diff --git a/flake.lock b/flake.lock index acf6c48..adff398 100644 --- a/flake.lock +++ b/flake.lock @@ -8,17 +8,14 @@ ], "nixpkgs": [ "nixpkgs" - ], - "systems": [ - "systems" ] }, "locked": { - "lastModified": 1703433843, - "narHash": "sha256-nmtA4KqFboWxxoOAA6Y1okHbZh+HsXaMPFkYHsoDRDw=", + "lastModified": 1701216516, + "narHash": "sha256-jKSeJn+7hZ1dZdiH1L+NWUGT2i/BGomKAJ54B9kT06Q=", "owner": "ryantm", "repo": "agenix", - "rev": "417caa847f9383e111d1397039c9d4337d024bf0", + "rev": "13ac9ac6d68b9a0896e3d43a082947233189e247", "type": "github" }, "original": { @@ -36,11 +33,11 @@ ] }, "locked": { - "lastModified": 1700795494, - "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", + "lastModified": 1673295039, + "narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", + "rev": "87b9d090ad39b25b2400029c64825fc2a8868943", "type": "github" }, "original": { @@ -53,11 +50,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "lastModified": 1673956053, + "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", "owner": "edolstra", "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", "type": "github" }, "original": { @@ -73,11 +70,11 @@ ] }, "locked": { - "lastModified": 1704982712, - "narHash": "sha256-2Ptt+9h8dczgle2Oo6z5ni5rt/uLMG47UFTR1ry/wgg=", + "lastModified": 1701473968, + "narHash": "sha256-YcVE5emp1qQ8ieHUnxt1wCZCC3ZfAS+SRRWZ2TMda7E=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "07f6395285469419cf9d078f59b5b49993198c00", + "rev": "34fed993f1674c8d06d58b37ce1e0fe5eebcb9f5", "type": "github" }, "original": { @@ -89,16 +86,14 @@ }, "futils": { "inputs": { - "systems": [ - "systems" - ] + "systems": "systems" }, "locked": { - "lastModified": 1705309234, - "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", + "lastModified": 1701680307, + "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", "owner": "numtide", "repo": "flake-utils", - "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", + "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", "type": "github" }, "original": { @@ -116,11 +111,11 @@ ] }, "locked": { - "lastModified": 1703887061, - "narHash": "sha256-gGPa9qWNc6eCXT/+Z5/zMkyYOuRZqeFZBDbopNZQkuY=", + "lastModified": 1660459072, + "narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=", "owner": "hercules-ci", "repo": "gitignore.nix", - "rev": "43e1aa1308018f37118e34d3a9cb4f5e75dc11d5", + "rev": "a20de23b925fd8264fd7fad6454652e142fd7f73", "type": "github" }, "original": { @@ -136,11 +131,11 @@ ] }, "locked": { - "lastModified": 1705879479, - "narHash": "sha256-ZIohbyly1KOe+8I3gdyNKgVN/oifKdmeI0DzMfytbtg=", + "lastModified": 1702538064, + "narHash": "sha256-At5GwJPu2tzvS9dllhBoZmqK6lkkh/sOp2YefWRlaL8=", "owner": "nix-community", "repo": "home-manager", - "rev": "2d47379ad591bcb14ca95a90b6964b8305f6c913", + "rev": "0e2e443ff24f9d75925e91b89d1da44b863734af", "type": "github" }, "original": { @@ -152,11 +147,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1705856552, - "narHash": "sha256-JXfnuEf5Yd6bhMs/uvM67/joxYKoysyE3M2k6T3eWbg=", + "lastModified": 1702312524, + "narHash": "sha256-gkZJRDBUCpTPBvQk25G0B7vfbpEYM5s5OZqghkjZsnE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "612f97239e2cc474c13c9dafa0df378058c5ad8d", + "rev": "a9bf124c46ef298113270b1f84a164865987a91c", "type": "github" }, "original": { @@ -168,11 +163,11 @@ }, "nur": { "locked": { - "lastModified": 1705927265, - "narHash": "sha256-eUUIBb3qYMrQB0ONGEj2kzKN8yzqwDmR4+Ct5/dvJcs=", + "lastModified": 1702558663, + "narHash": "sha256-MHq/DdwsBwsTRqwFg1JuFtcoGArgvaH/XwbxgWQ4Zn0=", "owner": "nix-community", "repo": "NUR", - "rev": "a29c6f71063d0ce903e927fa7885651c00abd33b", + "rev": "b839a2bae27c0c14dd99dcc1f6d18f83b0af59bd", "type": "github" }, "original": { @@ -197,11 +192,11 @@ ] }, "locked": { - "lastModified": 1705757126, - "narHash": "sha256-Eksr+n4Q8EYZKAN0Scef5JK4H6FcHc+TKNHb95CWm+c=", + "lastModified": 1702456155, + "narHash": "sha256-I2XhXGAecdGlqi6hPWYT83AQtMgL+aa3ulA85RAEgOk=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "f56597d53fd174f796b5a7d3ee0b494f9e2285cc", + "rev": "007a45d064c1c32d04e1b8a0de5ef00984c419bc", "type": "github" }, "original": { @@ -219,8 +214,7 @@ "home-manager": "home-manager", "nixpkgs": "nixpkgs", "nur": "nur", - "pre-commit-hooks": "pre-commit-hooks", - "systems": "systems" + "pre-commit-hooks": "pre-commit-hooks" } }, "systems": { @@ -234,7 +228,6 @@ }, "original": { "owner": "nix-systems", - "ref": "main", "repo": "default", "type": "github" } diff --git a/flake.nix b/flake.nix index 9c29183..8e46ea3 100644 --- a/flake.nix +++ b/flake.nix @@ -9,7 +9,6 @@ inputs = { home-manager.follows = "home-manager"; nixpkgs.follows = "nixpkgs"; - systems.follows = "systems"; }; }; @@ -28,9 +27,6 @@ owner = "numtide"; repo = "flake-utils"; ref = "main"; - inputs = { - systems.follows = "systems"; - }; }; home-manager = { @@ -68,13 +64,6 @@ nixpkgs-stable.follows = "nixpkgs"; }; }; - - systems = { - type = "github"; - owner = "nix-systems"; - repo = "default"; - ref = "main"; - }; }; # Can't eta-reduce a flake outputs... diff --git a/hosts/homes/ambroisie@bazin/default.nix b/hosts/homes/ambroisie@bazin/default.nix index a969d8a..4490c51 100644 --- a/hosts/homes/ambroisie@bazin/default.nix +++ b/hosts/homes/ambroisie@bazin/default.nix @@ -1,4 +1,4 @@ -# Google Laptop configuration +# Google Cloudtop configuration { lib, pkgs, ... }: { services.gpg-agent.enable = lib.mkForce false; diff --git a/hosts/nixos/aramis/home.nix b/hosts/nixos/aramis/home.nix index dfe9dbe..66a0892 100644 --- a/hosts/nixos/aramis/home.nix +++ b/hosts/nixos/aramis/home.nix @@ -2,7 +2,7 @@ { my.home = { # Use graphical pinentry - bitwarden.pinentry = "qt"; + bitwarden.pinentry = "gtk2"; # Ebook library calibre.enable = true; # Some amount of social life @@ -14,7 +14,7 @@ # Blue light filter gammastep.enable = true; # Use a small popup to enter passwords - gpg.pinentry = "qt"; + gpg.pinentry = "gtk2"; # Machine specific packages packages.additionalPackages = with pkgs; [ element-desktop # Matrix client diff --git a/hosts/nixos/porthos/secrets/acme/dns-key.age b/hosts/nixos/porthos/secrets/acme/dns-key.age index fce2a84..97d397c 100644 --- a/hosts/nixos/porthos/secrets/acme/dns-key.age +++ b/hosts/nixos/porthos/secrets/acme/dns-key.age @@ -1,8 +1,10 @@ age-encryption.org/v1 --> ssh-ed25519 cKojmg bQFr9oAnbo1rI/MpUV8wQz/Xj7iZY4ZU+Swf0nSIQFw -zama2XJ0gdvUlD2GHMhmZqHSxHe+dKSfXnHoWDcSw7Y --> ssh-ed25519 jPowng gitUwSKTNKWLSxnwa185O7x/u0ul93g8wPESdZaKRk8 -uvBIfAUkZp5sg6rfeEGvL5ZDV8m2uSEotW02kjPN3Hw ---- SZxe5f/CUZBvPQa2Sz/UBY3L68rMkIGGRuZPk7YE+Vg -r&{~v?