diff options
93 files changed, 2850 insertions, 654 deletions
@@ -15,7 +15,9 @@ keys: - &arrakis age1mkqxkwse7hrnxtcgqe0wdzhhrxk55syx2wpcngemecz0d7hugsnqupw3de + - &caladan age1rpjhlmc9sf3kcagg2fq4850vcxnvhmrrfggs30jckffjxxr89smsukj0f3 - &darkstar age1z6g6etwcer433v97lwjrruetdh9fswkgjh9w702wzdc2ydvy5q8ssrfy9r + - &fangorn age15yqlem4d5h4mz808j72ccd8mrdu4p8hyal2k988jdcmtqrns23xq80896d - &ginaz age1900zc5caephklavvjxp0g4qqvyqlzg3sux69y9p092g3d3qck3kqz62reh - &kaitain age1fptscuj4qa39238xfvc7envgxr4cf29z3zaejp2v3q703tq45dasf8vadl - &nipsy age1a9gp70y8576pkvklz2arz6h9ecnrjeue2vvh9mvvk92z4ymqrg4qdqm9va @@ -26,25 +28,34 @@ creation_rules: key_groups: - age: - *nipsy - - path_regex: ^home/nipsy/secrets/ginaz.yaml$ + - path_regex: ^home/nipsy/secrets/caladan.yaml$ key_groups: - age: - *nipsy - - path_regex: ^home/root/secrets/arrakis.yaml$ + - path_regex: ^home/nipsy/secrets/ginaz.yaml$ key_groups: - age: - - *arrakis - *nipsy - path_regex: ^hosts/secrets/arrakis.yaml$ key_groups: - age: - *arrakis - *nipsy + - path_regex: ^hosts/secrets/caladan.yaml$ + key_groups: + - age: + - *caladan + - *nipsy - path_regex: ^hosts/secrets/darkstar.yaml$ key_groups: - age: - *darkstar - *nipsy + - path_regex: ^hosts/secrets/fangorn.yaml$ + key_groups: + - age: + - *fangorn + - *nipsy - path_regex: ^hosts/secrets/ginaz.yaml$ key_groups: - age: @@ -58,5 +69,5 @@ creation_rules: - path_regex: ^hosts/secrets/richese.yaml$ key_groups: - age: - - *richese - *nipsy + - *richese @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1735468753, - "narHash": "sha256-2dt1nOe9zf9pDkf5Kn7FUFyPRo581s0n90jxYXJ94l0=", + "lastModified": 1757508292, + "narHash": "sha256-7lVWL5bC6xBIMWWDal41LlGAG+9u2zUorqo3QCUL4p4=", "owner": "nix-community", "repo": "disko", - "rev": "84a5b93637cc16cbfcc61b6e1684d626df61eb21", + "rev": "146f45bee02b8bd88812cfce6ffc0f933788875a", "type": "github" }, "original": { @@ -27,11 +27,11 @@ ] }, "locked": { - "lastModified": 1736066484, - "narHash": "sha256-uTstP36WaFrw+TEHb8nLF14hFPzQBOhmIxzioHCDaL8=", + "lastModified": 1757598712, + "narHash": "sha256-5PWVrdMp8u31Q247jqnJcwxKg3MJrs1TadTyTBRVBDY=", "owner": "nix-community", "repo": "home-manager", - "rev": "5ad12b6ea06b84e48f6b677957c74f32d47bdee0", + "rev": "6d7c11a0adee0db21e3a8ef90ae07bb89bc20b8f", "type": "github" }, "original": { @@ -63,11 +63,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1735388221, - "narHash": "sha256-e5IOgjQf0SZcFCEV/gMGrsI0gCJyqOKShBQU0iiM3Kg=", + "lastModified": 1757103352, + "narHash": "sha256-PtT7ix43ss8PONJ1VJw3f6t2yAoGH+q462Sn8lrmWmk=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "7c674c6734f61157e321db595dbfcd8523e04e19", + "rev": "11b2a10c7be726321bb854403fdeec391e798bf0", "type": "github" }, "original": { @@ -78,11 +78,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1735834308, - "narHash": "sha256-dklw3AXr3OGO4/XT1Tu3Xz9n/we8GctZZ75ZWVqAVhk=", + "lastModified": 1757487488, + "narHash": "sha256-zwE/e7CuPJUWKdvvTCB7iunV4E/+G0lKfv4kk/5Izdg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "6df24922a1400241dae323af55f30e4318a6ca65", + "rev": "ab0f3607a6c7486ea22229b92ed2d355f1482ee0", "type": "github" }, "original": { @@ -94,11 +94,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1736066559, - "narHash": "sha256-H72cyGZp9JxzrhzSx/iT9rmLurM9J9G+m45l1RQQynk=", + "lastModified": 1757607171, + "narHash": "sha256-goSai0JeDbFdRF258TgWYrSGXeuwmGxLV+CuEx/6i+0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "8a36010652b4571ee6dc9125cec2eaebc30e9400", + "rev": "2b1387a6f55366c83fa88f85203ac8e477b439ba", "type": "github" }, "original": { @@ -131,11 +131,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1734937677, - "narHash": "sha256-5qKdUBN1cq/LHa6ASIjGcDEYKDnAiaKgNtZCRbBrWEs=", + "lastModified": 1756052001, + "narHash": "sha256-dlLqyHxqiFAoIwshKe9X3PzXcJ+up88Qb2JVQswFaNE=", "owner": "icewind1991", "repo": "nvidia-patch-nixos", - "rev": "ec2e76e3cd53208c6bcbbddcc043516a24ca71b2", + "rev": "780af7357d942fad2ddd9f325615a5f6ea7e37ee", "type": "github" }, "original": { @@ -164,11 +164,11 @@ ] }, "locked": { - "lastModified": 1736064798, - "narHash": "sha256-xJRN0FmX9QJ6+w8eIIIxzBU1AyQcLKJ1M/Gp6lnSD20=", + "lastModified": 1757503115, + "narHash": "sha256-S9F6bHUBh+CFEUalv/qxNImRapCxvSnOzWBUZgK1zDU=", "owner": "Mic92", "repo": "sops-nix", - "rev": "5dc08f9cc77f03b43aacffdfbc8316807773c930", + "rev": "0bf793823386187dff101ee2a9d4ed26de8bbf8c", "type": "github" }, "original": { @@ -26,6 +26,7 @@ # per https://nixos-and-flakes.thiscute.world/nixos-with-flakes/downgrade-or-upgrade-packages #nixpkgs-67e692392.url = "github:nixos/nixpkgs/67e69239226f37168d1adb8d29bd61150756a03e"; + #nixpkgs-wine9_22.url = "github:nixos/nixpkgs/dea5930f0ed8c29d3758d5ade9898b4e99d80b74"; nixpkgs-master.url = "github:nixos/nixpkgs"; #nixpkgs-pr369712.url = "github:7c6f434c/nixpkgs/fix-tftp-hpa"; nixpkgs-stable.url = "github:nixos/nixpkgs/release-24.05"; @@ -51,6 +52,7 @@ nixpkgs-master, #nixpkgs-pr369712, nixpkgs-stable, + #nixpkgs-wine9_22, nixpkgs, nvidia-patch, self, @@ -98,6 +100,34 @@ ]; }; + caladan = nixpkgs.lib.nixosSystem { + specialArgs = { inherit inputs outputs; }; + modules = [ + #{ + # environment.systemPackages = [ + # ghostty.packages.x86_64-linux.default + # ]; + #} + #({ config, pkgs, ... }: + # let + # overlay-dict-pr367392 = final: prev: { + # dict = nixpkgs-pr367392.legacyPackages."x86_64-linux".dict; + # }; + # in { + # nixpkgs.overlays = [ overlay-dict-pr367392 ]; + # } + #) + disko.nixosModules.disko + ./hosts/caladan + home-manager.nixosModules.home-manager { + home-manager.sharedModules = [ sops-nix.homeManagerModules.sops ]; + home-manager.users.root = import ./home/root/caladan.nix; + home-manager.users.nipsy = import ./home/nipsy/caladan.nix; + } + sops-nix.nixosModules.sops + ]; + }; + darkstar = nixpkgs.lib.nixosSystem { specialArgs = { inherit inputs outputs; }; modules = [ @@ -112,6 +142,21 @@ ]; }; + fangorn = nixpkgs.lib.nixosSystem rec { + specialArgs = { inherit inputs outputs; }; + modules = [ + disko.nixosModules.disko + ./hosts/fangorn + home-manager.nixosModules.home-manager { + home-manager.sharedModules = [ sops-nix.homeManagerModules.sops ]; + home-manager.users.root = import ./home/root/fangorn.nix; + home-manager.users.don = import ./home/don/fangorn.nix; + home-manager.users.nipsy = import ./home/nipsy/fangorn.nix; + } + sops-nix.nixosModules.sops + ]; + }; + ginaz = nixpkgs.lib.nixosSystem rec { specialArgs = { inherit inputs outputs; }; modules = [ @@ -130,10 +175,109 @@ # from https://nixos.wiki/wiki/Creating_a_NixOS_live_CD and https://chengeric.com/homelab/ iso = nixpkgs.lib.nixosSystem { modules = [ - "${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix" - ({ + ({ modulesPath, pkgs, ... }: { + environment.systemPackages = [ + pkgs.acl + pkgs.bash + pkgs.bc + pkgs.bzip2 + pkgs.conntrack-tools + pkgs.coreutils + pkgs.cpio + pkgs.curl + pkgs.diffutils + pkgs.dig + pkgs.dmidecode + pkgs.elinks + pkgs.encfs + pkgs.ethtool + pkgs.expect + pkgs.file + pkgs.findutils + pkgs.fio + pkgs.fping + pkgs.git + pkgs.gnugrep + pkgs.gnupatch + pkgs.gnused + pkgs.gnutar + pkgs.gptfdisk + pkgs.gzip + pkgs.htop + pkgs.iotop + pkgs.ipcalc + pkgs.iperf + pkgs.iproute2 + pkgs.iputils + pkgs.jq + pkgs.less + pkgs.lshw + pkgs.lsof + pkgs.lvm2 + pkgs.moreutils + pkgs.nano + pkgs.netcat-openbsd + pkgs.nettools + pkgs.nmap + pkgs.ntfs3g + pkgs.openldap + pkgs.openssl + pkgs.p7zip + pkgs.parted + pkgs.pciutils + pkgs.perl540Packages.ArchiveZip + pkgs.procps + pkgs.progress + pkgs.psmisc + pkgs.pv + pkgs.pwgen + pkgs.recode + pkgs.rsync + pkgs.sg3_utils + pkgs.smartmontools + pkgs.socat + pkgs.speedtest-cli + pkgs.sqlite + pkgs.sshfs + pkgs.strace + pkgs.sysstat + pkgs.tcpdump + pkgs.tftp-hpa + pkgs.traceroute + pkgs.tree + pkgs.tshark + pkgs.unixtools.xxd + pkgs.unrar + pkgs.unzip + pkgs.usbutils + pkgs.util-linux + pkgs.vim + pkgs.wdiff + pkgs.wget + pkgs.whois + pkgs.wireguard-tools + pkgs.xz + pkgs.zip + ]; + + imports = [ (modulesPath + "/installer/cd-dvd/installation-cd-minimal.nix") ]; + #isoImage.squashfsCompression = "gzip -Xcompression-level 1"; + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + + nixpkgs.config.allowUnfree = true; + + services.openssh = { + enable = true; + openFirewall = true; + + settings = { + PasswordAuthentication = false; + KbdInteractiveAuthentication = false; + }; + }; + users.users = { nixos.openssh.authorizedKeys.keys = [ (builtins.readFile ./hosts/common/users/nipsy/keys/id_arrakis.pub) ]; root.openssh.authorizedKeys.keys = [ (builtins.readFile ./hosts/common/users/nipsy/keys/id_arrakis.pub) ]; diff --git a/home/common/scripts/knock b/home/common/scripts/knock new file mode 100755 index 0000000..fdff4ca --- /dev/null +++ b/home/common/scripts/knock @@ -0,0 +1,50 @@ +#!/usr/bin/env zsh + +# load module to parse command line arguments +zmodload zsh/zutil +zparseopts -D -E -A opts -- h x + +# load module to avoid use of GNU sleep +zmodload zsh/zselect + +# enable XTRACE shell option for full debugging output of scripts +if (( ${+opts[-x]} )); then + set -x +fi + +if [[ -z "${2}" ]] || (( ${+opts[-h]} )); then + echo "usage: ${0:t} [ -h ] [ -x ] host port [ knock_port ] .." >&2 + echo -e '\n\t-h\tshow this help\n\t-x\tenable shell debugging' >&2 + echo -e '\thost\tdestination host name' >&2 + echo -e '\tport\tdestination service port\n' >&2 + echo -e 'Specifying no knock_port(s) will use 12345 23456 34567 45678 by default.\n' >&2 + exit 1 +fi + +host="${1}" +port="${2}" +shift 2 +knock_ports="${@:-12345 23456 34567 45678}" +attempts=1 + +function check_service_port { + if nc -w1 ${host} ${port} &> /dev/null <& -; then + exit 0 + fi +} + +#check_service_port + +while [[ ${attempts} -lt 9 ]]; do + + for knock_port in ${=knock_ports}; do + nc -w1 ${host} ${knock_port} &> /dev/null <& - & + zselect -t ${attempts}0 + done + + check_service_port + ((attempts+=1)) + +done + +exit 1 diff --git a/home/don/common/core/bash.nix b/home/don/common/core/bash.nix new file mode 100644 index 0000000..7bfb808 --- /dev/null +++ b/home/don/common/core/bash.nix @@ -0,0 +1,16 @@ +{ + programs.bash = { + enable = true; + enableCompletion = true; + shellAliases = { + grep = "grep --color=auto"; + ip = "ip -c=auto"; + la = "ls -aF --color=auto"; + ll = "ls -alF --color=auto"; + lock = "xscreensaver-command -lock"; + nix-list-derivations = "nix-store --query --requisites /run/current-system | cut -d- -f2- | sort | uniq"; + nix-list-generations = "nixos-rebuild list-generations"; + zgrep = "zgrep --color=auto"; + }; + }; +} diff --git a/home/don/common/core/default.nix b/home/don/common/core/default.nix new file mode 100644 index 0000000..8250d0c --- /dev/null +++ b/home/don/common/core/default.nix @@ -0,0 +1,29 @@ +{ config, lib, pkgs, outputs, ... }: +{ + imports = [ + ./bash.nix + ./vim + ]; + + home = { + username = lib.mkDefault "don"; + homeDirectory = lib.mkDefault "/home/${config.home.username}"; + stateVersion = lib.mkDefault "23.11"; + }; + + #home.packages = builtins.attrValues { + # inherit (pkgs) + # wget + # zip; + #}; + + nix = { + package = lib.mkDefault pkgs.nix; + settings = { + experimental-features = [ "nix-command" "flakes" ]; + warn-dirty = false; + }; + }; + + programs.home-manager.enable = true; +} diff --git a/home/don/common/core/vim/default.nix b/home/don/common/core/vim/default.nix new file mode 100644 index 0000000..ea4ed5e --- /dev/null +++ b/home/don/common/core/vim/default.nix @@ -0,0 +1,6 @@ +{ + programs.vim = { + enable = true; + extraConfig = (builtins.readFile ./vimrc); + }; +} diff --git a/home/don/common/core/vim/vimrc b/home/don/common/core/vim/vimrc new file mode 100644 index 0000000..87de2a0 --- /dev/null +++ b/home/don/common/core/vim/vimrc @@ -0,0 +1,47 @@ +" Handling of big files - William Natter, Tony Mechelynck and others +" fairly certain that BufSizeThreshold is in bytes +let g:SaveUndoLevels = &undolevels +let g:BufSizeThreshold = 5242880 +if has("autocmd") + au VimEnter * let g:SaveUndoLevels = &undolevels + au BufReadPre * if getfsize(expand("%")) >= g:BufSizeThreshold | setlocal noswapfile | endif + au BufEnter * if getfsize(expand("%")) < g:BufSizeThreshold | let &undolevels=g:SaveUndoLevels | else | setlocal undolevels=-1 | endif + au BufEnter * if getfsize(expand("%")) < g:BufSizeThreshold | syntax on | else | syntax off | endif +endif + +set mouse& +set noautoindent " always set autoindenting off + +" enable better 24-bit color support +"let &t_8f = "\<Esc>[38;2;%lu;%lu;%lum" +"let &t_8b = "\<Esc>[48;2;%lu;%lu;%lum" +set termguicolors + +" If using a dark background within the editing area and syntax highlighting +" turn on this option as well +set background=dark + +if has("autocmd") + " Enabled file type detection + " Use the default filetype settings. If you also want to load indent files + " to automatically do language-dependent indenting add 'indent' as well. + filetype plugin on + "filetype indent on +endif " has ("autocmd") + +" The following are commented out as they cause vim to behave a lot +" different from regular vi. They are highly recommended though. +set showcmd " Show (partial) command in status line. +set showmatch " Show matching brackets. +set ignorecase " Do case insensitive matching +set incsearch " Incremental search +"set expandtab " replace tabs with spaces +set smarttab " use shiftwidth instead of tabstop at start of line +set spell spelllang=en_us " turn on the spell check +set hlsearch " highlight all search matches + +set laststatus=2 +set statusline=%<%f%h%m%r%=%{&ff}\ %Y\ %b\ 0x%B\ \ %l,%c%V\ %P + +"map <F5> :w<CR><bar>:!clear;go run %<CR> +"map <F6> :w<CR><bar>:%! gofmt<CR> diff --git a/home/don/fangorn.nix b/home/don/fangorn.nix new file mode 100644 index 0000000..83c92cd --- /dev/null +++ b/home/don/fangorn.nix @@ -0,0 +1,6 @@ +{ inputs, lib, pkgs, config, outputs, ... }: +{ + imports = [ + common/core + ]; +} diff --git a/home/nipsy/arrakis.nix b/home/nipsy/arrakis.nix index 9f38e29..2776524 100644 --- a/home/nipsy/arrakis.nix +++ b/home/nipsy/arrakis.nix @@ -2,8 +2,9 @@ { imports = [ common/core - common/optional/desktops - common/optional/desktops/services/xscreensaver.nix + #common/optional/desktops + #common/optional/desktops/services/xscreensaver.nix + common/optional/secrets.nix #inputs.sops-nix.homeManagerModules.sops ]; @@ -19,16 +20,17 @@ text/html; elinks -dump %s; copiousoutput #text/richtext; catdoc '%s'; copiousoutput; description=Microsoft Rich Text Format ''; - ".mutt/aliases".text = (builtins.readFile arrakis/mutt/aliases); - ".mutt/colors".text = (builtins.readFile arrakis/mutt/colors); - ".mutt/headers".text = (builtins.readFile arrakis/mutt/headers); - ".mutt/keys".text = (builtins.readFile arrakis/mutt/keys); - ".mutt/muttrc".text = (builtins.readFile arrakis/mutt/muttrc); + ".mutt/aliases".source = ./arrakis/mutt/aliases; + ".mutt/colors".source = ./arrakis/mutt/colors; + ".mutt/headers".source = ./arrakis/mutt/headers; + ".mutt/keys".source = ./arrakis/mutt/keys; + ".mutt/muttrc".source = ./arrakis/mutt/muttrc; + "bin/knock".source = ../common/scripts/knock; }; programs.zsh = { shellAliases = { - manage = "tmux new-window ssh root@darkstar\\; split-window -d ssh root@king\\; new-window ssh root@black-sheep\\; split-window -d ssh root@treebeard\\; new-window ssh root@casey\\; split-window -d ssh root@homer\\; new-window ssh root@lilnasx\\; split-window -d ssh root@trent"; + manage = "tmux new-window ssh root@darkstar\\; split-window -d ssh root@king\\; new-window ssh root@black-sheep\\; split-window -d ssh root@fangorn\\; split-window -d ssh root@treebeard\\; new-window ssh root@casey\\; split-window -d ssh root@homer\\; new-window ssh root@lilnasx\\; split-window -d ssh root@trent"; }; }; @@ -46,12 +48,12 @@ }; }; - xsession = { - initExtra = '' - xrandr --output DP-2 --primary --mode 2560x1440 --rate 165 + #xsession = { + # initExtra = '' + # xrandr --output DisplayPort-0 --primary --mode 2560x1440 --rate 165 - # disable VRR because it causes the display to go to sleep on my GeForce 1080 (now 3070 Ti) sometimes; maybe monitor related? - #nvidia-settings -a AllowVRR=0 - ''; - }; + # # disable VRR because it causes the display to go to sleep on my GeForce 1080 (now 3070 Ti) sometimes; maybe monitor related? + # #nvidia-settings -a AllowVRR=0 + # ''; + #}; } diff --git a/home/nipsy/arrakis/mutt/muttrc b/home/nipsy/arrakis/mutt/muttrc index f77c5bf..eec5b99 100644 --- a/home/nipsy/arrakis/mutt/muttrc +++ b/home/nipsy/arrakis/mutt/muttrc @@ -53,7 +53,7 @@ set confirmcreate=no # prompt when creating new files set copy=yes # always save a copy of outgoing messages set delete=yes # purge deleted messages without asking set edit_headers # let me edit the message header when composing -set editor="vim -c 'set textwidth=65'" # editor to use when composing messages +set editor="vim -c 'set textwidth=65' -c 'set noautoindent'" # editor to use when composing messages #set editor="/usr/bin/nvi" # editor to use when composing messages #set editor="/usr/bin/vi" # editor to use when composing messages set fast_reply # skip initial prompts when replying diff --git a/home/nipsy/caladan.nix b/home/nipsy/caladan.nix new file mode 100644 index 0000000..19b2498 --- /dev/null +++ b/home/nipsy/caladan.nix @@ -0,0 +1,61 @@ +{ inputs, lib, pkgs, config, outputs, ... }: +{ + imports = [ + common/core + common/optional/desktops + #common/optional/desktops/services/xscreensaver.nix + common/optional/desktops/xdg.nix + common/optional/secrets.nix + #inputs.sops-nix.homeManagerModules.sops + ]; + + home.file = { + ".config/sway/config".source = ./caladan/sway/config; + ".mailcap".text = '' + #application/msword; antiword -rs '%s'; copiousoutput; description=Microsoft Word Document + application/pdf; pdftotext '%s' -; copiousoutput; description=Adobe Portable Document Format + #image/gif; asciiview -driver curses -dim -bold -reverse -normal -boldfont -extended -eight '%s'; description=GIF image + image/gif; sxiv '%s'; description=GIF image + #image/jpeg; asciiview -driver curses -dim -bold -reverse -normal -boldfont -extended -eight '%s'; description=JPEG image + image/jpeg; sxiv '%s'; description=JPEG image + image/png; sxiv '%s'; description=PNG image + text/html; elinks -dump %s; copiousoutput + #text/richtext; catdoc '%s'; copiousoutput; description=Microsoft Rich Text Format + ''; + ".mutt/aliases".source = ./arrakis/mutt/aliases; + ".mutt/colors".source = ./arrakis/mutt/colors; + ".mutt/headers".source = ./arrakis/mutt/headers; + ".mutt/keys".source = ./arrakis/mutt/keys; + ".mutt/muttrc".source = ./arrakis/mutt/muttrc; + "bin/knock".source = ../common/scripts/knock; + }; + + programs.zsh = { + shellAliases = { + manage = "tmux new-window ssh -A root@arrakis\\; split-window -d ssh -A root@darkstar\\; split-window -d ssh root@king\\; new-window ssh root@black-sheep\\; split-window -d ssh root@fangorn\\; split-window -d ssh root@treebeard\\; new-window ssh root@casey\\; split-window -d ssh root@homer\\; new-window ssh root@lilnasx\\; split-window -d ssh root@trent"; + }; + }; + + sops = { + age.keyFile = "/home/nipsy/.config/sops/age/keys.txt"; + defaultSopsFile = ./secrets/caladan.yaml; + + secrets = { + "reaper_license" = { + path = "/home/nipsy/.config/REAPER/reaper-license.rk"; + }; + "ssh_config" = { + path = "/home/nipsy/.ssh/config"; + }; + }; + }; + + xsession = { + initExtra = '' + xrandr --output DisplayPort-0 --primary --mode 2560x1440 --rate 165 + + # disable VRR because it causes the display to go to sleep on my GeForce 1080 (now 3070 Ti) sometimes; maybe monitor related? + #nvidia-settings -a AllowVRR=0 + ''; + }; +} diff --git a/home/nipsy/caladan/sway/config b/home/nipsy/caladan/sway/config new file mode 100644 index 0000000..dcedd45 --- /dev/null +++ b/home/nipsy/caladan/sway/config @@ -0,0 +1,246 @@ +# Default config for sway +# +# Copy this to ~/.config/sway/config and edit it to your liking. +# +# Read `man 5 sway` for a complete reference. + +### Variables +# +# Logo key. Use Mod1 for Alt. +set $mod Mod4 +# Home row direction keys, like vim +set $left h +set $down j +set $up k +set $right l +# Your preferred terminal emulator +set $term ghostty +# Your preferred application launcher +set $menu wmenu-run + +### Output configuration +# +# Default wallpaper (more resolutions are available in /run/current-system/sw/share/backgrounds/sway/) +output * mode 2560x1440@143.972Hz adaptive_sync on allow_tearing yes bg ~/bg/StarWarsRetro-BrentCheshire.jpg center +# +# Example configuration: +# +# output HDMI-A-1 resolution 1920x1080 position 1920,0 +# +# You can get the names of your outputs by running: swaymsg -t get_outputs + +### Idle configuration +# +# Example configuration: +# +#exec swayidle -w \ +# timeout 600 'swaylock -f -c 000000' \ +# timeout 900 'swaymsg "output * power off"' resume 'swaymsg "output * power on"' \ +# before-sleep 'swaylock -f -c 000000' +# +# This will lock your screen after 300 seconds of inactivity, then turn off +# your displays after another 300 seconds, and turn your screens back on when +# resumed. It will also lock your screen before your computer goes to sleep. + +exec swayidle -w \ + timeout 900 'swaymsg "output * power off"' resume 'swaymsg "output * power on"' + +### Default options +default_border none +default_floating_border none +titlebar_padding 1 +titlebar_border_thickness 0 + +### Input configuration +# +# Example configuration: +# +# input type:touchpad { +# dwt enabled +# tap enabled +# natural_scroll enabled +# middle_emulation enabled +# } +# +input type:keyboard { + xkb_layout "us" + xkb_options "caps:super,compose:ralt" +} +# +# You can also configure each device individually. +# Read `man 5 sway-input` for more information about this section. + +### Key bindings +# +# Basics: +# + # Start a terminal + bindsym $mod+Return exec $term + + # Kill focused window + bindsym $mod+Shift+q kill + + # Start your launcher + bindsym $mod+d exec $menu + + # Drag floating windows by holding down $mod and left mouse button. + # Resize them with right mouse button + $mod. + # Despite the name, also works for non-floating windows. + # Change normal to inverse to use left mouse button for resizing and right + # mouse button for dragging. + floating_modifier $mod normal + + # Reload the configuration file + bindsym $mod+Shift+c reload + + # Exit sway (logs you out of your Wayland session) + bindsym $mod+Shift+e exit +# +# Moving around: +# + # Move your focus around + bindsym $mod+$left focus left + bindsym $mod+$down focus down + bindsym $mod+$up focus up + bindsym $mod+$right focus right + # Or use $mod+[up|down|left|right] + bindsym $mod+Left focus left + bindsym $mod+Down focus down + bindsym $mod+Up focus up + bindsym $mod+Right focus right + + # Move the focused window with the same, but add Shift + bindsym $mod+Shift+$left move left + bindsym $mod+Shift+$down move down + bindsym $mod+Shift+$up move up + bindsym $mod+Shift+$right move right + # Ditto, with arrow keys + bindsym $mod+Shift+Left move left + bindsym $mod+Shift+Down move down + bindsym $mod+Shift+Up move up + bindsym $mod+Shift+Right move right +# +# Workspaces: +# + # Switch to workspace + bindsym $mod+1 workspace number 1 + bindsym $mod+2 workspace number 2 + bindsym $mod+3 workspace number 3 + bindsym $mod+4 workspace number 4 + bindsym $mod+5 workspace number 5 + bindsym $mod+6 workspace number 6 + bindsym $mod+7 workspace number 7 + bindsym $mod+8 workspace number 8 + bindsym $mod+9 workspace number 9 + bindsym $mod+0 workspace number 10 + # Move focused container to workspace + bindsym $mod+Shift+1 move container to workspace number 1 + bindsym $mod+Shift+2 move container to workspace number 2 + bindsym $mod+Shift+3 move container to workspace number 3 + bindsym $mod+Shift+4 move container to workspace number 4 + bindsym $mod+Shift+5 move container to workspace number 5 + bindsym $mod+Shift+6 move container to workspace number 6 + bindsym $mod+Shift+7 move container to workspace number 7 + bindsym $mod+Shift+8 move container to workspace number 8 + bindsym $mod+Shift+9 move container to workspace number 9 + bindsym $mod+Shift+0 move container to workspace number 10 + # Note: workspaces can have any name you want, not just numbers. + # We just use 1-10 as the default. +# +# Layout stuff: +# + # You can "split" the current object of your focus with + # $mod+b or $mod+v, for horizontal and vertical splits + # respectively. + bindsym $mod+b splith + bindsym $mod+v splitv + + # Switch the current container between different layout styles + bindsym $mod+s layout stacking + bindsym $mod+w layout tabbed + bindsym $mod+e layout toggle split + + # Make the current focus fullscreen + bindsym $mod+f fullscreen + + # Toggle the current focus between tiling and floating mode + bindsym $mod+Shift+space floating toggle + + # Swap focus between the tiling area and the floating area + bindsym $mod+space focus mode_toggle + + # Move focus to the parent container + bindsym $mod+a focus parent +# +# Scratchpad: +# + # Sway has a "scratchpad", which is a bag of holding for windows. + # You can send windows there and get them back later. + + # Move the currently focused window to the scratchpad + bindsym $mod+Shift+minus move scratchpad + + # Show the next scratchpad window or hide the focused scratchpad window. + # If there are multiple scratchpad windows, this command cycles through them. + bindsym $mod+minus scratchpad show +# +# Resizing containers: +# +mode "resize" { + # left will shrink the containers width + # right will grow the containers width + # up will shrink the containers height + # down will grow the containers height + bindsym $left resize shrink width 10px + bindsym $down resize grow height 10px + bindsym $up resize shrink height 10px + bindsym $right resize grow width 10px + + # Ditto, with arrow keys + bindsym Left resize shrink width 10px + bindsym Down resize grow height 10px + bindsym Up resize shrink height 10px + bindsym Right resize grow width 10px + + # Return to default mode + bindsym Return mode "default" + bindsym Escape mode "default" +} +bindsym $mod+r mode "resize" +# +# Utilities: +# + # Special keys to adjust volume via PulseAudio + bindsym --locked XF86AudioMute exec pactl set-sink-mute \@DEFAULT_SINK@ toggle + bindsym --locked XF86AudioLowerVolume exec pactl set-sink-volume \@DEFAULT_SINK@ -5% + bindsym --locked XF86AudioRaiseVolume exec pactl set-sink-volume \@DEFAULT_SINK@ +5% + bindsym --locked XF86AudioMicMute exec pactl set-source-mute \@DEFAULT_SOURCE@ toggle + # Special keys to adjust brightness via brightnessctl + bindsym --locked XF86MonBrightnessDown exec brightnessctl set 5%- + bindsym --locked XF86MonBrightnessUp exec brightnessctl set 5%+ + # Special key to take a screenshot with grim + bindsym Print exec grim + +# +# Status Bar: +# +# Read `man 5 sway-bar` for more information about this section. +bar { + position bottom + + # When the status_command prints a new line to stdout, swaybar updates. + # The default just shows the current date and time. + status_command while date -R; do sleep 1; done + + colors { + statusline #ffffff + background #323232 + inactive_workspace #32323200 #32323200 #5c5c5c + } +} + +# Criteria based behavior +for_window [class=".