From 49f695bf68c4fbc6f50a7fa6412334350e71e377 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 16 Dec 2023 12:51:05 +0000 Subject: [PATCH 01/32] pkgs: remove 'drone-scp' I added it to upstream nixpkgs. --- pkgs/default.nix | 2 -- pkgs/drone-scp/default.nix | 25 ------------------------- 2 files changed, 27 deletions(-) delete mode 100644 pkgs/drone-scp/default.nix diff --git a/pkgs/default.nix b/pkgs/default.nix index f5036fe..294051c 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -14,8 +14,6 @@ pkgs.lib.makeScope pkgs.newScope (pkgs: { drone-rsync = pkgs.callPackage ./drone-rsync { }; - drone-scp = pkgs.callPackage ./drone-scp { }; - i3-get-window-criteria = pkgs.callPackage ./i3-get-window-criteria { }; lohr = pkgs.callPackage ./lohr { }; diff --git a/pkgs/drone-scp/default.nix b/pkgs/drone-scp/default.nix deleted file mode 100644 index 7437b06..0000000 --- a/pkgs/drone-scp/default.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ lib, buildGoModule, fetchFromGitHub }: -buildGoModule rec { - pname = "drone-scp"; - version = "1.6.3"; - - src = fetchFromGitHub { - owner = "appleboy"; - repo = "drone-scp"; - rev = "v${version}"; - hash = "sha256-ELjPqoRR4O6gmc/PgthQuSXuSTQNzBZoAUT80zVVbV0="; - }; - - vendorHash = "sha256-/c103hTJ/Qdz2KTkdl/ACvAaSSTKcl1DQY3+Us6OxaI="; - - doCheck = false; # Needs a specific user... - - meta = with lib; { - description = '' - Copy files and artifacts via SSH using a binary, docker or Drone CI - ''; - homepage = "https://github.com/appleboy/drone-scp"; - license = licenses.mit; - mainProgram = "drone-scp"; - }; -} From 7ccb8ea8b56a54d9e48ded3ff5c5a0b0858de9ba Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 16 Dec 2023 14:28:46 +0000 Subject: [PATCH 02/32] pkgs: unbound-zones-adblock: use upstream package This is a slight regression, as the current version of `stevenblack-blocklist` is 3.13.10 and the version I packaged is 3.14.37. However I am lazy and want to avoid having to bump the version manually... --- pkgs/unbound-zones-adblock/default.nix | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/pkgs/unbound-zones-adblock/default.nix b/pkgs/unbound-zones-adblock/default.nix index b8392ae..642ac41 100644 --- a/pkgs/unbound-zones-adblock/default.nix +++ b/pkgs/unbound-zones-adblock/default.nix @@ -1,9 +1,9 @@ -{ lib, gawk, stdenvNoCC, unified-hosts-lists }: +{ lib, gawk, stdenvNoCC, stevenblack-blocklist }: stdenvNoCC.mkDerivation { name = "unbound-zones-adblock"; - version = unified-hosts-lists.version; + version = stevenblack-blocklist.rev; - src = unified-hosts-lists; + src = stevenblack-blocklist; dontUnpack = true; @@ -18,9 +18,11 @@ stdenvNoCC.mkDerivation { ]; in '' - mkdir -p $out - for file in $src/*; do - ${gawkCmd} $file | tr '[:upper:]' '[:lower:]' | sort -u > $out/$(basename $file) + shopt -s globstar + for file in $src/**/hosts; do + outFile="$out/''${file#$src}" + mkdir -p "$(dirname "$outFile")" + ${gawkCmd} $file | tr '[:upper:]' '[:lower:]' | sort -u > "$outFile" done ''; From 4aca698ac6179a626955a867094d49d539887ee8 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 16 Dec 2023 14:31:16 +0000 Subject: [PATCH 03/32] pkgs: remove 'unified-hosts-lists' Instead make use of the upstream packaged host list. --- pkgs/default.nix | 2 -- pkgs/unified-hosts-lists/default.nix | 34 ---------------------------- 2 files changed, 36 deletions(-) delete mode 100644 pkgs/unified-hosts-lists/default.nix diff --git a/pkgs/default.nix b/pkgs/default.nix index 294051c..3a8e812 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -28,8 +28,6 @@ pkgs.lib.makeScope pkgs.newScope (pkgs: { unbound-zones-adblock = pkgs.callPackage ./unbound-zones-adblock { }; - unified-hosts-lists = pkgs.callPackage ./unified-hosts-lists { }; - wifi-qr = pkgs.callPackage ./wifi-qr { }; zsh-done = pkgs.callPackage ./zsh-done { }; diff --git a/pkgs/unified-hosts-lists/default.nix b/pkgs/unified-hosts-lists/default.nix deleted file mode 100644 index 6a71fdf..0000000 --- a/pkgs/unified-hosts-lists/default.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ lib, fetchFromGitHub, stdenvNoCC }: -stdenvNoCC.mkDerivation rec { - pname = "unified-hosts-lists"; - version = "3.14.37"; - - src = fetchFromGitHub { - owner = "StevenBlack"; - repo = "hosts"; - rev = version; - hash = "sha256-HoNX57lCoIr36B/7HMuazWSWeAPPfWY1oZf6dXnxYIE="; - }; - - dontUnpack = true; - - installPhase = '' - mkdir -p $out - cp -r $src/hosts $out - for file in $src/alternates/*/hosts; do - cp $file $out/$(basename $(dirname $file)) - done - ''; - - meta = with lib; { - description = "Unified host lists"; - longDescription = '' - Consolidating and extending hosts files from several well-curated sources. - Optionally pick extensions for porn, social media, and other categories. - ''; - homepage = "https://github.com/StevenBlack/hosts"; - license = licenses.mit; - maintainers = with maintainers; [ ambroisie ]; - platforms = platforms.all; - }; -} From 864e0a5ae63b9cd1f5fafdad0f9df93661f5d788 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 16 Dec 2023 16:23:04 +0000 Subject: [PATCH 04/32] home: firefox: tridactyl: fix Google mapping --- modules/home/firefox/tridactyl/tridactylrc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/home/firefox/tridactyl/tridactylrc b/modules/home/firefox/tridactyl/tridactylrc index 31d3cb7..0401292 100644 --- a/modules/home/firefox/tridactyl/tridactylrc +++ b/modules/home/firefox/tridactyl/tridactylrc @@ -22,8 +22,8 @@ bind ;c hint -Jc [class*="expand"],[class*="togg"],[class="comment_folder"] bindurl reddit.com gu urlparent 3 " Only hint search results on Google -bindurl www.google.com f hint -Jc #search div:not(.action-menu) > a -bindurl www.google.com F hint -Jbc #search div:not(.action-menu) > a +bindurl www.google.com f hint -Jc #search a +bindurl www.google.com F hint -Jbc #search a " Only hint search results on DuckDuckGo bindurl ^https://duckduckgo.com f hint -Jc [data-testid="result-title-a"] From 066a33587debe4a4c8e9465882d39cb3160e7142 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 16 Dec 2023 20:24:38 +0000 Subject: [PATCH 05/32] home: mpv: add uosc script --- modules/home/mpv/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/home/mpv/default.nix b/modules/home/mpv/default.nix index 9aef379..931c252 100644 --- a/modules/home/mpv/default.nix +++ b/modules/home/mpv/default.nix @@ -13,6 +13,7 @@ in scripts = [ pkgs.mpvScripts.mpris # Allow controlling using media keys + pkgs.mpvScripts.uosc # Nicer UI ]; }; }; From a657a7742eec560caaca8d4925b83671490cb548 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 18 Dec 2023 09:41:35 +0000 Subject: [PATCH 06/32] home: wm: i3bar: fix 'net' block when disconnected I still sometimes get the error message about not being able to format the block, this should fix it. --- modules/home/wm/i3bar/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/wm/i3bar/default.nix b/modules/home/wm/i3bar/default.nix index 5dbb505..5ae0e7d 100644 --- a/modules/home/wm/i3bar/default.nix +++ b/modules/home/wm/i3bar/default.nix @@ -74,7 +74,7 @@ in ) { block = "net"; - format = " $icon{| $ssid|} $ip{| $signal_strength|} "; + format = " $icon{| $ssid|}{| $ip|}{| $signal_strength|} "; } { block = "backlight"; From 13d85c30f98eacbc512fcf27bb76ede4dd30f7ef Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 19 Dec 2023 19:08:10 +0100 Subject: [PATCH 07/32] pkgs: remove 'wifi-qr' Now that I added it to upstream, I can get rid of it. --- pkgs/default.nix | 2 - pkgs/wifi-qr/default.nix | 81 ---------------------------------------- 2 files changed, 83 deletions(-) delete mode 100644 pkgs/wifi-qr/default.nix diff --git a/pkgs/default.nix b/pkgs/default.nix index 3a8e812..6b7fce1 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -28,7 +28,5 @@ pkgs.lib.makeScope pkgs.newScope (pkgs: { unbound-zones-adblock = pkgs.callPackage ./unbound-zones-adblock { }; - wifi-qr = pkgs.callPackage ./wifi-qr { }; - zsh-done = pkgs.callPackage ./zsh-done { }; }) diff --git a/pkgs/wifi-qr/default.nix b/pkgs/wifi-qr/default.nix deleted file mode 100644 index 88164e5..0000000 --- a/pkgs/wifi-qr/default.nix +++ /dev/null @@ -1,81 +0,0 @@ -{ lib -, fetchFromGitHub -, gnome -, installShellFiles -, makeWrapper -, networkmanager -, qrencode -, stdenvNoCC -, xdg-utils -, zbar -}: -stdenvNoCC.mkDerivation rec { - pname = "wifi-qr"; - version = "unstable-2023-04-19"; - - outputs = [ "out" "man" ]; - - src = fetchFromGitHub { - owner = "kokoye2007"; - repo = "wifi-qr"; - rev = "b81d4a44257252f07e745464879aa5618ae3d434"; - hash = "sha256-oGTAr+raJGpK4PV4GdBxX8fIUE8gcbXw7W0SvQJAee0="; - }; - - nativeBuildInputs = [ - installShellFiles - makeWrapper - ]; - - dontBuild = true; - - dontConfigure = true; - - postPatch = '' - substituteInPlace wifi-qr.desktop \ - --replace "Exec=sh -c 'wifi-qr g'" "Exec=$out/bin/wifi-qr g" \ - --replace "Exec=sh -c 'wifi-qr q'" "Exec=$out/bin/wifi-qr q" \ - --replace "Exec=sh -c 'wifi-qr p'" "Exec=$out/bin/wifi-qr p" \ - --replace "Exec=sh -c 'wifi-qr c'" "Exec=$out/bin/wifi-qr c" \ - --replace "Icon=wifi-qr.svg" "Icon=wifi-qr" - ''; - - installPhase = '' - runHook preInstall - - install -Dm755 wifi-qr $out/bin/wifi-qr - - install -Dm644 wifi-qr.desktop $out/share/applications/wifi-qr.desktop - install -Dm644 wifi-qr.svg $out/share/icons/hicolor/scalable/apps/wifi-qr.svg - - installManPage wifi-qr.1 - - runHook postInstall - ''; - - wrapperPath = lib.makeBinPath [ - gnome.zenity - networkmanager - qrencode - xdg-utils - zbar - ]; - - fixupPhase = '' - runHook preFixup - - patchShebangs $out/bin/wifi-qr - wrapProgram $out/bin/wifi-qr --suffix PATH : "${wrapperPath}" - - runHook postFixup - ''; - - meta = with lib; { - description = "WiFi password sharing via QR codes"; - homepage = "https://github.com/kokoye2007/wifi-qr"; - license = with licenses; [ gpl3Plus ]; - mainProgram = "wifi-qr"; - maintainers = with maintainers; [ ambroisie ]; - platforms = platforms.linux; - }; -} From 26950332c7176f98e3a35273d6e8bdd7118a1352 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 19 Dec 2023 22:00:32 +0100 Subject: [PATCH 08/32] home: keyboard: extract from X module This deserves to be its own standalone module, as I would want to use it in both X and Wayland, etc... --- modules/home/default.nix | 1 + modules/home/{x => }/keyboard/default.nix | 6 +++++- modules/home/x/default.nix | 4 ---- 3 files changed, 6 insertions(+), 5 deletions(-) rename modules/home/{x => }/keyboard/default.nix (50%) diff --git a/modules/home/default.nix b/modules/home/default.nix index 8ba3a8d..4dcfc35 100644 --- a/modules/home/default.nix +++ b/modules/home/default.nix @@ -23,6 +23,7 @@ ./gtk ./htop ./jq + ./keyboard ./mail ./mpv ./nix diff --git a/modules/home/x/keyboard/default.nix b/modules/home/keyboard/default.nix similarity index 50% rename from modules/home/x/keyboard/default.nix rename to modules/home/keyboard/default.nix index 40af800..2216a08 100644 --- a/modules/home/x/keyboard/default.nix +++ b/modules/home/keyboard/default.nix @@ -1,8 +1,12 @@ { config, lib, ... }: let - cfg = config.my.home.x; + cfg = config.my.home.keyboard; in { + options.my.home.keyboard = with lib; { + enable = my.mkDisableOption "keyboard configuration"; + }; + config = lib.mkIf cfg.enable { home.keyboard = { layout = "fr"; diff --git a/modules/home/x/default.nix b/modules/home/x/default.nix index 0312bc4..c320e52 100644 --- a/modules/home/x/default.nix +++ b/modules/home/x/default.nix @@ -3,10 +3,6 @@ let cfg = config.my.home.x; in { - imports = [ - ./keyboard - ]; - options.my.home.x = with lib; { enable = mkEnableOption "X server configuration"; }; From faa87743e5f54be48874282aa4d244a1482e6e72 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 25 Dec 2023 19:25:08 +0100 Subject: [PATCH 09/32] nixos: services: nginx: use attrset for vhosts Attribute sets compose better than lists, it was a mistake to use a list in the first place... --- modules/nixos/services/blog/default.nix | 2 +- .../nixos/services/calibre-web/default.nix | 8 ++-- .../nixos/services/drone/server/default.nix | 8 ++-- modules/nixos/services/flood/default.nix | 8 ++-- modules/nixos/services/gitea/default.nix | 12 +++--- modules/nixos/services/indexers/default.nix | 24 ++++++------ modules/nixos/services/jellyfin/default.nix | 8 ++-- modules/nixos/services/lohr/default.nix | 8 ++-- modules/nixos/services/matrix/default.nix | 20 +++++----- modules/nixos/services/miniflux/default.nix | 8 ++-- modules/nixos/services/monitoring/default.nix | 8 ++-- modules/nixos/services/navidrome/default.nix | 8 ++-- modules/nixos/services/nginx/default.nix | 38 +++++++++---------- modules/nixos/services/nix-cache/default.nix | 8 ++-- modules/nixos/services/paperless/default.nix | 8 ++-- modules/nixos/services/pirate/default.nix | 