swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2026-04-14 05:09:09 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

chore: update flake

Browse source
This commit is contained in:
Leon Schwarzäugl 2026-03-05 23:09:50 +01:00
parent c1a5cfa20c
commit 2ea5b9c764
Signed by: swarsel
GPG key ID: 26A54C31F2A4FD84
25 changed files with 1527 additions and 1270 deletions
Download patch file Download diff file Expand all files Collapse all files

266
SwarselSystems.org
View file

@ -1738,7 +1738,9 @@ A short overview over each input and what it does:
smallpkgs.url = "github:nixos/nixpkgs/08fcb0dcb59df0344652b38ea6326a2d8271baff?narHash=sha256-HXIQzULIG/MEUW2Q/Ss47oE3QrjxvpUX7gUl4Xp6lnc%3D&shallow=1";
nixpkgs-dev.url = "github:Swarsel/nixpkgs/main";
nixpkgs-bisect.url = "github:nixos/nixpkgs/master";
nixpkgs-kernel.url = "github:NixOS/nixpkgs/063f43f2dbdef86376cc29ad646c45c46e93234c?narHash=sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o%3D"; #specifically pinned for kernel version
nixpkgs-update.url = "github:r-ryantm/nixpkgs/auto-update/oauth2-proxy";
# nixpkgs-kernel.url = "github:NixOS/nixpkgs/063f43f2dbdef86376cc29ad646c45c46e93234c?narHash=sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o%3D"; #specifically pinned for kernel version
nixpkgs-kernel.url = "github:nixos/nixpkgs/dd9b079222d43e1943b6ebd802f04fd959dc8e61?narHash=sha256-I45esRSssFtJ8p/gLHUZ1OUaaTaVLluNkABkk6arQwE%3D"; #specifically pinned for kernel version
nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-25.11";
nixpkgs-oddlama.url = "github:oddlama/nixpkgs/update/firezone-server";
nixpkgs-stable24_05.url = "github:NixOS/nixpkgs/nixos-24.05";
@ -1780,7 +1782,8 @@ A short overview over each input and what it does:
systems.url = "github:nix-systems/default";
nur.url = "github:nix-community/NUR";
nixgl.url = "github:guibou/nixGL";
stylix.url = "github:danth/stylix";
# stylix.url = "github:danth/stylix";
stylix.url = "github:Swarsel/stylix";
sops.url = "github:Mic92/sops-nix";
lanzaboote.url = "github:nix-community/lanzaboote";
nix-on-droid.url = "github:nix-community/nix-on-droid/release-24.05";
@ -1797,6 +1800,7 @@ A short overview over each input and what it does:
flake-parts.url = "github:hercules-ci/flake-parts";
devshell.url = "github:numtide/devshell";
spicetify-nix.url = "github:Gerg-l/spicetify-nix";
# spicetify-nix.url = "github:Swarsel/spicetify-nix";
niri-flake.url = "github:sodiboo/niri-flake";
nixos-extra-modules.url = "github:oddlama/nixos-extra-modules/main";
microvm.url = "github:astro/microvm.nix";
@ -3366,7 +3370,7 @@ This is an improvement to what I did earlier, where I did not use =nixos-generat
packages = {
# nix build --print-out-paths --no-link .#live-iso
live-iso = inputs.nixos-generators.nixosGenerate {
inherit pkgs;
inherit pkgs system;
specialArgs = { inherit self; };
modules = [
inputs.home-manager.nixosModules.home-manager
@ -3899,7 +3903,8 @@ This system is built with support for arm emulation, so it can build configurati
# '';
boot = {
kernelPackages = lib.mkDefault pkgs.kernel.linuxPackages;
# kernelPackages = lib.mkDefault pkgs.kernel.linuxPackages;
kernelPackages = lib.mkDefault pkgs.kernel.linuxPackages_latest;
# kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
binfmt.emulatedSystems = [ "aarch64-linux" ];
initrd = {
@ -10926,31 +10931,30 @@ When a program does not work, start with =nix-ldd <program>=. This will tell you
pipewire
pixman
speex
# stable.cc.cc
stable25_05.steam-fhsenv-without-steam
steam-fhsenv-without-steam
systemd
tbb
vulkan-loader
xorg.libICE
xorg.libSM
xorg.libX11
xorg.libXScrnSaver
xorg.libXcomposite
xorg.libXcursor
xorg.libXdamage
xorg.libXext
xorg.libXfixes
xorg.libXft
xorg.libXi
xorg.libXinerama
xorg.libXmu
xorg.libXrandr
xorg.libXrender
xorg.libXt
xorg.libXtst
xorg.libXxf86vm
xorg.libxcb
xorg.libxshmfence
libice
libsm
libx11
libxscrnsaver
libxcomposite
libxcursor
libxdamage
libxext
libxfixes
libxft
libxi
libxinerama
libxmu
libxrandr
libxrender
libxt
libxtst
libxxf86vm
libxcb
libxshmfence
zlib
];
};
@ -12934,7 +12938,7 @@ This is the configuration to make [[#h:58c7563e-6954-42e6-a622-9d06523e8e24][Hin
Kavita is the service I use for my library management. It seems more tailored towards comics/graphic novels, but still I prefer its interface to what calibre offers.
#+begin_src nix-ts :tangle modules/nixos/server/kavita.nix
{ self, lib, config, pkgs, globals, dns, confLib, ... }:
{ lib, config, globals, dns, confLib, ... }:
let
inherit (config.swarselsystems) sopsFile;
@ -12944,9 +12948,6 @@ Kavita is the service I use for my library management. It seems more tailored to
{
options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
config = lib.mkIf config.swarselmodules.server.${serviceName} {
environment.systemPackages = with pkgs; [
calibre
];
users = {
persistentIds.kavita = confLib.mkIds 995;
@ -13966,7 +13967,7 @@ My file server. I aim to decomission this as soon as I can, however, I need a re
inherit (confLib.gen { name = "nextcloud"; port = 80; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress proxyAddress4 proxyAddress6;
inherit (confLib.static) isHome dnsServer webProxy homeWebProxy homeServiceAddress nginxAccessRules;
nextcloudVersion = "32";
nextcloudVersion = "33";
in
{
options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
@ -14243,11 +14244,12 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml=
gotenberg = {
enable = true;
package = pkgs.stable.gotenberg;
package = pkgs.gotenberg;
libreoffice.package = pkgs.libreoffice;
port = gotenbergPort;
bindIP = "127.0.0.1";
timeout = "600s";
chromium.package = pkgs.stable.chromium;
chromium.package = pkgs.chromium;
};
};
@ -14930,7 +14932,9 @@ This section exposes several metrics that I use to check the health of my server
analytics.reporting_enabled = false;
users.allow_sign_up = false;
security = {
admin_password = "$__file{/run/secrets/grafana-admin-pw}";
# admin_password = "$__file{/run/secrets/grafana-admin-pw}";
disable_initial_admin_creation = true;
