Compare commits
16 Commits
Author | SHA1 | Date | |
---|---|---|---|
be23526c2c | |||
e234577268 | |||
82b67ed566 | |||
53c2e2222c | |||
846da159d0 | |||
a45125421e | |||
f4e40955c8 | |||
af9e462b27 | |||
2faea9d380 | |||
8571922796 | |||
131d5e9313 | |||
fe0ce3a245 | |||
7b26cfb4eb | |||
1c9fa418b3 | |||
8c4dc9cb74 | |||
1f9fbd87ac |
7
Makefile
7
Makefile
@ -24,4 +24,9 @@ clean-old-nixos-profiles:
|
||||
# Garbage Collect
|
||||
.PHONY: gc
|
||||
gc:
|
||||
nix store gc
|
||||
nix store gc
|
||||
|
||||
# Update a flake input by name (ex: 'nixpkgs')
|
||||
.PHONY: update-input
|
||||
update-input:
|
||||
nix flake update $(filter-out $@,$(MAKECMDGOALS))
|
@ -12,6 +12,13 @@
|
||||
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
||||
"s0.koi-bebop.ts.net:OjbzD86YjyJZpCp9RWaQKANaflcpKhtzBMNP8I2aPUU="
|
||||
];
|
||||
|
||||
# Allow substituters to be offline
|
||||
# This isn't exactly ideal since it would be best if I could set up a system
|
||||
# so that it is an error if a derivation isn't available for any substituters
|
||||
# and use this flag as intended for deciding if it should build missing
|
||||
# derivations locally. See https://github.com/NixOS/nix/issues/6901
|
||||
fallback = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
@ -100,7 +100,5 @@
|
||||
security.acme.defaults.email = "zuckerberg@neet.dev";
|
||||
|
||||
# Enable Desktop Environment if this is a PC (machine role is "personal")
|
||||
de.enable = (
|
||||
builtins.elem config.networking.hostName config.machines.roles.personal
|
||||
);
|
||||
de.enable = lib.mkDefault (config.thisMachine.hasRole."personal");
|
||||
}
|
||||
|
@ -5,6 +5,90 @@
|
||||
|
||||
let
|
||||
machines = config.machines.hosts;
|
||||
|
||||
hostOptionsSubmoduleType = lib.types.submodule {
|
||||
options = {
|
||||
hostNames = lib.mkOption {
|
||||
type = lib.types.listOf lib.types.str;
|
||||
description = ''
|
||||
List of hostnames for this machine. The first one is the default so it is the target of deployments.
|
||||
Used for automatically trusting hosts for ssh connections.
|
||||
'';
|
||||
};
|
||||
arch = lib.mkOption {
|
||||
type = lib.types.enum [ "x86_64-linux" "aarch64-linux" ];
|
||||
description = ''
|
||||
The architecture of this machine.
|
||||
'';
|
||||
};
|
||||
systemRoles = lib.mkOption {
|
||||
type = lib.types.listOf lib.types.str; # TODO: maybe use an enum?
|
||||
description = ''
|
||||
The set of roles this machine holds. Affects secrets available. (TODO add service config as well using this info)
|
||||
'';
|
||||
};
|
||||
hostKey = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
description = ''
|
||||
The system ssh host key of this machine. Used for automatically trusting hosts for ssh connections
|
||||
and for decrypting secrets with agenix.
|
||||
'';
|
||||
};
|
||||
remoteUnlock = lib.mkOption {
|
||||
default = null;
|
||||
type = lib.types.nullOr (lib.types.submodule {
|
||||
options = {
|
||||
|
||||
hostKey = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
description = ''
|
||||
The system ssh host key of this machine used for luks boot unlocking only.
|
||||
'';
|
||||
};
|
||||
|
||||
clearnetHost = lib.mkOption {
|
||||
default = null;
|
||||
type = lib.types.nullOr lib.types.str;
|
||||
description = ''
|
||||
The hostname resolvable over clearnet used to luks boot unlock this machine
|
||||
'';
|
||||
};
|
||||
|
||||
onionHost = lib.mkOption {
|
||||
default = null;
|
||||
type = lib.types.nullOr lib.types.str;
|
||||
description = ''
|
||||
The hostname resolvable over tor used to luks boot unlock this machine
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
});
|
||||
};
|
||||
userKeys = lib.mkOption {
|
||||
default = [ ];
|
||||
type = lib.types.listOf lib.types.str;
|
||||
description = ''
|
||||
The list of user keys. Each key here can be used to log into all other systems as `googlebot`.
|
||||
|
||||
TODO: consider auto populating other programs that use ssh keys such as gitea
|
||||
'';
|
||||
};
|
||||
deployKeys = lib.mkOption {
|
||||
default = [ ];
|
||||
type = lib.types.listOf lib.types.str;
|
||||
description = ''
|
||||
The list of deployment keys. Each key here can be used to log into all other systems as `root`.
|
||||
'';
|
||||
};
|
||||
configurationPath = lib.mkOption {
|
||||
type = lib.types.path;
|
||||
description = ''
|
||||
The path to this machine's configuration directory.
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
@ -13,104 +97,16 @@ in
|
||||
];
|
||||
|
||||
options.machines = {
|
||||
|
||||
hosts = lib.mkOption {
|
||||
type = lib.types.attrsOf
|
||||
(lib.types.submodule {
|
||||
options = {
|
||||
|
||||
hostNames = lib.mkOption {
|
||||
type = lib.types.listOf lib.types.str;
|
||||
description = ''
|
||||
List of hostnames for this machine. The first one is the default so it is the target of deployments.
|
||||
Used for automatically trusting hosts for ssh connections.
|
||||
'';
|
||||
};
|
||||
|
||||
arch = lib.mkOption {
|
||||
type = lib.types.enum [ "x86_64-linux" "aarch64-linux" ];
|
||||
description = ''
|
||||
The architecture of this machine.
|
||||
'';
|
||||
};
|
||||
|
||||
systemRoles = lib.mkOption {
|
||||
type = lib.types.listOf lib.types.str; # TODO: maybe use an enum?
|
||||
description = ''
|
||||
The set of roles this machine holds. Affects secrets available. (TODO add service config as well using this info)
|
||||
'';
|
||||
};
|
||||
|
||||
hostKey = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
description = ''
|
||||
The system ssh host key of this machine. Used for automatically trusting hosts for ssh connections
|
||||
and for decrypting secrets with agenix.
|
||||
'';
|
||||
};
|
||||
|
||||
remoteUnlock = lib.mkOption {
|
||||
default = null;
|
||||
type = lib.types.nullOr (lib.types.submodule {
|
||||
options = {
|
||||
|
||||
hostKey = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
description = ''
|
||||
The system ssh host key of this machine used for luks boot unlocking only.
|
||||
'';
|
||||
};
|
||||
|
||||
clearnetHost = lib.mkOption {
|
||||
default = null;
|
||||
type = lib.types.nullOr lib.types.str;
|
||||
description = ''
|
||||
The hostname resolvable over clearnet used to luks boot unlock this machine
|
||||
'';
|
||||
};
|
||||
|
||||
onionHost = lib.mkOption {
|
||||
default = null;
|
||||
type = lib.types.nullOr lib.types.str;
|
||||
description = ''
|
||||
The hostname resolvable over tor used to luks boot unlock this machine
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
});
|
||||
};
|
||||
|
||||
userKeys = lib.mkOption {
|
||||
default = [ ];
|
||||
type = lib.types.listOf lib.types.str;
|
||||
description = ''
|
||||
The list of user keys. Each key here can be used to log into all other systems as `googlebot`.
|
||||
|
||||
TODO: consider auto populating other programs that use ssh keys such as gitea
|
||||
'';
|
||||
};
|
||||
|
||||
deployKeys = lib.mkOption {
|
||||
default = [ ];
|
||||
type = lib.types.listOf lib.types.str;
|
||||
description = ''
|
||||
The list of deployment keys. Each key here can be used to log into all other systems as `root`.
|
||||
'';
|
||||
};
|
||||
|
||||
configurationPath = lib.mkOption {
|
||||
type = lib.types.path;
|
||||
description = ''
|
||||
The path to this machine's configuration directory.
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
});
|
||||
type = lib.types.attrsOf hostOptionsSubmoduleType;
|
||||
};
|
||||
};
|
||||
|
||||
options.thisMachine.config = lib.mkOption {
|
||||
# For ease of use, a direct copy of the host config from machines.hosts.${hostName}
|
||||
type = hostOptionsSubmoduleType;
|
||||
};
|
||||
|
||||
config = {
|
||||
assertions = (lib.concatLists (lib.mapAttrsToList
|
||||
(
|
||||
@ -196,5 +192,16 @@ in
|
||||
builtins.map (p: { "${dirName p}" = p; }) propFiles;
|
||||
in
|
||||
properties ../../machines;
|
||||
|
||||
# Don't try to evaluate "thisMachine" when reflecting using moduleless.nix.
|
||||
# When evaluated by moduleless.nix this will fail due to networking.hostName not
|
||||
# existing. This is because moduleless.nix is not intended for reflection from the
|
||||
# perspective of a perticular machine but is instead intended for reflecting on
|
||||
# the properties of all machines as a whole system.
|
||||
thisMachine.config = config.machines.hosts.${config.networking.hostName};
|
||||
|
||||
# Add ssh keys from KeepassXC
|
||||
machines.ssh.userKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILACiZO7QnB4bcmziVaUkUE0ZPMR0M/yJbbHYsHIZz9g" ];
|
||||
machines.ssh.deployKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID58MvKGs3GDMMcN8Iyi9S59SciSrVM97wKtOvUAl3li" ];
|
||||
};
|
||||
}
|
||||
|
@ -1,19 +1,55 @@
|
||||
{ config, lib, ... }:
|
||||
|
||||
# Maps roles to their hosts
|
||||
# Maps roles to their hosts.
|
||||
# machines.withRole = {
|
||||
# personal = [
|
||||
# "machine1" "machine3"
|
||||
# ];
|
||||
# cache = [
|
||||
# "machine2"
|
||||
# ];
|
||||
# };
|
||||
#
|
||||
# A list of all possible roles
|
||||
# machines.allRoles = [
|
||||
# "personal"
|
||||
# "cache"
|
||||
# ];
|
||||
#
|
||||
# For each role has true or false if the current machine has that role
|
||||
# thisMachine.hasRole = {
|
||||
# personal = true;
|
||||
# cache = false;
|
||||
# };
|
||||
|
||||
{
|
||||
options.machines.roles = lib.mkOption {
|
||||
options.machines.withRole = lib.mkOption {
|
||||
type = lib.types.attrsOf (lib.types.listOf lib.types.str);
|
||||
};
|
||||
|
||||
options.machines.allRoles = lib.mkOption {
|
||||
type = lib.types.listOf lib.types.str;
|
||||
};
|
||||
|
||||
options.thisMachine.hasRole = lib.mkOption {
|
||||
type = lib.types.attrsOf lib.types.bool;
|
||||
};
|
||||
|
||||
config = {
|
||||
machines.roles = lib.zipAttrs
|
||||
machines.withRole = lib.zipAttrs
|
||||
(lib.mapAttrsToList
|
||||
(host: cfg:
|
||||
lib.foldl (lib.mergeAttrs) { }
|
||||
(builtins.map (role: { ${role} = host; })
|
||||
cfg.systemRoles))
|
||||
config.machines.hosts);
|
||||
|
||||
machines.allRoles = lib.attrNames config.machines.withRole;
|
||||
|
||||
thisMachine.hasRole = lib.mapAttrs
|
||||
(role: cfg:
|
||||
builtins.elem config.networking.hostName config.machines.withRole.${role}
|
||||
)
|
||||
config.machines.withRole;
|
||||
};
|
||||
}
|
||||
|
@ -39,6 +39,6 @@ in
|
||||
builtins.map
|
||||
(host: machines.hosts.${host}.hostKey)
|
||||
hosts)
|
||||
machines.roles;
|
||||
machines.withRole;
|
||||
};
|
||||
}
|
||||
|
@ -1,18 +1,14 @@
|
||||
{ config, lib, ... }:
|
||||
|
||||
let
|
||||
builderRole = "nix-builder";
|
||||
builderUserName = "nix-builder";
|
||||
|
||||
machinesByRole = role: lib.filterAttrs (hostname: cfg: builtins.elem role cfg.systemRoles) config.machines.hosts;
|
||||
otherMachinesByRole = role: lib.filterAttrs (hostname: cfg: hostname != config.networking.hostName) (machinesByRole role);
|
||||
thisMachineHasRole = role: builtins.hasAttr config.networking.hostName (machinesByRole role);
|
||||
|
||||
builders = machinesByRole builderRole;
|
||||
thisMachineIsABuilder = thisMachineHasRole builderRole;
|
||||
builderRole = "nix-builder";
|
||||
builders = config.machines.withRole.${builderRole};
|
||||
thisMachineIsABuilder = config.thisMachine.hasRole.${builderRole};
|
||||
|
||||
# builders don't include themselves as a remote builder
|
||||
otherBuilders = lib.filterAttrs (hostname: cfg: hostname != config.networking.hostName) builders;
|
||||
otherBuilders = lib.filter (hostname: hostname != config.networking.hostName) builders;
|
||||
in
|
||||
lib.mkMerge [
|
||||
# configure builder
|
||||
@ -40,9 +36,9 @@ lib.mkMerge [
|
||||
nix.distributedBuilds = true;
|
||||
|
||||
nix.buildMachines = builtins.map
|
||||
(builderCfg: {
|
||||
hostName = builtins.elemAt builderCfg.hostNames 0;
|
||||
system = builderCfg.arch;
|
||||
(builderHostname: {
|
||||
hostName = builderHostname;
|
||||
system = config.machines.hosts.${builderHostname}.arch;
|
||||
protocol = "ssh-ng";
|
||||
sshUser = builderUserName;
|
||||
sshKey = "/etc/ssh/ssh_host_ed25519_key";
|
||||
@ -50,7 +46,7 @@ lib.mkMerge [
|
||||
speedFactor = 10;
|
||||
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
|
||||
})
|
||||
(builtins.attrValues otherBuilders);
|
||||
otherBuilders;
|
||||
|
||||
# It is very likely that the builder's internet is faster or just as fast
|
||||
nix.extraOptions = ''
|
||||
|
@ -92,5 +92,7 @@ in
|
||||
|
||||
# Enable wayland support in various chromium based applications
|
||||
environment.sessionVariables.NIXOS_OZONE_WL = "1";
|
||||
|
||||
fonts.packages = with pkgs; [ nerd-fonts.symbols-only ];
|
||||
};
|
||||
}
|
||||
|
@ -1,87 +1,16 @@
|
||||
# Starting point:
|
||||
# https://github.com/aldoborrero/mynixpkgs/commit/c501c1e32dba8f4462dcecb57eee4b9e52038e27
|
||||
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
let
|
||||
cfg = config.services.actual-server;
|
||||
stateDir = "/var/lib/${cfg.stateDirName}";
|
||||
cfg = config.services.actual;
|
||||
in
|
||||
{
|
||||
options.services.actual-server = {
|
||||
enable = lib.mkEnableOption "Actual Server";
|
||||
|
||||
hostname = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "localhost";
|
||||
description = "Hostname for the Actual Server.";
|
||||
};
|
||||
|
||||
port = lib.mkOption {
|
||||
type = lib.types.int;
|
||||
default = 25448;
|
||||
description = "Port on which the Actual Server should listen.";
|
||||
};
|
||||
|
||||
stateDirName = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "actual-server";
|
||||
description = "Name of the directory under /var/lib holding the server's data.";
|
||||
};
|
||||
|
||||
upload = {
|
||||
fileSizeSyncLimitMB = lib.mkOption {
|
||||
type = lib.types.nullOr lib.types.int;
|
||||
default = null;
|
||||
description = "File size limit in MB for synchronized files.";
|
||||
};
|
||||
|
||||
syncEncryptedFileSizeLimitMB = lib.mkOption {
|
||||
type = lib.types.nullOr lib.types.int;
|
||||
default = null;
|
||||
description = "File size limit in MB for synchronized encrypted files.";
|
||||
};
|
||||
|
||||
fileSizeLimitMB = lib.mkOption {
|
||||
type = lib.types.nullOr lib.types.int;
|
||||
default = null;
|
||||
description = "File size limit in MB for file uploads.";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
systemd.services.actual-server = {
|
||||
description = "Actual Server";
|
||||
after = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.actual-server}/bin/actual-server";
|
||||
Restart = "always";
|
||||
StateDirectory = cfg.stateDirName;
|
||||
WorkingDirectory = stateDir;
|
||||
DynamicUser = true;
|
||||
UMask = "0007";
|
||||
};
|
||||
environment = {
|
||||
NODE_ENV = "production";
|
||||
ACTUAL_PORT = toString cfg.port;
|
||||
|
||||
# Actual is actually very bad at configuring it's own paths despite that information being readily available
|
||||
ACTUAL_USER_FILES = "${stateDir}/user-files";
|
||||
ACTUAL_SERVER_FILES = "${stateDir}/server-files";
|
||||
ACTUAL_DATA_DIR = stateDir;
|
||||
|
||||
ACTUAL_UPLOAD_FILE_SYNC_SIZE_LIMIT_MB = toString (cfg.upload.fileSizeSyncLimitMB or "");
|
||||
ACTUAL_UPLOAD_SYNC_ENCRYPTED_FILE_SIZE_LIMIT_MB = toString (cfg.upload.syncEncryptedFileSizeLimitMB or "");
|
||||
ACTUAL_UPLOAD_FILE_SIZE_LIMIT_MB = toString (cfg.upload.fileSizeLimitMB or "");
|
||||
};
|
||||
services.actual.settings = {
|
||||
port = 25448;
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts.${cfg.hostname} = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/".proxyPass = "http://localhost:${toString cfg.port}";
|
||||
};
|
||||
backup.group."actual-budget".paths = [
|
||||
"/var/lib/actual"
|
||||
];
|
||||
};
|
||||
}
|
||||
|
@ -10,7 +10,6 @@
|
||||
./matrix.nix
|
||||
./zerobin.nix
|
||||
./gitea.nix
|
||||
./radio.nix
|
||||
./samba.nix
|
||||
./owncast.nix
|
||||
./mailserver.nix
|
||||
|
@ -9,10 +9,7 @@
|
||||
# TODO: skipping running inside of nixos container for now because of issues getting docker/podman running
|
||||
|
||||
let
|
||||
runnerRole = "gitea-actions-runner";
|
||||
runners = config.machines.roles.${runnerRole};
|
||||
thisMachineIsARunner = builtins.elem config.networking.hostName runners;
|
||||
|
||||
thisMachineIsARunner = config.thisMachine.hasRole."gitea-actions-runner";
|
||||
containerName = "gitea-runner";
|
||||
in
|
||||
{
|
||||
|
@ -28,7 +28,6 @@ in
|
||||
indexDir = "/var/lib/mailindex";
|
||||
enableManageSieve = true;
|
||||
fullTextSearch.enable = true;
|
||||
fullTextSearch.indexAttachments = true;
|
||||
fullTextSearch.memoryLimit = 500;
|
||||
inherit domains;
|
||||
loginAccounts = {
|
||||
|
@ -3,28 +3,44 @@
|
||||
|
||||
let
|
||||
cfg = config.services.nextcloud;
|
||||
|
||||
nextcloudHostname = "runyan.org";
|
||||
collaboraOnlineHostname = "collabora.runyan.org";
|
||||
whiteboardHostname = "whiteboard.runyan.org";
|
||||
whiteboardPort = 3002; # Seems impossible to change
|
||||
|
||||
# Hardcoded public ip of ponyo... I wish I didn't need this...
|
||||
public_ip_address = "147.135.114.130";
|
||||
in
|
||||
{
|
||||
config = lib.mkIf cfg.enable {
|
||||
services.nextcloud = {
|
||||
https = true;
|
||||
package = pkgs.nextcloud30;
|
||||
hostName = "neet.cloud";
|
||||
package = pkgs.nextcloud31;
|
||||
hostName = nextcloudHostname;
|
||||
config.dbtype = "sqlite";
|
||||
config.adminuser = "jeremy";
|
||||
config.adminpassFile = "/run/agenix/nextcloud-pw";
|
||||
|
||||
# Apps
|
||||
autoUpdateApps.enable = true;
|
||||
extraAppsEnable = true;
|
||||
extraApps = with config.services.nextcloud.package.packages.apps; {
|
||||
# Want
|
||||
inherit end_to_end_encryption mail spreed;
|
||||
|
||||
# For file and document editing (collabora online and excalidraw)
|
||||
inherit richdocuments whiteboard;
|
||||
|
||||
# Might use
|
||||
inherit bookmarks calendar cookbook deck memories onlyoffice qownnotesapi;
|
||||
inherit calendar qownnotesapi;
|
||||
|
||||
# Try out
|
||||
# inherit maps music news notes phonetrack polls forms;
|
||||
# inherit bookmarks cookbook deck memories maps music news notes phonetrack polls forms;
|
||||
};
|
||||
extraAppsEnable = true;
|
||||
|
||||
# Allows installing Apps from the UI (might remove later)
|
||||
appstoreEnable = true;
|
||||
};
|
||||
age.secrets.nextcloud-pw = {
|
||||
file = ../../secrets/nextcloud-pw.age;
|
||||
@ -40,5 +56,100 @@ in
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
};
|
||||
|
||||
# collabora-online
|
||||
# https://diogotc.com/blog/collabora-nextcloud-nixos/
|
||||
services.collabora-online = {
|
||||
enable = true;
|
||||
port = 15972;
|
||||
settings = {
|
||||
# Rely on reverse proxy for SSL
|
||||
ssl = {
|
||||
enable = false;
|
||||
termination = true;
|
||||
};
|
||||
|
||||
# Listen on loopback interface only
|
||||
net = {
|
||||
listen = "loopback";
|
||||
post_allow.host = [ "localhost" ];
|
||||
};
|
||||
|
||||
# Restrict loading documents from WOPI Host
|
||||
storage.wopi = {
|
||||
"@allow" = true;
|
||||
host = [ config.services.nextcloud.hostName ];
|
||||
};
|
||||
|
||||
server_name = collaboraOnlineHostname;
|
||||
};
|
||||
};
|
||||
services.nginx.virtualHosts.${config.services.collabora-online.settings.server_name} = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://localhost:${toString config.services.collabora-online.port}";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
systemd.services.nextcloud-config-collabora =
|
||||
let
|
||||
wopi_url = "http://localhost:${toString config.services.collabora-online.port}";
|
||||
public_wopi_url = "https://${collaboraOnlineHostname}";
|
||||
wopi_allowlist = lib.concatStringsSep "," [
|
||||
"127.0.0.1"
|
||||
"::1"
|
||||
public_ip_address
|
||||
];
|
||||
in
|
||||
{
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "nextcloud-setup.service" "coolwsd.service" ];
|
||||
requires = [ "coolwsd.service" ];
|
||||
path = [
|
||||
config.services.nextcloud.occ
|
||||
];
|
||||
script = ''
|
||||
nextcloud-occ -- config:app:set richdocuments wopi_url --value ${lib.escapeShellArg wopi_url}
|
||||
nextcloud-occ -- config:app:set richdocuments public_wopi_url --value ${lib.escapeShellArg public_wopi_url}
|
||||
nextcloud-occ -- config:app:set richdocuments wopi_allowlist --value ${lib.escapeShellArg wopi_allowlist}
|
||||
nextcloud-occ -- richdocuments:setup
|
||||
'';
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
};
|
||||
};
|
||||
|
||||
# Whiteboard
|
||||
services.nextcloud-whiteboard-server = {
|
||||
enable = true;
|
||||
settings.NEXTCLOUD_URL = "https://${nextcloudHostname}";
|
||||
secrets = [ "/run/agenix/whiteboard-server-jwt-secret" ];
|
||||
};
|
||||
systemd.services.nextcloud-config-whiteboard = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "nextcloud-setup.service" ];
|
||||
requires = [ "coolwsd.service" ];
|
||||
path = [
|
||||
config.services.nextcloud.occ
|
||||
];
|
||||
script = ''
|
||||
nextcloud-occ -- config:app:set whiteboard collabBackendUrl --value="https://${whiteboardHostname}"
|
||||
nextcloud-occ -- config:app:set whiteboard jwt_secret_key --value="$JWT_SECRET_KEY"
|
||||
'';
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
EnvironmentFile = [ "/run/agenix/whiteboard-server-jwt-secret" ];
|
||||
};
|
||||
};
|
||||
age.secrets.whiteboard-server-jwt-secret.file = ../../secrets/whiteboard-server-jwt-secret.age;
|
||||
services.nginx.virtualHosts.${whiteboardHostname} = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://localhost:${toString whiteboardPort}";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
@ -1,75 +0,0 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
let
|
||||
cfg = config.services.radio;
|
||||
radioPackage = config.inputs.radio.packages.${config.currentSystem}.radio;
|
||||
in
|
||||
{
|
||||
options.services.radio = {
|
||||
enable = lib.mkEnableOption "enable radio";
|
||||
user = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "radio";
|
||||
description = ''
|
||||
The user radio should run as
|
||||
'';
|
||||
};
|
||||
group = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "radio";
|
||||
description = ''
|
||||
The group radio should run as
|
||||
'';
|
||||
};
|
||||
dataDir = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "/var/lib/radio";
|
||||
description = ''
|
||||
Path to the radio data directory
|
||||
'';
|
||||
};
|
||||
host = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
description = ''
|
||||
Domain radio is hosted on
|
||||
'';
|
||||
};
|
||||
nginx = lib.mkEnableOption "enable nginx";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
services.icecast = {
|
||||
enable = true;
|
||||
hostname = cfg.host;
|
||||
mount = "stream.mp3";
|
||||
fallback = "fallback.mp3";
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts.${cfg.host} = lib.mkIf cfg.nginx {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/".root = config.inputs.radio-web;
|
||||
};
|
||||
|
||||
users.users.${cfg.user} = {
|
||||
isSystemUser = true;
|
||||
group = cfg.group;
|
||||
home = cfg.dataDir;
|
||||
createHome = true;
|
||||
};
|
||||
users.groups.${cfg.group} = { };
|
||||
systemd.services.radio = {
|
||||
enable = true;
|
||||
after = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig.ExecStart = "${radioPackage}/bin/radio ${config.services.icecast.listen.address}:${toString config.services.icecast.listen.port} ${config.services.icecast.mount} 5500";
|
||||
serviceConfig.User = cfg.user;
|
||||
serviceConfig.Group = cfg.group;
|
||||
serviceConfig.WorkingDirectory = cfg.dataDir;
|
||||
preStart = ''
|
||||
mkdir -p ${cfg.dataDir}
|
||||
chown ${cfg.user} ${cfg.dataDir}
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
@ -21,8 +21,6 @@
|
||||
shellInit = ''
|
||||
# disable annoying fish shell greeting
|
||||
set fish_greeting
|
||||
|
||||
alias sudo="doas"
|
||||
'';
|
||||
};
