dev/nixfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Compare commits

base: dev:fastback-ssh
Branches Tags
dev:master dev:fastback-ssh
dev:installer
..
compare: dev:6eefe97764a6bef7cd6f1a3a3cf2b86887bd5638
Branches Tags
dev:master dev:fastback-ssh
dev:installer

35 Commits
fastback-s ... 6eefe97764

Author SHA1 Message Date
Jack O'Sullivan
6eefe97764 lib: Update river public IP
All checks were successful
CI / Check, build and cache Nix flake (push) Successful in 35m59s
Details
2024-04-13 15:04:52 +01:00
Jack O'Sullivan
4bc4fe3ee8 Update my nixpkgs (spdk 24.01) 2024-04-13 15:02:54 +01:00
Jack O'Sullivan
57ec2bfc1b nixos/home/routing-common: Make keepalived ping more resilient
All checks were successful
CI / Check, build and cache Nix flake (push) Successful in 33m37s
Details
2024-04-05 15:22:10 +01:00
Jack O'Sullivan
d9d1150feb Update nixpkgs and home-manager
All checks were successful
CI / Check, build and cache Nix flake (push) Successful in 1h21m12s
Details
2024-04-04 19:08:12 +01:00
Jack O'Sullivan
92896d8e52 nixos/stream: Un-hardcode deploy host
All checks were successful
CI / Check, build and cache Nix flake (push) Successful in 35m24s
Details
2024-03-25 11:20:58 +00:00
Jack O'Sullivan
477ffca33e nixos/common: Update registry to point to nixpkgs flake 2024-03-25 11:17:30 +00:00
Jack O'Sullivan
fdc65c544e nixos/home/routing-common: Add ping test to keepalived
All checks were successful
CI / Check, build and cache Nix flake (push) Successful in 35m51s
Details
2024-03-24 13:32:03 +00:00
Jack O'Sullivan
945302b7c0 lib: Update river IP 2024-03-24 12:45:43 +00:00
Jack O'Sullivan
5ccf19cab8 nixos/colony: Fix LVM activatio dependency cycle
All checks were successful
CI / Check, build and cache Nix flake (push) Successful in 35m28s
Details
2024-03-23 13:25:32 +00:00
Jack O'Sullivan
7b61dd7f03 nixos/colony: Enable PCIe AER 2024-03-23 12:45:59 +00:00
Jack O'Sullivan
682865a0e1 nixos/l2mesh: Add option to enable UDP encapsulation 2024-03-23 12:14:26 +00:00
Jack O'Sullivan
a0e4cf2479 lib: Bump JackOS version
All checks were successful
CI / Check, build and cache Nix flake (push) Successful in 24m28s
Details
2024-03-22 21:23:18 +00:00
Jack O'Sullivan
a5880d66f4 home-manager/gui: Use python3Packages instead of python310Packages
All checks were successful
CI / Check, build and cache Nix flake (push) Successful in 1h12m52s
Details
2024-03-21 23:32:01 +00:00
Jack O'Sullivan
27a4583879 pkgs/modrinth-app: Fix deps hash
Some checks failed
CI / Check, build and cache Nix flake (push) Has been cancelled
Details
2024-03-21 23:10:42 +00:00
Jack O'Sullivan
fdbf5f8aca lib: Update river IP 2024-03-21 21:16:01 +00:00
Jack O'Sullivan
40c491aa14 nixos/home/routing-common: Add MSS clamping to work around PMTUD
Some checks failed
CI / Check, build and cache Nix flake (push) Failing after 1h4m53s
Details
2024-03-21 20:42:06 +00:00
Jack O'Sullivan
1a8740fb9c nixos/home/routing-common: Increase RTT for CAKE 2024-03-21 20:41:28 +00:00
Jack O'Sullivan
f857e751b5 nixos/home/routing-common: Restart kea on failure 2024-03-21 20:40:38 +00:00
Jack O'Sullivan
b420f2377c Use fork of sharry for now
Some checks failed
CI / Check, build and cache Nix flake (push) Failing after 1h2m37s
Details
2024-03-18 21:22:52 +00:00
Jack O'Sullivan
7d90b5ecb8 Fix API changes from updates
Some checks failed
CI / Check, build and cache Nix flake (push) Failing after 16m14s
Details
2024-03-18 20:23:52 +00:00
Jack O'Sullivan
ace979c226 Update inputs
Some checks failed
CI / Check, build and cache Nix flake (push) Failing after 6m13s
Details
2024-03-18 17:41:41 +00:00
Jack O'Sullivan
f540edb361 nixos/routing-common: Clear IPv6 local default route
All checks were successful
CI / Check, build and cache Nix flake (push) Successful in 25m16s
Details
2024-03-13 21:52:09 +00:00
Jack O'Sullivan
6bc5cd79da lib: Update river IP 2024-03-13 21:31:05 +00:00
Jack O'Sullivan
5ec77dfde6 nixos/routing-common: Add DNS for Shytzel and wave
All checks were successful
CI / Check, build and cache Nix flake (push) Successful in 25m32s
Details
2024-03-13 21:00:20 +00:00
Jack O'Sullivan
52623d458e nixos/simpcraft: Update to Simpcraft 0.2.1
All checks were successful
CI / Check, build and cache Nix flake (push) Successful in 26m17s
Details
2024-01-27 14:36:40 +00:00
Jack O'Sullivan
23b29f0707 nixos/acquisition: Add transmission workaround
All checks were successful
CI / Check, build and cache Nix flake (push) Successful in 26m39s
Details
2024-01-21 23:27:27 +00:00
Jack O'Sullivan
338902497f nixos/simpcraft: Increase memory allocation to 8GiB
All checks were successful
CI / Check, build and cache Nix flake (push) Successful in 26m19s
Details
2024-01-20 12:07:43 +00:00
Jack O'Sullivan
977846991a nixos/simpcraft: Disable autosave during backup
All checks were successful
CI / Check, build and cache Nix flake (push) Successful in 26m20s
Details
2024-01-19 20:06:23 +00:00
Jack O'Sullivan
0e8aec58fb nixos/simpcraft: Update at odd intervals
All checks were successful
CI / Check, build and cache Nix flake (push) Successful in 25m52s
Details
2024-01-19 00:46:55 +00:00
Jack O'Sullivan
0f1de58917 nixos/simpcraft: Add backup
All checks were successful
CI / Check, build and cache Nix flake (push) Successful in 25m52s
Details
2024-01-18 12:12:06 +00:00
Jack O'Sullivan
32183bd331 devshell/commands: Overwrite home symlink if needed
All checks were successful
CI / Check, build and cache Nix flake (push) Successful in 26m29s
Details
2024-01-15 14:59:01 +00:00
Jack O'Sullivan
1813ca1927 nixos/simpcraft: Add missing environment file
All checks were successful
CI / Check, build and cache Nix flake (push) Successful in 25m59s
Details
2024-01-15 13:21:25 +00:00
Jack O'Sullivan
51d44e472a pkgs: Add working Minecraft on Wayland GLFW
Some checks failed
CI / Check, build and cache Nix flake (push) Failing after 12m18s
Details
2024-01-12 14:00:50 +00:00
Jack O'Sullivan
44e87aa387 Add wastebin
All checks were successful
CI / Check, build and cache Nix flake (push) Successful in 27m3s
Details
2024-01-10 15:21:40 +00:00
Jack O'Sullivan
f90deabb50 nixos/whale2: Update Simpcraft to 0.2.0
All checks were successful
CI / Check, build and cache Nix flake (push) Successful in 25m49s
Details
2024-01-10 01:10:13 +00:00
32 changed files with 548 additions and 297 deletions
Expand all files Collapse all files

4
devshell/commands.nix
View File

@@ -20,7 +20,7 @@ in
[ -e "${homeFlake}" ] && echo "${homeFlake} already exists" && exit 1 [ -e "${homeFlake}" ] && echo "${homeFlake} already exists" && exit 1
mkdir -p "$(dirname "${homeFlake}")" mkdir -p "$(dirname "${homeFlake}")"
ln -s "$(pwd)/flake.nix" "${homeFlake}" ln -sf "$(pwd)/flake.nix" "${homeFlake}"
echo "Installed link to $(pwd)/flake.nix at ${homeFlake}" echo "Installed link to $(pwd)/flake.nix at ${homeFlake}"
''; '';
} }
@@ -52,7 +52,7 @@ in
name = "json2nix"; name = "json2nix";
category = "utilities"; category = "utilities";
help = "Convert JSON to formatted Nix"; help = "Convert JSON to formatted Nix";
command = "nix eval --impure --expr 'builtins.fromJSON (builtins.readFile /dev/stdin)' | ${pkgs.nixfmt}/bin/nixfmt"; command = "nix eval --impure --expr 'builtins.fromJSON (builtins.readFile /dev/stdin)' | ${pkgs.nixfmt-rfc-style}/bin/nixfmt";
} }
{ {

