dev/nixfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Compare commits

base: dev:master
Branches Tags
dev:master dev:fastback-ssh
dev:installer
..
compare: dev:8e95b1ba2a05193089bbb8a1fa7a80aee904fba0
Branches Tags
dev:master dev:fastback-ssh
dev:installer

1 Commits
master ... 8e95b1ba2a

Author SHA1 Message Date
Jack O'Sullivan
8e95b1ba2a "Release" 25.11 Hooray
Some checks failed
CI / Check, build and cache nixfiles (push) Failing after 34m0s
Details
2025-12-04 22:27:33 +00:00
35 changed files with 172 additions and 600 deletions
Expand all files Collapse all files

2
devshell/commands.nix
View File

@@ -52,7 +52,7 @@ in
name = "json2nix"; name = "json2nix";
category = "utilities"; category = "utilities";
help = "Convert JSON to formatted Nix"; help = "Convert JSON to formatted Nix";
command = "nix eval --impure --expr 'builtins.fromJSON (builtins.readFile /dev/stdin)' | ${pkgs.nixfmt}/bin/nixfmt"; command = "nix eval --impure --expr 'builtins.fromJSON (builtins.readFile /dev/stdin)' | ${pkgs.nixfmt-rfc-style}/bin/nixfmt";
} }
{ {

188
flake.lock generated
View File

@@ -75,11 +75,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1768786317, "lastModified": 1764708670,
"narHash": "sha256-B+mFBhKQUEd543lxmBnJWiMvN/mbTzwIDmVbI1GlvKk=", "narHash": "sha256-Gdo9lD6JwXGMVFJ8ZHCENcxXg30SG72kwsHnxPDCscI=",
"owner": "9001", "owner": "9001",
"repo": "copyparty", "repo": "copyparty",
"rev": "78f6855f08a210ded0eeb34da9eafb9cc2de024b", "rev": "29925dc22b1f6810768d0af25d9c35ee35d88aa7",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -89,21 +89,6 @@
} }
}, },
"crane": { "crane": {
"locked": {
"lastModified": 1772560058,
"narHash": "sha256-NuVKdMBJldwUXgghYpzIWJdfeB7ccsu1CC7B+NfSoZ8=",
"owner": "ipetkov",
"repo": "crane",
"rev": "db590d9286ed5ce22017541e36132eab4e8b3045",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"crane_2": {
"locked": { "locked": {
"lastModified": 1760924934, "lastModified": 1760924934,
"narHash": "sha256-tuuqY5aU7cUkR71sO2TraVKK2boYrdW3gCSXUkF4i44=", "narHash": "sha256-tuuqY5aU7cUkR71sO2TraVKK2boYrdW3gCSXUkF4i44=",
@@ -150,11 +135,11 @@
"utils": "utils" "utils": "utils"
}, },
"locked": { "locked": {
"lastModified": 1766051518, "lastModified": 1762286984,
"narHash": "sha256-znKOwPXQnt3o7lDb3hdf19oDo0BLP4MfBOYiWkEHoik=", "narHash": "sha256-9I2H9x5We6Pl+DBYHjR1s3UT8wgwcpAH03kn9CqtdQc=",
"owner": "serokell", "owner": "serokell",
"repo": "deploy-rs", "repo": "deploy-rs",
"rev": "d5eff7f948535b9c723d60cd8239f8f11ddc90fa", "rev": "9c870f63e28ec1e83305f7f6cb73c941e699f74f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -185,7 +170,7 @@
"devshell-tools": { "devshell-tools": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_9", "flake-utils": "flake-utils_9",
"nixpkgs": "nixpkgs_5" "nixpkgs": "nixpkgs_4"
}, },
"locked": { "locked": {
"lastModified": 1710099997, "lastModified": 1710099997,
@@ -227,11 +212,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1768818222, "lastModified": 1764011051,
"narHash": "sha256-460jc0+CZfyaO8+w8JNtlClB2n4ui1RbHfPTLkpwhU8=", "narHash": "sha256-M7SZyPZiqZUR/EiiBJnmyUbOi5oE/03tCeFrTiUZchI=",
"owner": "numtide", "owner": "numtide",
"repo": "devshell", "repo": "devshell",
"rev": "255a2b1725a20d060f566e4755dbf571bbbb5f76", "rev": "17ed8d9744ebe70424659b0ef74ad6d41fc87071",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -256,27 +241,6 @@
"type": "github" "type": "github"
} }
}, },
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"harmonia",
"nixpkgs"
]
},
"locked": {
"lastModified": 1772408722,
"narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": { "flake-utils": {
"inputs": { "inputs": {
"systems": "systems" "systems": "systems"
@@ -463,30 +427,6 @@
"type": "github" "type": "github"
} }
}, },
"harmonia": {
"inputs": {
"crane": "crane",
"flake-parts": "flake-parts",
"nix": "nix",
"nixpkgs": [
"nixpkgs-unstable"
],
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1772679279,
"narHash": "sha256-ockL9qWhamkGgBYnJHTvt1oHdRvGfbS36kW9WpOhzec=",
"owner": "nix-community",
"repo": "harmonia",
"rev": "4e9e03e04467b50575f6b05c8abee12407418106",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "harmonia",
"type": "github"
}
},
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -516,11 +456,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1768603898, "lastModified": 1764866045,
"narHash": "sha256-vRV1dWJOCpCal3PRr86wE2WTOMfAhTu6G7bSvOsryUo=", "narHash": "sha256-0GsEtXV9OquDQ1VclQfP16cU5VZh7NEVIOjSH4UaJuM=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "2a63d0e9d2c72ac4d4150ebb242cf8d86f488c8c", "rev": "f63d0fe9d81d36e5fc95497217a72e02b8b7bcab",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -536,11 +476,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1768912518, "lastModified": 1764872372,
"narHash": "sha256-FJlof1jnbLIT5RbKxef/NV6RzcOj1GoMzXE4FcBFg5Y=", "narHash": "sha256-uZuXRz9CzeCHsRbc2MQvKomwoX6GcFC5BUMEk3ouSFU=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "9c5f8aceb6ef620e881f50fe65cb4a2c6b1e8527", "rev": "05a56dbf24f195c62286e3273a2671d3b4904b00",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -549,18 +489,12 @@
} }
}, },
"impermanence": { "impermanence": {
"inputs": {
"home-manager": [
"home-manager-unstable"
],
"nixpkgs": "nixpkgs_4"
},
"locked": { "locked": {
"lastModified": 1768835187, "lastModified": 1737831083,
"narHash": "sha256-6nY0ixjGjPQCL+/sUC1B1MRiO1LOI3AkRSIywm3i3bE=", "narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=",
"owner": "nix-community", "owner": "nix-community",
"repo": "impermanence", "repo": "impermanence",
"rev": "0d633a69480bb3a3e2f18c080d34a8fa81da6395", "rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -585,22 +519,6 @@
"type": "github" "type": "github"
} }
}, },
"nix": {
"flake": false,
"locked": {
"lastModified": 1772224943,
"narHash": "sha256-jJIlRLPPVYu860MVFx4gsRx3sskmLDSRWXXue5tYncw=",
"owner": "nixos",
"repo": "nix",
"rev": "0acd0566e85e4597269482824711bcde7b518600",
"type": "github"
},
"original": {
"owner": "nixos",
"repo": "nix",
"type": "github"
}
},
"nixGL": { "nixGL": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_7", "flake-utils": "flake-utils_7",
@@ -640,11 +558,11 @@
}, },
"nixpkgs-mine": { "nixpkgs-mine": {
"locked": { "locked": {
"lastModified": 1773177937, "lastModified": 1764886613,
"narHash": "sha256-HY4jRsp70w4cCID7ScA79wB+y45n2scr3Qz/N+0352I=", "narHash": "sha256-jNTFco4zgRNB7jMsEP4DMiAWs4+EQv8zP9Z7QhNaxbo=",
"owner": "devplayer0", "owner": "devplayer0",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "7d4f41507e7519949f6847e050cc0df87ce776d3", "rev": "d6e5dbc8dad8012c93109ad81b19a6590d7c4660",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -656,11 +574,11 @@
}, },
"nixpkgs-mine-stable": { "nixpkgs-mine-stable": {
"locked": { "locked": {
"lastModified": 1768913078, "lastModified": 1764886662,
"narHash": "sha256-kG1pekaHIz9lgzxBd29YXyMuauvPbeJkIJfI9rtYeAM=", "narHash": "sha256-xQbkT8b3a9TC6t1i0TMXl+pQlHjk7FnurFcTAW0TvcE=",
"owner": "devplayer0", "owner": "devplayer0",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "2289d9c7d193d99262cdf7fdc7313a0b4eff8881", "rev": "7fb113672bfb0ef6ab05d4d043020314d4d930a2",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -672,11 +590,11 @@
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1768773494, "lastModified": 1764677808,
"narHash": "sha256-XsM7GP3jHlephymxhDE+/TKKO1Q16phz/vQiLBGhpF4=", "narHash": "sha256-H3lC7knbXOBrHI9hITQ7modLuX20mYJVhZORL5ioms0=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "77ef7a29d276c6d8303aece3444d61118ef71ac2", "rev": "1aab89277eb2d87823d5b69bae631a2496cff57a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -687,11 +605,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1768564909, "lastModified": 1764667669,
"narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=", "narHash": "sha256-7WUCZfmqLAssbDqwg9cUDAXrSoXN79eEEq17qhTNM/Y=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f", "rev": "418468ac9527e799809c900eda37cbff999199b6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -731,22 +649,6 @@
} }
}, },
"nixpkgs_4": { "nixpkgs_4": {
"locked": {
"lastModified": 1768564909,
"narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_5": {
"locked": { "locked": {
"lastModified": 1709309926, "lastModified": 1709309926,
"narHash": "sha256-VZFBtXGVD9LWTecGi6eXrE0hJ/mVB3zGUlHImUs2Qak=", "narHash": "sha256-VZFBtXGVD9LWTecGi6eXrE0hJ/mVB3zGUlHImUs2Qak=",
@@ -762,7 +664,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_6": { "nixpkgs_5": {
"locked": { "locked": {
"lastModified": 1674990008, "lastModified": 1674990008,
"narHash": "sha256-4zOyp+hFW2Y7imxIpZqZGT8CEqKmDjwgfD6BzRUE0mQ=", "narHash": "sha256-4zOyp+hFW2Y7imxIpZqZGT8CEqKmDjwgfD6BzRUE0mQ=",
@@ -802,7 +704,7 @@
"ragenix": { "ragenix": {
"inputs": { "inputs": {
"agenix": "agenix", "agenix": "agenix",
"crane": "crane_2", "crane": "crane",
"flake-utils": "flake-utils_8", "flake-utils": "flake-utils_8",
"nixpkgs": [ "nixpkgs": [
"nixpkgs-unstable" "nixpkgs-unstable"
@@ -832,7 +734,6 @@
"deploy-rs": "deploy-rs", "deploy-rs": "deploy-rs",
"devshell": "devshell_3", "devshell": "devshell_3",
"flake-utils": "flake-utils_6", "flake-utils": "flake-utils_6",
"harmonia": "harmonia",
"home-manager-stable": "home-manager-stable", "home-manager-stable": "home-manager-stable",
"home-manager-unstable": "home-manager-unstable", "home-manager-unstable": "home-manager-unstable",
"impermanence": "impermanence", "impermanence": "impermanence",
@@ -870,7 +771,7 @@
"sbt": { "sbt": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_11", "flake-utils": "flake-utils_11",
"nixpkgs": "nixpkgs_6" "nixpkgs": "nixpkgs_5"
}, },
"locked": { "locked": {
"lastModified": 1698464090, "lastModified": 1698464090,
@@ -1044,27 +945,6 @@
"type": "github" "type": "github"
} }
}, },
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"harmonia",
"nixpkgs"
]
},
"locked": {
"lastModified": 1772660329,
"narHash": "sha256-IjU1FxYqm+VDe5qIOxoW+pISBlGvVApRjiw/Y/ttJzY=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "3710e0e1218041bbad640352a0440114b1e10428",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"utils": { "utils": {
"inputs": { "inputs": {
"systems": "systems_3" "systems": "systems_3"

