dev/nixfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Compare commits

base: dev:a3870a42938500f78f0875a93ec83b53032f52c4
Branches Tags
dev:master dev:fastback-ssh
dev:installer
...
compare: dev:master
Branches Tags
dev:master dev:fastback-ssh
dev:installer

36 Commits
a3870a4293 ... master

Author SHA1 Message Date
Jack O'Sullivan
7db5e18974 nixos/jackflix: copyparty: Move /pub to / and put stuff at /priv
All checks were successful
CI / Check, build and cache nixfiles (push) Successful in 2h25m8s
Details
2025-09-09 14:34:54 +01:00
Jack O'Sullivan
20b7da74bf nixos/jackflix: Remove unnecessary insecure packages exception
All checks were successful
CI / Check, build and cache nixfiles (push) Successful in 2h28m59s
Details
2025-09-08 23:29:51 +01:00
Jack O'Sullivan
adaf8b6a83 nixos/jackflix: Add copyparty 2025-09-08 23:28:31 +01:00
Jack O'Sullivan
1f145334f3 nixos/britway: Disable override_local_dns for headscale
Some checks failed
CI / Check, build and cache nixfiles (push) Failing after 12m38s
Details
2025-09-08 21:29:20 +01:00
Jack O'Sullivan
abf9f1b465 home-manager/gui: Add ffmpeg
All checks were successful
CI / Check, build and cache nixfiles (push) Successful in 2h30m16s
Details
2025-09-06 21:56:19 +01:00
Jack O'Sullivan
f0740741a4 nixos/home/routing-common: Fix mstpd shellcheck
All checks were successful
CI / Check, build and cache nixfiles (push) Successful in 2h44m21s
Details
2025-09-06 21:40:05 +01:00
Jack O'Sullivan
0c0b66b8db nixos/jackflix: Add FlareSolverr 2025-09-06 19:49:12 +01:00
Jack O'Sullivan
bdf3c04595 nixos/git: Add NAT rules 2025-09-06 19:35:33 +01:00
Jack O'Sullivan
02795a6ee4 nixos/nvme: Specify Host NQN on command line
Some checks failed
CI / Check, build and cache nixfiles (push) Failing after 2h24m47s
Details
2025-09-06 18:02:18 +01:00
Jack O'Sullivan
8fa4a7ee60 "Release" 25.09 Giving
Some checks failed
CI / Check, build and cache nixfiles (push) Failing after 31m46s
Details
2025-09-06 17:14:09 +01:00
Jack O'Sullivan
773674d879 nixos/chatterbox: Add adzerq to Instagram bridge
Some checks failed
CI / Check, build and cache nixfiles (push) Failing after 29m47s
Details
2025-07-23 19:42:35 +01:00
Jack O'Sullivan
12c5ca126d nixos/middleman: kinkcraft Bluemap
Some checks failed
CI / Check, build and cache nixfiles (push) Failing after 30m2s
Details
2025-06-07 23:28:20 +01:00
Jack O'Sullivan
b38a2a07e2 nixos/estuary: Update FrysIX BGP config to new /23
Some checks failed
CI / Check, build and cache nixfiles (push) Failing after 30m16s
Details
2025-06-03 11:06:58 +01:00
Jack O'Sullivan
0dc474887f Add kinkcraft Minecraft server
Some checks failed
CI / Check, build and cache nixfiles (push) Failing after 30m20s
Details
2025-05-29 20:51:56 +01:00
Jack O'Sullivan
c8bd63ec3e nixos: Add nixlight static IP and WLED hass integration
Some checks failed
CI / Check, build and cache nixfiles (push) Failing after 29m45s
Details
2025-05-26 23:25:05 +01:00
Jack O'Sullivan
d7522f3f97 nixos/whale2: Op kev in kevcraft
Some checks failed
CI / Check, build and cache nixfiles (push) Failing after 30m31s
Details
2025-04-24 22:04:45 +01:00
Jack O'Sullivan
58c76f822f home-manager/gui: Use tmux kill-session in brainrot screensavers
Some checks failed
CI / Check, build and cache nixfiles (push) Failing after 29m19s
Details
2025-04-14 13:27:01 +01:00
Jack O'Sullivan
31bcde23b8 nixos/gui: Enable udisks2
Some checks failed
CI / Check, build and cache nixfiles (push) Failing after 5m13s
Details
2025-04-07 23:18:29 +01:00
Jack O'Sullivan
fc2fa0666e nixos/middleman: Increase worker_processes
Some checks failed
CI / Check, build and cache nixfiles (push) Failing after 5m10s
Details
2025-03-28 16:42:54 +00:00
Jack O'Sullivan
854cc48479 home-manager/gui: Add Brainrot story mode screensaver
Some checks failed
CI / Check, build and cache nixfiles (push) Failing after 29m6s
Details
2025-03-28 11:01:46 +00:00
Jack O'Sullivan
85a4b124e5 pkgs: Remove own terminaltexteffects
Some checks failed
CI / Check, build and cache nixfiles (push) Failing after 5m7s
Details
2025-03-27 11:58:36 +00:00
Jack O'Sullivan
f322f3ebac home-manager/gui: Longer and looping brainrot screensavers
Some checks failed
CI / Check, build and cache nixfiles (push) Failing after 29m7s
Details
2025-03-25 10:56:08 +00:00
Jack O'Sullivan
bc74fb4968 home-manager/gui: Add brainrot screensavers
Some checks failed
CI / Check, build and cache nixfiles (push) Failing after 30m15s
Details
2025-03-24 15:09:46 +00:00
Jack O'Sullivan
584abd4991 nixos/home/hass: Add USB webcam
All checks were successful
CI / Check, build and cache nixfiles (push) Successful in 1h12m19s
Details
2025-03-15 01:43:44 +00:00
Jack O'Sullivan
05074a1fd9 nixos/home/hass: Basic Reolink camera setup
Some checks failed
CI / Check, build and cache nixfiles (push) Has been cancelled
Details
2025-03-15 01:07:12 +00:00
Jack O'Sullivan
69060dfbff nixos/home/routing-common: Add static lease for hass-panel 2025-03-14 22:53:36 +00:00
Jack O'Sullivan
8e288a9e2a nixos/home/hass: Include scenes.yaml
All checks were successful
CI / Check, build and cache nixfiles (push) Successful in 1h17m11s
Details
2025-03-14 17:48:18 +00:00
Jack O'Sullivan
bb03b6fa76 nixos/home/hass: Add HEOS
All checks were successful
CI / Check, build and cache nixfiles (push) Successful in 1h0m24s
Details
2025-03-12 01:55:46 +00:00
Jack O'Sullivan
fd92cfae6e nixos/home/hass: Include scripts.yaml
All checks were successful
CI / Check, build and cache nixfiles (push) Successful in 1h1m12s
Details
2025-03-11 14:35:10 +00:00
Jack O'Sullivan
25267d09a2 nixos/home/hass: Add androidtv_remote and alarmo
All checks were successful
CI / Check, build and cache nixfiles (push) Successful in 59m46s
Details
2025-03-11 02:12:16 +00:00
Jack O'Sullivan
f02f538ab2 nixos/home/routing-common: Add media DHCP reservations 2025-03-10 22:33:48 +00:00
Jack O'Sullivan
d319657680 nixos/netboot: Use older iPXE with patch
All checks were successful
CI / Check, build and cache nixfiles (push) Successful in 1h3m31s
Details
2025-03-10 22:23:08 +00:00
Jack O'Sullivan
dff5a4e6d8 nixos/home/hass: Add Irish Rail integration
All checks were successful
CI / Check, build and cache nixfiles (push) Successful in 1h9m21s
Details
2025-03-10 14:04:22 +00:00
Jack O'Sullivan
2a8ced0fec nixos/home/routing-common: Add DNS blocklist
All checks were successful
CI / Check, build and cache nixfiles (push) Successful in 1h6m52s
Details
2025-03-10 10:46:21 +00:00
Jack O'Sullivan
36c7096120 nixos/home/hass: Home Assistant CLI and automation fix
All checks were successful
CI / Check, build and cache nixfiles (push) Successful in 2h47m3s
Details
2025-03-10 01:28:14 +00:00
Jack O'Sullivan
adfcf2f848 nixos/home/hass: Initial Home Assistant setup
Some checks failed
CI / Check, build and cache nixfiles (push) Has been cancelled
Details
2025-03-09 22:59:59 +00:00
51 changed files with 1160 additions and 1771 deletions
Expand all files Collapse all files

