diff --git a/flake.lock b/flake.lock index 5994a96..af46674 100644 --- a/flake.lock +++ b/flake.lock @@ -30,11 +30,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1750173260, - "narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=", + "lastModified": 1747575206, + "narHash": "sha256-NwmAFuDUO/PFcgaGGr4j3ozG9Pe5hZ/ogitWhY+D81k=", "owner": "ryantm", "repo": "agenix", - "rev": "531beac616433bac6f9e2a19feb8e99a22a66baf", + "rev": "4835b1dc898959d8547a871ef484930675cb47f1", "type": "github" }, "original": { @@ -46,15 +46,17 @@ "attic": { "flake": false, "locked": { - "lastModified": 1750621880, - "narHash": "sha256-1l1FdnWa77BdBTlXHXxyEPeE+X3p/x9W5bTrirkT5SI=", - "rev": "3b1831a2719a54830a3bf3a10d5a1fee81ca35a3", - "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/nrabulinski/attic/archive/3b1831a2719a54830a3bf3a10d5a1fee81ca35a3.tar.gz?rev=3b1831a2719a54830a3bf3a10d5a1fee81ca35a3" + "lastModified": 1748777195, + "narHash": "sha256-j3GQS4zm4zc1yo+5hCs0kpIGNDePj7ayRkbqsy3tyYs=", + "ref": "refs/heads/main", + "rev": "ec24c04e345ab02ff35020d99e34f1eda0b82352", + "revCount": 373, + "type": "git", + "url": "https://git.lix.systems/nrabulinski/attic.git" }, "original": { - "type": "tarball", - "url": "https://git.lix.systems/nrabulinski/attic/archive/main.tar.gz" + "type": "git", + "url": "https://git.lix.systems/nrabulinski/attic.git" } }, "blobs": { @@ -76,11 +78,11 @@ "conduit-src": { "flake": false, "locked": { - "lastModified": 1750551437, - "narHash": "sha256-Im9Mht19WldZmQP59mQSbPAnQYYyD8J6aBfuI63L4uY=", + "lastModified": 1748702033, + "narHash": "sha256-W72vGS0qJow1O4jXkuE3px4eNyFJeZqjuMREs6Lb5bU=", "owner": "famedly", "repo": "conduit", - "rev": "3248efbe4b50ccc3a34a3e4d0e5ebc13be2b8909", + "rev": "a1886a13967b0471b55428f7aed55087ad357491", "type": "gitlab" }, "original": { @@ -93,11 +95,11 @@ "crane": { "flake": false, "locked": { - "lastModified": 1750266157, - "narHash": "sha256-tL42YoNg9y30u7zAqtoGDNdTyXTi8EALDeCB13FtbQA=", + "lastModified": 1748047550, + "narHash": "sha256-t0qLLqb4C1rdtiY8IFRH5KIapTY/n3Lqt57AmxEv9mk=", "owner": "ipetkov", "repo": "crane", - "rev": "e37c943371b73ed87faf33f7583860f81f1d5a48", + "rev": "b718a78696060df6280196a6f992d04c87a16aef", "type": "github" }, "original": { @@ -108,11 +110,11 @@ }, "crane_2": { "locked": { - "lastModified": 1748970125, - "narHash": "sha256-UDyigbDGv8fvs9aS95yzFfOKkEjx1LO3PL3DsKopohA=", + "lastModified": 1743700120, + "narHash": "sha256-8BjG/P0xnuCyVOXlYRwdI1B8nVtyYLf3oDwPSimqREY=", "owner": "ipetkov", "repo": "crane", - "rev": "323b5746d89e04b22554b061522dfce9e4c49b18", + "rev": "e316f19ee058e6db50075115783be57ac549c389", "type": "github" }, "original": { @@ -128,11 +130,11 @@ ] }, "locked": { - "lastModified": 1750423559, - "narHash": "sha256-V9CtRGRbi+9qUgbinyfR8lwhDiwg+QtTaT88FLD8Z3Y=", + "lastModified": 1748354048, + "narHash": "sha256-BUUifoC7bipKczvpk8fq+UYrhiK95nt/zhMuPcelzWg=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "f601f02d132b3118f56e013249f4b234c371180d", + "rev": "eb1b636932ba2f19522d3687ba27c6adf3fd5978", "type": "github" }, "original": { @@ -149,11 +151,11 @@ ] }, "locked": { - "lastModified": 1750040002, - "narHash": "sha256-KrC9iOVYIn6ukpVlHbqSA4hYCZ6oDyJKrcLqv4c5v84=", + "lastModified": 1748225455, + "narHash": "sha256-AzlJCKaM4wbEyEpV3I/PUq5mHnib2ryEy32c+qfj6xk=", "owner": "nix-community", "repo": "disko", - "rev": "7f1857b31522062a6a00f88cbccf86b43acceed1", + "rev": "a894f2811e1ee8d10c50560551e50d6ab3c392ba", "type": "github" }, "original": { @@ -242,11 +244,11 @@ ] }, "locked": { - "lastModified": 1749636823, - "narHash": "sha256-WUaIlOlPLyPgz9be7fqWJA5iG6rHcGRtLERSCfUDne4=", + "lastModified": 1742649964, + "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "623c56286de5a3193aa38891a6991b28f9bab056", + "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82", "type": "github" }, "original": { @@ -285,11 +287,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1750531852, - "narHash": "sha256-ps4Fa8cq+q13Kb2nj9uxXjIGvsSRBUfcxW5CgquxiQI=", + "lastModified": 1748702599, + "narHash": "sha256-cXzTGHrZsT4wSxlLvw2ZlHPVjC/MA2W0sI/KF1yStbY=", "owner": "helix-editor", "repo": "helix", - "rev": "171dfc60e5cda8f9fb6c4f662872f35bbe864a53", + "rev": "2baff46b2578d78d817b9e128e8cc00345541f0b", "type": "github" }, "original": { @@ -305,11 +307,11 @@ ] }, "locked": { - "lastModified": 1750614446, - "narHash": "sha256-6WH0aRFay79r775RuTqUcnoZNm6A4uHxU1sbcNIk63s=", + "lastModified": 1748737919, + "narHash": "sha256-5kvBbLYdp+n7Ftanjcs6Nv+UO6sBhelp6MIGJ9nWmjQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "7c35504839f915abec86a96435b881ead7eb6a2b", + "rev": "5675a9686851d9626560052a032c4e14e533c1fa", "type": "github" }, "original": { @@ -321,15 +323,17 @@ "lix": { "flake": false, "locked": { - "lastModified": 1750506763, - "narHash": "sha256-hCbhc9P+UmIlYv81+vs6v3bDqviCUhwPH3XqClZdfSk=", - "rev": "242a228124f77b57c2e3b3aedb259ffb7913cd3c", - "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/242a228124f77b57c2e3b3aedb259ffb7913cd3c.tar.gz?rev=242a228124f77b57c2e3b3aedb259ffb7913cd3c" + "lastModified": 1748588861, + "narHash": "sha256-bP9MHHCx/6Pi1TlO7Iq8X6AUoQHzyExQJNnSHSOqUUk=", + "ref": "refs/heads/main", + "rev": "3815dd5e64fc374fa4dcc5064470cd7a7d77aaf3", + "revCount": 17966, + "type": "git", + "url": "https://git.lix.systems/lix-project/lix.git" }, "original": { - "type": "tarball", - "url": "https://git.lix.systems/lix-project/lix/archive/main.tar.gz" + "type": "git", + "url": "https://git.lix.systems/lix-project/lix.git" } }, "lix-module": { @@ -346,13 +350,15 @@ "locked": { "lastModified": 1747667424, "narHash": "sha256-7EICjbmG6lApWKhFtwvZovdcdORY1CEe6/K7JwtpYfs=", + "ref": "refs/heads/main", "rev": "3c23c6ae2aecc1f76ae7993efe1a78b5316f0700", - "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/3c23c6ae2aecc1f76ae7993efe1a78b5316f0700.tar.gz?rev=3c23c6ae2aecc1f76ae7993efe1a78b5316f0700" + "revCount": 144, + "type": "git", + "url": "https://git.lix.systems/lix-project/nixos-module.git" }, "original": { - "type": "tarball", - "url": "https://git.lix.systems/lix-project/nixos-module/archive/main.tar.gz" + "type": "git", + "url": "https://git.lix.systems/lix-project/nixos-module.git" } }, "mailserver": { @@ -366,11 +372,11 @@ "nixpkgs-25_05": "nixpkgs-25_05" }, "locked": { - "lastModified": 1750598722, - "narHash": "sha256-mDOWRzp0iEdnNln7Wvg60awdFGNq9hIOdPudMeueB6Q=", + "lastModified": 1748689589, + "narHash": "sha256-ltwdNAsto54HMQFdrCprWXPFhNBfEuiCkj+GS7ZHvww=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "cfb3136cf01a3e571b5340c7529b5b4722a08c52", + "rev": "c9f61e02aee97dc8c7d4f3739b012a992183508c", "type": "gitlab" }, "original": { @@ -382,11 +388,11 @@ "nh": { "flake": false, "locked": { - "lastModified": 1750610317, - "narHash": "sha256-tArf9ek4DoR+5lcDlshGS/CjMjX8vMNfpZ1Ys98UrZM=", + "lastModified": 1748096601, + "narHash": "sha256-ji/9z1pRbosyKVVAIGBazyz6PjWV8bc2Ux2RdQrVDWY=", "owner": "nix-community", "repo": "nh", - "rev": "e5dbcf9d48257f4a116bc4746e0c59c78e08e161", + "rev": "1ea27e73a3dcbc9950258e9054377ee677d12b9e", "type": "github" }, "original": { @@ -398,11 +404,11 @@ "nilla": { "flake": false, "locked": { - "lastModified": 1749389880, - "narHash": "sha256-15lwhWcMonJH6UholMMHDc+p2BoSpGA4AYGrsXQA9Do=", + "lastModified": 1748686039, + "narHash": "sha256-7iLzbTLtgdFtm9em3xxHO9BunN2YpgYquMLKXh5hEpQ=", "owner": "nilla-nix", "repo": "nilla", - "rev": "2e98ae315a592ad6b6de44670514c048dcc88dc7", + "rev": "4e6038f4ebc89487194013af6a1e077dfeb00359", "type": "github" }, "original": { @@ -413,11 +419,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1750386251, - "narHash": "sha256-1ovgdmuDYVo5OUC5NzdF+V4zx2uT8RtsgZahxidBTyw=", + "lastModified": 1748662220, + "narHash": "sha256-7gGa49iB9nCnFk4h/g9zwjlQAyjtpgcFkODjcOQS0Es=", "owner": "nixos", "repo": "nixpkgs", - "rev": "076e8c6678d8c54204abcb4b1b14c366835a58bb", + "rev": "59138c7667b7970d205d6a05a8bfa2d78caa3643", "type": "github" }, "original": { @@ -429,11 +435,11 @@ }, "nixpkgs-25_05": { "locked": { - "lastModified": 1749727998, - "narHash": "sha256-mHv/yeUbmL91/TvV95p+mBVahm9mdQMJoqaTVTALaFw=", + "lastModified": 1747610100, + "narHash": "sha256-rpR5ZPMkWzcnCcYYo3lScqfuzEw5Uyfh+R0EKZfroAc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fd487183437963a59ba763c0cc4f27e3447dd6dd", + "rev": "ca49c4304acf0973078db0a9d200fd2bae75676d", "type": "github" }, "original": { @@ -516,11 +522,11 @@ ] }, "locked": { - "lastModified": 1749436897, - "narHash": "sha256-OkDtaCGQQVwVFz5HWfbmrMJR99sFIMXHCHEYXzUJEJY=", + "lastModified": 1743682350, + "narHash": "sha256-S/MyKOFajCiBm5H5laoE59wB6w0NJ4wJG53iAPfYW3k=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "e7876c387e35dc834838aff254d8e74cf5bd4f19", + "rev": "c4a8327b0f25d1d81edecbb6105f74d7cf9d7382", "type": "github" }, "original": { @@ -581,11 +587,11 @@ ] }, "locked": { - "lastModified": 1749194973, - "narHash": "sha256-eEy8cuS0mZ2j/r/FE0/LYBSBcIs/MKOIVakwHVuqTfk=", + "lastModified": 1748243702, + "narHash": "sha256-9YzfeN8CB6SzNPyPm2XjRRqSixDopTapaRsnTpXUEY8=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "a05be418a1af1198ca0f63facb13c985db4cb3c5", + "rev": "1f3f7b784643d488ba4bf315638b2b0a4c5fb007", "type": "github" }, "original": { @@ -651,11 +657,11 @@ "rust-overlay": "rust-overlay_2" }, "locked": { - "lastModified": 1750360050, - "narHash": "sha256-/BT5MJqy+e0jHjALBNL8YT4kQ9wlaSedxPapYvKyeyw=", + "lastModified": 1745230073, + "narHash": "sha256-OER99U7MiqQ47myvbsiljsax7OsK19NMds4NBM9XXLs=", "owner": "dj95", "repo": "zjstatus", - "rev": "857ada14fc8f652300571272c6db7c12620c33c0", + "rev": "a819e3bfe6bfef0438d811cdbb1bcfdc29912c62", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 932e4c3..594009f 100644 --- a/flake.nix +++ b/flake.nix @@ -48,7 +48,7 @@ flake = false; }; attic = { - url = "https://git.lix.systems/nrabulinski/attic/archive/main.tar.gz"; + url = "git+https://git.lix.systems/nrabulinski/attic.git"; flake = false; }; crane = { @@ -64,11 +64,11 @@ inputs.nixpkgs.follows = "nixpkgs"; }; lix = { - url = "https://git.lix.systems/lix-project/lix/archive/main.tar.gz"; + url = "git+https://git.lix.systems/lix-project/lix.git"; flake = false; }; lix-module = { - url = "https://git.lix.systems/lix-project/nixos-module/archive/main.tar.gz"; + url = "git+https://git.lix.systems/lix-project/nixos-module.git"; inputs.nixpkgs.follows = "nixpkgs"; inputs.lix.follows = "lix"; }; diff --git a/hosts/kazuki/mail.nix b/hosts/kazuki/mail.nix index fe24540..4be5d1c 100644 --- a/hosts/kazuki/mail.nix +++ b/hosts/kazuki/mail.nix @@ -37,8 +37,6 @@ }; certificateScheme = "acme-nginx"; - - stateVersion = 3; }; # TODO: Remove once SNM gets their shit together diff --git a/hosts/youko/default.nix b/hosts/youko/default.nix index 456630a..7f39ac5 100644 --- a/hosts/youko/default.nix +++ b/hosts/youko/default.nix @@ -1,17 +1,3 @@ -{ config, lib, ... }: -let - builderUsers = lib.fp.pipe [ - (lib.attrs.filter ( - name: _: - !builtins.elem name [ - "youko" - "kazuki" - "ude" - ] - )) - builtins.attrValues - ] config.assets.sshKeys.system; -in { config.systems.nixos.youko.module = { @@ -45,11 +31,6 @@ in settei.desktop.enable = true; }; - settei.remote-builder = { - enable = true; - sshKeys = builderUsers; - }; - services.udisks2.enable = true; settei.incus.enable = true; virtualisation.podman.enable = true; diff --git a/modules/home/desktop/qutebrowser.nix b/modules/home/desktop/qutebrowser.nix index 4ff23d7..569e8e1 100644 --- a/modules/home/desktop/qutebrowser.nix +++ b/modules/home/desktop/qutebrowser.nix @@ -1,11 +1,6 @@ +{ pkgs, ... }: { - pkgs, - lib, - config, - ... -}: -{ - programs.qutebrowser = lib.mkIf config.settei.desktop.enable { + programs.qutebrowser = { # TODO: Enable again enable = pkgs.stdenv.isLinux; searchEngines = { diff --git a/modules/system/builder.nix b/modules/system/builder.nix deleted file mode 100644 index c19b769..0000000 --- a/modules/system/builder.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ isLinux }: -{ - config, - lib, - pkgs, - ... -}: -let - cfg = config.settei.remote-builder; - - sharedConfig = { - users.users.${cfg.user} = { - shell = pkgs.bash; - openssh.authorizedKeys.keys = cfg.sshKeys; - }; - - nix.settings.trusted-users = [ cfg.user ]; - }; - - linuxConfig = lib.optionalAttrs isLinux { - users.users.${cfg.user} = { - isSystemUser = true; - group = cfg.user; - }; - users.groups.${cfg.user} = { }; - }; - - mergedConfig = lib.mkMerge [ - sharedConfig - linuxConfig - ]; -in -{ - _file = ./builder.nix; - - options.settei.remote-builder = { - enable = lib.mkEnableOption "configuring this machine as a remote builder"; - user = lib.mkOption { - type = lib.types.str; - default = "nixremote"; - }; - sshKeys = lib.mkOption { - type = lib.types.listOf lib.types.singleLineStr; - default = [ ]; - }; - }; - - config = lib.mkIf cfg.enable mergedConfig; -} diff --git a/modules/system/default.nix b/modules/system/default.nix index bb16c05..0c450a0 100644 --- a/modules/system/default.nix +++ b/modules/system/default.nix @@ -25,7 +25,6 @@ (import ./github-runner.nix { inherit isLinux; }) (import ./incus.nix { inherit isLinux; }) (import ./monitoring.nix { inherit isLinux; }) - (import ./builder.nix { inherit isLinux; }) ]; options.settei = with lib; { diff --git a/modules/system/sane-defaults.nix b/modules/system/sane-defaults.nix index cad117a..2df8471 100644 --- a/modules/system/sane-defaults.nix +++ b/modules/system/sane-defaults.nix @@ -108,15 +108,6 @@ let boot.kernel.sysctl."kernel.yama.ptrace_scope" = 0; settei.user.config.services.ssh-agent.enable = true; - - nix.settings = { - experimental-features = [ "cgroups" ]; - use-cgroups = true; - }; - systemd.services.nix-daemon.serviceConfig = { - Delegate = "yes"; - DelegateSubgroup = "supervisor"; - }; }; darwinConfig = lib.optionalAttrs (!isLinux) { diff --git a/nilla.nix b/nilla.nix index 4e6423f..3a1a09e 100644 --- a/nilla.nix +++ b/nilla.nix @@ -88,7 +88,7 @@ darwin-systems' = map (system: system.result.config.system.build.toplevel) darwin-systems; all-drvs = all-packages' ++ nixos-systems' ++ darwin-systems'; - all-drvs' = builtins.concatStringsSep "\n" all-drvs; + all-drvs' = lib.strings.concatMapSep "\n" builtins.unsafeDiscardStringContext all-drvs; in mkPackage ( { runCommand }: @@ -104,7 +104,7 @@ system, }: writeShellScript "ci-check" '' - nix-instantiate --strict --eval -E 'import ./nilla.nix {}' -A packages.__allPackages.result.${system}.outPath + nix-instantiate --eval -E 'import ./nilla.nix {}' -A packages.__allPackages.result.${system}.outPath "${lib.getExe config.packages.formatter.result.${system}}" --ci '' ); @@ -128,7 +128,6 @@ config.packages.agenix.result.${system} config.packages.attic-client.result.${system} config.packages.nh.result.${system} - config.packages.formatter.result.${system} ]; }; }; diff --git a/pkgs/conduit/default.nix b/pkgs/conduit/default.nix index fee4c6f..10775f7 100644 --- a/pkgs/conduit/default.nix +++ b/pkgs/conduit/default.nix @@ -13,8 +13,7 @@ rustPlatform.buildRustPackage { inherit src; strictDeps = true; - useFetchCargoVendor = true; - cargoHash = "sha256-gNcpB2LMZU18RIxVu+mJfa4+lB5rNIRcZ2DJPvZCdQo="; + cargoLock.lockFile = "${src}/Cargo.lock"; nativeBuildInputs = [ rustPlatform.bindgenHook ]; diff --git a/secrets/alert-nrab-lol-pass.age b/secrets/alert-nrab-lol-pass.age index 3676a47..a5e31ca 100644 Binary files a/secrets/alert-nrab-lol-pass.age and b/secrets/alert-nrab-lol-pass.age differ diff --git a/secrets/alert-plain-pass.age b/secrets/alert-plain-pass.age index 057dade..4c3882d 100644 --- a/secrets/alert-plain-pass.age +++ b/secrets/alert-plain-pass.age @@ -1,20 +1,20 @@ age-encryption.org/v1 --> ssh-ed25519 GKhvwg /jQLcJCNx2g7rM8udm1ZyPDeqc0pJ95VpIsWObAG/xM -0QCmRI3pXNLmzIENjDyVNQLISQd6uyA/HOyXB1W47X0 --> ssh-ed25519 H0Rg/A r98Ge9hReVxBKmQuAfX63L8y9W2vQh2PC/VMtGnS/SE -itKOWkxTHsM/SlhW+AA037ns0XmOaLHWrEtguC5h5Pw --> ssh-ed25519 84j9mw FlKDqV1OxbxZ3s6mtYS6hzdOrMvY+GuYrXWoBk2Xo0Q -XqYK9dQXXx8eKlYhwQ5N+62GX/48VWQ51UyNialg5/E --> ssh-ed25519 5A7peQ MIpjM9J/7wAVGuB5eRStLAAqLEE9Ff4E6eoWqEE4lk8 -J0o+kgUBuk0odbuLvuRns699wfY/LPHc9RZydpnyVc0 --> ssh-ed25519 g2vRWw eNdLCZX01DMm9nZgugFCXIoqANF4Um+xxKQQf8SOax0 -i7H34Lumyn5qtigixSRbaYf1bm92kQLCf+EZKJeYmlw --> ssh-ed25519 B2veVw DvHqN4AUU1mjB++Qwz1vNYHxST/8qZTM+p9PfIyFsHw -BU+58wSWdknW6WbEr+uCenfaC1vLm3usdP1P8YBbn+8 --> ssh-ed25519 IFuY+w d3WEXFMgaOUSo3jwkOBzmqTqYyZLkIWnINFj7FZCHlE -u7KuKcjzTvCMJqiIzE2wNxNUjQuVaCcumnkNmVIg460 --> ssh-ed25519 rA7dkQ XjfR8WOE/ajNfI2PvtjccMWt4ZA5ZcQfRLaswf8o/BM -cjEt4pbJgoiqQYDMAeOEKO8IsGrutkbYiJt+s9v65+M ---- Itt4v03PVRtcZ+msFBO6VKi3kDuK5+mjsQ0LZXQhWTk -3qo߅n/3$? _m8 -v:mjd|wr \ No newline at end of file +-> ssh-ed25519 GKhvwg ZvzKWT14nrdbiVRJf4hK3Gmb7pkLA1YrzIAXi7GqUm0 +OqGUgm/4oefj+J6JrIM42FPq/2tH/evQfKYQGCSMIc4 +-> ssh-ed25519 H0Rg/A ucyXgt869tI6HWLjrsg5o65HBBHnjiAyJ2T7aCps7iQ +h58tIKkuHEFM+7VRl6u+3vvV3XQ0r+XqvUo7OdLuKEg +-> ssh-ed25519 84j9mw 2a5d7xIwqwF9MuAKv490mGUMYiDvZWK8+sLDjShpnmk +7CH1AzJQD7nrq7aKZJy54+74awO2MHO6RySq29/MH18 +-> ssh-ed25519 5A7peQ 8h1pfClbTdBZuSZyw1LcntL6QIDXukYkJ+SBmcZMYAE +d8gix1GBYjqe8nYc/gdOxEvsYNo7+W+vhQZq/RFPeRw +-> ssh-ed25519 g2vRWw E4b+U5rVKsurdddkOSeDKmhIQW5iK4hdoRePQjohM2w ++WlMZ6Yd9iCqcm/WIrzRSRU9fmqdtc2Lb79wgB945Kg +-> ssh-ed25519 B2veVw 4APxbmXkGw6O319hX1rPpgCz2BNXs1fa71eopRvgsFI +AQ3FsW+H7qYg90JG8904/N0FjxjH4S70S1Gyer1BiXI +-> ssh-ed25519 IFuY+w +W4IMgBS9ihPCEGWQw8DrsTkF8Ih5H1+ZjhmGdPimQE +qlMFMVpw6uvH/OqGx/fIBFcP41RlXxyXKJ3//1N7mcQ +-> ssh-ed25519 rA7dkQ 1XI21LILuaiYGHbdgCllU+H8N+/YPq9FyrOUTp0AXCI +vklhN/5KOmbB0MaQ4F/iIuj5ReLiBrmFQunPtJu0o7w +--- 5T2/adM9me57EcbMcLPba1MIisFzJnXLC+inc57bJdk +Ji'6&&o +k4-hu}2|1DIl9ܦY \ No newline at end of file diff --git a/secrets/attic-creds.age b/secrets/attic-creds.age index 327f967..e901eb7 100644 --- a/secrets/attic-creds.age +++ b/secrets/attic-creds.age @@ -1,7 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 84j9mw NTO+6rjQ67mvDfLbkZNyuvxGXVlKjqnH5Wg0/qD8Zkk -oIrs9tsRkEqIb9lLQnF61DefTWtF60iSJEfm2b4dkLU --> ssh-ed25519 GKhvwg 1URR/IKkYchQlxgQDK0Dh20KXTrulyJfnO3JXjECBjw -K2N7/b88tkEa8bTSRRWLChPN5GbbNip4qDx4HubEP9s ---- 4DdZ4N53a/aiMQcO0okbaeo3npYD+WrjoFYVnIMkmEk -(5/[p+&.$*Z*b~¤>"& !9RG7r?KrDmEl~1DѨCgE?q"w7:X|Dpg4Y4bĩ-.`#wC,y|["k*YF \ No newline at end of file +-> ssh-ed25519 84j9mw ZJAtY/6itD2g/hCRjxKrV1ZWQIzM/YgKGNa5CT71YBc +mMGp1ZjBx0qEugMAnixkVn88HqdNui/gyJt/okwRDP8 +-> ssh-ed25519 GKhvwg JbvduCfwAY610WxpitcGlScY98bGeNYDqKuxHkrqZDU +4aCApDeZnE/7xA3JzxqD5awQv9N5oa2TcHQOZx+CBpE +--- nGz8lBsZ79RPshiTTFlSTVsZP7lfaNKBZFC7TtZ2ves +['!eUTRG̠1dI{aϪ+'?"ʵ&NxkāRϗ)\a~o`htΖ-WrhxE +']>r9Oa=+W t} \ No newline at end of file diff --git a/secrets/forgejo-token.age b/secrets/forgejo-token.age index 4f8cba6..f16f8e1 100644 Binary files a/secrets/forgejo-token.age and b/secrets/forgejo-token.age differ diff --git a/secrets/github-token.age b/secrets/github-token.age index e2cb091..58d43ca 100644 Binary files a/secrets/github-token.age and b/secrets/github-token.age differ diff --git a/secrets/hercules-cache.age b/secrets/hercules-cache.age index 9ed43f7..48de2e9 100644 Binary files a/secrets/hercules-cache.age and b/secrets/hercules-cache.age differ diff --git a/secrets/hercules-secrets.age b/secrets/hercules-secrets.age index 488a650..b192321 100644 Binary files a/secrets/hercules-secrets.age and b/secrets/hercules-secrets.age differ diff --git a/secrets/hercules-token.age b/secrets/hercules-token.age index 7f2f655..a7a66a7 100644 Binary files a/secrets/hercules-token.age and b/secrets/hercules-token.age differ diff --git a/secrets/leet-nrab-lol-pass.age b/secrets/leet-nrab-lol-pass.age index 93c638b..4145d0d 100644 --- a/secrets/leet-nrab-lol-pass.age +++ b/secrets/leet-nrab-lol-pass.age @@ -1,7 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 84j9mw 7HLXJ0FPIlK/5skZB7HsmzyMX3S7I41wPsEPZ7Jb/28 -MJ9oeQWZ9QlL6kuB8QUHoOjdXqOqqpA3kHpr2h/6A5A --> ssh-ed25519 GKhvwg oVRn1+ZoRU39ucM/It+cxfLEMjF0uSV1O7k0J/8DgnM -ATACnP4ASRJ1qhyrm8yhi2qtDftXMiQ91CbmuqIm2gI ---- ucDElqkYHEoTy0c+vPsy2AQ3aqJmkDSBAADiKB71k2o -.ƛLlCgs.IžR .qxL2BNjFo9]9gTqNia]eaGSkY$ ssh-ed25519 84j9mw 9ygN4fWQWX889zSTchiwqVwxTzHzl+3PSelEpeGx6yA +v1GTvSMdbwC6U0QZtaD7/b5QbJ9j4J3F10eCUaT5COY +-> ssh-ed25519 GKhvwg 9I2sycYPtBMPZenbWLueANm46TTPzbgCa//4oKojGEQ +aEX3TQpWRAcrtJaiTMxB08L8OY/O/4JR+/zoNPl7Kxc +--- 6EB80pdWxmL1yVM+klouel5E59m2C88Dz0SH2DiT6nE +hkdJw|g~v^jq\ ' yIcdWYF?N/0+h=85# \bm~1y"qAT \ No newline at end of file diff --git a/secrets/miyagi-niko-pass.age b/secrets/miyagi-niko-pass.age index c0996e2..e150327 100644 --- a/secrets/miyagi-niko-pass.age +++ b/secrets/miyagi-niko-pass.age @@ -1,7 +1,8 @@ age-encryption.org/v1 --> ssh-ed25519 g2vRWw btMiKwz3PwvUTHhz3eQU1PkMqSPJ9gpVZ9WC7u49xmQ -jhQgjo4Vt7e6Q9uERj9UG4AM/gMhMUexBWHI4ofrx7c --> ssh-ed25519 GKhvwg sZvZftsPUAjQ27PleicM9It+gpRjwPWOdxx85Mr5fxY -G3VOFsNg2p1/KTyACw9QlvfBsyNUG9v7LSkWJl8afrg ---- letALmlj/zH1GJl31nWXeURJHZI6UkToZiTIUgZLv8s -lbxCI_ d:@@^ o:]1s;iv"̽thTwlˠil{An.v[GU0%) \ No newline at end of file +-> ssh-ed25519 g2vRWw 8FCO/eYVK3KfOvdyk5Va3R9jXaSNzV+ArFVhJwJPDDk +zRBpyAtdJxg4TSsgUep66Yv2CMUUAI8IF3pL5+MI/88 +-> ssh-ed25519 GKhvwg eMLyDK82QCKJrVjtfuy5DKTNFOc39zdJxJNFEXCO1Ac +6AamgzEBeT1018cy7N5GcvgjypGPLqF+2P14h//jTtA +--- jhq8ZEIoUjMq5PH7tktWMKQuCLMKifY/UfjjM1Qn7UE +Q8cV2 ƈ4$h+ey +0#aJ`ng{@.sIgϞc*Q'&k,CuIwɘ +rENշ@FPI?ђ \ No newline at end of file diff --git a/secrets/nrab-lol-cf.age b/secrets/nrab-lol-cf.age index f991709..bf3032b 100644 Binary files a/secrets/nrab-lol-cf.age and b/secrets/nrab-lol-cf.age differ diff --git a/secrets/ntfy-alert-pass.age b/secrets/ntfy-alert-pass.age index 4b28129..4e997b6 100644 --- a/secrets/ntfy-alert-pass.age +++ b/secrets/ntfy-alert-pass.age @@ -1,19 +1,19 @@ age-encryption.org/v1 --> ssh-ed25519 H0Rg/A ti8Cilk/v+91Nckt/CuYl6qRuRb3W60gvhB43FW1znI -EeLV+OccotivcRsN/aB/UdF89WiPlJ6R8PeKN6b+OQs --> ssh-ed25519 84j9mw 5rRP84YZGBMCFStzc5aeOqBmsAmjSb3GkKl47Msuei8 -DLtAz8tWkLu3QBeR+M5ZlJH6c6+GKPwf+qy3NpdTCOo --> ssh-ed25519 5A7peQ d6JYwhySRN6B0eHl+JiZkxawZuMYuS7RDrSKMQYHLzI -/Yg5Hx948SBDD8shA49Bnv8hooPokYG7Fn9roswNIWI --> ssh-ed25519 g2vRWw gltJGTfV+a8BKaAkBGXkiW57ymv0vPBQnCS2BWJ6fDc -+yBjIKMdM4eUVJvjs/UedjTH6hLRs56hDUpjpLC/q84 --> ssh-ed25519 B2veVw GeSb9ZgzHNDDDa/X+HppmefkEelg6JaQr8uaaijjzFo -LRzUrcmZAEosn0Sf4/YOLhbtdgYhWMYe9/uhvAMwcRI --> ssh-ed25519 IFuY+w gmfb2WEjP2BVhwnL+DzFcsM/ctbihlC6wOr7Bhn8r0o -k4IEjoNZSukZtz+rkOjk/BfaZkJ7T1jNrweKpmGDRZU --> ssh-ed25519 rA7dkQ EWcPrbtHeD6Rq0mlnoVhgVTZQ586QdRVsZa1K9YkQzk -EN5VG0U1KGdpcT64B6C7kVDwKM/h+gsiTgsKf11XP2s --> ssh-ed25519 