diff options
77 files changed, 1744 insertions, 617 deletions
@@ -15,7 +15,9 @@ keys: - &arrakis age1mkqxkwse7hrnxtcgqe0wdzhhrxk55syx2wpcngemecz0d7hugsnqupw3de + - &caladan age1rpjhlmc9sf3kcagg2fq4850vcxnvhmrrfggs30jckffjxxr89smsukj0f3 - &darkstar age1z6g6etwcer433v97lwjrruetdh9fswkgjh9w702wzdc2ydvy5q8ssrfy9r + - &fangorn age15yqlem4d5h4mz808j72ccd8mrdu4p8hyal2k988jdcmtqrns23xq80896d - &ginaz age1900zc5caephklavvjxp0g4qqvyqlzg3sux69y9p092g3d3qck3kqz62reh - &kaitain age1fptscuj4qa39238xfvc7envgxr4cf29z3zaejp2v3q703tq45dasf8vadl - &nipsy age1a9gp70y8576pkvklz2arz6h9ecnrjeue2vvh9mvvk92z4ymqrg4qdqm9va @@ -26,6 +28,10 @@ creation_rules: key_groups: - age: - *nipsy + - path_regex: ^home/nipsy/secrets/caladan.yaml$ + key_groups: + - age: + - *nipsy - path_regex: ^home/nipsy/secrets/ginaz.yaml$ key_groups: - age: @@ -35,11 +41,21 @@ creation_rules: - age: - *arrakis - *nipsy + - path_regex: ^hosts/secrets/caladan.yaml$ + key_groups: + - age: + - *caladan + - *nipsy - path_regex: ^hosts/secrets/darkstar.yaml$ key_groups: - age: - *darkstar - *nipsy + - path_regex: ^hosts/secrets/fangorn.yaml$ + key_groups: + - age: + - *fangorn + - *nipsy - path_regex: ^hosts/secrets/ginaz.yaml$ key_groups: - age: @@ -53,5 +69,5 @@ creation_rules: - path_regex: ^hosts/secrets/richese.yaml$ key_groups: - age: - - *richese - *nipsy + - *richese @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1741786315, - "narHash": "sha256-VT65AE2syHVj6v/DGB496bqBnu1PXrrzwlw07/Zpllc=", + "lastModified": 1749436314, + "narHash": "sha256-CqmqU5FRg5AadtIkxwu8ulDSOSoIisUMZRLlcED3Q5w=", "owner": "nix-community", "repo": "disko", - "rev": "0d8c6ad4a43906d14abd5c60e0ffe7b587b213de", + "rev": "dfa4d1b9c39c0342ef133795127a3af14598017a", "type": "github" }, "original": { @@ -27,11 +27,11 @@ ] }, "locked": { - "lastModified": 1742996658, - "narHash": "sha256-snxgTLVq6ooaD3W3mPHu7LVWpoZKczhxHAUZy2ea4oA=", + "lastModified": 1749821119, + "narHash": "sha256-X3WAS322EsebI4ohJcXhKpiyG1v+7wE4VOiXy1pxM/c=", "owner": "nix-community", "repo": "home-manager", - "rev": "693840c01b9bef9e54100239cef937e53d4661bf", + "rev": "79dfd9aa295e53773aad45480b44c131da29f35b", "type": "github" }, "original": { @@ -63,11 +63,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1742806253, - "narHash": "sha256-zvQ4GsCJT6MTOzPKLmlFyM+lxo0JGQ0cSFaZSACmWfY=", + "lastModified": 1749832440, + "narHash": "sha256-lfxhuxAaHlYFGr8yOrAXZqdMt8PrFLzjVqH9v3lQaoY=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "ecaa2d911e77c265c2a5bac8b583c40b0f151726", + "rev": "db030f62a449568345372bd62ed8c5be4824fa49", "type": "github" }, "original": { @@ -78,11 +78,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1742889210, - "narHash": "sha256-hw63HnwnqU3ZQfsMclLhMvOezpM7RSB0dMAtD5/sOiw=", + "lastModified": 1749794982, + "narHash": "sha256-Kh9K4taXbVuaLC0IL+9HcfvxsSUx8dPB5s5weJcc9pc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "698214a32beb4f4c8e3942372c694f40848b360d", + "rev": "ee930f9755f58096ac6e8ca94a1887e0534e2d81", "type": "github" }, "original": { @@ -94,11 +94,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1743060463, - "narHash": "sha256-lZXKW0PwETedRErsQtGpM+OrpvD/ZobrpS92IzTXrhQ=", + "lastModified": 1749931049, + "narHash": "sha256-8VuyYYlTV+MeNIsJQKCyd9/3/OBksB5l4snXeYwFOgU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "b6d12f5938461576dcd8d0e4dfaceb89df41f86f", + "rev": "5bcfbd5453fcdc1b3a0539a8d96410b89e81d8c3", "type": "github" }, "original": { @@ -131,11 +131,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1741330828, - "narHash": "sha256-Vj5UBTlVRWGX3T0EAI6pVWTMmi8SpAeMuRMMVz/Hgz0=", + "lastModified": 1748931931, + "narHash": "sha256-0NUhiMITsYlXDjgcVbLayI0rgrEdf5NIbpW3oLueYUs=", "owner": "icewind1991", "repo": "nvidia-patch-nixos", - "rev": "0cc22a482f2aa4c13daeac0935a787d868122ff0", + "rev": "fa8f006a236349790c94801ac85e43f103b35baf", "type": "github" }, "original": { @@ -164,11 +164,11 @@ ] }, "locked": { - "lastModified": 1742700801, - "narHash": "sha256-ZGlpUDsuBdeZeTNgoMv+aw0ByXT2J3wkYw9kJwkAS4M=", + "lastModified": 1749592509, + "narHash": "sha256-VunQzfZFA+Y6x3wYi2UE4DEQ8qKoAZZCnZPUlSoqC+A=", "owner": "Mic92", "repo": "sops-nix", - "rev": "67566fe68a8bed2a7b1175fdfb0697ed22ae8852", + "rev": "50754dfaa0e24e313c626900d44ef431f3210138", "type": "github" }, "original": { @@ -100,6 +100,34 @@ ]; }; + caladan = nixpkgs.lib.nixosSystem { + specialArgs = { inherit inputs outputs; }; + modules = [ + #{ + # environment.systemPackages = [ + # ghostty.packages.x86_64-linux.default + # ]; + #} + #({ config, pkgs, ... }: + # let + # overlay-dict-pr367392 = final: prev: { + # dict = nixpkgs-pr367392.legacyPackages."x86_64-linux".dict; + # }; + # in { + # nixpkgs.overlays = [ overlay-dict-pr367392 ]; + # } + #) + disko.nixosModules.disko + ./hosts/caladan + home-manager.nixosModules.home-manager { + home-manager.sharedModules = [ sops-nix.homeManagerModules.sops ]; + home-manager.users.root = import ./home/root/caladan.nix; + home-manager.users.nipsy = import ./home/nipsy/caladan.nix; + } + sops-nix.nixosModules.sops + ]; + }; + darkstar = nixpkgs.lib.nixosSystem { specialArgs = { inherit inputs outputs; }; modules = [ @@ -114,6 +142,21 @@ ]; }; + fangorn = nixpkgs.lib.nixosSystem rec { + specialArgs = { inherit inputs outputs; }; + modules = [ + disko.nixosModules.disko + ./hosts/fangorn + home-manager.nixosModules.home-manager { + home-manager.sharedModules = [ sops-nix.homeManagerModules.sops ]; + home-manager.users.root = import ./home/root/fangorn.nix; + home-manager.users.don = import ./home/don/fangorn.nix; + home-manager.users.nipsy = import ./home/nipsy/fangorn.nix; + } + sops-nix.nixosModules.sops + ]; + }; + ginaz = nixpkgs.lib.nixosSystem rec { specialArgs = { inherit inputs outputs; }; modules = [ @@ -133,87 +176,87 @@ iso = nixpkgs.lib.nixosSystem { modules = [ ({ modulesPath, pkgs, ... }: { - environment.systemPackages = with pkgs; [ - acl - bash - bc - bzip2 - conntrack-tools - coreutils - cpio - curl - diffutils - dig - dmidecode - elinks - encfs - ethtool - expect - file - findutils - fio - fping - git - gnugrep - gnupatch - gnused - gnutar - gptfdisk - gzip - htop - iotop - ipcalc - iperf - iproute2 - iputils - jq - less - lshw - lsof - lvm2 - moreutils - nano - netcat-openbsd - nettools - nmap - ntfs3g - openldap - openssl - p7zip - parted - pciutils - procps - progress - psmisc - pv - pwgen - recode - rsync - sg3_utils - smartmontools - socat - speedtest-cli - sqlite - sshfs - strace - sysstat - tcpdump - tftp-hpa - traceroute - tree - tshark - unixtools.xxd - unrar - unzip - usbutils - util-linux - vim - wdiff - wget - whois - wireguard-tools - xz - zip + environment.systemPackages = [ + pkgs.acl + pkgs.bash + pkgs.bc + pkgs.bzip2 + pkgs.conntrack-tools + pkgs.coreutils + pkgs.cpio + pkgs.curl + pkgs.diffutils + pkgs.dig + pkgs.dmidecode + pkgs.elinks + pkgs.encfs + pkgs.ethtool + pkgs.expect + pkgs.file + pkgs.findutils + pkgs.fio + pkgs.fping + pkgs.git + pkgs.gnugrep + pkgs.gnupatch + pkgs.gnused + pkgs.gnutar + pkgs.gptfdisk + pkgs.gzip + pkgs.htop + pkgs.iotop + pkgs.ipcalc + pkgs.iperf + pkgs.iproute2 + pkgs.iputils + pkgs.jq + pkgs.less + pkgs.lshw + pkgs.lsof + pkgs.lvm2 + pkgs.moreutils + pkgs.nano + pkgs.netcat-openbsd + pkgs.nettools + pkgs.nmap + pkgs.ntfs3g + pkgs.openldap + pkgs.openssl + pkgs.p7zip + pkgs.parted + pkgs.pciutils + pkgs.procps + pkgs.progress + pkgs.psmisc + pkgs.pv + pkgs.pwgen + pkgs.recode + pkgs.rsync + pkgs.sg3_utils + pkgs.smartmontools + pkgs.socat + pkgs.speedtest-cli + pkgs.sqlite + pkgs.sshfs + pkgs.strace + pkgs.sysstat + pkgs.tcpdump + pkgs.tftp-hpa + pkgs.traceroute + pkgs.tree + pkgs.tshark + pkgs.unixtools.xxd + pkgs.unrar + pkgs.unzip + pkgs.usbutils + pkgs.util-linux + pkgs.vim + pkgs.wdiff + pkgs.wget + pkgs.whois + pkgs.wireguard-tools + pkgs.xz + pkgs.zip ]; imports = [ (modulesPath + "/installer/cd-dvd/installation-cd-minimal.nix") ]; diff --git a/home/don/common/core/bash.nix b/home/don/common/core/bash.nix new file mode 100644 index 0000000..7bfb808 --- /dev/null +++ b/home/don/common/core/bash.nix @@ -0,0 +1,16 @@ +{ + programs.bash = { + enable = true; + enableCompletion = true; + shellAliases = { + grep = "grep --color=auto"; + ip = "ip -c=auto"; + la = "ls -aF --color=auto"; + ll = "ls -alF --color=auto"; + lock = "xscreensaver-command -lock"; + nix-list-derivations = "nix-store --query --requisites /run/current-system | cut -d- -f2- | sort | uniq"; + nix-list-generations = "nixos-rebuild list-generations"; + zgrep = "zgrep --color=auto"; + }; + }; +} diff --git a/home/don/common/core/default.nix b/home/don/common/core/default.nix new file mode 100644 index 0000000..8250d0c --- /dev/null +++ b/home/don/common/core/default.nix @@ -0,0 +1,29 @@ +{ config, lib, pkgs, outputs, ... }: +{ + imports = [ + ./bash.nix + ./vim + ]; + + home = { + username = lib.mkDefault "don"; + homeDirectory = lib.mkDefault "/home/${config.home.username}"; + stateVersion = lib.mkDefault "23.11"; + }; + + #home.packages = builtins.attrValues { + # inherit (pkgs) + # wget + # zip; + #}; + + nix = { + package = lib.mkDefault pkgs.nix; + settings = { + experimental-features = [ "nix-command" "flakes" ]; + warn-dirty = false; + }; + }; + + programs.home-manager.enable = true; +} diff --git a/home/don/common/core/vim/default.nix b/home/don/common/core/vim/default.nix new file mode 100644 index 0000000..ea4ed5e --- /dev/null +++ b/home/don/common/core/vim/default.nix @@ -0,0 +1,6 @@ +{ + programs.vim = { + enable = true; + extraConfig = (builtins.readFile ./vimrc); + }; +} diff --git a/home/don/common/core/vim/vimrc b/home/don/common/core/vim/vimrc new file mode 100644 index 0000000..87de2a0 --- /dev/null +++ b/home/don/common/core/vim/vimrc @@ -0,0 +1,47 @@ +" Handling of big files - William Natter, Tony Mechelynck and others +" fairly certain that BufSizeThreshold is in bytes +let g:SaveUndoLevels = &undolevels +let g:BufSizeThreshold = 5242880 +if has("autocmd") + au VimEnter * let g:SaveUndoLevels = &undolevels + au BufReadPre * if getfsize(expand("%")) >= g:BufSizeThreshold | setlocal noswapfile | endif + au BufEnter * if getfsize(expand("%")) < g:BufSizeThreshold | let &undolevels=g:SaveUndoLevels | else | setlocal undolevels=-1 | endif + au BufEnter * if getfsize(expand("%")) < g:BufSizeThreshold | syntax on | else | syntax off | endif +endif + +set mouse& +set noautoindent " always set autoindenting off + +" enable better 24-bit color support +"let &t_8f = "\<Esc>[38;2;%lu;%lu;%lum" +"let &t_8b = "\<Esc>[48;2;%lu;%lu;%lum" +set termguicolors + +" If using a dark background within the editing area and syntax highlighting +" turn on this option as well +set background=dark + +if has("autocmd") + " Enabled file type detection + " Use the default filetype settings. If you also want to load indent files + " to automatically do language-dependent indenting add 'indent' as well. + filetype plugin on + "filetype indent on +endif " has ("autocmd") + +" The following are commented out as they cause vim to behave a lot +" different from regular vi. They are highly recommended though. +set showcmd " Show (partial) command in status line. +set showmatch " Show matching brackets. +set ignorecase " Do case insensitive matching +set incsearch " Incremental search +"set expandtab " replace tabs with spaces +set smarttab " use shiftwidth instead of tabstop at start of line +set spell spelllang=en_us " turn on the spell check +set hlsearch " highlight all search matches + +set laststatus=2 +set statusline=%<%f%h%m%r%=%{&ff}\ %Y\ %b\ 0x%B\ \ %l,%c%V\ %P + +"map <F5> :w<CR><bar>:!clear;go run %<CR> +"map <F6> :w<CR><bar>:%! gofmt<CR> diff --git a/home/don/fangorn.nix b/home/don/fangorn.nix new file mode 100644 index 0000000..83c92cd --- /dev/null +++ b/home/don/fangorn.nix @@ -0,0 +1,6 @@ +{ inputs, lib, pkgs, config, outputs, ... }: +{ + imports = [ + common/core + ]; +} diff --git a/home/nipsy/arrakis.nix b/home/nipsy/arrakis.nix index 801148f..2776524 100644 --- a/home/nipsy/arrakis.nix +++ b/home/nipsy/arrakis.nix @@ -2,8 +2,9 @@ { imports = [ common/core - common/optional/desktops - common/optional/desktops/services/xscreensaver.nix + #common/optional/desktops + #common/optional/desktops/services/xscreensaver.nix + common/optional/secrets.nix #inputs.sops-nix.homeManagerModules.sops ]; @@ -29,7 +30,7 @@ programs.zsh = { shellAliases = { - manage = "tmux new-window ssh root@darkstar\\; split-window -d ssh root@king\\; new-window ssh root@black-sheep\\; split-window -d ssh root@treebeard\\; new-window ssh root@casey\\; split-window -d ssh root@homer\\; new-window ssh root@lilnasx\\; split-window -d ssh root@trent"; + manage = "tmux new-window ssh root@darkstar\\; split-window -d ssh root@king\\; new-window ssh root@black-sheep\\; split-window -d ssh root@fangorn\\; split-window -d ssh root@treebeard\\; new-window ssh root@casey\\; split-window -d ssh root@homer\\; new-window ssh root@lilnasx\\; split-window -d ssh root@trent"; }; }; @@ -47,12 +48,12 @@ }; }; - xsession = { - initExtra = '' - xrandr --output DP-2 --primary --mode 2560x1440 --rate 165 + #xsession = { + # initExtra = '' + # xrandr --output DisplayPort-0 --primary --mode 2560x1440 --rate 165 - # disable VRR because it causes the display to go to sleep on my GeForce 1080 (now 3070 Ti) sometimes; maybe monitor related? - #nvidia-settings -a AllowVRR=0 - ''; - }; + # # disable VRR because it causes the display to go to sleep on my GeForce 1080 (now 3070 Ti) sometimes; maybe monitor related? + # #nvidia-settings -a AllowVRR=0 + # ''; + #}; } diff --git a/home/nipsy/caladan.nix b/home/nipsy/caladan.nix new file mode 100644 index 0000000..c2d8539 --- /dev/null +++ b/home/nipsy/caladan.nix @@ -0,0 +1,60 @@ +{ inputs, lib, pkgs, config, outputs, ... }: +{ + imports = [ + common/core + common/optional/desktops + #common/optional/desktops/services/xscreensaver.nix + common/optional/desktops/xdg.nix + common/optional/secrets.nix + #inputs.sops-nix.homeManagerModules.sops + ]; + + home.file = { + ".mailcap".text = '' + #application/msword; antiword -rs '%s'; copiousoutput; description=Microsoft Word Document + application/pdf; pdftotext '%s' -; copiousoutput; description=Adobe Portable Document Format + #image/gif; asciiview -driver curses -dim -bold -reverse -normal -boldfont -extended -eight '%s'; description=GIF image + image/gif; sxiv '%s'; description=GIF image + #image/jpeg; asciiview -driver curses -dim -bold -reverse -normal -boldfont -extended -eight '%s'; description=JPEG image + image/jpeg; sxiv '%s'; description=JPEG image + image/png; sxiv '%s'; description=PNG image + text/html; elinks -dump %s; copiousoutput + #text/richtext; catdoc '%s'; copiousoutput; description=Microsoft Rich Text Format + ''; + ".mutt/aliases".source = ./arrakis/mutt/aliases; + ".mutt/colors".source = ./arrakis/mutt/colors; + ".mutt/headers".source = ./arrakis/mutt/headers; + ".mutt/keys".source = ./arrakis/mutt/keys; + ".mutt/muttrc".source = ./arrakis/mutt/muttrc; + "bin/knock".source = ../common/scripts/knock; + }; + + programs.zsh = { + shellAliases = { + manage = "tmux new-window ssh -A root@darkstar\\; split-window -d