300
flake.lock generated
View File

@@ -8,7 +8,7 @@
"ragenix",
"nixpkgs"
],
"systems": "systems_7"
"systems": "systems_6"
},
"locked": {
"lastModified": 1723293904,
@@ -31,29 +31,27 @@
"nixpkgs": [
"nixpkgs-unstable"
],
"poetry2nix": "poetry2nix"
"pyproject-nix": "pyproject-nix"
},
"locked": {
"lastModified": 1718746012,
"narHash": "sha256-sp9vGl3vWXvD/C2JeMDi5nbW6CkKIC3Q2JMGKwexYEs=",
"ref": "refs/heads/master",
"rev": "ea24100bd4a914b9e044a2085a3785a6bd3a3833",
"revCount": 5,
"type": "git",
"url": "https://git.nul.ie/dev/boardie"
"lastModified": 1757170758,
"narHash": "sha256-FyO+Brz5eInmdAkG8B2rJAfrNGMCsDQ8BPflKV2+r5g=",
"owner": "devplayer0",
"repo": "boardie",
"rev": "ed5fd520d5bf122871b5508dd3c1eda28d6e515d",
"type": "github"
},
"original": {
"type": "git",
"url": "https://git.nul.ie/dev/boardie"
"owner": "devplayer0",
"repo": "boardie",
"type": "github"
}
},
"borgthin": {
"inputs": {
"devshell": "devshell_2",
"flake-utils": "flake-utils_5",
"nixpkgs": [
"nixpkgs-mine"
]
"flake-utils": "flake-utils_4",
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1732994213,
@@ -69,6 +67,27 @@
"type": "github"
}
},
"copyparty": {
"inputs": {
"flake-utils": "flake-utils_5",
"nixpkgs": [
"nixpkgs-unstable"
]
},
"locked": {
"lastModified": 1757362872,
"narHash": "sha256-juUSWjxX8y2gueU34BpkQipUlhZRFJNLFccdprle0iM=",
"owner": "9001",
"repo": "copyparty",
"rev": "e09f3c9e2c3dccf8f3912539e04dd840b10b51ee",
"type": "github"
},
"original": {
"owner": "9001",
"repo": "copyparty",
"type": "github"
}
},
"crane": {
"locked": {
"lastModified": 1725409566,
@@ -116,11 +135,11 @@
"utils": "utils"
},
"locked": {
"lastModified": 1727447169,
"narHash": "sha256-3KyjMPUKHkiWhwR91J1YchF6zb6gvckCAY1jOE+ne0U=",
"lastModified": 1756719547,
"narHash": "sha256-N9gBKUmjwRKPxAafXEk1EGadfk2qDZPBQp4vXWPHINQ=",
"owner": "serokell",
"repo": "deploy-rs",
"rev": "aa07eb05537d4cd025e2310397a6adcedfe72c76",
"rev": "125ae9e3ecf62fb2c0fd4f2d894eb971f1ecaed2",
"type": "github"
},
"original": {
@@ -169,8 +188,8 @@
},
"devshell_2": {
"inputs": {
"flake-utils": "flake-utils_4",
"nixpkgs": "nixpkgs_3"
"flake-utils": "flake-utils_3",
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1671489820,
@@ -193,11 +212,11 @@
]
},
"locked": {
"lastModified": 1735644329,
"narHash": "sha256-tO3HrHriyLvipc4xr+Ewtdlo7wM1OjXNjlWRgmM7peY=",
"lastModified": 1741473158,
"narHash": "sha256-kWNaq6wQUbUMlPgw8Y+9/9wP0F8SHkjy24/mN3UAppg=",
"owner": "numtide",
"repo": "devshell",
"rev": "f7795ede5b02664b57035b3b757876703e2c3eac",
"rev": "7c9e793ebe66bcba8292989a68c0419b737a22a0",
"type": "github"
},
"original": {
@@ -209,11 +228,11 @@
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"lastModified": 1733328505,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
"type": "github"
},
"original": {
@@ -242,7 +261,7 @@
},
"flake-utils_10": {
"inputs": {
"systems": "systems_10"
"systems": "systems_9"
},
"locked": {
"lastModified": 1705309234,
@@ -292,24 +311,6 @@
}
},
"flake-utils_3": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_4": {
"locked": {
"lastModified": 1642700792,
"narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=",
@@ -324,7 +325,7 @@
"type": "github"
}
},
"flake-utils_5": {
"flake-utils_4": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
@@ -339,9 +340,24 @@
"type": "github"
}
},
"flake-utils_5": {
"locked": {
"lastModified": 1678901627,
"narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_6": {
"inputs": {
"systems": "systems_6"
"systems": "systems_4"
},
"locked": {
"lastModified": 1731533236,
@@ -358,12 +374,15 @@
}
},
"flake-utils_7": {
"inputs": {
"systems": "systems_5"
},
"locked": {
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
@@ -374,7 +393,7 @@
},
"flake-utils_8": {
"inputs": {
"systems": "systems_8"
"systems": "systems_7"
},
"locked": {
"lastModified": 1710146030,
@@ -392,7 +411,7 @@
},
"flake-utils_9": {
"inputs": {
"systems": "systems_9"
"systems": "systems_8"
},
"locked": {
"lastModified": 1709126324,
@@ -437,16 +456,16 @@
]
},
"locked": {
"lastModified": 1739757849,
"narHash": "sha256-Gs076ot1YuAAsYVcyidLKUMIc4ooOaRGO0PqTY7sBzA=",
"lastModified": 1756679287,
"narHash": "sha256-Xd1vOeY9ccDf5VtVK12yM0FS6qqvfUop8UQlxEB+gTQ=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "9d3d080aec2a35e05a15cedd281c2384767c2cfe",
"rev": "07fc025fe10487dd80f2ec694f1cd790e752d0e8",
"type": "github"
},
"original": {
"id": "home-manager",
"ref": "release-24.11",
"ref": "release-25.05",
"type": "indirect"
}
},
@@ -457,11 +476,11 @@
]
},
"locked": {
"lastModified": 1741457641,
"narHash": "sha256-HIoSAfme6BReJI8wbtZxSuALfI21OqagDPlbGkeVX0c=",
"lastModified": 1757075491,
"narHash": "sha256-a+NMGl5tcvm+hyfSG2DlVPa8nZLpsumuRj1FfcKb2mQ=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "2c87a6475fba12c9eb04ccb7375da0e32da48dc1",
"rev": "f56bf065f9abedc7bc15e1f2454aa5c8edabaacf",
"type": "github"
},
"original": {
@@ -484,25 +503,19 @@
"type": "github"
}
},
"nix-github-actions": {
"inputs": {
"nixpkgs": [
"boardie",
"poetry2nix",
"nixpkgs"
]
},
"libnetRepo": {
"flake": false,
"locked": {
"lastModified": 1703863825,
"narHash": "sha256-rXwqjtwiGKJheXB43ybM8NwWB8rO2dSRrEqes0S7F5Y=",
"owner": "nix-community",
"repo": "nix-github-actions",
"rev": "5163432afc817cf8bd1f031418d1869e4c9d5547",
"lastModified": 1745053097,
"narHash": "sha256-BEW57utyWCqP4U+MzCXFqbvEC8LE3iZv5dsPMrmTJ9Q=",
"owner": "oddlama",
"repo": "nixos-extra-modules",
"rev": "7565d8554b0fc9d621851150e7939d34a3a8cd6c",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-github-actions",
"owner": "oddlama",
"repo": "nixos-extra-modules",
"type": "github"
}
},
@@ -514,11 +527,11 @@
]
},
"locked": {
"lastModified": 1713543440,
"narHash": "sha256-lnzZQYG0+EXl/6NkGpyIz+FEOc/DSEG57AP1VsdeNrM=",
"lastModified": 1752054764,
"narHash": "sha256-Ob/HuUhANoDs+nvYqyTKrkcPXf4ZgXoqMTQoCK0RFgQ=",
"owner": "nix-community",
"repo": "nixGL",
"rev": "310f8e49a149e4c9ea52f1adf70cdc768ec53f8a",
"rev": "a8e1ce7d49a149ed70df676785b07f63288f53c5",
"type": "github"
},
"original": {
@@ -545,11 +558,11 @@
},
"nixpkgs-mine": {
"locked": {
"lastModified": 1741543477,
"narHash": "sha256-CIXkalXwVcUFxb2TF33j45GlWWVHGmHu0GaMvVM/f6M=",
"lastModified": 1757173087,
"narHash": "sha256-NYXuC8xUUbvtwbaC1aLdpQKHzQtQ2XB3VkK0hfYTPd8=",
"owner": "devplayer0",
"repo": "nixpkgs",
"rev": "811543d59a6dec53bd025bb17be0896f3c37c03a",
"rev": "06e4c8cd503ed73806744b39368393df38b36bb7",
"type": "github"
},
"original": {
@@ -561,11 +574,11 @@
},
"nixpkgs-mine-stable": {
"locked": {
"lastModified": 1741456679,
"narHash": "sha256-5f6f3yFT4+KDV02PXlKxhJ7ig++oa+NzGwlW8vxWPHk=",
"lastModified": 1757173155,
"narHash": "sha256-aDNAiQQsrgS/coVOqLbtILpOUouE6jp/wqAsO8Dta/o=",
"owner": "devplayer0",
"repo": "nixpkgs",
"rev": "c82613e3e6a22d4cc1e80e1e91bea15c601dbbe7",
"rev": "8a1a03f2d17918a6d51746371031a8fe4014c549",
"type": "github"
},
"original": {
@@ -577,26 +590,26 @@
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1741332913,
"narHash": "sha256-ri1e8ZliWS3Jnp9yqpKApHaOo7KBN33W8ECAKA4teAQ=",
"lastModified": 1757020766,
"narHash": "sha256-PLoSjHRa2bUbi1x9HoXgTx2AiuzNXs54c8omhadyvp0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "20755fa05115c84be00b04690630cb38f0a203ad",
"rev": "fe83bbdde2ccdc2cb9573aa846abe8363f79a97a",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-24.11",
"ref": "nixos-25.05",
"type": "indirect"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1741246872,
"narHash": "sha256-Q6pMP4a9ed636qilcYX8XUguvKl/0/LGXhHcRI91p0U=",
"lastModified": 1756787288,
"narHash": "sha256-rw/PHa1cqiePdBxhF66V7R+WAP8WekQ0mCDG4CFqT8Y=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "10069ef4cf863633f57238f179a0297de84bd8d3",
"rev": "d0fc30899600b9b3466ddb260fd83deb486c32f1",
"type": "github"
},
"original": {
@@ -606,22 +619,6 @@
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1718632497,
"narHash": "sha256-YtlyfqOdYMuu7gumZtK0Kg7jr4OKfHUhJkZfNUryw68=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c58b4a9118498c1055c5908a5bbe666e56abe949",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable-small",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1643381941,
"narHash": "sha256-pHTwvnN4tTsEKkWlXQ8JMY423epos8wUOhthpwJjtpc=",
@@ -637,6 +634,20 @@
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1673606088,
"narHash": "sha256-wdYD41UwNwPhTdMaG0AIe7fE1bAdyHe6bB4HLUqUvck=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "37b97ae3dd714de9a17923d004a2c5b5543dfa6d",
"type": "github"
},
"original": {
"id": "nixpkgs",
"type": "indirect"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1709309926,
@@ -669,25 +680,24 @@
"type": "github"
}
},
"poetry2nix": {
"pyproject-nix": {
"inputs": {
"flake-utils": "flake-utils_3",
"nix-github-actions": "nix-github-actions",
"nixpkgs": "nixpkgs_2",
"systems": "systems_4",
"treefmt-nix": "treefmt-nix"
"nixpkgs": [
"boardie",
"nixpkgs"
]
},
"locked": {
"lastModified": 1718726452,
"narHash": "sha256-w4hJSYvACz0i5XHtxc6XNyHwbxpisN13M2kA2Y7937o=",
"owner": "nix-community",
"repo": "poetry2nix",
"rev": "53e534a08c0cd2a9fa7587ed1c3e7f6aeb804a2c",
"lastModified": 1756395552,
"narHash": "sha256-5aJM14MpoLk2cdZAetu60OkLQrtFLWTICAyn1EP7ZpM=",
"owner": "pyproject-nix",
"repo": "pyproject.nix",
"rev": "030dffc235dcf240d918c651c78dc5f158067b51",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "poetry2nix",
"owner": "pyproject-nix",
"repo": "pyproject.nix",
"type": "github"
}
},
@@ -720,12 +730,14 @@
"inputs": {
"boardie": "boardie",
"borgthin": "borgthin",
"copyparty": "copyparty",
"deploy-rs": "deploy-rs",
"devshell": "devshell_3",
"flake-utils": "flake-utils_6",
"home-manager-stable": "home-manager-stable",
"home-manager-unstable": "home-manager-unstable",
"impermanence": "impermanence",
"libnetRepo": "libnetRepo",
"nixGL": "nixGL",
"nixpkgs-mine": "nixpkgs-mine",
"nixpkgs-mine-stable": "nixpkgs-mine-stable",
@@ -813,21 +825,6 @@
"type": "github"
}
},
"systems_10": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
@@ -868,8 +865,9 @@
"type": "github"
},
"original": {
"id": "systems",
"type": "indirect"
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_5": {
@@ -947,38 +945,16 @@
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"boardie",
"poetry2nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1718522839,
"narHash": "sha256-ULzoKzEaBOiLRtjeY3YoGFJMwWSKRYOic6VNw2UyTls=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "68eb1dc333ce82d0ab0c0357363ea17c31ea1f81",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"utils": {
"inputs": {
"systems": "systems_5"
"systems": "systems_3"
},
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {

24
flake.nix
View File

@@ -3,17 +3,22 @@
inputs = {
flake-utils.url = "github:numtide/flake-utils";
# libnet.url = "github:reo101/nix-lib-net";
libnetRepo = {
url = "github:oddlama/nixos-extra-modules";
flake = false;
};
devshell.url = "github:numtide/devshell";
devshell.inputs.nixpkgs.follows = "nixpkgs-unstable";
nixpkgs-unstable.url = "nixpkgs/nixos-unstable";
nixpkgs-stable.url = "nixpkgs/nixos-24.11";
nixpkgs-stable.url = "nixpkgs/nixos-25.05";
nixpkgs-mine.url = "github:devplayer0/nixpkgs/devplayer0";
nixpkgs-mine-stable.url = "github:devplayer0/nixpkgs/devplayer0-stable";
home-manager-unstable.url = "home-manager";
home-manager-unstable.inputs.nixpkgs.follows = "nixpkgs-unstable";
home-manager-stable.url = "home-manager/release-24.11";
home-manager-stable.url = "home-manager/release-25.05";
home-manager-stable.inputs.nixpkgs.follows = "nixpkgs-stable";
# Stuff used by the flake for build / deployment
@@ -25,7 +30,7 @@
# Stuff used by systems
impermanence.url = "github:nix-community/impermanence";
boardie.url = "git+https://git.nul.ie/dev/boardie";
boardie.url = "github:devplayer0/boardie";
boardie.inputs.nixpkgs.follows = "nixpkgs-unstable";
nixGL.url = "github:nix-community/nixGL";
nixGL.inputs.nixpkgs.follows = "nixpkgs-unstable";
@@ -34,7 +39,10 @@
sharry.url = "github:eikek/sharry";
sharry.inputs.nixpkgs.follows = "nixpkgs-unstable";
borgthin.url = "github:devplayer0/borg";
borgthin.inputs.nixpkgs.follows = "nixpkgs-mine";
# TODO: Update borgthin so this works
# borgthin.inputs.nixpkgs.follows = "nixpkgs-mine";
copyparty.url = "github:9001/copyparty";
copyparty.inputs.nixpkgs.follows = "nixpkgs-unstable";
};
outputs =
@@ -57,7 +65,7 @@
# Extend a lib with extras that _must not_ internally reference private nixpkgs. flake-utils doesn't, but many
# other flakes (e.g. home-manager) probably do internally.
libOverlay = final: prev: {
my = import ./lib { lib = final; };
my = import ./lib { inherit inputs; lib = final; };
flake = flake-utils.lib;
};
pkgsLibOverlay = final: prev: { lib = prev.lib.extend libOverlay; };
@@ -88,10 +96,11 @@
(_: path: mkDefaultSystemsPkgs path (system: {
overlays = [
pkgsLibOverlay
myPkgsOverlay
inputs.devshell.overlays.default
inputs.ragenix.overlays.default
inputs.deploy-rs.overlay
inputs.deploy-rs.overlays.default
(flakePackageOverlay inputs.home-manager-unstable system)
];
}))
@@ -102,6 +111,7 @@
(_: path: mkDefaultSystemsPkgs path (_: {
overlays = [
pkgsLibOverlay
myPkgsOverlay
];
@@ -157,7 +167,7 @@
# Platform independent stuff
{
nixpkgs = pkgs';
inherit lib nixfiles;
inherit inputs lib nixfiles;
overlays.default = myPkgsOverlay;

6
home-manager/modules/common.nix
View File

@@ -66,7 +66,7 @@ in
lsd = {
enable = mkDefault true;
enableAliases = mkDefault true;
enableFishIntegration = mkDefault true;
};
starship = {
@@ -132,6 +132,8 @@ in
ssh = {
enable = mkDefault true;
# TODO: Set after 25.11 releases
# enableDefaultConfig = false;
matchBlocks = {
nix-dev-vm = {
user = "dev";
@@ -226,6 +228,8 @@ in
# Note: If globalPkgs mode is on, then these will be overridden by the NixOS equivalents of these options
nixpkgs = {
overlays = [
inputs.libnet.overlays.default
inputs.deploy-rs.overlay
inputs.boardie.overlays.default
inputs.nixGL.overlays.default

28
home-manager/modules/gui/default.nix
View File

@@ -1,7 +1,8 @@
{ lib, pkgs', pkgs, config, ... }:
let
inherit (lib) genAttrs mkIf mkMerge mkForce mapAttrs mkOptionDefault;
inherit (lib.my) mkBoolOpt';
inherit (lib.my) mkOpt' mkBoolOpt';
inherit (lib.my.c) pubDomain;
cfg = config.my.gui;
@@ -15,24 +16,42 @@ let
url = "https://distro.ibiblio.org/slitaz/sources/packages/d/doom1.wad";
hash = "sha256-HX1DvlAeZ9kn5BXguPPinDvzMHXoWXIYFvZSpSbKx3E=";
};
subwaySurfers = pkgs.fetchurl {
url = "https://p.${pubDomain}/video/subway-surfers-smol.mkv";
hash = "sha256-fMe7TDRNTymRHIJOi7qG3trzu4GP8a3gCDz+FMkX1dY=";
};
minecraftParkour = pkgs.fetchurl {
url = "https://p.${pubDomain}/video/minecraft-parkour-smol.mkv";
hash = "sha256-723pRm4AsIjY/WFUyAHzTJp+JvH4Pn5hvzF9wHTnOPA=";
};
doomsaver = pkgs.runCommand "doomsaver" {
inherit (pkgs) windowtolayer;
genLipsum = pkgs.writeScript "lipsum" ''
#!${pkgs.python3.withPackages (ps: [ ps.python-lorem ])}/bin/python
import lorem
print(lorem.get_paragraph(count=5, sep='\n\n'))
'';
doomsaver' = brainrotTextCommand: pkgs.runCommand "doomsaver" {
inherit (pkgs) windowtolayer tmux terminaltexteffects;
chocoDoom = pkgs.chocolate-doom2xx;
ffmpeg = pkgs.ffmpeg-full;
python = pkgs.python3.withPackages (ps: [ ps.filelock ]);
inherit doomWad;
enojy = ./enojy.jpg;
inherit brainrotTextCommand subwaySurfers minecraftParkour;
} ''
mkdir -p "$out"/bin
substituteAll ${./screensaver.py} "$out"/bin/doomsaver
chmod +x "$out"/bin/doomsaver
'';
doomsaver = doomsaver' cfg.screensaver.brainrotTextCommand;
in
{
options.my.gui = {
options.my.gui = with lib.types; {
enable = mkBoolOpt' true "Enable settings and packages meant for graphical systems";
manageGraphical = mkBoolOpt' false "Configure the graphical session";
standalone = mkBoolOpt' false "Enable settings for fully Nix managed systems";
screensaver.brainrotTextCommand = mkOpt' (either path str) genLipsum "Command to generate brainrot text.";
};
config = mkIf cfg.enable (mkMerge [
@@ -64,6 +83,7 @@ in
cmatrix
doomsaver
ffmpeg-full
xournalpp
];
};

50
home-manager/modules/gui/screensaver.py
View File

@@ -73,7 +73,7 @@ class TTESaver(Screensaver):
def wait(self):
while self.running:
effect_cmd = ['tte', random.choice(self.effects)]
effect_cmd = ['@terminaltexteffects@/bin/tte', random.choice(self.effects)]
print(f"$ {self.cmd} | {' '.join(effect_cmd)}")
content = subprocess.check_output(self.cmd, shell=True, env=self.env, stderr=subprocess.DEVNULL)
@@ -86,6 +86,51 @@ class TTESaver(Screensaver):
self.running = False
self.proc.terminate()
class FFmpegCACASaver(Screensaver):
@staticmethod
def command(video, size):
return ['@ffmpeg@/bin/ffmpeg', '-hide_banner', '-loglevel', 'error',
'-stream_loop', '-1', '-i', video,
'-pix_fmt', 'rgb24', '-window_size', f'{size}x{size}',
'-f', 'caca', '-']
def __init__(self, video, weight=2):
cols, lines = os.get_terminal_size()
# IDK if it's reasonable to do this as "1:1"
size = lines - 4
super().__init__(
self.command(video, size),
env={'CACA_DRIVER': 'ncurses'},
weight=weight,
)
def stop(self):
super().stop(kill=True)
class BrainrotStorySaver(Screensaver):
def __init__(self, video, text_command, weight=2):
cols, lines = os.get_terminal_size()
video_size = lines - 1
video_command = ' '.join(FFmpegCACASaver.command(video, video_size))
text_command = (
f'while true; do {text_command} | '
f'@terminaltexteffects@/bin/tte --wrap-text --canvas-width=80 --canvas-height={video_size//2} --anchor-canvas=c '
'print --final-gradient-stops=ffffff; clear; done' )
self.tmux_session = f'screensaver-{os.urandom(4).hex()}'
super().__init__(
['@tmux@/bin/tmux', 'new-session', '-s', self.tmux_session, '-n', 'brainrot',
text_command, ';', 'split-window', '-hbl', str(lines), video_command],
# ['sh', '-c', text_command],
env={
'CACA_DRIVER': 'ncurses',
'SHELL': '/bin/sh',
},
weight=weight,
)
def stop(self):
subprocess.check_call(['@tmux@/bin/tmux', 'kill-session', '-t', self.tmux_session])
class MultiSaver:
savers = [
DoomSaver(0),
@@ -100,6 +145,9 @@ class MultiSaver:
TTESaver('ss -nltu'),
TTESaver('ss -ntu'),
TTESaver('jp2a --width=100 @enojy@'),
BrainrotStorySaver('@subwaySurfers@', '@brainrotTextCommand@'),
BrainrotStorySaver('@minecraftParkour@', '@brainrotTextCommand@'),
]
state_filename = 'screensaver.json'

14
lib/constants.nix
View File

@@ -13,6 +13,7 @@ rec {
kea = 404;
keepalived_script = 405;
photoprism = 406;
copyparty = 408;
};
gids = {
matrix-syncv3 = 400;
@@ -23,12 +24,13 @@ rec {
keepalived_script = 405;
photoprism = 406;
adbusers = 407;
copyparty = 408;
};
};
kernel = {
lts = pkgs: pkgs.linuxKernel.packages.linux_6_12;
latest = pkgs: pkgs.linuxKernel.packages.linux_6_13;
latest = pkgs: pkgs.linuxKernel.packages.linux_6_16;
};
nginx = rec {
@@ -204,6 +206,10 @@ rec {
port = 25567;
dst = aa.kevcraft-oci.internal.ipv4.address;
}
{
port = 25568;
dst = aa.kinkcraft-oci.internal.ipv4.address;
}
# RCON... unsafe?
# {
@@ -236,6 +242,12 @@ rec {
{
port = 25567;
dst = aa.kevcraft-oci.internal.ipv4.address;
proto = "udp";
}
{
port = 25568;
dst = aa.kinkcraft-oci.internal.ipv4.address;
proto = "udp";
}
{

11
lib/default.nix
View File

@@ -1,11 +1,11 @@
{ lib }:
{ inputs, lib }:
let
inherit (builtins) length match elemAt filter replaceStrings substring;
inherit (lib)
genAttrs mapAttrsToList filterAttrsRecursive nameValuePair types
mkOption mkOverride mkForce mkIf mergeEqualOption optional
showWarnings concatStringsSep flatten unique optionalAttrs
mkBefore toLower;
mkBefore toLower splitString last;
inherit (lib.flake) defaultSystems;
in
rec {
@@ -23,7 +23,7 @@ rec {
attrsToNVList = mapAttrsToList nameValuePair;
inherit (import ./net.nix { inherit lib; }) net;
inherit ((import "${inputs.libnetRepo}/lib/netu.nix" { inherit lib; }).lib) net;
dns = import ./dns.nix { inherit lib; };
c = import ./constants.nix { inherit lib; };
@@ -248,12 +248,13 @@ rec {
in
{
trivial = prev.trivial // {
release = "25.03:u-${prev.trivial.release}";
codeName = "Frick";
release = "25.09:u-${prev.trivial.release}";
codeName = "Giving";
revisionWithDefault = default: self.rev or default;
versionSuffix = ".${date}.${revCode self}:u-${revCode pkgsFlake}";
};
};
upstreamRelease = last (splitString "-" lib.trivial.release);
netbootKeaClientClasses = { tftpIP, hostname, systems }:
let

1322
lib/net.nix
View File

File diff suppressed because it is too large Load Diff

17
nixos/boxes/britway/tailscale.nix
View File

@@ -4,22 +4,6 @@ let
inherit (lib.my.c) pubDomain;
inherit (lib.my.c.britway) prefixes domain;
# Can't use overrideAttrs because we need to override `vendorHash` within `buildGoModule`
headscale' = (pkgs.headscale.override {
buildGoModule = args: pkgs.buildGoModule (args // rec {
version = "0.23.0-alpha12";
src = pkgs.fetchFromGitHub {
owner = "juanfont";
repo = "headscale";
rev = "v${version}";
hash = "sha256-kZZK0cXnFARxblSMz01TDcBbTorkHGAwGpR+a4/mYfU=";
};
patches = [];
vendorHash = "sha256-EorT2AVwA3usly/LcNor6r5UIhLCdj3L4O4ilgTIC2o=";
doCheck = false;
});
});
advRoutes = concatStringsSep "," [
lib.my.c.home.prefixes.all.v4
lib.my.c.home.prefixes.all.v6
@@ -52,6 +36,7 @@ in
noise.private_key_path = "/var/lib/headscale/noise_private.key";
prefixes = with lib.my.c.tailscale.prefix; { inherit v4 v6; };
dns = {
override_local_dns = false;
# Use IPs that will route inside the VPN to prevent interception
# (e.g. DNS rebinding filtering)
nameservers.split = {

