diff options
Diffstat (limited to '')
108 files changed, 3263 insertions, 932 deletions
@@ -15,7 +15,9 @@ keys: - &arrakis age1mkqxkwse7hrnxtcgqe0wdzhhrxk55syx2wpcngemecz0d7hugsnqupw3de + - &caladan age1rpjhlmc9sf3kcagg2fq4850vcxnvhmrrfggs30jckffjxxr89smsukj0f3 - &darkstar age1z6g6etwcer433v97lwjrruetdh9fswkgjh9w702wzdc2ydvy5q8ssrfy9r + - &fangorn age15yqlem4d5h4mz808j72ccd8mrdu4p8hyal2k988jdcmtqrns23xq80896d - &ginaz age1900zc5caephklavvjxp0g4qqvyqlzg3sux69y9p092g3d3qck3kqz62reh - &kaitain age1fptscuj4qa39238xfvc7envgxr4cf29z3zaejp2v3q703tq45dasf8vadl - &nipsy age1a9gp70y8576pkvklz2arz6h9ecnrjeue2vvh9mvvk92z4ymqrg4qdqm9va @@ -26,6 +28,10 @@ creation_rules: key_groups: - age: - *nipsy + - path_regex: ^home/nipsy/secrets/caladan.yaml$ + key_groups: + - age: + - *nipsy - path_regex: ^home/nipsy/secrets/ginaz.yaml$ key_groups: - age: @@ -35,11 +41,21 @@ creation_rules: - age: - *arrakis - *nipsy + - path_regex: ^hosts/secrets/caladan.yaml$ + key_groups: + - age: + - *caladan + - *nipsy - path_regex: ^hosts/secrets/darkstar.yaml$ key_groups: - age: - *darkstar - *nipsy + - path_regex: ^hosts/secrets/fangorn.yaml$ + key_groups: + - age: + - *fangorn + - *nipsy - path_regex: ^hosts/secrets/ginaz.yaml$ key_groups: - age: @@ -53,5 +69,5 @@ creation_rules: - path_regex: ^hosts/secrets/richese.yaml$ key_groups: - age: - - *richese - *nipsy + - *richese @@ -87,3 +87,11 @@ which should walk you through the rest of the installation. As part of the installation, the Git repo you grabbed above to perform the installation was also copied to /etc/nixos on your new system. Keeping a NixOS system up to date means keeping your living system configuration up to date also. To make this task slightly easier if this is your first NixOS installation, you can run the script `/etc/nixos/scripts/pretty-rebuild` as root which will perform a standard nixos-rebuild command to upgrade the system along with some informational output after that command finishes on what may have changed. + +### Rescue + +You might need to boot into a rescue initrd environment. In order to successfully do that, you'll probably need to add the following to your kernel command line: + +``` +rescue systemd.setenv=SYSTEMD_SULOGIN_FORCE=1 +``` @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1741786315, - "narHash": "sha256-VT65AE2syHVj6v/DGB496bqBnu1PXrrzwlw07/Zpllc=", + "lastModified": 1776613567, + "narHash": "sha256-gC9Cp5ibBmGD5awCA9z7xy6MW6iJufhazTYJOiGlCUI=", "owner": "nix-community", "repo": "disko", - "rev": "0d8c6ad4a43906d14abd5c60e0ffe7b587b213de", + "rev": "32f4236bfc141ae930b5ba2fb604f561fed5219d", "type": "github" }, "original": { @@ -27,11 +27,11 @@ ] }, "locked": { - "lastModified": 1742996658, - "narHash": "sha256-snxgTLVq6ooaD3W3mPHu7LVWpoZKczhxHAUZy2ea4oA=", + "lastModified": 1777518431, + "narHash": "sha256-SwgiG2T5pbyo33Vz7/vUCAhEMgwCK8Pa2nDSx5a6/WE=", "owner": "nix-community", "repo": "home-manager", - "rev": "693840c01b9bef9e54100239cef937e53d4661bf", + "rev": "2e54a938cdd4c8e414b2518edc3d82308027c670", "type": "github" }, "original": { @@ -47,27 +47,27 @@ ] }, "locked": { - "lastModified": 1726989464, - "narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=", + "lastModified": 1775425411, + "narHash": "sha256-KY6HsebJHEe5nHOWP7ur09mb0drGxYSzE3rQxy62rJo=", "owner": "nix-community", "repo": "home-manager", - "rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176", + "rev": "0d02ec1d0a05f88ef9e74b516842900c41f0f2fe", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-24.05", + "ref": "release-25.11", "repo": "home-manager", "type": "github" } }, "nixos-hardware": { "locked": { - "lastModified": 1742806253, - "narHash": "sha256-zvQ4GsCJT6MTOzPKLmlFyM+lxo0JGQ0cSFaZSACmWfY=", + "lastModified": 1776983936, + "narHash": "sha256-ZOQyNqSvJ8UdrrqU1p7vaFcdL53idK+LOM8oRWEWh6o=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "ecaa2d911e77c265c2a5bac8b583c40b0f151726", + "rev": "2096f3f411ce46e88a79ae4eafcfc9df8ed41c61", "type": "github" }, "original": { @@ -78,15 +78,15 @@ }, "nixpkgs": { "locked": { - "lastModified": 1742889210, - "narHash": "sha256-hw63HnwnqU3ZQfsMclLhMvOezpM7RSB0dMAtD5/sOiw=", - "owner": "nixos", + "lastModified": 1777268161, + "narHash": "sha256-bxrdOn8SCOv8tN4JbTF/TXq7kjo9ag4M+C8yzzIRYbE=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "698214a32beb4f4c8e3942372c694f40848b360d", + "rev": "1c3fe55ad329cbcb28471bb30f05c9827f724c76", "type": "github" }, "original": { - "owner": "nixos", + "owner": "NixOS", "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" @@ -94,31 +94,31 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1743060463, - "narHash": "sha256-lZXKW0PwETedRErsQtGpM+OrpvD/ZobrpS92IzTXrhQ=", - "owner": "nixos", + "lastModified": 1777581291, + "narHash": "sha256-022I07nHDetROxivhksQYeA7Hy3e2TQ9zfDbrTggf5k=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "b6d12f5938461576dcd8d0e4dfaceb89df41f86f", + "rev": "1476235ddb5dc265de34ba03796d9cdab5f9e287", "type": "github" }, "original": { - "owner": "nixos", + "owner": "NixOS", "repo": "nixpkgs", "type": "github" } }, "nixpkgs-stable": { "locked": { - "lastModified": 1735651292, - "narHash": "sha256-YLbzcBtYo1/FEzFsB3AnM16qFc6fWPMIoOuSoDwvg9g=", - "owner": "nixos", + "lastModified": 1777428379, + "narHash": "sha256-ypxFOeDz+CqADEQNL72haqGjvZQdBR5Vc7pyx2JDttI=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "0da3c44a9460a26d2025ec3ed2ec60a895eb1114", + "rev": "755f5aa91337890c432639c60b6064bb7fe67769", "type": "github" }, "original": { - "owner": "nixos", - "ref": "release-24.05", + "owner": "NixOS", + "ref": "nixos-25.11", "repo": "nixpkgs", "type": "github" } @@ -131,11 +131,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1741330828, - "narHash": "sha256-Vj5UBTlVRWGX3T0EAI6pVWTMmi8SpAeMuRMMVz/Hgz0=", + "lastModified": 1775226105, + "narHash": "sha256-ZCczHkWbFNa0lovGN0vjuv4ewv7Ff8j/OGkFxsDNkBY=", "owner": "icewind1991", "repo": "nvidia-patch-nixos", - "rev": "0cc22a482f2aa4c13daeac0935a787d868122ff0", + "rev": "fd85dda93f7747bfac317a2411e3a971f4f53853", "type": "github" }, "original": { @@ -164,11 +164,11 @@ ] }, "locked": { - "lastModified": 1742700801, - "narHash": "sha256-ZGlpUDsuBdeZeTNgoMv+aw0ByXT2J3wkYw9kJwkAS4M=", + "lastModified": 1777338324, + "narHash": "sha256-bc+ZZCmOTNq86/svGnw0tVpH7vJaLYvGLLKFYP08Q8E=", "owner": "Mic92", "repo": "sops-nix", - "rev": "67566fe68a8bed2a7b1175fdfb0697ed22ae8852", + "rev": "8eaee5c45428b28b8c47a83e4c09dccec5f279b5", "type": "github" }, "original": { @@ -13,7 +13,7 @@ #}; home-manager-stable = { - url = "github:nix-community/home-manager/release-24.05"; + url = "github:nix-community/home-manager/release-25.11"; inputs.nixpkgs.follows = "nixpkgs-stable"; }; @@ -24,13 +24,17 @@ nixos-hardware.url = "github:nixos/nixos-hardware"; + # persistent base NixOS URLs + nixpkgs-master.url = "github:NixOS/nixpkgs"; + nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-25.11"; + #nixpkgs-staging.url = "github:NixOS/nixpkgs/staging-nixos"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + # per https://nixos-and-flakes.thiscute.world/nixos-with-flakes/downgrade-or-upgrade-packages + #my-nixpkgs.url = "github:nipsy/nixpkgs/update_reaper_7.61"; #nixpkgs-67e692392.url = "github:nixos/nixpkgs/67e69239226f37168d1adb8d29bd61150756a03e"; + #nixpkgs-pr495610.url = "github:thiagokokada/nixpkgs/nixos-rebuild-ng-add-env-to-copy-closure"; #nixpkgs-wine9_22.url = "github:nixos/nixpkgs/dea5930f0ed8c29d3758d5ade9898b4e99d80b74"; - nixpkgs-master.url = "github:nixos/nixpkgs"; - #nixpkgs-pr369712.url = "github:7c6f434c/nixpkgs/fix-tftp-hpa"; - nixpkgs-stable.url = "github:nixos/nixpkgs/release-24.05"; - nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nvidia-patch = { url = "github:icewind1991/nvidia-patch-nixos"; @@ -48,10 +52,12 @@ disko, home-manager-stable, home-manager, + #my-nixpkgs, nixos-hardware, nixpkgs-master, - #nixpkgs-pr369712, + #nixpkgs-pr495610, nixpkgs-stable, + #nixpkgs-staging, #nixpkgs-wine9_22, nixpkgs, nvidia-patch, @@ -80,21 +86,42 @@ # ghostty.packages.x86_64-linux.default # ]; #} + disko.nixosModules.disko + ./hosts/arrakis + home-manager.nixosModules.home-manager { + home-manager.sharedModules = [ sops-nix.homeManagerModules.sops ]; + home-manager.users.root = import ./home/root/arrakis.nix; + home-manager.users.nipsy = import ./home/nipsy/arrakis.nix; + } + sops-nix.nixosModules.sops + ]; + }; + + caladan = nixpkgs.lib.nixosSystem { + specialArgs = { inherit inputs outputs; }; + modules = [ #({ config, pkgs, ... }: # let - # overlay-dict-pr367392 = final: prev: { - # dict = nixpkgs-pr367392.legacyPackages."x86_64-linux".dict; + # overlay-nixos-rebuild-ng-pr495610 = final: prev: { + # nixos-rebuild-ng = nixpkgs-pr495610.legacyPackages."x86_64-linux".nixos-rebuild-ng; # }; # in { - # nixpkgs.overlays = [ overlay-dict-pr367392 ]; - # } - #) + # nixpkgs.overlays = [ overlay-nixos-rebuild-ng-pr495610 ]; + #}) + #({ config, pkgs, ... }: + # let + # overlay-my-nixpkgs = final: prev: { + # reaper = my-nixpkgs.legacyPackages."x86_64-linux".reaper; + # }; + # in { + # nixpkgs.overlays = [ overlay-my-nixpkgs ]; + #}) disko.nixosModules.disko - ./hosts/arrakis + ./hosts/caladan home-manager.nixosModules.home-manager { home-manager.sharedModules = [ sops-nix.homeManagerModules.sops ]; - home-manager.users.root = import ./home/root/arrakis.nix; - home-manager.users.nipsy = import ./home/nipsy/arrakis.nix; + home-manager.users.root = import ./home/root/caladan.nix; + home-manager.users.nipsy = import ./home/nipsy/caladan.nix; } sops-nix.nixosModules.sops ]; @@ -114,6 +141,21 @@ ]; }; + fangorn = nixpkgs.lib.nixosSystem rec { + specialArgs = { inherit inputs outputs; }; + modules = [ + disko.nixosModules.disko + ./hosts/fangorn + home-manager.nixosModules.home-manager { + home-manager.sharedModules = [ sops-nix.homeManagerModules.sops ]; + home-manager.users.root = import ./home/root/fangorn.nix; + home-manager.users.don = import ./home/don/fangorn.nix; + home-manager.users.nipsy = import ./home/nipsy/fangorn.nix; + } + sops-nix.nixosModules.sops + ]; + }; + ginaz = nixpkgs.lib.nixosSystem rec { specialArgs = { inherit inputs outputs; }; modules = [ @@ -133,87 +175,95 @@ iso = nixpkgs.lib.nixosSystem { modules = [ ({ modulesPath, pkgs, ... }: { - environment.systemPackages = with pkgs; [ - acl - bash - bc - bzip2 - conntrack-tools - coreutils - cpio - curl - diffutils - dig - dmidecode - elinks - encfs - ethtool - expect - file - findutils - fio - fping - git - gnugrep - gnupatch - gnused - gnutar - gptfdisk - gzip - htop - iotop - ipcalc - iperf - iproute2 - iputils - jq - less - lshw - lsof - lvm2 - moreutils - nano - netcat-openbsd - nettools - nmap - ntfs3g - openldap - openssl - p7zip - parted - pciutils - procps - progress - psmisc - pv - pwgen - recode - rsync - sg3_utils - smartmontools - socat - speedtest-cli - sqlite - sshfs - strace - sysstat - tcpdump - tftp-hpa - traceroute - tree - tshark - unixtools.xxd - unrar - unzip - usbutils - util-linux - vim - wdiff - wget - whois - wireguard-tools - xz - zip + environment.systemPackages = [ + pkgs.acl + pkgs.bash + pkgs.bc + pkgs.bzip2 + pkgs.conntrack-tools + pkgs.coreutils + pkgs.cpio + pkgs.csvkit + pkgs.curl + pkgs.debootstrap + pkgs.diffutils + pkgs.dig + pkgs.dmidecode + #pkgs.elinks + pkgs.encfs + pkgs.ethtool + pkgs.exfatprogs + pkgs.expect + pkgs.file + pkgs.findutils + pkgs.fio + pkgs.fping + pkgs.git + pkgs.gnugrep + pkgs.gnupatch + pkgs.gnused + pkgs.gnutar + pkgs.gptfdisk + pkgs.gzip + pkgs.htop + pkgs.iotop + pkgs.ipcalc + pkgs.iperf + pkgs.iproute2 + pkgs.iputils + pkgs.jq + pkgs.less + pkgs.lshw + pkgs.lsof + pkgs.lvm2 + pkgs.moreutils + pkgs.nano + pkgs.netcat-openbsd + pkgs.nettools + pkgs.nmap + pkgs.ntfs3g + pkgs.openldap + pkgs.openssl + pkgs.p7zip + pkgs.parted + pkgs.pciutils + pkgs.perf + pkgs.perl5Packages.ArchiveZip + pkgs.procps + pkgs.progress + pkgs.psmisc + pkgs.pv + pkgs.pwgen + pkgs.recode + pkgs.rsync + pkgs.sg3_utils + pkgs.smartmontools + pkgs.socat + pkgs.speedtest-cli + pkgs.sqlite + pkgs.sshfs + pkgs.strace + pkgs.sysstat + pkgs.tcpdump + pkgs.tmux + pkgs.tftp-hpa + pkgs.tlp + pkgs.traceroute + pkgs.tree + pkgs.master.tshark + pkgs.unixtools.xxd + pkgs.unrar + pkgs.unzip + pkgs.usbutils + pkgs.util-linux + pkgs.vim + pkgs.w3m + pkgs.wdiff + pkgs.wget + pkgs.whois + pkgs.wireguard-tools + pkgs.xz + pkgs.zip ]; imports = [ (modulesPath + "/installer/cd-dvd/installation-cd-minimal.nix") ]; @@ -224,14 +274,20 @@ nixpkgs.config.allowUnfree = true; - services.openssh = { - enable = true; - openFirewall = true; + services = { + fwupd.enable = true; - settings = { - PasswordAuthentication = false; - KbdInteractiveAuthentication = false; + openssh = { + enable = true; + openFirewall = true; + + settings = { + PasswordAuthentication = false; + KbdInteractiveAuthentication = false; + }; }; + + udisks2.enable = true; }; users.users = { @@ -239,8 +295,8 @@ root.openssh.authorizedKeys.keys = [ (builtins.readFile ./hosts/common/users/nipsy/keys/id_arrakis.pub) ]; }; }) + { nixpkgs.hostPlatform = "x86_64-linux"; } ]; - system = "x86_64-linux"; }; kaitain = nixpkgs.lib.nixosSystem rec { @@ -296,8 +352,8 @@ root.openssh.authorizedKeys.keys = [ (builtins.readFile ./hosts/common/users/nipsy/keys/id_arrakis.pub) ]; }; }) + { nixpkgs.hostPlatform = "x86_64-linux"; } ]; - system = "x86_64-linux"; }; richese = nixpkgs.lib.nixosSystem rec { diff --git a/home/don/common/core/bash.nix b/home/don/common/core/bash.nix new file mode 100644 index 0000000..7bfb808 --- /dev/null +++ b/home/don/common/core/bash.nix @@ -0,0 +1,16 @@ +{ + programs.bash = { + enable = true; + enableCompletion = true; + shellAliases = { + grep = "grep --color=auto"; + ip = "ip -c=auto"; + la = "ls -aF --color=auto"; + ll = "ls -alF --color=auto"; + lock = "xscreensaver-command -lock"; + nix-list-derivations = "nix-store --query --requisites /run/current-system | cut -d- -f2- | sort | uniq"; + nix-list-generations = "nixos-rebuild list-generations"; + zgrep = "zgrep --color=auto"; + }; + }; +} diff --git a/home/don/common/core/default.nix b/home/don/common/core/default.nix new file mode 100644 index 0000000..8250d0c --- /dev/null +++ b/home/don/common/core/default.nix @@ -0,0 +1,29 @@ +{ config, lib, pkgs, outputs, ... }: +{ + imports = [ + ./bash.nix + ./vim + ]; + + home = { + username = lib.mkDefault "don"; + homeDirectory = lib.mkDefault "/home/${config.home.username}"; + stateVersion = lib.mkDefault "23.11"; + }; + + #home.packages = builtins.attrValues { + # inherit (pkgs) + # wget + # zip; + #}; + + nix = { + package = lib.mkDefault pkgs.nix; + settings = { + experimental-features = [ "nix-command" "flakes" ]; + warn-dirty = false; + }; + }; + + programs.home-manager.enable = true; +} diff --git a/home/don/common/core/vim/default.nix b/home/don/common/core/vim/default.nix new file mode 100644 index 0000000..ea4ed5e --- /dev/null +++ b/home/don/common/core/vim/default.nix @@ -0,0 +1,6 @@ +{ + programs.vim = { + enable = true; + extraConfig = (builtins.readFile ./vimrc); + }; +} diff --git a/home/don/common/core/vim/vimrc b/home/don/common/core/vim/vimrc new file mode 100644 index 0000000..87de2a0 --- /dev/null +++ b/home/don/common/core/vim/vimrc @@ -0,0 +1,47 @@ +" Handling of big files - William Natter, Tony Mechelynck and others +" fairly certain that BufSizeThreshold is in bytes +let g:SaveUndoLevels = &undolevels +let g:BufSizeThreshold = 5242880 +if has("autocmd") + au VimEnter * let g:SaveUndoLevels = &undolevels + au BufReadPre * if getfsize(expand("%")) >= g:BufSizeThreshold | setlocal noswapfile | endif + au BufEnter * if getfsize(expand("%")) < g:BufSizeThreshold | let &undolevels=g:SaveUndoLevels | else | setlocal undolevels=-1 | endif + au BufEnter * if getfsize(expand("%")) < g:BufSizeThreshold | syntax on | else | syntax off | endif +endif + +set mouse& +set noautoindent " always set autoindenting off + +" enable better 24-bit color support +"let &t_8f = "\<Esc>[38;2;%lu;%lu;%lum" +"let &t_8b = "\<Esc>[48;2;%lu;%lu;%lum" +set termguicolors + +" If using a dark background within the editing area and syntax highlighting +" turn on this option as well +set background=dark + +if has("autocmd") + " Enabled file type detection + " Use the default filetype settings. If you also want to load indent files + " to automatically do language-dependent indenting add 'indent' as well. + filetype plugin on + "filetype indent on +endif " has ("autocmd") + +" The following are commented out as they cause vim to behave a lot +" different from regular vi. They are highly recommended though. +set showcmd " Show (partial) command in status line. +set showmatch " Show matching brackets. +set ignorecase " Do case insensitive matching +set incsearch " Incremental search +"set expandtab " replace tabs with spaces +set smarttab " use shiftwidth instead of tabstop at start of line +set spell spelllang=en_us " turn on the spell check +set hlsearch " highlight all search matches + +set laststatus=2 +set statusline=%<%f%h%m%r%=%{&ff}\ %Y\ %b\ 0x%B\ \ %l,%c%V\ %P + +"map <F5> :w<CR><bar>:!clear;go run %<CR> +"map <F6> :w<CR><bar>:%! gofmt<CR> diff --git a/home/don/fangorn.nix b/home/don/fangorn.nix new file mode 100644 index 0000000..83c92cd --- /dev/null +++ b/home/don/fangorn.nix @@ -0,0 +1,6 @@ +{ inputs, lib, pkgs, config, outputs, ... }: +{ + imports = [ + common/core + ]; +} diff --git a/home/nipsy/arrakis.nix b/home/nipsy/arrakis.nix index 801148f..8e619c1 100644 --- a/home/nipsy/arrakis.nix +++ b/home/nipsy/arrakis.nix @@ -2,8 +2,9 @@ { imports = [ common/core - common/optional/desktops - common/optional/desktops/services/xscreensaver.nix + #common/optional/desktops + #common/optional/desktops/services/xscreensaver.nix + common/optional/secrets.nix #inputs.sops-nix.homeManagerModules.sops ]; @@ -16,7 +17,7 @@ #image/jpeg; asciiview -driver curses -dim -bold -reverse -normal -boldfont -extended -eight '%s'; description=JPEG image image/jpeg; sxiv '%s'; description=JPEG image image/png; sxiv '%s'; description=PNG image - text/html; elinks -dump %s; copiousoutput + text/html; w3m -dump -T text/html %s; copiousoutput #text/richtext; catdoc '%s'; copiousoutput; description=Microsoft Rich Text Format ''; ".mutt/aliases".source = ./arrakis/mutt/aliases; @@ -29,7 +30,7 @@ programs.zsh = { shellAliases = { - manage = "tmux new-window ssh root@darkstar\\; split-window -d ssh root@king\\; new-window ssh root@black-sheep\\; split-window -d ssh root@treebeard\\; new-window ssh root@casey\\; split-window -d ssh root@homer\\; new-window ssh root@lilnasx\\; split-window -d ssh root@trent"; + manage = "tmux new-window ssh root@darkstar\\; split-window -d ssh root@king\\; new-window ssh root@black-sheep\\; split-window -d ssh root@fangorn\\; split-window -d ssh root@treebeard\\; new-window ssh root@casey\\; split-window -d ssh root@homer\\; new-window ssh root@lilnasx\\; split-window -d ssh root@trent"; }; }; @@ -47,12 +48,12 @@ }; }; - xsession = { - initExtra = '' - xrandr --output DP-2 --primary --mode 2560x1440 --rate 165 + #xsession = { + # initExtra = '' + # xrandr --output DisplayPort-0 --primary --mode 2560x1440 --rate 165 - # disable VRR because it causes the display to go to sleep on my GeForce 1080 (now 3070 Ti) sometimes; maybe monitor related? - #nvidia-settings -a AllowVRR=0 - ''; - }; + # # disable VRR because it causes the display to go to sleep on my GeForce 1080 (now 3070 Ti) sometimes; maybe monitor related? + # #nvidia-settings -a AllowVRR=0 + # ''; + #}; } diff --git a/home/nipsy/arrakis/mutt/muttrc b/home/nipsy/arrakis/mutt/muttrc index 1293092..eec5b99 100644 --- a/home/nipsy/arrakis/mutt/muttrc +++ b/home/nipsy/arrakis/mutt/muttrc @@ -53,7 +53,7 @@ set confirmcreate=no # prompt when creating new files set copy=yes # always save a copy of outgoing messages set delete=yes # purge deleted messages without asking set edit_headers # let me edit the message header when composing -set editor="vim -c 'set textwidth=65' -c 'set noautoindent' -c 'set formatoptions+=a'" # editor to use when composing messages +set editor="vim -c 'set textwidth=65' -c 'set noautoindent'" # editor to use when composing messages #set editor="/usr/bin/nvi" # editor to use when composing messages #set editor="/usr/bin/vi" # editor to use when composing messages set fast_reply # skip initial prompts when replying diff --git a/home/nipsy/caladan.nix b/home/nipsy/caladan.nix new file mode 100644 index 0000000..e7aea81 --- /dev/null +++ b/home/nipsy/caladan.nix @@ -0,0 +1,62 @@ +{ inputs, lib, pkgs, config, outputs, ... }: +{ + imports = [ + common/core + common/optional/desktops + common/optional/desktops/i3 + common/optional/desktops/services/xscreensaver.nix + #common/optional/desktops/sway + common/optional/desktops/xdg.nix + common/optional/secrets.nix + #inputs.sops-nix.homeManagerModules.sops + ]; + + home.file = { + ".mailcap".text = '' + #application/msword; antiword -rs '%s'; copiousoutput; description=Microsoft Word Document + application/pdf; pdftotext '%s' -; copiousoutput; description=Adobe Portable Document Format + #image/gif; asciiview -driver curses -dim -bold -reverse -normal -boldfont -extended -eight '%s'; description=GIF image + image/gif; sxiv '%s'; description=GIF image + #image/jpeg; asciiview -driver curses -dim -bold -reverse -normal -boldfont -extended -eight '%s'; description=JPEG image + image/jpeg; sxiv '%s'; description=JPEG image + image/png; sxiv '%s'; description=PNG image + text/html; w3m -dump -T text/html %s; copiousoutput + #text/richtext; catdoc '%s'; copiousoutput; description=Microsoft Rich Text Format + ''; + ".mutt/aliases".source = ./arrakis/mutt/aliases; + ".mutt/colors".source = ./arrakis/mutt/colors; + ".mutt/headers".source = ./arrakis/mutt/headers; + ".mutt/keys".source = ./arrakis/mutt/keys; + ".mutt/muttrc".source = ./arrakis/mutt/muttrc; + "bin/knock".source = ../common/scripts/knock; + }; + + programs.zsh = { + shellAliases = { + manage = "tmux new-window ssh -A root@arrakis\\; split-window -d ssh -A root@darkstar\\; split-window -d ssh root@king\\; new-window ssh root@black-sheep\\; split-window -d ssh root@fangorn\\; split-window -d ssh root@treebeard\\; new-window ssh root@casey\\; split-window -d ssh root@homer\\; new-window ssh root@lilnasx\\; split-window -d ssh root@trent"; + }; + }; + + sops = { + age.keyFile = "/home/nipsy/.config/sops/age/keys.txt"; + defaultSopsFile = ./secrets/caladan.yaml; + + secrets = { + "reaper_license" = { + path = "/home/nipsy/.config/REAPER/reaper-license.rk"; + }; + "ssh_config" = { + path = "/home/nipsy/.ssh/config"; + }; + }; + }; + + xsession = { + initExtra = '' + xrandr --output DisplayPort-0 --primary --mode 2560x1440 --rate 170 + + # disable VRR because it causes the display to go to sleep on my GeForce 1080 (now 3070 Ti) sometimes; maybe monitor related? + #nvidia-settings -a AllowVRR=0 + ''; + }; +} diff --git a/home/nipsy/common/core/default.nix b/home/nipsy/common/core/default.nix index a78dbe8..23d7ce8 100644 --- a/home/nipsy/common/core/default.nix +++ b/home/nipsy/common/core/default.nix @@ -3,7 +3,6 @@ imports = [ ./bash.nix ./git.nix - #./ssh.nix ./tmux ./vim ./zsh diff --git a/home/nipsy/common/core/git.nix b/home/nipsy/common/core/git.nix index d8bc6cf..225ca73 100644 --- a/home/nipsy/common/core/git.nix +++ b/home/nipsy/common/core/git.nix @@ -1,8 +1,13 @@ { programs.git = { enable = true; - userEmail = "nipsy@bitgnome.net"; - userName = "Mark Nipper"; - extraConfig.pull.rebase = true; + settings = { + pull.rebase = true; + user = { + email = "nipsy@bitgnome.net"; + name = "Mark Nipper"; + }; + }; + signing.format = null; }; } diff --git a/home/nipsy/common/core/ssh.nix b/home/nipsy/common/core/ssh.nix deleted file mode 100644 index 929cc51..0000000 --- a/home/nipsy/common/core/ssh.