8 ++-- modules/nixos/services/podgrab/default.nix | 8 ++-- modules/nixos/services/sabnzbd/default.nix | 8 ++-- .../services/tandoor-recipes/default.nix | 8 ++-- .../nixos/services/transmission/default.nix | 8 ++-- modules/nixos/services/vikunja/default.nix | 8 ++-- .../services/woodpecker/server/default.nix | 12 +++--- 22 files changed, 118 insertions(+), 118 deletions(-) diff --git a/modules/nixos/services/blog/default.nix b/modules/nixos/services/blog/default.nix index 4b646c3..38ada5e 100644 --- a/modules/nixos/services/blog/default.nix +++ b/modules/nixos/services/blog/default.nix @@ -9,7 +9,7 @@ let root = "/var/www/${subdomain}"; }; - hostsInfo = map makeHostInfo [ "cv" "dev" "key" ]; + hostsInfo = lib.flip lib.genAttrs makeHostInfo [ "cv" "dev" "key" ]; in { options.my.services.blog = { diff --git a/modules/nixos/services/calibre-web/default.nix b/modules/nixos/services/calibre-web/default.nix index 858851c..fe53b7e 100644 --- a/modules/nixos/services/calibre-web/default.nix +++ b/modules/nixos/services/calibre-web/default.nix @@ -40,12 +40,12 @@ in # Set-up media group users.groups.media = { }; - my.services.nginx.virtualHosts = [ - { + my.services.nginx.virtualHosts = { + library = { subdomain = "library"; inherit (cfg) port; - } - ]; + }; + }; my.services.backup = { paths = [ diff --git a/modules/nixos/services/drone/server/default.nix b/modules/nixos/services/drone/server/default.nix index d651f85..2207765 100644 --- a/modules/nixos/services/drone/server/default.nix +++ b/modules/nixos/services/drone/server/default.nix @@ -45,11 +45,11 @@ in }]; }; - my.services.nginx.virtualHosts = [ - { + my.services.nginx.virtualHosts = { + drone = { subdomain = "drone"; inherit (cfg) port; - } - ]; + }; + }; }; } diff --git a/modules/nixos/services/flood/default.nix b/modules/nixos/services/flood/default.nix index ff5d941..e227dde 100644 --- a/modules/nixos/services/flood/default.nix +++ b/modules/nixos/services/flood/default.nix @@ -40,11 +40,11 @@ in }; }; - my.services.nginx.virtualHosts = [ - { + my.services.nginx.virtualHosts = { + flood = { subdomain = "flood"; inherit (cfg) port; - } - ]; + }; + }; }; } diff --git a/modules/nixos/services/gitea/default.nix b/modules/nixos/services/gitea/default.nix index 00ba941..4d5429e 100644 --- a/modules/nixos/services/gitea/default.nix +++ b/modules/nixos/services/gitea/default.nix @@ -116,18 +116,18 @@ in }; users.groups.git = { }; - my.services.nginx.virtualHosts = [ + my.services.nginx.virtualHosts = { # Proxy to Gitea - { + git = { subdomain = "git"; inherit (cfg) port; - } + }; # Redirect `gitea.` to actual forge subdomain - { + gitea = { subdomain = "gitea"; redirect = config.services.gitea.settings.server.ROOT_URL; - } - ]; + }; + }; my.services.backup = { paths = [ diff --git a/modules/nixos/services/indexers/default.nix b/modules/nixos/services/indexers/default.nix index fb06a0b..ff2d91c 100644 --- a/modules/nixos/services/indexers/default.nix +++ b/modules/nixos/services/indexers/default.nix @@ -28,12 +28,12 @@ in }; }; - my.services.nginx.virtualHosts = [ - { + my.services.nginx.virtualHosts = { + jackett = { subdomain = "jackett"; port = jackettPort; - } - ]; + }; + }; }) (lib.mkIf cfg.nzbhydra.enable { @@ -41,12 +41,12 @@ in enable = true; }; - my.services.nginx.virtualHosts = [ - { + my.services.nginx.virtualHosts = { + nzbhydra = { subdomain = "nzbhydra"; port = nzbhydraPort; - } - ]; + }; + }; }) (lib.mkIf cfg.prowlarr.enable { @@ -54,12 +54,12 @@ in enable = true; }; - my.services.nginx.virtualHosts = [ - { + my.services.nginx.virtualHosts = { + prowlarr = { subdomain = "prowlarr"; port = prowlarrPort; - } - ]; + }; + }; services.fail2ban.jails = { prowlarr = '' diff --git a/modules/nixos/services/jellyfin/default.nix b/modules/nixos/services/jellyfin/default.nix index 2fcf51e..326dab3 100644 --- a/modules/nixos/services/jellyfin/default.nix +++ b/modules/nixos/services/jellyfin/default.nix @@ -17,8 +17,8 @@ in # Set-up media group users.groups.media = { }; - my.services.nginx.virtualHosts = [ - { + my.services.nginx.virtualHosts = { + jellyfin = { subdomain = "jellyfin"; port = 8096; extraConfig = { @@ -33,7 +33,7 @@ in proxyWebsockets = true; }; }; - } - ]; + }; + }; }; } diff --git a/modules/nixos/services/lohr/default.nix b/modules/nixos/services/lohr/default.nix index 245567c..af292cc 100644 --- a/modules/nixos/services/lohr/default.nix +++ b/modules/nixos/services/lohr/default.nix @@ -98,11 +98,11 @@ in }; users.groups.lohr = { }; - my.services.nginx.virtualHosts = [ - { + my.services.nginx.virtualHosts = { + lohr = { subdomain = "lohr"; inherit (cfg) port; - } - ]; + }; + }; }; } diff --git a/modules/nixos/services/matrix/default.nix b/modules/nixos/services/matrix/default.nix index 52b60c5..3328747 100644 --- a/modules/nixos/services/matrix/default.nix +++ b/modules/nixos/services/matrix/default.nix @@ -117,9 +117,9 @@ in }; }; - my.services.nginx.virtualHosts = [ + my.services.nginx.virtualHosts = { # Element Web app deployment - { + chat = { subdomain = "chat"; root = pkgs.element-web.override { conf = { @@ -145,22 +145,22 @@ in }; }; }; - } + }; # Dummy VHosts for port collision detection - { + matrix-federation = { subdomain = "matrix-federation"; port = federationPort.private; - } - { + }; + matrix-client = { subdomain = "matrix-client"; port = clientPort.private; - } + }; # Sliding sync - { + matrix-sync = { subdomain = "matrix-sync"; inherit (cfg.slidingSync) port; - } - ]; + }; + }; # Those are too complicated to use my wrapper... services.nginx.virtualHosts = { diff --git a/modules/nixos/services/miniflux/default.nix b/modules/nixos/services/miniflux/default.nix index 6d9ffc8..07eb6f8 100644 --- a/modules/nixos/services/miniflux/default.nix +++ b/modules/nixos/services/miniflux/default.nix @@ -43,11 +43,11 @@ in }; }; - my.services.nginx.virtualHosts = [ - { + my.services.nginx.virtualHosts = { + reader = { subdomain = "reader"; inherit (cfg) port; - } - ]; + }; + }; }; } diff --git a/modules/nixos/services/monitoring/default.nix b/modules/nixos/services/monitoring/default.nix index 829bfe0..2f23ff0 100644 --- a/modules/nixos/services/monitoring/default.nix +++ b/modules/nixos/services/monitoring/default.nix @@ -125,11 +125,11 @@ in ]; }; - my.services.nginx.virtualHosts = [ - { + my.services.nginx.virtualHosts = { + monitoring = { subdomain = "monitoring"; inherit (cfg.grafana) port; - } - ]; + }; + }; }; } diff --git a/modules/nixos/services/navidrome/default.nix b/modules/nixos/services/navidrome/default.nix index 6c001fd..92f9fd2 100644 --- a/modules/nixos/services/navidrome/default.nix +++ b/modules/nixos/services/navidrome/default.nix @@ -47,11 +47,11 @@ in }; }; - my.services.nginx.virtualHosts = [ - { + my.services.nginx.virtualHosts = { + music = { subdomain = "music"; inherit (cfg) port; - } - ]; + }; + }; }; } diff --git a/modules/nixos/services/nginx/default.nix b/modules/nixos/services/nginx/default.nix index 6ca2e42..53c947b 100644 --- a/modules/nixos/services/nginx/default.nix +++ b/modules/nixos/services/nginx/default.nix @@ -97,19 +97,19 @@ in }; virtualHosts = mkOption { - type = types.listOf virtualHostOption; - default = [ ]; + type = types.attrsOf virtualHostOption; + default = { }; example = litteralExample '' - [ - { - subdomain = "gitea"; + { + gitea = { + subdomain = "git"; port = 8080; - } - { + }; + dev = { subdomain = "dev"; root = "/var/www/dev"; - } - { + }; + jellyfin = { subdomain = "jellyfin"; port = 8096; extraConfig = { @@ -118,8 +118,8 @@ in proxyWebsockets = true; }; }; - } - ] + }; + } ''; description = '' List of virtual hosts to set-up using default settings. @@ -190,7 +190,7 @@ in config = lib.mkIf cfg.enable { assertions = [ ] - ++ (lib.flip builtins.map cfg.virtualHosts ({ subdomain, ... } @ args: + ++ (lib.flip lib.mapAttrsToList cfg.virtualHosts (_: { subdomain, ... } @ args: let conflicts = [ "port" "root" "socket" "redirect" ]; optionsNotNull = builtins.map (v: args.${v} != null) conflicts; @@ -209,7 +209,7 @@ in ports = lib.my.mapFilter (v: v != null) ({ port, ... }: port) - cfg.virtualHosts; + (lib.attrValues cfg.virtualHosts); portCounts = lib.my.countValues ports; nonUniquesCounts = lib.filterAttrs (_: v: v != 1) portCounts; nonUniques = builtins.attrNames nonUniquesCounts; @@ -221,7 +221,7 @@ in map mkAssertion nonUniques ) ++ ( let - subs = map ({ subdomain, ... }: subdomain) cfg.virtualHosts; + subs = lib.mapAttrsToList (_: { subdomain, ... }: subdomain) cfg.virtualHosts; subsCounts = lib.my.countValues subs; nonUniquesCounts = lib.filterAttrs (_: v: v != 1) subsCounts; nonUniques = builtins.attrNames nonUniquesCounts; @@ -325,7 +325,7 @@ in ]) ); in - lib.my.genAttrs' cfg.virtualHosts mkVHost; + lib.my.genAttrs' (lib.attrValues cfg.virtualHosts) mkVHost; sso = { enable = true; @@ -403,12 +403,12 @@ in }; }; - my.services.nginx.virtualHosts = [ - { + my.services.nginx.virtualHosts = { + login = { subdomain = "login"; inherit (cfg.sso) port; - } - ]; + }; + }; networking.firewall.allowedTCPPorts = [ 80 443 ]; diff --git a/modules/nixos/services/nix-cache/default.nix b/modules/nixos/services/nix-cache/default.nix index b3bdbf3..5517a78 100644 --- a/modules/nixos/services/nix-cache/default.nix +++ b/modules/nixos/services/nix-cache/default.nix @@ -43,11 +43,11 @@ in signKeyPath = cfg.secretKeyFile; }; - my.services.nginx.virtualHosts = [ - { + my.services.nginx.virtualHosts = { + cache = { subdomain = "cache"; inherit (cfg) port; - } - ]; + }; + }; }; } diff --git a/modules/nixos/services/paperless/default.nix b/modules/nixos/services/paperless/default.nix index 90f6b0c..87a816a 100644 --- a/modules/nixos/services/paperless/default.nix +++ b/modules/nixos/services/paperless/default.nix @@ -143,8 +143,8 @@ in extraGroups = [ "media" ]; }; - my.services.nginx.virtualHosts = [ - { + my.services.nginx.virtualHosts = { + paperless = { subdomain = "paperless"; inherit (cfg) port; sso = { @@ -155,8 +155,8 @@ in extraConfig = { locations."/".proxyWebsockets = true; }; - } - ]; + }; + }; my.services.backup = { paths = [ diff --git a/modules/nixos/services/pirate/default.nix b/modules/nixos/services/pirate/default.nix index 59f9794..88a2250 100644 --- a/modules/nixos/services/pirate/default.nix +++ b/modules/nixos/services/pirate/default.nix @@ -21,12 +21,12 @@ let }; mkRedirection = service: { - my.services.nginx.virtualHosts = [ - { + my.services.nginx.virtualHosts = { + ${service} = { subdomain = service; port = ports.${service}; - } - ]; + }; + }; }; mkFail2Ban = service: lib.mkIf cfg.${service}.enable { diff --git a/modules/nixos/services/podgrab/default.nix b/modules/nixos/services/podgrab/default.nix index 9793d60..e59b20d 100644 --- a/modules/nixos/services/podgrab/default.nix +++ b/modules/nixos/services/podgrab/default.nix @@ -31,11 +31,11 @@ in inherit (cfg) passwordFile port; }; - my.services.nginx.virtualHosts = [ - { + my.services.nginx.virtualHosts = { + podgrab = { subdomain = "podgrab"; inherit (cfg) port; - } - ]; + }; + }; }; } diff --git a/modules/nixos/services/sabnzbd/default.nix b/modules/nixos/services/sabnzbd/default.nix index 7ab145f..42058e7 100644 --- a/modules/nixos/services/sabnzbd/default.nix +++ b/modules/nixos/services/sabnzbd/default.nix @@ -18,12 +18,12 @@ in # Set-up media group users.groups.media = { }; - my.services.nginx.virtualHosts = [ - { + my.services.nginx.virtualHosts = { + sabnzbd = { subdomain = "sabnzbd"; inherit port; - } - ]; + }; + }; services.fail2ban.jails = { sabnzbd = '' diff --git a/modules/nixos/services/tandoor-recipes/default.nix b/modules/nixos/services/tandoor-recipes/default.nix index 541e198..353fac3 100644 --- a/modules/nixos/services/tandoor-recipes/default.nix +++ b/modules/nixos/services/tandoor-recipes/default.nix @@ -70,11 +70,11 @@ in ]; }; - my.services.nginx.virtualHosts = [ - { + my.services.nginx.virtualHosts = { + recipes = { subdomain = "recipes"; inherit (cfg) port; - } - ]; + }; + }; }; } diff --git a/modules/nixos/services/transmission/default.nix b/modules/nixos/services/transmission/default.nix index 28df477..ce7f9e6 100644 --- a/modules/nixos/services/transmission/default.nix +++ b/modules/nixos/services/transmission/default.nix @@ -80,12 +80,12 @@ in # Default transmission webui, I prefer combustion but its development # seems to have stalled - my.services.nginx.virtualHosts = [ - { + my.services.nginx.virtualHosts = { + transmission = { subdomain = "transmission"; inherit (cfg) port; - } - ]; + }; + }; networking.firewall = { allowedTCPPorts = [ cfg.peerPort ]; diff --git a/modules/nixos/services/vikunja/default.nix b/modules/nixos/services/vikunja/default.nix index 8c051b0..425698d 100644 --- a/modules/nixos/services/vikunja/default.nix +++ b/modules/nixos/services/vikunja/default.nix @@ -59,8 +59,8 @@ in }; # This is a weird setup - my.services.nginx.virtualHosts = [ - { + my.services.nginx.virtualHosts = { + vikunja = { inherit subdomain; # Serve the root for the web-ui root = config.services.vikunja.package-frontend; @@ -80,8 +80,8 @@ in }; }; }; - } - ]; + }; + }; systemd.services.vikunja-api = { serviceConfig = { diff --git a/modules/nixos/services/woodpecker/server/default.nix b/modules/nixos/services/woodpecker/server/default.nix index cebbc9b..b5ec0d8 100644 --- a/modules/nixos/services/woodpecker/server/default.nix +++ b/modules/nixos/services/woodpecker/server/default.nix @@ -52,16 +52,16 @@ in }]; }; - my.services.nginx.virtualHosts = [ - { + my.services.nginx.virtualHosts = { + woodpecker = { subdomain = "woodpecker"; inherit (cfg) port; - } + }; # I might want to be able to RPC from other hosts in the future - { + woodpecker-rpc = { subdomain = "woodpecker-rpc"; port = cfg.rpcPort; - } - ]; + }; + }; }; } From b7a4bc063fb6b26064c1f626aa3bd1b3960c85b5 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 25 Dec 2023 19:28:53 +0100 Subject: [PATCH 10/32] nixos: services: nginx: add default subdomain In almost all cases, the subdomain should be the same as the attribute name... --- modules/nixos/services/nginx/default.nix | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/modules/nixos/services/nginx/default.nix b/modules/nixos/services/nginx/default.nix index 53c947b..e916c9c 100644 --- a/modules/nixos/services/nginx/default.nix +++ b/modules/nixos/services/nginx/default.nix @@ -5,10 +5,11 @@ let domain = config.networking.domain; - virtualHostOption = with lib; types.submodule { + virtualHostOption = with lib; types.submodule ({ name, ... }: { options = { subdomain = mkOption { type = types.str; + default = name; example = "dev"; description = '' Which subdomain, under config.networking.domain, to use @@ -72,7 +73,7 @@ let ''; }; }; - }; + }); in { imports = [ @@ -106,11 +107,9 @@ in port = 8080; }; dev = { - subdomain = "dev"; root = "/var/www/dev"; }; jellyfin = { - subdomain = "jellyfin"; port = 8096; extraConfig = { locations."/socket" = { From 6948424b81e41c4335c9ff13d95ce1534703d644 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 25 Dec 2023 19:42:20 +0100 Subject: [PATCH 11/32] nixos: services: remove redundant subdomains See previous commit for the defaults. --- modules/nixos/services/blog/default.nix | 1 - modules/nixos/services/calibre-web/default.nix | 1 - modules/nixos/services/drone/server/default.nix | 1 - modules/nixos/services/flood/default.nix | 1 - modules/nixos/services/gitea/default.nix | 2 -- modules/nixos/services/indexers/default.nix | 3 --- modules/nixos/services/jellyfin/default.nix | 1 - modules/nixos/services/lohr/default.nix | 1 - modules/nixos/services/matrix/default.nix | 4 ---- modules/nixos/services/miniflux/default.nix | 1 - modules/nixos/services/monitoring/default.nix | 1 - modules/nixos/services/navidrome/default.nix | 1 - modules/nixos/services/nginx/default.nix | 1 - modules/nixos/services/nix-cache/default.nix | 1 - modules/nixos/services/paperless/default.nix | 1 - modules/nixos/services/pirate/default.nix | 1 - modules/nixos/services/podgrab/default.nix | 1 - modules/nixos/services/sabnzbd/default.nix | 1 - modules/nixos/services/tandoor-recipes/default.nix | 1 - modules/nixos/services/transmission/default.nix | 1 - modules/nixos/services/vikunja/default.nix | 3 +-- modules/nixos/services/woodpecker/server/default.nix | 2 -- 22 files changed, 1 insertion(+), 30 deletions(-) diff --git a/modules/nixos/services/blog/default.nix b/modules/nixos/services/blog/default.nix index 38ada5e..3e68df2 100644 --- a/modules/nixos/services/blog/default.nix +++ b/modules/nixos/services/blog/default.nix @@ -5,7 +5,6 @@ let domain = config.networking.domain; makeHostInfo = subdomain: { - inherit subdomain; root = "/var/www/${subdomain}"; }; diff --git a/modules/nixos/services/calibre-web/default.nix b/modules/nixos/services/calibre-web/default.nix index fe53b7e..b7bf9df 100644 --- a/modules/nixos/services/calibre-web/default.nix +++ b/modules/nixos/services/calibre-web/default.nix @@ -42,7 +42,6 @@ in my.services.nginx.virtualHosts = { library = { - subdomain = "library"; inherit (cfg) port; }; }; diff --git a/modules/nixos/services/drone/server/default.nix b/modules/nixos/services/drone/server/default.nix index 2207765..a3a1e49 100644 --- a/modules/nixos/services/drone/server/default.nix +++ b/modules/nixos/services/drone/server/default.nix @@ -47,7 +47,6 @@ in my.services.nginx.virtualHosts = { drone = { - subdomain = "drone"; inherit (cfg) port; }; }; diff --git a/modules/nixos/services/flood/default.nix b/modules/nixos/services/flood/default.nix index e227dde..155e73d 100644 --- a/modules/nixos/services/flood/default.nix +++ b/modules/nixos/services/flood/default.nix @@ -42,7 +42,6 @@ in my.services.nginx.virtualHosts = { flood = { - subdomain = "flood"; inherit (cfg) port; }; }; diff --git a/modules/nixos/services/gitea/default.nix b/modules/nixos/services/gitea/default.nix index 4d5429e..4a8a3bb 100644 --- a/modules/nixos/services/gitea/default.nix +++ b/modules/nixos/services/gitea/default.nix @@ -119,12 +119,10 @@ in my.services.nginx.virtualHosts = { # Proxy to Gitea git = { - subdomain = "git"; inherit (cfg) port; }; # Redirect `gitea.` to actual forge subdomain gitea = { - subdomain = "gitea"; redirect = config.services.gitea.settings.server.ROOT_URL; }; }; diff --git a/modules/nixos/services/indexers/default.nix b/modules/nixos/services/indexers/default.nix index ff2d91c..8a42345 100644 --- a/modules/nixos/services/indexers/default.nix +++ b/modules/nixos/services/indexers/default.nix @@ -30,7 +30,6 @@ in my.services.nginx.virtualHosts = { jackett = { - subdomain = "jackett"; port = jackettPort; }; }; @@ -43,7 +42,6 @@ in my.services.nginx.virtualHosts = { nzbhydra = { - subdomain = "nzbhydra"; port = nzbhydraPort; }; }; @@ -56,7 +54,6 @@ in my.services.nginx.virtualHosts = { prowlarr = { - subdomain = "prowlarr"; port = prowlarrPort; }; }; diff --git a/modules/nixos/services/jellyfin/default.nix b/modules/nixos/services/jellyfin/default.nix index 326dab3..9efe11e 100644 --- a/modules/nixos/services/jellyfin/default.nix +++ b/modules/nixos/services/jellyfin/default.nix @@ -19,7 +19,6 @@ in my.services.nginx.virtualHosts = { jellyfin = { - subdomain = "jellyfin"; port = 8096; extraConfig = { locations."/" = { diff --git a/modules/nixos/services/lohr/default.nix b/modules/nixos/services/lohr/default.nix index af292cc..dd4eea8 100644 --- a/modules/nixos/services/lohr/default.nix +++ b/modules/nixos/services/lohr/default.nix @@ -100,7 +100,6 @@ in my.services.nginx.virtualHosts = { lohr = { - subdomain = "lohr"; inherit (cfg) port; }; }; diff --git a/modules/nixos/services/matrix/default.nix b/modules/nixos/services/matrix/default.nix index 3328747..bd2a017 100644 --- a/modules/nixos/services/matrix/default.nix +++ b/modules/nixos/services/matrix/default.nix @@ -120,7 +120,6 @@ in my.services.nginx.virtualHosts = { # Element Web app deployment chat = { - subdomain = "chat"; root = pkgs.element-web.override { conf = { default_server_config = { @@ -148,16 +147,13 @@ in }; # Dummy VHosts for port collision detection matrix-federation = { - subdomain = "matrix-federation"; port = federationPort.private; }; matrix-client = { - subdomain = "matrix-client"; port = clientPort.private; }; # Sliding sync matrix-sync = { - subdomain = "matrix-sync"; inherit (cfg.slidingSync) port; }; }; diff --git a/modules/nixos/services/miniflux/default.nix b/modules/nixos/services/miniflux/default.nix index 07eb6f8..5104c8b 100644 --- a/modules/nixos/services/miniflux/default.nix +++ b/modules/nixos/services/miniflux/default.nix @@ -45,7 +45,6 @@ in my.services.nginx.virtualHosts = { reader = { - subdomain = "reader"; inherit (cfg) port; }; }; diff --git a/modules/nixos/services/monitoring/default.nix b/modules/nixos/services/monitoring/default.nix index 2f23ff0..49919c1 100644 --- a/modules/nixos/services/monitoring/default.nix +++ b/modules/nixos/services/monitoring/default.nix @@ -127,7 +127,6 @@ in my.services.nginx.virtualHosts = { monitoring = { - subdomain = "monitoring"; inherit (cfg.grafana) port; }; }; diff --git a/modules/nixos/services/navidrome/default.nix b/modules/nixos/services/navidrome/default.nix index 92f9fd2..944a97a 100644 --- a/modules/nixos/services/navidrome/default.nix +++ b/modules/nixos/services/navidrome/default.nix @@ -49,7 +49,6 @@ in my.services.nginx.virtualHosts = { music = { - subdomain = "music"; inherit (cfg) port; }; }; diff --git a/modules/nixos/services/nginx/default.nix b/modules/nixos/services/nginx/default.nix index e916c9c..ae6c0dc 100644 --- a/modules/nixos/services/nginx/default.nix +++ b/modules/nixos/services/nginx/default.nix @@ -404,7 +404,6 @@ in my.services.nginx.virtualHosts = { login = { - subdomain = "login"; inherit (cfg.sso) port; }; }; diff --git a/modules/nixos/services/nix-cache/default.nix b/modules/nixos/services/nix-cache/default.nix index 5517a78..1ce3161 100644 --- a/modules/nixos/services/nix-cache/default.nix +++ b/modules/nixos/services/nix-cache/default.nix @@ -45,7 +45,6 @@ in my.services.nginx.virtualHosts = { cache = { - subdomain = "cache"; inherit (cfg) port; }; }; diff --git a/modules/nixos/services/paperless/default.nix b/modules/nixos/services/paperless/default.nix index 87a816a..c40e895 100644 --- a/modules/nixos/services/paperless/default.nix +++ b/modules/nixos/services/paperless/default.nix @@ -145,7 +145,6 @@ in my.services.nginx.virtualHosts = { paperless = { - subdomain = "paperless"; inherit (cfg) port; sso = { enable = true; diff --git a/modules/nixos/services/pirate/default.nix b/modules/nixos/services/pirate/default.nix index 88a2250..e500b54 100644 --- a/modules/nixos/services/pirate/default.nix +++ b/modules/nixos/services/pirate/default.nix @@ -23,7 +23,6 @@ let mkRedirection = service: { my.services.nginx.virtualHosts = { ${service} = { - subdomain = service; port = ports.${service}; }; }; diff --git a/modules/nixos/services/podgrab/default.nix b/modules/nixos/services/podgrab/default.nix index e59b20d..5ceebb6 100644 --- a/modules/nixos/services/podgrab/default.nix +++ b/modules/nixos/services/podgrab/default.nix @@ -33,7 +33,6 @@ in my.services.nginx.virtualHosts = { podgrab = { - subdomain = "podgrab"; inherit (cfg) port; }; }; diff --git a/modules/nixos/services/sabnzbd/default.nix b/modules/nixos/services/sabnzbd/default.nix index 42058e7..9e0d9c3 100644 --- a/modules/nixos/services/sabnzbd/default.nix +++ b/modules/nixos/services/sabnzbd/default.nix @@ -20,7 +20,6 @@ in my.services.nginx.virtualHosts = { sabnzbd = { - subdomain = "sabnzbd"; inherit port; }; }; diff --git a/modules/nixos/services/tandoor-recipes/default.nix b/modules/nixos/services/tandoor-recipes/default.nix index 353fac3..f5dc2db 100644 --- a/modules/nixos/services/tandoor-recipes/default.nix +++ b/modules/nixos/services/tandoor-recipes/default.nix @@ -72,7 +72,6 @@ in my.services.nginx.virtualHosts = { recipes = { - subdomain = "recipes"; inherit (cfg) port; }; }; diff --git a/modules/nixos/services/transmission/default.nix b/modules/nixos/services/transmission/default.nix index ce7f9e6..aeb88b7 100644 --- a/modules/nixos/services/transmission/default.nix +++ b/modules/nixos/services/transmission/default.nix @@ -82,7 +82,6 @@ in # seems to have stalled my.services.nginx.virtualHosts = { transmission = { - subdomain = "transmission"; inherit (cfg) port; }; }; diff --git a/modules/nixos/services/vikunja/default.nix b/modules/nixos/services/vikunja/default.nix index 425698d..9767d00 100644 --- a/modules/nixos/services/vikunja/default.nix +++ b/modules/nixos/services/vikunja/default.nix @@ -60,8 +60,7 @@ in # This is a weird setup my.services.nginx.virtualHosts = { - vikunja = { - inherit subdomain; + ${subdomain} = { # Serve the root for the web-ui root = config.services.vikunja.package-frontend; diff --git a/modules/nixos/services/woodpecker/server/default.nix b/modules/nixos/services/woodpecker/server/default.nix index b5ec0d8..f02a5c5 100644 --- a/modules/nixos/services/woodpecker/server/default.nix +++ b/modules/nixos/services/woodpecker/server/default.nix @@ -54,12 +54,10 @@ in my.services.nginx.virtualHosts = { woodpecker = { - subdomain = "woodpecker"; inherit (cfg) port; }; # I might want to be able to RPC from other hosts in the future woodpecker-rpc = { - subdomain = "woodpecker-rpc"; port = cfg.rpcPort; }; }; From 71ee178510edc5d66b07bd53b58ba85a7591bbfe Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 25 Dec 2023 19:43:44 +0100 Subject: [PATCH 12/32] nixos: services: nginx: fix SSO subdomain --- modules/nixos/services/nginx/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/services/nginx/default.nix b/modules/nixos/services/nginx/default.nix index ae6c0dc..7980ad9 100644 --- a/modules/nixos/services/nginx/default.nix +++ b/modules/nixos/services/nginx/default.nix @@ -403,7 +403,7 @@ in }; my.services.nginx.virtualHosts = { - login = { + ${cfg.sso.subdomain} = { inherit (cfg.sso) port; }; }; From 932717b7548ae5f7a7fdec3e7e2d78d0fca6ef68 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 26 Dec 2023 15:17:03 +0100 Subject: [PATCH 13/32] nixos: services: jellyfin: loosen umask I just noticed that all the metadata files Jellyfin stores have very restrictive ACLs. The whole point of the `media` group is to make my HTPC eco-system work together. In particular this should allow Sonarr and friends to delete folders without manual intervention. --- modules/nixos/services/jellyfin/default.