*"] inhibit_idle fullscreen +for_window [app_id=".*"] inhibit_idle fullscreen + +include /etc/sway/config.d/* diff --git a/home/nipsy/common/core/vim/vimrc b/home/nipsy/common/core/vim/vimrc index 9f652cd..87de2a0 100644 --- a/home/nipsy/common/core/vim/vimrc +++ b/home/nipsy/common/core/vim/vimrc @@ -43,5 +43,5 @@ set hlsearch " highlight all search matches set laststatus=2 set statusline=%<%f%h%m%r%=%{&ff}\ %Y\ %b\ 0x%B\ \ %l,%c%V\ %P -map <F5> :w<CR><bar>:!clear;go run %<CR> -map <F6> :w<CR><bar>:%! gofmt<CR> +"map <F5> :w<CR><bar>:!clear;go run %<CR> +"map <F6> :w<CR><bar>:%! gofmt<CR> diff --git a/home/nipsy/common/core/zsh/default.nix b/home/nipsy/common/core/zsh/default.nix index a3b0f9e..864eec0 100644 --- a/home/nipsy/common/core/zsh/default.nix +++ b/home/nipsy/common/core/zsh/default.nix @@ -8,7 +8,7 @@ size = 100000; }; - initExtra = (builtins.readFile ./zshrc); + initContent = (builtins.readFile ./zshrc); sessionVariables = let makePluginPath = format: (lib.strings.makeSearchPath format [ diff --git a/home/nipsy/common/core/zsh/zshrc b/home/nipsy/common/core/zsh/zshrc index 543450d..08d4025 100644 --- a/home/nipsy/common/core/zsh/zshrc +++ b/home/nipsy/common/core/zsh/zshrc @@ -1,5 +1,12 @@ umask 022 +# remote gpg-agent handling +if [[ ${HOST} == "arrakis.bitgnome.net" ]]; then + if [[ ! -d /run/user/1000/gnupg ]]; then + gpgconf --create-socketdir + fi +fi + eval $(dircolors) # set SWAYSOCK correctly @@ -13,6 +20,7 @@ if [[ -z "${DISPLAY}" ]] && [[ $(tty) == "/dev/tty1" ]]; then export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket) # set some Wayland specific variables + export ELECTRON_OZONE_PLATFORM_HINT=auto export MOZ_ENABLE_WAYLAND=1 export GDK_BACKEND=wayland export QT_QPA_PLATFORM=wayland @@ -23,11 +31,6 @@ if [[ -z "${DISPLAY}" ]] && [[ $(tty) == "/dev/tty1" ]]; then fi -# if already in Wayland, update the GPG TTY so ssh-askpass will work correctly -if [[ -n "${WAYLAND_DISPLAY}" ]]; then - gpg-connect-agent updatestartuptty /bye >/dev/null -fi - # completion options setopt LIST_PACKED MENU_COMPLETE # expansion and globbing options diff --git a/home/nipsy/common/optional/desktops/default.nix b/home/nipsy/common/optional/desktops/default.nix index 26e369a..d42e587 100644 --- a/home/nipsy/common/optional/desktops/default.nix +++ b/home/nipsy/common/optional/desktops/default.nix @@ -1,4 +1,3 @@ -{ config, pkgs, ... }: { imports = [ ./fonts.nix @@ -6,23 +5,4 @@ ./i3 ./services/dunst.nix ]; - - programs.password-store = { - enable = true; - package = pkgs.pass.withExtensions (exts: with exts; [ - pass-otp - ]); - settings = { - PASSWORD_STORE_DIR = "${config.home.homeDirectory}/.password-store"; - }; - }; - - services.gpg-agent = { - defaultCacheTtl = 43200; - defaultCacheTtlSsh = 43200; - enable = true; - enableSshSupport = true; - maxCacheTtl = 86400; - maxCacheTtlSsh = 86400; - }; } diff --git a/home/nipsy/common/optional/desktops/fonts.nix b/home/nipsy/common/optional/desktops/fonts.nix index f2b862d..6935029 100644 --- a/home/nipsy/common/optional/desktops/fonts.nix +++ b/home/nipsy/common/optional/desktops/fonts.nix @@ -1,7 +1,8 @@ -{ pkgs, ... }: +{ lib, pkgs, ... }: { fonts.fontconfig.enable = true; home.packages = [ + #(builtins.filter lib.attrsets.isDerivation (builtins.attrValues pkgs.nerd-fonts)) pkgs.nerd-fonts._0xproto pkgs.nerd-fonts._3270 pkgs.nerd-fonts.agave @@ -51,7 +52,7 @@ pkgs.nerd-fonts.monofur pkgs.nerd-fonts.monoid pkgs.nerd-fonts.mononoki - pkgs.nerd-fonts.mplus + #pkgs.nerd-fonts.mplus pkgs.nerd-fonts.noto pkgs.nerd-fonts.open-dyslexic pkgs.nerd-fonts.overpass diff --git a/home/nipsy/common/optional/desktops/i3/default.nix b/home/nipsy/common/optional/desktops/i3/default.nix index c7a521d..758c61c 100644 --- a/home/nipsy/common/optional/desktops/i3/default.nix +++ b/home/nipsy/common/optional/desktops/i3/default.nix @@ -3,11 +3,23 @@ home = { file = { ".config/ghostty/config".text = '' - background-opacity = 0.5 + #async-backend = epoll + background-opacity = 0.8 cursor-color = #ffffff font-family = "DejaVu Sans Mono" font-size = 9 gtk-titlebar = false + keybind = alt+one=unbind + keybind = alt+two=unbind + keybind = alt+three=unbind + keybind = alt+four=unbind + keybind = alt+five=unbind + keybind = alt+six=unbind + keybind = alt+seven=unbind + keybind = alt+eight=unbind + keybind = alt+nine=unbind + keybind = ctrl+shift+page_down=decrease_font_size:1 + keybind = ctrl+shift+page_up=increase_font_size:1 theme = mydark window-padding-x = 0 window-padding-y = 0 @@ -36,6 +48,8 @@ foreground = #e5e5e5 cursor-color = #ffffff ''; + + "bin/xscreensaver-activate".source = ./xscreensaver-activate; }; packages = [ @@ -79,6 +93,11 @@ always = true; notification = false; } + { + command = "~/bin/xscreensaver-activate"; + always = true; + notification = false; + } ]; window.border = 0; window.commands = [ diff --git a/home/nipsy/common/optional/desktops/i3/xscreensaver-activate b/home/nipsy/common/optional/desktops/i3/xscreensaver-activate new file mode 100755 index 0000000..6efae35 --- /dev/null +++ b/home/nipsy/common/optional/desktops/i3/xscreensaver-activate @@ -0,0 +1,100 @@ +#!/usr/bin/env zsh + +# bail out if xscreensaver isn't installed +if [[ ! -x =xscreensaver ]]; then + echo "no xscreensaver command found, ${0:t} bailing out" >&2 + exit 0 +fi + +# record our own PID to avoid duplicate invocations +PIDFILE="/dev/shm/${0:t}.pid" + +# check for already running script +if [[ -f ${PIDFILE} ]]; then + for i in $(pidof -x ${0:t}); do + if [[ ${i} -eq $(cat ${PIDFILE}) ]]; then + echo "${0:t} already running!" >&2 + exit 1 + fi + done +fi + +# record current PID +echo ${$} > ${PIDFILE} + +# wait a bit for everything to start +sleep 30 + +# check whether xscreensaver itself is running and start it if not +if ! systemctl --user --quiet is-active xscreensaver.service; then + systemctl --user start xscreensaver.service +fi + +# retrieve current Xorg screen size so we know where the corners are +xrandr | grep ^Screen | grep -Eo 'current [[:digit:]]+ x [[:digit:]]+' | cut -d' ' -f2,4 | read max_x max_y +echo "read screen size as ${max_x} x ${max_y}" + +# main loop +while true; do + + # retrieve current mouse position and set environment variables + eval $(xdotool getmouselocation --shell) + + # a Steam game is running + if ps axfu | grep -v grep | grep -q '/home/nipsy/.local/share/Steam/steamapps/common/'; then + + # make sure xscreensaver is even running before telling it to stay idle + if pidof xscreensaver &>/dev/null; then + sleep 5 + xscreensaver-command -deactivate &>/dev/null + fi + + # keep xscreensaver deactivated if we're in the top right corner of the screen + elif [[ ${X} -eq $((max_x - 1)) && ${Y} -eq $((max_y - max_y)) ]]; then + + # make sure xscreensaver is even running before telling it to stay idle + if pidof xscreensaver &>/dev/null; then + sleep 5 + xscreensaver-command -deactivate &>/dev/null + fi + + # mouse is in the top left corner -- potentially activate xscreensaver right now + elif [[ ${X} -eq $((max_x - max_x)) && ${Y} -eq $((max_y - max_y)) ]]; then + + # sleep a bit and then check mouse coordinates again + sleep 5 + eval $(xdotool getmouselocation --shell) + + # mouse is still in the top left corner -- we must really want to activate xscreensaver + if [[ ${X} -eq $((max_x - max_x)) && ${Y} -eq $((max_y - max_y)) ]]; then + + # make sure xscreensaver is actually running + if pidof xscreensaver &>/dev/null; then + + # make sure it hasn't already activated + if ! xscreensaver-command -time | grep -q 'screen blanked since'; then + + # activate it! + xscreensaver-command -activate &>/dev/null + + fi + + fi + + fi + + fi + + # die off if we're no longer running on a connected Xorg screen any longer -- this should be the normal termination path for this script + if ! xdpyinfo &>/dev/null; then + rm ${PIDFILE} + exit 0 + fi + + # arbitrary sleep for script to avoid CPU sucking infinite loop + sleep 5 + +done + +# exit with error since we should never get here +exit 1 diff --git a/home/nipsy/common/optional/desktops/xdg.nix b/home/nipsy/common/optional/desktops/xdg.nix new file mode 100644 index 0000000..f4ac723 --- /dev/null +++ b/home/nipsy/common/optional/desktops/xdg.nix @@ -0,0 +1,21 @@ +{ + xdg.mimeApps = { + enable = true; + defaultApplications = { + "application/x-extension-htm" = "firefox.desktop"; + "application/x-extension-html" = "firefox.desktop"; + "application/x-extension-shtml" = "firefox.desktop"; + "application/x-extension-xht" = "firefox.desktop"; + "application/x-extension-xhtml" = "firefox.desktop"; + "application/xhtml+xml" = "firefox.desktop"; + "text/html" = "firefox.desktop"; + "x-scheme-handler/about" = "firefox.desktop"; + "x-scheme-handler/chrome" = "firefox.desktop"; + "x-scheme-handler/http" = "firefox.desktop"; + "x-scheme-handler/https" = "firefox.desktop"; + "x-scheme-handler/sgnl" = "signal.desktop"; + "x-scheme-handler/signalcaptcha" = "signal.desktop"; + "x-scheme-handler/unknown" = "firefox.desktop"; + }; + }; +} diff --git a/home/nipsy/common/optional/secrets.nix b/home/nipsy/common/optional/secrets.nix new file mode 100644 index 0000000..24ea99c --- /dev/null +++ b/home/nipsy/common/optional/secrets.nix @@ -0,0 +1,22 @@ +{ config, pkgs, ... }: +{ + programs.password-store = { + enable = true; + package = pkgs.pass.withExtensions (exts: [ + exts.pass-otp + ]); + settings = { + PASSWORD_STORE_DIR = "${config.home.homeDirectory}/.password-store"; + }; + }; + + services.gpg-agent = { + defaultCacheTtl = 43200; + defaultCacheTtlSsh = 43200; + enable = true; + enableExtraSocket = true; + enableSshSupport = true; + maxCacheTtl = 86400; + maxCacheTtlSsh = 86400; + }; +} diff --git a/home/nipsy/fangorn.nix b/home/nipsy/fangorn.nix new file mode 100644 index 0000000..4a50c81 --- /dev/null +++ b/home/nipsy/fangorn.nix @@ -0,0 +1,10 @@ +{ inputs, lib, pkgs, config, outputs, ... }: +{ + imports = [ + common/core + common/optional/desktops + common/optional/desktops/services/blueman-applet.nix + common/optional/desktops/services/xscreensaver.nix + common/optional/secrets.nix + ]; +} diff --git a/home/nipsy/ginaz.nix b/home/nipsy/ginaz.nix index 8f42a2f..fb3ac3b 100644 --- a/home/nipsy/ginaz.nix +++ b/home/nipsy/ginaz.nix @@ -1,10 +1,17 @@ { inputs, lib, pkgs, config, outputs, ... }: { + + home.file = { + "bin/knock".source = ../common/scripts/knock; + }; + imports = [ common/core common/optional/desktops common/optional/desktops/services/blueman-applet.nix common/optional/desktops/services/xscreensaver.nix + common/optional/desktops/xdg.nix + common/optional/secrets.nix #inputs.sops-nix.homeManagerModules.sops ]; diff --git a/home/nipsy/kaitain.nix b/home/nipsy/kaitain.nix index 83406e0..0cc9556 100644 --- a/home/nipsy/kaitain.nix +++ b/home/nipsy/kaitain.nix @@ -3,22 +3,25 @@ imports = [ common/core common/optional/desktops + common/optional/secrets.nix ]; - home.file.".ansible.cfg".text = '' - [defaults] - forks=5 - timeout=600 + home.file = { + ".ansible.cfg".text = '' + [defaults] + forks=5 + timeout=600 + + [ssh_connection] + ssh_args=-o BatchMode=yes -o ControlMaster=auto -o ControlPersist=8h -o Compression=yes + control_path=/dev/shm/%%C + control_path_dir=/dev/shm + pipelining=True + ''; - [ssh_connection] - ssh_args=-o BatchMode=yes -o ControlMaster=auto -o ControlPersist=8h -o Compression=yes - control_path=/dev/shm/%%C - control_path_dir=/dev/shm - pipelining=True - ''; - - home.file.".mailcap".text = '' - text/html; elinks -dump %s; copiousoutput - application/pdf; pdftotext '%s' -; copiousoutput; description=Adobe Portable Document Format - ''; + ".mailcap".text = '' + text/html; elinks -dump %s; copiousoutput + application/pdf; pdftotext '%s' -; copiousoutput; description=Adobe Portable Document Format + ''; + }; } diff --git a/home/nipsy/richese.nix b/home/nipsy/richese.nix index 7c3e0b0..386b9aa 100644 --- a/home/nipsy/richese.nix +++ b/home/nipsy/richese.nix @@ -3,17 +3,20 @@ imports = [ common/core common/optional/desktops + common/optional/secrets.nix ]; - home.file.".ansible.cfg".text = '' - [defaults] - forks=5 - timeout=600 - - [ssh_connection] - ssh_args=-o BatchMode=yes -o ControlMaster=auto -o ControlPersist=8h -o Compression=yes -o StrictHostKeyChecking=no - control_path=/dev/shm/%%C - control_path_dir=/dev/shm - pipelining=True - ''; + home.file = { + ".ansible.cfg".text = '' + [defaults] + forks=5 + timeout=600 + + [ssh_connection] + ssh_args=-o BatchMode=yes -o ControlMaster=auto -o ControlPersist=8h -o Compression=yes -o StrictHostKeyChecking=no + control_path=/dev/shm/%%C + control_path_dir=/dev/shm + pipelining=True + ''; + }; } diff --git a/home/nipsy/secrets/arrakis.yaml b/home/nipsy/secrets/arrakis.yaml index 6b8813f..88cc8a6 100644 --- a/home/nipsy/secrets/arrakis.yaml +++ b/home/nipsy/secrets/arrakis.yaml @@ -1,10 +1,6 @@ reaper_license: ENC[AES256_GCM,data:v+3MRFYfshEg+v/wrf5kYY3zIJsQhl0RUXaOw/VmbIqjswH0aTy28UsU8rt4+btvywpb4TT9ta9NkBrnsHBgE5jTnIrnUyt6NJHOSnA/I9TUzvumg6ijKzuu86w3uahCwlPE/ZBrR+BKRM0pK5d7En9HHuNTNUwVrmAkMOk0YeuaArWu+e50CWl+Yx84HiNCP7BgsUbc8Wa9PZMinvXpzwd69WKDmsVdVLGnHPxTJHFTH8/8XAV0DrHbW4nV/xUiFALTURWqbyZlQpcfMjSHDT7YNq/c6JZzU4YYFZOrYrkiUPAn5Zjz/r/XcdteIpai2wZrgRir7/1Vxhul2wK2Ku0Z/66JeNxj2Tk4/CPcWQIbwZF4k13Z5x4wm8duOWrDgnjSRRwM10TSeERP4KiFsIL9xFR5MATYsUD1gTKtCDRN8SsO+/NGXlUn4nkN4tNxedxeRfGNmxwijmkJ6RTFwdcKwUh8KHMh/TEpGG05/hGZ6Z+Q7/5QsT+wrCb1kMwFZuEjLMCNyT+wBy6G2Ns5pSyiNwFRXzqYjYMqlPGliZOaaVZ6HWkthd9G7CiqYbP5YZfI6VspbVoqc2FDvTvf65YBrh8VFHWelwbrbnWX8/glB8UWNp0pwoTxM/sjfQLwXNMmb/EGU4X1SYbQcPe4gNLuspDjaqwA/g==,iv:tq8oSvqZTmy2pZK3LhxqBM1OZG3x+LS4ov0+lE5I0B0=,tag:J/WTEMSjl+EYZn7HbifGMQ==,type:str] -ssh_config: ENC[AES256_GCM,data:lHK4qHMOToG4LzWwAeJ7nSwHXtYSlaCvUqsch7+Vvzn7kpuE8hFphw1OVbbUOFl7vpRxaJ06ghjE3qSNN45J028KytI5nVVGd+k8qjvhrsp2Y+j0XwtpGA0C+dXUpIdRQcdFx8jZRBqej6ipnUl1e25Tt5XZs+aZfdblql3rw2tyYASNyYszjvJR/5LmLSIaJo79tao+gg8yOR5T1uLeS4fcC5d8V9hXSE+RxaBZXyAjBshowADMCbUl2R1FFzRVg+6kp/GpwsQSNZrDasH2aWziwZmA7h9rc2Kc2zMcZeiQ/KUEhq8xj5fwsSqp1URsZXvv3kEdTKceGI6eszHNsqbLipkTXmK1LnyfZrymJ1oToL3REDPd8La7wRyrSyX7Eq32w2GgB2eGbQIdEAE37XkK7wwINO6BzB5mdyo0PDghvakTvPhxnp5d6raogb99H+aZwDD4Rb6kmTpuZZdedtuAOqXWREq7+BQsC501inIkcDcJ5wrOj+6HNttsA5BGc16vrSRw+NX++E63OP5Mjbh6LZeWPRutIubIf38nis8pcBtvzhOrt/fWn4QqWMOJ0LdEXpEU7GzETq4klwg+ohdDCLGZqa1WNTmvNQUslxZFZb7J+2Od/MxVhQg7VUxlJZrvsht6oKzBkDQXHJdBtMDsxpkqUhO65GX8bSdiJp62j2aiinQ7P250S3dGwTYHzDC8Q6KpfzHGY+YUa81soggjDLAuViCFYqnvXK9egKl8G/6WiDDo6O3gv/csywcMUSVR+AFGFH/SwRMf6n70nFHkUO+pNQphONKZQoNMV9TA53K9ChUX/7lG3AQvfe2jb2MGYc77AY6+L+vzzNw7o2Iffjy8fEV+Ytq4rQaqxOqDQwhOUWZcQo6k1pmtbXVzPgn1b6VYq/RHTG2uw8zx1pzuesofh6GP5TmaNoWNxKN42J8jm5AeDmuuFoOBjmpUpAzMsmf4g5jZiZRGjguZDo3laVATNXVU8iYNcMRsH7wzPIsMHn7+LoKcoIX67/uD/cURUX5HFBQJUKkxOAk18P1u2pLr59Lw4zUA6I+tPZgN2iyxe5Nn/blXI8KPWXo3l85pdJEYgZzEVxozCUDrEo0ESgw8KdY6JzLctkreskHg1AwMKCe2udO/yInTipQH2pOAv9+LOzZylBZJaYgMo1+G/lik8bodK6/CuCXo/rPEky0CejN/k5E6QqG2uRTqOD/j5k/E+dV3zVtXcWHW9NvX5hOkmgbTN/cAtGiEcAmfDyOflJ0nUBLGtTAB0zlEGJH+M9B1AS1BUWW2J9UJ8GIsAn+5/iu3RsB1/mNCtV2BWsCzIlF9BkRybW+rpWXS0ubUaLK/ckQ2/uTfqLle4asQofdY5jhvi9DtoXv8rpREDRPFfgNz6CtjeVogftDaywKLRFC7JU8DRQqzYN3nz4RiJLrG3WO6L3rxEADY+vgTe5Jy4bAz2yUrLwkM8iP7SgwbHAFWxXOWsdYkZt/xbZ/mydr7X9ZAAM9TaqIzYRrR2yIFPRhYjxhn3V2uuonPykKqx+cUwUjUIN8B3tcfuXVpGv5A1zNoHv7iao1LrRE7J9n83ZeSbSYh1cnHm0Jkr9xzxVuV49KVYySIyi2Afo4+oGMFZHlZ/8d1bqCktrInFNBOSN3s2Q==,iv:oe6PtLmY9V4QuhuLrdtMMQJFsuaCC6XoPAWlGlvmSFw=,tag:BrGrA+jVCaTN7yFtl02bVA==,type:str] +ssh_config: ENC[AES256_GCM,data:5ciD6IiyavGoYC6Zf7hza4K++99veSMACNkG8CblMQfQvElJmnkNLHWMBl5FkusbC5LQUUgP09tx9I8ZAat8j6ThMjXMAJa0TI5O1niNU6pqpGw0kjlKT9Ul9I3t016KFevHPCa4/E82tBxgl46mAdPy+CqGcQyMqqvW8A0Uu+kDo0pHgCpVXhNlJXpGpG1JCaf7A7+ejQAAG7Y7tWwoOrrm05c5hwOZQ5rXy2halWmTP/khcuZ5sKVYGI+0peVLpAM7rx/yHnARRSXyswMv4yvbS7v1nKVy6+F4u/ThaWSh/gzS7NCtTFGpAqvxOfyMqwwdE/eIVeJItYK5/9rnUCMBUbmxjMsnRe7/uNi+x6kSZOWbd6BGkD18AkgT3Skp+M5ZZnCi/Z6wOrOTmpeg9GUMOdknvaLx+C3lpAJv9XE6YrUMfZf0gAaEhq3OWP5Obj3VwXCKSkuXbn1pp4bxicD/dJZMY/lHl6tNDL4q7VCssJ9PwQHxfWcZbSpqIxR3tPgi2pP+m0Y5gNiNew5NBw2cWMARPkZhMpt4puwnlx7c/Ooa9j3s59OygDhG8AxgjzcMHBV+ek2KaHQoruyOJJjQXrwX5JWNDEtlUTKNtjhixLTBGKCer9PUtMEmUyYiAD0gG6rwZLKN8hrIhjAHpJ6D/fB0kgoUo7jGWgQ4smC4n/tJOL1uPLd9Rl1mKY9CXI2iPL8cnxSQ/bSTp+mvYAyIX17s0o/tzHRUN4R+cYVmbEo5UpHJYRMi53WXALgJx3CVj3OMqdwfUx/fLgkBXrn24PYMkkzXY79Kp5NwlOrsxFRE7dv26pPRmNYs9nKymw5ICWQe+lbazPG73ehXn5iRMSo4nQ7txPEts82Pn/MsiLR4SG1m0Hj7IPfdCCNEIq30HXr9y2BydUzXtqGWx7Lm6xwkyEgPuIrBgJL4F32Ko/JLLRiCe020g6LQifm0O59OJmNZgpmn0mJv9RR4H6tL6M+DC2QFM4iyr4WNsDandzWolhoRJWb8b64/c6YL1EbykaKN5LKDH7cvrwM/sYG6LJmv9cHuieDf1cpSaUTq8M+ZKCkG0tlqy1/mAWjElB8ReRWUHj0n6iK7m0lSyjpddjkIaFBClaoySPNLrtigMl9t76e9Xl4ZWq/aC+w4dHuLsufVDC21x68bWlWvIlxkiusHo35uXpXHAFO8HjBNdz8vEEW3WqWsJMZLxXB+wIh5Mdsy6VB8c+u3/3PpnOx34PuvIBu1Y27JzNkuOvozER7xGXwU+ZXN7ipfeDxjJrqbrSyRjmqOzAdz2FB/XhEFmosHetWR+tJVivFmO3z3+Xn+FuHijZ6MQdDMNYbfvzFtzkX7P502agXR6EO3eRyaLg0etdXuhUNu1inmxLW73VBzgeYcTmQuvHnBtEl338jwWesUgrW45yGUCVaFtEWAwOxOe7rs//pm/unSa3JZllUILEBTN0aE46ZIKHKMMTR3DPIRmNOOTWovRQHdKBefdMbC9Havnnz3/qeJQs8WkpGQk9zE40Yc9Sb+U1G02/W3iaB54piY6dch4TNKLtZ54jd0tg44Fyzy9rKuH9F0Ym9r81KTwK5fuHxHr88kdg3JZY3cyYqyUmJ5pzIjAa2TV417sOoH8aI0qknwxhRBfaghJKgizb0/WPi5XuVHN1l8MdT1/JCOkQn/d6VYt/R3yP0sDcI8hqegE+DWLKbqSMrdMJOh5gxrbn77boCYkoPclEzrIQVyB4PsbLUE,iv:J0ThC/EV3diI6wAeI0ZhNaGC/bkXjnuNJ4s2wy/sQKs=,tag:QKndY5DfG7RZO7OsJBhHcw==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - recipient: age1a9gp70y8576pkvklz2arz6h9ecnrjeue2vvh9mvvk92z4ymqrg4qdqm9va enc: | @@ -15,8 +11,7 @@ sops: cWx6Z2psUUlobDdFd20wcXBvS2tUaW8Knod4aI4/qOIJqMr2rdQzUta/G3HDFif8 LoREomHElDv31FYrR1EVEr8Fk11hhkuZs7a0iEzxTxPe6CjCiSfqbQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-10-16T07:02:53Z" - mac: ENC[AES256_GCM,data:wAbaSouSNEIt+gpRhtJ8Dcay662f8p/flpVz+YCYmSXXgm8AXVJfWOCnKCLM5WC6Uge9tZVlAli8oYdJ3PcKMqE+0dSXH0haEi3uenhvOxj63eLLIiccDRjOI45OJk+9J0ilKsqiaP7S1nnY185DCDtgDdLr9mOZlpBrHZohKxw=,iv:ue4DD08RllFhDZHf2BlsuFRouM+596skjXw9KQxMs2U=,tag:7gU9N7pwl/VdRMr0ndpRug==,type:str] - pgp: [] + lastmodified: "2025-06-05T18:05:08Z" + mac: ENC[AES256_GCM,data:QbB2D1urwDo7vwMLqDYpNgopPoE70P5to7iqVyALUmOVwiOJeARKO84buMLHDNQHG1pCGf585UaAbvAs+blPZ4rb0O5f0Ir5nughtxZDg+eE2lcdmnUOxE5nxI1lTsOof/aKtK/wXMPIsLny6HKiJW6aDbtmItgjA7CP0Baceto=,iv:obWptKyJiLKHdR4S5JgwpwdXJNceFa/k7GUgf9T9QtA=,tag:ogak476K//OYBTwi7unqVw==,type:str] unencrypted_suffix: _unencrypted - version: 3.9.1 + version: 3.10.2 diff --git a/home/nipsy/secrets/caladan.yaml b/home/nipsy/secrets/caladan.yaml new file mode 100644 index 0000000..91df543 --- /dev/null +++ b/home/nipsy/secrets/caladan.yaml @@ -0,0 +1,17 @@ +reaper_license: ENC[AES256_GCM,data:r+s9lH3dvz3+Y1G0c0MKGimwjXnPf1lMT/E+39MHmyRzQaeK1Wvq2aLMKdqpJgfns5x3jA7vE1zV+dhZMMkc9nks6eskY31R66Zcn0SgwoSx+0tIRJ5U/Df8bvbHk1Xt5YO0vSpoaWvKg2KwIrQFmGoWBEogMG+mvmTahBogZOiTUIHrJZMQu6fBrcaNASKFNTVfHLdmjfFr5qWEOIhydXMKprFDPII/orfr3rL0oUzXsT3hRgGpp0fQm1i2cYIenYh0XGntxYjwJkYsWRV4hbzdHpft6q0nFatknwaKX0kmdQAuBs328xo4c3tPqp6QpEUD3NCGO9F/i7ljQSbsYP/EyQSTH5RGkGBQ7WqYtdJn3Jnz8okFntrq9Fpcw5rOJoCuINa328pDKvu2pbOIoAM2oSZIJVZlz6MFa/MlaiuyKvoLgxceLugG82auEWry9tPIpyIKA8TOqbaDjyRsFuIC8uEPgHAMipRcwnFt4kCQupMi2GiHvCZ3sP0utBEhCb+bHiYL/ylI3TJoNSpCPl86QEvCNXIdUUBG7FdYtX0UkE/A6MKo1whV6RTGmrHQuaa8IQdJbXMZKraY4nNarVWM0VTB22jRJ0RIE47Ax+kjIme8Y82i6gV6Y488rJiGDIo+JrHNN47nn74SOt9TQQUcG4vOYhmX9A==,iv:RT0XBkthKkM9MapVvGi+FdxXrEtwEU4V0WXJb7EP9Uw=,tag:esy7aQXzUtrdTkYYVGCDmg==,type:str] +ssh_config: ENC[AES256_GCM,data:yH4Ul7wAwj9kJwhmoQxMAyjLmELKRI8PvoheDbiUjr/7jXQSTSzlNIQHQilhJg6clezveC4q2fYphynn/YG9Q1AbTCTTqt+PuLABQpPPuc2h7Zx8cp3m5bo8tx/ITZTcxfjOB5QmeBuxuzINkQ2gKly0FOFS8Ha8PwxLUaQ69KAg46kqIxuk+zeNy8CZw5afhDkQ2w5nsXmeJkP5OlBqe8M8Wh4F+1DrG3ymFqSjZLfcY3V9cLEMCknFs9gJoE/n3fNteruuLoYw7rD3+RQf0JdtTP6Bg78zTTrr2LsCTTM5TtzFDngSa6RjMST0e9PVoVWD8JKZ7LINYA9SOjyfhCxGLqrL0H0uotB2sGZseZPdSN3Teek7S3fdUmjKiB9LW4w6T0QwTAlYpPyrLQ7YWuQnxaKIuMxMxQuV26BljPt557bhIcNY9EV3gnzD9JNXVX9Qg9qm5UDmVZtnWPsg2ykhecwiDUKQdNfi1+tz6Dkqri1YF1INVBuud077wdsVfsDPtAWTTu5vv5nEWX6MLlGkGy10VuXZabL9eD96aRFbx4f3Jsp7KGdo2+IrQXkgeOdsOl2BUfpO9BJFKcUbqyVBdOdjxGA/9KAX67taiA9S59Dzv6VL95v6radNB9pgUwoIO2ZtXB3qhx+oIB9a1F9WlDtiB/TmaTO3jHWw43QTQFi4BXj4U6glJYJQgzbPjY+M/BbxvurW3Xwkxa5wsBT86ENB+kRpC5AWA/LeoQwpicyPlxmb3juHWM2/lMsw50BwmFhjwzxZrYS92+AUQpVC8s5FFNY1h4i0oRr5E1JddNWbWGry2y79yl91NomyF96tPmrZ5NdYCSYHm9dEbubp5WaaJNQvU+3XqECQU6YHX4dZuDw+ZwYPdXVtInMp7YfZ+PSacRuAsHeb2cuSOx1d7yjPgy9aaGssJcn+hIfKLGMmUypkKEfKA3IiFBh0ChQ75vQQ59tNPiu6RyrZxZLJhpctIBQQXWrsrd4NSiZVyR9gWmQkQeZjvYiFnJKGMFAk89sEA0qFuUiasH9eKDRPr1BlO0NwKUv2UXSK9pu0HdtJasi1LLGsLQg3QOL0hnwoOsrCBHLCD15x7BLcInYhZUucDQvEt0JdNMJlV4iF3fEt9kEUJmuo7JIpYLZYI7P3z+C/IiFsX6/erIal+Ycj+1tHQJi0YwBGKkkE3XPZ2RXqzKrhu/m7FBiBLSCOsg2IJ3NmUiLa74KCwdDSLn9wdkOKN4RMijFfoctopf75SsaJpdR4Y0K15q2OzBN4P1yZgNiMUCF9Y41qlIqbX8JE0ARiUs9LXFBdt+0oc86XUy1QEcFdh2IDbHOhJFlz0gGLryYTMI2+6P6lV9Iw8t8S2dM0P28vqGsqz8QNIhcBJP5mpdHzH1c1urnXQZeYRN5VVV9y9Yz9Gz2XFogsMqo1YIuPIf2GNwvDrgz3kQwbBqqLh0aA6+bbwq347f3CTeA8QJjtv9/a3Bo8EXZJk7eOEFcH9bqiJym7Sqg7fGPM6BnqGb80AnjFe+MzRCVBOElJKwzbodpSs56W2ZpZnAuhMBB3pBZt8hs9440waJHaW/nuGxrHyhqAbdr+lf52Xzrhz898iTstvvFnKpkSBZII5WujWALntFzXC2+T7bFG+b3TUFeCBiSz2AFeq4HkJIIohXO+35YVOnQfcmykcf2AdTDPRH5qEKn9A/cx5Az1IdlUum0yXYwMqtEzjDrnjCLS2LbgtmPZ6rA1vYlQDewKSD2qnQUpJM8IF9JFtWbqXhrWOg0Y6EajprYxgp8pP0bNrM/t5BKwfJEPllZ5HEIIRILCQ+HBAF5pM/KZISN/KZw2Disz533qCC1PaqRv7YFXXbvk8OzepGOszctfl4UBOsfWww0a/oqj2UmZKFxt800MdY976kJ1LaHDb/+jCtFu9WslyMFRy+l0CIrenGbdZpqnhaUClpYrrvzn6zeYiQRmzjtGGEQykVLvH4GPpKjWeyza9GZ1B1aI1+6Sd2/Zl2CwSZvZg2Wl6olvazifVdFzH5xwtlKDc3ABrDUKPWLl67213PQNBMwBrqx+iDuJ76FMQwE=,iv:sZejEGs4211FBCUYZ9IcZjOX4u4R+NW76/tMCvGmJBU=,tag:bHIjCMuI95eM/Cg1XdfMlg==,type:str] +sops: + age: + - recipient: age1a9gp70y8576pkvklz2arz6h9ecnrjeue2vvh9mvvk92z4ymqrg4qdqm9va + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkSUJOMDlTem5jNXVkRnIy + TlorQmQ0ajQyRnFYQXdueVhvNloyaFVabUFVCndDOHZDSGVyWUNQRkd5ekEwbDdz + S054ck9IbDh2UGRjVlVaV3N5dDVjTzgKLS0tIHNjaXgvL0R1MmY2cGt4NFZ5M2J5 + dnVlaUtXRkJOYllweUpjRXpreUI0bjQKdeI5T4qxmRk3goiHMfxQPxYyfauY69ea + ipFJuEzDTg6XdQvpwmmBs9N+QM2diNUkuxTOd4RDN5/EAN0h3fEhZg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-06-05T18:05:52Z" + mac: ENC[AES256_GCM,data:tRKW7bODDlA60O4UjY8ufuCm+695PVsX0oscGce5AIU9EsstMYAW6Ny6TpgBfMBvfNiNLLyKXQqEylvCfD0ZwbwM6cAttfMgMM6kbbfyOT00CHqrwC2as8MZmJHWcbA20SwvWBFPhhxJFvn9oP2BClU/IbaMdRi7IbqxIl6WNxE=,iv:cjaFEUfp206d6cY40cPlfkvZ9gyYhbAPoQ0yYx8ykrs=,tag:Ac1+FjrGjV/KMaLrhsA9Fg==,type:str] + unencrypted_suffix: _unencrypted + version: 3.10.2 diff --git a/home/nipsy/secrets/ginaz.yaml b/home/nipsy/secrets/ginaz.yaml index 21d2933..5ace25d 100644 --- a/home/nipsy/secrets/ginaz.yaml +++ b/home/nipsy/secrets/ginaz.yaml @@ -1,10 +1,6 @@ reaper_license: ENC[AES256_GCM,data:AfhcqHqVoIpIxKP73VYFy9XYAHXdUfXqswX/eHntZQTka9HwhL8Dz3KXUffRa179hFhcarVNapAOujPOLS4zCJHXbMEAY9aAVMAaQM9ID73l5EFErJ/kscfQgjM5oBEuAL6H/rL4pO1I8JGMqPLAq1gyQFJhRDoLd4hKOJTRXPBY69mZwtPlEjY67Jl/7+jv9neldNHHmDqPVAO+tT+wFFAStAIZ/o5kuJxPg7Tc5M9hxanKkJVQIIZ1HJJyMlS4wCTPyeGIXEcR8XWP9tlfpmE8OUirCvME4lYMwNY6plxoHMhDuWF6OGIcRTPv1KzM1of6iD/bzQbe+z21r2R9my5j0NwRQKUGJS0bPE7snlwvdCrvwJm7RDotVrumOpiuuzaVSoXyFPUQe8EEF3rZlfXlysxpSdBKNTJz+f+i4clFurcznKUk0pWDKMefcKhYzs5x847iPDoqnR89f4B7v9hpCdwZRSsHyKncbz2p/zFi5LLuaBd4jmFKS3aOI/WlUFeUfhicUh1iXgIMTzvY8yZwpaX3r+XOBIOVxIyAipgoNXoRsi3fMfdlMXtR3XIiGmhXRJNEw4Lczu0qbWl4bDCaMD0sNKMPMiBJyGSnw1fspGLiZIKGLMb2DyGa0s9iIfjU0uKA7o/TsP7kE6T5XGq1kp9Q7LpJTg==,iv:8Z2o5SOYPbFl8CBpcafvVjZUMPFJ+6atrsnJVbBljgE=,tag:TsACvre6dMgPZsENgcYkeA==,type:str] -ssh_config: ENC[AES256_GCM,data:3liYuVh7teH2UWRU2ggHvk8j2HCf5BqIj+XVrOPbBXPcF6y5P6HaVbGF6ccDuj59WyqrNfQV3PPOm83cHz7aYydimKUDg+qx2Qs+brD1S0gaBjdnTmq6tdpLXvyWLBjgmioTARyfm50sg+iGkqNQyVmaMYoWxZyvoE7OvECqG05zp8BC/udsFO0JRCvQlZhHgFhppVRnBEHsi5r8k2ENjswjOp0lx9YrIwqD/pMaD53NbsiP+74SD5nWAC7B/NnnOi3MbKPWiXPkNr9YMeGojTDyy6Y8Ie6TzRKoD0TiLLqOArZY1N+n0VYnwdGUsXoRSRH0WgDvMJ42dEI1LswBKby83PXxRle/GxC3XZOs6mJW2aAzCM2ZF/CAE3SohuWXyRnCT52AHMq4Ctnhodim+0FIvlMxK7JzFU+a5/ceGHoSlm70w2iq4HGYxdZF48mPXrEk+xtyUQUpgwu54x388QNBhKkt+8XssnwzachCxCQLJu9hztZQtAsU8JTglSrgmwmtzBoSleVHxfTfMMKqGhJ3MyZZA1e9XF+muIi3gngilUF6qt4UEcepWZMagPlV/8/k4iwjgVXskcpjOBo5HB63IZxsx8w/SAim+1KKD4xFAZQhdO+7UGzpc13oSyRujHKEYuT19jvYTmu+0NDuTfkDVxa9Hou1/BMLKjAfnZgXtdPgdjvZMXoXQbi+jFtvnCtAgLAPe2bENBXVfoqE/ZQo8IzJNEOZN8ZHi51TUapMjoE8pM5IO0Jk2ulBSgsnzsXDwQ1ZqDDGxDzOz9aVRnd2VqbK4krIAWVA519i5NBps3fdqkDASbfYfo0F4a1VfoywTwk4ykqRKLbd4UL5oDi062mmQ5u4Wr3s3sHH1ZOJlyQn4d0CfREB7ruX9X0BhASkmy3FsHUpDy07wyMR/qY8GbAl+TxZCLBQEDaLIwoGOwii/smFS+A1B3xWmGiosSTgySaKkyObJkI6qUQAHP9jo7cwTAmmvbj+eHjC6BNmXUeqv35KV88YY5chAamS0w7tF2XhA0nxAHHvGEElIUyUmLd3Tzn1PO/O+c9XQLn8ROmQ5SnaLYuXAlOOFxne4gqMP6aywI9kJ2qpmF4eedLhrjT+rFS05NsrE1S6oVVRkGYy2s3IYciX10Ib2v6vf2UOshUHcb1V5bicz0r2qlxwhM83+eIpNmrO0GQCpoihl3Uz6Wbgv6P7kHUKduqiBCJuuONpKnHCGFpEPMM+/vrG+8zFBzTKxDDGhpSO7ZgyzHBBgIsbeiWa1K5V3eXxD5KNch+s7m+brfNxgReI2831ntSRYgbuOj/WktVJv76fEMIt9YxwSEG6sq6Zx9C2gTfWodMQ8TZ9ck1xoegqHZcPhXtt6QsrXue6NIIrFLwH3CRz0cqgQz232GUwfMpJ9pKc5WsV58dOCmkW4w/hvalraA3Cd2QnYAfGdb2l59MOtpsFDO6rGg4UisrGuWvYRiBze47NGz0n8UFmvxNOVll8AJzz1h63QQeENx0WHcNFsdGzof7nvkbVkF87b/d9kp43w1L6j0LZ0BLKnfAoXBg065ZAR0TyiDuI/r+A3HTxmUGwoIlefUVFkZsODTOhiftKiVTfOfV0WCmw7aw2nWr/92ZGTSzEzMg175G9EezkINCo/NRh3umLHg3YvUMWoGs4V9m2F9wkL+fL4uyM/OYovMz8a1xr4HjxgxsVmd31nk3iIaE/Ux9T//w08IZ1PNEDDT2EH8oSqwciWPKuwbIVxlKBGyn3+LzFf3a96Lrb163/OALWlPBx3cXs/u/tyCPtRuuCTvfFDGcxSGLFv3o/XVV7Fvwg4Yv/u1z1CIWby+H2M3rL52V/iSnjj9tywOThCu/Qkjf8eadizyF0eeCbr4MOVfSv5l452C8BrINGq0aeznlcC1bP7aUsIQiuOKeXr3lUmbJUTRRQ2WSaD8uaxufjKkW/3CneSw==,iv:lsjEeTnvaMA/gpJnQ8lNmQx3gHL3VesDm9Yp/hBZur0=,tag:SDs/rGbM+NiZmQWMGspvMA==,type:str] +ssh_config: ENC[AES256_GCM,data:IdQuiUPF8VvgIgLh916/nLI7T0obkkkxclkVQAS3Q6x2wFkR1rOQTl7nxr/pXfnoIoNu294QPvv2Lt6RIB+5eLgoMHEw0LLZ9eyYcJbbRzsuF1gTJtwk9DRZEhlrjzrb3giFDrJeC6AsAfousqdFNqzR//M6YkQA/YGmN5zR8nhj6zgRbeemzBouh2gLLxppFM14Ttc1sTibm61smHKZPwmc4f83S0jdSvffhQmy9EwfgZZpIprcibbfatdc6uH4+nn05R8Uz10few2k+uDZVSTTAxOqNWrpLebfB1dLAuwNSxuz90EnC0hD8O5Bxs6yK5xHB3k1M17JeK65VB0t/zVM99+3Tx06YvmuyeBu2CYrZgl2tMPiKg0PUkRqPDSXhj+UfNAm5r6KWqT7RPS1BjOveRwkJauhzNZJ1BKd6K0gG2vKja/ERf+oWiw3zOpzbDCiF5aBW8XYb+TisSdMlyaA1xfuYTmYZtxz4el1Ra34t/Dyy4OBn6bgmYziP6NoLrWI0Qn/vWo8YJJMNUaHgCNsr4/90URzhqfw+GFDK5FpdIAm+UDQOJc3tS2GE7QIK8+KzLzU4ujq+Oe7QW27u1U1jVprI3Z9bT8gXjY+f1STqdJF+mXFUu7CkiDS2kUIJGaMHraz2y59YHK3M49+tKYT5uCq7sMT4wD/X365luecSvaO0Fpi86PTxOOhtXj+/cRTUzdhUHoLchq1ZOZfZEZRb6K49YoLQHR5JFC8Acb1dJARq75KAmHW0T7+K8rIsxFpmgwXTEQpMtaU5EbvKIGZ7khocS+mSWFgW9yukj54mrvNSsM4yiXex/xeOTfw2+obEeFfVmEoZScn3sLs+Db/tuyKu8TTztDaBUwjvPgMearCTtEXhE3H8UCFeI5a26Y+74ELZJxIjINS4wmHVP4GqUfbH5WTXOj3ljmc7WvrpXN1g7Rn4m/G04OS+XR9gZJvStks4mWFzJa6xJOE2y3Ce/2glmV/UP64deeDPwI2Dj2FAdEey5Ijinbr40brC5NEuOJXiOVu7SlFGtY/spoIVl1gcqbqdqmm3mVKQkV7W2MMcUCHbaIwlvVVLr3KTF8YPr1RFIePzTGtmCRrpOmIZ+E0SMVcmBMiib02deYV3VDGetz28wTbJ55mBjRQApRKE4RfpwX4z0j1NemyasC2Ma9plohUWqAKhLkjcOUJa8hqw9Qaeav10MPasuuLhP48p0ShS4hlFqDoe6mjjCauvfDQRBqB599/usnFwB42tMUzwgEGRIVll/eMtA4TtnSQ0rh5loxIqztOlwD71jsSJjKol7+SJQj1S/LmLPH0qNbL+RhS9CvA+fHe6qDAkE+UhiB8hJeck2QEba3PPvecFk/pZjNEZXUS1OY4BD4X8VQyNyDkywnw45wPxdCpRU4eMk74/gZjp89tVpvZerrKXgdn21/cjy0fOjRGBAD+SNHP/IMHPbkXSvX+UOmVYFzme9q0lJK8bzUjqi2okIuJMzjvKdRLPGibKxW+6BA0g+sog0Le5b+M+SIfGy2HO0v8QfNlG9toup7lycMD7we/kt0rYohScNk8pXZKOv41jVRf7W81bOpet/wS0atN2Pb3+IgMaoDTU19zZJOn5m7SdTSq2TuGEXQC5aJiDvDeaAtR55rFI2/v/L/+30SHRWpOkT9lxAbvAcjK890T8uhXkwjNQj4sQQT9nnT9UaR2dm4arIe4JS1xLvP+kJ2C6zv+b0tul3WR+oxBz934hhLGE3p1oyOWce6tLEjGFUmogZa0QcPaX8XYJD+I0rGSlZPVqiFmTl3QkewIHd2rddWFGYD5qAv5yJH5zRgL6XBKWvxLc4A+DHYkrtjN2Knlr0cn/DoxJ5tu3ijzd2+4R2NLmf6ur/Bo6zEi6MJQOo+OSSWhXpyg9GelHRkbWjcYArye57kS0lSuQsl2lhmtaoQrL1Wr+f90s6ozy8smhA==,iv:efBxf9iRo29LJxFyGzTqPlQxN3cKxnim0a9x4OkNueU=,tag:SXKQZJuOJlqVUbRNXldaZw==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - recipient: age1a9gp70y8576pkvklz2arz6h9ecnrjeue2vvh9mvvk92z4ymqrg4qdqm9va enc: | @@ -15,8 +11,7 @@ sops: QXRkc3NnamhWcFd6eS9CWE9tQzRpNE0KtEdfws+SlXPk7y7FNSx/9ogcZZneuRaj gnI30NcSbuHhWVvu9BEzBaoz4CU0slxvevOe6nNDoMzFhVacGTnhQg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-10-16T07:03:15Z" - mac: ENC[AES256_GCM,data:nFprDmU67eSEr0IKe58uC5AXwpPcGcug1PkASgc1Ep41wSyeJ+Y9/ki3ahu6BUgnkKyd7G48tC3/5Vn3+oNidmb185pw7lwcaYjPFOtKihWbgRC8+LuZCsaDMxAEbOnxDurHzzC8ywSLfDEXNDxoZ0v4m3bBQjDAP+7CghWafnQ=,iv:9qVYTef74T1M1Rca8tuUxovhWSWFs4SjE8ClwbfjYQs=,tag:BBC9MJajtSR8lDQYWXk80Q==,type:str] - pgp: [] + lastmodified: "2025-06-05T18:06:46Z" + mac: ENC[AES256_GCM,data:UQK2sM/OS8R4KWSp1DvgfqoeiIG9esZ9mDoaLx5qVg5zFvTDXgJ1cSOSwFM7lrXX8v+bHY/WiFR70C7kHXVEG3UXYagOuxqGncFnfigA+VR3TGMaTRnaRV0EQs9HuscEj9z8zngp5bZMUORsY/334VKz8tF/+vmaDwRtOVU4GrI=,iv:a+eSIBlFBk64BzMRcJARgE/0MdOa0J7Jybr2J1YR2YI=,tag:eCMdgVc0b0M2+OXJV76MJA==,type:str] unencrypted_suffix: _unencrypted - version: 3.9.1 + version: 3.10.2 diff --git a/home/root/arrakis.nix b/home/root/arrakis.nix index b852ce5..d9d9162 100644 --- a/home/root/arrakis.nix +++ b/home/root/arrakis.nix @@ -5,20 +5,21 @@ ]; home.file = { + "bin/knock".source = ../common/scripts/knock; "bin/vpnctl" = { executable = true; text = '' #!${pkgs.zsh}/bin/zsh - + function status_vpn { - + ip netns exec vpn su -c 'curl -m 10 -s https://bitgnome.net/ip/ | grep REMOTE_ADDR' nipsy ip netns exec vpn su -c 'curl -m 10 -s https://www.cloudflarestatus.com | grep "Cloudflare Status"' nipsy - + } - + function start_vpn { - + ip netns add vpn ip link add veth.host type veth peer veth.vpn ip link set dev veth.host up @@ -32,44 +33,52 @@ ip -n vpn link set wg1 up ip -n vpn route add default dev wg1 ip netns exec vpn nft -f /etc/nftables-vpn.conf - + } - + function stop_vpn { - - ip netns del vpn - ip link del veth.host - + + systemctl stop prowlarr.service qbittorrent.service + + if ip netns | grep -q '^vpn '; then + ip netns del vpn + fi + + if ip link show veth.host > /dev/null; then + ip link del veth.host + fi + } - + if [[ -z "''${1}" || "''${1}" == "status" ]]; then - + status_vpn - + elif [[ "''${1}" == "restart" ]]; then - + stop_vpn sleep 2 start_vpn - + systemctl restart prowlarr.service qbittorrent.service + elif [[ "''${1}" == "restart_firewall" ]]; then - + ip netns exec vpn nft -f /etc/nftables-vpn.conf - + elif [[ "''${1}" == "start" ]]; then - + if [[ ! -f /run/netns/vpn ]]; then start_vpn else echo 'VPN service already appears to be running' >&2 fi - + elif [[ "''${1}" == "stop" ]]; then - + stop_vpn - + fi - + exit 0 ''; }; diff --git a/home/root/caladan.nix b/home/root/caladan.nix new file mode 100644 index 0000000..228bb90 --- /dev/null +++ b/home/root/caladan.nix @@ -0,0 +1,14 @@ +{ config, inputs, lib, outputs, pkgs, ... }: +{ + imports = [ + common/core + ]; + + home.file = { + "bin/knock".source = ../common/scripts/knock; + }; + + nix.extraOptions = '' + !include /run/secrets/nix-access-token-github + ''; +} diff --git a/home/root/common/core/vim/vimrc b/home/root/common/core/vim/vimrc index 9f652cd..87de2a0 100644 --- a/home/root/common/core/vim/vimrc +++ b/home/root/common/core/vim/vimrc @@ -43,5 +43,5 @@ set hlsearch " highlight all search matches set laststatus=2 set statusline=%<%f%h%m%r%=%{&ff}\ %Y\ %b\ 0x%B\ \ %l,%c%V\ %P -map <F5> :w<CR><bar>:!clear;go run %<CR> -map <F6> :w<CR><bar>:%! gofmt<CR> +"map <F5> :w<CR><bar>:!clear;go run %<CR> +"map <F6> :w<CR><bar>:%! gofmt<CR> diff --git a/home/root/common/core/zsh/default.nix b/home/root/common/core/zsh/default.nix index eaec714..a3587b8 100644 --- a/home/root/common/core/zsh/default.nix +++ b/home/root/common/core/zsh/default.nix @@ -19,7 +19,7 @@ export COLORFGBG=";0" save = 100000; size = 100000; }; - initExtra = (builtins.readFile ./zshrc); + initContent = (builtins.readFile ./zshrc); shellAliases = { grep = "grep --color=auto"; ip = "ip -c=auto"; diff --git a/home/root/darkstar.nix b/home/root/darkstar.nix index 72dbda0..7399284 100644 --- a/home/root/darkstar.nix +++ b/home/root/darkstar.nix @@ -1,5 +1,11 @@ { inputs, lib, pkgs, config, outputs, ... }: { + home = { + file = { + "bin/knock".source = ../common/scripts/knock; + }; + }; + imports = [ common/core ]; diff --git a/home/root/fangorn.nix b/home/root/fangorn.nix new file mode 100644 index 0000000..72dbda0 --- /dev/null +++ b/home/root/fangorn.nix @@ -0,0 +1,10 @@ +{ inputs, lib, pkgs, config, outputs, ... }: +{ + imports = [ + common/core + ]; + + nix.extraOptions = '' + !include /run/secrets/nix-access-token-github + ''; +} diff --git a/home/root/ginaz.nix b/home/root/ginaz.nix index 72dbda0..8370818 100644 --- a/home/root/ginaz.nix +++ b/home/root/ginaz.nix @@ -1,5 +1,12 @@ { inputs, lib, pkgs, config, outputs, ... }: { + + home = { + file = { + "bin/knock".source = ../common/scripts/knock; + }; + }; + imports = [ common/core ]; diff --git a/home/root/kaitain.nix b/home/root/kaitain.nix index 72dbda0..cb4ed48 100644 --- a/home/root/kaitain.nix +++ b/home/root/kaitain.nix @@ -4,6 +4,10 @@ common/core ]; + home.file = { + "bin/knock".source = ../common/scripts/knock; + }; + nix.extraOptions = '' !include /run/secrets/nix-access-token-github ''; diff --git a/home/root/richese.nix b/home/root/richese.nix index 72dbda0..cb4ed48 100644 --- a/home/root/richese.nix +++ b/home/root/richese.nix @@ -4,6 +4,10 @@ common/core ]; + home.file = { + "bin/knock".source = ../common/scripts/knock; + }; + nix.extraOptions = '' !include /run/secrets/nix-access-token-github ''; diff --git a/hosts/arrakis/default.nix b/hosts/arrakis/default.nix index 80509cb..2b3f855 100644 --- a/hosts/arrakis/default.nix +++ b/hosts/arrakis/default.nix @@ -2,10 +2,11 @@ boot = { initrd.kernelModules = [ "zfs" ]; kernel.sysctl = { + "kernel.hostname" = "arrakis.bitgnome.net"; "net.ipv4.ip_forward" = 1; - "net.ipv4.conf.all.proxy_arp" = 1; + #"net.ipv4.conf.all.proxy_arp" = 1; }; - kernelPackages = pkgs.linuxPackages_6_12; + kernelPackages = pkgs.linuxPackages_6_16; loader = { efi = { canTouchEfiVariables = true; @@ -20,7 +21,7 @@ timeout = 3; }; supportedFilesystems = [ "zfs" ]; - #zfs.package = pkgs.master.zfs; + zfs.package = pkgs.zfs; }; environment.etc."nftables-vpn.conf".text = '' @@ -76,37 +77,39 @@ } ''; - environment.systemPackages = with pkgs; [ - angband - assaultcube - master.bsdgames - bzflag - extremetuxracer - #frozen-bubble - hedgewars - kobodeluxe - lidarr - mailutils - megacmd - moc - nethack - openttd - pixcat - prowlarr - qbittorrent-nox - radarr - rdiff-backup - readarr - #scorched3d - signal-desktop - sonarr - superTux - superTuxKart - umoria - warzone2100 - wpa_supplicant - xonotic-sdl - master.xpilot-ng + environment.systemPackages = [ + pkgs.angband + #pkgs.assaultcube + pkgs.bsdgames + pkgs.bzflag + pkgs.extremetuxracer + #pkgs.frozen-bubble + pkgs.hedgewars + pkgs.igir + pkgs.kobodeluxe + pkgs.lidarr + pkgs.mailutils + pkgs.megacmd + #pkgs.moc + pkgs.nethack + #pkgs.openttd + pkgs.prowlarr + pkgs.qbittorrent-nox + pkgs.radarr + pkgs.rdiff-backup + pkgs.readarr + #pkgs.scorched3d + pkgs.signal-desktop + pkgs.sonarr + pkgs.superTux + pkgs.superTuxKart + pkgs.umoria + pkgs.vial + pkgs.warzone2100 + #pkgs.wine9_22.wineWowPackages.stagingFull + pkgs.wpa_supplicant + pkgs.xonotic-sdl + #pkgs.xpilot-ng ]; imports = [ @@ -114,20 +117,21 @@ ./hardware-configuration.nix ./services.nix ../common/core - ../common/optional/adb.nix - ../common/optional/db.nix + #../common/optional/adb.nix + #../common/optional/db.nix ../common/optional/dev.nix - ../common/optional/ebooks.nix + #../common/optional/ebooks.nix ../common/optional/games.nix ../common/optional/google-authenticator.nix ../common/optional/misc.nix ../common/optional/multimedia.nix - ../common/optional/pipewire.nix - ../common/optional/sdr.nix + #../common/optional/pipewire.nix + #../common/optional/sdr.nix ../common/optional/services/chrony.nix ../common/optional/services/openssh.nix - ../common/optional/services/xorg.nix - ../common/optional/sound.nix + #../common/optional/services/xorg.nix + #../common/optional/sound.nix + ../common/optional/wdt.nix ../common/optional/zfs.nix ../common/users/nipsy ../common/users/root @@ -136,13 +140,12 @@ networking = { defaultGateway = { address = "192.168.1.1"; - interface = "wlp5s0"; + interface = "enp6s0"; }; - domain = "bitgnome.net"; hostId = "2ae4c89f"; hostName = "arrakis"; interfaces = { - wlp5s0 = { + enp6s0 = { ipv4.addresses = [ { address = "192.168.1.2"; prefixLength = 24; } ]; @@ -150,6 +153,9 @@ }; nameservers = [ "192.168.1.1" ]; nftables.enable = true; + search = [ + "bitgnome.net" + ]; useDHCP = false; wg-quick.interfaces = { wg0 = { @@ -193,6 +199,11 @@ presharedKeyFile = "${config.sops.secrets."wireguard/timetrad_psk".path}"; publicKey = "/lWCEMGRIr3Gl/3GQYuweAKylhH5H2KqamiXeocYFVM="; } + { # fangorn + allowedIPs = [ "10.4.20.9/32" ]; + presharedKeyFile = "${config.sops.secrets."wireguard/fangorn_psk".path}"; + publicKey = "G4oahOfaCR+ecXLGM2ilPYzqX6x8v/6z8VIo2vP2RC4="; + } { # ginaz allowedIPs = [ "10.4.20.254/32" ]; presharedKeyFile = "${config.sops.secrets."wireguard/ginaz_psk".path}"; @@ -216,12 +227,6 @@ nixpkgs = { config = { allowUnfree = true; - permittedInsecurePackages = [ - "aspnetcore-runtime-6.0.36" - "aspnetcore-runtime-wrapped-6.0.36" - "dotnet-sdk-6.0.428" - "dotnet-sdk-wrapped-6.0.428" - ]; }; hostPlatform = "x86_64-linux"; overlays = [ @@ -230,12 +235,10 @@ outputs.overlays.modifications outputs.overlays.master-packages outputs.overlays.stable-packages + #outputs.overlays.wine9_22-packages ]; }; - services.openssh.settings.X11Forwarding = true; - services.xserver.videoDrivers = [ "nvidia" ]; - sops = { age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; defaultSopsFile = ../secrets/arrakis.yaml; @@ -243,8 +246,10 @@ secrets = { "nftables/ssh" = {}; "nix-access-token-github" = {}; + "ssh_config".path = "/root/.ssh/config"; "wireguard/arrakis_key" = {}; "wireguard/black-sheep_psk" = {}; + "wireguard/fangorn_psk" = {}; "wireguard/ginaz_psk" = {}; "wireguard/homer_psk" = {}; "wireguard/lilnasx_psk" = {}; @@ -287,26 +292,28 @@ after = [ "zfs-import-data.service" ]; description = "Bind NFS exports to ZFS paths"; script = '' - ${pkgs.util-linux}/bin/mount /srv/nfs/keepers - ${pkgs.util-linux}/bin/mount /srv/nfs/movies - ${pkgs.util-linux}/bin/mount /srv/nfs/tv + ${pkgs.util-linux}/bin/mount --onlyonce /srv/caladan/downloads || ${pkgs.coreutils}/bin/true + ${pkgs.util-linux}/bin/mount --onlyonce /srv/caladan/www || ${pkgs.coreutils}/bin/true + ${pkgs.util-linux}/bin/mount --onlyonce /srv/nfs/keepers || ${pkgs.coreutils}/bin/true + ${pkgs.util-linux}/bin/mount --onlyonce /srv/nfs/movies || ${pkgs.coreutils}/bin/true + ${pkgs.util-linux}/bin/mount --onlyonce /srv/nfs/tv || ${pkgs.coreutils}/bin/true ''; wantedBy = [ "local-fs.target" ]; }; "nftables-extra" = let rules_script = '' - ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" tcp dport { http, https } counter accept # 80, 443' - ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" udp dport { netbios-ns, netbios-dgm } counter accept # 137, 138' - ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" tcp dport { netbios-ssn, microsoft-ds } counter accept # 139, 445' - ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" tcp dport 2049 counter accept' - ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" udp dport { 2456, 2457 } counter accept # Valheim dedicated server' - ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" udp dport 5121 counter accept # Neverwinter Nights Server' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" tcp dport { http, https } counter accept # 80, 443' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" udp dport { netbios-ns, netbios-dgm } counter accept # 137, 138' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" tcp dport { netbios-ssn, microsoft-ds } counter accept # 139, 445' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" tcp dport 2049 counter accept' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" udp dport { 2456, 2457 } counter accept # Valheim dedicated server' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" udp dport 5121 counter accept # Neverwinter Nights Server' ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "veth.host" tcp dport { 7878, 8080, 8686, 8787, 8989 } counter accept # Radarr, Sabnzb, Lidarr, Sonarr, Readarr' - ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" tcp dport { 7878, 8080, 8686, 8787, 8989 } counter accept # Radarr, Sabnzb, Lidarr, Sonarr, Readarr' - ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" udp dport 15637 counter accept # Enshrouded' - ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" ip saddr 192.168.1.0/24 udp dport { 27031, 27036 } counter accept # Steam Remote Play' - ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" ip saddr 192.168.1.0/24 tcp dport { 27036, 27037 } counter accept # Steam Remote Play' - ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" udp dport 51820 counter accept # WireGuard' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" tcp dport { 7878, 8080, 8686, 8787, 8989 } counter accept # Radarr, Sabnzb, Lidarr, Sonarr, Readarr' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" udp dport 15637 counter accept # Enshrouded' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" ip saddr 192.168.1.0/24 udp dport { 27031, 27036 } counter accept # Steam Remote Play' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" ip saddr 192.168.1.0/24 tcp dport { 27036, 27037 } counter accept # Steam Remote Play' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" udp dport 51820 counter accept # WireGuard' ${pkgs.nftables}/bin/nft -f ${config.sops.secrets."nftables/ssh".path} ''; in { description = "nftables extra firewall rules"; diff --git a/hosts/arrakis/hardware-configuration.nix b/hosts/arrakis/hardware-configuration.nix index 3c508e5..1948809 100644 --- a/hosts/arrakis/hardware-configuration.nix +++ b/hosts/arrakis/hardware-configuration.nix @@ -21,6 +21,24 @@ MOZ_DISABLE_RDD_SANDBOX = "1"; }; + fileSystems."/srv/caladan/downloads" = { + device = "/data/home/nipsy/downloads"; + fsType = "none"; + options = [ + "bind" + "noauto" + ]; + }; + + fileSystems."/srv/caladan/www" = { + device = "/data/home/nipsy/www"; + fsType = "none"; + options = [ + "bind" + "noauto" + ]; + }; + fileSystems."/srv/nfs/keepers" = { device = "/data/home/nipsy/downloads/keepers"; fsType = "none"; @@ -50,16 +68,35 @@ hardware = { bluetooth.enable = true; + graphics = { enable = true; - extraPackages = with pkgs; [ nvidia-vaapi-driver ]; - extraPackages32 = with pkgs.pkgsi686Linux; [ nvidia-vaapi-driver ]; + extraPackages = [ pkgs.nvidia-vaapi-driver ]; + extraPackages32 = [ pkgs.pkgsi686Linux.nvidia-vaapi-driver ]; }; - nvidia = { + + nvidia = let + betaPkg = config.boot.kernelPackages.nvidiaPackages.beta; + pkgAfterFbc = if builtins.hasAttr betaPkg.version pkgs.nvidia-patch-list.fbc then pkgs.nvidia-patch.patch-fbc betaPkg else betaPkg; + finalPkg = if builtins.hasAttr betaPkg.version pkgs.nvidia-patch-list.nvenc then pkgs.nvidia-patch.patch-nvenc pkgAfterFbc else pkgAfterFbc; + in { modesetting.enable = true; open = true; - package = pkgs.nvidia-patch.patch-nvenc (pkgs.nvidia-patch.patch-fbc config.boot.kernelPackages.nvidiaPackages.beta); - #package = config.boot.kernelPackages.nvidiaPackages.beta; + package = if finalPkg == betaPkg then betaPkg else finalPkg; + }; + + printers = let + brother = "Brother_HL-L2340D"; + ip = "192.168.1.20"; + in { + ensureDefaultPrinter = brother; + ensurePrinters = [{ + name = brother; + deviceUri = "ipp://${ip}/ipp"; + model = "everywhere"; + description = lib.replaceStrings [ "_" ] [ " " ] brother; + location = "home"; + }]; }; }; } diff --git a/hosts/arrakis/services.nix b/hosts/arrakis/services.nix index b026cc1..05e8836 100644 --- a/hosts/arrakis/services.nix +++ b/hosts/arrakis/services.nix @@ -19,12 +19,6 @@ services = { - avahi = { - enable = true; - nssmdns4 = true; - openFirewall = true; - }; - cgit = { "arrakis.bitgnome.net" = { enable = true; @@ -58,20 +52,24 @@ cron.enable = true; - #dictd.enable = true; + dictd.enable = true; iperf3.openFirewall = true; jellyfin = { enable = true; - package = pkgs.master.jellyfin; + #package = pkgs.master.jellyfin; }; nfs = { server = { enable = true; exports = '' - /srv/nfs 192.168.1.0/24(ro,all_squash,insecure,crossmnt,subtree_check,fsid=0) + /srv/caladan/downloads 192.168.1.4/32(rw,root_squash,fsid=1) + /srv/caladan/www 192.168.1.4/32(rw,root_squash,fsid=2) + /srv/nfs/keepers 192.168.1.0/24(ro,all_squash,insecure,fsid=3) + /srv/nfs/movies 192.168.1.0/24(ro,all_squash,insecure,fsid=4) + /srv/nfs/tv 192.168.1.0/24(ro,all_squash,insecure,fsid=5) ''; }; settings = { @@ -97,9 +95,10 @@ ]; config = { - environment.systemPackages = with pkgs; [ - git - rsync + environment.systemPackages = [ + pkgs.git + pkgs.iperf + pkgs.rsync ]; nix.settings.experimental-features = [ "nix-command" "flakes" ]; @@ -109,8 +108,8 @@ openFirewall = true; settings = { - PasswordAuthentication = false; KbdInteractiveAuthentication = false; + PasswordAuthentication = false; }; }; @@ -229,17 +228,26 @@ }; }; + openssh.settings = { + StreamLocalBindUnlink = true; + }; + postfix = let my_email = "nipsy@bitgnome.net"; in { enable = true; extraAliases = '' nipsy: ${my_email} ''; - hostname = "${config.networking.hostName}.${config.networking.domain}"; - relayHost = "mail.bitgnome.net"; - relayPort = 587; rootAlias = my_email; - sslCert = "/var/lib/acme/arrakis.bitgnome.net/fullchain.pem"; - sslKey = "/var/lib/acme/arrakis.bitgnome.net/key.pem"; + settings.main = { + myhostname = "arrakis.bitgnome.net"; + relayhost = [ + "[mail.bitgnome.net]:587" + ]; + smtpd_tls_chain_files = [ + "/var/lib/acme/arrakis.bitgnome.net/key.pem" + "/var/lib/acme/arrakis.bitgnome.net/fullchain.pem" + ]; + }; }; printing.enable = true; @@ -291,41 +299,47 @@ device = "/dev/disk/by-id/nvme-WD_BLACK_SN850X_4000GB_23162P800014"; options = "-a -o on -S on -m ${my_email_addr}"; } - #{ - # device = "/dev/disk/by-id/ata-WDC_WD80EFAX-68KNBN0_VAHUEZNL"; - # options = "-a -o on -S on -s (S/../.././02|L/../../5/03) -m ${my_email_addr}"; - #} { - device = "/dev/disk/by-id/ata-WDC_WD80EFAX-68KNBN0_VAHUUSXL"; + device = "/dev/disk/by-id/ata-WDC_WUH722020ALE604_2LG5X74K"; options = "-a -o on -S on -s (S/../.././02|L/../../5/03) -m ${my_email_addr}"; } { - device = "/dev/disk/by-id/ata-WDC_WD80EFAX-68KNBN0_VAHV0H5L"; + device = "/dev/disk/by-id/ata-WDC_WUH722020ALE604_2LGHJAUF"; options = "-a -o on -S on -s (S/../.././02|L/../../5/03) -m ${my_email_addr}"; } { - device = "/dev/disk/by-id/ata-WDC_WD80EFAX-68KNBN0_VAHUK5EL"; + device = "/dev/disk/by-id/ata-WDC_WUH722020ALE604_2LG26NHF"; options = "-a -o on -S on -s (S/../.././02|L/../../5/03) -m ${my_email_addr}"; } { - device = "/dev/disk/by-id/ata-WDC_WD80EFAX-68KNBN0_VAHV5JEL"; + device = "/dev/disk/by-id/ata-WDC_WUH722020BLE6L4_8LKLLAAE"; options = "-a -o on -S on -s (S/../.././02|L/../../5/03) -m ${my_email_addr}"; } { - device = "/dev/disk/by-id/ata-WDC_WD80EFAX-68KNBN0_VAHUZ42L"; + device = "/dev/disk/by-id/ata-WDC_WUH722020BLE6L4_8LK84H9V"; options = "-a -o on -S on -s (S/../.././02|L/../../5/03) -m ${my_email_addr}"; } { - device = "/dev/disk/by-id/ata-WDC_WD80EFAX-68KNBN0_VAHV3BSL"; + device = "/dev/disk/by-id/ata-WDC_WUH722020BLE6L4_2LGKG71F"; options = "-a -o on -S on -s (S/../.././02|L/../../5/03) -m ${my_email_addr}"; } { - device = "/dev/disk/by-id/ata-WDC_WD80EFAX-68KNBN0_VAHV338L"; + device = "/dev/disk/by-id/ata-WDC_WUH722020BLE6L4_9AG00UKJ"; + options = "-a -o on -S on -s (S/../.././02|L/../../5/03) -m ${my_email_addr}"; + } + { + device = "/dev/disk/by-id/ata-WDC_WUH722020BLE6L4_8LG806ZA"; options = "-a -o on -S on -s (S/../.././02|L/../../5/03) -m ${my_email_addr}"; } ]; }; + udev.packages = [ + pkgs.vial + ]; + + xserver.videoDrivers = [ "nvidia" ]; + }; #systemd.services.nginx.serviceConfig.ProtectHome = lib.mkForce false; diff --git a/hosts/caladan/default.nix b/hosts/caladan/default.nix new file mode 100644 index 0000000..22d1f5a --- /dev/null +++ b/hosts/caladan/default.nix @@ -0,0 +1,185 @@ +{ config, inputs, outputs, pkgs, ... }: { + boot = { + initrd.kernelModules = [ "amdgpu" "zfs" ]; + kernel.sysctl = { + "kernel.hostname" = "caladan.bitgnome.net"; + "kernel.split_lock_mitigate" = 0; # https://lwn.net/Articles/911219/ + }; + kernelPackages = pkgs.linuxPackages_6_16; + #kernelParams = [ + # "amdgpu.ppfeaturemask=0xfffd3fff" + # "split_lock_detect=off" + #]; + loader = { + efi = { + canTouchEfiVariables = true; + efiSysMountPoint = "/efiboot/efi1"; + }; + systemd-boot = { + enable = true; + extraInstallCommands = '' + ${pkgs.rsync}/bin/rsync -av --delete /efiboot/efi1/ /efiboot/efi2 + ''; + }; + timeout = 3; + }; + supportedFilesystems = [ "zfs" ]; + zfs.package = pkgs.zfs; + }; + + environment.systemPackages = [ + pkgs.angband + #pkgs.assaultcube + pkgs.bsdgames + pkgs.bzflag + pkgs.extremetuxracer + pkgs.fastfetch + #pkgs.frozen-bubble + pkgs.hedgewars + pkgs.igir + pkgs.kobodeluxe + pkgs.linux-firmware + pkgs.mailutils + #pkgs.moc + pkgs.nethack + #pkgs.openttd + pkgs.qbittorrent-nox + pkgs.rdiff-backup + #pkgs.scorched3d + pkgs.signal-desktop + pkgs.superTux + pkgs.superTuxKart + pkgs.umoria + pkgs.vial + pkgs.vice + pkgs.warzone2100 + pkgs.wayback-x11 + #pkgs.wine9_22.wineWowPackages.stagingFull + pkgs.wpa_supplicant + pkgs.xonotic-sdl + #pkgs.xpilot-ng + ]; + + imports = [ + ./disks.nix + ./hardware-configuration.nix + ./services.nix + ../common/core + ../common/optional/adb.nix + ../common/optional/db.nix + ../common/optional/dev.nix + ../common/optional/ebooks.nix + ../common/optional/games.nix + ../common/optional/google-authenticator.nix + ../common/optional/misc.nix + ../common/optional/multimedia.nix + ../common/optional/pipewire.nix + ../common/optional/sdr.nix + ../common/optional/services/chrony.nix + ../common/optional/services/openssh.nix + ../common/optional/services/wayland.nix + #../common/optional/services/xorg.nix + ../common/optional/sound.nix + ../common/optional/wdt.nix + ../common/optional/zfs.nix + ../common/users/nipsy + ../common/users/root + ]; + + networking = { + defaultGateway = { + address = "192.168.1.1"; + interface = "wlp15s0"; + }; + hostId = "8981d1e5"; + hostName = "caladan"; + interfaces = { + wlp15s0 = { + ipv4.addresses = [ + { address = "192.168.1.4"; prefixLength = 24; } + ]; + }; + }; + nameservers = [ "192.168.1.1" ]; + nftables.enable = true; + search = [ + "bitgnome.net" + ]; + useDHCP = false; + wireless = { + enable = true; + networks = { + "Crystal Palace" = { + pskRaw = "ext:psk_crystal_palace"; + }; + }; + secretsFile = "${config.sops.secrets."wpa_supplicant".path}"; + }; + }; + + nixpkgs = { + config = { + allowUnfree = true; + }; + hostPlatform = "x86_64-linux"; + overlays = [ + #inputs.nvidia-patch.overlays.default + outputs.overlays.additions + outputs.overlays.modifications + outputs.overlays.master-packages + outputs.overlays.stable-packages + #outputs.overlays.wine9_22-packages + ]; + }; + + services.openssh.settings.X11Forwarding = true; + services.xserver.videoDrivers = [ "amdgpu" ]; + + sops = { + age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + defaultSopsFile = ../secrets/caladan.yaml; + + secrets = { + "nftables/ssh" = {}; + "nix-access-token-github" = {}; + "ssh_config".path = "/root/.ssh/config"; + "wpa_supplicant" = {}; + }; + }; + + system.stateVersion = "23.11"; + + systemd.services = { + + "nftables-extra" = let rules_script = '' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" udp dport { 2456, 2457 } counter accept # Valheim dedicated server' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" udp dport 5121 counter accept # Neverwinter Nights Server' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" udp dport 15637 counter accept # Enshrouded' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" ip saddr 192.168.1.0/24 udp dport { 27031, 27036 } counter accept # Steam Remote Play' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" ip saddr 192.168.1.0/24 tcp dport { 27036, 27037 } counter accept # Steam Remote Play' + ${pkgs.nftables}/bin/nft -f ${config.sops.secrets."nftables/ssh".path} + ''; in { + description = "nftables extra firewall rules"; + reload = rules_script; + script = rules_script; + serviceConfig = { + RemainAfterExit = true; + Type = "oneshot"; + }; + unitConfig = { + ConditionPathExists = [ + config.sops.secrets."nftables/ssh".path + ]; + ReloadPropagatedFrom = "nftables.service"; + }; + wantedBy = [ "multi-user.target" ]; + after = [ "nftables.service" ]; + partOf = [ "nftables.service" ]; + }; + + }; + + users.users.root.openssh.authorizedKeys.keys = [ + (builtins.readFile ../common/users/nipsy/keys/id_att.pub) + ]; +} diff --git a/hosts/caladan/disks.nix b/hosts/caladan/disks.nix new file mode 100644 index 0000000..8961361 --- /dev/null +++ b/hosts/caladan/disks.nix @@ -0,0 +1,132 @@ +{ + disko.devices = { + disk = { + nvme0n1 = { + type = "disk"; + device = "/dev/disk/by-id/nvme-CT4000P3PSSD8_2512E9B12C42"; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "1G"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/efiboot/efi1"; + mountOptions = [ "X-mount.mkdir" "umask=0077" ]; + extraArgs = [ "-nESP1" ]; + }; + }; + swap = { + size = "32G"; + type = "8200"; + content = { + type = "swap"; + extraArgs = [ "-L swap1" ]; + }; + }; + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "rpool"; + }; + }; + }; + }; + }; + nvme1n1 = { + type = "disk"; + device = "/dev/disk/by-id/nvme-CT4000P3PSSD8_2512E9B12C44"; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "1G"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/efiboot/efi2"; + mountOptions = [ "X-mount.mkdir" "umask=0077" ]; + extraArgs = [ "-nESP2" ]; + }; + }; + swap = { + size = "32G"; + type = "8200"; + content = { + type = "swap"; + extraArgs = [ "-L swap2" ]; + }; + }; + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "rpool"; + }; + }; + }; + }; + }; + }; + zpool = { + rpool = { + mode = "mirror"; + type = "zpool"; + rootFsOptions = { + acltype = "posixacl"; + canmount = "off"; + compression = "on"; + dnodesize = "auto"; + relatime = "on"; + xattr = "sa"; + }; + options = { + ashift = "12"; + autotrim = "on"; + }; + datasets = { + "local" = { + type = "zfs_fs"; + options.mountpoint = "none"; + }; + "local/root" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/"; + }; + "local/nix" = { + type = "zfs_fs"; + options = { + atime = "off"; + mountpoint = "legacy"; + }; + mountpoint = "/nix"; + }; + "user" = { + type = "zfs_fs"; + options.mountpoint = "none"; + }; + "user/home" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/home"; + }; + "user/home/root" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/root"; + }; + "user/home/nipsy" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/home/nipsy"; + }; + }; + }; + }; + }; +} diff --git a/hosts/caladan/hardware-configuration.nix b/hosts/caladan/hardware-configuration.nix new file mode 100644 index 0000000..302606c --- /dev/null +++ b/hosts/caladan/hardware-configuration.nix @@ -0,0 +1,75 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, inputs, lib, outputs, pkgs, modulesPath, ... }: + +{ + imports = + [ #(modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot = { + extraModulePackages = [ ]; + initrd.availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "sd_mod" ]; + initrd.kernelModules = [ ]; + kernelModules = [ "kvm-amd" ]; + #zfs.extraPools = [ "data" ]; + }; + + environment.sessionVariables = { + #LIBVA_DRIVER_NAME = "nvidia"; + MOZ_DISABLE_RDD_SANDBOX = "1"; + }; + + fileSystems."/mnt/downloads" = { + device = "192.168.1.2:/srv/caladan/downloads"; + fsType = "nfs"; + options = [ + "nfsvers=4.2" + ]; + }; + + fileSystems."/mnt/www" = { + device = "192.168.1.2:/srv/caladan/www"; + fsType = "nfs"; + options = [ + "nfsvers=4.2" + ]; + }; + + hardware = { + bluetooth.enable = true; + + graphics = { + enable = true; + #extraPackages = [ pkgs.nvidia-vaapi-driver ]; + #extraPackages32 = [ pkgs.pkgsi686Linux.nvidia-vaapi-driver ]; + #package = pkgs.master.mesa; + #package32 = pkgs.master.pkgsi686Linux.mesa; + }; + + #nvidia = let + # betaPkg = config.boot.kernelPackages.nvidiaPackages.beta; + # pkgAfterFbc = if builtins.hasAttr betaPkg.version pkgs.nvidia-patch-list.fbc then pkgs.nvidia-patch.patch-fbc betaPkg else betaPkg; + # finalPkg = if builtins.hasAttr betaPkg.version pkgs.nvidia-patch-list.nvenc then pkgs.nvidia-patch.patch-nvenc pkgAfterFbc else pkgAfterFbc; + #in { + # modesetting.enable = true; + # open = true; + # package = if finalPkg == betaPkg then betaPkg else finalPkg; + #}; + + printers = let + brother = "Brother_HL-L2340D"; + ip = "192.168.1.20"; + in { + ensureDefaultPrinter = brother; + ensurePrinters = [{ + name = brother; + deviceUri = "ipp://${ip}/ipp"; + model = "everywhere"; + description = lib.replaceStrings [ "_" ] [ " " ] brother; + location = "home"; + }]; + }; + }; +} diff --git a/hosts/caladan/services.nix b/hosts/caladan/services.nix new file mode 100644 index 0000000..1970be2 --- /dev/null +++ b/hosts/caladan/services.nix @@ -0,0 +1,37 @@ +{ config, lib, pkgs, ... }: { + + services = { + + clamav.updater.enable = true; + + cron.enable = true; + + dictd.enable = true; + + iperf3.openFirewall = true; + + nfs.server.enable = true; + + printing.enable = true; + + #smartd = let my_email_addr = "nipsy@bitgnome.net"; in { + # enable = true; + # devices = [ + # { + # device = "/dev/disk/by-id/nvme-WD_BLACK_SN850X_4000GB_23162P800005"; + # options = "-a -o on -S on -m ${my_email_addr}"; + # } + # { + # device = "/dev/disk/by-id/nvme-WD_BLACK_SN850X_4000GB_23162P800014"; + # options = "-a -o on -S on -m ${my_email_addr}"; + # } + # ]; + #}; + + udev.packages = [ + pkgs.vial + ]; + + }; + +} diff --git a/hosts/common/core/default.nix b/hosts/common/core/default.nix index 2bc8d14..5d8bcc6 100644 --- a/hosts/common/core/default.nix +++ b/hosts/common/core/default.nix @@ -9,98 +9,100 @@ documentation.dev.enable = true; documentation.man.enable = true; - environment.systemPackages = with pkgs; [ - acl - age - bash - bc - bind - binutils - bpftools - #bpftrace - bzip2 - colordiff - conntrack-tools - coreutils - cpio - curl - diceware - diffutils - dig - dmidecode - elinks - ethtool - file - findutils - fping - git - gnugrep - gnupatch - gnused - gnutar - gptfdisk - gzip - iproute2 - iputils - jq - less - lshw - lsof - lvm2 - lynx - moreutils - nano - ncurses - netcat-openbsd - nettools - nix-index - nmap - ntfs3g - nvd - oath-toolkit - openldap - openssl - p7zip - parted - patchelf - pciutils - procps - progress - psmisc - pv - pwgen - qemu_kvm - recode - rsync - sg3_utils - smartmontools - socat - sops - sqlite - ssh-to-age - ssh-to-pgp - stoken - strace - sysstat - tcpdump - master.tftp-hpa - traceroute - tree - tshark - unixtools.xxd - unrar - unzip - usbutils - util-linux - vim - wdiff - wget - whois - wireguard-tools - xkcdpass - xz - zip - zstd + environment.systemPackages = [ + pkgs.acl + pkgs.age + pkgs.bash + pkgs.bc + pkgs.bind + pkgs.binutils + pkgs.bpftools + pkgs.bpftrace + pkgs.bzip2 + pkgs.colordiff + pkgs.conntrack-tools + pkgs.coreutils + pkgs.cpio + pkgs.curl + pkgs.diceware + pkgs.diffutils + pkgs.dig + pkgs.dmidecode + pkgs.elinks + pkgs.ethtool + pkgs.file + pkgs.findutils + pkgs.fping + pkgs.git + pkgs.gnugrep + pkgs.gnupatch + pkgs.gnused + pkgs.gnutar + pkgs.gptfdisk + pkgs.gzip + pkgs.htop + pkgs.iproute2 + pkgs.iputils + pkgs.jq + pkgs.less + pkgs.lshw + pkgs.lsof + pkgs.lvm2 + pkgs.lynx + pkgs.moreutils + pkgs.nano + pkgs.ncurses + pkgs.netcat-openbsd + pkgs.nettools + pkgs.nix-index + pkgs.nmap + pkgs.ntfs3g + pkgs.nvd + pkgs.oath-toolkit + pkgs.openldap + pkgs.openssl + pkgs.p7zip + pkgs.parted + pkgs.patchelf + pkgs.pciutils + pkgs.perl540Packages.ArchiveZip + pkgs.procps + pkgs.progress + pkgs.psmisc + pkgs.pv + pkgs.pwgen + pkgs.qemu_kvm + pkgs.recode + pkgs.rsync + pkgs.sg3_utils + pkgs.smartmontools + pkgs.socat + pkgs.sops + pkgs.sqlite + pkgs.ssh-to-age + pkgs.ssh-to-pgp + pkgs.stoken + pkgs.strace + pkgs.sysstat + pkgs.tcpdump + pkgs.tftp-hpa + pkgs.traceroute + pkgs.tree + pkgs.tshark + pkgs.unixtools.xxd + pkgs.unrar + pkgs.unzip + pkgs.usbutils + pkgs.util-linux + pkgs.vim + pkgs.wdiff + pkgs.wget + pkgs.whois + pkgs.wireguard-tools + pkgs.xkcdpass + pkgs.xz + pkgs.zip + pkgs.zstd ]; hardware.enableRedistributableFirmware = true; @@ -111,4 +113,6 @@ programs.mtr.enable = true; programs.tmux.enable = true; programs.zsh.enable = true; + + services.dbus.implementation = "broker"; } diff --git a/hosts/common/core/nix.nix b/hosts/common/core/nix.nix index a989f03..c6279dc 100644 --- a/hosts/common/core/nix.nix +++ b/hosts/common/core/nix.nix @@ -17,13 +17,20 @@ in { gc = { automatic = true; dates = "weekly"; + options = "--delete-older-than 30d"; + persistent = true; randomizedDelaySec = "14m"; - # Keep the last 2 generations - options = "--delete-older-than 28d"; }; }; - systemd.services."nix-daemon".environment.TMPDIR = build-tmp; + systemd = { + services."nix-daemon".environment.TMPDIR = build-tmp; + user.services."nix-gc" = { + description = "Garbage collection for user profiles"; + script = "/run/current-system/sw/bin/nix-collect-garbage --delete-older-than 30d"; + startAt = "daily"; + }; + }; } diff --git a/hosts/common/core/shells.nix b/hosts/common/core/shells.nix index 0469b8c..f02ec63 100644 --- a/hosts/common/core/shells.nix +++ b/hosts/common/core/shells.nix @@ -1,8 +1,7 @@ { pkgs, ... }: { - environment.systemPackages = builtins.attrValues { - inherit (pkgs) - bash - zsh; - }; + environment.systemPackages = [ + pkgs.bash + pkgs.zsh + ]; } diff --git a/hosts/common/optional/db.nix b/hosts/common/optional/db.nix index af6766e..d4410bd 100644 --- a/hosts/common/optional/db.nix +++ b/hosts/common/optional/db.nix @@ -1,8 +1,7 @@ { pkgs, ... }: { - environment.systemPackages = builtins.attrValues { - inherit (pkgs) - mariadb - postgresql; - }; + environment.systemPackages = [ + pkgs.mariadb + pkgs.postgresql + ]; } diff --git a/hosts/common/optional/dev.nix b/hosts/common/optional/dev.nix index c25ab08..8238424 100644 --- a/hosts/common/optional/dev.nix +++ b/hosts/common/optional/dev.nix @@ -1,20 +1,19 @@ { pkgs, ... }: { - environment.systemPackages = builtins.attrValues { - inherit (pkgs) - autoconf - automake - cargo - cmake - gcc - go - nasm - perl - pkg-config - python3 - rustc - virtualenv - yasm - zig; - }; + environment.systemPackages = [ + pkgs.autoconf + pkgs.automake + pkgs.cargo + pkgs.cmake + pkgs.gcc + pkgs.go + pkgs.nasm + pkgs.perl + pkgs.pkg-config + pkgs.python3 + pkgs.rustc + pkgs.virtualenv + pkgs.yasm + pkgs.zig + ]; } diff --git a/hosts/common/optional/ebooks.nix b/hosts/common/optional/ebooks.nix index b2cbb2b..1805b7a 100644 --- a/hosts/common/optional/ebooks.nix +++ b/hosts/common/optional/ebooks.nix @@ -1,8 +1,8 @@ { pkgs, ... }: { - environment.systemPackages = with pkgs; [ - libgourou - master.calibre + environment.systemPackages = [ + pkgs.libgourou + pkgs.calibre ]; services.udisks2.enable = true; diff --git a/hosts/common/optional/games.nix b/hosts/common/optional/games.nix index c0770cd..6f6e384 100644 --- a/hosts/common/optional/games.nix +++ b/hosts/common/optional/games.nix @@ -1,26 +1,19 @@ { pkgs, ... }: { - #environment.systemPackages = builtins.attrValues { - # inherit (pkgs) - # godot_4 - # mame - # mednafen - # mednaffe - # winetricks; - #}; - - environment.systemPackages = with pkgs; [ - godot_4 - mame - mame.tools - mednafen - mednaffe - winetricks - wineWowPackages.stagingFull + environment.systemPackages = [ + pkgs.godot + pkgs.mame + pkgs.mame.tools + pkgs.mednafen + pkgs.mednaffe + pkgs.protontricks + pkgs.winetricks + pkgs.wineWowPackages.stagingFull ]; programs.steam = { enable = true; - extraCompatPackages = with pkgs; [ proton-ge-bin ]; + extraCompatPackages = [ pkgs.proton-ge-bin ]; + #package = pkgs.master.steam; }; } diff --git a/hosts/common/optional/google-authenticator.nix b/hosts/common/optional/google-authenticator.nix index 7380d1b..721346e 100644 --- a/hosts/common/optional/google-authenticator.nix +++ b/hosts/common/optional/google-authenticator.nix @@ -1,15 +1,14 @@ { pkgs, ... }: { - environment.systemPackages = builtins.attrValues { - inherit (pkgs) - #other - google-authenticator; - }; + environment.systemPackages = [ + #pkgs.other + pkgs.google-authenticator + ]; security.pam.services = { chfn.googleAuthenticator.enable = true; chsh.googleAuthenticator.enable = true; - cups.googleAuthenticator.enable = true; + #cups.googleAuthenticator.enable = true; lightdm.googleAuthenticator.enable = true; login.googleAuthenticator.enable = true; other.googleAuthenticator.enable = true; diff --git a/hosts/common/optional/misc.nix b/hosts/common/optional/misc.nix index f996274..c634c34 100644 --- a/hosts/common/optional/misc.nix +++ b/hosts/common/optional/misc.nix @@ -1,37 +1,38 @@ { pkgs, ... }: { - environment.systemPackages = with pkgs; [ - ansible - aspell - aspellDicts.en - aspellDicts.en-computers - aspellDicts.en-science - #dict - encfs - enscript - expect - fio - fortune - ghostscript - imagemagick - inxi - iotop - ipcalc - iperf - mutt - poppler_utils - powertop - qrencode - radeontop - speedtest-cli - sshfs - (weechat.override { + environment.systemPackages = [ + pkgs.amdgpu_top + pkgs.ansible + pkgs.aspell + pkgs.aspellDicts.en + pkgs.aspellDicts.en-computers + pkgs.aspellDicts.en-science + pkgs.dict + pkgs.encfs + pkgs.enscript + pkgs.expect + pkgs.fio + pkgs.fortune + pkgs.ghostscript + pkgs.imagemagick + pkgs.inxi + pkgs.iotop + pkgs.ipcalc + pkgs.iperf + pkgs.mutt + pkgs.poppler_utils + pkgs.powertop + pkgs.qrencode + pkgs.radeontop + pkgs.speedtest-cli + pkgs.sshfs + (pkgs.weechat.override { configure = { availablePlugins, ...}: { plugins = with availablePlugins; [ (perl.withPackages(p: [ p.PodParser ])) ] ++ [ python ]; - scripts = with pkgs.weechatScripts; [ - wee-slack + scripts = [ + pkgs.weechatScripts.wee-slack ]; }; }) diff --git a/hosts/common/optional/multimedia.nix b/hosts/common/optional/multimedia.nix index f519992..03f8c03 100644 --- a/hosts/common/optional/multimedia.nix +++ b/hosts/common/optional/multimedia.nix @@ -1,13 +1,10 @@ { pkgs, ... }: { - #environment.systemPackages = builtins.attrValues { - # inherit (pkgs) - environment.systemPackages = with pkgs; [ - ffmpeg - flac - lame - mkvtoolnix-cli - x265#; + environment.systemPackages = [ + pkgs.ffmpeg + pkgs.flac + pkgs.lame + pkgs.mkvtoolnix-cli + pkgs.x265 ]; - #}; } diff --git a/hosts/common/optional/pipewire.nix b/hosts/common/optional/pipewire.nix index e34010e..fc558c7 100644 --- a/hosts/common/optional/pipewire.nix +++ b/hosts/common/optional/pipewire.nix @@ -1,13 +1,12 @@ { pkgs, ... }: { - environment.systemPackages = builtins.attrValues { - inherit (pkgs) - easyeffects - pamixer - pavucontrol - pwvucontrol - qpwgraph; - }; + environment.systemPackages = [ + pkgs.easyeffects + pkgs.pamixer + pkgs.pavucontrol + pkgs.pwvucontrol + pkgs.qpwgraph + ]; security.pam.loginLimits = [ { domain = "@audio"; item = "memlock"; type = "-" ; value = "unlimited"; } @@ -25,7 +24,10 @@ jack.enable = true; #package = pkgs.master.pipewire; pulse.enable = true; - wireplumber.enable = true; + wireplumber = { + enable = true; + #package = pkgs.master.wireplumber; + }; # use the example session manager (no others are packaged yet so this is enabled by default, # no need to redefine it in your config for now) diff --git a/hosts/common/optional/sdr.nix b/hosts/common/optional/sdr.nix index 8e1e5d2..3ac2c3c 100644 --- a/hosts/common/optional/sdr.nix +++ b/hosts/common/optional/sdr.nix @@ -1,10 +1,10 @@ { pkgs, ... }: { - environment.systemPackages = builtins.attrValues { - inherit (pkgs) - fldigi - sdrconnect; - }; + environment.systemPackages = [ + pkgs.chirp + pkgs.fldigi + pkgs.sdrconnect + ]; services.udev.extraRules = '' SUBSYSTEM=="usb",ENV{DEVTYPE}=="usb_device",ATTRS{idVendor}=="1df7",ATTRS{idProduct}=="2500",MODE:="0666" diff --git a/hosts/common/optional/services/dhcp.nix b/hosts/common/optional/services/dhcp.nix index cc21ef9..2492d05 100644 --- a/hosts/common/optional/services/dhcp.nix +++ b/hosts/common/optional/services/dhcp.nix @@ -7,10 +7,10 @@ "tftp/undionly.kpxe".source = "${pkgs.ipxe}/undionly.kpxe"; }; - systemPackages = with pkgs; [ - ipxe - master.tftp-hpa - master.wol + systemPackages = [ + pkgs.ipxe + pkgs.tftp-hpa + pkgs.wol ]; }; @@ -103,6 +103,7 @@ ({ hw-address = "38:f3:ab:59:06:e0"; ip-address = "192.168.1.12"; }) # saturn ({ hw-address = "8c:8c:aa:4e:fc:aa"; ip-address = "192.168.1.13"; }) # uranus ({ hw-address = "38:f3:ab:59:08:10"; ip-address = "192.168.1.14"; }) # neptune + ({ hw-address = "e8:8d:a6:e2:2a:85"; ip-address = "192.168.1.16"; }) # deck ({ hw-address = "7c:b5:66:65:e2:9e"; ip-address = "192.168.1.17"; }) # ginaz ({ hw-address = "00:05:cd:72:92:b0"; ip-address = "192.168.1.19"; }) # onkyo ({ hw-address = "74:29:af:6f:20:ed"; ip-address = "192.168.1.20"; }) # brother @@ -123,7 +124,7 @@ Restart = "always"; RestartSec = 5; Type = "exec"; - ExecStart = "${pkgs.master.tftp-hpa}/bin/in.tftpd -l -a 192.168.1.1:69 -P /run/tftpd.pid /etc/tftp"; + ExecStart = "${pkgs.tftp-hpa}/bin/in.tftpd -l -a 192.168.1.1:69 -P /run/tftpd.pid /etc/tftp"; TimeoutStopSec = 20; PIDFile = "/run/tftpd.pid"; }; diff --git a/hosts/common/optional/services/nolid.nix b/hosts/common/optional/services/nolid.nix index db868fe..7346c26 100644 --- a/hosts/common/optional/services/nolid.nix +++ b/hosts/common/optional/services/nolid.nix @@ -1,7 +1,7 @@ { - services.logind = { - lidSwitch = "ignore"; - lidSwitchDocked = "ignore"; - lidSwitchExternalPower = "ignore"; + services.logind.settings.Login = { + HandleLidSwitch = "ignore"; + HandleLidSwitchDocked = "ignore"; + HandleLidSwitchExternalPower = "ignore"; }; } diff --git a/hosts/common/optional/services/nsd/bitgnome.net.zone b/hosts/common/optional/services/nsd/bitgnome.net.zone index f421fb9..b8309c4 100644 --- a/hosts/common/optional/services/nsd/bitgnome.net.zone +++ b/hosts/common/optional/services/nsd/bitgnome.net.zone @@ -3,7 +3,7 @@ $ORIGIN bitgnome.net. $TTL 1h @ in soa ns.bitgnome.net. nipsy.bitgnome.net. ( - 2025010101 ; serial + 2025091101 ; serial 1d ; refresh 2h ; retry 4w ; expire @@ -29,7 +29,7 @@ $TTL 1h ; name servers ns in a 5.161.149.85 ns in aaaa 2a01:4ff:f0:e164::1 -ns2 in a 67.5.101.192 +ns2 in a 67.5.106.176 ; srv records _xmpp-client._tcp 5m in srv 0 0 5222 bitgnome.net. @@ -67,10 +67,10 @@ mta-sts 5m in cname @ ;royder in cname @ ; external machines -arrakis 1m in a 67.5.101.192 +arrakis 1m in a 67.5.106.176 ;darkstar 1m in a 66.69.213.114 ;nb 1m in a 67.10.209.108 ;terraria 1m in a 128.83.27.4 ;caladan 1m in a 104.130.129.241 ;caladan 1m in aaaa 2001:4800:7818:101:be76:4eff:fe03:db44 -darkstar 1m in a 67.5.101.192 +darkstar 1m in a 67.5.106.176 diff --git a/hosts/common/optional/services/wayland.nix b/hosts/common/optional/services/wayland.nix new file mode 100644 index 0000000..0c2175b --- /dev/null +++ b/hosts/common/optional/services/wayland.nix @@ -0,0 +1,94 @@ +{ config, lib, pkgs, ... }: +{ + environment.systemPackages = [ + pkgs.chafa + pkgs.evince + pkgs.feh + pkgs.gcr + #pkgs.geeqie + pkgs.ghostty + pkgs.gimp3 + #pkgs.gimp-with-plugins + pkgs.google-chrome + pkgs.grim + pkgs.gv + pkgs.inkscape + pkgs.kdePackages.okular + pkgs.libreoffice + pkgs.libva-utils + pkgs.mako + pkgs.mangohud + pkgs.mesa-demos + pkgs.mpv + pkgs.polkit_gnome + pkgs.rdesktop + pkgs.read-edid + pkgs.slurp + pkgs.st + pkgs.swayimg + pkgs.sxiv + #pkgs.tigervnc + pkgs.turbovnc + pkgs.vdpauinfo + pkgs.vlc + pkgs.vulkan-tools + pkgs.wireshark + pkgs.wl-clipboard + pkgs.x11vnc + pkgs.xclip + pkgs.xdotool + pkgs.xorg.appres + pkgs.xorg.editres + pkgs.xorg.xdpyinfo + pkgs.xorg.xev + pkgs.xscreensaver + pkgs.xsnow + pkgs.xterm + ]; + + programs = { + firefox = { + enable = true; + #package = pkgs.master.firefox; + }; + + gamemode.enable = true; + + steam.gamescopeSession.enable = true; + + sway = { + enable = true; + wrapperFeatures.gtk = true; + }; + }; + + security = { + pam = { + loginLimits = [ + { domain = "@users"; item = "rtprio"; type = "-"; value = 1; } + ]; + }; + }; + + services = { + blueman.enable = true; + libinput.enable = true; + printing.enable = true; + }; + + systemd = { + user.services.polkit-gnome-authentication-agent-1 = { + description = "polkit-gnome-authentication-agent-1"; + wantedBy = [ "graphical-session.target" ]; + wants = [ "graphical-session.target" ]; + after = [ "graphical-session.target" ]; + serviceConfig = { + Type = "simple"; + ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1"; + Restart = "on-failure"; + RestartSec = 1; + TimeoutStopSec = 10; + }; + }; + }; +} diff --git a/hosts/common/optional/services/xorg.nix b/hosts/common/optional/services/xorg.nix index c9aaeaa..d45ebb7 100644 --- a/hosts/common/optional/services/xorg.nix +++ b/hosts/common/optional/services/xorg.nix @@ -1,47 +1,49 @@ -{ pkgs, ... }: +{ config, lib, pkgs, ... }: { - #environment.systemPackages = builtins.attrValues { - # inherit (pkgs) - environment.systemPackages = with pkgs; [ - evince - feh - gcr - geeqie - master.ghostty - gimp - #gimp-with-plugins - google-chrome - gv - inkscape - libreoffice - libva-utils - mesa-demos - mpv - polkit_gnome - master.rdesktop - read-edid - st - sxiv - tigervnc - turbovnc - vdpauinfo - vlc - vulkan-tools - wireshark - x11vnc - xclip - xdotool - xorg.appres - xorg.editres - xorg.xdpyinfo - xorg.xev - xscreensaver - xsnow - xterm#; + environment.systemPackages = [ + pkgs.chafa + pkgs.evince + pkgs.feh + pkgs.gcr + #pkgs.master.geeqie + pkgs.ghostty + pkgs.gimp3 + #pkgs.gimp-with-plugins + pkgs.google-chrome + pkgs.gv + pkgs.inkscape + pkgs.kdePackages.okular + pkgs.libreoffice + pkgs.libva-utils + pkgs.mesa-demos + pkgs.mpv + pkgs.polkit_gnome + pkgs.rdesktop + pkgs.read-edid + pkgs.st + pkgs.sxiv + #pkgs.tigervnc + pkgs.turbovnc + pkgs.vdpauinfo + pkgs.vlc + pkgs.vulkan-tools + pkgs.wireshark + pkgs.x11vnc + pkgs.xclip + pkgs.xdotool + pkgs.xorg.appres + pkgs.xorg.editres + pkgs.xorg.xdpyinfo + pkgs.xorg.xev + pkgs.xscreensaver + pkgs.xsnow + pkgs.xterm ]; - #}; - programs.firefox.enable = true; + programs.firefox = { + enable = true; + #package = pkgs.master.firefox; + }; security.polkit = { enable = true; @@ -63,27 +65,37 @@ ''; }; - services.blueman.enable = true; - services.printing.enable = true; - services.displayManager.defaultSession = "xsession"; - services.libinput.enable = true; - services.xserver = { - displayManager.lightdm = { + services = { + blueman.enable = true; + displayManager = lib.mkIf (config.networking.hostName != "fangorn") { + defaultSession = "xsession"; + }; + libinput.enable = true; + picom.enable = true; + printing.enable = true; + xserver = { + displayManager.lightdm = lib.mkMerge [ + (lib.mkIf (config.networking.hostName == "fangorn") { + enable = true; + }) + (lib.mkIf (config.networking.hostName != "fangorn") { + enable = true; + extraSeatDefaults = ''greeter-hide-users=true''; + }) + ]; + + displayManager.session = lib.mkIf (config.networking.hostName != "fangorn") [ + { + manage = "desktop"; + name = "xsession"; + start = ''exec $HOME/.xsession''; + } + ]; + enable = true; - extraSeatDefaults = ''greeter-hide-users=true''; + xkb.layout = "us"; + xkb.options = "caps:super,compose:ralt"; }; - - displayManager.session = [ - { - manage = "desktop"; - name = "xsession"; - start = ''exec $HOME/.xsession''; - } - ]; - - enable = true; - xkb.layout = "us"; - xkb.options = "caps:super,compose:ralt"; }; systemd = { diff --git a/hosts/common/optional/sound.nix b/hosts/common/optional/sound.nix index b05ef1e..e210381 100644 --- a/hosts/common/optional/sound.nix +++ b/hosts/common/optional/sound.nix @@ -1,38 +1,51 @@ { pkgs, ... }: { environment = { - systemPackages = with pkgs; [ - bespokesynth - cardinal - chow-tape-model - distrho-ports - fluidsynth - geonkick - lilypond-unstable-with-fonts - lsp-plugins - odin2 - oxefmsynth - polyphone - qsynth - reaper - #master.rosegarden - samplv1 - sfizz - surge-XT - synthv1 - v4l-utils - vapoursynth - vital - vmpk - vocproc - wavpack - winetricks - wineWowPackages.stagingFull - yabridge - yabridgectl - yoshimi - zam-plugins - zynaddsubfx + systemPackages = [ + pkgs.artyFX + pkgs.audacity + pkgs.bespokesynth + pkgs.boops + pkgs.cardinal + #pkgs.carla + #pkgs.chow-tape-model + pkgs.cmus + pkgs.distrho-ports + pkgs.fluidsynth + #pkgs.fmsynth + #pkgs.gearmulator + pkgs.geonkick + pkgs.guitarix + pkgs.gxplugins-lv2 + pkgs.lilypond-unstable-with-fonts + pkgs.lsp-plugins + pkgs.metersLv2 + pkgs.odin2 + pkgs.oxefmsynth + pkgs.polyphone + pkgs.qsynth + pkgs.reaper + pkgs.rosegarden + pkgs.samplv1 + pkgs.sfizz + pkgs.sorcer + pkgs.surge-XT + pkgs.synthv1 + pkgs.talentedhack + #pkgs.tunefish + pkgs.v4l-utils + pkgs.vapoursynth + pkgs.vital + pkgs.vmpk + pkgs.vocproc + pkgs.wavpack + pkgs.winetricks + pkgs.wineWowPackages.stagingFull + pkgs.yabridge + pkgs.yabridgectl + pkgs.yoshimi + pkgs.zam-plugins + pkgs.zynaddsubfx ]; }; } diff --git a/hosts/common/optional/wdt.nix b/hosts/common/optional/wdt.nix new file mode 100644 index 0000000..3d60706 --- /dev/null +++ b/hosts/common/optional/wdt.nix @@ -0,0 +1,3 @@ +{ + systemd.settings.Manager.RuntimeWatchdogSec = "60s"; +} diff --git a/hosts/common/users/don/default.nix b/hosts/common/users/don/default.nix new file mode 100644 index 0000000..3c700a7 --- /dev/null +++ b/hosts/common/users/don/default.nix @@ -0,0 +1,32 @@ +{ pkgs, inputs, config, ... }: +let + ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups; + uid = 1001; +in +{ + users.groups.don.gid = uid; + users.users.don = { + description = "Don Arnold"; + extraGroups = [ + "audio" + "video" + "wheel" + ] ++ ifTheyExist [ + "adbusers" + "networkmanager" + "vboxsf" + "vboxusers" + ]; + group = "don"; + home = "/home/don"; + isNormalUser = true; + openssh.authorizedKeys.keys = [ + (builtins.readFile ../nipsy/keys/id_arrakis.pub) + #(builtins.readFile ./keys/id_other.pub) + ]; + + packages = [ pkgs.home-manager ]; + #shell = pkgs.zsh; + uid = uid; + }; +} diff --git a/hosts/common/users/nipsy/default.nix b/hosts/common/users/nipsy/default.nix index 5eacd6f..28bf79c 100644 --- a/hosts/common/users/nipsy/default.nix +++ b/hosts/common/users/nipsy/default.nix @@ -1,9 +1,10 @@ { pkgs, inputs, config, ... }: let ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups; + uid = 1000; in { - users.groups.nipsy.gid = 1000; + users.groups.nipsy.gid = uid; users.users.nipsy = { description = "Mark Nipper"; extraGroups = [ @@ -12,6 +13,7 @@ in "wheel" ] ++ ifTheyExist [ "adbusers" + "gamemode" "networkmanager" "vboxsf" "vboxusers" @@ -26,5 +28,6 @@ in packages = [ pkgs.home-manager ]; shell = pkgs.zsh; + uid = uid; }; } diff --git a/hosts/darkstar/default.nix b/hosts/darkstar/default.nix index b53a7d7..60e3aed 100644 --- a/hosts/darkstar/default.nix +++ b/hosts/darkstar/default.nix @@ -2,9 +2,10 @@ boot = { initrd.kernelModules = [ "zfs" ]; kernel.sysctl = { + "kernel.hostname" = "darkstar.bitgnome.net"; "net.ipv4.ip_forward" = true; }; - kernelPackages = pkgs.linuxPackages_6_12; + kernelPackages = pkgs.linuxPackages_6_16; loader = { efi = { canTouchEfiVariables = true; @@ -19,24 +20,24 @@ timeout = 3; }; supportedFilesystems = [ "zfs" ]; - #zfs.package = pkgs.master.zfs; + zfs.package = pkgs.zfs; }; - #environment.systemPackages = with pkgs; [ - # wpa_supplicant - # somethingelse - #]; + environment.systemPackages = [ + pkgs.speedtest-go + ]; imports = [ ./disks.nix ./hardware-configuration.nix ./services.nix ../common/core - ../common/optional/services/asterisk.nix + #../common/optional/services/asterisk.nix ../common/optional/services/chrony.nix ../common/optional/services/dhcp.nix ../common/optional/services/nsd.nix ../common/optional/services/openssh.nix + ../common/optional/wdt.nix ../common/optional/zfs.nix ../common/users/nipsy ../common/users/root @@ -46,7 +47,6 @@ hostId = "f9ca5efe"; hostName = "darkstar"; #defaultGateway = "192.168.1.1"; - domain = "bitgnome.net"; interfaces = { enp116s0 = { ipv4.addresses = [ @@ -65,6 +65,9 @@ internalInterfaces = [ "enp116s0" ]; }; nftables.enable = true; + search = [ + "bitgnome.net" + ]; useDHCP = false; vlans = { vlan201 = { id=201; interface="enp117s0"; }; @@ -101,6 +104,7 @@ "nftables/forward" = {}; "nftables/ssh" = {}; "nix-access-token-github" = {}; + "ssh_config".path = "/root/.ssh/config"; }; }; diff --git a/hosts/darkstar/services.nix b/hosts/darkstar/services.nix index 7304b48..b1da73e 100644 --- a/hosts/darkstar/services.nix +++ b/hosts/darkstar/services.nix @@ -42,19 +42,23 @@ local-data = [ "\"darkstar.bitgnome.net. IN A 192.168.1.1\"" "\"arrakis.bitgnome.net. IN A 192.168.1.2\"" + "\"caladan.bitgnome.net. IN A 192.168.1.4\"" "\"jupiter.bitgnome.net. IN A 192.168.1.11\"" "\"saturn.bitgnome.net. IN A 192.168.1.12\"" "\"uranus.bitgnome.net. IN A 192.168.1.13\"" "\"neptune.bitgnome.net. IN A 192.168.1.14\"" + "\"deck.bitgnome.net. IN A 192.168.1.16\"" "\"ginaz.bitgnome.net. IN A 192.168.1.17\"" ]; local-data-ptr = [ "\"192.168.1.1 darkstar.bitgnome.net\"" "\"192.168.1.2 arrakis.bitgnome.net\"" + "\"192.168.1.4 caladan.bitgnome.net\"" "\"192.168.1.11 jupiter.bitgnome.net\"" "\"192.168.1.12 saturn.bitgnome.net\"" "\"192.168.1.13 uranus.bitgnome.net\"" "\"192.168.1.14 neptune.bitgnome.net\"" + "\"192.168.1.16 deck.bitgnome.net\"" "\"192.168.1.17 ginaz.bitgnome.net\"" ]; local-zone = [ diff --git a/hosts/fangorn/default.nix b/hosts/fangorn/default.nix new file mode 100644 index 0000000..f05bd13 --- /dev/null +++ b/hosts/fangorn/default.nix @@ -0,0 +1,85 @@ +{ config, inputs, lib, outputs, pkgs, ... }: { + boot = { + kernelPackages = pkgs.linuxPackages_6_16; + loader = { + efi.canTouchEfiVariables = true; + systemd-boot.enable = true; + timeout = 3; + }; + supportedFilesystems = [ "zfs" ]; + zfs = { + devNodes = "/dev/disk/by-label"; + package = pkgs.zfs; + }; + }; + + environment.systemPackages = [ + pkgs.chirp + pkgs.signal-desktop + pkgs.wpa_supplicant + ]; + + imports = [ + ./disks.nix + ./hardware-configuration.nix + ../common/core + #../common/optional/db.nix + ../common/optional/dev.nix + ../common/optional/ebooks.nix + #../common/optional/games.nix + ../common/optional/misc.nix + ../common/optional/multimedia.nix + ../common/optional/pipewire.nix + ../common/optional/services/nolid.nix + ../common/optional/services/openssh.nix + #../common/optional/services/tlp.nix + ../common/optional/services/xorg.nix + ../common/optional/sound.nix + ../common/optional/wdt.nix + ../common/optional/zfs.nix + ../common/users/don + ../common/users/nipsy + ../common/users/root + ]; + + networking = { + firewall.extraInputRules = '' + iifname "wg0" tcp dport ssh counter accept + ''; + hostId = "6f1faddc"; + hostName = "fangorn"; + networkmanager.enable = true; + nftables.enable = true; + }; + + nixpkgs = { + config.allowUnfree = true; + hostPlatform = "x86_64-linux"; + overlays = [ + outputs.overlays.additions + outputs.overlays.modifications + outputs.overlays.master-packages + outputs.overlays.stable-packages + ]; + }; + + services.openssh = { + openFirewall = false; + settings.X11Forwarding = true; + }; + services.xserver.desktopManager.xfce.enable = true; + services.xserver.videoDrivers = [ "amdgpu" ]; + + sops = { + age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + defaultSopsFile = ../secrets/fangorn.yaml; + + secrets = { + "nix-access-token-github" = {}; + }; + }; + + system.stateVersion = "23.11"; + + time.timeZone = lib.mkForce "America/Chicago"; +} diff --git a/hosts/fangorn/disks.nix b/hosts/fangorn/disks.nix new file mode 100644 index 0000000..fdef7cf --- /dev/null +++ b/hosts/fangorn/disks.nix @@ -0,0 +1,102 @@ +{ lib, ... }: +{ + disko.devices = { + disk = { + nvme0n1 = { + type = "disk"; + device = "/dev/nvme0n1"; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "1G"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + extraArgs = [ "-nboot" ]; + }; + }; + swap = { + size = "32G"; + type = "8200"; + content = { + type = "swap"; + extraArgs = [ "-L swap" ]; + }; + }; + rpool = { + size = "100%"; + content = { + type = "zfs"; + pool = "rpool"; + }; + }; + }; + }; + }; + }; + zpool = { + rpool = { + type = "zpool"; + rootFsOptions = { + acltype = "posixacl"; + canmount = "off"; + compression = "on"; + dnodesize = "auto"; + relatime = "on"; + xattr = "sa"; + }; + options = { + ashift = "12"; + autotrim = "on"; + }; + datasets = { + "local" = { + type = "zfs_fs"; + options.mountpoint = "none"; + }; + "local/root" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/"; + }; + "local/nix" = { + type = "zfs_fs"; + options = { + atime = "off"; + mountpoint = "legacy"; + }; + mountpoint = "/nix"; + }; + "user" = { + type = "zfs_fs"; + options.mountpoint = "none"; + }; + "user/home" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/home"; + }; + "user/home/root" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/root"; + }; + "user/home/don" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/home/don"; + }; + "user/home/nipsy" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/home/nipsy"; + }; + }; + }; + }; + }; +} diff --git a/hosts/fangorn/hardware-configuration.nix b/hosts/fangorn/hardware-configuration.nix new file mode 100644 index 0000000..17a6bc6 --- /dev/null +++ b/hosts/fangorn/hardware-configuration.nix @@ -0,0 +1,33 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot = { + initrd = { + availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "sd_mod" ]; + kernelModules = [ ]; + }; + kernelModules = [ "kvm-amd" ]; + extraModulePackages = [ ]; + }; + + fileSystems."/boot" = { + device = lib.mkForce "/dev/disk/by-label/boot"; + }; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. + #networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true; + + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/ginaz/default.nix b/hosts/ginaz/default.nix index 4be0d1d..79ba3ca 100644 --- a/hosts/ginaz/default.nix +++ b/hosts/ginaz/default.nix @@ -1,19 +1,18 @@ { config, inputs, outputs, pkgs, ... }: { boot = { initrd.kernelModules = [ "amdgpu" "zfs" ]; - kernelPackages = pkgs.linuxPackages_6_12; + kernelPackages = pkgs.linuxPackages_6_16; loader = { efi.canTouchEfiVariables = true; systemd-boot.enable = true; timeout = 3; }; supportedFilesystems = [ "zfs" ]; - #zfs.package = pkgs.master.zfs; + zfs.package = pkgs.zfs; }; - environment.systemPackages = with pkgs; [ - signal-desktop - #master.wsmancli + environment.systemPackages = [ + pkgs.signal-desktop ]; imports = [ @@ -33,6 +32,7 @@ ../common/optional/services/tlp.nix ../common/optional/services/xorg.nix ../common/optional/sound.nix + ../common/optional/wdt.nix ../common/optional/zfs.nix ../common/users/nipsy ../common/users/root @@ -43,12 +43,16 @@ hostName = "ginaz"; networkmanager.enable = true; nftables.enable = true; + search = [ + "bitgnome.net" + ]; }; nixpkgs = { config.allowUnfree = true; hostPlatform = "x86_64-linux"; overlays = [ + inputs.nvidia-patch.overlays.default outputs.overlays.additions outputs.overlays.modifications outputs.overlays.master-packages @@ -66,6 +70,7 @@ secrets = { "nftables/ssh" = {}; "nix-access-token-github" = {}; + "ssh_config".path = "/root/.ssh/config"; }; }; diff --git a/hosts/ginaz/hardware-configuration.nix b/hosts/ginaz/hardware-configuration.nix index adc71fd..670a58c 100644 --- a/hosts/ginaz/hardware-configuration.nix +++ b/hosts/ginaz/hardware-configuration.nix @@ -23,14 +23,18 @@ graphics = { enable = true; - extraPackages = with pkgs; [ nvidia-vaapi-driver ]; - extraPackages32 = with pkgs.pkgsi686Linux; [ nvidia-vaapi-driver ]; + extraPackages = [ pkgs.nvidia-vaapi-driver ]; + extraPackages32 = [ pkgs.pkgsi686Linux.nvidia-vaapi-driver ]; }; - nvidia = { + nvidia = let + betaPkg = config.boot.kernelPackages.nvidiaPackages.beta; + pkgAfterFbc = if builtins.hasAttr betaPkg.version pkgs.nvidia-patch-list.fbc then pkgs.nvidia-patch.patch-fbc betaPkg else betaPkg; + finalPkg = if builtins.hasAttr betaPkg.version pkgs.nvidia-patch-list.nvenc then pkgs.nvidia-patch.patch-nvenc pkgAfterFbc else pkgAfterFbc; + in { modesetting.enable = true; open = true; - package = config.boot.kernelPackages.nvidiaPackages.beta; + package = if finalPkg == betaPkg then betaPkg else finalPkg; prime = { amdgpuBusId = "PCI:4:0:0"; nvidiaBusId = "PCI:1:0:0"; diff --git a/hosts/jupiter/default.nix b/hosts/jupiter/default.nix index c6ad5ff..f570a38 100644 --- a/hosts/jupiter/default.nix +++ b/hosts/jupiter/default.nix @@ -4,7 +4,7 @@ #kernel.sysctl = { # "net.ipv4.ip_forward" = true; #}; - kernelPackages = pkgs.linuxPackages_6_12; + kernelPackages = pkgs.linuxPackages_6_16; loader = { efi.canTouchEfiVariables = true; systemd-boot.enable = true; @@ -13,12 +13,12 @@ supportedFilesystems = [ "zfs" ]; zfs = { devNodes = "/dev/disk/by-label"; - #package = pkgs.master.zfs; + package = pkgs.zfs; }; }; - environment.systemPackages = with pkgs; [ - wpa_supplicant + environment.systemPackages = [ + pkgs.wpa_supplicant ]; imports = [ @@ -38,9 +38,11 @@ networking = { hostId = "d3a9e699"; hostName = "jupiter"; - domain = "bitgnome.net"; - nftables.enable = true; interfaces.enp2s0f0.wakeOnLan.enable = true; + nftables.enable = true; + search = [ + "bitgnome.net" + ]; wireless = { enable = true; userControlled.enable = true; diff --git a/hosts/kaitain/default.nix b/hosts/kaitain/default.nix index 9a222be..72859b0 100644 --- a/hosts/kaitain/default.nix +++ b/hosts/kaitain/default.nix @@ -1,7 +1,7 @@ { config, inputs, lib, outputs, pkgs, ... }: { boot = { initrd.kernelModules = [ "zfs" ]; - kernelPackages = pkgs.linuxPackages_6_12; + kernelPackages = pkgs.linuxPackages_6_16; loader = { efi.canTouchEfiVariables = true; systemd-boot.enable = true; @@ -10,12 +10,12 @@ supportedFilesystems = [ "zfs" ]; zfs = { devNodes = "/dev/disk/by-label"; - #package = pkgs.master.zfs; + package = pkgs.zfs; }; }; - environment.systemPackages = with pkgs; [ - git-review + environment.systemPackages = [ + pkgs.git-review ]; imports = [ @@ -52,7 +52,7 @@ }; services.openssh.openFirewall = false; - services.xserver.videoDrivers = lib.mkForce [ "vmware" "virtualbox" "modesetting" ]; + services.xserver.videoDrivers = lib.mkForce [ "modesetting" ]; sops = { age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; @@ -60,6 +60,7 @@ secrets = { "nix-access-token-github" = {}; + "ssh_config".path = "/root/.ssh/config"; }; }; diff --git a/hosts/neptune/default.nix b/hosts/neptune/default.nix index f19e4f1..a9f5240 100644 --- a/hosts/neptune/default.nix +++ b/hosts/neptune/default.nix @@ -4,7 +4,7 @@ #kernel.sysctl = { # "net.ipv4.ip_forward" = true; #}; - kernelPackages = pkgs.linuxPackages_6_12; + kernelPackages = pkgs.linuxPackages_6_16; loader = { efi.canTouchEfiVariables = true; systemd-boot.enable = true; @@ -13,12 +13,12 @@ supportedFilesystems = [ "zfs" ]; zfs = { devNodes = "/dev/disk/by-label"; - #package = pkgs.master.zfs; + package = pkgs.zfs; }; }; - environment.systemPackages = with pkgs; [ - wpa_supplicant + environment.systemPackages = [ + pkgs.wpa_supplicant ]; imports = [ @@ -38,9 +38,11 @@ networking = { hostId = "6c1b830a"; hostName = "neptune"; - domain = "bitgnome.net"; - nftables.enable = true; interfaces.enp2s0f0.wakeOnLan.enable = true; + nftables.enable = true; + search = [ + "bitgnome.net" + ]; wireless = { enable = true; userControlled.enable = true; diff --git a/hosts/richese/default.nix b/hosts/richese/default.nix index 2a97fc4..48451c0 100644 --- a/hosts/richese/default.nix +++ b/hosts/richese/default.nix @@ -1,18 +1,18 @@ { config, inputs, lib, outputs, pkgs, ... }: { boot = { initrd.kernelModules = [ "zfs" ]; - kernelPackages = pkgs.linuxPackages_6_12; + kernelPackages = pkgs.linuxPackages_6_16; loader.grub.enable = true; supportedFilesystems = [ "zfs" ]; zfs = { devNodes = "/dev/disk/by-label"; - #package = pkgs.master.zfs; + package = pkgs.zfs; }; }; - environment.systemPackages = with pkgs; [ - git-review - openstackclient-full + environment.systemPackages = [ + pkgs.git-review + pkgs.openstackclient-full ]; imports = [ @@ -49,7 +49,7 @@ }; services.openssh.openFirewall = false; - services.xserver.videoDrivers = lib.mkForce [ "vmware" "virtualbox" "modesetting" ]; + services.xserver.videoDrivers = lib.mkForce [ "modesetting" ]; sops = { age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; @@ -57,6 +57,7 @@ secrets = { "nix-access-token-github" = {}; + "ssh_config".path = "/root/.ssh/config"; }; }; diff --git a/hosts/saturn/default.nix b/hosts/saturn/default.nix index 9930e7e..696d544 100644 --- a/hosts/saturn/default.nix +++ b/hosts/saturn/default.nix @@ -4,7 +4,7 @@ #kernel.sysctl = { # "net.ipv4.ip_forward" = true; #}; - kernelPackages = pkgs.linuxPackages_6_12; + kernelPackages = pkgs.linuxPackages_6_16; loader = { efi.canTouchEfiVariables = true; systemd-boot.enable = true; @@ -13,12 +13,12 @@ supportedFilesystems = [ "zfs" ]; zfs = { devNodes = "/dev/disk/by-label"; - #package = pkgs.master.zfs; + package = pkgs.zfs; }; }; - environment.systemPackages = with pkgs; [ - wpa_supplicant + environment.systemPackages = [ + pkgs.wpa_supplicant ]; imports = [ @@ -38,9 +38,11 @@ networking = { hostId = "4ae5eb4d"; hostName = "saturn"; - domain = "bitgnome.net"; - nftables.enable = true; interfaces.enp2s0f0.wakeOnLan.enable = true; + nftables.enable = true; + search = [ + "bitgnome.net" + ]; wireless = { enable = true; userControlled.enable = true; diff --git a/hosts/secrets/arrakis.yaml b/hosts/secrets/arrakis.yaml index 6ec5283..b17393d 100644 --- a/hosts/secrets/arrakis.yaml +++ b/hosts/secrets/arrakis.yaml @@ -1,9 +1,11 @@ nftables: ssh: ENC[AES256_GCM,data:7XB18w9GPsqxT3MOjfxOyYIjgDZoPzWhKTJIGkhcRGXpf68OekCA0Jv3v5g81pxYNHQz5ky1//T5eEEhskBNT1dalScYXMm90CUOlYKHF975SW46p9ht357vUHngxnu4/Dh36Zmn7u4CMxUIeYsVXXVqujCFH+Ypuy7702hwyNJWa/u5Ik8rlsMMtO8aO+31xMf8MaCGVghDzXqXWaV9FJuuH69TJW0tW1Td2QD9yaMkH1kVSRXYi34Zbgcmf6MzGtWkytexjLqejegFUZ/7D6vQrGQIwYkTmtBvqlf0UUOKkZzXRp9e0ScWNnGJKbQSMes1ablDzwcuTzF6HS04Aykf0/CN8k71PxojWdd8HJEEKp1rL2CFW8LB/7CY8MD5zP4JcUilNiyzaFFQU93BRPg+7T6Dhk+qNIYCRaG/xLxzi4SxVSfMhI++/JwhOFatk9hOs3z8d4JgvMgTN0gKZJftt17CJMlAq3iDNvQC8aiIVaGHKoCSDUBBGS4zI75b8AcWRcSUNTixWnCx89KBBzQYTy4h3ZO0n6SsQvKyKdPWcVpnQtRqcToEJcCwvdwZXW3RfuRutmJb19yxIIagKEqWVYvgxIEZ19aV6HLJwUEnP761VsnskTVXbdPIctl4H5Mdg++K919ZVNZ56I0sE3c4TKukVsT+bn84ymoF/BUO+yvszptiCtpoJMLM/MPBbDT+3HB/rdi3gZKi1/MS3uj9cDTQJa6HeXd0PxxRXrBZnMJouUhMdrfVeUdLRpzZbVEcL7BYy3IBWAT5UUsJ+UrkOgK9nySe0NQ27gxSpooOIaxg8QRH0KB5p6hn2cwIHXT6GqbWdxE9T0G3hQmAvab7xpPA0oDRW4jb236vzBvBt7dWlw3QxRZXClaa2f1tYY7e499xQ+KqgC/zaBHJy74dStbc+aVQQwUyy8PqQ3OkaKL4uAsJHbjNmomTtt4OLwWfJvPY1QprfrbyXpFF5hNupi7aiItluKVpTvw+Sou7N1gmcNsbYunVJC6MMN7TGw+YL9kQ6h+5hDnyOt3sa31mZpIU95+PV6vpdxxkT1NC/HskJDPfcnoYnVj7PuyaRij2yRdmL+o6bN1NhEGl6dDuGy3gW5wos03bb9voMlhStuxrvRjUr/db3U1Z1O5winpWyRsDxkZR2EA4MweNbkWSS3FrZkuY1pYJd2RClrUIfuviB9gBXwntkaD06NJlXYlHr989cWuqrxIJ+tjHwThwozQ8knYs+Aa8bIFiw6BoBeOxl2d4QHml+4LmuWxaRSx4RLprgXCvJewqClbxk+4oyW5NqXxtXIHCQawCW+Z8my9j1hfNgM6Ct4L3hH0IRE2wZML3URRlkPI/FpvjitR0IauPl090mQa/kSfAjd0pcdJy37garUh9xIxkwmoyF6i2lmb3KSrK9G0rYmVMYIM2BVFTICr7yEguX/azw8uSLNdjENZ0D8bLvFhjoYrBf2WryqPrvtwh8nH2Q6XBGvPMgO2Aj9x0UgxVoHFrFi1qsoKqJpDrrIGGqYMKDS+m3VorQ3DAoCOMS6A739rOzjxFvi6ZtA03v1W4bDtldmydiMYpBEIA+ZVw0+1NwsSq+vEEIuyhiA05ev8KrexFyixmMvmqS2iGoJ/0MqpYPDnXwbQS66HY+ipn3Ds0RyZdH1cQEgi89p77nb6tjMLBRdsvkoVGwXQqVsmbMbtDsBX8wyzc5GMjG5oY5nO0FQcnudQuA3BBHWFL4Q+eaPGDx27s9sQxKBRaPfMgBBMV63/nmAcSYaqN8S4lVHWrpZvUCxehZ+5rx5tmI0625JODfN0GWK/ef0XRGNBW1I1KZAw3XmhAo+a0jaWTMaQz++JuV0MpVD8/xViOMBQdNHlBoWyUb9ArdkF2gzjOsWW1zeAFT+KPVPFXu/fQ1ZTN4aUnomC2uLpfKBYkQp1qkXx+BNAWFfzEmv6BJbtJaT432S7KnRJTCyQVyATlnMI1hOgkZO+y1OTXguhy4OBbxjmkib3OpUt0yLGI4cb1s8JtA1T4ZDlK6u70+rE1AlYtRAc3OotAhbOv9Uo071Pr8CA6eCzAt4Y/gGcss/AJ7LB0rG4OCXw/N+ic5N9n0YGn3Zp2XRqheLVWrgZiuN7gj+rORS3EpLUb6JnkanXWM5dAY/gWbRd8+iF7cCRCtnkaARp9Uch77SntUdllX+AGIMnRtcAU1cYkEBzKsDLF0PPZQzPXE4z5cRH7rnDSTLixATHS70vwGkBOe7NukiXBVzK7GBCXP1nzJevb7BeeUg9rDcsCxyejoc7YA8+pczMNxl4wjx3H2/x+JhMWrYcZQdhi8Vzaeoz0ulW8xZ6tO4JhLPA/Cb66B0tq9Za6f+uaJOIfqnl0xem6Rif2qUiKkSAZ4rN/2j8pRj9BMXCvKSttvG6hTTaprCe9Jn9rGi84rnIwZmN98C9KyHaTeKPC2NC4ooCsxOZtpeCCXNfFhqDVGL15NhwCravL/8pKf9bFhKW8DOkZRPy7jWtCCfIu0kkuZUkBLfT1lQ6eXKB6P6sC04IgBPV8Euw3woPOgGkJXCfLnxLljgvn70P3VQ==,iv:OnEBPu/havLABMuANjiKMEmhPX2tk/PlyDY0FwvQnsI=,tag:Qny6XbCXMhAr1AjZjr0ucw==,type:str] nix-access-token-github: ENC[AES256_GCM,data:1kkcaybmrEUrU9lqjKpaEqBBqtmTU9Teh0sEh+7PmAYoJEkyngT48Zzo8zpxN+wHdD9l/XV0iT3tDT/xY0ZMtawdXUI=,iv:8XYmmL0Md3eVLkvW3YkxN3gzGwY6DBvPA2XBdC8ccQ0=,tag:La0H5RJIwV3Ed3jVfqxlog==,type:str] +ssh_config: ENC[AES256_GCM,data:f0nNWKZxV+MjG+Jx3JVDiGaPwryaJxivRJrdPB3Ks7vJgieey5xLXkyBbEzFps/S2YLod4MAMQvsvunx4U54Dgz5kJQR+NfsQ4pVdYenqNYxpyCqM1n+oSWwmW0l1Z4F717OsDiadaAp6RJ58GK1pNB/AyV/Xns0EbSyqiwUGTgb/Mb6MeVm01djrfXzEYNHoBVuUA8b0LxdL1xH8CQwmPcbpMHItrO9MWIdHNZrz1YKD4EOfqt9ei0DwdvYbMqqOPrw/5Sgn9oViX/yJxWDJ1M8CHNAWMfAZfnr0ATQCYE75PhOAhuHhsZQBmUUCj1hr0b/Qb9Lc0agS8lvYRJXEIkMDoFu5bOAZkjmrOATnu2GOAynMr/tjMqPFBYmWdIfJcGRe55pW8ulbqnxcfvlDSmLGABc+sIr50IVwsBlzxSPoZhH6Hm+7i0Vs3Ep7VM/0Bcuyvd7z9NGKJp/wWAeUrT4ccJJSt5/1HVHcYF2rs0u0JZ2KNr4hdzGafC1353jQ03UC2yzZff1Jtv5nnrxQrlm1rBjbB5pxk99zVs8hWg9y7+Y44xw7PQ7UUrZTGd95khj1E00Qe0YFHxid4UPXoOGhZ282bziVBoJgmzdkAq/ekC3nZ38SSD/oKOnZNto76uBx/Q8ndwP4IgxWOkP9EKpsMvQFYyaoXCwdOKX8yNHUZy6wCW0WMEzWeCv1ixHhMF2rAFUu+jcd0outRQTaxBCvDwAnQqHWmY0ixk/L2r4Lf9IpYBGZ89xlcqnUTXKD6wu5AfWeMU2SxmzsF1AWSA/WBUjqW5nTfTr,iv:uXbX67nw8uot2BeeeU0wMNZ+xK+gJ6Xy42jriUZ0gjQ=,tag:AkRAMlnyaxvCVAQy1a2zGw==,type:str] wireguard: arrakis_key: ENC[AES256_GCM,data:jJxltF+jMKMchavpXWKGFmFI3K/Qkgmroc68nUzYL71kKR+WFMPUzDjXW0Y=,iv:RESrP6zChCIMeDn65mu7ULvfeT5QRRX76TdyOAjE/fw=,tag:0QXp38YwTJZS8phv9ObrhQ==,type:str] black-sheep_psk: ENC[AES256_GCM,data:ZBR7CQJLBltt9lTeN16SUte0xt90oVoJfvWrdF8gVAPQgvGIp/t3i5L2+eA=,iv:ilqCFzHhjgxU7FRcj0Ymi/t53NPt8QMJD56azsNQMe4=,tag:i4TIQryxzJpGaM8KGCVXQA==,type:str] + fangorn_psk: ENC[AES256_GCM,data:Ob994Cp+CDDfg4IEVGPnf265sDXe2zS9snehBvfr87x6kGq1YnKJQzkGXx4=,iv:mNDGwyRI0T3FHbPw9Z3NX+3/PmiIXiA+C1QUYYTdENc=,tag:Hz4qSjF7EmXA5ovnGLH3sQ==,type:str] ginaz_psk: ENC[AES256_GCM,data:Iy/jyCcXl5VnSArA+Uazww/refw+Flopi2CnUgXyB/lnL6ykqawztK6KSBU=,iv:rB9eeMXqa+ZptLenJs/x9yffu4s10YwI11A1EPUHY54=,tag:1rw8SyfXyKA9IW3SUfYbTg==,type:str] homer_psk: ENC[AES256_GCM,data:JaUJEWlcEhWeT+g5J+ysQ7rHFW8bxyDiciqrwL4JH493fQNCBnIkfJXtjfg=,iv:l95W7lVeBZhS2YwWN8biyFHBlAUwP7+DrSOVAhowC+I=,tag:q+wDpSGlT3nb+88yYMNzhQ==,type:str] lilnasx_psk: ENC[AES256_GCM,data:wssUtPGQfs2Gt63Iq+QD7nQsAaua/OP0tcTmxlWFPTjPF3PzU2Y8m/76B3w=,iv:1jSwB0XkC+Gcn2JRNcaGd3hhJebmdfaF1N6PNDEdkSU=,tag:GVigw9hi66q2+q06g+WumA==,type:str] @@ -14,10 +16,6 @@ wireguard: wg1_conf: ENC[AES256_GCM,data:FeRx87Ynsku8RPJ34HX4WZbvrl0NMKQVUueYevXhZi/uxehsttjqdZyhKGG8ZZW2rYNT7PADp90NcOYRuS2bquFuU+XSK21xDC7myk9EMHtEh1t2nk8ILYV590eQVceyQCb9XNjlypI0QJEBItODg9DAGHf9WqV232zj2NcXmUEFwdQpWt3NnFo7Dku1KTmNWIQhfKL96casrHP5j7YHASlbLC5xmieZ8IPasfozPCDwQJMxdA5PH5rr7DEcjIrOgYSqa7G9VcPWlBfiuyEI0MZVYhF2pl4P57LVZNDRf8XamOcsphnRfgr6JYArxrHl3H5r4Nbcz3I09W8rrw==,iv:qAB6GAKDLg4P0g+5cRPcOWS2DvW7dcMJp7Fb4hDArfo=,tag:cacQeEAR7gjA/40Msuh/8g==,type:str] wpa_supplicant: ENC[AES256_GCM,data:HHs6g3qaaeinVGgteExQvhE0CEC94WjJ0tV7pyI=,iv:6F+DYHieaWWo+V1F9yjwWT7PcdiIpH48nv1SUrFHePk=,tag:cpimCP+YNmCI+t+wpuXwHg==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - recipient: age1mkqxkwse7hrnxtcgqe0wdzhhrxk55syx2wpcngemecz0d7hugsnqupw3de enc: | @@ -37,8 +35,7 @@ sops: ejRLb2Vkd1B3QmxLSE1wUzgrazZJT0UKz1IQxYm7hagYtBsWTpk+f6/79ArRUgNL MfhHMQAwuuXjBSmuFolyU3UoWnDYK6uGAv5nlTJxESqj5eQBafItSw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-11-23T22:22:25Z" - mac: ENC[AES256_GCM,data:2f0EwhcP70EDiEqsY8FmIZ3AfjazmdNYCGmz3f0D4EwNx0BxmnVMosWeLrZYrIucNlhqD7xCWhHxJAGM7P6m255sVXFipU0tkk0ZANsUXBc0qQUmH17YfH34kBoKnUUlDHHK0/Ep7ByBiCkzZACmxliZYRX4uvnsDf4hWTYUW6I=,iv:v8phL5vDHGEweS9NAAygiUNDHpXgx0vQkdwzfEn8eTY=,tag:MFdjpQN3PytxmtV4qCrsGQ==,type:str] - pgp: [] + lastmodified: "2025-06-05T17:59:42Z" + mac: ENC[AES256_GCM,data:K5w8k35R8wKpo/RS4eC5DyXcTdrxg4k0prBphXwMn8+oi/8/L6XYVUmhh6ftp2R4tMcV+Qvm1woMiBZaFJ71v5a1RytjxnIjNrDvGUYVq/Rcz4Owm5Zx5qSD5UvgleVxC2k26LciukJ4O+ZcC07kKMBt/NJeYNNh/oov74AENyw=,iv:COQg/3qEYjFITHFqThsQuimN7R8hp/GEChkOXb3MNVI=,tag:nHmO+hn1fTVqDtlnMuLzsQ==,type:str] unencrypted_suffix: _unencrypted - version: 3.9.1 + version: 3.10.2 diff --git a/hosts/secrets/caladan.yaml b/hosts/secrets/caladan.yaml new file mode 100644 index 0000000..dbbf048 --- /dev/null +++ b/hosts/secrets/caladan.yaml @@ -0,0 +1,29 @@ +nftables: + ssh: ENC[AES256_GCM,data:BTUQjgRlGhk3+p2uYAyN2X59YzYeBzSuMJ7MZ5Aaugrm360+OTejUHzUYcrqLVomFLe30uF5puXVKQGeCd2RIxQhyxHGPQ4liI4RwhYE2JAtGlAxoZCoHKSew3Rqpk5+fQgkJ4xGwFDyTa4KOKOYXKknrCkLOUc7jYXhGAfwopAMfGqsUFgFJVkJ+zIs5PCNAxZeneXGffb3tjdC17jh2gLdydmhCINUpn/CGKtta7aDqPD0yg1fHeHTd4jhkin0PoemGlBm4IVSv4FHK/P39dhSR27GRb/hqxxrkZyHK9uqx3REEbHGWWGjok2peVpLVMbKIxKU7yEYYJL5zq5/vnb7RsP1+Qrk3Z9ho83qUgOhXYoJVV2c0UrrZ2KKOojOakmkzgwK/FFBhpMu2JHzF5Qf5ngE/CXnOrdutw9ChXUarCUsbMFXDRIP+AgwqsCgOSSPTOgAfyKAkqUqOw0+cR9GhvEVpe6fxIAQf9s6vjYrFCUorsP/z6vDzkLu8Fodd/fkxIY5+nix18r5lrP8JU2LCIfpH3iPE62KgPZnFtUCs+blsgOh1+3ypw/zWB414hQYaEatoXgfUW13xwHdDuyQJBKjCm0QFenzisojfIDr6seDIYKoi0jnot0jU+4n6sCBdMP/xghscn+6oNUIQ22aWGeMVfGOkORIsJkCYHHLRIZ6axvRr1J7rRl1J7NaB1i0m26POe2XxjNrmQ4dE6FIN3ho/1ETv6JX40+95SU/F5skth6MeHwueOLHo5orJsSjYtttYYqL5FqPM6Pz3EQqAh2/bxuKKtDznVCZJgTx8X5cwdjw2uCBNxXnhPE2iRL4wE/udI6B5QOz2nAHYt4mR0QuRARvtbSbVZI6cCd5CVBfqo6DZbXF96PH0Ghgtrt9ZNGxJrKoljBmeogY2fgNpow3nmmoFoEoACxo8+eJp1AH9+Ma88xO0Eoq/jdNFfxkhpBdulDeRdHsf13tH85xqWk5lc2U6HNyqomF1wOWUcpoJf2vfBmA3y/JI2bsLW37OjciRLH4KAbyp2QPZhdILdQRgWTDkrWolzZ3ZW2kiM10q/8PtM/R/Ih2PggVKptJiUM1KFx8R5+dfTzi4sBNiBM74rUu385cuxo8f1opGT1biGBq9qh4t2p81yLeRQOm7iXvtoAE/BEJdlOXBgooXSK76R+tz/0JeQMuD2khbCrDHlY/35a/VphygPSAV5ztJWoHpo6cYezs4yWOotB63YnAWJktdMkNHzsGD1tWYr95u4+OMqWtMogvICyVD3HZlTy6NYlrOeHwthOW8yndpnFhXLh8PgKjyZ/bTH3QUSCmWuPowEMJ4mecWDYYneQYF2wr8hXYRkUlY3AogkNf6rJkMlXzkHxlK+wy4pF6KfaTMsGYIKiSczl+uGYJ/HWxSNeQXzIq0s9/POTs0IoeMdJehrFLQQyslKuxfOZgei7m0KT8nEaRMHQxc2mCBbLIah3ldWip+FOj4ASRDOXAFhKNyj8a+TLx+TrVXAFLOK4PrmaCpgp5IQyfHTYlYTgZlvXB+MywDUo34FKMA4InHRslTv3qpg/qQa9jRrqs0xhrvXJ7UDxOImHl5zxHwHUw/ltJEh+q63Y7DkNWrD5oB7gQKF2z70mJae13DgYzl8ADK0nQG4oR5sKdaH3O1Z+MWwP2+XpafLeWy8nvG7wKOekXR+cxajhN7B/fyTHYI8BHkYaVXyoLU3kUnwAuFfEDRxFj+ESWR3L6qRY1OPOl71fuGcaifKLkr6IM8TJ5x6/ffoGOHeS42aZZ/eKK23BlRMTchVts9whiPgyjTdn2o44MdIASZXeohPdnuIbfptxSH+gdTc0NWZnEtwsYMPPGovQ6sZQ5UHtDypQ96OlRS3xjFTKTYgDJsUQxieAzENjAEdghZArf4Sh4OVqdDiDUzP2YkXhPooPnkq4vhhWld0/zQMkjvlT+GKbNux82KXu6WTXG+YqyQ5KCNcZ8z+wvHlzAFoSK9/Nw+oXS+jpLUbjqbAJ09vEG6fqnA7EjLXSDDv+p8Wcn473Yz9wKp0G+PhVCQHld/FITB0+AoD0FWN7RxZx0T72YDn2vd+xpZ4Hc6MaLlseeWaLOBxe/Si2lPhwFG9ZWWwkzTnMyPd87iRgxP0w/w5NxyyY2IQOqN0EtR0+dFzBJuZfcBMuVe3gUzNhnhFO9nt+MynzVxsCij1Ez5NDCrmF0bpr/TCaiWVt/UuvoB0fQLSMawZ0eRC3BfiGD2L6lmoTv5i2bY997OWYAt7y/ajchk8UlYqJDQ5nM8OdQ4MW6BEKf6/j4MA1l7CsactHDpJwPStX90BGff7WCkx+eZ5XaCza+DE/NILD02XUfRqfYnvSW+9WzMtUEfvou9J79i4iPAsezsGkfI8ZCsg5dCVclA2mbQYqT8+3dY++5ICpvk1r0xyeBGAoThJlbWC2m0o4OmhrGMJwz7iX8uEPVEfwDlLsHVTdmrLirdKUhq2KfwjvARsjPDkCdRQf+uZsI2X5Wdl2yZFa/TdSshbfCsKEK0SsShdyUt7O5aqCjze73KahteWapZqnes4xrrKFQamHo/e1t1lxwVDO66EVhl23jZZZ6B5TdydTnAXoDiONOhm+zfF3mD6JhJrMc1v5fVFA3Eedif5hkwj+CiHSTaN3UERRf6rFb1VFCk7pbsc0xaqvTURJb6Mq1Kom8cmn3oOMJEBRJZLZS9cAawNbMlXJ+AxL4swxTAyl72Rdm1MYRPMxahBmi1OWuUdNXogpHnsy88Ri4Z83TcH79dub5dQCfN3hYDv8HsDpRJwqgHZwK4+Q4PRRa5yyxK3aUYOxRN1jQ0L4F2SaZt26I/j9eS7J4loY4o77Zt0tMzBCFLLV/1qje4xKF/dTzIw+kwJfRWCtZgTN+RL5lINHWTj5t4HVznkMZWk6pS5xexHyX11zu2TsZbEcF0aTbL9ByPJSrOgs0FVyPTajYTMpqRkjz4ZlYzOKwMVDnh/suj13YyC+gECXV8kpgh8CENEc3UhlOgvGrwF5j2O7hwkt0V0tBWNjxwK85/JWUUgR+UrsGTuziUClz3x+duu9+2t4QUjE3e3U6CS9/IEP7B76GxePO/jCf2+tp9MBCT6E2WiLav6X4cnksNcP0k4QNEKe3zBCOpQxBOBnnLe0f3w==,iv:UY/efikTAvIUfcciypnngPj7PhGjccoIeXRyew2Ft0s=,tag:QnYxLwkV9Oo9ETWAqIKNyg==,type:str] +nix-access-token-github: ENC[AES256_GCM,data:9+Yal5PsrtrQmpEmYp48dUs8i6U+ZBl2fm3WMz0ElKbFm8HvWaANgpxNoVUChj/GejqRtmJVkUR11m75Gh/Y4RhRa40=,iv:xffltN4QMFPCIUdVBA+ZzZJwMV1aiR+ZalGEUM6zxb4=,tag:nmM4RpKfFonvGgOMVeT9rg==,type:str] +ssh_config: ENC[AES256_GCM,data:zlEJ00GNq3WScqJ7hFTx4YLfTaEuN+GZF6HKew1vshX2nwqsRQMpumyIgPisl/WqPbTUCU13qAvwTbmN0vGna3WFA376GVAHIN+TzTWGdcaVzgI8wJF3c26k0GpYDvgsxW0QNR9BhHJvEE7ox6o/chPXUNS7Q4AwvD1YuOgQZc2kdBYC5zOZ6Z2/qPOLmVesn9+jbFBGfHNxCu/Vq1wXfCFhZ7+hY27R+BYmGc3uUPYrQ40WZgbLzBpkndxhh7dE7KlYFavJtaaRhnaN7i7/30xyO6IGBpuHBUxnryVwgCUx42fXjYMVe6tfYXsKYAbVhjgrJSwOB5Uf8W7gekr1qSRStROZC/Vnh2Enz3PwWYjXViyrWEpw9jXR3w8rCIQ0NJQXwvsRyEipujxmbs9MhywW7x8zC6txjg4Nd5gBNuaEsg4e82ARic65RQ6q8tvgLQj6ghR53nXA+GFv6ybbDgRuL27ki9wWHCy1oYOS1D58So3+ABAKzxayk6Eo3sQeBHO9bKVCZWwWYwuWtknKWf8HoedVhMUiimJ9MdgQsNEEuKL7g1OTSt+25KDBcnuUqh7fYbNi0AB4kiGTSrExQ7zzTIkKiDO3j0yL3M+lC8WoeBpYfmpuTWcVSYHmjQn8ggybdbEWRY/pdiRNChG11IHGZpS1v1hM5Dw05oGFFciCwOBFS7EQpetOYlKT9wl4Kof3cpqfQUE7q4AHSMkSWZX/t6xCFRv2V6jhSwSpvcf+CMGu+s+ND/kEjKpo/+HiyNp5GhyD6h1oPc+G3x78YVx1WI+wuzMccSp0,iv:8EtrGsi86BhlCrn5kNZSbvIq/D6RBjJ1AAt8x3x6Pns=,tag:OB8azq3ZWpMIZDMQp+ry3w==,type:str] +wpa_supplicant: ENC[AES256_GCM,data:UtDgnfUMvMyDeYLhOTvLYRj6Wm7uX9rm6Iuxg5o=,iv:lidCvrXwm3gCg7eTCLtOyyooDF+9eZ3bYdmK7cx9NAM=,tag:VpLfKf5onTg087n5ZeuWqA==,type:str] +sops: + age: + - recipient: age1rpjhlmc9sf3kcagg2fq4850vcxnvhmrrfggs30jckffjxxr89smsukj0f3 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDRWR2MUxlYmlXaFpsN2c4 + dU51ajY0czg5QmtDOU40YnByV0VWbUpzb2xRCnUwK3Zra0NrWWRybC9TNmt3cVVD + ejhza3Mvay8zNUlPVUJjSkUxQzAzd00KLS0tIEtqNCsvKzR2eXNIVTRvRWZVT0g4 + a3NMZC9xYlRlc2RxU1h6Q3VCUi80TkEKSCs6Y4l0McbmNmN1JX/B4xlk3kCpzUxH + vXCmtdm6ab6xYjPfRXvci9Z3Pxibi+s4hchiUi9EMRJk1YfXrOzbwg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1a9gp70y8576pkvklz2arz6h9ecnrjeue2vvh9mvvk92z4ymqrg4qdqm9va + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwdVNLSkNXQUNpeXVMVkhY + RHlMOVlSb2xnOFJnUTYwTHg4aVlEb3VDRWdBCkIrSXZGZHdYUVhlTU40Z29ROUd0 + ZVhCMzAwNVZ6UDVvOWU5RXYyaW9kVFUKLS0tIFZhcG90VzI1TnFEY0Q3ejB6SUJH + enMwY2xGMkRBNU1jenp5MWhBY1NmSkEKK8cpEKoyOQLEyA3TUqaRprTxbJH7lhur + E2V8leAbO4FLR7Qp3+9ymK1HIO/lcynktLlBHZtJLc+IrmyUguxqeA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-06-05T18:00:15Z" + mac: ENC[AES256_GCM,data:JKzxSGzEPIM7z5QfGZgZBXNUTvLOmP5Krkjt5CCt91MdlLJtksVjMzcMEE4hu+3maLXR0UsXn4W2K6IkMmyo8nU7vHhg/n40WIgeX0J8e7nx51VymJAsiisdijGtPbVovdK2qLjU7CRoKypfDNiV9dYLPbyzpNFKyCDdpbnBJ+4=,iv:MCRxJ6QsNWSfblgtIkJhnqap/qFg1OYzXHUYP137ihw=,tag:szwCMpyn2sWm15BJR16GeQ==,type:str] + unencrypted_suffix: _unencrypted + version: 3.10.2 diff --git a/hosts/secrets/darkstar.yaml b/hosts/secrets/darkstar.yaml index 37b53ce..b9ac45d 100644 --- a/hosts/secrets/darkstar.yaml +++ b/hosts/secrets/darkstar.yaml @@ -1,16 +1,187 @@ -asterisk: - extensions.ael: ENC[AES256_GCM,data:pJy+Z0Iv5a2rZThIpspriCkSYCGsnYWDQvOID9fhuiVc4JUxgB1Q+0iq8tANBnYtGYtbYO0jijxYmWZMcHu66aXQwegf66PQmYNwlfiJWJjJ/T753iiVvqcrnAwA0XL0RW2rbA7cWtVq+enUglz2cT6N+BIwPSMTo5EUei+JzZ/ovqN7E0SLLhgvfmIttqfJOo8OZU9eIYN3XPO3UEs9ezHDTgFIygxdD3xaGBfecoiftCWG6CDFdK0pMgABn8THLqeqigjuC7J4Kmqq7suGSA8eBfejfYoGzxY+9LfiRdGVb+oj5Xik/4Xkb/dKthphl7ez7PkJfd89cXuNtAFO67dMhy9ITlJzrkEqUKl1eMsf9oDzqoSuUjDNhS32uKO3CrhAjzAiW1z8C2gmfMscpUeNnDbUHDjw2isz9Ay5nzapM7m+3hq5D9BBb413dXxu66WkewkOHy96Vg+yO5M2c63BPiO8NfKESd5ij1RtgyQIjj8rlEfjheOa0nLfw9lj9Ohc6n27xvi55WZbZOfdeb34yIzbtNw5pw1OZhQ2U9uexJhLrUpKsg35/TMjQ3/7DkcwacA4fpI4TvfYcxZydzXvDBNEw1cZyRYEVXpIM8FepCGICviVM53cRYJJ9jmR5MC2VQSp8K8WBnBgcNfrJ2CCnfT8mGH8g2t2ZDC8AHHS8P8qRMSfsS/UmAPkIuqVXBoIRb8PJQELDfMLDzHvTL5D2CZ3+UGqB8trHB40wEJ7pw/Fm/910Z0NJS5yUZKCoU7llbV7qyxjVBIv5VU6yj7PZWkyS1t5+M63J/lssnKbohm5er2pH5tZ0cD8XRkOJXZ2R+31t48cJDYFePYO6CbMsGUlRtKYjnmHMT79N7HA7U2OKfhn9ab//UjMpMNTEHEGGB34G+hq4kgvHuiUA/IpvjQ4/D7bHjTFc0S7umt54dsCCzJsrH4pYPLbEXmNnm3XvI++cY0o4WKJvxihZIDg5+w4rYVgK+mc+3x7Um18K0UCIvrvYEoRfxM3eYKS5OkUZ1DLJZ3IZRTttgAppOVYfkAJiF1DkNKpYP7iD2OJuM8BMS9W7NL5tLmg0zlm4zIOUmYBTE95KL/LakpC9tHm/MgCz1vzdGgY3c5cGDAFp2+NOH4Hbh86A96aH7S8gDExCB5ePbHPmJxoHgzxqFgKGJc8hDlVx5E3QZls8l8cW0q1Rxu7EyNKEop7dAooGNoWhyIEGzmgVqKKTgu7jAYV6OjkKlgeJQGVuMfW4fDJoo8/4t9XpPNpa/eI1MSZOgITFZ8Qd6FU3447M0E846VUgR5PnPWcX0l6rBcIilQL3ioRqE9auKNItvZRLdC3J8nMwXct0dplB7yUKPVegqLpGDUXJCe/WBAP8doP1NMBsBN1lSGZ5ZJGs1TF1HN4D0Ucmnyo400Ytni43AGuqvTdTz18DpWxFPkU4XWvAznsdu7KGjAvb3bHCpGn/y43/Ib343Y8G9LcqDWrU05J2ONU+nf6YE9atnF1CwCaP5/Nu9Du+iDYO5Oh9TiDwZ1itqEJN7Bggxru5+QgPFXi8PsMf5Ie29ptoxhCPxxrDMbC4YwVm3Llur2qdWy8rMwDgB2AgAqaidks5djVjbfB1aLQb4lQfsfyfvakU37T4rUul1XbYiako3ZRFs9jLWbRdl4QEuky8XG4Tdc1NZgmenUMtvsL2T+AEN8/kdbbhtnZrFPA/xeRxjDOb3y9K5MM5IT3yPLOgqMA9LRo/3Fzi2xNj1WcN5ZWjvEi0+OyoC2CawrCPPCij/6UOZIeCGTyJYqDoX1zD4TuHvQHC6H9rxUbyjOgkrvGIYsyW2ZgnYtni5nK/irUphA1VoadsXE0gEXJ+jsV7gAUZ9aF1WhQIVJz9fz3LwuLAxoiruM+9SoNANqL5q80+/VTyUsfezY6UG8Hc1GWFtid+OqE8kxO0MS2NnQwiRIc49vs3XotIDnnycRYh4pgBSlt1OH+tKnvhFA9IjMolVMrHjPWd8BOVwWKKalUaG9eouTN6qJQAG2YW3Sv/IOmyXzLlwFL9TMIrg9xO02BGABrx7XctzLF0VcndmszWEbVOsG+M/BiJPkIw8VhFLGGKQbOv4qaPPN/CDeveHDwZLUkUwOBsgt8fmu9UzYq742vQkw0dSGrbEXED5Oln473s7RZH5/b3AYNyehD2uctbtoDai5WwuO6l/3x5yiOXfIkw5pfhj6gT1nzKXU8PdsbnBUx6cEYCT7QZLeusyO6315WH1XGcu3R636NE8Lz2/UpmbRD4OdKHC7jTGHFuo1H+doxisdWwDgmsxKxyIl99WW4ekMKw5L6VCrng/TyEtT8lPSDs777H6vlIofDScyKOSB7qWTIYIUP4+iiNKiW8xem+g3fYkylG569JFsNeQDZDs8MDib9LeMTT/55mL7Cl+p8nlX8JHfEmYJSlbdY4eWQtPkfHbcnVtr724XIZvDY68ocPskRhUUw4CXNNyV8XFKb01a1Gl7gYtzx76dTeswBGEFNsBfWSj3ndLy0TviwkI3hz4miEsr78t0nYRpGv1Bb3s5aUfanfDEz/JYwg12jKvOumjr+BytNfDwjSMTbYRi/D81otS2b12EunLfAml+Y3ZSojD1y7iYYpgJ2rpMfz1BWfkTWWFjV5Dldq4lY7RSaoQw8hl/aeD9kaiR5beOyAQ9EYI+VFnPK,iv:XJjhLnUgf1cc9O50U4Q8Pis/ZYLg5B9U7u3eDuDcjeA=,tag:0ZqdjgYNMsXcKGIs05PGvA==,type:str] - pjsip.conf: ENC[AES256_GCM,data:rVtOAj6DiUDAlM7m/E2h1EZvsrabmDb9zD8fQPvvTITTQ8WUwwU6etJm3CsnrfskyctnJQWqs2nQQol5ZtS8Mgbr9CGOsk9eOvAxQJcjvkI+tJKl/d7DEVk1XKI6jV1X2Y8klJlHROe5w9N2zzdEfDbWIBUig0Lc0T71eAzOEhR/9QxQD0OVoonk0AuG8xRa0vzyYJEvWbOeqrxiM74RlrGThE7U/+fM0rS68Yy3PdIVnOnHtlz5v//ZGcNGYNmncBV3W7avnlCRV+C9b9WblkG3UXQ/rkXI2nNg2BaKTa5545kjyJsuIYPbD3Mx15oTQaBhZo8KKAO7ZsfOGWSZJ13vdx4xnub8S63QDWEgwx1UzjoTCsnkBh86BFWp+xk+D5XDk4nC1qqV92Qy33d8R6HJ241INwxPK6ZV0X2FG00mGdpMzELDuq0yg1979QlIHqDBAOoYR4rhHSYYKCqKw9cXsURkqsz/sOqsb1BFQRY6+WsvAK7p9seiw14E9glPa0OkjnQcA7JjhOQGOvoz+p2UiygVDnJ/H+MaGseUPTUZGm+Moa442/xJAUpj80wfHxwOAX9kdWjOFBXBn2A8u/cmO6cdCQvG8Mpx57eZg/CzeqmNMGcjAi9z7TtWN3iYi3TxD25ZFfo5XSgqOmgKtI94Mt//insmLFP4Q3l4IHqTpZj4qQDMAtocShhyhDI49exHPQ2lWiKMlBtQ4OAbrYOVrVk3oHgJ8e7rRWZy1Zlu9UrfTEO/sj1xvXa/9mvJSpz4nQBz+pKyjy003VveaJpvjPXkRkhtLLDX4Aw0K23fWt/4GQEJIG04w1sJMHu/s5RIrP8bHZKjezNYV7Brvvlna4xMahSzfg3Z5cvOH2hgNKOoFglmGUqvWyeDm4CCepJ+WJ8TYkwIEMnjOnCpb+OF+uXwYpqUi2DD4pwzmEuSagaDBtTAuSIgtkSupakpOdQYhW3UN+keVcu7reBVtl5GWSVfviZ9P0Vyh0Zvtpg/qMTWipr3qjvtIBauT1ChLxW3lQ0Js7rTOOJK6uQ0PPv9MmgVTvAMTO37LU5fmJ3EGfTWuBSwvaDMJAvhQpXWG2PYXc/OhPBhA8dqxUhd9nmSYlHBSdR68ETftsViQaBoOyGEcjOZyTnM3GMQAlnX2rLcOm2KaYaJbQ+lksTT4eye8A9JY6YdMDrSfnkops+7ECJgqYY00xFI6bg0+C0p+WJtWk/YQuTDwjTHmKBfVIMOm659EzeXC2mq9j51z8jX49NfQg6heQYGad3W273P4El/As7Lm1BKG8cKHTo2yQKEcC9coYrRUcFS96b82sgCX+wPq2tb7TIHB7nMjuGc6oMQwQY6lcimzwlO/1r0HpCUhU/p3Sp2coyqgRI5WqczI5kqs/9pm/owASpGXOma7/Yw27Q9z4dDM0rz2mM794XpsCF2JxLd5AwuV3N9YOqwOWCkt7XcveKqz0GPd/l0RBHi0Nx58C6eWhbGSUK8lM1H06Pw/0fkh1qJMtpPK1+qqR37jBgktyVi941Ko/7LK4DGHk6P2+BsGNPrhA==,iv:n0S64/G7Pm6ZwszDDFMR4qvugU9+HhQDfptOv+KGkzE=,tag:BivicBQ1kjWRj7ZD1c26Pw==,type:str] - rtp.conf: ENC[AES256_GCM,data:wRhJ3O8qgECEuMX4mCKKv2igiMxTJS6p0IkgilBxPU7sdFsy,iv:UkXcVOwRDlp7s0+u7QbQ6lGyaJq2JO4YaYMzphOA9ew=,tag:iHJXCC9XAnaQc6qsCTNEYQ==,type:str] +#ENC[AES256_GCM,data:koNrUwSd8yki,iv:OWn+BvvlDhV5g0aT6vj/XnJn0yBpPEzDe70aEnGpPyE=,tag:nwaIzDU9e/VyfPRwigH/XQ==,type:comment] +#ENC[AES256_GCM,data:Edyn0TZVgQvmf4x4K6qzJ6OQtMJP,iv:JdIudLJ1b2qzkAo/tkbG8t/qubeL7v8Rp2yWy8CgRPk=,tag:WGUU4TgHa/qxf5d2d4oJMQ==,type:comment] +#ENC[AES256_GCM,data:kuWF0wpR2bGcP+mjurtCvNqhVpuqO5DYNLs=,iv:2JuLlQ5oS5hR1WGn+wMtAvOysy+23fvjG3HDncLBokA=,tag:sxgmrNZb3dphMASAG7lQig==,type:comment] +#ENC[AES256_GCM,data:6E+vU6uKweNZIpnLsk1R4wg=,iv:WMZ5gi5WKA2jfYV76Er5Dn36C78xVTXBGc+sLz2hltg=,tag:T4y/os/1pBwB8m4lt7aaYg==,type:comment] +#ENC[AES256_GCM,data:2aGKb01LdNLdJdh6hFPsiK2qnUksBeHFL46aeA4jcfqFT0/eS9OTEPrlfZAIlw==,iv:MV9Rt5jGygcLC4JTIMBR8FhEcKQ4hzyXWxWHgPMOnN4=,tag:y9exk7KSyz0VvbBZQqVTug==,type:comment] +#ENC[AES256_GCM,data:Q38m1R59G9HHQD3evNt0/OAF7KPLplLFF314GuNA+sjYZF06npZ7NpErJ41KjCi+o3sG2pAe3/j9,iv:4XOVyyHdAeL8pU1Js+4h+y3zvzuf/R3EpxNoHcU3nlQ=,tag:PpEbr1HOOAbSR481orm3wA==,type:comment] +#ENC[AES256_GCM,data:BtZh9+LW8q30LlMIeTeFo8s=,iv:pVC17w2XK4VpBDitwhW3BmO8CzuxWPYEUkSPIMrxa0w=,tag:Y1bLSBysROKPmmmacCcWdw==,type:comment] +#ENC[AES256_GCM,data:Yr3D4deUxfCfnx4=,iv:zcZbgJVH1JQnsA6Xl/tMA+v4gSE9f/UiGbDLOiogMWk=,tag:NTq+vVoA3l7gdfj+9ZUeqQ==,type:comment] +# +#ENC[AES256_GCM,data:DPNZCtKsvt2TbTpteOX5uh7P,iv:JQJrcv9uptD8cqMGv4DLi4YleF5Dg6hhU83V6vZfe18=,tag:FjEx6Lwj/0KHubeZcy62vg==,type:comment] +#ENC[AES256_GCM,data:Y5fUERk5GxkhMCe8pdyEuixXQ6tmz/2vsRmEBNdGrg==,iv:QNkZBFqg9lsTBcn/HXb5EUUOT5YtLk8cR3tH53BxcD0=,tag:LMpPZwdcUouyOLdw/QwRrw==,type:comment] +#ENC[AES256_GCM,data:1uSrAoDFqpqXWixv+YLn5nHh4eH+8sYlzpq548Qlk0mu0w==,iv:/4OUiMVim9Jr43+JpR8j5HEp2dKKr+2N3mnip0B0waI=,tag:fw358ATo6qp7Li7PsAt59Q==,type:comment] +#ENC[AES256_GCM,data:Z5ZX6TqSYcTaWx3ouOAY,iv:WF0YXeAYglXQlfPStMilAoVJznJsRoMGd+QnxPWs148=,tag:kVLnxWwiXqxmhzxRGdfYVA==,type:comment] +#ENC[AES256_GCM,data:xRp4e2j13CHZ2JzmvtO0jlEfWPsvaxUAw0toKtQWy82JbA==,iv:HxAk56MKqQkw6gAm7LskDWaCfF+ZAOi+XeYHkOBO6bs=,tag:MIwUfICkfeyttb+JGlHwmg==,type:comment] +#ENC[AES256_GCM,data:RrLqfa8+bWIo3ZF6TsH2+Bo=,iv:ByDQwPS2qDqLoHJYCfn8rwZzeHrNs00LQ8vKJq//Jh8=,tag:856gJo8SfUeZsUP5rXKumw==,type:comment] +#ENC[AES256_GCM,data:GsTl6zwg5d4UFkU=,iv:DSDqA2Lt+p/CnhPO+fZXDDJWy98wpJXV6V8SbBpokyA=,tag:fMUKuDyZAkyv10bmrl+hlQ==,type:comment] +# +#ENC[AES256_GCM,data:xeRqstRJfW6jLFimzF7Sdie8,iv:9gPkgr4udNSFHI/DeNWWdl3N4Jbo7jUlGcacXzYUzUQ=,tag:bdtHw+giVWaIL0uxKqSzNg==,type:comment] +#ENC[AES256_GCM,data:o9TKPq1Vqvl/KKywfIZjUc8=,iv:vWKE9iyf7uqTgngeYndKUr4Llvy02LOJZFxF8YE+IwQ=,tag:ts75yi4yz34i8wcz22yFQw==,type:comment] +#ENC[AES256_GCM,data:/HLJJlGoDkfRH2R3PQglBthL7c9AUZ9P,iv:zNwtm2hxMuWofAzlWmm2dRTVsfEdKgzVshlgiMUORoo=,tag:y0b0C9TKjTLmrso6nIBYYA==,type:comment] +#ENC[AES256_GCM,data:8dShCGz1B/q6liBoq8r9sV4=,iv:3daeyLDLldMpW1dS7IQSi7WKqePQz7ZucxPD4Q3s4Wg=,tag:FKtgLRN/1O+8AeGzMI5qFg==,type:comment] +#ENC[AES256_GCM,data:tVwliFSYozYM52o=,iv:FnUA3+4XJuyza/H3THOWz9mAHic69w4oczMcWKc+PwE=,tag:tw6onP5xt4GL2XcC+Cq5Vg==,type:comment] +# +#ENC[AES256_GCM,data:N4EhOl7yEqT6DQRbmBz5cnkxYQ4=,iv:H9z+ZP8vvE+PTauAAzg43pVaEjrLI4nLlIe4ni9Keho=,tag:wAVKSBEk5sPchGegUXjB0g==,type:comment] +#ENC[AES256_GCM,data:AZciKcw/bMIXHjTI6lRcl5xPBg==,iv:37TbQSCxbQPy9hkA4msaVqBwHMXJk95kZuM8pxEEGOE=,tag:e7FkGKEHY1ZHqFMfQ/jlJg==,type:comment] +#ENC[AES256_GCM,data:/WQn0wHchGLYUwQ3RfrJDiIm/CZFIkJROzBlbsf9LlM+k2s=,iv:RzRlSNosNS5xlRpXibQdcZ8bi01RDJs9mdoTBdUzQvo=,tag:DuE6htQ8uolsry0haNzzbw==,type:comment] +#ENC[AES256_GCM,data:NlA8Xz96TJJVNlhCCYqeHLJwYg==,iv:sTQ43in92gD2arVfHX4UrJCIHaX6rEAWcWxsCqnhvU4=,tag:vHczIYGp0WyPm3yH5FI48Q==,type:comment] +#ENC[AES256_GCM,data:X174VF93LZr70A+1vg==,iv:laAgfLpCwzAez03EN3HXwKzvfwbRECgIzpQq7vz+hXM=,tag:9ldfGGjnV50B3O18kOESaQ==,type:comment] +# +#ENC[AES256_GCM,data:0Y+K9H66/y+mzZM/Zf/i0DTr,iv:AN4wfSg7bT3dDHIJDuknE6/Imnd+L2inSGKNCEbSx2w=,tag:fbGNSv/Vr33jhVD5zkv0lg==,type:comment] +#ENC[AES256_GCM,data:hZN4Q0NdAp0h/4JPem/73VI=,iv:Xo86Epq3Whcd/dJGgsAqjWcfdDFuYaGtVA06d/Vik3o=,tag:tkJSkkrc9uLGl82Cwa6J/Q==,type:comment] +#ENC[AES256_GCM,data:Y0jraJtzyWQEYaikZCiNChoWkNLlJA==,iv:IG3CjUidzaq6VLbAfPQWAX8cd6A9rBZv6P5G8REXl68=,tag:Fkw7NewUqxDOTdXOfp5J/A==,type:comment] +#ENC[AES256_GCM,data:vJBYw8KYp4ET5VQQG3x8CmY=,iv:iRQS+eB58Hf9/aXGHHKc/N+yMMQNpvA0LyBlP9pP6kM=,tag:WB2SX7FHqKHxkD3jqwu4QQ==,type:comment] +#ENC[AES