cadey
/
nixos-configs
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: cadey:main
Branches Tags
cadey:main
cadey:lufta
..
compare: cadey:lufta
Branches Tags
cadey:main
cadey:lufta

1 Commits
main ... lufta

Author SHA1 Message Date
Cadey Ratio 12d499bcc7 first attempt 
Signed-off-by: Xe <me@christine.website>
 2023-01-01 16:51:47 -05:00
85 changed files with 2183 additions and 1827 deletions
Show Stats Expand all files Collapse all files

1
.gitignore vendored
View File

@ -1,3 +1,2 @@
result
.direnv
hosts/lufta/secret

4
README.md
View File

@ -1,4 +0,0 @@
# nixos-configs
My new nixos configs repo for flakes. Will eventually be at
Xe/nixos-configs on GitHub.

23
common/default.nix
View File

@ -1,7 +1,7 @@
{ config, lib, pkgs, ... }: {
imports = [ ./users ./microcode.nix ./no-rsa-ssh-hostkey.nix ];
imports = [ ./services ./users ./microcode.nix ];
boot.tmp.cleanOnBoot = true;
boot.cleanTmpDir = true;
boot.kernelModules = [ "wireguard" ];
environment.systemPackages = with pkgs; [
@ -13,27 +13,12 @@
git
mosh
wasmer
wasmtime
nodejs-18_x
nodejs-16_x
];
security.polkit.enable = true;
programs.nix-ld.enable = true;
programs.zsh.enable = true;
programs.fish.enable = true;
programs.fish.useBabelfish = true;
programs.fish.loginShellInit = ''
## XXX(Xe): unfuck nix-ld
eval (cat /etc/set-environment | grep NIX_LD)
'';
# fix gist gem 😭
nixpkgs.config.permittedInsecurePackages = [ "openssl-1.1.1t" "openssl-1.1.1u" "nodejs-16.20.0" "nodejs-14.21.3" "nodejs-16.20.1" ];
boot.binfmt.emulatedSystems =
[ "wasm32-wasi" "aarch64-linux" "riscv64-linux" ];
boot.binfmt.emulatedSystems = [ "wasm32-wasi" "aarch64-linux" ];
nix = {
package = pkgs.nixVersions.stable;

3
common/home-manager/default.nix
View File

@ -32,8 +32,5 @@
systemd.user.startServices = true;
# hack to fix vscode
services.vscode-server.enable = true;
home.stateVersion = "21.11";
}

342
common/home-manager/emacs/default.nix
View File

@ -4,22 +4,21 @@ with lib;
let cfg = config.within.emacs;
in {
options.within.emacs.enable =
mkEnableOption "emacs without spacemacs support";
imports = [ ./emacs-init.nix ./emacs-init-defaults.nix ];
options.within.emacs.enable = mkEnableOption "emacs without spacemacs support";
imports = [ ./emacs-init.nix ];
config = mkIf cfg.enable {
home.file."bin/e" = {
text = ''
#!/bin/sh
exec emacsclient -a "" -nc $@
emacsclient $@
'';
executable = true;
};
services.emacs.enable = true;
programs.emacs = {
enable = true;
package = pkgs.emacs-unstable-nox;
init = {
enable = true;
@ -32,7 +31,6 @@ in {
(setq inhibit-startup-screen t)
(menu-bar-mode -1)
(tab-bar-mode 1)
(electric-pair-mode)
@ -71,7 +69,7 @@ in {
str)
(setq str (replace-match "" t t str)))
str)
(setq gofmt-command "goimports")
(defun eshell/e (arg)
"opens a given file in emacs from eshell"
(find-file arg))
@ -88,34 +86,15 @@ in {
(other-window 1)
(find-file arg))
;;;; Mouse scrolling in terminal emacs
(unless (display-graphic-p)
;; activate mouse-based scrolling
(xterm-mouse-mode 1)
(global-set-key (kbd "<mouse-4>") 'scroll-down-line)
(global-set-key (kbd "<mouse-5>") 'scroll-up-line))
(set-frame-parameter (selected-frame) 'alpha '(85 . 85))
(add-to-list 'default-frame-alist '(alpha . (85 . 85)))
;; git gutter with tramp
(defun git-gutter+-remote-default-directory (dir file)
(let* ((vec (tramp-dissect-file-name file))
(method (tramp-file-name-method vec))
(user (tramp-file-name-user vec))
(domain (tramp-file-name-domain vec))
(host (tramp-file-name-host vec))
(port (tramp-file-name-port vec)))
(tramp-make-tramp-file-name method user domain host port dir)))
(defun git-gutter+-remote-file-path (dir file)
(let ((file (tramp-file-name-localname (tramp-dissect-file-name file))))
(replace-regexp-in-string (concat "\\`" dir) "" file)))
(xterm-mouse-mode)
'';
usePackageVerbose = true;
usePackage = {
# core packages
better-defaults.enable = true;
company = {
enable = true;
diminish = [ "company-mode" ];
@ -124,6 +103,8 @@ in {
'';
};
dockerfile-mode = { enable = true; };
counsel = {
enable = true;
@ -148,25 +129,7 @@ in {
'';
};
crontab-mode = {
enable = true;
mode = [
''("\\.cron\\(tab\\)?\\'" . crontab-mode)''
''("cron\\(tab\\)?\\." . crontab-mode)''
''("/cron.d/" . crontab-mode)''
];
};
dashboard = {
enable = true;
config = ''
(dashboard-setup-startup-hook)
(setq initial-buffer-choice (lambda () (get-buffer-create "*dashboard*")))
(setq dashboard-banner-logo-title "Have you ever been far even as decided to use even go want to do look more like?")
;(add-to-list 'dashboard-items '(agenda) t)
;(setq dashboard-week-agenda t)
'';
};
cython-mode = { enable = true; };
direnv = {
enable = true;
@ -175,11 +138,12 @@ in {
'';
};
better-defaults.enable = true;
evil = {
enable = true;
init = ''
(setq evil-want-C-i-jump nil)
(setq evil-want-keybinding nil)
'';
config = ''
(evil-mode 1)
@ -188,7 +152,6 @@ in {
evil-surround = {
enable = true;
after = [ "evil" ];
config = ''
(global-evil-surround-mode 1)
'';
@ -201,7 +164,7 @@ in {
evil-magit = {
enable = true;
after = [ "evil" "magit" ];
after = [ "magit" ];
};
flycheck = {
@ -212,9 +175,10 @@ in {
'';
};
go-mode.enable = true;
lsp-mode = {
enable = true;
after = [ "go-mode" "rust-mode" ];
command = [ "lsp" ];
hook = [
"(go-mode . lsp)"
@ -223,7 +187,6 @@ in {
];
config = ''
(setq lsp-rust-server 'rust-analyzer)
(add-hook 'go-mode-hook 'lsp-deferred)
'';
};
@ -239,10 +202,13 @@ in {
command = [ "lsp-ivy-workspace-symbol" ];
};
git-gutter = {
nlinum-relative = {
enable = true;
after = [ "evil" ];
config = ''
(global-git-gutter-mode +1)
(nlinum-relative-setup-evil)
(add-hook 'prog-mode-hook 'nlinum-relative-mode)
(add-hook 'org-mode-hook 'nlinum-relative-mode)
'';
};
@ -288,11 +254,6 @@ in {
'';
};
fountain-mode = {
enable = true;
mode = [ ''("\\.fountain\\'" . fountain-mode)'' ];
};
ivy = {
enable = true;
demand = true;
@ -329,11 +290,30 @@ in {
mode = [
''("README\\.md\\'" . gfm-mode)''
''("\\.md\\'" . markdown-mode)''
''("\\.mdx\\'" . markdown-mode)''
''("\\.markdown\\'" . markdown-mode)''
];
};
nix = { enable = true; };
nix-mode = {
enable = true;
mode = [ ''"\\.nix\\'"'' ];
bindLocal = { nix-mode-map = { "C-i" = "nix-indent-line"; }; };
};
nix-prettify-mode = {
enable = true;
config = ''
(nix-prettify-global-mode)
'';
};
nix-drv-mode = {
enable = true;
mode = [ ''"\\.drv\\'"'' ];
};
projectile = {
enable = true;
after = [ "ivy" ];
@ -355,12 +335,7 @@ in {
'';
};
rainbow-delimiters = {
enable = true;
config = ''
(add-hook 'prog-mode-hook #'rainbow-delimiters-mode)
'';
};
protobuf-mode = { enable = true; };
swiper = {
enable = true;
@ -374,8 +349,6 @@ in {
'';
};
vterm.enable = true;
which-key = {
enable = true;
diminish = [ "which-key-mode" ];
@ -392,169 +365,10 @@ in {
enable = true;
config = ''
(setq custom-safe-themes t)
(add-hook 'after-init-hook (lambda () (load-theme 'gruvbox-dark-soft t)))
(add-hook 'after-init-hook (lambda () (load-theme 'gruvbox t)))
'';
};
nov = {
enable = true;
mode = [ ''"\\.epub\\'"'' ];
};
web-mode = {
enable = true;
mode = [ ''"\\.html\\'"'' ''"\\.tmpl\\'"'' ];
config = ''
(define-derived-mode typescript-tsx-mode web-mode "TypeScript-tsx")
(add-to-list 'auto-mode-alist '("\\.tsx\\'" . typescript-tsx-mode))
'';
};
# org-mode
org = {
enable = true;
config = ''
(setq org-agenda-files '("~/org/daily/" "~/org/"))
(setq org-capture-templates '(("c" "Contacts" entry (file "~/org/contacts.org")
"* %(org-contacts-template-name)\n:PROPERTIES:\n:EMAIL: %(org-contacts-template-email)\n:END:")))
'';
};
org-journal = {
enable = true;
config = ''
(setq org-journal-dir "~/org/daily/")
(setq org-journal-date-prefix "#+startup: logdrawer\n#+options: d:t\n#+TITLE: ")
(setq org-journal-file-format "%Y%m%d.org")
(setq org-journal-time-prefix "* ")
(setq org-journal-time-format "TODO ")
(setq org-journal-enable-agenda-integration t)
'';
};
org-roam = {
enable = true;
config = ''
(setq org-roam-directory "~/org/roam")
'';
};
ob.enable = true;
org-download.enable = true;
org-mime.enable = true;
org-pomodoro.enable = true;
org-projectile.enable = true;
org-contacts.enable = true;
ox-epub.enable = true;
org-roam-ui.enable = true;
org-roam-protocol.enable = true;
systemd.enable = true;
gemini-mode.enable = true;
"0x0".enable = true;
request.enable = true;
# programming languages
cython-mode.enable = true;
dockerfile-mode.enable = true;
nix.enable = true;
protobuf-mode.enable = true;
terraform-mode.enable = true;
## typescript
js2-mode.enable = true;
#rjsx-mode.enable = true;
tide.enable = true;
typescript-mode = {
enable = true;
config = ''
(setq typescript-indent-level 2)
'';
};
add-node-modules-path = {
enable = true;
config = ''
(eval-after-load 'js2-mode
'(add-hook 'js2-mode-hook #'add-node-modules-path))
(eval-after-load 'typescript-mode
'(add-hook 'typescript-mode-hook #'add-node-modules-path))
(eval-after-load 'web-mode
'(add-hook 'web-mode-hook #'add-node-modules-path))
'';
};
prettier-js = {
enable = true;
after = [ "xe-tools" ];
config = ''
(add-hook 'js2-mode-hook 'prettier-js-mode)
(add-hook 'web-mode-hook 'prettier-js-mode)
(add-hook 'web-mode-hook #'(lambda ()
(xe/enable-minor-mode
'("\\.jsx?\\'" . prettier-js-mode))))
(add-hook 'web-mode-hook #'(lambda ()
(xe/enable-minor-mode
'("\\.tsx?\\'" . prettier-js-mode))))
'';
};
deno-fmt = {
enable = true;
config = ''
(add-hook 'typescript-mode-hook 'deno-fmt-mode)
(add-hook 'js2-mode-hook 'deno-fmt-mode)
'';
};
go-mode = {
enable = true;
config = ''
(setq gofmt-command "${pkgs.gotools}/bin/goimports")
(add-hook 'before-save-hook #'gofmt-before-save)
'';
};
highlight-indent-guides = {
enable = true;
config = ''
(add-hook 'prog-mode-hook 'highlight-indent-guides-mode)
'';
};
nix-mode = {
enable = true;
mode = [ ''"\\.nix\\'"'' ];
bindLocal = { nix-mode-map = { "C-i" = "nix-indent-line"; }; };
};
nixpkgs-fmt = {
enable = true;
config = ''
(add-hook 'nix-mode-hook 'nixpkgs-fmt-on-save-mode)
'';
};
nix-prettify-mode = {
enable = true;
config = ''
(nix-prettify-global-mode)
'';
};
nix-drv-mode = {
enable = true;
mode = [ ''"\\.drv\\'"'' ];
};
haskell-mode = {
enable = true;
mode = [ ''"\\.hs\\'"'' ];
};
dhall-mode = {
enable = true;
mode = [ ''"\\.dhall\\'"'' ];
@ -575,68 +389,44 @@ in {
mode = [ ''"\\.toml\\'"'' ];
};
typst-mode = {
enable = true;
mode = [ ''"\\.typ\\'"'' ];
};
zig-mode = {
enable = true;
mode = [ ''"\\.zig\\'"'' ];
};
shell-maker.enable = true;
## custom shit
change-case = {
nov = {
enable = true;
package = (epkgs:
epkgs.trivialBuild {
pname = "change-case";
src = ./packages/change-case.el;
});
mode = [ ''"\\.epub\\'"'' ];
};
tclip = {
web-mode = {
enable = true;
after = [ "request" ];
package = (epkgs:
epkgs.trivialBuild {
pname = "tclip";
src = ./packages/tclip.el;
packageRequires = [ epkgs.request ];
});
mode = [ ''"\\.html\\'"'' ''"\\.tmpl\\'"'' ];
};
xe-chatgpt = {
enable = true;
after = [ "request" ];
package = (epkgs:
epkgs.trivialBuild {
pname = "xe-chatgpt";
src = ./packages/xe-chatgpt.el;
packageRequires = [ epkgs.request ];
});
};
ob.enable = true;
org-download.enable = true;
org.enable = true;
org-mime.enable = true;
org-pomodoro.enable = true;
org-projectile.enable = true;
xe-tools = {
enable = true;
package = (epkgs:
epkgs.trivialBuild {
pname = "xe-tools";
src = ./packages/xe-tools.el;
});
weechat.enable = true;
systemd.enable = true;
terraform-mode.enable = true;
gemini-mode.enable = true;
highlight-indent-guides.enable = true;
"0x0".enable = true;
typescript-mode.enable = true;
tide.enable = true;
deno-fmt = {
enable = true;
config = ''
(setq linum-format 'xe/linum-format-func)
(global-linum-mode)
(add-hook 'typescript-mode-hook 'deno-fmt-mode)
(add-hook 'js2-mode-hook 'deno-fmt-mode)
'';
bindStar = {
"C-a c" = "xe/tabnew-shell";
"C-a h" = "split-window-vertically";
"C-a v" = "split-window-horizontally";
};
};
};
};

144
common/home-manager/emacs/emacs-init-defaults.nix
View File

@ -1,144 +0,0 @@
# A collection of "uncontroversial" configurations for selected packages.
{ pkgs, lib, config, ... }:
{
programs.emacs.init.usePackage = {
cmake-mode.mode = [
''"\\.cmake\\'"'' # \
''"CMakeLists.txt\\'"''
];
csharp-mode.mode = [ ''"\\.cs\\'"'' ];
cue-mode = {
package = epkgs:
epkgs.trivialBuild {
pname = "cue-mode.el";
src = pkgs.fetchurl {
url =
"https://raw.githubusercontent.com/russell/cue-mode/9c803ee8fa4a6e99c7dc9ae373c6178569583b7a/cue-mode.el";
sha256 = "0swhpknkg1vwbchblzrwynixf5grg95jy1bkc8w92yfpb1jch7m7";
};
preferLocalBuild = true;
allowSubstitutes = true;
};
command = [ "cue-mode" ];
mode = [ ''"\\.cue\\'"'' ];
hook = [ "(cue-mode . subword-mode)" ];
};
dap-lldb = {
config = ''
(setq dap-lldb-debug-program "${pkgs.lldb}/bin/lldb-vscode")
'';
};
deadgrep = {
config = ''
(setq deadgrep-executable "${pkgs.ripgrep}/bin/rg")
'';
};
dhall-mode.mode = [ ''"\\.dhall\\'"'' ];
dockerfile-mode.mode = [ ''"Dockerfile\\'"'' ];
elm-mode.mode = [ ''"\\.elm\\'"'' ];
emacsql-sqlite3 = {
enable =
lib.mkDefault config.programs.emacs.init.usePackage.org-roam.enable;
defer = lib.mkDefault true;
config = ''
(setq emacsql-sqlite3-executable "${pkgs.sqlite}/bin/sqlite3")
'';
};
ggtags = {
config = ''
(setq ggtags-executable-directory "${pkgs.global}/bin")
'';
};
idris-mode = {
mode = [ ''"\\.idr\\'"'' ];
config = ''
(setq idris-interpreter-path "${pkgs.idris}/bin/idris")
'';
};
kotlin-mode = {
mode = [ ''"\\.kts?\\'"'' ];
hook = [ "(kotlin-mode . subword-mode)" ];
};
latex.mode = [ ''("\\.tex\\'" . latex-mode)'' ];
lsp-eslint = {
config = ''
(setq lsp-eslint-server-command '("node" "${pkgs.vscode-extensions.dbaeumer.vscode-eslint}/share/vscode/extensions/dbaeumer.vscode-eslint/server/out/eslintServer.js" "--stdio"))
'';
};
markdown-mode = {
mode = [ ''"\\.mdwn\\'"'' ''"\\.markdown\\'"'' ''"\\.md\\'"'' ];
};
nix-mode.mode = [ ''"\\.nix\\'"'' ];
notmuch = {
package = epkgs: lib.getOutput "emacs" pkgs.notmuch;
config = ''
(setq notmuch-command "${pkgs.notmuch}/bin/notmuch")
'';
};
octave.mode = [ ''("\\.m\\'" . octave-mode)'' ];
ob-plantuml = {
config = ''
(setq org-plantuml-jar-path "${pkgs.plantuml}/lib/plantuml.jar")
'';
};
org-roam = {
defines = [ "org-roam-graph-executable" ];
config = ''
(setq org-roam-graph-executable "${pkgs.graphviz}/bin/dot")
'';
};
pandoc-mode = {
config = ''
(setq pandoc-binary "${pkgs.pandoc}/bin/pandoc")
'';
};
php-mode.mode = [ ''"\\.php\\'"'' ];
plantuml-mode = {
mode = [ ''"\\.puml\\'"'' ];
config = ''
(setq plantuml-default-exec-mode 'executable
plantuml-executable-path "${pkgs.plantuml}/bin/plantuml")
'';
};
protobuf-mode.mode = [ ''"\\.proto\\'"'' ];
purescript-mode.mode = [ ''"\\.purs\\'"'' ];
ripgrep = {
config = ''
(setq ripgrep-executable "${pkgs.ripgrep}/bin/rg")
'';
};
rust-mode.mode = [ ''"\\.rs\\'"'' ];
terraform-mode.mode = [ ''"\\.tf\\'"'' ];
yaml-mode.mode = [ ''"\\.\\(e?ya?\\|ra\\)ml\\'"'' ];
};
}

14
common/home-manager/emacs/emacs-init.nix
View File

@ -57,14 +57,6 @@ let
'';
};
defines = mkOption {
type = types.listOf types.str;
default = [ ];
description = ''
The entries to use for <option>:defines</option>.
'';
};
demand = mkOption {
type = types.bool;
default = false;
@ -218,7 +210,6 @@ let
mkAfter = vs: optional (vs != [ ]) ":after (${toString vs})";
mkCommand = vs: optional (vs != [ ]) ":commands (${toString vs})";
mkDefines = vs: optional (vs != [ ]) ":defines (${toString vs})";
mkDiminish = vs: optional (vs != [ ]) ":diminish (${toString vs})";
mkMode = map (v: ":mode ${v}");
mkBind = mkBindHelper "bind" "";
@ -241,9 +232,8 @@ let
++ mkBindStar config.bindStar ++ mkBindKeyMap config.bindKeyMap
++ mkBindLocal config.bindLocal ++ mkChords config.chords
++ mkCommand config.command ++ mkDefer config.defer
++ mkDefines config.defines ++ mkDemand config.demand
++ mkDiminish config.diminish ++ mkHook config.hook
++ mkMode config.mode
++ mkDemand config.demand ++ mkDiminish config.diminish
++ mkHook config.hook ++ mkMode config.mode
++ optionals (config.init != "") [ ":init" config.init ]
++ optionals (config.config != "") [ ":config" config.config ]
++ optionals (config.general != "") [ ":general" config.general ]

55
common/home-manager/emacs/packages/change-case.el
View File

@ -1,55 +0,0 @@
(defun camelcase-region (start end)
"Changes region from snake_case to camel_case"
(interactive "r")
(save-restriction (narrow-to-region start end)
(goto-char (point-min))
(while (re-search-forward "_\\(.\\)" nil t)
(replace-match (upcase (match-string 1))))))
(defun camelcase-word-or-region ()
"Changes word or region from snake_case to camel_case"
(interactive)
(let (pos1 pos2 bds)
(if (and transient-mark-mode mark-active)
(setq pos1 (region-beginning) pos2 (region-end))
(progn
(setq bds (bounds-of-thing-at-point 'symbol))
(setq pos1 (car bds) pos2 (cdr bds))))
(camelcase-region pos1 pos2)))
(defun split-name (s)
(split-string
(let ((case-fold-search nil))
(downcase
(replace-regexp-in-string "\\([a-z]\\)\\([A-Z]\\)" "\\1 \\2" s)))
"[^A-Za-z0-9]+"))
(defun underscore-string (s)
(mapconcat
'downcase
(split-name s) "_"))
(defun snakecase-region (begin end)
"Convert the given region from camel_case to snake_case"
(interactive "r")
(let* ((word (buffer-substring begin end))
(underscored (underscore-string word)))
(save-excursion
(widen) ; break out of the subregion so we can fix every usage of the function
(replace-string word underscored nil (point-min) (point-max)))))
(defun snakecase-word-or-region ()
"Changes word or region from camel_case to snake_case"
(interactive)
(let (pos1 pos2 bds)
(if (and transient-mark-mode mark-active)
(setq pos1 (region-beginning) pos2 (region-end))
(progn
(setq bds (bounds-of-thing-at-point 'symbol))
(setq pos1 (car bds) pos2 (cdr bds))))
(snakecase-region pos1 pos2)))
(global-set-key (kbd "C-c C--") 'camelcase-word-or-region)
(global-set-key (kbd "C-c C-_") 'snakecase-word-or-region)
(provide 'change-case)

81
common/home-manager/emacs/packages/tclip.el
View File

@ -1,81 +0,0 @@
;;; tclip.el --- tclip client for Emacs -*- lexical-binding: t; -*-
;; Copyright (C)
;; 2023 Tailscale, Inc.
;; Author: Xe Iaso <xe@tailscale.com>
;; Maintainer: Xe Iaso <xe@tailscale.com>
;; Created: 2023-01-13
;; Version: 0.1
;; Keywords: tailscale, pastebin, sharing
;; Homepage: https://github.com/tailscale-dev/tclip
;;; Commentary:
;;
;; This uses request-el to make requests to your tailnet's tclip server. You
;; can install request-el with M-x package-install.
;;
;; This package requires that you have a tclip server set up. This package
;; reaches out to a tclip server over either plain HTTP, or HTTPS should you
;; configure the variable `tclip-server'.
;;
;; Usage:
;;
;; To submit the contents of the current buffer to tclip:
;; M-x tclip-submit-buffer
;; To submit the contents of the currently highlighted region to tclip:
;; M-x tclip-submit-region
;;
;; Customization:
;;
;; To customize the tclip server this package reaches out to:
;; M-x customize-group tclip
;;
;; You can customize the tclip server URL by changing the value of `tclip-server':
;; (setq tclip-server "https://paste.shark-harmonic.ts.net")
;;; Code:
(require 'request)
(defgroup tclip nil
"Tclip server configuration."
:prefix "tclip-"
:group 'tclip)
(defcustom tclip-server "http://paste"
"The server that is running tclip or a service with a compatible API to tclip. This should NOT end with a trailing slash."
:group 'tclip
:type 'string)
(defun tclip--send-paste (fname content)
"Internal function that actually fires off the paste with name FNAME and content CONTENT to the tclip server."
(request (format "%s/api/post" tclip-server)
:type "POST"
:data `(("filename" . ,fname)
("content" . ,content))
:headers '(("Accept" . "text/plain"))
:timeout 60
:success (cl-function
(lambda (&key response &allow-other-keys)
(message "%s" (request-response-data response))))))
(defun tclip-submit-buffer ()
"Submits the entire current buffer to tclip."
(interactive)
(let ((fname (format "%s.%s"
(file-name-base (buffer-file-name))
(file-name-extension (buffer-file-name))))
(content (buffer-string)))
(tclip--send-paste fname content)))
(defun tclip-submit-region ()
"Submits the highlighted region to tclip."
(interactive)
(let ((fname (format "%s.%s"
(file-name-base (buffer-file-name))
(file-name-extension (buffer-file-name))))
(content (buffer-substring-no-properties (region-beginning) (region-end))))
(tclip--send-paste fname content)))
(provide 'tclip)
;;; tclip.el ends here

105
common/home-manager/emacs/packages/xe-chatgpt.el
View File

@ -1,105 +0,0 @@
;;; xe-tools --- Xe's chatgpt bindings
;;; Commentary:
;;; I guess we're gonna have to deal with this shit,
;;; so I might as well try and learn how to use it.
;;; Code:
(setf lexical-binding t)
(eval-when-compile '(require 'cl))
(require 'request)
(defcustom xe/chatgpt-base-prompt
"You are an assistant that helps Xe Iaso with programming. You will return answers and code that helps Xe program things."
"The default system message for ChatGPT."
:type 'string)
(defcustom xe/chatgpt-model
"gpt-3.5-turbo"
"The model to use when querying ChatGPT."
:type 'string)
(defun xe/chatgpt--create-answer-buffer (suffix)
"Create a new scratch buffer with name SUFFIX and switch to it.
The buffer is set to markdown-mode. Return the buffer."
(let ((bufname (generate-new-buffer-name (format "*xe-chatgpt-%s*" suffix))))
(switch-to-buffer (get-buffer-create bufname))
(markdown-mode)
(get-buffer bufname)))
(defun xe/chatgpt--chomp (str)
"Chomp leading and tailing whitespace from STR."
(while (string-match "\\`\n+\\|^\\s-+\\|\\s-+$\\|\n+\\'"
str)
(setq str (replace-match "" t t str)))
str)
(defun xe/chatgpt--read-file (fname)
"Reads FNAME and returns its contents as a string."
(with-temp-buffer
(insert-file-contents fname)
(xe/chatgpt--chomp (buffer-string))))
(defun xe/chatgpt--make-request (question mode)
"Internal function to ask ChatGPT a QUESTION in MODE mode.
Inserts the result text of the first response to the a scratch buffer."
(xe/chatgpt--create-answer-buffer mode)
(insert question)
(let* ((req `(("model" . ,xe/chatgpt-model)
("messages" . ((("role" . "system") ("content" . ,xe/chatgpt-base-prompt))
(("role" . "user") ("content" . ,question))))))
(auth-key (xe/chatgpt--read-file
(format "%s/.openai-token" (getenv "HOME"))))
(headers `(("Content-Type" . "application/json")
("Authorization" . ,(format "Bearer %s" auth-key)))))
(request
"https://api.openai.com/v1/chat/completions"
:type "POST"
:data (json-encode req)
:headers headers
:parser 'json-read
:encoding 'utf-8
:success (cl-function
(lambda (&key data &allow-other-keys)
(let* ((choice (aref (alist-get 'choices data) 0))
(message (alist-get 'message choice))
(content (alist-get 'content message)))
(insert (xe/chatgpt--chomp content))))))))
(defun xe/ask-chatgpt (question)
"Ask ChatGPT a QUESTION and get the response put into your current buffer."
(interactive "squestion> ")
(xe/chatgpt--make-request (format "%s\n\n" question) "detail"))
(defun xe/ask-chatgpt-with-mode (question)
"Ask ChatGPT a QUESTION and get the response put into your current buffer. This will add the context of what editor major mode you are in."
(interactive "squestion> ")
(let* ((editor-mode (string-join (split-string (symbol-name major-mode) "-") " "))
(prompt (format "%s\nUser is in %s. Only include the code.\n\n" question editor-mode)))
(xe/chatgpt--make-request prompt "quick")))
(defun xe/chatgpt-explain (beginning end)
"Ask ChatGPT to explain this region of code from BEGINNING to END."
(interactive "r")
(let* ((code (buffer-substring-no-properties (region-beginning) (region-end)))
(mode-sp (split-string (symbol-name major-mode) "-"))
(editor-mode (string-join (split-string (symbol-name major-mode) "-") " "))
(prompt
(format "Explain this code. User is in %s.\n\n```%s\n%s```\n\n" editor-mode (car mode-sp) code)))
(xe/chatgpt--make-request prompt "explain")))
(defun xe/chatgpt-answer-question-about-code (beginning end question)
"Ask ChatGPT to answer a QUESTION about this region of code from BEGINNING to END."
(interactive "r\nsquestion> ")
(let* ((code (buffer-substring-no-properties (region-beginning) (region-end)))
(mode-sp (split-string (symbol-name major-mode) "-"))
(editor-mode (string-join (split-string (symbol-name major-mode) "-") " "))
(prompt
(format "%s I'm in %s.\n\n```%s\n%s```" question editor-mode (car mode-sp) code)))
(xe/chatgpt--make-request prompt "explain")))
(provide 'xe-chatgpt)
;;; xe-chatgpt.el ends here

68
common/home-manager/emacs/packages/xe-tools.el
View File

@ -1,68 +0,0 @@
;;; xe-tools --- Xe's tools
;;; Commentary:
;;; Code:
(defun xe/count-buffers (&optional display-anyway)
"Display or return the number of buffers."
(interactive)
(let ((buf-count (length (buffer-list))))
(if (or (interactive-p) display-anyway)
(message "%d buffers in this Emacs" buf-count)) buf-count))
(defun xe/look-of-disapproval ()
"Just in case we need this."
(interactive)
(insert "ಠ_ಠ"))
(defun xe/enable-minor-mode (my-pair)
"Enable minor mode if filename match the regexp. MY-PAIR is a cons
cell (regexp . minor-mode)."
(if (buffer-file-name)
(if (string-match (car my-pair) buffer-file-name)
(funcall (cdr my-pair)))))
(defun xe/tabnew-shell ()
"Opens a shell in a new tab (tmux Control-b c)."
(interactive)
(tab-bar-new-tab 1)
(let ((proj-type (projectile-project-type)))
(if (eq proj-type 'nil)
(vterm)
(projectile-run-vterm)))
(rename-uniquely))
(defun xe/kill-whitespace ()
"Kill the whitespace between two non-whitespace characters"
(interactive "*")
(save-excursion
(save-restriction
(save-match-data
(progn
(re-search-backward "[^ \t\r\n]" nil t)
(re-search-forward "[ \t\r\n]+" nil t)
(replace-match "" nil nil))))))
(defun xe/how-many-region (begin end regexp &optional interactive)
"Print number of non-trivial matches for REGEXP in region.
Non-interactive arguments are Begin End Regexp"
(interactive "r\nsHow many matches for (regexp): \np")
(let ((count 0) opoint)
(save-excursion
(setq end (or end (point-max)))
(goto-char (or begin (point)))
(while (and (< (setq opoint (point)) end)
(re-search-forward regexp end t))
(if (= opoint (point))
(forward-char 1)
(setq count (1+ count))))
(if interactive (message "%d occurrences" count))
count)))
(defun xe/linum-format-func (line)
"Properly format the line number"
(let ((w (length (number-to-string (count-lines (point-min) (point-max))))))
(propertize (format (format " %%%dd " w) line) 'face 'linum)))
(provide 'xe-tools)
;;; xe-tools.el ends here

40
common/home-manager/fish/default.nix
View File

@ -16,27 +16,12 @@ in {
function fish_greeting;end
'';
".config/fish/functions/vterm_printf.fish".text = ''
function vterm_printf;
if begin; [ -n "$TMUX" ] ; and string match -q -r "screen|tmux" "$TERM"; end
# tell tmux to pass the escape sequences through
printf "\ePtmux;\e\e]%s\007\e\\" "$argv"
else if string match -q -- "screen*" "$TERM"
# GNU screen (screen, screen-256color, screen-256color-bce)
printf "\eP\e]%s\007\e\\" "$argv"
else
printf "\e]%s\e\\" "$argv"
end
end
'';
".config/fish/functions/fish_prompt.fish".source = ./fish_prompt.fish;
".config/fish/functions/fish_right_prompt.fish".source =
./fish_right_prompt.fish;
".config/fish/conf.d/ssh-agent.fish".source = ./ssh-agent.fish;
# global fish config
".config/fish/conf.d/001-unfuck-nixos.fish".source = ./unfuck-nixos.fish;
".config/fish/conf.d/cadey.fish".text = ''
alias edit "emacsclient -t -c -a ${dquot}"
alias e "edit"
@ -74,31 +59,6 @@ in {
# Set GPG TTY
set -x GPG_TTY (tty)
'';
".config/fish/conf.d/emacs.fish".text = ''
if [ "$INSIDE_EMACS" = 'vterm' ]
function clear
vterm_printf "51;Evterm-clear-scrollback";
tput clear;
end
function e
vterm_printf "51;Efind-file" $argv;
end
function vterm_prompt_end;
vterm_printf '51;A'(whoami)'@'(hostname)':'(pwd)
end
functions --copy fish_prompt vterm_old_fish_prompt
function fish_prompt --description 'Write out the prompt; do not replace this. Instead, put this at end of your file.'
# Remove the trailing newline from the original prompt. This is done
# using the string builtin from fish, but to make sure any escape codes
# are correctly interpreted, use %b for printf.
printf "%b" (string join "\n" (vterm_old_fish_prompt))
vterm_prompt_end
end
end
'';
};
home.packages = [ pkgs.fishPlugins.foreign-env ];

1
common/home-manager/fish/unfuck-nixos.fish
View File

@ -1 +0,0 @@
eval (cat /etc/set-environment | grep NIX_LD)

6
common/no-rsa-ssh-hostkey.nix
View File

@ -1,6 +0,0 @@
{
services.openssh.hostKeys = [{
path = "/etc/ssh/ssh_host_ed25519_key";
type = "ed25519";
}];
}

57
common/services/backup.nix Normal file
View File

@ -0,0 +1,57 @@
{ config, lib, pkgs, ... }:
let cfg = config.within.backups;
in with lib; {
options.within.backups = {
enable = mkEnableOption "Enables per-host backups to rsync.net";
paths = mkOption {
type = with types; listOf str;
default = [ "/home" "/srv" "/var/lib" "/root" ];
description = "paths to backup to rsync.net";
};
exclude = mkOption {
type = with types; listOf str;
default = [
"/var/lib/docker"
"/var/lib/systemd"
"/var/lib/libvirt"
"'**/.cache'"
"'**/.nix-profile'"
"'**/.elm'"
"'**/.emacs.d'"
];
description = "paths to NOT backup to rsync.net";
};
repo = mkOption {
type = types.str;
description = "Repo to submit backups to";
};
};
config = mkIf config.within.backups.enable {
services.borgbackup.jobs."borgbase" = {
paths = cfg.paths;
exclude = cfg.exclude;
repo = cfg.repo;
encryption = {
mode = "repokey-blake2";
passCommand = "cat /root/borgbackup_passphrase";
};
environment.BORG_RSH = "ssh -i /root/borgbackup_ssh_key";
compression = "auto,lzma";
startAt = "daily";
extraArgs = "--remote-path=borg1";
};
age.secrets = {
borgbackup-passphrase = {
file = ../../secret/borgbackup_passphrase;
path = "/root/borgbackup_passphrase";
};
borgbackup-ssh-key = {
file = ../../secret/borgbackup_ssh_key;
path = "/root/borgbackup_ssh_key";
};
};
};
}

11
common/services/default.nix Normal file
View File

@ -0,0 +1,11 @@
{ ... }: {
imports = [
./backup.nix
./graphviz.nix
./lewa.nix
./mi
./tron
./tulpanomicon
./withinbot
];
}

41
common/services/graphviz.nix Normal file
View File

@ -0,0 +1,41 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.within.services.graphviz;
graphviz = pkgs.stdenv.mkDerivation {
name = "GraphvizOnline";
src = pkgs.fetchFromGitHub {
owner = "Xe";
repo = "GraphvizOnline";
rev = "98ab98e6dbabba984e49be2c8b46c470aca829fe";
sha256 = "l3BEmY20pfC1rWyQLz6j4pDPdZcv1FYKeIpBZUmosXc=";
fetchSubmodules = false;
};
phases = "installPhase";
installPhase = ''
mkdir -p $out
cp -vrf $src/* $out
'';
};
in {
options.within.services.graphviz.enable =
mkEnableOption "Activates the graphviz site";
config = mkIf cfg.enable {
services.nginx.virtualHosts."graphviz" = {
serverName = "graphviz.christine.website";
locations."/".root = graphviz;
forceSSL = true;
useACMEHost = "christine.website";
extraConfig = ''
access_log /var/log/nginx/graphviz.access.log;
'';
};
services.cfdyndns.records = [ "graphviz.christine.website" ];
};
}

38
common/services/lewa.nix Normal file
View File

@ -0,0 +1,38 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.within.services.lewa;
l'ewa = pkgs.fetchzip {
url = "https://xena.greedo.xeserv.us/files/lewa-book.tar.gz";
sha256 = "0n86fq25cnqwgfp7hfzh8l1h57a1sgvafq7lyd477amgvq0drk4c";
};
in {
options.within.services.lewa = {
enable = mkEnableOption "Activates the eBook for l'ewa";
useACME = mkEnableOption "enables ACME for cert stuff";
domain = mkOption {
type = types.str;
default = "lewa.akua";
example = "lewa.cetacean.club";
description =
"The domain name that nginx should check against for HTTP hostnames";
};
};
config = mkIf cfg.enable {
services.nginx.virtualHosts."lewa" = {
serverName = "${cfg.domain}";
locations."/".root = "${l'ewa}/book";
forceSSL = cfg.useACME;
useACMEHost = "within.website";
extraConfig = ''
access_log /var/log/nginx/lewa.access.log;
'';
};
services.cfdyndns = mkIf cfg.useACME { records = [ "${cfg.domain}" ]; };
};
}

