swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2025-12-06 00:57:22 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: swarsel:ad4443056a1d690b05869656227aa2d76e4cddf0
Branches Tags
swarsel:main
swarsel:feat/router
swarsel:feat/nixos-dns
swarsel:test-extra-modules
swarsel:feat/microvm-preparation
swarsel:v1.1.4
swarsel:v1.1.3
swarsel:v1.1.2
swarsel:v1.1.1
swarsel:v1.1.0
swarsel:v1.0.0
swarsel:v0.1.0
swarsel:v1.0.0-1
...
compare: swarsel:e31a97b6abbbdc31bbdbff234fd81bd76960abe3
Branches Tags
swarsel:feat/router
swarsel:main
swarsel:feat/nixos-dns
swarsel:test-extra-modules
swarsel:feat/microvm-preparation
swarsel:v1.1.4
swarsel:v1.1.3
swarsel:v1.1.2
swarsel:v1.1.1
swarsel:v1.1.0
swarsel:v1.0.0
swarsel:v0.1.0
swarsel:v1.0.0-1

8 commits
ad4443056a ... e31a97b6ab

Author SHA1 Message Date
Leon Schwarzäugl
e31a97b6ab
chore: update flake; rename hosts; setup hintbooth 2025-11-17 22:53:00 +01:00
Leon Schwarzäugl
a345846e62
chore[client]: reorganize sway keybinds 2025-11-17 22:52:05 +01:00
Leon Schwarzäugl
2dcab62151
feat: add remote disk decryption over ssh 2025-11-17 22:51:14 +01:00
Leon Schwarzäugl
6152fbd623
feat: add quickpass 2025-11-17 22:49:17 +01:00
Leon Schwarzäugl
65baf8fa28
chore[client]: better pii management 2025-11-17 22:49:13 +01:00
Leon Schwarzäugl
80afe6964d
feat[server]: improve kanidm config 2025-11-17 22:49:08 +01:00
Leon Schwarzäugl
4464041c31
feat[server]: improve nginx config 2025-11-17 22:48:58 +01:00
Leon Schwarzäugl
6d930c3fa4
feat[client]: manage zellij using nix 2025-11-17 22:48:52 +01:00
36 changed files with 3524 additions and 536 deletions
Download patch file Download diff file Expand all files Collapse all files

6
.sops.yaml
View file

@ -7,6 +7,7 @@ keys:
- &swarsel 4BE7925262289B476DBBC17B76FD3810215AE097 - &swarsel 4BE7925262289B476DBBC17B76FD3810215AE097
- &hosts - &hosts
- &winters age1h72072slm2pthn9m2qwjsyy2dsazc6hz97kpzh4gksvv0r2jqecqul8w63 - &winters age1h72072slm2pthn9m2qwjsyy2dsazc6hz97kpzh4gksvv0r2jqecqul8w63
- &hintbooth age1hsumymvh5mkqlaynrp9lv2w696yk3wtjzlyfmrpeuvh9u2tlwceqh3563x
- &bakery age1mjgw3nxlnqdj04mgjz3wn7fj2nl2nxla4p2r2fn4nkvayfgp09pqllxzyh - &bakery age1mjgw3nxlnqdj04mgjz3wn7fj2nl2nxla4p2r2fn4nkvayfgp09pqllxzyh
- &toto age16vzhcvz8tyxj8e0f47fy0z4p3dsg0ak4vl52ut3l07a0tz465cxslmhevl - &toto age16vzhcvz8tyxj8e0f47fy0z4p3dsg0ak4vl52ut3l07a0tz465cxslmhevl
- &surface age1zlnxraee6tddr07xn59mx5rdexw8qxryd53eqlsajasfhfy78fkq705dfg - &surface age1zlnxraee6tddr07xn59mx5rdexw8qxryd53eqlsajasfhfy78fkq705dfg
@ -20,6 +21,7 @@ creation_rules:
- *swarsel - *swarsel
age: age:
- *winters - *winters
- *hintbooth
- *bakery - *bakery
- *toto - *toto
- *surface - *surface
@ -32,6 +34,7 @@ creation_rules:
- *swarsel - *swarsel
age: age:
- *winters - *winters
- *hintbooth
- *bakery - *bakery
- *toto - *toto
- *surface - *surface
@ -44,6 +47,7 @@ creation_rules:
- *swarsel - *swarsel
age: age:
- *nbl - *nbl
- *hintbooth
- *bakery - *bakery
- *toto - *toto
- *surface - *surface
@ -131,6 +135,8 @@ creation_rules:
key_groups: key_groups:
- pgp: - pgp:
- *swarsel - *swarsel
age:
- *hintbooth
- path_regex: hosts/darwin/nbm-imba-166/secrets/pii.nix.enc - path_regex: hosts/darwin/nbm-imba-166/secrets/pii.nix.enc
key_groups: key_groups:

1946
SwarselSystems.org
View file

File diff suppressed because it is too large Load diff

12
files/scripts/quickpass.sh Normal file
View file

@ -0,0 +1,12 @@
shopt -s nullglob globstar
notify-send "$(env | grep -E 'WAYLAND|SWAY')"
password="$1"
pass show "$password" | {
IFS= read -r pass
printf %s "$pass"
} | wtype -
notify-send -u critical -a pass -t 1000 "Typed Password"

7
files/scripts/swarsel-bootstrap.sh
View file

@ -226,9 +226,10 @@ $ssh_root_cmd "nixos-generate-config --force --no-filesystems --root /mnt"
mkdir -p "$FLAKE"/hosts/nixos/"$target_arch"/"$target_hostname" mkdir -p "$FLAKE"/hosts/nixos/"$target_arch"/"$target_hostname"
$scp_cmd root@"$target_destination":/mnt/etc/nixos/hardware-configuration.nix "${git_root}"/hosts/nixos/"$target_arch"/"$target_hostname"/hardware-configuration.nix $scp_cmd root@"$target_destination":/mnt/etc/nixos/hardware-configuration.nix "${git_root}"/hosts/nixos/"$target_arch"/"$target_hostname"/hardware-configuration.nix
# ------------------------ # ------------------------
green "Generating hostkey for ssh initrd" # green "Generating hostkey for ssh initrd"
$ssh_root_cmd "mkdir -p /mnt/etc/secrets/initrd" # $ssh_root_cmd "mkdir -p $temp/etc/secrets/initrd /etc/secrets/initrd"
$ssh_root_cmd "ssh-keygen -t ed25519 -N "" -f /mnt/etc/secrets/initrd/ssh_host_ed25519_key" # $ssh_root_cmd "ssh-keygen -t ed25519 -N '' -f $temp/etc/secrets/initrd/ssh_host_ed25519_key"
# $ssh_root_cmd "cp $temp/etc/secrets/initrd/ssh_host_ed25519_key /etc/secrets/initrd/ssh_host_ed25519_key"
# ------------------------ # ------------------------
green "Deploying minimal NixOS installation on $target_destination" green "Deploying minimal NixOS installation on $target_destination"

0
files/zellij/layouts/default.kdl.nix → files/zellij/layouts/swarsel.kdl.nix
View file

8
hosts/nixos/aarch64-linux/moonside/secrets/pii.nix.enc
View file

@ -1,5 +1,5 @@
{ {
"data": "ENC[AES256_GCM,data:Wk3OGKwcuY72VLL+SBYXZUqxTQ8SlYroF4H81YDGMUZu6gt6ialXNvAsZSmYyFNh+3p+ejvzqMO5mxbvAI9tKAvbdamtfO4Pi3A+sNvJ9XSLE9iLAdfWeoT2qLqGPgkXI1SGDof+FP5yIb36C8Um9P4hE3zaE+UdJBk0qgzlc1Zlq2Pdg0TGU6wwJQkRhZIDun1wabeqGWjLrBqUa9VPfNB1El63q/1rhP5v3m6tI7dXt0SQArTtbPWkkHHYPehObG6Q5s4Cm2QrWGpbK+R6xe5F+nEv4+dOuSkZgOB2HsOjzenjp/slqoZTCJYnKT5IDkFQaj5G8YftySyNE/OguMW6atCgulSygwaeuFsnjMNxxsHssrTndNe22jpTTrh2Odp9BT7oRiZPPR8zj/Z3hpLYca24X4oSlZLD0PFEExQNir6V7eT0gH6Paj7wz2rYeYKB8focatLNAwug7L6lWxnr/pw8IXCrfx4ZHw7VYn4hf/KF4isrPju6XW0u2wuiIVlJfOUXZXONmJULB6biftgZapveIMy1oHaabyuIIxkKGParhSUfj6/8/qPVftVFYotdlAy9oNRpZ8JG8z8Sf34etu9Fi7uzcZySKU9e8cU43o6kAo+r39RHRDuhUmYP0ocN2bdlTAkhPoFccK2A1Qx+W/+EwQr55mb5NCH95AVh2QX0SwWgD79FV7EYGN7iVEc+duV5YH8Qy37f6ebehQy+mZGFqCZ5s7Cqy7ChypB476qDqh82qp4K5Uv2NwoF7TT9REzjU0cbRseFbC77AgEUNvfHpHvLBTsw5Y4963GefSKltNHxKROboBfLkaGFHNOlQ8sHIY+vd5Y=,iv:g9iNn/sH7CtxcT4SeI8/DFG8BPIIoseYTuprGEQPqJ8=,tag:SuV+seYm30JAMN7QbdDl9g==,type:str]", "data": "ENC[AES256_GCM,data:RTj0FFJudZusWh2SuAPBHhpYEU20GmWbeZZSCG/vKCz83iUEJxpZ0lSDm71BN1Di7sz+VchcbWxkUjc+SV9paFOtuRKMPynW5n/HTyp/ub3y8oPUN4AjxiRnvfzh8Qxd/vnmxd6lSh2HxMlOqJURN0JY3D3g+tpHyTIvFUWef6HgzLNZCXDnP3HJzbIY53VPj9f+DsdxtFwU5OHkWd8gH2D4XuPPetN0Iv2HaR9+dvlVrbKEXgElgdENkU+ED78TFxvabk1hqPZqXhsfORF/5RpwF15ip5iSlVWPTwMdBREqCsHRiA+u5F9nwJ5C70U1wz39J40CJoa9oihIxyAmN3dktD0JuY0jiqyxwTRFZXYh7Ioe4CksaET0P7LbTa7+BpctgoBqvmnhM3ZDNcSZMNcCbtX98V30UqEPBoTn3kRYvg/1C1SycR96bVW/AiHMiIzD93dNw2gUWdyQX9xtHvgdxLo3U20pJhjMEcsk9V98H6lPiLp3lltrjAX35RsG5R629W8/WVOGoUQn9nX/y6m9VFKoUPf8/M7tvlxDT9A/QBQQvShdA4AM0K8mdNzb85ac5In+43gWDRXWQPPf72e5gL5nPIqPcZvAcoLHsYFH5ebr7VUaUbHm890jQDoNvtezZ1w9nRlZNGVTwdvwWB3rfzorzwCAKLhkFv6ATUYimP0tiHPOz0MxTQKXg12rtyPXbh8bwjhg0kdIlwljAYnYUKiX7SVSeYq7TQksQIiH83JwxCGrL4xjMWZhNkrg3KQUrEMHHaMbNCZvb5M2nMceBo6eA2zi5qYA9sLVnLTrlwx+3Wl7uFBv+9Z+8qvGg3adpGrtJTJjVf+cig01gzao5WrJtT9q4YD1tOHnWfBhwI9/3ny2A0WlyjlY/fS8WUiOmyhl/6N+ukdffzDZQOcTGf1QD0zO+9FYPqYhxr8eGKRHAB0R81Q5y+ORTLwXJ7EhRIK2f45FJisRIsiR+VTsI2cqy7n9HtubY8jQPxLMLnxuUqTu/OjtUMCcbJO8iqYDxWf6NlCZuTaLsQuUPWvO5uUelQpDmN6HhxSGKD9XG4M7/zCuCWNhKWoH0Z9xfw==,iv:Bs1fdmD4jbM/9hiPHxu+yENrVrwFsmhJ5J38W5+4PtM=,tag:UBpHq3ldgdVORaRxuswzVQ==,type:str]",
"sops": { "sops": {
"age": [ "age": [
{ {
@ -7,8 +7,8 @@
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2YjdYNFF5Q1VzQTZ0WU1z\nN2R6cEVObU9RMXdpd2x0Mjh2cmpvY0VvNjE4CmF5Sm1vZWRoOTFIY2pkQUVRQ3FY\nVEd3eGpCbGQ3cUpvTE9JdjJMWnQvckEKLS0tIFRpZDZ1ZGZKaXpObFhZVlNqV0hB\nT20rRGV6S3gvWkZLUzQzVVNGQWNGVkUK0bAeRuI0vb7MJTtpxuD56nwZAk39sHAa\njEhntqsV9ts1Vbw2f0mZEqDdzd64NTtDm/YIwygZ2udV27mXNhVUVw==\n-----END AGE ENCRYPTED FILE-----\n" "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2YjdYNFF5Q1VzQTZ0WU1z\nN2R6cEVObU9RMXdpd2x0Mjh2cmpvY0VvNjE4CmF5Sm1vZWRoOTFIY2pkQUVRQ3FY\nVEd3eGpCbGQ3cUpvTE9JdjJMWnQvckEKLS0tIFRpZDZ1ZGZKaXpObFhZVlNqV0hB\nT20rRGV6S3gvWkZLUzQzVVNGQWNGVkUK0bAeRuI0vb7MJTtpxuD56nwZAk39sHAa\njEhntqsV9ts1Vbw2f0mZEqDdzd64NTtDm/YIwygZ2udV27mXNhVUVw==\n-----END AGE ENCRYPTED FILE-----\n"
} }
], ],
"lastmodified": "2025-07-08T00:23:59Z", "lastmodified": "2025-11-10T23:16:52Z",
"mac": "ENC[AES256_GCM,data:Db2w9giZy+TyXp2hpMN1h7ZgBaJ4WiAN2P6IFaoXufOlxT2uwulbzDMYFoUm9jcdFc8zqnYCvttosJIzyjevY5up9gDarzTu+43XFrTxYqPdgRBzzvxSeXmKqDnngAvv/qOWfzt7TG1IzpyytHX/DEPHvPM9dWgut/1K6Eq94Hs=,iv:WoWAAjse1kyn9IGX4kqCl3zvq4kXEMkfTjAi2j5OCFs=,tag:xco/8fudn2kCLnFa8mUIsA==,type:str]", "mac": "ENC[AES256_GCM,data:CuwVt8/XKRMUHs1rh7Yf4Bk5tWXqTz0HXUiEEjuLhj1TRuMWs6aTC1h9uTMoybP+FmjKeRTar1E8dgUmoheFUGaBFqxd1Kx/FmNeJVLhUOPgmT9XOIjEjTNnzOoaMsYvfhP+AnLKgx+CfOsLnLMOqdKEggx1t5jNfiI2rXqOdfI=,iv:4Mc3WcgMg3z99dERJk+EF4hPpgGZo4mfMt6X45zgp5I=,tag:MP0YDtR1Wq3088WVzXS+8A==,type:str]",
"pgp": [ "pgp": [
{ {
"created_at": "2025-06-13T20:12:55Z", "created_at": "2025-06-13T20:12:55Z",
@ -17,6 +17,6 @@
} }
], ],
"unencrypted_suffix": "_unencrypted", "unencrypted_suffix": "_unencrypted",
"version": "3.10.2" "version": "3.11.0"
} }
} }

7
hosts/nixos/x86_64-linux/hintbooth/default.nix
View file

@ -17,6 +17,7 @@
isNixos = true; isNixos = true;
rootDisk = "/dev/sda"; rootDisk = "/dev/sda";
swapSize = "8G"; swapSize = "8G";
networkKernelModules = [ "igb" ];
}; };
} // lib.optionalAttrs (!minimal) { } // lib.optionalAttrs (!minimal) {
@ -26,4 +27,10 @@
router = false; router = false;
}; };
swarselmodules = {
server = {
nginx = lib.mkForce false; # we get this from the server profile
};
};
} }

16
hosts/nixos/x86_64-linux/hintbooth/secrets/pii.nix.enc
View file

@ -1,12 +1,18 @@
{ {
"data": "ENC[AES256_GCM,data:dXhWlutdXYLxq7pAWK77lK1mz1y/lh0nl4mHa/jf4ABaQxkB9or1/ceEGwzUoFZAP+EmCuz35UpGYuT4jdti/BPDFsg3273NjVxfPBdV3Mr75FpEG56tMZKafUwARtwsBGQcIduPUgymOxKxUzy5YJokbdFThAa9Y25OFKDwOtN33NSG5QT8tEtBOFzeUx5K+9Kt1YDFCgl8dOOFtA==,iv:wZ1VY7IcK2dFjgrGZrUg+Oz3id8DZKzVgPMkjBrp1GE=,tag:F0SH8w32ec09P3NaMLcuTA==,type:str]", "data": "ENC[AES256_GCM,data:RwbQZyqU0OjA/wD3o0HppPWFjfHNAHsGF8DzdJrXZLlE5RPUigHWtMLcX+2bNd0DpS3r7WHCSyiu+mmg6GWFiE6wAOBU1Q19BpQ8k3oTt8sP3N4/5PfzYcXlHRfwxmB9/pv8YCi5+cOU5ExWiQ+kC767UbgPIC2ugUD6tkP14KkhW0EGgEhF3elBfOGrSHGgjltgIFMYm/WKZjM=,iv:EBpghMcCGd/wow68V3zoDfzwywDGwmlqn3btNHrfxbk=,tag:jvSZyRIQ7BmQdKc6YEBIZQ==,type:str]",
"sops": { "sops": {
"lastmodified": "2025-11-09T23:30:30Z", "age": [
"mac": "ENC[AES256_GCM,data:odBcMskVn/ag12j/sDxqD7/8q3GD+LPfoRQ4UcwiFAdRWIRyLKdG3HUJzt1yEVQnpvaHHOq3QmGC34FPA+GT6zw6TC9EacibmigX5uT+n6hYdVgXy97T/nD9ITtq6gVy8VjWugKpqMwTDta1HV037DKTf7LDmrTUaFhzFmtzNyA=,iv:CjkjUwCzACzuUI/TceDeopRsT9xiIZxciGq7UeBEVTw=,tag:ySF9Dxha7it2F2g81NZ+EQ==,type:str]", {
"recipient": "age1hsumymvh5mkqlaynrp9lv2w696yk3wtjzlyfmrpeuvh9u2tlwceqh3563x",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0VHAxaWdiV1VlWEY2UktF\ncE96UHJnWGNpY0ZFUmZVSi9xSXpBMmI2S1VFCjB6cWtDTTJrNFhZRC9yUHRYdUpS\naytwOUJ4NTRxTmJmc0R0Wmh5dFVKbzQKLS0tIHQ2NUtqRjh6MVF6VHJFSHVFTFFD\nNWh0MDVjekFDUWZvTUZNK0Z4M0lJbVEKGZk1BvZsNTkIor5rTcpi2UE4W/BqNMWU\nIAe3irNN6p1si2zebrCEyiaJYuaVn7uYVwXcscJlNTfkr9szm8TjSA==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-11-10T01:10:14Z",
"mac": "ENC[AES256_GCM,data:NSUKiOFGZyTb9U6e8cJoOJPAMfnk5iuw7pLK0JJzdwf4pI1aMSqjSDylQ5EqqbdFKZKRmaIjjHSpcJep6q0TRFA6wOznHWyv/UCECGwqZrS3EXgcQF5lZl7NVXPPSsMZgPReEVQcMtMivatPrfksEeCaam4WC/M+dqd2d2RrOXI=,iv:KnBNepDoaQeQ9MSrSN6dkrbS6YqkMYMpmXFd5v+oWoI=,tag:vPhsazyi8d3ugGoW8Z1Asg==,type:str]",
"pgp": [ "pgp": [
{ {
"created_at": "2025-11-09T11:20:20Z", "created_at": "2025-11-11T17:51:27Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTARAAgiGGUn4Dhw6aB34J+332lw/CMPnZb3apThxgKjAVLKDz\neEeG+iD3iOJ3m+xg0KhgV5m2nykw0LXcXlErNIxnBmPm91DiQuW2Nzgz2J9FYF+J\nMHZ65JG+9nEt6dUplEKTBS492hiKrfD6a3BR/WFy9qrv0uY8DutAeUbkXVXqY+Sn\nxTTu2DK9Yy6lps2gmaZ1nJwLffaILyZuwYqMKtv1d1tEQFsBbkwh1chj0857nldD\n4t+bDYpMa1eFBQ/vi4YfMrw19Qq0xEWo7nKdT/pj8qAW9c4D7pHf7rm4t0T+H3tN\nfk1dJKuZuITXRrIth1zhq5bLepsIWtk/hG9fNKPbYj+xThhbCWEpH18FVVJsPCtv\nksZ3i70uz6FvyMYxyNANTMIxVa+SI+dhx6bCGQ/I9xFxK2Yju/yL6Gt4av3GhyjK\ncd8B5AlIKzxDvhWBMakjf+R/I63a7AlI9QliZhEFrpNOdcBu78ZvtKKplJ6fG8SZ\nExCFFf/qtqHtM0rvl8wyyVntD2r9WLKwDF7+tlygxbexqCaVs8CPtuiswOEGldc3\nZkG+zYsXSvBmyyfwrVYoIKRjJ1QiYys+EE5OdfI9kZ/I+kByiwr6PRHDnIkuc7jj\n8odeSq/KVMwS3d0u3c6qTPWbnSvAa6KM91dnMaXb0ws/B0eNE22USNk//KVfdKKF\nAgwDC9FRLmchgYQBD/99q4jpY7LnuV12/KxqZvbSHkBlO3HlBDYfmAYUn1gYS83T\ni+eGlWqHlXAwaqDnz5hGKe/yHRBVZjUO8Ic61ujHH28dPC++hMDkfq9sBH9mXeXA\nfovVEQJOiF65K40Lel9FAa9E5yjGSvcocqBrsh4usS6jTrFJmnat4poCnJDG+Ova\n7S2kD2FEwQxRRFlWX8I7nsmdxgATIIVhLgvCImJKAb2GEBmXx/Vpj6UTG5H+dvtP\niYtHxq0QOpeR47wNc5nUTaHTP0Lsj9hB4SS7rTdKHptXEtHCEznM7SEarNCt+MQY\nQd5O/x3cItJKADxV2JO2XPL96hqlX/e6+CWcsW89nAbuIID651b7ZWBw19F+62dt\nxlVrehcsYWLz+GuGBYysx+/0EVuZ422AEi/v9ft5YdigXrxq0ddJKRtFvcQFMh0G\n2w12fADrzX2ExzTWWc7FIwBmCr5XcwLVtmwU2bOD8mX36B7UPybBDsZ5J7/fr3TP\nYIz5ApQI5ewNsBhVoyJxSJQ6IoEBC5udrGNBMKOgZEYW+1MTWPojDU9eIg0Mew1D\n7PkXYEDrHBUccbaePLViUPcEeGkE7gB/FAWsIIfjRFzR8GDJpf/RnEK7G4mvPrIw\nlH8ARzgA93gtGOyx0DVOg+zIeplbARgZoIhyX3QCpsOTPz/CmBZIwMikRZfag9Je\nAfBikUXA2MBcIDAocQAKFILnFLyY7qgNKhvqhiCc+j04GmP7mjtAiZXP7lyUauRM\nt2PUcec90jfk0wsT1DXfeJKuWVa1hkv4/2Ejz5/PXa6ZQbrmBtZG9ZIDk2VveQ==\n=k0BA\n-----END PGP MESSAGE-----", "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAwDh3VI7VctTAQ//cwoYXkjChyIyDP0dmqquRMAv7AsLz2IVVKcdGzqKWR/z\nx7owbhfGFaNCU/x8TWs3mUFBNnLIUQmuSWUuI30VMmFVjXQ9sybCZUCk5oFLD53+\nVPPb/KsAO06it8T0NxAlsXqe7n9fz1P16mFpMx8N1yb5s+GYG/C3UGATwJTJQn8+\nwob0NHfN/6qsZP5PzMgKlUiqc3YF+eB71KTHNDmT3l5sGsoNi0erZwNZc4VA0zn8\nPsFYodW9Mya1XUanJvrYKo9eRfrlpaUKGzn6GVlMJsZU0gNpKZepMubbev3+B1GR\nn6V+ViYWd8U9UTatuHy+aRcwEZfpXq7uKTTTdihECjNkHYSfXmUF9mjq6u5U0Lck\nykhElFADx+YEBJuavQabvYGu8fJx9DfJseNVwIv0M6hqLdg2CNMUQ1l1Q9weizeZ\nxLjme1LTlCUinJGN07CE0J9qP8syWRJYD9seP9Qc/b1IY2D8dGdgOTzO8Fx8vI+M\nOV+Q3T0Chn/f0lw2Xzu40MphB3eamt5cq0JeLQuwQHjUml0rGpi7bIj8PxeAgMkX\nXFzSokYTHGRJz2UblLnITfMaVYcu9HYHXxXIsZliaRBs2AlscyCCSQFjnEAEywlo\n9kvh49sjWztb0yGqHRAxdmJ+Sm5fCqP0huaTMXkC3zy4h0oeJte36Us0VxKk1HqF\nAgwDC9FRLmchgYQBD/oCYXtBTr276kjOMWs3WqDYMLUDbWM8d6b86HYgYvtwQy0z\nXgASNtWQsMMyIEiReSqv2H9jtTTqbUK93ALW2X7GmEvUIvmW64g1AfHKhmPw//Li\nKMxtK6sFVS/WSEYoaZarkZDwOpNx3+BnriQEHiMi21vWxCqluZFSDdls0ca2oXvF\nK9GpBUD8v5+l2EWhq5+4nxHKrDx0g+mjtZPJPRsJ1u0tisdkhRXauOvRHEymZ3mX\nRTee3FNR1t6YpXY811lX9yemXkdsSB4pzKWNQgk6U7WDkGcVaGNw0R8pS7F3YnRE\nFSJhKnhb9Bd6CX/zEV+IwEgY1yPfiEMX0bvIrcEJYgUg618YQbQPushxVk10+c66\nZJ+99g06tdyt+u8E9GpoujnoRjRWsEqElkZntd66fPuDm99qx+RHlF/1Likp/nPL\n4oIknDJu8wwoIBCtoQcWyaiNCa0Fo/HR6txyOt6tTqpwhnDGJP9UfYlKWt07CFar\nQLgZfJbHhetjXoRHMAs+WargN8KV7QGMGbQdPE+VwlZI4bKRSipH+rdDn+v50FQG\ndvFd7WRnWmTaG2W3cOLFH4pWc2MPnnxj0IHDI3U9olcCyuWAF12yC1HYuFuWeG+K\nokxmS1T1E0jIP9u8NTJBmLdjC+6U5y1ZvSZlIWB12OzBEpP7jl8uOVbD/AR4GtJe\nAf4EdsxTBocS50aRxxAOq5t3kaoTu36n1dbGDfb8k10bsBiQb6zJ+xtNQgWxNEeO\nb6YGIyglD06Wmm6C5LOyQ46KIzuFXB8irMJexApopLwIZ+jCnn0Nb1mO6DXHUw==\n=kTmR\n-----END PGP MESSAGE-----",
"fp": "4BE7925262289B476DBBC17B76FD3810215AE097" "fp": "4BE7925262289B476DBBC17B76FD3810215AE097"
} }
], ],

7
hosts/nixos/x86_64-linux/hotel/default.nix
View file

@ -29,6 +29,13 @@ in
firewall.enable = true; firewall.enable = true;
}; };
swarselmodules = {
server = {
network = lib.mkForce false;
diskEncryption = lib.mkForce false;
};
};
swarselsystems = { swarselsystems = {
info = "~SwarselSystems~ demo host"; info = "~SwarselSystems~ demo host";
wallpaper = self + /files/wallpaper/lenovowp.png; wallpaper = self + /files/wallpaper/lenovowp.png;

10
hosts/nixos/x86_64-linux/summers/default.nix
View file

@ -1,4 +1,4 @@
{ inputs, lib, config, configName, minimal, nodes, globals, ... }: { inputs, lib, config, minimal, nodes, globals, ... }:
{ {
imports = [ imports = [
@ -11,13 +11,6 @@
loader.efi.canTouchEfiVariables = true; loader.efi.canTouchEfiVariables = true;
}; };
networking = {
inherit (config.repo.secrets.local) hostId;
hostName = configName;
firewall.enable = true;
enableIPv6 = true;
};
swarselsystems = { swarselsystems = {
info = "ASUS Z10PA-D8, 2* Intel Xeon E5-2650 v4, 128GB RAM"; info = "ASUS Z10PA-D8, 2* Intel Xeon E5-2650 v4, 128GB RAM";
flakePath = "/root/.dotfiles"; flakePath = "/root/.dotfiles";
@ -41,6 +34,7 @@
microvmHost = true; microvmHost = true;
}; };
server = { server = {
diskEncryption = lib.mkForce false; # TODO: disable
nfs = false; nfs = false;
nginx = false; nginx = false;
kavita = false; kavita = false;

6
hosts/nixos/x86_64-linux/summers/secrets/pii.nix.enc
View file

@ -1,5 +1,5 @@
{ {
"data": "ENC[AES256_GCM,data:PFtZdHoWzYmrHio52kBZ7LDthUI+qAPBfCqkY/ubTIwVJoaZixXbuzJdJuA84YH5YBZ/umTYG/9Ocs4hNbCYoPcG6VdreIcqwVxD6PgCEtqtTK0qxOfBqdIXQ1Gl2EzyMuxQm3pFFEx1zzueJ3KvdZEZRtzvytLlw/pKkETLECAxqAoZ5fSVApzIczGI053046v7ItdulGLOZGc=,iv:0EhqmcDH8yFC78H2tuhGbu49ZzVaMtdvf/7XuNU9hyo=,tag:/8rHZKR6CLH7HNAaK5EDOg==,type:str]", "data": "ENC[AES256_GCM,data:umKGtD7jTa+ex3ADPs1zR2o9YU2j3y3zCEupCGOsdJyicM7u0efXDI0g755RdPeNJiB/z1DPy+mAkePPq/m93CCppTq0BYyt0JJw53/j3ghCMJj7N3wUVstMUB01jewDSUc7SLay0lkhMCWbrTKsR1pwnfFRAG8C3rWXQB2EkU9FViCo8VaOfEF6Cq9ev/r+SEepT85wvoMxxIg=,iv:bgJXEoj7nRUsi4fA+bYVYvJYavS+BoDuQt2SCrX/2W8=,tag:lmOjPU0J0Qf/vcnO0owTZg==,type:str]",
"sops": { "sops": {
"age": [ "age": [
{ {
@ -11,8 +11,8 @@
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNeGtTZ0ZSV0trWlQrS2dV\nSFo0dytGYXhRTjl6cDZrUU0wZ1IybDVRaFZrCmZmRmxJNmdwS0xodHdEOGU4bldU\nR1JScHAvZHhlVTBJbWExb0VpR0h2MXMKLS0tIDYwQmZpMjdYRmpBeXFNOXArN0h5\nVGN1THljeCtVV0hXenMyRVJkMjlHNEEKm+yZTT48nYr3H0Bd1OKw/CYk1kwnrBzk\nTgSQHsGXhmOyDag9cSZ4wAOmqtqSjA9bouFBuhl2lSbgpjnarvFaXQ==\n-----END AGE ENCRYPTED FILE-----\n" "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNeGtTZ0ZSV0trWlQrS2dV\nSFo0dytGYXhRTjl6cDZrUU0wZ1IybDVRaFZrCmZmRmxJNmdwS0xodHdEOGU4bldU\nR1JScHAvZHhlVTBJbWExb0VpR0h2MXMKLS0tIDYwQmZpMjdYRmpBeXFNOXArN0h5\nVGN1THljeCtVV0hXenMyRVJkMjlHNEEKm+yZTT48nYr3H0Bd1OKw/CYk1kwnrBzk\nTgSQHsGXhmOyDag9cSZ4wAOmqtqSjA9bouFBuhl2lSbgpjnarvFaXQ==\n-----END AGE ENCRYPTED FILE-----\n"
} }
], ],
"lastmodified": "2025-11-09T23:30:06Z", "lastmodified": "2025-11-10T01:10:33Z",
"mac": "ENC[AES256_GCM,data:/af6vMgOLZ6bqLdwhmCg9lX+S1afi3HoKeVhrEgxtjrob3IIHMoD2YqP+PhXazGTyArBPEHxojZ9ew8SqedosID61nE8H45gMV6jz8g4hF9sm7c5CRavEk7Lgy4kO4Xw6LyUEO379RUa3OOrhKrOI2+zWf+NkCQf8Hy79Cc56Ds=,iv:BDuCygDtMYdYfd8p3xZSNN4ZaFiN9WbNRD+3LSluwlY=,tag:+S01XGwLZcCa9c8IDDjjGg==,type:str]", "mac": "ENC[AES256_GCM,data:4vPX9TdAGGBwzEc3W6pQj+BVKjp2kSAMB/L3QVXZbDHfvyKFWUOqwG8u8P7XDcuIrrpx65YuJp6zwexpJjg5zkU4favJt+uHD1wWC3TZcCpda6v3hGW3RduQAwVy+18JJ+PdSxHzrC4jmj+t/HIKp6Bt7qB0Z1ynrt/CdGIVxh0=,iv:zQQrl19jK823UynE3EXLgazehpWW5ltRCWKdnElVh5k=,tag:zIIgbyXSw6f6xW2CaVW88g==,type:str]",
"pgp": [ "pgp": [
{ {
"created_at": "2025-08-24T23:36:17Z", "created_at": "2025-08-24T23:36:17Z",

5
hosts/nixos/x86_64-linux/toto/default.nix
View file

@ -16,7 +16,10 @@
}; };
swarselmodules = { swarselmodules = {
server.network = lib.mkForce false; server = {
network = lib.mkForce false;
diskEncryption = lib.mkForce false;
};
}; };
swarselsystems = { swarselsystems = {

15
hosts/nixos/x86_64-linux/winters/default.nix
View file

@ -1,4 +1,4 @@
{ lib, config, minimal, ... }: { lib, minimal, ... }:
{ {
imports = [ imports = [
@ -16,20 +16,12 @@
# mac = config.repo.secrets.local.home-mac; # mac = config.repo.secrets.local.home-mac;
# }; # };
networking = {
inherit (config.repo.secrets.local) hostId;
hostName = "winters";
firewall.enable = true;
enableIPv6 = false;
firewall.allowedTCPPorts = [ 80 443 ];
};
swarselsystems = { swarselsystems = {
info = "ASRock J4105-ITX, 32GB RAM"; info = "ASRock J4105-ITX, 32GB RAM";
flakePath = "/root/.dotfiles"; flakePath = "/root/.dotfiles";
isImpermanence = false; isImpermanence = false;
isSecureBoot = true; isSecureBoot = false;
isCrypted = true; isCrypted = false;
isBtrfs = false; isBtrfs = false;
isLinux = true; isLinux = true;
isNixos = true; isNixos = true;
@ -50,6 +42,7 @@
}; };
swarselmodules.server = { swarselmodules.server = {
diskEncryption = lib.mkForce false;
nfs = lib.mkDefault true; nfs = lib.mkDefault true;
nginx = lib.mkDefault true; nginx = lib.mkDefault true;
kavita = lib.mkDefault true; kavita = lib.mkDefault true;

6
hosts/nixos/x86_64-linux/winters/secrets/pii.nix.enc
View file

@ -1,5 +1,5 @@
{ {
"data": "ENC[AES256_GCM,data:4SiiMDgtS3KPoG/fuYnfzaxVycaQsSycTODMQQS9a4ICcZFY21LdKCRQs8N908ndBrdjMIHMhG6LDI1RVRs6m5EBZLYho3dzvf3YlpztnypaGrAkXfTnCuvP15vvAOgHnJYF3PQ41XcKoQ9yKRJGv3E/1lt2bkGkZsH43aDizz/BfRXpKKOezLkzumi6IYiwrVrdPHf0yQj7qeMBfPi9WBicf+/daonOOssa1JMqZ8B+Uy8tG0qi6JlL2eQa18njDfV7rcmGyQGUYBkVoc2E+YYrAUbB7KDYSwe3Gqzo75Ls6IjH8O0KemYnqPbOIPrlrAsGPen+ZAT6tdCQ9QCNwXlGLERRidVcSWjjk32VthlLzXGrhXoChidwui7ff8SwUXIf9OyV1E4wREdPJPBkOBVKOhaCEZfEavREHRTlftmE0KHi6k4CXKi2HPvOvOt4HvHALSFJCKkmrn+8THv01niHS0X3iQfIJCzPpXFCkKVYB+2t/NOPeB6qJsI3+eLpd7jhU9p4q6Ny/OmSpYRFgqqF4TXg+npYQm7L1bqSkpRqbzfQmS9MdEl/h79K2x2GYBmTOAR6fs7c7kUFiXoxrP56Sh3sLyTuhzD3VGJ6HxHFlaIXAi3tZ9VObSCa3zpLWv7j6e3vNp01Z0O0UfJ5ZNNHOe+IIyUtEAA9ywLxU+uRuCsBe7PZeT95WpfDkiQVY3LPXxFr92dE4w6Ex6CZyneUF3wOwDqxVi+J2FXAJkYXDi6uE3kyBhn77FsaEVx5H/GxxsT8cFXEa6EjhQ0/eQTw7DYZ11urgN7iNDKrhh4oPnkI9HRrIaqbtaW3H8Rzx01/JkkfOdhiXHxYILm4W6YnLt0kTPI+nNgUEX2/H5h12xXPCF4isK6oHe+DExbP+5Ccz0AOEueNMn0LxH/zhG/f6k7sdOs05PIC0p56v1yRrhYtaVemFdfSWI4dgaXpygR5h2YtrGDHKq8vlsafIa8olrjbgMMpeXjrnpDSC8MgQ55wLHAEIVWPdKmr74704gGKz7PL6L0DAqh8YMTIHaOdf5h520qqiFm0bJWttrPhi0LvHlZUsumgGJ+MqQdRpxbnjo3q8rY0pwyVNxCHieKdchjdCeH9+xhoMpVvjwudrbsycyeF2Bm/TY5emoSTKWq8ucnkpTqXUpuRpi6kaqQRZIMoSR4BjsfGDcNrT+SWqjVnkOOx5EL7B0cJUt9QGaWeSsTj3JK7InnhfyKr44f4e0T2RHjwarZoW9OnPFJnwnsvUarQ5U8LRdRfY0H74XoMdfpZhlTgV1sS37MdKjgakQzVRY5ANA3H4VmaTeJxjPelSnve/Vtkp3SPIuhacfBkMCkoDGPqjR8nmJ1vZdqM9RlLyZcNnZxqsQHT0/wqHSAImfZiLiTHIpkBucYOvt1/OuFrnUTz8XtHFZU6f3tMTM5pCZS5/X2nA+LXiW7+uoIcYpowPb5iVfkFc0T/rSWbqqZoR+kAWFllGK+k9h8brlGyKdwBWF45xWmpl4CSwvngzKKW14f3Ljlf7NyrcUXOxHfrL3wzIoYMFcqNWLh6D4qPt3cqJDihYzF4GYu73VJhUK6sn2GqZ/XCttfBd5MfrvSqLv4iHmrYC3oXl0JS+J7LuZudWIJSEDGhv1ZUdUKahKWsfMvmmVnk28AczdE/rBiAJ+9POeRmGYJ743PSua0k+tBIUbdQ+xkuruenII4pK37yd5H0Ic4ATtcVg0Bg4se5JBXmEoHodO5t2Vg8gUXVI+Xc,iv:C/7cgdkpNmOIeb8cdYI0rbyxebJLgpqIU8ezO+zRqCA=,tag:NywhkBzKpQrJ3H7ZKxvYgQ==,type:str]", "data": "ENC[AES256_GCM,data:dwoz+/DxlUbk05hmg/EwtmUkuD759sQ4iVbjHqcPpY9y2l/gzuPSJT2CMI2GbZs5SKhtlqoqZ5jHG3LwcQjgulmYHB2ThJR4ALi7usJm08q0UfMirnm6mPxjnhdhJXdO6YQ4LaRyP81txSphrl28eJwp2efz3rkUp8nAA3keL6MLZsBkdOXujOJhpreTr1mprWTA6U8aRWFBW7Y1vWvxAH3dtQ03XhYXM88pY6k+HKMvcXSsiDhvwnxG/+UYvSIHcanmboCJDYbgXZECnIGsar7ZOmbsZ3GM6X37qPJpxNmUjc4OoRaJJCcn6saH8kOJkx2rxMyzgMryuGdBq4R/m2JsvDoCPDh+gKO+luCI+hH/iduxnDgYjZAQ2gv3Q14MGNe9nvPWVfiRXXzqRf/8vDXjpnD2FFKmMSqiCvPJHRL52uwO3R2zYUrUfQgDN0Jk6nII8B64l+l69Q8Mod1J5nEMwoUOihhOsjaz6TMIUo6b0GKvxZG04Noyd7S+KuxZe1BsrxSnn7REt6qyQKqAHnMYVXpBmOxOpzhAhOrBIOz6LuqHPzmooQukuBDH/Ej2rC5hLBAFW7mvHIcTqo9sJFbnT3lYYtwLSlHBE3R26vud9pG8K2SuVdy2MWJMpLscR48V9r3nAbWsXKXLZALW38z33/UMfzTJ4g4L7Eo/4E5RXlihyL5/p8ISsoQdf6Uj718pVPTToBRBbIEMOSoJ4ntPoVxQbcpdrGO9zrqqPeZWQSE1JM8anGeZVqeMEVmZJxIbfquX8eMKJrkTroa/9HysuIi0O311F/kntoCtDOYCd3mYPcT8UnZHW3wuG7lqYRd15i/eaMhj3z1eTWoZ40R8w+2TaQB+TjyoLoGGzHvyktI5UkYiaMwa2FoFz40tz5YdZ8aODLQhwJc1mv3Fm0VLudXm7NUcfc4tr35EKbDg1wKtUS13VMSHjbi8ANbTB3nBvpBsPKtD12BTqaP4Q0HJipdnDbcwas/MoG27rFO5+q8+cb82IgjSpCeekrIgUY1wsnOyR3j3ByITp8jfmCRMF1vjKifKr0pgREF1dW59VQ33TvUyjfveQV0ixeV+vM9QueQsUVFzeqYTagsPSM/Czx/UNo8hyG1ze0p+acoOb257Q/Um8nkj3iNPAzx3WN6IdjJkpN1Ldp1SvU5qd3o3DDcSw2ztz8usBkH91BrBaV9MYGH/FSM/HL2CfTZoZodP1VqKFi1Hl3pHHyPEagvoJp1ayUZqmymKu4x1wFxC5FMUXjWUwWZZx1PIOwOtf8pLqVd6FySJlwG/MA4Bfxcnc+eSZ1EYcuHU3ziGbtGiB0eqWXA0fhUwIHHUFnV7H8NoRaJnbDS+kviFdTQKvoF3OmymEwhaq/Oak0ZQk8NLHC7KTQ6xVCb7bBtLpkBdXFE3YB5ltXvEYvSL02qX9i6oBf8GRi4Tl+k6zca6QVJzHG4hU8Nh3cxXBmF2IIY4JiKy0YlsVXCg7OHEWMEl4qT09dAsrDcKQC205YRF7XO8AXimENFQM2Nr/moadk2SF3D2DuJEE2HnSBk4H2tVlMNns32MpTFBZwbf3JOIHJV9CFyVSjhjuNjVjMK4vVdpnEzhmnaKjDqMnuRGNZmrl6p8gKM26KlWcYpIclQkPxy1pY1iFINxGH4YEGdAztpx1YhBkQNkQT492InrPA/PE5XFStP4WsKsLW72lhSVgH8D27S76yGihXyaVXXfd0VF5Fx/gUnbd7fph4Vi1VtFonhfK+ctHg==,iv:aQoC+pr7OoTyTT0FE4MbENfzfJ0Beq1Lsz9G1jnFQPs=,tag:JuYmfDP2foCVDH8CwfL4fQ==,type:str]",
"sops": { "sops": {
"age": [ "age": [
{ {
@ -11,8 +11,8 @@
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNeGtTZ0ZSV0trWlQrS2dV\nSFo0dytGYXhRTjl6cDZrUU0wZ1IybDVRaFZrCmZmRmxJNmdwS0xodHdEOGU4bldU\nR1JScHAvZHhlVTBJbWExb0VpR0h2MXMKLS0tIDYwQmZpMjdYRmpBeXFNOXArN0h5\nVGN1THljeCtVV0hXenMyRVJkMjlHNEEKm+yZTT48nYr3H0Bd1OKw/CYk1kwnrBzk\nTgSQHsGXhmOyDag9cSZ4wAOmqtqSjA9bouFBuhl2lSbgpjnarvFaXQ==\n-----END AGE ENCRYPTED FILE-----\n" "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNeGtTZ0ZSV0trWlQrS2dV\nSFo0dytGYXhRTjl6cDZrUU0wZ1IybDVRaFZrCmZmRmxJNmdwS0xodHdEOGU4bldU\nR1JScHAvZHhlVTBJbWExb0VpR0h2MXMKLS0tIDYwQmZpMjdYRmpBeXFNOXArN0h5\nVGN1THljeCtVV0hXenMyRVJkMjlHNEEKm+yZTT48nYr3H0Bd1OKw/CYk1kwnrBzk\nTgSQHsGXhmOyDag9cSZ4wAOmqtqSjA9bouFBuhl2lSbgpjnarvFaXQ==\n-----END AGE ENCRYPTED FILE-----\n"
} }
], ],
"lastmodified": "2025-11-09T23:29:33Z", "lastmodified": "2025-11-10T01:10:47Z",
"mac": "ENC[AES256_GCM,data:UU9a1Yg8Inmcht6gc2pTi3GpV945YAMdVN08Q2/yjg5850N3VhVcD0dsu/bn+4fOSvOiDtWzkoqq1PquRWJbfDjZJxl0aivU7UHN3st64nxIc/mKKZp7VwavMDTVDQScRlpaPZoC0zZ5CDQtBQisfY2AiDtfUVBKZLfuvI3Kjsc=,iv:RPcSwZHVlTo8laro1bCAaJT8KXXCtLHJk1iH4zaZbgk=,tag:qOhN4DNr+d1/34R6L78PLg==,type:str]", "mac": "ENC[AES256_GCM,data:2gKEGIYctY7g7mL7lay1T7XmxGdsRzz/dIC1p98zDTnIoBrq5mf5CV/FjAGi5jDsmEMoCSUTWFaT/0Wq3nmRC+OyjL3/Hsit+HJDBVbyf/mY+zs2UQd3KVYoxmpDeAJ1E9s8ygxEu5lJGzacWbJ9BggKUUnywXYfNg0fS7ntjUw=,iv:5xedOuJ3VFm4pEjXyVBM9Iwe5pK1dYP4nTRkk7exrvo=,tag:sEVygcLMqkI9CWQDjoaEqQ==,type:str]",
"pgp": [ "pgp": [
{ {
"created_at": "2025-08-24T23:36:17Z", "created_at": "2025-08-24T23:36:17Z",

4
install/installer-config.nix
View file

@ -95,7 +95,7 @@ in
environment.etc."issue".text = '' environment.etc."issue".text = ''
~SwarselSystems~ ~SwarselSystems~
IP of primary interface: \4 IP of primary interface: \4
These IPs were also found: \4{eth0} \4{eth1} \4{eth2} \4{eth3} \4{wlan0} These IPs were also found: \4{eth0} \4{eth1} \4{eth2} \4{eth3} \4{eth4} \4{eth5} \4{wlan0}
The Password for all users & root is 'setup'. The Password for all users & root is 'setup'.
Install the system remotely by running 'bootstrap -n <CONFIGURATION_NAME> -d <IP_FROM_ABOVE> ' on a machine with deployed secrets. Install the system remotely by running 'bootstrap -n <CONFIGURATION_NAME> -d <IP_FROM_ABOVE> ' on a machine with deployed secrets.
Alternatively, run 'swarsel-install -n <CONFIGURATION_NAME>' for a local install. For your convenience, an example call is in the bash history (press up on the keyboard to access). Alternatively, run 'swarsel-install -n <CONFIGURATION_NAME>' for a local install. For your convenience, an example call is in the bash history (press up on the keyboard to access).
@ -133,7 +133,7 @@ in
programs.bash.shellAliases = { programs.bash.shellAliases = {
"swarsel-install" = "nix run github:Swarsel/.dotfiles#swarsel-install --"; "swarsel-install" = "nix run github:Swarsel/.dotfiles#swarsel-install --";
"swarsel-net-manufacturer" = "lspci -nn | grep -i 'network\|ethernet'"; "swarsel-net-manufacturer" = "lspci -nn | grep -i 'network\\|ethernet'";
"swarsel-kernel-module" = "lspci -k -d"; "swarsel-kernel-module" = "lspci -k -d";
}; };

18
modules/home/common/kitty.nix
View file

@ -4,11 +4,25 @@
config = lib.mkIf config.swarselmodules.kitty { config = lib.mkIf config.swarselmodules.kitty {
programs.kitty = { programs.kitty = {
enable = true; enable = true;
keybindings = { }; keybindings =
let
bindWithModifier = lib.mapAttrs' (key: lib.nameValuePair ("ctrl+shift" + key));
in
bindWithModifier {
"page_up" = "scroll_page_up";
"up" = "scroll_page_up";
"page_down" = "scroll_page_down";
"down" = "scroll_page_down";
"w" = "no_op";
};
settings = { settings = {
scrollback_lines = 10000; cursor_blink_interval = 0;
disable_ligatures = "cursor";
enable_audio_bell = false; enable_audio_bell = false;
notify_on_cmd_finish = "always 20"; notify_on_cmd_finish = "always 20";
open_url_with = "xdg-open";
scrollback_lines = 100000;
scrollback_pager_history_size = 512;
}; };
}; };
}; };

40
modules/home/common/ssh.nix
View file

@ -1,4 +1,4 @@
{ lib, config, ... }: { lib, config, nixosConfig ? config, ... }:
{ {
options.swarselmodules.ssh = lib.mkEnableOption "ssh settings"; options.swarselmodules.ssh = lib.mkEnableOption "ssh settings";
config = lib.mkIf config.swarselmodules.ssh { config = lib.mkIf config.swarselmodules.ssh {
@ -22,43 +22,7 @@
controlPath = "~/.ssh/master-%r@%n:%p"; controlPath = "~/.ssh/master-%r@%n:%p";
controlPersist = "no"; controlPersist = "no";
}; };
"pfsense" = { } // nixosConfig.repo.secrets.common.ssh.hosts;
hostname = "192.168.1.1";
user = "root";
};
"bakery" = {
hostname = "192.168.1.136";
user = "root";
};
"dgx" = {
hostname = "192.168.48.200";
user = "swarsel";
};
"winters" = {
hostname = "192.168.178.24";
user = "root";
};
"minecraft" = {
hostname = "130.61.119.129";
user = "opc";
};
"milkywell" = {
hostname = "193.122.53.173";
user = "root";
};
"moonside" = {
hostname = "130.61.238.239";
user = "root";
};
"songdiver" = {
hostname = "89.168.100.65";
user = "ubuntu";
};
"pkv" = {
hostname = "46.232.248.161";
user = "root";
};
};
}; };
}; };
} }

134
modules/home/common/sway.nix
View file

@ -125,83 +125,83 @@ in
in in
lib.recursiveUpdate lib.recursiveUpdate
{ {
"${modifier}+q" = "kill";
"${modifier}+f" = "exec firefox";
"${modifier}+Shift+f" = "exec swaymsg fullscreen";
"${modifier}+Space" = "exec fuzzel";
"${modifier}+Shift+Space" = "floating toggle";
"${modifier}+e" = "exec emacsclient -nquc -a emacs -e \"(dashboard-open)\"";
"${modifier}+m" = "exec swaymsg workspace back_and_forth";
"${modifier}+a" = "exec swarselcheck -s";
"${modifier}+x" = "exec swarselcheck -k";
"${modifier}+d" = "exec swarselcheck -d";
"${modifier}+w" = "exec swarselcheck -e";
"${modifier}+Shift+t" = "exec opacitytoggle";
"${modifier}+Shift+F12" = "move scratchpad";
"${modifier}+F12" = "scratchpad show";
"${modifier}+Shift+c" = "exec qalculate-gtk";
"${modifier}+c" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-org-capture)'";
"${modifier}+t" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-org-agenda)'";
"${modifier}+Shift+m" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-mu4e)'";
"${modifier}+Shift+a" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-swarsel/open-calendar)'";
"${modifier}+p" = "exec pass-fuzzel";
"${modifier}+o" = "exec pass-fuzzel --otp";
"${modifier}+Shift+p" = "exec pass-fuzzel --type";
"${modifier}+Shift+o" = "exec pass-fuzzel --otp --type";
"${modifier}+Ctrl+p" = "exec 1password --quick-acces";
# "${modifier}+Escape" = "mode $exit";
"${modifier}+Shift+Escape" = "exec kitty -o confirm_os_window_close=0 btm";
"${modifier}+Escape" = "exec wlogout";
"${modifier}+h" = "exec hyprpicker | wl-copy";
"${modifier}+s" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png";
"${modifier}+Shift+s" = "exec slurp | grim -g - Pictures/Screenshots/$(date +'screenshot_%Y-%m-%d-%H%M%S.png')";
"${modifier}+Shift+v" = "exec wf-recorder -g '$(slurp -f %o -or)' -f ~/Videos/screenrecord_$(date +%Y-%m-%d-%H%M%S).mkv";
"${modifier}+1" = "workspace 1:";
"${modifier}+Shift+1" = "move container to workspace 1:";
"${modifier}+2" = "workspace 2:";
"${modifier}+Shift+2" = "move container to workspace 2:";
"${modifier}+3" = "workspace 3:";
"${modifier}+Shift+3" = "move container to workspace 3:";
"${modifier}+4" = "workspace 4:";
"${modifier}+Shift+4" = "move container to workspace 4:";
"${modifier}+5" = "workspace 5:";
"${modifier}+Shift+5" = "move container to workspace 5:";
"${modifier}+6" = "workspace 6:";
"${modifier}+Shift+6" = "move container to workspace 6:";
"${modifier}+7" = "workspace 7:";
"${modifier}+Shift+7" = "move container to workspace 7:";
"${modifier}+8" = "workspace 8:";
"${modifier}+Shift+8" = "move container to workspace 8:";
"${modifier}+9" = "workspace 9:";
"${modifier}+Shift+9" = "move container to workspace 9:";
"${modifier}+0" = "workspace 10:"; "${modifier}+0" = "workspace 10:";
"${modifier}+Shift+0" = "move container to workspace 10:"; "${modifier}+1" = "workspace 1:";
"${modifier}+Ctrl+m" = "workspace 11:M"; "${modifier}+2" = "workspace 2:";
"${modifier}+Ctrl+Shift+m" = "move container to workspace 11:M"; "${modifier}+3" = "workspace 3:";
"${modifier}+Ctrl+s" = "workspace 12:S"; "${modifier}+4" = "workspace 4:";
"${modifier}+Ctrl+Shift+s" = "move container to workspace 12:S"; "${modifier}+5" = "workspace 5:";
"${modifier}+Ctrl+e" = "workspace 13:E"; "${modifier}+6" = "workspace 6:";
"${modifier}+7" = "workspace 7:";
"${modifier}+8" = "workspace 8:";
"${modifier}+9" = "workspace 9:";
"${modifier}+Ctrl+Shift+c" = "reload";
"${modifier}+Ctrl+Shift+e" = "move container to workspace 13:E"; "${modifier}+Ctrl+Shift+e" = "move container to workspace 13:E";
"${modifier}+Ctrl+t" = "workspace 14:T";
"${modifier}+Ctrl+Shift+t" = "move container to workspace 14:T";
"${modifier}+Ctrl+l" = "workspace 15:L";
"${modifier}+Ctrl+Shift+l" = "move container to workspace 15:L";
"${modifier}+Ctrl+f" = "workspace 16:F";
"${modifier}+Ctrl+Shift+f" = "move container to workspace 16:F"; "${modifier}+Ctrl+Shift+f" = "move container to workspace 16:F";
"${modifier}+Left" = "focus left"; "${modifier}+Ctrl+Shift+l" = "move container to workspace 15:L";
"${modifier}+Right" = "focus right"; "${modifier}+Ctrl+Shift+m" = "move container to workspace 11:M";
"${modifier}+Ctrl+Shift+r" = "exec swarsel-displaypower";
"${modifier}+Ctrl+Shift+s" = "move container to workspace 12:S";
"${modifier}+Ctrl+Shift+t" = "move container to workspace 14:T";
"${modifier}+Ctrl+e" = "workspace 13:E";
"${modifier}+Ctrl+f" = "workspace 16:F";
"${modifier}+Ctrl+l" = "workspace 15:L";
"${modifier}+Ctrl+m" = "workspace 11:M";
"${modifier}+Ctrl+p" = "exec 1password --quick-acces";
"${modifier}+Ctrl+s" = "workspace 12:S";
"${modifier}+Ctrl+t" = "workspace 14:T";
"${modifier}+Down" = "focus down"; "${modifier}+Down" = "focus down";
"${modifier}+Up" = "focus up"; "${modifier}+Escape" = "exec wlogout";
"${modifier}+F12" = "scratchpad show";
"${modifier}+Left" = "focus left";
"${modifier}+Return" = "exec swarselzellij";
"${modifier}+Right" = "focus right";
"${modifier}+Shift+0" = "move container to workspace 10:";
"${modifier}+Shift+1" = "move container to workspace 1:";
"${modifier}+Shift+2" = "move container to workspace 2:";
"${modifier}+Shift+3" = "move container to workspace 3:";
"${modifier}+Shift+4" = "move container to workspace 4:";
"${modifier}+Shift+5" = "move container to workspace 5:";
"${modifier}+Shift+6" = "move container to workspace 6:";
"${modifier}+Shift+7" = "move container to workspace 7:";
"${modifier}+Shift+8" = "move container to workspace 8:";
"${modifier}+Shift+9" = "move container to workspace 9:";
"${modifier}+Shift+Down" = "move down 40px";
"${modifier}+Shift+Escape" = "exec kitty -o confirm_os_window_close=0 btm";
"${modifier}+Shift+F12" = "move scratchpad";
"${modifier}+Shift+Left" = "move left 40px"; "${modifier}+Shift+Left" = "move left 40px";
"${modifier}+Shift+Right" = "move right 40px"; "${modifier}+Shift+Right" = "move right 40px";
"${modifier}+Shift+Down" = "move down 40px"; "${modifier}+Shift+Space" = "floating toggle";
"${modifier}+Shift+Up" = "move up 40px"; "${modifier}+Shift+Up" = "move up 40px";
"${modifier}+Ctrl+Shift+c" = "reload"; "${modifier}+Shift+a" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-swarsel/open-calendar)'";
"${modifier}+Ctrl+Shift+r" = "exec swarsel-displaypower"; "${modifier}+Shift+c" = "exec qalculate-gtk";
"${modifier}+Shift+e" = "exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'"; "${modifier}+Shift+e" = "exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'";
"${modifier}+Shift+f" = "exec swaymsg fullscreen";
"${modifier}+Shift+m" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-mu4e)'";
"${modifier}+Shift+o" = "exec pass-fuzzel --otp --type";
"${modifier}+Shift+p" = "exec pass-fuzzel --type";
"${modifier}+Shift+s" = "exec slurp | grim -g - Pictures/Screenshots/$(date +'screenshot_%Y-%m-%d-%H%M%S.png')";
"${modifier}+Shift+t" = "exec opacitytoggle";
"${modifier}+Shift+v" = "exec wf-recorder -g '$(slurp -f %o -or)' -f ~/Videos/screenrecord_$(date +%Y-%m-%d-%H%M%S).mkv";
"${modifier}+Space" = "exec fuzzel";
"${modifier}+Up" = "focus up";
"${modifier}+a" = "exec swarselcheck -s";
"${modifier}+c" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-org-capture)'";
"${modifier}+d" = "exec swarselcheck -d";
"${modifier}+e" = "exec emacsclient -nquc -a emacs -e \"(dashboard-open)\"";
"${modifier}+f" = "exec firefox";
"${modifier}+h" = "exec hyprpicker | wl-copy";
"${modifier}+m" = "exec swaymsg workspace back_and_forth";
"${modifier}+o" = "exec pass-fuzzel --otp";
"${modifier}+p" = "exec pass-fuzzel";
"${modifier}+q" = "kill";
"${modifier}+r" = "mode resize"; "${modifier}+r" = "mode resize";
"${modifier}+s" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png";
"${modifier}+t" = "exec emacsclient -cF '((name . \"Emacs Popup Anchor\"))' -e '(prot-window-popup-org-agenda)'";
"${modifier}+w" = "exec swarselcheck -e";
"${modifier}+x" = "exec swarselcheck -k";
# "${modifier}+Escape" = "mode $exit";
# "${modifier}+Return" = "exec kitty"; # "${modifier}+Return" = "exec kitty";
"${modifier}+Return" = "exec swarselzellij";
"XF86AudioRaiseVolume" = "exec swayosd-client --output-volume raise"; "XF86AudioRaiseVolume" = "exec swayosd-client --output-volume raise";
"XF86AudioLowerVolume" = "exec swayosd-client --output-volume lower"; "XF86AudioLowerVolume" = "exec swayosd-client --output-volume lower";
"XF86AudioMute" = "exec swayosd-client --output-volume mute-toggle"; "XF86AudioMute" = "exec swayosd-client --output-volume mute-toggle";

1233
modules/home/common/zellij-keybinds.nix Normal file
View file

File diff suppressed because it is too large Load diff

53
modules/home/common/zellij.nix
View file

@ -5,6 +5,55 @@
programs.zellij = { programs.zellij = {
enable = true; enable = true;
enableZshIntegration = true; enableZshIntegration = true;
settings = {
pane_frames = false;
simplified_ui = false;
default_shell = "zsh";
copy_on_select = true;
on_force_close = "detach";
show_startup_tips = false;
support_kitty_keyboard_protocol = true;
default_layout = "swarsel";
layout_dir = "${config.home.homeDirectory}/.config/zellij/layouts";
theme_dir = "${config.home.homeDirectory}/.config/zellij/themes";
scrollback_lines_to_serialize = config.programs.kitty.settings.scrollback_lines;
session_serialization = true;
copy_command =
if pkgs.stdenv.hostPlatform.isLinux then
"wl-copy"
else if pkgs.stdenv.hostPlatform.isDarwin then
"pbcopy"
else
"";
ui.pane_frames = {
rounded_corners = true;
hide_session_name = true;
};
plugins = {
tab-bar.path = "tab-bar";
status-bar.path = "status-bar";
strider.path = "strider";
compact-bar.path = "compact-bar";
};
# configuration = {
# _props.location = "zellij:configuration";
# };
# filepicker = {
# _props.location = "zellij:strider";
# cwd = "/";
# };
# plugin-manager = {
# _props.location = "zellij:plugin-manager";
# };
# session-manager = {
# _props.location = "zellij:session-manager";
# };
# welcome-screen = {
# _props.location = "zellij:session-manager";
# welcome_screen = true;
# };
};
}; };
home.packages = with pkgs; [ home.packages = with pkgs; [
@ -12,8 +61,8 @@
]; ];
xdg.configFile = { xdg.configFile = {
"zellij/config.kdl".text = import "${self}/files/zellij/config.kdl.nix" { inherit config; }; # "zellij/config.kdl".text = import "${self}/files/zellij/config.kdl.nix" { inherit config; };
"zellij/layouts/default.kdl".text = import "${self}/files/zellij/layouts/default.kdl.nix" { inherit config pkgs; }; "zellij/layouts/swarsel.kdl".text = import "${self}/files/zellij/layouts/swarsel.kdl.nix" { inherit config pkgs; };
}; };
}; };

1
modules/home/common/zsh.nix
View file

@ -23,6 +23,7 @@ in
hg = "history | grep"; hg = "history | grep";
hmswitch = lib.mkIf (!isNixos) "${lib.getExe pkgs.home-manager} --flake ${flakePath}#$(hostname) switch |& nom"; hmswitch = lib.mkIf (!isNixos) "${lib.getExe pkgs.home-manager} --flake ${flakePath}#$(hostname) switch |& nom";
nswitch = lib.mkIf isNixos "cd ${flakePath}; swarsel-deploy $(hostname) switch; cd -;"; nswitch = lib.mkIf isNixos "cd ${flakePath}; swarsel-deploy $(hostname) switch; cd -;";
ntest = lib.mkIf isNixos "cd ${flakePath}; swarsel-deploy $(hostname) test; cd -;";
nboot = lib.mkIf isNixos "cd ${flakePath}; swarsel-deploy $(hostname) boot; cd -;"; nboot = lib.mkIf isNixos "cd ${flakePath}; swarsel-deploy $(hostname) boot; cd -;";
ndry = lib.mkIf isNixos "cd ${flakePath}; swarsel-deploy $(hostname) dry-activate; cd -;"; ndry = lib.mkIf isNixos "cd ${flakePath}; swarsel-deploy $(hostname) dry-activate; cd -;";
magit = "emacsclient -nc -e \"(magit-status)\""; magit = "emacsclient -nc -e \"(magit-status)\"";

17
modules/home/optional/work.nix
View file

@ -105,6 +105,23 @@ in
# }; # };
# }; # };
wayland.windowManager.sway =
let
inherit (nixosConfig.repo.secrets.local.work) user1 user1Long domain1 mailAddress;
in
{
config = {
keybindings =
let
inherit (config.wayland.windowManager.sway.config) modifier;
in
{
"${modifier}+Shift+d" = "exec ${pkgs.quickpass}/bin/quickpass work/adm/${user1}/${user1Long}@${domain1}";
"${modifier}+Shift+i" = "exec ${pkgs.quickpass}/bin/quickpass work/${mailAddress}";
};
};
};
stylix = { stylix = {
targets.firefox.profileNames = targets.firefox.profileNames =
let let

4
modules/nixos/common/globals.nix
View file

@ -13,10 +13,10 @@ let
}; };
subnetMask4 = mkOption { subnetMask4 = mkOption {
type = types.nullOr types.net.cidrv4; type = types.nullOr types.net.ipv4;
description = "The dotted decimal form of the subnet mask of this network"; description = "The dotted decimal form of the subnet mask of this network";
readOnly = true; readOnly = true;
default = lib.swarselsystems.cidrToSubnetMask netSubmod.cidrv4; default = lib.swarselsystems.cidrToSubnetMask netSubmod.config.cidrv4;
}; };
cidrv6 = mkOption { cidrv6 = mkOption {

1
modules/nixos/common/home-manager.nix
View file

@ -7,6 +7,7 @@
useUserPackages = true; useUserPackages = true;
verbose = true; verbose = true;
backupFileExtension = "hm-bak"; backupFileExtension = "hm-bak";
overwriteBackup = true;
users.${config.swarselsystems.mainUser}.imports = [ users.${config.swarselsystems.mainUser}.imports = [
inputs.nix-index-database.homeModules.nix-index inputs.nix-index-database.homeModules.nix-index
inputs.sops-nix.homeManagerModules.sops inputs.sops-nix.homeManagerModules.sops

88
modules/nixos/server/disk-encrypt.nix
View file

@ -1,34 +1,80 @@
{ self, lib, config, globals, ... }: { self, pkgs, lib, config, globals, minimal, ... }:
let let
localIp = globals.networks.home.hosts.${config.node.name}.ipv4; localIp = globals.networks.home.hosts.${config.node.name}.ipv4;
subnetMask = globals.networks.home.subnetMask4; subnetMask = globals.networks.home.subnetMask4;
gatewayIp = globals.hosts.${config.node.name}.defaultGateway4; gatewayIp = globals.hosts.${config.node.name}.defaultGateway4;
hostKeyPath = "/etc/secrets/initrd/ssh_host_ed25519_key";
in in
{ {
options.swarselmodules.server.diskEncryption = lib.mkEnableOption "enable disk encryption config"; options.swarselmodules.server.diskEncryption = lib.mkEnableOption "enable disk encryption config";
options.swarselsystems.networkKernelModules = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
};
config = lib.mkIf (config.swarselmodules.server.diskEncryption && config.swarselsystems.isCrypted) { config = lib.mkIf (config.swarselmodules.server.diskEncryption && config.swarselsystems.isCrypted) {
boot.kernelParams = lib.mkIf (!config.swarselsystems.isLaptop) [ "ip=${localIp}::${gatewayIp}:${subnetMask}:${config.networking.hostName}::none" ]; system.activationScripts.ensureInitrdHostkey = lib.mkIf (config.swarselprofiles.server || minimal) {
boot.initrd = { text = ''
availableKernelModules = [ "r8169" ]; [[ -e ${hostKeyPath} ]] || ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -N "" -f ${hostKeyPath}
network = { '';
enable = true; deps = [ "users" ];
udhcpc.enable = lib.mkIf config.swarselsystems.isLaptop true;
flushBeforeStage2 = true;
ssh = {
enable = true;
port = 22;
authorizedKeyFiles = [
(self + /secrets/keys/ssh/yubikey.pub)
(self + /secrets/keys/ssh/magicant.pub)
];
hostKeys = [ "/etc/secrets/initrd/ssh_host_ed25519_key" ];
};
postCommands = ''
echo 'cryptsetup-askpass || echo "Unlock was successful; exiting SSH session" && exit 1' >> /root/.profile
'';
};
}; };
environment.persistence."/persist" = lib.mkIf (config.swarselsystems.isImpermanence && (config.swarselprofiles.server || minimal)) {
files = [ hostKeyPath ];
};
boot = lib.mkIf (config.swarselprofiles.server || minimal) {
kernelParams = lib.mkIf (!config.swarselsystems.isLaptop) [
"ip=${localIp}::${gatewayIp}:${subnetMask}:${config.networking.hostName}::none"
];
initrd = {
availableKernelModules = config.swarselsystems.networkKernelModules;
network = {
enable = true;
udhcpc.enable = lib.mkIf config.swarselsystems.isLaptop true;
flushBeforeStage2 = true;
ssh = {
enable = true;
port = 2222; # avoid hostkey changed nag
authorizedKeyFiles = [
(self + /secrets/keys/ssh/yubikey.pub)
(self + /secrets/keys/ssh/magicant.pub)
];
hostKeys = [ hostKeyPath ];
};
# postCommands = ''
# echo 'cryptsetup-askpass || echo "Unlock was successful; exiting SSH session" && exit 1' >> /root/.profile
# '';
};
systemd = {
initrdBin = with pkgs; [
cryptsetup
];
services = {
unlock-luks = {
description = "Unlock LUKS encrypted root device";
wantedBy = [ "initrd.target" ];
after = [ "network-online.target" ];
before = [ "sysroot.mount" ];
path = [ "/bin" ];
# Configure how the service behaves
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
# The actual commands to unlock the drive
script = ''
echo "systemctl default >> /root/.profile"
'';
};
};
};
};
};
}; };
} }

39
modules/nixos/server/kanidm.nix
View file

@ -20,8 +20,18 @@ let
certBase = "/etc/ssl"; certBase = "/etc/ssl";
certsDir = "${certBase}/certs"; certsDir = "${certBase}/certs";
privateDir = "${certBase}/private"; privateDir = "${certBase}/private";
certPath = "${certsDir}/${serviceName}.crt"; certPathBase = "${certsDir}/${serviceName}.crt";
keyPath = "${privateDir}/${serviceName}.key"; certPath =
if config.swarselsystems.isImpermanence then
"/persist${certPathBase}"
else
"${certPathBase}";
keyPathBase = "${privateDir}/${serviceName}.key";
keyPath =
if config.swarselsystems.isImpermanence then
"/persist${keyPathBase}"
else
"${keyPathBase}";
in in
{ {
options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
@ -54,6 +64,16 @@ in
globals.services.${serviceName}.domain = serviceDomain; globals.services.${serviceName}.domain = serviceDomain;
environment.persistence."/persist" = lib.mkIf config.swarselsystems.isImpermanence {
files = [
certPathBase
keyPathBase
];
};
system.activationScripts."createPersistentStorageDirs" = lib.mkIf config.swarselsystems.isImpermanence {
deps = [ "generateSSLCert-${serviceName}" "users" "groups" ];
};
system.activationScripts."generateSSLCert-${serviceName}" = system.activationScripts."generateSSLCert-${serviceName}" =
let let
daysValid = 3650; daysValid = 3650;
@ -64,13 +84,15 @@ in
set -eu set -eu
${pkgs.coreutils}/bin/install -d -m 0755 ${certsDir} ${pkgs.coreutils}/bin/install -d -m 0755 ${certsDir}
${if config.swarselsystems.isImpermanence then "${pkgs.coreutils}/bin/install -d -m 0755 /persist${certsDir}" else ""}
${pkgs.coreutils}/bin/install -d -m 0750 ${privateDir} ${pkgs.coreutils}/bin/install -d -m 0750 ${privateDir}
${if config.swarselsystems.isImpermanence then "${pkgs.coreutils}/bin/install -d -m 0750 /persist${privateDir}" else ""}
need_gen=0 need_gen=0
if [ ! -f "${certPath}" ] || [ ! -f "${keyPath}" ]; then if [ ! -f "${certPathBase}" ] || [ ! -f "${keyPathBase}" ]; then
need_gen=1 need_gen=1
else else
enddate="$(${pkgs.openssl}/bin/openssl x509 -noout -enddate -in "${certPath}" | cut -d= -f2)" enddate="$(${pkgs.openssl}/bin/openssl x509 -noout -enddate -in "${certPathBase}" | cut -d= -f2)"
end_epoch="$(${pkgs.coreutils}/bin/date -d "$enddate" +%s)" end_epoch="$(${pkgs.coreutils}/bin/date -d "$enddate" +%s)"
now_epoch="$(${pkgs.coreutils}/bin/date +%s)" now_epoch="$(${pkgs.coreutils}/bin/date +%s)"
seconds_left=$(( end_epoch - now_epoch )) seconds_left=$(( end_epoch - now_epoch ))
@ -92,7 +114,10 @@ in
chown ${serviceUser}:${serviceGroup} "${certPath}" "${keyPath}" chown ${serviceUser}:${serviceGroup} "${certPath}" "${keyPath}"
fi fi
''; '';
deps = [ "etc" ]; deps = [
"etc"
(lib.mkIf config.swarselsystems.isImpermanence "specialfs")
];
}; };
services = { services = {
@ -103,9 +128,9 @@ in
domain = serviceDomain; domain = serviceDomain;
origin = "https://${serviceDomain}"; origin = "https://${serviceDomain}";
# tls_chain = config.sops.secrets.kanidm-self-signed-crt.path; # tls_chain = config.sops.secrets.kanidm-self-signed-crt.path;
tls_chain = certPath; tls_chain = certPathBase;
# tls_key = config.sops.secrets.kanidm-self-signed-key.path; # tls_key = config.sops.secrets.kanidm-self-signed-key.path;
tls_key = keyPath; tls_key = keyPathBase;
bindaddress = "0.0.0.0:${toString servicePort}"; bindaddress = "0.0.0.0:${toString servicePort}";
trust_x_forward_for = true; trust_x_forward_for = true;
}; };

2
modules/nixos/server/network.nix
View file

@ -15,7 +15,7 @@
networking = { networking = {
inherit (config.repo.secrets.local.networking) hostId; inherit (config.repo.secrets.local.networking) hostId;
hostName = config.node.name; hostName = config.node.name;
nftables.enable = lib.mkDefault true; nftables.enable = lib.mkDefault false;
enableIPv6 = lib.mkDefault true; enableIPv6 = lib.mkDefault true;
firewall = { firewall = {
enable = lib.mkDefault true; enable = lib.mkDefault true;

6
modules/nixos/server/nextcloud.nix
View file

@ -9,6 +9,8 @@ let
serviceName = "nextcloud"; serviceName = "nextcloud";
serviceDomain = config.repo.secrets.common.services.domains.${serviceName}; serviceDomain = config.repo.secrets.common.services.domains.${serviceName};
serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4; serviceAddress = globals.networks.home.hosts.${config.node.name}.ipv4;
nextcloudVersion = "32";
in in
{ {
options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
@ -29,7 +31,7 @@ in
trusted_proxies = [ "0.0.0.0" ]; trusted_proxies = [ "0.0.0.0" ];
overwriteprotocol = "https"; overwriteprotocol = "https";
}; };
package = pkgs.nextcloud31; package = pkgs."nextcloud${nextcloudVersion}";
hostName = serviceDomain; hostName = serviceDomain;
home = "/Vault/data/${serviceName}"; home = "/Vault/data/${serviceName}";
datadir = "/Vault/data/${serviceName}"; datadir = "/Vault/data/${serviceName}";
@ -37,7 +39,7 @@ in
configureRedis = true; configureRedis = true;
maxUploadSize = "4G"; maxUploadSize = "4G";
extraApps = { extraApps = {
inherit (pkgs.nextcloud31Packages.apps) mail calendar contacts cospend phonetrack polls tasks sociallogin; inherit (pkgs."nextcloud${nextcloudVersion}Packages".apps) mail calendar contacts cospend phonetrack polls tasks sociallogin;
}; };
extraAppsEnable = true; extraAppsEnable = true;
config = { config = {

97
modules/nixos/server/nginx.nix
View file

@ -3,9 +3,60 @@ let
inherit (config.repo.secrets.common) dnsProvider; inherit (config.repo.secrets.common) dnsProvider;
inherit (config.repo.secrets.common.mail) address3; inherit (config.repo.secrets.common.mail) address3;
serviceUser = "nginx";
serviceGroup = serviceUser;
sslBasePath = "/etc/ssl";
dhParamsPathBase = "${sslBasePath}/dhparams.pem";
dhParamsPath =
if config.swarselsystems.isImpermanence then
"/persist/${dhParamsPathBase}"
else
"${dhParamsPathBase}";
in in
{ {
options.swarselmodules.server.nginx = lib.mkEnableOption "enable nginx on server"; options.swarselmodules.server.nginx = lib.mkEnableOption "enable nginx on server";
options.services.nginx = {
recommendedSecurityHeaders = lib.mkEnableOption "additional security headers by default in each location block.";
virtualHosts = lib.mkOption {
type = lib.types.attrsOf (
lib.types.submodule {
options.locations = lib.mkOption {
type = lib.types.attrsOf (
lib.types.submodule (submod: {
options = {
recommendedSecurityHeaders = lib.mkOption {
type = lib.types.bool;
default = config.services.nginx.recommendedSecurityHeaders;
description = "Whether to add additional security headers to this location.";
};
X-Frame-Options = lib.mkOption {
type = lib.types.str;
default = "DENY";
description = "The value to use for X-Frame-Options";
};
};
config = lib.mkIf submod.config.recommendedSecurityHeaders {
extraConfig = lib.mkBefore ''
# Enable HTTP Strict Transport Security (HSTS)
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
# Minimize information leaked to other domains
add_header Referrer-Policy "origin-when-cross-origin";
add_header X-XSS-Protection "1; mode=block";
add_header X-Frame-Options "${submod.config.X-Frame-Options}";
add_header X-Content-Type-Options "nosniff";
'';
};
})
);
};
}
);
};
};
config = lib.mkIf config.swarselmodules.server.nginx { config = lib.mkIf config.swarselmodules.server.nginx {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
lego lego
@ -18,23 +69,67 @@ in
''; '';
}; };
users.groups.acme.members = [ "nginx" ];
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
defaults = { defaults = {
inherit dnsProvider; inherit dnsProvider;
email = address3; email = address3;
environmentFile = "${config.sops.templates."certs.secret".path}"; environmentFile = "${config.sops.templates."certs.secret".path}";
reloadServices = [ "nginx" ];
dnsPropagationCheck = true;
}; };
}; };
networking.firewall.allowedTCPPorts = [ 80 443 ];
environment.persistence."/persist" = lib.mkIf config.swarselsystems.isImpermanence {
files = [ dhParamsPathBase ];
};
services.nginx = { services.nginx = {
enable = true; enable = true;
user = serviceUser;
group = serviceGroup;
statusPage = true; statusPage = true;
recommendedProxySettings = true; recommendedProxySettings = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
recommendedOptimisation = true; recommendedOptimisation = true;
recommendedGzipSettings = true; recommendedGzipSettings = true;
# virtualHosts are defined in the respective sections recommendedBrotliSettings = true;
recommendedSecurityHeaders = true;
sslCiphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:!aNULL";
sslDhparam = dhParamsPathBase;
virtualHosts.fallback = {
default = true;
rejectSSL = true;
locations."/".extraConfig = ''
deny all;
'';
};
}; };
system.activationScripts."createPersistentStorageDirs" = lib.mkIf config.swarselsystems.isImpermanence {
deps = [ "generateDHParams" "users" "groups" ];
};
system.activationScripts."generateDHParams" =
{
text = ''
set -eu
${pkgs.coreutils}/bin/install -d -m 0755 ${sslBasePath}
${if config.swarselsystems.isImpermanence then "${pkgs.coreutils}/bin/install -d -m 0755 /persist${sslBasePath}" else ""}
if [ ! -f "${dhParamsPathBase}" ]; then
${pkgs.openssl}/bin/openssl dhparam -out ${dhParamsPath} 4096
chmod 0644 ${dhParamsPath}
chown ${serviceUser}:${serviceGroup} ${dhParamsPath}
fi
'';
deps = [
"etc"
(lib.mkIf config.swarselsystems.isImpermanence "specialfs")
];
};
}; };
} }

1
modules/nixos/server/settings.nix
View file

@ -16,6 +16,7 @@ in
environment.shellAliases = lib.recursiveUpdate environment.shellAliases = lib.recursiveUpdate
{ {
nswitch = "cd ${flakePath}; swarsel-deploy $(hostname) switch; cd -;"; nswitch = "cd ${flakePath}; swarsel-deploy $(hostname) switch; cd -;";
ntest = "cd ${flakePath}; swarsel-deploy $(hostname) test; cd -;";
nboot = "cd ${flakePath}; swarsel-deploy $(hostname) boot; cd -;"; nboot = "cd ${flakePath}; swarsel-deploy $(hostname) boot; cd -;";
ndry = "cd ${flakePath}; swarsel-deploy $(hostname) dry-activate; cd -;"; ndry = "cd ${flakePath}; swarsel-deploy $(hostname) dry-activate; cd -;";
} }

6
nix/globals.nix
View file

@ -1,5 +1,5 @@
# adapted from https://github.com/oddlama/nix-config/blob/main/nix/globals.nix # adapted from https://github.com/oddlama/nix-config/blob/main/nix/globals.nix
{ inputs, ... }: { self, inputs, ... }:
{ {
flake = { config, lib, ... }: flake = { config, lib, ... }:
{ {
@ -8,7 +8,8 @@
globalsSystem = lib.evalModules { globalsSystem = lib.evalModules {
prefix = [ "globals" ]; prefix = [ "globals" ];
specialArgs = { specialArgs = {
inherit lib; inherit (inputs.self.pkgs.x86_64-linux) lib; # fuck
# inherit (self.outputs) lib;
inherit inputs; inherit inputs;
inherit (config) nodes; inherit (config) nodes;
}; };
@ -54,6 +55,7 @@
inherit (globalsSystem.config.globals) inherit (globalsSystem.config.globals)
domains domains
services services
networks
hosts hosts
user user
root root

6
pkgs/quickpass/default.nix Normal file
View file

@ -0,0 +1,6 @@
{ self, name, writeShellApplication, libnotify, pass, wtype }:
writeShellApplication {
inherit name;
runtimeInputs = [ libnotify pass wtype ];
text = builtins.readFile "${self}/files/scripts/${name}.sh";
}

1
profiles/nixos/localserver/default.nix
View file

@ -4,6 +4,7 @@
config = lib.mkIf config.swarselprofiles.server { config = lib.mkIf config.swarselprofiles.server {
swarselmodules = { swarselmodules = {
general = lib.mkDefault true; general = lib.mkDefault true;
lanzaboote = lib.mkDefault true;
pii = lib.mkDefault true; pii = lib.mkDefault true;
home-manager = lib.mkDefault true; home-manager = lib.mkDefault true;
xserver = lib.mkDefault true; xserver = lib.mkDefault true;

121
secrets/certs/secrets.yaml
View file

@ -7,89 +7,98 @@ sops:
- recipient: age16lnmuuxfuxxtty3atnhut8wseppwnhp7rdhmxqd5tdvs9qnjffjq42sqyy - recipient: age16lnmuuxfuxxtty3atnhut8wseppwnhp7rdhmxqd5tdvs9qnjffjq42sqyy
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBieGlsd0NScm5WYldITTJ2 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrOE9rY2tmekF4blBrUEpH
cG9mcnBKSGo2eXlFaURNa2FxNkZ1MGNVTjJZCldROGZiWGp0dXlMc3cwbFh0cG5H TmM2a2ozUGNvaFpDWjYrelhEdGc1RUp3Q0RjCmloQldpdDdXUlV4eEt6YjF1V3lm
RDNPNUtWNFBlTG1lOUo5QVJMdncxYUEKLS0tIDNJKzc1WExlTW5ycTQyVFlXQVAz NUxTckR3STNNRmF1dHRqTmhNOWt5cmMKLS0tIDJjVFJZUlNXQzhjVWNLQVpjOTgw
cTRDK1h5Z3NjK0h1QnhNSm51YjA4VUkKUlshWYOQLs1z8AOsFvjfl+RJBvmJWU39 anhEbXNFblZpZ3hIVXNxcmhBcDRpK2MKb/Fh7QtHGBFttpzt1qSVE+1H6W2FYKXI
oVVvBEkCF6pw/yZp7Zp6ejLpVQojqT0JvLzSMA0tJBt9QvNmdTT1xQ== Uuly3uYxfvQXV/rtgXNP5nqtFe9rMAQYuLMgJ8SbUr7cczt57CX4VA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1hsumymvh5mkqlaynrp9lv2w696yk3wtjzlyfmrpeuvh9u2tlwceqh3563x
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZTFVPMElxenJwQVBwYUlr
WGZOUUx2NU84WnY2VWRBQllLR3Zub3d1ZEJFCkhubngxM2phTjdtVTR2ZFB3REc3
NDNJNHE2OVpFaWdFVVYwOWJRajRrSDQKLS0tIHBJL2ZoTURaSGhFWDdKQ2oxcnUv
S1J2VmRIYTNSd3lkUTRBWXhkR2o3aVkKknm9GBqyoPCZZbN+A0PkOVnBWAq18rqX
SnvvX4GYiSor9H+DtPHoRkg7P2eDi8c9ISkpnXReYcRjpw1mSqFE0Q==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1mjgw3nxlnqdj04mgjz3wn7fj2nl2nxla4p2r2fn4nkvayfgp09pqllxzyh - recipient: age1mjgw3nxlnqdj04mgjz3wn7fj2nl2nxla4p2r2fn4nkvayfgp09pqllxzyh
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtcEh3MGxWRGJPeEQvNGlh YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWV05lSmRvb1JRTW1jK1dR
bEc5T3ZRYkhkdkZFQy9zRHBNeksrRG56T1R3CjUxMUxhbDduRWo0N3FwaUYrUFpu VFFEdGEzbTRuQk10YVhoeVhVL1cwQ2ZYVFZVCjhNTHB3N0s0N3NBMkRMZWNsRzVE
S0t6bGdXYTZGMmcyeElXcDJ1Z3QzVGMKLS0tIGRUWG9GYi9vT3dzSFh1aFRKNWhH WVVZdkxBU0N2dnArY3BlYXRyUnI4QjgKLS0tIHFYai9BV0R0VTBKT0tjcDIrSUU1
M2pGTzR6T29tcVltS21RMkNCcFpPc0kKkXGoVCNU72f8efjJvtz7cbUpPcfVG3Dl dFlxNXJRMmdNclVMeHNNYWcxRHF4b3cK2Ql2NFSci/LJhIw3lNc+2EB7XzrLsJj/
puffE6poAyeevdSW5cAFGNgJMMWzyweUf5QvX0lu9i0CpuLFFTdacQ== gVHiXmF42v/vI59ZLuBZfY9tD53WfO4RFe89uh8gGh0JHly3DTS7nA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age16vzhcvz8tyxj8e0f47fy0z4p3dsg0ak4vl52ut3l07a0tz465cxslmhevl - recipient: age16vzhcvz8tyxj8e0f47fy0z4p3dsg0ak4vl52ut3l07a0tz465cxslmhevl
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByZzFNdmJpTDVFTlJPN3ZV YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwU21WTEh1cVhkSXhTNURU
cWNNaGE1bzNmbjQ0TUh3bVJXZm85R1hDOEh3Cm1GQmxsTWJxWWl5eDUvUk9DTkRP RWl0L3hFeVp1c3VJNDg5QnlHdHpLTFEzUUFFCkVkSVNLclhDZjB4amRSR25LSjhQ
L3pNVEovc2FLSFgxZHQ5L051VlptSlUKLS0tIHVUSUZsMm9SRE1INDExR3djMmR5 TG1vN3NoWFE1ZE4rSnNneUliVFV2K3cKLS0tIEx1Q0E5bG9TVk8vWS80cklZUmhU
dlJMc1ladVduUExXZVdHNlY4TU9UOHcKh9lzumXbRm2lkNPw39EQ990cNznX6Hj2 MHJqSis0TWJOcTk5MXBxWW5hanMyMXcKC6o2kKTVGho9t0QZGpG1ivd33iNmNu7F
s2dMmqHIbanQ0VCGW2Bwi542sII7qT4YW87EX+0LpUN+6bHKCR/YhQ== UTykT8tGY+rZJTGKBXRGbFXL9prXnnAhpeRywfiKq2d1MFhJwR2ing==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1zlnxraee6tddr07xn59mx5rdexw8qxryd53eqlsajasfhfy78fkq705dfg - recipient: age1zlnxraee6tddr07xn59mx5rdexw8qxryd53eqlsajasfhfy78fkq705dfg
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2cHpkZFBES3B0bGNUYjU3 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqbVN0MDgzcVdPNUYyTEFu
Yi9kTVNNNDNSTG4xK3NMMmxFSTd3VEJtdEVJCnFYengyY291ZFNyNE1hQ3ZVSDA1 cWNVVEduQ2NsTmxBelhKU2ZaK2g0TjN1U1VRClNmbXRxWjZmQW1jSkhtZ3loNFlj
SXVkNDdVUjRDNHorZGlOQWM3V1QzcUkKLS0tIDZmekswRXB3OWRDVi9icUw1ZVFs VHlreVA5K3kvV3Q3SWFEb3JoWkRjSFUKLS0tIFlaYmlTaTdFWE5HMjBzOHFkVEFQ
NytRZVZXTzhhRmZqeGxRZ1lQdVBYMzgKs8tR6IlB84pbS9/T4fixD43hDIrHeDIY UFlML3RpOEo4RTZEREplMFVTdm9QYzQK73riJYtOcy4Edzcf/BehAEhYPNNmMu/P
Bk0d64w2bkUJk7xKjxY+SNk9RHqLYmaHSudLVSlbSZ96exNBt/L9jA== wbnfg79Dz2vslu81s44uc08rQdYDyp2ByS64ov4AwjYnQ4t3Hs7SgQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1h72072slm2pthn9m2qwjsyy2dsazc6hz97kpzh4gksvv0r2jqecqul8w63 - recipient: age1h72072slm2pthn9m2qwjsyy2dsazc6hz97kpzh4gksvv0r2jqecqul8w63
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOaUFqYVFHcnM0ZllNYUR5 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzTVgzZHFISlFwMndON1Zy
a09mZVA0OWhNSnI0aUw5WFZlaHUzN2lRR0NvCkhaaUVSWUxuQU9qRHpSdTROSVJi VmRxWmUxdVhIU1dBb1FCNDFpeERQblBmNkNVCjBKalRSblFGREprZCtLaUV3bkJq
SS9YQTdtdzdWNnhRd2FSdFpVTHVvWlEKLS0tIGVkN3Q1UE9NSXZGWHRGRGwzZGRh L09OZzJjSzdkV0J3c3cxRmNqYXluNTgKLS0tIENvQzk4UGlIeVJZa2FBS3YxQ0o4
Ni8rbWRWSkdtc1BwdGlaVGlNZExBWWcKbHXUCrg7c1Ekq2bQs/m22TwBijcG+3WP aE5wcVpqRVFaUDZEbUR2ckZZUlpFbFkKF3QH10Qb+UNpRbM3JzVRCjJfz4J10aB5
vNp6a5V0wDgoDP49W4AodMarygePJzW/NgndlUXqIWuIbm6VFUEHRQ== a67zfK+4Nf1lqWMcTC72zOJo1b4OitkwOZPSHUwd37URLxA+b3F0+Q==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age18quey88vge7xytclg2nuq4ncme86dg04lxwczqxczmdchnjg3p0saehsnh - recipient: age18quey88vge7xytclg2nuq4ncme86dg04lxwczqxczmdchnjg3p0saehsnh
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLdlF3bzF4d004VS9NcHNH YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhbGFOOWpyOXY3dlpKeDgy
ZnBEa2xHd3ZUYW5NUlVGd2JxRGJPcW9lT2tRCnVSUWx4Z1g2U2pyNjhaWnVxdDEx cGVpY1dkamd2RU5qWm1MVzBEUXlqV1EwRlZ3CmFyUXJ6Y1lSNlFNNSswRUc5dTVx
SGtSNTdrMmtHeUtuL1lWQi9FUTZyZW8KLS0tIE1tNTdoOFdQV1p4MGNUYWtRQ0N5 T2xQQlhzbVAxS2c3RUpxVHVYelBEYUkKLS0tIHU1SUpoZi85WG1uMitUVmFkdG91
bFNpdm00MXJIMCtxelVIMXVtNG5XWlUKtkL3P6x2rafYSTCW5zv/54tgU20FYwhi bHRhZnBtUXZybm9VT2Y3TGhjbCtsSVEKfEo8jXw9wQdncX1gWev5xxz4s9XRMrX0
RFc5sZRkgXhoXw+zrKkhDc28Xn+Aby2pUth9ihs1ngVB8OUqAZbrXg== OampKe7MO30BsocF2blkgRQqJe8aZqFgZt0AvSBc7OyuI3mRZMPCBQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-07-05T11:01:02Z" lastmodified: "2025-07-05T11:01:02Z"
mac: ENC[AES256_GCM,data:XnLmZ65mZqoTHQfSKdvPVr+IGb1mb0nFRQLBiVPSyKfg9ABlqwsht3sykR+enDkmIk1urRewpKvPRr1YyLKAezHaE2I5CQdRwMViGTxbtN18SCqlKcL6CgGzC7UzAI8A2jVqB6D9swCx63TEOwnaWySBFnQuOog58R43rhxcJJc=,iv:U0ZMZZyuRJVAE0el0tRAdvHS7qtqU+z2kN78XEZOW2k=,tag:TrPIoG7cxLBDgG4vXJ5NiQ==,type:str] mac: ENC[AES256_GCM,data:XnLmZ65mZqoTHQfSKdvPVr+IGb1mb0nFRQLBiVPSyKfg9ABlqwsht3sykR+enDkmIk1urRewpKvPRr1YyLKAezHaE2I5CQdRwMViGTxbtN18SCqlKcL6CgGzC7UzAI8A2jVqB6D9swCx63TEOwnaWySBFnQuOog58R43rhxcJJc=,iv:U0ZMZZyuRJVAE0el0tRAdvHS7qtqU+z2kN78XEZOW2k=,tag:TrPIoG7cxLBDgG4vXJ5NiQ==,type:str]
pgp: pgp:
- created_at: "2025-07-10T23:51:25Z" - created_at: "2025-11-11T17:51:25Z"
enc: |- enc: |-
-----BEGIN PGP MESSAGE----- -----BEGIN PGP MESSAGE-----
hQIMAwDh3VI7VctTAQ//R2fMRdWshY0+/feMDAF7t/Z0YwwAT63gzfqKG8aKC3cf hQIMAwDh3VI7VctTAQ/+KEHJIsZn5VF+vGkqGoMmoqYcRQ+TVXeOIAA6ZM4G/VN1
skGJtXBZ4CFW/tK0J62nS0qUIYrkWokACJk72luYg61u1KX1wUaEEqnRcEzZsxQC 3AEcFmq3JQo/Bjvq0pl1IQbvCzT6bNprl3ADmXeqt9x8MOoc28Qx2AJcOmfT+Gzu
Ib6hYXyKl87WYv99QUDaItBBBoSd9BhiDCnWv5nrstZSDy+RwlIYPhQy9KgeDt0H AL2Y0zuJ54qXqgBfF+b/014Ek0fxMSPbUI8EuIPPMWuG+upQqhlcvxTr5usvO3qn
6pRnPEL3VU41AYt6YKl4yLBOjweftLwZkDgKyaJalwbLmFHWOvmvESL0kBj83hyX dfxt0R7ISwjA9pDYs3fBI+65M4eq0yrSyfsoKQLKsLRXSn3rO56vSS3jTHc3FwWD
Lw/XZlh9KUi+xEeYmHUCjO9xDgvJsMGTUY7m52U0W0faarzy59yYWnENROwm9jCK 0cOOrWNMdbSnAFeMsioG1sfH4LlzDG3MM96Ne49f9dv0Z9JmLFV18i85mzN75i0p
XoYDu903CtxqSybKJ2AtGHWx2cuOmTjsHPEefqmK7M3XsVpsHgvx1Jo1eQYO1mPI 4cmcMC6XrHasdLXcvfob42n1PMRArOpLppf0kk3UVvNcx3xVKmCp6S39LIR++763
ZiryTsN1YMYXUkgGfFePmqA9X2iC/meboCWPcRt8lUIfmWx7uMGsv+mGXT37lWyu wawC22oo6rz3aFRqVqGMudWub2DamsQrnb0IQjnRP249JLROw/cd/h1LaG02ZSP5
wYl9Y2x0qwfAOyg3wNdojE5t4rlr/XaQ+k8Ep1ud37pgXFryQtnNhwgtYuPVWiFK zSz/TmZ1FjgO6aT8oMUQyiDCEq8BfFO6i6SQLkXxw9pfy5kqX5OGh02xLceAzTYH
jnnUDCZrbsWbMmL88ZGYPNIcrBGAgmfYWzkWrU6fICYWIzJdgiWg91ANRHX9vnwG HCTZm/DRYZw7XimA0CTw51Jd5qy0t7vddcN1bjSy3uZH4CyFn0AsDLvHo6t7xTSr
5YjZHoHnBRMQg32MInjBJrm/4r38DFQBm67bI1Ol6RMDp/wD5hLrbC6gnq0hGRJt hZKR8ICbUUDOIi5hLskqFvtSUYIBJoH8NwcMyPukK+ZrrLOwSMWa3qB7r3NodXd0
GzsRPphwrecifIBtck5/vs/f134Y+6BIADJHNEHTA/LnJC8K1VYRW5aBiFvyUWqF NsxxFT9GiQAtD46SgATLhgHCmP5L8DlVvWv3zyYpim7VxoLW8T5s6yOkURAHWlOF
AgwDC9FRLmchgYQBEADKxwFZHBejt2dr2w83XZcLCV/0Mf64DOk7I16VKZ5gBNXA AgwDC9FRLmchgYQBD/9NR8LjoQkd95Qrff2NN7wU5a2QD/dSkQgLAkjWnJ+S14TU
4N4W8Q/of2/EH1a8eZ5A8DZPkVZMavdXkQnww8+if6yx0e4moBusUAzeKP0XtY7T zHdZPp/lorQw5pXanndDRMElZdFrfL7CKI4e4Dd3oPdOpRW9+8/7iyDrW1Pcsgz6
ABUueS7B9Ou3yhdVynpOfmU+EBwQXEuYhVsOlWUJGpfESoOBRyQv12P7ToOS4pz+ H2qAEMjLESdWswxbS8uEdX6UzYUBv3+BamedgbBj95qPtPnTaQvGCUL+kpBb7YTm
panGeOMo5tzU/8vfkbRIF+9WWKPy/JfsufXGNQkdErgnTAdRCUegPO8kVpwZ5hE/ +Fo1tlC5fZ6jr/V3qacNeG8nFDLm1GvhWOtqNW16Dt4z3RaYBtYF7ElMXRMq11iT
7IGtddUUnwC+kIlkv4N4eM9QabjWmU70L+THveJ4q7JJCmsimYPocbikVhPK7pb0 iFMT512SN7/e8dd1jDcFg6Cw4NkU7o+6bA+gs/P7ksAJxyUqAn9elhKYSrNeSDnD
mqU9hUMxJbBq6sPjLIq4QaSkSSipbiUUdZjoWuKuIbMjm6M7oWR2uGfQO3d5R+VZ Vtb92/kFO5dc3CrD1F24FyD1Xe6sgqETFL6OilvEGQ/wYJ/AXu84q0ch23f0Tksm
3N3xkWPVnzoChq3zB35gkF6RniMhFMCjhYOPidYQ8QH68zN7pe3YzE0HkXgirjs1 kk6ZpQLd7QKgow5pLwnAbpFBS1P5cemPY6gvmUAtgYJrGLIxxtk44SVhlQeSX3lq
Zux8KlR/Vmh7wQjzWEfv3yK7Rjj8ePt4cdAfozFf7YMUPQWSr+BJ+1CVfI3X5Gb0 eEJT4lZTu8gzQLTnDiZWJpVTnppZhMqXV2LsWAFU2XRHpuCnAuT0HmNFbaqzzC3r
RrWwJm59MicK7mONCDB59LMKUYciQc9JGlpl6oSkbdsy49OToPtuShsoBN/nmgVE tWa5lZRjgzs5e+zxsRhz+OfwwtJMWZw9OAmIQiRWeitZpk0XMYGraQce2ohPQlSQ
yU8BWhJt02KFLKvs+v+HXuxXgrUfl1zNAtzH0PrB40nuyoCFuvomUExCJiTTEMgs RFarR7EDDevuvRnLmbhhK73of6v8Wb0J/40gZZIWVLRT1LcNBz9ueBsHwPTvvCe5
YBwXdecgwcRta0/Q368DZqJzxiiYIy5xlZxFFMkA62JfJLUFy9/Suy+mReWBLdJc FFELdJcxYfIGaCINU6uwvNulS/47f1rpyCtoegNtSvzGtmc+/r2RR8emd8lMS9Jc
Acr8AJq92TiCmHED4Rc78SaFDYjJYfvc6JLJDHxU0r2ucoMwKAR15gDDOaARt3B5 AYmI7h6C5XznEGGVtIoAkW44WhIm+Y08tbJoMevp6aRADTnEC6CY1cH3H1ZQbdp0
Af7fxGWQ40sY56YgjgpBRaoXYDySuQ9Ylegd33hUzEOfOqKHFNAE+aH54QM= YeN6qE3d91gmxW25hsStr8Mcy0JPIflt3kxcWeASpgJnbkOgxtgxhMqYAqc=
=Enyz =R1dw
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: 4BE7925262289B476DBBC17B76FD3810215AE097 fp: 4BE7925262289B476DBBC17B76FD3810215AE097
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted

131
secrets/general/secrets.yaml
View file

@ -34,98 +34,107 @@ sops:
- recipient: age1h72072slm2pthn9m2qwjsyy2dsazc6hz97kpzh4gksvv0r2jqecqul8w63 - recipient: age1h72072slm2pthn9m2qwjsyy2dsazc6hz97kpzh4gksvv0r2jqecqul8w63
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhU2M0UFVMOXFONzN5WVU5 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQNU8xU0tHWVJOYjR1UVpz
TExjNEkxbnhEOWJPemtqcW92WDVJTXlNRDNBCnVoMTFreXBZVjdFMWpxUzZhaU5j THlRK0FvYisyR3NqTVk1QUlhQVJGbTJROTJBCjVMQThqK3cvUGZlcU5WOEJncnM4
d0xZYUQxdUx4ZFZteHlsM2pJZXZQQ28KLS0tIEJjdjlHdklmalRUUGhLSEFDTmkx ZlcrQmdCVTZsT0t0ODhJUG4vY0JlWGMKLS0tIGpQY3hqdDA5bkhOU2I0UGVHaU5F
cjZNZnRVSmcxNnFCRzgrWnhOMlYzc2sKK13rGMFVsXQkNERYQLrhgYHbDn0jPYbl T2pYcDRMczh3c1B6cmNFMXRYM21Ea28K6An8G4+/mwC7SNYyV3cpx1AQuUsO3uKh
H1pQPZdWw+LXw1Z+Y9nj74KTPPLnPckVTwETUfvs9EFkcFIyhzGK6w== EG6oyvwcLbbqAdHkKLiDdD2bG/NNp+f9xycNyG2AH/8T6kl0fQN2gg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1hsumymvh5mkqlaynrp9lv2w696yk3wtjzlyfmrpeuvh9u2tlwceqh3563x
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1djB6aDJRdW5zdjMrMnhJ
YmF2WncrazVUMWNaNXBWU2Y0TVh2S1VpbmtZCjdXQmM0RzVJK1ZNSlhwd2NvSHFO
UmlXZEZWRzJnSGJtdFFUQVd2aytNU00KLS0tIFhwQWQ1MnBVZllzb0VyQzJMRm9Z
Qk5XdXUrcloxelBlVlJuMmpJZ2liK28KNt0EMbRBErf1GExZ7QBnrvwRKozNaHQF
MeFiEuIRAS4vSUHz2dHo7/iyub7D//qXKt4vD6DURfCHhhoGUF1Qdg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1mjgw3nxlnqdj04mgjz3wn7fj2nl2nxla4p2r2fn4nkvayfgp09pqllxzyh - recipient: age1mjgw3nxlnqdj04mgjz3wn7fj2nl2nxla4p2r2fn4nkvayfgp09pqllxzyh
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWM01DeFcvQjM2bW5DcFM4 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYWm15SitONndOZkVDekNl
YzF5TTlURkxRYVdVbjdReG9LbUdYNjMwMFNBCmZJckdBM1YyZEFDT2RhT3g5bHJo ajhTQXljdllXaEJ3RVdQRm5sdFJnV0VpQ0E4Ck9nTEVSYmNDK1RUbnU0TkFabnEz
eVVISmhqQUZJTm1WQjNvOUE5MytiTU0KLS0tIEwrVGFwVEE2ODQwb2RyNzdselJa aHVxcTNqUGJ3cDkybHllSmRPVW9Fa2cKLS0tIDgyZjZnV3hWS3phUG1RMjU1Lzlr
b2tiTzZCcHB1NVJWS3Z6VTdMelcvTlEKdW6kkCiI1YhV7Da6SrCQxP0zdUc2ICSC QWZLTUV2ZVJlRXBrN3ZXZFRBaGtabE0Kgcy7XL1iCLifYHxydg29tIyPYUQ7hgd9
voGlNOnPb5iACvgLnX/a6EBKKO7PScKIFAzsWROC9MlLoF7ERnZdSA== c589DNlukEn+i1J4pBkiLDnTUxDOEsUv2VJlGTRrdbFsfjU7PdvG6g==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age16vzhcvz8tyxj8e0f47fy0z4p3dsg0ak4vl52ut3l07a0tz465cxslmhevl - recipient: age16vzhcvz8tyxj8e0f47fy0z4p3dsg0ak4vl52ut3l07a0tz465cxslmhevl
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNNnF1N25qMUkyL0N1RSt4 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxeGt6Nkd1TWhLc2FpZXM5
ZlRPVGpsY2hkbWZKREg4cU92Y2MwM0twaXdJCmJwTWl2NjlETXJ6WFNwN2JpT3Fm cEhDUWVNU0xSWjZlZFdsb3FmbGQyUVV1MGp3CmNUcG14UXpyLytNRFFVRWw5b09n
WjRqVlc4SW9DejV0Q0JGNkJpQm1NOGMKLS0tIHpQRGc5eHQ3bHFnRzBNRGx0ckFV ZU0wMDcxZVJENWdlcVpEQU9Mdnlkd1EKLS0tIGxHSTBXWi9EQkNYL3p6NGJvU2Zo
czdKU1p0WXQ0enRyWXpaT0k2NHBzZkEKqLRezUd0z2PF0wakJe39NAz/MkpXIRAl cVRHeVJXTVIvaW85Skh0Ym5vRjllaFkKhuQpyhqyTz2eoQ0Mxt0/CaNHgaksrdbH
hvIqWsWyXHUU4a+mXwX8XWgs/uejuyXmHa7TgavqkHs9s4/p+KtNnw== rBDEw0U0eXX54oQkqNZD/HUosmLO4f2EZKMhBnFaZ8LvaOV6jM9Mpw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1zlnxraee6tddr07xn59mx5rdexw8qxryd53eqlsajasfhfy78fkq705dfg - recipient: age1zlnxraee6tddr07xn59mx5rdexw8qxryd53eqlsajasfhfy78fkq705dfg
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtWTFhTlMyVkZpeFRqaG4y YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyM3hLYnNMVS80R08xbm1s
RDBhMEtpSXYyMGFnN3pkVGljSGN6MVlTaFMwCjlJd1UwbXVDT2M2R0hsQStqeEQ1 YklvK05mc255bUNjc1RYbmlOblo4cXcwRTBnCnVabFR4UFpDNSs2UUNoRUpYZ1dJ
YmNTNjdTRkU5aDZZd01DYjNaOWhKMFEKLS0tIFFKS1dXc2ZjVWlRR2ppSDRaRHRJ d2xZRlhMNGM2M2RzTEwveWh4NmRSVWMKLS0tIFZTeGY4MzFxMWppOFlseFZWcG5D
cGwzMUFNTHZzcjZVTFNCcmp6VmdFNDQKNVeV1BGVuaUbSHHBOZzb/RJP4umX45RR RkUrdDJTNmNhQkFzWTRKbnM2OElDbW8KXITNQ+SKRxIBHh8vgqq+d0u3oLejr6mP
14RInoF9i1ByEzY6KS2nyP83EQzbAgfdaUkPKkIpzytj+3gvlnI/RQ== OxhLohXXPXi7r2KTVTVjCu5fbDyVix/L604LvJE623ALl0pmyQq9XA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age16lnmuuxfuxxtty3atnhut8wseppwnhp7rdhmxqd5tdvs9qnjffjq42sqyy - recipient: age16lnmuuxfuxxtty3atnhut8wseppwnhp7rdhmxqd5tdvs9qnjffjq42sqyy
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiWk81ZXFRQnRnMjhVZmZL YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLTHVXQXRGZnl0QUEzQ00r
N1p0eTRSQWt5akJ2ZjZid2VUNW1ndFNWeFQ4CjBlZndkV0pKeFpZUjlzdHJsQTlR cGpaS0RpYnVHVjg4cGNTdzBTMXFvTkUya3lnCmlJai8ySUxONXNnWW9BR0tKMDdr
VXE1K0p3TlhJdkdPMFRTL29BaUd5bmMKLS0tIDVlS0FmRUFjTTBpd3pGRVZMbWxF RHVLTUYxY1FMSjFnaFdZSy9nekV1dWsKLS0tIEFuL3FTQ0xNOHJsSHlzR3VFT0FK
cjlaR0xvUmZvdlFlZlFwam5IU1hYZ2MKOMW/ZsXOLtYnYCVf0JIxlfXNTDjSuscn RE05ODd5bnFkVzlXVXlBU0FZa01nNzAKzjfkwKN4mC04r+AMNPTIt/lSMUuL/OD0
l1p2HspWo7J1RfJbOQgScy6rmUB/9HRMHlnwpnjgOYWE4EmuKcMYSA== MGtqjZFB6vGrcqV/t0EbkZfxCqfmUeTDZgwWM2r6zhihb6Y9vTjHTA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1glge4e97vgqzh332mqs5990vteezu2m8k4wq3z35jk0q8czw3gks2d7a3h - recipient: age1glge4e97vgqzh332mqs5990vteezu2m8k4wq3z35jk0q8czw3gks2d7a3h
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArOUhETXZpTWs5dWw1VVhX YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGRmpKaWM5dVNDWDJLOUlj
Zi85OU9PekJQSHBIbHpNMVh6b2doa0wvSHc0CitvanJBOFgwb3V1TEpjQ2xXa2Fq bGZiUzNWMkFkT3IzNUtqZmt6ZW5WSDVyUlUwCkx6aFIxTnNnd1N5ZkZDYldmTndX
UGtzdTB1OEwxSWJKVkZJWjBDV2MwMncKLS0tIERpTlE1cWRaemZFZDAvcGx6QTNK T0g2Yy9tVVpHQ3FYY2RtVmhjSS83TUEKLS0tIFNTT0JUbVBqNDVvWnAyaVRhcllj
amtUQkgvTEJFblFUWTE0RWg1cUVUbmsKx35Yu+wpJwlVd2JrXCT/qybmLjCmT+/0 ZjNtSU5iYVpXQXA4QUU1YjBCU2xKaFEK+cANW7VGs7HQTmMDEY2oLG6pSBnBLFXn
v99LzVDWiiAPx8ryU2FeAZ/umDDIQfkzyLbi2f460ATKZhVfqhNDDw== /PpoqzxNVovh7ghFRduDcHWuJI+DBtn1axmSXF/K22WO6LG59/hr5A==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age18quey88vge7xytclg2nuq4ncme86dg04lxwczqxczmdchnjg3p0saehsnh - recipient: age18quey88vge7xytclg2nuq4ncme86dg04lxwczqxczmdchnjg3p0saehsnh
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBycEx1eUR0TnRVL0tsN1lV YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2QTlyeDBGa1hNek5aWnlr
amN2M0VlUHVpNjJvM0x3UVVhUzY5QTRObG5VCndkblVGdExHZDBMbVZmU3J4K2JI RzlWN2dDaU9IeXovb1BGTXR1RG1ZUVdwTUVvCkRuVXFnYWpOakZYamZtdDNMRjQ0
dHZoVDZHTHJldTFLMDdlMUFTNGtjbEUKLS0tIExKVVd1UGtvelRsQldnMTBXTll3 ajU0VmtraEplbDU0ajZyT2psWVBrVlEKLS0tIEhXa2F6RFlsQnc5ejZETVBvOFYz
SjV6L3crUkdLWTlsNFgyRHBla2FFam8KILYsNbLdCirfoC/Vex8yEYpS2G4O0EQP Wlo1WFlvZFJXZWZBVkh6UUpCRmVESFkKqbuLxX706LssJTNyvg0ghDjyJaVuYfgJ
wa1xzPk3Ue0/g67dv5UZFhUn0ZB2XGFC3kEPWpptTj0VL+9Z/r0zKA== X1OJbbBvHerqvOmk03biU93oo6PygdAAgkPFI7JnxvQP1U4IH45Esw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-11-03T15:12:52Z" lastmodified: "2025-11-03T15:12:52Z"
mac: ENC[AES256_GCM,data:86AWnB2q5xv/JIyomkJOkZh4r2tj18rmNb02JINokmBv4/eRmej/sQIBeSbCj9cJhtKewECwVk8QKtwTu2sWB/hPjtxb8qnWD7MhNs7qmHOYAeYlAON4w7abcLxt0VFMKa7gd0c28qTHOkaWsLy6gDaIB/5x468FIYqsbfIiL9U=,iv:BDiKNHKTHPazwoM6bVoCf2kb/eNrJS9zy4yj3+PFdlY=,tag:6ZFtZZHvzdWp2EhOV3S7xQ==,type:str] mac: ENC[AES256_GCM,data:86AWnB2q5xv/JIyomkJOkZh4r2tj18rmNb02JINokmBv4/eRmej/sQIBeSbCj9cJhtKewECwVk8QKtwTu2sWB/hPjtxb8qnWD7MhNs7qmHOYAeYlAON4w7abcLxt0VFMKa7gd0c28qTHOkaWsLy6gDaIB/5x468FIYqsbfIiL9U=,iv:BDiKNHKTHPazwoM6bVoCf2kb/eNrJS9zy4yj3+PFdlY=,tag:6ZFtZZHvzdWp2EhOV3S7xQ==,type:str]
pgp: pgp:
- created_at: "2025-07-10T23:51:26Z" - created_at: "2025-11-11T17:51:26Z"
enc: |- enc: |-
-----BEGIN PGP MESSAGE----- -----BEGIN PGP MESSAGE-----
hQIMAwDh3VI7VctTAQ/+OG92tnH/dwXLTdqlvN6sEPREG/oZTLGvjPiM0Ipqyrcz hQIMAwDh3VI7VctTARAAzM9wzRQI9IYBz9sXGG1YKIojcuhi3UnZNjOwRQeJbSsw
rgTrso9MjBf0xZkxjH49CWqBpTBoOsxopdSU2cvte2IdQEQCgCJcqff3okBsT/Cm OMPY/e84m668uFaGUwOPwFkYikBCaPF3OmzNhMDqxHPUbFJN/6UA8ntLuugHrhs9
3yz10DNTdI17cc2tLFJtvcWubf+amRXTM8IbDozkc4ttuhCbCRcFMaJ0NTVMz+rV brpt52yYvo69znaR8iYXw/S0mL4rfLnHkc8p69RkBCk/4FrA/Jj/KImcFxZ8GDcf
pff9UQWGmAWBKK/u26prf6NeCU2C/v3vLAxAxVjuPBxNpXFZEuu88DdE0lIMy1rO G5dfaEmJCRfZGeyr1D7RVJ0gs3LQT9M8c9Qm/ShRQQqVlEko4rjsOmqOt6eapSuQ
ZAsYz7O6/flf3qbl74HXhNUhWwDTUJtU0beGSv/sziAPSEV0lpScZbq5HdFvNUk6 KnlsEtYS5yZOFoBtabmlTiFgdC8vaHQ+oxI98phdRkc0xDpqZetMMVlgonbewur8
rH8Tf1IdV6n0lvDqVdnY7XbmXlF0neSLJedWf6eAmcvnedCTVzMGSNAIVhiW9Y2f nVZPb+wxULeltkIIleWQx2E0D9RBi5Xu+L+vXj7jJYwUNajqama/N+1wB7DsiBeu
IURsyK8NXnZTw2G5J4BOwx082Z1wroH0cJgQz1IcfU/I78DUaysH87mYfUQAGPV7 cdPjLyRcXPD5pE2qi24X1nzBiWdjef0tkJiH07MQtXA4r3PLtX8a3cCvVsecoT4D
cLICS/2n+olgkC9nAz9ZQO7+98Ylk1n4EKkhW2hzR5av8LSu5rs9uTkO1KWz5mTT 0oK8dGumaXSj8NkYB/kP47hOleSYzNGWPR4iMiXYNJHhUw0Otr0GFSfjVo7s7KBi
QjsWNlD8+1OvEFxELJtdMLnTpMTZqPouwRhDhJLoh6to2/HT48xCpUu4sMyj1AY+ 6WO6tWE2VLVuolABEKQPF4sadF1fXxcv9artuzUX9MZquOvsOvEgkQnYzGIY9hio
ECGsXzNbfb6dlAvuloNq9DoEP3nP4KJ6DKv7gnsbS1WVT6LoG9Yg6s00YnWiMomd 2X8nyLxORpwPFmPcZ5WeVyaZ04CiM9nTiflFgt5X/rX1Mf3sKa0NkrhO3+k7lx1j
0ByLH5KZdlBkZFV0K/WGWpj3c3H0IIM32+w2yYSCVQEY8UeSTQ54bI0ao+ISPLCF GjWvgiuCkgLYt0fLgyYVEj/N8jHjcCejVEsiwAoP/apvEgFylgI+YwyXOJXXz0qF
AgwDC9FRLmchgYQBEAC2x72z23cpRyfiQD32Pzb4cDheSawiXSolOZMAExsRDmYl AgsDC9FRLmchgYQBD/jvs1GaGr52Qu1TP7IXqg353G3yZDPoPmQhdkiOKLFe5wXD
IhMyMOwWmetg4HOwfGhq1PuM7t1k7maVa8ulWQcmD7eSmehiaMzYpA/gctf8GFQ6 PaqNUNOQG4qwffuPBSfyw5XHYZN1v0SCwrNpQ24DFnT5XjVTboYl+DN4bWStrSE+
4mmQ1siBC1qArfMgFgd9yS126NUGqXAWsrnptnlIbYuY/OsiS7W2JKLQUcx8TZqx ZpGUy+PxvSgKY8lbvGi0+RX1NW32Gwz1cuPNQRnwS/jwCFrxgk1aCnK5+USAmNfi
6NC2zIi5+h+ZbRugpz4ZG8OjFnUwbLdZeDJ1M6i/TVuDJjGC1JkEePjY3IvcmB7P R5+ex+Ij6+EEiMRpvNdN2ViCP2PfFMLYOR4pjvLL7i1XSPLhGxORcCyIKw8RAi+J
QTzGCsYKwYSeUuAKel9ueqvznNqACQ78/NC/mYy8xTMiyjnhOqOFvmlHLZLy8cFs I/qP7IubG1XTsS7gm0D4Rf4eYOy9O3Qi/g+GOk8mxCXaym7hQmCcM5H+m4R85Zxy
m0eLlEfQycwGOIPZa7xo98AZ0Ohvykqy8SBcp6JSEoWcXi//lLfG2z5agfd7bEUP EIXKGQhs2UB7JD47SJ1iY3FBFzq3jpn0wPq6piy4lJVR/+r9Zd99EcWOEjuoavE/
X0rOKwmFL1l3w1sAUzmKTa29G8b2+rrCoKCHyByDQXyhgLa3aCx7tKS1iNwGdXmc 24q+Z3OB864Fks9hVl8herQbV4oGqHTQJr9Y5ScnS+7RuAV6Cy7d0nEaj/H4jBxN
emvV15+jf/xQ8FrDDZFJGRuCVyuCGphEN8VxFR2BWRjEHEsy9gRMaJlo8gIw54Oe fKpFGAJ3LkwxKfAwxximTq2lgHBtCyMably7XBc3D0Cyb1lyG5mss3tWNXRNkckL
ciMEBRjT+3l9B4Qipvm8V+okrdHQ56k9AbpbsAnpyHQ6A8AN7oJ19uzBq1nzRU9p yg9I64lKdEQz2Fp7qs8JDWmbhUl6eyDtGX+4KKW7lsFTbi4kvo/FgtW6m6xaP57k
yE4lKNIjOIJmghvUcL8jwld6+w6iMkk7Ss0ClavTA06hWld6mDoRvfrQl+t4nogT PPOJlfDHOqZy7GR+hvaHBIgFkhvqIvJjARK5OaDyP19NMtA7qNJOwParSikkTeXl
xypUidp/KtILrorNEVwaCsuXrqe5AspOcr8SqA77t9+Yj6b9x8gdJNZwvcMIB9Je XgkZGnh3ID3EJ5V9vMIYqrhhjDU5Qb/avytjEoef8GYmPb8bWd0sVODEL59T0l4B
AXC4iun4BpIMdbg2beONi0Iwq+IeYOTdvpo8HKk1qrQCN4zHGaO6iZLrDFqN01DA u4ahb81JM4JVo+p1P+W+0gXA8uUgP9pJ7lWjNCV+oL5RWTJRaTzSwa8ywj5HjLdH
IyppFwRhJ60d5TjKweEn03KAT9oVsjN4nwpazd4JkLANXrxXX2wDYOVlnfYyng== +M50prEhcMiDupwZXU2prEKrCIWUGpeaHK3DIJmWhbO8Hh8OCXeQ+EFfxB+Z
=jNoq =s+4A
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: 4BE7925262289B476DBBC17B76FD3810215AE097 fp: 4BE7925262289B476DBBC17B76FD3810215AE097
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted

6
secrets/repo/pii.nix.enc
View file

File diff suppressed because one or more lines are too long