zuckerberg/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Activity

Compare commits

base: zuckerberg:7e615f814d4a6a4c901b05cc9f54c7d1e35c725b
Branches Tags
zuckerberg:master zuckerberg:stage zuckerberg:rpi-hotspot zuckerberg:attic zuckerberg:kexec_luks2 zuckerberg:pia-client
..
compare: zuckerberg:pia-client
Branches Tags
zuckerberg:master zuckerberg:stage zuckerberg:rpi-hotspot zuckerberg:attic zuckerberg:kexec_luks2 zuckerberg:pia-client

24 Commits
7e615f814d ... pia-client

Author SHA1 Message Date
Zuckerberg
a0c199ba06 Unfinished attempt at packaging pia client 2023-02-08 01:38:54 -05:00
Zuckerberg
6f9edd8870 Add ISO build 2023-02-08 01:36:23 -05:00
Zuckerberg
076bdb3ab4 Use upstream nvidia reverse prime support 2023-02-08 01:35:25 -05:00
Zuckerberg
fcbd877d06 flake.lock: Update 
Flake lock file updates:

• Updated input 'nix-locate':
    'github:googlebot42/nix-index/a28bb3175d370c6cb9569e6d4b5570e9ca016a3e' (2022-05-17)
  → 'github:bennofs/nix-index/5f98881b1ed27ab6656e6d71b534f88430f6823a' (2023-01-17)
• Updated input 'nix-locate/flake-compat':
    'github:edolstra/flake-compat/b7547d3eed6f32d06102ead8991ec52ab0a4f1a7' (2022-01-03)
  → 'github:edolstra/flake-compat/009399224d5e398d03b22badca40a37ac85412a1' (2022-11-17)
• Updated input 'nixpkgs-unstable':
    'github:NixOS/nixpkgs/836b2bed01d19dce142298e58c998f4f65057c6a' (2023-02-08)
  → 'github:NixOS/nixpkgs/32f914af34f126f54b45e482fb2da4ae78f3095f' (2023-02-08)
 2023-02-08 00:59:29 -05:00
Zuckerberg
27f4b5af78 flake.lock: Update 
Flake lock file updates:

• Updated input 'agenix':
    'github:ryantm/agenix/a630400067c6d03c9b3e0455347dc8559db14288' (2022-10-15)
  → 'github:ryantm/agenix/b7ffcfe77f817d9ee992640ba1f270718d197f28' (2023-01-31)
• Added input 'agenix/darwin':
    'github:lnl7/nix-darwin/87b9d090ad39b25b2400029c64825fc2a8868943' (2023-01-09)
• Added input 'agenix/darwin/nixpkgs':
    follows 'agenix/nixpkgs'
• Updated input 'archivebox':
    'git+https://git.neet.dev/zuckerberg/archivebox.git?ref=master&rev=39d338b9b24159d8ef3309eecc0d32a2a9f102b5' (2022-03-30)
  → 'git+https://git.neet.dev/zuckerberg/archivebox.git?ref=refs%2fheads%2fmaster&rev=39d338b9b24159d8ef3309eecc0d32a2a9f102b5' (2022-03-30)
• Updated input 'dailybuild_modules':
    'git+https://git.neet.dev/zuckerberg/dailybuild_modules.git?ref=master&rev=1290ddd9a2ff2bf2d0f702750768312b80efcd34' (2022-05-05)
  → 'git+https://git.neet.dev/zuckerberg/dailybuild_modules.git?ref=refs%2fheads%2fmaster&rev=1290ddd9a2ff2bf2d0f702750768312b80efcd34' (2022-05-05)
• Updated input 'flake-utils':
    'github:numtide/flake-utils/c0e246b9b83f637f4681389ecabcb2681b4f3af0' (2022-08-07)
  → 'github:numtide/flake-utils/5aed5285a952e0b949eb3ba02c12fa4fcfef535f' (2022-11-02)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/3933d8bb9120573c0d8d49dc5e890cb211681490' (2022-10-22)
  → 'github:NixOS/nixpkgs/0874168639713f547c05947c76124f78441ea46c' (2023-01-01)
• Removed input 'nixpkgs-nvidia'
• Updated input 'nixpkgs-unstable':
    'github:NixOS/nixpkgs/301aada7a64812853f2e2634a530ef5d34505048' (2022-10-21)
  → 'github:NixOS/nixpkgs/836b2bed01d19dce142298e58c998f4f65057c6a' (2023-02-08)
• Updated input 'radio-web':
    'git+https://git.neet.dev/zuckerberg/radio-web.git?ref=master&rev=72e7a9e80b780c84ed8d4a6374bfbb242701f900' (2022-05-09)
  → 'git+https://git.neet.dev/zuckerberg/radio-web.git?ref=refs%2fheads%2fmaster&rev=72e7a9e80b780c84ed8d4a6374bfbb242701f900' (2022-05-09)
 2023-02-08 00:33:47 -05:00
Zuckerberg
7238d6e6c5 latest kernel not needed for wifi anymore 2023-02-06 22:45:34 -05:00
Zuckerberg
094905a727 virt-manager 2023-02-06 22:44:22 -05:00
Zuckerberg
cf3fa0ff12 depthai udev 2023-02-06 22:44:09 -05:00
Zuckerberg
7c7b356aab Remove 'I don't care about cookies'. It is under new management 2023-02-06 22:43:43 -05:00
Zuckerberg
c57e4f022f flake.lock: Update 
Flake lock file updates:

• Updated input 'agenix':
    'github:ryantm/agenix/7e5e58b98c3dcbf497543ff6f22591552ebfe65b' (2022-05-16)
  → 'github:ryantm/agenix/a630400067c6d03c9b3e0455347dc8559db14288' (2022-10-15)
• Updated input 'flake-utils':
    'github:numtide/flake-utils/1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1' (2022-05-30)
  → 'github:numtide/flake-utils/c0e246b9b83f637f4681389ecabcb2681b4f3af0' (2022-08-07)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/d17a56d90ecbd1b8fc908d49598fb854ef188461' (2022-06-17)
  → 'github:NixOS/nixpkgs/3933d8bb9120573c0d8d49dc5e890cb211681490' (2022-10-22)
• Updated input 'nixpkgs-unstable':
    'github:NixOS/nixpkgs/42948b300670223ca8286aaf916bc381f66a5313' (2022-04-08)
  → 'github:NixOS/nixpkgs/301aada7a64812853f2e2634a530ef5d34505048' (2022-10-21)
• Updated input 'simple-nixos-mailserver':
    'gitlab:simple-nixos-mailserver/nixos-mailserver/a48082c79cff8f3b314ba4f95f4ae87ca7d4d068' (2022-06-14)
  → 'gitlab:simple-nixos-mailserver/nixos-mailserver/f535d8123c4761b2ed8138f3d202ea710a334a1d' (2022-06-22)
 2022-10-23 10:43:19 -04:00
zuckerberg
f5a9f04cf2 Rekey secrets 2022-08-25 23:16:22 -04:00
zuckerberg
50fd928cda Change key 2022-08-25 23:16:09 -04:00
Zuckerberg
11072c374b Owncast 2022-07-24 15:18:29 -04:00
Zuckerberg
60f1235848 Add shell aliases 2022-07-24 13:23:03 -04:00
Zuckerberg
55ea5aebc4 Add README and TODO files 2022-07-24 12:57:05 -04:00
Zuckerberg
2738f6b794 WIP wireguard vpn 2022-07-24 12:13:17 -04:00
Zuckerberg
ec2b248ed8 Don't use tailscale in containers 2022-06-23 22:37:14 -04:00
Zuckerberg
aa7bbc5932 Use Tailscale 2022-06-23 22:30:07 -04:00
Zuckerberg
eef574c9f7 Pin nixpkgs to a version that works for bcachefs 2022-06-20 11:51:45 -04:00
Zuckerberg
25fb7a1645 Jellyfin Client only on desktop 2022-06-20 00:04:54 -04:00
Zuckerberg
301fd8462b Update to NixOS 22.05 2022-06-20 00:00:49 -04:00
Zuckerberg
a92800cbcc Update to NixOS 22.05 2022-06-19 23:59:52 -04:00
Zuckerberg
5e361b2fc8 Update to NixOS 22.05 2022-06-19 23:44:01 -04:00
Zuckerberg
b41e4dc375 add jellyfin media player 2022-06-19 23:29:54 -04:00
43 changed files with 1139 additions and 976 deletions
Expand all files Collapse all files

12
README.md Normal file
View File

@@ -0,0 +1,12 @@
# My NixOS configurations
### Source Layout
- `/common` - common configuration imported into all `/machines`
- `/boot` - config related to bootloaders, cpu microcode, and unlocking LUKS root disks over tor
- `/network` - config for tailscale, zeroteir, and NixOS container with automatic vpn tunneling via PIA
- `/pc` - config that a graphical desktop computer should have. Use `de.enable = true;` to enable everthing.
- `/server` - config that creates new nixos services or extends existing ones to meet my needs
- `/ssh.nix` - all ssh public host and user keys for all `/machines`
- `/machines` - all my NixOS machines along with their machine unique configuration for hardware and services
- `/kexec` - a special machine for generating minimal kexec images. Does not import `/common`
- `/secrets` - encrypted shared secrets unlocked through `/machines` ssh host keys

85
TODO.md Normal file
View File

@@ -0,0 +1,85 @@
# A place for brain dump ideas maybe to be taken off of the shelve one day
### NixOS webtools
- Better options search https://mynixos.com/options/services
### Interesting ideas for restructuring nixos config
- https://github.com/gytis-ivaskevicius/flake-utils-plus
- https://github.com/divnix/digga/tree/main/examples/devos
- https://digga.divnix.com/
- https://nixos.wiki/wiki/Comparison_of_NixOS_setups
### Housekeeping
- Format everything here using nixfmt
- Cleanup the line between hardware-configuration.nix and configuration.nix in machine config
- CI https://gvolpe.com/blog/nixos-binary-cache-ci/
- remove `options.currentSystem`
- allow `hostname` option for webservices to be null to disable configuring nginx
### NAS
- helios64 extra led lights
- safely turn off NAS on power disconnect
- hardware de/encoding for rk3399 helios64 https://forum.pine64.org/showthread.php?tid=14018
- tor unlock
### bcachefs
- bcachefs health alerts via email
- bcachefs periodic snapshotting
- use mount.bcachefs command for mounting
- bcachefs native encryption
- just need a kernel module? https://github.com/firestack/bcachefs-tools-flake/blob/kf/dev/mvp/nixos/module/bcachefs.nix#L40
### Shell Comands
- tailexitnode = `sudo tailscale up --exit-node=<exit-node-ip> --exit-node-allow-lan-access=true`
### Services
- setup archivebox
- radio https://tildegit.org/tilderadio/site
- music
- mopidy
- use the jellyfin plugin?
- navidrome
- spotify secrets for navidrome
- picard for music tagging
- alternative music software
- https://www.smarthomebeginner.com/best-music-server-software-options/
- https://funkwhale.audio/
- https://github.com/epoupon/lms
- https://github.com/benkaiser/stretto
- https://github.com/blackcandy-org/black_candy
- https://github.com/koel/koel
- https://airsonic.github.io/
- https://ampache.org/
- replace nextcloud with seafile
### VPN container
- use wireguard for vpn
- https://github.com/triffid/pia-wg/blob/master/pia-wg.sh
- https://github.com/pia-foss/manual-connections
- port forwarding for vpn
- transmission using forwarded port
- https://www.wireguard.com/netns/
- one way firewall for vpn container
### Networking
- tailscale for p2p connections
- remove all use of zerotier
### Archive
- https://www.backblaze.com/b2/cloud-storage.html
- email
- https://github.com/Disassembler0/dovecot-archive/blob/main/src/dovecot_archive.py
- http://kb.unixservertech.com/software/dovecot/archiveserver
### Paranoia
- https://christine.website/blog/paranoid-nixos-2021-07-18
- https://nixos.wiki/wiki/Impermanence
### Misc
- https://github.com/pop-os/system76-scheduler
- improve email a little bit https://helloinbox.email
- remap razer keys https://github.com/sezanzeb/input-remapper
### Future Interests (upon merge into nixpkgs)
- nixos/thelounge: add users option https://github.com/NixOS/nixpkgs/pull/157477
- glorytun: init at 0.3.4 https://github.com/NixOS/nixpkgs/pull/153356

29
common/default.nix
View File

@@ -1,11 +1,10 @@
{ config, pkgs, ... }:
let
nix-locate = config.inputs.nix-locate.defaultPackage.${config.currentSystem};
in {
{
imports = [
./flakes.nix
./auto-update.nix
./shell.nix
./network
./boot
./server
@@ -43,7 +42,6 @@ in {
micro
helix
lm_sensors
nix-locate
];
nixpkgs.config.allowUnfree = true;
@@ -64,25 +62,6 @@ in {
nix.gc.automatic = true;
programs.command-not-found.enable = false;
programs.fish = {
enable = true;
shellInit = let
wrapper = pkgs.writeScript "command-not-found" ''
#!${pkgs.bash}/bin/bash
source ${nix-locate}/etc/profile.d/command-not-found.sh
command_not_found_handle "$@"
'';
in ''
# use nix-locate for command-not-found functionality
function __fish_command_not_found_handler --on-event fish_command_not_found
${wrapper} $argv
end
# disable annoying fish shell greeting
set fish_greeting
'';
};
security.acme.acceptTerms = true;
security.acme.defaults.email = "zuckerberg@neet.dev";
}

13
common/network/default.nix
View File

@@ -1,10 +1,23 @@
{ config, lib, ... }:
with lib;
let
cfg = config.networking;
in
{
imports = [
./hosts.nix
./pia-openvpn.nix
./tailscale.nix
./vpn.nix
./zerotier.nix
];
options.networking.ip_forward = mkEnableOption "Enable ip forwarding";
config = mkIf cfg.ip_forward {
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
};
}

16
common/network/tailscale.nix Normal file
View File

@@ -0,0 +1,16 @@
{ config, lib, ... }:
with lib;
let
cfg = config.services.tailscale;
in
{
options.services.tailscale.exitNode = mkEnableOption "Enable exit node support";
config.services.tailscale.enable = !config.boot.isContainer;
# exit node
config.networking.firewall.checkReversePath = mkIf cfg.exitNode "loose";
config.networking.ip_forward = mkIf cfg.exitNode true;
}

2
common/network/vpn.nix
View File

@@ -88,7 +88,7 @@ in
networking.nat.internalInterfaces = [
"ve-${cfg.containerName}"
];
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
networking.ip_forward = true;
# assumes only one potential interface
networking.usePredictableInterfaceNames = false;

2
common/pc/chromium.nix
View File

@@ -60,7 +60,6 @@ in {
"oboonakemofpalcgghocfoadofidjkkk" # keepassxc plugin
"cimiefiiaegbelhefglklhhakcgmhkai" # plasma integration
"hkgfoiooedgoejojocmhlaklaeopbecg" # picture in picture
"fihnjjcciajhdojfnbdddfaoknhalnja" # I don't care about cookies
"mnjggcdmjocbbbhaepdhchncahnbgone" # SponsorBlock
"dhdgffkkebhmkfjojejmpbldmpobfkfo" # Tampermonkey
# "ehpdicggenhgapiikfpnmppdonadlnmp" # Disable Scroll Jacking
@@ -80,7 +79,6 @@ in {
nixpkgs.config.packageOverrides = pkgs: {
vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
chromium = pkgs.chromium.override {
gnomeKeyringSupport = true;
enableWideVine = true;
# ungoogled = true;
# --enable-native-gpu-memory-buffers # fails on AMD APU

1
common/pc/default.nix
View File

@@ -49,6 +49,7 @@ in {
spotify-qt
arduino
yt-dlp
jellyfin-media-player
];
# Networking

76
common/pc/pia/default.nix Normal file
View File

@@ -0,0 +1,76 @@
{ lib, config, pkgs, ... }:
with lib;
let
cfg = config.services.pia;
in {
imports = [
./pia.nix
];
options.services.pia = {
enable = lib.mkEnableOption "Enable PIA Client";
dataDir = lib.mkOption {
type = lib.types.str;
default = "/var/lib/pia";
description = ''
Path to the pia data directory
'';
};
user = lib.mkOption {
type = lib.types.str;
default = "root";
description = ''
The user pia should run as
'';
};
group = lib.mkOption {
type = lib.types.str;
default = "piagrp";
description = ''
The group pia should run as
'';
};
users = mkOption {
type = with types; listOf str;
default = [];
description = ''
Usernames to be added to the "spotifyd" group, so that they
can start and interact with the userspace daemon.
'';
};
};
config = mkIf cfg.enable {
# users.users.${cfg.user} =
# if cfg.user == "pia" then {
# isSystemUser = true;
# group = cfg.group;
# home = cfg.dataDir;
# createHome = true;
# }
# else {};
users.groups.${cfg.group}.members = cfg.users;
systemd.services.pia-daemon = {
enable = true;
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig.ExecStart = "${pkgs.pia-daemon}/bin/pia-daemon";
serviceConfig.PrivateTmp="yes";
serviceConfig.User = cfg.user;
serviceConfig.Group = cfg.group;
preStart = ''
mkdir -p ${cfg.dataDir}
chown ${cfg.user}:${cfg.group} ${cfg.dataDir}
'';
};
};
}

