nrabulinski/settei
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

hosts: remove legion
All checks were successful
/ check (pull_request) Successful in 1m23s
Details
/ check (push) Successful in 44s
Details

Browse source 
it's been a good ride, but it's time to say goodbye
This commit is contained in:
Nikodem Rabuliński 2025-03-22 23:20:03 +01:00
parent a6b046e28b
commit 678005a0ee
Signed by: nrabulinski
SSH key fingerprint: SHA256:AZZVyfKStaCo8sbJB+3Rr/CRrlym1oEgw7vMnynJeR8
35 changed files with 94 additions and 711 deletions
Download patch file Download diff file Expand all files Collapse all files

1
README.md
View file

@ -17,7 +17,6 @@ Collection of my personal Nix configurations and opinionated NixOS, nix-darwin,
- hosts - per-machine configurations
- kazuki - my linux arm server
- legion - my linux x86 server
- hijiri - my macbook
- hijiri-vm - linux vm running on my macbook
- ude - another linux arm server

2
assets/ssh.nix
View file

@ -9,7 +9,6 @@
hijiri-vm = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP6tfXLB6xhcl3rtI5x9NXSs12U4LVy06RRlyZxiORa0 nikodem@rabulinski.com";
kazuki = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIImsFb9qRxX0n2Bmy00T8iPam+Fc3mgKkm7dfM7AQRHN nikodem@rabulinski.com";
legion = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILHX2MNGZGSTedYAepZHgcx+KK0A6ASulwSrpf9ytb5h nikodem@rabulinski.com";
miyagi = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEIf4Ypws+1v9WL9MibW1dELpa/7YixElaBE7S71jsTy nrabulinski@antmicro.com";
ude = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEDm3M/i/4wP2BM4+9hHAOMospwvlBZ+FT+pJtVgaaMq nikodem@rabulinski.com";
kogata = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGK7H4Z29d72HJlI69Vt0YLOyuPcn9XxYjvMZfql80z0 nikodem@rabulinski.com";
@ -20,7 +19,6 @@
system = {
kazuki = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEyYhYWDNmKSrpcslD3NzWW+lQmDcLJdjLh7CSkL4hW5 root@kazuki";
legion = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH0Ktyj0FSn8KLRwRGd0Tp/qNUPXV7+XyxAsWGWdMYp8 root@legion";
miyagi = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILbUcsZrZgGHojG+1yVyNEW5Fgr7/7qNaWxOt+lFrJaD root@miyagi";
ude = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDZW15ObZ6XG776pdEvs9yqSuIiWlbGveEVA774Ri9/o root@ude";
kogata = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICPN/SXBcIB1WN8GIhYrQrqzFGuVkEP4o0E+x0uQ4f2l";

107
flake.lock generated
View file

@ -190,22 +190,6 @@
"type": "github"
}
},
"fl-config": {
"locked": {
"lastModified": 1653159448,
"narHash": "sha256-PvB9ha0r4w6p412MBPP71kS/ZTBnOjxL0brlmyucPBA=",
"owner": "flakelib",
"repo": "fl",
"rev": "fcefb9738d5995308a24cda018a083ccb6b0f460",
"type": "github"
},
"original": {
"owner": "flakelib",
"ref": "config",
"repo": "fl",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
@ -351,25 +335,6 @@
"type": "github"
}
},
"flakelib": {
"inputs": {
"fl-config": "fl-config",
"std": "std"
},
"locked": {
"lastModified": 1701802971,
"narHash": "sha256-Zo5fJpXbe+xXOTiDT4JG2rExobMJTmFZ72+3XTMMHrQ=",
"owner": "flakelib",
"repo": "fl",
"rev": "b71a91517f6b16aa5faefe8ec491d9f3062d7a20",
"type": "github"
},
"original": {
"owner": "flakelib",
"repo": "fl",
"type": "github"
}
},
"flakey-profile": {
"locked": {
"lastModified": 1712898590,
@ -531,21 +496,6 @@
"type": "github"
}
},
"nix-std": {
"locked": {
"lastModified": 1701658249,
"narHash": "sha256-KIt1TUuBvldhaVRta010MI5FeQlB8WadjqljybjesN0=",
"owner": "chessai",
"repo": "nix-std",
"rev": "715db541ffff4194620e48d210b76f73a74b5b5d",
"type": "github"
},
"original": {
"owner": "chessai",
"repo": "nix-std",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1723603349,
@ -621,44 +571,6 @@
"type": "github"
}
},
"nvidia-patch": {
"inputs": {
"flakelib": "flakelib",
"nixpkgs": [
"nixpkgs"
],
"nvidia-patch-src": "nvidia-patch-src"
},
"locked": {
"lastModified": 1742460640,
"narHash": "sha256-Qks0TRMOiuVKjcSPkg251Q2/wdU5ooMt4b2f2numPzg=",
"owner": "arcnmx",
"repo": "nvidia-patch.nix",
"rev": "c85990250376300fe11413e22458911f408f64d0",
"type": "github"
},
"original": {
"owner": "arcnmx",
"repo": "nvidia-patch.nix",
"type": "github"
}
},
"nvidia-patch-src": {
"flake": false,
"locked": {
"lastModified": 1742384429,
"narHash": "sha256-5O0TXVrLsFrULXli2vB2iJ7TECUckMHKvJZYmdkcnGE=",
"owner": "keylase",
"repo": "nvidia-patch",
"rev": "07080317245ac30c38001d2149810b2dee3cce1f",
"type": "github"
},
"original": {
"owner": "keylase",
"repo": "nvidia-patch",
"type": "github"
}
},
"racket": {
"inputs": {
"nixpkgs": [
@ -697,7 +609,6 @@
"mailserver": "mailserver",
"niko-nur": "niko-nur",
"nixpkgs": "nixpkgs_2",
"nvidia-patch": "nvidia-patch",
"racket": "racket",
"treefmt": "treefmt",
"wrapper-manager": "wrapper-manager",
@ -764,24 +675,6 @@
"type": "github"
}
},
"std": {
"inputs": {
"nix-std": "nix-std"
},
"locked": {
"lastModified": 1701802337,
"narHash": "sha256-JCVCyjDZ6LA0xyVoDZzRXjy0OgWOZo3OpeZEVm/U97w=",
"owner": "flakelib",
"repo": "std",
"rev": "443d1c8246b3d96a4822b02af907ca0d833e8b63",
"type": "github"
},
"original": {
"owner": "flakelib",
"repo": "std",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,

