sorceress
/
nix-infra
1
0
Fork 0
Code Issues 5 Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: sorceress:mistress
Branches Tags
sorceress:mistress
sorceress:lappytappy
sorceress:flakes
..
compare: sorceress:lappytappy
Branches Tags
sorceress:mistress
sorceress:lappytappy
sorceress:flakes

No commits in common. "mistress" and "lappytappy" have entirely different histories.
mistress ... lappytappy

84 changed files with 1880 additions and 6831 deletions
Show Stats Expand all files Collapse all files

2
.envrc
View File

@ -1,2 +0,0 @@
use flake
export NH_FLAKE=$(expand_path .)

5
.gitignore vendored
View File

@ -1,3 +1,2 @@
.DS_Store secrets
secrets/id_ed25519-nix-builder ops/home/.gcroots
.direnv

18
.sops.yaml
View File

@ -1,18 +0,0 @@
keys:
- &sierpinski age1se1q089cm462yku3md4xyk9lc4ck2x429awx9gh75lg6tpcaeyumcpnud7nht9
# host keys
- &synchronicity-ii age1kjnrt7vnwhqzryxrgakd7tdga9sxvjrlgtj0j8xz0sah798atvxquvpqla
- &watchtower age1nhs7nhvkqhw8qgdyxwmgts044ce3t7jsgesea5l5mfz4ex6jsgyq76cfsy
- &tears age1c0jmesk8x3rjqq8elrvdnmz9w2d35u7mkvfeerwv5wtjqqrnt9as9q6tqj
creation_rules:
- path_regex: secrets/restic.env$
key_groups:
- age:
- *sierpinski
- *tears
- path_regex: secrets/[^/]+\.(yaml|json|env|ini|bin)$
key_groups:
- age:
- *sierpinski
- *synchronicity-ii
- *watchtower

73
README.md
View File

@ -1,60 +1,41 @@
# Infra Reference # Nix Infra Config
Using [colmena](https://github.com/zhaofengli/colmena)
## Host Overview ## Hosts
### nix-darwin - `bloodletting`: Main server
- `penrose`: *Mac Mini M1* - `ritual`: NixOS laptop
- `sierpinski`: *MacBook Air M4*
### colmena
- `synchronicity-ii`: Rented high-reliability/low-cost server
- `tears`: x86 Headless desktop for heavy workloads
- `watchtower`: *ThinkCentre M75q Gen 2 Tiny*; Home server
### offline
- `bloodletting`: Main server / technogothic.net
## Manual setup on blank system/migrations ### Manual setup on blank system/migrations
### bloodletting: Bloodletting:
- `nh os switch --target-host root@bloodletting -H bloodletting` - deploy config - `colmena apply` - deploy config
- `passwd` - set user passwords
- rsync state:
- `/var/lib`:
- `acme/.lego`
- `fail2ban`
- `mastodon`
- dump and import Postgres and Redis DBs
- `matterbridge`
- `mc-e2e`
- `mc-enigmatica-8`
- `mstdn-ebooks`
- `nyandroid`
- `prometheus2`
- `prosody`
- `/home/ftp`
### synchronicity-ii:
- `nh os switch --target-host root@synchronicity-ii -H synchronicity-ii` - deploy config
- `passwd` - set user passwords - `passwd` - set user passwords
- rsync state: - rsync state:
- `/var/lib`: - `/var/lib`:
- `acme/.lego` - `acme/.lego`
- `bin_rs` - `bin_rs`
- `fail2ban`
- `grafana` - `grafana`
- `headscale` - `homepage`
- `hedgedoc` - `matterbridge`
- `mc-e2e`
- `mstdn-ebooks`
- `nyandroid`
- `prometheus2` - `prometheus2`
- `/home/ftp`
### penrose/sierpinski: Ritual:
- `nh darwin switch` - deploy config - `colmena apply[-local]` - deploy config
- `age-plugin-se keygen | tee (tty) | tail -n1 >> ~/Library/Application\ Support/sops/age/keys.txt` - generate a private key using the Apple Secure Enclave. Make sure to add it to `.sops.yaml`. - `mkdir -p ~/.gnupg` - create directory for gnupg
- `sops updatekeys` - re-encrypt secrets after adding new keys. - manual configuration/login:
- Firefox
- Copy extension data
- Element
- Telegram Desktop
- Geary
### Rsyncd Modules ### Rsyncd Modules
Modded minecraft instance rsync modules can be accessed through `mc-[modpack]@bloodletting::mc-[modpack]` with `--rsh=ssh` Modded minecraft instance rsync modules can be accessed through `mc-[modpack]@bloodletting::mc-[modpack]` with `--rsh=ssh`
### Updating Mastodon ## Reference configs used
```sh - https://github.com/Xe/nixos-configs
cd common/pkgs/mastodon && ./update.sh --owner AgathaSorceress --rev <commit hash> - https://git.nora.codes/nora/nixconfig
```
[Last commit which includes BSPWM configs](https://git.lain.faith/sorceress/nix-infra/commit/e60bbd7f41bdb4456319637f38a25425b6f5fef7)
### Common Pitfalls
- Run `sudo ssh tears` if remote builds are failing. This is likely caused by a hidden "Host key verification failed" error.

71
common/default.nix
View File

@ -1,49 +1,78 @@
{ pkgs, ... }: { pkgs, ... }: {
{ imports = [ ./users ];
## Optimizations ## Optimizations
# Clean /tmp
boot.cleanTmpDir = true;
# Link identical files # Link identical files
nix.optimise.automatic = true; nix.settings.auto-optimise-store = true;
# Limit journald logs
services.journald.extraConfig = ''
SystemMaxUse=100M
MaxFileSec=1month
'';
# Garbage collection # Garbage collection
nix.gc = { nix.gc = {
automatic = true; automatic = true;
dates = "weekly";
options = "--delete-older-than 30d"; options = "--delete-older-than 30d";
}; };
## Other ## Other
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# Flakes # Flakes
nix.settings.experimental-features = [ nix.settings.experimental-features = [ "nix-command" "flakes" ];
"nix-command"
"flakes"
];
nix.package = pkgs.lixPackageSets.latest.lix;
# Enable fish (needed for nix completions) # Enable fish (needed for nix completions)
programs.fish.enable = true; programs.fish.enable = true;
# Fix terminfo
environment.enableAllTerminfo = true;
environment.variables.COLORTERM = "truecolor";
# Set editor
environment.variables.EDITOR = "hx";
# Packages used on all systems # Packages used on all systems
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
ccase
comma
dogdns
dust
git git
headscale
imagemagick
jq
killall
mtr
nmap
openssl
rsync
sqlite-interactive
wget wget
xclip xclip
killall
rsync
sqlite-interactive
]; ];
# 🥺 # 🥺
# security.please.enable = true; # security.please.enable = true;
## Locale/Timezone
time.timeZone = "Europe/Berlin";
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "de_DE.UTF-8";
LC_IDENTIFICATION = "de_DE.UTF-8";
LC_MEASUREMENT = "de_DE.UTF-8";
LC_MONETARY = "de_DE.UTF-8";
LC_NAME = "de_DE.UTF-8";
LC_NUMERIC = "de_DE.UTF-8";
LC_PAPER = "de_DE.UTF-8";
LC_TELEPHONE = "de_DE.UTF-8";
LC_TIME = "de_DE.UTF-8";
};
# Configure keymap in X11
services.xserver = {
layout = "us";
xkbVariant = "";
};
} }

17
common/fragments/bin.nix
View File

@ -1,21 +1,10 @@
{ config, ... }: { ... }: {
{
imports = [ ../../common/services/bin.nix ]; imports = [ ../../common/services/bin.nix ];
services.bin = { services.bin = {
enable = true; enable = true;
address = "0.0.0.0";
port = 6162; port = 6162;
textUploadLimit = 64; textUploadLimit = 32;
};
services.nginx.virtualHosts."thermalpaste.technogothic.net" = {
useACMEHost = "technogothic.net";
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:6162";
proxyWebsockets = true;
extraConfig = "client_max_body_size ${toString config.services.bin.textUploadLimit}M;";
};
}; };
} }

87
common/fragments/bittorrent.nix
View File

@ -1,87 +0,0 @@
{ config, pkgs, ... }:
{
sops.secrets."gluetun.env" = {
sopsFile = ../../secrets/gluetun.env;
format = "dotenv";
};
virtualisation.oci-containers.containers =
let
QBITTORRENT_WEBUI_PORT = "8080";
in
{
"gluetun" = {
image = "qmcgaw/gluetun:latest";
autoStart = true;
volumes = [
"/var/lib/gluetun:/gluetun"
"/etc/localtime:/etc/localtime:ro"
];
ports = [
"127.0.0.1:${QBITTORRENT_WEBUI_PORT}:8080"
"100.64.0.1:${QBITTORRENT_WEBUI_PORT}:8080"
];
environment = {
VPN_SERVICE_PROVIDER = "protonvpn";
VPN_TYPE = "openvpn";
VPN_PORT_FORWARDING = "on";
SERVER_COUNTRIES = "Germany, Netherlands";
PORT_FORWARD_ONLY = "on";
VPN_PORT_FORWARDING_UP_COMMAND = "/bin/sh -c '/usr/bin/wget -O- --retry-connrefused --post-data \"json={\\\"listen_port\\\":{{PORTS}}}\" http://localhost:${QBITTORRENT_WEBUI_PORT}/api/v2/app/setPreferences 2>&1'";
};
environmentFiles = [ config.sops.secrets."gluetun.env".path ];
extraOptions = [
"--cap-add=NET_ADMIN"
"--device=/dev/net/tun"
];
};
"qbittorrent" = {
image = "lscr.io/linuxserver/qbittorrent:latest";
autoStart = true;
dependsOn = [ "gluetun" ];
volumes = [
"/var/lib/qbittorrent:/config"
"/mnt/library:/downloads"
"/etc/localtime:/etc/localtime:ro"
];
environment = {
PUID = "1000";
PGID = "1000";
WEBUI_PORT = QBITTORRENT_WEBUI_PORT;
};
extraOptions = [
"--network=container:gluetun"
];
};
"qui" = {
image = "ghcr.io/autobrr/qui:latest";
autoStart = true;
dependsOn = [ "qbittorrent" ];
volumes = [
"/var/lib/qui:/config"
"/mnt/library:/data/torrents"
];
ports = [
"100.64.0.1:7476:7476"
];
};
};
sops.secrets.qbittorrent-pass = { };
systemd.services.qbittorrent-prometheus-exporter = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
Type = "simple";
ExecStart = "${pkgs.prometheus-qbittorrent-exporter}/bin/qbit-exp";
Restart = "always";
Environment = [
"EXPORTER_PORT=9006"
"QBITTORRENT_USERNAME=Agatha"
"QBITTORRENT_PASSWORD_FILE=${config.sops.secrets.qbittorrent-pass.path}"
"QBITTORRENT_BASE_URL=http://localhost:8080"
];
};
};
}

2
common/fragments/fail2ban.nix
View File

@ -8,7 +8,7 @@
jails = { jails = {
nginx-deny = '' nginx-deny = ''
enabled = false enabled = true
backend = auto backend = auto
logpath = /var/log/nginx/*access.log logpath = /var/log/nginx/*access.log
''; '';

96
common/fragments/grafana.nix
View File

@ -1,68 +1,54 @@
{ config, ... }: { config, pkgs, ... }: {
{
sops.secrets.grafana-key = {
owner = config.users.users.grafana.name;
};
sops.secrets.grafana-oauth = {
owner = config.users.users.grafana.name;
};
services.grafana = { services.grafana = {
enable = true; enable = true;
settings.server = { settings.server = {
root_url = "https://grafana.technogothic.net"; domain = "grafana.technogothic.net";
http_port = 2342; http_port = 2342;
http_addr = "127.0.0.1"; http_addr = "localhost";
}; };
settings = { settings."auth.anonymous" = {
"auth.anonymous" = {
enabled = true; enabled = true;
org_name = "Main Org."; org_name = "Main Org.";
org_role = "Viewer"; org_role = "Viewer";
}; };
"auth.generic_oauth" = };
let
authServerUrl = config.services.kanidm.serverSettings.origin; networking.firewall.allowedTCPPorts =
in [ config.services.grafana.settings.server.http_port ];
services.prometheus = {
enable = true;
port = 9001;
retentionTime = "365d";
scrapeConfigs = [
{ {
enabled = true; job_name = "bloodletting";
name = "Kanidm"; static_configs = [{
allow_sign_up = true; targets = [
"localhost:${
client_id = "grafana"; toString config.services.prometheus.exporters.node.port
client_secret = "$__file{${config.sops.secrets.grafana-oauth.path}}"; }"
scopes = "openid profile email groups"; ];
use_pkce = true; }];
use_refresh_token = true; }
{
auth_url = "${authServerUrl}/ui/oauth2"; job_name = "nginx";
token_url = "${authServerUrl}/oauth2/token"; static_configs = [{
api_url = "${authServerUrl}/oauth2/openid/grafana/userinfo"; targets = [
"localhost:${
groups_attribute_path = "groups"; toString config.services.prometheus.exporters.nginx.port
role_attribute_path = builtins.concatStringsSep " || " [ }"
"contains(grafana_role[*], 'GrafanaAdmin') && 'GrafanaAdmin'" ];
"contains(grafana_role[*], 'Admin') && 'Admin'" }];
"contains(grafana_role[*], 'Editor') && 'Editor'" }
"'Viewer'" {
job_name = "telegraf";
static_configs = [{
targets = [
config.services.telegraf.extraConfig.outputs.prometheus_client.listen
];
}];
}
]; ];
login_attribute_path = "preferred_username";
allow_assign_grafana_admin = true;
};
security = {
disable_initial_admin_creation = true;
secret_key = "$__file{${config.sops.secrets.grafana-key.path}}";
cookie_secure = true;
};
};
};
services.nginx.virtualHosts."grafana.technogothic.net" = {
useACMEHost = "technogothic.net";
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:${toString config.services.grafana.settings.server.http_port}";
proxyWebsockets = true;
};
}; };
} }

113
common/fragments/graphical/bspwm.nix Normal file
View File

@ -0,0 +1,113 @@
{ lib, pkgs, config, ... }@attrs:
let
utils = import ./colors.nix attrs;
colorscheme = utils.colorscheme "purple" ../../../external/6.png;
in {
home-manager.users.agatha = {
xsession.windowManager.bspwm = {
enable = true;
extraConfigEarly = lib.strings.concatStringsSep "\n" [
"xsetroot -cursor_name left_ptr"
"xinput set-prop 'SynPS/2 Synaptics TouchPad' 'Synaptics Scrolling Distance' 60 60"
];
extraConfig = lib.strings.concatStringsSep "\n"
[ "nitrogen --set-zoom-fill ${../../../external/6.png}" ];
monitors = { eDP-1 = [ "I" "II" "III" "IV" "V" "VI" "VII" "VIII" ]; };
settings = let color = n: colorscheme.colors."${builtins.toString n}";
in {
border_width = 3;
window_gap = 15;
top_padding = 45;
split_ratio = 0.5;
borderless_monocle = false;
gapless_monocle = false;
normal_border_color = color 0;
focused_border_color = color 1;
active_border_color = color 2;
urgent_border_color = color 2;
presel_feedback_color = color 2;
};
rules = {
"Gimp" = {
state = "tiled";
follow = true;
};
"Element".desktop = "II";
"TelegramDesktop".desktop = "III";
"Geary".desktop = "IV";
"firefox" = {
desktop = "I";
state = "tiled";
follow = false;
};
"Yubico Authenticator".state = "floating";
"firefox:Places".state = "floating";
};
};
services.sxhkd = {
enable = true;
keybindings = {
# Terminal
"super + Return" = "kitty";
"Caps_Lock" = "kitty";
# File explorer
"super + e" = "nautilus";
# Program launcher
"super + @space" = "rofi -show drun";
# Clipboard
"super + v" = ''
CM_LAUNCHER=rofi clipmenu \
-theme-str 'listview \{ spacing: 0; \}' \
-theme-str 'window \{ width: 30em; \}'
'';
# Calculator
"super + shift + c" = ''
rofi -show calc -modi calc -calc-command 'xdotool type --clearmodifiers "\{result\}"'';
# Media keys
"XF86Audio{Raise,Lower}Volume" = "pamixer {-i,-d} 5";
"XF86AudioMute" = "pamixer -t";
"XF86Audio{Prev,Next}" = "playerctl {previous,next}";
"XF86AudioPlay" = "playerctl play-pause";
# Screenshot
"Print" = "flameshot gui && bspc desktop --focus focused";
"shift + Print" =
"flameshot gui -d 3000 && bspc desktop --focus focused";
# Pause notifications
"super + n" = "dunstctl set-paused toggle";
# Reload WM
"super + shift + {q,r}" = ''
pkill -USR1 -x sxhkd \
; for p in picom polybar dunst; killall $p; end \
; bspc {quit,wm -r}
'';
# Close/kill window
"super + {_,shift + }w" = "bspc node -{c,k}";
# Monocle layout
"super + m" = "bspc desktop -l next";
# Toggle hide all windows
"super + d" =
"bspc query -N -n .window | xargs -I node_id bspc node node_id -g hidden";
# Change window state
"super + {t,shift + t,s,f}" =
"bspc node -t {tiled,pseudo_tiled,floating,fullscreen}";
# Focus/move window
"super + {_,shift + }{j,k,i,l}" =
"bspc node -{f,s} {west,south,north,east}";
# Focus the next window in the current desktop
"super + c" = "bspc node -f next.local.!hidden.window";
# Focus previous/next desktop on current monitor
"super + bracket{left,right}" = "bspc desktop -f {prev,next}.local";
# Switch desktops / Move window to desktop
"super + {_,shift + }{1-9,0}" = "bspc {desktop -f,node -d} '^{1-9,10}'";
# Window switcher
"alt + Tab" = "rofi -show window";
# Move floating window
"super + {Left,Down,Up,Right}" = "bspc node -v {-20 0,0 20,0 -20,20 0}";
# Lock screen
"super + x" =
"betterlockscreen --lock dimblur; systemctl --user restart gpg-agent";
};
};
};
}

13
common/fragments/graphical/colors.nix Normal file
View File

@ -0,0 +1,13 @@
{ lib, pkgs, ... }: {
colorscheme = name: image: rec {
generate = pkgs.callPackage ({ runCommand, colorz }:
runCommand name { nativeBuildInputs = [ colorz ]; } ''
colorz ${image} --no-preview -n 8 --bold 30 --minv 0 --maxv 255 | awk '{print $1} {print $2}' > $out
'') { };
colors = builtins.listToAttrs (lib.lists.imap0 (i: v: {
name = builtins.toString i;
value = v;
}) (lib.strings.splitString "\n" (builtins.readFile generate)));
};
}

44
common/fragments/graphical/darwin.nix
View File

@ -1,44 +0,0 @@
{ pkgs, lib, ... }:
{
imports = [
./default.nix
./iosevka.nix
../../home_manager/common.nix
../../remote-builds.nix
];
nix.settings = {
extra-nix-path = "nixpkgs=flake:nixpkgs";
substituters = [
"https://cache.nixos.org"
"https://cache.lix.systems"
];
trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o="
];
trusted-users = [ "@admin" ];
};
users.users.agatha.packages = with pkgs; [
age-plugin-se
];
# Needed for the nix-darwin environment even if zsh is not used.
programs.zsh.enable = true;
users.users.agatha = {
name = "agatha";
home = lib.mkForce "/Users/agatha";
};
fonts.packages = with pkgs; [
nerd-fonts.daddy-time-mono
nerd-fonts.symbols-only
fira-code
fira-code-symbols
font-awesome_5
iosevka
siji
];
}

169
common/fragments/graphical/default.nix
View File

@ -1,30 +1,167 @@
{ pkgs, ... }: { pkgs, config, lib, ... }: {
{ imports = [
# Config for client devices, but not necessarily a full desktop environment. ./bspwm.nix
./picom.nix
./polybar.nix
./iosevka.nix
./kitty.nix
./element.nix
];
# User packages # User packages
users.users.agatha.packages = with pkgs; [ users.users.agatha.packages = with pkgs; [
brightnessctl
broot
colmena colmena
exiftool element-desktop
ffmpeg firefox
file flameshot
flac gnome.eog
gnome.file-roller
gnome.geary
gnome.gnome-calendar
gnome.gnome-control-center
gnome.gnome-disk-utility
gnome.gnome-font-viewer
gnome.nautilus
gnome.totem
hyperfine hyperfine
just lxappearance
magic-wormhole magic-wormhole
nil neofetch
nixd nitrogen
pamixer
pavucontrol
pfetch pfetch
rink playerctl
whois pridefetch
rofi
rofi-calc
rofimoji
tdesktop
wireguard-tools wireguard-tools
yt-dlp xdg-utils
yubioath-desktop
]; ];
home-manager.users.agatha = { # Brightness/volume keys
programs.direnv = { users.users.agatha.extraGroups = [ "video" ];
programs.light.enable = true;
services.xserver = {
enable = true; enable = true;
silent = true; displayManager = {
gdm.enable = true;
# gdm.wayland = true;
sessionPackages = [ pkgs.sway ];
session = [{
manage = "window";
name = "bspwm";
start = let cfg = config.home-manager.users.agatha;
in ''
${cfg.services.sxhkd.package}/bin/sxhkd ${
toString cfg.services.sxhkd.extraOptions
} &
${cfg.xsession.windowManager.bspwm.package}/bin/bspwm -c ${cfg.xdg.configHome}/bspwm/bspwmrc
'';
}];
}; };
# Layout overrides
layout = lib.mkForce "eu,de(qwerty),ua,ru";
xkbOptions = "ctrl:nocaps,compose:rctrl";
synaptics = {
enable = true;
tapButtons = true;
vertTwoFingerScroll = true;
vertEdgeScroll = true;
horizEdgeScroll = true;
horizTwoFingerScroll = true;
palmDetect = true;
palmMinWidth = 8;
palmMinZ = 100;
};
};
home-manager.users.agatha = {
# Compose key sequences
home.file.".XCompose".text = ''
include "%L"
<Multi_key> <l> <f> : "( ͡° ͜ʖ ͡°)"
<Multi_key> <s> <f> : "¯\\_()_/¯"
<Multi_key> <g> <f> : " _ "
<Multi_key> <B> <B> : "🅱"
<Multi_key> <o> <asterisk> : ""
<Multi_key> <h> <r> : ""
<Multi_key> <v> <v> : ""
<Multi_key> <v> <period> <v> : ""
<Multi_key> <space> <space> : ""
<Multi_key> <s> <0> : "§"
<Multi_key> <b><l> : ""
<Multi_key> <h><s> : ""
<Multi_key> <s><r> : ""
<Multi_key> <t><r> : " trans rights uwu"
<Multi_key> <w><apostrophe> : "òwó"
<Multi_key> <W><apostrophe> : "ÒwÓ"
<Multi_key> <p><t> : "👉👈"
<Multi_key> <p><l> : "🥺"
<Multi_key> <m><s> : "/html <span data-mx-spoiler=\"\"></span>"
'';
# Cursor theme
home.pointerCursor = {
name = "Adwaita";
package = pkgs.gnome.adwaita-icon-theme;
size = 24;
x11 = {
enable = true;
defaultCursor = "Adwaita";
};
};
};
security.polkit.enable = true;
# Screenshare on wlroots
xdg = {
portal = {
enable = true;
extraPortals = with pkgs; [
xdg-desktop-portal-wlr
xdg-desktop-portal-gtk
];
wlr.enable = true;
};
};
fonts.fontconfig.enable = true;
fonts.fonts = with pkgs; [
cantarell-fonts
crimson
dejavu_fonts
fira-code
fira-code-symbols
font-awesome_5
iosevka
noto-fonts-cjk
siji
twitter-color-emoji
(nerdfonts.override { fonts = [ "DaddyTimeMono" "NerdFontsSymbolsOnly" ]; })
];
services.printing.enable = true;
# Pipewire
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
}; };
} }