364
flake.lock generated
View File

@@ -3,17 +3,19 @@
"agenix": { "agenix": {
"inputs": { "inputs": {
"darwin": "darwin", "darwin": "darwin",
"home-manager": "home-manager",
"nixpkgs": [ "nixpkgs": [
"ragenix", "ragenix",
"nixpkgs" "nixpkgs"
] ],
"systems": "systems_6"
}, },
"locked": { "locked": {
"lastModified": 1682101079, "lastModified": 1707830867,
"narHash": "sha256-MdAhtjrLKnk2uiqun1FWABbKpLH090oeqCSiWemtuck=", "narHash": "sha256-PAdwm5QqdlwIqGrfzzvzZubM+FXtilekQ/FA0cI49/o=",
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"rev": "2994d002dcff5353ca1ac48ec584c7f6589fe447", "rev": "8cb01a0e717311680e0cbca06a76cbceba6f3ed6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -35,11 +37,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1702969472, "lastModified": 1707922053,
"narHash": "sha256-IJP9sC+/gLUdWhm6TsnWpw6A1zQWUfn53ym63KeLXvU=", "narHash": "sha256-wSZjK+rOXn+UQiP1NbdNn5/UW6UcBxjvlqr2wh++MbM=",
"owner": "zhaofengli", "owner": "zhaofengli",
"repo": "attic", "repo": "attic",
"rev": "bdafd64910bb2b861cf90fa15f1fc93318b6fbf6", "rev": "6eabc3f02fae3683bffab483e614bebfcd476b21",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -116,26 +118,17 @@
}, },
"crane_2": { "crane_2": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_3",
"flake-utils": [
"ragenix",
"flake-utils"
],
"nixpkgs": [ "nixpkgs": [
"ragenix", "ragenix",
"nixpkgs" "nixpkgs"
],
"rust-overlay": [
"ragenix",
"rust-overlay"
] ]
}, },
"locked": { "locked": {
"lastModified": 1681680516, "lastModified": 1708794349,
"narHash": "sha256-EB8Adaeg4zgcYDJn9sR6UMjN/OHdIiMMK19+3LmmXQY=", "narHash": "sha256-jX+B1VGHT0ruHHL5RwS8L21R6miBn4B6s9iVyUJsJJY=",
"owner": "ipetkov", "owner": "ipetkov",
"repo": "crane", "repo": "crane",
"rev": "54b63c8eae4c50172cb50b612946ff1d2bc1c75c", "rev": "2c94ff9a6fbeb9f3ea0107f28688edbe9c81deaa",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -153,11 +146,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1673295039, "lastModified": 1700795494,
"narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=", "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
"owner": "lnl7", "owner": "lnl7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "87b9d090ad39b25b2400029c64825fc2a8868943", "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -176,11 +169,11 @@
"utils": "utils" "utils": "utils"
}, },
"locked": { "locked": {
"lastModified": 1703087360, "lastModified": 1708091384,
"narHash": "sha256-0VUbWBW8VyiDRuimMuLsEO4elGuUw/nc2WDeuO1eN1M=", "narHash": "sha256-dTGGw2y8wvfjr+J9CjQbfdulOq72hUG17HXVNxpH1yE=",
"owner": "serokell", "owner": "serokell",
"repo": "deploy-rs", "repo": "deploy-rs",
"rev": "b709d63debafce9f5645a5ba550c9e0983b3d1f7", "rev": "0a0187794ac7f7a1e62cda3dabf8dc041f868790",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -208,6 +201,25 @@
"type": "github" "type": "github"
} }
}, },
"devshell-tools": {
"inputs": {
"flake-utils": "flake-utils_11",
"nixpkgs": "nixpkgs_4"
},
"locked": {
"lastModified": 1710099997,
"narHash": "sha256-WmBKTLdth6I/D+0//9enbIXohGsBjepbjIAm9pCYj0U=",
"owner": "eikek",
"repo": "devshell-tools",
"rev": "e82faf976d318b3829f6f7f6785db6f3c7b65267",
"type": "github"
},
"original": {
"owner": "eikek",
"repo": "devshell-tools",
"type": "github"
}
},
"devshell_2": { "devshell_2": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_5", "flake-utils": "flake-utils_5",
@@ -229,17 +241,17 @@
}, },
"devshell_3": { "devshell_3": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_7",
"nixpkgs": [ "nixpkgs": [
"nixpkgs-unstable" "nixpkgs-unstable"
], ]
"systems": "systems_4"
}, },
"locked": { "locked": {
"lastModified": 1701787589, "lastModified": 1710156081,
"narHash": "sha256-ce+oQR4Zq9VOsLoh9bZT8Ip9PaMLcjjBUHVPzW5d7Cw=", "narHash": "sha256-4PMY6aumJi5dLFjBzF5O4flKXmadMNq3AGUHKYfchh0=",
"owner": "numtide", "owner": "numtide",
"repo": "devshell", "repo": "devshell",
"rev": "44ddedcbcfc2d52a76b64fb6122f209881bd3e1e", "rev": "bc68b058dc7e6d4d6befc4ec6c60082b6e844b7d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -280,22 +292,6 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": { "flake-utils": {
"locked": { "locked": {
"lastModified": 1667395993, "lastModified": 1667395993,
@@ -312,6 +308,60 @@
} }
}, },
"flake-utils_10": { "flake-utils_10": {
"inputs": {
"systems": "systems_7"
},
"locked": {
"lastModified": 1705309234,
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_11": {
"inputs": {
"systems": "systems_8"
},
"locked": {
"lastModified": 1709126324,
"narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "d465f4819400de7c8d874d50b982301f28a84605",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_12": {
"inputs": {
"systems": "systems_9"
},
"locked": {
"lastModified": 1705309234,
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_13": {
"locked": { "locked": {
"lastModified": 1667395993, "lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
@@ -409,7 +459,7 @@
}, },
"flake-utils_7": { "flake-utils_7": {
"inputs": { "inputs": {
"systems": "systems_5" "systems": "systems_4"
}, },
"locked": { "locked": {
"lastModified": 1701680307, "lastModified": 1701680307,
@@ -426,6 +476,24 @@
} }
}, },
"flake-utils_8": { "flake-utils_8": {
"inputs": {
"systems": "systems_5"
},
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_9": {
"locked": { "locked": {
"lastModified": 1659877975, "lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
@@ -440,21 +508,25 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_9": { "home-manager": {
"inputs": { "inputs": {
"systems": "systems_6" "nixpkgs": [
"ragenix",
"agenix",
"nixpkgs"
]
}, },
"locked": { "locked": {
"lastModified": 1681202837, "lastModified": 1703113217,
"narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
"owner": "numtide", "owner": "nix-community",
"repo": "flake-utils", "repo": "home-manager",
"rev": "cfacdce06f30d2b68473a46042957675eebb3401", "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "numtide", "owner": "nix-community",
"repo": "flake-utils", "repo": "home-manager",
"type": "github" "type": "github"
} }
}, },
@@ -465,11 +537,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1703367386, "lastModified": 1710888565,
"narHash": "sha256-FMbm48UGrBfOWGt8+opuS+uLBLQlRfhiYXhHNcYMS5k=", "narHash": "sha256-s9Hi4RHhc6yut4EcYD50sZWRDKsugBJHSbON8KFwoTw=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "d5824a76bc6bb93d1dce9ebbbcb09a9b6abcc224", "rev": "f33900124c23c4eca5831b9b5eb32ea5894375ce",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -485,11 +557,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1703754036, "lastModified": 1712212014,
