diff --git a/.sops.yaml b/.sops.yaml index 07db49c..caa6210 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,9 +1,11 @@ keys: - &master age1smmqun9h3cszaza85ty33yenyaqtat572u9r3we4l5gh85njgvws6q680g - &machine_Akun age1emhsx2l0ell6smavzaackwkk7n2u4zf6chdp9xcds3dqp7s444ds9fcaga + - &machine_Cape age1s4zml68g0ys05tv2nlpnevz37vf0uurypfsf996wj4vytgxczumqy3utck creation_rules: - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$ key_groups: - age: - *master - *machine_Akun + - *machine_Cape diff --git a/Justfile b/Justfile index 2be5b8a..aa712e1 100644 --- a/Justfile +++ b/Justfile @@ -5,12 +5,14 @@ default: @just --list switch specialisation=DEFAULT_SPECIALISATION: - nh os switch {{FLAKE_HOME}} {{ if specialisation == DEFAULT_SPECIALISATION { "-S" } else { "-s " + specialisation } }} + nh os switch {{ FLAKE_HOME }} {{ if specialisation == DEFAULT_SPECIALISATION { "-S" } else { "-s " + specialisation } }} + update: nix flake update | spacer -push host target: - nixos-rebuild switch --flake {{FLAKE_HOME}}#{{host}} --target-host {{target}} | spacer + +deploy host: + deploy {{ FLAKE_HOME }}#{{ host }} alias s := switch alias u := update -alias p := push +alias d := deploy diff --git a/flake.lock b/flake.lock index d2f9238..7a8fc52 100644 --- a/flake.lock +++ b/flake.lock @@ -69,11 +69,11 @@ "bt-tracker": { "flake": false, "locked": { - "lastModified": 1737706116, - "narHash": "sha256-jMrl9cy/1vlJgpljPG0jGlnlGSfCdseKe14guF/EMPo=", + "lastModified": 1737792531, + "narHash": "sha256-uTnQYofhXwguCcmr+UqXUSqxu7IQ0cMGeoreAMcUVVk=", "owner": "XIU2", "repo": "TrackersListCollection", - "rev": "d56981366bbe7ce97655111d0b8db5b1b91d4540", + "rev": "35df14b82b2d3dc24797f0e500188ac053f7e1d4", "type": "github" }, "original": { @@ -84,11 +84,11 @@ }, "crane": { "locked": { - "lastModified": 1727974419, - "narHash": "sha256-WD0//20h+2/yPGkO88d2nYbb23WMWYvnRyDQ9Dx4UHg=", + "lastModified": 1737563566, + "narHash": "sha256-GLJvkOG29XCynQm8XWPyykMRqIhxKcBARVu7Ydrz02M=", "owner": "ipetkov", "repo": "crane", - "rev": "37e4f9f0976cb9281cd3f0c70081e5e0ecaee93f", + "rev": "849376434956794ebc7a6b487d31aace395392ba", "type": "github" }, "original": { @@ -116,6 +116,26 @@ "type": "github" } }, + "deploy-rs": { + "inputs": { + "flake-compat": "flake-compat", + "nixpkgs": "nixpkgs_2", + "utils": "utils" + }, + "locked": { + "lastModified": 1727447169, + "narHash": "sha256-3KyjMPUKHkiWhwR91J1YchF6zb6gvckCAY1jOE+ne0U=", + "owner": "serokell", + "repo": "deploy-rs", + "rev": "aa07eb05537d4cd025e2310397a6adcedfe72c76", + "type": "github" + }, + "original": { + "owner": "serokell", + "repo": "deploy-rs", + "type": "github" + } + }, "disko": { "inputs": { "nixpkgs": [ @@ -140,11 +160,11 @@ "flake": false, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1737630537, - "narHash": "sha256-lroOTrqUw443CfegVkfNAfE57uIsF4fjUvlUjVnB3kY=", + "lastModified": 1737777799, + "narHash": "sha256-YDDKpj1j9MqGZgrugfu8mQWjpiy4r7fZ1FMJL58NasM=", "ref": "master", - "rev": "f3bffded7ab861654ab3be7c1e974eafe72c52b0", - "revCount": 4058, + "rev": "9a96d7b0485be4654b6f2237efeccb1144d1ba54", + "revCount": 4063, "type": "git", "url": "https://gitlab.com/rycee/nur-expressions.git?dir=pkgs/firefox-addons" }, @@ -188,6 +208,22 @@ } }, "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_3": { "flake": false, "locked": { "lastModified": 1717312683, @@ -203,7 +239,7 @@ "type": "github" } }, - "flake-compat_3": { + "flake-compat_4": { "locked": { "lastModified": 1696426674, "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", @@ -217,7 +253,7 @@ "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" } }, - "flake-compat_4": { + "flake-compat_5": { "flake": false, "locked": { "lastModified": 1733328505, @@ -307,7 +343,7 @@ }, "flake-utils": { "inputs": { - "systems": "systems" + "systems": "systems_2" }, "locked": { "lastModified": 1731533236, @@ -325,7 +361,7 @@ }, "flake-utils_2": { "inputs": { - "systems": "systems_2" + "systems": "systems_3" }, "locked": { "lastModified": 1705309234, @@ -343,14 +379,14 @@ }, "flake-utils_3": { "inputs": { - "systems": "systems_3" + "systems": "systems_4" }, "locked": { - "lastModified": 1726560853, - "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "owner": "numtide", "repo": "flake-utils", - "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { @@ -361,7 +397,7 @@ }, "flake-utils_4": { "inputs": { - "systems": "systems_5" + "systems": "systems_6" }, "locked": { "lastModified": 1710146030, @@ -416,17 +452,17 @@ }, "ghostty": { "inputs": { - "flake-compat": "flake-compat", + "flake-compat": "flake-compat_2", "nixpkgs-stable": "nixpkgs-stable", "nixpkgs-unstable": "nixpkgs-unstable", "zig": "zig" }, "locked": { - "lastModified": 1737606723, - "narHash": "sha256-imzoApuVpFNyQbBBjTfbFBeo/elX0moFgXrxJEWFCDo=", + "lastModified": 1737779447, + "narHash": "sha256-+iVqQXAUJshUYgxOHfke54Ux4f/aggl1yub86KNx2tE=", "owner": "ghostty-org", "repo": "ghostty", - "rev": "eb21a58aa4dc59dd2a0fbd026cf7cd842f0f07ed", + "rev": "71e62f96fa4d286eda835048428d5be96e9f87c1", "type": "github" }, "original": { @@ -510,11 +546,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1737597695, - "narHash": "sha256-tkMePskjLb0xZZE9zzW+TVy4Latdin4aAEsbNutzt9w=", + "lastModified": 1737740779, + "narHash": "sha256-M4pSv4ycg6fkQmxvJ1BCdoZJvJhqLTUsw6LKoduLpE0=", "owner": "helix-editor", "repo": "helix", - "rev": "76a8682c4d743e8da75e46be0646393317561080", + "rev": "81708b70e685426716999e1278b7373292e797e9", "type": "github" }, "original": { @@ -531,11 +567,11 @@ ] }, "locked": { - "lastModified": 1737630279, - "narHash": "sha256-wJQCxyMRc4P26zDrHmZiRD5bbfcJpqPG3e2djdGG3pk=", + "lastModified": 1737762889, + "narHash": "sha256-5HGG09bh/Yx0JA8wtBMAzt0HMCL1bYZ93x4IqzVExio=", "owner": "nix-community", "repo": "home-manager", - "rev": "0db5c8bfcce78583ebbde0b2abbc95ad93445f7c", + "rev": "daf04c5950b676f47a794300657f1d3d14c1a120", "type": "github" }, "original": { @@ -591,17 +627,17 @@ "inputs": { "niri-stable": "niri-stable", "niri-unstable": "niri-unstable", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs_3", "nixpkgs-stable": "nixpkgs-stable_2", "xwayland-satellite-stable": "xwayland-satellite-stable", "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1737627930, - "narHash": "sha256-oaAatwNVaX36xmI2AKIVu2oG07XJmHq2T+Y66hEprd8=", + "lastModified": 1737797805, + "narHash": "sha256-revbNiDQIhSwkAvGE2IVf3iSHbp1LB52KXu3nukATfE=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "f79aa307f4bc0bfbabee404e6354fd2a1edfcb01", + "rev": "ab19f1d6bf4b38558c84df4990ec0618ec526eb5", "type": "github" }, "original": { @@ -630,11 +666,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1737623252, - "narHash": "sha256-orq/c8lOUrZfCHQhfuLEJtMZpfBYhMtGv1Xuz99Pxj0=", + "lastModified": 1737795105, + "narHash": "sha256-zQSNUKj671I9M4DdMD4iMUnIIWN5oiaWdqDHUSVcaVE=", "owner": "YaLTeR", "repo": "niri", - "rev": "128b01e04905d833214f52a3c6fab308bcc15ce0", + "rev": "78697d1cea20e6b53013e820999b0403c45d9f00", "type": "github" }, "original": { @@ -655,7 +691,7 @@ "nixpkgs" ], "nixpkgs-wine": "nixpkgs-wine", - "systems": "systems_4", + "systems": "systems_5", "treefmt-nix": "treefmt-nix" }, "locked": { @@ -741,16 +777,16 @@ }, "nixos-cosmic": { "inputs": { - "flake-compat": "flake-compat_2", - "nixpkgs": "nixpkgs_3", + "flake-compat": "flake-compat_3", + "nixpkgs": "nixpkgs_4", "nixpkgs-stable": "nixpkgs-stable_3" }, "locked": { - "lastModified": 1737603687, - "narHash": "sha256-/uTWz6xk/Psfl1sqCK3CTSjUVoiq1O988tHRfQpiMP8=", + "lastModified": 1737737985, + "narHash": "sha256-qQvUk3zPDV5IsnPAQAYxLm479hOj3zlZy4k+0PzzyMg=", "owner": "lilyinstarlight", "repo": "nixos-cosmic", - "rev": "e24740b458a5b6932b393977100964ac9e1ef2a1", + "rev": "c09628bdaecece885ee78614245a077fe3805f0a", "type": "github" }, "original": { @@ -761,11 +797,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1737590910, - "narHash": "sha256-qM/y6Dtpu9Wmf5HqeZajQdn+cS0aljdYQQQnrvx+LJE=", + "lastModified": 