109
common/fragments/graphical/element.nix Normal file
View File

@ -0,0 +1,109 @@
{ pkgs, config, lib, ... }: {
home-manager.users.agatha = {
xdg.configFile."Element/config.json".text = ''
{
"settingDefaults": {
"custom_themes": [
{
"name": "Sapphic Lavender",
"is_dark": true,
"fonts": {
"general": "Allust, Twemoji, Twitter Color Emoji, sans",
"monospace": "'Iosevka Medium Extended', 'Fira Code'"
},
"colors": {
"accent": "#D2ADC6",
"accent-color": "#D2ADC6",
"primary-color": "#D2ADC6",
"warning-color": "#BF80A6",
"alert": "#BF80A6",
"sidebar-color": "#231724",
"primary-content": "#180F19",
"secondary-content": "#E5D9E6",
"tertiary-content": "#D2ADC6",
"quaternary-content": "#E5D9E6",
"quinary-content": "#251926",
"system": "#180F19",
"background": "#00f",
"roomlist-background-color": "#231724",
"roomlist-text-color": "#E5D9E6",
"roomlist-text-secondary-color": "#ffd1dc",
"roomlist-highlights-color": "#180F19",
"roomlist-separator-color": "#180F19",
"timeline-background-color": "#180F19",
"timeline-text-color": "#E5D9E6",
"timeline-text-secondary-color": "#D2ADC6",
"timeline-highlights-color": "#231724",
"eventbubble-self-bg": "#231724",
"eventbubble-others-bg": "#231724",
"eventbubble-bg-hover": "#231724",
"eventbubble-reply-color": "#231724",
"username-colors": [
"#D8BFD8",
"#ffd1dc",
"#DDA0DD",
"#DA70D6",
"#BA55D3",
"#9932CC",
"#800060",
"#8B008B"
],
"avatar-background-colors": ["#896bad", "#b09cc8", "#bdacd1"],
"reaction-row-button-selected-bg-color": "#bd93f9"
}
},
{
"name": "Transgender Vampirism",
"is_dark": true,
"fonts": {
"general": "Crimson, Noto Color Emoji, Twemoji, Twitter Color Emoji, sans",
"monospace": "'Iosevka Gothic', 'Fira Code'"
},
"colors": {
"accent": "#747E9D",
"accent-color": "#747E9D",
"primary-color": "#747E9D",
"warning-color": "#110E18",
"sidebar-color": "#16121F",
"primary-content": "#110E18",
"secondary-content": "#D5D6E8",
"tertiary-content": "#747E9D",
"quaternary-content": "#D5D6E8",
"quinary-content": "#16121F",
"system": "#16121F",
"background": "#00f",
"roomlist-background-color": "#16121F",
"roomlist-text-color": "#D5D6E8",
"roomlist-text-secondary-color": "#747E9D",
"roomlist-highlights-color": "#110E18",
"roomlist-separator-color": "#110E18",
"timeline-background-color": "#110E18",
"timeline-text-color": "#D5D6E8",
"timeline-text-secondary-color": "#747E9D",
"timeline-highlights-color": "#16121F",
"eventbubble-self-bg": "#16121F",
"eventbubble-others-bg": "#16121F",
"eventbubble-bg-hover": "#16121F",
"eventbubble-reply-color": "#16121F",
"username-colors": [
"#D8BFD8",
"#AA9AB6",
"#DDA0DD",
"#DA70D6",
"#7A5286",
"#9932CC",
"#800060",
"#8B008B"
],
"avatar-background-colors": ["#896bad", "#b09cc8", "#bdacd1"],
"reaction-row-button-selected-bg-color": "#bd93f9"
}
}
]
},
"showLabsSettings": true,
"features": ["feature_latex_maths"]
}
'';
};
}

38
common/fragments/graphical/iosevka.nix
View File

@ -1,59 +1,51 @@
{ { config, pkgs, ... }: {
# Iosevka Gothic # Iosevka Gothic
nixpkgs.overlays = [ nixpkgs.overlays = [
(final: prev: { (final: prev: {
iosevka = (prev.iosevka.overrideAttrs (_: { iosevka = prev.iosevka.override {
# Fixes broken terminal output
buildPhase = ''
export HOME=$TMPDIR
runHook preBuild
npm run build --no-update-notifier --targets ttf::$pname -- --jCmd=$NIX_BUILD_CORES --verbose=9 2>/dev/null
runHook postBuild
'';
})).override {
privateBuildPlan = '' privateBuildPlan = ''
[buildPlans.IosevkaGothic] [buildPlans.iosevka-gothic]
family = "Iosevka Gothic" family = "Iosevka Gothic"
spacing = "normal" spacing = "normal"
serifs = "slab" serifs = "slab"
noCvSs = true no-cv-ss = true
exportGlyphNames = true export-glyph-names = true
[buildPlans.IosevkaGothic.variants.design] [buildPlans.iosevka-gothic.variants.design]
capital-a = "straight-base-serifed" capital-a = "straight-base-serifed"
capital-b = "standard-bilateral-serifed" capital-b = "standard-bilateral-serifed"
capital-h = "serifed" capital-h = "serifed"
capital-i = "serifed" capital-i = "serifed"
capital-q = "crossing" capital-q = "crossing"
capital-r = "standing-serifed" capital-r = "standing"
f = "tailed" f = "tailed"
l = "tailed-serifed" l = "tailed-serifed"
z = "cursive" z = "cursive"
long-s = "bent-hook-tailed" long-s = "bent-hook-tailed"
eszet = "sulzbacher-descending-serifless" eszet = "sulzbacher-descending"
lower-mu = "tailed-serifed" lower-mu = "tailed"
lower-xi = "flat-top" lower-xi = "flat-top"
three = "flat-top-serifless" three = "flat-top"
six = "straight-bar" six = "straight-bar"
asterisk = "turn-penta-high" asterisk = "flip-penta-high"
pilcrow = "high" pilcrow = "high"
caret = "medium" caret = "medium"
paren = "normal" paren = "normal"
brace = "curly-flat-boundary" brace = "curly-flat-boundary"
number-sign = "upright" number-sign = "upright"
ampersand = "closed" ampersand = "closed"
at = "compact" at = "short"
lig-ltgteq = "slanted" lig-ltgteq = "slanted"
ascii-single-quote = "raised-comma" ascii-single-quote = "raised-comma"
ascii-grave = "straight" ascii-grave = "straight"
[buildPlans.IosevkaGothic.variants.italic] [buildPlans.iosevka-gothic.variants.italic]
capital-z = "cursive-with-horizontal-crossbar" capital-z = "cursive-with-horizontal-crossbar"
[buildPlans.IosevkaGothic.ligations] [buildPlans.iosevka-gothic.ligations]
inherits = "haskell" inherits = "haskell"
''; '';
set = "Gothic"; set = "gothic";
}; };
}) })
]; ];

79
common/fragments/graphical/kitty.nix Normal file
View File

@ -0,0 +1,79 @@
{ pkgs, config, ... }@attrs:
let
utils = import ./colors.nix attrs;
colorscheme = utils.colorscheme "purple" ../../../external/6.png;
color = n: colorscheme.colors."${builtins.toString n}";
in {
home-manager.users.agatha = {
programs.kitty = {
enable = true;
font = {
package = pkgs.iosevka;
name = "Iosevka Gothic";
size = 11.5;
};
keybindings = { "f5" = "load_config_file"; };
settings = {
disable_ligatures = "never";
draw_minimal_borders = false;
active_tab_font_style = "italic";
inactive_tab_font_style = "normal";
scrollback_lines = -10000;
url_style = "single";
strip_trailing_spaces = "smart";
enable_audio_bell = false;
window_margin_width = 10;
window_padding_width = 10;
inactive_text_alpha = "0.8";
enabled_layouts = "vertical, grid, stack";
tab_bar_edge = "top";
tab_bar_style = "fade";
tab_bar_margin_width = 5;
tab_separator = "";
tab_title_template = " {index}";
foreground = color 15;
background = color 0;
cursor = color 16;
color0 = color 0;
color8 = color 8;
color1 = color 1;
color9 = color 9;
color2 = color 2;
color10 = color 10;
color3 = color 3;
color11 = color 11;
color4 = color 4;
color12 = color 12;
color5 = color 5;
color13 = color 13;
color6 = color 6;
color14 = color 14;
color7 = color 7;
color15 = color 15;
selection_foreground = color 1;
selection_background = color 15;
url_color = color 1;
active_border_color = color 1;
inactive_border_color = color 2;
bell_border_color = color 6;
active_tab_foreground = color 15;
active_tab_background = color 1;
inactive_tab_foreground = color 8;
inactive_tab_background = color 2;
};
};
};
}

89
common/fragments/graphical/picom.nix Normal file
View File

@ -0,0 +1,89 @@
{ pkgs, config, lib, ... }: {
home-manager.users.agatha = {
services.picom = {
enable = true;
package = pkgs.picom-next;
# General
backend = "glx";
vSync = true;
settings = {
mark-wmwin-focused = true;
detect = {
rounded-corners = true;
client-opacity = true;
transient = true;
client-leader = true;
};
use-damage = true;
wintypes = {
tooltip = {
fade = true;
shadow = true;
opacity = 0.75;
focus = true;
full-shadow = false;
};
dock = { shadow = false; };
dnd = { shadow = false; };
popup_menu = { opacity = 0.8; };
dropdown_menu = { opacity = 0.8; };
};
};
# Shadows
shadow = true;
shadowOpacity = 1.0;
shadowOffsets = [ (-7) (-7) ];
shadowExclude = [
"name = 'Notification'"
"class_g ?= 'Notify-osd'"
"class_g = 'Cairo-clock'"
"class_g = 'firefox-nightly' && argb"
"class_g = 'firefox' && argb"
"_GTK_FRAME_EXTENTS@:c"
];
# Fade
fade = true;
fadeSteps = [ 5.0e-2 5.0e-2 ];
# Opacity
settings.frame-opacity = 0.7;
settings.inactive-opacity-override = false;
settings.inactive-dim = 0.2;
settings.focus-exclude = [
"class_g = 'firefox-nightly'"
"class_g = 'firefox'"
"class_g = 'Dunst'"
];
opacityRules = [
"100:_NET_WM_STATE@[0]:32a = '_NET_WM_STATE_FULLSCREEN'"
"100:_NET_WM_STATE@[1]:32a = '_NET_WM_STATE_FULLSCREEN'"
"100:_NET_WM_STATE@[2]:32a = '_NET_WM_STATE_FULLSCREEN'"
"100:_NET_WM_STATE@[3]:32a = '_NET_WM_STATE_FULLSCREEN'"
"100:_NET_WM_STATE@[4]:32a = '_NET_WM_STATE_FULLSCREEN'"
"0:_COMPTON_MONOCLE@:32c = 0"
"70:class_g = 'kitty'"
"80:class_g = 'Dunst'"
"20:class_g = 'Bspwm' && class_i = 'presel_feedback'"
];
# Blur
settings.blur = {
method = "dual_kawase";
strength = 3;
background = true;
kern = "3x3box";
background-exclude = [
"window_type = 'dock'"
"window_type = 'desktop'"
"_GTK_FRAME_EXTENTS@:c"
"class_g = 'firefox-nightly' && argb"
"class_g = 'firefox' && argb"
];
};
};
};
}

258
common/fragments/graphical/polybar.nix Normal file
View File

@ -0,0 +1,258 @@
{ lib, pkgs, config, ... }@attrs:
let
utils = import ./colors.nix attrs;
colorscheme = utils.colorscheme "purple" ../../../external/6.png;
in {
home-manager.users.agatha = {
services.polybar = {
enable = true;
package = pkgs.polybarFull;
script = "polybar right &";
settings = let color = n: colorscheme.colors."${builtins.toString n}";
in {
"colors" = {
background = color 0;
foreground = color 7;
foreground-alt = color 7;
primary = color 1;
secondary = color 2;
alert = color 3;
red = color 4;
};
"bar/right" = {
monitor = "\${env:MONITOR:eDP-1}";
width = "100%:-30";
height = 30;
offset-x = 15;
offset-y = 12;
radius = 0;
fixed-center = true;
background = "\${colors.background}";
foreground = "\${colors.foreground}";
line = {
size = 0;
color = color 3;
};
border = {
size = 3;
color = color 1;
};
padding = {
left = 2;
right = 2;
};
module.margin = {
left = 1;
right = 1;
};
font = {
"0" = "Iosevka Gothic:pixelsize=10;3";
"1" = "DejaVuSans:fontformat=truetype:size=8:antialias=false;2";
"2" = "Siji:pixelsize=11;2";
"3" = "Symbols Nerd Font:pixelsize=10;2";
"4" = "DejaVuSans:fontformat=truetype:size=8:antialias=false;1";
};
modules = {
left = "bspwm";
center = "date";
right =
"filesystem battery pulseaudio xkeyboard memory cpu notication-status powermenu";
};
wm-restack = "bspwm";
cursor-click = "pointer";
locale = "de_DE.UTF-8";
};
"module/xkeyboard" = {
type = "internal/xkeyboard";
blacklist-0 = "num lock";
format-prefix = " ";
format-prefix-foreground = "\${colors.foreground-alt}";
label = {
layout = "%layout%";
indicator = {
padding = 2;
margin = 1;
background = "\${colors.secondary}";
underline = "\${colors.secondary}";
};
};
};
"module/bspwm" = {
type = "internal/bspwm";
label = {
focused = "%name%";
focused-foreground = "\${colors.primary}";
focused-padding = 1;
occupied = "%name%";
occupied-padding = 1;
urgent = "%name%!";
urgent-background = "\${xrdb:color1:#222}";
urgent-padding = 1;
empty = "%name%";
empty-foreground = "\${colors.foreground-alt}";
empty-padding = 1;
};
};
"module/date" = {
type = "internal/date";
interval = 5;
date = "";
date-alt = " %a, %d %b %Y";
time = "%H:%M";
time-alt = "%H:%M:%S";
format-prefix = "";
format-prefix-foreground = "\${colors.foreground-alt}";
label = ''
%{A3:dunstify ' Calendar' "$(cal --color=always | sed "s#\\x1b\\[7m#<b>#;s#\\x1b\\[27m#</b>#g")":}%date%%{A} %time%'';
};
"module/filesystem" = {
type = "internal/fs";
interval = 25;
mount-0 = "/";
label-mounted = "%mountpoint%: %percentage_used%%";
label-unmounted = "%mountpoint% not mounted";
label-unmounted-foreground = "\${colors.foreground-alt}";
};
"module/cpu" = {
type = "internal/cpu";
interval = 2;
format-prefix = " ";
format-prefix-foreground = "\${colors.foreground-alt}";
label = "%{A1:kitty btop:}%percentage:2%%%{A}";
};
"module/memory" = {
type = "internal/memory";
interval = 2;
format-prefix = " ";
format-prefix-foreground = "\${colors.foreground-alt}";
label = "%{A1:kitty btop:}%percentage_used%%%{A}";
};
"module/pulseaudio" = {
type = "internal/pulseaudio";
format-volume = "%{A3:pavucontrol:}<label-volume> <bar-volume>%{A}";
label-volume = " %percentage%%";
label-volume-foreground = "\${root.foreground}";
label-muted = " muted";
label-muted-foreground = "#666";
bar.volume = {
width = 14;
foreground-0 = "\${colors.secondary}";
foreground-1 = "\${colors.secondary}";
foreground-2 = "\${colors.primary}";
foreground-3 = "\${colors.primary}";
foreground-4 = "\${colors.primary}";
foreground-5 = "\${colors.alert}";
foreground-6 = "\${colors.red}";
gradient = false;
indicator = "|";
indicator-font = 5;
fill = "";
fill-font = 2;
empty = "";
empty-font = 2;
empty-foreground = "\${colors.foreground-alt}";
};
};
"module/powermenu" = {
type = "custom/menu";
expand-right = true;
format-spacing = 1;
label = {
open = "";
open-foreground = "\${colors.secondary}";
close = " cancel";
close-foreground = "\${colors.secondary}";
separator = "|";
separator-foreground = "\${colors.foreground-alt}";
};
menu = {
"0-0" = "reboot";
"0-0-exec" = "reboot";
"0-1" = "power off";
"0-1-exec" = "sudo poweroff";
};
};
"module/battery" = {
type = "internal/battery";
full-at = 99;
low-at = 10;
battery = "BAT0";
adapter = "AC";
poll-interval = 3;
content-font = 3;
format-charging = "<animation-charging> <label-charging>";
format-discharging = "<ramp-capacity> <label-discharging>";
label = {
charging = "%percentage_raw%%";
discharging = "%percentage_raw%%";
full = "";
};
ramp = {
capacity-0 = "";
capacity-1 = "";
capacity-2 = "";
capacity-3 = "";
capacity-4 = "";
};
animation = {
charging-0 = "";
charging-1 = "";
charging-2 = "";
charging-3 = "";
charging-4 = "";
charging-framerate = 750;
};
};
"module/notification-status" = {
type = "custom/script";
exec = ''
if $(dunstctl is-paused); then; echo "Notifications paused"; else; echo ""; fi;'';
interval = 2;
format-prefix = " ";
};
};
};
};
}

103
common/fragments/graphical/sway.nix Normal file
View File

@ -0,0 +1,103 @@
{ pkgs, config, ... }: {
# User packages
users.users.agatha.packages = with pkgs; [ grim rofi-wayland waybar ydotool ];
home-manager.users.agatha = {
wayland.windowManager.sway = let
cfg = config.home-manager.users.agatha.wayland.windowManager.sway.config;
in {
enable = true;
config = {
up = "i";
left = "j";
down = "k";
right = "l";
modifier = "Mod4";
terminal = "kitty";
fonts = {
names = [ "Font Awesome 5 Free" "Iosevka Gothic" ];
size = 11.0;
};
workspaceAutoBackAndForth = true;
window = {
titlebar = true;
hideEdgeBorders = "both";
border = 0;
};
gaps.inner = 15;
output."*" = { bg = "/home/agatha/Pictures/wallpaper.png fill"; };
input."type:keyboard" = {
xkb_layout = config.services.xserver.layout;
xkb_options = config.services.xserver.xkbOptions;
};
input."type:touchpad" = { tap = "enabled"; };
keybindings = let mod = cfg.modifier;
in {
"${mod}+Return" = "exec ${cfg.terminal}";
"Caps_Lock" = "exec ${cfg.terminal}";
"${mod}+e" = "exec nautilus";
"${mod}+space" = "exec rofi -show drun";
"${mod}+shift+e" = "exec rofimoji --action clipboard";
"${mod}+c" = ''
exec rofi -show calc -modi calc -calc-command 'xdotool type --clearmodifiers "\{result\}"'
'';
XF86AudioRaiseVolume = "exec pamixer -i 5";
XF86AudioLowerVolume = "exec pamixer -d 5";
XF86AudioMute = "exec pamixer -t";
XF86AudioPrev = "exec playerctl previous";
XF86AudioNext = "exec playerctl next";
XF86AudioPlay = "exec playerctl play-pause";
Print = "exec flameshot gui";
"shift+Print" = "exec flameshot gui -d 3000";
"${mod}+n" = "exec dunstctl set-paused toggle";
# "${mod}+o" = "TODO: port audio switcher";
"${mod}+shift+r" =
"reload; exec 'for p in waybar dunst; do; killall $p; done'";
"${mod}+w" = "kill";
"${mod}+m" = "layout tabbed";
"${mod}+t" = "layout toggle split";
"${mod}+s" = "floating toggle";
"${mod}+f" = "fullscreen toggle";
"alt+Tab" = "exec rofi -show window";
# "${mod}+x" = "TODO: lockscreen";
"${mod}+Shift+${cfg.left}" = "move left";
"${mod}+Shift+${cfg.down}" = "move down";
"${mod}+Shift+${cfg.up}" = "move up";
"${mod}+Shift+${cfg.right}" = "move right";
"${mod}+1" = "workspace number 1";
"${mod}+2" = "workspace number 2";
"${mod}+3" = "workspace number 3";
"${mod}+4" = "workspace number 4";
"${mod}+5" = "workspace number 5";
"${mod}+6" = "workspace number 6";
"${mod}+7" = "workspace number 7";
"${mod}+8" = "workspace number 8";
"${mod}+9" = "workspace number 9";
"${mod}+Shift+1" = "move container to workspace number 1";
"${mod}+Shift+2" = "move container to workspace number 2";
"${mod}+Shift+3" = "move container to workspace number 3";
"${mod}+Shift+4" = "move container to workspace number 4";
"${mod}+Shift+5" = "move container to workspace number 5";
"${mod}+Shift+6" = "move container to workspace number 6";
"${mod}+Shift+7" = "move container to workspace number 7";
"${mod}+Shift+8" = "move container to workspace number 8";
"${mod}+Shift+9" = "move container to workspace number 9";
};
};
};
};
}

