diff --git a/hosts/kazuki/mail.nix b/hosts/kazuki/mail.nix index 122cc7f..4be5d1c 100644 --- a/hosts/kazuki/mail.nix +++ b/hosts/kazuki/mail.nix @@ -37,8 +37,6 @@ }; certificateScheme = "acme-nginx"; - - stateVersion = 2; }; # TODO: Remove once SNM gets their shit together diff --git a/hosts/youko/default.nix b/hosts/youko/default.nix index 456630a..7f39ac5 100644 --- a/hosts/youko/default.nix +++ b/hosts/youko/default.nix @@ -1,17 +1,3 @@ -{ config, lib, ... }: -let - builderUsers = lib.fp.pipe [ - (lib.attrs.filter ( - name: _: - !builtins.elem name [ - "youko" - "kazuki" - "ude" - ] - )) - builtins.attrValues - ] config.assets.sshKeys.system; -in { config.systems.nixos.youko.module = { @@ -45,11 +31,6 @@ in settei.desktop.enable = true; }; - settei.remote-builder = { - enable = true; - sshKeys = builderUsers; - }; - services.udisks2.enable = true; settei.incus.enable = true; virtualisation.podman.enable = true; diff --git a/modules/system/builder.nix b/modules/system/builder.nix deleted file mode 100644 index c19b769..0000000 --- a/modules/system/builder.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ isLinux }: -{ - config, - lib, - pkgs, - ... -}: -let - cfg = config.settei.remote-builder; - - sharedConfig = { - users.users.${cfg.user} = { - shell = pkgs.bash; - openssh.authorizedKeys.keys = cfg.sshKeys; - }; - - nix.settings.trusted-users = [ cfg.user ]; - }; - - linuxConfig = lib.optionalAttrs isLinux { - users.users.${cfg.user} = { - isSystemUser = true; - group = cfg.user; - }; - users.groups.${cfg.user} = { }; - }; - - mergedConfig = lib.mkMerge [ - sharedConfig - linuxConfig - ]; -in -{ - _file = ./builder.nix; - - options.settei.remote-builder = { - enable = lib.mkEnableOption "configuring this machine as a remote builder"; - user = lib.mkOption { - type = lib.types.str; - default = "nixremote"; - }; - sshKeys = lib.mkOption { - type = lib.types.listOf lib.types.singleLineStr; - default = [ ]; - }; - }; - - config = lib.mkIf cfg.enable mergedConfig; -} diff --git a/modules/system/default.nix b/modules/system/default.nix index bb16c05..0c450a0 100644 --- a/modules/system/default.nix +++ b/modules/system/default.nix @@ -25,7 +25,6 @@ (import ./github-runner.nix { inherit isLinux; }) (import ./incus.nix { inherit isLinux; }) (import ./monitoring.nix { inherit