Compare commits

..

No commits in common. "main" and "update-inputs-2024-11-01-04-20" have entirely different histories.

43 changed files with 484 additions and 1549 deletions

View file

@ -3,8 +3,6 @@ keys:
- &seras age1ht2wetcyl9rzu45e02pqqwgmyfsfe6y6ygxyuxpfhnkdm62d3pqsg3uqvd - &seras age1ht2wetcyl9rzu45e02pqqwgmyfsfe6y6ygxyuxpfhnkdm62d3pqsg3uqvd
- &emilia age1pjn7q6qs49jenr40dhsxa8x5g4z6elsh0pk0tc5pxg6pl0nzgc6scakynn - &emilia age1pjn7q6qs49jenr40dhsxa8x5g4z6elsh0pk0tc5pxg6pl0nzgc6scakynn
- &girldick age1r6cmthdk6lhy62wa4pu23l46f5fcqhuu7xrq353pe6c8f0s6ce8s67pdtf - &girldick age1r6cmthdk6lhy62wa4pu23l46f5fcqhuu7xrq353pe6c8f0s6ce8s67pdtf
- &florp age18vc8rcmczlt3r0ee7jr9s8l3yrkthu8wtypt08eh0eskpkw3dg6qxs7t3t
- &crime age1sky8kccyyxe79ws4rew42r94427v2xnphq2vtxvdlw5xl7yzgs2q599yzs
creation_rules: creation_rules:
- path_regex: secrets/services/dns-knot.yaml - path_regex: secrets/services/dns-knot.yaml
key_groups: key_groups:
@ -59,16 +57,4 @@ creation_rules:
- pgp: - pgp:
- *emily - *emily
age: age:
- *florp - *seras
- path_regex: secrets/restic/zh3485s1.yaml
key_groups:
- pgp:
- *emily
age:
- *florp
- path_regex: secrets/restic/zh3485s2.yaml
key_groups:
- pgp:
- *emily
age:
- *crime

View file

@ -1,11 +1,11 @@
{ config, inputs, lib, pkgs, ... }: let { config, inputs, lib, pkgs, ... }:
inherit (lib) mkDefault;
in { with lib; {
imports = [ imports = [
./kernel.nix ./kernel.nix
./networking.nix ./networking.nix
./openssh.nix ./openssh.nix
./users.nix ./users
../../modules ../../modules
inputs.lix-module.nixosModules.default inputs.lix-module.nixosModules.default
]; ];
@ -23,7 +23,6 @@ in {
man-pages-posix man-pages-posix
unzip unzip
zip zip
fd
figlet figlet
]; ];
programs = { programs = {
@ -106,6 +105,6 @@ in {
services.fprintd.enable = config.kyouma.machine-type.graphical; services.fprintd.enable = config.kyouma.machine-type.graphical;
system.stateVersion = mkDefault "23.11"; system.stateVersion = "23.11";
time.timeZone = mkDefault "CET"; time.timeZone = mkDefault "CET";
} }

View file

@ -39,7 +39,7 @@ in {
]; ];
settings = { settings = {
PermitRootLogin = "no"; PermitRootLogin = "prohibit-password";
PasswordAuthentication = false; PasswordAuthentication = false;
KbdInteractiveAuthentication = false; KbdInteractiveAuthentication = false;

View file

@ -1,5 +1,5 @@
{ ... }: { { ... }: {
imports = [ imports = [
../users/emily ./emily
]; ];
} }

View file

@ -37,9 +37,6 @@
pavucontrol pavucontrol
signal-desktop signal-desktop
element-desktop element-desktop
firefox
# currently broken
#inputs.firefox.packages.${pkgs.system}.firefox
nixfmt-classic nixfmt-classic
wl-clipboard wl-clipboard

View file

@ -1,31 +1,31 @@
{ inputs, ... }: { { ... }: {
imports = [ imports = [
../../common ../../common
../../users/lucy
../../profiles/headless.nix ../../profiles/headless.nix
../../profiles/kartoffel.nix ../../profiles/kartoffel.nix
../../profiles/lxc.nix ../../profiles/lxc.nix
../../services/arrs
../../services/jellyfin.nix
../../services/nginx.nix ../../services/nginx.nix
inputs.oth.nixosModules.default ./nginx.nix
]; ];
networking.hostName = "crime"; networking = {
hostName = "crime";
firewall.allowedTCPPorts = [ 80 443 ];
firewall.allowedUDPPorts = [ 443 ];
};
systemd.network.networks."98-eth-default" = { systemd.network.networks."98-eth-default" = {
address = [ address = [
"2a0f:be01:0:100::b00b:a/128" "2a0f:be01:0:100::1337/128"
"2a0f:be01:0:100::1338/128"
]; ];
}; };
kyouma.nginx.defaultForbidden = "fentanyl.trade";
kyouma.restic = { security.acme.certs = {
enable = true; "fentanyl.trade" = { extraDomainNames = [ "frotti.ng" "watch.kyouma.net" ]; };
remoteUser = "zh3485s2"; "crime.kyouma.net" = {};
paths = [
"/var/lib/jellyfin"
"/var/lib/radarr"
"/var/lib/sonarr"
"/var/lib/private/prowlarr"
"/home"
];
}; };
services.jellyfin.enable = true;
services.sonarr.enable = true;
services.radarr.enable = true;
services.prowlarr.enable = true;
} }

View file

@ -0,0 +1,114 @@
{ pkgs, ... }:
let
landingPage = pkgs.writeTextDir "index.html" ''
<!DOCTYPE html>
<html>
<head>
<title>crime.kyouma.net</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to crime.kyouma.net!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>Sonarr
<a href="https://crime.kyouma.net/sonarr">crime.kyouma.net/sonarr</a><br/>
Radarr
<a href="https://crime.kyouma.net/radarr">crime.kyouma.net/radarr</a><br/>
Prowlarr
<a href="https://crime.kyouma.net/prowlarr">crime.kyouma.net/prowlarr</a></p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
'';
extraConfig = ''
add_header Strict-Transport-Security $hsts_header;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header Referrer-Policy "same-origin" always;
'';
proxyConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
'';
jellyAddr = "[::1]";
jellyWeb = {
forceSSL = true;
#http3 = true;
#quic = true;
inherit extraConfig;
locations = {
"= /".return = "302 https://$host/web/";
"/" = {
proxyPass = "http://${jellyAddr}:8096";
extraConfig = ''
${proxyConfig}
proxy_buffering on;
'';
};
"= /web/" = {
proxyPass = "http://${jellyAddr}:8096/web/index.html";
extraConfig = proxyConfig;
};
"/socket" = {
proxyPass = "http://${jellyAddr}:8096";
proxyWebsockets = true;
extraConfig = proxyConfig;
};
};
};
in {
services.nginx = {
virtualHosts = {
"fentanyl.trade" = jellyWeb // {
enableACME = true;
};
"frotti.ng" = jellyWeb // {
useACMEHost = "fentanyl.trade";
};
};
};
kyouma.nginx.virtualHosts = {
"watch.kyouma.net" = { redirectTo = "fentanyl.trade"; };
"redirect" = {
default = true;
reuseport = true;
useACMEHost = "fentanyl.trade";
extraConfig = ''
return 403;
'';
};
"crime.kyouma.net" = {
listenAddresses = [ "[2a0f:be01:0:100::1338]" ];
locations = {
"/".root = landingPage;
"/sonarr/" = {
proxyPass = "http://127.0.0.1:8989";
recommendedProxySettings = true;
};
"/radarr/" = {
proxyPass = "http://127.0.0.1:7878";
recommendedProxySettings = true;
};
"/prowlarr/" = {
proxyPass = "http://127.0.0.1:9696";
recommendedProxySettings = true;
};
};
};
};
}

View file

@ -17,8 +17,10 @@
kyouma.machine-type.physical = true; kyouma.machine-type.physical = true;
kyouma.nginx.defaultForbidden = "uptime.kyouma.net"; kyouma.nginx.defaultForbidden = "uptime.kyouma.net";
networking.hostName = "emilia"; networking = {
firewall.allowedTCPPorts = [ 80 443 ];
hostName = "emilia";
};
systemd.network.networks."98-eth-default" = { systemd.network.networks."98-eth-default" = {
matchConfig.MACAddress = "04:d4:c4:39:73:f6"; matchConfig.MACAddress = "04:d4:c4:39:73:f6";
addresses = [ addresses = [

View file

@ -1,68 +0,0 @@
{ lib, config, pkgs, ... }: {
imports = [
../../common
../../profiles/headless.nix
../../profiles/kartoffel.nix
../../profiles/lxc.nix
../../services/akkoma
../../services/nginx.nix
];
networking = {
hostName = "florp";
domain = lib.mkForce "social";
};
systemd.network.networks."98-eth-default" = {
address = [
"2a0f:be01:0:100::171/128"
];
};
kyouma.nginx.defaultForbidden = "florp.social";
kyouma.restic = let
pgBackup = "/var/cache/postgresql.sql";
in {
enable = true;
remoteUser = "zh3485s1";
timerConfig = {
OnCalendar = "hourly";
Persistent = true;
};
paths = [
"/var/lib/akkoma"
"/var/lib/secrets"
pgBackup
];
backupPrepareCommand = ''
umask 0077
rm -f -- ${pgBackup}
${pkgs.su}/bin/su -c '${lib.getExe' config.services.postgresql.package "pg_dumpall"}' \
${config.services.postgresql.superUser} >${pgBackup}
'';
backupCleanupCommand = ''
rm -f -- ${pgBackup}
'';
};
services.postgresql.settings = {
max_connections = 128;
shared_buffers = "4GB";
effective_cache_size = "12GB";
maintenance_work_mem = "1GB";
checkpoint_completion_target = 0.9;
wal_buffers = "16MB";
default_statistics_target = 100;
random_page_cost = 1.1;
effective_io_concurrency = 200;
work_mem = "34952kB";
huge_pages = "try";
min_wal_size = "2GB";
max_wal_size = "8GB";
max_worker_processes = 16;
max_parallel_workers_per_gather = 4;
max_parallel_workers = 16;
max_parallel_maintenance_workers = 4;
};
system.stateVersion = "24.11";
}

View file

@ -11,6 +11,7 @@
domain = lib.mkForce "girldick.gay"; domain = lib.mkForce "girldick.gay";
hostName = "staging"; hostName = "staging";
nftables.enable = lib.mkForce false; nftables.enable = lib.mkForce false;
firewall.allowedTCPPorts = [ 80 443 ];
}; };
systemd.network.networks."98-eth-default" = { systemd.network.networks."98-eth-default" = {
address = [ address = [

View file

@ -1,6 +1,5 @@
{ lib, inputs, ... }: { { lib, inputs, ... }: {
imports = [ imports = [
inputs.sops-nix.nixosModules.sops
"${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix" "${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
./configuration.nix ./configuration.nix
]; ];

View file

@ -1,22 +1,21 @@
{ pkgs, ... }: { { ... }: {
imports = [ imports = [
../../common ../../common
../../users/nil
../../profiles/builder.nix ../../profiles/builder.nix
../../profiles/headless.nix ../../profiles/headless.nix
../../profiles/kartoffel.nix ../../profiles/kartoffel.nix
../../profiles/lxc.nix ../../profiles/lxc.nix
../../services/akkoma
../../services/nginx.nix ../../services/nginx.nix
../../services/hydra ../../services/hydra
../../services/update-nixfiles.nix ../../services/update-nixfiles.nix
]; ];
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
boot.binfmt = { networking = {
preferStaticEmulators = true; hostName = "seras";
emulatedSystems = [ "aarch64-linux" "riscv64-linux" ]; firewall.allowedTCPPorts = [ 80 443 ];
}; };
networking.hostName = "seras";
systemd.network.networks."98-eth-default" = { systemd.network.networks."98-eth-default" = {
address = [ address = [
"2a0f:be01:0:100::169/128" "2a0f:be01:0:100::169/128"

View file

@ -11,7 +11,8 @@
networking = { networking = {
hostName = "web-dus"; hostName = "web-dus";
nftables.enable = lib.mkForce false; nftables.enable = lib.mkForce false;
firewall.allowedTCPPorts = [ 11019 ]; firewall.allowedTCPPorts = [ 80 443 11019 ];
firewall.allowedUDPPorts = [ 443 ];
}; };
systemd.network.networks."98-eth-default" = { systemd.network.networks."98-eth-default" = {
address = [ address = [

View file

@ -9,6 +9,10 @@
options snd_bcm2835 enable_headphones=1 options snd_bcm2835 enable_headphones=1
''; '';
kernelParams = [ "snd_bcm2835.enable_hdmi=1" ]; kernelParams = [ "snd_bcm2835.enable_hdmi=1" ];
loader.raspberryPi.firmwareConfig = ''
dtparam=audio=on
dtparam=krnbt=on
'';
}; };
console.enable = false; console.enable = false;