4
flake.nix
View file

@ -121,10 +121,6 @@
url = "gitlab:famedly/conduit?ref=next";
flake = false;
};
nvidia-patch = {
url = "github:arcnmx/nvidia-patch.nix";
inputs.nixpkgs.follows = "nixpkgs";
};
fenix = {
url = "github:nix-community/fenix";
inputs.nixpkgs.follows = "nixpkgs";

1
hosts/default.nix
View file

@ -9,7 +9,6 @@
./kazuki
./hijiri-vm
./hijiri
./legion
# TODO: Custom installer ISO
# ./installer
./ude

47
hosts/legion/default.nix
View file

@ -1,47 +0,0 @@
{
configurations.nixos.legion =
{
config,
username,
...
}:
{
imports = [
./hardware.nix
# ./disks.nix
./msmtp.nix
./desktop.nix
];
nixpkgs.hostPlatform = "x86_64-linux";
specialisation = {
nas.configuration = ./nas;
};
boot = {
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true;
};
settei.tailscale = {
ipv4 = "100.84.112.35";
ipv6 = "fd7a:115c:a1e0:ab12:4843:cd96:6254:7023";
};
networking = {
hostName = "legion";
hostId = builtins.substring 0 8 "524209a432724c7abaf04398cdd6eecd";
networkmanager.enable = true;
};
systemd.services.NetworkManager-wait-online.enable = false;
powerManagement.cpuFreqGovernor = "performance";
age.secrets.niko-pass.file = ../../secrets/legion-niko-pass.age;
users.users.${username}.hashedPasswordFile = config.age.secrets.niko-pass.path;
settei.incus.enable = true;
virtualisation.podman.enable = true;
};
}

112
hosts/legion/desktop.nix
View file

@ -1,112 +0,0 @@
# TODO: Proper desktop module
{
config,
pkgs,
lib,
username,
...
}:
{
# Needed for nvidia and steam
nixpkgs.config.allowUnfree = true;
settei.user.config = {
settei.desktop.enable = true;
home.packages = with pkgs; [
brightnessctl
dmenu
];
xsession.windowManager.i3 = {
enable = true;
config = {
terminal = "wezterm";
modifier = "Mod4";
};
};
home.file.".xinitrc".source = pkgs.writeShellScript "xinitrc" ''
xrandr --setprovideroutputsource modesetting NVIDIA-0
xrandr --auto
exec dbus-run-session i3
'';
};
programs.steam = {
enable = true;
remotePlay.openFirewall = true;
dedicatedServer.openFirewall = true;
gamescopeSession = { };
};
hardware.steam-hardware.enable = true;
services.logind = lib.genAttrs [
"lidSwitch"
"lidSwitchDocked"
"lidSwitchExternalPower"
] (_: "ignore");
services.pipewire = {
enable = true;
alsa.enable = true;
pulse.enable = true;
};
programs.dconf.enable = true;
services.dbus.enable = true;
users.users.${username}.extraGroups = [
"video"
"input"
];
# NVIDIA stuff
services.xserver = {
enable = true;
excludePackages = [ pkgs.xterm ];
videoDrivers = [ "nvidia" ];
xkb.layout = "pl";
displayManager.startx.enable = true;
config = lib.mkForce ''
Section "OutputClass"
Identifier "intel"
MatchDriver "i915"
Driver "modesetting"
EndSection
Section "OutputClass"
Identifier "nvidia"
MatchDriver "nvidia-drm"
Driver "nvidia"
Option "AllowEmptyInitialConfiguration"
Option "PrimaryGPU" "yes"
ModulePath "${config.hardware.nvidia.package.bin}/lib/xorg/modules"
ModulePath "${pkgs.xorg.xorgserver}/lib/xorg/modules"
EndSection
Section "InputClass"
Identifier "touchpad"
Driver "libinput"
MatchIsTouchpad "on"
Option "Tapping" "on"
Option "TappingButtonMap" "lrm"
Option "NaturalScrolling" "true"
EndSection
'';
exportConfiguration = true;
};
services.libinput.enable = true;
hardware.nvidia = {
patch.enable = true;
patch.nvidiaPackage = config.boot.kernelPackages.nvidia_x11_production;
open = false;
modesetting.enable = true;
};
hardware.graphics = {
enable = true;
enable32Bit = true;
};
}

14
hosts/legion/disks.nix
View file

@ -1,14 +0,0 @@
_args:
/*
let
bootDevice = args.bootDevice or "/dev/nvme0n1";
in
*/
{
assertions = [
{
assertion = false;
message = "Disko config TODO";
}
];
}

90
hosts/legion/hardware.nix
View file

@ -1,90 +0,0 @@
{ config, ... }:
{
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"nvme"
"usbhid"
"usb_storage"
"uas"
];
boot.extraModulePackages = with config.boot.kernelPackages; [ acpi_call ];
boot.kernelModules = [
"kvm-intel"
"i2c-dev"
"acpi_call"
];
boot.blacklistedKernelModules = [ "nouveau" ];
# Needed for enableAllFirmware
nixpkgs.config.allowUnfree = true;
hardware = {
enableAllFirmware = true;
cpu.intel.updateMicrocode = true;
};
services.smartd.enable = true;
# TODO: Move to disko only
# TODO: Actually set up impermanence
boot.supportedFilesystems = [ "btrfs" ];
boot.initrd.luks.devices."enc".device = "/dev/disk/by-label/LUKS";
fileSystems."/" = {
device = "/dev/disk/by-label/LINUX";
fsType = "btrfs";
options = [
"subvol=root"
"compress=zstd"
"noatime"
];
};
fileSystems."/home" = {
device = "/dev/disk/by-label/LINUX";
fsType = "btrfs";
options = [
"subvol=home"
"compress=zstd"
"noatime"
];
};
fileSystems."/nix" = {
device = "/dev/disk/by-label/LINUX";
fsType = "btrfs";
options = [
"subvol=nix"
"compress=zstd"
"noatime"
];
};
fileSystems."/persist" = {
device = "/dev/disk/by-label/LINUX";
fsType = "btrfs";
options = [
"subvol=persist"
"compress=zstd"
"noatime"
];
};
fileSystems."/var/log" = {
device = "/dev/disk/by-label/LINUX";
fsType = "btrfs";
options = [
"subvol=log"
"compress=zstd"
"noatime"
];
neededForBoot = true;
};
fileSystems."/boot" = {
device = "/dev/disk/by-label/BOOT";
fsType = "vfat";
};
swapDevices = [ { device = "/dev/disk/by-label/SWAP"; } ];
}

