diff --git a/.forgejo/workflows/build_nixos_configs.yml b/.forgejo/workflows/build_nixos_configs.yml deleted file mode 100644 index 579e3cd..0000000 --- a/.forgejo/workflows/build_nixos_configs.yml +++ /dev/null @@ -1,30 +0,0 @@ -name: Build NixOS Configurations -on: [push] - -jobs: - build: - runs-on: ubuntu-latest - container: - image: node:25 - volumes: - - "/nix:/nix" - strategy: - matrix: - system: - - "carbon" - - "git" - - "gospel" - - "node" - steps: - - name: Check out repository code - uses: actions/checkout@v4 - - run: | - echo 'Building configuration for ${{ matrix.system }}' - nix --extra-experimental-features nix-command --extra-experimental-features flakes \ - build .#nixosConfigurations.${{ matrix.system }}.config.system.build.toplevel - - name: Push build to attic - run: | - nix --extra-experimental-features nix-command --extra-experimental-features flakes run nixpkgs#attic-client \ - -- login gospel https://attic.kilonull.com ${{ secrets.ATTIC_PUSH_SECRET }} - nix --extra-experimental-features nix-command --extra-experimental-features flakes run nixpkgs#attic-client \ - -- push --ignore-upstream-cache-filter gospel:nixosConfigs ./result diff --git a/.gitea/workflows/demo.yaml b/.gitea/workflows/demo.yaml new file mode 100644 index 0000000..c537cc6 --- /dev/null +++ b/.gitea/workflows/demo.yaml @@ -0,0 +1,19 @@ +name: Gitea Actions Demo +run-name: ${{ gitea.actor }} is testing out Gitea Actions 🚀 +on: [push] + +jobs: + Explore-Gitea-Actions: + runs-on: ubuntu-latest + steps: + - run: echo "🎉 The job was automatically triggered by a ${{ gitea.event_name }} event." + - run: echo "🐧 This job is now running on a ${{ runner.os }} server hosted by Gitea!" + - run: echo "🔎 The name of your branch is ${{ gitea.ref }} and your repository is ${{ gitea.repository }}." + - name: Check out repository code + uses: actions/checkout@v4 + - run: echo "💡 The ${{ gitea.repository }} repository has been cloned to the runner." + - run: echo "🖥️ The workflow is now ready to test your code on the runner." + - name: List files in the repository + run: | + ls ${{ gitea.workspace }} + - run: echo "🍏 This job's status is ${{ job.status }}." diff --git a/.nixd.json b/.nixd.json new file mode 100644 index 0000000..4615848 --- /dev/null +++ b/.nixd.json @@ -0,0 +1,5 @@ +{ + "formatting": { + "command": "alejandra" + } +} diff --git a/AGENTS.md b/AGENTS.md index 202d09a..4fb7ac4 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -13,7 +13,7 @@ - **Deploy**: `nix run github:serokell/deploy-rs -- .#` (e.g., `.#gospel`) ## Code Style Guidelines -- **Formatter**: Use nixfmt for Nix code formatting (managed by devenv pre-commit hooks) +- **Formatter**: Use nixfmt-rfc-style for Nix code formatting (managed by devenv pre-commit hooks) - **Pre-commit**: Hooks run automatically on commit via devenv (trailing whitespace, YAML validation, etc.) - **Imports**: Group function parameters in curly braces, use `...` for extensibility - **Naming**: Use camelCase for variables, kebab-case for hostnames/services @@ -31,4 +31,4 @@ - `homes/`: Home Manager configurations - `modules/`: Reusable modules (nixos/ and home/) - `packages/`: Custom package definitions -- `.envrc`: Direnv configuration for automatic shell activation +- `.envrc`: Direnv configuration for automatic shell activation \ No newline at end of file diff --git a/devenv.nix b/devenv.nix index 9d4d3b0..5fb0c8d 100644 --- a/devenv.nix +++ b/devenv.nix @@ -1,7 +1,7 @@ { pkgs, ... }: { packages = [ - pkgs.nixfmt + pkgs.nixfmt-rfc-style pkgs.nixd pkgs.deploy-rs pkgs.git @@ -16,6 +16,6 @@ enable = true; excludes = [ ".*\\.png$" ]; }; - nixfmt.enable = true; + nixfmt-rfc-style.enable = true; }; } diff --git a/flake.lock b/flake.lock index 11ba4d8..4453dc7 100644 --- a/flake.lock +++ b/flake.lock @@ -12,11 +12,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1770165109, - "narHash": "sha256-9VnK6Oqai65puVJ4WYtCTvlJeXxMzAp/69HhQuTdl/I=", + "lastModified": 1762618334, + "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", "owner": "ryantm", "repo": "agenix", - "rev": "b027ee29d959fda4b60b57566d64c98a202e0feb", + "rev": "fcdea223397448d35d9b31f798479227e80183f6", "type": "github" }, "original": { @@ -63,11 +63,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1772153824, - "narHash": "sha256-T65qXmlcD9qFpPTi+mOXsn4dIkO2N8Ls67nqmuzepv0=", + "lastModified": 1765990358, + "narHash": "sha256-l8x0gU8mnYaGMl+gWrsSHKBJlZWD8KXJfHTkRlFiPI0=", "owner": "catppuccin", "repo": "nix", - "rev": "4b0f5b7bf7b3eeb484d49524f3c9791864ab9362", + "rev": "de1b60ca45a578f59f7d84c8d338b346017b2161", "type": "github" }, "original": { @@ -77,17 +77,12 @@ } }, "catppuccin-nix-palette": { - "inputs": { - "nixpkgs": "nixpkgs_2", - "palette": "palette", - "systems": "systems_2" - }, "locked": { - "lastModified": 1766250142, - "narHash": "sha256-if8WlHrQElcdcnNM3nqw1UIXf7ByGk6jbXKMirnJfnw=", + "lastModified": 1766206652, + "narHash": "sha256-pWAwRFfJx83jIqoqoHUlzsMTaCWy14JO87ot2ji+XRI=", "ref": "main", - "rev": "397e0a08b155cec1738fd8b46fb9b9fc6b8fb15f", - "revCount": 2, + "rev": "4e42cc79579e082baade513ebbba9806b4fa7363", + "revCount": 1, "type": "git", "url": "https://git.alejandr0angul0.dev/alejandro-angulo/catppuccin-nix-palette" }, @@ -106,11 +101,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1770019181, - "narHash": "sha256-hwsYgDnby50JNVpTRYlF3UR/Rrpt01OrxVuryF40CFY=", + "lastModified": 1766051518, + "narHash": "sha256-znKOwPXQnt3o7lDb3hdf19oDo0BLP4MfBOYiWkEHoik=", "owner": "serokell", "repo": "deploy-rs", - "rev": "77c906c0ba56aabdbc72041bf9111b565cdd6171", + "rev": "d5eff7f948535b9c723d60cd8239f8f11ddc90fa", "type": "github" }, "original": { @@ -126,17 +121,16 @@ "flake-parts": "flake-parts", "git-hooks": "git-hooks", "nix": "nix", - "nixd": "nixd", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1772320113, - "narHash": "sha256-F/yM6SAAtCkG4NVOWap70CcAiPP+EIR5rb2zI3XlHDw=", + "lastModified": 1766087669, + "narHash": "sha256-1+LJXcOaeX5YCFCCCY+bh6nSQBS5fPVcudQs5/G2+P4=", "owner": "cachix", "repo": "devenv", - "rev": "65c59037d2dba83876ec9da8d22584d604553f16", + "rev": "c03eed645ea94da7afbee29da76436b7ce33a5cb", "type": "github" }, "original": { @@ -219,11 +213,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1768135262, - "narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=", + "lastModified": 1763759067, + "narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac", + "rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0", "type": "github" }, "original": { @@ -241,11 +235,11 @@ ] }, "locked": { - "lastModified": 1765835352, - "narHash": "sha256-XswHlK/Qtjasvhd1nOa1e8MgZ8GS//jBoTqWtrS1Giw=", + "lastModified": 1763759067, + "narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "a34fae9c08a15ad73f295041fec82323541400a9", + "rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0", "type": "github" }, "original": { @@ -254,22 +248,44 @@ "type": "github" } }, - "flake-root": { - "locked": { - "lastModified": 1723604017, - "narHash": "sha256-rBtQ8gg+Dn4Sx/s+pvjdq3CB2wQNzx9XGFq/JVGCB6k=", - "owner": "srid", - "repo": "flake-root", - "rev": "b759a56851e10cb13f6b8e5698af7b59c44be26e", - "type": "github" - }, - "original": { - "owner": "srid", - "repo": "flake-root", - "type": "github" - } - }, "flake-utils": { + "inputs": { + "systems": "systems_3" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils-plus": { + "inputs": { + "flake-utils": "flake-utils_2" + }, + "locked": { + "lastModified": 1715533576, + "narHash": "sha256-fT4ppWeCJ0uR300EH3i7kmgRZnAVxrH+XtK09jQWihk=", + "owner": "gytis-ivaskevicius", + "repo": "flake-utils-plus", + "rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f", + "type": "github" + }, + "original": { + "owner": "gytis-ivaskevicius", + "repo": "flake-utils-plus", + "rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f", + "type": "github" + } + }, + "flake-utils_2": { "inputs": { "systems": "systems_5" }, @@ -287,25 +303,6 @@ "type": "github" } }, - "flake-utils-plus": { - "inputs": { - "flake-utils": "flake-utils" - }, - "locked": { - "lastModified": 1715533576, - "narHash": "sha256-fT4ppWeCJ0uR300EH3i7kmgRZnAVxrH+XtK09jQWihk=", - "owner": "gytis-ivaskevicius", - "repo": "flake-utils-plus", - "rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f", - "type": "github" - }, - "original": { - "owner": "gytis-ivaskevicius", - "repo": "flake-utils-plus", - "rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f", - "type": "github" - } - }, "git-hooks": { "inputs": { "flake-compat": [ @@ -361,11 +358,11 @@ ] }, "locked": { - "lastModified": 1772330611, - "narHash": "sha256-UZjPc/d5XRxvjDbk4veAO4XFdvx6BUum2l40V688Xq8=", + "lastModified": 1766171975, + "narHash": "sha256-47Ee0bTidhF/3/sHuYnWRuxcCrrm0mBNDxBkOTd3wWQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "58fd7ff0eec2cda43e705c4c0585729ec471d400", + "rev": "bb35f07cc95a73aacbaf1f7f46bb8a3f40f265b5", "type": "github" }, "original": { @@ -375,6 +372,36 @@ "type": "github" } }, + "ixx": { + "inputs": { + "flake-utils": [ + "nixvim", + "nixvim", + "nuschtosSearch", + "flake-utils" + ], + "nixpkgs": [ + "nixvim", + "nixvim", + "nuschtosSearch", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1754860581, + "narHash": "sha256-EM0IE63OHxXCOpDHXaTyHIOk2cNvMCGPqLt/IdtVxgk=", + "owner": "NuschtOS", + "repo": "ixx", + "rev": "babfe85a876162c4acc9ab6fb4483df88fa1f281", + "type": "github" + }, + "original": { + "owner": "NuschtOS", + "ref": "v0.1.1", + "repo": "ixx", + "type": "github" + } + }, "nix": { "inputs": { "flake-compat": [ @@ -401,47 +428,20 @@ ] }, "locked": { - "lastModified": 1771532737, - "narHash": "sha256-H26FQmOyvIGnedfAioparJQD8Oe+/byD6OpUpnI/hkE=", + "lastModified": 1761648602, + "narHash": "sha256-H97KSB/luq/aGobKRuHahOvT1r7C03BgB6D5HBZsbN8=", "owner": "cachix", "repo": "nix", - "rev": "7eb6c427c7a86fdc3ebf9e6cbf2a84e80e8974fd", + "rev": "3e5644da6830ef65f0a2f7ec22830c46285bfff6", "type": "github" }, "original": { "owner": "cachix", - "ref": "devenv-2.32", + "ref": "devenv-2.30.6", "repo": "nix", "type": "github" } }, - "nixd": { - "inputs": { - "flake-parts": [ - "devenv", - "flake-parts" - ], - "flake-root": "flake-root", - "nixpkgs": [ - "devenv", - "nixpkgs" - ], - "treefmt-nix": "treefmt-nix" - }, - "locked": { - "lastModified": 1763964548, - "narHash": "sha256-JTRoaEWvPsVIMFJWeS4G2isPo15wqXY/otsiHPN0zww=", - "owner": "nix-community", - "repo": "nixd", - "rev": "d4bf15e56540422e2acc7bc26b20b0a0934e3f5e", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixd", - "type": "github" - } - }, "nixlib": { "locked": { "lastModified": 1736643958, @@ -465,11 +465,11 @@ ] }, "locked": { - "lastModified": 1769813415, - "narHash": "sha256-nnVmNNKBi1YiBNPhKclNYDORoHkuKipoz7EtVnXO50A=", + "lastModified": 1764234087, + "narHash": "sha256-NHF7QWa0ZPT8hsJrvijREW3+nifmF2rTXgS2v0tpcEA=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "8946737ff703382fda7623b9fab071d037e897d5", + "rev": "032a1878682fafe829edfcf5fdfad635a2efe748", "type": "github" }, "original": { @@ -480,11 +480,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1771969195, - "narHash": "sha256-qwcDBtrRvJbrrnv1lf/pREQi8t2hWZxVAyeMo7/E9sw=", + "lastModified": 1764440730, + "narHash": "sha256-ZlJTNLUKQRANlLDomuRWLBCH5792x+6XUJ4YdFRjtO4=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "41c6b421bdc301b2624486e11905c9af7b8ec68e", + "rev": "9154f4569b6cdfd3c595851a6ba51bfaa472d9f3", "type": "github" }, "original": { @@ -496,11 +496,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1771848320, - "narHash": "sha256-0MAd+0mun3K/Ns8JATeHT1sX28faLII5hVLq0L3BdZU=", + "lastModified": 1763966396, + "narHash": "sha256-6eeL1YPcY1MV3DDStIDIdy/zZCDKgHdkCmsrLJFiZf0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2fc6539b481e1d2569f25f8799236694180c0993", + "rev": "5ae3b07d8d6527c42f17c876e404993199144b6a", "type": "github" }, "original": { @@ -512,11 +512,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1765674936, - "narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=", + "lastModified": 1761765539, + "narHash": "sha256-b0yj6kfvO8ApcSE+QmA6mUfu8IYG6/uU28OFn4PaC8M=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "2075416fcb47225d9b68ac469a5c4801a9c4dd85", + "rev": "719359f4562934ae99f5443f20aa06c2ffff91fc", "type": "github" }, "original": { @@ -525,22 +525,6 @@ "type": "github" } }, - "nixpkgs-stable": { - "locked": { - "lastModified": 1772047000, - "narHash": "sha256-7DaQVv4R97cii/Qdfy4tmDZMB2xxtyIvNGSwXBBhSmo=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "1267bb4920d0fc06ea916734c11b0bf004bbe17e", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-25.11", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_2": { "locked": { "lastModified": 1766070988, @@ -559,27 +543,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1772198003, - "narHash": "sha256-I45esRSssFtJ8p/gLHUZ1OUaaTaVLluNkABkk6arQwE=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "dd9b079222d43e1943b6ebd802f04fd959dc8e61", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_4": { - "locked": { - "lastModified": 1768875095, - "narHash": "sha256-dYP3DjiL7oIiiq3H65tGIXXIT1Waiadmv93JS0sS+8A=", + "lastModified": 1764138170, + "narHash": "sha256-2bCmfCUZyi2yj9FFXYKwsDiaZmizN75cLhI/eWmf3tk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "ed142ab1b3a092c4d149245d0c4126a5d7ea00b0", + "rev": "bb813de6d2241bcb1b5af2d3059f560c66329967", "type": "github" }, "original": { @@ -589,13 +557,13 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_4": { "locked": { - "lastModified": 1767026758, - "narHash": "sha256-7fsac/f7nh/VaKJ/qm3I338+wAJa/3J57cOGpXi0Sbg=", + "lastModified": 1763618868, + "narHash": "sha256-v5afmLjn/uyD9EQuPBn7nZuaZVV9r+JerayK/4wvdWA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "346dd96ad74dc4457a9db9de4f4f57dab2e5731d", + "rev": "a8d610af3f1a5fb71e23e08434d8d61a466fc942", "type": "github" }, "original": { @@ -608,15 +576,15 @@ "nixvim": { "inputs": { "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_3", "nixvim": "nixvim_2" }, "locked": { - "lastModified": 1770835587, - "narHash": "sha256-D0LVQRMGA0xJpdpykxXaoHC3vGrkYG461jbJ5TfUzEM=", + "lastModified": 1764206843, + "narHash": "sha256-ieuOUoc2ZIKR6ZR8HnjnsX9k/3EJr6b/WQ3yZDaxDKg=", "ref": "main", - "rev": "72767c9aee71b0e5cec6dde7c2de92d3edb93dc4", - "revCount": 59, + "rev": "926db427f465f44f454a3ac48216ec461b4a42e8", + "revCount": 52, "type": "git", "url": "https://git.alejandr0angul0.dev/alejandro-angulo/nixvim-config" }, @@ -629,15 +597,16 @@ "nixvim_2": { "inputs": { "flake-parts": "flake-parts_3", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_4", + "nuschtosSearch": "nuschtosSearch", "systems": "systems_4" }, "locked": { - "lastModified": 1768910181, - "narHash": "sha256-YRU0IHMzXluZxr0JDfq9jtblb4DV7MIB5wj2jYMFKQc=", + "lastModified": 1764148348, + "narHash": "sha256-C9UobzCvMaLwNtRaFrt26TA/SkQtcDhJFmlVQ6DPHyA=", "owner": "nix-community", "repo": "nixvim", - "rev": "5b138edcb2f1c3ed4b29eca3658f04f0639b98b3", + "rev": "7fe6951bf8c2719f437f74224adf3a2e875d6781", "type": "github" }, "original": { @@ -646,30 +615,38 @@ "type": "github" } }, - "palette": { - "flake": false, + "nuschtosSearch": { + "inputs": { + "flake-utils": "flake-utils", + "ixx": "ixx", + "nixpkgs": [ + "nixvim", + "nixvim", + "nixpkgs" + ] + }, "locked": { - "lastModified": 1742245182, - "narHash": "sha256-R52Q1FVAclvBk7xNgj/Jl+GPCIbORNf6YbJ1nxH3Gzs=", - "owner": "catppuccin", - "repo": "palette", - "rev": "0df7db6fe201b437d91e7288fa22807bb0e44701", + "lastModified": 1761730856, + "narHash": "sha256-t1i5p/vSWwueZSC0Z2BImxx3BjoUDNKyC2mk24krcMY=", + "owner": "NuschtOS", + "repo": "search", + "rev": "e29de6db0cb3182e9aee75a3b1fd1919d995d85b", "type": "github" }, "original": { - "owner": "catppuccin", - "repo": "palette", + "owner": "NuschtOS", + "repo": "search", "type": "github" } }, "powerlevel10k": { "flake": false, "locked": { - "lastModified": 1769621797, - "narHash": "sha256-xiUNt2zomP3TNiCW/PZn6rS/3pv+uW17YjkzEPc227I=", + "lastModified": 1745931653, + "narHash": "sha256-BRJyGn+gTGUWifpJ1ziBKVHACcWw+R5N/HdUi8HzSvY=", "owner": "romkatv", "repo": "powerlevel10k", - "rev": "8ed1f58e082e1cce85e1d69235d1a906cf3c643e", + "rev": "36f3045d69d1ba402db09d09eb12b42eebe0fa3b", "type": "github" }, "original": { @@ -689,8 +666,7 @@ "home-manager": "home-manager", "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_3", - "nixpkgs-stable": "nixpkgs-stable", + "nixpkgs": "nixpkgs_2", "nixvim": "nixvim", "powerlevel10k": "powerlevel10k", "snowfall-lib": "snowfall-lib", @@ -794,31 +770,9 @@ "type": "github" } }, - "treefmt-nix": { - "inputs": { - "nixpkgs": [ - "devenv", - "nixd", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1734704479, - "narHash": "sha256-MMi74+WckoyEWBRcg/oaGRvXC9BVVxDZNRMpL+72wBI=", - "owner": "numtide", - "repo": "treefmt-nix", - "rev": "65712f5af67234dad91a5a4baee986a8b62dbf8f", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "treefmt-nix", - "type": "github" - } - }, "utils": { "inputs": { - "systems": "systems_3" + "systems": "systems_2" }, "locked": { "lastModified": 1731533236, @@ -837,11 +791,11 @@ "zsh-syntax-highlighting": { "flake": false, "locked": { - "lastModified": 1770569380, - "narHash": "sha256-VMne38IQwqB4jwGUI2f3eEiSkT2ww7+G5ch7w+65GT0=", + "lastModified": 1732201766, + "narHash": "sha256-KRsQEDRsJdF7LGOMTZuqfbW6xdV5S38wlgdcCM98Y/Q=", "owner": "zsh-users", "repo": "zsh-syntax-highlighting", - "rev": "1d85c692615a25fe2293bdd44b34c217d5d2bf04", + "rev": "5eb677bb0fa9a3e60f0eff031dc13926e093df92", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index ec75400..6a2e6e8 100644 --- a/flake.nix +++ b/flake.nix @@ -3,7 +3,6 @@ inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; - nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-25.11"; home-manager.url = "github:nix-community/home-manager/master"; home-manager.inputs.nixpkgs.follows = "nixpkgs"; @@ -56,7 +55,6 @@ systems.modules.nixos = with inputs; [ agenix.nixosModules.default home-manager.nixosModules.home-manager - catppuccin.nixosModules.catppuccin ]; homes.modules = with inputs; [ catppuccin.homeModules.catppuccin ]; diff --git a/homes/x86_64-linux/alejandro@carbon/default.nix b/homes/x86_64-linux/alejandro@carbon/default.nix index 1356707..ff94de1 100644 --- a/homes/x86_64-linux/alejandro@carbon/default.nix +++ b/homes/x86_64-linux/alejandro@carbon/default.nix @@ -1,37 +1,8 @@ -{ lib, pkgs, ... }: -let - - internal_display_settings = "eDP-1,preferred,auto,1.6"; - clamshell_script = pkgs.writeShellScriptBin "clamshell" '' - if ${pkgs.hyprland}/bin/hyprctl monitors | ${pkgs.ripgrep}/bin/rg -q '\sDP-'; then - if [[ "$1" == "open" ]]; then - ${pkgs.hyprland}/bin/hyprctl keyword monitor ${internal_display_settings} - else - ${pkgs.hyprland}/bin/hyprctl keyword monitor "eDP-1,disable" - fi - fi - ''; -in +{ lib, ... }: { aa.isHeadless = false; aa.windowManagers.sway.clamshell.enable = true; aa.programs.opencode.enable = true; - aa.windowManagers.hyprland = { - enable = true; - monitor = [ - "eDP-1,preferred,auto,1.6" - "desc:Dell Inc. DELL U4025QW BH2F734,3440x1440,auto,1" - ",preferred,auto,1" - ]; - }; - aa.services.hypridle.suspendInhibitWhenPluggedIn = true; + aa.windowManagers.hyprland.enable = true; aa.windowManagers.sway.enable = lib.mkForce false; - - wayland.windowManager.hyprland.settings.bindl = [ - ", switch:off:Lid Switch, exec, ${clamshell_script}/bin/clamshell open" - ", switch:on:Lid Switch, exec, ${clamshell_script}/bin/clamshell close" - ]; - - catppuccin.zathura.enable = true; - programs.zathura.enable = true; } diff --git a/homes/x86_64-linux/alejandro@git/default.nix b/homes/x86_64-linux/alejandro@git/default.nix index 0cf5664..4bb54e0 100644 --- a/homes/x86_64-linux/alejandro@git/default.nix +++ b/homes/x86_64-linux/alejandro@git/default.nix @@ -12,5 +12,6 @@ nix.gc = { automatic = true; options = "-d"; + frequency = "03:15"; }; } diff --git a/modules/home/apps/tmux/default.nix b/modules/home/apps/tmux/default.nix index fb8ac52..63120c4 100644 --- a/modules/home/apps/tmux/default.nix +++ b/modules/home/apps/tmux/default.nix @@ -75,53 +75,44 @@ in tmuxPlugins.vim-tmux-navigator ]; - extraConfig = '' - # Scrolling with mouse wheel scrolls output instead of previous commands - setw -g mouse on + extraConfig = + '' + # Scrolling with mouse wheel scrolls output instead of previous commands + setw -g mouse on - # Open panes in the same directory - bind c new-window -c "#{pane_current_path}" - bind '"' split-window -c "#{pane_current_path}" - bind % split-window -h -c "#{pane_current_path}" + # Open panes in the same directory + bind c new-window -c "#{pane_current_path}" + bind '"' split-window -c "#{pane_current_path}" + bind % split-window -h -c "#{pane_current_path}" - # sessionizer - bind C-o display-popup -E "${pkgs.tmux-sessionizer}/bin/tms" - bind C-j display-popup -E "${pkgs.tmux-sessionizer}/bin/tms switch" - bind C-w display-popup -E "${pkgs.tmux-sessionizer}/bin/tms windows" - bind C-s command-prompt -p "Rename active session to:" "run-shell '${pkgs.tmux-sessionizer}/bin/tms rename %1'" + # sessionizer + bind C-o display-popup -E "${pkgs.tmux-sessionizer}/bin/tms" + bind C-j display-popup -E "${pkgs.tmux-sessionizer}/bin/tms switch" + bind C-w display-popup -E "${pkgs.tmux-sessionizer}/bin/tms windows" + bind C-s command-prompt -p "Rename active session to:" "run-shell '${pkgs.tmux-sessionizer}/bin/tms rename %1'" - '' - + lib.strings.optionalString config.programs.lazygit.enable '' - # Open lazygit in a popup - # Spins up a new session with a '-lg' suffix (hitting the shortcut - # toggles between attaching and detaching) - bind C-g if-shell "[[ $(tmux display-message -p '#S') == *-lg ]]" { - detach-client - } { - display-popup -h 90% -w 90% -E "tmux new-session -A -s $(tmux display-message -p '#S')-lg ${pkgs.lazygit}/bin/lazygit" - } - '' - + lib.strings.optionalString config.programs.btop.enable '' - # Open btop in a popup - # Spins up a new session named `btop` (hitting the shortcut - # toggles between attaching and detaching) - # NOTE: This overrides the default C-t shortcut (shows time by default) - bind C-t if-shell "[[ $(tmux display-message -p '#S') == btop ]]" { - detach-client - } { - display-popup -h 90% -w 90% -E "tmux new-session -A -s btop ${pkgs.btop}/bin/btop" - } - '' - + lib.strings.optionalString config.programs.yazi.enable '' - # Open yazi in a popup - # Spins up a new session with a '-yazi' suffix (hitting the shortcut - # toggles between attaching and detaching) - bind C-y if-shell "[[ $(tmux display-message -p '#S') == *-yazi ]]" { - detach-client - } { - display-popup -h 90% -w 90% -E "tmux new-session -A -s $(tmux display-message -p '#S')-yazi ${pkgs.yazi}/bin/yazi" - } - ''; + '' + + lib.strings.optionalString config.programs.lazygit.enable '' + # Open lazygit in