nrabulinski/settei
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

Compare commits

base: nrabulinski:39bf79e334ae24b83d3910b571731c2bd029fdf9
Branches Tags
nrabulinski:main
nrabulinski:bootstrap
nrabulinski:experiments/nilla
..
compare: nrabulinski:a6f43b43b2d216186f209642db153a6bc8dcbfb6
Branches Tags
nrabulinski:main
nrabulinski:bootstrap
nrabulinski:experiments/nilla

No commits in common. "39bf79e334ae24b83d3910b571731c2bd029fdf9" and "a6f43b43b2d216186f209642db153a6bc8dcbfb6" have entirely different histories.
39bf79e334 ... a6f43b43b2

30 changed files with 90 additions and 239 deletions
Download patch file Download diff file Expand all files Collapse all files

2
hosts/kazuki/mail.nix
View file

@ -37,8 +37,6 @@
}; };
certificateScheme = "acme-nginx"; certificateScheme = "acme-nginx";
stateVersion = 2;
}; };
# TODO: Remove once SNM gets their shit together # TODO: Remove once SNM gets their shit together

19
hosts/youko/default.nix
View file

@ -1,17 +1,3 @@
{ config, lib, ... }:
let
builderUsers = lib.fp.pipe [
(lib.attrs.filter (
name: _:
!builtins.elem name [
"youko"
"kazuki"
"ude"
]
))
builtins.attrValues
] config.assets.sshKeys.system;
in
{ {
config.systems.nixos.youko.module = config.systems.nixos.youko.module =
{ {
@ -45,11 +31,6 @@ in
settei.desktop.enable = true; settei.desktop.enable = true;
}; };
settei.remote-builder = {
enable = true;
sshKeys = builderUsers;
};
services.udisks2.enable = true; services.udisks2.enable = true;
settei.incus.enable = true; settei.incus.enable = true;
virtualisation.podman.enable = true; virtualisation.podman.enable = true;

49
modules/system/builder.nix
View file

@ -1,49 +0,0 @@
{ isLinux }:
{
config,
lib,
pkgs,
...
}:
let
cfg = config.settei.remote-builder;
sharedConfig = {
users.users.${cfg.user} = {
shell = pkgs.bash;
openssh.authorizedKeys.keys = cfg.sshKeys;
};
nix.settings.trusted-users = [ cfg.user ];
};
linuxConfig = lib.optionalAttrs isLinux {
users.users.${cfg.user} = {
isSystemUser = true;
group = cfg.user;
};
users.groups.${cfg.user} = { };
};
mergedConfig = lib.mkMerge [
sharedConfig
linuxConfig
];
in
{
_file = ./builder.nix;
options.settei.remote-builder = {
enable = lib.mkEnableOption "configuring this machine as a remote builder";
user = lib.mkOption {
type = lib.types.str;
default = "nixremote";
};
sshKeys = lib.mkOption {
type = lib.types.listOf lib.types.singleLineStr;
default = [ ];
};
};
config = lib.mkIf cfg.enable mergedConfig;
}

1
modules/system/default.nix
View file

@ -25,7 +25,6 @@
(import ./github-runner.nix { inherit isLinux; }) (import ./github-runner.nix { inherit isLinux; })
(import ./incus.nix { inherit isLinux; }) (import ./incus.nix { inherit isLinux; })
(import ./monitoring.nix { inherit isLinux; }) (import ./monitoring.nix { inherit isLinux; })
(import ./builder.nix { inherit isLinux; })
]; ];
options.settei = with lib; { options.settei = with lib; {