|
||||
|
||||
|
@ -31,8 +31,6 @@
|
||||
|
||||
# TODO: Old ssh keys I will remove some day...
|
||||
machines.ssh.userKeys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMVR/R3ZOsv7TZbICGBCHdjh1NDT8SnswUyINeJOC7QG"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE0dcqL/FhHmv+a1iz3f9LJ48xubO7MZHy35rW9SZOYM"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHSkKiRUUmnErOKGx81nyge/9KqjkPh8BfDk0D3oP586" # nat
|
||||
];
|
||||
}
|
||||
|
159
flake.lock
generated
159
flake.lock
generated
@ -14,11 +14,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1723293904,
|
||||
"narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=",
|
||||
"lastModified": 1750173260,
|
||||
"narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=",
|
||||
"owner": "ryantm",
|
||||
"repo": "agenix",
|
||||
"rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41",
|
||||
"rev": "531beac616433bac6f9e2a19feb8e99a22a66baf",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -74,11 +74,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1700795494,
|
||||
"narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
|
||||
"lastModified": 1744478979,
|
||||
"narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
|
||||
"owner": "lnl7",
|
||||
"repo": "nix-darwin",
|
||||
"rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
|
||||
"rev": "43975d782b418ebf4969e9ccba82466728c2851b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -101,11 +101,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1727447169,
|
||||
"narHash": "sha256-3KyjMPUKHkiWhwR91J1YchF6zb6gvckCAY1jOE+ne0U=",
|
||||
"lastModified": 1749105467,
|
||||
"narHash": "sha256-hXh76y/wDl15almBcqvjryB50B0BaiXJKk20f314RoE=",
|
||||
"owner": "serokell",
|
||||
"repo": "deploy-rs",
|
||||
"rev": "aa07eb05537d4cd025e2310397a6adcedfe72c76",
|
||||
"rev": "6bc76b872374845ba9d645a2f012b764fecd765f",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -117,11 +117,11 @@
|
||||
"flake-compat": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1696426674,
|
||||
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
|
||||
"lastModified": 1747046372,
|
||||
"narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
|
||||
"rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -137,11 +137,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1726560853,
|
||||
"narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
|
||||
"lastModified": 1731533236,
|
||||
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
|
||||
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -150,6 +150,54 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"git-hooks": {
|
||||
"inputs": {
|
||||
"flake-compat": [
|
||||
"simple-nixos-mailserver",
|
||||
"flake-compat"
|
||||
],
|
||||
"gitignore": "gitignore",
|
||||
"nixpkgs": [
|
||||
"simple-nixos-mailserver",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1750779888,
|
||||
"narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=",
|
||||
"owner": "cachix",
|
||||
"repo": "git-hooks.nix",
|
||||
"rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "cachix",
|
||||
"repo": "git-hooks.nix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"gitignore": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"simple-nixos-mailserver",
|
||||
"git-hooks",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1709087332,
|
||||
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
|
||||
"owner": "hercules-ci",
|
||||
"repo": "gitignore.nix",
|
||||
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "hercules-ci",
|
||||
"repo": "gitignore.nix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"home-manager": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
@ -157,15 +205,16 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1740845322,
|
||||
"narHash": "sha256-AXEgFj3C0YJhu9k1OhbRhiA6FnDr81dQZ65U3DhaWpw=",
|
||||
"lastModified": 1752208517,
|
||||
"narHash": "sha256-aRY1cYOdVdXdNjcL/Twpa27CknO7pVHxooPsBizDraE=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "fcac3d6d88302a5e64f6cb8014ac785e08874c8d",
|
||||
"rev": "c6a01e54af81b381695db796a43360bf6db5702f",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"ref": "release-25.05",
|
||||
"repo": "home-manager",
|
||||
"type": "github"
|
||||
}
|
||||
@ -177,11 +226,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1728263287,
|
||||
"narHash": "sha256-GJDtsxz2/zw6g/Nrp4XVWBS5IaZ7ZUkuvxPOBEDe7pg=",
|
||||
"lastModified": 1752346111,
|
||||
"narHash": "sha256-SVxCIYnbED0rNYSpm3QQoOhqxYRp1GuE9FkyM5Y2afs=",
|
||||
"owner": "Mic92",
|
||||
"repo": "nix-index-database",
|
||||
"rev": "5fce10c871bab6d7d5ac9e5e7efbb3a2783f5259",
|
||||
"rev": "deff7a9a0aa98a08d8c7839fe2658199ce9828f8",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -192,11 +241,11 @@
|
||||
},
|
||||
"nixos-hardware": {
|
||||
"locked": {
|
||||
"lastModified": 1728056216,
|
||||
"narHash": "sha256-IrO06gFUDTrTlIP3Sz+mRB6WUoO2YsgMtOD3zi0VEt0=",
|
||||
"lastModified": 1752048960,
|
||||
"narHash": "sha256-gATnkOe37eeVwKKYCsL+OnS2gU4MmLuZFzzWCtaKLI8=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixos-hardware",
|
||||
"rev": "b7ca02c7565fbf6d27ff20dd6dbd49c5b82eef28",
|
||||
"rev": "7ced9122cff2163c6a0212b8d1ec8c33a1660806",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -208,61 +257,20 @@
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1740374225,
|
||||
"narHash": "sha256-Dnmzy5YWUVj3BNaZo5jRpZslXexbNKEk3ADGGcz9RpY=",
|
||||
"lastModified": 1752431364,
|
||||
"narHash": "sha256-ciGIXIMq2daX5o4Tn6pnZTd1pf5FICHbqUlHu658G9c=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "3349acd765bdffe454f7c8bbc450855577c1a6cf",
|
||||
"rev": "fb0f0dbfd95f0e19fdeab8e0f18bf0b5cf057b68",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "master",
|
||||
"ref": "release-25.05",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"radio": {
|
||||
"inputs": {
|
||||
"flake-utils": [
|
||||
"flake-utils"
|
||||
],
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1631585589,
|
||||
"narHash": "sha256-q4o/4/2pEuJyaKZwNQC5KHnzG1obClzFB7zWk9XSDfY=",
|
||||
"ref": "main",
|
||||
"rev": "5bf607fed977d41a269942a7d1e92f3e6d4f2473",
|
||||
"revCount": 38,
|
||||
"type": "git",
|
||||
"url": "https://git.neet.dev/zuckerberg/radio.git"
|
||||
},
|
||||
"original": {
|
||||
"ref": "main",
|
||||
"rev": "5bf607fed977d41a269942a7d1e92f3e6d4f2473",
|
||||
"type": "git",
|
||||
"url": "https://git.neet.dev/zuckerberg/radio.git"
|
||||
}
|
||||
},
|
||||
"radio-web": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1652121792,
|
||||
"narHash": "sha256-j1Y9MAjUVNgyFSeGzPoqibAnEysJDjZSXukVfQ7+bsQ=",
|
||||
"ref": "refs/heads/master",
|
||||
"rev": "72e7a9e80b780c84ed8d4a6374bfbb242701f900",
|
||||
"revCount": 5,
|
||||
"type": "git",
|
||||
"url": "https://git.neet.dev/zuckerberg/radio-web.git"
|
||||
},
|
||||
"original": {
|
||||
"type": "git",
|
||||
"url": "https://git.neet.dev/zuckerberg/radio-web.git"
|
||||
}
|
||||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"agenix": "agenix",
|
||||
@ -274,8 +282,6 @@
|
||||
"nix-index-database": "nix-index-database",
|
||||
"nixos-hardware": "nixos-hardware",
|
||||
"nixpkgs": "nixpkgs",
|
||||
"radio": "radio",
|
||||
"radio-web": "radio-web",
|
||||
"simple-nixos-mailserver": "simple-nixos-mailserver",
|
||||
"systems": "systems"
|
||||
}
|
||||
@ -286,24 +292,25 @@
|
||||
"flake-compat": [
|
||||
"flake-compat"
|
||||
],
|
||||
"git-hooks": "git-hooks",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
],
|
||||
"nixpkgs-24_05": [
|
||||
"nixpkgs-25_05": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1722877200,
|
||||
"narHash": "sha256-qgKDNJXs+od+1UbRy62uk7dYal3h98I4WojfIqMoGcg=",
|
||||
"lastModified": 1747965231,
|
||||
"narHash": "sha256-BW3ktviEhfCN/z3+kEyzpDKAI8qFTwO7+S0NVA0C90o=",
|
||||
"owner": "simple-nixos-mailserver",
|
||||
"repo": "nixos-mailserver",
|
||||
"rev": "af7d3bf5daeba3fc28089b015c0dd43f06b176f2",
|
||||
"rev": "53007af63fade28853408370c4c600a63dd97f41",
|
||||
"type": "gitlab"
|
||||
},
|
||||
"original": {
|
||||
"owner": "simple-nixos-mailserver",
|
||||
"ref": "master",
|
||||
"ref": "nixos-25.05",
|
||||
"repo": "nixos-mailserver",
|
||||
"type": "gitlab"
|
||||
}
|
||||
|
34
flake.nix
34
flake.nix
@ -1,7 +1,7 @@
|
||||
{
|
||||
inputs = {
|
||||
# nixpkgs
|
||||
nixpkgs.url = "github:NixOS/nixpkgs/master";
|
||||
nixpkgs.url = "github:NixOS/nixpkgs/release-25.05";
|
||||
|
||||
# Common Utils Among flake inputs
|
||||
systems.url = "github:nix-systems/default";
|
||||
@ -19,16 +19,16 @@
|
||||
|
||||
# Home Manager
|
||||
home-manager = {
|
||||
url = "github:nix-community/home-manager";
|
||||
url = "github:nix-community/home-manager/release-25.05";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
|
||||
# Mail Server
|
||||
simple-nixos-mailserver = {
|
||||
url = "gitlab:simple-nixos-mailserver/nixos-mailserver/master";
|
||||
url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-25.05";
|
||||
inputs = {
|
||||
nixpkgs.follows = "nixpkgs";
|
||||
nixpkgs-24_05.follows = "nixpkgs";
|
||||
nixpkgs-25_05.follows = "nixpkgs";
|
||||
flake-compat.follows = "flake-compat";
|
||||
};
|
||||
};
|
||||
@ -43,19 +43,6 @@
|
||||
};
|
||||
};
|
||||
|
||||
# Radio
|
||||
radio = {
|
||||
url = "git+https://git.neet.dev/zuckerberg/radio.git?ref=main&rev=5bf607fed977d41a269942a7d1e92f3e6d4f2473";
|
||||
inputs = {
|
||||
nixpkgs.follows = "nixpkgs";
|
||||
flake-utils.follows = "flake-utils";
|
||||
};
|
||||
};
|
||||
radio-web = {
|
||||
url = "git+https://git.neet.dev/zuckerberg/radio-web.git";
|
||||
flake = false;
|
||||
};
|
||||
|
||||
# Dailybot
|
||||
dailybuild_modules = {
|
||||
url = "git+https://git.neet.dev/zuckerberg/dailybot.git";
|
||||
@ -84,13 +71,11 @@
|
||||
|
||||
outputs = { self, nixpkgs, ... }@inputs:
|
||||
let
|
||||
machines = (import ./common/machine-info/moduleless.nix
|
||||
machineHosts = (import ./common/machine-info/moduleless.nix
|
||||
{
|
||||
inherit nixpkgs;
|
||||
assertionsModule = "${nixpkgs}/nixos/modules/misc/assertions.nix";
|
||||
}).machines;
|
||||
machineHosts = machines.hosts;
|
||||
machineRoles = machines.roles;
|
||||
}).machines.hosts;
|
||||
in
|
||||
{
|
||||
nixosConfigurations =
|
||||
@ -115,10 +100,7 @@
|
||||
|
||||
home-manager.useGlobalPkgs = true;
|
||||
home-manager.useUserPackages = true;
|
||||
home-manager.users.googlebot = import ./home/googlebot.nix {
|
||||
inherit hostname;
|
||||
inherit machineRoles;
|
||||
};
|
||||
home-manager.users.googlebot = import ./home/googlebot.nix;
|
||||
};
|
||||
|
||||
# because nixos specialArgs doesn't work for containers... need to pass in inputs a different way
|
||||
@ -136,7 +118,7 @@
|
||||
name = "nixpkgs-patched";
|
||||
src = nixpkgs;
|
||||
patches = [
|
||||
./patches/gamepadui.patch
|
||||
# ./patches/gamepadui.patch
|
||||
./patches/dont-break-nix-serve.patch
|
||||
];
|
||||
};
|
||||
|
@ -1,9 +1,8 @@
|
||||
{ hostname, machineRoles }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
{ config, lib, pkgs, osConfig, ... }:
|
||||
|
||||
let
|
||||
# Check if the current machine has the role "personal"
|
||||
thisMachineIsPersonal = builtins.elem hostname machineRoles.personal;
|
||||
thisMachineIsPersonal = osConfig.thisMachine.hasRole."personal";
|
||||
in
|
||||
{
|
||||
home.username = "googlebot";
|
||||
@ -12,6 +11,43 @@ in
|
||||
home.stateVersion = "24.11";
|
||||
programs.home-manager.enable = true;
|
||||
|
||||
services.ssh-agent.enable = true;
|
||||
|
||||
# System Monitoring
|
||||
programs.btop.enable = true;
|
||||
programs.bottom.enable = true;
|
||||
|
||||
# Modern "ls" replacement
|
||||
programs.pls.enable = true;
|
||||
programs.pls.enableFishIntegration = true;
|
||||
programs.eza.enable = true;
|
||||
|
||||
# Graphical terminal
|
||||
programs.ghostty.enable = thisMachineIsPersonal;
|
||||
|
||||
# Advanced terminal file explorer
|
||||
programs.broot.enable = true;
|
||||
|
||||
# Shell promt theming
|
||||
programs.fish.enable = true;
|
||||
programs.starship.enable = true;
|
||||
programs.starship.enableFishIntegration = true;
|
||||
programs.starship.enableInteractive = true;
|
||||
# programs.oh-my-posh.enable = true;
|
||||
# programs.oh-my-posh.enableFishIntegration = true;
|
||||
|
||||
# Advanced search
|
||||
programs.ripgrep.enable = true;