141
common/fragments/graphical/url-eater.nix
View File

@ -1,141 +0,0 @@
{ ... }:
let
filters = ''
category "Action Map" {
params "action_object_map" "action_ref_map" "action_type_map"
}
category "AliExpress.com" {
params "aff_platform" "aff_trace_key" \
"algo_expid@*.aliexpress.*" "*pvid@*.aliexpress.*" "btsid@*.aliexpress.*" \
"expid@*.aliexpress.*" "initiative_id@*.aliexpress.*" "scm_id@*.aliexpress.*" \
"spm@*.aliexpress.*" "ws_ab_test*.aliexpress.*" \
"_t@*.aliexpress.*" "pdp_npi@*.aliexpress.*" "gatewayAdapt@*.aliexpress.*"
}
category "Amazon" {
params "_encoding@amazon.*" "ascsubtag@amazon.*" "pd_rd_*@amazon.*" "pf@amazon.*" "pf_rd_*@amazon.*" "psc@amazon.*" "ref_@amazon.*" "tag@amazon.*"
}
category "Bing" {
params "cvid@bing.com" "form@bing.com" "pq@bing.com" "qs@bing.com" "sc@bing.com" "sk@bing.com" "sp@bing.com"
}
category "Campaign tracking (Adobe Analytics)" {
params "sc_cid"
}
category "Campaign tracking (Adobe Marketo)" {
params "mkt_tok"
}
category "Campaign tracking (Amazon Kendra)" {
params "trk" "trkCampaign"
}
category "Campaign tracking (at)" {
params "at_campaign" "at_custom*" "at_medium"
}
category "Campaign tracking (Change.org)" {
params "guest@change.org" "recruited_by_id@change.org" "recruiter@change.org" "short_display_name@change.org" "source_location@change.org"
}
category "Campaign tracking (DPG Media)" {
params "dpg_*"
}
category "Campaign tracking (Google Analytics ga)" {
params "ga_*" "gclid" "gclsrc"
}
category "Campaign tracking (Humble Bundle)" {
params "hmb_campaign" "hmb_medium" "hmb_source"
}
category "Campaign tracking (IBM Acoustic Campaign)" {
params "spJobID" "spMailingID" "spReportId" "spUserID"
}
category "Campaign tracking (itm)" {
params "itm_*"
}
category "Campaign tracking (Omniture)" {
params "s_cid"
}
category "Campaign tracking (Oracle Eloqua)" {
params "assetId" "assetType" "campaignId" "elqTrack" "elqTrackId" "recipientId" "siteId"
}
category "Campaign tracking (MailChimp)" {
params "mc_cid" "mc_eid"
}
category "Campaign tracking (Matomo/Piwik)" {
params "mtm_*" "pk_*"
}
category "Campaign tracking (ns)" {
params "ns_*"
}
category "Campaign tracking (sc)" {
params "sc_campaign" "sc_channel" "sc_content" "sc_country" "sc_geo" "sc_medium" "sc_outcome"
}
category "Campaign tracking (stm)" {
params "stm_*"
}
category "Campaign tracking (utm)" {
params "nr_email_referer" "utm_*"
}
category "Campaign tracking (Vero)" {
params "vero_conv" "vero_id"
}
category "Campaign tracking (Yandex)" {
params "_openstat" "yclid"
}
category "Campaign tracking (others)" {
params "c_id" "campaign_id" "Campaign" "cmpid" "mbid" "ncid"
}
category "Caseking.de" {
params "campaign@caseking.de" "sPartner@caseking.de"
}
category "Ebay" {
params "hash@ebay.*" "_trkparms@ebay.*" "_trksid@ebay.*" "amdata@ebay.*" "epid@ebay.*" "hash@ebay.*" "var@ebay.*"
}
category "Etsy" {
params "click_key@etsy.com" "click_sum@etsy.com" "organic_search_click@etsy.com" "ref@etsy.com"
}
category "Facebook" {
params "fb_action_ids" "fb_action_types" "fb_ref" "fb_source" "fbclid" "hrc@facebook.com" "refsrc@facebook.com"
}
category "Google" {
params "ei@google.*" "gs_gbg@google.*" "gs_l" "gs_lcp@google.*" "gs_mss@google.*" "gs_rn@google.*" "gws_rd@google.*" "sei@google.*" "ved@google.*"
}
category "Hubspot" {
params "_hsenc" "_hsmi" "__hssc" "__hstc" "hsCtaTracking"
}
category "IMDb" {
params "pf_rd_*@imdb.com" "ref_@imdb.com"
}
category "LinkedIn" {
params "eBP@linkedin.com" "lgCta@linkedin.com" "lgTemp@linkedin.com" "lipi@linkedin.com" "midSig@linkedin.com" "midToken@linkedin.com" "recommendedFlavor@linkedin.com" "refId@linkedin.com" "trackingId@linkedin.com" "trk@linkedin.com" "trkEmail@linkedin.com"
}
category "Medium" {
params "_branch_match_id@medium.com" "source@medium.com"
}
category "SourceForge.net" {
params "position@sourceforge.net" "source@sourceforge.net"
}
category "Spotify" {
params "context@open.spotify.com" "si@open.spotify.com"
}
category "TikTok" {
params "_d@tiktok.com" "checksum@tiktok.com" "is_copy_url@tiktok.com" "is_from_webapp@tiktok.com" "language@tiktok.com" "preview_pb@tiktok.com" "sec_user_id@tiktok.com" "sender_device@tiktok.com" "sender_web_id@tiktok.com" "share_app_id@tiktok.com" "share_link_id@tiktok.com" "share_item_id@tiktok.com" "source@tiktok.com" "timestamp@tiktok.com" "tt_from@tiktok.com" "u_code@tiktok.com" "user_id@tiktok.com"
}
category "Twitch.tv" {
params "tt_content" "tt_medium"
}
category "Twitter" {
params "cxt@*.twitter.com" "ref_*@*.twitter.com" "s@*.twitter.com" "t@*.twitter.com" "twclid"
}
category "Yandex" {
params "lr@yandex.*" "redircnt@yandex.*"
}
category "YouTube.com" {
params "feature@youtube.com" "kw@youtube.com"
}
category "Zeit.de" {
params "wt_mc" "wt_zmc"
}
'';
in
{
services.url-eater = {
enable = true;
inherit filters;
};
}

28
common/fragments/headscale.nix
View File

@ -1,28 +0,0 @@
{ config, ... }:
{
services.headscale = {
enable = true;
port = 52812;
settings = {
server_url = "https://hs.technogothic.net";
dns = {
nameservers.global = [
"94.140.14.14"
"94.140.15.15"
]; # AdGuard Public DNS
base_domain = "thorns.home.arpa";
};
taildrop.enabled = true;
};
};
services.nginx.virtualHosts."hs.technogothic.net" = {
useACMEHost = "technogothic.net";
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:${toString config.services.headscale.port}";
proxyWebsockets = true;
};
};
}

55
common/fragments/hedgedoc.nix
View File

@ -1,55 +0,0 @@
{ config, ... }:
{
sops.secrets.hedgedoc-oauth = {
sopsFile = ../../secrets/hedgedoc-oauth.env;
format = "dotenv";
owner = config.users.users.hedgedoc.name;
};
services.hedgedoc = {
enable = true;
environmentFile = config.sops.secrets.hedgedoc-oauth.path;
settings = {
domain = "hedgedoc.technogothic.net";
protocolUseSSL = true;
allowOrigin = [
"localhost"
"hedgedoc.technogothic.net"
];
email = false;
oauth2 =
let
authServerUrl = config.services.kanidm.serverSettings.origin;
in
{
baseURL = "${authServerUrl}/oauth2";
tokenURL = "${authServerUrl}/oauth2/token";
authorizationURL = "${authServerUrl}/ui/oauth2";
userProfileURL = "${authServerUrl}/oauth2/openid/hedgedoc/userinfo";
clientID = "hedgedoc";
scope = "openid email profile groups";
userProfileUsernameAttr = "name";
userProfileEmailAttr = "email";
userProfileDisplayNameAttr = "displayname";
pkce = true;
providerName = "Kanidm";
rolesClaim = "roles";
accessRole = "hedgedoc_users";
};
};
};
services.nginx.virtualHosts."hedgedoc.technogothic.net" = {
useACMEHost = "technogothic.net";
forceSSL = true;
locations."/".proxyPass = "http://localhost:3000";
locations."/socket.io/" = {
proxyPass = "http://localhost:3000";
proxyWebsockets = true;
extraConfig = "proxy_ssl_server_name on;";
};
};
}

69
common/fragments/home-assistant.nix
View File

@ -1,69 +0,0 @@
{ config, pkgs, ... }:
{
networking.firewall.allowedTCPPorts = [
8123
1883
1884
];
networking.firewall.allowedTCPPortRanges = [
{
from = 21063;
to = 21070;
}
];
networking.firewall.allowedUDPPorts = [
53
67
5353
];
virtualisation.oci-containers.containers = {
"home-assistant" = {
image = "ghcr.io/home-assistant/home-assistant:stable";
autoStart = true;
volumes = [
"/var/lib/hass:/config"
"/etc/localtime:/etc/localtime:ro"
"/run/dbus:/run/dbus:ro"
];
extraOptions = [
"--network=host"
"--device=/dev/serial/by-id/usb-Silicon_Labs_CP2102_USB_to_UART_Bridge_Controller_0001-if00-port0:/dev/ttyUSB0"
];
};
};
services.mosquitto = {
enable = true;
listeners = [
{
users.root = {
acl = [ "readwrite #" ];
hashedPassword = "$7$101$GLzV4JTDU6Z9vHYl$GqkS+LOdufO3Znt/3M+4y0u8I3Yyv+3J/8SpsVTpKZMexNciPDhV3K67ZX6++yD75e4Eo4gJCYYhJ/JFt2o2nw==";
};
}
];
};
services.create_ap = {
enable = true;
settings = {
WIFI_IFACE = "wlp2s0";
SHARE_METHOD = "none";
SSID = "Agatha-Isolated-Network";
};
};
networking.networkmanager.unmanaged = [ "wlp2s0" ];
# TODO: Rotate password
# Hack around linux-wifi-hotspot's lack of secret management
sops.secrets.create-ap-pass = { };
sops.templates."create-ap.conf".content = ''
PASSPHRASE=${config.sops.placeholder.create-ap-pass}
''
+ pkgs.lib.generators.toKeyValue { } config.services.create_ap.settings;
systemd.services.create_ap.serviceConfig.ExecStart =
pkgs.lib.mkForce "${pkgs.linux-wifi-hotspot}/bin/create_ap --config ${
config.sops.templates."create-ap.conf".path
}";
}

13
common/fragments/homepage.nix Normal file
View File

@ -0,0 +1,13 @@
{ pkgs, ... }: {
virtualisation.oci-containers.containers = {
"homepage" = {
image = "ghcr.io/benphelps/homepage:v0.6.10";
autoStart = true;
ports = [ "127.0.0.1:3000:3000" ];
volumes = [
"/var/lib/homepage:/app/config"
"/var/run/podman/podman.sock:/var/run/docker.sock"
];
};
};
}

41
common/fragments/kanidm.nix
View File

@ -1,41 +0,0 @@
{ pkgs, config, ... }:
let
cfg = config.services.kanidm;
in
{
services.kanidm = {
package = pkgs.kanidm_1_8;
enableServer = true;
serverSettings = {
origin = "https://${cfg.serverSettings.domain}";
domain = "aphex.technogothic.net";
# otel_grpc_url = "http://localhost:9008";
tls_chain = "${config.security.acme.certs."technogothic.net".directory}/fullchain.pem";
tls_key = "${config.security.acme.certs."technogothic.net".directory}/key.pem";
};
enableClient = true;
clientSettings = {
uri = cfg.serverSettings.origin;
};
};
users.users.kanidm.extraGroups = [
"acme"
"nginx"
];
services.nginx.virtualHosts."${cfg.serverSettings.domain}" = {
useACMEHost = "technogothic.net";
forceSSL = true;
locations."/" = {
proxyPass = "https://${config.services.kanidm.serverSettings.bindaddress}";
extraConfig = ''
proxy_ssl_verify off;
'';
};
};
}

39
common/fragments/mastodon.nix
View File

@ -1,39 +0,0 @@
{ config, pkgs, ... }:
{
services.mastodon = {
enable = true;
package = pkgs.agatha-mastodon;
localDomain = "technogothic.net";
configureNginx = false;
smtp.fromAddress = "noreply@technogothic.net";
smtp.createLocally = false;
database.passwordFile = "/var/lib/mastodon/secrets/db-password";
streamingProcesses = 4;
elasticsearch = {
host = "127.0.0.1";
inherit (config.services.elasticsearch) port;
};
extraConfig = {
WEB_DOMAIN = "fv.technogothic.net";
GITHUB_REPOSITORY = "AgathaSorceress/mastodon";
AUTHORIZED_FETCH = "true";
MAX_TOOT_CHARS = "6666";
MAX_POLL_OPTIONS = "128";
MAX_POLL_OPTION_CHARS = "512";
EXTRA_DATA_HOSTS = "https://ftp.technogothic.net";
MASTODON_VERSION_METADATA = "AGATHA+AGATHA";
};
};
systemd.services.mastodon-web.path = [ pkgs.imagemagick ];
users.groups.mastodon.members = [ config.services.nginx.user ];
services.elasticsearch = {
enable = true;
cluster_name = "mastodon-es";
package = pkgs.elasticsearch7;
};
}

14
common/fragments/matrix-ril100.nix
View File

@ -1,14 +0,0 @@
{ pkgs, ... }: {
systemd.services.matrix-ril100 = {
wantedBy = [ "multi-user.target" ];
description = "A matrix bot that looks up RIL100 codes and station names";
after = [ "network.target" ];
serviceConfig = {
Type = "simple";
ExecStart = "${pkgs.matrix-ril100}/bin/matrix-ril100";
WorkingDirectory = "/var/lib/matrix-ril100";
Restart = "always";
};
};
}

16
common/fragments/mc-status-bot.nix
View File

@ -1,16 +0,0 @@
{ pkgs, ... }: {
systemd.services.mc-status-bot = {
wantedBy = [ "multi-user.target" ];
description = "Minecraft server status bot for Matrix";
after = [ "network.target" ];
serviceConfig = {
Type = "simple";
ExecStart = "${
pkgs.callPackage ../pkgs/mc-status-bot.nix { }
}/bin/mc-status-bot.sh";
EnvironmentFile = "/var/lib/secrets/mc-status-bot-env";
Restart = "always";
};
};
}

36
common/fragments/media.nix
View File

@ -1,36 +0,0 @@
{ pkgs, config, ... }:
{
# Jellyfin
services.jellyfin = {
enable = true;
openFirewall = true;
};
environment.systemPackages = with pkgs; [
jellyfin
jellyfin-web
jellyfin-ffmpeg
];
services.prowlarr = {
enable = true;
openFirewall = true;
};
sops.secrets.jellyfin-token = {
sopsFile = ../../secrets/jellyfin-exporter.env;
format = "dotenv";
};
virtualisation.oci-containers.containers."jellyfin-prometheus-exporter" = {
image = "rebelcore/jellyfin-exporter:latest";
autoStart = true;
ports = [
"127.0.0.1:9007:9594"
];
environmentFiles = [ config.sops.secrets.jellyfin-token.path ];
entrypoint = "/bin/sh";
cmd = [
"-c"
"/bin/jellyfin_exporter --jellyfin.address=http://100.64.0.6:8096 --jellyfin.token=$JELLYFIN_TOKEN --collector.activity"
];
};
}

37
common/fragments/minecraft.nix
View File

@ -1,11 +1,7 @@
{ { pkgs, config, lib, ... }:
pkgs,
config,
lib,
...
}:
let let
rsyncSSHKeys = config.users.users.agatha.openssh.authorizedKeys.keys; rsyncSSHKeys = config.users.users.agatha.openssh.authorizedKeys.keys
++ config.users.users.julia.openssh.authorizedKeys.keys;
jre8 = pkgs.temurin-bin-8; jre8 = pkgs.temurin-bin-8;
jre17 = pkgs.temurin-bin-17; jre17 = pkgs.temurin-bin-17;
@ -37,18 +33,17 @@ let
allow-flight = true; allow-flight = true;
max-tick-time = 2 * 60 * 1000; max-tick-time = 2 * 60 * 1000;
}; };
in in {
{
services.modded-minecraft-servers = { services.modded-minecraft-servers = {
eula = true; eula = true;
instances = { instances = {
# End to End encrypted modded minecraft yay # End to End encrypted modded minecraft yay
e2e = { e2e = {
enable = false; enable = true;
inherit rsyncSSHKeys jvmOpts; inherit rsyncSSHKeys jvmOpts;
jvmInitialAllocation = "1G"; jvmInitialAllocation = "2G";
jvmMaxAllocation = "8G"; jvmMaxAllocation = "8G";
jvmPackage = jre8; jvmPackage = jre8;
@ -59,28 +54,10 @@ in
extra-options.level-type = "BIOMESOP"; extra-options.level-type = "BIOMESOP";
}; };
}; };
enigmatica-8 = {
enable = false;
inherit rsyncSSHKeys jvmOpts;
jvmInitialAllocation = "1G";
jvmMaxAllocation = "8G";
jvmPackage = jre17;
serverConfig = serverDefaults // {
server-port = 25567;
rcon-port = 25568;
motd = "Enigmeowtica 8";
max-tick-time = 300000;
};
};
}; };
}; };
systemd.services.mc-e2e.path = with pkgs; [ systemd.services.mc-e2e.path = with pkgs; [ getconf gawk ];
getconf
gawk
];
users.users.agatha.packages = with pkgs; [ mcrcon ]; users.users.agatha.packages = with pkgs; [ mcrcon ];
} }

2
common/fragments/nyandroid.nix
View File

@ -1,4 +1,4 @@
{ _: {
virtualisation.oci-containers.containers = { virtualisation.oci-containers.containers = {
"nyandroid" = { "nyandroid" = {
image = "registry.gitlab.com/xenua/nyandroid:latest"; image = "registry.gitlab.com/xenua/nyandroid:latest";

22
common/fragments/postgres.nix
View File

@ -1,22 +0,0 @@
{
services.postgresql = {
settings = {
max_connections = 200;
shared_buffers = "4GB";
effective_cache_size = "12GB";
maintenance_work_mem = "1GB";
checkpoint_completion_target = 0.9;
wal_buffers = "16MB";
default_statistics_target = 100;
random_page_cost = 1.1;
effective_io_concurrency = 300;
work_mem = "10485kB";
min_wal_size = "1GB";
max_wal_size = "4GB";
max_worker_processes = 4;
max_parallel_workers_per_gather = 2;
max_parallel_workers = 4;
max_parallel_maintenance_workers = 2;
};
};
}

53
common/fragments/prometheus.nix
View File

@ -1,53 +0,0 @@
{ config, ... }:
{
services.prometheus = {
enable = true;
port = 9001;
retentionTime = "365d";
scrapeConfigs =
let
input = job_name: host: {
inherit job_name;
static_configs = [
{ targets = [ host ]; }
];
};
in
[
(input "node" "localhost:${toString config.services.prometheus.exporters.node.port}")
(input "nginx" "localhost:${toString config.services.prometheus.exporters.nginx.port}")
(input "process" "localhost:${toString config.services.prometheus.exporters.process.port}")
];
exporters = {
node = {
enable = true;
enabledCollectors = [
"systemd"
"cpu"
"cpufreq"
"diskstats"
"filesystem"
"meminfo"
"netstat"
"os"
];
port = 9002;
};
nginx = {
enable = true;
port = 9003;
};
process = {
enable = true;
port = 9005;
settings.process_names = [
# Remove nix store path from process name
{
name = "{{.Matches.Wrapped}} {{ .Matches.Args }}";
cmdline = [ "^/nix/store[^ ]*/(?P<Wrapped>[^ /]*) (?P<Args>.*)" ];
}
];
};
};
};
}

40
common/fragments/prometheus_exporters.nix Normal file
View File

@ -0,0 +1,40 @@
{ config, pkgs, ... }: {
# Enable Prometheus exporters
services.prometheus = {
exporters = {
node = {
enable = true;
enabledCollectors = [
"systemd"
"cpu"
"cpufreq"
"diskstats"
"filesystem"
"meminfo"
"netstat"
"os"
];
port = 9002;
};
nginx = {
enable = true;
port = 9003;
};
};
};
services.telegraf = {
enable = true;
extraConfig = {
inputs.x509_cert = {
sources = [ "https://technogothic.net:443" ];
interval = "10m";
};
outputs.prometheus_client = {
listen = "localhost:9004";
metric_version = 2;
};
};
};
}

29
common/fragments/prosody.nix
View File

@ -1,29 +0,0 @@
{ config, ... }:
let
ssl = {
cert = "${
config.security.acme.certs."technogothic.net".directory
}/fullchain.pem";
key = "${config.security.acme.certs."technogothic.net".directory}/key.pem";
};
in {
services.prosody = {
enable = true;
admins = [ "Agatha@argent.technogothic.net" ];
inherit ssl;
virtualHosts."argent.technogothic.net" = {
enabled = true;
domain = "argent.technogothic.net";
inherit ssl;
};
muc = [{ domain = "muc.argent.technogothic.net"; }];
uploadHttp.domain = "upload.argent.technogothic.net";
};
users.users."${config.services.prosody.user}".extraGroups =
[ "acme" "nginx" ];
networking.firewall.allowedTCPPorts = [ 5000 5222 5269 5281 ];
}

65
common/fragments/restic.nix
View File

@ -1,65 +0,0 @@
{ config, ... }:
{
sops.secrets.restic-pass = { };
sops.templates."restic.env".content = ''
RESTIC_REST_USERNAME=agatha
RESTIC_REST_PASSWORD=${config.sops.placeholder.restic-pass}
'';
services.restic.backups.${config.networking.hostName} = {
initialize = true;
repository = "rest:http://10.20.1.2:8000/${config.networking.hostName}/";
passwordFile = config.sops.secrets.restic-pass.path;
environmentFile = config.sops.templates."restic.env".path;
timerConfig = {
OnCalendar = "*-*-* 20:00"; # Daily at 20:00
Persistent = true;
};
paths = [
"/home/agatha"
"/mnt/hdd"
];
exclude = [
".Trash*"
".gradle"
"/home/agatha/.XCompose"
"/home/agatha/.Xresources"
"/home/agatha/.cache"
"/home/agatha/.cargo"
"/home/agatha/.config"
"!/home/agatha/.config/gzdoom"
"/home/agatha/.gnupg"
"/home/agatha/.gtkrc-2.0"
"/home/agatha/.java"
"/home/agatha/.local"
"!/home/agatha/.local/share/PrismLauncher"
"/home/agatha/.manpath"
"/home/agatha/.minecraft"
"/home/agatha/.nix-defexpr"
"/home/agatha/.nix-profile"
"/home/agatha/.themes"
"/home/agatha/Desktop"
"/home/agatha/etc/deadname destruction"
"/home/agatha/go"
"/home/agatha/mount"
"/home/agatha/projects/java/**/build"
"/home/agatha/projects/mastodon"
"/home/agatha/projects/rust/**/target"
"/home/agatha/projects/rust/helix/runtime"
"/home/agatha/projects/snek/**/venv"
"__pycache__"
"lost+found"
];
pruneOpts = [
"--keep-daily 7"
"--keep-weekly 5"
"--keep-yearly 12"
];
};
systemd.timers."restic-backups-${config.networking.hostName}".after = [ "network-online.target" ];
}

13
common/fragments/sops.nix
View File

@ -1,13 +0,0 @@
{
sops = {
defaultSopsFile = ../../secrets/secrets.yaml;
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
secrets = {
hurricane-tokens = {
sopsFile = ../../secrets/hurricane-tokens.env;
format = "dotenv";
};
};
};
}

10
common/fragments/sponsorblock.nix
View File

@ -1,10 +0,0 @@
{
virtualisation.oci-containers.containers = {
"isponsorblocktv" = {
image = "ghcr.io/dmunozv04/isponsorblocktv";
autoStart = true;
volumes = [ "/var/lib/sponsorblock:/app/data" ];
extraOptions = [ "--network=host" ];
};
};
}

30
common/fragments/storage.nix
View File

@ -1,30 +0,0 @@
{ pkgs, config, ... }:
{
sops.secrets.gocryptfs-pass = { };
sops.secrets."hetzner.env" = {
sopsFile = ../../secrets/hetzner.env;
format = "dotenv";
};
system.fsPackages = with pkgs; [
gocryptfs
cifs-utils
];
systemd.mounts = [
{
after = [ "network.target" ];
what = "//library.technogothic.net/backup";
where = "/mnt/library-raw";
type = "cifs";
options = "uid=1000,gid=users,file_mode=0664,dir_mode=0775";
mountConfig.EnvironmentFile = config.sops.secrets."hetzner.env".path;
}
{
what = "/mnt/library-raw";
where = "/mnt/library";
type = "fuse.gocryptfs";
options = "allow_other,passfile=${config.sops.secrets.gocryptfs-pass.path}";
wantedBy = [ "multi-user.target" ];
}
];
}

41
common/fragments/virt.nix
View File

@ -1,41 +0,0 @@
{ lib, ... }:
{
boot = {
initrd.kernelModules = [
"vfio_pci"
"vfio"
"vfio_iommu_type1"
"amdgpu"
];
kernelParams =
let
gpuIDs = [
"1002:67df" # Graphics
"1002:aaf0" # Audio
];
in
[
# enable IOMMU
"amd_iommu=on"
("vfio-pci.ids=" + lib.concatStringsSep "," gpuIDs)
];
};
hardware.graphics.enable = true;
virtualisation.spiceUSBRedirection.enable = true;
services.openssh.settings.X11Forwarding = true;
# Virtualization
virtualisation.libvirtd = {
enable = true;
onBoot = "start";
onShutdown = "shutdown";
};
programs.virt-manager.enable = true;
users.users.agatha.extraGroups = [ "libvirtd" ];
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
}

36
common/fragments/vsftpd.nix
View File

@ -1,25 +1,14 @@
{ config, ... }: { config, ... }: {
{
networking.firewall = {
allowedTCPPorts = [
20
21
];
allowedTCPPortRanges = [
{
from = 40000;
to = 40200;
}
];
};
services.vsftpd = { services.vsftpd = {
enable = true; enable = true;
anonymousUser = true; anonymousUser = true;
anonymousUserNoPassword = true; anonymousUserNoPassword = true;
rsaCertFile = "${config.security.acme.certs."technogothic.net".directory}/fullchain.pem"; rsaCertFile = "${
rsaKeyFile = "${config.security.acme.certs."technogothic.net".directory}/key.pem"; config.security.acme.certs."technogothic.net".directory
}/fullchain.pem";
rsaKeyFile =
"${config.security.acme.certs."technogothic.net".directory}/key.pem";
forceLocalLoginsSSL = true; forceLocalLoginsSSL = true;
forceLocalDataSSL = true; forceLocalDataSSL = true;
@ -33,17 +22,4 @@
ssl_ciphers=HIGH ssl_ciphers=HIGH
''; '';
}; };
security.acme.defaults.reloadServices = [ "vsftpd" ];
services.nginx.virtualHosts."ftp.technogothic.net" = {
useACMEHost = "technogothic.net";
forceSSL = true;
root = "/home/ftp";
locations."/" = {
extraConfig = "autoindex on;";
};
};
} }

15
common/fragments/yubikey.nix
View File

@ -1,8 +1,11 @@
{ pkgs, ... }: { pkgs, ... }: {
{ services.udev.packages = with pkgs; [ libu2f-host yubikey-personalization ];
services.udev.packages = with pkgs; [
libu2f-host programs.gnupg.agent = {
yubikey-personalization enable = true;
]; enableSSHSupport = true;
pinentryFlavor = "gnome3";
};
services.pcscd.enable = true; services.pcscd.enable = true;
} }

186
common/home_manager/common.nix
View File

@ -1,27 +1,23 @@
{ { pkgs, config, lib, ... }: {
pkgs,
config,
lib,
...
}:
{
imports = [ ../../common/home_manager/helix.nix ]; imports = [ ../../common/home_manager/helix.nix ];
home-manager.useGlobalPkgs = true; home-manager.useGlobalPkgs = true;
home-manager.users.agatha = { home-manager.users.agatha = {
home.username = "agatha"; home.username = "agatha";
home.homeDirectory = lib.mkDefault "/home/agatha"; home.homeDirectory = "/home/agatha";
# Fallback for nix-darwin home.stateVersion = config.system.stateVersion;
home.stateVersion = if pkgs.stdenv.isLinux then config.system.stateVersion else "25.11";
home.packages = with pkgs; [ home.packages = with pkgs; [
bat bat
btop btop
choose choose
eza exa
fd fd
fzf fzf
gnupg
ouch ouch
ripgrep ripgrep
tealdeer
zoxide
]; ];
programs = { programs = {
@ -29,75 +25,25 @@
git = { git = {
enable = true; enable = true;
userName = "Agatha V. Lovelace";
userEmail = "agatha@technogothic.net";
signing.key = "33185E0D62AD7294379947D4C37ABADDB597BCA1";
signing.signByDefault = true; signing.signByDefault = true;
signing.format = "ssh"; aliases = {
settings = { plog =
user.name = "Agatha V. Lovelace"; "log --graph --pretty=format:'%h -%d %s -%an %n' --abbrev-commit --date=relative --branches";
user.email = "agatha@technogothic.net";
gpg.ssh.allowedSignersFile = "~/.gitallowedsigners";
alias = {
plog = "log --graph --pretty=format:'%h -%d %s -%an %n' --abbrev-commit --date=relative --branches";
pfusch = "push --force-with-lease"; pfusch = "push --force-with-lease";
stat = "diff --compact-summary"; stat = "diff --compact-summary";
undo = "reset --soft HEAD~"; undo = "reset --soft HEAD~";
unstage = "restore --staged";
}; };
init = { extraConfig = {
defaultBranch = "mistress"; init = { defaultBranch = "mistress"; };
}; core = { editor = "hx"; };
core = {
editor = "hx";
};
merge.conflictStyle = "zdiff3";
rebase.autosquash = true; rebase.autosquash = true;
pull.rebase = true; pull.rebase = true;
}; };
}; };
jujutsu = {
enable = true;
settings = {
inherit (config.home-manager.users.agatha.programs.git.settings) user;
signing = {
backend = "ssh";
behavior = "own";
backends.ssh.allowed-signers = "~/.gitallowedsigners";
};
git.sign-on-push = true;
ui.default-command = "log";
ui.diff-editor = ":builtin";
template-aliases = {
"format_short_signature(signature)" = "signature.name()";
};
revset-aliases = {
"closest_pushable(to)" =
"heads(::to & mutable() & ~description(exact:\"\") & (~empty() | merges()))";
};
aliases.tug = [
"bookmark"
"move"
"--from"
"heads(::@ & bookmarks())"
"--to"
"closest_pushable(@)"
];
};
};
delta = {
enable = true;
enableGitIntegration = true;
enableJujutsuIntegration = true;
options = {
blame-format = "{timestamp:<15} {author:<18.18} {commit:<8}";
file-modified-label = "modified:";
hunk-header-decoration-style = "blue ul ol";
line-numbers = true;
navigate = true;
navigate-regex = "^(commit|added:|removed:|renamed:|modified:)";
};
};
starship = { starship = {
enable = true; enable = true;
@ -108,11 +54,8 @@
"$character" "$character"
"$directory" "$directory"
]; ];
right_format = lib.concatStrings [ right_format =
"$git_branch" lib.concatStrings [ "$git_branch" " " "$cmd_duration" ];
" "
"$cmd_duration"
];
character = { character = {
success_symbol = ""; success_symbol = "";
error_symbol = "[ ](purple)"; error_symbol = "[ ](purple)";
@ -124,12 +67,10 @@
style = "cyan"; style = "cyan";
read_only_style = "cyan"; read_only_style = "cyan";
}; };
cmd_duration = { cmd_duration = { min_time = 10000; };
min_time = 10000;
};
git_branch = { git_branch = {
format = "$symbol $branch"; format = "$symbol $branch";
symbol = "󰘬"; symbol = "";
}; };
hostname = { hostname = {
ssh_only = false; ssh_only = false;
@ -140,6 +81,11 @@
fish = { fish = {
enable = true; enable = true;
interactiveShellInit = builtins.readFile (pkgs.fetchurl {
url =
"https://git.lain.faith/sorceress/dotfiles/raw/commit/80be649e9663e3db67041192c714329e20b10cc9/.config/fish/config.fish";
sha256 = "sha256-ZZCTXnRZfotksiJj7iVJnLz+XnWHTlIsZzv3gbbZoRQ=";
});
plugins = [ plugins = [
{ {
name = "fzf"; name = "fzf";
@ -150,74 +96,16 @@
sha256 = "0k6l21j192hrhy95092dm8029p52aakvzis7jiw48wnbckyidi6v"; sha256 = "0k6l21j192hrhy95092dm8029p52aakvzis7jiw48wnbckyidi6v";
}; };
} }
{
name = "pisces";
src = pkgs.fetchFromGitHub {
owner = "laughedelic";
repo = "pisces";
rev = "e45e0869855d089ba1e628b6248434b2dfa709c4";
sha256 = "073wb83qcn0hfkywjcly64k6pf0d7z5nxxwls5sa80jdwchvd2rs";
};
}
]; ];
shellAliases = {
ls = "eza -lhT --classify=always --group-directories-first --level 1";
cat = "bat";
ip = "ip -color=always";
youtube-dl-audio = ''yt-dlp --ignore-errors --output "%(title)s.%(ext)s" --extract-audio --audio-format best'';
# rsync = "rsync -az --partial --info=progress2";
};
shellAliases.tailscale = lib.mkIf (
!pkgs.stdenv.isLinux
) "/Applications/Tailscale.app/Contents/MacOS/Tailscale";
functions = {
expand-dot-to-parent-directory-path = ''
# expand ... to ../.. etc
# https://github.com/fish-shell/fish-shell/issues/1891#issuecomment-451961517
# Get commandline up to cursor
set -l cmd (commandline --cut-at-cursor)
# Match last line
switch $cmd[-1]
case '*..'
commandline --insert '/.'
case '*'
commandline --insert '.'
end
'';
impostor = ''
echo $argv[1] | string sub -s 13 | fold -w1 | shuf | tr -d '\n' | sed 's/^/cccccbeujtje/'
'';
};
shellInit = ''
set -x SSH_AUTH_SOCK /Users/agatha/Library/Containers/com.maxgoedjen.Secretive.SecretAgent/Data/socket.ssh
set -Ux AWT_TOOLKIT MToolkit
set -Ux JDK_JAVA_OPTIONS "-Dswing.defaultlaf=com.sun.java.swing.plaf.gtk.GTKLookAndFeel -Dswing.crossplatformlaf=com.sun.java.swing.plaf.gtk.GTKLookAndFeel -Djdk.gtk.version=3 -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true"
# Zoxide
set -Ux _ZO_FZF_OPTS "--no-sort --height=30% --exit-0 --select-1 --bind=ctrl-z:ignore"
# Fix locale errors in Nix
set -Ux LOCALE_ARCHIVE /usr/lib/locale/locale-archive
# PATH
set -gx fish_user_paths $fish_user_paths \
/home/agatha/.local/bin \
/home/agatha/.cargo/bin \
/home/agatha/.cabal/bin
if type -q ruby
fish_add_path -a (ruby -e 'print Gem.user_dir')/bin
end
bind . 'expand-dot-to-parent-directory-path'
'';
};
tealdeer = {
enable = true;
settings = {
updates.auto_update = true;
};
};
zoxide = {
enable = true;
enableFishIntegration = true;
options = [ "--cmd v" ];
}; };
command-not-found.enable = false; command-not-found.enable = false;
@ -226,10 +114,6 @@
enableFishIntegration = true; enableFishIntegration = true;
}; };
}; };
home.file.".sqliterc".text = ''
.headers on
.mode column
'';
}; };
} }

131
common/home_manager/helix.nix
View File

@ -1,44 +1,27 @@
{ pkgs, lib, ... }: { pkgs, config, ... }: {
{
# Set editor
environment.variables.EDITOR = "hx";
home-manager.users.agatha = { home-manager.users.agatha = {
# Formatters/Language Servers that Helix uses # Formatters/Language Servers that Helix uses
home.packages = with pkgs; [ nixfmt-rfc-style ]; home.packages = with pkgs; [ nixfmt ];
programs = { programs = {
helix = { helix = {
enable = true; enable = true;
package = pkgs.helix; package = pkgs.helix;
languages = { languages = [{
language = [
{
name = "nix"; name = "nix";
auto-format = true; auto-format = true;
formatter = { formatter = { command = "nixfmt"; };
command = "nixfmt"; }];
};
}
];
};
settings = { settings = {
theme = lib.mkDefault "paramount-dark"; theme = "paramount-dark";
editor = { editor = {
middle-click-paste = false; middle-click-paste = false;
scroll-lines = 4; scroll-lines = 4;
shell = [ shell = [ "fish" "-c" ];
"fish"
"-c"
];
bufferline = "multiple"; bufferline = "multiple";
statusline = { statusline = {
left = [ left = [ "mode" "spinner" "file-name" ];
"mode"
"spinner"
"file-name"
];
right = [ right = [
"workspace-diagnostics" "workspace-diagnostics"
"position" "position"
@ -51,9 +34,7 @@
separator = " "; separator = " ";
}; };
cursor-shape = { cursor-shape = { insert = "bar"; };
insert = "bar";
};
whitespace.render = { whitespace.render = {
tab = "all"; tab = "all";
@ -75,25 +56,13 @@
keys = { keys = {
insert = { insert = {
"C-left" = [ "C-left" = [ "move_prev_word_start" "collapse_selection" ];
"move_prev_word_start" "C-right" = [ "move_next_word_start" "collapse_selection" ];
"collapse_selection"
];
"C-right" = [
"move_next_word_start"
"collapse_selection"
];
}; };
normal = { normal = {
"C-left" = [ "C-left" = [ "move_prev_word_start" "collapse_selection" ];
"move_prev_word_start" "C-right" = [ "move_next_word_start" "collapse_selection" ];
"collapse_selection"
];
"C-right" = [
"move_next_word_start"
"collapse_selection"
];
"A-d" = "delete_selection"; "A-d" = "delete_selection";
"d" = "delete_selection_noyank"; "d" = "delete_selection_noyank";
}; };
@ -101,8 +70,7 @@
}; };
themes = { themes = {
paramount-dark = paramount-dark = let
let
medium_gray = "#767676"; medium_gray = "#767676";
lighter_black = "#4E4E4E"; lighter_black = "#4E4E4E";
lighter_gray = "#C6C6C6"; lighter_gray = "#C6C6C6";
@ -112,14 +80,11 @@
dark_purple = "#af5fd7"; dark_purple = "#af5fd7";
light_purple = "#a790d5"; light_purple = "#a790d5";
dark_yellow = "#A89C14"; dark_yellow = "#A89C14";
in in {
{ inherits = "hex_lavender";
"ui.background" = {
bg = "black"; "ui.background" = { bg = "black"; };
}; "ui.gutter" = { bg = "black"; };
"ui.gutter" = {
bg = "black";
};
"ui.menu.selected" = { "ui.menu.selected" = {
fg = lighter_gray; fg = lighter_gray;
bg = light_purple; bg = light_purple;
@ -145,17 +110,9 @@
fg = medium_gray; fg = medium_gray;
modifiers = [ "italic" ]; modifiers = [ "italic" ];
}; };
"punctuation" = { "punctuation" = { fg = medium_gray; };
fg = medium_gray;
};
"ui.linenr" = medium_gray; "ui.linenr" = medium_gray;
"ui.linenr.selected" = { "ui.linenr.selected" = { fg = light_purple; };
fg = light_purple;
};
"ui.window" = medium_gray;
"ui.text" = lighter_gray;
"ui.text.focus" = light_purple;
"ui.virtual.whitespace" = lighter_black;
"string.special.url" = { "string.special.url" = {
fg = lighter_gray; fg = lighter_gray;
underline = { underline = {
@ -204,23 +161,16 @@
"diff.plus" = light_green; "diff.plus" = light_green;
"diff.minus" = light_red; "diff.minus" = light_red;
"diff.delta" = dark_yellow; "diff.delta" = dark_yellow;
"ui.cursor" = { "ui.cursor" = { bg = lighter_gray; };
bg = lighter_gray; "ui.cursor.insert" = { bg = light_purple; };
}; "ui.cursor.select" = { bg = dark_purple; };
"ui.cursor.insert" = {
bg = light_purple;
};
"ui.cursor.select" = {
bg = dark_purple;
};
"ui.cursor.match" = { "ui.cursor.match" = {
fg = lighter_gray; fg = lighter_gray;
bg = medium_gray; bg = medium_gray;
}; };
"namespace" = medium_gray; "namespace" = medium_gray;
}; };
paramount-light = paramount-light = let
let
medium_gray = "#767676"; medium_gray = "#767676";
actual_white = "#FFFFFF"; actual_white = "#FFFFFF";
light_black = "#262626"; light_black = "#262626";
@ -229,16 +179,11 @@
dark_green = "#10A778"; dark_green = "#10A778";
dark_purple = "#af5fd7"; dark_purple = "#af5fd7";
dark_yellow = "#A89C14"; dark_yellow = "#A89C14";
in in {
{
inherits = "spacebones_light"; inherits = "spacebones_light";
"ui.background" = { "ui.background" = { bg = actual_white; };
bg = actual_white; "ui.gutter" = { bg = actual_white; };
};
"ui.gutter" = {
bg = actual_white;
};
"ui.menu.selected" = { "ui.menu.selected" = {
fg = light_black; fg = light_black;
bg = dark_purple; bg = dark_purple;
@ -268,13 +213,9 @@
fg = medium_gray; fg = medium_gray;
modifiers = [ "italic" ]; modifiers = [ "italic" ];
}; };
"punctuation" = { "punctuation" = { fg = medium_gray; };
fg = medium_gray;
};
"ui.linenr" = medium_gray; "ui.linenr" = medium_gray;
"ui.linenr.selected" = { "ui.linenr.selected" = { fg = dark_purple; };
fg = dark_purple;
};
"string.special.url" = { "string.special.url" = {
fg = light_black; fg = light_black;
underline = { underline = {
@ -323,15 +264,9 @@
"diff.plus" = dark_green; "diff.plus" = dark_green;
"diff.minus" = dark_red; "diff.minus" = dark_red;
"diff.delta" = dark_yellow; "diff.delta" = dark_yellow;
"ui.cursor" = { "ui.cursor" = { bg = light_black; };
bg = light_black; "ui.cursor.insert" = { bg = dark_purple; };
}; "ui.cursor.select" = { bg = dark_purple; };
"ui.cursor.insert" = {
bg = dark_purple;
};
"ui.cursor.select" = {
bg = dark_purple;
};
"ui.cursor.match" = { "ui.cursor.match" = {
fg = light_black; fg = light_black;
bg = medium_gray; bg = medium_gray;

72
common/linux-specific.nix
View File

@ -1,72 +0,0 @@
{ config, ... }:
{
imports = [ ./users ];
## Optimizations
# Clean /tmp
boot.tmp.cleanOnBoot = true;
# Garbage collection
nix.gc.dates = "weekly";
# Limit journald logs
services.journald.extraConfig = ''
SystemMaxUse=100M
MaxFileSec=1month
'';
# Fix terminfo
environment.enableAllTerminfo = true;
environment.variables.COLORTERM = "truecolor";
## Locale/Timezone
time.timeZone = "Europe/Berlin";
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "de_DE.UTF-8";
LC_IDENTIFICATION = "de_DE.UTF-8";
LC_MEASUREMENT = "de_DE.UTF-8";
LC_MONETARY = "de_DE.UTF-8";
LC_NAME = "de_DE.UTF-8";
LC_NUMERIC = "de_DE.UTF-8";
LC_PAPER = "de_DE.UTF-8";
LC_TELEPHONE = "de_DE.UTF-8";
LC_TIME = "de_DE.UTF-8";
};
# Configure keymap in X11
services.xserver.xkb = {
layout = "us";
variant = "";
};
# Enable the OpenSSH daemon.
services.openssh = {
enable = true;
banner = ''
Hello mistress ^,,^
'';
settings.PasswordAuthentication = false;
};
services.earlyoom = {
enable = true;
freeSwapThreshold = 5;
freeMemThreshold = 5;
extraArgs = [
"-g"
"--avoid"
"'^(sshd|systemd.*|tailscale.*|)$'"
];
};
# Fix Wireguard and Tailscale with NetworkManager
networking.firewall = {
checkReversePath = "loose";
trustedInterfaces = [ "tailscale0" ];
allowedUDPPorts = [ config.services.tailscale.port ];
};
services.tailscale.enable = true;
}

32
common/pkgs/bin.nix
View File

@ -1,36 +1,18 @@
{ pkgs }: { rustPlatform, fetchFromGitHub }:
pkgs.rustPlatform.buildRustPackage rec { rustPlatform.buildRustPackage rec {
pname = "bin"; name = "bin";
version = "e8fac0f0c8c9b48e3933c6f4a9e607a99cc97cf8"; version = "3bbd64611f2a5dee91528976f6db17ff9844315a";
src = pkgs.fetchFromGitHub { src = fetchFromGitHub {
owner = "WantGuns"; owner = "WantGuns";
repo = pname; repo = name;
rev = version; rev = version;
sha256 = "sha256-c5iuk1T3x17iEbLAno716pkQkRtVsB0UJzgIrR64Uec="; sha256 = "0lyx8n4rpnyd7c6yjx8aa3zwxlfwj3db0ykrxdvlsaw4wrqlfk7i";
}; };
# Use custom syntax highlighting theme
preBuild = ''
cp ${
../../external/paramount-dark.tmTheme
} resources/themes/paramount-dark.tmTheme
substituteInPlace src/models/pretty.rs \
--replace "ayu_dark.tmTheme" "paramount-dark.tmTheme" \
substituteInPlace static/css/index.css static/css/pretty.css templates/* \
--replace "#0f1419" "#000000" \
--replace "#f29718" "#a790d5" \
--replace "#F29718" "#a790d5" \
--replace "#be7611" "#8673aa"
'';
cargoLock = { lockFile = "${src}/Cargo.lock"; }; cargoLock = { lockFile = "${src}/Cargo.lock"; };
nativeBuildInputs = [ pkgs.git ];
meta = { meta = {
description = "highly opinionated, minimal pastebin"; description = "highly opinionated, minimal pastebin";
homepage = "https://github.com/WantGuns/bin"; homepage = "https://github.com/WantGuns/bin";

167
common/pkgs/mastodon/default.nix
View File

@ -1,167 +0,0 @@
{ lib, stdenv, nodejs-slim, bundlerEnv, nixosTests, yarn-berry, callPackage
, imagemagick, ffmpeg, file, ruby, writeShellScript, brotli
# Allow building a fork or custom version of Mastodon:
, pname ? "mastodon", version ? srcOverride.version, patches ? [ ]
# src is a package
, srcOverride ? callPackage ./source.nix { inherit patches; }
, gemset ? ./. + "/gemset.nix", yarnHash ? srcOverride.yarnHash }:
stdenv.mkDerivation rec {
inherit pname version;
src = srcOverride;
mastodonGems = bundlerEnv {
name = "${pname}-gems-${version}";
inherit version gemset ruby;
gemdir = src;
# This fix (copied from https://github.com/NixOS/nixpkgs/pull/76765) replaces the gem
# symlinks with directories, resolving this error when running rake:
# /nix/store/451rhxkggw53h7253izpbq55nrhs7iv0-mastodon-gems-3.0.1/lib/ruby/gems/2.6.0/gems/bundler-1.17.3/lib/bundler/settings.rb:6:in `<module:Bundler>': uninitialized constant Bundler::Settings (NameError)
postBuild = ''
for gem in "$out"/lib/ruby/gems/*/gems/*; do
cp -a "$gem/" "$gem.new"
rm "$gem"
# needed on macOS, otherwise the mv yields permission denied
chmod +w "$gem.new"
mv "$gem.new" "$gem"
done
'';
};
mastodonModules = stdenv.mkDerivation {
pname = "${pname}-modules";
inherit src version;
yarnOfflineCache = callPackage ./yarn.nix {
src = srcOverride;
hash = yarnHash;
};
nativeBuildInputs =
[ nodejs-slim yarn-berry mastodonGems mastodonGems.wrappedRuby brotli ];
RAILS_ENV = "production";
NODE_ENV = "production";
buildPhase = ''
runHook preBuild
export HOME=$PWD
# This option is needed for openssl-3 compatibility
# Otherwise we encounter this upstream issue: https://github.com/mastodon/mastodon/issues/17924
export NODE_OPTIONS=--openssl-legacy-provider
export YARN_ENABLE_TELEMETRY=0
mkdir -p ~/.yarn/berry
ln -sf $yarnOfflineCache ~/.yarn/berry/cache
yarn install --immutable --immutable-cache
patchShebangs ~/bin
patchShebangs ~/node_modules
# skip running yarn install
rm -rf ~/bin/yarn
OTP_SECRET=precompile_placeholder SECRET_KEY_BASE=precompile_placeholder \
rails assets:precompile
yarn cache clean
rm -rf ~/node_modules/.cache
# Create missing static gzip and brotli files
gzip --best --keep ~/public/assets/500.html
gzip --best --keep ~/public/packs/report.html
find ~/public/assets -maxdepth 1 -type f -name '.*.json' \
-exec gzip --best --keep --force {} ';'
brotli --best --keep ~/public/packs/report.html
find ~/public/assets -type f -regextype posix-extended -iregex '.*\.(css|js|json|html)' \
-exec brotli --best --keep {} ';'
runHook postBuild
'';
installPhase = ''
runHook preInstall
mkdir -p $out/public
cp -r node_modules $out/node_modules
cp -r public/assets $out/public
cp -r public/packs $out/public
runHook postInstall
'';
};
propagatedBuildInputs = [ imagemagick ffmpeg file mastodonGems.wrappedRuby ];
buildInputs = [ mastodonGems nodejs-slim ];
buildPhase = ''
runHook preBuild
ln -s $mastodonModules/node_modules node_modules
ln -s $mastodonModules/public/assets public/assets
ln -s $mastodonModules/public/packs public/packs
patchShebangs bin/
for b in $(ls $mastodonGems/bin/)
do
if [ ! -f bin/$b ]; then
ln -s $mastodonGems/bin/$b bin/$b
fi
done
# Remove execute permissions
chmod 0444 public/emoji/*.svg
# Create missing static gzip and brotli files
find public -maxdepth 1 -type f -regextype posix-extended -iregex '.*\.(css|js|svg|txt|xml)' \
-exec gzip --best --keep --force {} ';' \
-exec brotli --best --keep {} ';'
find public/emoji -type f -name '.*.svg' \
-exec gzip --best --keep --force {} ';' \
-exec brotli --best --keep {} ';'
ln -s assets/500.html.gz public/500.html.gz
ln -s assets/500.html.br public/500.html.br
ln -s packs/sw.js.gz public/sw.js.gz
ln -s packs/sw.js.br public/sw.js.br
ln -s packs/sw.js.map.gz public/sw.js.map.gz
ln -s packs/sw.js.map.br public/sw.js.map.br
rm -rf log
ln -s /var/log/mastodon log
ln -s /tmp tmp
runHook postBuild
'';
installPhase = let
run-streaming = writeShellScript "run-streaming.sh" ''
# NixOS helper script to consistently use the same NodeJS version the package was built with.
${nodejs-slim}/bin/node ./streaming
'';
in ''
runHook preInstall
mkdir -p $out
cp -r * $out/
ln -s ${run-streaming} $out/run-streaming.sh
runHook postInstall
'';
passthru = {
tests.mastodon = nixosTests.mastodon;
# run with: nix-shell ./maintainers/scripts/update.nix --argstr package mastodon
updateScript = ./update.sh;
};
meta = with lib; {
description =
"Self-hosted, globally interconnected microblogging software based on ActivityPub";
homepage = "https://joinmastodon.org";
license = licenses.agpl3Plus;
platforms = [ "x86_64-linux" "i686-linux" "aarch64-linux" ];
maintainers = with maintainers; [ happy-river erictapen izorkin ghuntley ];
};
}