}= -}+ SQM[]k MAtmM/Ls|ޅmCiYC}x \ No newline at end of file +-> ssh-ed25519 cKojmg 0bz3W8QcGaulxy+kDmM717jTthQpFOCwV9HkenFJEyo +NKeh1/JkX4WAWbOjUeKLMbsyCevnDf3a70FfYUav26c +-> ssh-ed25519 jPowng Q59ybJMMteOSB6hZ5m6UPP0N2p8jrDSu5vBYwPgGcRw +j420on2jSsfMsv4MDtiOTMIFjaXV7sIsrS+g4iab+68 +-> z}.q-grease s2W ssh-ed25519 cKojmg O3DMSSPQP9/ehXmzs0xcCGllu7VSzhd6b4Pii8t2vWQ -Ys1nMv2384elWWGW9C8HabvwUeWu52VsQpxx9L/4/dM --> ssh-ed25519 jPowng ft/9SX5fpG7+7gHMubaFtb+50/gfNgmaofOVq5UjRUE -xMwdFjFdkH0Li+PikaFt0WAZbFUu5daHgkfN8aQQumo ---- 7DVINvXIXdE1MRwIkeajonYsy1cp4HugCxfTeub5SXU -<<{V?fk/I"/5K"(i \ No newline at end of file +-> ssh-ed25519 cKojmg dgS4bezgtDi44R1A8am+J6zh80kUVYTo1heaxJCtzX4 +F3w/62xwtqYa40NU7OvF9pnZzYz/5hACAGJfMA4e2zw +-> ssh-ed25519 jPowng lx81CK3yeNp9RjHCUFJeKYZlRzxBmXuADVBvRc13zCI +P7e75t8xU+ZkYmeQ8mmMfyZZsRdG1J8yrvSUkiWzkFQ +-> *z4/`-grease S/)a{e sFd";= +--- 15FVhqRTkoPFEeETRRyFQhsv4Fn19Ozlax0u8Zy9mNA +#+vS4}R%ίF4fnDJZA,_ \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/drone/gitea.age b/hosts/nixos/porthos/secrets/drone/gitea.age index 6b68503..90ff83b 100644 Binary files a/hosts/nixos/porthos/secrets/drone/gitea.age and b/hosts/nixos/porthos/secrets/drone/gitea.age differ diff --git a/hosts/nixos/porthos/secrets/drone/secret.age b/hosts/nixos/porthos/secrets/drone/secret.age index d6e7330..c529200 100644 --- a/hosts/nixos/porthos/secrets/drone/secret.age +++ b/hosts/nixos/porthos/secrets/drone/secret.age @@ -1,7 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 cKojmg 0J8FMcVRf78LYG+dTOFzu3luXwhOjdOg0sx4Jxdccj4 -tdrCcfcYbTZYhL18RG3goiqtyhu3NTn+fJhdIAnU5uA --> ssh-ed25519 jPowng qlF8nkSEg5fZgai0VP5eTSlZOHyj5IcalTf+QNWITVo -O5aiZX0AJD76ixsu6i9xnnFBQANdsu3h6XzdTQ6KtKU ---- ByMQt9bnbzd8YO0Y93FIYF/lmdbYcOydkYdKxpRQujM -+ܢ6JNmq[ Eb1p)vDPL9̀z!߇'Tad5U: [dύRMpzj \ No newline at end of file +-> ssh-ed25519 cKojmg 1+cLlzctgcM0FnVDwMPOAqBkvMcDBRg8SvCw4djI93Y +oV2XI4f1AvM9P591kZZ6NgJXa+SDtqGzCSgc4psOmxM +-> ssh-ed25519 jPowng Ufjfh1p350XxRPg95+/DHdmnl4lC0bbzUUlaxd1Bmxc +/RHwFDSn2ov+60r1uHUigrsn99+GmmKmlk4h4T2gbA0 +-> *Lc$@-grease +pzVJAHy1qRq3jUrnFV0DDO7/hwV1US4Ogf0RsrVfX0xzbr73uJ003YjieVB25LqN +--- ME7/iVevyiguyhXugbkVFGzJV0yDccyKNlWbEZa/FmY +YXjb2und;i0X]0jLPT~^kc$DrufreOո+p&wϨ \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/drone/ssh/private-key.age b/hosts/nixos/porthos/secrets/drone/ssh/private-key.age index 737777d..0211701 100644 Binary files a/hosts/nixos/porthos/secrets/drone/ssh/private-key.age and b/hosts/nixos/porthos/secrets/drone/ssh/private-key.age differ diff --git a/hosts/nixos/porthos/secrets/gitea/mail-password.age b/hosts/nixos/porthos/secrets/gitea/mail-password.age index e2e70ac..915f8e9 100644 --- a/hosts/nixos/porthos/secrets/gitea/mail-password.age +++ b/hosts/nixos/porthos/secrets/gitea/mail-password.age @@ -1,7 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 cKojmg 46BI3ItrXRWMivmd/K8bmkKlrYFSr8cbehAkmwCskig -gTjYquH1hDEZ2zWD5P7gN/ejTCH8JJb8bC/VLZ3koeg --> ssh-ed25519 jPowng 5MqfJlasDbbqlI0dX98NZzHxmYmnnpveyBxa4z48V0o -r7Yiv4+SZiDncD0Xzp5eFSP4f2yjGBOILKxEO1iT3Os ---- l43+JtT28i1YDhNX3hE3Qb7swskOBc5ghDqiyh3rU2s -+)PnWT,.eNW YƱkF4#=)6mȵJ# \ No newline at end of file +-> ssh-ed25519 jPowng BkIjie2KrwDLaZYYIguCs7TPA/wQy+YPguikuhfye0M +7viTA/EGYB/jRKQm6fFd86DMd4j+Jxsaw/xQ1T8ZKNo +-> ssh-ed25519 cKojmg t1Y8bZvPccNAX8vWQLTfCyOJIBXN515vyfFrEI2EVww +bJEjpIWrKeQrA/JfY7FRdB6hpHwR/aG4Vya1ChFNBKs +-> jK/-grease Oz.R ?;)G ], +AuHk9TcC9kl0dg8/L6UfHIk3e9fgGwSTJAJpVgInhok +--- 47z9lol5MtpX0IsO/0ggLDMcNVfl4lNNvoHUSwOU/18 +)gЪeu! - TYAM+GbMe@|A,&E!܆p=P=9P!Q|r \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/lohr/secret.age b/hosts/nixos/porthos/secrets/lohr/secret.age index 1d9c5ba..fa310b4 100644 Binary files a/hosts/nixos/porthos/secrets/lohr/secret.age and b/hosts/nixos/porthos/secrets/lohr/secret.age differ diff --git a/hosts/nixos/porthos/secrets/lohr/ssh-key.age b/hosts/nixos/porthos/secrets/lohr/ssh-key.age index 477a4d1..30a5e25 100644 Binary files a/hosts/nixos/porthos/secrets/lohr/ssh-key.age and b/hosts/nixos/porthos/secrets/lohr/ssh-key.age differ diff --git a/hosts/nixos/porthos/secrets/matrix/mail.age b/hosts/nixos/porthos/secrets/matrix/mail.age index 94ddf8c..1fe3a71 100644 --- a/hosts/nixos/porthos/secrets/matrix/mail.age +++ b/hosts/nixos/porthos/secrets/matrix/mail.age @@ -1,9 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 cKojmg u+5VWUy7eFq4boAIOhuKXZYD4mhczaUAcjz4+coVggA -QlBHHgz7uY3TVgex59yZA0XgsIeHi2WN2S+UleC7bMg --> ssh-ed25519 jPowng IyeI6WUjF8wxe92xD3xY++4ZqXtY8divB39eLWfAtm8 -eGj8w5X2ydS1LJvNSmo56xzRVoUB0iAKKs2NHX968Yc ---- hsYH9lUl3wIErJmBKzlWV+gIR5v6vgPIcNDgd0hiRGc -@lQsȄףD}^{X)nYJhXhg8wӨǂwy(a.0>|PSlO|E鰀BW_)|x4\_F -Zo0=dtsj[0O+R8id8j -g$x òb흭Xg^G$UB*鲡)[tHav7jD.z+[~ 9z`s,_!^Yʯ2HSŏ*@jZ^v~غ@ \ No newline at end of file +-> ssh-ed25519 cKojmg lmu3MinmydRHD0A/YVRRtopermfoBC8M8cTHfVanY1s +ygrtpZZJ7aeQTblNazpoP7DdifmDxHsE3DFJsIrWX5M +-> ssh-ed25519 jPowng X0cihOc+fBtmtrkEivIHQngdYIobezXEF1x+pHqNzAw +/+sw9x1NWY0anZhDMpAywBPrR0F4XCHaF9e8j/Yo/kI +-> 32;%1s-grease +JafjuSZty6a4NSO/y4y5wHWL8Mw +--- dwCl66vdpsL0MR5NWWvg3JUnQ2QZQBeW0Dj0l5tvOKY +oi,`#uwW%Poubڭcy8 ><FqKÂk0k/h5势F+u eb>1Q2wnWb֖Bi^xur- /ll-=7;j0I%FiA;YUd]KI0( Ag^uG:pkJ:qWSaLw!M4L/ZD-XUbvbP0f9 J`XO!s{QAcc;4Mچݹ lxH&{}zZ9ûXܓg]V0gtw \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/matrix/secret.age b/hosts/nixos/porthos/secrets/matrix/secret.age index 2c8852d..539c33e 100644 Binary files a/hosts/nixos/porthos/secrets/matrix/secret.age and b/hosts/nixos/porthos/secrets/matrix/secret.age differ diff --git a/hosts/nixos/porthos/secrets/matrix/sliding-sync-secret.age b/hosts/nixos/porthos/secrets/matrix/sliding-sync-secret.age index e938cfa..d375a35 100644 --- a/hosts/nixos/porthos/secrets/matrix/sliding-sync-secret.age +++ b/hosts/nixos/porthos/secrets/matrix/sliding-sync-secret.age @@ -1,8 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 cKojmg xRtF3XVc7yPicAV/E4U7mn0itvD0h1BWBTjwunuoe2E -OkB9sjGB3ulH4Feuyj3Ed0DBG4+mghW/Qpum9oXL/8c --> ssh-ed25519 jPowng 1r8drqhz1yZdTq0Kvqya+ArU1C2fkN7Gg9LiWWfeUFg -cjbxntVwHvqLaJpiKs/Y8ojeb6e3/cLFcsoeuoobfFg ---- B1qA2PylJBrdZxZtCzlU2kRPvxLM+IrXTvR+ERxVtTY -"W9bg~/b4ՆI -} -NC7vWb?8=wB UpJClOșnO\ \ No newline at end of file +-> ssh-ed25519 cKojmg N182xey8TWRVUWTRP16rT0zlhYZNr/pOZVR7YRnlIkk +HVqAag55z1cKLgjR3WsUj2wvaVjxm169JcDRJGRvCVU +-> ssh-ed25519 jPowng Dc+aaUTxDsMTY+oOst0SC3ldq1e6zX8F5A5uBL5RHhc +JWZou6+VaFc5f2OLRIrmFFWg3Er6WSY+TloXU0mP1K8 +-> |9_9Aqh%-grease $ X8Mn|5 aKnl' fl ssh-ed25519 cKojmg l5lOlGnbvQ4D2kaSj1dd8Xr+btlNbTkT0SxSz02Vr1E -Cjy73yKL1N8LnjRXXLpxX+wIOFCa8wrG44VjXUND1lI --> ssh-ed25519 jPowng nYHfkP9dRkxu4Fqh8MgrbdZAc8gk+VGDyxIV6RsSeEM -rKKi1NDoKMMzQ+kUs5ZX4zMqRBI0QwGY7q6K/L9+dLI ---- Umv3UCtXlApug7uuqmwbQN38i8Lx9/b0uhLgbc3OdZM -BLs?sӓs2y -R0!