isLinux; }) - (import ./builder.nix { inherit isLinux; }) ]; options.settei = with lib; { diff --git a/nilla.nix b/nilla.nix index 4e6423f..3a1a09e 100644 --- a/nilla.nix +++ b/nilla.nix @@ -88,7 +88,7 @@ darwin-systems' = map (system: system.result.config.system.build.toplevel) darwin-systems; all-drvs = all-packages' ++ nixos-systems' ++ darwin-systems'; - all-drvs' = builtins.concatStringsSep "\n" all-drvs; + all-drvs' = lib.strings.concatMapSep "\n" builtins.unsafeDiscardStringContext all-drvs; in mkPackage ( { runCommand }: @@ -104,7 +104,7 @@ system, }: writeShellScript "ci-check" '' - nix-instantiate --strict --eval -E 'import ./nilla.nix {}' -A packages.__allPackages.result.${system}.outPath + nix-instantiate --eval -E 'import ./nilla.nix {}' -A packages.__allPackages.result.${system}.outPath "${lib.getExe config.packages.formatter.result.${system}}" --ci '' ); @@ -128,7 +128,6 @@ config.packages.agenix.result.${system} config.packages.attic-client.result.${system} config.packages.nh.result.${system} - config.packages.formatter.result.${system} ]; }; }; diff --git a/pkgs/conduit/default.nix b/pkgs/conduit/default.nix index fee4c6f..10775f7 100644 --- a/pkgs/conduit/default.nix +++ b/pkgs/conduit/default.nix @@ -13,8 +13,7 @@ rustPlatform.buildRustPackage { inherit src; strictDeps = true; - useFetchCargoVendor = true; - cargoHash = "sha256-gNcpB2LMZU18RIxVu+mJfa4+lB5rNIRcZ2DJPvZCdQo="; + cargoLock.lockFile = "${src}/Cargo.lock"; nativeBuildInputs = [ rustPlatform.bindgenHook ]; diff --git a/secrets/alert-nrab-lol-pass.age b/secrets/alert-nrab-lol-pass.age index 3676a47..a5e31ca 100644 Binary files a/secrets/alert-nrab-lol-pass.age and b/secrets/alert-nrab-lol-pass.age differ diff --git a/secrets/alert-plain-pass.age b/secrets/alert-plain-pass.age index 057dade..4c3882d 100644 --- a/secrets/alert-plain-pass.age +++ b/secrets/alert-plain-pass.age @@ -1,20 +1,20 @@ age-encryption.org/v1 --> ssh-ed25519 GKhvwg /jQLcJCNx2g7rM8udm1ZyPDeqc0pJ95VpIsWObAG/xM -0QCmRI3pXNLmzIENjDyVNQLISQd6uyA/HOyXB1W47X0 --> ssh-ed25519 H0Rg/A r98Ge9hReVxBKmQuAfX63L8y9W2vQh2PC/VMtGnS/SE -itKOWkxTHsM/SlhW+AA037ns0XmOaLHWrEtguC5h5Pw --> ssh-ed25519 84j9mw FlKDqV1OxbxZ3s6mtYS6hzdOrMvY+GuYrXWoBk2Xo0Q -XqYK9dQXXx8eKlYhwQ5N+62GX/48VWQ51UyNialg5/E --> ssh-ed25519 5A7peQ MIpjM9J/7wAVGuB5eRStLAAqLEE9Ff4E6eoWqEE4lk8 -J0o+kgUBuk0odbuLvuRns699wfY/LPHc9RZydpnyVc0 --> ssh-ed25519 g2vRWw eNdLCZX01DMm9nZgugFCXIoqANF4Um+xxKQQf8SOax0 -i7H34Lumyn5qtigixSRbaYf1bm92kQLCf+EZKJeYmlw --> ssh-ed25519 B2veVw DvHqN4AUU1mjB++Qwz1vNYHxST/8qZTM+p9PfIyFsHw -BU+58wSWdknW6WbEr+uCenfaC1vLm3usdP1P8YBbn+8 --> ssh-ed25519 IFuY+w d3WEXFMgaOUSo3jwkOBzmqTqYyZLkIWnINFj7FZCHlE -u7KuKcjzTvCMJqiIzE2wNxNUjQuVaCcumnkNmVIg460 --> ssh-ed25519 rA7dkQ XjfR8WOE/ajNfI2PvtjccMWt4ZA5ZcQfRLaswf8o/BM -cjEt4pbJgoiqQYDMAeOEKO8IsGrutkbYiJt+s9v65+M ---- Itt4v03PVRtcZ+msFBO6VKi3kDuK5+mjsQ0LZXQhWTk -3qo߅n/3$? _m8 -v:mjd|wr \ No newline at end of file +-> ssh-ed25519 GKhvwg ZvzKWT14nrdbiVRJf4hK3Gmb7pkLA1YrzIAXi7GqUm0 +OqGUgm/4oefj+J6JrIM42FPq/2tH/evQfKYQGCSMIc4 +-> ssh-ed25519 H0Rg/A ucyXgt869tI6HWLjrsg5o65HBBHnjiAyJ2T7aCps7iQ +h58tIKkuHEFM+7VRl6u+3vvV3XQ0r+XqvUo7OdLuKEg +-> ssh-ed25519 84j9mw 2a5d7xIwqwF9MuAKv490mGUMYiDvZWK8+sLDjShpnmk +7CH1AzJQD7nrq7aKZJy54+74awO2MHO6RySq29/MH18 +-> ssh-ed25519 5A7peQ 8h1pfClbTdBZuSZyw1LcntL6QIDXukYkJ+SBmcZMYAE +d8gix1GBYjqe8nYc/gdOxEvsYNo7+W+vhQZq/RFPeRw +-> ssh-ed25519 g2vRWw E4b+U5rVKsurdddkOSeDKmhIQW5iK4hdoRePQjohM2w ++WlMZ6Yd9iCqcm/WIrzRSRU9fmqdtc2Lb79wgB945Kg +-> ssh-ed25519 B2veVw 4APxbmXkGw6O319hX1rPpgCz2BNXs1fa71eopRvgsFI +AQ3FsW+H7qYg90JG8904/N0FjxjH4S70S1Gyer1BiXI +-> ssh-ed25519 IFuY+w +W4IMgBS9ihPCEGWQw8DrsTkF8Ih5H1+ZjhmGdPimQE +qlMFMVpw6uvH/OqGx/fIBFcP41RlXxyXKJ3//1N7mcQ +-> ssh-ed25519 rA7dkQ 1XI21LILuaiYGHbdgCllU+H8N+/YPq9FyrOUTp0AXCI +vklhN/5KOmbB0MaQ4F/iIuj5ReLiBrmFQunPtJu0o7w +--- 5T2/adM9me57EcbMcLPba1MIisFzJnXLC+inc57bJdk +Ji'6&&o +k4-hu}2|1DIl9ܦY \ No newline at end of file diff --git a/secrets/attic-creds.age b/secrets/attic-creds.age index 327f967..e901eb7 100644 --- a/secrets/attic-creds.age +++ b/secrets/attic-creds.age @@ -1,7 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 84j9mw NTO+6rjQ67mvDfLbkZNyuvxGXVlKjqnH5Wg0/qD8Zkk -oIrs9tsRkEqIb9lLQnF61DefTWtF60iSJEfm2b4dkLU --> ssh-ed25519 GKhvwg 1URR/IKkYchQlxgQDK0Dh20KXTrulyJfnO3JXjECBjw -K2N7/b88tkEa8bTSRRWLChPN5GbbNip4qDx4HubEP9s ---- 4DdZ4N53a/aiMQcO0okbaeo3npYD+WrjoFYVnIMkmEk -(5/[p+&.$*Z*b~¤>"& !9RG7r?KrDmEl~1DѨCgE?q"w7:X|Dpg4Y4bĩ-.`#wC,y|["k*YF \ No newline at end of file +-> ssh-ed25519 84j9mw ZJAtY/6itD2g/hCRjxKrV1ZWQIzM/YgKGNa5CT71YBc +mMGp1ZjBx0qEugMAnixkVn88HqdNui/gyJt/okwRDP8 +-> ssh-ed25519 GKhvwg JbvduCfwAY610WxpitcGlScY98bGeNYDqKuxHkrqZDU +4aCApDeZnE/7xA3JzxqD5awQv9N5oa2TcHQOZx+CBpE +--- nGz8lBsZ79RPshiTTFlSTVsZP7lfaNKBZFC7TtZ2ves +['!eUTRG̠1dI{aϪ+'?"