nrabulinski/settei
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

Compare commits

base: nrabulinski:4ae7e1340ef3fc50259ec66430379fd8357b0d43
Branches Tags
nrabulinski:main
nrabulinski:bootstrap
nrabulinski:experiments/nilla
..
compare: nrabulinski:ae66e9fd21f49e75ddbb120be62e34a965578a70
Branches Tags
nrabulinski:main
nrabulinski:bootstrap
nrabulinski:experiments/nilla

21 commits
4ae7e1340e ... ae66e9fd21

Author SHA1 Message Date
Nikodem Rabuliński
ae66e9fd21
modules/system/containers: enable nat for container interfaces
All checks were successful
/ check (pull_request) Successful in 44s
Details
2025-03-21 23:56:53 +01:00
Nikodem Rabuliński
1a62c97de4
services/forgejo: move from hosts/kazuki 2025-03-21 23:56:53 +01:00
Nikodem Rabuliński
33d2682245
services/kanidm: init 2025-03-21 23:56:51 +01:00
Nikodem Rabuliński
cdfd00a99c
modules/home/desktop/zellij: disable shell integrations
All checks were successful
/ check (pull_request) Successful in 40s
Details
/ check (push) Successful in 46s
Details
2025-03-21 23:31:18 +01:00
Nikodem Rabuliński
16e8f3f0f4
flake.lock: update
All checks were successful
/ check (pull_request) Successful in 4m16s
Details
/ check (push) Successful in 47s
Details
2025-03-21 22:42:05 +01:00
Nikodem Rabuliński
008a38e397
ci: check all systems 2025-03-20 22:54:40 +01:00
Nikodem Rabuliński
f3168cea0f
ci: trigger on prs
All checks were successful
/ check (pull_request) Successful in 3m49s
Details
/ check (push) Successful in 1m35s
Details
2025-03-19 18:14:22 +01:00
Nikodem Rabuliński
00a797fd09
services/forgejo-runner: add nix to path 2025-03-19 18:10:16 +01:00
Nikodem Rabuliński
b7ee2ec2ff
ci: use forgejo runner
Some checks failed
/ check (push) Failing after 13s
Details
2025-03-19 17:40:09 +01:00
Nikodem Rabuliński
b97f24c12c
services/forgejo-runner: init 2025-03-19 17:31:48 +01:00
Nikodem Rabuliński
21920907fe
hosts/youko: enable vmware 2025-03-18 22:08:18 +01:00
Nikodem Rabuliński
94b293acbb
modules/system/incus: initialize default profile 2025-03-18 22:08:18 +01:00
Nikodem Rabuliński
ddaec1196e
hosts/youko/nas: sail the high seas 2025-03-18 22:08:18 +01:00
Nikodem Rabuliński
c0d6938a39
modules/system/sane-defaults: add user to networkmanager group 2025-03-18 22:08:18 +01:00
Nikodem Rabuliński
994732bf6b
hosts/youko: enable smb 2025-03-18 22:08:11 +01:00
Nikodem Rabuliński
dcb2f78a9c
hosts/youko: add kernel module for fan control 2025-02-24 22:43:33 +01:00
Nikodem Rabuliński
f369c754a3
hosts/youko: move zfs pool 2025-02-24 22:43:33 +01:00
Nikodem Rabuliński
3622d231f8
secrets: sign alert-plain-pass for all systems 2025-02-24 22:43:33 +01:00
Nikodem Rabuliński
2dc36618af
hosts/youko: sway 2025-02-24 22:43:33 +01:00
Nikodem Rabuliński
aaa0b853f7
hosts/youko: add youko ssh keys, set user password 2025-02-24 22:43:30 +01:00
Nikodem Rabuliński
e2014034bb
hosts/youko: init 2025-02-24 22:42:51 +01:00
39 changed files with 690 additions and 155 deletions
Download patch file Download diff file Expand all files Collapse all files

11
.forgejo/workflows/build.yaml Normal file
View file

@ -0,0 +1,11 @@
on:
push:
pull_request:
types: [opened, synchronize, reopened]
jobs:
check:
runs-on: native
steps:
- uses: actions/checkout@v4
- run: nix flake check --all-systems

2
assets/ssh.nix
View file

@ -15,6 +15,7 @@
kogata = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGK7H4Z29d72HJlI69Vt0YLOyuPcn9XxYjvMZfql80z0 nikodem@rabulinski.com"; kogata = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGK7H4Z29d72HJlI69Vt0YLOyuPcn9XxYjvMZfql80z0 nikodem@rabulinski.com";
hijiri = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFXVPUBYAMn9H3efG/ldWl/ySmZV0CXleyH7E5nKf/N7 nikodem@rabulinski.com"; hijiri = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFXVPUBYAMn9H3efG/ldWl/ySmZV0CXleyH7E5nKf/N7 nikodem@rabulinski.com";
tsukasa = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILPKXcihNVgsStMstnZYvh+Ai+JsydX3vu4O0yhlN+zw niko@tsukasa"; tsukasa = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILPKXcihNVgsStMstnZYvh+Ai+JsydX3vu4O0yhlN+zw niko@tsukasa";
youko = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKAGBazVVFr1+beFxpC701IPz4JwdPIyFJybVVZ9kTkr niko@youko";
}; };
system = { system = {
@ -25,5 +26,6 @@
kogata = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICPN/SXBcIB1WN8GIhYrQrqzFGuVkEP4o0E+x0uQ4f2l"; kogata = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICPN/SXBcIB1WN8GIhYrQrqzFGuVkEP4o0E+x0uQ4f2l";
hijiri = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILsTkICNuUwGqrToisTViFCBoql39+DFYVZSWj7vfbXK"; hijiri = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILsTkICNuUwGqrToisTViFCBoql39+DFYVZSWj7vfbXK";
tsukasa = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDKy32XGCkB0KOUm4f0ybrutfAzR7+baifM2yv5KuYV7 root@tsukasa"; tsukasa = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDKy32XGCkB0KOUm4f0ybrutfAzR7+baifM2yv5KuYV7 root@tsukasa";
youko = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPSbIjEo28aB2TACkvLY+VRKElZEdH9qFlTTfxCrblGZ root@youko";
}; };
} }