<f9txB7dڊ^ɇLJ&W ssh-ed25519 cKojmg OdLtFHbHbc28rUn47vgsVvXxFNg9nF+9y9R6XOK390Y +yQQYUPQGjN2+xrSqqBYa7/zS618KrVjX5Amw2MFuSLg +-> ssh-ed25519 jPowng NwUjiLtiXVi6XFmht5l1CxEs3gm0oN4vHYwDZyda7Q4 +di6znVjNRO6QdqteVNkeot5Ko2NwWLe6v+zVR3f+o10 +-> 4Vx%\(-grease ^^Z>EC91 R 2BJ d48Wip*s +yPiBgChRF31XgxccQFLO3MzRL7+5s29sfRoF3W1yUX6Bu59MpxD4D+n/jhLcxSH/ +CxW7KaiOctNmPm5tWh6qjmgQ+V4bcAji5vo4FKs40l56cfyueEJj+Q +--- WUGF28zqK9E1AlOeeCtSHxFg6ikRy85gOoLtBd4m0y0 +.|rr>12Sɞ.hww q%i *U^)'qO2ӜmQ7m` \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/monitoring/secret-key.age b/hosts/nixos/porthos/secrets/monitoring/secret-key.age index 6ea8c54..4cef94f 100644 Binary files a/hosts/nixos/porthos/secrets/monitoring/secret-key.age and b/hosts/nixos/porthos/secrets/monitoring/secret-key.age differ diff --git a/hosts/nixos/porthos/secrets/nextcloud/password.age b/hosts/nixos/porthos/secrets/nextcloud/password.age index 9039eea..9fd3c53 100644 Binary files a/hosts/nixos/porthos/secrets/nextcloud/password.age and b/hosts/nixos/porthos/secrets/nextcloud/password.age differ diff --git a/hosts/nixos/porthos/secrets/nix-cache/cache-key.age b/hosts/nixos/porthos/secrets/nix-cache/cache-key.age index 17732ed..e0fb5be 100644 Binary files a/hosts/nixos/porthos/secrets/nix-cache/cache-key.age and b/hosts/nixos/porthos/secrets/nix-cache/cache-key.age differ diff --git a/hosts/nixos/porthos/secrets/paperless/password.age b/hosts/nixos/porthos/secrets/paperless/password.age index 8d545fd..3fe76cb 100644 --- a/hosts/nixos/porthos/secrets/paperless/password.age +++ b/hosts/nixos/porthos/secrets/paperless/password.age @@ -1,8 +1,10 @@ age-encryption.org/v1 --> ssh-ed25519 cKojmg 1hbRAuAGrTy6nmkAq+UWua8weywphZsTIGF68YQEOlQ -92Q7uIKv1EiO73wMh53jrTuEkzP6ziBmX9SWXCl4d3w --> ssh-ed25519 jPowng aPb9v/S/mLW95Qom+swvasqY878RxpxxOkMJA2wb6nY -qu/dzcqciqKzNc28HqFMHA1XnrJy+/wWgbfM1+BrlkE ---- 8PXOozvZzNZQD2OT4a+0XuIQauzUGSvovdfDugmp+bc -x>禩_C9dT5KzЄqcZɾpใv -) \ No newline at end of file +-> ssh-ed25519 cKojmg zhpo89xef68JoeOFWzhdFshrj2BXXUCFPMLVJzv6EyE +fmJxJi5rmyai9qGwDo7iHg4BrObGre96KCpl+g91O6I +-> ssh-ed25519 jPowng INA6EZdy4J1p3QY5mfVOQXiLdOjIDaZR+CZMP+GfkXM +8Nf5soaxY5SEzeJca5kaJkx7ByOvc4NkJVetB7wpEmo +-> xjK'w-grease +f5v0cvlt4JbHlAwDOob86qOInWdlN/oohTg +--- NTGv4rr+MhJ/YeZhVHOjoS1V+zCHFf2itJYfK36R+wE +חJ d o'YFU@ +r7_N$>]hq-F۰qX?| ? \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/paperless/secret-key.age b/hosts/nixos/porthos/secrets/paperless/secret-key.age index 70cb898..eae5c56 100644 --- a/hosts/nixos/porthos/secrets/paperless/secret-key.age +++ b/hosts/nixos/porthos/secrets/paperless/secret-key.age @@ -1,7 +1,10 @@ age-encryption.org/v1 --> ssh-ed25519 cKojmg r3ZUTfSNcHc1TS2fVtk99Y2xJMMunkwkcR0dQIdiCi4 -LICSnzAaooGy6x4wt0vNM6YtQ4S17QohZNt7lfVrD6Q --> ssh-ed25519 jPowng KLU68ws4lemr0wWHxm8H8pf1SQAoUZTN4QSPzk2PyHk -6pjH1pI956oaf9ZIHPPq8p3g/mZC5GxWhWkT54Wohf0 ---- cAQbniTwwtTftfXU/dGtA69yF/hh8iB97vHxvkIZMMo -c#=^~?5-wNT̡+!z " Z"2M!p5VjΡѡLyŹ nĊ8zQ+ة9WS0u}YÚ \ No newline at end of file +-> ssh-ed25519 cKojmg tZwn2usN6K62oS4vBa6boh9zEp/+cS4chP8boXG6SH4 +Fr3kV8gUDoiDqMxPYWsHyww8umYhQEKhqbVBiVw5NeI +-> ssh-ed25519 jPowng wRbJl4G85obH/GluQBBsXE7MOvooEui65eqHfurvuQs +KqVZMBSyHhkayEdwI6ocmA4qhHY9zYJvg1CEKM1SOa0 +-> 2E"/OFW-grease o Qp3HFe^ +bGhCNicPqt7txqxUiEWXCFs1OuQLqOqHmjHSqYQv919dqYep/xBXzi/aRf3dsdvh +TCJCTvZG31Qxvikp +--- xKJGbdVp+Z5h0vCBleSF2zYYYd2S5i0y4szNqjRwrDY +T /Ni7m4#MhiPޛ-gI%@E(i7Ygk"+㸠(]o@bާ+[Y"BCR[ >-.4db9v \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/podgrab/password.age b/hosts/nixos/porthos/secrets/podgrab/password.age index d50dc28..90e2501 100644 --- a/hosts/nixos/porthos/secrets/podgrab/password.age +++ b/hosts/nixos/porthos/secrets/podgrab/password.age @@ -1,7 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 cKojmg bICZUDqk/C2divEZu2lxUDsrtS1inSbDbS8hxJSJfHc -FsfueyP6WCesAu5EcXIxxtvbb8RX09qNTN9GvuhYuTw --> ssh-ed25519 jPowng Uujsu6c+QTXqCNi6c+zxk5tf0UQcG+Qm/SZF4dzSKCY -RPVNNNauz73A8kWA0VSQiMWCerUkxPoXG2MUrFly3Bc ---- 8h4hGasOwZxk+i5aQfg6AzdA1G4wROhxz2rmM9u41b8 -{Rh=42 yЙjMWQ%X ]JK]F?QK \ No newline at end of file +-> ssh-ed25519 cKojmg 8rcBI7fYHuA3jO6EzJNFaAj2niIApKDt1HQEv61AKTs +ANxkIX/CeI7t7Zqp6wmjt/D194Z+xpeiidb+qvYzoQU +-> ssh-ed25519 jPowng oruewwTM9X/HjjcmOPcQVdp02rQBlgJPdzvlAffs3T0 +MrO0kaNhjgOkNHuz3NrIMWXNrXOHH9dT/Fk6hoQNKyY +-> COK%H7-grease +6yfI90QurOKlM+kgpW8KZ/iBzDYD9yhNmjG1LQ +--- uArz8eHg8sLO0sdlkM6cELFh+FHiI5BrM0+iXJxxiDo +vvNb@FMMY&/%mt֓dh|ߩ8 ڽ9C/ \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/sso/ambroisie/password-hash.age b/hosts/nixos/porthos/secrets/sso/ambroisie/password-hash.age index efbd945..10d9eaa 100644 Binary files a/hosts/nixos/porthos/secrets/sso/ambroisie/password-hash.age and b/hosts/nixos/porthos/secrets/sso/ambroisie/password-hash.age differ diff --git a/hosts/nixos/porthos/secrets/sso/ambroisie/totp-secret.age b/hosts/nixos/porthos/secrets/sso/ambroisie/totp-secret.age index 211bec3..c5ce19b 100644 Binary files a/hosts/nixos/porthos/secrets/sso/ambroisie/totp-secret.age and b/hosts/nixos/porthos/secrets/sso/ambroisie/totp-secret.age differ diff --git a/hosts/nixos/porthos/secrets/sso/auth-key.age b/hosts/nixos/porthos/secrets/sso/auth-key.age index 1c12470..4e05b15 100644 Binary files a/hosts/nixos/porthos/secrets/sso/auth-key.age and b/hosts/nixos/porthos/secrets/sso/auth-key.age differ diff --git a/hosts/nixos/porthos/secrets/tandoor-recipes/secret-key.age b/hosts/nixos/porthos/secrets/tandoor-recipes/secret-key.age index d6db371..2ec147d 100644 