diff --git a/.just/machine.just b/.just/machine.just deleted file mode 100644 index 3cb4587..0000000 --- a/.just/machine.just +++ /dev/null @@ -1,20 +0,0 @@ -@_default: list - -[doc('List machines')] -@list: - ls -1 ../systems/x86_64-linux/ - -[doc('Update target machine')] -[no-exit-message] -@update machine: - echo "Checking vars" - cd .. && just vars _check {{ machine }} - echo "" - just assert '-d "../systems/x86_64-linux/{{ machine }}"' "Machine {{ machine }} does not exist, must be one of: $(ls ../systems/x86_64-linux/ | sed ':a;N;$!ba;s/\n/, /g')" - nixos-rebuild switch -L --sudo --target-host {{ machine }} --flake ..#{{ machine }} --log-format internal-json -v |& nom --json - -[doc('Check if target machine builds')] -[no-exit-message] -@check machine: - just assert '-d "../systems/x86_64-linux/{{ machine }}"' "Machine {{ machine }} does not exist, must be one of: $(ls ../systems/x86_64-linux/ | sed ':a;N;$!ba;s/\n/, /g')" - nix build ..#nixosConfigurations.{{ machine }}.config.system.build.toplevel diff --git a/.just/users.just b/.just/users.just deleted file mode 100644 index e798cc3..0000000 --- a/.just/users.just +++ /dev/null @@ -1,101 +0,0 @@ -set unstable := true -set quiet := true - -_default: - just --list users - -[doc('List available users')] -[script] -list: - cd .. && just vars get ulmo zitadel/users | jq -r -C ' - import ".jq/table" as table; - import ".jq/format" as f; - - fromjson - | to_entries - | sort_by(.key) - | map( - (.key|f::to_title) + ":\n" - + table::create( - .value - | to_entries - | sort_by(.key) - | map({username:.key} + .value) - ) - ) - | join("\n\n┄┄┄\n\n") - '; - -[doc('Add a new user')] -[script] -add: - exec 5>&1 - - pad () { [ "$#" -gt 1 ] && [ -n "$2" ] && printf "%$2.${2#-}s" "$1"; } - - input() { - local label=$1 - local value=$2 - - local res=$(gum input --header "$label" --value "$value") - echo -e "\e[2m$(pad "$label" -11)\e[0m$res" >&5 - echo $res - } - - data=`cd .. && just vars get ulmo zitadel/users | jq 'fromjson'` - - # Gather inputs - org=` - jq -r 'to_entries | map(.key)[]' <<< "$data" \ - | gum choose --header 'Which organisation to save to?' --select-if-one - ` - username=`input 'user name' ''` - email=`input 'email' ''` - first_name=`input 'first name' ''` - last_name=`input 'last name' ''` - - user_exists=`jq --arg 'org' "$org" --arg 'username' "$username" '.[$org][$username]? | . != null' <<< "$data"` - - if [ "$user_exists" == "true" ]; then - gum confirm 'User already exists, overwrite it?' --padding="1 1" || exit 0 - fi - - next=` - jq \ - --arg 'org' "$org" \ - --arg 'username' "$username" \ - --arg 'email' "$email" \ - --arg 'first_name' "$first_name" \ - --arg 'last_name' "$last_name" \ - --compact-output \ - '.[$org] += { $username: { email: $email, firstName: $first_name, lastName: $last_name } }' \ - <<< $data - ` - - gum spin --title "saving..." -- echo "$(cd .. && just vars set ulmo 'zitadel/users' "$next")" - -[doc('Remove a new user')] -[script] -remove: - data=`cd .. && just vars get ulmo zitadel/users | jq fromjson` - - # Gather inputs - org=` - jq -r 'to_entries | map(.key)[]' <<< "$data" \ - | gum choose --header 'Which organisation?' --select-if-one - ` - user=` - jq -r --arg org "$org" '.[$org] | to_entries | map(.key)[]' <<< "$data" \ - | gum choose --header 'Which user?' --select-if-one - ` - - next=` - jq \ - --arg 'org' "$org" \ - --arg 'user' "$user" \ - --compact-output \ - 'del(.[$org][$user])' \ - <<< $data - ` - - gum spin --title "saving..." -- echo "$(cd .. && just vars set ulmo 'zitadel/users' "$next")" diff --git a/.just/vars.just b/.just/vars.just index 62a8bd9..79c1bda 100644 --- a/.just/vars.just +++ b/.just/vars.just @@ -1,38 +1,39 @@ set unstable := true set quiet := true -base_path := justfile_directory() + "/systems/x86_64-linux" +machine_base_path := justfile_directory() + "/machines" +secret_base_path := justfile_directory() + "/systems/x86_64-linux" _default: just --list vars [doc('List all vars of {machine}')] list machine: - sops decrypt {{ base_path }}/{{ machine }}/secrets.yml + sops decrypt {{ secret_base_path }}/{{ machine }}/secrets.yml [doc('Edit all vars of {machine} in your editor')] edit machine: - sops edit {{ base_path }}/{{ machine }}/secrets.yml + sops edit {{ secret_base_path }}/{{ machine }}/secrets.yml [doc('Set var {value} by {key} for {machine}')] @set machine key value: - sops set {{ base_path }}/{{ machine }}/secrets.yml "$(printf '%s\n' '["{{ key }}"]' | sed -E 's#/#"]["#g; s/\["([0-9]+)"\]/[\1]/g')" "\"$(echo '{{ value }}' | sed 's/\"/\\\"/g')\"" + sops set {{ secret_base_path }}/{{ machine }}/secrets.yml "$(printf '%s\n' '["{{ key }}"]' | sed -E 's#/#"]["#g; s/\["([0-9]+)"\]/[\1]/g')" "\"$(echo '{{ value }}' | sed 's/\"/\\\"/g')\"" - git add {{ base_path }}/{{ machine }}/secrets.yml - git commit -m 'chore(secrets): set secret "{{ key }}" for machine "{{ machine }}"' -- {{ base_path }}/{{ machine }}/secrets.yml > /dev/null + git add {{ secret_base_path }}/{{ machine }}/secrets.yml + git commit -m 'chore(secrets): set secret "{{ key }}" for machine "{{ machine }}"' -- {{ secret_base_path }}/{{ machine }}/secrets.yml > /dev/null echo "Done" [doc('Get var by {key} from {machine}')] get machine key: - sops decrypt {{ base_path }}/{{ machine }}/secrets.yml | yq ".$(echo "{{ key }}" | sed -E 's/\//./g') // \"\"" + sops decrypt {{ secret_base_path }}/{{ machine }}/secrets.yml | yq ".$(echo "{{ key }}" | sed -E 's/\//./g') // \"\"" [doc('Remove var by {key} for {machine}')] remove machine key: - sops unset {{ base_path }}/{{ machine }}/secrets.yml "$(printf '%s\n' '["{{ key }}"]' | sed -E 's#/#"]["#g; s/\["([0-9]+)"\]/[\1]/g')" + sops unset {{ secret_base_path }}/{{ machine }}/secrets.yml "$(printf '%s\n' '["{{ key }}"]' | sed -E 's#/#"]["#g; s/\["([0-9]+)"\]/[\1]/g')" - git add {{ base_path }}/{{ machine }}/secrets.yml - git commit -m 'chore(secrets): removed secret "{{ key }}" from machine "{{ machine }}"' -- {{ base_path }}/{{ machine }}/secrets.yml > /dev/null + git add {{ secret_base_path }}/{{ machine }}/secrets.yml + git commit -m 'chore(secrets): removed secret "{{ key }}" from machine "{{ machine }}"' -- {{ secret_base_path }}/{{ machine }}/secrets.yml > /dev/null echo "Done" @@ -59,7 +60,7 @@ _rotate machine key: check: cd .. - for machine in $(ls {{ base_path }}); do + for machine in $(ls {{ machine_base_path }}); do just vars _check "$machine" done @@ -70,14 +71,14 @@ _check machine: # we can skip this folder as we are # missing the files used to compare # the defined vs the configured secrets - if [ ! -f "{{ base_path }}/{{ machine }}/default.nix" ]; then + if [ ! -f "{{ machine_base_path }}/{{ machine }}/default.nix" ]; then printf "\r• %-8sskipped\n" "{{ machine }}" exit 0 fi exec 3< <(jq -nr \ --rawfile defined <(nix eval --json ..#nixosConfigurations.{{ machine }}.config.sops.secrets 2>/dev/null) \ - --rawfile configured <([ -f "{{ base_path }}/{{ machine }}/secrets.yml" ] && sops decrypt {{ base_path }}/{{ machine }}/secrets.yml | yq '.' || echo "{}") \ + --rawfile configured <([ -f "{{ secret_base_path }}/{{ machine }}/secrets.yml" ] && sops decrypt {{ secret_base_path }}/{{ machine }}/secrets.yml | yq '.' || echo "{}") \ ' [ $configured | fromjson | paths(scalars) | join("/") ] as $conf | $defined diff --git a/.justfile b/.justfile index cee0db9..7f91bca 100644 --- a/.justfile +++ b/.justfile @@ -3,34 +3,3 @@ [doc('Manage vars')] mod vars '.just/vars.just' - -[doc('Manage users')] -mod users '.just/users.just' - -[doc('Manage machines')] -mod machine '.just/machine.just' - -[doc('Show information about project')] -@show: - echo "show" - -[doc('update the flake dependencies')] -@update: - nix flake update - git commit -m 'chore: update dependencies' -- ./flake.lock > /dev/null - echo "Done" - -[doc('Introspection on flake output')] -@select key: - nix eval --show-trace --json .#{{ key }} | jq . - - - -#=============================================================================================== -# Utils -#=============================================================================================== -[no-exit-message] -[no-cd] -[private] -@assert condition message: - [ {{ condition }} ] || { echo -e 1>&2 "\n\x1b[1;41m Error \x1b[0m {{ message }}\n"; exit 1; } diff --git a/clan/flake-module.nix b/clan/flake-module.nix new file mode 100644 index 0000000..16a10f4 --- /dev/null +++ b/clan/flake-module.nix @@ -0,0 +1,43 @@ +{ + lib, + inputs, + ... +}: { + imports = [ + ./machines.nix + ./tags.nix + ./instances.nix + ]; + + clan = { + meta = { + name = "arda"; + domain = "arda"; + description = "My personal machines at home"; + }; + + directory = ../.; + + specialArgs = { + ardaLib = { + types = + ./types + |> (inputs.import-tree.withLib lib).leafs + |> lib.map (mod: { + name = mod |> lib.baseNameOf |> lib.splitString "." |> lib.head; + value = lib.types.submoduleWith {modules = [mod];}; + }) + |> lib.listToAttrs; + }; + }; + + exportInterfaces = + ./interfaces + |> (inputs.import-tree.withLib lib).leafs + |> lib.map (mod: { + name = mod |> lib.baseNameOf |> lib.splitString "." |> lib.head; + value = import mod; + }) + |> lib.listToAttrs; + }; +} diff --git a/clan/instances.nix b/clan/instances.nix new file mode 100644 index 0000000..57d06f6 --- /dev/null +++ b/clan/instances.nix @@ -0,0 +1,253 @@ +{ + self, + inputs, + ... +}: let + db = + self.clan.exports + |> inputs.clan-core.lib.getExport { + serviceName = "arda/persistence"; + roleName = "default"; + machineName = "ulmo"; + instanceName = "persistence"; + } + |> (v: v.persistence.driver.${v.persistence.main}); +in { + clan.inventory.instances = { + users-chris = { + module = { + name = "users"; + input = "clan-core"; + }; + + roles.default.machines.mandos.settings = {}; + roles.default.machines.manwe.settings = {}; + roles.default.machines.orome.settings = {}; + roles.default.machines.tulkas.settings = {}; + + roles.default.settings = { + user = "chris"; + groups = ["wheel"]; + prompt = true; + share = true; + }; + }; + + clanDns = { + module = { + name = "dm-dns"; + input = "clan-core"; + }; + + roles.default.tags = ["all"]; + }; + + gateway = { + module = { + name = "gateway"; + input = "self"; + }; + + roles.default = { + tags = ["operational:role:gateway"]; + + settings = { + driver = "caddy"; + + hosts = { + "auth.kruining.eu" = '' + reverse_proxy h2c://[::1]:9092 + ''; + }; + }; + }; + }; + + persistence = { + module = { + name = "persistence"; + input = "self"; + }; + + roles.default.tags = ["operational:availability:always-on" "operational:storage:large"]; + }; + + identity = { + module = { + name = "identity"; + input = "self"; + }; + + roles.default = { + tags = ["operational:availability:always-on"]; + + settings = { + database = db; + + organization = { + nix = { + user = { + chris = { + email = "chris@kruining.eu"; + firstName = "Chris"; + lastName = "Kruining"; + + roles = ["ORG_OWNER"]; + instanceRoles = ["IAM_OWNER"]; + }; + + kaas = { + email = "chris+kaas@kruining.eu"; + firstName = "Kaas"; + lastName = "Kruining"; + }; + }; + + project = { + ulmo = { + projectRoleCheck = true; + projectRoleAssertion = true; + hasProjectCheck = true; + + role = { + jellyfin = { + group = "jellyfin"; + }; + jellyfin_admin = { + group = "jellyfin"; + }; + }; + + assign = { + chris = ["jellyfin" "jellyfin_admin"]; + kaas = ["jellyfin"]; + }; + + application = { + jellyfin = { + redirectUris = ["https://jellyfin.kruining.eu/sso/OID/redirect/zitadel"]; + grantTypes = ["authorizationCode"]; + responseTypes = ["code"]; + }; + + forgejo = { + redirectUris = ["https://git.amarth.cloud/user/oauth2/zitadel/callback"]; + grantTypes = ["authorizationCode"]; + responseTypes = ["code"]; + }; + + vaultwarden = { + redirectUris = ["https://vault.kruining.eu/identity/connect/oidc-signin"]; + grantTypes = ["authorizationCode"]; + responseTypes = ["code"]; + exportMap = { + client_id = "SSO_CLIENT_ID"; + client_secret = "SSO_CLIENT_SECRET"; + }; + }; + + matrix = { + redirectUris = ["https://matrix.kruining.eu/_synapse/client/oidc/callback"]; + grantTypes = ["authorizationCode"]; + responseTypes = ["code"]; + }; + + mydia = { + redirectUris = ["http://localhost:2010/auth/oidc/callback"]; + grantTypes = ["authorizationCode"]; + responseTypes = ["code"]; + }; + + grafana = { + redirectUris = ["http://localhost:9001/login/generic_oauth"]; + grantTypes = ["authorizationCode"]; + responseTypes = ["code"]; + }; + }; + }; + + convex = { + projectRoleCheck = true; + projectRoleAssertion = true; + hasProjectCheck = true; + + application = { + scry = { + redirectUris = ["https://nautical-salamander-320.eu-west-1.convex.cloud/api/auth/callback/zitadel"]; + grantTypes = ["authorizationCode"]; + responseTypes = ["code"]; + }; + }; + }; + }; + + action = { + flattenRoles = { + script = '' + (ctx, api) => { + if (ctx.v1.user.grants == undefined || ctx.v1.user.grants.count == 0) { + return; + } + + const roles = ctx.v1.user.grants.grants.flatMap(({ roles, projectId }) => roles.map(role => projectId + ':' + role)); + + api.v1.claims.setClaim('nix:zitadel:custom', JSON.stringify({ roles })); + }; + ''; + }; + }; + + triggers = [ + { + flowType = "customiseToken"; + triggerType = "preUserinfoCreation"; + actions = ["flattenRoles"]; + } + { + flowType = "customiseToken"; + triggerType = "preAccessTokenCreation"; + actions = ["flattenRoles"]; + } + ]; + }; + }; + }; + }; + }; + + servarr = { + module = { + name = "servarr"; + input = "self"; + }; + + roles.default = { + tags = ["operational:availability:always-on"]; + + settings = { + enable = true; + database = db; + + services = { + sonarr = { + rootFolders = [ + "/var/media/series" + ]; + }; + radarr = { + rootFolders = [ + "/var/media/movies" + ]; + }; + lidarr = { + rootFolders = [ + "/var/media/music" + ]; + }; + prowlarr = {}; + }; + }; + }; + }; + }; +} diff --git a/clan/interfaces/gateway.nix b/clan/interfaces/gateway.nix new file mode 100644 index 0000000..c8faf04 --- /dev/null +++ b/clan/interfaces/gateway.nix @@ -0,0 +1,94 @@ +{lib, ...}: let + inherit (lib) mkOption types; +in { + options = { + services = mkOption { + type = types.attrsOf (types.submodule ({name, ...}: { + options = { + name = mkOption { + type = types.str; + default = name; + }; + + endpoint = mkOption { + type = types.submoduleWith { + modules = [../types/endpoint.nix]; + }; + default = {}; + apply = attrs: + attrs + // { + __toString = self: let + protocol = + if self.protocol != null + then "${self.protocol}://" + else ""; + + port = + if self.port != null + then ":${toString self.port}" + else ""; + + path = + if self.path != null + then "/${self.path}" + else ""; + + query = + if self.query != null + then "?