142
flake.lock generated
View file

@ -47,11 +47,11 @@
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {
"lastModified": 1738514772, "lastModified": 1742497754,
"narHash": "sha256-ng38xM+7MfmoWYcQj6/Ejgt732nbFIDx14QvWVpG0d4=", "narHash": "sha256-fCM/cnenyg+HQ3Ek7uXu04UX/aXrHBD6BW93/rYWZHE=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "b691dd3a7746afd73e944db98c0b000c1424cd5e", "rev": "af9d18efe24894a63c39d37bc0d2ddbea413aaa8",
"revCount": 362, "revCount": 366,
"type": "git", "type": "git",
"url": "https://git.lix.systems/nrabulinski/attic.git" "url": "https://git.lix.systems/nrabulinski/attic.git"
}, },
@ -79,11 +79,11 @@
"conduit-src": { "conduit-src": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1730678249, "lastModified": 1742005420,
"narHash": "sha256-Xn1BnCbwbRFhqcFJ4GvSmB+H509fiHFhTJcpi4G+2oo=", "narHash": "sha256-v4LCx7VUZ+8Hy1+6ziREVY/QEADjZbo8c0h9eU7nMVY=",
"owner": "famedly", "owner": "famedly",
"repo": "conduit", "repo": "conduit",
"rev": "e952522a39883e4431e74c42cef3d9bc562752f8", "rev": "063d13a0e10619f17bc21f0dd291c5a733581394",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
@ -95,11 +95,11 @@
}, },
"crane": { "crane": {
"locked": { "locked": {
"lastModified": 1737689766, "lastModified": 1742394900,
"narHash": "sha256-ivVXYaYlShxYoKfSo5+y5930qMKKJ8CLcAoIBPQfJ6s=", "narHash": "sha256-vVOAp9ahvnU+fQoKd4SEXB2JG2wbENkpqcwlkIXgUC0=",
"owner": "ipetkov", "owner": "ipetkov",
"repo": "crane", "repo": "crane",
"rev": "6fe74265bbb6d016d663b1091f015e2976c4a527", "rev": "70947c1908108c0c551ddfd73d4f750ff2ea67cd",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -115,15 +115,16 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1738277753, "lastModified": 1742382197,
"narHash": "sha256-iyFcCOk0mmDiv4ut9mBEuMxMZIym3++0qN1rQBg8FW0=", "narHash": "sha256-5OtFbbdKAkWDVuzjs1J9KwdFuDxsEvz0FZX3xR2jEUM=",
"owner": "lnl7", "owner": "lnl7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "49b807fa7c37568d7fbe2aeaafb9255c185412f9", "rev": "643b57fd32135769f809913663130a95fe6db49e",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "lnl7", "owner": "lnl7",
"ref": "refs/pull/1335/merge",
"repo": "nix-darwin", "repo": "nix-darwin",
"type": "github" "type": "github"
} }
@ -135,11 +136,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1738148035, "lastModified": 1741786315,
"narHash": "sha256-KYOATYEwaKysL3HdHdS5kbQMXvzS4iPJzJrML+3TKAo=", "narHash": "sha256-VT65AE2syHVj6v/DGB496bqBnu1PXrrzwlw07/Zpllc=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "18d0a984cc2bc82cf61df19523a34ad463aa7f54", "rev": "0d8c6ad4a43906d14abd5c60e0ffe7b587b213de",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -156,11 +157,11 @@
"rust-analyzer-src": "rust-analyzer-src" "rust-analyzer-src": "rust-analyzer-src"
}, },
"locked": { "locked": {
"lastModified": 1738564312, "lastModified": 1742452566,
"narHash": "sha256-awAp1Qe+c95PQxP7v+Zfse+w3URaP3UQLCRlaPMzYtE=", "narHash": "sha256-sVuLDQ2UIWfXUBbctzrZrXM2X05YjX08K7XHMztt36E=",
"owner": "nix-community", "owner": "nix-community",
"repo": "fenix", "repo": "fenix",
"rev": "d99d2a562b9c9d5f0e4399e5bb677b37a791c7eb", "rev": "7d9ba794daf5e8cc7ee728859bc688d8e26d5f06",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -176,11 +177,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1738544198, "lastModified": 1742432361,
"narHash": "sha256-bdGeUx6SBs37wQ6gHo5m+apn5Uze2fVz/oYfkD6DKUA=", "narHash": "sha256-FlqTrkzSn6oPR5iJTPsCQDd0ioMGzzxnPB+2wve9W2w=",
"owner": "bandithedoge", "owner": "bandithedoge",
"repo": "nixpkgs-firefox-darwin", "repo": "nixpkgs-firefox-darwin",
"rev": "6a14fbdbc697c7f1c93376ecbed4b095ccc55f00", "rev": "c868ff433ea5123e837a62ae689543045187d7a4",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -245,11 +246,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1738453229, "lastModified": 1741352980,
"narHash": "sha256-7H9XgNiGLKN1G1CgRh0vUL4AheZSYzPm+zmZ7vxbJdo=", "narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "32ea77a06711b758da0ad9bd6a844c5740a87abd", "rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -265,11 +266,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1738453229, "lastModified": 1741352980,
"narHash": "sha256-7H9XgNiGLKN1G1CgRh0vUL4AheZSYzPm+zmZ7vxbJdo=", "narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "32ea77a06711b758da0ad9bd6a844c5740a87abd", "rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -386,9 +387,6 @@
}, },
"helix": { "helix": {
"inputs": { "inputs": {
"crane": [
"crane"
],
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
@ -396,11 +394,11 @@
"rust-overlay": "rust-overlay" "rust-overlay": "rust-overlay"
}, },
"locked": { "locked": {
"lastModified": 1738547365, "lastModified": 1742479163,
"narHash": "sha256-4GrVwyIZKx14eVG8TZMKmgyw8v3TuETPrLvYkFNqlyc=", "narHash": "sha256-YC0zdGyZMu7seA2Jm1mxtcxE4lSeVwvCPMfWzJ8+o/c=",
"owner": "helix-editor", "owner": "helix-editor",
"repo": "helix", "repo": "helix",
"rev": "066e938ba083c0259ff411b681eca7bad30980df", "rev": "b7d735ffe66a03ab5970e5f860923aada50d4e4c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -416,11 +414,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1738448366, "lastModified": 1742501496,
"narHash": "sha256-4ATtQqBlgsGqkHTemta0ydY6f7JBRXz4Hf574NHQpkg=", "narHash": "sha256-LYwyZmhckDKK7i4avmbcs1pBROpOaHi98lbjX1fmVpU=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "18fa9f323d8adbb0b7b8b98a8488db308210ed93", "rev": "d725df5ad8cee60e61ee6fe3afb735e4fbc1ff41",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -432,11 +430,11 @@
"lix": { "lix": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1738446528, "lastModified": 1742411066,
"narHash": "sha256-NYL/r7EXSyYP7nXuYGvGYMI9QtztGjVaKKofBt/pCv8=", "narHash": "sha256-8vXOKPQFRzTjapsRnTJ1nuFjUfC+AGI2ybdK5cAEHZ8=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "a51380645f61b33d37a536b596d16c481f7b84a6", "rev": "2491b7cc2128ee440d24768c4521c38b1859fc28",
"revCount": 17342, "revCount": 17705,
"type": "git", "type": "git",
"url": "https://git.lix.systems/lix-project/lix.git" "url": "https://git.lix.systems/lix-project/lix.git"
}, },
@ -457,11 +455,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1738176840, "lastModified": 1741894565,
"narHash": "sha256-NG3IRvRs3u3btVCN861FqHvgOwqcNT/Oy6PBG86F5/E=", "narHash": "sha256-2FD0NDJbEjUHloVrtEIms5miJsj1tvQCc/0YK5ambyc=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "621aae0f3cceaffa6d73a4fb0f89c08d338d729e", "rev": "a6da43f8193d9e329bba1795c42590c27966082e",
"revCount": 133, "revCount": 136,
"type": "git", "type": "git",
"url": "https://git.lix.systems/lix-project/nixos-module.git" "url": "https://git.lix.systems/lix-project/nixos-module.git"
}, },
@ -480,11 +478,11 @@
"nixpkgs-24_11": "nixpkgs-24_11" "nixpkgs-24_11": "nixpkgs-24_11"
}, },
"locked": { "locked": {
"lastModified": 1737736848, "lastModified": 1742413977,
"narHash": "sha256-VrUfCXBXYV+YmQ2OvVTeML9EnmaPRtH+POrNIcJp6yo=", "narHash": "sha256-NkhM9GVu3HL+MiXtGD0TjuPCQ4GFVJPBZ8KyI2cFDGU=",
"owner": "simple-nixos-mailserver", "owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver", "repo": "nixos-mailserver",
"rev": "6b425d13f5a9d73cb63973d3609acacef4d1e261", "rev": "b4fbffe79c00f19be94b86b4144ff67541613659",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
@ -609,11 +607,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1738452225, "lastModified": 1742395137,
"narHash": "sha256-Qmwx3FXM0x0pdjibwTk/uRbayqDrs3EwmRJe7tQWu48=", "narHash": "sha256-WWNNjCSzQCtATpCFEijm81NNG1xqlLMVbIzXAiZysbs=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "6c4e0724e0a785a20679b1bca3a46bfce60f05b6", "rev": "2a725d40de138714db4872dc7405d86457aa17ad",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -632,11 +630,11 @@
"nvidia-patch-src": "nvidia-patch-src" "nvidia-patch-src": "nvidia-patch-src"
}, },
"locked": { "locked": {
"lastModified": 1736930913, "lastModified": 1742460640,
"narHash": "sha256-f7v5s924/CiDCW7j/SEvefwm6Jb07zQWYShJ+FIYS0A=", "narHash": "sha256-Qks0TRMOiuVKjcSPkg251Q2/wdU5ooMt4b2f2numPzg=",
"owner": "arcnmx", "owner": "arcnmx",
"repo": "nvidia-patch.nix", "repo": "nvidia-patch.nix",
"rev": "6ca6f8dd2139b9c01049de29979c1c0db157a647", "rev": "c85990250376300fe11413e22458911f408f64d0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -648,11 +646,11 @@
"nvidia-patch-src": { "nvidia-patch-src": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1736882949, "lastModified": 1742384429,
"narHash": "sha256-s1qtdm0UGd4uImNts42W5hT6W1nOVz8eTyBF37QlUfc=", "narHash": "sha256-5O0TXVrLsFrULXli2vB2iJ7TECUckMHKvJZYmdkcnGE=",
"owner": "keylase", "owner": "keylase",
"repo": "nvidia-patch", "repo": "nvidia-patch",
"rev": "0837f46dfe25b6e750abc7e601032bdd12c70be0", "rev": "07080317245ac30c38001d2149810b2dee3cce1f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -710,11 +708,11 @@
"rust-analyzer-src": { "rust-analyzer-src": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1738488035, "lastModified": 1742296961,
"narHash": "sha256-sLLW0S7OGlFYgNvAQnqWK1Ws5V1YNGvfXHdWoZ91CeI=", "narHash": "sha256-gCpvEQOrugHWLimD1wTFOJHagnSEP6VYBDspq96Idu0=",
"owner": "rust-lang", "owner": "rust-lang",
"repo": "rust-analyzer", "repo": "rust-analyzer",
"rev": "f3998f7f8a197596c5edf72e937996e6674b423b", "rev": "15d87419f1a123d8f888d608129c3ce3ff8f13d4",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -732,11 +730,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1737599167, "lastModified": 1740623427,
"narHash": "sha256-S2rHCrQWCDVp63XxL/AQbGr1g5M8Zx14C7Jooa4oM8o=", "narHash": "sha256-3SdPQrZoa4odlScFDUHd4CUPQ/R1gtH4Mq9u8CBiK8M=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "38374302ae9edf819eac666d1f276d62c712dd06", "rev": "d342e8b5fd88421ff982f383c853f0fc78a847ab",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -753,11 +751,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1737166965, "lastModified": 1739240901,
"narHash": "sha256-vlDROBAgq+7PEVM0vaS2zboY6DXs3oKK0qW/1dVuFs4=", "narHash": "sha256-YDtl/9w71m5WcZvbEroYoWrjECDhzJZLZ8E68S3BYok=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "fc839c9d5d1ebc789b4657c43c4d54838c7c01de", "rev": "03473e2af8a4b490f4d2cdb2e4d3b75f82c8197c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -851,11 +849,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1738070913, "lastModified": 1742370146,
"narHash": "sha256-j6jC12vCFsTGDmY2u1H12lMr62fnclNjuCtAdF1a4Nk=", "narHash": "sha256-XRE8hL4vKIQyVMDXykFh4ceo3KSpuJF3ts8GKwh5bIU=",
"owner": "numtide", "owner": "numtide",
"repo": "treefmt-nix", "repo": "treefmt-nix",
"rev": "bebf27d00f7d10ba75332a0541ac43676985dea3", "rev": "adc195eef5da3606891cedf80c0d9ce2d3190808",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -923,11 +921,11 @@
"rust-overlay": "rust-overlay_2" "rust-overlay": "rust-overlay_2"
}, },
"locked": { "locked": {
"lastModified": 1738084440, "lastModified": 1741803511,
"narHash": "sha256-sARyUquyuNapFbICL/PJEhcDgBzpxTcHUNw8R/xL1iA=", "narHash": "sha256-DcCGBWvAvt+OWI+EcPRO+/IXZHkFgPxZUmxf2VLl8no=",
"owner": "dj95", "owner": "dj95",
"repo": "zjstatus", "repo": "zjstatus",
"rev": "096dc72a909fd0fb34768a98354aad6207002671", "rev": "df9c77718f7023de8406e593eda6b5b0bc09cddd",
"type": "github" "type": "github"
}, },
"original": { "original": {