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/modules/nixos/services/jellyfin/default.nix b/modules/nixos/services/jellyfin/default.nix index 9efe11e..f5aaa99 100644 --- a/modules/nixos/services/jellyfin/default.nix +++ b/modules/nixos/services/jellyfin/default.nix @@ -17,6 +17,13 @@ in # Set-up media group users.groups.media = { }; + systemd.services.jellyfin = { + serviceConfig = { + # Loose umask to make Jellyfin metadata more broadly readable + UMask = lib.mkForce "0002"; + }; + }; + my.services.nginx.virtualHosts = { jellyfin = { port = 8096; From 39eba647acacdf2bb2aafb00be694fa5c2e0726f Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 3 Jan 2024 14:15:42 +0000 Subject: [PATCH 14/32] hosts: nixos: aramis: home: use 'pinentry-qt' The GTK2 variant has been removed [1]. I may revise this in the future if [2] is merged (I'd like to try `pinentry-rofi` [3]). [1]: https://github.com/NixOS/nixpkgs/pull/270266 [2]: https://github.com/NixOS/nixpkgs/pull/277221 [3]: https://github.com/plattfot/pinentry-rofi --- hosts/nixos/aramis/home.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hosts/nixos/aramis/home.nix b/hosts/nixos/aramis/home.nix index 66a0892..dfe9dbe 100644 --- a/hosts/nixos/aramis/home.nix +++ b/hosts/nixos/aramis/home.nix @@ -2,7 +2,7 @@ { my.home = { # Use graphical pinentry - bitwarden.pinentry = "gtk2"; + bitwarden.pinentry = "qt"; # Ebook library calibre.enable = true; # Some amount of social life @@ -14,7 +14,7 @@ # Blue light filter gammastep.enable = true; # Use a small popup to enter passwords - gpg.pinentry = "gtk2"; + gpg.pinentry = "qt"; # Machine specific packages packages.additionalPackages = with pkgs; [ element-desktop # Matrix client From a93dc2935bd81f3583182c34e74231b4a1fb960f Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 3 Jan 2024 14:00:58 +0000 Subject: [PATCH 15/32] flake: add explicit 'systems' input --- flake.lock | 8 ++++++-- flake.nix | 10 ++++++++++ 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/flake.lock b/flake.lock index adff398..ef07b15 100644 --- a/flake.lock +++ b/flake.lock @@ -86,7 +86,9 @@ }, "futils": { "inputs": { - "systems": "systems" + "systems": [ + "systems" + ] }, "locked": { "lastModified": 1701680307, @@ -214,7 +216,8 @@ "home-manager": "home-manager", "nixpkgs": "nixpkgs", "nur": "nur", - "pre-commit-hooks": "pre-commit-hooks" + "pre-commit-hooks": "pre-commit-hooks", + "systems": "systems" } }, "systems": { @@ -228,6 +231,7 @@ }, "original": { "owner": "nix-systems", + "ref": "main", "repo": "default", "type": "github" } diff --git a/flake.nix b/flake.nix index 8e46ea3..85fafbb 100644 --- a/flake.nix +++ b/flake.nix @@ -27,6 +27,9 @@ owner = "numtide"; repo = "flake-utils"; ref = "main"; + inputs = { + systems.follows = "systems"; + }; }; home-manager = { @@ -64,6 +67,13 @@ nixpkgs-stable.follows = "nixpkgs"; }; }; + + systems = { + type = "github"; + owner = "nix-systems"; + repo = "default"; + ref = "main"; + }; }; # Can't eta-reduce a flake outputs... From e02da7ec693b1a5f9e0119fed1f564ec01025c50 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 3 Jan 2024 14:05:46 +0000 Subject: [PATCH 16/32] flake: bump inputs --- flake.lock | 45 ++++++++++++++++++++++++--------------------- flake.nix | 1 + 2 files changed, 25 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index ef07b15..5e4a413 100644 --- a/flake.lock +++ b/flake.lock @@ -8,14 +8,17 @@ ], "nixpkgs": [ "nixpkgs" + ], + "systems": [ + "systems" ] }, "locked": { - "lastModified": 1701216516, - "narHash": "sha256-jKSeJn+7hZ1dZdiH1L+NWUGT2i/BGomKAJ54B9kT06Q=", + "lastModified": 1703433843, + "narHash": "sha256-nmtA4KqFboWxxoOAA6Y1okHbZh+HsXaMPFkYHsoDRDw=", "owner": "ryantm", "repo": "agenix", - "rev": "13ac9ac6d68b9a0896e3d43a082947233189e247", + "rev": "417caa847f9383e111d1397039c9d4337d024bf0", "type": "github" }, "original": { @@ -33,11 +36,11 @@ ] }, "locked": { - "lastModified": 1673295039, - "narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=", + "lastModified": 1700795494, + "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "87b9d090ad39b25b2400029c64825fc2a8868943", + "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", "type": "github" }, "original": { @@ -70,11 +73,11 @@ ] }, "locked": { - "lastModified": 1701473968, - "narHash": "sha256-YcVE5emp1qQ8ieHUnxt1wCZCC3ZfAS+SRRWZ2TMda7E=", + "lastModified": 1704152458, + "narHash": "sha256-DS+dGw7SKygIWf9w4eNBUZsK+4Ug27NwEWmn2tnbycg=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "34fed993f1674c8d06d58b37ce1e0fe5eebcb9f5", + "rev": "88a2cd8166694ba0b6cb374700799cec53aef527", "type": "github" }, "original": { @@ -133,11 +136,11 @@ ] }, "locked": { - "lastModified": 1702538064, - "narHash": "sha256-At5GwJPu2tzvS9dllhBoZmqK6lkkh/sOp2YefWRlaL8=", + "lastModified": 1704276313, + "narHash": "sha256-4eD4RaAKHLj0ztw5pQcNFs3hGpxrsYb0e9Qir+Ute+w=", "owner": "nix-community", "repo": "home-manager", - "rev": "0e2e443ff24f9d75925e91b89d1da44b863734af", + "rev": "4d8f90205c6c90be2e81d94d0e5eedf71c1ba34e", "type": "github" }, "original": { @@ -149,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1702312524, - "narHash": "sha256-gkZJRDBUCpTPBvQk25G0B7vfbpEYM5s5OZqghkjZsnE=", + "lastModified": 1703961334, + "narHash": "sha256-M1mV/Cq+pgjk0rt6VxoyyD+O8cOUiai8t9Q6Yyq4noY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a9bf124c46ef298113270b1f84a164865987a91c", + "rev": "b0d36bd0a420ecee3bc916c91886caca87c894e9", "type": "github" }, "original": { @@ -165,11 +168,11 @@ }, "nur": { "locked": { - "lastModified": 1702558663, - "narHash": "sha256-MHq/DdwsBwsTRqwFg1JuFtcoGArgvaH/XwbxgWQ4Zn0=", + "lastModified": 1704289500, + "narHash": "sha256-SMoojjdEMgf6GtPh5vzofdeev4nyM+vBi2J6Z/Sufco=", "owner": "nix-community", "repo": "NUR", - "rev": "b839a2bae27c0c14dd99dcc1f6d18f83b0af59bd", + "rev": "a18213c74e43dd6e941c41d77382377938c77caf", "type": "github" }, "original": { @@ -194,11 +197,11 @@ ] }, "locked": { - "lastModified": 1702456155, - "narHash": "sha256-I2XhXGAecdGlqi6hPWYT83AQtMgL+aa3ulA85RAEgOk=", + "lastModified": 1703939133, + "narHash": "sha256-Gxe+mfOT6bL7wLC/tuT2F+V+Sb44jNr8YsJ3cyIl4Mo=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "007a45d064c1c32d04e1b8a0de5ef00984c419bc", + "rev": "9d3d7e18c6bc4473d7520200d4ddab12f8402d38", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 85fafbb..9c29183 100644 --- a/flake.nix +++ b/flake.nix @@ -9,6 +9,7 @@ inputs = { home-manager.follows = "home-manager"; nixpkgs.follows = "nixpkgs"; + systems.follows = "systems"; }; }; From bddcab110d2e85679b10ba6f7b058ac18e79bced Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 3 Jan 2024 15:58:34 +0000 Subject: [PATCH 17/32] pkgs: matrix-notifier: 0.3.0 -> 0.4.0 --- pkgs/matrix-notifier/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/matrix-notifier/default.nix b/pkgs/matrix-notifier/default.nix index a96cb61..aba093f 100644 --- a/pkgs/matrix-notifier/default.nix +++ b/pkgs/matrix-notifier/default.nix @@ -1,13 +1,13 @@ { lib, curl, jq, fetchFromGitHub, makeWrapper, pandoc, stdenvNoCC }: stdenvNoCC.mkDerivation rec { pname = "matrix-notifier"; - version = "0.3.0"; + version = "0.4.0"; src = fetchFromGitHub { owner = "ambroisie"; repo = "matrix-notifier"; rev = "v${version}"; - hash = "sha256-NE9RO0ep2ibrT9EUPGTnUE3ofdNTCHwelxnX9tCflg0="; + hash = "sha256-6KHteQx0bHodpNp7cuUIGM7uBRPaj386n2t5yz6umpY="; }; nativeBuildInputs = [ From 9546c00124edd4723ab1188d16c53ed3097b2d43 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 5 Jan 2024 10:59:45 +0000 Subject: [PATCH 18/32] home: vim: ftdetect: fix obsolete comment --- modules/home/vim/ftdetect/automake.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/vim/ftdetect/automake.lua b/modules/home/vim/ftdetect/automake.lua index cfa15d2..68a30ed 100644 --- a/modules/home/vim/ftdetect/automake.lua +++ b/modules/home/vim/ftdetect/automake.lua @@ -1,4 +1,4 @@ --- Use Automake filetype for `local.am` files, explicit `set` to force override +-- Use Automake filetype for `local.am` files vim.filetype.add({ filename = { ["local.am"] = "automake", From b8b64bed8e4b3d8d109e7dcf38f69a4242142ec3 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 5 Jan 2024 10:59:58 +0000 Subject: [PATCH 19/32] home: vim: ftdetect: add glsl --- modules/home/vim/ftdetect/glsl.lua | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 modules/home/vim/ftdetect/glsl.lua diff --git a/modules/home/vim/ftdetect/glsl.lua b/modules/home/vim/ftdetect/glsl.lua new file mode 100644 index 0000000..2f4f1dd --- /dev/null +++ b/modules/home/vim/ftdetect/glsl.lua @@ -0,0 +1,7 @@ +-- Use GLSL filetype for common shader file extensions +vim.filetype.add({ + extension = { + frag = "glsl", + vert = "glsl", + }, +}) From e4f8214cb2edcb7edc188550bc1242ae79c377e6 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 3 Jan 2024 23:36:14 +0100 Subject: [PATCH 20/32] modules: services: nextcloud: bump to 28 --- modules/nixos/services/nextcloud/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/services/nextcloud/default.nix b/modules/nixos/services/nextcloud/default.nix index 65b7234..4c0e6a8 100644 --- a/modules/nixos/services/nextcloud/default.nix +++ b/modules/nixos/services/nextcloud/default.nix @@ -31,7 +31,7 @@ in config = lib.mkIf cfg.enable { services.nextcloud = { enable = true; - package = pkgs.nextcloud27; + package = pkgs.nextcloud28; hostName = "nextcloud.${config.networking.domain}"; home = "/var/lib/nextcloud"; maxUploadSize = cfg.maxSize; From 10a30551361cc81dfe7bc20590897713f053eff6 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 3 Jan 2024 23:36:59 +0100 Subject: [PATCH 21/32] nixos: services: nextcloud: fix deprecated option --- modules/nixos/services/nextcloud/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/modules/nixos/services/nextcloud/default.nix b/modules/nixos/services/nextcloud/default.nix index 4c0e6a8..a962d12 100644 --- a/modules/nixos/services/nextcloud/default.nix +++ b/modules/nixos/services/nextcloud/default.nix @@ -41,6 +41,9 @@ in adminpassFile = cfg.passwordFile; dbtype = "pgsql"; dbhost = "/run/postgresql"; + }; + + extraOptions = { overwriteProtocol = "https"; # Nginx only allows SSL }; From 136bd342ff03526eccab877809087b249b0f339b Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 3 Jan 2024 23:37:27 +0100 Subject: [PATCH 22/32] nixos: services: matrix: fix deprecated option --- modules/nixos/services/matrix/default.nix | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/modules/nixos/services/matrix/default.nix b/modules/nixos/services/matrix/default.nix index bd2a017..b958f76 100644 --- a/modules/nixos/services/matrix/default.nix +++ b/modules/nixos/services/matrix/default.nix @@ -104,17 +104,17 @@ in extraConfigFiles = [ cfg.mailConfigFile ] ++ lib.optional (cfg.secretFile != null) cfg.secretFile; + }; - sliding-sync = { - enable = true; + services.matrix-sliding-sync = { + enable = true; - settings = { - SYNCV3_SERVER = "https://${matrixDomain}"; - SYNCV3_BINDADDR = "127.0.0.1:${toString cfg.slidingSync.port}"; - }; - - environmentFile = cfg.slidingSync.secretFile; + settings = { + SYNCV3_SERVER = "https://${matrixDomain}"; + SYNCV3_BINDADDR = "127.0.0.1:${toString cfg.slidingSync.port}"; }; + + environmentFile = cfg.slidingSync.secretFile; }; my.services.nginx.virtualHosts = { @@ -181,7 +181,7 @@ in # Sliding sync "~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync)" = { - proxyPass = "http://${config.services.matrix-synapse.sliding-sync.settings.SYNCV3_BINDADDR}"; + proxyPass = "http://${config.services.matrix-sliding-sync.settings.SYNCV3_BINDADDR}"; }; }; From a5c57333cf2c26c2746d4f109d72f484fd873e5e Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 15 Jan 2024 10:14:35 +0000 Subject: [PATCH 23/32] hosts: homes: bazin: fix typo --- hosts/homes/ambroisie@bazin/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/homes/ambroisie@bazin/default.nix b/hosts/homes/ambroisie@bazin/default.nix index 4490c51..a969d8a 100644 --- a/hosts/homes/ambroisie@bazin/default.nix +++ b/hosts/homes/ambroisie@bazin/default.nix @@ -1,4 +1,4 @@ -# Google Cloudtop configuration +# Google Laptop configuration { lib, pkgs, ... }: { services.gpg-agent.enable = lib.mkForce false; From 629ec539c912bb3a35d7e90e8cbbdf8390338ccc Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 15 Jan 2024 16:50:38 +0000 Subject: [PATCH 24/32] nixos: services: nextcloud: fix typo --- modules/nixos/services/nextcloud/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/services/nextcloud/default.nix b/modules/nixos/services/nextcloud/default.nix index a962d12..f2ac8e3 100644 --- a/modules/nixos/services/nextcloud/default.nix +++ b/modules/nixos/services/nextcloud/default.nix @@ -44,7 +44,7 @@ in }; extraOptions = { - overwriteProtocol = "https"; # Nginx only allows SSL + overwriteprotocol = "https"; # Nginx only allows SSL }; notify_push = { From dca6a9018bd0007426d3f95bda3ebd5b0a55880b Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 16 Jan 2024 17:17:43 +0000 Subject: [PATCH 25/32] home: vim: ftdetect: add gn --- modules/home/vim/ftdetect/gn.lua | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 modules/home/vim/ftdetect/gn.lua diff --git a/modules/home/vim/ftdetect/gn.lua b/modules/home/vim/ftdetect/gn.lua new file mode 100644 index 0000000..37d772e --- /dev/null +++ b/modules/home/vim/ftdetect/gn.lua @@ -0,0 +1,7 @@ +-- Use GN filetype for Chromium Generate Ninja files +vim.filetype.add({ + extension = { + gn = "gn", + gni = "gn", + }, +}) From 13f20a28eb765b0daef11ec5af5ac3dffb46885e Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 16 Jan 2024 17:25:41 +0000 Subject: [PATCH 26/32] home: vim: add gn ftplugin --- modules/home/vim/after/ftplugin/gn.vim | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 modules/home/vim/after/ftplugin/gn.vim diff --git a/modules/home/vim/after/ftplugin/gn.vim b/modules/home/vim/after/ftplugin/gn.vim new file mode 100644 index 0000000..0cec9df --- /dev/null +++ b/modules/home/vim/after/ftplugin/gn.vim @@ -0,0 +1,6 @@ +" Create the `b:undo_ftplugin` variable if it doesn't exist +call ftplugined#check_undo_ft() + +" Set comment string, as it seems that no official GN support exists upstream +setlocal commentstring=#\ %s +let b:undo_ftplugin.='|setlocal commentstring<' From 309c344a3431d710e73ca6fc92890c46afc48591 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 22 Jan 2024 17:50:38 +0100 Subject: [PATCH 27/32] flake: bump inputs --- flake.lock | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/flake.lock b/flake.lock index 5e4a413..acf6c48 100644 --- a/flake.lock +++ b/flake.lock @@ -53,11 +53,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1673956053, - "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", "owner": "edolstra", "repo": "flake-compat", - "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", "type": "github" }, "original": { @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1704152458, - "narHash": "sha256-DS+dGw7SKygIWf9w4eNBUZsK+4Ug27NwEWmn2tnbycg=", + "lastModified": 1704982712, + "narHash": "sha256-2Ptt+9h8dczgle2Oo6z5ni5rt/uLMG47UFTR1ry/wgg=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "88a2cd8166694ba0b6cb374700799cec53aef527", + "rev": "07f6395285469419cf9d078f59b5b49993198c00", "type": "github" }, "original": { @@ -94,11 +94,11 @@ ] }, "locked": { - "lastModified": 1701680307, - "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", + "lastModified": 1705309234, + "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", "owner": "numtide", "repo": "flake-utils", - "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", + "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", "type": "github" }, "original": { @@ -116,11 +116,11 @@ ] }, "locked": { - "lastModified": 1660459072, - "narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=", + "lastModified": 1703887061, + "narHash": "sha256-gGPa9qWNc6eCXT/+Z5/zMkyYOuRZqeFZBDbopNZQkuY=", "owner": "hercules-ci", "repo": "gitignore.nix", - "rev": "a20de23b925fd8264fd7fad6454652e142fd7f73", + "rev": "43e1aa1308018f37118e34d3a9cb4f5e75dc11d5", "type": "github" }, "original": { @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1704276313, - "narHash": "sha256-4eD4RaAKHLj0ztw5pQcNFs3hGpxrsYb0e9Qir+Ute+w=", + "lastModified": 1705879479, + "narHash": "sha256-ZIohbyly1KOe+8I3gdyNKgVN/oifKdmeI0DzMfytbtg=", "owner": "nix-community", "repo": "home-manager", - "rev": "4d8f90205c6c90be2e81d94d0e5eedf71c1ba34e", + "rev": "2d47379ad591bcb14ca95a90b6964b8305f6c913", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1703961334, - "narHash": "sha256-M1mV/Cq+pgjk0rt6VxoyyD+O8cOUiai8t9Q6Yyq4noY=", + "lastModified": 1705856552, + "narHash": "sha256-JXfnuEf5Yd6bhMs/uvM67/joxYKoysyE3M2k6T3eWbg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b0d36bd0a420ecee3bc916c91886caca87c894e9", + "rev": "612f97239e2cc474c13c9dafa0df378058c5ad8d", "type": "github" }, "original": { @@ -168,11 +168,11 @@ }, "nur": { "locked": { - "lastModified": 1704289500, - "narHash": "sha256-SMoojjdEMgf6GtPh5vzofdeev4nyM+vBi2J6Z/Sufco=", + "lastModified": 1705927265, + "narHash": "sha256-eUUIBb3qYMrQB0ONGEj2kzKN8yzqwDmR4+Ct5/dvJcs=", "owner": "nix-community", "repo": "NUR", - "rev": "a18213c74e43dd6e941c41d77382377938c77caf", + "rev": "a29c6f71063d0ce903e927fa7885651c00abd33b", "type": "github" }, "original": { @@ -197,11 +197,11 @@ ] }, "locked": { - "lastModified": 1703939133, - "narHash": "sha256-Gxe+mfOT6bL7wLC/tuT2F+V+Sb44jNr8YsJ3cyIl4Mo=", + "lastModified": 1705757126, + "narHash": "sha256-Eksr+n4Q8EYZKAN0Scef5JK4H6FcHc+TKNHb95CWm+c=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "9d3d7e18c6bc4473d7520200d4ddab12f8402d38", + "rev": "f56597d53fd174f796b5a7d3ee0b494f9e2285cc", "type": "github" }, "original": { From b33938e8251a17e298ea5fb36c575dcf0eb0df6c Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 22 Jan 2024 16:57:18 +0000 Subject: [PATCH 28/32] nixos: services: paperless: rename settings option --- modules/nixos/services/paperless/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/services/paperless/default.nix b/modules/nixos/services/paperless/default.nix index c40e895..f528ad7 100644 --- a/modules/nixos/services/paperless/default.nix +++ b/modules/nixos/services/paperless/default.nix @@ -52,7 +52,7 @@ in mediaDir = lib.mkIf (cfg.documentPath != null) cfg.documentPath; - extraConfig = + settings = let paperlessDomain = "paperless.${config.networking.domain}"; in From 5cb67cf040c8defbbbc03daf57f89a741c828ce5 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 26 Jan 2024 23:25:59 +0100 Subject: [PATCH 29/32] hosts: nixos: porthos: secrets: rekey secrets Some of the secrets were using an invalid format due to (probably?) being encrypted with a beta version of `age`. I didn't need to rekey *all* the secrets, but I might as well --- hosts/nixos/porthos/secrets/acme/dns-key.age | 16 +++++++--------- .../porthos/secrets/backup/credentials.age | Bin 453 -> 409 bytes .../nixos/porthos/secrets/backup/password.age | 13 ++++++------- hosts/nixos/porthos/secrets/drone/gitea.age | Bin 575 -> 494 bytes hosts/nixos/porthos/secrets/drone/secret.age | 14 ++++++-------- .../porthos/secrets/drone/ssh/private-key.age | Bin 3799 -> 3703 bytes .../porthos/secrets/gitea/mail-password.age | 14 ++++++-------- hosts/nixos/porthos/secrets/lohr/secret.age | Bin 438 -> 367 bytes hosts/nixos/porthos/secrets/lohr/ssh-key.age | Bin 839 -> 733 bytes hosts/nixos/porthos/secrets/matrix/mail.age | 16 ++++++++-------- hosts/nixos/porthos/secrets/matrix/secret.age | Bin 478 -> 417 bytes .../secrets/matrix/sliding-sync-secret.age | 15 +++++++-------- .../porthos/secrets/miniflux/credentials.age | Bin 477 -> 395 bytes .../porthos/secrets/monitoring/password.age | 17 ++++++++--------- .../porthos/secrets/monitoring/secret-key.age | Bin 507 -> 355 bytes .../porthos/secrets/nextcloud/password.age | Bin 440 -> 355 bytes .../porthos/secrets/nix-cache/cache-key.age | Bin 501 -> 428 bytes .../porthos/secrets/paperless/password.age | 16 +++++++--------- .../porthos/secrets/paperless/secret-key.age | 15 ++++++--------- .../porthos/secrets/podgrab/password.age | 14 ++++++-------- .../secrets/sso/ambroisie/password-hash.age | Bin 459 -> 383 bytes .../secrets/sso/ambroisie/totp-secret.age | Bin 442 -> 375 bytes hosts/nixos/porthos/secrets/sso/auth-key.age | Bin 483 -> 451 bytes .../secrets/tandoor-recipes/secret-key.age | Bin 496 -> 398 bytes .../secrets/transmission/credentials.age | 16 +++++++--------- hosts/nixos/porthos/secrets/vikunja/mail.age | Bin 740 -> 579 bytes .../porthos/secrets/wireguard/private-key.age | 16 +++++++--------- .../porthos/secrets/woodpecker/gitea.age | Bin 543 -> 464 bytes .../porthos/secrets/woodpecker/secret.age | 15 ++++++--------- .../secrets/woodpecker/ssh/private-key.age | Bin 3799 -> 3703 bytes 30 files changed, 87 insertions(+), 110 deletions(-) diff --git a/hosts/nixos/porthos/secrets/acme/dns-key.age b/hosts/nixos/porthos/secrets/acme/dns-key.age index 97d397c..fce2a84 100644 --- a/hosts/nixos/porthos/secrets/acme/dns-key.age +++ b/hosts/nixos/porthos/secrets/acme/dns-key.age @@ -1,10 +1,8 @@ age-encryption.org/v1 --> ssh-ed25519 cKojmg 0bz3W8QcGaulxy+kDmM717jTthQpFOCwV9HkenFJEyo -NKeh1/JkX4WAWbOjUeKLMbsyCevnDf3a70FfYUav26c --> ssh-ed25519 jPowng Q59ybJMMteOSB6hZ5m6UPP0N2p8jrDSu5vBYwPgGcRw -j420on2jSsfMsv4MDtiOTMIFjaXV7sIsrS+g4iab+68 --> z}.q-grease s2W ssh-ed25519 cKojmg bQFr9oAnbo1rI/MpUV8wQz/Xj7iZY4ZU+Swf0nSIQFw +zama2XJ0gdvUlD2GHMhmZqHSxHe+dKSfXnHoWDcSw7Y +-> ssh-ed25519 jPowng gitUwSKTNKWLSxnwa185O7x/u0ul93g8wPESdZaKRk8 +uvBIfAUkZp5sg6rfeEGvL5ZDV8m2uSEotW02kjPN3Hw +--- SZxe5f/CUZBvPQa2Sz/UBY3L68rMkIGGRuZPk7YE+Vg +r&{~v?}= +}+ SQM[]k MAtmM/Ls|ޅmCiYC}x \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/backup/credentials.age b/hosts/nixos/porthos/secrets/backup/credentials.age index b8ea008eda49f6750b99423cfb329a69e2012b89..63f0d32c783d7ab230a0a3f156d80a92a69d5621 100644 GIT binary patch delta 374 zcmX@gJd=5XPQ7Pnp;?Z;yJ3jAONNW1pK*ASTbOoIL{3CeQd*_Cub+Xoe}s2Zj=5Ks zBUf5PsY_m^L9S<_e_@45sKv`*ck#j|%c~O?LTZD6}c6vmjfn#}Cs8gr~ms7x# z=c%tYOXM3YPZV4~d27+C6?L26Jz67RmDlxl!nsA~rZAfqGQ1ABk?9^K(#gC~XMxr< zjeOzhjkDP-_opxW_ABYXb+gm&LppaklEgO}RyrCubr*bR&(P3#Xjh?N_WpSm2W!@X XufN+AGps__uzBhkEfnRl*nJ%U8{LQ& delta 419 zcmbQqe3W^DPJLvKOKFy6dAXB!u!l!kpnpbMNv2_9hNWp)g-e)ml8>vlyK9b9c4df@ z0hf2NZ)J+HkBNI?V4^{)OJG5l1V^nLA`Nea;0xpxpPuZX{l>Ksi#?_ zf1tjBiK$yYSAb<yijiStR-V3TZcct#eo=U(nL(Bb z$hvs5oSI_Y^rF#PG<_ zOk?BvTvtzTw`8}Zf{YxOsM6d#r&7y^q%7?$LyMHaB-fk@!!iplW0hQuAB|5Ag?LMD zlzg{+N~&YjBX+x#JbrO2-L;qAHZ7ItIGUk1TcdwlsMIFKqBj+sF2-NlO>S5k*PYm% zR?YXPd6v(PbKL)qEk1n1?%w^lve`M)7oO9#ZF#$1=E>p-CqvaA?beXj*(#=N&9r2d P$H!w1e7>qRr ssh-ed25519 cKojmg dgS4bezgtDi44R1A8am+J6zh80kUVYTo1heaxJCtzX4 -F3w/62xwtqYa40NU7OvF9pnZzYz/5hACAGJfMA4e2zw --> ssh-ed25519 jPowng lx81CK3yeNp9RjHCUFJeKYZlRzxBmXuADVBvRc13zCI -P7e75t8xU+ZkYmeQ8mmMfyZZsRdG1J8yrvSUkiWzkFQ --> *z4/`-grease S/)a{e sFd";= ---- 15FVhqRTkoPFEeETRRyFQhsv4Fn19Ozlax0u8Zy9mNA -#+vS4}R%ίF4fnDJZA,_ \ No newline at end of file +-> ssh-ed25519 cKojmg O3DMSSPQP9/ehXmzs0xcCGllu7VSzhd6b4Pii8t2vWQ +Ys1nMv2384elWWGW9C8HabvwUeWu52VsQpxx9L/4/dM +-> ssh-ed25519 jPowng ft/9SX5fpG7+7gHMubaFtb+50/gfNgmaofOVq5UjRUE +xMwdFjFdkH0Li+PikaFt0WAZbFUu5daHgkfN8aQQumo +--- 7DVINvXIXdE1MRwIkeajonYsy1cp4HugCxfTeub5SXU +<<{V?fk/I"/5K"(i \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/drone/gitea.age b/hosts/nixos/porthos/secrets/drone/gitea.age index 90ff83b15b50479b8c0c7a0c174ef6410a8907cb..6b68503af75d0ecf3778dac866e0b86258b1fbea 100644 GIT binary patch delta 467 zcmdnb@{W0eYJIYIepYU}La;@kfu);oikU~2wr6>Ec|?SPNxrGSk#T6HkF#HSS%`Z| zUR7yHW`vV3muXJ6w{fC(UbaO*rcarhQDj(lqGM{ReqM=rzE`22c9x@=bBcM6V@09~ zm#&>cadC!jYKoDmsiCDpRzQAvUb=!|U`DnpQGI@4cDY|to_C;!fp3nJvxQMa zQIeBWsHb6(Q5;`h_2-t~SPs`SEGS1^mV(GbL`O#@9bS;>5coMSsJ53Gcnz zgR5#cbleUO+IV;VUKx?=*0+A_)emI8X<)xK9(zYi=-d?c;x}#irJ>h z5vzjd==HArds}RO$MWe*^w&)Z&pdqho}#%({n4zP6DGm%Fxio<~VhiK(M;sG+BGNI`INYQC$sn^$m_S%zbhNp4nwkxO=(OL&n1 zm#&>cadC!jYKoDmsiCDpvUh$~Zn}bVL{YJGg;zzmU%h8WSy_2xR+M2;QE+5PxsRW3 zka2c+NMY4r!NV0p0NlucRS7vCac21D7W1*i( zq(y*diAy%fx&qzwqSVCVR0VSd$3XvT7muneg)9{(HEo5IWUfH-s*Fmr4F9xj*9^0W z^hm#YkH8`iCQ_;)0twHduZ zB2u>B{JZu%w<-Us(Uaxy{206BXT2S!4^EbBTh#yJ_`efXIjbjUc5iff@ZPh!)Us7$ z#kXZSksh4osje}bWV=M&;-_pj{JU5ByXOa!ofoYy{;OQcY&nB*{vB13psOhh)xK^j tSTG^;n1Pg(-0a-P`!