diff --git a/README.md b/README.md index 8d5da60..d11785b 100644 --- a/README.md +++ b/README.md @@ -17,11 +17,11 @@ Collection of my personal Nix configurations and opinionated NixOS, nix-darwin, - hosts - per-machine configurations - kazuki - my linux arm server + - legion - my linux x86 server - hijiri - my macbook - hijiri-vm - linux vm running on my macbook - ude - another linux arm server - kogata - my m1 mac mini doubling as a server - - youko - my linux x86 server - modules - options which in principle should be reusable by others - system - my opinionated nixos/nix-darwin modules - home - my opinionated home-manager modules diff --git a/assets/ssh.nix b/assets/ssh.nix index c699be9..afdc92c 100644 --- a/assets/ssh.nix +++ b/assets/ssh.nix @@ -9,6 +9,7 @@ hijiri-vm = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP6tfXLB6xhcl3rtI5x9NXSs12U4LVy06RRlyZxiORa0 nikodem@rabulinski.com"; kazuki = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIImsFb9qRxX0n2Bmy00T8iPam+Fc3mgKkm7dfM7AQRHN nikodem@rabulinski.com"; + legion = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILHX2MNGZGSTedYAepZHgcx+KK0A6ASulwSrpf9ytb5h nikodem@rabulinski.com"; miyagi = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEIf4Ypws+1v9WL9MibW1dELpa/7YixElaBE7S71jsTy nrabulinski@antmicro.com"; ude = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEDm3M/i/4wP2BM4+9hHAOMospwvlBZ+FT+pJtVgaaMq nikodem@rabulinski.com"; kogata = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGK7H4Z29d72HJlI69Vt0YLOyuPcn9XxYjvMZfql80z0 nikodem@rabulinski.com"; @@ -19,6 +20,7 @@ system = { kazuki = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEyYhYWDNmKSrpcslD3NzWW+lQmDcLJdjLh7CSkL4hW5 root@kazuki"; + legion = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH0Ktyj0FSn8KLRwRGd0Tp/qNUPXV7+XyxAsWGWdMYp8 root@legion"; miyagi = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILbUcsZrZgGHojG+1yVyNEW5Fgr7/7qNaWxOt+lFrJaD root@miyagi"; ude = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDZW15ObZ6XG776pdEvs9yqSuIiWlbGveEVA774Ri9/o root@ude"; kogata = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICPN/SXBcIB1WN8GIhYrQrqzFGuVkEP4o0E+x0uQ4f2l"; diff --git a/flake.lock b/flake.lock index 3cd382a..5d68e57 100644 --- a/flake.lock +++ b/flake.lock @@ -190,6 +190,22 @@ "type": "github" } }, + "fl-config": { + "locked": { + "lastModified": 1653159448, + "narHash": "sha256-PvB9ha0r4w6p412MBPP71kS/ZTBnOjxL0brlmyucPBA=", + "owner": "flakelib", + "repo": "fl", + "rev": "fcefb9738d5995308a24cda018a083ccb6b0f460", + "type": "github" + }, + "original": { + "owner": "flakelib", + "ref": "config", + "repo": "fl", + "type": "github" + } + }, "flake-compat": { "flake": false, "locked": { @@ -335,6 +351,25 @@ "type": "github" } }, + "flakelib": { + "inputs": { + "fl-config": "fl-config", + "std": "std" + }, + "locked": { + "lastModified": 1701802971, + "narHash": "sha256-Zo5fJpXbe+xXOTiDT4JG2rExobMJTmFZ72+3XTMMHrQ=", + "owner": "flakelib", + "repo": "fl", + "rev": "b71a91517f6b16aa5faefe8ec491d9f3062d7a20", + "type": "github" + }, + "original": { + "owner": "flakelib", + "repo": "fl", + "type": "github" + } + }, "flakey-profile": { "locked": { "lastModified": 1712898590, @@ -496,6 +531,21 @@ "type": "github" } }, + "nix-std": { + "locked": { + "lastModified": 1701658249, + "narHash": "sha256-KIt1TUuBvldhaVRta010MI5FeQlB8WadjqljybjesN0=", + "owner": "chessai", + "repo": "nix-std", + "rev": "715db541ffff4194620e48d210b76f73a74b5b5d", + "type": "github" + }, + "original": { + "owner": "chessai", + "repo": "nix-std", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1723603349, @@ -571,6 +621,44 @@ "type": "github" } }, + "nvidia-patch": { + "inputs": { + "flakelib": "flakelib", + "nixpkgs": [ + "nixpkgs" + ], + "nvidia-patch-src": "nvidia-patch-src" + }, + "locked": { + "lastModified": 1742460640, + "narHash": "sha256-Qks0TRMOiuVKjcSPkg251Q2/wdU5ooMt4b2f2numPzg=", + "owner": "arcnmx", + "repo": "nvidia-patch.nix", + "rev": "c85990250376300fe11413e22458911f408f64d0", + "type": "github" + }, + "original": { + "owner": "arcnmx", + "repo": "nvidia-patch.nix", + "type": "github" + } + }, + "nvidia-patch-src": { + "flake": false, + "locked": { + "lastModified": 