5
flake.nix
View file

@ -86,7 +86,9 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
darwin = { darwin = {
url = "github:lnl7/nix-darwin"; # TODO: Move back once https://github.com/LnL7/nix-darwin/issues/1392 is resolved
# url = "github:lnl7/nix-darwin";
url = "github:lnl7/nix-darwin?ref=refs/pull/1335/merge";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
agenix = { agenix = {
@ -147,7 +149,6 @@
helix = { helix = {
url = "github:helix-editor/helix"; url = "github:helix-editor/helix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
inputs.crane.follows = "crane";
}; };
zjstatus = { zjstatus = {
url = "github:dj95/zjstatus"; url = "github:dj95/zjstatus";

1
hosts/default.nix
View file

@ -14,6 +14,7 @@
# ./installer # ./installer
./ude ./ude
./kogata ./kogata
./youko
]; ];
builders = builders =

48
hosts/youko/default.nix Normal file
View file

@ -0,0 +1,48 @@
{
configurations.nixos.youko =
{
config,
lib,
username,
...
}:
{
imports = [
./disks.nix
./hardware.nix
./sway.nix
./msmtp.nix
./nas.nix
];
nixpkgs.hostPlatform = "x86_64-linux";
boot = {
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true;
};
networking.networkmanager.enable = true;
age.secrets.niko-pass.file = ../../secrets/youko-niko-pass.age;
users.users.${username}.hashedPasswordFile = config.age.secrets.niko-pass.path;
settei.user.config = {
settei.desktop.enable = true;
};
services.udisks2.enable = true;
settei.incus.enable = true;
virtualisation.podman.enable = true;
hardware.keyboard.qmk.enable = true;
settei.unfree.allowedPackages = [ "vmware-workstation" ];
virtualisation.vmware.host.enable = true;
environment.etc."vmware/config" = lib.mkForce {
source = "${config.virtualisation.vmware.host.package}/etc/vmware/config";
text = null;
};
networking.hostId = "b49ee8de";
};
}

58
hosts/youko/disks.nix Normal file
View file

@ -0,0 +1,58 @@
{
disko.devices.disk.main = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
esp = {
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
luks = {
size = "100%";
content = {
type = "luks";
name = "crypted";
settings.allowDiscards = true;
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes =
let
mountOptions = [
"noatime"
"compress=zstd"
];
in
{
"/root" = {
inherit mountOptions;
mountpoint = "/";
};
"/home" = {
inherit mountOptions;
mountpoint = "/home";
};
"/nix" = {
inherit mountOptions;
mountpoint = "/nix";
};
"/swap" = {
mountpoint = "/.swapvol";
swap.swapfile.size = "16G";
};
};
};
};
};
};
};
};
}