124
nixos/boxes/colony/vms/estuary/bgp.nix
View File

@@ -251,42 +251,88 @@ in
neighbor 2001:7f8:10f::dc49:254 as 56393;
}
protocol bgp ixp4_frysix_rs3 from ixp_bgp4 {
description "Frys-IX route server 3 (IPv4)";
neighbor 185.1.160.255 as 56393;
}
protocol bgp ixp6_frysix_rs3 from ixp_bgp6 {
description "Frys-IX route server 3 (IPv6)";
neighbor 2001:7f8:10f::dc49:1 as 56393;
}
protocol bgp ixp4_frysix_rs4 from ixp_bgp4 {
description "Frys-IX route server 4 (IPv4)";
neighbor 185.1.161.0 as 56393;
}
protocol bgp ixp6_frysix_rs4 from ixp_bgp6 {
description "Frys-IX route server 4 (IPv6)";
neighbor 2001:7f8:10f::dc49:2 as 56393;
}
protocol bgp peer4_frysix_luje from peer_bgp4 {
description "LUJE.net (on Frys-IX, IPv4)";
neighbor 185.1.203.152 as 212855;
neighbor 185.1.160.152 as 212855;
}
protocol bgp peer6_frysix_luje from peer_bgp6 {
description "LUJE.net (on Frys-IX, IPv6)";
neighbor 2001:7f8:10f::3:3f95:152 as 212855;
}
protocol bgp peer4_frysix_he from peer_bgp4 {
description "Hurricane Electric (on Frys-IX, IPv4)";
neighbor 185.1.203.154 as 6939;
neighbor 185.1.160.154 as 6939;
}
protocol bgp peer4_frysix_cloudflare from peer_bgp4 {
description "Cloudflare (on Frys-IX, IPv4)";
protocol bgp peer4_frysix_cloudflare1_old from peer_bgp4 {
description "Cloudflare 1 (on Frys-IX, IPv4)";
neighbor 185.1.203.217 as 13335;
}
protocol bgp peer6_frysix_cloudflare from peer_bgp6 {
description "Cloudflare (on Frys-IX, IPv6)";
protocol bgp peer4_frysix_cloudflare2_old from peer_bgp4 {
description "Cloudflare 2 (on Frys-IX, IPv4)";
neighbor 185.1.203.109 as 13335;
}
protocol bgp peer4_frysix_cloudflare1 from peer_bgp4 {
description "Cloudflare 1 (on Frys-IX, IPv4)";
neighbor 185.1.160.217 as 13335;
}
protocol bgp peer4_frysix_cloudflare2 from peer_bgp4 {
description "Cloudflare 2 (on Frys-IX, IPv4)";
neighbor 185.1.160.109 as 13335;
}
protocol bgp peer6_frysix_cloudflare1 from peer_bgp6 {
description "Cloudflare 1 (on Frys-IX, IPv6)";
neighbor 2001:7f8:10f::3417:217 as 13335;
}
protocol bgp peer6_frysix_cloudflare2 from peer_bgp6 {
description "Cloudflare 2 (on Frys-IX, IPv6)";
neighbor 2001:7f8:10f::3417:109 as 13335;
}
protocol bgp peer4_frysix_jurrian from peer_bgp4 {
description "AS212635 aka jurrian (on Frys-IX, IPv4)";
neighbor 185.1.203.134 as 212635;
neighbor 185.1.160.134 as 212635;
}
protocol bgp peer6_frysix_jurrian from peer_bgp6 {
description "AS212635 aka jurrian (on Frys-IX, IPv6)";
neighbor 2001:7f8:10f::3:3e9b:134 as 212635;
}
protocol bgp peer4_frysix_meta1 from peer_bgp4 {
protocol bgp peer4_frysix_meta1_old from peer_bgp4 {
description "Meta 1 (on Frys-IX, IPv4)";
neighbor 185.1.203.225 as 32934;
}
protocol bgp peer4_frysix_meta2 from peer_bgp4 {
protocol bgp peer4_frysix_meta2_old from peer_bgp4 {
description "Meta 2 (on Frys-IX, IPv4)";
neighbor 185.1.203.226 as 32934;
}
protocol bgp peer4_frysix_meta1 from peer_bgp4 {
description "Meta 1 (on Frys-IX, IPv4)";
neighbor 185.1.160.225 as 32934;
}
protocol bgp peer4_frysix_meta2 from peer_bgp4 {
description "Meta 2 (on Frys-IX, IPv4)";
neighbor 185.1.160.226 as 32934;
}
protocol bgp peer6_frysix_meta1 from peer_bgp6 {
description "Meta 1 (on Frys-IX, IPv6)";
neighbor 2001:7f8:10f::80a6:225 as 32934;
@@ -318,36 +364,36 @@ in
ipv6 { preference (PREFIXP-1); };
}
protocol bgp peer4_nlix_cloudflare1 from peer_bgp4 {
description "Cloudflare NL-ix 1 (IPv4)";
neighbor 193.239.117.14 as 13335;
ipv4 { preference (PREFPEER-1); };
}
protocol bgp peer4_nlix_cloudflare2 from peer_bgp4 {
description "Cloudflare NL-ix 2 (IPv4)";
neighbor 193.239.117.114 as 13335;
ipv4 { preference (PREFPEER-1); };
}
protocol bgp peer4_nlix_cloudflare3 from peer_bgp4 {
description "Cloudflare NL-ix 3 (IPv4)";
neighbor 193.239.118.138 as 13335;
ipv4 { preference (PREFPEER-1); };
}
protocol bgp peer6_nlix_cloudflare1 from peer_bgp6 {
description "Cloudflare NL-ix 1 (IPv6)";
neighbor 2001:7f8:13::a501:3335:1 as 13335;
ipv6 { preference (PREFPEER-1); };
}
protocol bgp peer6_nlix_cloudflare2 from peer_bgp6 {
description "Cloudflare NL-ix 2 (IPv6)";
neighbor 2001:7f8:13::a501:3335:2 as 13335;
ipv6 { preference (PREFPEER-1); };
}
protocol bgp peer6_nlix_cloudflare3 from peer_bgp6 {
description "Cloudflare NL-ix 3 (IPv6)";
neighbor 2001:7f8:13::a501:3335:3 as 13335;
ipv6 { preference (PREFPEER-1); };
}
# protocol bgp peer4_nlix_cloudflare1 from peer_bgp4 {
# description "Cloudflare NL-ix 1 (IPv4)";
# neighbor 193.239.117.14 as 13335;
# ipv4 { preference (PREFPEER-1); };
# }
# protocol bgp peer4_nlix_cloudflare2 from peer_bgp4 {
# description "Cloudflare NL-ix 2 (IPv4)";
# neighbor 193.239.117.114 as 13335;
# ipv4 { preference (PREFPEER-1); };
# }
# protocol bgp peer4_nlix_cloudflare3 from peer_bgp4 {
# description "Cloudflare NL-ix 3 (IPv4)";
# neighbor 193.239.118.138 as 13335;
# ipv4 { preference (PREFPEER-1); };
# }
# protocol bgp peer6_nlix_cloudflare1 from peer_bgp6 {
# description "Cloudflare NL-ix 1 (IPv6)";
# neighbor 2001:7f8:13::a501:3335:1 as 13335;
# ipv6 { preference (PREFPEER-1); };
# }
# protocol bgp peer6_nlix_cloudflare2 from peer_bgp6 {
# description "Cloudflare NL-ix 2 (IPv6)";
# neighbor 2001:7f8:13::a501:3335:2 as 13335;
# ipv6 { preference (PREFPEER-1); };
# }
# protocol bgp peer6_nlix_cloudflare3 from peer_bgp6 {
# description "Cloudflare NL-ix 3 (IPv6)";
# neighbor 2001:7f8:13::a501:3335:3 as 13335;
# ipv6 { preference (PREFPEER-1); };
# }
protocol bgp peer4_nlix_jurrian from peer_bgp4 {
description "AS212635 aka jurrian (on NL-ix, IPv4)";
neighbor 193.239.117.55 as 212635;

5
nixos/boxes/colony/vms/estuary/default.nix
View File

@@ -219,6 +219,9 @@ in
mkMerge
[
(mkIXPConfig "frys-ix" "185.1.203.196/24" "2001:7f8:10f::3:3850:196/64")
# FrysIX is migrating to a /23
{ "85-frys-ix".address = [ "185.1.160.196/23" ]; }
(mkIXPConfig "nl-ix" "193.239.116.145/22" "2001:7f8:13::a521:1024:1/64")
(mkIXPConfig "fogixp" "185.1.147.159/24" "2001:7f8:ca:1::159/64")
{
@@ -402,6 +405,7 @@ in
ip6 daddr ${aa.simpcraft-oci.internal.ipv6.address} tcp dport 25565 accept
ip6 daddr ${aa.simpcraft-staging-oci.internal.ipv6.address} tcp dport 25565 accept
ip6 daddr ${aa.kevcraft-oci.internal.ipv6.address} tcp dport 25567 accept
ip6 daddr ${aa.kinkcraft-oci.internal.ipv6.address} tcp dport 25568 accept
return
}
chain routing-udp {
@@ -410,6 +414,7 @@ in
ip6 daddr ${aa.simpcraft-oci.internal.ipv6.address} udp dport 25565 accept
ip6 daddr ${aa.enshrouded-oci.internal.ipv6.address} udp dport { 15636-15637 } accept
ip6 daddr ${aa.kevcraft-oci.internal.ipv6.address} udp dport 25567 accept
ip6 daddr ${aa.kinkcraft-oci.internal.ipv6.address} udp dport 25568 accept
return
}
chain filter-routing {

44
nixos/boxes/colony/vms/estuary/dns.nix
View File

@@ -14,7 +14,7 @@ in
owner = "pdns";
group = "pdns";
};
"estuary/pdns/recursor.conf" = {
"estuary/pdns/recursor.yml" = {
owner = "pdns-recursor";
group = "pdns-recursor";
};
@@ -31,7 +31,7 @@ in
pdns.recursor = {
enable = true;
extraSettingsFile = config.age.secrets."estuary/pdns/recursor.conf".path;
extraSettingsFile = config.age.secrets."estuary/pdns/recursor.yml".path;
};
};
@@ -44,34 +44,37 @@ in
};
pdns-recursor = {
dns = {
address = [
yaml-settings = {
incoming = {
listen = [
"127.0.0.1" "::1"
assignments.base.ipv4.address assignments.base.ipv6.address
];
allowFrom = [
allow_from = [
"127.0.0.0/8" "::1/128"
prefixes.all.v4 prefixes.all.v6
] ++ (with lib.my.c.tailscale.prefix; [ v4 v6 ]);
# DNS NOTIFY messages override TTL
allow_notify_for = authZones;
allow_notify_from = [ "127.0.0.0/8" "::1/128" ];
};
settings = {
query-local-address = [
outgoing = {
source_address = [
assignments.internal.ipv4.address
assignments.internal.ipv6.address
assignments.base.ipv6.address
];
forward-zones = map (z: "${z}=127.0.0.1:5353") authZones;
};
# DNS NOTIFY messages override TTL
allow-notify-for = authZones;
allow-notify-from = [ "127.0.0.0/8" "::1/128" ];
recursor = {
forward_zones = map (z: {
zone = z;
forwarders = [ "127.0.0.1:5353" ];
}) authZones;
webserver = true;
webserver-address = "::";
webserver-allow-from = [ "127.0.0.1" "::1" ];
lua-dns-script = pkgs.writeText "pdns-script.lua" ''
lua_dns_script = pkgs.writeText "pdns-script.lua" ''
function preresolve(dq)
if dq.qname:equal("nix-cache.nul.ie") then
dq:addAnswer(pdns.CNAME, "http.${config.networking.domain}.")
@@ -84,6 +87,13 @@ in
end
'';
};
webservice = {
webserver = true;
address = "::";
allow_from = [ "127.0.0.1" "::1" ];
};
};
};
};
@@ -156,6 +166,8 @@ in
enshrouded IN A ${assignments.internal.ipv4.address}
kevcraft IN A ${assignments.internal.ipv4.address}
kevcraft IN AAAA ${allAssignments.kevcraft-oci.internal.ipv6.address}
kinkcraft IN A ${assignments.internal.ipv4.address}
kinkcraft IN AAAA ${allAssignments.kinkcraft-oci.internal.ipv6.address}
mail-vm IN A ${net.cidr.host 0 prefixes.mail.v4}
mail-vm IN AAAA ${net.cidr.host 1 prefixes.mail.v6}

3
nixos/boxes/colony/vms/git/default.nix
View File

@@ -4,7 +4,7 @@ let
inherit (lib) mkMerge mkDefault;
inherit (lib.my) net;
inherit (lib.my.c) pubDomain;
inherit (lib.my.c.colony) domain prefixes;
inherit (lib.my.c.colony) domain prefixes firewallForwards;
inherit (lib.my.c.nginx) baseHttpConfig proxyHeaders;
in
{
@@ -197,6 +197,7 @@ in
firewall = {
tcp.allowed = [ 19999 "http" "https" ];
nat.forwardPorts."${allAssignments.estuary.internal.ipv4.address}" = firewallForwards allAssignments;
extraRules = ''
table inet filter {
chain forward {

1
nixos/boxes/colony/vms/shill/containers/chatterbox.nix
View File

@@ -328,6 +328,7 @@ in
};
permissions = {
"@dev:nul.ie" = "admin";
"@adzerq:nul.ie" = "user";
};
};
};