36
hosts/legion/msmtp.nix
View file

@ -1,36 +0,0 @@
# TODO: Potentially make this a common module?
{
pkgs,
config,
username,
...
}:
let
mail = "alert@nrab.lol";
aliases = pkgs.writeText "mail-aliases" ''
${username}: nikodem@rabulinski.com
root: ${mail}
'';
in
{
age.secrets.alert-plaintext.file = ../../secrets/alert-plain-pass.age;
programs.msmtp = {
enable = true;
setSendmail = true;
defaults = {
inherit aliases;
tls = "on";
auth = "login";
tls_starttls = "off";
};
accounts = {
default = {
host = "mail.nrab.lol";
passwordeval = "cat ${config.age.secrets.alert-plaintext.path}";
user = mail;
from = mail;
};
};
};
}

59
hosts/legion/nas/default.nix
View file

@ -1,59 +0,0 @@
{
pkgs,
lib,
username,
...
}:
{
imports = [ ./media.nix ];
boot.supportedFilesystems = [
"ext4"
"zfs"
];
boot.zfs.extraPools = [ "yottapool" ];
services.zfs = {
autoScrub.enable = true;
zed.settings = {
ZED_DEBUG_LOG = "/tmp/zed.debug.log";
ZED_EMAIL_ADDR = [ username ];
ZED_EMAIL_PROG = lib.getExe pkgs.msmtp;
ZED_EMAIL_OPTS = "@ADDRESS@";
ZED_NOTIFY_INTERVAL_SECS = 3600;
ZED_NOTIFY_VERBOSE = true;
ZED_USE_ENCLOSURE_LEDS = true;
ZED_SCRUB_AFTER_RESILVER = true;
};
};
fileSystems."/bulk" = {
device = "/dev/disk/by-label/BULK";
fsType = "ext4";
};
systemd.mounts = [
{
type = "none";
options = "bind";
what = "/media/data";
where = "/export/yotta-data";
requires = [ "zfs-mount.service" ];
after = [ "zfs-mount.service" ];
wantedBy = [ "multi-user.target" ];
before = [ "nfs-server.service" ];
requiredBy = [ "nfs-server.service" ];
}
];
services.nfs.server = {
enable = true;
hostName = "100.84.112.35";
exports = ''
/export *(insecure,rw,crossmnt,fsid=0)
/export/yotta-data *(insecure,rw,nohide)
'';
};
}

132
hosts/legion/nas/media.nix
View file

@ -1,132 +0,0 @@
{
config,
username,
lib,
...
}:
{
age.secrets.rab-lol-cf = {
file = ../../../secrets/rab-lol-cf.age;
owner = config.services.nginx.user;
};
services.jellyfin = {
enable = true;
openFirewall = true;
};
services.radarr.enable = true;
# TODO: Remove once https://github.com/Sonarr/Sonarr/pull/7443 is merged
nixpkgs.config.permittedInsecurePackages = [
"dotnet-sdk-6.0.428"
"aspnetcore-runtime-6.0.36"
];
services.sonarr.enable = true;
services.prowlarr.enable = true;
services.jellyseerr.enable = true;
services.deluge = {
enable = true;
web.enable = true;
config.download_location = "/media/deluge";
};
services.restic.server = {
enable = true;
dataDir = "/media/restic";
extraFlags = [ "--no-auth" ];
};
users.users = {
jellyfin.extraGroups = [
"radarr"
"sonarr"
];
radarr.extraGroups = [ "deluge" ];
sonarr.extraGroups = [ "deluge" ];
${username}.extraGroups = [ "deluge" ];
};
systemd.services = lib.mkMerge [
(lib.genAttrs
[
"jellyfin"
"radarr"
"sonarr"
"prowlarr"
"deluged"
"restic-rest-server"
]
(_: {
requires = [ "zfs-mount.service" ];
after = [ "zfs-mount.service" ];
})
)
{
jellyseerr.requires = [
"jellyfin.service"
"radarr.service"
"sonarr.service"
];
radarr.requires = [ "deluged.service" ];
sonarr.requires = [ "deluged.service" ];
}
];
services.nginx = {
enable = true;
recommendedProxySettings = true;
virtualHosts =
let
services = [
"jellyfin"
"jellyseerr"
"deluge"
"prowlarr"
"sonarr"
"radarr"
];
mkService = name: {
forceSSL = true;
useACMEHost = "_wildcard.legion.rab.lol";
listen = lib.flatten (
map
(port: [
(port // { addr = config.settei.tailscale.ipv4; })
(port // { addr = "[${config.settei.tailscale.ipv6}]"; })
])
[
{ port = 80; }
{
port = 443;
ssl = true;
}
]
);
locations."/".proxyPass = "http://${name}";
};
services' = map (service: {
name = "${service}.legion.rab.lol";
value = mkService service;
}) services;
in
lib.listToAttrs services';
upstreams = {
jellyfin.servers."localhost:8096" = { };
jellyseerr.servers."localhost:5055" = { };
deluge.servers."localhost:8112" = { };
prowlarr.servers."localhost:9696" = { };
radarr.servers."localhost:7878" = { };
sonarr.servers."localhost:8989" = { };
};
};
users.users.nginx.extraGroups = [ "acme" ];
security.acme.acceptTerms = true;
security.acme.certs."_wildcard.legion.rab.lol" = {
domain = "*.legion.rab.lol";
dnsProvider = "cloudflare";
credentialsFile = config.age.secrets.rab-lol-cf.path;
email = "nikodem@rabulinski.com";
};
}