"narHash": "sha256-JpJdcj9Tg4lMuYikXDpajA8wOp+rHyn9RD2rKBEM4cQ=", "narHash": "sha256-s+lbaf3nLRn1++/X2eXwY9mYCA/m9l8AvyG8beeOaXE=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "c24c298562fe41b39909f632c5a7151bbf6b4628", "rev": "7e91f2a0ba4b62b88591279d54f741a13e36245b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -499,11 +571,11 @@
}, },
"impermanence": { "impermanence": {
"locked": { "locked": {
"lastModified": 1703656108, "lastModified": 1708968331,
"narHash": "sha256-hCSUqdFJKHHbER8Cenf5JRzjMlBjIdwdftGQsO0xoJs=", "narHash": "sha256-VUXLaPusCBvwM3zhGbRIJVeYluh2uWuqtj4WirQ1L9Y=",
"owner": "nix-community", "owner": "nix-community",
"repo": "impermanence", "repo": "impermanence",
"rev": "033643a45a4a920660ef91caa391fbffb14da466", "rev": "a33ef102a02ce77d3e39c25197664b7a636f9c30",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -514,7 +586,7 @@
}, },
"nixGL": { "nixGL": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_8", "flake-utils": "flake-utils_9",
"nixpkgs": [ "nixpkgs": [
"nixpkgs-unstable" "nixpkgs-unstable"
] ]
@@ -551,11 +623,11 @@
}, },
"nixpkgs-mine": { "nixpkgs-mine": {
"locked": { "locked": {
"lastModified": 1703756459, "lastModified": 1713016718,
"narHash": "sha256-ztEMyPQZh3Pb+LOoWl5lbIK2LenP59sOUBC86CDmLio=", "narHash": "sha256-0fdD78wL7qLQ0XX1QBtzZqKtDORY4DqnHS5rerXiVgw=",
"owner": "devplayer0", "owner": "devplayer0",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "e80160eb2ac3a7111d07cc43a15c16b9edca01ea", "rev": "994688e64f2446e248744d48078eeb3ee45bd8b8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -567,11 +639,11 @@
}, },
"nixpkgs-mine-stable": { "nixpkgs-mine-stable": {
"locked": { "locked": {
"lastModified": 1703756491, "lastModified": 1712253482,
"narHash": "sha256-9VL34e0gzomwqRnryRn23V2ImYcaZIQdp7CsWg5TmlE=", "narHash": "sha256-J6mDXmq50EdOtT9PJhOnlw64hFgi+iF9uqOWrJ7qgdI=",
"owner": "devplayer0", "owner": "devplayer0",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "36611f5f7cfd401f51ad4ca76fd6ee85a714bb74", "rev": "4d7f762c2a06b2fa24be9555532b42dd533e3398",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -583,11 +655,11 @@
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1703467016, "lastModified": 1712168706,
"narHash": "sha256-/5A/dNPhbQx/Oa2d+Get174eNI3LERQ7u6WTWOlR1eQ=", "narHash": "sha256-XP24tOobf6GGElMd0ux90FEBalUtw6NkBSVh/RlA6ik=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "d02d818f22c777aa4e854efc3242ec451e5d462a", "rev": "1487bdea619e4a7a53a4590c475deabb5a9d1bfb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -598,11 +670,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1703438236, "lastModified": 1712163089,
"narHash": "sha256-aqVBq1u09yFhL7bj1/xyUeJjzr92fXVvQSSEx6AdB1M=", "narHash": "sha256-Um+8kTIrC19vD4/lUCN9/cU9kcOsD1O1m+axJqQPyMM=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "5f64a12a728902226210bf01d25ec6cbb9d9265b", "rev": "fd281bd6b7d3e32ddfa399853946f782553163b5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -642,6 +714,38 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_4": {
"locked": {
"lastModified": 1709309926,
"narHash": "sha256-VZFBtXGVD9LWTecGi6eXrE0hJ/mVB3zGUlHImUs2Qak=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "79baff8812a0d68e24a836df0a364c678089e2c7",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1674990008,
"narHash": "sha256-4zOyp+hFW2Y7imxIpZqZGT8CEqKmDjwgfD6BzRUE0mQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d2bbcbe6c626d339b25a4995711f07625b508214",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"poetry2nix": { "poetry2nix": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_4", "flake-utils": "flake-utils_4",
@@ -665,18 +769,18 @@
"inputs": { "inputs": {
"agenix": "agenix", "agenix": "agenix",
"crane": "crane_2", "crane": "crane_2",
"flake-utils": "flake-utils_9", "flake-utils": "flake-utils_10",
"nixpkgs": [ "nixpkgs": [
"nixpkgs-unstable" "nixpkgs-unstable"
], ],
"rust-overlay": "rust-overlay" "rust-overlay": "rust-overlay"
}, },
"locked": { "locked": {
"lastModified": 1682237245, "lastModified": 1709831932,
"narHash": "sha256-xbBR7LNK+d5Yi/D6FXQGc1R6u2VV2nwr/Df5iaEbOEQ=", "narHash": "sha256-WsP8rOFa/SqYNbVtYJ/l2mWWOgyDTJFbITMV8tv0biI=",
"owner": "yaxitech", "owner": "yaxitech",
"repo": "ragenix", "repo": "ragenix",
"rev": "281f68c3d477904f79ff1cd5807a8c226cd80a50", "rev": "06de099ef02840ec463419f12de73729d458e1eb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -692,7 +796,7 @@
"borgthin": "borgthin", "borgthin": "borgthin",
"deploy-rs": "deploy-rs", "deploy-rs": "deploy-rs",
"devshell": "devshell_3", "devshell": "devshell_3",
"flake-utils": "flake-utils_7", "flake-utils": "flake-utils_8",
"home-manager-stable": "home-manager-stable", "home-manager-stable": "home-manager-stable",
"home-manager-unstable": "home-manager-unstable", "home-manager-unstable": "home-manager-unstable",
"impermanence": "impermanence", "impermanence": "impermanence",
@@ -717,11 +821,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1682129965, "lastModified": 1708740535,
"narHash": "sha256-1KRPIorEL6pLpJR04FwAqqnt4Tzcm4MqD84yhlD+XSk=", "narHash": "sha256-NCTw235XwSDbeTAtAwg/hOeNOgwYhVq7JjDdbkOgBeA=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "2c417c0460b788328220120c698630947547ee83", "rev": "9b24383d77f598716fa0cbb8b48c97249f5ee1af",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -730,23 +834,44 @@
"type": "github" "type": "github"
} }
}, },
"sharry": { "sbt": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_10", "flake-utils": "flake-utils_13",
"nixpkgs": [ "nixpkgs": "nixpkgs_5"
"nixpkgs-unstable"
]
}, },
"locked": { "locked": {
"lastModified": 1687587666, "lastModified": 1698464090,
"narHash": "sha256-t1VNvdQdDUFTEKTFP2fc7Fb3buQBmP+h9WUeO8b2Bus=", "narHash": "sha256-Pnej7WZIPomYWg8f/CZ65sfW85IfIUjYhphMMg7/LT0=",
"owner": "eikek", "owner": "zaninime",
"repo": "sharry", "repo": "sbt-derivation",
"rev": "a9b3371aa6c7b92088b20fd6e479c251a5556b86", "rev": "6762cf2c31de50efd9ff905cbcc87239995a4ef9",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "eikek", "owner": "zaninime",
"repo": "sbt-derivation",
"type": "github"
}
},
"sharry": {
"inputs": {
"devshell-tools": "devshell-tools",
"flake-utils": "flake-utils_12",
"nixpkgs": [
"nixpkgs-unstable"
],
"sbt": "sbt"
},
"locked": {
"lastModified": 1710796573,
"narHash": "sha256-23fLZFNacZU/skc8i7JExHfD//Mpkslhga6f5ATTqBA=",
"owner": "devplayer0",
"repo": "sharry",
"rev": "4e7a87880ba0807afd5d21706ce383b8b8727990",
"type": "github"
},
"original": {
"owner": "devplayer0",
"repo": "sharry", "repo": "sharry",
"type": "github" "type": "github"
} }
@@ -841,6 +966,51 @@
"type": "github" "type": "github"
} }
}, },
"systems_7": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_8": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_9": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"utils": { "utils": {
"inputs": { "inputs": {
"systems": "systems_3" "systems": "systems_3"