|
||||
|
||||
# tldr: Simplified, example based and community-driven man pages.
|
||||
programs.tealdeer.enable = true;
|
||||
|
||||
home.shellAliases = {
|
||||
sudo = "doas";
|
||||
ls2 = "eza";
|
||||
explorer = "broot";
|
||||
};
|
||||
|
||||
programs.zed-editor = {
|
||||
enable = thisMachineIsPersonal;
|
||||
extensions = [
|
||||
|
@ -6,7 +6,7 @@
|
||||
nixos-hardware.nixosModules.framework-13-7040-amd
|
||||
];
|
||||
|
||||
boot.kernelPackages = pkgs.linuxPackages_latest;
|
||||
boot.kernelPackages = pkgs.linuxPackages_6_14;
|
||||
|
||||
hardware.framework.amd-7040.preventWakeOnAC = true;
|
||||
services.fwupd.enable = true;
|
||||
|
@ -15,10 +15,6 @@
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKPnLt84bKhUgFxjQf10+Htro9Lo1Pabqm8mGalBUniv"
|
||||
];
|
||||
|
||||
deployKeys = [
|
||||
# TODO
|
||||
];
|
||||
|
||||
remoteUnlock = {
|
||||
hostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN0N80r0Sl2WlJaUqfxZPkOtYyGumFazkIqq7eq3Gd2o";
|
||||
onionHost = "ll6yjnkh4psmfwmtkmqoutl4gq4elqzbmjxv4s6gpgoavyi3kwhjvnqd.onion";
|
||||
|
@ -56,44 +56,6 @@
|
||||
config.services.drastikbot.dataDir
|
||||
];
|
||||
|
||||
# music radio
|
||||
vpn-container.enable = true;
|
||||
vpn-container.config = {
|
||||
services.radio = {
|
||||
enable = true;
|
||||
host = "radio.runyan.org";
|
||||
};
|
||||
};
|
||||
pia.wireguard.badPortForwardPorts = [ ];
|
||||
services.nginx.virtualHosts = {
|
||||
"radio.runyan.org" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations = {
|
||||
"/stream.mp3" = {
|
||||
proxyPass = "http://vpn.containers:8001/stream.mp3";
|
||||
extraConfig = ''
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
'';
|
||||
};
|
||||
"/".root = config.inputs.radio-web;
|
||||
};
|
||||
};
|
||||
"radio.neet.space" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations = {
|
||||
"/stream.mp3" = {
|
||||
proxyPass = "http://vpn.containers:8001/stream.mp3";
|
||||
extraConfig = ''
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
'';
|
||||
};
|
||||
"/".root = config.inputs.radio-web;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# matrix home server
|
||||
services.matrix = {
|
||||
enable = true;
|
||||
@ -116,7 +78,7 @@
|
||||
services.postgresql.package = pkgs.postgresql_15;
|
||||
|
||||
# iodine DNS-based vpn
|
||||
services.iodine.server.enable = true;
|
||||
# services.iodine.server.enable = true;
|
||||
|
||||
# proxied web services
|
||||
services.nginx.enable = true;
|
||||
@ -133,12 +95,12 @@
|
||||
root = "/var/www/tmp";
|
||||
};
|
||||
|
||||
# redirect runyan.org to github
|
||||
services.nginx.virtualHosts."runyan.org" = {
|
||||
# redirect neet.cloud to nextcloud instance on runyan.org
|
||||
services.nginx.virtualHosts."neet.cloud" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
extraConfig = ''
|
||||
rewrite ^/(.*)$ https://github.com/GoogleBot42 redirect;
|
||||
return 302 https://runyan.org$request_uri;
|
||||
'';
|
||||
};
|
||||
|
||||
@ -149,7 +111,4 @@
|
||||
# librechat
|
||||
services.librechat.enable = true;
|
||||
services.librechat.host = "chat.neet.dev";
|
||||
|
||||
services.actual-server.enable = true;
|
||||
services.actual-server.hostname = "actual.runyan.org";
|
||||
}
|
||||
|
@ -214,15 +214,6 @@
|
||||
statusCheck = true;
|
||||
id = "0_836_matrix";
|
||||
};
|
||||
radio = {
|
||||
title = "Radio";
|
||||
description = "Radio service";
|
||||
icon = "generative";
|
||||
url = "https://radio.runyan.org";
|
||||
target = "sametab";
|
||||
statusCheck = true;
|
||||
id = "1_836_radio";
|
||||
};
|
||||
mumble = {
|
||||
title = "Mumble";
|
||||
description = "voice.neet.space";
|
||||
@ -280,7 +271,6 @@
|
||||
};
|
||||
servicesList = [
|
||||
servicesItems.matrix
|
||||
servicesItems.radio
|
||||
servicesItems.mumble
|
||||
servicesItems.irc
|
||||
servicesItems.git
|
||||
|
@ -20,13 +20,13 @@
|
||||
secretKeyFile = "/run/agenix/binary-cache-private-key";
|
||||
};
|
||||
age.secrets.binary-cache-private-key.file = ../../../secrets/binary-cache-private-key.age;
|
||||
users.users.cache-push = {
|
||||
isNormalUser = true;
|
||||
openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINpUZFFL9BpBVqeeU63sFPhR9ewuhEZerTCDIGW1NPSB" ];
|
||||
};
|
||||
nix.settings = {
|
||||
trusted-users = [ "cache-push" ];
|
||||
};
|
||||
# users.users.cache-push = {
|
||||
# isNormalUser = true;
|
||||
# openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINpUZFFL9BpBVqeeU63sFPhR9ewuhEZerTCDIGW1NPSB" ];
|
||||
# };
|
||||
# nix.settings = {
|
||||
# trusted-users = [ "cache-push" ];
|
||||
# };
|
||||
|
||||
services.iperf3.enable = true;
|
||||
services.iperf3.openFirewall = true;
|
||||
@ -75,6 +75,32 @@
|
||||
services.lidarr.enable = true;
|
||||
services.lidarr.user = "public_data";
|
||||
services.lidarr.group = "public_data";
|
||||
services.recyclarr = {
|
||||
enable = true;
|
||||
configuration = {
|
||||
radarr.radarr_main = {
|
||||
api_key = {
|
||||
_secret = "/run/credentials/recyclarr.service/radarr-api-key";
|
||||
};
|
||||
base_url = "http://localhost:7878";
|
||||
|
||||
quality_definition.type = "movie";
|
||||
};
|
||||
sonarr.sonarr_main = {
|
||||
api_key = {
|
||||
_secret = "/run/credentials/recyclarr.service/sonarr-api-key";
|
||||
};
|
||||
base_url = "http://localhost:8989";
|
||||
|
||||
quality_definition.type = "series";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.recyclarr.serviceConfig.LoadCredential = [
|
||||
"radarr-api-key:/run/agenix/radarr-api-key"
|
||||
"sonarr-api-key:/run/agenix/sonarr-api-key"
|
||||
];
|
||||
|
||||
services.transmission = {
|
||||
enable = true;
|
||||
@ -145,6 +171,8 @@
|
||||
8686 # lidarr
|
||||
9091 # transmission web
|
||||
];
|
||||
age.secrets.radarr-api-key.file = ../../../secrets/radarr-api-key.age;
|
||||
age.secrets.sonarr-api-key.file = ../../../secrets/sonarr-api-key.age;
|
||||
|
||||
# jellyfin
|
||||
# jellyfin cannot run in the vpn container and use hardware encoding
|
||||
@ -222,6 +250,7 @@
|
||||
(mkVirtualHost "vacuum.s0.neet.dev" "http://192.168.1.125") # valetudo
|
||||
(mkVirtualHost "sandman.s0.neet.dev" "http://192.168.9.14:3000") # es
|
||||
(mkVirtualHost "todo.s0.neet.dev" "http://localhost:${toString config.services.vikunja.port}")
|
||||
(mkVirtualHost "budget.s0.neet.dev" "http://localhost:${toString config.services.actual.settings.port}") # actual budget
|
||||
];
|
||||
|
||||
tailscaleAuth = {
|
||||
@ -270,7 +299,6 @@
|
||||
openMinimalFirewall = true;
|
||||
};
|
||||
|
||||
# TODO: setup backup
|
||||
services.vikunja = {
|
||||
enable = true;
|
||||
port = 61473;
|
||||
@ -284,5 +312,7 @@
|
||||
"/var/lib/vikunja"
|
||||
];
|
||||
|
||||
services.actual.enable = true;
|
||||
|
||||
boot.binfmt.emulatedSystems = [ "aarch64-linux" "armv7l-linux" ];
|
||||
}
|
||||
|
@ -136,37 +136,16 @@ lib.mkMerge [
|
||||
}
|
||||
{
|
||||
# hardware encode/decode with amdgpu vaapi
|
||||
systemd.services.frigate = {
|
||||
environment.LIBVA_DRIVER_NAME = "radeonsi";
