swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2025-12-06 00:57:22 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

chore: work cleanup

Browse source
This commit is contained in:
Swarsel 2024-10-17 10:20:11 +02:00
parent bfc7b89c03
commit 82e6ec9d64
Signed by: swarsel
GPG key ID: 26A54C31F2A4FD84
34 changed files with 214 additions and 3767 deletions
Download patch file Download diff file Expand all files Collapse all files

65
.sops.yaml
View file

@ -8,18 +8,8 @@ keys:
- &server_nixos age1h72072slm2pthn9m2qwjsyy2dsazc6hz97kpzh4gksvv0r2jqecqul8w63
- &server_surface age1zlnxraee6tddr07xn59mx5rdexw8qxryd53eqlsajasfhfy78fkq705dfg
- &server_fourside age1s3faa0due0fvp9qu2rd8ex0upg4mcms8wl936yazylv72r6nn3rq2xv5g0
- &server_stand age1hkajkcje5xvg8jd4zj2e0s9tndpv36hwhn7p38x9lyq2z8g7v45q2nhlej
- &server_nbl age16lnmuuxfuxxtty3atnhut8wseppwnhp7rdhmxqd5tdvs9qnjffjq42sqyy
- &server_nginx age1zyts3egct4he229klgrfkd9r442xw9r3qg3hyydh44pvk3wjhd3s2zjqvt
- &server_calibre age1q2k4j9m6ge6dgygehulzd8vqjcdgv5s7s4zrferaq29qlu94a4uqpv76s5
- &server_transmiss age1wevwwytv5q8wx8yttc85gly678hn4k3qe4csgnq2frf3wxes63jqlt8kqs
- &server_matrix age1t2uj8arq8nnmd5s3h32p7z7masj2gqe5ec49dtr8ex2nlgef3yfqtgcnj6
- &server_spotifyd age16d6wulu4vzuawvsnqv0cqjhxdz9e20qm3xdnzq2lp7787srl8shqsqlfps
- &server_sound age1w7tfe7k0r0hm6mzz0kmz8302kfn0rlh96w7g6zwqd4muqg7u9anqv07745
- &server_sync age1glge4e97vgqzh332mqs5990vteezu2m8k4wq3z35jk0q8czw3gks2d7a3h
- &server_paperless age1j4y7mwh6hg8kvktgvq5g3xstnmlnaxkdhfrps8lnl029nfpr03dq2nr4cd
- &server_sandbox age1d4ywpqztawcw0eswn42udt4hhcktdcrm54v9kmt3uspkwkz8e52qx7d5aa
- &server_omatrix age198gj3dmryk7sya5c77tsrm3gdrct6xh7w7cx4gsfywe675aehu8sw2xw6q
creation_rules:
- path_regex: secrets/general/[^/]+\.(yaml|json|env|ini)$
key_groups:
@ -29,7 +19,6 @@ creation_rules:
- *server_nixos
- *server_sandbox
- *server_surface
- *server_stand
- *server_fourside
- *server_nbl
- path_regex: secrets/certs/[^/]+\.(yaml|json|env|ini)$
@ -40,78 +29,28 @@ creation_rules:
- *server_nixos
- *server_sandbox
- *server_surface
- *server_stand
- *server_fourside
- *server_transmiss
- path_regex: secrets/server/winters/[^/]+\.(yaml|json|env|ini)$
key_groups:
- pgp:
- *admin_swarsel
age:
- *server_nixos
- path_regex: secrets/surface/[^/]+\.(yaml|json|env|ini)$
- path_regex: secrets/work/[^/]+\.(yaml|json|env|ini)$
key_groups:
- pgp:
- *admin_swarsel
age:
- *server_surface
- path_regex: secrets/nginx/[^/]+\.(yaml|json|env|ini)$
key_groups:
- pgp:
- *admin_swarsel
age:
- *server_nginx
- path_regex: secrets/calibre/[^/]+\.(yaml|json|env|ini)$
key_groups:
- pgp:
- *admin_swarsel
age:
- *server_calibre
- path_regex: secrets/transmission/[^/]+\.(yaml|json|env|ini)$
key_groups:
- pgp:
- *admin_swarsel
age:
- *server_transmiss
- path_regex: secrets/matrix/[^/]+\.(yaml|json|env|ini)$
key_groups:
- pgp:
- *admin_swarsel
age:
- *server_matrix
- path_regex: secrets/spotifyd/[^/]+\.(yaml|json|env|ini)$
key_groups:
- pgp:
- *admin_swarsel
age:
- *server_spotifyd
- path_regex: secrets/sound/[^/]+\.(yaml|json|env|ini)$
key_groups:
- pgp:
- *admin_swarsel
age:
- *server_sound
- *server_nbl
- path_regex: secrets/sync/[^/]+\.(yaml|json|env|ini)$
key_groups:
- pgp:
- *admin_swarsel
age:
- *server_sync
- path_regex: secrets/paperless/[^/]+\.(yaml|json|env|ini)$
key_groups:
- pgp:
- *admin_swarsel
age:
- *server_paperless
- path_regex: secrets/sandbox/[^/]+\.(yaml|json|env|ini)$
key_groups:
- pgp:
- *admin_swarsel
age:
- *server_sandbox
- path_regex: secrets/omatrix/[^/]+\.(yaml|json|env|ini)$
key_groups:
- pgp:
- *admin_swarsel
age:
- *server_omatrix

1480
SwarselSystems.org
View file

File diff suppressed because it is too large Load diff

66
flake.nix
View file

@ -227,69 +227,6 @@
];
};
nginx = nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs; };
modules = [
inputs.sops-nix.nixosModules.sops
./profiles/server1/nginx/nixos.nix
];
};
calibre = nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs; };
modules = [
inputs.sops-nix.nixosModules.sops
./profiles/server1/calibre/nixos.nix
];
};
jellyfin = nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs; };
modules = [
./profiles/server1/jellyfin/nixos.nix
];
};
transmission = nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs; };
modules = [
inputs.sops-nix.nixosModules.sops
./profiles/server1/transmission/nixos.nix
];
};
matrix = nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs; };
modules = [
inputs.sops-nix.nixosModules.sops
./profiles/server1/matrix/nixos.nix
];
};
sound = nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs; };
modules = [
inputs.sops-nix.nixosModules.sops
./profiles/server1/sound/nixos.nix
];
};
spotifyd = nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs; };
modules = [
inputs.sops-nix.nixosModules.sops
./profiles/server1/spotifyd/nixos.nix
];
};
paperless = nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs; };
modules = [
inputs.sops-nix.nixosModules.sops
./profiles/server1/paperless/nixos.nix
];
};
#ovm swarsel
sync = nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs; };
@ -326,7 +263,8 @@
nixOnDroidConfigurations = {
default = inputs.nix-on-droid.lib.nixOnDroidConfiguration {
mysticant = inputs.nix-on-droid.lib.nixOnDroidConfiguration {
pkgs = pkgsFor.aarch64-linux;
modules = [
./profiles/mysticant
];

135
profiles/TEMPLATE/home.nix
View file

@ -1,135 +0,0 @@
{ config, pkgs, ... }:
{
home = {
username = "TEMPLATE";
homeDirectory = "/home/TEMPLATE";
stateVersion = "23.05"; # TEMPLATE -- Please read the comment before changing.
keyboard.layout = "us"; # TEMPLATE
home.packages = with pkgs; [
# ---------------------------------------------------------------
# if schildichat works on this machine, use it, otherwise go for element
# element-desktop
# ---------------------------------------------------------------
];
};
# update path if the sops private key is stored somewhere else
sops.age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/sops" ];
# waybar config - TEMPLATE - update for cores and temp
programs.waybar.settings.mainBar = {
#cpu.format = "{icon0} {icon1} {icon2} {icon3}";
cpu.format = "{icon0} {icon1} {icon2} {icon3} {icon4} {icon5} {icon6} {icon7}";
temperature.hwmon-path = "/sys/devices/platform/coretemp.0/hwmon/hwmon1/temp3_input";
};
# -----------------------------------------------------------------
# is this machine always connected to power? If yes, use this block:
#
# programs.waybar.settings.mainBar."custom/pseudobat" = {
# format = "";
# on-click-right = "wlogout -p layer-shell";
# };
# programs.waybar.settings.mainBar.modules-right = [
# "custom/outer-left-arrow-dark"
# "mpris"
# "custom/left-arrow-light"
# "network"
# "custom/vpn"
# "custom/left-arrow-dark"
# "pulseaudio"
# "custom/left-arrow-light"
# "custom/pseudobat"
# "battery"
# "custom/left-arrow-dark"
# "group/hardware"
# "custom/left-arrow-light"
# "clock#2"
# "custom/left-arrow-dark"
# "clock#1"
# ];
#
# -----------------------------------------------------------------
# -----------------------------------------------------------------
# if not always connected to power (laptop), use this (default):
programs.waybar.settings.mainBar.modules-right = [
"custom/outer-left-arrow-dark"
"mpris"
"custom/left-arrow-light"
"network"
"custom/vpn"
"custom/left-arrow-dark"
"pulseaudio"
"custom/left-arrow-light"
"custom/pseudobat"
"battery"
"custom/left-arrow-dark"
"group/hardware"
"custom/left-arrow-light"
"clock#2"
"custom/left-arrow-dark"
"clock#1"
];
# -----------------------------------------------------------------
wayland.windowManager.sway = {
config = rec {
# update for actual inputs here,
input = {
"36125:53060:splitkb.com_Kyria_rev3" = {
xkb_layout = "us";
xkb_variant = "altgr-intl";
};
"1:1:AT_Translated_Set_2_keyboard" = {
# TEMPLATE
xkb_layout = "us";
xkb_options = "grp:win_space_toggle";
# xkb_options = "ctrl:nocaps,grp:win_space_toggle";
xkb_variant = "altgr-intl";
};
"type:touchpad" = {
dwt = "enabled";
tap = "enabled";
natural_scroll = "enabled";
middle_emulation = "enabled";
};
};
output = {
DP-1 = {
mode = "2560x1440"; # TEMPLATE
scale = "1";
bg = "~/.dotfiles/wallpaper/TEMPLATE.png fill";
};
};
keybindings =
let
inherit (config.wayland.windowManager.sway.config) modifier;
in
{
# TEMPLATE
"${modifier}+w" = "exec \"bash ~/.dotfiles/scripts/checkschildi.sh\"";
# "${modifier}+w" = "exec \"bash ~/.dotfiles/scripts/checkelement.sh\"";
};
startup = [
{ command = "nextcloud --background"; }
{ command = "vesktop --start-minimized"; }
{ command = "element-desktop --hidden -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; }
{ command = "ANKI_WAYLAND=1 anki"; }
{ command = "OBSIDIAN_USE_WAYLAND=1 obsidian"; }
{ command = "nm-applet"; }
];
};
};
}

104
profiles/TEMPLATE/nixos.nix
View file

@ -1,104 +0,0 @@
{ pkgs, ... }:
{
imports =
[
./hardware-configuration.nix
];
services = {
getty.autologinUser = "TEMPLATE";
greetd.settings.initial_session.user = "TEMPLATE";
};
# Bootloader
boot.loader.grub = {
enable = true;
device = "/dev/sda"; # TEMPLATE - if only one disk, this will work
useOSProber = true;
};
# --------------------------------------
# you might need a configuration like this instead:
# Bootloader
# boot = {
# kernelPackages = pkgs.linuxPackages_latest;
# loader.grub = {
# enable = true;
# devices = ["nodev" ];
# useOSProber = true;
# };
# };
# --------------------------------------
networking.hostName = "TEMPLATE"; # Define your hostname.
stylix.image = ../../wallpaper/TEMPLATEwp.png;
enable = true;
base16Scheme = ../../../wallpaper/swarsel.yaml;
# base16Scheme = "${pkgs.base16-schemes}/share/themes/shapeshifter.yaml";
polarity = "dark";
opacity.popups = 0.5;
cursor = {
package = pkgs.capitaine-cursors;
name = "capitaine-cursors";
size = 16;
};
fonts = {
sizes = {
terminal = 10;
applications = 11;
};
serif = {
# package = (pkgs.nerdfonts.override { fonts = [ "FiraMono" "FiraCode"]; });
package = pkgs.cantarell-fonts;
# package = pkgs.montserrat;
name = "Cantarell";
# name = "FiraCode Nerd Font Propo";
# name = "Montserrat";
};
sansSerif = {
# package = (pkgs.nerdfonts.override { fonts = [ "FiraMono" "FiraCode"]; });
package = pkgs.cantarell-fonts;
# package = pkgs.montserrat;
name = "Cantarell";
# name = "FiraCode Nerd Font Propo";
# name = "Montserrat";
};
monospace = {
package = pkgs.nerdfonts; # has overrides
name = "FiraCode Nerd Font Mono";
};
emoji = {
package = pkgs.noto-fonts-emoji;
name = "Noto Color Emoji";
};
};
# Configure keymap in X11 (only used for login)
services.xserver.xkb = {
layout = "us";
variant = "altgr-intl";
};
users.users.TEMPLATE = {
isNormalUser = true;
description = "TEMPLATE";
extraGroups = [ "networkmanager" "wheel" "lp" "audio" "video" ];
packages = with pkgs; [ ];
};
environment.systemPackages = with pkgs; [
];
system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change
}

62
profiles/common/home/ssh.nix
View file

@ -7,69 +7,14 @@ _:
SetEnv TERM=xterm-256color
'';
matchBlocks = {
"nginx" = {
hostname = "192.168.1.14";
user = "root";
};
"jellyfin" = {
hostname = "192.168.1.16";
user = "root";
};
# Local machines
"pfsense" = {
hostname = "192.168.1.1";
user = "root";
};
"proxmox" = {
"winters" = {
hostname = "192.168.1.2";
user = "root";
};
"transmission" = {
hostname = "192.168.1.6";
user = "root";
};
"fetcher" = {
hostname = "192.168.1.7";
user = "root";
};
"omv" = {
hostname = "192.168.1.3";
user = "root";
};
"webbot" = {
hostname = "192.168.1.11";
user = "root";
};
"nextcloud" = {
hostname = "192.168.1.5";
user = "root";
};
"sound" = {
hostname = "192.168.1.13";
user = "root";
};
"spotify" = {
hostname = "192.168.1.17";
user = "root";
};
"wordpress" = {
hostname = "192.168.1.9";
user = "root";
};
"turn" = {
hostname = "192.168.1.18";
user = "root";
};
"hugo" = {
hostname = "192.168.1.19";
user = "root";
};
"matrix" = {
hostname = "192.168.1.23";
user = "root";
};
"scroll" = {
hostname = "192.168.1.22";
user = "root";
user = "swarsel";
};
"minecraft" = {
hostname = "130.61.119.129";
@ -89,7 +34,6 @@ _:
};
"efficient" = {
hostname = "g0.complang.tuwien.ac.at";
forwardAgent = true;
user = "ep01427399";
};
};

12
profiles/mysticant/default.nix
View file

@ -4,7 +4,7 @@
vim
git
openssh
toybox
# toybox
dig
man
gnupg
@ -19,18 +19,10 @@
motd = null;
};
home-manager.config = {
imports = [
../common/home/ssh.nix
];
services.ssh-agent.enable = true;
};
android-integration = {
termux-open.enable = true;
termux-xdg-open.enable = true;
xdg-open.enable = true;
termux-open-url.enable = true;
termux-reload-settings.enable = true;
termux-setup-storage.enable = true;

81
profiles/optional/nixos/work.nix
View file

@ -1,13 +1,45 @@
{ pkgs, ... }:
{ pkgs, config, ... }:
{
# boot.initrd.luks.yubikeySupport = true;
programs.browserpass.enable = true;
programs._1password.enable = true;
programs._1password-gui = {
enable = true;
polkitPolicyOwners = [ "swarsel" ];
sops = {
secrets = {
clad = {
owner = "swarsel";
sopsFile = ../../../secrets/work/secrets.yaml;
};
dcad = {
owner = "swarsel";
sopsFile = ../../../secrets/work/secrets.yaml;
};
wsad = {
owner = "swarsel";
sopsFile = ../../../secrets/work/secrets.yaml;
};
imbad = {
owner = "swarsel";
sopsFile = ../../../secrets/work/secrets.yaml;
};
};
};
# boot.initrd.luks.yubikeySupport = true;
programs = {
zsh.shellInit = ''
export CLAD="$(cat ${config.sops.secrets.clad.path})"
export DCAD="$(cat ${config.sops.secrets.dcad.path})"
export WSAD="$(cat ${config.sops.secrets.wsad.path})"
export IMBAD="$(cat ${config.sops.secrets.imbad.path})"
'';
browserpass.enable = true;
_1password.enable = true;
_1password-gui = {
enable = true;
polkitPolicyOwners = [ "swarsel" ];
};
};
virtualisation.docker.enable = true;
environment.systemPackages = with pkgs; [
# (python39.withPackages (ps: with ps; [
# cryptography
@ -21,27 +53,31 @@
govc
];
services.openssh = {
enable = true;
extraConfig = ''
'';
};
services.syncthing = {
settings = {
"winters" = {
id = "O7RWDMD-AEAHPP7-7TAVLKZ-BSWNBTU-2VA44MS-EYGUNBB-SLHKB3C-ZSLMOAA";
};
folders = {
"Documents" = {
path = "/home/swarsel/Documents";
devices = [ "magicant" "winters" ];
id = "hgr3d-pfu3w";
services = {
openssh = {
enable = true;
extraConfig = ''
'';
};
syncthing = {
settings = {
"winters" = {
id = "O7RWDMD-AEAHPP7-7TAVLKZ-BSWNBTU-2VA44MS-EYGUNBB-SLHKB3C-ZSLMOAA";
};
folders = {
"Documents" = {
path = "/home/swarsel/Documents";
devices = [ "magicant" "winters" ];
id = "hgr3d-pfu3w";
};
};
};
};
};
# cgroups v1 is required for centos7 dockers
specialisation = {
cgroup_v1.configuration = {
boot.kernelParams = [
@ -51,5 +87,4 @@
};
};
}

20
profiles/server/common/transmission.nix
View file

@ -93,32 +93,32 @@
client_max_body_size 0;
'';
};
"/radarr" = {
proxyPass = "http://127.0.0.1:7878";
"= /radarr" = {
proxyPass = "http://127.0.0.1:7878/";
extraConfig = ''
client_max_body_size 0;
'';
};
"/readarr" = {
proxyPass = "http://127.0.0.1:8787";
"= /readarr" = {
proxyPass = "http://127.0.0.1:8787/";
extraConfig = ''
client_max_body_size 0;
'';
};
"/sonarr" = {
proxyPass = "http://127.0.0.1:8989";
"= /sonarr" = {
proxyPass = "http://127.0.0.1:8989/";
extraConfig = ''
client_max_body_size 0;
'';
};
"/lidarr" = {
proxyPass = "http://127.0.0.1:8686";
"= /lidarr" = {
proxyPass = "http://127.0.0.1:8686/";
extraConfig = ''
client_max_body_size 0;
'';
};
"/prowlarr" = {
proxyPass = "http://127.0.0.1:9696";
"= /prowlarr" = {
proxyPass = "http://127.0.0.1:9696/";
extraConfig = ''
client_max_body_size 0;
'';

41
profiles/server1/TEMPLATE/nixos.nix
View file

@ -1,41 +0,0 @@
{ pkgs, modulesPath, ... }:
{
imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix")
];
environment.systemPackages = with pkgs; [
git
gnupg
ssh-to-age
];
services.xserver.xkb = {
layout = "us";
variant = "altgr-intl";
};
nix.settings.experimental-features = [ "nix-command" "flakes" ];
proxmoxLXC = {
manageNetwork = true; # manage network myself
manageHostName = false; # manage hostname myself
};
networking = {
hostName = "TEMPLATE"; # Define your hostname.
useDHCP = true;
enableIPv6 = false;
firewall.enable = false;
};
services.openssh = {
enable = true;
settings.PermitRootLogin = "yes";
};
users.users.root.openssh.authorizedKeys.keyFiles = [
../../../secrets/keys/authorized_keys
];
# users.users.root.password = "TEMPLATE";
system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change
}

27
profiles/server1/calibre/hardware-configuration.nix
View file

@ -1,27 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ lib, ... }: {
imports = [ ];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "vfio_pci" "usbhid" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/mapper/pve-vm--120--disk--0";
fsType = "ext4";
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eth0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

70
profiles/server1/calibre/nixos.nix
View file

@ -1,70 +0,0 @@
{ config, pkgs, modulesPath, ... }:
{
imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix")
./hardware-configuration.nix
];
environment.systemPackages = with pkgs; [
git
gnupg
ssh-to-age
calibre
];
users.groups.lxc_shares = {
gid = 10000;
members = [
"kavita"
"calibre-web"
"root"
];
};
services.xserver.xkb = {
layout = "us";
variant = "altgr-intl";
};
nix.settings.experimental-features = [ "nix-command" "flakes" ];
sops = {
age.sshKeyPaths = [ "/etc/ssh/sops" ];
defaultSopsFile = "/.dotfiles/secrets/calibre/secrets.yaml";
validateSopsFiles = false;
secrets.kavita = { owner = "kavita"; };
};
proxmoxLXC = {
manageNetwork = true; # manage network myself
manageHostName = false; # manage hostname myself
};
networking = {
hostName = "calibre"; # Define your hostname.
useDHCP = true;
enableIPv6 = false;
firewall.enable = false;
};
services.openssh = {
enable = true;
settings.PermitRootLogin = "yes";
};
users.users.root.openssh.authorizedKeys.keyFiles = [
../../../secrets/keys/authorized_keys
];
system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change
environment.shellAliases = {
nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;";
};
services.kavita = {
enable = true;
user = "kavita";
port = 8080;
tokenKeyFile = config.sops.secrets.kavita.path;
};
}

32
profiles/server1/jellyfin/hardware-configuration.nix
View file

@ -1,32 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ lib, ... }: {
imports = [ ];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "vfio_pci" "usbhid" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/mapper/pve-vm--121--disk--0";
fsType = "ext4";
};
fileSystems."/media/Videos" = {
device = "//192.168.1.3/Eternor";
fsType = "cifs";
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eth0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

27
profiles/server1/matrix/hardware-configuration.nix
View file

@ -1,27 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ lib, ... }: {
imports = [ ];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "vfio_pci" "usbhid" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/mapper/pve-vm--102--disk--0";
fsType = "ext4";
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eth0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

308
profiles/server1/matrix/nixos.nix
View file

@ -1,308 +0,0 @@
{ config, pkgs, modulesPath, sops, ... }:
let
matrixDomain = "matrix2.swarsel.win";
in
{
services = {
xserver.xkb = {
layout = "us";
variant = "altgr-intl";
};
openssh = {
enable = true;
settings.PermitRootLogin = "yes";
listenAddresses = [{
port = 22;
addr = "0.0.0.0";
}];
};
};
nix.settings.experimental-features = [ "nix-command" "flakes" ];
proxmoxLXC = {
manageNetwork = true; # manage network myself
manageHostName = false; # manage hostname myself
};
networking = {
useDHCP = true;
enableIPv6 = false;
};
users.users.root.openssh.authorizedKeys.keyFiles = [
../../../secrets/keys/authorized_keys
];
system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change
environment.shellAliases = {
nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;";
};
imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix")
./hardware-configuration.nix
# we import here a service that is not available yet on normal nixpkgs
# this module is hence not in the modules list, we add it ourselves
];
networking = {
hostName = "matrix"; # Define your hostname.
firewall.enable = false;
};
environment.systemPackages = with pkgs; [
git
gnupg
ssh-to-age
matrix-synapse
lottieconverter
ffmpeg
];
sops = {
age.sshKeyPaths = [ "/etc/ssh/sops" ];
defaultSopsFile = "/.dotfiles/secrets/matrix/secrets.yaml";
validateSopsFiles = false;
secrets = {
matrixsharedsecret = { owner = "matrix-synapse"; };
mautrixtelegram_as = { owner = "matrix-synapse"; };
mautrixtelegram_hs = { owner = "matrix-synapse"; };
mautrixtelegram_api_id = { owner = "matrix-synapse"; };
mautrixtelegram_api_hash = { owner = "matrix-synapse"; };
};
templates = {
"matrix_user_register.sh".content = ''
register_new_matrix_user -k ${config.sops.placeholder.matrixsharedsecret} http://localhost:8008
'';
matrixshared = {
owner = "matrix-synapse";
content = ''
registration_shared_secret: ${config.sops.placeholder.matrixsharedsecret}
'';
};
mautrixtelegram = {
owner = "matrix-synapse";
content = ''
MAUTRIX_TELEGRAM_APPSERVICE_AS_TOKEN=${config.sops.placeholder.mautrixtelegram_as}
MAUTRIX_TELEGRAM_APPSERVICE_HS_TOKEN=${config.sops.placeholder.mautrixtelegram_hs}
MAUTRIX_TELEGRAM_TELEGRAM_API_ID=${config.sops.placeholder.mautrixtelegram_api_id}
MAUTRIX_TELEGRAM_TELEGRAM_API_HASH=${config.sops.placeholder.mautrixtelegram_api_hash}
'';
};
};
};
services.postgresql = {
enable = true;
initialScript = pkgs.writeText "synapse-init.sql" ''
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
CREATE ROLE "mautrix-telegram" WITH LOGIN PASSWORD 'telegram';
CREATE DATABASE "mautrix-telegram" WITH OWNER "mautrix-telegram"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
CREATE ROLE "mautrix-whatsapp" WITH LOGIN PASSWORD 'whatsapp';
CREATE DATABASE "mautrix-whatsapp" WITH OWNER "mautrix-whatsapp"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
CREATE ROLE "mautrix-signal" WITH LOGIN PASSWORD 'signal';
CREATE DATABASE "mautrix-signal" WITH OWNER "mautrix-signal"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
'';
};
services.matrix-synapse = {
enable = true;
settings = {
app_service_config_files = [
"/var/lib/matrix-synapse/telegram-registration.yaml"
"/var/lib/matrix-synapse/whatsapp-registration.yaml"
"/var/lib/matrix-synapse/signal-registration.yaml"
"/var/lib/matrix-synapse/doublepuppet.yaml"
];
server_name = matrixDomain;
public_baseurl = "https://${matrixDomain}";
listeners = [
{
port = 8008;
bind_addresses = [ "0.0.0.0" ];
type = "http";
tls = false;
x_forwarded = true;
resources = [
{
names = [ "client" "federation" ];
compress = true;
}
];
}
];
};
extraConfigFiles = [
config.sops.templates.matrixshared.path
];
};
services.mautrix-telegram = {
enable = true;
environmentFile = config.sops.templates.mautrixtelegram.path;
settings = {
homeserver = {
address = "http://localhost:8008";
domain = matrixDomain;
};
appservice = {
address = "http://localhost:29317";
hostname = "0.0.0.0";
port = "29317";
provisioning.enabled = true;
id = "telegram";
# ephemeral_events = true; # not needed due to double puppeting
public = {
enabled = false;
};
database = "postgresql:///mautrix-telegram?host=/run/postgresql";
};
bridge = {
relaybot.authless_portals = true;
allow_avatar_remove = true;
allow_contact_info = true;
sync_channel_members = true;
startup_sync = true;
sync_create_limit = 0;
sync_direct_chats = true;
telegram_link_preview = true;
permissions = {
"*" = "relaybot";
"@swarsel:${matrixDomain}" = "admin";
};
animated_sticker = {
target = "gif";
args = {
width = 256;
height = 256;
fps = 30; # only for webm
background = "020202"; # only for gif, transparency not supported
};
};
};
};
};
systemd.services.mautrix-telegram.path = with pkgs; [
lottieconverter # for animated stickers conversion, unfree package
ffmpeg # if converting animated stickers to webm (very slow!)
];
services.mautrix-whatsapp = {
enable = true;
settings = {
homeserver = {
address = "http://localhost:8008";
domain = matrixDomain;
};
appservice = {
address = "http://localhost:29318";
hostname = "0.0.0.0";
port = 29318;
database = {
type = "postgres";
uri = "postgresql:///mautrix-whatsapp?host=/run/postgresql";
};
};
bridge = {
displayname_template = "{{or .FullName .PushName .JID}} (WA)";
history_sync = {
backfill = true;
max_initial_conversations = -1;
message_count = -1;
request_full_sync = true;
full_sync_config = {
days_limit = 900;
size_mb_limit = 5000;
storage_quota_mb = 5000;
};
};
login_shared_secret_map = {
matrixDomain = "as_token:doublepuppet";
};
sync_manual_marked_unread = true;
send_presence_on_typing = true;
parallel_member_sync = true;
url_previews = true;
caption_in_message = true;
extev_polls = true;
permissions = {
"*" = "relaybot";
"@swarsel:${matrixDomain}" = "admin";
};
};
};
};
services.mautrix-signal = {
enable = true;
settings = {
homeserver = {
address = "http://localhost:8008";
domain = matrixDomain;
};
appservice = {
address = "http://localhost:29328";
hostname = "0.0.0.0";
port = 29328;
database = {
type = "postgres";
uri = "postgresql:///mautrix-signal?host=/run/postgresql";
};
};
bridge = {
displayname_template = "{{or .ContactName .ProfileName .PhoneNumber}} (Signal)";
login_shared_secret_map = {
matrixDomain = "as_token:doublepuppet";
};
caption_in_message = true;
permissions = {
"*" = "relaybot";
"@swarsel:${matrixDomain}" = "admin";
};
};
};
};
# restart the bridges daily. this is done for the signal bridge mainly which stops carrying
# messages out after a while.
systemd.timers."restart-bridges" = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "1d";
OnUnitActiveSec = "1d";
Unit = "restart-bridges.service";
};
};
systemd.services."restart-bridges" = {
script = ''
systemctl restart mautrix-whatsapp.service
systemctl restart mautrix-signal.service
systemctl restart mautrix-telegram.service
'';
serviceConfig = {
Type = "oneshot";
User = "root";
};
};
}

27
profiles/server1/nginx/hardware-configuration.nix
View file

@ -1,27 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ lib, ... }: {
imports = [ ];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "vfio_pci" "usbhid" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/mapper/pve-vm--119--disk--0";
fsType = "ext4";
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eth0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

205
profiles/server1/nginx/nixos.nix
View file

@ -1,205 +0,0 @@
{ config, pkgs, modulesPath, ... }:
{
imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix")
./hardware-configuration.nix
];
environment.systemPackages = with pkgs; [
git
gnupg
ssh-to-age
lego
nginx
];
services.xserver.xkb = {
layout = "us";
variant = "altgr-intl";
};
nix.settings.experimental-features = [ "nix-command" "flakes" ];
sops = {
age.sshKeyPaths = [ "/etc/ssh/sops" ];
defaultSopsFile = "/.dotfiles/secrets/nginx/secrets.yaml";
validateSopsFiles = false;
secrets.dnstokenfull = { owner = "acme"; };
templates."certs.secret".content = ''
CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull}
'';
};
proxmoxLXC = {
manageNetwork = true; # manage network myself
manageHostName = false; # manage hostname myself
};
networking = {
hostName = "nginx"; # Define your hostname.
useDHCP = true;
enableIPv6 = false;
firewall.enable = false;
};
services.openssh = {
enable = true;
settings.PermitRootLogin = "yes";
};
users.users.root.openssh.authorizedKeys.keyFiles = [
../../../secrets/keys/authorized_keys
];
# users.users.root.password = "TEMPLATE";
system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change
security.acme = {
acceptTerms = true;
preliminarySelfsigned = false;
defaults.email = "mrswarsel@gmail.com";
defaults.dnsProvider = "cloudflare";
defaults.environmentFile = "${config.sops.templates."certs.secret".path}";
};
environment.shellAliases = {
nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;";
};
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
virtualHosts = {
"stash.swarsel.win" = {
enableACME = true;
forceSSL = true;
acmeRoot = null;
locations = {
"/" = {
proxyPass = "https://192.168.1.5";
extraConfig = ''
client_max_body_size 0;
'';
};
# "/push/" = {
# proxyPass = "http://192.168.2.5:7867";
# };
"/.well-known/carddav" = {
return = "301 $scheme://$host/remote.php/dav";
};
"/.well-known/caldav" = {
return = "301 $scheme://$host/remote.php/dav";
};
};
};
"matrix2.swarsel.win" = {
enableACME = true;
forceSSL = true;
acmeRoot = null;
locations = {
"~ ^(/_matrix|/_synapse/client)" = {
proxyPass = "http://192.168.1.23:8008";
extraConfig = ''
client_max_body_size 0;
'';
};
};
};
"sound.swarsel.win" = {
enableACME = true;
forceSSL = true;
acmeRoot = null;
locations = {
"/" = {
proxyPass = "http://192.168.1.13:4040";
proxyWebsockets = true;
extraConfig = ''
proxy_redirect http:// https://;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
proxy_buffering off;
proxy_request_buffering off;
client_max_body_size 0;
'';
};
};
};
"scan.swarsel.win" = {
enableACME = true;
forceSSL = true;
acmeRoot = null;
locations = {
"/" = {
proxyPass = "http://192.168.1.24:28981";
extraConfig = ''
client_max_body_size 0;
'';
};
};
};
"screen.swarsel.win" = {
enableACME = true;
forceSSL = true;
acmeRoot = null;
locations = {
"/" = {
proxyPass = "http://192.168.1.16:8096";
extraConfig = ''
client_max_body_size 0;
'';
};
};
};
"matrix.swarsel.win" = {
enableACME = true;
forceSSL = true;
acmeRoot = null;
locations = {
"~ ^(/_matrix|/_synapse/client)" = {
proxyPass = "http://192.168.1.20:8008";
extraConfig = ''
client_max_body_size 0;
'';
};
};
};
"scroll.swarsel.win" = {
enableACME = true;
forceSSL = true;
acmeRoot = null;
locations = {
"/" = {
proxyPass = "http://192.168.1.22:8080";
extraConfig = ''
client_max_body_size 0;
'';
};
};
};
"blog.swarsel.win" = {
enableACME = true;
forceSSL = true;
acmeRoot = null;
locations = {
"/" = {
proxyPass = "https://192.168.1.7";
extraConfig = ''
client_max_body_size 0;
'';
};
};
};
};
};
}

27
profiles/server1/paperless/hardware-configuration.nix
View file

@ -1,27 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ lib, ... }: {
imports = [ ];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "vfio_pci" "usbhid" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/mapper/pve-vm--117--disk--0";
fsType = "ext4";
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eth0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

94
profiles/server1/paperless/nixos.nix
View file

@ -1,94 +0,0 @@
{ config, pkgs, modulesPath, ... }:
{
imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix")
./hardware-configuration.nix
];
services = {
xserver.xkb = {
layout = "us";
variant = "altgr-intl";
};
openssh = {
enable = true;
settings.PermitRootLogin = "yes";
listenAddresses = [{
port = 22;
addr = "0.0.0.0";
}];
};
};
nix.settings.experimental-features = [ "nix-command" "flakes" ];
proxmoxLXC = {
manageNetwork = true; # manage network myself
manageHostName = false; # manage hostname myself
};
networking = {
useDHCP = true;
enableIPv6 = false;
};
users.users.root.openssh.authorizedKeys.keyFiles = [
../../../secrets/keys/authorized_keys
];
system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change
environment.shellAliases = {
nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;";
};
users.groups.lxc_shares = {
gid = 10000;
members = [
"paperless"
"root"
];
};
environment.systemPackages = with pkgs; [
git
gnupg
ssh-to-age
];
networking = {
hostName = "paperless"; # Define your hostname.
firewall.enable = false;
};
sops = {
age.sshKeyPaths = [ "/etc/ssh/sops" ];
defaultSopsFile = "/root/.dotfiles/secrets/paperless/secrets.yaml";
validateSopsFiles = false;
secrets.admin = { owner = "paperless"; };
};
services.paperless = {
enable = true;
mediaDir = "/media";
user = "paperless";
port = 28981;
passwordFile = config.sops.secrets.admin.path;
address = "0.0.0.0";
extraConfig = {
PAPERLESS_OCR_LANGUAGE = "deu+eng";
PAPERLESS_URL = "scan.swarsel.win";
PAPERLESS_OCR_USER_ARGS = builtins.toJSON {
optimize = 1;
pdfa_image_compression = "lossless";
};
};
};
}

33
profiles/server1/sound/hardware-configuration.nix
View file

@ -1,33 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ lib, ... }: {
imports = [ ];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "vfio_pci" "usbhid" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/mnt/data/images/118/vm-118-disk-0.raw";
fsType = "ext4";
options = [ "loop" ];
};
fileSystems."/media" = {
device = "//192.168.1.3/Eternor";
fsType = "cifs";
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eth0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

152
profiles/server1/sound/nixos.nix
View file

@ -1,152 +0,0 @@
{ config, pkgs, modulesPath, ... }:
{
imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix")
./hardware-configuration.nix
];
services = {
xserver.xkb = {
layout = "us";
variant = "altgr-intl";
};
openssh = {
enable = true;
settings.PermitRootLogin = "yes";
listenAddresses = [{
port = 22;
addr = "0.0.0.0";
}];
};
};
nix.settings.experimental-features = [ "nix-command" "flakes" ];
proxmoxLXC = {
manageNetwork = true; # manage network myself
manageHostName = false; # manage hostname myself
};
networking = {
useDHCP = true;
enableIPv6 = false;
};
users.users.root.openssh.authorizedKeys.keyFiles = [
../../../secrets/keys/authorized_keys
];
system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change
environment.shellAliases = {
nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;";
};
proxmoxLXC.privileged = true; # manage hostname myself
users = {
groups = {
lxc_pshares = {
gid = 110000;
members = [
"navidrome"
"mpd"
"root"
];
};
navidrome = {
gid = 61593;
};
mpd = { };
};
users = {
navidrome = {
isSystemUser = true;
uid = 61593;
group = "navidrome";
extraGroups = [ "audio" "utmp" ];
};
mpd = {
isSystemUser = true;
group = "mpd";
extraGroups = [ "audio" "utmp" ];
};
};
};
sound = {
enable = true;
};
hardware.enableAllFirmware = true;
networking = {
hostName = "sound"; # Define your hostname.
firewall.enable = false;
};
environment.systemPackages = with pkgs; [
git
gnupg
ssh-to-age
pciutils
alsa-utils
mpv
];
sops = {
age.sshKeyPaths = [ "/etc/ssh/sops" ];
defaultSopsFile = "/.dotfiles/secrets/sound/secrets.yaml";
validateSopsFiles = false;
secrets.mpdpass = { owner = "mpd"; };
};
services.navidrome = {
enable = true;
settings = {
Address = "0.0.0.0";
Port = 4040;
MusicFolder = "/media";
EnableSharing = true;
EnableTranscodingConfig = true;
Scanner.GroupAlbumReleases = true;
ScanSchedule = "@every 1d";
# Insert these values locally as sops-nix does not work for them
LastFM.ApiKey = TEMPLATE;
LastFM.Secret = TEMPLATE;
Spotify.ID = TEMPLATE;
Spotify.Secret = TEMPLATE;
UILoginBackgroundUrl = "https://i.imgur.com/OMLxi7l.png";
UIWelcomeMessage = "~SwarselSound~";
};
};
services.mpd = {
enable = true;
musicDirectory = "/media";
user = "mpd";
group = "mpd";
network = {
port = 3254;
listenAddress = "any";
};
credentials = [
{
passwordFile = config.sops.secrets.mpdpass.path;
permissions = [
"read"
"add"
"control"
"admin"
];
}
];
};
}

27
profiles/server1/spotifyd/hardware-configuration.nix
View file

@ -1,27 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ lib, ... }: {
imports = [ ];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "vfio_pci" "usbhid" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/mapper/pve-vm--123--disk--0";
fsType = "ext4";
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eth0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

93
profiles/server1/spotifyd/nixos.nix
View file

@ -1,93 +0,0 @@
{ pkgs, modulesPath, ... }:
{
imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix")
./hardware-configuration.nix
];
services = {
xserver.xkb = {
layout = "us";
variant = "altgr-intl";
};
openssh = {
enable = true;
settings.PermitRootLogin = "yes";
listenAddresses = [{
port = 22;
addr = "0.0.0.0";
}];
};
};
nix.settings.experimental-features = [ "nix-command" "flakes" ];
proxmoxLXC = {
manageNetwork = true; # manage network myself
manageHostName = false; # manage hostname myself
};
networking = {
useDHCP = true;
enableIPv6 = false;
};
users.users.root.openssh.authorizedKeys.keyFiles = [
../../../secrets/keys/authorized_keys
];
system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change
environment.shellAliases = {
nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;";
};
proxmoxLXC.privileged = true; # manage hostname myself
users.groups.spotifyd = {
gid = 65136;
};
users.users.spotifyd = {
isSystemUser = true;
uid = 65136;
group = "spotifyd";
extraGroups = [ "audio" "utmp" ];
};
sound = {
enable = true;
};
hardware.enableAllFirmware = true;
networking = {
hostName = "spotifyd"; # Define your hostname.
firewall.enable = false;
};
environment.systemPackages = with pkgs; [
git
gnupg
ssh-to-age
];
services.spotifyd = {
enable = true;
settings = {
global = {
dbus_type = "session";
use_mpris = false;
device = "default:CARD=PCH";
device_name = "SwarselSpot";
mixer = "alsa";
zeroconf_port = 1025;
};
};
};
}

27
profiles/server1/transmission/hardware-configuration.nix
View file

@ -1,27 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ lib, ... }: {
imports = [ ];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "vfio_pci" "usbhid" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/mapper/pve-vm--122--disk--0";
fsType = "ext4";
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eth0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

275
profiles/server1/transmission/nixos.nix
View file

@ -1,275 +0,0 @@
{ config, pkgs, modulesPath, ... }:
{
imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix")
./hardware-configuration.nix
# ./openvpn.nix #this file holds the vpn login data
];
environment.systemPackages = with pkgs; [
git
gnupg
ssh-to-age
openvpn
jq
iptables
busybox
wireguard-tools
];
users.groups.lxc_shares = {
gid = 10000;
members = [
"vpn"
"radarr"
"sonarr"
"lidarr"
"readarr"
"root"
];
};
users.groups.vpn = { };
users.users.vpn = {
isNormalUser = true;
group = "vpn";
home = "/home/vpn";
};
services.xserver.xkb = {
layout = "us";
variant = "altgr-intl";
};
nix.settings.experimental-features = [ "nix-command" "flakes" ];
sops = {
age.sshKeyPaths = [ "/etc/ssh/sops" ];
defaultSopsFile = "/.dotfiles/secrets/transmission/secrets.yaml";
validateSopsFiles = false;
};
boot.kernelModules = [ "tun" ];
proxmoxLXC = {
manageNetwork = true; # manage network myself
manageHostName = false; # manage hostname myself
};
networking = {
hostName = "transmission"; # Define your hostname.
useDHCP = true;
enableIPv6 = false;
firewall.enable = false;
};
services = {
radarr = {
enable = true;
};
readarr = {
enable = true;
};
sonarr = {
enable = true;
};
lidarr = {
enable = true;
};
prowlarr = {
enable = true;
};
};
networking.iproute2 = {
enable = true;
rttablesExtraConfig = ''
200 vpn
'';
};
environment.etc = {
"openvpn/iptables.sh" =
{
source = ../../../scripts/server1/iptables.sh;
mode = "0755";
};
"openvpn/update-resolv-conf" =
{
source = ../../../scripts/server1/update-resolv-conf;
mode = "0755";
};
"openvpn/routing.sh" =
{
source = ../../../scripts/server1/routing.sh;
mode = "0755";
};
"openvpn/ca.rsa.2048.crt" =
{
source = ../../../secrets/certs/ca.rsa.2048.crt;
mode = "0644";
};
"openvpn/crl.rsa.2048.pem" =
{
source = ../../../secrets/certs/crl.rsa.2048.pem;
mode = "0644";
};
};
services.openssh = {
enable = true;
settings.PermitRootLogin = "yes";
listenAddresses = [{
port = 22;
addr = "0.0.0.0";
}];
};
users.users.root.openssh.authorizedKeys.keyFiles = [
../../../secrets/keys/authorized_keys
];
system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change
# users.users.root.password = "TEMPLATE";
environment.shellAliases = {
nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;";
};
sops = {
templates = {
"transmission-rpc" = {
owner = "vpn";
content = builtins.toJSON {
rpc-username = config.sops.placeholder.rpcuser;
rpc-password = config.sops.placeholder.rpcpass;
};
};
pia.content = ''
${config.sops.placeholder.vpnuser}
${config.sops.placeholder.vpnpass}
'';
vpn.content = ''
client
dev tun
proto ${config.sops.placeholder.vpnprot}
remote ${config.sops.placeholder.vpnloc}
resolv-retry infinite
nobind
persist-key
persist-tun
cipher aes-128-cbc
auth sha1
tls-client
remote-cert-tls server
auth-user-pass ${config.sops.templates.pia.path}
compress
verb 1
reneg-sec 0
crl-verify /etc/openvpn/crl.rsa.2048.pem
ca /etc/openvpn/ca.rsa.2048.crt
disable-occ
dhcp-option DNS 209.222.18.222
dhcp-option DNS 209.222.18.218
dhcp-option DNS 8.8.8.8
route-noexec
'';
};
secrets = {
vpnuser = { };
rpcuser = { owner = "vpn"; };
vpnpass = { };
rpcpass = { owner = "vpn"; };
vpnprot = { };
vpnloc = { };
};
};
services.openvpn.servers = {
pia = {
autoStart = false;
updateResolvConf = true;
config = "config ${config.sops.templates.vpn.path}";
};
};
services.transmission = {
enable = true;
credentialsFile = config.sops.templates."transmission-rpc".path;
user = "vpn";
group = "lxc_shares";
settings = {
alt-speed-down = 8000;
alt-speed-enabled = false;
alt-speed-time-begin = 0;
alt-speed-time-day = 127;
alt-speed-time-enabled = true;
alt-speed-time-end = 360;
alt-speed-up = 2000;
bind-address-ipv4 = "0.0.0.0";
bind-address-ipv6 = "::";
blocklist-enabled = false;
blocklist-url = "http://www.example.com/blocklist";
cache-size-mb = 4;
dht-enabled = false;
download-dir = "/media/Eternor/New";
download-limit = 100;
download-limit-enabled = 0;
download-queue-enabled = true;
download-queue-size = 5;
encryption = 2;
idle-seeding-limit = 30;
idle-seeding-limit-enabled = false;
incomplete-dir = "/var/lib/transmission-daemon/Downloads";
incomplete-dir-enabled = false;
lpd-enabled = false;
max-peers-global = 200;
message-level = 1;
peer-congestion-algorithm = "";
peer-id-ttl-hours = 6;
peer-limit-global = 100;
peer-limit-per-torrent = 40;
peer-port = 22371;
peer-port-random-high = 65535;
peer-port-random-low = 49152;
peer-port-random-on-start = false;
peer-socket-tos = "default";
pex-enabled = false;
port-forwarding-enabled = false;
preallocation = 1;
prefetch-enabled = true;
queue-stalled-enabled = true;
queue-stalled-minutes = 30;
ratio-limit = 2;
ratio-limit-enabled = false;
rename-partial-files = true;
rpc-authentication-required = true;
rpc-bind-address = "0.0.0.0";
rpc-enabled = true;
rpc-host-whitelist = "";
rpc-host-whitelist-enabled = true;
rpc-port = 9091;
rpc-url = "/transmission/";
rpc-whitelist = "127.0.0.1,192.168.3.2";
rpc-whitelist-enabled = true;
scrape-paused-torrents-enabled = true;
script-torrent-done-enabled = false;
seed-queue-enabled = false;
seed-queue-size = 10;
speed-limit-down = 6000;
speed-limit-down-enabled = true;
speed-limit-up = 500;
speed-limit-up-enabled = true;
start-added-torrents = true;
trash-original-torrent-files = false;
umask = 2;
upload-limit = 100;
upload-limit-enabled = 0;
upload-slots-per-torrent = 14;
utp-enabled = false;
};
};
}

55
secrets/calibre/secrets.yaml
View file

@ -1,55 +0,0 @@
smbuser: ENC[AES256_GCM,data:Xlz/NzVjKk0=,iv:DvhZOoOb0eXc4jIZPwDXGRkZxWI4Fg5MC9s1IRhYWuY=,tag:ApTT/Y9K7p0uPRZAlXgekA==,type:str]
smbpassword: ENC[AES256_GCM,data:t5ic3YoNkc3k2brjN6ZRjNKPEYD9WKk=,iv:lBtSSuEnUKipapqq7gYWmkdA8tcMIZuNy8EmqqKHFWU=,tag:qas1f2wlZm0mpcgPhsZtPA==,type:str]
smbdomain: ENC[AES256_GCM,data:TepG9EMhs8I=,iv:w+CxqNxrjIBx2G33EoKkLSuTHrSSzvDQ2JXuOHtUTmw=,tag:oy5vKyhYc/bOV76xEDaVqA==,type:str]
kavita: ENC[AES256_GCM,data:g+2WXcm7d8OxLhrtWXx15SdRx8VXax1SG2GHoWizXDUZEKnEwlQe7/Yk6DQ=,iv:bQ9s5z6jNGkf59cxzR1o+etA+GA3Y8L6Bgfv9e1Txww=,tag:NOB7iBH3yoE0/DtmuQyaBg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1q2k4j9m6ge6dgygehulzd8vqjcdgv5s7s4zrferaq29qlu94a4uqpv76s5
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGejQ4Vm9KWlJYeW9UdElP
MWVUNWx5V3dDQWNPSkRJNjl2a3ZLWVpQMXdJCkdjVlh6andkM0oyMWkvaDd5Zi9H
eEVZalFYQjNpQUszUW5HV1gzRU9FVXMKLS0tIGorWGRnQkE3TXhYRHArMDUrQU4v
UnVYNGRlZTRoZ29YQ1B5S0U1ZE84VHMKgp2XRaVtRcubXfjttQfk9UKbqZ6EbL/O
coZUAPXRrT//oRh2JFu0Q4+5zoewI2j1DhUS9HuejM5CIColYUasJg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-12-23T04:28:28Z"
mac: ENC[AES256_GCM,data:aLI7dMi2merChhkQaqmrlbvC2V6Bh0D67RE1RxTqZLYmFE8AINBewBka1ktIVc83IYYFyhpTLZDmhZF5q3McIOGXjlZUcEDtb1C2zZZEkXJrbFe3yoZG+DE/fOB4I2uXjzp5iOG+lZyWAGQgrSHMSFV+IbAg4bb++OilZ2oXWYk=,iv:M+rOanpm+LakksTb4jCzZph3zC7MI6XeV7nyXN7qo50=,tag:Ec+HJtUtzUtrxbeCe+wDJg==,type:str]
pgp:
- created_at: "2023-12-22T23:23:45Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwDh3VI7VctTAQ//Y7LOX5knf4s2Dku9DsVIgxUe5Ox3u65uBKL6vTE5tLuN
Oeuyvd8eGaOWvPWcu/7bbr2Nd5Y3fyyG6yTSzjweyvPgnNbBswaYZxPhj+GfHSL/
yRcdEVX8QTEirlUYhFTVuD3LLGAxiJI5dvIHF87FGfr9U+xiTg9fblwFlEGb9F5q
TYUOSLvXUS6KbSuGnNQR7kZua2eZ/nvAIW9gVh1RrTjLzSyGdPgiqRFC657MFOvP
IlVOVKEngY+FTFBUH8kRzAxAz94Gtern2oqpuuQu0agriizeE6TA9OPOoMNGhsQD
C/DK+pa8AQ2JV17iy64rPkpRGGXr7PqEEmV386z6+O6Nbq0e+1lqigPYkxJqWJjR
5K55znA7jRxdit6AN978pKerY9xSmbiRx35qWoGa2WK3iZ5ACcsXbAxW4lHagmdH
TmcIB4qzzHdsYQ/TxLcUioFx1EooiNZ59Asa+Lj16QgMAyDF9SZ6Z8HhQGwIBdub
HNvu8+f3/D70I7/DreortuwSvzV370+OBb0knoVZcG+i7DlAM64LukZmety9PJIj
JhUVdvp/haL7FWI7zU2Aj5j/kXGKjmYlb3N5Zes3I+MLXdL+8qqeOG+NsQR0Xvxq
xEsgEUyqaXuMwJfyPFw89NkF7oj3qqWlbnLGBEXcrXRI28Urkpwet1Z//p+WpDCF
AgwDC9FRLmchgYQBD/4lskxdD99hF0I5Zx2h8Lt1UqXI+lMROqRjjTI726Z+R7xK
2PEJ4l2neJIP02QMm3HTAOQJ5P5t0Lb0kM1vbBY8WOF3v6aLt6Va8pwBF6TxlfGn
5UUCUQ8nLwHUyKGAI+atveZCcUkyfhy3y4pMbXK6BQ+2tbLGEjFeqVeakk9e5MGo
8BwYbU0Rr4KqAeSVkYb/qCErycM9fQb07r8xiPqSnKuZe4RxolWfMTnwP6IEI3GJ
AteS6MdMOtK1BufP/XKX80aXIY9U/BimyEndmT4b/83aAid42xPH25BZTfC0r0Wh
EArA0CR2rop7wE1GQq1R+stet4kSyBPWefvJg3wVSpF3Xj/IsJHz3LAp452v18W5
rEWa8bzUT3vlVBjINhoqUJt4VHGx74kJml6WY334XyCy2xxY1C3sSD53tw3O34Qf
rmcV6m/BeCwL4t4rsG+vWzwaZSmjqr1D6H4JI9h2HvwXb45y4m28OewvAu0FMcyK
tpjxnwdXAOQC/GdgKPuM1eomgurGBrfCeHbfXHsu3n2LPTm6RULWKW4jzj9dbjCC
CuD4IzflExz8E+lqTBW4CppBgfCBDx5IIS1sv7YVfqFf1Upl434kknKffkmkq6mk
G70ATAlUX8Ci94rUv/JCokCj5GcIzVmKUiI+zq0rCQKxcJ6uLMFYZGQ9v34kQ9Je
AQ+3j+iSzV7DGtkdHI9LEAsLj6ZeFPtePULfxsHc3tjfpUFTQgurMS/QDojQMMEn
73sQEYv+ihSsV+WToRpgExM1ANIEZ5eFTloxKKmULkYQ6tiL8SIywxz1vJW81A==
=nyE3
-----END PGP MESSAGE-----
fp: 4BE7925262289B476DBBC17B76FD3810215AE097
unencrypted_suffix: _unencrypted
version: 3.8.1

56
secrets/matrix/secrets.yaml
View file

@ -1,56 +0,0 @@
matrixsharedsecret: ENC[AES256_GCM,data:0VA//FJ+vlFAKpMPIHw/VLsXMgN5pnGwqXr8Xow5F/I9R5IgVip7b4qUPx+PU32D7eeEhW8QgbrwjeqI5wrt3g==,iv:A2iAYeDRQf1SFyF2hEKK1TLakcM40HBJMyi+Sv0rRuU=,tag:t+B6OFe1gNQg3w6qlU1AOQ==,type:str]
mautrixtelegram_as: ENC[AES256_GCM,data:6i7JlAbz3OwhxQjftjkHB4o9YCYhMmnHNgRW0cnXLcMYsG3SME5b5RLOvGgavvIG+9HBv45fZRIICh1K6xZ1ZQ==,iv:FXC15XJZxwepIP1QEWceQlthwyISsiA89w5MXrxUDnI=,tag:hfnDn1rEhPENKDvpXH9sgQ==,type:str]
mautrixtelegram_hs: ENC[AES256_GCM,data:ZMXfosvSZlMs/IEVNfhYRWrjS0l4u2Fc3u+nB3nrTGXuQNXN7X65y8fbbzLVSX2TKgPK1HOiQjtTcIxX+GstFA==,iv:xQkD+152yfOQM0S9ZtlEb0VV8EROLkPeD54Y9/FHkzk=,tag:8qCOZLQY6a0+9bKP4PqV6Q==,type:str]
mautrixtelegram_api_id: ENC[AES256_GCM,data:paljhNLosw==,iv:D4hiwm5/3nUoNRdcN3yoJMGE3anUIJ8lEQYbN48v4/Y=,tag:SpZ/9phnQI+F5m9OTGxU1A==,type:str]
mautrixtelegram_api_hash: ENC[AES256_GCM,data:GoVLL22uNQMNxlesc3pmuSWxz6YVTMIu4VBnQO0Y1jc=,iv:WSOZlHrWCBgCdCl+CAsc+FrGzTH79+GePMUCm+0/FCg=,tag:Ti6MNpjBBbUnmtRIVAPBwQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1t2uj8arq8nnmd5s3h32p7z7masj2gqe5ec49dtr8ex2nlgef3yfqtgcnj6
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTUGwrb0VncGtIc1BPN0N0
dGpLamE5R05GQnp4VXYrekttTEFvQ1BZNEVzCjl1K0syTEQwTWZqRUVWREtuZ0U5
VHo2WEF5dUwvZlhJOWZDcXdWWDZ4OGcKLS0tIE1YRDMzbVMwMU1ZL0RjbmkyRm1y
L0Fobml3T3puL2Z0dW5EaEZQSEdZRFkK/nnz1NrsGqU0MYV+4T9gRMP/iMkCWWB1
B0yqYsJjUuWLIr1DckTF8di+uLIAwM9l/3t64dAsQPrEfkatGkh3+g==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-12-29T21:35:56Z"
mac: ENC[AES256_GCM,data:MeJ+FU+5AFMPrZpze7F0f5Of17lvNq1xdjOjLt4zNSO7qdwxEjtVLneQcIMMNAuDi5Uv20bCA83qFz7xPtwZ1Ftw36tySh/yrrsqTwIPNTZtZKzDvrHcxZsoi4VTvLnFR8b+Mxw+60LUxnztIPAHDcfbqaAGDaK7oKKZpj/jiMc=,iv:U73mNdp7vt19lHcjjzpSv6jaPMoHf3cwYi3SlbK5MdA=,tag:CwNHYXtBypDk5lt54U+Ihg==,type:str]
pgp:
- created_at: "2023-12-29T21:35:36Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwDh3VI7VctTAQ//UtkRIJ7tpD27NQK+pFXWjurxppYbyTtt4ZvBiHLkUTFW
Em9gjI2n90rSYdy+Nf4EpnaVRoSmjkjlJbNWp14GDfxegrmgSd2QY1dFCl5UYBLD
a6inlamwajmAlSHXW4JpMvbvSdqcnGX2AKkUvvoFsFrTCekqBRWiqxOW15MAKRLY
GWlJ6uVeqvyNOtEy4FCC4OOHb8yh/qHttboN5JtOukJtTGPrrN1W457sgB7SEm7G
df4OzynX9X7Utz9+HvIHTbvLlvUdL05ATVRJMa4PIwKUzWf8bLciZh2DYDEUOh5E
G6G9AL7t9E6kNeL9s2UCZdcxUlxzkDRvCoIPnrxpBSrLxkMCJkxIBlE6vemz6jGw
AB8wXxIAhDwMSQHnaa6jrFqVpQ7xo5vaOFQIckIl1FdCwyfd3X1SPwF16xW3f9dV
pj4gxDV9QlR+lh702TZihNwbVDv9+xIUsrOyoBPeLzgPikcRHvm6dtc3ueA+vo77
WR81K/3jhqgQJMKowRDr+tYxHJtiY5OOCxnY3pUElFawbUd6dZzmU8GQCMa8+TjV
ln4aCa8IwwDG95XpctOzMSpOi4OhsVh6kuvc8378xi5kOsv+d8QR6Cj7Ene0MAlZ
i8UpD8AQgPR2FPuud9gkKfEVW37F/PYLbgs25rN4gLpM20ca6nFiFAWUv9Qarm2F
AgwDC9FRLmchgYQBD/wPZ4CfC58Cwq4Qnvam+ddSZLkih/w/tYj2V07dXip4/+yD
pej09oQCqdIxC8NFKUj23MjKRS0wouMiVXq9Mo+iAp1ujrjQKY69OzfD4tVM7opW
5SXHHlXyQwAlgZOVwiuV3odbUip2aax31uzgB9aXtb1UXc5Mh2zdN2OdEJ9jtFGN
Yi/DHHdJno/hTgEvV7L5xBSDrWTGzvdLvICm/okqmM+lCG/HARng21TV/sPDDz61
DGhfGw8b/MuF5mTU3GYjUcVgg9+26YGUxi5SunJ11zuLNHwl7CEC67+Cw8hzkaaa
UapTIB5RlQP4Q8vI8436MqFrQn1D3GdZKrE5tN8pFoJRSD/uMe4ICBC7xc2Oq0XR
iwXsBKlP5+o0yvC278eb9FnHQHLHlExBAL+TkSt4fT6hbu1V6niGX8/ziac1r9Dx
mmEyt7QJA+1MIjT4MoQCQLVl+4zf/f3kF8WBz6Y60oTaiLgxwJt6YnHfVUl7A0OZ
W40oiRRHWSYdibTGVBS1KT2fA+n1MeH+bzw0PoyHDN4sQtAGj8xlY8/+lzBO8E4B
8lJp0GPoyxUnztNVXAuoTXp7yB2YxMFipXsGi5rirsbc22Nb7A8W21ZYx1mxG3pj
k+PIZqMlYA5QGfWST0ESDiWn8lSC1rH9wtHzzWjOTZfWaNSKumyUbiO+41cjbdJe
AcuaYiRLmC06pFLdZ4OS/iAfvIeybondx01VWSMmhFvA5RntQG3Hz9ke//PKtjsa
YizbQ23YPPGIq1wdcOuPq4F/LpZ/zQPZ5n9F6UC6cQf3RHVOfHxHZc1y0Tq8Sw==
=Th9r
-----END PGP MESSAGE-----
fp: 4BE7925262289B476DBBC17B76FD3810215AE097
unencrypted_suffix: _unencrypted
version: 3.8.1

54
secrets/nginx/secrets.yaml
View file

@ -1,54 +0,0 @@
dnsmail: ENC[AES256_GCM,data:sDKEORfYYHg3sXvQhs/2ZoQtIKpe,iv:DkzqpxVrFEu2En0PEwc/ZAAeAM927ZaX3Ll6eAxjYyc=,tag:+FrjolbwzCloyOyhw3XZlg==,type:str]
dnstoken: ENC[AES256_GCM,data:FD9G9D2e6GEmGzVcYAAGMia9m/dVIjXtdc8WZJ/7+F8Lwi0kQH/VRA==,iv:FMSakGp/r3L5MwhXFhvH3nTNY+B37XU4dMe5Wajs9ZU=,tag:cQsxWB/FGUbuClgrgqA0ng==,type:str]
dnstokenfull: ENC[AES256_GCM,data:5I9nJpwDxJb9QVZZ1YnQEBgYnkM1gCBnyhR2XSgVQRNejzd0NXAA1g==,iv:0jmRdEMg7S+SoOTserDeYsvh6fPq8k7VIxnuT0Gnmak=,tag:3EAH4xSoTTGweOyE0sfMhg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1zyts3egct4he229klgrfkd9r442xw9r3qg3hyydh44pvk3wjhd3s2zjqvt
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUNDJNZ3JrTzg5anRXZ2VP
cEo0aUEyU3I4VnVDaWhkemhRNi9vV3JwT2lZCi8wMm5wZFIrUEx1bmZUaWNFWXEr
bWxua0VCdWhRdVRmVmZTY0JDbjdLdlEKLS0tIGFVaXdnVzZUcVhkbjBFOE9PNFZv
SHJwU1NDSVg5MENDamJVYndjNU15M1kKHuibOTqcSUBwtrQVj0xzu2icc8dOxRTq
uILxeOCwd8eX/hyuyTe/9prPD/Q9rlwGji3gPJxEpm5X+R36yN4hWA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-12-25T01:23:07Z"
mac: ENC[AES256_GCM,data:18rZUjQ0LPsMZakxoU5DICZ73NNCM1Y0l8Uufd3e9sogwS6PGOXqtK1bq7yTDPsjsa+upIalXeuqvldubB7gvK9NVr6hQF2rOwVmzROTQVE0G61bTyOCzqqJ3BXdbbiCK7QBXZcboiOYeCuSHinr8qKrAQDATBj7myyYdLyZcdY=,iv:tiBp1JDu55jsfh6tMHSQ/3+hPAlpCQdHeMNxRWbwB30=,tag:iaXBEH51KbyqHmrfvQEJpQ==,type:str]
pgp:
- created_at: "2023-12-22T22:43:24Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwDh3VI7VctTARAA0d33RcKMjMVlH0X0rBK5eIDz4XufU/E/ACJZQfqmzKla
SVF6xlYPVT9OYYvYaoEy1nDwd+bizPaGkp0t4o8Gh7BFRSHOT9f5lWggQ3SvPT4u
F/zhssgMWgVktAgimtlC593cYrnn/TbIPls7iLTstJznYYsGIFmD0UMcEeM97Tg9
pgusMstRkRYrL9TLNeumV+KoUoHbh6G2ZNJXBOhA9c5d5CiCYicfqBHSbM0TSXH+
0AZK+4Ll9W/Bn2b1gTPwVzVhtyqMYOklJXoP6xhJhh1niO4OJwhkgbc5GFRmvqBl
lequVFZt0WH0HK8hcyf/HWZYwu/Y5tXujI+Qulov5KRkE413Zu70l7jyjwsGAojo
e+PtUwhH/qjGhD7wou+4fE6Gz3RAAnkqs1081RmowxzTpfRHBTxrk+PheFVYoyQX
VTWtr+DJRPyWyQ31Ljdaw/baci/8yfnViRhA0rY/XdsNGJn8BjLXmBmrMMYPudrf
hykvigmsr1+exwFbpwXqX5BDK9urvsagr+2oDIOR3AEEsBkShGrbqWi1U+syX3Y3
g2bmoxD2W59+ODWfykTwhDOS2ZQ/PyI6Kq5AKdFWSOAhrwvwmwBt9hE6RAuYSoc5
Od0BnY024SkE3WPlw+o9JZomPcKN/4xV5SzUZerB/5N7unP/3NQvMipvIt4SCW+F
AgwDC9FRLmchgYQBD/4yXIyRjhn0+41CgcfjWjqb8gyQWDq8oSUMlUSo0W7VJqSv
zojbWQ8YoJmdHWCazBGi6dLxaqkupC2YyRlfVgCvjlxfvP1b1JlLD5/QKfGJ+rzp
ZFC/FrzrHKLudutAZ0mwqEK6WC0zKLytSkpi+IKtFXJSbtagU0jETIjfYuKCxFZn
Sp/qzlbTfNdm50Gx7b6b9JmJEHwa9GevTVZER3e41+8beRFIocDnfBx1Z8FFTVng
F9fcc7/aNcMLBY8lmSCpPSpmcu207y3S9SFJsrLF+qOKcGKwZ5xnLAYAvAXY+EFo
19ltQO3KyTsKjw00ljSdJ/kPQPanOlsDDlji0cQ2HgJ0rTNd9CNCLg8XzoCJh+Uy
lYImamgYqCW1BxBdYCt9+LPVpxR1D78oq22n3hKeKgJuSGzWXE7oIi61+jQCucWP
2H8lSZ22kCzjQXu8sccNv1saOF6M7dnFhWAbFTuXaSUROBUnfzMaLx0HcI585p+X
oTrOkZr+pgKFIeGYhqXqJtDhKvCkJ5gO4mu/qNWqxt9TXOYEiEnd1T1BtmfFMMr/
Ed01waKAxrqkED853CBG0L0ogGd+diMpVL1TBVq/9Bf85P1CGB2RsGgPl0eFkjck
4KR4dvmSykZhusRRdih64ksktB/4quEZ+FvDxy33+OD4gO0NvfSJwKAEBJmlf9Je
AXCKsM/JHpqgBJCkJnb8gBYlJSl02BCIMmdhBLulqZA81KeWazu+yXEdfR8mbBks
OUX8+f/+cZwFVB8eGtDc2BKqL9mudLVr0tHfoEvT6i6mRfU5olUkSforH9urcg==
=aq6G
-----END PGP MESSAGE-----
fp: 4BE7925262289B476DBBC17B76FD3810215AE097
unencrypted_suffix: _unencrypted
version: 3.8.1

57
secrets/omatrix/secrets.yaml
View file

@ -1,57 +0,0 @@
matrixsharedsecret: ENC[AES256_GCM,data:fgHmBP2hprqpUE4TmoBDv+Vd05sJDbAJWDs034Dxnru09aDPwjqPnxCU+nf7Mqmnd5/z441bqG7hPdKM7H3SSQ==,iv:r8wos/EZhjw2Zf2v+OAvKlWensbL4jqU04CPoc05Y04=,tag:epKklBJ2hPdKsMCROmEaMA==,type:str]
mautrixtelegram_as: ENC[AES256_GCM,data:MBS0UzGRIOVZ4Miqrwz0bbezNuqrlU96QyN6T60lOh7KgNUTYR0eB2Im4tcjUvtTVhkM5I4t88jzv/WuUE5oNA==,iv:7GUcJpKkoKsp/wFzFSnPL7S1eU2Bfzy42A3hm4WbWu4=,tag:Z9621h5+K+PQgZNt4RYyhQ==,type:str]
mautrixtelegram_hs: ENC[AES256_GCM,data:p4jJxkD43ivaRQFMSAtzEc/ylYZEuwoEv7tIJZtcF4cJVvqDYDWjAwuu9QXHWuEqEs/djLHjx82KfdqDvpOmxA==,iv:MUTNSyafrWx3rKn5rMStuzZAXueqR9gBCgYUu5DFBy8=,tag:fpVYokTTWK/Snlx+SPWkBQ==,type:str]
mautrixtelegram_api_id: ENC[AES256_GCM,data:CoY2x/2icA==,iv:EHv73YK5H6wAOF6Sssx0hulX+cK9IFb2GOoOTKo5vO8=,tag:wWiioGdAe/F+Y10FdNJpDA==,type:str]
mautrixtelegram_api_hash: ENC[AES256_GCM,data:WS6nrYQ+g1MFsiwHQigEWWFk1Xvv3mS/cs+gCIFc8V4=,iv:6aJ2XqmBedDO4U2/eG/Ne1orUDbyGTC3aFiMOYTWfj4=,tag:fgs22Q8aCb6hOof8qZj6RQ==,type:str]
dnstokenfull: ENC[AES256_GCM,data:XffZv2uZKdIkNTwoO3KqSvoJ2R/RJqHYRkLxscXZyErHu3WH5EU3Dg==,iv:+ME40HBH6L/uWwqHbmW1PA3Y4p+dtcCl12UyiLflGX4=,tag:rsUWdOiBOyFCshqa6MUIng==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age198gj3dmryk7sya5c77tsrm3gdrct6xh7w7cx4gsfywe675aehu8sw2xw6q
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlNlFlUVFhOEJNdWR3OWxl
RWhza2ovR1ZCRXRPYnQ0MDJKak9qZTV2WFVFCjZNSUI0azBSMi9MK2c5dE1xb1Z2
YzBHMGpCU05VcllQNWJtcFNUcThzMmcKLS0tIFkvcGU3aWROZ21KZ2lRYmZlSTdX
d1JqTGFiNHlBLythc3J4RjJLVDBhYkkKz56uLu8f+SblqcyRhU0Lvjoh50h1BQgj
L/R2VaCLZEz04/AzM08bmjOpcORmvPTSqobeKDrh76vp536SUX01XA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-03-21T01:56:14Z"
mac: ENC[AES256_GCM,data:Ce27me4iu6pMYYekgT7C1pKYJ+cdd1PQAb4Wyb/w9rrgTJeTrQFBmYC3GRRcpijwMVzlWq8KampuFEAiGFmuLoE+G94nEbKZskKqbV43BWhrdnthoBoPxizwRLhEOOi3rNJW2L26TNMsjDG4kelfhxFbKYetdPV1M73mBywxWr8=,iv:MzuzBom0YikkDCvjsYUR8VuN/JEX4+ygasgUU6AaPtM=,tag:XDmxmmGcNvNhfXqLJAoxxg==,type:str]
pgp:
- created_at: "2024-03-21T01:51:54Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwDh3VI7VctTARAAssl+AF2Y2zr1/zWquYmB4cZolN99Tr1sQjIbHPEDC6ym
DnH5vHx4eGc0svrAL0Vv3TBQ3W8gS5w4EHSumxa0oerfVY1bwk+BN5nOHgg6l7mG
LMA1H7g2QNNEsUTH7IuaOVWofsVWzhxZwZILUEQlsYWLYkl/hz2aOZHiOTLTwz1Y
RtfbRzYTf1jYg7lks2elrlmhd2d+QoxoYxT+tg8oagaVM5VGDRS/9evnrZ/E3fNd
87BNUxc+SswMwonWfuLtOkPPo+jckVy7yg0zpZn1p9vnYQAyuQy52aRjTzY0vZCq
DwW46Y+fgHnsfI2Ym03pL32Z1lemqqcOKXZc3TJRv/4a+dcR2G4j6sckAg6al1U1
P0fcnOlYpO+bWoy35l1HD0sHLIn7+PE1JfxzTcvvWrLz/w22/g6RwG8uYg47YXnt
uKxIYmQUGSSDCDddnF8xwuwRzyAVUgYZr71jnwUtiXURW6VorUtA69O+tdq0hLZR
wW6zJ1nY+cJy3DKfnlrrPEOIjFP/OBibftB7CvqYG4xAgKjubAq5MhB5RpRajC3L
aeuUCKEe0dzpBFE/g10KQF9OFUnptN0LfrLcAkMjKqyXmPdbMKhD4Obhv4lJA0Ks
v+SbKtKWohGA6nzt1yrOvzFkiAkmj6pa9DEZgQ6jKumTTBi4mSUptezI4X3VcmaF
AgwDC9FRLmchgYQBD/41T1tegaRsb477ffMtHlKmZguvPIviJQoNKbUvlcXC5+mT
IsJEwhanypP7YpaWNlvep9Qtr8/NplkIF+n2uB0cAaZWK3dZsKe8Erfqik08oj7N
yGYNgm4ykC3y/TTJaX+xcmRrHtGAY6RNT/TaeJ2ip8DxsHIwA8wqFmnVqLXjhmFl
hYV87+mtX2M22Xc/YEPsvocbWiQCyLHLVQsS1VfN6nRFkNi/pc5lyBYxRRKa7Exp
azfRUr/sWkFtwPptUdA5l7Z21nVBBd4GKrdwbbn5u6mgH4GIwqAwFk9U3RWrCAEq
vcEekyabBOFAm1+Lt//FYtL/nuyN5Pq6p87bxnh6H3IrMdmkwERI8O9IYdUBOhNr
cx5vPH0oKxkdznc11xHQHyoojmCuerPzROlNNhL1knI1XalfKCxfZhYk3VvYPnmk
maEsw7zbwmdtKi6F377Di08jhp60846zvXz351rLPolaFAlAxp0BSL/XJEvxTd9N
wPg9tR+aC+6yQIJeXQ5q+pzxM2wSwTcIAcBxYj5eOB1/sehKLraBBMtZU5IyekiP
s7I7hp/gDD3BpFogXf3BU/jtHz8yPv48Z3My4N8YkrHVR8JP55xpBpGuxJ2568bC
R64dhas0pZxJ9rnq/yJmbadmcVZpL7wNlZnNGgyTTJI6jWAJtqhKFi5R2G+3fdJe
AT8Qvl4IZ1IMfR1TMf0w+uWDAQsxJGxNqTlHwgF2YiHZdC7YA8npEDLzFSeYnzls
pJmMnciuK/enCETBuZInYojD0/ZgjayD0ImAfQDbFplagm/mWmHjG70eef9ESw==
=ECO+
-----END PGP MESSAGE-----
fp: 4BE7925262289B476DBBC17B76FD3810215AE097
unencrypted_suffix: _unencrypted
version: 3.8.1

52
secrets/paperless/secrets.yaml
View file

@ -1,52 +0,0 @@
admin: ENC[AES256_GCM,data:4ltsTj6tWqw3Rx2Odx7e9OH25yzeBuIRrQ==,iv:uzRdWh9g0iNkjjo5Nrx7lVu8vZlOw2r3WJ1PXPEm/5U=,tag:Xv2Qwq/w+DYRYvXw+Bhnyg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1j4y7mwh6hg8kvktgvq5g3xstnmlnaxkdhfrps8lnl029nfpr03dq2nr4cd
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1UWg0RTZEZjdhK01JUHI1
TDkwSUJwN3RJMFM5WTdBU1Y5NktJdXdrMUQwCkt5Y2hUWkRLeWgwRTh5YVRFWmho
MjNSWWxZajB5YXhoc3J1VFVqNkdPYzQKLS0tIEJRd2R2d2xkNzFLOGE0Nng2OWVh
NVlkWWRDUlQ0Mll2cGFFYWVuYW9VZVEKBHP7b1vFmVQGwAEfI8o/cWECr+qFUB2q
/BNRW7fcyLVrPU9BvqTIo84t4rvUTqfG3K/fdJ60h/0N6OUrCai0EQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-02-05T13:43:43Z"
mac: ENC[AES256_GCM,data:tHd4ZbDyhBowlztWEdY+ohp2obLOTXDqZ1ROOBYsXO4N6glMEYLiqxKvpZ5+RcKkv/GIrFSvGS3AtSCCfGhAq9YVOsICpx7JJjbpbnPR4d797WIK5IauHpTSeTjoOMjVzA5O32m6Ux7TSk5Y1EPwcgOfvd4Ah0SMrOblHyAi9H0=,iv:oKgwFUC523K/s/05SmWY5uADd8n0Qm2mz8WJB59uA7E=,tag:Kx2NCDWcB82OUUGcbeW21w==,type:str]
pgp:
- created_at: "2024-02-05T13:43:25Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQILAwDh3VI7VctTAQ/3RuSGSlr+pGQIrnWIjZl/i6ZuMwHVolIN1cTshchZ/Pga
j9teHAYZWnQ9d+bym3uxzc9S58U3sNKU13Rpb8zPOrlssa4sLrt0cTAQRzPLIH/b
66SSWHm4RKzlDaPHrY/iVYDqEy0/zLmIxmKZThfCZIVsj7g5bvP2Y9iNDR3EMQsf
rHuMePsoE0eUvudgNWuyuUSBdRX3JK/lLpe3BfXmkdZgMXWKrFwKuv7XevDquRVu
gZ6SQPShASN3ErptDBLoewasCDJuzV0wmgGB0JqGwADzjRnS+OGiBAYJB7GDjLoj
iWLqy6xhkboFCiVgEyF51u4MfVAgZCWwVRRDrzv8Q8L93Umm4Frp0J3hOb0rC9u7
UJCt1/VcsQ8VX7wRyEwZWWktIRb07yMIKoYsy7q1J4qU0AjSNVVX2y1sFa6qi9Cs
b2krAzRhzV2qd7V2QsoOSTO+RePE5qD6OTC5GeXaZoPaNoHi8u3SLGqWVug954SX
rNJrcgpl0VkoYlnanuA3s20BiHSpAk/9RiosXCI5kg8XPikp2j0iB/8WuKnMWlc9
40EZRRaXQZF0LMxdyE+8QTF9CvUCCTOkSfrslEXd6gpX8GB+KUdWyMvqjIamQ6ov
7Msuq1gFKtZulzwZJ/pC6TbmSXMt3MgHu5vFqOvOE7UEWwY+FVwp9WZtwX9OQoUC
DAML0VEuZyGBhAEP/iqLYs6MX3U/odqG0IFCayIdbGDoU8+CvIehPnTJKilzW2AW
QpTqPFUI8arz+yPQYmKI8/VwPELp/W/iU1DNTlaWjXSw/nXmQMB0MERu0ZqAbZ6m
Z5n+j8Ggz56I6EX1PpEkAXL4bmSM6iEsDREkecML/ZTNy+OeSodlEq6A0jGYlQF2
/mmsUnXj+FSoLoyeIlJNtr3HrJNzlikWLczP4ETxeYscqunsQbbgQ6c2xHrgSLrQ
GbVuxOMFbP67B9DyCKnsIQSllps6lFIZUTDeItzUNuiClDpTChFE+GJyTE4iB+Wn
MgcxFadezGhKPVPyEgLviv/gudGQpLxJBUGHdfsv76wAno5IrSWWYt6YdjTpGUE6
n//fcV2jHV23EhfnUFyPiQkLlo49vrtXwY6AhAUYfOOTlDMyQJ+humXWnpqV+by3
xFTq2lCqz3PqmcBDSUIgTGxUDNiK94pJVQC9uquQwXbxRYMpXuZLFB/OCumMWDuN
xkqe6XYvx7PR9GW379OPqiAPB3PDyIRcwcOYiiycyFwVOrMYlEW67ujI2Kj/8EFb
5dncfD/TgiLKCYH3lxFvFk8ddun05WozDk1jfS1aDVh1ZWndd3ByRNe5q6baARoO
KwcVHtKSPjjrURk+CbGWzDvTAgvURSNpxJ5ubGEYea/E7Jb4JwEUURnymRD90l4B
gcRSQrYEI0sAsMaa7WEniMwSiOUJxb2q6crj6aOasEE5NSaPrG+zqs/emfDhfkHS
25Sx8KwuzctJpCq0ajnH3yYfuZyL9euBFvk/SZ9bqDSDzXSxm6wKYZfWRf71
=W0a4
-----END PGP MESSAGE-----
fp: 4BE7925262289B476DBBC17B76FD3810215AE097
unencrypted_suffix: _unencrypted
version: 3.8.1

52
secrets/sound/secrets.yaml
View file

@ -1,52 +0,0 @@
mpdpass: ENC[AES256_GCM,data:oPwpdBAg7Z1kfLm/awaTxXKZTIVWMQDTUw==,iv:jGWviJ+zwolzmYUkjfiFNepEPXSw7oJH530PaEV+GwY=,tag:nUr7TJCgkumAUZ1JrziI/g==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1w7tfe7k0r0hm6mzz0kmz8302kfn0rlh96w7g6zwqd4muqg7u9anqv07745
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwdW50NGJRM0Z5YytVa1pQ
akR1M21Ib3pyZWZWdUpCR04rb1pRalBiQ2tJCnNzajZpbVNVZWRrWEFvU2RnM1g5
akhEaGZCN0V5dHR1Qm9IRVZvV2hGMUUKLS0tIHVGWUs2NnpTYlFxa0p5T0RJTFB3
eFdSYkpPbzhGU0ZiM2FEWUtqcmtOa1UKCsQiVQpSI3GWpvU3zlvKSZPbnDbVNJJl
UFpygD0jqPWUvBFqALHKh8i3Li7B+ItR32IUO67R1bigS8HjYzdkkQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-01-30T20:54:55Z"
mac: ENC[AES256_GCM,data:XhknSHukwELPxfdskHSu6ewK1keNl3lcMQW0PqXqDn/ZxQtjQX1Dj5lez5QMHSFq5UAzXt4zljxRNvUtLNfnRBpTe5vWCgC7Bt1ZHz4ikmbp8/VCMteZVh3rWr+jM3j0eGsTo4LZD46IRUN6FDhVVFb4fCiiJGVKAusFonjaYOU=,iv:IP/iOv3Jb2O0PT96K4gBCf77PsMl5wt5V0O/xOUwnRE=,tag:enWN7CAMvFMvgPGuhqu3iw==,type:str]
pgp:
- created_at: "2024-01-30T20:54:19Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwDh3VI7VctTARAAlhqb8zkCNVWJ3Iayj4IvqlHe6FZiYUtu1jucKh0Yniwh
LmctvOhIwB1UP6NEeX0ReqbMCBJLpB7Fh661RgYguOA+mU7qB9dkTi7OMVYN0fnS
OXeAl2+9SKNO9Tel3XqFtJZ9eCgSE3AR78U55SH8lhe+243U99+dXBx20Qzh8fYk
YGggcMhzJewou9OziOdQtq3hKh6BDlOPU8VEufreeoQUN3CDbWXeUzbDbH1Z5lbk
Ibp61T7RZ63IcfQu9GPWxyaxkCw1YOtbRxUN2H1BYIGjNuGag7Q1dRud9v1iQPAv
SN1JWq6y5q7zxIYUVliquMsiMRkkX4mAINnY6fo/J4aOTbZCUyO5bsqTHYjrsUwW
lDDErVl5HS4iAfEGZrKRlY5b9aZMZ3o/+DxEa61mvl5nFaSvpy6zQXV4TK73B++j
3EqUji9V3RTcKXKJqu5dNL5Sh31GSv2U8RADpbPh2ned1igx+3DodC1RL64z/jP1
HKFbhz2hYhfKxPLQTcYvmmrQbICjjuLNP46hQy7Fkk1IvPZw2hDEXFuZnKsFMLPc
tnIC4/yhnykdDU6Hx/LQbSJWs69daN+M2ty9fjqvW/Thl+lkCb89I9dA+H5TcHF8
aFfosBJniw7Nm0tUOMYCtjh2lRYzs1Hm8GyYmL3SXkNq41n8kIF4viW/Q3SVVqGF
AgwDC9FRLmchgYQBEACiTLmTrucjVeNf5iRI+n927+S0KOqvjRJSAGC/2jjRQBxG
8pX725XK3EuYHB0pWe/cwat/XzgrKbHhHLTOAoZLXkL8mailFYqDkyPWyY0KUOv0
reeGO0oQxbbVaurtTsXVfNvkHYeAPcIgZoHgSaPh2fTsxQuvBpo5El7Nk6EGWp6R
I/obM0XMS72gUnxOEMReyk28C5xncsQXmC02NK7zvq2abKS0mv8KmMR7nvLWg0nh
Hy2Jh4e0B7CvMyLOdJo2VXBxoJhb4CGoyidXg8Fq+fHQSDOFCF7Tb2bgCfdqWowK
ip6CdHnj8mj331LWdpW/Yo/TYDN4fnVVHMO9aISiC1S50Lb06uwhJlBYG8HnWJ3Q
JCbftxDdiToJA0fDq/L+sRMcqN/l+WoaxS8PsmSF/6xuQsa+bt4S23XITQkWrtx2
S7reh/xsl9YKR1L6cxOUiaazuYn3aGlUTqSY0PfGVsfVo5+vN95q5SYOqqx8s8+Z
h3jFLe2cGQu3yOSeUhHJYBjqho3dcRW3Mo6crCh0bj7LSIoeIntCC1G21MzAcXoL
Xa+u/gM5HzPQ0Czi9v/bdwtN9eELEx8gOVvq7zhJTM1ot+hxyt0XAz6nCkkVLr3D
sasN1xs20+VsiRqqKwPpNxvDwkSyt6zMHf7zDxVW0YhyTqiIHeWSA4f2aqxqstJe
AfxPey5NzP1PX2ovInUhaqVQc/L8u+04aJa7JFiW1wjZP6BesPiy/mRA7rBMUmE5
tVlrec9utTLVp7aerjuODBsDarVILmFJetgDPb7vI42BvxTpjjCiJJjXPXQzcA==
=6npP
-----END PGP MESSAGE-----
fp: 4BE7925262289B476DBBC17B76FD3810215AE097
unencrypted_suffix: _unencrypted
version: 3.8.1

53
secrets/spotifyd/secrets.yaml
View file

@ -1,53 +0,0 @@
username: ENC[AES256_GCM,data:8c739M/ygFSYP/xsDovnPem5wrUr,iv:LarOsdIzdz7UP2WtGt08bBTTZLo3Ne8RQM74mFJpHLI=,tag:r8GrK0d8+7C6m74vJ0X3mQ==,type:str]
password: ENC[AES256_GCM,data:E6CLOD1IZUzsjzQ=,iv:EL/EvTUOTatCBCZijCrnrz8ZIeP85znZWCM0PpCJ2y4=,tag:Dlas9VApM34F48l5/CVF6Q==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age16d6wulu4vzuawvsnqv0cqjhxdz9e20qm3xdnzq2lp7787srl8shqsqlfps
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmaUZRRlVoUE9PTGhSbFl5
UU5GNnVqcm81RzZsaGNwaWc1ZmVKeHRiQldrCkVNUmFGeWhIaUlSTkM2UmtUakU0
S2VMeGM1K1pJUjZJeGUyREo0OTlvTlkKLS0tIEw2d2xRNWsrT1ZmYkpxeDlwUVZS
bnk0T2dPRWFrTUg4dEpORjZLaWRFenMKw5pkVC3jaHlACgH2vCGcwoGP36ZRWfuu
yI3dITX/r02hZnDMuUrCT4W38VHhSYHckUs0NnpkkCKAL0CREgSo9w==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-01-30T06:13:01Z"
mac: ENC[AES256_GCM,data:IwZsL3uIw83Z3AflvpsqH0ML0VCUeTJT7AWzCDORFOxhyvWhzGGBnUHQiNOngKlepyV+WKclMOMpe7aHI/lMZXjA1cLiY22A2cNV6PCjKbnahzr2N7s6XyZ+9de0G7EIdR1fMR5aMECUR4Uwbb5AsOMVtO2wwhldBF3jn7pQV1o=,iv:wRY/RvhwFKECNSVt6xmGD6RWFPFuje58A9OLkmSL9II=,tag:cpBmf/1z1CnxGLY0WBvEQQ==,type:str]
pgp:
- created_at: "2024-01-30T06:12:12Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwDh3VI7VctTAQ//QgyjJi1IFK+0ybpoeXE5nAbjXxJipG9viMhPhh2PD4wc
ZgCynE+sox+vzA0mzK72z+RqLAZctCafISjTzpDIxupz4HBQHjeWGHeZH/RqH+3Y
x0Z75Cv8G9n4S9SyDaMPN4dWC+LJ8SP2oMZvQ7G0HcZntHdWH7lcxQfw1WvbBx89
obZ+duliV3QFsBMYT/Yci2z1mgJ93SIhFRBVv1F3VLlSVGtB/6uWNKgAtvgD9jls
VPO6XuUMIdyv+vv1nZ8n2gBOskhoyowX08w+ztDiMure1kS5LgsDxm7alx2eywip
HIqxpTTp0HTcWy0RIVlv0tnl00PzVRZ63KKGRaTmrNIfGHdE+qpSJdKWd2SuCimR
Zje7mOTPtqcE2TnTy2auWgRgOHaw1Js52Nwod15Z+3XotumMfFdIbEvbFOoew3Im
gbj7/YeTML2BAiAE7VnzVMTelB6ElqcFM/ZDfHCxFM3iWby5XZGyF90rBk3v/Z7T
tc+o+ImyvVPjFDJs0nizNDwEtTOJKCyA+KHfznzRw1qRYrSwUVpYQB7q8TvH5IcS
f2s7rySqpNp+79XMRPYoimw5tFebhR+IgSBZ/VdjwWLBXaebAdu8Sf3FtfLvGnD+
CujOYuq/6t+EpSsgAOH3D7QZ9BlFwPFA762sSBqa92VEm1BULDZpZ3nB4qsT0/+F
AgwDC9FRLmchgYQBEACfOZetLUBqqa7Cgb6b+DZig+PuLHaCq9p6LqQPFmP4KL7M
/04xEAvL+2Tz+PhuNY3YtkimTeue2vZLJD6hHfxCYJO/GDr+ea2Rv9g23FvEFulw
klqRoDYCgjHp+Uk+9ux0fS8FJsDmQ8ZBPClx/OPGQTdQJ7sXB0AF+FT4TJY7gQP0
7+kcFbUwkXHH8EBw8tTnQHakPd1AIj2EVkMTAlU9mlZcJYmoCjSrH511zz94eQnR
L1J66vckCCdLPhrOq+NI8LTTr4ypjHRmJwW9TBcfamdXnsxZBrl1QTq3AAZURRPL
K7Bo6mWHJ7QBNNUnY1bKwpcY7zss7KzKklgPLuG+GxLZHfyKBMOe6Y/xLvfbtZ4u
sOdZSTrgruU7tuejPRlgP6eyh+yE9MSLJ0p4g0jkKf7qngA1Ec1IO21m7KnmqQ3a
Gr6+rI0K0FCUIf5q412OLg1cYixmlqb0Zfi566rJPYoHEoRhWUsP2ndvizNyULPJ
ocCaxEEV/kGk8vUwnSsb6EKfJxo3P0Xp4uFQ1SAhexbLXrqqlaLGYxulrXgwwgnf
55Abk6B+O7RL3V401Phn4vRfzrSajzlXDUwFz+TPy6VMY+yx+FweIedjlJFTMtuX
3EUyYyl6fuvAd7qmN6I1HlwVEJFEeMRKKxt+ufGj1m6fiqLvcus8Xw4r40zDO9Je
ATeO4b//yaoIs2lAshj2p97mVpU4xKzd48NOmuaZn+Y7/3m5xXk6vdb2dK2Gky/V
gSf+7TfGBdOOn9zlKxmuf9Q+HOyR/AbCibXUvhL6Ni9wqRHu4B0P6jIrTg1NCg==
=v009
-----END PGP MESSAGE-----
fp: 4BE7925262289B476DBBC17B76FD3810215AE097
unencrypted_suffix: _unencrypted
version: 3.8.1

57
secrets/transmission/secrets.yaml
View file

@ -1,57 +0,0 @@
vpnuser: ENC[AES256_GCM,data:7wytXrH3c6s=,iv:yoaWl5NCFuF/Ic2nkFXpvSZj9fQCHRtzKOHef+EEolQ=,tag:jzX5ewkmAHZhJMaq2ke90w==,type:str]
rpcuser: ENC[AES256_GCM,data:lO3735Ynaw==,iv:PDhpAifNEjKpZk2slowOqVUXxaVup+ZLrvGPq80RV40=,tag:8sb8PxZrEVnxhFIRu+Q/FA==,type:str]
vpnpass: ENC[AES256_GCM,data:pTnZjMu+fCJMOQ==,iv:aKLOtjJlXsr0uy+5OrcMxMBqaU8vwaG2Vcn6SirbYas=,tag:Pv2D8Qn+a7ihz16jSkUTbg==,type:str]
rpcpass: ENC[AES256_GCM,data:nknsULbLZMo68c2P7lmWBEZcyaLqDXrU,iv:1NUnew6AL9kmBTnLTXgwA8cm2AO85He0I2fP2oXhrdA=,tag:G7YgBNR7h7QmukVQLhG1pg==,type:str]
vpnprot: ENC[AES256_GCM,data:Ue2A,iv:NcYpWxPWhIKewOde7kYS4TJnipnADLq9+7Pb/l0xgkU=,tag:ACoL3u2gPHXaM2HlW9Msaw==,type:str]
vpnloc: ENC[AES256_GCM,data:X83semtc/SINDnJblMZduEO6UhSTUeziJRHO,iv:9u4ddDGisgDLlwQGQRL0AZHo1mPD15s6+X3qn9gDf4M=,tag:OeLdoXIDrfxJesJwCEWI2Q==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1wevwwytv5q8wx8yttc85gly678hn4k3qe4csgnq2frf3wxes63jqlt8kqs
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNc2F6RlBjTDRLcU5FYlhQ
c3ppdFI5REZpazc1cnFubE5iaUx1bEFDQUdFCmM5R2orbVUrSDI4bzgxSWt6amlJ
NkdBQkM3b0RWSVFuSE9GM1NsNWJuS2MKLS0tIGtWdi9Qd1BSTjduWCs2dWViQUlZ
UCtqdEMxZmIwVk5wY3RGUU50NUNMY1kKuCCh64itbGbWc1DrxV3BupImnZoIuqga
eC8BcM+CjEmeXDb+tAo81OADCVnnfH4UP1gJ5hHxn5rF7/zOkljXeA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-12-28T23:15:15Z"
mac: ENC[AES256_GCM,data:BS7Ma6oSrJxEMYHbCtEDwVePqIhgmgdWchUyVZhf/dlg2JJfE87gr9jDZrlGPmZM9pUD/gDm8VO1wtOLx61jpII5m1bfSfq6O8XEOQ+cLrJDHHaDo0JTF/TOWWpWPEbnNLpa+BjUb75aAX5Y8+Dw0yAqIRIGNxoanTbyh3NuZyk=,iv:gS4xdaF3DWaJ1bYBBmHgXfHrnr7diw0jtWVYR715RGo=,tag:LXDDCP7k/C660h2AzbuxCw==,type:str]
pgp:
- created_at: "2023-12-28T23:14:56Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwDh3VI7VctTAQ//WKTeke13O+mZdeXrSaxQWQQ3gex86o8+hIDdkKxvUR/x
bATUaNh0GGU5ovosDFEIWM9F4FQzmAidYKl0i0j9zsR8tIj+0JH1ahmL0oxM/xbC
sh8/IKczRsPQjZYrO7g4fH8Is2d8zFh8nWIEwDuEQ1/TB6hzip4npKcLlp3hqsLx
5/SwQvSSh3q6iND0YFLGYKwtlNV3ZhcTU0TeaOYJTmzaWU/XjsvTL3lOcHpVtXsY
IK6/b5bitB28zR5J1h3zpHiza+OabAlG/hXHkL5q9NDb1qkmkgxZfbBC9qJiu0ke
rBX5pPYF1yDZF/3QmCmsId3Rx0vEKJzw3vdkqHje4se9zNbnXJ968Gva/3QJJF81
iYtetvO4/v3BR7xCwfpW4V6CnNQ+N87T0N6jC8racl/GeCiFmSvSUmOktN06AHBm
JO6Ie9vmzmnVH+sKMvRtFETzkqcxCsgNhPnvnGqzDZFf15nJAtRjzYTjMrrIEyTO
MC3V0GMOrdkorRPBbCcXDYC54sorbWuVdjxSX+pElvFO6XKhZJSfnZO2/QHlWU87
1EvyO0jS7314vwksrU0965nQ+uJA3lLZpIK7ZivoOK94Oo7lqi+IVbyUOKeQTRBe
USITZY8gTcGDvTGBkAPVBEIJMHOu5gMdPh4wbVwzGXwItSGfXOvh/SaL47AJ9QCF
AgwDC9FRLmchgYQBD/9ZsUCvmiC6BbkHBOSCpyksC1+GQ0k3jUMV6VYt/tIqt6a0
ILU9Bw+jkOfo7i+t/7uTp7wXyb2JwsohiP/YreYDOOCHxXdJJExBI/tOXoS7nKC+
dBjKwIz4BPDQz/1METECNoB3v23iUr+GeKTI9gjOO5btEh7UdiKO3inJttSRqVE8
/kXN2kzSz9VY7W76h7JIMuqhmzorrn/FmSaZWZ4cWW8wvgkQ9mf96dwJElXpZ6I0
JyPMPpnkd8UPI96MXJbrLToFdmTHgK2TQNmJKPACe2CEQFMvfADKpuC6vq+OckxD
oFZqr+jUsXXGXJUA9Zn59Pcw3FJDiDfJ/4/BqYgPx4IMU7pdp5UEj0PE02BhCPl4
nkFHRqDA3oynBLFaKXAPa/ND4WLaF789V34RTOBvuiIpe9sGhI5gWhIuqW+eZfhA
Xtf9Wes+FDS+23K4zZ9aB6oTeV0W/JE1xAQ4NYCilrfsF3rwx/x4WYspe7WJjvGJ
e/LzfCaxna3gf6WyY+5Go/PI0JlicrEuPK/DWi5dTlgnx66mcskO0AIGG6a2syyZ
i4UvX/h165NbzoeswyHq3Mz4r/6WXpzO3Znb/pyfdAbifxatGtitm5X960/4tmFE
RZzig35VbhntomBSL2I/KBzEnrqwY+/nnf3DdjOJNbk9XWudaVRCnFJOSiuNFtJe
ASR5liWrbDKUkdnG2Pdqk//CYsg28xobBgVRG5roi3EuGFHkZCno0nC+r7e8Ad1A
l7CTOPtmhNr2RxNKbTzaYJDaivDmo9iILxOfX7i20m+DhtWTsPuML/LHfFc9hQ==
=Abzg
-----END PGP MESSAGE-----
fp: 4BE7925262289B476DBBC17B76FD3810215AE097
unencrypted_suffix: _unencrypted
version: 3.8.1

55
secrets/work/secrets.yaml Normal file
View file

@ -0,0 +1,55 @@
clad: ENC[AES256_GCM,data:pE/sks9TK6acHwAjNLD0SdRHj6b2ZMkge2w=,iv:aJESPMVXdK1iJ7ItZYZMTcWGgAwTWuMB4d78OlqFbYY=,tag:AtLY/myOjpE6fbQpatfgGg==,type:str]
dcad: ENC[AES256_GCM,data:advwwnnNSD53JaWwi3zlLbUTx515xw==,iv:4/B9Vr/IaV0HJUC73snbOeF9FvhCKvgp3CcK7GWh6uA=,tag:69yEWNJEjYnYWNTzXSBJmg==,type:str]
wsad: ENC[AES256_GCM,data:yNL4Ql93sr9PcK0mMihArl2FhATFAzZF1Fy6fgbykeDU,iv:qet1Aba9PkXpFUmTqFVifAN4EKw5BpOxhKxXnHeJYkU=,tag:AJSMdOky0HYEgdS5B/PAcw==,type:str]
imbad: ENC[AES256_GCM,data:/8bq5AtzsZrbXOLY73K2ie9R4GNEAA==,iv:EZHUbS58y1NVM6wkzlmxvWaDMjjWU0VU+9nrGmt9fcw=,tag:axFWhsQ7w1DOHN4yOoF1og==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age16lnmuuxfuxxtty3atnhut8wseppwnhp7rdhmxqd5tdvs9qnjffjq42sqyy
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtZW9GQzBRSTAvMk52VEd6
L0hobkJmVmRaQ2hzeXdGL2w3OElGRHFIbVZVCnhxOVlXTENKNzc3RHdCTlZva29I
NVptV1JiUzNTU1N2MVpCdXJEell4MGcKLS0tIG1nQm1CN04xa2ZqckZFbUpOejln
TTNXbUd5MEhsUkYwdjM3bjlMWE5IMUkKxm0j9wK4OEiMv4J4cic2M8R02NBRiYc5
wmmlJyPhlkLCn++z36872JqlG368MwzomJI2llyW94l2qrrn8RHISg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-10-17T08:36:23Z"
mac: ENC[AES256_GCM,data:gVfvTcYIzp4xdmAE14VzdVyef1f7KYykWcoehSc6nkkKNEg7+wjkcsrGoJvE4lbx64IahOJLEzD5aL695RzV32uFz+V+juQVvPW9rZIwz8Y62LYN+Vnowa4VfANPQ7uuUVrk29GPOHfwII5SJWOJcddQwu1XOX1VabIqq9ZweMw=,iv:+HXbFohCMJGytoKbTZ+aR3Lo7bg7O1Wgy2R3KiLv9hE=,tag:dSxMKKqwF4HMW/PtL6ALGw==,type:str]
pgp:
- created_at: "2024-10-17T08:35:11Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwDh3VI7VctTARAAti+kUHPffcFm6XqY5kZpgAFDDlSv3ONn+Ojc9KLgsHdt
q+q2nCQaXv5frmpMng0tUi2V3AFD2ELhRXJyY6l3RDIKK0gPvDbJmdfmGQ2hEt0w
af9CsdXcJhlgdV+eUBGpUu4wbZldkdR4nyQm5KCp2ThqiL3IQzDm0HGnbimvdHPH
0gU8Q6qDN4DdnsvfSLkS89WkW0UH8tFUVOr17aMWGEtloZUOgafBkxT5u+bKC7FH
AwKQs9Y5DzRjzr/szLufu9iyR92ikPLcDLtc34CoPeg2xH9XEiUd8uE3aK61Ezr4
yDZGW1urJaH/Xx6Dip2Hse1pmx3j8xqB6wIZ4r+mDcaM67tMSHNDxVqJJ5251qwZ
+mlwo/Uphm9l7JP/jGyIu9JbbOTdJF0uNrlL8EkR4Hn3905z+GvN8jYNKv4OhG+P
zCvgnkpBnZXJWfqSG1yFpitDo/ncIUfc2w1p4D78tr4HN8aZRGAvpKDU5/guK46Q
hwKUAqmoSAA2Zl9FJkX6TEIpRqJw3ADmCaR7Vt+5bxiLHCUOCTio+3L080IHll6C
sGbV8WMDxhFiaDDsKDR1OOD2t6ClwPEXLFkQTK4qzGN0rTvqNxVgV4Nfqb5lvoyC
++7bRPj7zmM56xH0cL8kIzu1K7g+uDE7jVJAFUpxOOttEIzfRgLxDjaWkrIzQkyF
AgwDC9FRLmchgYQBD/9BxMQc++b2ujqEnFcLxFRqqSGyolaUJWaVjd9kST1xz9cD
0RppY9n4ukFIVDIM6aL/EiGKFvYMKymwusegDP933RiIZY746m4XbQz3+pyn6fHl
hMexItwshq8L36B1K/pmSbMIkhfSmHUHL3/qzCP+OomtKjcZR0PKk2VYSOYTMTRy
2JZjv4eK/hvpXJJrdLoB4AkYrT95xT5dp53WWFChyGS9nju0hvBdAn71rQMoww1T
rev7GfzBJlQCoEkQTP6UMUOHhTUpyJxDTn1AFvP+SqUD/VAZ3MvfNaiGcs6Dr2ox
t7BokccVctXOyEuqAb/iYD8y23xt3QYxsFpNTW5BpfKE90FGsJqTSX9gsWbzS5I4
rUpcwqp3ib1f6gH/onubhwA79zFgVSSqUCOJa6lIH8CD9repkl2jxiA78ewYujnS
kANH2kgEn/fXhugeM4VMGecAr5TziQRiR8HV8ZQ8920vKrB5CATVGgL0l9rvh//M
f0FmQnOTlUZnqr9P99WGAk6nabdhmHrU07TIvEAz5Flrw5vySIPN8C1711Vw9syk
YXHmN4O1ZOr1PjXqiedZoyGYsF9L7CF3q3lYYYas4ia3NT9ZktfEac+ctC6KCiQ3
skt+2cUkjXbYrZK/qQ9Ouzts/GEFEDLGVvDrw4CUXkiF54TFvEK4KmbAlmYW3NJe
ATqXOKybIjlmh7X30H8rsXTblgAgx+kfOLhAQAiA425Wk5LqRV1eHwQW1seoOX0X
8HbO3ii6BWv19QyO1ste9+5wFDFTH4uxQKJxwyRlPKKg3QwYQsym9l2sQ9Nm0g==
=9VuO
-----END PGP MESSAGE-----
fp: 4BE7925262289B476DBBC17B76FD3810215AE097
unencrypted_suffix: _unencrypted
version: 3.9.1