70
nixos/boxes/colony/vms/shill/containers/jackflix/default.nix
View File

@@ -23,7 +23,7 @@ in
};
};
configuration = { lib, pkgs, config, ... }:
configuration = { lib, pkgs, config, allAssignments, ... }:
let
inherit (lib) mkForce;
in
@@ -39,10 +39,20 @@ in
key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPUv1ntVrZv5ripsKpcOAnyDQX2PHjowzyhqWK10Ml53";
files = {
"jackflix/photoprism-pass.txt" = {};
"jackflix/copyparty-pass.txt" = {
owner = "copyparty";
group = "copyparty";
};
};
};
firewall = {
tcp.allowed = [
3923
];
};
};
users = with lib.my.c.ids; {
users = {
"${config.my.user.config.name}".extraGroups = [ "media" ];
@@ -60,11 +70,16 @@ in
uid = uids.photoprism;
group = "photoprism";
};
copyparty = {
uid = uids.copyparty;
extraGroups = [ "media" ];
};
};
groups = {
media.gid = 2000;
jellyseerr.gid = gids.jellyseerr;
photoprism.gid = gids.photoprism;
copyparty.gid = gids.copyparty;
};
};
@@ -94,14 +109,6 @@ in
};
};
nixpkgs.config.permittedInsecurePackages = [
# FIXME: This is needed for Sonarr
"aspnetcore-runtime-wrapped-6.0.36"
"aspnetcore-runtime-6.0.36"
"dotnet-sdk-wrapped-6.0.428"
"dotnet-sdk-6.0.428"
];
services = {
netdata.enable = true;
@@ -131,6 +138,7 @@ in
};
};
flaresolverr.enable = true;
jackett.enable = true;
radarr.enable = true;
sonarr.enable = true;
@@ -158,6 +166,50 @@ in
PHOTOPRISM_DATABASE_DRIVER = "sqlite";
};
};
copyparty = {
enable = true;
package = pkgs.copyparty.override {
withMagic = true;
};
settings = {
name = "dev-stuff";
no-reload = true;
j = 8; # cores
http-only = true;
xff-src =
with allAssignments.middleman.internal;
[ "${ipv4.address}/32" prefixes.ctrs.v6 ];
rproxy = 1; # get if from x-forwarded-for
magic = true; # enable checking file magic on upload
hist = "/var/cache/copyparty";
shr = "/share"; # enable share creation
ed = true; # enable dotfiles
chmod-f = 664;
chmod-d = 775;
e2dsa = true; # file indexing
e2t = true; # metadata indexing
og-ua = "(Discord|Twitter|Slack)bot"; # embeds
theme = 6;
};
accounts.dev.passwordFile = config.age.secrets."jackflix/copyparty-pass.txt".path;
volumes = {
"/" = {
path = "/mnt/media/public";
access = {
A = "dev";
"r." = "*";
};
flags = {
shr_who = "no"; # no reason to have shares here
};
};
"/priv" = {
path = "/mnt/media/stuff";
access.A = "dev"; # dev has admin access
};
};
};
};
};
};

3
nixos/boxes/colony/vms/shill/containers/middleman/default.nix
View File

@@ -251,6 +251,9 @@ in
proxyResolveWhileRunning = true;
sslDhparam = config.age.secrets."dhparams.pem".path;
appendConfig = ''
worker_processes auto;
'';
# Based on recommended*Settings, but probably better to be explicit about these
appendHttpConfig = ''
${baseHttpConfig}

20
nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix
View File

@@ -347,12 +347,7 @@ in
"stuff.${pubDomain}" = {
locations."/" = {
basicAuthFile = config.age.secrets."middleman/htpasswd".path;
root = "/mnt/media/stuff";
extraConfig = ''
fancyindex on;
fancyindex_show_dotfiles on;
'';
proxyPass = "http://jackflix-ctr.${domain}:3923";
};
useACMEHost = pubDomain;
};
@@ -379,6 +374,11 @@ in
useACMEHost = pubDomain;
};
"mc-map-kink.${pubDomain}" = {
locations."/".proxyPass = "http://kinkcraft-oci.${domain}:8100";
useACMEHost = pubDomain;
};
"librespeed.${domain}" = {
locations."/".proxyPass = "http://localhost:8989";
};
@@ -429,6 +429,14 @@ in
}
(ssoServer "generic")
];
"hass.${pubDomain}" = {
locations."/" = {
proxyPass = "http://hass-ctr.${home.domain}:8123";
proxyWebsockets = true;
extraConfig = proxyHeaders;
};
useACMEHost = pubDomain;
};
};
minio =

8
nixos/boxes/colony/vms/shill/containers/toot.nix
View File

@@ -87,7 +87,7 @@ in
netdata.enable = true;
mastodon = mkMerge [
rec {
enable = true;
enable = false;
localDomain = extraConfig.WEB_DOMAIN; # for nginx config
extraConfig = {
LOCAL_DOMAIN = "nul.ie";
@@ -95,7 +95,9 @@ in
};
secretKeyBaseFile = config.age.secrets."toot/secret-key.txt".path;
otpSecretFile = config.age.secrets."toot/otp-secret.txt".path;
# TODO: This was removed at some point.
# If we want to bring Mastodon back, this will probably need to be addressd.
# otpSecretFile = config.age.secrets."toot/otp-secret.txt".path;
vapidPrivateKeyFile = config.age.secrets."toot/vapid-key.txt".path;
vapidPublicKeyFile = toString (pkgs.writeText
"vapid-pubkey.txt"
@@ -164,7 +166,7 @@ in
};
};
pds = {
bluesky-pds = {
enable = true;
environmentFiles = [ config.age.secrets."toot/pds.env".path ];
settings = {

1
nixos/boxes/colony/vms/whale2/default.nix
View File

@@ -54,6 +54,7 @@ in
simpcraft-staging-oci = 4;
enshrouded-oci = 5;
kevcraft-oci = 6;
kinkcraft-oci = 7;
};
configuration = { lib, pkgs, modulesPath, config, assignments, allAssignments, ... }:

46
nixos/boxes/colony/vms/whale2/minecraft/default.nix
View File

@@ -5,12 +5,13 @@ let
# devplayer0
op = "6d7d971b-ce10-435b-85c5-c99c0d8d288c";
kev = "703b378a-09f9-4c1d-9876-1c9305728c49";
whitelist = concatStringsSep "," [
op
"dcd2ecb9-2b5e-49cb-9d4f-f5a76162df56" # Elderlypug
"fcb26db2-c3ce-41aa-b588-efec79d37a8a" # Jesthral_
"1d366062-12c0-4e29-aba7-6ab5d8c6bb05" # shr3kas0ras
"703b378a-09f9-4c1d-9876-1c9305728c49" # OROURKEIRE
kev
"f105bbe6-eda6-4a13-a8cf-894e77cab77b" # Adzerq
"1fc94979-41fb-497a-81e9-34ae24ca537a" # johnnyscrims
"d53c91df-b6e6-4463-b106-e8427d7a8d01" # BossLonus
@@ -124,7 +125,7 @@ in
EXISTING_WHITELIST_FILE = "SYNCHRONIZE";
WHITELIST = whitelist;
EXISTING_OPS_FILE = "SYNCHRONIZE";
OPS = op;
OPS = concatStringsSep "," [ op kev ];
DIFFICULTY = "normal";
SPAWN_PROTECTION = "0";
# VIEW_DISTANCE = "20";
@@ -144,6 +145,47 @@ in
''--network=colony:${dockerNetAssignment allAssignments "kevcraft-oci"}''
];
};
kinkcraft = {
# 2025.5.1-java21-alpine
image = "itzg/minecraft-server@sha256:de26c7128e3935f3be48fd30283f0b5a6da1b3d9f1a10c9f92502ee1ba072f7b";
environment = {
TYPE = "MODRINTH";
SERVER_PORT = "25568";
QUERY_PORT = "25568";
EULA = "true";
ENABLE_QUERY = "true";
ENABLE_RCON = "true";
MOTD = "§4§k----- §9K§ai§bn§ck§dc§er§fa§6f§5t §4§k-----";
ICON = "/ext/icon.png";
EXISTING_WHITELIST_FILE = "SYNCHRONIZE";
WHITELIST = whitelist;
EXISTING_OPS_FILE = "SYNCHRONIZE";
OPS = op;
DIFFICULTY = "normal";
SPAWN_PROTECTION = "0";
VIEW_DISTANCE = "20";
MAX_MEMORY = "6G";
MODRINTH_MODPACK = "https://cdn.modrinth.com/data/CIYf3Hk8/versions/NGutsQSd/Simpcraft-0.2.1.mrpack";
TZ = "Europe/Dublin";
};
environmentFiles = [ config.age.secrets."whale2/simpcraft.env".path ];
volumes = [
"kinkcraft_data:/data"
"${./icon.png}:/ext/icon.png:ro"
];
extraOptions = [
''--network=colony:${dockerNetAssignment allAssignments "kinkcraft-oci"}''
];
};
};
services = {

2
nixos/boxes/home/palace/vms/default.nix
View File

@@ -192,6 +192,8 @@
"device qemu-xhci,id=xhci"
# Front-right port?
"device usb-host,hostbus=1,hostport=4"
# Front-left port
"device usb-host,hostbus=1,hostport=3"
];
};
};

214
nixos/boxes/home/palace/vms/sfh/containers/hass.nix
View File

@@ -1,6 +1,7 @@
{ lib, ... }:
let
inherit (lib.my) net;
inherit (lib.my.c) pubDomain;
inherit (lib.my.c.home) domain prefixes vips hiMTU;
in
{
@@ -12,6 +13,7 @@ in
assignments = {
hi = {
name = "hass-ctr";
altNames = [ "frigate" ];
inherit domain;
mtu = hiMTU;
ipv4 = {
@@ -24,12 +26,32 @@ in
address = net.cidr.host (65536*5+3) prefixes.hi.v6;
};
};
lo = {
name = "hass-ctr-lo";
inherit domain;
mtu = 1500;
ipv4 = {
address = net.cidr.host 103 prefixes.lo.v4;
mask = 21;
gateway = null;
};
ipv6 = {
iid = "::5:3";
address = net.cidr.host (65536*5+3) prefixes.lo.v6;
};
};
};
configuration = { lib, config, pkgs, assignments, ... }:
configuration = { lib, config, pkgs, assignments, allAssignments, ... }:
let
inherit (lib) mkMerge mkIf mkForce;
inherit (lib.my) networkdAssignment;
hassCli = pkgs.writeShellScriptBin "hass-cli" ''
export HASS_SERVER="http://localhost:${toString config.services.home-assistant.config.http.server_port}"
export HASS_TOKEN="$(< ${config.age.secrets."hass/cli-token.txt".path})"
exec ${pkgs.home-assistant-cli}/bin/hass-cli "$@"
'';
in
{
config = {
@@ -39,19 +61,201 @@ in
secrets = {
key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGpYX2WbYwUqHp8bFFf0eHFrqrR8xp8IheguA054F8V4";
files = { };
files = {
"hass/cli-token.txt" = {
owner = config.my.user.config.name;
};
};
};
firewall = {
tcp.allowed = [ ];
tcp.allowed = [ "http" 1883 ];
};
};
environment = {
systemPackages = with pkgs; [
usbutils
hassCli
];
};
systemd = {
network.networks."80-container-host0" = networkdAssignment "host0" assignments.hi;
network.networks = {
"80-container-host0" = networkdAssignment "host0" assignments.hi;
"80-container-lan-lo" = networkdAssignment "lan-lo" assignments.lo;
};
};
services = { };
services = {
mosquitto = {
enable = true;
listeners = [
{
omitPasswordAuth = true;
settings = {
allow_anonymous = true;
};
}
];
};
go2rtc = {
enable = true;
settings = {
streams = {
reolink_living_room = [
# "http://reolink-living-room.${domain}/flv?port=1935&app=bcs&stream=channel0_main.bcs&user=admin#video=copy#audio=copy#audio=opus"
"rtsp://admin:@reolink-living-room:554/h264Preview_01_main"
];
webcam_office = [
"ffmpeg:device?video=/dev/video0&video_size=1024x576#video=h264"
];
};
};
};
frigate = {
enable = true;
hostname = "frigate.${domain}";
settings = {
mqtt = {
enabled = true;
host = "localhost";
topic_prefix = "frigate";
};
cameras = {
reolink_living_room = {
ffmpeg.inputs = [
{
path = "rtsp://127.0.0.1:8554/reolink_living_room";
input_args = "preset-rtsp-restream";
roles = [ "record" "detect" ];
}
];
detect = {
enabled = false;
};
record = {
enabled = true;
retain.days = 1;
};
};
webcam_office = {
ffmpeg.inputs = [
{
path = "rtsp://127.0.0.1:8554/webcam_office";
input_args = "preset-rtsp-restream";
roles = [ "record" "detect" ];
}
];
detect.enabled = false;
record = {
enabled = true;
retain.days = 1;
};
};
};
};
};
home-assistant =
let
cfg = config.services.home-assistant;
pyirishrail = ps: ps.buildPythonPackage rec {
pname = "pyirishrail";
version = "0.0.2";
src = pkgs.fetchFromGitHub {
owner = "ttroy50";
repo = "pyirishrail";
tag = version;
hash = "sha256-NgARqhcXP0lgGpgBRiNtQaSn9JcRNtCcZPljcL7t3Xc=";
};
dependencies = with ps; [
requests
];
pyproject = true;
build-system = [ ps.setuptools ];
};
in
{
enable = true;
extraComponents = [
"default_config"
"esphome"
"google_translate"
"met"
"zha"
"denonavr"
"webostv"
"androidtv_remote"
"heos"
"mqtt"
"wled"
];
extraPackages = python3Packages: with python3Packages; [
zlib-ng
isal
gtts
(pyirishrail python3Packages)
];
customComponents = with pkgs.home-assistant-custom-components; [
alarmo
frigate
];
configWritable = false;
openFirewall = true;
config = {
default_config = {};
homeassistant = {
name = "Home";
unit_system = "metric";
currency = "EUR";
country = "IE";
time_zone = "Europe/Dublin";
external_url = "https://hass.${pubDomain}";
internal_url = "http://hass-ctr.${domain}:${toString cfg.config.http.server_port}";
};
http = {
use_x_forwarded_for = true;
trusted_proxies = with allAssignments.middleman.internal; [
ipv4.address
ipv6.address
];
ip_ban_enabled = false;
};
automation = "!include automations.yaml";
script = "!include scripts.yaml";
scene = "!include scenes.yaml";
sensor = [
{
platform = "irish_rail_transport";
name = "To Work from Home";
station = "Glenageary";
stops_at = "Dublin Connolly";
direction = "Northbound";
}
{
platform = "irish_rail_transport";
name = "To Home from Work";
station = "Dublin Connolly";
stops_at = "Glenageary";
direction = "Southbound";
}
];
};
};
};
};
};
};