3
flake.nix
View File

@@ -30,7 +30,8 @@
nixGL.inputs.nixpkgs.follows = "nixpkgs-unstable"; nixGL.inputs.nixpkgs.follows = "nixpkgs-unstable";
# Packages not in nixpkgs # Packages not in nixpkgs
sharry.url = "github:eikek/sharry"; # sharry.url = "github:eikek/sharry";
sharry.url = "github:devplayer0/sharry";
sharry.inputs.nixpkgs.follows = "nixpkgs-unstable"; sharry.inputs.nixpkgs.follows = "nixpkgs-unstable";
borgthin.url = "github:devplayer0/borg"; borgthin.url = "github:devplayer0/borg";
borgthin.inputs.nixpkgs.follows = "nixpkgs-mine"; borgthin.inputs.nixpkgs.follows = "nixpkgs-mine";

2
home-manager/modules/gui/default.nix
View File

@@ -32,7 +32,7 @@ in
slurp slurp
swappy swappy
python310Packages.python-lsp-server python3Packages.python-lsp-server
nil # nix language server nil # nix language server
zls # zig language server zls # zig language server
rust-analyzer rust-analyzer

8
lib/constants.nix
View File

@@ -11,6 +11,7 @@ rec {
jellyseerr = 402; jellyseerr = 402;
atticd = 403; atticd = 403;
kea = 404; kea = 404;
keepalived_script = 405;
}; };
gids = { gids = {
matrix-syncv3 = 400; matrix-syncv3 = 400;
@@ -18,12 +19,13 @@ rec {
jellyseerr = 402; jellyseerr = 402;
atticd = 403; atticd = 403;
kea = 404; kea = 404;
keepalived_script = 405;
}; };
}; };
kernel = { kernel = {
lts = pkgs: pkgs.linuxKernel.packages.linux_6_1; lts = pkgs: pkgs.linuxKernel.packages.linux_6_6;
latest = pkgs: pkgs.linuxKernel.packages.linux_6_6; latest = pkgs: pkgs.linuxKernel.packages.linux_6_8;
}; };
nginx = rec { nginx = rec {
@@ -227,7 +229,7 @@ rec {
"stream" "stream"
]; ];
routersPubV4 = [ routersPubV4 = [
"109.255.1.246" "109.255.252.125"
"109.255.252.63" "109.255.252.63"
]; ];

4
lib/default.nix
View File

@@ -248,8 +248,8 @@ rec {
in in
{ {
trivial = prev.trivial // { trivial = prev.trivial // {
release = "23.12:u-${prev.trivial.release}"; release = "24.03:u-${prev.trivial.release}";
codeName = "Amogus"; codeName = "Bruh";
revisionWithDefault = default: self.rev or default; revisionWithDefault = default: self.rev or default;
versionSuffix = ".${date}.${revCode self}:u-${revCode pkgsFlake}"; versionSuffix = ".${date}.${revCode self}:u-${revCode pkgsFlake}";
}; };

14
nixos/boxes/castle/default.nix
View File

@@ -101,6 +101,12 @@ in
dnssec = "false"; dnssec = "false";
}; };
pipewire.extraConfig.pipewire = {
"context.properties" = {
"default.clock.quantum" = 128;
"default.clock.max-quantum" = 128;
};
};
blueman.enable = true; blueman.enable = true;
}; };
@@ -131,14 +137,6 @@ in
qperf qperf
ethtool ethtool
]; ];
environment.etc = {
"pipewire/pipewire.conf.d/sample-size.conf".text = ''
context.properties = {
default.clock.quantum = 128
default.clock.max-quantum = 128
}
'';
};
nix = { nix = {
gc.automatic = false; gc.automatic = false;

8
nixos/boxes/colony/default.nix
View File

@@ -60,8 +60,8 @@ in
kernelPackages = (lib.my.c.kernel.lts pkgs).extend (self: super: { kernelPackages = (lib.my.c.kernel.lts pkgs).extend (self: super: {
kernel = super.kernel.override { kernel = super.kernel.override {
structuredExtraConfig = with lib.kernel; { structuredExtraConfig = with lib.kernel; {
#SOME_OPT = yes; ACPI_APEI_PCIEAER = yes;
#A_MOD = module; PCIEAER = yes;
}; };
}; };
}); });
@@ -150,12 +150,12 @@ in
"serial-getty@ttyS1".enable = true; "serial-getty@ttyS1".enable = true;
lvm-activate-main = { lvm-activate-main = {
description = "Activate remaining LVs"; description = "Activate remaining LVs";
before = [ "local-fs-pre.target" ]; unitConfig.DefaultDependencies = false;
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
ExecStart = "${pkgs.lvm2.bin}/bin/vgchange -aay main"; ExecStart = "${pkgs.lvm2.bin}/bin/vgchange -aay main";
}; };
wantedBy = [ "sysinit.target" ]; wantedBy = [ "local-fs-pre.target" ];
}; };
rsync-lvm-meta = { rsync-lvm-meta = {

1
nixos/boxes/colony/vms/estuary/default.nix
View File

@@ -9,6 +9,7 @@ in
vpns = { vpns = {
l2 = { l2 = {
as211024 = { as211024 = {
udpEncapsulation = true;
vni = 211024; vni = 211024;
security.enable = true; security.enable = true;
peers = { peers = {

28
nixos/boxes/colony/vms/git/default.nix
View File

@@ -102,34 +102,6 @@ in
services = { services = {
fstrim = lib.my.c.colony.fstrimConfig; fstrim = lib.my.c.colony.fstrimConfig;
# Hacks for Jsch (Minecraft FastBack) to work
openssh = {
hostKeys = [
{
bits = 4096;
path = "/etc/ssh/ssh_host_rsa_key";
type = "rsa";
}
{
path = "/etc/ssh/ssh_host_ed25519_key";
type = "ed25519";
}
{
type = "ecdsa-sha2-nistp256";
path = "/etc/ssh/ssh_host_ecdsa_key";
}
];
settings = {
Macs = [
"hmac-sha2-512-etm@openssh.com"
"hmac-sha2-256-etm@openssh.com"
"umac-128-etm@openssh.com"
"hmac-sha2-256"
];
};
};
netdata.enable = true; netdata.enable = true;
nginx = { nginx = {
enable = true; enable = true;

16
nixos/boxes/colony/vms/shill/containers/chatterbox.nix
View File

@@ -171,14 +171,14 @@ in
]; ];
}; };
sliding-sync = { };
enable = true; matrix-sliding-sync = {
createDatabase = false; enable = true;
environmentFile = config.age.secrets."chatterbox/syncv3.env".path; createDatabase = false;
settings = { environmentFile = config.age.secrets."chatterbox/syncv3.env".path;
SYNCV3_BINDADDR = "[::]:8009"; settings = {
SYNCV3_SERVER = "http://localhost:8008"; SYNCV3_BINDADDR = "[::]:8009";
}; SYNCV3_SERVER = "http://localhost:8008";
}; };
}; };

6
nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix
View File

@@ -364,7 +364,7 @@ in
useACMEHost = pubDomain; useACMEHost = pubDomain;
}; };
"mc-rail.${pubDomain}" = { "mc-rail.${pubDomain}" = {
locations."/".proxyPass = "http://simpcraft-staging-oci.${domain}:3876"; locations."/".proxyPass = "http://simpcraft-oci.${domain}:3876";
useACMEHost = pubDomain; useACMEHost = pubDomain;
}; };
@@ -384,6 +384,10 @@ in
}; };
useACMEHost = pubDomain; useACMEHost = pubDomain;
}; };
"pb.${pubDomain}" = {
locations."/".proxyPass = "http://object-ctr.${domain}:8088";
useACMEHost = pubDomain;
};
}; };
minio = minio =

11
nixos/boxes/colony/vms/shill/containers/object.nix
View File

@@ -49,6 +49,7 @@ in
}; };
"object/atticd.env" = {}; "object/atticd.env" = {};
"object/hedgedoc.env" = {}; "object/hedgedoc.env" = {};
"object/wastebin.env" = {};
}; };
}; };
@@ -58,6 +59,7 @@ in
config.services.sharry.config.bind.port config.services.sharry.config.bind.port
8069 8069
config.services.hedgedoc.settings.port config.services.hedgedoc.settings.port
8088
]; ];
}; };
@@ -220,6 +222,15 @@ in
allowEmailRegister = false; allowEmailRegister = false;
}; };
}; };
wastebin = {
enable = true;
settings = {
WASTEBIN_MAX_BODY_SIZE = 67108864; # 16 MiB
WASTEBIN_PASSWORD_SALT = "TeGhaemeer0Siez3";
};
secretFile = config.age.secrets."object/wastebin.env".path;
};
}; };
} }
(mkIf config.my.build.isDevVM { (mkIf config.my.build.isDevVM {

102
nixos/boxes/colony/vms/whale2/minecraft/default.nix
View File

@@ -25,22 +25,20 @@ let
email = "simpcraft@nul.ie" email = "simpcraft@nul.ie"
name = "Simpcraft bot" name = "Simpcraft bot"
''; '';
knownHosts = pkgs.writeText "known_hosts" ''
git.nul.ie ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBD023ECzYmLeXIpcGVaciPjq6UN/Sjmsys5HP/Nei5GkrUZqPa3OJ2uSXKLUSKGYdeNhxaFTPJe8Yx3TsZxMme8=
'';
}; };
in in
{ {
config = { config = {
virtualisation.oci-containers.containers = { virtualisation.oci-containers.containers = {
simpcraft = { simpcraft = {
image = "ghcr.io/itzg/minecraft-server:2023.12.2-java17-alpine"; image = "git.nul.ie/dev/craftblock:2024.1.0-java17-alpine";
environment = { environment = {
TYPE = "MODRINTH"; TYPE = "MODRINTH";
EULA = "true"; EULA = "true";
ENABLE_QUERY = "true"; ENABLE_QUERY = "true";
ENABLE_RCON = "true";
MOTD = "§4§k----- §9S§ai§bm§cp§dc§er§fa§6f§5t §4§k-----"; MOTD = "§4§k----- §9S§ai§bm§cp§dc§er§fa§6f§5t §4§k-----";
ICON = "/ext/icon.png"; ICON = "/ext/icon.png";
@@ -52,15 +50,17 @@ in
SPAWN_PROTECTION = "0"; SPAWN_PROTECTION = "0";
VIEW_DISTANCE = "20"; VIEW_DISTANCE = "20";
MAX_MEMORY = "6G"; MAX_MEMORY = "8G";
MODRINTH_MODPACK = "https://cdn.modrinth.com/data/CIYf3Hk8/versions/cdj2bSKg/Simpcraft-0.1.2.mrpack"; MODRINTH_MODPACK = "https://cdn.modrinth.com/data/CIYf3Hk8/versions/NGutsQSd/Simpcraft-0.2.1.mrpack";
TZ = "Europe/Dublin"; TZ = "Europe/Dublin";
}; };
environmentFiles = [ config.age.secrets."whale2/simpcraft.env".path ];
volumes = [ volumes = [
"minecraft_data:/data" "minecraft_data:/data"
"${./icon.png}:/ext/icon.png:ro" "${./icon.png}:/ext/icon.png:ro"
"${fastback.gitConfig}:/data/.config/git/config:ro"
]; ];
extraOptions = [ extraOptions = [
@@ -68,53 +68,77 @@ in
]; ];
}; };
simpcraft-staging = { # simpcraft-staging = {
image = "git.nul.ie/dev/craftblock:2024.1.0-java17-alpine"; # image = "git.nul.ie/dev/craftblock:2024.1.0-java17-alpine";
environment = { # environment = {
TYPE = "MODRINTH"; # TYPE = "MODRINTH";
EULA = "true"; # EULA = "true";
ENABLE_QUERY = "true"; # ENABLE_QUERY = "true";
ENABLE_RCON = "true"; # ENABLE_RCON = "true";
MOTD = "§4§k----- §9S§ai§bm§cp§dc§er§fa§6f§5t [staging] §4§k-----"; # MOTD = "§4§k----- §9S§ai§bm§cp§dc§er§fa§6f§5t [staging] §4§k-----";
ICON = "/ext/icon.png"; # ICON = "/ext/icon.png";
EXISTING_WHITELIST_FILE = "SYNCHRONIZE"; # EXISTING_WHITELIST_FILE = "SYNCHRONIZE";
WHITELIST = whitelist; # WHITELIST = whitelist;
EXISTING_OPS_FILE = "SYNCHRONIZE"; # EXISTING_OPS_FILE = "SYNCHRONIZE";
OPS = op; # OPS = op;
DIFFICULTY = "normal"; # DIFFICULTY = "normal";
SPAWN_PROTECTION = "0"; # SPAWN_PROTECTION = "0";
VIEW_DISTANCE = "20"; # VIEW_DISTANCE = "20";
MAX_MEMORY = "4G"; # MAX_MEMORY = "4G";
MODRINTH_MODPACK = "https://cdn.modrinth.com/data/CIYf3Hk8/versions/Ym3sIi6H/Simpcraft-0.2.0.mrpack"; # MODRINTH_MODPACK = "https://cdn.modrinth.com/data/CIYf3Hk8/versions/Ym3sIi6H/Simpcraft-0.2.0.mrpack";
TZ = "Europe/Dublin"; # TZ = "Europe/Dublin";
# };
# environmentFiles = [ config.age.secrets."whale2/simpcraft.env".path ];
# volumes = [
# "minecraft_staging_data:/data"
# "${./icon.png}:/ext/icon.png:ro"
# ];
# extraOptions = [
# ''--network=colony:${dockerNetAssignment allAssignments "simpcraft-staging-oci"}''
# ];
# };
};
services = {
borgbackup.jobs.simpcraft =
let
rconCommand = cmd: ''${pkgs.mcrcon}/bin/mcrcon -H simpcraft-oci -p "$RCON_PASSWORD" "${cmd}"'';
in
{
paths = [ "/var/lib/containers/storage/volumes/minecraft_data/_data/world" ];
repo = "/var/lib/containers/backup/simpcraft";
doInit = true;
encryption.mode = "none";
compression = "zstd,10";
# every ~15 minutes offset from 5 minute intervals (Minecraft seems to save at precise times?)
startAt = "*:03,17,33,47";
prune.keep = {
within = "12H";
hourly = 48;
}; };
environmentFiles = [ config.age.secrets."whale2/simpcraft.env".path ];
volumes = [ # Avoid Minecraft poking the files while we back up
"minecraft_staging_data:/data" preHook = rconCommand "save-off";
"${./icon.png}:/ext/icon.png:ro" postHook = rconCommand "save-on";
"${fastback.gitConfig}:/data/.config/git/config:ro" };
"${fastback.knownHosts}:/data/.ssh/known_hosts:ro" };
"${config.age.secrets."whale2/simpcraft-git.key".path}:/data/.ssh/id_rsa"
];
extraOptions = [ systemd = {
''--network=colony:${dockerNetAssignment allAssignments "simpcraft-staging-oci"}'' services = {
]; borgbackup-job-simpcraft.serviceConfig.EnvironmentFile = [ config.age.secrets."whale2/simpcraft.env".path ];
}; };
}; };
my = { my = {
secrets.files = { secrets.files = {
"whale2/simpcraft.env" = {}; "whale2/simpcraft.env" = {};
"whale2/simpcraft-git.key" = {
owner = "1000";
};
}; };
}; };
}; };

34
nixos/boxes/home/routing-common/default.nix
View File

@@ -152,15 +152,27 @@ in
networking.domain = "h.${pubDomain}"; networking.domain = "h.${pubDomain}";
systemd.services = { systemd.services =
ipsec = let
let waitOnline = "systemd-networkd-wait-online@wan.service";
waitOnline = "systemd-networkd-wait-online@wan.service"; in
in {
{ ipsec = {
after = [ waitOnline ]; after = [ waitOnline ];
requires = [ waitOnline ]; requires = [ waitOnline ];
}; };
ipv6-clear-default-route = {
description = "Clear IPv6 RA default route";
after = [ waitOnline ];
requires = [ waitOnline ];
script = ''
# Seems like we can sometimes pick up a default route somehow...
${pkgs.iproute2}/bin/ip -6 route del default via fe80::1 || true
'';
serviceConfig.Type = "oneshot";
wantedBy = [ "multi-user.target" ];
};
}; };
systemd.network = { systemd.network = {
@@ -214,7 +226,7 @@ in
extraConfig = '' extraConfig = ''
[CAKE] [CAKE]
Bandwidth=235M Bandwidth=235M
RTTSec=10ms RTTSec=50ms
PriorityQueueingPreset=besteffort PriorityQueueingPreset=besteffort
# DOCSIS preset # DOCSIS preset
OverheadBytes=18 OverheadBytes=18
@@ -238,7 +250,7 @@ in
[CAKE] [CAKE]
Parent=root Parent=root
Bandwidth=24M Bandwidth=24M
RTTSec=1ms RTTSec=50ms
''; '';
} }
]; ];
@@ -358,6 +370,12 @@ in
return return
} }
chain forward-early {
type filter hook forward priority -1; policy accept;
# MSS clamping to workaround IPv6 PMTUD being broken...
tcp flags syn tcp option maxseg size set rt mtu counter
}
chain forward { chain forward {
${lib.my.c.as211024.nftTrust} ${lib.my.c.as211024.nftTrust}
iifname lan-untrusted jump filter-untrusted iifname lan-untrusted jump filter-untrusted

6
nixos/boxes/home/routing-common/dns.nix
View File

@@ -182,8 +182,10 @@ in
dave-lo IN A ${net.cidr.host 11 prefixes.lo.v4} dave-lo IN A ${net.cidr.host 11 prefixes.lo.v4}
dave-lo IN AAAA ${net.cidr.host (65536+2) prefixes.lo.v6} dave-lo IN AAAA ${net.cidr.host (65536+2) prefixes.lo.v6}
;ap0 IN A ${net.cidr.host 12 prefixes.hi.v4} shytzel IN A ${net.cidr.host 12 prefixes.core.v4}
;ap0 IN AAAA ${net.cidr.host (65536+3) prefixes.hi.v6}
wave IN A ${net.cidr.host 12 prefixes.hi.v4}
wave IN AAAA ${net.cidr.host (65536+3) prefixes.hi.v6}
vibe IN A ${net.cidr.host 13 prefixes.hi.v4} vibe IN A ${net.cidr.host 13 prefixes.hi.v4}
vibe IN AAAA ${net.cidr.host (65536+4) prefixes.hi.v6} vibe IN AAAA ${net.cidr.host (65536+4) prefixes.hi.v6}