147
common/pc/pia/fix-pia.patch Normal file
View File

@@ -0,0 +1,147 @@
diff --git a/Rakefile b/Rakefile
index fa6d771..bcd6fb1 100644
--- a/Rakefile
+++ b/Rakefile
@@ -151,41 +151,6 @@ end
# Install LICENSE.txt
stage.install('LICENSE.txt', :res)
-# Download server lists to ship preloaded copies with the app. These tasks
-# depend on version.txt so they're refreshed periodically (whenver a new commit
-# is made), but not for every build.
-#
-# SERVER_DATA_DIR can be set to use existing files instead of downloading them;
-# this is primarily intended for reproducing a build.
-#
-# Create a probe for SERVER_DATA_DIR so these are updated if it changes.
-serverDataProbe = Probe.new('serverdata')
-serverDataProbe.file('serverdata.txt', "#{ENV['SERVER_DATA_DIR']}")
-# JSON resource build directory
-jsonFetched = Build.new('json-fetched')
-# These are the assets we need to fetch and the URIs we get them from
-{
- 'modern_shadowsocks.json': 'https://serverlist.piaservers.net/shadow_socks',
- 'modern_servers.json': 'https://serverlist.piaservers.net/vpninfo/servers/v6',
- 'modern_region_meta.json': 'https://serverlist.piaservers.net/vpninfo/regions/v2'
-}.each do |k, v|
- fetchedFile = jsonFetched.artifact(k.to_s)
- serverDataDir = ENV['SERVER_DATA_DIR']
- file fetchedFile => [version.artifact('version.txt'),
- serverDataProbe.artifact('serverdata.txt'),
- jsonFetched.componentDir] do |t|
- if(serverDataDir)
- # Use the copy provided instead of fetching (for reproducing a build)
- File.copy(File.join(serverDataDir, k), fetchedFile)
- else
- # Fetch from the web API (write with "binary" mode so LF is not
- # converted to CRLF on Windows)
- File.binwrite(t.name, Net::HTTP.get(URI(v)))
- end
- end
- stage.install(fetchedFile, :res)
-end
-
# Install version/brand/arch info in case an upgrade needs to know what is
# currently installed
stage.install(version.artifact('version.txt'), :res)
diff --git a/common/src/posix/unixsignalhandler.cpp b/common/src/posix/unixsignalhandler.cpp
index f820a6d..e1b6c33 100644
--- a/common/src/posix/unixsignalhandler.cpp
+++ b/common/src/posix/unixsignalhandler.cpp
@@ -132,7 +132,7 @@ void UnixSignalHandler::_signalHandler(int, siginfo_t *info, void *)
// we checked it, we can't even log because the logger is not reentrant.
auto pThis = instance();
if(pThis)
- ::write(pThis->_sigFd[0], info, sizeof(siginfo_t));
+ auto _ = ::write(pThis->_sigFd[0], info, sizeof(siginfo_t));
}
template<int Signal>
void UnixSignalHandler::setAbortAction()
diff --git a/daemon/src/linux/linux_nl.cpp b/daemon/src/linux/linux_nl.cpp
index fd3aced..2367a5e 100644
--- a/daemon/src/linux/linux_nl.cpp
+++ b/daemon/src/linux/linux_nl.cpp
@@ -642,6 +642,6 @@ LinuxNl::~LinuxNl()
unsigned char term = 0;
PosixFd killSocket = _workerKillSocket.get();
if(killSocket)
- ::write(killSocket.get(), &term, sizeof(term));
+ auto _ = ::write(killSocket.get(), &term, sizeof(term));
_workerThread.join();
}
diff --git a/extras/support-tool/launcher/linux-launcher.cpp b/extras/support-tool/launcher/linux-launcher.cpp
index 3f63ac2..420d54d 100644
--- a/extras/support-tool/launcher/linux-launcher.cpp
+++ b/extras/support-tool/launcher/linux-launcher.cpp
@@ -48,7 +48,7 @@ int fork_execv(gid_t gid, char *filename, char *const argv[])
if(forkResult == 0)
{
// Apply gid as both real and effective
- setregid(gid, gid);
+ auto _ = setregid(gid, gid);
int execErr = execv(filename, argv);
std::cerr << "exec err: " << execErr << " / " << errno << " - "
diff --git a/rake/model/qt.rb b/rake/model/qt.rb
index c8cd362..a6abe59 100644
--- a/rake/model/qt.rb
+++ b/rake/model/qt.rb
@@ -171,12 +171,7 @@ class Qt
end
def getQtRoot(qtVersion, arch)
- qtToolchainPtns = getQtToolchainPatterns(arch)
- qtRoots = FileList[*Util.joinPaths([[qtVersion], qtToolchainPtns])]
- # Explicitly filter for existing paths - if the pattern has wildcards
- # we only get existing directories, but if the patterns are just
- # alternates with no wildcards, we can get directories that don't exist
- qtRoots.find_all { |r| File.exist?(r) }.max
+ ENV['QTROOT']
end
def getQtVersionScore(minor, patch)
@@ -192,12 +187,7 @@ class Qt
end
def getQtPathVersion(path)
- verMatch = path.match('^.*/Qt[^/]*/5\.(\d+)\.?(\d*)$')
- if(verMatch == nil)
- nil
- else
- [verMatch[1].to_i, verMatch[2].to_i]
- end
+ [ENV['QT_MAJOR'].to_i, ENV['QT_MINOR'].to_i]
end
# Build a component definition with the defaults. The "Core" component will
diff --git a/rake/product/linux.rb b/rake/product/linux.rb
index f43fb3e..83505af 100644
--- a/rake/product/linux.rb
+++ b/rake/product/linux.rb
@@ -18,8 +18,7 @@ module PiaLinux
QT_BINARIES = %w(pia-client pia-daemon piactl pia-support-tool)
# Version of libicu (needed to determine lib*.so.## file names in deployment)
- ICU_VERSION = FileList[File.join(Executable::Qt.targetQtRoot, 'lib', 'libicudata.so.*')]
- .first.match(/libicudata\.so\.(\d+)(\..*|)/)[1]
+ ICU_VERSION = ENV['ICU_MAJOR'].to_i;
# Copy a directory recursively, excluding *.debug files (debugging symbols)
def self.copyWithoutDebug(sourceDir, destDir)
@@ -220,16 +219,5 @@ module PiaLinux
# Since these are just development workflow tools, they can be skipped if
# specific dependencies are not available.
def self.defineTools(toolsStage)
- # Test if we have libthai-dev, for the Thai word breaking utility
- if(Executable::Tc.sysHeaderAvailable?('thai/thwbrk.h'))
- Executable.new('thaibreak')
- .source('tools/thaibreak')
- .lib('thai')
- .install(toolsStage, :bin)
- toolsStage.install('tools/thaibreak/thai_ts.sh', :bin)
- toolsStage.install('tools/onesky_import/import_translations.sh', :bin)
- else
- puts "skipping thaibreak utility, install libthai-dev to build thaibreak"
- end
end
end

139
common/pc/pia/pia.nix Normal file
View File

@@ -0,0 +1,139 @@
{ pkgs, lib, config, ... }:
{
nixpkgs.overlays = [
(self: super:
with self;
let
# arch = builtins.elemAt (lib.strings.splitString "-" builtins.currentSystem) 0;
arch = "x86_64";
pia-desktop = clangStdenv.mkDerivation rec {
pname = "pia-desktop";
version = "3.3.0";
src = fetchgit {
url = "https://github.com/pia-foss/desktop";
rev = version;
fetchLFS = true;
sha256 = "D9txL5MUWyRYTnsnhlQdYT4dGVpj8PFsVa5hkrb36cw=";
};
patches = [
./fix-pia.patch
];
nativeBuildInputs = [
cmake
rake
];
prePatch = ''
sed -i 's|/usr/include/libnl3|${libnl.dev}/include/libnl3|' Rakefile
'';
installPhase = ''
mkdir -p $out/bin $out/lib $out/share
cp -r ../out/pia_release_${arch}/stage/bin $out
cp -r ../out/pia_release_${arch}/stage/lib $out
cp -r ../out/pia_release_${arch}/stage/share $out
'';
cmakeFlags = [
"-DCMAKE_BUILD_TYPE=Release"
];
QTROOT = "${qt5.full}";
QT_MAJOR = lib.versions.minor (lib.strings.parseDrvName qt5.full.name).version;
QT_MINOR = lib.versions.patch (lib.strings.parseDrvName qt5.full.name).version;
ICU_MAJOR = lib.versions.major (lib.strings.parseDrvName icu.name).version;
buildInputs = [
mesa
libsForQt5.qt5.qtquickcontrols
libsForQt5.qt5.qtquickcontrols2
icu
libnl
];
dontWrapQtApps = true;
};
in rec {
openvpn-updown = buildFHSUserEnv {
name = "openvpn-updown";
targetPkgs = pkgs: (with pkgs; [ pia-desktop ]);
runScript = "openvpn-updown.sh";
};
pia-client = buildFHSUserEnv {
name = "pia-client";
targetPkgs = pkgs: (with pkgs; [
pia-desktop
xorg.libXau
xorg.libXdmcp
]);
runScript = "pia-client";
};
piactl = buildFHSUserEnv {
name = "piactl";
targetPkgs = pkgs: (with pkgs; [ pia-desktop ]);
runScript = "piactl";
};
pia-daemon = buildFHSUserEnv {
name = "pia-daemon";
targetPkgs = pkgs: (with pkgs; [ pia-desktop ]);
runScript = "pia-daemon";
};
pia-hnsd = buildFHSUserEnv {
name = "pia-hnsd";
targetPkgs = pkgs: (with pkgs; [ pia-desktop ]);
runScript = "pia-hnsd";
};
pia-openvpn = buildFHSUserEnv {
name = "pia-openvpn";
targetPkgs = pkgs: (with pkgs; [ pia-desktop ]);
runScript = "pia-openvpn";
};
pia-ss-local = buildFHSUserEnv {
name = "pia-ss-local";
targetPkgs = pkgs: (with pkgs; [ pia-desktop ]);
runScript = "pia-ss-local";
};
pia-support-tool = buildFHSUserEnv {
name = "pia-support-tool";
targetPkgs = pkgs: (with pkgs; [
pia-desktop
xorg.libXau
xorg.libXdmcp
]);
runScript = "pia-support-tool";
};
pia-unbound = buildFHSUserEnv {
name = "pia-unbound";
targetPkgs = pkgs: (with pkgs; [ pia-desktop ]);
runScript = "pia-unbound";
};
pia-wireguard-go = buildFHSUserEnv {
name = "pia-wireguard-go";
targetPkgs = pkgs: (with pkgs; [ pia-desktop ]);
runScript = "pia-wireguard-go";
};
support-tool-launcher = buildFHSUserEnv {
name = "support-tool-launcher";
targetPkgs = pkgs: (with pkgs; [ pia-desktop ]);
runScript = "support-tool-launcher";
};
})
];
}

58
common/server/cloudflared.nix
View File

@@ -1,58 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.cloudflared;
settingsFormat = pkgs.formats.yaml { };
in
{
meta.maintainers = with maintainers; [ pmc ];
options = {
services.cloudflared = {
enable = mkEnableOption "cloudflared";
package = mkOption {
type = types.package;
default = pkgs.cloudflared;
description = "The cloudflared package to use";
example = literalExpression ''pkgs.cloudflared'';
};
config = mkOption {
type = settingsFormat.type;
description = "Contents of the config.yaml as an attrset; see https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/configuration/configuration-file for documentation on the contents";
example = literalExpression ''
{
url = "http://localhost:3000";
tunnel = "505c8dd1-e4fb-4ea4-b909-26b8f61ceaaf";
credentials-file = "/var/lib/cloudflared/505c8dd1-e4fb-4ea4-b909-26b8f61ceaaf.json";
}
'';
};
configFile = mkOption {
type = types.path;
description = "Path to cloudflared config.yaml.";
example = literalExpression ''"/etc/cloudflared/config.yaml"'';
};
};
};
config = mkIf cfg.enable ({
# Prefer the config file over settings if both are set.
services.cloudflared.configFile = mkDefault (settingsFormat.generate "cloudflared.yaml" cfg.config);
systemd.services.cloudflared = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
description = "Cloudflare Argo Tunnel";
serviceConfig = {
TimeoutStartSec = 0;
Type = "notify";
ExecStart = "${cfg.package}/bin/cloudflared --config ${cfg.configFile} --no-autoupdate tunnel run";
Restart = "on-failure";
RestartSec = "5s";
};
};
});
}

2
common/server/default.nix
View File

@@ -13,6 +13,6 @@
./privatebin/privatebin.nix
./radio.nix
./samba.nix
./cloudflared.nix
./owncast.nix
];
}

34
common/server/matrix.nix
View File

@@ -59,23 +59,25 @@ in {
config = lib.mkIf cfg.enable {
services.matrix-synapse = {
enable = true;
server_name = cfg.host;
enable_registration = cfg.enable_registration;
listeners = [ {
bind_address = "127.0.0.1";
port = cfg.port;
tls = false;
resources = [ {
compress = true;
names = [ "client" "federation" ];
settings = {
server_name = cfg.host;
enable_registration = cfg.enable_registration;
listeners = [ {
bind_addresses = ["127.0.0.1"];
port = cfg.port;
tls = false;
resources = [ {
compress = true;
names = [ "client" "federation" ];
} ];
} ];
} ];
turn_uris = [
"turn:${cfg.turn.host}:${toString cfg.turn.port}?transport=udp"
"turn:${cfg.turn.host}:${toString cfg.turn.port}?transport=tcp"
];
turn_shared_secret = cfg.turn.secret;
turn_user_lifetime = "1h";
turn_uris = [
"turn:${cfg.turn.host}:${toString cfg.turn.port}?transport=udp"
"turn:${cfg.turn.host}:${toString cfg.turn.port}?transport=tcp"
];
turn_shared_secret = cfg.turn.secret;
turn_user_lifetime = "1h";
};
};
services.coturn = {

31
common/server/owncast.nix Normal file
View File

@@ -0,0 +1,31 @@
{ lib, config, ... }:
with lib;
let
cfg = config.services.owncast;
in {
options.services.owncast = {
hostname = lib.mkOption {
type = types.str;
example = "example.com";
};
};
config = mkIf cfg.enable {
services.owncast.listen = "127.0.0.1";
services.owncast.port = 62419; # random port
networking.firewall.allowedTCPPorts = [ cfg.rtmp-port ];
services.nginx.enable = true;
services.nginx.virtualHosts.${cfg.hostname} = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:${toString cfg.port}";
proxyWebsockets = true;
};
};
};
}

2
common/server/thelounge.nix
View File

@@ -23,7 +23,7 @@ in {
config = lib.mkIf cfg.enable {
services.thelounge = {
private = true;
public = false;
extraConfig = {
reverseProxy = true;
maxHistory = -1;

46
common/shell.nix Normal file
View File

@@ -0,0 +1,46 @@
{ config, pkgs, ... }:
# Improvements to the default shell
# - use nix-locate for command-not-found
# - disable fish's annoying greeting message
# - add some handy shell commands
let
nix-locate = config.inputs.nix-locate.packages.${config.currentSystem}.default;
in {
programs.command-not-found.enable = false;
environment.systemPackages = [
nix-locate
];
programs.fish = {
enable = true;
shellInit = let
wrapper = pkgs.writeScript "command-not-found" ''
#!${pkgs.bash}/bin/bash
source ${nix-locate}/etc/profile.d/command-not-found.sh
command_not_found_handle "$@"
'';
in ''
# use nix-locate for command-not-found functionality
function __fish_command_not_found_handler --on-event fish_command_not_found
${wrapper} $argv
end
# disable annoying fish shell greeting
set fish_greeting
'';
};
environment.shellAliases = {
myip = "dig +short myip.opendns.com @resolver1.opendns.com";
# https://linuxreviews.org/HOWTO_Test_Disk_I/O_Performance
io_seq_read = "nix run nixpkgs#fio -- --name TEST --eta-newline=5s --filename=temp.file --rw=read --size=2g --io_size=10g --blocksize=1024k --ioengine=libaio --fsync=10000 --iodepth=32 --direct=1 --numjobs=1 --runtime=60 --group_reporting; rm temp.file";
io_seq_write = "nix run nixpkgs#fio -- --name TEST --eta-newline=5s --filename=temp.file --rw=write --size=2g --io_size=10g --blocksize=1024k --ioengine=libaio --fsync=10000 --iodepth=32 --direct=1 --numjobs=1 --runtime=60 --group_reporting; rm temp.file";
io_rand_read = "nix run nixpkgs#fio -- --name TEST --eta-newline=5s --filename=temp.file --rw=randread --size=2g --io_size=10g --blocksize=4k --ioengine=libaio --fsync=1 --iodepth=1 --direct=1 --numjobs=32 --runtime=60 --group_reporting; rm temp.file";
io_rand_write = "nix run nixpkgs#fio -- --name TEST --eta-newline=5s --filename=temp.file --rw=randrw --size=2g --io_size=10g --blocksize=4k --ioengine=libaio --fsync=1 --iodepth=1 --direct=1 --numjobs=1 --runtime=60 --group_reporting; rm temp.file";
};
}

2
common/ssh.nix
View File

@@ -11,7 +11,7 @@ rec {
ponyo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMBBlTAIp38RhErU1wNNV5MBeb+WGH0mhF/dxh5RsAXN";
ponyo-unlock = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC9LQuuImgWlkjDhEEIbM1wOd+HqRv1RxvYZuLXPSdRi";
ray = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDQM8hwKRgl8cZj7UVYATSLYu4LhG7I0WFJ9m2iWowiB";
s0 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHkTQNPzrIhsKk3OpTHq8b7slIp9LktB49r1w/DKb/5b";
s0 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAwiXcUFtAvZCayhu4+AIcF+Ktrdgv9ee/mXSIhJbp4q";
n1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPWlhd1Oid5Xf2zdcBrcdrR0TlhObutwcJ8piobRTpRt";
n2 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ7bRiRutnI7Bmyt/I238E3Fp5DqiClIXiVibsccipOr";
n3 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+rJEaRrFDGirQC2UoWQkmpzLg4qgTjGJgVqiipWiU5";

