diff options
Diffstat (limited to 'hosts')
46 files changed, 1225 insertions, 436 deletions
diff --git a/hosts/arrakis/default.nix b/hosts/arrakis/default.nix index 7385eaf..204f30c 100644 --- a/hosts/arrakis/default.nix +++ b/hosts/arrakis/default.nix @@ -3,9 +3,9 @@ initrd.kernelModules = [ "zfs" ]; kernel.sysctl = { "net.ipv4.ip_forward" = 1; - "net.ipv4.conf.all.proxy_arp" = 1; + #"net.ipv4.conf.all.proxy_arp" = 1; }; - kernelPackages = pkgs.linuxPackages_6_12; + kernelPackages = pkgs.master.linuxPackages_6_15; loader = { efi = { canTouchEfiVariables = true; @@ -76,38 +76,38 @@ } ''; - environment.systemPackages = with pkgs; [ - angband - assaultcube - bsdgames - bzflag - extremetuxracer - #frozen-bubble - hedgewars - kobodeluxe - lidarr - mailutils - megacmd - moc - nethack - #openttd - prowlarr - qbittorrent-nox - radarr - rdiff-backup - readarr - #scorched3d - signal-desktop - sonarr - superTux - superTuxKart - umoria - vial - warzone2100 - #wine9_22.wineWowPackages.stagingFull - wpa_supplicant - xonotic-sdl - #xpilot-ng + environment.systemPackages = [ + pkgs.angband + #pkgs.assaultcube + pkgs.bsdgames + pkgs.bzflag + pkgs.extremetuxracer + #pkgs.frozen-bubble + pkgs.hedgewars + pkgs.kobodeluxe + pkgs.lidarr + pkgs.mailutils + pkgs.megacmd + pkgs.moc + pkgs.nethack + #pkgs.openttd + pkgs.prowlarr + pkgs.qbittorrent-nox + pkgs.radarr + pkgs.rdiff-backup + pkgs.readarr + #pkgs.scorched3d + pkgs.signal-desktop + pkgs.sonarr + pkgs.superTux + pkgs.superTuxKart + pkgs.umoria + pkgs.vial + pkgs.warzone2100 + #pkgs.wine9_22.wineWowPackages.stagingFull + pkgs.wpa_supplicant + pkgs.xonotic-sdl + #pkgs.xpilot-ng ]; imports = [ @@ -115,20 +115,20 @@ ./hardware-configuration.nix ./services.nix ../common/core - ../common/optional/adb.nix - ../common/optional/db.nix + #../common/optional/adb.nix + #../common/optional/db.nix ../common/optional/dev.nix - ../common/optional/ebooks.nix + #../common/optional/ebooks.nix ../common/optional/games.nix ../common/optional/google-authenticator.nix ../common/optional/misc.nix ../common/optional/multimedia.nix - ../common/optional/pipewire.nix - ../common/optional/sdr.nix + #../common/optional/pipewire.nix + #../common/optional/sdr.nix ../common/optional/services/chrony.nix ../common/optional/services/openssh.nix - ../common/optional/services/xorg.nix - ../common/optional/sound.nix + #../common/optional/services/xorg.nix + #../common/optional/sound.nix ../common/optional/wdt.nix ../common/optional/zfs.nix ../common/users/nipsy @@ -138,13 +138,13 @@ networking = { defaultGateway = { address = "192.168.1.1"; - interface = "wlp5s0"; + interface = "enp6s0"; }; domain = "bitgnome.net"; hostId = "2ae4c89f"; hostName = "arrakis"; interfaces = { - wlp5s0 = { + enp6s0 = { ipv4.addresses = [ { address = "192.168.1.2"; prefixLength = 24; } ]; @@ -195,6 +195,11 @@ presharedKeyFile = "${config.sops.secrets."wireguard/timetrad_psk".path}"; publicKey = "/lWCEMGRIr3Gl/3GQYuweAKylhH5H2KqamiXeocYFVM="; } + { # fangorn + allowedIPs = [ "10.4.20.9/32" ]; + presharedKeyFile = "${config.sops.secrets."wireguard/fangorn_psk".path}"; + publicKey = "G4oahOfaCR+ecXLGM2ilPYzqX6x8v/6z8VIo2vP2RC4="; + } { # ginaz allowedIPs = [ "10.4.20.254/32" ]; presharedKeyFile = "${config.sops.secrets."wireguard/ginaz_psk".path}"; @@ -230,9 +235,6 @@ ]; }; - services.openssh.settings.X11Forwarding = true; - services.xserver.videoDrivers = [ "nvidia" ]; - sops = { age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; defaultSopsFile = ../secrets/arrakis.yaml; @@ -243,6 +245,7 @@ "ssh_config".path = "/root/.ssh/config"; "wireguard/arrakis_key" = {}; "wireguard/black-sheep_psk" = {}; + "wireguard/fangorn_psk" = {}; "wireguard/ginaz_psk" = {}; "wireguard/homer_psk" = {}; "wireguard/lilnasx_psk" = {}; @@ -293,18 +296,18 @@ }; "nftables-extra" = let rules_script = '' - ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" tcp dport { http, https } counter accept # 80, 443' - ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" udp dport { netbios-ns, netbios-dgm } counter accept # 137, 138' - ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" tcp dport { netbios-ssn, microsoft-ds } counter accept # 139, 445' - ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" tcp dport 2049 counter accept' - ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" udp dport { 2456, 2457 } counter accept # Valheim dedicated server' - ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" udp dport 5121 counter accept # Neverwinter Nights Server' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" tcp dport { http, https } counter accept # 80, 443' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" udp dport { netbios-ns, netbios-dgm } counter accept # 137, 138' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" tcp dport { netbios-ssn, microsoft-ds } counter accept # 139, 445' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" tcp dport 2049 counter accept' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" udp dport { 2456, 2457 } counter accept # Valheim dedicated server' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" udp dport 5121 counter accept # Neverwinter Nights Server' ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "veth.host" tcp dport { 7878, 8080, 8686, 8787, 8989 } counter accept # Radarr, Sabnzb, Lidarr, Sonarr, Readarr' - ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" tcp dport { 7878, 8080, 8686, 8787, 8989 } counter accept # Radarr, Sabnzb, Lidarr, Sonarr, Readarr' - ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" udp dport 15637 counter accept # Enshrouded' - ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" ip saddr 192.168.1.0/24 udp dport { 27031, 27036 } counter accept # Steam Remote Play' - ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" ip saddr 192.168.1.0/24 tcp dport { 27036, 27037 } counter accept # Steam Remote Play' - ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" udp dport 51820 counter accept # WireGuard' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" tcp dport { 7878, 8080, 8686, 8787, 8989 } counter accept # Radarr, Sabnzb, Lidarr, Sonarr, Readarr' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" udp dport 15637 counter accept # Enshrouded' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" ip saddr 192.168.1.0/24 udp dport { 27031, 27036 } counter accept # Steam Remote Play' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" ip saddr 192.168.1.0/24 tcp dport { 27036, 27037 } counter accept # Steam Remote Play' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" udp dport 51820 counter accept # WireGuard' ${pkgs.nftables}/bin/nft -f ${config.sops.secrets."nftables/ssh".path} ''; in { description = "nftables extra firewall rules"; diff --git a/hosts/arrakis/hardware-configuration.nix b/hosts/arrakis/hardware-configuration.nix index c709789..c7a6652 100644 --- a/hosts/arrakis/hardware-configuration.nix +++ b/hosts/arrakis/hardware-configuration.nix @@ -53,8 +53,8 @@ graphics = { enable = true; - extraPackages = with pkgs; [ nvidia-vaapi-driver ]; - extraPackages32 = with pkgs.pkgsi686Linux; [ nvidia-vaapi-driver ]; + extraPackages = [ pkgs.nvidia-vaapi-driver ]; + extraPackages32 = [ pkgs.pkgsi686Linux.nvidia-vaapi-driver ]; }; nvidia = let diff --git a/hosts/arrakis/services.nix b/hosts/arrakis/services.nix index 9c283aa..3b62e18 100644 --- a/hosts/arrakis/services.nix +++ b/hosts/arrakis/services.nix @@ -91,10 +91,10 @@ ]; config = { - environment.systemPackages = with pkgs; [ - git - iperf - rsync + environment.systemPackages = [ + pkgs.git + pkgs.iperf + pkgs.rsync ]; nix.settings.experimental-features = [ "nix-command" "flakes" ]; @@ -104,8 +104,8 @@ openFirewall = true; settings = { - PasswordAuthentication = false; KbdInteractiveAuthentication = false; + PasswordAuthentication = false; }; }; @@ -224,7 +224,15 @@ }; }; + openssh.settings = { + StreamLocalBindUnlink = true; + }; + postfix = let my_email = "nipsy@bitgnome.net"; in { + config.smtpd_tls_chain_files = [ + "/var/lib/acme/arrakis.bitgnome.net/key.pem" + "/var/lib/acme/arrakis.bitgnome.net/fullchain.pem" + ]; enable = true; extraAliases = '' nipsy: ${my_email} @@ -233,8 +241,6 @@ relayHost = "mail.bitgnome.net"; relayPort = 587; rootAlias = my_email; - sslCert = "/var/lib/acme/arrakis.bitgnome.net/fullchain.pem"; - sslKey = "/var/lib/acme/arrakis.bitgnome.net/key.pem"; }; printing.enable = true; @@ -321,10 +327,12 @@ ]; }; - udev.packages = with pkgs; [ - vial + udev.packages = [ + pkgs.vial ]; + xserver.videoDrivers = [ "nvidia" ]; + }; #systemd.services.nginx.serviceConfig.ProtectHome = lib.mkForce false; diff --git a/hosts/caladan/default.nix b/hosts/caladan/default.nix new file mode 100644 index 0000000..0010569 --- /dev/null +++ b/hosts/caladan/default.nix @@ -0,0 +1,175 @@ +{ config, inputs, outputs, pkgs, ... }: { + boot = { + initrd.kernelModules = [ "amdgpu" "zfs" ]; + kernelPackages = pkgs.master.linuxPackages_6_15; + #kernelParams = [ + # "amdgpu.ppfeaturemask=0xfffd3fff" + # "split_lock_detect=off" + #]; + loader = { + efi = { + canTouchEfiVariables = true; + efiSysMountPoint = "/efiboot/efi1"; + }; + systemd-boot = { + enable = true; + extraInstallCommands = '' + ${pkgs.rsync}/bin/rsync -av --delete /efiboot/efi1/ /efiboot/efi2 + ''; + }; + timeout = 3; + }; + supportedFilesystems = [ "zfs" ]; + zfs.package = pkgs.master.zfs; + }; + + environment.systemPackages = [ + pkgs.angband + #pkgs.assaultcube + pkgs.bsdgames + pkgs.bzflag + pkgs.extremetuxracer + pkgs.fastfetch + #pkgs.frozen-bubble + pkgs.hedgewars + pkgs.kobodeluxe + pkgs.mailutils + pkgs.moc + pkgs.nethack + #pkgs.openttd + pkgs.qbittorrent-nox + pkgs.rdiff-backup + #pkgs.scorched3d + pkgs.signal-desktop + pkgs.superTux + pkgs.superTuxKart + pkgs.umoria + pkgs.vial + pkgs.warzone2100 + #pkgs.wine9_22.wineWowPackages.stagingFull + pkgs.wpa_supplicant + pkgs.xonotic-sdl + #pkgs.xpilot-ng + ]; + + imports = [ + ./disks.nix + ./hardware-configuration.nix + ./services.nix + ../common/core + ../common/optional/adb.nix + ../common/optional/db.nix + ../common/optional/dev.nix + ../common/optional/ebooks.nix + ../common/optional/games.nix + ../common/optional/google-authenticator.nix + ../common/optional/misc.nix + ../common/optional/multimedia.nix + ../common/optional/pipewire.nix + ../common/optional/sdr.nix + ../common/optional/services/chrony.nix + ../common/optional/services/openssh.nix + ../common/optional/services/wayland.nix + #../common/optional/services/xorg.nix + ../common/optional/sound.nix + ../common/optional/wdt.nix + ../common/optional/zfs.nix + ../common/users/nipsy + ../common/users/root + ]; + + networking = { + defaultGateway = { + address = "192.168.1.1"; + interface = "wlp15s0"; + }; + domain = "bitgnome.net"; + hostId = "8981d1e5"; + hostName = "caladan"; + interfaces = { + wlp15s0 = { + ipv4.addresses = [ + { address = "192.168.1.4"; prefixLength = 24; } + ]; + }; + }; + nameservers = [ "192.168.1.1" ]; + nftables.enable = true; + useDHCP = false; + wireless = { + enable = true; + networks = { + "Crystal Palace" = { + pskRaw = "ext:psk_crystal_palace"; + }; + }; + secretsFile = "${config.sops.secrets."wpa_supplicant".path}"; + }; + }; + + nixpkgs = { + config = { + allowUnfree = true; + }; + hostPlatform = "x86_64-linux"; + overlays = [ + #inputs.nvidia-patch.overlays.default + outputs.overlays.additions + outputs.overlays.modifications + outputs.overlays.master-packages + outputs.overlays.stable-packages + #outputs.overlays.wine9_22-packages + ]; + }; + + services.openssh.settings.X11Forwarding = true; + services.xserver.videoDrivers = [ "amdgpu" ]; + + sops = { + age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + defaultSopsFile = ../secrets/caladan.yaml; + + secrets = { + "nftables/ssh" = {}; + "nix-access-token-github" = {}; + "ssh_config".path = "/root/.ssh/config"; + "wpa_supplicant" = {}; + }; + }; + + system.stateVersion = "23.11"; + + systemd.services = { + + "nftables-extra" = let rules_script = '' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" udp dport { 2456, 2457 } counter accept # Valheim dedicated server' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" udp dport 5121 counter accept # Neverwinter Nights Server' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" udp dport 15637 counter accept # Enshrouded' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" ip saddr 192.168.1.0/24 udp dport { 27031, 27036 } counter accept # Steam Remote Play' + ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "enp6s0" ip saddr 192.168.1.0/24 tcp dport { 27036, 27037 } counter accept # Steam Remote Play' + ${pkgs.nftables}/bin/nft -f ${config.sops.secrets."nftables/ssh".path} + ''; in { + description = "nftables extra firewall rules"; + reload = rules_script; + script = rules_script; + serviceConfig = { + RemainAfterExit = true; + Type = "oneshot"; + }; + unitConfig = { + ConditionPathExists = [ + config.sops.secrets."nftables/ssh".path + ]; + ReloadPropagatedFrom = "nftables.service"; + }; + wantedBy = [ "multi-user.target" ]; + after = [ "nftables.service" ]; + partOf = [ "nftables.service" ]; + }; + + }; + + users.users.root.openssh.authorizedKeys.keys = [ + (builtins.readFile ../common/users/nipsy/keys/id_att.pub) + ]; +} diff --git a/hosts/caladan/disks.nix b/hosts/caladan/disks.nix new file mode 100644 index 0000000..8961361 --- /dev/null +++ b/hosts/caladan/disks.nix @@ -0,0 +1,132 @@ +{ + disko.devices = { + disk = { + nvme0n1 = { + type = "disk"; + device = "/dev/disk/by-id/nvme-CT4000P3PSSD8_2512E9B12C42"; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "1G"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/efiboot/efi1"; + mountOptions = [ "X-mount.mkdir" "umask=0077" ]; + extraArgs = [ "-nESP1" ]; + }; + }; + swap = { + size = "32G"; + type = "8200"; + content = { + type = "swap"; + extraArgs = [ "-L swap1" ]; + }; + }; + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "rpool"; + }; + }; + }; + }; + }; + nvme1n1 = { + type = "disk"; + device = "/dev/disk/by-id/nvme-CT4000P3PSSD8_2512E9B12C44"; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "1G"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/efiboot/efi2"; + mountOptions = [ "X-mount.mkdir" "umask=0077" ]; + extraArgs = [ "-nESP2" ]; + }; + }; + swap = { + size = "32G"; + type = "8200"; + content = { + type = "swap"; + extraArgs = [ "-L swap2" ]; + }; + }; + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "rpool"; + }; + }; + }; + }; + }; + }; + zpool = { + rpool = { + mode = "mirror"; + type = "zpool"; + rootFsOptions = { + acltype = "posixacl"; + canmount = "off"; + compression = "on"; + dnodesize = "auto"; + relatime = "on"; + xattr = "sa"; + }; + options = { + ashift = "12"; + autotrim = "on"; + }; + datasets = { + "local" = { + type = "zfs_fs"; + options.mountpoint = "none"; + }; + "local/root" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/"; + }; + "local/nix" = { + type = "zfs_fs"; + options = { + atime = "off"; + mountpoint = "legacy"; + }; + mountpoint = "/nix"; + }; + "user" = { + type = "zfs_fs"; + options.mountpoint = "none"; + }; + "user/home" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/home"; + }; + "user/home/root" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/root"; + }; + "user/home/nipsy" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/home/nipsy"; + }; + }; + }; + }; + }; +} diff --git a/hosts/caladan/hardware-configuration.nix b/hosts/caladan/hardware-configuration.nix new file mode 100644 index 0000000..de0e516 --- /dev/null +++ b/hosts/caladan/hardware-configuration.nix @@ -0,0 +1,57 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, inputs, lib, outputs, pkgs, modulesPath, ... }: + +{ + imports = + [ #(modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot = { + extraModulePackages = [ ]; + initrd.availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "sd_mod" ]; + initrd.kernelModules = [ ]; + kernelModules = [ "kvm-amd" ]; + #zfs.extraPools = [ "data" ]; + }; + + environment.sessionVariables = { + #LIBVA_DRIVER_NAME = "nvidia"; + MOZ_DISABLE_RDD_SANDBOX = "1"; + }; + + hardware = { + bluetooth.enable = true; + + graphics = { + enable = true; + #extraPackages = [ pkgs.nvidia-vaapi-driver ]; + #extraPackages32 = [ pkgs.pkgsi686Linux.nvidia-vaapi-driver ]; + }; + + #nvidia = let + # betaPkg = config.boot.kernelPackages.nvidiaPackages.beta; + # pkgAfterFbc = if builtins.hasAttr betaPkg.version pkgs.nvidia-patch-list.fbc then pkgs.nvidia-patch.patch-fbc betaPkg else betaPkg; + # finalPkg = if builtins.hasAttr betaPkg.version pkgs.nvidia-patch-list.nvenc then pkgs.nvidia-patch.patch-nvenc pkgAfterFbc else pkgAfterFbc; + #in { + # modesetting.enable = true; + # open = true; + # package = if finalPkg == betaPkg then betaPkg else finalPkg; + #}; + + printers = let + brother = "Brother_HL-L2340D"; + ip = "192.168.1.20"; + in { + ensureDefaultPrinter = brother; + ensurePrinters = [{ + name = brother; + deviceUri = "ipp://${ip}/ipp"; + model = "everywhere"; + description = lib.replaceStrings [ "_" ] [ " " ] brother; + location = "home"; + }]; + }; + }; +} diff --git a/hosts/caladan/services.nix b/hosts/caladan/services.nix new file mode 100644 index 0000000..4644188 --- /dev/null +++ b/hosts/caladan/services.nix @@ -0,0 +1,35 @@ +{ config, lib, pkgs, ... }: { + + services = { + + clamav.updater.enable = true; + + cron.enable = true; + + dictd.enable = true; + + iperf3.openFirewall = true; + + printing.enable = true; + + #smartd = let my_email_addr = "nipsy@bitgnome.net"; in { + # enable = true; + # devices = [ + # { + # device = "/dev/disk/by-id/nvme-WD_BLACK_SN850X_4000GB_23162P800005"; + # options = "-a -o on -S on -m ${my_email_addr}"; + # } + # { + # device = "/dev/disk/by-id/nvme-WD_BLACK_SN850X_4000GB_23162P800014"; + # options = "-a -o on -S on -m ${my_email_addr}"; + # } + # ]; + #}; + + udev.packages = [ + pkgs.vial + ]; + + }; + +} diff --git a/hosts/common/core/default.nix b/hosts/common/core/default.nix index 771fa0d..8a0fe8a 100644 --- a/hosts/common/core/default.nix +++ b/hosts/common/core/default.nix @@ -9,99 +9,99 @@ documentation.dev.enable = true; documentation.man.enable = true; - environment.systemPackages = with pkgs; [ - acl - age - bash - bc - bind - binutils - bpftools - bpftrace - bzip2 - colordiff - conntrack-tools - coreutils - cpio - curl - diceware - diffutils - dig - dmidecode - elinks - ethtool - file - findutils - fping - git - gnugrep - gnupatch - gnused - gnutar - gptfdisk - gzip - htop - iproute2 - iputils - jq - less - lshw - lsof - lvm2 - lynx - moreutils - nano - ncurses - netcat-openbsd - nettools - nix-index - nmap - ntfs3g - nvd - oath-toolkit - openldap - openssl - p7zip - parted - patchelf - pciutils - procps - progress - psmisc - pv - pwgen - qemu_kvm - recode - rsync - sg3_utils - smartmontools - socat - sops - sqlite - ssh-to-age - ssh-to-pgp - stoken - strace - sysstat - tcpdump - tftp-hpa - traceroute - tree - tshark - unixtools.xxd - unrar - unzip - usbutils - util-linux - vim - wdiff - wget - whois - wireguard-tools - xkcdpass - xz - zip - zstd + environment.systemPackages = [ + pkgs.acl + pkgs.age + pkgs.bash + pkgs.bc + pkgs.bind + pkgs.binutils + pkgs.bpftools + pkgs.bpftrace + pkgs.bzip2 + pkgs.colordiff + pkgs.conntrack-tools + pkgs.coreutils + pkgs.cpio + pkgs.curl + pkgs.diceware + pkgs.diffutils + pkgs.dig + pkgs.dmidecode + pkgs.elinks + pkgs.ethtool + pkgs.file + pkgs.findutils + pkgs.fping + pkgs.git + pkgs.gnugrep + pkgs.gnupatch + pkgs.gnused + pkgs.gnutar + pkgs.gptfdisk + pkgs.gzip + pkgs.htop + pkgs.iproute2 + pkgs.iputils + pkgs.jq + pkgs.less + pkgs.lshw + pkgs.lsof + pkgs.lvm2 + pkgs.lynx + pkgs.moreutils + pkgs.nano + pkgs.ncurses + pkgs.netcat-openbsd + pkgs.nettools + pkgs.nix-index + pkgs.nmap + pkgs.ntfs3g + pkgs.nvd + pkgs.oath-toolkit + pkgs.openldap + pkgs.openssl + pkgs.p7zip + pkgs.parted + pkgs.patchelf + pkgs.pciutils + pkgs.procps + pkgs.progress + pkgs.psmisc + pkgs.pv + pkgs.pwgen + pkgs.qemu_kvm + pkgs.recode + pkgs.rsync + pkgs.sg3_utils + pkgs.smartmontools + pkgs.socat + pkgs.sops + pkgs.sqlite + pkgs.ssh-to-age + pkgs.ssh-to-pgp + pkgs.stoken + pkgs.strace + pkgs.sysstat + pkgs.tcpdump + pkgs.tftp-hpa + pkgs.traceroute + pkgs.tree + pkgs.tshark + pkgs.unixtools.xxd + pkgs.unrar + pkgs.unzip + pkgs.usbutils + pkgs.util-linux + pkgs.vim + pkgs.wdiff + pkgs.wget + pkgs.whois + pkgs.wireguard-tools + pkgs.xkcdpass + pkgs.xz + pkgs.zip + pkgs.zstd ]; hardware.enableRedistributableFirmware = true; diff --git a/hosts/common/core/nix.nix b/hosts/common/core/nix.nix index 14252d8..c6279dc 100644 --- a/hosts/common/core/nix.nix +++ b/hosts/common/core/nix.nix @@ -24,6 +24,13 @@ in { }; - systemd.services."nix-daemon".environment.TMPDIR = build-tmp; + systemd = { + services."nix-daemon".environment.TMPDIR = build-tmp; + user.services."nix-gc" = { + description = "Garbage collection for user profiles"; + script = "/run/current-system/sw/bin/nix-collect-garbage --delete-older-than 30d"; + startAt = "daily"; + }; + }; } diff --git a/hosts/common/core/shells.nix b/hosts/common/core/shells.nix index 0469b8c..f02ec63 100644 --- a/hosts/common/core/shells.nix +++ b/hosts/common/core/shells.nix @@ -1,8 +1,7 @@ { pkgs, ... }: { - environment.systemPackages = builtins.attrValues { - inherit (pkgs) - bash - zsh; - }; + environment.systemPackages = [ + pkgs.bash + pkgs.zsh + ]; } diff --git a/hosts/common/optional/db.nix b/hosts/common/optional/db.nix index af6766e..d4410bd 100644 --- a/hosts/common/optional/db.nix +++ b/hosts/common/optional/db.nix @@ -1,8 +1,7 @@ { pkgs, ... }: { - environment.systemPackages = builtins.attrValues { - inherit (pkgs) - mariadb - postgresql; - }; + environment.systemPackages = [ + pkgs.mariadb + pkgs.postgresql + ]; } diff --git a/hosts/common/optional/dev.nix b/hosts/common/optional/dev.nix index c25ab08..8238424 100644 --- a/hosts/common/optional/dev.nix +++ b/hosts/common/optional/dev.nix @@ -1,20 +1,19 @@ { pkgs, ... }: { - environment.systemPackages = builtins.attrValues { - inherit (pkgs) - autoconf - automake - cargo - cmake - gcc - go - nasm - perl - pkg-config - python3 - rustc - virtualenv - yasm - zig; - }; + environment.systemPackages = [ + pkgs.autoconf + pkgs.automake + pkgs.cargo + pkgs.cmake + pkgs.gcc + pkgs.go + pkgs.nasm + pkgs.perl + pkgs.pkg-config + pkgs.python3 + pkgs.rustc + pkgs.virtualenv + pkgs.yasm + pkgs.zig + ]; } diff --git a/hosts/common/optional/ebooks.nix b/hosts/common/optional/ebooks.nix index e25a76d..1805b7a 100644 --- a/hosts/common/optional/ebooks.nix +++ b/hosts/common/optional/ebooks.nix @@ -1,8 +1,8 @@ { pkgs, ... }: { - environment.systemPackages = with pkgs; [ - libgourou - calibre + environment.systemPackages = [ + pkgs.libgourou + pkgs.calibre ]; services.udisks2.enable = true; diff --git a/hosts/common/optional/games.nix b/hosts/common/optional/games.nix index 39a07cd..71bcd95 100644 --- a/hosts/common/optional/games.nix +++ b/hosts/common/optional/games.nix @@ -1,23 +1,14 @@ { pkgs, ... }: { - #environment.systemPackages = builtins.attrValues { - # inherit (pkgs) - # godot_4 - # mame - # mednafen - # mednaffe - # winetricks; - #}; - - environment.systemPackages = with pkgs; [ - godot_4 - mame - mame.tools - mednafen - mednaffe - protontricks - winetricks - wineWowPackages.stagingFull + environment.systemPackages = [ + #pkgs.master.godot + pkgs.mame + pkgs.mame.tools + pkgs.mednafen + pkgs.mednaffe + pkgs.protontricks + pkgs.winetricks + pkgs.master.wineWowPackages.stagingFull ]; programs.steam = { diff --git a/hosts/common/optional/google-authenticator.nix b/hosts/common/optional/google-authenticator.nix index 09079d8..721346e 100644 --- a/hosts/common/optional/google-authenticator.nix +++ b/hosts/common/optional/google-authenticator.nix @@ -1,10 +1,9 @@ { pkgs, ... }: { - environment.systemPackages = builtins.attrValues { - inherit (pkgs) - #other - google-authenticator; - }; + environment.systemPackages = [ + #pkgs.other + pkgs.google-authenticator + ]; security.pam.services = { chfn.googleAuthenticator.enable = true; diff --git a/hosts/common/optional/misc.nix b/hosts/common/optional/misc.nix index 492d13f..c634c34 100644 --- a/hosts/common/optional/misc.nix +++ b/hosts/common/optional/misc.nix @@ -1,37 +1,38 @@ { pkgs, ... }: { - environment.systemPackages = with pkgs; [ - ansible - aspell - aspellDicts.en - aspellDicts.en-computers - aspellDicts.en-science - dict - encfs - enscript - expect - fio - fortune - ghostscript - imagemagick - inxi - iotop - ipcalc - iperf - mutt - poppler_utils - powertop - qrencode - radeontop - speedtest-cli - sshfs - (weechat.override { + environment.systemPackages = [ + pkgs.amdgpu_top + pkgs.ansible + pkgs.aspell + pkgs.aspellDicts.en + pkgs.aspellDicts.en-computers + pkgs.aspellDicts.en-science + pkgs.dict + pkgs.encfs + pkgs.enscript + pkgs.expect + pkgs.fio + pkgs.fortune + pkgs.ghostscript + pkgs.imagemagick + pkgs.inxi + pkgs.iotop + pkgs.ipcalc + pkgs.iperf + pkgs.mutt + pkgs.poppler_utils + pkgs.powertop + pkgs.qrencode + pkgs.radeontop + pkgs.speedtest-cli + pkgs.sshfs + (pkgs.weechat.override { configure = { availablePlugins, ...}: { plugins = with availablePlugins; [ (perl.withPackages(p: [ p.PodParser ])) ] ++ [ python ]; - scripts = with pkgs.weechatScripts; [ - wee-slack + scripts = [ + pkgs.weechatScripts.wee-slack ]; }; }) diff --git a/hosts/common/optional/multimedia.nix b/hosts/common/optional/multimedia.nix index f519992..03f8c03 100644 --- a/hosts/common/optional/multimedia.nix +++ b/hosts/common/optional/multimedia.nix @@ -1,13 +1,10 @@ { pkgs, ... }: { - #environment.systemPackages = builtins.attrValues { - # inherit (pkgs) - environment.systemPackages = with pkgs; [ - ffmpeg - flac - lame - mkvtoolnix-cli - x265#; + environment.systemPackages = [ + pkgs.ffmpeg + pkgs.flac + pkgs.lame + pkgs.mkvtoolnix-cli + pkgs.x265 ]; - #}; } diff --git a/hosts/common/optional/pipewire.nix b/hosts/common/optional/pipewire.nix index da69705..ef50b9c 100644 --- a/hosts/common/optional/pipewire.nix +++ b/hosts/common/optional/pipewire.nix @@ -1,11 +1,11 @@ { pkgs, ... }: { - environment.systemPackages = with pkgs; [ - easyeffects - pamixer - pavucontrol - master.pwvucontrol - qpwgraph + environment.systemPackages = [ + pkgs.easyeffects + pkgs.pamixer + pkgs.pavucontrol + pkgs.pwvucontrol + pkgs.qpwgraph ]; security.pam.loginLimits = [ diff --git a/hosts/common/optional/sdr.nix b/hosts/common/optional/sdr.nix index 8e1e5d2..8362605 100644 --- a/hosts/common/optional/sdr.nix +++ b/hosts/common/optional/sdr.nix @@ -1,10 +1,9 @@ { pkgs, ... }: { - environment.systemPackages = builtins.attrValues { - inherit (pkgs) - fldigi - sdrconnect; - }; + environment.systemPackages = [ + pkgs.fldigi + pkgs.sdrconnect + ]; services.udev.extraRules = '' SUBSYSTEM=="usb",ENV{DEVTYPE}=="usb_device",ATTRS{idVendor}=="1df7",ATTRS{idProduct}=="2500",MODE:="0666" diff --git a/hosts/common/optional/services/dhcp.nix b/hosts/common/optional/services/dhcp.nix index 3eed193..36f8bdb 100644 --- a/hosts/common/optional/services/dhcp.nix +++ b/hosts/common/optional/services/dhcp.nix @@ -7,10 +7,10 @@ "tftp/undionly.kpxe".source = "${pkgs.ipxe}/undionly.kpxe"; }; - systemPackages = with pkgs; [ - ipxe - tftp-hpa - wol + systemPackages = [ + pkgs.ipxe + pkgs.tftp-hpa + pkgs.wol ]; }; diff --git a/hosts/common/optional/services/nsd/bitgnome.net.zone b/hosts/common/optional/services/nsd/bitgnome.net.zone index 038a860..06a93a8 100644 --- a/hosts/common/optional/services/nsd/bitgnome.net.zone +++ b/hosts/common/optional/services/nsd/bitgnome.net.zone @@ -3,7 +3,7 @@ $ORIGIN bitgnome.net. $TTL 1h @ in soa ns.bitgnome.net. nipsy.bitgnome.net. ( - 2025033101 ; serial + 2025062901 ; serial 1d ; refresh 2h ; retry 4w ; expire @@ -29,7 +29,7 @@ $TTL 1h ; name servers ns in a 5.161.149.85 ns in aaaa 2a01:4ff:f0:e164::1 -ns2 in a 67.5.119.0 +ns2 in a 174.31.3.240 ; srv records _xmpp-client._tcp 5m in srv 0 0 5222 bitgnome.net. @@ -67,10 +67,10 @@ mta-sts 5m in cname @ ;royder in cname @ ; external machines -arrakis 1m in a 67.5.119.0 +arrakis 1m in a 174.31.3.240 ;darkstar 1m in a 66.69.213.114 ;nb 1m in a 67.10.209.108 ;terraria 1m in a 128.83.27.4 ;caladan 1m in a 104.130.129.241 ;caladan 1m in aaaa 2001:4800:7818:101:be76:4eff:fe03:db44 -darkstar 1m in a 67.5.119.0 +darkstar 1m in a 174.31.3.240 diff --git a/hosts/common/optional/services/wayland.nix b/hosts/common/optional/services/wayland.nix new file mode 100644 index 0000000..20c9996 --- /dev/null +++ b/hosts/common/optional/services/wayland.nix @@ -0,0 +1,93 @@ +{ config, lib, pkgs, ... }: +{ + environment.systemPackages = [ + pkgs.chafa + pkgs.evince + pkgs.feh + pkgs.gcr + pkgs.geeqie + pkgs.ghostty + pkgs.gimp + #pkgs.gimp-with-plugins + pkgs.google-chrome + pkgs.grim + pkgs.gv + pkgs.inkscape + pkgs.kdePackages.okular + pkgs.libreoffice + pkgs.libva-utils + pkgs.mako + pkgs.mangohud + pkgs.mesa-demos + pkgs.mpv + pkgs.polkit_gnome + pkgs.rdesktop + pkgs.read-edid + pkgs.slurp + pkgs.st + pkgs.sxiv + pkgs.tigervnc + pkgs.turbovnc + pkgs.vdpauinfo + pkgs.vlc + pkgs.vulkan-tools + pkgs.wireshark + pkgs.wl-clipboard + pkgs.x11vnc + pkgs.xclip + pkgs.xdotool + pkgs.xorg.appres + pkgs.xorg.editres + pkgs.xorg.xdpyinfo + pkgs.xorg.xev + pkgs.xscreensaver + pkgs.xsnow + pkgs.xterm + ]; + + programs = { + firefox = { + enable = true; + package = pkgs.master.firefox; + }; + + gamemode.enable = true; + + steam.gamescopeSession.enable = true; + + sway = { + enable = true; + wrapperFeatures.gtk = true; + }; + }; + + security = { + pam = { + loginLimits = [ + { domain = "@users"; item = "rtprio"; type = "-"; value = 1; } + ]; + }; + }; + + services = { + blueman.enable = true; + libinput.enable = true; + printing.enable = true; + }; + + systemd = { + user.services.polkit-gnome-authentication-agent-1 = { + description = "polkit-gnome-authentication-agent-1"; + wantedBy = [ "graphical-session.target" ]; + wants = [ "graphical-session.target" ]; + after = [ "graphical-session.target" ]; + serviceConfig = { + Type = "simple"; + ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1"; + Restart = "on-failure"; + RestartSec = 1; + TimeoutStopSec = 10; + }; + }; + }; +} diff --git a/hosts/common/optional/services/xorg.nix b/hosts/common/optional/services/xorg.nix index 7dccdd3..e0150f4 100644 --- a/hosts/common/optional/services/xorg.nix +++ b/hosts/common/optional/services/xorg.nix @@ -1,46 +1,44 @@ -{ pkgs, ... }: +{ config, lib, pkgs, ... }: { - #environment.systemPackages = builtins.attrValues { - # inherit (pkgs) - environment.systemPackages = with pkgs; [ - chafa - evince - feh - gcr - geeqie - ghostty - gimp - #gimp-with-plugins - google-chrome - gv - inkscape - libreoffice - libva-utils - mesa-demos - mpv - polkit_gnome - rdesktop - read-edid - st - sxiv - tigervnc - turbovnc - vdpauinfo - vlc - vulkan-tools - wireshark - x11vnc - xclip - xdotool - xorg.appres - xorg.editres - xorg.xdpyinfo - xorg.xev - xscreensaver - xsnow - xterm#; + environment.systemPackages = [ + pkgs.chafa + pkgs.evince + pkgs.feh + pkgs.gcr + pkgs.geeqie + pkgs.ghostty + pkgs.gimp + #pkgs.gimp-with-plugins + pkgs.google-chrome + pkgs.gv + pkgs.inkscape + pkgs.kdePackages.okular + pkgs.libreoffice + pkgs.libva-utils + pkgs.mesa-demos + pkgs.mpv + pkgs.polkit_gnome + pkgs.rdesktop + pkgs.read-edid + pkgs.st + pkgs.sxiv + pkgs.tigervnc + pkgs.turbovnc + pkgs.vdpauinfo + pkgs.vlc + pkgs.vulkan-tools + pkgs.wireshark + pkgs.x11vnc + pkgs.xclip + pkgs.xdotool + pkgs.xorg.appres + pkgs.xorg.editres + pkgs.xorg.xdpyinfo + pkgs.xorg.xev + pkgs.xscreensaver + pkgs.xsnow + pkgs.xterm ]; - #}; programs.firefox = { enable = true; @@ -69,17 +67,24 @@ services = { blueman.enable = true; - displayManager.defaultSession = "xsession"; + displayManager = lib.mkIf (config.networking.hostName != "fangorn") { + defaultSession = "xsession"; + }; libinput.enable = true; picom.enable = true; printing.enable = true; xserver = { - displayManager.lightdm = { - enable = true; - extraSeatDefaults = ''greeter-hide-users=true''; - }; + displayManager.lightdm = lib.mkMerge [ + (lib.mkIf (config.networking.hostName == "fangorn") { + enable = true; + }) + (lib.mkIf (config.networking.hostName != "fangorn") { + enable = true; + extraSeatDefaults = ''greeter-hide-users=true''; + }) + ]; - displayManager.session = [ + displayManager.session = lib.mkIf (config.networking.hostName != "fangorn") [ { manage = "desktop"; name = "xsession"; diff --git a/hosts/common/optional/sound.nix b/hosts/common/optional/sound.nix index b07de35..6d369ed 100644 --- a/hosts/common/optional/sound.nix +++ b/hosts/common/optional/sound.nix @@ -1,51 +1,51 @@ { pkgs, ... }: { environment = { - systemPackages = with pkgs; [ - artyFX - audacity - bespokesynth - boops - cardinal - carla - chow-tape-model - cmus - distrho-ports - fluidsynth - #master.fmsynth - #gearmulator - geonkick - guitarix - gxplugins-lv2 - lilypond-unstable-with-fonts - lsp-plugins - metersLv2 - odin2 - oxefmsynth - polyphone - qsynth - reaper - rosegarden - samplv1 - sfizz - sorcer - surge-XT - synthv1 - talentedhack - #master.tunefish - v4l-utils - vapoursynth - vital - vmpk - vocproc - wavpack - winetricks - wineWowPackages.stagingFull - #master.yabridge - #master.yabridgectl - yoshimi - zam-plugins - #zynaddsubfx + systemPackages = [ + pkgs.artyFX + pkgs.audacity + pkgs.bespokesynth + pkgs.boops + pkgs.cardinal + #pkgs.carla + pkgs.chow-tape-model + pkgs.cmus + pkgs.distrho-ports + pkgs.fluidsynth + #pkgs.master.fmsynth + #pkgs.gearmulator + pkgs.geonkick + pkgs.guitarix + pkgs.gxplugins-lv2 + pkgs.lilypond-unstable-with-fonts + pkgs.lsp-plugins + pkgs.metersLv2 + pkgs.odin2 + pkgs.master.oxefmsynth + pkgs.polyphone + pkgs.qsynth + pkgs.reaper + pkgs.rosegarden + pkgs.samplv1 + pkgs.sfizz + pkgs.sorcer + pkgs.surge-XT + pkgs.synthv1 + pkgs.talentedhack + #pkgs.master.tunefish + pkgs.v4l-utils + pkgs.vapoursynth + pkgs.vital + pkgs.vmpk + pkgs.vocproc + pkgs.wavpack + pkgs.winetricks + pkgs.master.wineWowPackages.stagingFull + #pkgs.master.yabridge + #pkgs.master.yabridgectl + pkgs.yoshimi + pkgs.zam-plugins + pkgs.zynaddsubfx ]; }; } diff --git a/hosts/common/users/don/default.nix b/hosts/common/users/don/default.nix new file mode 100644 index 0000000..3c700a7 --- /dev/null +++ b/hosts/common/users/don/default.nix @@ -0,0 +1,32 @@ +{ pkgs, inputs, config, ... }: +let + ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups; + uid = 1001; +in +{ + users.groups.don.gid = uid; + users.users.don = { + description = "Don Arnold"; + extraGroups = [ + "audio" + "video" + "wheel" + ] ++ ifTheyExist [ + "adbusers" + "networkmanager" + "vboxsf" + "vboxusers" + ]; + group = "don"; + home = "/home/don"; + isNormalUser = true; + openssh.authorizedKeys.keys = [ + (builtins.readFile ../nipsy/keys/id_arrakis.pub) + #(builtins.readFile ./keys/id_other.pub) + ]; + + packages = [ pkgs.home-manager ]; + #shell = pkgs.zsh; + uid = uid; + }; +} diff --git a/hosts/common/users/nipsy/default.nix b/hosts/common/users/nipsy/default.nix index 5eacd6f..9d5bfe6 100644 --- a/hosts/common/users/nipsy/default.nix +++ b/hosts/common/users/nipsy/default.nix @@ -1,9 +1,10 @@ { pkgs, inputs, config, ... }: let ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups; + uid = 1000; in { - users.groups.nipsy.gid = 1000; + users.groups.nipsy.gid = uid; users.users.nipsy = { description = "Mark Nipper"; extraGroups = [ @@ -26,5 +27,6 @@ in packages = [ pkgs.home-manager ]; shell = pkgs.zsh; + uid = uid; }; } diff --git a/hosts/darkstar/default.nix b/hosts/darkstar/default.nix index 910e077..2133099 100644 --- a/hosts/darkstar/default.nix +++ b/hosts/darkstar/default.nix @@ -4,7 +4,7 @@ kernel.sysctl = { "net.ipv4.ip_forward" = true; }; - kernelPackages = pkgs.linuxPackages_6_12; + kernelPackages = pkgs.master.linuxPackages_6_15; loader = { efi = { canTouchEfiVariables = true; @@ -22,10 +22,9 @@ zfs.package = pkgs.master.zfs; }; - #environment.systemPackages = with pkgs; [ - # wpa_supplicant - # somethingelse - #]; + environment.systemPackages = [ + pkgs.speedtest-go + ]; imports = [ ./disks.nix @@ -102,6 +101,7 @@ "nftables/forward" = {}; "nftables/ssh" = {}; "nix-access-token-github" = {}; + "ssh_config".path = "/root/.ssh/config"; }; }; diff --git a/hosts/darkstar/services.nix b/hosts/darkstar/services.nix index 7304b48..929ced4 100644 --- a/hosts/darkstar/services.nix +++ b/hosts/darkstar/services.nix @@ -42,6 +42,7 @@ local-data = [ "\"darkstar.bitgnome.net. IN A 192.168.1.1\"" "\"arrakis.bitgnome.net. IN A 192.168.1.2\"" + "\"caladan.bitgnome.net. IN A 192.168.1.4\"" "\"jupiter.bitgnome.net. IN A 192.168.1.11\"" "\"saturn.bitgnome.net. IN A 192.168.1.12\"" "\"uranus.bitgnome.net. IN A 192.168.1.13\"" @@ -51,6 +52,7 @@ local-data-ptr = [ "\"192.168.1.1 darkstar.bitgnome.net\"" "\"192.168.1.2 arrakis.bitgnome.net\"" + "\"192.168.1.4 caladan.bitgnome.net\"" "\"192.168.1.11 jupiter.bitgnome.net\"" "\"192.168.1.12 saturn.bitgnome.net\"" "\"192.168.1.13 uranus.bitgnome.net\"" diff --git a/hosts/fangorn/default.nix b/hosts/fangorn/default.nix new file mode 100644 index 0000000..360aeec --- /dev/null +++ b/hosts/fangorn/default.nix @@ -0,0 +1,84 @@ +{ config, inputs, lib, outputs, pkgs, ... }: { + boot = { + kernelPackages = pkgs.master.linuxPackages_6_15; + loader = { + efi.canTouchEfiVariables = true; + systemd-boot.enable = true; + timeout = 3; + }; + supportedFilesystems = [ "zfs" ]; + zfs = { + devNodes = "/dev/disk/by-label"; + package = pkgs.master.zfs; + }; + }; + + environment.systemPackages = [ + pkgs.signal-desktop + pkgs.wpa_supplicant + ]; + + imports = [ + ./disks.nix + ./hardware-configuration.nix + ../common/core + #../common/optional/db.nix + ../common/optional/dev.nix + ../common/optional/ebooks.nix + #../common/optional/games.nix + ../common/optional/misc.nix + ../common/optional/multimedia.nix + ../common/optional/pipewire.nix + ../common/optional/services/nolid.nix + ../common/optional/services/openssh.nix + #../common/optional/services/tlp.nix + ../common/optional/services/xorg.nix + ../common/optional/sound.nix + ../common/optional/wdt.nix + ../common/optional/zfs.nix + ../common/users/don + ../common/users/nipsy + ../common/users/root + ]; + + networking = { + firewall.extraInputRules = '' + iifname "wg0" tcp dport ssh counter accept + ''; + hostId = "6f1faddc"; + hostName = "fangorn"; + networkmanager.enable = true; + nftables.enable = true; + }; + + nixpkgs = { + config.allowUnfree = true; + hostPlatform = "x86_64-linux"; + overlays = [ + outputs.overlays.additions + outputs.overlays.modifications + outputs.overlays.master-packages + outputs.overlays.stable-packages + ]; + }; + + services.openssh = { + openFirewall = false; + settings.X11Forwarding = true; + }; + services.xserver.desktopManager.xfce.enable = true; + services.xserver.videoDrivers = [ "amdgpu" ]; + + sops = { + age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + defaultSopsFile = ../secrets/fangorn.yaml; + + secrets = { + "nix-access-token-github" = {}; + }; + }; + + system.stateVersion = "23.11"; + + time.timeZone = lib.mkForce "America/Chicago"; +} diff --git a/hosts/fangorn/disks.nix b/hosts/fangorn/disks.nix new file mode 100644 index 0000000..fdef7cf --- /dev/null +++ b/hosts/fangorn/disks.nix @@ -0,0 +1,102 @@ +{ lib, ... }: +{ + disko.devices = { + disk = { + nvme0n1 = { + type = "disk"; + device = "/dev/nvme0n1"; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "1G"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + extraArgs = [ "-nboot" ]; + }; + }; + swap = { + size = "32G"; + type = "8200"; + content = { + type = "swap"; + extraArgs = [ "-L swap" ]; + }; + }; + rpool = { + size = "100%"; + content = { + type = "zfs"; + pool = "rpool"; + }; + }; + }; + }; + }; + }; + zpool = { + rpool = { + type = "zpool"; + rootFsOptions = { + acltype = "posixacl"; + canmount = "off"; + compression = "on"; + dnodesize = "auto"; + relatime = "on"; + xattr = "sa"; + }; + options = { + ashift = "12"; + autotrim = "on"; + }; + datasets = { + "local" = { + type = "zfs_fs"; + options.mountpoint = "none"; + }; + "local/root" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/"; + }; + "local/nix" = { + type = "zfs_fs"; + options = { + atime = "off"; + mountpoint = "legacy"; + }; + mountpoint = "/nix"; + }; + "user" = { + type = "zfs_fs"; + options.mountpoint = "none"; + }; + "user/home" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/home"; + }; + "user/home/root" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/root"; + }; + "user/home/don" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/home/don"; + }; + "user/home/nipsy" = { + type = "zfs_fs"; + options.mountpoint = "legacy"; + mountpoint = "/home/nipsy"; + }; + }; + }; + }; + }; +} diff --git a/hosts/fangorn/hardware-configuration.nix b/hosts/fangorn/hardware-configuration.nix new file mode 100644 index 0000000..17a6bc6 --- /dev/null +++ b/hosts/fangorn/hardware-configuration.nix @@ -0,0 +1,33 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot = { + initrd = { + availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "sd_mod" ]; + kernelModules = [ ]; + }; + kernelModules = [ "kvm-amd" ]; + extraModulePackages = [ ]; + }; + + fileSystems."/boot" = { + device = lib.mkForce "/dev/disk/by-label/boot"; + }; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. + #networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true; + + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/ginaz/default.nix b/hosts/ginaz/default.nix index 209a02e..c01595e 100644 --- a/hosts/ginaz/default.nix +++ b/hosts/ginaz/default.nix @@ -1,7 +1,7 @@ { config, inputs, outputs, pkgs, ... }: { boot = { initrd.kernelModules = [ "amdgpu" "zfs" ]; - kernelPackages = pkgs.linuxPackages_6_12; + kernelPackages = pkgs.master.linuxPackages_6_15; loader = { efi.canTouchEfiVariables = true; systemd-boot.enable = true; @@ -11,9 +11,9 @@ zfs.package = pkgs.master.zfs; }; - environment.systemPackages = with pkgs; [ - signal-desktop - #master.wsmancli + environment.systemPackages = [ + pkgs.signal-desktop + #pkgs.master.wsmancli ]; imports = [ diff --git a/hosts/ginaz/hardware-configuration.nix b/hosts/ginaz/hardware-configuration.nix index 24f60cd..670a58c 100644 --- a/hosts/ginaz/hardware-configuration.nix +++ b/hosts/ginaz/hardware-configuration.nix @@ -23,8 +23,8 @@ graphics = { enable = true; - extraPackages = with pkgs; [ nvidia-vaapi-driver ]; - extraPackages32 = with pkgs.pkgsi686Linux; [ nvidia-vaapi-driver ]; + extraPackages = [ pkgs.nvidia-vaapi-driver ]; + extraPackages32 = [ pkgs.pkgsi686Linux.nvidia-vaapi-driver ]; }; nvidia = let diff --git a/hosts/jupiter/default.nix b/hosts/jupiter/default.nix index d5f95fc..4c996b4 100644 --- a/hosts/jupiter/default.nix +++ b/hosts/jupiter/default.nix @@ -4,7 +4,7 @@ #kernel.sysctl = { # "net.ipv4.ip_forward" = true; #}; - kernelPackages = pkgs.linuxPackages_6_12; + kernelPackages = pkgs.master.linuxPackages_6_15; loader = { efi.canTouchEfiVariables = true; systemd-boot.enable = true; @@ -17,8 +17,8 @@ }; }; - environment.systemPackages = with pkgs; [ - wpa_supplicant + environment.systemPackages = [ + pkgs.wpa_supplicant ]; imports = [ diff --git a/hosts/kaitain/default.nix b/hosts/kaitain/default.nix index 706bb57..76a7424 100644 --- a/hosts/kaitain/default.nix +++ b/hosts/kaitain/default.nix @@ -1,7 +1,7 @@ { config, inputs, lib, outputs, pkgs, ... }: { boot = { initrd.kernelModules = [ "zfs" ]; - kernelPackages = pkgs.linuxPackages_6_12; + kernelPackages = pkgs.master.linuxPackages_6_15; loader = { efi.canTouchEfiVariables = true; systemd-boot.enable = true; @@ -14,8 +14,8 @@ }; }; - environment.systemPackages = with pkgs; [ - git-review + environment.systemPackages = [ + pkgs.git-review ]; imports = [ @@ -60,6 +60,7 @@ secrets = { "nix-access-token-github" = {}; + "ssh_config".path = "/root/.ssh/config"; }; }; diff --git a/hosts/neptune/default.nix b/hosts/neptune/default.nix index 7fdef31..6262969 100644 --- a/hosts/neptune/default.nix +++ b/hosts/neptune/default.nix @@ -4,7 +4,7 @@ #kernel.sysctl = { # "net.ipv4.ip_forward" = true; #}; - kernelPackages = pkgs.linuxPackages_6_12; + kernelPackages = pkgs.master.linuxPackages_6_15; loader = { efi.canTouchEfiVariables = true; systemd-boot.enable = true; @@ -17,8 +17,8 @@ }; }; - environment.systemPackages = with pkgs; [ - wpa_supplicant + environment.systemPackages = [ + pkgs.wpa_supplicant ]; imports = [ diff --git a/hosts/richese/default.nix b/hosts/richese/default.nix index 5d9e2fc..cf42235 100644 --- a/hosts/richese/default.nix +++ b/hosts/richese/default.nix @@ -1,7 +1,7 @@ { config, inputs, lib, outputs, pkgs, ... }: { boot = { initrd.kernelModules = [ "zfs" ]; - kernelPackages = pkgs.linuxPackages_6_12; + kernelPackages = pkgs.master.linuxPackages_6_15; loader.grub.enable = true; supportedFilesystems = [ "zfs" ]; zfs = { @@ -10,9 +10,9 @@ }; }; - environment.systemPackages = with pkgs; [ - git-review - master.openstackclient-full + environment.systemPackages = [ + pkgs.git-review + pkgs.openstackclient-full ]; imports = [ @@ -57,6 +57,7 @@ secrets = { "nix-access-token-github" = {}; + "ssh_config".path = "/root/.ssh/config"; }; }; diff --git a/hosts/saturn/default.nix b/hosts/saturn/default.nix index 1e7d21c..34a4c29 100644 --- a/hosts/saturn/default.nix +++ b/hosts/saturn/default.nix @@ -4,7 +4,7 @@ #kernel.sysctl = { # "net.ipv4.ip_forward" = true; #}; - kernelPackages = pkgs.linuxPackages_6_12; + kernelPackages = pkgs.master.linuxPackages_6_15; loader = { efi.canTouchEfiVariables = true; systemd-boot.enable = true; @@ -17,8 +17,8 @@ }; }; - environment.systemPackages = with pkgs; [ - wpa_supplicant + environment.systemPackages = [ + pkgs.wpa_supplicant ]; imports = [ diff --git a/hosts/secrets/arrakis.yaml b/hosts/secrets/arrakis.yaml index 5261c80..b17393d 100644 --- a/hosts/secrets/arrakis.yaml +++ b/hosts/secrets/arrakis.yaml @@ -1,10 +1,11 @@ nftables: ssh: ENC[AES256_GCM,data:7XB18w9GPsqxT3MOjfxOyYIjgDZoPzWhKTJIGkhcRGXpf68OekCA0Jv3v5g81pxYNHQz5ky1//T5eEEhskBNT1dalScYXMm90CUOlYKHF975SW46p9ht357vUHngxnu4/Dh36Zmn7u4CMxUIeYsVXXVqujCFH+Ypuy7702hwyNJWa/u5Ik8rlsMMtO8aO+31xMf8MaCGVghDzXqXWaV9FJuuH69TJW0tW1Td2QD9yaMkH1kVSRXYi34Zbgcmf6MzGtWkytexjLqejegFUZ/7D6vQrGQIwYkTmtBvqlf0UUOKkZzXRp9e0ScWNnGJKbQSMes1ablDzwcuTzF6HS04Aykf0/CN8k71PxojWdd8HJEEKp1rL2CFW8LB/7CY8MD5zP4JcUilNiyzaFFQU93BRPg+7T6Dhk+qNIYCRaG/xLxzi4SxVSfMhI++/JwhOFatk9hOs3z8d4JgvMgTN0gKZJftt17CJMlAq3iDNvQC8aiIVaGHKoCSDUBBGS4zI75b8AcWRcSUNTixWnCx89KBBzQYTy4h3ZO0n6SsQvKyKdPWcVpnQtRqcToEJcCwvdwZXW3RfuRutmJb19yxIIagKEqWVYvgxIEZ19aV6HLJwUEnP761VsnskTVXbdPIctl4H5Mdg++K919ZVNZ56I0sE3c4TKukVsT+bn84ymoF/BUO+yvszptiCtpoJMLM/MPBbDT+3HB/rdi3gZKi1/MS3uj9cDTQJa6HeXd0PxxRXrBZnMJouUhMdrfVeUdLRpzZbVEcL7BYy3IBWAT5UUsJ+UrkOgK9nySe0NQ27gxSpooOIaxg8QRH0KB5p6hn2cwIHXT6GqbWdxE9T0G3hQmAvab7xpPA0oDRW4jb236vzBvBt7dWlw3QxRZXClaa2f1tYY7e499xQ+KqgC/zaBHJy74dStbc+aVQQwUyy8PqQ3OkaKL4uAsJHbjNmomTtt4OLwWfJvPY1QprfrbyXpFF5hNupi7aiItluKVpTvw+Sou7N1gmcNsbYunVJC6MMN7TGw+YL9kQ6h+5hDnyOt3sa31mZpIU95+PV6vpdxxkT1NC/HskJDPfcnoYnVj7PuyaRij2yRdmL+o6bN1NhEGl6dDuGy3gW5wos03bb9voMlhStuxrvRjUr/db3U1Z1O5winpWyRsDxkZR2EA4MweNbkWSS3FrZkuY1pYJd2RClrUIfuviB9gBXwntkaD06NJlXYlHr989cWuqrxIJ+tjHwThwozQ8knYs+Aa8bIFiw6BoBeOxl2d4QHml+4LmuWxaRSx4RLprgXCvJewqClbxk+4oyW5NqXxtXIHCQawCW+Z8my9j1hfNgM6Ct4L3hH0IRE2wZML3URRlkPI/FpvjitR0IauPl090mQa/kSfAjd0pcdJy37garUh9xIxkwmoyF6i2lmb3KSrK9G0rYmVMYIM2BVFTICr7yEguX/azw8uSLNdjENZ0D8bLvFhjoYrBf2WryqPrvtwh8nH2Q6XBGvPMgO2Aj9x0UgxVoHFrFi1qsoKqJpDrrIGGqYMKDS+m3VorQ3DAoCOMS6A739rOzjxFvi6ZtA03v1W4bDtldmydiMYpBEIA+ZVw0+1NwsSq+vEEIuyhiA05ev8KrexFyixmMvmqS2iGoJ/0MqpYPDnXwbQS66HY+ipn3Ds0RyZdH1cQEgi89p77nb6tjMLBRdsvkoVGwXQqVsmbMbtDsBX8wyzc5GMjG5oY5nO0FQcnudQuA3BBHWFL4Q+eaPGDx27s9sQxKBRaPfMgBBMV63/nmAcSYaqN8S4lVHWrpZvUCxehZ+5rx5tmI0625JODfN0GWK/ef0XRGNBW1I1KZAw3XmhAo+a0jaWTMaQz++JuV0MpVD8/xViOMBQdNHlBoWyUb9ArdkF2gzjOsWW1zeAFT+KPVPFXu/fQ1ZTN4aUnomC2uLpfKBYkQp1qkXx+BNAWFfzEmv6BJbtJaT432S7KnRJTCyQVyATlnMI1hOgkZO+y1OTXguhy4OBbxjmkib3OpUt0yLGI4cb1s8JtA1T4ZDlK6u70+rE1AlYtRAc3OotAhbOv9Uo071Pr8CA6eCzAt4Y/gGcss/AJ7LB0rG4OCXw/N+ic5N9n0YGn3Zp2XRqheLVWrgZiuN7gj+rORS3EpLUb6JnkanXWM5dAY/gWbRd8+iF7cCRCtnkaARp9Uch77SntUdllX+AGIMnRtcAU1cYkEBzKsDLF0PPZQzPXE4z5cRH7rnDSTLixATHS70vwGkBOe7NukiXBVzK7GBCXP1nzJevb7BeeUg9rDcsCxyejoc7YA8+pczMNxl4wjx3H2/x+JhMWrYcZQdhi8Vzaeoz0ulW8xZ6tO4JhLPA/Cb66B0tq9Za6f+uaJOIfqnl0xem6Rif2qUiKkSAZ4rN/2j8pRj9BMXCvKSttvG6hTTaprCe9Jn9rGi84rnIwZmN98C9KyHaTeKPC2NC4ooCsxOZtpeCCXNfFhqDVGL15NhwCravL/8pKf9bFhKW8DOkZRPy7jWtCCfIu0kkuZUkBLfT1lQ6eXKB6P6sC04IgBPV8Euw3woPOgGkJXCfLnxLljgvn70P3VQ==,iv:OnEBPu/havLABMuANjiKMEmhPX2tk/PlyDY0FwvQnsI=,tag:Qny6XbCXMhAr1AjZjr0ucw==,type:str] nix-access-token-github: ENC[AES256_GCM,data:1kkcaybmrEUrU9lqjKpaEqBBqtmTU9Teh0sEh+7PmAYoJEkyngT48Zzo8zpxN+wHdD9l/XV0iT3tDT/xY0ZMtawdXUI=,iv:8XYmmL0Md3eVLkvW3YkxN3gzGwY6DBvPA2XBdC8ccQ0=,tag:La0H5RJIwV3Ed3jVfqxlog==,type:str] -ssh_config: ENC[AES256_GCM,data:OjZ79joE5H4vcPpgC8o7u65Z96kpc36k+wA76/+aedb1O0oAEZFa/4imtJl88bB9LwvGMitqcvr0WOZ7nakY2y9kEKoVyEYQfkM61h7U8SazZsgHcuuR7JQ03TqUTYw66H/7qvHOcOftHTlp09HKvePuUOS22sPjU20JsV43TdrVcSICSLe8FgLMbojiWzM3uepKN1/7XBQWm1ntkhG7OTRJOvtsCsoE+lJX1Q0xN1NgwjvQotEpjC16m82f4wfq1Kv2RKyafJxTQRjhlxy4TtIYJ6UEM3aBL666+lGKuT6gbqFInVprIhqj/FAKKWmKrw9mqm3LCOQVcNJS4byfUfozMyBMzIlhusMHuqp6x0lR0y3Cfg3EvOWIGdrcu8uwQt2XkqrfFD3/jDfL+bf4CNZD2wHT9mdQXJyhzbTo2V8P3I9VifB0bLAvb8XFb16bcjyO2L7+eb5UA0c1fBKsF6Rol8p5SKwWu2y21B/gVlNOb5YYQn2fDLgTjg0DFQs2dW7uYlfVc4PS37KNQaxXT7qd3COCnuJ5/OVvWZK4hDAs8dEnYgD/bixdl8k8QiB5F2P7sTXFrfGsxaXaUGeG,iv:FQLz3J/+o4TeWsq7dF358DErIMbF9Fq2bJaz5vEwpdI=,tag:PDvywy9MasIrDAyrC3Ge8A==,type:str] +ssh_config: ENC[AES256_GCM,data:f0nNWKZxV+MjG+Jx3JVDiGaPwryaJxivRJrdPB3Ks7vJgieey5xLXkyBbEzFps/S2YLod4MAMQvsvunx4U54Dgz5kJQR+NfsQ4pVdYenqNYxpyCqM1n+oSWwmW0l1Z4F717OsDiadaAp6RJ58GK1pNB/AyV/Xns0EbSyqiwUGTgb/Mb6MeVm01djrfXzEYNHoBVuUA8b0LxdL1xH8CQwmPcbpMHItrO9MWIdHNZrz1YKD4EOfqt9ei0DwdvYbMqqOPrw/5Sgn9oViX/yJxWDJ1M8CHNAWMfAZfnr0ATQCYE75PhOAhuHhsZQBmUUCj1hr0b/Qb9Lc0agS8lvYRJXEIkMDoFu5bOAZkjmrOATnu2GOAynMr/tjMqPFBYmWdIfJcGRe55pW8ulbqnxcfvlDSmLGABc+sIr50IVwsBlzxSPoZhH6Hm+7i0Vs3Ep7VM/0Bcuyvd7z9NGKJp/wWAeUrT4ccJJSt5/1HVHcYF2rs0u0JZ2KNr4hdzGafC1353jQ03UC2yzZff1Jtv5nnrxQrlm1rBjbB5pxk99zVs8hWg9y7+Y44xw7PQ7UUrZTGd95khj1E00Qe0YFHxid4UPXoOGhZ282bziVBoJgmzdkAq/ekC3nZ38SSD/oKOnZNto76uBx/Q8ndwP4IgxWOkP9EKpsMvQFYyaoXCwdOKX8yNHUZy6wCW0WMEzWeCv1ixHhMF2rAFUu+jcd0outRQTaxBCvDwAnQqHWmY0ixk/L2r4Lf9IpYBGZ89xlcqnUTXKD6wu5AfWeMU2SxmzsF1AWSA/WBUjqW5nTfTr,iv:uXbX67nw8uot2BeeeU0wMNZ+xK+gJ6Xy42jriUZ0gjQ=,tag:AkRAMlnyaxvCVAQy1a2zGw==,type:str] wireguard: arrakis_key: ENC[AES256_GCM,data:jJxltF+jMKMchavpXWKGFmFI3K/Qkgmroc68nUzYL71kKR+WFMPUzDjXW0Y=,iv:RESrP6zChCIMeDn65mu7ULvfeT5QRRX76TdyOAjE/fw=,tag:0QXp38YwTJZS8phv9ObrhQ==,type:str] black-sheep_psk: ENC[AES256_GCM,data:ZBR7CQJLBltt9lTeN16SUte0xt90oVoJfvWrdF8gVAPQgvGIp/t3i5L2+eA=,iv:ilqCFzHhjgxU7FRcj0Ymi/t53NPt8QMJD56azsNQMe4=,tag:i4TIQryxzJpGaM8KGCVXQA==,type:str] + fangorn_psk: ENC[AES256_GCM,data:Ob994Cp+CDDfg4IEVGPnf265sDXe2zS9snehBvfr87x6kGq1YnKJQzkGXx4=,iv:mNDGwyRI0T3FHbPw9Z3NX+3/PmiIXiA+C1QUYYTdENc=,tag:Hz4qSjF7EmXA5ovnGLH3sQ==,type:str] ginaz_psk: ENC[AES256_GCM,data:Iy/jyCcXl5VnSArA+Uazww/refw+Flopi2CnUgXyB/lnL6ykqawztK6KSBU=,iv:rB9eeMXqa+ZptLenJs/x9yffu4s10YwI11A1EPUHY54=,tag:1rw8SyfXyKA9IW3SUfYbTg==,type:str] homer_psk: ENC[AES256_GCM,data:JaUJEWlcEhWeT+g5J+ysQ7rHFW8bxyDiciqrwL4JH493fQNCBnIkfJXtjfg=,iv:l95W7lVeBZhS2YwWN8biyFHBlAUwP7+DrSOVAhowC+I=,tag:q+wDpSGlT3nb+88yYMNzhQ==,type:str] lilnasx_psk: ENC[AES256_GCM,data:wssUtPGQfs2Gt63Iq+QD7nQsAaua/OP0tcTmxlWFPTjPF3PzU2Y8m/76B3w=,iv:1jSwB0XkC+Gcn2JRNcaGd3hhJebmdfaF1N6PNDEdkSU=,tag:GVigw9hi66q2+q06g+WumA==,type:str] @@ -15,10 +16,6 @@ wireguard: wg1_conf: ENC[AES256_GCM,data:FeRx87Ynsku8RPJ34HX4WZbvrl0NMKQVUueYevXhZi/uxehsttjqdZyhKGG8ZZW2rYNT7PADp90NcOYRuS2bquFuU+XSK21xDC7myk9EMHtEh1t2nk8ILYV590eQVceyQCb9XNjlypI0QJEBItODg9DAGHf9WqV232zj2NcXmUEFwdQpWt3NnFo7Dku1KTmNWIQhfKL96casrHP5j7YHASlbLC5xmieZ8IPasfozPCDwQJMxdA5PH5rr7DEcjIrOgYSqa7G9VcPWlBfiuyEI0MZVYhF2pl4P57LVZNDRf8XamOcsphnRfgr6JYArxrHl3H5r4Nbcz3I09W8rrw==,iv:qAB6GAKDLg4P0g+5cRPcOWS2DvW7dcMJp7Fb4hDArfo=,tag:cacQeEAR7gjA/40Msuh/8g==,type:str] wpa_supplicant: ENC[AES256_GCM,data:HHs6g3qaaeinVGgteExQvhE0CEC94WjJ0tV7pyI=,iv:6F+DYHieaWWo+V1F9yjwWT7PcdiIpH48nv1SUrFHePk=,tag:cpimCP+YNmCI+t+wpuXwHg==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - recipient: age1mkqxkwse7hrnxtcgqe0wdzhhrxk55syx2wpcngemecz0d7hugsnqupw3de enc: | @@ -38,8 +35,7 @@ sops: ejRLb2Vkd1B3QmxLSE1wUzgrazZJT0UKz1IQxYm7hagYtBsWTpk+f6/79ArRUgNL MfhHMQAwuuXjBSmuFolyU3UoWnDYK6uGAv5nlTJxESqj5eQBafItSw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-03-18T20:40:33Z" - mac: ENC[AES256_GCM,data:QTqow9+HbTDkMAfsVsiTIyac9xEU7kb+2z1u2oagUauCvtnCphCF0O+NzPwmOcFxhGn28AZ+K9EeKC5XGKcRI/bYY7wLhaz4DZVhYqTu2JSJ+2XweJOEA7JjgGa2rSEi8KTEe2adCHvf1zwyq1nmyFroJCqT5azvp91o11XwVZA=,iv:/WBKPz2TMw1S7+OVRpA5dPHNr7x18oi0NWXh3RcWOvM=,tag:bdfp9WF8X8FXFXjjaYpdKg==,type:str] - pgp: [] + lastmodified: "2025-06-05T17:59:42Z" + mac: ENC[AES256_GCM,data:K5w8k35R8wKpo/RS4eC5DyXcTdrxg4k0prBphXwMn8+oi/8/L6XYVUmhh6ftp2R4tMcV+Qvm1woMiBZaFJ71v5a1RytjxnIjNrDvGUYVq/Rcz4Owm5Zx5qSD5UvgleVxC2k26LciukJ4O+ZcC07kKMBt/NJeYNNh/oov74AENyw=,iv:COQg/3qEYjFITHFqThsQuimN7R8hp/GEChkOXb3MNVI=,tag:nHmO+hn1fTVqDtlnMuLzsQ==,type:str] unencrypted_suffix: _unencrypted - version: 3.9.4 + version: 3.10.2 diff --git a/hosts/secrets/caladan.yaml b/hosts/secrets/caladan.yaml new file mode 100644 index 0000000..dbbf048 --- /dev/null +++ b/hosts/secrets/caladan.yaml @@ -0,0 +1,29 @@ +nftables: + ssh: ENC[AES256_GCM,data:BTUQjgRlGhk3+p2uYAyN2X59YzYeBzSuMJ7MZ5Aaugrm360+OTejUHzUYcrqLVomFLe30uF5puXVKQGeCd2RIxQhyxHGPQ4liI4RwhYE2JAtGlAxoZCoHKSew3Rqpk5+fQgkJ4xGwFDyTa4KOKOYXKknrCkLOUc7jYXhGAfwopAMfGqsUFgFJVkJ+zIs5PCNAxZeneXGffb3tjdC17jh2gLdydmhCINUpn/CGKtta7aDqPD0yg1fHeHTd4jhkin0PoemGlBm4IVSv4FHK/P39dhSR27GRb/hqxxrkZyHK9uqx3REEbHGWWGjok2peVpLVMbKIxKU7yEYYJL5zq5/vnb7RsP1+Qrk3Z9ho83qUgOhXYoJVV2c0UrrZ2KKOojOakmkzgwK/FFBhpMu2JHzF5Qf5ngE/CXnOrdutw9ChXUarCUsbMFXDRIP+AgwqsCgOSSPTOgAfyKAkqUqOw0+cR9GhvEVpe6fxIAQf9s6vjYrFCUorsP/z6vDzkLu8Fodd/fkxIY5+nix18r5lrP8JU2LCIfpH3iPE62KgPZnFtUCs+blsgOh1+3ypw/zWB414hQYaEatoXgfUW13xwHdDuyQJBKjCm0QFenzisojfIDr6seDIYKoi0jnot0jU+4n6sCBdMP/xghscn+6oNUIQ22aWGeMVfGOkORIsJkCYHHLRIZ6axvRr1J7rRl1J7NaB1i0m26POe2XxjNrmQ4dE6FIN3ho/1ETv6JX40+95SU/F5skth6MeHwueOLHo5orJsSjYtttYYqL5FqPM6Pz3EQqAh2/bxuKKtDznVCZJgTx8X5cwdjw2uCBNxXnhPE2iRL4wE/udI6B5QOz2nAHYt4mR0QuRARvtbSbVZI6cCd5CVBfqo6DZbXF96PH0Ghgtrt9ZNGxJrKoljBmeogY2fgNpow3nmmoFoEoACxo8+eJp1AH9+Ma88xO0Eoq/jdNFfxkhpBdulDeRdHsf13tH85xqWk5lc2U6HNyqomF1wOWUcpoJf2vfBmA3y/JI2bsLW37OjciRLH4KAbyp2QPZhdILdQRgWTDkrWolzZ3ZW2kiM10q/8PtM/R/Ih2PggVKptJiUM1KFx8R5+dfTzi4sBNiBM74rUu385cuxo8f1opGT1biGBq9qh4t2p81yLeRQOm7iXvtoAE/BEJdlOXBgooXSK76R+tz/0JeQMuD2khbCrDHlY/35a/VphygPSAV5ztJWoHpo6cYezs4yWOotB63YnAWJktdMkNHzsGD1tWYr95u4+OMqWtMogvICyVD3HZlTy6NYlrOeHwthOW8yndpnFhXLh8PgKjyZ/bTH3QUSCmWuPowEMJ4mecWDYYneQYF2wr8hXYRkUlY3AogkNf6rJkMlXzkHxlK+wy4pF6KfaTMsGYIKiSczl+uGYJ/HWxSNeQXzIq0s9/POTs0IoeMdJehrFLQQyslKuxfOZgei7m0KT8nEaRMHQxc2mCBbLIah3ldWip+FOj4ASRDOXAFhKNyj8a+TLx+TrVXAFLOK4PrmaCpgp5IQyfHTYlYTgZlvXB+MywDUo34FKMA4InHRslTv3qpg/qQa9jRrqs0xhrvXJ7UDxOImHl5zxHwHUw/ltJEh+q63Y7DkNWrD5oB7gQKF2z70mJae13DgYzl8ADK0nQG4oR5sKdaH3O1Z+MWwP2+XpafLeWy8nvG7wKOekXR+cxajhN7B/fyTHYI8BHkYaVXyoLU3kUnwAuFfEDRxFj+ESWR3L6qRY1OPOl71fuGcaifKLkr6IM8TJ5x6/ffoGOHeS42aZZ/eKK23BlRMTchVts9whiPgyjTdn2o44MdIASZXeohPdnuIbfptxSH+gdTc0NWZnEtwsYMPPGovQ6sZQ5UHtDypQ96OlRS3xjFTKTYgDJsUQxieAzENjAEdghZArf4Sh4OVqdDiDUzP2YkXhPooPnkq4vhhWld0/zQMkjvlT+GKbNux82KXu6WTXG+YqyQ5KCNcZ8z+wvHlzAFoSK9/Nw+oXS+jpLUbjqbAJ09vEG6fqnA7EjLXSDDv+p8Wcn473Yz9wKp0G+PhVCQHld/FITB0+AoD0FWN7RxZx0T72YDn2vd+xpZ4Hc6MaLlseeWaLOBxe/Si2lPhwFG9ZWWwkzTnMyPd87iRgxP0w/w5NxyyY2IQOqN0EtR0+dFzBJuZfcBMuVe3gUzNhnhFO9nt+MynzVxsCij1Ez5NDCrmF0bpr/TCaiWVt/UuvoB0fQLSMawZ0eRC3BfiGD2L6lmoTv5i2bY997OWYAt7y/ajchk8UlYqJDQ5nM8OdQ4MW6BEKf6/j4MA1l7CsactHDpJwPStX90BGff7WCkx+eZ5XaCza+DE/NILD02XUfRqfYnvSW+9WzMtUEfvou9J79i4iPAsezsGkfI8ZCsg5dCVclA2mbQYqT8+3dY++5ICpvk1r0xyeBGAoThJlbWC2m0o4OmhrGMJwz7iX8uEPVEfwDlLsHVTdmrLirdKUhq2KfwjvARsjPDkCdRQf+uZsI2X5Wdl2yZFa/TdSshbfCsKEK0SsShdyUt7O5aqCjze73KahteWapZqnes4xrrKFQamHo/e1t1lxwVDO66EVhl23jZZZ6B5TdydTnAXoDiONOhm+zfF3mD6JhJrMc1v5fVFA3Eedif5hkwj+CiHSTaN3UERRf6rFb1VFCk7pbsc0xaqvTURJb6Mq1Kom8cmn3oOMJEBRJZLZS9cAawNbMlXJ+AxL4swxTAyl72Rdm1MYRPMxahBmi1OWuUdNXogpHnsy88Ri4Z83TcH79dub5dQCfN3hYDv8HsDpRJwqgHZwK4+Q4PRRa5yyxK3aUYOxRN1jQ0L4F2SaZt26I/j9eS7J4loY4o77Zt0tMzBCFLLV/1qje4xKF/dTzIw+kwJfRWCtZgTN+RL5lINHWTj5t4HVznkMZWk6pS5xexHyX11zu2TsZbEcF0aTbL9ByPJSrOgs0FVyPTajYTMpqRkjz4ZlYzOKwMVDnh/suj13YyC+gECXV8kpgh8CENEc3UhlOgvGrwF5j2O7hwkt0V0tBWNjxwK85/JWUUgR+UrsGTuziUClz3x+duu9+2t4QUjE3e3U6CS9/IEP7B76GxePO/jCf2+tp9MBCT6E2WiLav6X4cnksNcP0k4QNEKe3zBCOpQxBOBnnLe0f3w==,iv:UY/efikTAvIUfcciypnngPj7PhGjccoIeXRyew2Ft0s=,tag:QnYxLwkV9Oo9ETWAqIKNyg==,type:str] +nix-access-token-github: ENC[AES256_GCM,data:9+Yal5PsrtrQmpEmYp48dUs8i6U+ZBl2fm3WMz0ElKbFm8HvWaANgpxNoVUChj/GejqRtmJVkUR11m75Gh/Y4RhRa40=,iv:xffltN4QMFPCIUdVBA+ZzZJwMV1aiR+ZalGEUM6zxb4=,tag:nmM4RpKfFonvGgOMVeT9rg==,type:str] +ssh_config: ENC[AES256_GCM,data:zlEJ00GNq3WScqJ7hFTx4YLfTaEuN+GZF6HKew1vshX2nwqsRQMpumyIgPisl/WqPbTUCU13qAvwTbmN0vGna3WFA376GVAHIN+TzTWGdcaVzgI8wJF3c26k0GpYDvgsxW0QNR9BhHJvEE7ox6o/chPXUNS7Q4AwvD1YuOgQZc2kdBYC5zOZ6Z2/qPOLmVesn9+jbFBGfHNxCu/Vq1wXfCFhZ7+hY27R+BYmGc3uUPYrQ40WZgbLzBpkndxhh7dE7KlYFavJtaaRhnaN7i7/30xyO6IGBpuHBUxnryVwgCUx42fXjYMVe6tfYXsKYAbVhjgrJSwOB5Uf8W7gekr1qSRStROZC/Vnh2Enz3PwWYjXViyrWEpw9jXR3w8rCIQ0NJQXwvsRyEipujxmbs9MhywW7x8zC6txjg4Nd5gBNuaEsg4e82ARic65RQ6q8tvgLQj6ghR53nXA+GFv6ybbDgRuL27ki9wWHCy1oYOS1D58So3+ABAKzxayk6Eo3sQeBHO9bKVCZWwWYwuWtknKWf8HoedVhMUiimJ9MdgQsNEEuKL7g1OTSt+25KDBcnuUqh7fYbNi0AB4kiGTSrExQ7zzTIkKiDO3j0yL3M+lC8WoeBpYfmpuTWcVSYHmjQn8ggybdbEWRY/pdiRNChG11IHGZpS1v1hM5Dw05oGFFciCwOBFS7EQpetOYlKT9wl4Kof3cpqfQUE7q4AHSMkSWZX/t6xCFRv2V6jhSwSpvcf+CMGu+s+ND/kEjKpo/+HiyNp5GhyD6h1oPc+G3x78YVx1WI+wuzMccSp0,iv:8EtrGsi86BhlCrn5kNZSbvIq/D6RBjJ1AAt8x3x6Pns=,tag:OB8azq3ZWpMIZDMQp+ry3w==,type:str] +wpa_supplicant: ENC[AES256_GCM,data:UtDgnfUMvMyDeYLhOTvLYRj6Wm7uX9rm6Iuxg5o=,iv:lidCvrXwm3gCg7eTCLtOyyooDF+9eZ3bYdmK7cx9NAM=,tag:VpLfKf5onTg087n5ZeuWqA==,type:str] +sops: + age: + - recipient: age1rpjhlmc9sf3kcagg2fq4850vcxnvhmrrfggs30jckffjxxr89smsukj0f3 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDRWR2MUxlYmlXaFpsN2c4 + dU51ajY0czg5QmtDOU40YnByV0VWbUpzb2xRCnUwK3Zra0NrWWRybC9TNmt3cVVD + ejhza3Mvay8zNUlPVUJjSkUxQzAzd00KLS0tIEtqNCsvKzR2eXNIVTRvRWZVT0g4 + a3NMZC9xYlRlc2RxU1h6Q3VCUi80TkEKSCs6Y4l0McbmNmN1JX/B4xlk3kCpzUxH + vXCmtdm6ab6xYjPfRXvci9Z3Pxibi+s4hchiUi9EMRJk1YfXrOzbwg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1a9gp70y8576pkvklz2arz6h9ecnrjeue2vvh9mvvk92z4ymqrg4qdqm9va + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwdVNLSkNXQUNpeXVMVkhY + RHlMOVlSb2xnOFJnUTYwTHg4aVlEb3VDRWdBCkIrSXZGZHdYUVhlTU40Z29ROUd0 + ZVhCMzAwNVZ6UDVvOWU5RXYyaW9kVFUKLS0tIFZhcG90VzI1TnFEY0Q3ejB6SUJH + enMwY2xGMkRBNU1jenp5MWhBY1NmSkEKK8cpEKoyOQLEyA3TUqaRprTxbJH7lhur + E2V8leAbO4FLR7Qp3+9ymK1HIO/lcynktLlBHZtJLc+IrmyUguxqeA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-06-05T18:00:15Z" + mac: ENC[AES256_GCM,data:JKzxSGzEPIM7z5QfGZgZBXNUTvLOmP5Krkjt5CCt91MdlLJtksVjMzcMEE4hu+3maLXR0UsXn4W2K6IkMmyo8nU7vHhg/n40WIgeX0J8e7nx51VymJAsiisdijGtPbVovdK2qLjU7CRoKypfDNiV9dYLPbyzpNFKyCDdpbnBJ+4=,iv:MCRxJ6QsNWSfblgtIkJhnqap/qFg1OYzXHUYP137ihw=,tag:szwCMpyn2sWm15BJR16GeQ==,type:str] + unencrypted_suffix: _unencrypted + version: 3.10.2 diff --git a/hosts/secrets/darkstar.yaml b/hosts/secrets/darkstar.yaml index 37b53ce..28f24bd 100644 --- a/hosts/secrets/darkstar.yaml +++ b/hosts/secrets/darkstar.yaml @@ -6,11 +6,8 @@ nftables: forward: ENC[AES256_GCM,data:F32GGcjkvsha6rjTanGdkAB9h3fkzqkniXFzrjfvmh5tUjBckEm/L3L82olRzwRVCN/9SiC8+6wRiGnU1aItPtFkyJlA7pNORLHitVIKTyyKNSMLjEsWpt1v94UTRhNWC628Vc22XDULY2POfdSGLr38ynpL3fpUSJkFvhhwx8FjprzvogGDZ+NSaSKaqD04t9kbdGlefGoLNo1gqdutRbN7clqJnMN/Ip5hS0u7o2bDTQ7qmBFFGwAIwFUpyO1nGFl1c0D04GzFGedwm8Yl9on6mFG+8SfZvR5nxyv0tG/Zwb6OVrWiFv0LYYzE5064AM7K10A16E6as3t4R416sSpmWLFTHMWPzMICfXSAiEU5yQBYeVzmTAzrZzhJZgYjBls2C3DvgjwcVVfGUD3S6iwUNQBgfgh8FKmD6W0OhismnFFcte6yIo4mvwkldhT24hZqyHBg3m+wNetYybsCO+ivf1e81a7vA0GLcv5cL72B55vl7X/pYeiIgIln9Z92+T3/2YRnz5f0IHFkR9/tCi8oapyFmQirU739QCuuWWmoKP7d3cA5NyiofUCbPhO8QYN2d2xb35cNg1US1IexHBO1MV2mJPelnj1K3qCdmpIqEULlWkFKXkg1ssjW9ia7sNSFMxE6302Fu08Whnv4t7uOx/Movr10pLGuRYwO1nA09hK2gKaEmsIZ7UP0tiCAuvl/5vVCelNvIGAgCHRiVoA3GpfpI+LF/YXPwNeyWJANqwOdjl9pOQamVsUJbO/YGVthwVg7dLQNChGcArGPCBOm/aTVxiWiFmbPTRo93jVf7ovPUlhoqKIuhWKxlz15025Gzbm6Re0kDY3fZG4FKMXgaXDgNwgSr0wdCQUMmstgyOIRUao4k7qrnaiaXhtUmK2jlYjsZDvs8Uq9CILU4y/FYB4Z4I5cn1dazjMcNOLjX9Mtg9cfTyNrTZmu3TCze5694hU7O978CUZU5vrK5mzgusE5P9tDpi7RvLLZr/1+2N/V14wAmhJDAPygkgfAuN4IOn2h/P0TJ6jqLzP9p+iOfEhTVRxrx2veVE4+wi2pNY5GHSp/FXFtdCDEMSUc3wzNDDrOurFa4wNK8/0xhgsAnjyc+OlvL1Yf9sPgLJ+XJjDxmdfBeCHGkTK7TtXM93pzj9Vdto3dq66RPUz2FwJJ4xSq0SFOUaNHEC5p6Sg1rZnGvaUpfr9+G6C8rsk0z5wP6f6lOkLwXagKgQ7oAsJXB+hKV6yOLL0TYz8IWds7pHdhXYJtEQ3TeI32X1M0md1X/13Lq+m2XH049+/V/HI3cA9X6wj+t8nzKYqbnGIUwXr1f8WfRAPqJhLBl5zdI/PKtmrPMqmN5iiUrtYGSzzLgZOWHCJuvo2f2X+2ynyACY0lWG3DNFRh4aDzP+LaeY1+mZbvCaopEb7Uc7YUbJ3oyq+eeb7+mgb7lhjpe1kC7GtpdtRwTvIMMrQUXcngkyWFO26vYM8QPMRVIIWcdeSBk0qmF+t1oJBaaGVji4G9PvUCcpHXDoyao0FNfkcr606ELMMrBFPE7DVGU81M6+57NtjSAfh8KLuhKA1cQQU3U0ciSM1w1e/t73b9xmKGVShlTbm5yPmM9I7en6PV3aH5SpZv6LMovmp/PBl9r6ZWUg4tTU2iCj09cWlUjxaXX5h7AxUW7jA2ypsUOn7dgkCPFwr5gv+mfvkmeYGCtijusp9GMuAvL4Wp7Lg9SZC1/k0ocI3buLRbmAji69j+du4no8o+Vy7OHNqcnbtg/Qlnp65lRI4/Z+Bg0OZ18rSYJYM7BavNYHyxVgKDHo+5ypM6s0yigCpq6naI4A/kr1i3ST3rl6IFQQLhWjeH/FS9Ay34RGO8nk/62Htx4cTrmGUnr1VgLrtdBiHj2YkeJDa0/nfM1sI+EPv4tM9GOlMQU6OysJhBzWhHTqEQxVgUQhcacYv2OiOH7I4Az2TTxNnAjOiWY9TuazRiVeJlpTjCkiQfSdGgW4hD2nRbAQZ5X9LrQKZpI5Q5wXwI1lapmjW4m0t8cnEVXgxE5Gn1uH5TQpzzIpSIVRJjWvEeQP+EuotWjYCdx/1tj5PnYs3aiV2Us9QmTMAI2euNQ6DpNTFFpiFONSPDBzZ/IANPKWWFVDeMzBZKdllleUl5VYCWaTEd9JrbjRx/u9YrYlBDl5Xo/DCYJIoUFmusCdh1UfI9y64XYsPxrPNxrF+upisE9vxG/BRTDgxLBOenB3A5/Suba7RfHI0LBHVhO2ijJr3Nh0T/78ecnTE+1zBI41TtN8Y/2MGbs20ZSZtDFy27mf+YQLpYKFpXEOEdoTy51kVW2jn953x1lbNgwV+DWRPf25TNP+dFTZH+z4/Mv6F4RCyYS+VJL5SfGah76GpMxYodmE2iBbXyfUeUxKAeool7EZ6cIvhtwLaJuaUhvjKLd6ateSzAaAKbFVpdsgP7iSJd15YyTKmb,iv:lX4dz+VArj+I9yhy4tahlz8cNvnc/eDs69pKRbIWeEg=,tag:px+HxZRAHlKQA32KJJZwaA==,type:str] ssh: ENC[AES256_GCM,data:RA14V9O3PcGOoCfgj4nCILtwc4ER/hPC5HBzz91WhNHmUKzOlxy4zso6HSmSz6sMFBK7J77r3MO+6JKw8eNeHmx9fDDcboHFPcL1PQfYAJE6LNBS0e9d00Mi3k67DdNJZE4F/yOCGIrducvlCsJl/8S4zMMI9Ktum2sJFdkw0INgXoPVPSAQ6nyO5KKcboVtxeKc64RtcBZoO2CCSLhEdVJnE9AXB+l1Pk1926f2XHlS3Ci/Jh/uAwM/4uAeldQ2r3gRuzq9H3SIAgSNZhlJIVr9VDU9kZ28dNpDYhhdOrle1W1drj+9viJ6eeIxykhzZ/8kX34xik4UiMxW9vGO/VpdEdE1XRMqEIRp5L2ADBNCImbXEN5fbRo8+FlL9H+aAFDjBtxxalcSSqApYac6NcM7msF8Lewj4ED8FYXEsEIX7qA8XbVzJuFFYHhRWA6Lt+Gp9Kn6aaxZMF4fl7u35BFPggi1vwsb42la+yQAizk5x0t+fCCX5D8XRHmfCZYX6AYJeQhfzHETuSUu6p4asmhlx+8cJLtjMkkBc8lDscdK7NcuhPm3QzjQt3H7wAHQBzWrxStvBC77K2d3Xf/C6VERUdDvLK1El1oZAl9UmnxAK35kUqAKHHE2xheHQcw1rhy1D0dsX/rQLovTpPdczd/vqpkcJxHk0nH3rddySiyOaWsdoQ3DhpdX7h4PNTwcFJGVzbVR7+9pCnTJ4DTbc9H9G9xiX0vPef4cBuJQPXG8Bc+kMXOpV9uKt9KRoNtPG2M4IZvtaZNiS8qYB0LTjdHiY3C3NYvDc0pkDAIxDjP9TERWxuBCUlscmbXLAxDqB4zO6LBm9yVhMWxYyim5gH24UGD9D2g1piFGXKiSb4dXbrnxoRe/JoLITdWOOEkabVxqJr4KQF07MjTg1JNO3fPLMI6azElQSUj+2ZAy5dqPggg5xw8+h6yp7ZLh3zXaTlSroL+yA4BH8BjVuEa+jl9xqexKgB7zeHb6VhWmtONsffvQtk/kVucDwmXOiOnma1+pj6COoMur2e8bEK3Scap/k+B1b8D9SWMEXi61HxpEtHn6XH5DEdq7Pb12zs2FQEE4QvuaTIscMlvwrsMHkwW7WtkCj2sQFIuUAL4ayyccx+QomhB/hxWKZE83SztNfiAqTWAOaL0XfX3+4qgsehfEkdaUl3FCZvuObPPxIUcYu5Crl54O8B5fbOQE0dcvxMpuxVM6kt3O/jcmj/eri4NPmghBohGSrcJpZ3CUMjWbOJG3A2GFQWztFobkRW9N0K1Fg8UYzKr/lhzlPKiB72D7flghX1yMYfefOnD7vClPUY7oFmnf6sD0qYmZK49SGR6+b7z1bBaskaqhEx3zB214DvOxKGeiPuMVmXk3h7bGqJQ+ejiRcfQHMr1dpFCEMurTmoHwJPwB9fetOpaA0RAEr4pP0QKt8iuTT8MCZi3KBXaiPhZYtdyR5Ka9DETlmBoSeYgyzNht2bCf9nTLn0AJDGZNcZH/NUoy4kLFrhQ18mDIvKHCaALWabp5SnyASQRI/qIkE1DTH8JSkSrr2edz1Ag0SbTMhXsVuHUy3jPuFkNb1SBJxlXmvjHSny7gAr9HVVG2ClRzGtVOXiFHyYguNbmP1F8uqDvabbx8FvAGCEZeARFWQI4iFCe37rYjJE62byilC5LMBCQ5l4/kOYHVgPivPzV8qkZV8B8dQBvMjIvBOgQNvljqagDu0C66rZOTj9G16FDfYDRcdApL0xraAs/O8EgQWxzlB9cQPJmjecAVlF1wsqIbIDODKtTRY4dMYqKfhLoeCV4kPb4WjvoaLxBgbsrJylZKULkO+xbBCvvFhnFNQDOVFPe2ZhEwcx4Ji6j8GZhhyv2LsOdQcXGLgyTr7YM3z/M9DdlCKqlFolA6tod6+9CdUkhFfL7y2vBV3pyEHwyTwWMy5UQIprwm2Ht2RxejhpUcfVydjT/ISJ+aNMy+nq11rrQOlDFsF/E/Db0ngUbORNezWX5n8bqDxModmDLTwYwYT8qu4jruw/WMY1iEZPZzZE8xywRoKCzqN2KweUdEkv+Px6rxtOnNIkPtJxyq4I2L7/oJcaGU40e87KXhhm68qIajboyPM30WInOcGAcG5LwWlyrxwCpthDEcnNlXXghx9izXyqpw7s8hP0qsmRDeESckqn1KUfs98Jkbfg54nEdIT+JcHm0PjvqIHJB61IGWwN4l3SQXY5SKuUb7hSMItKC/FlDKWL5yk5qO55SlYfz0mrD/7Fqk9uFRzP94mswYh8uOkCHBC+WxL4/ashBZOPFZ+WErBAyDgV0LvdiEBN1zpJlAegDozPNXpOzG3rb7QcBr7kwkiHBtD6q7dhBZ51XKPcJPRjkFXDR9Rbj50k6wQHznuDNMA9lI42a6rFN3mr3G8h6mvD67x7b83IxwtLaf7Y0Nb04m/37sCJM1TbjP6jXvD0BdIAdbLc7Qk3K8F2cSIfNH/O7JI9WTvXxxOKtPdpRnnrOURpr4PnXEdJJ1ErujfCPPvFkr0BjpR1Xv2LYKmWISx2OblJnx/MAwECBacN69SX5qnJlaP1Mn769lR5quhAaBCpq0LmHSB1jqF5ap33VKHcB9EHs2ActJHMyn6GxRXSYudw==,iv:iE3MNeQkraGC3qvhP2CtVQv24XVzUQMJZuPa1JxlN9E=,tag:wU1dIUj/HoWD/QPHqHxcDg==,type:str] nix-access-token-github: ENC[AES256_GCM,data:CWFmo1vx9xGrsickiHtAehg7CLhDrV69yG9Ngca66ecsAeLKU32CDvL+3/9UTOA7lrHe88q0GOXMmbCfSDFA4M0sZWo=,iv:yfQzZ5qmKkkpL6T6I79HGByyt8nhdYnxR6D7DvKFaNU=,tag:WGg9oSbmZcy+3BAFTyf1vQ==,type:str] +ssh_config: ENC[AES256_GCM,data:7ZdTQR//YDvkfld0ewzK1mlMwxmdnH1Cuxo1JVtTBF7DOnx5o6tUkQS/sX30BzNqew59pN6lPbYToZOx1MVB9HCHUpNGiSu41RlNO22j0ihTHVleOk4/IqsfFKhrmpHlYoVXvPQm2803qRF3x8AAnR81AoBpdc5agD8Jqmpm8ISkBL+IPqL9LJN7IopMn3iBm1k2xz8Gml8E3VY4i7U4qxIaWVJLGNDXd0uxGIpjO/of+nL3ySIYGxoAzp7zX6lhyt5BOIkSpJoPJPI7QjlPOvGmLnpj4+RTFwIamYHzwQaAD+T6MyvO/40SzGVxvvWNvfz49UmO5s/wWMdYwRqMMQQniztDMwJ2cB7/YjWzJFP1H7H3VCxl1Lfz7CiYkMynFVWSNnoFuK//ii9WSHuXohgzyRjt2D1CGaWB4ufKM31Dfj0vYAq+NGcwl7PQRknP9uudRDj5/+Uw+cZcpDozZO39vJVTI45RHrtRTAeXZqMyeT9V14+2/QyzE9MRovr11ermAp4HivCd6/diodeEUERoJ4YSwafYMgNbx56dnbZ6CrsJZ91K3/j/l9Nq0JfLkYdWcR8pjJ+8MP7j1AGlzHgWha+DPMK7YULA5NaSBcOVt5WgObqmO3w6Uq2UWCkA/evXejH3hxn8lZqsJIRTayDwJB/ea1FrS0ryTuWTK+IT3PvFpKIFFKKJ6aRaATc2im7zcePikV3R6EETLe4mB7YgSGXCkMlM6q97myFKnOv+9lwVsd9elszWsapgThPqm89uWMUGrQEEW0ZlZi8VlfXU72SqGARengUIkOA=,iv:+535dLYm/zY5HIeXbpLaeMV/sx6b5BNV16VZApPIt48=,tag:zE2yzu1Nl3Cbqd1JdvmZWA==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - recipient: age1z6g6etwcer433v97lwjrruetdh9fswkgjh9w702wzdc2ydvy5q8ssrfy9r enc: | @@ -30,8 +27,7 @@ sops: ZTdpV09qUVZGK3FjTWRITFp5TGZFUkUK1E9IN+SyTV0r9l1bd+2z7zrsp/7VxCyG tEWZp8LmfkGEunspv6iDyxKbYxWqNqJxZuSVeMD4ZMx6YLwHfW797w== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-11-12T22:11:05Z" - mac: ENC[AES256_GCM,data:YgCiqSbW2qMrGM3SYO7F4xcgrdRaBcaLj8r53i9Nu5D75l7fA+qKTc89XCpNXlFMv15LHT3kKjfXqsH2Cyn8RyPvrHHd/Hnqa7paQPrcpQIRcpP8QTMCBNFJvzpaXUozwb3fpx1xY63Ydw/TDv1/PQBEJWzp9k/MDiTSZYOba+Q=,iv:9w88jxstxmvIScgCUtgl1hPkr/j76Rked3Kv9fhZQJ4=,tag:UvfTXI222OFtIqex+0mdhw==,type:str] - pgp: [] + lastmodified: "2025-06-05T18:00:42Z" + mac: ENC[AES256_GCM,data:huVLLX8pwCyI+scHY2h6tQ5AyaKw0JbZ1/Z/CjrhaRqhJjQxYwZolGqXqVbaUIh6gjDF227KipgkcotlzYI6cl2p7keI6IO9cDzs032+JTk/bctU6FX7oASEHmD1aSJSL5TU2FnxkcM5cYZdbYsB/gG7LegTvWhfKpKIxiAH5xY=,iv:XGrWx3Myw/ymt5XFKHJiTN3TLSI/aP3lFgnV9dnT2v0=,tag:wBS840QinxxXYZ8pk3ZLXA==,type:str] unencrypted_suffix: _unencrypted - version: 3.9.1 + version: 3.10.2 diff --git a/hosts/secrets/fangorn.yaml b/hosts/secrets/fangorn.yaml new file mode 100644 index 0000000..dd5ab96 --- /dev/null +++ b/hosts/secrets/fangorn.yaml @@ -0,0 +1,25 @@ +nix-access-token-github: ENC[AES256_GCM,data:5VERSDp1ROol58nG80J+84fBB7k8GyFd46U/D2+zW1iVV12Y+IbJf9SNuR0Wca1qOxR4v6qRZjkTOL/d72SwBCGfmkA=,iv:qn8u70EGF/2H7tQO86rLNQVPeoTuk9eyn0SFwrHpHRs=,tag:bPGqZUavVXzmZZGrMUkveQ==,type:str] +sops: + age: + - recipient: age15yqlem4d5h4mz808j72ccd8mrdu4p8hyal2k988jdcmtqrns23xq80896d + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUcWdVV0hNMlJSTnRPV1lu + WnRNalM4cjA2bUdYclRxcmFGSTVjMEYrV1FJClB6NGsrcnlpWDJWK1M1ZmtDbE54 + SmhwZk5VUTJGSWVEbkVXMkRydEJ2cWMKLS0tIGVBb3BBRnExd25FblNOR1FLWWF6 + NUU0cjAzOW1nblJ6SEZjN3NpZFJpRDQKwIG60pc821BmWTymHeyY1SSLy6jpFowN + 2AuzBldfk9Tm3g/bfcXV8Af/YQMX53xrYawUQiDALOHNAj7smZWvRw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1a9gp70y8576pkvklz2arz6h9ecnrjeue2vvh9mvvk92z4ymqrg4qdqm9va + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzZjFkcUxxM0VsV2RFSjhv + d0FyKzBZTllGTnRLL1d5NmNBT0R3b2dhZ1M4CkVEOTJ5SUpDVUF3N0hJWEtOL2xP + eVFnNkJST2R0U1RDZ1pOdTlGUzF3UzAKLS0tIEUydVcyMmFlMEpXemNKcnJsYS9V + M3F3blQ1dGxoWml5WEc1R0ZjblN3bkUK0+9zLdJi4u9JE3ijbP/SVNPqe6tXBcqw + gS+N2V47O63fjGM/VSXMywrB5aatwU9xUW5+A68qwgHCXTcHYGiHvA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-04-14T19:53:57Z" + mac: ENC[AES256_GCM,data:JlVFa18N4w+y4RIK5GG8XspsW6BL9U7IpU6IEpG3u4R+h/3UpLFvVqOE+sK4zdUaDNajHk0Hc3oE2RRsTaf0MUif2utqSpT1y7fqaVBj6LBrqH7pu3KNRnktfLb/VOyovAj6yT1Rmko1YtcKw6ZPu4r9t/Vi5FAZP1+3qLmWyv4=,iv:e9z7vP2W4AWACCEDto1eY2i0PwD4l6W3c6+KWcduwZw=,tag:LQoyet3sJKh4bpn+FE40Yw==,type:str] + unencrypted_suffix: _unencrypted + version: 3.10.1 diff --git a/hosts/secrets/ginaz.yaml b/hosts/secrets/ginaz.yaml index 5c59d9d..069d445 100644 --- a/hosts/secrets/ginaz.yaml +++ b/hosts/secrets/ginaz.yaml @@ -1,12 +1,8 @@ nftables: ssh: ENC[AES256_GCM,data:mGh0TM88dWZfymF7+Xt896POHOqoDrcsicncILYFRA5DBw3AjnaaG28Da+qcJ7/VrXGFVIRm4b8L+QeTJ9Uk/h1VEYUpmaPdqY4yaK9CPTDqKmLSLsTgrIvzbUjxJ062+KOx1ovGlLqpZnkiSgHyY2h7uYbxPnq+fvrboPRoxwZiIc8UQTs7KFsQolZPka5It5kXsa6mYdaCKYp36ypTCmD1dCnkneveiYxDg/58O9UJLSbMV7vbB2020B6ga8PsG/5UbFGMzOlktejgqgfr3ZQlU+A8E8Oh4S9uweDEBsg8W+XIDH3pV7qYflkUqCctunzUNdn94RtasAiBkLd5RIV23hiII4NbPnxke3jOtO/OElmU9WxXcIHX/obZ8pPnTZYNeeNxeubkph0KJJE0DKnEKFwetF0J4wnxj90R1hxAFYLXBOYEzVANuC8bVuVw0M0GB6yRzKbxA1uxeUAbq1njBurDfVAZwUh4y551YYTJJxRq+4VPDikkE7X35smRYgRzckxhWnNvg1mggcI+ZUuGkp9XYjHOwifumib1i95xeXAD5aIiS3GTTTFPLajOlbJhdU9RHA/6WY98PEJmU4sybWS1REMkI3LfxjibLACds9B3NQYpbwIrYu4WdLrio5eQp8ifAUv1nMQAfJDYX+Vd1TEAqcv01kWiad2FVrNSy1CVphGfTHHgOfk+P/UpLMnC/OmbvTrc74wgmBVdvnMkOca4JvT94d8VtiriJ8vr8l2xOqA8A0sjph8ucInZ7GXIV91fePwFH50kYHQE7a0sSTtGMvzKjRg2/7VtgubY8tNSUO/u5FNXKbPYBwhYKB8DXI5G1m9otPa9PeobeLsLcovRyqfVhqzAIw0htQYvHHC6RZwkHptAa3RcxeB0+dj4IxB7yzayWCcNVcQHdJ+bSB897hgo5c/k26+TnYhz97STlS+/pf4h0To4JnS/+67nFqHMoRUTlmL70JAxkkwvjg+5T76+pFQFB3cPRZF48fiBo2NhpF0PWiSUB9uEIKjfyq5mwQ9tEHDTjv25V8qxcpQitu4W8ydO7L+5ovln68oPaZC5vSe21m4p7msDtg27Y6GLHTVCdFFSi9CmXgb3JCawLWDXkVMpMch1bFYcsOOumYZjBsmosK0Yi4zCZAreSJ6O8pakyjfG/T81a8wPySEjin6NGLj5rEo04YqXqIEoG5hCNQz1WIIsqfeeVZYMhQ2e5jlxqATbvnq8y4dVfP9riuUA1YAYmmwrwTw3OEnhShxtyl49s5FctmPxCPEoskzpQ1rvv45xDyvKN1QrlInu1O/TXPddpbs1eFRiyPBV+rzAwW5ULlsxy5letfqkQZiKMZ0bVIdpgJaTeKeCrZeg5khsRpxf7CIWhCRftzrVaesZKM3YGYGmlOO4FALQbg0vXQlJQBCidNVgtG8v0n/b0TCiLl+pmaItlp8GGYUHrKWLg/iNXQ4EDiXwfxF2TdSRtqkOIQQxo8Odz7fxccGGQNOeD/xCAVZuZgwOtcGGtzBaBIz18pttLRLIfzPr4WnCqlycApux1g8UhyK9zPo9kjeFnwHAseMi7sZb5iQwzSPpT6osZF127g9rgi/ck+1AB8EEsB8AOYw4DmKFCHQ8S7OuWMpAgqtphsy2sW0QOBHdp62bqZBlFofYokw1c72+SoW4ZsTwqX5ECc2pcwdDsdse9jyTHSppap/NguvgLtgfv7uz9tVw6T/Mw5Sq5MlwxFY3J0PFIJU1KjxXGmoTowor+QJVds5PxnWFBX5u6jsHs9ifcub7ddaNXuQHPGcqbyNp/T6pH51/NyymnWRq8/RcHE3DFFFYDl2J9/WY9+y1Q35o8fMo7XWJ5FqArogtAyDE42EjxCvujUos3JJKqcSUueKBimO0oJ1TzgpTCrYi4OoP54dVNRFSGVq5dFAkJ9Dmpeh4a/v1Gxuk9ujvxbRZso8GfM7gnr2FIK3hinipT7F8RHVx07YnJehM93Ul9m237OwJl5hpBBsFRy+yIuBoxd5DEeN3nPuztEOovW5lR+Sj0RB6ipJc5kaHTVx0bZm2SwPVr9RaWeHBq4j2b3HP5+frgR/vnPo3q6RQJLKamLh30mAxtzTV4F77N6LEXp9JFhs9ytv5y9MYwotHIjO6sN6pop1vcIpm/b4tKeYyUDJ6JDVuy/oroS8uAtf378gTRlT/P/ekDLRymyySvwWQ/TVtm5iF0vjt3lUdpwNOoY3J5TJZejCLbDOcShE7PDfKtf0QKGNBmxNh3gqtqDQ5YWoQirTLUv9B2Q7JkRpYZ+gLnkXMe0eu7QFcrjUMGeJwe7F4EOjBd7Xy6Wh72BVi54sYuuWWIgCOAFCjMDqMiLGdu2itnMJN33epOnnj3Dn2liqTDubSRpRaYE5/thVeRXKs+myuiU70R8mKtxol5/0i1HGrolT1Sq5k4O3t4Ibj/rhjqpmQU036T/211YS3DH9MMsP2YlOOv4NXBfptwJ+hKY3R2IoXI/FVHF1q0/8b24+kVefCZ4tOlKViPVLnYlYuxw72ztzhheKsSLMJy/UzMJMV4p250IsPAO8locfPIw==,iv:zHwrBGfdoz2j/5Qko5QNDkh/kkJ/bD/aHvEL5DACmKI=,tag:9YELKHujgP4p5yO5vAwZog==,type:str] nix-access-token-github: ENC[AES256_GCM,data:D0VIVA6O4vTDkg//+NgV0pptpSGFkSi8YtbcjjXTQyYLK6j6QJ1Zxhz1SaHZadWNjJgilMjoOHZOg742fdusxwzJTQ0=,iv:pjdlfeRW9v4q4+S/6voEFPOvwQMQYd2ehQS2k0MNAuI=,tag:HG3+7EfbD1XTjxE2UjTV3g==,type:str] -ssh_config: ENC[AES256_GCM,data:WY7WwOu+ev0+Js8xNjRQYHzAy3arKdQY5IfXHFPLwY1Yz/Z+nXIMfL4vg9kjnjteNqVVfzzk9cjaMBxHvU4cqhznipFUjhV6LuIqVcRUersyVgquluQHEUt6WRbOY0QVbI2jUzPPrgjGlW2KDS62rxKhviC+JSULi3oJEZcB2Ko9I2Lyll6jW+ESUiiYB647bdQz5+638iY3M/2FgijLawr9a7qHP4J7h2U+9LfFj+L3ilVqz+u8YJenspKEMg/n0Oi+EMQfY/wq7zzhhxt+TCVa6Tlh7HEgdRrrjLaRLJZx1nsX5+nzdSthJ+lWYKodVlw3XeexJ7kRBp0/a6tKzsDcJvGIbOnAtgCfneS62CATgawcjTn+VzMC9esOuGsbeEu74I0fZgGNVxvd4PhcONe45Gho5S2ztaGLQdxC15y6e8Yv/fjw+lSN5ngvngDBBt3FAneYzvhwup8D5gUGS3xr2audXCka77Oqb6bGjg==,iv:bUG0wSgImCIQ80vfQs95FhreM557uzBi6FFn6VQAFG8=,tag:lmLVb35Oi5HXv6DPkaXAWA==,type:str] +ssh_config: ENC[AES256_GCM,data:sEEnFAoiJcn2zAptd01UOfP9e+9HIba0iq3ylATVYu6QHMOeojwCa4jDFtR22Sb4tvlcaKIeYseKhQfMfHopK8Bqz696mSHyrlROrxNZxYg7YvWol0ksN+xNLa7ALTQoI+boQoobpHbZiEQ9OhwUyZBP+Y2ovU3ipXXL3fqaqC/l6oqsSytKv8WDjgoNtTtdbr6NHgM8RMuu72YIMvMYOt2NRoQiqhEzdn/3NOZC7eLz1SV+JKVcm9rogfV9BSjivP+x5lp5KwUUHsbDVIL7LT83jkx+FXZe6CsuVX3Qbd3mErNSDxLDZtxYBUwECt8Ku8wvWf82IQDHMQEwF5zu6Lq7aPi+fZK1CTvsS5X/ar0HMhBwbBkljgnPr+U/CrS5vjouYP7tcuJXxAsSkgACKgZtj9cc38dEqVltR7J4KcZ43nhjci5CeH6Xr9S/wxQRoPxwXfy6cSFHlt5uj4Rkli49f5dqC2fNz8LF77ceygQA3wgCKir+28tWLVSfMO6Xu88BG7fNWldCnkaWQNIMvXAJs03i6XZONXVWP8svfBRbcY9tbhwh0OPT60V4pI3TGuGiAw/kWwswKl4sPz6Fj9/yeCuynoSYXU7PKUgB6ZWZ8Y4eK4+uddSfOKwaQGqeDBz4oJ7X5IH776J8WtBZ/J5D14zgHkJh1ELl2ldaYdjFhQfruBTCILIhQCwcY/DSCWdv9LExIj3Wh5Piv2w1cUmP5HIO0BVk47vial+lWZm4KCU3AwxNwyME3CfqRh7TIzK8Ufi7MZBXHC26e5EAfK5g6Du/I6hVlTjnRDrGqUyF/+c=,iv:yX+/BGMQplX9e1dyLxJ5e81z8tPgI6x67xqqJrFbpzw=,tag:FFiFgWdsuRdSdAbNf44Sng==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - recipient: age1900zc5caephklavvjxp0g4qqvyqlzg3sux69y9p092g3d3qck3kqz62reh enc: | @@ -26,8 +22,7 @@ sops: Nmp5TTVkNFNqd29PRVlRZ2lZWDhaQVEKQ5dnzV8gqd21v6AlUfpOrBTyzvpEC2kr VF7UR0f3VOvnaJ5fDB4nrcHthYbQtxuzhV2wuvZFh+fBle5xRgGRIg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-03-18T20:30:06Z" - mac: ENC[AES256_GCM,data:GznKrPan9U7A9+98Ey+P4xWpRwrsTQ/E5rkypXGBH5nyLXuimyNIrb/p5d5pws/gtdOGMmDIAuOvzzo8BcfFljgIaBK557E1E5Oq6pskmNnIv4gZNjHSncmsA87NGEZYF+gkQijQB6lDL6uZmAz4g5IcWsQltMYlnRv3wM+rYhk=,iv:3IKa5siOFxsLXkBECpx3wimt/s99RtmETmB80mpnU2E=,tag:yhT85gINaoFqKBLTdrEXbw==,type:str] - pgp: [] + lastmodified: "2025-06-05T18:01:08Z" + mac: ENC[AES256_GCM,data:VaYnO0cCKoxY2cvnmqr4MqkTjSOzlBY8z80uxksUxrfWnWCkBtIPHG5gHi7HKn6LnlREUquzHoSSfmpIoKpMjdsOlFunPnrG876uGhNFxHROocixxZJV6yIsClgRx3FCwe1M3iT0NDAYq3zzNrL2bTx1MOx4C97Ki4BuISn4/98=,iv:dUUpbFa7e+Qa9FV9ALEVPifQNrPkv5oYsA6djgYEq10=,tag:s2abIa6FX/vPsUr7M3kEfQ==,type:str] unencrypted_suffix: _unencrypted - version: 3.9.4 + version: 3.10.2 diff --git a/hosts/secrets/kaitain.yaml b/hosts/secrets/kaitain.yaml index 255695a..951aa75 100644 --- a/hosts/secrets/kaitain.yaml +++ b/hosts/secrets/kaitain.yaml @@ -1,9 +1,6 @@ nix-access-token-github: ENC[AES256_GCM,data:OcAY30aGdCEHyl6DW6mYOLI166w/bGBeTKQ645EG3lL0k1IHvu/ox/PG28AjlcCj4pZHeYxEVIYut6a9VoPNjRT3ohA=,iv:8kRcGkGm+6hWAQ0/0FwqDeS7i0GE8cyd0YsC9J6kl54=,tag:G1J/5pK9dQ2N29oz5byVuA==,type:str] +ssh_config: ENC[AES256_GCM,data:pm2kOAyplRTTlQdIGOrX0/T+dGWUH0XdoVdibWY8qGUzgQ80NYGWgM6bHm272OeMKrCLE+0Rtgjzt90HF7cj00V7ER1CK2hJaLmQypsGEBel3PkdhO9oPmSJk9TtydtAldMA/OQEAtZkVm2+1AGiGdvuwNF2PMyJUXSGxqU/uCLpGhQoQY3QGFytsrnsNbsmZplwg5+tT/JI+d56ol2Gm2hvYtEWX/2PunQR2nim0HHDuCLojxXIR1oLbz8l1MU6PsZMHIKvBMbn27OIC4AHFENWbvsKzxK5YZk6DOX+ZnRiyYQ36+ykzAaNXXXuvGufPbKMOySJ4GBKKvxtGd95HeDH8fknVUly5/MraVnjymTmVAQfUm3/eQPxAkA6Lno5UOmxeYUVjFC/fNlx9HDNLwSNze8Kvz/ugdAqfmxWo7wbmlDkFW+HJT2IzxbMDdEUmErBho0s8gYO,iv:8Vwujh30g9GYps+J8hkFHpL+viC088AGLdPCMzL2/LU=,tag:ES2GoIJYk7n0b8MV1tnn6g==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - recipient: age1fptscuj4qa39238xfvc7envgxr4cf29z3zaejp2v3q703tq45dasf8vadl enc: | @@ -23,8 +20,7 @@ sops: RUQzdEkrQTU1cC9OU1B3L1cva0JQTTQKzAuNy/7h5XyOIiQh/8fXfgri90dTW/qt wn/snTnrukwPaeQXsAHQDvzueYxSEtHqk0WYT8sOAfuzOQP7wGoGFg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-11-18T18:32:59Z" - mac: ENC[AES256_GCM,data:YHZ+rkkVX2CX1XgLKFvSEf1Hg6i6wJwNV2IdMx8kjyWSVjAx2PQjKvy/dLFsqspo1FF4Bo++jyaEn0yxuouVful12Q/6RAhf1HRDXK0TjPTWf/vsCw0Mlv/zcPOKMEPG4ltP6bSDG6WtTtFx3Ck6stQwepF2omoVT2E4kj1KONM=,iv:uHs5N9sMfPn4+ZEaU6BlioESWy/BijUfYHu/5UrA4H8=,tag:b/lwx7ex21Jw0knpuy1TPw==,type:str] - pgp: [] + lastmodified: "2025-06-24T17:03:24Z" + mac: ENC[AES256_GCM,data:rbADZdFAqxx6oONZaw8u9BF9ZMBHaCIUCysOa7qucuPnC4N50PbmxhpYZR3Nd0NOqDbkT0+8Ox1XxF6Aty+kxvd46V70WR9oibGJkxuWxyAohXAETv4XjZl8JOkQV8JvEDAzKNjEXbOUKiLRkU8PWfQ13ogshuCE4FYLzrQcNjo=,iv:/79wztsyRzv+g14KeuM/68ne9cKenVB4WX5DYxIGvnM=,tag:626pO+4jISMP5Z/PWcPuxQ==,type:str] unencrypted_suffix: _unencrypted - version: 3.9.1 + version: 3.10.2 diff --git a/hosts/secrets/richese.yaml b/hosts/secrets/richese.yaml index 45bb5e0..a7aa1fc 100644 --- a/hosts/secrets/richese.yaml +++ b/hosts/secrets/richese.yaml @@ -1,9 +1,6 @@ nix-access-token-github: ENC[AES256_GCM,data:g+9Vi3SOLWFkZGb6KzlYdYmv9JSIoYd4OaOhAYZLrxlJKWqsa66Tc2z5dFWr/wyPbitxRAzQB1xRZI3CUbMWOWb06L8=,iv:kjdbr2KLLWfIsSNTCespLXdQ4BKm4caiRASaCYWKFHA=,tag:DBqjdPHnMCSa6obeSy0WzA==,type:str] +ssh_config: ENC[AES256_GCM,data:lNXNkmr0nWohTX+Zf4OpVCnFFaIafxqtz0a1p/mWHV+52W0pwS34vga4Xt1zd7tgaZChXPdU/QLVouIhoR/6o+cHlX/N7UIw5S5tg7uZfsMdxam1hs+VQzSunEYMpVTn9TmsrjUx/4ETKZLXQuA+cq3M/9sBsQYk6acJKstNKdyguG+QJJBddmaQOxp7+VUOELUWwOy3nJxldI1Asg95BXQImi4FLeRw9/iZKkgn0xUrCfljiXn5rC4Fpphebw/JkQMsbd7x/9fpK9wjNtUs/8MPXAIRYU6Ty912rYda5ALUpl4U8L2iRHwSmxriW42IdeRKXcmDtCAJMMN5LyWewqAc36RUwzd7G8ihEweZgRTibRIwYOPuYC10IihX5ccojjDakbMPDx/fhOHRlp6qjRHzB/4qonRbyr+f9CR9of8l6l+VAO9k69BeYjlbfvZOlDMWELGTmdKE,iv:JNcvLKSZ6xhrERXixIIOGlyQMrvT7D9W2zneNSTTjfw=,tag:iMHQNJVEShgUA1L5/3dm4g==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - recipient: age1wv08vfv7mlwkhkn2pkq0gd94a3wz0gc3x3eq0szxem05xg05nfhq2glvv9 enc: | @@ -23,8 +20,7 @@ sops: MGt6VkNzc3hGU2FDVWxsM1Rqdk9qTkEKA5viW8YGBdqvLVLYEdzLWWggxQ2BrDOa atzlSR0WjUsK316X4HtVMyllk0FvLy4QdUP40/XLgd5DpxZZds3OiQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-11-18T18:32:48Z" - mac: ENC[AES256_GCM,data:VvcWlUPFgdQ/YAioKnZzK69PYulZanKNQOan3cHLF8BRehkw1VvVFAmPW0cPLY66cMXFma9rFxaP5XAdRojs2J4ViOgzbhrCHYTVCSA3VTcgBZRTPAfTggztwoPKic0EhE2HxfykhQCrPVxqa23Z25x4q1LuWskE+BMbGubPSP0=,iv:bJnO2oE3ogvpXjCUFKd/+5RXO2udL5a2UXdBdb5Wfec=,tag:dbZR0/BQpPAL996Siyta/A==,type:str] - pgp: [] + lastmodified: "2025-06-24T17:04:43Z" + mac: ENC[AES256_GCM,data:JdElb6C5lvdOXouz10CLgYkmYnqlY0swPivTETGG631MKq08bzkc5zusmkBnHdQ8m/tO7R9JXYzOqoMIrrfgWQ+W2Du6m60BLOcRxGJVsFhcf1yb6GrM47NT/HAyyKUgJloDKJUQL10rrD8mPzCa475OBjebkJ7ycqKiyQV1cr4=,iv:raIutEF8Kv9lxkcboZ/8LzCA7JkfO4pXRRYRJJDz8KQ=,tag:7eTo1a6Kt+ac1Nz+2xfmZg==,type:str] unencrypted_suffix: _unencrypted - version: 3.9.1 + version: 3.10.2 diff --git a/hosts/uranus/default.nix b/hosts/uranus/default.nix index d5dc582..ed0974e 100644 --- a/hosts/uranus/default.nix +++ b/hosts/uranus/default.nix @@ -4,7 +4,7 @@ #kernel.sysctl = { # "net.ipv4.ip_forward" = true; #}; - kernelPackages = pkgs.linuxPackages_6_12; + kernelPackages = pkgs.master.linuxPackages_6_15; loader = { efi.canTouchEfiVariables = true; systemd-boot.enable = true; @@ -17,8 +17,8 @@ }; }; - environment.systemPackages = with pkgs; [ - wpa_supplicant + environment.systemPackages = [ + pkgs.wpa_supplicant ]; imports = [ |