|
||||
serviceConfig = {
|
||||
SupplementaryGroups = [ "render" "video" ]; # for access to dev/dri/*
|
||||
AmbientCapabilities = "CAP_PERFMON";
|
||||
};
|
||||
};
|
||||
services.frigate.vaapiDriver = "radeonsi";
|
||||
services.frigate.settings.ffmpeg.hwaccel_args = "preset-vaapi";
|
||||
}
|
||||
{
|
||||
# Coral TPU for frigate
|
||||
services.udev.packages = [ pkgs.libedgetpu ];
|
||||
users.groups.apex = { };
|
||||
systemd.services.frigate.environment.LD_LIBRARY_PATH = "${pkgs.libedgetpu}/lib";
|
||||
systemd.services.frigate.serviceConfig.SupplementaryGroups = [ "apex" ];
|
||||
|
||||
# Coral PCIe driver
|
||||
boot.extraModulePackages = with config.boot.kernelPackages; [ gasket ];
|
||||
services.udev.extraRules = ''
|
||||
SUBSYSTEM=="apex", MODE="0660", GROUP="apex"
|
||||
'';
|
||||
|
||||
services.frigate.settings.detectors.coral = {
|
||||
type = "edgetpu";
|
||||
device = "pci";
|
||||
};
|
||||
}
|
||||
{
|
||||
# Fix bug in nixos module where cache is not cleared when starting the service because "rm" cannot be found
|
||||
systemd.services.frigate.serviceConfig.ExecStartPre = lib.mkForce "${pkgs.bash}/bin/sh -c 'rm -f /var/cache/frigate/*.mp4'";
|
||||
}
|
||||
{
|
||||
# Don't require authentication for frigate
|
||||
# This is ok because the reverse proxy already requires tailscale access anyway
|
||||
|
@ -47,6 +47,7 @@
|
||||
enable = true;
|
||||
extraComponents = [
|
||||
"default_config"
|
||||
"rest_command"
|
||||
"esphome"
|
||||
"met"
|
||||
"radio_browser"
|
||||
@ -75,7 +76,6 @@
|
||||
"zha"
|
||||
"bluetooth"
|
||||
];
|
||||
# config = null;
|
||||
config = {
|
||||
# Includes dependencies for a basic setup
|
||||
# https://www.home-assistant.io/integrations/default_config/
|
||||
@ -94,6 +94,15 @@
|
||||
];
|
||||
# Allow using automations generated from the UI
|
||||
"automation ui" = "!include automations.yaml";
|
||||
|
||||
"rest_command" = {
|
||||
json_post_request = {
|
||||
url = "{{ url }}";
|
||||
method = "POST";
|
||||
content_type = "application/json";
|
||||
payload = "{{ payload | default('{}') }}";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
@ -1,6 +1,7 @@
|
||||
{
|
||||
hostNames = [
|
||||
"s0"
|
||||
"s0.neet.dev"
|
||||
];
|
||||
|
||||
arch = "x86_64-linux";
|
||||
@ -13,12 +14,15 @@
|
||||
"gitea-actions-runner"
|
||||
"frigate"
|
||||
"zigbee"
|
||||
"media-server"
|
||||
];
|
||||
|
||||
hostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAwiXcUFtAvZCayhu4+AIcF+Ktrdgv9ee/mXSIhJbp4q";
|
||||
|
||||
remoteUnlock = {
|
||||
hostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFNiceeFMos5ZXcYem4yFxh8PiZNNnuvhlyLbQLrgIZH";
|
||||
|
||||
clearnetHost = "192.168.1.2";
|
||||
onionHost = "r3zvf7f2ppaeithzswigma46pajt3hqytmkg3rshgknbl3jbni455fqd.onion";
|
||||
};
|
||||
}
|
||||
|
@ -1,39 +0,0 @@
|
||||
{ lib
|
||||
, buildNpmPackage
|
||||
, fetchFromGitHub
|
||||
, python3
|
||||
, nodejs
|
||||
, runtimeShell
|
||||
}:
|
||||
buildNpmPackage rec {
|
||||
pname = "actual-server";
|
||||
version = "24.10.1";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "actualbudget";
|
||||
repo = pname;
|
||||
rev = "refs/tags/v${version}";
|
||||
hash = "sha256-VJAD+lNamwuYmiPJLXkum6piGi5zLOHBp8cUeZagb4s=";
|
||||
};
|
||||
|
||||
npmDepsHash = "sha256-Z2e4+JMhI/keLerT0F4WYdLnXHRQCqL7NjNyA9SFEF8=";
|
||||
|
||||
patches = [
|
||||
./migrations-should-use-pkg-path.patch
|
||||
];
|
||||
|
||||
postPatch = ''
|
||||
cp ${./package-lock.json} package-lock.json
|
||||
'';
|
||||
|
||||
dontNpmBuild = true;
|
||||
|
||||
postInstall = ''
|
||||
mkdir -p $out/bin
|
||||
cat <<EOF > $out/bin/actual-server
|
||||
#!${runtimeShell}
|
||||
exec ${nodejs}/bin/node $out/lib/node_modules/actual-sync/app.js "\$@"
|
||||
EOF
|
||||
chmod +x $out/bin/actual-server
|
||||
'';
|
||||
}
|
@ -1,48 +0,0 @@
|
||||
diff --git a/src/load-config.js b/src/load-config.js
|
||||
index d99ce42..42d1351 100644
|
||||
--- a/src/load-config.js
|
||||
+++ b/src/load-config.js
|
||||
@@ -3,7 +3,8 @@ import path from 'node:path';
|
||||
import { fileURLToPath } from 'node:url';
|
||||
import createDebug from 'debug';
|
||||
|
||||
-const debug = createDebug('actual:config');
|
||||
+// const debug = createDebug('actual:config');
|
||||
+const debug = console.log;
|
||||
const debugSensitive = createDebug('actual-sensitive:config');
|
||||
|
||||
const projectRoot = path.dirname(path.dirname(fileURLToPath(import.meta.url)));
|
||||
@@ -108,6 +109,7 @@ const finalConfig = {
|
||||
serverFiles: process.env.ACTUAL_SERVER_FILES || config.serverFiles,
|
||||
userFiles: process.env.ACTUAL_USER_FILES || config.userFiles,
|
||||
webRoot: process.env.ACTUAL_WEB_ROOT || config.webRoot,
|
||||
+ dataDir: process.env.ACTUAL_DATA_DIR || config.dataDir,
|
||||
https:
|
||||
process.env.ACTUAL_HTTPS_KEY && process.env.ACTUAL_HTTPS_CERT
|
||||
? {
|
||||
diff --git a/src/migrations.js b/src/migrations.js
|
||||
index cba7db0..9983471 100644
|
||||
--- a/src/migrations.js
|
||||
+++ b/src/migrations.js
|
||||
@@ -1,6 +1,12 @@
|
||||
import migrate from 'migrate';
|
||||
import path from 'node:path';
|
||||
import config from './load-config.js';
|
||||
+import { fileURLToPath } from 'url';
|
||||
+
|
||||
+const __filename = fileURLToPath(import.meta.url);
|
||||
+const __dirname = path.dirname(__filename);
|
||||
+const appRoot = path.dirname(__dirname);
|
||||
+const migrationsDirectory = path.join(appRoot, "migrations");
|
||||
|
||||
export default function run(direction = 'up') {
|
||||
console.log(
|
||||
@@ -13,7 +19,7 @@ export default function run(direction = 'up') {
|
||||
stateStore: `${path.join(config.dataDir, '.migrate')}${
|
||||
config.mode === 'test' ? '-test' : ''
|
||||
}`,
|
||||
- migrationsDirectory: `${path.join(config.projectRoot, 'migrations')}`,
|
||||
+ migrationsDirectory
|
||||
},
|
||||
(err, set) => {
|
||||
if (err) {
|
8954
overlays/actualbudget/package-lock.json
generated
8954
overlays/actualbudget/package-lock.json
generated
File diff suppressed because it is too large
Load Diff
@ -4,10 +4,4 @@ final: prev:
|
||||
let
|
||||
system = prev.system;
|
||||
in
|
||||
{
|
||||
actual-server = prev.callPackage ./actualbudget { };
|
||||
|
||||
# Copied entire package from nixpkgs to downgrade to python 3.11 since 3.12 is broken.
|
||||
# See: https://github.com/Py-KMS-Organization/py-kms/issues/117
|
||||
pykms = prev.callPackage ./pykms.nix { };
|
||||
}
|
||||
{ }
|
||||
|
@ -1,103 +0,0 @@
|
||||
{ lib
|
||||
, fetchFromGitHub
|
||||
, python311
|
||||
, writeText
|
||||
, writeShellScript
|
||||
, sqlite
|
||||
, nixosTests
|
||||
}:
|
||||
let
|
||||
pypkgs = python311.pkgs;
|
||||
|
||||
dbSql = writeText "create_pykms_db.sql" ''
|
||||
CREATE TABLE clients(
|
||||
clientMachineId TEXT,
|
||||
machineName TEXT,
|
||||
applicationId TEXT,
|
||||
skuId TEXT,
|
||||
licenseStatus TEXT,
|
||||
lastRequestTime INTEGER,
|
||||
kmsEpid TEXT,
|
||||
requestCount INTEGER
|
||||
);
|
||||
'';
|
||||
|