3393
common/pkgs/mastodon/gemset.nix
View File

File diff suppressed because it is too large Load Diff

22
common/pkgs/mastodon/source.nix
View File

@ -1,22 +0,0 @@
# This file was generated by pkgs.mastodon.updateScript.
{
fetchFromGitHub,
applyPatches,
patches ? [ ],
}:
let
version = "0529f742ecbcf902ffa4ab9283579f72eae78361";
in
(applyPatches {
src = fetchFromGitHub {
owner = "AgathaSorceress";
repo = "mastodon";
rev = "${version}";
hash = "sha256-rAHCQHVv4tZqbRhx43T3YEnsR/THR6gzzjv5yUO4GIU=";
};
patches = patches ++ [ ];
})
// {
inherit version;
yarnHash = "sha256-wdEunwUsV/IaJvNq+YIqRXNKLBrqPeeL5Ig+33dT/AY=";
}

101
common/pkgs/mastodon/update.sh
View File

@ -1,101 +0,0 @@
#!/usr/bin/env nix-shell
#! nix-shell -i bash -p bundix coreutils diffutils nix-prefetch-github gnused jq prefetch-yarn-deps
set -e
OWNER=mastodon
REPO=mastodon
POSITIONAL=()
while [[ $# -gt 0 ]]; do
key="$1"
case $key in
--owner)
OWNER="$2"
shift # past argument
shift # past value
;;
--repo)
REPO="$2"
shift # past argument
shift # past value
;;
--rev)
REVISION="$2"
shift # past argument
shift # past value
;;
--patches)
PATCHES="$2"
shift # past argument
shift # past value
;;
*) # unknown option
POSITIONAL+=("$1")
shift # past argument
;;
esac
done
if [[ -n "$POSITIONAL" ]]; then
echo "Usage: update.sh [--owner OWNER] [--repo REPO] [--rev REVISION] [--patches PATCHES]"
echo "OWNER and REPO must be paths on github."
echo "If OWNER and REPO are not provided, it defaults they default to mastodon and mastodon."
echo "PATCHES, if provided, should be one or more Nix expressions separated by spaces."
exit 1
fi
rm -f gemset.nix source.nix
cd "$(dirname "${BASH_SOURCE[0]}")" || exit 1
WORK_DIR=$(mktemp -d)
# Check that working directory was created.
if [[ -z "$WORK_DIR" || ! -d "$WORK_DIR" ]]; then
echo "Could not create temporary directory"
exit 1
fi
# Delete the working directory on exit.
function cleanup {
# Report errors, if any, from nix-prefetch-git
grep "fatal" $WORK_DIR/nix-prefetch-git.out >/dev/stderr || true
rm -rf "$WORK_DIR"
}
trap cleanup EXIT
echo "Fetching source code $REVISION"
JSON=$(nix-prefetch-github "$OWNER" "$REPO" --rev "$REVISION" 2> $WORK_DIR/nix-prefetch-git.out)
HASH=$(echo "$JSON" | jq -r .hash)
cat > source.nix << EOF
# This file was generated by pkgs.mastodon.updateScript.
{ fetchFromGitHub, applyPatches, patches ? [] }:
let
version = "$REVISION";
in
(
applyPatches {
src = fetchFromGitHub {
owner = "$OWNER";
repo = "$REPO";
rev = "\${version}";
hash = "$HASH";
};
patches = patches ++ [$PATCHES];
}) // {
inherit version;
yarnHash = "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";
}
EOF
SOURCE_DIR="$(nix-build --no-out-link -E '(import <nixpkgs> {}).callPackage ./source.nix {}')"
echo "Creating gemset.nix"
bundix --lockfile="$SOURCE_DIR/Gemfile.lock" --gemfile="$SOURCE_DIR/Gemfile"
echo "" >> gemset.nix # Create trailing newline to please EditorConfig checks
# echo "Creating yarn-hash.nix"
# YARN_HASH="$(prefetch-yarn-deps "$SOURCE_DIR/yarn.lock")"
# YARN_HASH="$(nix hash to-sri --type sha256 "$YARN_HASH")"
# sed -i "s/sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=/$YARN_HASH/g" source.nix
sed -i -Ee "s|^( *yarnHash = )\".*\";|\\1\"\";|g;" ./source.nix

39
common/pkgs/mastodon/yarn.nix
View File

@ -1,39 +0,0 @@
{ stdenvNoCC, yarn-berry, cacert, src, hash }:
stdenvNoCC.mkDerivation {
pname = "yarn-deps";
version = hash;
nativeBuildInputs = [ yarn-berry cacert ];
inherit src;
dontInstall = true;
NODE_EXTRA_CA_CERTS = "${cacert}/etc/ssl/certs/ca-bundle.crt";
buildPhase = ''
mkdir -p $out
export HOME=$(mktemp -d)
echo $HOME
export YARN_ENABLE_TELEMETRY=0
export YARN_COMPRESSION_LEVEL=0
cache="$(yarn config get cacheFolder)"
if ! yarn install --immutable --mode skip-build; then
cp yarn.lock yarn.lock.bak
yarn install --mode skip-build
diff -u yarn.lock.bak yarn.lock
echo "yarn build failed! diff generated as yarn.lock.diff"
pwd
exit 1
fi
cp -r $cache/* $out/
'';
outputHashAlgo = "sha256";
outputHash = hash;
outputHashMode = "recursive";
}

21
common/pkgs/mc-status-bot.nix
View File

@ -1,21 +0,0 @@
{ pkgs }:
with pkgs;
stdenv.mkDerivation rec {
pname = "mc-status-bot";
version = "0.1.0";
src = fetchgit {
url = "https://git.lain.faith/sorceress/e8-status-bot.git";
rev = "c35abf0aba0ca524bc1d3dab9576b41e2b319138";
hash = "sha256-sK0Azd/3ymk5Jsj/GYmNJvYh9fMXFozTuWZhKnYTGbs=";
};
buildInputs = [ curl jq ];
nativeBuildInputs = [ makeWrapper ];
installPhase = ''
mkdir -p $out/bin
cp run.sh $out/bin/mc-status-bot.sh
wrapProgram $out/bin/mc-status-bot.sh \
--prefix PATH : ${lib.makeBinPath buildInputs}
'';
}

58
common/pkgs/vampysite.nix Normal file
View File

@ -0,0 +1,58 @@
{ pkgs, lib, ... }:
let
version = "10768ce069f5c08e8e4393c494f0c6900922170c";
repo = pkgs.fetchgit {
url = "https://git.lain.faith/sorceress/vampysite.git";
rev = version;
sha256 = "1lniwqyhj6r3pwwd4qp01yhfxjbwclw5dn58dgf4kk45f9qgniy3";
};
patched_pkgs = import (builtins.fetchTarball
"https://github.com/AgathaSorceress/nixpkgs/tarball/image-optim-pack-cleanup") {
inherit (pkgs) config;
};
jekyll_env = patched_pkgs.bundlerEnv {
name = "jekyll_env";
inherit (pkgs) ruby;
gemdir = "${repo}/.";
};
image_optim_deps = with pkgs; [
pngout
advancecomp
optipng
pngquant
jhead
jpegoptim
jpeg-archive
libjpeg
];
in pkgs.stdenv.mkDerivation {
inherit version;
name = "vampysite";
src = repo;
buildInputs = with pkgs; [
jekyll_env
# nokogiri dependencies
zlib
libiconv
libxml2
libxslt
# jekyll wants a JS runtime
nodejs-slim
];
buildPhase = ''
export PATH="${lib.escapeShellArg (lib.makeBinPath image_optim_deps)}":$PATH
bundle exec jekyll build
'';
installPhase = ''
mkdir -p $out
cp -r _site/* $out/
'';
}

18
common/remote-builds.nix
View File

@ -1,18 +0,0 @@
{
nix.distributedBuilds = true;
nix.buildMachines = [
{
hostName = "tears";
systems = [
"x86_64-linux"
"i686-linux"
"aarch64-linux"
];
supportedFeatures = [ "big-parallel" ];
maxJobs = 4;
sshUser = "root";
sshKey = "/Users/agatha/Projects/nix-infra/secrets/id_ed25519-nix-builder";
}
];
}

22
common/services/bin.nix
View File

@ -1,16 +1,9 @@
{ { config, lib, pkgs, ... }:
config,
lib,
pkgs,
...
}:
with lib; with lib;
let let cfg = config.services.bin;
cfg = config.services.bin; in {
in
{
options = { options = {
services.bin = { services.bin = {
enable = mkEnableOption "Pastebin"; enable = mkEnableOption "Pastebin";
@ -61,10 +54,11 @@ in
serviceConfig = { serviceConfig = {
Type = "simple"; Type = "simple";
Environment = ''BIN_LIMITS={form="${toString cfg.textUploadLimit} MiB"}''; Environment =
ExecStart = "${ ''BIN_LIMITS={form="${toString cfg.textUploadLimit} MiB"}'';
pkgs.callPackage ../../common/pkgs/bin.nix { } ExecStart = "${pkgs.bin}/bin/bin -a ${toString cfg.address} -b ${
}/bin/bin -a ${toString cfg.address} -b ${toString cfg.binaryUploadLimit} -p ${toString cfg.port} -u ${toString cfg.upload}"; toString cfg.binaryUploadLimit
} -p ${toString cfg.port} -u ${toString cfg.upload}";
WorkingDirectory = "/var/lib/bin_rs"; WorkingDirectory = "/var/lib/bin_rs";
Restart = "always"; Restart = "always";
}; };

14
common/users/default.nix
View File

@ -1,21 +1,13 @@
{ config, pkgs, ... }: { config, pkgs, ... }: {
{
users.users = { users.users = {
agatha = { agatha = {
isNormalUser = true; isNormalUser = true;
description = "Agatha Valentine Lovelace"; description = "Agatha Valentine Lovelace";
extraGroups = [ extraGroups = [ "networkmanager" "wheel" "docker" ];
"networkmanager"
"wheel"
"docker"
"vsftpd"
];
shell = pkgs.fish; shell = pkgs.fish;
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGGYqCcDg9hTINHyf8S56/P83+ZzqwV2t9gUsVYyajjR" # Legacy Yubikey "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGGYqCcDg9hTINHyf8S56/P83+ZzqwV2t9gUsVYyajjR"
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHJkVV+V4IO08YwpTvrxnGjadJ7+T3G4CB4jIo+Nixp6cirzqE3eTJu1QACngDwmKq35T5oKyNY4wed2EOiStSw= agatha@technogothic.net" # penrose / secretive
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIoO+pQQtsPUJgcEICoQSmwwdw/SUZKGrFKLD1MAtSCCXTDaXfWUpJXMZwRCnHc7CgIYgmC87nOlm05/NHzKB8o= agatha@technogothic.net" # sierpinski / secretive
]; ];
}; };
}; };

13
common/users/julia.nix Normal file
View File

@ -0,0 +1,13 @@
{ config, pkgs, ... }: {
users.users = {
julia = {
isNormalUser = true;
extraGroups = [ "wheel" ];
shell = pkgs.fish;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIa/G3M13aVJpOIX8U/5duiGiNNGmM88/0k0+o0EUGRI cardno:20 876 680"
];
};
};
}

BIN
external/6.png vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 6.7 MiB

247
external/paramount-dark.tmTheme vendored
View File

@ -1,247 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<!-- Color Theme paramount-dark, created by Oskar Wickström .
Created with ThemeCreator, https://github.com/mswift42/themecreator -->
<plist version="1.0">
<dict>
<key>author</key>
<string> Oskar Wickström</string>
<key>name</key>
<string>paramount-dark</string>
<key>settings</key>
<array>
<dict>
<key>settings</key>
<dict>
<key>background</key>
<string>#000000</string>
<key>caret</key>
<string>#292929</string>
<key>foreground</key>
<string>#C6C6C6</string>
<key>invisibles</key>
<string>#292929</string>
<key>lineHighlight</key>
<string>#141414</string>
<key>selection</key>
<string>#292929</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Comment</string>
<key>scope</key>
<string>comment</string>
<key>settings</key>
<dict>
<key>foreground</key>
<string>#4E4E4E</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Foreground</string>
<key>scope</key>
<string>keyword.operator.class, constant.other, source.php.embedded.line</string>
<key>settings</key>
<dict>
<key>fontStyle</key>
<string></string>
<key>foreground</key>
<string>#a6a6a6</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Variable, String Link, Regular Expression, Tag Name, GitGutter deleted</string>
<key>scope</key>
<string>variable, support.other.variable, string.other.link, string.regexp, entity.name.tag, entity.other.attribute-name, meta.tag, declaration.tag, markup.deleted.git_gutter</string>
<key>settings</key>
<dict>
<key>foreground</key>
<string>#C6C6C6</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Number, Constant, Function Argument, Tag Attribute, Embedded</string>
<key>scope</key>
<string>constant.numeric, constant.language, support.constant, constant.character, variable.parameter, punctuation.section.embedded, keyword.other.unit</string>
<key>settings</key>
<dict>
<key>fontStyle</key>
<string></string>
<key>foreground</key>
<string>#a790d5</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Class, Support</string>
<key>scope</key>
<string>entity.name.class, entity.name.type.class, support.type, support.class</string>
<key>settings</key>
<dict>
<key>fontStyle</key>
<string></string>
<key>foreground</key>
<string>#C6C6C6</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>String, Symbols, Inherited Class, Markup Heading, GitGutter inserted</string>
<key>scope</key>
<string>string, constant.other.symbol, entity.other.inherited-class, entity.name.filename, markup.heading, markup.inserted.git_gutter</string>
<key>settings</key>
<dict>
<key>fontStyle</key>
<string></string>
<key>foreground</key>
<string>#a790d5</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Operator, Misc</string>
<key>scope</key>
<string>keyword.operator, constant.other.color</string>
<key>settings</key>
<dict>
<key>foreground</key>
<string>#767676</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Function, Special Method, Block Level, GitGutter changed</string>
<key>scope</key>
<string>entity.name.function, meta.function-call, support.function, keyword.other.special-method, meta.block-level, markup.changed.git_gutter</string>
<key>settings</key>
<dict>
<key>fontStyle</key>
<string></string>
<key>foreground</key>
<string>#C6C6C6</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Keyword, Storage</string>
<key>scope</key>
<string>keyword, storage, storage.type</string>
<key>settings</key>
<dict>
<key>fontStyle</key>
<string>bold</string>
<key>foreground</key>
<string>#767676</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Invalid</string>
<key>scope</key>
<string>invalid</string>
<key>settings</key>
<dict>
<key>background</key>
<string>#E32791</string>
<key>fontStyle</key>
<string></string>
<key>foreground</key>
<string>#C6C6C6</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Separator</string>
<key>scope</key>
<string>meta.separator</string>
<key>settings</key>
<dict>
<key>foreground</key>
<string>#C6C6C6</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Deprecated</string>
<key>scope</key>
<string>invalid.deprecated</string>
<key>settings</key>
<dict>
<key>background</key>
<string>#a790d5</string>
<key>fontStyle</key>
<string></string>
<key>foreground</key>
<string>#000000</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Diff foreground</string>
<key>scope</key>
<string>markup.inserted.diff, markup.deleted.diff, meta.diff.header.to-file, meta.diff.header.from-file</string>
<key>settings</key>
<dict>
<key>foreground</key>
<string>#fafafa</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Diff insertion</string>
<key>scope</key>
<string>markup.inserted.diff, meta.diff.header.to-file</string>
<key>settings</key>
<dict>
<key>background</key>
<string>#123d0f</string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Diff deletion</string>
<key>scope</key>
<string>markup.deleted.diff, meta.diff.header.from-file</string>
<key>settings</key>
<dict>
<key>background</key>
<string></string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Diff header</string>
<key>scope</key>
<string>meta.diff.header.from-file, meta.diff.header.to-file</string>
<key>settings</key>
<dict>
<key>foreground</key>
<string></string>
<key>background</key>
<string></string>
</dict>
</dict>
<dict>
<key>name</key>
<string>Diff range</string>
<key>scope</key>
<string>meta.diff.range</string>
<key>settings</key>
<dict>
<key>fontStyle</key>
<string>italic</string>
<key>foreground</key>
<string>#767676</string>
</dict>
</dict>
</array>
<key>uuid</key>
<string></string>
<key>colorSpaceName</key>
<string>sRGB</string>
</dict>
</plist>