${toString self.query + |> lib.attrsToList + |> lib.map ({ + name, + value, + }: "${name}=${value}")}" + else ""; + + hash = + if self.hash != null + then "#${toString self.hash + |> lib.attrsToList + |> lib.map ({ + name, + value, + }: "${name}=${value}")}" + else ""; + in "${protocol}${self.host}${port}${path}${query}${hash}"; + }; + }; + + # protocol = mkOption { + # type = types.str; + # default = "http"; + # }; + + # host = mkOption { + # type = types.str; + # default = "[::1]"; + # }; + + # port = mkOption { + # type = types.port; + # }; + }; + })); + default = {}; + }; + + functions = mkOption { + type = types.attrsOf (types.submodule ({name, ...}: { + options = { + name = mkOption { + type = types.str; + default = name; + }; + + body = mkOption { + type = types.str; + }; + }; + })); + default = {}; + }; + }; +} diff --git a/clan/interfaces/persistence.nix b/clan/interfaces/persistence.nix new file mode 100644 index 0000000..878d4c5 --- /dev/null +++ b/clan/interfaces/persistence.nix @@ -0,0 +1,24 @@ +{lib, ...}: let + inherit (lib) mkOption types; +in { + options = { + main = mkOption { + type = types.nullOr types.str; + default = null; + }; + + driver = mkOption { + type = types.attrsOf (types.submoduleWith { + modules = [ + ../types/endpoint.nix + ]; + }); + default = {}; + }; + + databases = mkOption { + type = types.listOf types.str; + default = []; + }; + }; +} diff --git a/clan/machines.nix b/clan/machines.nix new file mode 100644 index 0000000..f838aeb --- /dev/null +++ b/clan/machines.nix @@ -0,0 +1,75 @@ +{...}: { + clan.inventory.machines = { + aule = { + name = "aule"; + description = "Planned build server."; + machineClass = "nixos"; + tags = []; + }; + mandos = { + name = "mandos"; + description = "Living room Steam box."; + machineClass = "nixos"; + tags = [ + "capability:mobility:stationary" + "operational:availability:wake-on-demand" + ]; + }; + manwe = { + name = "manwe"; + description = "Main desktop."; + machineClass = "nixos"; + tags = [ + "capability:mobility:stationary" + "operational:availability:manual" + ]; + }; + melkor = { + name = "melkor"; + description = "Planned machine with no defined role yet."; + machineClass = "nixos"; + tags = []; + }; + orome = { + name = "orome"; + description = "Work laptop."; + machineClass = "nixos"; + tags = [ + "capability:mobility:portable" + "operational:availability:manual" + ]; + }; + tulkas = { + name = "tulkas"; + description = "Steam Deck."; + machineClass = "nixos"; + tags = [ + "capability:mobility:portable" + "operational:availability:manual" + ]; + }; + ulmo = { + name = "ulmo"; + description = "Primary self-hosted services machine."; + machineClass = "nixos"; + tags = [ + "capability:mobility:stationary" + "operational:availability:always-on" + "operational:storage:large" + "operational:role:gateway" + ]; + }; + varda = { + name = "varda"; + description = "Planned machine with no defined role yet."; + machineClass = "nixos"; + tags = []; + }; + yavanna = { + name = "yavanna"; + description = "Planned machine with no defined role yet."; + machineClass = "nixos"; + tags = []; + }; + }; +} diff --git a/clan/tags.nix b/clan/tags.nix new file mode 100644 index 0000000..1c5256c --- /dev/null +++ b/clan/tags.nix @@ -0,0 +1,12 @@ +{...}: { + clan.inventory.tags = { + config, + machines, + ... + }: { + # tag_name = [ "list" "of" "machines" ] + "capability:hardware:gpu" = [""]; + "capability:hardware:audio" = [""]; + "capability:hardware:bluetooth" = [""]; + }; +} diff --git a/clan/types/endpoint.nix b/clan/types/endpoint.nix new file mode 100644 index 0000000..fab5a86 --- /dev/null +++ b/clan/types/endpoint.nix @@ -0,0 +1,45 @@ +{lib, ...}: let + inherit (lib) mkOption types; +in { + options = { + protocol = mkOption { + type = types.str; + default = "http"; + }; + + host = mkOption { + type = types.str; + default = "localhost"; + }; + + port = mkOption { + type = types.nullOr types.port; + default = null; + }; + + user = mkOption { + type = types.nullOr types.str; + default = null; + }; + + password = mkOption { + type = types.nullOr types.str; + default = null; + }; + + path = mkOption { + type = types.nullOr types.str; + default = null; + }; + + query = mkOption { + type = types.nullOr (types.attrsOf types.str); + default = null; + }; + + hash = mkOption { + type = types.nullOr (types.attrsOf types.str); + default = null; + }; + }; +} diff --git a/clanServices/flake-module.nix b/clanServices/flake-module.nix new file mode 100644 index 0000000..141d07b --- /dev/null +++ b/clanServices/flake-module.nix @@ -0,0 +1,19 @@ +{lib, ...}: { + imports = + ./. + |> builtins.readDir + |> lib.attrsToList + |> builtins.map ({ + name, + value, + }: { + type = value; + path = ./. + "/${name}/flake-module.nix"; + }) + |> builtins.filter ({ + type, + path, + }: + type == "directory" && (builtins.pathExists path)) + |> builtins.map ({path, ...}: path); +} diff --git a/clanServices/gateway/README.md b/clanServices/gateway/README.md new file mode 100644 index 0000000..e69de29 diff --git a/clanServices/gateway/default.nix b/clanServices/gateway/default.nix new file mode 100644 index 0000000..2c6a311 --- /dev/null +++ b/clanServices/gateway/default.nix @@ -0,0 +1,92 @@ +{ + lib, + clanLib, + exports, + ... +}: let + inherit (builtins) toString; +in { + _class = "clan.service"; + manifest = { + name = "arda/gateway"; + description = '' + ''; + readme = builtins.readFile ./README.md; + exports = { + inputs = []; + out = []; + }; + }; + + roles.default = { + description = ''''; + + interface = {lib, ...}: let + inherit (lib) mkOption types; + in { + options = { + driver = mkOption { + type = types.enum ["caddy" "nginx"]; + }; + + hosts = mkOption { + type = types.attrsOf types.str; + default = {}; + }; + }; + }; + + perInstance = { + mkExports, + machine, + settings, + ... + }: let + reverse_proxies = + exports + |> clanLib.selectExports (_scope: true) + |> lib.mapAttrsToList (_: value: (value.gateway.services or {}) |> lib.attrValues) + |> lib.concatLists + |> lib.map ({ + name, + endpoint, + }: { + name = "${name}.${machine.name}.arda"; + value = { + extraConfig = '' + reverse_proxy ${toString endpoint} + ''; + }; + }) + |> lib.listToAttrs; + in { + # exports = + # mkExports { + # }; + + nixosModule = { + lib, + pkgs, + ... + }: let + inherit (lib) mkMerge mkIf; + + caddyPackage = pkgs.caddy.withPlugins { + plugins = ["github.com/corazawaf/coraza-caddy/v2@v2.1.0"]; + hash = "sha256-pSXjLaZoRtKV3eFl2ySRSjl3yxi514G1Cb7pfrpxxtE="; + }; + in { + config = mkMerge [ + (lib.mkIf (settings.driver == "caddy") { + services.caddy = { + enable = true; + package = caddyPackage; + + virtualHosts = reverse_proxies // {}; + }; + }) + ]; + }; + }; + }; +} diff --git a/clanServices/gateway/flake-module.nix b/clanServices/gateway/flake-module.nix new file mode 100644 index 0000000..a53d5d7 --- /dev/null +++ b/clanServices/gateway/flake-module.nix @@ -0,0 +1,13 @@ +{...}: let + module = ./default.nix; +in { + clan.modules.gateway = module; + + # perSystem = {...}: { + # clan.nixosTests.gateway = { + # imports = []; + + # clan.modules."@arda/gateway" = module; + # }; + # }; +} diff --git a/clanServices/identity/README.md b/clanServices/identity/README.md new file mode 100644 index 0000000..e69de29 diff --git a/clanServices/identity/default.nix b/clanServices/identity/default.nix new file mode 100644 index 0000000..1030ebb --- /dev/null +++ b/clanServices/identity/default.nix @@ -0,0 +1,518 @@ +{ + lib, + clanLib, + exports, + ... +}: let + inherit (builtins) toString readFile; + inherit (lib) mkMerge mkIf; +in { + _class = "clan.service"; + manifest = { + name = "arda/identity"; + description = '' + ''; + readme = readFile ./README.md; + exports = { + inputs = ["persistence"]; + out = ["gateway" "persistence"]; + }; + }; + + roles.default = { + description = ''''; + + interface = {lib, ...}: let + inherit (lib) mkOption types toSentenceCase literalExpression; + in { + options = { + driver = mkOption { + type = types.enum ["zitadel"]; + default = "zitadel"; + }; + + database = mkOption { + type = types.anything; + }; + + port = mkOption { + type = types.port; + default = 9092; + }; + + organization = mkOption { + type = types.attrsOf (types.submodule ({ name, ... }: { + options = + let + org = name; + in + { + isDefault = mkOption { + type = types.bool; + default = false; + example = "true"; + description = '' + True sets the '${org}' org as default org for the instance. Only one org can be default org. + Nothing happens if you set it to false until you set another org as default org. + ''; + }; + + project = mkOption { + default = {}; + type = types.attrsOf (types.submodule { + options = { + hasProjectCheck = mkOption { + type = types.bool; + default = false; + example = "true"; + description = '' + ZITADEL checks if the org of the user has permission to this project. + ''; + }; + + privateLabelingSetting = mkOption { + type = types.nullOr (types.enum [ "unspecified" "enforceProjectResourceOwnerPolicy" "allowLoginUserResourceOwnerPolicy" ]); + default = null; + example = "enforceProjectResourceOwnerPolicy"; + description = '' + Defines from where the private labeling should be triggered, + + supported values: + - unspecified + - enforceProjectResourceOwnerPolicy + - allowLoginUserResourceOwnerPolicy + ''; + }; + + projectRoleAssertion = mkOption { + type = types.bool; + default = false; + example = "true"; + description = '' + Describes if roles of user should be added in token. + ''; + }; + + projectRoleCheck = mkOption { + type = types.bool; + default = false; + example = "true"; + description = '' + ZITADEL checks if the user has at least one on this project. + ''; + }; + + role = mkOption { + default = {}; + type = types.attrsOf (types.submodule ({ name, ... }: { + options = + let + roleName = name; + in + { + displayName = mkOption { + type = types.str; + default = toSentenceCase name; + example = "RoleName"; + description = '' + Name used for project role. + ''; + }; + + group = mkOption { + type = types.nullOr types.str; + default = null; + example = "some_group"; + description = '' + Group used for project role. + ''; + }; + }; + })); + }; + + assign = mkOption { + default = {}; + type = types.attrsOf (types.listOf types.str); + }; + + application = mkOption { + default = {}; + type = types.attrsOf (types.submodule { + options = { + redirectUris = mkOption { + type = types.nonEmptyListOf types.str; + example = '' + [ "https://example.com/redirect/url" ] + ''; + description = '' + . + ''; + }; + + grantTypes = mkOption { + type = types.nonEmptyListOf (types.enum [ "authorizationCode" "implicit" "refreshToken" "deviceCode" "tokenExchange" ]); + example = '' + [ "authorizationCode" ] + ''; + description = '' + . + ''; + }; + + responseTypes = mkOption { + type = types.nonEmptyListOf (types.enum [ "code" "idToken" "idTokenToken" ]); + example = '' + [ "code" ] + ''; + description = '' + . + ''; + }; + + exportMap = + let + strOpt = mkOption { type = types.nullOr types.str; default = null; }; + in + mkOption { + type = types.submodule { options = { client_id = strOpt; client_secret = strOpt; }; }; + default = {}; + example = literalExpression '' + { + client_id = "SSO_CLIENT_ID"; + client_secret = "SSO_CLIENT_SECRET"; + } + ''; + description = '' + Remap the outputted variables to another key. + ''; + }; + }; + }); + }; + }; + }); + }; + + user = mkOption { + default = {}; + type = types.attrsOf (types.submodule ({ name, ... }: { + options = + let + username = name; + in + { + email = mkOption { + type = types.str; + example = "someone@some.domain"; + description = '' + Username. + ''; + }; + + userName = mkOption { + type = types.nullOr types.str; + default = username; + example = "some_user_name"; + description = '' + Username. Default value is the key of the config object you created, you can overwrite that by setting this option + ''; + }; + + firstName = mkOption { + type = types.str; + example = "John"; + description = '' + First name of the user. + ''; + }; + + lastName = mkOption { + type = types.str; + example = "Doe"; + description = '' + Last name of the user. + ''; + }; + + roles = mkOption { + type = types.listOf types.str; + default = []; + example = "[ \"ORG_OWNER\" ]"; + description = '' + List of roles granted to organisation. + ''; + }; + + instanceRoles = mkOption { + type = types.listOf types.str; + default = []; + example = "[ \"IAM_OWNER\" ]"; + description = '' + List of roles granted to instance. + ''; + }; + }; + })); + }; + + action = mkOption { + default = {}; + type = types.attrsOf (types.submodule ({ name, ... }: { + options = { + script = mkOption { + type = types.str; + example = '' + (ctx, api) => { + api.v1.claims.setClaim('some_claim', 'some_value'); + }; + ''; + description = '' + The script to run. This must be a function that receives 2 parameters, and returns void. During the creation of the action's script this module simly does `const {{name}} = {{script}}`. + ''; + }; + + timeout = mkOption { + type = (types.ints.between 0 20); + default = 10; + example = "10"; + description = '' + After which time the action will be terminated if not finished. + ''; + }; + + allowedToFail = mkOption { + type = types.bool; + default = true; + example = "true"; + description = '' + Allowed to fail. + ''; + }; + }; + })); + }; + + triggers = mkOption { + default = []; + type = types.listOf (types.submodule { + options = { + flowType = mkOption { + type = types.enum [ "authentication" "customiseToken" "internalAuthentication" "samlResponse" ]; + example = "customiseToken"; + description = '' + Type of the flow to which the action triggers belong. + ''; + }; + + triggerType = mkOption { + type = types.enum [ "postAuthentication" "preCreation" "postCreation" "preUserinfoCreation" "preAccessTokenCreation" "preSamlResponse" ]; + example = "postAuthentication"; + description = '' + Trigger type on when the actions get triggered. + ''; + }; + + actions = mkOption { + type = types.nonEmptyListOf types.str; + example = ''[ "action_name" ]''; + description = '' + Names of actions to trigger + ''; + }; + }; + }); + }; + }; + })); + }; + }; + }; + + perInstance = { + mkExports, + settings, + machine, + instanceName, + ... + }: { + exports = mkExports (mkMerge [ + { + gateway.services.identity = {endpoint.port = settings.port;}; + } + (mkIf (settings.driver == "zitadel") { + gateway.functions.auth = { + body = '' + forward_auth h2c://[::1]:${toString settings.port} { + uri /api/authz/forward-auth + copy_headers Remote-User Remote-Groups Remote-Email Remote-Name + } + ''; + }; + + persistence.databases = ["zitadel"]; + }) + ]); + + nixosModule = args@{ + lib, + pkgs, + config, + ... + }: let + vars = config.clan.core.vars.generators.zitadel.files; + users = config.clan.core.vars.generators.zitadel_users.files.users.path; + email_password = config.clan.core.vars.generators.zitadel_email_password.files.password.path; + + ardaLib = import ../../lib/strings.nix args; + zLib = import ./lib.nix (args // {inherit settings ardaLib;}); + in { + config = mkMerge [ + (mkIf (settings.driver == "zitadel") ({ + clan.core.vars.generators.zitadel = { + dependencies = ["persistence"]; + + files = { + masterKey = { + deploy = true; + owner = "zitadel"; + group = "zitadel"; + restartUnits = ["zitadel.service"]; + }; + + settings = { + deploy = true; + owner = "zitadel"; + group = "zitadel"; + restartUnits = ["zitadel.service"]; + }; + + infraPrivateKey = { + deploy = true; + owner = "zitadel"; + group = "zitadel"; + restartUnits = ["zitadel.service"]; + }; + + infraPublicKey = { + deploy = true; + owner = "zitadel"; + group = "zitadel"; + restartUnits = ["zitadel.service"]; + }; + }; + + runtimeInputs = with pkgs; [pwgen openssl_3_5]; + script = '' + pwgen -s 32 1 > $out/masterKey + + openssl genrsa -traditional -out $out/infraPrivateKey 2048 + openssl rsa -pubout -in $out/infraPrivateKey -out $out/infraPublicKey + + cat << EOL > $out/settings + Database: + postgres: + User: + Password: $(cat $in/persistence/zitadel_password) + Admin: + Password: $(cat $in/persistence/zitadel_password) + EOL + ''; + }; + + clan.core.vars.generators.zitadel_users = { + files = { + users = { + deploy = true; + owner = "zitadel"; + group = "zitadel"; + restartUnits = ["infra-zitadel.service"]; + }; + }; + + script = '' + echo "{}" > $out/users + ''; + }; + + clan.core.vars.generators.zitadel_email_password = { + prompts = { + password = { + description = "password to email for zitadel's smpt connection"; + type = "hidden"; + persist = true; + }; + }; + + files = { + password = { + deploy = true; + owner = "zitadel"; + group = "zitadel"; + restartUnits = ["infra-zitadel.service"]; + }; + }; + + script = '' + cat $prompts/password > $out/password + ''; + }; + + environment.systemPackages = with pkgs; [ + zitadel + ]; + + services.zitadel = { + enable = true; + masterKeyFile = vars.masterKey.path; + + tlsMode = "external"; + + extraSettingsPaths = [ + vars.settings.path + ]; + + settings = { + Port = settings.port; + + ExternalDomain = "auth.kruining.eu"; + ExternalPort = 443; + ExternalSecure = true; + + Metrics.Type = "otel"; + Tracing.Type = "otel"; + Telemetry.Enabled = true; + + SystemDefaults = { + PasswordHasher.Hasher.Algorithm = "argon2id"; + SecretHasher.Hasher.Algorithm = "argon2id"; + }; + + Database.postgres = { + Host = settings.database.host; + Port = settings.database.port; + Database = "zitadel"; + User = { + Username = "zitadel"; + }; + Admin = { + Username = "zitadel"; + }; + }; + + SystemAPIUsers = { + infra = { + Path = vars.infraPublicKey.path; + Memberships = [ + { MemberType = "System"; Roles = [ "SYSTEM_OWNER" "IAM_OWNER" "ORG_OWNER" ]; } + ]; + }; + }; + }; + }; + } // (zLib.createInfra { inherit users email_password; key_file = vars.infraPrivateKey.path; }))) + ]; + }; + }; + }; +} diff --git a/clanServices/identity/flake-module.nix b/clanServices/identity/flake-module.nix new file mode 100644 index 0000000..1dd8972 --- /dev/null +++ b/clanServices/identity/flake-module.nix @@ -0,0 +1,13 @@ +{...}: let + module = ./default.nix; +in { + clan.modules.identity = module; + + # perSystem = {...}: { + # clan.nixosTests.identity = { + # imports = []; + + # clan.modules."@arda/identity" = module; + # }; + # }; +} diff --git a/clanServices/identity/lib.nix b/clanServices/identity/lib.nix new file mode 100644 index 0000000..1783529 --- /dev/null +++ b/clanServices/identity/lib.nix @@ -0,0 +1,372 @@ +{ + lib, + ardaLib, + self, + pkgs, + settings, + ... +}: let + createTerranixModule = { + users, + email_password, + key_file, + ... + }: terra: let + inherit (lib) toUpper toSentenceCase nameValuePair mapAttrs mapAttrs' concatMapAttrs concatMapStringsSep filterAttrsRecursive listToAttrs imap0 head drop length literalExpression attrNames; + inherit (ardaLib) toSnakeCase; + inherit (terra.lib) tfRef; + + _refTypeMap = { + org = {type = "org";}; + project = {type = "project";}; + user = { + type = "user"; + tfType = "human_user"; + }; + }; + + mapRef' = { + type, + tfType ? type, + }: name: {"${type}Id" = "\${ resource.zitadel_${tfType}.${toSnakeCase name}.id }";}; + mapRef = type: name: mapRef' (_refTypeMap.${type}) name; + mapEnum = prefix: value: "${prefix}_${value |> toSnakeCase |> toUpper}"; + + mapValue = type: value: ({ + appType = mapEnum "OIDC_APP_TYPE" value; + grantTypes = map (t: mapEnum "OIDC_GRANT_TYPE" t) value; + responseTypes = map (t: mapEnum "OIDC_RESPONSE_TYPE" t) value; + authMethodType = mapEnum "OIDC_AUTH_METHOD_TYPE" value; + + flowType = mapEnum "FLOW_TYPE" value; + triggerType = mapEnum "TRIGGER_TYPE" value; + accessTokenType = mapEnum "OIDC_TOKEN_TYPE" value; + }."${type}" or value); + + toResource = name: value: + nameValuePair + (toSnakeCase name) + (lib.mapAttrs' (k: v: nameValuePair (toSnakeCase k) (mapValue k v)) value); + + withRef = type: name: attrs: attrs // (mapRef type name); + + select = keys: callback: set: + if (length keys) == 0 + then mapAttrs' callback set + else let + key = head keys; + in + concatMapAttrs (k: v: select (drop 1 keys) (callback k) (v.${key} or {})) set; + + append = attrList: set: set // (listToAttrs attrList); + + forEach = src: key: set: let + _key = concatMapStringsSep "_" (k: "\${item.${k}}") key; + in + { + forEach = tfRef '' { + for item in ${src} : + "''${item.org}_''${item.name}" => item + }''; + } + // set; + in { + terraform.required_providers.zitadel = { + source = "zitadel/zitadel"; + version = "2.2.0"; + }; + + provider.zitadel = { + domain = "auth.kruining.eu"; + insecure = false; + + system_api = { + user = "infra"; + inherit key_file; + }; + }; + + locals = { + extra_users = tfRef " + flatten([ for org, users in jsondecode(file(\"${users}\")): [ + for name, details in users: { + org = org + name = name + email = details.email + firstName = details.firstName + lastName = details.lastName + } + ] ]) + "; + orgs = settings.organization |> mapAttrs (org: _: tfRef "resource.zitadel_org.${org}.id"); + }; + + resource = { + # Organizations + zitadel_org = + settings.organization + |> select [] ( + name: {isDefault, ...}: + {inherit name isDefault;} + |> toResource name + ); + + # Projects per organization + zitadel_project = + settings.organization + |> select ["project"] ( + org: name: { + hasProjectCheck, + privateLabelingSetting, + projectRoleAssertion, + projectRoleCheck, + ... + }: + { + inherit name hasProjectCheck privateLabelingSetting projectRoleAssertion projectRoleCheck; + } + |> withRef "org" org + |> toResource "${org}_${name}" + ); + + # Each OIDC app per project + zitadel_application_oidc = + settings.organization + |> select ["project" "application"] ( + org: project: name: { + redirectUris, + grantTypes, + responseTypes, + ... + }: + { + inherit name redirectUris grantTypes responseTypes; + + accessTokenRoleAssertion = true; + idTokenRoleAssertion = true; + accessTokenType = "JWT"; + } + |> withRef "org" org + |> withRef "project" "${org}_${project}" + |> toResource "${org}_${project}_${name}" + ); + + # Each project role + zitadel_project_role = + settings.organization + |> select ["project" "role"] ( + org: project: name: value: + { + inherit (value) displayName group; + roleKey = name; + } + |> withRef "org" org + |> withRef "project" "${org}_${project}" + |> toResource "${org}_${project}_${name}" + ); + + # Each project role assignment + zitadel_user_grant = + settings.organization + |> select ["project" "assign"] ( + org: project: user: roles: + {roleKeys = roles;} + |> withRef "org" org + |> withRef "project" "${org}_${project}" + |> withRef "user" "${org}_${user}" + |> toResource "${org}_${project}_${user}" + ); + + # Users + zitadel_human_user = + settings.organization + |> select ["user"] ( + org: name: { + email, + userName, + firstName, + lastName, + ... + }: + { + inherit email userName firstName lastName; + + isEmailVerified = true; + lifecycle = { + ignore_changes = ["first_name" "last_name" "user_name"]; + }; + } + |> withRef "org" org + |> toResource "${org}_${name}" + ) + |> append [ + (forEach "local.extra_users" ["org" "name"] { + orgId = tfRef "local.orgs[each.value.org]"; + userName = tfRef "each.value.name"; + email = tfRef "each.value.email"; + firstName = tfRef "each.value.firstName"; + lastName = tfRef "each.value.lastName"; + + isEmailVerified = true; + } + |> toResource "extraUsers") + ]; + + # Global user roles + zitadel_instance_member = + settings.organization + |> filterAttrsRecursive (n: v: !(v ? "instanceRoles" && (length v.instanceRoles) == 0)) + |> select ["user"] ( + org: name: {instanceRoles, ...}: + {roles = instanceRoles;} + |> withRef "user" "${org}_${name}" + |> toResource "${org}_${name}" + ); + + # Organazation specific roles + zitadel_org_member = + settings.organization + |> filterAttrsRecursive (n: v: !(v ? "roles" && (length v.roles) == 0)) + |> select ["user"] ( + org: name: {roles, ...}: + {inherit roles;} + |> withRef "org" org + |> withRef "user" "${org}_${name}" + |> toResource "${org}_${name}" + ); + + # Organazation's actions + zitadel_action = + settings.organization + |> select ["action"] ( + org: name: { + timeout, + allowedToFail, + script, + ... + }: + { + inherit allowedToFail name; + timeout = "${toString timeout}s"; + script = "const ${name} = ${script}"; + } + |> withRef "org" org + |> toResource "${org}_${name}" + ); + + # Organazation's action assignments + zitadel_trigger_actions = + settings.organization + |> concatMapAttrs ( + org: {triggers, ...}: + triggers + |> imap0 (i: { + flowType, + triggerType, + actions, + ... + }: ( + let + name = "trigger_${toString i}"; + in + { + inherit flowType triggerType; + + actionIds = + actions + |> map (action: (tfRef "zitadel_action.${org}_${toSnakeCase action}.id")); + } + |> withRef "org" org + |> toResource "${org}_${name}" + )) + |> listToAttrs + ); + + # SMTP config + zitadel_smtp_config.default = { + sender_address = "chris@kruining.eu"; + sender_name = "no-reply (Zitadel)"; + tls = true; + host = "black-mail.nl:587"; + user = "chris@kruining.eu"; + password = tfRef "file(\"${email_password}\")"; + set_active = true; + }; + + # Client credentials per app + local_sensitive_file = + settings.organization + |> select ["project" "application"] ( + org: project: name: {exportMap, ...}: + nameValuePair "${org}_${project}_${name}" { + content = '' + ${ + if exportMap.client_id != null + then exportMap.client_id + else "CLIENT_ID" + }=${tfRef "resource.zitadel_application_oidc.${org}_${project}_${name}.client_id"} + ${ + if exportMap.client_secret != null + then exportMap.client_secret + else "CLIENT_SECRET" + }=${tfRef "resource.zitadel_application_oidc.${org}_${project}_${name}.client_secret"} + ''; + filename = "/var/lib/zitadel/clients/${org}_${project}_${name}"; + } + ); + }; + }; +in { + createInfra = args @ {...}: let + tofu = "${lib.getExe pkgs.opentofu} -input=false"; + terraformConfiguration = self.inputs.terranix.lib.terranixConfiguration { + system = pkgs.stdenv.hostPlatform.system; + modules = [ + (createTerranixModule args) + ]; + }; + in { + systemd.services."infra-zitadel" = { + description = "Infra for Zitadel"; + + wantedBy = ["multi-user.target"]; + wants = ["zitadel.service"]; + after = ["zitadel.service"]; + + preStart = '' + install -d -m 0770 -o zitadel -g media /var/lib/infra-zitadel + ''; + + script = '' + # Sleep for a bit to give the service a chance to start up + sleep 5s + + if [ "$(systemctl is-active zitadel)" != "active" ]; then + echo "zitadel is not running" + exit 1 + fi + + # Print the path to the source for easier debugging + echo "config location: ${terraformConfiguration}" + + # Copy infra code into workspace + cp -f ${terraformConfiguration} config.tf.json + + # Initialize OpenTofu + ${tofu} init + + # Run the infrastructure code + ${tofu} plan -out=tfplan + ${tofu} apply -json -auto-approve tfplan + ''; + + serviceConfig = { + Type = "oneshot"; + User = "zitadel"; + Group = "zitadel"; + + StateDirectory = "/var/lib/infra-zitadel"; + }; + }; + }; +} diff --git a/clanServices/peristence/README.md b/clanServices/peristence/README.md new file mode 100644 index 0000000..e69de29 diff --git a/clanServices/peristence/default.nix b/clanServices/peristence/default.nix new file mode 100644 index 0000000..a06e73a --- /dev/null +++ b/clanServices/peristence/default.nix @@ -0,0 +1,169 @@ +{ + lib, + clanLib, + exports, + ... +}: let + inherit (builtins) toString; +in { + _class = "clan.service"; + manifest = { + name = "arda/persistence"; + description = '' + Configuration of persistence resrouce(s) + (for now this means a database. and specifically it means postgres) + ''; + readme = builtins.readFile ./README.md; + exports = { + inputs = ["persistence"]; + out = ["persistence"]; + }; + }; + + roles.default = { + description = ''''; + + interface = {lib, ...}: let + inherit (lib) mkOption types; + in { + options = { + port = mkOption { + type = types.port; + default = 5432; + }; + }; + }; + + perInstance = { + mkExports, + machine, + settings, + ... + }: let + requested_databases = + exports + |> clanLib.selectExports (_scope: true) + |> lib.mapAttrsToList (_: value: value.persistence.databases or []) + |> lib.concatLists; + in { + exports = mkExports { + persistence = { + main = "postgresql"; + driver.postgresql = { + host = "localhost"; + port = settings.port; + }; + }; + }; + + nixosModule = { + lib, + pkgs, + config, + ... + }: { + clan.core.vars.generators.postgresql = let + password_files = + requested_databases + |> lib.map (db: [ + { + name = "${db}_password"; + value = { + secret = true; + deploy = false; + }; + } + ]) + |> lib.concatLists + |> lib.listToAttrs; + in { + files = + { + "server.crt" = { + secret = true; + deploy = true; + }; + "server.key" = { + secret = true; + deploy = true; + }; + ".pgpass" = { + secret = true; + deploy = true; + + owner = "postgres"; + group = "postgres"; + mode = "0600"; + restartUnits = ["postgresql.service"]; + }; + } + // password_files; + + runtimeInputs = with pkgs; [openssl_3_5 pwgen]; + script = '' + openssl req \ + -new -x509 -days 365 -nodes -text \ + -out $out/server.crt \ + -keyout $out/server.key \ + -subj "/CN=db.