a popup + # Spins up a new session with a '-lg' suffix (hitting the shortcut + # toggles between attaching and detaching) + bind C-g if-shell "[[ $(tmux display-message -p '#S') == *-lg ]]" { + detach-client + } { + display-popup -h 90% -w 90% -E "tmux new-session -A -s $(tmux display-message -p '#S')-lg ${pkgs.lazygit}/bin/lazygit" + } + '' + + lib.strings.optionalString config.programs.btop.enable '' + # Open btop in a popup + # Spins up a new session named `btop` (hitting the shortcut + # toggles between attaching and detaching) + # NOTE: This overrides the default C-t shortcut (shows time by default) + bind C-t if-shell "[[ $(tmux display-message -p '#S') == btop ]]" { + detach-client + } { + display-popup -h 90% -w 90% -E "tmux new-session -A -s btop ${pkgs.btop}/bin/btop" + } + ''; }; xdg.configFile."tms/config.toml".source = (pkgs.formats.toml { }).generate "tms-config" tmsConfig; diff --git a/modules/home/programs/hyprlock/default.nix b/modules/home/programs/hyprlock/default.nix index d4abcd4..21f9ed0 100644 --- a/modules/home/programs/hyprlock/default.nix +++ b/modules/home/programs/hyprlock/default.nix @@ -21,7 +21,7 @@ in wallpaperPath = mkOption { type = types.str; - default = "hyprland/wallpaper.png"; + default = "hyprland/wallpaper.jpg"; description = '' Path to wallpaper, relative to xdg.dataHome ''; @@ -58,6 +58,11 @@ in enabled = true; module = "hyprlock"; }; + fingerprint = { + enabled = false; + ready_message = "(Scan fingerprint to unlock)"; + present_message = "Scanning fingerprint"; + }; }; background = [ diff --git a/modules/home/programs/opencode/default.nix b/modules/home/programs/opencode/default.nix index b52b59b..e043ac2 100644 --- a/modules/home/programs/opencode/default.nix +++ b/modules/home/programs/opencode/default.nix @@ -26,10 +26,6 @@ in enable = true; settings = { theme = "catppuccin"; - keybinds = { - app_exit = "ctrl+d,q"; - session_interrupt = "ctrl+c"; - }; mcp = { context7 = { type = "local"; diff --git a/modules/home/programs/rofi/default.nix b/modules/home/programs/rofi/default.nix index b456ede..9201af6 100644 --- a/modules/home/programs/rofi/default.nix +++ b/modules/home/programs/rofi/default.nix @@ -16,12 +16,11 @@ in }; config = mkIf cfg.enable { - catppuccin.rofi.enable = true; - programs.rofi = { enable = true; # TODO: How to ensure this font is installed? font = "Hack Nerd Font 10"; + catppuccin.enable = true; plugins = [ pkgs.rofi-emoji ]; extraConfig = { show-icons = true; diff --git a/modules/home/programs/yazi/default.nix b/modules/home/programs/yazi/default.nix index 4867baf..c44c998 100644 --- a/modules/home/programs/yazi/default.nix +++ b/modules/home/programs/yazi/default.nix @@ -13,10 +13,7 @@ in }; config = lib.mkIf cfg.enable { - programs.yazi = { - enable = true; - shellWrapperName = "y"; - }; + programs.yazi.enable = true; catppuccin.yazi.enable = true; }; } diff --git a/modules/home/services/hypridle/default.nix b/modules/home/services/hypridle/default.nix index 6e7dfe9..50e792d 100644 --- a/modules/home/services/hypridle/default.nix +++ b/modules/home/services/hypridle/default.nix @@ -14,18 +14,6 @@ let ; cfg = config.${namespace}.services.hypridle; - - # Script that suspends only when on battery power. - # When plugged in, uses systemd-inhibit to block suspend. - suspendScript = pkgs.writeShellScript "hypridle-suspend" '' - if [ "$(${pkgs.coreutils}/bin/cat /sys/class/power_supply/AC/online)" = "1" ]; then - # Plugged in - inhibit suspend - ${pkgs.systemd}/bin/systemd-inhibit --what=sleep --who=hypridle --why="AC power connected" --mode=block ${pkgs.coreutils}/bin/sleep infinity & - else - # On battery - suspend - ${pkgs.systemd}/bin/systemctl suspend - fi - ''; in { options.${namespace}.services.hypridle = { @@ -61,14 +49,6 @@ in Whether or not to automatically suspend ''; }; - suspendInhibitWhenPluggedIn = mkOption { - type = types.bool; - default = false; - description = '' - Whether to inhibit suspend when AC power is connected. - Useful for laptops that should only suspend on battery. - ''; - }; brightnessTimeout = mkOption { type = types.int; @@ -128,11 +108,7 @@ in # Suspend system (lib.mkIf cfg.suspendEnable { timeout = cfg.suspendTimeout; - on-timeout = - if cfg.suspendInhibitWhenPluggedIn then - "${suspendScript}" - else - "${pkgs.systemd}/bin/systemctl suspend"; + on-timeout = "systemctl suspend"; }) ]; }; diff --git a/modules/home/tools/git/default.nix b/modules/home/tools/git/default.nix index 0898fba..8c545c6 100644 --- a/modules/home/tools/git/default.nix +++ b/modules/home/tools/git/default.nix @@ -45,18 +45,6 @@ in }; }; - programs.gh = { - enable = true; - gitCredentialHelper = { - enable = true; - hosts = [ - "https://github.com" - "https://gist.github.com" - "https://github.gatech.edu" - ]; - }; - }; - programs.git = { enable = true; settings = { diff --git a/modules/home/tools/zsh/default.nix b/modules/home/tools/zsh/default.nix index 7ee6b88..db5c3a4 100644 --- a/modules/home/tools/zsh/default.nix +++ b/modules/home/tools/zsh/default.nix @@ -19,7 +19,6 @@ in config = mkIf cfg.enable { programs.zsh = { enable = true; - dotDir = "${config.xdg.configHome}/zsh"; autosuggestion.enable = true; enableCompletion = true; envExtra = '' diff --git a/modules/home/windowManagers/hyprland/default.nix b/modules/home/windowManagers/hyprland/default.nix index aba89ff..a0d96c1 100644 --- a/modules/home/windowManagers/hyprland/default.nix +++ b/modules/home/windowManagers/hyprland/default.nix @@ -24,14 +24,6 @@ let emoji_picker = "${pkgs.bemoji}/bin/bemoji -t"; terminal = "${pkgs.kitty}/bin/kitty"; - layout_toggle_script = pkgs.writeShellScriptBin "layout-toggle" '' - current_layout="$(${pkgs.hyprland}/bin/hyprctl getoption general:layout -j | ${pkgs.jq}/bin/jq -r .str)" - case "$current_layout" in - master) ${pkgs.hyprland}/bin/hyprctl -q keyword general:layout dwindle ;; - dwindle) ${pkgs.hyprland}/bin/hyprctl -q keyword general:layout master ;; - esac - ''; - generate_grim_command = target: '' exec mkdir -p ~/screenshots \ && ${pkgs.grim}/bin/grim -g "$(${pkgs.slurp}/bin/slurp)" \ @@ -45,7 +37,7 @@ in wallpaperPath = mkOption { type = types.str; - default = "hyprland/wallpaper.png"; + default = "hyprland/wallpaper.jpg"; description = '' Path to wallpaper, relative to xdg.dataHome ''; @@ -54,6 +46,7 @@ in monitor = mkOption { type = types.listOf types.str; default = [ + "eDP-1,preferred,auto,1.6" ",preferred,auto,1" ]; description = '' @@ -98,7 +91,7 @@ in apply = true; }; - xdg.dataFile.${cfg.wallpaperPath}.source = ./wallpaper.png; + xdg.dataFile.${cfg.wallpaperPath}.source = ./wallpaper.jpg; catppuccin.hyprland.enable = true; wayland.windowManager.hyprland = { @@ -122,9 +115,6 @@ in allow_tearing = false; }; - # Prevent giving focus to a window just by hovering over it. - input.follow_mouse = false; - # Decoration decoration = { rounding = 10; @@ -155,15 +145,10 @@ in preserve_split = true; }; - # Master layout - master = { - orientation = "center"; - }; - # Window rules - windowrule = [ - "suppress_event maximize, match:class .*" - "idle_inhibit fullscreen, match:class .*" + windowrulev2 = [ + "suppressevent maximize, class:.*" + "idleinhibit fullscreen, class:.*" ]; # Startup @@ -171,7 +156,7 @@ in "systemctl --user import-environment DISPLAY WAYLAND_DISPLAY XDG_CURRENT_DESKTOP" "${pkgs.swaynotificationcenter}/bin/swaync" "${pkgs.waybar}/bin/waybar" - "${pkgs.hyprpaper}/bin/hyprpaper" + "hyprpaper" ]; # Keybindings @@ -183,9 +168,6 @@ in "$mod, d, exec, ${emoji_picker}" "$mod, z, exec, hyprctl reload" - # Move workspace across monitors - "$mod, semicolon, movecurrentworkspacetomonitor, +1" - # Focus "$mod, ${left}, movefocus, l" "$mod, ${down}, movefocus, d" @@ -221,7 +203,6 @@ in "$mod SHIFT, o, movetoworkspace, 9" # Layout - "$mod, g, exec, ${layout_toggle_script}/bin/layout-toggle" "$mod, v, togglesplit" "$mod, f, fullscreen" "$mod SHIFT, f, togglefloating" @@ -262,13 +243,16 @@ in services.hyprpaper = { enable = true; settings = { - ipc = true; + ipc = "on"; splash = false; + splash_offset = 2.0; + + preload = [ + "${config.xdg.dataHome}/${cfg.wallpaperPath}" + ]; + wallpaper = [ - { - path = "${config.xdg.dataHome}/${cfg.wallpaperPath}"; - monitor = ""; - } + ",${config.xdg.dataHome}/${cfg.wallpaperPath}" ]; }; }; diff --git a/modules/home/windowManagers/hyprland/wallpaper.png b/modules/home/windowManagers/hyprland/wallpaper.png deleted file mode 100644 index f60fc73..0000000 Binary files a/modules/home/windowManagers/hyprland/wallpaper.png and /dev/null differ diff --git a/modules/home/windowManagers/sway/default.nix b/modules/home/windowManagers/sway/default.nix index 358f299..dad1f42 100644 --- a/modules/home/windowManagers/sway/default.nix +++ b/modules/home/windowManagers/sway/default.nix @@ -320,8 +320,8 @@ in "${modifier}+Left" = "exec 'playerctl previous'"; # Backlight keys - "XF86MonBrightnessDown" = "exec '${pkgs.light}/bin/light -U 5'"; - "XF86MonBrightnessUp" = "exec '${pkgs.light}/bin/light -A 5'"; + "XF86MonBrightnessDown" = "exec 'light -U 5'"; + "XF86MonBrightnessUp" = "exec 'light -A 5'"; # Navigation diff --git a/modules/nixos/nix/default.nix b/modules/nixos/nix/default.nix index 8e1c3e7..3f02e2c 100644 --- a/modules/nixos/nix/default.nix +++ b/modules/nixos/nix/default.nix @@ -13,6 +13,7 @@ let ; cfg = config.aa.nix; + selfHostedCacheHost = "https://cache.kilonull.com/"; in { options.aa.nix = { @@ -48,7 +49,7 @@ in { environment.systemPackages = with pkgs; [ nix-prefetch - nixfmt + nixfmt-rfc-style ]; nix = @@ -71,12 +72,13 @@ in if cfg.useSelfhostedCache then [ # TESTING - "https://attic.kilonull.com/nixosConfigs" + "https://minio.kilonull.com/nix-store" + selfHostedCacheHost ] else [ ]; trusted-public-keys = mkIf cfg.useSelfhostedCache [ - "nixosConfigs:mjWq+JcnAqwT20OZSsrh9od6LTNn8U3cYdaXhqhDqP0=" + "gospelCache:9cbn8Wm54BbwpPS0TXw+15wrYZBpfOJt4Fzfbfcq/pc=" ]; }; diff --git a/modules/nixos/services/adguardhome/default.nix b/modules/nixos/services/adguardhome/default.nix index 1f1f778..00c369c 100644 --- a/modules/nixos/services/adguardhome/default.nix +++ b/modules/nixos/services/adguardhome/default.nix @@ -38,15 +38,16 @@ in services.nginx = { enable = true; recommendedProxySettings = true; - virtualHosts."adguardhome.kilonull.com" = { - locations."/" = { - proxyPass = "http://127.0.0.1:3000"; + virtualHosts."adguardhome.kilonull.com" = + { + locations."/" = { + proxyPass = "http://127.0.0.1:3000"; + }; + } + // lib.optionalAttrs (cfg.acmeCertName != "") { + forceSSL = true; + useACMEHost = cfg.acmeCertName; }; - } - // lib.optionalAttrs (cfg.acmeCertName != "") { - forceSSL = true; - useACMEHost = cfg.acmeCertName; - }; }; networking.firewall = { diff --git a/modules/nixos/services/atticd/default.nix b/modules/nixos/services/atticd/default.nix deleted file mode 100644 index 1a41dd5..0000000 --- a/modules/nixos/services/atticd/default.nix +++ /dev/null @@ -1,80 +0,0 @@ -{ - config, - namespace, - lib, - ... -}: -let - attic_cfg = config.services.atticd; - cfg = config.${namespace}.services.atticd; -in -{ - options.