4
flake.nix
View File

@@ -30,14 +30,10 @@
# Stuff used by systems # Stuff used by systems
impermanence.url = "github:nix-community/impermanence"; impermanence.url = "github:nix-community/impermanence";
impermanence.inputs.home-manager.follows = "home-manager-unstable";
boardie.url = "github:devplayer0/boardie"; boardie.url = "github:devplayer0/boardie";
boardie.inputs.nixpkgs.follows = "nixpkgs-unstable"; boardie.inputs.nixpkgs.follows = "nixpkgs-unstable";
nixGL.url = "github:nix-community/nixGL"; nixGL.url = "github:nix-community/nixGL";
nixGL.inputs.nixpkgs.follows = "nixpkgs-unstable"; nixGL.inputs.nixpkgs.follows = "nixpkgs-unstable";
harmonia.url = "github:nix-community/harmonia";
# harmonia.url = "github:devplayer0/harmonia/cache-config-daemon-store";
harmonia.inputs.nixpkgs.follows = "nixpkgs-unstable";
# Packages not in nixpkgs # Packages not in nixpkgs
sharry.url = "github:eikek/sharry"; sharry.url = "github:eikek/sharry";

29
lib/constants.nix
View File

@@ -30,7 +30,7 @@ rec {
kernel = { kernel = {
lts = pkgs: pkgs.linuxKernel.packages.linux_6_12; lts = pkgs: pkgs.linuxKernel.packages.linux_6_12;
latest = pkgs: pkgs.linuxKernel.packages.linux_6_18; latest = pkgs: pkgs.linuxKernel.packages.linux_6_17;
}; };
nginx = rec { nginx = rec {
@@ -148,9 +148,6 @@ rec {
hillcrest = { hillcrest = {
v4 = subnet 6 0 p2pTunnels.v4; v4 = subnet 6 0 p2pTunnels.v4;
}; };
john-valorant = {
v4 = subnet 6 1 p2pTunnels.v4;
};
cust = { cust = {
v4 = subnet 8 100 all.v4; # single ip for routing only v4 = subnet 8 100 all.v4; # single ip for routing only
@@ -220,10 +217,6 @@ rec {
port = 25568; port = 25568;
dst = aa.kinkcraft-oci.internal.ipv4.address; dst = aa.kinkcraft-oci.internal.ipv4.address;
} }
{
port = 25569;
dst = aa.graeme-oci.internal.ipv4.address;
}
# RCON... unsafe? # RCON... unsafe?
# { # {
@@ -231,11 +224,6 @@ rec {
# dst = aa.simpcraft-oci.internal.ipv4.address; # dst = aa.simpcraft-oci.internal.ipv4.address;
# } # }
{
port = 7777;
dst = aa.gam.internal.ipv4.address;
}
{ {
port = 2456; port = 2456;
dst = aa.valheim-oci.internal.ipv4.address; dst = aa.valheim-oci.internal.ipv4.address;
@@ -268,11 +256,6 @@ rec {
dst = aa.kinkcraft-oci.internal.ipv4.address; dst = aa.kinkcraft-oci.internal.ipv4.address;
proto = "udp"; proto = "udp";
} }
{
port = 25569;
dst = aa.graeme-oci.internal.ipv4.address;
proto = "udp";
}
{ {
port = 15636; port = 15636;
@@ -290,12 +273,6 @@ rec {
dst = aa.qclk.internal.ipv4.address; dst = aa.qclk.internal.ipv4.address;
proto = "udp"; proto = "udp";
} }
{
port = 7777;
dst = aa.gam.internal.ipv4.address;
proto = "udp";
}
]; ];
fstrimConfig = { fstrimConfig = {
@@ -449,10 +426,6 @@ rec {
vpn.port = 51822; vpn.port = 51822;
}; };
john-valorant = {
vpn.port = 51823;
};
sshKeyFiles = { sshKeyFiles = {
me = ../.keys/me.pub; me = ../.keys/me.pub;
deploy = ../.keys/deploy.pub; deploy = ../.keys/deploy.pub;