5
nilla.nix
View file

@ -88,7 +88,7 @@
darwin-systems' = map (system: system.result.config.system.build.toplevel) darwin-systems; darwin-systems' = map (system: system.result.config.system.build.toplevel) darwin-systems;
all-drvs = all-packages' ++ nixos-systems' ++ darwin-systems'; all-drvs = all-packages' ++ nixos-systems' ++ darwin-systems';
all-drvs' = builtins.concatStringsSep "\n" all-drvs; all-drvs' = lib.strings.concatMapSep "\n" builtins.unsafeDiscardStringContext all-drvs;
in in
mkPackage ( mkPackage (
{ runCommand }: { runCommand }:
@ -104,7 +104,7 @@
system, system,
}: }:
writeShellScript "ci-check" '' writeShellScript "ci-check" ''
nix-instantiate --strict --eval -E 'import ./nilla.nix {}' -A packages.__allPackages.result.${system}.outPath nix-instantiate --eval -E 'import ./nilla.nix {}' -A packages.__allPackages.result.${system}.outPath
"${lib.getExe config.packages.formatter.result.${system}}" --ci "${lib.getExe config.packages.formatter.result.${system}}" --ci
'' ''
); );
@ -128,7 +128,6 @@
config.packages.agenix.result.${system} config.packages.agenix.result.${system}
config.packages.attic-client.result.${system} config.packages.attic-client.result.${system}
config.packages.nh.result.${system} config.packages.nh.result.${system}
config.packages.formatter.result.${system}
]; ];
}; };
}; };

3
pkgs/conduit/default.nix
View file

@ -13,8 +13,7 @@ rustPlatform.buildRustPackage {
inherit src; inherit src;
strictDeps = true; strictDeps = true;
useFetchCargoVendor = true; cargoLock.lockFile = "${src}/Cargo.lock";
cargoHash = "sha256-gNcpB2LMZU18RIxVu+mJfa4+lB5rNIRcZ2DJPvZCdQo=";
nativeBuildInputs = [ rustPlatform.bindgenHook ]; nativeBuildInputs = [ rustPlatform.bindgenHook ];

BIN
secrets/alert-nrab-lol-pass.age
View file

Binary file not shown.

38
secrets/alert-plain-pass.age
View file

@ -1,20 +1,20 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 GKhvwg /jQLcJCNx2g7rM8udm1ZyPDeqc0pJ95VpIsWObAG/xM -> ssh-ed25519 GKhvwg ZvzKWT14nrdbiVRJf4hK3Gmb7pkLA1YrzIAXi7GqUm0
0QCmRI3pXNLmzIENjDyVNQLISQd6uyA/HOyXB1W47X0 OqGUgm/4oefj+J6JrIM42FPq/2tH/evQfKYQGCSMIc4
-> ssh-ed25519 H0Rg/A r98Ge9hReVxBKmQuAfX63L8y9W2vQh2PC/VMtGnS/SE -> ssh-ed25519 H0Rg/A ucyXgt869tI6HWLjrsg5o65HBBHnjiAyJ2T7aCps7iQ
itKOWkxTHsM/SlhW+AA037ns0XmOaLHWrEtguC5h5Pw h58tIKkuHEFM+7VRl6u+3vvV3XQ0r+XqvUo7OdLuKEg
-> ssh-ed25519 84j9mw FlKDqV1OxbxZ3s6mtYS6hzdOrMvY+GuYrXWoBk2Xo0Q -> ssh-ed25519 84j9mw 2a5d7xIwqwF9MuAKv490mGUMYiDvZWK8+sLDjShpnmk
XqYK9dQXXx8eKlYhwQ5N+62GX/48VWQ51UyNialg5/E 7CH1AzJQD7nrq7aKZJy54+74awO2MHO6RySq29/MH18
-> ssh-ed25519 5A7peQ MIpjM9J/7wAVGuB5eRStLAAqLEE9Ff4E6eoWqEE4lk8 -> ssh-ed25519 5A7peQ 8h1pfClbTdBZuSZyw1LcntL6QIDXukYkJ+SBmcZMYAE
J0o+kgUBuk0odbuLvuRns699wfY/LPHc9RZydpnyVc0 d8gix1GBYjqe8nYc/gdOxEvsYNo7+W+vhQZq/RFPeRw
-> ssh-ed25519 g2vRWw eNdLCZX01DMm9nZgugFCXIoqANF4Um+xxKQQf8SOax0 -> ssh-ed25519 g2vRWw E4b+U5rVKsurdddkOSeDKmhIQW5iK4hdoRePQjohM2w
i7H34Lumyn5qtigixSRbaYf1bm92kQLCf+EZKJeYmlw +WlMZ6Yd9iCqcm/WIrzRSRU9fmqdtc2Lb79wgB945Kg
-> ssh-ed25519 B2veVw DvHqN4AUU1mjB++Qwz1vNYHxST/8qZTM+p9PfIyFsHw -> ssh-ed25519 B2veVw 4APxbmXkGw6O319hX1rPpgCz2BNXs1fa71eopRvgsFI
BU+58wSWdknW6WbEr+uCenfaC1vLm3usdP1P8YBbn+8 AQ3FsW+H7qYg90JG8904/N0FjxjH4S70S1Gyer1BiXI
-> ssh-ed25519 IFuY+w d3WEXFMgaOUSo3jwkOBzmqTqYyZLkIWnINFj7FZCHlE -> ssh-ed25519 IFuY+w +W4IMgBS9ihPCEGWQw8DrsTkF8Ih5H1+ZjhmGdPimQE
u7KuKcjzTvCMJqiIzE2wNxNUjQuVaCcumnkNmVIg460 qlMFMVpw6uvH/OqGx/fIBFcP41RlXxyXKJ3//1N7mcQ
-> ssh-ed25519 rA7dkQ XjfR8WOE/ajNfI2PvtjccMWt4ZA5ZcQfRLaswf8o/BM -> ssh-ed25519 rA7dkQ 1XI21LILuaiYGHbdgCllU+H8N+/YPq9FyrOUTp0AXCI
cjEt4pbJgoiqQYDMAeOEKO8IsGrutkbYiJt+s9v65+M vklhN/5KOmbB0MaQ4F/iIuj5ReLiBrmFQunPtJu0o7w
--- Itt4v03PVRtcZ+msFBO6VKi3kDuK5+mjsQ0LZXQhWTk --- 5T2/adM9me57EcbMcLPba1MIisFzJnXLC+inc57bJdk
3²qš°oß…nÉ/<2F>¦Þ3Ø$? <>_m8¼<38> ÿJi'ª©6£—&Ù&o
´:mj¥ŠËd|ôÅüw´r k4-hu¨š}ï2¥Ú|Î1DIl9Þíܦ¡—ýY•

12
secrets/attic-creds.age
View file

@ -1,7 +1,7 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 84j9mw NTO+6rjQ67mvDfLbkZNyuvxGXVlKjqnH5Wg0/qD8Zkk -> ssh-ed25519 84j9mw ZJAtY/6itD2g/hCRjxKrV1ZWQIzM/YgKGNa5CT71YBc
oIrs9tsRkEqIb9lLQnF61DefTWtF60iSJEfm2b4dkLU mMGp1ZjBx0qEugMAnixkVn88HqdNui/gyJt/okwRDP8
-> ssh-ed25519 GKhvwg 1URR/IKkYchQlxgQDK0Dh20KXTrulyJfnO3JXjECBjw -> ssh-ed25519 GKhvwg JbvduCfwAY610WxpitcGlScY98bGeNYDqKuxHkrqZDU
K2N7/b88tkEa8bTSRRWLChPN5GbbNip4qDx4HubEP9s 4aCApDeZnE/7xA3JzxqD5awQv9N5oa2TcHQOZx+CBpE
--- 4DdZ4N53a/aiMQcO0okbaeo3npYD+WrjoFYVnIMkmEk --- nGz8lBsZ79RPshiTTFlSTVsZP7lfaNKBZFC7TtZ2ves
ýº<C3BD>Ó(Æ5š/©[p+&.$*Z˜¬µªÞ*ÿçb~ìϤ>"&À› !ïÂ9R´ÓGšæ7Ýârª?Kr<1F>©ËÜDmEl~º1DѨCg¼Eþ?qŠ"­wÿ7Ìû¨ª:¹X˜á¸|Dp<E280BA>êægµ4°Y4ÇãbÄ©-.Ù`#wCÝä,—ÞôyÊ|ðõ[í"k<>*YF œ[ü'²³!‡¯ëö™eç÷ÔâUTRÞGÌ 1òdI{aìϪ+'?Á£ýµ’"ʵ&ûÒNxkÄ<6B>¢RÏ—Æ)¿¥<>˜\„a¼ƒ<12>~¬³Šo`hæ¸ùɧ¶ëtΦë-‡ë“Wð°rh‰x•E ÿ<>+'<27>]>“r9è‰ÿOð™Ža=+ïëÔW tå…}Ââ°

BIN
secrets/forgejo-token.age
View file

Binary file not shown.

BIN
secrets/github-token.age
View file

Binary file not shown.