ʵ&NxkāRϗ)\a~o`htΖ-WrhxE +']>r9Oa=+W t} \ No newline at end of file diff --git a/secrets/forgejo-token.age b/secrets/forgejo-token.age index 4f8cba6..f16f8e1 100644 Binary files a/secrets/forgejo-token.age and b/secrets/forgejo-token.age differ diff --git a/secrets/github-token.age b/secrets/github-token.age index e2cb091..58d43ca 100644 Binary files a/secrets/github-token.age and b/secrets/github-token.age differ diff --git a/secrets/hercules-cache.age b/secrets/hercules-cache.age index 9ed43f7..48de2e9 100644 Binary files a/secrets/hercules-cache.age and b/secrets/hercules-cache.age differ diff --git a/secrets/hercules-secrets.age b/secrets/hercules-secrets.age index 488a650..b192321 100644 Binary files a/secrets/hercules-secrets.age and b/secrets/hercules-secrets.age differ diff --git a/secrets/hercules-token.age b/secrets/hercules-token.age index 7f2f655..a7a66a7 100644 Binary files a/secrets/hercules-token.age and b/secrets/hercules-token.age differ diff --git a/secrets/leet-nrab-lol-pass.age b/secrets/leet-nrab-lol-pass.age index 93c638b..4145d0d 100644 --- a/secrets/leet-nrab-lol-pass.age +++ b/secrets/leet-nrab-lol-pass.age @@ -1,7 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 84j9mw 7HLXJ0FPIlK/5skZB7HsmzyMX3S7I41wPsEPZ7Jb/28 -MJ9oeQWZ9QlL6kuB8QUHoOjdXqOqqpA3kHpr2h/6A5A --> ssh-ed25519 GKhvwg oVRn1+ZoRU39ucM/It+cxfLEMjF0uSV1O7k0J/8DgnM -ATACnP4ASRJ1qhyrm8yhi2qtDftXMiQ91CbmuqIm2gI ---- ucDElqkYHEoTy0c+vPsy2AQ3aqJmkDSBAADiKB71k2o -.ƛLlCgs.IžR .qxL2BNjFo9]9gTqNia]eaGSkY$ ssh-ed25519 84j9mw 9ygN4fWQWX889zSTchiwqVwxTzHzl+3PSelEpeGx6yA +v1GTvSMdbwC6U0QZtaD7/b5QbJ9j4J3F10eCUaT5COY +-> ssh-ed25519 GKhvwg 9I2sycYPtBMPZenbWLueANm46TTPzbgCa//4oKojGEQ +aEX3TQpWRAcrtJaiTMxB08L8OY/O/4JR+/zoNPl7Kxc +--- 6EB80pdWxmL1yVM+klouel5E59m2C88Dz0SH2DiT6nE +hkdJw|g~v^jq\ ' yIcdWYF?N/0+h=85# \bm~1y"qAT \ No newline at end of file diff --git a/secrets/miyagi-niko-pass.age b/secrets/miyagi-niko-pass.age index c0996e2..e150327 100644 --- a/secrets/miyagi-niko-pass.age +++ b/secrets/miyagi-niko-pass.age @@ -1,7 +1,8 @@ age-encryption.org/v1 --> ssh-ed25519 g2vRWw btMiKwz3PwvUTHhz3eQU1PkMqSPJ9gpVZ9WC7u49xmQ -jhQgjo4Vt7e6Q9uERj9UG4AM/gMhMUexBWHI4ofrx7c --> ssh-ed25519 GKhvwg sZvZftsPUAjQ27PleicM9It+gpRjwPWOdxx85Mr5fxY -G3VOFsNg2p1/KTyACw9QlvfBsyNUG9v7LSkWJl8afrg ---- letALmlj/zH1GJl31nWXeURJHZI6UkToZiTIUgZLv8s -lbxCI_ d:@@^ o:]1s;iv"̽thTwlˠil{An.v[GU0%) \ No newline at end of file +-> ssh-ed25519 g2vRWw 8FCO/eYVK3KfOvdyk5Va3R9jXaSNzV+ArFVhJwJPDDk +zRBpyAtdJxg4TSsgUep66Yv2CMUUAI8IF3pL5+MI/88 +-> ssh-ed25519 GKhvwg eMLyDK82QCKJrVjtfuy5DKTNFOc39zdJxJNFEXCO1Ac +6AamgzEBeT1018cy7N5GcvgjypGPLqF+2P14h//jTtA +--- jhq8ZEIoUjMq5PH7tktWMKQuCLMKifY/UfjjM1Qn7UE +Q8cV2 ƈ4$h+ey +0#aJ`ng{@.sIgϞc*Q'&k,CuIwɘ +rENշ@FPI?ђ \ No newline at end of file diff --git a/secrets/nrab-lol-cf.age b/secrets/nrab-lol-cf.age index f991709..bf3032b 100644 Binary files a/secrets/nrab-lol-cf.age and b/secrets/nrab-lol-cf.age differ diff --git a/secrets/ntfy-alert-pass.age b/secrets/ntfy-alert-pass.age index 4b28129..4e997b6 100644 --- a/secrets/ntfy-alert-pass.age +++ b/secrets/ntfy-alert-pass.age @@ -1,19 +1,19 @@ age-encryption.org/v1 --> ssh-ed25519 H0Rg/A ti8Cilk/v+91Nckt/CuYl6qRuRb3W60gvhB43FW1znI -EeLV+OccotivcRsN/aB/UdF89WiPlJ6R8PeKN6b+OQs --> ssh-ed25519 84j9mw 5rRP84YZGBMCFStzc5aeOqBmsAmjSb3GkKl47Msuei8 -DLtAz8tWkLu3QBeR+M5ZlJH6c6+GKPwf+qy3NpdTCOo --> ssh-ed25519 5A7peQ d6JYwhySRN6B0eHl+JiZkxawZuMYuS7RDrSKMQYHLzI -/Yg5Hx948SBDD8shA49Bnv8hooPokYG7Fn9roswNIWI --> ssh-ed25519 g2vRWw gltJGTfV+a8BKaAkBGXkiW57ymv0vPBQnCS2BWJ6fDc -+yBjIKMdM4eUVJvjs/UedjTH6hLRs56hDUpjpLC/q84 --> ssh-ed25519 B2veVw GeSb9ZgzHNDDDa/X+HppmefkEelg6JaQr8uaaijjzFo -LRzUrcmZAEosn0Sf4/YOLhbtdgYhWMYe9/uhvAMwcRI --> ssh-ed25519 IFuY+w gmfb2WEjP2BVhwnL+DzFcsM/ctbihlC6wOr7Bhn8r0o -k4IEjoNZSukZtz+rkOjk/BfaZkJ7T1jNrweKpmGDRZU --> ssh-ed25519 rA7dkQ EWcPrbtHeD6Rq0mlnoVhgVTZQ586QdRVsZa1K9YkQzk -EN5VG0U1KGdpcT64B6C7kVDwKM/h+gsiTgsKf11XP2s --> ssh-ed25519 GKhvwg jVotsPuVgxUaZUg5U6QwZO9O6DPsYv5Mp1rfsP353hQ -c8uSgREFANKYeaafurp47MQiGnQxHXkFR5TGAQ7Ykv4 ---- unx7yN4JzSSku/QUYEEUSPxyyLrWLG4zEMB/yRqvKwg -FETAms~_'%r=KxO#Mq'M_5F%P. \ No newline at end of file +-> ssh-ed25519 H0Rg/A Gu5zy+v+SITLh8SsiBXDnFDW007MNnWQ3Qo1XnKQVTM +0OLIB6bgEHct3n4ev0HgfaUOl8t93DM3qInsrfBn4Vw +-> ssh-ed25519 84j9mw XBb71lyuXkIGxSL+VHv4To64qjGv3tqGGMa5J414uE0 +kuVmbLJ4ZyC6rmNUZOEXfrYHm89iXRqwP2Gv5lV4XSE +-> ssh-ed25519 5A7peQ Zby6NTv0q8OQ9qvo7DvE4OVOpShVKE8K7QWTson0DCo +eMTfWLUUImhEfXlBl8gYoA1YK0gfpB8VyWa2L3RCA1w +-> ssh-ed25519 g2vRWw W5ZMWxUBPvef4sWXhv2aMCLZKlW++4n78vjJ+UE8XFE +0J4OEvtTaffnRHQdfzGOOtBdgmq9is63uSLNFfZ59Oo +-> ssh-ed25519 B2veVw tZ3sVtgqEJ5LbK3b2xcH+0z8LaNUPs4KZO9A/VLH71g +MUuolaOws9FLq5MwrGKbseG5Xaok/gad6LQ5bxhN+ss +-> ssh-ed25519 IFuY+w sz83GwAlZD8Zp2kH+7pwnETPKSfXDRgSXzNteAAGXF0 +4ByeRXyTp9+XpOirDvPAfDqfxyQXXqdEtTSq/CqKP0o +-> ssh-ed25519 rA7dkQ b7UcNJ+8UhrBnJieRvNxHXFBmr6uyh9q4ZtD9vpsTRI +2/jPFKnWvCwc+Ki9gWJ8sbGetH46DZMk7LyxmqSlAe8 +-> ssh-ed25519 GKhvwg 1HxU3yc2MfaW6N/zOg5ZRD+imMAIhIdKCp5FYR1BXjY +LlmcWTkjbm9Ig5rECdKieEsbmPZiFenZnLZ4p8YbUbI +--- 8E31okL3vgwlYthWyy+sshdJDHWGBjawZoS/3QaqjT0 +=u\eFcHret[92#YwN~Gfӷ xG^0=W ӓE& \ No newline at end of file diff --git a/secrets/ntfy-niko-pass.age b/secrets/ntfy-niko-pass.age index 5802533..c42dcd5 100644 --- a/secrets/ntfy-niko-pass.age +++ b/secrets/ntfy-niko-pass.age @@ -1,9 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 84j9mw ryWkCbg6qUwncq/HkEIN8qgMjPKVRv86y/gzJFtlS0U -G02X9Uacg0c5acyAmPHx5F6ImZQnjs45hH/tBFpP42I --> ssh-ed25519 GKhvwg LcIGEajShma720zp/yMndBnEOoZV9aYSsOFmN6yG9wQ -lox/ZbORF9HCKl4lCkTrRQ240JEGljqoAf8+I5q03Z4 ---- 6a1rHleD/+yh+e+/0lm4TIvst9tjT7y6sr6ujApYuZQ -$Q~C7|A{3]&X'' -PRL6 -QYmhm \ No newline at end of file +-> ssh-ed25519 84j9mw 5fEqoBEGZ6AZRfWuU6mej6XNl6hDrxMIMMlccp9CVzg +QvontdV2/amh/i1Ldmzup8TB+lN4b0+YuoT+UFWiPw8 +-> ssh-ed25519 GKhvwg 5Qm1FPvbv0ZsJiJ0Rjm0CPm6eWKvfQ4XHAOmEUWWCiA +eu1MXEWfo425lbnq5tAOnGqpLgRVIOCkZKegTQQjw/I +--- s1g2UCKwlew0wCJSxGosBzn1K0TEbPlrIl09iZ58bMg +P$N{LrxS:=Wxc(J|48S \ No newline at end of file diff --git a/secrets/paperless-pass.age b/secrets/paperless-pass.age deleted file mode 100644 index 049b54e..0000000 --- a/secrets/paperless-pass.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 rA7dkQ sXPoNSctxQL6Gh1JrsMuUGp5/PW/v7zFzGzdncnVYnQ -ETOeRcPPhV+RZSZEC2cGsKm2H6eAn8eKJTn1NkJqndQ --> ssh-ed25519 GKhvwg DWV3js/l+CYRHGgf0NCZwBCigE9U5tf8mkGxVNAIVSY -dxHnQkWKB8+02j3zuaeGVq8+A5vA2ssTccTdFSn5FCw ---- pu5uE5bsrnA7KrZSRGaD6xMKjzsx0ezXn9BbNVsrgAw -Q B ssh-ed25519 84j9mw MkIkHSzR3H+j9ul56t+CrVsoeGRgH2ocYRSBoH/z5SY -0LNQmCBPvS5NiS66HCQ1Yifr/GkIYxrDj2Kfg/ZOerM --> ssh-ed25519 GKhvwg xp5j84RKQ56OFSak3IvHRG9TAv0XVYLmWJLImgAjmws -gx1Ke3U3ngFsDswVVOnwbQUJNOUSdFgh/LUKkDH30Ug ---- lWb3NlBy8n+NWGQ+M75RmWElXXLWWpl38aRYTVMm5GY -qA [VpH 0I *~h 6BZikʤV 9s; -Ƴ8Md٬լ= \ No newline