secret_key = "$__file{${config.sops.secrets.grafana-admin-pw.path}}";
cookie_secure = true;
disable_gravatar = true;
};
@ -15799,9 +15803,10 @@ kanidm person credential create-reset-token <user>
services = {
${serviceName} = {
package = pkgs.kanidmWithSecretProvisioning_1_8;
enableServer = true;
serverSettings = {
package = pkgs.kanidmWithSecretProvisioning_1_9;
server = {
enable = true;
settings = {
domain = serviceDomain;
origin = "https://${serviceDomain}";
# tls_chain = config.sops.secrets.kanidm-self-signed-crt.path;
@ -15811,12 +15816,15 @@ kanidm person credential create-reset-token <user>
bindaddress = "0.0.0.0:${toString servicePort}";
# trust_x_forward_for = true;
};
enableClient = true;
clientSettings = {
uri = config.services.kanidm.serverSettings.origin;
};
client = {
enable = true;
settings = {
uri = config.services.kanidm.server.settings.origin;
verify_ca = true;
verify_hostnames = true;
};
};
provision = {
enable = true;
adminPasswordFile = config.sops.secrets.kanidm-admin-pw.path;
@ -16205,9 +16213,9 @@ This can be used to add OIDC in a way to services that do not support it nativel
domain = ".${mainDomain}";
secure = true;
expire = "900m";
secret = null; # set by service EnvironmentFile
secretFile = null;
};
clientSecret = null; # set by service EnvironmentFile
clientSecretFile = null;
reverseProxy = true;
httpAddress = "0.0.0.0:${builtins.toString servicePort}";
redirectURL = "https://${serviceDomain}/oauth2/callback";
@ -18341,7 +18349,7 @@ When changing the hashed passwords, =dovecot= needs to be restarted manually, it
};
# the rest of the ports are managed by snm
networking.firewall.allowedTCPPorts = [ 80 servicePort ];
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.nginx = {
virtualHosts = {
@ -18372,8 +18380,8 @@ When changing the hashed passwords, =dovecot= needs to be restarted manually, it
"${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host endpointAddress4 endpointAddress6;
"${globals.services.roundcube.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
};
${webProxy}.services.nginx = confLib.genNginx { inherit serviceAddress servicePort serviceName extraConfigLoc; serviceDomain = roundcubeDomain; maxBody = 0; };
${homeWebProxy}.services.nginx = lib.mkIf isHome (confLib.genNginx { inherit servicePort serviceName extraConfigLoc; serviceDomain = roundcubeDomain; maxBody = 0; extraConfig = nginxAccessRules; serviceAddress = homeServiceAddress; });
${webProxy}.services.nginx = confLib.genNginx { inherit serviceAddress servicePort serviceName extraConfigLoc; serviceDomain = roundcubeDomain; protocol = "https"; maxBody = 0; };
${homeWebProxy}.services.nginx = lib.mkIf isHome (confLib.genNginx { inherit servicePort serviceName extraConfigLoc; serviceDomain = roundcubeDomain; protocol = "https"; maxBody = 0; extraConfig = nginxAccessRules; serviceAddress = homeServiceAddress; });
};
};
@ -20851,7 +20859,6 @@ This holds packages that I can use as provided, or with small modifications (as
picard-tools
audacity
sox
# stable.feishin # does not work with oauth2-proxy
calibre
# printing
@ -21522,6 +21529,10 @@ This section is for programs that require no further configuration. zsh Integrat
];
};
};
home.sessionVariables = {
_ZO_EXCLUDE_DIRS = "$HOME:$HOME/.ansible/*:$HOME/test/*:/persist";
};
};
}
#+end_src
@ -25863,7 +25874,7 @@ This service changes the screen hue at night. I am not sure if that really does
reduceMotion = true;
spacebarRatesCard = true;
# videoDriver = "opengl";
sync = {
profiles."User 1".sync = {
autoSync = false; # sync on profile close will delay system shutdown
syncMedia = true;
autoSyncMediaMinutes = 5;
@ -27333,7 +27344,10 @@ When setting up a new machine:
prometheus.cli
tigervnc
# openstackclient
step-cli
vscode-fhs
copilot-cli
antigravity
@ -27457,7 +27471,7 @@ When setting up a new machine:
programs =
let
inherit (confLib.getConfig.repo.secrets.local.work) user1 user1Long user2 user2Long user3 user3Long user4 path1 loc1 loc2 site1 site2 site3 site4 site5 site6 site7 lifecycle1 lifecycle2 domain1 domain2 gitMail clouds;
inherit (confLib.getConfig.repo.secrets.local.work) user1 user1Long user2 user2Long user3 user3Long user4 path1 loc1 loc2 site1 site2 site3 site4 site5 site6 site7 lifecycle1 lifecycle2 domain1 domain2 clouds;
in
{
openstackclient = {
@ -27478,7 +27492,8 @@ When setting up a new machine:
# };
# };
};
git.settings.user.email = lib.mkForce gitMail;
# this is no longer needed since moving away from bitbucket
# git.settings.user.email = lib.mkForce gitMail;
zsh = {
shellAliases = {
@ -28274,17 +28289,20 @@ This is where the theme for the whole OS is defined. Originally, this noweb-ref
In short, the options defined here are passed to the modules systems using =_modules.args= - they can then be used by passing =vars= as an attribute in the input attribute set of a modules system file (=basically all files in this configuration)
#+begin_src nix-ts :noweb yes :tangle modules/shared/vars.nix
{ self, lib, pkgs, ... }:
{ self, pkgs, ... }:
{
_module.args = {
vars = rec {
waylandSessionVariables = {
SDL_VIDEODRIVER = "wayland";
QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
QT_QPA_PLATFORM = "wayland-egl";
ANKI_WAYLAND = "1";
OBSIDIAN_USE_WAYLAND = "1";
MOZ_ENABLE_WAYLAND = "1";
MOZ_WEBRENDER = "1";
NIXOS_OZONE_WL = "1";
OBSIDIAN_USE_WAYLAND = "1";
QT_QPA_PLATFORM = "wayland-egl";
QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
SDL_VIDEODRIVER = "wayland";
_JAVA_AWT_WM_NONREPARENTING = "1";
};
waylandExports =
@ -28370,28 +28388,28 @@ In short, the options defined here are passed to the modules systems using =_mod
noscript
# configure a shortcut 'ctrl+shift+c' with behaviour 'do nothing' in order to disable the dev console shortcut
(buildFirefoxXpiAddon {
pname = "shortkeys";
version = "4.0.2";
addonId = "Shortkeys@Shortkeys.com";
url = "https://addons.mozilla.org/firefox/downloads/file/3673761/shortkeys-4.0.2.xpi";
sha256 = "c6fe12efdd7a871787ac4526eea79ecc1acda8a99724aa2a2a55c88a9acf467c";
meta = with lib;
{