1742384429, + "narHash": "sha256-5O0TXVrLsFrULXli2vB2iJ7TECUckMHKvJZYmdkcnGE=", + "owner": "keylase", + "repo": "nvidia-patch", + "rev": "07080317245ac30c38001d2149810b2dee3cce1f", + "type": "github" + }, + "original": { + "owner": "keylase", + "repo": "nvidia-patch", + "type": "github" + } + }, "racket": { "inputs": { "nixpkgs": [ @@ -609,6 +697,7 @@ "mailserver": "mailserver", "niko-nur": "niko-nur", "nixpkgs": "nixpkgs_2", + "nvidia-patch": "nvidia-patch", "racket": "racket", "treefmt": "treefmt", "wrapper-manager": "wrapper-manager", @@ -675,6 +764,24 @@ "type": "github" } }, + "std": { + "inputs": { + "nix-std": "nix-std" + }, + "locked": { + "lastModified": 1701802337, + "narHash": "sha256-JCVCyjDZ6LA0xyVoDZzRXjy0OgWOZo3OpeZEVm/U97w=", + "owner": "flakelib", + "repo": "std", + "rev": "443d1c8246b3d96a4822b02af907ca0d833e8b63", + "type": "github" + }, + "original": { + "owner": "flakelib", + "repo": "std", + "type": "github" + } + }, "systems": { "locked": { "lastModified": 1681028828, diff --git a/flake.nix b/flake.nix index 821117f..a0ce7ed 100644 --- a/flake.nix +++ b/flake.nix @@ -125,6 +125,10 @@ url = "gitlab:famedly/conduit?ref=next"; flake = false; }; + nvidia-patch = { + url = "github:arcnmx/nvidia-patch.nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; fenix = { url = "github:nix-community/fenix"; inputs.nixpkgs.follows = "nixpkgs"; diff --git a/hosts/default.nix b/hosts/default.nix index d8ed8b3..03d464d 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -9,6 +9,7 @@ ./kazuki ./hijiri-vm ./hijiri + ./legion # TODO: Custom installer ISO # ./installer ./ude diff --git a/hosts/legion/default.nix b/hosts/legion/default.nix new file mode 100644 index 0000000..92c95be --- /dev/null +++ b/hosts/legion/default.nix @@ -0,0 +1,47 @@ +{ + configurations.nixos.legion = + { + config, + username, + ... + }: + { + imports = [ + ./hardware.nix + # ./disks.nix + ./msmtp.nix + ./desktop.nix + ]; + + nixpkgs.hostPlatform = "x86_64-linux"; + + specialisation = { + nas.configuration = ./nas; + }; + + boot = { + loader.systemd-boot.enable = true; + loader.efi.canTouchEfiVariables = true; + }; + + settei.tailscale = { + ipv4 = "100.84.112.35"; + ipv6 = "fd7a:115c:a1e0:ab12:4843:cd96:6254:7023"; + }; + + networking = { + hostName = "legion"; + hostId = builtins.substring 0 8 "524209a432724c7abaf04398cdd6eecd"; + networkmanager.enable = true; + }; + systemd.services.NetworkManager-wait-online.enable = false; + + powerManagement.cpuFreqGovernor = "performance"; + + age.secrets.niko-pass.file = ../../secrets/legion-niko-pass.age; + users.users.${username}.hashedPasswordFile = config.age.secrets.niko-pass.path; + + settei.incus.enable = true; + virtualisation.podman.enable = true; + }; +} diff --git a/hosts/legion/desktop.nix b/hosts/legion/desktop.nix new file mode 100644 index 0000000..7d80cd9 --- /dev/null +++ b/hosts/legion/desktop.nix @@ -0,0 +1,112 @@ +# TODO: Proper desktop module +{ + config, + pkgs, + lib, + username, + ... +}: +{ + # Needed for nvidia and steam + nixpkgs.config.allowUnfree = true; + + settei.user.config = { + settei.desktop.enable = true; + home.packages = with pkgs; [ + brightnessctl + dmenu + ]; + + xsession.windowManager.i3 = { + enable = true; + config = { + terminal = "wezterm"; + modifier = "Mod4"; + }; + }; + + home.file.".xinitrc".source = pkgs.writeShellScript "xinitrc" '' + xrandr --setprovideroutputsource modesetting NVIDIA-0 + xrandr --auto + exec dbus-run-session i3 + ''; + }; + + programs.steam = { + enable = true; + remotePlay.openFirewall = true; + dedicatedServer.openFirewall = true; + gamescopeSession = { }; + }; + + hardware.steam-hardware.enable = true; + + services.logind = lib.genAttrs [ + "lidSwitch" + "lidSwitchDocked" + "lidSwitchExternalPower" + ] (_: "ignore"); + + services.pipewire = { + enable = true; + alsa.enable = true; + pulse.enable = true; + }; + + programs.dconf.enable = true; + services.dbus.enable = true; + + users.users.