||||
dbScript = writeShellScript "create_pykms_db.sh" ''
|
||||
set -eEuo pipefail
|
||||
|
||||
db=''${1:-/var/lib/pykms/clients.db}
|
||||
|
||||
if [ ! -e $db ] ; then
|
||||
${lib.getBin sqlite}/bin/sqlite3 $db < ${dbSql}
|
||||
fi
|
||||
'';
|
||||
|
||||
in
|
||||
pypkgs.buildPythonApplication rec {
|
||||
pname = "pykms";
|
||||
version = "unstable-2024-05-28";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "Py-KMS-Organization";
|
||||
repo = "py-kms";
|
||||
rev = "646f4766f4195dbea0695700a7ddaac70a3294f9";
|
||||
hash = "sha256-YCqPo7WkCfXyuTjL4IYapdcUN/Vj465Jz6XhQessyz0=";
|
||||
};
|
||||
|
||||
sourceRoot = "${src.name}/py-kms";
|
||||
|
||||
propagatedBuildInputs = with pypkgs; [
|
||||
systemd
|
||||
pytz
|
||||
tzlocal
|
||||
dnspython
|
||||
];
|
||||
|
||||
postPatch = ''
|
||||
siteDir=$out/${python311.sitePackages}
|
||||
|
||||
substituteInPlace pykms_DB2Dict.py \
|
||||
--replace "'KmsDataBase.xml'" "'$siteDir/KmsDataBase.xml'"
|
||||
'';
|
||||
|
||||
format = "other";
|
||||
|
||||
# there are no tests
|
||||
doCheck = false;
|
||||
|
||||
installPhase = ''
|
||||
runHook preInstall
|
||||
|
||||
mkdir -p $siteDir
|
||||
|
||||
PYTHONPATH="$PYTHONPATH:$siteDir"
|
||||
|
||||
mv * $siteDir
|
||||
for b in Client Server ; do
|
||||
makeWrapper ${python311.interpreter} $out/bin/''${b,,} \
|
||||
--argv0 pykms-''${b,,} \
|
||||
--add-flags $siteDir/pykms_$b.py \
|
||||
--set PYTHONPATH $PYTHONPATH
|
||||
done
|
||||
|
||||
install -Dm755 ${dbScript} $out/libexec/create_pykms_db.sh
|
||||
|
||||
install -Dm644 ../README.md -t $out/share/doc/pykms
|
||||
|
||||
${python311.interpreter} -m compileall $siteDir
|
||||
|
||||
runHook postInstall
|
||||
'';
|
||||
|
||||
passthru.tests = { inherit (nixosTests) pykms; };
|
||||
|
||||
meta = with lib; {
|
||||
description = "Windows KMS (Key Management Service) server written in Python";
|
||||
homepage = "https://github.com/Py-KMS-Organization/py-kms";
|
||||
license = licenses.unlicense;
|
||||
maintainers = with maintainers; [
|
||||
peterhoeg
|
||||
zopieux
|
||||
];
|
||||
};
|
||||
}
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
@ -1,10 +1,9 @@
|
||||
age-encryption.org/v1
|
||||
-> ssh-ed25519 6AT2/g WZ9p/pCsEDpKbgGDLcTtisn25kExQX9iv+tL3wyPwiY
|
||||
vom2z9QRIQSFB0+4/7lSWUEB0eoAG+08nXgiUg/OSX4
|
||||
-> ssh-ed25519 w3nu8g ECLZwCRJVJqyUMf70EOl2/3ExTruKaxCSQlY5fBZqxk
|
||||
VemnmGpzx1VprkybW1hPlkfmiDaNcBDoEzX0mDZgmu0
|
||||
-> ssh-ed25519 dMQYog QiPsbFE8MtXnRNBwkUEC+6grqXEbDstEtxYR8uJks2w
|
||||
O3JWQGppFeZEd6o3W0KVTEIyNVGeLxKfTYTlgsAEVHQ
|
||||
--- RncZzBFEyMAkpZRWrPORA0DPHuCTNswmWG5CMNnfm4A
|
||||
ñ/¼ÔËõôŒ8nàÅ¥«¸7hîtä?T˜=‘%zˆ°[¤ÝØ!(…uÔdÇuò@
|
||||
×¢Ebƒyަù¦D=Ü!‹„XþtÞÔ:#¦þþãÞXÈX@ú_M‘
|
||||
-> ssh-ed25519 6AT2/g lQvZqYp05ofMG2kPUYVMOkJssssOmg9lLiTDxscDFHA
|
||||
JWRyQo5MqQjz5b+uNLhLYgqOqWpQZdG9dU9ptfhWYaU
|
||||
-> ssh-ed25519 w3nu8g kqS10jUVfZqs/x3R3dm0IFGfouGUJUakLjwn0TogbgU
|
||||
RbUZQudujtzn7ci1HRchuUoXSyBb/KbKta/QvIbIeso
|
||||
-> ssh-ed25519 evqvfg U29OBOuOrgX8/Uhok1AQ8p8inLf+bBWHJhvDWCHkZko
|
||||
oBwfJlFRQqUHYlyVRxqqdMkxKe2uTP7Z2ZCwk+Bk9yU
|
||||
--- XMwxBGyVUG3OX1m8OnC1Eavnj+HCywi2VFGC6Vnp/k0
|
||||
âþd~O7—<37>rΘªVVÝʉ¹„ùnÒ4•bKd÷õïyéœp<Öþ‹,pֲ˯³Ð"æÒ0CdBMº2kœ ÔêñÐÏjú¬ŠØ£ÒØD~§ì%)×4û5
|
@ -1,11 +1,14 @@
|
||||
age-encryption.org/v1
|
||||
-> ssh-ed25519 WBT1Hw TGdD8Nw+GPITDOXGhevSu+880DWET7WYN3nIyJ0xy2o
|
||||
69xepRTnmaFwa4IsGJjDdwZqTSf5fz6EZK0/q3oz/ZA
|
||||
-> ssh-ed25519 6AT2/g EmqXrXXsRxSS6AsH+7VMgoJTYo9eGj8ebLiLT4IWNxg
|
||||
eKs5/3tQMdg5bGJKNz8PFh9C7HiV+IlOU9dzpYcGIjo
|
||||
-> ssh-ed25519 hPp1nw wsIF676is8FquF6oANNauPrumsMnfVUZpPeVKEtBOzQ
|
||||
qZR8LSF+TQ2K3K0An69NHfk53ZqNEWev0IVcb71SR40
|
||||
-> ssh-ed25519 w3nu8g TKHY/5JuzFMhbW9CQAOI3woX8M9b1H/XXUpIMT0Mylk
|
||||
byJV0/BJ3ftG5eYv5BeyIYBi0VoWG31HRiENUxSeYE8
|
||||
--- fwHXHtE/sMLqCLSD8tR0oCPgNuif9Y/ncHU97hbf/Bw
|
||||
f"+ÉŒqc<71>H†Ñjï!JSšË¡Ì|yMìðX¼þMl<4D>ýçCy™îUXn»Égk¨ë)¤óOY§uº„¦²¶g%è Håvn·œ5ô!$Jœ¤Š…¶›$<24>#Dö;±¥àÖ }ÏŸcçKšˆ{R/
|
||||
-> ssh-ed25519 WBT1Hw +mmh+AeldhS/z282wz0d6rfklNpQLFE4M+hAL20XH3c
|
||||
zyyxtRp6P6ZFdn+1NqVonEfYPtozAgDEZQWnCUbahak
|
||||
-> ssh-ed25519 6AT2/g TZYBBcBMnmUegRKEx4tBvbFroHV+AM+KKuE0lNOD928
|
||||
w0d0EBpnrF9rk2SH5ROLyqqgmb2y0KD0sDiSa+gt5Vw
|
||||
-> ssh-ed25519 hPp1nw bQSu9KjCmPIwjHrw3GXI8F807y1kCi9CvCKE/Q4+fBA
|
||||
BbYsl7XxNsDET3ldgQWtJCEI6euMZ/BtghEBxlOo+kg
|
||||
-> ssh-ed25519 w3nu8g +MWibl8Un6Ga7bNAaFqZ83H4ERtBfkAeFI4q6BtpUHo
|
||||
mB4oxmiYNgrUBwNrG5slhQtT6yttSWiaq0M0DYGrK8A
|
||||
-> ssh-ed25519 evqvfg gcBt9ZQ2Um08Q1b1k1UQhj0oUpLbKLuFycs4cfAe/G0
|
||||
YMK/4+LfAYuj6TwT+NOdLQNHfuj9rnhFaNUu+tkMX9M
|
||||
--- 9dISdhi6vbWXis37GEw2vb/ZaBFR3srYKlyc0N1cEP0
|
||||
¹ÙÍhž~ó 4ZK1y¨tuïád,¹Àþ<7F>zôÐ(´›W6È]ïZïö?‹S0òQ;*ôêÃvw£~ÎGPÁì
|
||||
BÚí@,‰à\1gø.^Œ3)Z£f$xæS˜Ô&4…„ŒÆ<C592>¸¶mýEj[OK:Z<>L
|
@ -1,7 +1,10 @@
|
||||
age-encryption.org/v1
|
||||
-> ssh-ed25519 hPp1nw zOXF7NsZjm+DCYrJ+Ap2mX35JUt37CLJP1RhyOjB/XE
|
||||
ePprJM2cnhYZhP8aJUXOZeGHJm/DHlRYomWN+lFaU6w
|
||||
-> ssh-ed25519 w3nu8g gjeFAbFWXyPdGauKHXAzuIP9fmaj2Oysq9fHO8q7u38
|
||||
KiMR0pgEPtsfZnYAIsH7UHNhnsB6rtsW/hqV03uS2dI
|
||||
--- BPzPECz1g6vEv4OlRn6+FnWP9oq3tn6TN2o867icxYA
|
||||
}ìjºùŽ+l&þàx<C3A0>-TïÝ‹b‡ÅèØÄ·<C384>€Dg‰ñgc’*ˆ0<CB86>÷µcp
…}uþ‹7Íßã%9Ð%ŽÒú›©S¥ ‰|šôêöQœÃ*9Ø$ä ŽŠ
ÍÖi;)c?ÍÍýGh¤VvªnlÚs¤Ç)r }ÒhE5K‡bg–-<2D>®
|
||||
-> ssh-ed25519 hPp1nw z8hVbU48K+xyH8zxVXjy7sE35GcdSTeGIu/ywdtRBkQ
|
||||
ynwH7Jug9yK4iCLYIwUn5paYQISWDVYTkq+7rklAW8Y
|
||||
-> ssh-ed25519 w3nu8g hP/IbrLUi/tvOOu5pRKWGIfbiGnQofR/s7V9kUcMUzs
|
||||
kZLewvTi5JQ5enF5Bl7wiGUJ2W3THTQVXkyXhLM/Xqg
|
||||
-> ssh-ed25519 evqvfg s+mq+Pr3fCKSm6dG+p7tF1piR6KZztgH/j0+0S9W7i4
|
||||
T9KzT/+WK/XOeuWIyf2/eNQz/ytmOYzAjzzZmlY2Ppg
|
||||
--- A4sCAKn9DQwaSQIdyRYe9XwKvMosCLmdP7RQId7l6vA
|
||||
›BQ{™Uœƒ¢þi&º°ÞV,çÝÜ93÷¸ñl`™<Ê‹(à½îÇÆ×-«=ÇÒivÒ
|
||||
Ò&7»Ë#&Íÿì͇߿Ûee™<65>š€Kˆiç Ì×à–Â[e¶û·Þ®‹lD?¥œU-Nÿ‚pÐ,þ¤cן-
!LMÝxh™¾<E284A2>釺³
|
@ -1,11 +1,9 @@
|
||||
age-encryption.org/v1
|
||||
-> ssh-ed25519 WBT1Hw PbGwwDeulHF6kdh073rq0RvD1hlx6spnKNgKU+QeDAw
|
||||
7dITwSQ2p1LZuaVEzLxcGOhB97MQT2zGoRrnNUMcOFk
|
||||
-> ssh-ed25519 hPp1nw Dn+5Fpme+JmRZKkCkqtCuD87p+sDYDA6OZ2aUmBkCRs
|
||||
Dgg3orXF4RYT/fHtc2tRuIhOQu48zICMqgPyV47vpf4
|
||||
-> ssh-ed25519 w3nu8g dghNLDH1Tm+sm42HXDhrLFtmU4iDF1yCGrO2VSgzZjo
|
||||
71scUVrGr4c4dunAFJYKd+uJ6aYJpSWBAk9swbv+IzM
|
||||
-> ssh-ed25519 dMQYog Wnl1+rh0Q3YD2s1UD0OYVm39wY/Uw1NRK3K7EFhFMls
|
||||
wXF6QBonlCalS1vI9cxzWgv1Gi+yAtYn6HrYCfpl5Nw
|
||||
--- rLOoGk0iX+wuNd1CKv7g2PRd2Ic+8JHCQhrVBaF9zbE
|
||||
<EFBFBD>òüüˤ/A¦Ì(ØiHC¸@¢Þð‰h`ˆ3ªá´' ¬ÚöáDì>ð¿¤~¸ÿÁö?ÑÃMêÙ@<40>t°(“Ò@ö׿^xÆMÉ}
|
||||
-> ssh-ed25519 hPp1nw bo+iestejjHIx0accmbyOgLJPRH5xMugtfwKgax+DCU
|
||||
smaxrCeUgUu9a5mnFlDBbTbw7gNFcLi6mVb3px8gYk0
|
||||
-> ssh-ed25519 w3nu8g bhpGV/Yfqfl7mrBgjCgVZEJIsRjXVOmQ2rU7dh+FQzw
|
||||
2irMVi9Vx3/PZT4fqYfcnU7q7wRCtUFOUPZ/X6fQuXw
|
||||
-> ssh-ed25519 evqvfg aic8EzOuwt6ojUoHaAlhy0IWmSzuOvXjBQrK/QSS2Vs
|
||||
tfw0GyfsovxlMeySyQULMECEoiEjPtdkoQ4OP/t9K9s
|
||||
--- uNvusvjFFt4Fza4a/hmns/tWm9LTE4fULWJ/1Gg3Izc
|
||||
Ax™ €¶;²þ¼[§²oÿ’®“'Lâ@«ö·^<5E>~9\jvCúUϳ$¦§hqÉ<>ú2–Ht?y\vËÈŒ<C388>ð`K!®7Yàï7Ôü