View file

@ -1,90 +1,61 @@
{ config, inputs, lib, pkgs, ... }: { { config, pkgs, ... }: {
imports = [
inputs.florp-moderation.nixosModules.default
# Moderated instances. See https://woof.rip/florp/moderation for more information.
inputs.florp-moderation.nixosModules.florp
];
sops.secrets."services/akkoma/mailerPassword" = { sops.secrets."services/akkoma/mailerPassword" = {
sopsFile = ../../../secrets/services/akkoma.yaml; sopsFile = ../../../secrets/services/akkoma.yaml;
}; };
sops.secrets."services/akkoma/deepl" = { sops.secrets."services/akkoma/deepl" = {
sopsFile = ../../../secrets/services/akkoma.yaml; sopsFile = ../../../secrets/services/akkoma.yaml;
}; };
services.akkoma = { services.akkoma = {
enable = true; enable = true;
extraPackages = let extraStatic."emoji/blobs.gg" = pkgs.akkoma-emoji.blobs_gg;
imagemagick = pkgs.imagemagick.override {
libheif = pkgs.libheif.overrideAttrs (prevAttrs: {
buildInputs = prevAttrs.buildInputs or [ ] ++ [ pkgs.svt-av1 ];
cmakeFlags = prevAttrs.cmakeFlags or [ ] ++ [ "-DWITH_SvtEnc=ON" ];
});
};
in with pkgs; [ exiftool ffmpeg-headless imagemagick ];
extraStatic = let extraStatic."static/styles.json" = pkgs.writeText "styles.json" (builtins.toJSON {
actualFetchzip = pleroma-dark = "/static/themes/pleroma-dark.json";
{ pleroma-light = "/static/themes/pleroma-light.json";
url, pleroma-amoled = [ "Pleroma Dark AMOLED" "#000000" "#111111" "#b0b0b1" "#d8a070" "#aa0000" "#0fa00f" "#0095ff" "#d59500"];
hash classic-dark = [ "Classic Dark" "#161c20" "#282e32" "#b9b9b9" "#baaa9c" "#d31014" "#0fa00f" "#0095ff" "#ffa500" ];
}: pkgs.runCommandNoCC "${lib.last (lib.splitString "/" url)}" { bird = [ "Bird" "#f8fafd" "#e6ecf0" "#14171a" "#0084b8" "#e0245e" "#17bf63" "#1b95e0" "#fab81e"];
src = pkgs.fetchurl { ir-black = [ "Ir Black" "#000000" "#242422" "#b5b3aa" "#ff6c60" "#FF6C60" "#A8FF60" "#96CBFE" "#FFFFB6" ];
inherit url hash; monokai = [ "Monokai" "#272822" "#383830" "#f8f8f2" "#f92672" "#F92672" "#a6e22e" "#66d9ef" "#f4bf75" ];
};
} '' redmond-xx = "/static/themes/redmond-xx.json";
${lib.getExe pkgs.unzip} $src -d $out redmond-xx-se = "/static/themes/redmond-xx-se.json";
for f in $out/*_256.png; do redmond-xxi = "/static/themes/redmond-xxi.json";
mv -- "$f" "''${f/_256}" breezy-dark = "/static/themes/breezy-dark.json";
done breezy-light = "/static/themes/breezy-light.json";
paper = "/static/themes/paper.json";
thekanata = "/static/themes/thekanata.json";
ihatebeingalive = "/static/themes/ihatebeingalive.json";
elly-mod = "/static/themes/elly-mod.json";
});
extraStatic."static/themes/elly-mod.json" = pkgs.writeText "elly-mod.json" (builtins.readFile ./elly-mod.json);
extraStatic."static/terms-of-service.html" = pkgs.writeText "terms-of-service.html" ''
<h3>Likes are now florps. The timeline goes sideways.</h3>
'';
extraStatic."images/akkoma-wp.png" = pkgs.fetchurl {
url = "https://kyouma.net/akkoma-wp.avif";
hash = "sha256-p0slibhwLExsGUzCSZHIl6tNm28r4fB3iJsI6peRFRs=";
};
extraStatic."favicon.png" = let
rev = "697a8211b0f427a921e7935a35d14bb3e32d0a2c";
in pkgs.stdenvNoCC.mkDerivation {
name = "favicon.png";
src = pkgs.fetchurl {
url = "https://raw.githubusercontent.com/TilCreator/NixOwO/${rev}/NixOwO_plain.svg";
hash = "sha256-tWhHMfJ3Od58N9H5yOKPMfM56hYWSOnr/TGCBi8bo9E=";
};
nativeBuildInputs = with pkgs; [ librsvg ];
dontUnpack = true;
installPhase = ''
rsvg-convert -o $out -w 96 -h 96 $src
''; '';
in {
"emoji/blobs.gg" = pkgs.akkoma-emoji.blobs_gg;
"emoji/custom" = pkgs.runCommandNoCC "florp" {
src = inputs.florp-branding.packages.${config.nixpkgs.hostPlatform.system}.favicon;
} ''
mkdir $out
cp $src $out/florp.png
'';
"emoji/neodog" = actualFetchzip {
url = "https://git.gay/moonrabbits/neodog/raw/commit/6f9eb283b6dcbe507fde1110abab267cb2d73b70/neodog.zip";
hash = "sha256-ISyzpRyjHf+4jKrOtHHqH0Qn7CQu5RQSLH/HL/YSdT4=";
};
"emoji/neocat" = actualFetchzip {
url = "https://volpeon.ink/emojis/neocat/neocat.zip";
hash = "sha256-DZDuk0Djlax504flNWdpqAw+ROLOOVGj0ZvJLyouo7A=";
};
"emoji/neofox" = actualFetchzip {
url = "https://volpeon.ink/emojis/neofox/neofox.zip";
hash = "sha256-rZUPA7ZvrO8q/lx8XK3IxJ1URLgq0PSh752eWzG+uos=";
};
"emoji/blobhaj" = actualFetchzip {
url = "https://web.archive.org/web/20240829143703/https://heatherhorns.com/wp-content/uploads/2022/12/Blobhaj-12-13-2022.zip";
hash = "sha256-5l8ozTivCSOomPq+zDD4FWhK5mA/H2qkGs8beuDnp9s=";
};
"static/styles.json" = pkgs.writeText "styles.json" (builtins.toJSON (
builtins.fromJSON (builtins.readFile "${pkgs.akkoma-fe-domi}/static/styles.json") // {
elly-mod = "/static/themes/elly-mod.json";
}
));
"static/themes/elly-mod.json" = pkgs.writeText "elly-mod.json" (builtins.readFile ./elly-mod.json);
"static/custom.css" = pkgs.writeText "custom.css" ''
.tos-content img, .terms-of-service img {
max-width: 100%;
}
'';
"static/terms-of-service.html" = inputs.florp-about.packages.${pkgs.system}.default;
"images/sylvia-ritter-15012323.avif" = inputs.florp-branding.packages.${pkgs.system}.wallpaper;
"images/florp_banner.avif" = inputs.florp-branding.packages.${pkgs.system}.banner;
"favicon.png" = inputs.florp-branding.packages.${pkgs.system}.favicon;
}; };
frontends = { frontends = {
@ -94,59 +65,41 @@
ref = "5f0339ce00"; ref = "5f0339ce00";
}; };
admin = { admin = {
package = pkgs.akkoma-admin-fe; package = pkgs.akkoma-frontends.admin-fe;
name = "admin-fe"; name = "admin-fe";
ref = "stable"; ref = "stable";
}; };
}; };
}; };
services.akkoma.config = let services.akkoma.config = let
inherit ((pkgs.formats.elixirConf { }).lib) mkRaw mkAtom; inherit ((pkgs.formats.elixirConf { }).lib) mkRaw mkAtom mkMap;
mkMapOfPredefinedKeys = set: let
string = value: "\"${(lib.escape [ "\\" "#" "\"" ]) value}\"";
toElixir = value:
if value == null then "nil" else
if lib.isString value then string value else
if builtins.isBool value then lib.boolToString value else
if lib.isInt value || lib.isFloat value then toString value else
abort "Not a elixir value ${value}";
entries = attrs: lib.concatStringsSep ", " (lib.mapAttrsToList (name: value:
"${toElixir name}: ${toElixir value}"
) attrs);
in mkRaw "%{${entries set}}";
in { in {
":pleroma" = { ":pleroma" = {
":instance" = { ":instance" = {
name = "florp.social"; name = "florp.social";
email = "contact@florp.social"; email = "contact@florp.social";
notify_email = "noreply@florp.social"; notify_email = "akkoma@florp.social";
description = "Likes are now florps. The timeline goes sideways."; description = "Likes are now florps. The timeline goes sideways.";
instance_thumbnail = "/instance/thumbnail.avif"; instance_thumbnail = "/instance/thumbnail.avif";
limit = 69420; limit = 69420;
description_limit = 69420; description_limit = 69420;
remote_limit = 131072; remote_limit = 131072;
upload_limit = 256 * 1024 * 1024; upload_limit = 160 * 1024 * 1024;
avatar_upload_limit = 4 * 1024 * 1024; avatar_upload_limit = 16 * 1024 * 1024;
background_upload_limit = 8 * 1024 * 1024; background_upload_limit = 32 * 1024 * 1024;
banner_upload_limit = 8 * 1024 * 1024; banner_upload_limit = 32 * 1024 * 1024;
registrations_open = true; registrations_open = true;
registration_reason_length = 2048; registration_reason_length = 2048;
account_approval_required = true; account_approval_required = true;
account_activation_required = true; account_activation_required = true;
federating = true; federation = false;
federation_incoming_replies_max_depth = 1024; federation_incoming_replies_max_depth = 1024;
federation_reachability_timeout_days = 14;
allow_relay = true;
max_pinned_statuses = 10; max_pinned_statuses = 10;
max_report_comment_size = 2048;
safe_dm_mentions = true; safe_dm_mentions = true;
remote_post_retention_days = 365; remote_post_retention_days = 365;
user_bio_length = 8192; user_bio_length = 8192;
user_name_length = 64; user_name_length = 64;
max_account_fields = 8;
cleanup_attachments = true; cleanup_attachments = true;
local_bubble = [ local_bubble = [
"solitary.social" "solitary.social"
@ -155,32 +108,15 @@
]; ];
}; };
":emoji".groups = {
blobs = "/emoji/blobs.gg/*.png";
blobhaj = "/emoji/blobhaj/512w/*.png";
neodog = "/emoji/neodog/*.png";
neocat = [
"/emoji/neocat/*.png"
"/emoji/neodog/additional_neocat/*.png"
];
neofox = [
"/emoji/neofox/*.png"
"/emoji/neodog/additional_neofox/*.png"
];
Custom = "/emoji/custom/*.png";
};
"Pleroma.Captcha".method = mkRaw "Pleroma.Captcha.Kocaptcha"; "Pleroma.Captcha".method = mkRaw "Pleroma.Captcha.Kocaptcha";
"Pleroma.Web.Endpoint".url.host = "florp.social"; "Pleroma.Web.Endpoint".url.host = "florp.social";
"Pleroma.Web.Metadata.Providers.Theme".theme_color = "#070F1C";
"Pleroma.Emails.Mailer" = { "Pleroma.Emails.Mailer" = {
enabled = true; enabled = true;
adapter = mkRaw "Swoosh.Adapters.SMTP"; adapter = mkRaw "Swoosh.Adapters.SMTP";
relay = "mail.kyouma.net"; relay = "mail.kyouma.net";
username = "noreply@florp.social"; username = "akkoma@florp.social";
password._secret = config.sops.secrets."services/akkoma/mailerPassword".path; password._secret = config.sops.secrets."services/akkoma/mailerPassword".path;
port = 465; port = 465;
ssl = true; ssl = true;
@ -197,7 +133,7 @@
}; };
":media_preview_proxy" = { ":media_preview_proxy" = {
enabled = true; enabled = false;
thumbnail_max_width = 1920; thumbnail_max_width = 1920;
thumbnail_max_height = 1080; thumbnail_max_height = 1080;
min_content_length = 128 * 1024; min_content_length = 128 * 1024;
@ -213,36 +149,64 @@
]; ];
":mrf".policies = map mkRaw [ ":mrf".policies = map mkRaw [
"Pleroma.Web.ActivityPub.MRF.MediaProxyWarmingPolicy" "Pleroma.Web.ActivityPub.MRF.SimplePolicy"
"Pleroma.Web.ActivityPub.MRF.ObjectAgePolicy"
]; ];
":mrf_object_age".threshold = 180 * 24 * 3600; ":mrf_simple" = {
reject = mkMap {
"bae.st" = "harassment";
"brighteon.social" = "incompatible";
"detroitriotcity.com" = "incompatible";
"freeatlantis.com" = "incompatible";
"freespeechextremist.com" = "incompatible";
"gab.com" = "incompatible";
"gleasonator.com" = "incompatible";
"kitsunemimi.club" = "incompatible";
"poa.st" = "incompatible";
"seal.cafe" = "harassment";
"social.quodverum.com" = "incompatible";
"spinster.xyz" = "incompatible";
"truthsocial.co.in" = "incompatible";
"varishangout.net" = "incompatible";
"activitypub-troll.cf" = "security";
"misskey-forkbomb.cf" = "security";
"repl.co" = "security";
};
followers_only = mkMap {
"bitcoinhackers.org" = "annoying";
};
};
":mrf_object_age".threshold = 90 * 24 * 3600;
":frontend_configurations" = { ":frontend_configurations" = {
pleroma_fe = mkMapOfPredefinedKeys { pleroma_fe = mkMap {
background = "/images/sylvia-ritter-15012323.avif"; background = "/images/akkoma-wp.png";
nsfwCensorImage = "/static/blurhash-overlay.png";
collapseMessageWithSubject = true; collapseMessageWithSubject = true;
hideSiteFavicon = true;
streaming = true; streaming = true;
webPushNotifications = true; webPushNotifications = true;
useStreamingApi = true; useStreamingApi = true;
scopeCopy = true; scopeCopy = true;
showFeaturesPanel = false;
subjectLineBehavior = "masto"; subjectLineBehavior = "masto";
alwaysShowSubjectInput = true; alwaysShowSubjectInput = true;
postContentType = "text/markdown"; postContentType = "text/markdown";
modalOnRepeat = true; modalOnRepeat = true;
minimalScopesMode = true; minimalScopesMode = true;
redirectRootNoLogin = "/about"; redirectRootNoLogin = "/about";
translationLanguage = "en"; translationLanguage = "EN";
theme = "elly-mod"; theme = "elly-mod";
}; };
}; };
":restrict_unauthenticated" = { ":restrict_unauthenticated" = {
timelines = mkMapOfPredefinedKeys { timelines = mkMap {
local = false; local = false;
federated = false; federated = true;
bubble = true;
}; };
}; };
@ -263,66 +227,26 @@
":joken".":default_signer"._secret = "/var/lib/secrets/akkoma/jwt-signer"; ":joken".":default_signer"._secret = "/var/lib/secrets/akkoma/jwt-signer";
}; };
services.postgresql.enable = true;
services.postgresql.extraPlugins = [ services.postgresql.extraPlugins = [
pkgs.postgresql16Packages.rum pkgs.postgresql15Packages.rum
]; ];
services.nginx = { services.nginx = {
package = pkgs.tengine;
clientMaxBodySize = "256m"; clientMaxBodySize = "256m";
commonHttpConfig = '' commonHttpConfig = ''
access_log off; proxy_cache_path /var/cache/nginx/cache/akkoma-media-cache
levels= keys_zone=akkoma_media_cache:32m max_size=32g
proxy_cache_path /var/cache/nginx/akkoma-media-cache
levels= keys_zone=akkoma_media_cache:64m max_size=64g
inactive=1y use_temp_path=off; inactive=1y use_temp_path=off;
access_log off;
''; '';
}; };
kyouma.nginx.virtualHosts = let kyouma.nginx.virtualHosts = {
proxyCache = '' "florp.social".locations."/".proxyPass = "http://unix:/run/akkoma/socket";
proxy_cache akkoma_media_cache;
# Cache objects in slices of 1 MiB
slice 1m;
proxy_cache_key $host$uri$is_args$args$slice_range;
proxy_set_header Range $slice_range;
# Decouple proxy and upstream responses
proxy_buffering on;
proxy_cache_lock on;
proxy_ignore_client_abort on;
# Default cache times for various responses
proxy_cache_valid 200 1y;
proxy_cache_valid 206 301 304 1h;
# Allow serving of stale items
proxy_cache_use_stale error timeout invalid_header updating;
'';
in {
"florp.social" = {
serverAliases = map (x: "${x}.florp.social") [ "a" "b" "c" ];
locations."/" = {
proxyPass = "http://unix:/run/akkoma/socket";
proxyWebsockets = true;
};
locations."^/media(/.*)$".return = "308 https://media.florp.social$1";
locations."^/proxy(/.*)$".return = "308 https://cache.florp.social$1";
locations."= /api/v1/pleroma/admin/config" = {
return = ''200 "\{\"error\":\"You must enable configurable_from_database in your config file.\"\}"'';
extraConfig = ''
types { } default_type "application/json; charset=utf-8";
'';
};
};
"media.florp.social" = { "media.florp.social" = {
useACMEHost = "florp.social"; useACMEHost = "florp.social";
locations."/" = { locations."/".proxyPass = "http://unix:/run/akkoma/socket";
proxyPass = "http://unix:/run/akkoma/socket";
extraConfig = ''
rewrite ^(?!/media)(.*)$ /media$1;
'' + proxyCache;
};
}; };
"cache.florp.social" = { "cache.florp.social" = {
@ -330,13 +254,27 @@
locations."/" = { locations."/" = {
proxyPass = "http://unix:/run/akkoma/socket"; proxyPass = "http://unix:/run/akkoma/socket";
extraConfig = '' extraConfig = ''
rewrite ^(?!/proxy)(.*)$ /proxy$1; proxy_cache akkoma_media_cache;
'' + proxyCache;
# Cache objects in slices of 1 MiB
slice 1m;
proxy_cache_key $host$uri$is_args$args$slice_range;
proxy_set_header Range $slice_range;
# Decouple proxy and upstream responses
proxy_buffering on;
proxy_cache_lock on;
proxy_ignore_client_abort on;
# Default cache times for various responses
proxy_cache_valid 200 1y;
proxy_cache_valid 206 301 304 1h;
# Allow serving of stale items
proxy_cache_use_stale error timeout invalid_header updating;
'';
}; };
}; };
}; };
security.acme.certs."florp.social".extraDomainNames = [ security.acme.certs."florp.social".extraDomainNames = [ "cache.florp.social" "media.florp.social" ];
"cache.florp.social"
"media.florp.social"
] ++ map (x: "${x}.florp.social") [ "a" "b" "c" ];
} }

View file

@ -1,62 +0,0 @@
{ lib, pkgs, ... }: {
services = lib.genAttrs [
"sonarr"
"radarr"
"prowlarr"
"lidarr"
] (_: {
enable = true;
});
systemd.services = lib.genAttrs [ "radarr" "sonarr" ] (_: {
wants = [ "mnt-mezzomix.mount" ];
});
systemd.mounts = lib.singleton {
description = "rclone mount";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" "radarr.service" "sonarr.service" ];
where = "/mnt/mezzomix";
what = "mezzomix@otos.feralhosting.com:private/rtorrent/data";
type = "fuse.sshfs";
options = "umask=0000,idmap=user,_netdev,rw,nosuid,allow_other,default_permissions,follow_symlinks,reconnect,max_conns=10,identityfile=/etc/keys/ssh_host_ed25519_key";
};
systemd.automounts = lib.singleton {
name = "mnt-mezzomix.automount";
where = "/mnt/mezzomix";
wantedBy = [ "multi-user.target" ];
automountConfig.TimeoutIdleSec = 0;
};
environment.systemPackages = [ pkgs.sshfs ];
programs.ssh.ciphers = [ "aes256-ctr" ];
kyouma.nginx.virtualHosts = {
"crime.kyouma.net" = {
verifyClientCert = true;
disableHttp3 = true;
locations = {
"/".root = pkgs.writeTextDir "index.html" (builtins.readFile ./landingPage.html);
"/lidarr/" = {
proxyPass = "http://127.0.0.1:8686";
recommendedProxySettings = true;
};
"/sonarr/" = {
proxyPass = "http://127.0.0.1:8989";
recommendedProxySettings = true;
};
"/radarr/" = {
proxyPass = "http://127.0.0.1:7878";
recommendedProxySettings = true;
};
"/prowlarr/" = {
proxyPass = "http://127.0.0.1:9696";
recommendedProxySettings = true;
};
};
};
};
security.acme.certs."crime.kyouma.net" = {};
}

View file

@ -1,29 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<title>crime.kyouma.net</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to crime.kyouma.net!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>Sonarr
<a href="https://crime.kyouma.net/sonarr">crime.kyouma.net/sonarr</a><br/>
Radarr
<a href="https://crime.kyouma.net/radarr">crime.kyouma.net/radarr</a><br/>
Lidarr
<a href="https://crime.kyouma.net/lidarr">crime.kyouma.net/lidarr</a><br/>
Prowlarr
<a href="https://crime.kyouma.net/prowlarr">crime.kyouma.net/prowlarr</a></p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>