description = "Easily customizable custom keyboard shortcuts for Firefox. To configure this addon go to Addons (ctrl+shift+a) ->Shortkeys ->Options. Report issues here (please specify that the issue is found in Firefox): https://github.com/mikecrittenden/shortkeys";
mozPermissions = [
"tabs"
"downloads"
"clipboardWrite"
"browsingData"
"storage"
"bookmarks"
"sessions"
"<all_urls>"
];
platforms = platforms.all;
};
})
# (buildFirefoxXpiAddon {
# pname = "shortkeys";
# version = "4.0.2";
# addonId = "Shortkeys@Shortkeys.com";
# url = "https://addons.mozilla.org/firefox/downloads/file/3673761/shortkeys-4.0.2.xpi";
# sha256 = "c6fe12efdd7a871787ac4526eea79ecc1acda8a99724aa2a2a55c88a9acf467c";
# meta = with lib;
# {
# description = "Easily customizable custom keyboard shortcuts for Firefox. To configure this addon go to Addons (ctrl+shift+a) ->Shortkeys ->Options. Report issues here (please specify that the issue is found in Firefox): https://github.com/mikecrittenden/shortkeys";
# mozPermissions = [
# "tabs"
# "downloads"
# "clipboardWrite"
# "browsingData"
# "storage"
# "bookmarks"
# "sessions"
# "<all_urls>"
# ];
# platforms = platforms.all;
# };
# })
];
};
@ -31136,8 +31154,8 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a
security = lib.mkDefault true;
sops = lib.mkDefault true;
stylix = lib.mkDefault true;
sway = lib.mkDefault true;
swayosd = lib.mkDefault true;
sway = lib.mkDefault false; # niri
swayosd = lib.mkDefault false; # niri
syncthing = lib.mkDefault true;
systemdTimeout = lib.mkDefault true;
time = lib.mkDefault true;
@ -31211,48 +31229,9 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a
{
options.swarselprofiles.hotel = lib.mkEnableOption "is this a hotel host";
config = lib.mkIf config.swarselprofiles.hotel {
swarselprofiles.personal = true;
swarselmodules = {
packages = lib.mkForce true;
general = lib.mkForce true;
home-manager = lib.mkForce true;
xserver = lib.mkForce true;
users = lib.mkForce true;
sops = lib.mkForce true;
env = lib.mkForce true;
security = lib.mkForce true;
systemdTimeout = lib.mkForce true;
hardware = lib.mkForce true;
pulseaudio = lib.mkForce true;
pipewire = lib.mkForce true;
network = lib.mkForce true;
time = lib.mkForce true;
stylix = lib.mkForce true;
programs = lib.mkForce true;
zsh = lib.mkForce true;
syncthing = lib.mkForce true;
blueman = lib.mkForce true;
networkDevices = lib.mkForce true;
gvfs = lib.mkForce true;
interceptionTools = lib.mkForce true;
swayosd = lib.mkForce true;
ppd = lib.mkForce true;
yubikey = lib.mkForce false;
ledger = lib.mkForce true;
keyboards = lib.mkForce true;
login = lib.mkForce true;
nix-ld = lib.mkForce true;
impermanence = lib.mkForce true;
nvd = lib.mkForce true;
gnome-keyring = lib.mkForce true;
sway = lib.mkForce true;
xdg-portal = lib.mkForce true;
distrobox = lib.mkForce true;
appimage = lib.mkForce true;
lid = lib.mkForce true;
lowBattery = lib.mkForce true;
lanzaboote = lib.mkForce true;
autologin = lib.mkForce true;
nftables = lib.mkDefault true;
yubikey = false;
};
};
@ -31393,8 +31372,8 @@ This holds modules that are to be used on most hosts. These are also the most im
anki-tray = lib.mkDefault true;
attic-store-push = lib.mkDefault true;
atuin = lib.mkDefault true;
autotiling = lib.mkDefault true;
batsignal = lib.mkDefault true;
autotiling = lib.mkDefault false; # niri
batsignal = lib.mkDefault false; # niri
blueman-applet = lib.mkDefault true;
desktop = lib.mkDefault true;
direnv = lib.mkDefault true;
@ -31406,17 +31385,18 @@ This holds modules that are to be used on most hosts. These are also the most im
firefox = lib.mkDefault true;
firezone-tray = lib.mkDefault true;
fuzzel = lib.mkDefault true;
gammastep = lib.mkDefault true;
gammastep = lib.mkDefault false; # niri
general = lib.mkDefault true;
git = lib.mkDefault true;
gnome-keyring = lib.mkDefault true;
gpgagent = lib.mkDefault true;
hexchat = lib.mkDefault true;
kanshi = lib.mkDefault true;
kanshi = lib.mkDefault false; # niri
kdeconnect = lib.mkDefault true;
kitty = lib.mkDefault true;
khal = lib.mkDefault true;
mail = lib.mkDefault true;
mako = lib.mkDefault true;
mako = lib.mkDefault false; # niri
nix-index = lib.mkDefault true;
nixgl = lib.mkDefault true;
nix-your-shell = lib.mkDefault true;
@ -31435,9 +31415,9 @@ This holds modules that are to be used on most hosts. These are also the most im
ssh = lib.mkDefault true;
starship = lib.mkDefault true;
stylix = lib.mkDefault true;
sway = lib.mkDefault true;
sway = lib.mkDefault false; # niri
swayidle = lib.mkDefault true;
swaylock = lib.mkDefault true;
swaylock = lib.mkDefault false; # niri
swayosd = lib.mkDefault true;
symlink = lib.mkDefault true;
tmux = lib.mkDefault true;
@ -31529,41 +31509,15 @@ This holds modules that are to be used on most hosts. These are also the most im
{
options.swarselprofiles.hotel = lib.mkEnableOption "is this a hotel host";
config = lib.mkIf config.swarselprofiles.hotel {
swarselprofiles.personal = true;
swarselmodules = {
packages = lib.mkForce true;
ownpackages = lib.mkForce true;
general = lib.mkForce true;
nixgl = lib.mkForce true;
sops = lib.mkForce true;
yubikey = lib.mkForce false;
ssh = lib.mkForce true;
stylix = lib.mkForce true;
desktop = lib.mkForce true;
symlink = lib.mkForce true;
ssh = lib.mkForce false;
env = lib.mkForce false;
programs = lib.mkForce true;
nix-index = lib.mkForce true;
direnv = lib.mkForce true;
eza = lib.mkForce true;
git = lib.mkForce false;
fuzzel = lib.mkForce true;
starship = lib.mkForce true;
kitty = lib.mkForce true;
zsh = lib.mkForce true;
zellij = lib.mkForce true;
tmux = lib.mkForce true;
mail = lib.mkForce false;
emacs = lib.mkForce true;
waybar = lib.mkForce true;
firefox = lib.mkForce true;
gnome-keyring = lib.mkForce true;
kdeconnect = lib.mkForce true;
mako = lib.mkForce true;
swayosd = lib.mkForce true;
yubikeytouch = lib.mkForce true;
sway = lib.mkForce true;
kanshi = lib.mkForce true;
gpgagent = lib.mkForce true;
emacs = lib.mkForce false;
obsidian = lib.mkForce false;
gammastep = lib.mkForce false;
};
};