${namespace}.services.atticd = { - enable = lib.mkEnableOption "atticd"; - acmeCertName = lib.mkOption { - type = lib.types.str; - default = ""; - description = '' - If set to a non-empty string, forces SSL with the supplied acme - certificate. - ''; - }; - }; - - config = lib.mkIf cfg.enable { - age.secrets.atticd.file = ../../../../secrets/atticd.age; - - services.atticd = { - enable = true; - # ATTIC_SERVER_TOKEN_RS256_SECRET_BASE64: The base64-encoded RSA PEM PKCS1 of the RS256 JWT secret. Generate it with openssl genrsa -traditional 4096 | base64 -w0. - # This file should have the following content: - # - # ATTIC_SERVER_TOKEN_RS256_SECRET_BASE64=secret - # - # The secret is a base64-encoded RSA PEM PKCS1 of the RS256 JWT secret. It - # can be generated with this command: - # - # openssl genrsa -traditional 4096 | base64 -w0 - environmentFile = config.age.secrets.atticd.path; - settings = { - api-endpoint = "https://attic.kilonull.com/"; - listen = "[::]:8080"; - garbage-collection.retention-period = "30d"; - database.url = "postgresql://atticd/?host=/run/postgresql"; - }; - }; - - services.postgresql = { - enable = true; - ensureDatabases = [ "atticd" ]; - ensureUsers = [ - { - name = attic_cfg.user; - ensureDBOwnership = true; - } - ]; - identMap = '' - attic attic attic - ''; - authentication = '' - local all attic peer map=attic - ''; - }; - - services.nginx = { - enable = true; - virtualHosts."attic.kilonull.com" = { - extraConfig = '' - client_max_body_size 0; - ''; - locations."/" = { - proxyPass = "http://localhost:8080"; - }; - } - // lib.optionalAttrs (cfg.acmeCertName != "") { - forceSSL = true; - useACMEHost = cfg.acmeCertName; - }; - }; - }; -} diff --git a/modules/nixos/services/forgejo/default.nix b/modules/nixos/services/forgejo/default.nix index 9c65f11..95e5c4f 100644 --- a/modules/nixos/services/forgejo/default.nix +++ b/modules/nixos/services/forgejo/default.nix @@ -36,8 +36,6 @@ in }; config = mkIf cfg.enable { - catppuccin.forgejo.enable = true; - services.forgejo = { enable = true; database = { @@ -57,23 +55,37 @@ in service.DISABLE_REGISTRATION = true; # webhook.ALLOWED_HOST_LIST = "hydra.kilonull.com"; + + ui.THEMES = '' + catppuccin-latte-rosewater,catppuccin-latte-flamingo,catppuccin-latte-pink,catppuccin-latte-mauve,catppuccin-latte-red,catppuccin-latte-maroon,catppuccin-latte-peach,catppuccin-latte-yellow,catppuccin-latte-green,catppuccin-latte-teal,catppuccin-latte-sky,catppuccin-latte-sapphire,catppuccin-latte-blue,catppuccin-latte-lavender,catppuccin-frappe-rosewater,catppuccin-frappe-flamingo,catppuccin-frappe-pink,catppuccin-frappe-mauve,catppuccin-frappe-red,catppuccin-frappe-maroon,catppuccin-frappe-peach,catppuccin-frappe-yellow,catppuccin-frappe-green,catppuccin-frappe-teal,catppuccin-frappe-sky,catppuccin-frappe-sapphire,catppuccin-frappe-blue,catppuccin-frappe-lavender,catppuccin-macchiato-rosewater,catppuccin-macchiato-flamingo,catppuccin-macchiato-pink,catppuccin-macchiato-mauve,catppuccin-macchiato-red,catppuccin-macchiato-maroon,catppuccin-macchiato-peach,catppuccin-macchiato-yellow,catppuccin-macchiato-green,catppuccin-macchiato-teal,catppuccin-macchiato-sky,catppuccin-macchiato-sapphire,catppuccin-macchiato-blue,catppuccin-macchiato-lavender,catppuccin-mocha-rosewater,catppuccin-mocha-flamingo,catppuccin-mocha-pink,catppuccin-mocha-mauve,catppuccin-mocha-red,catppuccin-mocha-maroon,catppuccin-mocha-peach,catppuccin-mocha-yellow,catppuccin-mocha-green,catppuccin-mocha-teal,catppuccin-mocha-sky,catppuccin-mocha-sapphire,catppuccin-mocha-blue,catppuccin-mocha-lavender + ''; + ui.DEFAULT_THEME = "catppuccin-mocha-green"; }; }; + systemd.tmpfiles.rules = [ + "d '${forgejo_cfg.customDir}/public' 0750 ${forgejo_cfg.user} ${forgejo_cfg.group} - -" + "z '${forgejo_cfg.customDir}/public' 0750 ${forgejo_cfg.user} ${forgejo_cfg.group} - -" + "d '${forgejo_cfg.customDir}/public/assets' 0750 ${forgejo_cfg.user} ${forgejo_cfg.group} - -" + "z '${forgejo_cfg.customDir}/public/assets' 0750 ${forgejo_cfg.user} ${forgejo_cfg.group} - -" + "L+ '${forgejo_cfg.customDir}/public/assets/css' - - - - ${pkgs.aa.catppuccin-gitea}/share/gitea-themes" + ]; + services.nginx = { enable = true; - virtualHosts."${cfg.domain}" = { - locations."/" = { - proxyPass = "http://127.0.0.1:${toString forgejo_cfg.settings.server.HTTP_PORT}"; + virtualHosts."${cfg.domain}" = + { + locations."/" = { + proxyPass = "http://127.0.0.1:${toString forgejo_cfg.settings.server.HTTP_PORT}"; + }; + locations."= /" = { + return = "301 /explore/repos"; + }; + } + // lib.optionalAttrs (cfg.acmeCertName != "") { + forceSSL = true; + useACMEHost = cfg.acmeCertName; }; - locations."= /" = { - return = "301 /explore/repos"; - }; - } - // lib.optionalAttrs (cfg.acmeCertName != "") { - forceSSL = true; - useACMEHost = cfg.acmeCertName; - }; }; }; } diff --git a/modules/nixos/services/frigate/default.nix b/modules/nixos/services/frigate/default.nix new file mode 100644 index 0000000..e3127d3 --- /dev/null +++ b/modules/nixos/services/frigate/default.nix @@ -0,0 +1,159 @@ +{ + config, + lib, + namespace, + ... +}: +let + cfg = config.${namespace}.services.frigate; +in +{ + options.${namespace}.services.frigate = { + enable = lib.mkEnableOption "Frigate NVR"; + + acmeCertName = lib.mkOption { + type = lib.types.str; + default = ""; + description = '' + If set to a non-empty string, forces SSL with the supplied acme + certificate. + ''; + }; + + hostname = lib.mkOption { + type = lib.types.str; + default = "frigate.kilonull.com"; + description = '' + The hostname for the Frigate web interface. + ''; + }; + + port = lib.mkOption { + type = lib.types.port; + default = 8971; + description = '' + The port on which Frigate's web interface will listen. + ''; + }; + + openFirewall = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + Whether to open the firewall for HTTP/HTTPS traffic. + ''; + }; + }; + + config = lib.mkIf cfg.enable { + age.secrets.frigate_mqtt = { + file = ../../../../secrets/frigate_env.age; + }; + age.secrets.frigate_env = { + file = ../../../../secrets/frigate_env.age; + owner = "frigate"; + }; + + systemd.services.frigate.serviceConfig = { + EnvironmentFile = config.age.secrets.frigate_env.path; + }; + services.frigate.preCheckConfig = '' + export FRIGATE_MQTT_PASSWORD="dummy value" + export FRIGATE_VIDEO_DOORBELL_USERNAME="dummy value" + export FRIGATE_VIDEO_DOORBELL_PASSWORD="dummy value" + ''; + + services.go2rtc = { + enable = true; + settings = { + webrtc.candidates = [ + "192.168.113.69:8555" + # "gospel:8555" + ]; + streams = { + video_doorbell = [ + "ffmpeg:http://192.168.113.91/flv?port=1935&app=bcs&stream=channel0_main.bcs&user=admin&password=nUmPFE3*dDOVJ$O1#video=copy#audio=copy#audio=opus" + "rtsp://admin:nUmPFE3*dDOVJ$O1@192.168.113.91/Preview_01_sub" + ]; + video_doorbell_sub = [ + "ffmpeg:http://192.168.113.91/flv?port=1935&app=bcs&stream=channel0_ext.bcs&user=admin&password=nUmPFE3*dDOVJ$O1" + "rtsp://admin:nUmPFE3*dDOVJ$O1@192.168.113.91/Preview_01_sub" + ]; + }; + }; + }; + + services.frigate = { + enable = true; + hostname = cfg.hostname; + settings = { + # Basic Frigate configuration + mqtt = { + enabled = true; + host = "192.168.113.42"; + port = 1883; + user = "frigate"; + password = "{FRIGATE_MQTT_PASSWORD}"; + }; + + # TLS terminated at reverse proxy (nginx) + tls.enabled = false; + + # go2rtc.streams = { + # video_doorbell = [ + # "ffmpeg:http://192.168.113.91/flv?port=1935&app=bcs&stream=channel0_main.bcs&user={FRIGATE_VIDEO_DOORBELL_USERNAME}&password={FRIGATE_VIDEO_DOORBELL_PASSWORD}#video=copy#audio=copy#audio=opus" + # "rtsp://{FRIGATE_VIDEO_DOORBELL_USERNAME}:{FRIGATE_VIDEO_DOORBELL_PASSWORD}@192.168.113.91/Preview_01_sub" + # ]; + # video_doorbell_sub = [ + # "ffmpeg:http://192.168.113.91/flv?port=1935&app=bcs&stream=channel0_ext.bcs&user={FRIGATE_VIDEO_DOORBELL_USERNAME}&password={FRIGATE_VIDEO_DOORBELL_PASSWORD}" + # "rtsp://{FRIGATE_VIDEO_DOORBELL_USERNAME}:{FRIGATE_VIDEO_DOORBELL_PASSWORD}@192.168.113.91/Preview_01_sub" + # ]; + # }; + go2rtc.webrtc.candidates = [ + "192.168.113.69:8555" + # "gospel:8555" + ]; + + cameras = { + video_doorbell.ffmpeg.inputs = [ + { + + path = "rtsp://127.0.0.1:8554/video_doorbell"; + input_args = "preset-rtsp-restream"; + roles = [ "record" ]; + } + + { + path = "rtsp://127.0.0.1:8554/video_doorbell_sub"; + input_args = "preset-rtsp-restream"; + roles = [ "detect" ]; + } + ]; + }; + }; + }; + + services.nginx = { + enable = true; + virtualHosts.${cfg.hostname} = { + locations."/ws" = { + proxyWebsockets = true; + }; + } + // lib.optionalAttrs (cfg.acmeCertName != "") { + forceSSL = true; + useACMEHost = cfg.acmeCertName; + }; + }; + + networking.firewall = lib.mkIf cfg.openFirewall { + allowedTCPPorts = [ + 80 + 443 + 1984 + 8555 + 8554 + ]; + }; + }; +} diff --git a/modules/nixos/services/grafana/default.nix b/modules/nixos/services/grafana/default.nix index 1841cd7..1a83bc2 100644 --- a/modules/nixos/services/grafana/default.nix +++ b/modules/nixos/services/grafana/default.nix @@ -113,17 +113,18 @@ in services.nginx = { enable = true; - virtualHosts."${server_settings.domain}" = { - locations."/" = { - proxyPass = "http://${server_settings.http_addr}:${toString server_settings.http_port}"; - proxyWebsockets = true; - recommendedProxySettings = true; + virtualHosts."${server_settings.domain}" = + { + locations."/" = { + proxyPass = "http://${server_settings.http_addr}:${toString server_settings.http_port}"; + proxyWebsockets = true; + recommendedProxySettings = true; + }; + } + // lib.optionalAttrs (cfg.acmeCertName != "") { + forceSSL = true; + useACMEHost = cfg.acmeCertName; }; - } - // lib.optionalAttrs (cfg.acmeCertName != "") { - forceSSL = true; - useACMEHost = cfg.acmeCertName; - }; }; networking.firewall = { diff --git a/modules/nixos/services/hydra/default.nix b/modules/nixos/services/hydra/default.nix index be4435f..9190b83 100644 --- a/modules/nixos/services/hydra/default.nix +++ b/modules/nixos/services/hydra/default.nix @@ -2,20 +2,10 @@ config, lib, namespace, - inputs, - pkgs, ... }: let cfg = config.${namespace}.services.hydra; - - pkgs-stable = import inputs.nixpkgs-stable { - inherit (pkgs) system; - config = { - allowUnfree = true; - permittedInsecurePackages = pkgs.config.permittedInsecurePackages or [ ]; - }; - }; in { options.${namespace}.services.hydra = with lib; { @@ -82,7 +72,6 @@ in services.hydra = { enable = true; - package = pkgs-stable.hydra; # Use older Hydra version from nixpkgs stable hydraURL = "https://${cfg.hostname}"; notificationSender = "hydra@localhost"; buildMachinesFiles = [ ]; @@ -99,15 +88,16 @@ in services.nginx = { enable = true; recommendedProxySettings = true; - virtualHosts."hydra.kilonull.com" = { - locations."/" = { - proxyPass = "http://127.0.0.1:${toString config.services.hydra.port}"; + virtualHosts."hydra.kilonull.com" = + { + locations."/" = { + proxyPass = "http://127.0.0.1:${toString config.services.hydra.port}"; + }; + } + // lib.optionalAttrs (cfg.acmeCertName != "") { + forceSSL = true; + useACMEHost = cfg.acmeCertName; }; - } - // lib.optionalAttrs (cfg.acmeCertName != "") { - forceSSL = true; - useACMEHost = cfg.acmeCertName; - }; }; nix.settings = { diff --git a/modules/nixos/services/minio/default.nix b/modules/nixos/services/minio/default.nix index a998f4b..074396c 100644 --- a/modules/nixos/services/minio/default.nix +++ b/modules/nixos/services/minio/default.nix @@ -33,62 +33,63 @@ in services.nginx = { enable = true; virtualHosts = { - "minio.kilonull.com" = { - extraConfig = '' - # Allow special characters in headers - ignore_invalid_headers off; - # Allow any size file to be uploaded. - # Set to a value such as 1000m; to restrict file size to a specific value - client_max_body_size 0; - # Disable buffering - proxy_buffering off; - proxy_request_buffering off; - ''; + "minio.kilonull.com" = + { + extraConfig = '' + # Allow special characters in headers + ignore_invalid_headers off; + # Allow any size file to be uploaded. + # Set to a value such as 1000m; to restrict file size to a specific value + client_max_body_size 0; + # Disable buffering + proxy_buffering off; + proxy_request_buffering off; + ''; - locations."