View file

@ -30,8 +30,8 @@
extraConfig = '' extraConfig = ''
server_store_uri = https://cache.kyouma.net server_store_uri = https://cache.kyouma.net
binary_cache_public_uri = https://cache.kyouma.net binary_cache_public_uri = https://cache.kyouma.net
evaluator_workers = 1 evaluator_workers = 8
evaluator_max_memory_size = 4096 evaluator_max_memory_size = 16384
max_output_size = ${builtins.toString (24 * 1024 * 1024 * 1024)} max_output_size = ${builtins.toString (24 * 1024 * 1024 * 1024)}
''; '';
}; };
@ -44,8 +44,8 @@
}; };
systemd.services.hydra-evaluator.serviceConfig = { systemd.services.hydra-evaluator.serviceConfig = {
MemoryHigh = "150G"; MemoryHigh = "250G";
MemoryMax = "155G"; MemoryMax = "254G";
}; };
kyouma.nginx.defaultForbidden = "hydra.kyouma.net"; kyouma.nginx.defaultForbidden = "hydra.kyouma.net";

View file

@ -1,9 +1,6 @@
{ config, lib, ... }: { { config, lib, ... }: {
nix.buildMachines = let nix.buildMachines = let
base = [ "nixos-test" "benchmark" "big-parallel" "kvm" ]; base = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
x86-64 = [ "gccarch-x86-64" "gccarch-x86-64-v2" "gccarch-x86-64-v3" ];
aarch64 = [ "gccarch-armv8-a" "gccarch-armv8.1-a" "gccarch-armv8.2-a" "gccarch-armv8.2-a+fp16+rcpc+dotprod" ];
riscv64 = [ "gccarch-rv64imac" "gccarch-rv64imacfd" "gccarch-rv64gc" ];
in [ in [
{ {
hostName = "localhost"; hostName = "localhost";
@ -19,32 +16,33 @@
maxJobs = 2; maxJobs = 2;
speedFactor = 4; speedFactor = 4;
systems = [ "aarch64-linux" ]; systems = [ "aarch64-linux" ];
supportedFeatures = base ++ aarch64; supportedFeatures = base;
sshKey = config.sops.secrets."services/hydra/id_ed25519_hydra".path; sshKey = config.sops.secrets."services/hydra/id_ed25519_hydra".path;
} }
{ {
hostName = "schrodinger.kyouma.net"; hostName = "schrodinger.kyouma.net";
sshUser = "root"; sshUser = "root";
maxJobs = 0; maxJobs = 2;
speedFactor = 20; speedFactor = 20;
systems = [ "riscv64-linux" ]; systems = [ "riscv64-linux" ];
supportedFeatures = base ++ riscv64; supportedFeatures = base ++ [ "gccarch-rv64imac" "gccarch-rv64imacfd" ];
sshKey = config.sops.secrets."services/hydra/id_ed25519_hydra".path; sshKey = config.sops.secrets."services/hydra/id_ed25519_hydra".path;
} }
] ++ lib.forEach (lib.range 0 11) (num: { ] ++ lib.forEach (lib.genList (i: i + 1) 8) (num: {
hostName = "build-worker-${lib.fixedWidthNumber 2 num}"; hostName = "build-worker-0${toString num}";
sshUser = "root"; sshUser = "root";
maxJobs = 2; maxJobs = 2;
speedFactor = 20; speedFactor = 20;
systems = [ "i686-linux" "x86_64-linux" ] systems = [ "i686-linux" "x86_64-linux" ];
++ lib.optionals (lib.mod num 5 == 0) [ "aarch64-linux" "riscv64-linux" ]; supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "gccarch-x86-64" "gccarch-x86-64-v2" "gccarch-x86-64-v3" ];
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" ] ++ x86-64
++ lib.optionals (lib.mod num 5 == 0) (aarch64 ++ riscv64);
sshKey = config.sops.secrets."services/hydra/id_ed25519_hydra".path; sshKey = config.sops.secrets."services/hydra/id_ed25519_hydra".path;
}); });
nixpkgs.config.allowUnsupportedSystem = true;
nix.distributedBuilds = true; nix.distributedBuilds = true;
nix.gc.automatic = lib.mkForce false; nixpkgs.config.allowUnsupportedSystem = true;
nix.gc = {
dates = "monthly";
options = lib.mkForce "--delete-older-than 90d";
};
nix.settings = { nix.settings = {
allowed-uris = [ allowed-uris = [
"github:" "github:"
@ -59,9 +57,7 @@
"build-worker-04.nyantec.com".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICOq+5I+nlAN2lJoOtoXrYEDuZ/TMPMa43pIlablYigK"; "build-worker-04.nyantec.com".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICOq+5I+nlAN2lJoOtoXrYEDuZ/TMPMa43pIlablYigK";
"integra.kyouma.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIBwEQiSfaDrUAwgul4mktusBPcIVxI4pLNDh9DPopVU"; "integra.kyouma.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIBwEQiSfaDrUAwgul4mktusBPcIVxI4pLNDh9DPopVU";
"schrodinger.kyouma.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKo7vZ6lS1wx76YsbAdhOsGcc20YMAW52ep8SZ/FCHDp"; "schrodinger.kyouma.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKo7vZ6lS1wx76YsbAdhOsGcc20YMAW52ep8SZ/FCHDp";
"lab.nyantec.com".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIUePtVPtBK+CYosufbaGiMT4EVanti4V5t2Wg0g/Fy4";
"localhost".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPNVavo3YHVsrYwXRVISu7kDoknn+5inFGySn4azlB8P"; "localhost".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPNVavo3YHVsrYwXRVISu7kDoknn+5inFGySn4azlB8P";
"[build-worker-kyoumanet.fly.dev]:2200".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJUGzlilikAUfUGKXVCoTeDvPRoWUgDDkNU5WaRUBzls";
"[build-worker-kyoumanet.fly.dev]:2201".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDL2M97UBHg9aUfjDUxzmzg1r0ga0m3/stummBVwuEAB"; "[build-worker-kyoumanet.fly.dev]:2201".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDL2M97UBHg9aUfjDUxzmzg1r0ga0m3/stummBVwuEAB";
"[build-worker-kyoumanet.fly.dev]:2202".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOTwVKL0P0chPM2Gz23rbT94844+w1CGJdCaZdzfjThz"; "[build-worker-kyoumanet.fly.dev]:2202".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOTwVKL0P0chPM2Gz23rbT94844+w1CGJdCaZdzfjThz";
"[build-worker-kyoumanet.fly.dev]:2203".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAjy2eZGJQeAYy0+fLgW9jiS0jVY2LInY0NDMnzCvvKp"; "[build-worker-kyoumanet.fly.dev]:2203".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAjy2eZGJQeAYy0+fLgW9jiS0jVY2LInY0NDMnzCvvKp";
@ -70,18 +66,11 @@
"[build-worker-kyoumanet.fly.dev]:2206".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGf0kxGgwOG9KhUhvxxTSiQC5YikrzZXKDgSpBw33qN4"; "[build-worker-kyoumanet.fly.dev]:2206".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGf0kxGgwOG9KhUhvxxTSiQC5YikrzZXKDgSpBw33qN4";
"[build-worker-kyoumanet.fly.dev]:2207".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL9z95a6Fn/dB+iNigEYpuJdBnBwCkIZYaKHcFbGP+RY"; "[build-worker-kyoumanet.fly.dev]:2207".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL9z95a6Fn/dB+iNigEYpuJdBnBwCkIZYaKHcFbGP+RY";
"[build-worker-kyoumanet.fly.dev]:2208".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAk+FNMhTfAVqk3MfLp4QiG/i5ti53DlpnC0q+sOvU9O"; "[build-worker-kyoumanet.fly.dev]:2208".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAk+FNMhTfAVqk3MfLp4QiG/i5ti53DlpnC0q+sOvU9O";
"[build-worker-kyoumanet-cdg.fly.dev]:2209".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJGlQD/3fLn/Kyb7v0RIycHRcArGi75jURj803EMpW0S";
"[build-worker-kyoumanet-cdg.fly.dev]:2210".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMQm1FSGBGdCR5f8MvBvdKM0M4yIQVnH1po7hHO5T1qz";
"[build-worker-kyoumanet-cdg.fly.dev]:2211".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINlH+v2ZlcDQY3itw4b7aRbwRTqDsTE0R5Ua3vF0VaGr";
}; };
extraConfig = '' extraConfig = lib.concatLines (lib.genList (i: ''
Host machine-0008.cloud-v.co Host build-worker-0${toString (i + 1)}
Hostname machine.cloud-v.co Hostname build-worker-kyoumanet.fly.dev
Port 20008 Port 220${toString (i + 1)}
'' + lib.concatLines (lib.forEach (lib.range 0 11) (num: '' '') 8);
Host build-worker-${lib.fixedWidthNumber 2 num}
Hostname build-worker-kyoumanet${lib.optionalString (num > 8) "-cdg"}.fly.dev
Port 22${lib.fixedWidthNumber 2 num}
''));
}; };
} }

View file

@ -1,34 +0,0 @@
{ lib, ... }: {
services.jellyfin.enable = true;
kyouma.nginx.virtualHosts = {
"watch.kyouma.net".redirectTo = "fentanyl.trade";
"fentanyl.trade" = {
serverAliases = lib.singleton "frotti.ng";
locations = {
"= /".return = "302 https://$host/web/";
"/" = {
proxyPass = "http://[::1]:8096";
recommendedProxySettings = true;
extraConfig = ''
proxy_buffering on;
'';
};
"= /web/" = {
proxyPass = "http://[::1]:8096";
recommendedProxySettings = true;
};
"/socket" = {
proxyPass = "http://[::1]:8096";
recommendedProxySettings = true;
proxyWebsockets = true;
};
};
};
};
security.acme.certs."fentanyl.trade".extraDomainNames = [
"frotti.ng"
"watch.kyouma.net"
];
}

View file

@ -1,6 +1,4 @@
{ config, lib, pkgs, ... }: let { config, lib, ... }: with lib; {
inherit (lib) mkDefault;
in {
kyouma.deployment.tags = [ "web" ]; kyouma.deployment.tags = [ "web" ];
security.dhparams.enable = true; security.dhparams.enable = true;
security.dhparams.params.nginx = {}; security.dhparams.params.nginx = {};
@ -11,11 +9,9 @@ in {
email = "noc@kyouma.net"; email = "noc@kyouma.net";
}; };
}; };
networking.firewall.allowedTCPPorts = [ 80 443 ];
networking.firewall.allowedUDPPorts = [ 443 ];
services.nginx = { services.nginx = {
enable = true; enable = true;
package = mkDefault pkgs.nginxQuic; #package = pkgs.nginxQuic;
recommendedGzipSettings = true; recommendedGzipSettings = true;
recommendedOptimisation = true; recommendedOptimisation = true;
@ -36,7 +32,6 @@ in {
add_header X-XSS-Protection "1; mode=block" always; add_header X-XSS-Protection "1; mode=block" always;
add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Frame-Options "SAMEORIGIN" always;
add_header Referrer-Policy "same-origin" always; add_header Referrer-Policy "same-origin" always;
add_header Alt-Svc 'h3=":443"; ma=7776000; persist=1, h2=":443"; ma=7776000; persist=1';
#add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always; #add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
''; '';
eventsConfig = '' eventsConfig = ''

View file

@ -1,78 +0,0 @@
{ inputs, pkgs, ... }: {
imports = [
inputs.home-manager.nixosModules.home-manager
];
users.users.lucy = {
isNormalUser = true;
shell = pkgs.fish;
ignoreShellProgramCheck = true;
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIId7XvwEHtC9KdGg4Bn+XE+yyBp7/dRToJX9T56mM7ln kosaki@kosaki"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAZH8HwE1OxVAArRpc3+c7foYJ/WYjp4BqUyuab9yQyl emilia@emilia"
];
};
home-manager.useGlobalPkgs = true;
home-manager.users.lucy = {
home.stateVersion = "24.11";
home.packages = with pkgs; [
whois
htop
restic
fend
];
fonts.fontconfig.enable = true;
programs.bat.enable = true;
programs.gpg.enable = true;
programs.ripgrep.enable = true;
programs.tmux = {
enable = true;
prefix = "M-w";
clock24 = true;
extraConfig = ''
# unbind keys
unbind-key C-b
# new prefix
bind-key M-w send-prefix
# selection via vim keys
bind-key -r h select-pane -L
bind-key -r j select-pane -D
bind-key -r k select-pane -U
bind-key -r l select-pane -R
# resize aswell
bind-key -r C-h resize-pane -L 5
bind-key -r C-j resize-pane -D 5
bind-key -r C-k resize-pane -U 5
bind-key -r C-l resize-pane -R 5
bind-key g split-window
bind-key v split-window -h
'';
};
programs.eza = {
enable = true;
icons = "auto";
git = true;
extraOptions = [
"--color-scale=all"
"--color-scale-mode=gradient"
"--group-directories-first"
];
};
programs.fish = {
enable = true;
interactiveShellInit = ''
set -U fish_greeting
'';
};
};
}

View file

@ -1,49 +0,0 @@
{ inputs, pkgs, ... }: {
imports = [
inputs.home-manager.nixosModules.home-manager
];
users.users.nil = {
isNormalUser = true;
shell = pkgs.fish;
ignoreShellProgramCheck = true;
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = [
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAICczPHRwY9MAwDGlcB0QgMOJjcpLJhVU3covrW9RBS62AAAABHNzaDo="
];
};
home-manager.useGlobalPkgs = true;
home-manager.users.nil = {
home.stateVersion = "24.11";
home.packages = with pkgs; [
whois
htop
restic
fend
];
fonts.fontconfig.enable = true;
programs.bat.enable = true;
programs.gpg.enable = true;
programs.ripgrep.enable = true;
programs.eza = {
enable = true;
icons = "auto";
git = true;
extraOptions = [
"--color-scale=all"
"--color-scale-mode=gradient"
"--group-directories-first"
];
};
programs.fish = {
enable = true;
interactiveShellInit = ''
set -U fish_greeting
'';
};
};
}