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - programs.ssh = { - enable = true; - }; -} diff --git a/home/nipsy/common/core/zsh/default.nix b/home/nipsy/common/core/zsh/default.nix index a3b0f9e..6aa8c65 100644 --- a/home/nipsy/common/core/zsh/default.nix +++ b/home/nipsy/common/core/zsh/default.nix @@ -1,4 +1,4 @@ -{ lib, ... }: +{ lib, pkgs, ... }: { programs.zsh = { enable = true; @@ -8,7 +8,7 @@ size = 100000; }; - initExtra = (builtins.readFile ./zshrc); + initContent = (builtins.readFile ./zshrc); sessionVariables = let makePluginPath = format: (lib.strings.makeSearchPath format [ @@ -43,6 +43,7 @@ shellAliases = { fixkeyboard = "setxkbmap -layout us -option caps:super -option compose:ralt"; + ftp = "${pkgs.inetutils}/bin/ftp"; geniso = "nix build ~/git/nix/nipsy#nixosConfigurations.iso.config.system.build.isoImage && ll result/iso/*iso"; grep = "grep --color=auto"; ip = "ip -c=auto"; @@ -52,6 +53,7 @@ nix-list-derivations = "nix-store --query --requisites /run/current-system | cut -d- -f2- | sort | uniq"; nix-list-generations = "nixos-rebuild list-generations"; steam-no-beta = "steam -clearbeta"; + telnet = "${pkgs.inetutils}/bin/telnet"; zgrep = "zgrep --color=auto"; }; }; diff --git a/home/nipsy/common/core/zsh/zshrc b/home/nipsy/common/core/zsh/zshrc index 543450d..08d4025 100644 --- a/home/nipsy/common/core/zsh/zshrc +++ b/home/nipsy/common/core/zsh/zshrc @@ -1,5 +1,12 @@ umask 022 +# remote gpg-agent handling +if [[ ${HOST} == "arrakis.bitgnome.net" ]]; then + if [[ ! -d /run/user/1000/gnupg ]]; then + gpgconf --create-socketdir + fi +fi + eval $(dircolors) # set SWAYSOCK correctly @@ -13,6 +20,7 @@ if [[ -z "${DISPLAY}" ]] && [[ $(tty) == "/dev/tty1" ]]; then export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket) # set some Wayland specific variables + export ELECTRON_OZONE_PLATFORM_HINT=auto export MOZ_ENABLE_WAYLAND=1 export GDK_BACKEND=wayland export QT_QPA_PLATFORM=wayland @@ -23,11 +31,6 @@ if [[ -z "${DISPLAY}" ]] && [[ $(tty) == "/dev/tty1" ]]; then fi -# if already in Wayland, update the GPG TTY so ssh-askpass will work correctly -if [[ -n "${WAYLAND_DISPLAY}" ]]; then - gpg-connect-agent updatestartuptty /bye >/dev/null -fi - # completion options setopt LIST_PACKED MENU_COMPLETE # expansion and globbing options diff --git a/home/nipsy/common/optional/desktops/default.nix b/home/nipsy/common/optional/desktops/default.nix index 26e369a..0f6a0e8 100644 --- a/home/nipsy/common/optional/desktops/default.nix +++ b/home/nipsy/common/optional/desktops/default.nix @@ -1,28 +1,12 @@ -{ config, pkgs, ... }: { + home.file = { + "bin/rotatebg".source = ./rotatebg; + }; + imports = [ ./fonts.nix + ./ghostty.nix ./gtk.nix - ./i3 ./services/dunst.nix ]; - - programs.password-store = { - enable = true; - package = pkgs.pass.withExtensions (exts: with exts; [ - pass-otp - ]); - settings = { - PASSWORD_STORE_DIR = "${config.home.homeDirectory}/.password-store"; - }; - }; - - services.gpg-agent = { - defaultCacheTtl = 43200; - defaultCacheTtlSsh = 43200; - enable = true; - enableSshSupport = true; - maxCacheTtl = 86400; - maxCacheTtlSsh = 86400; - }; } diff --git a/home/nipsy/common/optional/desktops/fonts.nix b/home/nipsy/common/optional/desktops/fonts.nix index f2b862d..6935029 100644 --- a/home/nipsy/common/optional/desktops/fonts.nix +++ b/home/nipsy/common/optional/desktops/fonts.nix @@ -1,7 +1,8 @@ -{ pkgs, ... }: +{ lib, pkgs, ... }: { fonts.fontconfig.enable = true; home.packages = [ + #(builtins.filter lib.attrsets.isDerivation (builtins.attrValues pkgs.nerd-fonts)) pkgs.nerd-fonts._0xproto pkgs.nerd-fonts._3270 pkgs.nerd-fonts.agave @@ -51,7 +52,7 @@ pkgs.nerd-fonts.monofur pkgs.nerd-fonts.monoid pkgs.nerd-fonts.mononoki - pkgs.nerd-fonts.mplus + #pkgs.nerd-fonts.mplus pkgs.nerd-fonts.noto pkgs.nerd-fonts.open-dyslexic pkgs.nerd-fonts.overpass diff --git a/home/nipsy/common/optional/desktops/ghostty.nix b/home/nipsy/common/optional/desktops/ghostty.nix new file mode 100644 index 0000000..6f4b409 --- /dev/null +++ b/home/nipsy/common/optional/desktops/ghostty.nix @@ -0,0 +1,52 @@ +{ + home = { + file = { + ".config/ghostty/config".text = '' + #async-backend = epoll + background-opacity = 0.8 + cursor-color = #ffffff + font-family = "DejaVu Sans Mono" + font-size = 9 + gtk-titlebar = false + keybind = alt+one=unbind + keybind = alt+two=unbind + keybind = alt+three=unbind + keybind = alt+four=unbind + keybind = alt+five=unbind + keybind = alt+six=unbind + keybind = alt+seven=unbind + keybind = alt+eight=unbind + keybind = alt+nine=unbind + keybind = ctrl+shift+page_down=decrease_font_size:1 + keybind = ctrl+shift+page_up=increase_font_size:1 + theme = mydark + window-padding-x = 0 + window-padding-y = 0 + ''; + + ".config/ghostty/themes/mydark".text = '' + palette = 0=#000000 + palette = 1=#cd0000 + palette = 2=#00cd00 + palette = 3=#cdcd00 + palette = 4=#0000ee + palette = 5=#cd00cd + palette = 6=#00cdcd + palette = 7=#e5e5e5 + palette = 8=#7f7f7f + palette = 9=#ff0000 + palette = 10=#00ff00 + palette = 11=#ffff00 + palette = 12=#5c5cff + palette = 13=#ff00ff + palette = 14=#00ffff + palette = 15=#ffffff + background = #000000 + background-opacity = 0.5 + bold-is-bright = true + foreground = #e5e5e5 + cursor-color = #ffffff + ''; + }; + }; +} diff --git a/home/nipsy/common/optional/desktops/gtk.nix b/home/nipsy/common/optional/desktops/gtk.nix index bac2060..c31bae6 100644 --- a/home/nipsy/common/optional/desktops/gtk.nix +++ b/home/nipsy/common/optional/desktops/gtk.nix @@ -1,11 +1,34 @@ +{ pkgs, ... }: { - home.sessionVariables = { - GTK_THEME = "Adwaita:dark"; + dconf.settings."org/gnome/desktop/interface" = { + color-scheme = "prefer-dark"; + #gtk-theme = "Adwaita"; }; + # https://github.com/NixOS/nixpkgs/issues/274554#issuecomment-1932302164 gtk = { + colorScheme = "dark"; enable = true; - gtk3.extraConfig.gtk-application-prefer-dark-theme = true; - gtk4.extraConfig.gtk-application-prefer-dark-theme = true; + + gtk3 = { + colorScheme = "dark"; + extraConfig.gtk-application-prefer-dark-theme = 1; + }; + + gtk4 = { + colorScheme = "dark"; + extraConfig.gtk-application-prefer-dark-theme = 1; + theme = null; # https://github.com/nix-community/home-manager/issues/7113#issuecomment-3556166692 + }; + + #iconTheme = { + # name = "Adwaita"; + # package = pkgs.adwaita-icon-theme; + #}; + + #theme = { + # name = "Adwaita"; + # package = pkgs.gnome-themes-extra; + #}; }; } diff --git a/home/nipsy/common/optional/desktops/i3/default.nix b/home/nipsy/common/optional/desktops/i3/default.nix index 0086aa8..56803f3 100644 --- a/home/nipsy/common/optional/desktops/i3/default.nix +++ b/home/nipsy/common/optional/desktops/i3/default.nix @@ -2,52 +2,6 @@ { home = { file = { - ".config/ghostty/config".text = '' - background-opacity = 0.8 - cursor-color = #ffffff - font-family = "DejaVu Sans Mono" - font-size = 9 - gtk-titlebar = false - keybind = alt+one=unbind - keybind = alt+two=unbind - keybind = alt+three=unbind - keybind = alt+four=unbind - keybind = alt+five=unbind - keybind = alt+six=unbind - keybind = alt+seven=unbind - keybind = alt+eight=unbind - keybind = alt+nine=unbind - keybind = ctrl+shift+page_down=decrease_font_size:1 - keybind = ctrl+shift+page_up=increase_font_size:1 - theme = mydark - window-padding-x = 0 - window-padding-y = 0 - ''; - - ".config/ghostty/themes/mydark".text = '' - palette = 0=#000000 - palette = 1=#cd0000 - palette = 2=#00cd00 - palette = 3=#cdcd00 - palette = 4=#0000ee - palette = 5=#cd00cd - palette = 6=#00cdcd - palette = 7=#e5e5e5 - palette = 8=#7f7f7f - palette = 9=#ff0000 - palette = 10=#00ff00 - palette = 11=#ffff00 - palette = 12=#5c5cff - palette = 13=#ff00ff - palette = 14=#00ffff - palette = 15=#ffffff - background = #000000 - background-opacity = 0.5 - bold-is-bright = true - foreground = #e5e5e5 - cursor-color = #ffffff - ''; - "bin/xscreensaver-activate".source = ./xscreensaver-activate; }; @@ -82,13 +36,13 @@ defaultWorkspace = "workspace number 1"; modifier = "Mod4"; keybindings = lib.mkOptionDefault { - "${modifier}+Return" = "exec ghostty"; + "${modifier}+Scroll_Lock" = "exec --no-startup-id ${pkgs.xscreensaver}/bin/xscreensaver-command -lock"; "${modifier}+Shift+e" = "exec ${pkgs.i3}/bin/i3-msg exit"; "${modifier}+Shift+v" = ''mode "VNC"''; }; startup = [ { - command = "${pkgs.feh}/bin/feh --no-fehbg --bg-center ~/bg/StarWarsRetro-BrentCheshire.jpg"; + command = "~/bin/rotatebg"; always = true; notification = false; } @@ -98,6 +52,7 @@ notification = false; } ]; + terminal = "ghostty"; window.border = 0; window.commands = [ { diff --git a/home/nipsy/common/optional/desktops/i3/xscreensaver-activate b/home/nipsy/common/optional/desktops/i3/xscreensaver-activate index 6efae35..b7b8457 100755 --- a/home/nipsy/common/optional/desktops/i3/xscreensaver-activate +++ b/home/nipsy/common/optional/desktops/i3/xscreensaver-activate @@ -49,8 +49,8 @@ while true; do xscreensaver-command -deactivate &>/dev/null fi - # keep xscreensaver deactivated if we're in the top right corner of the screen - elif [[ ${X} -eq $((max_x - 1)) && ${Y} -eq $((max_y - max_y)) ]]; then + # keep xscreensaver deactivated if we're in the bottom right corner of the screen + elif [[ ${X} -eq $((max_x - 1)) && ${Y} -eq $((max_y - 1)) ]]; then # make sure xscreensaver is even running before telling it to stay idle if pidof xscreensaver &>/dev/null; then diff --git a/home/nipsy/common/optional/desktops/rotatebg b/home/nipsy/common/optional/desktops/rotatebg new file mode 100755 index 0000000..1b5b95b --- /dev/null +++ b/home/nipsy/common/optional/desktops/rotatebg @@ -0,0 +1,53 @@ +#!/usr/bin/env zsh + +# bail out if not running under i3 or sway +if [[ ! -S ${I3SOCK} && ! -S ${SWAYSOCK} ]]; then + echo "no running window manager detected, ${0:t} bailing out" >&2 + exit 0 +fi + +# record our own PID to avoid duplicate invocations +PIDFILE="/dev/shm/${0:t}.pid" + +# check for already running script +if [[ -f ${PIDFILE} ]]; then + for i in $(pidof -x ${0:t}); do + if [[ ${i} -eq $(cat ${PIDFILE}) ]]; then + echo "${0:t} already running!" >&2 + exit 1 + fi + done +fi + +# record current PID +echo ${$} > ${PIDFILE} + +# main loop +while true; do + + # test for continued presence of a running window manager and bail if not found + if [[ ! -S ${I3SOCK} && ! -S ${SWAYSOCK} ]]; then + echo "window manager has stopped running, ${0:t} bailing out" >&2 + exit 0 + fi + + # build array of only type file present underneath my background directory + bg=(~/bg/**/*(.)) + + # if running i3, we need to set the background immediately, at random based on the array length + if [[ -S ${I3SOCK} && ! ${I3SOCK} =~ "sway" ]]; then + feh --no-fehbg --bg-max ${bg[$((RANDOM % $#bg + 1))]} + fi + + # wait a bit + sleep 10m + + # if running sway, select and set our new background at random based on the array length + if [[ -S ${SWAYSOCK} ]]; then + swaymsg -s ${SWAYSOCK} output '*' bg ${bg[$((RANDOM % $#bg + 1))]} fit + fi + +done + +# exit with error since we should never get here +exit 1 diff --git a/home/nipsy/common/optional/desktops/sway/config b/home/nipsy/common/optional/desktops/sway/config new file mode 100644 index 0000000..7b4d661 --- /dev/null +++ b/home/nipsy/common/optional/desktops/sway/config @@ -0,0 +1,249 @@ +# Default config for sway +# +# Copy this to ~/.config/sway/config and edit it to your liking. +# +# Read `man 5 sway` for a complete reference. + +### Variables +# +# Logo key. Use Mod1 for Alt. +set $mod Mod4 +# Home row direction keys, like vim +set $left h +set $down j +set $up k +set $right l +# Your preferred terminal emulator +set $term ghostty +# Your preferred application launcher +set $menu wmenu-run + +### Output configuration +# +# Default wallpaper (more resolutions are available in /run/current-system/sw/share/backgrounds/sway/) +output * mode 2560x1440@143.972Hz adaptive_sync on allow_tearing yes bg ~/bg/StarWarsRetro-BrentCheshire.jpg fit +# +# Example configuration: +# +# output HDMI-A-1 resolution 1920x1080 position 1920,0 +# +# You can get the names of your outputs by running: swaymsg -t get_outputs + +### Idle configuration +# +# Example configuration: +# +#exec swayidle -w \ +# timeout 600 'swaylock -f -c 000000' \ +# timeout 900 'swaymsg "output * power off"' resume 'swaymsg "output * power on"' \ +# before-sleep 'swaylock -f -c 000000' +# +# This will lock your screen after 300 seconds of inactivity, then turn off +# your displays after another 300 seconds, and turn your screens back on when +# resumed. It will also lock your screen before your computer goes to sleep. + +exec swayidle -w \ + timeout 900 'swaymsg "output * power off"' resume 'swaymsg "output * power on"' + +exec ~/bin/rotatebg + +### Default options +default_border none +default_floating_border none +titlebar_padding 1 +titlebar_border_thickness 0 + +### Input configuration +# +# Example configuration: +# +# input type:touchpad { +# dwt enabled +# tap enabled +# natural_scroll enabled +# middle_emulation enabled +# } +# +input type:keyboard { + xkb_layout "us" + xkb_options "caps:super,compose:ralt" +} +# +# You can also configure each device individually. +# Read `man 5 sway-input` for more information about this section. + +### Key bindings +# +# Basics: +# + # Start a terminal + bindsym $mod+Return exec $term + + # Kill focused window + bindsym $mod+Shift+q kill + + # Start your launcher + bindsym $mod+d exec $menu + + # Drag floating windows by holding down $mod and left mouse button. + # Resize them with right mouse button + $mod. + # Despite the name, also works for non-floating windows. + # Change normal to inverse to use left mouse button for resizing and right + # mouse button for dragging. + floating_modifier $mod normal + + # Reload the configuration file + bindsym $mod+Shift+c reload + + # Exit sway (logs you out of your Wayland session) + bindsym $mod+Shift+e exit +# +# Moving around: +# + # Move your focus around + bindsym $mod+$left focus left + bindsym $mod+$down focus down + bindsym $mod+$up focus up + bindsym $mod+$right focus right + # Or use $mod+[up|down|left|right] + bindsym $mod+Left focus left + bindsym $mod+Down focus down + bindsym $mod+Up focus up + bindsym $mod+Right focus right + + # Move the focused window with the same, but add Shift + bindsym $mod+Shift+$left move left + bindsym $mod+Shift+$down move down + bindsym $mod+Shift+$up move up + bindsym $mod+Shift+$right move right + # Ditto, with arrow keys + bindsym $mod+Shift+Left move left + bindsym $mod+Shift+Down move down + bindsym $mod+Shift+Up move up + bindsym $mod+Shift+Right move right +# +# Workspaces: +# + # Switch to workspace + bindsym $mod+1 workspace number 1 + bindsym $mod+2 workspace number 2 + bindsym $mod+3 workspace number 3 + bindsym $mod+4 workspace number 4 + bindsym $mod+5 workspace number 5 + bindsym $mod+6 workspace number 6 + bindsym $mod+7 workspace number 7 + bindsym $mod+8 workspace number 8 + bindsym $mod+9 workspace number 9 + bindsym $mod+0 workspace number 10 + # Move focused container to workspace + bindsym $mod+Shift+1 move container to workspace number 1 + bindsym $mod+Shift+2 move container to workspace number 2 + bindsym $mod+Shift+3 move container to workspace number 3 + bindsym $mod+Shift+4 move container to workspace number 4 + bindsym $mod+Shift+5 move container to workspace number 5 + bindsym $mod+Shift+6 move container to workspace number 6 + bindsym $mod+Shift+7 move container to workspace number 7 + bindsym $mod+Shift+8 move container to workspace number 8 + bindsym $mod+Shift+9 move container to workspace number 9 + bindsym $mod+Shift+0 move container to workspace number 10 + # Note: workspaces can have any name you want, not just numbers. + # We just use 1-10 as the default. +# +# Layout stuff: +# + # You can "split" the current object of your focus with + # $mod+b or $mod+v, for horizontal and vertical splits + # respectively. + bindsym $mod+b splith + bindsym $mod+v splitv + + # Switch the current container between different layout styles + bindsym $mod+s layout stacking + bindsym $mod+w layout tabbed + bindsym $mod+e layout toggle split + + # Make the current focus fullscreen + bindsym $mod+f fullscreen + + # Toggle the current focus between tiling and floating mode + bindsym $mod+Shift+space floating toggle + + # Swap focus between the tiling area and the floating area + bindsym $mod+space focus mode_toggle + + # Move focus to the parent container + bindsym $mod+a focus parent +# +# Scratchpad: +# + # Sway has a "scratchpad", which is a bag of holding for windows. + # You can send windows there and get them back later. + + # Move the currently focused window to the scratchpad + bindsym $mod+Shift+minus move scratchpad + + # Show the next scratchpad window or hide the focused scratchpad window. + # If there are multiple scratchpad windows, this command cycles through them. + bindsym $mod+minus scratchpad show +# +# Resizing containers: +# +mode "resize" { + # left will shrink the containers width + # right will grow the containers width + # up will shrink the containers height + # down will grow the containers height + bindsym $left resize shrink width 10px + bindsym $down resize grow height 10px + bindsym $up resize shrink height 10px + bindsym $right resize grow width 10px + + # Ditto, with arrow keys + bindsym Left resize shrink width 10px + bindsym Down resize grow height 10px + bindsym Up resize shrink height 10px + bindsym Right resize grow width 10px + + # Return to default mode + bindsym Return mode "default" + bindsym Escape mode "default" +} +bindsym $mod+r mode "resize" +# +# Utilities: +# + # Special keys to adjust volume via PulseAudio + bindsym --locked XF86AudioMute exec pactl set-sink-mute \@DEFAULT_SINK@ toggle + bindsym --locked XF86AudioLowerVolume exec pactl set-sink-volume \@DEFAULT_SINK@ -5% + bindsym --locked XF86AudioRaiseVolume exec pactl set-sink-volume \@DEFAULT_SINK@ +5% + bindsym --locked XF86AudioMicMute exec pactl set-source-mute \@DEFAULT_SOURCE@ toggle + # Special keys to adjust brightness via brightnessctl + bindsym --locked XF86MonBrightnessDown exec brightnessctl set 5%- + bindsym --locked XF86MonBrightnessUp exec brightnessctl set 5%+ + # Special key to take a screenshot with grim + bindsym Print exec grim + +# +# Status Bar: +# +# Read `man 5 sway-bar` for more information about this section. +bar { + position bottom + + # When the status_command prints a new line to stdout, swaybar updates. + # The default just shows the current date and time. + status_command while date -R; do sleep 1; done + + colors { + background #000000 + focused_workspace #222222 #222222 #ffffff + inactive_workspace #000000 #000000 #424242 + statusline #ffffff + } +} + +# Criteria based behavior +for_window [class=".*"] inhibit_idle fullscreen +for_window [app_id=".*"] inhibit_idle fullscreen + +include /etc/sway/config.d/* diff --git a/home/nipsy/common/optional/desktops/sway/default.nix b/home/nipsy/common/optional/desktops/sway/default.nix new file mode 100644 index 0000000..bc1b6bc --- /dev/null +++ b/home/nipsy/common/optional/desktops/sway/default.nix @@ -0,0 +1,5 @@ +{ + home.file = { + ".config/sway/config".source = ./config; + }; +} diff --git a/home/nipsy/common/optional/desktops/xdg.nix b/home/nipsy/common/optional/desktops/xdg.nix new file mode 100644 index 0000000..f4ac723 --- /dev/null +++ b/home/nipsy/common/optional/desktops/xdg.nix @@ -0,0 +1,21 @@ +{ + xdg.mimeApps = { + enable = true; + defaultApplications = { + "application/x-extension-htm" = "firefox.desktop"; + "application/x-extension-html" = "firefox.desktop"; + "application/x-extension-shtml" = "firefox.desktop"; + "application/x-extension-xht" = "firefox.desktop"; + "application/x-extension-xhtml" = "firefox.desktop"; + "application/xhtml+xml" = "firefox.desktop"; + "text/html" = "firefox.desktop"; + "x-scheme-handler/about" = "firefox.desktop"; + "x-scheme-handler/chrome" = "firefox.desktop"; + "x-scheme-handler/http" = "firefox.desktop"; + "x-scheme-handler/https" = "firefox.desktop"; + "x-scheme-handler/sgnl" = "signal.desktop"; + "x-scheme-handler/signalcaptcha" = "signal.desktop"; + "x-scheme-handler/unknown" = "firefox.desktop"; + }; + }; +} diff --git a/home/nipsy/common/optional/secrets.nix b/home/nipsy/common/optional/secrets.nix new file mode 100644 index 0000000..9a92ad0 --- /dev/null +++ b/home/nipsy/common/optional/secrets.nix @@ -0,0 +1,20 @@ +{ pkgs, ... }: +{ + programs.password-store = { + enable = true; + package = pkgs.pass.withExtensions (exts: [ + exts.pass-otp + ]); + settings = { }; + }; + + services.gpg-agent = { + defaultCacheTtl = 43200; + defaultCacheTtlSsh = 43200; + enable = true; + enableExtraSocket = true; + enableSshSupport = true; + maxCacheTtl = 86400; + maxCacheTtlSsh = 86400; + }; +} diff --git a/home/nipsy/fangorn.nix b/home/nipsy/fangorn.nix new file mode 100644 index 0000000..bd7a95d --- /dev/null +++ b/home/nipsy/fangorn.nix @@ -0,0 +1,11 @@ +{ inputs, lib, pkgs, config, outputs, ... }: +{ + imports = [ + common/core + common/optional/desktops + common/optional/desktops/i3 + common/optional/desktops/services/blueman-applet.nix + common/optional/desktops/services/xscreensaver.nix + common/optional/secrets.nix + ]; +} diff --git a/home/nipsy/ginaz.nix b/home/nipsy/ginaz.nix index a3e8395..838681f 100644 --- a/home/nipsy/ginaz.nix +++ b/home/nipsy/ginaz.nix @@ -8,8 +8,11 @@ imports = [ common/core common/optional/desktops + common/optional/desktops/i3 common/optional/desktops/services/blueman-applet.nix common/optional/desktops/services/xscreensaver.nix + common/optional/desktops/xdg.nix + common/optional/secrets.nix #inputs.sops-nix.homeManagerModules.sops ]; @@ -32,5 +35,10 @@ xrandr --output eDP --primary --scale 0.5 xinput set-prop "ELAN06FA:00 04F3:3202 Touchpad" "libinput Middle Emulation Enabled" 0 ''; + windowManager.i3.config.keybindings = let + modifier = config.xsession.windowManager.i3.config.modifier; + in lib.mkOptionDefault { + "${modifier}+Return" = "exec ghostty"; + }; }; } diff --git a/home/nipsy/kaitain.nix b/home/nipsy/kaitain.nix index 83406e0..12b149b 100644 --- a/home/nipsy/kaitain.nix +++ b/home/nipsy/kaitain.nix @@ -3,22 +3,32 @@ imports = [ common/core common/optional/desktops + common/optional/desktops/i3 + common/optional/secrets.nix ]; - home.file.".ansible.cfg".text = '' - [defaults] - forks=5 - timeout=600 + home.file = { + ".ansible.cfg".text = '' + [defaults] + forks=5 + timeout=600 + + [ssh_connection] + ssh_args=-o BatchMode=yes -o ControlMaster=auto -o ControlPersist=8h -o Compression=yes + control_path=/dev/shm/%%C + control_path_dir=/dev/shm + pipelining=True + ''; - [ssh_connection] - ssh_args=-o BatchMode=yes -o ControlMaster=auto -o ControlPersist=8h -o Compression=yes - control_path=/dev/shm/%%C - control_path_dir=/dev/shm - pipelining=True - ''; + ".mailcap".text = '' + text/html; w3m -dump -T text/html %s; copiousoutput + application/pdf; pdftotext '%s' -; copiousoutput; description=Adobe Portable Document Format + ''; + }; - home.file.".mailcap".text = '' - text/html; elinks -dump %s; copiousoutput - application/pdf; pdftotext '%s' -; copiousoutput; description=Adobe Portable Document Format - ''; + xsession.windowManager.i3.config.keybindings = let + modifier = config.xsession.windowManager.i3.config.modifier; + in lib.mkOptionDefault { + "${modifier}+Return" = "exec env LIBGL_ALWAYS_SOFTWARE=1 ghostty"; + }; } diff --git a/home/nipsy/richese.nix b/home/nipsy/richese.nix index 7c3e0b0..f4173bd 100644 --- a/home/nipsy/richese.nix +++ b/home/nipsy/richese.nix @@ -3,17 +3,27 @@ imports = [ common/core common/optional/desktops + common/optional/desktops/i3 + common/optional/secrets.nix ]; - home.file.".ansible.cfg".text = '' - [defaults] - forks=5 - timeout=600 + home.file = { + ".ansible.cfg".text = '' + [defaults] + forks=5 + timeout=600 + + [ssh_connection] + ssh_args=-o BatchMode=yes -o ControlMaster=auto -o ControlPersist=8h -o Compression=yes -o StrictHostKeyChecking=no + control_path=/dev/shm/%%C + control_path_dir=/dev/shm + pipelining=True + ''; + }; - [ssh_connection] - ssh_args=-o BatchMode=yes -o ControlMaster=auto -o ControlPersist=8h -o Compression=yes -o StrictHostKeyChecking=no - control_path=/dev/shm/%%C - control_path_dir=/dev/shm - pipelining=True - ''; + xsession.windowManager.i3.config.keybindings = let + modifier = config.xsession.windowManager.i3.config.modifier; + in lib.mkOptionDefault { + "${modifier}+Return" = "exec env LIBGL_ALWAYS_SOFTWARE=1 ghostty"; + }; } diff --git a/home/nipsy/secrets/arrakis.yaml b/home/nipsy/secrets/arrakis.yaml index 6b8813f..88cc8a6 100644 --- a/home/nipsy/secrets/arrakis.yaml +++ b/home/nipsy/secrets/arrakis.yaml @@ -1,10 +1,6 @@ reaper_license: ENC[AES256_GCM,data:v+3MRFYfshEg+v/wrf5kYY3zIJsQhl0RUXaOw/VmbIqjswH0aTy28UsU8rt4+btvywpb4TT9ta9NkBrnsHBgE5jTnIrnUyt6NJHOSnA/I9TUzvumg6ijKzuu86w3uahCwlPE/ZBrR+BKRM0pK5d7En9HHuNTNUwVrmAkMOk0YeuaArWu+e50CWl+Yx84HiNCP7BgsUbc8Wa9PZMinvXpzwd69WKDmsVdVLGnHPxTJHFTH8/8XAV0DrHbW4nV/xUiFALTURWqbyZlQpcfMjSHDT7YNq/c6JZzU4YYFZOrYrkiUPAn5Zjz/r/XcdteIpai2wZrgRir7/1Vxhul2wK2Ku0Z/66JeNxj2Tk4/CPcWQIbwZF4k13Z5x4wm8duOWrDgnjSRRwM10TSeERP4KiFsIL9xFR5MATYsUD1gTKtCDRN8SsO+/NGXlUn4nkN4tNxedxeRfGNmxwijmkJ6RTFwdcKwUh8KHMh/TEpGG05/hGZ6Z+Q7/5QsT+wrCb1kMwFZuEjLMCNyT+wBy6G2Ns5pSyiNwFRXzqYjYMqlPGliZOaaVZ6HWkthd9G7CiqYbP5YZfI6VspbVoqc2FDvTvf65YBrh8VFHWelwbrbnWX8/glB8UWNp0pwoTxM/sjfQLwXNMmb/EGU4X1SYbQcPe4gNLuspDjaqwA/g==,iv:tq8oSvqZTmy2pZK3LhxqBM1OZG3x+LS4ov0+lE5I0B0=,tag:J/WTEMSjl+EYZn7HbifGMQ==,type:str] -ssh_config: ENC[AES256_GCM,data:lHK4qHMOToG4LzWwAeJ7nSwHXtYSlaCvUqsch7+Vvzn7kpuE8hFphw1OVbbUOFl7vpRxaJ06ghjE3qSNN45J028KytI5nVVGd+k8qjvhrsp2Y+j0XwtpGA0C+dXUpIdRQcdFx8jZRBqej6ipnUl1e25Tt5XZs+aZfdblql3rw2tyYASNyYszjvJR/5LmLSIaJo79tao+gg8yOR5T1uLeS4fcC5d8V9hXSE+RxaBZXyAjBshowADMCbUl2R1FFzRVg+6kp/GpwsQSNZrDasH2aWziwZmA7h9rc2Kc2zMcZeiQ/KUEhq8xj5fwsSqp1URsZXvv3kEdTKceGI6eszHNsqbLipkTXmK1LnyfZrymJ1oToL3REDPd8La7wRyrSyX7Eq32w2GgB2eGbQIdEAE37XkK7wwINO6BzB5mdyo0PDghvakTvPhxnp5d6raogb99H+aZwDD4Rb6kmTpuZZdedtuAOqXWREq7+BQsC501inIkcDcJ5wrOj+6HNttsA5BGc16vrSRw+NX++E63OP5Mjbh6LZeWPRutIubIf38nis8pcBtvzhOrt/fWn4QqWMOJ0LdEXpEU7GzETq4klwg+ohdDCLGZqa1WNTmvNQUslxZFZb7J+2Od/MxVhQg7VUxlJZrvsht6oKzBkDQXHJdBtMDsxpkqUhO65GX8bSdiJp62j2aiinQ7P250S3dGwTYHzDC8Q6KpfzHGY+YUa81soggjDLAuViCFYqnvXK9egKl8G/6WiDDo6O3gv/csywcMUSVR+AFGFH/SwRMf6n70nFHkUO+pNQphONKZQoNMV9TA53K9ChUX/7lG3AQvfe2jb2MGYc77AY6+L+vzzNw7o2Iffjy8fEV+Ytq4rQaqxOqDQwhOUWZcQo6k1pmtbXVzPgn1b6VYq/RHTG2uw8zx1pzuesofh6GP5TmaNoWNxKN42J8jm5AeDmuuFoOBjmpUpAzMsmf4g5jZiZRGjguZDo3laVATNXVU8iYNcMRsH7wzPIsMHn7+LoKcoIX67/uD/cURUX5HFBQJUKkxOAk18P1u2pLr59Lw4zUA6I+tPZgN2iyxe5Nn/blXI8KPWXo3l85pdJEYgZzEVxozCUDrEo0ESgw8KdY6JzLctkreskHg1AwMKCe2udO/yInTipQH2pOAv9+LOzZylBZJaYgMo1+G/lik8bodK6/CuCXo/rPEky0CejN/k5E6QqG2uRTqOD/j5k/E+dV3zVtXcWHW9NvX5hOkmgbTN/cAtGiEcAmfDyOflJ0nUBLGtTAB0zlEGJH+M9B1AS1BUWW2J9UJ8GIsAn+5/iu3RsB1/mNCtV2BWsCzIlF9BkRybW+rpWXS0ubUaLK/ckQ2/uTfqLle4asQofdY5jhvi9DtoXv8rpREDRPFfgNz6CtjeVogftDaywKLRFC7JU8DRQqzYN3nz4RiJLrG3WO6L3rxEADY+vgTe5Jy4bAz2yUrLwkM8iP7SgwbHAFWxXOWsdYkZt/xbZ/mydr7X9ZAAM9TaqIzYRrR2yIFPRhYjxhn3V2uuonPykKqx+cUwUjUIN8B3tcfuXVpGv5A1zNoHv7iao1LrRE7J9n83ZeSbSYh1cnHm0Jkr9xzxVuV49KVYySIyi2Afo4+oGMFZHlZ/8d1bqCktrInFNBOSN3s2Q==,iv:oe6PtLmY9V4QuhuLrdtMMQJFsuaCC6XoPAWlGlvmSFw=,tag:BrGrA+jVCaTN7yFtl02bVA==,type:str] +ssh_config: ENC[AES256_GCM,data:5ciD6IiyavGoYC6Zf7hza4K++99veSMACNkG8CblMQfQvElJmnkNLHWMBl5FkusbC5LQUUgP09tx9I8ZAat8j6ThMjXMAJa0TI5O1niNU6pqpGw0kjlKT9Ul9I3t016KFevHPCa4/E82tBxgl46mAdPy+CqGcQyMqqvW8A0Uu+kDo0pHgCpVXhNlJXpGpG1JCaf7A7+ejQAAG7Y7tWwoOrrm05c5hwOZQ5rXy2halWmTP/khcuZ5sKVYGI+0peVLpAM7rx/yHnARRSXyswMv4yvbS7v1nKVy6+F4u/ThaWSh/gzS7NCtTFGpAqvxOfyMqwwdE/eIVeJItYK5/9rnUCMBUbmxjMsnRe7/uNi+x6kSZOWbd6BGkD18AkgT3Skp+M5ZZnCi/Z6wOrOTmpeg9GUMOdknvaLx+C3lpAJv9XE6YrUMfZf0gAaEhq3OWP5Obj3VwXCKSkuXbn1pp4bxicD/dJZMY/lHl6tNDL4q7VCssJ9PwQHxfWcZbSpqIxR3tPgi2pP+m0Y5gNiNew5NBw2cWMARPkZhMpt4puwnlx7c/Ooa9j3s59OygDhG8AxgjzcMHBV+ek2KaHQoruyOJJjQXrwX5JWNDEtlUTKNtjhixLTBGKCer9PUtMEmUyYiAD0gG6rwZLKN8hrIhjAHpJ6D/fB0kgoUo7jGWgQ4smC4n/tJOL1uPLd9Rl1mKY9CXI2iPL8cnxSQ/bSTp+mvYAyIX17s0o/tzHRUN4R+cYVmbEo5UpHJYRMi53WXALgJx3CVj3OMqdwfUx/fLgkBXrn24PYMkkzXY79Kp5NwlOrsxFRE7dv26pPRmNYs9nKymw5ICWQe+lbazPG73ehXn5iRMSo4nQ7txPEts82Pn/MsiLR4SG1m0Hj7IPfdCCNEIq30HXr9y2BydUzXtqGWx7Lm6xwkyEgPuIrBgJL4F32Ko/JLLRiCe020g6LQifm0O59OJmNZgpmn0mJv9RR4H6tL6M+DC2QFM4iyr4WNsDandzWolhoRJWb8b64/c6YL1EbykaKN5LKDH7cvrwM/sYG6LJmv9cHuieDf1cpSaUTq8M+ZKCkG0tlqy1/mAWjElB8ReRWUHj0n6iK7m0lSyjpddjkIaFBClaoySPNLrtigMl9t76e9Xl4ZWq/aC+w4dHuLsufVDC21x68bWlWvIlxkiusHo35uXpXHAFO8HjBNdz8vEEW3WqWsJMZLxXB+wIh5Mdsy6VB8c+u3/3PpnOx34PuvIBu1Y27JzNkuOvozER7xGXwU+ZXN7ipfeDxjJrqbrSyRjmqOzAdz2FB/XhEFmosHetWR+tJVivFmO3z3+Xn+FuHijZ6MQdDMNYbfvzFtzkX7P502agXR6EO3eRyaLg0etdXuhUNu1inmxLW73VBzgeYcTmQuvHnBtEl338jwWesUgrW45yGUCVaFtEWAwOxOe7rs//pm/unSa3JZllUILEBTN0aE46ZIKHKMMTR3DPIRmNOOTWovRQHdKBefdMbC9Havnnz3/qeJQs8WkpGQk9zE40Yc9Sb+U1G02/W3iaB54piY6dch4TNKLtZ54jd0tg44Fyzy9rKuH9F0Ym9r81KTwK5fuHxHr88kdg3JZY3cyYqyUmJ5pzIjAa2TV417sOoH8aI0qknwxhRBfaghJKgizb0/WPi5XuVHN1l8MdT1/JCOkQn/d6VYt/R3yP0sDcI8hqegE+DWLKbqSMrdMJOh5gxrbn77boCYkoPclEzrIQVyB4PsbLUE,iv:J0ThC/EV3diI6wAeI0ZhNaGC/bkXjnuNJ4s2wy/sQKs=,tag:QKndY5DfG7RZO7OsJBhHcw==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - recipient: age1a9gp70y8576pkvklz2arz6h9ecnrjeue2vvh9mvvk92z4ymqrg4qdqm9va enc: | @@ -15,8 +11,7 @@ sops: cWx6Z2psUUlobDdFd20wcXBvS2tUaW8Knod4aI4/qOIJqMr2rdQzUta/G3HDFif8 LoREomHElDv31FYrR1EVEr8Fk11hhkuZs7a0iEzxTxPe6CjCiSfqbQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-10-16T07:02:53Z" - mac: ENC[AES256_GCM,data:wAbaSouSNEIt+gpRhtJ8Dcay662f8p/flpVz+YCYmSXXgm8AXVJfWOCnKCLM5WC6Uge9tZVlAli8oYdJ3PcKMqE+0dSXH0haEi3uenhvOxj63eLLIiccDRjOI45OJk+9J0ilKsqiaP7S1nnY185DCDtgDdLr9mOZlpBrHZohKxw=,iv:ue4DD08RllFhDZHf2BlsuFRouM+596skjXw9KQxMs2U=,tag:7gU9N7pwl/VdRMr0ndpRug==,type:str] - pgp: [] + lastmodified: "2025-06-05T18:05:08Z" + mac: ENC[AES256_GCM,data:QbB2D1urwDo7vwMLqDYpNgopPoE70P5to7iqVyALUmOVwiOJeARKO84buMLHDNQHG1pCGf585UaAbvAs+blPZ4rb0O5f0Ir5nughtxZDg+eE2lcdmnUOxE5nxI1lTsOof/aKtK/wXMPIsLny6HKiJW6aDbtmItgjA7CP0Baceto=,iv:obWptKyJiLKHdR4S5JgwpwdXJNceFa/k7GUgf9T9QtA=,tag:ogak476K//OYBTwi7unqVw==,type:str] unencrypted_suffix: _unencrypted - version: 3.9.1 + version: 3.10.2 diff --git a/home/nipsy/secrets/caladan.yaml b/home/nipsy/secrets/caladan.yaml new file mode 100644 index 0000000..91df543 --- /dev/null +++ b/home/nipsy/secrets/caladan.yaml @@ -0,0 +1,17 @@ +reaper_license: ENC[AES256_GCM,data:r+s9lH3dvz3+Y1G0c0MKGimwjXnPf1lMT/E+39MHmyRzQaeK1Wvq2aLMKdqpJgfns5x3jA7vE1zV+dhZMMkc9nks6eskY31R66Zcn0SgwoSx+0tIRJ5U/Df8bvbHk1Xt5YO0vSpoaWvKg2KwIrQFmGoWBEogMG+mvmTahBogZOiTUIHrJZMQu6fBrcaNASKFNTVfHLdmjfFr5qWEOIhydXMKprFDPII/orfr3rL0oUzXsT3hRgGpp0fQm1i2cYIenYh0XGntxYjwJkYsWRV4hbzdHpft6q0nFatknwaKX0kmdQAuBs328xo4c3tPqp6QpEUD3NCGO9F/i7ljQSbsYP/EyQSTH5RGkGBQ7WqYtdJn3Jnz8okFntrq9Fpcw5rOJoCuINa328pDKvu2pbOIoAM2oSZIJVZlz6MFa/MlaiuyKvoLgxceLugG82auEWry9tPIpyIKA8TOqbaDjyRsFuIC8uEPgHAMipRcwnFt4kCQupMi2GiHvCZ3sP0utBEhCb+bHiYL/ylI3TJoNSpCPl86QEvCNXIdUUBG7FdYtX0UkE/A6MKo1whV6RTGmrHQuaa8IQdJbXMZKraY4nNarVWM0VTB22jRJ0RIE47Ax+kjIme8Y82i6gV6Y488rJiGDIo+JrHNN47nn74SOt9TQQUcG4vOYhmX9A==,iv:RT0XBkthKkM9MapVvGi+FdxXrEtwEU4V0WXJb7EP9Uw=,tag:esy7aQXzUtrdTkYYVGCDmg==,type:str] +ssh_config: ENC[AES256_GCM,data:yH4Ul7wAwj9kJwhmoQxMAyjLmELKRI8PvoheDbiUjr/7jXQSTSzlNIQHQilhJg6clezveC4q2fYphynn/YG9Q1AbTCTTqt+PuLABQpPPuc2h7Zx8cp3m5bo8tx/ITZTcxfjOB5QmeBuxuzINkQ2gKly0FOFS8Ha8PwxLUaQ69KAg46kqIxuk+zeNy8CZw5afhDkQ2w5nsXmeJkP5OlBqe8M8Wh4F+1DrG3ymFqSjZLfcY3V9cLEMCknFs9gJoE/n3fNteruuLoYw7rD3+RQf0JdtTP6Bg78zTTrr2LsCTTM5TtzFDngSa6RjMST0e9PVoVWD8JKZ7LINYA9SOjyfhCxGLqrL0H0uotB2sGZseZPdSN3Teek7S3fdUmjKiB9LW4w6T0QwTAlYpPyrLQ7YWuQnxaKIuMxMxQuV26BljPt557bhIcNY9EV3gnzD9JNXVX9Qg9qm5UDmVZtnWPsg2ykhecwiDUKQdNfi1+tz6Dkqri1YF1INVBuud077wdsVfsDPtAWTTu5vv5nEWX6MLlGkGy10VuXZabL9eD96aRFbx4f3Jsp7KGdo2+IrQXkgeOdsOl2BUfpO9BJFKcUbqyVBdOdjxGA/9KAX67taiA9S59Dzv6VL95v6radNB9pgUwoIO2ZtXB3qhx+oIB9a1F9WlDtiB/TmaTO3jHWw43QTQFi4BXj4U6glJYJQgzbPjY+M/BbxvurW3Xwkxa5wsBT86ENB+kRpC5AWA/LeoQwpicyPlxmb3juHWM2/lMsw50BwmFhjwzxZrYS92+AUQpVC8s5FFNY1h4i0oRr5E1JddNWbWGry2y79yl91NomyF96tPmrZ5NdYCSYHm9dEbubp5WaaJNQvU+3XqECQU6YHX4dZuDw+ZwYPdXVtInMp7YfZ+PSacRuAsHeb2cuSOx1d7yjPgy9aaGssJcn+hIfKLGMmUypkKEfKA3IiFBh0ChQ75vQQ59tNPiu6RyrZxZLJhpctIBQQXWrsrd4NSiZVyR9gWmQkQeZjvYiFnJKGMFAk89sEA0qFuUiasH9eKDRPr1BlO0NwKUv2UXSK9pu0HdtJasi1LLGsLQg3QOL0hnwoOsrCBHLCD15x7BLcInYhZUucDQvEt0JdNMJlV4iF3fEt9kEUJmuo7JIpYLZYI7P3z+C/IiFsX6/erIal+Ycj+1tHQJi0YwBGKkkE3XPZ2RXqzKrhu/m7FBiBLSCOsg2IJ3NmUiLa74KCwdDSLn9wdkOKN4RMijFfoctopf75SsaJpdR4Y0K15q2OzBN4P1yZgNiMUCF9Y41qlIqbX8JE0ARiUs9LXFBdt+0oc86XUy1QEcFdh2IDbHOhJFlz0gGLryYTMI2+6P6lV9Iw8t8S2dM0P28vqGsqz8QNIhcBJP5mpdHzH1c1urnXQZeYRN5VVV9y9Yz9Gz2XFogsMqo1YIuPIf2GNwvDrgz3kQwbBqqLh0aA6+bbwq347f3CTeA8QJjtv9/a3Bo8EXZJk7eOEFcH9bqiJym7Sqg7fGPM6BnqGb80AnjFe+MzRCVBOElJKwzbodpSs56W2ZpZnAuhMBB3pBZt8hs9440waJHaW/nuGxrHyhqAbdr+lf52Xzrhz898iTstvvFnKpkSBZII5WujWALntFzXC2+T7bFG+b3TUFeCBiSz2AFeq4HkJIIohXO+35YVOnQfcmykcf2AdTDPRH5qEKn9A/cx5Az1IdlUum0yXYwMqtEzjDrnjCLS2LbgtmPZ6rA1vYlQDewKSD2qnQUpJM8IF9JFtWbqXhrWOg0Y6EajprYxgp8pP0bNrM/t5BKwfJEPllZ5HEIIRILCQ+HBAF5pM/KZISN/KZw2Disz533qCC1PaqRv7YFXXbvk8OzepGOszctfl4UBOsfWww0a/oqj2UmZKFxt800MdY976kJ1LaHDb/+jCtFu9WslyMFRy+l0CIrenGbdZpqnhaUClpYrrvzn6zeYiQRmzjtGGEQykVLvH4GPpKjWeyza9GZ1B1aI1+6Sd2/Zl2CwSZvZg2Wl6olvazifVdFzH5xwtlKDc3ABrDUKPWLl67213PQNBMwBrqx+iDuJ76FMQwE=,iv:sZejEGs4211FBCUYZ9IcZjOX4u4R+NW76/tMCvGmJBU=,tag:bHIjCMuI95eM/Cg1XdfMlg==,type:str] +sops: + age: + - recipient: age1a9gp70y8576pkvklz2arz6h9ecnrjeue2vvh9mvvk92z4ymqrg4qdqm9va + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkSUJOMDlTem5jNXVkRnIy + TlorQmQ0ajQyRnFYQXdueVhvNloyaFVabUFVCndDOHZDSGVyWUNQRkd5ekEwbDdz + S054ck9IbDh2UGRjVlVaV3N5dDVjTzgKLS0tIHNjaXgvL0R1MmY2cGt4NFZ5M2J5 + dnVlaUtXRkJOYllweUpjRXpreUI0bjQKdeI5T4qxmRk3goiHMfxQPxYyfauY69ea + ipFJuEzDTg6XdQvpwmmBs9N+QM2diNUkuxTOd4RDN5/EAN0h3fEhZg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-06-05T18:05:52Z" + mac: ENC[AES256_GCM,data:tRKW7bODDlA60O4UjY8ufuCm+695PVsX0oscGce5AIU9EsstMYAW6Ny6TpgBfMBvfNiNLLyKXQqEylvCfD0ZwbwM6cAttfMgMM6kbbfyOT00CHqrwC2as8MZmJHWcbA20SwvWBFPhhxJFvn9oP2BClU/IbaMdRi7IbqxIl6WNxE=,iv:cjaFEUfp206d6cY40cPlfkvZ9gyYhbAPoQ0yYx8ykrs=,tag:Ac1+FjrGjV/KMaLrhsA9Fg==,type:str] + unencrypted_suffix: _unencrypted + version: 3.10.2 diff --git a/home/nipsy/secrets/ginaz.yaml b/home/nipsy/secrets/ginaz.yaml index 21d2933..5ace25d 100644 --- a/home/nipsy/secrets/ginaz.yaml +++ b/home/nipsy/secrets/ginaz.yaml @@ -1,10 +1,6 @@ reaper_license: ENC[AES256_GCM,data:AfhcqHqVoIpIxKP73VYFy9XYAHXdUfXqswX/eHntZQTka9HwhL8Dz3KXUffRa179hFhcarVNapAOujPOLS4zCJHXbMEAY9aAVMAaQM9ID73l5EFErJ/kscfQgjM5oBEuAL6H/rL4pO1I8JGMqPLAq1gyQFJhRDoLd4hKOJTRXPBY69mZwtPlEjY67Jl/7+jv9neldNHHmDqPVAO+tT+wFFAStAIZ/o5kuJxPg7Tc5M9hxanKkJVQIIZ1HJJyMlS4wCTPyeGIXEcR8XWP9tlfpmE8OUirCvME4lYMwNY6plxoHMhDuWF6OGIcRTPv1KzM1of6iD/bzQbe+z21r2R9my5j0NwRQKUGJS0bPE7snlwvdCrvwJm7RDotVrumOpiuuzaVSoXyFPUQe8EEF3rZlfXlysxpSdBKNTJz+f+i4clFurcznKUk0pWDKMefcKhYzs5x847iPDoqnR89f4B7v9hpCdwZRSsHyKncbz2p/zFi5LLuaBd4jmFKS3aOI/WlUFeUfhicUh1iXgIMTzvY8yZwpaX3r+XOBIOVxIyAipgoNXoRsi3fMfdlMXtR3XIiGmhXRJNEw4Lczu0qbWl4bDCaMD0sNKMPMiBJyGSnw1fspGLiZIKGLMb2DyGa0s9iIfjU0uKA7o/TsP7kE6T5XGq1kp9Q7LpJTg==,iv:8Z2o5SOYPbFl8CBpcafvVjZUMPFJ+6atrsnJVbBljgE=,tag:TsACvre6dMgPZsENgcYkeA==,type:str] -ssh_config: ENC[AES256_GCM,data:3liYuVh7teH2UWRU2ggHvk8j2HCf5BqIj+XVrOPbBXPcF6y5P6HaVbGF6ccDuj59WyqrNfQV3PPOm83cHz7aYydimKUDg+qx2Qs+brD1S0gaBjdnTmq6tdpLXvyWLBjgmioTARyfm50sg+iGkqNQyVmaMYoWxZyvoE7OvECqG05zp8BC/udsFO0JRCvQlZhHgFhppVRnBEHsi5r8k2ENjswjOp0lx9YrIwqD/pMaD53NbsiP+74SD5nWAC7B/NnnOi3MbKPWiXPkNr9YMeGojTDyy6Y8Ie6TzRKoD0TiLLqOArZY1N+n0VYnwdGUsXoRSRH0WgDvMJ42dEI1LswBKby83PXxRle/GxC3XZOs6mJW2aAzCM2ZF/CAE3SohuWXyRnCT52AHMq4Ctnhodim+0FIvlMxK7JzFU+a5/ceGHoSlm70w2iq4HGYxdZF48mPXrEk+xtyUQUpgwu54x388QNBhKkt+8XssnwzachCxCQLJu9hztZQtAsU8JTglSrgmwmtzBoSleVHxfTfMMKqGhJ3MyZZA1e9XF+muIi3gngilUF6qt4UEcepWZMagPlV/8/k4iwjgVXskcpjOBo5HB63IZxsx8w/SAim+1KKD4xFAZQhdO+7UGzpc13oSyRujHKEYuT19jvYTmu+0NDuTfkDVxa9Hou1/BMLKjAfnZgXtdPgdjvZMXoXQbi+jFtvnCtAgLAPe2bENBXVfoqE/ZQo8IzJNEOZN8ZHi51TUapMjoE8pM5IO0Jk2ulBSgsnzsXDwQ1ZqDDGxDzOz9aVRnd2VqbK4krIAWVA519i5NBps3fdqkDASbfYfo0F4a1VfoywTwk4ykqRKLbd4UL5oDi062mmQ5u4Wr3s3sHH1ZOJlyQn4d0CfREB7ruX9X0BhASkmy3FsHUpDy07wyMR/qY8GbAl+TxZCLBQEDaLIwoGOwii/smFS+A1B3xWmGiosSTgySaKkyObJkI6qUQAHP9jo7cwTAmmvbj+eHjC6BNmXUeqv35KV88YY5chAamS0w7tF2XhA0nxAHHvGEElIUyUmLd3Tzn1PO/O+c9XQLn8ROmQ5SnaLYuXAlOOFxne4gqMP6aywI9kJ2qpmF4eedLhrjT+rFS05NsrE1S6oVVRkGYy2s3IYciX10Ib2v6vf2UOshUHcb1V5bicz0r2qlxwhM83+eIpNmrO0GQCpoihl3Uz6Wbgv6P7kHUKduqiBCJuuONpKnHCGFpEPMM+/vrG+8zFBzTKxDDGhpSO7ZgyzHBBgIsbeiWa1K5V3eXxD5KNch+s7m+brfNxgReI2831ntSRYgbuOj/WktVJv76fEMIt9YxwSEG6sq6Zx9C2gTfWodMQ8TZ9ck1xoegqHZcPhXtt6QsrXue6NIIrFLwH3CRz0cqgQz232GUwfMpJ9pKc5WsV58dOCmkW4w/hvalraA3Cd2QnYAfGdb2l59MOtpsFDO6rGg4UisrGuWvYRiBze47NGz0n8UFmvxNOVll8AJzz1h63QQeENx0WHcNFsdGzof7nvkbVkF87b/d9kp43w1L6j0LZ0BLKnfAoXBg065ZAR0TyiDuI/r+A3HTxmUGwoIlefUVFkZsODTOhiftKiVTfOfV0WCmw7aw2nWr/92ZGTSzEzMg175G9EezkINCo/NRh3umLHg3YvUMWoGs4V9m2F9wkL+fL4uyM/OYovMz8a1xr4HjxgxsVmd31nk3iIaE/Ux9T//w08IZ1PNEDDT2EH8oSqwciWPKuwbIVxlKBGyn3+LzFf3a96Lrb163/OALWlPBx3cXs/u/tyCPtRuuCTvfFDGcxSGLFv3o/XVV7Fvwg4Yv/u1z1CIWby+H2M3rL52V/iSnjj9tywOThCu/Qkjf8eadizyF0eeCbr4MOVfSv5l452C8BrINGq0aeznlcC1bP7aUsIQiuOKeXr3lUmbJUTRRQ2WSaD8uaxufjKkW/3CneSw==,iv:lsjEeTnvaMA/gpJnQ8lNmQx3gHL3VesDm9Yp/hBZur0=,tag:SDs/rGbM+NiZmQWMGspvMA==,type:str] +ssh_config: ENC[AES256_GCM,data:IdQuiUPF8VvgIgLh916/nLI7T0obkkkxclkVQAS3Q6x2wFkR1rOQTl7nxr/pXfnoIoNu294QPvv2Lt6RIB+5eLgoMHEw0LLZ9eyYcJbbRzsuF1gTJtwk9DRZEhlrjzrb3giFDrJeC6AsAfousqdFNqzR//M6YkQA/YGmN5zR8nhj6zgRbeemzBouh2gLLxppFM14Ttc1sTibm61smHKZPwmc4f83S0jdSvffhQmy9EwfgZZpIprcibbfatdc6uH4+nn05R8Uz10few2k+uDZVSTTAxOqNWrpLebfB1dLAuwNSxuz90EnC0hD8O5Bxs6yK5xHB3k1M17JeK65VB0t/zVM99+3Tx06YvmuyeBu2CYrZgl2tMPiKg0PUkRqPDSXhj+UfNAm5r6KWqT7RPS1BjOveRwkJauhzNZJ1BKd6K0gG2vKja/ERf+oWiw3zOpzbDCiF5aBW8XYb+TisSdMlyaA1xfuYTmYZtxz4el1Ra34t/Dyy4OBn6bgmYziP6NoLrWI0Qn/vWo8YJJMNUaHgCNsr4/90URzhqfw+GFDK5FpdIAm+UDQOJc3tS2GE7QIK8+KzLzU4ujq+Oe7QW27u1U1jVprI3Z9bT8gXjY+f1STqdJF+mXFUu7CkiDS2kUIJGaMHraz2y59YHK3M49+tKYT5uCq7sMT4wD/X365luecSvaO0Fpi86PTxOOhtXj+/cRTUzdhUHoLchq1ZOZfZEZRb6K49YoLQHR5JFC8Acb1dJARq75KAmHW0T7+K8rIsxFpmgwXTEQpMtaU5EbvKIGZ7khocS+mSWFgW9yukj54mrvNSsM4yiXex/xeOTfw2+obEeFfVmEoZScn3sLs+Db/tuyKu8TTztDaBUwjvPgMearCTtEXhE3H8UCFeI5a26Y+74ELZJxIjINS4wmHVP4GqUfbH5WTXOj3ljmc7WvrpXN1g7Rn4m/G04OS+XR9gZJvStks4mWFzJa6xJOE2y3Ce/2glmV/UP64deeDPwI2Dj2FAdEey5Ijinbr40brC5NEuOJXiOVu7SlFGtY/spoIVl1gcqbqdqmm3mVKQkV7W2MMcUCHbaIwlvVVLr3KTF8YPr1RFIePzTGtmCRrpOmIZ+E0SMVcmBMiib02deYV3VDGetz28wTbJ55mBjRQApRKE4RfpwX4z0j1NemyasC2Ma9plohUWqAKhLkjcOUJa8hqw9Qaeav10MPasuuLhP48p0ShS4hlFqDoe6mjjCauvfDQRBqB599/usnFwB42tMUzwgEGRIVll/eMtA4TtnSQ0rh5loxIqztOlwD71jsSJjKol7+SJQj1S/LmLPH0qNbL+RhS9CvA+fHe6qDAkE+UhiB8hJeck2QEba3PPvecFk/pZjNEZXUS1OY4BD4X8VQyNyDkywnw45wPxdCpRU4eMk74/gZjp89tVpvZerrKXgdn21/cjy0fOjRGBAD+SNHP/IMHPbkXSvX+UOmVYFzme9q0lJK8bzUjqi2okIuJMzjvKdRLPGibKxW+6BA0g+sog0Le5b+M+SIfGy2HO0v8QfNlG9toup7lycMD7we/kt0rYohScNk8pXZKOv41jVRf7W81bOpet/wS0atN2Pb3+IgMaoDTU19zZJOn5m7SdTSq2TuGEXQC5aJiDvDeaAtR55rFI2/v/L/+30SHRWpOkT9lxAbvAcjK890T8uhXkwjNQj4sQQT9nnT9UaR2dm4arIe4JS1xLvP+kJ2C6zv+b0tul3WR+oxBz934hhLGE3p1oyOWce6tLEjGFUmogZa0QcPaX8XYJD+I0rGSlZPVqiFmTl3QkewIHd2rddWFGYD5qAv5yJH5zRgL6XBKWvxLc4A+DHYkrtjN2Knlr0cn/DoxJ5tu3ijzd2+4R2NLmf6ur/Bo6zEi6MJQOo+OSSWhXpyg9GelHRkbWjcYArye57kS0lSuQsl2lhmtaoQrL1Wr+f90s6ozy8smhA==,iv:efBxf9iRo29LJxFyGzTqPlQxN3cKxnim0a9x4OkNueU=,tag:SXKQZJuOJlqVUbRNXldaZw==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - recipient: age1a9gp70y8576pkvklz2arz6h9ecnrjeue2vvh9mvvk92z4ymqrg4qdqm9va enc: | @@ -15,8 +11,7 @@ sops: QXRkc3NnamhWcFd6eS9CWE9tQzRpNE0KtEdfws+SlXPk7y7FNSx/9ogcZZneuRaj gnI30NcSbuHhWVvu9BEzBaoz4CU0slxvevOe6nNDoMzFhVacGTnhQg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-10-16T07:03:15Z" - mac: ENC[AES256_GCM,data:nFprDmU67eSEr0IKe58uC5AXwpPcGcug1PkASgc1Ep41wSyeJ+Y9/ki3ahu6BUgnkKyd7G48tC3/5Vn3+oNidmb185pw7lwcaYjPFOtKihWbgRC8+LuZCsaDMxAEbOnxDurHzzC8ywSLfDEXNDxoZ0v4m3bBQjDAP+7CghWafnQ=,iv:9qVYTef74T1M1Rca8tuUxovhWSWFs4SjE8ClwbfjYQs=,tag:BBC9MJajtSR8lDQYWXk80Q==,type:str] - pgp: [] + lastmodified: "2025-06-05T18:06:46Z" + mac: ENC[AES256_GCM,data:UQK2sM/OS8R4KWSp1DvgfqoeiIG9esZ9mDoaLx5qVg5zFvTDXgJ1cSOSwFM7lrXX8v+bHY/WiFR70C7kHXVEG3UXYagOuxqGncFnfigA+VR3TGMaTRnaRV0EQs9HuscEj9z8zngp5bZMUORsY/334VKz8tF/+vmaDwRtOVU4GrI=,iv:a+eSIBlFBk64BzMRcJARgE/0MdOa0J7Jybr2J1YR2YI=,tag:eCMdgVc0b0M2+OXJV76MJA==,type:str] unencrypted_suffix: _unencrypted - version: 3.9.1 + version: 3.10.2 diff --git a/home/root/caladan.nix b/home/root/caladan.nix new file mode 100644 index 0000000..228bb90 --- /dev/null +++ b/home/root/caladan.nix @@ -0,0 +1,14 @@ +{ config, inputs, lib, outputs, pkgs, ... }: +{ + imports = [ + common/core + ]; + + home.file = { + "bin/knock".source = ../common/scripts/knock; + }; + + nix.extraOptions = '' + !include /run/secrets/nix-access-token-github + ''; +} diff --git a/home/root/common/core/default.nix b/home/root/common/core/default.nix index e2ca7c5..3043d2c 100644 --- a/home/root/common/core/default.nix +++ b/home/root/common/core/default.nix @@ -3,7 +3,6 @@ imports = [ ./bash.nix ./git.nix - #./ssh.nix ./tmux ./vim ./zsh diff --git a/home/root/common/core/git.nix b/home/root/common/core/git.nix index 49e10df..31af80e 100644 --- a/home/root/common/core/git.nix +++ b/home/root/common/core/git.nix @@ -1,6 +1,7 @@ { programs.git = { enable = true; - extraConfig.pull.rebase = true; + settings.pull.rebase = true; + signing.format = null; }; } diff --git a/home/root/common/core/ssh.nix b/home/root/common/core/ssh.nix deleted file mode 100644 index 929cc51..0000000 --- a/home/root/common/core/ssh.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - programs.ssh = { - enable = true; - }; -} diff --git a/home/root/common/core/zsh/default.nix b/home/root/common/core/zsh/default.nix index eaec714..58b0c34 100644 --- a/home/root/common/core/zsh/default.nix +++ b/home/root/common/core/zsh/default.nix @@ -1,3 +1,4 @@ +{ pkgs, ... }: { programs.zsh = { enable = true; @@ -19,8 +20,9 @@ export COLORFGBG=";0" save = 100000; size = 100000; }; - initExtra = (builtins.readFile ./zshrc); + initContent = (builtins.readFile ./zshrc); shellAliases = { + ftp = "${pkgs.inetutils}/bin/ftp"; grep = "grep --color=auto"; ip = "ip -c=auto"; la = "ls -aF --color=auto"; @@ -28,6 +30,7 @@ export COLORFGBG=";0" nix-list-derivations = "nix-store --query --requisites /run/current-system | cut -d- -f2- | sort | uniq"; nix-list-generations = "nixos-rebuild list-generations | cat; echo; nix-env --list-generations --profile /nix/var/nix/profiles/system"; pstrace = "bpftrace -e 'tracepoint:syscalls:sys_enter_exec*{ printf(\"pid: %d, comm: %s, args: \", pid, comm); join(args->argv); }'"; + telnet = "${pkgs.inetutils}/bin/telnet"; zgrep = "zgrep --color=auto"; }; }; diff --git a/home/root/darkstar.nix b/home/root/darkstar.nix index 72dbda0..7399284 100644 --- a/home/root/darkstar.nix +++ b/home/root/darkstar.nix @@ -1,5 +1,11 @@ { inputs, lib, pkgs, config, outputs, ... }: { + home = { + file = { + "bin/knock".source = ../common/scripts/knock; + }; + }; + imports = [ common/core ]; diff --git a/home/root/fangorn.nix b/home/root/fangorn.nix new file mode 100644 index 0000000..72dbda0 --- /dev/null +++ b/home/root/fangorn.nix @@ -0,0 +1,10 @@ +{ inputs, lib, pkgs, config, outputs, ... }: +{ + imports = [ + common/core + ]; + + nix.extraOptions = '' + !include /run/secrets/nix-access-token-github + ''; +} diff --git a/home/root/kaitain.nix b/home/root/kaitain.nix index 72dbda0..cb4ed48 100644 --- a/home/root/kaitain.nix +++ b/home/root/kaitain.nix @@ -4,6 +4,10 @@ common/core ]; + home.file = { + "bin/knock".source = ../common/scripts/knock; + }; + nix.extraOptions = '' !include /run/secrets/nix-access-token-github ''; diff --git a/home/root/richese.nix b/home/root/richese.nix index 72dbda0..cb4ed48 100644 --- a/home/root/richese.nix +++ b/home/root/richese.nix @@ -4,6 +4,10 @@ common/core ]; + home.file = { + "bin/knock".source = ../common/scripts/knock; + }; + nix.extraOptions = '' !include /run/secrets/nix-access-token-github ''; diff --git a/hosts/arrakis/default.nix b/hosts/arrakis/default.nix index 7385eaf..f9e6ac8 100644 --- a/hosts/arrakis/default.nix +++ b/hosts/arrakis/default.nix @@ -2,10 +2,12 @@ boot = { initrd.kernelModules = [ "zfs" ]; kernel.sysctl = { + "kernel.hostname" = "arrakis.bitgnome.net"; "net.ipv4.ip_forward" = 1; - "net.ipv4.conf.all.proxy_arp" = 1; + "net.netfilter.nf_log_all_netns" = 1; + #"net.ipv4.conf.all.proxy_arp" = 1; }; - kernelPackages = pkgs.linuxPackages_6_12; + kernelPackages = pkgs.linuxPackages_6_18; loader = { efi = { canTouchEfiVariables = true; @@ -16,98 +18,94 @@ extraInstallCommands = '' ${pkgs.rsync}/bin/rsync -av --delete /efiboot/efi1/ /efiboot/efi2 ''; + memtest86.enable = true; }; timeout = 3; }; supportedFilesystems = [ "zfs" ]; - zfs.package = pkgs.master.zfs; + zfs = { + forceImportRoot = false; + package = pkgs.zfs_2_4; + }; }; - environment.etc."nftables-vpn.conf".text = '' - # VPN firewall - - flush ruleset - - table inet filter { - chain input { - type filter hook input priority filter; policy drop; - - # established/related connections - ct state established,related accept - - # invalid connections - ct state invalid drop - - # loopback interface - iif lo accept - - # ICMP (routers may also want: mld-listener-query, nd-router-solicit) - #ip6 nexthdr icmpv6 icmpv6 type { destination-unreachable, echo-reply, echo-request, nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert, packet-too-big, parameter-problem, time-exceeded } accept - ip protocol icmp icmp type { destination-unreachable, echo-reply, echo-request, parameter-problem, router-advertisement, source-quench, time-exceeded } accept - - # services - iif veth.vpn tcp dport 8080 accept # qBittorrent - iif veth.vpn tcp dport 9696 accept # Prowlarr - iifname wg1 tcp dport { 49152-65535 } accept # Transmission - } - - chain output { - type filter hook output priority filter; policy drop; - - # explicitly allow my DNS traffic without VPN - skuid nipsy ip daddr 192.168.1.1 tcp dport domain accept - skuid nipsy ip daddr 192.168.1.1 udp dport domain accept - - # explicitly allow my traffic without VPN - oifname veth.vpn skuid nipsy tcp sport 8080 accept # qBittorrent - oifname veth.vpn skuid nipsy tcp sport 9696 accept # Prowlarr - oifname veth.vpn skuid nipsy ip daddr 192.168.1.2 tcp dport { 7878, 8686, 8787, 8989 } accept # Prowlarr to { Radarr, Lidarr, Readarr, Sonarr } - - # allow any traffic out through VPN - oifname wg1 accept - - # drop everything else - counter drop - } - - chain forward { - type filter hook forward priority filter; policy drop; - } - } - ''; + environment.etc = { + "netns/vpn/resolv.conf".text = '' + nameserver 10.64.0.1 + options edns0 + ''; + + "nftables-vpn.conf".text = '' + # VPN firewall + + flush ruleset + + table inet filter { + chain input { + type filter hook input priority filter; policy drop; + + # established/related connections + ct state established,related accept + + # invalid connections + ct state invalid drop + + # loopback interface + iif lo accept + + # ICMP (routers may also want: mld-listener-query, nd-router-solicit) + #ip6 nexthdr icmpv6 icmpv6 type { destination-unreachable, echo-reply, echo-request, nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert, packet-too-big, parameter-problem, time-exceeded } accept + ip protocol icmp icmp type { destination-unreachable, echo-reply, echo-request, parameter-problem, router-advertisement, source-quench, time-exceeded } accept + + # services + iif veth.vpn tcp dport 8080 accept # qBittorrent + iif veth.vpn tcp dport 9696 accept # Prowlarr + iifname wg1 tcp dport { 49152-65535 } accept # Transmission + + # drop everything else + counter drop + } + + chain output { + type filter hook output priority filter; policy drop; + + # explicitly allow my DNS traffic without VPN + skuid nipsy ip daddr 192.168.1.1 tcp dport domain accept + skuid nipsy ip daddr 192.168.1.1 udp dport domain accept + + # explicitly allow my traffic without VPN + oifname veth.vpn skuid nipsy tcp sport 8080 accept # qBittorrent + oifname veth.vpn skuid nipsy tcp sport 9696 accept # Prowlarr + oifname veth.vpn skuid nipsy ip daddr 192.168.1.2 tcp dport { 7878, 8686, 8787, 8989 } accept # Prowlarr to { Radarr, Lidarr, Readarr, Sonarr } + oif lo skuid nipsy ip daddr 192.168.1.3 tcp dport 8080 accept # Prowlarr to qBittorrent + + # allow any traffic out through VPN + oifname wg1 accept + + # drop everything else + counter drop + } + + chain forward { + type filter hook forward priority filter; policy drop; + } + } + ''; + }; - environment.systemPackages = with pkgs; [ - angband - assaultcube - bsdgames - bzflag - extremetuxracer - #frozen-bubble - hedgewars - kobodeluxe - lidarr - mailutils - megacmd - moc - nethack - #openttd - prowlarr - qbittorrent-nox - radarr - rdiff-backup - readarr - #scorched3d - signal-desktop - sonarr - superTux - superTuxKart - umoria - vial - warzone2100 - #wine9_22.wineWowPackages.stagingFull - wpa_supplicant - xonotic-sdl - #xpilot-ng + environment.systemPackages = [ + #pkgs.bitcoind + #pkgs.igir + pkgs.lidarr + pkgs.mailutils + pkgs.megacmd + pkgs.prowlarr + pkgs.qbittorrent-nox + pkgs.radarr + pkgs.rdiff-backup + pkgs.readarr + pkgs.sonarr + pkgs.wpa_supplicant ]; imports = [ @@ -115,22 +113,22 @@ ./hardware-configuration.nix ./services.nix ../common/core - ../common/optional/adb.nix - ../common/optional/db.nix + #../common/optional/db.nix ../common/optional/dev.nix - ../common/optional/ebooks.nix + #../common/optional/ebooks.nix ../common/optional/games.nix ../common/optional/google-authenticator.nix ../common/optional/misc.nix ../common/optional/multimedia.nix - ../common/optional/pipewire.nix - ../common/optional/sdr.nix + #../common/optional/pipewire.nix + #../common/optional/sdr.nix ../common/optional/services/chrony.nix ../common/optional/services/openssh.nix - ../common/optional/services/xorg.nix - ../common/optional/sound.nix + #../common/optional/services/xorg.nix + #../common/optional/sound.nix ../common/optional/wdt.nix ../common/optional/zfs.nix + ../common/users/lin ../common/users/nipsy ../common/users/root ]; @@ -138,13 +136,12 @@ networking = { defaultGateway = { address = "192.168.1.1"; - interface = "wlp5s0"; + interface = "enp6s0"; }; - domain = "bitgnome.net"; hostId = "2ae4c89f"; hostName = "arrakis"; interfaces = { - wlp5s0 = { + enp6s0 = { ipv4.addresses = [ { address = "192.168.1.2"; prefixLength = 24; } ]; @@ -152,6 +149,9 @@ }; nameservers = [ "192.168.1.1" ]; nftables.enable = true; + search = [ + "bitgnome.net" + ]; useDHCP = false; wg-quick.interfaces = { wg0 = { @@ -195,6 +195,11 @@ presharedKeyFile = "${config.sops.secrets."wireguard/timetrad_psk".path}"; publicKey = "/lWCEMGRIr3Gl/3GQYuweAKylhH5H2KqamiXeocYFVM="; } + { # fangorn + allowedIPs = [ "10.4.20.9/32" ]; + presharedKeyFile = "${config.sops.secrets."wireguard/fangorn_psk".path}"; + publicKey = "G4oahOfaCR+ecXLGM2ilPYzqX6x8v/6z8VIo2vP2RC4="; + } { # ginaz allowedIPs = [ "10.4.20.254/32" ]; presharedKeyFile = "${config.sops.secrets."wireguard/ginaz_psk".path}"; @@ -230,9 +235,6 @@ ]; }; - services.openssh.settings.X11Forwarding = true; - services.xserver.videoDrivers = [ "nvidia" ]; - sops = { age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; defaultSopsFile = ../secrets/arrakis.yaml; @@ -243,6 +245,7 @@ "ssh_config".path = "/root/.ssh/config"; "wireguard/arrakis_key" = {}; "wireguard/black-sheep_psk" = {}; + "wireguard/fangorn_psk" = {}; "wireguard/ginaz_psk" = {}; "wireguard/homer_psk" = {}; "wireguard/lilnasx_psk" = {}; @@ -285,6 +288,8 @@ after = [ "zfs-import-data.service" ]; description = "Bind NFS exports to ZFS paths"; script = '' + ${pkgs.util-linux}/bin/mount --onlyonce /srv/caladan/downloads || ${pkgs.coreutils}/bin/true + ${pkgs.util-linux}/bin/mount --onlyonce /srv/caladan/www || ${pkgs.coreutils}/bin/true ${pkgs.util-linux}/bin/mount --onlyonce /srv/nfs/keepers || ${pkgs.coreutils}/bin/true ${pkgs.util-linux}/bin/mount --onlyonce /srv/nfs/movies || ${pkgs.coreutils}/bin/true ${pkgs.util-linux}/bin/mount --onlyonce /srv/nfs/tv || ${pkgs.coreutils}/bin/true @@ -293,18 +298,18 @@ }; "nftables-extra" = let rules_script = '' - ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" tcp dport { http, https } counter accept # 80, 443' - ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" udp dport { netbios-ns, netbios-dgm } counter accept # 137, 138' - ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" tcp dport { netbios-ssn, microsoft-ds } counter accept # 139, 445' - ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" tcp dport 2049 counter accept' - ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" udp dport { 2456, 2457 } counter accept # Valheim dedicated server' - ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" udp dport 5121 counter accept # Neverwinter Nights Server' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" tcp dport { http, https } counter accept # 80, 443' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" udp dport { netbios-ns, netbios-dgm } counter accept # 137, 138' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" tcp dport { netbios-ssn, microsoft-ds } counter accept # 139, 445' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" tcp dport 2049 counter accept' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" udp dport { 2456, 2457 } counter accept # Valheim dedicated server' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" udp dport 5121 counter accept # Neverwinter Nights Server' ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "veth.host" tcp dport { 7878, 8080, 8686, 8787, 8989 } counter accept # Radarr, Sabnzb, Lidarr, Sonarr, Readarr' - ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" tcp dport { 7878, 8080, 8686, 8787, 8989 } counter accept # Radarr, Sabnzb, Lidarr, Sonarr, Readarr' - ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" udp dport 15637 counter accept # Enshrouded' - ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" ip saddr 192.168.1.0/24 udp dport { 27031, 27036 } counter accept # Steam Remote Play' - ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" ip saddr 192.168.1.0/24 tcp dport { 27036, 27037 } counter accept # Steam Remote Play' - ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" udp dport 51820 counter accept # WireGuard' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" tcp dport { 7878, 8080, 8686, 8787, 8989 } counter accept # Radarr, Sabnzb, Lidarr, Sonarr, Readarr' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" udp dport 15637 counter accept # Enshrouded' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" ip saddr 192.168.1.0/24 udp dport { 27031, 27036 } counter accept # Steam Remote Play' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" ip saddr 192.168.1.0/24 tcp dport { 27036, 27037 } counter accept # Steam Remote Play' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" udp dport 51820 counter accept # WireGuard' ${pkgs.nftables}/bin/nft -f ${config.sops.secrets."nftables/ssh".path} ''; in { description = "nftables extra firewall rules"; diff --git a/hosts/arrakis/hardware-configuration.nix b/hosts/arrakis/hardware-configuration.nix index c709789..0d24c12 100644 --- a/hosts/arrakis/hardware-configuration.nix +++ b/hosts/arrakis/hardware-configuration.nix @@ -21,6 +21,24 @@ MOZ_DISABLE_RDD_SANDBOX = "1"; }; + fileSystems."/srv/caladan/downloads" = { + device = "/data/home/nipsy/downloads"; + fsType = "none"; + options = [ + "bind" + "noauto" + ]; + }; + + fileSystems."/srv/caladan/www" = { + device = "/data/home/nipsy/www"; + fsType = "none"; + options = [ + "bind" + "noauto" + ]; + }; + fileSystems."/srv/nfs/keepers" = { device = "/data/home/nipsy/downloads/keepers"; fsType = "none"; @@ -53,8 +71,8 @@ graphics = { enable = true; - extraPackages = with pkgs; [ nvidia-vaapi-driver ]; - extraPackages32 = with pkgs.pkgsi686Linux; [ nvidia-vaapi-driver ]; + extraPackages = [ pkgs.nvidia-vaapi-driver ]; + extraPackages32 = [ pkgs.pkgsi686Linux.nvidia-vaapi-driver ]; }; nvidia = let @@ -66,19 +84,5 @@ open = true; package = if finalPkg == betaPkg then betaPkg else finalPkg; }; - - printers = let - brother = "Brother_HL-L2340D"; - ip = "192.168.1.20"; - in { - ensureDefaultPrinter = brother; - ensurePrinters = [{ - name = brother; - deviceUri = "ipp://${ip}/ipp"; - model = "everywhere"; - description = lib.replaceStrings [ "_" ] [ " " ] brother; - location = "home"; - }]; - }; }; } diff --git a/hosts/arrakis/services.nix b/hosts/arrakis/services.nix index 9c283aa..7ed2be7 100644 --- a/hosts/arrakis/services.nix +++ b/hosts/arrakis/services.nix @@ -5,7 +5,7 @@ directory = * ''; - networking.firewall.allowedTCPPorts = [ 2049 ]; + networking.firewall.allowedTCPPorts = [ 2049 8333 ]; security.acme = { acceptTerms = true; @@ -22,6 +22,7 @@ cgit = { "arrakis.bitgnome.net" = { enable = true; + gitHttpBackend.checkExportOkFiles = false; nginx.location = "/nipsy/git/"; scanPath = "/home/nipsy/www/git"; settings = { @@ -61,11 +62,26 @@ #package = pkgs.master.jellyfin; }; + minidlna = { + enable = true; + openFirewall = true; + settings = { + inotify = "yes"; + media_dir = [ + "A,/data/home/nipsy/www/media/music" + ]; + }; + }; + nfs = { server = { enable = true; exports = '' - /srv/nfs 192.168.1.0/24(ro,all_squash,insecure,crossmnt,subtree_check,fsid=0) + /srv/caladan/downloads 192.168.1.4/32(rw,root_squash,fsid=1) + /srv/caladan/www 192.168.1.4/32(rw,root_squash,fsid=2) + /srv/nfs/keepers 192.168.1.0/24(ro,all_squash,insecure,fsid=3) + /srv/nfs/movies 192.168.1.0/24(ro,all_squash,insecure,fsid=4) + /srv/nfs/tv 192.168.1.0/24(ro,all_squash,insecure,fsid=5) ''; }; settings = { @@ -81,8 +97,6 @@ nginx = let sys = lib.nixosSystem { - system = "x86_64-linux"; - modules = [ ({ config, pkgs, lib, modulesPath, ... }: { imports = [ @@ -91,10 +105,10 @@ ]; config = { - environment.systemPackages = with pkgs; [ - git - iperf - rsync + environment.systemPackages = [ + pkgs.git + pkgs.iperf + pkgs.rsync ]; nix.settings.experimental-features = [ "nix-command" "flakes" ]; @@ -104,8 +118,8 @@ openFirewall = true; settings = { - PasswordAuthentication = false; KbdInteractiveAuthentication = false; + PasswordAuthentication = false; }; }; @@ -115,6 +129,7 @@ }; }; }) + { nixpkgs.hostPlatform = "x86_64-linux"; } ]; }; @@ -212,10 +227,19 @@ }; "/nipsy" = { + tryFiles = "$uri $uri/ =404"; + }; + + "/nipsy/iso" = { + extraConfig = '' + autoindex on; + ''; + }; + + "/nipsy/media/misc" = { extraConfig = '' autoindex on; ''; - tryFiles = "$uri $uri/ =404"; }; }; @@ -224,17 +248,26 @@ }; }; + openssh.settings = { + StreamLocalBindUnlink = true; + }; + postfix = let my_email = "nipsy@bitgnome.net"; in { enable = true; extraAliases = '' nipsy: ${my_email} ''; - hostname = "${config.networking.hostName}.