1737751639, + "narHash": "sha256-ZEbOJ9iT72iwqXsiEMbEa8wWjyFvRA9Ugx8utmYbpz4=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "9368027715d8dde4b84c79c374948b5306fdd2db", + "rev": "dfad538f751a5aa5d4436d9781ab27a6128ec9d4", "type": "github" }, "original": { @@ -873,11 +909,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1737569578, - "narHash": "sha256-6qY0pk2QmUtBT9Mywdvif0i/CLVgpCjMUn6g9vB+f3M=", + "lastModified": 1737672001, + "narHash": "sha256-YnHJJ19wqmibLQdUeq9xzE6CjrMA568KN/lFPuSVs4I=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "47addd76727f42d351590c905d9d1905ca895b82", + "rev": "035f8c0853c2977b24ffc4d0a42c74f00b182cd8", "type": "github" }, "original": { @@ -889,11 +925,11 @@ }, "nixpkgs-stable_3": { "locked": { - "lastModified": 1737299813, - "narHash": "sha256-Qw2PwmkXDK8sPQ5YQ/y/icbQ+TYgbxfjhgnkNJyT1X8=", + "lastModified": 1737569578, + "narHash": "sha256-6qY0pk2QmUtBT9Mywdvif0i/CLVgpCjMUn6g9vB+f3M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "107d5ef05c0b1119749e381451389eded30fb0d5", + "rev": "47addd76727f42d351590c905d9d1905ca895b82", "type": "github" }, "original": { @@ -953,27 +989,27 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1737469691, - "narHash": "sha256-nmKOgAU48S41dTPIXAq0AHZSehWUn6ZPrUKijHAMmIk=", + "lastModified": 1702272962, + "narHash": "sha256-D+zHwkwPc6oYQ4G3A1HuadopqRwUY/JkMwHz1YF7j4Q=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9e4d5190a9482a1fb9d18adf0bdb83c6e506eaab", + "rev": "e97b3e4186bcadf0ef1b6be22b8558eab1cdeb5d", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-unstable", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_3": { "locked": { - "lastModified": 1737062831, - "narHash": "sha256-Tbk1MZbtV2s5aG+iM99U8FqwxU/YNArMcWAv6clcsBc=", + "lastModified": 1737632463, + "narHash": "sha256-38J9QfeGSej341ouwzqf77WIHAScihAKCt8PQJ+NH28=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5df43628fdf08d642be8ba5b3625a6c70731c19c", + "rev": "0aa475546ed21629c4f5bbf90e38c846a99ec9e9", "type": "github" }, "original": { @@ -985,11 +1021,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1737469691, - "narHash": "sha256-nmKOgAU48S41dTPIXAq0AHZSehWUn6ZPrUKijHAMmIk=", + "lastModified": 1737632463, + "narHash": "sha256-38J9QfeGSej341ouwzqf77WIHAScihAKCt8PQJ+NH28=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9e4d5190a9482a1fb9d18adf0bdb83c6e506eaab", + "rev": "0aa475546ed21629c4f5bbf90e38c846a99ec9e9", "type": "github" }, "original": { @@ -1000,6 +1036,22 @@ } }, "nixpkgs_5": { + "locked": { + "lastModified": 1737632463, + "narHash": "sha256-38J9QfeGSej341ouwzqf77WIHAScihAKCt8PQJ+NH28=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "0aa475546ed21629c4f5bbf90e38c846a99ec9e9", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_6": { "locked": { "lastModified": 1736798957, "narHash": "sha256-qwpCtZhSsSNQtK4xYGzMiyEDhkNzOCz/Vfu4oL2ETsQ=", @@ -1034,11 +1086,11 @@ "flake": false, "locked": { "dir": "/pkgs/uncategorized", - "lastModified": 1737281143, - "narHash": "sha256-7LFwPv5PVcqUItQ0nyWpHMD9zIFf6TVKsv1ifoRe3NM=", + "lastModified": 1737795309, + "narHash": "sha256-rCVkkmc7166clcoCw+TV25/IOtm1opj8LjeKolRO/tg=", "owner": "xddxdd", "repo": "nur-packages", - "rev": "5363f9cf43dda8516c848eb80b06a7d652e42046", + "rev": "93681b73b361ddb6e1d1c7e671e5db247ecf6e0b", "type": "github" }, "original": { @@ -1084,6 +1136,7 @@ "inputs": { "bt-tracker": "bt-tracker", "dae": "dae", + "deploy-rs": "deploy-rs", "disko": "disko", "firefox-addons": "firefox-addons", "flake-parts": "flake-parts_2", @@ -1094,7 +1147,7 @@ "niri-flake": "niri-flake", "nixos-cosmic": "nixos-cosmic", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_5", "nur-xddxdd": "nur-xddxdd", "oskars-dotfiles": "oskars-dotfiles", "sops-nix": "sops-nix", @@ -1109,11 +1162,11 @@ ] }, "locked": { - "lastModified": 1728268235, - "narHash": "sha256-lJMFnMO4maJuNO6PQ5fZesrTmglze3UFTTBuKGwR1Nw=", + "lastModified": 1737599167, + "narHash": "sha256-S2rHCrQWCDVp63XxL/AQbGr1g5M8Zx14C7Jooa4oM8o=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "25685cc2c7054efc31351c172ae77b21814f2d42", + "rev": "38374302ae9edf819eac666d1f276d62c712dd06", "type": "github" }, "original": { @@ -1170,24 +1223,24 @@ "base16-helix": "base16-helix", "base16-vim": "base16-vim", "firefox-gnome-theme": "firefox-gnome-theme", - "flake-compat": "flake-compat_4", + "flake-compat": "flake-compat_5", "flake-utils": "flake-utils_5", "git-hooks": "git-hooks", "gnome-shell": "gnome-shell", "home-manager": "home-manager_3", - "nixpkgs": "nixpkgs_5", - "systems": "systems_6", + "nixpkgs": "nixpkgs_6", + "systems": "systems_7", "tinted-foot": "tinted-foot", "tinted-kitty": "tinted-kitty", "tinted-tmux": "tinted-tmux", "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1737584885, - "narHash": "sha256-9QihDPf9pglzTGY51cmmcqGpQuLiJEobJX7CWJzmXsM=", + "lastModified": 1737657729, + "narHash": "sha256-TIDR1zKoP2uaqRot/LnarugfAC9U7geycjbJqA1naVM=", "owner": "danth", "repo": "stylix", - "rev": "36c39ff014a8abbc682a073b2c5ba6cea77cf41e", + "rev": "e594886eb0951a0a0c28ffa333a9df6fb13857a1", "type": "github" }, "original": { @@ -1286,6 +1339,21 @@ "type": "github" } }, + "systems_7": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "tinted-foot": { "flake": false, "locked": { @@ -1400,9 +1468,27 @@ "url": "https://github.com/Open-Wine-Components/umu-launcher/?dir=packaging/nix" } }, + "utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1701680307, + "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "winapps": { "inputs": { - "flake-compat": "flake-compat_3", + "flake-compat": "flake-compat_4", "flake-utils": "flake-utils_4", "nixpkgs": [ "oskars-dotfiles", diff --git a/flake.nix b/flake.nix index 963b84a..44edef2 100644 --- a/flake.nix +++ b/flake.nix @@ -75,6 +75,10 @@ url = "github:XIU2/TrackersListCollection"; flake = false; }; + + deploy-rs = { + url = "github:serokell/deploy-rs"; + }; }; outputs = { @@ -202,12 +206,17 @@ }; in { - homeConfigurations = nixpkgs.lib.foldr (a: b: a // b) { } ( - map (hostName: mkHomeConfig { inherit hostName; }) [ - "Tytonidae" - "Akun" - ] - ); + homeConfigurations = + nixpkgs.lib.foldr (a: b: a // b) { } ( + map (hostName: mkHomeConfig { inherit hostName; }) [ + "Tytonidae" + "Akun" + ] + ) + // mkHomeConfig { + hostName = "Cape"; + unixName = "alice"; + }; homeManagerModules = { default = import ./home/modules; @@ -227,6 +236,50 @@ ) ); } + ) + // ( + let + mkDeployNode = + { + hostName, + unixName ? "deploy", + system ? "x86_64-linux", + sshName ? hostName, + }: + { + "${hostName}" = { + hostname = "${sshName}"; + sshUser = "${unixName}"; + interactiveSudo = true; + sshOpts = [ + "-i" + "/home/david/.ssh/id_ed25519_deploy" + ]; + profiles = { + system = { + user = "${unixName}"; + path = + inputs.deploy-rs.lib."${system}".activate.nixos + self.outputs.nixosConfigurations."