1
modules/default.nix
View file

@ -33,7 +33,6 @@ in
inputs.disko.nixosModules.disko
inputs.mailserver.nixosModules.default
inputs.home-manager.nixosModules.home-manager
inputs.nvidia-patch.nixosModules.nvidia-patch
inputs.attic.nixosModules.atticd
inputs.lix-module.nixosModules.default
{

13
secrets/alert-nrab-lol-pass.age
View file

@ -1,7 +1,8 @@
age-encryption.org/v1
-> ssh-ed25519 84j9mw XYwseCo1fgFTMZ4IL13orBFdnWo0is7fujpJ5vDEIXo
5L2q/5umRSXrK1YGUXeUS3rpUlaGGwCKqzvUpQ5nk8s
-> ssh-ed25519 GKhvwg 2fSKj5gtCn8oj35oOgL3o8TxkkZNBlp+xy/W4mYghm8
fNse8uiLWps7zSIY8826MRAY1PyO++G3+7tT6TDQeag
--- /1Qqdeo1Tvw3EQDGKc5D85eXTnJ/vmdtwfHf/WuvGwQ
Qr.KGè²ùõ;1ýçW9£>†ˆ<E280A0>GjE(÷<>~]ß÷œ3"®†Žðiº“ï )1 [Èäñm;ÀܺWÅqn)vsEÜY«ÝÒÅÁäË,Ú0X3I1ñ‡P`
-> ssh-ed25519 84j9mw Uex/8V7Wq/9Bz9nvJRwfl5F6/QexinaDIhe14gAqWng
/lvX7cziXcohWI8FS8eybbdAaWDgN2Nvv2/3/DDaCFg
-> ssh-ed25519 GKhvwg JmC8WUB4SkpEy9nYGo9sfoNPx1pOAqvq0YDqd4l4vWw
F7KRZaLxCs7eYlPvv+yLovyFAxkahr/p5apcL+Bilfk
--- k5tZFrWFA+pUvgN2TYuIXzHBII2bLhB308qm5LFGJVg
¸0ZTJÑJÊ)]>Äp¹À
?LM‰¥µßØ><08>ÍwПuYxŒÒ ï™"/Œ"$¾ÀÓL <0A>Éé<14>ÿøYÆ1ÐüT׸áö§±ÃÑs»~

37
secrets/alert-plain-pass.age
View file

@ -1,19 +1,20 @@
age-encryption.org/v1
-> ssh-ed25519 GKhvwg 5euhetVuCUsVmzsFBVQr0U709Ogv6j1m+rhaS1ZXQhw
p9dTjCsqwXRFgY1qvZOmlpJGYIz+hj286sP/oaX15H4
-> ssh-ed25519 H0Rg/A MrlNR2XgW04Csdhpd1s2Tfr3gsD8l1YWj5l/5EJEtGI
+3RiO5GHLJOstxEKvNvAlZ1ycWHLUun0K7raJ/86a/M
-> ssh-ed25519 84j9mw 2wIXF94Zbo3fB7fRzQWGv5mCwdiomYVoFU8p25olt1k
S2A2AP8clxTkJBtqRTTSeHeKCkcveEYaaU41di0v9kM
-> ssh-ed25519 5A7peQ G+MxkpWskys34yRKVC9CEXdfqujMUG/v4Vp9WvPYRw0
BA+l5LIAIX0/KeSRcxLRybQ42OZV/ZX9pLCHhvkI1gc
-> ssh-ed25519 ioPMHA EXnV+gYXCwuE9kL8HJDxwGTWRqfJQt4gO4IxDXNXCDM
s2Ji8kJ+hl+3vy/kIIHyngIw6BGouXjLTbIK/AQYfNI
-> ssh-ed25519 g2vRWw Ir+r+/jelVmGjtahgKwTkiwZUWSxkCHJrYFkm+GqTDQ
GsDZu3gaQArHOEFQH4qoJSQw1mflKWvWNYpI+RZgI/0
-> ssh-ed25519 IFuY+w tWgf0Nelr0ji9Kr9fBt+2rdr0alagGG960uzW8RL9yE
FW5Wt5OMD887sClsLF/q4AlTDocImI72az465K/qZPs
-> ssh-ed25519 rA7dkQ 9apitDrmj/hY9bCHadtYFZmjGUwqXtFZiUypjt9Z1BQ
l+4ZTzw1rAYQV9dWn2sAr6Q1UtwunbelGr+UqMwetsE
--- dmVol02/2xV9zEOzA8+n5fyyjEk5Tsq/3W1yZa07ntg
Pÿ`nÑHmXöتDâ¸`7ô{ç3˜Pø¿¸ùãÊÛð}€£ñèvÉÜT€—Áb
-> ssh-ed25519 GKhvwg ZvzKWT14nrdbiVRJf4hK3Gmb7pkLA1YrzIAXi7GqUm0
OqGUgm/4oefj+J6JrIM42FPq/2tH/evQfKYQGCSMIc4
-> ssh-ed25519 H0Rg/A ucyXgt869tI6HWLjrsg5o65HBBHnjiAyJ2T7aCps7iQ
h58tIKkuHEFM+7VRl6u+3vvV3XQ0r+XqvUo7OdLuKEg
-> ssh-ed25519 84j9mw 2a5d7xIwqwF9MuAKv490mGUMYiDvZWK8+sLDjShpnmk
7CH1AzJQD7nrq7aKZJy54+74awO2MHO6RySq29/MH18
-> ssh-ed25519 5A7peQ 8h1pfClbTdBZuSZyw1LcntL6QIDXukYkJ+SBmcZMYAE
d8gix1GBYjqe8nYc/gdOxEvsYNo7+W+vhQZq/RFPeRw
-> ssh-ed25519 g2vRWw E4b+U5rVKsurdddkOSeDKmhIQW5iK4hdoRePQjohM2w
+WlMZ6Yd9iCqcm/WIrzRSRU9fmqdtc2Lb79wgB945Kg
-> ssh-ed25519 B2veVw 4APxbmXkGw6O319hX1rPpgCz2BNXs1fa71eopRvgsFI
AQ3FsW+H7qYg90JG8904/N0FjxjH4S70S1Gyer1BiXI
-> ssh-ed25519 IFuY+w +W4IMgBS9ihPCEGWQw8DrsTkF8Ih5H1+ZjhmGdPimQE
qlMFMVpw6uvH/OqGx/fIBFcP41RlXxyXKJ3//1N7mcQ
-> ssh-ed25519 rA7dkQ 1XI21LILuaiYGHbdgCllU+H8N+/YPq9FyrOUTp0AXCI
vklhN/5KOmbB0MaQ4F/iIuj5ReLiBrmFQunPtJu0o7w
--- 5T2/adM9me57EcbMcLPba1MIisFzJnXLC+inc57bJdk
ÿJi'ª©6£—&Ù&o
k4-hu¨š}ï2¥Ú|Î1DIl9Þíܦ¡—ýY•

