThF1h3sZbOkyGwNg/RGUFihEy+dZ7o/rpDKMAVkPzSFEN0fnS5N9GpJkuTIH074w
dA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IERMTWVGZyBVUDR4
Um1XS00yUDFIRnYyZzg2KzYzanBIMWFNTmV1MVF6ei8rZDBiTXowCnBBRFEyQU14
ZU5MdSt0NnRJdUMyMyt6dVlOWHBqUnkvRWNmMjNRUENKeTgKLT4gc3NoLWVkMjU1
MTkgM2JCM1pnIHFyc2laWnBTQU0rcThOamJTcEtlUGNsSW8reTc2eTJjbVBkZlJu
cXEzbUUKcmFrTEVjaXY2a0lJNEtCWXNjTUsxNENkSWZmZUJhRm5ydWZ6WlJ1aDdR
RQotPiBzc2gtZWQyNTUxOSBxKzBYY3cgRVBuOEJ4K0NRVjdLdFhIU2Y3ZGQwL3F4
clFjMVNsOWNvTU8wVlRoNG5CZwpycFRlMzFjZ0drN0t5QXpoMkJ4aERMYkxVSFhU
STJTdUNzeWtkUmFMTHVBCi0+IHNzaC1lZDI1NTE5IFpCM2U2USBBRUhnNlNzbDVX
Q1ArRENrZzBrNkhhSUd5dEZnM2oxRUtmYWx2L1NtbG53ClZIalNsaUNBUUtKWGpT
dTM3VExldm0xRXJoSWZ0SU4vdWk5SDlZTEFPczQKLT4gc3NoLWVkMjU1MTkgajY3
RlhRIGR0VkhtNWxCK2xSYUNlS2hhdzRldEVZRDQwNmVnN0dtRTdOamFSM1Jqek0K
YS9uWGMyY3JzeUZCWkhLTzk4d1dxT0NkbEQ3UnlWOStCdUh0bkg3K2N3TQotPiBz
c2gtZWQyNTUxOSBjMFROYVEgYXJhZUdOeEphOGxkMTZmamJxdmMrTElkYkFScVA3
alExSC9TVTJzeUFqNApsZXo1cC9wdnp3Zml4bG52ekFHMEUyU29acFFJeU1VN3Mr
ZlorWC9VWDZzCi0+IHNzaC1lZDI1NTE5IG44Q3BVdyBTenhVdjNncGxudDJ2Y3lw
K0JIOFJDd2VVQzFkWGc1STROdFZqbnUrYlJnCk5MTWxRYVRPcUFjMmdySEJ5Rndy
TzdnNGErNnBRa1dTSFVFekxQUitOYTAKLT4gc3NoLWVkMjU1MTkgakk4UkFnIGtL
c1psRWRRN1hNZUNiVHFmR3JGVm1jUWJtdm91ZVR6M01zNmhGdW9pRTAKNGpwek8w
QkRnSkZXUjhEMEpPaUdkeGwxZDRGbTRSMjg1Z1pMdEVSaTJEdwotPiBzc2gtZWQy
NTUxOSBoTWE0bncgYmRqR1FRaDdQQ09ZZHQwWmQxVUJ2QWdLYjdoRlNLU09GYUNi
ajJhMWx5QQo3ZWFNWjMvTzNxSXJjeTY5cTNMWmk0K0IzZ053Mmd6T1hhaVFTVVBj
NHBrCi0+IHNzaC1lZDI1NTE5IGV5cTNkZyBXbUdJKzdMZDF1NW1pTi94aUtjNGpo
aGVLbno0RzE1MXlURTJJQ3hRb1dVClg5K2FwRHBvcXIwVUl1U21GSnJsSmJmMGZN
cmdBcmRiRERzcjJmZzV4Q2sKLT4gc3NoLWVkMjU1MTkgN1dROVBBIEIrays1YUJN
TkRMS01oVzQyZEJuSjFPTTV4YkZSMDdTV0UvZE4rZ1U3SFEKWEZSL0g0dmFnelJC
S3VGZDlaTHhJQ3NaaEc2aUsvRmdKdjRNZ1VXMExmQQotPiBzc2gtZWQyNTUxOSBn