57
nixos/boxes/colony/vms/estuary/default.nix
View File

@@ -104,9 +104,11 @@ in
lvm = { lvm = {
dmeventd.enable = true; dmeventd.enable = true;
}; };
resolved.settings.Resolve = { resolved = {
LLMNR = false; llmnr = "false";
MulticastDNS = false; extraConfig = ''
MulticastDNS=false
'';
}; };
netdata.enable = true; netdata.enable = true;
@@ -188,25 +190,6 @@ in
]; ];
}; };
} }
{
"30-john-valorant" = {
netdevConfig = {
Name = "john-valorant";
Kind = "wireguard";
};
wireguardConfig = {
PrivateKeyFile = config.age.secrets."estuary/john-valorant-wg.key".path;
ListenPort = lib.my.c.john-valorant.vpn.port;
};
wireguardPeers = [
{
PublicKey = "xyqKF0yOAv1bObN1paL2vATFh77pdFfvN+JmuAxaTCk=";
AllowedIPs = [ (net.cidr.host 2 prefixes.john-valorant.v4) ];
PersistentKeepalive = 25;
}
];
};
}
]; ];
links = { links = {
@@ -384,7 +367,7 @@ in
}; };
"95-hillcrest" = { "95-hillcrest" = {
matchConfig.Name = "hillcrest"; matchConfig.Name = "hillcrest";
address = [ "${net.cidr.host 1 prefixes.hillcrest.v4}/32" ]; address = [ (net.cidr.host 1 prefixes.hillcrest.v4) ];
routes = [ routes = [
{ {
Destination = net.cidr.host 2 prefixes.hillcrest.v4; Destination = net.cidr.host 2 prefixes.hillcrest.v4;
@@ -392,16 +375,6 @@ in
} }
]; ];
}; };
"95-john-valorant" = {
matchConfig.Name = "john-valorant";
address = [ "${net.cidr.host 1 prefixes.john-valorant.v4}/32" ];
routes = [
{
Destination = net.cidr.host 2 prefixes.john-valorant.v4;
Scope = "link";
}
];
};
} ]; } ];
}; };
@@ -415,9 +388,6 @@ in
"estuary/hillcrest-wg.key" = { "estuary/hillcrest-wg.key" = {
owner = "systemd-network"; owner = "systemd-network";
}; };
"estuary/john-valorant-wg.key" = {
owner = "systemd-network";
};
"l2mesh/as211024.key" = {}; "l2mesh/as211024.key" = {};
}; };
}; };
@@ -429,13 +399,7 @@ in
}; };
}; };
firewall = { firewall = {
udp.allowed = [ udp.allowed = [ 5353 lib.my.c.kelder.vpn.port lib.my.c.hillcrest.vpn.port ];
5353
lib.my.c.kelder.vpn.port
lib.my.c.hillcrest.vpn.port
lib.my.c.john-valorant.vpn.port
];
tcp.allowed = [ 5353 "bgp" ]; tcp.allowed = [ 5353 "bgp" ];
nat = { nat = {
enable = true; enable = true;
@@ -471,8 +435,6 @@ in
ip6 daddr ${aa.simpcraft-staging-oci.internal.ipv6.address} tcp dport 25565 accept ip6 daddr ${aa.simpcraft-staging-oci.internal.ipv6.address} tcp dport 25565 accept
ip6 daddr ${aa.kevcraft-oci.internal.ipv6.address} tcp dport 25567 accept ip6 daddr ${aa.kevcraft-oci.internal.ipv6.address} tcp dport 25567 accept
ip6 daddr ${aa.kinkcraft-oci.internal.ipv6.address} tcp dport 25568 accept ip6 daddr ${aa.kinkcraft-oci.internal.ipv6.address} tcp dport 25568 accept
ip6 daddr ${aa.graeme-oci.internal.ipv6.address} tcp dport 25569 accept
ip6 daddr ${aa.gam.internal.ipv6.address} tcp dport 7777 accept
return return
} }
chain routing-udp { chain routing-udp {
@@ -482,8 +444,6 @@ in
ip6 daddr ${aa.enshrouded-oci.internal.ipv6.address} udp dport { 15636-15637 } accept ip6 daddr ${aa.enshrouded-oci.internal.ipv6.address} udp dport { 15636-15637 } accept
ip6 daddr ${aa.kevcraft-oci.internal.ipv6.address} udp dport 25567 accept ip6 daddr ${aa.kevcraft-oci.internal.ipv6.address} udp dport 25567 accept
ip6 daddr ${aa.kinkcraft-oci.internal.ipv6.address} udp dport 25568 accept ip6 daddr ${aa.kinkcraft-oci.internal.ipv6.address} udp dport 25568 accept
ip6 daddr ${aa.graeme-oci.internal.ipv6.address} udp dport 25569 accept
ip6 daddr ${aa.gam.internal.ipv6.address} udp dport 7777 accept
return return
} }
chain filter-routing { chain filter-routing {
@@ -504,7 +464,7 @@ in
iifname { wan, as211024, $ixps } oifname base jump filter-routing iifname { wan, as211024, $ixps } oifname base jump filter-routing
oifname $ixps jump ixp oifname $ixps jump ixp
iifname base oifname { base, wan, $ixps } accept iifname base oifname { base, wan, $ixps } accept
oifname { as211024, kelder, hillcrest, john-valorant } accept oifname { as211024, kelder, hillcrest } accept
} }
chain output { chain output {
oifname ifog ether type != vlan reject oifname ifog ether type != vlan reject
@@ -517,7 +477,6 @@ in
} }
chain postrouting { chain postrouting {
oifname hillcrest snat ip to ${net.cidr.host 1 prefixes.hillcrest.v4} oifname hillcrest snat ip to ${net.cidr.host 1 prefixes.hillcrest.v4}
oifname john-valorant snat ip to ${net.cidr.host 1 prefixes.john-valorant.v4}
ip saddr ${prefixes.all.v4} oifname != as211024 snat to ${assignments.internal.ipv4.address} ip saddr ${prefixes.all.v4} oifname != as211024 snat to ${assignments.internal.ipv4.address}
} }
} }

7
nixos/boxes/colony/vms/estuary/dns.nix
View File

@@ -168,10 +168,6 @@ in
kevcraft IN AAAA ${allAssignments.kevcraft-oci.internal.ipv6.address} kevcraft IN AAAA ${allAssignments.kevcraft-oci.internal.ipv6.address}
kinkcraft IN A ${assignments.internal.ipv4.address} kinkcraft IN A ${assignments.internal.ipv4.address}
kinkcraft IN AAAA ${allAssignments.kinkcraft-oci.internal.ipv6.address} kinkcraft IN AAAA ${allAssignments.kinkcraft-oci.internal.ipv6.address}
graeme IN A ${assignments.internal.ipv4.address}
graeme IN AAAA ${allAssignments.graeme-oci.internal.ipv6.address}
terraria IN A ${assignments.internal.ipv4.address}
terraria IN AAAA ${allAssignments.gam.internal.ipv6.address}
mail-vm IN A ${net.cidr.host 0 prefixes.mail.v4} mail-vm IN A ${net.cidr.host 0 prefixes.mail.v4}
mail-vm IN AAAA ${net.cidr.host 1 prefixes.mail.v6} mail-vm IN AAAA ${net.cidr.host 1 prefixes.mail.v6}
@@ -185,9 +181,6 @@ in
jam-fwd IN A ${allAssignments.shill.internal.ipv4.address} jam-fwd IN A ${allAssignments.shill.internal.ipv4.address}
jam-cust IN AAAA ${net.cidr.host 1 prefixes.jam.v6} jam-cust IN AAAA ${net.cidr.host 1 prefixes.jam.v6}
hillcrest-tun IN A ${net.cidr.host 2 prefixes.hillcrest.v4}
john-valorant-tun IN A ${net.cidr.host 2 prefixes.john-valorant.v4}
$TTL 3 $TTL 3
_acme-challenge IN LUA TXT @@FILE@@ _acme-challenge IN LUA TXT @@FILE@@

1
nixos/boxes/colony/vms/shill/containers/default.nix
View File

@@ -9,6 +9,5 @@
./toot.nix ./toot.nix
./waffletail.nix ./waffletail.nix
./qclk ./qclk
./gam.nix
]; ];
} }

72
nixos/boxes/colony/vms/shill/containers/gam.nix
View File

@@ -1,72 +0,0 @@
{ lib, ... }:
let
inherit (lib.my) net;
inherit (lib.my.c) pubDomain;
inherit (lib.my.c.colony) domain prefixes;
in
{
nixos.systems.gam = { config, ... }: {
system = "x86_64-linux";
nixpkgs = "mine";
rendered = config.configuration.config.my.asContainer;
assignments = {
internal = {
name = "gam-ctr";
inherit domain;
ipv4.address = net.cidr.host 11 prefixes.ctrs.v4;
ipv6 = {
iid = "::11";
address = net.cidr.host 11 prefixes.ctrs.v6;
};
};
};
configuration = { lib, pkgs, config, assignments, allAssignments, ... }:
let
inherit (lib) mkMerge mkIf mkForce;
inherit (lib.my) networkdAssignment;
in
{
config = mkMerge [
{
my = {
deploy.enable = false;
server.enable = true;
secrets = {
key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAvDlH3nT1kve741gBluYmn5KQs8yz7FAEt8qLt+f0K6";
files = {
"gam/terraria.conf" = {
owner = "terraria";
group = "terraria";
};
};
};
};
systemd = {
network.networks."80-container-host0" = networkdAssignment "host0" assignments.internal;
};
services = {
terraria = {
enable = true;
noUPnP = true;
messageOfTheDay = "sup gamers";
autoCreatedWorldSize = "large";
worldPath = "/var/lib/terraria/NotWorld.wld";
configFile = config.age.secrets."gam/terraria.conf".path;
openFirewall = true;
};
};
}
(mkIf config.my.build.isDevVM {
virtualisation = {
forwardPorts = [ ];
};
})
];
};
};
}