25
hosts/youko/hardware.nix Normal file
View file

@ -0,0 +1,25 @@
{ config, ... }:
{
boot = {
extraModulePackages = with config.boot.kernelPackages; [ it87 ];
initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usb_storage"
"usbhid"
"sd_mod"
];
kernelModules = [
"kvm-amd"
"i2c-dev"
"it87"
];
extraModprobeConfig = ''
options it87 ignore_resource_conflict=1
'';
};
services.smartd.enable = true;
hardware.cpu.amd.updateMicrocode = true;
}

36
hosts/youko/msmtp.nix Normal file
View file

@ -0,0 +1,36 @@
# TODO: Potentially make this a common module?
{
pkgs,
config,
username,
...
}:
let
mail = "alert@nrab.lol";
aliases = pkgs.writeText "mail-aliases" ''
${username}: nikodem@rabulinski.com
root: ${mail}
'';
in
{
age.secrets.alert-plaintext.file = ../../secrets/alert-plain-pass.age;
programs.msmtp = {
enable = true;
setSendmail = true;
defaults = {
inherit aliases;
tls = "on";
auth = "login";
tls_starttls = "off";
};
accounts = {
default = {
host = "mail.nrab.lol";
passwordeval = "cat ${config.age.secrets.alert-plaintext.path}";
user = mail;
from = mail;
};
};
};
}

122
hosts/youko/nas.nix Normal file
View file

@ -0,0 +1,122 @@
{
username,
lib,
pkgs,
...
}:
{
boot = {
supportedFilesystems = [ "zfs" ];
zfs.extraPools = [ "yottapool" ];
};
services.zfs = {
autoScrub.enable = true;
zed.settings = {
ZED_DEBUG_LOG = "/tmp/zed.debug.log";
ZED_EMAIL_ADDR = [ username ];
ZED_EMAIL_PROG = lib.getExe pkgs.msmtp;
ZED_EMAIL_OPTS = "@ADDRESS@";
ZED_NOTIFY_INTERVAL_SECS = 3600;
ZED_NOTIFY_VERBOSE = true;
ZED_USE_ENCLOSURE_LEDS = true;
ZED_SCRUB_AFTER_RESILVER = true;
};
};
services.samba-wsdd = {
enable = true;
openFirewall = true;
};
# TODO: Clean up. Potentially make it a separate module
services.avahi = {
publish.enable = true;
publish.userServices = true;
nssmdns4 = true;
enable = true;
openFirewall = true;
extraServiceFiles = {
timemachine = ''
<?xml version="1.0" standalone='no'?>
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group>
<name replace-wildcards="yes">%h</name>
<service>
<type>_smb._tcp</type>
<port>445</port>
</service>
<service>
<type>_device-info._tcp</type>
<port>0</port>
<txt-record>model=TimeCapsule8,119</txt-record>
</service>
<service>
<type>_adisk._tcp</type>
<txt-record>dk0=adVN=tm_share,adVF=0x82</txt-record>
<txt-record>sys=waMa=0,adVF=0x100</txt-record>
</service>
</service-group>
'';
};
};
services.samba = {
enable = true;
openFirewall = true;
settings = {
global = {
"workgroup" = "WORKGROUP";
"hosts allow" = "0.0.0.0/0";
"guest account" = "nobody";
"map to guest" = "bad user";
"getwd cache" = "true";
"strict sync" = "no";
"use sendfile" = "true";
};
"tm_share" = {
"path" = "/media/data/tm_share";
"valid users" = "niko";
"public" = "no";
"writeable" = "yes";
"force user" = "niko";
"fruit:aapl" = "yes";
"fruit:time machine" = "yes";
"vfs objects" = "catia fruit streams_xattr";
};
};
};
services.jellyfin = {
enable = true;
openFirewall = true;
};
services.radarr.enable = true;
# TODO: Remove once https://github.com/Sonarr/Sonarr/pull/7443 is merged
nixpkgs.config.permittedInsecurePackages = [
"dotnet-sdk-6.0.428"
"aspnetcore-runtime-6.0.36"
];
services.sonarr.enable = true;
services.prowlarr.enable = true;
services.jellyseerr.enable = true;
services.deluge = {
enable = true;
web.enable = true;
config.download_location = "/media/deluge";
};
users = {
users = {
jellyfin.extraGroups = [
"radarr"
"sonarr"
];
radarr.extraGroups = [ "deluge" ];
sonarr.extraGroups = [ "deluge" ];
${username}.extraGroups = [ "deluge" ];
};
};
}

137
hosts/youko/sway.nix Normal file
View file

@ -0,0 +1,137 @@
{
config,
lib,
pkgs,
...
}:
{
services.greetd = {
enable = true;
vt = 2;
settings.default_session =
let
swayWrapper = pkgs.writeShellScript "sway-wrapper" ''
export XCURSOR_THEME=volantes_cursors
exec ${lib.getExe config.programs.sway.package}
'';
in
{
command = "${lib.getExe pkgs.greetd.tuigreet} --time --cmd ${swayWrapper}";
user = "niko";
};
};
programs.sway = {
enable = true;
wrapperFeatures.base = true;
wrapperFeatures.gtk = true;
};
security.pam.services.swaylock = { };
xdg.portal.config.common.default = "*";
settei.user.config =
{ config, ... }:
{
home.pointerCursor = {
name = "volantes_cursors";
package = pkgs.volantes-cursors;
};
home.packages = with pkgs; [
(writeShellApplication {
name = "lock";
text = ''
swaymsg output '*' power off
swaylock -c 000000
swaymsg output '*' power on
'';
})
(writeShellApplication {
name = "screenshot";
runtimeInputs = [
slurp
grim
wl-clipboard
];
text = ''
grim -g "$(slurp)" - | \
wl-copy -t image/png
'';
})
# Bitwarden stuff, move to separate module or properly package?
# Maybe use some other input method?
(rofi-rbw.override { waylandSupport = true; })
rbw
pinentry-rofi
];
wayland.windowManager.sway =
let
mod = config.wayland.windowManager.sway.config.modifier;
in
{
enable = true;
package = null;
config.workspaceAutoBackAndForth = true;
config.terminal = "wezterm";
config.modifier = "Mod4";
config.fonts.names = [ "IosevkaTerm Nerd Font" ];
config.keybindings = lib.mkOptionDefault {
"${mod}+b" = "exec rofi-rbw --selector rofi";
"${mod}+d" = "exec rofi -show drun";
"${mod}+Shift+s" = "exec screenshot";
};
config.keycodebindings = {
"${mod}+Shift+60" = "exec lock";
};
config.window.commands =
let
alwaysFloating = [
{ window_role = "pop-up"; }
{ window_role = "bubble"; }
{ window_role = "dialog"; }
{ window_type = "dialog"; }
{ window_role = "task_dialog"; }
{ window_type = "menu"; }
{ app_id = "floating"; }
{ app_id = "floating_update"; }
{ class = "(?i)pinentry"; }
{ title = "Administrator privileges required"; }
{ title = "About Mozilla Firefox"; }
{ window_role = "About"; }
{
app_id = "firefox";
title = "Library";
}
];
in
map (criteria: {
inherit criteria;
command = "floating enable";
}) alwaysFloating;
config.input = {
"type:pointer" = {
accel_profile = "flat";
pointer_accel = "0.2";
};
"type:keyboard" = {
xkb_layout = "pl";
};
};
config.seat."*" = {
xcursor_theme = "volantes_cursors 24";
};
config.startup = [
{
command = "${lib.getExe' pkgs.glib "gsettings"} set org.gnome.desktop.interface cursor-theme 'volantes_cursors'";
always = true;
}
];
};
programs.rofi = {
enable = true;
package = pkgs.rofi-wayland;
};
};
}