${username}.extraGroups = [ + "video" + "input" + ]; + + # NVIDIA stuff + services.xserver = { + enable = true; + excludePackages = [ pkgs.xterm ]; + videoDrivers = [ "nvidia" ]; + xkb.layout = "pl"; + displayManager.startx.enable = true; + config = lib.mkForce '' + Section "OutputClass" + Identifier "intel" + MatchDriver "i915" + Driver "modesetting" + EndSection + + Section "OutputClass" + Identifier "nvidia" + MatchDriver "nvidia-drm" + Driver "nvidia" + Option "AllowEmptyInitialConfiguration" + Option "PrimaryGPU" "yes" + ModulePath "${config.hardware.nvidia.package.bin}/lib/xorg/modules" + ModulePath "${pkgs.xorg.xorgserver}/lib/xorg/modules" + EndSection + + Section "InputClass" + Identifier "touchpad" + Driver "libinput" + MatchIsTouchpad "on" + Option "Tapping" "on" + Option "TappingButtonMap" "lrm" + Option "NaturalScrolling" "true" + EndSection + ''; + exportConfiguration = true; + }; + services.libinput.enable = true; + + hardware.nvidia = { + patch.enable = true; + patch.nvidiaPackage = config.boot.kernelPackages.nvidia_x11_production; + open = false; + modesetting.enable = true; + }; + + hardware.graphics = { + enable = true; + enable32Bit = true; + }; +} diff --git a/hosts/legion/disks.nix b/hosts/legion/disks.nix new file mode 100644 index 0000000..74ecef9 --- /dev/null +++ b/hosts/legion/disks.nix @@ -0,0 +1,14 @@ +_args: +/* + let + bootDevice = args.bootDevice or "/dev/nvme0n1"; + in +*/ +{ + assertions = [ + { + assertion = false; + message = "Disko config TODO"; + } + ]; +} diff --git a/hosts/legion/hardware.nix b/hosts/legion/hardware.nix new file mode 100644 index 0000000..f1b8f71 --- /dev/null +++ b/hosts/legion/hardware.nix @@ -0,0 +1,90 @@ +{ config, ... }: +{ + boot.initrd.availableKernelModules = [ + "xhci_pci" + "ahci" + "nvme" + "usbhid" + "usb_storage" + "uas" + ]; + boot.extraModulePackages = with config.boot.kernelPackages; [ acpi_call ]; + boot.kernelModules = [ + "kvm-intel" + "i2c-dev" + "acpi_call" + ]; + boot.blacklistedKernelModules = [ "nouveau" ]; + + # Needed for enableAllFirmware + nixpkgs.config.allowUnfree = true; + hardware = { + enableAllFirmware = true; + cpu.intel.updateMicrocode = true; + }; + + services.smartd.enable = true; + + # TODO: Move to disko only + # TODO: Actually set up impermanence + boot.supportedFilesystems = [ "btrfs" ]; + boot.initrd.luks.devices."enc".device = "/dev/disk/by-label/LUKS"; + + fileSystems."/" = { + device = "/dev/disk/by-label/LINUX"; + fsType = "btrfs"; + options = [ + "subvol=root" + "compress=zstd" + "noatime" + ]; + }; + + fileSystems."/home" = { + device = "/dev/disk/by-label/LINUX"; + fsType = "btrfs"; + options = [ + "subvol=home" + "compress=zstd" + "noatime" + ]; + }; + + fileSystems."/nix" = { + device = "/dev/disk/by-label/LINUX"; + fsType = "btrfs"; + options = [ + "subvol=nix" + "compress=zstd" + "noatime" + ]; + }; + + fileSystems."/persist" = { + device = "/dev/disk/by-label/LINUX"; + fsType = "btrfs"; + options = [ + "subvol=persist" + "compress=zstd" + "noatime" + ]; + }; + + fileSystems."/var/log" = { + device = "/dev/disk/by-label/LINUX"; + fsType = "btrfs"; + options = [ + "subvol=log" + "compress=zstd" + "noatime" + ]; + neededForBoot = true; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-label/BOOT"; + fsType = "vfat"; + }; + + swapDevices = [ { device = "/dev/disk/by-label/SWAP"; } ]; +} diff --git a/hosts/legion/msmtp.nix b/hosts/legion/msmtp.nix new file mode 100644 index 0000000..dc51c15 --- /dev/null +++ b/hosts/legion/msmtp.nix @@ -0,0 +1,36 @@ +# TODO: Potentially make this a common module? +{ + pkgs, + config, + username, + ... +}: +let + mail = "alert@nrab.lol"; + aliases = pkgs.writeText "mail-aliases" '' + ${username}: nikodem@rabulinski.com + root: ${mail} + ''; +in +{ + age.secrets.alert-plaintext.file = ../../secrets/alert-plain-pass.age; + + programs.msmtp = { + enable = true; + setSendmail = true; + defaults = { + inherit aliases; + tls = "on"; + auth = "login"; + tls_starttls = "off"; + }; + accounts = { + default = { + host = "mail.nrab.lol"; + passwordeval = "cat ${config.age.secrets.alert-plaintext.path}"; + user = mail; + from = mail; + }; + }; + }; +} diff --git a/hosts/legion/nas/default.nix b/hosts/legion/nas/default.nix new