GKhvwg jVotsPuVgxUaZUg5U6QwZO9O6DPsYv5Mp1rfsP353hQ -c8uSgREFANKYeaafurp47MQiGnQxHXkFR5TGAQ7Ykv4 ---- unx7yN4JzSSku/QUYEEUSPxyyLrWLG4zEMB/yRqvKwg -FETAms~_'%r=KxO#Mq'M_5F%P. \ No newline at end of file +-> ssh-ed25519 H0Rg/A Gu5zy+v+SITLh8SsiBXDnFDW007MNnWQ3Qo1XnKQVTM +0OLIB6bgEHct3n4ev0HgfaUOl8t93DM3qInsrfBn4Vw +-> ssh-ed25519 84j9mw XBb71lyuXkIGxSL+VHv4To64qjGv3tqGGMa5J414uE0 +kuVmbLJ4ZyC6rmNUZOEXfrYHm89iXRqwP2Gv5lV4XSE +-> ssh-ed25519 5A7peQ Zby6NTv0q8OQ9qvo7DvE4OVOpShVKE8K7QWTson0DCo +eMTfWLUUImhEfXlBl8gYoA1YK0gfpB8VyWa2L3RCA1w +-> ssh-ed25519 g2vRWw W5ZMWxUBPvef4sWXhv2aMCLZKlW++4n78vjJ+UE8XFE +0J4OEvtTaffnRHQdfzGOOtBdgmq9is63uSLNFfZ59Oo +-> ssh-ed25519 B2veVw tZ3sVtgqEJ5LbK3b2xcH+0z8LaNUPs4KZO9A/VLH71g +MUuolaOws9FLq5MwrGKbseG5Xaok/gad6LQ5bxhN+ss +-> ssh-ed25519 IFuY+w sz83GwAlZD8Zp2kH+7pwnETPKSfXDRgSXzNteAAGXF0 +4ByeRXyTp9+XpOirDvPAfDqfxyQXXqdEtTSq/CqKP0o +-> ssh-ed25519 rA7dkQ b7UcNJ+8UhrBnJieRvNxHXFBmr6uyh9q4ZtD9vpsTRI +2/jPFKnWvCwc+Ki9gWJ8sbGetH46DZMk7LyxmqSlAe8 +-> ssh-ed25519 GKhvwg 1HxU3yc2MfaW6N/zOg5ZRD+imMAIhIdKCp5FYR1BXjY +LlmcWTkjbm9Ig5rECdKieEsbmPZiFenZnLZ4p8YbUbI +--- 8E31okL3vgwlYthWyy+sshdJDHWGBjawZoS/3QaqjT0 +=u\eFcHret[92#YwN~Gfӷ xG^0=W ӓE& \ No newline at end of file diff --git a/secrets/ntfy-niko-pass.age b/secrets/ntfy-niko-pass.age index 5802533..c42dcd5 100644 --- a/secrets/ntfy-niko-pass.age +++ b/secrets/ntfy-niko-pass.age @@ -1,9 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 84j9mw ryWkCbg6qUwncq/HkEIN8qgMjPKVRv86y/gzJFtlS0U -G02X9Uacg0c5acyAmPHx5F6ImZQnjs45hH/tBFpP42I --> ssh-ed25519 GKhvwg LcIGEajShma720zp/yMndBnEOoZV9aYSsOFmN6yG9wQ -lox/ZbORF9HCKl4lCkTrRQ240JEGljqoAf8+I5q03Z4 ---- 6a1rHleD/+yh+e+/0lm4TIvst9tjT7y6sr6ujApYuZQ -$Q~C7|A{3]&X'' -PRL6 -QYmhm \ No newline at end of file +-> ssh-ed25519 84j9mw 5fEqoBEGZ6AZRfWuU6mej6XNl6hDrxMIMMlccp9CVzg +QvontdV2/amh/i1Ldmzup8TB+lN4b0+YuoT+UFWiPw8 +-> ssh-ed25519 GKhvwg 5Qm1FPvbv0ZsJiJ0Rjm0CPm6eWKvfQ4XHAOmEUWWCiA +eu1MXEWfo425lbnq5tAOnGqpLgRVIOCkZKegTQQjw/I +--- s1g2UCKwlew0wCJSxGosBzn1K0TEbPlrIl09iZ58bMg +P$N{LrxS:=Wxc(J|48S \ No newline at end of file diff --git a/secrets/paperless-pass.age b/secrets/paperless-pass.age deleted file mode 100644 index 049b54e..0000000 --- a/secrets/paperless-pass.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 rA7dkQ sXPoNSctxQL6Gh1JrsMuUGp5/PW/v7zFzGzdncnVYnQ -ETOeRcPPhV+RZSZEC2cGsKm2H6eAn8eKJTn1NkJqndQ --> ssh-ed25519 GKhvwg DWV3js/l+CYRHGgf0NCZwBCigE9U5tf8mkGxVNAIVSY -dxHnQkWKB8+02j3zuaeGVq8+A5vA2ssTccTdFSn5FCw ---- pu5uE5bsrnA7KrZSRGaD6xMKjzsx0ezXn9BbNVsrgAw -Q B ssh-ed25519 84j9mw MkIkHSzR3H+j9ul56t+CrVsoeGRgH2ocYRSBoH/z5SY -0LNQmCBPvS5NiS66HCQ1Yifr/GkIYxrDj2Kfg/ZOerM --> ssh-ed25519 GKhvwg xp5j84RKQ56OFSak3IvHRG9TAv0XVYLmWJLImgAjmws -gx1Ke3U3ngFsDswVVOnwbQUJNOUSdFgh/LUKkDH30Ug ---- lWb3NlBy8n+NWGQ+M75RmWElXXLWWpl38aRYTVMm5GY -qA [VpH 0I *~h 6BZikʤV 9s; -Ƴ8Md٬լ= \ No newline at end of file +-> ssh-ed25519 84j9mw tKQQB/cd6JHCLQLrix2WGW5hHBUNC+pqDZXvTmOlOkw +lnx4olU3W8dgMwigYga/NYcjJ/C59J/uVdYNOfWmN2I +-> ssh-ed25519 GKhvwg iWTl/jvU1aBd78yAZUsOgcG6JaK+vO8Dpx61dYMjmhc +2Iu6OHlLlhJLy/cxI/zSuqRhBnoeGLXINbDyMIvDZD8 +--- eOl0sze0EOvfcAarBav7mb4B3jdBvOE+fF166oukbrk +!lxq*T,.Xk6^ ssh-ed25519 84j9mw aSPnpUfj2PBYycEMzcENn30pzhrSEAatTOdoDhoPQVk -PzcdoYgIHJZqOHE36gynF7r1LgFjoX2hEfCf1Emb2gg --> ssh-ed25519 GKhvwg HlibITP17XIxE8t8Kd9NtC6n696fQJu78lE3Yp4lFyg -hmPEscf5AzMWq7NJSX8WxuRZ3bV3nMDAZZnZ8/Xy+rg ---- gSATPThFb4g1a+5/hwps5NGAEsd3VUlYtzy0vTySXyM -gۏlw_0](t9%9aWͬ@dW@S o*&X-@c~#fox=; \ No newline at end of file +-> ssh-ed25519 84j9mw C3TpEZsxJIYJ3d5vsQkCcCTity80nLsyxm5zCBZOMzk +56z54taf+KUJjDugfCGKlcbeRZfDzi3+eeanKPINS6E +-> ssh-ed25519 GKhvwg uUXJkGw54Q7dCnYobwV1zihOPa4R1FydJZehlFc5MA4 +6Zbym9jLykqsYjmb6rKIa6GExAKVVvEkvCQrzl6HB/M +--- QICnyH0PORBpoNgT3pjuhP1p8AHn9gD2OIae/9G23x8 +(}{Ԝ2˓i]UmiLmv>ke'6A̯Xi<:fU)~&Aˡj# +D?_E-H \ No newline at end of file diff --git a/secrets/ude-deluge.age b/secrets/ude-deluge.age index 075061e..f398be0 100644 --- a/secrets/ude-deluge.age +++ b/secrets/ude-deluge.age @@ -1,8 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 IFuY+w YhrlFN7mVaYlDC0YyEYwHUw/Dn+AJS5LcdYH0CHNhHM -2Fh1Imyut/Fs3nAUQAYNHuR0DPRCnDDv0fuLI1hQc6k --> ssh-ed25519 GKhvwg Iuw+N1SD8On8HqpoinMoXFJ+QRS7CRyjVHhI7LE83hs -yTdsv1DKQUSG1hFyxanahMiagPumuuVH1S1uLwoX3aU ---- fGCYe4oLn1ucgnXuuecwD4nHMkiqxy2kSTYp79y7sR4 -ѭ -QVCs`ʦWG#u͑+K~!:#'jQDYz'%@AO`剒> \ No newline at end of file +-> ssh-ed25519 IFuY+w ZigoLhwVERGG/r7uYI3DKX7jijKt+4tsiTWpbIdUTXE +k4jmQIJXr7yJOY3pkc1VnoqDgWkNr84k1AgYF7jNjRs +-> ssh-ed25519 GKhvwg FMZOLDeE2Yw1Kd8V7NTL2oQtWo4IKDUoHu/Z8Su2hHI +QF+L/Qf35wkOcgGWWRGANMJCG5Vz80epjQuwa4IdYQM +--- ZUTRNDrgxdsZsNSP1Z3BLxw4EYexr873aJrbUvIgE2I +yZͪ MXd塸*5j"*ZU ф|ݕ]a8 "Zb][9SU . \ No newline at end of file diff --git a/secrets/youko-niko-pass.age b/secrets/youko-niko-pass.age index 18041a5..6e910ff 100644 --- a/secrets/youko-niko-pass.age +++ b/secrets/youko-niko-pass.age @@ -1,7 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 rA7dkQ HZF6g+17SHv2P0Agh9/rJk5yQkjqxmOKF+F5dlcHkUI -WimAhXL0UU2JXUlruPnIwi7vkjQ7YDWsyK5yB006gWo --> ssh-ed25519 GKhvwg mYJ6EJxisRlPtWzBqAsQXF4sivQP86rr03qIQvJGumY -Y+dGZb/F1jddv04tFFPSSyTTJjsBTbQUocNg+FJuX/E ---- mMUDr1Q6r/fEIejP+0yBj8D09REx3bj51XpaJiOO4ns - ssh-ed25519 rA7dkQ ucrMqUlwttyHHFkJ/c5tYpHohefNYe6aJnxHMUjkUxU +RgsGaMLmtziGu/n6MiDJmkTZORTh2yYWoSS0eu9i6PA +-> ssh-ed25519 GKhvwg u7Fjda07e17aJGV0ZFK/Mt2ZbF/3b38MLydE8WKs2gY +gO2rNP64Nkhr5GShWP8zhxeT2YUKEkqN1Oc6/3l6PKU +--- H9oqwkU/uI5fZAdy+qkCW5vw1PBaahe28FTUxhEFsds +xSmL69ʎG3<4[Z t}<OdcY}>XQ^]Ki|BwDmqHX]FeRt%`Ҥ0IV \ No newline at end of file diff --git a/secrets/zitadel-master.age b/secrets/zitadel-master.age index 8245fc9..9740ab2 100644 Binary files a/secrets/zitadel-master.age and b/secrets/zitadel-master.age differ diff --git a/services/default.nix b/services/default.nix index ea3614e..b92ec0f 100644 --- a/services/default.nix +++ b/services/default.nix @@ -3,6 +3,5 @@ ./attic.nix ./forgejo-runner.nix ./forgejo.nix - ./paperless.nix ]; } diff --git a/services/paperless.nix b/services/paperless.nix deleted file mode 100644 index 1df2afa..0000000 --- a/services/paperless.nix +++ /dev/null @@ -1,61 +0,0 @@ -{ - config.services.paperless = { - host = "youko"; - ports = [ 28981 ]; - module = - { config, ... }: - { - age.secrets.rab-lol-cf = { - file = ../secrets/rab-lol-cf.age; - owner = config.services.nginx.user; - }; - age.secrets.paperless-pass = { - file = ../secrets/paperless-pass.age; - owner = config.services.paperless.user; - }; - - services.paperless = { - enable = true; - dataDir = "/var/lib/paperless"; - mediaDir = "/media/paperless/media"; - consumptionDir = "/media/paperless/consume"; - passwordFile = config.age.secrets.paperless-pass.path; - settings = { - PAPERLESS_CONSUMER_IGNORE_PATTERN = [ - ".DS_STORE/*" - "desktop.ini" - ]; - PAPERLESS_OCR_LANGUAGE = "pol+eng+jpn"; - PAPERLESS_OCR_USER_ARGS = { - optimize = 1; - pdfa_image_compression = "lossless"; - }; - }; - }; - - services.nginx = { - enable = true; - recommendedProxySettings = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedTlsSettings = true; - virtualHosts."paper.rab.lol" = { - forceSSL = true; - enableACME = true; - acmeRoot = null; - locations."/".proxyPass = "http://localhost:28981"; - extraConfig = '' - client_max_body_size 24G; - ''; - }; - }; - - security.acme.acceptTerms = true; - security.acme.certs."paper.rab.lol" = { - email = "nikodem@rabulinski.com"; - dnsProvider = "cloudflare"; - credentialsFile = config.age.secrets.rab-lol-cf.path; - }; - }; - }; -}