From 516b647ed4fcb82af37c4fee7d6365724373128f Mon Sep 17 00:00:00 2001 From: Lukas Wurzinger Date: Sun, 9 Mar 2025 16:37:21 +0100 Subject: [PATCH] =?UTF-8?q?pluh=20=F0=9F=97=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- classes/headful/codium.nix | 6 + classes/headful/flatpak.nix | 6 +- classes/headful/gtk.nix | 2 +- classes/headful/hardware.nix | 10 +- classes/headless/grafana.nix | 26 ++-- classes/headless/loki.nix | 17 ++- classes/headless/prometheus.nix | 3 +- classes/headless/promtail.nix | 1 - classes/headless/tailscale.nix | 12 ++ classes/kiosk/cosmic.nix | 1 + classes/kiosk/gtk.nix | 2 +- classes/kiosk/hardware.nix | 11 +- classes/kiosk/mullvad.nix | 6 - classes/kiosk/wayland.nix | 6 - flake.lock | 117 +++++++++++++----- flake.nix | 14 +-- hosts/headful/flamingo/librewolf.nix | 5 + hosts/headful/glacier/librewolf.nix | 5 + .../firefox.nix => headful/glacier/steam.nix} | 2 +- hosts/headless/abacus/headscale.nix | 9 ++ hosts/kiosk/insomniac/librewolf.nix | 5 + hosts/kiosk/insomniac/users.nix | 4 +- lib.nix | 3 +- packages/disk/disk.bash | 4 +- packages/puter/puter.bash | 2 +- secrets/forgejo-admin.age | Bin 558 -> 558 bytes secrets/forgejo-mailer.age | Bin 558 -> 558 bytes secrets/microbin.age | Bin 663 -> 663 bytes secrets/miniflux.age | 21 ++-- secrets/restic-abacus.age | 21 ++-- secrets/restic-vessel.age | Bin 557 -> 557 bytes secrets/secrets.nix | 2 +- secrets/user-insomniac.age | Bin 0 -> 615 bytes secrets/user-lukas.age | Bin 1088 -> 1088 bytes secrets/vaultwarden.age | Bin 867 -> 867 bytes 35 files changed, 204 insertions(+), 119 deletions(-) create mode 100644 classes/headful/codium.nix create mode 100644 classes/headless/tailscale.nix delete mode 100644 classes/kiosk/mullvad.nix delete mode 100644 classes/kiosk/wayland.nix create mode 100644 hosts/headful/flamingo/librewolf.nix create mode 100644 hosts/headful/glacier/librewolf.nix rename hosts/{kiosk/insomniac/firefox.nix => headful/glacier/steam.nix} (57%) create mode 100644 hosts/headless/abacus/headscale.nix create mode 100644 hosts/kiosk/insomniac/librewolf.nix create mode 100644 secrets/user-insomniac.age diff --git a/classes/headful/codium.nix b/classes/headful/codium.nix new file mode 100644 index 0000000..9361621 --- /dev/null +++ b/classes/headful/codium.nix @@ -0,0 +1,6 @@ +{pkgs, ...}: { + # TODO: wrap + environment.systemPackages = [ + pkgs.vscodium + ]; +} diff --git a/classes/headful/flatpak.nix b/classes/headful/flatpak.nix index 1ff0c53..752a25e 100644 --- a/classes/headful/flatpak.nix +++ b/classes/headful/flatpak.nix @@ -1,3 +1,7 @@ -{ +{inputs, ...}: { + imports = [ + inputs.flatpak.nixosModules.nix-flatpak + ]; + services.flatpak.enable = true; } diff --git a/classes/headful/gtk.nix b/classes/headful/gtk.nix index b420942..34ada01 100644 --- a/classes/headful/gtk.nix +++ b/classes/headful/gtk.nix @@ -1,4 +1,4 @@ -{ +{pkgs, ...}: { xdg.portal.extraPortals = [pkgs.xdg-desktop-portal-gtk]; programs.dconf.enable = true; diff --git a/classes/headful/hardware.nix b/classes/headful/hardware.nix index 05f7363..a49266b 100644 --- a/classes/headful/hardware.nix +++ b/classes/headful/hardware.nix @@ -1,16 +1,10 @@ -{pkgs, ...