|
@ -1,9 +1,9 @@
|
||||
age-encryption.org/v1
|
||||
-> ssh-ed25519 6AT2/g 98/m3t8axoVBE6WzdxBtRhV2uSQKSCXwQjyxfWXPmQk
|
||||
AxV0FTvqbWfk/gf65d05PcotbEnYr4PgDQnsaYxP/MU
|
||||
-> ssh-ed25519 w3nu8g jys7B4COD4iINANeSCD3BqGFoghxTmsbuXoOOIiP+wQ
|
||||
b7eSN5fe4szfliINOr7ZQ7AoSsIK5akmIQ6uLDabcIE
|
||||
-> ssh-ed25519 dMQYog ToNUqTPYmxpz9OUcC94egELcPfHQHCErfHN6l9kSrRY
|
||||
2KoSVoWp+FH29YfH57ri2KOvhkuqYew1+PXm99e0BaI
|
||||
--- Cjk3E/MjgCF45aLlFeyoGiaUEZk/QuKtsvPb6GpzD8Q
|
||||
m°å>‹“~czÆê匦†``ÜÏqX«š'ÁÎ%ôwÔž~×ÄL·eä'a±]û‹0ò´LÉÀ‰%ÍY‚TÊÓc9f¡W¶Ã^¤9ÊõÙÝ2®™æ¶ÆBÌa ƒ™
|
||||
-> ssh-ed25519 6AT2/g kXgY0gJW/LpFYNukKCxa/Dhht4hxmoht+CIENXngW3U
|
||||
OFTjvs35H2HLGENEChI9fEowlvp6W7hTWFNRZ1PziW0
|
||||
-> ssh-ed25519 w3nu8g jWZ0COxc+hFs7bVNTKcWa7oBmLqPmlqktpZ0gpwIUEo
|
||||
xf4aKirzqHUWppJghPwyCj6SzPntH5gxcP3ch659RIU
|
||||
-> ssh-ed25519 evqvfg KR2lx8vs0Eseh37tLtcfDDXE2BoyxCr91vqlnpJraA4
|
||||
5HiO7QB7sAC0YlDgkq4gOH0Pp83et9+0UPS8+BA+juk
|
||||
--- vt6f6yWyfunZS7pihgt97hFccp0hqlkOeLWdfsq5SAo
|
||||
Z+äœm8¬¸vÕ[ïg_K×s™¼8·1hÙÅ1šüžü¤ã´»=@.„2À=ºÛ2?—<>µ¤8\‹›f§3oy÷ga8¾(.•²?¶8m–¹t‹ã<E280B9>,½]«ú
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
@ -1,11 +1,12 @@
|
||||
age-encryption.org/v1
|
||||
-> ssh-ed25519 6AT2/g MGKlbzVOk5+czgAOerwl+eIyOifXJm/q4UgQUXVpx1c
|
||||
43l6s4+5TSMQyO9tAg7v9Y5OdXOjKYz56lbr9Jm2r+o
|
||||
-> ssh-ed25519 hPp1nw aOxni4sFPPgedUkBOuOyEWfFPJrhdTJnivIaWt5RJxM
|
||||
KNaxijzSMp7EjYKwWiAP66nPYYZK3/VXL8u+3uJt6bg
|
||||
-> ssh-ed25519 w3nu8g qTAzEzQbFze35AtbvkYREw3wa7ApDN5u7RSZUXrEpms
|
||||
Dy0uGF458A9RJMvDl2XKOkEABbbRgT+eIgvb6ZOEQqg
|
||||
-> ssh-ed25519 dMQYog 5DfYuGeWuN0/CO6WWbFIi7LaKl23FXYVdPROM+TFpCA
|
||||
PDBdDn+YUMKYNKFkCEfXesmkB/XUxZRK3ddQt0kqQ7g
|
||||
--- JOeG87EVD+QBx6n+rMoPTOni0PyoG7xx4a2USNiapYI
|
||||
Zsý{ÅiÁ_QÂ\+ô@@Üò߸ù&_š5$¿Gt2¢rF“y×ÄQ§Iaž7ôÙÉzàgf%O(µÙ,VéÂ}ÿn|û'J¸2ø¨óQÑB
|
||||
-> ssh-ed25519 6AT2/g nn9O3nzI2M9+vKJ3qoKL3xs29iYp2n01xTrmtdbzs1k
|
||||
atqBqI77ADuCnV04skh/2KCco5Pgwlz0vSnruiI0dzU
|
||||
-> ssh-ed25519 hPp1nw tBTDeKMPoCpuoQNdnHdggQdpeYYRXhtJZqCA+o5CPkg
|
||||
q5BYRcZYY8oGot4F5fhx6hZfVpClvOTycQ6kMTXykqk
|
||||
-> ssh-ed25519 w3nu8g C80+Mp8qRkpSfJBCH3XduSv/oT2bJ6TqVxkyh1NfRFo
|
||||
9EEh97C2uFzP3a8DB+4YEgjqJyoa97rRT9tXEFGbMFE
|
||||
-> ssh-ed25519 evqvfg qByh1A/4ylqHIuvvMqHl0lGBxwWIlwz+pGDdox6zJXE
|
||||
Ubym3YKOcekSR+O6dLD+322Kgk3152WDW+Tsu32MYY8
|
||||
--- 4QA63y/d1AXP95G6MHZLJlVyB8LSPVO886QcT2j2tVo
|
||||
~H«;ùœe¹g<C2B9>7Á7+e|µ!ÿk0à€e•hšì?³k^m¯kDPõ}Ê\<iißv[ÆzOÚ÷sýSe¾ƒŸëTØ>Ë£¨+ŒÙ ü®¯ÏÁáš5[Âíåä
|
||||
Éÿ§7ˆ
|
9
secrets/radarr-api-key.age
Normal file
9
secrets/radarr-api-key.age
Normal file
@ -0,0 +1,9 @@
|
||||
age-encryption.org/v1
|
||||
-> ssh-ed25519 hPp1nw Uhd03cBQ85Yw4FjsXkBDfrcAsTBVVOFVFrnU7sPbTXY
|
||||
/5XIXty9cNwNPV/MXdjoOttmKMXt6PB0/7OMSl7scZ0
|
||||
-> ssh-ed25519 w3nu8g CzC59hO2YLD+Bbzvi62KXvFlyPXrx/OD8hVeQH3hfFU
|
||||
V7OtV9QjRYNg2+kMk1K4V9RWb8AsgkQ4OlIRs7hwYyo
|
||||
-> ssh-ed25519 evqvfg XTSo+9xdmL57Mkc7NNw3Xy1kJrE0Sc+81h+OEHfiCVc
|
||||
PguEYlZkPMMiMaEpK+gamgl7V9/gaEUpUuV8O8tIUVs
|
||||
--- 81iRaeiLWHHzFBoWSa6JFdp9mkKZ1TT9mdRXZaQ4N0M
|
||||
‹»J
:“ÅŠ¶R9RrT“P Ї<C5A0>N™ùÊÃâi%¦ŒÛº/”L{…½©ª‡1§^ÿÚìO©ÁÓÒW:<3A>ËÒ<C38B>Ÿo4
|
@ -1,23 +1,22 @@
|
||||
age-encryption.org/v1
|
||||
-> ssh-ed25519 N7drjg Njjfv0Etdr9U27s+wznqw5YmnKcj3lISQ2vudDPj7F0
|
||||
bw3SSPfReGSmJ5tQPv+niYn7USyZZffxvgs3J5VxiWw
|
||||
-> ssh-ed25519 yHDAQw DVlCM84Q1P087cmlS+NzH/i2noLprEbfqSpvFS3Pzig
|
||||
PooFRhm8ofoTAT1UxJ3Y+0RMqK3CriwqpGrrKGfFYTs
|
||||
-> ssh-ed25519 jQaHAA rfoKG06gXsXPVfNql5Kk5OBebaXsRd4vCirzPB2y0jk
|
||||
T0xv0iiWSi+FscI/OX6sT137VuiWpAS+P9XsMBT9K7Q
|
||||
-> ssh-ed25519 w3nu8g 869dCSpsCphoOPZ0z6rzbI5QKieIA4M9tAyVP40P2hY
|
||||
N705ablrfdQWK2aEOFCkmdEQQmwJVcqVXOkhYIp1Z3o
|
||||
-> ssh-ed25519 dMQYog ry0Qkn4YSLctLRzp1fZQ6EnbeGvv3Gge2UOsYBwbk2A
|
||||
LO1eyrU0rQJdAjZKCBr+WH2EP/juXcS7Iwrl8tZIMOM
|
||||
-> ssh-ed25519 WBT1Hw NbtlJrLEcf4yO/akQyE7b9TdyM2e6m8Aj9/MzV7SliY
|
||||
JBWsIu/Aycys+uUxC2xSTE2gC0YUpC7Jkkxa0E0TfRI
|
||||
-> ssh-ed25519 6AT2/g kvri9lMh7mXuJTFh15sRPhkz8+75i2YYcdZL12cLPnI
|
||||
hsJETu9Xhbfhzzf6Z3YIKFLGN+Eczgn8EqEBPQl7a1s
|
||||
-> ssh-ed25519 hPp1nw sJtNVroSF/uQNwvnbLE8vXw+1e4LMu3Gurm+KM+0IwE
|
||||
wlYZUEnr1Q3TlxUAUrKAMdVWUbVWy+3+q2fw+ssIoFs
|
||||
-> ssh-ed25519 w3nu8g gA7oDI/02jl+TjMjSUHZqevmHb6gSinWF4KtjDJgFF0
|
||||
KDgSWaZi99/PkKT8g5bTVHvu8EVcPBlF79APxeorABM
|
||||
-> ssh-ed25519 dMQYog PDdSuky8g5OoqyF4K5N6SSa3ln6O8vlvL4viGqJ8mUc
|
||||
LWanrtAIfekuzhr+AGR8e34CD41vPI0BA8YA8YkcyBA
|
||||
--- LENK2A8P2SxCmpQSI3QNCNz2RDhGwCqLQGybmD73ka8
|
||||
Ö{¹˜ô'Þú”|ãêã«ÅµÔjã.ùÄnG=ñY‰gï•‹c$T¬
èÙq9fuHWOz}Lšßå“g<E2809C>öà?wö;¥ü1€|pRá—B)Ç}ú[[éL^bS
|
||||
-> ssh-ed25519 N7drjg h72jFNLd4ZN5yXXUi1Xue729YQvbThfceBU/R1JiCG4
|
||||
F6xaYW7iV+jipI9pe8NMNC+yzkajkmqP73qnhFS14Wc
|
||||
-> ssh-ed25519 jQaHAA EXEQ0bA8ThyKJp4VNHNB/umpNjn95/fxF9qkB/QZh0g
|
||||
ZgRc7ts3pdYCtp61XCvDvhHpHfzk2HFJiGtnon0RkkY
|
||||
-> ssh-ed25519 w3nu8g 55b2qTh8v2dK6qFEgbMLiVxydRTWnMmjB5eWdZb3mGQ
|
||||
uD8vs1yZLo/N44tIufP3U0j7otoINC4di0w7/a6OW8I
|
||||
-> ssh-ed25519 evqvfg Ad0vjBYZYIYxYmWrultbybzIcHOEfIIL5VlqHeyFPGM
|
||||
z1AbX6Htc0hPs7fW8/Cvkfg4Y9qnblpZwRchfGQQVL8
|
||||
-> ssh-ed25519 WBT1Hw sgwJnWYXwYcAHLmis6LBIwItj5TQUVyV/Jd3NPkWTx4
|
||||
ctNVx7Xt+87XPV5WhYKjhEv3sXje+U6I/z86jRg4P2s
|
||||
-> ssh-ed25519 6AT2/g uoBlZvOrDV/FqwmPZQmfMzB3P5+DEh7SUJKv8zHBdi0
|
||||
xTQzs5CrIREQY2ZinXxZLHfztuVJGsmaqi84TrLzQYA
|
||||
-> ssh-ed25519 hPp1nw uFdt4FE8a1jrHsWuDLs75z0wty8aY6Af+YddkEnGI0I
|
||||
1j9iSxYdBg0w6Nto3LKEhvCmGWr/5G6q1XvEmwA/l10
|
||||
-> ssh-ed25519 w3nu8g TvyzrbvTGPjmDZpdwQ8em28uGKmeJt4quEzXXq+rN1g
|
||||
rIg9JEkJyuZfQh2FLKzII0f0AUMFcohsmSNdE32nCuQ
|
||||
-> ssh-ed25519 evqvfg c13RC6NMmyisYeQ1+znITs9USfwH44fDbzAe4TU/Ryo
|
||||
72WBsNn7sQb3Gc6MP8Obyc3p8xTQqTwTcqNQxAAvNFo
|
||||
--- zZkMOe3zuxaJswYkKepDQpA8bLMt53zMRx3lkJiSvew
|
||||
ê<=CÛM2Zª,tÀáI‹p Y ÉÌz<C38C>oâQ»«ìS#ÿ'#ì:„Ƕ“`›ƒn9–5<E28093>§zŸ¢¡–Å–‘?XF6á<>»Ël1Æ+ãqê5PjÜä
|
||||
Döû=~IÚ
|
@ -1,9 +1,11 @@
|
||||
age-encryption.org/v1
|
||||
-> ssh-ed25519 6AT2/g bnExFj2dEhR0Jbf5Zs/4MqxIdPjeb1Dc7duQUHKfylw
|
||||
SV+oJGt24n7CAi4+N9CGZ+SlEgcuAlbLymmmLKffg88
|
||||
-> ssh-ed25519 w3nu8g UO35HobolhH4PRxhGQNxziel7pRhf3VOoGeRbMKH2Fc
|
||||
uphjyV1UmrUxrqMqL6tc3UeFdTILKiVOPVM9uJlUsIU
|
||||
-> ssh-ed25519 dMQYog v27Ibyt+wTVR/zh5ZH1xyPbgCsrqGug24eVOJ+KdY3E
|
||||
I5n+fUhGiHcg0vHTilTszjvFinqCY0ZLcwumiXXwzXE
|
||||
--- jo6rKqQQTeJQusZM69EsvJFPCIHRTeN4OL1kwzapaJY
|
||||
m¸¡üi=féKúöœ“³·Û ¾¢¬î“9²Íq™²nTôyΤ@23p–‰ˆfêwˆ0 t1ºÎ•<<3C>‹ÅE%Á¢ëFIø‹½>#C
|
||||
-> ssh-ed25519 6AT2/g HGqc2dbbCJNR5JR8mNfM8VRSBAWGzvBR0IdQVTM3jys
|
||||
speCXu0Q79q8DXVpxYKacTh3zq0/6KXdWc1yvMJCrwA
|
||||
-> ssh-ed25519 w3nu8g /ArJSkSyJ0+/GGUln+PULXLu2v9IFatasIZ4d97ClnQ
|
||||
tsoXfqg2mC+3YVPHVvkrqXCN6CEpOGDBrS8vzBLkrXA
|
||||
-> ssh-ed25519 evqvfg qJ+4dEvSS8E9tI3q0iXJAnqEZqEE6s2Hn4BAgkjWaEg
|
||||
1s0rlm960TEiIefYqdqwMgff1A2WTavuq0e3GNrxFi0
|
||||
--- KbFFpe+ZN1XxXV6biHn9Vm1jw1ZaN0/wAW9/GmrQdJ8
|
||||
i
|
||||
2w°„ÙÈx¦»$ÝÉ©;8su¢è€\G˜Ñ£¼SÑ'†.Ü*&¸ýQ^¸&$B/V¥8±Ëï?ѨÐÖ´¼Ö Åx§
|
||||
;*¡)HCË
|
Binary file not shown.