96
flake.lock generated
View File

@@ -2,16 +2,17 @@
"nodes": {
"agenix": {
"inputs": {
"darwin": "darwin",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1648942457,
"narHash": "sha256-i29Z1t3sVfCNfpp+KAfeExvpqHQSbLO1KWylTtfradU=",
"lastModified": 1675176355,
"narHash": "sha256-Qjxh5cmN56siY97mzmBLI1+cdjXSPqmfPVsKxBvHmwI=",
"owner": "ryantm",
"repo": "agenix",
"rev": "0d5e59ed645e4c7b60174bc6f6aac6a203dc0b01",
"rev": "b7ffcfe77f817d9ee992640ba1f270718d197f28",
"type": "github"
},
"original": {
@@ -32,7 +33,7 @@
"locked": {
"lastModified": 1648612759,
"narHash": "sha256-SJwlpD2Wz3zFoX2mIYCQfwIOYHaOdeiWGFeDXsLGM84=",
"ref": "master",
"ref": "refs/heads/master",
"rev": "39d338b9b24159d8ef3309eecc0d32a2a9f102b5",
"revCount": 2,
"type": "git",
@@ -71,7 +72,7 @@
"locked": {
"lastModified": 1651719222,
"narHash": "sha256-p/GY5vOP+HUlxNL4OtEhmBNEVQsedOHXEmjfCGONVmE=",
"ref": "master",
"ref": "refs/heads/master",
"rev": "1290ddd9a2ff2bf2d0f702750768312b80efcd34",
"revCount": 19,
"type": "git",
@@ -82,14 +83,36 @@
"url": "https://git.neet.dev/zuckerberg/dailybuild_modules.git"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1673295039,
"narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "87b9d090ad39b25b2400029c64825fc2a8868943",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1641205782,
"narHash": "sha256-4jY7RCWUoZ9cKD8co0/4tFARpWB+57+r1bLLvXNJliY=",
"lastModified": 1668681692,
"narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "b7547d3eed6f32d06102ead8991ec52ab0a4f1a7",
"rev": "009399224d5e398d03b22badca40a37ac85412a1",
"type": "github"
},
"original": {
@@ -100,11 +123,11 @@
},
"flake-utils": {
"locked": {
"lastModified": 1648297722,
"narHash": "sha256-W+qlPsiZd8F3XkzXOzAoR+mpFqzm3ekQkJNa+PIh1BQ=",
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "0f8662f1319ad6abf89b3380dd2722369fc51ade",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github"
},
"original": {
@@ -121,62 +144,62 @@
]
},
"locked": {
"lastModified": 1652819416,
"narHash": "sha256-OzYSb66kQUVP1FM0E7Z0ij13mm14DkJi79FAMprAavo=",
"owner": "googlebot42",
"lastModified": 1673969751,
"narHash": "sha256-U6aYz3lqZ4NVEGEWiti1i0FyqEo4bUjnTAnA73DPnNU=",
"owner": "bennofs",
"repo": "nix-index",
"rev": "a28bb3175d370c6cb9569e6d4b5570e9ca016a3e",
"rev": "5f98881b1ed27ab6656e6d71b534f88430f6823a",
"type": "github"
},
"original": {
"owner": "googlebot42",
"owner": "bennofs",
"repo": "nix-index",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1649117019,
"narHash": "sha256-ID7nw/8MDgqj/cbJ0wy6AtQ9wp58hSnE6+weZwuHnso=",
"lastModified": 1672580127,
"narHash": "sha256-3lW3xZslREhJogoOkjeZtlBtvFMyxHku7I/9IVehhT8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ccb90fb9e11459aeaf83cc28d5f8910816d90dd0",
"rev": "0874168639713f547c05947c76124f78441ea46c",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-21.11",
"ref": "nixos-22.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-21_05": {
"nixpkgs-22_05": {
"locked": {
"lastModified": 1625692408,
"narHash": "sha256-e9L3TLLDVIJpMnHtiNHJE62oOh6emRtSZ244bgYJUZs=",
"lastModified": 1654936503,
"narHash": "sha256-soKzdhI4jTHv/rSbh89RdlcJmrPgH8oMb/PLqiqIYVQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c06613c25df3fe1dd26243847a3c105cf6770627",
"rev": "dab6df51387c3878cdea09f43589a15729cae9f4",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-21.05",
"ref": "nixos-22.05",
"type": "indirect"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1649408932,
"narHash": "sha256-JhTW1OtS5fACcRXLqcTTQyYO5vLkO+bceCqeRms13SY=",
"lastModified": 1675835843,
"narHash": "sha256-y1dSCQPcof4CWzRYRqDj4qZzbBl+raVPAko5Prdil28=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "42948b300670223ca8286aaf916bc381f66a5313",
"rev": "32f914af34f126f54b45e482fb2da4ae78f3095f",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"ref": "master",
"repo": "nixpkgs",
"type": "github"
}
@@ -211,7 +234,7 @@
"locked": {
"lastModified": 1652121792,
"narHash": "sha256-j1Y9MAjUVNgyFSeGzPoqibAnEysJDjZSXukVfQ7+bsQ=",
"ref": "master",
"ref": "refs/heads/master",
"rev": "72e7a9e80b780c84ed8d4a6374bfbb242701f900",
"revCount": 5,
"type": "git",
@@ -242,23 +265,20 @@
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-21_05": "nixpkgs-21_05",
"nixpkgs-21_11": [
"nixpkgs"
],
"nixpkgs-22_05": "nixpkgs-22_05",
"utils": "utils"
},
"locked": {
"lastModified": 1638911354,
"narHash": "sha256-hNhzLOp+dApEY15vwLAQZu+sjEQbJcOXCaSfAT6lpsQ=",
"lastModified": 1655930346,
"narHash": "sha256-ht56HHOzEhjeIgAv5ZNFjSVX/in1YlUs0HG9c1EUXTM=",
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
"rev": "6e3a7b2ea6f0d68b82027b988aa25d3423787303",
"rev": "f535d8123c4761b2ed8138f3d202ea710a334a1d",
"type": "gitlab"
},
"original": {
"owner": "simple-nixos-mailserver",
"ref": "nixos-21.11",
"ref": "nixos-22.05",
"repo": "nixos-mailserver",
"type": "gitlab"
}

24
flake.nix
View File

@@ -1,17 +1,16 @@
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-21.11";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.05";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/master";
flake-utils.url = "github:numtide/flake-utils";
nix-locate.url = "github:googlebot42/nix-index";
nix-locate.url = "github:bennofs/nix-index";
nix-locate.inputs.nixpkgs.follows = "nixpkgs";
# mail server
simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-21.11";
simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-22.05";
simple-nixos-mailserver.inputs.nixpkgs.follows = "nixpkgs";
simple-nixos-mailserver.inputs.nixpkgs-21_11.follows = "nixpkgs";
# agenix
agenix.url = "github:ryantm/agenix";
@@ -42,12 +41,12 @@
modules = system: [
./common
inputs.simple-nixos-mailserver.nixosModule
inputs.agenix.nixosModule
inputs.agenix.nixosModules.default
inputs.dailybuild_modules.nixosModule
inputs.archivebox.nixosModule
({ lib, ... }: {
config.environment.systemPackages = [
inputs.agenix.defaultPackage.${system}
inputs.agenix.packages.${system}.agenix
];
# because nixos specialArgs doesn't work for containers... need to pass in inputs a different way
@@ -70,7 +69,7 @@
in
{
"reg" = mkSystem "x86_64-linux" nixpkgs ./machines/reg/configuration.nix;
"ray" = mkSystem "x86_64-linux" nixpkgs ./machines/ray/configuration.nix;
"ray" = mkSystem "x86_64-linux" nixpkgs-unstable ./machines/ray/configuration.nix;
"nat" = mkSystem "aarch64-linux" nixpkgs ./machines/nat/configuration.nix;
"liza" = mkSystem "x86_64-linux" nixpkgs ./machines/liza/configuration.nix;
"ponyo" = mkSystem "x86_64-linux" nixpkgs ./machines/ponyo/configuration.nix;
@@ -88,11 +87,18 @@
mkKexec = system:
(nixpkgs.lib.nixosSystem {
inherit system;
modules = [ ./machines/kexec.nix ];
modules = [ ./machines/ephemeral/kexec.nix ];
}).config.system.build.kexec_tarball;
mkIso = system:
(nixpkgs.lib.nixosSystem {
inherit system;
modules = [ ./machines/ephemeral/iso.nix ];
}).config.system.build.isoImage;
in {
"x86_64-linux"."kexec" = mkKexec "x86_64-linux";
"x86_64-linux"."iso" = mkIso "x86_64-linux";
"aarch64-linux"."kexec" = mkKexec "aarch64-linux";
"aarch64-linux"."iso" = mkIso "aarch64-linux";
};
};
}

12
machines/ephemeral/iso.nix Normal file
View File

@@ -0,0 +1,12 @@
{ modulesPath, ... }:
{
imports = [
(modulesPath + "/installer/cd-dvd/iso-image.nix")
./minimal.nix
];
isoImage.makeUsbBootable = true;
networking.hostName = "iso";
}

30
machines/kexec.nix → machines/ephemeral/kexec.nix
View File

@@ -6,8 +6,11 @@
imports = [
(modulesPath + "/installer/netboot/netboot.nix")
(modulesPath + "/profiles/qemu-guest.nix")
./minimal.nix
];
networking.hostName = "kexec";
# stripped down version of https://github.com/cleverca22/nix-tests/tree/master/kexec
system.build = rec {
image = pkgs.runCommand "image" { buildInputs = [ pkgs.nukeReferences ]; } ''
@@ -42,31 +45,4 @@
contents = [ ];
};
};
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "e1000" "e1000e" "virtio_pci" "r8169" ];
boot.kernelParams = [
"panic=30" "boot.panic_on_fail" # reboot the machine upon fatal boot issues
"console=ttyS0" # enable serial console
"console=tty1"
];
boot.kernel.sysctl."vm.overcommit_memory" = "1";
environment.systemPackages = with pkgs; [
cryptsetup
btrfs-progs
];
environment.variables.GC_INITIAL_HEAP_SIZE = "1M";
networking.useDHCP = true;
networking.hostName = "kexec";
services.openssh = {
enable = true;
challengeResponseAuthentication = false;
passwordAuthentication = false;
};
services.getty.autologinUser = "root";
users.users.root.openssh.authorizedKeys.keys = (import ../common/ssh.nix).users;
}

28
machines/ephemeral/minimal.nix Normal file
View File

@@ -0,0 +1,28 @@
{ pkgs, ... }:
{
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "e1000" "e1000e" "virtio_pci" "r8169" ];
boot.kernelParams = [
"panic=30" "boot.panic_on_fail" # reboot the machine upon fatal boot issues
"console=ttyS0" # enable serial console
"console=tty1"
];
boot.kernel.sysctl."vm.overcommit_memory" = "1";
environment.systemPackages = with pkgs; [
cryptsetup
btrfs-progs
];
environment.variables.GC_INITIAL_HEAP_SIZE = "1M";
networking.useDHCP = true;
services.openssh = {
enable = true;
challengeResponseAuthentication = false;
passwordAuthentication = false;
};
services.getty.autologinUser = "root";
users.users.root.openssh.authorizedKeys.keys = (import ../common/ssh.nix).users;
}

3
machines/liza/configuration.nix
View File

@@ -107,7 +107,4 @@
enableACME = true;
forceSSL = true;
};
security.acme.acceptTerms = true;
security.acme.email = "zuckerberg@neet.dev";
}

7
machines/ponyo/configuration.nix
View File

@@ -63,6 +63,9 @@
};
};
# tailscale
services.tailscale.exitNode = true;
# icecast endpoint + website
services.nginx.virtualHosts."radio.runyan.org" = {
enableACME = true;
@@ -164,6 +167,6 @@
'';
};
security.acme.acceptTerms = true;
security.acme.email = "zuckerberg@neet.dev";
services.owncast.enable = true;
services.owncast.hostname = "live.neet.dev";
}

43
machines/ray/ca.rsa.4096.crt Normal file
View File

@@ -0,0 +1,43 @@
-----BEGIN CERTIFICATE-----
MIIHqzCCBZOgAwIBAgIJAJ0u+vODZJntMA0GCSqGSIb3DQEBDQUAMIHoMQswCQYD
VQQGEwJVUzELMAkGA1UECBMCQ0ExEzARBgNVBAcTCkxvc0FuZ2VsZXMxIDAeBgNV
BAoTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAwHgYDVQQLExdQcml2YXRlIElu
dGVybmV0IEFjY2VzczEgMB4GA1UEAxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3Mx
IDAeBgNVBCkTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMS8wLQYJKoZIhvcNAQkB
FiBzZWN1cmVAcHJpdmF0ZWludGVybmV0YWNjZXNzLmNvbTAeFw0xNDA0MTcxNzQw
MzNaFw0zNDA0MTIxNzQwMzNaMIHoMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0Ex
EzARBgNVBAcTCkxvc0FuZ2VsZXMxIDAeBgNVBAoTF1ByaXZhdGUgSW50ZXJuZXQg
QWNjZXNzMSAwHgYDVQQLExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UE
AxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxIDAeBgNVBCkTF1ByaXZhdGUgSW50
ZXJuZXQgQWNjZXNzMS8wLQYJKoZIhvcNAQkBFiBzZWN1cmVAcHJpdmF0ZWludGVy
bmV0YWNjZXNzLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALVk
hjumaqBbL8aSgj6xbX1QPTfTd1qHsAZd2B97m8Vw31c/2yQgZNf5qZY0+jOIHULN
De4R9TIvyBEbvnAg/OkPw8n/+ScgYOeH876VUXzjLDBnDb8DLr/+w9oVsuDeFJ9K
V2UFM1OYX0SnkHnrYAN2QLF98ESK4NCSU01h5zkcgmQ+qKSfA9Ny0/UpsKPBFqsQ
25NvjDWFhCpeqCHKUJ4Be27CDbSl7lAkBuHMPHJs8f8xPgAbHRXZOxVCpayZ2SND
fCwsnGWpWFoMGvdMbygngCn6jA/W1VSFOlRlfLuuGe7QFfDwA0jaLCxuWt/BgZyl
p7tAzYKR8lnWmtUCPm4+BtjyVDYtDCiGBD9Z4P13RFWvJHw5aapx/5W/CuvVyI7p
Kwvc2IT+KPxCUhH1XI8ca5RN3C9NoPJJf6qpg4g0rJH3aaWkoMRrYvQ+5PXXYUzj
tRHImghRGd/ydERYoAZXuGSbPkm9Y/p2X8unLcW+F0xpJD98+ZI+tzSsI99Zs5wi
jSUGYr9/j18KHFTMQ8n+1jauc5bCCegN27dPeKXNSZ5riXFL2XX6BkY68y58UaNz
meGMiUL9BOV1iV+PMb7B7PYs7oFLjAhh0EdyvfHkrh/ZV9BEhtFa7yXp8XR0J6vz
1YV9R6DYJmLjOEbhU8N0gc3tZm4Qz39lIIG6w3FDAgMBAAGjggFUMIIBUDAdBgNV
HQ4EFgQUrsRtyWJftjpdRM0+925Y6Cl08SUwggEfBgNVHSMEggEWMIIBEoAUrsRt
yWJftjpdRM0+925Y6Cl08SWhge6kgeswgegxCzAJBgNVBAYTAlVTMQswCQYDVQQI
EwJDQTETMBEGA1UEBxMKTG9zQW5nZWxlczEgMB4GA1UEChMXUHJpdmF0ZSBJbnRl
cm5ldCBBY2Nlc3MxIDAeBgNVBAsTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAw
HgYDVQQDExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UEKRMXUHJpdmF0
ZSBJbnRlcm5ldCBBY2Nlc3MxLzAtBgkqhkiG9w0BCQEWIHNlY3VyZUBwcml2YXRl
aW50ZXJuZXRhY2Nlc3MuY29tggkAnS7684Nkme0wDAYDVR0TBAUwAwEB/zANBgkq
hkiG9w0BAQ0FAAOCAgEAJsfhsPk3r8kLXLxY+v+vHzbr4ufNtqnL9/1Uuf8NrsCt
pXAoyZ0YqfbkWx3NHTZ7OE9ZRhdMP/RqHQE1p4N4Sa1nZKhTKasV6KhHDqSCt/dv
Em89xWm2MVA7nyzQxVlHa9AkcBaemcXEiyT19XdpiXOP4Vhs+J1R5m8zQOxZlV1G
tF9vsXmJqWZpOVPmZ8f35BCsYPvv4yMewnrtAC8PFEK/bOPeYcKN50bol22QYaZu
LfpkHfNiFTnfMh8sl/ablPyNY7DUNiP5DRcMdIwmfGQxR5WEQoHL3yPJ42LkB5zs
6jIm26DGNXfwura/mi105+ENH1CaROtRYwkiHb08U6qLXXJz80mWJkT90nr8Asj3
5xN2cUppg74nG3YVav/38P48T56hG1NHbYF5uOCske19F6wi9maUoto/3vEr0rnX
JUp2KODmKdvBI7co245lHBABWikk8VfejQSlCtDBXn644ZMtAdoxKNfR2WTFVEwJ
iyd1Fzx0yujuiXDROLhISLQDRjVVAvawrAtLZWYK31bY7KlezPlQnl/D9Asxe85l
8jO5+0LdJ6VyOs/Hd4w52alDW/MFySDZSfQHMTIc30hLBJ8OnCEIvluVQQ2UQvoW
+no177N9L2Y+M9TcTA62ZyMXShHQGeh20rb4kK8f+iFX8NxtdHVSkxMEFSfDDyQ=
-----END CERTIFICATE-----

91
machines/ray/configuration.nix
View File

@@ -1,12 +1,8 @@
{ config, pkgs, lib, ... }:
{
disabledModules = [
"hardware/video/nvidia.nix"
];
imports = [
./hardware-configuration.nix
./nvidia.nix
];
firmware.x86_64.enable = true;
@@ -23,29 +19,94 @@
hardware.enableAllFirmware = true;
# newer kernel for wifi
boot.kernelPackages = pkgs.linuxPackages_latest;
# depthai
services.udev.extraRules = ''
SUBSYSTEM=="usb", ATTRS{idVendor}=="03e7", MODE="0666"
'';
# gpu
services.xserver.videoDrivers = [ "nvidia" ];
services.xserver.logFile = "/var/log/Xorg.0.log";
hardware.nvidia = {
modesetting.enable = true; # for nvidia-vaapi-driver
prime = {
#reverse_sync.enable = true;
offload.enable = true;
reverseSync.enable = true;
offload.enableOffloadCmd = true;
#sync.enable = true;
nvidiaBusId = "PCI:1:0:0";
amdgpuBusId = "PCI:4:0:0";
};
powerManagement = {
# enable = true;
# finegrained = true;
coarsegrained = true;
};
};
# virt-manager
virtualisation.libvirtd.enable = true;
programs.dconf.enable = true;
virtualisation.spiceUSBRedirection.enable = true;
environment.systemPackages = with pkgs; [ virt-manager ];
users.users.googlebot.extraGroups = [ "libvirtd" ];
# vpn-container.enable = true;
# containers.vpn.interfaces = [ "piaw" ];
# allow traffic for wireguard interface to pass
# networking.firewall = {
# # wireguard trips rpfilter up
# extraCommands = ''
# ip46tables -t raw -I nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN
# ip46tables -t raw -I nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN
# '';
# extraStopCommands = ''
# ip46tables -t raw -D nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN || true
# ip46tables -t raw -D nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN || true
# '';
# };
# systemd.services.pia-vpn-wireguard = {
# enable = true;
# description = "PIA VPN WireGuard Tunnel";
# requires = [ "network-online.target" ];
# after = [ "network.target" "network-online.target" ];
# wantedBy = [ "multi-user.target" ];
# environment.DEVICE = "piaw";
# path = with pkgs; [ kmod wireguard-tools jq curl ];
# serviceConfig = {
# Type = "oneshot";
# RemainAfterExit = true;
# };
# script = ''
# WG_HOSTNAME=zurich406
# WG_SERVER_IP=156.146.62.153
# PIA_USER=`sed '1q;d' /run/agenix/pia-login.conf`
# PIA_PASS=`sed '2q;d' /run/agenix/pia-login.conf`
# PIA_TOKEN=`curl -s -u "$PIA_USER:$PIA_PASS" https://www.privateinternetaccess.com/gtoken/generateToken | jq -r '.token'`
# privKey=$(wg genkey)
# pubKey=$(echo "$privKey" | wg pubkey)
# wireguard_json=`curl -s -G --connect-to "$WG_HOSTNAME::$WG_SERVER_IP:" --cacert "${./ca.rsa.4096.crt}" --data-urlencode "pt=$PIA_TOKEN" --data-urlencode "pubkey=$pubKey" https://$WG_HOSTNAME:1337/addKey`
# echo "
# [Interface]
# Address = $(echo "$wireguard_json" | jq -r '.peer_ip')
# PrivateKey = $privKey
# ListenPort = 51820
# [Peer]
# PersistentKeepalive = 25
# PublicKey = $(echo "$wireguard_json" | jq -r '.server_key')
# AllowedIPs = 0.0.0.0/0
# Endpoint = $WG_SERVER_IP:$(echo "$wireguard_json" | jq -r '.server_port')
# " > /tmp/piaw.conf
# # TODO make /tmp/piaw.conf ro to root
# ${lib.optionalString (!config.boot.isContainer) "modprobe wireguard"}
# wg-quick up /tmp/piaw.conf
# '';
# preStop = ''
# wg-quick down /tmp/piaw.conf
# '';
# };
# age.secrets."pia-login.conf".file = ../../secrets/pia-login.conf;
virtualisation.docker.enable = true;