${config.networking.fqdn}" + + ${requested_databases + |> lib.map (db: "pwgen -s 128 1 > $out/${db}_password") + |> lib.join "\n"} + + cat << EOL > $out/.pgpass + #host:port:database:user:password + ${requested_databases + |> lib.map (db: "*:${toString settings.port}:${db}:${db}:$(cat $out/${db}_password)") + |> lib.join "\n"} + EOL + ''; + }; + + systemd.services.postgresql.environment.PGPASSFILE = config.clan.core.vars.generators.postgresql.files.".pgpass".path; + + services = { + postgresql = { + enable = true; + # enableTCPIP = true; + + settings = { + port = settings.port; + ssl = true; + }; + + ensureDatabases = requested_databases; + ensureUsers = + requested_databases + |> lib.map (db: { + name = db; + ensureDBOwnership = true; + ensureClauses = { + login = true; + connection_limit = 5; + }; + }); + + identMap = '' + #map sys user db user + superuser_map root postgres + superuser_map postgres postgres + superuser_map /^(.+)$ \1 + ''; + + authentication = '' + # Generated file, do not edit! + # type database user auth-method optional_ident_map + local sameuser all peer map=superuser_map + + # TYPE DATABASE USER ADDRESS METHOD + # local all all trust + host all all 127.0.0.1/32 scram-sha-256 + host all all ::1/128 scram-sha-256 + ''; + }; + }; + }; + }; + }; +} diff --git a/clanServices/peristence/flake-module.nix b/clanServices/peristence/flake-module.nix new file mode 100644 index 0000000..56801d9 --- /dev/null +++ b/clanServices/peristence/flake-module.nix @@ -0,0 +1,13 @@ +{...}: let + module = ./default.nix; +in { + clan.modules.persistence = module; + + # perSystem = {...}: { + # clan.nixosTests.persistence = { + # imports = []; + + # clan.modules."@arda/persistence" = module; + # }; + # }; +} diff --git a/clanServices/servarr/README.md b/clanServices/servarr/README.md new file mode 100644 index 0000000..e69de29 diff --git a/clanServices/servarr/default.nix b/clanServices/servarr/default.nix new file mode 100644 index 0000000..c06a89b --- /dev/null +++ b/clanServices/servarr/default.nix @@ -0,0 +1,150 @@ +{ + exports, + clanLib, + lib, + ... +}: let + inherit (lib) toString; +in { + _class = "clan.service"; + manifest = { + name = "arda/servarr"; + description = ''''; + categories = ["Service" "Media"]; + readme = builtins.readFile ./README.md; + exports = { + inputs = ["persistence"]; + out = ["gateway" "persistence"]; + }; + }; + + roles.default = { + description = ''''; + + interface = {lib, ...}: let + inherit (lib) mkOption mkEnableOption types; + in { + options = { + enable = mkEnableOption "Enable configured *arr services"; + + database = mkOption { + type = types.anything; #ardaLib.types.endpoint; + }; + + services = mkOption { + type = types.attrsOf (types.submodule ({name, ...}: { + options = { + enable = mkEnableOption "Enable ${name}" // {default = true;}; + debug = mkEnableOption "Use tofu plan instead of tofu apply for ${name} "; + + rootFolders = mkOption { + type = types.listOf types.str; + default = []; + }; + }; + })); + default = {}; + description = '' + Settings foreach *arr service + ''; + }; + }; + }; + + perInstance = { + instanceName, + settings, + machine, + roles, + mkExports, + ... + }: { + exports = mkExports { + # endpoints.hosts = + # settings.services + # |> lib.attrNames + # |> (s: lib.concat s ["sabnzbd" "qbittorrent" "flaresolverr"]) + # |> lib.map (service: "${service}.${machine.name}.arda"); + + persistence.databases = + settings.services + |> lib.attrNames; + + gateway.services = + settings.services + |> lib.attrNames + # |> (s: lib.concat s ["sabnzbd" "qbittorrent" "flaresolverr"]) + |> lib.imap1 (i: name: { + inherit name; + value = { + endpoint.port = 2000 + i; + }; + }) + |> lib.listToAttrs; + }; + + nixosModule = args @ { + config, + lib, + pkgs, + ... + }: let + services = settings.services |> lib.attrNames; + service_count = services |> lib.length; + + servarr = import ./lib.nix (args // {inherit settings;}); + in { + imports = [ + (import ./sabnzbd.nix (args + // { + inherit settings; + port = 2000 + service_count + 1; + })) + (import ./qbittorrent.nix (args + // { + inherit settings; + port = 2000 + service_count + 2; + })) + (servarr.createModule settings.services) + ]; + + config = { + clan.core.vars.generators.servarr = rec { + dependencies = + services ++ ["sabnzbd" "qbittorrent"]; + + files."config.tfvars" = { + owner = "media"; + group = "media"; + mode = "0440"; + restartUnits = services |> lib.map (s: "${s}.service"); + }; + + script = '' + cat << EOL > $out/config.tfvars + ${ + services + |> lib.map (s: "${s}_api_key = \"$(cat $in/${s}/api_key)\"") + |> lib.join "\n" + } + qbittorrent_api_key = "$(cat $in/qbittorrent/password)" + sabnzbd_api_key = "$(cat $in/sabnzbd/api_key)" + EOL + ''; + }; + + services = { + flaresolverr = { + enable = true; + openFirewall = true; + port = 2000 + service_count + 3; + }; + }; + }; + }; + }; + }; + + perMachine = {...}: { + }; +} diff --git a/clanServices/servarr/flake-module.nix b/clanServices/servarr/flake-module.nix new file mode 100644 index 0000000..4a63342 --- /dev/null +++ b/clanServices/servarr/flake-module.nix @@ -0,0 +1,13 @@ +{...}: let + module = ./default.nix; +in { + clan.modules.servarr = module; + + # perSystem = {...}: { + # clan.nixosTests.servarr = { + # imports = []; + + # clan.modules."@arda/servarr" = module; + # }; + # }; +} diff --git a/clanServices/servarr/lib.nix b/clanServices/servarr/lib.nix new file mode 100644 index 0000000..4a15ca7 --- /dev/null +++ b/clanServices/servarr/lib.nix @@ -0,0 +1,329 @@ +{ + self, + config, + lib, + pkgs, + settings, + ... +}: let + inherit (lib) mkIf; + + createGenerator = { + service, + options, + ... + }: { + dependencies = ["postgresql"]; + + files = { + api_key = { + secret = true; + deploy = true; + owner = service; + group = "media"; + restartUnits = ["${service}.service"]; + }; + "config.env" = { + secret = true; + deploy = true; + owner = service; + group = "media"; + restartUnits = ["${service}.service"]; + }; + }; + + runtimeInputs = with pkgs; [pwgen]; + script = '' + pwgen -s 128 1 > $out/api_key + cat << EOL > $out/config.env + ${lib.toUpper service}__AUTH__APIKEY="$(cat $out/api_key)" + ${lib.toUpper service}__POSTGRES_PASSWORD="$(cat $in/postgresql/${service}_password)" + EOL + ''; + }; + + createService = { + service, + options, + ... + }: let + inherit (builtins) toString; + in + { + enable = true; + # openFirewall = true; + + environmentFiles = [ + config.clan.core.vars.generators.${service}.files."config.env".path + ]; + + settings = { + auth.authenticationMethod = "External"; + + server = { + bindaddress = "[::1]"; + port = options.port; + }; + + # Password provided via environment file + postgres = { + host = settings.database.host; + port = toString settings.database.port; + user = service; + maindb = service; + logdb = service; + }; + }; + } + // (lib.optionalAttrs (lib.elem service ["radarr" "sonarr" "lidarr" "whisparr"]) { + user = service; + group = "media"; + }); + + createSystemdService = args @ { + service, + options, + ... + }: let + tofu = lib.getExe pkgs.opentofu; + terraformConfiguration = self.inputs.terranix.lib.terranixConfiguration { + system = pkgs.stdenv.hostPlatform.system; + modules = [ + (createInfra args) + ]; + }; + in { + description = "${service} apply infra"; + + wantedBy = ["multi-user.target"]; + wants = ["${service}.service"]; + + preStart = '' + install -d -m 0770 -o ${service} -g media /var/lib/infra-${service} + ${ + options.rootFolders + |> lib.map (folder: "install -d -m 0770 -o media -g media ${folder}") + |> lib.join "\n" + } + ''; + + script = '' + # Sleep for a bit to give the service a chance to start up + sleep 5s + + if [ "$(systemctl is-active ${lib.escapeShellArg service})" != "active" ]; then + echo "${service} is not running" + exit 1 + fi + + # Print the path to the source for easier debugging + echo "config location: ${terraformConfiguration}" + + # Copy infra code into workspace + cp -f ${terraformConfiguration} config.tf.json + + # Initialize OpenTofu + ${tofu} init + + # Run the infrastructure code + ${tofu} \ + ${ + if options.debug + then "plan" + else "apply -auto-approve" + } \ + -var-file='${config.clan.core.vars.generators.servarr.files."config.tfvars".path}' + ''; + + serviceConfig = { + Type = "oneshot"; + User = service; + Group = "media"; + + WorkingDirectory = "/var/lib/${service}-apply-infra"; + + EnvironmentFile = [ + config.clan.core.vars.generators.${service}.files."config.env".path + ]; + }; + }; + + # Returns a module to be used in a modules list of terranix + createInfra = { + service, + options, + ... + }: terra: let + inherit (terra.lib) tfRef; + in { + variable = { + "${service}_api_key" = { + type = "string"; + description = "${service} API key"; + }; + + qbittorrent_api_key = { + type = "string"; + description = "qbittorrent api key"; + }; + + sabnzbd_api_key = { + type = "string"; + description = "sabnzbd api key"; + }; + }; + + terraform.required_providers.${service} = { + source = "devopsarr/${service}"; + version = + { + radarr = "2.3.5"; + sonarr = "3.4.2"; + prowlarr = "3.2.1"; + lidarr = "1.13.0"; + readarr = "2.1.0"; + whisparr = "1.2.0"; + }.${ + service + }; + }; + + provider.${service} = { + url = "http://[::1]:${toString options.port}"; + api_key = tfRef "var.${service}_api_key"; + }; + + resource = + { + "${service}_root_folder" = mkIf (lib.elem service ["radarr" "sonarr" "whisparr" "readarr"]) ( + options.rootFolders + |> lib.imap (i: f: lib.nameValuePair "local${toString i}" {path = f;}) + |> lib.listToAttrs + ); + + "${service}_download_client_qbittorrent" = mkIf (lib.elem service ["radarr" "sonarr" "lidarr" "whisparr"]) { + "main" = { + name = "qBittorrent"; + enable = true; + priority = 1; + host = "localhost"; + username = "admin"; + password = tfRef "var.qbittorrent_api_key"; + url_base = "/"; + port = config.services.qbittorrent.webuiPort; + }; + }; + + "${service}_download_client_sabnzbd" = mkIf (lib.elem service ["radarr" "sonarr" "lidarr" "whisparr"]) { + "main" = { + name = "SABnzbd"; + enable = true; + priority = 1; + host = "localhost"; + api_key = tfRef "var.sabnzbd_api_key"; + url_base = "/"; + port = config.services.sabnzbd.settings.misc.port; + }; + }; + } + // (lib.optionalAttrs (service == "prowlarr") ( + settings.services + |> lib.filterAttrs (s: _: lib.elem s ["radarr" "sonarr" "lidarr" "whisparr"]) + |> lib.mapAttrsToList (s: {port, ...}: { + "prowlarr_application_${s}"."main" = let + p = config.services.prowlarr.settings.server.port or 9696; + in { + name = s; + sync_level = "addOnly"; + base_url = "http://localhost:${toString port}"; + prowlarr_url = "http://localhost:${toString p}"; + api_key = tfRef "var.${s}_api_key"; + }; + }) + |> lib.concat [ + { + "prowlarr_indexer" = { + "nyaa" = { + enable = true; + + app_profile_id = 1; + priority = 1; + + name = "Nyaa"; + implementation = "Cardigann"; + config_contract = "CardigannSettings"; + protocol = "torrent"; + + fields = [ + { + name = "definitionFile"; + text_value = "nyaasi"; + } + { + name = "baseSettings.limitsUnit"; + number_value = 0; + } + { + name = "torrentBaseSettings.preferMagnetUrl"; + bool_value = false; + } + { + name = "prefer_magnet_links"; + bool_value = true; + } + { + name = "sonarr_compatibility"; + bool_value = false; + } + { + name = "strip_s01"; + bool_value = false; + } + { + name = "radarr_compatibility"; + bool_value = false; + } + { + name = "filter-id"; + number_value = 0; + } + { + name = "cat-id"; + number_value = 0; + } + { + name = "sort"; + number_value = 0; + } + { + name = "type"; + number_value = 1; + } + ]; + }; + }; + } + ] + |> lib.mkMerge + )); + }; +in { + createModule = services: args: { + config = + services + |> lib.attrsToList + |> lib.imap1 (i: { + name, + value, + }: let + service = name; + options = value // {port = 2000 + i;}; + in { + clan.core.vars.generators.${service} = createGenerator (args // {inherit service options;}); + services.${service} = createService (args // {inherit service options;}); + + systemd.services."infra-${service}" = lib.mkIf settings.enable (createSystemdService (args // {inherit service options;})); + }) + |> lib.mkMerge; + }; +} diff --git a/clanServices/servarr/qbittorrent.nix b/clanServices/servarr/qbittorrent.nix new file mode 100644 index 0000000..dee52fd --- /dev/null +++ b/clanServices/servarr/qbittorrent.nix @@ -0,0 +1,96 @@ +{ + config, + pkgs, + lib, + settings, + port, + ... +}: { + clan.core.vars.generators.qbittorrent = let + hash_password = pkgs.writers.writePython3 "hashPassword" {} '' + import base64 + import hashlib + import sys + import uuid + + password = sys.argv[1] + salt = uuid.uuid4() + salt_bytes = salt.bytes + + password = str.encode(password) + hashed_password = hashlib.pbkdf2_hmac( + "sha512", + password, + salt_bytes, + 100000, + dklen=64 + ) + b64_salt = base64.b64encode(salt_bytes).decode("utf-8") + b64_password = base64.b64encode(hashed_password).decode("utf-8") + password_string = "@ByteArray({salt}:{password})".format( + salt=b64_salt, password=b64_password + ) + print(password_string) + ''; + in { + files = { + "password" = { + secret = true; + deploy = true; + }; + "password_hash" = { + secret = true; + deploy = true; + }; + "qBittorrent.conf" = { + secret = true; + deploy = true; + owner = "qbittorrent"; + group = "media"; + mode = "0660"; + restartUnits = ["qbittorrent.service"]; + }; + }; + + runtimeInputs = with pkgs; [pwgen hash_password]; + + script = '' + pwgen -s 128 1 > $out/password + + ${hash_password} $(cat $out/password) > $out/password_hash + + cat << EOF > $out/qBittorrent.conf + [LegalNotice] + Accepted=true + + [Preferences] + WebUI\AlternativeUIEnabled=true + WebUI\RootFolder=${pkgs.vuetorrent}/share/vuetorrent + WebUI\Username=admin + WebUI\Password_PBKDF2=$(cat $out/password_hash) + EOF + ''; + }; + + system.activationScripts.qbittorrent-config = { + deps = lib.optional (!config.sops.useSystemdActivation) "setupSecrets"; + # TODO: If sops-nix is switched to systemd activation, add a systemd unit + # for this install step that runs after sops-install-secrets.service, + # because this activation-script dependency only orders against setupSecrets. + text = '' + install -Dm0600 -o ${config.services.qbittorrent.user} -g ${config.services.qbittorrent.group} \ + ${config.clan.core.vars.generators.qbittorrent.files."qBittorrent.conf".path} \ + ${config.services.qbittorrent.profileDir}/qBittorrent/config/qBittorrent.conf + ''; + }; + + services.qbittorrent = { + enable = true; + openFirewall = true; + webuiPort = port; + serverConfig = lib.mkForce {}; + + user = "qbittorrent"; + group = "media"; + }; +} diff --git a/clanServices/servarr/sabnzbd.nix b/clanServices/servarr/sabnzbd.nix new file mode 100644 index 0000000..49ae9a2 --- /dev/null +++ b/clanServices/servarr/sabnzbd.nix @@ -0,0 +1,95 @@ +{ + config, + lib, + pkgs, + settings, + port, + ... +}: { + clan.core.vars.generators.sabnzbd = { + files = { + "api_key" = { + secret = true; + deploy = true; + }; + "nzb_key" = { + secret = true; + deploy = true; + }; + "config.ini" = { + secret = true; + deploy = true; + owner = "sabnzbd"; + group = "media"; + mode = "0660"; + }; + }; + + prompts = { + username = { + description = "usenet username"; + type = "hidden"; + persist = true; + }; + password = { + description = "usenet password"; + type = "hidden"; + persist = true; + }; + }; + + runtimeInputs = with pkgs; [pwgen]; + + script = '' + pwgen -s 128 1 > $out/api_key + pwgen -s 128 1 > $out/nzb_key + + cat << EOF > $out/config.ini + [misc] + api_key = $(cat $out/api_key) + nzb_key = $(cat $out/nzb_key) + + [servers] + [[news.sunnyusenet.com]] + username = $(cat $prompts/username) + password = $(cat $prompts/password) + EOF + ''; + }; + + services.sabnzbd = { + enable = true; + openFirewall = true; + + allowConfigWrite = false; + configFile = lib.mkForce null; + + secretFiles = [ + config.clan.core.vars.generators.sabnzbd.files."config.ini".path + ]; + + settings = { + misc = { + host = "0.0.0.0"; + port = port; + host_whitelist = "${config.networking.hostName}"; + + download_dir = "/var/media/downloads/incomplete"; + complete_dir = "/var/media/downloads/done"; + }; + + servers = { + "news.sunnyusenet.com" = { + name = "news.sunnyusenet.com"; + displayname = "news.sunnyusenet.com"; + host = "news.sunnyusenet.com"; + port = 563; + timeout = 60; + }; + }; + }; + + user = "sabnzbd"; + group = "media"; + }; +} diff --git a/devShell.nix b/devShell.nix new file mode 100644 index 0000000..8be0232 --- /dev/null +++ b/devShell.nix @@ -0,0 +1,22 @@ +{ + inputs, + ... +}: { + perSystem = {pkgs, system, ...