BIN
secrets/hercules-cache.age
View file

Binary file not shown.

BIN
secrets/hercules-secrets.age
View file

Binary file not shown.

BIN
secrets/hercules-token.age
View file

Binary file not shown.

12
secrets/leet-nrab-lol-pass.age
View file

@ -1,7 +1,7 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 84j9mw 7HLXJ0FPIlK/5skZB7HsmzyMX3S7I41wPsEPZ7Jb/28 -> ssh-ed25519 84j9mw 9ygN4fWQWX889zSTchiwqVwxTzHzl+3PSelEpeGx6yA
MJ9oeQWZ9QlL6kuB8QUHoOjdXqOqqpA3kHpr2h/6A5A v1GTvSMdbwC6U0QZtaD7/b5QbJ9j4J3F10eCUaT5COY
-> ssh-ed25519 GKhvwg oVRn1+ZoRU39ucM/It+cxfLEMjF0uSV1O7k0J/8DgnM -> ssh-ed25519 GKhvwg 9I2sycYPtBMPZenbWLueANm46TTPzbgCa//4oKojGEQ
ATACnP4ASRJ1qhyrm8yhi2qtDftXMiQ91CbmuqIm2gI aEX3TQpWRAcrtJaiTMxB08L8OY/O/4JR+/zoNPl7Kxc
--- ucDElqkYHEoTy0c+vPsy2AQ3aqJmkDSBAADiKB71k2o --- 6EB80pdWxmL1yVM+klouel5E59m2C88Dz0SH2DiT6nE
.ÿ¸ÆlCÆg„s.ˆãžüíI¡ÂžR² .qxL¡Î2 B NjFo9]9ögT®qNº©ÄiaØ]e ®a²Gœ¡»S¤kìY²$‘Ÿ¤¡<zöI hkdJwÓ|g¾~ºvà^Ëjq\<5C> ' ƒ™yöIícdW™YF?ÓNÍþâ/ä0ÄØý+h<>…=œ85±#Š ²‘\bm£~ŽäÇú1æïy"úqÌAT<41>

13
secrets/miyagi-niko-pass.age
View file

@ -1,7 +1,8 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 g2vRWw btMiKwz3PwvUTHhz3eQU1PkMqSPJ9gpVZ9WC7u49xmQ -> ssh-ed25519 g2vRWw 8FCO/eYVK3KfOvdyk5Va3R9jXaSNzV+ArFVhJwJPDDk
jhQgjo4Vt7e6Q9uERj9UG4AM/gMhMUexBWHI4ofrx7c zRBpyAtdJxg4TSsgUep66Yv2CMUUAI8IF3pL5+MI/88
-> ssh-ed25519 GKhvwg sZvZftsPUAjQ27PleicM9It+gpRjwPWOdxx85Mr5fxY -> ssh-ed25519 GKhvwg eMLyDK82QCKJrVjtfuy5DKTNFOc39zdJxJNFEXCO1Ac
G3VOFsNg2p1/KTyACw9QlvfBsyNUG9v7LSkWJl8afrg 6AamgzEBeT1018cy7N5GcvgjypGPLqF+2P14h//jTtA
--- letALmlj/zH1GJl31nWXeURJHZI6UkToZiTIUgZLv8s --- jhq8ZEIoUjMq5PH7tktWMKQuCLMKifY/UfjjM1Qn7UE
Õböxú­CI_· <0B>èƒó©Ñd:@÷–Æ@ØÎþ˜^ö o:]1ä¦s;©¤°i“v"‘à̽ãéøthTwlŠŒÿÉË •Óiü¶ø¬l—ã{<7B>àAÅn.v§[ÿîGØU0%ú) QÖ8cœV2ž ƈ<19>4Ü$h©+e…yÖ
0ç#¬aJ`ng{@½Ç.sªIgÏžåc*®Q'è&•¶˜‡k,CuI±†ý´w†™ɘ×Î +rEÔNîÕ·@FŽP€I¸¸?ÐÑ’

BIN
secrets/nrab-lol-cf.age
View file

Binary file not shown.

36
secrets/ntfy-alert-pass.age
View file

@ -1,19 +1,19 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 H0Rg/A ti8Cilk/v+91Nckt/CuYl6qRuRb3W60gvhB43FW1znI -> ssh-ed25519 H0Rg/A Gu5zy+v+SITLh8SsiBXDnFDW007MNnWQ3Qo1XnKQVTM
EeLV+OccotivcRsN/aB/UdF89WiPlJ6R8PeKN6b+OQs 0OLIB6bgEHct3n4ev0HgfaUOl8t93DM3qInsrfBn4Vw
-> ssh-ed25519 84j9mw 5rRP84YZGBMCFStzc5aeOqBmsAmjSb3GkKl47Msuei8 -> ssh-ed25519 84j9mw XBb71lyuXkIGxSL+VHv4To64qjGv3tqGGMa5J414uE0
DLtAz8tWkLu3QBeR+M5ZlJH6c6+GKPwf+qy3NpdTCOo kuVmbLJ4ZyC6rmNUZOEXfrYHm89iXRqwP2Gv5lV4XSE
-> ssh-ed25519 5A7peQ d6JYwhySRN6B0eHl+JiZkxawZuMYuS7RDrSKMQYHLzI -> ssh-ed25519 5A7peQ Zby6NTv0q8OQ9qvo7DvE4OVOpShVKE8K7QWTson0DCo
/Yg5Hx948SBDD8shA49Bnv8hooPokYG7Fn9roswNIWI eMTfWLUUImhEfXlBl8gYoA1YK0gfpB8VyWa2L3RCA1w
-> ssh-ed25519 g2vRWw gltJGTfV+a8BKaAkBGXkiW57ymv0vPBQnCS2BWJ6fDc -> ssh-ed25519 g2vRWw W5ZMWxUBPvef4sWXhv2aMCLZKlW++4n78vjJ+UE8XFE
+yBjIKMdM4eUVJvjs/UedjTH6hLRs56hDUpjpLC/q84 0J4OEvtTaffnRHQdfzGOOtBdgmq9is63uSLNFfZ59Oo
-> ssh-ed25519 B2veVw GeSb9ZgzHNDDDa/X+HppmefkEelg6JaQr8uaaijjzFo -> ssh-ed25519 B2veVw tZ3sVtgqEJ5LbK3b2xcH+0z8LaNUPs4KZO9A/VLH71g
LRzUrcmZAEosn0Sf4/YOLhbtdgYhWMYe9/uhvAMwcRI MUuolaOws9FLq5MwrGKbseG5Xaok/gad6LQ5bxhN+ss
-> ssh-ed25519 IFuY+w gmfb2WEjP2BVhwnL+DzFcsM/ctbihlC6wOr7Bhn8r0o -> ssh-ed25519 IFuY+w sz83GwAlZD8Zp2kH+7pwnETPKSfXDRgSXzNteAAGXF0
k4IEjoNZSukZtz+rkOjk/BfaZkJ7T1jNrweKpmGDRZU 4ByeRXyTp9+XpOirDvPAfDqfxyQXXqdEtTSq/CqKP0o
-> ssh-ed25519 rA7dkQ EWcPrbtHeD6Rq0mlnoVhgVTZQ586QdRVsZa1K9YkQzk -> ssh-ed25519 rA7dkQ b7UcNJ+8UhrBnJieRvNxHXFBmr6uyh9q4ZtD9vpsTRI
EN5VG0U1KGdpcT64B6C7kVDwKM/h+gsiTgsKf11XP2s 2/jPFKnWvCwc+Ki9gWJ8sbGetH46DZMk7LyxmqSlAe8
-> ssh-ed25519 GKhvwg jVotsPuVgxUaZUg5U6QwZO9O6DPsYv5Mp1rfsP353hQ -> ssh-ed25519 GKhvwg 1HxU3yc2MfaW6N/zOg5ZRD+imMAIhIdKCp5FYR1BXjY
c8uSgREFANKYeaafurp47MQiGnQxHXkFR5TGAQ7Ykv4 LlmcWTkjbm9Ig5rECdKieEsbmPZiFenZnLZ4p8YbUbI
--- unx7yN4JzSSku/QUYEEUSPxyyLrWLG4zEMB/yRqvKwg --- 8E31okL3vgwlYthWyy+sshdJDHWGBjawZoS/3QaqjT0
ûEƒTAÍms°~_Œ'Ô‡§%…ÁÿrÚ=KÃxí—ÖÑ„Oè¿#Mqº'ëM_5FÇ%<25><50>â».Ÿ =uÈ\e‡œFcêHère ¾t[92Á#Y®w¬N~GfÓ· ‰x¡þG^0=ü”WÜ Ó“¬ŠEÝ&©

14
secrets/ntfy-niko-pass.age
View file

@ -1,9 +1,7 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 84j9mw ryWkCbg6qUwncq/HkEIN8qgMjPKVRv86y/gzJFtlS0U -> ssh-ed25519 84j9mw 5fEqoBEGZ6AZRfWuU6mej6XNl6hDrxMIMMlccp9CVzg
G02X9Uacg0c5acyAmPHx5F6ImZQnjs45hH/tBFpP42I QvontdV2/amh/i1Ldmzup8TB+lN4b0+YuoT+UFWiPw8
-> ssh-ed25519 GKhvwg LcIGEajShma720zp/yMndBnEOoZV9aYSsOFmN6yG9wQ -> ssh-ed25519 GKhvwg 5Qm1FPvbv0ZsJiJ0Rjm0CPm6eWKvfQ4XHAOmEUWWCiA
lox/ZbORF9HCKl4lCkTrRQ240JEGljqoAf8+I5q03Z4 eu1MXEWfo425lbnq5tAOnGqpLgRVIOCkZKegTQQjw/I
--- 6a1rHleD/+yh+e+/0lm4TIvst9tjT7y6sr6ujApYuZQ --- s1g2UCKwlew0wCJSxGosBzn1K0TEbPlrIl09iZ58bMg
$Q~¯<>C7ß|»A{3]&£žÍX''Ì PÕÌý®ü$<24>N{èLrÿxS:=W²x•Òc¤(Jµ£|ÁÏúõ»48ÙäS
PRÜL6 ÑÏ
QÞYù¥<EFBFBD>ÍÆÂmhmÛ

7
secrets/paperless-pass.age
View file

@ -1,7 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 rA7dkQ sXPoNSctxQL6Gh1JrsMuUGp5/PW/v7zFzGzdncnVYnQ
ETOeRcPPhV+RZSZEC2cGsKm2H6eAn8eKJTn1NkJqndQ
-> ssh-ed25519 GKhvwg DWV3js/l+CYRHGgf0NCZwBCigE9U5tf8mkGxVNAIVSY
dxHnQkWKB8+02j3zuaeGVq8+A5vA2ssTccTdFSn5FCw
--- pu5uE5bsrnA7KrZSRGaD6xMKjzsx0ezXn9BbNVsrgAw
éëÅë³Q ÷¦ÀB<DfK@w)GU¾/úÿ+b^)™5Áþ¨8s±

BIN
secrets/rab-lol-cf.age
View file

Binary file not shown.

BIN
secrets/rabulinski-com-cf.age
View file

Binary file not shown.

5
secrets/secrets.nix
View file

@ -65,7 +65,6 @@ in
]; ];
"rab-lol-cf.age".publicKeys = [ "rab-lol-cf.age".publicKeys = [
keys.system.kazuki keys.system.kazuki
keys.system.youko
keys.other.bootstrap keys.other.bootstrap
]; ];
"rabulinski-com-cf.age".publicKeys = [ "rabulinski-com-cf.age".publicKeys = [
@ -89,8 +88,4 @@ in
keys.system.ude keys.system.ude
keys.other.bootstrap keys.other.bootstrap
]; ];
"paperless-pass.age".publicKeys = [
keys.system.youko
keys.other.bootstrap
];
} }