/".extraConfig = '' - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; + locations."/".extraConfig = '' + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; - proxy_connect_timeout 300; - # Default is HTTP/1, keepalive is only enabled in HTTP/1.1 - proxy_http_version 1.1; - proxy_set_header Connection ""; - chunked_transfer_encoding off; + proxy_connect_timeout 300; + # Default is HTTP/1, keepalive is only enabled in HTTP/1.1 + proxy_http_version 1.1; + proxy_set_header Connection ""; + chunked_transfer_encoding off; - proxy_pass http://localhost:9000; - ''; - locations."/ui".extraConfig = '' - rewrite ^/ui/(.*) /$1 break; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-NginX-Proxy true; + proxy_pass http://localhost:9000; + ''; + locations."/ui".extraConfig = '' + rewrite ^/ui/(.*) /$1 break; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-NginX-Proxy true; - # This is necessary to pass the correct IP to be hashed - real_ip_header X-Real-IP; + # This is necessary to pass the correct IP to be hashed + real_ip_header X-Real-IP; - proxy_connect_timeout 300; + proxy_connect_timeout 300; - # To support websockets in MinIO versions released after January 2023 - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - # Some environments may encounter CORS errors (Kubernetes + Nginx Ingress) - # Uncomment the following line to set the Origin request to an empty string - proxy_set_header Origin ""; + # To support websockets in MinIO versions released after January 2023 + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + # Some environments may encounter CORS errors (Kubernetes + Nginx Ingress) + # Uncomment the following line to set the Origin request to an empty string + proxy_set_header Origin ""; - chunked_transfer_encoding off; + chunked_transfer_encoding off; - proxy_pass http://localhost:9001; - ''; - } - // lib.optionalAttrs (cfg.acmeCertName != "") { - forceSSL = true; - useACMEHost = cfg.acmeCertName; - }; + proxy_pass http://localhost:9001; + ''; + } + // lib.optionalAttrs (cfg.acmeCertName != "") { + forceSSL = true; + useACMEHost = cfg.acmeCertName; + }; }; }; }; diff --git a/modules/nixos/services/mosquitto/default.nix b/modules/nixos/services/mosquitto/default.nix index ef95b2b..6f43548 100644 --- a/modules/nixos/services/mosquitto/default.nix +++ b/modules/nixos/services/mosquitto/default.nix @@ -15,6 +15,7 @@ in hass_mqtt.file = ../../../../secrets/hass_mqtt.age; teslamate_mqtt.file = ../../../../secrets/teslamate_mqtt.age; zigbee2mqtt_mqtt.file = ../../../../secrets/zigbee2mqtt_mqtt.age; + frigate_mqtt.file = ../../../../secrets/frigate_mqtt.age; }; services.mosquitto = { @@ -43,6 +44,10 @@ in ]; passwordFile = config.age.secrets.zigbee2mqtt_mqtt.path; }; + frigate = { + acl = [ "readwrite frigate/#" ]; + passwordFile = config.age.secrets.frigate_mqtt.path; + }; }; } ]; diff --git a/modules/nixos/services/nix-serve/default.nix b/modules/nixos/services/nix-serve/default.nix index 3e3b61d..80f0dce 100644 --- a/modules/nixos/services/nix-serve/default.nix +++ b/modules/nixos/services/nix-serve/default.nix @@ -45,19 +45,20 @@ in nginx = { enable = true; - virtualHosts."${cfg.subdomain_name}.${cfg.domain_name}" = { - serverAliases = [ "${cfg.subdomain_name}" ]; - locations."/".extraConfig = '' - proxy_pass http://localhost:${toString config.services.nix-serve.port}; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - ''; - } - // lib.optionalAttrs (cfg.acmeCertName != "") { - forceSSL = true; - useACMEHost = cfg.acmeCertName; - }; + virtualHosts."${cfg.subdomain_name}.${cfg.domain_name}" = + { + serverAliases = [ "${cfg.subdomain_name}" ]; + locations."/".extraConfig = '' + proxy_pass http://localhost:${toString config.services.nix-serve.port}; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + ''; + } + // lib.optionalAttrs (cfg.acmeCertName != "") { + forceSSL = true; + useACMEHost = cfg.acmeCertName; + }; }; }; diff --git a/modules/nixos/services/octoprint/default.nix b/modules/nixos/services/octoprint/default.nix index 451cfd9..35cde36 100644 --- a/modules/nixos/services/octoprint/default.nix +++ b/modules/nixos/services/octoprint/default.nix @@ -25,19 +25,20 @@ in services.nginx = { enable = true; recommendedProxySettings = true; - virtualHosts."octoprint.kilonull.com" = { - locations."/" = { - proxyPass = "http://127.0.0.1:${toString config.services.octoprint.port}"; - proxyWebsockets = true; - extraConfig = '' - client_max_body_size 512m; - ''; + virtualHosts."octoprint.kilonull.com" = + { + locations."/" = { + proxyPass = "http://127.0.0.1:${toString config.services.octoprint.port}"; + proxyWebsockets = true; + extraConfig = '' + client_max_body_size 512m; + ''; + }; + } + // lib.optionalAttrs (cfg.acmeCertName != "") { + forceSSL = true; + useACMEHost = cfg.acmeCertName; }; - } - // lib.optionalAttrs (cfg.acmeCertName != "") { - forceSSL = true; - useACMEHost = cfg.acmeCertName; - }; }; networking.firewall.allowedTCPPorts = [ diff --git a/modules/nixos/services/sunshine/default.nix b/modules/nixos/services/sunshine/default.nix index db6afc4..3d73849 100644 --- a/modules/nixos/services/sunshine/default.nix +++ b/modules/nixos/services/sunshine/default.nix @@ -30,22 +30,23 @@ in services.nginx = { enable = true; - virtualHosts."sunshine.kilonull.com" = { - locations."/" = { - recommendedProxySettings = true; - # NOTE: Sunshine is a little weird since it requires multiple - # ports. You configure it with a base port and the web UI +1 from - # the base port. - proxyPass = "https://127.0.0.1:${toString (config.services.sunshine.settings.port + 1)}"; - extraConfig = '' - proxy_ssl_verify off; - ''; + virtualHosts."sunshine.kilonull.com" = + { + locations."/" = { + recommendedProxySettings = true; + # NOTE: Sunshine is a little weird since it requires multiple + # ports. You configure it with a base port and the web UI +1 from + # the base port. + proxyPass = "https://127.0.0.1:${toString (config.services.sunshine.settings.port + 1)}"; + extraConfig = '' + proxy_ssl_verify off; + ''; + }; + } + // lib.optionalAttrs (cfg.acmeCertName != "") { + forceSSL = true; + useACMEHost = cfg.acmeCertName; }; - } - // lib.optionalAttrs (cfg.acmeCertName != "") { - forceSSL = true; - useACMEHost = cfg.acmeCertName; - }; }; }; } diff --git a/modules/nixos/services/teslamate/default.nix b/modules/nixos/services/teslamate/default.nix index cb0c188..4c35ff4 100644 --- a/modules/nixos/services/teslamate/default.nix +++ b/modules/nixos/services/teslamate/default.nix @@ -147,18 +147,19 @@ in services.nginx = { enable = true; - virtualHosts."teslamate.kilonull.com" = { - locations."/" = { - recommendedProxySettings = true; - proxyWebsockets = true; - # TODO: Make port configurable. - proxyPass = "http://127.0.0.1:4000"; + virtualHosts."teslamate.kilonull.com" = + { + locations."/" = { + recommendedProxySettings = true; + proxyWebsockets = true; + # TODO: Make port configurable. + proxyPass = "http://127.0.0.1:4000"; + }; + } + // lib.optionalAttrs (cfg.acmeCertName != "") { + forceSSL = true; + useACMEHost = cfg.acmeCertName; }; - } - // lib.optionalAttrs (cfg.acmeCertName != "") { - forceSSL = true; - useACMEHost = cfg.acmeCertName; - }; }; networking.firewall.allowedTCPPorts = [ 4000 ]; diff --git a/modules/nixos/suites/utils/default.nix b/modules/nixos/suites/utils/default.nix index 82ac1f9..5ceb85d 100644 --- a/modules/nixos/suites/utils/default.nix +++ b/modules/nixos/suites/utils/default.nix @@ -31,7 +31,7 @@ in jq killall lsof - nixfmt + nixfmt-rfc-style pre-commit progress python3 diff --git a/modules/nixos/user/default.nix b/modules/nixos/user/default.nix index 7810ec5..67bea25 100644 --- a/modules/nixos/user/default.nix +++ b/modules/nixos/user/default.nix @@ -58,7 +58,6 @@ in shell = pkgs.zsh; extraGroups = [ "wheel" ] ++ cfg.extraGroups; - } - // cfg.extraOptions; + } // cfg.extraOptions; }; } diff --git a/packages/catppuccin-gitea/default.nix b/packages/catppuccin-gitea/default.nix new file mode 100644 index 0000000..b51d99e --- /dev/null +++ b/packages/catppuccin-gitea/default.nix @@ -0,0 +1,26 @@ +{ + stdenv, + fetchurl, + ... +}: +stdenv.mkDerivation { + pname = "catppuccin-gitea"; + version = "0.4.1"; + + src = fetchurl { + url = "https://github.com/catppuccin/gitea/releases/download/v0.4.1/catppuccin-gitea.tar.gz"; + hash = "sha256-/P4fLvswitlfeaKaUykrEKvjbNpw5Q/nzGQ/GZaLyUI="; + }; + + dontBuild = true; + + unpackPhase = '' + mkdir themes + tar xf "$src" --mode=+w --warning=no-timestamp -C themes + ''; + + installPhase = '' + mkdir -p "$out/share/gitea-themes" + cp -r themes/*.css "$out/share/gitea-themes/" + ''; +} diff --git a/secrets/atticd.age b/secrets/atticd.age deleted file mode 100644 index f1564fd..0000000 --- a/secrets/atticd.age +++ /dev/null @@ -1,104 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHpCTERaZyBUdktL -MDQvOGtBaUIrOFhxdG5iN202aW5PakcyYjZDQXliblhiWUVWTUJZCnR3bjlkcVQr -cEVONURSRkJrZXNLSHhEdDBWeXIwUitwVGJMdVBoS0I5ZXcKLT4gc3NoLWVkMjU1 -MTkgUFpLZk9RIHZBem93VTE5aXBYNTRxaVJUREw3cXo5MzVGOHdIVmhrSDR5OHVo -U2dSbk0KRURNSEZ5TXlzU09TNDNLRTJWMXFDSkpTeVMzbTJsdWxGVDc0TTBGOVBi -awotPiBwaXYtcDI1NiBVSUVHemcgQXFOOVg0NkxiZjdmdkR4UmNwUDhnZTRZbTFs -V0IyWXRNQ1Q5QTJRa0NweFIKR3ZUdDdsUHlHcjBhMlBZam4wMTVFZUxzdVRZVVpx -ejR1OHhLMEVIUUlXQQotPiB2SChHM2xELWdyZWFzZSB9WiB2SDldIEo+YUkvNiBb -PFYKZlIyWGpwQVNOT3lucmRCTTdjWUgrcVYvOGZJCi0tLSBwUEJ6M25wOVVoSENF -a2oycWNZTlJQangvckI4THJ6eDNEYjhpSVQzVzlvCn/cvSXYNYJT+NkjOLx8mPnh -FpPT8TwBTcHS5IRvzRlQsVTBHUCjjeWCwTh+GtesiAsFjvIMa5B0Krx0JDKlnRty -UDCDtkX5PVb59Azg08qln06tn6TtvqnG/BHm4qRLDtSJouJYiLJeYgwi97Ms9BqX -+LoPIKfJjnJ2+dymWWLMAD9iZQSzg7W+m1mWMN7ARjwAPeUfWhwuMmkmYE4RB+Wu -wpahkSIyx9+UCDCynUIw3PiTLahY6ltUPUf0ByIPqUjeid6JaND2nwBzWuhZq3Oq -vwNVY8HcRHHD4HLnDIYccV92Xm7BnYJfBxK4MQV36X8RJ90I6t15+hsm+nHJX3WI -0mYn2po6n2wYs2MXyFBWk0xkovkJJk0O7uGcGJcwe94roy8FD7hQT8h3hTUNYh3y -PRoO3ih42Ffsw2fL2+UNaKqFEqVxrTy313PK8SbONhquuVmSzBFOzSo2bA7cyA02 -ssJl+xV53xKBg34JxYMCjeaKGfV27eAe/+OzIBP8Ze4nK+y0hXDDvnpUNmn0qZDx -iDkCM/+Bw9AlvWOsIVRoSSzngWUaBkiJndVgB2G2TidgUu6NmsdSYTzZLm31rdgB -uosw/HLp6fmCeOi9DLdphuu2rPSBQcmhuuDgPXta+5STRkMN/oXrNWOm7Os7Imay -iitbqCRjSGE6JnzWl2aS3ZiuymEe3+lc+xCs/EYnq/2zA2G+FJFq8s2L686RBD4L -wSTB2u+G5phPP31PPRogr1fLDatDgcBSyn2qs8aquW53IZlFvtzusKmVU2B23aCa -iX+DnAukcYrR7N/3eQYbPcf7MNgogi6UYuSpTeQW3/lu3OKW+qgkhEQNom9M0vy2 -SRi7E0je0RlrbpOFqOplla2VOe8VSP2SYydO023vt3SuDRLwAHKQNlBIsb0KTGLg -qhYHYMBlEu6bppWPeUNrmHUrqZcMySJvpQW1i+OyWe7tDEIESetiGe6C6Cq9vR7h -t7G6JPbWGZmG/gO5BTK/mgwLfn/AAEGpeGVU26tscdmTBRiFYf/7cc3394vTbpes -Eol6cP7pukp1d1kp5gNlZrEZ6DL4BdSs1kaVJhTLYPNyJz+JUK1SEc9y33VhkeTO -6smXk3OnBaKqBuF0d6Bt34IuxMuaZDeL6229rtRjY9wKyK/U+R6cWzL51prsv3gk -afS/HVbul02DvwixBlOFVfOY97DiIK62lp41ImxIyy1ToGYs/446MlQAaw9Tm6lD -6RloTCMS4qeLmAvO+hQzdX82pJWvTQajhtkMxi4KHlyxREbzIGniFqFmyQFaJnCC -UAYyliMPkgsN5y+5gGdI46lN3/pp8jIbr59VnVPQVM1hpCbRwglDP+Bu4G95jlmI -Iv0Izjk88tKJ8qmKFgvvWZRp7L0X4/CJTCwub/+gSQ0IxmRD4d8wDfMbtad8vbl6 -t8h2C7CyZXR/ZpKuV5vVDtK++w/mJvi4MTgYY6B11AM0C25qVNV4AIYKnSKqn5mK -zkGEiSvnjAvxmLCMAm/diNG+l4R7HS0LA4oGemEWq2ts6EuDi+Tbyy2oMNFHtkTj -aIRi64S36Q8TRDUsGAzfXeySIdWl1gglmuJJKbFglo60bjX22jTSUJhDgncUX7ae -DyUqb1cXYnvWyiwQH8EsIZo59SaZYhAfyVN44uvqGxuN+NV6gVmb/MzVVycqWPFU -VDXwfzgQBJaVO0SNFumNANnGYY4Nf7yK5w/TmsrwDMWeUbrHqIXAHtYGX+1UEFKe -4zx1dTeO8hbexf/uEhAgbFos4QEMJ2WhwtAvzT1VITbdVNus6zM/RC6OV4TTigMA -RpZfXiw3L3FMxB7PObOeLJ7UVZSMzOMMRt6apzYOScrwV1WqBvryzE/rxZCHkpDw -yxRgghD/UnpvwhdY4GQ2BhPUCqD/YYqShLNoFGbAzylaR1BMWUPsawb3KPlaN2/x -y3+9RcztzwjgDvxk4XVLQhLunBD6HnKwpFyCGDW97DkG85knmv48J7Mw+uY2pfte -hCc3/oLwNxFFyjW7S3F+w4cBlLRxwtvIq1TfZ14q/dgUcgFqIDSUCEOy3NoBzxDc -k9eoYTPYXStDFRkNsEwCYqBtqDeUFO8GefMOeE/xC9O2SHjw746BaYz2crDZHqo6 -UewVQrNKk2ofrNliv7qPB410XxdKJ9lwn54sAIzbfplTVjd+vnixRs93ISZYrglP -+8iQB8v1JVuBXNQV8/F3RXBQFZrZ4frtLO6usT/mOxUyhOltJLrH/rcyshKIuxGY -ATf2SmT5g4ejXhI0fauTHc6yJ4h7XhKgpDysPDxTxOORPzv0H14IDcLitpgsCLh8 -EtGNfMNc/iNrjDj0ydZ3pgURpXHYPFlliTesMK+pA26LQahG+x4UwF0IIxNUUdL2 -xWgrGuif1nqknd4/p1STtaASHNt8I95eDR49aHlozK3D+Yh179+RNHoMJsy58LaU -Nq7Cx6iimp3LJRsVMqH8khNH3DsVPhHbJFBUeEt0HYzCh4KAe0qJLrLa8Oc975N6 -CzyworGfParm+/edX3JtEenLdzSjdy4xMnySoKVKJpjfjYDo6GGQ1qGnucCWrd3m -zvqm60kbnWRnSFGVA6oLBvUcKmTOaK+FjCICCuodD9UwvQZuDoxDsRBa8AzBPu4m -vka4If1uYZUAtefUG2oQASBV9atFpEbQ+sbvI65bBTALMmZzBcF6MW6P6TxZSQkw -bd1ELgwN1hYQhTFpPwQKMwPfGhYitW2gIeE+cXp0Wi4fKk8Wg2pF3pHftOhUSAg5 -2qbeF8ovlv3APZbTPdlZVuqg993zRgetutoDxvdSCBBp1mvuURUp/Vr2ZijRDZFs -NnbwcTUCLEPZ/gSgw17XE+ZyYo5L9OJrX6zmRxL88Kxz7dqyN3Yq4WMIdHDDRxFZ -BEYjGXuekehf3cRtkHytkbEM2m6ACdvHBAsvCpl8Lj2mmMcYy4A88oLUatAgNIzd -4hb1chaCNePuKRwP7rW7PDJ/8ieiUfG8OiL/blUfVJnDBuHX5PWvYeAiZN4rLm/2 -s1fenVnjzPewVO8flDu8q5/J8msbF+FnSoxqwRE+Uu6Zny5XWSp0ltbKIr1/4Qcw -mqUu076h5n9abj8P6RYAqn1sZabvXWrkNSA2OqYgnhFT7NYAXZtw1AMxWohOJ8Wq -q+pjqj9Ci8FBBlwzMLxLuBefmD0Nn4CLWLDTIW7Ee0aDxY50ruM4eF3173jik1LB -/6wIalfA+M7W4BTGYZk+RkmXHH7CS4mWOepkCmLxdJnltyJBKAPEbjd49OVIwV7R -Pwp+HkwaKoZxZMhV9sqfLfXBXG1zIDdngp+JgPzdkK38rqiGz2niijqcg3NObOFV -hPduSyoGbY/hARSwrQwa1QX1YYpv28kjnSzVmsACs5h03xCBQgJIgfPnV1Kv8I5S -vTLYwNa57hw4f6Td2WljZuwuoAy6ee3her9ArXDr68m02KBjo0GB/gRtPH/ekqbJ -bpRHNblAXCyfSzIHNZE4Md4iHtZk5/TAqj1AjVnXVrSAwkgMRLLeC+NAcg6N+Vfd -oLLWeHOBs/kS0bQd+Uo3hkrS6gkFyqbKoC9B1Hh0TA809Ut/gyyAg01mjstWHsfN -sALvcA9eETOzSw/WoFPxOmpfwuDXBybg/8yXpw3mgNCNDlTZG7M1ZfwStOlZRU58 -gwMeHKh+/oc8VjZWh93F2Xy7paTva7pXpHn84n7nN81jFbPsIhC+GWq0O3hHQaha -+9OgxsThOPcor9mE+HLIk3eL+v89DmS33Cubim1YPxVxFmX8w4VxXaHrU4TC3/iy -uVhNfoysjX92w503UhUp0pZaOQHuqihpePbEnQMpHr7UEtYq5WXTq+8wQj6xuakY -FOShK8yvK9RQUTYA5mIoWGRc8z10YTJHagOrQIzp7/WDQHkNIdlMaOnJ7NIq2w19 -vily7S+EcGdf3rPr+H6rE8sq++9ziNQsdnuz4BCcopybdyRdQ08qd1Ok1j1/Hdqj -aDOLk54Ue1FzQPQh3rcFxWCEk5uRSePHdJI0WNGm+5ji4ME3hv8lWYR0B+PrSD8f -AmnYRWVzPwzXSDGr9YtiNVezPN9PCSedKBgfhOP0qkxk5lSeFQMpHM+Glmi6SXFw -i720L3QpLGjQSqD66P1EKErWCVnIBV4nr7dRxKzPMRMdEKZ5MV/c0VGqewrH3q1P -rs41OFplzz4pMOUngFglayItcmD9FqQab4bGImK7/4ft3W0nZIUmYEPQyoGfNvh+ -qKSO3dBM2wsw8LFMeLzHAoBT+2YfSv6FBRCeFdBQH3ABRqXFcGOgj/oaQp6Qb84r -v2kCi9BodXD0SWpkMadtW0XWYRkhI90xTsgDTuFdta6QpxjQMt+9Hrcm0Lu+tUG8 -slCQND3+Inq8bfRiEEdKTgTbagzD/SiUOxWeTh2qolIXjaJa1OKf7HSXdFYUH32n -hSwhPcFnYSdE3q8MaYZD915SjqhlirvVhSSsfz66ME62EotDPNLePplCaVs1wjpI -6hTUoWJqEvuPN6oz80RurQAeKT+LC1iGRkfIK43RmZ+wk5VhsRUiu/fP2nhqAZmf -GhmnzOCDt9x1g9STyTXDDLH/wDQqKSFTGbZpbatIo4oA1XkxH3F6BcYSf1ynQ/5J -Fe+jPD9B/3Q+tdEspXw88MReVEu9kC72gop6psE7i4pQgCIpWnQetEhMSKYY1bOW -WDR6H0oMYXiNmWRZ193je0S+xM00I+IBO6c6hg5dqyOxl+D0hztKpAOqxM8lohmV -IH8RmJpAEr6Q4T4s6W0zxFEokL319wlKsTDCvAsEC2RiZREecZhKdOdX0M9yvtq+ -RABjcB4kdx3XF02cEcdrO9auRCXXMNFe7bgBgO0bKU1dwRXZ3EtiVx7/gxhzZ9lH -NXstrAvZeDGPFk41uj5gaprJqtoQ92fonycFBpbdV7/uUN6cysyjQRN+FLboNjPa -CvtbK5KTWTMQM1nZlHUa7kkke38GtLjKeZaPPuvPw2eSFBTg3gFvK0wd22uoBSHE -mUy6mrHJiJ9UVvP+5EWcuFTURes/xv6WZYjPwbAVwGh+aj1t5qMtCZaA0j7yvi8C -dwUQDUtqRWuwdmGouZG5ooAs8F82FsX8Sl69SFdwIrwoi/zOSj2XgHLKbu/T9Iiv -Hr387XDxWYL3k2iaopRIEGSgurOAEalcvee173I6/Nw5NuA2ICB6wpBdKKgbxUhz -dyueYz9DIGGr53iHPbBJlOcxGAFRQLQ07tA7BqtZwHpnGNoF32b114einU7ncgSr -efTa9CEHRk5Uc02xJa1ZZK4XmFC+b6QKu1DBloPeXE1ohSry8JxO92wwBrAelGbj -6wp1Thva/ql+HVnZUOwPS6GrDYltUXNt5DqJP3mEOsuf4b6Lji/1fsmFApX/pRvA -tB/F22KMkTPVkH1WDSd15C+WAX/CkB+Gn27s5YLY99LFeRHoc4ICDUwnslZilFsz -mP34qb6l5oB6QoHoNmO6Ypkr10FQUS4b+p4BHKSXMDJR0n055p5qqiyprq/nDy8w -T7IApT76h6xkpLIJjklUHliWGlku5SjTLQaQRNAoZjFfCNDH0P7zrngcs2R9QY46 -oQC1uI3bdEftMGsZ3Djx8M56Z2RUbAgOuYgBdFYUv1BwJZs22/6ePs1JgdikENNt -vCmlSl9URoUbFcghNKC5J8Niksd8Zn9ozf2xXgpcOsRuElvUO23opv+Hvur+ft5/ -FV4WYj26jOeAagF1Cj6se59MX3VqerTywEC+bKzQeol7wBGiZGRM+errNF0eMf6W -4x8szh1liYv95p/4dTqSt70bctr+yZi2RjFnBYR+NdIaBgmkSHPBzWpyffUcXAnB -6Dx29T5rSMwR8GXX3w== ------END AGE ENCRYPTED FILE----- diff --git a/secrets/cf_dns_kilonull.age b/secrets/cf_dns_kilonull.age index d059d98..2ac51fa 100644 --- a/secrets/cf_dns_kilonull.age +++ b/secrets/cf_dns_kilonull.age @@ -1,21 +1,21 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFlrN2VoZyA3bWYy -TlUyVkx3M3NhMkxvbFZQYlo5RXhhNEQvVzFpSE0raUJ0ZGw4QTI0CkFQNVRod3FY -RUJFaDBOWW9VdE83blF1WWhwa3pvRFJweDZoaGRqcWpLOTQKLT4gc3NoLWVkMjU1 -MTkgekJMRFpnICtib0xyY2drRGtEREREQ3ZEYStkWm8vODQrdmZzdEpwTkcxR0hp -dXdnbmcKa29CSGNYWmVFR2lTWGNYM2dpTkJQc014R0hjc2NKMkIwYm9xYyt3MjRx -MAotPiBzc2gtZWQyNTUxOSB0NVhJR0EgSHFCS21pdklRM0srSkJRQnJhMndJL0ps -Sk1DK3YrQ1ZMQlNyZ2Y4VW9CMApYektxOFVYVWxxRjcwa0hwSFRwdkZLZWVRL2Jr -MnJZem9nanc4K1JVVWQ4Ci0+IHNzaC1lZDI1NTE5IDVGU2UwQSA1ZGpPcUZhL0lI -eHNzVE9jL3g1cFptSXMyMkFNWlFycnJmNzJ4RzQ5QUVNCk40Q3FSVlc4RWwxOHl2 -bWliQ0YwMlViM3R4QXh2a2E0U0oyKy93OUhlTlUKLT4gcGl2LXAyNTYgVUlFR3pn -IEF4NUZGRW5rT3N2T1VZTkNXcGQxOGYwVFpBcGFXcTVzdmRtMUlHUDZsTWZMCjlh -V1BiSE5yZjF4Zlh4bndXbENLanQxZVBOYjZmSUhPeEtLd3pub3FZcG8KLT4gcSpv -Z1IhLWdyZWFzZSBrLitaCk1zbmVIdC9IT2MveG9IaTRIV0dPMCtCMVdLN1RYOXRE -eGZ2R2pwRGJKL2RLRDJXK2x0TWpXSERUSWtoWnJ4alAKSWM5NllFcXRYdHhNCi0t -LSBNc05sd2VrSFVGUE5rRHpyODhQSkZzNUFvanZUQTJoQUxsVlV4TkNTZEdrChyk -5LZcitWFp6uxHbKTllvmSSxlbmQXJN2aSrd3AsulUx6QzIV7SiHx2mO/sd2mU7ME -bMpkCUpQhr4AM7Uljak2fG8t/hQln2NavYOVn6r92fgsgcYKaXP/229t6u4dwbo5 -2kr4iBsYS/ckqJt1VQPKfeJ6d8hiGG/MmQb1KOJKZccvtntQxf/WMC+qcn1BLlyq -ZWbKTdksNBz4Dq+K1b52H2HYIw== +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFlrN2VoZyB5NHdX +MUdMV2ZnSjRKMHgzUUxycnlTRDE1TjloTHhTNlNnZ0FPVDl3SVZRCkI3K0I1TDN6 +Z1l5YW5PUGV4VDFRRGJjeXA3L0JWV1Z3a293ak03R25oaTgKLT4gc3NoLWVkMjU1 +MTkgekJMRFpnIFNxa0NHK0tQV1R0a3luQmk1NGg0MWNFQ3R2bitNVms0RXdXeThG +eGFtRlEKOFlncVZDQ0Y2YStyUTd3TFVoSWNKYnlyZ2E3M09Vak5scG1xdGdZWG5O +bwotPiBzc2gtZWQyNTUxOSB0NVhJR0EgOFo2Q0VOQVBJbEk1Vm5NTUpTcmFNSzc4 +dWkvZVdZMTUrcWE3Tkc5eEhCRQphcm1NVFY0LzNNM1ZhcWE3RFhLbTl3aDIydmVW +Tzc5SVVhU1pmMXo5RWhjCi0+IHNzaC1lZDI1NTE5IDVGU2UwQSBHL0Zvc3dPRmZu +WnNuMGxqRTIrUnA2TVlUL1FBRGJUTE5HaURqemgxVXcwCkhVVmNRMk9URlB0aFND +cHFYOHE5NzBCSnRFRmFnT293MmpWZGFZV0dJWncKLT4gcGl2LXAyNTYgVUlFR3pn +IEFuMHdwditJSUFsUmFhaTdsZzNmMVNyaE5lLzMxK2daaCt4U2g2QUdTQXVjCitW +OUs4ZmFGTTNObmp6TDRBNzk2V3NSSFFpQW1KOUI4bmExaDY2M2ZYTU0KLT4gQFF4 +Pk0tZ3JlYXNlIExXJV0gMyA6X0FPVH1MYAptTTBoWFJ2SG91T0IwZkpXOU11ZHF5 +Z1F5SWZxTHZjMXEwTWFjS0hyUGpCeFduWEVCbnFEOEcwcFVYMHVGNEx0CnZOa3B5 +UUlkdzRSVVV6NHpsUjdMCi0tLSBVd2psSXdsM0FhZHJqMnNiOEY3emk4VkNxNEJN +S1lzNXd0U0FZWlE0QitJCu05VYCZ3EnnYcf0EbUWuyvQO2XRquC1mw1zRaDqKuWm +nHOLOwZnMp64zMznS0oeeXsxYMsBtrlnxTQSgsyOfX5fWJrg8Ad/LgpIakx4bU/9 +goWYjKM21+Rv8kQpRFzMRRH+TG8CkQAcRGTrgk9JSNHuCq+JJLohHWj8EaUq+6TA +LYYDokWn508Mswo1KJ67EjvCD5rLcfVGyKdKQzwBNW3HtgwmFQ== -----END AGE ENCRYPTED FILE----- diff --git a/secrets/frigate_env.age b/secrets/frigate_env.age new file mode 100644 index 0000000..be0e613 --- /dev/null +++ b/secrets/frigate_env.age @@ -0,0 +1,12 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHpCTERaZyBiYWRr +cGc4bm1mRStNWkt0VlhXbHhDYSt6NlVhL3d4TlQ3dkxYNzByakVFCndZbUNTenJ0 +TVRrNGhjdXZqaDZUTEc0dUlLUTNyajVYYnZoUTJiWmRZU0EKLT4gcGl2LXAyNTYg +VUlFR3pnIEE1bGNpZEpBTWJOVGZxN1d4STFVMjdrdGhEdEF4Ky9mVjFRUmdnTTlH +aE54Cmg0Tm4waW1SdHVyU2lEQXpOc2wxVFdvRFp3MmxOd1ZkUzh0ckFmcFB6R2cK +LT4gPSQnLWdyZWFzZSA/NSArTSEKUEk3SXlnCi0tLSArMGZIdkl6SExyNi9TMll2 +MWh0RTlBNW42ZGt1bUphQTh6MnU2K3dyRG80Cp4kiJEPYkp/XWJOjLsZL+xKlp87 +JBLXdvGMK3iE0V1X/+ZC99aMEub2K9vV1+JUWF9lVVlHzzM88MJ1D/mupMJ/Fjmf +47P1aXSyMHl2u174jb5kMG218mKWYWhhQpJx4o1nDVIDM8g4iF+WIt1Tuhkg5mlA ++uoOrZcfj9nupKoagP0X7ZWLFb/WnWdQpBxHnYYRZC1UTlql/DUi5ci9 +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/frigate_mqtt.age b/secrets/frigate_mqtt.age new file mode 100644 index 0000000..29a68a2 --- /dev/null +++ b/secrets/frigate_mqtt.age @@ -0,0 +1,13 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHQ1WElHQSBQK1Jx +a3E3QlgzSlBFNmtnaTN1cjFjYjJWWWcyK1ROdzlKT0t4WjZKbjNNCmI0WGo5Rmdw +Mkgwa2tHczI2ZHQrNFdaSDdHSmxIYkZxQkxqT0NuNlFJZm8KLT4gc3NoLWVkMjU1 +MTkgekJMRFpnIFQrNHEreWpSalYreHp0SloxaGl1RUlIVFVPUWxqQmR0ZFN0NFNE +MkdoalkKQkE4Ynl0d29UUnF2RWhsRllTdTRSQVdxQlVBc1Z5N2FLbXp4VmUxd0JW +SQotPiBwaXYtcDI1NiBVSUVHemcgQTNFNVVZaUpUTFJkdXZISGFhRXRmZnd2STJW +VXI3YjVEMERGZzF0K1htZ0QKTnhFaDMwUTUyWHJ3ZFdLZTZFaXpSdHp0S2prYjhZ +d0NETjJwMkg1enVmSQotPiBiXkxPWy1ncmVhc2UgXHNQIDZmNTRHIXwgKD4gVysK +b1pwZ1pGak1VQQotLS0gU29WUXlydnh5aUdrb0pFLzZtSjBPdTFhSXZlYjZSNVAx +bzJobS9oQTZzWQq3Ubyk0W4w21+fLUj1l49DnJYyz6T2Bl4yVpb3rjOi9OfiUiJ0 +fyJjHMuSfuipb25h +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/gitea-runner-gospel.age b/secrets/gitea-runner-gospel.age index b174b0e..b5dbdb9 100644 --- a/secrets/gitea-runner-gospel.age +++ b/secrets/gitea-runner-gospel.age @@ -1,12 +1,13 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHpCTERaZyArTXZT -TE1pM0NDZ21Kb3NaSzBQT2dpQmxxK1BlU2tSb2IvbUx2U1FHSHhzCmRna29UalVK -ZDVCY0NNRTM1b2dUMnp4a2RvNnJoVFd2a3pONlNCSFg4d0kKLT4gcGl2LXAyNTYg -VUlFR3pnIEFodjhUand6MUtRTVlFb050NEdRUE1BdU5SUkFwTUp6WFR5ZTJhY3hC -S3VDCkdmNUZ6YnU0ZEhQVW96UTByd2VaUmRkYytQZ3NPeXFKd1MvTzVZRkxiVFEK -LT4gYS1ncmVhc2UgfXYzbn0gK1dJOVYpMCB2ZXxxfiVCIQpteDdWT0lnUjF1R3dB -QjFuaUdXTHF6TW1ubDhNaVpKc2xlak4KLS0tIDZyNE1rVjUvZGF4Nkk3aHpBTCsv -N3E3dDFpWWRqSVRVTUx2Nk53SEluUVEKe9Uesb/nSc2oFhGpQOI7VSPKZHF/QhhQ -mV5eAn4YVL8UrMcnQKTOXj633cpLsMgbRDF/oh22Zl2ciNLiAcPkbug1Yg6NvxUF -M+71rzVolw== +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHpCTERaZyBoaU4y +YUk4NThNeVgrWjJGWUphQ3V6STBodWZlV1k5ZFZXUERySE5XN1RBCm9XK2QxaHpS +OTR0ZVQ0WFpSdFlHMWRCMUVYcUFMY1NNUjM1eFMwNlNEcHcKLT4gcGl2LXAyNTYg +VUlFR3pnIEFsVXVxRVZOdHlsZXVPeFZTeGZsN0gyTmVSaVk3TXR5VHI4WjcyNGdp +OHNDCmMzc1dHRW9jWGNOS09LTC82dDRUcVdJaWt1TllVN2E0Q0lmK1pORlNmUUUK +LT4gM3VILWdyZWFzZSA3XSBUUSBhCjJQbXZ3ZHdkUEVNTWFaMVhQSklMcDAvWDUv +QzhvZllUSHlJV3JpWUFCNCtvV2lyZ0lmWng3bUZCOXF0eUU0Uy8KR2liMTh3bTly +UC9ZeDE5ZkQyTjFzR3Z3TlZ5L1R1ZzRkdDM1OFpjVlVIOVRaZkNzV2JwMlJMKzZn +NlU4T2NINQoKLS0tIEdGenRQUjNNVTJJbGFHUjZlS0p6NFFCUTZhWkFBVE5QSm01 +OVhSNFNpemcKqxMRt15zFO1fMsTMqs7Xr3haXeiTkJh0esVUYSBpeN8a2y8HU0hD +biVqK7FjCEGcI5LwDqjz3sHsHji1ph4E+NHhH8T9CPbkOzqOVWV2DQ== -----END AGE ENCRYPTED FILE----- diff --git a/secrets/hass_mqtt.age b/secrets/hass_mqtt.age index de36c07..4536bb0 100644 --- a/secrets/hass_mqtt.age +++ b/secrets/hass_mqtt.age @@ -1,16 +1,15 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHQ1WElHQSBWQWRo -Zkdhb2ZoZy94L0dHck92Uis5WjV5LzZjaDcvUzd6dXM2cmwzb3prCmsyTmdsaEdj -eFBWcm9ycnQwUFVJWEl2QW0raW1lNnlGRlM4UThlWHJkbmcKLT4gc3NoLWVkMjU1 -MTkgWWs3ZWhnIC92dHR2N2ZRY1JSWUExajN2QmNDQWduWHhoU0tDNS8wdkkyM1Uw -THgwemcKTVB0TGhQS09MekozMGZzWS9KakxyZnZrOXdnN01GN3dqRkVUMk1LemRz -TQotPiBzc2gtZWQyNTUxOSB6QkxEWmcgcloyb3BBU0pHRlM0aEZ5SzJhZTFGNmRj -a2gxdlZsQ1JKVXZ5RDV2MTVWTQpOYzhBRmh4dDRUeW94bzVzQ09OVHM0M0tYaWN3 -aVhvZ0JsWVlGcUt2VjFJCi0+IHBpdi1wMjU2IFVJRUd6ZyBBNTM5QnVKM29tcUMr -NGZQVnpzZ1p4aitQeDV0WndJSVVDSFVmbFlZN2pyZApqWFJOSVVtd1NqRm1uMVM5 -a3k4Nmh5TUlVdnA1Nk1UTzVwdDdveThYL1NVCi0+IGIjNVN8LWdyZWFzZSB2IGl0 -dnJnIHMhKT9RfDw/CmxIckk4VkE0MEpnbXROSkpZUndWZ2FKeXI2dwotLS0gZm8x -QjhGWjdqZktYUHNoUjVnVzZqYWdoUHVwcWZUQWtMQUUzYzY3dkVnQQpktskBEaeC -5KipEBhAEuAGDO5MmzobjS61UHrrOKQVCYg3WTJ7o7kATiaf/zXF5cj+WpHaMZ2Y -bOH/aTLa5mkQXw== +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHQ1WElHQSBWMWYy +K292YnpZZVQzbVI0aHFEbzNMdk11aDk0cEtxNFF6SjZTRjBNYmdrCjhxb1E0TEVV +WDN5M2NjVk9wVlFRM3ZmZ1QzNDNhZGk4UmRsN3dCaUxua1kKLT4gc3NoLWVkMjU1 +MTkgWWs3ZWhnIEljYzg5ZU1tTkhNQm1jckNLRmxCWTM1bmRZOHZXSFdTbFNUQ0xO +ek9KVDQKbUtVR1crZjdrbXhaK2tmanZwUGtRVHNLSjhaZG9LbnRZdEYyTlJnNVI0 +dwotPiBzc2gtZWQyNTUxOSB6QkxEWmcgUVZjY21ueFp3Rkl1RTBqWHJOeUJWSXRr +WnFsQUdKZkllMkV3UmJOYmpWOAp1bnN3NHN3S1VDNEtNUTBhSkVFNW5uZzU5SUJj +M0VUWDFqNEN1YzkyRzlZCi0+IHBpdi1wMjU2IFVJRUd6ZyBBNVFTTzFLL280NHVl +YjhwTXV2MTJHZ1A0RWJzUENuTlM1bzJIZHhLTmk0egp2VnhJckhPWGJ3NC9BVDBq +Wll4UVVCS24ydlZZcW9BRVZ3WEVEa1VmTjgwCi0+IDQtZ3JlYXNlIHZtayIgLgow +K1ZCekVic09jMjgKLS0tIE9IQnoxRFRTWkFubHEzUDJtdEFlNGNDTHBlWWc2czBU +UjNYNmRMUTdTSDAKBe/dJMmg6ATtra+XuNDbQNRtiQIxlGRE/1pztN1freayLMkX +nLzIkQ6bcLf/SmnwVxYNdft/zQYagHi/78NAf6A= -----END AGE ENCRYPTED FILE----- diff --git a/secrets/hydra-aws-creds.age b/secrets/hydra-aws-creds.age index 1be97a4..a2df307 100644 --- a/secrets/hydra-aws-creds.age +++ b/secrets/hydra-aws-creds.age @@ -1,14 +1,14 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHpCTERaZyBtWE5I -b0NPSG5MVGNqTnpsTzN6R29YR2pmZEU1QU9odE5QOFBPTHNVdlI0Ck9xbDRTOXpz -WG1EZHFTQ2JYZW1kYVB3eWpvc09zVTMvQzhjYVB1MlB1VE0KLT4gcGl2LXAyNTYg -VUlFR3pnIEFoU2JFVldxWHlSRys2MWtKdzRMeWYrZ2VORG9nV0J3TldnMUpOdGlF -aVkxCkZtS0l5MnlqL0JrYjAvRENGdWpPQ3BzQ2U4SlI1U0ZtRVlLc1VzRG1tTlUK -LT4gd0poNiVDXy1ncmVhc2UgOSB+IFwgLFsKV2RvSnI2S09iclY5aFc5SlFRWEFY -VmtZUXc3MTJiU0lPeG1HRDRybVhOeDZ5bG9uRUJFY2psK1FsV0RpbE50RwptdFBG -UHVjR0hYNU0wUVVrR1EKLS0tIDQ0SThSdEV3WnhTU3llalcvbnlCOG1VVUdxZ3k5 -dUtwNk8zMnowUkFxWXcKYaKLiik/vILFaTf1vsJVJ4p8xwNn8v5siCo2V78yvZvB -foB3cnhEBKezTBvGp2R7eDPG73u5Z9JTxv/qYjwQeBC20s2yx/+dZs2acc2IF5pq -OCWqDzHunkp3r1z/7h1KdGFhWcW1NkqovE8w9gejlMyJITShGuzQFL4KUwG/jidi -MtpEN94= +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHpCTERaZyBPZlVF +R3dmNk81N0FyQndrZG9jVmx3MXQ1TElpaG1ESERGUVFrRWIzdWtrCmUwWEZseEw3 +K2JXZ213K2hscGNCT1BHa0hoSW9FMllaSFRwL3BKb2NUUDAKLT4gcGl2LXAyNTYg +VUlFR3pnIEEzdDBrWWxoN1VkbXZZbGkrQUpidjVHUnIwb0pDVzU4d1loSWRCelhs +QjF1Cm55dkdKZ1VwNUx2SmFpSGZlV0VCZDZLelJPaVZGWmdJRnBLTjhZTWJMeDQK +LT4gXi4jLWdyZWFzZQpXZ1ZCMEZsZHlHQ296YTVVYjBoaE5LWXpLZkhQeEVvZkp4 +cjkyU2t2NG90dlhXakRCL2ZiWUpLVVNwTFR3SFV4CmxpckNiTGlKOEFGTXJuekVP +Z1c3QU8vQ1RPRjRqYU5wR0JKclU4RkpqZzlRbENLV2czcWFBWExHR2hJY3FBCi0t +LSBwLytYWTJLN2NqSmFobWltVDYwYjByTUxSaVE4VkFWWElrb3M5eVljWlhrCs4o +R9oJ6vxcpSdap9gbdumjqMMS/5bg12rSaSoX9qKX+L5zI7y+FCh6mz34mXeJ48qn +kR1iEw6GUMe0EGBXnU3Dt1/qxr7AIVtd2nZQ/G7D0mujJrDT8NybAHPwdupELh7L +zDXU1fX9PxnR8viAKXiH0BQqoSu7pPnxhisucKmJoCCVVYKG -----END AGE ENCRYPTED FILE----- diff --git a/secrets/nextcloud_admin.age b/secrets/nextcloud_admin.age index 70133e6..1bcfdcf 100644 --- a/secrets/nextcloud_admin.age +++ b/secrets/nextcloud_admin.age @@ -1,15 +1,15 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFlrN2VoZyAvTm9W -elF5RVphelU2YURhU1R3RDBUQUMvdE1XbFgwYlI3dWM2VWxOMWpzCm0xRVN0dkRR -UHlGcU1maEhSWmlwenhlM0hkdklVQzVRaHBFM0MrOVVQeFUKLT4gc3NoLWVkMjU1 -MTkgekJMRFpnIHhYK2dwc1ZSdy8zK3A2MFRQa2YrV0QrVENEVGlYczAwbGhhK3Aw -MG51VU0KekV0Q21yZEpoZy9IeTY5WFFrQ21TeVJIV01RTzQwOGtodmxvTFgweFZt -cwotPiBwaXYtcDI1NiBVSUVHemcgQTMxRnRVUnBweDR5d3Y0RlhFdGUyRXNHbDFE -aENOTGlqNHlaS1c4V0xZZUwKcDJ1L3dtU1l6bjNycGxSdzA3VEtRVnV5K2FJa0Fi -NVQvWGpIMlNSLzNUVQotPiBkQ2d9PUBsLWdyZWFzZSA0KlUgUydvNTwgem1jc0s8 -CjZ2VmFsQWhoYTl3dmsvNzYzOHlGdEZSMzcwM2d1ekFrNWFrMDU2RFBjZ01ldU5k -bjFwTnUwSFlkdEJOVUJUOVYKS3Rvd1Fkd29VM1pWb2dWQWdPVytIYkQ2WXJ6M1pI -bGZjM2lOCi0tLSAwd2RIcHZGU1pudXRxdkpicGVMZnFNMGNYSXljYkhTaEZ0dmVy -K1d0R1RZCi1RHY9VvMWjzyBHD7yMdI2/3QT7CjWJ3mIfMi0MLfBPPNWD2yHSQwJq -3P9jM7Z/HaclEx45mYsFuEUe5pknDwae +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFlrN2VoZyBSdml5 +RFJPdDNJallkSG41WFZsQlZMREhnT1hBWlUzbXhDR0dRbVpzYkVnCm1NdGhzZ1Ey +K1ZmWG10MUJUNWZsNkFrY3ZWdDI2UGV1aE9TUFRhNTluMmMKLT4gc3NoLWVkMjU1 +MTkgekJMRFpnIERCVFRkb2lXaGZRTlYxS1o3SmNnVEtDK1U0RG9HRm4rZmdLakZ3 +OEV5bFkKRmlOalJ5cWFPcERBUUdyVExOUHpkTFFnckgxWXE2YWNCY0xJQURUYkVp +awotPiBwaXYtcDI1NiBVSUVHemcgQXBHUzR0TzQ3VEp4MjIyNmNTeE9GZWkraStC +cWNqeHRPS3FiMGI4WVpDTkUKcU9JRnVOQ3A5WDBTYS91MzB0WStET05sVWQzZzY5 +RElROEdNMWV6UkVuawotPiB4b3YtZ3JlYXNlICFRWVlRPWZ4IEI7ZD4gKCA5U18K +dGtjaGF2c0VnOHdQMDZWbE1IYVJ6aE9pUnQ2a09CSTRmeDlMVTNkNlZ0ZjVNbEdR +MmprV1N0OUF1SHc1SldlMApLRUxteW1WdzE5OUdGeFA0bjBHaHl3ZnFOcjRkRUhF +RlE4bkd4b3FIQko0YWJYMWFyRk03QWYrOTNRCi0tLSBQZlg3aTQ1M1J2UGN1em9Z +NXdOZk5lcVlMZjRoU2taWWRqRnRiYUVLNVhFCrjZR2SmzuALzdJNdt59fm1j+hRL +sICyhBFwDJdyvAbBL7xMud7/P5oIhMSCgwiFo11GzzYQbnCouTeC6mugVeEH -----END AGE ENCRYPTED FILE----- diff --git a/secrets/nextcloud_restic_env.age b/secrets/nextcloud_restic_env.age index 3fa2a72..1effa5d 100644 --- a/secrets/nextcloud_restic_env.age +++ b/secrets/nextcloud_restic_env.age @@ -1,14 +1,13 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFlrN2VoZyBuYWps -WlBQVHRqR1VXUTZjQ1l1UGMxZE4xalQzb09PMUtDMS9sK2tsOFNRClRtQ1JxYnJs -Wm9sdjRUN2NOeDBzNElxeXc2S1JVdTlxRHk1djJJRG1DZWMKLT4gcGl2LXAyNTYg -VUlFR3pnIEF1VTBVWXprekd2UjVGSUJ5NUdFZ2xCTGovUENoZnRjVGVaWEdCNE5V -QXZmCjJNWnRjMU5vU2xkQklHbVF3MGpiT0dJRFlzdnVnTmhRMkFRWUp1ZCs0MFUK -LT4gaGkxO3xpPC1ncmVhc2UgfCBjLmh6OFUmXyAwRGBuNCwKY1FabHlsSkcyckdj -RUhGNmpkdnRXd1RCRjJLUEFRbkE1M1p2NzVMaDUyZEwxdEx5c1lidzIyM3NrOXhV -YTRnVgpBNmV0SlYzOE5QRGlLQi85VEJnMXZ3YjJwemZWOFlvRTJ4cWZIN3hYdXhR -QmsxUUoKLS0tIENIYXo5SmtlT0hLb0VoWWhOT3djMlJzVHphVlYzQ1FPejNZTTNT -SURWdm8Ki8bJ3t4oeTS9dipw8oCKtFyE6vhiIsgmjqsRnDsHGCNC8CRvl+/JUtKk -0p6cja5lVRUnVWNYIXsAjsxposBj713IZoUSMyXh53Xs5mvoPuvE37pIYH15BYtB -hiW0M6m3y8vRTO69174aplUST9ebg+IyJh+CxVu+8crR6/9RjYJ7IQ== +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFlrN2VoZyBrK3h0 +TWtqOWhUR0kvMldiNHdWeTBFb05SajBqVm51bFZBOGtyb1F3engwCm1YbGk0Uk1u +SVdPL3ByemhGZXdLMmNzd3JucXp4bTREbldEcE9ZTWtLSFUKLT4gcGl2LXAyNTYg +VUlFR3pnIEFuTXd3UzNScHJZbUtURytMbDJBUEFZd3UrdnNSaCtWWm1nQzl2TEZm +UGxyCjNubFJxaGlJMEkzbzNCNkNiaEVGcUczbWJsQ3FlNC9FRXNVbmprWlZzUzgK +LT4gYyR+LWdyZWFzZSBlX0JqJ2ogN1E8IXdcCmlqTGN4TkxKa0VmRzF2YzNCcjRp +T2VpaWFxdnhTcFR3V0JNSmNLTVlTeFZFVDdBelVtaGVRb21GCi0tLSBQNnFGZDI3 +bUUxbEtSVDhvZmlhMjlDYXZueGl6VGRTbEE1M3dia3MvQUhJClFjVpgP+t8uPQVa +d7I3KMxAUMHLsxIaMyhOZXdwW+Entbj5ucXwzp+KB3YaZ0KR5pZfGBkK6q2a864+ ++Bo1dnDrKDWcaIqrcBGBu401IlqS27R2ZM18gFOUaYx4hjbIZYx0wh1b65sJ5erh +rNrohzwtloll6Kt/oIIVEqILNleXWC8= -----END AGE ENCRYPTED FILE----- diff --git a/secrets/nextcloud_restic_password.age b/secrets/nextcloud_restic_password.age index 8dbecfd..97f9e21 100644 --- a/secrets/nextcloud_restic_password.age +++ b/secrets/nextcloud_restic_password.age @@ -1,14 +1,15 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFlrN2VoZyBLc1NG -Z21TZ1ZNaTE3MEF1TzM2NCs5ZmNYNkVmUXRNNFAyUGNwekNEMDFZCnQzRWhrMEJo -Rk8rSWpSN3Y2NW4zcVFjUTdPcCt3ZktaMnZyV1dtRE1sSzQKLT4gcGl2LXAyNTYg -VUlFR3pnIEFzeGZMMkd3Ukp2R3luQ0pJaFlBRThuSUltSGJkYzUzNCtMQVRXOHN5 -ZEhqCm9PeExLT3JDbjR3SU9kN09JOXQ3TURCK3lJanF0VERHRm0xY1NkczF0OFkK -LT4gIWteQUNRZj4tZ3JlYXNlIFFBSVoKT24rODJCSVkwWGpweWlkc1U2dXl4aDc4 -NmE5UElraXBwVXM3SXRhdHhzM2hxa044dFhJWUQwamdndzU0Zk01UApVZ2JheGtJ -Ci0tLSBadFhKVU9NVHlVMEZWcGRZb2ppWmM5WEhYdnpqbENmZmZ6S0JKSnVzYzBv -CrTHgBLC9EeAMFJLemtNjLpUi1YjaffBgBvhnJE98oRs1V0ZCo/2hjJm26CdWLIn -5HXhiZvOjCALojwFcRmVenM4hILDSlqzECJN+gI33RHx28OiShSJpwoGGiiRfjJB -BpSxzH5Xa41/GaTw9Bf36SitgLn/fFAASyEulC0nX5ZMLcK/9U/CxoSYezkuah7v -Sa6JRaMTc1gh0xV7K0pFmGKm +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFlrN2VoZyBKaWN6 +WVFRaFNCT2JKSTJXNnBzbFBURmc5N1Q4VExkemxmblJBVjl1YXlrCmd3ODllOFVO +K2JtTmdpQ3VaN2o5ZkZNdlBjMWNVT0k5clBPeGtSZ0dnemMKLT4gcGl2LXAyNTYg +VUlFR3pnIEF2aDZwd1VtSzNuRXh1KzZKSXZod3dQSmpIUVMva21DbUtERGRESk1J +d25lCmxKQVQ1V1htNHRaUktseDRJNTljeE01YWJJMzFlVm1ORTRaUnR4eFJEOUUK +LT4gfD0tZ3JlYXNlIEQvOSohZCByc1Y4ZCJhNSBmJkNvIWlvbSA2RmhGLwpMQkc1 +cE1pSGhGUDVteUtySitsYk5OYjAxQ1VHdWFGMHBYcGhidDU3MW9zZEY2VGw1dG5N +ZXlqM3dIVHZuWWJ6CkpWa0RQNnhwR09MRVF3WjNJQ1ZweVFFCi0tLSBENlRJeWxj +b3R4NG44eE16eXdIQ0p4RWhsYkZ4SlE0RjBFUUJIcFZLNjZRCpz3SS8nHn38RCmX +RXjsi57PXBoMMDQchYLOAVencBYXuMMEaHF+dPWI0VcFELAf2HY+yRnuXhqU0zx5 +nNDteJdAIPtVbyMh4QW6eBsdeKJk0afDa/TzP0Lqal/A+MrEGvZnDnxH37Vguwve +7os2vx2MC7y5/KyCr2momF5TeDpMSgAEl2hiTHvLGKXo0J8yyvrOLvMKXTkiE1bX +WOskoXXU -----END AGE ENCRYPTED FILE----- diff --git a/secrets/nextcloud_restic_repo.age b/secrets/nextcloud_restic_repo.age index 50e62bf..ac66ff9 100644 --- a/secrets/nextcloud_restic_repo.age +++ b/secrets/nextcloud_restic_repo.age @@ -1,12 +1,14 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFlrN2VoZyBOR0tn -SWQ0TnNIMzYxZ3NVQ1FSSjcrNStUQi9ta0ZnYVJCVWNFRWtzTHhRCm9PdFlTZEha -VjhFVTNDRDNsVGp6VndIM1Y4RjRHUXpKT3M3YXdnRXVxbEEKLT4gcGl2LXAyNTYg -VUlFR3pnIEE5NXNnTEkxbDhJZ2MwYnNSVHZFVjdhT2t4RWVreS84SHRFOExWeG55 -OGQ0CngwZTBHTmRHYUVnM2pwZmMxSXRtYmVrRmRBa3J0b1E2NUROTWJKbVhNNm8K -LT4gWyFUey1ncmVhc2UKcG96R2h1ODJlM05OWlhZVisyamtGT2RjL2ZNV0FZeTNU -RHA4L0hBQTR3Ci0tLSBhdEJOdjFKWUgrbElIM1FEKzk3MFpGa3RjdHcwZy9LZGRG -Q3J4ekx0SjFvCnm8zB/L8xszapk7mk292bOF7Vw3v0Acp8H/mYUgMe4nR3pvQmdg -pzeycFqyymCNQv6tz2WmdrkYpPJp26rR8/pw/NkOLUUPryLKy9xsnb/0xOzY7RAK -T2tw/8/zOA== +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFlrN2VoZyBaR1A0 +djBrN2t3MHRzZ0E2c1p0L3ZSQ2FDNnBvbWFOTjFKd2JxVGkrK1RVCmNkUm5aUCt2 +cWR3VUtEaytEM2FHM3lBY1ZEQlhCVktXQ2NXeUQ3TWNMYXcKLT4gcGl2LXAyNTYg +VUlFR3pnIEF1N1IxMXVTZXd3VHpXeUpVUk1RbTFTbDY5UnJVQStkTG95dlphQU4x +UldyCjZFYWNNbjRnT3Z6Njh4WUF5TmJvRENlWERCaFBDeEdreXhIS0tpUEFLWEEK +LT4gYlNYOy1ncmVhc2UgZDRieFxTIEV3ajJKIDl4Tn0mbiBWO0FLLz8KYy9BeGJM +QkN0aDhPN1NSMi9SVFVEM210dnQxSzQxbzlGbHlJeWRxeTBUVVJMbDNwK2cvZXlX +eTVNdTFQcnczVgpVbGdHRHBsNUZmNFRodVBIaHNCdmlGZ29sSEMyaVRiajY5cGdG +emxDNnNwZVphTkVqL2lqCi0tLSB5Q0dPdW5qbDU5cUdHYWhVMlRVakdxVWxZbEhw +R25RZ2hkVTJIQVA1amtzCgOtdRwGUlOcdpBU92u4aLOe1BX8NAcSxbk6Z4eWvh2F +At/u0tu2cKYm3Etw1FkGRKnXbISvwhXIpbyglHDgV9qpzo5RSLlNw75C9HJ8hn12 +eG5ujN6Pe6bpWZvojA== -----END AGE ENCRYPTED FILE----- diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 0a3bb74..f88833c 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -13,11 +13,6 @@ let }; in { - "atticd.age".publicKeys = [ - users.me - machines.gospel - tmp - ]; "cf_dns_kilonull.age".publicKeys = [ users.me machines.node @@ -72,6 +67,15 @@ in machines.node machines.gospel ]; + "frigate_mqtt.age".publicKeys = [ + users.me + machines.pi4 + machines.gospel + ]; + "frigate_env.age".publicKeys = [ + users.me + machines.gospel + ]; "zigbee2mqtt_mqtt.age".publicKeys = [ users.me tmp diff --git a/secrets/teslamate_db.age b/secrets/teslamate_db.age index 00f3c94..9b643ae 100644 --- a/secrets/teslamate_db.age +++ b/secrets/teslamate_db.age @@ -1,13 +1,13 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFlrN2VoZyBwRUdi -V0xueG93bkI3Q2M3aFZQRTJ6bFE1elpnYlNUQzhVYkE1dDhJSEh3ClBLb05NVjFn -QVQzcFNOSlMzQjN3SmlkbmhaOWp4RVBaS3ZLMVY3U20ySFUKLT4gc3NoLWVkMjU1 -MTkgekJMRFpnIHkxbUhXUnVMU2R2aldiYzJ5bU9lM2Y1ck5XenVuV0I0OFVtVUFQ -RzkrWFEKcWNFZStXRzZNZWhlUjl4Z2Q5MXBXbERrb084b0VFNkJLK0RYT243VVBK -SQotPiBwaXYtcDI1NiBVSUVHemcgQWlxcmNnSVdlVk9mOGF4Z0xFY1BSamorb1Nt -UnBxbmR2b2RHQTJvanRlejIKdW1IcGUwTHRoblJ3WUdoRTVFSVhZeXN4VkJGRi9r -aVptblRYdTdYOXZOcwotPiBbLWRDKC1ncmVhc2UgR1xnSWBANG0gJUt6ZF1ZIEsK -UUhBM3hQOUovYzdiT3R0dThYVllJMTBMNGlaN2tXTEg0WXRMeFNkenF0cXc1WlVi -Ci0tLSA3MTh5VHk0RVRLQnNEQnZ2Ky9RS3NyN0d2UldPdnRIaDVqd1RzR3QwVEJR -Ct+tOFTJrHNFi5p3juJNEOyIueALYfoyKCA7slD2VUCJNx8toVSah4w= +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFlrN2VoZyAyQ2Vn +ZFhpMUdpTzMxYTZkZEZFek1zUnJGbGFDa3MwSFk3d255TXVncmxVCmRIMUIreks0 +cG8wU0tGSTBsMUdobzZHQTBEZmVvSUpJL0JrRFF5QXVxUE0KLT4gc3NoLWVkMjU1 +MTkgekJMRFpnIGhoV25hSHNnTy9KMSt4bmttdmFqdGFORUFoSmhJbWZFV0x0ZkRh +OCs0azAKcmRLWVNOYWdBM2h2a2diYlBNRVV6UXFlWUFQakxwaWVTNmc0OHZpeVRi +UQotPiBwaXYtcDI1NiBVSUVHemcgQTdTN0RMV1VxM0g3U2l4T2orcmtjdGhMZ3hK +bU1nSWsvMFl5dDVhQ0pPS1UKbWlGbGw5Syt1K29GQ0lWamtWVjR3VTVsSmpDVTUv +bWdRR2NPTFU5NDc4UQotPiAhd1AiIWJGLWdyZWFzZSBPSG9hNXMKdDVyRU9OUFM2 +Y0ZDeTQ0ZFhCV3lqVW9BRlpYSWNWT1F1QlBYWkEKLS0tIHpBaklFSkpDemJSd2JC +ejVGNE54cmhTeEpLdTFBdVRhZEdYU2hVRHVSdncK5UpnpQcrmuTHKC0ljgyyH01N +OwImGuUv4etPgzcz1DyD1KotwMQY8A== -----END AGE ENCRYPTED FILE----- diff --git a/secrets/teslamate_encryption.age b/secrets/teslamate_encryption.age index 77517a8..f08d65b 100644 --- a/secrets/teslamate_encryption.age +++ b/secrets/teslamate_encryption.age @@ -1,13 +1,14 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFlrN2VoZyA2NVVS -QWFhaUdBZ2E2dG5xT25WOVdOWThDWXNPYlJyS2tpWGZaYjVSZHdZCjJsV2ZpNkEx -eTRWRWIvTGxEbFlrK3lzM3Y2TVlHQi9Lbk5kdEdtaEhHMHMKLT4gc3NoLWVkMjU1 -MTkgekJMRFpnIHdlc3dvTEhaYjViR0pPbmVyY2VHU3hyV2ttK0VwN3FMZmxMaVVh -b0QyeGMKQWlyeGpkNGlnNnpvS04vTVlJd2l5UkhaelVPdnorRFF2UjdiaVgyRXh2 -NAotPiBwaXYtcDI1NiBVSUVHemcgQXRGakNVK1lITWo4anEyUlh6d29lYjNYUHh1 -VUpUNmsrZTNjS3RYRzFad08Kbm1NK1EzNldlNVlaSThhb01YSlVFZ3g0YlZScmtH -VUhwa0VpMG1TV1F0ZwotPiAuaiQ/ci1ncmVhc2UgVTVaLgozY0h4b2FNCi0tLSAy -UFJjNVU1T2YvQW1kT3hnLzh2Q1c4c1Y2MkV3OEdBNldlcUczS1pha2ZzCmvva9/4 -U/0F0ZN+ZbPlYbyh45pfpdj2+fv4MXvW3jvzQN5qSMVL90lOlQNpBb2n2/ZbkZ+d -5lViTG0B4ZTGh63y +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFlrN2VoZyBFUjlD +R0JSTjBGZTV6SVNyZGU5SThoa3VZbndVeFZKTENYUlFRd1JqdTFRClVRS2xZWXUz +MlpDdWx1SHdwejE3RTI4UUZPLzJrUzNDbDh1UHNYQWtIaU0KLT4gc3NoLWVkMjU1 +MTkgekJMRFpnIEwzM3NuZDRlWGFXTGpHYWZJWWcwUndCZUgxL2lEdzFRYU5Zdk5o +VWZOR0kKUTJuZHhkbHRUZGMrb3g1UVF6bVNGRHpiT2xBL3RJVXN3MlpYcHRadWVq +TQotPiBwaXYtcDI1NiBVSUVHemcgQTFCNGhDZ3hBamtRTm1SVFN6UGJ6ZkJ4N3Ix +OUNTcGd3TjI4RHJyWEdtUGQKbDhOTzJKeVZ0RWJmdHlrc1ZPUGl6SHhFUzRSNTF5 +MmZiak1NUzhSQnZPMAotPiAsYWctZ3JlYXNlICZYImcgTW8hCm80T010c3dmV2xW +RUszZTMvWXM4SUFNVU1kQWxRSFkwV0dsamt5L1AwUlQxbnFMWVcyMGR3cjAzcHVi +VzkzNEsKa1FHSllVbXNwTnhVV2o0Ci0tLSBzUmdHSFJIcWQ4cmpxNzlyd2hPZTRo +eWthY1NiK3NxOU9jek9CdVkxalNRCtM0S6ToRPKTqKEwrE4XVz5O14g7EoRtdnbn +Qn7cFAxsknPgLmnV9GnHw4iYievbxNMU22BmtnREZlpzX4pKiv0f -----END AGE ENCRYPTED FILE----- diff --git a/secrets/teslamate_mqtt.age b/secrets/teslamate_mqtt.age index d61d6de..befe57f 100644 --- a/secrets/teslamate_mqtt.age +++ b/secrets/teslamate_mqtt.age @@ -1,17 +1,18 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHQ1WElHQSBCU3hj -TzVMUndWdTBlSGRoNUdJUnBwdzd1Q0xVVms0cEw0SnNKWFJjNG1vCmdNcU54TVVE -SjZUL2oxNjhmNTNVQnB3TGRvRUtIcDBNV1hidEtWdlRHYjAKLT4gc3NoLWVkMjU1 -MTkgWWs3ZWhnIHI3VERDYjd6bHFQd0k0SFBhOGc2TzNwMDA4bHJYRDZhNm1yZmdQ -dzk4VWMKTFgrZmx5VHNZT05yOUZGdGRrZjBkYm5qVm1jSzlCdDVvL0M5WWFDbHBh -UQotPiBzc2gtZWQyNTUxOSB6QkxEWmcgWC9kWWVSQkNsd05lTFFvcEp1QjBTcmx3 -Nzh5VkJHZmVhMExWYnVQRFFBawprY0NXL0FaUHJ1MFQzMkpQZFBJb3FFTW93VVUw -YkdlcDZyVnNOTVBpT1lJCi0+IHBpdi1wMjU2IFVJRUd6ZyBBNm82NVlpL21XVFpk -VmsycEVrek1vQ3doaDRjZTU0Q2g4RkZkR2RnVHN0cApsMnR3SHZFeFhxK0FITTdw -eXVYcWVkanJpOWFHNm9BY1BsQlB3RjhqekpVCi0+IDd3fi0tZ3JlYXNlIFJsWyB7 -aj02SG5eIEtFaERKOCBnMDcwakA1Ck9PdmNURjhXYmpnazlzMnIzb1hlZTl2T1Ev -SGJJdU1tTzl1eFdyaUJWZTR5OUFHamhzcTIKLS0tIFliSWpYMUpSMUE2ejNlRW5R -T0tJYmZiaERCaFNsUlpJeVdMUzJHZi90TmsKFCHn4ygjMFmYyGgaSD8UOP+jb3ry -u6P9iVzRiZtO2m7xJAJgFV8Qk+yWoY4saFNQgY8XVfHmGj3sVOPvdttB5e16Tlty -PITNgwDKI2gPR7Cv2zBILICVVxOCnqXm3fJR/w== +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHQ1WElHQSB0Yk9P +Z2x3THFvZ1dPQWFxQ0Y3cGRzUTFEYVdoV0tPWFJZQk8rUzZXS24wCk96NDhLdzlN +RzI1V1pLYzRlSFBTYjA0ang5V0UxUURORUVoeTh5VDFmdHcKLT4gc3NoLWVkMjU1 +MTkgWWs3ZWhnIGZ6UXhwSDlkMk4vNVJ4T2FtdG10UWlvdmRuMmxUdTV0NW5uZE4z +K1FNVVkKVFJ4cnlDZ0k5aG5QTkpEMmx5clZNODVhamFPMWZPN0JBRlZJN084bkM1 +MAotPiBzc2gtZWQyNTUxOSB6QkxEWmcgeFU2WUxzRG1kVTF4VEZjKy8vMG4vMk5m +SzdlVVpIbncyQ0FJRzJjejJYMAprdXh2bm5jR1c0Zzh2aXN1MlEydWU1TEtmcVRq +MHowaWpGVVFaMS9HYVlJCi0+IHBpdi1wMjU2IFVJRUd6ZyBBaWJ0YXlsa2NVUzVL +emVodlFJVmJUTDdTVUZCZm51Y0FXa1lORisyampNSwpxMjVudUcxNTNIcGtXSytQ +dGR0L0dScGtwRHpYRG5RRzhEakFWVlBIMnZ3Ci0+ICEnZGB6fS1ncmVhc2UgWiFQ +RHUkICFSW11RVUx+ClRvUFZDRXJMWnYzdVJSWVZGZENLVXRwQkJhWHp2Y0ZKSjZ6 +dUNiQzlyZ0FZY3R4eTFQNW9WaVppWDZvRmxxTlYKSUp5endEbnAxMXFwYWxCUlB0 +L0tjTFZCCi0tLSBKTW5xOVZTWURxbWV6U21ocHFHdnFsbUFJQzgrMVVPN1Z2VVE2 +TU93dEZZCj+MzLFs3s3dNuwcJOx2OK34DmfwPkYjlWAYK5JBxLp5nHph76kA48TP +A5j165txmnE6GZAvlOG/LyHmP4V/KDrGBCbxjq7VLchMEIQcuHyN2z/zP6rrr4+4 +twxMCIAeeVE= -----END AGE ENCRYPTED FILE----- diff --git a/secrets/zigbee2mqtt_creds.age b/secrets/zigbee2mqtt_creds.age index c1ff0d2..81ab927 100644 --- a/secrets/zigbee2mqtt_creds.age +++ b/secrets/zigbee2mqtt_creds.age @@ -1,14 +1,14 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFBaS2ZPUSBpZlJZ -Rm42M0VBZFFiei9Fd3FEaERnOFhVaHRMSnVIRjBteGFxeWxYZENjCnhOSXZGU1N3 -bnF5Y0xJMEd1OXVCT0Y5UWlYSFQ0c0hDSDZ5aWNVOElIT1EKLT4gc3NoLWVkMjU1 -MTkgWWs3ZWhnIEszMENjbzZoVUJVWWIzM0FBQXhpS3p1OUxXUTNpOERvQ0Nlc21i -RUtoM1kKaFM3TCtDK2hJZEUrRWNwc1FCREZaYm1zNGt2QUx4aUhUWk1ySUpyOHF5 -bwotPiBwaXYtcDI1NiBVSUVHemcgQW1Sb1BIcGZ4OGxoNFlKTnNUYWpTNFQ4a0hL -UGlRdmREY25HRjkveTRoUXcKdjZnTUNnMXVLTnhFRnZJQmpNaUlwSGYvRkJ1MUdW -WEduUE15RllkaW4xSQotPiBvQmhJMTZ1LWdyZWFzZQpYVXpGV1VIZjRMYUVEUnBk -SFFFUUpUaXpRSU5rZXVZUmhjVUorM1ZiNXUzNytycHY1N25tclI4bGFBeE1SRmlh -CgotLS0gSnoyWUFBdHZoUUFJQ2pFamEzTzNkSjdGUjJqOW9mTDBueUhWZStITXRk -awq4x9UTwEx1Ps0AQtsn1LxuJPX2G8qoFTGykIUWZDBqX2FpqCQTjcHC987XXbkr -w5IEsOMv8T04vepq846fTjuXS9x1RTN+3djGQ/5iu4OHkkY= +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFBaS2ZPUSBwMG5V +WVhWUUVIcm1CaEpuY1lpWTVCWlo5TTZXR01iNFlWemJ1dGIwc21NCjdDZ1ZBODM1 +V2l4QmpDcElySUxONlRnZzVuZk5OMzJacFY4OFJzRjdldFUKLT4gc3NoLWVkMjU1 +MTkgWWs3ZWhnIGhMR2FKSWZsS0NWdDV0ejBaSE9Oek9EZ29DU25sMURBVlZMM3Qx +RmhuejAKYnVoMEdkaE9USlh1dlhFNXYwKzJWbkVieGNUMVJIUG9YQitoREZEVE4z +VQotPiBwaXYtcDI1NiBVSUVHemcgQTUwcHhNZGJ1cmVhSzlIbjd2MEZnbU9ZeEdR +cGJzeFh4VGxZMSs2bGV5UzIKdWlyNk5yOGRlOFlOZmFQRkNURzhaamdQc1VGellX +Vm9ZNjlNeG5NSmpPWQotPiAsJ2BUfFguLWdyZWFzZSB5dnkKY1FaY0xiZ3hVa3d1 +S3dNREg2WXZZN3VkSzIzTU5jTER5MzgKLS0tIE9HS0h2YnNWbXNZeEpJNFJGeUVy +aDhPS1dJN3Q3VzVJaGVQdzV6UkVma1UK6QqONmjUWU5xojfLH+Acd6k1qP2kPK37 +8XR7z3jKvIQMqE8/Wx3XbNeupQGM6HrcJfbMa7XrlWKnAcATejqeAEeBdC59y2J8 +zDIbkLZINnma -----END AGE ENCRYPTED FILE----- diff --git a/secrets/zigbee2mqtt_mqtt.age b/secrets/zigbee2mqtt_mqtt.age index ad7018c..bde524f 100644 --- a/secrets/zigbee2mqtt_mqtt.age +++ b/secrets/zigbee2mqtt_mqtt.age @@ -1,13 +1,14 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFBaS2ZPUSBwQ0Q5 -b3JYVmUwSnhaeDZ6TnhoZjJEMWR0Y1FnSzVWaGhqZWdPY1JIc3o4CmFvUkdIVi81 -anlOTDk1SkNha2lLWnJ3WU1rNjV5QmwzRVhBVEdWSm90eFUKLT4gc3NoLWVkMjU1 -MTkgdDVYSUdBIHJMYVRRMko1NThhUm9iQTFDOWwzZW1RMHl6U3NQNlVsSU04RGJN -ZXk5eFUKVTNnR2cwMkdESC9kbURKU2JwY2kvWGlRZ0VzTHhOM201UkRBMU10QUl6 -UQotPiBwaXYtcDI1NiBVSUVHemcgQXluNm9HaFNJam9TejNJcWxBcUFCNTNxVWRx -dGxhUTNMbnFtV3RpVnhIMkQKVjVaMCtNTjZwTWJWWUhZYzhDWGVzODQxT2tNUm4w -TTVyNVRHbnpHRzd6MAotPiA0cERgZWctZ3JlYXNlIC4nIVF6JUsganBISy5EIyAv -UiFyIHtYflYqRWIKQUoxZmlkVmwyUQotLS0ga2F0UFhzOUVmVkdRa0VBZ3FqRmhH -b2owaitESHh3NzBaNkNXcXQxUHNoZwosnZ5zPmxwEuquVG+nZlytvZ8ln4j9aoV1 -iLElmb1aAcnP2Vz4cMp3nrFF03WrRQ/7 +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFBaS2ZPUSAySHln +aWUrWUN4ZFZjSGhNQndDWHdDRzdHL1RuQ1JpMjBDdG5oZ3JQN3pFCmZZbVJQRUNN +bnA1WHRMLzhrZENDVkFVZFM3ZUliREpaRktEZnJmMndFRk0KLT4gc3NoLWVkMjU1 +MTkgdDVYSUdBIElQMkVkcThhMWVndDd4emtyNTBubGhETU5Lb3lnblBYRHloOWR4 +akxlQ3MKMjdnVVYwcnhIVmxEcm9PQzVWMU5PcmRVeDNxTmdSNlBTcDRKNndIVTZs +SQotPiBwaXYtcDI1NiBVSUVHemcgQW85bGJkRE1zY01BMDByaXNEUWFBYWhTVi9o +UlJ6ajI0ZVJ3OHpTL3c1bDUKREE0WGN0S1JCR0k5emF2WWZoK29MeStETlpSdk5k +amFqWG9BekRpZmZGWQotPiBIazRkbEQtZ3JlYXNlICVWbyBlKWV8J2IgUi1CTydS +TSB4O1lRdgpTU1d0RGc2Z20xcml4c3FpYWgxVFVNRkZBbWJXdThmeXFhL2w4MWxQ +bUtkWmhqYjA1Yk0KLS0tIHdaeExRSzNERkFPSVBnOFZ6V055ZmZzTW9aZXMvTm9X +OEJIL3F4UW5mYjgKLubxi6qI8xgsKtCY64YhgI/77hLijqurj16w7daUl62pb5ME +xdfuNFer4HnnFRC9hg== -----END AGE ENCRYPTED FILE----- diff --git a/systems/x86_64-linux/carbon/default.nix b/systems/x86_64-linux/carbon/default.nix index fa68830..248e9db 100644 --- a/systems/x86_64-linux/carbon/default.nix +++ b/systems/x86_64-linux/carbon/default.nix @@ -9,7 +9,7 @@ aa = { nix = { enable = true; - useSelfhostedCache = true; + useSelfhostedCache = false; remoteBuilder.client.enable = false; }; @@ -30,21 +30,9 @@ user.extraGroups = [ "dialout" - "video" ]; }; - virtualisation = { - docker = { - enable = true; - storageDriver = "overlay2"; - rootless = { - enable = true; - setSocketVariable = true; - }; - }; - }; - networking = { hostName = "carbon"; networkmanager.enable = true; # Enables wireless support via wpa_supplicant. @@ -65,8 +53,6 @@ # List packages installed in system profile. To search, run: # $ nix search wget environment.systemPackages = with pkgs; [ - pavucontrol - android-tools sanoid # Below 3 installed for sanoid pv @@ -82,13 +68,13 @@ nixos-generators vlc signal-desktop-bin - zoom-us ]; environment.pathsToLink = [ "/share/applications" "/share/xdg-desktop-portal" ]; + programs.adb.enable = true; programs.light.enable = true; # This value determines the NixOS release from which the default diff --git a/systems/x86_64-linux/gospel/default.nix b/systems/x86_64-linux/gospel/default.nix index 4422494..eb9fe06 100644 --- a/systems/x86_64-linux/gospel/default.nix +++ b/systems/x86_64-linux/gospel/default.nix @@ -33,10 +33,6 @@ dnsCredentialsFile = config.age.secrets.cf_dns_kilonull.path; }; - services.atticd = { - enable = true; - acmeCertName = "kilonull.com"; - }; services.openssh.enable = true; services.printing.enable = true; services.tailscale = { @@ -47,8 +43,7 @@ services.prometheus.enable = true; services.promtail.enable = true; services.hydra = { - # Intentionally disabled for now - enable = false; + enable = true; acmeCertName = "kilonull.com"; secretKeyPath = "/var/gospelCache"; s3Bucket = "nix-store"; @@ -58,6 +53,10 @@ enable = true; acmeCertName = "kilonull.com"; }; + services.frigate = { + enable = true; + acmeCertName = "kilonull.com"; + }; hardware.audio.enable = true; hardware.bluetooth.enable = true; @@ -92,47 +91,15 @@ name = config.networking.hostName; url = "https://git.alejandr0angul0.dev"; tokenFile = config.age.secrets.gitea-runner-gospel.path; - hostPackages = with pkgs; [ - nix - attic-client - bash - coreutils - curl - gawk - gitMinimal - gnused - nodejs - wget - ]; labels = [ - "nix-builder:host" - "ubuntu-latest:docker://node:16-bullseye" "ubuntu-22.04:docker://node:16-bullseye" "ubuntu-20.04:docker://node:16-bullseye" "ubuntu-18.04:docker://node:16-buster" ]; - settings.container = { - options = '' - ; - -e PATH=:${pkgs.nix}/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin - -e NIX_PATH=nixpkgs=flake:nixpkgs:/nix/var/nix/profiles/per-user/root/channels - -e NIX_REMOTE=daemon - ''; - valid_volumes = [ "/nix" ]; - }; }; }; }; - # Allow the Forgejo Actions runner user to talk to nix-daemon when - # running jobs directly on the host. - nix.settings.trusted-users = [ - config.systemd.services."gitea-runner-gospel".serviceConfig.User - ]; - nix.settings.allowed-users = [ - config.systemd.services."gitea-runner-gospel".serviceConfig.User - ]; - virtualisation = { libvirtd.enable = true; @@ -169,10 +136,6 @@ prefixLength = 24; } ]; - firewall.allowedTCPPorts = [ - 80 - 443 - ]; }; programs.winbox = { enable = true; @@ -200,6 +163,7 @@ nix-index vlc + xfce.thunar prusa-slicer esptool minicom