View file

@ -12,11 +12,11 @@
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {
"lastModified": 1731270564, "lastModified": 1730257295,
"narHash": "sha256-6KMC/NH/VWP5Eb+hA56hz0urel3jP6Y6cF2PX6xaTkk=", "narHash": "sha256-OQl+aAsKiyygvpzck1u0sZf/R4T9zM903CgNDFmmzA8=",
"owner": "zhaofengli", "owner": "zhaofengli",
"repo": "attic", "repo": "attic",
"rev": "47752427561f1c34debb16728a210d378f0ece36", "rev": "48c8b395bfbc6b76c7eae74df6c74351255a095c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -30,11 +30,11 @@
"fromYaml": "fromYaml" "fromYaml": "fromYaml"
}, },
"locked": { "locked": {
"lastModified": 1732200724, "lastModified": 1708890466,
"narHash": "sha256-+R1BH5wHhfnycySb7Sy5KbYEaTJZWm1h+LW1OtyhiTs=", "narHash": "sha256-LlrC09LoPi8OPYOGPXegD72v+//VapgAqhbOFS3i8sc=",
"owner": "SenchoPens", "owner": "SenchoPens",
"repo": "base16.nix", "repo": "base16.nix",
"rev": "153d52373b0fb2d343592871009a286ec8837aec", "rev": "665b3c6748534eb766c777298721cece9453fdae",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -78,11 +78,11 @@
"base16-vim": { "base16-vim": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1731949548, "lastModified": 1716150083,
"narHash": "sha256-XIDexXM66sSh5j/x70e054BnUsviibUShW7XhbDGhYo=", "narHash": "sha256-ZMhnNmw34ogE5rJZrjRv5MtG3WaqKd60ds2VXvT6hEc=",
"owner": "tinted-theming", "owner": "tinted-theming",
"repo": "base16-vim", "repo": "base16-vim",
"rev": "61165b1632409bd55e530f3dbdd4477f011cadc6", "rev": "6e955d704d046b0dc3e5c2d68a2a6eeffd2b5d3d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -156,11 +156,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1732742778, "lastModified": 1730190761,
"narHash": "sha256-i+Uw8VOHzQe9YdNwKRbzvaPWLE07tYVqUDzSFTXhRgk=", "narHash": "sha256-o5m5WzvY6cGIDupuOvjgNSS8AN6yP2iI9MtUC6q/uos=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "341482e2f4d888e3f60cae1c12c3df896e7230d8", "rev": "3979285062d6781525cded0f6c4ff92e71376b55",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -192,26 +192,6 @@
"type": "github" "type": "github"
} }
}, },
"eosyn": {
"inputs": {
"lix": "lix",
"lix-module": "lix-module",
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1732835047,
"narHash": "sha256-O+JD5tKyCRtE+ZY5cpDQnepcyEP3xDxqSw4irJRxRgM=",
"ref": "refs/heads/main",
"rev": "29adbc654463e677bc8bfbfa311c765584446bd8",
"revCount": 1,
"type": "git",
"url": "https://woof.rip/mikael/eosyn.git"
},
"original": {
"type": "git",
"url": "https://woof.rip/mikael/eosyn.git"
}
},
"fernglas": { "fernglas": {
"inputs": { "inputs": {
"communities": "communities", "communities": "communities",
@ -234,24 +214,6 @@
"type": "github" "type": "github"
} }
}, },
"firefox": {
"inputs": {
"eosyn": "eosyn"
},
"locked": {
"lastModified": 1732835073,
"narHash": "sha256-6pF35LT6oLTFTuwJ4ZxjePY+qHpC4BGcOExJeiUAlxY=",
"ref": "refs/heads/main",
"rev": "cf453c076add9ee34542a318fa7a7a865087921b",
"revCount": 4,
"type": "git",
"url": "https://woof.rip/mikael/firefox.git"
},
"original": {
"type": "git",
"url": "https://woof.rip/mikael/firefox.git"
}
},
"flake-compat": { "flake-compat": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -301,11 +263,11 @@
"flake-compat_4": { "flake-compat_4": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1696426674, "lastModified": 1673956053,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra", "owner": "edolstra",
"repo": "flake-compat", "repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -365,11 +327,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1730504689, "lastModified": 1727826117,
"narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=", "narHash": "sha256-K5ZLCyfO/Zj9mPFldf3iwS6oZStJcU4tSpiXTMYaaL0=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "506278e768c2a08bec68eb62932193e341f55c90", "rev": "3d04084d54bedc3d6b8b736c70ef449225c361b1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -383,11 +345,11 @@
"systems": "systems" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1731533236, "lastModified": 1726560853,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -401,11 +363,11 @@
"systems": "systems_2" "systems": "systems_2"
}, },
"locked": { "locked": {
"lastModified": 1731533236, "lastModified": 1710146030,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -433,24 +395,6 @@
} }
}, },
"flake-utils_4": { "flake-utils_4": {
"inputs": {
"systems": "systems_4"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_5": {
"inputs": { "inputs": {
"systems": [ "systems": [
"stylix", "stylix",
@ -458,11 +402,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1731533236, "lastModified": 1710146030,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -486,89 +430,14 @@
"type": "github" "type": "github"
} }
}, },
"flakey-profile_2": {
"locked": {
"lastModified": 1712898590,
"narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=",
"owner": "lf-",
"repo": "flakey-profile",
"rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d",
"type": "github"
},
"original": {
"owner": "lf-",
"repo": "flakey-profile",
"type": "github"
}
},
"florp-about": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1731582952,
"narHash": "sha256-hnvqHeekGal+hml6BQB254LsJn+Vk5QNKzkIu8rH/xs=",
"ref": "refs/heads/main",
"rev": "f283dba73f777746e1675126f8fa4c5b1fd06152",
"revCount": 10,
"type": "git",
"url": "https://woof.rip/florp/about.git"
},
"original": {
"type": "git",
"url": "https://woof.rip/florp/about.git"
}
},
"florp-branding": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1731182323,
"narHash": "sha256-Ecw7fOxv3hp1iLWBqlYW9TTNi0LTtiu92gtqfdn5v20=",
"ref": "refs/heads/main",
"rev": "8aaf8c85b902eaaabfdeadd5502019b2816991b9",
"revCount": 3,
"type": "git",
"url": "https://woof.rip/florp/branding.git"
},
"original": {
"type": "git",
"url": "https://woof.rip/florp/branding.git"
}
},
"florp-moderation": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1732211216,
"narHash": "sha256-eXsk0hZ2sFAvQht9W6Xxej/8AHYCGzvATFLoY1xwG/o=",
"ref": "refs/heads/main",
"rev": "81f0a4377c1218d328e7996636a02faf0597efa0",
"revCount": 9,
"type": "git",
"url": "https://woof.rip/florp/moderation.git"
},
"original": {
"type": "git",
"url": "https://woof.rip/florp/moderation.git"
}
},
"fromYaml": { "fromYaml": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1731966426, "lastModified": 1689549921,
"narHash": "sha256-lq95WydhbUTWig/JpqiB7oViTcHFP8Lv41IGtayokA8=", "narHash": "sha256-iX0pk/uB019TdBGlaJEWvBCfydT6sRq+eDcGPifVsCM=",
"owner": "SenchoPens", "owner": "SenchoPens",
"repo": "fromYaml", "repo": "fromYaml",
"rev": "106af9e2f715e2d828df706c386a685698f3223b", "rev": "11fbbbfb32e3289d3c631e0134a23854e7865c84",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -594,11 +463,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1732021966, "lastModified": 1730302582,
"narHash": "sha256-mnTbjpdqF0luOkou8ZFi2asa1N3AA2CchR/RqCNmsGE=", "narHash": "sha256-W1MIJpADXQCgosJZT8qBYLRuZls2KSiKdpnTVdKBuvU=",
"owner": "cachix", "owner": "cachix",
"repo": "git-hooks.nix", "repo": "git-hooks.nix",
"rev": "3308484d1a443fc5bc92012435d79e80458fe43c", "rev": "af8a16fe5c264f5e9e18bcee2859b40a656876cf",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -653,11 +522,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1732793095, "lastModified": 1730016908,
"narHash": "sha256-6TrknJ8CpvSSF4gviQSeD+wyj3siRcMvdBKhOXkEMKU=", "narHash": "sha256-bFCxJco7d8IgmjfNExNz9knP8wvwbXU4s/d53KOK6U0=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "2f7739d01080feb4549524e8f6927669b61c6ee3", "rev": "e83414058edd339148dc142a8437edb9450574c8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -672,7 +541,7 @@
"lix" "lix"
], ],
"nix-eval-jobs": "nix-eval-jobs", "nix-eval-jobs": "nix-eval-jobs",
"nixpkgs": "nixpkgs_3" "nixpkgs": "nixpkgs_2"
}, },
"locked": { "locked": {
"lastModified": 1728215710, "lastModified": 1728215710,
@ -704,16 +573,16 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1729958008, "lastModified": 1729544999,
"narHash": "sha256-EiOq8jF4Z/zQe0QYVc3+qSKxRK//CFHMB84aYrYGwEs=", "narHash": "sha256-YcyJLvTmN6uLEBGCvYoMLwsinblXMkoYkNLEO4WnKus=",
"owner": "NuschtOS", "owner": "NuschtOS",
"repo": "ixx", "repo": "ixx",
"rev": "9fd01aad037f345350eab2cd45e1946cc66da4eb", "rev": "65c207c92befec93e22086da9456d3906a4e999c",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NuschtOS", "owner": "NuschtOS",
"ref": "v0.0.6", "ref": "v0.0.5",
"repo": "ixx", "repo": "ixx",
"type": "github" "type": "github"
} }
@ -742,99 +611,58 @@
} }
}, },
"lix": { "lix": {
"flake": false,
"locked": {
"lastModified": 1732806742,
"narHash": "sha256-2RNOVB3UIIxxjiFKrEqSgnSoHK+olbw2o5g/63dDjJ8=",
"rev": "f5754dc90ae9b1207656d0e29ad2704d3ef1e554",
"type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/f5754dc90ae9b1207656d0e29ad2704d3ef1e554.tar.gz?rev=f5754dc90ae9b1207656d0e29ad2704d3ef1e554"
},
"original": {
"type": "tarball",
"url": "https://git.lix.systems/lix-project/lix/archive/main.tar.gz"
}
},
"lix-module": {
"inputs": {
"flake-utils": "flake-utils",
"flakey-profile": "flakey-profile",
"lix": [
"firefox",
"eosyn",
"lix"
],
"nixpkgs": [
"firefox",
"eosyn",
"nixpkgs"
]
},
"locked": {
"lastModified": 1732603698,
"narHash": "sha256-Jw2MhzgCCrKV2MJytehG0cCLIAosBX71p8qmQ6XQlR4=",
"rev": "15b999f9c958c475f71fb8c543b9fc2f36ae8730",
"type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/15b999f9c958c475f71fb8c543b9fc2f36ae8730.tar.gz?rev=15b999f9c958c475f71fb8c543b9fc2f36ae8730"
},
"original": {
"type": "tarball",
"url": "https://git.lix.systems/lix-project/nixos-module/archive/main.tar.gz"
}
},
"lix-module_2": {
"inputs": {
"flake-utils": "flake-utils_3",
"flakey-profile": "flakey-profile_2",
"lix": "lix_3",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1729360442,
"narHash": "sha256-6U0CyPycIBc04hbYy2hBINnVso58n/ZyywY2BD3hu+s=",
"rev": "9098ac95768f7006d7e070b88bae76939f6034e6",
"type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/9098ac95768f7006d7e070b88bae76939f6034e6.tar.gz?rev=9098ac95768f7006d7e070b88bae76939f6034e6"
},
"original": {
"type": "tarball",
"url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-1.tar.gz"
}
},
"lix_2": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_2", "flake-compat": "flake-compat_2",
"nix2container": "nix2container", "nix2container": "nix2container",
"nixpkgs": "nixpkgs_4", "nixpkgs": "nixpkgs_3",
"nixpkgs-regression": "nixpkgs-regression", "nixpkgs-regression": "nixpkgs-regression",
"pre-commit-hooks": "pre-commit-hooks" "pre-commit-hooks": "pre-commit-hooks"
}, },
"locked": { "locked": {
"lastModified": 1729298361, "lastModified": 1723503926,
"narHash": "sha256-hiGtfzxFkDc9TSYsb96Whg0vnqBVV7CUxyscZNhed0U=", "narHash": "sha256-Rosl9iA9MybF5Bud4BTAQ9adbY81aGmPfV8dDBGl34s=",
"rev": "ad9d06f7838a25beec425ff406fe68721fef73be", "rev": "bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2",
"type": "tarball", "type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/ad9d06f7838a25beec425ff406fe68721fef73be.tar.gz?rev=ad9d06f7838a25beec425ff406fe68721fef73be" "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2.tar.gz?rev=bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2"
}, },
"original": { "original": {
"type": "tarball", "type": "tarball",
"url": "https://git.lix.systems/lix-project/lix/archive/2.91.1.tar.gz" "url": "https://git.lix.systems/lix-project/lix/archive/2.91.0.tar.gz"
} }
}, },
"lix_3": { "lix-module": {
"flake": false, "inputs": {
"flake-utils": "flake-utils_2",
"flakey-profile": "flakey-profile",
"lix": "lix_2",
"nixpkgs": [
"nixpkgs"
]
},
"locked": { "locked": {
"lastModified": 1729298361, "lastModified": 1723510904,
"narHash": "sha256-hiGtfzxFkDc9TSYsb96Whg0vnqBVV7CUxyscZNhed0U=", "narHash": "sha256-zNW/rqNJwhq2lYmQf19wJerRuNimjhxHKmzrWWFJYts=",
"rev": "ad9d06f7838a25beec425ff406fe68721fef73be", "rev": "622a2253a071a1fb97a4d3c8103a91114acc1140",
"type": "tarball", "type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/ad9d06f7838a25beec425ff406fe68721fef73be.tar.gz?rev=ad9d06f7838a25beec425ff406fe68721fef73be" "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/622a2253a071a1fb97a4d3c8103a91114acc1140.tar.gz?rev=622a2253a071a1fb97a4d3c8103a91114acc1140"
}, },
"original": { "original": {
"type": "tarball", "type": "tarball",
"url": "https://git.lix.systems/lix-project/lix/archive/2.91.1.tar.gz" "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.0.tar.gz"
}
},
"lix_2": {
"flake": false,
"locked": {
"lastModified": 1723503926,
"narHash": "sha256-Rosl9iA9MybF5Bud4BTAQ9adbY81aGmPfV8dDBGl34s=",
"rev": "bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2",
"type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2.tar.gz?rev=bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2"
},
"original": {
"type": "tarball",
"url": "https://git.lix.systems/lix-project/lix/archive/2.91.0.tar.gz"
} }
}, },
"nix-darwin": { "nix-darwin": {
@ -845,11 +673,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1732603785, "lastModified": 1730184279,
"narHash": "sha256-AEjWTJwOmSnVYsSJCojKgoguGfFfwel6z/6ud6UFMU8=", "narHash": "sha256-6OB+WWR6gnaWiqSS28aMJypKeK7Pjc2Wm6L0MtOrTuA=",
"owner": "lnl7", "owner": "lnl7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "6ab87b7c84d4ee873e937108c4ff80c015a40c7a", "rev": "b379bd4d872d159e5189053ce9a4adf86d56db4b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -947,11 +775,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1732483221, "lastModified": 1730368399,
"narHash": "sha256-kF6rDeCshoCgmQz+7uiuPdREVFuzhIorGOoPXMalL2U=", "narHash": "sha256-F8vJtG389i9fp3k2/UDYHMed3PLCJYfxCqwiVP7b9ig=",
"owner": "nixos", "owner": "nixos",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "45348ad6fb8ac0e8415f6e5e96efe47dd7f39405", "rev": "da14839ac5f38ee6adbdb4e6db09b5eef6d6ccdc",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1028,23 +856,23 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_2": { "nixpkgs-stable_2": {
"locked": { "locked": {
"lastModified": 1732617236, "lastModified": 1729973466,
"narHash": "sha256-PYkz6U0bSEaEB1al7O1XsqVNeSNS+s3NVclJw7YC43w=", "narHash": "sha256-knnVBGfTCZlQgxY1SgH0vn2OyehH9ykfF8geZgS95bk=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "af51545ec9a44eadf3fe3547610a5cdd882bc34e", "rev": "cd3e8833d70618c4eea8df06f95b364b016d4950",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixpkgs-unstable", "ref": "release-24.05",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs_3": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1725001927, "lastModified": 1725001927,
"narHash": "sha256-eV+63gK0Mp7ygCR0Oy4yIYSNcum2VQwnZamHxYTNi+M=", "narHash": "sha256-eV+63gK0Mp7ygCR0Oy4yIYSNcum2VQwnZamHxYTNi+M=",
@ -1060,7 +888,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_4": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1721931987, "lastModified": 1721931987,
"narHash": "sha256-1Zg8LY0T5EfXtv0Kf4M6SFnjH7Eto4VV+EKJ/YSnhiI=", "narHash": "sha256-1Zg8LY0T5EfXtv0Kf4M6SFnjH7Eto4VV+EKJ/YSnhiI=",
@ -1076,13 +904,13 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_5": { "nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1732521221, "lastModified": 1730200266,
"narHash": "sha256-2ThgXBUXAE1oFsVATK1ZX9IjPcS4nKFOAjhPNKuiMn0=", "narHash": "sha256-l253w0XMT8nWHGXuXqyiIC/bMvh1VRszGXgdpQlfhvU=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "4633a7c72337ea8fd23a4f2ba3972865e3ec685d", "rev": "807e9154dcb16384b1b765ebe9cd2bba2ac287fd",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1109,11 +937,11 @@
"treefmt-nix": "treefmt-nix_2" "treefmt-nix": "treefmt-nix_2"
}, },
"locked": { "locked": {
"lastModified": 1732838896, "lastModified": 1730368298,
"narHash": "sha256-9YfEyCU2wB/aSbtpZ+OHb++xS2Km970Ja33H13oEaWM=", "narHash": "sha256-5z4pDqRSSovXPPtN1BNEJOkGoCd/XSYuCWh8AsvoTio=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixvim", "repo": "nixvim",
"rev": "05331006a42846d6e55129b642485f45f90c9efc", "rev": "42ea1626cb002fa759a6b1e2841bfc80a4e59615",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1124,7 +952,7 @@
}, },
"nuschtosSearch": { "nuschtosSearch": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_4", "flake-utils": "flake-utils_3",
"ixx": "ixx", "ixx": "ixx",
"nixpkgs": [ "nixpkgs": [
"nixvim", "nixvim",
@ -1132,11 +960,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1731936508, "lastModified": 1730337772,
"narHash": "sha256-z0BSSf78LkxIrrFXZYmCoRRAxAmxMUKpK7CyxQRvkZI=", "narHash": "sha256-uTxvqDohfG85+zldO5Tf1B+fuAF8ZhMouNwG5S6OAnA=",
"owner": "NuschtOS", "owner": "NuschtOS",
"repo": "search", "repo": "search",
"rev": "fe07070f811b717a4626d01fab714a87d422a9e1", "rev": "4e0a7a95a3df3333771abc4df6a656e7baf67106",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1145,29 +973,6 @@
"type": "github" "type": "github"
} }
}, },
"oth": {
"inputs": {
"flake-utils": [
"flake-utils"
],
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1732215904,
"narHash": "sha256-bXXoyQcVMULYOj1KlzbquUyMTyByzmLatIgm0ra/7sk=",
"ref": "refs/heads/main",
"rev": "847cc8493f7f44bd5ada0283d6b96457f4ee5a9b",
"revCount": 1,
"type": "git",
"url": "ssh://forgejo@woof.rip/emily/oth.git"
},
"original": {
"type": "git",
"url": "ssh://forgejo@woof.rip/emily/oth.git"
}
},
"pre-commit-hooks": { "pre-commit-hooks": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -1190,21 +995,16 @@
"disko": "disko", "disko": "disko",
"dns": "dns", "dns": "dns",
"fernglas": "fernglas", "fernglas": "fernglas",
"firefox": "firefox", "flake-utils": "flake-utils",
"flake-utils": "flake-utils_2",
"florp-about": "florp-about",
"florp-branding": "florp-branding",
"florp-moderation": "florp-moderation",
"home-manager": "home-manager", "home-manager": "home-manager",
"hydra": "hydra", "hydra": "hydra",
"kyouma-www": "kyouma-www", "kyouma-www": "kyouma-www",
"lix": "lix_2", "lix": "lix",
"lix-module": "lix-module_2", "lix-module": "lix-module",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixos-needsreboot": "nixos-needsreboot", "nixos-needsreboot": "nixos-needsreboot",
"nixpkgs": "nixpkgs_5", "nixpkgs": "nixpkgs_4",
"nixvim": "nixvim", "nixvim": "nixvim",
"oth": "oth",
"sops-nix": "sops-nix", "sops-nix": "sops-nix",
"stylix": "stylix" "stylix": "stylix"
} }
@ -1213,14 +1013,15 @@
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ],
"nixpkgs-stable": "nixpkgs-stable_2"
}, },
"locked": { "locked": {
"lastModified": 1732575825, "lastModified": 1729999681,
"narHash": "sha256-xtt95+c7OUMoqZf4OvA/7AemiH3aVuWHQbErYQoPwFk=", "narHash": "sha256-qm0uCtM9bg97LeJTKQ8dqV/FvqRN+ompyW4GIJruLuw=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "3433ea14fbd9e6671d0ff0dd45ed15ee4c156ffa", "rev": "1666d16426abe79af5c47b7c0efa82fd31bf4c56",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1236,7 +1037,7 @@
"base16-helix": "base16-helix", "base16-helix": "base16-helix",
"base16-vim": "base16-vim", "base16-vim": "base16-vim",
"flake-compat": "flake-compat_4", "flake-compat": "flake-compat_4",
"flake-utils": "flake-utils_5", "flake-utils": "flake-utils_4",
"gnome-shell": "gnome-shell", "gnome-shell": "gnome-shell",
"home-manager": [ "home-manager": [
"home-manager" "home-manager"
@ -1244,17 +1045,17 @@
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"systems": "systems_5", "systems": "systems_4",
"tinted-foot": "tinted-foot", "tinted-foot": "tinted-foot",
"tinted-kitty": "tinted-kitty", "tinted-kitty": "tinted-kitty",
"tinted-tmux": "tinted-tmux" "tinted-tmux": "tinted-tmux"
}, },
"locked": { "locked": {
"lastModified": 1732608183, "lastModified": 1729963473,
"narHash": "sha256-T5k5ill+PNIEW6KuS4CpUacMtZNJe2J2q5eBOF4xWuU=", "narHash": "sha256-uGjTjvvlGQfQ0yypVP+at0NizI2nrb6kz4wGAqzRGbY=",
"owner": "danth", "owner": "danth",
"repo": "stylix", "repo": "stylix",
"rev": "7689e621f87bce7b6ab1925dfd70ad1f4c80f334", "rev": "04afcfc0684d9bbb24bb1dc77afda7c1843ec93b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1323,35 +1124,19 @@
"type": "github" "type": "github"
} }
}, },
"systems_5": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"tinted-foot": { "tinted-foot": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1726913040, "lastModified": 1696725948,
"narHash": "sha256-+eDZPkw7efMNUf3/Pv0EmsidqdwNJ1TaOum6k7lngDQ=", "narHash": "sha256-65bz2bUL/yzZ1c8/GQASnoiGwaF8DczlxJtzik1c0AU=",
"owner": "tinted-theming", "owner": "tinted-theming",
"repo": "tinted-foot", "repo": "tinted-foot",
"rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", "rev": "eedbcfa30de0a4baa03e99f5e3ceb5535c2755ce",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "tinted-theming", "owner": "tinted-theming",
"repo": "tinted-foot", "repo": "tinted-foot",
"rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4",
"type": "github" "type": "github"
} }
}, },
@ -1375,11 +1160,11 @@
"tinted-tmux": { "tinted-tmux": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1729501581, "lastModified": 1696725902,
"narHash": "sha256-1ohEFMC23elnl39kxWnjzH1l2DFWWx4DhFNNYDTYt54=", "narHash": "sha256-wDPg5elZPcQpu7Df0lI5O8Jv4A3T6jUQIVg63KDU+3Q=",
"owner": "tinted-theming", "owner": "tinted-theming",
"repo": "tinted-tmux", "repo": "tinted-tmux",
"rev": "f0e7f7974a6441033eb0a172a0342e96722b4f14", "rev": "c02050bebb60dbb20cb433cd4d8ce668ecc11ba7",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1418,11 +1203,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1732643199, "lastModified": 1730321837,
"narHash": "sha256-uI7TXEb231o8dkwB5AUCecx3AQtosRmL6hKgnckvjps=", "narHash": "sha256-vK+a09qq19QNu2MlLcvN4qcRctJbqWkX7ahgPZ/+maI=",
"owner": "numtide", "owner": "numtide",
"repo": "treefmt-nix", "repo": "treefmt-nix",
"rev": "84637a7ab04179bdc42aa8fd0af1909fba76ad0c", "rev": "746901bb8dba96d154b66492a29f5db0693dbfcc",
"type": "github" "type": "github"
}, },
"original": { "original": {