2
nixos/boxes/colony/vms/shill/containers/jackflix/default.nix
View File

@@ -89,9 +89,7 @@ in
transmission.bindsTo = [ "systemd-networkd-wait-online@vpn.service" ]; transmission.bindsTo = [ "systemd-networkd-wait-online@vpn.service" ];
radarr.serviceConfig.UMask = "0002"; radarr.serviceConfig.UMask = "0002";
radarr.path = with pkgs; [ ffmpeg ];
sonarr.serviceConfig.UMask = "0002"; sonarr.serviceConfig.UMask = "0002";
sonarr.path = with pkgs; [ ffmpeg ];
jellyseerr.serviceConfig = { jellyseerr.serviceConfig = {
# Needs to be able to read its secrets # Needs to be able to read its secrets
DynamicUser = mkForce false; DynamicUser = mkForce false;

8
nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix
View File

@@ -437,14 +437,6 @@ in
}; };
useACMEHost = pubDomain; useACMEHost = pubDomain;
}; };
"hass-john.${pubDomain}" = {
locations."/" = {
proxyPass = "http://john-valorant-tun.${domain}:8123";
proxyWebsockets = true;
extraConfig = proxyHeaders;
};
useACMEHost = pubDomain;
};
}; };
minio = minio =

41
nixos/boxes/colony/vms/shill/containers/object.nix
View File

@@ -89,17 +89,12 @@ in
{ {
users = { users = {
harmonia = { harmonia = {
isSystemUser = true;
group = "harmonia";
shell = pkgs.bashInteractive; shell = pkgs.bashInteractive;
openssh.authorizedKeys.keyFiles = [ openssh.authorizedKeys.keyFiles = [
lib.my.c.sshKeyFiles.harmonia lib.my.c.sshKeyFiles.harmonia
]; ];
}; };
}; };
groups = {
harmonia = { };
};
} }
]; ];
@@ -132,24 +127,13 @@ in
}; };
} }
]; ];
harmonia = {
harmonia-dev = { environment.NIX_REMOTE = "/var/lib/harmonia";
# environment.RUST_LOG = mkForce "trace";
# serviceConfig = {
# StateDirectory = "harmonia";
# DynamicUser = mkForce false;
# };
};
harmonia-daemon = {
# environment.RUST_LOG = mkForce "trace";
preStart = '' preStart = ''
${config.nix.package}/bin/nix store info --store /var/lib/harmonia ${config.nix.package}/bin/nix store ping
''; '';
serviceConfig = { serviceConfig = {
User = "harmonia";
Group = "harmonia";
StateDirectory = "harmonia"; StateDirectory = "harmonia";
DynamicUser = mkForce false;
}; };
}; };
}; };
@@ -251,20 +235,11 @@ in
}; };
}; };
harmonia-dev = { harmonia = {
daemon = { enable = true;
enable = true; signKeyPaths = [ config.age.secrets."nix-cache.key".path ];
storeDir = "/nix/store"; settings = {
dbPath = "/var/lib/harmonia/nix/var/nix/db/db.sqlite"; priority = 30;
};
cache = {
enable = true;
signKeyPaths = [ config.age.secrets."nix-cache.key".path ];
settings = {
priority = 30;
virtual_nix_store = "/nix/store";
real_nix_store = "/var/lib/harmonia/nix/store";
};
}; };
}; };

1
nixos/boxes/colony/vms/shill/default.nix
View File

@@ -217,7 +217,6 @@ in
toot = {}; toot = {};
waffletail = {}; waffletail = {};
qclk = {}; qclk = {};
gam = {};
}; };
in in
mkMerge [ mkMerge [

1
nixos/boxes/colony/vms/whale2/default.nix
View File

@@ -55,7 +55,6 @@ in
enshrouded-oci = 5; enshrouded-oci = 5;
kevcraft-oci = 6; kevcraft-oci = 6;
kinkcraft-oci = 7; kinkcraft-oci = 7;
graeme-oci = 8;
}; };
configuration = { lib, pkgs, modulesPath, config, assignments, allAssignments, ... }: configuration = { lib, pkgs, modulesPath, config, assignments, allAssignments, ... }:

43
nixos/boxes/colony/vms/whale2/minecraft/default.nix
View File

@@ -186,49 +186,6 @@ in
]; ];
}; };
graeme = {
# 2026.2.1-java21-alpine
image = "itzg/minecraft-server@sha256:82adaddfe0156f07c34228f1c1065cdbd298abc174de0a9961abb068b11beebb";
environment = {
TYPE = "VANILLA";
SERVER_PORT = "25569";
QUERY_PORT = "25569";
EULA = "true";
ENABLE_QUERY = "true";
ENABLE_RCON = "false";
MOTD = "§4§k----- §9G§ar§ba§ce§dm§ee §4§k-----";
ICON = "/ext/icon.png";
EXISTING_WHITELIST_FILE = "SYNCHRONIZE";
WHITELIST = concatStringsSep "," [
op
"fffa146c-0bc8-421c-9e3a-3635c0aca2ea" # Scarlehh
"1ea05f48-76cc-4034-bcd3-2fa1fc5a7375" # Dario
"4bf837b1-01db-4491-a0e0-700d98542833" # JoeSpencer
"d07a9554-1b05-4b0b-b558-27e4a86e1f53" # AmyClover
];
EXISTING_OPS_FILE = "SYNCHRONIZE";
OPS = op;
DIFFICULTY = "hard";
SPAWN_PROTECTION = "0";
VIEW_DISTANCE = "20";
MAX_MEMORY = "4G";
TZ = "Europe/Dublin";
};
volumes = [
"graeme_data:/data"
"${./graeme.png}:/ext/icon.png:ro"
];
extraOptions = [
''--network=colony:${dockerNetAssignment allAssignments "graeme-oci"}''
];
};
}; };
services = { services = {

BIN
nixos/boxes/colony/vms/whale2/minecraft/graeme.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 8.9 KiB

26
nixos/boxes/home/castle/default.nix
View File

@@ -109,7 +109,11 @@ in
}; };
fstrim.enable = true; fstrim.enable = true;
resolved.settings.Resolve.LLMNR = mkForce true; resolved = {
enable = true;
extraConfig = mkForce "";
dnssec = "false";
};
pipewire.extraConfig.pipewire = { pipewire.extraConfig.pipewire = {
"10-buffer"."context.properties" = { "10-buffer"."context.properties" = {
@@ -118,7 +122,6 @@ in
}; };
}; };
blueman.enable = true; blueman.enable = true;
avahi.enable = true;
}; };
programs = { programs = {
@@ -162,7 +165,6 @@ in
network = { network = {
netdevs = mkMerge [ netdevs = mkMerge [
(mkVLAN "lan-hi" vlans.hi) (mkVLAN "lan-hi" vlans.hi)
(mkVLAN "lan-lo" vlans.lo)
]; ];
links = { links = {
"10-et2.5g" = { "10-et2.5g" = {
@@ -184,7 +186,7 @@ in
networks = { networks = {
"30-et100g" = { "30-et100g" = {
matchConfig.Name = "et100g"; matchConfig.Name = "et100g";
vlan = [ "lan-hi" "lan-lo" ]; vlan = [ "lan-hi" ];
networkConfig.IPv6AcceptRA = false; networkConfig.IPv6AcceptRA = false;
}; };
"40-lan-hi" = mkMerge [ "40-lan-hi" = mkMerge [
@@ -192,22 +194,6 @@ in
# So we don't drop the IP we use to connect to NVMe-oF! # So we don't drop the IP we use to connect to NVMe-oF!
{ networkConfig.KeepConfiguration = "static"; } { networkConfig.KeepConfiguration = "static"; }
]; ];
"45-lan-lo" = {
matchConfig.Name = "lan-lo";
networkConfig = {
DHCP = "ipv4";
IPv6AcceptRA = true;
UseDomains = false;
};
dhcpV4Config = {
UseDNS = false;
UseGateway = false;
};
ipv6AcceptRAConfig = {
UseDNS = false;
UseGateway = false;
};
};
}; };
}; };
}; };

2
nixos/boxes/home/palace/vms/sfh/containers/default.nix
View File

@@ -1,6 +1,6 @@
{ {
imports = [ imports = [
# ./unifi.nix ./unifi.nix
./hass.nix ./hass.nix
]; ];
} }

8
nixos/boxes/home/routing-common/default.nix
View File

@@ -121,9 +121,11 @@ in
}; };
services = { services = {
resolved.settings.Resolve = { resolved = {
LLMNR = false; llmnr = "false";
MulticastDNS = false; extraConfig = ''
MulticastDNS=false
'';
}; };
iperf3 = { iperf3 = {

2
nixos/boxes/home/routing-common/dns_update.py
View File

@@ -33,7 +33,7 @@ def main():
print(f'Updating {args.record} -> {address}') print(f'Updating {args.record} -> {address}')
cf.dns.records.edit( cf.dns.records.edit(
zone_id=zone.id, dns_record_id=record.id, name=args.record, zone_id=zone.id, dns_record_id=record.id,
type='A', content=address) type='A', content=address)
if __name__ == '__main__': if __name__ == '__main__':