BIN
secrets/attic-creds.age
View file

Binary file not shown.

BIN
secrets/forgejo-token.age
View file

Binary file not shown.

BIN
secrets/github-token.age
View file

Binary file not shown.

BIN
secrets/hercules-cache.age
View file

Binary file not shown.

26
secrets/hercules-secrets.age
View file

@ -1,16 +1,12 @@
age-encryption.org/v1
-> ssh-ed25519 84j9mw qVTbaORT1Ouwq1uA0cWQ3Q85tLYcq6xuZ9UhcMOTTSk
PE0VZp1P9K4IAnm/BIDusGsp4dtLvaN0/m9q9gNnfx4
-> ssh-ed25519 ioPMHA +m127XNN1vH6Tg6XGuHDbND0giQgGsMLE7YUKagZbXk
tKyYRNLt1UgnQR//64yAunpHjE7JyB/Mkdmc4gkMTWw
-> ssh-ed25519 IFuY+w x4WynTbStig1Ay9gyaplDcNlLQT0kMOFOJwVvcco1i0
i8M7n2tfBJoFNmQHs5jEaZdfKc1UmjL5y6oBCos1mDk
-> ssh-ed25519 5A7peQ +XJDHQntGS+FcrFgy9X/9RDOrBMNCI8rHsicV4Z5sBo
i6xfceBN4DE9EYF8Q4PaJjX7qbELJaJ5dxMGoAIE8xU
-> ssh-ed25519 GKhvwg fzJcotOtNhVeNwOdMQIwPT9GmgbE13HYmCkwbFlCCkQ
mNtYtoX8IUDgHKAQRA5e7HLZgYVI9wCF8QMm530eFEo
--- EIWU+anFU1NSYiu3O+xncDnVvJVrwHzwaAX1YhsaOj4
%§ëDJ#Îä·0Ÿ¨AÉD
qz,3sHÿ…µÌÂVb¦<>®ÄÂTùÍÞªˆË‡¹8Ÿ¬[ ÏÈ?VgNVdˆ
Ä<EFBFBD>È—L=è©í̵žðg%ιî[ÕmdšòíëØ6oqòžEÂ4Å<34>óöÕF3@P\(MDM;%É^<5E>Ü«ïp¾xîª÷p<10>):O9,iBµ¥±„T
sÇšÏ-—à“ÃJWºÖèEÎ\0£™yÎ>0;î<>öyÑLæå{üt.g%W,ºX} JÆJßÀdgê3žŽ\Ž#<> 0h=l´ˆüš<C3BC>hBB䃜üXÀ<58>ÄëÍb$õ^Ð óå” B¨M™ØìÕþ[È~ÌÜu?Ñâ®þþ h¾ªlÿ”Ìc;z½k
-> ssh-ed25519 84j9mw bwa+uUxySjFDjOaCzRiZyYVKl4po1YDaOoDQLqqObSI
ayXv7BKF5lkzM3ai3rHL8irPetF2Nlwoji2VHpRsD5c
-> ssh-ed25519 IFuY+w k98+p1XfAR7f7kbahEwTzZVA45ulV4t3INkOQMsU3D8
1QbRrGvE5cMMKzSNXK5LfBndDBJITd6gTBg9dJWir9E
-> ssh-ed25519 5A7peQ NyqKUm+8hfHcJ760y3EttpxygXxQXKFXURU8pHg1bAw
Rh7EqnDagUFvmIEsFkjkE2tVzlhWrGgANKy9UQM0D7M
-> ssh-ed25519 GKhvwg J3b+gGMaemGwSb7jfeCug9bcjXUJbU8BBGRoTXw2lw4
tmMZY+0SSYVxZSMDQEBWCYzKUHTVbFH1iuybHyBvor8
--- Uh1N32VLTQ2mxhsxu40FbIv0dQkqPdfBk+q3nJ/xPZ4
;¨tضïálÌ™„RyœhÙQBXzÇiߦþ¶ä%JN@Ö§þFƒDv8º½.ÒD™“,½¦_J¢žÝ(<¿p-<½Añf—l)ÕøFQ±”Íf“øéª+—6îmH<6D>þݲſç~ðÉy•NÁ5ØŠÍ®ñÃb—#]yÛ{§MSx9XO•3«ýñ`ô®ƒR<|—O4ÓÓ(ˆƒäKÍ@wdMq s%XdG®rW™m 1N QåñGJòÅ~ÙÄ݃«xkÅgRCvëš&vÏùåÞ¶±NS f©6ÿ÷,È`¾K ÑŠþkŸ1<C5B8>Z!T%[,a6XèÖ¾ÛÿNL5îÉk»^ÌËVž
õg}×Cí¡>Šˆm5ØÐrd7MÃnÙ=

BIN
secrets/hercules-token.age
View file

Binary file not shown.