Binary files a/hosts/nixos/porthos/secrets/tandoor-recipes/secret-key.age and b/hosts/nixos/porthos/secrets/tandoor-recipes/secret-key.age differ diff --git a/hosts/nixos/porthos/secrets/transmission/credentials.age b/hosts/nixos/porthos/secrets/transmission/credentials.age index 16f90b6..4f407fa 100644 --- a/hosts/nixos/porthos/secrets/transmission/credentials.age +++ b/hosts/nixos/porthos/secrets/transmission/credentials.age @@ -1,8 +1,10 @@ age-encryption.org/v1 --> ssh-ed25519 cKojmg Froxrdh4H2Bsj4X2xicyBXHPRlbkRJAOztoTfzxItSM -FnsLS2QYm8mJUO+c152FieLCFkALxxwQLnY4PAj8zsU --> ssh-ed25519 jPowng pKl4p02M+U5JsiOnM2wXL5bkPwsI3IHjlTutlvez3zM -NSuOFsyV8JqtTq97lNzacJnJ3YZgWp53XxU3mjUlcMQ ---- 2TK2ViFblmDheaYdat/GF0ze1wVsla1EPLaeRdMM4Gs -ըENܞm›2u~Jubt[$T^2ji@xҸ*İg[MHX!6ezDW]<` XPޛ -q*o$< \ No newline at end of file +-> ssh-ed25519 cKojmg mP2H3PWJN6Pv3q6C2wci3KnXjtFAIiuGy0YH0sGIy2g +f43QqyUQfTYznszub47kgc2Mz95zVScTDkwnG3INi9U +-> ssh-ed25519 jPowng fENbu7+FZ1mnQQHQCLm1spLHmsQGlRoJResUJtGzYkY +hX+AqCkLCca6m/aKtGCThi7/mCCz/TZQNJNOlOmlqyA +-> J<-grease +n7+CPRr4oazWnE7yzpJN2ZAI4QrGsAerloP4wNeebjQDx8+IxJq1JE0g3Yi0RxzN +chDccuSPLYk45Ov+SD/qqqFZlQ +--- p81HYw3LFj+qz2kiZsDcevM4ZBfvN743P9Jdi7J9XkM +۱S7VBOlEtq_D,PVFp\"AM}g?/\;y Ӛ(SK \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/vikunja/mail.age b/hosts/nixos/porthos/secrets/vikunja/mail.age index 864e5be..4c83acd 100644 Binary files a/hosts/nixos/porthos/secrets/vikunja/mail.age and b/hosts/nixos/porthos/secrets/vikunja/mail.age differ diff --git a/hosts/nixos/porthos/secrets/wireguard/private-key.age b/hosts/nixos/porthos/secrets/wireguard/private-key.age index d7e292e..4abe1e5 100644 --- a/hosts/nixos/porthos/secrets/wireguard/private-key.age +++ b/hosts/nixos/porthos/secrets/wireguard/private-key.age @@ -1,8 +1,10 @@ age-encryption.org/v1 --> ssh-ed25519 cKojmg KslHl4v8yCsKZn5TduLgpTfpTi1uOInC9N2e8Ow83FI -NzcJJr8kw1ykAdWRZOeWdNhx0BTgE7FwTKcge+yLJ/w --> ssh-ed25519 jPowng YGWcOai0A9l2HDZyV0GtD8kEbY/xTUssODFBcseWAkA -nJaHXkipFSHdyektoKV5y1jQrjkvnU7pwZwAymiQm7M ---- IgWkDulol1jRa+pcx7DbEy5pvC+2nrRJHsdQVPvPur0 -Bb<Ōb!E?:=srJCKz5{4`&N057v+1 -+(d{ Q \ No newline at end of file +-> ssh-ed25519 cKojmg +WwRpd2MzycutQFXyLsr2+GzSgF67Z6UuvyqYZaLd3w +sppt8HzaZP3yxnvnhzjl18Trnz8g3VyXJ6CaVBWd7jA +-> ssh-ed25519 jPowng wanoqGB7T8bim/WZ4IAYViFQoGzaIZSgeoTr3YKpeTY +ihDAdGa1XVW/qQz40V1v7a7iK7tu0EHMa7ayIogpcRw +-> l-grease |PIcZ NIr >0;* +4o8o0bevQZ6uDSx1WxxlDCURbFCM+yK1XPdrb9aztCSvG2a+ne78E42l5rBcoH7I +m51A8uWS4nSj36N/76v6K4kelxKzWUg +--- O6cGbTAVbDcdmPHf7UzfZiyiRtu1yfL4sBI+CkJA1qw +q$`w'SX]?6/N(BNa.H7Ioz/4:sK",7J \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/woodpecker/gitea.age b/hosts/nixos/porthos/secrets/woodpecker/gitea.age index 11817ff..e6ede6c 100644 Binary files a/hosts/nixos/porthos/secrets/woodpecker/gitea.age and b/hosts/nixos/porthos/secrets/woodpecker/gitea.age differ diff --git a/hosts/nixos/porthos/secrets/woodpecker/secret.age b/hosts/nixos/porthos/secrets/woodpecker/secret.age index 89bcb6b..63a4862 100644 --- a/hosts/nixos/porthos/secrets/woodpecker/secret.age +++ b/hosts/nixos/porthos/secrets/woodpecker/secret.age @@ -1,7 +1,10 @@ age-encryption.org/v1 --> ssh-ed25519 cKojmg tAW2hbBSxsael6cdbN+vI4h1/PMNrWYct8cppCAasn0 -cex/wBTviSIXc8clNm5PGltTYa1Q5PwqlX4BGsNHiyU --> ssh-ed25519 jPowng YxfhtpytvuhIARQAaJ0w94aOZiGNUOBR0pF+Sp80D2k -nMon/VdYUQTs6LFccDGeIKWeNYib1wwtFmEYZkDZxg0 ---- giL477X0+uZ2Ocvbixt5f5kNc1laj5P79oW8P9XsNP0 -d>cE?nbv_'2յ_6Pu:usE8ϓxuڶ̪x̧C[ .6 qJ5GK)N ssh-ed25519 jPowng yz0I+AazPmamF7NOnwYNrPE/ArarU01jd2mVDJUPSTY +6Y/YQ7gb8cAZf3zT9SKOorvfUnU7kYff+gHh8fG2mY8 +-> ssh-ed25519 cKojmg 0FZU9v8eHsVeE+EoX9Y4IgfIj/8+45waPaSnSDb961I +L6SzJoh5xqai45scoVAa6v9zslBGFYNnZY044d470uQ +-> I[G-grease p +AMRQY1alSzHi/PLL80kcvnM1Z9YNfoUo9u5alWXYMyzrRsg+vXjMuBvAXg3fmnzr +wdOowTYMRV+jEG8vzkcQTsv+f7JIyo4DvOOaPyGfWMl1 +--- ih3IAFPcN1JP3FP1vcRGnPrfk91yrnIX0m/Szkbcf7Q +mWr_\)Ͱ]QxMs/݃ݪ6kYxMyJG)i2_'֜HF.g_e5#utՠ7jP'Tޥ8\IWUK1ں9 \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/woodpecker/ssh/private-key.age b/hosts/nixos/porthos/secrets/woodpecker/ssh/private-key.age index b0b7b46..0211701 100644 Binary files a/hosts/nixos/porthos/secrets/woodpecker/ssh/private-key.age and b/hosts/nixos/porthos/secrets/woodpecker/ssh/private-key.age differ diff --git a/modules/home/default.nix b/modules/home/default.nix index 4dcfc35..8ba3a8d 100644 --- a/modules/home/default.nix +++ b/modules/home/default.nix @@ -23,7 +23,6 @@ ./gtk ./htop ./jq - ./keyboard ./mail ./mpv ./nix diff --git a/modules/home/firefox/tridactyl/tridactylrc b/modules/home/firefox/tridactyl/tridactylrc index 4dc53cf..31d3cb7 100644 --- a/modules/home/firefox/tridactyl/tridactylrc +++ b/modules/home/firefox/tridactyl/tridactylrc @@ -22,8 +22,8 @@ bind ;c hint -Jc [class*="expand"],[class*="togg"],[class="comment_folder"] bindurl reddit.com gu urlparent 3 " Only hint search results on Google -bindurl www.google.com f hint -Jc #search a -bindurl www.google.com F hint -Jbc #search a +bindurl www.google.com f hint -Jc #search div:not(.action-menu) > a +bindurl www.google.com F hint -Jbc #search div:not(.action-menu) > a " Only hint search results on DuckDuckGo bindurl ^https://duckduckgo.com f hint -Jc [data-testid="result-title-a"] @@ -69,6 +69,8 @@ unbind " Redirections {{{ " Always redirect Reddit to the old site autocmd DocStart ^http(s?)://www.reddit.com js tri.excmds.urlmodify("-t", "www", "old") +" Use a better Twitter front-end +autocmd DocStart ^http(s?)://twitter.com js tri.excmds.urlmodify("-t", "twitter.com", "nitter.net") " }}} " Disabled websites {{{ diff --git a/modules/home/mpv/default.nix b/modules/home/mpv/default.nix index 931c252..9aef379 100644 --- a/modules/home/mpv/default.nix +++ b/modules/home/mpv/default.nix @@ -13,7 +13,6 @@ in scripts = [ pkgs.mpvScripts.mpris # Allow controlling using media keys - pkgs.mpvScripts.uosc # Nicer UI ]; }; }; diff --git a/modules/home/vim/after/ftplugin/gn.vim b/modules/home/vim/after/ftplugin/gn.vim deleted file mode 100644 index 0cec9df..0000000 --- a/modules/home/vim/after/ftplugin/gn.vim +++ /dev/null @@ -1,6 +0,0 @@ -" Create the `b:undo_ftplugin` variable if it doesn't exist -call ftplugined#check_undo_ft() - -" Set comment string, as it seems that no official GN support exists upstream -setlocal commentstring=#\ %s -let b:undo_ftplugin.