`>3Vr}2WamMHj*J3+S5jiPgt#`ivjq>OG1puG-(}n;5 diff --git a/hosts/nixos/porthos/secrets/drone/secret.age b/hosts/nixos/porthos/secrets/drone/secret.age index c529200..d6e7330 100644 --- a/hosts/nixos/porthos/secrets/drone/secret.age +++ b/hosts/nixos/porthos/secrets/drone/secret.age @@ -1,9 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 cKojmg 1+cLlzctgcM0FnVDwMPOAqBkvMcDBRg8SvCw4djI93Y -oV2XI4f1AvM9P591kZZ6NgJXa+SDtqGzCSgc4psOmxM --> ssh-ed25519 jPowng Ufjfh1p350XxRPg95+/DHdmnl4lC0bbzUUlaxd1Bmxc -/RHwFDSn2ov+60r1uHUigrsn99+GmmKmlk4h4T2gbA0 --> *Lc$@-grease -pzVJAHy1qRq3jUrnFV0DDO7/hwV1US4Ogf0RsrVfX0xzbr73uJ003YjieVB25LqN ---- ME7/iVevyiguyhXugbkVFGzJV0yDccyKNlWbEZa/FmY -YXjb2und;i0X]0jLPT~^kc$DrufreOո+p&wϨ \ No newline at end of file +-> ssh-ed25519 cKojmg 0J8FMcVRf78LYG+dTOFzu3luXwhOjdOg0sx4Jxdccj4 +tdrCcfcYbTZYhL18RG3goiqtyhu3NTn+fJhdIAnU5uA +-> ssh-ed25519 jPowng qlF8nkSEg5fZgai0VP5eTSlZOHyj5IcalTf+QNWITVo +O5aiZX0AJD76ixsu6i9xnnFBQANdsu3h6XzdTQ6KtKU +--- ByMQt9bnbzd8YO0Y93FIYF/lmdbYcOydkYdKxpRQujM ++ܢ6JNmq[ Eb1p)vDPL9̀z!߇'Tad5U: [dύRMpzj \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/drone/ssh/private-key.age b/hosts/nixos/porthos/secrets/drone/ssh/private-key.age index 0211701ba0ee3d8ef341b6d69d70ccaa25b8379b..737777dfa116dbe553768de3ade7df9d423661ec 100644 GIT binary patch literal 3703 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSn_Ri1BO;<3qFz_-> z^6@MWG&IRA2?%y~$xq5iH+4@6H%W>JNz2I!Dm5zeaxx6ah~&!jOQ|rAaJ0xXGRiJX z4fYC5iwY|94l>UO^fYiuHqrM9)Xz@$PD=_;^hCEUD9so89*#`RNbVKRg!Xla^@sJi&rHl6fO{(|V3Wp0kB+ z3#8=xhUj+JyKP{}`5l?DJUeagy%pUlKOKTMP5b$_MVQ}Md)=A3MhmyurYsGa{@TvF zpY9jFKil`tb@%WEJ9~eJ9H>0`-0S2c7VW9`AL~fAyg!o0_gv7^`4LNs@4k5WgPrmcf|W5UMOu@b0WIFpoKC2&8B@?ec3y!p4ZK%PlerdDr{O)BmK7!i%D~wLQufI(xcHZkgZPS5cQV z-S5t^s2vq5)BUxU%!$a`cWj-r;I+bsJ65#)-1AkxzqBPY_I9mEKRf#*zar^ty$ZMP zmz?_co}poacA0q4w2d5c6IY+Jy;=TcT72LdZk3DIGcp&pn22ZhDi>_{Hgi{h)QZaJ zRon&hGbYVEddTzv@7*~sqLx>?bw#{5c2+R3AxJ+=Ju}E`@%pNN8^crI9^q}-x`!h7R+MMZAyBb$+OPb-~&4fV_wh+uifL+%;u*=AQmBDaUU6QMtHzlFBQt zCv!aZH%qr%I%kpf<@0hvkE@dAd^27xmEwNzis9@9@6R#+wq5?>^300FUtLEcO>)-G z54ofuR%CX6nbB-}-hV7==2hN>H>N5-Qc^0*UuC3vE1cobjrltxKiD4LKljG6CuXbn zwXLgCH7R7Z4VAv47V9x%YH*AnIi` zEsD^~<&KXPartxZRQ1;h=@WK7EST`YNhwHAI+OF}l}#7l?w*+NVDF#D)4AV9Nllu6 zZtvoNA19to=nwU_kd5U1p0@8Eqff{A#es{~ZDek3S?Hb0+7$5j@qUSe?woSLiywWu zvUU0IYr+%X844e`)qA5vaf$x17Yn&-RS(})Pj%(J;CN-?vFb1Bw}l>CSWEjnFj~<5 zN;Ov{Q&KvH?VIUr{WX(%jW;}5T|GBeiM4W;c;1Y2?^#XwmMBg6l)B_#=H|G}-qfAyX}m$gql-1S~Mt5K$Fk@0tyM=MxgEoG>^l|29Ws;up)lC0f2 zKOIYV3)Pu%tTaf8@OmP2ZT{pd2cp-R^ow6z%zvo%b6M<+(~i}A*5%*Rr36kUFFFt$ zdf=AHrOT(+@B2`CZQbU7j?H^oPWu-{L^<5L?VA;!p|bh+{(JA%`*(K~1v-W{&1!V` zG^HW$jLhm2hKs#FsQUexRM(v1{VKL%)ts&R^16Y+=H3OyB0KM$m1nd_sbRhE5Sn(M zfBvFNA^Ufko#OcKn5lR%P}{VUzc}FCvvXBH^XhX}8pN=(oa(HeB~v2*`O4mxFQdLM zdOhuZr{`Qf>s?hhelOSK_;hDYjN+-Iou7qPE$6x*m-@&#^QFbvKgX2$WA2=}XS6WM zn7c~a>7>`p%6D6&c-(8&ox8O%WhwtA9)*Rsj!m^Y#>=s-%wlt|f@gzIp{|-6EWA}G|krYYRDh%lFv$l&7Hh%0}ns8WZ$v$ttE|Dj3d&@6; zc(wQ6&2Kw6B1Ga=*?tn<7;HAp(&t2$o_}5NHh~{=BfQN_XFaa@y~{aD{HFHZQvHgM z)om^JRHruqdxR>ForK(ec`iNZfak`@)t!F zn_qu;C^oe$Ve6+_@j#{DZ@aACKNB)l5dKssyl0{yNAK=~LTzy!`+m6e-Kk-#*RU&?Gpw&|pcI(N&9-huh{&JaLHo^a?-k?dQTw1$HG# zGJ9Y1RLcuBIJ+YG?PHFU@h@sGMf~<&qov-&7QLWuX@HX2?=71*%w>3||K!}M4Aq46 zd5yo=&n>g&xG!n=TC?jy^dZAr&vH0Kaw9AS+g_dZH2k;ybJB|S@rNs`;-s~G76?2z zc;?ox?N6SnEOJmz5V-kgOYFLD;(H!FZT{kSnYU$XMpmr3+_G$w{eS*xKC|DsWX;r< z+I8=>8#K@7s~-*CBQb0D``cS3`2T4AI=0AtKS%u3KWW#d?KgI0X;zgjeRg>h*Oixo z4a+4aEUNu)a{Kq^pVnrxWwoT$r$`1GduU3}(n~d4*dRVtMV-mMyj5tz(|JDLg6(~_ zX?3O-AM!2gb@!NdRlsRka%DyB$~_Cy>!zE(xVB!2KeP2$O7pb$Z`GehO)L`f+_!wi z&jouzcHi7wl;r&=X#d2+?Nh)_&-zeFjbM?ypvZz&4^Z#Dg)l@M$z_+z*f#x>x zAnA-7mv>%SnIh{{lA>OFpOUxkFuLmU&Hc8h;%@J{)5#IHnK$OWQeyh9 zWw+|s*@~BEQ#xjyxVL_K+q zZ#|OuK6vZuFLhInxRkJL+bNi?f5-J~uW5nt%q{9`-L?J(Eh&_~^0m01qf5))Ou$Yu z(D|v_B!S~6o6pX%{iC8Ktk^&MYI5(Kn~y$Rxo^j_W!p>s%eTw7*gZ4azTnmTtnd2+ z^G?<`$jK{sP1vwzKU3T!h7wh+?Txq2&wl@V`=do!dv%R1UVN+gt-ODC+iIP?E0pI4 zEvTK9l6Gvy>2t~XyR5eUnw@m@#dRj*cFl|NdnO+c;5K%gw!}(_x$(*4P@#tt-ZZS5 z%)8#~<#OhneCdM93Eve2E=fL6UOIzqQM7@~!lQEU-L|GxmcL#UaoHo~a@q5v5^n0O zVaGRYTQcwe!eSAZuNsqdmwi8H^25j4aAJMn@>5d&k6%og_P6iRo>g0`(&fDTVF^2+@Nm#$X)Wbm9pjaegB>~5wV*lI}JYs9GEQT8nAuh*7D-2w;VG&H=bU7)I-rza-Z;r za+b1${YDp`*mz|-Z8O_+Xq$QYt;@p7CzKq|t=Yl7?!%&hOW#6HTL~6y4`j7*>|CpA zbJDM4vh%e5Z#&js{*qVoE?;oJ>x04smAf?_K}zoWjwM?-kFasQ-u&yKheE-OV_7fP zY@NFPO3bVa?S^@)9Jb8#EIGM49^X+EI>n$!hIdh+~T;sOse4)2`?n?7)-xvQDy)RdpV>P)aYq^OFqlE#pQH$z> zS=ZTR;urfLW?OJ<_S>|BbD2^kzv|!9NbJy?-aB3DmP*B1&JUI*SKOXBTm2}Cn|!x= zcgB~GwZb#fBh<6F|6flk)2cHmTy%=}sNpP`kIz3G`d}Wj$3!8Khq;;6D>Q@K>*}Lf zvWEH{C3RNPJs(N_EbX`@1buzOOg0W?jOyi{HS&+#`724CBMI zXCCj+nlGg#ckewn@BHwm@}IT+;u>Ct9$7VGhM1;PW}Iwyc%ik;vuhJp@m~J5yl*>K z=~1~W%agvDIL+vM-(UQ|OHp$3?OC@B{XAK+mE1nPd+749lvAneugo<@o6^nlcWx|_ znR4>fnwE?IRTbv{(mJwn_j6l!^SV1<996n*ul_t`gMIS4^rV-8XJ5~hyL3jXVum1(|>U{njHhk8pvtYf=G$Dhw z?#+b>7cQ6N-Pb)HzCGdkZl*~$*`1a4wB)^UVhj{r8C3td<>kR8C28zE>Fif}C(JiL n#{NMvHgj&iMaP@c3%;t(nPc}*Rbj)*&2-45? zt$}K!Jt=vC5xwJIW zA|k`2FfTVh!ptQ@Kg1nMm~MJeYGQG!LVTr>LU~SJgonL}f|{R~t%47i zuTO=UkCS(1s;R4!M{bIDZc2V+MpAKpl!u|CpIMcUaam5TV^ErRS&nbENkv*vWk5<; zepp^|kcE-AYd}>lm#(g^LXd?~nR`)WzGJ3&MqX;Fe@I1;WkF!6nY&M+ziEzJc$sUk zn`LpaftPt8*MVa{E@+%JKU2KHS^m_5%||zQ+rRbaOg>X{_QmSIrWLO5UFA-5ewp!) zOSUxdeO!O3NZE|HhgF(a%uR4S^y^miX_>(81G^Qr{f;d;`E1?RdpiFwWGnh7Ik?^b zA7v8hwmQ0f%F*Rsd=ghVa?P9$OxSnP;KuPCEw3#;>xx?5SikVx7T*ekph=ADtS4~Z zm@#RKQbNz+i-%r*opJY{hDwJ`(}tv~n+*aL7cVq=nU-)u;2o$>Y^_xHqCU%njTxvV#L z$-CKi&g%5PmY){KuuP$l0hj~oKM@6Ir&!WrZZ=xDL&ccq58q`$HUlI`4vV{jc3Ca zyFc#{-0;lLuHcDJmf^wGXH3E^j@|5>E_i1(ukpb^VX1%}0`K4T-&_3t+(n*~Z=)ht z-l*kS>QsK-T%UQ}#VHy0ABRbwMY4{ulX| zDG9711~R9oZsXgc_O+HjIrz|a=QfMm-oi_j~>BZT__>%&v0J^c(V(dQ(}JtXUYoZV4kVd#>D!z_qN~1i5}1 zCa}!d!Lf+lFwt6(FWP>4{-=9qR&8_<_cXJd=$N)M{)@j#WkY-;~-%VQlvpG}G9 z%oYqkb^rde_D{3=QY}-I7%bPDZiu|MC1B|lwWYT2rmxz$t0i+s{F3jk(V4T2qE4Q? zS-=`SeYRqO_SeXJ7x)%P3!JF?xaTCd{yGiUzBghMV}8B+zbZqn$oRtAyM|J;I$o)* zWi`kQoI5q<&duZNPO$~vT03$dSm^7+q~PbXQs zglQ~w`}5iP;+-QMPqxYhBuudPdiN+;f!`=^p2^C0o4%gcvDl_Kjm>0f2kSDHNw*{Q zzr0tre-$>%{)pi3z&+(@%%QU4*7mG69~GGs8|Kg7{wVnPtOduKCU4%bO3H8T@8Fc{ z@`qkskKty$QTBABk%e1`$#>?G+Vbh|zVP;*{~T%}ulitu)C!iSna>>`ucF0{jn)F{jQ&(xL;JY1+n?LzDPm-}q`26+29KlTv z+iJ27d(2v~b}rY4KgL19M+}{F;y&b%4yZJ+Juj!;(il|Lj@c32ezbZ(e@-YEI3kd-Y-S_eFbgSq4tnFIL&{J?dlL*8R4z zWs4&Y1sT;Uv^f8jHQmG-=#(7YxcU@pr|`*s-lDA^&VLZ86XGrSDXOpWc%_P^-@B;^ z@>NV`*X>_g|7)4L{@(OFVY^vHrvztqd~$Jp_|`Im?Y&lSgWTfq|2tL*Z&>;G(yyzU zk-7^EX2+>b<=FJ`e1@QHU;DqD9V%6}Dy|uK?k1f1cX`RCh_;o!KWkR#Zq><YC%-|0chgCFCW)chikSi&s@CWj?kNZ762H_}nSsUiqA?t38|A^tGED zX1%hhnpAad?X!rJsSi$BhhN@y_uzW_Sw6a%52Y_eKMQvj-oVqWY@ws6bn+%&F6-y- zJLXudoPGMg56?Y6jf*}vB+rwK5Xj0;HLHOm#%RCeR93@>%8zIt?7NX zdAF*qcI>KNdTOJ}*6Vx^8dg`XogTHo-!D;p*_?CA39d@7XZI8bKCks_UnLe}+VFJF zbyuKKUow{pwXSqqutuZYP!y{pru+@kb2nQhPfh)u04KZaRv+tXt6#eh$lu`BY5 z+H&4W3Z6UcdXA+&@^to^Z^lM=*HZ{s`MmH4|Bu zEqU*%{7Gu&nN;5I{U>6+O;p^vZP(<$OQ-Trtuy@3)GBJ6aH_DUeaDuJ`TO5A_uUZ| z^Z8gcQDfK7qmEyn-L+QmGS6QoyudoOwQ%0<8NFR|`}u9#ORvXy{!Gb_4!&T=byGxp z#pMaMbJj*YT)28m%+f!yH#wA35+g&r8QlJrZ<#h=#EwT z{4P(QujkSWzFFGt{dY?K+J0oVx_;GpM?rj~xu!;l?H})Askg2FPCK+F75mw8FqW~i zdCPc|Zk%iR{{`ov5BJTMWkkKsGj+6Y{IS7Tq9*vawA`e5MOYZWXr zimX?k2{lyR!9TC^$>K>f@6hNrt(_5>&F7*^s{&5oH0ceA4gRW~Z{w4s#wkN0SaJBrpb!9JE!ul;pMLGZktQz=Sjam{-E_rO={(K_Z$1Zd}v#B;isfd z_0jZqPH#WyYc4<27T5E?Yn7a>(>j&+<=mbTGd)E07aB?J^Im#1-RJrzcl2Ycle|9 zs#n`57i7QAUU+FC<5N3}vsVS~owWXuy4cw4_;l+=`9+t-?yvD?nJKpR+kvxR%IC&( zRo+`#KX3Q3r(dqW5&5PSU>AGfhI4PWHFk;;Yqk-Egks>qE8v-Ul*&M6+!d5WDH0C-7p{ zqED@F&#l^X?s*mSOYRv>9l5pK;ft2O@D2F(_w9wnoEgcj)6YD;I@5D&(%i~h!E@iA zDZamFs&mQw#gCdly47-v9S_fPOyIm9J^kzvuf0-h93+cBpLr*Jc6sj7&86CAHIJ?* dKeP;5bk>p0qW`T_@y>laN{U{!uw>4i0{~1wH){X@ diff --git a/hosts/nixos/porthos/secrets/gitea/mail-password.age b/hosts/nixos/porthos/secrets/gitea/mail-password.age index 915f8e9..e2e70ac 100644 --- a/hosts/nixos/porthos/secrets/gitea/mail-password.age +++ b/hosts/nixos/porthos/secrets/gitea/mail-password.age @@ -1,9 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 jPowng BkIjie2KrwDLaZYYIguCs7TPA/wQy+YPguikuhfye0M -7viTA/EGYB/jRKQm6fFd86DMd4j+Jxsaw/xQ1T8ZKNo --> ssh-ed25519 cKojmg t1Y8bZvPccNAX8vWQLTfCyOJIBXN515vyfFrEI2EVww -bJEjpIWrKeQrA/JfY7FRdB6hpHwR/aG4Vya1ChFNBKs --> jK/-grease Oz.R ?;)G ], -AuHk9TcC9kl0dg8/L6UfHIk3e9fgGwSTJAJpVgInhok ---- 47z9lol5MtpX0IsO/0ggLDMcNVfl4lNNvoHUSwOU/18 -)gЪeu! - TYAM+GbMe@|A,&E!܆p=P=9P!Q|r \ No newline at end of file +-> ssh-ed25519 cKojmg 46BI3ItrXRWMivmd/K8bmkKlrYFSr8cbehAkmwCskig +gTjYquH1hDEZ2zWD5P7gN/ejTCH8JJb8bC/VLZ3koeg +-> ssh-ed25519 jPowng 5MqfJlasDbbqlI0dX98NZzHxmYmnnpveyBxa4z48V0o +r7Yiv4+SZiDncD0Xzp5eFSP4f2yjGBOILKxEO1iT3Os +--- l43+JtT28i1YDhNX3hE3Qb7swskOBc5ghDqiyh3rU2s ++)PnWT,.eNW YƱkF4#=)6mȵJ# \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/lohr/secret.age b/hosts/nixos/porthos/secrets/lohr/secret.age index fa310b481b361a28d6cfef8a3a387796460ed1f4..1d9c5ba21388406d6991ba35f31c99325ee29e6b 100644 GIT binary patch delta 332 zcmdnS{GMroPQ6n~o_j!4QBhimhp%U_XHbPxg^O=hRbWP0gjczXwn<2-vzbd^a<-p~ z1($b{ua{Y&yJL86im9=aSD=?kUQ%{MnsJ_EW<_vVR;pi!MN+V#sc}HQFPE;JLUD11 zZfc5=si~o*LRLV2d0x7LwwHfJSiWh9QMN&Zqk)S>UcITSwuh&ox2KC=c0{hBL6~J) zsCQ{tqMt!ImuF~kLAps#Rp-{}jADJOzpp+0vFvjR`?^gtYiB2%ey4wh#Y6C$<-T7xxF$4S gn3>wA`TO~aPBx*w$@(hW`0le#KEm+WU2CZo0G{x8>Hq)$ delta 404 zcmaFQw2gU!PQ8b7SW>p9k(pOkwo`hpp^s5=L1|uCX{JFynum{HT3&@&SaOwXk(;rj z372t}t4CUhS$SxopPyTlTVhyhrk_)2MzD8OZmD;2PC#yHl8bL~N}{R11(&X!LUD11 zZfc5=si~o*LRLV2d0x6gaHVrjnPs+nNmh_|a70RGdcBc(NoHYznOV7uVTeUwu}7-E zi;-7gj!B>+mqk@dNm{U%Ylf+QQd+5LNs^hbg;#o|sdH37X1I$*h)U0sDhQ~k8e?2NF0d~a<(x6-VT;(XIE^W>6BlWhHz zz?>?#oGQ~QOPB1b$ZRg2A0_%d;oXkDr5#F=_oQEa*djcA?q^*^76+c$D_jlNPwAIX xcoGzy+BYfV+HYgt*F7gM1SjX;<#Q@A4EcK_X$9|-1ID@E0n|W4wetxM_W{{a>Mrv?om1#w$ z0asK}T9ucvX=SBII%qFD9gK;UmAsfjDF7YvA2&@TYBI9N5jpcBVw*!g?$ zA=f!~%66wb2#V4RD%bGZBDVaw$(zGZ6eY|SKiRQH;L2MSA-0EsIyN^<7T@f7Gj&z# z@%sWQ>Bo}$zM0-mRBO4uWcIuMl3gzx6!boKRwccc$UIymTi-0vIQ8D5DXgALg|Ek~ z61&^5aicr8r0B~xflnE~R|tIXUms!9qZD>>b64^X&l8-@28m7ImWb!aWEvm(dO>qr z`X>F*)YEtOZdWnq4R>VWdA~M-D{klRTn2f`uq8_$#e__pW;*N2^l#?=U9a2%(pZaD z_cY$^PT-f?Xu0rc$8Ed%m{ZJUR;T85YE2bc@NJu*^S-}&b^iGY_D{U`OIa;0{9kZS z_MecXi@L^{lwDb~Ex#|mx#(#|$etO7dAbcj0V)OGZz{fwWvxDz)!y0ibnm9?f!zAb zgTn4X3G>wL%-XTkK~+rr&_g4ApVKs)?!Z0CNF_y0Y@YceehpnAY^7P=l|&9 zg8RMcwud7w2z@o1S7@^Q*{_?YOVdvr=qOm>$^7`atyBqbT<_k{gdLl{aDQ2T&f=0g E0N^(BNN7+I2tD|X@c78#Y z37183e!h8jk+W-%iMK~^lwXE>afx4+xo@(8NmPNWPkL@iXilJaREVQnF_*5LLUD11 zZfc5=si~o*LRLV2d0x6gii@eKX+W@(i@A?>Qc+@r;lJL|L z)9}1{b7PNCSI4BP5>pH9Dw+iX6kj(6XGQ)U-&)$k3F` zJT6^bU4>#(?_`&NKzGkVlSCgsmk0wB?_dv)s7fRK^qkDhU`Nm5EK@h%&=f=Ca;`fK z{+Db|+*xsKQa7vI^>aMae;+Eo7jsdbJ*tB+fPsx+>JHkKS zTQ=|Wto9qh#V=}N<=h%eM z@B>yJM*eOaZ?~N}DUj0ifxqGz@1rwLG7YkO{y`R~1MDvc$RVdc0IAf^zCs|D4 zfPqw?U`or{^Gc=)S)wlt`Z*rHdz&|bAgloU66=k4QO-`ZU3eBF9VRT>`v DuWd ssh-ed25519 cKojmg lmu3MinmydRHD0A/YVRRtopermfoBC8M8cTHfVanY1s -ygrtpZZJ7aeQTblNazpoP7DdifmDxHsE3DFJsIrWX5M --> ssh-ed25519 jPowng X0cihOc+fBtmtrkEivIHQngdYIobezXEF1x+pHqNzAw -/+sw9x1NWY0anZhDMpAywBPrR0F4XCHaF9e8j/Yo/kI --> 32;%1s-grease -JafjuSZty6a4NSO/y4y5wHWL8Mw ---- dwCl66vdpsL0MR5NWWvg3JUnQ2QZQBeW0Dj0l5tvOKY -oi,`#uwW%Poubڭcy8 ><FqKÂk0k/h5势F+u eb>1Q2wnWb֖Bi^xur- /ll-=7;j0I%FiA;YUd]KI0( Ag^uG:pkJ:qWSaLw!M4L/ZD-XUbvbP0f9 J`XO!s{QAcc;4Mچݹ lxH&{}zZ9ûXܓg]V0gtw \ No newline at end of file +-> ssh-ed25519 cKojmg u+5VWUy7eFq4boAIOhuKXZYD4mhczaUAcjz4+coVggA +QlBHHgz7uY3TVgex59yZA0XgsIeHi2WN2S+UleC7bMg +-> ssh-ed25519 jPowng IyeI6WUjF8wxe92xD3xY++4ZqXtY8divB39eLWfAtm8 +eGj8w5X2ydS1LJvNSmo56xzRVoUB0iAKKs2NHX968Yc +--- hsYH9lUl3wIErJmBKzlWV+gIR5v6vgPIcNDgd0hiRGc +@lQsȄףD}^{X)nYJhXhg8wӨǂwy(a.0>|PSlO|E鰀BW_)|x4\_F +Zo0=dtsj[0O+R8id8j +g$x òb흭Xg^G$UB*鲡)[tHav7jD.z+[~ 9z`s,_!^Yʯ2HSŏ*@jZ^v~غ@ \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/matrix/secret.age b/hosts/nixos/porthos/secrets/matrix/secret.age index 539c33e136a17f9caf49f42d65bbb528d78d7158..2c8852de12162394b78cd99ba47006d8a6cc4c0b 100644 GIT binary patch delta 389 zcmcb|ypVZ0xQNBr7KyaZ?nNz-LUSe)yVwsbdTUJnzNk&Ri zvW35Qu69N_SFS<1Yni3HXL^!fzDJ;sMP!zHWlDLTsk?cYc}RwjOK^^5MP^8nxkXVn zm#&>cadC!jYKoDmsiCDpRzQAvUb=#IexSdHzDKFQQ+<__fpbAsu3?#}pI?4Sd6lV| zMV_mvMV_H!o`-2lpob@yOR=$Km5WiZOSyr5kbZtypmUj9NLWCbZ;qK^X`YXxWrcIT zXGKbtOIReAuCA^^Zc?dRTA-1mzJ7{9aB*%_UPwuhUz%gSscA}uYf*7>seZ6`cBpfT zb5=Ij=ekL`OdlS;{Bead`eT!c8-#!0*iBx#YiK&Kx5{0wBCiz);@$5U?K1cE4 zy~UR{F<$=kJdxwG%VCx~jvwzt9;!K3*?Y(O?P&plq>eik@rRnVs#@J9YikO2orvE* oYk#1UcadC!jYKoDmsiCDpvUh$~Zn{Exrn{MWVvw_Ae!XEUYNqM@5M|OsPnPX|FwpUefa%re} zQki2_Rb)QMy4;K!KV9AQqSVCVR0Y-QI^*IT{dg|R2*Z3+SI=Z;gFwq-{VZQEKSxVn zU&Eq$0}tm=ePhc+!;DZaU0q#;0)qmxB1aSLutcMD{lFYg567s~f}kv?${b7oB%@N3 zl5+nLS6A(dBJ+H%Z0Fdc^8#Aa7CicsZ6 ssh-ed25519 cKojmg N182xey8TWRVUWTRP16rT0zlhYZNr/pOZVR7YRnlIkk -HVqAag55z1cKLgjR3WsUj2wvaVjxm169JcDRJGRvCVU --> ssh-ed25519 jPowng Dc+aaUTxDsMTY+oOst0SC3ldq1e6zX8F5A5uBL5RHhc -JWZou6+VaFc5f2OLRIrmFFWg3Er6WSY+TloXU0mP1K8 --> |9_9Aqh%-grease $ X8Mn|5 aKnl' fl ssh-ed25519 cKojmg xRtF3XVc7yPicAV/E4U7mn0itvD0h1BWBTjwunuoe2E +OkB9sjGB3ulH4Feuyj3Ed0DBG4+mghW/Qpum9oXL/8c +-> ssh-ed25519 jPowng 1r8drqhz1yZdTq0Kvqya+ArU1C2fkN7Gg9LiWWfeUFg +cjbxntVwHvqLaJpiKs/Y8ojeb6e3/cLFcsoeuoobfFg +--- B1qA2PylJBrdZxZtCzlU2kRPvxLM+IrXTvR+ERxVtTY +"W9bg~/b4ՆI +} -NC7vWb?8=wB UpJClOșnO\ \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/miniflux/credentials.age b/hosts/nixos/porthos/secrets/miniflux/credentials.age index 979015965f433e63c6451fefcfa5511c614dc814..00d89a4b03c4b440ba1e77750fc8ab10cbe7b03a 100644 GIT binary patch delta 360 zcmcc1+|4{er`|o&GcYgEJ;Wq1%O%s>G%D9KCCo9kFvlPys4yiwFU>1YJJZWGztS_b zoXa#wZN&=-^|yqQa>}?fJ@g-p}06h zH#Nn`)YQ;YAuAxiJTF}#ygb;zz`&?9*drw*B01I2x!