}: { + devShells.default = pkgs.mkShell { + packages = with pkgs; [ + bash + sops + just + yq + pwgen + alejandra + nil + nixd + openssl + inputs.clan-core.packages.${system}.clan-cli + nix-output-monitor + ]; + }; + }; +} diff --git a/docs/plans/mandos-wake-on-demand-build-host.md b/docs/plans/mandos-wake-on-demand-build-host.md new file mode 100644 index 0000000..0775828 --- /dev/null +++ b/docs/plans/mandos-wake-on-demand-build-host.md @@ -0,0 +1,125 @@ +# Mandos as a wake-on-demand build host + +## Goal + +Mandos is primarily an interactive living-room machine, but it is also a strong candidate for handling remote Nix builds when it is idle. The goal is to make that dual use practical without keeping the machine powered all the time. + +## Current context + +On `main`, Mandos is configured as an interactive gaming machine: + +- `systems/x86_64-linux/mandos/default.nix` + - `sneeuwvlok.hardware.has.gpu.nvidia = true` + - `sneeuwvlok.hardware.has.audio = true` + - `sneeuwvlok.desktop.use = "gamescope"` + - `sneeuwvlok.application.steam.enable = true` +- `homes/x86_64-linux/chris@mandos/default.nix` + - user-facing application set for an interactive machine + +This makes Mandos a poor fit for "always running random infrastructure", but a reasonable fit for "available for work when needed". + +## Desired behavior + +- Mandos remains an interactive machine first. +- Mandos can be used as a remote build worker when no one is actively using it. +- Mandos should not need to stay fully on all day just to be eligible for builds. +- Waking and idling down should be automatic enough that the machine can participate in builds without turning into a maintenance burden. + +## Recommended model + +### 1. Use wake-on-LAN as the activation mechanism + +Mandos should support being awakened by another machine on the same LAN. + +Requirements: + +- BIOS or UEFI wake-on-LAN support enabled +- NixOS interface configuration enabling wake-on-LAN +- one low-power machine that is effectively always available to send wake requests + +In this repo, `ulmo` is the obvious candidate to act as the coordinator, but the pattern should stay generic: one machine is always reachable, and one or more stronger machines can be woken on demand. + +### 2. Prefer suspend-first over shutdown-first + +There are two main power states worth considering: + +- **Suspend on idle** + - faster resume + - generally better user experience + - often easier to make reliable for wake-on-LAN +- **Shutdown on idle** + - lowest power draw + - more fragile in practice because firmware support for wake from soft-off varies + - longer time to become available again + +Recommended rollout order: + +1. Prove the concept with suspend on idle. +2. Only consider full power-off later if the hardware and firmware behave reliably. + +## 3. Add an explicit availability policy + +The interesting lesson for tagging is not "Mandos should have a build tag". The interesting lesson is that some machines have a deliberate availability policy that affects how safely they can participate in automation. + +A future host-level setting could encode this policy directly, for example: + +- `always-on` +- `wake-on-demand` +- `manual` + +That setting would be a better source for any computed operational tag than current workload or ad hoc tags. + +## 4. Idle detection should be policy-driven + +If Mandos becomes a build worker, idle shutdown or suspend should depend on signals such as: + +- no local interactive session activity +- no active build job +- no long-running system task that should keep the machine awake + +This should not be a blind timer that powers the machine down every X minutes regardless of context. + +## 5. Build orchestration needs a coordinator + +Wake-on-demand only works well if something else can wake the machine and wait for it to become reachable. In practice, this means: + +- a coordinator sends the wake signal +- the build client retries until the machine is reachable +- the remote builder participates only after it is actually ready + +The exact implementation can vary, but the architectural point is the same: a wakeable build worker is not self-sufficient. + +## Risks and caveats + +- Firmware wake support may be unreliable, especially from full shutdown. +- Build latency increases because wake and readiness checks take time. +- A machine that users expect to be immediately available should not surprise them with power-state transitions at awkward moments. +- Interactive workload detection matters; otherwise the machine will feel hostile as a living-room device. + +## Recommendation + +Treat the Mandos idea as a good pattern, but generalize it: + +- some machines are **interactive** +- some machines are **wakeable on demand** +- some machines are suitable for **interruptible background work** + +Those are more reusable concepts than "Mandos is the build server". + +## Implications for the tag strategy + +This investigation strengthens a small part of the `operational:*` space: + +- `operational:availability:always-on` +- `operational:availability:wake-on-demand` +- `operational:workload:interruptible` + +These should not be assigned by hand if they can instead be computed from explicit machine settings that describe availability policy. + +## References + +- Clan inventory tags and dynamic tags docs: `https://clan.lol/docs/25.11/reference/options/clan_inventory` +- NixOS Wake-on-LAN wiki: `https://wiki.nixos.org/wiki/Wake_on_LAN` +- Home-lab wake-on-demand discussion and patterns: + - `https://dgross.ca/blog/linux-home-server-auto-sleep` + - `https://danielpgross.github.io/friendly_neighbor/howto-sleep-wake-on-demand.html` diff --git a/docs/plans/tagging-strategy.md b/docs/plans/tagging-strategy.md new file mode 100644 index 0000000..cb217f9 --- /dev/null +++ b/docs/plans/tagging-strategy.md @@ -0,0 +1,235 @@ +# Clan machine tagging strategy + +## Goal + +Replace machine-name targeting with stable tags that survive machine renames, hardware reshuffles, and service moves. + +The strategy should fit how this repo is evolving: + +- machine tags should describe the machine +- service roles should describe service topology +- computed tags should be derived from machine settings or other explicit metadata, not from other tags + +## Source material + +This plan is based on: + +- current Clan inventory in `clan.nix` +- current machine configs under `machines/*/configuration.nix` +- workload and module usage on `main` under: + - `systems/x86_64-linux/*/default.nix` + - `homes/x86_64-linux/chris@*/default.nix` +- Clan inventory tag and dynamic-tag documentation + +## Guiding principles + +### 1. Prefer capabilities over roles + +A machine rarely has one permanent role. In this repo especially, a machine may be interactive, portable, build-capable, and temporarily host some service at the same time. + +Because of that, tags should describe durable traits and capabilities rather than trying to answer "what is this machine?" + +### 2. Do not encode current workload as a machine tag + +A machine currently running Grafana, Jellyfin, or PostgreSQL does not mean that those should become machine tags. Those are current placements, not stable identity. + +If a service can move, its current presence is weak evidence for tagging. + +### 3. Use service roles for topology + +Some relationships belong in service definitions rather than host tags. + +Examples: + +- NFS producer and consumer +- persistence provider and client +- reverse proxy frontend and backend + +These are not machine identity tags; they are service-topology relationships. + +### 4. Derive tags from settings when possible + +If a machine setting already captures a fact, derive the tag from that setting instead of duplicating it by hand. + +Good examples in this repo: + +- `desktop.use` can imply whether a machine is interactive +- `hardware.has.gpu.*` can imply GPU availability +- `hardware.has.audio` can imply audio capability +- `hardware.has.bluetooth` can imply Bluetooth capability + +### 5. Avoid deriving tags from other tags + +Clan supports dynamic tags, but tag-from-tag derivation can become fragile and can even recurse. If tags need computation, compute them from machine settings or an explicit metadata source instead. + +## Proposed namespaces + +Use full words: + +- `capability:*` +- `operational:*` + +The intention is: + +- `capability:*` describes stable machine traits +- `operational:*` describes automation-relevant policy or availability behavior + +## Tag catalog + +This is the current list of tags discussed so far, grouped by status. + +### Agreed capability tags + +- `capability:runtime:interactive` +- `capability:runtime:headless` +- `capability:hardware:gpu` +- `capability:hardware:audio` +- `capability:hardware:bluetooth` +- `capability:mobility:portable` +- `capability:mobility:stationary` + +### Agreed operational tags + +- `operational:availability:always-on` +- `operational:availability:wake-on-demand` +- `operational:availability:manual` +- `operational:workload:interruptible` + +### Explicitly rejected or deferred + +- GPU vendor-specific tags such as AMD- or NVIDIA-specific variants +- service-presence tags such as Jellyfin, Grafana, Forgejo, or PostgreSQL +- service-topology tags such as NFS producer or consumer +- application-presence tags such as Discord or TeamSpeak +- desktop-environment tags such as Plasma or Gamescope +- location tags such as "living room" unless location later becomes a deliberate scheduling dimension + +## Current static tags in `clan.nix` + +These are the manually assigned tags currently present in the inventory. Settings-derived tags are intentionally not listed here because they are meant to be computed rather than maintained by hand. + +- `mandos` + - `capability:mobility:stationary` + - `operational:availability:wake-on-demand` +- `manwe` + - `capability:mobility:stationary` + - `operational:availability:manual` +- `orome` + - `capability:mobility:portable` + - `operational:availability:manual` +- `tulkas` + - `capability:mobility:portable` + - `operational:availability:manual` +- `ulmo` + - `capability:mobility:stationary` + - `operational:availability:always-on` + +## Capability tags + +These are the strongest candidates for machine tags. + +### Runtime + +- `capability:runtime:interactive` +- `capability:runtime:headless` + +These are directly useful for deciding where a service with a user-facing local experience does or does not belong. + +### Hardware + +- `capability:hardware:gpu` +- `capability:hardware:audio` +- `capability:hardware:bluetooth` + +At the moment, the repo provides enough configuration structure to derive these from machine settings. + +GPU vendor-specific tags are intentionally excluded for now. The current conclusion is that the presence of GPU hardware may matter, but the vendor usually does not unless there is a specific workload that depends on CUDA, ROCm, or a similar stack. + +### Mobility + +- `capability:mobility:portable` +- `capability:mobility:stationary` + +These are useful concepts, but they are not currently obvious from one uniform machine setting in the repo. If they become desirable, they likely need either: + +- an explicit machine setting, or +- a stronger convention around machine form factor + +For now they are candidates, not automatic defaults. + +## Operational tags + +Operational tags are weaker than capability tags and should stay small in number. + +They should only exist when they capture real automation constraints that are not already represented elsewhere. + +### Availability + +- `operational:availability:always-on` +- `operational:availability:wake-on-demand` +- `operational:availability:manual` + +This dimension became clearer while thinking through the Mandos build-host idea. A machine may be technically capable of a workload, while its availability policy determines whether it is a sensible target. + +These tags should not be guessed from existing workloads. They should come from an explicit machine setting that states the intended availability policy. + +### Interruptibility + +- `operational:workload:interruptible` + +This is not about the machine by itself. It is a useful policy boundary for selecting machines that may host work that can be delayed, retried, paused, or moved. + +If introduced, it should again come from explicit machine policy rather than being inferred from current services. + +## What should not become machine tags + +- current service assignments, such as Jellyfin, Grafana, Forgejo, or PostgreSQL +- service topology, such as NFS producer or consumer +- user application presence, such as Discord or TeamSpeak +- detailed desktop-environment choice, such as Plasma or Gamescope +- one-off descriptions like "living room" unless location becomes a deliberate scheduling dimension + +## What is derivable today + +The repo already contains enough structure to derive several useful capability tags. + +Examples from the current configuration style: + +- if a machine enables a desktop session, derive `capability:runtime:interactive` +- if a machine does not, derive `capability:runtime:headless` +- if a machine enables `hardware.has.audio`, derive `capability:hardware:audio` +- if a machine enables `hardware.has.bluetooth`, derive `capability:hardware:bluetooth` +- if a machine enables any `hardware.has.gpu.