${config.networking.domain}"; - relayHost = "mail.bitgnome.net"; - relayPort = 587; rootAlias = my_email; - sslCert = "/var/lib/acme/arrakis.bitgnome.net/fullchain.pem"; - sslKey = "/var/lib/acme/arrakis.bitgnome.net/key.pem"; + settings.main = { + myhostname = "arrakis.bitgnome.net"; + relayhost = [ + "[mail.bitgnome.net]:587" + ]; + smtpd_tls_chain_files = [ + "/var/lib/acme/arrakis.bitgnome.net/key.pem" + "/var/lib/acme/arrakis.bitgnome.net/fullchain.pem" + ]; + }; }; printing.enable = true; @@ -299,32 +332,34 @@ options = "-a -o on -S on -s (S/../.././02|L/../../5/03) -m ${my_email_addr}"; } { - device = "/dev/disk/by-id/ata-WDC_WD80EFAX-68KNBN0_VAHUK5EL"; + device = "/dev/disk/by-id/ata-WDC_WUH722020BLE6L4_8LKLLAAE"; options = "-a -o on -S on -s (S/../.././02|L/../../5/03) -m ${my_email_addr}"; } { - device = "/dev/disk/by-id/ata-WDC_WD80EFAX-68KNBN0_VAHV5JEL"; + device = "/dev/disk/by-id/ata-WDC_WUH722020BLE6L4_8LK84H9V"; options = "-a -o on -S on -s (S/../.././02|L/../../5/03) -m ${my_email_addr}"; } { - device = "/dev/disk/by-id/ata-WDC_WD80EFAX-68KNBN0_VAHUZ42L"; + device = "/dev/disk/by-id/ata-WDC_WUH722020BLE6L4_2LGKG71F"; options = "-a -o on -S on -s (S/../.././02|L/../../5/03) -m ${my_email_addr}"; } { - device = "/dev/disk/by-id/ata-WDC_WD80EFAX-68KNBN0_VAHV3BSL"; + device = "/dev/disk/by-id/ata-WDC_WUH722020BLE6L4_9AG00UKJ"; options = "-a -o on -S on -s (S/../.././02|L/../../5/03) -m ${my_email_addr}"; } { - device = "/dev/disk/by-id/ata-WDC_WD80EFAX-68KNBN0_VAHV338L"; + device = "/dev/disk/by-id/ata-WDC_WUH722020BLE6L4_8LG806ZA"; options = "-a -o on -S on -s (S/../.././02|L/../../5/03) -m ${my_email_addr}"; } ]; }; - udev.packages = with pkgs; [ - vial + udev.packages = [ + pkgs.vial ]; + xserver.videoDrivers = [ "nvidia" ]; + }; #systemd.services.nginx.serviceConfig.ProtectHome = lib.mkForce false; diff --git a/hosts/caladan/default.nix b/hosts/caladan/default.nix new file mode 100644 index 0000000..48b91ed --- /dev/null +++ b/hosts/caladan/default.nix @@ -0,0 +1,236 @@ +{ config, inputs, outputs, pkgs, ... }: { + boot = { + initrd.kernelModules = [ "amdgpu" "zfs" ]; + kernel.sysctl = { + "kernel.hostname" = "caladan.bitgnome.net"; + "kernel.split_lock_mitigate" = 0; # https://lwn.net/Articles/911219/ + #"net.ipv4.tcp_congestion_control" = "reno"; + }; + kernelPackages = pkgs.linuxPackages_6_18; + #kernelParams = [ + # "amdgpu.ppfeaturemask=0xfffd3fff" + # "split_lock_detect=off" + #]; + loader = { + efi = { + canTouchEfiVariables = true; + efiSysMountPoint = "/efiboot/efi1"; + }; + systemd-boot = { + enable = true; + extraInstallCommands = '' + ${pkgs.rsync}/bin/rsync -av --delete /efiboot/efi1/ /efiboot/efi2 + ''; + memtest86.enable = true; + }; + timeout = 3; + }; + supportedFilesystems = [ "zfs" ]; + zfs = { + forceImportRoot = false; + package = pkgs.zfs_2_4; + }; + }; + + environment.systemPackages = [ + pkgs.android-tools + pkgs.angband + pkgs.assaultcube + pkgs.beyond-all-reason + pkgs.bsdgames + pkgs.bzflag + pkgs.extremetuxracer + pkgs.fastfetch + #pkgs.frozen-bubble + pkgs.hedgewars + #pkgs.igir + pkgs.kobodeluxe + pkgs.linux-firmware + pkgs.linuxKernel.packages.linux_6_18.turbostat + pkgs.lrzsz + pkgs.mailutils + pkgs.minicom + #pkgs.moc + pkgs.ncftp + pkgs.nethack + pkgs.openttd + pkgs.piper + #pkgs.qbittorrent-nox + pkgs.rdiff-backup + pkgs.scorched3d + pkgs.setserial + pkgs.signal-desktop + #pkgs.signalbackup-tools + pkgs.starsector + #pkgs.master.supertux + pkgs.supertuxkart + pkgs.tio + pkgs.umoria + pkgs.vial + pkgs.vice + #pkgs.warzone2100 + pkgs.wayback-x11 + pkgs.wpa_supplicant + pkgs.xonotic-sdl + #pkgs.master.xpilot-ng + ]; + + imports = [ + ./disks.nix + ./hardware-configuration.nix + ./services.nix + ../common/core + ../common/optional/db.nix + ../common/optional/dev.nix + ../common/optional/ebooks.nix + ../common/optional/games.nix + ../common/optional/google-authenticator.nix + ../common/optional/gui.nix + ../common/optional/misc.nix + ../common/optional/multimedia.nix + ../common/optional/pipewire.nix + ../common/optional/printer.nix + ../common/optional/sdr.nix + ../common/optional/services/chrony.nix + ../common/optional/services/openssh.nix + #../common/optional/services/wayland.nix + ../common/optional/services/xorg.nix + ../common/optional/sound.nix + ../common/optional/wdt.nix + ../common/optional/zfs.nix + ../common/users/nipsy + ../common/users/root + ]; + + networking = { + defaultGateway = { + address = "192.168.1.1"; + interface = "enp16s0"; + }; + hostId = "8981d1e5"; + hostName = "caladan"; + interfaces = { + enp16s0 = { + ipv4.addresses = [ + { address = "192.168.1.4"; prefixLength = 24; } + ]; + }; + }; + nameservers = [ "192.168.1.1" ]; + nftables.enable = true; + search = [ + "bitgnome.net" + ]; + useDHCP = false; + #wireless = { + # enable = true; + # networks = { + # "Crystal Palace" = { + # pskRaw = "ext:psk_crystal_palace"; + # }; + # }; + # secretsFile = "${config.sops.secrets."wpa_supplicant".path}"; + #}; + }; + + nixpkgs = { + config = { + allowUnfree = true; + }; + hostPlatform = "x86_64-linux"; + overlays = [ + #inputs.nvidia-patch.overlays.default + outputs.overlays.additions + outputs.overlays.modifications + outputs.overlays.master-packages + #outputs.overlays.my-nixpkgs-packages + #outputs.overlays.pr495610-packages + outputs.overlays.stable-packages + #outputs.overlays.staging-packages + #outputs.overlays.wine9_22-packages + ]; + }; + + programs = { + nix-ld = { + enable = true; + libraries = [ + pkgs.alsa-lib + pkgs.at-spi2-core + pkgs.cairo + pkgs.cups + pkgs.dbus + pkgs.fontconfig + pkgs.freetype + pkgs.glib + pkgs.libgbm + pkgs.libx11 + pkgs.libxcb + pkgs.libxext + pkgs.libxfixes + pkgs.libxkbcommon + pkgs.libxrandr + pkgs.nspr + pkgs.nss + pkgs.pango + pkgs.vulkan-loader + pkgs.libxcomposite + pkgs.libxdamage + ]; + }; + }; + + services.openssh.settings.X11Forwarding = true; + services.xserver.videoDrivers = [ "amdgpu" ]; + + sops = { + age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + defaultSopsFile = ../secrets/caladan.yaml; + + secrets = { + "nftables/ssh" = {}; + "nix-access-token-github" = {}; + "ssh_config".path = "/root/.ssh/config"; + #"wpa_supplicant" = { + # group = config.users.users.wpa_supplicant.group; + # owner = config.users.users.wpa_supplicant.name; + #}; + }; + }; + + system.stateVersion = "23.11"; + + systemd.services = { + + "nftables-extra" = let rules_script = '' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" udp dport { 2456, 2457 } counter accept # Valheim dedicated server' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" udp dport 5121 counter accept # Neverwinter Nights Server' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" udp dport 15637 counter accept # Enshrouded' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" ip saddr 192.168.1.0/24 udp dport { 27031, 27036 } counter accept # Steam Remote Play' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" ip saddr 192.168.1.0/24 tcp dport { 27036, 27037 } counter accept # Steam Remote Play' + ${pkgs.nftables}/bin/nft -f ${config.sops.secrets."nftables/ssh".path} + ''; in { + description = "nftables extra firewall rules"; + reload = rules_script; + script = rules_script; + serviceConfig = { + RemainAfterExit = true; + Type = "oneshot"; + }; + unitConfig = { + ConditionPathExists = [ + config.sops.secrets."nftables/ssh".path + ]; + ReloadPropagatedFrom = "nftables.service"; + }; + wantedBy = [ "multi-user.target" ]; + after = [ "nftables.service" ]; + partOf = [ "nftables.service" ]; + }; + + }; + + users.users.root.openssh.authorizedKeys.keys = [ + (builtins.readFile ../common/users/nipsy/keys/id_att.pub) + ]; +} diff --git a/hosts/caladan/disks.nix b/hosts/caladan/disks.nix new file mode 100644 index 0000000..8961361 --- /dev/null +++ b/hosts/caladan/disks.nix @@ -0,0 +1,132 @@ +{ + disko.devices = { + disk = { + nvme0n1 = { + type = "disk"; + device = "/dev/disk/by-id/nvme-CT4000P3PSSD8_2512E9B12C42"; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "1G"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/efiboot/efi1"; + mountOptions = [ "X-mount.mkdir" "umask=0077" ]; + extraArgs = [ "-nESP1" ]; + }; + }; + swap = { + size = "32G"; + type = "8200"; + content = { + type = "swap"; + extraArgs = [ "-L swap1" ]; + }; + }; + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "rpool"; + }; + }; + }; + }; + }; + nvme1n1 = { + type = "disk"; + device = "/dev/disk/by-id/nvme-CT4000P3PSSD8_2512E9B12C44"; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "1G"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/efiboot/efi2"; + mountOptions = [ "X-mount.mkdir" "umask=0077" ]; + extraArgs = [ "-nESP2" ]; + }; + }; + swap = { + size = "32G"; + type = "8200"; + content = { + type = "swap"; + extraArgs = [ "-L swap2" ]; + }; + }; + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "rpool"; + }; + }; + }; + }; + }; + }; + zpool = { + rpool = { + mode = "mirror"; + type = "zpool"; + rootFsOptions = { + acltype = "posixacl"; + canmount = "off"; + compression = "on"; + dnodesize = "auto"; + relatime = "on"; + xattr = "sa"; + }; + options = { + ashift = "12"; + autotrim = "on"; + }; + datasets = { + "local" = { + type = "zfs_fs"; + options.mountpoint = "none"; + }; + "local/root" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/"; + }; + "local/nix" = { + type = "zfs_fs"; + options = { + atime = "off"; + mountpoint = "legacy"; + }; + mountpoint = "/nix"; + }; + "user" = { + type = "zfs_fs"; + options.mountpoint = "none"; + }; + "user/home" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/home"; + }; + "user/home/root" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/root"; + }; + "user/home/nipsy" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/home/nipsy"; + }; + }; + }; + }; + }; +} diff --git a/hosts/caladan/hardware-configuration.nix b/hosts/caladan/hardware-configuration.nix new file mode 100644 index 0000000..645d43e --- /dev/null +++ b/hosts/caladan/hardware-configuration.nix @@ -0,0 +1,65 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, inputs, lib, outputs, pkgs, modulesPath, ... }: + +{ + imports = + [ #(modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot = { + extraModulePackages = [ ]; + initrd.availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "sd_mod" ]; + initrd.kernelModules = [ ]; + kernelModules = [ "kvm-amd" "ntsync" ]; + #zfs.extraPools = [ "data" ]; + }; + + environment.sessionVariables = { + #LIBVA_DRIVER_NAME = "nvidia"; + MOZ_DISABLE_RDD_SANDBOX = "1"; + }; + + fileSystems = { + "/media" = { + device = "/dev/sda1"; + fsType = "auto"; + options = [ + "user,noauto" + ]; + }; + + "/mnt/downloads" = { + device = "192.168.1.2:/srv/caladan/downloads"; + fsType = "nfs"; + options = [ + "nfsvers=4.2" + ]; + }; + + "/mnt/www" = { + device = "192.168.1.2:/srv/caladan/www"; + fsType = "nfs"; + options = [ + "nfsvers=4.2" + ]; + }; + }; + + + hardware = { + amdgpu.overdrive.enable = true; + + bluetooth.enable = true; + + graphics = { + enable = true; + enable32Bit = true; + #extraPackages = [ pkgs.nvidia-vaapi-driver ]; + #extraPackages32 = [ pkgs.pkgsi686Linux.nvidia-vaapi-driver ]; + #package = pkgs.master.mesa; + #package32 = pkgs.master.driversi686Linux.mesa; + }; + }; +} diff --git a/hosts/caladan/services.nix b/hosts/caladan/services.nix new file mode 100644 index 0000000..79c5b97 --- /dev/null +++ b/hosts/caladan/services.nix @@ -0,0 +1,41 @@ +{ config, lib, pkgs, ... }: { + + services = { + + clamav.updater.enable = true; + + cron.enable = true; + + dictd.enable = true; + + iperf3.openFirewall = true; + + lact.enable = true; + + nfs.server.enable = true; + + printing.enable = true; + + ratbagd.enable = true; + + #smartd = let my_email_addr = "nipsy@bitgnome.net"; in { + # enable = true; + # devices = [ + # { + # device = "/dev/disk/by-id/nvme-WD_BLACK_SN850X_4000GB_23162P800005"; + # options = "-a -o on -S on -m ${my_email_addr}"; + # } + # { + # device = "/dev/disk/by-id/nvme-WD_BLACK_SN850X_4000GB_23162P800014"; + # options = "-a -o on -S on -m ${my_email_addr}"; + # } + # ]; + #}; + + udev.packages = [ + pkgs.vial + ]; + + }; + +} diff --git a/hosts/common/core/default.nix b/hosts/common/core/default.nix index 771fa0d..05ecde3 100644 --- a/hosts/common/core/default.nix +++ b/hosts/common/core/default.nix @@ -9,99 +9,104 @@ documentation.dev.enable = true; documentation.man.enable = true; - environment.systemPackages = with pkgs; [ - acl - age - bash - bc - bind - binutils - bpftools - bpftrace - bzip2 - colordiff - conntrack-tools - coreutils - cpio - curl - diceware - diffutils - dig - dmidecode - elinks - ethtool - file - findutils - fping - git - gnugrep - gnupatch - gnused - gnutar - gptfdisk - gzip - htop - iproute2 - iputils - jq - less - lshw - lsof - lvm2 - lynx - moreutils - nano - ncurses - netcat-openbsd - nettools - nix-index - nmap - ntfs3g - nvd - oath-toolkit - openldap - openssl - p7zip - parted - patchelf - pciutils - procps - progress - psmisc - pv - pwgen - qemu_kvm - recode - rsync - sg3_utils - smartmontools - socat - sops - sqlite - ssh-to-age - ssh-to-pgp - stoken - strace - sysstat - tcpdump - tftp-hpa - traceroute - tree - tshark - unixtools.xxd - unrar - unzip - usbutils - util-linux - vim - wdiff - wget - whois - wireguard-tools - xkcdpass - xz - zip - zstd + environment.systemPackages = [ + pkgs.acl + pkgs.age + pkgs.bash + pkgs.bc + pkgs.bind + pkgs.binutils + pkgs.bpftools + #pkgs.bpftrace + pkgs.bzip2 + pkgs.colordiff + pkgs.conntrack-tools + pkgs.coreutils + pkgs.cpio + pkgs.csvkit + pkgs.curl + pkgs.diceware + pkgs.diffutils + pkgs.dig + pkgs.dmidecode + #pkgs.elinks + pkgs.ethtool + pkgs.exfatprogs + pkgs.file + pkgs.findutils + pkgs.fping + pkgs.git + pkgs.gnugrep + pkgs.gnupatch + pkgs.gnused + pkgs.gnutar + pkgs.gptfdisk + pkgs.gzip + pkgs.htop + pkgs.hydra-check + pkgs.iproute2 + pkgs.iputils + pkgs.jq + pkgs.less + pkgs.lshw + pkgs.lsof + pkgs.lvm2 + pkgs.lynx + pkgs.moreutils + pkgs.nano + pkgs.ncurses + pkgs.netcat-openbsd + pkgs.nettools + pkgs.nix-index + pkgs.nmap + pkgs.ntfs3g + pkgs.nvd + pkgs.oath-toolkit + pkgs.openldap + pkgs.openssl + pkgs.p7zip + pkgs.parted + pkgs.patchelf + pkgs.pciutils + pkgs.perl5Packages.ArchiveZip + pkgs.procps + pkgs.progress + pkgs.psmisc + pkgs.pv + pkgs.pwgen + pkgs.qemu_kvm + pkgs.recode + pkgs.rsync + pkgs.sg3_utils + pkgs.smartmontools + pkgs.socat + pkgs.sops + pkgs.sqlite + pkgs.ssh-to-age + pkgs.ssh-to-pgp + pkgs.stoken + pkgs.strace + pkgs.sysstat + pkgs.tcpdump + pkgs.tftp-hpa + pkgs.traceroute + pkgs.tree + pkgs.master.tshark + pkgs.unixtools.xxd + pkgs.unrar + pkgs.unzip + pkgs.usbutils + pkgs.util-linux + pkgs.vim + pkgs.w3m + pkgs.wdiff + pkgs.wget + pkgs.whois + pkgs.wireguard-tools + pkgs.xkcdpass + pkgs.xz + pkgs.zip + pkgs.zstd ]; hardware.enableRedistributableFirmware = true; @@ -113,5 +118,5 @@ programs.tmux.enable = true; programs.zsh.enable = true; - services.dbus.implementation = "broker"; + #services.dbus.implementation = "broker"; } diff --git a/hosts/common/core/nix.nix b/hosts/common/core/nix.nix index 14252d8..7370241 100644 --- a/hosts/common/core/nix.nix +++ b/hosts/common/core/nix.nix @@ -1,29 +1,24 @@ { inputs, lib, ... }: - -let - build-tmp = "/var/tmp"; -in { - +{ nix = { + gc = { + automatic = true; + dates = "daily"; + options = "--delete-older-than 7d"; + randomizedDelaySec = "5min"; + }; + #package = pkgs.nixVersions.latest; settings = { auto-optimise-store = lib.mkDefault true; - build-dir = build-tmp; experimental-features = [ "nix-command" "flakes" ]; trusted-users = [ "root" "@wheel" ]; warn-dirty = false; }; - - # Garbage Collection - gc = { - automatic = true; - dates = "weekly"; - options = "--delete-older-than 30d"; - persistent = true; - randomizedDelaySec = "14m"; - }; - }; - systemd.services."nix-daemon".environment.TMPDIR = build-tmp; - + systemd.user.services."nix-gc" = { + description = "Garbage collection for user profiles"; + script = "/run/current-system/sw/bin/nix-collect-garbage --delete-older-than 7d"; + startAt = "daily"; + }; } diff --git a/hosts/common/core/shells.nix b/hosts/common/core/shells.nix index 0469b8c..f02ec63 100644 --- a/hosts/common/core/shells.nix +++ b/hosts/common/core/shells.nix @@ -1,8 +1,7 @@ { pkgs, ... }: { - environment.systemPackages = builtins.attrValues { - inherit (pkgs) - bash - zsh; - }; + environment.systemPackages = [ + pkgs.bash + pkgs.zsh + ]; } diff --git a/hosts/common/optional/adb.nix b/hosts/common/optional/adb.nix deleted file mode 100644 index 435add8..0000000 --- a/hosts/common/optional/adb.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - programs.adb.enable = true; -} diff --git a/hosts/common/optional/db.nix b/hosts/common/optional/db.nix index af6766e..d4410bd 100644 --- a/hosts/common/optional/db.nix +++ b/hosts/common/optional/db.nix @@ -1,8 +1,7 @@ { pkgs, ... }: { - environment.systemPackages = builtins.attrValues { - inherit (pkgs) - mariadb - postgresql; - }; + environment.systemPackages = [ + pkgs.mariadb + pkgs.postgresql + ]; } diff --git a/hosts/common/optional/dev.nix b/hosts/common/optional/dev.nix index c25ab08..8238424 100644 --- a/hosts/common/optional/dev.nix +++ b/hosts/common/optional/dev.nix @@ -1,20 +1,19 @@ { pkgs, ... }: { - environment.systemPackages = builtins.attrValues { - inherit (pkgs) - autoconf - automake - cargo - cmake - gcc - go - nasm - perl - pkg-config - python3 - rustc - virtualenv - yasm - zig; - }; + environment.systemPackages = [ + pkgs.autoconf + pkgs.automake + pkgs.cargo + pkgs.cmake + pkgs.gcc + pkgs.go + pkgs.nasm + pkgs.perl + pkgs.pkg-config + pkgs.python3 + pkgs.rustc + pkgs.virtualenv + pkgs.yasm + pkgs.zig + ]; } diff --git a/hosts/common/optional/ebooks.nix b/hosts/common/optional/ebooks.nix index e25a76d..1805b7a 100644 --- a/hosts/common/optional/ebooks.nix +++ b/hosts/common/optional/ebooks.nix @@ -1,8 +1,8 @@ { pkgs, ... }: { - environment.systemPackages = with pkgs; [ - libgourou - calibre + environment.systemPackages = [ + pkgs.libgourou + pkgs.calibre ]; services.udisks2.enable = true; diff --git a/hosts/common/optional/games.nix b/hosts/common/optional/games.nix index 39a07cd..8158c34 100644 --- a/hosts/common/optional/games.nix +++ b/hosts/common/optional/games.nix @@ -1,23 +1,12 @@ { pkgs, ... }: { - #environment.systemPackages = builtins.attrValues { - # inherit (pkgs) - # godot_4 - # mame - # mednafen - # mednaffe - # winetricks; - #}; - - environment.systemPackages = with pkgs; [ - godot_4 - mame - mame.tools - mednafen - mednaffe - protontricks - winetricks - wineWowPackages.stagingFull + environment.systemPackages = [ + pkgs.godot + pkgs.mame + pkgs.mame.tools + pkgs.mednafen + pkgs.mednaffe + pkgs.protontricks ]; programs.steam = { diff --git a/hosts/common/optional/google-authenticator.nix b/hosts/common/optional/google-authenticator.nix index 09079d8..87e43fd 100644 --- a/hosts/common/optional/google-authenticator.nix +++ b/hosts/common/optional/google-authenticator.nix @@ -1,9 +1,11 @@ { pkgs, ... }: { - environment.systemPackages = builtins.attrValues { - inherit (pkgs) - #other - google-authenticator; + environment = { + etc."pam.d/xscreensaver".source = "/etc/static/pam.d/xlock"; + systemPackages = [ + #pkgs.other + pkgs.google-authenticator + ]; }; security.pam.services = { diff --git a/hosts/common/optional/gui.nix b/hosts/common/optional/gui.nix new file mode 100644 index 0000000..1ad0f20 --- /dev/null +++ b/hosts/common/optional/gui.nix @@ -0,0 +1,76 @@ +{ pkgs, ... }: +{ + environment.systemPackages = [ + pkgs.chafa + pkgs.evince + pkgs.feh + pkgs.freerdp + pkgs.gcr + #pkgs.geeqie + pkgs.ghostty + pkgs.gimp3 + #pkgs.gimp-with-plugins + pkgs.google-chrome + pkgs.gv + pkgs.inkscape + pkgs.kdePackages.okular + pkgs.libreoffice + pkgs.libva-utils + pkgs.mako + pkgs.mesa-demos + pkgs.polkit_gnome + pkgs.rdesktop + pkgs.read-edid + pkgs.slurp + pkgs.st + pkgs.swayimg + pkgs.sxiv + pkgs.vdpauinfo + pkgs.vulkan-tools + pkgs.master.wireshark + pkgs.xclip + pkgs.xdotool + pkgs.appres + pkgs.editres + pkgs.xdpyinfo + pkgs.xev + pkgs.xsnow + pkgs.xterm + ]; + + programs = { + dconf.enable = true; + + firefox = { + enable = true; + #package = pkgs.master.firefox; + }; + + #gamemode.enable = true; + #steam.gamescopeSession.enable = true; + }; + + security.pam.loginLimits = [ + { domain = "@users"; item = "rtprio"; type = "-"; value = 1; } + ]; + + services = { + blueman.enable = true; + libinput.enable = true; + printing.enable = true; + }; + + systemd.user.services.polkit-gnome-authentication-agent-1 = { + after = [ "graphical-session.target" ]; + description = "polkit-gnome-authentication-agent-1"; + serviceConfig = { + Type = "simple"; + ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1"; + Restart = "on-failure"; + RestartSec = 1; + TimeoutStopSec = 10; + }; + wantedBy = [ "graphical-session.target" ]; + wants = [ "graphical-session.target" ]; + }; +} diff --git a/hosts/common/optional/misc.nix b/hosts/common/optional/misc.nix index 492d13f..a784324 100644 --- a/hosts/common/optional/misc.nix +++ b/hosts/common/optional/misc.nix @@ -1,37 +1,39 @@ { pkgs, ... }: { - environment.systemPackages = with pkgs; [ - ansible - aspell - aspellDicts.en - aspellDicts.en-computers - aspellDicts.en-science - dict - encfs - enscript - expect - fio - fortune - ghostscript - imagemagick - inxi - iotop - ipcalc - iperf - mutt - poppler_utils - powertop - qrencode - radeontop - speedtest-cli - sshfs - (weechat.override { + environment.systemPackages = [ + pkgs.amdgpu_top + pkgs.ansible + pkgs.aspell + pkgs.aspellDicts.en + pkgs.aspellDicts.en-computers + pkgs.aspellDicts.en-science + pkgs.dict + pkgs.encfs + pkgs.enscript + pkgs.expect + pkgs.fio + pkgs.fortune + pkgs.ghostscript + pkgs.imagemagick + pkgs.inxi + pkgs.iotop + pkgs.ipcalc + pkgs.iperf + pkgs.mutt + pkgs.perf + pkgs.poppler-utils + pkgs.powertop + pkgs.qrencode + pkgs.radeontop + pkgs.speedtest-cli + pkgs.sshfs + (pkgs.weechat.override { configure = { availablePlugins, ...}: { plugins = with availablePlugins; [ (perl.withPackages(p: [ p.PodParser ])) ] ++ [ python ]; - scripts = with pkgs.weechatScripts; [ - wee-slack + scripts = [ + pkgs.weechatScripts.wee-slack ]; }; }) diff --git a/hosts/common/optional/multimedia.nix b/hosts/common/optional/multimedia.nix index f519992..8e820b1 100644 --- a/hosts/common/optional/multimedia.nix +++ b/hosts/common/optional/multimedia.nix @@ -1,13 +1,13 @@ { pkgs, ... }: { - #environment.systemPackages = builtins.attrValues { - # inherit (pkgs) - environment.systemPackages = with pkgs; [ - ffmpeg - flac - lame - mkvtoolnix-cli - x265#; + environment.systemPackages = [ + pkgs.ffmpeg + pkgs.flac + pkgs.lame + pkgs.mangohud + pkgs.mpv + pkgs.mkvtoolnix-cli + pkgs.vlc + pkgs.x265 ]; - #}; } diff --git a/hosts/common/optional/pipewire.nix b/hosts/common/optional/pipewire.nix index da69705..f87dea4 100644 --- a/hosts/common/optional/pipewire.nix +++ b/hosts/common/optional/pipewire.nix @@ -1,11 +1,11 @@ { pkgs, ... }: { - environment.systemPackages = with pkgs; [ - easyeffects - pamixer - pavucontrol - master.pwvucontrol - qpwgraph + environment.systemPackages = [ + pkgs.easyeffects + #pkgs.pamixer + pkgs.pavucontrol + pkgs.pwvucontrol + pkgs.qpwgraph ]; security.pam.loginLimits = [ @@ -22,11 +22,11 @@ alsa.support32Bit = true; enable = true; jack.enable = true; - package = pkgs.master.pipewire; + #package = pkgs.master.pipewire; pulse.enable = true; wireplumber = { enable = true; - package = pkgs.master.wireplumber; + #package = pkgs.master.wireplumber; }; # use the example session manager (no others are packaged yet so this is enabled by default, diff --git a/hosts/common/optional/printer.nix b/hosts/common/optional/printer.nix new file mode 100644 index 0000000..32e4c76 --- /dev/null +++ b/hosts/common/optional/printer.nix @@ -0,0 +1,22 @@ +{ lib, ... }: +{ + hardware.printers = let + brother = "Brother_HL-L2340D"; + ip = "192.168.1.20"; + in { + ensureDefaultPrinter = brother; + ensurePrinters = [{ + name = brother; + deviceUri = "ipp://${ip}/ipp"; + model = "everywhere"; + description = lib.replaceStrings [ "_" ] [ " " ] brother; + location = "home"; + }]; + }; + + systemd.services."ensure-printers" = { + after = [ "network-online.target" ]; + preStart = "sleep 5"; + wants = [ "network-online.target" ]; + }; +} diff --git a/hosts/common/optional/sdr.nix b/hosts/common/optional/sdr.nix index 8e1e5d2..3ac2c3c 100644 --- a/hosts/common/optional/sdr.nix +++ b/hosts/common/optional/sdr.nix @@ -1,10 +1,10 @@ { pkgs, ... }: { - environment.systemPackages = builtins.attrValues { - inherit (pkgs) - fldigi - sdrconnect; - }; + environment.systemPackages = [ + pkgs.chirp + pkgs.fldigi + pkgs.sdrconnect + ]; services.udev.extraRules = '' SUBSYSTEM=="usb",ENV{DEVTYPE}=="usb_device",ATTRS{idVendor}=="1df7",ATTRS{idProduct}=="2500",MODE:="0666" diff --git a/hosts/common/optional/services/dhcp.nix b/hosts/common/optional/services/dhcp.nix index 3eed193..439429e 100644 --- a/hosts/common/optional/services/dhcp.nix +++ b/hosts/common/optional/services/dhcp.nix @@ -7,10 +7,10 @@ "tftp/undionly.kpxe".source = "${pkgs.ipxe}/undionly.kpxe"; }; - systemPackages = with pkgs; [ - ipxe - tftp-hpa - wol + systemPackages = [ + pkgs.ipxe + pkgs.tftp-hpa + pkgs.wol ]; }; @@ -99,11 +99,14 @@ ]; reservations = [ + ({ hw-address = "3c:78:95:e0:fc:3a"; ip-address = "192.168.1.10"; }) # mister ({ hw-address = "8c:8c:aa:4e:e9:8c"; ip-address = "192.168.1.11"; }) # jupiter ({ hw-address = "38:f3:ab:59:06:e0"; ip-address = "192.168.1.12"; }) # saturn ({ hw-address = "8c:8c:aa:4e:fc:aa"; ip-address = "192.168.1.13"; }) # uranus ({ hw-address = "38:f3:ab:59:08:10"; ip-address = "192.168.1.14"; }) # neptune + ({ hw-address = "e8:8d:a6:e2:2a:85"; ip-address = "192.168.1.16"; }) # deck ({ hw-address = "7c:b5:66:65:e2:9e"; ip-address = "192.168.1.17"; }) # ginaz + ({ hw-address = "9c:13:9e:ed:f4:e8"; ip-address = "192.168.1.18"; }) # loadstar ({ hw-address = "00:05:cd:72:92:b0"; ip-address = "192.168.1.19"; }) # onkyo ({ hw-address = "74:29:af:6f:20:ed"; ip-address = "192.168.1.20"; }) # brother ({ hw-address = "ec:08:6b:6a:4a:ac"; ip-address = "192.168.1.252"; }) # ac2600 diff --git a/hosts/common/optional/services/nolid.nix b/hosts/common/optional/services/nolid.nix index db868fe..7346c26 100644 --- a/hosts/common/optional/services/nolid.nix +++ b/hosts/common/optional/services/nolid.nix @@ -1,7 +1,7 @@ { - services.logind = { - lidSwitch = "ignore"; - lidSwitchDocked = "ignore"; - lidSwitchExternalPower = "ignore"; + services.logind.settings.Login = { + HandleLidSwitch = "ignore"; + HandleLidSwitchDocked = "ignore"; + HandleLidSwitchExternalPower = "ignore"; }; } diff --git a/hosts/common/optional/services/nsd/bitgnome.net.zone b/hosts/common/optional/services/nsd/bitgnome.net.zone index 038a860..226b95f 100644 --- a/hosts/common/optional/services/nsd/bitgnome.net.zone +++ b/hosts/common/optional/services/nsd/bitgnome.net.zone @@ -3,7 +3,7 @@ $ORIGIN bitgnome.net. $TTL 1h @ in soa ns.bitgnome.net. nipsy.bitgnome.net. ( - 2025033101 ; serial + 2026050201 ; serial 1d ; refresh 2h ; retry 4w ; expire @@ -29,7 +29,7 @@ $TTL 1h ; name servers ns in a 5.161.149.85 ns in aaaa 2a01:4ff:f0:e164::1 -ns2 in a 67.5.119.0 +ns2 in a 174.31.5.218 ; srv records _xmpp-client._tcp 5m in srv 0 0 5222 bitgnome.net. @@ -67,10 +67,10 @@ mta-sts 5m in cname @ ;royder in cname @ ; external machines -arrakis 1m in a 67.5.119.0 +arrakis 1m in a 174.31.5.218 ;darkstar 1m in a 66.69.213.114 ;nb 1m in a 67.10.209.108 ;terraria 1m in a 128.83.27.4 ;caladan 1m in a 104.130.129.241 ;caladan 1m in aaaa 2001:4800:7818:101:be76:4eff:fe03:db44 -darkstar 1m in a 67.5.119.0 +darkstar 1m in a 174.31.5.218 diff --git a/hosts/common/optional/services/openssh.nix b/hosts/common/optional/services/openssh.nix index 424d3bf..2bd7caf 100644 --- a/hosts/common/optional/services/openssh.nix +++ b/hosts/common/optional/services/openssh.nix @@ -1,4 +1,7 @@ +{ pkgs, ... }: { + #programs.ssh.package = pkgs.openssh_10_2; + services.openssh = { enable = true; settings = { diff --git a/hosts/common/optional/services/wayland.nix b/hosts/common/optional/services/wayland.nix new file mode 100644 index 0000000..501e173 --- /dev/null +++ b/hosts/common/optional/services/wayland.nix @@ -0,0 +1,16 @@ +{ pkgs, ... }: +{ + environment.systemPackages = [ + pkgs.grim + pkgs.wev + pkgs.wl-clipboard + pkgs.wlvncc + ]; + + programs = { + sway = { + enable = true; + wrapperFeatures.gtk = true; + }; + }; +} diff --git a/hosts/common/optional/services/xorg.nix b/hosts/common/optional/services/xorg.nix index 7dccdd3..9852a51 100644 --- a/hosts/common/optional/services/xorg.nix +++ b/hosts/common/optional/services/xorg.nix @@ -1,51 +1,11 @@ -{ pkgs, ... }: +{ config, lib, pkgs, ... }: { - #environment.systemPackages = builtins.attrValues { - # inherit (pkgs) - environment.systemPackages = with pkgs; [ - chafa - evince - feh - gcr - geeqie - ghostty - gimp - #gimp-with-plugins - google-chrome - gv - inkscape - libreoffice - libva-utils - mesa-demos - mpv - polkit_gnome - rdesktop - read-edid - st - sxiv - tigervnc - turbovnc - vdpauinfo - vlc - vulkan-tools - wireshark - x11vnc - xclip - xdotool - xorg.appres - xorg.editres - xorg.xdpyinfo - xorg.xev - xscreensaver - xsnow - xterm#; + environment.systemPackages = [ + #pkgs.tigervnc + pkgs.turbovnc + pkgs.x11vnc + pkgs.xscreensaver ]; - #}; - - programs.firefox = { - enable = true; - package = pkgs.master.firefox; - }; security.polkit = { enable = true; @@ -68,18 +28,22 @@ }; services = { - blueman.enable = true; - displayManager.defaultSession = "xsession"; - libinput.enable = true; + displayManager = lib.mkIf (config.networking.hostName != "fangorn") { + defaultSession = "xsession"; + }; picom.enable = true; - printing.enable = true; xserver = { - displayManager.lightdm = { - enable = true; - extraSeatDefaults = ''greeter-hide-users=true''; - }; + displayManager.lightdm = lib.mkMerge [ + (lib.mkIf (config.networking.hostName == "fangorn") { + enable = true; + }) + (lib.mkIf (config.networking.hostName != "fangorn") { + enable = true; + extraSeatDefaults = ''greeter-hide-users=true''; + }) + ]; - displayManager.session = [ + displayManager.session = lib.mkIf (config.networking.hostName != "fangorn") [ { manage = "desktop"; name = "xsession"; @@ -92,20 +56,4 @@ xkb.options = "caps:super,compose:ralt"; }; }; - - systemd = { - user.services.polkit-gnome-authentication-agent-1 = { - description = "polkit-gnome-authentication-agent-1"; - wantedBy = [ "graphical-session.target" ]; - wants = [ "graphical-session.target" ]; - after = [ "graphical-session.target" ]; - serviceConfig = { - Type = "simple"; - ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1"; - Restart = "on-failure"; - RestartSec = 1; - TimeoutStopSec = 10; - }; - }; - }; } diff --git a/hosts/common/optional/sound.nix b/hosts/common/optional/sound.nix index b07de35..55be237 100644 --- a/hosts/common/optional/sound.nix +++ b/hosts/common/optional/sound.nix @@ -1,51 +1,51 @@ { pkgs, ... }: { environment = { - systemPackages = with pkgs; [ - artyFX - audacity - bespokesynth - boops - cardinal - carla - chow-tape-model - cmus - distrho-ports - fluidsynth - #master.fmsynth - #gearmulator - geonkick - guitarix - gxplugins-lv2 - lilypond-unstable-with-fonts - lsp-plugins - metersLv2 - odin2 - oxefmsynth - polyphone - qsynth - reaper - rosegarden - samplv1 - sfizz - sorcer - surge-XT - synthv1 - talentedhack - #master.tunefish - v4l-utils - vapoursynth - vital - vmpk - vocproc - wavpack - winetricks - wineWowPackages.stagingFull - #master.yabridge - #master.yabridgectl - yoshimi - zam-plugins - #zynaddsubfx + systemPackages = [ + #pkgs.artyFX + pkgs.audacity + pkgs.bespokesynth + pkgs.boops + pkgs.cardinal + #pkgs.carla + #pkgs.chow-tape-model + pkgs.cmus + pkgs.distrho-ports + pkgs.fluidsynth + #pkgs.fmsynth + #pkgs.gearmulator + pkgs.geonkick + #pkgs.master.guitarix + pkgs.gxplugins-lv2 + pkgs.lilypond-unstable-with-fonts + pkgs.lsp-plugins + pkgs.meters-lv2 + pkgs.odin2 + pkgs.oxefmsynth + #pkgs.master.polyphone + pkgs.qsynth + pkgs.reaper + pkgs.rosegarden + pkgs.samplv1 + pkgs.sfizz + #pkgs.sorcer + pkgs.surge-xt + pkgs.synthv1 + pkgs.talentedhack + #pkgs.tunefish + pkgs.v4l-utils + pkgs.vapoursynth + pkgs.vital + pkgs.vmpk + pkgs.vocproc + pkgs.wavpack + pkgs.winetricks + pkgs.wineWow64Packages.stagingFull + pkgs.yabridge + pkgs.yabridgectl + pkgs.yoshimi + pkgs.zam-plugins + pkgs.zynaddsubfx ]; }; } diff --git a/hosts/common/optional/wdt.nix b/hosts/common/optional/wdt.nix index 3c3943e..3d60706 100644 --- a/hosts/common/optional/wdt.nix +++ b/hosts/common/optional/wdt.nix @@ -1,3 +1,3 @@ { - systemd.watchdog.runtimeTime = "60s"; + systemd.settings.Manager.RuntimeWatchdogSec = "60s"; } diff --git a/hosts/common/users/don/default.nix b/hosts/common/users/don/default.nix new file mode 100644 index 0000000..3c700a7 --- /dev/null +++ b/hosts/common/users/don/default.nix @@ -0,0 +1,32 @@ +{ pkgs, inputs, config, ... }: +let + ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups; + uid = 1001; +in +{ + users.groups.don.gid = uid; + users.users.don = { + description = "Don Arnold"; + extraGroups = [ + "audio" + "video" + "wheel" + ] ++ ifTheyExist [ + "adbusers" + "networkmanager" + "vboxsf" + "vboxusers" + ]; + group = "don"; + home = "/home/don"; + isNormalUser = true; + openssh.authorizedKeys.keys = [ + (builtins.readFile ../nipsy/keys/id_arrakis.pub) + #(builtins.readFile ./keys/id_other.pub) + ]; + + packages = [ pkgs.home-manager ]; + #shell = pkgs.zsh; + uid = uid; + }; +} diff --git a/hosts/common/users/lin/default.nix b/hosts/common/users/lin/default.nix new file mode 100644 index 0000000..048a6fc --- /dev/null +++ b/hosts/common/users/lin/default.nix @@ -0,0 +1,18 @@ +{ pkgs, config, ... }: +let + ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups; + uid = 1001; +in +{ + users.groups.lin.gid = uid; + users.users.lin = { + description = "Lindsey Holcomb"; + group = "lin"; + home = "/data/home/lin"; + isNormalUser = true; + + packages = [ pkgs.home-manager ]; + #shell = pkgs.zsh; + uid = uid; + }; +} diff --git a/hosts/common/users/nipsy/default.nix b/hosts/common/users/nipsy/default.nix index 5eacd6f..35daabc 100644 --- a/hosts/common/users/nipsy/default.nix +++ b/hosts/common/users/nipsy/default.nix @@ -1,9 +1,10 @@ { pkgs, inputs, config, ... }: let ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups; + uid = 1000; in { - users.groups.nipsy.gid = 1000; + users.groups.nipsy.gid = uid; users.users.nipsy = { description = "Mark Nipper"; extraGroups = [ @@ -12,6 +13,8 @@ in "wheel" ] ++ ifTheyExist [ "adbusers" + "dialout" + "gamemode" "networkmanager" "vboxsf" "vboxusers" @@ -26,5 +29,6 @@ in packages = [ pkgs.home-manager ]; shell = pkgs.zsh; + uid = uid; }; } diff --git a/hosts/common/users/nipsy/keys/id_att.pub b/hosts/common/users/nipsy/keys/id_att.pub index 8a66903..9aa33b1 100644 --- a/hosts/common/users/nipsy/keys/id_att.pub +++ b/hosts/common/users/nipsy/keys/id_att.pub @@ -1 +1 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCic35t4KTqV2d6D5CeIry8Rj6XUNEx02NcyuQf1xLyTi6MngDAcSVR6cmDhVWh1V3lUJHGk9qDE71/9EsIOwbxTHoFT95dU+pg78LgaYjzxXZuNmnr2fyFDuB39WjgPYubrIKE9rBJaipiQDIm7IiO1iFGFVToIOwmd+dDu7jlKfXXrdDDgsYVQum9PYJBIDV86B7nTlI3wfTzWZCW0iaa19lJltD1dmn9WJ1W+/aEgMb67u6MCh9R2xFfrK+Sir9ucGJghKGt4+TzCcNYfUFd0qk3CThcKQAnQejYGJYO54kqQan6PJXdUV40eGJaFzNGFXYrhL9MPuzXe86qZrIkRz4VpEagFxteL6T7uKLc70ji6jKZlPq0KMaXxlkX+fgb9l7xLK+/MmXqo16UqvbirLyGT4CbqEFh75xBgj5/Y5ml/5FB0p9PjGKGdCnp9Lt5Tk42VZ/qTbRZRxgi4R1BAWmstRGmrjkFxuKzjSgkTrAVdWeVGKZqbQvfQ4KYIN6hDCRts6Ci4NqVm4zo6xPx+ygWjtGyW5Ohiv7oUdlwnCA5JyR9re0EHKOblWphcgUjPXFMPm/5RI82s4KQT6D5REHbuQPNUCrCKHWOoNRhuMZlP4pjt9GJZZOcbvlmP2n8PgLXo5qzNjNt696GE1BAQUNnKF9oVNVWNuxVcQhKeQ== mn116t@att.com +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDcB/E/3tPdLJDroKuu8ttsKi9XA8NMuj2K/vRDjgFDH8iFjQcMx6tOdY293BUXwIg9VrqOVDnlGPkg30aRAhx3sy7mHpxSD2RXaqmBQdblox2bGJtBteqn1cumPgiTp2vwE4DUjelE3rHTpbR3yLbjDrWzcLYaIdUkRL3WnkaYx96fXe1aTJ/WHwJbQaagU7Om2mryUdoZOe25xGF2iGlyDuvR1fUpBoFZd9eekW8R1zi4s2lY3F413cucZHamif+jdXdBwvEg1uYHr9hzVNzbOvyN3n5IcpyNqV9H8xA4KUmRS6URiNNR+S4/2bUUD45LMuuQAMGTzdwaDpaPyDR6Qo82XiA4T2BmVmNIM9ftF2QEIuO79DTEn1aSEB3XPNcN4q4xVKSbhpdXvMBgcy+HCNPAehFLEvFYD/LrA7Zy1b5HcJwnvAkqMuim5D2wuWvgbiKn07PlT5gv39I4+2K3MKJnZhla/jVLjtaF9NKjxwApG/abFuvST3BzyO0Omd+miYFHu2ongg11tW++zViaeQTi6wdXGzCd9xbazNPNJ+rB8Mf8AM243pkL5MSd+cvWN6/J/kiIqD1FFG6Yzq2KGFmjT/UTe4uJrO4PX8Ws5JsMkIKlWUz+ab/APFLuRvqPr/Krw48XiXtIzdCtKfx7JmRwqm+8t70u4SgWKBhyMQ== mn116t@att.com diff --git a/hosts/darkstar/default.nix b/hosts/darkstar/default.nix index 910e077..23ec0df 100644 --- a/hosts/darkstar/default.nix +++ b/hosts/darkstar/default.nix @@ -2,9 +2,10 @@ boot = { initrd.kernelModules = [ "zfs" ]; kernel.sysctl = { + "kernel.hostname" = "darkstar.bitgnome.net"; "net.ipv4.ip_forward" = true; }; - kernelPackages = pkgs.linuxPackages_6_12; + kernelPackages = pkgs.linuxPackages_6_18; loader = { efi = { canTouchEfiVariables = true; @@ -15,24 +16,31 @@ extraInstallCommands = '' ${pkgs.rsync}/bin/rsync -av --delete /efiboot/efi1/ /efiboot/efi2 ''; + memtest86.enable = true; }; timeout = 3; }; supportedFilesystems = [ "zfs" ]; - zfs.package = pkgs.master.zfs; + zfs = { + forceImportRoot = false; + package = pkgs.zfs_2_4; + }; }; - #environment.systemPackages = with pkgs; [ - # wpa_supplicant - # somethingelse - #]; + environment = { + #etc."mitmproxy-c64u.py".source = ./mitmproxy-c64u.py; + systemPackages = [ + #pkgs.master.mitmproxy + pkgs.speedtest-go + ]; + }; imports = [ ./disks.nix ./hardware-configuration.nix ./services.nix ../common/core - ../common/optional/services/asterisk.nix + #../common/optional/services/asterisk.nix ../common/optional/services/chrony.nix ../common/optional/services/dhcp.nix ../common/optional/services/nsd.nix @@ -44,10 +52,12 @@ ]; networking = { + #defaultGateway = "192.168.1.1"; hostId = "f9ca5efe"; hostName = "darkstar"; - #defaultGateway = "192.168.1.1"; - domain = "bitgnome.net"; + #hosts = { + # "185.187.254.229" = [ "hackerswithstyle.se" ]; + #}; interfaces = { enp116s0 = { ipv4.addresses = [ @@ -66,6 +76,9 @@ internalInterfaces = [ "enp116s0" ]; }; nftables.enable = true; + search = [ + "bitgnome.net" + ]; useDHCP = false; vlans = { vlan201 = { id=201; interface="enp117s0"; }; @@ -102,6 +115,7 @@ "nftables/forward" = {}; "nftables/ssh" = {}; "nix-access-token-github" = {}; + "ssh_config".path = "/root/.ssh/config"; }; }; @@ -115,7 +129,23 @@ system.stateVersion = "23.11"; - systemd.services."nftables-extra" = let rules_script = '' + systemd.services = { + #"mitmproxy" = let rules_script = '' + # ${pkgs.mitmproxy}/bin/mitmdump -p 80 -s /etc/mitmproxy-c64u.py --mode reverse:http://185.187.254.229:80 --set block_global=false + #''; in { + # description = "proxy for C64 site hackerswithstyle.se"; + # script = rules_script; + # serviceConfig = { + # Restart = "on-failure"; + # RestartSec = 5; + # StandardError = "append:/var/log/mitmproxy.log"; + # StandardOutput = "append:/var/log/mitmproxy.log"; + # Type = "simple"; + # }; + # after = [ "network.target" ]; + # wantedBy = [ "multi-user.target" ]; + #}; + "nftables-extra" = let rules_script = '' ${pkgs.nftables}/bin/nft -a list chain inet nixos-fw input | ${pkgs.gnugrep}/bin/grep @anveo | ${pkgs.gnugrep}/bin/grep -Eo 'handle [[:digit:]]+$' | ${pkgs.gnused}/bin/sed -e 's/^handle //' | while read handle; do ${pkgs.nftables}/bin/nft delete rule inet nixos-fw input handle ''${handle}; done if ${pkgs.nftables}/bin/nft list set inet nixos-fw anveo 2>/dev/null; then ${pkgs.nftables}/bin/nft delete set inet nixos-fw anveo; fi if ${pkgs.nftables}/bin/nft list ct helpers table inet nixos-fw | ${pkgs.gnugrep}/bin/grep -qE '^[[:space:]]*ct helper sip-5060 {$'; then ${pkgs.nftables}/bin/nft delete ct helper inet nixos-fw sip-5060; fi @@ -143,6 +173,7 @@ wantedBy = [ "multi-user.target" ]; after = [ "nftables.service" ]; partOf = [ "nftables.service" ]; + }; }; systemd.paths."nftables-extra" = { diff --git a/hosts/darkstar/mitmproxy-c64u.py b/hosts/darkstar/mitmproxy-c64u.py new file mode 100644 index 0000000..5fc5aa6 --- /dev/null +++ b/hosts/darkstar/mitmproxy-c64u.py @@ -0,0 +1,303 @@ + +import json +import os +import re +import sys +from mitmproxy import http +from datetime import datetime + +STATE_DIR = "/var/lib" +STATE_FILE = f"{STATE_DIR}/mitmproxy-clients.json" + +def log(msg): + """Print with flush for immediate output""" + timestamp = datetime.now().strftime("%Y-%m-%d %H:%M:%S") + print(f"[{timestamp}] {msg}", flush=True) + +def load_state(): + if os.path.exists(STATE_FILE): + with open(STATE_FILE, "r") as f: + return json.load(f) + return {} + +def save_state(state): + os.makedirs(STATE_DIR, exist_ok=True) + with open(STATE_FILE, "w") as f: + json.dump(state, f, indent=4) + +def request(flow: http.HTTPFlow) -> None: + client_ip = flow.client_conn.peername[0] + + # Get Client-Id header to detect device type + client_id_header = flow.request.headers.get("Client-Id") + + # Debug: log all incoming requests + log(f"REQUEST: {flow.request.method} {flow.request.path}") + log(f" Client-IP: {client_ip}") + log(f" Client-Id: {client_id_header}") + log(f" Query params: {dict(flow.request.query)}") + log(f" Headers: {dict(flow.request.headers)}") + + # Load saved server choice for this client (assembly64 or commoserve) + state = load_state() + server_choice = state.get(client_ip) + + # Default: give them what they can't normally access + # C64U (Commodore) -> default to assembly64 + # Ultimate64 (Ultimate) -> default to commoserve + if server_choice is None: + if client_id_header == "Ultimate": + server_choice = "commoserve" + else: + server_choice = "assembly64" + log(f" Default server for {client_id_header}: {server_choice}") + + # Check for server parameter in query (from menu selection) + server_param = flow.request.query.get("server", "").lower() + if server_param in ["assembly64", "commoserve"]: + state[client_ip] = server_param + save_state(state) + server_choice = server_param + log(f"SWITCH (menu): {client_ip} -> {server_param}") + # Remove the server param so it doesn't confuse the real server + del flow.request.query["server"] + + # Check for server selection in query (from injected menu) + # Query comes as: (server:assembly64) or (server:commoserve) + # May also include other search params like (name:"bubble") + query_string = flow.request.query.get("query", "") + query_lower = query_string.lower() + name_string = flow.request.query.get("name", "").lower() + search_text = query_lower + " " + name_string + + # Handle server menu selection - strip server: from query and continue + if "server:assembly64" in query_lower or "server:commoserve" in query_lower: + if "server:assembly64" in query_lower: + new_server = "assembly64" + else: + new_server = "commoserve" + + state[client_ip] = new_server + save_state(state) + server_choice = new_server + log(f"SWITCH (menu): {client_ip} -> {new_server}") + + # Remove server:xxx from query string (case insensitive) + # Also handle the & operator that joins query parts + cleaned_query = re.sub(r'\s*&\s*\(server:(assembly64|commoserve)\)', '', query_string, flags=re.IGNORECASE) + cleaned_query = re.sub(r'\(server:(assembly64|commoserve)\)\s*&\s*', '', cleaned_query, flags=re.IGNORECASE) + cleaned_query = re.sub(r'\(server:(assembly64|commoserve)\)', '', cleaned_query, flags=re.IGNORECASE) + # Clean up any leftover empty parens or double spaces + cleaned_query = cleaned_query.strip() + + # If query is now empty or just whitespace, return confirmation + if not cleaned_query or cleaned_query == "()": + flow.response = http.Response.make( + 200, + json.dumps([{"name": f"Switched to {new_server.upper()}", "id": "0", "category": 0}]), + {"Content-Type": "application/json"} + ) + log(f" No other search params, returning confirmation") + return + else: + # Update query with server part removed and continue with search + flow.request.query["query"] = cleaned_query + log(f" Cleaned query: {cleaned_query}") + + # Also check for keywords in search query (legacy method) + if "assembly64" in search_text: + state[client_ip] = "assembly64" + save_state(state) + server_choice = "assembly64" + log(f"SWITCH (keyword): {client_ip} -> Assembly64") + + elif "commoserve" in search_text: + state[client_ip] = "commoserve" + save_state(state) + server_choice = "commoserve" + log(f"SWITCH (keyword): {client_ip} -> Commoserve") + + # Help feature + elif "help" in search_text: + device = "Ultimate64" if client_id_header == "Ultimate" else "C64U" + help_text = ( + "PROXY HELP:\n" + f"Device: {device}\n" + f"Current: {server_choice}\n" + "Use Server menu or search 'commoserve'/'assembly64' to switch." + ) + flow.response = http.Response.make( + 200, + json.dumps({"results": [{"name": help_text}]}), + {"Content-Type": "application/json"} + ) + log(f"HELP: Sent help response to {client_ip}") + return + + # Block requests for our fake info items (id "0" or "info") + # These are the "Switched to..." or "Currently browsing..." messages + if re.match(r'/leet/search/entries/(0|info)/', flow.request.path): + log(f"BLOCKED: Request for info item, returning empty") + flow.response = http.Response.make( + 200, + json.dumps([]), + {"Content-Type": "application/json"} + ) + return + + # Bot protection + if not client_id_header and "/leet/search/" not in flow.request.path: + log(f"BLOCKED: No Client-Id header from {client_ip}") + flow.kill() + return + + # Apply header patch + # C64U (Commodore) accessing assembly64 -> patch to Ultimate + # Ultimate64 (Ultimate) accessing commoserve -> patch to Commodore + original_client_id = client_id_header + + # Always fetch presets with Ultimate header to get full Assembly64 menu + if flow.request.path == "/leet/search/aql/presets": + if client_id_header != "Ultimate": + flow.request.headers["Client-Id"] = "Ultimate" + log(f"PATCHED: {client_ip} Client-Id: {client_id_header} -> Ultimate (fetching full menu)") + else: + log(f"FORWARDED: {client_ip} presets request (already Ultimate)") + elif client_id_header == "Commodore" and server_choice == "assembly64": + flow.request.headers["Client-Id"] = "Ultimate" + log(f"PATCHED: {client_ip} Client-Id: Commodore -> Ultimate (accessing Assembly64)") + elif client_id_header == "Ultimate" and server_choice == "commoserve": + flow.request.headers["Client-Id"] = "Commodore" + log(f"PATCHED: {client_ip} Client-Id: Ultimate -> Commodore (accessing Commoserve)") + else: + device = "Ultimate64" if client_id_header == "Ultimate" else "C64U" + log(f"FORWARDED: {client_ip} ({device}) -> {server_choice} (no patch needed)") + + # Forwarding + flow.request.host = "185.187.254.229" + flow.request.port = 80 + flow.request.headers["Host"] = "hackerswithstyle.se" + log(f" Forwarding to: {flow.request.host}:{flow.request.port}") + +def response(flow: http.HTTPFlow) -> None: + """Intercept responses and inject Server menu option into presets""" + client_ip = flow.client_conn.peername[0] + + # Debug: log all responses + log(f"RESPONSE: {flow.request.path}") + log(f" Status: {flow.response.status_code}") + log(f" Content-Type: {flow.response.headers.get('Content-Type', 'unknown')}") + log(f" Content length: {len(flow.response.content)} bytes") + + # Show first 500 chars of response for debugging + try: + content_preview = flow.response.content.decode('utf-8')[:500] + log(f" Content preview: {content_preview}") + except: + log(f" Content preview: (binary data)") + + # Inject "Currently browsing..." info item into search results + # Match /leet/search/aql but not /leet/search/aql/presets + if flow.request.path.startswith("/leet/search/aql") and not flow.request.path.startswith("/leet/search/aql/"): + log(f"SEARCH RESULTS: Intercepted search response for path: {flow.request.path}") + try: + data = json.loads(flow.response.content) + log(f" Response type: {type(data).__name__}") + + # Get current server choice for this client + state = load_state() + client_id_header = flow.request.headers.get("Client-Id") + server_choice = state.get(client_ip) + + # Default based on device type + if server_choice is None: + if client_id_header == "Ultimate": + server_choice = "commoserve" + else: + server_choice = "assembly64" + + # Create info item showing current server + server_display = "Assembly64" if server_choice == "assembly64" else "Commoserve" + info_item = { + "name": f"Browsing: {server_display}", + "id": "info", + "category": 0 + } + + # Handle both array and dict responses + if isinstance(data, list): + log(f" Original results count: {len(data)}") + data.insert(0, info_item) + log(f" After injection: {len(data)} items") + elif isinstance(data, dict) and "results" in data: + log(f" Original results count: {len(data['results'])}") + data["results"].insert(0, info_item) + log(f" After injection: {len(data['results'])} items") + else: + log(f" Unknown response format, skipping injection") + return + + # Update response + new_content = json.dumps(data) + flow.response.content = new_content.encode() + log(f"INJECTED: Info item into search results") + except json.JSONDecodeError as e: + log(f"ERROR: JSON decode failed for search results: {e}") + except Exception as e: + log(f"ERROR: Search results injection failed: {type(e).__name__}: {e}") + + if flow.request.path == "/leet/search/aql/presets": + log(f"PRESETS: Intercepted presets response") + try: + # Parse the original response + data = json.loads(flow.response.content) + log(f" Original presets count: {len(data)}") + + # Get current server choice for this client + state = load_state() + client_id_header = flow.request.headers.get("Client-Id") + server_choice = state.get(client_ip) + + # Default based on device type + if server_choice is None: + if client_id_header == "Ultimate": + server_choice = "commoserve" + else: + server_choice = "assembly64" + + # Build server menu with current selection marked with asterisk + if server_choice == "assembly64": + server_menu = { + "type": "server", + "description": "Server", + "values": [ + {"aqlKey": "assembly64", "name": "* Assembly64"}, + {"aqlKey": "commoserve", "name": "Commoserve"} + ] + } + else: + server_menu = { + "type": "server", + "description": "Server", + "values": [ + {"aqlKey": "commoserve", "name": "* Commoserve"}, + {"aqlKey": "assembly64", "name": "Assembly64"} + ] + } + + # Inject Server menu at the beginning + data.insert(0, server_menu) + log(f" After injection: {len(data)} items (current: {server_choice})") + + # Update response + new_content = json.dumps(data) + flow.response.content = new_content.encode() + log(f"INJECTED: Server menu into presets response") + log(f" New content length: {len(new_content)}") + except json.JSONDecodeError as e: + log(f"ERROR: JSON decode failed: {e}") + log(f" Raw content: {flow.response.content[:200]}") + except AttributeError as e: + log(f"ERROR: Attribute error: {e}") + except Exception as e: + log(f"ERROR: Unexpected error: {type(e).__name__}: {e}") diff --git a/hosts/darkstar/services.nix b/hosts/darkstar/services.nix index 7304b48..9528f32 100644 --- a/hosts/darkstar/services.nix +++ b/hosts/darkstar/services.nix @@ -7,10 +7,15 @@ allowedUDPPorts = [ 53 # domain ]; - interfaces.enp116s0.allowedUDPPorts = [ - 69 # xinetd/tftpd - 123 # ntp - ]; + interfaces.enp116s0 = { + allowedTCPPorts = [ + 80 # http + ]; + allowedUDPPorts = [ + 69 # xinetd/tftpd + 123 # ntp + ]; + }; }; }; @@ -41,24 +46,34 @@ ]; local-data = [ "\"darkstar.bitgnome.net. IN A 192.168.1.1\"" + #"\"hackerswithstyle.se. IN A 192.168.1.1\"" "\"arrakis.bitgnome.net. IN A 192.168.1.2\"" + "\"caladan.bitgnome.net. IN A 192.168.1.4\"" + "\"mister.bitgnome.net. IN A 192.168.1.10\"" "\"jupiter.bitgnome.net. IN A 192.168.1.11\"" "\"saturn.bitgnome.net. IN A 192.168.1.12\"" "\"uranus.bitgnome.net. IN A 192.168.1.13\"" "\"neptune.bitgnome.net. IN A 192.168.1.14\"" + "\"deck.bitgnome.net. IN A 192.168.1.16\"" "\"ginaz.bitgnome.net. IN A 192.168.1.17\"" + "\"loadstar.bitgnome.net. IN A 192.168.1.18\"" ]; local-data-ptr = [ "\"192.168.1.1 darkstar.bitgnome.net\"" "\"192.168.1.2 arrakis.bitgnome.net\"" + "\"192.168.1.4 caladan.bitgnome.net\"" + "\"192.168.1.10 mister.bitgnome.net\"" "\"192.168.1.11 jupiter.bitgnome.net\"" "\"192.168.1.12 saturn.bitgnome.net\"" "\"192.168.1.13 uranus.bitgnome.net\"" "\"192.168.1.14 neptune.bitgnome.net\"" + "\"192.168.1.16 deck.bitgnome.net\"" "\"192.168.1.17 ginaz.bitgnome.net\"" + "\"192.168.1.18 loadstar.bitgnome.net\"" ]; local-zone = [ "\"bitgnome.net.\" transparent" + #"\"hackerswithstyle.se.\" transparent" "\"1.168.192.in-addr.arpa.\" static" ]; verbosity = 2; diff --git a/hosts/fangorn/default.nix b/hosts/fangorn/default.nix new file mode 100644 index 0000000..0ae189d --- /dev/null +++ b/hosts/fangorn/default.nix @@ -0,0 +1,90 @@ +{ config, inputs, lib, outputs, pkgs, ... }: { + boot = { + kernelPackages = pkgs.linuxPackages_6_18; + loader = { + efi.canTouchEfiVariables = true; + systemd-boot = { + enable = true; + memtest86.enable = true; + }; + timeout = 3; + }; + supportedFilesystems = [ "zfs" ]; + zfs = { + devNodes = "/dev/disk/by-label"; + forceImportRoot = false; + package = pkgs.zfs_2_4; + }; + }; + + environment.systemPackages = [ + pkgs.chirp + pkgs.signal-desktop + pkgs.wpa_supplicant + ]; + + imports = [ + ./disks.nix + ./hardware-configuration.nix + ../common/core + #../common/optional/db.nix + ../common/optional/dev.nix + ../common/optional/ebooks.nix + #../common/optional/games.nix + ../common/optional/gui.nix + ../common/optional/misc.nix + ../common/optional/multimedia.nix + ../common/optional/pipewire.nix + ../common/optional/services/nolid.nix + ../common/optional/services/openssh.nix + #../common/optional/services/tlp.nix + ../common/optional/services/xorg.nix + ../common/optional/sound.nix + ../common/optional/wdt.nix + ../common/optional/zfs.nix + ../common/users/don + ../common/users/nipsy + ../common/users/root + ]; + + networking = { + firewall.extraInputRules = '' + iifname "wg0" tcp dport ssh counter accept + ''; + hostId = "6f1faddc"; + hostName = "fangorn"; + networkmanager.enable = true; + nftables.enable = true; + }; + + nixpkgs = { + config.allowUnfree = true; + hostPlatform = "x86_64-linux"; + overlays = [ + outputs.overlays.additions + outputs.overlays.modifications + outputs.overlays.master-packages + outputs.overlays.stable-packages + ]; + }; + + services.openssh = { + openFirewall = false; + settings.X11Forwarding = true; + }; + services.xserver.desktopManager.xfce.enable = true; + services.xserver.videoDrivers = [ "amdgpu" ]; + + sops = { + age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + defaultSopsFile = ../secrets/fangorn.yaml; + + secrets = { + "nix-access-token-github" = {}; + }; + }; + + system.stateVersion = "23.11"; + + time.timeZone = lib.mkForce "America/Chicago"; +} diff --git a/hosts/fangorn/disks.nix b/hosts/fangorn/disks.nix new file mode 100644 index 0000000..fdef7cf --- /dev/null +++ b/hosts/fangorn/disks.nix @@ -0,0 +1,102 @@ +{ lib, ... }: +{ + disko.devices = { + disk = { + nvme0n1 = { + type = "disk"; + device = "/dev/nvme0n1"; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "1G"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + extraArgs = [ "-nboot" ]; + }; + }; + swap = { + size = "32G"; + type = "8200"; + content = { + type = "swap"; + extraArgs = [ "-L swap" ]; + }; + }; + rpool = { + size = "100%"; + content = { + type = "zfs"; + pool = "rpool"; + }; + }; + }; + }; + }; + }; + zpool = { + rpool = { + type = "zpool"; + rootFsOptions = { + acltype = "posixacl"; + canmount = "off"; + compression = "on"; + dnodesize = "auto"; + relatime = "on"; + xattr = "sa"; + }; + options = { + ashift = "12"; + autotrim = "on"; + }; + datasets = { + "local" = { + type = "zfs_fs"; + options.mountpoint = "none"; + }; + "local/root" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/"; + }; + "local/nix" = { + type = "zfs_fs"; + options = { + atime = "off"; + mountpoint = "legacy"; + }; + mountpoint = "/nix"; + }; + "user" = { + type = "zfs_fs"; + options.mountpoint = "none"; + }; + "user/home" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/home"; + }; + "user/home/root" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/root"; + }; + "user/home/don" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/home/don"; + }; + "user/home/nipsy" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/home/nipsy"; + }; + }; + }; + }; + }; +} diff --git a/hosts/fangorn/hardware-configuration.nix b/hosts/fangorn/hardware-configuration.nix new file mode 100644 index 0000000..17a6bc6 --- /dev/null +++ b/hosts/fangorn/hardware-configuration.nix @@ -0,0 +1,33 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot = { + initrd = { + availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "sd_mod" ]; + kernelModules = [ ]; + }; + kernelModules = [ "kvm-amd" ]; + extraModulePackages = [ ]; + }; + + fileSystems."