5
modules/home/desktop/zellij.nix
View file

@ -3,7 +3,12 @@
# TODO: Move zellij to a wrapper # TODO: Move zellij to a wrapper
programs.zellij = { programs.zellij = {
enable = true; enable = true;
enableBashIntegration = false;
enableFishIntegration = false;
enableZshIntegration = false;
settings = { settings = {
default_layout = "compacter";
show_startup_tips = false;
keybinds = { keybinds = {
shared_except = { shared_except = {
_args = [ "locked" ]; _args = [ "locked" ];

4
modules/home/unfree.nix
View file

@ -1,5 +1,5 @@
# Copy of modules/system/unfree.nix # Copy of modules/system/unfree.nix
{ config, lib, ... }: args@{ config, lib, ... }:
{ {
_file = ./unfree.nix; _file = ./unfree.nix;
@ -11,7 +11,7 @@
}; };
}; };
config = { config = lib.mkIf (!args ? osConfig) {
nixpkgs.config.allowUnfreePredicate = lib.mkForce ( nixpkgs.config.allowUnfreePredicate = lib.mkForce (
pkg: builtins.elem (lib.getName pkg) config.settei.unfree.allowedPackages pkg: builtins.elem (lib.getName pkg) config.settei.unfree.allowedPackages
); );

17
modules/system/incus.nix
View file

@ -49,6 +49,23 @@ let
}; };
} }
]; ];
profiles = [
{
devices = {
eth0 = {
name = "eth0";
network = "incusbr0";
type = "nic";
};
root = {
path = "/";
pool = "default";
type = "disk";
};
};
name = "default";
}
];
}; };
}; };
networking = { networking = {

9
modules/system/sane-defaults.nix
View file

@ -52,7 +52,6 @@ let
experimental-features = [ experimental-features = [
"nix-command" "nix-command"
"flakes" "flakes"
"repl-flake"
"auto-allocate-uids" "auto-allocate-uids"
]; ];
trusted-users = lib.optionals (!adminNeedsPassword) [ username ]; trusted-users = lib.optionals (!adminNeedsPassword) [ username ];
@ -92,7 +91,10 @@ let
isNormalUser = true; isNormalUser = true;
home = "/home/${username}"; home = "/home/${username}";
group = username; group = username;
extraGroups = [ "wheel" ]; extraGroups = lib.mkMerge [
[ "wheel" ]
(lib.mkIf config.networking.networkmanager.enable [ "networkmanager" ])
];
}; };
groups.${username} = { }; groups.${username} = { };
}; };
@ -114,9 +116,8 @@ let
darwinConfig = lib.optionalAttrs (!isLinux) { darwinConfig = lib.optionalAttrs (!isLinux) {
system.stateVersion = 4; system.stateVersion = 4;
services.nix-daemon.enable = true;
security.pam.enableSudoTouchIdAuth = true; security.pam.services.sudo_local.touchIdAuth = true;
users.users.${username}.home = "/Users/${username}"; users.users.${username}.home = "/Users/${username}";
# Every macOS ARM machine can emulate x86. # Every macOS ARM machine can emulate x86.

BIN
secrets/alert-nrab-lol-pass.age
View file

Binary file not shown.

BIN
secrets/alert-plain-pass.age
View file

Binary file not shown.

BIN
secrets/attic-creds.age
View file

Binary file not shown.

9
secrets/forgejo-token.age Normal file
View file

@ -0,0 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 rA7dkQ tnp92QTb/uXAEizZuUrnaGcJCCkCSjIcE4RiQiYVdw8
HXsRlqJSrDYaAeYslcR+g5KIQC1SUxFp+QdSHpKT61s
-> ssh-ed25519 IFuY+w LI7kx/XwfF0JU8tSmW75nxpeLTUkEfY8NunAZljafCc
f+WEjASZzP9ISv+7kPIMVNgEjdHUxVnLzUkqFHo4byY
-> ssh-ed25519 GKhvwg EZDwzHfhaY0iHHeIDvm6BIY64kPPUgKjZnNuuwwqoAw
FvZEeIqnsFA1fQka4R7sax1O13UZWoVbksSMLP3eEaA
--- XBBcs7w5J7w01fKGoAXVTgOffS9ajheUMz3vDsxHgTo
¼g´ÕöؤƒRn´lè¥gÃÅÁA˜*%ÇYªr¯í 9}³=L~f7„¶ZgâxŠèœ >¦ Rë}hQóõz`rÅZèØñ

24
secrets/github-token.age
View file

@ -1,13 +1,13 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 IFuY+w nyBEszEusqQE6jM7y9G4KCyzNHawdyy+hTfm9LsuRCY -> ssh-ed25519 IFuY+w hrfVBxFIiDTvbm7OMYbme2+97WI3nqxYbjBNRXRS9H4
1bbg4kmmv9m2Gwp+3x8zvqFOkmTKt898/sGCUK9rpGE SaKftmSA+8LitXnkqaw67xw378sNeGs/ENxmMsOVdvQ
-> ssh-ed25519 84j9mw 5s2PNoIOMWf2gBwzmRHmssMOuvu2kv43316E20McKh8 -> ssh-ed25519 84j9mw opGXl7a35TsSj2/ADgdbS5bp6/EDTsUDkS/IjIgjUBA
FyA+VjPgPynvMQfxm3d2+SOEpsJFIKJE8pbXeIkOfGI Cw5O6wt9vzqCgbWxxCrzmXJQH+/Ae1wwyHCcHLfpEck
-> ssh-ed25519 ioPMHA 4N9PsYYaeqJDbxpQpyCgvR/JWwLPDCAi65YB6M0uT0U -> ssh-ed25519 ioPMHA 5fAg0NsD/KlXSAJg1UQYsJEzZMy/wCHfwmv19cbWRyQ
mFCqo1htPi2WRKiJz/t8Y7TMD/p7X81HsHGG0KIsROQ OhDaO75k9xEdCE0GdyJ6iK6B11ie/l4yCfVKp6py31I
-> ssh-ed25519 5A7peQ ZjRTqjDou2xS638dR8AWKCv5uKTSmOSJ/4rkfFckhjY -> ssh-ed25519 5A7peQ pqvZetDuRh5pesWPZ9725h7i+XuvSNMn7810ukhNjyM
yUJABvMDLN0C15XBmnZJZ88khXAXLUP+aEqH5DlJcKY 96JlWRIyIZ07siNa1kk0HtHhiB4NQbSKQ4KXsDJGGdE
-> ssh-ed25519 GKhvwg w1OKhVPY89J/pbrrXIHVifV++5e1tLqlSL9yM/2rqX0 -> ssh-ed25519 GKhvwg Ba5tOdWUlE9qs1tPb7t+0ZtHN82a6RmMHP1tzGe/VSg
VF0cvmdtCZAlPgIqcNZYp7ANPhvDqlFE7h018lCbWyg wLWBaFUkWkB5lMEKX0ISEQTGx/RDTF1vbvuGo9w8Qm4
--- YWa0wXlaYVF+g06+w/u/h+NURlfMY8lauf5ZtrrhrF4 --- yVc69z1O1UOM+93dnjV0wkeqb4StW4HcBYi00z+0dIQ
Í…P׆øæôÃ?4ƒ·)òçméñ f.ùªª±§þå²`<60><><EFBFBD>Á½aF<61>CjŒ"JÂÑwd鱇œùBÆŒ+{dK´µ• ð"Š49딹ùbW<62>5v ˜WjsUÚ²ºíoO<6F>Åý#S%\âqn®ã[³ðh½ôA¡ÑjEÊhéœýŽÔÞ¢„Ót¹£“jÿC

BIN
secrets/hercules-cache.age
View file

Binary file not shown.