22
nixos/boxes/home/routing-common/kea.nix
View File

@@ -165,28 +165,6 @@ in
} }
]; ];
} }
{
id = 3;
subnet = prefixes.untrusted.v4;
interface = "lan-untrusted";
option-data = [
{
name = "routers";
data = vips.untrusted.v4;
}
{
name = "domain-name-servers";
data = "1.1.1.1, 1.0.0.1";
}
];
pools = [
{
pool = if index == 0
then "192.168.80.10 - 192.168.80.127"
else "192.168.80.128 - 192.168.80.250";
}
];
}
]; ];
ddns-send-updates = true; ddns-send-updates = true;
ddns-replace-client-name = "when-not-present"; ddns-replace-client-name = "when-not-present";

8
nixos/boxes/home/routing-common/keepalived.nix
View File

@@ -20,7 +20,10 @@ let
}; };
vlanIface = vlan: if vlan == "as211024" then vlan else "lan-${vlan}"; vlanIface = vlan: if vlan == "as211024" then vlan else "lan-${vlan}";
vrrpIPs = family: concatMap (vlan: [ vrrpIPs = family: concatMap (vlan: (optional (family == "v6") {
addr = "fe80::1/64";
dev = vlanIface vlan;
}) ++ [
{ {
addr = "${vips.${vlan}.${family}}/${toString (net.cidr.length prefixes.${vlan}.${family})}"; addr = "${vips.${vlan}.${family}}/${toString (net.cidr.length prefixes.${vlan}.${family})}";
dev = vlanIface vlan; dev = vlanIface vlan;
@@ -61,9 +64,6 @@ in
v4 = mkVRRP "v4" 51; v4 = mkVRRP "v4" 51;
v6 = (mkVRRP "v6" 52) // { v6 = (mkVRRP "v6" 52) // {
extraConfig = '' extraConfig = ''
virtual_ipaddress_excluded {
${concatMapStringsSep "\n" (vlan: "fe80::1/64 dev ${vlanIface vlan}") (attrNames vips)}
}
notify_master "${config.systemd.package}/bin/systemctl start radvd.service" root notify_master "${config.systemd.package}/bin/systemctl start radvd.service" root
notify_backup "${config.systemd.package}/bin/systemctl stop radvd.service" root notify_backup "${config.systemd.package}/bin/systemctl stop radvd.service" root
''; '';

2
nixos/boxes/kelder/containers/spoder/default.nix
View File

@@ -88,7 +88,7 @@ in
}; };
services = { services = {
resolved.settings.Resolve = mkForce { }; resolved.extraConfig = mkForce "";
nextcloud = { nextcloud = {
enable = true; enable = true;

6
nixos/boxes/tower/default.nix
View File

@@ -99,6 +99,12 @@
}; };
}; };
resolved = {
enable = true;
extraConfig = mkForce "";
dnssec = "false";
};
fprintd.enable = true; fprintd.enable = true;
blueman.enable = true; blueman.enable = true;

2
nixos/installer.nix
View File

@@ -99,7 +99,7 @@
# Enable wpa_supplicant, but don't start it by default. # Enable wpa_supplicant, but don't start it by default.
networking.wireless.enable = mkDefault true; networking.wireless.enable = mkDefault true;
networking.wireless.userControlled = true; networking.wireless.userControlled.enable = true;
systemd.services.wpa_supplicant.wantedBy = mkForce []; systemd.services.wpa_supplicant.wantedBy = mkForce [];
# Tell the Nix evaluator to garbage collect more aggressively. # Tell the Nix evaluator to garbage collect more aggressively.

4
nixos/modules/common.nix
View File

@@ -9,11 +9,10 @@ in
}; };
imports = [ imports = [
inputs.impermanence.nixosModules.default inputs.impermanence.nixosModule
inputs.ragenix.nixosModules.age inputs.ragenix.nixosModules.age
inputs.sharry.nixosModules.default inputs.sharry.nixosModules.default
inputs.copyparty.nixosModules.default inputs.copyparty.nixosModules.default
inputs.harmonia.nixosModules.harmonia
]; ];
config = mkMerge [ config = mkMerge [
@@ -139,7 +138,6 @@ in
bash-completion bash-completion
git git
unzip unzip
tcpdump
] ]
(mkIf config.services.netdata.enable [ netdata ]) (mkIf config.services.netdata.enable [ netdata ])
]; ];

3
nixos/modules/deploy-rs.nix
View File

@@ -45,9 +45,8 @@ let
journalctl -o cat --no-pager -n 0 -f -u "$unit" & journalctl -o cat --no-pager -n 0 -f -u "$unit" &
jPid=$! jPid=$!
# shellcheck disable=SC2329
cleanup() { cleanup() {
# shellcheck disable=SC2317
kill "$jPid" kill "$jPid"
} }
trap cleanup EXIT trap cleanup EXIT

14
nixos/modules/gui/default.nix
View File

@@ -1,6 +1,6 @@
{ lib, pkgs, config, ... }: { lib, pkgs, config, ... }:
let let
inherit (lib) optional mkIf mkDefault mkMerge mkOverride; inherit (lib) optional mkIf mkDefault mkMerge;
inherit (lib.my) mkBoolOpt'; inherit (lib.my) mkBoolOpt';
cfg = config.my.gui; cfg = config.my.gui;
@@ -44,18 +44,6 @@ in
swaylock-plugin swaylock-plugin
]; ];
services = { services = {
# TODO: Remove if-else when 26.05 releases
resolved = if (config.system.nixos.release == "25.11:u-26.05") then {
settings.Resolve = {
FallbackDNS = mkOverride 99 (
"1.1.1.1#cloudflare-dns.com 8.8.8.8#dns.google " +
"1.0.0.1#cloudflare-dns.com 8.8.4.4#dns.google " +
"2606:4700:4700::1111#cloudflare-dns.com 2001:4860:4860::8888#dns.google " +
"2606:4700:4700::1001#cloudflare-dns.com 2001:4860:4860::8844#dns.google" );
LLMNR = "resolve";
};
} else { };
pipewire = { pipewire = {
enable = true; enable = true;
alsa.enable = true; alsa.enable = true;

15
nixos/modules/netboot/default.nix
View File

@@ -5,10 +5,23 @@ let
cfg = config.my.netboot; cfg = config.my.netboot;
# Newer releases don't boot on desktop?
ipxe = pkgs.ipxe.overrideAttrs (o: rec {
version = "1.21.1-unstable-2024-06-27";
src = pkgs.fetchFromGitHub {
owner = "ipxe";
repo = "ipxe";
rev = "b66e27d9b29a172a097c737ab4d378d60fe01b05";
hash = "sha256-TKZ4WjNV2oZIYNefch7E7m1JpeoC/d7O1kofoNv8G40=";
};
# This upstream patch (in newer versions) is needed for newer GCC
patches = (if (o ? patches) then o.patches else []) ++ [ ./fix-uninitialised-var.patch ];
});
tftpRoot = pkgs.linkFarm "tftp-root" [ tftpRoot = pkgs.linkFarm "tftp-root" [
{ {
name = "ipxe-x86_64.efi"; name = "ipxe-x86_64.efi";
path = "${pkgs.ipxe}/ipxe.efi"; path = "${ipxe}/ipxe.efi";
} }
]; ];
menuFile = pkgs.runCommand "menu.ipxe" { menuFile = pkgs.runCommand "menu.ipxe" {

12
nixos/modules/network.nix
View File

@@ -13,21 +13,13 @@ in
}; };
services.resolved = { services.resolved = {
# Explicitly unset fallback DNS (Nix module will not allow for a blank config)
# TODO: Remove if-else when 26.05 releases
} // (if config.system.nixos.release == "25.11:u-25.11" then {
domains = [ config.networking.domain ]; domains = [ config.networking.domain ];
# Explicitly unset fallback DNS (Nix module will not allow for a blank config)
extraConfig = '' extraConfig = ''
FallbackDNS= FallbackDNS=
Cache=no-negative Cache=no-negative
''; '';
} else { };
settings.Resolve = {
Domains = [ config.networking.domain ];
FallbackDNS = "";
Cache = "no-negative";
};
});
} }
(mkIf config.my.build.isDevVM { (mkIf config.my.build.isDevVM {

5
nixos/modules/server.nix
View File

@@ -12,7 +12,6 @@ in
services = { services = {
getty.autologinUser = mkDefault uname; getty.autologinUser = mkDefault uname;
kmscon.autologinUser = mkDefault uname; kmscon.autologinUser = mkDefault uname;
# TODO: Update to Setings.Resolve.LLMNR when 26.05 releases
resolved.llmnr = mkDefault "false"; resolved.llmnr = mkDefault "false";
}; };
systemd = { systemd = {
@@ -36,6 +35,10 @@ in
}; };
documentation.nixos.enable = mkDefault' false; documentation.nixos.enable = mkDefault' false;
environment.systemPackages = with pkgs; [
tcpdump
];
}; };
meta.buildDocsInSandbox = false; meta.buildDocsInSandbox = false;