4
nixos/boxes/home/palace/vms/sfh/containers/unifi.nix
View File

@@ -55,8 +55,8 @@ in
unifi = {
enable = true;
openFirewall = true;
unifiPackage = pkgs.unifi8;
mongodbPackage = pkgs.mongodb-6_0;
unifiPackage = pkgs.unifi;
mongodbPackage = pkgs.mongodb-7_0;
};
};
};

34
nixos/boxes/home/palace/vms/sfh/default.nix
View File

@@ -29,7 +29,7 @@ in
configuration = { lib, modulesPath, pkgs, config, assignments, allAssignments, ... }:
let
inherit (lib) mapAttrs mkMerge;
inherit (lib) mapAttrs mkMerge mkForce;
inherit (lib.my) networkdAssignment;
inherit (lib.my.c) networkd;
inherit (lib.my.c.home) domain;
@@ -111,6 +111,13 @@ in
MTUBytes = toString lib.my.c.home.hiMTU;
};
};
"10-lan-lo-ctrs" = {
matchConfig = {
Driver = "virtio_net";
PermanentMACAddress = "52:54:00:a5:7e:93";
};
linkConfig.Name = "lan-lo-ctrs";
};
};
networks = {
@@ -124,8 +131,28 @@ in
linkConfig.RequiredForOnline = "no";
networkConfig = networkd.noL3;
};
"30-lan-lo-ctrs" = {
matchConfig.Name = "lan-lo-ctrs";
linkConfig.RequiredForOnline = "no";
networkConfig = networkd.noL3;
};
};
};
systemd.nspawn = {
hass = {
networkConfig = {
MACVLAN = mkForce "lan-hi-ctrs:host0 lan-lo-ctrs:lan-lo";
};
};
};
systemd.services = {
"systemd-nspawn@hass".serviceConfig.DeviceAllow = [
"char-ttyUSB rw"
"char-video4linux rw"
];
};
my = {
secrets = {
@@ -151,6 +178,11 @@ in
hass = {
bindMounts = {
"/dev/bus/usb/001/002".readOnly = false;
"/dev/video0".readOnly = false;
"/dev/serial/by-id/usb-Nabu_Casa_Home_Assistant_Connect_ZBT-1_ce549704fe38ef11a2c2e5d154516304-if00-port0" = {
readOnly = false;
mountPoint = "/dev/ttyUSB0";
};
};
};
};

4
nixos/boxes/home/routing-common/default.nix
View File

@@ -141,8 +141,8 @@ in
onState = [ "configured" ];
script = ''
#!${pkgs.runtimeShell}
if [ $IFACE = "wan-ifb" ]; then
${pkgs.iproute2}/bin/tc filter add dev wan parent ffff: matchall action mirred egress redirect dev $IFACE
if [ "$IFACE" = "wan-ifb" ]; then
${pkgs.iproute2}/bin/tc filter add dev wan parent ffff: matchall action mirred egress redirect dev "$IFACE"
fi
'';
};

74
nixos/boxes/home/routing-common/dns-blocklist.txt Normal file
View File

@@ -0,0 +1,74 @@
# Blocklist for LG WebOS Services (US)
ad.lgappstv.com
ibis.lgappstv.com
info.lgsmartad.com
lgtvsdp.com
ngfts.lge.com
rdx2.lgtvsdp.com
smartshare.lgtvsdp.com
lgappstv.com
us.ad.lgsmartad.com
us.ibs.lgappstv.com
us.info.lgsmartad.com
us.lgtvsdp.com
# Community Contributions
lgad.cjpowercast.com
edgesuite.net
yumenetworks.com
smartclip.net
smartclip.com
# Non-US Entries
rdx2.lgtvsdp.com
info.lgsmartad.com
ibs.lgappstv.com
lgtvsdp.com
lgappstv.com
smartshare.lgtvsdp.com
# Full Block for Europe and Other Regions
de.ad.lgsmartad.com
de.emp.lgsmartplatform.com
de.ibs.lgappstv.com
de.info.lgsmartad.com
de.lgeapi.com
de.lgtvsdp.com
de.rdx2.lgtvsdp.com
eu.ad.lgsmartad.com
eu.ibs.lgappstv.com
eu.info.lgsmartad.com
app-lgwebos.pluto.tv
it.lgtvsdp.com
it.lgeapi.com
it.emp.lgsmartplatform.com
# LG ThinQ Services
eic.common.lgthinq.com
eic.iotservice.lgthinq.com
eic.service.lgthinq.com
eic.ngfts.lge.com
eic.svc-lgthinq-com.aws-thinq-prd.net
eic.cdpsvc.lgtvcommon.com
eic.cdpbeacon.lgtvcommon.com
eic.cdplauncher.lgtvcommon.com
eic.homeprv.lgtvcommon.com
eic.lgtviot.com
eic.nudge.lgtvcommon.com
eic.rdl.lgtvcommon.com
eic.recommend.lgtvcommon.com
eic.service.lgtvcommon.com
gb-lgeapi-com.esi-prd.net
gb.lgeapi.com
lgtvonline.lge.com
lg-channelplus-de-beacons.xumo.com
lg-channelplus-de-mds.xumo.com
lg-channelplus-eu-beacons.xumo.com
lg-channelplus-eu-mds.xumo.com
kr-op-v2.lgthinqhome.com
ngfts.lge.com
noti.lgthinq.com
objectcontent.lgthinq.com
# Update Server Block
#snu.lge.com

69
nixos/boxes/home/routing-common/dns.nix
View File

@@ -19,7 +19,7 @@ in
owner = "pdns";
group = "pdns";
};
"home/pdns/recursor.conf" = {
"home/pdns/recursor.yml" = {
owner = "pdns-recursor";
group = "pdns-recursor";
};
@@ -28,53 +28,79 @@ in
pdns.recursor = {
enable = true;
extraSettingsFile = config.age.secrets."home/pdns/recursor.conf".path;
extraSettingsFile = config.age.secrets."home/pdns/recursor.yml".path;
};
};
services = {
pdns-recursor = {
dns = {
address = [
yaml-settings = {
incoming = {
listen = [
"127.0.0.1" "::1"
assignments.hi.ipv4.address assignments.hi.ipv6.address
assignments.lo.ipv4.address assignments.lo.ipv6.address
];
allowFrom = [
allow_from = [
"127.0.0.0/8" "::1/128"
prefixes.hi.v4 prefixes.hi.v6
prefixes.lo.v4 prefixes.lo.v6
] ++ (with lib.my.c.tailscale.prefix; [ v4 v6 ]);
};
settings = {
query-local-address = [
"0.0.0.0"
"::"
];
forward-zones = map (z: "${z}=127.0.0.1:5353") authZones;
# DNS NOTIFY messages override TTL
allow-notify-for = authZones;
allow-notify-from = [ "127.0.0.0/8" "::1/128" ];
allow_notify_for = authZones;
allow_notify_from = [ "127.0.0.0/8" "::1/128" ];
};
webserver = true;
webserver-address = "::";
webserver-allow-from = [ "127.0.0.1" "::1" ];
outgoing = {
source_address = [ "0.0.0.0" "::" ];
};
recursor = {
forward_zones = map (z: {
zone = z;
forwarders = [ "127.0.0.1:5353" ];
}) authZones;
lua_dns_script = pkgs.writeText "pdns-script.lua" ''
blocklist = newDS()
lua-dns-script = pkgs.writeText "pdns-script.lua" ''
-- Disney+ doesn't like our IP space...
function preresolve(dq)
local name = dq.qname:toString()
-- Disney+ doesn't like our IP space...
if dq.qtype == pdns.AAAA and (string.find(name, "disneyplus") or string.find(name, "disney-plus") or string.find(name , "disney.api")) then
dq.rcode = 0
return true
end
if blocklist:check(dq.qname) then
if dq.qtype == pdns.A then
dq:addAnswer(dq.qtype, "127.0.0.1")
elseif dq.qtype == pdns.AAAA then
dq:addAnswer(dq.qtype, "::1")
end
return true
end
return false
end
for line in io.lines("${./dns-blocklist.txt}") do
entry = line:gsub("%s+", "")
if entry ~= "" and string.sub(entry, 1, 1) ~= "#" then
blocklist:add(entry)
end
end
'';
};
webservice = {
webserver = true;
address = "::";
allow_from = [ "127.0.0.1" "::1" ];
};
};
};
};
@@ -206,6 +232,9 @@ in
ups IN A ${net.cidr.host 20 prefixes.lo.v4}
palace-kvm IN A ${net.cidr.host 21 prefixes.lo.v4}
reolink-living-room IN A ${net.cidr.host 45 prefixes.lo.v4}
nixlight IN A ${net.cidr.host 46 prefixes.lo.v4}
${lib.my.dns.fwdRecords {
inherit allAssignments names;
domain = config.networking.domain;

31
nixos/boxes/home/routing-common/kea.nix
View File

@@ -132,6 +132,37 @@ in
hw-address = "24:8a:07:a8:fe:3a";
ip-address = net.cidr.host 40 prefixes.lo.v4;
}
{
# avr
hw-address = "8c:a9:6f:30:03:6b";
ip-address = net.cidr.host 41 prefixes.lo.v4;
}
{
# tv
hw-address = "00:a1:59:b8:4d:86";
ip-address = net.cidr.host 42 prefixes.lo.v4;
}
{
# android tv
hw-address = "b8:7b:d4:95:c6:74";
ip-address = net.cidr.host 43 prefixes.lo.v4;
}
{
# hass-panel
hw-address = "80:30:49:cd:d7:51";
ip-address = net.cidr.host 44 prefixes.lo.v4;
}
{
# reolink-living-room
hw-address = "ec:71:db:30:69:a4";
ip-address = net.cidr.host 45 prefixes.lo.v4;
}
{
# nixlight
hw-address = "00:4b:12:3b:d3:14";
ip-address = net.cidr.host 46 prefixes.lo.v4;
}
];
}
];

4
nixos/boxes/home/routing-common/mstpd.nix
View File

@@ -24,8 +24,8 @@ in
onState = [ "routable" ];
script = ''
#!${pkgs.runtimeShell}
if [ $IFACE = "lan" ]; then
${mstpd}/sbin/mstpctl setforcevers $IFACE rstp
if [ "$IFACE" = "lan" ]; then
${mstpd}/sbin/mstpctl setforcevers "$IFACE" rstp
fi
'';
};

3
nixos/boxes/kelder/containers/spoder/default.nix
View File

@@ -92,7 +92,8 @@ in
nextcloud = {
enable = true;
package = pkgs.nextcloud29;
# TODO: Might need to do some bullshit to go from Nextcloud 28 (?) to 30
package = pkgs.nextcloud30;
datadir = "/mnt/storage/nextcloud";
hostName = "cloud.${domain}";
https = true;

4
nixos/installer.nix
View File

@@ -31,8 +31,10 @@
server.enable = true;
};
image = {
baseName = "jackos-installer";
};
isoImage = {
isoBaseName = "jackos-installer";
volumeID = "jackos-${config.system.nixos.release}-${pkgs.stdenv.hostPlatform.uname.processor}";
edition = "devplayer0";
appendToMenuLabel = " /dev/player0 Installer";

6
nixos/modules/borgthin.nix
View File

@@ -1,4 +1,4 @@
{ lib, pkgs, config, ... }:
{ inputs, lib, pkgs, config, ... }:
let
inherit (builtins) substring match;
inherit (lib)
@@ -127,7 +127,9 @@ in
enable = mkBoolOpt' false "Whether to enable borgthin jobs";
lvmPackage = mkOpt' package pkgs.lvm2 "Packge containing LVM tools";
thinToolsPackage = mkOpt' package pkgs.thin-provisioning-tools "Package containing thin-provisioning-tools";
package = mkOpt' package pkgs.borgthin "borgthin package";
# Really we should use the version from the overlay, but the package is quite far behind...
# Not bothering to update until Borg 2.0 releases
package = mkOpt' package inputs.borgthin.packages.${config.nixpkgs.system}.borgthin "borgthin package";
jobs = mkOpt' (attrsOf jobType) { } "borgthin jobs";
};