13
secrets/storage-box-creds.age
View file

@ -1,8 +1,7 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 84j9mw MkIkHSzR3H+j9ul56t+CrVsoeGRgH2ocYRSBoH/z5SY -> ssh-ed25519 84j9mw tKQQB/cd6JHCLQLrix2WGW5hHBUNC+pqDZXvTmOlOkw
0LNQmCBPvS5NiS66HCQ1Yifr/GkIYxrDj2Kfg/ZOerM lnx4olU3W8dgMwigYga/NYcjJ/C59J/uVdYNOfWmN2I
-> ssh-ed25519 GKhvwg xp5j84RKQ56OFSak3IvHRG9TAv0XVYLmWJLImgAjmws -> ssh-ed25519 GKhvwg iWTl/jvU1aBd78yAZUsOgcG6JaK+vO8Dpx61dYMjmhc
gx1Ke3U3ngFsDswVVOnwbQUJNOUSdFgh/LUKkDH30Ug 2Iu6OHlLlhJLy/cxI/zSuqRhBnoeGLXINbDyMIvDZD8
--- lWb3NlBy8n+NWGQ+M75RmWElXXLWWpl38aRYTVMm5GY --- eOl0sze0EOvfcAarBav7mb4B3jdBvOE+fF166oukbrk
qA ö[þVpŸ¬ýHêé Û0I† ¥*~ÓhÞ »¾­6û‡B˜<1E>ëZ±ikʤVý é9sÆÇ; !żlćxq*T,.ÄX˝k6ě^ů<†!żX5ŘČŢŁž‡‰·ÇŐáĄńô,`ßěY‰^đŮ›Čů.¬đÔÜ°úďe Wßěµ âOúyÖ
ªÆ³ˆMdÙ¬¥Õ¬=œ

13
secrets/storage-box-webdav.age
View file

@ -1,7 +1,8 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 84j9mw aSPnpUfj2PBYycEMzcENn30pzhrSEAatTOdoDhoPQVk -> ssh-ed25519 84j9mw C3TpEZsxJIYJ3d5vsQkCcCTity80nLsyxm5zCBZOMzk
PzcdoYgIHJZqOHE36gynF7r1LgFjoX2hEfCf1Emb2gg 56z54taf+KUJjDugfCGKlcbeRZfDzi3+eeanKPINS6E
-> ssh-ed25519 GKhvwg HlibITP17XIxE8t8Kd9NtC6n696fQJu78lE3Yp4lFyg -> ssh-ed25519 GKhvwg uUXJkGw54Q7dCnYobwV1zihOPa4R1FydJZehlFc5MA4
hmPEscf5AzMWq7NJSX8WxuRZ3bV3nMDAZZnZ8/Xy+rg 6Zbym9jLykqsYjmb6rKIa6GExAKVVvEkvCQrzl6HB/M
--- gSATPThFb4g1a+5/hwps5NGAEsd3VUlYtzy0vTySXyM --- QICnyH0PORBpoNgT3pjuhP1p8AHn9gD2OIae/9G23x8
<EFBFBD><EFBFBD>øÇw_0¿](t€9©ÌÂæñ%9šÒaWŠÍ¬ý@dWý©@µ÷S Óoˆ’€*&þàX¢-@Õö¬ª<><C2AA>ƒc~#f¶o<>†âx‰•°=;‡Ý ±(¯}¨{¬¤Ôœ2Ë“¿òi]UmiL­mÂvé>ke<7F>ã'6“AÀ̯¶XÔi<¯á:òùÓfÇU<>È~Ÿú&A¬Ë¡çj°
D·?_“E-éH

13
secrets/ude-deluge.age
View file

@ -1,8 +1,7 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 IFuY+w YhrlFN7mVaYlDC0YyEYwHUw/Dn+AJS5LcdYH0CHNhHM -> ssh-ed25519 IFuY+w ZigoLhwVERGG/r7uYI3DKX7jijKt+4tsiTWpbIdUTXE
2Fh1Imyut/Fs3nAUQAYNHuR0DPRCnDDv0fuLI1hQc6k k4jmQIJXr7yJOY3pkc1VnoqDgWkNr84k1AgYF7jNjRs
-> ssh-ed25519 GKhvwg Iuw+N1SD8On8HqpoinMoXFJ+QRS7CRyjVHhI7LE83hs -> ssh-ed25519 GKhvwg FMZOLDeE2Yw1Kd8V7NTL2oQtWo4IKDUoHu/Z8Su2hHI
yTdsv1DKQUSG1hFyxanahMiagPumuuVH1S1uLwoX3aU QF+L/Qf35wkOcgGWWRGANMJCG5Vz80epjQuwa4IdYQM
--- fGCYe4oLn1ucgnXuuecwD4nHMkiqxy2kSTYp79y7sR4 --- ZUTRNDrgxdsZsNSP1Z3BLxw4EYexr873aJrbUvIgE2I
ÚÑ­ yâùZͪëú¶ M¹®ËXd識塸*ô5ð‡øj"‹¥¿íí*ÃÖZU³å Ñ„²|Ý•]¼ßa8 ð"Zœb<>][9S÷Uµ ù.
QýÉVCs`ËʦWG<57>#+K~˜!æ:â#ËÝ'¨¹jƒÀˆQDŒYŠzžƒ'­ ¾†‚%Š¯@Ïâ´ÊO±Õ`剒>