27
secrets/hercules-secrets.age
View file

@ -1,13 +1,16 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 84j9mw P7StDsdpmJLp0ni5ZwdhVy2lx5TSfVlIqFAF9y4Zn34 -> ssh-ed25519 84j9mw qVTbaORT1Ouwq1uA0cWQ3Q85tLYcq6xuZ9UhcMOTTSk
UksAEE1WWb2xWgHM8h4lhTW2pwqF8ydgGtFnqcp1KUo PE0VZp1P9K4IAnm/BIDusGsp4dtLvaN0/m9q9gNnfx4
-> ssh-ed25519 ioPMHA roPhy0I+dRtPuWsnFSxl2m7Uh7GgXkupwHSgL+LHrzs -> ssh-ed25519 ioPMHA +m127XNN1vH6Tg6XGuHDbND0giQgGsMLE7YUKagZbXk
8rUE3mr9dukcAeR1213wjSm6Bme9ExpGX6TjEhHRYnc tKyYRNLt1UgnQR//64yAunpHjE7JyB/Mkdmc4gkMTWw
-> ssh-ed25519 IFuY+w crwMCw/ElBMNFhUMHLAg+ZxpsutBwV7hhG79bXEmCDE -> ssh-ed25519 IFuY+w x4WynTbStig1Ay9gyaplDcNlLQT0kMOFOJwVvcco1i0
7rnOVAVI/HgGbaswauWxCqB7Tkzx3hCxB2RZOi4aIpQ i8M7n2tfBJoFNmQHs5jEaZdfKc1UmjL5y6oBCos1mDk
-> ssh-ed25519 5A7peQ bcqPb+IVrI8BKlcpIrZ/qnbnG3p/mLsk/iSCVYlvwmY -> ssh-ed25519 5A7peQ +XJDHQntGS+FcrFgy9X/9RDOrBMNCI8rHsicV4Z5sBo
2q9KmMmyeYey9txiYrmxM5T86qXw7arKZSAbxszgxVo i6xfceBN4DE9EYF8Q4PaJjX7qbELJaJ5dxMGoAIE8xU
-> ssh-ed25519 GKhvwg H9Pka72t6kmmxGcoAaRtyn8m9xlP9DJSeBrE6jVtRh4 -> ssh-ed25519 GKhvwg fzJcotOtNhVeNwOdMQIwPT9GmgbE13HYmCkwbFlCCkQ
w/lcxBFd5w9mMn/sarr+7yCY+IGJzMJUgvi+KrQA4s4 mNtYtoX8IUDgHKAQRA5e7HLZgYVI9wCF8QMm530eFEo
--- wO1f52ZjrCtOdgOrnkKWPao5ZS2BhmWFQmvLGliosyM --- EIWU+anFU1NSYiu3O+xncDnVvJVrwHzwaAX1YhsaOj4
S»Úø¹]l—ŽuâGŸá ˆc°•U åÖLHb/(ÒfüÜ ë$Ý&øÌX<C39D>FPžçt®»œç.n,)¡¥<C2A1>ã¦t8ô 9½gø~”3Ûê×Î.ì×ÑÕÛh±œ`ê<>Ä0àÈiÂ<69>Ø|Zi¡‡9ùS‡´ß«ûÞ”~°vf¼,~\;ÃIÛ®ÖFVOÀ)uÍj :Ëu[&Çè´ œª6£µ¢`ÝO¥Z|yì®É¥_„ƒPeÁ½äùKÍ.vꪹúž^¹ñŸ•2ç-†Ò€<\^ämîŠ<C3AE>!.÷y¿s”¯ ¦Èl ƒÎK`fÂbD‰äcdbÊD<…í_6¿zãà±R©Å?êg•Ì®Ù`H ,5h Œ$\û¥XlÑÝ %§ëDJ#Îä·0Ÿ¨AÉD
qz,3sHÿ…µÌÂVb¦<>®ÄÂTùÍÞªˆË‡¹8Ÿ¬[ ÏÈ?VgNVdˆ
Ä<EFBFBD>È—L=è©í̵žðg%ιî[ÕmdšòíëØ6oqòžEÂ4Å<34>óöÕF3@P\(MDM;%É^<5E>Ü«ïp¾xîª÷p<10>):O9,iBµ¥±„T
sÇšÏ-—à“ÃJWºÖèEÎ\0£™yÎ>0;î<>öyÑLæå{üt.g%W,ºX} JÆJßÀdgê3žŽ\Ž#<> 0h=l´ˆüš<C3BC>hBB䃜üXÀ<58>ÄëÍb$õ^Ð óå” B¨M™ØìÕþ[È~ÌÜu?Ñâ®þþ h¾ªlÿ”Ìc;z½k

BIN
secrets/hercules-token.age
View file

Binary file not shown.

13
secrets/leet-nrab-lol-pass.age
View file

@ -1,8 +1,7 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 84j9mw ZuGILSHnMIMy/GDEjkAriTBKBykkytcIVo63DPd4MhA -> ssh-ed25519 84j9mw qRlII1WyhanH2pNwSnl01iMlPWQ7tsyiNNOHPLNMflo
aa/sGLpf+GrLzo8Jf3JWAPI0Uk96SH/CvGhynNJVx6E ZMtYsPCDsgcbN1qoAYWTBQtfBWGHzi4WKbGtpJSzKRA
-> ssh-ed25519 GKhvwg STHVqp1zYhQzu73INk2Cmkuf8X8kJPLtGSY8LJze/Tc -> ssh-ed25519 GKhvwg Fck+71BDUxko70r43pDKCYaa5OKZipR4iNveNrJaiC0
Ny1C5CAnqSCcunIbM8if8oQ2VlerIIW5Dqds/Ztektw uZZhlsckmE+mi7Oq8+gtisDFmLEoy0Pm/9BKgRi9VHo
--- gaHP+odPfw8A4f5NJkYOuvvYRWwo5EzRZVkXp6E7dfI --- i/jgJHw3pEnMDGSjdK47mOkt87oI8szIHiIqimXVyXY
NëÑfO÷=¢¨ÿª+T3þT 0w<ˆnXrˆ\—ùä˜XZ´MãX n˜Ò*ªóÞɯòGœ¼!¡ßG^ ß2ÞúÓÑô˜/w†ü ÚÖßµSÇÞ<Èñ<C388>S¨ýjË{B>A¼Ñ¶î°Âå<>í<EFBFBD>ÏBzœ¸ÜwgÅÙá@"PY^£+E¥×['ÓÞú–ÌŽÕ,K©[ÈXÜ~XåÇg{øÊ2æìíc4
ª½“}FPy<79>

BIN
secrets/legion-niko-pass.age
View file

Binary file not shown.