*`, derive `capability:hardware:gpu` + +## What probably needs explicit policy + +These should not be inferred from current services or tag combinations: + +- `operational:availability:*` +- `operational:workload:interruptible` +- mobility-related tags if there is no explicit machine setting to derive them from + +The clean way to support these is to introduce one or more explicit machine settings whose purpose is to describe machine policy rather than workload. + +## Mandos update + +The Mandos wake-on-demand build-host idea adds an important refinement: + +- some machines should be eligible for background work only when they are available through a specific policy, such as wake-on-demand + +This does **not** mean Mandos should get a hand-maintained "build server" tag. + +It instead suggests a more generic pattern: + +- a machine may be interactive +- a machine may be available on demand rather than always on +- that availability policy may influence whether certain classes of automation should target it + +That strengthens the case for a very small `operational:*` namespace derived from explicit machine policy. + +## Recommended next steps + +1. Start with `capability:*` tags that are clearly derivable from machine settings. +2. Keep service topology in service roles instead of machine tags. +3. If availability policy becomes important, add an explicit machine setting for it and derive `operational:*` tags from that setting. +4. Avoid expanding the tag vocabulary until there is a clear service-selection use case for each added tag. diff --git a/flake.lock b/flake.lock index c9df8ee..a888110 100644 --- a/flake.lock +++ b/flake.lock @@ -71,15 +71,23 @@ "clan-core": { "inputs": { "data-mesher": "data-mesher", - "disko": "disko", - "flake-parts": "flake-parts", + "disko": [ + "disko" + ], + "flake-parts": [ + "flake-parts" + ], "nix-darwin": "nix-darwin", "nix-select": "nix-select", "nixpkgs": [ "nixpkgs" ], - "sops-nix": "sops-nix", - "systems": "systems", + "sops-nix": [ + "sops-nix" + ], + "systems": [ + "systems" + ], "treefmt-nix": "treefmt-nix" }, "locked": { @@ -139,7 +147,6 @@ "disko": { "inputs": { "nixpkgs": [ - "clan-core", "nixpkgs" ] }, @@ -184,11 +191,11 @@ "rust-analyzer-src": "rust-analyzer-src" }, "locked": { - "lastModified": 1774250935, - "narHash": "sha256-mWID0WFgTnd9hbEeaPNX+YYWF70JN3r7zBouEqERJOE=", + "lastModified": 1774423251, + "narHash": "sha256-g/PP8G9WcP4vtZVOBNYwfGxLnwLQoTERHnef8irAMeQ=", "owner": "nix-community", "repo": "fenix", - "rev": "64d7705e8c37d650cfb1aa99c24a8ce46597f29e", + "rev": "b70d7535088cd8a9e4322c372a475f66ffa18adf", "type": "github" }, "original": { @@ -197,26 +204,6 @@ "type": "github" } }, - "firefox": { - "inputs": { - "flake-compat": "flake-compat_2", - "lib-aggregate": "lib-aggregate", - "nixpkgs": "nixpkgs_2" - }, - "locked": { - "lastModified": 1774141843, - "narHash": "sha256-gpjHyyfLvBLZQiWumOxsfsOxt6KTjNhUOXk+m9ISBHc=", - "owner": "nix-community", - "repo": "flake-firefox-nightly", - "rev": "3a1fcd6a4dbd617ad2014dd03aa68cdd885d5322", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "flake-firefox-nightly", - "type": "github" - } - }, "firefox-gnome-theme": { "flake": false, "locked": { @@ -250,21 +237,6 @@ } }, "flake-compat_2": { - "locked": { - "lastModified": 1761640442, - "narHash": "sha256-AtrEP6Jmdvrqiv4x2xa5mrtaIp3OEe8uBYCDZDS+hu8=", - "owner": "nix-community", - "repo": "flake-compat", - "rev": "4a56054d8ffc173222d09dad23adf4ba946c8884", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_3": { "flake": false, "locked": { "lastModified": 1747046372, @@ -280,7 +252,7 @@ "type": "github" } }, - "flake-compat_4": { + "flake-compat_3": { "flake": false, "locked": { "lastModified": 1751685974, @@ -296,26 +268,9 @@ "url": "https://git.lix.systems/lix-project/flake-compat.git" } }, - "flake-compat_5": { - "flake": false, - "locked": { - "lastModified": 1650374568, - "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "b4a34015c698c7793d592d66adbab377907a2be8", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "flake-parts": { "inputs": { "nixpkgs-lib": [ - "clan-core", "nixpkgs" ] }, @@ -396,86 +351,10 @@ "type": "github" } }, - "flake-parts_5": { - "inputs": { - "nixpkgs-lib": [ - "terranix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1736143030, - "narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-utils": { - "inputs": { - "systems": "systems_2" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils-plus": { - "inputs": { - "flake-utils": "flake-utils_2" - }, - "locked": { - "lastModified": 1715533576, - "narHash": "sha256-fT4ppWeCJ0uR300EH3i7kmgRZnAVxrH+XtK09jQWihk=", - "owner": "gytis-ivaskevicius", - "repo": "flake-utils-plus", - "rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f", - "type": "github" - }, - "original": { - "owner": "gytis-ivaskevicius", - "repo": "flake-utils-plus", - "rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f", - "type": "github" - } - }, - "flake-utils_2": { - "inputs": { - "systems": "systems_5" - }, - "locked": { - "lastModified": 1694529238, - "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "flux": { "inputs": { "mcman": "mcman", - "nixpkgs": "nixpkgs_4" + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1767316901, @@ -528,7 +407,7 @@ }, "grub2-themes": { "inputs": { - "nixpkgs": "nixpkgs_5" + "nixpkgs": "nixpkgs_4" }, "locked": { "lastModified": 1757136219, @@ -551,11 +430,11 @@ ] }, "locked": { - "lastModified": 1773992301, - "narHash": "sha256-lm1qy9P463cblBAFC2g8VaALR1Gje1oyYXCPtiEumus=", + "lastModified": 1774387289, + "narHash": "sha256-Z/0IfVHrb0lEdv1WcHEe/ni4utBMR2GXZIktzYcTDSU=", "owner": "himmelblau-idm", "repo": "himmelblau", - "rev": "fcb8966990c24f97fe224fa0c8977fe730d4cf50", + "rev": "b2eccc7cb188253e49bffdddd743d01f52ab9625", "type": "github" }, "original": { @@ -571,11 +450,11 @@ ] }, "locked": { - "lastModified": 1774210133, - "narHash": "sha256-yeiWCY9aAUUJ3ebMVjs0UZXRnT5x90MCtpbpOWiXrvM=", + "lastModified": 1774379316, + "narHash": "sha256-0nGNxWDUH2Hzlj/R3Zf4FEK6fsFNB/dvewuboSRZqiI=", "owner": "nix-community", "repo": "home-manager", - "rev": "c6fe2944ad9f2444b2d767c4a5edee7c166e8a95", + "rev": "1eb0549a1ab3fe3f5acf86668249be15fa0e64f7", "type": "github" }, "original": { @@ -605,6 +484,21 @@ "type": "github" } }, + "import-tree": { + "locked": { + "lastModified": 1773693634, + "narHash": "sha256-BtZ2dtkBdSUnFPPFc+n0kcMbgaTxzFNPv2iaO326Ffg=", + "owner": "vic", + "repo": "import-tree", + "rev": "c41e7d58045f9057880b0d85e1152d6a4430dbf1", + "type": "github" + }, + "original": { + "owner": "vic", + "repo": "import-tree", + "type": "github" + } + }, "jovian": { "inputs": { "nix-github-actions": "nix-github-actions", @@ -613,11 +507,11 @@ ] }, "locked": { - "lastModified": 1774168156, - "narHash": "sha256-+pwZSARdlM2RQQ6V0q76+WMKW9aNIcxkSOIThcz/f0A=", + "lastModified": 1774333446, + "narHash": "sha256-jeAUd4mfLle7Zw8F3lDdXvw2cmeP3FgVphHq2XuEKbs=", "owner": "Jovian-Experiments", "repo": "Jovian-NixOS", - "rev": "939caad56508542d0f19cab963e2bc693f5f2831", + "rev": "79b45622eff2ae0437d7a712610044bbc7b87fa2", "type": "github" }, "original": { @@ -626,29 +520,10 @@ "type": "github" } }, - "lib-aggregate": { - "inputs": { - "flake-utils": "flake-utils", - "nixpkgs-lib": "nixpkgs-lib" - }, - "locked": { - "lastModified": 1773579712, - "narHash": "sha256-cvxFTYuOvvmpLJz5nB8iREmMGsDksY6gmZFf74UKD1Q=", - "owner": "nix-community", - "repo": "lib-aggregate", - "rev": "c23c52797845b8e4f273ddb5ccdf8622b5d98284", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "lib-aggregate", - "type": "github" - } - }, "mcman": { "inputs": { "crane": "crane", - "nixpkgs": "nixpkgs_3" + "nixpkgs": "nixpkgs_2" }, "locked": { "lastModified": 1766962671, @@ -682,7 +557,7 @@ "mydia": { "inputs": { "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs_6" + "nixpkgs": "nixpkgs_5" }, "locked": { "lastModified": 1764866402, @@ -765,16 +640,16 @@ }, "nix-minecraft": { "inputs": { - "flake-compat": "flake-compat_3", - "nixpkgs": "nixpkgs_7", - "systems": "systems_3" + "flake-compat": "flake-compat_2", + "nixpkgs": "nixpkgs_6", + "systems": "systems" }, "locked": { - "lastModified": 1774060651, - "narHash": "sha256-sZiam+rmNcOZGnlbnqDD9oTwfMdQUM+uQmFqqSoe194=", + "lastModified": 1774407052, + "narHash": "sha256-rUkn7Bo3PAlpcZl8+0FDsTwFyDwvS4xwMT9+RJ+XJoE=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "46727bd27d32d63069ed26a690554373ae2b4702", + "rev": "70daf1f48885f0b4a70797076cd2ff5d9139b46e", "type": "github" }, "original": { @@ -796,78 +671,6 @@ "url": "https://git.clan.lol/clan/nix-select/archive/main.tar.gz" } }, - "nixlib": { - "locked": { - "lastModified": 1736643958, - "narHash": "sha256-tmpqTSWVRJVhpvfSN9KXBvKEXplrwKnSZNAoNPf/S/s=", - "owner": "nix-community", - "repo": "nixpkgs.lib", - "rev": "1418bc28a52126761c02dd3d89b2d8ca0f521181", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixpkgs.lib", - "type": "github" - } - }, - "nixos-boot": { - "locked": { - "lastModified": 1722927293, - "narHash": "sha256-8oCsiFyAuidAdhSz60Lu8+TwCPHxaeWixyv0xT0mLt4=", - "owner": "Melkor333", - "repo": "nixos-boot", - "rev": "afaed735149d0a06f234e54dd2d9db2e18dc64ae", - "type": "github" - }, - "original": { - "owner": "Melkor333", - "repo": "nixos-boot", - "type": "github" - } - }, - "nixos-generators": { - "inputs": { - "nixlib": "nixlib", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1769813415, - "narHash": "sha256-nnVmNNKBi1YiBNPhKclNYDORoHkuKipoz7EtVnXO50A=", - "owner": "nix-community", - "repo": "nixos-generators", - "rev": "8946737ff703382fda7623b9fab071d037e897d5", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixos-generators", - "type": "github" - } - }, - "nixos-wsl": { - "inputs": { - "flake-compat": [], - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1773882647, - "narHash": "sha256-VzcOcE0LLpEnyoxLuMuptZ9ZWCkSBn99bTgEQoz5Viw=", - "owner": "nix-community", - "repo": "nixos-wsl", - "rev": "fd0eae98d1ecee31024271f8d64676250a386ee7", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixos-wsl", - "type": "github" - } - }, "nixpkgs": { "locked": { "lastModified": 1772380631, @@ -884,38 +687,7 @@ "type": "github" } }, - "nixpkgs-lib": { - "locked": { - "lastModified": 1773538553, - "narHash": "sha256-hohiyWALn8cXqk3FPnE3UADy03lRMaTV5iRzKCU86zM=", - "owner": "nix-community", - "repo": "nixpkgs.lib", - "rev": "a5ed666a3c206de0019b4c9dafc3a51f352bc7e3", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixpkgs.lib", - "type": "github" - } - }, "nixpkgs_10": { - "locked": { - "lastModified": 1773840656, - "narHash": "sha256-9tpvMGFteZnd3gRQZFlRCohVpqooygFuy9yjuyRL2C0=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "9cf7092bdd603554bd8b63c216e8943cf9b12512", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_11": { "locked": { "lastModified": 1767767207, "narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=", @@ -932,22 +704,6 @@ } }, "nixpkgs_2": { - "locked": { - "lastModified": 1774106199, - "narHash": "sha256-US5Tda2sKmjrg2lNHQL3jRQ6p96cgfWh3J1QBliQ8Ws=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "6c9a78c09ff4d6c21d0319114873508a6ec01655", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable-small", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { "locked": { "lastModified": 1757347588, "narHash": "sha256-tLdkkC6XnsY9EOZW9TlpesTclELy8W7lL2ClL+nma8o=", @@ -962,7 +718,7 @@ "type": "indirect" } }, - "nixpkgs_4": { + "nixpkgs_3": { "locked": { "lastModified": 1766902085, "narHash": "sha256-coBu0ONtFzlwwVBzmjacUQwj3G+lybcZ1oeNSQkgC0M=", @@ -978,13 +734,13 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_4": { "locked": { - "lastModified": 1774259547, - "narHash": "sha256-5EQ1TL+R/tcsoGas1oALp5Tj2ACfSul+pfrrxP72xC0=", + "lastModified": 1774449288, + "narHash": "sha256-ukB6NS45Oi62fQM4RpZfx3dpqxIu66ADCCFl6h72Fjo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b3f8d82c4c685fb6f3080745dab8f07606ae50d3", + "rev": "cd0256cd8c537170cf24827fa821efb57aed9f40", "type": "github" }, "original": { @@ -994,7 +750,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_5": { "locked": { "lastModified": 1764242076, "narHash": "sha256-sKoIWfnijJ0+9e4wRvIgm/HgE27bzwQxcEmo2J/gNpI=", @@ -1010,7 +766,7 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_6": { "locked": { "lastModified": 1769461804, "narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=", @@ -1026,13 +782,13 @@ "type": "github" } }, - "nixpkgs_8": { + "nixpkgs_7": { "locked": { - "lastModified": 1774106199, - "narHash": "sha256-US5Tda2sKmjrg2lNHQL3jRQ6p96cgfWh3J1QBliQ8Ws=", + "lastModified": 1774386573, + "narHash": "sha256-4hAV26quOxdC6iyG7kYaZcM3VOskcPUrdCQd/nx8obc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "6c9a78c09ff4d6c21d0319114873508a6ec01655", + "rev": "46db2e09e1d3f113a13c0d7b81e2f221c63b8ce9", "type": "github" }, "original": { @@ -1042,7 +798,7 @@ "type": "github" } }, - "nixpkgs_9": { + "nixpkgs_8": { "locked": { "lastModified": 1771008912, "narHash": "sha256-gf2AmWVTs8lEq7z/3ZAsgnZDhWIckkb+ZnAo5RzSxJg=", @@ -1058,6 +814,22 @@ "type": "github" } }, + "nixpkgs_9": { + "locked": { + "lastModified": 1773840656, + "narHash": "sha256-9tpvMGFteZnd3gRQZFlRCohVpqooygFuy9yjuyRL2C0=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "9cf7092bdd603554bd8b63c216e8943cf9b12512", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nur": { "inputs": { "flake-parts": [ @@ -1085,19 +857,19 @@ }, "nvf": { "inputs": { - "flake-compat": "flake-compat_4", + "flake-compat": "flake-compat_3", "flake-parts": "flake-parts_3", "mnw": "mnw", "ndg": "ndg", - "nixpkgs": "nixpkgs_9", - "systems": "systems_4" + "nixpkgs": "nixpkgs_8", + "systems": "systems_2" }, "locked": { - "lastModified": 1774224548, - "narHash": "sha256-g45WZAZHNc7wJBkK4IdB5dq0Bh0JE7G0gcY2H5DFi44=", + "lastModified": 1774375131, + "narHash": "sha256-d22VIgsDXagQQWnAnebYeQWGHlmF81YRwuGCzAgNZAQ=", "owner": "notashelf", "repo": "nvf", - "rev": "edfb73fa4ced576f587d259a70a513b4152f8cea", + "rev": "d847d401bea4dcb1478d02a61a3209fa8512f71d", "type": "github" }, "original": { @@ -1132,25 +904,24 @@ "root": { "inputs": { "clan-core": "clan-core", + "disko": "disko", "erosanix": "erosanix", "fenix": "fenix", - "firefox": "firefox", + "flake-parts": "flake-parts", "flux": "flux", "grub2-themes": "grub2-themes", "himmelblau": "himmelblau", "home-manager": "home-manager", + "import-tree": "import-tree", "jovian": "jovian", "mydia": "mydia", "nix-minecraft": "nix-minecraft", - "nixos-boot": "nixos-boot", - "nixos-generators": "nixos-generators", - "nixos-wsl": "nixos-wsl", - "nixpkgs": "nixpkgs_8", + "nixpkgs": "nixpkgs_7", "nvf": "nvf", "plasma-manager": "plasma-manager", - "snowfall-lib": "snowfall-lib", - "sops-nix": "sops-nix_2", + "sops-nix": "sops-nix", "stylix": "stylix", + "systems": "systems_4", "terranix": "terranix", "zen-browser": "zen-browser" } @@ -1158,11 +929,11 @@ "rust-analyzer-src": { "flake": false, "locked": { - "lastModified": 1774221325, - "narHash": "sha256-aEIdkqB8gtQZtEbogdUb5iyfcZpKIlD3FkG8ANu73/I=", + "lastModified": 1774376228, + "narHash": "sha256-7oA0u4aghFjjIcIDKZ26NUpXH7hVXGPC0sI1OfK7NUk=", "owner": "rust-lang", "repo": "rust-analyzer", - "rev": "b42b63f390a4dab14e6efa34a70e67f5b087cc62", + "rev": "eabb84b771420b8396ab4bb4747694302d9be277", "type": "github" }, "original": { @@ -1172,59 +943,16 @@ "type": "github" } }, - "snowfall-lib": { - "inputs": { - "flake-compat": "flake-compat_5", - "flake-utils-plus": "flake-utils-plus", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1765361626, - "narHash": "sha256-kX0Dp/kYSRbQ+yd9e3lmmUWdNbipufvKfL2IzbrSpnY=", - "owner": "snowfallorg", - "repo": "lib", - "rev": "c566ad8b7352c30ec3763435de7c8f1c46ebb357", - "type": "github" - }, - "original": { - "owner": "snowfallorg", - "repo": "lib", - "type": "github" - } - }, "sops-nix": { "inputs": { - "nixpkgs": [ - "clan-core", - "nixpkgs" - ] + "nixpkgs": "nixpkgs_9" }, "locked": { - "lastModified": 1774154798, - "narHash": "sha256-zsTuloDSdKf+PrI1MsWx5z/cyGEJ8P3eERtAfdP8Bmg=", + "lastModified": 1774303811, + "narHash": "sha256-fhG4JAcLgjKwt+XHbjs8brpWnyKUfU4LikLm3s0Q/ic=", "owner": "Mic92", "repo": "sops-nix", - "rev": "3e0d543e6ba6c0c48117a81614e90c6d8c425170", - "type": "github" - }, - "original": { - "owner": "Mic92", - "repo": "sops-nix", - "type": "github" - } - }, - "sops-nix_2": { - "inputs": { - "nixpkgs": "nixpkgs_10" - }, - "locked": { - "lastModified": 1774154798, - "narHash": "sha256-zsTuloDSdKf+PrI1MsWx5z/cyGEJ8P3eERtAfdP8Bmg=", - "owner": "Mic92", - "repo": "sops-nix", - "rev": "3e0d543e6ba6c0c48117a81614e90c6d8c425170", + "rev": "614e256310e0a4f8a9ccae3fa80c11844fba7042", "type": "github" }, "original": { @@ -1242,9 +970,9 @@ "firefox-gnome-theme": "firefox-gnome-theme", "flake-parts": "flake-parts_4", "gnome-shell": "gnome-shell", - "nixpkgs": "nixpkgs_11", + "nixpkgs": "nixpkgs_10", "nur": "nur", - "systems": "systems_6", + "systems": "systems_3", "tinted-foot": "tinted-foot", "tinted-kitty": "tinted-kitty", "tinted-schemes": "tinted-schemes", @@ -1340,43 +1068,15 @@ "type": "github" } }, - "systems_6": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_7": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "terranix": { "inputs": { - "flake-parts": "flake-parts_5", + "flake-parts": [ + "flake-parts" + ], "nixpkgs": [ "nixpkgs" ], - "systems": "systems_7" + "systems": "systems_5" }, "locked": { "lastModified": 1773700838, @@ -1502,11 +1202,11 @@ ] }, "locked": { - "lastModified": 1774242250, - "narHash": "sha256-pchbnY7KVnH26g4O3LZO8vpshInqNj937gAqlPob1Mk=", + "lastModified": 1774352774, + "narHash": "sha256-gibUM0pSnLxEeuFrYA8T1oEaixk+fjQpqXbYaxcEX/4=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "f19c3e6683c2d2f3fcfcb88fb691931a104bc47c", + "rev": "a0f3d47dbd8f8618a1920d5a5ca09b7993415895", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 7ccab59..272314a 100644 --- a/flake.nix +++ b/flake.nix @@ -1,11 +1,24 @@ { description = "Nixos config flake"; + nixConfig = { + warn-dirty = false; + extra-experimental-features = ["nix-command" "flakes" "pipe-operators"]; + }; + inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; - snowfall-lib = { - url = "github:snowfallorg/lib"; + flake-parts = { + url = "github:hercules-ci/flake-parts"; + inputs.nixpkgs-lib.follows = "nixpkgs"; + }; + import-tree.url = "github:vic/import-tree"; + systems.url = "github:nix-systems/default"; + sops-nix.url = "github:Mic92/sops-nix"; + + disko = { + url = "github:nix-community/disko"; inputs.nixpkgs.follows = "nixpkgs"; }; @@ -14,25 +27,32 @@ inputs.nixpkgs.follows = "nixpkgs"; }; + terranix = { + url = "github:terranix/terranix"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.flake-parts.follows = "flake-parts"; + }; + + clan-core = { + url = "https://git.clan.lol/clan/clan-core/archive/main.tar.gz"; + inputs = { + flake-parts.follows = "flake-parts"; + nixpkgs.follows = "nixpkgs"; + sops-nix.follows = "sops-nix"; + disko.follows = "disko"; + systems.follows = "systems"; + }; + }; + plasma-manager = { url = "github:nix-community/plasma-manager"; inputs.nixpkgs.follows = "nixpkgs"; inputs.home-manager.follows = "home-manager"; }; - nixos-generators = { - url = "github:nix-community/nixos-generators"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - # neovim nvf.url = "github:notashelf/nvf"; - # plymouth theme - nixos-boot.url = "github:Melkor333/nixos-boot"; - - firefox.url = "github:nix-community/flake-firefox-nightly"; - stylix.url = "github:nix-community/stylix"; # Rust toolchain @@ -50,8 +70,6 @@ flux.url = "github:IogaMaster/flux"; - sops-nix.url = "github:Mic92/sops-nix"; - # Azure AD for linux himmelblau = { url = "github:himmelblau-idm/himmelblau"; @@ -71,72 +89,54 @@ url = "github:vinceliuice/grub2-themes"; }; - nixos-wsl = { - url = "github:nix-community/nixos-wsl"; - inputs = { - nixpkgs.follows = "nixpkgs"; - flake-compat.follows = ""; - }; - }; - - terranix = { - url = "github:terranix/terranix"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - - clan-core = { - url = "https://git.clan.lol/clan/clan-core/archive/main.tar.gz"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - mydia = { url = "github:chris-kruining/mydia"; # url = "github:getmydia/mydia"; }; }; - outputs = inputs: - inputs.snowfall-lib.mkFlake { - inherit inputs; - src = ./.; + outputs = inputs @ { + flake-parts, + nixpkgs, + systems, + ... + }: + flake-parts.lib.mkFlake {inherit inputs;} { + systems = import systems; - snowfall = { - namespace = "sneeuwvlok"; + imports = with inputs; [ + flake-parts.flakeModules.modules + clan-core.flakeModules.default + home-manager.flakeModules.default + ./clan/flake-module.nix + ./packages/flake-module.nix + ./clanServices/flake-module.nix + ]; - meta = { - name = "sneeuwvlok"; - title = "Sneeuwvlok"; + perSystem = {system, ...}: { + _module.args = { + pkgs = import nixpkgs { + inherit system; + + overlays = with inputs; [ + fenix.overlays.default + nix-minecraft.overlay + flux.overlays.default + ]; + + config = { + allowUnfree = true; + + permittedInsecurePackages = [ + # I think this is because of zen + "qtwebengine-5.15.19" + + # For mautrix-signal, the matrix to signal bridge + "olm-3.2.16" + ]; + }; + }; }; }; - - channels-config = { - allowUnfree = true; - permittedInsecurePackages = [ - # Due to *arr stack - "dotnet-sdk-6.0.428" - "aspnetcore-runtime-6.0.36" - - # I think this is because of zen - "qtwebengine-5.15.19" - - # For Nheko, the matrix client - "olm-3.2.16" - ]; - }; - - overlays = with inputs; [ - fenix.overlays.default - nix-minecraft.overlay - flux.overlays.default - ]; - - systems.modules = with inputs; [ - clan-core.nixosModules.default - ]; - - homes.modules = with inputs; [ - stylix.homeModules.stylix - plasma-manager.homeModules.plasma-manager - ]; }; } diff --git a/homes/x86_64-linux/chris@mandos/default.nix b/homes/x86_64-linux/chris@mandos/default.nix deleted file mode 100644 index ba87e73..0000000 --- a/homes/x86_64-linux/chris@mandos/default.nix +++ /dev/null @@ -1,36 +0,0 @@ -{osConfig, ...}: { - home.stateVersion = osConfig.system.stateVersion; - - programs.git = { - settings.user = { - name = "Chris Kruining"; - email = "chris@kruining.eu"; - }; - }; - - sneeuwvlok = { - defaults = { - shell = "zsh"; - terminal = "ghostty"; - browser = "zen"; - editor = "zed"; - }; - - shell = { - corePkgs.enable = true; - }; - - themes = { - enable = true; - theme = "everforest"; - polarity = "dark"; - }; - - application = { - bitwarden.enable = true; - teamspeak.enable = true; - steam.enable = true; - zen.enable = true; - }; - }; -} diff --git a/homes/x86_64-linux/chris@manwe/default.nix b/homes/x86_64-linux/chris@manwe/default.nix deleted file mode 100644 index 0aced9b..0000000 --- a/homes/x86_64-linux/chris@manwe/default.nix +++ /dev/null @@ -1,59 +0,0 @@ -{osConfig, ...}: { - home.stateVersion = osConfig.system.stateVersion; - - programs.git = { - settings.user = { - name = "Chris Kruining"; - email = "chris@kruining.eu"; - }; - }; - - sneeuwvlok = { - defaults = { - shell = "zsh"; - terminal = "ghostty"; - browser = "zen"; - editor = "zed"; - }; - - shell = { - corePkgs.enable = true; - }; - - themes = { - enable = true; - theme = "everforest"; - polarity = "dark"; - }; - - development = { - rust.enable = true; - javascript.enable = true; - dotnet.enable = true; - }; - - application = { - bitwarden.enable = true; - discord.enable = true; - ladybird.enable = true; - matrix.enable = true; - obs.enable = true; - onlyoffice.enable = true; - signal.enable = true; - steam.enable = true; - studio.enable = true; - teamspeak.enable = true; - thunderbird.enable = true; - zen.enable = true; - }; - - shell.zsh.enable = true; - terminal.ghostty.enable = true; - - editor = { - zed.enable = true; - nvim.enable = true; - nano.enable = true; - }; - }; -} diff --git a/homes/x86_64-linux/chris@orome/default.nix b/homes/x86_64-linux/chris@orome/default.nix deleted file mode 100644 index 7a1dc43..0000000 --- a/homes/x86_64-linux/chris@orome/default.nix +++ /dev/null @@ -1,49 +0,0 @@ -{osConfig, ...}: { - home.stateVersion = osConfig.system.stateVersion; - - programs.git = { - settings.user = { - name = "Chris Kruining"; - email = "chris@kruining.eu"; - }; - }; - - sneeuwvlok = { - defaults = { - shell = "zsh"; - terminal = "ghostty"; - browser = "zen"; - editor = "zed"; - }; - - shell = { - corePkgs.enable = true; - }; - - themes = { - enable = true; - theme = "everforest"; - polarity = "dark"; - }; - - development = { - javascript.enable = true; - dotnet.enable = true; - }; - - application = { - bitwarden.enable = true; - onlyoffice.enable = true; - signal.enable = true; - zen.enable = true; - }; - - shell.zsh.enable = true; - terminal.ghostty.enable = true; - - editor = { - zed.enable = true; - nano.enable = true; - }; - }; -} diff --git a/homes/x86_64-linux/chris@tulkas/default.nix b/homes/x86_64-linux/chris@tulkas/default.nix deleted file mode 100644 index ba87e73..0000000 --- a/homes/x86_64-linux/chris@tulkas/default.nix +++ /dev/null @@ -1,36 +0,0 @@ -{osConfig, ...}: { - home.stateVersion = osConfig.system.stateVersion; - - programs.git = { - settings.user = { - name = "Chris Kruining"; - email = "chris@kruining.eu"; - }; - }; - - sneeuwvlok = { - defaults = { - shell = "zsh"; - terminal = "ghostty"; - browser = "zen"; - editor = "zed"; - }; - - shell = { - corePkgs.enable = true; - }; - - themes = { - enable = true; - theme = "everforest"; - polarity = "dark"; - }; - - application = { - bitwarden.enable = true; - teamspeak.enable = true; - steam.enable = true; - zen.enable = true; - }; - }; -} diff --git a/lib/options.nix b/lib/options.nix new file mode 100644 index 0000000..683b812 --- /dev/null +++ b/lib/options.nix @@ -0,0 +1,37 @@ +{lib, ...}: let + inherit (lib) mkOption types; +in { + mkUrlOptions = defaults: { + host = + mkOption { + type = types.str; + example = "host.tld"; + description = '' + Hostname + ''; + } + // (defaults.host or {}); + + port = + mkOption { + type = types.port; + default = 1234; + example = "1234"; + description = '' + Port + ''; + } + // (defaults.port or {}); + + protocol = + mkOption { + type = types.str; + default = "https"; + example = "https"; + description = '' + Which protocol to use when creating a url string + ''; + } + // (defaults.protocol or {}); + }; +} diff --git a/lib/options/default.nix b/lib/options/default.nix deleted file mode 100644 index 72e8621..0000000 --- a/lib/options/default.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ lib, ...}: -let - inherit (builtins) isString typeOf; - inherit (lib) mkOption types throwIfNot concatStringsSep splitStringBy toLower map; -in -{ - options = { - mkUrlOptions = - defaults: - { - host = mkOption { - type = types.str; - example = "host.tld"; - description = '' - Hostname - ''; - } // (defaults.host or {}); - - port = mkOption { - type = types.port; - default = 1234; - example = "1234"; - description = '' - Port - ''; - } // (defaults.port or {}); - - protocol = mkOption { - type = types.str; - default = "https"; - example = "https"; - description = '' - Which protocol to use when creating a url string - ''; - } // (defaults.protocol or {}); - }; - }; -} \ No newline at end of file diff --git a/lib/strings.nix b/lib/strings.nix new file mode 100644 index 0000000..5a163c2 --- /dev/null +++ b/lib/strings.nix @@ -0,0 +1,53 @@ +{lib, ...}: let + inherit (builtins) isString typeOf match toString head; + inherit (lib) throwIfNot concatStringsSep splitStringBy toLower map concatMapAttrsStringSep; +in { + #======================================================================================== + # Converts a string to snake case + # + # simply replaces any uppercase letter to its lowercase variant preceeded by an underscore + #======================================================================================== + toSnakeCase = str: + throwIfNot (isString str) "toSnakeCase only accepts string values, but got ${typeOf str}" ( + str + |> splitStringBy (prev: curr: builtins.match "[a-z]" prev != null && builtins.match "[A-Z]" curr != null) true + |> map (p: toLower p) + |> concatStringsSep "_" + ); + + #======================================================================================== + # Converts a set of url parts to a string + #======================================================================================== + toUrl = { + protocol ? null, + host, + port ? null, + path ? null, + query ? null, + hash ? null, + }: let + trim_slashes = str: str |> match "^\/*(.+?)\/*$" |> head; + encode_to_str = set: concatMapAttrsStringSep "&" (n: v: "${n}=${v}") set; + + _protocol = + if protocol != null + then "${protocol}://" + else ""; + _port = + if port != null + then ":${toString port}" + else ""; + _path = + if path != null + then "/${path |> trim_slashes}" + else ""; + _query = + if query != null + then "?${query |> encode_to_str}" + else ""; + _hash = + if hash != null + then "#${hash |> encode_to_str}" + else ""; + in "${_protocol}${host}${_port}${_path}${_query}${_hash}"; +} diff --git a/lib/strings/default.nix b/lib/strings/default.nix deleted file mode 100644 index 0c15699..0000000 --- a/lib/strings/default.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ lib, ...