256_GCM,data:DP3cG8SqADmGjJ8=,iv:jt7aFHphO3kPK+tCBHWu5fZOOpI9qZAlXZYa3Tc/GvU=,tag:Zi6xriNT6Rew7KSLxrnxvg==,type:comment] +# +#ENC[AES256_GCM,data:ER35lsO/pWxe7Y2t9+CMdglM,iv:sYp6UWwkoEbqoKXscCwTDQhtkaU2gBXYFc04grB4mRA=,tag:J9UdyqtuLuVoEUE3pWtuKg==,type:comment] +#ENC[AES256_GCM,data:kubz/kXTQoLr8X2sHGEhovsF1W42HTs8hn1LI6bqViIhqcDe,iv:rS2KoFeAedKtFCOAZC50LSqPTPTzMaIHgtPWoSMLOio=,tag:z/IR786mgxtsSMsrjbBWyA==,type:comment] +#ENC[AES256_GCM,data:J4eVKfcyNnj4qs7U93wmWG7ziI2qAf5wrbZMFW/kiZYfIGzP3+4=,iv:ZDI5USiPw6vETDhCxF9s8/II1QRZ+HlXgHXosVo71nY=,tag:OPHrfgB/nqcfHTlzNW3UuA==,type:comment] +#ENC[AES256_GCM,data:BY5yJR2n4c3pN7QU4JUvUh+ZWfqLdaenLvSSyUXTlx+SXJUM,iv:o/NdY9URIt3FBrUfrbfTgBUjGDLXPNG9flDaoevk+tQ=,tag:hdo9PJsSyc+W3LS/N3t6mw==,type:comment] +#ENC[AES256_GCM,data:RFMv0U1PxQZGY92iQlVk+us=,iv:EEBhxZu0QOAv5oRM759rLGcpZH/QgSV6EYXiCEG3Gik=,tag:0S+4dhitEXzrJKdv269hWw==,type:comment] +#ENC[AES256_GCM,data:J35+o84yGofskT8=,iv:fvX6/RM/PLGFJGvRKeXgyKlXvpkpC1GdBfIzUQlMlcU=,tag:YgXIBP6er+lamAPgASFqxA==,type:comment] +# +#ENC[AES256_GCM,data:V+lIr2vZHQbmdHLElWrAowI6L3eHsAaiwQ==,iv:XUllNkux54jqE1B8Due5TvdSn9WDKjDnJ9x65bzTgqA=,tag:9coS77Zp8/3PhRW0DlxIqA==,type:comment] +#ENC[AES256_GCM,data:8OyKTUeTykagBB3pp4v5RoPs8faabv4/knp2rT2ybwHGf+hkT8InH35FsP040oSCMrRpnY+pOOI24k6YtGtg4ciPBXz367XQk5g4k9FQbTN8OGyXUsC9UTgSE8ezsuXftyuw81cXIJmmFUegaGCS6lngCTNEonG7HrXGMedChl6vbw6cGDdyzHQ=,iv:063MvIh0K4FRmhCeEKODC0mzXYA3xBfj5Vwr8N2F78k=,tag:n5vrDhj2U0+ihYTzpH4mbg==,type:comment] +#ENC[AES256_GCM,data:zGB7GHhzsrYpeCJNqGA1EvBLyrUmWC0PnnVChc3M7M8daVpi0EwXd5rDnsw=,iv:MjfJVQbTcQ/CBW9OiTe4B3LxUdoWSxZxutNpd0nSPuA=,tag:/btBe0uUdm6lT0qhuh2ofQ==,type:comment] +#ENC[AES256_GCM,data:rvi0Tei8aDONEIVIf8bFT5/9MB42cOkCUPDCOfCIIhBSBOPJgp/gSc7fbDyxPcltGKPmy5PZtQ==,iv:mL54m/JnXP0iCcXCVcqzDQtSSbzStDiYFNfOqh2beTw=,tag:b+KecBxOElBhSZO+09pXdA==,type:comment] +#ENC[AES256_GCM,data:yzLts4nuFJ6B2A3lOA6dd6C/dc0=,iv:eniXHvGrRVY7wsxHhBUmiXYrJRDn32GpVguSsivBH/o=,tag:m0nP3PQqomIoqFU59qSMIw==,type:comment] +#ENC[AES256_GCM,data:SbVJ/6BdZ2cUhIX4pRSoOFwNi/J6OEHXNQ0Y9+iaCpX892zAFTj7MVAEpwQ=,iv:zkUDjDAySvwrB+osSk6s8v0Xp2uWb1WnN4zu+ATeW/0=,tag:SjQxtFhDdGmZfDWc84285g==,type:comment] +#ENC[AES256_GCM,data:rsMLM339Ng0J+CSd8eI+0iJKEFAa2+TbpLYAFO9lD94vGjrRp2TLIYY3XbgCLK8qgR5csVCd5g==,iv:/Vq50LAtE4AgYP4hOR/TogL6E/PEiFmeRj8Yn5kc/y4=,tag:rcoMCfsY5aefbzycaLcCnw==,type:comment] +#ENC[AES256_GCM,data:juhPTHtHltDDPQ+0vxjAR+gL,iv:aoP45LG9s12qGON73w5g/Xo6fPONZKfCWxVVXiQVGPE=,tag:9grJnf3UrF7Ub3QfmvxN4A==,type:comment] +#ENC[AES256_GCM,data:hrrNKoeKYAlV8J9LCwydZai+9zgKB+pJY3gD43pqx4zkhDyi4ZNyiLSPGwc=,iv:CN89Sexq1wCBlNDiJLKdl87SrVAuE6JbaGZSl4K1Ibg=,tag:OfZzeHg1kM14bWCSlLvE/A==,type:comment] +#ENC[AES256_GCM,data:zrf0HtyxuVfKn6auS27cGX/wboqSzqPZOfdS5cezquL5ykJeCFNX2LYGMHi/Ab3y3o3Xup1KiA==,iv:nRBJ9/YXezSMbLZVI3wulLnhFs8worafDNAeqnpFAXE=,tag:RudcLVsezIkjY5ze86P8Fg==,type:comment] +#ENC[AES256_GCM,data:1NbfTZRxDxoVVlYGWiFbraw=,iv:Gsnnpuu1m5yfOyogbCBzJ1FIZyjL8gRqRSyj5uYqBZs=,tag:DDw0PXGPdoU9Dy6CiJQOuw==,type:comment] +#ENC[AES256_GCM,data:Be5ykZ9sxAHz7Bk=,iv:3QA1EiCbpagmNOqAhyoli8A0nQWfODTvElECykaJqPQ=,tag:ZK+GpY7b8rKw7Yos+FOpOQ==,type:comment] +# +#ENC[AES256_GCM,data:/9VfkNKqAReTgTdSvQY2JaAHsXtumSrQrd8=,iv:KcUHBGVlMyBnddeOI9TBWAv+Ik+he2bLp53Ddgu0Zcs=,tag:U/imF4+lPRes1t5gUpD2XA==,type:comment] +#ENC[AES256_GCM,data:CtP3PL1Nr2unz/SQfTIKynzflv7X42i2gJBqmsM2kdoh+q/j3XJy0Ry4Dd3wqjMk/vtrZGFrWdPoEJ5KrYvN6BvdzUzzNhc6a7YuqXkFsXBRipGw66dpm85RJ8aQYgWu1KqPRPoSnqSglAWLXBF+HzbIlHSuHQ40HVLms/5y/u7cMJgCLRtyN6c=,iv:Z4eSlo3EGDMx99wBeyhwWf3jsFWNHwWa0Or1Mln3LF4=,tag:7+p+T8Ud9s/5kLrRBEXhSg==,type:comment] +#ENC[AES256_GCM,data:wBpUUVRSQImQoZDKHuUIbNK+bhKv+YHjh2Yqd9QW77s5XV7LrRMfW4/ZYQ==,iv:8DKM6v/mSgNtIeFC3YEn/YfzBV8gQNp+k+C2GXsX2oE=,tag:25hDvhgm9DPJAqSI6bvZGg==,type:comment] +#ENC[AES256_GCM,data:PHwWZRIhodwLWqmpcEdWQojLzEBM9ots+X92w+SUpE8C865cslcU/LTRRlB3M/bnfuQpK7Ac,iv:Ng4jmfoGaFTKViTp0FXeQuCIZaBI7FdsYmsCzJ9LVyU=,tag:BipNTijyXeq05DSdWwRVag==,type:comment] +#ENC[AES256_GCM,data:bYxNetex17+C4xJO6WSMxbHH,iv:9WhdhpdcUh324as7tBdd2m51mv1/eEpIELOoThtcuVs=,tag:B75EaPx+bVe1mVew+UfulQ==,type:comment] +#ENC[AES256_GCM,data:AhoWpnxWgOeeU5s6wL00L6reBcpOtV8irwVd3fAEe8DCreEPBnqpwGevwg==,iv:0UWv9ucAj9R7y+QUEr3QFn4GqS2UoRc++xSdsAErDXk=,tag:kC6N1fNTz4YmSsMuEW6epQ==,type:comment] +#ENC[AES256_GCM,data:ov4K0cJSxxE/ENcaevRXJV+jAfKGKBsaXvHYgArUtVHQbepWpGsJfCkppwwvVcEyTAfeUDNO,iv:i/CRlQkyUA+CF20SAA6GbCTBnHpRXg8qbOvOZoR8XEE=,tag:abAym0hWQ6wykamhCZtl4g==,type:comment] +#ENC[AES256_GCM,data:jSJSXRF/DEnonOg+++gcFGkr,iv:g1o4qexYJY2aev/5qMJEyMyyZGO4P1Guijl1V9q8y2g=,tag:nLYnhoNuxkbOgXnkZTrS7w==,type:comment] +#ENC[AES256_GCM,data:2ID1+ZbUX8wEPtZEqgRY9WueOOI5vD6UFfK0P6npXgfxmfvGmB+e+dnt4A==,iv:u/OM5noggVYSVuHhc+tKCxBiX+t6PSHB3EKERkfhmbk=,tag:Sl3Yf1iN0PPE6hvWu4CyTQ==,type:comment] +#ENC[AES256_GCM,data:g0k+f1bApJG9pLPfnAur6rny6xMfI2K9c2X9gVp6AQqHj/5VSQR9vSpF+9Ng4rS/12UAZWfT,iv:NNquw+EnBevv/5sZFsClfbo/4n9W8guxBnaEhsiP5gU=,tag:74u0ii9UIIbW2+IQ94KSkA==,type:comment] +#ENC[AES256_GCM,data:RsOaGh7pe2N8dICKNpwLWXo=,iv:6Jst/NIF0E5mb8vnsbGFen5WbCcBPKOhjguja6EORes=,tag:DQlmrUSy3QZDPWIyOg3Sbg==,type:comment] +#ENC[AES256_GCM,data:LzSQ1zgetryprs0=,iv:0vW+cUM3k97Lrbo7hF4c01mPbeovrOwPAUwVzz7thcw=,tag:zt0DteAxi4W4mfkdB0mkYw==,type:comment] +#ENC[AES256_GCM,data:MvQ2a5TWmqN4Ew==,iv:IPCYJBFM1x1s0jNITUE42TsOJMX1nBl7tYnfkpdfvU0=,tag:SVherXXtjrVwZGW2azmLXg==,type:comment] +# +#ENC[AES256_GCM,data:bgc4f/2RrR2dW5vQjeyNePgmoLOKmpIqzVM=,iv:H5uenlSITm9wl6Hkk+91yG2J1II4U47ROIlGcuZEhFA=,tag:M/9/Vjr6sTjKbLeyqnyE1Q==,type:comment] +#ENC[AES256_GCM,data:qEWa5Gzr6XseeEs2sYkoXE4TM8n3uccR9Q==,iv:3aWgaP+TNUBNlQEAnrOg/kvIRHyptkkB9h3a0dWuViA=,tag:kPWFT0XG5LSMrSD1JIhOUA==,type:comment] +#ENC[AES256_GCM,data:Q8g59UA+ZGRXT7Ygr2f/obZDP8MHXw==,iv:wgw54HCMwdJQ2p+OP3BB+Qh+v/GQvhquScYDgvSAPCA=,tag:IB26ffBNOJCX8+2Sl7ElEg==,type:comment] +#ENC[AES256_GCM,data:uRxOKL32JURtb+/XE/mRQ+CC2aYWWxR98p7AGyUASd/jFnJdl4aqttVvKabuMjvKWrsk2c1xD734Dz5tMsclT8OB7lPNwwpGp5g=,iv:jA0XIYjCR/4+4OjNnr+KSt7ulliDa9w/2tEPD7GlHo4=,tag:iOiTfLnafUH6VzrpsgefKw==,type:comment] +#ENC[AES256_GCM,data:+g9BiEj/8FiydQxDNO/Fche+,iv:1NkNgP1QxV5emu1yHap9/srF2tt2g/8jaXhnE2Uz3F4=,tag:OhlBkyyNkJyFPhyf+jiKkA==,type:comment] +#ENC[AES256_GCM,data:9p3ftfRZnvlhRAYakQbmzfr51QSeLnD27Q==,iv:Tk0N4HLngjY2Kp6AnHlSppo5JS2eupwRm27hEdXdYL8=,tag:6Em3dbDs2xbC3kk6Q7Wcjw==,type:comment] +#ENC[AES256_GCM,data:lueEj+bYuJOB+l3ll6OhVcfSz1wX7Q==,iv:gDRtIVAtaDAvHUcK/xjQgjjo/AZByRuTR8cXCapgZXo=,tag:dcoanmEDgtulvJdtTC8iWg==,type:comment] +#ENC[AES256_GCM,data:mDV8VHOVG0VSvqZYNbjDB162HEHFQvMR1oP7,iv:zjBquqa8ACwtNKbfXGVhxDlCHsi45ZWaq/F0Dtxd6fw=,tag:whdb/WADQtESImE4jImwOA==,type:comment] +#ENC[AES256_GCM,data:qZ/LnzbeDvj9f3QalSd2OwuLEsvEfvOTuiy9oQ==,iv:5OBekjL+y5oR8L9uaRLXYcZ1yQt+Sl2jPCiNmRv90sE=,tag:IPk79XfIFTdkzb0NxEnscQ==,type:comment] +#ENC[AES256_GCM,data:0yd/4Ctgq/lil2OBtMLIopj+T8hdRqbfq9AyZw==,iv:T0qg+Ag/6UycUCOyauD4oj92c9SUocmTDKhxFYCPI2M=,tag:PcQFljhmdPb3RkkLOXjqMQ==,type:comment] +#ENC[AES256_GCM,data:aFzpb99XER8q6LfKb9SEVRDj,iv:gFu6HVrHmgChKi2EMc/WdowcqktML0KtuyJdJhbz5rM=,tag:/f1qElxNivJOzb7SZRqi9w==,type:comment] +#ENC[AES256_GCM,data:imSHtr6vBCS5aMBcPQOfMai+Sbh28jZbGUfzo2Ye1KBttLmV1QSJCA38weTZ8GahzKQTlxaEnG24BmyTs9UN,iv:E6oF2mW8g+03q+F3vUfsklLTqaMo+qiYC3B/lNPzhaY=,tag:0mxqqVsi0ZAT5EAhLKaKLA==,type:comment] +#ENC[AES256_GCM,data:8KHxrv84NgfoacA=,iv:vlt+6Qmgw1R6v2KusPIFx75xFqufcssB26ovo1+6Zrw=,tag:/bG32rIh2gG7dW5E6S/aLQ==,type:comment] +#ENC[AES256_GCM,data:R+t85y+viDb0/R7JuyB54k4=,iv:mBVQV+tltYLXw+foADu51N5fpXrqF7hYLG2OiMbWZ9k=,tag:xeWXnF7TI+kiehZIEEEcHA==,type:comment] +#ENC[AES256_GCM,data:qVn0Vjo42u31sKE=,iv:2453HNpZLxnJasgAXAyjWx4BK6Y2IguwdrhyagV3b0k=,tag:AJXsVweXNiQ6hiSdRD4rvg==,type:comment] +# +#ENC[AES256_GCM,data:870a7NWcXKusP9tkmjpPMH7QtNL5EuiR5A==,iv:IEGuYGVk7rVi4BF3FQITwPAe6nGvs2t0GYA/UTl4Jdk=,tag:1cvq8VJ1VbxXIeCEhPK9uw==,type:comment] +#ENC[AES256_GCM,data:6fr6msoUoVJIJDgtL9otyKory3iWVA==,iv:vVt0qCnQyZoYc3Ncx5Z8YHGkBLJxADQS9KiU0fvANNM=,tag:MJkLWWfw1O9Jnqbl/6AoCg==,type:comment] +#ENC[AES256_GCM,data:tWPa6UdPoYRiVElPbYNv/QFYloJpkO/9izm5DMflx8KWSYNUZtu8QmLvrXxmEpTd3AEicr9ZGGaTdMdwos12xC86IyjPsLb3JxY=,iv:PGWtqsLB/0xMxgi//0EsZo8OxqlJrwD69JmY2KDZcHk=,tag:6GO9Lkjp/Egr66AZPS8mAA==,type:comment] +#ENC[AES256_GCM,data:8pSWxh7uUisOxbTYqIsKYiX+,iv:d6q1eQV2ckSU2vOzqrvAZ+Iluc9o7+ZMhIxo8H03PqI=,tag:hxnlfCBr6gZg4NvJ4q11jg==,type:comment] +#ENC[AES256_GCM,data:FG9YA6i8HJMNSaTn6R8PV/edKZeAHPgEwg==,iv:yOFVYMr9ZPs5z9n2A9KStZ3fhiyQhJpMui0huSfs2Zo=,tag:EGAtYW1uc8Bbj4EHVofhQQ==,type:comment] +#ENC[AES256_GCM,data:N0vkSW0vD0YL3jyTxJWscknooIt3ZA==,iv:0zhhzYCdNFp8HghxrL9Nu8vrRHAm0FVpSTWBQWxowgc=,tag:DDkE5xue1051732fUMt0JA==,type:comment] +#ENC[AES256_GCM,data:UIGa7jpdOB4Lfv5JsbjlV8yeh8pDg5tLZ9My,iv:JAGqvE7c43pWRGpwRS5qjEjRVrnv11DESCaGSzarwHQ=,tag:zGKKpmNLjXFDXub7Z2AiVg==,type:comment] +#ENC[AES256_GCM,data:jCt4qMitq+meYz8hlM5HDfJ9kN7OM9CAF/aY9A==,iv:BFkU6fr827X3dDSig4KXKvEceesmWygAGmrBXWwCxrY=,tag:I+z23JgupQ6UHYJzE2Oh2w==,type:comment] +#ENC[AES256_GCM,data:rhBzSaTx+gPSWUepEbG7d5j01MEPJwcDNoU=,iv:JmqO8MvpeqlkSboWuVAF80Sn9HsR6yEjKFJgKszc8v4=,tag:jLpagtpfGQ9rv2faLVDx2w==,type:comment] +#ENC[AES256_GCM,data:FRlvrmXEf05F6PgENUZVaC5R,iv:Hbb3myNwiWlcG78aHWWe5az3HpujpavT0imPVDERA9g=,tag:/Ala51aCehpJ06/Nq0Aqcw==,type:comment] +#ENC[AES256_GCM,data:AdmSotjFoQ9HLllJfVhytPR38/uV7hggeQW6oeJjezTWPGdjetkftraYS0I2oRz+cCepsBNyU7V6oMU/IKKm,iv:Pab4QLtgCN/njzl5G7tUJiiSHg+TCK07rlSPobJnPr4=,tag:e0crhizVQlOayutG838VvQ==,type:comment] +#ENC[AES256_GCM,data:cw4Ng6EYpc4dKxc=,iv:4TrHjJygdOeijK/2vJQQsO3lGa0cVyCsSWmRSA/XSt0=,tag:v1GDX3qiYyAGgCpUVEarMw==,type:comment] +#ENC[AES256_GCM,data:qQjh6E7jme6LAUtb0kkzpqg=,iv:t3FFpnb12Hi5uGe+bMqWB84mqMTBZqewGi/fAEw+noM=,tag:RJu/O1TA0cy1xCjFuSYJjA==,type:comment] +#ENC[AES256_GCM,data:qTlNeSq2WkF4dOI=,iv:6ymng817HTeDds0KuW208kQnfarE7ahBybwyHitisbM=,tag:pAycVFy95ujAkPODZOExsQ==,type:comment] +#ENC[AES256_GCM,data:UQkM5k5QfJfoFg==,iv:0TDmGDUADCnYvIJf8cz1tD15zGevTEUPTfcFyWPuhoI=,tag:vo7JDfr+UlrtWLng+L3O1A==,type:comment] +#ENC[AES256_GCM,data:/b7HzhZiiuEifWiw6QtQ0Gk=,iv:32tJRHd0pqs4B0Ut5yg6CiIINzGxQczg6Ka/ZN3XQAM=,tag:BuvitctLA6QuM9L1+P350Q==,type:comment] +#ENC[AES256_GCM,data:PJSab7u1SpCEJ/Vbek6BckFjVMhoYjhpZLwsy2Q=,iv:nSguWEO8LZW17AhSwbY2QgWf14iLnL3SNxDbP11I6s4=,tag:mZpa2HC9eploCJRRfYQNwQ==,type:comment] +#ENC[AES256_GCM,data:ncqHrtotQtoXlVLzQ17WBVdlA5CP9A==,iv:SrvHjpSzyh1hU4mpPbtnej4WJ5+WP2C1UKxFwiYxSw0=,tag:TfLM8CJEEeAoItff6wSZmA==,type:comment] +#ENC[AES256_GCM,data:HjCAmw7B9Ah1/pVwxb5rUXqy4Pc=,iv:bDD9cKd/imH5+iozynxDgPEoSEIIphjkfwCZu30qKnU=,tag:Us5niBmVRaXPUSVGGwdHwg==,type:comment] +#ENC[AES256_GCM,data:4XnKVoC8z/uu0BVlJipyv/l7a0ZNdQ0V1xF3Nz1qN8M=,iv:A8FS4aUnMlu3KibbM4HSaSmbMSU8LsPzivzBNUvUxoY=,tag:rI0q5sR921vCGWk6yL+pyQ==,type:comment] +#ENC[AES256_GCM,data:jNXvOEztxrltP7q4rlfn3GMCNqTJgSihMwN4rq8M8/f944oxTrZKX2TR74w4,iv:dTDRhG9MZYxF8GAeVUUHZqKtwbmLkvoBZkaw4klIRZo=,tag:R5OOeLPX8ILVQ3blZeSp1g==,type:comment] +#ENC[AES256_GCM,data:PPV53Is72DbKryu5SldI/cvC/OEi0iUh03+aAm68CKqc+8+2arJSPxYbMwl6lr/N/w==,iv:CulUqXYhQAPb/Nxd26i2VPeJbJRqhRkGrQr1oFUZrUs=,tag:s+aazHjWnxoTg88xPRIdnQ==,type:comment] +#ENC[AES256_GCM,data:DvVpwJ/qga9No9NVByjR/kfrqpThk7b6gyGbgKlA,iv:U5O+dAxg0j92uRbo8Mmsqrk0P+74RBhILnRzdIxmjxE=,tag:McLjNRvm4ODQVc5U2WMU7A==,type:comment] +#ENC[AES256_GCM,data:JDhpV1lVCLEtxrw/yG8F6q4yJj2uW/5yyERoiBr7Dp4YMfM0B4F6A+nuxg==,iv:FQ6BXkQDX0jPy9+2vpBQA4AEKu6tKm7Fa/++85gTtKg=,tag:uXOtz5aDEovuZOfpHGD6cg==,type:comment] +#ENC[AES256_GCM,data:Ss3HZ9jwy3BYEPUxIIcb9owjz0pC2/tHSwiXkpjfHI/VBsCo4sjhSLPEFJBwAmQ=,iv:In4bCeJ+awjGyosyzUnMAJJ6HNeYKYkssZXVTFVa4eg=,tag:r5RCOURKd88lIQ+/hh0Ieg==,type:comment] +# +#ENC[AES256_GCM,data:761fAyNbew82DpMOHHhFCtbXKAirp0/EHLQ=,iv:vu5eWu3I9N2KNOLYsgvOJS8Q04Qz1yILJKFo8GcYTHY=,tag:8APc/1x2khyhzYSYNSux9w==,type:comment] +#ENC[AES256_GCM,data:qAM3q6ux/NY+F/HTgtPyF07YHgqjeg==,iv:ub/L+gvpoJY8VX/EZ7rGCTA7RLdyXzEGAIj0u+kbYl4=,tag:b7bZrmw67GzDFGIm638i7g==,type:comment] +#ENC[AES256_GCM,data:shHhdwchJf1ycbSQIDGlTnwzZfA=,iv:wXP1bMUQyMVoFbSMfDFa3hhqwJAme/0bUSfsx0oUx8s=,tag:unko7HBj5Oe5RzqY1JCOIA==,type:comment] +#ENC[AES256_GCM,data:eQOr4L454juTJAIWcwp7pPKiMFaEChE59KYl20g=,iv:LEFggdiT50AkRj/T6shiTfIEtznA+s0IgmIFq/cVKT8=,tag:bf+3uWrDV8uyHaGQz02bFQ==,type:comment] +#ENC[AES256_GCM,data:8EN21PgAL3k8FGkZBqG8PRYTXEfYbRfzXqvZvjOOYbc=,iv:09sBBh8Pl7Gw3/KknqJF+mX7sziXUsY6k+8riEPJJSk=,tag:RfSYmcyxFyWbWFRpf0vtRQ==,type:comment] +#ENC[AES256_GCM,data:Z+KrmBfOCc7buLeEZSortJrp0EQFH/gTfCkp12l6,iv:eVLTPRO1Hiv51fWfckSiiU+psvmvHT2usL2IuT1D7Fg=,tag:fcisj0TvbCCANTrpOCzq6Q==,type:comment] +# +#ENC[AES256_GCM,data:1naYyapZP1Sf7/d7rvM=,iv:+bzQzrKho7qmANnp71hn35RVYBNFaHDXfRBoWrCjMp0=,tag:iaDYIb50KLsBwKaLLLCJTw==,type:comment] +#ENC[AES256_GCM,data:AsVU5oLsQV4P/eO7sdG4jQWI/9lY,iv:UZuKcwnGMbL7ynJy6Hi/a8NV6wRSaxdPZUlsDaKgE88=,tag:gJ3IgoT3VsvT7VU2I49+/w==,type:comment] +#ENC[AES256_GCM,data:04u7xJ8FAWO1bwYshgTsvYF5aWPKbbvpDgnH3dfbbJ4rIg==,iv:OTs8fcjT6irtIyoPVGFNC62MDatUaRI6a7ZjezEMkKk=,tag:JmWCTY4FLMSQN2qWFoqQ/w==,type:comment] +#ENC[AES256_GCM,data:XtpX+ghnXln/pBWR2nzA+dVvF/JhzoAJ,iv:C0vXbHn4fvu2OnVHV/R7TMWvc2QPvaQ/G03gDVaj8Vc=,tag:FbC+KYWz6Rm/2OJzj8gSQw==,type:comment] +#ENC[AES256_GCM,data:mPNDHm/1+A3EF1cltM9Nzs8NTi53z1pGyT+1x+PGuo8wPs5s3Pm0pe4q,iv:eXRESlusYlM8YvY5WGNxxsIFxCE3zss+YJq3ZGJQVRc=,tag:jgtGt5mISZVYjwn1SMi0Ig==,type:comment] +#ENC[AES256_GCM,data:O3YaY66fkwlRBFQ13/51TfmdDUA=,iv:wQ0BhRyN4gKXScWxYOTmUaYIGYilN3lZnd3yXIYxlbo=,tag:NBu9CFWUqk6x5q8BGdhisQ==,type:comment] +#ENC[AES256_GCM,data:4mOi5U7tX90UN1Pqt6az5hQm,iv:aZkshz0R7r6wdyA+4gexy9dh2pGC8JNAy4r3JXvbghQ=,tag:R9x9jkc8+VuzjelSqpeCTg==,type:comment] +#ENC[AES256_GCM,data:Ze2NZZy3deWf+PYMCBxwhM3E,iv:IyPA8m+xQ6/CyYfIYDoXf0LNmhbmcFnWyiR+d8cTB8Y=,tag:br/4/5aS7Wc9oVSWWfTCmA==,type:comment] +#ENC[AES256_GCM,data:iXM/bRiK2WID6LV7ivdBZY8t,iv:AhZb5XiGFshAnM60322SJETK17z9KpqucrgofjzjR6w=,tag:byf4ZF91atJcO+gA6ImyWQ==,type:comment] +#ENC[AES256_GCM,data:ChhGNI/CaeS2uAFVXyCJGOA=,iv:u6wsa1iANNDytCaLEdYdAeraJGs0qN+mQ0UKIQemJu4=,tag:D6T/VwzjF22sP2MZwblLdA==,type:comment] +#ENC[AES256_GCM,data:pa0vuJMqgJj5UIT2qvbdGCo=,iv:DyV73yWUdMdoa702d1ggZtZGihnqc3rlusCFyFCDTpQ=,tag:DEl+iodZXqcB7NCbfySb7A==,type:comment] +#ENC[AES256_GCM,data:Z81YGP/CiAueQMSU3jKiSCV46WT3b7EaO1AWe3I=,iv:90xZtzlIze9u8LQg/A1v7ot0RsMdC+o2KUZGcJyJD5M=,tag:185KHYhPwrGIeaIATMG6JA==,type:comment] +#ENC[AES256_GCM,data:fTkbtgJLL0dpW7ne/HbrsyTCEWUwT8n+YkTefUXrd/W3xbAdbivwRBym,iv:cZBDGL3JVKGL3krkuShUsPtyDIwmdFaLHoaNpGPATCQ=,tag:zI2nkCDmSCVAy1gRshpPIg==,type:comment] +#ENC[AES256_GCM,data:tg9yQg4UxMbEToWsTWT8GuXu2pwzgPQ=,iv:hd4nykf9C64HUnEBxTE8TfpfvVS1HVaFsBxVPXaNW3Q=,tag:dIGlpldGYv24yE7HSeNxmg==,type:comment] +# +#ENC[AES256_GCM,data:Hwz4Wo0LeshEMlN0AAk=,iv:QjqlUt2Fz6b336ySN97KPAppEmbgOAL4/0rAB9OPdMs=,tag:t4p52GWpd0ONIAoSEdC74g==,type:comment] +#ENC[AES256_GCM,data:iPuF/T3jM00fouYANF4hww==,iv:8CbNJog28zwe8GmJufrK7PI8/4ph94So6w0JWhCffPw=,tag:LPPY90qiGbgjUJ95MTK+5Q==,type:comment] +#ENC[AES256_GCM,data:pAPpPtByhIVKa7pCwM85mLfNKd12jA==,iv:NDyOr7VNrYP+oH7NRotc7RpRFfFT7Yhk1H16OKUVtFQ=,tag:h2u53KtUfaw/MiBWXyXsFw==,type:comment] +#ENC[AES256_GCM,data:rejRFwFfNdaZDCjWDVbw+0C68VlTJpyyUOth,iv:jHz0EZdZHz2+gOcG+2/0CAyd2k4U9exvQOzugZwyNfs=,tag:cKkGscx++0q1Mlo6agurGg==,type:comment] +# +#ENC[AES256_GCM,data:pTVBKKE9q9v7+ZjdY68=,iv:WQ956XLsvCNPEpCL4JNmadhHLoS7S/8tod8fMLrQf5I=,tag:lCytViYpkE6BtJ5OY5n7nA==,type:comment] +#ENC[AES256_GCM,data:n2SzH57dweIGijPecnE+/xE=,iv:hAbEIzVwrAB8uXuh2wBH9E/rvsS7mqgk+FMQLCFtVdw=,tag:EzfW664vfiOfPWHcjSOEVQ==,type:comment] +#ENC[AES256_GCM,data:N3dg6dK4FZvUh44RkC6B22ctCzxrNLkNP8Y=,iv:5zPUorfS3J5XtTs3mbLljYV9G/PMjSdDohWk35zqA9c=,tag:TcD1/rnD6CrsR6pEfIB3zg==,type:comment] +#ENC[AES256_GCM,data:cf1CYbMC+bG3KO8BK1ctaok7NQU+,iv:ri5NGrT1zNQx8cc4A+iePV2Txtj7TT6ZhmXMtZZIHBA=,tag:0hD44RjYLOyp9VPT7FXvQA==,type:comment] +#ENC[AES256_GCM,data:uSJcPrieoeXzK/jMxzhIoWjZ8PQA,iv:4ciYuyyyiWErOozctjUssNeKEvXwjw4BBR00Wye6Ulk=,tag:Swp1RxMPu+z5EbTd+2+Pcg==,type:comment] +# +#ENC[AES256_GCM,data:M71IlxnACTBo/ZVoByHS,iv:mz53kNeoZ/I0L1gCHNplO/wkiuv3Pa5cOdAkbW2H6aY=,tag:uv14h8nqiqilLQPxxZwu+g==,type:comment] +#ENC[AES256_GCM,data:ctZR4y3L1Kkt1XImNios3g==,iv:/mZRQO7itMZhFu++g1u/CZ0k/NySK3Ssndb+B18VjHg=,tag:xA1br9fn7kze6nKXw1U5CQ==,type:comment] +#ENC[AES256_GCM,data:KCRx11KSpYt3jc8KrsLlOkohAQoMrEM3xhkjWA0=,iv:MC2Ed79B/C2Ti2xhND9Zud+SsVi4HlW8hFigEg61RH4=,tag:3U1vzj+X3mSCJiph9eDExQ==,type:comment] +# +#ENC[AES256_GCM,data:syJIANmTl822v5R0CaZm,iv:dZqFx0V07L+AA0kdbhmd/zAwb3am4xKlCncSYmTUoww=,tag:rarebRjHp/ePr3c61gS22g==,type:comment] +#ENC[AES256_GCM,data:P+HW2K26Ro1aIc9U9WhB1hs+fBMy,iv:wgtCxHBMV1VP3aC+7c09d/ZbataHNsi10+MMNeExCfE=,tag:ljJA0PYZMTKH0svHvrhTaQ==,type:comment] +#ENC[AES256_GCM,data:+bwRXTLBm87M7woyQu8H1xLWAtcziUMo,iv:wOsQVvDYzKZ+K/nny31n9I6oRN27KZbKW3/qMwwFcRg=,tag:wvXx1P3f5yaQJt6Vfw5Abw==,type:comment] +#ENC[AES256_GCM,data:kOpTKJrs9zEyLRvuCrzCgAcGOWs=,iv:wv47cqmw9qRI93UpH2HEiwQ4z/0Hh3Uk8KoOz+xMXlY=,tag:g2MSlsd8mrSAcOl6Zll+0A==,type:comment] +#ENC[AES256_GCM,data:CrF+LoZrJQFZ1qEiVaEDtPNz,iv:bEwRChGTIzy/TYFRX8+LNspgBFsP8BaPaClkhlSccCM=,tag:2J2EOQ5DablYMShw5ftN1A==,type:comment] +#ENC[AES256_GCM,data:dI63YN6OjqWYpKZlL4nFKIyr,iv:Z/hpFzm/xFZ+CbjnmXnyCcsVht4+dwfiLa0w4ZJRoCI=,tag:kGCAI025/e0OGxyD9058pg==,type:comment] +# +#ENC[AES256_GCM,data:TAfLyQue1g2BJQI/wv8W,iv:AXIQDwYrV7VcomWA7ma2aqPYBIyQS4n56lTfWJQ+yUs=,tag:GtGBdQ+58GCcNsHhP7oiwQ==,type:comment] +#ENC[AES256_GCM,data:rh8P0ngb61FEj7gmwC81xAM/VlBi,iv:evqLKuYgoYKSDeyMR/qgry9ZdUXs43bYDkOgwesLaOc=,tag:+4qtneJQN7GKjEnTxOigKw==,type:comment] +#ENC[AES256_GCM,data:emvw13eA7liyFYskeQkcLwY3SOR+Z3I8,iv:arsc/GaQFBFU98ZROWC8OQBsGUwHHNQ6OtYvVzW0ku0=,tag:xnDo0c49vrcpF4BLJTEtpA==,type:comment] +#ENC[AES256_GCM,data:EkFxLiKlPDwAKK/E5d+cpiw8FgvNmW1gtpngahzEA5Ce4If/Bg==,iv:zQsseNpyW4mT7GQp6ADNBDX3SNWjnSGIJmGAzHLE6tc=,tag:BEEfPC7pATG95ZQbCbOLGw==,type:comment] +#ENC[AES256_GCM,data:MPkLe8WaC1xZUZfc5Fv5ayx7,iv:txOc29KRFcjU2gzkF0k7wzCnKDukDcy4uErZKKbfe8s=,tag:mGYqbafKvzcSXzX86PYZlw==,type:comment] +#ENC[AES256_GCM,data:wv7Z3jSiyax1IzrhiP+KvhccLhY=,iv:kZ0yTnHw7hGWLL5rPiK3m2fVtmkbSqc8c9HfmuSLfTo=,tag:kHLORLIVOc95e+U6qVnLJA==,type:comment] +#ENC[AES256_GCM,data:t1bw7qSOfu+9FSHPkKybc8gc,iv:IRs97CByexbWAJT7p4NKDKer3vwsFHx9+HQ14PXAaK0=,tag:a/tjedW0wFjg1isufG+XSg==,type:comment] +#ENC[AES256_GCM,data:MctPm36in8QYiOm/oDwCFNUV3+iwy68=,iv:ht+3MnZDqop6NrpTTP1NxXKw3W2Uxb97RpFz14POGJY=,tag:FnO5oTzAOLHX6W2LynKvkA==,type:comment] +#ENC[AES256_GCM,data:OAFeB07mHMVp0ZXpje3Ruurgvyc81z7Bbcd7nK7ZvGvWUQ==,iv:EIahYcU/L3m4NEl48JR9B4U4bfTECPeeH9JSPMUfY8w=,tag:fL6sQhNHBetXkpzMD2tLeQ==,type:comment] +#ENC[AES256_GCM,data:p4SkEqkgBc91VPOP1dnKEzuz88gbxqu/InVztjoqC+g=,iv:VbdRX3Dd5xEABPGyn8HW0PsqUdViTR6SLt8ptyYMKSM=,tag:lTUKz2RJBcF+jnZjcp+uXg==,type:comment] +# +#ENC[AES256_GCM,data:UZCWBKBgEcNeRHUfTurT,iv:V02x6pxQBxIMBWtIuVS1B0z3T6vsvTB0LivY6zEUryA=,tag:WB3LNHwcrAD0ECwlW3u06A==,type:comment] +#ENC[AES256_GCM,data:++cW/Mp8DxwAj6qDS6R3ja/Dkr7B,iv:guoppYi2+nr8ZvPiEk5PHx9NUlKWgXKWOgIz8hQHG98=,tag:gh99y1r9OVNNR6DzQAk47Q==,type:comment] +#ENC[AES256_GCM,data:Rr+ary7Q3eF5mGFYJAlU7oQnFJ/VKI9GPHOX+vnGubOIbMRiQQy6FRgKNwZJqXx1HEVqoSLf2DPN2w6Cxbc+8tlPf9w=,iv:WJ8ovxoPEOR0lIiRuoorO/7j27S7AIrcpDjqfKfb7K4=,tag:erHL8jfBc6B1okJnknB1rw==,type:comment] +#ENC[AES256_GCM,data:0nyQ/wj/6UhsZWVj+ohMnSsk+g0FNQ==,iv:+rO0ddTFacXf9tsiXCJUgWW4iOpTUn4HWQQdwWsAGs4=,tag:9QAHLohS5u9WE+qlSnYQGA==,type:comment] +# +#ENC[AES256_GCM,data:B9mfN6DeeT9WCHYI9tAK,iv:F1MQcw4LvPagzcIzvBy/jlFKMecu8vW2SMSdm6vQylA=,tag:mSJIhvLxIyRMVZI6hwq/6Q==,type:comment] +#ENC[AES256_GCM,data:lrELH+Xpg03LbmpdXl8muA==,iv:vdLbxoLhroiizYc6Zht771jydjrHkNMsENKxNELkwhM=,tag:iE2l5ZtvnC+PberTi4mUww==,type:comment] +#ENC[AES256_GCM,data:9D5ZJjb7IjoAj7v7pizINtbQC1dAhytSwsQvflWu/9eWnFiCkdU=,iv:rXgiZXcxvuHZNYFoVXngbTMFJ7g+qpN3Fw134iuxuco=,tag:MJp0xk9yUGEime2vDmg/YQ==,type:comment] +#ENC[AES256_GCM,data:sILv6Ii5T+k5R1jVs8f3,iv:ACvkAkCIGDiUxjGMAPchh1QAom1MGs35bvSMDNQuogA=,tag:D+KSIk3+7bDjLmHxLplwcA==,type:comment] +#ENC[AES256_GCM,data:cVuCmTpnfn7Hncw7cZFCvko=,iv:tx9aeIISmbPcop5NZp1GEPg8J2TETnYw5yAyFmejfyU=,tag:+itwTekQiK1EQp4SDti/vw==,type:comment] +#ENC[AES256_GCM,data:oDZ2g9ZymWNmh3/D2CZk8WFHG3+E,iv:zTfxcHtHLiMWENDzn4D3/SOWFycdcQQfzy5e30z8vAY=,tag:wT1d6pQ/el4a/vhVEqS/bw==,type:comment] +#ENC[AES256_GCM,data:Jt73gVDZ0pTtFLi5TlDpPDrfzQ==,iv:OyEEqyL8tNmJmkdtnI1at+6tFS80vv/nYAWXNl00O68=,tag:LF1panNmPifrPQSKF3tzUw==,type:comment] nftables: forward: ENC[AES256_GCM,data:F32GGcjkvsha6rjTanGdkAB9h3fkzqkniXFzrjfvmh5tUjBckEm/L3L82olRzwRVCN/9SiC8+6wRiGnU1aItPtFkyJlA7pNORLHitVIKTyyKNSMLjEsWpt1v94UTRhNWC628Vc22XDULY2POfdSGLr38ynpL3fpUSJkFvhhwx8FjprzvogGDZ+NSaSKaqD04t9kbdGlefGoLNo1gqdutRbN7clqJnMN/Ip5hS0u7o2bDTQ7qmBFFGwAIwFUpyO1nGFl1c0D04GzFGedwm8Yl9on6mFG+8SfZvR5nxyv0tG/Zwb6OVrWiFv0LYYzE5064AM7K10A16E6as3t4R416sSpmWLFTHMWPzMICfXSAiEU5yQBYeVzmTAzrZzhJZgYjBls2C3DvgjwcVVfGUD3S6iwUNQBgfgh8FKmD6W0OhismnFFcte6yIo4mvwkldhT24hZqyHBg3m+wNetYybsCO+ivf1e81a7vA0GLcv5cL72B55vl7X/pYeiIgIln9Z92+T3/2YRnz5f0IHFkR9/tCi8oapyFmQirU739QCuuWWmoKP7d3cA5NyiofUCbPhO8QYN2d2xb35cNg1US1IexHBO1MV2mJPelnj1K3qCdmpIqEULlWkFKXkg1ssjW9ia7sNSFMxE6302Fu08Whnv4t7uOx/Movr10pLGuRYwO1nA09hK2gKaEmsIZ7UP0tiCAuvl/5vVCelNvIGAgCHRiVoA3GpfpI+LF/YXPwNeyWJANqwOdjl9pOQamVsUJbO/YGVthwVg7dLQNChGcArGPCBOm/aTVxiWiFmbPTRo93jVf7ovPUlhoqKIuhWKxlz15025Gzbm6Re0kDY3fZG4FKMXgaXDgNwgSr0wdCQUMmstgyOIRUao4k7qrnaiaXhtUmK2jlYjsZDvs8Uq9CILU4y/FYB4Z4I5cn1dazjMcNOLjX9Mtg9cfTyNrTZmu3TCze5694hU7O978CUZU5vrK5mzgusE5P9tDpi7RvLLZr/1+2N/V14wAmhJDAPygkgfAuN4IOn2h/P0TJ6jqLzP9p+iOfEhTVRxrx2veVE4+wi2pNY5GHSp/FXFtdCDEMSUc3wzNDDrOurFa4wNK8/0xhgsAnjyc+OlvL1Yf9sPgLJ+XJjDxmdfBeCHGkTK7TtXM93pzj9Vdto3dq66RPUz2FwJJ4xSq0SFOUaNHEC5p6Sg1rZnGvaUpfr9+G6C8rsk0z5wP6f6lOkLwXagKgQ7oAsJXB+hKV6yOLL0TYz8IWds7pHdhXYJtEQ3TeI32X1M0md1X/13Lq+m2XH049+/V/HI3cA9X6wj+t8nzKYqbnGIUwXr1f8WfRAPqJhLBl5zdI/PKtmrPMqmN5iiUrtYGSzzLgZOWHCJuvo2f2X+2ynyACY0lWG3DNFRh4aDzP+LaeY1+mZbvCaopEb7Uc7YUbJ3oyq+eeb7+mgb7lhjpe1kC7GtpdtRwTvIMMrQUXcngkyWFO26vYM8QPMRVIIWcdeSBk0qmF+t1oJBaaGVji4G9PvUCcpHXDoyao0FNfkcr606ELMMrBFPE7DVGU81M6+57NtjSAfh8KLuhKA1cQQU3U0ciSM1w1e/t73b9xmKGVShlTbm5yPmM9I7en6PV3aH5SpZv6LMovmp/PBl9r6ZWUg4tTU2iCj09cWlUjxaXX5h7AxUW7jA2ypsUOn7dgkCPFwr5gv+mfvkmeYGCtijusp9GMuAvL4Wp7Lg9SZC1/k0ocI3buLRbmAji69j+du4no8o+Vy7OHNqcnbtg/Qlnp65lRI4/Z+Bg0OZ18rSYJYM7BavNYHyxVgKDHo+5ypM6s0yigCpq6naI4A/kr1i3ST3rl6IFQQLhWjeH/FS9Ay34RGO8nk/62Htx4cTrmGUnr1VgLrtdBiHj2YkeJDa0/nfM1sI+EPv4tM9GOlMQU6OysJhBzWhHTqEQxVgUQhcacYv2OiOH7I4Az2TTxNnAjOiWY9TuazRiVeJlpTjCkiQfSdGgW4hD2nRbAQZ5X9LrQKZpI5Q5wXwI1lapmjW4m0t8cnEVXgxE5Gn1uH5TQpzzIpSIVRJjWvEeQP+EuotWjYCdx/1tj5PnYs3aiV2Us9QmTMAI2euNQ6DpNTFFpiFONSPDBzZ/IANPKWWFVDeMzBZKdllleUl5VYCWaTEd9JrbjRx/u9YrYlBDl5Xo/DCYJIoUFmusCdh1UfI9y64XYsPxrPNxrF+upisE9vxG/BRTDgxLBOenB3A5/Suba7RfHI0LBHVhO2ijJr3Nh0T/78ecnTE+1zBI41TtN8Y/2MGbs20ZSZtDFy27mf+YQLpYKFpXEOEdoTy51kVW2jn953x1lbNgwV+DWRPf25TNP+dFTZH+z4/Mv6F4RCyYS+VJL5SfGah76GpMxYodmE2iBbXyfUeUxKAeool7EZ6cIvhtwLaJuaUhvjKLd6ateSzAaAKbFVpdsgP7iSJd15YyTKmb,iv:lX4dz+VArj+I9yhy4tahlz8cNvnc/eDs69pKRbIWeEg=,tag:px+HxZRAHlKQA32KJJZwaA==,type:str] ssh: ENC[AES256_GCM,data:RA14V9O3PcGOoCfgj4nCILtwc4ER/hPC5HBzz91WhNHmUKzOlxy4zso6HSmSz6sMFBK7J77r3MO+6JKw8eNeHmx9fDDcboHFPcL1PQfYAJE6LNBS0e9d00Mi3k67DdNJZE4F/yOCGIrducvlCsJl/8S4zMMI9Ktum2sJFdkw0INgXoPVPSAQ6nyO5KKcboVtxeKc64RtcBZoO2CCSLhEdVJnE9AXB+l1Pk1926f2XHlS3Ci/Jh/uAwM/4uAeldQ2r3gRuzq9H3SIAgSNZhlJIVr9VDU9kZ28dNpDYhhdOrle1W1drj+9viJ6eeIxykhzZ/8kX34xik4UiMxW9vGO/VpdEdE1XRMqEIRp5L2ADBNCImbXEN5fbRo8+FlL9H+aAFDjBtxxalcSSqApYac6NcM7msF8Lewj4ED8FYXEsEIX7qA8XbVzJuFFYHhRWA6Lt+Gp9Kn6aaxZMF4fl7u35BFPggi1vwsb42la+yQAizk5x0t+fCCX5D8XRHmfCZYX6AYJeQhfzHETuSUu6p4asmhlx+8cJLtjMkkBc8lDscdK7NcuhPm3QzjQt3H7wAHQBzWrxStvBC77K2d3Xf/C6VERUdDvLK1El1oZAl9UmnxAK35kUqAKHHE2xheHQcw1rhy1D0dsX/rQLovTpPdczd/vqpkcJxHk0nH3rddySiyOaWsdoQ3DhpdX7h4PNTwcFJGVzbVR7+9pCnTJ4DTbc9H9G9xiX0vPef4cBuJQPXG8Bc+kMXOpV9uKt9KRoNtPG2M4IZvtaZNiS8qYB0LTjdHiY3C3NYvDc0pkDAIxDjP9TERWxuBCUlscmbXLAxDqB4zO6LBm9yVhMWxYyim5gH24UGD9D2g1piFGXKiSb4dXbrnxoRe/JoLITdWOOEkabVxqJr4KQF07MjTg1JNO3fPLMI6azElQSUj+2ZAy5dqPggg5xw8+h6yp7ZLh3zXaTlSroL+yA4BH8BjVuEa+jl9xqexKgB7zeHb6VhWmtONsffvQtk/kVucDwmXOiOnma1+pj6COoMur2e8bEK3Scap/k+B1b8D9SWMEXi61HxpEtHn6XH5DEdq7Pb12zs2FQEE4QvuaTIscMlvwrsMHkwW7WtkCj2sQFIuUAL4ayyccx+QomhB/hxWKZE83SztNfiAqTWAOaL0XfX3+4qgsehfEkdaUl3FCZvuObPPxIUcYu5Crl54O8B5fbOQE0dcvxMpuxVM6kt3O/jcmj/eri4NPmghBohGSrcJpZ3CUMjWbOJG3A2GFQWztFobkRW9N0K1Fg8UYzKr/lhzlPKiB72D7flghX1yMYfefOnD7vClPUY7oFmnf6sD0qYmZK49SGR6+b7z1bBaskaqhEx3zB214DvOxKGeiPuMVmXk3h7bGqJQ+ejiRcfQHMr1dpFCEMurTmoHwJPwB9fetOpaA0RAEr4pP0QKt8iuTT8MCZi3KBXaiPhZYtdyR5Ka9DETlmBoSeYgyzNht2bCf9nTLn0AJDGZNcZH/NUoy4kLFrhQ18mDIvKHCaALWabp5SnyASQRI/qIkE1DTH8JSkSrr2edz1Ag0SbTMhXsVuHUy3jPuFkNb1SBJxlXmvjHSny7gAr9HVVG2ClRzGtVOXiFHyYguNbmP1F8uqDvabbx8FvAGCEZeARFWQI4iFCe37rYjJE62byilC5LMBCQ5l4/kOYHVgPivPzV8qkZV8B8dQBvMjIvBOgQNvljqagDu0C66rZOTj9G16FDfYDRcdApL0xraAs/O8EgQWxzlB9cQPJmjecAVlF1wsqIbIDODKtTRY4dMYqKfhLoeCV4kPb4WjvoaLxBgbsrJylZKULkO+xbBCvvFhnFNQDOVFPe2ZhEwcx4Ji6j8GZhhyv2LsOdQcXGLgyTr7YM3z/M9DdlCKqlFolA6tod6+9CdUkhFfL7y2vBV3pyEHwyTwWMy5UQIprwm2Ht2RxejhpUcfVydjT/ISJ+aNMy+nq11rrQOlDFsF/E/Db0ngUbORNezWX5n8bqDxModmDLTwYwYT8qu4jruw/WMY1iEZPZzZE8xywRoKCzqN2KweUdEkv+Px6rxtOnNIkPtJxyq4I2L7/oJcaGU40e87KXhhm68qIajboyPM30WInOcGAcG5LwWlyrxwCpthDEcnNlXXghx9izXyqpw7s8hP0qsmRDeESckqn1KUfs98Jkbfg54nEdIT+JcHm0PjvqIHJB61IGWwN4l3SQXY5SKuUb7hSMItKC/FlDKWL5yk5qO55SlYfz0mrD/7Fqk9uFRzP94mswYh8uOkCHBC+WxL4/ashBZOPFZ+WErBAyDgV0LvdiEBN1zpJlAegDozPNXpOzG3rb7QcBr7kwkiHBtD6q7dhBZ51XKPcJPRjkFXDR9Rbj50k6wQHznuDNMA9lI42a6rFN3mr3G8h6mvD67x7b83IxwtLaf7Y0Nb04m/37sCJM1TbjP6jXvD0BdIAdbLc7Qk3K8F2cSIfNH/O7JI9WTvXxxOKtPdpRnnrOURpr4PnXEdJJ1ErujfCPPvFkr0BjpR1Xv2LYKmWISx2OblJnx/MAwECBacN69SX5qnJlaP1Mn769lR5quhAaBCpq0LmHSB1jqF5ap33VKHcB9EHs2ActJHMyn6GxRXSYudw==,iv:iE3MNeQkraGC3qvhP2CtVQv24XVzUQMJZuPa1JxlN9E=,tag:wU1dIUj/HoWD/QPHqHxcDg==,type:str] nix-access-token-github: ENC[AES256_GCM,data:CWFmo1vx9xGrsickiHtAehg7CLhDrV69yG9Ngca66ecsAeLKU32CDvL+3/9UTOA7lrHe88q0GOXMmbCfSDFA4M0sZWo=,iv:yfQzZ5qmKkkpL6T6I79HGByyt8nhdYnxR6D7DvKFaNU=,tag:WGg9oSbmZcy+3BAFTyf1vQ==,type:str] +ssh_config: ENC[AES256_GCM,data:7ZdTQR//YDvkfld0ewzK1mlMwxmdnH1Cuxo1JVtTBF7DOnx5o6tUkQS/sX30BzNqew59pN6lPbYToZOx1MVB9HCHUpNGiSu41RlNO22j0ihTHVleOk4/IqsfFKhrmpHlYoVXvPQm2803qRF3x8AAnR81AoBpdc5agD8Jqmpm8ISkBL+IPqL9LJN7IopMn3iBm1k2xz8Gml8E3VY4i7U4qxIaWVJLGNDXd0uxGIpjO/of+nL3ySIYGxoAzp7zX6lhyt5BOIkSpJoPJPI7QjlPOvGmLnpj4+RTFwIamYHzwQaAD+T6MyvO/40SzGVxvvWNvfz49UmO5s/wWMdYwRqMMQQniztDMwJ2cB7/YjWzJFP1H7H3VCxl1Lfz7CiYkMynFVWSNnoFuK//ii9WSHuXohgzyRjt2D1CGaWB4ufKM31Dfj0vYAq+NGcwl7PQRknP9uudRDj5/+Uw+cZcpDozZO39vJVTI45RHrtRTAeXZqMyeT9V14+2/QyzE9MRovr11ermAp4HivCd6/diodeEUERoJ4YSwafYMgNbx56dnbZ6CrsJZ91K3/j/l9Nq0JfLkYdWcR8pjJ+8MP7j1AGlzHgWha+DPMK7YULA5NaSBcOVt5WgObqmO3w6Uq2UWCkA/evXejH3hxn8lZqsJIRTayDwJB/ea1FrS0ryTuWTK+IT3PvFpKIFFKKJ6aRaATc2im7zcePikV3R6EETLe4mB7YgSGXCkMlM6q97myFKnOv+9lwVsd9elszWsapgThPqm89uWMUGrQEEW0ZlZi8VlfXU72SqGARengUIkOA=,iv:+535dLYm/zY5HIeXbpLaeMV/sx6b5BNV16VZApPIt48=,tag:zE2yzu1Nl3Cbqd1JdvmZWA==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - recipient: age1z6g6etwcer433v97lwjrruetdh9fswkgjh9w702wzdc2ydvy5q8ssrfy9r enc: | @@ -30,8 +201,7 @@ sops: ZTdpV09qUVZGK3FjTWRITFp5TGZFUkUK1E9IN+SyTV0r9l1bd+2z7zrsp/7VxCyG tEWZp8LmfkGEunspv6iDyxKbYxWqNqJxZuSVeMD4ZMx6YLwHfW797w== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-11-12T22:11:05Z" - mac: ENC[AES256_GCM,data:YgCiqSbW2qMrGM3SYO7F4xcgrdRaBcaLj8r53i9Nu5D75l7fA+qKTc89XCpNXlFMv15LHT3kKjfXqsH2Cyn8RyPvrHHd/Hnqa7paQPrcpQIRcpP8QTMCBNFJvzpaXUozwb3fpx1xY63Ydw/TDv1/PQBEJWzp9k/MDiTSZYOba+Q=,iv:9w88jxstxmvIScgCUtgl1hPkr/j76Rked3Kv9fhZQJ4=,tag:UvfTXI222OFtIqex+0mdhw==,type:str] - pgp: [] + lastmodified: "2025-08-26T07:30:16Z" + mac: ENC[AES256_GCM,data:2i+AMaBIOCrKYfHFXZXB//yZ4Nf54DXYLzcdWDwh/cloWfpa2uPb2UzYVIIOz8ayi1h/Ij8ON9fQEa+4SzflV59ThN03/kbR/wOo9UYLvjTl0JIFypl/1O0PRRxwrNPp8jMl6mX9vUL0gvfB4qnZnk4xUOykTaXoIjnO4M4FLwg=,iv:WL8RXkxvh+MfmfiVUFLNhTwAv92DV93ZE6q4lagCNpo=,tag:sbXuzl8PuZihzcrASPNCqQ==,type:str] unencrypted_suffix: _unencrypted - version: 3.9.1 + version: 3.10.2 diff --git a/hosts/secrets/fangorn.yaml b/hosts/secrets/fangorn.yaml new file mode 100644 index 0000000..dd5ab96 --- /dev/null +++ b/hosts/secrets/fangorn.yaml @@ -0,0 +1,25 @@ +nix-access-token-github: ENC[AES256_GCM,data:5VERSDp1ROol58nG80J+84fBB7k8GyFd46U/D2+zW1iVV12Y+IbJf9SNuR0Wca1qOxR4v6qRZjkTOL/d72SwBCGfmkA=,iv:qn8u70EGF/2H7tQO86rLNQVPeoTuk9eyn0SFwrHpHRs=,tag:bPGqZUavVXzmZZGrMUkveQ==,type:str] +sops: + age: + - recipient: age15yqlem4d5h4mz808j72ccd8mrdu4p8hyal2k988jdcmtqrns23xq80896d + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUcWdVV0hNMlJSTnRPV1lu + WnRNalM4cjA2bUdYclRxcmFGSTVjMEYrV1FJClB6NGsrcnlpWDJWK1M1ZmtDbE54 + SmhwZk5VUTJGSWVEbkVXMkRydEJ2cWMKLS0tIGVBb3BBRnExd25FblNOR1FLWWF6 + NUU0cjAzOW1nblJ6SEZjN3NpZFJpRDQKwIG60pc821BmWTymHeyY1SSLy6jpFowN + 2AuzBldfk9Tm3g/bfcXV8Af/YQMX53xrYawUQiDALOHNAj7smZWvRw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1a9gp70y8576pkvklz2arz6h9ecnrjeue2vvh9mvvk92z4ymqrg4qdqm9va + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzZjFkcUxxM0VsV2RFSjhv + d0FyKzBZTllGTnRLL1d5NmNBT0R3b2dhZ1M4CkVEOTJ5SUpDVUF3N0hJWEtOL2xP + eVFnNkJST2R0U1RDZ1pOdTlGUzF3UzAKLS0tIEUydVcyMmFlMEpXemNKcnJsYS9V + M3F3blQ1dGxoWml5WEc1R0ZjblN3bkUK0+9zLdJi4u9JE3ijbP/SVNPqe6tXBcqw + gS+N2V47O63fjGM/VSXMywrB5aatwU9xUW5+A68qwgHCXTcHYGiHvA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-04-14T19:53:57Z" + mac: ENC[AES256_GCM,data:JlVFa18N4w+y4RIK5GG8XspsW6BL9U7IpU6IEpG3u4R+h/3UpLFvVqOE+sK4zdUaDNajHk0Hc3oE2RRsTaf0MUif2utqSpT1y7fqaVBj6LBrqH7pu3KNRnktfLb/VOyovAj6yT1Rmko1YtcKw6ZPu4r9t/Vi5FAZP1+3qLmWyv4=,iv:e9z7vP2W4AWACCEDto1eY2i0PwD4l6W3c6+KWcduwZw=,tag:LQoyet3sJKh4bpn+FE40Yw==,type:str] + unencrypted_suffix: _unencrypted + version: 3.10.1 diff --git a/hosts/secrets/ginaz.yaml b/hosts/secrets/ginaz.yaml index 38a9950..069d445 100644 --- a/hosts/secrets/ginaz.yaml +++ b/hosts/secrets/ginaz.yaml @@ -1,11 +1,8 @@ nftables: ssh: ENC[AES256_GCM,data:mGh0TM88dWZfymF7+Xt896POHOqoDrcsicncILYFRA5DBw3AjnaaG28Da+qcJ7/VrXGFVIRm4b8L+QeTJ9Uk/h1VEYUpmaPdqY4yaK9CPTDqKmLSLsTgrIvzbUjxJ062+KOx1ovGlLqpZnkiSgHyY2h7uYbxPnq+fvrboPRoxwZiIc8UQTs7KFsQolZPka5It5kXsa6mYdaCKYp36ypTCmD1dCnkneveiYxDg/58O9UJLSbMV7vbB2020B6ga8PsG/5UbFGMzOlktejgqgfr3ZQlU+A8E8Oh4S9uweDEBsg8W+XIDH3pV7qYflkUqCctunzUNdn94RtasAiBkLd5RIV23hiII4NbPnxke3jOtO/OElmU9WxXcIHX/obZ8pPnTZYNeeNxeubkph0KJJE0DKnEKFwetF0J4wnxj90R1hxAFYLXBOYEzVANuC8bVuVw0M0GB6yRzKbxA1uxeUAbq1njBurDfVAZwUh4y551YYTJJxRq+4VPDikkE7X35smRYgRzckxhWnNvg1mggcI+ZUuGkp9XYjHOwifumib1i95xeXAD5aIiS3GTTTFPLajOlbJhdU9RHA/6WY98PEJmU4sybWS1REMkI3LfxjibLACds9B3NQYpbwIrYu4WdLrio5eQp8ifAUv1nMQAfJDYX+Vd1TEAqcv01kWiad2FVrNSy1CVphGfTHHgOfk+P/UpLMnC/OmbvTrc74wgmBVdvnMkOca4JvT94d8VtiriJ8vr8l2xOqA8A0sjph8ucInZ7GXIV91fePwFH50kYHQE7a0sSTtGMvzKjRg2/7VtgubY8tNSUO/u5FNXKbPYBwhYKB8DXI5G1m9otPa9PeobeLsLcovRyqfVhqzAIw0htQYvHHC6RZwkHptAa3RcxeB0+dj4IxB7yzayWCcNVcQHdJ+bSB897hgo5c/k26+TnYhz97STlS+/pf4h0To4JnS/+67nFqHMoRUTlmL70JAxkkwvjg+5T76+pFQFB3cPRZF48fiBo2NhpF0PWiSUB9uEIKjfyq5mwQ9tEHDTjv25V8qxcpQitu4W8ydO7L+5ovln68oPaZC5vSe21m4p7msDtg27Y6GLHTVCdFFSi9CmXgb3JCawLWDXkVMpMch1bFYcsOOumYZjBsmosK0Yi4zCZAreSJ6O8pakyjfG/T81a8wPySEjin6NGLj5rEo04YqXqIEoG5hCNQz1WIIsqfeeVZYMhQ2e5jlxqATbvnq8y4dVfP9riuUA1YAYmmwrwTw3OEnhShxtyl49s5FctmPxCPEoskzpQ1rvv45xDyvKN1QrlInu1O/TXPddpbs1eFRiyPBV+rzAwW5ULlsxy5letfqkQZiKMZ0bVIdpgJaTeKeCrZeg5khsRpxf7CIWhCRftzrVaesZKM3YGYGmlOO4FALQbg0vXQlJQBCidNVgtG8v0n/b0TCiLl+pmaItlp8GGYUHrKWLg/iNXQ4EDiXwfxF2TdSRtqkOIQQxo8Odz7fxccGGQNOeD/xCAVZuZgwOtcGGtzBaBIz18pttLRLIfzPr4WnCqlycApux1g8UhyK9zPo9kjeFnwHAseMi7sZb5iQwzSPpT6osZF127g9rgi/ck+1AB8EEsB8AOYw4DmKFCHQ8S7OuWMpAgqtphsy2sW0QOBHdp62bqZBlFofYokw1c72+SoW4ZsTwqX5ECc2pcwdDsdse9jyTHSppap/NguvgLtgfv7uz9tVw6T/Mw5Sq5MlwxFY3J0PFIJU1KjxXGmoTowor+QJVds5PxnWFBX5u6jsHs9ifcub7ddaNXuQHPGcqbyNp/T6pH51/NyymnWRq8/RcHE3DFFFYDl2J9/WY9+y1Q35o8fMo7XWJ5FqArogtAyDE42EjxCvujUos3JJKqcSUueKBimO0oJ1TzgpTCrYi4OoP54dVNRFSGVq5dFAkJ9Dmpeh4a/v1Gxuk9ujvxbRZso8GfM7gnr2FIK3hinipT7F8RHVx07YnJehM93Ul9m237OwJl5hpBBsFRy+yIuBoxd5DEeN3nPuztEOovW5lR+Sj0RB6ipJc5kaHTVx0bZm2SwPVr9RaWeHBq4j2b3HP5+frgR/vnPo3q6RQJLKamLh30mAxtzTV4F77N6LEXp9JFhs9ytv5y9MYwotHIjO6sN6pop1vcIpm/b4tKeYyUDJ6JDVuy/oroS8uAtf378gTRlT/P/ekDLRymyySvwWQ/TVtm5iF0vjt3lUdpwNOoY3J5TJZejCLbDOcShE7PDfKtf0QKGNBmxNh3gqtqDQ5YWoQirTLUv9B2Q7JkRpYZ+gLnkXMe0eu7QFcrjUMGeJwe7F4EOjBd7Xy6Wh72BVi54sYuuWWIgCOAFCjMDqMiLGdu2itnMJN33epOnnj3Dn2liqTDubSRpRaYE5/thVeRXKs+myuiU70R8mKtxol5/0i1HGrolT1Sq5k4O3t4Ibj/rhjqpmQU036T/211YS3DH9MMsP2YlOOv4NXBfptwJ+hKY3R2IoXI/FVHF1q0/8b24+kVefCZ4tOlKViPVLnYlYuxw72ztzhheKsSLMJy/UzMJMV4p250IsPAO8locfPIw==,iv:zHwrBGfdoz2j/5Qko5QNDkh/kkJ/bD/aHvEL5DACmKI=,tag:9YELKHujgP4p5yO5vAwZog==,type:str] nix-access-token-github: ENC[AES256_GCM,data:D0VIVA6O4vTDkg//+NgV0pptpSGFkSi8YtbcjjXTQyYLK6j6QJ1Zxhz1SaHZadWNjJgilMjoOHZOg742fdusxwzJTQ0=,iv:pjdlfeRW9v4q4+S/6voEFPOvwQMQYd2ehQS2k0MNAuI=,tag:HG3+7EfbD1XTjxE2UjTV3g==,type:str] +ssh_config: ENC[AES256_GCM,data:sEEnFAoiJcn2zAptd01UOfP9e+9HIba0iq3ylATVYu6QHMOeojwCa4jDFtR22Sb4tvlcaKIeYseKhQfMfHopK8Bqz696mSHyrlROrxNZxYg7YvWol0ksN+xNLa7ALTQoI+boQoobpHbZiEQ9OhwUyZBP+Y2ovU3ipXXL3fqaqC/l6oqsSytKv8WDjgoNtTtdbr6NHgM8RMuu72YIMvMYOt2NRoQiqhEzdn/3NOZC7eLz1SV+JKVcm9rogfV9BSjivP+x5lp5KwUUHsbDVIL7LT83jkx+FXZe6CsuVX3Qbd3mErNSDxLDZtxYBUwECt8Ku8wvWf82IQDHMQEwF5zu6Lq7aPi+fZK1CTvsS5X/ar0HMhBwbBkljgnPr+U/CrS5vjouYP7tcuJXxAsSkgACKgZtj9cc38dEqVltR7J4KcZ43nhjci5CeH6Xr9S/wxQRoPxwXfy6cSFHlt5uj4Rkli49f5dqC2fNz8LF77ceygQA3wgCKir+28tWLVSfMO6Xu88BG7fNWldCnkaWQNIMvXAJs03i6XZONXVWP8svfBRbcY9tbhwh0OPT60V4pI3TGuGiAw/kWwswKl4sPz6Fj9/yeCuynoSYXU7PKUgB6ZWZ8Y4eK4+uddSfOKwaQGqeDBz4oJ7X5IH776J8WtBZ/J5D14zgHkJh1ELl2ldaYdjFhQfruBTCILIhQCwcY/DSCWdv9LExIj3Wh5Piv2w1cUmP5HIO0BVk47vial+lWZm4KCU3AwxNwyME3CfqRh7TIzK8Ufi7MZBXHC26e5EAfK5g6Du/I6hVlTjnRDrGqUyF/+c=,iv:yX+/BGMQplX9e1dyLxJ5e81z8tPgI6x67xqqJrFbpzw=,tag:FFiFgWdsuRdSdAbNf44Sng==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - recipient: age1900zc5caephklavvjxp0g4qqvyqlzg3sux69y9p092g3d3qck3kqz62reh enc: | @@ -25,8 +22,7 @@ sops: Nmp5TTVkNFNqd29PRVlRZ2lZWDhaQVEKQ5dnzV8gqd21v6AlUfpOrBTyzvpEC2kr VF7UR0f3VOvnaJ5fDB4nrcHthYbQtxuzhV2wuvZFh+fBle5xRgGRIg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-10-14T10:19:24Z" - mac: ENC[AES256_GCM,data:XfGP9Yv5sDlMCXBjy/E1I1sqKhNqniDTCTxVpW498tok7gnuMo0rU3Gi+AZQZhNery3dRrZDfCRj2Fvv1O9eF75HrfIlbS6HwZd+XiZXRDeMC4W0jYy/egXevMsajwEmSPM4jnqeKsC1qs3iTqPBnRWCSS1WZoVXB8JSpDW84cU=,iv:TXmKXaNBNXluYF9WMUiXfzqcz9uGzEOFETbR5PvtSog=,tag:SvQuJrdaUeQPYQbXdpzc4w==,type:str] - pgp: [] + lastmodified: "2025-06-05T18:01:08Z" + mac: ENC[AES256_GCM,data:VaYnO0cCKoxY2cvnmqr4MqkTjSOzlBY8z80uxksUxrfWnWCkBtIPHG5gHi7HKn6LnlREUquzHoSSfmpIoKpMjdsOlFunPnrG876uGhNFxHROocixxZJV6yIsClgRx3FCwe1M3iT0NDAYq3zzNrL2bTx1MOx4C97Ki4BuISn4/98=,iv:dUUpbFa7e+Qa9FV9ALEVPifQNrPkv5oYsA6djgYEq10=,tag:s2abIa6FX/vPsUr7M3kEfQ==,type:str] unencrypted_suffix: _unencrypted - version: 3.9.1 + version: 3.10.2 diff --git a/hosts/secrets/kaitain.yaml b/hosts/secrets/kaitain.yaml index 255695a..951aa75 100644 --- a/hosts/secrets/kaitain.yaml +++ b/hosts/secrets/kaitain.yaml @@ -1,9 +1,6 @@ nix-access-token-github: ENC[AES256_GCM,data:OcAY30aGdCEHyl6DW6mYOLI166w/bGBeTKQ645EG3lL0k1IHvu/ox/PG28AjlcCj4pZHeYxEVIYut6a9VoPNjRT3ohA=,iv:8kRcGkGm+6hWAQ0/0FwqDeS7i0GE8cyd0YsC9J6kl54=,tag:G1J/5pK9dQ2N29oz5byVuA==,type:str] +ssh_config: ENC[AES256_GCM,data:pm2kOAyplRTTlQdIGOrX0/T+dGWUH0XdoVdibWY8qGUzgQ80NYGWgM6bHm272OeMKrCLE+0Rtgjzt90HF7cj00V7ER1CK2hJaLmQypsGEBel3PkdhO9oPmSJk9TtydtAldMA/OQEAtZkVm2+1AGiGdvuwNF2PMyJUXSGxqU/uCLpGhQoQY3QGFytsrnsNbsmZplwg5+tT/JI+d56ol2Gm2hvYtEWX/2PunQR2nim0HHDuCLojxXIR1oLbz8l1MU6PsZMHIKvBMbn27OIC4AHFENWbvsKzxK5YZk6DOX+ZnRiyYQ36+ykzAaNXXXuvGufPbKMOySJ4GBKKvxtGd95HeDH8fknVUly5/MraVnjymTmVAQfUm3/eQPxAkA6Lno5UOmxeYUVjFC/fNlx9HDNLwSNze8Kvz/ugdAqfmxWo7wbmlDkFW+HJT2IzxbMDdEUmErBho0s8gYO,iv:8Vwujh30g9GYps+J8hkFHpL+viC088AGLdPCMzL2/LU=,tag:ES2GoIJYk7n0b8MV1tnn6g==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - recipient: age1fptscuj4qa39238xfvc7envgxr4cf29z3zaejp2v3q703tq45dasf8vadl enc: | @@ -23,8 +20,7 @@ sops: RUQzdEkrQTU1cC9OU1B3L1cva0JQTTQKzAuNy/7h5XyOIiQh/8fXfgri90dTW/qt wn/snTnrukwPaeQXsAHQDvzueYxSEtHqk0WYT8sOAfuzOQP7wGoGFg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-11-18T18:32:59Z" - mac: ENC[AES256_GCM,data:YHZ+rkkVX2CX1XgLKFvSEf1Hg6i6wJwNV2IdMx8kjyWSVjAx2PQjKvy/dLFsqspo1FF4Bo++jyaEn0yxuouVful12Q/6RAhf1HRDXK0TjPTWf/vsCw0Mlv/zcPOKMEPG4ltP6bSDG6WtTtFx3Ck6stQwepF2omoVT2E4kj1KONM=,iv:uHs5N9sMfPn4+ZEaU6BlioESWy/BijUfYHu/5UrA4H8=,tag:b/lwx7ex21Jw0knpuy1TPw==,type:str] - pgp: [] + lastmodified: "2025-06-24T17:03:24Z" + mac: ENC[AES256_GCM,data:rbADZdFAqxx6oONZaw8u9BF9ZMBHaCIUCysOa7qucuPnC4N50PbmxhpYZR3Nd0NOqDbkT0+8Ox1XxF6Aty+kxvd46V70WR9oibGJkxuWxyAohXAETv4XjZl8JOkQV8JvEDAzKNjEXbOUKiLRkU8PWfQ13ogshuCE4FYLzrQcNjo=,iv:/79wztsyRzv+g14KeuM/68ne9cKenVB4WX5DYxIGvnM=,tag:626pO+4jISMP5Z/PWcPuxQ==,type:str] unencrypted_suffix: _unencrypted - version: 3.9.1 + version: 3.10.2 diff --git a/hosts/secrets/richese.yaml b/hosts/secrets/richese.yaml index 45bb5e0..a7aa1fc 100644 --- a/hosts/secrets/richese.yaml +++ b/hosts/secrets/richese.yaml @@ -1,9 +1,6 @@ nix-access-token-github: ENC[AES256_GCM,data:g+9Vi3SOLWFkZGb6KzlYdYmv9JSIoYd4OaOhAYZLrxlJKWqsa66Tc2z5dFWr/wyPbitxRAzQB1xRZI3CUbMWOWb06L8=,iv:kjdbr2KLLWfIsSNTCespLXdQ4BKm4caiRASaCYWKFHA=,tag:DBqjdPHnMCSa6obeSy0WzA==,type:str] +ssh_config: ENC[AES256_GCM,data:lNXNkmr0nWohTX+Zf4OpVCnFFaIafxqtz0a1p/mWHV+52W0pwS34vga4Xt1zd7tgaZChXPdU/QLVouIhoR/6o+cHlX/N7UIw5S5tg7uZfsMdxam1hs+VQzSunEYMpVTn9TmsrjUx/4ETKZLXQuA+cq3M/9sBsQYk6acJKstNKdyguG+QJJBddmaQOxp7+VUOELUWwOy3nJxldI1Asg95BXQImi4FLeRw9/iZKkgn0xUrCfljiXn5rC4Fpphebw/JkQMsbd7x/9fpK9wjNtUs/8MPXAIRYU6Ty912rYda5ALUpl4U8L2iRHwSmxriW42IdeRKXcmDtCAJMMN5LyWewqAc36RUwzd7G8ihEweZgRTibRIwYOPuYC10IihX5ccojjDakbMPDx/fhOHRlp6qjRHzB/4qonRbyr+f9CR9of8l6l+VAO9k69BeYjlbfvZOlDMWELGTmdKE,iv:JNcvLKSZ6xhrERXixIIOGlyQMrvT7D9W2zneNSTTjfw=,tag:iMHQNJVEShgUA1L5/3dm4g==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - recipient: age1wv08vfv7mlwkhkn2pkq0gd94a3wz0gc3x3eq0szxem05xg05nfhq2glvv9 enc: | @@ -23,8 +20,7 @@ sops: MGt6VkNzc3hGU2FDVWxsM1Rqdk9qTkEKA5viW8YGBdqvLVLYEdzLWWggxQ2BrDOa atzlSR0WjUsK316X4HtVMyllk0FvLy4QdUP40/XLgd5DpxZZds3OiQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-11-18T18:32:48Z" - mac: ENC[AES256_GCM,data:VvcWlUPFgdQ/YAioKnZzK69PYulZanKNQOan3cHLF8BRehkw1VvVFAmPW0cPLY66cMXFma9rFxaP5XAdRojs2J4ViOgzbhrCHYTVCSA3VTcgBZRTPAfTggztwoPKic0EhE2HxfykhQCrPVxqa23Z25x4q1LuWskE+BMbGubPSP0=,iv:bJnO2oE3ogvpXjCUFKd/+5RXO2udL5a2UXdBdb5Wfec=,tag:dbZR0/BQpPAL996Siyta/A==,type:str] - pgp: [] + lastmodified: "2025-06-24T17:04:43Z" + mac: ENC[AES256_GCM,data:JdElb6C5lvdOXouz10CLgYkmYnqlY0swPivTETGG631MKq08bzkc5zusmkBnHdQ8m/tO7R9JXYzOqoMIrrfgWQ+W2Du6m60BLOcRxGJVsFhcf1yb6GrM47NT/HAyyKUgJloDKJUQL10rrD8mPzCa475OBjebkJ7ycqKiyQV1cr4=,iv:raIutEF8Kv9lxkcboZ/8LzCA7JkfO4pXRRYRJJDz8KQ=,tag:7eTo1a6Kt+ac1Nz+2xfmZg==,type:str] unencrypted_suffix: _unencrypted - version: 3.9.1 + version: 3.10.2 diff --git a/hosts/uranus/default.nix b/hosts/uranus/default.nix index 68be405..718549e 100644 --- a/hosts/uranus/default.nix +++ b/hosts/uranus/default.nix @@ -4,7 +4,7 @@ #kernel.sysctl = { # "net.ipv4.ip_forward" = true; #}; - kernelPackages = pkgs.linuxPackages_6_12; + kernelPackages = pkgs.linuxPackages_6_16; loader = { efi.canTouchEfiVariables = true; systemd-boot.enable = true; @@ -13,12 +13,12 @@ supportedFilesystems = [ "zfs" ]; zfs = { devNodes = "/dev/disk/by-label"; - #package = pkgs.master.zfs; + package = pkgs.zfs; }; }; - environment.systemPackages = with pkgs; [ - wpa_supplicant + environment.systemPackages = [ + pkgs.wpa_supplicant ]; imports = [ @@ -38,9 +38,11 @@ networking = { hostId = "46fdaa8e"; hostName = "uranus"; - domain = "bitgnome.net"; - nftables.enable = true; interfaces.enp2s0f0.wakeOnLan.enable = true; + nftables.enable = true; + search = [ + "bitgnome.net" + ]; wireless = { enable = true; userControlled.enable = true; diff --git a/overlays/default.nix b/overlays/default.nix index 01287a5..4d10963 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -8,6 +8,7 @@ # outputs.overlays.master-packages # outputs.overlays.pr369712-packages # outputs.overlays.stable-packages +# outputs.overlays.wine9_22-packages # ] {inputs, ...}: { @@ -21,6 +22,24 @@ # example = prev.example.overrideAttrs (oldAttrs: rec { # ... # }); + #ghostty = prev.ghostty.overrideAttrs (_: { + # preBuild = '' + # shopt -s globstar + # sed -i 's/^const xev = @import("xev");$/const xev = @import("xev").Epoll;/' **/*.zig + # shopt -u globstar + # ''; + #}); + + #linux-firmware = prev.linux-firmware.overrideAttrs (old: rec { + # pname = "linux-firmware"; + # version = "20250708"; + # src = prev.fetchFromGitLab { + # owner = "kernel-firmware"; + # repo = "linux-firmware"; + # rev = "99d64b4f788c16e81b6550ef94f43c6b91cfad2d"; + # hash = "sha256-TJ97A9I0ipsqgg7ex3pAQgdhDJcLbkNCvuLppt9a07o="; + # }; + #}); }; #"67e692392-packages" = final: _prev: { @@ -30,6 +49,13 @@ # }; #}; + #"wine9_22-packages" = final: _prev: { + # "wine9_22" = import inputs.nixpkgs-wine9_22 { + # inherit (final) system; + # config.allowUnfree = true; + # }; + #}; + # When applied, the master nixpkgs set (declared in the flake inputs) will # be accessible through 'pkgs.master' master-packages = final: _prev: { diff --git a/pkgs/default.nix b/pkgs/default.nix index 48a0059..5c72764 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1,3 +1,6 @@ pkgs: { + gearmulator = pkgs.callPackage ./gearmulator { }; + igir = pkgs.callPackage ./igir { }; sdrconnect = pkgs.callPackage ./sdrconnect { }; + wayback-x11 = pkgs.callPackage ./wayback-x11 { }; } diff --git a/pkgs/gearmulator/default.nix b/pkgs/gearmulator/default.nix new file mode 100644 index 0000000..4ebddba --- /dev/null +++ b/pkgs/gearmulator/default.nix @@ -0,0 +1,81 @@ +{ + alsa-lib, + cmake, + fetchFromGitHub, + fontconfig, + freetype, + lib, + libjack2, + libX11, + libXcursor, + libXext, + libXinerama, + libXrandr, + lv2, + pkg-config, + stdenv +}: + +stdenv.mkDerivation rec { + pname = "gearmulator"; + version = "1.4.1"; + + src = fetchFromGitHub { + owner = "dsp56300"; + repo = pname; + tag = version; + hash = "sha256-JnXTTtxF5jHPaU+d558JwlGo/QjKHtVuCqel5iaBBCk="; + fetchSubmodules = true; + }; + + nativeBuildInputs = [ + cmake + pkg-config + ]; + + buildInputs = [ + alsa-lib + fontconfig + freetype + libjack2 + libX11 + libXcursor + libXext + libXinerama + libXrandr + lv2 + ]; + + env.NIX_LDFLAGS = toString [ + "-ljack" + "-lX11" + "-lXcursor" + "-lXext" + "-lXinerama" + "-lXrandr" + ]; + + cmakeFlags = [ + "-Dgearmulator_BUILD_FX_PLUGIN=OFF" + "-Dgearmulator_BUILD_JUCEPLUGIN=ON" + "-Dgearmulator_BUILD_JUCEPLUGIN_CLAP=OFF" + "-Dgearmulator_BUILD_JUCEPLUGIN_LV2=OFF" + "-Dgearmulator_SYNTH_NODALRED2X=OFF" + "-Dgearmulator_SYNTH_OSIRUS=OFF" + "-Dgearmulator_SYNTH_OSTIRUS=ON" + "-Dgearmulator_SYNTH_VAVRA=OFF" + "-Dgearmulator_SYNTH_XENIA=OFF" + ]; + + postInstall = '' + rm $out/{dsp56300EmuServer,start_Impact__MS.sh,start_IndiArp_BC.sh,virusTestConsole} + rm -r $out/plugins + ''; + + meta = { + description = "Emulation of Motorola 56300 family DSP synths"; + homepage = "https://github.com/dsp56300/gearmulator"; + license = lib.licenses.gpl3; + platforms = [ "x86_64-linux" ]; + }; +} diff --git a/pkgs/igir/default.nix b/pkgs/igir/default.nix new file mode 100644 index 0000000..dfc4834 --- /dev/null +++ b/pkgs/igir/default.nix @@ -0,0 +1,52 @@ +{ + # for patching bundled 7z binary from the 7zip-bin node module + # at lib/node_modules/igir/node_modules/7zip-bin/linux/x64/7za + autoPatchelfHook, + buildNpmPackage, + fetchFromGitHub, + lib, + libusb1, + libuv, + libz, + lz4, + sdl2-compat, + stdenv, + udev, +}: + +buildNpmPackage rec { + pname = "igir"; + version = "4.1.1"; + + src = fetchFromGitHub { + owner = "emmercm"; + repo = "igir"; + rev = "v${version}"; + hash = "sha256-f/3XIBFMxSPwJpfZTBhuznU/psChfnQEwZASOoH4Ij0="; + }; + + npmDepsHash = "sha256-qPyS2F5jt1C5SZxvRuyPX4+TkYZKTffcekanWtH82EY="; + + # I have no clue why I have to do this + postPatch = '' + patchShebangs scripts/update-readme-help.sh + ''; + + nativeBuildInputs = [ autoPatchelfHook ]; + + buildInputs = [ (lib.getLib stdenv.cc.cc) libusb1 libuv libz lz4 sdl2-compat udev ]; + + # from lib/node_modules/igir/node_modules/@node-rs/crc32-linux-x64-musl/crc32.linux-x64-musl.node + # Irrelevant to our use + autoPatchelfIgnoreMissingDeps = [ "libc.musl-x86_64.so.1" ]; + + meta = with lib; { + description = "Video game ROM collection manager to help filter, sort, patch, archive, and report on collections on any OS"; + mainProgram = "igir"; + homepage = "https://igir.io"; + changelog = "https://github.com/emmercm/igir/releases/tag/${src.rev}"; + license = licenses.gpl3Plus; + maintainers = with maintainers; [ ]; + platforms = platforms.linux; + }; +} diff --git a/pkgs/sdrconnect/default.nix b/pkgs/sdrconnect/default.nix index 2a3bf7d..d3db91e 100644 --- a/pkgs/sdrconnect/default.nix +++ b/pkgs/sdrconnect/default.nix @@ -1,22 +1,37 @@ -{ alsa-lib, autoPatchelfHook, copyDesktopItems, fetchurl, fontconfig, gcc, iconConvTools, icu, lib, libusb1, makeDesktopItem, stdenv, util-linux, xorg }: +{ + alsa-lib, + autoPatchelfHook, + copyDesktopItems, + fetchurl, + fontconfig, + gcc, + iconConvTools, + icu, + lib, + libusb1, + makeDesktopItem, + stdenv, + util-linux, + xorg +}: let - hash = "b6fce59a3"; + hash = "83273bcd8"; platforms = { aarch64-linux = { arch = "arm64"; - sha256 = "8d354686700014c4bd606a959ee5e979b0601bef281a33c8d12e181819d9a641"; + sha256 = "3e22926dcfbb85f27e1a42e53368d6794b83fbede114707fa4fedf053984323d"; }; x86_64-linux = { arch = "x64"; - sha256 = "1c2d150df1aec3f15174986fe7f522ea98aa04f3536f941fcc98f099a798b835"; + sha256 = "81e94b31f6cd8699c51aa3f5742ce42dd4f3dbc94ce9d72d25c6e8a5851db664"; }; }; - version = "1.0.3"; + version = "1.0.4"; inherit (stdenv.hostPlatform) system; @@ -71,7 +86,7 @@ in comment = description; desktopName = "SDRconnect"; genericName = "SDRplay Client"; - categories = [ "HamRadio" ]; + categories = [ "AudioVideo" "HamRadio" ]; keywords = [ "Ham" "Radio" "SDR" ]; }) ]; diff --git a/pkgs/wayback-x11/default.nix b/pkgs/wayback-x11/default.nix new file mode 100644 index 0000000..e1b9c02 --- /dev/null +++ b/pkgs/wayback-x11/default.nix @@ -0,0 +1,64 @@ +{ + fetchFromGitLab, + lib, + libxkbcommon, + meson, + ninja, + pixman, + pkg-config, + scdoc, + stdenv, + unstableGitUpdater, + wayland, + wayland-protocols, + wayland-scanner, + wlroots_0_19, + xwayland, +}: + +stdenv.mkDerivation { + pname = "wayback"; + version = "0.1"; + + src = fetchFromGitLab { + domain = "gitlab.freedesktop.org"; + owner = "wayback"; + repo = "wayback"; + rev = "156d7a86d112cd1bd70c2f75cb190fdd98565080"; + hash = "sha256-A4Ur32QZc0foS+O+jfQCug0k32nvYkB2MoacDT4W7dQ="; + }; + + strictDeps = true; + + depsBuildBuild = [ + pkg-config + ]; + + nativeBuildInputs = [ + meson + ninja + pkg-config + scdoc + wayland-scanner + ]; + + buildInputs = [ + libxkbcommon + pixman + wayland + wayland-protocols + wlroots_0_19 + xwayland + ]; + + passthru.updateScript = unstableGitUpdater { }; + + meta = { + description = "X11 compatibility layer leveraging wlroots and Xwayland"; + homepage = "https://wayback.freedesktop.org"; + license = lib.licenses.mit; + platforms = lib.platforms.linux; + mainProgram = "wayback-session"; + maintainers = with lib.maintainers; [ dramforever ]; + }; +} diff --git a/scripts/pretty-rebuild b/scripts/pretty-rebuild index 0814cca..53c8dcc 100755 --- a/scripts/pretty-rebuild +++ b/scripts/pretty-rebuild @@ -1,9 +1,15 @@ #!/usr/bin/env nix-shell #!nix-shell -i zsh --packages nvd zsh +if [[ ${@} =~ "--flake" ]]; then + args=(${=@}) +else + args=("--flake .#$(hostname -s)" ${=@}) +fi + cd /etc/nixos && \ nix flake update && \ - nixos-rebuild switch --upgrade --show-trace && \ + nixos-rebuild switch --upgrade --show-trace ${=args} && \ echo && \ nixos-rebuild list-generations | cat && \ echo && \ |