$PCJlM-9#XCPUDkH?l)GakV zHP zOIKG{!BsolGt;yzI6EVv%rVN>!{6N7G&m(aIN7oy+cem-+{3`a(m%xABR$WTE8u$F z!^uzhc@qUoeyR$aR$E`6xZrm1H;1)9;-BTICwnWYEP4x-o?`wW+ z-!SQ$MxX8qoA0SNW<9zeY4QKtZ7+vTNAs8!Lb{p1v;*%5L^Q_bebAbc^Y_?dd5$^G JwnqQ=0sz;4hcEyD delta 443 zcmeBXzRNs8r{35s$;HX3pwQ5>*et5Rq{P5CCAlohGPg9O(ydrOz05rz+tMsK(K(~s zm&+*4JHRU~*xS|HH?=s?r!vRK&$YnY-#w=y%rUYuza+}tBGJ?$z$3@kmrK`9p}06h zH#Nn`)YQ;YAuAxiJTF}#DA+5?)Fa2y)H5h5DZ@3iadT2&f zS#qU?t3hgUZkbPkQCe_TNU(WIR#v2k0oTqAPBzI216{s?H|Ld{+-qnpKzY@;PN%{gpHLZ|nS@e*q?7pI!g} diff --git a/hosts/nixos/porthos/secrets/monitoring/password.age b/hosts/nixos/porthos/secrets/monitoring/password.age index 410536f..67c75e6 100644 --- a/hosts/nixos/porthos/secrets/monitoring/password.age +++ b/hosts/nixos/porthos/secrets/monitoring/password.age @@ -1,10 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 cKojmg OdLtFHbHbc28rUn47vgsVvXxFNg9nF+9y9R6XOK390Y -yQQYUPQGjN2+xrSqqBYa7/zS618KrVjX5Amw2MFuSLg --> ssh-ed25519 jPowng NwUjiLtiXVi6XFmht5l1CxEs3gm0oN4vHYwDZyda7Q4 -di6znVjNRO6QdqteVNkeot5Ko2NwWLe6v+zVR3f+o10 --> 4Vx%\(-grease ^^Z>EC91 R 2BJ d48Wip*s -yPiBgChRF31XgxccQFLO3MzRL7+5s29sfRoF3W1yUX6Bu59MpxD4D+n/jhLcxSH/ -CxW7KaiOctNmPm5tWh6qjmgQ+V4bcAji5vo4FKs40l56cfyueEJj+Q ---- WUGF28zqK9E1AlOeeCtSHxFg6ikRy85gOoLtBd4m0y0 -.|rr>12Sɞ.hww q%i *U^)'qO2ӜmQ7m` \ No newline at end of file +-> ssh-ed25519 cKojmg l5lOlGnbvQ4D2kaSj1dd8Xr+btlNbTkT0SxSz02Vr1E +Cjy73yKL1N8LnjRXXLpxX+wIOFCa8wrG44VjXUND1lI +-> ssh-ed25519 jPowng nYHfkP9dRkxu4Fqh8MgrbdZAc8gk+VGDyxIV6RsSeEM +rKKi1NDoKMMzQ+kUs5ZX4zMqRBI0QwGY7q6K/L9+dLI +--- Umv3UCtXlApug7uuqmwbQN38i8Lx9/b0uhLgbc3OdZM +BLs?sӓs2y +R0!<f9txB7dڊ^ɇLJ&W sp_f}em#<@bNO*>2ifM|uX=Z6vnxj!_plN_bPDyY?l$VK7ierd{QKXN1r9nn9 zm#(g^Lb|1QVnkACNv@NDsb6@uyGw9oc!g_KzGZoSV4{adl6FW*L0Lpva)GZ2SMueE z>k2|AmRrs+VFf-dO;eVQ?n^ delta 473 zcmaFN^qYBtPQ8DKVS#Z#wx70>cZHutuBW?ip;3@on2U2#RdJQMg=d9ldT5w_Sw+4_ zHdjWnS!Jq4n45ovWrjyaWuQ}uzoVsPnzma-v3F2@UO-|+hEGzlV^*1aAeXM4LUD11 zZfc5=si~o*LRLV2d0x7Lw}rn)WJL+w;=C$mhy z%CN$EOUH`r6jQ?zPdD!*_b>x(Hw#0<+)@)qw@g1@V}r!>2>{p2Oi@TR!c79Hvn_*^dMVL!Tgm#K)L|9;?laYmCV2*Z% z0hgs|Xqs7Bh;y)uhmUtfl)jmxwzH9Qpiip5cD8K+2}eo6d-(RQG7*&QP`Ew^_Kh)-vksm02?{RobyH{24Yuc*CjN TtSw*pXGQX#o5*qErrQ?)a<6iJ delta 406 zcmaFNw1atqPQ9x~WtF~JrDvjrQJ96fwtsM7T4G74i&H>SUS(EtP;qKTfmw;ZsbNr< zFPBe1afqpVR&ipei+@47zEOU0l0|q}MX67jnMXxxl%;o=c}hsWk*Rk^B$uw8LUD11 zZfc5=si~o*LRLV2d0x6gmS3WCmA1P@PDQSTahQ2nT778h z$hyQ3TWu@H2;KCe)WqUc1=VOE?r$+g_14m$0a+v=oz2u6OtM>h6#0F4mY;dARhUPmRXx&A)2; z=ej*={?X)beJzOu`A<+Q<^+k=o diff --git a/hosts/nixos/porthos/secrets/nix-cache/cache-key.age b/hosts/nixos/porthos/secrets/nix-cache/cache-key.age index e0fb5be786d9814da7c81edeea1e47b67a45c4c5..17732edf1ed61d9a02ad41eaefe29cb50634c4e6 100644 GIT binary patch delta 394 zcmey$yoPy#PQ67&n6{Inw@-1Qg@=A}MR9gcRjId8pn<+~VR=@#S)oORudkPZYof1< zCznrXmZOn=VU(j|YGhWpSx8A)Zf2TOXuf{9duF(^NZir3FK<@IXMT)aHvZVhQ!`oZxl*ByGN3#WvGRDQdmijfp3t9Z$(sI zBv(XfZjp&aTAFu&TegdNX_#43ZiQ!_QE7g$p=oe#aixD`a718KVT68eGMBEMLUD11 zZfc5=si~o*LRLV2d0x7LyLU#GnSN%KpJP>Un4^KSQ+AsqbbT{Nu1o*#Yc#nR7;}a=ES6tl)Np3uyMN+Qx4+u|*by&ZHGN*T z+)1_XXA}0UD3_hT?r7+n-uoN&1PGiL`gNJ%U}T?9KgSF6KN)wtGELK&J};;~>b1}M zRb*_>Z?}c%VudV0)3bKZzaY83--mtu>$BgJlQz^o6gnp%vv=p)tcPb0t_zC`bbMWB M{UJ2#_Wv((06ti>3;+NC diff --git a/hosts/nixos/porthos/secrets/paperless/password.age b/hosts/nixos/porthos/secrets/paperless/password.age index 3fe76cb..8d545fd 100644 --- a/hosts/nixos/porthos/secrets/paperless/password.age +++ b/hosts/nixos/porthos/secrets/paperless/password.age @@ -1,10 +1,8 @@ age-encryption.org/v1 --> ssh-ed25519 cKojmg zhpo89xef68JoeOFWzhdFshrj2BXXUCFPMLVJzv6EyE -fmJxJi5rmyai9qGwDo7iHg4BrObGre96KCpl+g91O6I --> ssh-ed25519 jPowng INA6EZdy4J1p3QY5mfVOQXiLdOjIDaZR+CZMP+GfkXM -8Nf5soaxY5SEzeJca5kaJkx7ByOvc4NkJVetB7wpEmo --> xjK'w-grease -f5v0cvlt4JbHlAwDOob86qOInWdlN/oohTg ---- NTGv4rr+MhJ/YeZhVHOjoS1V+zCHFf2itJYfK36R+wE -חJ d o'YFU@ -r7_N$>]hq-F۰qX?| ? \ No newline at end of file +-> ssh-ed25519 cKojmg 1hbRAuAGrTy6nmkAq+UWua8weywphZsTIGF68YQEOlQ +92Q7uIKv1EiO73wMh53jrTuEkzP6ziBmX9SWXCl4d3w +-> ssh-ed25519 jPowng aPb9v/S/mLW95Qom+swvasqY878RxpxxOkMJA2wb6nY +qu/dzcqciqKzNc28HqFMHA1XnrJy+/wWgbfM1+BrlkE +--- 8PXOozvZzNZQD2OT4a+0XuIQauzUGSvovdfDugmp+bc +x>禩_C9dT5KzЄqcZɾpใv +) \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/paperless/secret-key.age b/hosts/nixos/porthos/secrets/paperless/secret-key.age index eae5c56..70cb898 100644 --- a/hosts/nixos/porthos/secrets/paperless/secret-key.age +++ b/hosts/nixos/porthos/secrets/paperless/secret-key.age @@ -1,10 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 cKojmg tZwn2usN6K62oS4vBa6boh9zEp/+cS4chP8boXG6SH4 -Fr3kV8gUDoiDqMxPYWsHyww8umYhQEKhqbVBiVw5NeI --> ssh-ed25519 jPowng wRbJl4G85obH/GluQBBsXE7MOvooEui65eqHfurvuQs -KqVZMBSyHhkayEdwI6ocmA4qhHY9zYJvg1CEKM1SOa0 --> 2E"/OFW-grease o Qp3HFe^ -bGhCNicPqt7txqxUiEWXCFs1OuQLqOqHmjHSqYQv919dqYep/xBXzi/aRf3dsdvh -TCJCTvZG31Qxvikp ---- xKJGbdVp+Z5h0vCBleSF2zYYYd2S5i0y4szNqjRwrDY -T /Ni7m4#MhiPޛ-gI%@E(i7Ygk"+㸠(]o@bާ+[Y"BCR[ >-.4db9v \ No newline at end of file +-> ssh-ed25519 cKojmg r3ZUTfSNcHc1TS2fVtk99Y2xJMMunkwkcR0dQIdiCi4 +LICSnzAaooGy6x4wt0vNM6YtQ4S17QohZNt7lfVrD6Q +-> ssh-ed25519 jPowng KLU68ws4lemr0wWHxm8H8pf1SQAoUZTN4QSPzk2PyHk +6pjH1pI956oaf9ZIHPPq8p3g/mZC5GxWhWkT54Wohf0 +--- cAQbniTwwtTftfXU/dGtA69yF/hh8iB97vHxvkIZMMo +c#=^~?5-wNT̡+!z " Z"2M!p5VjΡѡLyŹ nĊ8zQ+ة9WS0u}YÚ \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/podgrab/password.age b/hosts/nixos/porthos/secrets/podgrab/password.age index 90e2501..d50dc28 100644 --- a/hosts/nixos/porthos/secrets/podgrab/password.age +++ b/hosts/nixos/porthos/secrets/podgrab/password.age @@ -1,9 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 cKojmg 8rcBI7fYHuA3jO6EzJNFaAj2niIApKDt1HQEv61AKTs -ANxkIX/CeI7t7Zqp6wmjt/D194Z+xpeiidb+qvYzoQU --> ssh-ed25519 jPowng oruewwTM9X/HjjcmOPcQVdp02rQBlgJPdzvlAffs3T0 -MrO0kaNhjgOkNHuz3NrIMWXNrXOHH9dT/Fk6hoQNKyY --> COK%H7-grease -6yfI90QurOKlM+kgpW8KZ/iBzDYD9yhNmjG1LQ ---- uArz8eHg8sLO0sdlkM6cELFh+FHiI5BrM0+iXJxxiDo -vvNb@FMMY&/%mt֓dh|ߩ8 ڽ9C/ \ No newline at end of file +-> ssh-ed25519 cKojmg bICZUDqk/C2divEZu2lxUDsrtS1inSbDbS8hxJSJfHc +FsfueyP6WCesAu5EcXIxxtvbb8RX09qNTN9GvuhYuTw +-> ssh-ed25519 jPowng Uujsu6c+QTXqCNi6c+zxk5tf0UQcG+Qm/SZF4dzSKCY +RPVNNNauz73A8kWA0VSQiMWCerUkxPoXG2MUrFly3Bc +--- 8h4hGasOwZxk+i5aQfg6AzdA1G4wROhxz2rmM9u41b8 +{Rh=42 yЙjMWQ%X ]JK]F?QK \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/sso/ambroisie/password-hash.age b/hosts/nixos/porthos/secrets/sso/ambroisie/password-hash.age index 10d9eaa37c8cc1c8795083db6f5b34d20a30b9db..efbd945037f705059145bbc665e1be54856efb6d 100644 GIT binary patch delta 348 zcmX@j{GVxpPJLjBn_r?uMV_~LNS3EbSb2m~wokdIlaG6%YgtBeMt)&lpkt-KlW%gc zBUf%gV3|vHVn9Vmct%;4ewtT$q=##`QAC)zMRBNirdxndM7T+KVz#G|FPE;JLUD11 zZfc5=si~o*LRLV2d0x6gu~Al~sYy~`MwxzMo>y>=X?0SaG67iMwTlS4u&ozd?zGr*E>iK|y%ASz@SHm|0Gmv5~i*d$x8l zm#(g^f{&$nxm#JGhfhv&WSCESXp(W5tFM7mc3_s1ak9H}if6GwglCYCU!t2Ym)hSn z&mB%%7lmpaD*x%ox_ra_B`;1z^~4!Iw!i*m+AD^=YPa51hWzhcw)lr*RDIKJ?dP*^ xS~v2a%{4xs$`^G(?DeA6md~HJUE;3Z6n{Q2>FH+9^Fk^-$Gx384qf703IH<+gnc2c;7Q*LrbVN^vxltq<6x}&36kZ+-zOG$CQc~XYHc2$yhS+18;D3`9CLUD11 zZfc5=si~o*LRLV2d0x7LX_!fPewm@4fm>#}U$SvQNqu^xnT1c7c1S_0t7(N(Qb@UH zu#vH$evWfGS8}?kc9v^YMtDYXs6}F=XPQr9khZ_6TZLypesW26g=2VRmUC2Mo{?KV z$U5^%uSnhWqSVCVR0VDAs6-u01?xZ+^{OquvHll8n~|v2)jKIk>QS z`MI|uTekf6wwH@~H8DZ*(&uBZwi$(N`%v|7%H=moE1d4?CI=h~?PW+>8M;VF%kO&B U*E276<{P~f6P}c?U{=j807|!-kN^Mx diff --git a/hosts/nixos/porthos/secrets/sso/ambroisie/totp-secret.age b/hosts/nixos/porthos/secrets/sso/ambroisie/totp-secret.age index c5ce19b60a266757ce1389831e273adcd6b6abba..211bec374f0773a28906a9d0d52f0a1dbfb6dd92 100644 GIT binary patch delta 340 zcmdnR{GDlnPQ7V>M@V^|W0{w$TZx;WPlZWdWN>D=VM=LLsevj<1JDXkuuhQN5p=QCM0=cvV_KZiK$0VPKk9 zx_e+!nsKl%SBA4&wnvVaVOm~5VR^WdwsB-gK%qyNg;7dcc$K4tUsOe&zel)blu@QD zm#(g^f?t?{Wks5sr=LekZb4*Jq)%|Ld$xsPu)bGvuuD=_W~qg7K|x}+WkrxHmuu7Z z!=g_QeD+Twl%b|9Q1z&XaTLhYqq#&DWjwcbfWnhfjHj8c(?u0su`GfyDp- delta 408 zcmey)w2OIyPQ9CfbF!ODkb7W=OOa)HM1*BVKzLfIZ-IwXctk~3y1Ausj$1)tnwO<> zIhSX;S7~Zdg=v79ajU4E>-GBUd-yC^r*x z-}IDv@65zhcc=1D({wIfU0sEgGDn}JQ2!i*RFCXXV_y$nV{^-pOnswDck>GKNMnQW z;FNTiU>~E%(nzk2tr1I7>?>Wrmd6|KmiujbBP8qEK7)P77QgWQHlJbX1ebeJ3cFr+ zUfj{Rb$zw5XU~NnNf`oGb5iZ=#JwUbCLeOVeKuB5s3>@*8`G9@Gn-v!ZXZd{SPTG_ CgOZj2 diff --git a/hosts/nixos/porthos/secrets/sso/auth-key.age b/hosts/nixos/porthos/secrets/sso/auth-key.age index 4e05b15362db0aa4da54df2c747e5d4bd86d001e..1c1247026fd209d9cfaf58b8e786265c72cdc320 100644 GIT binary patch delta 417 zcmaFNe3*HHPQ6h^S)hM-UWl`!o0++HMqoxnp1XcplC!ycL2`+Yc}|31VTQAZQDtaG zAeWzegjO{?a@$ZS@!fj{jJr*aoN%>BA*rPvr zPG5{;%N+YJdqVpk#?Mnu_$0lD_0}Pkb Sc{Zcf>|YAJujjI7-vj{L;-y0X delta 449 zcmX@i{Fr%yPQ6KLa-x4)qJF-Aq=CM%r(02)nQu^eSwyZ=SX6L`rMaJnWl5SxaGsyB zBUgT=Ta~AwQHrmTZ&rDtVU>AOK}JrdVOWrBs++s3c5Y;)Yh|umq`R}D374*&LUD11 zZfc5=si~o*LRLV2d0x6grcYt6ws%%exT$Gio|k1&d3{o5c0gfhMunG$cY3&Qc2bU? zzME;HSEQRKmr-F=u!)nuQAmiNdtqKta&bhCpLtHGS4M_Ys;fy^s#{b^W^hWjsi8|K z$T~fz>?D&a-Snc=#Nt%0vVfrM^rQeo3*S=DvT`n6U0sDNAImDANaG-nkgS57Aj^zG zU;Xm>LL*l*H&4TmGMB*O@H`8%vJ}${?ZkYp{g$C;4sOrxSUBmO`=-UdoyIGZE7@9Z zUe7X%2>Lx`=jWVOhUsC~R$sV!^<>g*erXM-^tp`&ZfUYJ^ xes<)U`r7NKiH;)kwLAA^ZfK`jPDp>(_R{5$@^>rg_>_IWOw4<~GB!`R4gjazwKxC( diff --git a/hosts/nixos/porthos/secrets/tandoor-recipes/secret-key.age b/hosts/nixos/porthos/secrets/tandoor-recipes/secret-key.age index 2ec147d8edff2730442d1ae253609e27bd43bec4..d6db3710f922d6d3d4f9b65cd05c07f0858cccfd 100644 GIT binary patch delta 370 zcmeys+{ZjYwLaN9KPxv~!OYk`JxHv;MHO0u()X-8PDKSDj><-Bs?uI zGG9O4%fhR|z{$hXH=~#(#XfzD)zmR7CEL`g!qU}0(>Xgi#8N*pqcF;&C^^g^%{`JxHv;MHO0u()X-8P**iZgH(enj$KSOiIo&iPyWTH7FxxF9Ei6gfDKppDxY(yW z$1K+@+uNtetH9aNJt�(8SEyG%_?j+q}HUB_PirJu)~uEZZf;tuQgt(7!NDJJ}%3 zvLq=qz`_J%ovTTXZhBE_VsWZMxV}QIs%wf)rmlj&LS7=5i(83-Sz3WXQl*cZV_HT; zri*KRXrO;!zO#0^Wo}lPVV+x=wxd~&Pl2~*u7|skMM|1eKtQf_tC7F+0_U6PnO_c6PEwfYHd8~|>*j}ULBIRVg&R|*-+r=fV_jZ7dxC8m Lhh^qsx9}nW?r5cc diff --git a/hosts/nixos/porthos/secrets/transmission/credentials.age b/hosts/nixos/porthos/secrets/transmission/credentials.age index 4f407fa..16f90b6 100644 --- a/hosts/nixos/porthos/secrets/transmission/credentials.age +++ b/hosts/nixos/porthos/secrets/transmission/credentials.age @@ -1,10 +1,8 @@ age-encryption.org/v1 --> ssh-ed25519 cKojmg mP2H3PWJN6Pv3q6C2wci3KnXjtFAIiuGy0YH0sGIy2g -f43QqyUQfTYznszub47kgc2Mz95zVScTDkwnG3INi9U --> ssh-ed25519 jPowng fENbu7+FZ1mnQQHQCLm1spLHmsQGlRoJResUJtGzYkY -hX+AqCkLCca6m/aKtGCThi7/mCCz/TZQNJNOlOmlqyA --> J<-grease -n7+CPRr4oazWnE7yzpJN2ZAI4QrGsAerloP4wNeebjQDx8+IxJq1JE0g3Yi0RxzN -chDccuSPLYk45Ov+SD/qqqFZlQ ---- p81HYw3LFj+qz2kiZsDcevM4ZBfvN743P9Jdi7J9XkM -۱S7VBOlEtq_D,PVFp\"AM}g?/\;y Ӛ(SK \ No newline at end of file +-> ssh-ed25519 cKojmg Froxrdh4H2Bsj4X2xicyBXHPRlbkRJAOztoTfzxItSM +FnsLS2QYm8mJUO+c152FieLCFkALxxwQLnY4PAj8zsU +-> ssh-ed25519 jPowng pKl4p02M+U5JsiOnM2wXL5bkPwsI3IHjlTutlvez3zM +NSuOFsyV8JqtTq97lNzacJnJ3YZgWp53XxU3mjUlcMQ +--- 2TK2ViFblmDheaYdat/GF0ze1wVsla1EPLaeRdMM4Gs +ըENܞm›2u~Jubt[$T^2ji@xҸ*İg[MHX!6ezDW]<` XPޛ +q*o$< \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/vikunja/mail.age b/hosts/nixos/porthos/secrets/vikunja/mail.age index 4c83acd8586c808c5938889471406eeb283c550a..864e5be1b389dad8408ecef2710b33f6d632a9ce 100644 GIT binary patch delta 546 zcmaFDdYEN`PJO;X=gh!O2X=PO;mwwEg z(}x4qz3UCQnpT*`23GlRk9n|8viwVDe|10_QK+aV%=%4)aBwf y+l@Kwt*3v=R`J+3>qIuEwDwc8JxdO;t)Ki~K4Fq_*o;g5b9a}#GkCxydKmyF>FIp{ delta 708 zcmX@i@`QDQPQ8&!s;75asj-=Vc$A@2PL+#MWKwcYXryzpNkmFTZbfL4Z-84_NUm9k zBUh%Sca>X7Qe?23pG8@DxS><3fsdt|wrO#mr=drfcA%$IWO9k2rDe8XK9{bYLUD11 zZfc5=si~o*LRLV2d0x7Le`sQ+e`G)0(~Oc3 zZEep;E?r$+1;;4Atn7Tl49A?ZM17~yygak|((Fjr@KO^$pJ2zZw4kaq{amNiirkdK zWUkNZ1+0;p>Ib}ojQ;IZdbeZw#r~f=9XTW7lzR7Ed|2&b{4r|Hmi({!tEa7F;TmJN;|_@7-8x@VdfxmwBsZ2*>4+LryKP_L++w`d_h=W&76W_b=AUT)Mtw zzRRX1zv?q2+>p#iqwxTlMxD%U+q!=*4@_ z#B<-aa53o_mtS_;?%ycyG2x1KDZ`_W+#8EyzC99-w@BSC&A!3EQ`aUSqi5&ZlFX|e z&(`}*OX=T}c2qFX$~W*riC|V}tIft0vv*&Ts-J2scHx(y?W9*8FGB++yso`EA;x^Q zkJBn%rJs6Y6(Uz8Pw~oLw`9Aq>SXj)!