file mode 100644 index 0000000..f01145a --- /dev/null +++ b/hosts/legion/nas/default.nix @@ -0,0 +1,59 @@ +{ + pkgs, + lib, + username, + ... +}: +{ + imports = [ ./media.nix ]; + + boot.supportedFilesystems = [ + "ext4" + "zfs" + ]; + + boot.zfs.extraPools = [ "yottapool" ]; + services.zfs = { + autoScrub.enable = true; + zed.settings = { + ZED_DEBUG_LOG = "/tmp/zed.debug.log"; + ZED_EMAIL_ADDR = [ username ]; + ZED_EMAIL_PROG = lib.getExe pkgs.msmtp; + ZED_EMAIL_OPTS = "@ADDRESS@"; + + ZED_NOTIFY_INTERVAL_SECS = 3600; + ZED_NOTIFY_VERBOSE = true; + + ZED_USE_ENCLOSURE_LEDS = true; + ZED_SCRUB_AFTER_RESILVER = true; + }; + }; + + fileSystems."/bulk" = { + device = "/dev/disk/by-label/BULK"; + fsType = "ext4"; + }; + + systemd.mounts = [ + { + type = "none"; + options = "bind"; + what = "/media/data"; + where = "/export/yotta-data"; + requires = [ "zfs-mount.service" ]; + after = [ "zfs-mount.service" ]; + wantedBy = [ "multi-user.target" ]; + before = [ "nfs-server.service" ]; + requiredBy = [ "nfs-server.service" ]; + } + ]; + + services.nfs.server = { + enable = true; + hostName = "100.84.112.35"; + exports = '' + /export *(insecure,rw,crossmnt,fsid=0) + /export/yotta-data *(insecure,rw,nohide) + ''; + }; +} diff --git a/hosts/legion/nas/media.nix b/hosts/legion/nas/media.nix new file mode 100644 index 0000000..501e811 --- /dev/null +++ b/hosts/legion/nas/media.nix @@ -0,0 +1,132 @@ +{ + config, + username, + lib, + ... +}: +{ + age.secrets.rab-lol-cf = { + file = ../../../secrets/rab-lol-cf.age; + owner = config.services.nginx.user; + }; + + services.jellyfin = { + enable = true; + openFirewall = true; + }; + services.radarr.enable = true; + # TODO: Remove once https://github.com/Sonarr/Sonarr/pull/7443 is merged + nixpkgs.config.permittedInsecurePackages = [ + "dotnet-sdk-6.0.428" + "aspnetcore-runtime-6.0.36" + ]; + services.sonarr.enable = true; + services.prowlarr.enable = true; + services.jellyseerr.enable = true; + services.deluge = { + enable = true; + web.enable = true; + config.download_location = "/media/deluge"; + }; + + services.restic.server = { + enable = true; + dataDir = "/media/restic"; + extraFlags = [ "--no-auth" ]; + }; + + users.users = { + jellyfin.extraGroups = [ + "radarr" + "sonarr" + ]; + radarr.extraGroups = [ "deluge" ]; + sonarr.extraGroups = [ "deluge" ]; + ${username}.extraGroups = [ "deluge" ]; + }; + + systemd.services = lib.mkMerge [ + (lib.genAttrs + [ + "jellyfin" + "radarr" + "sonarr" + "prowlarr" + "deluged" + "restic-rest-server" + ] + (_: { + requires = [ "zfs-mount.service" ]; + after = [ "zfs-mount.service" ]; + }) + ) + { + jellyseerr.requires = [ + "jellyfin.service" + "radarr.service" + "sonarr.service" + ]; + + radarr.requires = [ "deluged.service" ]; + sonarr.requires = [ "deluged.service" ]; + } + ]; + + services.nginx = { + enable = true; + recommendedProxySettings = true; + virtualHosts = + let + services = [ + "jellyfin" + "jellyseerr" + "deluge" + "prowlarr" + "sonarr" + "radarr" + ]; + mkService = name: { + forceSSL = true; + useACMEHost = "_wildcard.legion.rab.lol"; + listen = lib.flatten ( + map + (port: [ + (port // { addr = config.settei.tailscale.ipv4; }) + (port // { addr = "[${config.settei.tailscale.ipv6}]"; }) + ]) + [ + { port = 80; } + { + port = 443; + ssl = true; + } + ] + ); + + locations."/".proxyPass = "http://${name}"; + }; + services' = map (service: { + name = "${service}.legion.rab.lol"; + value = mkService service; + }) services; + in + lib.listToAttrs services'; + upstreams = { + jellyfin.servers."localhost:8096" = { }; + jellyseerr.servers."localhost:5055" = { }; + deluge.servers."localhost:8112" = { }; + prowlarr.servers."localhost:9696" = { }; + radarr.servers."localhost:7878" = { }; + sonarr.servers."localhost:8989" = { }; + }; + }; + + users.users.nginx.extraGroups = [ "acme" ]; + security.acme.acceptTerms = true; + security.acme.certs."