6
nixos/boxes/home/routing-common/kea.nix
View File

@@ -26,7 +26,11 @@ in
}; };
systemd.services = { systemd.services = {
kea-dhcp4-server.serviceConfig.DynamicUser = mkForce false; kea-dhcp4-server.serviceConfig = {
# Sometimes interfaces might not be ready in time and Kea doesn't like that
Restart = "on-failure";
DynamicUser = mkForce false;
};
kea-dhcp-ddns-server.serviceConfig.DynamicUser = mkForce false; kea-dhcp-ddns-server.serviceConfig.DynamicUser = mkForce false;
}; };

64
nixos/boxes/home/routing-common/keepalived.nix
View File

@@ -1,52 +1,82 @@
index: { lib, pkgs, config, ... }: index: { lib, pkgs, config, ... }:
let let
inherit (builtins) attrNames concatMap; inherit (builtins) attrNames concatMap length;
inherit (lib) optional; inherit (lib) optional concatMapStringsSep;
inherit (lib.my) net; inherit (lib.my) net;
inherit (lib.my.c.home) prefixes vips; inherit (lib.my.c.home) prefixes vips;
pingScriptFor = name: ips:
let
script' = pkgs.writeShellScript
"keepalived-ping-${name}"
(concatMapStringsSep " || " (ip: "${pkgs.iputils}/bin/ping -qnc 1 -W 1 ${ip}") ips);
in
{
script = toString script';
interval = 1;
timeout = (length ips) + 1;
rise = 3;
fall = 3;
};
vlanIface = vlan: if vlan == "as211024" then vlan else "lan-${vlan}"; vlanIface = vlan: if vlan == "as211024" then vlan else "lan-${vlan}";
vrrpIPs = family: concatMap (vlan: [ vrrpIPs = family: concatMap (vlan: (optional (family == "v6") {
addr = "fe80::1/64";
dev = vlanIface vlan;
}) ++ [
{ {
addr = "${vips.${vlan}.${family}}/${toString (net.cidr.length prefixes.${vlan}.${family})}"; addr = "${vips.${vlan}.${family}}/${toString (net.cidr.length prefixes.${vlan}.${family})}";
dev = vlanIface vlan; dev = vlanIface vlan;
} }
] ++ (optional (family == "v6") { ]) (attrNames vips);
addr = "fe80::1/64";
dev = vlanIface vlan;
})) (attrNames vips);
mkVRRP = family: routerId: { mkVRRP = family: routerId: {
state = if index == 0 then "MASTER" else "BACKUP"; state = if index == 0 then "MASTER" else "BACKUP";
interface = "lan-core"; interface = "lan-core";
priority = 255 - index; priority = 255 - index;
virtualRouterId = routerId; virtualRouterId = routerId;
virtualIps = vrrpIPs family; virtualIps = vrrpIPs family;
trackScripts = [ "${family}Alive" ];
extraConfig = '' extraConfig = ''
notify_master "${config.systemd.package}/bin/systemctl start radvd.service" notify_master "${config.systemd.package}/bin/systemctl start radvd.service" root
notify_backup "${config.systemd.package}/bin/systemctl stop radvd.service" notify_backup "${config.systemd.package}/bin/systemctl stop radvd.service" root
''; '';
}; };
in in
{ {
users = with lib.my.c.ids; {
users.keepalived_script = {
uid = uids.keepalived_script;
isSystemUser = true;
group = "keepalived_script";
};
groups.keepalived_script.gid = gids.keepalived_script;
};
services = { services = {
keepalived = { keepalived = {
enable = true; enable = true;
enableScriptSecurity = true;
extraGlobalDefs = '' extraGlobalDefs = ''
vrrp_version 3 vrrp_version 3
nftables keepalived nftables keepalived
''; '';
vrrpScripts = {
v4Alive = pingScriptFor "v4" [ "1.1.1.1" "8.8.8.8" "216.218.236.2" ];
v6Alive = pingScriptFor "v6" [ "2606:4700:4700::1111" "2001:4860:4860::8888" "2600::" ];
};
vrrpInstances = { vrrpInstances = {
v4 = mkVRRP "v4" 51; v4 = mkVRRP "v4" 51;
v6 = mkVRRP "v6" 52; v6 = mkVRRP "v6" 52;
}; };
extraConfig = '' # Actually disable this for now, don't want to fault IPv4 just because IPv6 is broken...
vrrp_sync_group main { # extraConfig = ''
group { # vrrp_sync_group main {
v4 # group {
v6 # v4
} # v6
} # }
''; # }
# '';
}; };
}; };
} }

2
nixos/boxes/home/stream.nix
View File

@@ -123,7 +123,7 @@
key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPYTB4zeAqotrEJ8M+AiGm/s9PFsWlAodz3hYSROGuDb"; key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPYTB4zeAqotrEJ8M+AiGm/s9PFsWlAodz3hYSROGuDb";
}; };
server.enable = true; server.enable = true;
deploy.node.hostname = "192.168.68.2"; # deploy.node.hostname = "192.168.68.2";
}; };
}; };
}; };

6
nixos/boxes/kelder/containers/acquisition/default.nix
View File

@@ -65,7 +65,13 @@ in
systemd = { systemd = {
services = { services = {
jackett.bindsTo = [ "systemd-networkd-wait-online@vpn.service" ]; jackett.bindsTo = [ "systemd-networkd-wait-online@vpn.service" ];
transmission.bindsTo = [ "systemd-networkd-wait-online@vpn.service" ]; transmission.bindsTo = [ "systemd-networkd-wait-online@vpn.service" ];
# https://github.com/NixOS/nixpkgs/issues/258793#issuecomment-1748168206
transmission.serviceConfig = {
RootDirectoryStartOnly = lib.mkForce false;
RootDirectory = lib.mkForce "";
};
radarr.serviceConfig.UMask = "0002"; radarr.serviceConfig.UMask = "0002";
sonarr.serviceConfig.UMask = "0002"; sonarr.serviceConfig.UMask = "0002";

6
nixos/boxes/kelder/containers/spoder/default.nix
View File

@@ -97,12 +97,12 @@ in
hostName = "cloud.${domain}"; hostName = "cloud.${domain}";
https = true; https = true;
config = { config = {
extraTrustedDomains = [ "cloud-local.${domain}" ];
adminpassFile = config.age.secrets."kelder/nextcloud-root.txt".path; adminpassFile = config.age.secrets."kelder/nextcloud-root.txt".path;
defaultPhoneRegion = "IE";
}; };
extraOptions = { settings = {
updatechecker = false; updatechecker = false;
trusted_domains = [ "cloud-local.${domain}" ];
default_phone_region = "IE";
}; };
}; };
}; };

1
nixos/default.nix
View File

@@ -135,6 +135,7 @@ let
ipv6 = mkBoolOpt' false "Whether this mesh's underlay operates over IPv6."; ipv6 = mkBoolOpt' false "Whether this mesh's underlay operates over IPv6.";
baseMTU = mkOpt' ints.unsigned 1500 "Base MTU to calculate VXLAN MTU with."; baseMTU = mkOpt' ints.unsigned 1500 "Base MTU to calculate VXLAN MTU with.";
l3Overhead = mkOpt' ints.unsigned 40 "Overhead of L3 header (to calculate MTU)."; l3Overhead = mkOpt' ints.unsigned 40 "Overhead of L3 header (to calculate MTU).";
udpEncapsulation = mkBoolOpt' false "Whether to encapsulate ESP frames in UDP.";
firewall = mkBoolOpt' true "Whether to generate firewall rules."; firewall = mkBoolOpt' true "Whether to generate firewall rules.";
vni = mkOpt' ints.unsigned 1 "VXLAN VNI."; vni = mkOpt' ints.unsigned 1 "VXLAN VNI.";
peers = mkOpt' (attrsOf (submodule l2PeerOpts)) { } "Peers."; peers = mkOpt' (attrsOf (submodule l2PeerOpts)) { } "Peers.";

4
nixos/modules/common.nix
View File

@@ -1,4 +1,4 @@
{ lib, pkgs, pkgs', inputs, config, ... }: { lib, pkgsFlake, pkgs, pkgs', inputs, config, ... }:
let let
inherit (lib) mkIf mkDefault mkMerge; inherit (lib) mkIf mkDefault mkMerge;
inherit (lib.my) mkDefault'; inherit (lib.my) mkDefault';
@@ -53,7 +53,7 @@ in
pkgs = { pkgs = {
to = { to = {
type = "path"; type = "path";
path = "${pkgs.path}"; path = "${pkgsFlake}";
}; };
exact = true; exact = true;
}; };