12
secrets/youko-niko-pass.age
View file

@ -1,7 +1,7 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 rA7dkQ HZF6g+17SHv2P0Agh9/rJk5yQkjqxmOKF+F5dlcHkUI -> ssh-ed25519 rA7dkQ ucrMqUlwttyHHFkJ/c5tYpHohefNYe6aJnxHMUjkUxU
WimAhXL0UU2JXUlruPnIwi7vkjQ7YDWsyK5yB006gWo RgsGaMLmtziGu/n6MiDJmkTZORTh2yYWoSS0eu9i6PA
-> ssh-ed25519 GKhvwg mYJ6EJxisRlPtWzBqAsQXF4sivQP86rr03qIQvJGumY -> ssh-ed25519 GKhvwg u7Fjda07e17aJGV0ZFK/Mt2ZbF/3b38MLydE8WKs2gY
Y+dGZb/F1jddv04tFFPSSyTTJjsBTbQUocNg+FJuX/E gO2rNP64Nkhr5GShWP8zhxeT2YUKEkqN1Oc6/3l6PKU
--- mMUDr1Q6r/fEIejP+0yBj8D09REx3bj51XpaJiOO4ns --- H9oqwkU/uI5fZAdy+qkCW5vw1PBaahe28FTUxhEFsds
Íî<zA"¸ó³eÛû9µæ_þ<Õ<> b“¸ª…7wªt qî[£ë¿Ä‰ãkCýåt]Øh§ÕUY67^#PT#Aõ(ñµ#•€Tßú}˜œuæÍå f&¼Ë–à —/¶ <)Þ<>=´ xSæmL6îï9ÊŽÐîGŽ×3Ñ<áò4[ZÀ Œt»}å¶<OÓÃØdšÊcªYûé}>XQ^]<5D>ŠñK|B¶ÌwDmÓq×HïX©]FñeÄRt%¥`Ò¤0†»IVÂ×

BIN
secrets/zitadel-master.age
View file

Binary file not shown.

1
services/default.nix
View file

@ -3,6 +3,5 @@
./attic.nix ./attic.nix
./forgejo-runner.nix ./forgejo-runner.nix
./forgejo.nix ./forgejo.nix
./paperless.nix
]; ];
} }

61
services/paperless.nix
View file

@ -1,61 +0,0 @@
{
config.services.paperless = {
host = "youko";
ports = [ 28981 ];
module =
{ config, ... }:
{
age.secrets.rab-lol-cf = {
file = ../secrets/rab-lol-cf.age;
owner = config.services.nginx.user;
};
age.secrets.paperless-pass = {
file = ../secrets/paperless-pass.age;
owner = config.services.paperless.user;
};
services.paperless = {
enable = true;
dataDir = "/var/lib/paperless";
mediaDir = "/media/paperless/media";
consumptionDir = "/media/paperless/consume";
passwordFile = config.age.secrets.paperless-pass.path;
settings = {
PAPERLESS_CONSUMER_IGNORE_PATTERN = [
".DS_STORE/*"
"desktop.ini"
];
PAPERLESS_OCR_LANGUAGE = "pol+eng+jpn";
PAPERLESS_OCR_USER_ARGS = {
optimize = 1;
pdfa_image_compression = "lossless";
};
};
};
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedTlsSettings = true;
virtualHosts."paper.rab.lol" = {
forceSSL = true;
enableACME = true;
acmeRoot = null;
locations."/".proxyPass = "http://localhost:28981";
extraConfig = ''
client_max_body_size 24G;
'';
};
};
security.acme.acceptTerms = true;
security.acme.certs."paper.rab.lol" = {
email = "nikodem@rabulinski.com";
dnsProvider = "cloudflare";
credentialsFile = config.age.secrets.rab-lol-cf.path;
};
};
};
}