}: { +{ hardware = { bluetooth.enable = true; steam-hardware.enable = true; xone.enable = true; xpadneo.enable = true; opentabletdriver.enable = true; - graphics = { - enable = true; - extraPackages = [ - pkgs.libvdpau-va-gl - pkgs.vaapiVdpau - ]; - }; + graphics.enable = true; }; } diff --git a/classes/headless/grafana.nix b/classes/headless/grafana.nix index d1e49d4..56267f0 100644 --- a/classes/headless/grafana.nix +++ b/classes/headless/grafana.nix @@ -1,20 +1,24 @@ { + config, + lib, + ... +}: { services.grafana = { enable = true; - domain = "grafana.pele"; - port = 9010; - addr = "127.0.0.1"; - # WARNING: this should match nginx setup! - # prevents "Request origin is not authorized" - rootUrl = "http://192.168.1.10:8010"; # helps with nginx / ws / live + settings.server = { + domain = "grafana.pele"; + http_port = 9010; + http_addr = "127.0.0.1"; + root_url = "http://192.168.1.10:8010"; # TODO + protocol = "http"; + }; - protocol = "http"; analytics.reporting.enable = false; provision = { enable = true; - datasources = [ + datasources.settings.datasources = [ { name = "Prometheus"; type = "prometheus"; @@ -31,11 +35,11 @@ }; }; - services.nginx.virtualHosts.${config.services.grafana.domain} = { + services.nginx.virtualHosts.${config.services.grafana.settings.server.domain} = { locations."/" = { proxyPass = "http://${lib.formatHostPort { - host = config.services.grafana.addr; - inherit (config.services.grafana) port; + host = config.services.grafana.settings.server.http_addr; + port = config.services.grafana.settings.server.http_port; }}"; proxyWebsockets = true; }; diff --git a/classes/headless/loki.nix b/classes/headless/loki.nix index 0081db1..cf2f1f0 100644 --- a/classes/headless/loki.nix +++ b/classes/headless/loki.nix @@ -1,4 +1,4 @@ -{ +{config, ...}: { services.loki = { enable = true; configuration = { @@ -25,10 +25,10 @@ schema_config = { configs = [ { - from = "2022-06-06"; - store = "boltdb-shipper"; + from = "2022-06-06"; #TODO + store = "tsdb"; object_store = "filesystem"; - schema = "v12"; + schema = "v13"; index = { prefix = "index_"; period = "24h"; @@ -38,9 +38,9 @@ }; storage_config = { - boltdb_shipper = { - active_index_directory = "/var/lib/loki/boltdb-shipper-active"; - cache_location = "/var/lib/loki/boltdb-shipper-cache"; + tsdb_shipper = { + active_index_directory = "${config.services.loki.dataDir}/tsdb-shipper-active"; + cache_location = "${config.services.loki.dataDir}/tsdb-shipper-cache"; cache_ttl = "24h"; shared_store = "filesystem"; }; @@ -65,7 +65,7 @@ }; compactor = { - working_directory = "/var/lib/loki"; + working_directory = config.services.loki.dataDir; shared_store = "filesystem"; compactor_ring = { kvstore = { @@ -74,6 +74,5 @@ }; }; }; - # user, group, dataDir, extraFlags, (configFile) }; } diff --git a/classes/headless/prometheus.nix b/classes/headless/prometheus.nix index 0daaa69..427c218 100644 --- a/classes/headless/prometheus.nix +++ b/classes/headless/prometheus.nix @@ -10,6 +10,7 @@ exporters = { node = { enable = true; + listenAddress = "127.0.0.1"; port = 3021; enabledCollectors = ["systemd"]; }; @@ -22,7 +23,7 @@ { targets = let target = lib.formatHostPort { - host = config.services.prometheus.exporters.node.listenAddr; + host = config.services.prometheus.exporters.node.listenAddress; inherit (config.services.prometheus.exporters.node) port; }; in [target]; diff --git a/classes/headless/promtail.nix b/classes/headless/promtail.nix index e1dfad5..2a6e14f 100644 --- a/classes/headless/promtail.nix +++ b/classes/headless/promtail.nix @@ -37,6 +37,5 @@ } ]; }; - # extraFlags }; } diff --git a/classes/headless/tailscale.nix b/classes/headless/tailscale.nix new file mode 100644 index 0000000..fb757c4 --- /dev/null +++ b/classes/headless/tailscale.nix @@ -0,0 +1,12 @@ +{ + services.tailscale = { + enable = true; + openFirewall = true; #TODO + }; + + networking.firewall = { + checkReversePath = "loose"; + trustedInterfaces = ["tailscale0"]; + allowedUDPPorts = [config.services.tailscale.port]; + }; +} diff --git a/classes/kiosk/cosmic.nix b/classes/kiosk/cosmic.nix index ada019e..e5455f4 100644 --- a/classes/kiosk/cosmic.nix +++ b/classes/kiosk/cosmic.nix @@ -1,5 +1,6 @@ { config, + lib, inputs, pkgs, ... diff --git a/classes/kiosk/gtk.nix b/classes/kiosk/gtk.nix index b420942..34ada01 100644 --- a/classes/kiosk/gtk.nix +++ b/classes/kiosk/gtk.nix @@ -1,4 +1,4 @@ -{ +{pkgs, ...}: { xdg.portal.extraPortals = [pkgs.xdg-desktop-portal-gtk]; programs.dconf.enable = true; diff --git a/classes/kiosk/hardware.nix b/classes/kiosk/hardware.nix index 05f7363..625fbdd 100644 --- a/classes/kiosk/hardware.nix +++ b/classes/kiosk/hardware.nix @@ -1,16 +1,9 @@ -{pkgs, ...}: { +{ hardware = { bluetooth.enable = true; steam-hardware.enable = true; xone.enable = true; xpadneo.enable = true; - opentabletdriver.enable = true; - graphics = { - enable = true; - extraPackages = [ - pkgs.libvdpau-va-gl - pkgs.vaapiVdpau - ]; - }; + graphics.enable = true; }; } diff --git a/classes/kiosk/mullvad.nix b/classes/kiosk/mullvad.nix deleted file mode 100644 index 31d3c05..0000000 --- a/classes/kiosk/mullvad.nix +++ /dev/null @@ -1,6 +0,0 @@ -{pkgs, ...}: { - services.mullvad-vpn = { - enable = true; - package = pkgs.mullvad-vpn; - }; -} diff --git a/classes/kiosk/wayland.nix b/classes/kiosk/wayland.nix deleted file mode 100644 index d11e343..0000000 --- a/classes/kiosk/wayland.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - environment.sessionVariables = { - NIXOS_OZONE_WL = "1"; - SDL_VIDEODRIVER = "wayland"; - }; -} diff --git a/flake.lock b/flake.lock index b9afc0a..ddfe614 100644 --- a/flake.lock +++ b/flake.lock @@ -95,11 +95,11 @@ "nixpkgs": "nixpkgs_4" }, "locked": { - "lastModified": 1740678151, - "narHash": "sha256-q0tKL+Yny0wkLCHRBHQ97YhjorNLnbnyjc+FnQZyKkM=", + "lastModified": 1741348424, + "narHash": "sha256-nPwbJpX8AxmzbgRd2m6KHIbyN1xavq1BaBdJzO/lkW0=", "owner": "cachix", "repo": "devenv", - "rev": "af151da5e3d7391fe778050da00d8e7cefa2d087", + "rev": "8f8c96bb1e0c6a59a97592328dc61b9fdbe7474b", "type": "github" }, "original": { @@ -153,6 +153,22 @@ } }, "flake-compat_3": { + "flake": false, + "locked": { + "lastModified": 1717312683, + "narHash": "sha256-FrlieJH50AuvagamEvWMIE6D2OAnERuDboFDYAED/dE=", + "owner": "nix-community", + "repo": "flake-compat", + "rev": "38fd3954cf65ce6faf3d0d45cd26059e059f07ea", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_4": { "flake": false, "locked": { "lastModified": 1733328505, @@ -195,11 +211,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1738453229, - "narHash": "sha256-7H9XgNiGLKN1G1CgRh0vUL4AheZSYzPm+zmZ7vxbJdo=", + "lastModified": 1741352980, + "narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "32ea77a06711b758da0ad9bd6a844c5740a87abd", + "rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9", "type": "github" }, "original": { @@ -257,11 +273,11 @@ ] }, "locked": { - "lastModified": 1737465171, - "narHash": "sha256-R10v2hoJRLq8jcL4syVFag7nIGE7m13qO48wRIukWNg=", + "lastModified": 1740849354, + "narHash": "sha256-oy33+t09FraucSZ2rZ6qnD1Y1c8azKKmQuCvF2ytUko=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "9364dc02281ce2d37a1f55b6e51f7c0f65a75f17", + "rev": "4a709a8ce9f8c08fa7ddb86761fe488ff7858a07", "type": "github" }, "original": { @@ -316,11 +332,11 @@ }, "hardware": { "locked": { - "lastModified": 1740646007, - "narHash": "sha256-dMReDQobS3kqoiUCQIYI9c0imPXRZnBubX20yX/G5LE=", + "lastModified": 1741325094, + "narHash": "sha256-RUAdT8dZ6k/486vnu3tiNRrNW6+Q8uSD2Mq7gTX4jlo=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "009b764ac98a3602d41fc68072eeec5d24fc0e49", + "rev": "b48cc4dab0f9711af296fc367b6108cf7b8ccb16", "type": "github" }, "original": { @@ -423,6 +439,26 @@ "type": "github" } }, + "nixos-cosmic": { + "inputs": { + "flake-compat": "flake-compat_3", + "nixpkgs": "nixpkgs_6", + "nixpkgs-stable": "nixpkgs-stable_2" + }, + "locked": { + "lastModified": 1741532023, + "narHash": "sha256-wPoRT99r7dMQiXWzDe9v/2OSXOmGOWad/0q9norshvs=", + "owner": "lilyinstarlight", + "repo": "nixos-cosmic", + "rev": "364761eb5ba3f1514446b6a0eb8e8651c5bc4c67", + "type": "github" + }, + "original": { + "owner": "lilyinstarlight", + "repo": "nixos-cosmic", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1703013332, @@ -441,14 +477,17 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1738452942, - "narHash": "sha256-vJzFZGaCpnmo7I6i416HaBLpC+hvcURh/BQwROcGIp8=", - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz" + "lastModified": 1740877520, + "narHash": "sha256-oiwv/ZK/2FhGxrCkQkB83i7GnWXPPLzoqFHpDD3uYpk=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "147dee35aab2193b174e4c0868bd80ead5ce755c", + "type": "github" }, "original": { - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz" + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" } }, "nixpkgs-stable": { @@ -467,6 +506,22 @@ "type": "github" } }, + "nixpkgs-stable_2": { + "locked": { + "lastModified": 1741332913, + "narHash": "sha256-ri1e8ZliWS3Jnp9yqpKApHaOo7KBN33W8ECAKA4teAQ=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "20755fa05115c84be00b04690630cb38f0a203ad", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs_2": { "locked": { "lastModified": 1733212471, @@ -533,11 +588,11 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1740695751, - "narHash": "sha256-D+R+kFxy1KsheiIzkkx/6L63wEHBYX21OIwlFV8JvDs=", + "lastModified": 1741379970, + "narHash": "sha256-Wh7esNh7G24qYleLvgOSY/7HlDUzWaL/n4qzlBePpiw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6313551cd05425cd5b3e63fe47dbc324eabb15e4", + "rev": "36fd87baa9083f34f7f5027900b62ee6d09b1f2f", "type": "github" }, "original": { @@ -549,11 +604,11 @@ }, "nixpkgs_7": { "locked": { - "lastModified": 1740019556, - "narHash": "sha256-vn285HxnnlHLWnv59Og7muqECNMS33mWLM14soFIv2g=", + "lastModified": 1741310760, + "narHash": "sha256-aizILFrPgq/W53Jw8i0a1h1GZAAKtlYOrG/A5r46gVM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "dad564433178067be1fbdfcce23b546254b6d641", + "rev": "de0fe301211c267807afd11b12613f5511ff7433", "type": "github" }, "original": { @@ -565,16 +620,16 @@ }, "phps": { "inputs": { - "flake-compat": "flake-compat_3", + "flake-compat": "flake-compat_4", "nixpkgs": "nixpkgs_7", "utils": "utils" }, "locked": { - "lastModified": 1740296995, - "narHash": "sha256-M0bsnyYP5DqO7EKL9ujwXCWKwwlg9F2xUklpMvbd/0s=", + "lastModified": 1741496686, + "narHash": "sha256-dJJ6n2w4OIemUWwfOy3yufKhggE0ncNOklbKgfa8CRY=", "owner": "fossar", "repo": "nix-phps", - "rev": "6a6be7dd7f86f305deab7799a17af50aff0e3218", + "rev": "f40909d5223656db01879d3325a8306883bcc668", "type": "github" }, "original": { @@ -619,7 +674,11 @@ "flatpak": "flatpak", "hardware": "hardware", "lanzaboote": "lanzaboote", - "nixpkgs": "nixpkgs_6", + "nixos-cosmic": "nixos-cosmic", + "nixpkgs": [ + "nixos-cosmic", + "nixpkgs" + ], "phps": "phps" } }, diff --git a/flake.nix b/flake.nix index ac85421..305c8e7 100644 --- a/flake.nix +++ b/flake.nix @@ -14,6 +14,8 @@ phps.url = "github:fossar/nix-phps"; lanzaboote.url = "github:nix-community/lanzaboote/v0.4.2"; flatpak.url = "github:gmodena/nix-flatpak?ref=latest"; + nixpkgs.follows = "nixos-cosmic/nixpkgs"; + nixos-cosmic.url = "github:lilyinstarlight/nixos-cosmic"; }; outputs = { @@ -57,14 +59,10 @@ ]; }; - packages = - self.lib.genAttrs [ - "puter" - "disk" - "musicomp" - ] ( - name: pkgs.callPackage ./packages/${name} {} - ); + packages = self.lib.packagesFromDirectoryRecursive { + inherit (pkgs) callPackage; + directory = ./packages; + }; }; }; } diff --git a/hosts/headful/flamingo/librewolf.nix b/hosts/headful/flamingo/librewolf.nix new file mode 100644 index 0000000..229aa0a --- /dev/null +++ b/hosts/headful/flamingo/librewolf.nix @@ -0,0 +1,5 @@ +{ + services.flatpak.packages = [ + "io.gitlab.librewolf-community" + ]; +} diff --git a/hosts/headful/glacier/librewolf.nix b/hosts/headful/glacier/librewolf.nix new file mode 100644 index 0000000..229aa0a --- /dev/null +++ b/hosts/headful/glacier/librewolf.nix @@ -0,0 +1,5 @@ +{ + services.flatpak.packages = [ + "io.gitlab.librewolf-community" + ]; +} diff --git a/hosts/kiosk/insomniac/firefox.nix b/hosts/headful/glacier/steam.nix similarity index 57% rename from hosts/kiosk/insomniac/firefox.nix rename to hosts/headful/glacier/steam.nix index 44cf818..e51a6e8 100644 --- a/hosts/kiosk/insomniac/firefox.nix +++ b/hosts/headful/glacier/steam.nix @@ -1,5 +1,5 @@ { services.flatpak.packages = [ - "org.mozilla.firefox" + "com.valvesoftware.Steam" ]; } diff --git a/hosts/headless/abacus/headscale.nix b/hosts/headless/abacus/headscale.nix new file mode 100644 index 0000000..3306e15 --- /dev/null +++ b/hosts/headless/abacus/headscale.nix @@ -0,0 +1,9 @@ +{ + services.headscale = { + enable = true; + address = "127.0.0.1"; + port = 3122; # TODO + settings = { + }; + }; +} diff --git a/hosts/kiosk/insomniac/librewolf.nix b/hosts/kiosk/insomniac/librewolf.nix new file mode 100644 index 0000000..229aa0a --- /dev/null +++ b/hosts/kiosk/insomniac/librewolf.nix @@ -0,0 +1,5 @@ +{ + services.flatpak.packages = [ + "io.gitlab.librewolf-community" + ]; +} diff --git a/hosts/kiosk/insomniac/users.nix b/hosts/kiosk/insomniac/users.nix index c61ed67..e059585 100644 --- a/hosts/kiosk/insomniac/users.nix +++ b/hosts/kiosk/insomniac/users.nix @@ -6,7 +6,7 @@ inherit (config.users) mainUser; in { users = { - mainUser = lib.mkForce "user"; - users.${mainUser}.description = lib.mkForce "User"; + mainUser = lib.mkForce "insomniac"; + users.${mainUser}.description = lib.mkForce "Insomniac"; }; } diff --git a/lib.nix b/lib.nix index b4f3667..9374f57 100644 --- a/lib.nix +++ b/lib.nix @@ -67,7 +67,8 @@ lib: _: { }; dirsIn = dir: - lib.pipe (builtins.readDir dir) [ + lib.pipe dir [ + builtins.readDir (lib.filterAttrs (_: type: type == "directory")) builtins.attrNames ]; diff --git a/packages/disk/disk.bash b/packages/disk/disk.bash index c3e0887..9b74435 100755 --- a/packages/disk/disk.bash +++ b/packages/disk/disk.bash @@ -54,8 +54,8 @@ bootlbl=BOOT mainlbl=main cryptmainlbl=cryptmain mapping=main -bootflags= -mainflags= +bootflags=() +mainflags=() fatflags=() ext4flags=() skips=() diff --git a/packages/puter/puter.bash b/packages/puter/puter.bash index fd4a01a..75c982e 100644 --- a/packages/puter/puter.bash +++ b/packages/puter/puter.bash @@ -29,7 +29,7 @@ args=$( eval set -- "$args" -if [[ -n $PUTER_FLAKEREF ]]; then +if [[ -v PUTER_FLAKEREF && -n $PUTER_FLAKEREF ]]; then flakeref=$PUTER_FLAKEREF fi flags=( diff --git a/secrets/forgejo-admin.age b/secrets/forgejo-admin.age index 52af37c3e1c1d080ea581c5b183e87ffae7a44c7..02d53111ff544626f2dc77a428f91b885e158b44 100644 GIT binary patch delta 486 zcmWO1Ka0~)004004u^b!+aw2WvAmamZ61PK+Dh*q#a`TLJ@9tP?9* zB^W%&U4Gd2Kp$l!?3UzANl_wCD|TY)@X!+=e);z#KxgMTwd2D`_f>DqTBshFf&`F$ z*zIP3bXkA13@eP%ETZNbv>MJQRgz32@gnPQvWvM|@V%7;xRqY8iLWVzp37?V>gk=6 z%Y_^2P>!Qi@#1aawufA4GO?WN-KN32Ljh$*vv*#n&LGv)5gxB6>l{apEIC|=ns9u3 zX+xtLtz%O_O*h&Ct5@YztJR`MT4}^<`%uqJai@9;B4jA>4$%lZTf!OVGd$u+x&omw zq3-|s@c!Prum65NT)-!99-D*fo7bPOZ%&^dao_uYzHLVI+s?D2A2j=^`SS7ZZ}=ax CB&0t8 literal 558 zcmZY4OOBIZ003YU<3dj0#)Q>un#vEf1!7_{K%x9R3Z(@~GA1oQr98^Bg_cWr1sC36 zc533n3mBKKjB(=uTy*EGofCZdHc>bX^Ps+z$GFH}6?H_kBsP45H_d(+B5FJ)Ioy_J zPTk>s+89fd1EbQ{`9{-xI|%YXF)k5rDLR?eh2gO9vi+Sc5*S%+^q*5gRs zWJGH~v=cV4lQO?8Min>+ElTNp(G8ALbS5Gl^R1|Z4l|9-hl0u-IQA^-U9M$mrDDNSD2xo7hXHaFZ@bIc%5f5Eg@Kxe zWCtW6S5c3Ef3#vsVuJddCHzj*W?5?2x{y$c{-6zqxSbhFn+l+;$_Wohom5%1=%ZT7 zVw8uC-1}CQD_)N%7Bl}$?^W#XSN`eghwHcRcf#|xpWnwXz4eppMt=79#qZbt&+GO0 O?#JzyulF|}r~d$Ym%AJQ diff --git a/secrets/forgejo-mailer.age b/secrets/forgejo-mailer.age index 4392c860d591dd60c88f99c886e1cfac79107960..a9199326d1bbea754f678b7b9cca9ceb22f0863d 100644 GIT binary patch literal 558 zcmZY2yRMU9007`P+V~JmIy61yUg}^%xk!QbFNH!6F(-kRODTmP{&ID4^%Zo|@l0-- zI5;_*II5eYtCNYxGatVf_`E0>1=+6b;Q5ee7kL?tYho~Zf*}--f<4JF#1u1S#V#An zOgp)^7ITwMk-!)eAh%Vo*QP)eA_FD8b6h=K^qFCCgM()6agOE%tw=X>B`JkVou!II z8Y;<|!hzp26gksW%Q^nH4fl;_-Zg-q4`ixvGiZl1 z+2LTM=F2X_<5;`wU0g#O(9vAo$o;sKg~ebr8ez7`=Jr@`k7I=_syx8Adm`?1BV*Z3 z!8r;@0#WgN-b?3$>z{{DSC1~fUsVr&eg5+MK3BYY7XEpdeSPu#;&UcOCtDlw5k$33;;!uG`i(Q3wEf~ zoNaKKpF?a+W9`~h5=XQa2Fdaw6Vu0bO*L8}jk&-)A)Il;r&CYa(z4`xK|<%@U}HJV z87;M-0JU^8cWg#-$<==v7IeCf&eSrJNsQ?!m&=pspzCFk)g#h`TQz32Wv~O-;i7__ zy+Bry72m8GQBx{%4|z>Ej0IILR#{{xcA8kJmyE|L=DWe^zUFCOn{{XtXA1yk(;Ktd zVLqYv5*Ay4FhSTmadeq8oD`}1QVN$q!fc4T)Y}`3* zC>5Z9cD%1eQC=w>y7hE%Kkfdd#V{-2-fVcigVO34Rfq1_i(UqDmM|Qli;+U5G^TF^ zk2s$=UR~}KnU*Icq?TI3+obJKRn3+a8E-lS$8i++P?{T~I$XM$t`4piwJpCVjaKo4 z6PO)#6l>RFxzY0lqC9^8_3F(ne0AMEc=Ykt(=R`rKlRm}^yKq(_WJwnr?)S^eRvrD NhIj9{^N$yM;V<^_xVr!V diff --git a/secrets/microbin.age b/secrets/microbin.age index 7e9c887f4c6717f415d43bd79897d8ab614a92ea..b8507ff1f5fbff0134dd4f320fbe679e07a53bc5 100644 GIT binary patch delta 591 zcmWO2O>5I&003ZA2HMj=!QnxR!oX!EOWL%Fhe6wIG0)O5{XJ5mJ$;W(#Gt6*gH%$C5tH;~lbT zfEt;_{IY_0fzV{oakNk!pcsY_K>-3D&j))>l@bnY@jL@cZIQ&&a@NW;5;$%yd>ff=X%&}? zGN}?mJCKIt$*$UMNntBLYl`TQjg&v#k zna#YOHrbdIW7AZWGR?)yM^4X*Wy(o;HIJxbxQ`3fI-YOYTm{NDjIxs9Bp}Sti5_I< z$-|@$Q&t&Y0$4X{TbV*S4o}cI7muhDpu^-yqroP^vKU3&NFWpn1p&uOX;MK7z>m>R zJc*%vw{__3xk<^XSP2;uX0>p$=mA3w-~(2_J^G^Wul7G|lCN*x|I43S+I_#cKGoma z-B}r(pF5EDi1qyw;OfTj)h|!P!QA%GH?qCvx&F}GX5rdX?Bl)igHP`s&2QA;gX;4? zwz6~MJooU@)?kd6hgVM>`9o!gRoWq08i%dKSLqt%9USwW&Q1rb8--7S%xdET<6IInNnA3RA zjF58J<2w|BH~N~{Fb&C&qKv~yIL&B0faN-MQfWzMITbHzh)OGTk?SxM`P2kR@(I?f z1uF#w%p++D2we1ARy|OaVHAa8eioEnhVdJ*Qrc+8?QY5rXEVu?jB}1u;Upo<5>=0P z^i0#KksZqP;s_vNM7!@%Xg@;}hM9$hQbs}zT&&?yF5QL|3bhn94S{s)-mjBowi%Dx z;6%7jx%DVjfD^93mYk4F5Ogsj<7I3rG@b2pAzEbsu}b9x8zOo+#)V~s)fFS8vU*5B zNm#2Da|tKuXoRft9c%vT-V=j7UvVPszS|DHBP)Q7`gBf$lqiOD^|IM& ssh-ed25519 SFHVrw ftLkHrbUjgc35OAhuE3+E3V7hLCv23gzHTVqUWIsmiw -JNUkQKzmX0s2xrcjIppqy0bx3lnlciXdNXzomfs3YNg --> ssh-ed25519 S+dwQQ vd73NCcRI3GayDfyg+qsI4TVjV1o7yqdaA0TBDiLghQ -iKnkpBuM6iDTSCgoufxmaVpKfYEAAPVXjImxWFo9Hr4 --> ssh-ed25519 bPbvlw cWnTTG7zTMkR66awD2o7RF8YlXqkhOh0mYwih4Q2CSE -Lgw50YqS35S5rtOPQA5pEnfClx2tDK8Wpf5vq7iq+w8 --> ssh-ed25519 ffmsLw QjN349CibGpB9HMcc1qprvxgOfLrid5EMAGcdja3gwM -6RS4vZAvsUjqLtyeZJdLsuPXsHK5fZPA6pesfJxA9NQ ---- IWwGdacyhMgpnjPvdxPGMlyjAyWOp20Rjv6V9OoIGY0 -JRj)N[%`31ڵqίgheDF,~J oY@X~eK<ٚ84(IO \ No newline at end of file +-> ssh-ed25519 SFHVrw Yo23v7ejgzBUv+EmyQHALyOhSKxFvVnhDFWJyiReuWc +jbPVHR+HK02tExnubKCqoGN7Hm32ER4SqogwGNQ/R98 +-> ssh-ed25519 S+dwQQ AGE5B27dUQ98FBCy/sFEki4G1ZbIiUjAJIr1kOdBDg4 +OzbdTrqlgcl+IxGWmZbSInlJ3jzHE542DMPWZznedD0 +-> ssh-ed25519 bPbvlw KpvCpS6iMAt0Acagp111b57c2JSN3S9jQRGWNosrfRA +O+CJBJN5RC0Ft01fWHgXCpy2SeUdgxGW7MNPdZvz4YE +-> ssh-ed25519 ffmsLw vVNUoviY5cG67VdILPhON1DDFOzpAaSZq/s9R5AICGE +0WMV/lM+oQtn8m45TMBEuBQV3/JUqzVW4kDtf3y+6TU +--- SdYB9uVHXKT9B/+kKAkpnZt6rbqv8m1danRSXbz1NPk +5س Advjbo$;KJ.b z|sq}G@;!? +(Pn,PKJ8t \ No newline at end of file diff --git a/secrets/restic-abacus.age b/secrets/restic-abacus.age index ebf9589..11696cb 100644 --- a/secrets/restic-abacus.age +++ b/secrets/restic-abacus.age @@ -1,11 +1,12 @@ age-encryption.org/v1 --> ssh-ed25519 SFHVrw /OTVcIQd3fJVTG7aEwQCY/x6lfTd+EZpn7Jc4MeEcE4 -31r1WrTF9ZnrL5za6p57fafVJfQAj5iyY6lLQriIwaY --> ssh-ed25519 S+dwQQ TmWs92CYRNXJVaJCCsfQc7wWek38gofuVzaZiTchcRA -+zEDzASCzZbWn6weWXoBrCfDRLsOzKncFLLuXOTD/bc --> ssh-ed25519 bPbvlw UuI6fU6RpT5aZBUZjgypR/q7N24usjkTxdu+hemcH2Q -AaqzU+V02ezyLuBLFpjiobv0qL87JaAI+CVur0nyuZ4 --> ssh-ed25519 ffmsLw 41XX4wfkbdkgcOGV/QobtwxXjfyYEkpYrUSGjhg1wBw -YZFSenGSwenFCuVxlmFQSLUACP1XUewZlKtRGYTuzRE ---- FwFDJ/HQQyHH1Ik5HdCF4ZHihlNCvD9BYGxgM4KOims -F=Δ\*%]8lTp$Ó4m>;y9pgv! \ No newline at end of file +-> ssh-ed25519 SFHVrw piOZebIDKWjodO0VC2tlgc7gF0Dc1j7Pl/iJ18WhgCs +4LB/K71GW6t9VWO0bQD1i12wux6FxmSucFo/v+4GBxg +-> ssh-ed25519 S+dwQQ 0nz4PbGQjOFHkDDKWpC4Heg7ORRUl+LTqgU9dRq5njY +3wuRZk4/qdTgMBg8UK8ELc1vBbkXSyFwNiA0elPcIi4 +-> ssh-ed25519 bPbvlw mfwxdgOF2PKM88ZL0vbKWaeWpdD1TZ/+AeRYKfkIGDA +tKQarSGNY0Rdp0C+lLv2q0eFtRwewTB1Xn2MYUzldFs +-> ssh-ed25519 ffmsLw tswVSO8AEvvTHlXtU7hlcQD8f5wFHbq6ikMGPpVcHX8 +zNFK1TD5Feiq4G/LsJWI5hTZs7tCR4U9E76v1mno2FM +--- 8h7d7RCoKBPqA6xGX0W1XT85J6VSRu6X6QHDStN4/mA +7euDRJb!lk89?obM6<9<2q5B+I@;$)1&8C_gV+8tikgd=0rC^@E2&?7I>OWDQdDnoz>cdJ?erpV=>VRKC@EfKWCQf_LdT*$RYm~HBL$%I9;n)2x;ZR|ZKU1GDs;`m1J`Tf?q zQPaHJItuMp7b33d`F|Uh^p=HI3{(U$rAC<_=W<9U3a68@QTd%2OHF@Wt>Xmr4QW>z z0;&ZoohBIpz=0jkv`>!LGk9=;IEwmC+m6Y^9t5{Dcgwq5WJcY-N2BIUV|^>COmIxZ zIv1K`Ed>@ZIG)yx6zEFUXMwufO*ur(d*bM9PM+Ju?m-6&uN<+0W3b)P(JE?M1gkg= z)ua>1yPI<$_XdZ;u$x)5HL%;}4AjeXS$egkgJESd1(w^Jn^lxibHAke8d;Zf@#1Z` zv*JJly0dZ&icRbdpx``HQgWieHj^x{`I@Xbn|?hWIn?p@SE}&zP)8`-+li6@!ouD*yQHw)%{QK_lGY}9{v3F_1Om%rUEh#VIAj=Fz-?7q zRUM9?sb~Y&f&+?Zl}*D<=uKi|p)%U0OQ=l~6sV(^b((&RrNkrGnA*Jon62N$6$!YBhxBrPgOcBY+!D z=taf_m|2dcj*m3DU2CPhU$)4qPur$r5pdR;#j{Kd8C}s9$M}EEU-<2z!wY~kFw7)# zQM+s{<|0lN`M;}jqEX&7=caX)d0R>02nytbbwB3}+LC>jFp%hCyF@o^ zbr-Ez9@&oKo;C+ZMWIuM9)}_}9jf6b31)QX^B75zxE)`V1C(`U+gZG6)GJOYX4aTD z#ms>d)#lqve}+1xr~~YQ{^aiW?H&F3=lAQ;J^I^w-0WZ(e=*@hyKQ O{P~)E7&O=L?YqA>XtW&w diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 93a4494..0f2d182 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -1,6 +1,6 @@ with import ../pubkeys.nix; { "user-lukas.age".publicKeys = (builtins.attrValues users) ++ (builtins.attrValues (builtins.removeAttrs hosts ["insomniac"])); - "user-user.age".publicKeys = (builtins.attrValues users) ++ [hosts.insomniac]; + "user-insomniac.age".publicKeys = (builtins.attrValues users) ++ [hosts.insomniac]; "microbin.age".publicKeys = (builtins.attrValues users) ++ [hosts.abacus]; diff --git a/secrets/user-insomniac.age b/secrets/user-insomniac.age new file mode 100644 index 0000000000000000000000000000000000000000..d887b81abdfbbb54cabc1598102539618bc5d2ab GIT binary patch literal 615 zcmZY2O>5I&003YQf)Eiz*{%k53^h%%tO>#(ZI`A=lPqbHzKN*htNCd9m8?nIpP(m2 z5Cjz&A_xjHJSY<{gCU485T{2EiU)Dvp)gP0-SYRCMq0o|KBmxE*r-%;&Eil#4(qAn2>zs%CRmkci>Xvodr7CR7Z5^p zqeNY`bVtPyiH!JW;+Q?v;wr61g^a=&4A#h^KB8^&#D;iyn^yjXY0k6*Wh$*EKChGU=o8>KxYr9zA;E`C=S8XDI@{|D+NgFhI ztv448mU6{`sfi4YC}|PL=nroqzf=YTbF=T0dTD?Cf3rP3#{n o`n&j_GnedFr?mySzk9=2JlwuO{iNT2{_y4Oujk+7L;AtFf5gq%r~m)} literal 0 HcmV?d00001 diff --git a/secrets/user-lukas.age b/secrets/user-lukas.age index 7347eddb776fab728868f3ac6d1afffce08e602d..f25baabc56d96c50ce9c8e464e5bbdf416311e5e 100644 GIT binary patch literal 1088 zcmZY7yX)fw0KoC%hlm7^)5${+gZLOqZPO-cil`)Q(4h zP|!gToW#Rbf4J%3a3Y)s9)}(}h>CZ*=;GiYqWkan7kv4^*Yw@Ko7hE{9fCA@J}vw~ z4FUa^z_Q%+U1x+K&=lN|lv*^Px()H_7>ap7aBhQGkY5WnJmE(h%_X*Ia0u56LRuY5 z9S6qtk+n0pl?6l`bVjNqwNROSyQZ~H(<46TGRpCF#2$wiYCWeBMX-mq(?Tz?@Sv1% zj~`P6L`#I&u@aW!X_sbtvDAiGMd=Hmf)ys&P_B32g|3SOWXA5I5MTBN5}O;t_TV+U zM1i#_zc^pB1gnl3PzcaGEebX47W-1*1-%@M^2>u7JtWUD$4Ne)PuSXhZ- z(H=%CoK%C7o;$AAVLTF$NaAm44l&e5W~SW*o9D$P+klmit+U2D3#|`I@l_0rkuAq zBX3nUpoTAwsYRF)EiKK4b@&j1I5tb?(smh>#Sl_Vl3<3jxsn1_&atkk&i45ZVV!xe zlw>WPhcj(EiJWSpaFl09%3!#iUZ^P>6qj)@Y$aFr7*WCMfaM&+gi;3{jxs3AoQRo8 zqXjZ1+^(GLX~3*k7Prmeq8-kIVB@3dWFD(NE9O!fE~$oTax$N`uDDFk+cxnqTI1k; zZ;*~Nu%r>wiRM@}HPnu@thAFtCG%&&R2eFL1$WfPTLZvIa?)XcTdL%EkHt z#lrv*yCprNgOMleW3^PsycW9F3xTWI`=?J__P_l)xb`7r-AR9Y?GgS>`X+Vu!7cDI za_RP;cOLxefp>rG|5JSa>|0l`KYo4;c=S4-d^Y>;drx}m zC%>-Ihrf6ZdHlu+fA^uEPToF!@#ghj{zml6+3oL}XRhR%#=rV^;(koM@B{oG`pWCq R{(b7~6utG{?_Yj;<9}zO9%XbFbsrC;&*WH5&}ItZHG}(8n1x^=OztV9}Nv9Y_Jb)W$28ER~l$bO1zQRHEBQ+Kvh zmrCtj;CH!+qVYXP2=m%%coiCB)_@k!Tv@I{hPlw) z9BMY|ih0%QGcL^&sK>OUEHu|(vw(GZ7VOn{5DgtUbxC50v<)8U9Ata81D6Fn?ke4q zvnbxP#3U^FlVZ`&_k&(SGg=zfi;WK-YU+%j=XA@fm|jq`{fz=IbTk@^O1uPHzKEqR zItn~_I@|9H6&cQv4J0+pF7VtwQ&lX8SZbpSQ)(%)STPkSfX^^01IT=)HO%@@n?-PV zLbtfxXeS}D2v8#p<|&*dTaz7l%GPAE285U=VFpLByr5c87P-@{-{Y+icnHtpmDnC{ z^kW?=SK{zNLKk{CoQg{~kX`U;gvl_1Erx z9eL?n@zKYRf4Fo?Y4*$aO^DM+u3b2iK79Ym{o%#m?|pWZ{&efz8y{T1*}d}iGvQP6 z)xSP_Zt}5u>mTTkqgOtC?CZOzkG^{I)rZcW5Q2MtDUNPjB_24Vemni*+S9+j@cE17 a!E?e&c5*%d diff --git a/secrets/vaultwarden.age b/secrets/vaultwarden.age index 10a543287ae3994a0cefd860b1c9363db129b136..e1c57aca4c12b241be53f0e343fec1d9cfe7186e 100644 GIT binary patch delta 797 zcmV+&1LFMS2IB^hEPpUBZgwv@V>x+IGdDvsVpl~;D_T-=IZjS8Syg3vR7Fc-HgiT+ zc6WMrNeV}IPc|!bc42BtVPk4)ZYxA_b~!RZPgzVzGDlErPGm_-c}zA|NOwy%MG7rG zAaiqQEoEdfH8n9gAX6)3cTrIwNm6=qIAV5dO;|)&H(_{sFGfvhYcE+^Z+UZVQ!sjCZ(4P7PHjE~Y&A4tdQV|tW?^PaaxphqVRv$5Gg2>OH%(0nEiEk|RXAu?O>$5$MpHI8Wmt4I zaX3m*RZdH1OLcB}FnDfAO)@KgGFmw{Zdo)*3K{AS6tu4?)}(Yucca%@fLDvZpS(*e zyDz$MzE#(r6lF8hW%2*v2H(;@CXiJ|A1K$;X!s@-7at-R5@<6?RaH%#5#?~&(m01a zgH3%`GXfAJp&>CRf6qbNN`~=aDKY<+p{?u11tFdqyl2I3<+8ix)$5LbCvBkcrK{rL z#EB~_3nr>WF1eyVDmpmkt5r$V^`OS7b6>7&u-;hx(5QPQXU0#$`i*9{UQ?OG94!MV zYSuMh{2oC?CnTWn`E6f5pcggYd$D_26cJUDzj11nGkLmrA!FWfz&wOaS*-2o*od{t zXULOLGzH29fK3TCOV!qJjfwbKTBz5kTZ@yYrfx@WaYuCJ62;w`Mz_U|?Mg5b)CKHq z@Q)`2UEf>VkAcr{UcW)Iegpe262rYOJ0jR=0gtGfyds#=H^=@ipPBvy_GG=Q=Ol2=Jd2(82M@V*MQ+8o9G+22|Q3@?S zAaiqQEoEdfH8n9gAX6)3cTrIwIW%f7N>)--L}^4;RA)^|a7Iiyd2Cuka8N5nb#_BC zc`GwSVN_^zLTPF=3QJf?b6IgQVPZ{CX>o93Pg7=CLUAx@O+-aAd1Nt9O*2eUN_t{2 zL^M`Sk?|K-Phw?ROnFE~S7AhMM^R}@Hf}Xm&_dSyxd@P)$mDOEG9>a#CeCa$0&%HDqyWS7U8WO)G1YUjY|?Zb)ZV zWHfJ4ctlfEbVWorRz)jVQFeJ+c2;#uaClWodTwq`F=jL|X?aNsZ)Z17RZmS~ZgeXv zT4+}?X-RrZHEU8rSW|OKYD7ypba`QRWkq%|b!|8bEiEk|cx-HUWieq&NN!JgD?v|8 zF?vxiFicKoc|&Dsc4&4_Q)^UzHbQT6N>Oo13bjBGbMbz5$}}OufBUfz6hMT-0l+!q2#FtEiUR{0JJy;Gom4N4a}ua_0-HJ8ct%x z5CL~APLeYnomvHLDwn9>l@k9kP3J23WSLi3XIEEQT~?v{cumME%!z#v@hNoA9Z zCX>Fh847aLDZ&!N(Bb$0ZNsEp^Mj@rL{5m}5z*|o<361?GHDTIM)`hZ0%IV*NZw!c%-NW`=n bW2bzjtIkW*8`og@kzTM8yUg5bq9XdU$V5e6