485
machines/ray/nvidia.nix
View File

@@ -1,485 +0,0 @@
# This module provides the proprietary NVIDIA X11 / OpenGL drivers.
{ config, lib, pkgs, ... }:
with lib;
let
nvidia_x11 = let
drivers = config.services.xserver.videoDrivers;
isDeprecated = str: (hasPrefix "nvidia" str) && (str != "nvidia");
hasDeprecated = drivers: any isDeprecated drivers;
in if (hasDeprecated drivers) then
throw ''
Selecting an nvidia driver has been modified for NixOS 19.03. The version is now set using `hardware.nvidia.package`.
''
else if (elem "nvidia" drivers) then cfg.package else null;
enabled = nvidia_x11 != null;
cfg = config.hardware.nvidia;
pCfg = cfg.prime;
syncCfg = pCfg.sync;
offloadCfg = pCfg.offload;
reverseSyncCfg = pCfg.reverse_sync;
primeEnabled = syncCfg.enable || reverseSyncCfg.enable || offloadCfg.enable;
nvidiaPersistencedEnabled = cfg.nvidiaPersistenced;
nvidiaSettings = cfg.nvidiaSettings;
in
{
imports =
[
(mkRenamedOptionModule [ "hardware" "nvidia" "optimus_prime" "enable" ] [ "hardware" "nvidia" "prime" "sync" "enable" ])
(mkRenamedOptionModule [ "hardware" "nvidia" "optimus_prime" "allowExternalGpu" ] [ "hardware" "nvidia" "prime" "allowExternalGpu" ])
(mkRenamedOptionModule [ "hardware" "nvidia" "prime" "sync" "allowExternalGpu" ] [ "hardware" "nvidia" "prime" "allowExternalGpu" ])
(mkRenamedOptionModule [ "hardware" "nvidia" "optimus_prime" "nvidiaBusId" ] [ "hardware" "nvidia" "prime" "nvidiaBusId" ])
(mkRenamedOptionModule [ "hardware" "nvidia" "optimus_prime" "intelBusId" ] [ "hardware" "nvidia" "prime" "intelBusId" ])
];
options = {
hardware.nvidia.powerManagement.enable = mkOption {
type = types.bool;
default = false;
description = ''
Experimental power management through systemd. For more information, see
the NVIDIA docs, on Chapter 21. Configuring Power Management Support.
'';
};
hardware.nvidia.powerManagement.finegrained = mkOption {
type = types.bool;
default = false;
description = ''
Experimental power management of PRIME offload. For more information, see
the NVIDIA docs, chapter 22. PCI-Express runtime power management.
'';
};
hardware.nvidia.powerManagement.coarsegrained = mkOption {
type = types.bool;
default = false;
description = ''
Experimental power management of PRIME offload. For more information, see
the NVIDIA docs, chapter 22. PCI-Express runtime power management.
'';
};
hardware.nvidia.modesetting.enable = mkOption {
type = types.bool;
default = false;
description = ''
Enable kernel modesetting when using the NVIDIA proprietary driver.
Enabling this fixes screen tearing when using Optimus via PRIME (see
<option>hardware.nvidia.prime.sync.enable</option>. This is not enabled
by default because it is not officially supported by NVIDIA and would not
work with SLI.
'';
};
hardware.nvidia.prime.nvidiaBusId = mkOption {
type = types.str;
default = "";
example = "PCI:1:0:0";
description = ''
Bus ID of the NVIDIA GPU. You can find it using lspci; for example if lspci
shows the NVIDIA GPU at "01:00.0", set this option to "PCI:1:0:0".
'';
};
hardware.nvidia.prime.intelBusId = mkOption {
type = types.str;
default = "";
example = "PCI:0:2:0";
description = ''
Bus ID of the Intel GPU. You can find it using lspci; for example if lspci
shows the Intel GPU at "00:02.0", set this option to "PCI:0:2:0".
'';
};
hardware.nvidia.prime.amdgpuBusId = mkOption {
type = types.str;
default = "";
example = "PCI:4:0:0";
description = ''
Bus ID of the AMD APU. You can find it using lspci; for example if lspci
shows the AMD APU at "04:00.0", set this option to "PCI:4:0:0".
'';
};
hardware.nvidia.prime.sync.enable = mkOption {
type = types.bool;
default = false;
description = ''
Enable NVIDIA Optimus support using the NVIDIA proprietary driver via PRIME.
If enabled, the NVIDIA GPU will be always on and used for all rendering,
while enabling output to displays attached only to the integrated Intel/AMD
GPU without a multiplexer.
Note that this option only has any effect if the "nvidia" driver is specified
in <option>services.xserver.videoDrivers</option>, and it should preferably
be the only driver there.
If this is enabled, then the bus IDs of the NVIDIA and Intel/AMD GPUs have to
be specified (<option>hardware.nvidia.prime.nvidiaBusId</option> and
<option>hardware.nvidia.prime.intelBusId</option> or
<option>hardware.nvidia.prime.amdgpuBusId</option>).
If you enable this, you may want to also enable kernel modesetting for the
NVIDIA driver (<option>hardware.nvidia.modesetting.enable</option>) in order
to prevent tearing.
Note that this configuration will only be successful when a display manager
for which the <option>services.xserver.displayManager.setupCommands</option>
option is supported is used.
'';
};
hardware.nvidia.prime.allowExternalGpu = mkOption {
type = types.bool;
default = false;
description = ''
Configure X to allow external NVIDIA GPUs when using Prime [Reverse] Sync.
'';
};
hardware.nvidia.prime.offload.enable = mkOption {
type = types.bool;
default = false;
description = ''
Enable render offload support using the NVIDIA proprietary driver via PRIME.
If this is enabled, then the bus IDs of the NVIDIA and Intel/AMD GPUs have to
be specified (<option>hardware.nvidia.prime.nvidiaBusId</option> and
<option>hardware.nvidia.prime.intelBusId</option> or
<option>hardware.nvidia.prime.amdgpuBusId</option>).
'';
};
hardware.nvidia.prime.offload.enableOffloadCmd = mkOption {
type = types.bool;
default = false;
description = ''
Adds a `nvidia-offload` convenience script to <option>environment.systemPackages</option>
for offloading programs to an nvidia device. To work, should have also enabled
<option>hardware.nvidia.prime.offload.enable</option> or <option>hardware.nvidia.prime.reverse_sync.enable</option>
Example usage `nvidia-offload sauerbraten_client`
'';
};
hardware.nvidia.prime.reverse_sync.enable = mkOption {
type = types.bool;
default = false;
description = ''
Warning: This feature is relatively new, depending on your system this might
work poorly. AMD support, especially so.
See: https://forums.developer.nvidia.com/t/the-all-new-outputsink-feature-aka-reverse-prime/129828
Enable NVIDIA Optimus support using the NVIDIA proprietary driver via reverse
PRIME. If enabled, the Intel/AMD GPU will be used for all rendering, while
enabling output to displays attached only to the NVIDIA GPU without a
multiplexer.
Note that this option only has any effect if the "nvidia" driver is specified
in <option>services.xserver.videoDrivers</option>, and it should preferably
be the only driver there.
If this is enabled, then the bus IDs of the NVIDIA and Intel/AMD GPUs have to
be specified (<option>hardware.nvidia.prime.nvidiaBusId</option> and
<option>hardware.nvidia.prime.intelBusId</option> or
<option>hardware.nvidia.prime.amdgpuBusId</option>).
If you enable this, you may want to also enable kernel modesetting for the
NVIDIA driver (<option>hardware.nvidia.modesetting.enable</option>) in order
to prevent tearing.
Note that this configuration will only be successful when a display manager
for which the <option>services.xserver.displayManager.setupCommands</option>
option is supported is used.
'';
};
hardware.nvidia.nvidiaSettings = mkOption {
default = true;
type = types.bool;
description = ''
Whether to add nvidia-settings, NVIDIA's GUI configuration tool, to
systemPackages.
'';
};
hardware.nvidia.nvidiaPersistenced = mkOption {
default = false;
type = types.bool;
description = ''
Update for NVIDA GPU headless mode, i.e. nvidia-persistenced. It ensures all
GPUs stay awake even during headless mode.
'';
};
hardware.nvidia.package = lib.mkOption {
type = lib.types.package;
default = config.boot.kernelPackages.nvidiaPackages.stable;
defaultText = literalExpression "config.boot.kernelPackages.nvidiaPackages.stable";
description = ''
The NVIDIA X11 derivation to use.
'';
example = literalExpression "config.boot.kernelPackages.nvidiaPackages.legacy_340";
};
};
config = let
igpuDriver = if pCfg.intelBusId != "" then "modesetting" else "amdgpu";
igpuBusId = if pCfg.intelBusId != "" then pCfg.intelBusId else pCfg.amdgpuBusId;
in mkIf enabled {
assertions = [
{
assertion = primeEnabled -> pCfg.intelBusId == "" || pCfg.amdgpuBusId == "";
message = ''
You cannot configure both an Intel iGPU and an AMD APU. Pick the one corresponding to your processor.
'';
}
{
assertion = offloadCfg.enableOffloadCmd -> offloadCfg.enable || reverseSyncCfg.enable;
message = ''
Offload command requires offloading or reverse prime sync to be enabled.
'';
}
{
assertion = primeEnabled -> pCfg.nvidiaBusId != "" && (pCfg.intelBusId != "" || pCfg.amdgpuBusId != "");
message = ''
When NVIDIA PRIME is enabled, the GPU bus IDs must configured.
'';
}
{
assertion = offloadCfg.enable -> versionAtLeast nvidia_x11.version "435.21";
message = "NVIDIA PRIME render offload is currently only supported on versions >= 435.21.";
}
{
assertion = (reverseSyncCfg.enable && pCfg.amdgpuBusId != "") -> versionAtLeast nvidia_x11.version "470.0";
message = "NVIDIA PRIME render offload for AMD APUs is currently only supported on versions >= 470 beta.";
}
{
assertion = !(syncCfg.enable && offloadCfg.enable);
message = "PRIME Sync and Offload cannot be both enabled";
}
{
assertion = !(syncCfg.enable && reverseSyncCfg.enable);
message = "PRIME Sync and PRIME Reverse Sync cannot be both enabled";
}
{
assertion = !(syncCfg.enable && cfg.powerManagement.finegrained && cfg.powerManagement.coarsegrained);
message = "Sync precludes powering down the NVIDIA GPU.";
}
{
assertion = cfg.powerManagement.finegrained -> offloadCfg.enable;
message = "Fine-grained power management requires offload to be enabled.";
}
{
assertion = cfg.powerManagement.coarsegrained -> offloadCfg.enable;
message = "Coarse-grained power management requires offload to be enabled.";
}
{
assertion = cfg.powerManagement.enable -> (
builtins.pathExists (cfg.package.out + "/bin/nvidia-sleep.sh") &&
builtins.pathExists (cfg.package.out + "/lib/systemd/system-sleep/nvidia")
);
message = "Required files for driver based power management don't exist.";
}
];
# If Optimus/PRIME is enabled, we:
# - Specify the configured NVIDIA GPU bus ID in the Device section for the
# "nvidia" driver.
# - Add the AllowEmptyInitialConfiguration option to the Screen section for the
# "nvidia" driver, in order to allow the X server to start without any outputs.
# - Add a separate Device section for the Intel GPU, using the "modesetting"
# driver and with the configured BusID.
# - OR add a separate Device section for the AMD APU, using the "amdgpu"
# driver and with the configures BusID.
# - Reference that Device section from the ServerLayout section as an inactive
# device.
# - Configure the display manager to run specific `xrandr` commands which will
# configure/enable displays connected to the Intel iGPU / AMD APU.
services.xserver.useGlamor = mkDefault offloadCfg.enable;
# reverse sync implies offloading
hardware.nvidia.prime.offload.enable = mkDefault reverseSyncCfg.enable;
services.xserver.drivers = optional primeEnabled {
name = igpuDriver;
display = !syncCfg.enable;
modules = optional (igpuDriver == "amdgpu") [ pkgs.xorg.xf86videoamdgpu ];
deviceSection = ''
BusID "${igpuBusId}"
${optionalString (syncCfg.enable && igpuDriver != "amdgpu") ''Option "AccelMethod" "none"''}
'';
} ++ singleton {
name = "nvidia";
modules = [ nvidia_x11.bin ];
display = syncCfg.enable;
deviceSection = optionalString primeEnabled ''
BusID "${pCfg.nvidiaBusId}"
${optionalString pCfg.allowExternalGpu "Option \"AllowExternalGpus\""}
'';
};
services.xserver.serverLayoutSection = optionalString syncCfg.enable ''
Inactive "Device-${igpuDriver}[0]"
'' + optionalString reverseSyncCfg.enable ''
Inactive "Device-nvidia[0]"
'' + optionalString offloadCfg.enable ''
Option "AllowNVIDIAGPUScreens"
'';
services.xserver.displayManager.setupCommands = let
gpuProviderName = if igpuDriver == "amdgpu" then
# find the name of the provider if amdgpu
"`${pkgs.xorg.xrandr}/bin/xrandr --listproviders | ${pkgs.gnugrep}/bin/grep -i AMD | ${pkgs.gnused}/bin/sed -n 's/^.*name://p'`"
else
igpuDriver;
providerCmdParams = if syncCfg.enable then "\"${gpuProviderName}\" NVIDIA-0" else "NVIDIA-G0 \"${gpuProviderName}\"";
in optionalString (syncCfg.enable || reverseSyncCfg.enable) ''
# Added by nvidia configuration module for Optimus/PRIME.
${pkgs.xorg.xrandr}/bin/xrandr --setprovideroutputsource ${providerCmdParams}
${pkgs.xorg.xrandr}/bin/xrandr --auto
'';
environment.etc."nvidia/nvidia-application-profiles-rc" = mkIf nvidia_x11.useProfiles {
source = "${nvidia_x11.bin}/share/nvidia/nvidia-application-profiles-rc";
};
# 'nvidia_x11' installs it's files to /run/opengl-driver/...
environment.etc."egl/egl_external_platform.d".source =
"/run/opengl-driver/share/egl/egl_external_platform.d/";
hardware.opengl.extraPackages = [
nvidia_x11.out
# pkgs.nvidia-vaapi-driver
];
hardware.opengl.extraPackages32 = [
nvidia_x11.lib32
# pkgs.pkgsi686Linux.nvidia-vaapi-driver
];
environment.systemPackages = [ nvidia_x11.bin ]
++ optionals cfg.nvidiaSettings [ nvidia_x11.settings ]
++ optionals nvidiaPersistencedEnabled [ nvidia_x11.persistenced ]
++ optionals offloadCfg.enableOffloadCmd [
(pkgs.writeShellScriptBin "nvidia-offload" ''
export __NV_PRIME_RENDER_OFFLOAD=1
export __NV_PRIME_RENDER_OFFLOAD_PROVIDER=NVIDIA-G0
export __GLX_VENDOR_LIBRARY_NAME=nvidia
export __VK_LAYER_NV_optimus=NVIDIA_only
exec -a "$0" "$@"
'')
];
systemd.packages = optional cfg.powerManagement.enable nvidia_x11.out;
systemd.services = let
baseNvidiaService = state: {
description = "NVIDIA system ${state} actions";
path = with pkgs; [ kbd ];
serviceConfig = {
Type = "oneshot";
ExecStart = "${nvidia_x11.out}/bin/nvidia-sleep.sh '${state}'";
};
};
nvidiaService = sleepState: (baseNvidiaService sleepState) // {
before = [ "systemd-${sleepState}.service" ];
requiredBy = [ "systemd-${sleepState}.service" ];
};
services = (builtins.listToAttrs (map (t: nameValuePair "nvidia-${t}" (nvidiaService t)) ["hibernate" "suspend"]))
// {
nvidia-resume = (baseNvidiaService "resume") // {
after = [ "systemd-suspend.service" "systemd-hibernate.service" ];
requiredBy = [ "systemd-suspend.service" "systemd-hibernate.service" ];
};
};
in optionalAttrs cfg.powerManagement.enable services
// optionalAttrs nvidiaPersistencedEnabled {
"nvidia-persistenced" = mkIf nvidiaPersistencedEnabled {
description = "NVIDIA Persistence Daemon";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "forking";
Restart = "always";
PIDFile = "/var/run/nvidia-persistenced/nvidia-persistenced.pid";
ExecStart = "${nvidia_x11.persistenced}/bin/nvidia-persistenced --verbose";
ExecStopPost = "${pkgs.coreutils}/bin/rm -rf /var/run/nvidia-persistenced";
};
};
};
systemd.tmpfiles.rules = optional config.virtualisation.docker.enableNvidia
"L+ /run/nvidia-docker/bin - - - - ${nvidia_x11.bin}/origBin"
++ optional (nvidia_x11.persistenced != null && config.virtualisation.docker.enableNvidia)
"L+ /run/nvidia-docker/extras/bin/nvidia-persistenced - - - - ${nvidia_x11.persistenced}/origBin/nvidia-persistenced";
boot.extraModulePackages = [ nvidia_x11.bin ];
# nvidia-uvm is required by CUDA applications.
boot.kernelModules = [ "nvidia-uvm" ] ++
optionals config.services.xserver.enable [ "nvidia" "nvidia_modeset" "nvidia_drm" ];
# If requested enable modesetting via kernel parameter.
boot.kernelParams = optional (offloadCfg.enable || cfg.modesetting.enable) "nvidia-drm.modeset=1"
++ optional cfg.powerManagement.enable "nvidia.NVreg_PreserveVideoMemoryAllocations=1";
services.udev.extraRules =
''
# Create /dev/nvidia-uvm when the nvidia-uvm module is loaded.
KERNEL=="nvidia", RUN+="${pkgs.runtimeShell} -c 'mknod -m 666 /dev/nvidiactl c $$(grep nvidia-frontend /proc/devices | cut -d \ -f 1) 255'"
KERNEL=="nvidia_modeset", RUN+="${pkgs.runtimeShell} -c 'mknod -m 666 /dev/nvidia-modeset c $$(grep nvidia-frontend /proc/devices | cut -d \ -f 1) 254'"
KERNEL=="card*", SUBSYSTEM=="drm", DRIVERS=="nvidia", RUN+="${pkgs.runtimeShell} -c 'mknod -m 666 /dev/nvidia%n c $$(grep nvidia-frontend /proc/devices | cut -d \ -f 1) %n'"
KERNEL=="nvidia_uvm", RUN+="${pkgs.runtimeShell} -c 'mknod -m 666 /dev/nvidia-uvm c $$(grep nvidia-uvm /proc/devices | cut -d \ -f 1) 0'"
KERNEL=="nvidia_uvm", RUN+="${pkgs.runtimeShell} -c 'mknod -m 666 /dev/nvidia-uvm-tools c $$(grep nvidia-uvm /proc/devices | cut -d \ -f 1) 0'"
'' + optionalString (cfg.powerManagement.finegrained || cfg.powerManagement.coarsegrained) ''
# Remove NVIDIA USB xHCI Host Controller devices, if present
ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x0c0330", ATTR{remove}="1"
# Remove NVIDIA USB Type-C UCSI devices, if present
ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x0c8000", ATTR{remove}="1"
# Remove NVIDIA Audio devices, if present
ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x040300", ATTR{remove}="1"
# Enable runtime PM for NVIDIA VGA/3D controller devices on driver bind
ACTION=="bind", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x030000", TEST=="power/control", ATTR{power/control}="auto"
ACTION=="bind", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x030200", TEST=="power/control", ATTR{power/control}="auto"
# Disable runtime PM for NVIDIA VGA/3D controller devices on driver unbind
ACTION=="unbind", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x030000", TEST=="power/control", ATTR{power/control}="on"
ACTION=="unbind", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x030200", TEST=="power/control", ATTR{power/control}="on"
'';
boot.extraModprobeConfig = optionalString cfg.powerManagement.finegrained ''
options nvidia "NVreg_DynamicPowerManagement=0x02"
'' + optionalString cfg.powerManagement.coarsegrained ''
options nvidia "NVreg_DynamicPowerManagement=0x01"
'';
boot.blacklistedKernelModules = [ "nouveau" "nvidiafb" ];
services.acpid.enable = true;
};
}

3
machines/storage/s0/configuration.nix
View File

@@ -145,6 +145,9 @@
proxyWebsockets = true;
};
# tailscale
services.tailscale.exitNode = true;
nixpkgs.overlays = [
(final: prev: {
radarr = prev.radarr.overrideAttrs (old: rec {

BIN
secrets/cloudflared-navidrome.json.age
View File

Binary file not shown.