View file

@ -21,22 +21,6 @@
url = "github:wobcom/fernglas"; url = "github:wobcom/fernglas";
inputs.flake-utils.follows = "flake-utils"; inputs.flake-utils.follows = "flake-utils";
}; };
firefox = {
url = "git+https://woof.rip/mikael/firefox.git";
inputs.nixpkgs.follows = "nixpkgs";
};
florp-about = {
url = "git+https://woof.rip/florp/about.git";
inputs.nixpkgs.follows = "nixpkgs";
};
florp-branding = {
url = "git+https://woof.rip/florp/branding.git";
inputs.nixpkgs.follows = "nixpkgs";
};
florp-moderation = {
url = "git+https://woof.rip/florp/moderation.git";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager = { home-manager = {
url = "github:nix-community/home-manager"; url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@ -50,9 +34,9 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-utils.follows = "flake-utils"; inputs.flake-utils.follows = "flake-utils";
}; };
lix.url = "https://git.lix.systems/lix-project/lix/archive/2.91.1.tar.gz"; lix.url = "https://git.lix.systems/lix-project/lix/archive/2.91.0.tar.gz";
lix-module = { lix-module = {
url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-1.tar.gz"; url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.0.tar.gz";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
nixos-needsreboot = { nixos-needsreboot = {
@ -64,11 +48,6 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
inputs.home-manager.follows = "home-manager"; inputs.home-manager.follows = "home-manager";
}; };
oth = {
url = "git+ssh://forgejo@woof.rip/emily/oth.git";
inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-utils.follows = "flake-utils";
};
sops-nix = { sops-nix = {
url = "github:Mic92/sops-nix"; url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";

View file

@ -5,7 +5,6 @@ primary_region = 'ams'
image = 'registry.fly.io/build-worker-kyoumanet:latest' image = 'registry.fly.io/build-worker-kyoumanet:latest'
[processes] [processes]
bw-00 = '/entrypoint.sh'
bw-01 = '/entrypoint.sh' bw-01 = '/entrypoint.sh'
bw-02 = '/entrypoint.sh' bw-02 = '/entrypoint.sh'
bw-03 = '/entrypoint.sh' bw-03 = '/entrypoint.sh'
@ -15,34 +14,28 @@ primary_region = 'ams'
bw-07 = '/entrypoint.sh' bw-07 = '/entrypoint.sh'
bw-08 = '/entrypoint.sh' bw-08 = '/entrypoint.sh'
[[mounts]]
source = 'bw00'
destination = '/mnt/data'
initial_size = '256GB'
processes = ['bw-00']
[[mounts]] [[mounts]]
source = 'bw01' source = 'bw01'
destination = '/mnt/data' destination = '/mnt/data'
initial_size = '256GB' initial_size = '128GB'
processes = ['bw-01'] processes = ['bw-01']
[[mounts]] [[mounts]]
source = 'bw02' source = 'bw02'
destination = '/mnt/data' destination = '/mnt/data'
initial_size = '256GB' initial_size = '128GB'
processes = ['bw-02'] processes = ['bw-02']
[[mounts]] [[mounts]]
source = 'bw03' source = 'bw03'
destination = '/mnt/data' destination = '/mnt/data'
initial_size = '256GB' initial_size = '128GB'
processes = ['bw-03'] processes = ['bw-03']
[[mounts]] [[mounts]]
source = 'bw04' source = 'bw04'
destination = '/mnt/data' destination = '/mnt/data'
initial_size = '256GB' initial_size = '128GB'
processes = ['bw-04'] processes = ['bw-04']
[[mounts]] [[mounts]]
@ -69,15 +62,6 @@ primary_region = 'ams'
initial_size = '256GB' initial_size = '256GB'
processes = ['bw-08'] processes = ['bw-08']
[[services]]
protocol = 'tcp'
internal_port = 2222
auto_stop_machines = 'off'
processes = ['bw-00']
[[services.ports]]
port = 2200
[[services]] [[services]]
protocol = 'tcp' protocol = 'tcp'
internal_port = 2222 internal_port = 2222

View file

@ -1,4 +1,4 @@
{ config, inputs, lib, pkgs, ... }: { { config, lib, pkgs, ... }: {
config.home-manager.users.emily = lib.mkIf (config.kyouma.graphical.compositor == "hyprland") { config.home-manager.users.emily = lib.mkIf (config.kyouma.graphical.compositor == "hyprland") {
wayland.windowManager.hyprland = { wayland.windowManager.hyprland = {
enable = true; enable = true;
@ -9,8 +9,6 @@
notifysend = "${pkgs.libnotify}/bin/notify-send"; notifysend = "${pkgs.libnotify}/bin/notify-send";
dolphin = "${pkgs.libsForQt5.dolphin}/bin/dolphin"; dolphin = "${pkgs.libsForQt5.dolphin}/bin/dolphin";
firefox = "${pkgs.firefox}/bin/firefox"; firefox = "${pkgs.firefox}/bin/firefox";
# currently broken
#firefox = "${inputs.firefox.packages.${pkgs.system}.firefox}/bin/firefox";
brightnessctl = "${pkgs.brightnessctl}/bin/brightnessctl"; brightnessctl = "${pkgs.brightnessctl}/bin/brightnessctl";
screenshot = "~/.local/bin/hypr/screenshot.sh"; screenshot = "~/.local/bin/hypr/screenshot.sh";
rofi = "${pkgs.rofi-wayland}/bin/rofi"; rofi = "${pkgs.rofi-wayland}/bin/rofi";

View file

@ -2,40 +2,28 @@
cfg = config.kyouma.nginx; cfg = config.kyouma.nginx;
extraConfig = '' extraConfig = ''
add_header Strict-Transport-Security $hsts_header; add_header Strict-Transport-Security $hsts_header;
add_header Alt-Svc 'h3=":443"; ma=7776000; persist=1, h2=":443"; ma=7776000; persist=1'; #add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
#add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always; add_header X-Content-Type-Options "nosniff" always;
add_header X-Content-Type-Options "nosniff" always; add_header X-XSS-Protection "1; mode=block" always;
add_header X-XSS-Protection "1; mode=block" always; add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Frame-Options "SAMEORIGIN" always; add_header Referrer-Policy "same-origin" always;
add_header Referrer-Policy "same-origin" always;
''; '';
createHost = vhostName: vhostCfg: { createHost = vhostName: vhostCfg: {
extraConfig = lib.optionalString (vhostCfg ? "extraConfig") ( extraConfig = (lib.optionalString (builtins.hasAttr "extraConfig" vhostCfg) vhostCfg.extraConfig) + "\n" + extraConfig;
vhostCfg.extraConfig + "\n" + extraConfig
) + lib.optionalString (
if (vhostCfg ? "verifyClientCert") then
vhostCfg.verifyClientCert
else false
) ''
ssl_client_certificate ${./kyouma_Root_CA.pem};
ssl_verify_client on;
ssl_verify_depth 1;
'';
forceSSL = true; forceSSL = true;
#kTLS = true;
#http3 = true;
#quic = true;
} // } //
lib.optionalAttrs (!(vhostCfg ? "useACMEHost")) { lib.optionalAttrs (!(builtins.hasAttr "useACMEHost" vhostCfg)) {
enableACME = true; enableACME = true;
} // } //
lib.optionalAttrs (vhostCfg ? "redirectTo") { lib.optionalAttrs (builtins.hasAttr "redirectTo" vhostCfg) {
enableACME = false; enableACME = false;
useACMEHost = vhostCfg.redirectTo; useACMEHost = vhostCfg.redirectTo;
globalRedirect = vhostCfg.redirectTo; globalRedirect = vhostCfg.redirectTo;
} // } //
lib.optionalAttrs (!vhostCfg ? "disableHttp3") { (builtins.removeAttrs vhostCfg [ "redirectTo" "extraConfig" ]);
http3 = true;
quic = true;
} //
(builtins.removeAttrs vhostCfg [ "redirectTo" "extraConfig" "verifyClientCert" "disableHttp3" ]);
in { in {
options = { options = {
@ -50,21 +38,17 @@ in {
}; };
config = { config = {
services.nginx.virtualHosts = lib.optionalAttrs (cfg.virtualHosts != null) ( services.nginx.virtualHosts = lib.optionalAttrs (cfg.virtualHosts != null) (
builtins.mapAttrs (createHost) cfg.virtualHosts builtins.mapAttrs (createHost) cfg.virtualHosts) //
) // lib.optionalAttrs (cfg.defaultForbidden != null) { lib.optionalAttrs (cfg.defaultForbidden != null) {
"redirect" = { "redirect" = {
quic = true; default = true;
http3 = true; forceSSL = true;
# reuseport has to be specified on the quic listener reuseport = true;
# when using worker_processes auto; useACMEHost = cfg.defaultForbidden;
reuseport = true; extraConfig = ''
default = true; return 403;
forceSSL = true; '';
useACMEHost = cfg.defaultForbidden; };
extraConfig = ''
return 403;
'';
}; };
};
}; };
} }