11
nixos/modules/l2mesh.nix
View File

@@ -36,8 +36,8 @@ let
espOverhead = espOverhead =
if (!mesh.security.enable) then 0 if (!mesh.security.enable) then 0
else else
# SPI + seq + IV + pad / header + ICV # UDP encap + SPI + seq + IV + pad / header + ICV
4 + 4 + (if mesh.security.encrypt then 8 else 0) + 2 + 16; (if mesh.udpEncapsulation then 8 else 0) + 4 + 4 + (if mesh.security.encrypt then 8 else 0) + 2 + 16;
# UDP + VXLAN + Ethernet + L3 (IPv4/IPv6) # UDP + VXLAN + Ethernet + L3 (IPv4/IPv6)
overhead = espOverhead + 8 + 8 + 14 + mesh.l3Overhead; overhead = espOverhead + 8 + 8 + 14 + mesh.l3Overhead;
in in
@@ -62,7 +62,11 @@ let
chain l2mesh-${name} { chain l2mesh-${name} {
${optionalString mesh.security.enable '' ${optionalString mesh.security.enable ''
udp dport isakmp accept udp dport isakmp accept
meta l4proto esp accept ${if mesh.udpEncapsulation then ''
udp dport ipsec-nat-t accept
'' else ''
meta l4proto esp accept
''}
''} ''}
${optionalString (!mesh.security.enable) (vxlanAllow mesh.vni)} ${optionalString (!mesh.security.enable) (vxlanAllow mesh.vni)}
return return
@@ -94,6 +98,7 @@ let
esp=${if mesh.security.encrypt then "aes_gcm256" else "null-sha256"} esp=${if mesh.security.encrypt then "aes_gcm256" else "null-sha256"}
ikev2=yes ikev2=yes
modecfgpull=no modecfgpull=no
encapsulation=${if mesh.udpEncapsulation then "yes" else "no"}
''; '';
}) })
otherPeers); otherPeers);

2
nixos/modules/nvme/default.nix
View File

@@ -6,7 +6,7 @@ let
cfg = config.my.nvme; cfg = config.my.nvme;
nvme-cli = pkgs.nvme-cli.override { nvme-cli = pkgs.nvme-cli.override {
libnvme = pkgs.libnvme.overrideAttrs (o: { libnvme = pkgs.libnvme.overrideAttrs (o: {
patches = o.patches ++ [ ./libnvme-hostconf.patch ]; patches = (if (o ? patches) then o.patches else [ ]) ++ [ ./libnvme-hostconf.patch ];
}); });
}; };

4
nixos/modules/tmproot.nix
View File

@@ -492,6 +492,10 @@ in
} }
]; ];
}) })
# TODO: Wastebin is not in 23.11, remove check when 24.04 is released
(mkIf (config.services ? "wastebin" && config.services.wastebin.enable) {
my.tmproot.persistence.config.directories = [ "/var/lib/private/wastebin" ];
})
])) ]))
]); ]);

1
pkgs/default.nix
View File

@@ -8,4 +8,5 @@ in
vfio-pci-bind = callPackage ./vfio-pci-bind.nix { }; vfio-pci-bind = callPackage ./vfio-pci-bind.nix { };
librespeed-go = callPackage ./librespeed-go.nix { }; librespeed-go = callPackage ./librespeed-go.nix { };
modrinth-app = callPackage ./modrinth-app { }; modrinth-app = callPackage ./modrinth-app { };
glfw-minecraft = callPackage ./glfw-minecraft { };
} }

6
pkgs/glfw-minecraft/default.nix Normal file
View File

@@ -0,0 +1,6 @@
{ lib, glfw-wayland-minecraft, ... }:
glfw-wayland-minecraft.overrideAttrs (o: {
patches = [
./suppress-wayland-errors.patch
];
})

43
pkgs/glfw-minecraft/suppress-wayland-errors.patch Normal file
View File

@@ -0,0 +1,43 @@
diff --git a/src/wl_window.c b/src/wl_window.c
index 7c509896..db9a6451 100644
--- a/src/wl_window.c
+++ b/src/wl_window.c
@@ -2115,25 +2115,21 @@ void _glfwSetWindowTitleWayland(_GLFWwindow* window, const char* title)
void _glfwSetWindowIconWayland(_GLFWwindow* window,
int count, const GLFWimage* images)
{
- _glfwInputError(GLFW_FEATURE_UNAVAILABLE,
- "Wayland: The platform does not support setting the window icon");
+ fprintf(stderr, "!!! Ignoring Error: Wayland: The platform does not support setting the window icon\n");
}
void _glfwGetWindowPosWayland(_GLFWwindow* window, int* xpos, int* ypos)
{
// A Wayland client is not aware of its position, so just warn and leave it
// as (0, 0)
-
- _glfwInputError(GLFW_FEATURE_UNAVAILABLE,
- "Wayland: The platform does not provide the window position");
+ fprintf(stderr, "!!! Ignoring Error: Wayland: The platform does not provide the window position\n");
}
void _glfwSetWindowPosWayland(_GLFWwindow* window, int xpos, int ypos)
{
// A Wayland client can not set its position, so just warn
- _glfwInputError(GLFW_FEATURE_UNAVAILABLE,
- "Wayland: The platform does not support setting the window position");
+ fprintf(stderr, "!!! Ignoring Error: Wayland: The platform does not support setting the window position\n");
}
void _glfwGetWindowSizeWayland(_GLFWwindow* window, int* width, int* height)
@@ -2359,8 +2355,7 @@ void _glfwRequestWindowAttentionWayland(_GLFWwindow* window)
void _glfwFocusWindowWayland(_GLFWwindow* window)
{
- _glfwInputError(GLFW_FEATURE_UNAVAILABLE,
- "Wayland: The platform does not support setting the input focus");
+ fprintf(stderr, "!!! Ignoring Error: Wayland: The platform does not support setting the input focus\n");
}
void _glfwSetWindowMonitorWayland(_GLFWwindow* window,

2
pkgs/modrinth-app/default.nix
View File

@@ -81,7 +81,7 @@ rustPlatform.buildRustPackage rec {
dontFixup = true; dontFixup = true;
outputHashMode = "recursive"; outputHashMode = "recursive";
outputHash = "sha256-9HtTdIotG3sNIlWhd76v7Ia6P69ufp/FFqZfINXSkVc="; outputHash = "sha256-Txttk8qZpDsAuiF8laKbZss/KEoT1Z+oepbj2s4XjE8=";
}; };
preBuild = '' preBuild = ''

12
secrets/object/wastebin.env.age Normal file
View File

@@ -0,0 +1,12 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGhrYnR2ZyBmbDlE
Ylh6RVBabVdnMnoxRnR5U0RZS09iMUk3TEl5Ry9vbGNFQ1F4V2tNCjRyWTZUOVhp
L2NBUzJ0OXlsU2F1VGMvK2Z2d2k4N2VaSExOTDVjKzdPODQKLT4gWDI1NTE5IEkr
ckZzSi9DaWRDYXgyUVNBejErdHhnME5aeWc2QjA4RFQrZjIvM2JhZ2sKZWRkUE9U
a3g5M1lMY3FCbVRzbFRBVzVKRmM3TFQ4RGYyK0M4K0lETFhuYwotPiA/TTJyQi1n
cmVhc2UgdTNFPyMgQGVffGEKQmViTERtRXpSSStDVlY0YXV6dwotLS0gYkdDVzFP
NnhmbnFaWVpKTDMza09qQzd3MnB5NkZGQi8vZ2Mxd29sM2Z4UQr6g8tdM6ChbRgt
g+2KGxwrUaicgMiVNbXJjbRRYq/3Ml/ZUSwiyu/+jUOlrpCxpasrADwifILD3M/c
sWW4dzVVR80t7k9FSDwy+EF/XvCxCRbLrqEbKNttfpig+9PRpB8R+so7YyYMhbc0
84nzB7gvJUlnKDVS
-----END AGE ENCRYPTED FILE-----