at end of file +-> ssh-ed25519 84j9mw tKQQB/cd6JHCLQLrix2WGW5hHBUNC+pqDZXvTmOlOkw +lnx4olU3W8dgMwigYga/NYcjJ/C59J/uVdYNOfWmN2I +-> ssh-ed25519 GKhvwg iWTl/jvU1aBd78yAZUsOgcG6JaK+vO8Dpx61dYMjmhc +2Iu6OHlLlhJLy/cxI/zSuqRhBnoeGLXINbDyMIvDZD8 +--- eOl0sze0EOvfcAarBav7mb4B3jdBvOE+fF166oukbrk +!lxq*T,.Xk6^ ssh-ed25519 84j9mw aSPnpUfj2PBYycEMzcENn30pzhrSEAatTOdoDhoPQVk -PzcdoYgIHJZqOHE36gynF7r1LgFjoX2hEfCf1Emb2gg --> ssh-ed25519 GKhvwg HlibITP17XIxE8t8Kd9NtC6n696fQJu78lE3Yp4lFyg -hmPEscf5AzMWq7NJSX8WxuRZ3bV3nMDAZZnZ8/Xy+rg ---- gSATPThFb4g1a+5/hwps5NGAEsd3VUlYtzy0vTySXyM -gۏlw_0](t9%9aWͬ@dW@S o*&X-@c~#fox=; \ No newline at end of file +-> ssh-ed25519 84j9mw C3TpEZsxJIYJ3d5vsQkCcCTity80nLsyxm5zCBZOMzk +56z54taf+KUJjDugfCGKlcbeRZfDzi3+eeanKPINS6E +-> ssh-ed25519 GKhvwg uUXJkGw54Q7dCnYobwV1zihOPa4R1FydJZehlFc5MA4 +6Zbym9jLykqsYjmb6rKIa6GExAKVVvEkvCQrzl6HB/M +--- QICnyH0PORBpoNgT3pjuhP1p8AHn9gD2OIae/9G23x8 +(}{Ԝ2˓i]UmiLmv>ke'6A̯Xi<:fU)~&Aˡj# +D?_E-H \ No newline at end of file diff --git a/secrets/ude-deluge.age b/secrets/ude-deluge.age index 075061e..f398be0 100644 --- a/secrets/ude-deluge.age +++ b/secrets/ude-deluge.age @@ -1,8 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 IFuY+w YhrlFN7mVaYlDC0YyEYwHUw/Dn+AJS5LcdYH0CHNhHM -2Fh1Imyut/Fs3nAUQAYNHuR0DPRCnDDv0fuLI1hQc6k --> ssh-ed25519 GKhvwg Iuw+N1SD8On8HqpoinMoXFJ+QRS7CRyjVHhI7LE83hs -yTdsv1DKQUSG1hFyxanahMiagPumuuVH1S1uLwoX3aU ---- fGCYe4oLn1ucgnXuuecwD4nHMkiqxy2kSTYp79y7sR4 -ѭ -QVCs`ʦWG#u͑+K~!:#'jQDYz'%@AO`剒> \ No newline at end of file +-> ssh-ed25519 IFuY+w ZigoLhwVERGG/r7uYI3DKX7jijKt+4tsiTWpbIdUTXE +k4jmQIJXr7yJOY3pkc1VnoqDgWkNr84k1AgYF7jNjRs +-> ssh-ed25519 GKhvwg FMZOLDeE2Yw1Kd8V7NTL2oQtWo4IKDUoHu/Z8Su2hHI +QF+L/Qf35wkOcgGWWRGANMJCG5Vz80epjQuwa4IdYQM +--- ZUTRNDrgxdsZsNSP1Z3BLxw4EYexr873aJrbUvIgE2I +yZͪ MXd塸*5j"*ZU ф|ݕ]a8 "Zb][9SU . \ No newline at end of file diff --git a/secrets/youko-niko-pass.age b/secrets/youko-niko-pass.age index 18041a5..6e910ff 100644 --- a/secrets/youko-niko-pass.age +++ b/secrets/youko-niko-pass.age @@ -1,7 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 rA7dkQ HZF6g+17SHv2P0Agh9/rJk5yQkjqxmOKF+F5dlcHkUI -WimAhXL0UU2JXUlruPnIwi7vkjQ7YDWsyK5yB006gWo --> ssh-ed25519 GKhvwg mYJ6EJxisRlPtWzBqAsQXF4sivQP86rr03qIQvJGumY -Y+dGZb/F1jddv04tFFPSSyTTJjsBTbQUocNg+FJuX/E ---- mMUDr1Q6r/fEIejP+0yBj8D09REx3bj51XpaJiOO4ns - ssh-ed25519 rA7dkQ ucrMqUlwttyHHFkJ/c5tYpHohefNYe6aJnxHMUjkUxU +RgsGaMLmtziGu/n6MiDJmkTZORTh2yYWoSS0eu9i6PA +-> ssh-ed25519 GKhvwg u7Fjda07e17aJGV0ZFK/Mt2ZbF/3b38MLydE8WKs2gY +gO2rNP64Nkhr5GShWP8zhxeT2YUKEkqN1Oc6/3l6PKU +--- H9oqwkU/uI5fZAdy+qkCW5vw1PBaahe28FTUxhEFsds +xSmL69ʎG3<4[Z t}<OdcY}>XQ^]Ki|BwDmqHX]FeRt%`Ҥ0IV \ No newline at end of file diff --git a/secrets/zitadel-master.age b/secrets/zitadel-master.age index 8245fc9..9740ab2 100644 Binary files a/secrets/zitadel-master.age and b/secrets/zitadel-master.age differ diff --git a/services/default.nix b/services/default.nix index ea3614e..b92ec0f 100644 --- a/services/default.nix +++ b/services/default.nix @@ -3,6 +3,5 @@ ./attic.nix ./forgejo-runner.nix ./forgejo.nix - ./paperless.nix ]; } diff --git a/services/paperless.nix b/services/paperless.nix deleted file mode 100644 index 1df2afa..0000000 --- a/services/paperless.nix +++ /dev/null @@ -1,61 +0,0 @@ -{ - config.services.paperless = { - host = "youko"; - ports = [ 28981 ]; - module = - { config, ... }: - { - age.secrets.rab-lol-cf = { - file = ../secrets/rab-lol-cf.age; - owner = config.services.nginx.user; - }; - age.secrets.paperless-pass = { - file = ../secrets/paperless-pass.age; - owner = config.services.paperless.user; - }; - - services.paperless = { - enable = true; - dataDir = "/var/lib/paperless"; - mediaDir = "/media/paperless/media"; - consumptionDir = "/media/paperless/consume"; - passwordFile = config.age.secrets.paperless-pass.path; - settings = { - PAPERLESS_CONSUMER_IGNORE_PATTERN = [ - ".DS_STORE/*" - "desktop.ini" - ]; - PAPERLESS_OCR_LANGUAGE = "pol+eng+jpn"; - PAPERLESS_OCR_USER_ARGS = { - optimize = 1; - pdfa_image_compression = "lossless"; - }; - }; - }; - - services.nginx = { - enable = true; - recommendedProxySettings = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedTlsSettings = true; - virtualHosts."paper.rab.lol" = { - forceSSL = true; - enableACME = true; - acmeRoot = null; - locations."/".proxyPass = "http://localhost:28981"; - extraConfig = '' - client_max_body_size 24G; - ''; - }; - }; - - security.acme.acceptTerms = true; - security.acme.certs."paper.rab.lol" = { - email = "nikodem@rabulinski.com"; - dnsProvider = "cloudflare"; - credentialsFile = config.age.secrets.rab-lol-cf.path; - }; - }; - }; -}