${hostName}"; + }; + }; + }; + }; + in + { + deploy.nodes = nixpkgs.lib.foldr (a: b: a // b) { } ( + map + ( + hostName: + mkDeployNode { + inherit hostName; + } + ) + [ + "Cape" + ] + ); + } ); }; } diff --git a/home/alice/configurations/Cape/default.nix b/home/alice/configurations/Cape/default.nix new file mode 100644 index 0000000..5f6bf3e --- /dev/null +++ b/home/alice/configurations/Cape/default.nix @@ -0,0 +1,84 @@ +{ + pkgs, + unixName, + config, + ... +}: +{ + youthlic.programs = { + helix.enable = true; + gpg.enable = true; + fish.enable = true; + bash.enable = true; + starship.enable = true; + sops.enable = true; + atuin.enable = true; + git = { + email = "ulic.youthlic@gmail.com"; + name = "ulic-youthlic"; + encrypt-credential = false; + }; + }; + xdg.userDirs = { + enable = true; + download = "${config.home.homeDirectory}/dls"; + documents = "${config.home.homeDirectory}/doc"; + music = "${config.home.homeDirectory}/mus"; + pictures = "${config.home.homeDirectory}/pic"; + videos = "${config.home.homeDirectory}/vid"; + templates = "${config.home.homeDirectory}/tpl"; + publicShare = "${config.home.homeDirectory}/pub"; + desktop = "${config.home.homeDirectory}/dsk"; + createDirectories = true; + }; + home.username = "${unixName}"; + home.homeDirectory = "/home/${unixName}"; + home.stateVersion = "24.11"; + programs.home-manager.enable = true; + home.packages = with pkgs; [ + tealdeer + ripgrep + fzf + file + which + gnused + gnutar + bat + gawk + zstd + tree + ouch + dust + duf + doggo + ast-grep + dig + lazygit + dig + fend + gitoxide + viu + fd + just + ]; + programs.ssh = { + enable = true; + hashKnownHosts = true; + extraOptionOverrides = { + HostKeyAlgorithms = "ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256"; + KexAlgorithms = "curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256"; + MACs = "hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com"; + Ciphers = "chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr"; + }; + matchBlocks = { + "github.com" = { + hostname = "ssh.github.com"; + port = 443; + user = "git"; + extraOptions = { + AddKeysToAgent = "yes"; + }; + }; + }; + }; +} diff --git a/home/alice/modules/default.nix b/home/alice/modules/default.nix new file mode 100644 index 0000000..c915eb0 --- /dev/null +++ b/home/alice/modules/default.nix @@ -0,0 +1 @@ +{ ... }: { } diff --git a/home/david/configurations/Akun/default.nix b/home/david/configurations/Akun/default.nix index f5fc27d..439a698 100644 --- a/home/david/configurations/Akun/default.nix +++ b/home/david/configurations/Akun/default.nix @@ -123,6 +123,14 @@ mode = "0600"; path = "${config.home.homeDirectory}/.ssh/id_ed25519_akun"; }; + "ssh-private-key/cape" = { + mode = "0600"; + path = "${config.home.homeDirectory}/.ssh/id_ed25519_cape"; + }; + "ssh-private-key/deploy" = { + mode = "0600"; + path = "${config.home.homeDirectory}/.ssh/id_ed25519_deploy"; + }; "ssh-config" = { mode = "0400"; format = "yaml"; diff --git a/home/david/configurations/Tytonidae/default.nix b/home/david/configurations/Tytonidae/default.nix index c7e183d..cfc345d 100644 --- a/home/david/configurations/Tytonidae/default.nix +++ b/home/david/configurations/Tytonidae/default.nix @@ -32,6 +32,7 @@ mpv.enable = true; kvm.enable = true; atuin.enable = true; + thunderbird.enable = true; }; david = { @@ -136,6 +137,14 @@ mode = "0600"; path = "${config.home.homeDirectory}/.ssh/id_ed25519_akun"; }; + "ssh-private-key/cape" = { + mode = "0600"; + path = "${config.home.homeDirectory}/.ssh/id_ed25519_cape"; + }; + "ssh-private-key/deploy" = { + mode = "0600"; + path = "${config.home.homeDirectory}/.ssh/id_ed25519_deploy"; + }; "ssh-config" = { mode = "0400"; format = "yaml"; diff --git a/home/david/configurations/Tytonidae/niri/config.kdl b/home/david/configurations/Tytonidae/niri/config.kdl index f768410..f05e78b 100644 --- a/home/david/configurations/Tytonidae/niri/config.kdl +++ b/home/david/configurations/Tytonidae/niri/config.kdl @@ -1,36 +1,32 @@ input { keyboard { xkb { + } } - touchpad { tap natural-scroll } - mouse { - } + } trackpoint { + } } - output "DP-1" { mode "2560x1440@169.900" scale 1 transform "normal" position x=0 y=0 } - - output "eDP-1" { mode "2560x1440@165.003" scale 1.5 transform "normal" position x=2560 y=0 } - layout { gaps 16 center-focused-column "never" @@ -39,12 +35,11 @@ layout { proportion 0.5 proportion 0.66667 } - // You can also customize the heights that "switch-preset-window-height" (Mod+Shift+R) toggles between. // preset-window-heights { } + default-column-width { - default-column-width {} - + } // By default focus ring and border are rendered as a solid background rectangle // behind windows. That is, they will show up through semitransparent windows. // This is because windows using client-side decorations can have an arbitrary shape. @@ -55,27 +50,21 @@ layout { // // Alternatively, you can override it with a window rule called // `draw-border-with-background`. - // You can change how the focus ring looks. focus-ring { // Uncomment this line to disable the focus ring. // off - // How many logical pixels the ring extends out from the windows. width 4 - // Colors can be set in a variety of ways: // - CSS named colors: "red" // - RGB hex: "#rgb", "#rgba", "#rrggbb", "#rrggbbaa" // - CSS-like notation: "rgb(255, 127, 0)", rgba(), hsl() and a few others. - // Color of the ring on the active monitor. active-color "#7fc8ff" - // Color of the ring on inactive monitors. inactive-color "#505050" - - // You can also use gradients. They take precedence over solid colors. + // You can also use gradients. They take precedence over solid colors. // Gradients are rendered the same as CSS linear-gradient(angle, from, to). // The angle is the same as in linear-gradient, and is optional, // defaulting to 180 (top-to-bottom gradient). @@ -90,34 +79,30 @@ layout { // // inactive-gradient from="#505050" to="#808080" angle=45 relative-to="workspace-view" } - // You can also add a border. It's similar to the focus ring, but always visible. border { // The settings are the same as for the focus ring. // If you enable the border, you probably want to disable the focus ring. off - width 4 active-color "#ffc87f" inactive-color "#505050" - - // active-gradient from="#ffbb66" to="#ffc880" angle=45 relative-to="workspace-view" + // active-gradient from="#ffbb66" to="#ffc880" angle=45 relative-to="workspace-view" // inactive-gradient from="#505050" to="#808080" angle=45 relative-to="workspace-view" } - // Struts shrink the area occupied by windows, similarly to layer-shell panels. // You can think of them as a kind of outer gaps. They are set in logical pixels. // Left and right struts will cause the next window to the side to always be visible. // Top and bottom struts will simply add outer gaps in addition to the area occupied by // layer-shell panels and regular gaps. struts { - // left 64 + // left 64 // right 64 // top 64 // bottom 64 + } } - // Add lines like this to spawn processes at startup. // Note that running niri as a session supports xdg-desktop-autostart, // which may be more convenient to use. @@ -132,165 +117,343 @@ spawn-at-startup "fcitx5" "-d" "--replace" spawn-at-startup "xwayland-satellite" ":1" spawn-at-startup "polkit-kde-agent" spawn-at-startup "wl-paste" "--watch" "cliphist" "store" - // Uncomment this line to ask the clients to omit their client-side decorations if possible. // If the client will specifically ask for CSD, the request will be honored. // Additionally, clients will be informed that they are tiled, removing some client-side rounded corners. // This option will also fix border/focus ring drawing behind some semitransparent windows. // After enabling or disabling this, you need to restart the apps for this to take effect. // prefer-no-csd - screenshot-path "~/pic/screenshot%Y-%m-%d-%H-%M-%S.png" - // You can also set this to null to disable saving screenshots to disk. // screenshot-path null - animations { - // Slow down all animations by this factor. Values below 1 speed them up instead. + // Slow down all animations by this factor. Values below 1 speed them up instead. // slowdown 3.0 -} -window-rule { - match app-id=r#"^org\.wezfurlong\.wezterm$"# - default-column-width {} } window-rule { - match app-id=r#"^org\.keepassxc\.KeePassXC$"# - match app-id=r#"^org\.gnome\.World\.Secrets$"# + match app-id="^org\\.wezfurlong\\.wezterm$" + default-column-width { + } +} +window-rule { + match app-id="^org\\.keepassxc\\.KeePassXC$" + match app-id="^org\\.gnome\\.World\\.Secrets$" block-out-from "screen-capture" } window-rule { draw-border-with-background false } - // Example: enable rounded corners for all windows. // (This example rule is commented out with a "/-" in front.) /-window-rule { - geometry-corner-radius 12 - clip-to-geometry true +geometry-corner-radius 12 +clip-to-geometry true } - binds { - Super+V { spawn "bash" "-c" "cliphist list | fuzzel --dmenu | cliphist decode | wl-copy"; } - Super+Shift+L { spawn "bash" "-c" "swaylock --screenshots --clock --indicator --indicator-radius 100 --indicator-thickness 7 --effect-blur 7x5 --effect-vignette 0.5:0.5 --grace 2 --fade-in 0.5"; } - - Mod+Shift+Slash { show-hotkey-overlay; } - - Mod+T { spawn "ghostty"; } - Mod+Space { spawn "fuzzel"; } - - XF86AudioRaiseVolume allow-when-locked=true { spawn "wpctl" "set-volume" "@DEFAULT_AUDIO_SINK@" "0.1+"; } - XF86AudioLowerVolume allow-when-locked=true { spawn "wpctl" "set-volume" "@DEFAULT_AUDIO_SINK@" "0.1-"; } - XF86AudioMute allow-when-locked=true { spawn "wpctl" "set-mute" "@DEFAULT_AUDIO_SINK@" "toggle"; } - XF86AudioMicMute allow-when-locked=true { spawn "wpctl" "set-mute" "@DEFAULT_AUDIO_SOURCE@" "toggle"; } - - Mod+Q { close-window; } - - Mod+Left { focus-column-left; } - Mod+Down { focus-window-down; } - Mod+Up { focus-window-up; } - Mod+Right { focus-column-right; } - Mod+H { focus-column-left; } - Mod+J { focus-window-or-workspace-down; } - Mod+K { focus-window-or-workspace-up; } - Mod+L { focus-column-right; } - - Mod+Shift+Left { move-column-left; } - Mod+Shift+Down { move-window-down; } - Mod+Shift+Up { move-window-up; } - Mod+Shift+Right { move-column-right; } - Mod+Shift+H { move-column-left; } - Mod+Shift+J { move-window-down-or-to-workspace-down; } - Mod+Shift+K { move-window-up-or-to-workspace-up; } - Mod+Shift+L { move-column-right; } - - Mod+Home { focus-column-first; } - Mod+End { focus-column-last; } - Mod+Ctrl+Home { move-column-to-first; } - Mod+Ctrl+End { move-column-to-last; } - - Mod+Ctrl+Left { focus-monitor-left; } - Mod+Ctrl+Down { focus-monitor-down; } - Mod+Ctrl+Up { focus-monitor-up; } - Mod+Ctrl+Right { focus-monitor-right; } - Mod+Ctrl+H { focus-monitor-left; } - Mod+Ctrl+J { focus-monitor-down; } - Mod+Ctrl+K { focus-monitor-up; } - Mod+Ctrl+L { focus-monitor-right; } - - Mod+Shift+Ctrl+Left { move-column-to-monitor-left; } - Mod+Shift+Ctrl+Down { move-column-to-monitor-down; } - Mod+Shift+Ctrl+Up { move-column-to-monitor-up; } - Mod+Shift+Ctrl+Right { move-column-to-monitor-right; } - Mod+Shift+Ctrl+H { move-column-to-monitor-left; } - Mod+Shift+Ctrl+J { move-column-to-monitor-down; } - Mod+Shift+Ctrl+K { move-column-to-monitor-up; } - Mod+Shift+Ctrl+L { move-column-to-monitor-right; } - - Mod+Page_Down { focus-workspace-down; } - Mod+Page_Up { focus-workspace-up; } - Mod+U { focus-workspace-down; } - Mod+I { focus-workspace-up; } - Mod+Shift+Page_Down { move-column-to-workspace-down; } - Mod+Shift+Page_Up { move-column-to-workspace-up; } - Mod+Shift+U { move-column-to-workspace-down; } - Mod+Shift+I { move-column-to-workspace-up; } - - Mod+Ctrl+Page_Down { move-workspace-down; } - Mod+Ctrl+Page_Up { move-workspace-up; } - Mod+Ctrl+U { move-workspace-down; } - Mod+Ctrl+I { move-workspace-up; } - - Mod+Shift+WheelScrollDown cooldown-ms=150 { focus-workspace-down; } - Mod+Shift+WheelScrollUp cooldown-ms=150 { focus-workspace-up; } - Mod+WheelScrollDown { focus-column-right; } - Mod+WheelScrollUp { focus-column-left; } - - Mod+1 { focus-workspace 1; } - Mod+2 { focus-workspace 2; } - Mod+3 { focus-workspace 3; } - Mod+4 { focus-workspace 4; } - Mod+5 { focus-workspace 5; } - Mod+6 { focus-workspace 6; } - Mod+7 { focus-workspace 7; } - Mod+8 { focus-workspace 8; } - Mod+9 { focus-workspace 9; } - Mod+Shift+1 { move-column-to-workspace 1; } - Mod+Shift+2 { move-column-to-workspace 2; } - Mod+Shift+3 { move-column-to-workspace 3; } - Mod+Shift+4 { move-column-to-workspace 4; } - Mod+Shift+5 { move-column-to-workspace 5; } - Mod+Shift+6 { move-column-to-workspace 6; } - Mod+Shift+7 { move-column-to-workspace 7; } - Mod+Shift+8 { move-column-to-workspace 8; } - Mod+Shift+9 { move-column-to-workspace 9; } - - Mod+Tab { focus-workspace-previous; } - - Mod+BracketLeft { consume-or-expel-window-left; } - Mod+BracketRight { consume-or-expel-window-right; } - - Mod+Comma { consume-window-into-column; } - - Mod+Period { expel-window-from-column; } - - Mod+R { switch-preset-column-width; } - Mod+Shift+R { switch-preset-window-height; } - Mod+Ctrl+R { reset-window-height; } - Mod+M { maximize-column; } - Mod+Shift+M { fullscreen-window; } - Mod+Z { center-column; } - - Mod+Minus { set-column-width "-10%"; } - Mod+Equal { set-column-width "+10%"; } - - Mod+Shift+Minus { set-window-height "-10%"; } - Mod+Shift+Equal { set-window-height "+10%"; } - - Print { screenshot; } - Ctrl+Print { screenshot-screen; } - Alt+Print { screenshot-window; } - - Mod+Shift+E { quit; } + Mod+V { + spawn "bash" "-c" "cliphist list | fuzzel --dmenu | cliphist decode | wl-copy" + } + Mod+Shift+P { + spawn "bash" "-c" "swaylock --screenshots --clock --indicator --indicator-radius 100 --indicator-thickness 7 --effect-blur 7x5 --effect-vignette 0.5:0.5 --grace 2 --fade-in 0.5" + } + Mod+Shift+Slash { + show-hotkey-overlay + } + Mod+T { + spawn "ghostty" + } + Mod+Space { + spawn "fuzzel" + } + XF86AudioRaiseVolume allow-when-locked=true { + spawn "wpctl" "set-volume" "@DEFAULT_AUDIO_SINK@" "0.1+" + } + XF86AudioLowerVolume allow-when-locked=true { + spawn "wpctl" "set-volume" "@DEFAULT_AUDIO_SINK@" "0.1-" + } + XF86AudioMute allow-when-locked=true { + spawn "wpctl" "set-mute" "@DEFAULT_AUDIO_SINK@" "toggle" + } + XF86AudioMicMute allow-when-locked=true { + spawn "wpctl" "set-mute" "@DEFAULT_AUDIO_SOURCE@" "toggle" + } + Mod+Q { + close-window + } + Mod+Left { + focus-column-left + } + Mod+Down { + focus-window-down + } + Mod+Up { + focus-window-up + } + Mod+Right { + focus-column-right + } + Mod+H { + focus-column-or-monitor-left + } + Mod+J { + focus-window-or-workspace-down + } + Mod+K { + focus-window-or-workspace-up + } + Mod+L { + focus-column-or-monitor-right + } + Mod+Shift+Left { + move-column-left + } + Mod+Shift+Down { + move-window-down + } + Mod+Shift+Up { + move-window-up + } + Mod+Shift+Right { + move-column-right + } + Mod+Shift+H { + move-column-left-or-to-monitor-left + } + Mod+Shift+J { + move-window-down-or-to-workspace-down + } + Mod+Shift+K { + move-window-up-or-to-workspace-up + } + Mod+Shift+L { + move-column-right-or-to-monitor-right + } + Mod+Home { + focus-column-first + } + Mod+End { + focus-column-last + } + Mod+Ctrl+Home { + move-column-to-first + } + Mod+Ctrl+End { + move-column-to-last + } + Mod+Ctrl+Left { + focus-monitor-left + } + Mod+Ctrl+Down { + focus-monitor-down + } + Mod+Ctrl+Up { + focus-monitor-up + } + Mod+Ctrl+Right { + focus-monitor-right + } + Mod+Ctrl+H { + focus-monitor-left + } + Mod+Ctrl+J { + focus-monitor-down + } + Mod+Ctrl+K { + focus-monitor-up + } + Mod+Ctrl+L { + focus-monitor-right + } + Mod+Shift+Ctrl+Left { + move-column-to-monitor-left + } + Mod+Shift+Ctrl+Down { + move-column-to-monitor-down + } + Mod+Shift+Ctrl+Up { + move-column-to-monitor-up + } + Mod+Shift+Ctrl+Right { + move-column-to-monitor-right + } + Mod+Shift+Ctrl+H { + move-column-to-monitor-left + } + Mod+Shift+Ctrl+J { + move-column-to-monitor-down + } + Mod+Shift+Ctrl+K { + move-column-to-monitor-up + } + Mod+Shift+Ctrl+L { + move-column-to-monitor-right + } + Mod+Page_Down { + focus-workspace-down + } + Mod+Page_Up { + focus-workspace-up + } + Mod+U { + focus-workspace-down + } + Mod+I { + focus-workspace-up + } + Mod+Shift+Page_Down { + move-column-to-workspace-down + } + Mod+Shift+Page_Up { + move-column-to-workspace-up + } + Mod+Shift+U { + move-column-to-workspace-down + } + Mod+Shift+I { + move-column-to-workspace-up + } + Mod+Ctrl+Page_Down { + move-workspace-down + } + Mod+Ctrl+Page_Up { + move-workspace-up + } + Mod+Ctrl+U { + move-workspace-down + } + Mod+Ctrl+I { + move-workspace-up + } + Mod+Shift+WheelScrollDown cooldown-ms=150 { + focus-workspace-down + } + Mod+Shift+WheelScrollUp cooldown-ms=150 { + focus-workspace-up + } + Mod+WheelScrollDown { + focus-column-right + } + Mod+WheelScrollUp { + focus-column-left + } + Mod+1 { + focus-workspace 1 + } + Mod+2 { + focus-workspace 2 + } + Mod+3 { + focus-workspace 3 + } + Mod+4 { + focus-workspace 4 + } + Mod+5 { + focus-workspace 5 + } + Mod+6 { + focus-workspace 6 + } + Mod+7 { + focus-workspace 7 + } + Mod+8 { + focus-workspace 8 + } + Mod+9 { + focus-workspace 9 + } + Mod+Shift+1 { + move-column-to-workspace 1 + } + Mod+Shift+2 { + move-column-to-workspace 2 + } + Mod+Shift+3 { + move-column-to-workspace 3 + } + Mod+Shift+4 { + move-column-to-workspace 4 + } + Mod+Shift+5 { + move-column-to-workspace 5 + } + Mod+Shift+6 { + move-column-to-workspace 6 + } + Mod+Shift+7 { + move-column-to-workspace 7 + } + Mod+Shift+8 { + move-column-to-workspace 8 + } + Mod+Shift+9 { + move-column-to-workspace 9 + } + Mod+F { + toggle-window-floating + } + Mod+Tab { + focus-window-previous + } + Mod+Shift+Tab { + focus-monitor-previous + } + Mod+BracketLeft { + consume-or-expel-window-left + } + Mod+BracketRight { + consume-or-expel-window-right + } + Mod+Comma { + consume-window-into-column + } + Mod+Period { + expel-window-from-column + } + Mod+R { + switch-preset-column-width + } + Mod+Shift+R { + switch-preset-window-height + } + Mod+Ctrl+R { + reset-window-height + } + Mod+M { + maximize-column + } + Mod+Shift+M { + fullscreen-window + } + Mod+Z { + center-column + } + Mod+Minus { + set-column-width "-10%" + } + Mod+Equal { + set-column-width "+10%" + } + Mod+Shift+Minus { + set-window-height "-10%" + } + Mod+Shift+Equal { + set-window-height "+10%" + } + Print { + screenshot + } + Ctrl+Print { + screenshot-screen + } + Alt+Print { + screenshot-window + } + Mod+Shift+E { + quit + } } + diff --git a/home/modules/default.nix b/home/modules/default.nix index 5eba196..dc75c79 100644 --- a/home/modules/default.nix +++ b/home/modules/default.nix @@ -28,6 +28,7 @@ ./atuin.nix ./swaync.nix ./swaylock.nix + ./thunderbird.nix ]; options = { diff --git a/home/modules/git.nix b/home/modules/git.nix index a9a99c7..85769f1 100644 --- a/home/modules/git.nix +++ b/home/modules/git.nix @@ -35,22 +35,19 @@ let cfg = config.youthlic.programs.git; in - { - programs.lazygit = { - enable = true; - }; - programs.gh = { - enable = true; - gitCredentialHelper.enable = true; - settings = { - git_protocol = "ssh"; + lib.mkMerge [ + { + programs.lazygit = { + enable = true; }; - }; - sops.secrets."git-credential" = { - mode = "0640"; - }; - programs.git = lib.mkMerge [ - { + programs.gh = { + enable = true; + gitCredentialHelper.enable = true; + settings = { + git_protocol = "ssh"; + }; + }; + programs.git = { enable = true; userEmail = cfg.email; userName = cfg.name; @@ -63,20 +60,23 @@ }; }; lfs.enable = true; - } - (lib.mkIf cfg.encrypt-credential { - extraConfig = { - credential = { - helper = "store --file=${config.sops.secrets."git-credential".path}"; - }; + }; + } + (lib.mkIf (cfg.signKey != null) { + programs.git.signing = { + signByDefault = true; + key = cfg.signKey; + }; + }) + (lib.mkIf cfg.encrypt-credential { + programs.git.extraConfig = { + credential = { + helper = "store --file=${config.sops.secrets."git-credential".path}"; }; - }) - (lib.mkIf (cfg.signKey != null) { - signing = { - signByDefault = true; - key = cfg.signKey; - }; - }) - ]; - }; + }; + sops.secrets."git-credential" = { + mode = "0640"; + }; + }) + ]; } diff --git a/home/modules/helix/default.nix b/home/modules/helix/default.nix index 267407c..d0197e4 100644 --- a/home/modules/helix/default.nix +++ b/home/modules/helix/default.nix @@ -40,6 +40,12 @@ config; languages = { language-server = { + neocmakelsp = { + command = "neocmakelsp"; + args = [ + "stdio" + ]; + }; fish-lsp = { command = "fish-lsp"; args = [ @@ -48,6 +54,32 @@ }; }; language = [ + { + name = "cmake"; + language-servers = [ + "neocmakelsp" + "cmake-language-server" + ]; + } + { + name = "kdl"; + formatter = { + command = "kdlfmt"; + args = [ + "format" + "-" + ]; + }; + } + { + name = "just"; + formatter = { + command = "just"; + args = [ + "--dump" + ]; + }; + } { name = "nix"; formatter = { diff --git a/home/modules/thunderbird.nix b/home/modules/thunderbird.nix new file mode 100644 index 0000000..5174a63 --- /dev/null +++ b/home/modules/thunderbird.nix @@ -0,0 +1,22 @@ +{ config, lib, ... }: +let + cfg = config.youthlic.programs.thunderbird; +in +{ + options = { + youthlic.programs.thunderbird = { + enable = lib.mkEnableOption "thunderbird"; + }; + }; + config = lib.mkIf cfg.enable { + programs.thunderbird = { + enable = true; + profiles = { + default = { + withExternalGnupg = true; + isDefault = true; + }; + }; + }; + }; +} diff --git a/nixos/configurations/Cape/default.nix b/nixos/configurations/Cape/default.nix new file mode 100644 index 0000000..e49cc71 --- /dev/null +++ b/nixos/configurations/Cape/default.nix @@ -0,0 +1,59 @@ +{ + pkgs, + ... +}: +{ + imports = [ + ./forgejo.nix + ./networking.nix + ./stylix.nix + ./hardware-configuration.nix + ./users + ./disko-config.nix + ]; + + youthlic = { + home-manager = { + enable = true; + unixName = "alice"; + hostName = "Cape"; + }; + users.deploy.enable = true; + programs = { + openssh.enable = true; + tailscale.enable = true; + caddy = { + enable = true; + baseDomain = "youthlic.fun"; + }; + }; + }; + + programs.gnupg.agent = { + enable = true; + }; + + networking.hostName = "Cape"; + + time.timeZone = "America/New_York"; + + services.printing.enable = true; + + environment.systemPackages = with pkgs; [ + nix-output-monitor + wget + git + vim + helix + btop + ]; + + environment.variables.EDITOR = "hx"; + services.dbus.implementation = "broker"; + + boot.loader.grub = { + enable = true; + }; + + system.stateVersion = "24.11"; +} diff --git a/nixos/configurations/Cape/disko-config.nix b/nixos/configurations/Cape/disko-config.nix new file mode 100644 index 0000000..8214982 --- /dev/null +++ b/nixos/configurations/Cape/disko-config.nix @@ -0,0 +1,37 @@ +{ + disko.devices = { + disk = { + main = { + type = "disk"; + device = "/dev/vda"; + content = { + type = "gpt"; + partitions = { + boot = { + size = "1M"; + type = "EF02"; + }; + root = { + size = "100%"; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; + subvolumes = { + "@root" = { + mountpoint = "/"; + }; + "@home" = { + mountpoint = "/home"; + }; + "@nix" = { + mountpoint = "/nix"; + }; + }; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/nixos/configurations/Cape/forgejo.nix b/nixos/configurations/Cape/forgejo.nix new file mode 100644 index 0000000..ee4cdd6 --- /dev/null +++ b/nixos/configurations/Cape/forgejo.nix @@ -0,0 +1,18 @@ +{ config, ... }: +{ + youthlic.containers.forgejo = { + enable = true; + domain = "forgejo.youthlic.fun"; + sshPort = 2222; + httpPort = 8480; + interface = "ens3"; + }; + networking.firewall.allowedTCPPorts = [ 2222 ]; + services.caddy.virtualHosts = { + "forgejo.${config.youthlic.programs.caddy.baseDomain}" = { + extraConfig = '' + reverse_proxy 10.231.136.102:8480 + ''; + }; + }; +} diff --git a/nixos/configurations/Cape/hardware-configuration.nix b/nixos/configurations/Cape/hardware-configuration.nix new file mode 100644 index 0000000..12adf63 --- /dev/null +++ b/nixos/configurations/Cape/hardware-configuration.nix @@ -0,0 +1,24 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.ens3.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/nixos/configurations/Cape/networking.nix b/nixos/configurations/Cape/networking.nix new file mode 100644 index 0000000..50d604c --- /dev/null +++ b/nixos/configurations/Cape/networking.nix @@ -0,0 +1,26 @@ +{ ... }: +{ + systemd.network = { + enable = true; + wait-online.enable = true; + networks = { + "ens3" = { + matchConfig.Name = "ens3"; + networkConfig = { + DHCP = "yes"; + IPv6AcceptRA = true; + }; + }; + }; + }; + + networking = { + networkmanager.enable = false; + useNetworkd = true; + useDHCP = false; + nftables = { + enable = true; + }; + firewall.enable = true; + }; +} diff --git a/nixos/configurations/Cape/stylix.nix b/nixos/configurations/Cape/stylix.nix new file mode 100644 index 0000000..9bff339 --- /dev/null +++ b/nixos/configurations/Cape/stylix.nix @@ -0,0 +1,27 @@ +{ pkgs, rootPath, ... }: +{ + stylix = { + enable = true; + image = rootPath + "/assets/wallpaper/01.png"; + polarity = "dark"; + base16Scheme = "${pkgs.base16-schemes}/share/themes/ayu-dark.yaml"; + fonts = { + serif = { + package = pkgs.lxgw-wenkai; + name = "LXGW WenKai"; + }; + sansSerif = { + package = pkgs.noto-fonts-cjk-serif; + name = "Noto Serif CJK SC"; + }; + monospace = { + package = pkgs.nerd-fonts.fira-code; + name = "FiraCode Nerd Font"; + }; + emoji = { + package = pkgs.noto-fonts-emoji; + name = "Noto Color Emoji"; + }; + }; + }; +} diff --git a/nixos/configurations/Cape/users/cape.pub b/nixos/configurations/Cape/users/cape.pub new file mode 100644 index 0000000..587e591 --- /dev/null +++ b/nixos/configurations/Cape/users/cape.