U3hQMFEgODNUUEg4M0hLL3RSUXk4M3dGV0tZNjJXQWxabmxLanF0Slc0WWMyUkNo
bwpCMGlaZDdodk4zeDROczVFc0FxM25qMFdicWZZSVpjb2tiT081bUVUTGFzCi0+
IHNzaC1lZDI1NTE5IFZGY3c1ZyBKanVnSDI0bUhvS3RVbzdSc0s2TmQzSVdEczRF
eU1CazZPM094eEt1ZGp3Cm1HWGluLzhoRUtNRDZOcVJDVUR1R3dneHNHa1M1VGpH
YWF3TDQ5cS9saFUKLT4gc3NoLWVkMjU1MTkgaGtidHZnIHJLN2dJQnA4eGo5SnU3
SkttSlM2YXNERXJOYjc1Tlo4NnhFakdYT0dqUWMKQllrZm83NHJrYmtWaytCc1VI
aVhESUtYeHpoT0JmdStSRURMZ0JldlQwYwotPiBzc2gtZWQyNTUxOSBldDJ6cFEg
d3NnSXpMRzU0QjBBL0c4SGw5Znl6d3hRdWxvbHdXZCtIeVdnU1F6MFVVQQpiQjVX
TSsycGZqMVNWajZHcFkyN2JwY2RqcGRlNitRWXgxWnN5TzlpU1lRCi0+IHNzaC1l
ZDI1NTE5IFpiTEpXQSB3VmFwR2ZqR2p4OXlpSnQrbExqTktkaEJ4emxLM2ZZbGdx
U0drOWtxUGprClgyYnd1M1NQem1rZkxwUk5tVXBLNGVDMFVjNjc5Lys4N0RsajZN
eG9LeEEKLT4gc3NoLWVkMjU1MTkgWk5xSW9nIFl3QUlPNnVHNXNwQ2sxRUEycFda
TkJsUmx0dCtRdnRVRVAzY3pPbm1LM0EKbVZDMHBSOFBiMFVQbkxHOGpkQjhrbDRJ
YUN0M2JPOW1PbjVtQURaUnVFbwotPiBzc2gtZWQyNTUxOSBxTGpxeVEgUXc5TUxn
YXk2ai9EbHdVeFVsUk96bHZIRFdlcDFqYkxLQ3FJaFBQVG93bwpTSFJ5dmJiN2tt
TVlLUlBhb3VmSG8zVHNYdC9HVjcwN3JUVVVWN3BFUkhvCi0+IHNzaC1lZDI1NTE5
IEJhUWxSZyAxYkNsekljV0s1ZWR2eVZnSk9Oc2QvWjE2a2dMaldDYzJRU0FWUVE0
Z0FvCnk5UlhrT0ZaK3FXTThVY0RKZlE0d0FTajJLRCtSNWdvWjd5V3hZNEg4dUkK
LT4gc3NoLWVkMjU1MTkgcytxUmZnIHA5cGpXWlMvTlVreDNremhCa1FDUlFVYk45
OHhjaUhYTWZVa3dySzNLeW8KNXZnZzFPNC8zMExuMG4yUTJFMDgxTFdGdDZ6VVl1
WEFGUC9zNVgrd2RRdwotPiBzc2gtZWQyNTUxOSA2MkpjY0EgMG51elJWRWRDNzRM
SERza2RiNFBoOHc1eCt0SWtmUy90dGl0VEd6QTJENApodnNBM1FkUlZ2ZjB6b1Np
QWNXdjVoNFlsa0NOQWp6TUw2TVQrU3VNRlVZCi0+IHNzaC1lZDI1NTE5IC9oeC9k
QSBxdlhXM3Rqb3J4YjVDUzdhUUVYQlFvSTJjZXA5MHBYY0NXWVR0VzllR2hzCkU2
K2xCY2tGeEJjK1dMYkhCZ29pR3EzYndWUXF4bWorNC83d1E3U3luMFUKLT4gc3No
LWVkMjU1MTkgV3pMR0hBIGg1MjIydFM3YlM3aWVFR0h4TytwRWxYWTVkTXN4VkdW
TnJ0bXQ0WTduQUEKemtad2lsTTlPUEtUaVpFLzNPVFhqd3VpeWJWbDFyayt2VVhy
Q0FSb01rRQotPiBzc2gtZWQyNTUxOSBISi9KN0EgTkdKZUx2U1NTODZzTlpJb2xT