1363
flake.lock generated
View file

File diff suppressed because it is too large Load diff

8
flake.nix
View file

@ -28,7 +28,9 @@
smallpkgs.url = "github:nixos/nixpkgs/08fcb0dcb59df0344652b38ea6326a2d8271baff?narHash=sha256-HXIQzULIG/MEUW2Q/Ss47oE3QrjxvpUX7gUl4Xp6lnc%3D&shallow=1";
nixpkgs-dev.url = "github:Swarsel/nixpkgs/main";
nixpkgs-bisect.url = "github:nixos/nixpkgs/master";
nixpkgs-kernel.url = "github:NixOS/nixpkgs/063f43f2dbdef86376cc29ad646c45c46e93234c?narHash=sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o%3D"; #specifically pinned for kernel version
nixpkgs-update.url = "github:r-ryantm/nixpkgs/auto-update/oauth2-proxy";
# nixpkgs-kernel.url = "github:NixOS/nixpkgs/063f43f2dbdef86376cc29ad646c45c46e93234c?narHash=sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o%3D"; #specifically pinned for kernel version
nixpkgs-kernel.url = "github:nixos/nixpkgs/dd9b079222d43e1943b6ebd802f04fd959dc8e61?narHash=sha256-I45esRSssFtJ8p/gLHUZ1OUaaTaVLluNkABkk6arQwE%3D"; #specifically pinned for kernel version
nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-25.11";
nixpkgs-oddlama.url = "github:oddlama/nixpkgs/update/firezone-server";
nixpkgs-stable24_05.url = "github:NixOS/nixpkgs/nixos-24.05";
@ -70,7 +72,8 @@
systems.url = "github:nix-systems/default";
nur.url = "github:nix-community/NUR";
nixgl.url = "github:guibou/nixGL";
stylix.url = "github:danth/stylix";
# stylix.url = "github:danth/stylix";
stylix.url = "github:Swarsel/stylix";
sops.url = "github:Mic92/sops-nix";
lanzaboote.url = "github:nix-community/lanzaboote";
nix-on-droid.url = "github:nix-community/nix-on-droid/release-24.05";
@ -87,6 +90,7 @@
flake-parts.url = "github:hercules-ci/flake-parts";
devshell.url = "github:numtide/devshell";
spicetify-nix.url = "github:Gerg-l/spicetify-nix";
# spicetify-nix.url = "github:Swarsel/spicetify-nix";
niri-flake.url = "github:sodiboo/niri-flake";
nixos-extra-modules.url = "github:oddlama/nixos-extra-modules/main";
microvm.url = "github:astro/microvm.nix";

3
hosts/nixos/x86_64-linux/pyramid/hardware-configuration.nix
View file

@ -22,7 +22,8 @@
# '';
boot = {
kernelPackages = lib.mkDefault pkgs.kernel.linuxPackages;
# kernelPackages = lib.mkDefault pkgs.kernel.linuxPackages;
kernelPackages = lib.mkDefault pkgs.kernel.linuxPackages_latest;
# kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
binfmt.emulatedSystems = [ "aarch64-linux" ];
initrd = {

2
modules/home/common/anki.nix
View file

@ -18,7 +18,7 @@ in
reduceMotion = true;
spacebarRatesCard = true;
# videoDriver = "opengl";
sync = {
profiles."User 1".sync = {
autoSync = false; # sync on profile close will delay system shutdown
syncMedia = true;
autoSyncMediaMinutes = 5;

4
modules/home/common/programs.nix
View file

@ -87,5 +87,9 @@
];
};
};
home.sessionVariables = {
_ZO_EXCLUDE_DIRS = "$HOME:$HOME/.ansible/*:$HOME/test/*:/persist";
};
};
}