='|setlocal commentstring<' diff --git a/modules/home/vim/ftdetect/automake.lua b/modules/home/vim/ftdetect/automake.lua index 68a30ed..cfa15d2 100644 --- a/modules/home/vim/ftdetect/automake.lua +++ b/modules/home/vim/ftdetect/automake.lua @@ -1,4 +1,4 @@ --- Use Automake filetype for `local.am` files +-- Use Automake filetype for `local.am` files, explicit `set` to force override vim.filetype.add({ filename = { ["local.am"] = "automake", diff --git a/modules/home/vim/ftdetect/glsl.lua b/modules/home/vim/ftdetect/glsl.lua deleted file mode 100644 index 2f4f1dd..0000000 --- a/modules/home/vim/ftdetect/glsl.lua +++ /dev/null @@ -1,7 +0,0 @@ --- Use GLSL filetype for common shader file extensions -vim.filetype.add({ - extension = { - frag = "glsl", - vert = "glsl", - }, -}) diff --git a/modules/home/vim/ftdetect/gn.lua b/modules/home/vim/ftdetect/gn.lua deleted file mode 100644 index 37d772e..0000000 --- a/modules/home/vim/ftdetect/gn.lua +++ /dev/null @@ -1,7 +0,0 @@ --- Use GN filetype for Chromium Generate Ninja files -vim.filetype.add({ - extension = { - gn = "gn", - gni = "gn", - }, -}) diff --git a/modules/home/wm/i3bar/default.nix b/modules/home/wm/i3bar/default.nix index 5ae0e7d..5dbb505 100644 --- a/modules/home/wm/i3bar/default.nix +++ b/modules/home/wm/i3bar/default.nix @@ -74,7 +74,7 @@ in ) { block = "net"; - format = " $icon{| $ssid|}{| $ip|}{| $signal_strength|} "; + format = " $icon{| $ssid|} $ip{| $signal_strength|} "; } { block = "backlight"; diff --git a/modules/home/x/default.nix b/modules/home/x/default.nix index c320e52..0312bc4 100644 --- a/modules/home/x/default.nix +++ b/modules/home/x/default.nix @@ -3,6 +3,10 @@ let cfg = config.my.home.x; in { + imports = [ + ./keyboard + ]; + options.my.home.x = with lib; { enable = mkEnableOption "X server configuration"; }; diff --git a/modules/home/keyboard/default.nix b/modules/home/x/keyboard/default.nix similarity index 50% rename from modules/home/keyboard/default.nix rename to modules/home/x/keyboard/default.nix index 2216a08..40af800 100644 --- a/modules/home/keyboard/default.nix +++ b/modules/home/x/keyboard/default.nix @@ -1,12 +1,8 @@ { config, lib, ... }: let - cfg = config.my.home.keyboard; + cfg = config.my.home.x; in { - options.my.home.keyboard = with lib; { - enable = my.mkDisableOption "keyboard configuration"; - }; - config = lib.mkIf cfg.enable { home.keyboard = { layout = "fr"; diff --git a/modules/nixos/services/aria/default.nix b/modules/nixos/services/aria/default.nix index a31b6f6..1ac6d4d 100644 --- a/modules/nixos/services/aria/default.nix +++ b/modules/nixos/services/aria/default.nix @@ -20,7 +20,6 @@ in description = "Download directory"; }; - # FIXME: secrets file }; config = lib.mkIf cfg.enable { @@ -30,10 +29,12 @@ in inherit (cfg) downloadDir; rpcListenPort = cfg.rpcPort; + openPorts = false; # I don't want to expose the RPC port }; - # Expose DHT ports, but not RPC ports + # Expose DHT ports networking.firewall = { + # FIXME: check for overlap? allowedUDPPortRanges = config.services.aria2.listenPortRange; }; diff --git a/modules/nixos/services/blog/default.nix b/modules/nixos/services/blog/default.nix index 3e68df2..4b646c3 100644 --- a/modules/nixos/services/blog/default.nix +++ b/modules/nixos/services/blog/default.nix @@ -5,10 +5,11 @@ let domain = config.networking.domain; makeHostInfo = subdomain: { + inherit subdomain; root = "/var/www/${subdomain}"; }; - hostsInfo = lib.flip lib.genAttrs makeHostInfo [ "cv" "dev" "key" ]; + hostsInfo = map makeHostInfo [ "cv" "dev" "key" ]; in { options.my.services.blog = { diff --git a/modules/nixos/services/calibre-web/default.nix b/modules/nixos/services/calibre-web/default.nix index b7bf9df..858851c 100644 --- a/modules/nixos/services/calibre-web/default.nix +++ b/modules/nixos/services/calibre-web/default.nix @@ -40,11 +40,12 @@ in # Set-up media group users.groups.media = { }; - my.services.nginx.virtualHosts = { - library = { + my.services.nginx.virtualHosts = [ + { + subdomain = "library"; inherit (cfg) port; - }; - }; + } + ]; my.services.backup = { paths = [ diff --git a/modules/nixos/services/drone/server/default.nix b/modules/nixos/services/drone/server/default.nix index a3a1e49..d651f85 100644 --- a/modules/nixos/services/drone/server/default.nix +++ b/modules/nixos/services/drone/server/default.nix @@ -45,10 +45,11 @@ in }]; }; - my.services.nginx.virtualHosts = { - drone = { + my.services.nginx.virtualHosts = [ + { + subdomain = "drone"; inherit (cfg) port; - }; - }; + } + ]; }; } diff --git a/modules/nixos/services/flood/default.nix b/modules/nixos/services/flood/default.nix index 155e73d..ff5d941 100644 --- a/modules/nixos/services/flood/default.nix +++ b/modules/nixos/services/flood/default.nix @@ -40,10 +40,11 @@ in }; }; - my.services.nginx.virtualHosts = { - flood = { + my.services.nginx.virtualHosts = [ + { + subdomain = "flood"; inherit (cfg) port; - }; - }; + } + ]; }; } diff --git a/modules/nixos/services/gitea/default.nix b/modules/nixos/services/gitea/default.nix index 4a8a3bb..00ba941 100644 --- a/modules/nixos/services/gitea/default.nix +++ b/modules/nixos/services/gitea/default.nix @@ -116,16 +116,18 @@ in }; users.groups.git = { }; - my.services.nginx.virtualHosts = { + my.services.nginx.virtualHosts = [ # Proxy to Gitea - git = { + { + subdomain = "git"; inherit (cfg) port; - }; + } # Redirect `gitea.