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIH9MU2xZ175iLWcULZkU6crhocFgjcvUHXf0ttJ6Vbp david@Tytonidae diff --git a/nixos/configurations/Cape/users/default.nix b/nixos/configurations/Cape/users/default.nix new file mode 100644 index 0000000..5eb47ab --- /dev/null +++ b/nixos/configurations/Cape/users/default.nix @@ -0,0 +1,21 @@ +{ pkgs, ... }: +{ + users.users.alice = { + initialHashedPassword = "$y$j9T$eS5zCi4W.4IPpf3P8Tb/o1$xhumXY1.PJKmTguNi/zlljLbLemNGiubWoUEc878S36"; + isNormalUser = true; + description = "alice"; + extraGroups = [ + "networkmanager" + "libvirtd" + "wheel" + "video" + ]; + }; + + users.mutableUsers = false; + programs.fish.enable = true; + users.users.alice.shell = pkgs.fish; + users.users.alice.openssh.authorizedKeys.keyFiles = [ + ./cape.pub + ]; +} diff --git a/nixos/modules/caddy.nix b/nixos/modules/caddy.nix index e207126..5404b87 100644 --- a/nixos/modules/caddy.nix +++ b/nixos/modules/caddy.nix @@ -16,5 +16,8 @@ in services.caddy = { enable = true; }; + networking.firewall = { + allowedTCPPorts = [ 443 ]; + }; }; } diff --git a/nixos/modules/containers/default.nix b/nixos/modules/containers/default.nix new file mode 100644 index 0000000..88f8d6d --- /dev/null +++ b/nixos/modules/containers/default.nix @@ -0,0 +1,6 @@ +{ ... }: +{ + imports = [ + ./forgejo.nix + ]; +} diff --git a/nixos/modules/containers/forgejo.nix b/nixos/modules/containers/forgejo.nix new file mode 100644 index 0000000..83f0c19 --- /dev/null +++ b/nixos/modules/containers/forgejo.nix @@ -0,0 +1,120 @@ +{ config, lib, ... }: +let + cfg = config.youthlic.containers.forgejo; +in +{ + options = { + youthlic.containers.forgejo = { + enable = lib.mkEnableOption "forgejo container"; + domain = lib.mkOption { + type = lib.types.nonEmptyStr; + example = "forgejo.example.com"; + }; + sshPort = lib.mkOption { + type = lib.types.port; + default = 2222; + }; + httpPort = lib.mkOption { + type = lib.types.port; + default = 8480; + }; + interface = lib.mkOption { + type = lib.types.nonEmptyStr; + example = "ens3"; + }; + }; + }; + config = lib.mkIf cfg.enable { + networking.nat = { + enable = true; + internalInterfaces = [ "ve-+" ]; + externalInterface = cfg.interface; + enableIPv6 = true; + }; + containers."forgejo" = { + ephemeral = true; + autoStart = true; + privateNetwork = true; + hostAddress = "10.231.136.1"; + localAddress = "10.231.136.102"; + bindMounts = { + "/var/lib/forgejo" = { + hostPath = "/mnt/containers/forgejo/state"; + isReadOnly = false; + }; + "/var/lib/postgresql" = { + hostPath = "/mnt/containers/forgejo/dataset"; + isReadOnly = false; + }; + }; + forwardPorts = [ + { + containerPort = cfg.sshPort; + hostPort = 2222; + protocol = "tcp"; + } + { + containerPort = cfg.sshPort; + hostPort = 2222; + protocol = "udp"; + } + ]; + + config = + { lib, ... }: + { + imports = [ + ./../forgejo.nix + ./../postgresql.nix + ]; + + systemd.tmpfiles.rules = [ + "d /var/lib/forgejo 770 forgejo forgejo -" + "d /var/lib/postgresql 770 postgres postgres -" + ]; + + youthlic.programs = { + forgejo = { + enable = true; + domain = cfg.domain; + sshPort = cfg.sshPort; + httpPort = cfg.httpPort; + database = { + user = "forgejo"; + }; + }; + postgresql = { + enable = true; + database = "forgejo"; + auth_method = "peer"; + version = "17"; + }; + }; + + systemd.services.forgejo = { + wants = [ "postgresql.service" ]; + requires = [ "postgresql.service" ]; + after = [ "postgresql.service" ]; + wantedBy = [ "default.target" ]; + }; + + networking = { + firewall = { + enable = true; + allowedTCPPorts = [ + cfg.httpPort + cfg.sshPort + ]; + allowedUDPPorts = [ + cfg.httpPort + cfg.sshPort + ]; + }; + useHostResolvConf = lib.mkForce false; + }; + services.resolved.enable = true; + system.stateVersion = "24.11"; + }; + }; + }; +} diff --git a/nixos/modules/dae/config.dae b/nixos/modules/dae/config.dae index a7325e5..55afa6c 100644 --- a/nixos/modules/dae/config.dae +++ b/nixos/modules/dae/config.dae @@ -61,6 +61,7 @@ routing { pname(mihomo) -> must_direct # pname(systemd-resolve) -> must_direct + dip(107.174.145.140) -> must_direct domain(full: time.windows.com) -> must_direct domain(regex: ".*wgetcloud.*v2ray.*") -> must_direct domain(suffix: "hit.edu.cn") -> must_direct diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix index e45594b..0fcd2b8 100644 --- a/nixos/modules/default.nix +++ b/nixos/modules/default.nix @@ -1,4 +1,5 @@ { + pkgs, inputs, outputs, ... @@ -15,6 +16,10 @@ disko.nixosModules.disko ]) ++ [ + ./containers + ./postgresql.nix + ./forgejo.nix + ./deploy ./nix.nix ./home.nix ./sops.nix @@ -39,5 +44,8 @@ additions ]; }; + environment.systemPackages = with pkgs; [ + deploy-rs + ]; }; } diff --git a/nixos/modules/deploy/default.nix b/nixos/modules/deploy/default.nix new file mode 100644 index 0000000..cbc1559 --- /dev/null +++ b/nixos/modules/deploy/default.nix @@ -0,0 +1,25 @@ +{ config, lib, ... }: +let + cfg = config.youthlic.users.deploy; +in +{ + options = { + youthlic.users.deploy = { + enable = lib.mkEnableOption "deploy"; + }; + }; + config = lib.mkIf cfg.enable { + users.users.deploy = { + isNormalUser = true; + hashedPassword = "$y$j9T$B/igbpUxYMx9W4hV/Uc0/.$Z9.cTGfXQ0YD03MmfvDCd6.ijEo5L9v2CbrhN8Fvkf6"; + home = "/home/deploy"; + extraGroups = [ + "wheel" + "nix" + ]; + openssh.authorizedKeys.keyFiles = [ + ./id_ed25519_deploy.pub + ]; + }; + }; +} diff --git a/nixos/modules/deploy/id_ed25519_deploy.pub b/nixos/modules/deploy/id_ed25519_deploy.pub new file mode 100644 index 0000000..06ae204 --- /dev/null +++ b/nixos/modules/deploy/id_ed25519_deploy.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHgT+TvQDdCJXpxCvqII7sE4KR3gpCDEhIt6RdL+mIny david@Tytonidae diff --git a/nixos/modules/forgejo.nix b/nixos/modules/forgejo.nix new file mode 100644 index 0000000..b0fc2e9 --- /dev/null +++ b/nixos/modules/forgejo.nix @@ -0,0 +1,106 @@ +{ + pkgs, + config, + lib, + ... +}: +let + cfg = config.youthlic.programs.forgejo; +in +{ + options = { + youthlic.programs.forgejo = { + enable = lib.mkEnableOption "forgejo"; + domain = lib.mkOption { + type = lib.types.nonEmptyStr; + example = "example.com"; + description = '' + which domain does the server use + ''; + }; + sshPort = lib.mkOption { + type = lib.types.port; + default = 2222; + }; + httpPort = lib.mkOption { + type = lib.types.port; + default = 8480; + }; + database = { + user = lib.mkOption { + type = lib.types.nonEmptyStr; + example = "forgejo"; + }; + socket = lib.mkOption { + type = lib.types.nonEmptyStr; + default = "/run/postgresql"; + }; + }; + }; + }; + config = lib.mkMerge [ + (lib.mkIf cfg.enable { + services.forgejo = { + enable = true; + lfs = { + enable = true; + }; + group = "postgres"; + database = { + type = "postgres"; + user = cfg.database.user; + socket = cfg.database.socket; + createDatabase = false; + }; + settings = { + DEFAULT = { + RUN_MODE = "prod"; + }; + cron = { + ENABLE = true; + RUN_AT_START = true; + SCHEDULE = "@every 24h"; + }; + repository = { + DEFAULT_PRIVATE = "last"; + DEFAULT_BRANCH = "master"; + }; + service = { + DISABLE_REGISTRATION = true; + }; + mailer = { + ENABLED = true; + MAILER_TYPE = "sendmail"; + FROM = "do-not-reply@${config.services.forgejo.settings.server.DOMAIN}"; + SENDMAIL_PATH = "${pkgs.system-sendmail}/bin/sendmail"; + }; + other = { + SHOW_FOOTER_VERSION = false; + }; + server = { + PROTOCOL = "http"; + DOMAIN = "${cfg.domain}"; + START_SSH_SERVER = true; + SSH_PORT = cfg.sshPort; + HTTP_PORT = cfg.httpPort; + ROOT_URL = "https://${cfg.domain}"; + }; + }; + }; + }) + ( + let + caddy-cfg = config.youthlic.programs.caddy; + in + lib.mkIf (cfg.enable && caddy-cfg.enable) { + services.caddy.virtualHosts = { + "forgejo.