View file

@ -1,192 +0,0 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
47:94:9e:44:65:f4:61:f8:aa:b3:c1:7b:86:38:21:d9:88:a5:88:f0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=kyouma Root CA
Validity
Not Before: Jun 21 14:02:26 2024 GMT
Not After : Jun 21 14:02:26 2044 GMT
Subject: CN=kyouma Root CA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (7680 bit)
Modulus:
00:f9:d0:a3:4b:d9:77:e3:ec:b4:46:8e:3f:1f:a4:
39:22:60:d8:ad:e9:1e:fe:ad:17:f8:30:d6:f6:fa:
e9:62:f7:36:25:07:e9:6c:83:91:42:0f:e2:53:f1:
ca:70:da:26:7d:bf:bb:1d:d5:4d:5e:99:82:99:39:
97:f3:c3:7d:f9:0d:08:e8:d4:ae:fc:45:88:98:8e:
a3:bc:2a:bd:16:67:32:59:08:59:eb:a8:de:a6:a7:
77:9d:f9:1a:c6:7f:76:92:3d:d7:56:74:2b:a3:5a:
97:8f:05:ab:3b:dc:92:61:2e:7f:95:b1:5c:04:da:
1e:2e:b9:de:7b:16:b2:85:b4:b4:5a:48:34:9a:bb:
18:0d:0a:0a:34:91:f8:8f:f3:79:46:a6:c4:ee:aa:
93:88:03:cf:43:a2:ba:1e:bc:65:f1:78:d8:ce:d8:
2b:fb:db:33:d6:37:ad:d4:9d:44:38:ff:b5:0d:dc:
08:61:2c:fb:f0:86:b2:ef:ff:a8:4f:63:28:13:49:
f8:21:4e:cb:22:98:54:de:e7:b4:e2:b6:14:c9:c5:
59:04:82:04:a2:39:3c:61:f5:91:99:ff:ac:6e:80:
9a:d2:22:7d:51:fb:ad:a3:6a:4c:14:a8:e3:28:d9:
22:ac:c8:3d:34:17:5a:40:ce:8d:3c:52:e7:e1:e9:
d4:75:0d:3f:b8:dd:d3:d2:56:25:92:fa:75:87:81:
fe:59:4a:82:53:d5:e7:03:39:c0:07:84:73:70:d0:
fc:fe:3f:06:e0:f9:0f:59:22:74:05:13:65:58:5a:
a8:1d:7b:52:4f:47:ed:be:26:57:47:49:57:d5:7f:
34:c7:3c:0f:55:d4:17:57:8a:0e:bb:f5:3a:c7:77:
f1:7d:06:49:a9:a8:dd:18:0e:a2:97:52:c8:49:e5:
39:c7:31:5d:07:c3:58:ed:8e:ae:c7:7c:1b:db:8d:
dc:a0:c3:e3:f5:c0:98:35:cf:fc:92:a0:a6:f3:0f:
b1:18:95:c0:01:eb:1d:96:8d:02:7b:9a:dc:29:5d:
59:f1:2a:dc:53:0e:6b:2b:6b:5d:36:03:a1:bd:e4:
e6:b4:1f:5a:66:67:13:4a:2c:7f:56:c9:75:5c:fe:
42:20:24:51:18:bb:ea:30:12:8f:88:d1:ad:fe:eb:
59:92:8d:1e:be:ff:3e:6e:f2:5a:d9:8c:20:f4:35:
ed:bc:01:47:21:d3:10:b9:5d:fe:6a:8e:e0:a3:e3:
e5:6f:ac:8b:fc:61:d0:75:a8:a3:92:1f:2c:cc:c1:
15:17:36:3b:05:ab:58:76:be:63:9d:30:5d:ed:7d:
83:0c:b7:24:8f:10:a8:90:02:ee:68:81:05:cd:d9:
4f:2e:cc:ef:97:62:d1:75:6b:82:f3:d0:34:56:d3:
59:7e:d9:d3:7d:93:ce:1b:17:de:fd:18:4b:e6:50:
72:77:88:60:dd:ff:5e:95:05:61:fe:d8:31:dd:34:
1e:e1:6d:61:1e:80:73:05:3e:3b:22:c2:34:07:48:
9b:0e:06:8d:a6:81:c4:4d:e9:4d:5d:df:e1:04:cd:
5b:85:6e:b2:12:aa:1b:cd:bd:4e:7e:53:ea:59:49:
af:11:70:b3:11:87:0f:af:2f:99:ce:e9:69:db:6d:
d0:5a:14:1a:95:2f:2f:db:bf:36:62:e1:99:ff:7c:
b8:b9:5c:4e:79:33:61:ee:db:4b:6f:40:7d:49:b2:
6e:e1:65:9d:f6:45:fe:27:14:24:82:5d:f6:a4:38:
01:ac:47:54:da:b6:02:c1:ad:79:71:b6:93:64:ec:
a4:06:7b:d6:5e:1c:da:7f:40:16:47:65:47:24:2a:
8b:77:32:49:89:c4:9f:26:d4:f9:a6:ba:e6:42:aa:
74:fd:7e:1e:d1:75:95:5c:5c:d8:d4:bb:75:05:79:
10:7a:df:5a:2b:69:9b:75:28:cb:b5:4e:48:3e:a3:
aa:21:04:95:8f:62:3b:46:2f:07:d0:9e:1c:50:9b:
3d:ba:6d:1f:c2:a0:41:7f:47:43:57:ef:92:31:47:
4a:a2:91:65:43:5c:c1:2b:fd:26:2d:be:41:a7:98:
7a:8f:52:89:5f:81:ff:48:7d:04:2a:b8:4d:50:91:
f5:af:18:33:44:f2:55:5f:68:87:33:d8:e6:4f:5d:
b9:92:ca:06:51:f3:e0:b1:5b:6f:a0:52:fe:6e:98:
22:01:5f:c2:fb:45:59:02:67:62:6f:74:2b:79:62:
e7:5a:13:a8:db:fd:a2:64:b1:0b:49:2f:f4:61:35:
a0:b6:12:2c:ec:24:19:9f:0c:14:85:05:b5:e1:c1:
9e:4e:87:a4:88:c9:79:65:1d:12:ac:89:e6:bc:ed:
6b:58:90:fd:95:40:3f:2e:ba:ff:b8:52:5d:60:98:
32:b9:20:38:a5:08:da:a1:fc:38:89:3c:f1:de:38:
cf:60:d8:69:a1:4b:88:51:f7:31:b8:fc:56:dc:56:
3a:7a:39:c5:03:23:2a:8f:fa:ab:92:7a:b6:37:da:
c1:9f:55:e7:31:b1:c5:be:31:60:08:c2:33:30:ec:
cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7B:C0:C6:7B:04:C4:66:0C:CD:32:FF:B0:6F:E1:D9:51:FD:1C:EE:B7
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
58:b3:2d:00:8e:c2:72:5b:ed:91:8e:3c:98:66:6a:e4:61:c3:
0f:d1:51:98:0c:64:79:3d:01:ac:8a:38:7f:af:fc:80:31:83:
86:a8:79:b9:0f:18:6d:2e:3a:ef:0a:c0:b1:30:39:7e:a4:3d:
ed:4e:35:3e:9e:f1:a3:29:dd:cc:01:1e:62:6b:ed:5b:77:31:
b3:4c:91:1d:69:70:20:44:87:e0:37:17:a0:ba:c4:e5:57:c5:
90:1a:f2:1e:0d:ac:aa:30:11:c3:da:1c:3f:3a:28:b5:6d:12:
ac:45:b6:6c:f0:b2:b2:6e:f0:55:33:8e:29:10:ac:9e:61:ac:
35:ec:ed:c7:e3:51:c2:86:52:10:7a:9c:f6:22:5d:65:65:18:
62:b7:e9:6e:be:64:46:db:dc:15:45:eb:1a:42:45:83:d7:aa:
dd:63:24:4a:ed:b9:d5:35:86:27:22:33:6a:26:4b:32:0a:15:
75:18:19:58:e9:6b:b4:84:ac:00:a3:78:d3:9d:7d:25:3c:5e:
51:7f:01:ca:90:d1:40:2b:d2:45:e1:4f:fb:6e:8d:2e:cc:04:
07:34:07:91:c6:8c:4f:a5:e4:7d:dd:78:0f:b0:9d:01:9d:6e:
89:16:6d:3a:94:dd:38:57:bc:49:c2:e1:b5:aa:54:8f:d1:8b:
13:db:35:2f:d1:80:5e:45:fb:53:60:61:d5:c3:e1:9c:21:60:
a3:83:34:e6:9e:bc:86:70:fe:36:8b:35:55:28:e0:f4:b0:81:
ed:37:59:0e:7a:f6:a7:66:a1:b6:36:45:30:95:c8:80:d6:40:
a9:12:bf:47:b1:33:09:fa:89:d4:9f:c2:57:75:6a:47:dd:87:
3f:b3:d1:3d:13:bc:5e:82:ea:5f:3a:dc:46:35:1e:1f:83:40:
1c:1d:5e:ba:37:18:a3:75:2f:60:a7:84:67:9b:79:17:ad:fb:
2a:5b:d8:84:5d:f2:ff:cc:81:4c:08:e4:17:ec:b7:cf:ac:4c:
0f:91:8a:4c:fa:91:ed:24:39:f9:04:3a:18:b0:b1:c3:57:ed:
9b:f1:cf:ab:bf:07:f1:52:ef:57:de:0a:76:e7:e4:c4:5f:69:
93:71:0c:d4:3f:23:12:55:8c:3d:e6:79:b3:3c:5e:86:ac:1f:
5e:7f:ec:96:d8:da:4d:c9:40:32:ee:b5:cb:6e:86:27:49:45:
e6:89:30:80:fa:ba:ef:21:42:92:ba:f8:a7:51:16:61:04:13:
da:87:ac:c5:9c:c0:19:55:80:2d:4a:32:bb:30:12:0b:49:15:
ec:1e:5b:23:d4:d2:a3:4e:c6:22:19:bc:e2:ba:23:67:88:4c:
54:d0:bf:10:61:91:d9:eb:f7:d7:bc:89:ee:83:0d:a3:2c:81:
a4:c2:38:58:c3:50:b7:fe:3f:f2:bc:a2:f0:52:9d:04:1f:c2:
85:bd:d6:06:77:30:7b:90:3d:29:92:dc:41:a9:40:4b:bb:7c:
b7:91:07:65:2b:03:af:e4:a0:18:ab:a5:76:00:bc:10:e8:21:
41:c7:d7:53:80:41:21:67:af:fe:d1:9d:14:4c:a9:7e:16:1d:
4b:61:a4:f4:b1:e8:88:fe:c4:f1:60:3e:6d:d5:a9:90:14:3e:
95:5d:7d:f0:7b:1e:af:5f:80:63:a8:ce:b1:a7:a1:b2:9a:10:
f7:d9:e7:00:fa:33:d7:61:c9:35:b1:c2:c9:60:0b:a5:1d:08:
a8:b2:1d:56:15:b8:b9:5e:36:b3:df:6a:76:6c:5e:9d:a7:e5:
54:dc:1a:6c:c3:34:f2:c2:c6:ee:7a:68:49:a3:41:d6:54:34:
78:c9:2b:d2:d2:52:94:23:35:d7:c4:bf:c6:e0:21:18:4f:7a:
7a:be:e8:ab:34:fa:f7:4d:1a:4b:3c:37:e9:5f:1c:76:b1:6d:
96:70:f5:f5:db:b4:15:ba:2c:71:25:80:b3:98:4a:d3:1a:8d:
0e:69:24:de:e3:0c:38:64:82:6e:54:d1:74:47:e5:e5:69:b1:
c1:04:12:72:8a:3f:71:c0:9f:dc:db:ba:0e:e8:3d:52:4a:23:
56:04:9b:8c:eb:4f:62:19:7f:f5:bd:1e:48:d9:7f:89:84:3c:
8d:f5:67:21:d6:81:ee:5a:cd:fa:c2:53:60:a0:97:1e:80:a2:
dc:96:89:e6:99:d9:9d:48:23:a0:07:9a:02:06:29:04:eb:03:
79:06:6b:a0:41:98:d2:8f:2d:b4:e3:cb:c2:5e:78:74:a1:92:
29:c9:7d:07:03:ca:3f:8c:f5:71:f0:c4:7d:6a:1b:ac:33:37:
4f:03:54:44:46:b6:76:1c:55:8a:7d:7b:e5:58:4e:a9:f8:e1:
fe:7b:f3:a2:f8:e6:3b:e0:0b:5d:47:a8:b7:aa:f8:f3:c0:65:
b0:e4:1c:22:8f:9e:b9:d1:8f:a6:4a:a4:28:6f:6c:27:31:49:
58:c0:4d:80:3b:e3:e2:22:aa:ec:4e:ba:a5:0d:9e:b8:17:8c:
6b:4e:2d:37:6a:cc:f3:2d:0d:6b:34:b4:00:eb:ce:31:0e:a5:
c4:85:cd:1e:16:0b
-----BEGIN CERTIFICATE-----
MIIIgjCCBKqgAwIBAgIUR5SeRGX0Yfiqs8F7hjgh2YiliPAwDQYJKoZIhvcNAQEL
BQAwGTEXMBUGA1UEAwwOa3lvdW1hIFJvb3QgQ0EwHhcNMjQwNjIxMTQwMjI2WhcN
NDQwNjIxMTQwMjI2WjAZMRcwFQYDVQQDDA5reW91bWEgUm9vdCBDQTCCA+IwDQYJ
KoZIhvcNAQEBBQADggPPADCCA8oCggPBAPnQo0vZd+PstEaOPx+kOSJg2K3pHv6t
F/gw1vb66WL3NiUH6WyDkUIP4lPxynDaJn2/ux3VTV6Zgpk5l/PDffkNCOjUrvxF
iJiOo7wqvRZnMlkIWeuo3qand535GsZ/dpI911Z0K6Nal48FqzvckmEuf5WxXATa
Hi653nsWsoW0tFpINJq7GA0KCjSR+I/zeUamxO6qk4gDz0Oiuh68ZfF42M7YK/vb
M9Y3rdSdRDj/tQ3cCGEs+/CGsu//qE9jKBNJ+CFOyyKYVN7ntOK2FMnFWQSCBKI5
PGH1kZn/rG6AmtIifVH7raNqTBSo4yjZIqzIPTQXWkDOjTxS5+Hp1HUNP7jd09JW
JZL6dYeB/llKglPV5wM5wAeEc3DQ/P4/BuD5D1kidAUTZVhaqB17Uk9H7b4mV0dJ
V9V/NMc8D1XUF1eKDrv1Osd38X0GSamo3RgOopdSyEnlOccxXQfDWO2Orsd8G9uN
3KDD4/XAmDXP/JKgpvMPsRiVwAHrHZaNAnua3CldWfEq3FMOaytrXTYDob3k5rQf
WmZnE0osf1bJdVz+QiAkURi76jASj4jRrf7rWZKNHr7/Pm7yWtmMIPQ17bwBRyHT
ELld/mqO4KPj5W+si/xh0HWoo5IfLMzBFRc2OwWrWHa+Y50wXe19gwy3JI8QqJAC
7miBBc3ZTy7M75di0XVrgvPQNFbTWX7Z032TzhsX3v0YS+ZQcneIYN3/XpUFYf7Y
Md00HuFtYR6AcwU+OyLCNAdImw4GjaaBxE3pTV3f4QTNW4VushKqG829Tn5T6llJ
rxFwsxGHD68vmc7padtt0FoUGpUvL9u/NmLhmf98uLlcTnkzYe7bS29AfUmybuFl
nfZF/icUJIJd9qQ4AaxHVNq2AsGteXG2k2TspAZ71l4c2n9AFkdlRyQqi3cySYnE
nybU+aa65kKqdP1+HtF1lVxc2NS7dQV5EHrfWitpm3Uoy7VOSD6jqiEElY9iO0Yv
B9CeHFCbPbptH8KgQX9HQ1fvkjFHSqKRZUNcwSv9Ji2+QaeYeo9SiV+B/0h9BCq4
TVCR9a8YM0TyVV9ohzPY5k9duZLKBlHz4LFbb6BS/m6YIgFfwvtFWQJnYm90K3li
51oTqNv9omSxC0kv9GE1oLYSLOwkGZ8MFIUFteHBnk6HpIjJeWUdEqyJ5rzta1iQ
/ZVAPy66/7hSXWCYMrkgOKUI2qH8OIk88d44z2DYaaFLiFH3Mbj8VtxWOno5xQMj
Ko/6q5J6tjfawZ9V5zGxxb4xYAjCMzDszwIDAQABo0IwQDAdBgNVHQ4EFgQUe8DG
ewTEZgzNMv+wb+HZUf0c7rcwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
AQYwDQYJKoZIhvcNAQELBQADggPBAFizLQCOwnJb7ZGOPJhmauRhww/RUZgMZHk9
AayKOH+v/IAxg4aoebkPGG0uOu8KwLEwOX6kPe1ONT6e8aMp3cwBHmJr7Vt3MbNM
kR1pcCBEh+A3F6C6xOVXxZAa8h4NrKowEcPaHD86KLVtEqxFtmzwsrJu8FUzjikQ
rJ5hrDXs7cfjUcKGUhB6nPYiXWVlGGK36W6+ZEbb3BVF6xpCRYPXqt1jJErtudU1
hiciM2omSzIKFXUYGVjpa7SErACjeNOdfSU8XlF/AcqQ0UAr0kXhT/tujS7MBAc0
B5HGjE+l5H3deA+wnQGdbokWbTqU3ThXvEnC4bWqVI/RixPbNS/RgF5F+1NgYdXD
4ZwhYKODNOaevIZw/jaLNVUo4PSwge03WQ569qdmobY2RTCVyIDWQKkSv0exMwn6
idSfwld1akfdhz+z0T0TvF6C6l863EY1Hh+DQBwdXro3GKN1L2CnhGebeRet+ypb
2IRd8v/MgUwI5Bfst8+sTA+Rikz6ke0kOfkEOhiwscNX7Zvxz6u/B/FS71feCnbn
5MRfaZNxDNQ/IxJVjD3mebM8XoasH15/7JbY2k3JQDLutctuhidJReaJMID6uu8h
QpK6+KdRFmEEE9qHrMWcwBlVgC1KMrswEgtJFeweWyPU0qNOxiIZvOK6I2eITFTQ
vxBhkdnr99e8ie6DDaMsgaTCOFjDULf+P/K8ovBSnQQfwoW91gZ3MHuQPSmS3EGp
QEu7fLeRB2UrA6/koBirpXYAvBDoIUHH11OAQSFnr/7RnRRMqX4WHUthpPSx6Ij+
xPFgPm3VqZAUPpVdffB7Hq9fgGOozrGnobKaEPfZ5wD6M9dhyTWxwslgC6UdCKiy
HVYVuLleNrPfanZsXp2n5VTcGmzDNPLCxu56aEmjQdZUNHjJK9LSUpQjNdfEv8bg
IRhPenq+6Ks0+vdNGks8N+lfHHaxbZZw9fXbtBW6LHElgLOYStMajQ5pJN7jDDhk
gm5U0XRH5eVpscEEEnKKP3HAn9zbug7oPVJKI1YEm4zrT2IZf/W9HkjZf4mEPI31
ZyHWge5azfrCU2Cglx6AotyWieaZ2Z1II6AHmgIGKQTrA3kGa6BBmNKPLbTjy8Je
eHShkinJfQcDyj+M9XHwxH1qG6wzN08DVERGtnYcVYp9e+VYTqn44f5786L45jvg
C11HqLeq+PPAZbDkHCKPnrnRj6ZKpChvbCcxSVjATYA74+IiquxOuqUNnrgXjGtO
LTdqzPMtDWs0tADrzjEOpcSFzR4WCw==
-----END CERTIFICATE-----