BIN
secrets/email-pw.age
View File

Binary file not shown.

75
secrets/iodine.age
View File

@@ -1,38 +1,39 @@
age-encryption.org/v1
-> ssh-ed25519 xoAm7w Hfe9WoVDvMWc8P60BreiUS9+F1PmpZwUQ/Rf1tRxIRY
oFunT3z6xg8BRAqzcaHVxafBUJbXJSCrsge1/nEI8x4
-> ssh-ed25519 mbw8xA xR/jq0KjCpwusJJ60mHqt6TGBdsSjUxWHChO8dGYhzA
kFEYLlnF7g6e7Tvud8JsblOtsj2v3QrAdkjJwV0b9ng
-> ssh-ed25519 N240Tg DoXupPWk4YsgqpQ4yPfpz9a13Qu+ZcxavLbKjStf40E
+mCkreDEjo8G5Ew9TNaRp221VL6l20jG/6QVa8Cbwa4
-> ssh-ed25519 2a2Yhw t0BY1ZmbeSORtHRvy5c3XeIe29QSRd5wSgibjZgcmAE
5+EWlrZoeg3SZ6MCaj+YN4ovWxrTbfVz5IV9gA7bcwg
-> ssh-ed25519 dMQYog gaJXyfz3aN5CnbKGao5nxnKc6ZGyXuLI9s5DQ7zcfDA
6BdUMh7erbIXstvEPnc0jE38rL9+0QU8PYtcQp5PUNA
-> ssh-ed25519 G2eSCQ boj8/IRM5HG4LEHWMYzDr37Z/fVyI+ZAGbFaUzGtOS8
tzZLK/jzjron85vLrxFALKUgGVi8ZdPnM/zcVpfp6Ps
-> ssh-ed25519 6AT2/g A8NtCXr6AksNJCnOLsErYIqKy2SqMza0GsUURr1YASo
lMnDpcWZxXIIRqBtLYG6Pkd6L+/dPVGRCgyYPzRLnII
-> ssh-ed25519 yHDAQw NOqmfI7ZuSMTmEErJjHkbjGtNwJhpHTWeS/6zPsTVC4
5tZLg+GbfpnCi2CbSP7lZLssYm7hR/B7PZCZZ5X3ahs
-> ssh-ed25519 2+FxVg SA3lD4YzgKQWnztnaKZkkWZvooAnH3uv3o4lKn59rAI
vXkGl4IUstTQ6BZsT3c5PmPKU3lJxosX5LRUuAGVSVY
-> ssh-ed25519 CRfjsA uIa4dBktv7pMMv4U8hwlUJz+Ewh7ZjQ+j5ln7ZqxlAw
WadTmmOeOlaNlejglQ3NgOk86zS/yyKKkVabIPajeCQ
-> ssh-ed25519 vwVIvQ pg5Yv6YQh2tYXmv9PP5etAMxNN85dwQ28jXZRkQI9RY
zE81eln0hmbRchzNNYXaMxI8aF/xwGXy2wm6GlKnzg8
-> ssh-ed25519 fBrw3g gtUFDnC6CowNoKxwgLCOsSQ8rK21y327K8B94zlMHQE
+WepWvCmTZj+ht7U8aMD4kJ+zDSH7+c5lNSDw2JKrzA
-> ssh-ed25519 S5xQfg vsDTXbJTOjL7wVx1rA5ny0Ix/f6QFlZxxB1z6X2YcGk
im/TCt3Rszp0tP8hx1CV1xqaxh/PEUmC6ZoARVJXUzo
-> ssh-ed25519 XPxfUQ OQf+JUauisYKuYtya1HlpnZKteLLJonnd8JZiVwfAQA
wDSRsGMxQ2rXtej/iBX8n7KRfdLIB5q12Z6zu2I4wNw
-> ssh-ed25519 SpD5mg UlMJvnqDtRj3BTE4wAYa11D1mM5Q4vIkKIPmtODKYSc
RW1Brw2kCbUlBZK+UdusWAKEW5ZC5VHt49qUsyeUr+s
-> ssh-ed25519 Kk8sng 1TYOMJBzUZrgcRE02YtFllJgV4bxsCFRrRgnoasWyVA
FXSNZ6U60lRRgS3EvqKZwWdwA3vIW9xe5+NcmuYorug
-> x'-grease dT
viYi3YkLyuugYlo01uxExjHQVbq6hMoAGI64lXiE6fE0I0AV5Wr8yHiylwAH8ax2
4ylwQQVAA66xCEF+2QoIapO+V7oaWrjeiEVEAn1D
--- q9OmQIHexmW/2u7d1XKjUgwp+QYHbiiPgC9ZurBY5l8
¥qÌr.¹s;ñïÑïMdYŠuÜ~°#i¸ï-øÁVBCÞrå·>üADéÝÉþ83<38>ú:"î¶o+
-> ssh-ed25519 xoAm7w NvgGcHYNA6WmPn3sCmMzPCib+6P7s5R/G6lSJFpih2E
gLugCNcPJtAl9+2fa80OD7D7XaBkpb2bzKJclOdjGfw
-> ssh-ed25519 mbw8xA dBYbSV7QcUTOp9a5hUAZeMlL828KrRp6tB3zMIopPDA
i4QRHxTVaN60elfiuYXuESwbphxPN4tsQ7scH0ZJjoA
-> ssh-ed25519 N240Tg Xg5q74f1ylRZGLpPggkTy1QU+LWEcHpqCV6wQ2OhQlk
RubXACwdS4+xNt8nt0C0wk8XU2YIWOSRwIXUg47sNA0
-> ssh-ed25519 2a2Yhw p5w1WsmcVHImVtolvrULgSsYXlm06g2za8zSiDf9uR8
qVuj2L8jvRmINprQbYg91yoJU0XZmO7TprQv2UsvpmY
-> ssh-ed25519 dMQYog EFYjggjACyNwvNCG75XsceqnUrrrsX4cv7e+Mu2Z2zI
Q7VPIP7iNqHxGGtRG2Q122f60ZztSRsRHRbziGAinNY
-> ssh-ed25519 G2eSCQ 5Y6Tazqz2Wjl2/lrlQMUWgEnSBJpmzwXAUGEK56upgE
eVxcvshe+uecw4ORKdS/2W8p+jcrro8cDcDdmeY7Olg
-> ssh-ed25519 6AT2/g h6E5M1uJRhqfR1bm82rXrJvmr+nkeUPbygD8S+zbAmY
r5yR6W2uCcR4cEnbk/1tXwhAanT2EqTsH1mIDbrVGVM
-> ssh-ed25519 yHDAQw lWomhFF/IyKtOUlBori7wNjrtsbqvKXXhAwF4a1y8js
baOAc0tKMbh6Sw0bWyynI3OMrsOPA3W1fCCIn26azeQ
-> ssh-ed25519 hPp1nw ZGwi0yK0Nu+Y/uXIxnQH6Pwmw1SWBE0yQ9FOuBNKp1U
tN8kk/0AxUIiFbEOSeIlGiBIy0d96wTG8VrGPnEHTg4
-> ssh-ed25519 CRfjsA ntYznFouB2JWY2LZ6aycDogIFbLHOhqcx50QbJIB+RY
slo38Rvg+2GV2fKRlt4Yns644kd55DrDz7ivi6RTyXg
-> ssh-ed25519 vwVIvQ UF+Bo3Rl5OPPqqddi0bqleRJV9XTuykrl2dkPPSyRAE
znn5KNsXZPHN2/E652cPhOx8RF5+uuFUyGhrI+kCou0
-> ssh-ed25519 fBrw3g w8EkEo1db0Po5ZhDzz/5nshsSmjy9wMSKp+XFDEuUQA
q50eyTDTxQULpogMbVXI2zSfu+ZZP9DOXjM+Y2/rMNI
-> ssh-ed25519 S5xQfg 651xn3mNSl/3+KT5d4XD2pkMNcxi6BScqX3teoKbgio
EOfzB+woFBWBaVKuv4t4E0Gx3vf7Lg40WXSovXs8N6s
-> ssh-ed25519 XPxfUQ FL+FYVsRNJBv7xEpwf0fXgJt3G/FiARQ7+aWK/sxryE
xneOKh3muAhjkLC2upsRrc4B0mggwm7IOMFsg+25gT8
-> ssh-ed25519 SpD5mg f140sUr/7itxtllfcbBaNV9xhRaV/IULGVn6AaP7zkw
FnostzjoSC/bdOu2UF+rT+0mZ0aUM8rAAoQltUXn534
-> ssh-ed25519 Kk8sng 9JnybgIcROZf+l0C9YGNb4xWkZLtdfUPm2V0WJsGPUI
fs4wBEIdK6kU1CIhI8zz/yqa4Fb6Q2u+MO6SsudQlCM
-> C89-grease >Fa(j6s UN5!{
nb+ymnliEEKJf3IGloFQMNl/SyFjvFUqekC2YEY2qJblAUaft3Tf6hMYf7uDSjew
5SRhESY0VucHhAK6OybwPWYRlXXv2gM/wxUicB8
--- t6Q6ULdQzW4/xDtZDVI/lfP5i8Cq8lnURqQSyKWHvyI
h,:ìüæ
H)'’ЊÂ/²)žÒ¾ìpˆ¡Rç2QU

74
secrets/nextcloud-pw.age
View File

@@ -1,37 +1,39 @@
age-encryption.org/v1
-> ssh-ed25519 xoAm7w ftH5Ym/ik0hpKF9/keVodc9lbrbl/tfgI7FNYvY7aCo
2UxiWjJ18muZg1qcomcFEJChlebx5dvdsVfdxdVCnEQ
-> ssh-ed25519 mbw8xA CKMJ+LK6HWZybajuHKTNkPUJWTcR/E7Pu7E0LwLljRE
aXgVMhoC8GEAm4YqHPAascX4CDX5D4T/uwbfdcfheI8
-> ssh-ed25519 N240Tg WjE5EbH6nsSCsZfHBTDebdCYU4lNyEemAfqdSIpYxiU
Dt6ZVntKzQo65WWHRg9Bp0JJhjwMIDqfV2WMdtELhpQ
-> ssh-ed25519 2a2Yhw Nvaz150AMV7M9QuY87wPGfHCfNJ7CH3VSl6tTbNlHig
U7KG+Yl8OnEFjso8s5xgHDsnHSe6IfkImG92uoo8BoQ
-> ssh-ed25519 dMQYog EMPtqpONlZ1XJycSBZJMNx2LBQEcPEcPIoJ1LstdJE4
IdewH3GF1c5hWGNQYbLYWMYFrhiFfoN811GDdoNEVlE
-> ssh-ed25519 G2eSCQ unDoBOz26bzNaKAoYfS+Bf6M+bGf/D38aZrGL7pifgs
uNcXcIOaS3ZGxwmKXMqRR7kG3ErDW4VW0ZSDVkrDPVY
-> ssh-ed25519 6AT2/g hAm89Sp/tWm7lnSggrK0CCMEXxkBaToQ6wsXSzZifTE
qhRrlwPCdaAmvW+S6XdbWsKnwoO2eLgWIfSF1XKaP2c
-> ssh-ed25519 yHDAQw vm25bEwFJg6jY2LIHTxbOnYDE2u+8MuahtBQJpzdW3s
/tZPXzO363LuyAQ2juZnq5S6tRXaq5RA1VsdQI6I3LU
-> ssh-ed25519 2+FxVg EfDKgl4yXd0MaTMOYVUwWqlujNiDJn8cUensuRHa9WY
lmq9qcJaGm1IIlC4wZ6rcnywJrZP1XrjXGpQmRrE6WE
-> ssh-ed25519 CRfjsA eJXHwGRcgGRy7jziDsuWJlpJZ367DgmPk33vMza+PVM
kQzmsqhxydPnO8zkQAF6V69inaIur+Jj/Y/UWSlm8bU
-> ssh-ed25519 vwVIvQ g7Dbz/nR7ltZVJtfnLfNcuTl0EEmwevqx4uzE2yU9Bo
t0kEKYGDjcjDRCnKcyLoLJigfupgSwFGNKnWZNgcEjk
-> ssh-ed25519 fBrw3g 8YAKhKpmrEqyg96QOTPjHv/Ufjzn4ebyf812/u3crB4
joYiN6sLiz5zlp+w1nezyVLsN4cTMreL7vG2Q1BR8IA
-> ssh-ed25519 S5xQfg PvaGUlWhWUhW8KXg9GK0Tlw4ru1M7vpeG4jdZt6HnmU
rFb37EZYgmmmrJNxVe4S5CkFEadUNw72FWS67qlOcmM
-> ssh-ed25519 XPxfUQ BQkn2MzbRQT32mrGK9jyvpm4e2cnZEmrFig+YVOy0TY
vvemmqvcsE+4MZYBltYMZyuosZy5JxDYe+a+EbeDTv8
-> ssh-ed25519 SpD5mg mndEjGwk50wd8+zdFao9dvscApXrQVk5HcdgBzTAzhI
1Bl7ixB7xYLsAYvu3HY67u48Dv4ktDwYo5oMAbr4n1k
-> ssh-ed25519 Kk8sng PR7IpsRjn/4WYchFHfkGPgNayTSJDM9rY2X1CFKN5Fo
mHPqmcdjP1atZYLaA3phPsjrNAEbAfvpu01mfZ8qK54
-> ZN_d{1-grease {~-\e[ 8c 0LUi]F)=
E+1JKauEcaaXzol/Gg4rqPJmO3+x0EU3V3evmxbZ
--- hl4Pp2I55YOS97jg8WRxXI1+wylN6RvGF3P+kRxL/YE
Ù$²L1ÒuðC,œ,QLÖiõØ&º`ñÍe<C38D><65>0§ÿøÙC§”„ד\7ÈP3Ñݤ,ª}U¢ üî·½î-¹R.¯îb®‰|1ò3  ùŸ“àÚÒ
-> ssh-ed25519 xoAm7w 7+DO9mI/zZfTIN/0KBMOIjMNnReyGoH/XVQa0OLdAHY
qg/UIBJr8GX79d7xrIIN9GUt3pDIormlOM7IdjIytHk
-> ssh-ed25519 mbw8xA 9KorXegEBX3PYQm+Ljdjs2hkxAIpz2CZrITNCGo0BnM
QNQWGWqoudiryg/0fV2KZUuJQGp/suZun9KF9c2OTqw
-> ssh-ed25519 N240Tg kfl4aaKI28cDfzX3MBisRGraQYChPdUF2WigjOFYx0Y
u8dgbgJSmcJBp2Uc8qbWMbpa/cKEmx4V3psQgzqnitA
-> ssh-ed25519 2a2Yhw MGk791xEYHlC4bYfU5CMS3rY8TVI8KYvEIwUhE7wQ3k
iFT3QUR8PyWw4grqy7/8KfLfYNIDkgDKM2MqSr6cj0U
-> ssh-ed25519 dMQYog IW1ntuHrV85WX60GI295c197NUlQMKuo5gd3sQZl/gA
gAnx0rMggqZ7Rn8tHFAXJx3z3t9MkZpmjpgI2qAtK4g
-> ssh-ed25519 G2eSCQ 7ZpZQAda0uxjIIdpLnC5JlU6cbLtJWr9LSIIdi7PUQw
PfGFrMVLCmy8SDv2nn6p6M560Xu8lte8DjbCORDM+uc
-> ssh-ed25519 6AT2/g JGE9jVFM2Wu348XIHpubyCEismpfBraxnFGTnEvqqnI
kDHfyJdBIGIURDJ0Nsce4DqzPzhk5p+LM1QZ44pZ4g8
-> ssh-ed25519 yHDAQw KNzCNjvErLwEJZpWWMIBFUGOC8jURyvoKzCWX0ATrRM
EyIJpn48eU8oEB5FbMhCOd16hAVrxTFLyJEoos7WGOY
-> ssh-ed25519 hPp1nw kdjLNwgYQV/4NMubVpJw8QCIuKn+u3CT1boZNJEWfCM
FXNLqmpZB+CtSmCY9zGr+3UebEwNK3JmdP4ifdXiQL4
-> ssh-ed25519 CRfjsA axLQSlgVkaYmRktIP+fwHnhN2pJ55NCOW0fzTzgjFF4
ElO0byzF3PJxN9WgENIN/YfmsOR9rOhEh3xRNIIGIyk
-> ssh-ed25519 vwVIvQ LtrPXRJ0hztkWFnoKt5c0UzWQpD9CO990k52gjWcQnY
nHb1hsXhHQokcA4WoRlbZy0EFQt8Xd0cYUGqblY17Q4
-> ssh-ed25519 fBrw3g dnWs7lWY8QoWOjWHG68FSYqZDzsIaA/qU4AXrndGNTw
gh4+t6THL2mtrPUzGlYd/YxDjk3hpHxUmGq+kRcz9BQ
-> ssh-ed25519 S5xQfg kEXs5hXXR4ocYYWoT2xFr4HITe9wIOOLz73zm/9bf0o
WpO+5/zXc+UGYJGkNNQr8UsEz2RyBUtQ4Syep718294
-> ssh-ed25519 XPxfUQ pL4j/idFPiIPnWI7bIwn0+FuB6az/hXURAh+tvdr7Hc
WWJPFYanmf3+KnjG84XlnEapI1vh0wRi9XFJRn5JVpo
-> ssh-ed25519 SpD5mg CpGcl7ONt0juh/N2hwcxWiuc9u9wjQ4d+AAF+1BQim0
7Xs7qYITkCsjloA74CDGn6lZhXNTqFV05omLiCz9efg
-> ssh-ed25519 Kk8sng DzLM7ewz+4yz5YNQfBDKcOOlqMxScGR34XfVpCUHMEM
eH2ogYJO2N4cqxRibCOEoL5cXcTdWavHS3uRX7wwHxY
-> h<Vf$Fh-grease :~Z8 qwh*'} 2*OyJh )iMU_m?t
u9QuYuPJEVl7Rt1cEcXZPQ0IfpOzqB59iTMch/SDoByr966PBlBfjDS/7i9U0sEI
GMeVtXePXkKPXVvhmbZ/C9KI
--- 1F0kxs/7SRrpoj9q4t1eCg381LzCgrwA1DYG7zcI3dI
ö>°cY§ÀeéEòƒ\ã¯<>Ôc¸j½ ßÎíÃS­—XpºýG<C3BD>§$½}i¼10
ϱ™< œ`á Œ<>, öAž¤£~r>ø$|wˆ¿

75
secrets/peertube-db-pw.age
View File

@@ -1,38 +1,39 @@
age-encryption.org/v1
-> ssh-ed25519 xoAm7w 99ufX8x+2IWSFhunUnSeH5Li0bdNZQpnjAeoI7TBZQ4
AtecBXuKzWfxYO80lRha9uyltLExWqTTpT80HHOsW5s
-> ssh-ed25519 mbw8xA ZEtocwiOLTy313asl0C9MDGPy8KTk5wo6hZHLSx0WjI
wwxe3HF3P5BFfAMI5nes+dwnzM51HSY3xtia7wVBn8s
-> ssh-ed25519 N240Tg 1tT+WIwhrNAZKiU11+rS6lo4XqII4yjwoC5h/J8GLkQ
hLWQ7XFlmycr+J1MukhHFebYpsJVUwUz5F2+XNDU5g4
-> ssh-ed25519 2a2Yhw 5JwVo1eeVRryxYYaWznfHlIm2IbNcONOKK++ssMj2VY
o1P5EycNl31HBfQYZyB3KL62ZxBej/t3T30dfo3WYko
-> ssh-ed25519 dMQYog Gh9wRFQ5at0IRp7lSUxqx4cmo9khOPMfS4B+QM7JRzU
zVhsUzfXDOowR2ICIEqpTfm2TjsiFmK+3k0/cHJ/o/o
-> ssh-ed25519 G2eSCQ iv5pDSg2yIcqCJcBHS4GL2lbCZvzPxjHbkLjZJQEWD8
JFGDm/7tRozdGVSdeA7kd6N8+Sj39OjJ/Aut6A/7w9A
-> ssh-ed25519 6AT2/g 3aE7p8BUJ0Dt6zATjGBql9Hgv4gzpAR5zqPahLbR/j0
nfhfhAP2ZLWZPzRr2ZV7oaP2DEOGH/9Ygo0plrkmu4Y
-> ssh-ed25519 yHDAQw KR40v7vC6hRm9QqWtlF9WX8WIzbo7b0Bukvl1dHMiRE
2F2jAXTK2g+82Y1kSzkRruqAfsCzhYwKEbJWtg2JbMk
-> ssh-ed25519 2+FxVg JQxr5S9RIOcVzBK2tNBtIBDnncldTPk9blnuGNxrmyI
4vcIXvs9seQZ3GVPIqYr41Bd9xhPA11BlLHa+YNDf9Y
-> ssh-ed25519 CRfjsA HjpZxl25Xu175mNcmhb6gBJkSiN0rZAHGaxChssjkVw
dX2D42NviiSQGCIPBPK1x4CzLf5v3fkcFM6+tVAi7k0
-> ssh-ed25519 vwVIvQ a08tDilNeVsKz/SdzmI7/drnMTyh8o45JJgc27yRZG0
5qiAp/6uHLIBNdG9FZQqZsa7q9pbJyzlTe0UQvWikPw
-> ssh-ed25519 fBrw3g dDA8Vy5fpfTs7b3+mAVkR1HXvtSRcyq5shCHZtwDRxo
gIk85ymB3yWjINCmlSJkaFMihCD1vDon8+OLwAh2wRU
-> ssh-ed25519 S5xQfg ElRT4mtq4Ksv0imJ5dbvW5M5DIgdStHQdrFqzmXZXho
QCK3xZRemQtgXczwgwEbrf9oJZ9NtSHa3a50T+nE6AE
-> ssh-ed25519 XPxfUQ l8AbR8IsS33Q99i9uC0b3eT83tAX7CFiep0V6+62hRE
D2YSywYJ3WzTm3VWMh4YWKBaTARQ/rexq7ked3Di9fA
-> ssh-ed25519 SpD5mg IQUqhLhcHQn9wfFY1RSZnv/GeQau6y2N9JOl6e8prgo
K11LjHTz0VZyYj90xsbQznUBGvckPDX8jDy8md5o+8Y
-> ssh-ed25519 Kk8sng XRNVn/26tWcdLBzO3cb/XVdewgaw+b8sDIn0jDcWIU0
r8yDTjK6W9BG18hAU/sN3G6o2jU1dyhn/no9SBNcT8s
-> P_O-grease M#%Ei0hU
rzNzlsj4euy4zrS7S85p
--- T48w5S/LYYKktHmqdc//AxHomtH3Xz7CPxRD8KOhYoA
dú6ûJ+B†·r!žøµŠC&Y1G/ÖKm½ BÞè©\ÆñS Tü[l„uW
á®fÄŒNTõå6éÜ|5c,R"É…ÜqôÍ+;šè|€ªÜ
-> ssh-ed25519 xoAm7w 6fOw4Kh4O0WAdZG0WPBdl63ap/Xr/w+Rweylt/0mKDU
M2ZYVPz9vVGjJ6us48pXSFKKH8tK8PhkvBUJAUriimY
-> ssh-ed25519 mbw8xA JBYsd9iwH4E2GfGP63DwdwT4Y+gvL31sB3rSY2GKDmQ
zMHRL3bDxeAkWdKYPPtc/xyrkZlNtzBwzMyt5lb0H4o
-> ssh-ed25519 N240Tg 9DErfKdTHuvUcw9+5yzo8kMHa+IKxspGlWb6KRvPB0o
q1FLalljaHyYxEu6JrmcXGYhYi0L7TAtV0U8UsaQ4cs
-> ssh-ed25519 2a2Yhw eDolYbro00zktVZA8xdhbjvLkcOItFU/lTBPXNYypWI
d1MlKnVGRf2T2VFPhDnsSF8fboF+5mAdXEMeJRTjJz8
-> ssh-ed25519 dMQYog 2y6zkr37iC5VarUPOlrXVj9XyS5pihQq6O/K20gTMnc
jQxtJYCH1JagBpaupGVizzk0ZCswOQvFTcxT8IeFtRI
-> ssh-ed25519 G2eSCQ 8b0ZqtAxiFRfLEMHnj6LZmq5CQT7nMmfTwc+gpKbQQs
kl9EvBs9BpZXoomdg30ViCMBV8xEnYlCD9GFY+dNVBM
-> ssh-ed25519 6AT2/g kA3H9/fN5qyPquKIBQqYSGZYhxqDc7Zyj0CrjF0Nqgg
zXrT+jpTJo6ToVzLuLzDcqblXKdDbjxt4Zr9CvWBZc0
-> ssh-ed25519 yHDAQw vuMN4IU9wAIAWDFEDCr1yjEPtEMCISxYTx27qh4QS3U
2vrVYYbBlbyEOmd7cpeijKeNk6uEe/1iWQcZO8dSrWI
-> ssh-ed25519 hPp1nw TwogaV1PZXUekJoqXepW8sUm+DvPCxTEL+RobecJ3ys
VKM1QHFM8qDW1ZCpueQEqQtQknoQ470nll7y6WTjlWA
-> ssh-ed25519 CRfjsA dvkLphHpCButJtI/RMlt7RvaIuMNHLbF9y663tvuvhs
VEwK/KDK93e2iwEcwmGM8vvhwqi+tNW8SYrbsehZbWE
-> ssh-ed25519 vwVIvQ xnd9Vgz9FCeRu6yZbbIZbSBEvSkgPzFifye5eT8kmT0
XOCZBNTP66Wzy5Vdn4qJwzApDx3U2qNnQqEBcwfARHk
-> ssh-ed25519 fBrw3g 81Mv0OtBk9J2Tb7kjnT4uCGeytV7HJfOTcA5C4NoLy4
hiMbGjXjtvBa2Puhb8GBas3WXc0fozRD4hg73MvQumw
-> ssh-ed25519 S5xQfg F2oOMdM1U1aT4K6pIhCnCz5EbxnEb9Q4QZ0MkhSJKnE
Pz2cyF+IGLz64466ne8np3xA7g+51S4s4mlaLRohIM4
-> ssh-ed25519 XPxfUQ 3rIutnjj8fXIo3mCAL5nfzJep7q70j+AGLE3j/JxOhY
v2Xj5PbpFMsf6Tx68u7VHCRqGa3Wrnsk4E6Q08SklUc
-> ssh-ed25519 SpD5mg tmM+zaXpX+W8xsMfBCoWZc+7wPRI6yFt2W/p4O2s4lo
ckNxHza6ruYdIffwxDFOWnYOUgpbWNfwzU5AQJb6ZAA
-> ssh-ed25519 Kk8sng 2ddBuZ+DEVuvRmWS2O8r+xT4Qtrev78Vre+yQ3kNdEA
LojDcUOsZtA5kw8kIPC2y+G21T1uKUEUkwkJ3xPiUX4
-> "JnF1%Gd-grease |=~ P
tzG7OLiEsRVyoTBpLPGwqNBUGkz0
--- /AHllIllItlnpPXQAkywTF1UsUb7Wpec2jdYE6kOkO4
´ <>§K
^U5{Ôpœ_l9ûá7I#J¯˜Á!ë†å`Cθ^vÚÕˆEòµßŸÁˆuž¥òä×_WPæo2.<èù w}¶Ì
(!V®

76
secrets/peertube-init.age
View File

@@ -1,37 +1,41 @@
age-encryption.org/v1
-> ssh-ed25519 xoAm7w cxa29LYBQrc3YAW5rUvS6nfkEg0j66w5wYu1PZ8Wc0E
NdsMgB5PVVsFrm7wR3xrOcMmIvP5pv6g+KYAhiRvpuI
-> ssh-ed25519 mbw8xA CKUESfDlXNokBZDcbmCkgD16V9han/+r5dFI2rnBcRc
uc1sJ/OQ5gclZUSIAJ2c9VY2Xb/ArMNpSnNp+gSTWZA
-> ssh-ed25519 N240Tg 8ZUgwgnxZFMnR3F+8VSXDAYooXrJsWK5QpfSxKKSKBg
raQOAeM4rpFuGMtjts6AkwcFaVRNoy0byVXBDR5BYYE
-> ssh-ed25519 2a2Yhw ig2GjUHCFT57AldnHOWs5uQAaOoFJeoounbweJTQlwE
VARizPNxh8KHt/PxPgkagovHAVIiL8ex6XIwUM3xYLg
-> ssh-ed25519 dMQYog LQUCsEaZI+6jWrwz3HKWj4CJN1r2SeCJmc35b2/WsHc
5S4K966vu1EdRTENYLgyCdmGBln28O/j9V3uPgjaS7g
-> ssh-ed25519 G2eSCQ zLkbxZbH3rsgENTIZJKDPo6ByTGjwRScgl3HVZxwu0E
lHvz8F27CTG0pCW/nAJpdISuTcOiqpD2PhLOYyWCC6A
-> ssh-ed25519 6AT2/g 3pshwP5X6PFs8GhQVPQ5s3TSyEt/Z6mEswTvZ5ZLgUc
nFSzE4oF+tnXklCyacNQwBJ82s1HdmGC6mWrYqRVd+w
-> ssh-ed25519 yHDAQw wnJ41lJounkHLnZB56fLgjles3dYOzoiFM8vOfEHPEU
33TGDVzGFr5TSVSzK3MHYB5rHR70lBrnvpgyTVBsLl8
-> ssh-ed25519 2+FxVg NnL/Wt2gNb/0vkd9FgiZFlkbpCfwweAJUCXi94U1Jms
fvkC5RGNBDZ4DLVjZvAQCvnqLeQAuQn0XCS+VFSyb2Y
-> ssh-ed25519 CRfjsA YC4+VW4epc3UKMDV5r6RXR4Vx8td1qCuTJwnSiHyxV4
gRLgJqsMuTKD8SObfpR+3zWew5rjwdpEmUluyWco3Ps
-> ssh-ed25519 vwVIvQ qr9hH+jPD/2eXesSPE9/sk51EeuNHmPe+Br1XVJpsDo
fiRhSdMKVo4K63UAJh4jyTky0aUZZUYFDAE0abWinYs
-> ssh-ed25519 fBrw3g d1YdgbjHQpvTgLjN9z/0eRtEYs3x0Wht506uxogWCm8
d5bULkVNiFT4l9uJ/6k59dfcY5jYkv38YHjx7+07YRQ
-> ssh-ed25519 S5xQfg 9Q0QgN7g9kRGiOvBGZp+3TrVuGU3oyAvK9M64aUmbSA
PJQPEpCM4zU5VLrqsMa9Qd2rZvQSq1vYbPc0uCwtWyk
-> ssh-ed25519 XPxfUQ qS5Y1YSx2g7ulSINPEbjm1lqL3OvGuLaj04tcPmjTiE
hSw0TZRL+V4NinnYq37fC64zFM8CdhZFNXmd3ps0f3o
-> ssh-ed25519 SpD5mg 6215GJh97SQIklYqTx5WPUlPbNJUMo0vhXTwtr95rGM
jklCiz/2AIAIuCKPFS8u1Bw8SXMf1AOV9X2P5UHXMUU
-> ssh-ed25519 Kk8sng F8va5sud1ck2V5MQ8ky14Eolj+YEIzoibGrty0wVQhw
FQIkCvXEtPy+aek5rvU6SO/Cet+f4wzQ/ebqbLSaunU
-> 1k-grease wE~W)OD
DXxr4+gUdNeA2+skSQ
--- n9Ef7xVWYWE0Gu0h2fLzw2gP4qOHKLsCZ/6Yjfxp/xA
Ô…Ñ…(¾= eŠjÿEƒl)h·:¹žiÉ<C383>ÂÎ(>6ð¶{ÜäêÏ :ÜlŽ,D¨º,I;þ3”˜»ªw¼¾úµ­Þþ)0“غ0ÆøXÖ{fè·—­@þƒÛꀪM­ˆÒ˜ Žä!t
-> ssh-ed25519 xoAm7w N9ZPma02+vK6eoQ6X9/AufI8d9Sq0fAmbCygEAprM30
qUcK7qCxU/wGxssjMO3BFmiP+ZPCMMA+MPsqTS6Hau8
-> ssh-ed25519 mbw8xA 1uhQY3YHakSRBjgVfqWc3ynGGNT+T6qR74oy7UpbdGM
7cvBh7xPxDxZqrQURBUUnyk2YjzVY/kzAUf7dy5y/JI
-> ssh-ed25519 N240Tg ujiP5iMMSupxkwhY1DpkmRQOQlZSr9WjPGrY7aUKmnQ
FNeXuINzgDB+gn/u76gQq7J1zYCQC0wbFyUVxvbalI4
-> ssh-ed25519 2a2Yhw C8/2A7AOzjyrH4Ulre9G+w1y7H1pvVZe6k5PTmGBlCI
9W6w4Ib0riy9sbZEQvSYeJ42LXwPruV8kPvTOP+dMqg
-> ssh-ed25519 dMQYog hIbfS8dz5LGPZ9sU+lHHnL8KB0CceM2nYV5mFV038gY
6r14pRwszEZGVzDRZQlymlgjdp1Zd+r/O2IfjqxBZcs
-> ssh-ed25519 G2eSCQ kvgWxBHowwVcGlm3KiWjxug+Wx3zkcMWl4wbPRrhrl8
A5VtHqvDwaa8jONXMTvVQC1ALcnsiqxllM/DrRXWFws
-> ssh-ed25519 6AT2/g XUGBtkOcpLRKNDS3hsyXAap1DXAIeaRX9jFOfhUpMw4
sq/Ziv4RGRBmrUgS0GWTQs8AViUXBWjUxqf0V/rAN8E
-> ssh-ed25519 yHDAQw GmscTQwu+lHC2VARJusQ606NLf6OlxITZzINjrbxf2o
LmuIU71tE+2OlF0HGNS+DdXCLdA5lAeTPXl1S+V5KCA
-> ssh-ed25519 hPp1nw XQbGxz+YJ8RieN0HxEQz9kJfikbWTtz1hFNGQBHkXzg
1yst2YMs9XelKpIGyl+qxAgrFZ+Hq9odh6wBovbb8sc
-> ssh-ed25519 CRfjsA 79TlEM5+g11lMOkkW/KvSTmt//ChklK3jlUHLAM/1hQ
9X1VP6SYST3Q841ahE+fAeg0FhKq+/XcZdysigIOgdc
-> ssh-ed25519 vwVIvQ 1r0/J5T1fEmOjM7ybKDPOBdE2UIDEUdkIFNWGJBzXGs
gAOX/3koAfQx8er8nt4dlvLbIoYfeVPENjz7wLNoFwg
-> ssh-ed25519 fBrw3g 9hdWAt6qEwjAwVmTprCkR2q6GsE4dEOCiCTRfz58fTk
f24fPWUrwtt1UN2ebk7tj7gBY8EiAMwvEvztCvaNZRc
-> ssh-ed25519 S5xQfg wyY1lx8QIDJy9pCi9zS3T3lNV0jQGhVC8HvyI60zrD4
6+agBFHfxcaTLfZLyEeUMl9zyaFbsM9X2EXPvf6DfeM
-> ssh-ed25519 XPxfUQ IabbhU0TM3zImRHyKk1NLnGRUUTuQHHCMLzp9AltDVE
vf+5OlycHphA0i4nB7c6OtBBahWPJR/8VSWzudM9FEc
-> ssh-ed25519 SpD5mg VSBErQVSLWPcA7C3p+wuL0/JaP58O5Gvy8z5eJduky0
jnd3tBVjqhf8oZy9h2soMZVPEa2dvYHxvrNUdKK/UwU
-> ssh-ed25519 Kk8sng 3gM4o/sdewPR8BZo8owBVEE2GwqnQgUeA1Uxsd8nOlM
VpgZRzc4tN7QX8s41iKoCstfU0KgrGhWolfws8QXYr8
-> vWbrVo-grease ,kVQ{
PpMMMc8V/eqh5OBEcK067OIY3UQt9QTjHCVVesZediQxm/E2rRYvKm793NdgsflT
mAA0Lcu8/6EPFWtK05TxkDO+JaVfrvKLKuh/E3k
--- eKZw2cOm1WsLYj/Bx14q433kkZ6altIqL0qnBSYXjn8
>»KÝ-B<15>vœâŒ×ôÕŽ}4©QåÎ˳x
ÅîÝÒ{ʱí­
0U<01>Ò
ê¶×Ý

BIN
secrets/peertube-redis-pw.age
View File

Binary file not shown.

BIN
secrets/peertube-smtp.age
View File

Binary file not shown.

73
secrets/pia-login.conf
View File

@@ -1,37 +1,38 @@
age-encryption.org/v1
-> ssh-ed25519 xoAm7w 6YE8Xut+bONuueEoD3aAPn6ly0nlgHKmPhrOYmaZyys
OFY0cogxB/TM5ShiYG9OyAlIXJvPWrgmB4QZrdTYTGA
-> ssh-ed25519 mbw8xA mZdtNfY4gLd31NYVhhdFqKhNh+tKTCGayG8n8CY16Xk
3FVJm0Ky29mtmCo2NaeCPqcurt1oy+1kFaGzBMRFvgY
-> ssh-ed25519 N240Tg 8ldjy789NFoPb6FprQEESprs2G+tH4h59uZ1cR9OKmI
527JcKENr6ddpZ1xWy+9rWgsFG/0/okHYtyZ8bnIGtU
-> ssh-ed25519 2a2Yhw CSpAusLjwTyUMR3TQEX7K6wLkEBQCTwDmDWzqa4BWE8
ZMWO6kC/xXdzeYzuMtj0PU78rjCB2SxmLW2FkEm3GwA
-> ssh-ed25519 dMQYog xKjJsFoT+B3+vm+92ywinppmwbMDFqlLHLlQh56d5m0
c8yhBQL/umJZoAqPXJFYFZVN2CwyftPnXZbL6BEo/XA
-> ssh-ed25519 G2eSCQ PNecZsY2AXDMAZvPw+HMdioRE+4hiqoXViwQDAvCWn0
3xemYVepW2NvII/zDuUsFfp5uBFQzU5Iz2zHpnSACfo
-> ssh-ed25519 6AT2/g fnRDsTvXSqLKzraCy2QUqIqCteAlVuSqrkohHoIQh1A
NJaoRKC8IyZcaObclNuvIJV1xtNA2Vnh6+6gylNBRko
-> ssh-ed25519 yHDAQw vhIaLzY3A5H4xVoWXJDFXdlX/Ddk0OCScSp72Jy+jjA
r4sj0I/Vs1/klWNa1Ud/alCCmuGGKbZ38K0UAbxOaNg
-> ssh-ed25519 2+FxVg UfBGv5v9kilraMWTgPj6reFn1Ipv8elF/Je2L8HJfzE
xeMgBC6Ao2ykXFNRbdok/gC1RXHjH4NPiv7lpFzCWGI
-> ssh-ed25519 CRfjsA 7Zz5w+LgThJBhCeTLsT09rZnQiaLnFUuuxxFz0ui7xQ
XCPZeaiQ9uDS7dachDEFKZXc2VI+2S3EpP8m4fWH714
-> ssh-ed25519 vwVIvQ 5Bc4/BrCY4VdCabJ+XW+e3UPshgZWYFktE/QBb7+0Tk
0+2IcVoyV7aX4wSBkwD0uuZlzInTXXJpJ582dQiwlME
-> ssh-ed25519 fBrw3g NcGqfNA75TZK8snDZ1RV7CXDVDHzIo27CzUlisWw8X4
s9UR8O4q4w/PbAZPSd3+hubg8GdUBYfhQ0zaRTgTx5o
-> ssh-ed25519 S5xQfg xtYjArK1YYAV4ts55E0jPIovtagFV7UJRb3iv1Om43U
SkqJ8UmlKtf+0KntLyjZ8Rgf0MtapEnEoVA+xTFbVSc
-> ssh-ed25519 XPxfUQ gy1JvMR1oy1mstVgPAc8m2haExzpEaJj+2POUNc0ZUw
+HaGMvuuybpJaWs2yCjUyJ29jXKaDLkFBm9l1WLus/M
-> ssh-ed25519 SpD5mg C2BcTINChQTOMgMnn6wjJZ7ADmiqJpE4Z5dYZ3z4wwE
QgUNdg/PSj67SdNfa08YvupPfV4GWnSkwcRIt7ZgOVY
-> ssh-ed25519 Kk8sng +bkUV2nOzxIrwjFWNErRE3G5itxwzDKs6lG0NlSe/CI
X8rlOeGQLzZXiIrkVFHJDHPt6ruuBs99jZ1XLZSAgBw
-> N+U,G!$-grease u eB<}B2q $nG@I[&z D..uu,:
E3PUEP7Z7anp0PcXD2CDpRsv
--- FlP6ry9X2YIf++tM8sOD6wqqrmRgGNBED5RmAepRfOk
(Z4š¾´×Éxt-à<>¡Ø¤N9¥ÌÜÖ<í®TûÁGß.RW#kÞ'v%øã@êR‰!#Á%Ô|<7C>CùÉP€YÜÀší¹ Œt1Ñ¿³ †Ñ3qÑ`
-> ssh-ed25519 xoAm7w SqYHa6RK3Qc2q7PnzW+2zWIc+A45lcgsGUOcloo5NCY
YK3fq1eFLcrYyeB0jrbpaDlvZI4QXtGDB6gBsNOHRbc
-> ssh-ed25519 mbw8xA td67bdiy9OVhynehUE0t9WNhSm5mibBSouANJsb54DI
k5Q0NYRDLuEVqi6spysZ3wczsl6KeJHnzeQs4AcfOPM
-> ssh-ed25519 N240Tg yQxm7sk3zmluyfrHuXcfcUH4bep9yO2yasWsZL8jlm0
0uLbEiU6G+BOFnhdtQ7y1TaZun3L9cayeOJUiKmhK3I
-> ssh-ed25519 2a2Yhw rWgv/wgxs/G8JqWRMX4K8OMkbDDEWKXn8tr1EZHXNTg
//vsUBg5VSyyPOhUppiV4hkEhSVh7TUxlgRhroeMH2Y
-> ssh-ed25519 dMQYog C231LaIgcDukZz+Q0w3BS6QoRNPYBpQnDc0iapNDACY
h053cONj1m8SP/V9oFU7MuMRNKq8KNxr9FyWoRShZ2w
-> ssh-ed25519 G2eSCQ oazxEulqB0zTHwBBZxxBvskYLENNm62hy0EMt/6BIi0
rM8Evty9wq4qC/Tau0bU0LgBqNP1J6Zt+iQeYwhBJ1g
-> ssh-ed25519 6AT2/g GWYlWQLxy+JjQUGGG4P2ePuqYkUov/0OV1gyAUfo7xE
CT4W8xfyQyZ8LgnVWncxL9TMyf2tC1mXhjJ8/OrV/yk
-> ssh-ed25519 yHDAQw 5FsOvziKO7oXBvIbJ6ikUHyZsfJcwoXcXYmCCCZlUl4
5wywGXF9/QbqT0H3f7GY1J79ZwrFaSG6qzHll5G9Xcc
-> ssh-ed25519 hPp1nw Aii3iq5LHQPAWIGj7RbK18ChTij7zYnARHqXTAcU+wo
218UL87Ev75zAsloHSkLlQoSLk3u+XaRgMpqFlHQEIM
-> ssh-ed25519 CRfjsA AafQ3rTlpqLZqz614VPy0h0o+ha4f7gdx3zuoO7h9BI
jyhVN8DsgSo58YPKb8c/eBWSgunbLgN0tnvqTaaOxTU
-> ssh-ed25519 vwVIvQ oQHpWgGDhgea9M774iyQ2gP0hvSgFr5ScM4ZdhMHD2g
9vJjWXwOqpOfegf9ZtKMxAayDsn2ziHGTHGIBlAO71E
-> ssh-ed25519 fBrw3g lGSzsEt5Ot/RHwJbL3fNQoR29ZQ7EsFUWv7HjWnU9wg
cufwuuyT/Vcf3QeJGXEcYFUQqjf0US95po7FaGMYXAE
-> ssh-ed25519 S5xQfg CGj9qzx3vvlNnHh5RUyg4+3gVpIEcgGYbYJr61oTJgI
x3TLtdaRpFtMRTC/RdngyBOeXQFEVvQIRdfAsaj8hj4
-> ssh-ed25519 XPxfUQ r1iu+mpoUVuf0AqaDsrumw8SOdiHapODcgrYRrAuSjo
1XNRKfEgm2U9DXZmNogFr9B9MqibE72NjyHiy2zZFMk
-> ssh-ed25519 SpD5mg NM2MP1/5yxwQvvpiHnq1aiXQg4yxWpsNH/Isrwcz1Vo
IdWPzZg+/mwCr91bIlDMpAiii/HWsnIxTGXnetYjRPA
-> ssh-ed25519 Kk8sng 4NAaCbs1EOQpZz/qm8yW7PkFdsn8seSTgInow1zqBiE
2MJJNUFyBkxy26adDmoJKNndeQT+MsJGjdYiXMpMS4g
-> A-grease L''*[IU]
5xdl3E2HB0Yz2TKiRucf1X/PV2JS4rc4LG4cKJ9VYIUksE5Aoj26E8h1izCrhEsp
Hnr2xC029yD3shPQ1w
--- OjLAmZwep6nKTZYMUuBBaMe+F3FmWqsCM2XCDqoiG/4
ÍZÎëk²¬¨œoéG´ûCbÇÚ!Zö{ʦ ƒ\ öO˜+PK±¬†rîЕî A´~zÕô@ö’\Õ±M3G¿iÚGl‹èçÒ~€!þ§Á*Qõ‡ã

BIN
secrets/sasl_relay_passwd.age
View File

Binary file not shown.

77
secrets/searx.age
View File

@@ -1,39 +1,40 @@
age-encryption.org/v1
-> ssh-ed25519 xoAm7w 8/Xbnl2GV2BouMzSyi9SccnOvkr9MhD16hL7mATBok0
IIUWe7J0BA2KtKSCV9hGHwwutyV0iDXEp4iBw2ECP1E
-> ssh-ed25519 mbw8xA ljb+MWwZ9neSLiGcRRiVV77AS887N9LrfJLi6f/XYQk
sNYx/g82DJC8boBMYev5HpHrBf/6d3Itr3O3C1M9nUE
-> ssh-ed25519 N240Tg RpJNQFws7kfcXBoEjAHSZSDrxxCK+Wvd+TxAS218iUI
Ykb4uzw9s3TYcNmV5Bv3Fos2P3L9OkKwPCP/dr5aMJI
-> ssh-ed25519 2a2Yhw kFpleOyyyhKDq41jgohT0BCpVpasAoiIUPs3oB/kEWw
9tHqujFzQ6QI8jQUEevspybHVDtzwyNoWEXUhDitlKo
-> ssh-ed25519 dMQYog ISBfsqV1suikFT1b/0bWj3Lk8VLR/PQrQjviWg4JmCg
nDnUy5N987f/TAwanzzOKtdYLJ2ywoikugr2sGuVI7s
-> ssh-ed25519 G2eSCQ ygV0RkgqXQxvsmXOIjAPfopWldnsMZ8KgwRKletoGCU
sELGgITcp3DKT1sNoUzE1Nl7tyINq06TfYP7k2yKLYo
-> ssh-ed25519 6AT2/g EtzGUZOzofDnfd5M8wIIxaoTk34hr49PbChEqMmRHHw
DvEzWA9X7OWjHAl5JCVV09R6KTA/JwlBcB/lyFVgbvU
-> ssh-ed25519 yHDAQw +ojBBWCXn0DDBK9kfhDRYwbIQgOVE49vAZJ5skq0Wy0
MbX37CfoHI/Y9KAj39XgRfa83CzgGuTRkZ+tcKT4Icw
-> ssh-ed25519 2+FxVg 421B7+BKrkKUv4anVKUtptyCneC9lMuAuqfYtow6j3U
4BDAGe7MmBPX/3c6SXnSIiZB1QzkyIDT+HKiXIB5QdI
-> ssh-ed25519 CRfjsA aBrHk8ZZKbSLYKjjySs1Qj//e7kGIjIBVMeT7An9zkk
W20VN7h3QwmRJmV5J3VGl7IhqUQatVAlncfufjnPwII
-> ssh-ed25519 vwVIvQ b9wq6xiir/uVFSbs+0pN34Ec+F47CwKAvjEDQEZJylA
CKiFnDpY0S/iZrMPNNMAT4+aZ55KNviXmCphe89bjCk
-> ssh-ed25519 fBrw3g F7MkD9bPZ3awfYdd3v4If+XCgtCRRS+rq/uW365mnks
vGWy9YrSiBESG4MWxgqWZzol1YSRUGgbjY+2Q6FwLWQ
-> ssh-ed25519 S5xQfg lZDkCihzUwC7rGSeRFxvN1Yue5Ql/8MveeIMv8nXLRU
5yxTfZhyk00iQnnFIsGvStPGFb4lWhn8bgDsnQvNnsY
-> ssh-ed25519 XPxfUQ zlZV5zjm2XkSo+6CQ5nLTaw6gPTaDbu0D7VHsYmKYg0
SpdQFAmBAOQVZL+kAKIQcix2+lCwvxqJvOPid6crL+o
-> ssh-ed25519 SpD5mg 4z+FHDyqILNWuc1iyqC9bLSZ43MhzdZmsMi0rnMb/wU
aBGWQ7GIIkQ8gDyrFYCLBFIzaj+VY88FfTJphzprST0
-> ssh-ed25519 Kk8sng p0YQLEF0uEq1aLcaNnnCE+z1FkI0DA5QaCR7VJ3ZaXE
djFc0xi5DqZpf+on2ytj1GuVy7SVcxey2Wzuvwy8AY4
-> UuD+-grease b 4<Q0g" hgjWJo qiA
19psCQoHNTysO3fsEMnVkLahsWJPgshhy5hQKX3dWUUaNUwnVSf+WDKXKnjeupWo
OaEPSmp8I5e0lpAggFZZhYwCu9fG2BZCFLeXNm2LFzUli9pgjFdYz/up2hB5C/c4
--- jMFadnLfkEPXvTzhx5TKtnK6Yr+r3pgpv4cz2RBok/I
Èþ
-> ssh-ed25519 xoAm7w CNXq63Qxe5wvwn0dr7QKcJogg9cO5+no3FcNmxkL7Gg
w14UiCOJofq3r8VikRCOjIp29NXvoKJHyRms6tjr3/M
-> ssh-ed25519 mbw8xA tzrtBUcTaOZBi2BNhgwN45MqMlQKGZU6FYm8IEQJKH8
Vpc/0IHNizsxTozoVm0YZdm0qgKwx1sZ/JMIKSjQW3g
-> ssh-ed25519 N240Tg F4wZmhSgHx1+tLok5IdJe+CCzWf6LmlkOFNGWqOpxXc
ZF7+t0HDmfaJnyNe3lkz5aVFezD7mAxqRiDCZCwW2sk
-> ssh-ed25519 2a2Yhw rC3PH9ftW4UWPuUpP6tThaSe9AkfKUiEgQPPXerJ/SA
UNKobz02TnEN/oqhp7hwS46mU1IA0ehVzLqeIm9QVVk
-> ssh-ed25519 dMQYog XowiBliO/PhqZFnmfnXWmw7KVT8I8Rp46RjuFd/amEM
eAhc4PVY/3ZjwiNihO9Yqa/au6ebkXmqbK4Zehf/FxQ
-> ssh-ed25519 G2eSCQ ann2y2LP2fIHtQRLtpLow/g2yTmcEYpUrbc0N69iJxI
N1VAHkPjzxA5Vf9lKY5o7SWFy1kxlv78LSDcRt/MxaU
-> ssh-ed25519 6AT2/g uQhLUtHpvNoLBUs0zvdMeGTtXQH8gHzNiRfDq1x/3yA
rhSm2KQw3k/nhrm2UmCWJ1oBcmYwP1S8hAY5xUALY5U
-> ssh-ed25519 yHDAQw qO/7smo6DZpW4/dBvkorYBYSGBdemDe7UrdSXDjb8zk
xkRizpKMEbD0X3BsdSfc5DgjYG1IQLKJuQjLLSwPnzU
-> ssh-ed25519 hPp1nw +Y+MeoeD58k8uedCeD2RbRyGlcLYEgNc2PC0Hr7MuTY
B3wQcio9YW1Vl6reg6APLKDbizQDxWY32CkXbuzyyt4
-> ssh-ed25519 CRfjsA 6KxnAOe2pmjfwTiQZe8zHaeNJApPYdCCFK1OlFaE61A
9psQfGIFCSjSYw0AKpKRFZ5qIYFOvq3FvHFyVRa/zbI
-> ssh-ed25519 vwVIvQ Zghw7uz/yR4dgsFhbeXfPvk1HmSaXV6CcRD6GlHeiGI
KTM1Xu01FBcsmhJVeB6VGhMqHpnpLNmvWVBxV0+JW5Y
-> ssh-ed25519 fBrw3g h+wmH368BHkFp5Mu3PnbZFjyMVRBNcwU4hloIaZEaGo
TKPz2C3yF2wBsiT8/WhbKEg792PLcQ3YN5UWcxJnwtE
-> ssh-ed25519 S5xQfg YZcNHfVDJ0GRF+IpLVSxOeBOSoDhDhdL7r2npRYcuEg
mPfQ+m3SGGnGO32oA917AfosSnXGqHRDdMfIypK+UOw
-> ssh-ed25519 XPxfUQ jsXVjpItFnuJiaeYIaYKsJFusASry67LiqDW3n5+QSg
0KzbBSbRrq6JrpWEyTbs41b4gUUiKeZzWI3rBaa/AdM
-> ssh-ed25519 SpD5mg 873X6UIo87svyS+jhQGjILcVy+RjtsKwJfDyj6gmF3I
KNHCRKZ5NhJbNmrhWehpUXEv6jBGeJkRxCi9+/bgouA
-> ssh-ed25519 Kk8sng /ItiKGK46Wia6VSKa2AtEPj+PqpDtWxBhea4s3mqOVo
OPclxoc2MygKYJtahVbLfE72X4s4yVil4dugeSF/3DU
-> U(/M3X-grease Jh[D'
z6L8qVMUmuElYKbQViqc6tecJic8gho79RaMilbwp7uS+owmgqNMUFxv9+8bbtYY
wC+YIigf5xAKlwcOipCJ7xv3jlqt8yUFWV8hg3J0GRbkWnhFYdWGXHnPtomPFtE
--- bD5IgVE3GQSnej0FLxh1nGD2q2/fuhqRL2yYw+2KMek
·)ˆ7&ªð„Ñ_¾â%!2aâýÍݱQ
ÿ6hêlÑ )Í0ß}*ÌmìO(¿l8^"È‘Ì‘ù<H¡Žqr¶²û³!r<0F>ÌXóÖ˜ºxó:FF£¹áÉó§‚#.Ž™Ú"[Š9çZ„°
C¾ÜÊ62¥-'™ÛX$S

BIN
secrets/smb-secrets.age
View File

Binary file not shown.

73
secrets/spotifyd.age
View File

@@ -1,37 +1,38 @@
age-encryption.org/v1
-> ssh-ed25519 xoAm7w oWqlikYvtZPfXQywZ/XuMW0b/w3+5D+KkaAimixxwAQ
I4kD0+enhgNuQWC4PYaL+9yvitL471K5EiUJ5B8nAw8
-> ssh-ed25519 mbw8xA CBJUxWTXE8Ln/3qFqMg0FeLBc9OFsSAl2AHeeygOwEk
+abHOk0hrRQDn7grE9frUJh7Wa28hW5Mak2m0mVGWpo
-> ssh-ed25519 N240Tg X2+ColuqWnXT1WRmLQ8wr8qea8uwhWteClBYBNKTIFc
v3YeIjzItehJKMPovIcGxOsAH3lBt7Au5GzcMFyYQME
-> ssh-ed25519 2a2Yhw UJX1qygh1EOG7IR3kRTaUF+CTTmeK64K7WDlSRejoBs
3dHllueF9JR8pirslK9KnRh5DuIg3yoI+P3xAETWgZc
-> ssh-ed25519 dMQYog el0Oc5Er66UQiJXKbS0K1bKKb1fP3gvlaJE0PxMF60s
ceoXPA0zjkFcqWA2sBA7F956w0yzIH1EWTZhPAxmEOc
-> ssh-ed25519 G2eSCQ 4Lo9os9HsE/S8RD9hvFmMZCUZndu4u+Y5kiMMDqxEEU
N7Ii/hgJ2YzyykzZYyL42xirKE7czTfhcdg59j5T090
-> ssh-ed25519 6AT2/g vBgK1qHPdccfAhfW+XhMuUwki5j4V34mbC1JStDy8hw
6dMibsL7dkzOdNFXq95iIVLZrcw1gvjX//Kv2ggNbeM
-> ssh-ed25519 yHDAQw nu+lave53WZ3gTlQbxIbNZCQWwOgx9oHqcGmBf3YkDM
aqpjYlhHa2osez/hbXlRD4nbNwAPelCWeQo7BjUYuHI
-> ssh-ed25519 2+FxVg W/YJBvKMT8etI3GGFNzQMne+3s3bX96+C01hqpl0QWc
bRDwFFn4R0oVoItxfiBgtg6GIypDxVnsgjQCYDqa1/Q
-> ssh-ed25519 CRfjsA v3Mq+ywipRWdk7E0uiGkzVrTLGbKtVRKQCeENsprXFQ
pUNkotqQs7AdnOFq6uK+Y1Aw1XPpYOk78MrL7mYNXBs
-> ssh-ed25519 vwVIvQ ktAGql+uSv5FlTGRX/dh/i+SeNf/425Ty9EP7LvIyQA
uzyYPdpoY+wu8K1XphBaQUQaPUI/eaj+pN4hFQOEb1s
-> ssh-ed25519 fBrw3g 89smE2Osv+DQnmjli4erhsBx/tajT4kcUMn9BFANWHk
PFVelVa6VjY/09vFwqTIrRuvEuiOjV66KzFMYrMqksE
-> ssh-ed25519 S5xQfg AneXz8P0Uzq9xlAhUo8NjP+4Lu98LEvVjXuI4T7nGTs
8maTe5Ql/BydWva8FpGqFW19yjOEwR9m3WjnHwoaP/Y
-> ssh-ed25519 XPxfUQ tCIPHgsUCVjL8J6rel0wriavQPI8X8A+LrralWhX7XM
tw75vmwvDkfkSsLHm7J/1G1RtXCBmmK+4/x8kszHaDk
-> ssh-ed25519 SpD5mg +zS3tCZuEDPmyJJAwxd5XwHZ6Oj529ASDJncvkHiWx8
s4FlthCezHVAwnAxeEsaaztzmhEvsd9Rfv2BiyyQHcs
-> ssh-ed25519 Kk8sng aAfQRcv43KV2/bU4Lu+Do4KEz++WmvqjHBjpK5Frmjo
I+fuEjPECpvC8hvEX+eDjFWWo3nOSuxApJuMmaq/ROM
-> L((Gv+;X-grease
FJW/OLKcapzoBETajzdgteof4o4CS0SCge1G
--- c4qHoenW7h4CZIBcFhf/jkGQFc1ztJPcC6VqwmQKZdE
<EFBFBD>[qáAÚÀÛP»øK!É¥eÙAÁ¼Já1¤ãÀ<C3A3>õŽ'Ÿâ¯¢•}\±cù«vñŒJW< c•€µ~ÊÙB¾˜Ö&³?d-~¾¾f^ödæ0{hárJ÷ÝLÑ<4C>óB­¬†|ªPêºÈî
-> ssh-ed25519 xoAm7w F1C6i9iOvzUf6pS7eBfcsRFRn4q2YE7htxCqiLvasw0
viF83MLadEfum6wQWgbl/h0l65+jAtBszhevVS4jh4k
-> ssh-ed25519 mbw8xA Ec2wju2txmmCHuVNDWdLQkfUNY7/okY2koAz6Jur53o
JLmlpd43QO/LPvS0TW9eKh6f5zZmbVDWjYn44J5ZqMo
-> ssh-ed25519 N240Tg 1bl9Y+I3XGx7RiY8078wEMdaAishvW84nMrprt8jjVU
4lXtc1rGouF1DoTohQnSEMvNwRZaaenimEFypsfxajM
-> ssh-ed25519 2a2Yhw SDknhtgjNgNy3ktoNNvLie3OdO8bKhWW5P4s73OtLk8
Ihl/yNw35f2CgcZX6KHRXUTpAHp6aAQR/7oeU+gq3V4
-> ssh-ed25519 dMQYog dME46DZmwFnKBKlmx5AZEoaVipBmpuz66RXPQfFoXSY
eAzeaSpIL5KPQADGEeuX/bkQ014L8MeTQF2fapO2N/w
-> ssh-ed25519 G2eSCQ 8/xTD9nSXyAeZwBEdJgLcOembBwnMOgWX3jR4N2sXC8
0BmY7u5TEcIEza2PZIJEamV2dfC0sDeVl0UXECBwDlc
-> ssh-ed25519 6AT2/g xSdH52Oq0TOg0D76WlDVSY5kJb0hMAWoM3XVyMtAeWk
0p2AHJDa9XK6C2g8AM/g7cWdR5DGLk6SoUL3Nah2G1M
-> ssh-ed25519 yHDAQw mQBHUkvKf+Na8pCfl2Vb7+sKLmKth0lbxDFEcTtH/ng
JDPxV93vE8mKJtDp/MewHA0F78rW/0ZPYUQKkdNUivs
-> ssh-ed25519 hPp1nw htVxNW9zp7J38WN06jfEX417xtXt50iMTRUtrzLRO2k
iTHjoS5eWNiQxIWtuylkqXlO8E+Dx/2CkENs16lZqhQ
-> ssh-ed25519 CRfjsA Dqs/SAfRhgszI9pz4yZHyVp0iqPg1ssspX6ZW2QTv10
tA7NQXpPtJQ4mHjTDr4pTt9jrqDkMJZGMLVazOenMbs
-> ssh-ed25519 vwVIvQ oNmVe26rEpI7nNGlI5G7Er9fu7blpHNE6NOeGkoR/TM
vAL2gsM9NatGQpnNIh8XpCP+o9KoOnuLVt9e8+Kymcw
-> ssh-ed25519 fBrw3g 7GVBA1eUhgxGfiiKirK/i5JUbehOJVgmc2H/tgQ+A1s
n3i9gtNt4aRT4EOk8C94lGmXNN538HNOqo8uCmxZz6o
-> ssh-ed25519 S5xQfg 2KQLClmvqWMuJDOSAkzcpJkRTJgV6ig5Cq22RcCixWA
zYULXTJL5o5uZxxi/fOCrocxZooH3KarUj8vUDkfWn8
-> ssh-ed25519 XPxfUQ z0v4A6O509NqQgbKFzZrY2WL1ATc9SCYckbtqaSOdk0
PbDNvSWw4QEGLUzhp8IrX0oMDJzWjeemuEDZ02YlClo
-> ssh-ed25519 SpD5mg +A6LavFPjRHuTyk0MTZ6zmJf+CIMX69fT/HI6/0RJWI
CVgJC3y/H7MHUCMR5s77oPWA56oIEpj+7MZH+Qw/LTU
-> ssh-ed25519 Kk8sng 4Re6/B65/TMi45/fZh7zl7dAzH4MnCnHqca1Otpaa2o
zJAlQ96vODytPwtwPSxEEi8hn052vCGcPUxECyU9Ivo
-> V1&(!o4J-grease I)F/
AQ7tCx9XyVd3QDf9Tadcz8QIOJ3bgj4kDh8YuwATAmF7M9DPAlQiW5qkkvaALloG
KwwV
--- VnZ2JJVPKnr8hDMqsZidpehwkLY9W2UmF40/5Khu7rg
„;»­ 晣,‘ΧÂ<C2A7>òHµˆ¿ˆ±>ê¬?þL¬Üiv?PËwùìŒímW£­3„^¯{^ÂÆ«"ýçMÈ[…P¤$­Ràüú…£ÄŽýÓ6LÍ Ï

73
secrets/wolframalpha.age
View File

@@ -1,37 +1,38 @@
age-encryption.org/v1
-> ssh-ed25519 xoAm7w Zhpc9RVEpY8IQHoaV7bXITknEzZvD3vhtlkyS2NiED4
XF4a0bcetANx/Uc14yI/g4iu1rg6tilwGXS4EZDiC9M
-> ssh-ed25519 mbw8xA 3y/ebluo5ydfc0dvKgfjX9d3h9oMIHB2f4zrTQZ1VRY
J+QzUk3lK6Lts4xbrFB9MsZGaITH2727tZ7wP5vv6II
-> ssh-ed25519 N240Tg wn8PvBMhca6ZaWwSGC6QT6RU0Evkf+T0pyp0KtL4u38
7/qQJHlx0KawNp6h6UeNvhXEEZ9c2m+BBHxdYihh/Yo
-> ssh-ed25519 2a2Yhw HC2B/ovIP9yOY8f1Y9vfdPqGmf2WDZOZ02o0U09CPTI
RlEnllYliqBORlAXMHBBJBQD2L8MUmtrCnnO37f1BfI
-> ssh-ed25519 dMQYog 0iDHfwUHCba5Qybli5GDAqCtNPplS5n9j76ukk0ZBDI
qCDVF47jdG5NesPRNy0IKLbJqPazoZ636Ow2WCdXTZk
-> ssh-ed25519 G2eSCQ 3QltdxVJUixiewBLgdpJDaovHIHErX3Q2mhvTH1XgVg
6rbVirj6LznfVZ6FcD+VoeOyj/4sduMVkWAm/pLVVwk
-> ssh-ed25519 6AT2/g Kyz9q3tPuiX6X5wUU6fyESJetkcTNgPu3KoWFFO/EE8
wQRGnXdTrFVhdUrCRfHYoIRK1Yun4QURxIdd9dBvH8s
-> ssh-ed25519 yHDAQw lElQZAKDD+AhsNEAIrz/3i1Z5YS0U46bQ+YHjxtX7Fc
ez72aO1BiG6J1G4LOVQDMUh8cAhqpxc1kcXJRRkg2Qg
-> ssh-ed25519 2+FxVg gbGEias/yB8ILGsVhhwfCNwGDCtKEa027TY5f8vAfhA
LcsSY9f5UI2akH5USLBMd0V9eDwd6vCpxjDPWZcXnpQ
-> ssh-ed25519 CRfjsA Pd2ZMD1asDSzddRD36LZUPvkYjDeHfZyEpOXMnwB8Xc
aFqMTiRL7zPKc480CysFu9645UIZ0BmqBAhB3nAxb44
-> ssh-ed25519 vwVIvQ LEym3BnhIR0eFb1/T3HHh+Ozo64qJ4L0L9gH3OGfLQU
54g4goCKamaNHNfx2kNVoMD/RmbcGMgbQ/71zdsuYhg
-> ssh-ed25519 fBrw3g rodu0fR9X+20LKQ8+FccwWpiT0LbU0KAA2NHmXbSM2A
w0W9cqZ81aJcpl6GT/zCHKMy2qhAKWdVRSVTgmmq7Ec
-> ssh-ed25519 S5xQfg zi2A//LI7Ot9MX1gohQxS8e6qHRozw3kEpyMU7jnfWc
72T7ctknEgZ+nnFCgct7B8tDa1/DJqkk6LAiJ5Kqktk
-> ssh-ed25519 XPxfUQ jXrYF/rcG2aJ9he1dCcmkuQtQlTAZQrqQFu4AaTESG8
i9o+h5NcB+NYgrU+Pei2xHSF2fihw75IDM/rx9ddziw
-> ssh-ed25519 SpD5mg 7u3lIXggJjgRZRXCkfgDb7+Sp+q+GtSKJH4gAycaSQs
jEEdWSJHjXUsx8T4kmmjKUjWNwmLIwQzl9FXKbHhXM0
-> ssh-ed25519 Kk8sng VmT7aS3ggF/M21MsUMCEF6cT8C8QvIN4IQ0le2SlyWg
G8rxkI0WaA2K3T5ETrEZJNfYpmhVESo0n3sDEs5YbVE
-> T.{#h\gw-grease \R/D bw>~X%FP
xW/YLhgKe2qTxlZSe836hH7hDCb40FXAQJ1VPjij02iCZEBW
--- KUhBgZXJA+9QxOwdJeJj4qk/rcUmTRXS8LcyaKro4c0
Ä䡬Vm9ëvcHÊj¹®²ä´*†z;±@–ó ƒÖÏ1õÆKZõ/TNk\nj
-> ssh-ed25519 xoAm7w QDzXkxhczV+ZUvEHmN1Uf7xWaEDSugv2dcisOakVPEc
+k9M+R98OqsfIROOedql7ksLCtejx5uzFXigxB1Dhzs
-> ssh-ed25519 mbw8xA ERuMyLhLVrNwmr1wS9h0ssZYayCn0Hc1dhu3zBKzDF0
pz2rEMX3MtxtVOTuEyO5K9ZE5s0C+2JL7lNE5BdUsRo
-> ssh-ed25519 N240Tg kHC1Wn8T3aUpWd4yK0+GJo+SDBXrVmTSrNz/Z+3kfGs
sg6A3DgaQev5ZezJeSNAR7+G4MS1rdwHd/6u1H5+0us
-> ssh-ed25519 2a2Yhw 64vHNVi/UCK1aCBFu+BnSyy42DHZIFeiDekfnQeDlHE
19On29XUAiUsTmlqxrY8PQGderv7VzBO4a10jT5aZwY
-> ssh-ed25519 dMQYog EHtR1wf5/2aWvGwkD4EBOECctp2zs2RjAUOKcncjUSI
s7dfQHaLjO6Hor6xXpx8h5hox3OQA4mPRGt8ewr0jQM
-> ssh-ed25519 G2eSCQ 4L9zIv4aApkZgFneUjVm2esXp4DJYVzm94LA2sS0Qkc
+iDy2G82PX6yuIyn7zITzp/jvBX2P25u26n/NuGdjVM
-> ssh-ed25519 6AT2/g HyH+8r/SZUXilmITIsFVyr2t6rCJK9scP9TR2/rO+1M
0Hkx2o3wlq7nj6fRSL3QNtrxKFxYlfhg7CwsyQDjIo8
-> ssh-ed25519 yHDAQw vZlwV2QvrzG1Xu4XZt4Yi5aDQ8qmPQnadCJtHdtTSlc
4NscOK2mu+P+vrZ8FIbIYhQ/97DPo5vgsl0jnlZM0gY
-> ssh-ed25519 hPp1nw YWRekiOxwuK8eAGehbBfOzW7Rmw95V+A/XD4rmFxS3Y
sd+q4ya9k/KE06GYGFV2O9P3O77aZcJl05tAvY6W1s8
-> ssh-ed25519 CRfjsA LfIzQhaql9b4EAotyVrvKBV1AhlMVcRarA49q7+rQXc
v4WddjXusd/m/s/T7E+wdKm9tDR3rGj6CNE3AdVrDb8
-> ssh-ed25519 vwVIvQ 53S5tWgmlVnKIHonBAmvxbv+w0j9b65NdyWvwlvgZWg
xa+z7MYrJHCgILtG/3Yw1OKH1/YKvuVG2jabnv3gSoA
-> ssh-ed25519 fBrw3g GsaGAXiMo4WhEZTQPgr761gAiQHmHPSwdWF0t910+DI
dmZGcEghoXi7giaxC/1UVJVAtyY5hcknUBxr0wQ4RBk
-> ssh-ed25519 S5xQfg wgkQBHQi8xY4++/quS4ZJWb9PPpg6b0KZpSwypdS7HY
+1yatx5SUanPC04jJMVVILHAwdtg2r9Bd+sj9728BnY
-> ssh-ed25519 XPxfUQ Hj2e1U4udGkp04dSdTSsaaJPIQ7gB1bwralXazBzpVM
LPOMpbX+ndXRkQlR3GKKpwSd5zOT03j5bII8btjY52o
-> ssh-ed25519 SpD5mg ++/8/U9XQKg6L3SHej+mvXeZYrvoWhiwmcurC3V0aTU
qR3nTcugxtBgDhcbZpCe0/NUavbzV6tFJZKv3IopAO4
-> ssh-ed25519 Kk8sng /bL56jng2lp0INyIDqUAX5L8mFmKxCBeHFWPUW6gE0U
4v+jq2N6RIQAh0VRrBZkMjSQW6L+LYcAfYUBvfTM+Jw
-> ";etw{[s-grease E;mh^R$ c8
ossMGyq0gpvz9PjjLBWD+QHRKKhzY6/9Kj4b0M7YdP0OgMdpr5QlA7UIDhiGQQBL
dbt0YyLxbAdhqG7S3lLeedQmvzv/oIyhmV0jsTB79W1l/27FujvPRWYf
--- pYjss6AEPZn0PG7FmO6bGq1O+k1IFGzoxsitB4qgotY
ÌÐçJöÇ<10>>Z`´ <0C>b%RW^óºñ–&<26>·ª ­-4¥ðè¬ÙÚW…á