${caddy-cfg.baseDomain}" = { + extraConfig = '' + reverse_proxy 127.0.0.1:${cfg.httpPort} + ''; + }; + }; + } + ) + ]; +} diff --git a/nixos/modules/open-webui.nix b/nixos/modules/open-webui.nix index b17e67a..bacd7e2 100644 --- a/nixos/modules/open-webui.nix +++ b/nixos/modules/open-webui.nix @@ -23,7 +23,7 @@ in let caddy-cfg = config.youthlic.programs.caddy; in - lib.mkIf caddy-cfg.enable { + lib.mkIf (cfg.enable && caddy-cfg.enable) { services.caddy.virtualHosts = { "open-webui.${caddy-cfg.baseDomain}" = { extraConfig = '' diff --git a/nixos/modules/openssh.nix b/nixos/modules/openssh.nix index 50dd803..86ade4c 100644 --- a/nixos/modules/openssh.nix +++ b/nixos/modules/openssh.nix @@ -11,6 +11,7 @@ in config = lib.mkIf cfg.enable { services.openssh = { enable = true; + openFirewall = true; settings = { PasswordAuthentication = false; KbdInteractiveAuthentication = false; diff --git a/nixos/modules/postgresql.nix b/nixos/modules/postgresql.nix new file mode 100644 index 0000000..2d66235 --- /dev/null +++ b/nixos/modules/postgresql.nix @@ -0,0 +1,46 @@ +{ + pkgs, + config, + lib, + ... +}: +let + cfg = config.youthlic.programs.postgresql; +in +{ + options = { + youthlic.programs.postgresql = { + enable = lib.mkEnableOption "postgresql"; + database = lib.mkOption { + type = lib.types.nonEmptyStr; + example = "forgejo"; + }; + auth_method = lib.mkOption { + type = lib.types.nonEmptyStr; + example = "peer"; + }; + version = lib.mkOption { + type = lib.types.nonEmptyStr; + example = "17"; + }; + }; + }; + config = lib.mkIf cfg.enable { + # default socket: /var/lib/postgresql + services.postgresql = { + enable = true; + ensureDatabases = [ cfg.database ]; + ensureUsers = [ + { + name = "${cfg.database}"; + ensureDBOwnership = true; + } + ]; + package = pkgs."postgresql_${cfg.version}"; + authentication = '' + #type database DBuser auth-method + local sameuser all ${cfg.auth_method} + ''; + }; + }; +} diff --git a/nixos/modules/tailscale.nix b/nixos/modules/tailscale.nix index 7023948..7932268 100644 --- a/nixos/modules/tailscale.nix +++ b/nixos/modules/tailscale.nix @@ -11,6 +11,7 @@ in config = lib.mkIf cfg.enable { services.tailscale = { enable = true; + openFirewall = true; }; }; } diff --git a/nixos/modules/transmission.nix b/nixos/modules/transmission.nix index acb5db7..c4be3e0 100644 --- a/nixos/modules/transmission.nix +++ b/nixos/modules/transmission.nix @@ -41,7 +41,7 @@ in let caddy-cfg = config.youthlic.programs.caddy; in - lib.mkIf caddy-cfg.enable { + lib.mkIf (cfg.enable && caddy-cfg.enable) { services.transmission = { openRPCPort = lib.mkForce false; settings = { diff --git a/pkgs/helix.nix b/pkgs/helix.nix index adedbd8..3d701cf 100644 --- a/pkgs/helix.nix +++ b/pkgs/helix.nix @@ -9,6 +9,8 @@ let runtimeInputs = ( with pkgs; [ + cmake-language-server + kdlfmt rustfmt clang-tools libxml2 @@ -32,6 +34,7 @@ let rust-analyzer nil haskell-language-server + neocmakelsp ] ); in diff --git a/secrets/general.yaml b/secrets/general.yaml index 847ed7d..50e7a37 100644 --- a/secrets/general.yaml +++ b/secrets/general.yaml @@ -1,7 +1,9 @@ atuin-key: ENC[AES256_GCM,data:e3K7/7BaeXuR+vHJdtO79UQp3XRvROcD8ISkuCp3KGCSlBKUM3GuCwhIeFoIl0fOUqVYOzcCAcjsH2nBRqcXhtS8jhM=,iv:Mh3jsu6mdj0VOLSIoNz/0awyydVf7q3/E7iB7CJi+UA=,tag:xuHhUmK/J2stdjRrtbhQSw==,type:str] ssh-private-key: + deploy: ENC[AES256_GCM,data:tYCsym/IY7uE9is56Qvdm+PxouFPng5hY/nlk/Xsm2qOCjdD2G9PyBTSs4dSil8GYusOdSRAFluCf1awJIHV9CJbCDOBVdzJOeXt19VYm2LQOiU7uOtlhUJYMOyIJjedVpRUfUAI8rQNaANIJ+p40ApnUi3jQbXp66iLZhMs+F2vnWimrorV5if74P+wUCSQEkhWWNBebIlP/JQkmGlS7hSDX9RAUF2m5YzyeTTPEmz/F19Sobq7ws0bxo++v6FiM1Zw/uDPX/NT4h1X/qEu1treRk8eo4+j4ha4OWvM62mecvoPln+Rwp+1q/1Ky0WROFSmIQ0CGJHIwWP4TcDJJeazC/0L5WZAvbHQr6tR7zVeu81OboHfgbrWe4wTzpxGxaRHQVFz+8Q9jpuzYbRnaqUZEfeXQKmSxsmu1SZLIJx/3BFMy8WQnsI0aZJm7Ol/WMY17ikPjC9hFLdzZzDV7zfMIl4TjaFxKpRvWsqtGW55r1IuqnrEFL0M4x9yzGWwT2LQIKqM7AM04phF8Ot8GiNAUPzC5Cm2gwWm,iv:jnNrRZAOsgOiGayLj2mUgODrKMQ66dIYG56G2+1ypYQ=,tag:1jD+1NtWKZye21aTVLTqBw==,type:str] tytonidae: ENC[AES256_GCM,data:I1RF/umtOGAuSVoLfwDnN2DG+w1yWqPkhZzM61y5XRSxF2Xq5C/iUJGWeCc+1Hwbw+oEMnm2e57m79Uke0LIJJrw//kRMqNOewQtx2xHkNSscWKCIANoNiDdhlOnB0r0BfXObr0xEu/69ST11lupPGIGQiWhjT1BY7c4NhAhhzfThttQCwznfrX3SfLu4p2Akg6p8QmRcU6h9kox+PK1Im+h956W0dYVnIe4ePZ3NGitQll9hxLxM+agnxF9wDDO+4pQ3i8aadbxLr8ug/boEhBy/e+sOKqzboAiWpuDjfQRUxklz0IxBihK8z6J/AHgXusxs70EdUDKf5sH7RIi95poYqJdl6bKToSCJtuM7JQ/eNTUjHvUZlRvlXSZG4iNypUYTOxSHTFGH7rA0wNeE0sMXkaTfJHD5utZDjxibICW1+BYXam8mTKWhXMUyfAL2bLMRmshxRB81bPnik08axpzJ22oSxZ1AfPz5I98zn/o0bDlAPTRetImQtSN181WrRHCCVUMe4wZIfgQvVryFgfPU06gqztgU2DB22QphXXysHn4p3jbAF3Hqvgq0f+iNXoh6NJLaUD+i7xb,iv:nSTfnDbaS9DZL2WhVgcu8qIPkYH1Zws58yvcIeSZCzk=,tag:JJV7vJylaFOYdVjyeeOt9g==,type:str] akun: ENC[AES256_GCM,data:d04sdY1cvJuOPSq9H2lT26jrUFSA1sHz1i9jj+XtXGeagQyc4XaknTmfC3EDfvNghoizZWZ/Ma+BfIvnlWDBFqhkGhdhB7X8PnI9rySOfkMmOk2HXHtvP4GfSy2oQ4BMRfYX2N9TcViascnXA9MRsetDjD3fhiCKkZ+2H/sthxw38JgK95O74lFCze7sc4ZzK/RhXaBkLFrQpMdqnGBYpH9wuHiQSlFxBQ0jHJDUeOSxOdCanw2xfdkJnNe5dKRweoYp4Mtit2C3DRdaT3lMQ/SQjfEhUs/0TIXyunoWE7nX5tUN2F2s/FtkPMU5lpiW1x+kntMBBfY9TA+r4CyH4lkhFit+DsIkPfdUZGzSquQAHHWzDzS5vXnKTf8NFCzHIeoQzegkf4JS+CWf51Iy15FfWy+Pd6CmxLikAQnGTixGDa7LMqOV48BhZ5it/hJmrzg0FMkNFeeJW/s9YvCNMae8lMt/0K+N+pUD/Ud8VJnIxP4MmWGKRwNNFHivGuZjtKCJR9agf1N7NPBDDqV7HRDYAfxa2sPozWZ5ZGGGlsmINeymNk10aY4ovRs/6CcRWw2gPspNuxvqb9HQ7r/cQFmGhLYpkliRLpFM/skLCHA=,iv:YVPvHL4nxqJMR8PE+hraS0piboGYXqyljgGcBHqG38g=,tag:HSab+C3Xd5wMzyomF9dGMA==,type:str] + cape: ENC[AES256_GCM,data:5CD6oW9IBAjf9X3waQXMSt82ykOzUZ1D2VFZvZVLRWw+6GUDkPF1jSl9bLR6igY3cQO6164Li7gDz/yImoPgPpy7mvG4iJjaILSWVr9ZwB1dmWK30ZkHB1wpPxHbrSXo6M3t610x8I1ScqSkgh2PV5+cmMH8wd+QSgKwoL7IOoXHkuqKHxI9D+dCGSHH35MvQwWQO0jyn3vjFDhBode5+7tbMPD9dgQLDmWkiSE2xkgIh/RqsJ5x6i8qferyWZeHv9fJMYpJi9SJJe+LwmHZW/JHhaHZztAAu5sHFtC8pA0UwiUMn/ND8L28J1nuMHHNZEF3rmX1cQykPYP1VeNya8Rf+aSzNtD/LjJrU5bjBNt0IEatsnBPUDNZNFrOxgWV4k84wCbDknwqmk5tYLgMF/BsXdShbMguezTgOZS2xpX35QZ3TM+mHkThtPDR+i3ZuDvj5kvAMngCIr95TtZRilGAytABF5CCE6e7jxGG5ijCa46AHDi38/Dk4ci/2s5sY/ekUDLFjhYIkLEFQWsn9VAy9MD+Bkkr+YjHQ1rL74uuqgccxRjEqzBFvVZliq7SbYQ7Bub9qFld1o4+P/YbUGdJlmd0+//pKO9ws20AjvU=,iv:VplLC/sDztaqUiHr/3aglvqxyptZLN2MV3HQzneRk9A=,tag:/hUJjB+oxCKTPk+hPgC4rQ==,type:str] git-credential: ENC[AES256_GCM,data:Rt6ccMJ+D/Jv1U7Ex51j4zIKp5KIyPFJdWZwJyW6liU5CHxBfrFWeNOJobhT5tFPrhzHRUI=,iv:f2SYFKpAcHoKG3dMsniKRi02EFDzwgzzli5Qzw8CWqo=,tag:hUi0FAZ7+2+mcqUsz5HtbQ==,type:str] url: ENC[AES256_GCM,data:snv3FaeR8t30rOX9klSNdY/xqcHGXO1DnVi4GMkvyqaII9l/l8AeSlfOVM4qZq8Mqvn01FaiINOE8WPjhyUs9uYp5pfD7X5EXK+5vWwBYmE/isWlHHHNUhuz3UTV/xiSad4n4MiD8wxlF5u8cImwhDyO+SoG,iv:Tay4S5ZFMEIW6MrHnlen85FGvDJ5ZqfVBlgO5MQWufs=,tag:Njywn0i8W7g6cdDvPeJWEg==,type:str] open-webui_env: ENC[AES256_GCM,data:HUoNzOqVuu9MtW4VZJfrh4DbzQCtVYa+FzhDs21FpvImuVz9cue0X8s2MXKqYH0LD1US/DJKL4QLLeNTKVMGxmBOCGxSIgeFejnqK5k/r0GF54SBOURWZn/TyzqxZKAym01DUvfNIe68LhvW1LOHaCDK4zsI9BnhkBVjV8/Vmsc=,iv:4aUgQ6HoLqeuUp01fg+yXQRbH6mS/dakZ1ZUdCZzvAM=,tag:GlFnN5bqIcIZadXmFBkSXA==,type:str] @@ -14,23 +16,32 @@ sops: - recipient: age1smmqun9h3cszaza85ty33yenyaqtat572u9r3we4l5gh85njgvws6q680g enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaQ0s4QldhbzNEcGJocGtK - aEY1ZGxMSE54U3JRUGc1aXBzQXlhb2xNZGdjCjRhbWFFeXVUZ1ExT25NMi8zWGl1 - U05SOTd0OVJBZndzdkEwWEdPZnJMUlkKLS0tIFJsSUZrVSszdVozYkhTWFZpWG9s - VVBnNVNLSVkvRUJhQ1VnRXAwajFySFEKbstCqi4CmEfEEe8+NqVrEj7GWPVTC2yR - zpAX54OdHtlRBLFFOeDR8jytKOPi2yxvY49Gn1zZ82dQaqY1kvlKZg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3MHB5OXFPbGxvYWc2TVZI + TGMrY0Vqa0hWQ05SbGJ4aEMvd2RIdzc3N0dvCjQzaGc2YU5LWkVvTzJUTHZvS3RT + bkJJZGg0ejRad2dwdVVVcXZ4K1dhZW8KLS0tIHRRUDJ4cUpFU3F3VU1CY1laM0xr + OFNxUGFXVmFlKyszNlVNb3RxbGxCL0UKPeVB78sBNluUdoloyCzh97DUPwCS6yY8 + wQQrHa/RZo+dcI2+SioIheincW/lQTTKy0FvKfmx0BU+NLwyeuyPcA== -----END AGE ENCRYPTED FILE----- - recipient: age1emhsx2l0ell6smavzaackwkk7n2u4zf6chdp9xcds3dqp7s444ds9fcaga enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmRVV1WFJBdWMxNmM4VXdx - dEk2ME01dWVSWFdKTHRnVWRTZ3Z0MFNaTHc0ClN4MElGejBjZ0sxNXVxSWRBL1px - dkozMzVIQjdCMktzT2U2Tnhjd1Y4N00KLS0tIFc4T3E4V3VQdk1iMW5UT1N6RUlZ - RjdOK1RiRHRzTGd1dDlUTEVRVzBtQk0K5vtopA4dhLODrVlUnegm9f5DwSvOKuIS - bIPHM5FarLGRXTXs09vKW5LFKo3BOm9N4Zc6q4cV7Pdp5+AZEEp/0Q== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIc0FOOUVHSkFuNjVCVG1H + N3BFb2RIMHhLWU9UenRBSGNXYXRFTzJTOHk4CmRSdkVXblFGdjdtZXp5TFVhUDlX + MzNrMi83TWlvcXVIVGNaV2JtZ2o0NzAKLS0tIFBnR0xpeWZENmIwdWhDdmNhK1A3 + aUNnMmpMQmtoWGtmanJJTThNZ2l1bVUKDdCnNCTsea69pJkUKIOm6WdZeL1aqwbQ + xxKbyMeJDW7VzJjMQEbf0Zr2tvn6YJFWHpWGgKeeOa8HOmqCKYlAZA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-01-23T16:39:54Z" - mac: ENC[AES256_GCM,data:aGl7qMUkmcMeU+oh9VtE6bPS9aEwxe4aqn3oJlARkUKnUJdxRxj3BCDbRlp0dMcRSKnlFq7A5PfWlOR62yL83pZrSgh7XPP8R4j8qFZ+vRnGbs8nTG/hPw0swYff8nx9xxrneMw8JuLFkYBWCQXjQsDloiUSIAW2G4tadXG51hY=,iv:eiEmGLI5NViLFkR3mf0uzz0AefA/FohES2vf4qbLB5w=,tag:GcK0K5sQF2KHZ5S07+uJIA==,type:str] + - recipient: age1s4zml68g0ys05tv2nlpnevz37vf0uurypfsf996wj4vytgxczumqy3utck + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3Q0xjeGdyWUxzdmJlaDJE + dU5ONEpDVVFpeWFJR0pLRnZuMVliamxiVXdzClFjT1JFVDlqK3Uremw0WWpVakVV + UHNFQW82V2RaZ2hYWHJsL1R3UjEzQVUKLS0tIE42VVcwNlAvOVNjcnVCUmhObXdm + a1Y1NU9CK2h1SS83VW42bzBMa01yMXMKI1DBtgNlkNCrxUQvnD6a45mQKNfg5gM4 + Zb5buo9Jofj4dn/HFwng3T3gxKTrP2Dh74CAH4L0M5yrF9fzk5TCcQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-01-27T08:53:59Z" + mac: ENC[AES256_GCM,data:gNlAly2qCnIbyWnZHzkz5KPxK6iY4wC/kmnoodHpn0kijUB9M8+rGxzx+ZLcj8kvthmrKkoCSWlj1ymOZLVUNW4R7/zpTlR7CMN66F2BFVVts7MFBI3Qzu+iuC59wpefCZk+kmfn0V8bcMCZ1vMYq0zLvL0UBgkE2/sB5EVIY58=,iv:ZXo2WQUs8YCgFlh+8pQckVRwL0p6hJ82+43XFVDA2iQ=,tag:KQIBj2/hCQefDv+w1WV2Vg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.3 diff --git a/secrets/ssh-config.yaml b/secrets/ssh-config.yaml index ed55192..0d36825 100644 --- a/secrets/ssh-config.yaml +++ b/secrets/ssh-config.yaml @@ -1,4 +1,4 @@ -ssh-config: ENC[AES256_GCM,data:kQe12czlvgScrtOae32PpKNrXREh1XP5n7WrFvBb4NcGLRj0j61T490D5v6vgTzppyQnU84tTNVtMBUfdLN6jjdli8cEM71qcKy4eLw=,iv:FaUEI9dYamBt7kI9quCNBXZwDzTosR4ad1JQq6IatBE=,tag:R4TTA6iMrRQPt1ApYBGfEg==,type:str] +ssh-config: ENC[AES256_GCM,data:I9j2GFdag4JpJaaKdm1oS6hHmOy+Y7w7ykPGPhEaLZk9ndUS7LRfcYuMZtUwK/5OctHJKz+UqdsA0Dcl2y1xNN4iIoNqWhShEu8e/N/ASN8UUd67xrkxC6LNjbf/WCyA1ib0jH/Dh8/frDs=,iv:G4AwOhpXpykjrTvMoHEvXFHQzUwWvTaq9id2DuK3k/E=,tag:XcpDZbPVovs5iEd3lpumcg==,type:str] sops: kms: [] gcp_kms: [] @@ -8,23 +8,32 @@ sops: - recipient: age1smmqun9h3cszaza85ty33yenyaqtat572u9r3we4l5gh85njgvws6q680g enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzVzEwYTNNVVV6VXJUS201 - ZnU1cXJRTTdzS2pyOTBVS3hCS1ZnSzF2eERzClpXRk9DdzJPRjY4NURSSWl5TjJG - czVYUjZSS2RTT0JlSkE5NzltMzV0VTQKLS0tIGwvdE4wYjB6ZHZmV01sOXkrcUxK - ajd5bVAwYmJ6VU1XUzJwSUlrbFE3clUKANuO/gmjbzBcSJzNJbiV7hPffZ/h9Exn - KaqPaPst1oTep48OHJpqntYTTFt1TD8XidguiFTpHfKmOY7KjcOgOA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6cG9OdXUvUnlYRUJUc2dZ + NUJzWHJ1bXhkTTRPSXRDUUNVYTczWVllbVRFCksxWUZZWFFkNUtmTFp0V2ttazla + YmhtL2FpcmtoVWZFdXp4cE1aMTBTdmcKLS0tIGZXMXB4MkNNVTVWQjhZRnZqS1JS + RHZMRmpkYkJKeGlaTGhuNCtLNURkS3cK24p7POvcZTN6xVNN/3oVsCQcP5n/3Akj + YiVs7NFvHuHgqsZHdD6mDG8IuR6+7UbZcjdzm9b6muFrTvL7x6IVoQ== -----END AGE ENCRYPTED FILE----- - recipient: age1emhsx2l0ell6smavzaackwkk7n2u4zf6chdp9xcds3dqp7s444ds9fcaga enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5REhMbm1ubkplcnpySVNQ - Q3U5V0lvZkRjSzNleGk2TFZOUENqc2xKZkVFCkFrd2hPZVNkY2dWZnNuSUNiL2Yw - Z0lvc3RlMG1ma1UweElwTHlLczBFK2sKLS0tIGl0SHJBcnVoSnZITXd3amxNOE5C - Vm9nNE9aVjNtM3dUcHVMS201aEUzWVEKsRUBRWmJH+SeySfohgygVdJWy8eGB6Kh - dFvTObd4VenTVHI6/Cz2NZAYVEYWVe7d68TeGSNTPBVaFqqgqRm/Vw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWTDRBT2s1Q0dpTDVwOCtT + emJnYktnYUZ3WFRZOW1rN3VadDhYM0R4M0FnCmU1SGpIYldLNUkxRHpwc0JVRHBo + dC9INVBYQ0J0aGxUWHVxeHJrdEhUK1kKLS0tIElMVEFsMS9BTCs4bkJnak9Yc1k1 + UHVXS0RJZnhHMUZwcFhzN2pscW85Sm8KKtXsuJG6wCG8RzCHthMBDUYRMqNHpl/n + rDtduFwsn1ItxA6R5edUaPu7AJZ6+z7Aku1cf8WHGH4LgD6clR/avw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-01-19T15:55:21Z" - mac: ENC[AES256_GCM,data:i1/deYyKf3kkUyFZeiUH0958uDNSZoN0ykChfhr1i8pbvbUe8EYrOJNI5HShhaap9nmpc6f5XFG9xA2DT4oCF1m3RSz9lVJguSRK05L7/1U7GdK90PTaPaTrNio7o0JiLAaarD3TmaPhhpcM6pE+Hz0f0oKpNEFbVI38dMlDq7M=,iv:UXTm9X9erv+dPjSG8WdHyqbl5hyiCid1cpYfDjk2rK8=,tag:3UhJ91wnrzPxPH1Ilr6o7A==,type:str] + - recipient: age1s4zml68g0ys05tv2nlpnevz37vf0uurypfsf996wj4vytgxczumqy3utck + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwck9lZ1lVM0c1LzhiR0V4 + SDcycnd3ZGtWNStnaS94bC9RZy83QnZWd2pJCmJrMVE5cXdIaFJYL21ITTNJQ3h5 + NVgvQlVVaHJDYUZTUW1YK3p5VTNNRXMKLS0tIEtLQjZVRzJZQ2tuMStJOE9aWDJC + anNBRmFHN3VOVEhVdjd0QTA2aGd4OE0KCsaIBsMWZ+CDIck2a53vV+gnn2/Coc/o + HgQc5JMQbL4n957nqB/Gpj92z2nYteVl0fS7Umu9M2SbmF2Cvapafw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-01-27T02:51:28Z" + mac: ENC[AES256_GCM,data:JIv/R2t5adjPV4h4WMITfF9wQ4OyV1Cy8TKc9IUDX6Xu/JYSiYKhCUAzV/CkjG/FGEjeXz9dzzhR5wrZefVf2FnrTErPMpdy4yxuDL28F1zMK+Uixay0FB4Z52PmDXzzNhqOrEUhC2t4ev7/SUtxmJjgJ/Q8e8Impgsi4TLvhlo=,iv:Sx8T2Acryn4d3KhIf3Of8Fo55ma4g00wBwyOsL4gVls=,tag:OUX1313d9NW5MmTq2yT2Fg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.3 diff --git a/secrets/transmission.yaml b/secrets/transmission.yaml index 36d30d8..2766eb3 100644 --- a/secrets/transmission.yaml +++ b/secrets/transmission.yaml @@ -8,20 +8,29 @@ sops: - recipient: age1smmqun9h3cszaza85ty33yenyaqtat572u9r3we4l5gh85njgvws6q680g enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByNUJGTHV3Nkd3NmFkUEVm - OTJjSG00eVAwRTlQUHk3THgvczRYQlhkK1M0ClFHZDVBVWRnMytIQ1JOMDVhZWpr - QkV5YVQ1dEo1cFRBSVEySUZQNnVTQ00KLS0tIHhMTVRaY3lCL1pXL0NGbkdEVzBu - ZkVpNCtnWFdodHFYbWhFWTVsbGZ3N2cKz8+iOr5Jpg7r+fZrmEfv7GT+U9GGYFsA - uwLrJBYkyh+nS0KpgK/II3xBW+OLK//Q4qXhX2xNR3PrCEyYNepWyg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6WURqaWhmS0FiOGpncWRR + aTd3Z0NXZWhuY2I4amxEVFJ0WGN0MkpjVkdvCjFBM0NPenAvYTI4VlZnN0E2UGc4 + NjNwa0FER29yVTJxazlxalhaQjNYS0UKLS0tIG9mSEwwUFRaQTlMVFJJN0RRekxN + WmRZM0prQWc1Y08vbUtRdkY0T3lqSjgKopjxaDG1pRQpvZG4ddkwMR2puIlIOL4D + xBo4iY7eWd7b3A1ibcMLG075aSjrlYy9qs6esl7LxTjt1bEdaIwYqw== -----END AGE ENCRYPTED FILE----- - recipient: age1emhsx2l0ell6smavzaackwkk7n2u4zf6chdp9xcds3dqp7s444ds9fcaga enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUNmQxU04yYWdKdFJqaUQ1 - UkE4Ykt5UmJESVB3NnZpS1d4VmlNSjZVK2xnCmo0SEJQM28vWWd3enhDRFZxRmRZ - aEpDa05vZmthY0FHR0djaGpBc2l4cTgKLS0tIHIvRUh0aTJqdFc4eHE2ZFJCRmJY - S21ySVFCWTlPQUZXci90RjY3QnhmaVkKk5et+gjlm7m/llWru16Lomx2cSLvgFBc - mUFUECsaOgTTLoCBj7fS/tPH94kXj4+vk/2OwihOWX6lSyKfkGtuRg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzRVc0bHFJVDNWaTlsekhX + WmlnK2NheHIzSmx4WTdEK2tlVk51NktEM0Y0CkowU1p1eGdiNUxxeTIrQjFaT1NX + MCtTakpMZFN2TFdKaGt2Qzd4d09CRmsKLS0tIDllWXE3ajJ6UHMyNzFHandhMGVv + R055RDNNSUdxaXd0elJtbkpzV0hZbEEK9KSf+jd1XD/7ldvnGkLfohqbojde5VRQ + DUkvrpiKp24d6j/zBBjHC9PfRPQ5kChP0zUfmZigAIHOZTPvICf7kA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1s4zml68g0ys05tv2nlpnevz37vf0uurypfsf996wj4vytgxczumqy3utck + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNRHQ0NThLb2pGVnhOMW9D + SHo3WElEcFBSTXh5VFhNTHNTS2pnMUpKSngwCnlWZTVlWVludkY1NkwzWEdWdjZU + NmFRR203Z0QyNEp1aVE2eXRzcXJyZEEKLS0tIDM4VXJZM0ZKdGsra1VnelVzWVZr + NW0reXdaZWxrN1MwTDZQS0xESjM0L0kKaEoGiIz90xs5XThiPjNd3NouVIiNbhp8 + Z97Xc44lDvaqBInmYzLFjh5Y/uBQMoeeayoVe14whwsLzsoJ094CCQ== -----END AGE ENCRYPTED FILE----- lastmodified: "2025-01-24T08:58:17Z" mac: ENC[AES256_GCM,data:YJPmgWY0U8xEauUnVIjOqwZkSFRYWCcn/HbmS4M2ZFlblM7GkMJAqrDhZIlKUlUbsDtoUKRZH/DmUNj6jB8ejabUE1psu0eOvdP5svoMhGJf7JMkEWiLikqpw9eadt8FdidKjPjTGR0G4oSq+vdbFy2TsKjhyHuab8cLCm3MfkY=,iv:SrviiLHDTjgpr5588suDbF7Pfw3yhnCmz4x0FSvzypo=,tag:2WP8wLsT/iANcbisRmp9mA==,type:str]