` to actual forge subdomain - gitea = { + { + subdomain = "gitea"; redirect = config.services.gitea.settings.server.ROOT_URL; - }; - }; + } + ]; my.services.backup = { paths = [ diff --git a/modules/nixos/services/indexers/default.nix b/modules/nixos/services/indexers/default.nix index 8a42345..fb06a0b 100644 --- a/modules/nixos/services/indexers/default.nix +++ b/modules/nixos/services/indexers/default.nix @@ -28,11 +28,12 @@ in }; }; - my.services.nginx.virtualHosts = { - jackett = { + my.services.nginx.virtualHosts = [ + { + subdomain = "jackett"; port = jackettPort; - }; - }; + } + ]; }) (lib.mkIf cfg.nzbhydra.enable { @@ -40,11 +41,12 @@ in enable = true; }; - my.services.nginx.virtualHosts = { - nzbhydra = { + my.services.nginx.virtualHosts = [ + { + subdomain = "nzbhydra"; port = nzbhydraPort; - }; - }; + } + ]; }) (lib.mkIf cfg.prowlarr.enable { @@ -52,11 +54,12 @@ in enable = true; }; - my.services.nginx.virtualHosts = { - prowlarr = { + my.services.nginx.virtualHosts = [ + { + subdomain = "prowlarr"; port = prowlarrPort; - }; - }; + } + ]; services.fail2ban.jails = { prowlarr = '' diff --git a/modules/nixos/services/jellyfin/default.nix b/modules/nixos/services/jellyfin/default.nix index f5aaa99..2fcf51e 100644 --- a/modules/nixos/services/jellyfin/default.nix +++ b/modules/nixos/services/jellyfin/default.nix @@ -17,15 +17,9 @@ in # Set-up media group users.groups.media = { }; - systemd.services.jellyfin = { - serviceConfig = { - # Loose umask to make Jellyfin metadata more broadly readable - UMask = lib.mkForce "0002"; - }; - }; - - my.services.nginx.virtualHosts = { - jellyfin = { + my.services.nginx.virtualHosts = [ + { + subdomain = "jellyfin"; port = 8096; extraConfig = { locations."/" = { @@ -39,7 +33,7 @@ in proxyWebsockets = true; }; }; - }; - }; + } + ]; }; } diff --git a/modules/nixos/services/lohr/default.nix b/modules/nixos/services/lohr/default.nix index dd4eea8..245567c 100644 --- a/modules/nixos/services/lohr/default.nix +++ b/modules/nixos/services/lohr/default.nix @@ -98,10 +98,11 @@ in }; users.groups.lohr = { }; - my.services.nginx.virtualHosts = { - lohr = { + my.services.nginx.virtualHosts = [ + { + subdomain = "lohr"; inherit (cfg) port; - }; - }; + } + ]; }; } diff --git a/modules/nixos/services/matrix/default.nix b/modules/nixos/services/matrix/default.nix index b958f76..52b60c5 100644 --- a/modules/nixos/services/matrix/default.nix +++ b/modules/nixos/services/matrix/default.nix @@ -104,22 +104,23 @@ in extraConfigFiles = [ cfg.mailConfigFile ] ++ lib.optional (cfg.secretFile != null) cfg.secretFile; - }; - services.matrix-sliding-sync = { - enable = true; + sliding-sync = { + enable = true; - settings = { - SYNCV3_SERVER = "https://${matrixDomain}"; - SYNCV3_BINDADDR = "127.0.0.1:${toString cfg.slidingSync.port}"; + settings = { + SYNCV3_SERVER = "https://${matrixDomain}"; + SYNCV3_BINDADDR = "127.0.0.1:${toString cfg.slidingSync.port}"; + }; + + environmentFile = cfg.slidingSync.secretFile; }; - - environmentFile = cfg.slidingSync.secretFile; }; - my.services.nginx.virtualHosts = { + my.services.nginx.virtualHosts = [ # Element Web app deployment - chat = { + { + subdomain = "chat"; root = pkgs.element-web.override { conf = { default_server_config = { @@ -144,19 +145,22 @@ in }; }; }; - }; + } # Dummy VHosts for port collision detection - matrix-federation = { + { + subdomain = "matrix-federation"; port = federationPort.private; - }; - matrix-client = { + } + { + subdomain = "matrix-client"; port = clientPort.private; - }; + } # Sliding sync - matrix-sync = { + { + subdomain = "matrix-sync"; inherit (cfg.slidingSync) port; - }; - }; + } + ]; # Those are too complicated to use my wrapper... services.nginx.virtualHosts = { @@ -181,7 +185,7 @@ in # Sliding sync "~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync)" = { - proxyPass = "http://${config.services.matrix-sliding-sync.settings.SYNCV3_BINDADDR}"; + proxyPass = "http://${config.services.matrix-synapse.sliding-sync.settings.SYNCV3_BINDADDR}"; }; }; diff --git a/modules/nixos/services/miniflux/default.nix b/modules/nixos/services/miniflux/default.nix index 5104c8b..6d9ffc8 100644 --- a/modules/nixos/services/miniflux/default.nix +++ b/modules/nixos/services/miniflux/default.nix @@ -43,10 +43,11 @@ in }; }; - my.services.nginx.virtualHosts = { - reader = { + my.services.nginx.virtualHosts = [ + { + subdomain = "reader"; inherit (cfg) port; - }; - }; + } + ]; }; } diff --git a/modules/nixos/services/monitoring/default.nix b/modules/nixos/services/monitoring/default.nix index 49919c1..829bfe0 100644 --- a/modules/nixos/services/monitoring/default.nix +++ b/modules/nixos/services/monitoring/default.nix @@ -125,10 +125,11 @@ in ]; }; - my.services.nginx.virtualHosts = { - monitoring = { + my.services.nginx.virtualHosts = [ + { + subdomain = "monitoring"; inherit (cfg.grafana) port; - }; - }; + } + ]; }; } diff --git a/modules/nixos/services/navidrome/default.nix b/modules/nixos/services/navidrome/default.nix index 944a97a..6c001fd 100644 --- a/modules/nixos/services/navidrome/default.nix +++ b/modules/nixos/services/navidrome/default.nix @@ -47,10 +47,11 @@ in }; }; - my.services.nginx.virtualHosts = { - music = { + my.services.nginx.virtualHosts = [ + { + subdomain = "music"; inherit (cfg) port; - }; - }; + } + ]; }; } diff --git a/modules/nixos/services/nextcloud/default.nix b/modules/nixos/services/nextcloud/default.nix index 580e9ea..65b7234 100644 --- a/modules/nixos/services/nextcloud/default.nix +++ b/modules/nixos/services/nextcloud/default.nix @@ -31,7 +31,7 @@ in config = lib.mkIf cfg.enable { services.nextcloud = { enable = true; - package = pkgs.nextcloud28; + package = pkgs.nextcloud27; hostName = "nextcloud.${config.networking.domain}"; home = "/var/lib/nextcloud"; maxUploadSize = cfg.maxSize; @@ -41,12 +41,7 @@ in adminpassFile = cfg.passwordFile; dbtype = "pgsql"; dbhost = "/run/postgresql"; - }; - - https = true; - - extraOptions = { - overwriteprotocol = "https"; # Nginx only allows SSL + overwriteProtocol = "https"; # Nginx only allows SSL }; notify_push = { diff --git a/modules/nixos/services/nginx/default.nix b/modules/nixos/services/nginx/default.nix index 7980ad9..6ca2e42 100644 --- a/modules/nixos/services/nginx/default.nix +++ b/modules/nixos/services/nginx/default.nix @@ -5,11 +5,10 @@ let domain = config.networking.domain; - virtualHostOption = with lib; types.submodule ({ name, ... }: { + virtualHostOption = with lib; types.submodule { options = { subdomain = mkOption { type = types.str; - default = name; example = "dev"; description = '' Which subdomain, under config.networking.domain, to use @@ -73,7 +72,7 @@ let ''; }; }; - }); + }; in { imports = [ @@ -98,18 +97,20 @@ in }; virtualHosts = mkOption { - type = types.attrsOf virtualHostOption; - default = { }; + type = types.listOf virtualHostOption; + default = [ ]; example = litteralExample '' - { - gitea = { - subdomain = "git"; + [ + { + subdomain = "gitea"; port = 8080; - }; - dev = { + } + { + subdomain = "dev"; root = "/var/www/dev"; - }; - jellyfin = { + } + { + subdomain = "jellyfin"; port = 8096; extraConfig = { locations."