-xN0h>6XesnnUXhI#I`jqguSa5;5DVJ84Q C^c&{@ diff --git a/hosts/nixos/porthos/secrets/wireguard/private-key.age b/hosts/nixos/porthos/secrets/wireguard/private-key.age index 4abe1e5..d7e292e 100644 --- a/hosts/nixos/porthos/secrets/wireguard/private-key.age +++ b/hosts/nixos/porthos/secrets/wireguard/private-key.age @@ -1,10 +1,8 @@ age-encryption.org/v1 --> ssh-ed25519 cKojmg +WwRpd2MzycutQFXyLsr2+GzSgF67Z6UuvyqYZaLd3w -sppt8HzaZP3yxnvnhzjl18Trnz8g3VyXJ6CaVBWd7jA --> ssh-ed25519 jPowng wanoqGB7T8bim/WZ4IAYViFQoGzaIZSgeoTr3YKpeTY -ihDAdGa1XVW/qQz40V1v7a7iK7tu0EHMa7ayIogpcRw --> l-grease |PIcZ NIr >0;* -4o8o0bevQZ6uDSx1WxxlDCURbFCM+yK1XPdrb9aztCSvG2a+ne78E42l5rBcoH7I -m51A8uWS4nSj36N/76v6K4kelxKzWUg ---- O6cGbTAVbDcdmPHf7UzfZiyiRtu1yfL4sBI+CkJA1qw -q$`w'SX]?6/N(BNa.H7Ioz/4:sK",7J \ No newline at end of file +-> ssh-ed25519 cKojmg KslHl4v8yCsKZn5TduLgpTfpTi1uOInC9N2e8Ow83FI +NzcJJr8kw1ykAdWRZOeWdNhx0BTgE7FwTKcge+yLJ/w +-> ssh-ed25519 jPowng YGWcOai0A9l2HDZyV0GtD8kEbY/xTUssODFBcseWAkA +nJaHXkipFSHdyektoKV5y1jQrjkvnU7pwZwAymiQm7M +--- IgWkDulol1jRa+pcx7DbEy5pvC+2nrRJHsdQVPvPur0 +Bb<Ōb!E?:=srJCKz5{4`&N057v+1 ++(d{ Q \ No newline at end of file diff --git a/hosts/nixos/porthos/secrets/woodpecker/gitea.age b/hosts/nixos/porthos/secrets/woodpecker/gitea.age index e6ede6cc39553e75fd77dee696e90dd193a3daf0..11817ff5ec8bfb3860c5ef36305a12ecc012e668 100644 GIT binary patch delta 437 zcmbQwa)Eh*YJIYIepYU}f=`IMM}?trVrErPsb7juVxf6hg{y03QF4}Bj%9vOuxp^c zNlK|(RZ+MBSB_Ifie;XDx=nP*zKQHXP~bDo>NL1>akRH>m+NP4MxM1GW4qP~AJ zm#&>cadC!jYKoDmsiCDpRzQAvUb=!sN_L`0a9FxwVtr+>afnx%nTv_Jr(s!8foFMz zc3Eh!rAc~zSaC*9X;3+rXMR|DWsY-6g-L)}ma#!#XpyUXZd9;ePF}J{U{+O`p^veP zeu{Qrs-p#$uCA_vvv-w2j&GE2j$2h(vAaP)l2@{`bEL5GqrOrI^5G? zKbd-W*F;N)qce})x)eLByZ!Zo^m)aX*VM=Sbr0(^3ZF68Hpcl9!@+acTwnh=;qVy?IY9+MQ1;T`>&I){{FKD)MMviu1F@aneS= m=SB#H8p>Hntu=hu&cJfCHPYJFBfetBNHLWWmSMOCOvzG11iSB9razF~S%g=L0?d6`?Fzh!DbXpW~x zRiJi-iC3j7SB|e+VUVd~R*<`yWne^QvTt^3R)DupZl;B!Z;-RUS(;CFntq9~i+fTa zm#&>cadC!jYKoDmsiCDpvUh$~Zn}cGpTDa#w{kD+OJJA}-fTf3wnHU&|6Fzv2j! zq=@u-(~_*5qyiKDq9A?!^dJvI;~>l6{7~;=kG!DDKrUTfU4}c=j?#IH1n_|uQaEmLbFgOPp+(t`Z<=o&zq(+7@5aM)KAiUa3*)7 z+c#aI)%h<}qyzr$7jD0?H{p%fm294h9U(pwoN7PJe(}}r+iUx@?x!ZA+zRiazVTge zx@4cE_%*+BcI3nI-jf`RLQ;q3p4Ck`tIHM;zwU9J;W>9x#uf6meep9-o@I#2*n8qZ zcI)RY#WeDR9zxIBSN)8({f8ZWz}XW~Cs^{?lSS55i(XAZy2PQCMT(*J9;7Oh;l KFmi{|!;=7;aKaz} diff --git a/hosts/nixos/porthos/secrets/woodpecker/secret.age b/hosts/nixos/porthos/secrets/woodpecker/secret.age index 63a4862..89bcb6b 100644 --- a/hosts/nixos/porthos/secrets/woodpecker/secret.age +++ b/hosts/nixos/porthos/secrets/woodpecker/secret.age @@ -1,10 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 jPowng yz0I+AazPmamF7NOnwYNrPE/ArarU01jd2mVDJUPSTY -6Y/YQ7gb8cAZf3zT9SKOorvfUnU7kYff+gHh8fG2mY8 --> ssh-ed25519 cKojmg 0FZU9v8eHsVeE+EoX9Y4IgfIj/8+45waPaSnSDb961I -L6SzJoh5xqai45scoVAa6v9zslBGFYNnZY044d470uQ --> I[G-grease p -AMRQY1alSzHi/PLL80kcvnM1Z9YNfoUo9u5alWXYMyzrRsg+vXjMuBvAXg3fmnzr -wdOowTYMRV+jEG8vzkcQTsv+f7JIyo4DvOOaPyGfWMl1 ---- ih3IAFPcN1JP3FP1vcRGnPrfk91yrnIX0m/Szkbcf7Q -mWr_\)Ͱ]QxMs/݃ݪ6kYxMyJG)i2_'֜HF.g_e5#utՠ7jP'Tޥ8\IWUK1ں9 \ No newline at end of file +-> ssh-ed25519 cKojmg tAW2hbBSxsael6cdbN+vI4h1/PMNrWYct8cppCAasn0 +cex/wBTviSIXc8clNm5PGltTYa1Q5PwqlX4BGsNHiyU +-> ssh-ed25519 jPowng YxfhtpytvuhIARQAaJ0w94aOZiGNUOBR0pF+Sp80D2k +nMon/VdYUQTs6LFccDGeIKWeNYib1wwtFmEYZkDZxg0 +--- giL477X0+uZ2Ocvbixt5f5kNc1laj5P79oW8P9XsNP0 +d>cE?nbv_'2յ_6Pu:usE8ϓxuڶ̪x̧C[ .6 qJ5GK)N?EuU*cROc){PW#eVe+?#YjV~YT+GJCEKy-`5$>Y0vnjLE zZJj%BbaHuY&%C%-!I^3U(SuQOTp z2T%K~y6TSlYRAwSd*(&2Y@IlD!~DPtf73d4*gie6S>^a=U*&b7+k6<@SFDjbtZmtG zE!}q(>z7l4F52ZaS-)*v&g#znP`-9ow`@i0p4(h670qoD4<#u#vtSMYi{K*Dc`_y@cf0#F{>3HKZ}?)?}6j@=}mg?yuSVW zT=`^j;~{Q)kIRbd^cPOi+_>cF&3A#{6t`B-Tlv$S!>ar08Ot6KmcOy9I5 zWM8|9HEaHUAE&c?hmXY_;+8ag$u>Lf&!0^l-M{U>7*5-xJy}5NuX?+X#>&|J^Ikda znh>9G&+Ua=60@D&Tc*v+41HiuN$XmvV>lnAF7nQ*C}|eYh+8!`g4(c*NJ?) z9WTtRFMZ^6{6^m%qrF1kigr((?sj;(((E07udn=c=tz3As={J}tXuznBsjG8mfh0+ zc{}lwPQKaerC)k`F8eZV-N=5gK=b_J?KiBRs~yRgQMR?75c+7!gS%`u-`RZ(%$;p? z_v8H4%=u!8Dn47)r|)m`^fdTVdgR>4DeF|H%u?NJ?|a3mb!%GxE`tU&w&v^ioy_$F zt{o4%+kLs=(NPUPofiI$E50?q&AiY2*fikPLw=6j{cp7|dOehIY*I)`w^9*HpDB3h z+t<~J&YN`?yfuifZrrc-a#4kKrJcaam?-V{iaeiAC?tDcmdX^5Z*yZS?OFBv(3k(3 z!kW#gOZXdsgTg@+ZpFuZ7 z+uf#h&1OH17xG75M?QLUV(lc>vj?lK+(WOetK?H;JCgN2_perj;Vz9W?e>m;mY!R^ z=l12tCuVxp^Ctz1864GdFJCsXvS{{-tCKty6<&Ux?b!KimY8)@a`-auZS|89&h-Cb z-m6vIy?4!z5}g$`p*A7n`}B0*JYK)>@_oy$o1N-z)h#dNe|KF zZsHJLR-kol_mx_Uqkr4l{6(h8s(-xuB%{mW#i>~1DOFMnrPNoX&c14FsT?F(AaeUh z!okdW2eTyIM7Q<*pC>qRpWDTc8y+`bc8l99sJ+8d%Dlx;xL;!PLNN`4JxlmDEjQeI z&&$DCxny~C)v;&)KQ682HCh*Q?7R4si&MK61&er|?RDhd|6|?K+n>MAY|Cb|y*Blp zT+>%87KZ{sgNB{;zZNDvQw!1hQtlgX{PIOqQte6B=I^gn;$I$iC`o-G;ct0GmBnFc z_@rs2#``j#xrlt3_|%}2$G!W(mB~G?WNzM36z6{|_fja%tM(}i|MGJQ`%+i1^q+AL zh~s#r`D0ZLYo)r|PiMgcyKgW0ZN1ktdTC`0-`cAlrWH(&etbQ-`e(uXO^d=R{={%3 z8vkE9tM=;0J^u>XK0V@pv9s}ux#stOCs+NJH#k}woGVrpx-7?Y^Xan+JD<;qc4ZZD zowDZ8an2VLBe@$KY)U;sZEaNp4jNvsOBVUL=UI@#v)ls)67LtdMri+jQBio|ifygw zB$3kv@|zB5O;tRg=Q8bWqgZ0jx3BZ+CD){Fy6jT(Wz*hO*>jIyPcwX*BVWhZt18B_ zbjH&3vnT(}`yo~OIh%czz0Bb)(;rT#5|)!x+aTk-y|KDnf>+fr|Tu&y^@KX3ERD9G>a$zRX;E>97R6Di(dBx}+8c!%T)MnmO8l83|} z)jVu^H|dkFDc8XdQw+Dexv%&&UC=Z6$H}(Tv$>zo9Iq-fk>j3ufZ2SP5x@QQ6Nhhz zS;)2>T2t7vYEx0ae}l|@H>0Xc+`ad{G8o?3#PFVx_s=x9MumVW7LQ*aT)50|hwj;j zpA#RZg_S>6&IJcNm=XJrhwN>?jJ&TDOEq} zpSJL-)4?g`S!{VrB#d6QYi~T?mYTU~)qy^hjfOkA{m#kn@a(8J2)J5pw`7s|AG=9O z2Q`eEZxuaHy5I8Xr*+0j@9&Zx>$!@=Hg9-)LoI3U)lc`=uD_^#^rE*v*G)bvll|LQ z9Fu&*!9IWUQk%?0Yp(_9d{W{#yMp87wnCN#X6~kULocwJURnQ!t#_;Uj^nx#Qs`^9;Xw{dyt5<0CqAvVp`)pPTa^zilo5VdVPk-z?wVOU-;Hr1Tw2 zD~wsOZ(T$}^ua7+m1Qmy>g{!ZIOU&`lYHmg@^zxmQPw}!)AlQ!UVP8%!S5Ck7} z-V2u-9pcFQ>5+B+++&uF^|5WguAHfeJ@Gbb%HHjNg7>DL-J^Zsl!En%Wi3;<=A1wA z>cHygKp&IO;jIUPCVB|XHZ{s&*Z#X?Yy5{*XY5>UFV@)@ALm_sqSI(Q=WSJu?e75G-nvv79_hOilpe9du+tmo8u6N%Koo2~9p10z})Cgmj$hP%U+fGbYcb*@~ zb!ER&*U3M>qpNI|ZfPv3iD9&vbLx$EQs-H>aon(1(%^}_66+6Dv z_s?i>>f1a;xGKP?Z{-d9Id?w==6|``+;W{ zp4Fb@t90*JGxN*xBF+67l1tlaxXVl{R$OBau6P`6aLvVNbK9+V>&+PpBc&8?8;gInTc6GlfI?&dF8wPXERe&C{T$R`+|Kj7IfC!|flr=Ql1b|G&lN ziloVbz!%lK!?(x8r?_QQt<$#JB|k6Y>Vywh&99!^x${CzPM=#z*43R;w)Qh0^gh?D zW3zXi;i)(Ct_m`hXn(6x2zmW_#_rwMIlfJd-BDUUbxT+2qb!}bv*O~TCv>ze(aUE1 zzi`EzY>DVk8T}uG583REXHXPb?^Sb&*X~=mbJ(M$h7r6SQ#G$}l^t86W_)nNkqr}H zWIi}$S8_ts=!<7L3^*Xo+$M9~QF3$Wf$OhyqmO?pZF-w7F)@`TKh|ur zqCsiVg*VyGr~W4Pp1!c{PWAokPWSj$XjYf}Z!~$rv+w9J)mO_`{$YLJbxi8B+J+yw z`k%CpCR$eat>T!h!lWL{?loCMd*hoE$I3LW@8@P{o%lWU*u(1)2K%DkoH%fzv+Jv) q<@6&*=M`tpd;46faLUp6xpM`+Upc4nW_kO^D+e9sR2UuoUJC#v#vv#G literal 3799 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSn_Ri1BO;@NW2`?`+ zPsvL6@G|jp@hZ%UO3L;q%Zo4!s&bAj3-wF$O?S>MaP@c3%;t(nPc}*Rbj)*&2-45? zt$}K!Jt=vC5xwJIW zA|k`2FfTVh!ptQ@Kg1nMm~MJeYGQG!LVTr>LU~SJgonL}f|{R~t%47i zuTO=UkCS(1s;R4!M{bIDZc2V+MpAKpl!u|CpIMcUaam5TV^ErRS&nbENkv*vWk5<; zepp^|kcE-AYd}>lm#(g^LXd?~nR`)WzGJ3&MqX;Fe@I1;WkF!6nY&M+ziEzJc$sUk zn`LpaftPt8*MVa{E@+%JKU2KHS^m_5%||zQ+rRbaOg>X{_QmSIrWLO5UFA-5ewp!) zOSUxdeO!O3NZE|HhgF(a%uR4S^y^miX_>(81G^Qr{f;d;`E1?RdpiFwWGnh7Ik?^b zA7v8hwmQ0f%F*Rsd=ghVa?P9$OxSnP;KuPCEw3#;>xx?5SikVx7T*ekph=ADtS4~Z zm@#RKQbNz+i-%r*opJY{hDwJ`(}tv~n+*aL7cVq=nU-)u;2o$>Y^_xHqCU%njTxvV#L z$-CKi&g%5PmY){KuuP$l0hj~oKM@6Ir&!WrZZ=xDL&ccq58q`$HUlI`4vV{jc3Ca zyFc#{-0;lLuHcDJmf^wGXH3E^j@|5>E_i1(ukpb^VX1%}0`K4T-&_3t+(n*~Z=)ht z-l*kS>QsK-T%UQ}#VHy0ABRbwMY4{ulX| zDG9711~R9oZsXgc_O+HjIrz|a=QfMm-oi_j~>BZT__>%&v0J^c(V(dQ(}JtXUYoZV4kVd#>D!z_qN~1i5}1 zCa}!d!Lf+lFwt6(FWP>4{-=9qR&8_<_cXJd=$N)M{)@j#WkY-;~-%VQlvpG}G9 z%oYqkb^rde_D{3=QY}-I7%bPDZiu|MC1B|lwWYT2rmxz$t0i+s{F3jk(V4T2qE4Q? zS-=`SeYRqO_SeXJ7x)%P3!JF?xaTCd{yGiUzBghMV}8B+zbZqn$oRtAyM|J;I$o)* zWi`kQoI5q<&duZNPO$~vT03$dSm^7+q~PbXQs zglQ~w`}5iP;+-QMPqxYhBuudPdiN+;f!`=^p2^C0o4%gcvDl_Kjm>0f2kSDHNw*{Q zzr0tre-$>%{)pi3z&+(@%%QU4*7mG69~GGs8|Kg7{wVnPtOduKCU4%bO3H8T@8Fc{ z@`qkskKty$QTBABk%e1`$#>?G+Vbh|zVP;*{~T%}ulitu)C!iSna>>`ucF0{jn)F{jQ&(xL;JY1+n?LzDPm-}q`26+29KlTv z+iJ27d(2v~b}rY4KgL19M+}{F;y&b%4yZJ+Juj!;(il|Lj@c32ezbZ(e@-YEI3kd-Y-S_eFbgSq4tnFIL&{J?dlL*8R4z zWs4&Y1sT;Uv^f8jHQmG-=#(7YxcU@pr|`*s-lDA^&VLZ86XGrSDXOpWc%_P^-@B;^ z@>NV`*X>_g|7)4L{@(OFVY^vHrvztqd~$Jp_|`Im?Y&lSgWTfq|2tL*Z&>;G(yyzU zk-7^EX2+>b<=FJ`e1@QHU;DqD9V%6}Dy|uK?k1f1cX`RCh_;o!KWkR#Zq><YC%-|0chgCFCW)chikSi&s@CWj?kNZ762H_}nSsUiqA?t38|A^tGED zX1%hhnpAad?X!rJsSi$BhhN@y_uzW_Sw6a%52Y_eKMQvj-oVqWY@ws6bn+%&F6-y- zJLXudoPGMg56?Y6jf*}vB+rwK5Xj0;HLHOm#%RCeR93@>%8zIt?7NX zdAF*qcI>KNdTOJ}*6Vx^8dg`XogTHo-!D;p*_?CA39d@7XZI8bKCks_UnLe}+VFJF zbyuKKUow{pwXSqqutuZYP!y{pru+@kb2nQhPfh)u04KZaRv+tXt6#eh$lu`BY5 z+H&4W3Z6UcdXA+&@^to^Z^lM=*HZ{s`MmH4|Bu zEqU*%{7Gu&nN;5I{U>6+O;p^vZP(<$OQ-Trtuy@3)GBJ6aH_DUeaDuJ`TO5A_uUZ| z^Z8gcQDfK7qmEyn-L+QmGS6QoyudoOwQ%0<8NFR|`}u9#ORvXy{!Gb_4!&T=byGxp z#pMaMbJj*YT)28m%+f!yH#wA35+g&r8QlJrZ<#h=#EwT z{4P(QujkSWzFFGt{dY?K+J0oVx_;GpM?rj~xu!;l?H})Askg2FPCK+F75mw8FqW~i zdCPc|Zk%iR{{`ov5BJTMWkkKsGj+6Y{IS7Tq9*vawA`e5MOYZWXr zimX?k2{lyR!9TC^$>K>f@6hNrt(_5>&F7*^s{&5oH0ceA4gRW~Z{w4s#wkN0SaJBrpb!9JE!ul;pMLGZktQz=Sjam{-E_rO={(K_Z$1Zd}v#B;isfd z_0jZqPH#WyYc4<27T5E?Yn7a>(>j&+<=mbTGd)E07aB?J^Im#1-RJrzcl2Ycle|9 zs#n`57i7QAUU+FC<5N3}vsVS~owWXuy4cw4_;l+=`9+t-?yvD?nJKpR+kvxR%IC&( zRo+`#KX3Q3r(dqW5&5PSU>AGfhI4PWHFk;;Yqk-Egks>qE8v-Ul*&M6+!d5WDH0C-7p{ zqED@F&#l^X?s*mSOYRv>9l5pK;ft2O@D2F(_w9wnoEgcj)6YD;I@5D&(%i~h!E@iA zDZamFs&mQw#gCdly47-v9S_fPOyIm9J^kzvuf0-h93+cBpLr*Jc6sj7&86CAHIJ?* dKeP;5bk>p0qW`T_@y>laN{U{!uw>4i0{~1wH){X@ From e2091e9e2ec36e602f5a9a47412238951260b146 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 26 Jan 2024 23:35:06 +0100 Subject: [PATCH 30/32] nixos: services: nextcloud: use HTTPS This should fix my issue with the sliding sync server. --- modules/nixos/services/nextcloud/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/nixos/services/nextcloud/default.nix b/modules/nixos/services/nextcloud/default.nix index f2ac8e3..580e9ea 100644 --- a/modules/nixos/services/nextcloud/default.nix +++ b/modules/nixos/services/nextcloud/default.nix @@ -43,6 +43,8 @@ in dbhost = "/run/postgresql"; }; + https = true; + extraOptions = { overwriteprotocol = "https"; # Nginx only allows SSL }; From 58b22b7354c59c6b8a0c1e04a2883bf99414117a Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 25 Jan 2024 20:27:29 +0000 Subject: [PATCH 31/32] home: firefox: tridactyl: remove 'Nitter' rule Turns out it's very annoying when the Nitter instance has been rate limited. This reverts commit e514389a3d3ea25e311b3dd3b24cdd1f7c6eec65. --- modules/home/firefox/tridactyl/tridactylrc | 2 -- 1 file changed, 2 deletions(-) diff --git a/modules/home/firefox/tridactyl/tridactylrc b/modules/home/firefox/tridactyl/tridactylrc index 0401292..4dc53cf 100644 --- a/modules/home/firefox/tridactyl/tridactylrc +++ b/modules/home/firefox/tridactyl/tridactylrc @@ -69,8 +69,6 @@ unbind " Redirections {{{ " Always redirect Reddit to the old site autocmd DocStart ^http(s?)://www.reddit.com js tri.excmds.urlmodify("-t", "www", "old") -" Use a better Twitter front-end -autocmd DocStart ^http(s?)://twitter.com js tri.excmds.urlmodify("-t", "twitter.com", "nitter.net") " }}} " Disabled websites {{{ From 2172710dc8fbec03b42e707b2164aa7f96f0e761 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 22 Dec 2023 23:27:04 +0100 Subject: [PATCH 32/32] WIP: nixos: services: add aria --- hosts/nixos/porthos/services.nix | 3 ++ modules/nixos/services/aria/default.nix | 70 +++++++++++++++++++++++++ modules/nixos/services/default.nix | 1 + 3 files changed, 74 insertions(+) create mode 100644 modules/nixos/services/aria/default.nix diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix index d73cdc1..2c65661 100644 --- a/hosts/nixos/porthos/services.nix +++ b/hosts/nixos/porthos/services.nix @@ -10,6 +10,9 @@ in adblock = { enable = true; }; + aria = { + enable = true; + }; # Backblaze B2 backup backup = { enable = true; diff --git a/modules/nixos/services/aria/default.nix b/modules/nixos/services/aria/default.nix new file mode 100644 index 0000000..a31b6f6 --- /dev/null +++ b/modules/nixos/services/aria/default.nix @@ -0,0 +1,70 @@ +{ config, lib, pkgs, ... }: +let + cfg = config.my.services.aria; +in +{ + options.my.services.aria = with lib; { + enable = mkEnableOption ""; + + rpcPort = mkOption { + type = types.port; + default = 6800; + example = 8080; + description = "RPC port"; + }; + + downloadDir = mkOption { + type = types.str; + default = "/data/downloads"; + example = "/var/lib/transmission/download"; + description = "Download directory"; + }; + + # FIXME: secrets file + }; + + config = lib.mkIf cfg.enable { + services.aria2 = { + enable = true; + + inherit (cfg) downloadDir; + + rpcListenPort = cfg.rpcPort; + }; + + # Expose DHT ports, but not RPC ports + networking.firewall = { + allowedUDPPortRanges = config.services.aria2.listenPortRange; + }; + + # Set-up media group + users.groups.media = { }; + + systemd.services.aria2 = { + serviceConfig = { + Group = lib.mkForce "media"; # Use 'media' group + }; + }; + + my.services.nginx.virtualHosts = [ + { + subdomain = "aria-rpc"; + port = cfg.rpcPort; + # Proxy websockets for RPC + extraConfig = { + locations."/".proxyWebsockets = true; + }; + } + { + subdomain = "aria"; + root = "${pkgs.ariang}/share/ariang"; + # For paranoia, don't allow anybody to use the UI unauthenticated + sso = { + enable = true; + }; + } + ]; + + # FIXME: fail2ban rules + }; +} diff --git a/modules/nixos/services/default.nix b/modules/nixos/services/default.nix index b27570d..3e2b3c8 100644 --- a/modules/nixos/services/default.nix +++ b/modules/nixos/services/default.nix @@ -3,6 +3,7 @@ { imports = [ ./adblock + ./aria ./backup ./blog ./calibre-web