14
secrets/miyagi-niko-pass.age
View file

@ -1,8 +1,8 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 g2vRWw //TMaNWwTNS5wE3Hg/SEwqriIaOiOUE5remdVF449Vk -> ssh-ed25519 g2vRWw Pdv9mU1heeteeLbLFVUAIyZxmCWHNmhnw0TphSVMczg
8K3isM05ep9HJ58TlNE9bmiIuqJPoq3lI/3AbUrLw8Q xks6yrF0BziJFp1QHSJdv5Svo1bCu9DF6s3wa2h0Xmg
-> ssh-ed25519 GKhvwg GANoFnELye0945KaMuS7xw6CGPhI5vigD+vScnpbQxI -> ssh-ed25519 GKhvwg H2DeS0HP/vWKRrBszwCffNgIZo8nVymGSkWEH26Y/2k
CSx0E7fOB8A5MSc1ySywNFj5mkkdi6DDUc+ObaW/kew 2y9DCIwpFsFXpgOwOrrD9+HpRzEuno1fW2upd2FLbZc
--- +BiFZI/o5loCYZ95bkY4zQYr2y6SYc2bmnRuAMg2MPM --- LNHsLxE4XBziNhnXmARcxB7UWhcKNvon1sDdX6mfZaw
"D1ŠMh»`dcó…Þl©U;]PuÍ×Õ¼ /?¸Éì5«\\ì½D»ô¯È1l6øzÍÕNé¼Sì™Æ -1Šdmÿ<6D>
N;<+^BpømÕšÁy» ñ¦s°Z;ûúVª«¥ÉÝj öf——ŽR´¸…,È[Û#[-ô;øMÓ}ävžêi4üx˜~=èÌ)ño¬º¡N^Ènþê„"X<>§Bª}W583Ùæƒ<C3A6>vÞÀò:Î¥çôu†Z«µ<C2AB> åɶ

BIN
secrets/nrab-lol-cf.age
View file

Binary file not shown.

BIN
secrets/ntfy-alert-pass.age
View file

Binary file not shown.

12
secrets/ntfy-niko-pass.age
View file

@ -1,7 +1,7 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 84j9mw tR4gg/XeVdS8xCIuHxN25uaRKu6a09DSW26SI3AWDlM -> ssh-ed25519 84j9mw VodL+EHOjoXj8R/F0vMQzEcnnCFzzes0QByGCDCgVQw
uC2gJ9UWDE6uVXkUDlaVZlWAH5iLDgagkN+54msvyoY tZLaDA1FLFwbK0AGo8lpTJjMUnPhJh1czYVLIYjkcEc
-> ssh-ed25519 GKhvwg q27QskTYhI5gjIKKpNHn5V2FRmhIg8QFJ8m0TPZiwSY -> ssh-ed25519 GKhvwg gHaR4I4l0I+/XrbjTMp/mevEzxPJXNLB1eHs33WKwGw
/0RIbiG/nwxKDJ613BLoCNvjej6f65mr1xwCN7/aueI GTAzrhyyDylZgExteDGpGbcS/TFX1q+NhF1FWHzNV0s
--- XU82wFZVE+zTZ/mGhnoxqWrdUOv3n6VOwQizZSHPLfw --- QS1dAgdS96KwIprDjzz6OD4qSIZs4/m9JEIsi3+kgPk
«ÁěĎ"˝ô˛čů1ëKË×Ä˝°˝.Ž J<>'!nlO]>ˇďĹYç ąEűëÝX ¼ÐzêÐPCžSÖx€ªf ¹Â-èÕžÀiŒ¡cû7˜_¸Š~¶ÛjA

17
secrets/rab-lol-cf.age
View file

@ -1,10 +1,9 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 ioPMHA efHpBvtB+mXXa7RoRdqePHGOmsY5BXVOgGsfOhPm30w -> ssh-ed25519 ioPMHA ftS+6CMGsySkp/KbDBLPKeWNDK83bZ2VB8ZKMRijkkY
2GvumVVuuLGEarpdauTCrB61aLtVtrkM3/pPlWIODnk U+2wopG3G2AvI4KUD9tZGIrHZSM3UdyDdYmbbkllWPo
-> ssh-ed25519 84j9mw rqj6xvESlvrfcjhVEWCbpd//vvdKjrTjt3ZDPeLHowQ -> ssh-ed25519 84j9mw xek41MX1ETVgRZa24I7n5U/XkJOqItQWK3Qz1FfkDCc
dcUD131zvVQGiUYQWt9A51CnIpLGNSGinSZk7HSGHoc 40CWzCUmxsjgmiObbqKuSieifZ2vNo965jOeTrZ8hT8
-> ssh-ed25519 GKhvwg cIji8zRSGWEbC/xxS8C4jyDCpQsFv05j2Yo8UjaHSAk -> ssh-ed25519 GKhvwg X2YSREIPjoaWaku9qrVu04hOlZjUF3LFEUZaIMgg02s
+c/tIYPigZdPQWKvGYaoA6AYRAB83XlEEdfucihB984 jbjT6qoIFGXRv2wrkzf2GHx3tcku/tgWfK6Sns3uFVc
--- TEQTQ/lm/JqyyWU2sC10qHl4AL/2IP9yCUfhXG4LdP4 --- B/FIIz8dDg9YXbtDxfAQFZj9PCLHwI/mboBJQBuFmJg
ŮČ®żöˇS ¨Fâ-dcÂD€\<5C>?hî Qg@Wâî „ýÎãì4®L7Hç3F¼ À <0B>íÍ„"ºæfU(ëÁ×Û~î‡%sb£ìùãæ¾Ô€~ZÂ}Z>2KO¨'Q\Á¿W[š„·ÏŒe…š¡1ö^IÖ‘
xA|M*Űr—t0Üű~Ń°XaŇ{¸ÎĂy/ŹëWUѸˇ¤Y˛ë ¬¨{đ×°}TAxDç

12
secrets/rabulinski-com-cf.age
View file

@ -1,7 +1,7 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 84j9mw LuZiZnebklpoXQ6RPZSrELwY4CzwY+Qb/LrlVPFiSC4 -> ssh-ed25519 84j9mw d9KZV9S1hRXBvVcFe40S0NqWKlQ/AdRgAqdYXKicXR8
QVi6XyetJxwvOB+v+CyKEdcq96ykcK3wfWh3i75Dq1o SgTn9MXrft+sRr4I96fqQHzAdm0b21Bd0eSoYFfq7/4
-> ssh-ed25519 GKhvwg V3iEXNodDDKKKrHSfNYVKTphsMQfgl3Z/LUwTyArx3A -> ssh-ed25519 GKhvwg B9qTfegTwDH/X0nQMGvTKCsK2GyzJ7yWgFIo+nKhsGc
FQJLg7uHWzc6/U+/QOCYwrkwvvw8rQNG+h+PJ1rRKXA Is4Hi8B2/9s0pz/quvNER2hTkabPbr7qeILL4PhQO1c
--- FVExbzlz8e7moZFIkpMR+sj4Kurv+Ge6yMW/uJLr5H4 --- 1BhfbNEwYq0ra5slik651qbC8jffR2FmnDHV3FDtom0
¨Ñ ç׿I-‡iOJbzk÷Œ€1¨"œ„ø™Kx—I{¨BÆšd#¦éê71Ü®âm-Ø¡ø0D° ¢£f\¥y}ƒ‡ˆâùŸ‘ôÿÕ=Ú¸º ëû4òÝ£ Œ-…oSÔ<E2809A>¢-?{¢r]5«°óâ”;Ä+0 ÁoE9tƒ”µHXjqâj2@3üÞ ¶¼µº©÷m°mkúðyQâØ;_<>ŸW°Ñ϶Qœ~