/socket" = { @@ -117,8 +118,8 @@ in proxyWebsockets = true; }; }; - }; - } + } + ] ''; description = '' List of virtual hosts to set-up using default settings. @@ -189,7 +190,7 @@ in config = lib.mkIf cfg.enable { assertions = [ ] - ++ (lib.flip lib.mapAttrsToList cfg.virtualHosts (_: { subdomain, ... } @ args: + ++ (lib.flip builtins.map cfg.virtualHosts ({ subdomain, ... } @ args: let conflicts = [ "port" "root" "socket" "redirect" ]; optionsNotNull = builtins.map (v: args.${v} != null) conflicts; @@ -208,7 +209,7 @@ in ports = lib.my.mapFilter (v: v != null) ({ port, ... }: port) - (lib.attrValues cfg.virtualHosts); + cfg.virtualHosts; portCounts = lib.my.countValues ports; nonUniquesCounts = lib.filterAttrs (_: v: v != 1) portCounts; nonUniques = builtins.attrNames nonUniquesCounts; @@ -220,7 +221,7 @@ in map mkAssertion nonUniques ) ++ ( let - subs = lib.mapAttrsToList (_: { subdomain, ... }: subdomain) cfg.virtualHosts; + subs = map ({ subdomain, ... }: subdomain) cfg.virtualHosts; subsCounts = lib.my.countValues subs; nonUniquesCounts = lib.filterAttrs (_: v: v != 1) subsCounts; nonUniques = builtins.attrNames nonUniquesCounts; @@ -324,7 +325,7 @@ in ]) ); in - lib.my.genAttrs' (lib.attrValues cfg.virtualHosts) mkVHost; + lib.my.genAttrs' cfg.virtualHosts mkVHost; sso = { enable = true; @@ -402,11 +403,12 @@ in }; }; - my.services.nginx.virtualHosts = { - ${cfg.sso.subdomain} = { + my.services.nginx.virtualHosts = [ + { + subdomain = "login"; inherit (cfg.sso) port; - }; - }; + } + ]; networking.firewall.allowedTCPPorts = [ 80 443 ]; diff --git a/modules/nixos/services/nix-cache/default.nix b/modules/nixos/services/nix-cache/default.nix index 1ce3161..b3bdbf3 100644 --- a/modules/nixos/services/nix-cache/default.nix +++ b/modules/nixos/services/nix-cache/default.nix @@ -43,10 +43,11 @@ in signKeyPath = cfg.secretKeyFile; }; - my.services.nginx.virtualHosts = { - cache = { + my.services.nginx.virtualHosts = [ + { + subdomain = "cache"; inherit (cfg) port; - }; - }; + } + ]; }; } diff --git a/modules/nixos/services/paperless/default.nix b/modules/nixos/services/paperless/default.nix index f528ad7..90f6b0c 100644 --- a/modules/nixos/services/paperless/default.nix +++ b/modules/nixos/services/paperless/default.nix @@ -52,7 +52,7 @@ in mediaDir = lib.mkIf (cfg.documentPath != null) cfg.documentPath; - settings = + extraConfig = let paperlessDomain = "paperless.${config.networking.domain}"; in @@ -143,8 +143,9 @@ in extraGroups = [ "media" ]; }; - my.services.nginx.virtualHosts = { - paperless = { + my.services.nginx.virtualHosts = [ + { + subdomain = "paperless"; inherit (cfg) port; sso = { enable = true; @@ -154,8 +155,8 @@ in extraConfig = { locations."/".proxyWebsockets = true; }; - }; - }; + } + ]; my.services.backup = { paths = [ diff --git a/modules/nixos/services/pirate/default.nix b/modules/nixos/services/pirate/default.nix index e500b54..59f9794 100644 --- a/modules/nixos/services/pirate/default.nix +++ b/modules/nixos/services/pirate/default.nix @@ -21,11 +21,12 @@ let }; mkRedirection = service: { - my.services.nginx.virtualHosts = { - ${service} = { + my.services.nginx.virtualHosts = [ + { + subdomain = service; port = ports.${service}; - }; - }; + } + ]; }; mkFail2Ban = service: lib.mkIf cfg.${service}.enable { diff --git a/modules/nixos/services/podgrab/default.nix b/modules/nixos/services/podgrab/default.nix index 5ceebb6..9793d60 100644 --- a/modules/nixos/services/podgrab/default.nix +++ b/modules/nixos/services/podgrab/default.nix @@ -31,10 +31,11 @@ in inherit (cfg) passwordFile port; }; - my.services.nginx.virtualHosts = { - podgrab = { + my.services.nginx.virtualHosts = [ + { + subdomain = "podgrab"; inherit (cfg) port; - }; - }; + } + ]; }; } diff --git a/modules/nixos/services/sabnzbd/default.nix b/modules/nixos/services/sabnzbd/default.nix index 9e0d9c3..7ab145f 100644 --- a/modules/nixos/services/sabnzbd/default.nix +++ b/modules/nixos/services/sabnzbd/default.nix @@ -18,11 +18,12 @@ in # Set-up media group users.groups.media = { }; - my.services.nginx.virtualHosts = { - sabnzbd = { + my.services.nginx.virtualHosts = [ + { + subdomain = "sabnzbd"; inherit port; - }; - }; + } + ]; services.fail2ban.jails = { sabnzbd = '' diff --git a/modules/nixos/services/tandoor-recipes/default.nix b/modules/nixos/services/tandoor-recipes/default.nix index f5dc2db..541e198 100644 --- a/modules/nixos/services/tandoor-recipes/default.nix +++ b/modules/nixos/services/tandoor-recipes/default.nix @@ -70,10 +70,11 @@ in ]; }; - my.services.nginx.virtualHosts = { - recipes = { + my.services.nginx.virtualHosts = [ + { + subdomain = "recipes"; inherit (cfg) port; - }; - }; + } + ]; }; } diff --git a/modules/nixos/services/transmission/default.nix b/modules/nixos/services/transmission/default.nix index aeb88b7..28df477 100644 --- a/modules/nixos/services/transmission/default.nix +++ b/modules/nixos/services/transmission/default.nix @@ -80,11 +80,12 @@ in # Default transmission webui, I prefer combustion but its development # seems to have stalled - my.services.nginx.virtualHosts = { - transmission = { + my.services.nginx.virtualHosts = [ + { + subdomain = "transmission"; inherit (cfg) port; - }; - }; + } + ]; networking.firewall = { allowedTCPPorts = [ cfg.peerPort ]; diff --git a/modules/nixos/services/vikunja/default.nix b/modules/nixos/services/vikunja/default.nix index 9767d00..8c051b0 100644 --- a/modules/nixos/services/vikunja/default.nix +++ b/modules/nixos/services/vikunja/default.nix @@ -59,8 +59,9 @@ in }; # This is a weird setup - my.services.nginx.virtualHosts = { - ${subdomain} = { + my.services.nginx.virtualHosts = [ + { + inherit subdomain; # Serve the root for the web-ui root = config.services.vikunja.package-frontend; @@ -79,8 +80,8 @@ in }; }; }; - }; - }; + } + ]; systemd.services.vikunja-api = { serviceConfig = { diff --git a/modules/nixos/services/woodpecker/server/default.nix b/modules/nixos/services/woodpecker/server/default.nix index f02a5c5..cebbc9b 100644 --- a/modules/nixos/services/woodpecker/server/default.nix +++ b/modules/nixos/services/woodpecker/server/default.nix @@ -52,14 +52,16 @@ in }]; }; - my.services.nginx.virtualHosts = { - woodpecker = { + my.services.nginx.virtualHosts = [ + { + subdomain = "woodpecker"; inherit (cfg) port; - }; + } # I might want to be able to RPC from other hosts in the future - woodpecker-rpc = { + { + subdomain = "woodpecker-rpc"; port = cfg.rpcPort; - }; - }; + } + ]; }; } diff --git a/pkgs/default.nix b/pkgs/default.nix index 6b7fce1..f5036fe 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -14,6 +14,8 @@ pkgs.lib.makeScope pkgs.newScope (pkgs: { drone-rsync = pkgs.callPackage ./drone-rsync { }; + drone-scp = pkgs.callPackage ./drone-scp { }; + i3-get-window-criteria = pkgs.callPackage ./i3-get-window-criteria { }; lohr = pkgs.callPackage ./lohr { }; @@ -28,5 +30,9 @@ pkgs.lib.makeScope pkgs.newScope (pkgs: { unbound-zones-adblock = pkgs.callPackage ./unbound-zones-adblock { }; + unified-hosts-lists = pkgs.callPackage ./unified-hosts-lists { }; + + wifi-qr = pkgs.callPackage ./wifi-qr { }; + zsh-done = pkgs.callPackage ./zsh-done { }; }) diff --git a/pkgs/drone-scp/default.nix b/pkgs/drone-scp/default.nix new file mode 100644 index 0000000..7437b06 --- /dev/null +++ b/pkgs/drone-scp/default.nix @@ -0,0 +1,25 @@ +{ lib, buildGoModule, fetchFromGitHub }: +buildGoModule rec { + pname = "drone-scp"; + version = "1.6.3"; + + src = fetchFromGitHub { + owner = "appleboy"; + repo = "drone-scp"; + rev = "v${version}"; + hash = "sha256-ELjPqoRR4O6gmc/PgthQuSXuSTQNzBZoAUT80zVVbV0="; + }; + + vendorHash = "sha256-/c103hTJ/Qdz2KTkdl/ACvAaSSTKcl1DQY3+Us6OxaI="; + + doCheck = false; # Needs a specific user... + + meta = with lib; { + description = '' + Copy files and artifacts via SSH using a binary, docker or Drone CI + ''; + homepage = "https://github.com/appleboy/drone-scp"; + license = licenses.mit; + mainProgram = "drone-scp"; + }; +} diff --git a/pkgs/matrix-notifier/default.nix b/pkgs/matrix-notifier/default.nix index aba093f..a96cb61 100644 --- a/pkgs/matrix-notifier/default.nix +++ b/pkgs/matrix-notifier/default.nix @@ -1,13 +1,13 @@ { lib, curl, jq, fetchFromGitHub, makeWrapper, pandoc, stdenvNoCC }: stdenvNoCC.mkDerivation rec { pname = "matrix-notifier"; - version = "0.4.0"; + version = "0.3.0"; src = fetchFromGitHub { owner = "ambroisie"; repo = "matrix-notifier"; rev = "v${version}"; - hash = "sha256-6KHteQx0bHodpNp7cuUIGM7uBRPaj386n2t5yz6umpY="; + hash = "sha256-NE9RO0ep2ibrT9EUPGTnUE3ofdNTCHwelxnX9tCflg0="; }; nativeBuildInputs = [ diff --git a/pkgs/unbound-zones-adblock/default.nix b/pkgs/unbound-zones-adblock/default.nix index 642ac41..b8392ae 100644 --- a/pkgs/unbound-zones-adblock/default.nix +++ b/pkgs/unbound-zones-adblock/default.nix @@ -1,9 +1,9 @@ -{ lib, gawk, stdenvNoCC, stevenblack-blocklist }: +{ lib, gawk, stdenvNoCC, unified-hosts-lists }: stdenvNoCC.mkDerivation { name = "unbound-zones-adblock"; - version = stevenblack-blocklist.rev; + version = unified-hosts-lists.version; - src = stevenblack-blocklist; + src = unified-hosts-lists; dontUnpack = true; @@ -18,11 +18,9 @@ stdenvNoCC.mkDerivation { ]; in '' - shopt -s globstar - for file in $src/**/hosts; do - outFile="$out/''${file#$src}" - mkdir -p "$(dirname "$outFile")" - ${gawkCmd} $file | tr '[:upper:]' '[:lower:]' | sort -u > "$outFile" + mkdir -p $out + for file in $src/*; do + ${gawkCmd} $file | tr '[:upper:]' '[:lower:]' | sort -u > $out/$(basename $file) done ''; diff --git a/pkgs/unified-hosts-lists/default.nix b/pkgs/unified-hosts-lists/default.nix new file mode 100644 index 0000000..6a71fdf --- /dev/null +++ b/pkgs/unified-hosts-lists/default.nix @@ -0,0 +1,34 @@ +{ lib, fetchFromGitHub, stdenvNoCC }: +stdenvNoCC.mkDerivation rec { + pname = "unified-hosts-lists"; + version = "3.14.37"; + + src = fetchFromGitHub { + owner = "StevenBlack"; + repo = "hosts"; + rev = version; + hash = "sha256-HoNX57lCoIr36B/7HMuazWSWeAPPfWY1oZf6dXnxYIE="; + }; + + dontUnpack = true; + + installPhase = '' + mkdir -p $out + cp -r $src/hosts $out + for file in $src/alternates/*/hosts; do + cp $file $out/$(basename $(dirname $file)) + done + ''; + + meta = with lib; { + description = "Unified host lists"; + longDescription = '' + Consolidating and extending hosts files from several well-curated sources. + Optionally pick extensions for porn, social media, and other categories. + ''; + homepage = "https://github.com/StevenBlack/hosts"; + license = licenses.mit; + maintainers = with maintainers; [ ambroisie ]; + platforms = platforms.all; + }; +} diff --git a/pkgs/wifi-qr/default.nix b/pkgs/wifi-qr/default.nix new file mode 100644 index 0000000..88164e5 --- /dev/null +++ b/pkgs/wifi-qr/default.nix @@ -0,0 +1,81 @@ +{ lib +, fetchFromGitHub +, gnome +, installShellFiles +, makeWrapper +, networkmanager +, qrencode +, stdenvNoCC +, xdg-utils +, zbar +}: +stdenvNoCC.mkDerivation rec { + pname = "wifi-qr"; + version = "unstable-2023-04-19"; + + outputs = [ "out" "man" ]; + + src = fetchFromGitHub { + owner = "kokoye2007"; + repo = "wifi-qr"; + rev = "b81d4a44257252f07e745464879aa5618ae3d434"; + hash = "sha256-oGTAr+raJGpK4PV4GdBxX8fIUE8gcbXw7W0SvQJAee0="; + }; + + nativeBuildInputs = [ + installShellFiles + makeWrapper + ]; + + dontBuild = true; + + dontConfigure = true; + + postPatch = '' + substituteInPlace wifi-qr.desktop \ + --replace "Exec=sh -c 'wifi-qr g'" "Exec=$out/bin/wifi-qr g" \ + --replace "Exec=sh -c 'wifi-qr q'" "Exec=$out/bin/wifi-qr q" \ + --replace "Exec=sh -c 'wifi-qr p'" "Exec=$out/bin/wifi-qr p" \ + --replace "Exec=sh -c 'wifi-qr c'" "Exec=$out/bin/wifi-qr c" \ + --replace "Icon=wifi-qr.svg" "Icon=wifi-qr" + ''; + + installPhase = '' + runHook preInstall + + install -Dm755 wifi-qr $out/bin/wifi-qr + + install -Dm644 wifi-qr.desktop $out/share/applications/wifi-qr.desktop + install -Dm644 wifi-qr.svg $out/share/icons/hicolor/scalable/apps/wifi-qr.svg + + installManPage wifi-qr.1 + + runHook postInstall + ''; + + wrapperPath = lib.makeBinPath [ + gnome.zenity + networkmanager + qrencode + xdg-utils + zbar + ]; + + fixupPhase = '' + runHook preFixup + + patchShebangs $out/bin/wifi-qr + wrapProgram $out/bin/wifi-qr --suffix PATH : "${wrapperPath}" + + runHook postFixup + ''; + + meta = with lib; { + description = "WiFi password sharing via QR codes"; + homepage = "https://github.com/kokoye2007/wifi-qr"; + license = with licenses; [ gpl3Plus ]; + mainProgram = "wifi-qr"; + maintainers = with maintainers; [ ambroisie ]; + platforms = platforms.linux; + }; +}