2
nixos/modules/build.nix
View File

@@ -221,8 +221,8 @@ in
memorySize = dummyOption;
qemu.options = dummyOption;
};
image.baseName = dummyOption;
isoImage = {
isoBaseName = dummyOption;
volumeID = dummyOption;
edition = dummyOption;
appendToMenuLabel = dummyOption;

7
nixos/modules/common.nix
View File

@@ -12,6 +12,7 @@ in
inputs.impermanence.nixosModule
inputs.ragenix.nixosModules.age
inputs.sharry.nixosModules.default
inputs.copyparty.nixosModules.default
];
config = mkMerge [
@@ -65,10 +66,12 @@ in
};
nixpkgs = {
overlays = [
inputs.deploy-rs.overlay
inputs.deploy-rs.overlays.default
inputs.sharry.overlays.default
inputs.borgthin.overlays.default
# TODO: Re-enable when borgthin is updated
# inputs.borgthin.overlays.default
inputs.boardie.overlays.default
inputs.copyparty.overlays.default
];
config = {
allowUnfree = true;

1
nixos/modules/gui/default.nix
View File

@@ -56,6 +56,7 @@ in
gnome = {
gnome-keyring.enable = true;
};
udisks2.enable = true;
udev = {
packages = [

9
nixos/modules/netboot/default.nix
View File

@@ -14,11 +14,14 @@ let
rev = "b66e27d9b29a172a097c737ab4d378d60fe01b05";
hash = "sha256-TKZ4WjNV2oZIYNefch7E7m1JpeoC/d7O1kofoNv8G40=";
};
# This upstream patch (in newer versions) is needed for newer GCC
patches = (if (o ? patches) then o.patches else []) ++ [ ./fix-uninitialised-var.patch ];
});
tftpRoot = pkgs.linkFarm "tftp-root" [
{
name = "ipxe-x86_64.efi";
path = "${pkgs.ipxe}/ipxe.efi";
path = "${ipxe}/ipxe.efi";
}
];
menuFile = pkgs.runCommand "menu.ipxe" {
@@ -27,10 +30,11 @@ let
substituteAll ${./menu.ipxe} "$out"
'';
bootBuilder = pkgs.substituteAll {
bootBuilder = pkgs.replaceVarsWith {
src = ./netboot-loader-builder.py;
isExecutable = true;
replacements = {
inherit (pkgs) python3;
bootspecTools = pkgs.bootspec;
nix = config.nix.package.out;
@@ -45,6 +49,7 @@ let
fi
'';
};
};
in
{
options.my.netboot = with lib.types; {

48
nixos/modules/netboot/fix-uninitialised-var.patch Normal file
View File

@@ -0,0 +1,48 @@
From 7f75d320f6d8ac7ec5185b2145da87f698aec273 Mon Sep 17 00:00:00 2001
From: Michael Brown <mcb30@ipxe.org>
Date: Mon, 2 Sep 2024 12:24:57 +0100
Subject: [PATCH] [etherfabric] Fix use of uninitialised variable in
falcon_xaui_link_ok()
The link status check in falcon_xaui_link_ok() reads from the
FCN_XX_CORE_STAT_REG_MAC register only on production hardware (where
the FPGA version reads as zero), but modifies the value and writes
back to this register unconditionally. This triggers an uninitialised
variable warning on newer versions of gcc.
Fix by assuming that the register exists only on production hardware,
and so moving the "modify-write" portion of the "read-modify-write"
operation to also be covered by the same conditional check.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
---
src/drivers/net/etherfabric.c | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/src/drivers/net/etherfabric.c b/src/drivers/net/etherfabric.c
index b40596beae7..be30b71f79f 100644
--- a/src/drivers/net/etherfabric.c
+++ b/src/drivers/net/etherfabric.c
@@ -2225,13 +2225,16 @@ falcon_xaui_link_ok ( struct efab_nic *efab )
sync = ( sync == FCN_XX_SYNC_STAT_DECODE_SYNCED );
link_ok = align_done && sync;
- }
- /* Clear link status ready for next read */
- EFAB_SET_DWORD_FIELD ( reg, FCN_XX_COMMA_DET, FCN_XX_COMMA_DET_RESET );
- EFAB_SET_DWORD_FIELD ( reg, FCN_XX_CHARERR, FCN_XX_CHARERR_RESET);
- EFAB_SET_DWORD_FIELD ( reg, FCN_XX_DISPERR, FCN_XX_DISPERR_RESET);
- falcon_xmac_writel ( efab, &reg, FCN_XX_CORE_STAT_REG_MAC );
+ /* Clear link status ready for next read */
+ EFAB_SET_DWORD_FIELD ( reg, FCN_XX_COMMA_DET,
+ FCN_XX_COMMA_DET_RESET );
+ EFAB_SET_DWORD_FIELD ( reg, FCN_XX_CHARERR,
+ FCN_XX_CHARERR_RESET );
+ EFAB_SET_DWORD_FIELD ( reg, FCN_XX_DISPERR,
+ FCN_XX_DISPERR_RESET );
+ falcon_xmac_writel ( efab, &reg, FCN_XX_CORE_STAT_REG_MAC );
+ }
has_phyxs = ( efab->phy_op->mmds & ( 1 << MDIO_MMD_PHYXS ) );
if ( link_ok && has_phyxs ) {

10
nixos/modules/network.nix
View File

@@ -12,16 +12,6 @@ in
useNetworkd = mkDefault true;
};
systemd = {
additionalUpstreamSystemUnits = mkIf (config.system.nixos.release == "24.12:u-24.11") [
# TODO: NixOS has its own version of this, but with `network` instead of `networkd`. Is this just a typo? It
# hasn't been updated in 2 years...
# This has been done upstream now :)
# TODO: Remove when 25.05 releases
"systemd-networkd-wait-online@.service"
];
};
services.resolved = {
domains = [ config.networking.domain ];
# Explicitly unset fallback DNS (Nix module will not allow for a blank config)

32
nixos/modules/nvme/default.nix
View File

@@ -4,19 +4,6 @@ let
inherit (lib.my) mkOpt';
cfg = config.my.nvme;
nvme-cli = pkgs.nvme-cli.override {
libnvme = pkgs.libnvme.overrideAttrs (o: rec {
# TODO: Remove when 1.11.1 releases (see https://github.com/linux-nvme/libnvme/pull/914)
version = "1.11.1";
src = pkgs.fetchFromGitHub {
owner = "linux-nvme";
repo = "libnvme";
rev = "v${version}";
hash = "sha256-CEGr7PDOVRi210XvICH8iLYDKn8S9bGruBO4tycvsT8=";
};
patches = (if (o ? patches) then o.patches else [ ]) ++ [ ./libnvme-hostconf.patch ];
});
};
hostNQN = "nqn.2014-08.org.nvmexpress:uuid:${cfg.uuid}";
etc = prefix: {
@@ -36,7 +23,7 @@ in
config = mkIf (cfg.uuid != null) {
environment = {
systemPackages = [
nvme-cli
pkgs.nvme-cli
];
etc = etc "";
};
@@ -52,10 +39,6 @@ in
ip = "${iproute2}/bin/ip";
nvme = "${nvme-cli}/bin/nvme";
};
extraConfig = ''
DefaultTimeoutStartSec=20
DefaultDeviceTimeoutSec=20
'';
network = {
enable = true;
@@ -70,14 +53,25 @@ in
serviceConfig = {
Type = "oneshot";
ExecStart = "${nvme-cli}/bin/nvme connect -t rdma -a ${cfg.boot.address} -n ${cfg.boot.nqn}";
ExecStart = "${pkgs.nvme-cli}/bin/nvme connect -t rdma -a ${cfg.boot.address} -n ${cfg.boot.nqn} -q ${hostNQN}";
Restart = "on-failure";
RestartSec = 10;
};
wantedBy = [ "initrd-root-device.target" ];
};
# TODO: Remove when 25.11 releases
} // (if (lib.versionAtLeast lib.my.upstreamRelease "25.11") then {
settings.Manager = {
DefaultTimeoutStartSec = 20;
DefaultDeviceTimeoutSec = 20;
};
} else {
extraConfig = ''
DefaultTimeoutStartSec=20
DefaultDeviceTimeoutSec=20
'';
});
};
};
};

16
nixos/modules/pdns.nix
View File

@@ -1,7 +1,7 @@
{ lib, pkgs, config, ... }:
let
inherit (builtins) isList;
inherit (lib) mkMerge mkIf mkDefault mapAttrsToList concatMapStringsSep concatStringsSep;
inherit (lib) mkMerge mkIf mkDefault mapAttrsToList concatMapStringsSep concatStringsSep getExe;
inherit (lib.my) mkBoolOpt' mkOpt';
# Yoinked from nixos/modules/services/networking/pdns-recursor.nix
@@ -165,7 +165,7 @@ let
extraSettingsOpt = with lib.types; mkOpt' (nullOr str) null "Path to extra settings (e.g. for secrets).";
baseAuthSettings = pkgs.writeText "pdns.conf" (settingsToLines cfg.auth.settings);
baseRecursorSettings = pkgs.writeText "pdns-recursor.conf" (settingsToLines config.services.pdns-recursor.settings);
baseRecursorSettings = (pkgs.formats.yaml { }).generate "pdns-recursor.yaml" config.services.pdns-recursor.yaml-settings;
generateSettings = type: base: dst: if (cfg."${type}".extraSettingsFile != null) then ''
oldUmask="$(umask)"
umask 006
@@ -174,6 +174,14 @@ let
'' else ''
cp "${base}" "${dst}"
'';
generateYamlSettings = type: base: dst: if (cfg."${type}".extraSettingsFile != null) then ''
oldUmask="$(umask)"
umask 006
${getExe pkgs.yaml-merge} "${base}" "${cfg."${type}".extraSettingsFile}" > "${dst}"
umask "$oldUmask"
'' else ''
cp "${base}" "${dst}"
'';
namedConf = pkgs.writeText "pdns-named.conf" ''
options {
@@ -315,9 +323,9 @@ in
(mkIf cfg.recursor.enable {
systemd.services.pdns-recursor = {
preStart = ''
${generateSettings "recursor" baseRecursorSettings "/run/pdns-recursor/recursor.conf"}
${generateYamlSettings "recursor" baseRecursorSettings "/run/pdns-recursor/recursor.yml"}
'';
serviceConfig.ExecStart = [ "" "${pkgs.pdns-recursor}/bin/pdns_recursor --config-dir=/run/pdns-recursor" ];
serviceConfig.ExecStart = [ "" "${pkgs.pdns-recursor}/bin/pdns_recursor --config-dir=/run/pdns-recursor --daemon=no --write-pid=no --disable-syslog --log-timestamp=no" ];
};
services.pdns-recursor = {

44
nixos/modules/tmproot.nix
View File

@@ -551,7 +551,7 @@ in
];
});
})
(mkIf (config.services ? "pds" && config.services.pds.enable) {
(mkIf (config.services ? "bluesky-pds" && config.services.bluesky-pds.enable) {
my.tmproot.persistence.config.directories = [
{
directory = "/var/lib/pds";
@@ -561,6 +561,48 @@ in
}
];
})
(mkIf config.services.home-assistant.enable {
my.tmproot.persistence.config.directories = [
{
directory = config.services.home-assistant.configDir;
mode = "0750";
user = "hass";
group = "hass";
}
];
})
(mkIf config.services.frigate.enable {
my.tmproot.persistence.config.directories = [
{
directory = "/var/lib/frigate";
mode = "0755";
user = "frigate";
group = "frigate";
}
{
directory = "/var/cache/frigate";
mode = "0755";
user = "frigate";
group = "frigate";
}
];
})
(mkIf config.services.copyparty.enable {
my.tmproot.persistence.config.directories = [
{
directory = "/var/lib/copyparty";
mode = "0755";
user = "copyparty";
group = "copyparty";
}
{
directory = "/var/cache/copyparty";
mode = "0755";
user = "copyparty";
group = "copyparty";
}
];
})
]))
]);