525
flake.lock
View File

@ -1,23 +1,90 @@
{ {
"nodes": { "nodes": {
"ccase": { "crane": {
"inputs": { "flake": false,
"nixpkgs": [
"nixpkgs-unstable"
],
"utils": "utils"
},
"locked": { "locked": {
"lastModified": 1692717252, "lastModified": 1670900067,
"narHash": "sha256-TQJkvANms/5Mzh1J4qsEYOrlML17dVv7MYEoN4Z/gm0=", "narHash": "sha256-VXVa+KBfukhmWizaiGiHRVX/fuk66P8dgSFfkVN4/MY=",
"owner": "rutrum", "owner": "ipetkov",
"repo": "ccase", "repo": "crane",
"rev": "7ca56557d0cc69641e0d0c5ae9370c48f4cce09d", "rev": "59b31b41a589c0a65e4a1f86b0e5eac68081468b",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "rutrum", "owner": "ipetkov",
"repo": "ccase", "repo": "crane",
"type": "github"
}
},
"dream2nix": {
"inputs": {
"alejandra": [
"helix",
"nci"
],
"all-cabal-json": [
"helix",
"nci"
],
"crane": "crane",
"devshell": [
"helix",
"nci"
],
"flake-parts": [
"helix",
"nci",
"parts"
],
"flake-utils-pre-commit": [
"helix",
"nci"
],
"ghc-utils": [
"helix",
"nci"
],
"gomod2nix": [
"helix",
"nci"
],
"mach-nix": [
"helix",
"nci"
],
"nix-pypi-fetcher": [
"helix",
"nci"
],
"nixpkgs": [
"helix",
"nci",
"nixpkgs"
],
"poetry2nix": [
"helix",
"nci"
],
"pre-commit-hooks": [
"helix",
"nci"
],
"pruned-racket-catalog": [
"helix",
"nci"
]
},
"locked": {
"lastModified": 1677289985,
"narHash": "sha256-lUp06cTTlWubeBGMZqPl9jODM99LpWMcwxRiscFAUJg=",
"owner": "nix-community",
"repo": "dream2nix",
"rev": "28b973a8d4c30cc1cbb3377ea2023a76bc3fb889",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "dream2nix",
"type": "github" "type": "github"
} }
}, },
@ -38,6 +105,21 @@
} }
}, },
"flake-utils": { "flake-utils": {
"locked": {
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"locked": { "locked": {
"lastModified": 1667395993, "lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
@ -52,23 +134,44 @@
"type": "github" "type": "github"
} }
}, },
"helix": {
"inputs": {
"nci": "nci",
"nixpkgs": "nixpkgs",
"parts": "parts_2",
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1678284394,
"narHash": "sha256-oEXCoNxfEmxqGuYxW7cLwINW70jeRrYqgOC40G1WBr8=",
"owner": "helix-editor",
"repo": "helix",
"rev": "34be71fb50738a7e9d9e5ee5090680a0d84a321c",
"type": "github"
},
"original": {
"owner": "helix-editor",
"repo": "helix",
"type": "github"
}
},
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ],
"utils": "utils"
}, },
"locked": { "locked": {
"lastModified": 1770260404, "lastModified": 1678271387,
"narHash": "sha256-3iVX1+7YUIt23hBx1WZsUllhbmP2EnXrV8tCRbLxHc8=", "narHash": "sha256-H2dv/i1LRlunRtrESirELzfPWdlG/6ElDB1ksO529H4=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "0d782ee42c86b196acff08acfbf41bb7d13eed5b", "rev": "36999b8d19eb6eebb41983ef017d7e0095316af2",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "nix-community",
"ref": "release-25.11",
"repo": "home-manager", "repo": "home-manager",
"type": "github" "type": "github"
} }
@ -89,32 +192,26 @@
"type": "github" "type": "github"
} }
}, },
"matrix-ril100": { "mk-naked-shell": {
"inputs": { "flake": false,
"naersk": "naersk",
"nixpkgs": [
"nixpkgs-unstable"
],
"utils": "utils_2"
},
"locked": { "locked": {
"lastModified": 1688054487, "lastModified": 1676572903,
"narHash": "sha256-KHNG+9lWqsWVA1Xqkb2BJDKuRlrNV8q2CmQLk7vzuH8=", "narHash": "sha256-oQoDHHUTxNVSURfkFcYLuAK+btjs30T4rbEUtCUyKy8=",
"ref": "refs/heads/mistress", "owner": "yusdacra",
"rev": "fd949bede48ee1283e6917018090b2a3fb50db79", "repo": "mk-naked-shell",
"revCount": 2, "rev": "aeca9f8aa592f5e8f71f407d081cb26fd30c5a57",
"type": "git", "type": "github"
"url": "https://git.lain.faith/sorceress/matrix-ril100"
}, },
"original": { "original": {
"type": "git", "owner": "yusdacra",
"url": "https://git.lain.faith/sorceress/matrix-ril100" "repo": "mk-naked-shell",
"type": "github"
} }
}, },
"mms": { "mms": {
"inputs": { "inputs": {
"flake-compat": "flake-compat", "flake-compat": "flake-compat",
"flake-utils": "flake-utils", "flake-utils": "flake-utils_2",
"nix": "nix", "nix": "nix",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
@ -134,44 +231,31 @@
"type": "github" "type": "github"
} }
}, },
"naersk": { "nci": {
"inputs": {
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1687852486,
"narHash": "sha256-2rXkhKUVQxbVaC+TITPpILiy/dSbordOLs87eoWHYxA=",
"owner": "nix-community",
"repo": "naersk",
"rev": "df10963b956962913b693a638746a95d6c506404",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "master",
"repo": "naersk",
"type": "github"
}
},
"naersk_2": {
"inputs": { "inputs": {
"dream2nix": "dream2nix",
"mk-naked-shell": "mk-naked-shell",
"nixpkgs": [ "nixpkgs": [
"url-eater", "helix",
"nixpkgs" "nixpkgs"
],
"parts": "parts",
"rust-overlay": [
"helix",
"rust-overlay"
] ]
}, },
"locked": { "locked": {
"lastModified": 1721727458, "lastModified": 1677297103,
"narHash": "sha256-r/xppY958gmZ4oTfLiHN0ZGuQ+RSTijDblVgVLFi1mw=", "narHash": "sha256-ArlJIbp9NGV9yvhZdV0SOUFfRlI/kHeKoCk30NbSiLc=",
"owner": "nix-community", "owner": "yusdacra",
"repo": "naersk", "repo": "nix-cargo-integration",
"rev": "3fb418eaf352498f6b6c30592e3beb63df42ef11", "rev": "a79272a2cb0942392bb3a5bf9a3ec6bc568795b2",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "yusdacra",
"ref": "master", "repo": "nix-cargo-integration",
"repo": "naersk",
"type": "github" "type": "github"
} }
}, },
@ -195,53 +279,36 @@
"type": "github" "type": "github"
} }
}, },
"nix-darwin": {
"inputs": {
"nixpkgs": [
"nixpkgs-darwin"
]
},
"locked": {
"lastModified": 1767634391,
"narHash": "sha256-owcSz2ICqTSvhBbhPP+1eWzi88e54rRZtfCNE5E/wwg=",
"owner": "LnL7",
"repo": "nix-darwin",
"rev": "08585aacc3d6d6c280a02da195fdbd4b9cf083c2",
"type": "github"
},
"original": {
"owner": "LnL7",
"ref": "nix-darwin-25.11",
"repo": "nix-darwin",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1687946342, "lastModified": 1677063315,
"narHash": "sha256-vRxti8pOuXS0rJmqjbD8ueEEFXWSK22ISHoCWkhgzzg=", "narHash": "sha256-qiB4ajTeAOVnVSAwCNEEkoybrAlA+cpeiBxLobHndE8=",
"owner": "NixOS", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "1c851e8c92b76a00ce84167984a7ec7ba2b1f29c", "rev": "988cc958c57ce4350ec248d2d53087777f9e1949",
"type": "github" "type": "github"
}, },
"original": { "original": {
"id": "nixpkgs", "owner": "nixos",
"type": "indirect" "ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
} }
}, },
"nixpkgs-darwin": { "nixpkgs-lib": {
"locked": { "locked": {
"lastModified": 1770746255, "dir": "lib",
"narHash": "sha256-ZzMQ1deN/Ca0GapjGtvlCXPop/ZzFtolpb37KrDTgWo=", "lastModified": 1675183161,
"narHash": "sha256-Zq8sNgAxDckpn7tJo7V1afRSk2eoVbu3OjI1QklGLNg=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "78d26d24b115f5df93835994696a30b20bb38c83", "rev": "e1e1b192c1a5aab2960bf0a0bd53a2e8124fa18e",
"type": "github" "type": "github"
}, },
"original": { "original": {
"dir": "lib",
"owner": "NixOS", "owner": "NixOS",
"ref": "nixpkgs-25.11-darwin", "ref": "nixos-unstable",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
@ -262,22 +329,6 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-unstable": {
"locked": {
"lastModified": 1770843696,
"narHash": "sha256-LovWTGDwXhkfCOmbgLVA10bvsi/P8eDDpRudgk68HA8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "2343bbb58f99267223bc2aac4fc9ea301a155a16",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1657693803, "lastModified": 1657693803,
@ -296,163 +347,96 @@
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1770770419, "lastModified": 1678137616,
"narHash": "sha256-iKZMkr6Cm9JzWlRYW/VPoL0A9jVKtZYiU4zSrVeetIs=", "narHash": "sha256-T+lWTRdcYaOnZQW+Ehdlg+YldC2l9cq2GXJFPq22Nxc=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "6c5e707c6b5339359a9a9e215c5e66d6d802fd7a", "rev": "7edcdf7b169c33cd3eef9aba50521ce93ee666b8",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "id": "nixpkgs",
"ref": "nixos-25.11", "ref": "nixos-22.11",
"repo": "nixpkgs", "type": "indirect"
}
},
"parts": {
"inputs": {
"nixpkgs-lib": [
"helix",
"nci",
"nixpkgs"
]
},
"locked": {
"lastModified": 1675933616,
"narHash": "sha256-/rczJkJHtx16IFxMmAWu5nNYcSXNg1YYXTHoGjLrLUA=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "47478a4a003e745402acf63be7f9a092d51b83d7",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github" "type": "github"
} }
}, },
"nixpkgs_4": { "parts_2": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": { "locked": {
"lastModified": 1682092588, "lastModified": 1675933616,
"narHash": "sha256-NjKBPnScpbGiH/YOx74DIFOVkr5AKJOVZoy0l7J58gk=", "narHash": "sha256-/rczJkJHtx16IFxMmAWu5nNYcSXNg1YYXTHoGjLrLUA=",
"owner": "AgathaSorceress", "owner": "hercules-ci",
"repo": "nixpkgs", "repo": "flake-parts",
"rev": "bdd3dc5aa8435b66f14636550223a9b3a50e534d", "rev": "47478a4a003e745402acf63be7f9a092d51b83d7",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "AgathaSorceress", "owner": "hercules-ci",
"ref": "image-optim-pack-cleanup", "repo": "flake-parts",
"repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"root": { "root": {
"inputs": { "inputs": {
"ccase": "ccase", "helix": "helix",
"home-manager": "home-manager", "home-manager": "home-manager",
"matrix-ril100": "matrix-ril100",
"mms": "mms", "mms": "mms",
"nix-darwin": "nix-darwin", "nixpkgs": "nixpkgs_3"
"nixpkgs": "nixpkgs_3",
"nixpkgs-darwin": "nixpkgs-darwin",
"nixpkgs-unstable": "nixpkgs-unstable",
"sops-nix": "sops-nix",
"url-eater": "url-eater",
"vampysite": "vampysite"
} }
}, },
"sops-nix": { "rust-overlay": {
"inputs": { "inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [ "nixpkgs": [
"helix",
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1770683991, "lastModified": 1677292251,
"narHash": "sha256-xVfPvXDf9QN3Eh9dV+Lw6IkWG42KSuQ1u2260HKvpnc=", "narHash": "sha256-D+6q5Z2MQn3UFJtqsM5/AvVHi3NXKZTIMZt1JGq/spA=",
"owner": "Mic92", "owner": "oxalica",
"repo": "sops-nix", "repo": "rust-overlay",
"rev": "8b89f44c2cc4581e402111d928869fe7ba9f7033", "rev": "34cdbf6ad480ce13a6a526f57d8b9e609f3d65dc",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "Mic92", "owner": "oxalica",
"repo": "sops-nix", "repo": "rust-overlay",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_4": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"url-eater": {
"inputs": {
"naersk": "naersk_2",
"nixpkgs": [
"nixpkgs-unstable"
],
"utils": "utils_3"
},
"locked": {
"lastModified": 1766323809,
"narHash": "sha256-lS9M7v8w7ruYz/ylom0ZIfK45vkFZQ3X98a/Is8BOTY=",
"owner": "AgathaSorceress",
"repo": "url-eater",
"rev": "d617007eba79f9760db084aefda6c02c80ad7971",
"type": "github"
},
"original": {
"owner": "AgathaSorceress",
"repo": "url-eater",
"type": "github" "type": "github"
} }
}, },
"utils": { "utils": {
"inputs": {
"systems": "systems"
},
"locked": { "locked": {
"lastModified": 1689068808, "lastModified": 1676283394,
"narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=", "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4", "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -460,79 +444,6 @@
"repo": "flake-utils", "repo": "flake-utils",
"type": "github" "type": "github"
} }
},
"utils_2": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1687709756,
"narHash": "sha256-Y5wKlQSkgEK2weWdOu4J3riRd+kV/VCgHsqLNTTWQ/0=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "dbabf0ca0c0c4bce6ea5eaf65af5cb694d2082c7",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"utils_3": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"utils_4": {
"inputs": {
"systems": "systems_4"
},
"locked": {
"lastModified": 1681202837,
"narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "cfacdce06f30d2b68473a46042957675eebb3401",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"vampysite": {
"inputs": {
"nixpkgs": "nixpkgs_4",
"utils": "utils_4"
},
"locked": {
"lastModified": 1717180338,
"narHash": "sha256-g2ZNMpqJ4IARjXY8FX4UUfF4p9Unc01w8RzFYEONXlE=",
"ref": "refs/heads/mistress",
"rev": "1adcc3630a6c626f61dac989fffd661dbb4946ef",
"revCount": 21,
"type": "git",
"url": "https://git.lain.faith/sorceress/vampysite"
},
"original": {
"type": "git",
"url": "https://git.lain.faith/sorceress/vampysite"
}
} }
}, },
"root": "root", "root": "root",

165
flake.nix
View File

@ -1,23 +1,9 @@
{ {
inputs = { inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11"; nixpkgs.url = "nixpkgs/nixos-22.11";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
nixpkgs-darwin.url = "github:NixOS/nixpkgs/nixpkgs-25.11-darwin";
vampysite.url = "git+https://git.lain.faith/sorceress/vampysite";
home-manager = { home-manager = {
url = "github:nix-community/home-manager/release-25.11"; url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
nix-darwin = {
url = "github:LnL7/nix-darwin/nix-darwin-25.11";
inputs.nixpkgs.follows = "nixpkgs-darwin";
};
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
@ -26,129 +12,62 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
url-eater = { helix.url = "github:helix-editor/helix";
url = "github:AgathaSorceress/url-eater";
inputs.nixpkgs.follows = "nixpkgs-unstable";
}; };
outputs = { nixpkgs, home-manager, mms, helix, ... }: {
colmena = {
network = {
description = "Agatha's Nix Infra";
matrix-ril100 = { nixpkgs = import nixpkgs {
url = "git+https://git.lain.faith/sorceress/matrix-ril100";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
ccase = {
url = "github:rutrum/ccase";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
};
outputs =
{
nixpkgs,
nixpkgs-unstable,
nixpkgs-darwin,
home-manager,
nix-darwin,
sops-nix,
mms,
matrix-ril100,
vampysite,
ccase,
...
}:
let
supportedSystems = [
"x86_64-linux"
"aarch64-linux"
"x86_64-darwin"
"aarch64-darwin"
];
forEachSupportedSystem =
f:
nixpkgs.lib.genAttrs supportedSystems (
system:
f {
pkgs = import nixpkgs { inherit system; };
}
);
mkOverlays = system: config: [
(final: prev: {
vampysite = vampysite.packages.${system}.default;
matrix-ril100 = matrix-ril100.packages.${system}.default;
ccase = ccase.packages.${system}.default;
# Unstable packages
unstable = import nixpkgs-unstable { inherit system config; };
})
];
darwinpkgs = import nixpkgs-darwin rec {
system = "aarch64-darwin";
config.allowUnfree = true;
overlays = mkOverlays system config;
};
x86pkgs = import nixpkgs rec {
system = "x86_64-linux"; system = "x86_64-linux";
config.allowUnfree = true; overlays = [
overlays = mkOverlays system config; (final: prev: { helix = helix.packages.${final.system}.default; })
};
in
{
darwinConfigurations."penrose" = nix-darwin.lib.darwinSystem {
pkgs = darwinpkgs;
modules = [
./hosts/penrose/configuration.nix
(import "${home-manager}/nix-darwin")
]; ];
}; };
darwinConfigurations."sierpinski" = nix-darwin.lib.darwinSystem {
pkgs = darwinpkgs;
modules = [
./hosts/sierpinski/configuration.nix
(import "${home-manager}/nix-darwin")
];
}; };
nixosConfigurations."bloodletting" = nixpkgs.lib.nixosSystem {
pkgs = x86pkgs; bloodletting = {
modules = [ imports = [
./common
./hosts/bloodletting/configuration.nix ./hosts/bloodletting/configuration.nix
(import "${home-manager}/nixos") (import "${home-manager}/nixos")
sops-nix.nixosModules.sops
mms.module mms.module
]; ];
deployment = {
targetUser = "root";
targetHost = "bloodletting";
tags = [ "prod" ];
keys = {
"nyandroid-token" = {
keyCommand = [ "cat" "./secrets/nyandroid-token" ];
destDir = "/var/lib/secrets/";
}; };
nixosConfigurations."synchronicity-ii" = nixpkgs.lib.nixosSystem { "rfc2136-technogothic-net" = {
pkgs = x86pkgs; keyCommand = [ "cat" "./secrets/rfc2136-technogothic-net" ];
modules = [ destDir = "/var/lib/secrets/";
./hosts/synchronicity/configuration.nix
(import "${home-manager}/nixos")
sops-nix.nixosModules.sops
];
}; };
nixosConfigurations."watchtower" = nixpkgs.lib.nixosSystem {
pkgs = x86pkgs;
modules = [
./hosts/watchtower/configuration.nix
(import "${home-manager}/nixos")
sops-nix.nixosModules.sops
];
}; };
nixosConfigurations."tears" = nixpkgs.lib.nixosSystem { };
pkgs = x86pkgs; };
modules = [
./hosts/tears/configuration.nix ritual = {
imports = [
./common
./hosts/ritual/configuration.nix
(import "${home-manager}/nixos") (import "${home-manager}/nixos")
]; ];
deployment = {
targetUser = "root";
targetHost = "ritual";
allowLocalDeployment = true;
};
}; };
devShells = forEachSupportedSystem (
{ pkgs }:
with pkgs;
{
default = mkShell {
buildInputs = [
nh
sops
];
}; };
}
);
}; };
} }

183
hosts/bloodletting/configuration.nix
View File

@ -1,32 +1,24 @@
{ { config, pkgs, ... }: {
config,
pkgs,
lib,
...
}:
{
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
../../common ../../common/users/julia.nix
../../common/linux-specific.nix ../../common/fragments/bin.nix
../../common/fragments/fail2ban.nix ../../common/fragments/fail2ban.nix
../../common/fragments/grafana.nix
../../common/fragments/homepage.nix
../../common/fragments/mastodon-ebooks.nix ../../common/fragments/mastodon-ebooks.nix
../../common/fragments/mastodon.nix
../../common/fragments/matrix-ril100.nix
../../common/fragments/matterbridge.nix ../../common/fragments/matterbridge.nix
../../common/fragments/mc-status-bot.nix
../../common/fragments/minecraft.nix ../../common/fragments/minecraft.nix
../../common/fragments/nyandroid.nix ../../common/fragments/nyandroid.nix
../../common/fragments/postgres.nix ../../common/fragments/prometheus_exporters.nix
../../common/fragments/prometheus.nix ../../common/fragments/vsftpd.nix
../../common/fragments/prosody.nix
../../common/fragments/sops.nix
../../common/home_manager/common.nix ../../common/home_manager/common.nix
]; ];
nixpkgs.overlays = [ nixpkgs.overlays = [
(final: prev: { (final: prev: {
agatha-mastodon = final.callPackage ../../common/pkgs/mastodon/default.nix { }; bin = final.callPackage ../../common/pkgs/bin.nix { };
vampysite = final.callPackage ../../common/pkgs/vampysite.nix { };
}) })
]; ];
@ -40,50 +32,41 @@
# Enable networking # Enable networking
networking.networkmanager.enable = true; networking.networkmanager.enable = true;
networking.interfaces.ens20 = { networking.interfaces.ens19.ipv4.addresses = [{
ipv4.addresses = [ address = "185.138.143.227";
{ prefixLength = 29;
address = "91.198.192.199"; }];
prefixLength = 27;
}
];
ipv6.addresses = [
{
address = "2001:67c:b54:1::6";
prefixLength = 64;
}
];
};
networking.defaultGateway = { networking.defaultGateway = {
address = "91.198.192.193"; address = "185.138.143.225";
interface = "ens20"; interface = "ens19";
}; };
networking.defaultGateway6 = { # Enable the OpenSSH daemon.
address = "2001:67c:b54:1::1"; services.openssh = {
interface = "ens20"; enable = true;
banner = ''
Hello mistress ^,,^
'';
passwordAuthentication = false;
}; };
# Open ports in the firewall. # Open ports in the firewall.
networking.firewall = { networking.firewall = {
allowedTCPPorts = [ allowedTCPPorts = [ 20 21 22 80 443 990 ];
22 allowedTCPPortRanges = [{
80 from = 40000;
443 to = 40200;
990 }];
];
trustedInterfaces = [ "podman0" ];
}; };
virtualisation = { virtualisation = {
podman = { podman = {
enable = true; enable = true;
dockerCompat = true; dockerCompat = true;
defaultNetwork.settings.dns_enabled = true; defaultNetwork.dnsname.enable = true;
}; };
oci-containers.backend = "podman"; oci-containers = { backend = "podman"; };
}; };
# SSL/TLS Certificates # SSL/TLS Certificates
@ -92,19 +75,13 @@
security.acme.certs."technogothic.net" = { security.acme.certs."technogothic.net" = {
domain = "*.technogothic.net"; domain = "*.technogothic.net";
extraDomainNames = [ extraDomainNames = [ "technogothic.net" ];
"technogothic.net" dnsProvider = "rfc2136";
"*.argent.technogothic.net" credentialsFile = "/var/lib/secrets/rfc2136-technogothic-net";
];
dnsProvider = "hurricane";
environmentFile = config.sops.secrets.hurricane-tokens.path;
group = "nginx"; group = "nginx";
}; };
security.acme.defaults.reloadServices = [ security.acme.defaults.reloadServices = [ "nginx" "vsftpd" ];
"nginx"
"prosody"
];
systemd.services.nginx.serviceConfig.ProtectHome = "read-only"; systemd.services.nginx.serviceConfig.ProtectHome = "read-only";
# Nginx # Nginx
@ -119,22 +96,6 @@
recommendedProxySettings = true; recommendedProxySettings = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
upstreams = {
"backend-mastodon-streaming" = {
servers = builtins.listToAttrs (
map (i: {
name = "unix:/run/mastodon-streaming/streaming-${toString i}.socket";
value = {
fail_timeout = "0";
};
}) (lib.range 1 config.services.mastodon.streamingProcesses)
);
extraConfig = ''
least_conn;
'';
};
};
virtualHosts."technogothic.net" = { virtualHosts."technogothic.net" = {
useACMEHost = "technogothic.net"; useACMEHost = "technogothic.net";
forceSSL = true; forceSSL = true;
@ -142,22 +103,7 @@
serverAliases = [ "agatha.technogothic.net" ]; serverAliases = [ "agatha.technogothic.net" ];
locations."=/cv.pdf" = { locations."=/cv.pdf" = { alias = "/home/ftp/cv.pdf"; };
alias = "/home/ftp/cv.pdf";
};
locations."=/.well-known/host-meta" = {
return = "301 https://fv.technogothic.net$request_uri";
};
locations."=/.well-known/webfinger" = {
return = "301 https://fv.technogothic.net$request_uri";
extraConfig = ''
add_header Access-Control-Allow-Origin '*';
'';
};
locations."=/5idbsp9q8d.txt".return = "200 uwu";
extraConfig = '' extraConfig = ''
error_page 404 /404.html; error_page 404 /404.html;
@ -170,58 +116,44 @@
globalRedirect = "technogothic.net"; globalRedirect = "technogothic.net";
}; };
virtualHosts."fv.technogothic.net" = { virtualHosts."grafana.technogothic.net" = {
useACMEHost = "technogothic.net";
forceSSL = true;
root = "${config.services.mastodon.package}/public/";
locations."/system/".alias = "/var/lib/mastodon/public-system/";
locations."/" = {
tryFiles = "$uri @proxy";
};
locations."@proxy" = {
proxyPass = "http://unix:/run/mastodon-web/web.socket";
proxyWebsockets = true;
};
locations."^~ /api/v1/streaming/" = {
proxyPass = "http://backend-mastodon-streaming/";
proxyWebsockets = true;
priority = 2300;
extraConfig = ''
proxy_buffering off;
proxy_redirect off;
tcp_nodelay on;
'';
};
extraConfig = "client_max_body_size 64M;";
};
virtualHosts."jellyfin.technogothic.net" = {
useACMEHost = "technogothic.net"; useACMEHost = "technogothic.net";
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {
proxyPass = "http://watchtower.thorns.home.arpa:8096"; proxyPass = "http://localhost:2342";
proxyWebsockets = true; proxyWebsockets = true;
}; };
}; };
virtualHosts."carvideo.technogothic.net" = { virtualHosts."home.technogothic.net" = {
useACMEHost = "technogothic.net"; useACMEHost = "technogothic.net";
forceSSL = true; forceSSL = true;
serverAliases = [ "agatha.technogothic.net" ]; locations."/" = {
proxyPass = "http://localhost:3000";
proxyWebsockets = true;
};
};
virtualHosts."thermalpaste.technogothic.net" = {
useACMEHost = "technogothic.net";
forceSSL = true;
locations."/" = { locations."/" = {
return = "301 https://ftp.technogothic.net/car_video.mp4"; proxyPass = "http://localhost:6162";
proxyWebsockets = true;
}; };
}; };
virtualHosts."ftp.technogothic.net" = {
useACMEHost = "technogothic.net";
forceSSL = true;
root = "/home/ftp";
locations."/" = { extraConfig = "autoindex on;"; };
};
}; };
# This value determines the NixOS release from which the default # This value determines the NixOS release from which the default
@ -232,3 +164,4 @@
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.11"; # Did you read the comment? system.stateVersion = "22.11"; # Did you read the comment?
} }

15
hosts/penrose/configuration.nix
View File

@ -1,15 +0,0 @@
{
imports = [
../../common
../../common/fragments/graphical/darwin.nix
];
nixpkgs.hostPlatform = "aarch64-darwin";
home-manager.users.agatha.programs = rec {
git.signing.key = "/Users/agatha/Library/Containers/com.maxgoedjen.Secretive.SecretAgent/Data/PublicKeys/4286cbdb09fc1738081e8f7996a0b984.pub";
jujutsu.settings.signing.key = git.signing.key;
};
system.stateVersion = 6;
}

38
hosts/tears/configuration.nix → hosts/ritual/configuration.nix
View File

@ -1,50 +1,50 @@
{ { config, pkgs, ... }: {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
../../common
../../common/linux-specific.nix
../../common/fragments/graphical ../../common/fragments/graphical
../../common/fragments/virt.nix ../../common/fragments/yubikey.nix
../../common/home_manager/common.nix ../../common/home_manager/common.nix
]; ];
# Bootloader. # Bootloader.
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
boot.loader.efi.efiSysMountPoint = "/boot/efi";
boot.loader.systemd-boot.consoleMode = "max"; boot.loader.systemd-boot.configurationLimit = 5;
boot.loader.systemd-boot.configurationLimit = 3;
# Setup keyfile # Setup keyfile
boot.initrd.secrets = { boot.initrd.secrets = { "/crypto_keyfile.bin" = null; };
"/crypto_keyfile.bin" = null;
};
networking.hostName = "tears"; networking.hostName = "ritual";
# Enable networking # Enable networking
networking.networkmanager.enable = true; networking.networkmanager.enable = true;
# Enable the OpenSSH daemon.
services.openssh = {
enable = true;
banner = ''
Hello mistress ^,,^
'';
passwordAuthentication = false;
};
virtualisation = { virtualisation = {
podman = { podman = {
enable = true; enable = true;
dockerCompat = true; dockerCompat = true;
defaultNetwork.settings.dns_enabled = true; defaultNetwork.dnsname.enable = true;
}; };
oci-containers.backend = "podman"; oci-containers = { backend = "podman"; };
}; };
# Needed for remote builds
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGCsAQfMx1X+8HEa88x+l3KdJPFAzXg0vL0l/pm56/ZR nix-builder"
];
# This value determines the NixOS release from which the default # This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions # settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave # on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system. # this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option # Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.05"; # Did you read the comment? system.stateVersion = "22.11"; # Did you read the comment?
} }