VFptQ3hWOS9BMCsyZXdsM3ErMXhtaHlFQQoyUnp3RW81VUh6OVRQcGhJOXYxNXRR
NHNGT3ZIU2ZQb2c5aEg0UmhRcG13Ci0+IHNzaC1lZDI1NTE5IE9FcU1zZyBLMi9r
bmFyTnBCU1lsdUpDWTJsd3ltRzAxZmw5eDNqVUtjMkR0OGF1dVRjCndrNmVHcmYy
c0lQOFM5SjBjN1ZqZXk1Vkk3RzA0b3JtaWZrdDBmdmFrYXcKLT4gc3NoLWVkMjU1
MTkgL0VKWHZnIEV6eVNrNEZvVWhPMXppeFpmSEt1Y2NqcmtUOXAxQ1lOWVdtcnlm
R3B3VFEKVXJJRWlmOFVHZ3hyWWhLZE03VlNlM0M4ejFDYjM1b1c0YWhMMVcrRXlH
bwotPiBYMjU1MTkgUkRPY2JrSGZYeGNVWldVbTAzbkdtbHdUS1hoZXg2R2JEOGtC
ckZSOWV3TQpGejNQOUlxb05oWE9hRWdjbzI2a0NKVkpHMG1PMWlMWVZpYkVQNlpx
c2xRCi0+ICwlLDsrbWYtZ3JlYXNlIE8mcz1jaywgeiJbOE9FeyAjXFl4Ugo1c2VM
THdsOFlhODVMV3JsYzY3QU5Hb1BJTHBWNFEvalRHN3lXQlBBZFVvQXRIdXpXYVpU
b0NLRG40WWhMQ2hDCnZyS1d6SGxGekIzWUs2Uk5XSFRscTIrTTEwNzJKMExGcG5m
UWR0MWtBNnk4bDBYYStVQzFwZDlWRzRDNXJVZm0KajVrCi0tLSBkQ044Z3A5R0dt
S0htaUZaSzdPOTNCcXZrSWFVVHlTZk0zejBuT21yQzFBCo6rc9fznstf3eXBRUA8
73MZAYqSnJ5wVMrYrwGfT9lXvKbHCOvkgjUI6Ieo0nuw+aZpXoV3t9HfZv62UEll
ZZVu+ieRCZqOOqZKKZ3TCP24vdXun8Tu+3YK8fyn88QSRH/0ZMnqI9FXbtsUhsF8
2o7m7Fn48B0nVKy16HZyBsksknAuZCkfS/JOkgI=
-----END AGE ENCRYPTED FILE-----

12
secrets/whale2/enshrouded.env.age Normal file
View File

@@ -0,0 +1,12 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IC9FSlh2ZyBQc3dL
bkttTXJPWnZzYVJ6OUc2cjJvZWJLWHk2QXYvRU9TL3RBTmFmQ1dNClRtaUwvcDJa
c3h6eXpPR3dKSVZDVHJzNjR4b0Y5K3Zadk5vTkZiZS9RYkEKLT4gWDI1NTE5IE9R
Y0g2bEJsNmdLaVJteDJaakFMZEdxRU55N2pNbzhkakxuRVFmdVN0ajQKZXZrRHdu
WFFwMUFkUmJQbm9ONlFRWGdMWmtsWHlOaWVjMGtMdVM1YmdoUQotPiAwIm5PWS1n
cmVhc2UgUUosbyl4CkFIWDA4L3YwOFBYVUFMZnB6U3VkNFJQVFlEMThVeTV4bHlu
QmF2TFBobmtJS1hERUtSZld2UEZyb29nNEdGdWEKenliMmhQL1VrY2dFS3VzSEZB
dm1jT2xOQkxnbCtBV21WT3ZMVjl0WEpPWQotLS0gckNCZEp3VU56eTFFR1ZzbTc3
WTRIcVZGY0Z1YlNUS3l0cWJ1TW5YUjF6SQoqTDq/up9Q3tQnNJdsnfiwYqA5LW6G
nKJXGbpnt3dpXxv/1+KRgF6pVKVQtyNFncQW7SC6K4uFw7iv6A==
-----END AGE ENCRYPTED FILE-----