/boot" = { + device = lib.mkForce "/dev/disk/by-label/boot"; + }; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. + #networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true; + + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/ginaz/default.nix b/hosts/ginaz/default.nix index 209a02e..0edbdba 100644 --- a/hosts/ginaz/default.nix +++ b/hosts/ginaz/default.nix @@ -1,19 +1,27 @@ { config, inputs, outputs, pkgs, ... }: { boot = { initrd.kernelModules = [ "amdgpu" "zfs" ]; - kernelPackages = pkgs.linuxPackages_6_12; + kernelPackages = pkgs.linuxPackages_6_18; loader = { efi.canTouchEfiVariables = true; - systemd-boot.enable = true; + systemd-boot = { + enable = true; + memtest86.enable = true; + }; timeout = 3; }; supportedFilesystems = [ "zfs" ]; - zfs.package = pkgs.master.zfs; + zfs = { + forceImportRoot = false; + package = pkgs.zfs_2_4; + }; }; - environment.systemPackages = with pkgs; [ - signal-desktop - #master.wsmancli + environment.systemPackages = [ + pkgs.minicom + pkgs.setserial + pkgs.signal-desktop + pkgs.tio ]; imports = [ @@ -25,6 +33,7 @@ ../common/optional/ebooks.nix ../common/optional/games.nix ../common/optional/google-authenticator.nix + ../common/optional/gui.nix ../common/optional/misc.nix ../common/optional/multimedia.nix ../common/optional/pipewire.nix @@ -44,6 +53,9 @@ hostName = "ginaz"; networkmanager.enable = true; nftables.enable = true; + search = [ + "bitgnome.net" + ]; }; nixpkgs = { diff --git a/hosts/ginaz/hardware-configuration.nix b/hosts/ginaz/hardware-configuration.nix index 24f60cd..108f2d4 100644 --- a/hosts/ginaz/hardware-configuration.nix +++ b/hosts/ginaz/hardware-configuration.nix @@ -10,7 +10,7 @@ boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "sd_mod" ]; boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" ]; + boot.kernelModules = [ "kvm-amd" "ntsync" ]; boot.extraModulePackages = [ ]; fileSystems."/boot" = { @@ -23,8 +23,8 @@ graphics = { enable = true; - extraPackages = with pkgs; [ nvidia-vaapi-driver ]; - extraPackages32 = with pkgs.pkgsi686Linux; [ nvidia-vaapi-driver ]; + extraPackages = [ pkgs.nvidia-vaapi-driver ]; + extraPackages32 = [ pkgs.pkgsi686Linux.nvidia-vaapi-driver ]; }; nvidia = let diff --git a/hosts/jupiter/default.nix b/hosts/jupiter/default.nix index d5f95fc..6d799b9 100644 --- a/hosts/jupiter/default.nix +++ b/hosts/jupiter/default.nix @@ -4,21 +4,25 @@ #kernel.sysctl = { # "net.ipv4.ip_forward" = true; #}; - kernelPackages = pkgs.linuxPackages_6_12; + kernelPackages = pkgs.linuxPackages_6_18; loader = { efi.canTouchEfiVariables = true; - systemd-boot.enable = true; + systemd-boot = { + enable = true; + memtest86.enable = true; + }; timeout = 3; }; supportedFilesystems = [ "zfs" ]; zfs = { devNodes = "/dev/disk/by-label"; - package = pkgs.master.zfs; + forceImportRoot = false; + package = pkgs.zfs_2_4; }; }; - environment.systemPackages = with pkgs; [ - wpa_supplicant + environment.systemPackages = [ + pkgs.wpa_supplicant ]; imports = [ @@ -38,9 +42,11 @@ networking = { hostId = "d3a9e699"; hostName = "jupiter"; - domain = "bitgnome.net"; - nftables.enable = true; interfaces.enp2s0f0.wakeOnLan.enable = true; + nftables.enable = true; + search = [ + "bitgnome.net" + ]; wireless = { enable = true; userControlled.enable = true; diff --git a/hosts/kaitain/default.nix b/hosts/kaitain/default.nix index 706bb57..1b9b4e8 100644 --- a/hosts/kaitain/default.nix +++ b/hosts/kaitain/default.nix @@ -1,21 +1,25 @@ { config, inputs, lib, outputs, pkgs, ... }: { boot = { initrd.kernelModules = [ "zfs" ]; - kernelPackages = pkgs.linuxPackages_6_12; + kernelPackages = pkgs.linuxPackages_6_18; loader = { efi.canTouchEfiVariables = true; - systemd-boot.enable = true; + systemd-boot = { + enable = true; + memtest86.enable = true; + }; timeout = 3; }; supportedFilesystems = [ "zfs" ]; zfs = { devNodes = "/dev/disk/by-label"; - package = pkgs.master.zfs; + forceImportRoot = false; + package = pkgs.zfs_2_4; }; }; - environment.systemPackages = with pkgs; [ - git-review + environment.systemPackages = [ + pkgs.git-review ]; imports = [ @@ -24,6 +28,7 @@ ../common/core #../common/optional/db.nix ../common/optional/dev.nix + ../common/optional/gui.nix ../common/optional/misc.nix #../common/optional/multimedia.nix ../common/optional/pipewire.nix @@ -52,7 +57,7 @@ }; services.openssh.openFirewall = false; - services.xserver.videoDrivers = lib.mkForce [ "vmware" "virtualbox" "modesetting" ]; + services.xserver.videoDrivers = lib.mkForce [ "modesetting" ]; sops = { age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; @@ -60,6 +65,7 @@ secrets = { "nix-access-token-github" = {}; + "ssh_config".path = "/root/.ssh/config"; }; }; @@ -86,5 +92,5 @@ (builtins.readFile ../common/users/nipsy/keys/id_att.pub) ]; - virtualisation.virtualbox.guest.enable = true; + virtualisation.hypervGuest.enable = true; } diff --git a/hosts/kaitain/hardware-configuration.nix b/hosts/kaitain/hardware-configuration.nix index f38c16a..07b3857 100644 --- a/hosts/kaitain/hardware-configuration.nix +++ b/hosts/kaitain/hardware-configuration.nix @@ -8,7 +8,7 @@ [ #(modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "ohci_pci" "ehci_pci" "ata_piix" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; + boot.initrd.availableKernelModules = [ "sd_mod" "sr_mod" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ ]; boot.extraModulePackages = [ ]; diff --git a/hosts/neptune/default.nix b/hosts/neptune/default.nix index 7fdef31..41ad33d 100644 --- a/hosts/neptune/default.nix +++ b/hosts/neptune/default.nix @@ -4,21 +4,25 @@ #kernel.sysctl = { # "net.ipv4.ip_forward" = true; #}; - kernelPackages = pkgs.linuxPackages_6_12; + kernelPackages = pkgs.linuxPackages_6_18; loader = { efi.canTouchEfiVariables = true; - systemd-boot.enable = true; + systemd-boot = { + enable = true; + memtest86.enable = true; + }; timeout = 3; }; supportedFilesystems = [ "zfs" ]; zfs = { devNodes = "/dev/disk/by-label"; - package = pkgs.master.zfs; + forceImportRoot = false; + package = pkgs.zfs_2_4; }; }; - environment.systemPackages = with pkgs; [ - wpa_supplicant + environment.systemPackages = [ + pkgs.wpa_supplicant ]; imports = [ @@ -38,9 +42,11 @@ networking = { hostId = "6c1b830a"; hostName = "neptune"; - domain = "bitgnome.net"; - nftables.enable = true; interfaces.enp2s0f0.wakeOnLan.enable = true; + nftables.enable = true; + search = [ + "bitgnome.net" + ]; wireless = { enable = true; userControlled.enable = true; diff --git a/hosts/richese/default.nix b/hosts/richese/default.nix index 5d9e2fc..222f36b 100644 --- a/hosts/richese/default.nix +++ b/hosts/richese/default.nix @@ -1,18 +1,26 @@ { config, inputs, lib, outputs, pkgs, ... }: { boot = { initrd.kernelModules = [ "zfs" ]; - kernelPackages = pkgs.linuxPackages_6_12; - loader.grub.enable = true; + kernelPackages = pkgs.linuxPackages_6_18; + loader = { + efi.canTouchEfiVariables = true; + systemd-boot = { + enable = true; + memtest86.enable = true; + }; + timeout = 3; + }; supportedFilesystems = [ "zfs" ]; zfs = { devNodes = "/dev/disk/by-label"; - package = pkgs.master.zfs; + forceImportRoot = false; + package = pkgs.zfs_2_4; }; }; - environment.systemPackages = with pkgs; [ - git-review - master.openstackclient-full + environment.systemPackages = [ + pkgs.git-review + pkgs.openstackclient-full ]; imports = [ @@ -21,6 +29,7 @@ ../common/core #../common/optional/db.nix ../common/optional/dev.nix + ../common/optional/gui.nix ../common/optional/misc.nix #../common/optional/multimedia.nix ../common/optional/pipewire.nix @@ -49,7 +58,7 @@ }; services.openssh.openFirewall = false; - services.xserver.videoDrivers = lib.mkForce [ "vmware" "virtualbox" "modesetting" ]; + services.xserver.videoDrivers = lib.mkForce [ "modesetting" ]; sops = { age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; @@ -57,6 +66,7 @@ secrets = { "nix-access-token-github" = {}; + "ssh_config".path = "/root/.ssh/config"; }; }; @@ -83,5 +93,5 @@ (builtins.readFile ../common/users/nipsy/keys/id_att.pub) ]; - virtualisation.virtualbox.guest.enable = true; + virtualisation.hypervGuest.enable = true; } diff --git a/hosts/richese/disks.nix b/hosts/richese/disks.nix index 02c6ffe..a626a80 100644 --- a/hosts/richese/disks.nix +++ b/hosts/richese/disks.nix @@ -7,10 +7,6 @@ content = { type = "gpt"; partitions = { - MBR = { - size = "4M"; - type = "EF02"; - }; ESP = { size = "1G"; type = "EF00"; @@ -52,7 +48,7 @@ encryption = "aes-256-gcm"; keyformat = "passphrase"; keylocation = "file:///tmp/data.keyfile"; - normalization = "formD"; + #normalization = "formD"; # disabled due to previous issue: https://github.com/NixOS/nixpkgs/pull/86432 relatime = "on"; xattr = "sa"; }; diff --git a/hosts/richese/hardware-configuration.nix b/hosts/richese/hardware-configuration.nix index d1c33b7..07b3857 100644 --- a/hosts/richese/hardware-configuration.nix +++ b/hosts/richese/hardware-configuration.nix @@ -8,7 +8,7 @@ [ #(modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "ohci_pci" "ehci_pci" "ahci" "virtio_pci" "virtio_scsi" "sd_mod" ]; + boot.initrd.availableKernelModules = [ "sd_mod" "sr_mod" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ ]; boot.extraModulePackages = [ ]; diff --git a/hosts/saturn/default.nix b/hosts/saturn/default.nix index 1e7d21c..ba851cf 100644 --- a/hosts/saturn/default.nix +++ b/hosts/saturn/default.nix @@ -4,21 +4,25 @@ #kernel.sysctl = { # "net.ipv4.ip_forward" = true; #}; - kernelPackages = pkgs.linuxPackages_6_12; + kernelPackages = pkgs.linuxPackages_6_18; loader = { efi.canTouchEfiVariables = true; - systemd-boot.enable = true; + systemd-boot = { + enable = true; + memtest86.enable = true; + }; timeout = 3; }; supportedFilesystems = [ "zfs" ]; zfs = { devNodes = "/dev/disk/by-label"; - package = pkgs.master.zfs; + forceImportRoot = false; + package = pkgs.zfs_2_4; }; }; - environment.systemPackages = with pkgs; [ - wpa_supplicant + environment.systemPackages = [ + pkgs.wpa_supplicant ]; imports = [ @@ -38,9 +42,11 @@ networking = { hostId = "4ae5eb4d"; hostName = "saturn"; - domain = "bitgnome.net"; - nftables.enable = true; interfaces.enp2s0f0.wakeOnLan.enable = true; + nftables.enable = true; + search = [ + "bitgnome.net" + ]; wireless = { enable = true; userControlled.enable = true; diff --git a/hosts/secrets/arrakis.yaml b/hosts/secrets/arrakis.yaml index 5261c80..166a211 100644 --- a/hosts/secrets/arrakis.yaml +++ b/hosts/secrets/arrakis.yaml @@ -1,10 +1,11 @@ nftables: ssh: ENC[AES256_GCM,data:7XB18w9GPsqxT3MOjfxOyYIjgDZoPzWhKTJIGkhcRGXpf68OekCA0Jv3v5g81pxYNHQz5ky1//T5eEEhskBNT1dalScYXMm90CUOlYKHF975SW46p9ht357vUHngxnu4/Dh36Zmn7u4CMxUIeYsVXXVqujCFH+Ypuy7702hwyNJWa/u5Ik8rlsMMtO8aO+31xMf8MaCGVghDzXqXWaV9FJuuH69TJW0tW1Td2QD9yaMkH1kVSRXYi34Zbgcmf6MzGtWkytexjLqejegFUZ/7D6vQrGQIwYkTmtBvqlf0UUOKkZzXRp9e0ScWNnGJKbQSMes1ablDzwcuTzF6HS04Aykf0/CN8k71PxojWdd8HJEEKp1rL2CFW8LB/7CY8MD5zP4JcUilNiyzaFFQU93BRPg+7T6Dhk+qNIYCRaG/xLxzi4SxVSfMhI++/JwhOFatk9hOs3z8d4JgvMgTN0gKZJftt17CJMlAq3iDNvQC8aiIVaGHKoCSDUBBGS4zI75b8AcWRcSUNTixWnCx89KBBzQYTy4h3ZO0n6SsQvKyKdPWcVpnQtRqcToEJcCwvdwZXW3RfuRutmJb19yxIIagKEqWVYvgxIEZ19aV6HLJwUEnP761VsnskTVXbdPIctl4H5Mdg++K919ZVNZ56I0sE3c4TKukVsT+bn84ymoF/BUO+yvszptiCtpoJMLM/MPBbDT+3HB/rdi3gZKi1/MS3uj9cDTQJa6HeXd0PxxRXrBZnMJouUhMdrfVeUdLRpzZbVEcL7BYy3IBWAT5UUsJ+UrkOgK9nySe0NQ27gxSpooOIaxg8QRH0KB5p6hn2cwIHXT6GqbWdxE9T0G3hQmAvab7xpPA0oDRW4jb236vzBvBt7dWlw3QxRZXClaa2f1tYY7e499xQ+KqgC/zaBHJy74dStbc+aVQQwUyy8PqQ3OkaKL4uAsJHbjNmomTtt4OLwWfJvPY1QprfrbyXpFF5hNupi7aiItluKVpTvw+Sou7N1gmcNsbYunVJC6MMN7TGw+YL9kQ6h+5hDnyOt3sa31mZpIU95+PV6vpdxxkT1NC/HskJDPfcnoYnVj7PuyaRij2yRdmL+o6bN1NhEGl6dDuGy3gW5wos03bb9voMlhStuxrvRjUr/db3U1Z1O5winpWyRsDxkZR2EA4MweNbkWSS3FrZkuY1pYJd2RClrUIfuviB9gBXwntkaD06NJlXYlHr989cWuqrxIJ+tjHwThwozQ8knYs+Aa8bIFiw6BoBeOxl2d4QHml+4LmuWxaRSx4RLprgXCvJewqClbxk+4oyW5NqXxtXIHCQawCW+Z8my9j1hfNgM6Ct4L3hH0IRE2wZML3URRlkPI/FpvjitR0IauPl090mQa/kSfAjd0pcdJy37garUh9xIxkwmoyF6i2lmb3KSrK9G0rYmVMYIM2BVFTICr7yEguX/azw8uSLNdjENZ0D8bLvFhjoYrBf2WryqPrvtwh8nH2Q6XBGvPMgO2Aj9x0UgxVoHFrFi1qsoKqJpDrrIGGqYMKDS+m3VorQ3DAoCOMS6A739rOzjxFvi6ZtA03v1W4bDtldmydiMYpBEIA+ZVw0+1NwsSq+vEEIuyhiA05ev8KrexFyixmMvmqS2iGoJ/0MqpYPDnXwbQS66HY+ipn3Ds0RyZdH1cQEgi89p77nb6tjMLBRdsvkoVGwXQqVsmbMbtDsBX8wyzc5GMjG5oY5nO0FQcnudQuA3BBHWFL4Q+eaPGDx27s9sQxKBRaPfMgBBMV63/nmAcSYaqN8S4lVHWrpZvUCxehZ+5rx5tmI0625JODfN0GWK/ef0XRGNBW1I1KZAw3XmhAo+a0jaWTMaQz++JuV0MpVD8/xViOMBQdNHlBoWyUb9ArdkF2gzjOsWW1zeAFT+KPVPFXu/fQ1ZTN4aUnomC2uLpfKBYkQp1qkXx+BNAWFfzEmv6BJbtJaT432S7KnRJTCyQVyATlnMI1hOgkZO+y1OTXguhy4OBbxjmkib3OpUt0yLGI4cb1s8JtA1T4ZDlK6u70+rE1AlYtRAc3OotAhbOv9Uo071Pr8CA6eCzAt4Y/gGcss/AJ7LB0rG4OCXw/N+ic5N9n0YGn3Zp2XRqheLVWrgZiuN7gj+rORS3EpLUb6JnkanXWM5dAY/gWbRd8+iF7cCRCtnkaARp9Uch77SntUdllX+AGIMnRtcAU1cYkEBzKsDLF0PPZQzPXE4z5cRH7rnDSTLixATHS70vwGkBOe7NukiXBVzK7GBCXP1nzJevb7BeeUg9rDcsCxyejoc7YA8+pczMNxl4wjx3H2/x+JhMWrYcZQdhi8Vzaeoz0ulW8xZ6tO4JhLPA/Cb66B0tq9Za6f+uaJOIfqnl0xem6Rif2qUiKkSAZ4rN/2j8pRj9BMXCvKSttvG6hTTaprCe9Jn9rGi84rnIwZmN98C9KyHaTeKPC2NC4ooCsxOZtpeCCXNfFhqDVGL15NhwCravL/8pKf9bFhKW8DOkZRPy7jWtCCfIu0kkuZUkBLfT1lQ6eXKB6P6sC04IgBPV8Euw3woPOgGkJXCfLnxLljgvn70P3VQ==,iv:OnEBPu/havLABMuANjiKMEmhPX2tk/PlyDY0FwvQnsI=,tag:Qny6XbCXMhAr1AjZjr0ucw==,type:str] nix-access-token-github: ENC[AES256_GCM,data:1kkcaybmrEUrU9lqjKpaEqBBqtmTU9Teh0sEh+7PmAYoJEkyngT48Zzo8zpxN+wHdD9l/XV0iT3tDT/xY0ZMtawdXUI=,iv:8XYmmL0Md3eVLkvW3YkxN3gzGwY6DBvPA2XBdC8ccQ0=,tag:La0H5RJIwV3Ed3jVfqxlog==,type:str] -ssh_config: ENC[AES256_GCM,data:OjZ79joE5H4vcPpgC8o7u65Z96kpc36k+wA76/+aedb1O0oAEZFa/4imtJl88bB9LwvGMitqcvr0WOZ7nakY2y9kEKoVyEYQfkM61h7U8SazZsgHcuuR7JQ03TqUTYw66H/7qvHOcOftHTlp09HKvePuUOS22sPjU20JsV43TdrVcSICSLe8FgLMbojiWzM3uepKN1/7XBQWm1ntkhG7OTRJOvtsCsoE+lJX1Q0xN1NgwjvQotEpjC16m82f4wfq1Kv2RKyafJxTQRjhlxy4TtIYJ6UEM3aBL666+lGKuT6gbqFInVprIhqj/FAKKWmKrw9mqm3LCOQVcNJS4byfUfozMyBMzIlhusMHuqp6x0lR0y3Cfg3EvOWIGdrcu8uwQt2XkqrfFD3/jDfL+bf4CNZD2wHT9mdQXJyhzbTo2V8P3I9VifB0bLAvb8XFb16bcjyO2L7+eb5UA0c1fBKsF6Rol8p5SKwWu2y21B/gVlNOb5YYQn2fDLgTjg0DFQs2dW7uYlfVc4PS37KNQaxXT7qd3COCnuJ5/OVvWZK4hDAs8dEnYgD/bixdl8k8QiB5F2P7sTXFrfGsxaXaUGeG,iv:FQLz3J/+o4TeWsq7dF358DErIMbF9Fq2bJaz5vEwpdI=,tag:PDvywy9MasIrDAyrC3Ge8A==,type:str] +ssh_config: ENC[AES256_GCM,data:f0nNWKZxV+MjG+Jx3JVDiGaPwryaJxivRJrdPB3Ks7vJgieey5xLXkyBbEzFps/S2YLod4MAMQvsvunx4U54Dgz5kJQR+NfsQ4pVdYenqNYxpyCqM1n+oSWwmW0l1Z4F717OsDiadaAp6RJ58GK1pNB/AyV/Xns0EbSyqiwUGTgb/Mb6MeVm01djrfXzEYNHoBVuUA8b0LxdL1xH8CQwmPcbpMHItrO9MWIdHNZrz1YKD4EOfqt9ei0DwdvYbMqqOPrw/5Sgn9oViX/yJxWDJ1M8CHNAWMfAZfnr0ATQCYE75PhOAhuHhsZQBmUUCj1hr0b/Qb9Lc0agS8lvYRJXEIkMDoFu5bOAZkjmrOATnu2GOAynMr/tjMqPFBYmWdIfJcGRe55pW8ulbqnxcfvlDSmLGABc+sIr50IVwsBlzxSPoZhH6Hm+7i0Vs3Ep7VM/0Bcuyvd7z9NGKJp/wWAeUrT4ccJJSt5/1HVHcYF2rs0u0JZ2KNr4hdzGafC1353jQ03UC2yzZff1Jtv5nnrxQrlm1rBjbB5pxk99zVs8hWg9y7+Y44xw7PQ7UUrZTGd95khj1E00Qe0YFHxid4UPXoOGhZ282bziVBoJgmzdkAq/ekC3nZ38SSD/oKOnZNto76uBx/Q8ndwP4IgxWOkP9EKpsMvQFYyaoXCwdOKX8yNHUZy6wCW0WMEzWeCv1ixHhMF2rAFUu+jcd0outRQTaxBCvDwAnQqHWmY0ixk/L2r4Lf9IpYBGZ89xlcqnUTXKD6wu5AfWeMU2SxmzsF1AWSA/WBUjqW5nTfTr,iv:uXbX67nw8uot2BeeeU0wMNZ+xK+gJ6Xy42jriUZ0gjQ=,tag:AkRAMlnyaxvCVAQy1a2zGw==,type:str] wireguard: arrakis_key: ENC[AES256_GCM,data:jJxltF+jMKMchavpXWKGFmFI3K/Qkgmroc68nUzYL71kKR+WFMPUzDjXW0Y=,iv:RESrP6zChCIMeDn65mu7ULvfeT5QRRX76TdyOAjE/fw=,tag:0QXp38YwTJZS8phv9ObrhQ==,type:str] black-sheep_psk: ENC[AES256_GCM,data:ZBR7CQJLBltt9lTeN16SUte0xt90oVoJfvWrdF8gVAPQgvGIp/t3i5L2+eA=,iv:ilqCFzHhjgxU7FRcj0Ymi/t53NPt8QMJD56azsNQMe4=,tag:i4TIQryxzJpGaM8KGCVXQA==,type:str] + fangorn_psk: ENC[AES256_GCM,data:Ob994Cp+CDDfg4IEVGPnf265sDXe2zS9snehBvfr87x6kGq1YnKJQzkGXx4=,iv:mNDGwyRI0T3FHbPw9Z3NX+3/PmiIXiA+C1QUYYTdENc=,tag:Hz4qSjF7EmXA5ovnGLH3sQ==,type:str] ginaz_psk: ENC[AES256_GCM,data:Iy/jyCcXl5VnSArA+Uazww/refw+Flopi2CnUgXyB/lnL6ykqawztK6KSBU=,iv:rB9eeMXqa+ZptLenJs/x9yffu4s10YwI11A1EPUHY54=,tag:1rw8SyfXyKA9IW3SUfYbTg==,type:str] homer_psk: ENC[AES256_GCM,data:JaUJEWlcEhWeT+g5J+ysQ7rHFW8bxyDiciqrwL4JH493fQNCBnIkfJXtjfg=,iv:l95W7lVeBZhS2YwWN8biyFHBlAUwP7+DrSOVAhowC+I=,tag:q+wDpSGlT3nb+88yYMNzhQ==,type:str] lilnasx_psk: ENC[AES256_GCM,data:wssUtPGQfs2Gt63Iq+QD7nQsAaua/OP0tcTmxlWFPTjPF3PzU2Y8m/76B3w=,iv:1jSwB0XkC+Gcn2JRNcaGd3hhJebmdfaF1N6PNDEdkSU=,tag:GVigw9hi66q2+q06g+WumA==,type:str] @@ -12,13 +13,9 @@ wireguard: ramped_psk: ENC[AES256_GCM,data:TCeXW9SWFEq7H7YdEE4E7gLoMC8F4GwSPBtvh8Zv6OQ3Ni0LdZBH9IHmPT4=,iv:U33J1eusuCiC41zla2ieIFKzmmgL/TlkLmH/5El3u4s=,tag:Z4QzImR0T2XzdI26nlX+/Q==,type:str] timetrad_psk: ENC[AES256_GCM,data:zAOHUlk6VJd+w6ePcDAPhpmPmlogwqUh5zhDpnW7cbXflIdLtFN9YQbOYtc=,iv:DpqIP+uTxRY7Dl0WwOvAr/dDFeARCVZKNKKKCrgOkYA=,tag:IP+nUZS3klUvHNzbgS4IjQ==,type:str] treebeard_psk: ENC[AES256_GCM,data:EjzdD4siZfCkwd6pX82C2HP8I0avKjStv6fleURD2cPkGmBFDH//MLYcY/k=,iv:yCc+U3+kAzOroOxO04EKVrbuqr85Y8cZ343UN4s3nBg=,tag:r5piVnM+Q5+0HRRMpVwmSA==,type:str] - wg1_conf: ENC[AES256_GCM,data:FeRx87Ynsku8RPJ34HX4WZbvrl0NMKQVUueYevXhZi/uxehsttjqdZyhKGG8ZZW2rYNT7PADp90NcOYRuS2bquFuU+XSK21xDC7myk9EMHtEh1t2nk8ILYV590eQVceyQCb9XNjlypI0QJEBItODg9DAGHf9WqV232zj2NcXmUEFwdQpWt3NnFo7Dku1KTmNWIQhfKL96casrHP5j7YHASlbLC5xmieZ8IPasfozPCDwQJMxdA5PH5rr7DEcjIrOgYSqa7G9VcPWlBfiuyEI0MZVYhF2pl4P57LVZNDRf8XamOcsphnRfgr6JYArxrHl3H5r4Nbcz3I09W8rrw==,iv:qAB6GAKDLg4P0g+5cRPcOWS2DvW7dcMJp7Fb4hDArfo=,tag:cacQeEAR7gjA/40Msuh/8g==,type:str] + wg1_conf: ENC[AES256_GCM,data:/285rDfz+rySzB0pohVJSVDCRWAnPi8Kg9Xu9U4C03PWYWbPvsm5Ci1q6z/kYKPsaGYYo16Ttl/0PJJcgDaQXHxJAXqWr1VQJttrcMuWuG7VlSzqhxrb1QOD60Gl+wrP7WechufmOejJZZor4FIi/AnvB4GEKQpqdP8Zz2bSd2c+5wM3tBqXftoK+68qkoYzMBtinyBISKrP3n3raF8HwHx9a5RWbuMBs5UzKSPHIbx3assHnVyJb+tX6Bs4lJTwon7r6sc3EqfozbsIHrL275V1JYsRGmSk0Lk0exjK9mQyn+c/Z4uf1T0yg0gY5XwQ/U1AJ7e9CfLdJMP3QeUtqzj8H5LlydU/24xkpqqBtozYQ+/F9nn0omoWGtX4KWZWoIVTaHLjPiETCbY/PsRrx3QFckE=,iv:i+Jr6GV1zvVoGh66HYd3ZU8cLG5AeHZ3cz7xa3mXbbk=,tag:csj43Q4sGblmylUqqb84GQ==,type:str] wpa_supplicant: ENC[AES256_GCM,data:HHs6g3qaaeinVGgteExQvhE0CEC94WjJ0tV7pyI=,iv:6F+DYHieaWWo+V1F9yjwWT7PcdiIpH48nv1SUrFHePk=,tag:cpimCP+YNmCI+t+wpuXwHg==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - recipient: age1mkqxkwse7hrnxtcgqe0wdzhhrxk55syx2wpcngemecz0d7hugsnqupw3de enc: | @@ -38,8 +35,7 @@ sops: ejRLb2Vkd1B3QmxLSE1wUzgrazZJT0UKz1IQxYm7hagYtBsWTpk+f6/79ArRUgNL MfhHMQAwuuXjBSmuFolyU3UoWnDYK6uGAv5nlTJxESqj5eQBafItSw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-03-18T20:40:33Z" - mac: ENC[AES256_GCM,data:QTqow9+HbTDkMAfsVsiTIyac9xEU7kb+2z1u2oagUauCvtnCphCF0O+NzPwmOcFxhGn28AZ+K9EeKC5XGKcRI/bYY7wLhaz4DZVhYqTu2JSJ+2XweJOEA7JjgGa2rSEi8KTEe2adCHvf1zwyq1nmyFroJCqT5azvp91o11XwVZA=,iv:/WBKPz2TMw1S7+OVRpA5dPHNr7x18oi0NWXh3RcWOvM=,tag:bdfp9WF8X8FXFXjjaYpdKg==,type:str] - pgp: [] + lastmodified: "2025-11-17T23:31:29Z" + mac: ENC[AES256_GCM,data:yZVAA0LoisaxPUuhkwxvXPj/HLP4mJipxyANnJJRPu74yJmhsIRxI5yn2LDvsSvkRzlv46Z2rfxF5jHDwAcqxbAquzERXB+ov/yGmC1HwQr7ID/wV+Uz4a0AmU1w6Zh9NOPraKEO5C03PpQSD+r/vxdbIwrEHlLHf51FZUVvpSE=,iv:m44NZsZm5704z6tdRAUjl5DFNxrLKy/ncnVTc3ro4y0=,tag:I5i+PaLN8uqLU9mKlb8mQw==,type:str] unencrypted_suffix: _unencrypted - version: 3.9.4 + version: 3.11.0 diff --git a/hosts/secrets/caladan.yaml b/hosts/secrets/caladan.yaml new file mode 100644 index 0000000..dbbf048 --- /dev/null +++ b/hosts/secrets/caladan.yaml @@ -0,0 +1,29 @@ +nftables: + ssh: ENC[AES256_GCM,data:BTUQjgRlGhk3+p2uYAyN2X59YzYeBzSuMJ7MZ5Aaugrm360+OTejUHzUYcrqLVomFLe30uF5puXVKQGeCd2RIxQhyxHGPQ4liI4RwhYE2JAtGlAxoZCoHKSew3Rqpk5+fQgkJ4xGwFDyTa4KOKOYXKknrCkLOUc7jYXhGAfwopAMfGqsUFgFJVkJ+zIs5PCNAxZeneXGffb3tjdC17jh2gLdydmhCINUpn/CGKtta7aDqPD0yg1fHeHTd4jhkin0PoemGlBm4IVSv4FHK/P39dhSR27GRb/hqxxrkZyHK9uqx3REEbHGWWGjok2peVpLVMbKIxKU7yEYYJL5zq5/vnb7RsP1+Qrk3Z9ho83qUgOhXYoJVV2c0UrrZ2KKOojOakmkzgwK/FFBhpMu2JHzF5Qf5ngE/CXnOrdutw9ChXUarCUsbMFXDRIP+AgwqsCgOSSPTOgAfyKAkqUqOw0+cR9GhvEVpe6fxIAQf9s6vjYrFCUorsP/z6vDzkLu8Fodd/fkxIY5+nix18r5lrP8JU2LCIfpH3iPE62KgPZnFtUCs+blsgOh1+3ypw/zWB414hQYaEatoXgfUW13xwHdDuyQJBKjCm0QFenzisojfIDr6seDIYKoi0jnot0jU+4n6sCBdMP/xghscn+6oNUIQ22aWGeMVfGOkORIsJkCYHHLRIZ6axvRr1J7rRl1J7NaB1i0m26POe2XxjNrmQ4dE6FIN3ho/1ETv6JX40+95SU/F5skth6MeHwueOLHo5orJsSjYtttYYqL5FqPM6Pz3EQqAh2/bxuKKtDznVCZJgTx8X5cwdjw2uCBNxXnhPE2iRL4wE/udI6B5QOz2nAHYt4mR0QuRARvtbSbVZI6cCd5CVBfqo6DZbXF96PH0Ghgtrt9ZNGxJrKoljBmeogY2fgNpow3nmmoFoEoACxo8+eJp1AH9+Ma88xO0Eoq/jdNFfxkhpBdulDeRdHsf13tH85xqWk5lc2U6HNyqomF1wOWUcpoJf2vfBmA3y/JI2bsLW37OjciRLH4KAbyp2QPZhdILdQRgWTDkrWolzZ3ZW2kiM10q/8PtM/R/Ih2PggVKptJiUM1KFx8R5+dfTzi4sBNiBM74rUu385cuxo8f1opGT1biGBq9qh4t2p81yLeRQOm7iXvtoAE/BEJdlOXBgooXSK76R+tz/0JeQMuD2khbCrDHlY/35a/VphygPSAV5ztJWoHpo6cYezs4yWOotB63YnAWJktdMkNHzsGD1tWYr95u4+OMqWtMogvICyVD3HZlTy6NYlrOeHwthOW8yndpnFhXLh8PgKjyZ/bTH3QUSCmWuPowEMJ4mecWDYYneQYF2wr8hXYRkUlY3AogkNf6rJkMlXzkHxlK+wy4pF6KfaTMsGYIKiSczl+uGYJ/HWxSNeQXzIq0s9/POTs0IoeMdJehrFLQQyslKuxfOZgei7m0KT8nEaRMHQxc2mCBbLIah3ldWip+FOj4ASRDOXAFhKNyj8a+TLx+TrVXAFLOK4PrmaCpgp5IQyfHTYlYTgZlvXB+MywDUo34FKMA4InHRslTv3qpg/qQa9jRrqs0xhrvXJ7UDxOImHl5zxHwHUw/ltJEh+q63Y7DkNWrD5oB7gQKF2z70mJae13DgYzl8ADK0nQG4oR5sKdaH3O1Z+MWwP2+XpafLeWy8nvG7wKOekXR+cxajhN7B/fyTHYI8BHkYaVXyoLU3kUnwAuFfEDRxFj+ESWR3L6qRY1OPOl71fuGcaifKLkr6IM8TJ5x6/ffoGOHeS42aZZ/eKK23BlRMTchVts9whiPgyjTdn2o44MdIASZXeohPdnuIbfptxSH+gdTc0NWZnEtwsYMPPGovQ6sZQ5UHtDypQ96OlRS3xjFTKTYgDJsUQxieAzENjAEdghZArf4Sh4OVqdDiDUzP2YkXhPooPnkq4vhhWld0/zQMkjvlT+GKbNux82KXu6WTXG+YqyQ5KCNcZ8z+wvHlzAFoSK9/Nw+oXS+jpLUbjqbAJ09vEG6fqnA7EjLXSDDv+p8Wcn473Yz9wKp0G+PhVCQHld/FITB0+AoD0FWN7RxZx0T72YDn2vd+xpZ4Hc6MaLlseeWaLOBxe/Si2lPhwFG9ZWWwkzTnMyPd87iRgxP0w/w5NxyyY2IQOqN0EtR0+dFzBJuZfcBMuVe3gUzNhnhFO9nt+MynzVxsCij1Ez5NDCrmF0bpr/TCaiWVt/UuvoB0fQLSMawZ0eRC3BfiGD2L6lmoTv5i2bY997OWYAt7y/ajchk8UlYqJDQ5nM8OdQ4MW6BEKf6/j4MA1l7CsactHDpJwPStX90BGff7WCkx+eZ5XaCza+DE/NILD02XUfRqfYnvSW+9WzMtUEfvou9J79i4iPAsezsGkfI8ZCsg5dCVclA2mbQYqT8+3dY++5ICpvk1r0xyeBGAoThJlbWC2m0o4OmhrGMJwz7iX8uEPVEfwDlLsHVTdmrLirdKUhq2KfwjvARsjPDkCdRQf+uZsI2X5Wdl2yZFa/TdSshbfCsKEK0SsShdyUt7O5aqCjze73KahteWapZqnes4xrrKFQamHo/e1t1lxwVDO66EVhl23jZZZ6B5TdydTnAXoDiONOhm+zfF3mD6JhJrMc1v5fVFA3Eedif5hkwj+CiHSTaN3UERRf6rFb1VFCk7pbsc0xaqvTURJb6Mq1Kom8cmn3oOMJEBRJZLZS9cAawNbMlXJ+AxL4swxTAyl72Rdm1MYRPMxahBmi1OWuUdNXogpHnsy88Ri4Z83TcH79dub5dQCfN3hYDv8HsDpRJwqgHZwK4+Q4PRRa5yyxK3aUYOxRN1jQ0L4F2SaZt26I/j9eS7J4loY4o77Zt0tMzBCFLLV/1qje4xKF/dTzIw+kwJfRWCtZgTN+RL5lINHWTj5t4HVznkMZWk6pS5xexHyX11zu2TsZbEcF0aTbL9ByPJSrOgs0FVyPTajYTMpqRkjz4ZlYzOKwMVDnh/suj13YyC+gECXV8kpgh8CENEc3UhlOgvGrwF5j2O7hwkt0V0tBWNjxwK85/JWUUgR+UrsGTuziUClz3x+duu9+2t4QUjE3e3U6CS9/IEP7B76GxePO/jCf2+tp9MBCT6E2WiLav6X4cnksNcP0k4QNEKe3zBCOpQxBOBnnLe0f3w==,iv:UY/efikTAvIUfcciypnngPj7PhGjccoIeXRyew2Ft0s=,tag:QnYxLwkV9Oo9ETWAqIKNyg==,type:str] +nix-access-token-github: ENC[AES256_GCM,data:9+Yal5PsrtrQmpEmYp48dUs8i6U+ZBl2fm3WMz0ElKbFm8HvWaANgpxNoVUChj/GejqRtmJVkUR11m75Gh/Y4RhRa40=,iv:xffltN4QMFPCIUdVBA+ZzZJwMV1aiR+ZalGEUM6zxb4=,tag:nmM4RpKfFonvGgOMVeT9rg==,type:str] +ssh_config: ENC[AES256_GCM,data:zlEJ00GNq3WScqJ7hFTx4YLfTaEuN+GZF6HKew1vshX2nwqsRQMpumyIgPisl/WqPbTUCU13qAvwTbmN0vGna3WFA376GVAHIN+TzTWGdcaVzgI8wJF3c26k0GpYDvgsxW0QNR9BhHJvEE7ox6o/chPXUNS7Q4AwvD1YuOgQZc2kdBYC5zOZ6Z2/qPOLmVesn9+jbFBGfHNxCu/Vq1wXfCFhZ7+hY27R+BYmGc3uUPYrQ40WZgbLzBpkndxhh7dE7KlYFavJtaaRhnaN7i7/30xyO6IGBpuHBUxnryVwgCUx42fXjYMVe6tfYXsKYAbVhjgrJSwOB5Uf8W7gekr1qSRStROZC/Vnh2Enz3PwWYjXViyrWEpw9jXR3w8rCIQ0NJQXwvsRyEipujxmbs9MhywW7x8zC6txjg4Nd5gBNuaEsg4e82ARic65RQ6q8tvgLQj6ghR53nXA+GFv6ybbDgRuL27ki9wWHCy1oYOS1D58So3+ABAKzxayk6Eo3sQeBHO9bKVCZWwWYwuWtknKWf8HoedVhMUiimJ9MdgQsNEEuKL7g1OTSt+25KDBcnuUqh7fYbNi0AB4kiGTSrExQ7zzTIkKiDO3j0yL3M+lC8WoeBpYfmpuTWcVSYHmjQn8ggybdbEWRY/pdiRNChG11IHGZpS1v1hM5Dw05oGFFciCwOBFS7EQpetOYlKT9wl4Kof3cpqfQUE7q4AHSMkSWZX/t6xCFRv2V6jhSwSpvcf+CMGu+s+ND/kEjKpo/+HiyNp5GhyD6h1oPc+G3x78YVx1WI+wuzMccSp0,iv:8EtrGsi86BhlCrn5kNZSbvIq/D6RBjJ1AAt8x3x6Pns=,tag:OB8azq3ZWpMIZDMQp+ry3w==,type:str] +wpa_supplicant: ENC[AES256_GCM,data:UtDgnfUMvMyDeYLhOTvLYRj6Wm7uX9rm6Iuxg5o=,iv:lidCvrXwm3gCg7eTCLtOyyooDF+9eZ3bYdmK7cx9NAM=,tag:VpLfKf5onTg087n5ZeuWqA==,type:str] +sops: + age: + - recipient: age1rpjhlmc9sf3kcagg2fq4850vcxnvhmrrfggs30jckffjxxr89smsukj0f3 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDRWR2MUxlYmlXaFpsN2c4 + dU51ajY0czg5QmtDOU40YnByV0VWbUpzb2xRCnUwK3Zra0NrWWRybC9TNmt3cVVD + ejhza3Mvay8zNUlPVUJjSkUxQzAzd00KLS0tIEtqNCsvKzR2eXNIVTRvRWZVT0g4 + a3NMZC9xYlRlc2RxU1h6Q3VCUi80TkEKSCs6Y4l0McbmNmN1JX/B4xlk3kCpzUxH + vXCmtdm6ab6xYjPfRXvci9Z3Pxibi+s4hchiUi9EMRJk1YfXrOzbwg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1a9gp70y8576pkvklz2arz6h9ecnrjeue2vvh9mvvk92z4ymqrg4qdqm9va + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwdVNLSkNXQUNpeXVMVkhY + RHlMOVlSb2xnOFJnUTYwTHg4aVlEb3VDRWdBCkIrSXZGZHdYUVhlTU40Z29ROUd0 + ZVhCMzAwNVZ6UDVvOWU5RXYyaW9kVFUKLS0tIFZhcG90VzI1TnFEY0Q3ejB6SUJH + enMwY2xGMkRBNU1jenp5MWhBY1NmSkEKK8cpEKoyOQLEyA3TUqaRprTxbJH7lhur + E2V8leAbO4FLR7Qp3+9ymK1HIO/lcynktLlBHZtJLc+IrmyUguxqeA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-06-05T18:00:15Z" + mac: ENC[AES256_GCM,data:JKzxSGzEPIM7z5QfGZgZBXNUTvLOmP5Krkjt5CCt91MdlLJtksVjMzcMEE4hu+3maLXR0UsXn4W2K6IkMmyo8nU7vHhg/n40WIgeX0J8e7nx51VymJAsiisdijGtPbVovdK2qLjU7CRoKypfDNiV9dYLPbyzpNFKyCDdpbnBJ+4=,iv:MCRxJ6QsNWSfblgtIkJhnqap/qFg1OYzXHUYP137ihw=,tag:szwCMpyn2sWm15BJR16GeQ==,type:str] + unencrypted_suffix: _unencrypted + version: 3.10.2 diff --git a/hosts/secrets/darkstar.yaml b/hosts/secrets/darkstar.yaml index 37b53ce..b9ac45d 100644 --- a/hosts/secrets/darkstar.yaml +++ b/hosts/secrets/darkstar.yaml @@ -1,16 +1,187 @@ -asterisk: - extensions.ael: ENC[AES256_GCM,data:pJy+Z0Iv5a2rZThIpspriCkSYCGsnYWDQvOID9fhuiVc4JUxgB1Q+0iq8tANBnYtGYtbYO0jijxYmWZMcHu66aXQwegf66PQmYNwlfiJWJjJ/T753iiVvqcrnAwA0XL0RW2rbA7cWtVq+enUglz2cT6N+BIwPSMTo5EUei+JzZ/ovqN7E0SLLhgvfmIttqfJOo8OZU9eIYN3XPO3UEs9ezHDTgFIygxdD3xaGBfecoiftCWG6CDFdK0pMgABn8THLqeqigjuC7J4Kmqq7suGSA8eBfejfYoGzxY+9LfiRdGVb+oj5Xik/4Xkb/dKthphl7ez7PkJfd89cXuNtAFO67dMhy9ITlJzrkEqUKl1eMsf9oDzqoSuUjDNhS32uKO3CrhAjzAiW1z8C2gmfMscpUeNnDbUHDjw2isz9Ay5nzapM7m+3hq5D9BBb413dXxu66WkewkOHy96Vg+yO5M2c63BPiO8NfKESd5ij1RtgyQIjj8rlEfjheOa0nLfw9lj9Ohc6n27xvi55WZbZOfdeb34yIzbtNw5pw1OZhQ2U9uexJhLrUpKsg35/TMjQ3/7DkcwacA4fpI4TvfYcxZydzXvDBNEw1cZyRYEVXpIM8FepCGICviVM53cRYJJ9jmR5MC2VQSp8K8WBnBgcNfrJ2CCnfT8mGH8g2t2ZDC8AHHS8P8qRMSfsS/UmAPkIuqVXBoIRb8PJQELDfMLDzHvTL5D2CZ3+UGqB8trHB40wEJ7pw/Fm/910Z0NJS5yUZKCoU7llbV7qyxjVBIv5VU6yj7PZWkyS1t5+M63J/lssnKbohm5er2pH5tZ0cD8XRkOJXZ2R+31t48cJDYFePYO6CbMsGUlRtKYjnmHMT79N7HA7U2OKfhn9ab//UjMpMNTEHEGGB34G+hq4kgvHuiUA/IpvjQ4/D7bHjTFc0S7umt54dsCCzJsrH4pYPLbEXmNnm3XvI++cY0o4WKJvxihZIDg5+w4rYVgK+mc+3x7Um18K0UCIvrvYEoRfxM3eYKS5OkUZ1DLJZ3IZRTttgAppOVYfkAJiF1DkNKpYP7iD2OJuM8BMS9W7NL5tLmg0zlm4zIOUmYBTE95KL/LakpC9tHm/MgCz1vzdGgY3c5cGDAFp2+NOH4Hbh86A96aH7S8gDExCB5ePbHPmJxoHgzxqFgKGJc8hDlVx5E3QZls8l8cW0q1Rxu7EyNKEop7dAooGNoWhyIEGzmgVqKKTgu7jAYV6OjkKlgeJQGVuMfW4fDJoo8/4t9XpPNpa/eI1MSZOgITFZ8Qd6FU3447M0E846VUgR5PnPWcX0l6rBcIilQL3ioRqE9auKNItvZRLdC3J8nMwXct0dplB7yUKPVegqLpGDUXJCe/WBAP8doP1NMBsBN1lSGZ5ZJGs1TF1HN4D0Ucmnyo400Ytni43AGuqvTdTz18DpWxFPkU4XWvAznsdu7KGjAvb3bHCpGn/y43/Ib343Y8G9LcqDWrU05J2ONU+nf6YE9atnF1CwCaP5/Nu9Du+iDYO5Oh9TiDwZ1itqEJN7Bggxru5+QgPFXi8PsMf5Ie29ptoxhCPxxrDMbC4YwVm3Llur2qdWy8rMwDgB2AgAqaidks5djVjbfB1aLQb4lQfsfyfvakU37T4rUul1XbYiako3ZRFs9jLWbRdl4QEuky8XG4Tdc1NZgmenUMtvsL2T+AEN8/kdbbhtnZrFPA/xeRxjDOb3y9K5MM5IT3yPLOgqMA9LRo/3Fzi2xNj1WcN5ZWjvEi0+OyoC2CawrCPPCij/6UOZIeCGTyJYqDoX1zD4TuHvQHC6H9rxUbyjOgkrvGIYsyW2ZgnYtni5nK/irUphA1VoadsXE0gEXJ+jsV7gAUZ9aF1WhQIVJz9fz3LwuLAxoiruM+9SoNANqL5q80+/VTyUsfezY6UG8Hc1GWFtid+OqE8kxO0MS2NnQwiRIc49vs3XotIDnnycRYh4pgBSlt1OH+tKnvhFA9IjMolVMrHjPWd8BOVwWKKalUaG9eouTN6qJQAG2YW3Sv/IOmyXzLlwFL9TMIrg9xO02BGABrx7XctzLF0VcndmszWEbVOsG+M/BiJPkIw8VhFLGGKQbOv4qaPPN/CDeveHDwZLUkUwOBsgt8fmu9UzYq742vQkw0dSGrbEXED5Oln473s7RZH5/b3AYNyehD2uctbtoDai5WwuO6l/3x5yiOXfIkw5pfhj6gT1nzKXU8PdsbnBUx6cEYCT7QZLeusyO6315WH1XGcu3R636NE8Lz2/UpmbRD4OdKHC7jTGHFuo1H+doxisdWwDgmsxKxyIl99WW4ekMKw5L6VCrng/TyEtT8lPSDs777H6vlIofDScyKOSB7qWTIYIUP4+iiNKiW8xem+g3fYkylG569JFsNeQDZDs8MDib9LeMTT/55mL7Cl+p8nlX8JHfEmYJSlbdY4eWQtPkfHbcnVtr724XIZvDY68ocPskRhUUw4CXNNyV8XFKb01a1Gl7gYtzx76dTeswBGEFNsBfWSj3ndLy0TviwkI3hz4miEsr78t0nYRpGv1Bb3s5aUfanfDEz/JYwg12jKvOumjr+BytNfDwjSMTbYRi/D81otS2b12EunLfAml+Y3ZSojD1y7iYYpgJ2rpMfz1BWfkTWWFjV5Dldq4lY7RSaoQw8hl/aeD9kaiR5beOyAQ9EYI+VFnPK,iv:XJjhLnUgf1cc9O50U4Q8Pis/ZYLg5B9U7u3eDuDcjeA=,tag:0ZqdjgYNMsXcKGIs05PGvA==,type:str] - pjsip.conf: ENC[AES256_GCM,data:rVtOAj6DiUDAlM7m/E2h1EZvsrabmDb9zD8fQPvvTITTQ8WUwwU6etJm3CsnrfskyctnJQWqs2nQQol5ZtS8Mgbr9CGOsk9eOvAxQJcjvkI+tJKl/d7DEVk1XKI6jV1X2Y8klJlHROe5w9N2zzdEfDbWIBUig0Lc0T71eAzOEhR/9QxQD0OVoonk0AuG8xRa0vzyYJEvWbOeqrxiM74RlrGThE7U/+fM0rS68Yy3PdIVnOnHtlz5v//ZGcNGYNmncBV3W7avnlCRV+C9b9WblkG3UXQ/rkXI2nNg2BaKTa5545kjyJsuIYPbD3Mx15oTQaBhZo8KKAO7ZsfOGWSZJ13vdx4xnub8S63QDWEgwx1UzjoTCsnkBh86BFWp+xk+D5XDk4nC1qqV92Qy33d8R6HJ241INwxPK6ZV0X2FG00mGdpMzELDuq0yg1979QlIHqDBAOoYR4rhHSYYKCqKw9cXsURkqsz/sOqsb1BFQRY6+WsvAK7p9seiw14E9glPa0OkjnQcA7JjhOQGOvoz+p2UiygVDnJ/H+MaGseUPTUZGm+Moa442/xJAUpj80wfHxwOAX9kdWjOFBXBn2A8u/cmO6cdCQvG8Mpx57eZg/CzeqmNMGcjAi9z7TtWN3iYi3TxD25ZFfo5XSgqOmgKtI94Mt//insmLFP4Q3l4IHqTpZj4qQDMAtocShhyhDI49exHPQ2lWiKMlBtQ4OAbrYOVrVk3oHgJ8e7rRWZy1Zlu9UrfTEO/sj1xvXa/9mvJSpz4nQBz+pKyjy003VveaJpvjPXkRkhtLLDX4Aw0K23fWt/4GQEJIG04w1sJMHu/s5RIrP8bHZKjezNYV7Brvvlna4xMahSzfg3Z5cvOH2hgNKOoFglmGUqvWyeDm4CCepJ+WJ8TYkwIEMnjOnCpb+OF+uXwYpqUi2DD4pwzmEuSagaDBtTAuSIgtkSupakpOdQYhW3UN+keVcu7reBVtl5GWSVfviZ9P0Vyh0Zvtpg/qMTWipr3qjvtIBauT1ChLxW3lQ0Js7rTOOJK6uQ0PPv9MmgVTvAMTO37LU5fmJ3EGfTWuBSwvaDMJAvhQpXWG2PYXc/OhPBhA8dqxUhd9nmSYlHBSdR68ETftsViQaBoOyGEcjOZyTnM3GMQAlnX2rLcOm2KaYaJbQ+lksTT4eye8A9JY6YdMDrSfnkops+7ECJgqYY00xFI6bg0+C0p+WJtWk/YQuTDwjTHmKBfVIMOm659EzeXC2mq9j51z8jX49NfQg6heQYGad3W273P4El/As7Lm1BKG8cKHTo2yQKEcC9coYrRUcFS96b82sgCX+wPq2tb7TIHB7nMjuGc6oMQwQY6lcimzwlO/1r0HpCUhU/p3Sp2coyqgRI5WqczI5kqs/9pm/owASpGXOma7/Yw27Q9z4dDM0rz2mM794XpsCF2JxLd5AwuV3N9YOqwOWCkt7XcveKqz0GPd/l0RBHi0Nx58C6eWhbGSUK8lM1H06Pw/0fkh1qJMtpPK1+qqR37jBgktyVi941Ko/7LK4DGHk6P2+BsGNPrhA==,iv:n0S64/G7Pm6ZwszDDFMR4qvugU9+HhQDfptOv+KGkzE=,tag:BivicBQ1kjWRj7ZD1c26Pw==,type:str] - rtp.conf: ENC[AES256_GCM,data:wRhJ3O8qgECEuMX4mCKKv2igiMxTJS6p0IkgilBxPU7sdFsy,iv:UkXcVOwRDlp7s0+u7QbQ6lGyaJq2JO4YaYMzphOA9ew=,tag:iHJXCC9XAnaQc6qsCTNEYQ==,type:str] +#ENC[AES256_GCM,data:koNrUwSd8yki,iv:OWn+BvvlDhV5g0aT6vj/XnJn0yBpPEzDe70aEnGpPyE=,tag:nwaIzDU9e/VyfPRwigH/XQ==,type:comment] +#ENC[AES256_GCM,data:Edyn0TZVgQvmf4x4K6qzJ6OQtMJP,iv:JdIudLJ1b2qzkAo/tkbG8t/qubeL7v8Rp2yWy8CgRPk=,tag:WGUU4TgHa/qxf5d2d4oJMQ==,type:comment] +#ENC[AES256_GCM,data:kuWF0wpR2bGcP+mjurtCvNqhVpuqO5DYNLs=,iv:2JuLlQ5oS5hR1WGn+wMtAvOysy+23fvjG3HDncLBokA=,tag:sxgmrNZb3dphMASAG7lQig==,type:comment] +#ENC[AES256_GCM,data:6E+vU6uKweNZIpnLsk1R4wg=,iv:WMZ5gi5WKA2jfYV76Er5Dn36C78xVTXBGc+sLz2hltg=,tag:T4y/os/1pBwB8m4lt7aaYg==,type:comment] +#ENC[AES256_GCM,data:2aGKb01LdNLdJdh6hFPsiK2qnUksBeHFL46aeA4jcfqFT0/eS9OTEPrlfZAIlw==,iv:MV9Rt5jGygcLC4JTIMBR8FhEcKQ4hzyXWxWHgPMOnN4=,tag:y9exk7KSyz0VvbBZQqVTug==,type:comment] +#ENC[AES256_GCM,data:Q38m1R59G9HHQD3evNt0/OAF7KPLplLFF314GuNA+sjYZF06npZ7NpErJ41KjCi+o3sG2pAe3/j9,iv:4XOVyyHdAeL8pU1Js+4h+y3zvzuf/R3EpxNoHcU3nlQ=,tag:PpEbr1HOOAbSR481orm3wA==,type:comment] +#ENC[AES256_GCM,data:BtZh9+LW8q30LlMIeTeFo8s=,iv:pVC17w2XK4VpBDitwhW3BmO8CzuxWPYEUkSPIMrxa0w=,tag:Y1bLSBysROKPmmmacCcWdw==,type:comment] +#ENC[AES256_GCM,data:Yr3D4deUxfCfnx4=,iv:zcZbgJVH1JQnsA6Xl/tMA+v4gSE9f/UiGbDLOiogMWk=,tag:NTq+vVoA3l7gdfj+9ZUeqQ==,type:comment] +# +#ENC[AES256_GCM,data:DPNZCtKsvt2TbTpteOX5uh7P,iv:JQJrcv9uptD8cqMGv4DLi4YleF5Dg6hhU83V6vZfe18=,tag:FjEx6Lwj/0KHubeZcy62vg==,type:comment] +#ENC[AES256_GCM,data:Y5fUERk5GxkhMCe8pdyEuixXQ6tmz/2vsRmEBNdGrg==,iv:QNkZBFqg9lsTBcn/HXb5EUUOT5YtLk8cR3tH53BxcD0=,tag:LMpPZwdcUouyOLdw/QwRrw==,type:comment] +#ENC[AES256_GCM,data:1uSrAoDFqpqXWixv+YLn5nHh4eH+8sYlzpq548Qlk0mu0w==,iv:/4OUiMVim9Jr43+JpR8j5HEp2dKKr+2N3mnip0B0waI=,tag:fw358ATo6qp7Li7PsAt59Q==,type:comment] +#ENC[AES256_GCM,data:Z5ZX6TqSYcTaWx3ouOAY,iv:WF0YXeAYglXQlfPStMilAoVJznJsRoMGd+QnxPWs148=,tag:kVLnxWwiXqxmhzxRGdfYVA==,type:comment] +#ENC[AES256_GCM,data:xRp4e2j13CHZ2JzmvtO0jlEfWPsvaxUAw0toKtQWy82JbA==,iv:HxAk56MKqQkw6gAm7LskDWaCfF+ZAOi+XeYHkOBO6bs=,tag:MIwUfICkfeyttb+JGlHwmg==,type:comment] +#ENC[AES256_GCM,data:RrLqfa8+bWIo3ZF6TsH2+Bo=,iv:ByDQwPS2qDqLoHJYCfn8rwZzeHrNs00LQ8vKJq//Jh8=,tag:856gJo8SfUeZsUP5rXKumw==,type:comment] +#ENC[AES256_GCM,data:GsTl6zwg5d4UFkU=,iv:DSDqA2Lt+p/CnhPO+fZXDDJWy98wpJXV6V8SbBpokyA=,tag:fMUKuDyZAkyv10bmrl+hlQ==,type:comment] +# +#ENC[AES256_GCM,data:xeRqstRJfW6jLFimzF7Sdie8,iv:9gPkgr4udNSFHI/DeNWWdl3N4Jbo7jUlGcacXzYUzUQ=,tag:bdtHw+giVWaIL0uxKqSzNg==,type:comment] +#ENC[AES256_GCM,data:o9TKPq1Vqvl/KKywfIZjUc8=,iv:vWKE9iyf7uqTgngeYndKUr4Llvy02LOJZFxF8YE+IwQ=,tag:ts75yi4yz34i8wcz22yFQw==,type:comment] +#ENC[AES256_GCM,data:/HLJJlGoDkfRH2R3PQglBthL7c9AUZ9P,iv:zNwtm2hxMuWofAzlWmm2dRTVsfEdKgzVshlgiMUORoo=,tag:y0b0C9TKjTLmrso6nIBYYA==,type:comment] +#ENC[AES256_GCM,data:8dShCGz1B/q6liBoq8r9sV4=,iv:3daeyLDLldMpW1dS7IQSi7WKqePQz7ZucxPD4Q3s4Wg=,tag:FKtgLRN/1O+8AeGzMI5qFg==,type:comment] +#ENC[AES256_GCM,data:tVwliFSYozYM52o=,iv:FnUA3+4XJuyza/H3THOWz9mAHic69w4oczMcWKc+PwE=,tag:tw6onP5xt4GL2XcC+Cq5Vg==,type:comment] +# +#ENC[AES256_GCM,data:N4EhOl7yEqT6DQRbmBz5cnkxYQ4=,iv:H9z+ZP8vvE+PTauAAzg43pVaEjrLI4nLlIe4ni9Keho=,tag:wAVKSBEk5sPchGegUXjB0g==,type:comment] +#ENC[AES256_GCM,data:AZciKcw/bMIXHjTI6lRcl5xPBg==,iv:37TbQSCxbQPy9hkA4msaVqBwHMXJk95kZuM8pxEEGOE=,tag:e7FkGKEHY1ZHqFMfQ/jlJg==,type:comment] +#ENC[AES256_GCM,data:/WQn0wHchGLYUwQ3RfrJDiIm/CZFIkJROzBlbsf9LlM+k2s=,iv:RzRlSNosNS5xlRpXibQdcZ8bi01RDJs9mdoTBdUzQvo=,tag:DuE6htQ8uolsry0haNzzbw==,type:comment] +#ENC[AES256_GCM,data:NlA8Xz96TJJVNlhCCYqeHLJwYg==,iv:sTQ43in92gD2arVfHX4UrJCIHaX6rEAWcWxsCqnhvU4=,tag:vHczIYGp0WyPm3yH5FI48Q==,type:comment] +#ENC[AES256_GCM,data:X174VF93LZr70A+1vg==,iv:laAgfLpCwzAez03EN3HXwKzvfwbRECgIzpQq7vz+hXM=,tag:9ldfGGjnV50B3O18kOESaQ==,type:comment] +# +#ENC[AES256_GCM,data:0Y+K9H66/y+mzZM/Zf/i0DTr,iv:AN4wfSg7bT3dDHIJDuknE6/Imnd+L2inSGKNCEbSx2w=,tag:fbGNSv/Vr33jhVD5zkv0lg==,type:comment] +#ENC[AES256_GCM,data:hZN4Q0NdAp0h/4JPem/73VI=,iv:Xo86Epq3Whcd/dJGgsAqjWcfdDFuYaGtVA06d/Vik3o=,tag:tkJSkkrc9uLGl82Cwa6J/Q==,type:comment] +#ENC[AES256_GCM,data:Y0jraJtzyWQEYaikZCiNChoWkNLlJA==,iv:IG3CjUidzaq6VLbAfPQWAX8cd6A9rBZv6P5G8REXl68=,tag:Fkw7NewUqxDOTdXOfp5J/A==,type:comment] +#ENC[AES256_GCM,data:vJBYw8KYp4ET5VQQG3x8CmY=,iv:iRQS+eB58Hf9/aXGHHKc/N+yMMQNpvA0LyBlP9pP6kM=,tag:WB2SX7FHqKHxkD3jqwu4QQ==,type:comment] +#ENC[AES256_GCM,data:DP3cG8SqADmGjJ8=,iv:jt7aFHphO3kPK+tCBHWu5fZOOpI9qZAlXZYa3Tc/GvU=,tag:Zi6xriNT6Rew7KSLxrnxvg==,type:comment] +# +#ENC[AES256_GCM,data:ER35lsO/pWxe7Y2t9+CMdglM,iv:sYp6UWwkoEbqoKXscCwTDQhtkaU2gBXYFc04grB4mRA=,tag:J9UdyqtuLuVoEUE3pWtuKg==,type:comment] +#ENC[AES256_GCM,data:kubz/kXTQoLr8X2sHGEhovsF1W42HTs8hn1LI6bqViIhqcDe,iv:rS2KoFeAedKtFCOAZC50LSqPTPTzMaIHgtPWoSMLOio=,tag:z/IR786mgxtsSMsrjbBWyA==,type:comment] +#ENC[AES256_GCM,data:J4eVKfcyNnj4qs7U93wmWG7ziI2qAf5wrbZMFW/kiZYfIGzP3+4=,iv:ZDI5USiPw6vETDhCxF9s8/II1QRZ+HlXgHXosVo71nY=,tag:OPHrfgB/nqcfHTlzNW3UuA==,type:comment] +#ENC[AES256_GCM,data:BY5yJR2n4c3pN7QU4JUvUh+ZWfqLdaenLvSSyUXTlx+SXJUM,iv:o/NdY9URIt3FBrUfrbfTgBUjGDLXPNG9flDaoevk+tQ=,tag:hdo9PJsSyc+W3LS/N3t6mw==,type:comment] +#ENC[AES256_GCM,data:RFMv0U1PxQZGY92iQlVk+us=,iv:EEBhxZu0QOAv5oRM759rLGcpZH/QgSV6EYXiCEG3Gik=,tag:0S+4dhitEXzrJKdv269hWw==,type:comment] +#ENC[AES256_GCM,data:J35+o84yGofskT8=,iv:fvX6/RM/PLGFJGvRKeXgyKlXvpkpC1GdBfIzUQlMlcU=,tag:YgXIBP6er+lamAPgASFqxA==,type:comment] +# +#ENC[AES256_GCM,data:V+lIr2vZHQbmdHLElWrAowI6L3eHsAaiwQ==,iv:XUllNkux54jqE1B8Due5TvdSn9WDKjDnJ9x65bzTgqA=,tag:9coS77Zp8/3PhRW0DlxIqA==,type:comment] +#ENC[AES256_GCM,data:8OyKTUeTykagBB3pp4v5RoPs8faabv4/knp2rT2ybwHGf+hkT8InH35FsP040oSCMrRpnY+pOOI24k6YtGtg4ciPBXz367XQk5g4k9FQbTN8OGyXUsC9UTgSE8ezsuXftyuw81cXIJmmFUegaGCS6lngCTNEonG7HrXGMedChl6vbw6cGDdyzHQ=,iv:063MvIh0K4FRmhCeEKODC0mzXYA3xBfj5Vwr8N2F78k=,tag:n5vrDhj2U0+ihYTzpH4mbg==,type:comment] +#ENC[AES256_GCM,data:zGB7GHhzsrYpeCJNqGA1EvBLyrUmWC0PnnVChc3M7M8daVpi0EwXd5rDnsw=,iv:MjfJVQbTcQ/CBW9OiTe4B3LxUdoWSxZxutNpd0nSPuA=,tag:/btBe0uUdm6lT0qhuh2ofQ==,type:comment] +#ENC[AES256_GCM,data:rvi0Tei8aDONEIVIf8bFT5/9MB42cOkCUPDCOfCIIhBSBOPJgp/gSc7fbDyxPcltGKPmy5PZtQ==,iv:mL54m/JnXP0iCcXCVcqzDQtSSbzStDiYFNfOqh2beTw=,tag:b+KecBxOElBhSZO+09pXdA==,type:comment] +#ENC[AES256_GCM,data:yzLts4nuFJ6B2A3lOA6dd6C/dc0=,iv:eniXHvGrRVY7wsxHhBUmiXYrJRDn32GpVguSsivBH/o=,tag:m0nP3PQqomIoqFU59qSMIw==,type:comment] +#ENC[AES256_GCM,data:SbVJ/6BdZ2cUhIX4pRSoOFwNi/J6OEHXNQ0Y9+iaCpX892zAFTj7MVAEpwQ=,iv:zkUDjDAySvwrB+osSk6s8v0Xp2uWb1WnN4zu+ATeW/0=,tag:SjQxtFhDdGmZfDWc84285g==,type:comment] +#ENC[AES256_GCM,data:rsMLM339Ng0J+CSd8eI+0iJKEFAa2+TbpLYAFO9lD94vGjrRp2TLIYY3XbgCLK8qgR5csVCd5g==,iv:/Vq50LAtE4AgYP4hOR/TogL6E/PEiFmeRj8Yn5kc/y4=,tag:rcoMCfsY5aefbzycaLcCnw==,type:comment] +#ENC[AES256_GCM,data:juhPTHtHltDDPQ+0vxjAR+gL,iv:aoP45LG9s12qGON73w5g/Xo6fPONZKfCWxVVXiQVGPE=,tag:9grJnf3UrF7Ub3QfmvxN4A==,type:comment] +#ENC[AES256_GCM,data:hrrNKoeKYAlV8J9LCwydZai+9zgKB+pJY3gD43pqx4zkhDyi4ZNyiLSPGwc=,iv:CN89Sexq1wCBlNDiJLKdl87SrVAuE6JbaGZSl4K1Ibg=,tag:OfZzeHg1kM14bWCSlLvE/A==,type:comment] +#ENC[AES256_GCM,data:zrf0HtyxuVfKn6auS27cGX/wboqSzqPZOfdS5cezquL5ykJeCFNX2LYGMHi/Ab3y3o3Xup1KiA==,iv:nRBJ9/YXezSMbLZVI3wulLnhFs8worafDNAeqnpFAXE=,tag:RudcLVsezIkjY5ze86P8Fg==,type:comment] +#ENC[AES256_GCM,data:1NbfTZRxDxoVVlYGWiFbraw=,iv:Gsnnpuu1m5yfOyogbCBzJ1FIZyjL8gRqRSyj5uYqBZs=,tag:DDw0PXGPdoU9Dy6CiJQOuw==,type:comment] +#ENC[AES256_GCM,data:Be5ykZ9sxAHz7Bk=,iv:3QA1EiCbpagmNOqAhyoli8A0nQWfODTvElECykaJqPQ=,tag:ZK+GpY7b8rKw7Yos+FOpOQ==,type:comment] +# +#ENC[AES256_GCM,data:/9VfkNKqAReTgTdSvQY2JaAHsXtumSrQrd8=,iv:KcUHBGVlMyBnddeOI9TBWAv+Ik+he2bLp53Ddgu0Zcs=,tag:U/imF4+lPRes1t5gUpD2XA==,type:comment] +#ENC[AES256_GCM,data:CtP3PL1Nr2unz/SQfTIKynzflv7X42i2gJBqmsM2kdoh+q/j3XJy0Ry4Dd3wqjMk/vtrZGFrWdPoEJ5KrYvN6BvdzUzzNhc6a7YuqXkFsXBRipGw66dpm85RJ8aQYgWu1KqPRPoSnqSglAWLXBF+HzbIlHSuHQ40HVLms/5y/u7cMJgCLRtyN6c=,iv:Z4eSlo3EGDMx99wBeyhwWf3jsFWNHwWa0Or1Mln3LF4=,tag:7+p+T8Ud9s/5kLrRBEXhSg==,type:comment] +#ENC[AES256_GCM,data:wBpUUVRSQImQoZDKHuUIbNK+bhKv+YHjh2Yqd9QW77s5XV7LrRMfW4/ZYQ==,iv:8DKM6v/mSgNtIeFC3YEn/YfzBV8gQNp+k+C2GXsX2oE=,tag:25hDvhgm9DPJAqSI6bvZGg==,type:comment] +#ENC[AES256_GCM,data:PHwWZRIhodwLWqmpcEdWQojLzEBM9ots+X92w+SUpE8C865cslcU/LTRRlB3M/bnfuQpK7Ac,iv:Ng4jmfoGaFTKViTp0FXeQuCIZaBI7FdsYmsCzJ9LVyU=,tag:BipNTijyXeq05DSdWwRVag==,type:comment] +#ENC[AES256_GCM,data:bYxNetex17+C4xJO6WSMxbHH,iv:9WhdhpdcUh324as7tBdd2m51mv1/eEpIELOoThtcuVs=,tag:B75EaPx+bVe1mVew+UfulQ==,type:comment] +#ENC[AES256_GCM,data:AhoWpnxWgOeeU5s6wL00L6reBcpOtV8irwVd3fAEe8DCreEPBnqpwGevwg==,iv:0UWv9ucAj9R7y+QUEr3QFn4GqS2UoRc++xSdsAErDXk=,tag:kC6N1fNTz4YmSsMuEW6epQ==,type:comment] +#ENC[AES256_GCM,data:ov4K0cJSxxE/ENcaevRXJV+jAfKGKBsaXvHYgArUtVHQbepWpGsJfCkppwwvVcEyTAfeUDNO,iv:i/CRlQkyUA+CF20SAA6GbCTBnHpRXg8qbOvOZoR8XEE=,tag:abAym0hWQ6wykamhCZtl4g==,type:comment] +#ENC[AES256_GCM,data:jSJSXRF/DEnonOg+++gcFGkr,iv:g1o4qexYJY2aev/5qMJEyMyyZGO4P1Guijl1V9q8y2g=,tag:nLYnhoNuxkbOgXnkZTrS7w==,type:comment] +#ENC[AES256_GCM,data:2ID1+ZbUX8wEPtZEqgRY9WueOOI5vD6UFfK0P6npXgfxmfvGmB+e+dnt4A==,iv:u/OM5noggVYSVuHhc+tKCxBiX+t6PSHB3EKERkfhmbk=,tag:Sl3Yf1iN0PPE6hvWu4CyTQ==,type:comment] +#ENC[AES256_GCM,data:g0k+f1bApJG9pLPfnAur6rny6xMfI2K9c2X9gVp6AQqHj/5VSQR9vSpF+9Ng4rS/12UAZWfT,iv:NNquw+EnBevv/5sZFsClfbo/4n9W8guxBnaEhsiP5gU=,tag:74u0ii9UIIbW2+IQ94KSkA==,type:comment] +#ENC[AES256_GCM,data:RsOaGh7pe2N8dICKNpwLWXo=,iv:6Jst/NIF0E5mb8vnsbGFen5WbCcBPKOhjguja6EORes=,tag:DQlmrUSy3QZDPWIyOg3Sbg==,type:comment] +#ENC[AES256_GCM,data:LzSQ1zgetryprs0=,iv:0vW+cUM3k97Lrbo7hF4c01mPbeovrOwPAUwVzz7thcw=,tag:zt0DteAxi4W4mfkdB0mkYw==,type:comment] +#ENC[AES256_GCM,data:MvQ2a5TWmqN4Ew==,iv:IPCYJBFM1x1s0jNITUE42TsOJMX1nBl7tYnfkpdfvU0=,tag:SVherXXtjrVwZGW2azmLXg==,type:comment] +# +#ENC[AES256_GCM,data:bgc4f/2RrR2dW5vQjeyNePgmoLOKmpIqzVM=,iv:H5uenlSITm9wl6Hkk+91yG2J1II4U47ROIlGcuZEhFA=,tag:M/9/Vjr6sTjKbLeyqnyE1Q==,type:comment] +#ENC[AES256_GCM,data:qEWa5Gzr6XseeEs2sYkoXE4TM8n3uccR9Q==,iv:3aWgaP+TNUBNlQEAnrOg/kvIRHyptkkB9h3a0dWuViA=,tag:kPWFT0XG5LSMrSD1JIhOUA==,type:comment] +#ENC[AES256_GCM,data:Q8g59UA+ZGRXT7Ygr2f/obZDP8MHXw==,iv:wgw54HCMwdJQ2p+OP3BB+Qh+v/GQvhquScYDgvSAPCA=,tag:IB26ffBNOJCX8+2Sl7ElEg==,type:comment] +#ENC[AES256_GCM,data:uRxOKL32JURtb+/XE/mRQ+CC2aYWWxR98p7AGyUASd/jFnJdl4aqttVvKabuMjvKWrsk2c1xD734Dz5tMsclT8OB7lPNwwpGp5g=,iv:jA0XIYjCR/4+4OjNnr+KSt7ulliDa9w/2tEPD7GlHo4=,tag:iOiTfLnafUH6VzrpsgefKw==,type:comment] +#ENC[AES256_GCM,data:+g9BiEj/8FiydQxDNO/Fche+,iv:1NkNgP1QxV5emu1yHap9/srF2tt2g/8jaXhnE2Uz3F4=,tag:OhlBkyyNkJyFPhyf+jiKkA==,type:comment] +#ENC[AES256_GCM,data:9p3ftfRZnvlhRAYakQbmzfr51QSeLnD27Q==,iv:Tk0N4HLngjY2Kp6AnHlSppo5JS2eupwRm27hEdXdYL8=,tag:6Em3dbDs2xbC3kk6Q7Wcjw==,type:comment] +#ENC[AES256_GCM,data:lueEj+bYuJOB+l3ll6OhVcfSz1wX7Q==,iv:gDRtIVAtaDAvHUcK/xjQgjjo/AZByRuTR8cXCapgZXo=,tag:dcoanmEDgtulvJdtTC8iWg==,type:comment] +#ENC[AES256_GCM,data:mDV8VHOVG0VSvqZYNbjDB162HEHFQvMR1oP7,iv:zjBquqa8ACwtNKbfXGVhxDlCHsi45ZWaq/F0Dtxd6fw=,tag:whdb/WADQtESImE4jImwOA==,type:comment] +#ENC[AES256_GCM,data:qZ/LnzbeDvj9f3QalSd2OwuLEsvEfvOTuiy9oQ==,iv:5OBekjL+y5oR8L9uaRLXYcZ1yQt+Sl2jPCiNmRv90sE=,tag:IPk79XfIFTdkzb0NxEnscQ==,type:comment] +#ENC[AES256_GCM,data:0yd/4Ctgq/lil2OBtMLIopj+T8hdRqbfq9AyZw==,iv:T0qg+Ag/6UycUCOyauD4oj92c9SUocmTDKhxFYCPI2M=,tag:PcQFljhmdPb3RkkLOXjqMQ==,type:comment] +#ENC[AES256_GCM,data:aFzpb99XER8q6LfKb9SEVRDj,iv:gFu6HVrHmgChKi2EMc/WdowcqktML0KtuyJdJhbz5rM=,tag:/f1qElxNivJOzb7SZRqi9w==,type:comment] +#ENC[AES256_GCM,data:imSHtr6vBCS5aMBcPQOfMai+Sbh28jZbGUfzo2Ye1KBttLmV1QSJCA38weTZ8GahzKQTlxaEnG24BmyTs9UN,iv:E6oF2mW8g+03q+F3vUfsklLTqaMo+qiYC3B/lNPzhaY=,tag:0mxqqVsi0ZAT5EAhLKaKLA==,type:comment] +#ENC[AES256_GCM,data:8KHxrv84NgfoacA=,iv:vlt+6Qmgw1R6v2KusPIFx75xFqufcssB26ovo1+6Zrw=,tag:/bG32rIh2gG7dW5E6S/aLQ==,type:comment] +#ENC[AES256_GCM,data:R+t85y+viDb0/R7JuyB54k4=,iv:mBVQV+tltYLXw+foADu51N5fpXrqF7hYLG2OiMbWZ9k=,tag:xeWXnF7TI+kiehZIEEEcHA==,type:comment] +#ENC[AES256_GCM,data:qVn0Vjo42u31sKE=,iv:2453HNpZLxnJasgAXAyjWx4BK6Y2IguwdrhyagV3b0k=,tag:AJXsVweXNiQ6hiSdRD4rvg==,type:comment] +# +#ENC[AES256_GCM,data:870a7NWcXKusP9tkmjpPMH7QtNL5EuiR5A==,iv:IEGuYGVk7rVi4BF3FQITwPAe6nGvs2t0GYA/UTl4Jdk=,tag:1cvq8VJ1VbxXIeCEhPK9uw==,type:comment] +#ENC[AES256_GCM,data:6fr6msoUoVJIJDgtL9otyKory3iWVA==,iv:vVt0qCnQyZoYc3Ncx5Z8YHGkBLJxADQS9KiU0fvANNM=,tag:MJkLWWfw1O9Jnqbl/6AoCg==,type:comment] +#ENC[AES256_GCM,data:tWPa6UdPoYRiVElPbYNv/QFYloJpkO/9izm5DMflx8KWSYNUZtu8QmLvrXxmEpTd3AEicr9ZGGaTdMdwos12xC86IyjPsLb3JxY=,iv:PGWtqsLB/0xMxgi//0EsZo8OxqlJrwD69JmY2KDZcHk=,tag:6GO9Lkjp/Egr66AZPS8mAA==,type:comment] +#ENC[AES256_GCM,data:8pSWxh7uUisOxbTYqIsKYiX+,iv:d6q1eQV2ckSU2vOzqrvAZ+Iluc9o7+ZMhIxo8H03PqI=,tag:hxnlfCBr6gZg4NvJ4q11jg==,type:comment] +#ENC[AES256_GCM,data:FG9YA6i8HJMNSaTn6R8PV/edKZeAHPgEwg==,iv:yOFVYMr9ZPs5z9n2A9KStZ3fhiyQhJpMui0huSfs2Zo=,tag:EGAtYW1uc8Bbj4EHVofhQQ==,type:comment] +#ENC[AES256_GCM,data:N0vkSW0vD0YL3jyTxJWscknooIt3ZA==,iv:0zhhzYCdNFp8HghxrL9Nu8vrRHAm0FVpSTWBQWxowgc=,tag:DDkE5xue1051732fUMt0JA==,type:comment] +#ENC[AES256_GCM,data:UIGa7jpdOB4Lfv5JsbjlV8yeh8pDg5tLZ9My,iv:JAGqvE7c43pWRGpwRS5qjEjRVrnv11DESCaGSzarwHQ=,tag:zGKKpmNLjXFDXub7Z2AiVg==,type:comment] +#ENC[AES256_GCM,data:jCt4qMitq+meYz8hlM5HDfJ9kN7OM9CAF/aY9A==,iv:BFkU6fr827X3dDSig4KXKvEceesmWygAGmrBXWwCxrY=,tag:I+z23JgupQ6UHYJzE2Oh2w==,type:comment] +#ENC[AES256_GCM,data:rhBzSaTx+gPSWUepEbG7d5j01MEPJwcDNoU=,iv:JmqO8MvpeqlkSboWuVAF80Sn9HsR6yEjKFJgKszc8v4=,tag:jLpagtpfGQ9rv2faLVDx2w==,type:comment] +#ENC[AES256_GCM,data:FRlvrmXEf05F6PgENUZVaC5R,iv:Hbb3myNwiWlcG78aHWWe5az3HpujpavT0imPVDERA9g=,tag:/Ala51aCehpJ06/Nq0Aqcw==,type:comment] +#ENC[AES256_GCM,data:AdmSotjFoQ9HLllJfVhytPR38/uV7hggeQW6oeJjezTWPGdjetkftraYS0I2oRz+cCepsBNyU7V6oMU/IKKm,iv:Pab4QLtgCN/njzl5G7tUJiiSHg+TCK07rlSPobJnPr4=,tag:e0crhizVQlOayutG838VvQ==,type:comment] +#ENC[AES256_GCM,data:cw4Ng6EYpc4dKxc=,iv:4TrHjJygdOeijK/2vJQQsO3lGa0cVyCsSWmRSA/XSt0=,tag:v1GDX3qiYyAGgCpUVEarMw==,type:comment] +#ENC[AES256_GCM,data:qQjh6E7jme6LAUtb0kkzpqg=,iv:t3FFpnb12Hi5uGe+bMqWB84mqMTBZqewGi/fAEw+noM=,tag:RJu/O1TA0cy1xCjFuSYJjA==,type:comment] +#ENC[AES256_GCM,data:qTlNeSq2WkF4dOI=,iv:6ymng817HTeDds0KuW208kQnfarE7ahBybwyHitisbM=,tag:pAycVFy95ujAkPODZOExsQ==,type:comment] +#ENC[AES256_GCM,data:UQkM5k5QfJfoFg==,iv:0TDmGDUADCnYvIJf8cz1tD15zGevTEUPTfcFyWPuhoI=,tag:vo7JDfr+UlrtWLng+L3O1A==,type:comment] +#ENC[AES256_GCM,data:/b7HzhZiiuEifWiw6QtQ0Gk=,iv:32tJRHd0pqs4B0Ut5yg6CiIINzGxQczg6Ka/ZN3XQAM=,tag:BuvitctLA6QuM9L1+P350Q==,type:comment] +#ENC[AES256_GCM,data:PJSab7u1SpCEJ/Vbek6BckFjVMhoYjhpZLwsy2Q=,iv:nSguWEO8LZW17AhSwbY2QgWf14iLnL3SNxDbP11I6s4=,tag:mZpa2HC9eploCJRRfYQNwQ==,type:comment] +#ENC[AES256_GCM,data:ncqHrtotQtoXlVLzQ17WBVdlA5CP9A==,iv:SrvHjpSzyh1hU4mpPbtnej4WJ5+WP2C1UKxFwiYxSw0=,tag:TfLM8CJEEeAoItff6wSZmA==,type:comment] +#ENC[AES256_GCM,data:HjCAmw7B9Ah1/pVwxb5rUXqy4Pc=,iv:bDD9cKd/imH5+iozynxDgPEoSEIIphjkfwCZu30qKnU=,tag:Us5niBmVRaXPUSVGGwdHwg==,type:comment] +#ENC[AES256_GCM,data:4XnKVoC8z/uu0BVlJipyv/l7a0ZNdQ0V1xF3Nz1qN8M=,iv:A8FS4aUnMlu3KibbM4HSaSmbMSU8LsPzivzBNUvUxoY=,tag:rI0q5sR921vCGWk6yL+pyQ==,type:comment] +#ENC[AES256_GCM,data:jNXvOEztxrltP7q4rlfn3GMCNqTJgSihMwN4rq8M8/f944oxTrZKX2TR74w4,iv:dTDRhG9MZYxF8GAeVUUHZqKtwbmLkvoBZkaw4klIRZo=,tag:R5OOeLPX8ILVQ3blZeSp1g==,type:comment] +#ENC[AES256_GCM,data:PPV53Is72DbKryu5SldI/cvC/OEi0iUh03+aAm68CKqc+8+2arJSPxYbMwl6lr/N/w==,iv:CulUqXYhQAPb/Nxd26i2VPeJbJRqhRkGrQr1oFUZrUs=,tag:s+aazHjWnxoTg88xPRIdnQ==,type:comment] +#ENC[AES256_GCM,data:DvVpwJ/qga9No9NVByjR/kfrqpThk7b6gyGbgKlA,iv:U5O+dAxg0j92uRbo8Mmsqrk0P+74RBhILnRzdIxmjxE=,tag:McLjNRvm4ODQVc5U2WMU7A==,type:comment] +#ENC[AES256_GCM,data:JDhpV1lVCLEtxrw/yG8F6q4yJj2uW/5yyERoiBr7Dp4YMfM0B4F6A+nuxg==,iv:FQ6BXkQDX0jPy9+2vpBQA4AEKu6tKm7Fa/++85gTtKg=,tag:uXOtz5aDEovuZOfpHGD6cg==,type:comment] +#ENC[AES256_GCM,data:Ss3HZ9jwy3BYEPUxIIcb9owjz0pC2/tHSwiXkpjfHI/VBsCo4sjhSLPEFJBwAmQ=,iv:In4bCeJ+awjGyosyzUnMAJJ6HNeYKYkssZXVTFVa4eg=,tag:r5RCOURKd88lIQ+/hh0Ieg==,type:comment] +# +#ENC[AES256_GCM,data:761fAyNbew82DpMOHHhFCtbXKAirp0/EHLQ=,iv:vu5eWu3I9N2KNOLYsgvOJS8Q04Qz1yILJKFo8GcYTHY=,tag:8APc/1x2khyhzYSYNSux9w==,type:comment] +#ENC[AES256_GCM,data:qAM3q6ux/NY+F/HTgtPyF07YHgqjeg==,iv:ub/L+gvpoJY8VX/EZ7rGCTA7RLdyXzEGAIj0u+kbYl4=,tag:b7bZrmw67GzDFGIm638i7g==,type:comment] +#ENC[AES256_GCM,data:shHhdwchJf1ycbSQIDGlTnwzZfA=,iv:wXP1bMUQyMVoFbSMfDFa3hhqwJAme/0bUSfsx0oUx8s=,tag:unko7HBj5Oe5RzqY1JCOIA==,type:comment] +#ENC[AES256_GCM,data:eQOr4L454juTJAIWcwp7pPKiMFaEChE59KYl20g=,iv:LEFggdiT50AkRj/T6shiTfIEtznA+s0IgmIFq/cVKT8=,tag:bf+3uWrDV8uyHaGQz02bFQ==,type:comment] +#ENC[AES256_GCM,data:8EN21PgAL3k8FGkZBqG8PRYTXEfYbRfzXqvZvjOOYbc=,iv:09sBBh8Pl7Gw3/KknqJF+mX7sziXUsY6k+8riEPJJSk=,tag:RfSYmcyxFyWbWFRpf0vtRQ==,type:comment] +#ENC[AES256_GCM,data:Z+KrmBfOCc7buLeEZSortJrp0EQFH/gTfCkp12l6,iv:eVLTPRO1Hiv51fWfckSiiU+psvmvHT2usL2IuT1D7Fg=,tag:fcisj0TvbCCANTrpOCzq6Q==,type:comment] +# +#ENC[AES256_GCM,data:1naYyapZP1Sf7/d7rvM=,iv:+bzQzrKho7qmANnp71hn35RVYBNFaHDXfRBoWrCjMp0=,tag:iaDYIb50KLsBwKaLLLCJTw==,type:comment] +#ENC[AES256_GCM,data:AsVU5oLsQV4P/eO7sdG4jQWI/9lY,iv:UZuKcwnGMbL7ynJy6Hi/a8NV6wRSaxdPZUlsDaKgE88=,tag:gJ3IgoT3VsvT7VU2I49+/w==,type:comment] +#ENC[AES256_GCM,data:04u7xJ8FAWO1bwYshgTsvYF5aWPKbbvpDgnH3dfbbJ4rIg==,iv:OTs8fcjT6irtIyoPVGFNC62MDatUaRI6a7ZjezEMkKk=,tag:JmWCTY4FLMSQN2qWFoqQ/w==,type:comment] +#ENC[AES256_GCM,data:XtpX+ghnXln/pBWR2nzA+dVvF/JhzoAJ,iv:C0vXbHn4fvu2OnVHV/R7TMWvc2QPvaQ/G03gDVaj8Vc=,tag:FbC+KYWz6Rm/2OJzj8gSQw==,type:comment] +#ENC[AES256_GCM,data:mPNDHm/1+A3EF1cltM9Nzs8NTi53z1pGyT+1x+PGuo8wPs5s3Pm0pe4q,iv:eXRESlusYlM8YvY5WGNxxsIFxCE3zss+YJq3ZGJQVRc=,tag:jgtGt5mISZVYjwn1SMi0Ig==,type:comment] +#ENC[AES256_GCM,data:O3YaY66fkwlRBFQ13/51TfmdDUA=,iv:wQ0BhRyN4gKXScWxYOTmUaYIGYilN3lZnd3yXIYxlbo=,tag:NBu9CFWUqk6x5q8BGdhisQ==,type:comment] +#ENC[AES256_GCM,data:4mOi5U7tX90UN1Pqt6az5hQm,iv:aZkshz0R7r6wdyA+4gexy9dh2pGC8JNAy4r3JXvbghQ=,tag:R9x9jkc8+VuzjelSqpeCTg==,type:comment] +#ENC[AES256_GCM,data:Ze2NZZy3deWf+PYMCBxwhM3E,iv:IyPA8m+xQ6/CyYfIYDoXf0LNmhbmcFnWyiR+d8cTB8Y=,tag:br/4/5aS7Wc9oVSWWfTCmA==,type:comment] +#ENC[AES256_GCM,data:iXM/bRiK2WID6LV7ivdBZY8t,iv:AhZb5XiGFshAnM60322SJETK17z9KpqucrgofjzjR6w=,tag:byf4ZF91atJcO+gA6ImyWQ==,type:comment] +#ENC[AES256_GCM,data:ChhGNI/CaeS2uAFVXyCJGOA=,iv:u6wsa1iANNDytCaLEdYdAeraJGs0qN+mQ0UKIQemJu4=,tag:D6T/VwzjF22sP2MZwblLdA==,type:comment] +#ENC[AES256_GCM,data:pa0vuJMqgJj5UIT2qvbdGCo=,iv:DyV73yWUdMdoa702d1ggZtZGihnqc3rlusCFyFCDTpQ=,tag:DEl+iodZXqcB7NCbfySb7A==,type:comment] +#ENC[AES256_GCM,data:Z81YGP/CiAueQMSU3jKiSCV46WT3b7EaO1AWe3I=,iv:90xZtzlIze9u8LQg/A1v7ot0RsMdC+o2KUZGcJyJD5M=,tag:185KHYhPwrGIeaIATMG6JA==,type:comment] +#ENC[AES256_GCM,data:fTkbtgJLL0dpW7ne/HbrsyTCEWUwT8n+YkTefUXrd/W3xbAdbivwRBym,iv:cZBDGL3JVKGL3krkuShUsPtyDIwmdFaLHoaNpGPATCQ=,tag:zI2nkCDmSCVAy1gRshpPIg==,type:comment] +#ENC[AES256_GCM,data:tg9yQg4UxMbEToWsTWT8GuXu2pwzgPQ=,iv:hd4nykf9C64HUnEBxTE8TfpfvVS1HVaFsBxVPXaNW3Q=,tag:dIGlpldGYv24yE7HSeNxmg==,type:comment] +# +#ENC[AES256_GCM,data:Hwz4Wo0LeshEMlN0AAk=,iv:QjqlUt2Fz6b336ySN97KPAppEmbgOAL4/0rAB9OPdMs=,tag:t4p52GWpd0ONIAoSEdC74g==,type:comment] +#ENC[AES256_GCM,data:iPuF/T3jM00fouYANF4hww==,iv:8CbNJog28zwe8GmJufrK7PI8/4ph94So6w0JWhCffPw=,tag:LPPY90qiGbgjUJ95MTK+5Q==,type:comment] +#ENC[AES256_GCM,data:pAPpPtByhIVKa7pCwM85mLfNKd12jA==,iv:NDyOr7VNrYP+oH7NRotc7RpRFfFT7Yhk1H16OKUVtFQ=,tag:h2u53KtUfaw/MiBWXyXsFw==,type:comment] +#ENC[AES256_GCM,data:rejRFwFfNdaZDCjWDVbw+0C68VlTJpyyUOth,iv:jHz0EZdZHz2+gOcG+2/0CAyd2k4U9exvQOzugZwyNfs=,tag:cKkGscx++0q1Mlo6agurGg==,type:comment] +# +#ENC[AES256_GCM,data:pTVBKKE9q9v7+ZjdY68=,iv:WQ956XLsvCNPEpCL4JNmadhHLoS7S/8tod8fMLrQf5I=,tag:lCytViYpkE6BtJ5OY5n7nA==,type:comment] +#ENC[AES256_GCM,data:n2SzH57dweIGijPecnE+/xE=,iv:hAbEIzVwrAB8uXuh2wBH9E/rvsS7mqgk+FMQLCFtVdw=,tag:EzfW664vfiOfPWHcjSOEVQ==,type:comment] +#ENC[AES256_GCM,data:N3dg6dK4FZvUh44RkC6B22ctCzxrNLkNP8Y=,iv:5zPUorfS3J5XtTs3mbLljYV9G/PMjSdDohWk35zqA9c=,tag:TcD1/rnD6CrsR6pEfIB3zg==,type:comment] +#ENC[AES256_GCM,data:cf1CYbMC+bG3KO8BK1ctaok7NQU+,iv:ri5NGrT1zNQx8cc4A+iePV2Txtj7TT6ZhmXMtZZIHBA=,tag:0hD44RjYLOyp9VPT7FXvQA==,type:comment] +#ENC[AES256_GCM,data:uSJcPrieoeXzK/jMxzhIoWjZ8PQA,iv:4ciYuyyyiWErOozctjUssNeKEvXwjw4BBR00Wye6Ulk=,tag:Swp1RxMPu+z5EbTd+2+Pcg==,type:comment] +# +#ENC[AES256_GCM,data:M71IlxnACTBo/ZVoByHS,iv:mz53kNeoZ/I0L1gCHNplO/wkiuv3Pa5cOdAkbW2H6aY=,tag:uv14h8nqiqilLQPxxZwu+g==,type:comment] +#ENC[AES256_GCM,data:ctZR4y3L1Kkt1XImNios3g==,iv:/mZRQO7itMZhFu++g1u/CZ0k/NySK3Ssndb+B18VjHg=,tag:xA1br9fn7kze6nKXw1U5CQ==,type:comment] +#ENC[AES256_GCM,data:KCRx11KSpYt3jc8KrsLlOkohAQoMrEM3xhkjWA0=,iv:MC2Ed79B/C2Ti2xhND9Zud+SsVi4HlW8hFigEg61RH4=,tag:3U1vzj+X3mSCJiph9eDExQ==,type:comment] +# +#ENC[AES256_GCM,data:syJIANmTl822v5R0CaZm,iv:dZqFx0V07L+AA0kdbhmd/zAwb3am4xKlCncSYmTUoww=,tag:rarebRjHp/ePr3c61gS22g==,type:comment] +#ENC[AES256_GCM,data:P+HW2K26Ro1aIc9U9WhB1hs+fBMy,iv:wgtCxHBMV1VP3aC+7c09d/ZbataHNsi10+MMNeExCfE=,tag:ljJA0PYZMTKH0svHvrhTaQ==,type:comment] +#ENC[AES256_GCM,data:+bwRXTLBm87M7woyQu8H1xLWAtcziUMo,iv:wOsQVvDYzKZ+K/nny31n9I6oRN27KZbKW3/qMwwFcRg=,tag:wvXx1P3f5yaQJt6Vfw5Abw==,type:comment] +#ENC[AES256_GCM,data:kOpTKJrs9zEyLRvuCrzCgAcGOWs=,iv:wv47cqmw9qRI93UpH2HEiwQ4z/0Hh3Uk8KoOz+xMXlY=,tag:g2MSlsd8mrSAcOl6Zll+0A==,type:comment] +#ENC[AES256_GCM,data:CrF+LoZrJQFZ1qEiVaEDtPNz,iv:bEwRChGTIzy/TYFRX8+LNspgBFsP8BaPaClkhlSccCM=,tag:2J2EOQ5DablYMShw5ftN1A==,type:comment] +#ENC[AES256_GCM,data:dI63YN6OjqWYpKZlL4nFKIyr,iv:Z/hpFzm/xFZ+CbjnmXnyCcsVht4+dwfiLa0w4ZJRoCI=,tag:kGCAI025/e0OGxyD9058pg==,type:comment] +# +#ENC[AES256_GCM,data:TAfLyQue1g2BJQI/wv8W,iv:AXIQDwYrV7VcomWA7ma2aqPYBIyQS4n56lTfWJQ+yUs=,tag:GtGBdQ+58GCcNsHhP7oiwQ==,type:comment] +#ENC[AES256_GCM,data:rh8P0ngb61FEj7gmwC81xAM/VlBi,iv:evqLKuYgoYKSDeyMR/qgry9ZdUXs43bYDkOgwesLaOc=,tag:+4qtneJQN7GKjEnTxOigKw==,type:comment] +#ENC[AES256_GCM,data:emvw13eA7liyFYskeQkcLwY3SOR+Z3I8,iv:arsc/GaQFBFU98ZROWC8OQBsGUwHHNQ6OtYvVzW0ku0=,tag:xnDo0c49vrcpF4BLJTEtpA==,type:comment] +#ENC[AES256_GCM,data:EkFxLiKlPDwAKK/E5d+cpiw8FgvNmW1gtpngahzEA5Ce4If/Bg==,iv:zQsseNpyW4mT7GQp6ADNBDX3SNWjnSGIJmGAzHLE6tc=,tag:BEEfPC7pATG95ZQbCbOLGw==,type:comment] +#ENC[AES256_GCM,data:MPkLe8WaC1xZUZfc5Fv5ayx7,iv:txOc29KRFcjU2gzkF0k7wzCnKDukDcy4uErZKKbfe8s=,tag:mGYqbafKvzcSXzX86PYZlw==,type:comment] +#ENC[AES256_GCM,data:wv7Z3jSiyax1IzrhiP+KvhccLhY=,iv:kZ0yTnHw7hGWLL5rPiK3m2fVtmkbSqc8c9HfmuSLfTo=,tag:kHLORLIVOc95e+U6qVnLJA==,type:comment] +#ENC[AES256_GCM,data:t1bw7qSOfu+9FSHPkKybc8gc,iv:IRs97CByexbWAJT7p4NKDKer3vwsFHx9+HQ14PXAaK0=,tag:a/tjedW0wFjg1isufG+XSg==,type:comment] +#ENC[AES256_GCM,data:MctPm36in8QYiOm/oDwCFNUV3+iwy68=,iv:ht+3MnZDqop6NrpTTP1NxXKw3W2Uxb97RpFz14POGJY=,tag:FnO5oTzAOLHX6W2LynKvkA==,type:comment] +#ENC[AES256_GCM,data:OAFeB07mHMVp0ZXpje3Ruurgvyc81z7Bbcd7nK7ZvGvWUQ==,iv:EIahYcU/L3m4NEl48JR9B4U4bfTECPeeH9JSPMUfY8w=,tag:fL6sQhNHBetXkpzMD2tLeQ==,type:comment] +#ENC[AES256_GCM,data:p4SkEqkgBc91VPOP1dnKEzuz88gbxqu/InVztjoqC+g=,iv:VbdRX3Dd5xEABPGyn8HW0PsqUdViTR6SLt8ptyYMKSM=,tag:lTUKz2RJBcF+jnZjcp+uXg==,type:comment] +# +#ENC[AES256_GCM,data:UZCWBKBgEcNeRHUfTurT,iv:V02x6pxQBxIMBWtIuVS1B0z3T6vsvTB0LivY6zEUryA=,tag:WB3LNHwcrAD0ECwlW3u06A==,type:comment] +#ENC[AES256_GCM,data:++cW/Mp8DxwAj6qDS6R3ja/Dkr7B,iv:guoppYi2+nr8ZvPiEk5PHx9NUlKWgXKWOgIz8hQHG98=,tag:gh99y1r9OVNNR6DzQAk47Q==,type:comment] +#ENC[AES256_GCM,data:Rr+ary7Q3eF5mGFYJAlU7oQnFJ/VKI9GPHOX+vnGubOIbMRiQQy6FRgKNwZJqXx1HEVqoSLf2DPN2w6Cxbc+8tlPf9w=,iv:WJ8ovxoPEOR0lIiRuoorO/7j27S7AIrcpDjqfKfb7K4=,tag:erHL8jfBc6B1okJnknB1rw==,type:comment] +#ENC[AES256_GCM,data:0nyQ/wj/6UhsZWVj+ohMnSsk+g0FNQ==,iv:+rO0ddTFacXf9tsiXCJUgWW4iOpTUn4HWQQdwWsAGs4=,tag:9QAHLohS5u9WE+qlSnYQGA==,type:comment] +# +#ENC[AES256_GCM,data:B9mfN6DeeT9WCHYI9tAK,iv:F1MQcw4LvPagzcIzvBy/jlFKMecu8vW2SMSdm6vQylA=,tag:mSJIhvLxIyRMVZI6hwq/6Q==,type:comment] +#ENC[AES256_GCM,data:lrELH+Xpg03LbmpdXl8muA==,iv:vdLbxoLhroiizYc6Zht771jydjrHkNMsENKxNELkwhM=,tag:iE2l5ZtvnC+PberTi4mUww==,type:comment] +#ENC[AES256_GCM,data:9D5ZJjb7IjoAj7v7pizINtbQC1dAhytSwsQvflWu/9eWnFiCkdU=,iv:rXgiZXcxvuHZNYFoVXngbTMFJ7g+qpN3Fw134iuxuco=,tag:MJp0xk9yUGEime2vDmg/YQ==,type:comment] +#ENC[AES256_GCM,data:sILv6Ii5T+k5R1jVs8f3,iv:ACvkAkCIGDiUxjGMAPchh1QAom1MGs35bvSMDNQuogA=,tag:D+KSIk3+7bDjLmHxLplwcA==,type:comment] +#ENC[AES256_GCM,data:cVuCmTpnfn7Hncw7cZFCvko=,iv:tx9aeIISmbPcop5NZp1GEPg8J2TETnYw5yAyFmejfyU=,tag:+itwTekQiK1EQp4SDti/vw==,type:comment] +#ENC[AES256_GCM,data:oDZ2g9ZymWNmh3/D2CZk8WFHG3+E,iv:zTfxcHtHLiMWENDzn4D3/SOWFycdcQQfzy5e30z8vAY=,tag:wT1d6pQ/el4a/vhVEqS/bw==,type:comment] +#ENC[AES256_GCM,data:Jt73gVDZ0pTtFLi5TlDpPDrfzQ==,iv:OyEEqyL8tNmJmkdtnI1at+6tFS80vv/nYAWXNl00O68=,tag:LF1panNmPifrPQSKF3tzUw==,type:comment] nftables: forward: ENC[AES256_GCM,data:F32GGcjkvsha6rjTanGdkAB9h3fkzqkniXFzrjfvmh5tUjBckEm/L3L82olRzwRVCN/9SiC8+6wRiGnU1aItPtFkyJlA7pNORLHitVIKTyyKNSMLjEsWpt1v94UTRhNWC628Vc22XDULY2POfdSGLr38ynpL3fpUSJkFvhhwx8FjprzvogGDZ+NSaSKaqD04t9kbdGlefGoLNo1gqdutRbN7clqJnMN/Ip5hS0u7o2bDTQ7qmBFFGwAIwFUpyO1nGFl1c0D04GzFGedwm8Yl9on6mFG+8SfZvR5nxyv0tG/Zwb6OVrWiFv0LYYzE5064AM7K10A16E6as3t4R416sSpmWLFTHMWPzMICfXSAiEU5yQBYeVzmTAzrZzhJZgYjBls2C3DvgjwcVVfGUD3S6iwUNQBgfgh8FKmD6W0OhismnFFcte6yIo4mvwkldhT24hZqyHBg3m+wNetYybsCO+ivf1e81a7vA0GLcv5cL72B55vl7X/pYeiIgIln9Z92+T3/2YRnz5f0IHFkR9/tCi8oapyFmQirU739QCuuWWmoKP7d3cA5NyiofUCbPhO8QYN2d2xb35cNg1US1IexHBO1MV2mJPelnj1K3qCdmpIqEULlWkFKXkg1ssjW9ia7sNSFMxE6302Fu08Whnv4t7uOx/Movr10pLGuRYwO1nA09hK2gKaEmsIZ7UP0tiCAuvl/5vVCelNvIGAgCHRiVoA3GpfpI+LF/YXPwNeyWJANqwOdjl9pOQamVsUJbO/YGVthwVg7dLQNChGcArGPCBOm/aTVxiWiFmbPTRo93jVf7ovPUlhoqKIuhWKxlz15025Gzbm6Re0kDY3fZG4FKMXgaXDgNwgSr0wdCQUMmstgyOIRUao4k7qrnaiaXhtUmK2jlYjsZDvs8Uq9CILU4y/FYB4Z4I5cn1dazjMcNOLjX9Mtg9cfTyNrTZmu3TCze5694hU7O978CUZU5vrK5mzgusE5P9tDpi7RvLLZr/1+2N/V14wAmhJDAPygkgfAuN4IOn2h/P0TJ6jqLzP9p+iOfEhTVRxrx2veVE4+wi2pNY5GHSp/FXFtdCDEMSUc3wzNDDrOurFa4wNK8/0xhgsAnjyc+OlvL1Yf9sPgLJ+XJjDxmdfBeCHGkTK7TtXM93pzj9Vdto3dq66RPUz2FwJJ4xSq0SFOUaNHEC5p6Sg1rZnGvaUpfr9+G6C8rsk0z5wP6f6lOkLwXagKgQ7oAsJXB+hKV6yOLL0TYz8IWds7pHdhXYJtEQ3TeI32X1M0md1X/13Lq+m2XH049+/V/HI3cA9X6wj+t8nzKYqbnGIUwXr1f8WfRAPqJhLBl5zdI/PKtmrPMqmN5iiUrtYGSzzLgZOWHCJuvo2f2X+2ynyACY0lWG3DNFRh4aDzP+LaeY1+mZbvCaopEb7Uc7YUbJ3oyq+eeb7+mgb7lhjpe1kC7GtpdtRwTvIMMrQUXcngkyWFO26vYM8QPMRVIIWcdeSBk0qmF+t1oJBaaGVji4G9PvUCcpHXDoyao0FNfkcr606ELMMrBFPE7DVGU81M6+57NtjSAfh8KLuhKA1cQQU3U0ciSM1w1e/t73b9xmKGVShlTbm5yPmM9I7en6PV3aH5SpZv6LMovmp/PBl9r6ZWUg4tTU2iCj09cWlUjxaXX5h7AxUW7jA2ypsUOn7dgkCPFwr5gv+mfvkmeYGCtijusp9GMuAvL4Wp7Lg9SZC1/k0ocI3buLRbmAji69j+du4no8o+Vy7OHNqcnbtg/Qlnp65lRI4/Z+Bg0OZ18rSYJYM7BavNYHyxVgKDHo+5ypM6s0yigCpq6naI4A/kr1i3ST3rl6IFQQLhWjeH/FS9Ay34RGO8nk/62Htx4cTrmGUnr1VgLrtdBiHj2YkeJDa0/nfM1sI+EPv4tM9GOlMQU6OysJhBzWhHTqEQxVgUQhcacYv2OiOH7I4Az2TTxNnAjOiWY9TuazRiVeJlpTjCkiQfSdGgW4hD2nRbAQZ5X9LrQKZpI5Q5wXwI1lapmjW4m0t8cnEVXgxE5Gn1uH5TQpzzIpSIVRJjWvEeQP+EuotWjYCdx/1tj5PnYs3aiV2Us9QmTMAI2euNQ6DpNTFFpiFONSPDBzZ/IANPKWWFVDeMzBZKdllleUl5VYCWaTEd9JrbjRx/u9YrYlBDl5Xo/DCYJIoUFmusCdh1UfI9y64XYsPxrPNxrF+upisE9vxG/BRTDgxLBOenB3A5/Suba7RfHI0LBHVhO2ijJr3Nh0T/78ecnTE+1zBI41TtN8Y/2MGbs20ZSZtDFy27mf+YQLpYKFpXEOEdoTy51kVW2jn953x1lbNgwV+DWRPf25TNP+dFTZH+z4/Mv6F4RCyYS+VJL5SfGah76GpMxYodmE2iBbXyfUeUxKAeool7EZ6cIvhtwLaJuaUhvjKLd6ateSzAaAKbFVpdsgP7iSJd15YyTKmb,iv:lX4dz+VArj+I9yhy4tahlz8cNvnc/eDs69pKRbIWeEg=,tag:px+HxZRAHlKQA32KJJZwaA==,type:str] ssh: ENC[AES256_GCM,data:RA14V9O3PcGOoCfgj4nCILtwc4ER/hPC5HBzz91WhNHmUKzOlxy4zso6HSmSz6sMFBK7J77r3MO+6JKw8eNeHmx9fDDcboHFPcL1PQfYAJE6LNBS0e9d00Mi3k67DdNJZE4F/yOCGIrducvlCsJl/8S4zMMI9Ktum2sJFdkw0INgXoPVPSAQ6nyO5KKcboVtxeKc64RtcBZoO2CCSLhEdVJnE9AXB+l1Pk1926f2XHlS3Ci/Jh/uAwM/4uAeldQ2r3gRuzq9H3SIAgSNZhlJIVr9VDU9kZ28dNpDYhhdOrle1W1drj+9viJ6eeIxykhzZ/8kX34xik4UiMxW9vGO/VpdEdE1XRMqEIRp5L2ADBNCImbXEN5fbRo8+FlL9H+aAFDjBtxxalcSSqApYac6NcM7msF8Lewj4ED8FYXEsEIX7qA8XbVzJuFFYHhRWA6Lt+Gp9Kn6aaxZMF4fl7u35BFPggi1vwsb42la+yQAizk5x0t+fCCX5D8XRHmfCZYX6AYJeQhfzHETuSUu6p4asmhlx+8cJLtjMkkBc8lDscdK7NcuhPm3QzjQt3H7wAHQBzWrxStvBC77K2d3Xf/C6VERUdDvLK1El1oZAl9UmnxAK35kUqAKHHE2xheHQcw1rhy1D0dsX/rQLovTpPdczd/vqpkcJxHk0nH3rddySiyOaWsdoQ3DhpdX7h4PNTwcFJGVzbVR7+9pCnTJ4DTbc9H9G9xiX0vPef4cBuJQPXG8Bc+kMXOpV9uKt9KRoNtPG2M4IZvtaZNiS8qYB0LTjdHiY3C3NYvDc0pkDAIxDjP9TERWxuBCUlscmbXLAxDqB4zO6LBm9yVhMWxYyim5gH24UGD9D2g1piFGXKiSb4dXbrnxoRe/JoLITdWOOEkabVxqJr4KQF07MjTg1JNO3fPLMI6azElQSUj+2ZAy5dqPggg5xw8+h6yp7ZLh3zXaTlSroL+yA4BH8BjVuEa+jl9xqexKgB7zeHb6VhWmtONsffvQtk/kVucDwmXOiOnma1+pj6COoMur2e8bEK3Scap/k+B1b8D9SWMEXi61HxpEtHn6XH5DEdq7Pb12zs2FQEE4QvuaTIscMlvwrsMHkwW7WtkCj2sQFIuUAL4ayyccx+QomhB/hxWKZE83SztNfiAqTWAOaL0XfX3+4qgsehfEkdaUl3FCZvuObPPxIUcYu5Crl54O8B5fbOQE0dcvxMpuxVM6kt3O/jcmj/eri4NPmghBohGSrcJpZ3CUMjWbOJG3A2GFQWztFobkRW9N0K1Fg8UYzKr/lhzlPKiB72D7flghX1yMYfefOnD7vClPUY7oFmnf6sD0qYmZK49SGR6+b7z1bBaskaqhEx3zB214DvOxKGeiPuMVmXk3h7bGqJQ+ejiRcfQHMr1dpFCEMurTmoHwJPwB9fetOpaA0RAEr4pP0QKt8iuTT8MCZi3KBXaiPhZYtdyR5Ka9DETlmBoSeYgyzNht2bCf9nTLn0AJDGZNcZH/NUoy4kLFrhQ18mDIvKHCaALWabp5SnyASQRI/qIkE1DTH8JSkSrr2edz1Ag0SbTMhXsVuHUy3jPuFkNb1SBJxlXmvjHSny7gAr9HVVG2ClRzGtVOXiFHyYguNbmP1F8uqDvabbx8FvAGCEZeARFWQI4iFCe37rYjJE62byilC5LMBCQ5l4/kOYHVgPivPzV8qkZV8B8dQBvMjIvBOgQNvljqagDu0C66rZOTj9G16FDfYDRcdApL0xraAs/O8EgQWxzlB9cQPJmjecAVlF1wsqIbIDODKtTRY4dMYqKfhLoeCV4kPb4WjvoaLxBgbsrJylZKULkO+xbBCvvFhnFNQDOVFPe2ZhEwcx4Ji6j8GZhhyv2LsOdQcXGLgyTr7YM3z/M9DdlCKqlFolA6tod6+9CdUkhFfL7y2vBV3pyEHwyTwWMy5UQIprwm2Ht2RxejhpUcfVydjT/ISJ+aNMy+nq11rrQOlDFsF/E/Db0ngUbORNezWX5n8bqDxModmDLTwYwYT8qu4jruw/WMY1iEZPZzZE8xywRoKCzqN2KweUdEkv+Px6rxtOnNIkPtJxyq4I2L7/oJcaGU40e87KXhhm68qIajboyPM30WInOcGAcG5LwWlyrxwCpthDEcnNlXXghx9izXyqpw7s8hP0qsmRDeESckqn1KUfs98Jkbfg54nEdIT+JcHm0PjvqIHJB61IGWwN4l3SQXY5SKuUb7hSMItKC/FlDKWL5yk5qO55SlYfz0mrD/7Fqk9uFRzP94mswYh8uOkCHBC+WxL4/ashBZOPFZ+WErBAyDgV0LvdiEBN1zpJlAegDozPNXpOzG3rb7QcBr7kwkiHBtD6q7dhBZ51XKPcJPRjkFXDR9Rbj50k6wQHznuDNMA9lI42a6rFN3mr3G8h6mvD67x7b83IxwtLaf7Y0Nb04m/37sCJM1TbjP6jXvD0BdIAdbLc7Qk3K8F2cSIfNH/O7JI9WTvXxxOKtPdpRnnrOURpr4PnXEdJJ1ErujfCPPvFkr0BjpR1Xv2LYKmWISx2OblJnx/MAwECBacN69SX5qnJlaP1Mn769lR5quhAaBCpq0LmHSB1jqF5ap33VKHcB9EHs2ActJHMyn6GxRXSYudw==,iv:iE3MNeQkraGC3qvhP2CtVQv24XVzUQMJZuPa1JxlN9E=,tag:wU1dIUj/HoWD/QPHqHxcDg==,type:str] nix-access-token-github: ENC[AES256_GCM,data:CWFmo1vx9xGrsickiHtAehg7CLhDrV69yG9Ngca66ecsAeLKU32CDvL+3/9UTOA7lrHe88q0GOXMmbCfSDFA4M0sZWo=,iv:yfQzZ5qmKkkpL6T6I79HGByyt8nhdYnxR6D7DvKFaNU=,tag:WGg9oSbmZcy+3BAFTyf1vQ==,type:str] +ssh_config: ENC[AES256_GCM,data:7ZdTQR//YDvkfld0ewzK1mlMwxmdnH1Cuxo1JVtTBF7DOnx5o6tUkQS/sX30BzNqew59pN6lPbYToZOx1MVB9HCHUpNGiSu41RlNO22j0ihTHVleOk4/IqsfFKhrmpHlYoVXvPQm2803qRF3x8AAnR81AoBpdc5agD8Jqmpm8ISkBL+IPqL9LJN7IopMn3iBm1k2xz8Gml8E3VY4i7U4qxIaWVJLGNDXd0uxGIpjO/of+nL3ySIYGxoAzp7zX6lhyt5BOIkSpJoPJPI7QjlPOvGmLnpj4+RTFwIamYHzwQaAD+T6MyvO/40SzGVxvvWNvfz49UmO5s/wWMdYwRqMMQQniztDMwJ2cB7/YjWzJFP1H7H3VCxl1Lfz7CiYkMynFVWSNnoFuK//ii9WSHuXohgzyRjt2D1CGaWB4ufKM31Dfj0vYAq+NGcwl7PQRknP9uudRDj5/+Uw+cZcpDozZO39vJVTI45RHrtRTAeXZqMyeT9V14+2/QyzE9MRovr11ermAp4HivCd6/diodeEUERoJ4YSwafYMgNbx56dnbZ6CrsJZ91K3/j/l9Nq0JfLkYdWcR8pjJ+8MP7j1AGlzHgWha+DPMK7YULA5NaSBcOVt5WgObqmO3w6Uq2UWCkA/evXejH3hxn8lZqsJIRTayDwJB/ea1FrS0ryTuWTK+IT3PvFpKIFFKKJ6aRaATc2im7zcePikV3R6EETLe4mB7YgSGXCkMlM6q97myFKnOv+9lwVsd9elszWsapgThPqm89uWMUGrQEEW0ZlZi8VlfXU72SqGARengUIkOA=,iv:+535dLYm/zY5HIeXbpLaeMV/sx6b5BNV16VZApPIt48=,tag:zE2yzu1Nl3Cbqd1JdvmZWA==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - recipient: age1z6g6etwcer433v97lwjrruetdh9fswkgjh9w702wzdc2ydvy5q8ssrfy9r enc: | @@ -30,8 +201,7 @@ sops: ZTdpV09qUVZGK3FjTWRITFp5TGZFUkUK1E9IN+SyTV0r9l1bd+2z7zrsp/7VxCyG tEWZp8LmfkGEunspv6iDyxKbYxWqNqJxZuSVeMD4ZMx6YLwHfW797w== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-11-12T22:11:05Z" - mac: ENC[AES256_GCM,data:YgCiqSbW2qMrGM3SYO7F4xcgrdRaBcaLj8r53i9Nu5D75l7fA+qKTc89XCpNXlFMv15LHT3kKjfXqsH2Cyn8RyPvrHHd/Hnqa7paQPrcpQIRcpP8QTMCBNFJvzpaXUozwb3fpx1xY63Ydw/TDv1/PQBEJWzp9k/MDiTSZYOba+Q=,iv:9w88jxstxmvIScgCUtgl1hPkr/j76Rked3Kv9fhZQJ4=,tag:UvfTXI222OFtIqex+0mdhw==,type:str] - pgp: [] + lastmodified: "2025-08-26T07:30:16Z" + mac: ENC[AES256_GCM,data:2i+AMaBIOCrKYfHFXZXB//yZ4Nf54DXYLzcdWDwh/cloWfpa2uPb2UzYVIIOz8ayi1h/Ij8ON9fQEa+4SzflV59ThN03/kbR/wOo9UYLvjTl0JIFypl/1O0PRRxwrNPp8jMl6mX9vUL0gvfB4qnZnk4xUOykTaXoIjnO4M4FLwg=,iv:WL8RXkxvh+MfmfiVUFLNhTwAv92DV93ZE6q4lagCNpo=,tag:sbXuzl8PuZihzcrASPNCqQ==,type:str] unencrypted_suffix: _unencrypted - version: 3.9.1 + version: 3.10.2 diff --git a/hosts/secrets/fangorn.yaml b/hosts/secrets/fangorn.yaml new file mode 100644 index 0000000..dd5ab96 --- /dev/null +++ b/hosts/secrets/fangorn.yaml @@ -0,0 +1,25 @@ +nix-access-token-github: ENC[AES256_GCM,data:5VERSDp1ROol58nG80J+84fBB7k8GyFd46U/D2+zW1iVV12Y+IbJf9SNuR0Wca1qOxR4v6qRZjkTOL/d72SwBCGfmkA=,iv:qn8u70EGF/2H7tQO86rLNQVPeoTuk9eyn0SFwrHpHRs=,tag:bPGqZUavVXzmZZGrMUkveQ==,type:str] +sops: + age: + - recipient: age15yqlem4d5h4mz808j72ccd8mrdu4p8hyal2k988jdcmtqrns23xq80896d + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUcWdVV0hNMlJSTnRPV1lu + WnRNalM4cjA2bUdYclRxcmFGSTVjMEYrV1FJClB6NGsrcnlpWDJWK1M1ZmtDbE54 + SmhwZk5VUTJGSWVEbkVXMkRydEJ2cWMKLS0tIGVBb3BBRnExd25FblNOR1FLWWF6 + NUU0cjAzOW1nblJ6SEZjN3NpZFJpRDQKwIG60pc821BmWTymHeyY1SSLy6jpFowN + 2AuzBldfk9Tm3g/bfcXV8Af/YQMX53xrYawUQiDALOHNAj7smZWvRw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1a9gp70y8576pkvklz2arz6h9ecnrjeue2vvh9mvvk92z4ymqrg4qdqm9va + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzZjFkcUxxM0VsV2RFSjhv + d0FyKzBZTllGTnRLL1d5NmNBT0R3b2dhZ1M4CkVEOTJ5SUpDVUF3N0hJWEtOL2xP + eVFnNkJST2R0U1RDZ1pOdTlGUzF3UzAKLS0tIEUydVcyMmFlMEpXemNKcnJsYS9V + M3F3blQ1dGxoWml5WEc1R0ZjblN3bkUK0+9zLdJi4u9JE3ijbP/SVNPqe6tXBcqw + gS+N2V47O63fjGM/VSXMywrB5aatwU9xUW5+A68qwgHCXTcHYGiHvA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-04-14T19:53:57Z" + mac: ENC[AES256_GCM,data:JlVFa18N4w+y4RIK5GG8XspsW6BL9U7IpU6IEpG3u4R+h/3UpLFvVqOE+sK4zdUaDNajHk0Hc3oE2RRsTaf0MUif2utqSpT1y7fqaVBj6LBrqH7pu3KNRnktfLb/VOyovAj6yT1Rmko1YtcKw6ZPu4r9t/Vi5FAZP1+3qLmWyv4=,iv:e9z7vP2W4AWACCEDto1eY2i0PwD4l6W3c6+KWcduwZw=,tag:LQoyet3sJKh4bpn+FE40Yw==,type:str] + unencrypted_suffix: _unencrypted + version: 3.10.1 diff --git a/hosts/secrets/ginaz.yaml b/hosts/secrets/ginaz.yaml index 5c59d9d..069d445 100644 --- a/hosts/secrets/ginaz.yaml +++ b/hosts/secrets/ginaz.yaml @@ -1,12 +1,8 @@ nftables: ssh: ENC[AES256_GCM,data:mGh0TM88dWZfymF7+Xt896POHOqoDrcsicncILYFRA5DBw3AjnaaG28Da+qcJ7/VrXGFVIRm4b8L+QeTJ9Uk/h1VEYUpmaPdqY4yaK9CPTDqKmLSLsTgrIvzbUjxJ062+KOx1ovGlLqpZnkiSgHyY2h7uYbxPnq+fvrboPRoxwZiIc8UQTs7KFsQolZPka5It5kXsa6mYdaCKYp36ypTCmD1dCnkneveiYxDg/58O9UJLSbMV7vbB2020B6ga8PsG/5UbFGMzOlktejgqgfr3ZQlU+A8E8Oh4S9uweDEBsg8W+XIDH3pV7qYflkUqCctunzUNdn94RtasAiBkLd5RIV23hiII4NbPnxke3jOtO/OElmU9WxXcIHX/obZ8pPnTZYNeeNxeubkph0KJJE0DKnEKFwetF0J4wnxj90R1hxAFYLXBOYEzVANuC8bVuVw0M0GB6yRzKbxA1uxeUAbq1njBurDfVAZwUh4y551YYTJJxRq+4VPDikkE7X35smRYgRzckxhWnNvg1mggcI+ZUuGkp9XYjHOwifumib1i95xeXAD5aIiS3GTTTFPLajOlbJhdU9RHA/6WY98PEJmU4sybWS1REMkI3LfxjibLACds9B3NQYpbwIrYu4WdLrio5eQp8ifAUv1nMQAfJDYX+Vd1TEAqcv01kWiad2FVrNSy1CVphGfTHHgOfk+P/UpLMnC/OmbvTrc74wgmBVdvnMkOca4JvT94d8VtiriJ8vr8l2xOqA8A0sjph8ucInZ7GXIV91fePwFH50kYHQE7a0sSTtGMvzKjRg2/7VtgubY8tNSUO/u5FNXKbPYBwhYKB8DXI5G1m9otPa9PeobeLsLcovRyqfVhqzAIw0htQYvHHC6RZwkHptAa3RcxeB0+dj4IxB7yzayWCcNVcQHdJ+bSB897hgo5c/k26+TnYhz97STlS+/pf4h0To4JnS/+67nFqHMoRUTlmL70JAxkkwvjg+5T76+pFQFB3cPRZF48fiBo2NhpF0PWiSUB9uEIKjfyq5mwQ9tEHDTjv25V8qxcpQitu4W8ydO7L+5ovln68oPaZC5vSe21m4p7msDtg27Y6GLHTVCdFFSi9CmXgb3JCawLWDXkVMpMch1bFYcsOOumYZjBsmosK0Yi4zCZAreSJ6O8pakyjfG/T81a8wPySEjin6NGLj5rEo04YqXqIEoG5hCNQz1WIIsqfeeVZYMhQ2e5jlxqATbvnq8y4dVfP9riuUA1YAYmmwrwTw3OEnhShxtyl49s5FctmPxCPEoskzpQ1rvv45xDyvKN1QrlInu1O/TXPddpbs1eFRiyPBV+rzAwW5ULlsxy5letfqkQZiKMZ0bVIdpgJaTeKeCrZeg5khsRpxf7CIWhCRftzrVaesZKM3YGYGmlOO4FALQbg0vXQlJQBCidNVgtG8v0n/b0TCiLl+pmaItlp8GGYUHrKWLg/iNXQ4EDiXwfxF2TdSRtqkOIQQxo8Odz7fxccGGQNOeD/xCAVZuZgwOtcGGtzBaBIz18pttLRLIfzPr4WnCqlycApux1g8UhyK9zPo9kjeFnwHAseMi7sZb5iQwzSPpT6osZF127g9rgi/ck+1AB8EEsB8AOYw4DmKFCHQ8S7OuWMpAgqtphsy2sW0QOBHdp62bqZBlFofYokw1c72+SoW4ZsTwqX5ECc2pcwdDsdse9jyTHSppap/NguvgLtgfv7uz9tVw6T/Mw5Sq5MlwxFY3J0PFIJU1KjxXGmoTowor+QJVds5PxnWFBX5u6jsHs9ifcub7ddaNXuQHPGcqbyNp/T6pH51/NyymnWRq8/RcHE3DFFFYDl2J9/WY9+y1Q35o8fMo7XWJ5FqArogtAyDE42EjxCvujUos3JJKqcSUueKBimO0oJ1TzgpTCrYi4OoP54dVNRFSGVq5dFAkJ9Dmpeh4a/v1Gxuk9ujvxbRZso8GfM7gnr2FIK3hinipT7F8RHVx07YnJehM93Ul9m237OwJl5hpBBsFRy+yIuBoxd5DEeN3nPuztEOovW5lR+Sj0RB6ipJc5kaHTVx0bZm2SwPVr9RaWeHBq4j2b3HP5+frgR/vnPo3q6RQJLKamLh30mAxtzTV4F77N6LEXp9JFhs9ytv5y9MYwotHIjO6sN6pop1vcIpm/b4tKeYyUDJ6JDVuy/oroS8uAtf378gTRlT/P/ekDLRymyySvwWQ/TVtm5iF0vjt3lUdpwNOoY3J5TJZejCLbDOcShE7PDfKtf0QKGNBmxNh3gqtqDQ5YWoQirTLUv9B2Q7JkRpYZ+gLnkXMe0eu7QFcrjUMGeJwe7F4EOjBd7Xy6Wh72BVi54sYuuWWIgCOAFCjMDqMiLGdu2itnMJN33epOnnj3Dn2liqTDubSRpRaYE5/thVeRXKs+myuiU70R8mKtxol5/0i1HGrolT1Sq5k4O3t4Ibj/rhjqpmQU036T/211YS3DH9MMsP2YlOOv4NXBfptwJ+hKY3R2IoXI/FVHF1q0/8b24+kVefCZ4tOlKViPVLnYlYuxw72ztzhheKsSLMJy/UzMJMV4p250IsPAO8locfPIw==,iv:zHwrBGfdoz2j/5Qko5QNDkh/kkJ/bD/aHvEL5DACmKI=,tag:9YELKHujgP4p5yO5vAwZog==,type:str] nix-access-token-github: ENC[AES256_GCM,data:D0VIVA6O4vTDkg//+NgV0pptpSGFkSi8YtbcjjXTQyYLK6j6QJ1Zxhz1SaHZadWNjJgilMjoOHZOg742fdusxwzJTQ0=,iv:pjdlfeRW9v4q4+S/6voEFPOvwQMQYd2ehQS2k0MNAuI=,tag:HG3+7EfbD1XTjxE2UjTV3g==,type:str] -ssh_config: ENC[AES256_GCM,data:WY7WwOu+ev0+Js8xNjRQYHzAy3arKdQY5IfXHFPLwY1Yz/Z+nXIMfL4vg9kjnjteNqVVfzzk9cjaMBxHvU4cqhznipFUjhV6LuIqVcRUersyVgquluQHEUt6WRbOY0QVbI2jUzPPrgjGlW2KDS62rxKhviC+JSULi3oJEZcB2Ko9I2Lyll6jW+ESUiiYB647bdQz5+638iY3M/2FgijLawr9a7qHP4J7h2U+9LfFj+L3ilVqz+u8YJenspKEMg/n0Oi+EMQfY/wq7zzhhxt+TCVa6Tlh7HEgdRrrjLaRLJZx1nsX5+nzdSthJ+lWYKodVlw3XeexJ7kRBp0/a6tKzsDcJvGIbOnAtgCfneS62CATgawcjTn+VzMC9esOuGsbeEu74I0fZgGNVxvd4PhcONe45Gho5S2ztaGLQdxC15y6e8Yv/fjw+lSN5ngvngDBBt3FAneYzvhwup8D5gUGS3xr2audXCka77Oqb6bGjg==,iv:bUG0wSgImCIQ80vfQs95FhreM557uzBi6FFn6VQAFG8=,tag:lmLVb35Oi5HXv6DPkaXAWA==,type:str] +ssh_config: ENC[AES256_GCM,data:sEEnFAoiJcn2zAptd01UOfP9e+9HIba0iq3ylATVYu6QHMOeojwCa4jDFtR22Sb4tvlcaKIeYseKhQfMfHopK8Bqz696mSHyrlROrxNZxYg7YvWol0ksN+xNLa7ALTQoI+boQoobpHbZiEQ9OhwUyZBP+Y2ovU3ipXXL3fqaqC/l6oqsSytKv8WDjgoNtTtdbr6NHgM8RMuu72YIMvMYOt2NRoQiqhEzdn/3NOZC7eLz1SV+JKVcm9rogfV9BSjivP+x5lp5KwUUHsbDVIL7LT83jkx+FXZe6CsuVX3Qbd3mErNSDxLDZtxYBUwECt8Ku8wvWf82IQDHMQEwF5zu6Lq7aPi+fZK1CTvsS5X/ar0HMhBwbBkljgnPr+U/CrS5vjouYP7tcuJXxAsSkgACKgZtj9cc38dEqVltR7J4KcZ43nhjci5CeH6Xr9S/wxQRoPxwXfy6cSFHlt5uj4Rkli49f5dqC2fNz8LF77ceygQA3wgCKir+28tWLVSfMO6Xu88BG7fNWldCnkaWQNIMvXAJs03i6XZONXVWP8svfBRbcY9tbhwh0OPT60V4pI3TGuGiAw/kWwswKl4sPz6Fj9/yeCuynoSYXU7PKUgB6ZWZ8Y4eK4+uddSfOKwaQGqeDBz4oJ7X5IH776J8WtBZ/J5D14zgHkJh1ELl2ldaYdjFhQfruBTCILIhQCwcY/DSCWdv9LExIj3Wh5Piv2w1cUmP5HIO0BVk47vial+lWZm4KCU3AwxNwyME3CfqRh7TIzK8Ufi7MZBXHC26e5EAfK5g6Du/I6hVlTjnRDrGqUyF/+c=,iv:yX+/BGMQplX9e1dyLxJ5e81z8tPgI6x67xqqJrFbpzw=,tag:FFiFgWdsuRdSdAbNf44Sng==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - recipient: age1900zc5caephklavvjxp0g4qqvyqlzg3sux69y9p092g3d3qck3kqz62reh enc: | @@ -26,8 +22,7 @@ sops: Nmp5TTVkNFNqd29PRVlRZ2lZWDhaQVEKQ5dnzV8gqd21v6AlUfpOrBTyzvpEC2kr VF7UR0f3VOvnaJ5fDB4nrcHthYbQtxuzhV2wuvZFh+fBle5xRgGRIg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-03-18T20:30:06Z" - mac: ENC[AES256_GCM,data:GznKrPan9U7A9+98Ey+P4xWpRwrsTQ/E5rkypXGBH5nyLXuimyNIrb/p5d5pws/gtdOGMmDIAuOvzzo8BcfFljgIaBK557E1E5Oq6pskmNnIv4gZNjHSncmsA87NGEZYF+gkQijQB6lDL6uZmAz4g5IcWsQltMYlnRv3wM+rYhk=,iv:3IKa5siOFxsLXkBECpx3wimt/s99RtmETmB80mpnU2E=,tag:yhT85gINaoFqKBLTdrEXbw==,type:str] - pgp: [] + lastmodified: "2025-06-05T18:01:08Z" + mac: ENC[AES256_GCM,data:VaYnO0cCKoxY2cvnmqr4MqkTjSOzlBY8z80uxksUxrfWnWCkBtIPHG5gHi7HKn6LnlREUquzHoSSfmpIoKpMjdsOlFunPnrG876uGhNFxHROocixxZJV6yIsClgRx3FCwe1M3iT0NDAYq3zzNrL2bTx1MOx4C97Ki4BuISn4/98=,iv:dUUpbFa7e+Qa9FV9ALEVPifQNrPkv5oYsA6djgYEq10=,tag:s2abIa6FX/vPsUr7M3kEfQ==,type:str] unencrypted_suffix: _unencrypted - version: 3.9.4 + version: 3.10.2 diff --git a/hosts/secrets/kaitain.yaml b/hosts/secrets/kaitain.yaml index 255695a..951aa75 100644 --- a/hosts/secrets/kaitain.yaml +++ b/hosts/secrets/kaitain.yaml @@ -1,9 +1,6 @@ nix-access-token-github: ENC[AES256_GCM,data:OcAY30aGdCEHyl6DW6mYOLI166w/bGBeTKQ645EG3lL0k1IHvu/ox/PG28AjlcCj4pZHeYxEVIYut6a9VoPNjRT3ohA=,iv:8kRcGkGm+6hWAQ0/0FwqDeS7i0GE8cyd0YsC9J6kl54=,tag:G1J/5pK9dQ2N29oz5byVuA==,type:str] +ssh_config: ENC[AES256_GCM,data:pm2kOAyplRTTlQdIGOrX0/T+dGWUH0XdoVdibWY8qGUzgQ80NYGWgM6bHm272OeMKrCLE+0Rtgjzt90HF7cj00V7ER1CK2hJaLmQypsGEBel3PkdhO9oPmSJk9TtydtAldMA/OQEAtZkVm2+1AGiGdvuwNF2PMyJUXSGxqU/uCLpGhQoQY3QGFytsrnsNbsmZplwg5+tT/JI+d56ol2Gm2hvYtEWX/2PunQR2nim0HHDuCLojxXIR1oLbz8l1MU6PsZMHIKvBMbn27OIC4AHFENWbvsKzxK5YZk6DOX+ZnRiyYQ36+ykzAaNXXXuvGufPbKMOySJ4GBKKvxtGd95HeDH8fknVUly5/MraVnjymTmVAQfUm3/eQPxAkA6Lno5UOmxeYUVjFC/fNlx9HDNLwSNze8Kvz/ugdAqfmxWo7wbmlDkFW+HJT2IzxbMDdEUmErBho0s8gYO,iv:8Vwujh30g9GYps+J8hkFHpL+viC088AGLdPCMzL2/LU=,tag:ES2GoIJYk7n0b8MV1tnn6g==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - recipient: age1fptscuj4qa39238xfvc7envgxr4cf29z3zaejp2v3q703tq45dasf8vadl enc: | @@ -23,8 +20,7 @@ sops: RUQzdEkrQTU1cC9OU1B3L1cva0JQTTQKzAuNy/7h5XyOIiQh/8fXfgri90dTW/qt wn/snTnrukwPaeQXsAHQDvzueYxSEtHqk0WYT8sOAfuzOQP7wGoGFg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-11-18T18:32:59Z" - mac: ENC[AES256_GCM,data:YHZ+rkkVX2CX1XgLKFvSEf1Hg6i6wJwNV2IdMx8kjyWSVjAx2PQjKvy/dLFsqspo1FF4Bo++jyaEn0yxuouVful12Q/6RAhf1HRDXK0TjPTWf/vsCw0Mlv/zcPOKMEPG4ltP6bSDG6WtTtFx3Ck6stQwepF2omoVT2E4kj1KONM=,iv:uHs5N9sMfPn4+ZEaU6BlioESWy/BijUfYHu/5UrA4H8=,tag:b/lwx7ex21Jw0knpuy1TPw==,type:str] - pgp: [] + lastmodified: "2025-06-24T17:03:24Z" + mac: ENC[AES256_GCM,data:rbADZdFAqxx6oONZaw8u9BF9ZMBHaCIUCysOa7qucuPnC4N50PbmxhpYZR3Nd0NOqDbkT0+8Ox1XxF6Aty+kxvd46V70WR9oibGJkxuWxyAohXAETv4XjZl8JOkQV8JvEDAzKNjEXbOUKiLRkU8PWfQ13ogshuCE4FYLzrQcNjo=,iv:/79wztsyRzv+g14KeuM/68ne9cKenVB4WX5DYxIGvnM=,tag:626pO+4jISMP5Z/PWcPuxQ==,type:str] unencrypted_suffix: _unencrypted - version: 3.9.1 + version: 3.10.2 diff --git a/hosts/secrets/richese.yaml b/hosts/secrets/richese.yaml index 45bb5e0..a7aa1fc 100644 --- a/hosts/secrets/richese.yaml +++ b/hosts/secrets/richese.yaml @@ -1,9 +1,6 @@ nix-access-token-github: ENC[AES256_GCM,data:g+9Vi3SOLWFkZGb6KzlYdYmv9JSIoYd4OaOhAYZLrxlJKWqsa66Tc2z5dFWr/wyPbitxRAzQB1xRZI3CUbMWOWb06L8=,iv:kjdbr2KLLWfIsSNTCespLXdQ4BKm4caiRASaCYWKFHA=,tag:DBqjdPHnMCSa6obeSy0WzA==,type:str] +ssh_config: ENC[AES256_GCM,data:lNXNkmr0nWohTX+Zf4OpVCnFFaIafxqtz0a1p/mWHV+52W0pwS34vga4Xt1zd7tgaZChXPdU/QLVouIhoR/6o+cHlX/N7UIw5S5tg7uZfsMdxam1hs+VQzSunEYMpVTn9TmsrjUx/4ETKZLXQuA+cq3M/9sBsQYk6acJKstNKdyguG+QJJBddmaQOxp7+VUOELUWwOy3nJxldI1Asg95BXQImi4FLeRw9/iZKkgn0xUrCfljiXn5rC4Fpphebw/JkQMsbd7x/9fpK9wjNtUs/8MPXAIRYU6Ty912rYda5ALUpl4U8L2iRHwSmxriW42IdeRKXcmDtCAJMMN5LyWewqAc36RUwzd7G8ihEweZgRTibRIwYOPuYC10IihX5ccojjDakbMPDx/fhOHRlp6qjRHzB/4qonRbyr+f9CR9of8l6l+VAO9k69BeYjlbfvZOlDMWELGTmdKE,iv:JNcvLKSZ6xhrERXixIIOGlyQMrvT7D9W2zneNSTTjfw=,tag:iMHQNJVEShgUA1L5/3dm4g==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - recipient: age1wv08vfv7mlwkhkn2pkq0gd94a3wz0gc3x3eq0szxem05xg05nfhq2glvv9 enc: | @@ -23,8 +20,7 @@ sops: MGt6VkNzc3hGU2FDVWxsM1Rqdk9qTkEKA5viW8YGBdqvLVLYEdzLWWggxQ2BrDOa atzlSR0WjUsK316X4HtVMyllk0FvLy4QdUP40/XLgd5DpxZZds3OiQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-11-18T18:32:48Z" - mac: ENC[AES256_GCM,data:VvcWlUPFgdQ/YAioKnZzK69PYulZanKNQOan3cHLF8BRehkw1VvVFAmPW0cPLY66cMXFma9rFxaP5XAdRojs2J4ViOgzbhrCHYTVCSA3VTcgBZRTPAfTggztwoPKic0EhE2HxfykhQCrPVxqa23Z25x4q1LuWskE+BMbGubPSP0=,iv:bJnO2oE3ogvpXjCUFKd/+5RXO2udL5a2UXdBdb5Wfec=,tag:dbZR0/BQpPAL996Siyta/A==,type:str] - pgp: [] + lastmodified: "2025-06-24T17:04:43Z" + mac: ENC[AES256_GCM,data:JdElb6C5lvdOXouz10CLgYkmYnqlY0swPivTETGG631MKq08bzkc5zusmkBnHdQ8m/tO7R9JXYzOqoMIrrfgWQ+W2Du6m60BLOcRxGJVsFhcf1yb6GrM47NT/HAyyKUgJloDKJUQL10rrD8mPzCa475OBjebkJ7ycqKiyQV1cr4=,iv:raIutEF8Kv9lxkcboZ/8LzCA7JkfO4pXRRYRJJDz8KQ=,tag:7eTo1a6Kt+ac1Nz+2xfmZg==,type:str] unencrypted_suffix: _unencrypted - version: 3.9.1 + version: 3.10.2 diff --git a/hosts/uranus/default.nix b/hosts/uranus/default.nix index d5dc582..d1c591e 100644 --- a/hosts/uranus/default.nix +++ b/hosts/uranus/default.nix @@ -4,21 +4,25 @@ #kernel.sysctl = { # "net.ipv4.ip_forward" = true; #}; - kernelPackages = pkgs.linuxPackages_6_12; + kernelPackages = pkgs.linuxPackages_6_18; loader = { efi.canTouchEfiVariables = true; - systemd-boot.enable = true; + systemd-boot = { + enable = true; + memtest86.enable = true; + }; timeout = 3; }; supportedFilesystems = [ "zfs" ]; zfs = { devNodes = "/dev/disk/by-label"; - package = pkgs.master.zfs; + forceImportRoot = false; + package = pkgs.zfs_2_4; }; }; - environment.systemPackages = with pkgs; [ - wpa_supplicant + environment.systemPackages = [ + pkgs.wpa_supplicant ]; imports = [ @@ -38,9 +42,11 @@ networking = { hostId = "46fdaa8e"; hostName = "uranus"; - domain = "bitgnome.net"; - nftables.enable = true; interfaces.enp2s0f0.wakeOnLan.enable = true; + nftables.enable = true; + search = [ + "bitgnome.net" + ]; wireless = { enable = true; userControlled.enable = true; diff --git a/overlays/default.nix b/overlays/default.nix index 0e39244..50ea2bc 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -6,8 +6,10 @@ # outputs.overlays.modifications # outputs.overlays."67e692392-packages" # outputs.overlays.master-packages -# outputs.overlays.pr369712-packages +# outputs.overlays.my-nixpkgs +# outputs.overlays.pr495610-packages # outputs.overlays.stable-packages +# outputs.overlays.staging-packages # outputs.overlays.wine9_22-packages # ] @@ -22,6 +24,42 @@ # example = prev.example.overrideAttrs (oldAttrs: rec { # ... # }); + #ghostty = prev.ghostty.overrideAttrs (_: { + # preBuild = '' + # shopt -s globstar + # sed -i 's/^const xev = @import("xev");$/const xev = @import("xev").Epoll;/' **/*.zig + # shopt -u globstar + # ''; + #}); + + #linux-firmware = prev.linux-firmware.overrideAttrs (old: rec { + # pname = "linux-firmware"; + # version = "20250708"; + # src = prev.fetchFromGitLab { + # owner = "kernel-firmware"; + # repo = "linux-firmware"; + # rev = "99d64b4f788c16e81b6550ef94f43c6b91cfad2d"; + # hash = "sha256-TJ97A9I0ipsqgg7ex3pAQgdhDJcLbkNCvuLppt9a07o="; + # }; + #}); + + #proton-ge-bin = prev.proton-ge-bin.overrideAttrs (old: rec { + # pname = "proton-ge-bin"; + # src = prev.fetchzip { + # hash = "sha256-NxZ4OJUYQdRNQTb62jRET6Ef14LEhynOASIMPvwWeNA="; + # url = "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/${version}/${version}.tar.gz"; + # }; + # version = "GE-Proton10-32"; + #}); + + reaper = prev.reaper.overrideAttrs (old: rec { + pname = "reaper"; + src = prev.fetchurl { + hash = "sha256-UdQNtjiMETOJYNibT6H0qvbs4AvP68ghbOwRjdM+iqQ="; + url = "https://www.reaper.fm/files/7.x/reaper769_linux_x86_64.tar.xz"; + }; + version = "7.69"; + }); }; #"67e692392-packages" = final: _prev: { @@ -47,8 +85,15 @@ }; }; - #pr369712-packages = final: _prev: { - # pr369712 = import inputs.nixpkgs-pr369712 { + #my-nixpkgs-packages = final: _prev: { + # my-nixpkgs = import inputs.my-nixpkgs { + # inherit (final) system; + # config.allowUnfree = true; + # }; + #}; + + #pr495610-packages = final: _prev: { + # pr495610 = import inputs.nixpkgs-pr495610 { # inherit (final) system; # config.allowUnfree = true; # }; @@ -62,4 +107,13 @@ config.allowUnfree = true; }; }; + + # When applied, the staging nixpkgs set (declared in the flake inputs) will + # be accessible through 'pkgs.staging' + #staging-packages = final: _prev: { + # staging = import inputs.nixpkgs-staging { + # inherit (final) system; + # config.allowUnfree = true; + # }; + #}; } diff --git a/pkgs/default.nix b/pkgs/default.nix index dda9e84..5c72764 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1,4 +1,6 @@ pkgs: { - sdrconnect = pkgs.callPackage ./sdrconnect { }; gearmulator = pkgs.callPackage ./gearmulator { }; + igir = pkgs.callPackage ./igir { }; + sdrconnect = pkgs.callPackage ./sdrconnect { }; + wayback-x11 = pkgs.callPackage ./wayback-x11 { }; } diff --git a/pkgs/igir/default.nix b/pkgs/igir/default.nix new file mode 100644 index 0000000..dfc4834 --- /dev/null +++ b/pkgs/igir/default.nix @@ -0,0 +1,52 @@ +{ + # for patching bundled 7z binary from the 7zip-bin node module + # at lib/node_modules/igir/node_modules/7zip-bin/linux/x64/7za + autoPatchelfHook, + buildNpmPackage, + fetchFromGitHub, + lib, + libusb1, + libuv, + libz, + lz4, + sdl2-compat, + stdenv, + udev, +}: + +buildNpmPackage rec { + pname = "igir"; + version = "4.1.1"; + + src = fetchFromGitHub { + owner = "emmercm"; + repo = "igir"; + rev = "v${version}"; + hash = "sha256-f/3XIBFMxSPwJpfZTBhuznU/psChfnQEwZASOoH4Ij0="; + }; + + npmDepsHash = "sha256-qPyS2F5jt1C5SZxvRuyPX4+TkYZKTffcekanWtH82EY="; + + # I have no clue why I have to do this + postPatch = '' + patchShebangs scripts/update-readme-help.sh + ''; + + nativeBuildInputs = [ autoPatchelfHook ]; + + buildInputs = [ (lib.getLib stdenv.cc.cc) libusb1 libuv libz lz4 sdl2-compat udev ]; + + # from lib/node_modules/igir/node_modules/@node-rs/crc32-linux-x64-musl/crc32.linux-x64-musl.node + # Irrelevant to our use + autoPatchelfIgnoreMissingDeps = [ "libc.musl-x86_64.so.1" ]; + + meta = with lib; { + description = "Video game ROM collection manager to help filter, sort, patch, archive, and report on collections on any OS"; + mainProgram = "igir"; + homepage = "https://igir.io"; + changelog = "https://github.com/emmercm/igir/releases/tag/${src.rev}"; + license = licenses.gpl3Plus; + maintainers = with maintainers; [ ]; + platforms = platforms.linux; + }; +} diff --git a/pkgs/sdrconnect/default.nix b/pkgs/sdrconnect/default.nix index d3db91e..6bf1452 100644 --- a/pkgs/sdrconnect/default.nix +++ b/pkgs/sdrconnect/default.nix @@ -5,50 +5,51 @@ fetchurl, fontconfig, gcc, - iconConvTools, icu, lib, + libice, + libsm, libusb1, + libx11, makeDesktopItem, stdenv, - util-linux, - xorg + util-linux }: let - hash = "83273bcd8"; + hash = "a4b8da76b"; platforms = { aarch64-linux = { arch = "arm64"; - sha256 = "3e22926dcfbb85f27e1a42e53368d6794b83fbede114707fa4fedf053984323d"; + sha256 = "0nq2hb2iim0ivnwa1rzw4dwgi6abvwdzynf9wr1x3p9jm42lphfg"; }; x86_64-linux = { arch = "x64"; - sha256 = "81e94b31f6cd8699c51aa3f5742ce42dd4f3dbc94ce9d72d25c6e8a5851db664"; + sha256 = "1nxlyvma0qpclcyslvszq7m3vziwwsfwngacc1gavl1dka911c0c"; }; }; - version = "1.0.4"; + version = "1.0.8"; inherit (stdenv.hostPlatform) system; in - with platforms.${system} or (throw "Unsupported system: ${system}"); + with platforms.${stdenv.hostPlatform.system} or (throw "Unsupported system: ${stdenv.hostPlatform.system}"); stdenv.mkDerivation rec { inherit version; pname = "sdrconnect"; src = fetchurl { - url = "https://www.sdrplay.com/software/SDRconnect_linux-${arch}_${hash}.run"; + url = "https://www.sdrplay.com/software/sdrconnect_linux-${arch}_${hash}.tar.gz"; inherit sha256; }; - nativeBuildInputs = [ autoPatchelfHook copyDesktopItems iconConvTools ]; + nativeBuildInputs = [ autoPatchelfHook copyDesktopItems ]; buildInputs = [ alsa-lib @@ -60,22 +61,22 @@ in runtimeDependencies = [ icu - xorg.libX11 - xorg.libICE - xorg.libSM + libice + libsm + libx11 ]; appendRunpaths = [ "${placeholder "out"}/lib" ]; unpackPhase = '' - bash $src --target . --noexec + tar xaf $src ''; postInstall = '' - mkdir -p $out/bin $out/lib + mkdir -p $out/bin $out/lib $out/share/icons/hicolor/64x64/apps cp SDRconnect $out/bin cp *.so $out/lib - icoFileToHiColorTheme sdrconnect.ico sdrconnect $out + cp icons/64x64/sdrconnect.png $out/share/icons/hicolor/64x64/apps ''; desktopItems = with meta; [ diff --git a/pkgs/wayback-x11/default.nix b/pkgs/wayback-x11/default.nix new file mode 100644 index 0000000..e1b9c02 --- /dev/null +++ b/pkgs/wayback-x11/default.nix @@ -0,0 +1,64 @@ +{ + fetchFromGitLab, + lib, + libxkbcommon, + meson, + ninja, + pixman, + pkg-config, + scdoc, + stdenv, + unstableGitUpdater, + wayland, + wayland-protocols, + wayland-scanner, + wlroots_0_19, + xwayland, +}: + +stdenv.mkDerivation { + pname = "wayback"; + version = "0.1"; + + src = fetchFromGitLab { + domain = "gitlab.freedesktop.org"; + owner = "wayback"; + repo = "wayback"; + rev = "156d7a86d112cd1bd70c2f75cb190fdd98565080"; + hash = "sha256-A4Ur32QZc0foS+O+jfQCug0k32nvYkB2MoacDT4W7dQ="; + }; + + strictDeps = true; + + depsBuildBuild = [ + pkg-config + ]; + + nativeBuildInputs = [ + meson + ninja + pkg-config + scdoc + wayland-scanner + ]; + + buildInputs = [ + libxkbcommon + pixman + wayland + wayland-protocols + wlroots_0_19 + xwayland + ]; + + passthru.updateScript = unstableGitUpdater { }; + + meta = { + description = "X11 compatibility layer leveraging wlroots and Xwayland"; + homepage = "https://wayback.freedesktop.org"; + license = lib.licenses.mit; + platforms = lib.platforms.linux; + mainProgram = "wayback-session"; + maintainers = with lib.maintainers; [ dramforever ]; + }; +} diff --git a/scripts/pretty-rebuild b/scripts/pretty-rebuild index 613ce2b..995eda2 100755 --- a/scripts/pretty-rebuild +++ b/scripts/pretty-rebuild @@ -1,9 +1,15 @@ #!/usr/bin/env nix-shell #!nix-shell -i zsh --packages nvd zsh +if [[ ${@} =~ "--flake" ]]; then + args=(${=@}) +else + args=("--flake .#$(hostname -s)" ${=@}) +fi + cd /etc/nixos && \ nix flake update && \ - nixos-rebuild switch --upgrade --show-trace ${@} && \ + nixos-rebuild switch --show-trace ${=args} && \ echo && \ nixos-rebuild list-generations | cat && \ echo && \ |