Binary file not shown.
@ -31,6 +31,7 @@ with roles;
|
||||
|
||||
# cloud
|
||||
"nextcloud-pw.age".publicKeys = nextcloud;
|
||||
"whiteboard-server-jwt-secret.age".publicKeys = nextcloud;
|
||||
"smb-secrets.age".publicKeys = personal ++ media-center;
|
||||
"oauth2-proxy-env.age".publicKeys = server;
|
||||
|
||||
@ -60,4 +61,8 @@ with roles;
|
||||
|
||||
# zigbee2mqtt secrets
|
||||
"zigbee2mqtt.yaml.age".publicKeys = zigbee;
|
||||
|
||||
# Sonarr and Radarr secrets
|
||||
"radarr-api-key.age".publicKeys = media-server;
|
||||
"sonarr-api-key.age".publicKeys = media-server;
|
||||
}
|
||||
|
@ -1,19 +1,17 @@
|
||||
age-encryption.org/v1
|
||||
-> ssh-ed25519 N7drjg x2s9QZ7Ijvg4t2peGng9/zX1ZmnGggsvWHJFHEktCgw
|
||||
o64an6DJ6Be8Jlhzn9ciQTByRAK5f2ckankCRH3y+Uw
|
||||
-> ssh-ed25519 yHDAQw HYHo6anhKDnD74ab04Ql4RB8+WBA6EavYASX7532NCE
|
||||
aTp2V9g18yzUTq1ezqETj6jM2Yb1Bt5+JNkrIDT2Djs
|
||||
-> ssh-ed25519 jQaHAA xGKcIQOkO/i4E2ZWZ+O4sAp7ADqCRqfRQHhKQu6yWh4
|
||||
RJnqK/t0YQrIej8fRDJGjOtQD7VvgJRfCUWR0/UYcSY
|
||||
-> ssh-ed25519 w3nu8g P9DQy19TvDCi3nfOhFj73bNZEtUs1BrLubt5/BtLoU4
|
||||
Sx41bk41dQYa3eoBayUMRIHqMWaRiwXm8BqErDBSbDw
|
||||
-> ssh-ed25519 dMQYog OWU92PMFo9tGtlkK9zlmMFhh81TGkYlcX1PrxZl35yc
|
||||
owDk8wWXETS+iybhTMDmQH+eBuzZRDJIlVGCwu4LqTI
|
||||
-> ssh-ed25519 jQaHAA MzA8dSYZ/Ysp4ogKEEu84mal8779RgkT4Gy6rBEw+kM
|
||||
m75x/b83aP5G1vg7EXlcLizcm16fEAUAD+VNcdTMnnQ
|
||||
-> ssh-ed25519 w3nu8g AAA3Me3KJgLvtQvyxLvlQ7pCnv7w73ja6Z2+3A82eGs
|
||||
+yCW7qCdjk0fiQJmH8poMoc7APKyX/PY7zZyAG1O+Yg
|
||||
-> ssh-ed25519 dMQYog Dd8e6srT+EIl2PH0RP1bQVsDx+HCQjhFndx5TFyhfx8
|
||||
j7Met77pWZzK9cMTt29gWB+d9YFVH5T9qs+ulHS3kAo
|
||||
--- MgOK/g5hOVkGuUNDBSgVeGc9+ndjxLEA7nKSfLJMr4s
|
||||
~Ÿ‹¬&”™)<29>ŠG®Ÿ¨‡'UÐÞzc¾uFGì(<ò¯ùçV"ƒÕ3þH0x0$•<>w$YvO3 "Ï×ðV~ÀЏHÁ~XÛ]GœÆqµ®ã÷œ¢y'ãÓ*–Dê±ÏúœÕk#\ðAï<41>5ë{«Fe\~
|
||||
-> ssh-ed25519 N7drjg EazSO4KSpDf7Xi3pTNdhm800ZA5EIIhMbwYp+L42yD0
|
||||
FDktPGF+bWrlPuwD8QNId3tUxt3kPO5JZ9GQ1B4vtPQ
|
||||
-> ssh-ed25519 jQaHAA 2UJ/6JUgZBaiVVj6Y43dIvebrozJW4kuR5xfWIWSVSA
|
||||
nhZ/CMdHMIN/GjFV/WMmNvRkPYcmgtjihFtNwASS/4E
|
||||
-> ssh-ed25519 w3nu8g fLbN1n9ncJz5xW4BnmOfOMI5tdODrZGwhOczWz81NDc
|
||||
MP1Z2q1KMmvh76opIwG9ZepFiLRJBnfnGKAGSLvb38k
|
||||
-> ssh-ed25519 evqvfg ZgT1jg/k43AdfVIny9i3PxD0FRG3CWHEKJwL/r/VX28
|
||||
Qme90RlNTtlDZcCbbxmJQ1BHphkYC1fLA7MKWTn+jEA
|
||||
-> ssh-ed25519 jQaHAA C5hiPm6jr4TZa+Hl+ruODqSvl9PAx7bvhAMPiNjCe00
|
||||
2trojxFes701L8D1XvWPQBCWJB6rwgppPcGK3jDhCBY
|
||||
-> ssh-ed25519 w3nu8g IuWEPi/Tacoc2Oyey92eJQun4r0RGjY6GAd8oHTQ4Xk
|
||||
u6iVh1p2x/ACIHQO9mcVuR3Xmq2ln/F97vlYjWphvMQ
|
||||
-> ssh-ed25519 evqvfg q1Xp4IxCTofR+RDdi1Hoy+8NOO45u1U9/m/t6eBDUhs
|
||||
WkQKg8LGQoIPuICvj7KcvgF4RMyG15txHG4uFg3v7X0
|
||||
--- 4WXmmAwvor5BDjArHN3T37/zxKOO3c8jtMaxGigAcMA
|
||||
øÐ¶[îîj‹¿Ž U.wÁó@<40>ŸBHr7Seª/‰»x©í1;ÝÂSUÔ(¤8µ¥¸{Ì=µ¦N²Ý±’<C2B1>ø;_]ªÝVY2D‹¸";úµã×Câ•ùûì7‚§-.’¡üœ‚VÀr±
>*2T
|
10
secrets/sonarr-api-key.age
Normal file
10
secrets/sonarr-api-key.age
Normal file
@ -0,0 +1,10 @@
|
||||
age-encryption.org/v1
|
||||
-> ssh-ed25519 hPp1nw F3GP7ySGf2wVUdTr1K6iChf0DczmaMnJjDWNl4sIVws
|
||||
NgfyXX4F14kyrgzuMfExb3D4pY31tzFjGkq2UmC3JMM
|
||||
-> ssh-ed25519 w3nu8g tnpGVKL1bYFJOhbbOa+TyEOhaXTVUk9D7HtSUWoM+WA
|
||||
cM8Jm2uKXkt31UFFdSWq3pClQhJZXUksEBMq1/xu7GE
|
||||
-> ssh-ed25519 evqvfg A3Ght96pdzoWpNpX/jmoBOz+uQUaoF3C2yw+VCOe22c
|
||||
btao6WVQSwHv07hnkbpv44Pc7r3Essyoz3Spst+pDMQ
|
||||
--- J1ZZ/XeiLUpkfOl6xOckks4FxqdzPZJyglYhZf4Sa48
|
||||
¡°è5 ó#”I¸m\í˜Eñ"žH,s<>»{l¼'!—®¢Ë‰zú¿ƒ?ZÁ@·õ-áX´>PÁG
|
||||
)+S½
|
9
secrets/whiteboard-server-jwt-secret.age
Normal file
9
secrets/whiteboard-server-jwt-secret.age
Normal file
@ -0,0 +1,9 @@
|
||||
age-encryption.org/v1
|
||||
-> ssh-ed25519 6AT2/g CHRtUTrQxclfOFf+1fpKy61dpivMYz9MiLH3tdqy6VA
|
||||
7tmx3CPNY6T2nAD8I4bGWAN7y1OPBpWjOhmmCFqldJI
|
||||
-> ssh-ed25519 w3nu8g UqOMk3O+JfnzlQhymSj1u+9U8xLS93sOVVbd+JhXGBQ
|
||||
qwYjekirvVTjEwwh0Irdy0hMHAlWkUdD5wu5Xi5GL9U
|
||||
-> ssh-ed25519 evqvfg Dhz+YpGX+IQNV6UgJq66mogX9UPY5U80YHCwgIsRIlA
|
||||
BcX/9c0sUQOnfUqGY9W9IRhLM88pLNgh6/nf69AibB4
|
||||
--- 3trZiV0MSyVswrmMNZuj4PBd3XgUUk8+4NpcJZDXW+Y
|
||||
¾ÛŸ±ûA„ù¯Hã^•ó %‡…’ôÔFàÂö4Ö<>\?H£Ü9_Ôd(ñOcl‡U [2Éí•ýtßOëm¯Mÿ¾eà¬ú+—ûØ»2&‚óSxÎŽ
|
Binary file not shown.
@ -1,8 +1,9 @@
|
||||
age-encryption.org/v1
|
||||
-> ssh-ed25519 hPp1nw TSDuPaFp/Qcz4r819X4QmU/4J2TGpoX7jCCJCdFDog0
|
||||
SwQUqEp45xMOeTkvBG6uX28kB8YWG66laYqakSgl9w4
|
||||
-> ssh-ed25519 w3nu8g tLZDNE0iBgOpUB3djpNu3CgimsRc0zcds+AgctzxyQ4
|
||||
Oyz6XORsApM4vFxWyaD3bR/ApIUFPY3q4yGvtbosUIY
|
||||
--- vuXlQmuOFbJhBTACN5ciH2GlOCbRCMPZdlogG2O+KOk
|
||||
Áëÿ!}UIì p0@Xž|°þ#晆0HÙõò#BÇRR<52>Ù
|
||||
òùø5¾Iÿ?vX?pÝ<70>—<>fqÍ[lž¸˜xÏG7ü;UäÀOUä¶
|
||||
-> ssh-ed25519 hPp1nw WkcqGYW9EwuqwdPa22bZ2yyxxSUlfZ1Y+NggCyFR/Qc
|
||||
Nccy64qgRnPj+6pDRPEvHCo4TRszDL5x8NUoljvAeZ0
|
||||
-> ssh-ed25519 w3nu8g gr+GjbS4lanuXX6QRpzMl/3cuLInJ+djyoSnN/tH5xM
|
||||
md07riIXJ2eH43nL8SJFU+dThXu3kUePO/ZaV9iuS4k
|
||||
-> ssh-ed25519 evqvfg rP45WmM5H7O8dFoOQHPeVDY0JqiIDYgJsPyQjh4jC1w
|
||||
R7VH7PhaSCRW5bUAgC0Rlic6FV0IAiqKWFA8ah4/3Q0
|
||||
--- tyRX1o1ewWqSvvaHYQjzare0j6oW6VT1tdnqTN4Or34
|
||||
"T÷¶áÁÀŠ„Z»S㵈ձ7ƒÜëW—v¡¨[Êi ˜¹CÌÓÜ»Öä<@°yuƒlÊǽ’Rsò<73><C3B2>ƒ¸äÍí“´¬y¬`«{ò_Í
|
Loading…
x
Reference in New Issue
Block a user