50
hosts/ritual/hardware-configuration.nix Normal file
View File

@ -0,0 +1,50 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules =
[ "xhci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/6d51e9df-99f3-4eb3-b2da-a1c9b7e405df";
fsType = "btrfs";
options = [ "subvol=@" ];
};
boot.initrd.luks.devices."luks-8807caf4-ae17-4b39-93bd-ddfa1f994a47".device =
"/dev/disk/by-uuid/8807caf4-ae17-4b39-93bd-ddfa1f994a47";
# Enable swap on luks
boot.initrd.luks.devices."luks-c503653d-47de-4914-9e41-d13d14a6cc22".device =
"/dev/disk/by-uuid/c503653d-47de-4914-9e41-d13d14a6cc22";
boot.initrd.luks.devices."luks-c503653d-47de-4914-9e41-d13d14a6cc22".keyFile =
"/crypto_keyfile.bin";
fileSystems."/boot/efi" = {
device = "/dev/disk/by-uuid/9A5C-CE17";
fsType = "vfat";
};
swapDevices =
[{ device = "/dev/disk/by-uuid/e20a4e05-44a6-4895-84ef-e3d176931b25"; }];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp4s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
}

15
hosts/sierpinski/configuration.nix
View File

@ -1,15 +0,0 @@
{
imports = [
../../common
../../common/fragments/graphical/darwin.nix
];
nixpkgs.hostPlatform = "aarch64-darwin";
home-manager.users.agatha.programs = rec {
git.signing.key = "/Users/agatha/Library/Containers/com.maxgoedjen.Secretive.SecretAgent/Data/PublicKeys/0082ebb800203877650324946262cf51.pub";
jujutsu.settings.signing.key = git.signing.key;
};
system.stateVersion = 6;
}

97
hosts/synchronicity/configuration.nix
View File

@ -1,97 +0,0 @@
{
config,
...
}:
{
imports = [
./hardware-configuration.nix
./networking.nix
./monitoring.nix
../../common
../../common/linux-specific.nix
../../common/fragments/bin.nix
../../common/fragments/bittorrent.nix
../../common/fragments/grafana.nix
../../common/fragments/headscale.nix
../../common/fragments/hedgedoc.nix
../../common/fragments/kanidm.nix
../../common/fragments/prometheus.nix
../../common/fragments/sops.nix
../../common/fragments/storage.nix
../../common/fragments/vsftpd.nix
../../common/home_manager/common.nix
];
networking.hostName = "synchronicity-ii";
# Enable networking
networking.networkmanager.enable = true;
# Open ports in the firewall.
networking.firewall = {
allowedTCPPorts = [
22
80
443
990
];
trustedInterfaces = [ "podman0" ];
};
virtualisation = {
podman = {
enable = true;
dockerCompat = true;
defaultNetwork.settings.dns_enabled = true;
};
oci-containers.backend = "podman";
};
# SSL/TLS Certificates
security.acme.acceptTerms = true;
security.acme.defaults.email = "letsencrypt@technogothic.net";
security.acme.certs."technogothic.net" = {
domain = "*.technogothic.net";
extraDomainNames = [
"technogothic.net"
];
dnsProvider = "hurricane";
environmentFile = config.sops.secrets.hurricane-tokens.path;
group = "nginx";
};
security.acme.defaults.reloadServices = [
"nginx"
];
systemd.services.nginx.serviceConfig.ProtectHome = "read-only";
# Nginx
services.nginx = {
enable = true;
statusPage = true;
# Use recommended settings
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts._ = {
default = true;
useACMEHost = "technogothic.net";
forceSSL = true;
extraConfig = "return 404;";
};
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "25.11"; # Did you read the comment?
}

25
hosts/synchronicity/hardware-configuration.nix
View File

@ -1,25 +0,0 @@
{ modulesPath, ... }:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.loader.grub = {
efiSupport = true;
efiInstallAsRemovable = true;
device = "nodev";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/7A0A-7539";
fsType = "vfat";
};
boot.initrd.availableKernelModules = [
"ata_piix"
"uhci_hcd"
"xen_blkfront"
"vmw_pvscsi"
];
boot.initrd.kernelModules = [ "nvme" ];
fileSystems."/" = {
device = "/dev/sda1";
fsType = "ext4";
};
}

30
hosts/synchronicity/monitoring.nix
View File

@ -1,30 +0,0 @@
{ config, ... }:
{
services.prometheus.scrapeConfigs =
let
input = job_name: host: {
inherit job_name;
static_configs = [
{ targets = [ host ]; }
];
};
in
[
(input "telegraf" "localhost${config.services.telegraf.extraConfig.outputs.prometheus_client.listen}")
(input "qbittorrent" "localhost:9006")
];
services.telegraf = {
enable = true;
extraConfig = {
inputs.x509_cert = {
sources = [ "https://technogothic.net:443" ];
interval = "10m";
};
outputs.prometheus_client = {
listen = ":9004";
metric_version = 2;
};
};
};
}

54
hosts/synchronicity/networking.nix
View File

@ -1,54 +0,0 @@
{ lib, ... }:
{
# This file was populated at runtime with the networking
# details gathered from the active system.
networking = {
nameservers = [
"8.8.8.8"
];
defaultGateway = "172.31.1.1";
defaultGateway6 = {
address = "fe80::1";
interface = "eth0";
};
dhcpcd.enable = false;
usePredictableInterfaceNames = lib.mkForce false;
interfaces = {
eth0 = {
ipv4.addresses = [
{
address = "77.42.21.227";
prefixLength = 32;
}
];
ipv6.addresses = [
{
address = "2a01:4f9:c012:5901::1";
prefixLength = 64;
}
{
address = "fe80::9000:7ff:fe07:64f5";
prefixLength = 64;
}
];
ipv4.routes = [
{
address = "172.31.1.1";
prefixLength = 32;
}
];
ipv6.routes = [
{
address = "fe80::1";
prefixLength = 128;
}
];
};
};
};
services.udev.extraRules = ''
ATTR{address}=="92:00:07:07:64:f5", NAME="eth0"
'';
}

78
hosts/tears/hardware-configuration.nix
View File

@ -1,78 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = [
"thunderbolt"
"xhci_pci"
"ahci"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
boot.initrd.systemd = {
enable = true;
emergencyAccess = "$2b$05$eOIXFST5/9G6vAFIZDLGfuJV7CV1B26YmRMAFRstyRHwvBNFSN6Im";
};
boot.supportedFilesystems = [ "ntfs" ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/eb110ab2-7883-4e24-84f8-2a3983059cf3";
fsType = "btrfs";
options = [ "subvol=@" ];
};
boot.initrd.luks.devices."luks-d79d75f3-5560-427a-b79d-78a6cabbcb88".device =
"/dev/disk/by-uuid/d79d75f3-5560-427a-b79d-78a6cabbcb88";
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/B520-5020";
fsType = "vfat";
};
boot.initrd.luks.devices.awoobackups.device =
"/dev/disk/by-uuid/08fb0554-9599-4085-bd13-285b634c5de5";
fileSystems."/mnt/hdd" = {
device = "/dev/mapper/awoobackups";
fsType = "btrfs";
};
swapDevices = [
{
device = "/var/lib/swapfile";
size = 8 * 1024;
}
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.eno2.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp7s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.graphics = {
enable = true;
enable32Bit = true;
};
}

55
hosts/watchtower/configuration.nix
View File

@ -1,55 +0,0 @@
{
imports = [
./hardware-configuration.nix
./monitoring.nix
../../common
../../common/fragments/home-assistant.nix
../../common/fragments/media.nix
../../common/fragments/prometheus.nix
../../common/fragments/sops.nix
../../common/fragments/sponsorblock.nix
../../common/fragments/storage.nix
../../common/home_manager/common.nix
../../common/linux-specific.nix
];
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.initrd.luks.devices."luks-081780bd-f005-4394-bbf2-3e5d9aab3c7d".device =
"/dev/disk/by-uuid/081780bd-f005-4394-bbf2-3e5d9aab3c7d";
networking.hostName = "watchtower";
# Enable networking
networking.networkmanager.enable = true;
systemd.services.NetworkManager-wait-online.enable = false;
# Open ports in the firewall.
networking.firewall = {
allowedTCPPorts = [
22
80
443
];
trustedInterfaces = [ "podman0" ];
};
virtualisation = {
podman = {
enable = true;
dockerCompat = true;
defaultNetwork.settings.dns_enabled = true;
};
oci-containers.backend = "podman";
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "24.05"; # Did you read the comment?
}

53
hosts/watchtower/hardware-configuration.nix
View File

@ -1,53 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"usb_storage"
"usbhid"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
boot.kernelParams = [ "amd_pstate=guided" ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/eba0bc60-b96f-4b28-9447-f36209410ba3";
fsType = "ext4";
};
boot.initrd.luks.devices."luks-9c33d04a-b7f1-4dec-98a5-f8ec2771ef7d".device = "/dev/disk/by-uuid/9c33d04a-b7f1-4dec-98a5-f8ec2771ef7d";
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/D95C-66EE";
fsType = "vfat";
options = [
"fmask=0022"
"dmask=0022"
];
};
swapDevices = [ { device = "/dev/disk/by-uuid/8a64d656-8ba2-4c11-87bf-858e1ca3ec7e"; } ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp1s0f1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

14
hosts/watchtower/monitoring.nix
View File

@ -1,14 +0,0 @@
{
services.prometheus.scrapeConfigs =
let
input = job_name: host: {
inherit job_name;
static_configs = [
{ targets = [ host ]; }
];
};
in
[
(input "jellyfin" "localhost:9007")
];
}

5
ops/home/push Executable file
View File

@ -0,0 +1,5 @@
#!/usr/bin/env nix-shell
#! nix-shell -p colmena -i bash
set -e
colmena apply $@

22
secrets/frq-friend-fedi-data.toml.bin
View File

@ -1,22 +0,0 @@
{
"data": "ENC[AES256_GCM,data:sYrv8xVojM6mU4l+4HHtwuF/XLlJD6rQW5BxmKDhPybS1CommEIYjzIOFkXPv7V3mCgrbDOZJntqX3xlZtoonO6/Ug6kOIeAL28hDBEDMVIsRV7jM377nR9QHa+dBEg8UNR8e+9Uaq8+6OcZJeuB8V6VTrAT8jEqwGR42Xx26QBgP6Ez07QbCIxAF0RPQXLIFHSKp0DFHMnmTxvSTm6TP2P3149W9EQE6cy6Jj5YTrqrHu7+Q532Z+DDFqx+JdWZDkQjrzBPSuM05WBawoVNsxcuYb9YLzrZjNszsRHQOrKZVH9fhTGwmy9H088zur6cTcQD,iv:OwGJM41AkivKWawZ1f3Pf6uWBJxSsPf+M/hIimrVBv8=,tag:vHg59RSTh8Jem9A4z/8p4g==,type:str]",
"sops": {
"age": [
{
"recipient": "age1se1q089cm462yku3md4xyk9lc4ck2x429awx9gh75lg6tpcaeyumcpnud7nht9",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IFdhNW5ydyBBN2FUN2Rn\nblhrUDJ4a1BtK1QySHJsWlJUcVFQckR1SUh0dWxPdmtYTU1CbgpRemxYZHRlMWps\nZ1NMZWU2cmducWd0Q1hHMmd6V3NHSHRFbThvcy9ROHljCi0tLSBiR1RlZ1hTMFBN\nMGEzelIvVHdrSTI0TmtvS3FqaVZQdnFKM1FCNTd5YzB3Cnlx1Dqj+SRHv9AkagDg\noEWwz/UlU3qQLb/KGAZjWxZ9a1SyYiHix9L9yg7KaiYcZDaD1SpqSehEijqbhVEn\nFBk=\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1kjnrt7vnwhqzryxrgakd7tdga9sxvjrlgtj0j8xz0sah798atvxquvpqla",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0RnJUdHBDMWNFYzk0WmlV\nZjM4eDhwZHd0b3p1Yk9qakVjajVRQVpRL0EwCloxRFBnM3pXd015MFBOYWZBTmVl\nRlRqNWxsWE01Q3F5TUZ6RjU2ajVpM0kKLS0tIDZZYU13UEF4Mk9xRkZCZEc5RkY4\nb2p6YW5mcENOWGJzOFlJdURCc2pqa0EKQOP0X7Oc74hkeODFjbg+EbtRNRkAd3is\ntaSJJoDLYLGnO3ZXPgJ2BZo87AivQqAeC476HXXPzG4ekxJ4SNgcwQ==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1nhs7nhvkqhw8qgdyxwmgts044ce3t7jsgesea5l5mfz4ex6jsgyq76cfsy",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5VEdlc3p1N1ZtckpVUEoy\nOGpJeWt0amdRS2pPcGJkeUJEL1kyWVFEUldNCjZtT2M1QXAwdWJVRkNhdHF4bWl2\ncHdISWR4ZVVUbzVCYnZXRnZRcnNJK00KLS0tIDFJODJVOHhVai9qZUFWdkRyMlk3\nQU5Ed3NZRU5CVUZGM1VUb0Fibzg4WHcKFrZADMcpvosNqGpaqSQSWgGHbcfJUVi9\nb4iiWEB9xtkidNrZ2ir7C5kXUDmEskE0idBcs36oQJ+5jgcoy+vVdQ==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2026-02-02T16:53:43Z",
"mac": "ENC[AES256_GCM,data:CK1T/TlJwmikmdJzjn6UrtbmFLSLL/B8rHONwRsnOwLSt0Y8g/5BJlI67pc42gtqdEbpSDpxfztr0gat7tm5xvfo8lTWWafqOw8Hj343/ya1LLJKlq0ScSo+liFdrJhPXXwHn6T9dlnJQwmrYTZc6isjj4nwFaReOFre/NgBFzI=,iv:EdjoWJri/TGU+Zf3eR8PF4+FwBx8hzTikrMx6Hga7dw=,tag:3F2+vQksjK+zzEuO/JPomg==,type:str]",
"version": "3.11.0"
}
}

12
secrets/gluetun.env
View File

@ -1,12 +0,0 @@
OPENVPN_USER=ENC[AES256_GCM,data:UC3zqZEHTUKDdEHz6MxLZZJHLbg=,iv:zS3m3pRnYdlaQ3MAJR11hljNf7kqM8fz1yx9pfnmIe8=,tag:l+dSfGV1AmvaRBHogYZk3A==,type:str]
OPENVPN_PASSWORD=ENC[AES256_GCM,data:0fnjaHdfHDmiOOXg0uZhk1lPTs84GFK/Va9PGnD8i2Y=,iv:GmhmknF0iG9q13XRLyq6ePtUdL/PzBMQi8XGEKWHuV4=,tag:/BTJpz/I9qdY1nJaWud9Yg==,type:str]
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IFdhNW5ydyBBN0lyTGFk\nZC9jZ0FTaGc4cmdJYXlzd1Z3US9iMnhhYzM4Umc1ZkZ2Rmt1TwphdUhxWStDdWl5\nNitnME9JSEFzWGdKRTlUdEVmeWJYUXJ0TWt3cEFCN1dnCi0tLSBreW1XSDFIdmZL\naWNxQ2FFYk8rU0N4R2ZoQmdVUXlKQ1dMV2xFcmNUYWFNCsDqGgYvv2aTQAGLh9pv\n7X98iUcgOzLzsLnRpOiN77Bt9MnCBs6F3M+TgIP/hKdACsJz3q1Qoi1AsQCtqQhl\nkA4=\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_0__map_recipient=age1se1q089cm462yku3md4xyk9lc4ck2x429awx9gh75lg6tpcaeyumcpnud7nht9
sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFZUo1UjFGbHo3UjlUOHlt\nQ1VHRjBNTjJjb1U4RXZHcnpKVWRoVTZveVdjCnZZNUIxK0hyOGl3OHBma05lU1Ir\nY3grVTdHMUp1cUZoZDVseWhDYU0rQWMKLS0tIFYrTFpoaGJET216dms0M0IrdU44\nMStUcTJzbmp1S0VwUyt5MjVTSE1QbEkKrTWRGYyPgnBZavXg5yQqi9ld2wsLW5ki\n92aKUZFOOs1leJrNAz+lJVExL1EiMWsE6FsZZjN7w/oAzISA6EdvqQ==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_1__map_recipient=age1kjnrt7vnwhqzryxrgakd7tdga9sxvjrlgtj0j8xz0sah798atvxquvpqla
sops_age__list_2__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByUjNTdU1XaHcyNWFmV1py\nd2tFeHdqMEJNalpNeXlHU0tMNTE3UWFIdlNRCmhNWDBIWjhYQWtIMUI2V1ZFeDVE\nY0ZILzlHYnAvRlZBWnpUY1pic1RBN3MKLS0tIFVQajlpY1FWUjZteTlpZE9YZkVs\ncHdXUE1sb3lsMDA5TlN6dHR1Nk4rMDQKhvfWogysSIBPrEAX2yQQjB40lE3abPtI\n4DKl90WKufpR/vVGPioTQkZN8NnXDpB/r29WHM0pjV9+2iQa/zHsjA==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_2__map_recipient=age1nhs7nhvkqhw8qgdyxwmgts044ce3t7jsgesea5l5mfz4ex6jsgyq76cfsy
sops_lastmodified=2026-01-28T12:21:41Z
sops_mac=ENC[AES256_GCM,data:cfsq2NkLUkGehYvdUZuljE4UnVNs81SRFn+F02W0va38EPZputP40ALk3rCDg3t9l8EtVQzqh/MT40xZgLVUTJNJDhbzxKcAPM6hqCEWAaITZfDqace2XoPqlnw4WqLg1OD8CwLMQA4Insob37HKJj+Vk10ev56qJhQrB1rrDpQ=,iv:0QiWC9auK412G4SFwNr2tjzPHKrba+7ZPL5epwrVivw=,tag:fPSetTZ3ax5iCPhWvP58eQ==,type:str]
sops_unencrypted_suffix=_unencrypted
sops_version=3.11.0

11
secrets/hedgedoc-oauth.env
View File

@ -1,11 +0,0 @@
CMD_OAUTH2_CLIENT_SECRET=ENC[AES256_GCM,data:99VzpdiJOmKmyRyPd28tVYBNYuTVZg0z5dqp0gZqIp++hqwneOslDkLwStoJ/i5m,iv:hlHOcgTh8DttrSI0sz3pv19x5LuRURZ//UBWEs5FpGg=,tag:pAPS4NYXNQ6omgVWLR4S8A==,type:str]
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IFdhNW5ydyBBOFlwTU5E\nOFZVOTlxMWU5bDVxKzZCUVdxSzg0d2xaR21uWmM0QVJGeHY3Mwpheml0TS9lejRU\nSWtybEhQT3lBc1h3b2Vkd0w0SXZETXJrQzZENVBaOFJVCi0tLSBSMHViVHlrbFdt\nTDJWc3puWm1OWDQzbEpSNHI5TWdMQXNuVTZGVy83TEVFCprclQ3Na/0zCTuOKHSH\nd4V2IiMHxwn3mcoKrEDB8+gILanNnhJwKvqYDpMYEqDzGy48HK9MGcQ9YSY/YbYB\nvKM=\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_0__map_recipient=age1se1q089cm462yku3md4xyk9lc4ck2x429awx9gh75lg6tpcaeyumcpnud7nht9
sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4SCt4WC9rNG5pQ1RFVHdB\nalZ0Q0ZjNEN4eFNPY240VEFsS1BDYXFFS2dRCm1BSGZKUmUrNmZhaytiUVp0RXo4\nRDlYanBEaWlYN1ZJRHl4dkY5a0QxLzAKLS0tIGNIRlI5aXl5TGczc3R0bW44TUlx\nWEI5YlpvblNpUU9FTitNTTFlb0JmR2sKzSavj1koSJCu2e51jBigqNfFmHNv/x3r\nZwZ/R8JPglqKlzdhDYYvrdwqlAdL5QU8bVzWFsZwCag5eEgLJaU1kQ==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_1__map_recipient=age1kjnrt7vnwhqzryxrgakd7tdga9sxvjrlgtj0j8xz0sah798atvxquvpqla
sops_age__list_2__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCRHRxRTEvZjgza0VtRi9X\nTlVSc2h0andqSllzOGZ4SU9jL1R1TGRGL1VjCkZLUGFGRTR6SVgwUEZxU3BFb1ZN\nQnIvNlNteVozWDdsRzRqV0hmU3RVVUEKLS0tIGoydFc4SFYvQ09LY2kvZ1ljY3pr\nOHF2Z3VORzU2MXNHd0QyL1NrTnpQb00KaTK2sy8IztMPaYfruiQYKV+hGUcos22q\nKDt53HysD5Q/zQJyFomKGsBWPTqSfK2UnoI+PN9PkZkX/vE4Xp7y0g==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_2__map_recipient=age1nhs7nhvkqhw8qgdyxwmgts044ce3t7jsgesea5l5mfz4ex6jsgyq76cfsy
sops_lastmodified=2026-02-08T00:41:43Z
sops_mac=ENC[AES256_GCM,data:hCGTiM/g66uRkYVlm4Ejp4wFphWcumVAWXXSAqTKOnKXG6L0rT9V4oTcM5W4h76l9YB8wlSmjvp+2Zc7G8kLXT2oYLZXT8lrDOkVNhjUASG80uWxdjJTUdj/naqkfpjXmSFmVjCVLTBCT9/rIb4usuu7+gUl3GgpGmekUAsPWxk=,iv:lfGtxhxEMaVUyg7lUp7QhDBjJt38FpHF3x/4VvAeJ6I=,tag:iEC3+8VZqbFe12OeStqEEw==,type:str]
sops_unencrypted_suffix=_unencrypted
sops_version=3.11.0