104
common/services/mi/default.nix Normal file
View File

@ -0,0 +1,104 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.within.services.mi;
mi = with pkgs;
import
(fetchFromGitHub (builtins.fromJSON (builtins.readFile ./source.json))) { };
in {
options.within.services.mi = {
enable = mkEnableOption "Activates mi (a personal API)";
useACME = mkEnableOption "Enables ACME for cert stuff";
port = mkOption {
type = types.int;
default = 38288;
example = 9001;
description = "The port number mi should listen on for HTTP traffic";
};
domain = mkOption {
type = types.str;
default = "mi.within.website";
example = "mi.within.website";
description =
"The domain name that nginx should check against for HTTP hostnames";
};
};
config = mkIf cfg.enable {
users.users.mi = {
createHome = true;
description = "github.com/Xe/mi";
isSystemUser = true;
group = "within";
home = "/srv/within/mi";
extraGroups = [ "keys" ];
};
age.secrets.mi = {
file = ../../secret/mi.toml.age;
path = "/srv/within/mi/Rocket.toml";
owner = "mi";
group = "within";
mode = "0400";
};
systemd.services.mi = {
wantedBy = [ "multi-user.target" ];
after = [ "mi-key.service" "systemd-resolved.service" ];
wants = [ "mi-key.service" "systemd-resolved.service" ];
serviceConfig = {
User = "mi";
Group = "within";
Restart = "on-failure";
WorkingDirectory = "/srv/within/mi";
RestartSec = "30s";
Type = "notify";
};
script = ''
export ROCKET_PORT=${toString cfg.port}
exec ${mi}/bin/mi-backend
'';
};
systemd.services.mi-package-updater = {
wantedBy = [ "multi-user.target" ];
after = [ "mi-key.service" ];
wants = [ "mi-key.service" ];
serviceConfig = {
User = "mi";
Group = "within";
WorkingDirectory = "/srv/within/mi";
Type = "oneshot";
};
script = ''
export DATABASE_URL=./mi.db
exec ${mi}/bin/package_track
'';
startAt = "*-*-* 00:00:00"; # daily
};
services.nginx.virtualHosts."mi" = {
serverName = "${cfg.domain}";
locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.port}";
proxyWebsockets = true;
};
forceSSL = cfg.useACME;
useACMEHost = "within.website";
extraConfig = ''
access_log /var/log/nginx/mi.access.log;
'';
};
services.cfdyndns = mkIf cfg.useACME { records = [ "${cfg.domain}" ]; };
};
}

7
common/services/mi/source.json Normal file
View File

@ -0,0 +1,7 @@
{
"owner": "Xe",
"repo": "mi",
"rev": "220a123b586445da1f99b59226f7ccbe5b4a566a",
"sha256": "wbvA3++JFv7PjVl0RyRSbhdmSouJ4k3NWgh5J4jYyGk=",
"fetchSubmodules": false
}

52
common/services/tron/default.nix Normal file
View File

@ -0,0 +1,52 @@
{ config, lib, pkgs, ... }:
let
tron = with pkgs;
callPackage (fetchgit (builtins.fromJSON (builtins.readFile ./source.json)))
{ };
in with lib; {
options.within.services.tron.enable =
mkEnableOption "Activates Tron (a furbooru moderation tool)";
config = mkIf config.within.services.tron.enable {
# User account
users.users.tron = {
createHome = true;
description = "tulpa.dev/cadey/tron";
isSystemUser = true;
group = "within";
home = "/srv/within/tron";
extraGroups = [ "keys" ];
};
# Secret config
age.secrets.tron = {
file = ../../../secret/tron.env.age;
path = "/srv/within/tron/.env";
owner = "tron";
group = "within";
mode = "0640";
};
# Service
systemd.services.tron = {
wantedBy = [ "multi-user.target" ];
after = [ "tron-key.service" ];
wants = [ "tron-key.service" ];
serviceConfig = {
User = "tron";
Group = "within";
Restart = "on-failure";
RestartSec = "30s";
};
script = ''
export $(cat /srv/within/tron/.env | xargs)
export REGEXES=${tron}/regexes.dhall
exec ${tron}/bin/tron
'';
};
};
}

9
common/services/tron/source.json Normal file
View File

@ -0,0 +1,9 @@
{
"url": "https://tulpa.dev/cadey/tron.git",
"rev": "20e69676d9899013b5c9630ad9ea01e73b8d2b06",
"sha256": "1qpkis92a837c4j1f17ic57l9qpzvnbxg61vccqhcjxfx5vbyc7k",
"fetchLFS": false,
"fetchSubmodules": false,
"deepClone": false,
"leaveDotGit": false
}

27
common/services/tulpanomicon/default.nix Normal file
View File

@ -0,0 +1,27 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.within.services.tulpanomicon;
book = with pkgs;
callPackage (fetchgit (builtins.fromJSON (builtins.readFile ./source.json)))
{ };
in {
options.within.services.tulpanomicon.enable =
mkEnableOption "Activates tulpa --force";
config = mkIf cfg.enable {
services.nginx.virtualHosts."tulpanomicon" = {
serverName = "tulpanomicon.guide";
locations."/".root = "${book}";
forceSSL = true;
useACMEHost = "tulpanomicon.guide";
extraConfig = ''
access_log /var/log/nginx/tulpanomicon.access.log;
'';
};
services.cfdyndns.records = [ "tulpanomicon.guide" ];
};
}

9
common/services/tulpanomicon/source.json Normal file
View File

@ -0,0 +1,9 @@
{
"url": "https://tulpa.dev/tulpa-ebooks/tulpanomicon.git",
"rev": "5a2cce637ec680ce6aea1e9e35cdbb73d5570221",
"sha256": "0r7imilh9p84wdb15qwmk05yab2y5qndpqka4nwqv8mk4l9jdpga",
"fetchLFS": false,
"fetchSubmodules": false,
"deepClone": false,
"leaveDotGit": false
}

91
common/services/withinbot/default.nix Normal file
View File

@ -0,0 +1,91 @@
{ config, lib, pkgs, ... }:
let
bot = with pkgs;
import
(fetchFromGitHub (builtins.fromJSON (builtins.readFile ./source.json))) { };
in with lib; {
options.within.services.withinbot.enable =
mkEnableOption "Activates Withinbot (the furryhole chatbot)";
config = mkIf config.within.services.withinbot.enable {
users.users.withinbot = {
createHome = true;
description = "github.com/Xe/withinbot";
isSystemUser = true;
group = "within";
home = "/srv/within/withinbot";
extraGroups = [ "keys" ];
};
age.secrets.withinbot = {
file = ../../../secret/withinbot.env;
path = "/srv/within/withinbot/.env";
owner = "withinbot";
group = "within";
mode = "0400";
};
systemd.services.withinbot = {
wantedBy = [ "multi-user.target" ];
after = [ "withinbot-key.service" ];
wants = [ "withinbot-key.service" ];
serviceConfig = {
User = "withinbot";
Group = "within";
Restart = "on-failure";
WorkingDirectory = "/srv/within/withinbot";
RestartSec = "30s";
# security settings
CapabilityBoundingSet = "";
DeviceAllow = [ ];
NoNewPrivileges = "true";
ProtectControlGroups = "true";
ProtectClock = "true";
PrivateDevices = "true";
PrivateUsers = "true";
ProtectHome = "true";
ProtectHostname = "true";
ProtectKernelLogs = "true";
ProtectKernelModules = "true";
ProtectKernelTunables = "true";
ProtectSystem = "true";
ProtectProc = "invisible";
RemoveIPC = "true";
RestrictAddressFamilies = [ "~AF_UNIX" "~AF_NETLINK" ];
RestrictNamespaces = [
"CLONE_NEWCGROUP"
"CLONE_NEWIPC"
"CLONE_NEWNET"
"CLONE_NEWNS"
"CLONE_NEWPID"
"CLONE_NEWUTS"
"CLONE_NEWUSER"
];
RestrictSUIDSGID = "true";
RestrictRealtime = "true";
SystemCallArchitectures = "native";
SystemCallFilter = [
"~@reboot"
"~@module"
"~@mount"
"~@swap"
"~@resources"
"~@cpu-emulation"
"~@obsolete"
"~@debug"
"~@privileged"
];
UMask = "077";
};
script = let withinbot = bot;
in ''
export CAMPAIGN_FOLDER=${withinbot}/campaigns
export RUST_LOG=error,serenity::client::bridge::gateway::shard_runner=error,serenity::gateway::shard=error
exec ${withinbot}/bin/withinbot
'';
};
};
}

7
common/services/withinbot/source.json Normal file
View File

@ -0,0 +1,7 @@
{
"owner": "Xe",
"repo": "withinbot",
"rev": "b819aec3add88298a65277fbf4e13de4fe254bc0",
"sha256": "wIZ9znXL98yNlHUxhQXH/fJihukyK6XfUCyjiJ5fgzY=",
"fetchSubmodules": false
}

9
common/users/cadey/default.nix
View File

@ -1,7 +1,7 @@
{ pkgs, config, ... }:
{ pkgs, ... }:
let
name = "Xe Iaso";
email = "me@xeiaso.net";
name = "Xe";
email = "me@christine.website";
commitTemplate = pkgs.writeTextFile {
name = "cadey-commit-template";
text = ''
@ -9,10 +9,9 @@ let
'';
};
in {
imports = [ ../../home-manager ];
imports = [ ../../home-manager ./spacemacs ];
within = {
emacs.enable = true;
fish.enable = true;
htop.enable = true;
neofetch.enable = true;

80
common/users/cadey/spacemacs/default.nix
View File

@ -1,54 +1,46 @@
{ config, pkgs, lib, ... }:
{ config, pkgs, ... }:
with lib;
let
e = pkgs.writeTextFile {
name = "cadey-emacs.desktop";
destination = "/share/applications/cadey-emacs.desktop";
text = ''
[Desktop Entry]
Exec=emacsclient -nc
Icon=emacs
Name[en_US]=Emacs Client
Name=Emacs Client
StartupNotify=true
Terminal=false
Type=Application
'';
};
cfg = config.within.spacemacs;
in {
options.within.spacemacs.enable = mkEnableOption "emacs with spacemacs";
config = mkIf cfg.enable {
home.packages = with pkgs; [ anonymousPro e sqlite-interactive graphviz ];
programs.emacs.enable = true;
home.file.".spacemacs".source = ./spacemacs;
home.file."bin/e" = {
let e = pkgs.writeTextFile {
name = "cadey-emacs.desktop";
destination = "/share/applications/cadey-emacs.desktop";
text = ''
#!/bin/sh
emacsclient -a "" -nc $@
[Desktop Entry]
Exec=emacsclient -nc
Icon=emacs
Name[en_US]=Emacs Client
Name=Emacs Client
StartupNotify=true
Terminal=false
Type=Application
'';
executable = true;
};
in
{
home.packages = with pkgs; [ anonymousPro e sqlite-interactive graphviz ];
home.activation.spacemacs = ''
mkdir -p ~/.ssh
programs.emacs.enable = true;
if ! grep github.com ~/.ssh/known_hosts > /dev/null
then
echo "github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==" >> ~/.ssh/known_hosts
fi
home.file.".spacemacs".source = ./spacemacs;
if [ ! -d "$HOME/.emacs.d" ]; then
GIT_CONFIG_GLOBAL=/dev/null GIT_CONFIG_SYSTEM=/dev/null git clone https://github.com/syl20bnr/spacemacs ~/.emacs.d
systemctl --user restart emacs
fi
home.file."bin/e" = {
text = ''
#!/bin/sh
emacsclient -a "" -nc $@
'';
executable = true;
};
home.activation.spacemacs = ''
mkdir -p ~/.ssh
if ! grep github.com ~/.ssh/known_hosts > /dev/null
then
echo "github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==" >> ~/.ssh/known_hosts
fi
if [ ! -d "$HOME/.emacs.d" ]; then
GIT_CONFIG_GLOBAL=/dev/null GIT_CONFIG_SYSTEM=/dev/null git clone https://github.com/syl20bnr/spacemacs ~/.emacs.d
systemctl --user restart emacs
fi
'';
}

4
common/users/cadey/spacemacs/spacemacs
View File

@ -63,14 +63,14 @@ values."
org-journal-dir "~/org/daily/"
org-journal-enable-agenda-integration t
org-journal-file-format "%Y%m%d.org"
org-journal-date-prefix "#+startup: logdrawer\n#+options: d:t\n#+TITLE: "
org-journal-date-prefix "#+startup: logdrawer\n#+options: d:t\n#+TITLE: \n\n* Media\n* Calendar\n* Recurring\n** TODO Prune /r/tailscale\n** TODO Exercise\n** TODO Meditation\n"
org-journal-time-prefix "* "
org-journal-time-format "TODO "
org-enable-epub-support t
org-enable-github-support t
org-enable-org-contacts-support t
org-contacts-files '("~/org/contacts.org")
org-capture-templates '(("c" "Contacts" entry (file "~/org/contacts.org")
org-capture-templates '(("c" "Contacts" entry (file "~/Org/contacts.org")
"* %(org-contacts-template-name)
:PROPERTIES:
:EMAIL: %(org-contacts-template-email)

18
common/users/other.nix
View File

@ -25,24 +25,6 @@ in {
home-manager.users.mai = (import ./mai);
users.users.twi = {
isNormalUser = true;
shell = pkgs.fish;
extraGroups = [ "within" ];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMOyr7PjUfbALe3+zgygnL0fQz4GhQ7qT9b0Lw+1Gzwk"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPg9gYKVglnO2HQodSJt4z4mNrUSUiyJQ7b+J798bwD9"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPrz5T/RdragJF6StZm92JZKPMJinYdw5fYnV4osiY8Q"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF0I+UJPT7noL/bDvPj25SC24kpThqHUtge3tSQ9sIUx"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL46usOZyZD+CYa5wNBSpPxNWwF3EMeeAytPq6iVPO2X"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN76Ol48QNvRjjjIaAa3WPqVWB/ryFMmOUJpszEz13TO"
];
};
home-manager.users.twi = (import ./twi);
nix.settings.trusted-users = [ "twi" ];
users.users.vic = {
isNormalUser = true;
extraGroups = [ "wheel" "libvirtd" "adbusers" "dialout" "within" ];

29
common/users/twi/default.nix
View File

@ -1,29 +0,0 @@
{ config, pkgs, ... }:
{
imports = [ ../../home-manager ];
within = {
emacs.enable = true;
fish.enable = true;
tmux.enable = true;
tmux.shortcut = "a";
vim.enable = true;
};
programs.direnv = {
enable = true;
nix-direnv.enable = true;
};
nixpkgs.config = {
allowBroken = true;
allowUnfree = true;
packageOverrides = import ../../../pkgs;
manual.manpages.enable = true;
};
services.lorri.enable = true;
}