ssh root@king\\; new-window ssh root@black-sheep\\; split-window -d ssh root@fangorn\\; split-window -d ssh root@treebeard\\; new-window ssh root@casey\\; split-window -d ssh root@homer\\; new-window ssh root@lilnasx\\; split-window -d ssh root@trent"; + }; + }; + + sops = { + age.keyFile = "/home/nipsy/.config/sops/age/keys.txt"; + defaultSopsFile = ./secrets/caladan.yaml; + + secrets = { + "reaper_license" = { + path = "/home/nipsy/.config/REAPER/reaper-license.rk"; + }; + "ssh_config" = { + path = "/home/nipsy/.ssh/config"; + }; + }; + }; + + xsession = { + initExtra = '' + xrandr --output DisplayPort-0 --primary --mode 2560x1440 --rate 165 + + # disable VRR because it causes the display to go to sleep on my GeForce 1080 (now 3070 Ti) sometimes; maybe monitor related? + #nvidia-settings -a AllowVRR=0 + ''; + }; +} diff --git a/home/nipsy/common/core/zsh/default.nix b/home/nipsy/common/core/zsh/default.nix index a3b0f9e..864eec0 100644 --- a/home/nipsy/common/core/zsh/default.nix +++ b/home/nipsy/common/core/zsh/default.nix @@ -8,7 +8,7 @@ size = 100000; }; - initExtra = (builtins.readFile ./zshrc); + initContent = (builtins.readFile ./zshrc); sessionVariables = let makePluginPath = format: (lib.strings.makeSearchPath format [ diff --git a/home/nipsy/common/core/zsh/zshrc b/home/nipsy/common/core/zsh/zshrc index 543450d..af6df09 100644 --- a/home/nipsy/common/core/zsh/zshrc +++ b/home/nipsy/common/core/zsh/zshrc @@ -1,5 +1,12 @@ umask 022 +# remote gpg-agent handling +if [[ ${HOST} == "arrakis.bitgnome.net" ]]; then + if [[ ! -d /run/user/1000/gnupg ]]; then + gpgconf --create-socketdir + fi +fi + eval $(dircolors) # set SWAYSOCK correctly @@ -13,6 +20,7 @@ if [[ -z "${DISPLAY}" ]] && [[ $(tty) == "/dev/tty1" ]]; then export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket) # set some Wayland specific variables + export ELECTRON_OZONE_PLATFORM_HINT=auto export MOZ_ENABLE_WAYLAND=1 export GDK_BACKEND=wayland export QT_QPA_PLATFORM=wayland diff --git a/home/nipsy/common/optional/desktops/default.nix b/home/nipsy/common/optional/desktops/default.nix index 26e369a..d42e587 100644 --- a/home/nipsy/common/optional/desktops/default.nix +++ b/home/nipsy/common/optional/desktops/default.nix @@ -1,4 +1,3 @@ -{ config, pkgs, ... }: { imports = [ ./fonts.nix @@ -6,23 +5,4 @@ ./i3 ./services/dunst.nix ]; - - programs.password-store = { - enable = true; - package = pkgs.pass.withExtensions (exts: with exts; [ - pass-otp - ]); - settings = { - PASSWORD_STORE_DIR = "${config.home.homeDirectory}/.password-store"; - }; - }; - - services.gpg-agent = { - defaultCacheTtl = 43200; - defaultCacheTtlSsh = 43200; - enable = true; - enableSshSupport = true; - maxCacheTtl = 86400; - maxCacheTtlSsh = 86400; - }; } diff --git a/home/nipsy/common/optional/desktops/fonts.nix b/home/nipsy/common/optional/desktops/fonts.nix index f2b862d..6935029 100644 --- a/home/nipsy/common/optional/desktops/fonts.nix +++ b/home/nipsy/common/optional/desktops/fonts.nix @@ -1,7 +1,8 @@ -{ pkgs, ... }: +{ lib, pkgs, ... }: { fonts.fontconfig.enable = true; home.packages = [ + #(builtins.filter lib.attrsets.isDerivation (builtins.attrValues pkgs.nerd-fonts)) pkgs.nerd-fonts._0xproto pkgs.nerd-fonts._3270 pkgs.nerd-fonts.agave @@ -51,7 +52,7 @@ pkgs.nerd-fonts.monofur pkgs.nerd-fonts.monoid pkgs.nerd-fonts.mononoki - pkgs.nerd-fonts.mplus + #pkgs.nerd-fonts.mplus pkgs.nerd-fonts.noto pkgs.nerd-fonts.open-dyslexic pkgs.nerd-fonts.overpass diff --git a/home/nipsy/common/optional/desktops/i3/default.nix b/home/nipsy/common/optional/desktops/i3/default.nix index 0086aa8..758c61c 100644 --- a/home/nipsy/common/optional/desktops/i3/default.nix +++ b/home/nipsy/common/optional/desktops/i3/default.nix @@ -3,6 +3,7 @@ home = { file = { ".config/ghostty/config".text = '' + #async-backend = epoll background-opacity = 0.8 cursor-color = #ffffff font-family = "DejaVu Sans Mono" diff --git a/home/nipsy/common/optional/desktops/xdg.nix b/home/nipsy/common/optional/desktops/xdg.nix new file mode 100644 index 0000000..f4ac723 --- /dev/null +++ b/home/nipsy/common/optional/desktops/xdg.nix @@ -0,0 +1,21 @@ +{ + xdg.mimeApps = { + enable = true; + defaultApplications = { + "application/x-extension-htm" = "firefox.desktop"; + "application/x-extension-html" = "firefox.desktop"; + "application/x-extension-shtml" = "firefox.desktop"; + "application/x-extension-xht" = "firefox.desktop"; + "application/x-extension-xhtml" = "firefox.desktop"; + "application/xhtml+xml" = "firefox.desktop"; + "text/html" = "firefox.desktop"; + "x-scheme-handler/about" = "firefox.desktop"; + "x-scheme-handler/chrome" = "firefox.desktop"; + "x-scheme-handler/http" = "firefox.desktop"; + "x-scheme-handler/https" = "firefox.desktop"; + "x-scheme-handler/sgnl" = "signal.desktop"; + "x-scheme-handler/signalcaptcha" = "signal.desktop"; + "x-scheme-handler/unknown" = "firefox.desktop"; + }; + }; +} diff --git a/home/nipsy/common/optional/secrets.nix b/home/nipsy/common/optional/secrets.nix new file mode 100644 index 0000000..24ea99c --- /dev/null +++ b/home/nipsy/common/optional/secrets.nix @@ -0,0 +1,22 @@ +{ config, pkgs, ... }: +{ + programs.password-store = { + enable = true; + package = pkgs.pass.withExtensions (exts: [ + exts.pass-otp + ]); + settings = { + PASSWORD_STORE_DIR = "${config.home.homeDirectory}/.password-store"; + }; + }; + + services.gpg-agent = { + defaultCacheTtl = 43200; + defaultCacheTtlSsh = 43200; + enable = true; + enableExtraSocket = true; + enableSshSupport = true; + maxCacheTtl = 86400; + maxCacheTtlSsh = 86400; + }; +} diff --git a/home/nipsy/fangorn.nix b/home/nipsy/fangorn.nix new file mode 100644 index 0000000..4a50c81 --- /dev/null +++ b/home/nipsy/fangorn.nix @@ -0,0 +1,10 @@ +{ inputs, lib, pkgs, config, outputs, ... }: +{ + imports = [ + common/core + common/optional/desktops + common/optional/desktops/services/blueman-applet.nix + common/optional/desktops/services/xscreensaver.nix + common/optional/secrets.nix + ]; +} diff --git a/home/nipsy/ginaz.nix b/home/nipsy/ginaz.nix index a3e8395..fb3ac3b 100644 --- a/home/nipsy/ginaz.nix +++ b/home/nipsy/ginaz.nix @@ -10,6 +10,8 @@ common/optional/desktops common/optional/desktops/services/blueman-applet.nix common/optional/desktops/services/xscreensaver.nix + common/optional/desktops/xdg.nix + common/optional/secrets.nix #inputs.sops-nix.homeManagerModules.sops ]; diff --git a/home/nipsy/kaitain.nix b/home/nipsy/kaitain.nix index 83406e0..0cc9556 100644 --- a/home/nipsy/kaitain.nix +++ b/home/nipsy/kaitain.nix @@ -3,22 +3,25 @@ imports = [ common/core common/optional/desktops + common/optional/secrets.nix ]; - home.file.".ansible.cfg".text = '' - [defaults] - forks=5 - timeout=600 + home.file = { + ".ansible.cfg".text = '' + [defaults] + forks=5 + timeout=600 + + [ssh_connection] + ssh_args=-o BatchMode=yes -o ControlMaster=auto -o ControlPersist=8h -o Compression=yes + control_path=/dev/shm/%%C + control_path_dir=/dev/shm + pipelining=True + ''; - [ssh_connection] - ssh_args=-o BatchMode=yes -o ControlMaster=auto -o ControlPersist=8h -o Compression=yes - control_path=/dev/shm/%%C - control_path_dir=/dev/shm - pipelining=True - ''; - - home.file.".mailcap".text = '' - text/html; elinks -dump %s; copiousoutput - application/pdf; pdftotext '%s' -; copiousoutput; description=Adobe Portable Document Format - ''; + ".mailcap".text = '' + text/html; elinks -dump %s; copiousoutput + application/pdf; pdftotext '%s' -; copiousoutput; description=Adobe Portable Document Format + ''; + }; } diff --git a/home/nipsy/richese.nix b/home/nipsy/richese.nix index 7c3e0b0..386b9aa 100644 --- a/home/nipsy/richese.nix +++ b/home/nipsy/richese.nix @@ -3,17 +3,20 @@ imports = [ common/core common/optional/desktops + common/optional/secrets.nix ]; - home.file.".ansible.cfg".text = '' - [defaults] - forks=5 - timeout=600 - - [ssh_connection] - ssh_args=-o BatchMode=yes -o ControlMaster=auto -o ControlPersist=8h -o Compression=yes -o StrictHostKeyChecking=no - control_path=/dev/shm/%%C - control_path_dir=/dev/shm - pipelining=True - ''; + home.file = { + ".ansible.cfg".text = '' + [defaults] + forks=5 + timeout=600 + + [ssh_connection] + ssh_args=-o BatchMode=yes -o ControlMaster=auto -o ControlPersist=8h -o Compression=yes -o StrictHostKeyChecking=no + control_path=/dev/shm/%%C + control_path_dir=/dev/shm + pipelining=True + ''; + }; } diff --git a/home/nipsy/secrets/arrakis.yaml b/home/nipsy/secrets/arrakis.yaml index 6b8813f..88cc8a6 100644 --- a/home/nipsy/secrets/arrakis.yaml +++ b/home/nipsy/secrets/arrakis.yaml @@ -1,10 +1,6 @@ reaper_license: ENC[AES256_GCM,data:v+3MRFYfshEg+v/wrf5kYY3zIJsQhl0RUXaOw/VmbIqjswH0aTy28UsU8rt4+btvywpb4TT9ta9NkBrnsHBgE5jTnIrnUyt6NJHOSnA/I9TUzvumg6ijKzuu86w3uahCwlPE/ZBrR+BKRM0pK5d7En9HHuNTNUwVrmAkMOk0YeuaArWu+e50CWl+Yx84HiNCP7BgsUbc8Wa9PZMinvXpzwd69WKDmsVdVLGnHPxTJHFTH8/8XAV0DrHbW4nV/xUiFALTURWqbyZlQpcfMjSHDT7YNq/c6JZzU4YYFZOrYrkiUPAn5Zjz/r/XcdteIpai2wZrgRir7/1Vxhul2wK2Ku0Z/66JeNxj2Tk4/CPcWQIbwZF4k13Z5x4wm8duOWrDgnjSRRwM10TSeERP4KiFsIL9xFR5MATYsUD1gTKtCDRN8SsO+/NGXlUn4nkN4tNxedxeRfGNmxwijmkJ6RTFwdcKwUh8KHMh/TEpGG05/hGZ6Z+Q7/5QsT+wrCb1kMwFZuEjLMCNyT+wBy6G2Ns5pSyiNwFRXzqYjYMqlPGliZOaaVZ6HWkthd9G7CiqYbP5YZfI6VspbVoqc2FDvTvf65YBrh8VFHWelwbrbnWX8/glB8UWNp0pwoTxM/sjfQLwXNMmb/EGU4X1SYbQcPe4gNLuspDjaqwA/g==,iv:tq8oSvqZTmy2pZK3LhxqBM1OZG3x+LS4ov0+lE5I0B0=,tag:J/WTEMSjl+EYZn7HbifGMQ==,type:str] -ssh_config: ENC[AES256_GCM,data:lHK4qHMOToG4LzWwAeJ7nSwHXtYSlaCvUqsch7+Vvzn7kpuE8hFphw1OVbbUOFl7vpRxaJ06ghjE3qSNN45J028KytI5nVVGd+k8qjvhrsp2Y+j0XwtpGA0C+dXUpIdRQcdFx8jZRBqej6ipnUl1e25Tt5XZs+aZfdblql3rw2tyYASNyYszjvJR/5LmLSIaJo79tao+gg8yOR5T1uLeS4fcC5d8V9hXSE+RxaBZXyAjBshowADMCbUl2R1FFzRVg+6kp/GpwsQSNZrDasH2aWziwZmA7h9rc2Kc2zMcZeiQ/KUEhq8xj5fwsSqp1URsZXvv3kEdTKceGI6eszHNsqbLipkTXmK1LnyfZrymJ1oToL3REDPd8La7wRyrSyX7Eq32w2GgB2eGbQIdEAE37XkK7wwINO6BzB5mdyo0PDghvakTvPhxnp5d6raogb99H+aZwDD4Rb6kmTpuZZdedtuAOqXWREq7+BQsC501inIkcDcJ5wrOj+6HNttsA5BGc16vrSRw+NX++E63OP5Mjbh6LZeWPRutIubIf38nis8pcBtvzhOrt/fWn4QqWMOJ0LdEXpEU7GzETq4klwg+ohdDCLGZqa1WNTmvNQUslxZFZb7J+2Od/MxVhQg7VUxlJZrvsht6oKzBkDQXHJdBtMDsxpkqUhO65GX8bSdiJp62j2aiinQ7P250S3dGwTYHzDC8Q6KpfzHGY+YUa81soggjDLAuViCFYqnvXK9egKl8G/6WiDDo6O3gv/csywcMUSVR+AFGFH/SwRMf6n70nFHkUO+pNQphONKZQoNMV9TA53K9ChUX/7lG3AQvfe2jb2MGYc77AY6+L+vzzNw7o2Iffjy8fEV+Ytq4rQaqxOqDQwhOUWZcQo6k1pmtbXVzPgn1b6VYq/RHTG2uw8zx1pzuesofh6GP5TmaNoWNxKN42J8jm5AeDmuuFoOBjmpUpAzMsmf4g5jZiZRGjguZDo3laVATNXVU8iYNcMRsH7wzPIsMHn7+LoKcoIX67/uD/cURUX5HFBQJUKkxOAk18P1u2pLr59Lw4zUA6I+tPZgN2iyxe5Nn/blXI8KPWXo3l85pdJEYgZzEVxozCUDrEo0ESgw8KdY6JzLctkreskHg1AwMKCe2udO/yInTipQH2pOAv9+LOzZylBZJaYgMo1+G/lik8bodK6/CuCXo/rPEky0CejN/k5E6QqG2uRTqOD/j5k/E+dV3zVtXcWHW9NvX5hOkmgbTN/cAtGiEcAmfDyOflJ0nUBLGtTAB0zlEGJH+M9B1AS1BUWW2J9UJ8GIsAn+5/iu3RsB1/mNCtV2BWsCzIlF9BkRybW+rpWXS0ubUaLK/ckQ2/uTfqLle4asQofdY5jhvi9DtoXv8rpREDRPFfgNz6CtjeVogftDaywKLRFC7JU8DRQqzYN3nz4RiJLrG3WO6L3rxEADY+vgTe5Jy4bAz2yUrLwkM8iP7SgwbHAFWxXOWsdYkZt/xbZ/mydr7X9ZAAM9TaqIzYRrR2yIFPRhYjxhn3V2uuonPykKqx+cUwUjUIN8B3tcfuXVpGv5A1zNoHv7iao1LrRE7J9n83ZeSbSYh1cnHm0Jkr9xzxVuV49KVYySIyi2Afo4+oGMFZHlZ/8d1bqCktrInFNBOSN3s2Q==,iv:oe6PtLmY9V4QuhuLrdtMMQJFsuaCC6XoPAWlGlvmSFw=,tag:BrGrA+jVCaTN7yFtl02bVA==,type:str] +ssh_config: ENC[AES256_GCM,data:5ciD6IiyavGoYC6Zf7hza4K++99veSMACNkG8CblMQfQvElJmnkNLHWMBl5FkusbC5LQUUgP09tx9I8ZAat8j6ThMjXMAJa0TI5O1niNU6pqpGw0kjlKT9Ul9I3t016KFevHPCa4/E82tBxgl46mAdPy+CqGcQyMqqvW8A0Uu+kDo0pHgCpVXhNlJXpGpG1JCaf7A7+ejQAAG7Y7tWwoOrrm05c5hwOZQ5rXy2halWmTP/khcuZ5sKVYGI+0peVLpAM7rx/yHnARRSXyswMv4yvbS7v1nKVy6+F4u/ThaWSh/gzS7NCtTFGpAqvxOfyMqwwdE/eIVeJItYK5/9rnUCMBUbmxjMsnRe7/uNi+x6kSZOWbd6BGkD18AkgT3Skp+M5ZZnCi/Z6wOrOTmpeg9GUMOdknvaLx+C3lpAJv9XE6YrUMfZf0gAaEhq3OWP5Obj3VwXCKSkuXbn1pp4bxicD/dJZMY/lHl6tNDL4q7VCssJ9PwQHxfWcZbSpqIxR3tPgi2pP+m0Y5gNiNew5NBw2cWMARPkZhMpt4puwnlx7c/Ooa9j3s59OygDhG8AxgjzcMHBV+ek2KaHQoruyOJJjQXrwX5JWNDEtlUTKNtjhixLTBGKCer9PUtMEmUyYiAD0gG6rwZLKN8hrIhjAHpJ6D/fB0kgoUo7jGWgQ4smC4n/tJOL1uPLd9Rl1mKY9CXI2iPL8cnxSQ/bSTp+mvYAyIX17s0o/tzHRUN4R+cYVmbEo5UpHJYRMi53WXALgJx3CVj3OMqdwfUx/fLgkBXrn24PYMkkzXY79Kp5NwlOrsxFRE7dv26pPRmNYs9nKymw5ICWQe+lbazPG73ehXn5iRMSo4nQ7txPEts82Pn/MsiLR4SG1m0Hj7IPfdCCNEIq30HXr9y2BydUzXtqGWx7Lm6xwkyEgPuIrBgJL4F32Ko/JLLRiCe020g6LQifm0O59OJmNZgpmn0mJv9RR4H6tL6M+DC2QFM4iyr4WNsDandzWolhoRJWb8b64/c6YL1EbykaKN5LKDH7cvrwM/sYG6LJmv9cHuieDf1cpSaUTq8M+ZKCkG0tlqy1/mAWjElB8ReRWUHj0n6iK7m0lSyjpddjkIaFBClaoySPNLrtigMl9t76e9Xl4ZWq/aC+w4dHuLsufVDC21x68bWlWvIlxkiusHo35uXpXHAFO8HjBNdz8vEEW3WqWsJMZLxXB+wIh5Mdsy6VB8c+u3/3PpnOx34PuvIBu1Y27JzNkuOvozER7xGXwU+ZXN7ipfeDxjJrqbrSyRjmqOzAdz2FB/XhEFmosHetWR+tJVivFmO3z3+Xn+FuHijZ6MQdDMNYbfvzFtzkX7P502agXR6EO3eRyaLg0etdXuhUNu1inmxLW73VBzgeYcTmQuvHnBtEl338jwWesUgrW45yGUCVaFtEWAwOxOe7rs//pm/unSa3JZllUILEBTN0aE46ZIKHKMMTR3DPIRmNOOTWovRQHdKBefdMbC9Havnnz3/qeJQs8WkpGQk9zE40Yc9Sb+U1G02/W3iaB54piY6dch4TNKLtZ54jd0tg44Fyzy9rKuH9F0Ym9r81KTwK5fuHxHr88kdg3JZY3cyYqyUmJ5pzIjAa2TV417sOoH8aI0qknwxhRBfaghJKgizb0/WPi5XuVHN1l8MdT1/JCOkQn/d6VYt/R3yP0sDcI8hqegE+DWLKbqSMrdMJOh5gxrbn77boCYkoPclEzrIQVyB4PsbLUE,iv:J0ThC/EV3diI6wAeI0ZhNaGC/bkXjnuNJ4s2wy/sQKs=,tag:QKndY5DfG7RZO7OsJBhHcw==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - recipient: age1a9gp70y8576pkvklz2arz6h9ecnrjeue2vvh9mvvk92z4ymqrg4qdqm9va enc: | @@ -15,8 +11,7 @@ sops: cWx6Z2psUUlobDdFd20wcXBvS2tUaW8Knod4aI4/qOIJqMr2rdQzUta/G3HDFif8 LoREomHElDv31FYrR1EVEr8Fk11hhkuZs7a0iEzxTxPe6CjCiSfqbQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-10-16T07:02:53Z" - mac: ENC[AES256_GCM,data:wAbaSouSNEIt+gpRhtJ8Dcay662f8p/flpVz+YCYmSXXgm8AXVJfWOCnKCLM5WC6Uge9tZVlAli8oYdJ3PcKMqE+0dSXH0haEi3uenhvOxj63eLLIiccDRjOI45OJk+9J0ilKsqiaP7S1nnY185DCDtgDdLr9mOZlpBrHZohKxw=,iv:ue4DD08RllFhDZHf2BlsuFRouM+596skjXw9KQxMs2U=,tag:7gU9N7pwl/VdRMr0ndpRug==,type:str] - pgp: [] + lastmodified: "2025-06-05T18:05:08Z" + mac: ENC[AES256_GCM,data:QbB2D1urwDo7vwMLqDYpNgopPoE70P5to7iqVyALUmOVwiOJeARKO84buMLHDNQHG1pCGf585UaAbvAs+blPZ4rb0O5f0Ir5nughtxZDg+eE2lcdmnUOxE5nxI1lTsOof/aKtK/wXMPIsLny6HKiJW6aDbtmItgjA7CP0Baceto=,iv:obWptKyJiLKHdR4S5JgwpwdXJNceFa/k7GUgf9T9QtA=,tag:ogak476K//OYBTwi7unqVw==,type:str] unencrypted_suffix: _unencrypted - version: 3.9.1 + version: 3.10.2 diff --git a/home/nipsy/secrets/caladan.yaml b/home/nipsy/secrets/caladan.yaml new file mode 100644 index 0000000..91df543 --- /dev/null +++ b/home/nipsy/secrets/caladan.yaml @@ -0,0 +1,17 @@ +reaper_license: ENC[AES256_GCM,data:r+s9lH3dvz3+Y1G0c0MKGimwjXnPf1lMT/E+39MHmyRzQaeK1Wvq2aLMKdqpJgfns5x3jA7vE1zV+dhZMMkc9nks6eskY31R66Zcn0SgwoSx+0tIRJ5U/Df8bvbHk1Xt5YO0vSpoaWvKg2KwIrQFmGoWBEogMG+mvmTahBogZOiTUIHrJZMQu6fBrcaNASKFNTVfHLdmjfFr5qWEOIhydXMKprFDPII/orfr3rL0oUzXsT3hRgGpp0fQm1i2cYIenYh0XGntxYjwJkYsWRV4hbzdHpft6q0nFatknwaKX0kmdQAuBs328xo4c3tPqp6QpEUD3NCGO9F/i7ljQSbsYP/EyQSTH5RGkGBQ7WqYtdJn3Jnz8okFntrq9Fpcw5rOJoCuINa328pDKvu2pbOIoAM2oSZIJVZlz6MFa/MlaiuyKvoLgxceLugG82auEWry9tPIpyIKA8TOqbaDjyRsFuIC8uEPgHAMipRcwnFt4kCQupMi2GiHvCZ3sP0utBEhCb+bHiYL/ylI3TJoNSpCPl86QEvCNXIdUUBG7FdYtX0UkE/A6MKo1whV6RTGmrHQuaa8IQdJbXMZKraY4nNarVWM0VTB22jRJ0RIE47Ax+kjIme8Y82i6gV6Y488rJiGDIo+JrHNN47nn74SOt9TQQUcG4vOYhmX9A==,iv:RT0XBkthKkM9MapVvGi+FdxXrEtwEU4V0WXJb7EP9Uw=,tag:esy7aQXzUtrdTkYYVGCDmg==,type:str] +ssh_config: ENC[AES256_GCM,data:yH4Ul7wAwj9kJwhmoQxMAyjLmELKRI8PvoheDbiUjr/7jXQSTSzlNIQHQilhJg6clezveC4q2fYphynn/YG9Q1AbTCTTqt+PuLABQpPPuc2h7Zx8cp3m5bo8tx/ITZTcxfjOB5QmeBuxuzINkQ2gKly0FOFS8Ha8PwxLUaQ69KAg46kqIxuk+zeNy8CZw5afhDkQ2w5nsXmeJkP5OlBqe8M8Wh4F+1DrG3ymFqSjZLfcY3V9cLEMCknFs9gJoE/n3fNteruuLoYw7rD3+RQf0JdtTP6Bg78zTTrr2LsCTTM5TtzFDngSa6RjMST0e9PVoVWD8JKZ7LINYA9SOjyfhCxGLqrL0H0uotB2sGZseZPdSN3Teek7S3fdUmjKiB9LW4w6T0QwTAlYpPyrLQ7YWuQnxaKIuMxMxQuV26BljPt557bhIcNY9EV3gnzD9JNXVX9Qg9qm5UDmVZtnWPsg2ykhecwiDUKQdNfi1+tz6Dkqri1YF1INVBuud077wdsVfsDPtAWTTu5vv5nEWX6MLlGkGy10VuXZabL9eD96aRFbx4f3Jsp7KGdo2+IrQXkgeOdsOl2BUfpO9BJFKcUbqyVBdOdjxGA/9KAX67taiA9S59Dzv6VL95v6radNB9pgUwoIO2ZtXB3qhx+oIB9a1F9WlDtiB/TmaTO3jHWw43QTQFi4BXj4U6glJYJQgzbPjY+M/BbxvurW3Xwkxa5wsBT86ENB+kRpC5AWA/LeoQwpicyPlxmb3juHWM2/lMsw50BwmFhjwzxZrYS92+AUQpVC8s5FFNY1h4i0oRr5E1JddNWbWGry2y79yl91NomyF96tPmrZ5NdYCSYHm9dEbubp5WaaJNQvU+3XqECQU6YHX4dZuDw+ZwYPdXVtInMp7YfZ+PSacRuAsHeb2cuSOx1d7yjPgy9aaGssJcn+hIfKLGMmUypkKEfKA3IiFBh0ChQ75vQQ59tNPiu6RyrZxZLJhpctIBQQXWrsrd4NSiZVyR9gWmQkQeZjvYiFnJKGMFAk89sEA0qFuUiasH9eKDRPr1BlO0NwKUv2UXSK9pu0HdtJasi1LLGsLQg3QOL0hnwoOsrCBHLCD15x7BLcInYhZUucDQvEt0JdNMJlV4iF3fEt9kEUJmuo7JIpYLZYI7P3z+C/IiFsX6/erIal+Ycj+1tHQJi0YwBGKkkE3XPZ2RXqzKrhu/m7FBiBLSCOsg2IJ3NmUiLa74KCwdDSLn9wdkOKN4RMijFfoctopf75SsaJpdR4Y0K15q2OzBN4P1yZgNiMUCF9Y41qlIqbX8JE0ARiUs9LXFBdt+0oc86XUy1QEcFdh2IDbHOhJFlz0gGLryYTMI2+6P6lV9Iw8t8S2dM0P28vqGsqz8QNIhcBJP5mpdHzH1c1urnXQZeYRN5VVV9y9Yz9Gz2XFogsMqo1YIuPIf2GNwvDrgz3kQwbBqqLh0aA6+bbwq347f3CTeA8QJjtv9/a3Bo8EXZJk7eOEFcH9bqiJym7Sqg7fGPM6BnqGb80AnjFe+MzRCVBOElJKwzbodpSs56W2ZpZnAuhMBB3pBZt8hs9440waJHaW/nuGxrHyhqAbdr+lf52Xzrhz898iTstvvFnKpkSBZII5WujWALntFzXC2+T7bFG+b3TUFeCBiSz2AFeq4HkJIIohXO+35YVOnQfcmykcf2AdTDPRH5qEKn9A/cx5Az1IdlUum0yXYwMqtEzjDrnjCLS2LbgtmPZ6rA1vYlQDewKSD2qnQUpJM8IF9JFtWbqXhrWOg0Y6EajprYxgp8pP0bNrM/t5BKwfJEPllZ5HEIIRILCQ+HBAF5pM/KZISN/KZw2Disz533qCC1PaqRv7YFXXbvk8OzepGOszctfl4UBOsfWww0a/oqj2UmZKFxt800MdY976kJ1LaHDb/+jCtFu9WslyMFRy+l0CIrenGbdZpqnhaUClpYrrvzn6zeYiQRmzjtGGEQykVLvH4GPpKjWeyza9GZ1B1aI1+6Sd2/Zl2CwSZvZg2Wl6olvazifVdFzH5xwtlKDc3ABrDUKPWLl67213PQNBMwBrqx+iDuJ76FMQwE=,iv:sZejEGs4211FBCUYZ9IcZjOX4u4R+NW76/tMCvGmJBU=,tag:bHIjCMuI95eM/Cg1XdfMlg==,type:str] +sops: + age: + - recipient: age1a9gp70y8576pkvklz2arz6h9ecnrjeue2vvh9mvvk92z4ymqrg4qdqm9va + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkSUJOMDlTem5jNXVkRnIy + TlorQmQ0ajQyRnFYQXdueVhvNloyaFVabUFVCndDOHZDSGVyWUNQRkd5ekEwbDdz + S054ck9IbDh2UGRjVlVaV3N5dDVjTzgKLS0tIHNjaXgvL0R1MmY2cGt4NFZ5M2J5 + dnVlaUtXRkJOYllweUpjRXpreUI0bjQKdeI5T4qxmRk3goiHMfxQPxYyfauY69ea + ipFJuEzDTg6XdQvpwmmBs9N+QM2diNUkuxTOd4RDN5/EAN0h3fEhZg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-06-05T18:05:52Z" + mac: ENC[AES256_GCM,data:tRKW7bODDlA60O4UjY8ufuCm+695PVsX0oscGce5AIU9EsstMYAW6Ny6TpgBfMBvfNiNLLyKXQqEylvCfD0ZwbwM6cAttfMgMM6kbbfyOT00CHqrwC2as8MZmJHWcbA20SwvWBFPhhxJFvn9oP2BClU/IbaMdRi7IbqxIl6WNxE=,iv:cjaFEUfp206d6cY40cPlfkvZ9gyYhbAPoQ0yYx8ykrs=,tag:Ac1+FjrGjV/KMaLrhsA9Fg==,type:str] + unencrypted_suffix: _unencrypted + version: 3.10.2 diff --git a/home/nipsy/secrets/ginaz.yaml b/home/nipsy/secrets/ginaz.yaml index 21d2933..5ace25d 100644 --- a/home/nipsy/secrets/ginaz.yaml +++ b/home/nipsy/secrets/ginaz.yaml @@ -1,10 +1,6 @@ reaper_license: ENC[AES256_GCM,data:AfhcqHqVoIpIxKP73VYFy9XYAHXdUfXqswX/eHntZQTka9HwhL8Dz3KXUffRa179hFhcarVNapAOujPOLS4zCJHXbMEAY9aAVMAaQM9ID73l5EFErJ/kscfQgjM5oBEuAL6H/rL4pO1I8JGMqPLAq1gyQFJhRDoLd4hKOJTRXPBY69mZwtPlEjY67Jl/7+jv9neldNHHmDqPVAO+tT+wFFAStAIZ/o5kuJxPg7Tc5M9hxanKkJVQIIZ1HJJyMlS4wCTPyeGIXEcR8XWP9tlfpmE8OUirCvME4lYMwNY6plxoHMhDuWF6OGIcRTPv1KzM1of6iD/bzQbe+z21r2R9my5j0NwRQKUGJS0bPE7snlwvdCrvwJm7RDotVrumOpiuuzaVSoXyFPUQe8EEF3rZlfXlysxpSdBKNTJz+f+i4clFurcznKUk0pWDKMefcKhYzs5x847iPDoqnR89f4B7v9hpCdwZRSsHyKncbz2p/zFi5LLuaBd4jmFKS3aOI/WlUFeUfhicUh1iXgIMTzvY8yZwpaX3r+XOBIOVxIyAipgoNXoRsi3fMfdlMXtR3XIiGmhXRJNEw4Lczu0qbWl4bDCaMD0sNKMPMiBJyGSnw1fspGLiZIKGLMb2DyGa0s9iIfjU0uKA7o/TsP7kE6T5XGq1kp9Q7LpJTg==,iv:8Z2o5SOYPbFl8CBpcafvVjZUMPFJ+6atrsnJVbBljgE=,tag:TsACvre6dMgPZsENgcYkeA==,type:str] -ssh_config: ENC[AES256_GCM,data:3liYuVh7teH2UWRU2ggHvk8j2HCf5BqIj+XVrOPbBXPcF6y5P6HaVbGF6ccDuj59WyqrNfQV3PPOm83cHz7aYydimKUDg+qx2Qs+brD1S0gaBjdnTmq6tdpLXvyWLBjgmioTARyfm50sg+iGkqNQyVmaMYoWxZyvoE7OvECqG05zp8BC/udsFO0JRCvQlZhHgFhppVRnBEHsi5r8k2ENjswjOp0lx9YrIwqD/pMaD53NbsiP+74SD5nWAC7B/NnnOi3MbKPWiXPkNr9YMeGojTDyy6Y8Ie6TzRKoD0TiLLqOArZY1N+n0VYnwdGUsXoRSRH0WgDvMJ42dEI1LswBKby83PXxRle/GxC3XZOs6mJW2aAzCM2ZF/CAE3SohuWXyRnCT52AHMq4Ctnhodim+0FIvlMxK7JzFU+a5/ceGHoSlm70w2iq4HGYxdZF48mPXrEk+xtyUQUpgwu54x388QNBhKkt+8XssnwzachCxCQLJu9hztZQtAsU8JTglSrgmwmtzBoSleVHxfTfMMKqGhJ3MyZZA1e9XF+muIi3gngilUF6qt4UEcepWZMagPlV/8/k4iwjgVXskcpjOBo5HB63IZxsx8w/SAim+1KKD4xFAZQhdO+7UGzpc13oSyRujHKEYuT19jvYTmu+0NDuTfkDVxa9Hou1/BMLKjAfnZgXtdPgdjvZMXoXQbi+jFtvnCtAgLAPe2bENBXVfoqE/ZQo8IzJNEOZN8ZHi51TUapMjoE8pM5IO0Jk2ulBSgsnzsXDwQ1ZqDDGxDzOz9aVRnd2VqbK4krIAWVA519i5NBps3fdqkDASbfYfo0F4a1VfoywTwk4ykqRKLbd4UL5oDi062mmQ5u4Wr3s3sHH1ZOJlyQn4d0CfREB7ruX9X0BhASkmy3FsHUpDy07wyMR/qY8GbAl+TxZCLBQEDaLIwoGOwii/smFS+A1B3xWmGiosSTgySaKkyObJkI6qUQAHP9jo7cwTAmmvbj+eHjC6BNmXUeqv35KV88YY5chAamS0w7tF2XhA0nxAHHvGEElIUyUmLd3Tzn1PO/O+c9XQLn8ROmQ5SnaLYuXAlOOFxne4gqMP6aywI9kJ2qpmF4eedLhrjT+rFS05NsrE1S6oVVRkGYy2s3IYciX10Ib2v6vf2UOshUHcb1V5bicz0r2qlxwhM83+eIpNmrO0GQCpoihl3Uz6Wbgv6P7kHUKduqiBCJuuONpKnHCGFpEPMM+/vrG+8zFBzTKxDDGhpSO7ZgyzHBBgIsbeiWa1K5V3eXxD5KNch+s7m+brfNxgReI2831ntSRYgbuOj/WktVJv76fEMIt9YxwSEG6sq6Zx9C2gTfWodMQ8TZ9ck1xoegqHZcPhXtt6QsrXue6NIIrFLwH3CRz0cqgQz232GUwfMpJ9pKc5WsV58dOCmkW4w/hvalraA3Cd2QnYAfGdb2l59MOtpsFDO6rGg4UisrGuWvYRiBze47NGz0n8UFmvxNOVll8AJzz1h63QQeENx0WHcNFsdGzof7nvkbVkF87b/d9kp43w1L6j0LZ0BLKnfAoXBg065ZAR0TyiDuI/r+A3HTxmUGwoIlefUVFkZsODTOhiftKiVTfOfV0WCmw7aw2nWr/92ZGTSzEzMg175G9EezkINCo/NRh3umLHg3YvUMWoGs4V9m2F9wkL+fL4uyM/OYovMz8a1xr4HjxgxsVmd31nk3iIaE/Ux9T//w08IZ1PNEDDT2EH8oSqwciWPKuwbIVxlKBGyn3+LzFf3a96Lrb163/OALWlPBx3cXs/u/tyCPtRuuCTvfFDGcxSGLFv3o/XVV7Fvwg4Yv/u1z1CIWby+H2M3rL52V/iSnjj9tywOThCu/Qkjf8eadizyF0eeCbr4MOVfSv5l452C8BrINGq0aeznlcC1bP7aUsIQiuOKeXr3lUmbJUTRRQ2WSaD8uaxufjKkW/3CneSw==,iv:lsjEeTnvaMA/gpJnQ8lNmQx3gHL3VesDm9Yp/hBZur0=,tag:SDs/rGbM+NiZmQWMGspvMA==,type:str] +ssh_config: ENC[AES256_GCM,data:IdQuiUPF8VvgIgLh916/nLI7T0obkkkxclkVQAS3Q6x2wFkR1rOQTl7nxr/pXfnoIoNu294QPvv2Lt6RIB+5eLgoMHEw0LLZ9eyYcJbbRzsuF1gTJtwk9DRZEhlrjzrb3giFDrJeC6AsAfousqdFNqzR//M6YkQA/YGmN5zR8nhj6zgRbeemzBouh2gLLxppFM14Ttc1sTibm61smHKZPwmc4f83S0jdSvffhQmy9EwfgZZpIprcibbfatdc6uH4+nn05R8Uz10few2k+uDZVSTTAxOqNWrpLebfB1dLAuwNSxuz90EnC0hD8O5Bxs6yK5xHB3k1M17JeK65VB0t/zVM99+3Tx06YvmuyeBu2CYrZgl2tMPiKg0PUkRqPDSXhj+UfNAm5r6KWqT7RPS1BjOveRwkJauhzNZJ1BKd6K0gG2vKja/ERf+oWiw3zOpzbDCiF5aBW8XYb+TisSdMlyaA1xfuYTmYZtxz4el1Ra34t/Dyy4OBn6bgmYziP6NoLrWI0Qn/vWo8YJJMNUaHgCNsr4/90URzhqfw+GFDK5FpdIAm+UDQOJc3tS2GE7QIK8+KzLzU4ujq+Oe7QW27u1U1jVprI3Z9bT8gXjY+f1STqdJF+mXFUu7CkiDS2kUIJGaMHraz2y59YHK3M49+tKYT5uCq7sMT4wD/X365luecSvaO0Fpi86PTxOOhtXj+/cRTUzdhUHoLchq1ZOZfZEZRb6K49YoLQHR5JFC8Acb1dJARq75KAmHW0T7+K8rIsxFpmgwXTEQpMtaU5EbvKIGZ7khocS+mSWFgW9yukj54mrvNSsM4yiXex/xeOTfw2+obEeFfVmEoZScn3sLs+Db/tuyKu8TTztDaBUwjvPgMearCTtEXhE3H8UCFeI5a26Y+74ELZJxIjINS4wmHVP4GqUfbH5WTXOj3ljmc7WvrpXN1g7Rn4m/G04OS+XR9gZJvStks4mWFzJa6xJOE2y3Ce/2glmV/UP64deeDPwI2Dj2FAdEey5Ijinbr40brC5NEuOJXiOVu7SlFGtY/spoIVl1gcqbqdqmm3mVKQkV7W2MMcUCHbaIwlvVVLr3KTF8YPr1RFIePzTGtmCRrpOmIZ+E0SMVcmBMiib02deYV3VDGetz28wTbJ55mBjRQApRKE4RfpwX4z0j1NemyasC2Ma9plohUWqAKhLkjcOUJa8hqw9Qaeav10MPasuuLhP48p0ShS4hlFqDoe6mjjCauvfDQRBqB599/usnFwB42tMUzwgEGRIVll/eMtA4TtnSQ0rh5loxIqztOlwD71jsSJjKol7+SJQj1S/LmLPH0qNbL+RhS9CvA+fHe6qDAkE+UhiB8hJeck2QEba3PPvecFk/pZjNEZXUS1OY4BD4X8VQyNyDkywnw45wPxdCpRU4eMk74/gZjp89tVpvZerrKXgdn21/cjy0fOjRGBAD+SNHP/IMHPbkXSvX+UOmVYFzme9q0lJK8bzUjqi2okIuJMzjvKdRLPGibKxW+6BA0g+sog0Le5b+M+SIfGy2HO0v8QfNlG9toup7lycMD7we/kt0rYohScNk8pXZKOv41jVRf7W81bOpet/wS0atN2Pb3+IgMaoDTU19zZJOn5m7SdTSq2TuGEXQC5aJiDvDeaAtR55rFI2/v/L/+30SHRWpOkT9lxAbvAcjK890T8uhXkwjNQj4sQQT9nnT9UaR2dm4arIe4JS1xLvP+kJ2C6zv+b0tul3WR+oxBz934hhLGE3p1oyOWce6tLEjGFUmogZa0QcPaX8XYJD+I0rGSlZPVqiFmTl3QkewIHd2rddWFGYD5qAv5yJH5zRgL6XBKWvxLc4A+DHYkrtjN2Knlr0cn/DoxJ5tu3ijzd2+4R2NLmf6ur/Bo6zEi6MJQOo+OSSWhXpyg9GelHRkbWjcYArye57kS0lSuQsl2lhmtaoQrL1Wr+f90s6ozy8smhA==,iv:efBxf9iRo29LJxFyGzTqPlQxN3cKxnim0a9x4OkNueU=,tag:SXKQZJuOJlqVUbRNXldaZw==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - recipient: age1a9gp70y8576pkvklz2arz6h9ecnrjeue2vvh9mvvk92z4ymqrg4qdqm9va enc: | @@ -15,8 +11,7 @@ sops: QXRkc3NnamhWcFd6eS9CWE9tQzRpNE0KtEdfws+SlXPk7y7FNSx/9ogcZZneuRaj gnI30NcSbuHhWVvu9BEzBaoz4CU0slxvevOe6nNDoMzFhVacGTnhQg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-10-16T07:03:15Z" - mac: ENC[AES256_GCM,data:nFprDmU67eSEr0IKe58uC5AXwpPcGcug1PkASgc1Ep41wSyeJ+Y9/ki3ahu6BUgnkKyd7G48tC3/5Vn3+oNidmb185pw7lwcaYjPFOtKihWbgRC8+LuZCsaDMxAEbOnxDurHzzC8ywSLfDEXNDxoZ0v4m3bBQjDAP+7CghWafnQ=,iv:9qVYTef74T1M1Rca8tuUxovhWSWFs4SjE8ClwbfjYQs=,tag:BBC9MJajtSR8lDQYWXk80Q==,type:str] - pgp: [] + lastmodified: "2025-06-05T18:06:46Z" + mac: ENC[AES256_GCM,data:UQK2sM/OS8R4KWSp1DvgfqoeiIG9esZ9mDoaLx5qVg5zFvTDXgJ1cSOSwFM7lrXX8v+bHY/WiFR70C7kHXVEG3UXYagOuxqGncFnfigA+VR3TGMaTRnaRV0EQs9HuscEj9z8zngp5bZMUORsY/334VKz8tF/+vmaDwRtOVU4GrI=,iv:a+eSIBlFBk64BzMRcJARgE/0MdOa0J7Jybr2J1YR2YI=,tag:eCMdgVc0b0M2+OXJV76MJA==,type:str] unencrypted_suffix: _unencrypted - version: 3.9.1 + version: 3.10.2 diff --git a/home/root/caladan.nix b/home/root/caladan.nix new file mode 100644 index 0000000..287f220 --- /dev/null +++ b/home/root/caladan.nix @@ -0,0 +1,14 @@ +{ config, inputs, lib, outputs, pkgs, ... }: +{ + imports = [ + common/core + ]; + + home.file = { + "bin/knock".source = ../common/scripts/knock; + }; + + #nix.extraOptions = '' + # !include /run/secrets/nix-access-token-github + #''; +} diff --git a/home/root/common/core/zsh/default.nix b/home/root/common/core/zsh/default.nix index eaec714..a3587b8 100644 --- a/home/root/common/core/zsh/default.nix +++ b/home/root/common/core/zsh/default.nix @@ -19,7 +19,7 @@ export COLORFGBG=";0" save = 100000; size = 100000; }; - initExtra = (builtins.readFile ./zshrc); + initContent = (builtins.readFile ./zshrc); shellAliases = { grep = "grep --color=auto"; ip = "ip -c=auto"; diff --git a/home/root/darkstar.nix b/home/root/darkstar.nix index 72dbda0..7399284 100644 --- a/home/root/darkstar.nix +++ b/home/root/darkstar.nix @@ -1,5 +1,11 @@ { inputs, lib, pkgs, config, outputs, ... }: { + home = { + file = { + "bin/knock".source = ../common/scripts/knock; + }; + }; + imports = [ common/core ]; diff --git a/home/root/fangorn.nix b/home/root/fangorn.nix new file mode 100644 index 0000000..72dbda0 --- /dev/null +++ b/home/root/fangorn.nix @@ -0,0 +1,10 @@ +{ inputs, lib, pkgs, config, outputs, ... }: +{ + imports = [ + common/core + ]; + + nix.extraOptions = '' + !include /run/secrets/nix-access-token-github + ''; +} diff --git a/home/root/kaitain.nix b/home/root/kaitain.nix index 72dbda0..cb4ed48 100644 --- a/home/root/kaitain.nix +++ b/home/root/kaitain.nix @@ -4,6 +4,10 @@ common/core ]; + home.file = { + "bin/knock".source = ../common/scripts/knock; + }; + nix.extraOptions = '' !include /run/secrets/nix-access-token-github ''; diff --git a/home/root/richese.nix b/home/root/richese.nix index 72dbda0..cb4ed48 100644 --- a/home/root/richese.nix +++ b/home/root/richese.nix @@ -4,6 +4,10 @@ common/core ]; + home.file = { + "bin/knock".source = ../common/scripts/knock; + }; + nix.extraOptions = '' !include /run/secrets/nix-access-token-github ''; diff --git a/hosts/arrakis/default.nix b/hosts/arrakis/default.nix index 7385eaf..204f30c 100644 --- a/hosts/arrakis/default.nix +++ b/hosts/arrakis/default.nix @@ -3,9 +3,9 @@ initrd.kernelModules = [ "zfs" ]; kernel.sysctl = { "net.ipv4.ip_forward" = 1; - "net.ipv4.conf.all.proxy_arp" = 1; + #"net.ipv4.conf.all.proxy_arp" = 1; }; - kernelPackages = pkgs.linuxPackages_6_12; + kernelPackages = pkgs.master.linuxPackages_6_15; loader = { efi = { canTouchEfiVariables = true; @@ -76,38 +76,38 @@ } ''; - environment.systemPackages = with pkgs; [ - angband - assaultcube - bsdgames - bzflag - extremetuxracer - #frozen-bubble - hedgewars - kobodeluxe - lidarr - mailutils - megacmd - moc - nethack - #openttd - prowlarr - qbittorrent-nox - radarr - rdiff-backup - readarr - #scorched3d - signal-desktop - sonarr - superTux - superTuxKart - umoria - vial - warzone2100 - #wine9_22.wineWowPackages.stagingFull - wpa_supplicant - xonotic-sdl - #xpilot-ng + environment.systemPackages = [ + pkgs.angband + #pkgs.assaultcube + pkgs.bsdgames + pkgs.bzflag + pkgs.extremetuxracer + #pkgs.frozen-bubble + pkgs.hedgewars + pkgs.kobodeluxe + pkgs.lidarr + pkgs.mailutils + pkgs.megacmd + pkgs.moc + pkgs.nethack + #pkgs.openttd + pkgs.prowlarr + pkgs.qbittorrent-nox + pkgs.radarr + pkgs.rdiff-backup + pkgs.readarr + #pkgs.scorched3d + pkgs.signal-desktop + pkgs.sonarr + pkgs.superTux + pkgs.superTuxKart + pkgs.umoria + pkgs.vial + pkgs.warzone2100 + #pkgs.wine9_22.wineWowPackages.stagingFull + pkgs.wpa_supplicant + pkgs.xonotic-sdl + #pkgs.xpilot-ng ]; imports = [ @@ -115,20 +115,20 @@ ./hardware-configuration.nix ./services.nix ../common/core - ../common/optional/adb.nix - ../common/optional/db.nix + #../common/optional/adb.nix + #../common/optional/db.nix ../common/optional/dev.nix - ../common/optional/ebooks.nix + #../common/optional/ebooks.nix ../common/optional/games.nix ../common/optional/google-authenticator.nix ../common/optional/misc.nix ../common/optional/multimedia.nix - ../common/optional/pipewire.nix - ../common/optional/sdr.nix + #../common/optional/pipewire.nix + #../common/optional/sdr.nix ../common/optional/services/chrony.nix ../common/optional/services/openssh.nix - ../common/optional/services/xorg.nix - ../common/optional/sound.nix + #../common/optional/services/xorg.nix + #../common/optional/sound.nix ../common/optional/wdt.nix ../common/optional/zfs.nix ../common/users/nipsy @@ -138,13 +138,13 @@ networking = { defaultGateway = { address = "192.168.1.1"; - interface = "wlp5s0"; + interface = "enp6s0"; }; domain = "bitgnome.net"; hostId = "2ae4c89f"; hostName = "arrakis"; interfaces = { - wlp5s0 = { + enp6s0 = { ipv4.addresses = [ { address = "192.168.1.2"; prefixLength = 24; } ]; @@ -195,6 +195,11 @@ presharedKeyFile = "${config.sops.secrets."wireguard/timetrad_psk".path}"; publicKey = "/lWCEMGRIr3Gl/3GQYuweAKylhH5H2KqamiXeocYFVM="; } + { # fangorn + allowedIPs = [ "10.4.20.9/32" ]; + presharedKeyFile = "${config.sops.secrets."wireguard/fangorn_psk".path}"; + publicKey = "G4oahOfaCR+ecXLGM2ilPYzqX6x8v/6z8VIo2vP2RC4="; + } { # ginaz allowedIPs = [ "10.4.20.254/32" ]; presharedKeyFile = "${config.sops.secrets."wireguard/ginaz_psk".path}"; @@ -230,9 +235,6 @@ ]; }; - services.openssh.settings.X11Forwarding = true; - services.xserver.videoDrivers = [ "nvidia" ]; - sops = { age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; defaultSopsFile = ../secrets/arrakis.yaml; @@ -243,6 +245,7 @@ "ssh_config".path = "/root/.ssh/config"; "wireguard/arrakis_key" = {}; "wireguard/black-sheep_psk" = {}; + "wireguard/fangorn_psk" = {}; "wireguard/ginaz_psk" = {}; "wireguard/homer_psk" = {}; "wireguard/lilnasx_psk" = {}; @@ -293,18 +296,18 @@ }; "nftables-extra" = let rules_script = '' - ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" tcp dport { http, https } counter accept # 80, 443' - ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" udp