12
secrets/hetzner.env
View File

@ -1,12 +0,0 @@
USER=ENC[AES256_GCM,data:oHuOPKkNXQ==,iv:dLtmqNIswKrhyTRkI2R9Y2yqsdL5fRxxzhvn4CHWZIY=,tag:FuK4FLk8JQFYS5zDt8MSOw==,type:str]
PASSWD=ENC[AES256_GCM,data:325dtEyGtdPFB87fDZeDhA==,iv:Wqpec+WnjNqyii/NzK2zcx05/9NWatpQnKnqxYRWuM4=,tag:HKiffdbZ8NnOvymyVcvlgg==,type:str]
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IFdhNW5ydyBBd3dZRm5p\nNGFSOExRRHBxanZjZFI1MEtGYVEvNDlucDNRQ3MyVjFrald4MwppcGRLa1BjSWRE\nemVZVGlYNElSSEFsTFJMWkdrRy9nNFMxdUtWUUJlQ3FFCi0tLSAwTUFtQkVxNGVa\nb2xlZVhzTWE3QXNTYlRlQStodFpXUWNEVU4wbE9UR0xrCsH58NmBHr4myvf9QjeG\nmzm1I5xJfIeHIBMERtcQyRlHhRzcOtHQ5kvlitng9oCaxmlbkBj41YqQHnJrdb6G\nS+c=\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_0__map_recipient=age1se1q089cm462yku3md4xyk9lc4ck2x429awx9gh75lg6tpcaeyumcpnud7nht9
sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1TllzU2RpZHkrdmVCYXVu\nVWI5NXExajRxZFlVeG14cUE4QnRrRTZQWVNRCmlBNWxDOC8rekRRd2tFaDlOaC8z\nSXROdlF6ZnNXNkFIWFNaTW5NbVdMQ1EKLS0tIDFia1ZtZTZpN241cHhsMTBmSlRO\na2FwZjIwUW03SysxWGEySEtkOE5adzQKtbOlmgsNLpw/v0xQGYO++2I/jvFpKq9M\nKkYRbx6DpxAGjOGjE9MbcGABaQOY2Q9Jmx8exoUzK1dnpLWSyfwAhg==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_1__map_recipient=age1kjnrt7vnwhqzryxrgakd7tdga9sxvjrlgtj0j8xz0sah798atvxquvpqla
sops_age__list_2__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGU1JydjBTYnJpSmVxeVBa\nMUlSeGQ1YjVMYVVMdU9TekI1Q1F1V3VOSlNvCk03czE5bjZyT3RNK3RLNjdYbFdZ\neE94UmFJMEpxanN5OVk4RExUclU2RU0KLS0tIGpEeHJyMFRoSmY3V2RjUkVDblNJ\ndWFzbWRZclp4Q3BSY0thNFlYbHJoRGcKxpNqauGsxCSfa7qkRj5eum5h7HkAQMRP\niGkm1UGwToB2AvfwiH5J/Wk0ppQfWph9yMlk11fXBFIBYH2ZpU855A==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_2__map_recipient=age1nhs7nhvkqhw8qgdyxwmgts044ce3t7jsgesea5l5mfz4ex6jsgyq76cfsy
sops_lastmodified=2026-01-26T12:35:08Z
sops_mac=ENC[AES256_GCM,data:OTcYnAlgD9RDnMvBqVMMKQXxeVhk6dzgBRBocctgNYHWl9b5BNkViYNJqqUpU83fBOWLit7x5T5tK4sG++FjEsnuXjdMV4+/u3nODI3GNBxuIzn+v65wyagHnLwqWZiORKOfx6301m+kqDunO1lExnSMsSfno3vUbnhaUisRuls=,iv:6pIr8ud2WPyF7D/YeewnDzPT0csoXC1IQlsNTknjly8=,tag:0hjDU8uMgzuQ7cRtdq7btA==,type:str]
sops_unencrypted_suffix=_unencrypted
sops_version=3.11.0

11
secrets/hurricane-tokens.env
View File

@ -1,11 +0,0 @@
HURRICANE_TOKENS=ENC[AES256_GCM,data:wUBal5xSVjfe81pY3nw6WXNah8sGEiWmLz6FLk5Elan4JgPw70Q3+SiKlyo6IsyIMQ1GTgIkRu5wP8ijZV4sEi1emZzE0qPxYx8=,iv:ZJLRj0zFBfg0va+MC4OMUESXBEYw7tGZjBLWw/buRek=,tag:A0507C0hZ10wiMK8S7eALw==,type:str]
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IFdhNW5ydyBBbGRTeXdh\nY2RLaXAvVTJwbGhMWFFCNjVUR0VCeDNHS28xVXFobjViWXJlSApoZzNnMmdHdENh\nOXRVeWt0RmoyL0lEY0h5a2N2cG84emFOdlNkdkoybEdNCi0tLSBFQWtROUF6eExl\neTFDZUErc3lScjJXRFZINE8rTjE5NXVJd0ZDUGNwS1hBCjGca3mxgf3e+V3dHLfu\n3+lLIPUVhrSqdyvS3blaW7pNosjjgJIOme6C0iV78vB5qvnF1U1W3DhKEfQaYRm0\n2PU=\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_0__map_recipient=age1se1q089cm462yku3md4xyk9lc4ck2x429awx9gh75lg6tpcaeyumcpnud7nht9
sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVWkZpaUJXZXlOZ3UydUF0\nTUZCRFhxcG9ndXFrc3J5U2VGRkZDT2tLSlZvCmN6Z3pQS29iamZIS2ZpbkI3c1M0\nMmZwbEhsSDY0VjNKeXkrZ2U5b3l4NFEKLS0tIG9jbUprMDF6ekE2ZVFCWEJ4SDkz\nNkpKeThmS0RiNG42bko5N0ZDT0JmVTQKDmiaRvZzTEP+FV5Cu0wdAq72ZTLO70nA\nCgcxktWG3vOW1tjcc2brMICiCBC1wKPg6AAxQTU7txGjWm1MA7cjPg==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_1__map_recipient=age1kjnrt7vnwhqzryxrgakd7tdga9sxvjrlgtj0j8xz0sah798atvxquvpqla
sops_age__list_2__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVSFpwSEJheWo0RE5EZVVT\nNjAvd1l1WEwySkpNVzF0N2ZFVHhjZ0NoT2xZCjB6NWFWMytwNk4zZjFEZXE5OVpW\nVytweEdoVkZVYzBabm9IeHFPZC9DU28KLS0tIGx0eW1KUmJkVkc4a3owTmxpMmVL\nRTdCMTdWZXFLUWZtTUoxdG8xTzNVaUkKNbcqCB/7wNXfbNLvKTJ2XwHZmgAqVdbB\nLxSkLWp5ecdKfa1eK1I/NcWT2p6P9dWjRqYF1VzAxN51vv4FJ0ljUg==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_2__map_recipient=age1nhs7nhvkqhw8qgdyxwmgts044ce3t7jsgesea5l5mfz4ex6jsgyq76cfsy
sops_lastmodified=2026-01-21T15:46:31Z
sops_mac=ENC[AES256_GCM,data:ZPwm9aNsY0m95Db2BiwFTsybthS2SZPdS37uesTZEX77gnBt79UE55z3kaP66a5F2PUiUuEBMDC+Rl44qSOL67fWbUqmFPKQMz4U463oerAvCB9K5W9ZZai+EC9cia073ScmrC+4xrJ2OrIYqxA+WoKz+oUXU7SkDUy9Zll2eJw=,iv:du+q9lOlAySVWf8BbFPBydYL9geuPjOvRVmpq8E7whM=,tag:V2A+V35LCmfMHRT7wXgGzA==,type:str]
sops_unencrypted_suffix=_unencrypted
sops_version=3.11.0

11
secrets/jellyfin-exporter.env
View File

@ -1,11 +0,0 @@
JELLYFIN_TOKEN=ENC[AES256_GCM,data:kgmwncy5qY+twVSaRoox4jJBFJMsyjszzTIu2Kw/ZMQ=,iv:jb1fmXurYQ6rtmFfnIP3ogG6J460ZWMCy2W82alW1MA=,tag:eE5CZAWns0r+jyB4IMJwOg==,type:str]
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IFdhNW5ydyBBK0MvZHY2\nd2RMalE3Z3BYM2FxdHZaZXdDNXpEWUV4OFRqT01yc0htQUVYbgpneUh3M2xWNS8x\nT2FCQytLZEJXYjJpZEIza0xiNWs0ZzBwbWhqVHVWU2tvCi0tLSBWdGZxK1RZZmEw\nL1NJOHJpZG4vS29UTVBDcXcwek41bW83WGFka3dwRmlzCqzxY9vWt8VYLi8JmO+p\nrspbb9hw+oNNw9wdn5THamhbV4DK8WRxTveS2uWqxQ8k5+jY19necfEsMFkKIVrZ\nhWY=\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_0__map_recipient=age1se1q089cm462yku3md4xyk9lc4ck2x429awx9gh75lg6tpcaeyumcpnud7nht9
sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBITURBU1Z1ZVNQSC9KcFdG\nazdoVWpLSUczN283SFE2Qy9Ua29nSGp0dkFrCk45TnBFMmtSWG1ROEpLcFFqVm03\nTHo0WG0wYVllczBpNnoxTkpSNWpNblEKLS0tIEdwbnBLVHlrT0VIOUx0VUQ5SDht\nU283U2d6SkEzeEFSUEtrdGgyM1dGSzQKywaFsova8F2h2+5ZnO0UGi4hYQW0F0sb\n/51wf7zM+9OR4REh1zx9jREgjmYLv3y17t82zFhXp9UIhKhtou5Tpg==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_1__map_recipient=age1kjnrt7vnwhqzryxrgakd7tdga9sxvjrlgtj0j8xz0sah798atvxquvpqla
sops_age__list_2__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEM1NTbHJtS25oQWpsNXNy\naUljQnU4N2s1WlN2aXBpY3I4TWxsWFBXRUFFCk11QTRaVmk0RllROXN6WEdvaStO\nN3VuYUJWVnFlampYeFpGR2hNYm1CelkKLS0tIEZ3czh1RUxhRE9MdnRsbXIzNDZl\naHNKbGx2RGdtZ0NkL2xMeHhRRDVUK1UKpp88f8DY5Dy++OL6m+MSb4TOuJZg4iTn\ndzQxTkgYoH3wyRxG4xzcylQjZ4YHgCNkem00B2+UwtXPgqug6d37Ww==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_2__map_recipient=age1nhs7nhvkqhw8qgdyxwmgts044ce3t7jsgesea5l5mfz4ex6jsgyq76cfsy
sops_lastmodified=2026-01-30T13:09:12Z
sops_mac=ENC[AES256_GCM,data:Ux9+Hc0bGvu3M24VHnHeEjGG9zrxVe9zoWrQuDuafTbvQLd7xUCtTHwEuQtqMVMYH2iegInJoJbXlQfFdW7vQ5sZx/zU2qk8uZDO6EutaWde8W29PXlPP4NaVuNOJQJmhLxEDH3RjY38MVH3o8ZvV0e+Fa4Str8o6toU1SZGQAs=,iv:XEainseudNbPqv9fecTclMMLcMVD5mOEempOWrh7SP0=,tag:S9G1HG0SSJjDJhq7r6r+LA==,type:str]
sops_unencrypted_suffix=_unencrypted
sops_version=3.11.0

14
secrets/mc-status-bot.env
View File

@ -1,14 +0,0 @@
MATRIX_PROVIDER=ENC[AES256_GCM,data:w9e4AVywyz5giGv6bI0+FxZL2w17aZf+Y3BUiA==,iv:NDFxHRu0JjVYszRQjMru+pZbqOaCk9GNPu/OHyZLZsA=,tag:edY1V+z6oOr5caLYDJTAeQ==,type:str]
MATRIX_ACCESS_TOKEN=ENC[AES256_GCM,data:POqd/0mHLn+lWGpISwTsqSTZ8QWMPL6hm095+hoTgGUXdReoUbVTSmk4IWTIflaOJQ==,iv:dMbxqDjXMIRRM/egVrywPC8HclnSc+Ukm4EkdztarfA=,tag:yJdrycQ+3GzsWYJvXVOhyQ==,type:str]
MATRIX_ROOM_ID=ENC[AES256_GCM,data:7fTgkDxadXxOi/nJAEtMWghwJoPflTxgOSyLL6d4l7dy9xWCHaI=,iv:MAyCZbBxTj2v/j9Q+/7d/FqMLYk6tPYy+5EqZpB9h6k=,tag:0E79zEFKm31YrWjCpmiaLQ==,type:str]
SERVER_ADDRESS=ENC[AES256_GCM,data:wVuImYmCmG55nnPhKKX7ubpzYq0k,iv:PFYhzPR0f3k1ZVOlYMxMKYCJh3Oo42RXSRv2VvLnx7g=,tag:pFdGL0mckAg0N/IJz0n6/w==,type:str]
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IFdhNW5ydyBBeE1jeXBQ\ncVMvM0dCVGdacEpvempETGtoelUzNHovWW9UalMveGNzZlBTVwpqQ29EWVdKNldM\nRnlhNTh3NHppNER0dG5KL3FLd3dlakZIZkJzMXhwTGxNCi0tLSB1cWgyMzZ5SXY1\nZG9FNUlJQk9uaWxRb2w2dnl1SFNZYkVEZ0lYdmlubzBnCjQwFtsRwjsX+9b5VXoR\nu3/ZIfJpIZkYf8c5Ob/m8HyNSL9oPrNuMiksxf4IriXkfSbd+w6hvBY6breG2YIj\n8xM=\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_0__map_recipient=age1se1q089cm462yku3md4xyk9lc4ck2x429awx9gh75lg6tpcaeyumcpnud7nht9
sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnaFRFZmVBeHhWOERmTjY2\nR2Y1NWVIanh6S2F5N2ExU1dIa0htYXBjRXpnCllLTFJVZ09PdktyNU4velNZeUU3\nV1A2ZkFnckRVOEFTSXFFdUdWbStEcTQKLS0tIGM4MUh5d0NzRVd0ZSsrZXA3ZkRB\ndHlyWkRvaHhIL3JkUUJnU1ZJY2tvNGMKPcjIbW2sNIuDrewO9svoHGJWizB4sp/w\nBzYZbGwIfKdbPHvSyveOd7r19EgW32CaczepCkayiPbGXjgZvjKyVQ==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_1__map_recipient=age1kjnrt7vnwhqzryxrgakd7tdga9sxvjrlgtj0j8xz0sah798atvxquvpqla
sops_age__list_2__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6S3lFNDFhZjdXZXJXYkZP\nclFBMEdZU09QdGQwYjhzekxVNnFRY1BCM2hzCisySkdBUWp2OXBmRWNBTXdydmo1\nWjBabG1IR1l4ZUVJNEpQY3BleWg0TTgKLS0tIHZhT2ZEenJsbkpYSE9IeXloOUtN\nM3VLZmpTc1d3d2hyd1VGY3JkVzhpRzQKsGIQlZQ8SUzTXUoVQFXWROKhDhMnO9E3\nrNXMOgaBgKtBX/heASJz+c+v+LJA6LEXUD8QHpJtfwwaYccLf9Xz5g==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_2__map_recipient=age1nhs7nhvkqhw8qgdyxwmgts044ce3t7jsgesea5l5mfz4ex6jsgyq76cfsy
sops_lastmodified=2026-02-02T17:00:58Z
sops_mac=ENC[AES256_GCM,data:HarL1bLMnY+wnEA8iBwuRcGZrNUlopfYVEd99rFHk7ftKnFo4ipPsnshlE8bLqu5Jghp/+n5YYLkAC4vkIAUvbLj+yWQf1ImoJlGg4HvoIyNUbA1xCNlFjH5Y151h8jWLpYoemQpvQThC6hmNZkNR/bewUGvaL644OCJpDTqyzw=,iv:MSJI8Q4P3AI4XNrsPIao9jsf7f85A9ubxy0KmdPoKh0=,tag:4ri2+WTvseqNcVDTB15mFg==,type:str]
sops_unencrypted_suffix=_unencrypted
sops_version=3.11.0

11
secrets/nyandroid-token.env
View File

@ -1,11 +0,0 @@
NYANDROID_TOKEN=ENC[AES256_GCM,data:La7tY2dCZfXaxxo3RH3rghGJ244Gc2txt6Ja6lHbxNDJFpbAv01Evx+J3KFEs0EYMjclWWFOV3SZLy8=,iv:iLSQGVUKWwe3PMdkfuY3yVk0Z32AONJDZZXdl6G+hFU=,tag:YhJEZDqgJtD4lyVZmSEnDA==,type:str]
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IFdhNW5ydyBBbmJzMTgw\nWjMzci9YaWhRejh5RTRLUXE5b0tkem9aT09nTWFMUXVyY3lySgo1cjZySTlvSG5G\nQnRQSXlYd2hyRGgxN0wrUzF0cG9MaG9COTM4dElFMFBrCi0tLSB2M1RUeWNHanN0\nNEVMYk04S0xjODAxbVhRU2JJWGFBTWRoMFRjMDZuZXZzCvEF4C5VB+G3ITku+e65\ncal5hgGMjvX9M9PZ4t1VvLo9i/4LZyAgmn2Jb4G9H3wBrA4uak+sB5uVG8hu+4Ru\nfHg=\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_0__map_recipient=age1se1q089cm462yku3md4xyk9lc4ck2x429awx9gh75lg6tpcaeyumcpnud7nht9
sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjNWxaQUcyNGFzcTdwYklP\nRmVzc2xUVXNOOUxwc3JrRGxVNW1qb0FncXc4CkZuL1hOS0dVa053NVRJZDBXYkND\nZ1FQYkVkRmNNdERwWW9taHZPYkxBVDQKLS0tIDFlZjMwZk1BN2N3MGhzcnExVy93\nTU5WSWJLZjFoM25JcUFaQkduTmFjU1EKEsNlMgtF3i6qD1WNaiCTu/tnvOrsAVZn\n+Mq8hb/WRJryUdBNDhnM5Acps2EUU9pm9LarU0XLYBRodw2fnvzrVQ==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_1__map_recipient=age1kjnrt7vnwhqzryxrgakd7tdga9sxvjrlgtj0j8xz0sah798atvxquvpqla
sops_age__list_2__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGUnhXYWIxeFlUQlRkVmFk\ndUREdkgrWG9PK1UvUFBpeS9KSlNqVHNVOEJvCmdKZUdGVVgveEtxdUdIZFBlaTNB\nSmc5aFRtZnc2dFhwcTlTUTA0WE1TMTgKLS0tIG9LYS9SWk51ZysyOGlvVUNsVzJw\nWUV6ZTMzM1BCbW0rMlIxQUFNbXFuZVEKWHG457bR2rEZ0EZV+IdSFVdN/4Zx+VOQ\n/EvoN2qcSk3FNIT+PaXnxIiCSpepZYfJMyFlHAeEi+EaazSwZ7p9qA==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_2__map_recipient=age1nhs7nhvkqhw8qgdyxwmgts044ce3t7jsgesea5l5mfz4ex6jsgyq76cfsy
sops_lastmodified=2026-02-02T16:58:30Z
sops_mac=ENC[AES256_GCM,data:lHDUN2Ndk6cFcMcFvtxCVCAuQNiMQPk4rxI9Nh8vAlzHhdCdgvYquI9EPn7dtMhRHDPE3t7dj/6qVMvUDHLTJtcn2xXkvBi9ZfgUY3Halu2Ib/Fux0faGE5DdKOfOHbQGS6CHM+MUuK6LL/LWN2+c6zIW8cO0VI2t537ry0jq7o=,iv:04gwhK+6gKz5j/JUPLYfNszpWnTK/HZs8zSi9BAvqc0=,tag:5zaCYPJdWQRdaXTRv4Go8A==,type:str]
sops_unencrypted_suffix=_unencrypted
sops_version=3.11.0

40
secrets/secrets.yaml
View File

@ -1,40 +0,0 @@
gocryptfs-pass: ENC[AES256_GCM,data:9kNFGfTBdOGoXDfSQmnrkihnXmF2Qx0U,iv:lzPqXHbniTsltqWAsCaYgrS4UyZAskEX/nm6/IsbZ2k=,tag:kaou32kM5YCqoOHDQWT2Ow==,type:str]
restic-pass: ENC[AES256_GCM,data:URCa2YXY103XnZmyY0Wp5RrzHPj5MvCvDcRurtfDPMU=,iv:0XvodvaSV3AkbDnXqHhRbvt1IcB0goeQBClwwzdxH7Q=,tag:huH+5YPARPAueMNmzI3Aig==,type:str]
create-ap-pass: ENC[AES256_GCM,data:iIq0ZUCWKYKZWNmvTjon0D8HkzxL9iqX5rJj6VBkkwI=,iv:KGkYVwErmb5ra+HTv6MAgOW0Fs8vWx/Kz8PWD4Xx9I8=,tag:GOtcKfSe+61SGoh1PRGNWg==,type:str]
qbittorrent-pass: ENC[AES256_GCM,data:J5m9y2pX5oI6ziIkhlMXXgszDum+rfQFfAQoImawW48=,iv:FqOYreDUX0CATPugra/dTlx2yMS4UMN0o8NesueRu3k=,tag:neKoHJhwdUdl/2mJKWkslg==,type:str]
grafana-key: ENC[AES256_GCM,data:m/MJnidxdqnGk2GO6JXQ9Gw36a5gIWkVumggOx6NjZE=,iv:aCArsPNlDsp1b0+CAYRqAHV5n69wwUccSgvTXpKhEwQ=,tag:10rM/WytKNS3HqHMht4sMw==,type:str]
grafana-oauth: ENC[AES256_GCM,data:en+OyzGDfNKYisyQxvlIRVrCXPNgyOgCIngtoEsJNTnO9RHqW4ny+rfKhZz0IZfl,iv:tI1q9UYI8ddi4KkSi/NiNJ50Eo21yi+vSHs9KZUsm58=,tag:SeGw6fJVshVAvuMfYcnDqg==,type:str]
sops:
age:
- recipient: age1se1q089cm462yku3md4xyk9lc4ck2x429awx9gh75lg6tpcaeyumcpnud7nht9
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHBpdi1wMjU2IFdhNW5ydyBBcnY1MnB3
VzY2KzkxcE5OT2FMMTM5TTgzeERTS2U2VTJqZE8vYTNiQnJKTApvN2o1Uk9VRHQy
L1ROby9XSkFnTUxmUFhKNkJKVXFibndBSnNIRytIU1BzCi0tLSBCZExiWXJUSE44
ZDh0UmowV2g3T0pUVGt1NnozNTV1ZDc4YkQ1K1hQVkFzChq8BRi5mt5nRcD/ZF+F
YsmVYHxxL573oJD06MvSFpT26dNEUaqWblUP1NnI26Qa2b/K6n8eWR6ADqW0nPIl
7uI=
-----END AGE ENCRYPTED FILE-----
- recipient: age1kjnrt7vnwhqzryxrgakd7tdga9sxvjrlgtj0j8xz0sah798atvxquvpqla
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJYVNuZzJmYWVNTlhveE5l
U3VuUnRVd0NYMEkvTG1QR0pTREZHT21lSGprClBQaUhMSWJpakwyWVprcXZsSGU1
d0tLblZYS1g2KzhLaXQzaHhIeUs3dEEKLS0tIEVYWWg3RWM0UFJScU85NG9kN3ZG
c2RGbkpCa3g3N2Jock5vellXZEpldXcKowC4myqPJsS2dweypyWvol6o3WsAW9qD
6NfVtXdj52+Whr+/tHUJ1J2mkKZonSCfbpmKh/JYOINln6xgnDtbIw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1nhs7nhvkqhw8qgdyxwmgts044ce3t7jsgesea5l5mfz4ex6jsgyq76cfsy
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoRjAybHJDMEQ3TXpkSnlC
NkhlTVRFdzJxaHdDeWNCOHpZUWtXMy80cFdNCjZDRC9OR0xnOS91QjdYMXFuRE10
ZUtpQjRaeVhodFdTcWp0WmVBa1lpbVEKLS0tIEtmWUxiZDJ0djl0Tk9YbVlLcUZN
RGtjY1V6U2tla3ZaS09haXYrYUNrVDgK0e3UVPshSTB7kwYzm4uVUDif2PwiIGg4
Qb4P3L13Lg6tT0a1SBEs2gedbNVcWyA0YgGTWouWvZIhBmSCOvHYVQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-02-08T00:40:49Z"
mac: ENC[AES256_GCM,data:erZf2eNF422UBzmRDgviq+X+ghs+CfP6gKSCJQsYR/AMr2QYuewzAfPEQ9UKcw8LNRmdlRCcqp7CV0qpUk+38j4m54ETDMqUBS3bwRjaKD/RocJ/5VB3Paq8rt5eiNH0KK4deFmm6ZHp5bccJwH45ne/ys2tLGbp+EiDCjGkud0=,iv:AzzlewHvkTcAO9KLM1+lS4mvb8A75gPgquTNLzXEDvw=,tag:LY0+FTisigltO+pmrTzxgQ==,type:str]
unencrypted_suffix: _unencrypted
version: 3.11.0