4
pkgs/chocolate-doom2xx/default.nix
View File

@@ -1,4 +1,4 @@
{ lib, stdenv, autoreconfHook, pkg-config, SDL, SDL_mixer, SDL_net
{ lib, stdenv, autoreconfHook, pkg-config, SDL1, SDL_mixer, SDL_net
, fetchFromGitHub, fetchpatch, python3 }:
stdenv.mkDerivation rec {
@@ -35,7 +35,7 @@ stdenv.mkDerivation rec {
# for documentation
python3
];
buildInputs = [ (SDL.override { cacaSupport = true; }) SDL_mixer SDL_net ];
buildInputs = [ (SDL1.override { cacaSupport = true; }) SDL_mixer SDL_net ];
enableParallelBuilding = true;
meta = {

1
pkgs/default.nix
View File

@@ -11,5 +11,4 @@ in
chocolate-doom2xx = callPackage ./chocolate-doom2xx { };
windowtolayer = callPackage ./windowtolayer.nix { };
swaylock-plugin = callPackage ./swaylock-plugin.nix { };
terminaltexteffects = callPackage ./terminaltexteffects.nix { };
}

19
pkgs/terminaltexteffects.nix
View File

@@ -1,19 +0,0 @@
{ lib
, python3Packages
, fetchPypi
}:
python3Packages.buildPythonApplication rec {
pname = "terminaltexteffects";
version = "0.10.1";
pyproject = true;
src = fetchPypi {
inherit pname version;
hash = "sha256-NyWPfdgLeXAxKPJOzB7j4aT+zjrURN59CGcv0Vt99y0=";
};
build-system = with python3Packages; [
poetry-core
];
}

15
pkgs/windowtolayer.nix
View File

@@ -1,18 +1,25 @@
{ lib
, fetchFromGitLab
, rustPlatform
, python3
, rustfmt
}:
rustPlatform.buildRustPackage rec {
pname = "windowtolayer";
version = "a5b89c3c";
version = "97ebd079";
nativeBuildInputs = [
python3
rustfmt
];
src = fetchFromGitLab {
domain = "gitlab.freedesktop.org";
owner = "mstoeckl";
repo = pname;
rev = "a5b89c3c047297fd574932860a6c89e9ea02ba5d";
hash = "sha256-rssL2XkbTqUvJqfUFhzULeE4/VBzjeBC5iZWSJ8MJ+M=";
rev = "97ebd0790b13bf00afb0c53a768397882fd2e831";
hash = "sha256-XjbhZEoE5NPBofyJe7OSsE7MWgzjyRjBqiEzaQEuRrU=";
};
cargoHash = "sha256-XHmLsx9qdjlBz4xJFFiO24bR9CMw1o5368K+YMpMIBA=";
cargoHash = "sha256-M0BVSUEFGvjgX+vSpwzvaEGs0i80XOTCzvbV4SzYpLc=";
}

12
secrets/estuary/pdns/recursor.conf.age
View File

@@ -1,12 +0,0 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IG44Q3BVdyA4bGQr
dzJZbU4reWI1Sk45QTR3UkRoc0NvaDBFcUwrVWlCYWUrcWtYZGpNCm1PWjVzRVlt
UDFKY2ZSZTg4S2pVZ0pDNzR1WklYQ3pEclJZLy9kKzdGTGsKLT4gWDI1NTE5IHFO
TXVRK2d3azg2cHpRanhUNXp6YnRsZW1MUDJqc3l1bnNYNUhHaTIzMVkKWXp1M09H
TnJIazRmb0tOSnE1Q0E1dERiaHZCQkh2YzE1cS9zRUhwaEovMAotPiBzPj5nLWdy
ZWFzZQozSThRWnJCcVFFRHpoSi9tZnZMdnJoRlFud2VISHBHSThMem9qZVVWdS9C
VFBDVEVzbUVCdFU2Qy9PaGdyc0FaCmk3UFZma2ZiR3hmWG1sa053bDBnY04yZ1VZ
TW9jZwotLS0gMDVSaE5aakxHenFPVXpXa1JxczlWQ2x2VGNuQzdwaWZFTTFTaUp6
cnRmZwoomylfwjD5A3N21/mk1Wtt8f4bsK747iZz7KT34kqmoX597rbGYxyip5lg
VLZV6CY4LLRjnnSKoC2hIXU0dgudAmvxhztuaQ42fOc=
-----END AGE ENCRYPTED FILE-----

12
secrets/estuary/pdns/recursor.yml.age Normal file
View File

@@ -0,0 +1,12 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IG44Q3BVdyB0RnVq
RUpSZy9qZ29DemdnWjdscHMvelRYUGF0YVZlNDFtdzFRdVljbGpZCjdWcE50ck44
NVBsbVk3SmR6cHhHdkJ0TWI2S2ppOUtnK3pMK28xeTc0KzgKLT4gWDI1NTE5IHIy
SEUxOCtjK3VFMEozblB1T00yRTE3c3dRSXIydmJHdmEvL25yMStOUVEKbE1XdU4z
L1lLcEJWY2w2WXRWbmVIN0ZBRVl1R1dhNk10MWtheTRCYjloZwotPiBXXXRKcS1n
cmVhc2UgRUBEWyBwamZsOVQKZ09pVGdWUG02WmxUcGNBN3RnbE42V05xRDE2azMr
WHd3VEt0NmwvZnI1dXdiSjNvaStsNTZmUEhwbUp5cVlieQpSYmhUVm1GbEJVdXo3
ZwotLS0gSkFZMFdiRHBjWFJsR3pqcytYZkEza3dsZ0ZyaDkxdmliZ3RUOFErUXlt
cwq9gj+Fg4p2D1548J+bhvJ0re9uVm9TZ9lJSqmj5tMxWRS9aN1j9BlhmK/RnEG9
KcodvBiyqibzauS4KC18xLLu986hK2gn3857waXn/AIp+p8BIA2J9M2M
-----END AGE ENCRYPTED FILE-----

16
secrets/hass/cli-token.txt.age Normal file
View File

@@ -0,0 +1,16 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFQrc2JHQSBmTlVp
RnlKNE9ySGo4L2h3VXBXRzIyZGdqU0RtUWk4ZmJVcGNKZ3BqTmpjCjJtQjUyTmJN
dkpsbVI3M01mQlNPSEI0U1lVeUJTMVlXUlpheGxVblhUbUkKLT4gWDI1NTE5IG5K
K0F3QWxJaW5CbW5TZElEVklIeUJxS0JCc2IxaFI5dVZrbDc3NDZGV2MKOVR6M0k5
eW5HWDQrT3Rtb0tIM1EyajI1V0dKbHBLb0tVNU9nb21OUjcxYwotPiA5anw6bk56
dC1ncmVhc2UgPCVeLiZyIH4KTGFRWHBGZFBJUElONUZLb3pJeXNZeXhoakYwT3BM
TW9kUXBhOGhNbHh1Q1RPRTlCRnhSckg5NEUxWk5MVHJucQp4YlFDcVRzK2V5bWVT
V0xLQjN1SjVTaWNJajJaTjRrQTd2VHlMRy82TExXbAotLS0gVE5YZVhTWXl4VUN2
WUpidkJLV1JDU0R2QkdHZE5ZbCt2K2FlbGNjK0ZlNApzDh+kgAy4SBqC51mJi+VX
ON8wbwLVTQRs1H30eyWNzt/3MO++eS4AoZUKQZUxURwXfhV0t0zd5/MlByBsqaHR
+W6O/9Dp8e/8GYSX3D892r1LKN0AYHgcKeKwEtJojt5CTNJS2IgU6UxZhTliqAEc
NkfxvcoAEHhGhPOudEIX2SgjrgVGJA8MYm6/46zAolZws3TWim3NEgJpb9tWXpvi
1f/MXuxiowplF+PqCsd1EGzpXKsvADq6Rwyxpo6CbJzrq+GhFrTHF+LRkzjWx6JE
LUsZwDqOZUY=
-----END AGE ENCRYPTED FILE-----

14
secrets/home/pdns/recursor.conf.age
View File

@@ -1,14 +0,0 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpOcUlvZyBlODZr
RHpJcFdFaVNYM0x1d3QxVmhKTFBkMndrakFYS3FxWk00YWxXejNzCkFqWFlCWUt2
cGluRGtxODQzbElhRWt1TGFVeTE1UU5SSkdZejJzNVdhZ3cKLT4gc3NoLWVkMjU1
MTkgcytxUmZnIFRpeVNsT2Jqc2I4dzB3cEFWK2ZEZlpJQklWSnhJM3o0Ukhsc1lz
REZ0VFkKWWJPckVSNlZHREJIVVgwNVNBSkpSbHRPcUxIWVo4ZTlyVkovTGRpZThL
MAotPiBYMjU1MTkgUGxhR2d3TVh1dnJwQjNoY0pjV09halZKZFhybVk3Vjk3Tmwr
bDd5ckp6MApBcW8zbUl1SnhmOXZwOFRNUG1EZUNacDlXdXJSbWFUeG5GNjM3eXJo
RmR3Ci0+IDstZ3JlYXNlICRoICVbfmU2fQpFYzNyZXBxVU5jT3JSY1NFMGEzUnVF
WFQ2MmR2SGQ0Vnd6V0VxQlp5bE5LZ2NML2hyd09LOEVPL2lGREdLR3FMCmVGN09J
OUNscVh1d0VSdwotLS0gbTB1NnZ4Q3B6WE1KVzJjbmVwL2dEVjc4WnRXZTlYbFBG
T3htUHBWang2awr0OgkUO6XPZji5ZBNpqGwOlwpa605t38QCmFSXvPQhvT4Gj/0+
rUvg7zWf5Yb4c86EDD05CsqGEUQTOKEz08z0lewN5kuFfZmrYQY=
-----END AGE ENCRYPTED FILE-----

14
secrets/home/pdns/recursor.yml.age Normal file
View File

@@ -0,0 +1,14 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpOcUlvZyBJSU1V
M1QyaWcvcFJlUlJEcDVvblJGcXJDWk11RDhCZzBkY2Qyc2lDQW5jCjJVRVBWMTZy
SHNTZG9ZSnZ3RjRqUE9Ub3JKZERkcTZpeEhSUlppTmVsZm8KLT4gc3NoLWVkMjU1
MTkgcytxUmZnIFFsbm1oNk1jNndoU0J3SkdFSkNhSGNVRjdQb2JSUFBnczVwdlF0
bDVhaVUKaFBzSHF3THNiL09Ib2ZhOFlyNVY0Q1ZwOUMwczZiQW9jVlNwanRYek1P
WQotPiBYMjU1MTkgcEppMVBpbmRGS1h5RUgwNkZPZ0dXWVpkdXlZcFc5S3dQaDA4
THdhUm9oTQpLbUpTaVVuQ29Zc3FuQ2MyaFcvTkxVK1l1T3V0L3FZSXZBS2dlY2hM
VUNVCi0+IENcLWdyZWFzZSAnNGJjfiB1IHB3QDpUIHsoQi57Ilw9CnkxdFRqWVZi
ZFdHQXJwNGZuNDg2Q3cKLS0tIDJSNmthczc1U2xxSlVKZDBLc1BHNnFMV3MwK3Qr
ckJDL204d210NW1Pb2sKCC+sa8uPupC3Rv+o12XT/wTmLsKhtaE/bbshPCDIHUFn
cpTwpY96JsCShAjSb6n7Xt6FgTKTFt2iDsGQ6+sLp0AJ2quxRaoxmqaFVsz4p8BL
gF0On7LgZg==
-----END AGE ENCRYPTED FILE-----

11
secrets/jackflix/copyparty-pass.txt.age Normal file
View File

@@ -0,0 +1,11 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGhNYTRudyA4Qk8z
SkhFWWMyaGM1c2luVzZzbWNvT0ZsS09yN0w1N01oY0tldWFXZnhVCkM0YzBVZUM1
MmRzdFlCL1o5ZTdkTjkxQ1YyQ0kwbnJ0eVRuYUpQNWw2c0EKLT4gWDI1NTE5IGli
dkp5RjZRSmROMEtQeWJiVkt2UktxdTAwUzZBRW9XajFDblFqZ3ZVR0EKYzFubnp0
UHo5WlViYTNwbXFBd01qM0R4Wk82MTV1TzJsVVczdGRNSFRBQQotPiAnLWdyZWFz
ZSAuPzVDCm1SZkdDMHRjT2NBVXI5ektKZ1R3dXhMUEVRblhBdC9mclFZSitSODI0
OHZzZThEQnlBY25lVnFTQXRaV2FIYTIKeHkrY1NRCi0tLSBhUFgvd1BUbFlJeEFO
RWRBQzcrT0ZFMG5SZVliNlZnK2N2VDJVV05UTkhBCrZM7RtMrOVIGIpod8aU4GLn
0KBGTSq6kE01+f1kmTZDAKHx/LhiWgHYKLxTLW4VpYnUCg==
-----END AGE ENCRYPTED FILE-----