View file

@ -1,72 +0,0 @@
{ config, lib, options, pkgs, ... }: let
cfg = config.kyouma.restic;
in {
options.kyouma.restic = let
inherit (lib) mkOption types;
in {
inherit (options.services.restic.backups.type.getSubOptions [])
timerConfig backupPrepareCommand backupCleanupCommand;
enable = lib.mkEnableOption "Enable restic backup";
paths = mkOption {
description = "paths to backup";
type = with types; listOf path;
default = [];
};
pruneOpts = mkOption {
description = "paths to backup";
type = with types; listOf str;
default = [
"--keep-hourly 24"
"--keep-daily 14"
"--keep-weekly 8"
"--keep-monthly 12"
];
};
remote = mkOption {
description = "restic remote to use";
type = types.nonEmptyStr;
default = "zh3485.rsync.net";
};
remoteUser = mkOption {
description = "remote ssh user";
type = types.nonEmptyStr;
default = "";
};
user = mkOption {
description = "user who runs the backup job";
type = types.nonEmptyStr;
default = "root";
};
repo = mkOption {
description = "restic repo";
type = types.nonEmptyStr;
default = "${config.networking.hostName}-backup";
};
};
config = lib.mkIf cfg.enable {
sops.secrets."restic/${cfg.remoteUser}/password" = {
sopsFile = ../../secrets/restic/${cfg.remoteUser}.yaml;
};
sops.secrets."restic/${cfg.remoteUser}/id_ed25519" = {
sopsFile = ../../secrets/restic/${cfg.remoteUser}.yaml;
};
services.restic.backups."${config.networking.hostName}-${cfg.remote}" = {
inherit (cfg) paths user pruneOpts timerConfig backupPrepareCommand backupCleanupCommand;
initialize = true;
repository = "sftp:${cfg.remoteUser}@${cfg.remote}:${cfg.repo}";
passwordFile = config.sops.secrets."restic/${cfg.remoteUser}/password".path;
extraBackupArgs = [
"--compression=max"
"--pack-size=128"
"--read-concurrency=8"
];
extraOptions = let
knownHost = pkgs.writeText "${cfg.remote}-known-host" (builtins.readFile ./${cfg.remote}/ssh_host_ed25519_key.pub);
sshKey = config.sops.secrets."restic/${cfg.remoteUser}/id_ed25519".path;
in [
"sftp.command='ssh ${cfg.remoteUser}@${cfg.remote} -i ${sshKey} -o UserKnownHostsFile=${knownHost} -s sftp'"
];
};
};
}

View file

@ -1 +0,0 @@
zh3485.rsync.net ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJtclizeBy1Uo3D86HpgD3LONGVH0CJ0NT+YfZlldAJd

View file

@ -1,7 +0,0 @@
{
akkoma-frontends
}:
akkoma-frontends.admin-fe.overrideAttrs {
patches = [ ./disable-options.patch ];
}

View file

@ -1,12 +0,0 @@
diff --git a/config/prod.env.js b/config/prod.env.js
index 7acb93a2..ea500e99 100644
--- a/config/prod.env.js
+++ b/config/prod.env.js
@@ -2,6 +2,6 @@ module.exports = {
NODE_ENV: '"production"',
ENV_CONFIG: '"prod"',
BASE_API: '"https://api-prod"',
- DISABLED_FEATURES: '[""]',
+ DISABLED_FEATURES: '["settings","media-proxy-cache","relays"]',
ASSETS_PUBLIC_PATH: '/pleroma/admin/'
}

View file

@ -21,19 +21,6 @@ in {
inherit src offlineCache; inherit src offlineCache;
postPatch = '' postPatch = ''
# Build scripts assume to be used within a Git repository checkout # Build scripts assume to be used within a Git repository checkout
substituteInPlace src/modules/instance.js \
--replace-fail "widenTimeline: true" 'widenTimeline: "50%"'
substituteInPlace src/modules/config.js \
--replace-fail "streaming: false" "streaming: true" \
--replace-fail "useStreamingApi: false" "useStreamingApi: true" \
--replace-fail "webPushNotifications: false" "webPushNotifications: true" \
--replace-fail "postLanguage: undefined" 'postLanguage: "en"'
substituteInPlace src/i18n/en.json \
--replace-fail "meow" "florp" \
--replace-fail "Meow" "Florp"
sed -E -i '/^let commitHash =/,/;$/clet commitHash = "${builtins.substring 0 7 src.rev}";' \ sed -E -i '/^let commitHash =/,/;$/clet commitHash = "${builtins.substring 0 7 src.rev}";' \
build/webpack.prod.conf.js build/webpack.prod.conf.js
''; '';

View file

@ -1,67 +0,0 @@
# fly.toml app configuration file generated for build-worker-kyoumanet-cdg on 2024-11-21T00:31:54+01:00
#
# See https://fly.io/docs/reference/configuration/ for information about how to use this file.
#
app = 'build-worker-kyoumanet-cdg'
primary_region = 'cdg'
[build]
image = 'registry.fly.io/build-worker-kyoumanet:latest'
[processes]
bw-09 = '/entrypoint.sh'
bw-10 = '/entrypoint.sh'
bw-11 = '/entrypoint.sh'
[[mounts]]
source = 'bw09'
destination = '/mnt/data'
initial_size = '256GB'
processes = ['bw-09']
[[mounts]]
source = 'bw10'
destination = '/mnt/data'
initial_size = '256GB'
processes = ['bw-10']
[[mounts]]
source = 'bw11'
destination = '/mnt/data'
initial_size = '256GB'
processes = ['bw-11']
[[services]]
protocol = 'tcp'
internal_port = 2222
auto_stop_machines = 'off'
processes = ['bw-09']
[[services.ports]]
port = 2209
[[services]]
protocol = 'tcp'
internal_port = 2222
auto_stop_machines = 'off'
processes = ['bw-10']
[[services.ports]]
port = 2210
[[services]]
protocol = 'tcp'
internal_port = 2222
auto_stop_machines = 'off'
processes = ['bw-11']
[[services.ports]]
port = 2211
[[restart]]
policy = 'never'
[[vm]]
size = 'performance-16x'
memory = '96GB'

View file

@ -1,13 +1,11 @@
# I hate this so much aaa # I hate this so much aaa
{ {
lib,
callPackage, callPackage,
dockerTools, dockerTools,
openssh, openssh,
bash, bash,
gnused, gnused,
util-linux, util-linux,
qemu-user
}: }:
dockerTools.buildLayeredImage { dockerTools.buildLayeredImage {
@ -22,28 +20,11 @@ dockerTools.buildLayeredImage {
enableFakechroot = true; enableFakechroot = true;
contents = [ openssh util-linux bash gnused qemu-user ]; contents = [ openssh util-linux bash gnused ];
config.Cmd = [ "/entrypoint.sh" ]; config.Cmd = [ "/entrypoint.sh" ];
fakeRootCommands = let fakeRootCommands = ''
system-features = [
"benchmark"
"big-parallel"
"nixos-test"
"uid-range"
"gccarch-x86-64"
"gccarch-x86-64-v2"
"gccarch-x86-64-v3"
"gccarch-armv8-a"
"gccarch-armv8.1-a"
"gccarch-armv8.2-a"
"gccarch-armv8.2-a+fp16+rcpc+dotprod"
"gccarch-rv64imac"
"gccarch-rv64imacfd"
"gccarch-rv64gc"
];
in ''
mkdir -p /root mkdir -p /root
cat <<EOF > /root/nix.conf cat <<EOF > /root/nix.conf
build-users-group = nixbld build-users-group = nixbld
@ -55,8 +36,7 @@ dockerTools.buildLayeredImage {
max-silent-time = 14400 max-silent-time = 14400
min-free = ${builtins.toString (49152 * 1024 * 1024)} min-free = ${builtins.toString (49152 * 1024 * 1024)}
max-free = ${builtins.toString (65536 * 1024 * 1024)} max-free = ${builtins.toString (65536 * 1024 * 1024)}
extra-platforms = aarch64-linux i686-linux riscv64-linux system-features = benchmark big-parallel kvm nixos-test uid-range gccarch-x86-64 gccarch-x86-64-v2 gccarch-x86-64-v3
system-features = ${toString system-features}
EOF EOF
mkdir -p /root/.ssh mkdir -p /root/.ssh
@ -71,9 +51,6 @@ dockerTools.buildLayeredImage {
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOpyVefbZLkNVNzdSIlO6x6JohHE1snoHiUB3Qdvl5I2 aprl@idk ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOpyVefbZLkNVNzdSIlO6x6JohHE1snoHiUB3Qdvl5I2 aprl@idk
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDVNo871p97NTefP52KYiwuch+FaVScxvcFd9fg0yykySTq7Y5JsxrJQgTnox/oDa0O87OyHD/GHQljAXkqiHpDkExbiGjDmGXJSKReKH061F4FqBnDIwYRzUu9Cxjl4MNqsU0RqLaz4+F42c/L7GROQwjEPUb8JHThRiI5FJnDvvB+oBLBxeyQA4v3O4i8DaDQayTr/XB+aSlhNwKrb6cjjL93AHT1uE53yY5jn4kZX+RiPQhH7rvt9N6E4Yr3CG6nUgRCUS0L66d9yfrq0XAbAVk9F+viV7Nk9qy4MWHtXZ4h0qUlzrGALPgGsCGiLGd4NvEgeCcV4nvxdmevxTSdKlJP75xlmlLVXGyhqCZkTsxm/png2UvDl+p0pLyrgNaNoXPdE0Jbv7C28WX36Nast1QFSMUhexzuOx8OgaOioeXVfK98AouqWb58iPBCvgreUIH/gJhZcnlB/Foo1KSO+fJNH8hAsLH7w0mnKyHhJjkrjjwUqsnpepB3SOLfZTE= aprl@meow ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDVNo871p97NTefP52KYiwuch+FaVScxvcFd9fg0yykySTq7Y5JsxrJQgTnox/oDa0O87OyHD/GHQljAXkqiHpDkExbiGjDmGXJSKReKH061F4FqBnDIwYRzUu9Cxjl4MNqsU0RqLaz4+F42c/L7GROQwjEPUb8JHThRiI5FJnDvvB+oBLBxeyQA4v3O4i8DaDQayTr/XB+aSlhNwKrb6cjjL93AHT1uE53yY5jn4kZX+RiPQhH7rvt9N6E4Yr3CG6nUgRCUS0L66d9yfrq0XAbAVk9F+viV7Nk9qy4MWHtXZ4h0qUlzrGALPgGsCGiLGd4NvEgeCcV4nvxdmevxTSdKlJP75xlmlLVXGyhqCZkTsxm/png2UvDl+p0pLyrgNaNoXPdE0Jbv7C28WX36Nast1QFSMUhexzuOx8OgaOioeXVfK98AouqWb58iPBCvgreUIH/gJhZcnlB/Foo1KSO+fJNH8hAsLH7w0mnKyHhJjkrjjwUqsnpepB3SOLfZTE= aprl@meow
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQD0v3tUBNEUxfoOQBFb+N2DUBQDay0iFggUWa9Nd+BtFLOKkz+RRto3eBF0ZiJZVUxv/hLb8m2s45hcMw8agwuPrXMe5085T1fzkvPdKAPZdsT/cCmBi1OsoLjAKBFIdM4lcV0A2cca8hip+/ZPpjFPUWx73/672gAPHU7co7fP8+8CSf9dx+WIeLx3yaYHYZ/th3dB5auX3VjOazS8MojsAorwTUeBoPamHQ5dFeNafhFUL/hhtGkUI1cNHUn3bJd2V7AKTW3UglK7hVgMJPrzVS31OlpcJEf6S5XgKTWdOSwubn1bs5Lt6YYRDU24NV6CGrwKgCJSRxzNMLwpnFKiSXpO8FzkqWHYWyju141hQcFF31aZIV+7YcwEt5ZukLjFOpVtpbSXvJYigOUzGi34P3/OAGshDXjTQjvM8GIir49gx3b2Nwhg0z4UHBkAKZvDDFPHDMJoclvnhITojaAojfC9zmMCO5ZaEsk8yv7c/lWQumzRpfldWF4mwHvhD5kTADbhRdO7WTdX7AaiAYINooToeWKjFe2wn3rFubPUppptqtP03mmvs7vhhgnEVBbGZRJK3GTVk1XcsfF9rDKzewSa+wb4LsBoZtFRhc8cJqHGlKWSNk7dQ04B1atPyNLKGpGoo/UIPxyZ6bSqFVxY3nhz46VZ6z8XWI48z0/fRQ== aprl@uwu ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQD0v3tUBNEUxfoOQBFb+N2DUBQDay0iFggUWa9Nd+BtFLOKkz+RRto3eBF0ZiJZVUxv/hLb8m2s45hcMw8agwuPrXMe5085T1fzkvPdKAPZdsT/cCmBi1OsoLjAKBFIdM4lcV0A2cca8hip+/ZPpjFPUWx73/672gAPHU7co7fP8+8CSf9dx+WIeLx3yaYHYZ/th3dB5auX3VjOazS8MojsAorwTUeBoPamHQ5dFeNafhFUL/hhtGkUI1cNHUn3bJd2V7AKTW3UglK7hVgMJPrzVS31OlpcJEf6S5XgKTWdOSwubn1bs5Lt6YYRDU24NV6CGrwKgCJSRxzNMLwpnFKiSXpO8FzkqWHYWyju141hQcFF31aZIV+7YcwEt5ZukLjFOpVtpbSXvJYigOUzGi34P3/OAGshDXjTQjvM8GIir49gx3b2Nwhg0z4UHBkAKZvDDFPHDMJoclvnhITojaAojfC9zmMCO5ZaEsk8yv7c/lWQumzRpfldWF4mwHvhD5kTADbhRdO7WTdX7AaiAYINooToeWKjFe2wn3rFubPUppptqtP03mmvs7vhhgnEVBbGZRJK3GTVk1XcsfF9rDKzewSa+wb4LsBoZtFRhc8cJqHGlKWSNk7dQ04B1atPyNLKGpGoo/UIPxyZ6bSqFVxY3nhz46VZ6z8XWI48z0/fRQ== aprl@uwu
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAAl3/krXJeCcDEJXRuzOdCOrJLG7b6MRqC+a9Xux3mW vika@hydrangea
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHQjTy9qqHcs5vgTz+iMAiNNMqdyGtOhEpnpJCReEFfZ vika@rafflesia
sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAINAgFdk78I4zssUGsAIV01zefLBpwc1W7hfTobbG80XLAAAABHNzaDo= vika@nitrokey
EOF EOF
cat <<EOF > /root/.ssh/environment cat <<EOF > /root/.ssh/environment
@ -114,9 +91,7 @@ dockerTools.buildLayeredImage {
mkdir -p /var/empty mkdir -p /var/empty
mkdir -p /var/log mkdir -p /var/log
substitute ${./entrypoint.sh} /entrypoint.sh \ cp ${./entrypoint.sh} /entrypoint.sh
--subst-var-by qemu-aarch64 ${lib.getExe' qemu-user "qemu-aarch64"} \
--subst-var-by qemu-riscv64 ${lib.getExe' qemu-user "qemu-riscv64"}
chmod +x /entrypoint.sh chmod +x /entrypoint.sh
''; '';
} }

View file

@ -26,14 +26,4 @@ cp /root/nix.conf /etc/nix/nix.conf
/bin/mount -t overlay overlay -o lowerdir=/nix,upperdir=/mnt/data/nix-store,workdir=/mnt/data/workdir /nix /bin/mount -t overlay overlay -o lowerdir=/nix,upperdir=/mnt/data/nix-store,workdir=/mnt/data/workdir /nix
/bin/mount --bind /mnt/data/tmp /tmp /bin/mount --bind /mnt/data/tmp /tmp
# Register QEMU binaries for user mode emulation
aarch64_magic='\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xb7\x00'
aarch64_mask='\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'
riscv64_magic='\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00'
riscv64_mask='\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'
echo ":qemu-aarch64:M::$aarch64_magic:$aarch64_mask:@qemu-aarch64@:POCF" >/proc/sys/fs/binfmt_misc/register
echo ":qemu-riscv64:M::$riscv64_magic:$riscv64_mask:@qemu-riscv64@:POCF" >/proc/sys/fs/binfmt_misc/register
/root/.nix-profile/bin/sshd -D -f /root/sshd_config /root/.nix-profile/bin/sshd -D -f /root/sshd_config

View file

@ -4,8 +4,8 @@
dockerTools.pullImage { dockerTools.pullImage {
imageName = "nixos/nix"; imageName = "nixos/nix";
imageDigest = "sha256:133a1607deea14a02c2bc0850e275ed135814235a1147f68967afee261caea2b"; imageDigest = "sha256:fd7a5c67d396fe6bddeb9c10779d97541ab3a1b2a9d744df3754a99add4046f1";
sha256 = "0602a59g14l1jiqfffz14hcp982qaqczi5f0ylvv0h9pp2pqrqs5"; sha256 = "1ggkwd9zw8lj97ig7zah7dqy463hfhsgq3iwxxf8117gf8xi422s";
finalImageName = "nixos/nix"; finalImageName = "nixos/nix";
finalImageTag = "latest"; finalImageTag = "latest";
} }

View file

@ -2,18 +2,8 @@ final: prev: {
nyastodon = final.callPackage ./nyastodon/default.nix {}; nyastodon = final.callPackage ./nyastodon/default.nix {};
upgrade-system = final.callPackage ./upgrade-system/default.nix {}; upgrade-system = final.callPackage ./upgrade-system/default.nix {};
update-nixfiles = final.callPackage ./update-nixfiles/default.nix {}; update-nixfiles = final.callPackage ./update-nixfiles/default.nix {};
build-worker-oci = final.callPackage ./build-worker-oci/default.nix { build-worker-oci = final.callPackage ./build-worker-oci/default.nix {};
qemu-user = final.pkgsStatic.qemu-user.override {
hostCpuTargets = [ "aarch64-linux-user" "riscv64-linux-user" ];
};
};
librespeed-rust = final.callPackage ./librespeed-rust/default.nix {}; librespeed-rust = final.callPackage ./librespeed-rust/default.nix {};
librespeed-go = final.callPackage ./librespeed-go/default.nix {}; librespeed-go = final.callPackage ./librespeed-go/default.nix {};
akkoma-fe-domi = final.callPackage ./akkoma-fe-domi/default.nix {}; akkoma-fe-domi = final.callPackage ./akkoma-fe-domi/default.nix {};
akkoma-admin-fe = final.callPackage ./akkoma-admin-fe/default.nix {};
nginxQuic = prev.nginxQuic.override {
withSlice = true;
# Use zlib because zlib-ng uses larger buffers then nginx preallocates.
zlib = final.zlib;
};
} }