12
secrets/leet-nrab-lol-pass.age
View file

@ -1,7 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 84j9mw qRlII1WyhanH2pNwSnl01iMlPWQ7tsyiNNOHPLNMflo
ZMtYsPCDsgcbN1qoAYWTBQtfBWGHzi4WKbGtpJSzKRA
-> ssh-ed25519 GKhvwg Fck+71BDUxko70r43pDKCYaa5OKZipR4iNveNrJaiC0
uZZhlsckmE+mi7Oq8+gtisDFmLEoy0Pm/9BKgRi9VHo
--- i/jgJHw3pEnMDGSjdK47mOkt87oI8szIHiIqimXVyXY
ÚÖßµSÇÞ<Èñ<C388>S¨ýjË{B>A¼Ñ¶î°Âå<>í<EFBFBD>ÏBzœ¸ÜwgÅÙá@"PY^£+E¥×['ÓÞú–ÌŽÕ,K©[ÈXÜ~XåÇg{øÊ2æìíc4
-> ssh-ed25519 84j9mw 9ygN4fWQWX889zSTchiwqVwxTzHzl+3PSelEpeGx6yA
v1GTvSMdbwC6U0QZtaD7/b5QbJ9j4J3F10eCUaT5COY
-> ssh-ed25519 GKhvwg 9I2sycYPtBMPZenbWLueANm46TTPzbgCa//4oKojGEQ
aEX3TQpWRAcrtJaiTMxB08L8OY/O/4JR+/zoNPl7Kxc
--- 6EB80pdWxmL1yVM+klouel5E59m2C88Dz0SH2DiT6nE
hkdJwÓ|g¾~ºvà^Ëjq\<5C> ' ƒ™yöIícdW™YF?ÓNÍþâ/ä0ÄØý+h<>…=œ85±#Š ²‘\bm£~ŽäÇú1æïy"úqÌAT<41>

BIN
secrets/legion-niko-pass.age
View file

Binary file not shown.

14
secrets/miyagi-niko-pass.age
View file

@ -1,8 +1,8 @@
age-encryption.org/v1
-> ssh-ed25519 g2vRWw Pdv9mU1heeteeLbLFVUAIyZxmCWHNmhnw0TphSVMczg
xks6yrF0BziJFp1QHSJdv5Svo1bCu9DF6s3wa2h0Xmg
-> ssh-ed25519 GKhvwg H2DeS0HP/vWKRrBszwCffNgIZo8nVymGSkWEH26Y/2k
2y9DCIwpFsFXpgOwOrrD9+HpRzEuno1fW2upd2FLbZc
--- LNHsLxE4XBziNhnXmARcxB7UWhcKNvon1sDdX6mfZaw
-1Šdmÿ<6D>
öf——ŽR´¸…,È[Û#[-ô;øMÓ}ävžêi4üx˜~=èÌ)ño¬º¡N^Ènþê„"X<>§Bª}W583Ùæƒ<C3A6>vÞÀò:Î¥çôu†Z«µ<C2AB> åɶ
-> ssh-ed25519 g2vRWw 8FCO/eYVK3KfOvdyk5Va3R9jXaSNzV+ArFVhJwJPDDk
zRBpyAtdJxg4TSsgUep66Yv2CMUUAI8IF3pL5+MI/88
-> ssh-ed25519 GKhvwg eMLyDK82QCKJrVjtfuy5DKTNFOc39zdJxJNFEXCO1Ac
6AamgzEBeT1018cy7N5GcvgjypGPLqF+2P14h//jTtA
--- jhq8ZEIoUjMq5PH7tktWMKQuCLMKifY/UfjjM1Qn7UE
QÖ8cœV2ž ƈ<19>4Ü$h©+e…yÖ
0ç#¬aJ`ng{@½Ç.sªIgÏžåc*®Q'è&•¶˜‡k,CuI±†ý´w†™ɘ×Î +rEÔNîÕ·@FŽP€I¸¸?ÐÑ’

BIN
secrets/nrab-lol-cf.age
View file

Binary file not shown.

BIN
secrets/ntfy-alert-pass.age
View file

Binary file not shown.

12
secrets/ntfy-niko-pass.age
View file

@ -1,7 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 84j9mw VodL+EHOjoXj8R/F0vMQzEcnnCFzzes0QByGCDCgVQw
tZLaDA1FLFwbK0AGo8lpTJjMUnPhJh1czYVLIYjkcEc
-> ssh-ed25519 GKhvwg gHaR4I4l0I+/XrbjTMp/mevEzxPJXNLB1eHs33WKwGw
GTAzrhyyDylZgExteDGpGbcS/TFX1q+NhF1FWHzNV0s
--- QS1dAgdS96KwIprDjzz6OD4qSIZs4/m9JEIsi3+kgPk
¼ÐzêÐPCžSÖx€ªf ¹Â-èÕžÀiŒ¡cû7˜_¸Š~¶ÛjA
-> ssh-ed25519 84j9mw 5fEqoBEGZ6AZRfWuU6mej6XNl6hDrxMIMMlccp9CVzg
QvontdV2/amh/i1Ldmzup8TB+lN4b0+YuoT+UFWiPw8
-> ssh-ed25519 GKhvwg 5Qm1FPvbv0ZsJiJ0Rjm0CPm6eWKvfQ4XHAOmEUWWCiA
eu1MXEWfo425lbnq5tAOnGqpLgRVIOCkZKegTQQjw/I
--- s1g2UCKwlew0wCJSxGosBzn1K0TEbPlrIl09iZ58bMg
PÕÌý®ü$<24>N{èLrÿxS:=W²x•Òc¤(Jµ£|ÁÏúõ»48ÙäS