12
secrets/secrets.nix
View file

@ -33,9 +33,8 @@ in
keys.other.bootstrap keys.other.bootstrap
]; ];
"alert-plain-pass.age".publicKeys = [ "alert-plain-pass.age".publicKeys = [
keys.system.legion
keys.other.bootstrap keys.other.bootstrap
]; ] ++ builtins.attrValues keys.system;
"legion-niko-pass.age".publicKeys = [ "legion-niko-pass.age".publicKeys = [
keys.system.legion keys.system.legion
keys.other.bootstrap keys.other.bootstrap
@ -89,6 +88,15 @@ in
keys.system.ude keys.system.ude
keys.other.bootstrap keys.other.bootstrap
]; ];
"youko-niko-pass.age".publicKeys = [
keys.system.youko
keys.other.bootstrap
];
"forgejo-token.age".publicKeys = [
keys.system.youko
keys.system.ude
keys.other.bootstrap
];
"kanidm-admin-pass.age".publicKeys = [ "kanidm-admin-pass.age".publicKeys = [
keys.system.kazuki keys.system.kazuki
keys.other.bootstrap keys.other.bootstrap

14
secrets/storage-box-creds.age
View file

@ -1,9 +1,7 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 84j9mw voingQjX/CjAjo63KLaRPFaG74IpxcRb0qv+r2b5wzo -> ssh-ed25519 84j9mw auP2WgwsaWjyocQkSzoYShO2kSLjn2UArvAVEhKgDiY
ccWzQQSJW7cc8RiS9PzN2U5Xj0+Z7804tPsaGrq09KA 4Uh423ZjS7/Xo6TxLJzWqXgHZAu0xouH0UvFZuJuEz4
-> ssh-ed25519 GKhvwg 2z8J0YRxQ4WP1G/W7DxRK7z1b6UBjodvN8ECP4fLg1U -> ssh-ed25519 GKhvwg JHtyTS12OXspSKP9r/a61cfp+ubYbsAXFmEijMTex3Q
wRG4U9oAJ2KtPUHg5l0yDmmHatmwXOrn2nJlOQJMlpE wZYrJ8yIZ3v5cdBzpiI9ocaTpHbtmebEpbr59Bz3rhc
--- qs7kR5AIkwQ8NtDjYnmKZmCl4+1G6MFBNB3Mu3J9Y1M --- koWJ57H+ErMJDxW6JDNL2ImmZb6o9v2BJtaFi2OL+dc
<EFBFBD>ø™ Ioð5q®&¢C<C2A2>³U*”†[T.Hª€ÉŠ×ʺkkp„Oç£Ys,Óg£49øËʼn$^l-Aú/—¶åë¦QÊX»ÆðÖø
æ8[ÅÎWÑ•®Sàõòݸ<C2B8><EFBFBD>î]&èZaؼuŸÇæžEBÕå!®pŽÖÏ´åÌ4pYݱ"
QYê<EFBFBD>qSƬ`œ

BIN
secrets/storage-box-webdav.age
View file

Binary file not shown.

12
secrets/ude-deluge.age
View file

@ -1,7 +1,7 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 IFuY+w +zbPYKlvvfaIQl+PnnZlEai/TAgzsQ7s/1bLXNXnXEw -> ssh-ed25519 IFuY+w EOJQpXxn+NL/BJjpdo8mIGfOYxcMElkVIiGx7KftrQ4
BTQQRxlaRFbWnV6e+QBPDfN+lyg9URj+2h85tDKZ19k OcglvGhSgb1mxH8M19ZMf3m6lSF0clzH7Mjikf7cilM
-> ssh-ed25519 GKhvwg DzWYIGY0CNdA5wp7PkV1gpWmtYG28or8XeNZ7DkLz1c -> ssh-ed25519 GKhvwg cr+0J59wCjYBONBcDulN8lpvZiCvULHqnwDu+eKQRAo
ELQVeuyaIOWVH6+oMDDlI3CikDLe5jijwVPbaRBL2NQ 9q87PSfr4kq8lCDrw5Od3D1xJjSSmVv2/TXBWEBtBpU
--- vCU0PryisDG8cOKr6CmPcUwjIdThsRjrty/fowZNwOk --- FmVR9tb8wjYFb/FBTrblXMCUAMw5KQ7sX8WojcxCrbk
ð”Êh<1F>+Ñ®ì>³ùöíHV`w|e/³ò]â½kšïyð´S ~d¡¡œm&Û9¹ªýY)ÍÉ)T ôn•ç¡Sê8Ç@Û¿zsSÉÑÒÔg' ŃĚÇCÂ<\á}ŹJ<C5B9>Ą ¨„f”é|<7C>6G“Ś•@WXc-"©Ő÷Ď<C3B7>űîüîAGşŹ«Z' Ĺxé_ňÔ ˝z,@nÇ" 3[Ä? Lb@óŹďe

7
secrets/youko-niko-pass.age Normal file
View file

@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 rA7dkQ etmPKjKz102knTx/qQAihC9bFvRENB0Q1DtnaQyjfm4
GPt9OCIwT+/Q/UUDtkHB8d7T6znHy1y1NEUeI+SCeMg
-> ssh-ed25519 GKhvwg qdCxGyXrdD+WQa/il8fIlV7OKdREqd40Qk0PKITHxlk
OBJ9gg+KBHi2s1HYLazy3K+yh8tvnUvmuH+riWU7K8c
--- V3FRy0/TcUdUaBDUK+93r5rH26Is/KVuNJC+1vFMsOI
ŠýØÀëÐw§±æÏôOÌ.➌añ«÷Ûä<01>&<26>ößÞ<C39F>z³¹û ä[ oXµÄu<E2809A>ÁßùÅþƒáÖÉ÷”,ášajxGÆœuÕ/šÆñæeL²Ì/6S[SU¾

BIN
secrets/zitadel-master.age
View file

Binary file not shown.

1
services/default.nix
View file

@ -1,6 +1,7 @@
{ {
imports = [ imports = [
./attic.nix ./attic.nix
./forgejo-runner.nix
./kanidm.nix ./kanidm.nix
./forgejo.nix ./forgejo.nix
]; ];

49
services/forgejo-runner.nix Normal file
View file

@ -0,0 +1,49 @@
{
services.forgejo-runner = {
hosts = [
"ude"
"youko"
];
config =
{
config,
lib,
pkgs,
...
}:
{
age.secrets.forgejo-runner-token.file = ../secrets/forgejo-token.age;
services.gitea-actions-runner = {
package = pkgs.forgejo-actions-runner;
instances.default = {
enable = true;
name = config.networking.hostName;
url = "https://git.rab.lol";
tokenFile = config.age.secrets.forgejo-runner-token.path;
settings = {
container.network = "bridge";
};
hostPackages = lib.mkOptionDefault [
pkgs.nix
];
labels = [
"ubuntu-latest:docker://node:16-bullseye"
"ubuntu-22.04:docker://node:16-bullseye"
"ubuntu-20.04:docker://node:16-bullseye"
"ubuntu-18.04:docker://node:16-buster"
"native:host"
"native-${pkgs.system}:host"
];
};
};
virtualisation.podman = {
enable = true;
defaultNetwork.settings.dns_enabled = true;
};
networking.firewall.trustedInterfaces = [ "podman+" ];
};
};
}