dport { netbios-ns, netbios-dgm } counter accept # 137, 138' - ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" tcp dport { netbios-ssn, microsoft-ds } counter accept # 139, 445' - ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" tcp dport 2049 counter accept' - ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" udp dport { 2456, 2457 } counter accept # Valheim dedicated server' - ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" udp dport 5121 counter accept # Neverwinter Nights Server' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" tcp dport { http, https } counter accept # 80, 443' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" udp dport { netbios-ns, netbios-dgm } counter accept # 137, 138' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" tcp dport { netbios-ssn, microsoft-ds } counter accept # 139, 445' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" tcp dport 2049 counter accept' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" udp dport { 2456, 2457 } counter accept # Valheim dedicated server' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" udp dport 5121 counter accept # Neverwinter Nights Server' ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "veth.host" tcp dport { 7878, 8080, 8686, 8787, 8989 } counter accept # Radarr, Sabnzb, Lidarr, Sonarr, Readarr' - ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" tcp dport { 7878, 8080, 8686, 8787, 8989 } counter accept # Radarr, Sabnzb, Lidarr, Sonarr, Readarr' - ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" udp dport 15637 counter accept # Enshrouded' - ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" ip saddr 192.168.1.0/24 udp dport { 27031, 27036 } counter accept # Steam Remote Play' - ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" ip saddr 192.168.1.0/24 tcp dport { 27036, 27037 } counter accept # Steam Remote Play' - ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" udp dport 51820 counter accept # WireGuard' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" tcp dport { 7878, 8080, 8686, 8787, 8989 } counter accept # Radarr, Sabnzb, Lidarr, Sonarr, Readarr' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" udp dport 15637 counter accept # Enshrouded' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" ip saddr 192.168.1.0/24 udp dport { 27031, 27036 } counter accept # Steam Remote Play' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" ip saddr 192.168.1.0/24 tcp dport { 27036, 27037 } counter accept # Steam Remote Play' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" udp dport 51820 counter accept # WireGuard' ${pkgs.nftables}/bin/nft -f ${config.sops.secrets."nftables/ssh".path} ''; in { description = "nftables extra firewall rules"; diff --git a/hosts/arrakis/hardware-configuration.nix b/hosts/arrakis/hardware-configuration.nix index c709789..c7a6652 100644 --- a/hosts/arrakis/hardware-configuration.nix +++ b/hosts/arrakis/hardware-configuration.nix @@ -53,8 +53,8 @@ graphics = { enable = true; - extraPackages = with pkgs; [ nvidia-vaapi-driver ]; - extraPackages32 = with pkgs.pkgsi686Linux; [ nvidia-vaapi-driver ]; + extraPackages = [ pkgs.nvidia-vaapi-driver ]; + extraPackages32 = [ pkgs.pkgsi686Linux.nvidia-vaapi-driver ]; }; nvidia = let diff --git a/hosts/arrakis/services.nix b/hosts/arrakis/services.nix index 9c283aa..3b62e18 100644 --- a/hosts/arrakis/services.nix +++ b/hosts/arrakis/services.nix @@ -91,10 +91,10 @@ ]; config = { - environment.systemPackages = with pkgs; [ - git - iperf - rsync + environment.systemPackages = [ + pkgs.git + pkgs.iperf + pkgs.rsync ]; nix.settings.experimental-features = [ "nix-command" "flakes" ]; @@ -104,8 +104,8 @@ openFirewall = true; settings = { - PasswordAuthentication = false; KbdInteractiveAuthentication = false; + PasswordAuthentication = false; }; }; @@ -224,7 +224,15 @@ }; }; + openssh.settings = { + StreamLocalBindUnlink = true; + }; + postfix = let my_email = "nipsy@bitgnome.net"; in { + config.smtpd_tls_chain_files = [ + "/var/lib/acme/arrakis.bitgnome.net/key.pem" + "/var/lib/acme/arrakis.bitgnome.net/fullchain.pem" + ]; enable = true; extraAliases = '' nipsy: ${my_email} @@ -233,8 +241,6 @@ relayHost = "mail.bitgnome.net"; relayPort = 587; rootAlias = my_email; - sslCert = "/var/lib/acme/arrakis.bitgnome.net/fullchain.pem"; - sslKey = "/var/lib/acme/arrakis.bitgnome.net/key.pem"; }; printing.enable = true; @@ -321,10 +327,12 @@ ]; }; - udev.packages = with pkgs; [ - vial + udev.packages = [ + pkgs.vial ]; + xserver.videoDrivers = [ "nvidia" ]; + }; #systemd.services.nginx.serviceConfig.ProtectHome = lib.mkForce false; diff --git a/hosts/caladan/default.nix b/hosts/caladan/default.nix new file mode 100644 index 0000000..0010569 --- /dev/null +++ b/hosts/caladan/default.nix @@ -0,0 +1,175 @@ +{ config, inputs, outputs, pkgs, ... }: { + boot = { + initrd.kernelModules = [ "amdgpu" "zfs" ]; + kernelPackages = pkgs.master.linuxPackages_6_15; + #kernelParams = [ + # "amdgpu.ppfeaturemask=0xfffd3fff" + # "split_lock_detect=off" + #]; + loader = { + efi = { + canTouchEfiVariables = true; + efiSysMountPoint = "/efiboot/efi1"; + }; + systemd-boot = { + enable = true; + extraInstallCommands = '' + ${pkgs.rsync}/bin/rsync -av --delete /efiboot/efi1/ /efiboot/efi2 + ''; + }; + timeout = 3; + }; + supportedFilesystems = [ "zfs" ]; + zfs.package = pkgs.master.zfs; + }; + + environment.systemPackages = [ + pkgs.angband + #pkgs.assaultcube + pkgs.bsdgames + pkgs.bzflag + pkgs.extremetuxracer + pkgs.fastfetch + #pkgs.frozen-bubble + pkgs.hedgewars + pkgs.kobodeluxe + pkgs.mailutils + pkgs.moc + pkgs.nethack + #pkgs.openttd + pkgs.qbittorrent-nox + pkgs.rdiff-backup + #pkgs.scorched3d + pkgs.signal-desktop + pkgs.superTux + pkgs.superTuxKart + pkgs.umoria + pkgs.vial + pkgs.warzone2100 + #pkgs.wine9_22.wineWowPackages.stagingFull + pkgs.wpa_supplicant + pkgs.xonotic-sdl + #pkgs.xpilot-ng + ]; + + imports = [ + ./disks.nix + ./hardware-configuration.nix + ./services.nix + ../common/core + ../common/optional/adb.nix + ../common/optional/db.nix + ../common/optional/dev.nix + ../common/optional/ebooks.nix + ../common/optional/games.nix + ../common/optional/google-authenticator.nix + ../common/optional/misc.nix + ../common/optional/multimedia.nix + ../common/optional/pipewire.nix + ../common/optional/sdr.nix + ../common/optional/services/chrony.nix + ../common/optional/services/openssh.nix + ../common/optional/services/wayland.nix + #../common/optional/services/xorg.nix + ../common/optional/sound.nix + ../common/optional/wdt.nix + ../common/optional/zfs.nix + ../common/users/nipsy + ../common/users/root + ]; + + networking = { + defaultGateway = { + address = "192.168.1.1"; + interface = "wlp15s0"; + }; + domain = "bitgnome.net"; + hostId = "8981d1e5"; + hostName = "caladan"; + interfaces = { + wlp15s0 = { + ipv4.addresses = [ + { address = "192.168.1.4"; prefixLength = 24; } + ]; + }; + }; + nameservers = [ "192.168.1.1" ]; + nftables.enable = true; + useDHCP = false; + wireless = { + enable = true; + networks = { + "Crystal Palace" = { + pskRaw = "ext:psk_crystal_palace"; + }; + }; + secretsFile = "${config.sops.secrets."wpa_supplicant".path}"; + }; + }; + + nixpkgs = { + config = { + allowUnfree = true; + }; + hostPlatform = "x86_64-linux"; + overlays = [ + #inputs.nvidia-patch.overlays.default + outputs.overlays.additions + outputs.overlays.modifications + outputs.overlays.master-packages + outputs.overlays.stable-packages + #outputs.overlays.wine9_22-packages + ]; + }; + + services.openssh.settings.X11Forwarding = true; + services.xserver.videoDrivers = [ "amdgpu" ]; + + sops = { + age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + defaultSopsFile = ../secrets/caladan.yaml; + + secrets = { + "nftables/ssh" = {}; + "nix-access-token-github" = {}; + "ssh_config".path = "/root/.ssh/config"; + "wpa_supplicant" = {}; + }; + }; + + system.stateVersion = "23.11"; + + systemd.services = { + + "nftables-extra" = let rules_script = '' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" udp dport { 2456, 2457 } counter accept # Valheim dedicated server' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" udp dport 5121 counter accept # Neverwinter Nights Server' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" udp dport 15637 counter accept # Enshrouded' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" ip saddr 192.168.1.0/24 udp dport { 27031, 27036 } counter accept # Steam Remote Play' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" ip saddr 192.168.1.0/24 tcp dport { 27036, 27037 } counter accept # Steam Remote Play' + ${pkgs.nftables}/bin/nft -f ${config.sops.secrets."nftables/ssh".path} + ''; in { + description = "nftables extra firewall rules"; + reload = rules_script; + script = rules_script; + serviceConfig = { + RemainAfterExit = true; + Type = "oneshot"; + }; + unitConfig = { + ConditionPathExists = [ + config.sops.secrets."nftables/ssh".path + ]; + ReloadPropagatedFrom = "nftables.service"; + }; + wantedBy = [ "multi-user.target" ]; + after = [ "nftables.service" ]; + partOf = [ "nftables.service" ]; + }; + + }; + + users.users.root.openssh.authorizedKeys.keys = [ + (builtins.readFile ../common/users/nipsy/keys/id_att.pub) + ]; +} diff --git a/hosts/caladan/disks.nix b/hosts/caladan/disks.nix new file mode 100644 index 0000000..8961361 --- /dev/null +++ b/hosts/caladan/disks.nix @@ -0,0 +1,132 @@ +{ + disko.devices = { + disk = { + nvme0n1 = { + type = "disk"; + device = "/dev/disk/by-id/nvme-CT4000P3PSSD8_2512E9B12C42"; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "1G"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/efiboot/efi1"; + mountOptions = [ "X-mount.mkdir" "umask=0077" ]; + extraArgs = [ "-nESP1" ]; + }; + }; + swap = { + size = "32G"; + type = "8200"; + content = { + type = "swap"; + extraArgs = [ "-L swap1" ]; + }; + }; + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "rpool"; + }; + }; + }; + }; + }; + nvme1n1 = { + type = "disk"; + device = "/dev/disk/by-id/nvme-CT4000P3PSSD8_2512E9B12C44"; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "1G"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/efiboot/efi2"; + mountOptions = [ "X-mount.mkdir" "umask=0077" ]; + extraArgs = [ "-nESP2" ]; + }; + }; + swap = { + size = "32G"; + type = "8200"; + content = { + type = "swap"; + extraArgs = [ "-L swap2" ]; + }; + }; + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "rpool"; + }; + }; + }; + }; + }; + }; + zpool = { + rpool = { + mode = "mirror"; + type = "zpool"; + rootFsOptions = { + acltype = "posixacl"; + canmount = "off"; + compression = "on"; + dnodesize = "auto"; + relatime = "on"; + xattr = "sa"; + }; + options = { + ashift = "12"; + autotrim = "on"; + }; + datasets = { + "local" = { + type = "zfs_fs"; + options.mountpoint = "none"; + }; + "local/root" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/"; + }; + "local/nix" = { + type = "zfs_fs"; + options = { + atime = "off"; + mountpoint = "legacy"; + }; + mountpoint = "/nix"; + }; + "user" = { + type = "zfs_fs"; + options.mountpoint = "none"; + }; + "user/home" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/home"; + }; + "user/home/root" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/root"; + }; + "user/home/nipsy" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/home/nipsy"; + }; + }; + }; + }; + }; +} diff --git a/hosts/caladan/hardware-configuration.nix b/hosts/caladan/hardware-configuration.nix new file mode 100644 index 0000000..de0e516 --- /dev/null +++ b/hosts/caladan/hardware-configuration.nix @@ -0,0 +1,57 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, inputs, lib, outputs, pkgs, modulesPath, ... }: + +{ + imports = + [ #(modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot = { + extraModulePackages = [ ]; + initrd.availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "sd_mod" ]; + initrd.kernelModules = [ ]; + kernelModules = [ "kvm-amd" ]; + #zfs.extraPools = [ "data" ]; + }; + + environment.sessionVariables = { + #LIBVA_DRIVER_NAME = "nvidia"; + MOZ_DISABLE_RDD_SANDBOX = "1"; + }; + + hardware = { + bluetooth.enable = true; + + graphics = { + enable = true; + #extraPackages = [ pkgs.nvidia-vaapi-driver ]; + #extraPackages32 = [ pkgs.pkgsi686Linux.nvidia-vaapi-driver ]; + }; + + #nvidia = let + # betaPkg = config.boot.kernelPackages.nvidiaPackages.beta; + # pkgAfterFbc = if builtins.hasAttr betaPkg.version pkgs.nvidia-patch-list.fbc then pkgs.nvidia-patch.patch-fbc betaPkg else betaPkg; + # finalPkg = if builtins.hasAttr betaPkg.version pkgs.nvidia-patch-list.nvenc then pkgs.nvidia-patch.patch-nvenc pkgAfterFbc else pkgAfterFbc; + #in { + # modesetting.enable = true; + # open = true; + # package = if finalPkg == betaPkg then betaPkg else finalPkg; + #}; + + printers = let + brother = "Brother_HL-L2340D"; + ip = "192.168.1.20"; + in { + ensureDefaultPrinter = brother; + ensurePrinters = [{ + name = brother; + deviceUri = "ipp://${ip}/ipp"; + model = "everywhere"; + description = lib.replaceStrings [ "_" ] [ " " ] brother; + location = "home"; + }]; + }; + }; +} diff --git a/hosts/caladan/services.nix b/hosts/caladan/services.nix new file mode 100644 index 0000000..4644188 --- /dev/null +++ b/hosts/caladan/services.nix @@ -0,0 +1,35 @@ +{ config, lib, pkgs, ... }: { + + services = { + + clamav.updater.enable = true; + + cron.enable = true; + + dictd.enable = true; + + iperf3.openFirewall = true; + + printing.enable = true; + + #smartd = let my_email_addr = "nipsy@bitgnome.net"; in { + # enable = true; + # devices = [ + # { + # device = "/dev/disk/by-id/nvme-WD_BLACK_SN850X_4000GB_23162P800005"; + # options = "-a -o on -S on -m ${my_email_addr}"; + # } + # { + # device = "/dev/disk/by-id/nvme-WD_BLACK_SN850X_4000GB_23162P800014"; + # options = "-a -o on -S on -m ${my_email_addr}"; + # } + # ]; + #}; + + udev.packages = [ + pkgs.vial + ]; + + }; + +} diff --git a/hosts/common/core/default.nix b/hosts/common/core/default.nix index 771fa0d..8a0fe8a 100644 --- a/hosts/common/core/default.nix +++ b/hosts/common/core/default.nix @@ -9,99 +9,99 @@ documentation.dev.enable = true; documentation.man.enable = true; - environment.systemPackages = with pkgs; [ - acl - age - bash - bc - bind - binutils - bpftools - bpftrace - bzip2 - colordiff - conntrack-tools - coreutils - cpio - curl - diceware - diffutils - dig - dmidecode - elinks - ethtool - file - findutils - fping - git - gnugrep - gnupatch - gnused - gnutar - gptfdisk - gzip - htop - iproute2 - iputils - jq - less - lshw - lsof - lvm2 - lynx - moreutils - nano - ncurses - netcat-openbsd - nettools - nix-index - nmap - ntfs3g - nvd - oath-toolkit - openldap - openssl - p7zip - parted - patchelf - pciutils - procps - progress - psmisc - pv - pwgen - qemu_kvm - recode - rsync - sg3_utils - smartmontools - socat - sops - sqlite - ssh-to-age - ssh-to-pgp - stoken - strace - sysstat - tcpdump - tftp-hpa - traceroute - tree - tshark - unixtools.xxd - unrar - unzip - usbutils - util-linux - vim - wdiff - wget - whois - wireguard-tools - xkcdpass - xz - zip - zstd + environment.systemPackages = [ + pkgs.acl + pkgs.age + pkgs.bash + pkgs.bc + pkgs.bind + pkgs.binutils + pkgs.bpftools + pkgs.bpftrace + pkgs.bzip2 + pkgs.colordiff + pkgs.conntrack-tools + pkgs.coreutils + pkgs.cpio + pkgs.curl + pkgs.diceware + pkgs.diffutils + pkgs.dig + pkgs.dmidecode + pkgs.elinks + pkgs.ethtool + pkgs.file + pkgs.findutils + pkgs.fping + pkgs.git + pkgs.gnugrep + pkgs.gnupatch + pkgs.gnused + pkgs.gnutar + pkgs.gptfdisk + pkgs.gzip + pkgs.htop + pkgs.iproute2 + pkgs.iputils + pkgs.jq + pkgs.less + pkgs.lshw + pkgs.lsof + pkgs.lvm2 + pkgs.lynx + pkgs.moreutils + pkgs.nano + pkgs.ncurses + pkgs.netcat-openbsd + pkgs.nettools + pkgs.nix-index + pkgs.nmap + pkgs.ntfs3g + pkgs.nvd + pkgs.oath-toolkit + pkgs.openldap + pkgs.openssl + pkgs.p7zip + pkgs.parted + pkgs.patchelf + pkgs.pciutils + pkgs.procps + pkgs.progress + pkgs.psmisc + pkgs.pv + pkgs.pwgen + pkgs.qemu_kvm + pkgs.recode + pkgs.rsync + pkgs.sg3_utils + pkgs.smartmontools + pkgs.socat + pkgs.sops + pkgs.sqlite + pkgs.ssh-to-age + pkgs.ssh-to-pgp + pkgs.stoken + pkgs.strace + pkgs.sysstat + pkgs.tcpdump + pkgs.tftp-hpa + pkgs.traceroute + pkgs.tree + pkgs.tshark + pkgs.unixtools.xxd + pkgs.unrar + pkgs.unzip + pkgs.usbutils + pkgs.util-linux + pkgs.vim + pkgs.wdiff + pkgs.wget + pkgs.whois + pkgs.wireguard-tools + pkgs.xkcdpass + pkgs.xz + pkgs.zip + pkgs.zstd ]; hardware.enableRedistributableFirmware = true; diff --git a/hosts/common/core/nix.nix b/hosts/common/core/nix.nix index 14252d8..c6279dc 100644 --- a/hosts/common/core/nix.nix +++ b/hosts/common/core/nix.nix @@ -24,6 +24,13 @@ in { }; - systemd.services."nix-daemon".environment.TMPDIR = build-tmp; + systemd = { + services."nix-daemon".environment.TMPDIR = build-tmp; + user.services."nix-gc" = { + description = "Garbage collection for user profiles"; + script = "/run/current-system/sw/bin/nix-collect-garbage --delete-older-than 30d"; + startAt = "daily"; + }; + }; } diff --git a/hosts/common/core/shells.nix b/hosts/common/core/shells.nix index 0469b8c..f02ec63 100644 --- a/hosts/common/core/shells.nix +++ b/hosts/common/core/shells.nix @@ -1,8 +1,7 @@ { pkgs, ... }: { - environment.systemPackages = builtins.attrValues { - inherit (pkgs) - bash - zsh; - }; + environment.systemPackages = [ + pkgs.bash + pkgs.zsh + ]; } diff --git a/hosts/common/optional/db.nix b/hosts/common/optional/db.nix index af6766e..d4410bd 100644 --- a/hosts/common/optional/db.nix +++ b/hosts/common/optional/db.nix @@ -1,8 +1,7 @@ { pkgs, ... }: { - environment.systemPackages = builtins.attrValues { - inherit (pkgs) - mariadb - postgresql; - }; + environment.systemPackages = [ + pkgs.mariadb + pkgs.postgresql + ]; } diff --git a/hosts/common/optional/dev.nix b/hosts/common/optional/dev.nix index c25ab08..8238424 100644 --- a/hosts/common/optional/dev.nix +++ b/hosts/common/optional/dev.nix @@ -1,20 +1,19 @@ { pkgs, ... }: { - environment.systemPackages = builtins.attrValues { - inherit (pkgs) - autoconf - automake - cargo - cmake - gcc - go - nasm - perl - pkg-config - python3 - rustc - virtualenv - yasm - zig; - }; + environment.systemPackages = [ + pkgs.autoconf + pkgs.automake + pkgs.cargo + pkgs.cmake + pkgs.gcc + pkgs.go + pkgs.nasm + pkgs.perl + pkgs.pkg-config + pkgs.python3 + pkgs.rustc + pkgs.virtualenv + pkgs.yasm + pkgs.zig + ]; } diff --git a/hosts/common/optional/ebooks.nix b/hosts/common/optional/ebooks.nix index e25a76d..1805b7a 100644 --- a/hosts/common/optional/ebooks.nix +++ b/hosts/common/optional/ebooks.nix @@ -1,8 +1,8 @@ { pkgs, ... }: { - environment.systemPackages = with pkgs; [ - libgourou - calibre + environment.systemPackages = [ + pkgs.libgourou + pkgs.calibre ]; services.udisks2.enable = true; diff --git a/hosts/common/optional/games.nix b/hosts/common/optional/games.nix index 39a07cd..71bcd95 100644 --- a/hosts/common/optional/games.nix +++ b/hosts/common/optional/games.nix @@ -1,23 +1,14 @@ { pkgs, ... }: { - #environment.systemPackages = builtins.attrValues { - # inherit (pkgs) - # godot_4 - # mame - # mednafen - # mednaffe - # winetricks; - #}; - - environment.systemPackages = with pkgs; [ - godot_4 - mame - mame.tools - mednafen - mednaffe - protontricks - winetricks - wineWowPackages.stagingFull + environment.systemPackages = [ + #pkgs.master.godot + pkgs.mame + pkgs.mame.tools + pkgs.mednafen + pkgs.mednaffe + pkgs.protontricks + pkgs.winetricks + pkgs.master.wineWowPackages.stagingFull ]; programs.steam = { diff --git a/hosts/common/optional/google-authenticator.nix b/hosts/common/optional/google-authenticator.nix index 09079d8..721346e 100644 --- a/hosts/common/optional/google-authenticator.nix +++ b/hosts/common/optional/google-authenticator.nix @@ -1,10 +1,9 @@ { pkgs, ... }: { - environment.systemPackages = builtins.attrValues { - inherit (pkgs) - #other - google-authenticator; - }; + environment.systemPackages = [ + #pkgs.other + pkgs.google-authenticator + ]; security.pam.services = { chfn.googleAuthenticator.enable = true; diff --git a/hosts/common/optional/misc.nix b/hosts/common/optional/misc.nix index 492d13f..c634c34 100644 --- a/hosts/common/optional/misc.nix +++ b/hosts/common/optional/misc.nix @@ -1,37 +1,38 @@ { pkgs, ... }: { - environment.systemPackages = with pkgs; [ - ansible - aspell - aspellDicts.en - aspellDicts.en-computers - aspellDicts.en-science - dict - encfs - enscript - expect - fio - fortune - ghostscript - imagemagick - inxi - iotop - ipcalc - iperf - mutt - poppler_utils - powertop - qrencode - radeontop - speedtest-cli - sshfs - (weechat.override { + environment.systemPackages = [ + pkgs.amdgpu_top + pkgs.ansible + pkgs.aspell + pkgs.aspellDicts.en + pkgs.aspellDicts.en-computers + pkgs.aspellDicts.en-science + pkgs.dict + pkgs.encfs + pkgs.enscript + pkgs.expect + pkgs.fio + pkgs.fortune + pkgs.ghostscript + pkgs.imagemagick + pkgs.inxi + pkgs.iotop + pkgs.ipcalc + pkgs.iperf + pkgs.mutt + pkgs.poppler_utils + pkgs.powertop + pkgs.qrencode + pkgs.radeontop + pkgs.speedtest-cli + pkgs.sshfs + (pkgs.weechat.override { configure = { availablePlugins, ...}: { plugins = with availablePlugins; [ (perl.withPackages(p: [ p.PodParser ])) ] ++ [ python ]; - scripts = with pkgs.weechatScripts; [ - wee-slack + scripts = [ + pkgs.weechatScripts.wee-slack ]; }; }) diff --git a/hosts/common/optional/multimedia.nix b/hosts/common/optional/multimedia.nix index f519992..03f8c03 100644 --- a/hosts/common/optional/multimedia.nix +++ b/hosts/common/optional/multimedia.nix @@ -1,13 +1,10 @@ { pkgs, ... }: { - #environment.systemPackages = builtins.attrValues { - # inherit (pkgs) - environment.systemPackages = with pkgs; [ - ffmpeg - flac - lame - mkvtoolnix-cli - x265#; + environment.systemPackages = [ + pkgs.ffmpeg + pkgs.flac + pkgs.lame + pkgs.mkvtoolnix-cli + pkgs.x265 ]; - #}; } diff --git a/hosts/common/optional/pipewire.nix b/hosts/common/optional/pipewire.nix index da69705..ef50b9c 100644 --- a/hosts/common/optional/pipewire.nix +++ b/hosts/common/optional/pipewire.nix @@ -1,11 +1,11 @@ { pkgs, ... }: { - environment.systemPackages = with pkgs; [ - easyeffects - pamixer - pavucontrol - master.pwvucontrol - qpwgraph + environment.systemPackages = [ + pkgs.easyeffects + pkgs.pamixer + pkgs.pavucontrol + pkgs.pwvucontrol + pkgs.qpwgraph ]; security.pam.loginLimits = [ diff --git a/hosts/common/optional/sdr.nix b/hosts/common/optional/sdr.nix index 8e1e5d2..8362605 100644 --- a/hosts/common/optional/sdr.nix +++ b/hosts/common/optional/sdr.nix @@ -1,10 +1,9 @@ { pkgs, ... }: { - environment.systemPackages = builtins.attrValues { - inherit (pkgs) - fldigi - sdrconnect; - }; + environment.systemPackages = [ + pkgs.fldigi + pkgs.sdrconnect + ]; services.udev.extraRules = '' SUBSYSTEM=="usb",ENV{DEVTYPE}=="usb_device",ATTRS{idVendor}=="1df7",ATTRS{idProduct}=="2500",MODE:="0666" diff --git a/hosts/common/optional/services/dhcp.nix b/hosts/common/optional/services/dhcp.nix index 3eed193..36f8bdb 100644 --- a/hosts/common/optional/services/dhcp.nix +++ b/hosts/common/optional/services/dhcp.nix @@ -7,10 +7,10 @@ "tftp/undionly.kpxe".source = "${pkgs.ipxe}/undionly.kpxe"; }; - systemPackages = with pkgs; [ - ipxe - tftp-hpa - wol + systemPackages = [ + pkgs.ipxe + pkgs.tftp-hpa + pkgs.wol ]; }; diff --git a/hosts/common/optional/services/nsd/bitgnome.net.zone b/hosts/common/optional/services/nsd/bitgnome.net.zone index 038a860..06a93a8 100644 --- a/hosts/common/optional/services/nsd/bitgnome.net.zone +++ b/hosts/common/optional/services/nsd/bitgnome.net.zone @@ -3,7 +3,7 @@ $ORIGIN bitgnome.net. $TTL 1h @ in soa ns.bitgnome.net. nipsy.bitgnome.net. ( - 2025033101 ; serial + 2025062901 ; serial 1d ; refresh 2h ; retry 4w ; expire @@ -29,7 +29,7 @@ $TTL 1h ; name servers ns in a 5.161.149.85 ns in aaaa 2a01:4ff:f0:e164::1 -ns2 in a 67.5.119.0 +ns2 in a 174.31.3.240 ; srv records _xmpp-client._tcp 5m in srv 0 0 5222 bitgnome.net. @@ -67,10 +67,10 @@ mta-sts 5m in cname @ ;royder in cname @ ; external machines -arrakis 1m in a 67.5.119.0 +arrakis 1m in a 174.31.3.240 ;darkstar 1m in a 66.69.213.114 ;nb 1m in a 67.10.209.108 ;terraria 1m in a 128.83.27.4 ;caladan 1m in a 104.130.129.241 ;caladan 1m in aaaa 2001:4800:7818:101:be76:4eff:fe03:db44 -darkstar 1m in a 67.5.119.0 +darkstar 1m in a 174.31.3.240 diff --git a/hosts/common/optional/services/wayland.nix b/hosts/common/optional/services/wayland.nix new file mode 100644 index 0000000..20c9996 --- /dev/null +++ b/hosts/common/optional/services/wayland.nix @@ -0,0 +1,93 @@ +{ config, lib, pkgs, ... }: +{ + environment.systemPackages = [ + pkgs.chafa + pkgs.evince + pkgs.feh + pkgs.gcr + pkgs.geeqie + pkgs.ghostty + pkgs.gimp + #pkgs.gimp-with-plugins + pkgs.google-chrome + pkgs.grim + pkgs.gv + pkgs.inkscape + pkgs.kdePackages.okular + pkgs.libreoffice + pkgs.libva-utils + pkgs.mako + pkgs.mangohud + pkgs.mesa-demos + pkgs.mpv + pkgs.polkit_gnome + pkgs.rdesktop + pkgs.read-edid + pkgs.slurp + pkgs.st + pkgs.sxiv + pkgs.tigervnc + pkgs.turbovnc + pkgs.vdpauinfo + pkgs.vlc + pkgs.vulkan-tools + pkgs.wireshark + pkgs.wl-clipboard + pkgs.x11vnc + pkgs.xclip + pkgs.xdotool + pkgs.xorg.appres + pkgs.xorg.editres + pkgs.xorg.xdpyinfo + pkgs.xorg.xev + pkgs.xscreensaver + pkgs.xsnow + pkgs.xterm + ]; + + programs = { + firefox = { + enable = true; + package = pkgs.master.firefox; + }; + + gamemode.enable = true; + + steam.gamescopeSession.enable = true; + + sway = { + enable = true; + wrapperFeatures.gtk = true; + }; + }; + + security = { + pam = { + loginLimits = [ + { domain = "@users"; item = "rtprio"; type = "-"; value = 1; } + ]; + }; + }; + + services = { + blueman.enable = true; + libinput.enable = true; + printing.enable = true; + }; + + systemd = { + user.services.polkit-gnome-authentication-agent-1 = { + description = "polkit-gnome-authentication-agent-1"; + wantedBy = [ "graphical-session.target" ]; + wants = [ "graphical-session.target" ]; + after = [ "graphical-session.target" ]; + serviceConfig = { + Type = "simple"; + ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1"; + Restart = "on-failure"; + RestartSec = 1; + TimeoutStopSec = 10; + }; + }; + }; +} diff --git a/hosts/common/optional/services/xorg.nix b/hosts/common/optional/services/xorg.nix index 7dccdd3..e0150f4 100644 --- a/hosts/common/optional/services/xorg.nix +++ b/hosts/common/optional/services/xorg.nix @@ -1,46 +1,44 @@ -{ pkgs, ... }: +{ config, lib, pkgs, ... }: { - #environment.systemPackages = builtins.attrValues { - # inherit (pkgs) - environment.systemPackages = with pkgs; [ - chafa - evince - feh - gcr - geeqie - ghostty - gimp - #gimp-with-plugins - google-chrome - gv - inkscape - libreoffice - libva-utils - mesa-demos - mpv - polkit_gnome - rdesktop - read-edid - st - sxiv - tigervnc - turbovnc - vdpauinfo - vlc - vulkan-tools - wireshark - x11vnc - xclip - xdotool - xorg.appres - xorg.editres - xorg.xdpyinfo - xorg.xev - xscreensaver - xsnow - xterm#; + environment.systemPackages = [ + pkgs.chafa + pkgs.evince + pkgs.feh + pkgs.gcr + pkgs.geeqie + pkgs.ghostty + pkgs.gimp + #pkgs.gimp-with-plugins + pkgs.google-chrome + pkgs.gv + pkgs.inkscape + pkgs.kdePackages.okular + pkgs.libreoffice + pkgs.libva-utils + pkgs.mesa-demos + pkgs.mpv + pkgs.polkit_gnome + pkgs.rdesktop + pkgs.read-edid + pkgs.st + pkgs.sxiv + pkgs.tigervnc + pkgs.turbovnc + pkgs.vdpauinfo + pkgs.vlc + pkgs.vulkan-tools + pkgs.wireshark + pkgs.x11vnc + pkgs.xclip + pkgs.xdotool + pkgs.xorg.appres + pkgs.xorg.editres + pkgs.xorg.xdpyinfo + pkgs.xorg.xev + pkgs.xscreensaver + pkgs.xsnow + pkgs.xterm ]; - #}; programs.firefox = { enable = true; @@ -69,17 +67,24 @@ services = { blueman.enable = true; - displayManager.defaultSession = "xsession"; + displayManager = lib.mkIf (config.networking.hostName != "fangorn") { + defaultSession = "xsession"; + }; libinput.enable = true; picom.enable = true; printing.enable = true; xserver = { - displayManager.lightdm = { - enable = true; - extraSeatDefaults = ''greeter-hide-users=true''; - }; + displayManager.lightdm = lib.mkMerge [ + (lib.mkIf (config.networking.hostName == "fangorn") { + enable = true; + }) + (lib.mkIf (config.networking.hostName != "fangorn") { + enable = true; + extraSeatDefaults = ''greeter-hide-users=true''; + }) + ]; - displayManager.session = [ + displayManager.session = lib.mkIf (config.networking.hostName != "fangorn") [ { manage = "desktop"; name = "xsession"; diff --git a/hosts/common/optional/sound.nix b/hosts/common/optional/sound.nix index b07de35..6d369ed 100644 --- a/hosts/common/optional/sound.nix +++ b/hosts/common/optional/sound.nix @@ -1,51 +1,51 @@ { pkgs, ... }: { environment = { - systemPackages = with pkgs; [ - artyFX - audacity - bespokesynth - boops - cardinal - carla - chow-tape-model - cmus - distrho-ports - fluidsynth - #master.fmsynth - #gearmulator - geonkick - guitarix - gxplugins-lv2 - lilypond-unstable-with-fonts - lsp-plugins - metersLv2 - odin2 - oxefmsynth - polyphone - qsynth - reaper - rosegarden - samplv1 - sfizz - sorcer - surge-XT - synthv1 - talentedhack - #master.tunefish - v4l-utils - vapoursynth - vital - vmpk - vocproc - wavpack - winetricks - wineWowPackages.stagingFull - #master.yabridge - #master.yabridgectl - yoshimi - zam-plugins - #zynaddsubfx + systemPackages = [ + pkgs.artyFX + pkgs.audacity + pkgs.bespokesynth + pkgs.boops + pkgs.cardinal + #pkgs.carla + pkgs.chow-tape-model + pkgs.cmus + pkgs.distrho-ports + pkgs.fluidsynth + #pkgs.master.fmsynth + #pkgs.gearmulator + pkgs.geonkick + pkgs.guitarix + pkgs.gxplugins-lv2 + pkgs.lilypond-unstable-with-fonts + pkgs.lsp-plugins + pkgs.metersLv2 + pkgs.odin2 + pkgs.master.oxefmsynth + pkgs.polyphone + pkgs.qsynth + pkgs.reaper + pkgs.rosegarden + pkgs.samplv1 + pkgs.sfizz + pkgs.sorcer + pkgs.surge-XT + pkgs.synthv1 + pkgs.talentedhack + #pkgs.master.tunefish + pkgs.v4l-utils + pkgs.vapoursynth + pkgs.vital + pkgs.vmpk + pkgs.vocproc + pkgs.wavpack + pkgs.winetricks + pkgs.master.wineWowPackages.stagingFull + #pkgs.master.yabridge + #pkgs.master.yabridgectl + pkgs.yoshimi + pkgs.zam-plugins + pkgs.zynaddsubfx ]; }; } diff --git a/hosts/common/users/don/default.nix b/hosts/common/users/don/default.nix new file mode 100644 index 0000000..3c700a7 --- /dev/null +++ b/hosts/common/users/don/default.nix @@ -0,0 +1,32 @@ +{ pkgs, inputs, config, ... }: +let + ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups; + uid = 1001; +in +{ + users.groups.don.gid = uid; + users.users.don = { + description = "Don Arnold"; + extraGroups = [ + "audio" + "video" + "wheel" + ] ++ ifTheyExist [ + "adbusers" + "networkmanager" + "vboxsf" + "vboxusers" + ]; + group = "don"; + home = "/home/don"; + isNormalUser = true; + openssh.authorizedKeys.keys = [ + (builtins.readFile ../nipsy/keys/id_arrakis.pub) + #(builtins.readFile ./keys/id_other.pub) + ]; + + packages = [ pkgs.home-manager ]; + #shell = pkgs.zsh; + uid = uid; + }; +} diff --git a/hosts/common/users/nipsy/default.nix b/hosts/common/users/nipsy/default.nix index 5eacd6f..9d5bfe6 100644 --- a/hosts/common/users/nipsy/default.nix +++ b/hosts/common/users/nipsy/default.nix @@ -1,9 +1,10 @@ { pkgs, inputs, config, ... }: let ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups; + uid = 1000; in { - users.groups.nipsy.gid = 1000; + users.groups.nipsy.gid = uid; users.users.nipsy = { description = "Mark Nipper"; extraGroups = [ @@ -26,5 +27,6 @@ in packages = [ pkgs.home-manager ]; shell = pkgs.zsh; + uid = uid; }; } diff --git a/hosts/darkstar/default.nix b/hosts/darkstar/default.nix index 910e077..2133099 100644 --- a/hosts/darkstar/default.nix +++ b/hosts/darkstar/default.nix @@ -4,7 +4,7 @@ kernel.sysctl = { "net.ipv4.ip_forward" = true; }; - kernelPackages = pkgs.linuxPackages_6_12; + kernelPackages = pkgs.master.linuxPackages_6_15; loader = { efi = { canTouchEfiVariables = true; @@ -22,10 +22,9 @@ zfs.package = pkgs.master.zfs; }; - #environment.systemPackages = with pkgs; [ - # wpa_supplicant - # somethingelse - #]; + environment.systemPackages = [ + pkgs.speedtest-go + ]; imports = [ ./disks.nix @@ -102,6 +101,7 @@ "nftables/forward" = {}; "nftables/ssh" = {}; "nix-access-token-github" = {}; + "ssh_config".path = "/root/.ssh/config"; }; }; diff --git a/hosts/darkstar/services.nix b/hosts/darkstar/services.nix index 7304b48..929ced4 100644 --- a/hosts/darkstar/services.nix +++ b/hosts/darkstar/services.nix @@ -42,6 +42,7 @@ local-data = [ "\"darkstar.bitgnome.net. IN A 192.168.1.1\"" "\"arrakis.bitgnome.net. IN A 192.168.1.2\"" + "\"caladan.bitgnome.net. IN A 192.168.1.4\"" "\"jupiter.bitgnome.net. IN A 192.168.1.11\"" "\"saturn.bitgnome.net. IN A 192.168.1.12\"" "\"uranus.bitgnome.net. IN A 192.168.1.13\"" @@ -51,6 +52,7 @@ local-data-ptr = [ "\"192.168.1.1 darkstar.bitgnome.net\"" "\"192.168.1.2 arrakis.bitgnome.net\"" + "\"192.168.1.4 caladan.bitgnome.net\"" "\"192.168.1.11 jupiter.bitgnome.net\"" "\"192.168.1.12 saturn.bitgnome.net\"" "\"192.168.1.13 uranus.bitgnome.net\"" diff --git a/hosts/fangorn/default.nix b/hosts/fangorn/default.nix new file mode 100644 index 0000000..360aeec --- /dev/null +++ b/hosts/fangorn/default.nix @@ -0,0 +1,84 @@ +{ config, inputs, lib, outputs, pkgs, ... }: { + boot = { + kernelPackages = pkgs.master.linuxPackages_6_15; + loader = { + efi.canTouchEfiVariables = true; + systemd-boot.enable = true; + timeout = 3; + }; + supportedFilesystems = [ "zfs" ]; + zfs = { + devNodes = "/dev/disk/by-label"; + package = pkgs.master.zfs; + }; + }; + + environment.systemPackages = [ + pkgs.signal-desktop + pkgs.wpa_supplicant + ]; + + imports = [ + ./disks.nix + ./hardware-configuration.nix + ../common/core + #../common/optional/db.nix + ../common/optional/dev.nix + ../common/optional/ebooks.nix + #../common/optional/games.nix + ../common/optional/misc.nix + ../common/optional/multimedia.nix + ../common/optional/pipewire.nix + ../common/optional/services/nolid.nix + ../common/optional/services/openssh.nix + #../common/optional/services/tlp.nix + ../common/optional/services/xorg.nix + ../common/optional/sound.nix + ../common/optional/wdt.nix + ../common/optional/zfs.nix + ../common/users/don + ../common/users/nipsy + ../common/users/root + ]; + + networking = { + firewall.extraInputRules = '' + iifname "wg0" tcp dport ssh counter accept + ''; + hostId = "6f1faddc"; + hostName = "fangorn"; + networkmanager.enable = true; + nftables.enable = true; + }; + + nixpkgs = { + config.allowUnfree = true; + hostPlatform = "x86_64-linux"; + overlays = [ + outputs.overlays.additions + outputs.overlays.modifications + outputs.overlays.master-packages + outputs.overlays.stable-packages + ]; + }; + + services.openssh = { + openFirewall = false; + settings.X11Forwarding = true; + }; + services.xserver.desktopManager.xfce.enable = true; + services.xserver.videoDrivers = [ "amdgpu" ]; + + sops = { + age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + defaultSopsFile = ../secrets/fangorn.yaml; + + secrets = { + "nix-access-token-github" = {}; + }; + }; + + system.stateVersion = "23.11"; + + time.timeZone = lib.mkForce "America/Chicago"; +} diff --git a/hosts/fangorn/disks.nix b/hosts/fangorn/disks.nix new file mode 100644 index 0000000..fdef7cf --- /dev/null +++ b/hosts/fangorn/disks.nix @@ -0,0 +1,102 @@ +{ lib, ... }: +{ + disko.devices = { + disk = { + nvme0n1 = { + type = "disk"; + device = "/dev/nvme0n1"; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "1G"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + extraArgs = [ "-nboot" ]; + }; + }; + swap = { + size = "32G"; + type = "8200"; + content = { + type = "swap"; + extraArgs = [ "-L swap" ]; + }; + }; + rpool = { + size = "100%"; + content = { + type = "zfs"; + pool = "rpool"; + }; + }; + }; + }; + }; + }; + zpool = { + rpool = { + type = "zpool"; + rootFsOptions = { + acltype = "posixacl"; + canmount = "off"; + compression = "on"; + dnodesize = "auto"; + relatime = "on"; + xattr = "sa"; + }; + options = { + ashift = "12"; + autotrim = "on"; + }; + datasets = { + "local" = { + type = "zfs_fs"; + options.mountpoint = "none"; + }; + "local/root" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/"; + }; + "local/nix" = { + type = "zfs_fs"; + options = { + atime = "off"; + mountpoint = "legacy"; + }; + mountpoint = "/nix"; + }; + "user" = { + type = "zfs_fs"; + options.mountpoint = "none"; + }; + "user/home" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/home"; + }; + "user/home/root" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/root"; + }; + "user/home/don" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/home/don"; + }; + "user/home/nipsy" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/home/nipsy"; + }; + }; + }; + }; + }; +} diff --git a/hosts/fangorn/hardware-configuration.nix b/hosts/fangorn/hardware-configuration.nix new file mode 100644 index 0000000..17a6bc6 --- /dev/null +++ b/hosts/fangorn/hardware-configuration.nix @@ -0,0 +1,33 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot = { + initrd = { + availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "sd_mod" ]; + kernelModules = [ ]; + }; + kernelModules = [ "kvm-amd" ]; + extraModulePackages = [ ]; + }; + + fileSystems."/boot" = { + device = lib.mkForce "/dev/disk/by-label/boot"; + }; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. + #networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true; + + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/ginaz/default.nix b/hosts/ginaz/default.nix index 209a02e..c01595e 100644 --- a/hosts/ginaz/default.nix +++ b/hosts/ginaz/default.nix @@ -1,7 +1,7 @@ { config, inputs, outputs, pkgs, ... }: { boot = { initrd.kernelModules = [ "amdgpu" "zfs" ]; - kernelPackages = pkgs.linuxPackages_6_12; + kernelPackages = pkgs.master.linuxPackages_6_15; loader = { efi.canTouchEfiVariables = true; systemd-boot.enable = true; @@ -11,9 +11,9 @@ zfs.package = pkgs.master.zfs; }; - environment.systemPackages = with pkgs; [ - signal-desktop - #master.wsmancli + environment.systemPackages = [ + pkgs.signal-desktop + #pkgs.master.wsmancli ]; imports = [ diff --git a/hosts/ginaz/hardware-configuration.nix b/hosts/ginaz/hardware-configuration.nix index 24f60cd..670a58c 100644 --- a/hosts/ginaz/hardware-configuration.nix +++ b/hosts/ginaz/hardware-configuration.nix @@ -23,8 +23,8 @@ graphics = { enable = true; - extraPackages = with pkgs; [ nvidia-vaapi-driver ]; - extraPackages32 = with pkgs.pkgsi686Linux; [ nvidia-vaapi-driver ]; + extraPackages = [ pkgs.nvidia-vaapi-driver ]; + extraPackages32 = [ pkgs.pkgsi686Linux.nvidia-vaapi-driver ]; }; nvidia = let diff --git a/hosts/jupiter/default.nix b/hosts/jupiter/default.nix index d5f95fc..4c996b4 100644 --- a/hosts/jupiter/default.nix +++ b/hosts/jupiter/default.nix @@ -4,7 +4,7 @@ #kernel.sysctl = { # "net.ipv4.ip_forward" = true; #}; - kernelPackages = pkgs.linuxPackages_6_12; + kernelPackages = pkgs.master.linuxPackages_6_15; loader = { efi.canTouchEfiVariables = true; systemd-boot.enable = true; @@ -17,8 +17,8 @@ }; }; - environment.systemPackages = with pkgs; [ - wpa_supplicant + environment.systemPackages = [ + pkgs.wpa_supplicant ]; imports = [ diff --git a/hosts/kaitain/default.nix b/hosts/kaitain/default.nix index 706bb57..76a7424 100644 --- a/hosts/kaitain/default.nix +++ b/hosts/kaitain/default.nix @@ -1,7 +1,7 @@ { config, inputs, lib, outputs, pkgs, ... }: { boot = { initrd.kernelModules = [ "zfs" ]; - kernelPackages = pkgs.linuxPackages_6_12; + kernelPackages = pkgs.master.linuxPackages_6_15; loader = { efi.canTouchEfiVariables = true; systemd-boot.enable = true; @@ -14,8 +14,8 @@ }; }; - environment.systemPackages = with pkgs; [ - git-review + environment.systemPackages = [ + pkgs.git-review ]; imports = [ @@ -60,6 +60,7 @@ secrets = { "nix-access-token-github" = {}; + "ssh_config".path = "/root/.ssh/config"; }; }; diff --git a/hosts/neptune/default.nix b/hosts/neptune/default.nix index 7fdef31..6262969 100644 --- a/hosts/neptune/default.nix +++ b/hosts/neptune/default.nix @@ -4,7 +4,7 @@ #kernel.sysctl = { # "net.ipv4.ip_forward" = true; #}; - kernelPackages = pkgs.linuxPackages_6_12; + kernelPackages = pkgs.master.linuxPackages_6_15; loader = { efi.canTouchEfiVariables = true; systemd-boot.enable = true; @@ -17,8 +17,8 @@ }; }; - environment.systemPackages = with pkgs; [ - wpa_supplicant + environment.systemPackages = [ + pkgs.wpa_supplicant ]; imports = [ diff --git a/hosts/richese/default.nix b/hosts/richese/default.nix index 5d9e2fc..cf42235 100644 --- a/hosts/richese/default.nix +++ b/hosts/richese/default.nix @@ -1,7 +1,7 @@ { config, inputs, lib, outputs, pkgs, ... }: { boot = { initrd.kernelModules = [ "zfs" ]; - kernelPackages = pkgs.linuxPackages_6_12; + kernelPackages = pkgs.master.linuxPackages_6_15; loader.grub.enable = true; supportedFilesystems = [ "zfs" ]; zfs = { @@ -10,9 +10,9 @@ }; }; - environment.systemPackages = with pkgs; [ - git-review - master.openstackclient-full + environment.systemPackages = [ + pkgs.git-review + pkgs.openstackclient-full ]; imports = [ @@ -57,6 +57,7 @@ secrets = { "nix-access-token-github" = {}; + "ssh_config".path = "/root/.ssh/config"; }; }; diff --git a/hosts/saturn/default.nix b/hosts/saturn/default.nix index 1e7d21c..34a4c29 100644 --- a/hosts/saturn/default.nix +++ b/hosts/saturn/default.nix @@ -4,7 +4,7 @@ #kernel.sysctl = { # "net.ipv4.ip_forward" = true; #}; - kernelPackages = pkgs.linuxPackages_6_12; + kernelPackages = pkgs.master.linuxPackages_6_15; loader = { efi.canTouchEfiVariables = true; systemd-boot.enable = true; @@ -17,8 +17,8 @@ }; }; - environment.systemPackages = with pkgs; [ - wpa_supplicant + environment.systemPackages = [ + pkgs.wpa_supplicant ]; imports = [ diff --git a/hosts/secrets/arrakis.yaml b/hosts/secrets/arrakis.yaml index 5261c80..b17393d 100644 --- a/hosts/secrets/arrakis.yaml +++ b/hosts/secrets/arrakis.yaml @@ -1,10 +1,11 @@ nftables: ssh: ENC[AES256_GCM,data:7XB18w9GPsqxT3MOjfxOyYIjgDZoPzWhKTJIGkhcRGXpf68OekCA0Jv3v5g81pxYNHQz5ky1//T5eEEhskBNT1dalScYXMm90CUOlYKHF975SW46p9ht357vUHngxnu4/Dh36Zmn7u4CMxUIeYsVXXVqujCFH+Ypuy7702hwyNJWa/u5Ik8rlsMMtO8aO+31xMf8MaCGVghDzXqXWaV9FJuuH69TJW0tW1Td2QD9yaMkH1kVSRXYi34Zbgcmf6MzGtWkytexjLqejegFUZ/7D6vQrGQIwYkTmtBvqlf0UUOKkZzXRp9e0ScWNnGJKbQSMes1ablDzwcuTzF6HS04Aykf0/CN8k71PxojWdd8HJEEKp1rL2CFW8LB/7CY8MD5zP4JcUilNiyzaFFQU93BRPg+7T6Dhk+qNIYCRaG/xLxzi4SxVSfMhI++/JwhOFatk9hOs3z8d4JgvMgTN0gKZJftt17CJMlAq3iDNvQC8aiIVaGHKoCSDUBBGS4zI75b8AcWRcSUNTixWnCx89KBBzQYTy4h3ZO0n6SsQvKyKdPWcVpnQtRqcToEJcCwvdwZXW3RfuRutmJb19yxIIagKEqWVYvgxIEZ19aV6HLJwUEnP761VsnskTVXbdPIctl4H5Mdg++K919ZVNZ56I0sE3c4TKukVsT+bn84ymoF/BUO+yvszptiCtpoJMLM/MPBbDT+3HB/rdi3gZKi1/MS3uj9cDTQJa6HeXd0PxxRXrBZnMJouUhMdrfVeUdLRpzZbVEcL7BYy3IBWAT5UUsJ+UrkOgK9nySe0NQ27gxSpooOIaxg8QRH0KB5p6hn2cwIHXT6GqbWdxE9T0G3hQmAvab7xpPA0oDRW4jb236vzBvBt7dWlw3QxRZXClaa2f1tYY7e499xQ+KqgC/zaBHJy74dStbc+aVQQwUyy8PqQ3OkaKL4uAsJHbjNmomTtt4OLwWfJvPY1QprfrbyXpFF5hNupi7aiItluKVpTvw+Sou7N1gmcNsbYunVJC6MMN7TGw+YL9kQ6h+5hDnyOt3sa31mZpIU95+PV6vpdxxkT1NC/HskJDPfcnoYnVj7PuyaRij2yRdmL+o6bN1NhEGl6dDuGy3gW5wos03bb9voMlhStuxrvRjUr/db3U1Z1O5winpWyRsDxkZR2EA4MweNbkWSS3FrZkuY1pYJd2RClrUIfuviB9gBXwntkaD06NJlXYlHr989cWuqrxIJ+tjHwThwozQ8knYs+Aa8bIFiw6BoBeOxl2d4QHml+4LmuWxaRSx4RLprgXCvJewqClbxk+4oyW5NqXxtXIHCQawCW+Z8my9j1hfNgM6Ct4L3hH0IRE2wZML3URRlkPI/FpvjitR0IauPl090mQa/kSfAjd0pcdJy37garUh9xIxkwmoyF6i2lmb3KSrK9G0rYmVMYIM2BVFTICr7yEguX/azw8uSLNdjENZ0D8bLvFhjoYrBf2WryqPrvtwh8nH2Q6XBGvPMgO2Aj9x0UgxVoHFrFi1qsoKqJpDrrIGGqYMKDS+m3VorQ3DAoCOMS6A739rOzjxFvi6ZtA03v1W4bDtldmydiMYpBEIA+ZVw0+1NwsSq+vEEIuyhiA05ev8KrexFyixmMvmqS2iGoJ/0MqpYPDnXwbQS66HY+ipn3Ds0RyZdH1cQEgi89p77nb6tjMLBRdsvkoVGwXQqVsmbMbtDsBX8wyzc5GMjG5oY5nO0FQcnudQuA3BBHWFL4Q+eaPGDx27s9sQxKBRaPfMgBBMV63/nmAcSYaqN8S4lVHWrpZvUCxehZ+5rx5tmI0625JODfN0GWK/ef0XRGNBW1I1KZAw3XmhAo+a0jaWTMaQz++JuV0MpVD8/xViOMBQdNHlBoWyUb9ArdkF2gzjOsWW1zeAFT+KPVPFXu/fQ1ZTN4aUnomC2uLpfKBYkQp1qkXx+BNAWFfzEmv6BJbtJaT432S7KnRJTCyQVyATlnMI1hOgkZO+y1OTXguhy4OBbxjmkib3OpUt0yLGI4cb1s8JtA1T4ZDlK6u70+rE1AlYtRAc3OotAhbOv9Uo071Pr8CA6eCzAt4Y/gGcss/AJ7LB0rG4OCXw/N+ic5N9n0YGn3Zp2XRqheLVWrgZiuN7gj+rORS3EpLUb6JnkanXWM5dAY/gWbRd8+iF7cCRCtnkaARp9Uch77SntUdllX+AGIMnRtcAU1cYkEBzKsDLF0PPZQzPXE4z5cRH7rnDSTLixATHS70vwGkBOe7NukiXBVzK7GBCXP1nzJevb7BeeUg9rDcsCxyejoc7YA8+pczMNxl4wjx3H2/x+JhMWrYcZQdhi8Vzaeoz0ulW8xZ6tO4JhLPA/Cb66B0tq9Za6f+uaJOIfqnl0xem6Rif2qUiKkSAZ4rN/2j8pRj9BMXCvKSttvG6hTTaprCe9Jn9rGi84rnIwZmN98C9KyHaTeKPC2NC4ooCsxOZtpeCCXNfFhqDVGL15NhwCravL/8pKf9bFhKW8DOkZRPy7jWtCCfIu0kkuZUkBLfT1lQ6eXKB6P6sC04IgBPV8Euw3woPOgGkJXCfLnxLljgvn70P3VQ==,iv:OnEBPu/havLABMuANjiKMEmhPX2tk/PlyDY0FwvQnsI=,tag:Qny6XbCXMhAr1AjZjr0ucw==,type:str] nix-access-token-github: ENC[AES256_GCM,data:1kkcaybmrEUrU9lqjKpaEqBBqtmTU9Teh0sEh+7PmAYoJEkyngT48Zzo8zpxN+wHdD9l/XV0iT3tDT/xY0ZMtawdXUI=,iv:8XYmmL0Md3eVLkvW3YkxN3gzGwY6DBvPA2XBdC8ccQ0=,tag:La0H5RJIwV3Ed3jVfqxlog==,type:str] -ssh_config: ENC[AES256_GCM,data:OjZ79joE5H4vcPpgC8o7u65Z96kpc36k+wA76/+aedb1O0oAEZFa/4imtJl88bB9LwvGMitqcvr0WOZ7nakY2y9kEKoVyEYQfkM61h7U8SazZsgHcuuR7JQ03TqUTYw66H/7qvHOcOftHTlp09HKvePuUOS22sPjU20JsV43TdrVcSICSLe8FgLMbojiWzM3uepKN1/7XBQWm1ntkhG7OTRJOvtsCsoE+lJX1Q0xN1NgwjvQotEpjC16m82f4wfq1Kv2RKyafJxTQRjhlxy4TtIYJ6UEM3aBL666+lGKuT6gbqFInVprIhqj/FAKKWmKrw9mqm3LCOQVcNJS4byfUfozMyBMzIlhusMHuqp6x0lR0y3Cfg3EvOWIGdrcu8uwQt2XkqrfFD3/jDfL+bf4CNZD2wHT9mdQXJyhzbTo2V8P3I9VifB0bLAvb8XFb16bcjyO2L7+eb5UA0c1fBKsF6Rol8p5SKwWu2y21B/gVlNOb5YYQn2fDLgTjg0DFQs2dW7uYlfVc4PS37KNQaxXT7qd3COCnuJ5/OVvWZK4hDAs8dEnYgD/bixdl8k8QiB5F2P7sTXFrfGsxaXaUGeG,iv:FQLz3J/+o4TeWsq7dF358DErIMbF9Fq2bJaz5vEwpdI=,tag:PDvywy9MasIrDAyrC3Ge8A==,type:str] +ssh_config: ENC[AES256_GCM,data:f0nNWKZxV+MjG+Jx3JVDiGaPwryaJxivRJrdPB3Ks7vJgieey5xLXkyBbEzFps/S2YLod4MAMQvsvunx4U54Dgz5kJQR+NfsQ4pVdYenqNYxpyCqM1n+oSWwmW0l1Z4F717OsDiadaAp6RJ58GK1pNB/AyV/Xns0EbSyqiwUGTgb/Mb6MeVm01djrfXzEYNHoBVuUA8b0LxdL1xH8CQwmPcbpMHItrO9MWIdHNZrz1YKD4EOfqt9ei0DwdvYbMqqOPrw/5Sgn9oViX/yJxWDJ1M8CHNAWMfAZfnr0ATQCYE75PhOAhuHhsZQBmUUCj1hr0b/Qb9Lc0agS8lvYRJXEIkMDoFu5bOAZkjmrOATnu2GOAynMr/tjMqPFBYmWdIfJcGRe55pW8ulbqnxcfvlDSmLGABc+sIr50IVwsBlzxSPoZhH6Hm+7i0Vs3Ep7VM/0Bcuyvd7z9NGKJp/wWAeUrT4ccJJSt5/1HVHcYF2rs0u0JZ2KNr4hdzGafC1353jQ03UC2yzZff1Jtv5nnrxQrlm1rBjbB5pxk99zVs8hWg9y7+Y44xw7PQ7UUrZTGd95khj1E00Qe0YFHxid4UPXoOGhZ282bziVBoJgmzdkAq/ekC3nZ38SSD/oKOnZNto76uBx/Q8ndwP4IgxWOkP9EKpsMvQFYyaoXCwdOKX8yNHUZy6wCW0WMEzWeCv1ixHhMF2rAFUu+jcd0outRQTaxBCvDwAnQqHWmY0ixk/L2r4Lf9IpYBGZ89xlcqnUTXKD6wu5AfWeMU2SxmzsF1AWSA/WBUjqW5nTfTr,iv:uXbX67nw8uot2BeeeU0wMNZ+xK+gJ6Xy42jriUZ0gjQ=,tag:AkRAMlnyaxvCVAQy1a2zGw==,type:str] wireguard: arrakis_key: ENC[AES256_GCM,data:jJxltF+jMKMchavpXWKGFmFI3K/Qkgmroc68nUzYL71kKR+WFMPUzDjXW0Y=,iv:RESrP6zChCIMeDn65mu7ULvfeT5QRRX76TdyOAjE/fw=,tag:0QXp38YwTJZS8phv9ObrhQ==,type:str] black-sheep_psk: ENC[AES256_GCM,data:ZBR7CQJLBltt9lTeN16SUte0xt90oVoJfvWrdF8gVAPQgvGIp/t3i5L2+eA=,iv:ilqCFzHhjgxU7FRcj0Ymi/t53NPt8QMJD56azsNQMe4=,tag:i4TIQryxzJpGaM8KGCVXQA==,type:str] + fangorn_psk: ENC[AES256_GCM,data:Ob994Cp+CDDfg4IEVGPnf265sDXe2zS9snehBvfr87x6kGq1YnKJQzkGXx4=,iv:mNDGwyRI0T3FHbPw9Z3NX+3/PmiIXiA+C1QUYYTdENc=,tag:Hz4qSjF7EmXA5ovnGLH3sQ==,type:str] ginaz_psk: ENC[AES256_GCM,data:Iy/jyCcXl5VnSArA+Uazww/refw+Flopi2CnUgXyB/lnL6ykqawztK6KSBU=,iv:rB9eeMXqa+ZptLenJs/x9yffu4s10YwI11A1EPUHY54=,tag:1rw8SyfXyKA9IW3SUfYbTg==,type:str] homer_psk: ENC[AES256_GCM,data:JaUJEWlcEhWeT+g5J+ysQ7rHFW8bxyDiciqrwL4JH493fQNCBnIkfJXtjfg=,iv:l95W7lVeBZhS2YwWN8biyFHBlAUwP7+DrSOVAhowC+I=,tag:q+wDpSGlT3nb+88yYMNzhQ==,type:str] lilnasx_psk: ENC[AES256_GCM,data:wssUtPGQfs2Gt63Iq+QD7nQsAaua/OP0tcTmxlWFPTjPF3PzU2Y8m/76B3w=,iv:1jSwB0XkC+Gcn2JRNcaGd3hhJebmdfaF1N6PNDEdkSU=,tag:GVigw9hi66q2+q06g+WumA==,type:str] @@ -15,10 +16,6 @@ wireguard: wg1_conf: ENC[AES256_GCM,data:FeRx87Ynsku8RPJ34HX4WZbvrl0NMKQVUueYevXhZi/uxehsttjqdZyhKGG8ZZW2rYNT7PADp90NcOYRuS2bquFuU+XSK21xDC7myk9EMHtEh1t2nk8ILYV590eQVceyQCb9XNjlypI0QJEBItODg9DAGHf9WqV232zj2NcXmUEFwdQpWt3NnFo7Dku1KTmNWIQhfKL96casrHP5j7YHASlbLC5xmieZ8IPasfozPCDwQJMxdA5PH5rr7DEcjIrOgYSqa7G9VcPWlBfiuyEI0MZVYhF2pl4P57LVZNDRf8XamOcsphnRfgr6JYArxrHl3H5r4Nbcz3I09W8rrw==,iv:qAB6GAKDLg4P0g+5cRPcOWS2DvW7dcMJp7Fb4hDArfo=,tag:cacQeEAR7gjA/40Msuh/8g==,type:str] wpa_supplicant: ENC[AES256_GCM,data:HHs6g3qaaeinVGgteExQvhE0CEC94WjJ0tV7pyI=,iv:6F+DYHieaWWo+V1F9yjwWT7PcdiIpH48nv1SUrFHePk=,tag:cpimCP+YNmCI+t+wpuXwHg==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - recipient: age1mkqxkwse7hrnxtcgqe0wdzhhrxk55syx2wpcngemecz0d7hugsnqupw3de enc: | @@ -38,8 +35,7 @@ sops: ejRLb2Vkd1B3QmxLSE1wUzgrazZJT0UKz1IQxYm7hagYtBsWTpk+f6/79ArRUgNL MfhHMQAwuuXjBSmuFolyU3UoWnDYK6uGAv5nlTJxESqj5eQBafItSw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-03-18T20:40:33Z" - mac: ENC[AES256_GCM,data:QTqow9+HbTDkMAfsVsiTIyac9xEU7kb+2z1u2oagUauCvtnCphCF0O+NzPwmOcFxhGn28AZ+K9EeKC5XGKcRI/bYY7wLhaz4DZVhYqTu2JSJ+2XweJOEA7JjgGa2rSEi8KTEe2adCHvf1zwyq1nmyFroJCqT5azvp91o11XwVZA=,iv:/WBKPz2TMw1S7+OVRpA5dPHNr7x18oi0NWXh3RcWOvM=,tag:bdfp9WF8X8FXFXjjaYpdKg==,type:str] - pgp: [] + lastmodified: "2025-06-05T17:59:42Z" + mac: ENC[AES256_GCM,data:K5w8k35R8wKpo/RS4eC5DyXcTdrxg4k0prBphXwMn8+oi/8/L6XYVUmhh6ftp2R4tMcV+Qvm1woMiBZaFJ71v5a1RytjxnIjNrDvGUYVq/Rcz4Owm5Zx5qSD5UvgleVxC2k26LciukJ4O+ZcC07kKMBt/NJeYNNh/oov74AENyw=,iv:COQg/3qEYjFITHFqThsQuimN7R8hp/GEChkOXb3MNVI=,tag:nHmO+hn1fTVqDtlnMuLzsQ==,type:str] unencrypted_suffix: _unencrypted - version: 3.9.4 + version: 3.10.2 diff --git a/hosts/secrets/caladan.yaml b/hosts/secrets/caladan.yaml new file mode 100644 index 0000000..dbbf048 --- /dev/null +++ b/hosts/secrets/caladan.yaml @@ -0,0 +1,29 @@ +nftables: + ssh: ENC[AES256_GCM,data:BTUQjgRlGhk3+p2uYAyN2X59YzYeBzSuMJ7MZ5Aaugrm360+OTejUHzUYcrqLVomFLe30uF5puXVKQGeCd2RIxQhyxHGPQ4liI4RwhYE2JAtGlAxoZCoHKSew3Rqpk5+fQgkJ4xGwFDyTa4KOKOYXKknrCkLOUc7jYXhGAfwopAMfGqsUFgFJVkJ+zIs5PCNAxZeneXGffb3tjdC17jh2gLdydmhCINUpn/CGKtta7aDqPD0yg1fHeHTd4jhkin0PoemGlBm4IVSv4FHK/P39dhSR27GRb/hqxxrkZyHK9uqx3REEbHGWWGjok2peVpLVMbKIxKU7yEYYJL5zq5/vnb7RsP1+Qrk3Z9ho83qUgOhXYoJVV2c0UrrZ2KKOojOakmkzgwK/FFBhpMu2JHzF5Qf5ngE/CXnOrdutw9ChXUarCUsbMFXDRIP+AgwqsCgOSSPTOgAfyKAkqUqOw0+cR9GhvEVpe6fxIAQf9s6vjYrFCUorsP/z6vDzkLu8Fodd/fkxIY5+nix18r5lrP8JU2LCIfpH3iPE62KgPZnFtUCs+blsgOh1+3ypw/zWB414hQYaEatoXgfUW13xwHdDuyQJBKjCm0QFenzisojfIDr6seDIYKoi0jnot0jU+4n6sCBdMP/xghscn+6oNUIQ22aWGeMVfGOkORIsJkCYHHLRIZ6axvRr1J7rRl1J7NaB1i0m26POe2XxjNrmQ4dE6FIN3ho/1ETv6JX40+95SU/F5skth6MeHwueOLHo5orJsSjYtttYYqL5FqPM6Pz3EQqAh2/bxuKKtDznVCZJgTx8X5cwdjw2uCBNxXnhPE2iRL4wE/udI6B5QOz2nAHYt4mR0QuRARvtbSbVZI6cCd5CVBfqo6DZbXF96PH0Ghgtrt9ZNGxJrKoljBmeogY2fgNpow3nmmoFoEoACxo8+eJp1AH9+Ma88xO0Eoq/jdNFfxkhpBdulDeRdHsf13tH85xqWk5lc2U6HNyqomF1wOWUcpoJf2vfBmA3y/JI2bsLW37OjciRLH4KAbyp2QPZhdILdQRgWTDkrWolzZ3ZW2kiM10q/8PtM/R/Ih2PggVKptJiUM1KFx8R5+dfTzi4sBNiBM74rUu385cuxo8f1opGT1biGBq9qh4t2p81yLeRQOm7iXvtoAE/BEJdlOXBgooXSK76R+tz/0JeQMuD2khbCrDHlY/35a/VphygPSAV5ztJWoHpo6cYezs4yWOotB63YnAWJktdMkNHzsGD1tWYr95u4+OMqWtMogvICyVD3HZlTy6NYlrOeHwthOW8yndpnFhXLh8PgKjyZ/bTH3QUSCmWuPowEMJ4mecWDYYneQYF2wr8hXYRkUlY3AogkNf6rJkMlXzkHxlK+wy4pF6KfaTMsGYIKiSczl+uGYJ/HWxSNeQXzIq0s9/POTs0IoeMdJehrFLQQyslKuxfOZgei7m0KT8nEaRMHQxc2mCBbLIah3ldWip+FOj4ASRDOXAFhKNyj8a+TLx+TrVXAFLOK4PrmaCpgp5IQyfHTYlYTgZlvXB+MywDUo34FKMA4InHRslTv3qpg/qQa9jRrqs0xhrvXJ7UDxOImHl5zxHwHUw/ltJEh+q63Y7DkNWrD5oB7gQKF2z70mJae13DgYzl8ADK0nQG4oR5sKdaH3O1Z+MWwP2+XpafLeWy8nvG7wKOekXR+cxajhN7B/fyTHYI8BHkYaVXyoLU3kUnwAuFfEDRxFj+ESWR3L6qRY1OPOl71fuGcaifKLkr6IM8TJ5x6/ffoGOHeS42aZZ/eKK23BlRMTchVts9whiPgyjTdn2o44MdIASZXeohPdnuIbfptxSH+gdTc0NWZnEtwsYMPPGovQ6sZQ5UHtDypQ96OlRS3xjFTKTYgDJsUQxieAzENjAEdghZArf4Sh4OVqdDiDUzP2YkXhPooPnkq4vhhWld0/zQMkjvlT+GKbNux82KXu6WTXG+YqyQ5KCNcZ8z+wvHlzAFoSK9/Nw+oXS+jpLUbjqbAJ09vEG6fqnA7EjLXSDDv+p8Wcn473Yz9wKp0G+PhVCQHld/FITB0+AoD0FWN7RxZx0T72YDn2vd+xpZ4Hc6MaLlseeWaLOBxe/Si2lPhwFG9ZWWwkzTnMyPd87iRgxP0w/w5NxyyY2IQOqN0EtR0+dFzBJuZfcBMuVe3gUzNhnhFO9nt+MynzVxsCij1Ez5NDCrmF0bpr/TCaiWVt/UuvoB0fQLSMawZ0eRC3BfiGD2L6lmoTv5i2bY997OWYAt7y/ajchk8UlYqJDQ5nM8OdQ4MW6BEKf6/j4MA1l7CsactHDpJwPStX90BGff7WCkx+eZ5XaCza+DE/NILD02XUfRqfYnvSW+9WzMtUEfvou9J79i4iPAsezsGkfI8ZCsg5dCVclA2mbQYqT8+3dY++5ICpvk1r0xyeBGAoThJlbWC2m0o4OmhrGMJwz7iX8uEPVEfwDlLsHVTdmrLirdKUhq2KfwjvARsjPDkCdRQf+uZsI2X5Wdl2yZFa/TdSshbfCsKEK0SsShdyUt7O5aqCjze73KahteWapZqnes4xrrKFQamHo/e1t1lxwVDO66EVhl23jZZZ6B5TdydTnAXoDiONOhm+zfF3mD6JhJrMc1v5fVFA3Eedif5hkwj+CiHSTaN3UERRf6rFb1VFCk7pbsc0xaqvTURJb6Mq1Kom8cmn3oOMJEBRJZLZS9cAawNbMlXJ+AxL4swxTAyl72Rdm1MYRPMxahBmi1OWuUdNXogpHnsy88Ri4Z83TcH79dub5dQCfN3hYDv8HsDpRJwqgHZwK4+Q4PRRa5yyxK3aUYOxRN1jQ0L4F2SaZt26I/j9eS7J4loY4o77Zt0tMzBCFLLV/1qje4xKF/dTzIw+kwJfRWCtZgTN+RL5lINHWTj5t4HVznkMZWk6pS5xexHyX11zu2TsZbEcF0aTbL9ByPJSrOgs0FVyPTajYTMpqRkjz4ZlYzOKwMVDnh/suj13YyC+gECXV8kpgh8CENEc3UhlOgvGrwF5j2O7hwkt0V0tBWNjxwK85/JWUUgR+UrsGTuziUClz3x+duu9+2t4QUjE3e3U6CS9/IEP7B76GxePO/jCf2+tp9MBCT6E2WiLav6X4cnksNcP0k4QNEKe3zBCOpQxBOBnnLe0f3w==,iv:UY/efikTAvIUfcciypnngPj7PhGjccoIeXRyew2Ft0s=,tag:QnYxLwkV9Oo9ETWAqIKNyg==,type:str] +nix-access-token-github: ENC[AES256_GCM,data:9+Yal5PsrtrQmpEmYp48dUs8i6U+ZBl2fm3WMz0ElKbFm8HvWaANgpxNoVUChj/GejqRtmJVkUR11m75Gh/Y4RhRa40=,iv:xffltN4QMFPCIUdVBA+ZzZJwMV1aiR+ZalGEUM6zxb4=,tag:nmM4RpKfFonvGgOMVeT9rg==,type:str] +ssh_config: ENC[AES256_GCM,data:zlEJ00GNq3WScqJ7hFTx4YLfTaEuN+GZF6HKew1vshX2nwqsRQMpumyIgPisl/WqPbTUCU13qAvwTbmN0vGna3WFA376GVAHIN+TzTWGdcaVzgI8wJF3c26k0GpYDvgsxW0QNR9BhHJvEE7ox6o/chPXUNS7Q4AwvD1YuOgQZc2kdBYC5zOZ6Z2/qPOLmVesn9+jbFBGfHNxCu/Vq1wXfCFhZ7+hY27R+BYmGc3uUPYrQ40WZgbLzBpkndxhh7dE7KlYFavJtaaRhnaN7i7/30xyO6IGBpuHBUxnryVwgCUx42fXjYMVe6tfYXsKYAbVhjgrJSwOB5Uf8W7gekr1qSRStROZC/Vnh2Enz3PwWYjXViyrWEpw9jXR3w8rCIQ0NJQXwvsRyEipujxmbs9MhywW7x8zC6txjg4Nd5gBNuaEsg4e82ARic65RQ6q8tvgLQj6ghR53nXA+GFv6ybbDgRuL27ki9wWHCy1oYOS1D58So3+ABAKzxayk6Eo3sQeBHO9bKVCZWwWYwuWtknKWf8HoedVhMUiimJ9MdgQsNEEuKL7g1OTSt+25KDBcnuUqh7fYbNi0AB4kiGTSrExQ7zzTIkKiDO3j0yL3M+lC8WoeBpYfmpuTWcVSYHmjQn8ggybdbEWRY/pdiRNChG11IHGZpS1v1hM5Dw05oGFFciCwOBFS7EQpetOYlKT9wl4Kof3cpqfQUE7q4AHSMkSWZX/t6xCFRv2V6jhSwSpvcf+CMGu+s+ND/kEjKpo/+HiyNp5GhyD6h1oPc+G3x78YVx1WI+wuzMccSp0,iv:8EtrGsi86BhlCrn5kNZSbvIq/D6RBjJ1AAt8x3x6Pns=,tag:OB8azq3ZWpMIZDMQp+ry3w==,type:str] +wpa_supplicant: ENC[AES256_GCM,data:UtDgnfUMvMyDeYLhOTvLYRj6Wm7uX9rm6Iuxg5o=,iv:lidCvrXwm3gCg7eTCLtOyyooDF+9eZ3bYdmK7cx9NAM=,tag:VpLfKf5onTg087n5ZeuWqA==,type:str] +sops: + age: + - recipient: age1rpjhlmc9sf3kcagg2fq4850vcxnvhmrrfggs30jckffjxxr89smsukj0f3 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDRWR2MUxlYmlXaFpsN2c4 + dU51ajY0czg5QmtDOU40YnByV0VWbUpzb2xRCnUwK3Zra0NrWWRybC9TNmt3cVVD + ejhza3Mvay8zNUlPVUJjSkUxQzAzd00KLS0tIEtqNCsvKzR2eXNIVTRvRWZVT0g4 + a3NMZC9xYlRlc2RxU1h6Q3VCUi80TkEKSCs6Y4l0McbmNmN1JX/B4xlk3kCpzUxH + vXCmtdm6ab6xYjPfRXvci9Z3Pxibi+s4hchiUi9EMRJk1YfXrOzbwg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1a9gp70y8576pkvklz2arz6h9ecnrjeue2vvh9mvvk92z4ymqrg4qdqm9va + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwdVNLSkNXQUNpeXVMVkhY + RHlMOVlSb2xnOFJnUTYwTHg4aVlEb3VDRWdBCkIrSXZGZHdYUVhlTU40Z29ROUd0 + ZVhCMzAwNVZ6UDVvOWU5RXYyaW9kVFUKLS0tIFZhcG90VzI1TnFEY0Q3ejB6SUJH + enMwY2xGMkRBNU1jenp5MWhBY1NmSkEKK8cpEKoyOQLEyA3TUqaRprTxbJH7lhur + E2V8leAbO4FLR7Qp3+9ymK1HIO/lcynktLlBHZtJLc+IrmyUguxqeA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-06-05T18:00:15Z" + mac: ENC[AES256_GCM,data:JKzxSGzEPIM7z5QfGZgZBXNUTvLOmP5Krkjt5CCt91MdlLJtksVjMzcMEE4hu+3maLXR0UsXn4W2K6IkMmyo8nU7vHhg/n40WIgeX0J8e7nx51VymJAsiisdijGtPbVovdK2qLjU7CRoKypfDNiV9dYLPbyzpNFKyCDdpbnBJ+4=,iv:MCRxJ6QsNWSfblgtIkJhnqap/qFg1OYzXHUYP137ihw=,tag:szwCMpyn2sWm15BJR16GeQ==,type:str] + unencrypted_suffix: _unencrypted + version: 3.10.2 diff --git a/hosts/secrets/darkstar.yaml b/hosts/secrets/darkstar.yaml index 37b53ce..28f24bd 100644 --- a/hosts/secrets/darkstar.yaml +++ b/hosts/secrets/darkstar.yaml @@ -6,11 +6,8 @@ nftables: forward: ENC[AES256_GCM,data:F32GGcjkvsha6rjTanGdkAB9h3fkzqkniXFzrjfvmh5tUjBckEm/L3L82olRzwRVCN/9SiC8+6wRiGnU1aItPtFkyJlA7pNORLHitVIKTyyKNSMLjEsWpt1v94UTRhNWC628Vc22XDULY2POfdSGLr38ynpL3fpUSJkFvhhwx8FjprzvogGDZ+NSaSKaqD04t9kbdGlefGoLNo1gqdutRbN7clqJnMN/Ip5hS0u7o2bDTQ7qmBFFGwAIwFUpyO1nGFl1c0D04GzFGedwm8Yl9on6mFG+8SfZvR5nxyv0tG/Zwb6OVrWiFv0LYYzE5064AM7K10A16E6as3t4R416sSpmWLFTHMWPzMICfXSAiEU5yQBYeVzmTAzrZzhJZgYjBls2C3DvgjwcVVfGUD3S6iwUNQBgfgh8FKmD6W0OhismnFFcte6yIo4mvwkldhT24hZqyHBg3m+wNetYybsCO+ivf1e81a7vA0GLcv5cL72B55vl7X/pYeiIgIln9Z92+T3/2YRnz5f0IHFkR9/tCi8oapyFmQirU739QCuuWWmoKP7d3cA5NyiofUCbPhO8QYN2d2xb35cNg1US1IexHBO1MV2mJPelnj1K3qCdmpIqEULlWkFKXkg1ssjW9ia7sNSFMxE6302Fu08Whnv4t7uOx/Movr10pLGuRYwO1nA09hK2gKaEmsIZ7UP0tiCAuvl/5vVCelNvIGAgCHRiVoA3GpfpI+LF/YXPwNeyWJANqwOdjl9pOQamVsUJbO/YGVthwVg7dLQNChGcArGPCBOm/aTVxiWiFmbPTRo93jVf7ovPUlhoqKIuhWKxlz15025Gzbm6Re0kDY3fZG4FKMXgaXDgNwgSr0wdCQUMmstgyOIRUao4k7qrnaiaXhtUmK2jlYjsZDvs8Uq9CILU4y/FYB4Z4I5cn1dazjMcNOLjX9Mtg9cfTyNrTZmu3TCze5694hU7O978CUZU5vrK5mzgusE5P9tDpi7RvLLZr/1+2N/V14wAmhJDAPygkgfAuN4IOn2h/P0TJ6jqLzP9p+iOfEhTVRxrx2veVE4+wi2pNY5GHSp/FXFtdCDEMSUc3wzNDDrOurFa4wNK8/0xhgsAnjyc+OlvL1Yf9sPgLJ+XJjDxmdfBeCHGkTK7TtXM93pzj9Vdto3dq66RPUz2FwJJ4xSq0SFOUaNHEC5p6Sg1rZnGvaUpfr9+G6C8rsk0z5wP6f6lOkLwXagKgQ7oAsJXB+hKV6yOLL0TYz8IWds7pHdhXYJtEQ3TeI32X1M0md1X/13Lq+m2XH049+/V/HI3cA9X6wj+t8nzKYqbnGIUwXr1f8WfRAPqJhLBl5zdI/PKtmrPMqmN5iiUrtYGSzzLgZOWHCJuvo2f2X+2ynyACY0lWG3DNFRh4aDzP+LaeY1+mZbvCaopEb7Uc7YUbJ3oyq+eeb7+mgb7lhjpe1kC7GtpdtRwTvIMMrQUXcngkyWFO26vYM8QPMRVIIWcdeSBk0qmF+t1oJBaaGVji4G9PvUCcpHXDoyao0FNfkcr606ELMMrBFPE7DVGU81M6+57NtjSAfh8KLuhKA1cQQU3U0ciSM1w1e/t73b9xmKGVShlTbm5yPmM9I7en6PV3aH5SpZv6LMovmp/PBl9r6ZWUg4tTU2iCj09cWlUjxaXX5h7AxUW7jA2ypsUOn7dgkCPFwr5gv+mfvkmeYGCtijusp9GMuAvL4Wp7Lg9SZC1/k0ocI3buLRbmAji69j+du4no8o+Vy7OHNqcnbtg/Qlnp65lRI4/Z+Bg0OZ18rSYJYM7BavNYHyxVgKDHo+5ypM6s0yigCpq6naI4A/kr1i3ST3rl6IFQQLhWjeH/FS9Ay34RGO8nk/62Htx4cTrmGUnr1VgLrtdBiHj2YkeJDa0/nfM1sI+EPv4tM9GOlMQU6OysJhBzWhHTqEQxVgUQhcacYv2OiOH7I4Az2TTxNnAjOiWY9TuazRiVeJlpTjCkiQfSdGgW4hD2nRbAQZ5X9LrQKZpI5Q5wXwI1lapmjW4m0t8cnEVXgxE5Gn1uH5TQpzzIpSIVRJjWvEeQP+EuotWjYCdx/1tj5PnYs3aiV2Us9QmTMAI2euNQ6DpNTFFpiFONSPDBzZ/IANPKWWFVDeMzBZKdllleUl5VYCWaTEd9JrbjRx/u9YrYlBDl5Xo/DCYJIoUFmusCdh1UfI9y64XYsPxrPNxrF+upisE9vxG/BRTDgxLBOenB3A5/Suba7RfHI0LBHVhO2ijJr3Nh0T/78ecnTE+1zBI41TtN8Y/2MGbs20ZSZtDFy27mf+YQLpYKFpXEOEdoTy51kVW2jn953x1lbNgwV+DWRPf25TNP+dFTZH+z4/Mv6F4RCyYS+VJL5SfGah76GpMxYodmE2iBbXyfUeUxKAeool7EZ6cIvhtwLaJuaUhvjKLd6ateSzAaAKbFVpdsgP7iSJd15YyTKmb,iv:lX4dz+VArj+I9yhy4tahlz8cNvnc/eDs69pKRbIWeEg=,tag:px+HxZRAHlKQA32KJJZwaA==,type:str] ssh: ENC[AES256_GCM,data:RA14V9O3PcGOoCfgj4nCILtwc4ER/hPC5HBzz91WhNHmUKzOlxy4zso6HSmSz6sMFBK7J77r3MO+6JKw8eNeHmx9fDDcboHFPcL1PQfYAJE6LNBS0e9d00Mi3k67DdNJZE4F/yOCGIrducvlCsJl/8S4zMMI9Ktum2sJFdkw0INgXoPVPSAQ6nyO5KKcboVtxeKc64RtcBZoO2CCSLhEdVJnE9AXB+l1Pk1926f2XHlS3Ci/Jh/uAwM/4uAeldQ2r3gRuzq9H3SIAgSNZhlJIVr9VDU9kZ28dNpDYhhdOrle1W1drj+9viJ6eeIxykhzZ/8kX34xik4UiMxW9vGO/VpdEdE1XRMqEIRp5L2ADBNCImbXEN5fbRo8+FlL9H+aAFDjBtxxalcSSqApYac6NcM7msF8Lewj4ED8FYXEsEIX7qA8XbVzJuFFYHhRWA6Lt+Gp9Kn6aaxZMF4fl7u35BFPggi1vwsb42la+yQAizk5x0t+fCCX5D8XRHmfCZYX6AYJeQhfzHETuSUu6p4asmhlx+8cJLtjMkkBc8lDscdK7NcuhPm3QzjQt3H7wAHQBzWrxStvBC77K2d3Xf/C6VERUdDvLK1El1oZAl9UmnxAK35kUqAKHHE2xheHQcw1rhy1D0dsX/rQLovTpPdczd/vqpkcJxHk0nH3rddySiyOaWsdoQ3DhpdX7h4PNTwcFJGVzbVR7+9pCnTJ4DTbc9H9G9xiX0vPef4cBuJQPXG8Bc+kMXOpV9uKt9KRoNtPG2M4IZvtaZNiS8qYB0LTjdHiY3C3NYvDc0pkDAIxDjP9TERWxuBCUlscmbXLAxDqB4zO6LBm9yVhMWxYyim5gH24UGD9D2g1piFGXKiSb4dXbrnxoRe/JoLITdWOOEkabVxqJr4KQF07MjTg1JNO3fPLMI6azElQSUj+2ZAy5dqPggg5xw8+h6yp7ZLh3zXaTlSroL+yA4BH8BjVuEa+jl9xqexKgB7zeHb6VhWmtONsffvQtk/kVucDwmXOiOnma1+pj6COoMur2e8bEK3Scap/k+B1b8D9SWMEXi61HxpEtHn6XH5DEdq7Pb12zs2FQEE4QvuaTIscMlvwrsMHkwW7WtkCj2sQFIuUAL4ayyccx+QomhB/hxWKZE83SztNfiAqTWAOaL0XfX3+4qgsehfEkdaUl3FCZvuObPPxIUcYu5Crl54O8B5fbOQE0dcvxMpuxVM6kt3O/jcmj/eri4NPmghBohGSrcJpZ3CUMjWbOJG3A2GFQWztFobkRW9N0K1Fg8UYzKr/lhzlPKiB72D7flghX1yMYfefOnD7vClPUY7oFmnf6sD0qYmZK49SGR6+b7z1bBaskaqhEx3zB214DvOxKGeiPuMVmXk3h7bGqJQ+ejiRcfQHMr1dpFCEMurTmoHwJPwB9fetOpaA0RAEr4pP0QKt8iuTT8MCZi3KBXaiPhZYtdyR5Ka9DETlmBoSeYgyzNht2bCf9nTLn0AJDGZNcZH/NUoy4kLFrhQ18mDIvKHCaALWabp5SnyASQRI/qIkE1DTH8JSkSrr2edz1Ag0SbTMhXsVuHUy3jPuFkNb1SBJxlXmvjHSny7gAr9HVVG2ClRzGtVOXiFHyYguNbmP1F8uqDvabbx8FvAGCEZeARFWQI4iFCe37rYjJE62byilC5LMBCQ5l4/kOYHVgPivPzV8qkZV8B8dQBvMjIvBOgQNvljqagDu0C66rZOTj9G16FDfYDRcdApL0xraAs/O8EgQWxzlB9cQPJmjecAVlF1wsqIbIDODKtTRY4dMYqKfhLoeCV4kPb4WjvoaLxBgbsrJylZKULkO+xbBCvvFhnFNQDOVFPe2ZhEwcx4Ji6j8GZhhyv2LsOdQcXGLgyTr7YM3z/M9DdlCKqlFolA6tod6+9CdUkhFfL7y2vBV3pyEHwyTwWMy5UQIprwm2Ht2RxejhpUcfVydjT/ISJ+aNMy+nq11rrQOlDFsF/E/Db0ngUbORNezWX5n8bqDxModmDLTwYwYT8qu4jruw/WMY1iEZPZzZE8xywRoKCzqN2KweUdEkv+Px6rxtOnNIkPtJxyq4I2L7/oJcaGU40e87KXhhm68qIajboyPM30WInOcGAcG5LwWlyrxwCpthDEcnNlXXghx9izXyqpw7s8hP0qsmRDeESckqn1KUfs98Jkbfg54nEdIT+JcHm0PjvqIHJB61IGWwN4l3SQXY5SKuUb7hSMItKC/FlDKWL5yk5qO55SlYfz0mrD/7Fqk9uFRzP94mswYh8uOkCHBC+WxL4/ashBZOPFZ+WErBAyDgV0LvdiEBN1zpJlAegDozPNXpOzG3rb7QcBr7kwkiHBtD6q7dhBZ51XKPcJPRjkFXDR9Rbj50k6wQHznuDNMA9lI42a6rFN3mr3G8h6mvD67x7b83IxwtLaf7Y0Nb04m/37sCJM1TbjP6jXvD0BdIAdbLc7Qk3K8F2cSIfNH/O7JI9WTvXxxOKtPdpRnnrOURpr4PnXEdJJ1ErujfCPPvFkr0BjpR1Xv2LYKmWISx2OblJnx/MAwECBacN69SX5qnJlaP1Mn769lR5quhAaBCpq0LmHSB1jqF5ap33VKHcB9EHs2ActJHMyn6GxRXSYudw==,iv:iE3MNeQkraGC3qvhP2CtVQv24XVzUQMJZuPa1JxlN9E=,tag:wU1dIUj/HoWD/QPHqHxcDg==,type:str] nix-access-token-github: ENC[AES256_GCM,data:CWFmo1vx9xGrsickiHtAehg7CLhDrV69yG9Ngca66ecsAeLKU32CDvL+3/9UTOA7lrHe88q0GOXMmbCfSDFA4M0sZWo=,iv:yfQzZ5qmKkkpL6T6I79HGByyt8nhdYnxR6D7DvKFaNU=,tag:WGg9oSbmZcy+3BAFTyf1vQ==,type:str] +ssh_config: ENC[AES256_GCM,data:7ZdTQR//YDvkfld0ewzK1mlMwxmdnH1Cuxo1JVtTBF7DOnx5o6tUkQS/sX30BzNqew59pN6lPbYToZOx1MVB9HCHUpNGiSu41RlNO22j0ihTHVleOk4/IqsfFKhrmpHlYoVXvPQm2803qRF3x8AAnR81AoBpdc5agD8Jqmpm8ISkBL+IPqL9LJN7IopMn3iBm1k2xz8Gml8E3VY4i7U4qxIaWVJLGNDXd0uxGIpjO/of+nL3ySIYGxoAzp7zX6lhyt5BOIkSpJoPJPI7QjlPOvGmLnpj4+RTFwIamYHzwQaAD+T6MyvO/40SzGVxvvWNvfz49UmO5s/wWMdYwRqMMQQniztDMwJ2cB7/YjWzJFP1H7H3VCxl1Lfz7CiYkMynFVWSNnoFuK//ii9WSHuXohgzyRjt2D1CGaWB4ufKM31Dfj0vYAq+NGcwl7PQRknP9uudRDj5/+Uw+cZcpDozZO39vJVTI45RHrtRTAeXZqMyeT9V14+2/QyzE9MRovr11ermAp4HivCd6/diodeEUERoJ4YSwafYMgNbx56dnbZ6CrsJZ91K3/j/l9Nq0JfLkYdWcR8pjJ+8MP7j1AGlzHgWha+DPMK7YULA5NaSBcOVt5WgObqmO3w6Uq2UWCkA/evXejH3hxn8lZqsJIRTayDwJB/ea1FrS0ryTuWTK+IT3PvFpKIFFKKJ6aRaATc2im7zcePikV3R6EETLe4mB7YgSGXCkMlM6q97myFKnOv+9lwVsd9elszWsapgThPqm89uWMUGrQEEW0ZlZi8VlfXU72SqGARengUIkOA=,iv:+535dLYm/zY5HIeXbpLaeMV/sx6b5BNV16VZApPIt48=,tag:zE2yzu1Nl3Cbqd1JdvmZWA==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - recipient: age1z6g6etwcer433v97lwjrruetdh9fswkgjh9w702wzdc2ydvy5q8ssrfy9r enc: | @@ -30,8 +27,7 @@ sops: ZTdpV09qUVZGK3FjTWRITFp5TGZFUkUK1E9IN+SyTV0r9l1bd+2z7zrsp/7VxCyG tEWZp8LmfkGEunspv6iDyxKbYxWqNqJxZuSVeMD4ZMx6YLwHfW797w== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-11-12T22:11:05Z" - mac: ENC[AES256_GCM,data:YgCiqSbW2qMrGM3SYO7F4xcgrdRaBcaLj8r53i9Nu5D75l7fA+qKTc89XCpNXlFMv15LHT3kKjfXqsH2Cyn8RyPvrHHd/Hnqa7paQPrcpQIRcpP8QTMCBNFJvzpaXUozwb3fpx1xY63Ydw/TDv1/PQBEJWzp9k/MDiTSZYOba+Q=,iv:9w88jxstxmvIScgCUtgl1hPkr/j76Rked3Kv9fhZQJ4=,tag:UvfTXI222OFtIqex+0mdhw==,type:str] - pgp: [] + lastmodified: "2025-06-05T18:00:42Z" + mac: ENC[AES256_GCM,data:huVLLX8pwCyI+scHY2h6tQ5AyaKw0JbZ1/Z/CjrhaRqhJjQxYwZolGqXqVbaUIh6gjDF227KipgkcotlzYI6cl2p7keI6IO9cDzs032+JTk/bctU6FX7oASEHmD1aSJSL5TU2FnxkcM5cYZdbYsB/gG7LegTvWhfKpKIxiAH5xY=,iv:XGrWx3Myw/ymt5XFKHJiTN3TLSI/aP3lFgnV9dnT2v0=,tag:wBS840QinxxXYZ8pk3ZLXA==,type:str] unencrypted_suffix: _unencrypted - version: 3.9.1 + version: 3.10.2 diff --git a/hosts/secrets/fangorn.yaml b/hosts/secrets/fangorn.yaml new file mode 100644 index 0000000..dd5ab96 --- /dev/null +++ b/hosts/secrets/fangorn.yaml @@ -0,0 +1,25 @@ +nix-access-token-github: ENC[AES256_GCM,data:5VERSDp1ROol58nG80J+84fBB7k8GyFd46U/D2+zW1iVV12Y+IbJf9SNuR0Wca1qOxR4v6qRZjkTOL/d72SwBCGfmkA=,iv:qn8u70EGF/2H7tQO86rLNQVPeoTuk9eyn0SFwrHpHRs=,tag:bPGqZUavVXzmZZGrMUkveQ==,type:str] +sops: + age: + - recipient: age15yqlem4d5h4mz808j72ccd8mrdu4p8hyal2k988jdcmtqrns23xq80896d + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUcWdVV0hNMlJSTnRPV1lu + WnRNalM4cjA2bUdYclRxcmFGSTVjMEYrV1FJClB6NGsrcnlpWDJWK1M1ZmtDbE54 + SmhwZk5VUTJGSWVEbkVXMkRydEJ2cWMKLS0tIGVBb3BBRnExd25FblNOR1FLWWF6 + NUU0cjAzOW1nblJ6SEZjN3NpZFJpRDQKwIG60pc821BmWTymHeyY1SSLy6jpFowN + 2AuzBldfk9Tm3g/bfcXV8Af/YQMX53xrYawUQiDALOHNAj7smZWvRw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1a9gp70y8576pkvklz2arz6h9ecnrjeue2vvh9mvvk92z4ymqrg4qdqm9va + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzZjFkcUxxM0VsV2RFSjhv + d0FyKzBZTllGTnRLL1d5NmNBT0R3b2dhZ1M4CkVEOTJ5SUpDVUF3N0hJWEtOL2xP + eVFnNkJST2R0U1RDZ1pOdTlGUzF3UzAKLS0tIEUydVcyMmFlMEpXemNKcnJsYS9V + M3F3blQ1dGxoWml5WEc1R0ZjblN3bkUK0+9zLdJi4u9JE3ijbP/SVNPqe6tXBcqw + gS+N2V47O63fjGM/VSXMywrB5aatwU9xUW5+A68qwgHCXTcHYGiHvA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-04-14T19:53:57Z" + mac: ENC[AES256_GCM,data:JlVFa18N4w+y4RIK5GG8XspsW6BL9U7IpU6IEpG3u4R+h/3UpLFvVqOE+sK4zdUaDNajHk0Hc3oE2RRsTaf0MUif2utqSpT1y7fqaVBj6LBrqH7pu3KNRnktfLb/VOyovAj6yT1Rmko1YtcKw6ZPu4r9t/Vi5FAZP1+3qLmWyv4=,iv:e9z7vP2W4AWACCEDto1eY2i0PwD4l6W3c6+KWcduwZw=,tag:LQoyet3sJKh4bpn+FE40Yw==,type:str] + unencrypted_suffix: _unencrypted + version: 3.10.1 diff --git a/hosts/secrets/ginaz.yaml b/hosts/secrets/ginaz.yaml index 5c59d9d..069d445 100644 --- a/hosts/secrets/ginaz.yaml +++ b/hosts/secrets/ginaz.yaml @@ -1,12 +1,8 @@ nftables: ssh: ENC[AES256_GCM,data:mGh0TM88dWZfymF7+Xt896POHOqoDrcsicncILYFRA5DBw3AjnaaG28Da+qcJ7/VrXGFVIRm4b8L+QeTJ9Uk/h1VEYUpmaPdqY4yaK9CPTDqKmLSLsTgrIvzbUjxJ062+KOx1ovGlLqpZnkiSgHyY2h7uYbxPnq+fvrboPRoxwZiIc8UQTs7KFsQolZPka5It5kXsa6mYdaCKYp36ypTCmD1dCnkneveiYxDg/58O9UJLSbMV7vbB2020B6ga8PsG/5UbFGMzOlktejgqgfr3ZQlU+A8E8Oh4S9uweDEBsg8W+XIDH3pV7qYflkUqCctunzUNdn94RtasAiBkLd5RIV23hiII4NbPnxke3jOtO/OElmU9WxXcIHX/obZ8pPnTZYNeeNxeubkph0KJJE0DKnEKFwetF0J4wnxj90R1hxAFYLXBOYEzVANuC8bVuVw0M0GB6yRzKbxA1uxeUAbq1njBurDfVAZwUh4y551YYTJJxRq+4VPDikkE7X35smRYgRzckxhWnNvg1mggcI+ZUuGkp9XYjHOwifumib1i95xeXAD5aIiS3GTTTFPLajOlbJhdU9RHA/6WY98PEJmU4sybWS1REMkI3LfxjibLACds9B3NQYpbwIrYu4WdLrio5eQp8ifAUv1nMQAfJDYX+Vd1TEAqcv01kWiad2FVrNSy1CVphGfTHHgOfk+P/UpLMnC/OmbvTrc74wgmBVdvnMkOca4JvT94d8VtiriJ8vr8l2xOqA8A0sjph8ucInZ7GXIV91fePwFH50kYHQE7a0sSTtGMvzKjRg2/7VtgubY8tNSUO/u5FNXKbPYBwhYKB8DXI5G1m9otPa9PeobeLsLcovRyqfVhqzAIw0htQYvHHC6RZwkHptAa3RcxeB0+dj4IxB7yzayWCcNVcQHdJ+bSB897hgo5c/k26+TnYhz97STlS+/pf4h0To4JnS/+67nFqHMoRUTlmL70JAxkkwvjg+5T76+pFQFB3cPRZF48fiBo2NhpF0PWiSUB9uEIKjfyq5mwQ9tEHDTjv25V8qxcpQitu4W8ydO7L+5ovln68oPaZC5vSe21m4p7msDtg27Y6GLHTVCdFFSi9CmXgb3JCawLWDXkVMpMch1bFYcsOOumYZjBsmosK0Yi4zCZAreSJ6O8pakyjfG/T81a8wPySEjin6NGLj5rEo04YqXqIEoG5hCNQz1WIIsqfeeVZYMhQ2e5jlxqATbvnq8y4dVfP9riuUA1YAYmmwrwTw3OEnhShxtyl49s5FctmPxCPEoskzpQ1rvv45xDyvKN1QrlInu1O/TXPddpbs1eFRiyPBV+rzAwW5ULlsxy5letfqkQZiKMZ0bVIdpgJaTeKeCrZeg5khsRpxf7CIWhCRftzrVaesZKM3YGYGmlOO4FALQbg0vXQlJQBCidNVgtG8v0n/b0TCiLl+pmaItlp8GGYUHrKWLg/iNXQ4EDiXwfxF2TdSRtqkOIQQxo8Odz7fxccGGQNOeD/xCAVZuZgwOtcGGtzBaBIz18pttLRLIfzPr4WnCqlycApux1g8UhyK9zPo9kjeFnwHAseMi7sZb5iQwzSPpT6osZF127g9rgi/ck+1AB8EEsB8AOYw4DmKFCHQ8S7OuWMpAgqtphsy2sW0QOBHdp62bqZBlFofYokw1c72+SoW4ZsTwqX5ECc2pcwdDsdse9jyTHSppap/NguvgLtgfv7uz9tVw6T/Mw5Sq5MlwxFY3J0PFIJU1KjxXGmoTowor+QJVds5PxnWFBX5u6jsHs9ifcub7ddaNXuQHPGcqbyNp/T6pH51/NyymnWRq8/RcHE3DFFFYDl2J9/WY9+y1Q35o8fMo7XWJ5FqArogtAyDE42EjxCvujUos3JJKqcSUueKBimO0oJ1TzgpTCrYi4OoP54dVNRFSGVq5dFAkJ9Dmpeh4a/v1Gxuk9ujvxbRZso8GfM7gnr2FIK3hinipT7F8RHVx07YnJehM93Ul9m237OwJl5hpBBsFRy+yIuBoxd5DEeN3nPuztEOovW5lR+Sj0RB6ipJc5kaHTVx0bZm2SwPVr9RaWeHBq4j2b3HP5+frgR/vnPo3q6RQJLKamLh30mAxtzTV4F77N6LEXp9JFhs9ytv5y9MYwotHIjO6sN6pop1vcIpm/b4tKeYyUDJ6JDVuy/oroS8uAtf378gTRlT/P/ekDLRymyySvwWQ/TVtm5iF0vjt3lUdpwNOoY3J5TJZejCLbDOcShE7PDfKtf0QKGNBmxNh3gqtqDQ5YWoQirTLUv9B2Q7JkRpYZ+gLnkXMe0eu7QFcrjUMGeJwe7F4EOjBd7Xy6Wh72BVi54sYuuWWIgCOAFCjMDqMiLGdu2itnMJN33epOnnj3Dn2liqTDubSRpRaYE5/thVeRXKs+myuiU70R8mKtxol5/0i1HGrolT1Sq5k4O3t4Ibj/rhjqpmQU036T/211YS3DH9MMsP2YlOOv4NXBfptwJ+hKY3R2IoXI/FVHF1q0/8b24+kVefCZ4tOlKViPVLnYlYuxw72ztzhheKsSLMJy/UzMJMV4p250IsPAO8locfPIw==,iv:zHwrBGfdoz2j/5Qko5QNDkh/kkJ/bD/aHvEL5DACmKI=,tag:9YELKHujgP4p5yO5vAwZog==,type:str] nix-access-token-github: ENC[AES256_GCM,data:D0VIVA6O4vTDkg//+NgV0pptpSGFkSi8YtbcjjXTQyYLK6j6QJ1Zxhz1SaHZadWNjJgilMjoOHZOg742fdusxwzJTQ0=,iv:pjdlfeRW9v4q4+S/6voEFPOvwQMQYd2ehQS2k0MNAuI=,tag:HG3+7EfbD1XTjxE2UjTV3g==,type:str] -ssh_config: ENC[AES256_GCM,data:WY7WwOu+ev0+Js8xNjRQYHzAy3arKdQY5IfXHFPLwY1Yz/Z+nXIMfL4vg9kjnjteNqVVfzzk9cjaMBxHvU4cqhznipFUjhV6LuIqVcRUersyVgquluQHEUt6WRbOY0QVbI2jUzPPrgjGlW2KDS62rxKhviC+JSULi3oJEZcB2Ko9I2Lyll6jW+ESUiiYB647bdQz5+638iY3M/2FgijLawr9a7qHP4J7h2U+9LfFj+L3ilVqz+u8YJenspKEMg/n0Oi+EMQfY/wq7zzhhxt+TCVa6Tlh7HEgdRrrjLaRLJZx1nsX5+nzdSthJ+lWYKodVlw3XeexJ7kRBp0/a6tKzsDcJvGIbOnAtgCfneS62CATgawcjTn+VzMC9esOuGsbeEu74I0fZgGNVxvd4PhcONe45Gho5S2ztaGLQdxC15y6e8Yv/fjw+lSN5ngvngDBBt3FAneYzvhwup8D5gUGS3xr2audXCka77Oqb6bGjg==,iv:bUG0wSgImCIQ80vfQs95FhreM557uzBi6FFn6VQAFG8=,tag:lmLVb35Oi5HXv6DPkaXAWA==,type:str] +ssh_config: ENC[AES256_GCM,data:sEEnFAoiJcn2zAptd01UOfP9e+9HIba0iq3ylATVYu6QHMOeojwCa4jDFtR22Sb4tvlcaKIeYseKhQfMfHopK8Bqz696mSHyrlROrxNZxYg7YvWol0ksN+xNLa7ALTQoI+boQoobpHbZiEQ9OhwUyZBP+Y2ovU3ipXXL3fqaqC/l6oqsSytKv8WDjgoNtTtdbr6NHgM8RMuu72YIMvMYOt2NRoQiqhEzdn/3NOZC7eLz1SV+JKVcm9rogfV9BSjivP+x5lp5KwUUHsbDVIL7LT83jkx+FXZe6CsuVX3Qbd3mErNSDxLDZtxYBUwECt8Ku8wvWf82IQDHMQEwF5zu6Lq7aPi+fZK1CTvsS5X/ar0HMhBwbBkljgnPr+U/CrS5vjouYP7tcuJXxAsSkgACKgZtj9cc38dEqVltR7J4KcZ43nhjci5CeH6Xr9S/wxQRoPxwXfy6cSFHlt5uj4Rkli49f5dqC2fNz8LF77ceygQA3wgCKir+28tWLVSfMO6Xu88BG7fNWldCnkaWQNIMvXAJs03i6XZONXVWP8svfBRbcY9tbhwh0OPT60V4pI3TGuGiAw/kWwswKl4sPz6Fj9/yeCuynoSYXU7PKUgB6ZWZ8Y4eK4+uddSfOKwaQGqeDBz4oJ7X5IH776J8WtBZ/J5D14zgHkJh1ELl2ldaYdjFhQfruBTCILIhQCwcY/DSCWdv9LExIj3Wh5Piv2w1cUmP5HIO0BVk47vial+lWZm4KCU3AwxNwyME3CfqRh7TIzK8Ufi7MZBXHC26e5EAfK5g6Du/I6hVlTjnRDrGqUyF/+c=,iv:yX+/BGMQplX9e1dyLxJ5e81z8tPgI6x67xqqJrFbpzw=,tag:FFiFgWdsuRdSdAbNf44Sng==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - recipient: age1900zc5caephklavvjxp0g4qqvyqlzg3sux69y9p092g3d3qck3kqz62reh enc: | @@ -26,8 +22,7 @@ sops: Nmp5TTVkNFNqd29PRVlRZ2lZWDhaQVEKQ5dnzV8gqd21v6AlUfpOrBTyzvpEC2kr VF7UR0f3VOvnaJ5fDB4nrcHthYbQtxuzhV2wuvZFh+fBle5xRgGRIg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-03-18T20:30:06Z" - mac: ENC[AES256_GCM,data:GznKrPan9U7A9+98Ey+P4xWpRwrsTQ/E5rkypXGBH5nyLXuimyNIrb/p5d5pws/gtdOGMmDIAuOvzzo8BcfFljgIaBK557E1E5Oq6pskmNnIv4gZNjHSncmsA87NGEZYF+gkQijQB6lDL6uZmAz4g5IcWsQltMYlnRv3wM+rYhk=,iv:3IKa5siOFxsLXkBECpx3wimt/s99RtmETmB80mpnU2E=,tag:yhT85gINaoFqKBLTdrEXbw==,type:str] - pgp: [] + lastmodified: "2025-06-05T18:01:08Z" + mac: ENC[AES256_GCM,data:VaYnO0cCKoxY2cvnmqr4MqkTjSOzlBY8z80uxksUxrfWnWCkBtIPHG5gHi7HKn6LnlREUquzHoSSfmpIoKpMjdsOlFunPnrG876uGhNFxHROocixxZJV6yIsClgRx3FCwe1M3iT0NDAYq3zzNrL2bTx1MOx4C97Ki4BuISn4/98=,iv:dUUpbFa7e+Qa9FV9ALEVPifQNrPkv5oYsA6djgYEq10=,tag:s2abIa6FX/vPsUr7M3kEfQ==,type:str] unencrypted_suffix: _unencrypted - version: 3.9.4 + version: 3.10.2 diff --git a/hosts/secrets/kaitain.yaml b/hosts/secrets/kaitain.yaml index 255695a..951aa75 100644 --- a/hosts/secrets/kaitain.yaml +++ b/hosts/secrets/kaitain.yaml @@ -1,9 +1,6 @@ nix-access-token-github: ENC[AES256_GCM,data:OcAY30aGdCEHyl6DW6mYOLI166w/bGBeTKQ645EG3lL0k1IHvu/ox/PG28AjlcCj4pZHeYxEVIYut6a9VoPNjRT3ohA=,iv:8kRcGkGm+6hWAQ0/0FwqDeS7i0GE8cyd0YsC9J6kl54=,tag:G1J/5pK9dQ2N29oz5byVuA==,type:str] +ssh_config: ENC[AES256_GCM,data:pm2kOAyplRTTlQdIGOrX0/T+dGWUH0XdoVdibWY8qGUzgQ80NYGWgM6bHm272OeMKrCLE+0Rtgjzt90HF7cj00V7ER1CK2hJaLmQypsGEBel3PkdhO9oPmSJk9TtydtAldMA/OQEAtZkVm2+1AGiGdvuwNF2PMyJUXSGxqU/uCLpGhQoQY3QGFytsrnsNbsmZplwg5+tT/JI+d56ol2Gm2hvYtEWX/2PunQR2nim0HHDuCLojxXIR1oLbz8l1MU6PsZMHIKvBMbn27OIC4AHFENWbvsKzxK5YZk6DOX+ZnRiyYQ36+ykzAaNXXXuvGufPbKMOySJ4GBKKvxtGd95HeDH8fknVUly5/MraVnjymTmVAQfUm3/eQPxAkA6Lno5UOmxeYUVjFC/fNlx9HDNLwSNze8Kvz/ugdAqfmxWo7wbmlDkFW+HJT2IzxbMDdEUmErBho0s8gYO,iv:8Vwujh30g9GYps+J8hkFHpL+viC088AGLdPCMzL2/LU=,tag:ES2GoIJYk7n0b8MV1tnn6g==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - recipient: age1fptscuj4qa39238xfvc7envgxr4cf29z3zaejp2v3q703tq45dasf8vadl enc: | @@ -23,8 +20,7 @@ sops: RUQzdEkrQTU1cC9OU1B3L1cva0JQTTQKzAuNy/7h5XyOIiQh/8fXfgri90dTW/qt wn/snTnrukwPaeQXsAHQDvzueYxSEtHqk0WYT8sOAfuzOQP7wGoGFg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-11-18T18:32:59Z" - mac: ENC[AES256_GCM,data:YHZ+rkkVX2CX1XgLKFvSEf1Hg6i6wJwNV2IdMx8kjyWSVjAx2PQjKvy/dLFsqspo1FF4Bo++jyaEn0yxuouVful12Q/6RAhf1HRDXK0TjPTWf/vsCw0Mlv/zcPOKMEPG4ltP6bSDG6WtTtFx3Ck6stQwepF2omoVT2E4kj1KONM=,iv:uHs5N9sMfPn4+ZEaU6BlioESWy/BijUfYHu/5UrA4H8=,tag:b/lwx7ex21Jw0knpuy1TPw==,type:str] - pgp: [] + lastmodified: "2025-06-24T17:03:24Z" + mac: ENC[AES256_GCM,data:rbADZdFAqxx6oONZaw8u9BF9ZMBHaCIUCysOa7qucuPnC4N50PbmxhpYZR3Nd0NOqDbkT0+8Ox1XxF6Aty+kxvd46V70WR9oibGJkxuWxyAohXAETv4XjZl8JOkQV8JvEDAzKNjEXbOUKiLRkU8PWfQ13ogshuCE4FYLzrQcNjo=,iv:/79wztsyRzv+g14KeuM/68ne9cKenVB4WX5DYxIGvnM=,tag:626pO+4jISMP5Z/PWcPuxQ==,type:str] unencrypted_suffix: _unencrypted - version: 3.9.1 + version: 3.10.2 diff --git a/hosts/secrets/richese.yaml b/hosts/secrets/richese.yaml index 45bb5e0..a7aa1fc 100644 --- a/hosts/secrets/richese.yaml +++ b/hosts/secrets/richese.yaml @@ -1,9 +1,6 @@ nix-access-token-github: ENC[AES256_GCM,data:g+9Vi3SOLWFkZGb6KzlYdYmv9JSIoYd4OaOhAYZLrxlJKWqsa66Tc2z5dFWr/wyPbitxRAzQB1xRZI3CUbMWOWb06L8=,iv:kjdbr2KLLWfIsSNTCespLXdQ4BKm4caiRASaCYWKFHA=,tag:DBqjdPHnMCSa6obeSy0WzA==,type:str] +ssh_config: ENC[AES256_GCM,data:lNXNkmr0nWohTX+Zf4OpVCnFFaIafxqtz0a1p/mWHV+52W0pwS34vga4Xt1zd7tgaZChXPdU/QLVouIhoR/6o+cHlX/N7UIw5S5tg7uZfsMdxam1hs+VQzSunEYMpVTn9TmsrjUx/4ETKZLXQuA+cq3M/9sBsQYk6acJKstNKdyguG+QJJBddmaQOxp7+VUOELUWwOy3nJxldI1Asg95BXQImi4FLeRw9/iZKkgn0xUrCfljiXn5rC4Fpphebw/JkQMsbd7x/9fpK9wjNtUs/8MPXAIRYU6Ty912rYda5ALUpl4U8L2iRHwSmxriW42IdeRKXcmDtCAJMMN5LyWewqAc36RUwzd7G8ihEweZgRTibRIwYOPuYC10IihX5ccojjDakbMPDx/fhOHRlp6qjRHzB/4qonRbyr+f9CR9of8l6l+VAO9k69BeYjlbfvZOlDMWELGTmdKE,iv:JNcvLKSZ6xhrERXixIIOGlyQMrvT7D9W2zneNSTTjfw=,tag:iMHQNJVEShgUA1L5/3dm4g==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - recipient: age1wv08vfv7mlwkhkn2pkq0gd94a3wz0gc3x3eq0szxem05xg05nfhq2glvv9 enc: | @@ -23,8 +20,7 @@ sops: MGt6VkNzc3hGU2FDVWxsM1Rqdk9qTkEKA5viW8YGBdqvLVLYEdzLWWggxQ2BrDOa atzlSR0WjUsK316X4HtVMyllk0FvLy4QdUP40/XLgd5DpxZZds3OiQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-11-18T18:32:48Z" - mac: ENC[AES256_GCM,data:VvcWlUPFgdQ/YAioKnZzK69PYulZanKNQOan3cHLF8BRehkw1VvVFAmPW0cPLY66cMXFma9rFxaP5XAdRojs2J4ViOgzbhrCHYTVCSA3VTcgBZRTPAfTggztwoPKic0EhE2HxfykhQCrPVxqa23Z25x4q1LuWskE+BMbGubPSP0=,iv:bJnO2oE3ogvpXjCUFKd/+5RXO2udL5a2UXdBdb5Wfec=,tag:dbZR0/BQpPAL996Siyta/A==,type:str] - pgp: [] + lastmodified: "2025-06-24T17:04:43Z" + mac: ENC[AES256_GCM,data:JdElb6C5lvdOXouz10CLgYkmYnqlY0swPivTETGG631MKq08bzkc5zusmkBnHdQ8m/tO7R9JXYzOqoMIrrfgWQ+W2Du6m60BLOcRxGJVsFhcf1yb6GrM47NT/HAyyKUgJloDKJUQL10rrD8mPzCa475OBjebkJ7ycqKiyQV1cr4=,iv:raIutEF8Kv9lxkcboZ/8LzCA7JkfO4pXRRYRJJDz8KQ=,tag:7eTo1a6Kt+ac1Nz+2xfmZg==,type:str] unencrypted_suffix: _unencrypted - version: 3.9.1 + version: 3.10.2 diff --git a/hosts/uranus/default.nix b/hosts/uranus/default.nix index d5dc582..ed0974e 100644 --- a/hosts/uranus/default.nix +++ b/hosts/uranus/default.nix @@ -4,7 +4,7 @@ #kernel.sysctl = { # "net.ipv4.ip_forward" = true; #}; - kernelPackages = pkgs.linuxPackages_6_12; + kernelPackages = pkgs.master.linuxPackages_6_15; loader = { efi.canTouchEfiVariables = true; systemd-boot.enable = true; @@ -17,8 +17,8 @@ }; }; - environment.systemPackages = with pkgs; [ - wpa_supplicant + environment.systemPackages = [ + pkgs.wpa_supplicant ]; imports = [ diff --git a/overlays/default.nix b/overlays/default.nix index 0e39244..620c73c 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -22,6 +22,24 @@ # example = prev.example.overrideAttrs (oldAttrs: rec { # ... # }); + ghostty = prev.ghostty.overrideAttrs (_: { + preBuild = '' + shopt -s globstar + sed -i 's/^const xev = @import("xev");$/const xev = @import("xev").Epoll;/' **/*.zig + shopt -u globstar + ''; + }); + + linux-firmware = prev.linux-firmware.overrideAttrs (old: rec { + pname = "linux-firmware"; + version = "20250627"; + src = prev.fetchFromGitLab { + owner = "kernel-firmware"; + repo = "linux-firmware"; + rev = "f40eafe216833d083f4e5598b7f45e894c373ad1"; + hash = "sha256-mNjCl+HtvvFxyLjlBFsyfyu2TAf6D/9lbRiouKC/vVY="; + }; + }); }; #"67e692392-packages" = final: _prev: { |