15
secrets/rab-lol-cf.age
View file

@ -1,9 +1,8 @@
age-encryption.org/v1
-> ssh-ed25519 ioPMHA ftS+6CMGsySkp/KbDBLPKeWNDK83bZ2VB8ZKMRijkkY
U+2wopG3G2AvI4KUD9tZGIrHZSM3UdyDdYmbbkllWPo
-> ssh-ed25519 84j9mw xek41MX1ETVgRZa24I7n5U/XkJOqItQWK3Qz1FfkDCc
40CWzCUmxsjgmiObbqKuSieifZ2vNo965jOeTrZ8hT8
-> ssh-ed25519 GKhvwg X2YSREIPjoaWaku9qrVu04hOlZjUF3LFEUZaIMgg02s
jbjT6qoIFGXRv2wrkzf2GHx3tcku/tgWfK6Sns3uFVc
--- B/FIIz8dDg9YXbtDxfAQFZj9PCLHwI/mboBJQBuFmJg
„ýÎãì4®L7Hç3F¼ À <0B>íÍ„"ºæfU(ëÁ×Û~î‡%sb£ìùãæ¾Ô€~ZÂ}Z>2KO¨'Q\Á¿W[š„·ÏŒe…š¡1ö^IÖ‘
-> ssh-ed25519 84j9mw qUAkkpjjETyLa0IZfbm8yJ2opDBBsngbrrNjwu02G0s
kpEKDzWIfskgnZYR+0lgtCKqv0KwfpxRTq9crCsjvto
-> ssh-ed25519 GKhvwg FKrEGsx5mPhWnq5vNgFgxM816v6ZAG16pmdukuBWDDU
qmPRvA2bd0W3QlR6h8BLC/O+XjTp00vYXnp+tXakXDY
--- 7FE7FzsRmCKPvjr3yOlot32FV0lod38Hec/JRaxP+8g
xA°}~ <0B>˙H]…źTLزոl]µ¬0>Cź}J:·0nľ°°CšEćĹaăŕV´¤bĐ "d—ŻV!ŘR˙Ávďş ®z ĺ9ójO


12
secrets/rabulinski-com-cf.age
View file

@ -1,7 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 84j9mw d9KZV9S1hRXBvVcFe40S0NqWKlQ/AdRgAqdYXKicXR8
SgTn9MXrft+sRr4I96fqQHzAdm0b21Bd0eSoYFfq7/4
-> ssh-ed25519 GKhvwg B9qTfegTwDH/X0nQMGvTKCsK2GyzJ7yWgFIo+nKhsGc
Is4Hi8B2/9s0pz/quvNER2hTkabPbr7qeILL4PhQO1c
--- 1BhfbNEwYq0ra5slik651qbC8jffR2FmnDHV3FDtom0
Œ-…oSÔ<E2809A>¢-?{¢r]5«°óâ”;Ä+0 ÁoE9tƒ”µHXjqâj2@3üÞ ¶¼µº©÷m°mkúðyQâØ;_<>ŸW°Ñ϶Qœ~
-> ssh-ed25519 84j9mw O57uksGzyC2Obzy7AYk86DnEFQNXt43g5CqM4Vp69jU
1fW8YTn28ju1O3tX62A6AtvfzsmKzmhe79c3DmGUPrY
-> ssh-ed25519 GKhvwg s3WZPik8t204g4BlxpHeSpnL4/IgM+JdekXJYx7EFVo
N0Pyre1DwiLFo4HUE8SFDmNnkE4XJtcyHfn63cMlQJo
--- WPllwfNX5iXFmVC0pGCNrH4T9EGRhmRwGayE3bY/YC0
d p¿/Ý©„ÿ3+dvÕÛv&÷ËÒ²„ µR ÷xdèþSyé©8 øSà ­ûæÒ ÅešÞ}Nb#ø¹6åw.w“E0Q¬·–‹%˜Å

9
secrets/secrets.nix
View file

@ -13,21 +13,18 @@ in
# "bitwarden-env-file.age".publicKeys = [keys.system.kazuki keys.other.bootstrap];
"hercules-token.age".publicKeys = [
keys.system.kazuki
keys.system.legion
keys.system.ude
keys.system.kogata
keys.other.bootstrap
];
"hercules-cache.age".publicKeys = [
keys.system.kazuki
keys.system.legion
keys.system.ude
keys.system.kogata
keys.other.bootstrap
];
"hercules-secrets.age".publicKeys = [
keys.system.kazuki
keys.system.legion
keys.system.ude
keys.system.kogata
keys.other.bootstrap
@ -35,10 +32,6 @@ in
"alert-plain-pass.age".publicKeys = [
keys.other.bootstrap
] ++ builtins.attrValues keys.system;
"legion-niko-pass.age".publicKeys = [
keys.system.legion
keys.other.bootstrap
];
"storage-box-creds.age".publicKeys = [
keys.system.kazuki
keys.other.bootstrap
@ -54,7 +47,6 @@ in
"github-token.age".publicKeys = [
keys.system.ude
keys.system.kazuki
keys.system.legion
keys.system.kogata
keys.other.bootstrap
];
@ -72,7 +64,6 @@ in
keys.other.bootstrap
];
"rab-lol-cf.age".publicKeys = [
keys.system.legion
keys.system.kazuki
keys.other.bootstrap
];

12
secrets/storage-box-creds.age
View file

@ -1,7 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 84j9mw auP2WgwsaWjyocQkSzoYShO2kSLjn2UArvAVEhKgDiY
4Uh423ZjS7/Xo6TxLJzWqXgHZAu0xouH0UvFZuJuEz4
-> ssh-ed25519 GKhvwg JHtyTS12OXspSKP9r/a61cfp+ubYbsAXFmEijMTex3Q
wZYrJ8yIZ3v5cdBzpiI9ocaTpHbtmebEpbr59Bz3rhc
--- koWJ57H+ErMJDxW6JDNL2ImmZb6o9v2BJtaFi2OL+dc
Ioð5q®&¢C<C2A2>³U*”†[T.Hª€ÉŠ×ʺkkp„Oç£Ys,Óg£49øËʼn$^l-Aú/—¶åë¦QÊX»ÆðÖø
-> ssh-ed25519 84j9mw tKQQB/cd6JHCLQLrix2WGW5hHBUNC+pqDZXvTmOlOkw
lnx4olU3W8dgMwigYga/NYcjJ/C59J/uVdYNOfWmN2I
-> ssh-ed25519 GKhvwg iWTl/jvU1aBd78yAZUsOgcG6JaK+vO8Dpx61dYMjmhc
2Iu6OHlLlhJLy/cxI/zSuqRhBnoeGLXINbDyMIvDZD8
--- eOl0sze0EOvfcAarBav7mb4B3jdBvOE+fF166oukbrk
!żlćxq*T,.ÄX˝k6ě^ů<†!żX5ŘČŢŁž‡‰·ÇŐáĄńô,`ßěY‰^đŮ›Čů.¬đÔÜ°úďe Wßěµ âOúyÖ