600
flake.lock
View File

@ -2,16 +2,16 @@
"nodes": {
"agenix": {
"inputs": {
"darwin": "darwin",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs"
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1684153753,
"narHash": "sha256-PVbWt3qrjYAK+T5KplFcO+h7aZWfEj1UtyoKlvcDxh0=",
"lastModified": 1665870395,
"narHash": "sha256-Tsbqb27LDNxOoPLh0gw2hIb6L/6Ow/6lIBvqcHzEKBI=",
"owner": "ryantm",
"repo": "agenix",
"rev": "db5637d10f797bb251b94ef9040b237f4702cde3",
"rev": "a630400067c6d03c9b3e0455347dc8559db14288",
"type": "github"
},
"original": {
@ -20,59 +20,33 @@
"type": "github"
}
},
"darwin": {
"aura": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
],
"utils": [
"utils"
]
},
"locked": {
"lastModified": 1673295039,
"narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "87b9d090ad39b25b2400029c64825fc2a8868943",
"lastModified": 1672605913,
"narHash": "sha256-TRHzwtCZC2IMPTq3UsFDJno3Y1k58HONotnA4B9dT+8=",
"owner": "PonyvilleFM",
"repo": "aura",
"rev": "ffc55b4177cdc1a3c6323397d077e26476843e65",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"owner": "PonyvilleFM",
"repo": "aura",
"type": "github"
}
},
"deno2nix": {
"inputs": {
"devshell": "devshell",
"flake-compat": "flake-compat_2",
"flake-utils": [
"waifud",
"utils"
],
"nixpkgs": [
"waifud",
"nixpkgs"
]
},
"locked": {
"lastModified": 1670562741,
"narHash": "sha256-13PVEXOYrbsGn05bIp/WWhG6lREgfcQtRTQU9Jd4g8w=",
"owner": "Xe",
"repo": "deno2nix",
"rev": "db3563f20f74eab34e2c268e2a159325df315085",
"type": "github"
},
"original": {
"owner": "Xe",
"repo": "deno2nix",
"type": "github"
}
},
"deno2nix_2": {
"inputs": {
"devshell": "devshell_2",
"flake-compat": "flake-compat_4",
"flake-compat": "flake-compat_3",
"flake-utils": [
"xesite",
"flake-utils"
@ -99,15 +73,19 @@
"deploy-rs": {
"inputs": {
"flake-compat": "flake-compat",
"nixpkgs": "nixpkgs_2",
"utils": "utils"
"nixpkgs": [
"nixpkgs"
],
"utils": [
"utils"
]
},
"locked": {
"lastModified": 1686747123,
"narHash": "sha256-XUQK9kwHpTeilHoad7L4LjMCCyY13Oq383CoFADecRE=",
"lastModified": 1672327199,
"narHash": "sha256-pFlngSHXKBhAmbaKZ4FYtu57LLunG+vWdL7a5vw1RvQ=",
"owner": "serokell",
"repo": "deploy-rs",
"rev": "724463b5a94daa810abfc64a4f87faef4e00f984",
"rev": "a5619f5660a00f58c2b7c16d89058e92327ac9b8",
"type": "github"
},
"original": {
@ -117,33 +95,6 @@
}
},
"devshell": {
"inputs": {
"flake-utils": [
"waifud",
"deno2nix",
"flake-utils"
],
"nixpkgs": [
"waifud",
"deno2nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1667210711,
"narHash": "sha256-IoErjXZAkzYWHEpQqwu/DeRNJGFdR7X2OGbkhMqMrpw=",
"owner": "numtide",
"repo": "devshell",
"rev": "96a9dd12b8a447840cc246e17a47b81a4268bba7",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "devshell",
"type": "github"
}
},
"devshell_2": {
"inputs": {
"flake-utils": [
"xesite",
@ -175,15 +126,14 @@
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
]
},
"locked": {
"lastModified": 1688894441,
"narHash": "sha256-W0AkvPsqOUtPoHDQzcqVpR2JYB/cCCVkMaz4hhS4SNo=",
"lastModified": 1672596595,
"narHash": "sha256-nddXDfyfdC30tde6r1iDWtOQz3y/LLmnS+BS4dwz2Y0=",
"owner": "nix-community",
"repo": "emacs-overlay",
"rev": "0aeb4446b3ca3f4870febe3052d46bfbc04d2d7b",
"rev": "cd444d8f2d284c90a1e898bd102a40176e6dfcfa",
"type": "github"
},
"original": {
@ -227,11 +177,11 @@
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"lastModified": 1668681692,
"narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"rev": "009399224d5e398d03b22badca40a37ac85412a1",
"type": "github"
},
"original": {
@ -256,32 +206,13 @@
"type": "github"
}
},
"flake-compat_5": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1687709756,
"narHash": "sha256-Y5wKlQSkgEK2weWdOu4J3riRd+kV/VCgHsqLNTTWQ/0=",
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "dbabf0ca0c0c4bce6ea5eaf65af5cb694d2082c7",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github"
},
"original": {
@ -302,11 +233,11 @@
]
},
"locked": {
"lastModified": 1677459247,
"narHash": "sha256-JbakfAiPYmCCV224yAMq/XO0udN5coWv/oazblMKdoY=",
"lastModified": 1662501203,
"narHash": "sha256-4BKeqCX2zwgBiTdlc2DjGQ0CttKm0vSw0r/bdFdM/PQ=",
"owner": "nix-community",
"repo": "gomod2nix",
"rev": "3cbf3a51fe32e2f57af4c52744e7228bab22983d",
"rev": "89cd0675b96775aa3ee86e7c0cf5bc238dd27976",
"type": "github"
},
"original": {
@ -318,16 +249,18 @@
"home-manager": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
],
"utils": [
"utils"
]
},
"locked": {
"lastModified": 1682203081,
"narHash": "sha256-kRL4ejWDhi0zph/FpebFYhzqlOBrk0Pl3dzGEKSAlEw=",
"lastModified": 1672349765,
"narHash": "sha256-Ul3lSGglgHXhgU3YNqsNeTlRH1pqxbR64h+2hM+HtnM=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "32d3e39c491e2f91152c84f8ad8b003420eab0a1",
"rev": "dd99675ee81fef051809bc87d67eb07f5ba022e8",
"type": "github"
},
"original": {
@ -336,62 +269,6 @@
"type": "github"
}
},
"home-manager_2": {
"inputs": {
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1688892808,
"narHash": "sha256-AeWzyG37EqyHH2C1GmrV9y0ZQ4e7rAs9AUOnw8I4YUI=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "b70db52ff06f30e3de7f21b6ea47e75baa0c46f6",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"iaso-fonts": {
"inputs": {
"nixpkgs": "nixpkgs_8",
"utils": "utils_4"
},
"locked": {
"lastModified": 1679684486,
"narHash": "sha256-XMpeeKmzxYpkh8uuxyGHcYzgORVysC8vMIVbzQdPtTs=",
"owner": "Xe",
"repo": "iosevka",
"rev": "85a6850cf67884b2d4752442bb9246415681e9e9",
"type": "github"
},
"original": {
"owner": "Xe",
"repo": "iosevka",
"type": "github"
}
},
"iosevka": {
"inputs": {
"nixpkgs": "nixpkgs_9",
"utils": "utils_5"
},
"locked": {
"lastModified": 1679684486,
"narHash": "sha256-XMpeeKmzxYpkh8uuxyGHcYzgORVysC8vMIVbzQdPtTs=",
"owner": "Xe",
"repo": "iosevka",
"rev": "85a6850cf67884b2d4752442bb9246415681e9e9",
"type": "github"
},
"original": {
"owner": "Xe",
"repo": "iosevka",
"type": "github"
}
},
"mara": {
"inputs": {
"naersk": "naersk",
@ -441,7 +318,7 @@
},
"naersk_2": {
"inputs": {
"nixpkgs": "nixpkgs_5"
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1650265945,
@ -465,11 +342,11 @@
]
},
"locked": {
"lastModified": 1679567394,
"narHash": "sha256-ZvLuzPeARDLiQUt6zSZFGOs+HZmE+3g4QURc8mkBsfM=",
"lastModified": 1659610603,
"narHash": "sha256-LYgASYSPYo7O71WfeUOaEUzYfzuXm8c8eavJcel+pfI=",
"owner": "nmattia",
"repo": "naersk",
"rev": "88cd22380154a2c36799fe8098888f0f59861a15",
"rev": "c6a45e4277fa58abd524681466d3450f896dc094",
"type": "github"
},
"original": {
@ -480,27 +357,6 @@
}
},
"naersk_4": {
"inputs": {
"nixpkgs": [
"x",
"nixpkgs"
]
},
"locked": {
"lastModified": 1686572087,
"narHash": "sha256-jXTut7ZSYqLEgm/nTk7TuVL2ExahTip605bLINklAnQ=",
"owner": "nix-community",
"repo": "naersk",
"rev": "8507af04eb40c5520bd35d9ce6f9d2342cea5ad1",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "naersk",
"type": "github"
}
},
"naersk_5": {
"inputs": {
"nixpkgs": [
"xesite",
@ -508,11 +364,11 @@
]
},
"locked": {
"lastModified": 1679567394,
"narHash": "sha256-ZvLuzPeARDLiQUt6zSZFGOs+HZmE+3g4QURc8mkBsfM=",
"lastModified": 1662220400,
"narHash": "sha256-9o2OGQqu4xyLZP9K6kNe1pTHnyPz0Wr3raGYnr9AIgY=",
"owner": "nix-community",
"repo": "naersk",
"rev": "88cd22380154a2c36799fe8098888f0f59861a15",
"rev": "6944160c19cb591eb85bbf9b2f2768a935623ed3",
"type": "github"
},
"original": {
@ -523,11 +379,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1677676435,
"narHash": "sha256-6FxdcmQr5JeZqsQvfinIMr0XcTyTuR7EXX0H3ANShpQ=",
"lastModified": 1672350804,
"narHash": "sha256-jo6zkiCabUBn3ObuKXHGqqORUMH27gYDIFFfLq5P4wg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a08d6979dd7c82c4cef0dcc6ac45ab16051c1169",
"rev": "677ed08a50931e38382dbef01cba08a8f7eac8f6",
"type": "github"
},
"original": {
@ -537,71 +393,7 @@
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1688764204,
"narHash": "sha256-FsvK+tIvelCI0tWwlMDKfiyb7P/KfxpGbXMrdCKiT8s=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d8bb6c681cf86265fdcf3cc3119f757bbb085835",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1671417167,
"narHash": "sha256-JkHam6WQOwZN1t2C2sbp1TqMv3TVRjzrdoejqfefwrM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "bb31220cca6d044baa6dc2715b07497a2a7c4bc7",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1688679045,
"narHash": "sha256-t3xGEfYIwhaLTPU8FLtN/pLPytNeDwbLI6a7XFFBlGo=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "3c7487575d9445185249a159046cc02ff364bff8",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1688679045,
"narHash": "sha256-t3xGEfYIwhaLTPU8FLtN/pLPytNeDwbLI6a7XFFBlGo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "3c7487575d9445185249a159046cc02ff364bff8",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1650555608,
"narHash": "sha256-e34oMPWPwRWhF1K6NZnF0mNle7qDADJzjWujp8UupGo=",
@ -615,7 +407,7 @@
"type": "indirect"
}
},
"nixpkgs_6": {
"nixpkgs_3": {
"locked": {
"lastModified": 1650161686,
"narHash": "sha256-70ZWAlOQ9nAZ08OU6WY7n4Ij2kOO199dLfNlvO/+pf8=",
@ -630,7 +422,7 @@
"type": "indirect"
}
},
"nixpkgs_7": {
"nixpkgs_4": {
"locked": {
"lastModified": 1640319671,
"narHash": "sha256-ZkKmakwaOaLiZOpIZWbeJZwap5CzJ30s4UJTfydYIYc=",
@ -646,39 +438,9 @@
"type": "github"
}
},
"nixpkgs_8": {
"locked": {
"lastModified": 1678898370,
"narHash": "sha256-xTICr1j+uat5hk9FyuPOFGxpWHdJRibwZC+ATi0RbtE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ac718d02867a84b42522a0ece52d841188208f2c",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-unstable",
"type": "indirect"
}
},
"nixpkgs_9": {
"locked": {
"lastModified": 1678898370,
"narHash": "sha256-xTICr1j+uat5hk9FyuPOFGxpWHdJRibwZC+ATi0RbtE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ac718d02867a84b42522a0ece52d841188208f2c",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-unstable",
"type": "indirect"
}
},
"portable-svc": {
"inputs": {
"nixpkgs": "nixpkgs_6"
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1650586426,
@ -729,11 +491,11 @@
]
},
"locked": {
"lastModified": 1682194077,
"narHash": "sha256-ju/GPxWkZ2qob9TWZ9+cn1rIVY5Aq9Uo06lRTRY98Yg=",
"lastModified": 1672602248,
"narHash": "sha256-VH7/DqYZfQ5N+38gYm3xHEwMVG3iGaPmjfvVAU9ifk4=",
"owner": "Xe",
"repo": "rhea",
"rev": "d0ab7994b597b54f7566e47a11426da203c33b35",
"rev": "a47a471a202e3335569e4254ad35254fb483f416",
"type": "github"
},
"original": {
@ -745,15 +507,15 @@
"root": {
"inputs": {
"agenix": "agenix",
"aura": "aura",
"deploy-rs": "deploy-rs",
"emacs-overlay": "emacs-overlay",
"home-manager": "home-manager_2",
"home-manager": "home-manager",
"mara": "mara",
"nixpkgs": "nixpkgs_4",
"nixpkgs": "nixpkgs",
"printerfacts": "printerfacts",
"rhea": "rhea",
"utils": "utils_3",
"vscode-server": "vscode-server",
"utils": "utils_2",
"waifud": "waifud",
"wsl": "wsl",
"x": "x",
@ -772,11 +534,11 @@
]
},
"locked": {
"lastModified": 1687055571,
"narHash": "sha256-UvLoO6u5n9TzY80BpM4DaacxvyJl7u9mm9CA72d309g=",
"lastModified": 1669516540,
"narHash": "sha256-KzAKsPr6s77I2/0wWJ2tSY7Ca5Av/bqfw3aUv8lbuH4=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "2de557c780dcb127128ae987fca9d6c2b0d7dc0f",
"rev": "d99b1e8e21de25b97cbadb413d3510cec0ba5bc5",
"type": "github"
},
"original": {
@ -785,73 +547,7 @@
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"typst": {
"inputs": {
"nixpkgs": [
"xesite",
"nixpkgs"
]
},
"locked": {
"lastModified": 1680860298,
"narHash": "sha256-aDLg97A+isOBFJMIww2mjVPyTCPSVlguo2tojzms/04=",
"owner": "typst",
"repo": "typst",
"rev": "94e052b8ccace3221aa960b9abe3b3f32b1d894f",
"type": "github"
},
"original": {
"owner": "typst",
"repo": "typst",
"type": "github"
}
},
"utils": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"utils_2": {
"locked": {
"lastModified": 1638122382,
"narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=",
@ -866,16 +562,13 @@
"type": "github"
}
},
"utils_3": {
"inputs": {
"systems": "systems_2"
},
"utils_2": {
"locked": {
"lastModified": 1687709756,
"narHash": "sha256-Y5wKlQSkgEK2weWdOu4J3riRd+kV/VCgHsqLNTTWQ/0=",
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "dbabf0ca0c0c4bce6ea5eaf65af5cb694d2082c7",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github"
},
"original": {
@ -884,62 +577,8 @@
"type": "github"
}
},
"utils_4": {
"locked": {
"lastModified": 1678901627,
"narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"utils_5": {
"locked": {
"lastModified": 1678901627,
"narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"vscode-server": {
"inputs": {
"flake-utils": [
"utils"
],
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1684517665,
"narHash": "sha256-SaAr66uCQ8CF75jIr23FZjk1+9Kfwm5sQnwV25206Gs=",
"owner": "nix-community",
"repo": "nixos-vscode-server",
"rev": "1e1358493df6529d4c7bc4cc3066f76fd16d4ae6",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixos-vscode-server",
"type": "github"
}
},
"waifud": {
"inputs": {
"deno2nix": "deno2nix",
"naersk": "naersk_3",
"nixpkgs": [
"nixpkgs"
@ -950,11 +589,11 @@
"xess": "xess_2"
},
"locked": {
"lastModified": 1686147511,
"narHash": "sha256-KV2KL9TwY+8JexSg3bPnmQ29yWCdvhQMF96D12RmWr4=",
"lastModified": 1666264211,
"narHash": "sha256-/GYmI0FIQ4v2kIzqOUatsUqCGQ8sMhenEyoaWvo2DuA=",
"owner": "Xe",
"repo": "waifud",
"rev": "99069fbcd9a19060b7223dc71613f904b1a1be6c",
"rev": "adbd76009f14bd02773c44973ee855b6a84973dd",
"type": "github"
},
"original": {
@ -963,25 +602,9 @@
"type": "github"
}
},
"wasigo": {
"flake": false,
"locked": {
"lastModified": 1687028565,
"narHash": "sha256-qTb4p9cwdDropX1l8CGvkSvs4l5BrRyxAGCph37YO4Q=",
"owner": "golang",
"repo": "go",
"rev": "261e26761805e03c126bf3934a8f39302e8d85fb",
"type": "github"
},
"original": {
"owner": "golang",
"repo": "go",
"type": "github"
}
},
"wsl": {
"inputs": {
"flake-compat": "flake-compat_3",
"flake-compat": "flake-compat_2",
"flake-utils": [
"utils"
],
@ -990,11 +613,11 @@
]
},
"locked": {
"lastModified": 1688393327,
"narHash": "sha256-UHibyCq4nbnbsNE1SL4p87mYn0PLoGNn1ULXrpLeTRA=",
"lastModified": 1672225470,
"narHash": "sha256-CL81URMZdjwCbqYY+WqIZAo1aj9moWNPISJaRw2YwV4=",
"owner": "nix-community",
"repo": "NixOS-WSL",
"rev": "0982e9ab209aee459ed3331ab4eadbb4d8a023e1",
"rev": "79fa1eb78f746c30e41f1be76a209a407b25dc9d",
"type": "github"
},
"original": {
@ -1006,24 +629,20 @@
"x": {
"inputs": {
"gomod2nix": "gomod2nix",
"iaso-fonts": "iaso-fonts",
"naersk": "naersk_4",
"nixpkgs": [
"nixpkgs"
],
"rust-overlay": "rust-overlay",
"utils": [
"utils"
],
"wasigo": "wasigo",
"xess": "xess_3"
]
},
"locked": {
"lastModified": 1688473456,
"narHash": "sha256-rrzWNiOBbu3OD5ii4NKUX32vsfE4AxEu06LrxUX2pvw=",
"lastModified": 1672604621,
"narHash": "sha256-V5VtmCB6htNBkYWy7zc8TD/lI+oFqUVMGxuE5IsKnXk=",
"owner": "Xe",
"repo": "x",
"rev": "24275d8382915c116b5c68501f3c1d3a893275bd",
"rev": "1a031713e7a4813b40694ffb902b73de4e3d36da",
"type": "github"
},
"original": {
@ -1034,24 +653,22 @@
},
"xesite": {
"inputs": {
"deno2nix": "deno2nix_2",
"flake-compat": "flake-compat_5",
"deno2nix": "deno2nix",
"flake-compat": "flake-compat_4",
"flake-utils": [
"utils"
],
"iosevka": "iosevka",
"naersk": "naersk_5",
"naersk": "naersk_4",
"nixpkgs": [
"nixpkgs"
],
"typst": "typst"
]
},
"locked": {
"lastModified": 1688825369,
"narHash": "sha256-FNFEmgH4lQWlolP0jfBdnvMNlx7jnwhkLZDS9piooaA=",
"lastModified": 1672607480,
"narHash": "sha256-iDQRK6YjXz8iCfTjhZ9LI48YzLP7xE1IaGT6a1vrxMk=",
"owner": "Xe",
"repo": "site",
"rev": "8fb398117b48c0aed1f19c5e5a0d5ceeeab7045c",
"rev": "9ab1724f06c38001afa87c38398f021d9cc64298",
"type": "github"
},
"original": {
@ -1062,8 +679,8 @@
},
"xess": {
"inputs": {
"nixpkgs": "nixpkgs_7",
"utils": "utils_2"
"nixpkgs": "nixpkgs_4",
"utils": "utils"
},
"locked": {
"lastModified": 1640540322,
@ -1091,36 +708,11 @@
]
},
"locked": {
"lastModified": 1682266158,
"narHash": "sha256-VK66KyF1doJ24yktb9rp7Yv7auS6i0P8EnJLhFOz+jY=",
"lastModified": 1640540322,
"narHash": "sha256-II4raADUWKTLDAALyJSToAgL8FB1ADbRHqEr/b3JeIc=",
"owner": "Xe",
"repo": "Xess",
"rev": "3a85d1de06cd3420b4d56a8edd72cd57e6f0806e",
"type": "github"
},
"original": {
"owner": "Xe",
"repo": "Xess",
"type": "github"
}
},
"xess_3": {
"inputs": {
"nixpkgs": [
"x",
"nixpkgs"
],
"utils": [
"x",
"utils"
]
},
"locked": {
"lastModified": 1682266158,
"narHash": "sha256-VK66KyF1doJ24yktb9rp7Yv7auS6i0P8EnJLhFOz+jY=",
"owner": "Xe",
"repo": "Xess",
"rev": "3a85d1de06cd3420b4d56a8edd72cd57e6f0806e",
"rev": "5fabc96de6487a721235c4bdf18214519d9e6201",
"type": "github"
},
"original": {

320
flake.nix
View File

@ -2,16 +2,19 @@
description = "My deploy-rs config for logos";
inputs = {
agenix.url = "github:ryantm/agenix";
deploy-rs.url = "github:serokell/deploy-rs";
home-manager.url = "github:nix-community/home-manager";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
utils.url = "github:numtide/flake-utils";
vscode-server = {
url = "github:nix-community/nixos-vscode-server";
# external dependencies
agenix = {
url = "github:ryantm/agenix";
inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-utils.follows = "utils";
};
deploy-rs = {
url = "github:serokell/deploy-rs";
inputs.nixpkgs.follows = "nixpkgs";
inputs.utils.follows = "utils";
};
emacs-overlay = {
@ -19,6 +22,12 @@
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
inputs.utils.follows = "utils";
};
wsl = {
url = "github:nix-community/NixOS-WSL";
inputs.nixpkgs.follows = "nixpkgs";
@ -26,41 +35,57 @@
};
# my apps
aura = {
url = "github:PonyvilleFM/aura";
inputs.nixpkgs.follows = "nixpkgs";
inputs.utils.follows = "utils";
};
printerfacts = {
url = "git+https://tulpa.dev/cadey/printerfacts.git?ref=main";
inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-utils.follows = "utils";
};
mara = {
url = "git+https://tulpa.dev/Xe/mara.git?ref=main";
inputs.nixpkgs.follows = "nixpkgs";
inputs.utils.follows = "utils";
};
rhea = {
url = "github:Xe/rhea";
inputs.nixpkgs.follows = "nixpkgs";
};
waifud = {
url = "github:Xe/waifud";
inputs.nixpkgs.follows = "nixpkgs";
inputs.utils.follows = "utils";
};
x = {
url = "github:Xe/x";
inputs.nixpkgs.follows = "nixpkgs";
inputs.utils.follows = "utils";
};
xesite = {
url = "github:Xe/site";
inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-utils.follows = "utils";
};
# legacy apps
};
outputs = { self, nixpkgs, deploy-rs, home-manager, agenix, printerfacts, mara
, rhea, waifud, emacs-overlay, wsl, x, xesite, vscode-server, ... }@inputs:
, rhea, waifud, emacs-overlay, wsl, x, xesite, aura, ... }:
let
pkgs = nixpkgs.legacyPackages."x86_64-linux";
pkgs = import nixpkgs {
system = "x86_64-linux";
overlays = [ x.overlays.x86_64-linux.default ];
};
mkSystem = extraModules:
nixpkgs.lib.nixosSystem rec {
@ -68,25 +93,15 @@
modules = [
agenix.nixosModules.age
home-manager.nixosModules.home-manager
vscode-server.nixosModule
({ config, ... }: {
system.configurationRevision = self.sourceInfo.rev;
services.getty.greetingLine =
"<<< Welcome to NixOS ${config.system.nixos.label} @ ${self.sourceInfo.rev} - \\l >>>";
# system.configurationRevision = self.sourceInfo.rev;
# services.getty.greetingLine =
# "<<< Welcome to NixOS ${config.system.nixos.label} @ ${self.sourceInfo.rev} - \\l >>>";
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
nixpkgs.overlays = [
emacs-overlay.overlay
(import ./overlays/tree-sitter-typescript.nix)
(import ./overlays/weechat.nix)
];
services.vscode-server.enable = true;
environment.systemPackages = with pkgs;
[ x.packages.${system}.uploud ];
nixpkgs.overlays = [ emacs-overlay.overlay ];
})
./common
@ -94,17 +109,11 @@
mara.nixosModules.${system}.bot
rhea.nixosModule.${system}
x.nixosModules.default
#xesite.nixosModules.default
xesite.nixosModules.default
aura.nixosModules.aerial
aura.nixosModules.aura
] ++ extraModules;
};
mkAlrest = extraModules:
mkSystem (extraModules ++ [
./hardware/alrest
./hardware/location/YOW
waifud.nixosModules.x86_64-linux.waifud-runner
]);
in {
devShells.x86_64-linux.default = pkgs.mkShell {
buildInputs = [
@ -116,13 +125,202 @@
nixosModules = {
microcode = import ./common/microcode.nix;
home-manager = import ./common/home-manager;
workVM = import ./modules/workVM.nix;
workVM = ({ pkgs, config, ... }: {
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
nixpkgs.overlays = [ emacs-overlay.overlay ];
nix.package = pkgs.nixVersions.stable;
nix.extraOptions = ''
experimental-features = nix-command flakes
'';
security.pam.loginLimits = [{
domain = "*";
type = "soft";
item = "nofile";
value = "unlimited";
}];
services.journald.extraConfig = ''
SystemMaxUse=100M
MaxFileSec=7day
'';
services.resolved = {
enable = true;
dnssec = "false";
};
users.groups.xe = { };
users.users.xe = {
extraGroups = [
"wheel"
"docker"
"audio"
"plugdev"
"libvirtd"
"adbusers"
"dialout"
"within"
];
shell = pkgs.fish;
isNormalUser = true;
group = "xe";
};
boot.binfmt.emulatedSystems = [ "wasm32-wasi" ];
environment.systemPackages = with pkgs; [ mosh flyctl ];
virtualisation.docker.enable = true;
services.tailscale.enable = true;
home-manager.users.xe = { lib, ... }:
let
name = "Xe Iaso";
email = "xe@tailscale.com";
commitTemplate = pkgs.writeTextFile {
name = "xe-commit-template";
text = ''
Signed-off-by: ${name} <${email}>
'';
};
in {
imports = [ ./common/home-manager ];
within = {
emacs.enable = true;
fish.enable = true;
neofetch.enable = true;
vim.enable = true;
tmux.enable = true;
};
services.lorri.enable = true;
services.emacs.enable = lib.mkForce false;
programs.direnv.enable = true;
programs.direnv.nix-direnv.enable = true;
programs.git = {
package = pkgs.gitAndTools.gitFull;
enable = true;
userName = name;
userEmail = email;
ignores = [ "*~" "*.swp" "*.#" ];
delta.enable = true;
extraConfig = {
commit.template = "${commitTemplate}";
core.editor = "vim";
color.ui = "auto";
credential.helper = "store --file ~/.git-credentials";
format.signoff = true;
init.defaultBranch = "main";
protocol.keybase.allow = "always";
pull.rebase = "true";
push.default = "current";
};
};
};
});
};
nixosConfigurations = {
# wsl
xatci =
mkSystem [ wsl.nixosModules.wsl (import ./modules/wsl.nix inputs) ];
xatci = nixpkgs.lib.nixosSystem rec {
system = "x86_64-linux";
modules = [
home-manager.nixosModules.home-manager
wsl.nixosModules.wsl
({ config, ... }: {
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
nixpkgs.overlays = [ emacs-overlay.overlay ];
networking.hostName = "xatci";
networking.nameservers = [ "100.100.100.100" ];
networking.search = [ "shark-harmonic.ts.net" ];
wsl = {
enable = true;
automountPath = "/mnt";
defaultUser = "cadey";
startMenuLaunchers = true;
};
nix.package = pkgs.nixVersions.stable;
nix.extraOptions = ''
experimental-features = nix-command flakes
'';
users.users.cadey = {
extraGroups = [
"wheel"
"docker"
"audio"
"plugdev"
"libvirtd"
"adbusers"
"dialout"
"within"
];
shell = pkgs.fish;
};
environment.systemPackages = with pkgs; [ mosh flyctl ];
virtualisation.docker.enable = true;
home-manager.users.cadey = { lib, ... }:
let
name = "Xe Iaso";
email = "me@xeiaso.net";
commitTemplate = pkgs.writeTextFile {
name = "cadey-commit-template";
text = ''
Signed-off-by: ${name} <${email}>
'';
};
in {
imports = [ ./common/home-manager ];
within = {
emacs.enable = true;
fish.enable = true;
neofetch.enable = true;
vim.enable = true;
tmux.enable = true;
};
services.emacs.enable = lib.mkForce false;
programs.direnv.enable = true;
programs.direnv.nix-direnv.enable = true;
programs.git = {
package = pkgs.gitAndTools.gitFull;
enable = true;
userName = name;
userEmail = email;
ignores = [ "*~" "*.swp" "*.#" ];
delta.enable = true;
extraConfig = {
commit.template = "${commitTemplate}";
core.editor = "vim";
color.ui = "auto";
credential.helper = "store --file ~/.git-credentials";
format.signoff = true;
init.defaultBranch = "main";
protocol.keybase.allow = "always";
pull.rebase = "true";
push.default = "current";
};
};
};
})
];
};
keitai = mkSystem [ ./hosts/keitai ./hardware/location/YOW ];
@ -131,20 +329,40 @@
itsuki = mkSystem [ ./hosts/itsuki ./hardware/location/YOW ];
kos-mos = mkAlrest [ ./hosts/kos-mos ];
kos-mos = mkSystem [
./hosts/kos-mos
./hardware/alrest
./hardware/location/YOW
waifud.nixosModules.x86_64-linux.waifud-runner
];
logos = mkAlrest [ ./hosts/logos ];
logos = mkSystem [
./hosts/logos
./hardware/alrest
./hardware/location/YOW
waifud.nixosModules.x86_64-linux.waifud-runner
];
ontos = mkAlrest [ ./hosts/ontos ];
ontos = mkSystem [
./hosts/ontos
./hardware/alrest
./hardware/location/YOW
waifud.nixosModules.x86_64-linux.waifud-runner
];
pneuma = mkAlrest [ ./hosts/pneuma ];
joker = mkSystem [ ./hosts/joker ./hardware/location/YYZ ];
pneuma = mkSystem [
./hosts/pneuma
./hardware/alrest
./hardware/location/YOW
waifud.nixosModules.x86_64-linux.waifud-runner
];
# cloud
akko = mkSystem [ ./hosts/akko ./hardware/location/YYZ ];
firgu = mkSystem [ ./hosts/firgu ./hardware/location/YYZ ];
lufta = mkSystem [ ./hosts/lufta ];
};
deploy.nodes.akko = {
@ -170,7 +388,7 @@
};
deploy.nodes.chrysalis = {
hostname = "192.168.2.100";
hostname = "192.168.2.29";
sshUser = "root";
fastConnection = true;
@ -182,7 +400,7 @@
};
deploy.nodes.itsuki = {
hostname = "192.168.2.34";
hostname = "192.168.2.174";
sshUser = "root";
fastConnection = true;
@ -193,20 +411,8 @@
};
};
deploy.nodes.joker = {
hostname = "192.168.2.80";
sshUser = "root";
fastConnection = true;
profiles.system = {
user = "root";
path = deploy-rs.lib.x86_64-linux.activate.nixos
self.nixosConfigurations.joker;
};
};
deploy.nodes.logos = {
hostname = "192.168.2.33";
hostname = "192.168.2.35";
sshUser = "root";
fastConnection = true;
@ -230,7 +436,7 @@
};
deploy.nodes.ontos = {
hostname = "192.168.2.25";
hostname = "192.168.2.34";
sshUser = "root";
fastConnection = true;
@ -242,7 +448,7 @@
};
deploy.nodes.pneuma = {
hostname = "192.168.2.31";
hostname = "192.168.2.33";
sshUser = "root";
fastConnection = true;

5
hardware/alrest/default.nix
View File

@ -40,7 +40,6 @@
services.tailscale.enable = true;
virtualisation.libvirtd.enable = true;
virtualisation.docker.enable = true;
systemd.services.network-setup = {
serviceConfig.Type = "oneshot";
@ -49,8 +48,4 @@
};
systemd.services.tailscaled.path = with pkgs; [ mosh getent shadow ];
home-manager.users.cadey = { ... }: {
within.emacs.enable = true;
};
}

2
hardware/alrest/hardware-configuration.nix
View File

@ -30,4 +30,6 @@
swapDevices = [{ device = "/dev/nvme0n1p2"; }];
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
# high-resolution display
hardware.video.hidpi.enable = lib.mkDefault true;
}

2
hardware/alrest/zrepl.nix
View File

@ -2,7 +2,7 @@
{
services.zrepl = {
enable = false;
enable = true;
settings = {
global = {
logging = [{

BIN
hosts/.DS_Store vendored Normal file
View File

Binary file not shown.

5
hosts/akko/akkoma.nix
View File

@ -13,7 +13,6 @@ in {
};
":prometheus"."Pleroma.Web.Endpoint.MetricsExporter" = {
enabled = true;
auth = false;
format = mkRaw ":text";
path = "/api/pleroma/app_metrics";
};
@ -32,14 +31,10 @@ in {
max_pinned_statuses = 10;
max_account_fields = 100;
upload_limit = 67108864;
limit_to_local_content = mkRaw ":unauthenticated";
healthcheck = true;
cleanup_attachments = true;
allow_relay = true;
safe_dm_mentions = true;
external_user_synchronization = true;
};
":pleroma".":mrf".policies =
map mkRaw [ "Pleroma.Web.ActivityPub.MRF.SimplePolicy" ];

1
hosts/akko/blocklist.nix
View File

@ -52,7 +52,6 @@
"mastodon.popps.org" = "Homophobia";
"meta-tube.de" =
"Conspiracy, CoVid19 denier videos https://fediblock.org/blocklist/#meta-tube.de";
"mostr.pub" = "nostr, unmoderated";
"midnightride.rs" = "Discrimination";
"mstdn.foxfam.club" = "Right wing twitter mirror";
"nicecrew.digital" = ''Discrimination, racism, "free speech zone"²'';

7
hosts/akko/default.nix
View File

@ -20,13 +20,6 @@
services.tailscale.enable = true;
services.postgresql = {
authentication = ''
host replication replication 100.64.0.0/10 md5
'';
enableTCPIP = true;
};
security.acme.acceptTerms = true;
services.nginx = {

18
hosts/chrysalis/default.nix
View File

@ -1,8 +1,12 @@
{ lib, config, pkgs, ... }:
{
imports =
[ ./hardware-configuration.nix ./prometheus.nix ./solanum.nix ./znc.nix ];
imports = [
./hardware-configuration.nix
./prometheus.nix
./solanum.nix
./znc.nix
];
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
@ -32,14 +36,8 @@
services.tailscale.enable = true;
services.postgresql = {
enable = true;
package = pkgs.postgresql_15;
enableTCPIP = true;
authentication = ''
host marabot all 100.64.0.0/10 md5
'';
};
services.postgresql.enable = true;
services.postgresql.package = pkgs.postgresql_15;
services.avahi = {
enable = true;

4
hosts/chrysalis/prometheus.nix
View File

@ -64,10 +64,6 @@
job_name = "chrysalis";
static_configs = [{ targets = [ "chrysalis:9100" ]; }];
}
{
job_name = "joker";
static_configs = [{ targets = [ "joker:9100" ]; }];
}
{
job_name = "firgu";
static_configs = [{ targets = [ "firgu:9100" ]; }];

46
hosts/joker/default.nix → hosts/froslass/default.nix
View File

@ -15,37 +15,8 @@
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.efi.efiSysMountPoint = "/boot/efi";
systemd.services.NetworkManager-wait-online.enable = false;
networking.hostName = "joker"; # Define your hostname.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# make steam work
hardware.opengl.driSupport32Bit = true;
hardware.steam-hardware.enable = true;
within.microcode.enable = true;
within.microcode.vendor = "amd";
services.prometheus = {
exporters = {
node = {
enable = true;
};
wireguard.enable = true;
};
};
programs.steam = {
enable = true;
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
};
services.tailscale.enable = true;
services.openssh.enable = true;
hardware.bluetooth.enable = true;
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
@ -53,6 +24,9 @@
# Enable networking
networking.networkmanager.enable = true;
# Enable network manager applet
programs.nm-applet.enable = true;
# Set your time zone.
time.timeZone = "America/Toronto";
@ -62,9 +36,9 @@
# Enable the X11 windowing system.
services.xserver.enable = true;
# Enable the KDE Plasma Desktop Environment.
services.xserver.displayManager.sddm.enable = true;
services.xserver.desktopManager.plasma5.enable = true;
# Enable the MATE Desktop Environment.
services.xserver.displayManager.lightdm.enable = true;
services.xserver.desktopManager.mate.enable = true;
# Configure keymap in X11
services.xserver = {
@ -98,11 +72,10 @@
# Define a user account. Don't forget to set a password with passwd.
users.users.xe = {
isNormalUser = true;
description = "Xe";
description = "Xe IAso";
extraGroups = [ "networkmanager" "wheel" ];
packages = with pkgs; [
firefox
kate
# thunderbird
];
};
@ -121,9 +94,6 @@
# wget
];
programs._1password-gui.enable = true;
services.flatpak.enable = true;
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
@ -138,7 +108,7 @@
# services.openssh.enable = true;
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [ 9100 ];
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;

26
hosts/joker/hardware-configuration.nix → hosts/froslass/hardware-configuration.nix
View File

@ -4,41 +4,31 @@
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
imports = [ ];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.availableKernelModules = [ "virtio_pci" "xhci_pci" "usbhid" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/2cfe44a5-4f2f-4629-9469-e2e51f615f52";
{ device = "/dev/disk/by-uuid/d089a853-2017-4373-805a-7b9e99a60a38";
fsType = "ext4";
};
fileSystems."/boot/efi" =
{ device = "/dev/disk/by-uuid/F4E2-BB3E";
{ device = "/dev/disk/by-uuid/A13D-95A6";
fsType = "vfat";
};
fileSystems."/data" =
{ device = "/dev/disk/by-uuid/a84c680c-4e0d-4cee-9f7c-1e131e689d3c";
fsType = "ext4";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/337c4cbe-824a-49d6-aca7-102b392fdf5f"; }
];
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp37s0.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
}

26
hosts/itsuki/default.nix
View File

@ -50,18 +50,22 @@
services.tailscale.enable = true;
xeserv.services.vest-pit-near.enable = true;
age.secrets.vest-pit-near = {
file = ../../secret/vest-pit-near.age;
path = "/var/lib/private/vest-pit-near/.env";
owner = "root";
group = "docker";
mode = "770";
services.nginx = {
enable = true;
virtualHosts."itsuki.shark-harmonic.ts.net" = {
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:32400";
proxyWebsockets = true;
};
locations."/transmission" = {
proxyPass = "http://127.0.0.1:9091";
proxyWebsockets = true;
};
sslCertificate = "/srv/within/certs/itsuki.shark-harmonic.ts.net.crt";
sslCertificateKey = "/srv/within/certs/itsuki.shark-harmonic.ts.net.key";
};
};
within.users.enableSystem = true;
home-manager.users.cadey = { ... }: {
within.emacs.enable = true;
};
}

2
hosts/itsuki/zrepl.nix
View File

@ -2,7 +2,7 @@
{
services.zrepl = {
enable = false;
enable = true;
settings = {
global = {
logging = [{

3
hosts/logos/default.nix
View File

@ -18,7 +18,4 @@
# Optionally, you may need to select the appropriate driver version for your specific GPU.
hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.stable;
virtualisation.docker.enableNvidia = true;
hardware.opengl.driSupport32Bit = true;
}

2
hosts/logos/minecraft.nix
View File

@ -1,6 +1,6 @@
{ ... }: {
services.minecraft-server = {
enable = false;
enable = true;
eula =
true; # set to true if you agree to Mojang's EULA: https://account.mojang.com/documents/minecraft_eula
declarative = true;

1
hosts/lufta/.gitignore vendored Normal file
View File

@ -0,0 +1 @@
secret

114
hosts/lufta/acme.nix Normal file
View File

@ -0,0 +1,114 @@
{ pkgs, ... }:
let
aws = "/var/lib/acme/.env";
extraLegoFlags = [ "--dns.resolvers=8.8.8.8:53" ];
in {
age.secrets.aws = {
file = ../../secret/lufta.aws.env.age;
path = "/var/lib/acme/.env";
mode = "600";
owner = "acme";
group = "nginx";
};
security.acme.defaults.email = "me@christine.website";
security.acme.acceptTerms = true;
security.acme.certs."xeiaso.net" = {
group = "nginx";
email = "me@christine.website";
dnsProvider = "route53";
credentialsFile = "${aws}";
extraDomainNames = [ "*.xeiaso.net" "xelaso.net" ];
inherit extraLegoFlags;
};
security.acme.certs."tulpa.dev" = {
group = "nginx";
email = "me@christine.website";
dnsProvider = "route53";
credentialsFile = "${aws}";
extraDomainNames = [ "*.tulpa.dev" ];
inherit extraLegoFlags;
};
security.acme.certs."christine.website" = {
group = "nginx";
email = "me@christine.website";
dnsProvider = "route53";
credentialsFile = "${aws}";
extraDomainNames = [ "*.christine.website" ];
inherit extraLegoFlags;
};
security.acme.certs."cetacean.club" = {
group = "nginx";
email = "me@christine.website";
dnsProvider = "route53";
credentialsFile = "${aws}";
extraDomainNames =
[ "*.cetacean.club" "*.kahless.cetacean.club" "*.lufta.cetacean.club" ];
inherit extraLegoFlags;
};
security.acme.certs."pvfmsets.cf" = {
group = "nginx";
email = "me@christine.website";
dnsProvider = "route53";
credentialsFile = "${aws}";
inherit extraLegoFlags;
};
security.acme.certs."tulpanomicon.guide" = {
group = "nginx";
email = "me@christine.website";
dnsProvider = "route53";
credentialsFile = "${aws}";
extraDomainNames = [ "*.tulpanomicon.guide" ];
inherit extraLegoFlags;
};
security.acme.certs."tulpaforce.xyz" = {
group = "nginx";
email = "me@christine.website";
dnsProvider = "route53";
credentialsFile = "${aws}";
extraDomainNames = [ "*.tulpaforce.xyz" ];
inherit extraLegoFlags;
};
security.acme.certs."within.website" = {
group = "nginx";
email = "me@christine.website";
dnsProvider = "route53";
credentialsFile = "${aws}";
extraDomainNames = [ "*.within.website" ];
inherit extraLegoFlags;
};
security.acme.certs."xeserv.us" = {
group = "nginx";
email = "me@christine.website";
dnsProvider = "route53";
credentialsFile = "${aws}";
extraDomainNames = [
"*.xeserv.us"
"*.greedo.xeserv.us"
"*.apps.xeserv.us"
"*.minipaas.xeserv.us"
];
inherit extraLegoFlags;
};
security.acme.certs."xn--u7hz981o.ws" = {
group = "nginx";
email = "me@christine.website";
dnsProvider = "route53";
credentialsFile = "${aws}";
extraDomainNames = [ "*.xn--u7hz981o.ws" ];
inherit extraLegoFlags;
};
}

9
hosts/lufta/akua.nix Normal file
View File

@ -0,0 +1,9 @@
{ pkgs, config, ... }:
let metadata = pkgs.callPackage ../../ops/metadata/peers.nix { };
in {
boot.kernel.sysctl = {
"net.ipv4.ip_forward" = 1;
"net.ipv6.conf.all.forwarding" = 1;
};
}

28
hosts/lufta/bootstrap.nix Normal file
View File

@ -0,0 +1,28 @@
{ pkgs, ... }:
{
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPg9gYKVglnO2HQodSJt4z4mNrUSUiyJQ7b+J798bwD9 cadey@shachi"
];
networking.usePredictableInterfaceNames = false;
systemd.network = {
enable = true;
networks."eth0".extraConfig = ''
[Match]
Name = eth0
[Network]
# Add your own assigned ipv6 subnet here here!
Address = 2a01:4f9:3a:1a1c::/64
Gateway = fe80::1
# optionally you can do the same for ipv4 and disable DHCP (networking.dhcpcd.enable = false;)
Address = 135.181.162.99/26
Gateway = 135.181.162.65
'';
};
boot.supportedFilesystems = [ "zfs" ];
environment.systemPackages = with pkgs; [ wget vim zfs ];
}

5
hosts/lufta/certs.akua.nix Normal file
View File

@ -0,0 +1,5 @@
{ ... }:
{
services.nginx.virtualHosts."certs.akua" = { };
}

171
hosts/lufta/default.nix Normal file
View File

@ -0,0 +1,171 @@
{ config, pkgs, lib, ... }:
{
imports = [
./acme.nix
./akua.nix
./docker.nix
./gitea.nix
./hardware-configuration.nix
./monitoring.nix
./weechat.nix
./within.nix
./when-then-zen.nix
./zrepl.nix
];
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/nvme0n1"; # or "nodev" for efi only
boot.kernelParams = [ "zfs.zfs_arc_max=1073741824" ];
boot.zfs.devNodes = "/dev/disk/by-partuuid";
networking.hostName = "lufta"; # Define your hostname.
networking.hostId = "2487cd1f";
networking.useDHCP = false;
networking.interfaces.eth0.useDHCP = false;
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPg9gYKVglnO2HQodSJt4z4mNrUSUiyJQ7b+J798bwD9 cadey@shachi"
];
security.polkit.enable = true;
networking.usePredictableInterfaceNames = false;
systemd.network = {
enable = true;
networks."eth0".extraConfig = ''
[Match]
Name = eth0
[Network]
# Add your own assigned ipv6 subnet here here!
Address = 2a01:4f9:3a:1a1c::/64
Gateway = fe80::1
# optionally you can do the same for ipv4 and disable DHCP (networking.dhcpcd.enable = false;)
Address = 135.181.162.99/26
Gateway = 135.181.162.65
'';
};
services.tor.enable = true;
services.tor.client.enable = true;
services.tor.settings.SOCKSPort = [ 9051 ];
boot.supportedFilesystems = [ "zfs" ];
environment.systemPackages = with pkgs; [ wget vim zfs weechat tailscale ];
networking.firewall = {
enable = false;
allowedTCPPorts = [ 22 80 443 1965 6667 6697 ];
allowedUDPPorts = [ 41641 51822 51820 ];
allowedUDPPortRanges = [{
from = 32768;
to = 65535;
}];
trustedInterfaces = [ "akua" "tailscale0" ];
};
system.stateVersion = "20.09"; # Did you read the comment?
within.microcode = {
enable = true;
vendor = "amd";
};
virtualisation.docker.enable = true;
virtualisation.docker.storageDriver = "zfs";
virtualisation.libvirtd.enable = true;
systemd.services.nginx.serviceConfig.SupplementaryGroups = "within";
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
statusPage = true;
enableReload = true;
commonHttpConfig = ''
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 104.16.0.0/13;
set_real_ip_from 104.24.0.0/14;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 131.0.72.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 2400:cb00::/32;
set_real_ip_from 2606:4700::/32;
set_real_ip_from 2803:f800::/32;
set_real_ip_from 2405:b500::/32;
set_real_ip_from 2405:8100::/32;
set_real_ip_from 2c0f:f248::/32;
set_real_ip_from 2a06:98c0::/29;
real_ip_header CF-Connecting-IP;
'';
virtualHosts."withinwebsite" = {
locations = {
"/.well-known/matrix/server".extraConfig = let
# use 443 instead of the default 8448 port to unite
# the client-server and server-server port for simplicity
server = { "m.server" = "matrix.within.website:443"; };
in ''
add_header Content-Type application/json;
return 200 '${builtins.toJSON server}';
'';
"/.well-known/matrix/client".extraConfig = let
client = {
"m.homeserver" = { "base_url" = "https://matrix.within.website"; };
};
# ACAO required to allow riot-web on any URL to request this json file
in ''
add_header Content-Type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON client}';
'';
};
};
};
services.tailscale.enable = true;
services.mysql = {
enable = true;
package = pkgs.mariadb;
settings.mysqld.bind-address = "127.0.0.1";
};
services.zfs.autoScrub.enable = true;
services.zfs.autoSnapshot = {
enable = true;
monthly = 1;
};
services.yggdrasil = {
enable = true;
persistentKeys = true;
openMulticastPort = true;
config = {
IfName = "yggdrasil0";
Peers = [
"tls://94.103.82.150:8080"
"tcp://ams1.y.sota.sh:8080"
"tls://45.147.198.155:6010"
"tls://ygg-nl.incognet.io:8884"
];
};
};
}

20
hosts/lufta/docker.nix Normal file
View File

@ -0,0 +1,20 @@
{ config, pkgs, ... }:
{
virtualisation.oci-containers.containers = {
olin = {
image = "xena/olin:latest";
ports = [ "127.0.0.1:25723:5000" ];
environment.PORT = "5000";
};
};
services.nginx.virtualHosts."olin.within.website" = {
locations."/".proxyPass = "http://127.0.0.1:25723";
forceSSL = true;
useACMEHost = "within.website";
extraConfig = ''
access_log /var/log/nginx/olin.access.log;
'';
};
}

78
hosts/lufta/gitea.nix Normal file
View File

@ -0,0 +1,78 @@
{ config, pkgs, lib, ... }:
let cfg = config.services.gitea;
in {
users.users.git = {
description = "Gitea Service";
home = cfg.stateDir;
useDefaultShell = true;
group = "git";
isSystemUser = true;
};
users.groups.git = { };
services.gitea = {
enable = true;
user = "git";
domain = "tulpa.dev";
appName = "${cfg.domain}: git in plurality";
rootUrl = "https://${cfg.domain}/";
httpAddress = "127.0.0.1";
httpPort = 49381;
log.level = "Error";
settings = {
i18n = {
LANGS = "en-US";
NAMES = "glico";
};
metrics = {
ENABLED = true;
ENABLED_ISSUE_BY_LABEL = true;
ENABLED_ISSUE_BY_REPOSITORY = true;
};
other.SHOW_FOOTER_VERSION = false;
security.INSTALL_LOCK = true;
service = {
DISABLE_REGISTRATION = lib.mkForce true;
REGISTER_MANUAL_CONFIRM = true;
REQUIRE_SIGNIN_VIEW = false;
REGISTER_EMAIL_CONFIRM = false;
ENABLE_NOTIFY_MAIL = false;
ALLOW_ONLY_EXTERNAL_REGISTRATION = false;
ENABLE_CAPTCHA = false;
DEFAULT_KEEP_EMAIL_PRIVATE = true;
DEFAULT_ALLOW_CREATE_ORGANIZATION = true;
DEFAULT_ENABLE_TIMETRACKING = true;
};
server.SSH_DOMAIN = "ssh.tulpa.dev";
};
dump.enable = false;
database.user = "git";
};
services.cfdyndns.records = [ "lufta.tulpa.dev" "tulpa.dev" ];
services.nginx.virtualHosts."lufta.tulpa.dev" = {
locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.httpPort}";
proxyWebsockets = true;
};
forceSSL = true;
useACMEHost = "tulpa.dev";
extraConfig = ''
access_log /var/log/nginx/gitea.access.log;
'';
};
services.nginx.virtualHosts."tulpa.dev" = {
locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.httpPort}";
proxyWebsockets = true;
};
forceSSL = true;
useACMEHost = "tulpa.dev";
extraConfig = ''
access_log /var/log/nginx/gitea.access.log;
'';
};
}

72
hosts/lufta/hardware-configuration.nix Normal file
View File

@ -0,0 +1,72 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules =
[ "xhci_pci" "ahci" "nvme" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "rpool/safe/root";
fsType = "zfs";
};
fileSystems."/nix" = {
device = "rpool/local/nix";
fsType = "zfs";
};
fileSystems."/home" = {
device = "rpool/safe/home";
fsType = "zfs";
};
fileSystems."/srv/within" = {
device = "rpool/safe/srv/within";
fsType = "zfs";
};
fileSystems."/srv/within/aura" = {
device = "rpool/safe/srv/aura";
fsType = "zfs";
};
fileSystems."/srv/http/xena.greedo.xeserv.us" = {
device = "rpool/safe/srv/xena-greedo-xeserv-us";
fsType = "zfs";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/8e7e8aed-d92c-4bbd-8d8e-318c8920740a";
fsType = "ext4";
};
fileSystems."/var/lib/libvirt/images/pool" = {
device = "rpool/safe/vm-images";
fsType = "zfs";
};
fileSystems."/srv/backup" = {
device = "rpool/safe/srv/backup";
fsType = "zfs";
};
fileSystems."/srv/certs" = {
device = "rpool/safe/srv/certs";
fsType = "zfs";
};
fileSystems."/srv/http" = {
device = "rpool/safe/srv/http";
fsType = "zfs";
};
swapDevices =
[{ device = "/dev/disk/by-uuid/23cb316c-06d8-4a74-86d2-0d2f7474ade2"; }];
}

54
hosts/lufta/monitoring.nix Normal file
View File

@ -0,0 +1,54 @@
{ config, pkgs, ... }:
{
services.prometheus = {
exporters = {
node = {
enable = true;
enabledCollectors = [ "systemd" ];
};
wireguard = { enable = true; };
nginx = { enable = true; };
nginxlog = {
enable = true;
settings = {
namespaces = let
format = ''
$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"'';
mkApp = name: {
metrics_override.prefix = "nginx";
inherit name format;
source.files = [ "/var/log/nginx/${name}.access.log" ];
namespace_label = "vhost";
};
in [
{
name = "filelogger";
inherit format;
source.files = [ "/var/log/nginx/access.log" ];
}
(mkApp "gitea")
(mkApp "goproxy")
(mkApp "graphviz")
(mkApp "idp")
(mkApp "johaus")
(mkApp "lewa")
(mkApp "maison")
(mkApp "mi")
(mkApp "olin")
(mkApp "printerfacts")
(mkApp "todayinmarch2020")
(mkApp "tulpaforce")
(mkApp "tulpanomicon")
(mkApp "when-then-zen")
(mkApp "withinwebsite")
(mkApp "xenafiles")
(mkApp "xesite")
];
};
group = "nginx";
user = "nginx";
};
};
};
}

30
hosts/lufta/weechat.nix Normal file
View File

@ -0,0 +1,30 @@
{ config, pkgs, ... }:
let
domain = name: "irc-${name}.lufta.cetacean.club";
vhost = { domain, port, ... }: {
forceSSL = true;
locations."^~ /weechat" = {
proxyPass = "http://127.0.0.1:${toString port}";
proxyWebsockets = true;
};
locations."/" = { root = pkgs.glowing-bear; };
useACMEHost = "cetacean.club";
};
cadey = domain "cadey";
mai = domain "mai";
in {
services.cfdyndns.records = [ cadey mai ];
services.nginx.virtualHosts = {
"${cadey}" = vhost {
domain = cadey;
port = 28945;
};
"${mai}" = vhost {
domain = mai;
port = 28946;
};
};
}

167
hosts/lufta/when-then-zen.nix Normal file
View File

@ -0,0 +1,167 @@
{ pkgs, ... }:
let
port = 38471;
config = pkgs.writeTextFile {
name = "Caddyfile";
text = ''
when-then-zen.christine.website:${toString port} {
tls off
errors syslog
root /srv/http/when-then-zen.christine.website
internal /README.md
internal /templates
internal /LICENSE
internal /Caddyfile
ext .md
browse /bonus
browse /meditation /srv/http/when-then-zen.christine.website/templates/index.html
browse /skills /srv/http/when-then-zen.christine.website/templates/index.html
markdown / {
template templates/page.html
}
}
xena.greedo.xeserv.us:${toString port} {
tls off
errors syslog
header / X-Clacks-Overhead "GNU Ashlynn"
root /srv/http/xena.greedo.xeserv.us
markdown / {
template blog templates/blog.html
template index templates/index.html
}
browse
}
xn--u7hz981o.ws:${toString port} {
tls off
errors syslog
header / X-Clacks-Overhead "GNU Ashlynn"
internal /templates
root /srv/http/xn--u7hz981o.ws
markdown / {
template index templates/index.html
template page templates/page.html
}
}
'';
};
caddyPkg = pkgs.stdenv.mkDerivation {
pname = "caddy";
version = "1.0.4";
src = builtins.fetchurl {
url =
"https://github.com/caddyserver/caddy/releases/download/v1.0.4/caddy_v1.0.4_linux_amd64.tar.gz";
sha256 = "0cmlwkp3cjx5yw3947y91wymsr398knq92q3iwc57bdzdi33fzwy";
};
phases = "unpackPhase installPhase";
installPhase = ''
tar zxf $src
mkdir -p $out/bin
cp ./caddy $out/bin/caddy
'';
};
in {
age.secrets.mi-token = {
file = ../../secret/lufta.aws.env.age;
path = "/var/lib/nginx/mi-token";
mode = "600";
owner = "nginx";
group = "nginx";
};
services.fcgiwrap.enable = true;
services.nginx.virtualHosts = {
"home.cetacean.club" = {
locations."/front".extraConfig = ''
root /tmp;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT /srv/http/home.cetacean.club;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param HTTPS $https;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;
fastcgi_param MI_TOKEN_PATH /var/lib/nginx/mi-token;
fastcgi_param SCRIPT_FILENAME ${pkgs.xeserv.whoisfront};
fastcgi_pass unix:/run/fcgiwrap.sock;
'';
forceSSL = true;
useACMEHost = "cetacean.club";
extraConfig = ''
access_log /var/log/nginx/home.cetacean.club.access.log;
'';
};
"when-then-zen.christine.website" = {
locations."/" = { proxyPass = "http://127.0.0.1:${toString port}"; };
forceSSL = true;
useACMEHost = "christine.website";
extraConfig = ''
access_log /var/log/nginx/when-then-zen.access.log;
'';
};
"xena.greedo.xeserv.us" = {
locations."/".proxyPass = "http://127.0.0.1:${toString port}";
forceSSL = true;
useACMEHost = "xeserv.us";
extraConfig = ''
access_log /var/log/nginx/xenafiles.access.log;
'';
};
"xn--u7hz981o.ws" = {
locations."/".proxyPass = "http://127.0.0.1:${toString port}";
forceSSL = true;
useACMEHost = "xn--u7hz981o.ws";
};
};
systemd.services.caddy = {
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = "nginx";
Group = "within";
Restart = "on-failure";
RestartSec = "30s";
};
script = ''
exec ${caddyPkg}/bin/caddy -conf ${config} -port ${toString port} -agree
'';
};
}

173
hosts/lufta/within.nix Normal file
View File

@ -0,0 +1,173 @@
{ config, ... }:
let
paths = [
"/srv"
"/home/cadey/.weechat"
"/home/mai/.weechat"
"/home/cadey/life"
"/home/cadey/org"
"/var/lib/acme"
"/var/lib/gitea"
"/var/lib/mysql"
"/var/lib/tor/onion"
"/srv/http/xena.greedo.xeserv.us/articles"
"/srv/http/xena.greedo.xeserv.us/books"
"/srv/http/xena.greedo.xeserv.us/css"
"/srv/http/xena.greedo.xeserv.us/fics"
"/srv/http/xena.greedo.xeserv.us/pkg"
"/srv/http/xena.greedo.xeserv.us/repo"
"/srv/http/xena.greedo.xeserv.us/templates"
"/srv/http/xena.greedo.xeserv.us/tumblr"
"/srv/gemini"
"/home/cadey/prefix/flightjournal"
"/run/keys"
"/home/cadey/backup/ponychat"
"/home/cadey/backup/shadowh511"
"/home/cadey/go/src"
"/home/cadey/code"
"/home/cadey/prefix"
"/home/cadey/backup/construct"
"/home/cadey/backup/greedo"
"/home/cadey/backup/luna"
"/home/cadey/backup/tulpa"
];
exclude = [
# temporary files created by cargo
"**/target"
"/home/cadey/prefix/aura"
"/srv/http/xena.greedo.xeserv.us"
"/srv/backup"
"/var/lib/docker"
"/var/lib/systemd"
"/var/lib/libvirt"
"'**/.cache'"
"'**/.nix-profile'"
"'**/.elm'"
"'**/.emacs.d'"
];
in {
# services.borgbackup.jobs."hetzner" = {
# inherit paths exclude;
# repo = "ssh://u252481@u252481.your-storagebox.de:23/./lufta";
# encryption = {
# mode = "repokey-blake2";
# passCommand = "cat /root/borgbackup_passphrase";
# };
# environment.BORG_RSH = "ssh -i /root/.ssh/id_rsa";
# compression = "auto,lzma";
# startAt = "daily";
# };
within = {
backups = {
inherit exclude paths;
enable = true;
repo = "57196@usw-s007.rsync.net:lufta";
};
services = {
# webapps
aura = {
enable = true;
domain = "pvfmsets.cf";
};
mi = {
enable = false;
useACME = true;
domain = "mi.within.website";
port = 38184;
};
printerfacts = {
enable = true;
useACME = true;
domain = "printerfacts.cetacean.club";
};
xesite = {
enable = true;
useACME = true;
domain = "christine.website";
};
# gemini server
rhea = {
enable = true;
sites = [rec {
domain = "cetacean.club";
certPath = "/run/${domain}.crt";
keyPath = "/run/${domain}.key";
files = {
root = "/srv/gemini/${domain}";
autoIndex = true;
userPaths = false;
};
}];
};
# bots
aerial.enable = true;
tron.enable = true;
withinbot.enable = false;
# static sites
lewa = {
enable = true;
useACME = true;
domain = "lewa.within.website";
};
tulpanomicon.enable = true;
graphviz.enable = true;
};
};
xeserv.services = {
aegis = {
enable = true;
hostport = "[::]:43705";
sockdir = "/srv/within/run";
};
todayinmarch2020.enable = true;
within-website.enable = true;
};
age.secrets = {
"cetacean-club-cert" = {
file = ../../secret/cetacean.club.crt.age;
path = "/run/cetacean.club.crt";
};
"cetacean-club-key" = {
file = ../../secret/cetacean.club.key.age;
path = "/run/cetacean.club.key";
};
aerial-env = {
file = ../../secret/aerial.env.age;
path = "/srv/within/aerial/.env";
owner = "aerial";
group = "within";
mode = "600";
};
aura-env = {
file = ../../secret/aura.env.age;
path = "/srv/within/aura/.env";
owner = "aura";
group = "within";
mode = "600";
};
xesite = {
file = ../../secrets/xesite.env.age;
path = "/srv/within/xesite/.env";
owner = "xesite";
group = "within";
mode = "0400";
};
};
}

54
hosts/lufta/zrepl.nix Normal file
View File

@ -0,0 +1,54 @@
{ config, pkgs, lib, ... }:
{
services.zrepl = {
enable = false;
settings = {
global = {
logging = [{
type = "syslog";
level = "info";
format = "human";
}];
};
jobs = [{
name = "backups";
type = "push";
connect = {
type = "tcp";
address = "[fda2:d982:1da2:180d:ce10:49d:742d:aab7]:29491";
};
filesystems = {
"rpool/safe/vm<" = true;
"rpool/safe/vm-images" = true;
"rpool/safe/srv<" = true;
"rpool/mkvm-test/buddy" = true;
"rpool/safe/home" = true;
"rpool/safe/root" = true;
};
send.compressed = true;
snapshotting = {
type = "periodic";
prefix = "zrepl_";
interval = "10m";
};
pruning = {
keep_sender = [
{ type = "not_replicated"; }
{
type = "last_n";
count = 10;
}
];
keep_receiver = [{
type = "grid";
regex = "^zrepl_";
grid =
lib.concatStringsSep " | " [ "1x1h(keep=all)" "24x1h" "365x1d" ];
}];
};
}];
};
};
}

3
hosts/ontos/default.nix
View File

@ -9,7 +9,4 @@
services.xserver.videoDrivers = [ "nvidia" ];
hardware.opengl.enable = true;
virtualisation.docker.enableNvidia = true;
hardware.opengl.driSupport32Bit = true;
}

10
hosts/pneuma/default.nix
View File

@ -1,17 +1,11 @@
{ config, pkgs, lib, ... }:
{ config, pkgs, ... }:
{
boot.binfmt.emulatedSystems = [ "aarch64-linux" "wasm32-wasi" ];
virtualisation.docker.enable = true;
users.motd = builtins.readFile ./motd;
services.tailscale.port = 15430;
environment.systemPackages = with pkgs; [ wasmtime weechat ];
services.tor = {
enable = true;
client.enable = true;
settings.SOCKSPort = [ 9051 ];
};
environment.systemPackages = with pkgs; [ wasmtime ];
networking.hostName = "pneuma";
networking.hostId = "34fbd94b";

100
modules/workVM.nix
View File

@ -1,100 +0,0 @@
inputs:
({ pkgs, config, ... }: {
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
nixpkgs.overlays = [ inputs.emacs-overlay.overlay ];
nix.package = pkgs.nixVersions.stable;
nix.extraOptions = ''
experimental-features = nix-command flakes
'';
security.pam.loginLimits = [{
domain = "*";
type = "soft";
item = "nofile";
value = "unlimited";
}];
services.journald.extraConfig = ''
SystemMaxUse=100M
MaxFileSec=7day
'';
services.resolved = {
enable = true;
dnssec = "false";
};
users.groups.xe = { };
users.users.xe = {
extraGroups = [
"wheel"
"docker"
"audio"
"plugdev"
"libvirtd"
"adbusers"
"dialout"
"within"
];
shell = pkgs.fish;
isNormalUser = true;
group = "xe";
};
boot.binfmt.emulatedSystems = [ "wasm32-wasi" ];
environment.systemPackages = with pkgs; [ mosh flyctl ];
virtualisation.docker.enable = true;
services.tailscale.enable = true;
home-manager.users.xe = { lib, ... }:
let
name = "Xe Iaso";
email = "xe@tailscale.com";
commitTemplate = pkgs.writeTextFile {
name = "xe-commit-template";
text = ''
Signed-off-by: ${name} <${email}>
'';
};
in {
imports = [ ./common/home-manager ];
within = {
emacs.enable = true;
fish.enable = true;
neofetch.enable = true;
vim.enable = true;
tmux.enable = true;
};
services.lorri.enable = true;
services.emacs.enable = lib.mkForce false;
programs.direnv.enable = true;
programs.direnv.nix-direnv.enable = true;
programs.git = {
package = pkgs.gitAndTools.gitFull;
enable = true;
userName = name;
userEmail = email;
ignores = [ "*~" "*.swp" "*.#" ];
delta.enable = true;
extraConfig = {
commit.template = "${commitTemplate}";
core.editor = "vim";
color.ui = "auto";
credential.helper = "store --file ~/.git-credentials";
format.signoff = true;
init.defaultBranch = "main";
protocol.keybase.allow = "always";
pull.rebase = "true";
push.default = "current";
};
};
};
})

86
modules/wsl.nix
View File

@ -1,86 +0,0 @@
inputs:
{ config, pkgs, ... }: {
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
nixpkgs.overlays = [ inputs.emacs-overlay.overlay ];
networking.hostName = "xatci";
networking.nameservers = [ "100.100.100.100" ];
networking.search = [ "shark-harmonic.ts.net" ];
wsl = {
enable = true;
automountPath = "/mnt";
defaultUser = "cadey";
startMenuLaunchers = true;
};
nix.package = pkgs.nixVersions.stable;
nix.extraOptions = ''
experimental-features = nix-command flakes
'';
users.users.cadey = {
extraGroups = [
"wheel"
"docker"
"audio"
"plugdev"
"libvirtd"
"adbusers"
"dialout"
"within"
];
shell = pkgs.fish;
};
environment.systemPackages = with pkgs; [ mosh flyctl ];
virtualisation.docker.enable = true;
home-manager.users.cadey = { lib, ... }:
let
name = "Xe Iaso";
email = "me@xeiaso.net";
commitTemplate = pkgs.writeTextFile {
name = "cadey-commit-template";
text = ''
Signed-off-by: ${name} <${email}>
'';
};
in {
imports = [ ./common/home-manager ];
within = {
emacs.enable = true;
fish.enable = true;
neofetch.enable = true;
vim.enable = true;
tmux.enable = true;
};
services.emacs.enable = lib.mkForce false;
programs.direnv.enable = true;
programs.direnv.nix-direnv.enable = true;
programs.git = {
package = pkgs.gitAndTools.gitFull;
enable = true;
userName = name;
userEmail = email;
ignores = [ "*~" "*.swp" "*.#" ];
delta.enable = true;
extraConfig = {
commit.template = "${commitTemplate}";
core.editor = "vim";
color.ui = "auto";
credential.helper = "store --file ~/.git-credentials";
format.signoff = true;
init.defaultBranch = "main";
protocol.keybase.allow = "always";
pull.rebase = "true";
push.default = "current";
};
};
};
}

12
overlays/tree-sitter-typescript.nix
View File

@ -1,12 +0,0 @@
final: prev: {
tree-sitter-grammars = prev.tree-sitter-grammars // {
tree-sitter-typescript =
prev.tree-sitter-grammars.tree-sitter-typescript.overrideAttrs (_: {
nativeBuildInputs = [ final.nodejs final.tree-sitter ];
configurePhase = ''
tree-sitter generate --abi 13 typescript/src/grammar.json
tree-sitter generate --abi 13 tsx/src/grammar.json
'';
});
};
}

6
overlays/weechat.nix
View File

@ -1,6 +0,0 @@
final: prev: {
weechat = with prev.weechatScripts;
prev.weechat.override {
configure = { availablePlugins, ... }: { scripts = [ multiline ]; };
};
}

30
secret/aerial.env.age Normal file
View File

@ -0,0 +1,30 @@
age-encryption.org/v1
-> ssh-ed25519 jO2MvQ sX8QXT0aNypOPGyo6VVCcsPu1bqKo0kr1Kd+KRZMdGI
bwzaVLVoiKk5HMI7WMxlA4kTwMpuWlD6nSAfMoK9CHY
-> ssh-ed25519 txQL9A pDxZPtIHKEldOyPsCKLFi6qW05ASwhdG1UHL2zE0jwI
3kpzZZ/BghlLsOMtBb1+IPHVR9aKMLT0fPPcXW1V/0w
-> ssh-ed25519 YcYwVA E07VHnKdJ0ndOeF9CnP5rpaZlWA6Ik0EQz3KrrZbpyE
1gOR1mZYEK5BjkwZP98vuQ1KY6HQ57M87ay+K90TZJM
-> ssh-ed25519 rIaBGw pX28F96rAo9uV+eY8z/CpymFvEst7T9hX5zwr6A6QEY
2cXfDbyPHavifi9IKmCDYJ99GuaNJA0JdeVpWzCxdXk
-> ssh-ed25519 H5HtPA 3hJ4CUQ23w7SHKqpdMgMw4i5Ka/CU7EsA1uiUfpaxx4
NvOVzLd0QNkyySxRh7l2glJP8bMZc20EXj85VGtf4SM
-> ssh-ed25519 Yy06mw 4ybL32VLmuUdE2iXu3b0dY1FCweOH0pJfyBii3+exgc
0gEcM4MWuQzJIeiEsbabIC8IdIbLQYyrBhpcTR3hazE
-> ssh-ed25519 6Sqpww qV//WNxYiqbFzdSrd4YEQ/ji7wDSo+b7zHJqpj9wv3w
VHDq5APsm+BkZFXwGbVZkiLWzwLONw4TsyLweokrtGU
-> ssh-ed25519 Cb6l4g jd1R/g3pOX9mtuaZR0kUqTdUU4U83QXi6OI8SYCLayU
8WDPeDK6bKQYZX5LE4bTmcODkwWFXcAcYNuEyOgXDSk
-> ssh-ed25519 x40ZwA Ix0DVuYIb+6beM0dWdYnIWUOw+xdggofhi8671RoExM
1uI1L9L1r5NBTaCwOhvwPtIstP9hPRNwiOB62rAc1fY
-> ssh-ed25519 ZvILxA X2kLLYS+c/cMBEUrV++LF5vImgcfpWCX2YoKAusRA1c
UgoAYHE4kqa+8Jl9mqFQxNpeUhaazqA2TigD1VZ6ywo
-> ssh-ed25519 0rx8bA yrAvfxjl3mqeKrCSCvimj/IFHP4OzPtbmO0tbryc/gk
DoMOm0Kgv75sxWS9qkMsSDRse3+XymWf2m+MQLyUc8M
-> ssh-ed25519 extxyg vWN8YTDceSAAJvLtRZap11YkSKBRQdXktgRjJm6oMWo
KZeby3vB80nBTWIYiHpbhCl13eOyksvu9TX+KhON5GE
-> /x-grease
zIM
--- atvkZYi9jdu47B/KnBbmWqf0pJOgl+vXT0n94s6d2qE
<EFBFBD>R—¤K« æö¿gÝ©$ç”L
/ÿœ‰äÿÊ°SÏ•ÓROñ:Ò"6ãD„ ¬>{ópo>»Äb¥Ïll^ 7 ·Ž°<C5BD>*OŒ<4F>:_#Ö •xHu(Ìåò…£¦ù°`M_n‡

BIN
secret/aura.env.age Normal file
View File

Binary file not shown.

1
secret/borg_ssh_key.pub Normal file
View File

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMy3uSs/gLpFnRVbLPUBVJd3GHlCqFbjCnnJd7kKiErI cadey@shachi

31
secret/borgbackup_passphrase Normal file
View File

@ -0,0 +1,31 @@
age-encryption.org/v1
-> ssh-ed25519 jO2MvQ tcy9nhpJ+UPN75OkSmbysFYVJzGb+AlbmXObhnON5BQ
yQmNFxNqKQGY8HbW0ihuVnBzBp4/uxtjZYFYRSn6tNc
-> ssh-ed25519 txQL9A HtGBgibnD1j0S5PPKZaiR3q8fAU8U2kwHIlI1cNIsXM
Po5AEklI7tLGfYEqP4wQ3EVrEKvpP2rszTQAH84OJ2g
-> ssh-ed25519 YcYwVA bcXifq9JiaALth6WEJW/vo/R/2ZfhzjjvmLC4PLy7XI
d5XAJCeDmTuKZSuYpK6NLJgmL/dXMa+tY+pb0g+QnDs
-> ssh-ed25519 rIaBGw Ed5MYSq54gzHibDdwGDFl4YrOWapeoKdjOAus91UxGY
L/FGN/v7c4rPpH5MvrsJlY7z2HuS4VdCOxRyrw3I3FA
-> ssh-ed25519 H5HtPA k5YIiz/4ys7UMTTBeXNAwBNf9OQxHXl5296T9ohdcTg
gJubCP/bIYU4oe4AIMgaAEcy2Mv+WY0Lk9rsJhd9LvI
-> ssh-ed25519 Yy06mw 5GyyzJn8OduTQkThFaN2BHouEmLAT7bA9/JL9z24gBA
buY52j20/qUtOrxpY7inEpWcRAmMY9KAMj3uCsqrRJA
-> ssh-ed25519 6Sqpww pLp0l+R5n+O/YsMZOQ1sMdE6428LX8HemN4mYa0OaQU
9xCpVbzTbWWfydcCakBKNXww4aADfRXGHRX7ekvedPk
-> ssh-ed25519 Cb6l4g T9pAZAUZh05W233esyWksKcH1EmjXEF/B+X6P8b1NW0
PvT+RJYkVWg/lKl7DiYU9gTuVq6pi5xaI3rFa1mUsYM
-> ssh-ed25519 x40ZwA n9H9PP4MnWpI6KK/OwDLajbw4XC/2y+xfEUpEnJVMg0
3AZZT+YCRuJswxVyDWQIqaow34goNhLif6x5Xo445gM
-> ssh-ed25519 ZvILxA 2e3rs7856mAhe6Ak/emu3bqyOCkmwwAGZKq+glJpGwI
RtW50MXUf4OnX6kOEcMIzdBPlsjYxHhOCv0Ba4XHASM
-> ssh-ed25519 0rx8bA r6R57M+kOsN84QUHru71E7wBQRqfU43Z0ON95Up0Xnk
F6kr7g6MOfhrFSsdEjz3AfBzzGNBtRkOZtlu3YJVIC4
-> ssh-ed25519 extxyg cKtLG7W85XXDy7MRS6+Z/gTEEsxoO7w+GwstY+V84SU
4cQB1BMsIFc2tvYK4LbD7b6B5MDpzMurBj+w9EwYnT4
-> Q?-grease
8wPImyj0LyPiATdO14ObjpwPi/viYFMmPTjpfr8FLuGj3SriUUI2wRqhfHwkfKxX
EuhnMufWCr/b/jLnyS65mVOOPw
--- 9BOzJF8aanp+LJE/40BiLjoFnmausvs8Qd0BGLSgGBY
‰OCÜBûõìq2a”UMg9±D·ìÎ<EFBFBD>“„Ëš.hX»п+»kçÚ{n¸ Û܇IÞ$ž3´Aýز>â<>!B¢µ`”]ùþµËLûrîS®ˆÖ(·=5"ÕÔ¾·uò+Þ¬p`­_Åq
Ù§M†# 3)M÷K[Uc`¸Ø+ï¥KN

BIN
secret/borgbackup_ssh_key Normal file
View File

Binary file not shown.

BIN
secret/cetacean.club.crt.age Normal file
View File

Binary file not shown.

BIN
secret/cetacean.club.key.age Normal file
View File

Binary file not shown.

BIN
secret/lufta.aws.env.age Normal file
View File

Binary file not shown.

31
secret/mi-token.age Normal file
View File

@ -0,0 +1,31 @@
age-encryption.org/v1
-> ssh-ed25519 jO2MvQ FgUB+cUmDdeoXYKPM57kBZdTTqmXIv1JwfYq9PWfAWI
gBRG1mv2R4k3q2J6Q2gLIrizLvr8D+mX4EMGEEyxdlo
-> ssh-ed25519 txQL9A cTP+Kff1oAigqllVHyb7gcoOeYUjrAHtGIDjG0/yKD0
i1OiWrm8jnKUuQQDVyhElhT5Irv2Rd+DhoKbbuoINPo
-> ssh-ed25519 YcYwVA cdeO/P4hX78OlQSZ8EF+sVvodpf00SWZYl0ZpJwLbF4
WIv2kkMakaNM9XmhGY3CM9H9qA8YiaqFDVTOomb0WlA
-> ssh-ed25519 rIaBGw nv+YH10pIzm2aA0aSdM5sMKy+NS7ztatMwqQ5OswqHo
f+JYkuPza0cggSdXpR3ygmaE4nWaaxhFZy6UbBoXQWQ
-> ssh-ed25519 H5HtPA 1+ZauOpNaBFSWlwpX5MLD7RcSmEMmpTVCB0fnSH2LVg
2/C2EjUY6C5aBpShLN5vdtnQa5LEKHJEL8AtQH9pOAM
-> ssh-ed25519 Yy06mw jpnvL/OtH5+RqT4yVdogNrBtsno2UgiR53FXGwzIoiY
jzrP/abR/KdCWFUnJ435Cx0PJ07Zc63SJsTRrZAq0Os
-> ssh-ed25519 6Sqpww d7n4/2JusHBvxFn27L9g5Ke5pSp7tjtX5oOvJbhosEQ
TKhIBUusBhM+D3WpXPeRxOwIU8bdBtD8uKtor2WMv0w
-> ssh-ed25519 Cb6l4g xK4SFl2hT+P9tEjZ7qkiRMomK+/lFFtj+9VA1mvVbAU
8aYpeNT/gwdvmaQ6QREA/6w5qijnTUkG9DbOw5K+29s
-> ssh-ed25519 x40ZwA GDrRgIdNjxOnIwve+lXonInZMwGvbrmekIaKuvZfaUY
IZFOEjBbsklqcwHaBl+R75c1MhIfYvwnb6nIvNkZFDo
-> ssh-ed25519 ZvILxA hMi50mp2fID8yXl6hGD7eSdVZIKL3MCwgASmRb49zX0
9Iw7VguynWY3TNyWA4cZBoHiAqYGDf0LdAgkynbfky8
-> ssh-ed25519 0rx8bA HARyXEVwjdvFGmHS4Ira8W97onUHTgGih+mKG4exnAs
Rq5igLlDK2BMGMy/zy/dq6yhg8Z3nqToDjWNV/lVyLI
-> ssh-ed25519 extxyg 09iNDxRuPlkTgECbeDK6ERbPhZaCWw9Jwlr7RFFuhBQ
QTBd86g+0Hy8gHnmYTsaq5kT9MfyakByqu8E+MV8Hs0
-> |T?6xR-grease
y7ddROPArLKhAq6nHbv08HCr1rWZaSrz3enXHo+N49KqVfDqiC+Zhp3MbbdPrSoc
FYCVSeUTsu9D
--- HThg4VKfAxrrBEaeutTM2umVl8Me0wRkjt1fNec1vOM
ö·FcЪt™žf íÔ#<23>R³pÉ¡DøA ¸ØsŒû„?:³ *ûí{B¬KÍ'Z1·ÄßéØ@M@¤ç!lCH³cSÖóhà‰àgIBsp&@ÿ¬þ/¶ÛyxÏlÇ̵Ît• a6 Âavð Ää<C384>_)3E ¿«¶cX©}˜×óл^ÜÙî+˜*
¸<C3A9>Þ<EFBFBD>¼qŸž¤”Ýåvœ„]÷pÉ®lâÓÜ/åd²OºY¢HžXY ¢j°Ž<C2B0>|GÊš”ü`Ÿº˜p`ê+ÌfàN'@Ø5l¶Ý@Àyáób§­„µL•l »Ð0­ÍwNéÊîtçÎÌ_œî2­|¾Š}ˆþ? Ó &Xâ <0A>yÃÐõÑðÚö~Ü<><ã§È3

BIN
secret/mi.toml.age Normal file
View File

Binary file not shown.

30
secret/tron.env.age Normal file
View File

@ -0,0 +1,30 @@
age-encryption.org/v1
-> ssh-ed25519 jO2MvQ mDZCMTQsUZUAJ+8UknZJnRRev4MX/A1PBP6qRSolekA
2Dj7wO070kEkH0RMbrqQvymI4ItFNyQNA3EzdY84D7s
-> ssh-ed25519 txQL9A YDunYGniXh7RVWEKSeCwI703g9oiBKKDRVJj/ZGFXB0
W4GoPvWYPYZp8gy6X5LOwbhbwRl2waMqOHXZfFanrfw
-> ssh-ed25519 YcYwVA 1rLnVW4M49GscZCPu8S5/s2I8Zf12PPYAr85X685pHA
R1DCWV6rymwWjPBouEawPfLfIISvChYBMDwUw9rskXE
-> ssh-ed25519 rIaBGw 9lZXrVgN+2pE7cZGTWvY6s+paAxYcqH+sRa3sKFhT1Q
L9cDIMNK6NEwlcMe/A14+kK9i6ZcJ3ft/Mft/5HOuBE
-> ssh-ed25519 H5HtPA LsXMHQsp3+qapm05iw1PQ3BTm10Um5wpFwwvwXLKpWY
r80F1ibwCcT8sd7q2yKpMoTrDlJF2ooxdGuwWfjFsrg
-> ssh-ed25519 Yy06mw KDXc4HHC7wBr411HA8YikQtnlVQeHlPK2sAjSyhlwVo
380kd7mGLFcvKwVf1hbuJ+pwk6AP2h5HkuwGwrbyOwo
-> ssh-ed25519 6Sqpww UL7ktmcNpvQbYmnIi/ZAedmzw+V/f7Os9ojRPnGcOlo
yDnXQ+IpuHdpf3dHHyThsHIXiWRje2u+84w/aDUbfKg
-> ssh-ed25519 Cb6l4g 2+ZGxy6UAAuFPbw0xZZhNxRyszLjDYrTKmizkYIgFl8
Dg12lcrf3uCnjnpXmm6zkJAZAM4nRoP6dzbxNgdmkWk
-> ssh-ed25519 x40ZwA V3+q6OxOiJJBP6RctIPv3z0CBhp+EHl0vQ+Q3x0QgAM
RViINU3HmPYpvPE1Yl0j0ha2JBD7NrRu982lc6fHSoU
-> ssh-ed25519 ZvILxA Hyh4CU07bOP+rmFhde2LjwDOhR8fgTsdF3Ds9JPZSkw
BJv1bU/uvcI1xLYY8R9LY31gtGH2xIqiwoZNRxlqKsQ
-> ssh-ed25519 0rx8bA xMqZLnnXZxqCyZdmj2xOQNlNRUlIN9rGRmvt2FD8omI
YCx5pt85/ie5WaaPiHfjSj5gM197CF9XkZ8XNiUQJQk
-> ssh-ed25519 extxyg ix+lckxf5kMdfS7O0F41x6fpmrT3RBOAv5N6Axzk3RU
XfYTFcbkyAcSW1JN3FUxKlx9RY1/HYVmhooYU4ymWos
-> ^-grease AtJ2D(w %6#@ +X
09Q88UAZ958OPbSivI9BN8nZlSL6PELmwBRbN8LVVQEy0R33henNTOBnaoWG
--- B+U3Sp+GEBqpwkN2CetGC4KJxuQyR3O3c3K/O8X5h5k
ê
äÒ¯SÕý” <Š!!À‚ ãð{ù„©~Áô£Êù<C38A>÷HŠ¾¼8õ<38>ÿÊoâRê%ØãtH¹vDV_%N:—)Bÿ/¹Cr<43>k?ØüÌáµÔ B§žzgÝÎ<C39D>×7|·ÏȺR<C2BA>°ƒìÉÏžv<C5BE>cpMŒ_©ü¹DUæF:•#=<3D>37C¬Ñ wÖÄlõÌ~¼J×<4A>ý42÷RŽxT!ÝcÃ)Ž-Vä@îb<C3AE>öŽ>Ø:¨˜ŠJ[DáÄE'ýÕùù†Ê_ï|£—ü’Î"r´³<C2B4>«(Á<>º©iÌh„öVvõø»Ì)§£Àío¬ÁÂw E<(ƒóO|ZòÛ

31
secret/vest-pit-near.age
View File

@ -1,31 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 jO2MvQ R7mnP98BF9irvrwmSiGXvCGSH4HRHEXueLCI5hPi4Rg
e4gCAVjIMqK9sMCrJOvDkvDqBr/8049SYw07OfqeSlc
-> ssh-ed25519 txQL9A n1Li4JKnpqfuhOYkcxG1feGB6NLOWosw7a1EkfiVVA0
YGNaFwd8LDA9fM/k4SLUNLKfWUVAPPgROv1IBgQB28c
-> ssh-ed25519 YcYwVA MKLHtMwH0HnJqbh/jX7SeY3VzAZjuDHkZPImTBFhsVc
7Fc9pKjIeZmeSxnkMsypBh8z8samVzZtMDhZPh/57x0
-> ssh-ed25519 rIaBGw q6vi7BoJjbEiW5mgEQftQMPe36e8SDVOAuRcgtxqPH0
622SRT3yK2/VR6fIVfZiM6dH1lXZtqu70+FiFMaHRWc
-> ssh-ed25519 H5HtPA NRfYR7Ziw/knEdVl8b+tps+52faQ6MFK0pZ38ky00Vo
3peAElIrLbMEehH3nXybb7sHIX59d3zO2+S9QCVuUu0
-> ssh-ed25519 Yy06mw tXs3VZaZLgST6132PPrc+gINdNTA7W9A45RP0asmAkE
VPJNJzxdSEhd2tUOHxgdj1H/izwx2pigprmX/PWGN9U
-> ssh-ed25519 6Sqpww jxhE5WAniOiMRQCEP3vh9tvUGhDnfOM6En/a6j+QG20
98KyhGiz8h2Y45mnybgYJwYvX79hQ/GLjRmZEM3mLbk
-> ssh-ed25519 Cb6l4g HpQlmIKD+Z5mVWNOrXA3IcAOKEiQ1AqTlSFO1O3BUQo
pjCKevKMv7l3iizclZssYEp8OUD9PpxSrvCsPi349Gs
-> ssh-ed25519 x40ZwA EKcqkK1B9jGdcTbDYUNw8tCENTZQZ5aSxHivZk7oUk0
Clq2yo9lYorE5FGu7BV3pjKZ9TKfTqeocNe0vZcmPTI
-> ssh-ed25519 ZvILxA Ds3kdk1rrs/zIlNyqUpmfawQS5LUwpTFuRYLaMQnNlA
CLNJRbTIEsQN5l8NfjS+q1qULiufoWpREZwOC+GOUR4
-> ssh-ed25519 0rx8bA Lc/VcsCB6K0smEcw5Ra1/xX9okpxNeIWEJuPLhv9lAI
/1V5SARjLBI1yiTJIyZpw9LYhZHIontyfJptrxbUr2E
-> ssh-ed25519 extxyg 0buC/eLOhx3bKc+fPo3P8fsFJDNY7u8ZUlw0QPMktSU
/gLQMN/h7hGC0UuMTEFK+mUwEpEWHP8yIdfzDGtwsGY
-> W)i,{"{-grease e'#HhO$m ?V,hnK^. rzk
Rc3mJ+WKdEOna0xQgjaJIKM4Ul41t+qlZE/VLzmtIctw6c9MHyPT/FbzDh/I3oM0
c5y/AK00jKDpYpM5u6JWI4RAVySb5Q
--- j4F8++dU88EAhmgbQnzdssB4TMism4qhysNVZILXUJs
,çÃëËÒQ>~£t¢&%²£ý2€\ÓP>¥c×ʬò/MyË"ŒTÐ_:¢¶=΅θn®õ<.ôfúYø
Ð6çc™,’«}BX <01>—~ÉüDì^àçÇ«-Y×ü™†<E284A2>´¾Ü½@*0æ¿iÉ¡&x;!¦ˆlèÍWΕ‰Ò0¦l}×%àÏ[Þʨ@ïŸÀPEì'î÷Ë0Ï÷@Óù¸¦K³¨<C2B3>>Œî<12>°®“,îi%œÙåï]¨á)_ˆ­WóÉaA<1C>\9qØ·_°ÏžîQg1j

30
secret/withinbot.env.age Normal file
View File

@ -0,0 +1,30 @@
age-encryption.org/v1
-> ssh-ed25519 jO2MvQ Uqja6onXASxq/OgzpL7cB9qK0jAYnGqDyG0U6sJLklI
r2XL6JW4E4xlYLezbyeV4G7SDBKOAebczM9jKCaeV/4
-> ssh-ed25519 txQL9A 41VU+wHlNsjhwek53oYLIXYCD5mARh6AS7laNmes6Ro
NO85NXuhHbzlAPUycs98U/uRRgkypOWH8J39NlA48Nc
-> ssh-ed25519 YcYwVA i95rlp2R6+P8KmrgX9/zSmIrTVELL/VDIShGo93OWiM
oI8tBddvzBX9v3cHUetUEarq5thpCMaqjPLm5gxQpWk
-> ssh-ed25519 rIaBGw iD8mwEvyCBpRZ9yQu5EgTsVLHS590GZ5Kbhz8TDff0c
lVnDL5voPEa0q7AkSUmw6/j66uwR9R6vrYf53zm+VZg
-> ssh-ed25519 H5HtPA p6dMYLz2snmRGdexOUSSEW7JmLPInQnvpxsRoNxLJSw
mqcHZnRYnApdwl05t0MmZPYbOfvn6F86Dr1Bbg6gLD0
-> ssh-ed25519 Yy06mw DohydHTDA5W4LySkd684err2MAytcivGt+ZJiK7cTiY
nt/ASg+TIcOKrePS2LWoaSaRjHxdOdt5pBUfw/7klfo
-> ssh-ed25519 6Sqpww r4u0HdIMxDAUw1LEpBb4WJ0v9lA6L9mfalzPIua+Rkc
CxwaeandCpsV+T1nV+RJTl9tyaVS7oIdqavQByMxmjo
-> ssh-ed25519 Cb6l4g soPlS7R3EOgcWBwaqqWPNiqk4PMT9LiYs/5b3hmtWEQ
uLwwU9KsZLWZ4+4SZpXFP/OIlfgQF1U+wy8lav5KWbg
-> ssh-ed25519 x40ZwA zC5vV+0CjXayFhyImI05Exw2gfG/FZ6wDT4Jz0BBjxE
0bk5S68ztbskuKeZg+3NRF0HaXDJzdsCkqMFt6mECRk
-> ssh-ed25519 ZvILxA FN7midnLj+m/8EfFyRZuAg/xjpLPQjt9f1Xo/89YMHw
uqRJT9kyS4P7Kxs1voQLP/RPlbRhZRKvTeFC6Mxo2eY
-> ssh-ed25519 0rx8bA 4rsg7DfsFoKNOOCVKMI4ulNE308QO8GSCqTGxVC2NV8
YYtbPih/hWnVoRZlOjSpInDuTk/YKPedNrH3778SWV4
-> ssh-ed25519 extxyg 9JMMEZIafrZNNN7H11IY92Jqt8BEPa2V/dGZMk8A1kE
wCslVYjUb9LboUybhYbi3klAqX3MTzPyIXxl7wQccVc
-> ,Deat~W-grease Nbch}6{- 0_F]3MI D-J
DWDGbJzdtUl0aEHnz0MDQVV2UqYD5QL+OUp8p0PkNM0Ilhg7BmjXSrX74HUHX4DU
JZ2Vvcjc8vFvAg
--- 8+Jz48tU6YdydL2ku2YxWSs4TCSVVKiwJzc5QursTWg
<<3C>dLìjbä‰é^K•„gdNh”Ô9. +j IF¦ "i§÷ ‚;œ]<5D>¼Ö*züߢP2XFÖ%¹â Î'oè¤^¨(m£¯[DSˆ3,Á¿zÛ^ksæ…%ìê‡evú¨l…D-¤—é\ÆÿA¿é a¸Ò•tŽT]¾Â<C2BE>Ï Im˜œ8Φ,;EhkÀø>lÃbrÛ ¹¬…, Ùºê?Mýäla€ 0íšvùYs^Ì<>ÕÎS3Ãír×Ç-úÝYÌ2èNÓlÈëê„ÌŠ<]ãb §x ÷“ÚwYr÷÷QÏÈ|¦TÝG$ ĸŒ`£T@¾0R˜8

30
secret/xesite.env.age Normal file
View File

@ -0,0 +1,30 @@
age-encryption.org/v1
-> ssh-ed25519 jO2MvQ TjUmCJ3Bw0/Swc7GLe0IpCqZvRDC9yevhXmAOhgqYAQ
jgWPK6sNIFLcAWSeIvV3Um8CJkThfLLGHAkVKpT74oA
-> ssh-ed25519 txQL9A N+5p2jxwM/VY9kUYgTwJmeZm0XRMWX5bVHJmJzeUC1c
6leDM4rQLTSuUWy4xLctHS+u9tvmOeJfHL0HVzTnJS4
-> ssh-ed25519 YcYwVA kiUBJ7+Q6WOMIRZWJB9zusXdX2+qIeg75citJjuCAzY
PbyclvAWL4tsgOwJoNoZZ38fw5f+kcVBGPTKO6RejWY
-> ssh-ed25519 rIaBGw TBwyoDlUqNCC4/wUEmEIdRFxkV+4eEIXKhiJBl+OCAU
ocIuXQLOxr5xQN7Eh+e/g8Yk1w9K7QTiDoPT24hCfvc
-> ssh-ed25519 H5HtPA cbr71ypHuKc2oxlDolQBd/Htz/1IJ+lSgt431PzrKgE
rQmpI1uX9PKvef1+0DymkpcegoIErKIEl1krRwK7JaY
-> ssh-ed25519 Yy06mw lIV0rxlf7FwDici0VRqaTgTSWadJZOKzJ2LqK3Qv5jA
0kMrJb3nzeaSlMtZle5tv5Jo2urC/uvhEEPuL8m0zww
-> ssh-ed25519 6Sqpww eVRoSIdrN0CBRABKjQLNtfHU0kEYsyOE9imF5B1sMxg
XHVf/cvXOuERIBjYAnaDGXjUAy9exImImLPRvt90IDo
-> ssh-ed25519 Cb6l4g U5npiwIynsMAtfjGCO9tD3xt23yZEn4xbS7HuBJktF8
+Vaq6PLqcopZn8iP9tgFvIag4onr8qs3JS2B4z/jJ6A
-> ssh-ed25519 x40ZwA iVYMar5SvPQdZBTOMdH/x6TYBwgU2VZbvY+sQnIlYh8
H/lpnxsCCVHRSD70Srrwv3VCc80FGHDpsSODzMi49rg
-> ssh-ed25519 ZvILxA RQ+3LBulXOuq+vDjFTYQq9egZsP2iXN0MWEOl3EXfns
rCGsLoYn8VUVM4ptp+IIAgXuZetxalSoKIO3tbJEUBg
-> ssh-ed25519 0rx8bA bvj4/eT1Fz+1XuxG4yQjwadYgPPIxOyiQfs3q0NDQGY
KWU5ffP74jxZ8wvohWDkzJ13wxvGb9b4ANL2G3YCrQI
-> ssh-ed25519 extxyg BIkVxRIC9pPQENcjDjSLmTEoO6RHGXY0oVSiP6dCSAE
yCZfCpEdxI7VaX1UfHEBniht9jkC80Dsm1tS72NYIZM
-> ht-grease Ekx [Y_)&: O+o>A o
jLirD/Pjc46GwjoBqEHIcKGxLROLSSFSkb/OsLzVzT41ex1FBRqQ50wT0Bg
--- 4sBE3L2C6hGzI81Aheg4NSMUmgLdwzky+270B7k+oGU
?æ?)yeÆSHSPG¤bºGR…¦¾ÅV¦åLÓÄŠª¡?Âѵ¨¤Èrœú蘮ûPÚXöää!8±è~'øŒØk—ïÀRñÂþ«|¦¹¼qñ°Ây^… 0ü;<3B>ö‹ÄTÆ<54>ÜA1†Ÿ"¡'hŽæùžX:cø50J(_:G^­Å­¬¥$É¥K\xsŸ%T¦‡C±<43>,>SŒ·£ñì<C3B1>ùð¬?¢Íú‚ü-@½¯æŽƒà9Öá±.ûN)åW2Tp\š˜C3 Û¯=G1#|ÉŠxîª+,òg#•W‰áUl>ÞmfKŽ´@†ªYÉÝ<C389>g§Êzùk¯+Œ}¤‰¢Ã×KTr ¯µ÷õ&ýéd>[>”·5• IÅÝäæl¢Ù •mÆOñ5'oo¿ó¶O<C2B6>ç(‰ïOO 4Ùkf3W·>aÈ<61>ã^¦bŒBçÒœÂE|îz[ž(Ga³ëSœÏÏ4Œ<Ï)<29>ç_×.ø¼0xÑ÷Oºû2
¡O¬cbplÎý>åfœ÷®v£TtÄj½ËTHM+ÙEý†

BIN
secret/xn--sz8hf6d.ws.crt.age Normal file
View File

Binary file not shown.

30
secret/xn--sz8hf6d.ws.key.age Normal file
View File

@ -0,0 +1,30 @@
age-encryption.org/v1
-> ssh-ed25519 jO2MvQ GvwQEupjkNthH7Rme8NgSP9L788ftHSFG6jPDB+efXY
XCOQ6x8zcXjnsLavUDBVJKXc5zWlLZsQUXe48oGKK88
-> ssh-ed25519 txQL9A IepeTe/QqjZGzlDXUkzYaaajDOI9kWFIyJexqZZYOxo
21dwm6HCaKCrySRzgjEuoSqEcaKkgOgiRkhh7G4fnVI
-> ssh-ed25519 YcYwVA gpsJpz1TOlPQwIF9L0y1hPdwIB5LyUpRcWI+7uxaRjY
eujCfAZNsy1vY85UuhoHbvLv0s578N8V1KjfrvNzrlY
-> ssh-ed25519 rIaBGw nvzFLfXF7gYWs/qjm7zZdZKi1EoTeLhtuQm9DFF6rjk
ucl1p4Lfdm5cX+amaPg4AGaOgx/8gAFGo338DDx8ISA
-> ssh-ed25519 H5HtPA vMEBfV7Kq7LXEwPTHunG7MLocmE9mVk+wt4nN+5y/kg
rrGGvqNSAVgWHAo+O20eDPwmwZql8Bv3Ka6oHR1dsgw
-> ssh-ed25519 Yy06mw iCjTX6uZ4P7RC1dPz26hAzmyv6agefQXXo7tLXadcRo
uQTS59ehxTqWuCTwevrHJ3HOehYsLh1uRzL+/rR0WzY
-> ssh-ed25519 6Sqpww ALV9B4PuGdizQTk/GBKUUjKxuthziVxdc0rGIcUnBjc
0jB5nl23QuEz1bHsui5cPHNYNUluxKZcBkbq+xJxuaY
-> ssh-ed25519 Cb6l4g x58bPssYWy2Rz9M5C1FJlHz7uCOK/g80daUyrY3ieTs
k0effIcWAe6oFBuS7dknsTBjazFindVdVGieue7F8jA
-> ssh-ed25519 x40ZwA mE1GF+8IlAC/N6+lBfvo88WTbYZ9SI/uC7LdrfmGvAI
O++6THxVg2aej5xGbeZo5Icv2OH8ZzfvURA/AAQpWOI
-> ssh-ed25519 ZvILxA KuvWA10QyzriOwQT0M9wlvx9rCKQNlEYMfmBGefWJz4
ACglU4mnTNQZeW/wRAeCBPiEOtC7U86xUCGd+iJlWpY
-> ssh-ed25519 0rx8bA MSV57AL6ZCJtB0IMD43ZIPILPFGyV6Vd7YHXG+aYMUA
R+uNOkDBjrXbv5EP+TWEoGEUGF9HtSI5RFME5LsxOoI
-> ssh-ed25519 extxyg 0b371PzvXf89GSHtvlzxGIze2XhRu9mKYvPH8tQFUUg
cc1EHeYEp90gGMzOqxW2+V/qBDrk06GokS3iMBg06Pk
-> <G-grease mnuC*3{ mD@e },U6!
KjhiKqIS4fD8BYfxa25NLQcdlQW4EvMKXHbf0atwyvZTvJdcaduCWqWf0DG6uRoD
h913xdhXq1c/AQRDj0RAL5oN76oap5YzK/Gvw/5O
--- PPomXfotXOn4BScoWpGYidrg61bEaYghSSQwlhyNKEY
âv6!¤¤hëDÔ¨B÷ÎÉ,öqLŽ(“òÕ×3g®0ÿõ ½s¯|‰¶^q&@Ý1NTUŠ&iOvî-7ΊԆ¤×WljàÓ/–š<6½s­tLï#Ót'É=Ç@<3yt¨Ã‡æ« Ĉµ~`³ý\jÈSí—Ñ.Ü™rjœœìÕl*ùø<C3B9>+&<>Î)XfIÛØ´ØF´¢ÿ=ƒA.]??ÎÈ*>r=Í×ò<C397>¨Œž„žvó22>"¿—ý÷}“ö]ú%&°Ö ¢ôÛKÅV&¶Ùþªu@¾†²îu²vj(¹-°eâgæbÎ[tIÿÜX¿ÿoú<6F>F$èÃzžë§MÈ«

24
secrets.nix
View File

@ -40,9 +40,29 @@ in {
"hosts/firgu/secret/cf.env.age".publicKeys = publicKeys;
"hosts/firgu/secret/snoo2nebby.age".publicKeys = publicKeys;
"secret/aws-within.website.age".publicKeys = publicKeys;
# backup
"secret/borgbackup_passphrase".publicKeys = publicKeys;
"secret/borgbackup_ssh_key".publicKeys = publicKeys;
# robocadey
"secret/robocadey.age".publicKeys = publicKeys;
"secret/vest-pit-near.age".publicKeys = publicKeys;
# akkoma
"secret/aws-within.website.age".publicKeys = publicKeys;
"secret/akko-keyid.age".publicKeys = publicKeys;
"secret/akko-applicationkey.age".publicKeys = publicKeys;
# lufta
"secret/cetacean.club.crt.age".publicKeys = publicKeys;
"secret/cetacean.club.key.age".publicKeys = publicKeys;
"secret/xn--sz8hf6d.ws.crt.age".publicKeys = publicKeys;
"secret/xn--sz8hf6d.ws.key.age".publicKeys = publicKeys;
"secret/lufta.aws.env.age".publicKeys = publicKeys;
"secret/mi-token.age".publicKeys = publicKeys;
"secret/mi.toml.age".publicKeys = publicKeys;
"secret/aerial.env.age".publicKeys = publicKeys;
"secret/aura.env.age".publicKeys = publicKeys;
"secret/tron.env.age".publicKeys = publicKeys;
"secret/withinbot.env.age".publicKeys = publicKeys;
"secret/xesite.env.age".publicKeys = publicKeys;
}