View file

@ -22,37 +22,19 @@ merge_theirs () {
test_build () { test_build () {
local build_jobs local build_jobs
build_jobs="$(curl --fail -s -L -H "Accept: application/json" "${JOBSET_URL}/latest-eval" | jq -r ".builds | .[]")"
sleep 30
build_jobs="$(curl --fail -s -L -H "Accept: application/json" "${JOBSET_URL}/evals" | jq -r ".evals | max_by(.id) | .builds | .[]")"
for build in ${build_jobs}; do for build in ${build_jobs}; do
local build_status local build_status
while true; do while true; do
local build_finished local build_finished
build_finished="$(curl --fail -s -L -H "Accept: application/json" "${HYDRA_URL}/build/${build}" | jq -r ".finished")" build_finished="$(curl --fail -s -L -H "Accept: application/json" "${HYDRA_URL}/build/${build}" | jq -r ".finished")"
[[ ${build_finished} == 1 ]] && break [[ ${build_finished} == 1 ]] && break
sleep 5 sleep 5
done done
build_status="$(curl --fail -s -L -H "Accept: application/json" "${HYDRA_URL}/build/${build}" | jq -r ".buildstatus")" build_status="$(curl --fail -s -L -H "Accept: application/json" "${HYDRA_URL}/build/${build}" | jq -r ".buildstatus")"
[[ $build_status != 0 ]] && [[ $build_status != 0 ]] && echo "Build ${build} failed" && exit 1
echo "Build ${build} failed" &&
exit 1
echo "Build ${build} was successful" echo "Build ${build} was successful"
done done
# Idk why this is broken someone should fix me
# local last_error
# local now
#
# last_error="$(curl --fail -s -L -H "Accept: application/json" "${JOBSET_URL}" | jq -r ".errortime")"
# now="$(date +%s)"
#
# [[ $last_error -gt $now ]] &&
# echo "Evaluation error encountered at $(date +%Y-%m-%d-%H:%M:%S --date="@${last_error}")" &&
# exit 1
} }
wait_for_hydra () { wait_for_hydra () {
@ -60,18 +42,16 @@ wait_for_hydra () {
local hydra_rev local hydra_rev
local counter local counter
counter=0 counter=0
git_rev="$(git -C "${1}/nixfiles" rev-parse update-inputs)" git_rev="$(git -C "${ROOT}/nixfiles" rev-parse update-inputs)"
while [[ $counter -lt 180 ]]; do while true; do
counter=$((counter +1)) hydra_rev="$(curl -s -L -H "Accept: application/json" "${JOBSET_URL}/latest-eval" | jq -r .flake | sed -E "s/.+&rev=(.*)/\1/g")"
hydra_rev="$(curl -s -L -H "Accept: application/json" "${2}/evals" | jq -r '.evals | max_by(.id) | .flake' | sed -E "s/.+&rev=(.*)/\1/g")"
if [[ "${git_rev}" == "${hydra_rev}" ]]; then if [[ "${git_rev}" == "${hydra_rev}" ]]; then
echo "Hydra got new commit" echo "Hydra got new commit"
break break
fi fi
sleep 5 sleep 30
done done
if [[ $counter -ge 30 ]]; then
if [[ $counter -ge 180 ]]; then
echo "Hydra no workey" echo "Hydra no workey"
exit 1 exit 1
fi fi
@ -107,7 +87,7 @@ gitin push origin update-inputs
echo "Waiting for hydra to get new commit" echo "Waiting for hydra to get new commit"
export -f wait_for_hydra export -f wait_for_hydra
timeout 4h bash -c "wait_for_hydra ${ROOT} ${JOBSET_URL}" timeout 4h bash -c wait_for_hydra
echo "Testing if all build jobs completed successfully" echo "Testing if all build jobs completed successfully"
test_build test_build

View file

@ -1,35 +0,0 @@
restic:
zh3485s1:
password: ENC[AES256_GCM,data:lDDSSqUH3pewpMA+6SNwGwRz95MBjeaD6I3RWUQNBFXsw/W9RoIY85AcRXxCl7CW,iv:NFF6uCs2FolMe9cgPkoAFmbWdXG2SuVRtoOyQXouEAU=,tag:UeC49xFwFkMh0Wi8p9reFw==,type:str]
id_ed25519: ENC[AES256_GCM,data:fe2CAKWSrEOvEPZgGhbigw+DEnDUGtTXEj7nuGaH5enMGDvd7QtRlDYLkM+g9zKrRJ46e2nM6btUZVqqx4rJiUbjJ5B/cBzb259CTxKGgHeMj/cYXPypamIEKFwUrloxzrgxH5JIOoUvj9Ny1P1UPIB//B5Z1Uunqmdqd2XoiAtDwZ/hvyuOfdFyUkKmOnCdF4pheMRXZ6Z51N4f09OIwuZ/xC4LQYAVB2lyycOgrvefPA5YYabMd23yEXn6v/BiP1TWbSInTHvz6Rii2WYqYO3ORCfi1pvWe15kSrTsT9zYRzLvZi5TD+4FMhLmIttZB2OXK7X+h6cHtej7X+v6HKhMKHNJhukRUP7DpcZ0+ArBEdw2j+H7C4q8NdR9rk4we7WpdQlY7tGpJvEzSis+P/Jph/tkzx6xXpKiOeOAXgQUS41qcAy7gmZj7CdsulerUHcfDy4a0y1OEuDmoYW420cGGYOCB9BlvYQbaDhyv5AMSL8sMZfm7mX5qXliE7ZQc20ggKoY2MKH6RjnT8pQhMBWo/NW13PPBDIL,iv:1+aopW183ir5XHMKcDons24A/E61mLuyJGrQTRpPXdE=,tag:s1w+HZdktM0H9FUrz097Cw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age18vc8rcmczlt3r0ee7jr9s8l3yrkthu8wtypt08eh0eskpkw3dg6qxs7t3t
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQeWpKYktzVE1tMkpGU1c5
akZZdlBkeFQyUmUrOHZxTGE2V1FUVmV3cG5VCmZvTG1JTS9SUTk1aVl6TnBPQ1Fh
clRDTmQzQUJxWlYyV2dmVXNyTDJ2K0kKLS0tIHA3S0dsQzRxRWF4RFdSSzh1aXI5
ZFQvWFhZTndubkxaRVh3YXl0V25ZcUEK0/wV9i01kRkphrseSBqAL9f8tUlUtJDO
PUZL2Em/QjNEnXJaxxR612ONA94ptK9bsqzRJV5RtGqDwd+oAnr13Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-08T13:41:02Z"
mac: ENC[AES256_GCM,data:tMatUcv/jbvQ1URp6DrUyuiB9+rgCCdOxEVcM0NBiV5P9DGWE1hWytky4yPE9nFUOWLI7m4nTSEXHuT4yT3LkBd1Ndzhm5wQ0NEAVnZ6Sj7YOQI5CS1q95sviJBv57PBkaajHDNeSJX2hEQeR4qJFUR4fu0hIwadyzeunP/kfKE=,iv:gXRAg4cN43ocQMZm0lL8AnrbDtK+TKGchWpd/TYhnjA=,tag:+HqYuDWjoTdv+CWrJmuwxA==,type:str]
pgp:
- created_at: "2024-11-08T13:31:55Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4D1GtNSlou/HkSAQdALVqRZ2qzjR86mEE/MHAR5H3gmIukchY/NSvGg1Ggfmsw
uZhnl5puGOO579ItHXbk+BYwBS2koL7jyhnX8E9zmM3d3SZHwzx0mk79fr2jLFj6
0l4BLrhhcpUtzfje4/SeTgWFRIA68ON/PUTmW2Lgclh9OpQfbbousFS/JMvvdHaT
/3uJEww5MKMPlqWqK7w7z6iwIITRKH0vzQoIZ3hVcDKtKOJrJ/1bWcJorFsazxvT
=KZPf
-----END PGP MESSAGE-----
fp: B04F01A7A98A13020C39B4A68AB7B773A214ACE5
unencrypted_suffix: _unencrypted
version: 3.9.1

View file

@ -1,35 +0,0 @@
restic:
zh3485s2:
password: ENC[AES256_GCM,data:GAesjt8CMFKuZk30vJTS7kH0cSg/p6NQCOU9udcVbVCurnUdqjKqZp97KnCcmA/A,iv:bf7trphHgzFzI3Pza8dDOgmKcHsBURsXEHtw0KpGQ7s=,tag:zE1WXaptcqBQMqgk+6SRqQ==,type:str]
id_ed25519: ENC[AES256_GCM,data:hRViIdnq9VNjjqD/X6tERHsCAuxF723bh+oES/Va5KVBJdsEK2LYXWxRQV6/dpYGnmSBNJ2q4eJS0iz2kjfNUTXg1DQZ0uuxSDbhOcKQ+ksE99VrU3Go7196gXQ+rsCuRht6vzgGzIoTcMVDlA+lvJ2EAB0o7EhK4qcKI0pRHziy4/i0JgLJKc2Xw7WwAZajyUToRrroi+oh3LRJiN0+L3B13RWNBDMxfVgSH5KERhPjU40VteKNyXg9YnZxiqRMTmDmpAu/fogXwIDgnfRuWBoDgPsHeSWVN/0IpfEegoXnmdYUGk9vKQmXNJ5z7vj6oIaz8Zuk9PfPaKZHrsUGkPZqBJydvfcUpH74+sn3idDJdQ92mYIn6rorabt6QtN9bbtULmtOU/R7wvZkRSn3SmvR6uo/xShs1pkwGa1oidn8atfoMMYnR973wvuGlDZwFGy0ZJD+Mc108U7o0U153/MervsxxZ3eIpzgmRol+TjoSJINQoPNPHsj6nx65MNfJd+AFw35h5jKUag4xKaPXS5ew/wDCqZ1PFYG,iv:P8VtAFoL0CcO7m7S60JardB95MUWYiABDOUZhLhXEzo=,tag:fLniekA0lMx6wW3u4NZPKQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1sky8kccyyxe79ws4rew42r94427v2xnphq2vtxvdlw5xl7yzgs2q599yzs
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByUnFUQlhzYTdyblNOWUt3
V0daclVOZ0hlSmlJTHlKRDd5eThVSzVOVWh3CkpiaGNJd0hCMlk3MVdsdnY0TVJM
MEtKUXFnSlAwQ0kzd1M0eVA1WG1Bb2sKLS0tIFAvVklzZldkOFpCNHV4YnQ2SDA3
OW5TcVlqV0p4RThBRGlyaHkreEFMY28KPdgR9WCByJaLZcNophcfW7+7NU9MuI3E
bfWEFgqZLTdAg8y7s/M6ZAyjciflclxVnY8mTIhnERD+ZHHi++z1XA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-13T12:51:05Z"
mac: ENC[AES256_GCM,data:t/gg9SqDfrU+eKU9yw2R7ahLQY6pTgsRVFNk7K+zxTBiqUG2Rx0wm0bclkrkSKeHAVSJkc8OOWJvvRCMxaE980mknPM6721xNDV90Pt0ZsJvFXdOYKIaPQHC29klJKO60lsMsuup3BiF94O8+wIavLvYuc3jKFcaA4b9xAPRveM=,iv:TJhR1NzPVYIysghFAbjWB5lBpMhhkvwJdszkWGSLDPI=,tag:TCnewzN2qwFyG4Xio2JatQ==,type:str]
pgp:
- created_at: "2024-11-13T12:49:09Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4D1GtNSlou/HkSAQdArN4L/MZSZoKwk/RKgA56OQMyt7IhW15qa7+Utie4/TQw
0xKauGLJEMp7cnpmEvpBW8sy3hZRj1K4vLv2NKHzoXBuWGBer1Hf+CDZJ71ta6J9
0l4B9f4L9AIRHO3ncb4IPyVprr+sFyhVJJAI7bo9mbFUqH0yfM5EmFiXWg5d9zO6
NfXbbfpW4ISEXFa//SuVl3h/HHxwDd83qA13OnhrlCjjwPfdA32kKM3CS/81JHNd
=4L7O
-----END PGP MESSAGE-----
fp: B04F01A7A98A13020C39B4A68AB7B773A214ACE5
unencrypted_suffix: _unencrypted
version: 3.9.1

View file

@ -8,27 +8,27 @@ sops:
azure_kv: [] azure_kv: []
hc_vault: [] hc_vault: []
age: age:
- recipient: age18vc8rcmczlt3r0ee7jr9s8l3yrkthu8wtypt08eh0eskpkw3dg6qxs7t3t - recipient: age1ht2wetcyl9rzu45e02pqqwgmyfsfe6y6ygxyuxpfhnkdm62d3pqsg3uqvd
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1NGRYOHFVSXBNdjlpVDhF YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZTi9Ha0tQRGE2L3BzclpW
V0g2ZkRiZnR6UElvWEZKUWxHSjZySlJadHlvCmpBdzBPRklkOVltZWwzNlNrc0pC NnduRVVRUnhkV1pEOXllZTA0bnN0NENESlM4Ck9jSTcxcjJIdThvUk9IM1FCOGNv
bG9kU3phNmFKNGkwek94Y2hZcjZCNW8KLS0tIFFqM0VTQXRuODAva0Rkc2xvWFB4 V1FNV2ZHbHlTaWNBL0VvSGxhSzlWSDgKLS0tIEFoWEozY0VSWVA0cVp5dkI4NHNH
VTQ3RExKY093VG8vOThCczRzY2tpY2cKJOv0yVl9Zody0mjtytyjCXpe5V3NsReA RVQ3aDd0c1RDNWd2eGxiNURGRXVXS2sKTT4LpWSIb9hjrcdUWOhieUeUHop0pwoA
/Dqr6V9Hjuf3u0fjMHAjE6hDPGVH5t5NYLkNDeaGHNTaAd5dnhfprg== OfOv3y3dp7tYc5HRREN5jkVx29jb2lrml0ycu9ek58S8+bolfzN8yQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-31T16:57:58Z" lastmodified: "2024-10-31T16:57:58Z"
mac: ENC[AES256_GCM,data:VJpsLBdnle6bP6ALxLS2eTOEbiHJbNc5D+pvsoJulI9VODtBk0p1VvJv9ilToxh4oiwctMmCKSO4R9NyuZUqoqwwlYtW6tFDITBA2eg/iu/uQjcuuKLC+fFGdtnTpZcShUyMds3qi8Z8Iegk2sSMLk5QXCE2QhMUQ50VN4TXF2c=,iv:rOF34iqckOJMAVm+3RDSdlrJh4hgnyiTut3SM1e0w0E=,tag:cMjMkKkN8UFWGQqQfWBUnA==,type:str] mac: ENC[AES256_GCM,data:VJpsLBdnle6bP6ALxLS2eTOEbiHJbNc5D+pvsoJulI9VODtBk0p1VvJv9ilToxh4oiwctMmCKSO4R9NyuZUqoqwwlYtW6tFDITBA2eg/iu/uQjcuuKLC+fFGdtnTpZcShUyMds3qi8Z8Iegk2sSMLk5QXCE2QhMUQ50VN4TXF2c=,iv:rOF34iqckOJMAVm+3RDSdlrJh4hgnyiTut3SM1e0w0E=,tag:cMjMkKkN8UFWGQqQfWBUnA==,type:str]
pgp: pgp:
- created_at: "2024-11-04T20:52:58Z" - created_at: "2024-10-31T16:40:38Z"
enc: |- enc: |-
-----BEGIN PGP MESSAGE----- -----BEGIN PGP MESSAGE-----
hF4D1GtNSlou/HkSAQdApk/nEYcccQBCzFwC+hZbMio0s37LJuK6ceSLW786Sjsw hF4D1GtNSlou/HkSAQdAmS/QDuU40+HtiMoCa9byz80b6lGMd6cvqxYShifFxUgw
90ggzfOg63e92cyqYxvbKqtCgVHHU/9RmKdsSZM+rFcR3XpzWw0ke10WjZNW0lU5 Bn34D6HB6z3nQxWanlOCkA2ud8GBUhEFlLjsQf29apfWuWxKpNv37Olou1/vGvNm
0l4BuP1sPvP7Z+kxWlITnYl4SPKxVhSmYtAdGbceiGUo36jtpi9vkziuPmyrGttM 0l4BIzFesU+aoIUi+Fp0GbJ1+ObzRvGZq1IULChsDgbbvDnHah7yvN5wKYwj6x7f
t1PNZ9gjGVyNw96rRg9bgXCSvJo2FfMx8GeArj1yuO3+bkkbDm7mFrbF6fMQN3JE ZhPpm40+FLea1najiN6igUD6oUy8TSYnCgPODef4FeI0ZwFqF5MaucY8CNuWsugS
=Q9iO =1vZk
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: B04F01A7A98A13020C39B4A68AB7B773A214ACE5 fp: B04F01A7A98A13020C39B4A68AB7B773A214ACE5
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted