swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2026-04-14 05:09:09 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

chore:update flake
Some checks failed
Build and Deploy / build (push) Has been cancelled
Details
Flake check / Check flake (push) Has been cancelled
Details
Build and Deploy / deploy (push) Has been cancelled
Details

Browse source
This commit is contained in:
Leon Schwarzäugl 2026-02-03 13:00:32 +01:00
parent 52554d4f92
commit a343de7a90
Signed by: swarsel
GPG key ID: 26A54C31F2A4FD84
11 changed files with 204 additions and 176 deletions
Download patch file Download diff file Expand all files Collapse all files

36
SwarselSystems.org
View file

@ -1730,6 +1730,7 @@ A short overview over each input and what it does:
nixpkgs-bisect.url = "github:nixos/nixpkgs/master";
nixpkgs-kernel.url = "github:NixOS/nixpkgs/063f43f2dbdef86376cc29ad646c45c46e93234c?narHash=sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o%3D"; #specifically pinned for kernel version
nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-25.11";
nixpkgs-oddlama.url = "github:oddlama/nixpkgs/update/firezone-server";
nixpkgs-stable24_05.url = "github:NixOS/nixpkgs/nixos-24.05";
nixpkgs-stable24_11.url = "github:NixOS/nixpkgs/nixos-24.11";
nixpkgs-stable25_05.url = "github:NixOS/nixpkgs/nixos-25.05";
@ -1751,11 +1752,16 @@ A short overview over each input and what it does:
url = "github:nix-community/nixos-generators";
inputs.nixpkgs.follows = "nixpkgs";
};
emacs-overlay = {
# url = "github:swarsel/emacs-overlay/fix";
# url = "github:nix-community/emacs-overlay/aba8daa237dc07a3bb28a61c252a718e8eb38057?narHash=sha256-4OXXccXsY1sBXTXjYIthdjXLAotozSh4F8StGRuLyMQ%3D";
url = "github:nix-community/emacs-overlay";
# inputs.nixpkgs.follows = "nixpkgs";
};
topologyPrivate.url = "./files/topology/public";
# emacs-overlay.url = "github:nix-community/emacs-overlay";
emacs-overlay.url = "github:nix-community/emacs-overlay/aba8daa237dc07a3bb28a61c252a718e8eb38057?narHash=sha256-4OXXccXsY1sBXTXjYIthdjXLAotozSh4F8StGRuLyMQ%3D";
swarsel-nix.url = "github:Swarsel/swarsel-nix/main";
systems.url = "github:nix-systems/default";
nur.url = "github:nix-community/NUR";
@ -8338,6 +8344,7 @@ in
(splitPath "sops.secrets")
(splitPath "swarselsystems.server.dns")
(splitPath "topology.self.services")
(splitPath "environment.persistence")
]
++ expandOptions (splitPath "networking.nftables.firewall") [ "zones" "rules" ]
++ expandOptions (splitPath "services.firezone.gateway") [ "enable" "name" "apiUrl" "tokenFile" "package" "logLevel" ]
@ -10683,7 +10690,7 @@ When a program does not work, start with =nix-ldd <program>=. This will tell you
freetype
fuse3
gdk-pixbuf
glew110
glew_1_10
glib
gnome2.GConf
pango
@ -15784,7 +15791,7 @@ kanidm person credential create-reset-token <user>
#+begin_src nix-ts :tangle modules/nixos/server/oauth2-proxy.nix
{ lib, config, globals, dns, confLib, ... }:
{ lib, config, pkgs, globals, dns, confLib, ... }:
let
inherit (confLib.gen { name = "oauth2-proxy"; port = 3004; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress proxyAddress4 proxyAddress6;
inherit (confLib.static) isHome isProxied webProxy homeWebProxy dnsServer homeProxyIf webProxyIf oauthServer nginxAccessRules homeServiceAddress;
@ -15951,6 +15958,7 @@ kanidm person credential create-reset-token <user>
services = {
${serviceName} = {
enable = true;
package = pkgs.dev.oauth2-proxy;
cookie = {
domain = ".${mainDomain}";
secure = true;
@ -15962,13 +15970,16 @@ kanidm person credential create-reset-token <user>
httpAddress = "0.0.0.0:${builtins.toString servicePort}";
redirectURL = "https://${serviceDomain}/oauth2/callback";
setXauthrequest = true;
upstream = [
"static://202"
];
extraConfig = {
code-challenge-method = "S256";
whitelist-domain = ".${mainDomain}";
set-authorization-header = true;
pass-access-token = true;
skip-jwt-bearer-tokens = true;
upstream = "static://202";
oidc-issuer-url = "https://${kanidmDomain}/oauth2/openid/oauth2-proxy";
provider-display-name = "Kanidm";
};
@ -18972,6 +18983,10 @@ This has some state:
};
};
environment.persistence."/persist".directories = lib.mkIf nodeCfg.swarselsystems.isImpermanence [
{ directory = "${serviceDir}-gateway"; mode = "0700"; }
];
boot.kernel.sysctl = {
"net.core.wmem_max" = 16777216;
"net.core.rmem_max" = 134217728;
@ -18993,8 +19008,8 @@ This has some state:
${idmServer} =
let
nodeCfg = nodes.${idmServer}.config;
accountId = "6b3c6ba7-5240-4684-95ce-f40fdae45096";
externalId = "08d714e9-1ab9-4133-a39d-00e843a960cc";
accountId = "3e996ad9-c100-40e8-807a-282a5c5e8b6c";
externalId = "31e7f702-28a7-4bbc-9690-b6db9d4a162a";
in
{
sops.secrets.kanidm-firezone = { inherit (nodeCfg.swarselsystems) sopsFile; owner = "kanidm"; group = "kanidm"; mode = "0440"; };
@ -20560,7 +20575,6 @@ This holds packages that I can use as provided, or with small modifications (as
fuse
# ventoy
poppler-utils
vdhcoapp
# nix
alejandra
@ -20647,7 +20661,7 @@ This holds packages that I can use as provided, or with small modifications (as
#nautilus
nautilus
xfce.tumbler
tumbler
libgsf
# wayland stuff
@ -23430,7 +23444,7 @@ Lastly, I am defining some more packages here that the parser has problems findi
enable = true;
package = pkgs.emacsWithPackagesFromUsePackage {
config = self + /files/emacs/init.el;
package = pkgs.emacs-git-pgtk;
package = pkgs.emacs-unstable-pgtk;
alwaysEnsure = true;
alwaysTangle = true;
extraEmacsPackages = epkgs: [
@ -23459,7 +23473,7 @@ Lastly, I am defining some more packages here that the parser has problems findi
packageRequires = [ epkgs.jsonrpc epkgs.eglot ];
})
(inputs.nixpkgs-dev.legacyPackages.${pkgs.system}.emacsPackagesFor pkgs.emacs-git-pgtk).calfw
(inputs.nixpkgs-dev.legacyPackages.${pkgs.stdenv.hostPlatform.system}.emacsPackagesFor pkgs.emacs-git-pgtk).calfw
# epkgs.calfw
# (epkgs.trivialBuild rec {
# pname = "calfw";

293
flake.lock generated
View file

@ -101,11 +101,11 @@
},
"crane": {
"locked": {
"lastModified": 1767744144,
"narHash": "sha256-9/9ntI0D+HbN4G0TrK3KmHbTvwgswz7p8IEJsWyef8Q=",
"lastModified": 1769287525,
"narHash": "sha256-gABuYA6BzoRMLuPaeO5p7SLrpd4qExgkwEmYaYQY4bM=",
"owner": "ipetkov",
"repo": "crane",
"rev": "2fb033290bf6b23f226d4c8b32f7f7a16b043d7e",
"rev": "0314e365877a85c9e5758f9ea77a9972afbb4c21",
"type": "github"
},
"original": {
@ -117,7 +117,7 @@
"crane_2": {
"inputs": {
"flake-compat": "flake-compat_4",
"flake-utils": "flake-utils_5",
"flake-utils": "flake-utils_4",
"nixpkgs": [
"nixos-extra-modules",
"nixt",
@ -250,11 +250,11 @@
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1768923567,
"narHash": "sha256-GVJ0jKsyXLuBzRMXCDY6D5J8wVdwP1DuQmmvYL/Vw/Q=",
"lastModified": 1769524058,
"narHash": "sha256-zygdD6X1PcVNR2PsyK4ptzrVEiAdbMqLos7utrMDEWE=",
"owner": "nix-community",
"repo": "disko",
"rev": "00395d188e3594a1507f214a2f15d4ce5c07cb28",
"rev": "71a3fc97d80881e91710fe721f1158d3b96ae14d",
"type": "github"
},
"original": {
@ -322,18 +322,16 @@
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1760432944,
"narHash": "sha256-4OXXccXsY1sBXTXjYIthdjXLAotozSh4F8StGRuLyMQ=",
"lastModified": 1770111667,
"narHash": "sha256-jCWQIveEsr5IKgVnSlMVJCpymifY5pfqTaLJR1CBp0g=",
"owner": "nix-community",
"repo": "emacs-overlay",
"rev": "aba8daa237dc07a3bb28a61c252a718e8eb38057",
"rev": "3fe6048ddd9ee1bc0784bdab23da0f5e6911f73b",
"type": "github"
},
"original": {
"narHash": "sha256-4OXXccXsY1sBXTXjYIthdjXLAotozSh4F8StGRuLyMQ=",
"owner": "nix-community",
"repo": "emacs-overlay",
"rev": "aba8daa237dc07a3bb28a61c252a718e8eb38057",
"type": "github"
}
},
@ -489,11 +487,11 @@
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1768135262,
"narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=",
"lastModified": 1769996383,
"narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac",
"rev": "57928607ea566b5db3ad13af0e57e921e6b12381",
"type": "github"
},
"original": {
@ -631,24 +629,6 @@
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"inputs": {
"systems": "systems_2"
},
@ -666,7 +646,7 @@
"type": "github"
}
},
"flake-utils_4": {
"flake-utils_3": {
"locked": {
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
@ -681,7 +661,7 @@
"type": "github"
}
},
"flake-utils_5": {
"flake-utils_4": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
@ -696,7 +676,7 @@
"type": "github"
}
},
"flake-utils_6": {
"flake-utils_5": {
"inputs": {
"systems": "systems_3"
},
@ -714,7 +694,7 @@
"type": "github"
}
},
"flake-utils_7": {
"flake-utils_6": {
"inputs": {
"systems": "systems_9"
},
@ -911,11 +891,11 @@
]
},
"locked": {
"lastModified": 1769622371,
"narHash": "sha256-Cs1/+P3ntxl9mOIL7/QtItBAzQJ2xjvTMHv7qw0nFV0=",
"lastModified": 1769978395,
"narHash": "sha256-gj1yP3spUb1vGtaF5qPhshd2j0cg4xf51pklDsIm19Q=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "02d763228d8aff317e6e5a319474b6d4d9d826a5",
"rev": "984708c34d3495a518e6ab6b8633469bbca2f77a",
"type": "github"
},
"original": {
@ -995,11 +975,11 @@
"nixpkgs": "nixpkgs_5"
},
"locked": {
"lastModified": 1768941735,
"narHash": "sha256-OyxsfXNcOkt06/kM+4bnuC8moDx+t7Qr+RB0BBa83Ig=",
"lastModified": 1769548169,
"narHash": "sha256-03+JxvzmfwRu+5JafM0DLbxgHttOQZkUtDWBmeUkN8Y=",
"owner": "nix-community",
"repo": "impermanence",
"rev": "69ecf31e8fddc9354a4b418f3a517445d486bb54",
"rev": "7b1d382faf603b6d264f58627330f9faa5cba149",
"type": "github"
},
"original": {
@ -1039,11 +1019,11 @@
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1768307256,
"narHash": "sha256-3yDvlAqWa0Vk3B9hFRJJrSs1xc+FwVQFLtu//VrTR4c=",
"lastModified": 1769949118,
"narHash": "sha256-Ue9kYZenqMw9yHGFnBpoWxQqhs2tlH/el4AxKVicXBE=",
"owner": "nix-community",
"repo": "lanzaboote",
"rev": "7e031eb535a494582f4fc58735b5aecba7b57058",
"rev": "0be0641613a13323a61a6406c46b6f28b8894395",
"type": "github"
},
"original": {
@ -1058,11 +1038,11 @@
"spectrum": "spectrum"
},
"locked": {
"lastModified": 1768682386,
"narHash": "sha256-mKrMf7eG9TM2AM3pTuhIiCGmZ/JwDegCQH3ThVqcTuc=",
"lastModified": 1769907691,
"narHash": "sha256-9OwKfEJMR8cxwDqKoJywdWa0LIcMGYZitMSsvAjAsMs=",
"owner": "astro",
"repo": "microvm.nix",
"rev": "f469c1dfede623bbbf1ac605f6359316fd4002ef",
"rev": "f9bf64e6e53ef21603cc65fd2d285c68184d0917",
"type": "github"
},
"original": {
@ -1142,11 +1122,11 @@
"xwayland-satellite-unstable": "xwayland-satellite-unstable"
},
"locked": {
"lastModified": 1769095293,
"narHash": "sha256-GPlRdJ7LVLyabpJ2tDA9Bj5em9wi3mKXeedIDl7+LWs=",
"lastModified": 1769980417,
"narHash": "sha256-BOxPHApuXJE0wFKaDK811u5Ihvn4gnsXhCABo0O/u/Q=",
"owner": "sodiboo",
"repo": "niri-flake",
"rev": "180bdbbc91c89f540a52d2b31c8c08116c53b91f",
"rev": "ca6c544ca6a737bdb32676046bf98aca11f8f13d",
"type": "github"
},
"original": {
@ -1175,11 +1155,11 @@
"niri-unstable": {
"flake": false,
"locked": {
"lastModified": 1768678265,
"narHash": "sha256-Ub8eed4DsfIDWyg30xEe+8bSxL/z5Af/gCjmvJ0V/Hs=",
"lastModified": 1769577126,
"narHash": "sha256-v9vz9Rj4MGwPuhGELdvpRKl2HH+xvkgat6VwL0L86Fg=",
"owner": "YaLTeR",
"repo": "niri",
"rev": "d7184a04b904e07113f4623610775ae78d32394c",
"rev": "f30db163b5748e8cf95c05aba77d0d3736f40543",
"type": "github"
},
"original": {
@ -1286,15 +1266,15 @@
"nix-minecraft": {
"inputs": {
"flake-compat": "flake-compat_2",
"flake-utils": "flake-utils_2",
"nixpkgs": "nixpkgs_10"
"nixpkgs": "nixpkgs_10",
"systems": "systems"
},
"locked": {
"lastModified": 1768962252,
"narHash": "sha256-HyWOOHcySV8rl36gs4+n0sxPinxpwWOgwXibfFPYeZ0=",
"lastModified": 1770000653,
"narHash": "sha256-QO/twGynxjOSUDtxbqJLshc/Q5/wImLH5O6KV2p9eoE=",
"owner": "Infinidoge",
"repo": "nix-minecraft",
"rev": "433cf697394104123e1fd02fa689534ac1733bfa",
"rev": "6a2ddb643aaf7949caa6158e718c5efc3dda7dc1",
"type": "github"
},
"original": {
@ -1333,11 +1313,11 @@
"nixpkgs": "nixpkgs_12"
},
"locked": {
"lastModified": 1769018862,
"narHash": "sha256-x3eMpPQhZwEDunyaUos084Hx41XwYTi2uHY4Yc4YNlk=",
"lastModified": 1769983422,
"narHash": "sha256-/zQdD8Aogh16eD5lgFokRMA0EYCm5uQITKCA90/01Oo=",
"owner": "oddlama",
"repo": "nix-topology",
"rev": "a15cac71d3399a4c2d1a3482ae62040a3a0aa07f",
"rev": "20b5c5c698d45cc0f950889b3f6379ced5ce9c4a",
"type": "github"
},
"original": {
@ -1383,7 +1363,7 @@
},
"nixgl": {
"inputs": {
"flake-utils": "flake-utils_3",
"flake-utils": "flake-utils_2",
"nixpkgs": "nixpkgs_13"
},
"locked": {
@ -1446,11 +1426,11 @@
]
},
"locked": {
"lastModified": 1764234087,
"narHash": "sha256-NHF7QWa0ZPT8hsJrvijREW3+nifmF2rTXgS2v0tpcEA=",
"lastModified": 1769813415,
"narHash": "sha256-nnVmNNKBi1YiBNPhKclNYDORoHkuKipoz7EtVnXO50A=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "032a1878682fafe829edfcf5fdfad635a2efe748",
"rev": "8946737ff703382fda7623b9fab071d037e897d5",
"type": "github"
},
"original": {
@ -1461,11 +1441,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1769086393,
"narHash": "sha256-3ymIZ8s3+hu7sDl/Y48o6bwMxorfKrmn97KuWiw1vjY=",
"lastModified": 1769302137,
"narHash": "sha256-QEDtctEkOsbx8nlFh4yqPEOtr4tif6KTqWwJ37IM2ds=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "9f7ba891ea5fc3ededd7804f1a23fafadbcb26ca",
"rev": "a351494b0e35fd7c0b7a1aae82f0afddf4907aa8",
"type": "github"
},
"original": {
@ -1566,11 +1546,11 @@
},
"nixpkgs-bisect": {
"locked": {
"lastModified": 1769118918,
"narHash": "sha256-E/Iiwy+mYmcPd66hB8JK8xN5tObwYcsvbGMJbkmdDVk=",
"lastModified": 1770036759,
"narHash": "sha256-DJCFJPCTYWb+fVucckjAEvgd1Hjhe5stYT0vDPfMFpE=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "30644e68c5586a6ea8399eb93919ee805384889b",
"rev": "2b10a50ae3da5b008025eefa9a440d95559bccde",
"type": "github"
},
"original": {
@ -1582,11 +1562,11 @@
},
"nixpkgs-dev": {
"locked": {
"lastModified": 1768915681,
"narHash": "sha256-/eIZP//Ey3HLNlZj8ucVXnzv+qO8RkGvUHWmFL58PzY=",
"lastModified": 1769996711,
"narHash": "sha256-rzB5MFIyk0gec3/0LjlevvMGkWN7H3TrZ1p7AmKtik8=",
"owner": "Swarsel",
"repo": "nixpkgs",
"rev": "5f51dc7790416d9122723da3b4843ba8b49955d4",
"rev": "11da4ed1369bfbde772f2a0fda761b759e621f20",
"type": "github"
},
"original": {
@ -1647,11 +1627,11 @@
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1765674936,
"narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=",
"lastModified": 1769909678,
"narHash": "sha256-cBEymOf4/o3FD5AZnzC3J9hLbiZ+QDT/KDuyHXVJOpM=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "2075416fcb47225d9b68ac469a5c4801a9c4dd85",
"rev": "72716169fe93074c333e8d0173151350670b824c",
"type": "github"
},
"original": {
@ -1714,13 +1694,29 @@
"type": "github"
}
},
"nixpkgs-oddlama": {
"locked": {
"lastModified": 1769291456,
"narHash": "sha256-cYwgBqxRv9UIBe4VdLnT20Nzf7zfTjZuEnhY/Yh0PpU=",
"owner": "oddlama",
"repo": "nixpkgs",
"rev": "4424b66c4f70ec3f6c2be98f4bd852713906c6eb",
"type": "github"
},
"original": {
"owner": "oddlama",
"ref": "update/firezone-server",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1760139962,
"narHash": "sha256-4xggC56Rub3WInz5eD7EZWXuLXpNvJiUPahGtMkwtuc=",
"lastModified": 1767313136,
"narHash": "sha256-16KkgfdYqjaeRGBaYsNrhPRRENs0qzkQVUooNHtoy2w=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "7e297ddff44a3cc93673bb38d0374df8d0ad73e4",
"rev": "ac62194c3917d5f474c1a844b6fd6da2db95077d",
"type": "github"
},
"original": {
@ -1780,11 +1776,11 @@
},
"nixpkgs-stable25_11": {
"locked": {
"lastModified": 1768940263,
"narHash": "sha256-sJERJIYTKPFXkoz/gBaBtRKke82h4DkX3BBSsKbfbvI=",
"lastModified": 1769900590,
"narHash": "sha256-I7Lmgj3owOTBGuauy9FL6qdpeK2umDoe07lM4V+PnyA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "3ceaaa8bc963ced4d830e06ea2d0863b6490ff03",
"rev": "41e216c0ca66c83b12ab7a98cc326b5db01db646",
"type": "github"
},
"original": {
@ -1796,11 +1792,11 @@
},
"nixpkgs-stable_2": {
"locked": {
"lastModified": 1768940263,
"narHash": "sha256-sJERJIYTKPFXkoz/gBaBtRKke82h4DkX3BBSsKbfbvI=",
"lastModified": 1769900590,
"narHash": "sha256-I7Lmgj3owOTBGuauy9FL6qdpeK2umDoe07lM4V+PnyA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "3ceaaa8bc963ced4d830e06ea2d0863b6490ff03",
"rev": "41e216c0ca66c83b12ab7a98cc326b5db01db646",
"type": "github"
},
"original": {
@ -1812,11 +1808,11 @@
},
"nixpkgs-stable_3": {
"locked": {
"lastModified": 1768940263,
"narHash": "sha256-sJERJIYTKPFXkoz/gBaBtRKke82h4DkX3BBSsKbfbvI=",
"lastModified": 1769900590,
"narHash": "sha256-I7Lmgj3owOTBGuauy9FL6qdpeK2umDoe07lM4V+PnyA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "3ceaaa8bc963ced4d830e06ea2d0863b6490ff03",
"rev": "41e216c0ca66c83b12ab7a98cc326b5db01db646",
"type": "github"
},
"original": {
@ -1828,11 +1824,11 @@
},
"nixpkgs_10": {
"locked": {
"lastModified": 1748929857,
"narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=",
"lastModified": 1769461804,
"narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4",
"rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d",
"type": "github"
},
"original": {
@ -1938,11 +1934,11 @@
},
"nixpkgs_17": {
"locked": {
"lastModified": 1769018530,
"narHash": "sha256-MJ27Cy2NtBEV5tsK+YraYr2g851f3Fl1LpNHDzDX15c=",
"lastModified": 1769789167,
"narHash": "sha256-kKB3bqYJU5nzYeIROI82Ef9VtTbu4uA3YydSk/Bioa8=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "88d3861acdd3d2f0e361767018218e51810df8a1",
"rev": "62c8382960464ceb98ea593cb8321a2cf8f9e3e5",
"type": "github"
},
"original": {
@ -1970,11 +1966,11 @@
},
"nixpkgs_19": {
"locked": {
"lastModified": 1769018530,
"narHash": "sha256-MJ27Cy2NtBEV5tsK+YraYr2g851f3Fl1LpNHDzDX15c=",
"lastModified": 1769789167,
"narHash": "sha256-kKB3bqYJU5nzYeIROI82Ef9VtTbu4uA3YydSk/Bioa8=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "88d3861acdd3d2f0e361767018218e51810df8a1",
"rev": "62c8382960464ceb98ea593cb8321a2cf8f9e3e5",
"type": "github"
},
"original": {
@ -1986,11 +1982,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1768661221,
"narHash": "sha256-MJwOjrIISfOpdI9x4C+5WFQXvHtOuj5mqLZ4TMEtk1M=",
"lastModified": 1769330179,
"narHash": "sha256-yxgb4AmkVHY5OOBrC79Vv6EVd4QZEotqv+6jcvA212M=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "3327b113f2ef698d380df83fbccefad7e83d7769",
"rev": "48698d12cc10555a4f3e3222d9c669b884a49dfe",
"type": "github"
},
"original": {
@ -2050,11 +2046,11 @@
},
"nixpkgs_23": {
"locked": {
"lastModified": 1768569498,
"narHash": "sha256-bB6Nt99Cj8Nu5nIUq0GLmpiErIT5KFshMQJGMZwgqUo=",
"lastModified": 1769740369,
"narHash": "sha256-xKPyJoMoXfXpDM5DFDZDsi9PHArf2k5BJjvReYXoFpM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "be5afa0fcb31f0a96bf9ecba05a516c66fcd8114",
"rev": "6308c3b21396534d8aaeac46179c14c439a89b8a",
"type": "github"
},
"original": {
@ -2066,11 +2062,11 @@
},
"nixpkgs_24": {
"locked": {
"lastModified": 1768564909,
"narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=",
"lastModified": 1769461804,
"narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f",
"rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d",
"type": "github"
},
"original": {
@ -2162,11 +2158,11 @@
},
"nixpkgs_3": {
"locked": {
"lastModified": 1760284886,
"narHash": "sha256-TK9Kr0BYBQ/1P5kAsnNQhmWWKgmZXwUQr4ZMjCzWf2c=",
"lastModified": 1770019141,
"narHash": "sha256-VKS4ZLNx4PNrABoB0L8KUpc1fE7CLpQXQs985tGfaCU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "cf3f5c4def3c7b5f1fc012b3d839575dbe552d43",
"rev": "cb369ef2efd432b3cdf8622b0ffc0a97a02f3137",
"type": "github"
},
"original": {
@ -2210,11 +2206,11 @@
},
"nixpkgs_6": {
"locked": {
"lastModified": 1768127708,
"narHash": "sha256-1Sm77VfZh3mU0F5OqKABNLWxOuDeHIlcFjsXeeiPazs=",
"lastModified": 1769170682,
"narHash": "sha256-oMmN1lVQU0F0W2k6OI3bgdzp2YOHWYUAw79qzDSjenU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ffbc9f8cbaacfb331b6017d5a5abb21a492c9a38",
"rev": "c5296fdd05cfa2c187990dd909864da9658df755",
"type": "github"
},
"original": {
@ -2242,11 +2238,11 @@
},
"nixpkgs_8": {
"locked": {
"lastModified": 1769018530,
"narHash": "sha256-MJ27Cy2NtBEV5tsK+YraYr2g851f3Fl1LpNHDzDX15c=",
"lastModified": 1769789167,
"narHash": "sha256-kKB3bqYJU5nzYeIROI82Ef9VtTbu4uA3YydSk/Bioa8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "88d3861acdd3d2f0e361767018218e51810df8a1",
"rev": "62c8382960464ceb98ea593cb8321a2cf8f9e3e5",
"type": "github"
},
"original": {
@ -2390,11 +2386,11 @@
"nixpkgs": "nixpkgs_19"
},
"locked": {
"lastModified": 1769114635,
"narHash": "sha256-LM7aq6rEr/rvXWQ89MNfEwoFt974y5OocD1IYQWs3vE=",
"lastModified": 1770037177,
"narHash": "sha256-a94+hfIuDFmV1z/+/6M0+O8ZuJsjWzCr7XMS4Poesws=",
"owner": "nix-community",
"repo": "NUR",
"rev": "fe05842430f4d853371dcdb159f840327bc72df0",
"rev": "b44e611bc73349f5ff9d85169f73de76d75cd6de",
"type": "github"
},
"original": {
@ -2544,7 +2540,7 @@
},
"pia": {
"inputs": {
"flake-utils": "flake-utils_6",
"flake-utils": "flake-utils_5",
"nixpkgs": "nixpkgs_20"
},
"locked": {
@ -2572,11 +2568,11 @@
]
},
"locked": {
"lastModified": 1767281941,
"narHash": "sha256-6MkqajPICgugsuZ92OMoQcgSHnD6sJHwk8AxvMcIgTE=",
"lastModified": 1769069492,
"narHash": "sha256-Efs3VUPelRduf3PpfPP2ovEB4CXT7vHf8W+xc49RL/U=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "f0927703b7b1c8d97511c4116eb9b4ec6645a0fa",
"rev": "a1ef738813b15cf8ec759bdff5761b027e3e1d23",
"type": "github"
},
"original": {
@ -2615,11 +2611,11 @@
"nixpkgs": "nixpkgs_21"
},
"locked": {
"lastModified": 1769069492,
"narHash": "sha256-Efs3VUPelRduf3PpfPP2ovEB4CXT7vHf8W+xc49RL/U=",
"lastModified": 1769939035,
"narHash": "sha256-Fok2AmefgVA0+eprw2NDwqKkPGEI5wvR+twiZagBvrg=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "a1ef738813b15cf8ec759bdff5761b027e3e1d23",
"rev": "a8ca480175326551d6c4121498316261cbb5b260",
"type": "github"
},
"original": {
@ -2657,6 +2653,7 @@
"nixpkgs-bisect": "nixpkgs-bisect",
"nixpkgs-dev": "nixpkgs-dev",
"nixpkgs-kernel": "nixpkgs-kernel",
"nixpkgs-oddlama": "nixpkgs-oddlama",
"nixpkgs-stable": "nixpkgs-stable_3",
"nixpkgs-stable24_05": "nixpkgs-stable24_05",
"nixpkgs-stable24_11": "nixpkgs-stable24_11",
@ -2704,11 +2701,11 @@
]
},
"locked": {
"lastModified": 1768272338,
"narHash": "sha256-Tg/kL8eKMpZtceDvBDQYU8zowgpr7ucFRnpP/AtfuRM=",
"lastModified": 1769309768,
"narHash": "sha256-AbOIlNO+JoqRJkK1VrnDXhxuX6CrdtIu2hSuy4pxi3g=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "03dda130a8701b08b0347fcaf850a190c53a3c1e",
"rev": "140c9dc582cb73ada2d63a2180524fcaa744fad5",
"type": "github"
},
"original": {
@ -2831,11 +2828,11 @@
"nixpkgs": "nixpkgs_23"
},
"locked": {
"lastModified": 1768863606,
"narHash": "sha256-1IHAeS8WtBiEo5XiyJBHOXMzECD6aaIOJmpQKzRRl64=",
"lastModified": 1769921679,
"narHash": "sha256-twBMKGQvaztZQxFxbZnkg7y/50BW9yjtCBWwdjtOZew=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "c7067be8db2c09ab1884de67ef6c4f693973f4a2",
"rev": "1e89149dcfc229e7e2ae24a8030f124a31e4f24f",
"type": "github"
},
"original": {
@ -2866,11 +2863,11 @@
"systems": "systems_4"
},
"locked": {
"lastModified": 1768656845,
"narHash": "sha256-xNlXMyn7yc3Z/NOsz4NchO7gWFwsoCvtJ26pys4s2/M=",
"lastModified": 1769986820,
"narHash": "sha256-O9OQ44dk9TJdtRIG828DUI54XdkfZET7AlN1RgTsPis=",
"owner": "Gerg-l",
"repo": "spicetify-nix",
"rev": "8bd7e49d5ac62756bee6e4b02221fb96bfc3c99a",
"rev": "68de6434cfaa8983f3775b858b8b76e7c5dbd29c",
"type": "github"
},
"original": {
@ -2890,7 +2887,7 @@
"blank": "blank",
"devshell": "devshell_3",
"dmerge": "dmerge",
"flake-utils": "flake-utils_4",
"flake-utils": "flake-utils_3",
"incl": "incl",
"makes": [
"nixos-extra-modules",
@ -2976,11 +2973,11 @@
"tinted-zed": "tinted-zed"
},
"locked": {
"lastModified": 1768744881,
"narHash": "sha256-3+h7OxqfrPIB/tRsiZXWE9sCbTm7NQN5Ie428p+S6BA=",
"lastModified": 1769978605,
"narHash": "sha256-Vjniae6HHJCb9xZLeUOP15aRQXSZuKeeaZFM+gRDCgo=",
"owner": "danth",
"repo": "stylix",
"rev": "06684f00cfbee14da96fd4307b966884de272d3a",
"rev": "ce22070ec5ce6169a6841da31baea33ce930ed38",
"type": "github"
},
"original": {
@ -3242,11 +3239,11 @@
"nixpkgs": "nixpkgs_27"
},
"locked": {
"lastModified": 1768158989,
"narHash": "sha256-67vyT1+xClLldnumAzCTBvU0jLZ1YBcf4vANRWP3+Ak=",
"lastModified": 1769691507,
"narHash": "sha256-8aAYwyVzSSwIhP2glDhw/G0i5+wOrren3v6WmxkVonM=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "e96d59dff5c0d7fddb9d113ba108f03c3ef99eca",
"rev": "28b19c5844cc6e2257801d43f2772a4b4c050a1b",
"type": "github"
},
"original": {
@ -3295,11 +3292,11 @@
"xwayland-satellite-unstable": {
"flake": false,
"locked": {
"lastModified": 1768765571,
"narHash": "sha256-C1JbyJ3ftogmN3vmLNfyPtnJw2wY64TiUTIhFtk1Leg=",
"lastModified": 1769713942,
"narHash": "sha256-0BtCSO2qzYK/akRDsERqRVLknCYD3FYErc+szreSHUo=",
"owner": "Supreeeme",
"repo": "xwayland-satellite",
"rev": "ed1cef792b4def3321ff9ab5479df09609f17a69",
"rev": "37ec78ee26e158b71f42e113e0e7dd9d5eb6bdb0",
"type": "github"
},
"original": {
@ -3334,7 +3331,7 @@
"zjstatus": {
"inputs": {
"crane": "crane_3",
"flake-utils": "flake-utils_7",
"flake-utils": "flake-utils_6",
"nixpkgs": "nixpkgs_29",
"rust-overlay": "rust-overlay_3"
},

10
flake.nix
View file

@ -30,6 +30,7 @@
nixpkgs-bisect.url = "github:nixos/nixpkgs/master";
nixpkgs-kernel.url = "github:NixOS/nixpkgs/063f43f2dbdef86376cc29ad646c45c46e93234c?narHash=sha256-6m1Y3/4pVw1RWTsrkAK2VMYSzG4MMIj7sqUy7o8th1o%3D"; #specifically pinned for kernel version
nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-25.11";
nixpkgs-oddlama.url = "github:oddlama/nixpkgs/update/firezone-server";
nixpkgs-stable24_05.url = "github:NixOS/nixpkgs/nixos-24.05";
nixpkgs-stable24_11.url = "github:NixOS/nixpkgs/nixos-24.11";
nixpkgs-stable25_05.url = "github:NixOS/nixpkgs/nixos-25.05";
@ -51,11 +52,16 @@
url = "github:nix-community/nixos-generators";
inputs.nixpkgs.follows = "nixpkgs";
};
emacs-overlay = {
# url = "github:swarsel/emacs-overlay/fix";
# url = "github:nix-community/emacs-overlay/aba8daa237dc07a3bb28a61c252a718e8eb38057?narHash=sha256-4OXXccXsY1sBXTXjYIthdjXLAotozSh4F8StGRuLyMQ%3D";
url = "github:nix-community/emacs-overlay";
# inputs.nixpkgs.follows = "nixpkgs";
};
topologyPrivate.url = "./files/topology/public";
# emacs-overlay.url = "github:nix-community/emacs-overlay";
emacs-overlay.url = "github:nix-community/emacs-overlay/aba8daa237dc07a3bb28a61c252a718e8eb38057?narHash=sha256-4OXXccXsY1sBXTXjYIthdjXLAotozSh4F8StGRuLyMQ%3D";
swarsel-nix.url = "github:Swarsel/swarsel-nix/main";
systems.url = "github:nix-systems/default";
nur.url = "github:nix-community/NUR";

7
hosts/nixos/aarch64-linux/twothreetunnel/secrets/secrets.yaml
View file

@ -10,7 +10,8 @@ kanidm-oauth2-proxy-client: ENC[AES256_GCM,data:a90dn//LD6tvDYGSNT2neorQRfo0puo7
#ENC[AES256_GCM,data:vm48D/CiRtw=,iv:7Vs8SfqqGEEU64ZqF3uvFIG7DnUfOT3kGqodiIbCwjQ=,tag:hdNZZUMTLIrAGydGSFfP5Q==,type:comment]
kanidm-firezone-client: ENC[AES256_GCM,data:YD1lkGkg+HxqHrGsbIz2GRq/VMIJqOD+VQ==,iv:AJa/sVAC0s4hdfvQYf+/NaYTJaxO0fdwzNmmD7S+kc8=,tag:JSU6aX8kYbr70+YYwRV56Q==,type:str]
#ENC[AES256_GCM,data:XS4Kqba//4tVSj8AzyLY19Milwl0w7UkTM48t8m/wyB/P8TgDerxJwOGJvz3uLZJX/EO0/4rKminMYSoMybRnNn4TVv9pa9uV3JEkUsGkFk2abMfBriAQjQgziwLbDZQJmnJs46YD5s+sYELN4MJtwFNg6NzEDATDMWuE4+loyxoqgF/lzG3OFGkDl1R2JkCIOU6NGRqTn8a4XpX+p8U5QrY2V4iBCXajGXrcqLfINYW508feq1TAUZazaNdA+RC2SMvq6Diy8mysP1p/5mGUpIATjmoDqN74Yc5uZAwaenI6jIsfcE4JP5lFy7dHWOfTQS/9MCsEsRN2LWuP0ivaKOgF79ykd4Tb19EACdhpkip8XV0hKHJMuyEr6zJ23dUNtBE,iv:lpA1sk5y4tSk6iXAjArtF4piJW5af3+tIwMos1BpPEU=,tag:479ZIsnwkSSFq+C2a0jHzQ==,type:comment]
firezone-relay-token: ENC[AES256_GCM,data:QLQ444ocvL1yjXXslo6YzdPUasdt58Qztf6yv4UHh0AZtMVuOcDmUUXdI9Qz0i0J34zGbtcPw/Ac9CzxnF5sRj9v1D6RkfHf642vo2JxcnG+LExHzUFNEhTAXqgLvfdQhi89hQTjSfc/+ryDyf16tTJklX40VitqYLtTEW9CHSHhKrVr7Gx9u5qw1+j0voQbJEs/ojBwsnzNQ4Z7FJgWLBw9FMOQg9sap28m6fBFJNnUGaK2vIUQ1qPXQWyX1YTh6xd0nq/jyB9ctqQczYftgd+wkaEiyMjQJkNk22W/6P1M3biV4L52H7WVVhptB8yWa7TZUXD6GFi3cMTXhn0NhM5FsCJhXeGcnzNmBs8=,iv:RdVXYof5cSMM0WTAoh8SO3jTWyR+XTNmK0U4ezHu76g=,tag:nSw7ykFPYuHq/klTwlNpSQ==,type:str]
#ENC[AES256_GCM,data:XeQYwDUAkfNmWcM+jdPdfHSD9AC7Kn/mWRHCMV96AIws9xJq51+XoR2cmiVmLfeE3eQWBB8KrCvML7oyJ25oBjFvFjjH7BrPhhrNiVc6D3JqjtV4Mg/5GTTCsdSk2aTQf3/UIqclYw/kH/ofMRa/O2ujkAeuFCZrM/2+DBlkLqTehx32MCTM6SDsEKrU4tBjp814M4QdDVgdDdLziNDwYgzyGSaCnpV4dy+RgWKKZYElGUIm2QltibV6CLS2iD/HiJxyY0bAeZzaS8fxVVDugg33BAJ5Ttzc7SG7mBqj1aslflK9N5rG5d5fvLN6kMJizY3KFq61zU+2CDjPmvCLSEO7JOS5UADrUOEcbW6bfghRSNHjSMZkoo4+/AZPAsnvv4aYaA==,iv:/dVcnaewPEpSIa2CzVCk4XpUcpRdj7xYkOk/lEyjWXA=,tag:w5w4xnzdkEBwdpVl/LdFdQ==,type:comment]
firezone-relay-token: ENC[AES256_GCM,data:c4PHNWORFTxY4tHp3Br0BWah7vWbFjfuSbql+hkW6nfRyQt9PAxYzdXlF9ArZaXH3073HH+uSBC4Nb7h4u8chhw/14uz4zFZfhJO/YuWxdcP+fVcT/m1zeRr19YiXhFQPcCdqQV8HP4SMZepVJ5WHsQT2DVCmYoeHG9ym09i2nW/JYC4+Gl3KBKG3XgW7gCNW0Ut/CXCg/rxoupHosS56qB6PIng3O+erixugKy/AcHfk4Ew9q2uSOxovCCI8jfWRhSgQtfSV++thwGOuVphwbxQVtetFrgp6xT/nMROWhszqXRHEE2wGKWACrfyk2f77RfDrJE2BzTDKgN8CV5MLJhl2ULNlYRZ8jg6GOM=,iv:8TP4AXIfdVK45bTQGlgmKaW8bFAmd3E7b/ZDetzcwz4=,tag:+N7zOhgMZbdfU3sWnb/Hlg==,type:str]
firezone-smtp-password: ENC[AES256_GCM,data:WLj+kcidIMQIP6gPuuIrujA+fHypUpGUFg==,iv:kg96vVaGund6HcXoJltIma9ecv6tK9AxZJf8n62+9aE=,tag:g54wHPhD4qnHlKZQd+MPZw==,type:str]
#ENC[AES256_GCM,data:aBNmUs9ZW+h5fDMVKdW3WQebJ8zmbHuYmNK9slZx5tZONTfnfnFRYjbzyqFTBKfC0bYjzLYL8AxXiEiPmBo2yLgbXtsOrVMoML3hD9Oi9T/7++BUBpbBQ31cC/EtnALumpes7+hO3DULm5tzWYc9qIz3yB9/gQzuKCqFOB6TCt/PwAKrVKNbcOihx/5xh04s6WyqfSUjWOOcHSY/ng2G7NeYRInLe6TgM6gGQGe2DjXCmNvgxJV2Mh78IWs3yA3aJ9VtrgF5R0PGoqHHZ8GfRZfYn7MBSW2dHztb0oLWux6bnO61Wnm8iDdR7xguQkNXPO0XXIIIO6AOL9duThXYjwQmieqYEEu1BmrvaQ4/tslLHX77axQCm1miwmZP9DoKor3yAziCBMa/pbU5JFlft4QZ2QGY7EreDfBVoDcPjCgA+gXuvq1VozPTiRH+y1hiulGlbGL0TmA=,iv:nsXYOxnWGceyB0aiv0Db7H+oD4hagzwQi96h4mGWD+o=,tag:n4p5Aoh7lYvCRDWRcc9tbQ==,type:comment]
firezone-adapter-config: ENC[AES256_GCM,data:CPY6DPFJ0OZRJqY0u05rAoc9gfCvHY8fFXkSyKvC+VdjNkC4LwjSJkaBU7aBAyIVsLrLz7cS52fcFfwdnAp/6V7BUDE2qpRdpwuN0ZuTMrnFnmLIi0jy4JXcU5niiClSfulgRfY9Dw9f8oHdYiu+uziVhDdjThx61tNyW+OVMNsKv2avWKqotM/fhBf59hJDS0NwaFi10X4X9Z0Oljd9mHQw+LDJkSTX0dk=,iv:IRn5awskI2mZCzQka6VFvCaNnYATvj6yMH9UWs4vJus=,tag:3gbxkbfwS2mNLkVK9KmTUw==,type:str]
@ -27,8 +28,8 @@ sops:
NmVFamgzKzRlV2oxS0x0UCsrc240eEEKByZ5WYf+QO8T43VLfO2ym4x7TQltS1nS
ckgZLorWZBWQg2vAwQktxQ0WTcjhM6tktZ7zgCIzKBLbQXtSt7VG9Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-12-31T22:00:22Z"
mac: ENC[AES256_GCM,data:wGGou+Jx0BV3fMI8gF3HL6VW05lz4CSBvjQF8WSbIHoykor4uthR0TN4ndanU3ZPjhU+NRNxIxTs2cFGJOH4YMIG6bGH0WIoFIfw3xkSIT/zAmfK33P7AUV8/vA45TZli5VHf6S/4CUqXfN91qezrMUiUVr+AEeqa/hbOMBO3j8=,iv:TRc4ci8KRF3ZHuqtafqP0AaRMHMlqnhB1psGbuL4zms=,tag:aTFxdF5qpkGEYvwwj7Q4SQ==,type:str]
lastmodified: "2026-02-02T14:04:11Z"
mac: ENC[AES256_GCM,data:1LVGAaA5z/if1C3tVkrM3iL2Jmz+XQfFJ3df2a02wyIIZiY8/oHguVYN6rBwPFY7+CJ1NeuTL/lrz1y5NJwhFEtxmrQOVYzx5HCw9uc1psTDFJFt9q0ZFVsBJs3wQYgf2QJgY2PAnZpmk6T896KHrmeRKty6Km2ltVSp8c+ieEs=,iv:t+9xgqcjjtyxzZINT60sB3qB6QkpROC9Rs1ASz/7On8=,tag:iv7ojyELZaGx4ZZhIDv4ug==,type:str]
pgp:
- created_at: "2025-12-01T23:06:35Z"
enc: |-

8
hosts/nixos/x86_64-linux/hintbooth/secrets/secrets.yaml
View file

@ -1,7 +1,9 @@
wireguard-private-key: ENC[AES256_GCM,data:DBCK92h8mGxDshB5OIEbyUENc6a4jmvzKPvljUn50AM1I5vBm/bSTDRStIM=,iv:K/OiPnAlXNt3RqBiBiiZqIY8vqsIw0kmKE+aeeVhr+Q=,tag:eloCJ7yjI2tpHMxwNxZDDw==,type:str]
#ENC[AES256_GCM,data:3lP1BqtvBwyeOvq4K5HTaQ==,iv:j1xenUUIkyJDaeLlX7LGhjFdhNlfTXF6r6v2+XbJlOU=,tag:TsGKu6VfF6D8I2p4kb63/A==,type:comment]
#ENC[AES256_GCM,data:LItVBIEQVz0x8ZARRlMVRPa0vdEe1Kv0CZaEnauUWw3P+NZv6WZkXw0SjuW+k9oqlDOTPR6gQ0Aa4GoX51NRFFmtlCVU0YL/RmdfrC6nkSea2S5btXCG4pptSusmQx42Rn+RfttcLDIXBAOIDSA/kKiBYvDhsZe0XOHAzj7jTAshSeGlccEOUIs8SctS8b13OAiSs4ceuMRPz6J45f6RVKG6COgiUEav5U6RFa1ZOLv8A/EFsqOsEZ45aYqngLM0/7gZ5Wqwpft8a+7dLRmakUjTOxH+wtVn6CV7wItUJAoz6BjLR/jtDr9EUm/QesZSHhuxs3eu0iXPXzaQgUt5Qz2knxSvzsEKYUx5bPsNBSb4uWgG3b/vKzPUKKYP5CrOwvPxsqI=,iv:z1YrJmuMaiiQpAc8ajoa7A1GH5Z2D2holm3lBCiBqOU=,tag:ghl+1BN9Tyxpwr9KXre5jw==,type:comment]
firezone-gateway-token: ENC[AES256_GCM,data:3vFtknbuAKk4syzNMDBWZegqyjDQWWPYXVJOs40cnEgAYnOWF2svt4mg3ueRH6b3j5E0Mrkv1PJIch5yxu9FYjfcx+jlsrqneJQrHGX3LDcW5JFOwP6H4nb2Oo8Q8BtpbpOdxAdUeFoLjRSFYy3DGzDatLG9CN3AinhIuxrTGM9Dfxvfn5ahkZ/LPLNRsKj6822C6dxSISW5QSGz+I2woyKzVd9hYoyeHzj5PB2WeaP4ty6bdQRwtA22i15ODpjMDt+AwPL9Wv+tzcv8StDpawbLrJ+0vAh8uRrIjka/W731WkAIWsgMr4mDt0dw99VgJ3mixbXEOdQRidVCeDTXwb9N17RQr5Z5pcjWqGU=,iv:+zbkWWlR0FAFIFB73TXuUwhyuhiVzaEhPeYBkJXfbmY=,tag:8NZbeFLv0FiRDVZJtmLmgQ==,type:str]
#ENC[AES256_GCM,data:NmWQFYRt2QvzZSXUhOCBWtvjpCPo9bOlxEXjVJUVbV8JibPtiP+EJ7oOYEi0thi2SGVeqqbRyQTT9K/4KwmfB+TT34EPMfSxJJ/p6JbxtbVr7zcgcbD6yWdBmaxB8V0iMXK6m3SuhTKHQjUin8gkYkHeaCo60wWCv7qoUTWePP5LwS09o1to2ckSmiszm6kg0TF5TJpCcyMWzjfmE7r1Rd48A1Z6Gf/B8sbERe42K4FSF+NjKTJEMZNngvUyKuLKhwhqhh09pbt8/lSL+MjzwPvTlriDOb54ZmN14dRFDFfdmpdJKAPT48Vbl9mXRJZHzpaP5qOFOwq+Z3977pMRuOen/BaEZZOf/Yucp9lnzNSdUb3hx26Fn7rA4/AszyZpbFB8RAnw,iv:oIK0td0LJf1+6K5wlD6KkdP0HxB2bTTQ7tIfd560oOE=,tag:WuBa7peCY19021YyQparcg==,type:comment]
#ENC[AES256_GCM,data:R05LNs2Ga+spsXQbD60xSrIlCPERGPF3jjP8oNRPL+7RqJNqKAcS6/7tQrqO66Bqsj7ywuxADxie7OzkJhUYpl8grEHhO2Hsw2QA4vTHYdKtjpNxity3qG3KTUrTYsRmhGoiTeDxX+/BMOi3p2nmNZM/1TJ6o6CVO2rD2zz3dQJyKPS/6gbOyN44HTbJA0s00p/3lHvULoP/VIw53ehko+T3N4LUgpvrVQZ2LDodOtqnQUFKiJPUrZddAka5Wo0KRFNDsCz7Z5FgaWjqMeC0oZxidISbTAK207km/QyexhTGtOhu9vANvzej65fkOlhuQbUur3ZxcLdiLA6TStWJyonrH7EQnabNzzv1kSTXiNYG6TPdVb2CMj7P0SHThG9d0WvArh+n,iv:oBH5R5k2vgaBzwTVeUnjSScJC/E0yh3f9317sCAk1/U=,tag:TKwU80zceuH/Tsw8v9fq0w==,type:comment]
firezone-gateway-token: ENC[AES256_GCM,data:qucZ0VF/vR8Y7NNbXP15SZd95Vr3oYKx07JMtdfO9/bBWFEFTeC+0mFmTaNpedj+lWhgqJhtlIr/0S3drJ350iRsXWuRSis9Eiz8zz2OaqO88NOA8HP3h1UgSVG63pOkhmTpnXOezV/rK107ow0QfvlS+XLZYVni+xRZ6mDkle9q5tbmwDLQtuVZ5+BMHjLGpYezMtOUPZDeRw2+ywhYqbgHQ+n224Je144rGJYnn21mKxBRVD33Ei/ganmvh8IbRuwuB5kXlnc5Q21qBp9r81yReL+4Q0tdHNfmkyuS9LLuguaTTQlUTuwzrBCdIw7xM+9UDdsYXbdzhGPgIR3+dVjde+7k4nOZ71f7trw=,iv:wYD6ih5x4i+Z5Nj1zkQ1az0ie7qGyswpa+nuoiDbyPQ=,tag:AG9nOIuR8B7+eLr1XZOwQA==,type:str]
sops:
age:
- recipient: age1wmx8y2hs83j2u5srdnfxljrzxm8jtxl6fr0mq7xf2ldxyglpzf2qq89rpx
@ -13,8 +15,8 @@ sops:
YWlkK0xrclpXYTkxUXFiNGMxU1NnMGcKCZzLfTPjeeGxyD43dOGDYsQVsw24cyHI
jz0B9VV07p33OP448eLyLgwpVFaNG0q+hXPH+0fb3V3foBT2QSeuPA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-12-31T22:06:39Z"
mac: ENC[AES256_GCM,data:BXX6xL5AJ9Ar4le429W86bkCRQkPWiYbJxd+xvp3xfy/T0MptAMsOB7K7dJrtokdXBKK3iPxapgPZCVCSBT49Sj9X2e7wWCJq+olcNTmojMZBtgsDjHgg2rbl8jY7mKeAlGRiImc5iIengJP0cwxF2zplUkZeQmJzXE0+4P8R6c=,iv:63xUQfIl2gpDONSJUrADsRxeSFtBs3h8e8LQs8eQxEE=,tag:vQgKvv8AuW+oEh7dimPhPg==,type:str]
lastmodified: "2026-02-02T14:09:53Z"
mac: ENC[AES256_GCM,data:YnFSQiC/gucCsfrVgcle1d9WOkDDsXZdhDem+yBWOlTxE5S0I3iFrzz+xj6aMqPH0IeEZsw+aSfL7BnCHoamJbLk5xlZ2U6UH/DdM50lBFafNF7dd25J1ndFSCB7Py4FogNLARKf2a1HiV2W7A1Ph0n3xj1fYqu7K92u2aSLTOY=,iv:yhrNVMt/HfT00bWYIsUEckvwngzglbYnbfiXasQzEOA=,tag:NwRio/QrFk/XPvF3WZDbuQ==,type:str]
pgp:
- created_at: "2025-12-22T08:56:58Z"
enc: |-

4
modules/home/common/emacs.nix
View file

@ -38,7 +38,7 @@ in
enable = true;
package = pkgs.emacsWithPackagesFromUsePackage {
config = self + /files/emacs/init.el;
package = pkgs.emacs-git-pgtk;
package = pkgs.emacs-unstable-pgtk;
alwaysEnsure = true;
alwaysTangle = true;
extraEmacsPackages = epkgs: [
@ -67,7 +67,7 @@ in
packageRequires = [ epkgs.jsonrpc epkgs.eglot ];
})
(inputs.nixpkgs-dev.legacyPackages.${pkgs.system}.emacsPackagesFor pkgs.emacs-git-pgtk).calfw
(inputs.nixpkgs-dev.legacyPackages.${pkgs.stdenv.hostPlatform.system}.emacsPackagesFor pkgs.emacs-git-pgtk).calfw
# epkgs.calfw
# (epkgs.trivialBuild rec {
# pname = "calfw";

3
modules/home/common/packages.nix
View file

@ -49,7 +49,6 @@
fuse
# ventoy
poppler-utils
vdhcoapp
# nix
alejandra
@ -136,7 +135,7 @@
#nautilus
nautilus
xfce.tumbler
tumbler
libgsf
# wayland stuff

2
modules/nixos/client/nix-ld.nix
View file

@ -31,7 +31,7 @@
freetype
fuse3
gdk-pixbuf
glew110
glew_1_10
glib
gnome2.GConf
pango

1
modules/nixos/common/nodes.nix
View file

@ -34,6 +34,7 @@ let
(splitPath "sops.secrets")
(splitPath "swarselsystems.server.dns")
(splitPath "topology.self.services")
(splitPath "environment.persistence")
]
++ expandOptions (splitPath "networking.nftables.firewall") [ "zones" "rules" ]
++ expandOptions (splitPath "services.firezone.gateway") [ "enable" "name" "apiUrl" "tokenFile" "package" "logLevel" ]

8
modules/nixos/server/firezone.nix
View file

@ -345,6 +345,10 @@ in
};
};
environment.persistence."/persist".directories = lib.mkIf nodeCfg.swarselsystems.isImpermanence [
{ directory = "${serviceDir}-gateway"; mode = "0700"; }
];
boot.kernel.sysctl = {
"net.core.wmem_max" = 16777216;
"net.core.rmem_max" = 134217728;
@ -366,8 +370,8 @@ in
${idmServer} =
let
nodeCfg = nodes.${idmServer}.config;
accountId = "6b3c6ba7-5240-4684-95ce-f40fdae45096";
externalId = "08d714e9-1ab9-4133-a39d-00e843a960cc";
accountId = "3e996ad9-c100-40e8-807a-282a5c5e8b6c";
externalId = "31e7f702-28a7-4bbc-9690-b6db9d4a162a";
in
{
sops.secrets.kanidm-firezone = { inherit (nodeCfg.swarselsystems) sopsFile; owner = "kanidm"; group = "kanidm"; mode = "0440"; };

8
modules/nixos/server/oauth2-proxy.nix
View file

@ -1,4 +1,4 @@
{ lib, config, globals, dns, confLib, ... }:
{ lib, config, pkgs, globals, dns, confLib, ... }:
let
inherit (confLib.gen { name = "oauth2-proxy"; port = 3004; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress proxyAddress4 proxyAddress6;
inherit (confLib.static) isHome isProxied webProxy homeWebProxy dnsServer homeProxyIf webProxyIf oauthServer nginxAccessRules homeServiceAddress;
@ -165,6 +165,7 @@ in
services = {
${serviceName} = {
enable = true;
package = pkgs.dev.oauth2-proxy;
cookie = {
domain = ".${mainDomain}";
secure = true;
@ -176,13 +177,16 @@ in
httpAddress = "0.0.0.0:${builtins.toString servicePort}";
redirectURL = "https://${serviceDomain}/oauth2/callback";
setXauthrequest = true;
upstream = [
"static://202"
];
extraConfig = {
code-challenge-method = "S256";
whitelist-domain = ".${mainDomain}";
set-authorization-header = true;
pass-access-token = true;
skip-jwt-bearer-tokens = true;
upstream = "static://202";
oidc-issuer-url = "https://${kanidmDomain}/oauth2/openid/oauth2-proxy";
provider-display-name = "Kanidm";
};