10
nixos/modules/tmproot.nix
View File

@@ -603,16 +603,6 @@ in
} }
]; ];
}) })
(mkIf config.services.terraria.enable {
my.tmproot.persistence.config.directories = [
{
directory = config.services.terraria.dataDir;
mode = "0755";
user = "terraria";
group = "terraria";
}
];
})
])) ]))
]); ]);

4
pkgs/chocolate-doom2xx/default.nix
View File

@@ -23,10 +23,6 @@ stdenv.mkDerivation rec {
./demoloopi.patch ./demoloopi.patch
]; ];
configureFlags = [
"CFLAGS=-std=gnu17"
];
outputs = [ "out" "man" ]; outputs = [ "out" "man" ];
postPatch = '' postPatch = ''

12
secrets/estuary/john-valorant-wg.key.age
View File

@@ -1,12 +0,0 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IG44Q3BVdyBvMndF
M21hR3p2VmEzUm16eDEya2NtSW54SElScnQzRVhTYnhRNC9oS3dVCnFsS3ZyLyt2
aVlsVEgySFpvKzA4cTd0ZnkwbGRHakJSL2JESU54KzFDNEkKLT4gWDI1NTE5IFQw
cTN5bjJJVUoyckpjWnllM3piV3llM1VRSlN3Tlk4cG0yRzlTU1ZnMzQKQ2s2d0xs
VjBjUlRkbUpHZDV0c2kwUGhUczhuVEV3ZE1WK2NxWndDQk9PWQotPiA+Oi1QYD47
LWdyZWFzZSBFTEJWRHkzIE0oOVJTJQp2THpheXJqYmdPRlpTRXhQTkYzeGsyZ0dG
aElRblgwWW1sT1NjZVNPUFNINXBPV1BxUldkCi0tLSBNOGhuUkNCV2NCZi9PdGxP
WitZYTNwcDZXdGNjbDUzQkVZUEtUK2JsZTN3CrxYEwDQAvqeCckfsLUKB1ixsTF1
rQNRYxioye5T7AZEnOrZg62qkOELmCwAD5UJt5tkNRrmHkm0JwiqNsThHX6qGnHl
iDgytz/Hymij
-----END AGE ENCRYPTED FILE-----

13
secrets/gam/terraria.conf.age
View File

@@ -1,13 +0,0 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFY3bGdHdyBEZzFM
NFkyT2k0MmdkTkVhL1U3M2dEUXhhQk1VejNDMDBDZ2xSaWs2NXlzClJranFmWG14
NVZ2cXRSZzc5N1ZXM3ZaWWpsY3gxYjg4dnRWeHh5NHlNUU0KLT4gWDI1NTE5IGlh
ZmN5Ti9sakpwZUNna1RWOWtEU1VXVkY4cXhpeW9kdUdUMVJaK2dUelUKS2FCbFVF
VStaZENxRlVBRlk1ak9sb2Q4YWg4SmxSV0xRU2R3dGZ4TGNoVQotPiB1UTRIcGlZ
LWdyZWFzZSB9I1VoKG50JCBSCnp2blloZGhpVDk2YVB2ZDVmbDZBeWJxdmsyMUc5
NHk1cDg3cCtVclVnU2J5dUQ4UWh1bnJIMERyTVg4UzlFS0YKNjNLdmZIYk5qWXI0
UVEvcWJzbm1Da2RmdzVmRzhmbEltdURhMVhKL0g5S2hqTTJVU3Z0dnBoSQotLS0g
QUVQOEk0OGpuUnFEQkhkVnBrUUk2OWZ3MkxIVmF4b2QzYjlnMW5veVorQQqEjPN4
qAfHZxuujoneLQu98m+2zXuTGY6tvnnvaZLoqbr0dQgQ+ISHgipnhYM0b6FK6sbG
mgGYyg==
-----END AGE ENCRYPTED FILE-----

146
secrets/user-passwd.txt.age
View File

@@ -1,76 +1,74 @@
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHNqUFR5ZyBkWHB2 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHNqUFR5ZyBlbHl0
MHNUSnRIQkc4OENhN2dVdVlFZFRlWW5oVW9WbENaTGcwK2ZnQVFRCkQyYjdNaEtK S0lQbXBKVGpNNnJOUS9TSlp0U0EvYWFVanN3N0RMb1JudEdwYVQ4CnJGdklzeEFy
SXE5RExTMm9EZC9GSEJGcWNabUgyOERBZmFmV0VqRFVXWTgKLT4gc3NoLWVkMjU1 RmxjamNyUWszYjFGb0ZZbk9EQVdERERtckpqczVscjdmUE0KLT4gc3NoLWVkMjU1
MTkgRExNZUZnIEhJNHN3c0lGL1lrMTA0ZHV2bHdPZ0dveDNBNVlzazEwbU9NcVZl MTkgRExNZUZnIGR4czhRYjUyU29JbnFnRk5IeXliNzZzMVMya1ZuS2tkUlFVTkxU
Z3RKelUKaWEwTTZvSTA0T2pKSGVoc3gwL3VPWjNPOFk3dTNjYVo5S2tPWUNtV3Fw aFd0VWsKenprWWQ0UEdaUGhvRlJUbnU1T2h1czZBK1dpOGwwcjJxc2p6ejV1RnM0
dwotPiBzc2gtZWQyNTUxOSAzYkIzWmcgMEN2dDJiRHYrQzRIb1JJVXp1V0ZyMkdu RQotPiBzc2gtZWQyNTUxOSAzYkIzWmcgMHB6dzVFQ3FtaWErVWNyRXo3WnNhT2NF
RWNtKy93QVR4SVJkK1VXTlUyQQpNdUU1c1NOdi9ZbmFTNHJBWmNTZFp2NDZORWp1 eldUVWtOaVlWOTVwcVVaOUlGMApJUDUzNmhKbUxleTV6SjV0Zmk3dno0STVIRDIv
ZzZzMzU3ZWFVYU1Lc1k0Ci0+IHNzaC1lZDI1NTE5IHErMFhjdyBiVS9ZeVE5Vytp SUkyd1M2Z21mdUtMUXIwCi0+IHNzaC1lZDI1NTE5IHErMFhjdyBnRFBPRnNSa0Nn
a3p2c2xYM28rM0Q1UWMyNkQxYWRScStGRGVhTTYvQWc4ClNvSksydmhid20yTzNC UTlpR1Y4OU1UQmNLRnRWaGxzU3RBV0c1bG90K2I5QUQ0CjArUFlGS1B2RkVKSEtP
ZHF2b252MWwzRG9Zdi9uRVpqL1BacGRaemo5OEkKLT4gc3NoLWVkMjU1MTkgWkIz ajRpUUNlMkRPN3pxaEkrZ1M3RndxRDZ6U09Wc2cKLT4gc3NoLWVkMjU1MTkgWkIz
ZTZRIFVZUTVjNS9pak9JSnF4N2JOMEZINmtKTzU5OUxHbHRKeng2cldvK2NXU2sK ZTZRIFRPdXRTeEVvUTM1dlQzMll2VDFkUlY2eEFRcnRrc1lNeDZDbFE1a3BjaDgK
T0M3QTZJU2lqMk9nRGl2c3QwNTlWOEwyYVJUK3pleEtMZ0lYbm9TSmVUZwotPiBz MytBM0Y2Mmo2M1JOWExLQy8xTm9SR05WcmxrV2xBZ0RpeXQxeGVkZ1VZcwotPiBz
c2gtZWQyNTUxOSBqNjdGWFEgRzRXYTBxQWduN2QvZk84NXVWVHlQN2RiS0pkYXM2 c2gtZWQyNTUxOSBqNjdGWFEgYUw5cnJabnhhdU9lN0NPVXVUazRnVWpzcUVtM3VR
U2cvM0JKRXZvTjAxdwpCbWdMZVpMaXBBNHRRZjN4aU5lNmhRNmMzSnBIWUNtbW1w bWQxNVVSQTN5N3hXRQp0blhXUC94TlRPbS9Ba2N1eVM0QkNNblJBa1hJYjZ1Y1lM
ZStLaXlUL09ZCi0+IHNzaC1lZDI1NTE5IGMwVE5hUSBxK09aSTRaUzZ4VnArMlF4 UDhWbUd5bWNVCi0+IHNzaC1lZDI1NTE5IGMwVE5hUSA0TXowVjA0N2FvcER6OEts
ZFZvNmUrR1hPKzB1SUdRS2Z2dmgyVlROOUVZCllUcDNCSEpVUmVUN2RSYjZ5aDdp VTVwa0UzUEtsY005WDhmaU8zZ3VLaXQvaVRJCjB4cjJiMHVGM3hyWlg0OHhaT0lu
SWhCVFlwcWxJMkxodEwrQXNDOTh0TlUKLT4gc3NoLWVkMjU1MTkgbjhDcFV3IHJ4 K2NJQWVndzYrSDAyK25NMklSVUI4S28KLT4gc3NoLWVkMjU1MTkgbjhDcFV3IFNE
Y1krN2hHTjhOakZSZ3VNNEZnYVVLb1BTZ01iT2dyRjdUdkRodit0QUkKRitpVFJB Q1NZbnpqUkdiaktnYkxZdzZrYUVqWDEvYnMvOTJqSUpybERTNk9uQ0kKYlMzZkVu
WDU2eGw2aUhQZFcrMTB6MU5VTURPNE5HbUFYendOMnNDRXRQcwotPiBzc2gtZWQy SXVtaWk2WEtDMEpwZFM3ZVIyWHQwUWNOZjVRS0I0ZjN5MklHYwotPiBzc2gtZWQy
NTUxOSBWN2xnR3cgcUNRZkp6R0llR0o0RmhvanBoamdoNVBKRWl0Sm1sQVhBRGJw NTUxOSBqSThSQWcgWTZIMCtNMCtzTFpROHpBMnA3b2s2UFE2dDZGbnlxU2VxMlkz
MFFDcmdUbwpENlEvaTh4OUhVQ0VTeXBGMTBoajd1eE42YzYvc0ZvcWlVYU1HWnkr aGJFUzV6awpKNDhobHQrTCs4cUVpNE5wblJMako3bU5tVldjVDBjVlJOOHhkUTNk
R0FnCi0+IHNzaC1lZDI1NTE5IGpJOFJBZyBFdEpIT3F1MGVtZ0ppN05hVDBLRjZz NFdrCi0+IHNzaC1lZDI1NTE5IFQrc2JHQSBTbVlBTXIzQ09SOHRJakZXK3NkT1Uy
eTRWdjZkMGM0SWpqeVJpRXRGc2pRClVpTlB6Q3lCZ3FXd1g1eXU3Y3grRVBJRjBC RFgrUTZncSsyK3p5WlVDSFNwM2lFClErRHk4Qmp2VlIvZW8rV2lNME53ZFlIUmVC
aERTanp4dDhGRFdteThNNTgKLT4gc3NoLWVkMjU1MTkgVCtzYkdBIEpselBValht bXF5RlVvV2FUM3ZmeWpaQzgKLT4gc3NoLWVkMjU1MTkgaE1hNG53IDBINGhyMDBy
TTNtY2lTYWg3VHBUTWNIemdiQXpHd01jMS9BeERMclQ0RGcKYU85dnN3ZEJyQmZZ bkp0RWpTU0F6Uk1kaXllRHBHbXF2QWUwNkN1U0tEWE53VGsKdi9QRlhwRCtyQkRq
ZE9ZYXl4Ym1BZlBkcm9jMXBhZ1J3aUlxR1dPNm96dwotPiBzc2gtZWQyNTUxOSBo cng1Wk1rZkx2NnJTMUxGajN3b2Z3SG0zd0ptcklCZwotPiBzc2gtZWQyNTUxOSBl
TWE0bncgcXdIK21EVDVMZGhMMEltQ3RNbkx5NDhGVWRVdU4wZlhUNDY0bEZTcEZG eXEzZGcgcnQ4WUFMcGRtL1BvYTkxWU12WTdkT1lLRmJlZXZ4cWtHNG54QVo0dDYw
QQpUSGZOb0FoSTgxckp0R3dxVjVPZkQ0b3Z5WXpjU1Q1Qy8zaGNVNzh4ZGJvCi0+ RQp2NkMwbTROZTBuRUVLNEs3L3BmOTZ2S3dDL0hUbm5OaHZXbjVCRG15bExnCi0+
IHNzaC1lZDI1NTE5IGV5cTNkZyBwaGF3NXVNWUVQUUpuUm9pVHVRK1NoV1FmVFMz IHNzaC1lZDI1NTE5IDdXUTlQQSBPL0t1ZWptTm5YQXIwc3ZNUGhkaVM5QU1DMkNL
dys1bE9WaDdNV0RXZFRVCmVJSUx0VkQvbDRjOWdvNlhCNm9RSnhnUHFpYnp0ZjVM NU1WSFlTT05KOWR3dGhJCmdTTEIrNEZma3E0UzArMndqVEgzWnVLNzl0TjhsbG9P
UG82UElhM3R6MFkKLT4gc3NoLWVkMjU1MTkgN1dROVBBIERKYnFGQm9pVlIzYWxu OE9aRVk1Ung1cEkKLT4gc3NoLWVkMjU1MTkgZ1N4UDBRIGJNazFtRThSVVVvb3dP
M3Fza0RucE9SczQzRk5ialU2R215L1NwcVU2bW8Ka2hCL2JSU1c1bEhFS0t3VnEy RHV5WGxCbktDK3c5aEhiYkphNU4zUnVNUVNNV2sKbWZJYkNSZFMvTDI1WVg5SnJV
YWtaMG5mZHBxYjNkK0JQUjlmVHJYSmNUMAotPiBzc2gtZWQyNTUxOSBnU3hQMFEg bUFSY2JsNDJBc253dlN5Y2Nqdm9TbU9IawotPiBzc2gtZWQyNTUxOSBWRmN3NWcg
VHhRN0VEV0xGL0hJUHd1V0drWVJzaWtucXJ2c2xMUVpYMFc2TklLUGdYVQp0VWZj eEo0dmRNWVpuVGdxRHpXc09tUDZldFRKcTBIMVVWcXdmVFRhZnZmenBETQpJWHVp
UEZGeGhaRDh4SmFsek93ejBUM1A3OVorTWFmcWt0QkVCZmV0QU5ZCi0+IHNzaC1l NWJNRWhacHlMbHlQcjEzdEZWdUVpbGg0N2pqMjcvTk92UDJpNUlvCi0+IHNzaC1l
ZDI1NTE5IFZGY3c1ZyBmOHgraG50b2NiREZIcjRacTUwZ1Z3R2h0QXlHMTl6SFNJ ZDI1NTE5IGhrYnR2ZyB0SFJGRE03T3lnTUJZakVCcnQxVklPNXhzak94eU5KUzNX
Qlc4MTFtT2k4CkVSdzY3cEVpR3J3L0szMXBVdmd2OUFsWGJwanRtSGl3QmRyREhJ L216SCtUWEVzCmRrS2Rlc1JiNEg1KzExaUsrNHJuSDlTcU5Oa0J4QVZKVmNBRGFP
WjRwS2sKLT4gc3NoLWVkMjU1MTkgaGtidHZnIGVVNDZzenBDRlRmeW4ybUJqamRD ZWlqUjAKLT4gc3NoLWVkMjU1MTkgZXQyenBRIEFhMFVxZ3RRbk4za2t5cWtwVjVi
UFFpWDY1ZjJuK1VQNWJJSGIyaFJnbmcKcmg3b284YmZQUWt0clBjVDZVZk5CUUlo Qm9ucVdMekVsSHEwSWlML0JIdmQ2SFkKWW5mWnQvRWlaT3hJLzJyTE5RdTNUMWNM
aFRWWUwzVmVPcFBDaW1xKzRqSQotPiBzc2gtZWQyNTUxOSBldDJ6cFEgWEZpOXdx SDB4TjVKZCtDN0tCR1NhdnRqbwotPiBzc2gtZWQyNTUxOSBaYkxKV0EgV1loMWZx
bWo3NnZYSjFTdldoSDBBMVVobHRXYWJjZEd2RVBIanRrQUZROApkZG82RUZHSkRH OHhKelNvNzErMDc4cUE5amgycTFTem5lVmlGYTk5bUM2T2dEUQpkMVQ0VS80Y3Jt
TGkyTG1tRUlRMEg5MVRwRHNjTE9UL1BMRUpDdXVLZ2tVCi0+IHNzaC1lZDI1NTE5 QTZUVnNZV0daczM0Titvc3Q1T2JiTVZYV2tXOW4xV0VRCi0+IHNzaC1lZDI1NTE5
IFpiTEpXQSB0ZWtnRFVWKzRkSU45enFadkx6N3FpRmE1MnByZEljd3FyWGFyd2Ja IFpOcUlvZyAzMnZ2NjR1R2R2UlJNZjNvOU9RckR0MEtnbllyYVJPSUZtUDNWSU5k
QVNvClpiZkxsQ04zR2pzOXBtODdnbjdSaHBtSVFVT3V2aFdyZ2FoaytISmNzR0UK U3c4Ckgza2txalJhOW14c1dGZ0VTc3EzK2NpOUJaVWhqN2lMWU9HL3hMSWlJUVkK
LT4gc3NoLWVkMjU1MTkgWk5xSW9nIHMvWElOMTgvR0ZveHZLSlVqNW9PSmNvdm92 LT4gc3NoLWVkMjU1MTkgcUxqcXlRIHMxNStVTnY1TUZJaHlXQnNTSFhXditsWnVF
ZW92dHhvbG8vRzl2NFdqMFEKUktLWEJuQ25LM1J6OXBvRlRlMEFEeXlhV3M1Yk85 Y2ZKRWZ5UXVPZUVKY2VjakEKV1N3ODVFYXROTzFReWE5Y1A5MkpXUjJVc00wVVd3
Wk0rZWJMQ3U2SVYrcwotPiBzc2gtZWQyNTUxOSBxTGpxeVEgODlpYkhNQmFkNjlp ZUpzTC9rRGdOWUpxWQotPiBzc2gtZWQyNTUxOSBCYVFsUmcganpkWlpaWlRVQ3Vp
ZUYyZ0VDdzBsTmk5TGVPU0VTRnZlSUdMazN3cXB4awpGbEhWMVR0N0NzTGljeEpw Y2hvbkpld2kzdzVtdERHajBNUTEyM0NOWlp0WkxtRQp1MEJUKzFUSW9tWjluVU9Y
dWtrTXR0QW5CVHE5enA2dXZZNm55ajVSa3NVCi0+IHNzaC1lZDI1NTE5IEJhUWxS clBzNFpzdU83MXdGN2dJSGducnplbEd4M1JNCi0+IHNzaC1lZDI1NTE5IHMrcVJm
ZyBJc2xSZUJkaEd5U1EyV0J6T2pUU1ZWMnRPSzYwNFRERndsdThYeFFQSUVJCmlT ZyBSRW1pZWFhQkpQRTFYTG9IZnVmWmx6S2pNUll4MGhtRFd1Y0ZhS25JNFZVCjhU
OWh1dnpNRDU5WlNSaW5FTUZ5QVVHSmw0NUpQMklOb3JYU3FSM3ZTWEUKLT4gc3No UDhoOTlTUEtqbytZMjZ2NlozcnZTNXVNcVA3cU1TRmtsL1g4bEhKUzgKLT4gc3No
LWVkMjU1MTkgcytxUmZnIERvYU1PNXJkWEs0VkI5YWNuY3ZGK2xpVkpxN01zbHA2 LWVkMjU1MTkgNjJKY2NBIElSSXZjc3J5cWNwOHFNV281YzBrVzc2TlVwMnRwb0NJ
cm9DUzk1WHIrRWsKZVRGWUwrdmVnOTh4clFHdm1yL0JuSVRpVldjWkMwUkdFTk5J dEdST0s4MEhmQnMKaTNEdkFjRktCZHNCY3FsWE5UbFo1R3lXSlI2NE5MR25neWJ4
LzNlT0dZUQotPiBzc2gtZWQyNTUxOSA2MkpjY0EgTXI5QVZySXpsQlVoTE51c29j NTlsSllxWQotPiBzc2gtZWQyNTUxOSAvaHgvZEEgOExaRjJiNTJkUGFxZllSK1Uz
MWltaUZHZUlPUEo1WXZNdUUzSWdWRU94MApMVUYzYlhNZDc5RTRzc0NxNW5PblU0 eWxQTmtxOVFPZkVFb2w2Z0tmZVpwTndDWQpuRFlqZWdaQjZaT1BZSmllVzB5NWhY
WndIV1FZTm51ZlhQdWFQa2NNS25FCi0+IHNzaC1lZDI1NTE5IC9oeC9kQSBWUkJS MmhHaWtZOXFERzhSRWRXWk5TR1RRCi0+IHNzaC1lZDI1NTE5IFd6TEdIQSBtZW04
ZmR2a3BDdHRrVUhqejFjZFI4cWw1MEkrRWUwdHZHZEloemtUT2pBCmFYU21lRllo eWlNWU9JOXYvcVlsb1JXM2JKRlREeXJXNHd6MlkvazZrSzdscG5BCnZzWUFwb3lK
MTlic204cU41Vi95dFBMSSs2eWtVSzJndG1keWdVeUgxNFEKLT4gc3NoLWVkMjU1 dUhkcDZNakFPN0RMRG5LQzdqU1UzNlJ6eGRGSGlhYUx0YXMKLT4gc3NoLWVkMjU1
MTkgSEovSjdBIGhhck53d1ZzYVY5ZjF5VHpXYVBDMGZ5SGdTL3B4NHQ2a3lENGti MTkgSEovSjdBIDBaNzZGVkdaVWlWNk4yVW5UdnFCZ2xWUEtIc2QzQmJTMnlINVF1
NXhZVGMKV3B0d0IwNm5qM0xDUWdOTEZ3Q3ErWGdNRmtIeTBMSjV1eDYzMUVYVFpY V093UmsKcXNhSnlnWHQrRzVSU296NENDN29aMUN5VlRIcittdGNySGhvMHZlT0xl
cwotPiBzc2gtZWQyNTUxOSBPRXFNc2cgcm9ZOS81emFxd2toNTRFUW1LRi9jU3FF NAotPiBzc2gtZWQyNTUxOSBPRXFNc2cgNUFSc045eUVqQWI3MXB4Tkd2RndDS2Na
VUdYRzRWTm5uV0ZjclJPZmsyQQoxZnRtTzZ5YzRJTVRGalU4NFZhQmZlMjhtY2Nv VGJrblFLaENPVlZucFdGRGFDTQp6dlRHTnRLSFkxb1RFdmxGS09Jenh2Q25VZ2ha
Q1oyZURhQUpjR2dvRVNRCi0+IHNzaC1lZDI1NTE5IC9FSlh2ZyA5aUNiQk1FZUtU QWQ4YUNjdVNJbW8vVGVrCi0+IHNzaC1lZDI1NTE5IC9FSlh2ZyBGM2lrUG1DWUx3
S0hta1lOMVlWL1RwdjUvQnl2MTg5VWQrMnNCVERkVkZrCkFraTR4UmFBbXpOR1lq YndZWWdobVo3TjZHTDNabmdsa3ZHcndwUXVZSVg5T0VZCjNYdlFYSHBsWjBTWXlS
TTFCSmZmV0R1VjhWb2V0RXdiYkpaek0rdGVsRE0KLT4gWDI1NTE5IEpZSlNOZk5D V0lSZkpwVE05eU1LcFBEbWdXWEZ0U0tSTkthQnMKLT4gWDI1NTE5IDF5SmczUWpo
WlZ3VFFpVUx2RHlwblVEZHZyVVNGbHNrZ3hUY1FYQUJNMWMKYlo4dFVnS2hhYk1m bkdmWS9SamxtTTF1eVJnc1QxUGJiUjQwR1VSTmdxMEtqQzAKeTF0NWp6dG1CWGNy
THZXMktudExKdEE1enlGWUgyM3FiMGpFbmR6RkNyawotPiBGImFlO2V5Ky1ncmVh VVVXVGFLV3dkWWo2YTVkZmtXcHRZai9FSDVBSmJhbwotPiAmJC1ncmVhc2UgaWU3
c2UKdTZXVjRtcTR2TDFITzB1d3J3RG1hejk1am15SEswR05PMFdoTXR2UVpoRE9H YGkpVSBNV0ZfIDM1fltQdzBcCmZYRXB1NEVMNkVqWVF3Ci0tLSB2RVRFYmVGVklB
dkMvQldlc1FPWlRFSURXN3ppSQoyU0pSRHFIS2I3d1dtTE5OTFFXSTYyR2tTbTZB bGFiUTBKYlMrRitvN2NnUkhScTMvWml6ZzRKU3ZIeEtvChoKB2c5roTC97pdDOi6
RDVROStRCi0tLSAvWEcyR09pQnRhSzN4d2kzSzduOUVtTXd2U25CWmZJdWt5NnNl aPFIaTyOu9NZ4ESwwRjpEgB0D6GP2r7YR3CnxVyXa4sCFUnTF8dLUkABFnSeNeQZ
RHVieGNBCi411IjgmUKttjX6ljaZGWivstOajx2pkTVLV/zFiEj3jv+KDGy1psZQ M64tM6J+tZAyJa9IKaTgSqvQaGYHHYinygNvf6BShCK4nPUJu0cV6gFtqFle0MWA
no+eatGMO8LeJhGJ6H7TBKOmJhFMfoQp1XKJA8OGY+FGZ98bit04djo3jqbVSOms Rez5eRMFH/M2aubhwBeDyHG4WRelkt7oMVXyY6U=
JSPRTvTxxQx+40yO+ETV+2qkRU1OdJTobz9YvuqGlHrJS8UNN30QMPT0ienu3QTY
Tbo=
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----