8
modules/home/optional/work.nix
View file

@ -21,7 +21,10 @@ in
prometheus.cli
tigervnc
# openstackclient
step-cli
vscode-fhs
copilot-cli
antigravity
@ -145,7 +148,7 @@ in
programs =
let
inherit (confLib.getConfig.repo.secrets.local.work) user1 user1Long user2 user2Long user3 user3Long user4 path1 loc1 loc2 site1 site2 site3 site4 site5 site6 site7 lifecycle1 lifecycle2 domain1 domain2 gitMail clouds;
inherit (confLib.getConfig.repo.secrets.local.work) user1 user1Long user2 user2Long user3 user3Long user4 path1 loc1 loc2 site1 site2 site3 site4 site5 site6 site7 lifecycle1 lifecycle2 domain1 domain2 clouds;
in
{
openstackclient = {
@ -166,7 +169,8 @@ in
# };
# };
};
git.settings.user.email = lib.mkForce gitMail;
# this is no longer needed since moving away from bitbucket
# git.settings.user.email = lib.mkForce gitMail;
zsh = {
shellAliases = {

40
modules/nixos/client/nix-ld.nix
View file

@ -86,26 +86,26 @@
systemd
tbb
vulkan-loader
xorg.libICE
xorg.libSM
xorg.libX11
xorg.libXScrnSaver
xorg.libXcomposite
xorg.libXcursor
xorg.libXdamage
xorg.libXext
xorg.libXfixes
xorg.libXft
xorg.libXi
xorg.libXinerama
xorg.libXmu
xorg.libXrandr
xorg.libXrender
xorg.libXt
xorg.libXtst
xorg.libXxf86vm
xorg.libxcb
xorg.libxshmfence
libice
libsm
libx11
libxscrnsaver
libxcomposite
libxcursor
libxdamage
libxext
libxfixes
libxft
libxi
libxinerama
libxmu
libxrandr
libxrender
libxt
libxtst
libxxf86vm
libxcb
libxshmfence
zlib
];
};

1
modules/nixos/client/packages.nix
View file

@ -16,6 +16,7 @@
pcsc-tools
pcscliteWithPolkit.out
# ledger packages
ledger-live-desktop

2
modules/nixos/common/home-manager-secrets.nix
View file

@ -29,6 +29,8 @@ in
github-forge-token = { owner = mainUser; };
}) // (lib.optionalAttrs (modules ? optional-work) {
harica-root-ca = { sopsFile = certsSopsFile; path = "${homeDir}/.aws/certs/harica-root.pem"; owner = mainUser; };
}) // (lib.optionalAttrs (modules ? optional-noctalia) {
radicale-token = { owner = mainUser; };
}) // (lib.optionalAttrs modules.anki {
anki-user = { owner = mainUser; };
anki-pw = { owner = mainUser; };

16
modules/nixos/server/kanidm.nix
View file

@ -205,9 +205,10 @@ in
services = {
${serviceName} = {
package = pkgs.kanidmWithSecretProvisioning_1_8;
enableServer = true;
serverSettings = {
package = pkgs.kanidmWithSecretProvisioning_1_9;
server = {
enable = true;
settings = {
domain = serviceDomain;
origin = "https://${serviceDomain}";
# tls_chain = config.sops.secrets.kanidm-self-signed-crt.path;
@ -217,12 +218,15 @@ in
bindaddress = "0.0.0.0:${toString servicePort}";
# trust_x_forward_for = true;
};
enableClient = true;
clientSettings = {
uri = config.services.kanidm.serverSettings.origin;
};
client = {
enable = true;
settings = {
uri = config.services.kanidm.server.settings.origin;
verify_ca = true;
verify_hostnames = true;
};
};
provision = {
enable = true;
adminPasswordFile = config.sops.secrets.kanidm-admin-pw.path;

5
modules/nixos/server/kavita.nix
View file

@ -1,4 +1,4 @@
{ self, lib, config, pkgs, globals, dns, confLib, ... }:
{ lib, config, globals, dns, confLib, ... }:
let
inherit (config.swarselsystems) sopsFile;
@ -8,9 +8,6 @@ in
{
options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
config = lib.mkIf config.swarselmodules.server.${serviceName} {
environment.systemPackages = with pkgs; [
calibre
];
users = {
persistentIds.kavita = confLib.mkIds 995;

8
modules/nixos/server/mailserver.nix
View file

@ -1,7 +1,7 @@
{ self, lib, config, globals, dns, confLib, ... }:
let
inherit (config.swarselsystems) sopsFile;
inherit (confLib.gen { name = "mailserver"; dir = "/var/lib/dovecot"; user = "virtualMail"; group = "virtualMail"; port = 80; }) serviceName serviceDir servicePort serviceUser serviceGroup serviceAddress serviceDomain proxyAddress4 proxyAddress6;
inherit (confLib.gen { name = "mailserver"; dir = "/var/lib/dovecot"; user = "virtualMail"; group = "virtualMail"; port = 443; }) serviceName serviceDir servicePort serviceUser serviceGroup serviceAddress serviceDomain proxyAddress4 proxyAddress6;
inherit (confLib.static) isHome webProxy homeWebProxy dnsServer homeServiceAddress nginxAccessRules;
inherit (config.repo.secrets.local.mailserver) user1 alias1_1 alias1_2 alias1_3 alias1_4 user2 alias2_1 alias2_2 alias2_3 user3;
baseDomain = globals.domains.main;
@ -127,7 +127,7 @@ in
};
# the rest of the ports are managed by snm
networking.firewall.allowedTCPPorts = [ 80 servicePort ];
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.nginx = {
virtualHosts = {
@ -158,8 +158,8 @@ in
"${globals.services.${serviceName}.subDomain}" = dns.lib.combinators.host endpointAddress4 endpointAddress6;
"${globals.services.roundcube.subDomain}" = dns.lib.combinators.host proxyAddress4 proxyAddress6;
};
${webProxy}.services.nginx = confLib.genNginx { inherit serviceAddress servicePort serviceName extraConfigLoc; serviceDomain = roundcubeDomain; maxBody = 0; };
${homeWebProxy}.services.nginx = lib.mkIf isHome (confLib.genNginx { inherit servicePort serviceName extraConfigLoc; serviceDomain = roundcubeDomain; maxBody = 0; extraConfig = nginxAccessRules; serviceAddress = homeServiceAddress; });
${webProxy}.services.nginx = confLib.genNginx { inherit serviceAddress servicePort serviceName extraConfigLoc; serviceDomain = roundcubeDomain; protocol = "https"; maxBody = 0; };
${homeWebProxy}.services.nginx = lib.mkIf isHome (confLib.genNginx { inherit servicePort serviceName extraConfigLoc; serviceDomain = roundcubeDomain; protocol = "https"; maxBody = 0; extraConfig = nginxAccessRules; serviceAddress = homeServiceAddress; });
};
};

4
modules/nixos/server/monitoring.nix
View file

@ -124,7 +124,9 @@ in
analytics.reporting_enabled = false;
users.allow_sign_up = false;
security = {
admin_password = "$__file{/run/secrets/grafana-admin-pw}";
# admin_password = "$__file{/run/secrets/grafana-admin-pw}";
disable_initial_admin_creation = true;
secret_key = "$__file{${config.sops.secrets.grafana-admin-pw.path}}";
cookie_secure = true;
disable_gravatar = true;
};

1
modules/nixos/server/navidrome.nix
View file

@ -82,7 +82,6 @@ in
services.${serviceName} = {
enable = true;
# openFirewall = true;
settings = {
LogLevel = "debug";
Address = "0.0.0.0";

2
modules/nixos/server/nextcloud.nix
View file

@ -5,7 +5,7 @@ let
inherit (confLib.gen { name = "nextcloud"; port = 80; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress proxyAddress4 proxyAddress6;
inherit (confLib.static) isHome dnsServer webProxy homeWebProxy homeServiceAddress nginxAccessRules;
nextcloudVersion = "32";
nextcloudVersion = "33";
in
{
options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";

1
modules/nixos/server/paperless.nix
View file

@ -104,6 +104,7 @@ in
gotenberg = {
enable = true;
package = pkgs.gotenberg;
libreoffice.package = pkgs.libreoffice;
port = gotenbergPort;
bindIP = "127.0.0.1";
timeout = "600s";

57
modules/shared/vars.nix
View file

@ -1,14 +1,17 @@
{ self, lib, pkgs, ... }:
{ self, pkgs, ... }:
{
_module.args = {
vars = rec {
waylandSessionVariables = {
SDL_VIDEODRIVER = "wayland";
QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
QT_QPA_PLATFORM = "wayland-egl";
ANKI_WAYLAND = "1";
OBSIDIAN_USE_WAYLAND = "1";
MOZ_ENABLE_WAYLAND = "1";
MOZ_WEBRENDER = "1";
NIXOS_OZONE_WL = "1";
OBSIDIAN_USE_WAYLAND = "1";
QT_QPA_PLATFORM = "wayland-egl";
QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
SDL_VIDEODRIVER = "wayland";
_JAVA_AWT_WM_NONREPARENTING = "1";
};
waylandExports =
@ -94,28 +97,28 @@
noscript
# configure a shortcut 'ctrl+shift+c' with behaviour 'do nothing' in order to disable the dev console shortcut
(buildFirefoxXpiAddon {
pname = "shortkeys";
version = "4.0.2";
addonId = "Shortkeys@Shortkeys.com";
url = "https://addons.mozilla.org/firefox/downloads/file/3673761/shortkeys-4.0.2.xpi";
sha256 = "c6fe12efdd7a871787ac4526eea79ecc1acda8a99724aa2a2a55c88a9acf467c";
meta = with lib;
{
description = "Easily customizable custom keyboard shortcuts for Firefox. To configure this addon go to Addons (ctrl+shift+a) ->Shortkeys ->Options. Report issues here (please specify that the issue is found in Firefox): https://github.com/mikecrittenden/shortkeys";
mozPermissions = [
"tabs"
"downloads"
"clipboardWrite"
"browsingData"
"storage"
"bookmarks"
"sessions"
"<all_urls>"
];
platforms = platforms.all;
};
})
# (buildFirefoxXpiAddon {
# pname = "shortkeys";
# version = "4.0.2";
# addonId = "Shortkeys@Shortkeys.com";
# url = "https://addons.mozilla.org/firefox/downloads/file/3673761/shortkeys-4.0.2.xpi";
# sha256 = "c6fe12efdd7a871787ac4526eea79ecc1acda8a99724aa2a2a55c88a9acf467c";
# meta = with lib;
# {
# description = "Easily customizable custom keyboard shortcuts for Firefox. To configure this addon go to Addons (ctrl+shift+a) ->Shortkeys ->Options. Report issues here (please specify that the issue is found in Firefox): https://github.com/mikecrittenden/shortkeys";
# mozPermissions = [
# "tabs"
# "downloads"
# "clipboardWrite"
# "browsingData"
# "storage"
# "bookmarks"
# "sessions"
# "<all_urls>"
# ];
# platforms = platforms.all;
# };
# })
];
};

2
nix/iso.nix
View file

@ -5,7 +5,7 @@
packages = {
# nix build --print-out-paths --no-link .#live-iso
live-iso = inputs.nixos-generators.nixosGenerate {
inherit pkgs;
inherit pkgs system;
specialArgs = { inherit self; };
modules = [
inputs.home-manager.nixosModules.home-manager

34
profiles/home/hotel/default.nix
View file

@ -2,41 +2,15 @@
{
options.swarselprofiles.hotel = lib.mkEnableOption "is this a hotel host";
config = lib.mkIf config.swarselprofiles.hotel {
swarselprofiles.personal = true;
swarselmodules = {
packages = lib.mkForce true;
ownpackages = lib.mkForce true;
general = lib.mkForce true;
nixgl = lib.mkForce true;
sops = lib.mkForce true;
yubikey = lib.mkForce false;
ssh = lib.mkForce true;
stylix = lib.mkForce true;
desktop = lib.mkForce true;
symlink = lib.mkForce true;
ssh = lib.mkForce false;
env = lib.mkForce false;
programs = lib.mkForce true;
nix-index = lib.mkForce true;
direnv = lib.mkForce true;
eza = lib.mkForce true;
git = lib.mkForce false;
fuzzel = lib.mkForce true;
starship = lib.mkForce true;
kitty = lib.mkForce true;
zsh = lib.mkForce true;
zellij = lib.mkForce true;
tmux = lib.mkForce true;
mail = lib.mkForce false;
emacs = lib.mkForce true;
waybar = lib.mkForce true;
firefox = lib.mkForce true;
gnome-keyring = lib.mkForce true;
kdeconnect = lib.mkForce true;
mako = lib.mkForce true;
swayosd = lib.mkForce true;
yubikeytouch = lib.mkForce true;
sway = lib.mkForce true;
kanshi = lib.mkForce true;
gpgagent = lib.mkForce true;
emacs = lib.mkForce false;
obsidian = lib.mkForce false;
gammastep = lib.mkForce false;
};
};

15
profiles/home/personal/default.nix
View file

@ -7,8 +7,8 @@
anki-tray = lib.mkDefault true;
attic-store-push = lib.mkDefault true;
atuin = lib.mkDefault true;
autotiling = lib.mkDefault true;
batsignal = lib.mkDefault true;
autotiling = lib.mkDefault false; # niri
batsignal = lib.mkDefault false; # niri
blueman-applet = lib.mkDefault true;
desktop = lib.mkDefault true;
direnv = lib.mkDefault true;
@ -20,17 +20,18 @@
firefox = lib.mkDefault true;
firezone-tray = lib.mkDefault true;
fuzzel = lib.mkDefault true;
gammastep = lib.mkDefault true;
gammastep = lib.mkDefault false; # niri
general = lib.mkDefault true;
git = lib.mkDefault true;
gnome-keyring = lib.mkDefault true;
gpgagent = lib.mkDefault true;
hexchat = lib.mkDefault true;
kanshi = lib.mkDefault true;
kanshi = lib.mkDefault false; # niri
kdeconnect = lib.mkDefault true;
kitty = lib.mkDefault true;
khal = lib.mkDefault true;
mail = lib.mkDefault true;
mako = lib.mkDefault true;
mako = lib.mkDefault false; # niri
nix-index = lib.mkDefault true;
nixgl = lib.mkDefault true;
nix-your-shell = lib.mkDefault true;
@ -49,9 +50,9 @@
ssh = lib.mkDefault true;
starship = lib.mkDefault true;
stylix = lib.mkDefault true;
sway = lib.mkDefault true;
sway = lib.mkDefault false; # niri
swayidle = lib.mkDefault true;
swaylock = lib.mkDefault true;
swaylock = lib.mkDefault false; # niri
swayosd = lib.mkDefault true;
symlink = lib.mkDefault true;
tmux = lib.mkDefault true;

43
profiles/nixos/hotel/default.nix
View file

@ -2,48 +2,9 @@
{
options.swarselprofiles.hotel = lib.mkEnableOption "is this a hotel host";
config = lib.mkIf config.swarselprofiles.hotel {
swarselprofiles.personal = true;
swarselmodules = {
packages = lib.mkForce true;
general = lib.mkForce true;
home-manager = lib.mkForce true;
xserver = lib.mkForce true;
users = lib.mkForce true;
sops = lib.mkForce true;
env = lib.mkForce true;
security = lib.mkForce true;
systemdTimeout = lib.mkForce true;
hardware = lib.mkForce true;
pulseaudio = lib.mkForce true;
pipewire = lib.mkForce true;
network = lib.mkForce true;
time = lib.mkForce true;
stylix = lib.mkForce true;
programs = lib.mkForce true;
zsh = lib.mkForce true;
syncthing = lib.mkForce true;
blueman = lib.mkForce true;
networkDevices = lib.mkForce true;
gvfs = lib.mkForce true;
interceptionTools = lib.mkForce true;
swayosd = lib.mkForce true;
ppd = lib.mkForce true;
yubikey = lib.mkForce false;
ledger = lib.mkForce true;
keyboards = lib.mkForce true;
login = lib.mkForce true;
nix-ld = lib.mkForce true;
impermanence = lib.mkForce true;
nvd = lib.mkForce true;
gnome-keyring = lib.mkForce true;
sway = lib.mkForce true;
xdg-portal = lib.mkForce true;
distrobox = lib.mkForce true;
appimage = lib.mkForce true;
lid = lib.mkForce true;
lowBattery = lib.mkForce true;
lanzaboote = lib.mkForce true;
autologin = lib.mkForce true;
nftables = lib.mkDefault true;
yubikey = false;
};
};

4
profiles/nixos/personal/default.nix
View file

@ -41,8 +41,8 @@
security = lib.mkDefault true;
sops = lib.mkDefault true;
stylix = lib.mkDefault true;
sway = lib.mkDefault true;
swayosd = lib.mkDefault true;
sway = lib.mkDefault false; # niri
swayosd = lib.mkDefault false; # niri
syncthing = lib.mkDefault true;
systemdTimeout = lib.mkDefault true;
time = lib.mkDefault true;

8
secrets/repo/common.yaml
View file

@ -31,6 +31,8 @@ github-nixpkgs-review-token: ENC[AES256_GCM,data:/4ssZAEwEc9fZeR69GCvLMm4eRv4uab
#ENC[AES256_GCM,data:PI5MX6PgK1y0lqyoYA0=,iv:25UAvFaANHFD04GRafGlCzOc5h+15YPtSES2z2tmpXw=,tag:+XLwQ01+AtGWjtsSQhQ1AQ==,type:comment]
anki-user: ENC[AES256_GCM,data:WoGaNDAHFw==,iv:ZSjHfKMIjlgOuvGl7hVxJc1fE80nfxxXYLgsKangBCs=,tag:UP8ZI7gzOrJJjNDHovIkyg==,type:str]
anki-pw: ENC[AES256_GCM,data:z2SCsSvZIqN2/2VK1EdmcAnl42x5A15PAiK932k3n50Vj1jczGRoSw==,iv:keQCutY4vizVzu5YzPBJLgDLveYDb2VGeEnYmO7CeQw=,tag:KGplFfC5xktNAOTbIlt+Tg==,type:str]
#ENC[AES256_GCM,data:mjwlHRe0Rx9p83eK/LGR,iv:KclQ4xwJMH5HJ9AcmglOCvFIBP6WyEJLyencUdDpzt0=,tag:nRhwhIRPUNmhSZM7ZzUfFA==,type:comment]
radicale-token: ENC[AES256_GCM,data:WEL8Z3gOs/7MAQQ=,iv:osgMVisr/03I+IHI+3jLIn8p5dnZwyja3lQUi+wcH5g=,tag:F1yzI0rZS4sON6T9TuuG9A==,type:str]
#ENC[AES256_GCM,data:veUC1sj6BSqHBA==,iv:L36lv9aQ38/WEaIccQDgOw2PB9U9k/t8x00wIw2Y858=,tag:3s2LBCwGzYpUk8WBj70UGQ==,type:comment]
attic-cache-key: ENC[AES256_GCM,data:2Xw8YX6wiQg2yb2pbZ/UowmzUdhtb2iRTVZZD2ypGaiwhI3mteG3qUgQm1oCz0bp+5jip6+kVzt576qVbUGim/m+dUZYU6mqm64/78bfuTvd/UBlJnmjNtWE2ILjnP+M4EodzbYlBlxwGhFS28wrVOHo77rzbcrPJEwZiqIzSgGIWKdNzzo5AXL2b1lKAngXO6Bi5Jc9W4lkTVFJ/Ixh6aOoHpq9TzsHHx2Aak22969pnxmFFpXKof4eiNGnoGBZDAr8pC7oSwVqDYbZwxH1ulRq863KVQkve+HBR2JJLAQjYHHUJJGhJG9jWYT03WjBNHwIDMTTvC9Fiw9Cr0TG0B8Bxwm3dhgLirjUyLOiST2CbDxxld1M8DJFkBwrih6hMJXmJw8Dlqy/D+3EZXT947BI8ythYjuL3jIHHQhUjfEf+sLdqPSngHolAAKqKE84Xv2FDn2wXGwe8UY3NMmIeaWYZsyDu77KnQR2R+6TuJTOw6vOdDoUJ55YRPdb9UR186b+TiSrP0SZOujoSYGs9dattEvN3XKlm3cQztB9UygmdEk/stDZ/CJIRUNXsu46o1nR5FWPkgoW91Fzxs00QgQMpYlnXM2CWknYMSHL45t0BYA7yuFwq9MYNUK/vrdCr3mtHxA6R28HajDUWoZA6uS+DF/i1nF79sYfam7SdKNCqu2r/1CGLblHQwKT27HmrTCXdjeLqe+Yv7sJzlEbV+sKD+ccW8jI4NZRjCbVJVKydK23YWj94NEt/M2rtxzV30XKw8GClqsdEF+v4nu48oB894RPZCy9qQjaFHnqYpiqSa0oXluiQQmRfA0jtQLRTXN5ri7U/GtfH1za179MFWwMorRMK6qdTt3pi8Fie4UgzGyGq6CugN8HxeMNl70pPVIKjGNO8Npezk6T3YDUpB3/OGY56jhSYxIEadBvW9CqDS7al7zEKgD1wx1gzT2mQh60H2B/InWg9p96qOqVEQxOFDklxlcnygLu3z7Y0mAds/HXOJJnJbagjfxVi+qROOtVrR5y/kySR0pM9Syk8GvqdtRct7qorONAV/yonarEgz+eEFj10kderSsPdz1sgiYe93VLmPp07cdVsUsaDtLW8gXafc3aWOZ8JIkSUhYDbR49pf2bTeoMDoyi9d6pgLr+cJGQbJC/1LmsAIqOQ7WPiTeAZG2lStNf3bwClpUuL0t78UabZyNzJJN5TFDZqGkwXlaJmQ==,iv:6sa44WnyrXW3KQHdGIKuiGWwqp3qtQu4Q9RSXA45PYs=,tag:MbtS4Xx5K8O3mFAlriuuIA==,type:str]
#ENC[AES256_GCM,data:KCqwghIJ8tlGFxMt94svo6285cA1YRbYoeivx6A=,iv:qlZCGrCn5fU1xPQF9wfOMarU6Z7oa3mLtd1LzVzMbuI=,tag:Qq5lBtUsd3lQMx6ffk+kzQ==,type:comment]
@ -353,8 +355,8 @@ sops:
OVRuazF6YzBRckJQdVlJZWZrbThyZGsKxMDtLfQDPiHN934xE98if3cFHLwFpNdm
/RGFLObFn2saTI86D83xmmjgjeosxPX47JvGHyzCHSVeA8Hd+Qp93A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-12-23T01:11:36Z"
mac: ENC[AES256_GCM,data:e0WoFBQSR5q3GOQ+GMJGBd4lNBAMqlnVjtUq3snxrdvcytb9YvKnoYQH+GjbdGIiqrND8pOVnZt34AjkR8YfpWe+VrkP3Vj/3l+1GjF1XIHbzBNKOQHdYPSVsH2NZwftcAdphbStf3GTlb+b+cpTn4a9Y4pTNGVoOaOA1tBr8bM=,iv:sPXktitTNMkBhHr6E/QRZCVKrgyED9/o9hiivbObACI=,tag:tTNr4UEf92UrtI0Jvi5o3g==,type:str]
lastmodified: "2026-02-26T10:38:07Z"
mac: ENC[AES256_GCM,data:pxaR0X3f5oiCwnrr8jjs8mQDWbjuUkNpFoyQxaC61rRnoLvbkEzxSxmI0zDv2VEcua4Eqfoj7Q4H+qcsR5tM3SjPc0KuYE5eFW4RDv+FIr+XA9om3B4uMy+bIleSvSXroBD+1bLhzJsacudjBpVA6r+INrZKvtjO+L16nNylTSc=,iv:CgOc3ht5zwZGEoxJF6d9ZMwiiNQ2fcnLVFxUxJs6pHY=,tag:4JZgLJlyTbqacIHryciPFg==,type:str]
pgp:
- created_at: "2026-01-12T22:05:05Z"
enc: |-
@ -388,4 +390,4 @@ sops:
-----END PGP MESSAGE-----
fp: 4BE7925262289B476DBBC17B76FD3810215AE097
unencrypted_suffix: _unencrypted
version: 3.11.0
version: 3.12.0

8
secrets/repo/pii.nix.enc
View file

File diff suppressed because one or more lines are too long