13
secrets/storage-box-webdav.age
View file

@ -1,7 +1,8 @@
age-encryption.org/v1
-> ssh-ed25519 84j9mw 8RHYGSsbQG4F+mKMbXJu9aFv6xN3ZyxRBBhFJ3H8EFY
sRQonxjyqPLnL3AbfugdmraHzVK7RE3LjhuzLirImGM
-> ssh-ed25519 GKhvwg aEEIBlvZ//KmEqkX1pkZrT7QK9sopwKKiD6YUa9lA3k
srUtd+v0kDfbCsZ7OwPvzRVIualWm8CA4mhgdNAJm+A
--- yWhOlkbF9GUT7OsMu3R0/Dc+nP7DrUetuPLZJFySPpE
ƒ7™î0P`öÍsT§±=ÃÄ*ä=sÁÌp>¿mtY{±ò‘·…-­ö;M0ŸzÔCm}®¾ñßûŒ÷¾g“O» žjǡ<C38B>þàÁ½éÌN
-> ssh-ed25519 84j9mw C3TpEZsxJIYJ3d5vsQkCcCTity80nLsyxm5zCBZOMzk
56z54taf+KUJjDugfCGKlcbeRZfDzi3+eeanKPINS6E
-> ssh-ed25519 GKhvwg uUXJkGw54Q7dCnYobwV1zihOPa4R1FydJZehlFc5MA4
6Zbym9jLykqsYjmb6rKIa6GExAKVVvEkvCQrzl6HB/M
--- QICnyH0PORBpoNgT3pjuhP1p8AHn9gD2OIae/9G23x8
±(¯}¨{¬¤Ôœ2Ë“¿òi]UmiL­mÂvé>ke<7F>ã'6“AÀ̯¶XÔi<¯á:òùÓfÇU<>È~Ÿú&A¬Ë¡çj°
D·?_“E-éH

12
secrets/ude-deluge.age
View file

@ -1,7 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 IFuY+w EOJQpXxn+NL/BJjpdo8mIGfOYxcMElkVIiGx7KftrQ4
OcglvGhSgb1mxH8M19ZMf3m6lSF0clzH7Mjikf7cilM
-> ssh-ed25519 GKhvwg cr+0J59wCjYBONBcDulN8lpvZiCvULHqnwDu+eKQRAo
9q87PSfr4kq8lCDrw5Od3D1xJjSSmVv2/TXBWEBtBpU
--- FmVR9tb8wjYFb/FBTrblXMCUAMw5KQ7sX8WojcxCrbk
ŃĚÇCÂ<\á}ŹJ<C5B9>Ą ¨„f”é|<7C>6G“Ś•@WXc-"©Ő÷Ď<C3B7>űîüîAGşŹ«Z' Ĺxé_ňÔ ˝z,@nÇ" 3[Ä? Lb@óŹďe
-> ssh-ed25519 IFuY+w ZigoLhwVERGG/r7uYI3DKX7jijKt+4tsiTWpbIdUTXE
k4jmQIJXr7yJOY3pkc1VnoqDgWkNr84k1AgYF7jNjRs
-> ssh-ed25519 GKhvwg FMZOLDeE2Yw1Kd8V7NTL2oQtWo4IKDUoHu/Z8Su2hHI
QF+L/Qf35wkOcgGWWRGANMJCG5Vz80epjQuwa4IdYQM
--- ZUTRNDrgxdsZsNSP1Z3BLxw4EYexr873aJrbUvIgE2I
yâùZͪëú¶ M¹®ËXd識塸*ô5ð‡øj"‹¥¿íí*ÃÖZU³å Ñ„²|Ý•]¼ßa8 ð"Zœb<>][9S÷Uµ ù.

12
secrets/youko-niko-pass.age
View file

@ -1,7 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 rA7dkQ etmPKjKz102knTx/qQAihC9bFvRENB0Q1DtnaQyjfm4
GPt9OCIwT+/Q/UUDtkHB8d7T6znHy1y1NEUeI+SCeMg
-> ssh-ed25519 GKhvwg qdCxGyXrdD+WQa/il8fIlV7OKdREqd40Qk0PKITHxlk
OBJ9gg+KBHi2s1HYLazy3K+yh8tvnUvmuH+riWU7K8c
--- V3FRy0/TcUdUaBDUK+93r5rH26Is/KVuNJC+1vFMsOI
ŠýØÀëÐw§±æÏôOÌ.➌añ«÷Ûä<01>&<26>ößÞ<C39F>z³¹û ä[ oXµÄu<E2809A>ÁßùÅþƒáÖÉ÷”,ášajxGÆœuÕ/šÆñæeL²Ì/6S[SU¾
-> ssh-ed25519 rA7dkQ ucrMqUlwttyHHFkJ/c5tYpHohefNYe6aJnxHMUjkUxU
RgsGaMLmtziGu/n6MiDJmkTZORTh2yYWoSS0eu9i6PA
-> ssh-ed25519 GKhvwg u7Fjda07e17aJGV0ZFK/Mt2ZbF/3b38MLydE8WKs2gY
gO2rNP64Nkhr5GShWP8zhxeT2YUKEkqN1Oc6/3l6PKU
--- H9oqwkU/uI5fZAdy+qkCW5vw1PBaahe28FTUxhEFsds
xSæmL6îï9ÊŽÐîGŽ×3Ñ<áò4[ZÀ Œt»}å¶<OÓÃØdšÊcªYûé}>XQ^]<5D>ŠñK|B¶ÌwDmÓq×HïX©]FñeÄRt%¥`Ò¤0†»IVÂ×

BIN
secrets/zitadel-master.age
View file

Binary file not shown.