64
secrets/whale2/simpcraft-git.key.age
View File

@@ -1,64 +0,0 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IC9FSlh2ZyB2T0Ft
R1o5bEVYRzk3VnpzRDAzK3kzTlNuSTdPVkkrT0l5RjFYT1RuZm5vCjYxN1A1ZFU5
TEE5R01RcnQ2T1k4NXZuc25RTUlvc3NBNnAwemE4YXp2NUUKLT4gWDI1NTE5IGk3
M2lSMXhDWjEvVVBtZnFJdmlnT25OZ1NlOGJwVWo2Qm84L2UxRGxlbU0KaFNzR0sy
clllVC9QSHU2ZDEvQW1KTDlXYlF4aDdUNW5RampTbGtsaHZCUQotPiA4XHJETy1n
cmVhc2UgM1xTMnYmIHJqbEogKgpoVWg1V1ZubElOZVNhazNzdGRrS0tyZFZKNWlo
YW80Ci0tLSBZZXdFT25VVTRnaE5jNnpyaU5OTUdXeE1FZ3djRmpKMG9hdDdodUIw
Z25JCmaCCdtWJR+6PZbGMCKLAYmG2j/YxlrZzAjLR6g3KFQjDhJA6zTCDy8UHQyH
7A0+1Ozu5RBt0kVJiejX+osYYBhFHMEqBJnuB79lmrAg/Pyss3396b1C9hMCZqdo
mkt0knv8wWSI78eMP9DtUQXK0NW4rDf2Wyis9/U4IImlVk5QgkcR1mheF1bgyJt0
t8rr4UBpT8EU85aSGhXC45IkVtAtgA3hsNcptwwcyJT9Hz9obYUnov6tlwD6p4oJ
8tvpTC5p212LBvndr6dvsg3zwlqFfVbkDgsidnIpTTaxqbFi2nHl0F67Ofu17J/l
AWj/5SeiK7k8vDQt+TSTuAF3tuhYvSBYVT/7EHCFzLAnNj/TJFWZf//gH7S/byZW
1XbEqOaUK1mzOESLbwR61hDNfRRRrr85CTx/n8KXvJFzQ+mi1hHJmEbrGzd2tObm
EmCCzcCsupjgFH/exS/o83lleR5zN/BW96Sjh12MbE3OuMjcjZJ7noDv6q9p0gmq
hHMmocC53xxOB00dlUBLmheo6aGyfF+XE7m5FYHVjlIdu2ol43BGGF1Wv13xJ+w+
G5cI+jahrkRpmIk2sLeV+BoCMnEYjOnFc24uya9km0Vz7fo92tK037+kdaFUXjvX
JmWkbbcSb8YcgKzZLhFJiscY+P0xN2hmoai0fNC48Oneu0GqQdftfjiQYJMhp18o
T3IERTLt/JoNIhqZrssg0lKHyt6N47S2A6/X2cT6eMgRrRn43KthPjsmGhRjdFDT
qCuUJJl1L9NX4EqZjXHBZo/bjsbErx2XixN1YbXGnLwN4yUEjE2A/hMbWumzZxp+
ATJgbTYuzim6lachbXsrf4f9sRjDjufMR+evD4lMTmFx+Mg6edBJN6Z2lvLyxJh4
qtw0Uejxn5mYPX1otpTa5tTD5ZSGvMXikDO05ItVcfWKQ7Uohck9cRRbNoJn+dlL
8UuNwmXixH7CkC11w51HTM7HkDW3G3aRTftN2mdfEC2Qr1aGKM+tqLEddja+vDPJ
9Ty8m9nXC5armWO9ewNji4oBEmi0QQK5kasLdQfPBMFupL1a0H2FxtucW2BVW5/K
RQTgJ6ACitcd36+FWtof3HoKyOBqoezguh6P5ImvKgz3mGcq/2AdosgSZ82m4eZp
Ug2KAEgZkR8mdNLujJHD7TZyW2FFq9DAF0Qshg7eD2cK4QA1BdpOrMUTKS5yCHFb
wXJWefnUK5Z9fvGeIN3L4bBjzYBwBfqopBmfDguGx3P7o3Zk42mJ5Z53NTqW0HaF
CN805HzFmNFt9/WV5I4jzVlVgNeep7b3wnH3pLITfz2FpDYU0/URuUNV/th2nJ2+
qH0tTbl1sql/i+kPGHQbyuCbM4IsFo6dZMgCGaovv9jmbJuS3ZmrRQhE/8CUMK6V
YsKi7Heyeza4HDzh9tlddNG+jwkT9/pIWvXChGa3JPokDtJrOoa7P6dV78opfGcT
XJFQbOm0KIH0rISbuWV7I4XEmkEim5TtmaGmsC8NIqgsY7Wjv0pap6vevevU6ImF
w7pxeU0J+5Npm88B+Nyd95Shy/pjRou31W7qTpE95/z89tLKmN3EKL1iDOWhWdCW
VsFS0XC1x7LIpnCXKf1QbnxmQzndSH/oMXmWetCUQ9RPbp8BpiIi+aULe6wzArPb
0Kxs+EEKMhswp4wbZNCmC5X3RRmm4CrmPryb4+rMqWhhTRXri2QvfuOb3IyM46wa
vKZJsCwlb7/2KR+DTwGJDcV9ArX85Yxb6lhHyQqMyHfL8XmnctmejVA+aacWc+dl
2YAwoUo/NnZ28GVjZsImt8ltJlcc8bIW8GwXqqOKPyqdShU6ExxdFRLUhq7o82uK
1oDtxyqI77IbVgQMlrdqL9XRuM3OvGt3rjg51EpDVqY/PUDrFuBkk0eQDNVjaI9e
k5vbMCTjECdiEjQq+ZJsSeVfnEs3pJVqD+vtSIMC2oodxPc2rClrRuhHaCzvUVP0
7LR/2PZlIHzkbwy5sT9W8HOPV3PO/4jPwKRtZQvz8kFiEh2gj8ZfRDELVAV6BOKd
kLrGAEs+dmFOkwfzH7/Mb3hakHe7wqVjSBB4yZqd87zxYK91b8D4io7CemDUidiO
5+6ms829MCro5+ZmS0+ALnc2LTnFWc/bS0TkOdTtwpfCCF/9gbSea85PwDNaB8Vl
M41t15H3oXwjYIwpxvVN/1AWUn3NjbYE7a4ndLccJs//Wyj6nmmnIYc5H5r/BeTD
cHnue35twb4LmiL0MubjQNIyCHdnupCauorfZI6G3yLMXo9Y+Kf8FtkBEZdgD3TB
DC6264ZOkjEtBfYQ2gj2MXDsKGYVRuz7xn80NnvRr0O/KRpN7h8WNw2qmYKMt9Uk
qBgEIe5vyVcAl5cbEcZCQxMKGK6WY96IYmgCV30Bv61hUx9fn6Wc+86o00N/LJY/
O4e8QnRwVntY4IS6hYz3W1BjdzPAB9Bsz33UCznEyreaetRQlOTgg+sEZb1/EbsD
Ia5dDIjmxBc8Lpf3xLTHZkUYKZt4RlNdKCOhn8Ka+0bfpaW3AVWvEolgDl+e66E0
Mk2FzJy5w/+Rgav+Btf1Ol038OcvY2V/5KRcqXK244LIRpHfAd26eXx95DsN5vzc
Ulkt5aWt4awfxnz1SRUZChdoctJlOuiT/pH8S76FpeY+HXbD3vmTW25jHKXq0qqu
9HEuMRbNLcRcIrXoxpI7nfvfLOmtrEkHH+vVQdLauIGOUQKgaKc5PvvOU0ARerUn
1wbu8dSJvrzH2LYKhLZIYONmNaRLLlrGolw+vII3MvZYFTst6TyyXLcVwWcacL/9
k694FKX3TH5Rtbf3SjpJCNhiez/kWcDuWJ4k5hwfpU0MTQPYJRHrrWbHNrq7T0Iv
M40eTeN4mGn0ldcrkMObmMwMWEnPbmNPCsd4RnRG3jsf81UBFTZmMBe6oqW04OI0
u8h9Afhv9JZNx41FHY06WQUWk29Bo++0mWUiRJcDvDFFlnWlied8Fp9iU6ijJjp+
Fma/e3jc88/1rX8FKvYX5d6KEz+VmVW6PWLI2oQz5ydm7zDzJJ9zwzVrBpg3B6hX
m5Q/BfNdAKck4PB9rGfqs+/lPDNgHN7iUVPB95wYf1/jNAqY/I+OT36Hl1LFuSF8
kvOpb4w87BSTFIYBXBQff8xCwyhPHnyuQcSa7qgJDKdUqqMIG9sauzO+a316ZhqG
6LW2eEw1ZLuNl3Tk2ix3WhZWu42pf/uDGTu3DXJC05hGg1KuyvGWDGsIkI6yfNYg
MaHwIg6U+m1+Gva1rcv74vSH0OH4LIcco0F0V8wDA2IdbvPTduNIb4OheWPvReZy
zZZ12JjLSkKZI/qH1kGQTN6GN+NaUdtkr1ElX4H6IRue28Jtrm7pi39WO3J6/xZv
SC80sm3k/emvQ/1RiQbXXjxl3Ma+zcGFqkB93OaG+TbGiNRL5KkXWpP1fDF8zOKV
UkPletJkwnR6wsdEjd6q1ysRTHiDVf1uuSmdGep18QnRqQ==
-----END AGE ENCRYPTED FILE-----