_wildcard.legion.rab.lol" = { + domain = "*.legion.rab.lol"; + dnsProvider = "cloudflare"; + credentialsFile = config.age.secrets.rab-lol-cf.path; + email = "nikodem@rabulinski.com"; + }; +} diff --git a/modules/default.nix b/modules/default.nix index 24a8f46..32f8e5f 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -33,6 +33,7 @@ in inputs.disko.nixosModules.disko inputs.mailserver.nixosModules.default inputs.home-manager.nixosModules.home-manager + inputs.nvidia-patch.nixosModules.nvidia-patch inputs.attic.nixosModules.atticd inputs.lix-module.nixosModules.default { diff --git a/secrets/alert-nrab-lol-pass.age b/secrets/alert-nrab-lol-pass.age index a5e31ca..85d17ab 100644 --- a/secrets/alert-nrab-lol-pass.age +++ b/secrets/alert-nrab-lol-pass.age @@ -1,8 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 84j9mw Uex/8V7Wq/9Bz9nvJRwfl5F6/QexinaDIhe14gAqWng -/lvX7cziXcohWI8FS8eybbdAaWDgN2Nvv2/3/DDaCFg --> ssh-ed25519 GKhvwg JmC8WUB4SkpEy9nYGo9sfoNPx1pOAqvq0YDqd4l4vWw -F7KRZaLxCs7eYlPvv+yLovyFAxkahr/p5apcL+Bilfk ---- k5tZFrWFA+pUvgN2TYuIXzHBII2bLhB308qm5LFGJVg -g0ZTJJ)]>p -?LM>wПuYx "/"$L Y1T׸m֑s~ \ No newline at end of file +-> ssh-ed25519 84j9mw XYwseCo1fgFTMZ4IL13orBFdnWo0is7fujpJ5vDEIXo +5L2q/5umRSXrK1YGUXeUS3rpUlaGGwCKqzvUpQ5nk8s +-> ssh-ed25519 GKhvwg 2fSKj5gtCn8oj35oOgL3o8TxkkZNBlp+xy/W4mYghm8 +fNse8uiLWps7zSIY8826MRAY1PyO++G3+7tT6TDQeag +--- /1Qqdeo1Tvw3EQDGKc5D85eXTnJ/vmdtwfHf/WuvGwQ +ZQr.KG;1W9>GjE(~]3"i )1[m;ܺWqn)vsEY,0X3I1P` \ No newline at end of file diff --git a/secrets/alert-plain-pass.age b/secrets/alert-plain-pass.age index 4c3882d..032dbb2 100644 --- a/secrets/alert-plain-pass.age +++ b/secrets/alert-plain-pass.age @@ -1,20 +1,19 @@ age-encryption.org/v1 --> ssh-ed25519 GKhvwg ZvzKWT14nrdbiVRJf4hK3Gmb7pkLA1YrzIAXi7GqUm0 -OqGUgm/4oefj+J6JrIM42FPq/2tH/evQfKYQGCSMIc4 --> ssh-ed25519 H0Rg/A ucyXgt869tI6HWLjrsg5o65HBBHnjiAyJ2T7aCps7iQ -h58tIKkuHEFM+7VRl6u+3vvV3XQ0r+XqvUo7OdLuKEg --> ssh-ed25519 84j9mw 2a5d7xIwqwF9MuAKv490mGUMYiDvZWK8+sLDjShpnmk -7CH1AzJQD7nrq7aKZJy54+74awO2MHO6RySq29/MH18 --> ssh-ed25519 5A7peQ 8h1pfClbTdBZuSZyw1LcntL6QIDXukYkJ+SBmcZMYAE -d8gix1GBYjqe8nYc/gdOxEvsYNo7+W+vhQZq/RFPeRw --> ssh-ed25519 g2vRWw E4b+U5rVKsurdddkOSeDKmhIQW5iK4hdoRePQjohM2w -+WlMZ6Yd9iCqcm/WIrzRSRU9fmqdtc2Lb79wgB945Kg --> ssh-ed25519 B2veVw 4APxbmXkGw6O319hX1rPpgCz2BNXs1fa71eopRvgsFI -AQ3FsW+H7qYg90JG8904/N0FjxjH4S70S1Gyer1BiXI --> ssh-ed25519 IFuY+w +W4IMgBS9ihPCEGWQw8DrsTkF8Ih5H1+ZjhmGdPimQE -qlMFMVpw6uvH/OqGx/fIBFcP41RlXxyXKJ3//1N7mcQ --> ssh-ed25519 rA7dkQ 1XI21LILuaiYGHbdgCllU+H8N+/YPq9FyrOUTp0AXCI -vklhN/5KOmbB0MaQ4F/iIuj5ReLiBrmFQunPtJu0o7w ---- 5T2/adM9me57EcbMcLPba1MIisFzJnXLC+inc57bJdk -Ji'6&&o -k4-hu}2|1DIl9ܦY \ No newline at end of file +-> ssh-ed25519 GKhvwg 5euhetVuCUsVmzsFBVQr0U709Ogv6j1m+rhaS1ZXQhw +p9dTjCsqwXRFgY1qvZOmlpJGYIz+hj286sP/oaX15H4 +-> ssh-ed25519 H0Rg/A MrlNR2XgW04Csdhpd1s2Tfr3gsD8l1YWj5l/5EJEtGI ++3RiO5GHLJOstxEKvNvAlZ1ycWHLUun0K7raJ/86a/M +-> ssh-ed25519 84j9mw 2wIXF94Zbo3fB7fRzQWGv5mCwdiomYVoFU8p25olt1k +S2A2AP8clxTkJBtqRTTSeHeKCkcveEYaaU41di0v9kM +-> ssh-ed25519 5A7peQ G+MxkpWskys34yRKVC9CEXdfqujMUG/v4Vp9WvPYRw0 +BA+l5LIAIX0/KeSRcxLRybQ42OZV/ZX9pLCHhvkI1gc +-> ssh-ed25519 ioPMHA EXnV+gYXCwuE9kL8HJDxwGTWRqfJQt4gO4IxDXNXCDM +s2Ji8kJ+hl+3vy/kIIHyngIw6BGouXjLTbIK/AQYfNI +-> ssh-ed25519 g2vRWw Ir+r+/jelVmGjtahgKwTkiwZUWSxkCHJrYFkm+GqTDQ +GsDZu3gaQArHOEFQH4qoJSQw1mflKWvWNYpI+RZgI/0 +-> ssh-ed25519 IFuY+w tWgf0Nelr0ji9Kr9fBt+2rdr0alagGG960uzW8RL9yE +FW5Wt5OMD887sClsLF/q4AlTDocImI72az465K/qZPs +-> ssh-ed25519 rA7dkQ 9apitDrmj/hY9bCHadtYFZmjGUwqXtFZiUypjt9Z1BQ +l+4ZTzw1rAYQV9dWn2sAr6Q1UtwunbelGr+UqMwetsE +--- dmVol02/2xV9zEOzA8+n5fyyjEk5Tsq/3W1yZa07ntg +P`nHmXD`7{3P}vTb \ No newline at end of file diff --git a/secrets/attic-creds.age b/secrets/attic-creds.age index e901eb7..6d72b95 100644 Binary files a/secrets/attic-creds.age and b/secrets/attic-creds.age differ diff --git a/secrets/forgejo-token.age b/secrets/forgejo-token.age index f16f8e1..13f30a6 100644 Binary files a/secrets/forgejo-token.age and b/secrets/forgejo-token.age differ diff --git a/secrets/github-token.age b/secrets/github-token.age index 58d43ca..03ad19e 100644 Binary files a/secrets/github-token.age and b/secrets/github-token.age differ diff --git a/secrets/hercules-cache.age b/secrets/hercules-cache.age index 48de2e9..783c7f3 100644 Binary files a/secrets/hercules-cache.age and b/secrets/hercules-cache.age differ diff --git a/secrets/hercules-secrets.age b/secrets/hercules-secrets.age index b192321..8b55761 100644 --- a/secrets/hercules-secrets.age +++ b/secrets/hercules-secrets.age @@ -1,12 +1,16 @@ age-encryption.org/v1 --> ssh-ed25519 84j9mw bwa+uUxySjFDjOaCzRiZyYVKl4po1YDaOoDQLqqObSI -ayXv7BKF5lkzM3ai3rHL8irPetF2Nlwoji2VHpRsD5c --> ssh-ed25519 IFuY+w k98+p1XfAR7f7kbahEwTzZVA45ulV4t3INkOQMsU3D8 -1QbRrGvE5cMMKzSNXK5LfBndDBJITd6gTBg9dJWir9E --> ssh-ed25519 5A7peQ NyqKUm+8hfHcJ760y3EttpxygXxQXKFXURU8pHg1bAw -Rh7EqnDagUFvmIEsFkjkE2tVzlhWrGgANKy9UQM0D7M --> ssh-ed25519 GKhvwg J3b+gGMaemGwSb7jfeCug9bcjXUJbU8BBGRoTXw2lw4 -tmMZY+0SSYVxZSMDQEBWCYzKUHTVbFH1iuybHyBvor8 ---- Uh1N32VLTQ2mxhsxu40FbIv0dQkqPdfBk+q3nJ/xPZ4 -;tضl̙RyhٖQBXzi%JN@֧FDv8.D,_J(<p-<Afl)FQf+6mHݲſ~yN5؊Ñb#]y{MSx9XO3`R<|O4(K@wdMq s%XdGrWm6 1NQGJ~݃xkgRCv뚑&v޶NSf6,`K ъk1Z!T%[,a6X־NL5k^V -g}C>m5rd7Mn= \ No newline at end of file +-> ssh-ed25519 84j9mw qVTbaORT1Ouwq1uA0cWQ3Q85tLYcq6xuZ9UhcMOTTSk +PE0VZp1P9K4IAnm/BIDusGsp4dtLvaN0/m9q9gNnfx4 +-> ssh-ed25519 ioPMHA +m127XNN1vH6Tg6XGuHDbND0giQgGsMLE7YUKagZbXk +tKyYRNLt1UgnQR//64yAunpHjE7JyB/Mkdmc4gkMTWw +-> ssh-ed25519 IFuY+w x4WynTbStig1Ay9gyaplDcNlLQT0kMOFOJwVvcco1i0 +i8M7n2tfBJoFNmQHs5jEaZdfKc1UmjL5y6oBCos1mDk +-> ssh-ed25519 5A7peQ +XJDHQntGS+FcrFgy9X/9RDOrBMNCI8rHsicV4Z5sBo +i6xfceBN4DE9EYF8Q4PaJjX7qbELJaJ5dxMGoAIE8xU +-> ssh-ed25519 GKhvwg fzJcotOtNhVeNwOdMQIwPT9GmgbE13HYmCkwbFlCCkQ +mNtYtoX8IUDgHKAQRA5e7HLZgYVI9wCF8QMm530eFEo +--- EIWU+anFU1NSYiu3O+xncDnVvJVrwHzwaAX1YhsaOj4 +%DJ#0AD +qz,3sHVbTުˇ8[ ?VgNVd +ĝȗL=̵g%ι[md6oqE4ŏF3@P\(MDM;%^ܫpxp):O9,iBT +sǚ-JWE\0£y>0;yL{t.g%W,X} JJdg3\#) 0h=lhBBXb$^ BM[~u? hlc;zk \ No newline at end of file diff --git a/secrets/hercules-token.age b/secrets/hercules-token.age index a7a66a7..54dd108 100644 Binary files a/secrets/hercules-token.age and b/secrets/hercules-token.age differ diff --git a/secrets/leet-nrab-lol-pass.age b/secrets/leet-nrab-lol-pass.age index 4145d0d..fbf07ad 100644 --- a/secrets/leet-nrab-lol-pass.age +++ b/secrets/leet-nrab-lol-pass.age @@ -1,7 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 84j9mw 9ygN4fWQWX889zSTchiwqVwxTzHzl+3PSelEpeGx6yA -v1GTvSMdbwC6U0QZtaD7/b5QbJ9j4J3F10eCUaT5COY --> ssh-ed25519 GKhvwg 9I2sycYPtBMPZenbWLueANm46TTPzbgCa//4oKojGEQ -aEX3TQpWRAcrtJaiTMxB08L8OY/O/4JR+/zoNPl7Kxc ---- 6EB80pdWxmL1yVM+klouel5E59m2C88Dz0SH2DiT6nE -hkdJw|g~v^jq\ ' yIcdWYF?N/0+h=85# \bm~1y"qAT \ No newline at end of file +-> ssh-ed25519 84j9mw qRlII1WyhanH2pNwSnl01iMlPWQ7tsyiNNOHPLNMflo +ZMtYsPCDsgcbN1qoAYWTBQtfBWGHzi4WKbGtpJSzKRA +-> ssh-ed25519 GKhvwg Fck+71BDUxko70r43pDKCYaa5OKZipR4iNveNrJaiC0 +uZZhlsckmE+mi7Oq8+gtisDFmLEoy0Pm/9BKgRi9VHo +--- i/jgJHw3pEnMDGSjdK47mOkt87oI8szIHiIqimXVyXY +ߵSAѶBzwg@"PY^+E[',K[X~Xg{2c4 \ No newline at end of file diff --git a/secrets/legion-niko-pass.age b/secrets/legion-niko-pass.age new file mode 100644 index 0000000..455628d Binary files /dev/null and b/secrets/legion-niko-pass.age differ diff --git a/secrets/miyagi-niko-pass.age b/secrets/miyagi-niko-pass.age index e150327..460e357 100644 --- a/secrets/miyagi-niko-pass.age +++ b/secrets/miyagi-niko-pass.age @@ -1,8 +1,8 @@ age-encryption.org/v1 --> ssh-ed25519 g2vRWw 8FCO/eYVK3KfOvdyk5Va3R9jXaSNzV+ArFVhJwJPDDk -zRBpyAtdJxg4TSsgUep66Yv2CMUUAI8IF3pL5+MI/88 --> ssh-ed25519 GKhvwg eMLyDK82QCKJrVjtfuy5DKTNFOc39zdJxJNFEXCO1Ac -6AamgzEBeT1018cy7N5GcvgjypGPLqF+2P14h//jTtA ---- jhq8ZEIoUjMq5PH7tktWMKQuCLMKifY/UfjjM1Qn7UE -Q8cV2 ƈ4$h+ey -0#aJ`ng{@.sIgϞc*Q'&k,CuIwɘ +rENշ@FPI?ђ \ No newline at end of file +-> ssh-ed25519 g2vRWw Pdv9mU1heeteeLbLFVUAIyZxmCWHNmhnw0TphSVMczg +xks6yrF0BziJFp1QHSJdv5Svo1bCu9DF6s3wa2h0Xmg +-> ssh-ed25519 GKhvwg H2DeS0HP/vWKRrBszwCffNgIZo8nVymGSkWEH26Y/2k +2y9DCIwpFsFXpgOwOrrD9+HpRzEuno1fW2upd2FLbZc +--- LNHsLxE4XBziNhnXmARcxB7UWhcKNvon1sDdX6mfZaw +-1dm +fR,[#[-;M}vi4x~=)oN^n"XB}W583惍fv:uZ ɶ \ No newline at end of file diff --git a/secrets/nrab-lol-cf.age b/secrets/nrab-lol-cf.age index bf3032b..d3b9015 100644 Binary files a/secrets/nrab-lol-cf.age and b/secrets/nrab-lol-cf.age differ diff --git a/secrets/ntfy-alert-pass.age b/secrets/ntfy-alert-pass.age index 4e997b6..27558ca 100644 Binary files a/secrets/ntfy-alert-pass.age and b/secrets/ntfy-alert-pass.age differ diff --git a/secrets/ntfy-niko-pass.age b/secrets/ntfy-niko-pass.age index c42dcd5..276c72f 100644 --- a/secrets/ntfy-niko-pass.age +++ b/secrets/ntfy-niko-pass.age @@ -1,7 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 84j9mw 5fEqoBEGZ6AZRfWuU6mej6XNl6hDrxMIMMlccp9CVzg -QvontdV2/amh/i1Ldmzup8TB+lN4b0+YuoT+UFWiPw8 --> ssh-ed25519 GKhvwg 5Qm1FPvbv0ZsJiJ0Rjm0CPm6eWKvfQ4XHAOmEUWWCiA -eu1MXEWfo425lbnq5tAOnGqpLgRVIOCkZKegTQQjw/I ---- s1g2UCKwlew0wCJSxGosBzn1K0TEbPlrIl09iZ58bMg -P$N{LrxS:=Wxc(J|48S \ No newline at end of file +-> ssh-ed25519 84j9mw VodL+EHOjoXj8R/F0vMQzEcnnCFzzes0QByGCDCgVQw +tZLaDA1FLFwbK0AGo8lpTJjMUnPhJh1czYVLIYjkcEc +-> ssh-ed25519 GKhvwg gHaR4I4l0I+/XrbjTMp/mevEzxPJXNLB1eHs33WKwGw +GTAzrhyyDylZgExteDGpGbcS/TFX1q+NhF1FWHzNV0s +--- QS1dAgdS96KwIprDjzz6OD4qSIZs4/m9JEIsi3+kgPk +zPCSxf -žic7_2~jA \ No newline at end of file diff --git a/secrets/rab-lol-cf.age b/secrets/rab-lol-cf.age index 3ed93fe..4b5734a 100644 --- a/secrets/rab-lol-cf.age +++ b/secrets/rab-lol-cf.age @@ -1,8 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 84j9mw qUAkkpjjETyLa0IZfbm8yJ2opDBBsngbrrNjwu02G0s -kpEKDzWIfskgnZYR+0lgtCKqv0KwfpxRTq9crCsjvto --> ssh-ed25519 GKhvwg FKrEGsx5mPhWnq5vNgFgxM816v6ZAG16pmdukuBWDDU -qmPRvA2bd0W3QlR6h8BLC/O+XjTp00vYXnp+tXakXDY ---- 7FE7FzsRmCKPvjr3yOlot32FV0lod38Hec/JRaxP+8g -xA}~ H]TLزոl]0>C}J:0nCEaVb "dV!Rv z 9jO - \ No newline at end of file +-> ssh-ed25519 ioPMHA ftS+6CMGsySkp/KbDBLPKeWNDK83bZ2VB8ZKMRijkkY +U+2wopG3G2AvI4KUD9tZGIrHZSM3UdyDdYmbbkllWPo +-> ssh-ed25519 84j9mw xek41MX1ETVgRZa24I7n5U/XkJOqItQWK3Qz1FfkDCc +40CWzCUmxsjgmiObbqKuSieifZ2vNo965jOeTrZ8hT8 +-> ssh-ed25519 GKhvwg X2YSREIPjoaWaku9qrVu04hOlZjUF3LFEUZaIMgg02s +jbjT6qoIFGXRv2wrkzf2GHx3tcku/tgWfK6Sns3uFVc +--- B/FIIz8dDg9YXbtDxfAQFZj9PCLHwI/mboBJQBuFmJg +4L7H3F ̈́"fU(L~%sbԀ~Z}Z>2KO'Q\W[όe1^I‘ \ No newline at end of file diff --git a/secrets/rabulinski-com-cf.age b/secrets/rabulinski-com-cf.age index ad35e32..6e80a30 100644 --- a/secrets/rabulinski-com-cf.age +++ b/secrets/rabulinski-com-cf.age @@ -1,7 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 84j9mw O57uksGzyC2Obzy7AYk86DnEFQNXt43g5CqM4Vp69jU -1fW8YTn28ju1O3tX62A6AtvfzsmKzmhe79c3DmGUPrY --> ssh-ed25519 GKhvwg s3WZPik8t204g4BlxpHeSpnL4/IgM+JdekXJYx7EFVo -N0Pyre1DwiLFo4HUE8SFDmNnkE4XJtcyHfn63cMlQJo ---- WPllwfNX5iXFmVC0pGCNrH4T9EGRhmRwGayE3bY/YC0 -d p/ݩ3+dvv& R xdSy8 ES e}Nb#6w.wE0Q%? \ No newline at end of file +-> ssh-ed25519 84j9mw d9KZV9S1hRXBvVcFe40S0NqWKlQ/AdRgAqdYXKicXR8 +SgTn9MXrft+sRr4I96fqQHzAdm0b21Bd0eSoYFfq7/4 +-> ssh-ed25519 GKhvwg B9qTfegTwDH/X0nQMGvTKCsK2GyzJ7yWgFIo+nKhsGc +Is4Hi8B2/9s0pz/quvNER2hTkabPbr7qeILL4PhQO1c +--- 1BhfbNEwYq0ra5slik651qbC8jffR2FmnDHV3FDtom0 +-oSԐ-?{r]5;+0 GoE9tHXjqj2@3@ mmkyQ;_W϶Q~ \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index b5ee4f6..552e4e3 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -13,18 +13,21 @@ in # "bitwarden-env-file.age".publicKeys = [keys.system.kazuki keys.other.bootstrap]; "hercules-token.age".publicKeys = [ keys.system.kazuki + keys.system.legion keys.system.ude keys.system.kogata keys.other.bootstrap ]; "hercules-cache.age".publicKeys = [ keys.system.kazuki + keys.system.legion keys.system.ude keys.system.kogata keys.other.bootstrap ]; "hercules-secrets.age".publicKeys = [ keys.system.kazuki + keys.system.legion keys.system.ude keys.system.kogata keys.other.bootstrap @@ -32,6 +35,10 @@ in "alert-plain-pass.age".publicKeys = [ keys.other.bootstrap ] ++ builtins.attrValues keys.system; + "legion-niko-pass.age".publicKeys = [ + keys.system.legion + keys.other.bootstrap + ]; "storage-box-creds.age".publicKeys = [ keys.system.kazuki keys.other.bootstrap @@ -47,6 +54,7 @@ in "github-token.age".publicKeys = [ keys.system.ude keys.system.kazuki + keys.system.legion keys.system.kogata keys.other.bootstrap ]; @@ -64,6 +72,7 @@ in keys.other.bootstrap ]; "rab-lol-cf.age".publicKeys = [ + keys.system.legion keys.system.kazuki keys.other.bootstrap ]; diff --git a/secrets/storage-box-creds.age b/secrets/storage-box-creds.age index 31a18e7..8b0a272 100644 --- a/secrets/storage-box-creds.age +++ b/secrets/storage-box-creds.age @@ -1,7 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 84j9mw tKQQB/cd6JHCLQLrix2WGW5hHBUNC+pqDZXvTmOlOkw -lnx4olU3W8dgMwigYga/NYcjJ/C59J/uVdYNOfWmN2I --> ssh-ed25519 GKhvwg iWTl/jvU1aBd78yAZUsOgcG6JaK+vO8Dpx61dYMjmhc -2Iu6OHlLlhJLy/cxI/zSuqRhBnoeGLXINbDyMIvDZD8 ---- eOl0sze0EOvfcAarBav7mb4B3jdBvOE+fF166oukbrk -!lxq*T,.Xk6^ ssh-ed25519 84j9mw auP2WgwsaWjyocQkSzoYShO2kSLjn2UArvAVEhKgDiY +4Uh423ZjS7/Xo6TxLJzWqXgHZAu0xouH0UvFZuJuEz4 +-> ssh-ed25519 GKhvwg JHtyTS12OXspSKP9r/a61cfp+ubYbsAXFmEijMTex3Q +wZYrJ8yIZ3v5cdBzpiI9ocaTpHbtmebEpbr59Bz3rhc +--- koWJ57H+ErMJDxW6JDNL2ImmZb6o9v2BJtaFi2OL+dc +Io5q&CU*[T.HɊʺkkpOYs,g49ʼn$^l-A/QX \ No newline at end of file diff --git a/secrets/storage-box-webdav.age b/secrets/storage-box-webdav.age index 6019090..93a739a 100644 --- a/secrets/storage-box-webdav.age +++ b/secrets/storage-box-webdav.age @@ -1,8 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 84j9mw C3TpEZsxJIYJ3d5vsQkCcCTity80nLsyxm5zCBZOMzk -56z54taf+KUJjDugfCGKlcbeRZfDzi3+eeanKPINS6E --> ssh-ed25519 GKhvwg uUXJkGw54Q7dCnYobwV1zihOPa4R1FydJZehlFc5MA4 -6Zbym9jLykqsYjmb6rKIa6GExAKVVvEkvCQrzl6HB/M ---- QICnyH0PORBpoNgT3pjuhP1p8AHn9gD2OIae/9G23x8 -(}{Ԝ2˓i]UmiLmv>ke'6A̯Xi<:fU)~&Aˡj# -D?_E-H \ No newline at end of file +-> ssh-ed25519 84j9mw 8RHYGSsbQG4F+mKMbXJu9aFv6xN3ZyxRBBhFJ3H8EFY +sRQonxjyqPLnL3AbfugdmraHzVK7RE3LjhuzLirImGM +-> ssh-ed25519 GKhvwg aEEIBlvZ//KmEqkX1pkZrT7QK9sopwKKiD6YUa9lA3k +srUtd+v0kDfbCsZ7OwPvzRVIualWm8CA4mhgdNAJm+A +--- yWhOlkbF9GUT7OsMu3R0/Dc+nP7DrUetuPLZJFySPpE +70P`TsT=*=sp>mtY{򑷅-;M0zCm}gO TGjˇN \ No newline at end of file diff --git a/secrets/ude-deluge.age b/secrets/ude-deluge.age index f398be0..f9cdd04 100644 --- a/secrets/ude-deluge.age +++ b/secrets/ude-deluge.age @@ -1,7 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 IFuY+w ZigoLhwVERGG/r7uYI3DKX7jijKt+4tsiTWpbIdUTXE -k4jmQIJXr7yJOY3pkc1VnoqDgWkNr84k1AgYF7jNjRs --> ssh-ed25519 GKhvwg FMZOLDeE2Yw1Kd8V7NTL2oQtWo4IKDUoHu/Z8Su2hHI -QF+L/Qf35wkOcgGWWRGANMJCG5Vz80epjQuwa4IdYQM ---- ZUTRNDrgxdsZsNSP1Z3BLxw4EYexr873aJrbUvIgE2I -yZͪ MXd塸*5j"*ZU ф|ݕ]a8 "Zb][9SU . \ No newline at end of file +-> ssh-ed25519 IFuY+w EOJQpXxn+NL/BJjpdo8mIGfOYxcMElkVIiGx7KftrQ4 +OcglvGhSgb1mxH8M19ZMf3m6lSF0clzH7Mjikf7cilM +-> ssh-ed25519 GKhvwg cr+0J59wCjYBONBcDulN8lpvZiCvULHqnwDu+eKQRAo +9q87PSfr4kq8lCDrw5Od3D1xJjSSmVv2/TXBWEBtBpU +--- FmVR9tb8wjYFb/FBTrblXMCUAMw5KQ7sX8WojcxCrbk +C<\}Jf|6G@WXc-"ϐAGZ'x_Ԡz,@n" 3[? Lb@e \ No newline at end of file diff --git a/secrets/youko-niko-pass.age b/secrets/youko-niko-pass.age index 6e910ff..4c85947 100644 --- a/secrets/youko-niko-pass.age +++ b/secrets/youko-niko-pass.age @@ -1,7 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 rA7dkQ ucrMqUlwttyHHFkJ/c5tYpHohefNYe6aJnxHMUjkUxU -RgsGaMLmtziGu/n6MiDJmkTZORTh2yYWoSS0eu9i6PA --> ssh-ed25519 GKhvwg u7Fjda07e17aJGV0ZFK/Mt2ZbF/3b38MLydE8WKs2gY -gO2rNP64Nkhr5GShWP8zhxeT2YUKEkqN1Oc6/3l6PKU ---- H9oqwkU/uI5fZAdy+qkCW5vw1PBaahe28FTUxhEFsds -xSmL69ʎG3<4[Z t}<OdcY}>XQ^]Ki|BwDmqHX]FeRt%`Ҥ0IV \ No newline at end of file +-> ssh-ed25519 rA7dkQ etmPKjKz102knTx/qQAihC9bFvRENB0Q1DtnaQyjfm4 +GPt9OCIwT+/Q/UUDtkHB8d7T6znHy1y1NEUeI+SCeMg +-> ssh-ed25519 GKhvwg qdCxGyXrdD+WQa/il8fIlV7OKdREqd40Qk0PKITHxlk +OBJ9gg+KBHi2s1HYLazy3K+yh8tvnUvmuH+riWU7K8c +--- V3FRy0/TcUdUaBDUK+93r5rH26Is/KVuNJC+1vFMsOI +wO.➌aA&ޝz [ oXĂu,ajxGƜu/eL̛/6S[SU \ No newline at end of file diff --git a/secrets/zitadel-master.age b/secrets/zitadel-master.age index 9740ab2..6dbbbf4 100644 Binary files a/secrets/zitadel-master.age and b/secrets/zitadel-master.age differ diff --git a/services/forgejo.nix b/services/forgejo.nix index e887ea4..afb7b7c 100644 --- a/services/forgejo.nix +++ b/services/forgejo.nix @@ -32,15 +32,12 @@ ALLOW_ONLY_INTERNAL_REGISTRATION = false; ALLOW_ONLY_EXTERNAL_REGISTRATION = true; }; - session = { - SESSION_LIFE_TIME = 86400 * 30; - }; federation.ENABLED = true; }; - repositoryRoot = "/forgejo/repos"; + repositoryRoot = "/storage-box/forgejo/repos"; lfs = { enable = true; - contentDir = "/forgejo/lfs"; + contentDir = "/storage-box/forgejo/lfs"; }; };