}: -let - inherit (builtins) isString typeOf match toString head; - inherit (lib) throwIfNot concatStringsSep splitStringBy toLower map concatMapAttrsStringSep; -in -{ - strings = { - #======================================================================================== - # Converts a string to snake case - # - # simply replaces any uppercase letter to its lowercase variant preceeded by an underscore - #======================================================================================== - toSnakeCase = - str: - throwIfNot (isString str) "toSnakeCase only accepts string values, but got ${typeOf str}" ( - str - |> splitStringBy (prev: curr: builtins.match "[a-z]" prev != null && builtins.match "[A-Z]" curr != null) true - |> map (p: toLower p) - |> concatStringsSep "_" - ); - - #======================================================================================== - # Converts a set of url parts to a string - #======================================================================================== - toUrl = - { protocol ? null, host, port ? null, path ? null, query ? null, hash ? null }: - let - trim_slashes = str: str |> match "^\/*(.+?)\/*$" |> head; - encode_to_str = set: concatMapAttrsStringSep "&" (n: v: "${n}=${v}") set; - - _protocol = if protocol != null then "${protocol}://" else ""; - _port = if port != null then ":${toString port}" else ""; - _path = if path != null then "/${path |> trim_slashes}" else ""; - _query = if query != null then "?${query |> encode_to_str}" else ""; - _hash = if hash != null then "#${hash |> encode_to_str}" else ""; - in - "${_protocol}${host}${_port}${_path}${_query}${_hash}"; - }; -} \ No newline at end of file diff --git a/systems/x86_64-linux/aule/README.md b/machines/aule/README.md similarity index 100% rename from systems/x86_64-linux/aule/README.md rename to machines/aule/README.md diff --git a/machines/aule/configuration.nix b/machines/aule/configuration.nix new file mode 100644 index 0000000..e75bc1c --- /dev/null +++ b/machines/aule/configuration.nix @@ -0,0 +1,3 @@ +{ ... }: { + nixpkgs.hostPlatform = "x86_64-linux"; +} diff --git a/systems/x86_64-linux/mandos/README.md b/machines/mandos/README.md similarity index 100% rename from systems/x86_64-linux/mandos/README.md rename to machines/mandos/README.md diff --git a/machines/mandos/configuration.nix b/machines/mandos/configuration.nix new file mode 100644 index 0000000..131b987 --- /dev/null +++ b/machines/mandos/configuration.nix @@ -0,0 +1,40 @@ +{self, ...}: { + imports = [ + ./disks.nix + ./hardware.nix + self.inputs.home-manager.nixosModules.home-manager + self.inputs.himmelblau.nixosModules.himmelblau + self.inputs.jovian.nixosModules.default + self.inputs.mydia.nixosModules.default + self.inputs.nix-minecraft.nixosModules.minecraft-servers + self.inputs.nvf.nixosModules.default + self.inputs.sops-nix.nixosModules.sops + (self.inputs.import-tree ../../modules/nixos) + ]; + + nixpkgs.hostPlatform = "x86_64-linux"; + + sneeuwvlok = { + hardware.has = { + gpu.nvidia = true; + audio = true; + }; + + boot = { + quiet = true; + animated = true; + }; + + desktop.use = "gamescope"; + + application = { + steam.enable = true; + }; + + editor = { + nano.enable = true; + }; + }; + + system.stateVersion = "23.11"; +} diff --git a/systems/x86_64-linux/mandos/disks.nix b/machines/mandos/disks.nix similarity index 100% rename from systems/x86_64-linux/mandos/disks.nix rename to machines/mandos/disks.nix diff --git a/systems/x86_64-linux/mandos/hardware.nix b/machines/mandos/hardware.nix similarity index 80% rename from systems/x86_64-linux/mandos/hardware.nix rename to machines/mandos/hardware.nix index 60759bd..ebed139 100644 --- a/systems/x86_64-linux/mandos/hardware.nix +++ b/machines/mandos/hardware.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, modulesPath, system, ... }: +{ config, lib, pkgs, modulesPath, ... }: let inherit (lib.modules) mkDefault; in @@ -13,6 +13,6 @@ in extraModulePackages = [ ]; }; - nixpkgs.hostPlatform = mkDefault system; + nixpkgs.hostPlatform = mkDefault pkgs.stdenv.hostPlatform.system; hardware.cpu.intel.updateMicrocode = mkDefault config.hardware.enableRedistributableFirmware; } diff --git a/systems/x86_64-linux/manwe/README.md b/machines/manwe/README.md similarity index 100% rename from systems/x86_64-linux/manwe/README.md rename to machines/manwe/README.md diff --git a/machines/manwe/configuration.nix b/machines/manwe/configuration.nix new file mode 100644 index 0000000..98bc5ed --- /dev/null +++ b/machines/manwe/configuration.nix @@ -0,0 +1,79 @@ +{ + self, + lib, + pkgs, + ... +}: { + _module.args = { + pkgs = lib.mkForce (import self.inputs.nixpkgs { + system = "x86_64-linux"; + + overlays = with self.inputs; [ + fenix.overlays.default + nix-minecraft.overlay + flux.overlays.default + ]; + + config = { + allowUnfree = true; + + permittedInsecurePackages = [ + # I think this is because of zen + "qtwebengine-5.15.19" + + # For mautrix-signal, the matrix to signal bridge + "olm-3.2.16" + ]; + }; + }); + }; + + imports = [ + ./disks.nix + ./hardware.nix + self.inputs.home-manager.nixosModules.home-manager + self.inputs.himmelblau.nixosModules.himmelblau + self.inputs.jovian.nixosModules.default + self.inputs.mydia.nixosModules.default + self.inputs.nix-minecraft.nixosModules.minecraft-servers + self.inputs.nvf.nixosModules.default + self.inputs.sops-nix.nixosModules.sops + (self.inputs.import-tree ../../modules/nixos) + ]; + + system.activationScripts.remove-gtkrc.text = "rm -f /home/chris/.gtkrc-2.0"; + + services.logrotate.checkConfig = false; + + environment.systemPackages = with pkgs; [beyond-all-reason openrct2]; + + sneeuwvlok = { + hardware.has = { + gpu.amd = true; + bluetooth = true; + audio = true; + }; + + boot = { + quiet = true; + animated = true; + }; + + desktop.use = "plasma"; + + application = { + steam.enable = true; + }; + + editor = { + nano.enable = true; + }; + }; + + services.displayManager.autoLogin = { + enable = true; + user = "chris"; + }; + + system.stateVersion = "23.11"; +} diff --git a/systems/x86_64-linux/manwe/disks.nix b/machines/manwe/disks.nix similarity index 100% rename from systems/x86_64-linux/manwe/disks.nix rename to machines/manwe/disks.nix diff --git a/machines/manwe/hardware.nix b/machines/manwe/hardware.nix new file mode 100644 index 0000000..8c48c1c --- /dev/null +++ b/machines/manwe/hardware.nix @@ -0,0 +1,18 @@ +{ + config, + lib, + ... +}: let + inherit (lib.modules) mkDefault; +in { + boot = { + initrd.availableKernelModules = ["xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod"]; + initrd.kernelModules = []; + kernelModules = ["kvm-amd"]; + kernelParams = []; + extraModulePackages = []; + }; + + nixpkgs.hostPlatform = "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/systems/x86_64-linux/melkor/README.md b/machines/melkor/README.md similarity index 100% rename from systems/x86_64-linux/melkor/README.md rename to machines/melkor/README.md diff --git a/machines/melkor/configuration.nix b/machines/melkor/configuration.nix new file mode 100644 index 0000000..e75bc1c --- /dev/null +++ b/machines/melkor/configuration.nix @@ -0,0 +1,3 @@ +{ ... }: { + nixpkgs.hostPlatform = "x86_64-linux"; +} diff --git a/systems/x86_64-linux/orome/README.md b/machines/orome/README.md similarity index 100% rename from systems/x86_64-linux/orome/README.md rename to machines/orome/README.md diff --git a/machines/orome/configuration.nix b/machines/orome/configuration.nix new file mode 100644 index 0000000..2c94238 --- /dev/null +++ b/machines/orome/configuration.nix @@ -0,0 +1,44 @@ +{ + self, + pkgs, + ... +}: { + imports = [ + ./disks.nix + ./hardware.nix + self.inputs.home-manager.nixosModules.home-manager + self.inputs.himmelblau.nixosModules.himmelblau + self.inputs.jovian.nixosModules.default + self.inputs.mydia.nixosModules.default + self.inputs.nix-minecraft.nixosModules.minecraft-servers + self.inputs.nvf.nixosModules.default + self.inputs.sops-nix.nixosModules.sops + (self.inputs.import-tree ../../modules/nixos) + ]; + + nixpkgs.hostPlatform = "x86_64-linux"; + + environment.systemPackages = with pkgs; [ + azure-cli + github-copilot-cli + ]; + + sneeuwvlok = { + hardware.has = { + bluetooth = true; + audio = true; + }; + + services.authentication.himmelblau.enable = true; + + application = { + steam.enable = true; + }; + + editor = { + nano.enable = true; + }; + }; + + system.stateVersion = "23.11"; +} diff --git a/systems/x86_64-linux/orome/disks.nix b/machines/orome/disks.nix similarity index 100% rename from systems/x86_64-linux/orome/disks.nix rename to machines/orome/disks.nix diff --git a/systems/x86_64-linux/orome/hardware.nix b/machines/orome/hardware.nix similarity index 80% rename from systems/x86_64-linux/orome/hardware.nix rename to machines/orome/hardware.nix index ee52810..2390ffd 100644 --- a/systems/x86_64-linux/orome/hardware.nix +++ b/machines/orome/hardware.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, modulesPath, system, ... }: +{ config, lib, pkgs, modulesPath, ... }: let inherit (lib.modules) mkDefault; in @@ -13,6 +13,6 @@ in extraModulePackages = [ ]; }; - nixpkgs.hostPlatform = mkDefault system; + nixpkgs.hostPlatform = mkDefault pkgs.stdenv.hostPlatform.system; hardware.cpu.intel.updateMicrocode = mkDefault config.hardware.enableRedistributableFirmware; } diff --git a/systems/x86_64-linux/tulkas/README.md b/machines/tulkas/README.md similarity index 100% rename from systems/x86_64-linux/tulkas/README.md rename to machines/tulkas/README.md diff --git a/machines/tulkas/configuration.nix b/machines/tulkas/configuration.nix new file mode 100644 index 0000000..bbfe3d8 --- /dev/null +++ b/machines/tulkas/configuration.nix @@ -0,0 +1,41 @@ +{self, ...}: { + imports = [ + ./disks.nix + ./hardware.nix + self.inputs.home-manager.nixosModules.home-manager + self.inputs.himmelblau.nixosModules.himmelblau + self.inputs.jovian.nixosModules.default + self.inputs.mydia.nixosModules.default + self.inputs.nix-minecraft.nixosModules.minecraft-servers + self.inputs.nvf.nixosModules.default + self.inputs.sops-nix.nixosModules.sops + (self.inputs.import-tree ../../modules/nixos) + ]; + + nixpkgs.hostPlatform = "x86_64-linux"; + + sneeuwvlok = { + hardware.has = { + gpu.amd = true; + bluetooth = true; + audio = true; + }; + + boot = { + quiet = true; + animated = true; + }; + + desktop.use = "gamescope"; + + application = { + steam.enable = true; + }; + + editor = { + nano.enable = true; + }; + }; + + system.stateVersion = "23.11"; +} diff --git a/systems/x86_64-linux/tulkas/disks.nix b/machines/tulkas/disks.nix similarity index 100% rename from systems/x86_64-linux/tulkas/disks.nix rename to machines/tulkas/disks.nix diff --git a/systems/x86_64-linux/tulkas/hardware.nix b/machines/tulkas/hardware.nix similarity index 80% rename from systems/x86_64-linux/tulkas/hardware.nix rename to machines/tulkas/hardware.nix index 950d7cc..cf287de 100644 --- a/systems/x86_64-linux/tulkas/hardware.nix +++ b/machines/tulkas/hardware.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, modulesPath, system, ... }: +{ config, lib, pkgs, modulesPath, ... }: let inherit (lib.modules) mkDefault; in @@ -13,6 +13,6 @@ in extraModulePackages = [ ]; }; - nixpkgs.hostPlatform = mkDefault system; + nixpkgs.hostPlatform = mkDefault pkgs.stdenv.hostPlatform.system; hardware.cpu.intel.updateMicrocode = mkDefault config.hardware.enableRedistributableFirmware; } diff --git a/machines/ulmo/configuration.nix b/machines/ulmo/configuration.nix new file mode 100644 index 0000000..ad2ab71 --- /dev/null +++ b/machines/ulmo/configuration.nix @@ -0,0 +1,286 @@ +{ + pkgs, + lib, + self, + ... +}: { + _module.args = { + pkgs = lib.mkForce (import self.inputs.nixpkgs { + system = "x86_64-linux"; + + overlays = with self.inputs; [ + fenix.overlays.default + nix-minecraft.overlay + flux.overlays.default + ]; + + config = { + allowUnfree = true; + + permittedInsecurePackages = [ + # I think this is because of zen + "qtwebengine-5.15.19" + + # For mautrix-signal, the matrix to signal bridge + "olm-3.2.16" + ]; + }; + }); + }; + + imports = [ + ./disks.nix + ./hardware.nix + self.inputs.home-manager.nixosModules.home-manager + self.inputs.himmelblau.nixosModules.himmelblau + self.inputs.jovian.nixosModules.default + self.inputs.mydia.nixosModules.default + self.inputs.nix-minecraft.nixosModules.minecraft-servers + self.inputs.nvf.nixosModules.default + self.inputs.sops-nix.nixosModules.sops + (self.inputs.import-tree ../../modules/nixos) + ]; + + system.stateVersion = "23.11"; + + networking = { + interfaces.enp2s0 = { + ipv6.addresses = [ + { + address = "2a0d:6e00:1dc9:0::dead:beef"; + prefixLength = 64; + } + ]; + + useDHCP = true; + }; + + defaultGateway = { + address = "192.168.1.1"; + interface = "enp2s0"; + }; + + defaultGateway6 = { + address = "fe80::1"; + interface = "enp2s0"; + }; + }; + + # sneeuwvlok = { + # services = { + # backup.borg.enable = true; + + # authentication.zitadel = { + # enable = true; + + # organization = { + # nix = { + # user = { + # chris = { + # email = "chris@kruining.eu"; + # firstName = "Chris"; + # lastName = "Kruining"; + + # roles = ["ORG_OWNER"]; + # instanceRoles = ["IAM_OWNER"]; + # }; + + # kaas = { + # email = "chris+kaas@kruining.eu"; + # firstName = "Kaas"; + # lastName = "Kruining"; + # }; + # }; + + # project = { + # ulmo = { + # projectRoleCheck = true; + # projectRoleAssertion = true; + # hasProjectCheck = true; + + # role = { + # jellyfin = { + # group = "jellyfin"; + # }; + # jellyfin_admin = { + # group = "jellyfin"; + # }; + # }; + + # assign = { + # chris = ["jellyfin" "jellyfin_admin"]; + # kaas = ["jellyfin"]; + # }; + + # application = { + # jellyfin = { + # redirectUris = ["https://jellyfin.kruining.eu/sso/OID/redirect/zitadel"]; + # grantTypes = ["authorizationCode"]; + # responseTypes = ["code"]; + # }; + + # forgejo = { + # redirectUris = ["https://git.amarth.cloud/user/oauth2/zitadel/callback"]; + # grantTypes = ["authorizationCode"]; + # responseTypes = ["code"]; + # }; + + # vaultwarden = { + # redirectUris = ["https://vault.kruining.eu/identity/connect/oidc-signin"]; + # grantTypes = ["authorizationCode"]; + # responseTypes = ["code"]; + # exportMap = { + # client_id = "SSO_CLIENT_ID"; + # client_secret = "SSO_CLIENT_SECRET"; + # }; + # }; + + # matrix = { + # redirectUris = ["https://matrix.kruining.eu/_synapse/client/oidc/callback"]; + # grantTypes = ["authorizationCode"]; + # responseTypes = ["code"]; + # }; + + # mydia = { + # redirectUris = ["http://localhost:2010/auth/oidc/callback"]; + # grantTypes = ["authorizationCode"]; + # responseTypes = ["code"]; + # }; + + # grafana = { + # redirectUris = ["http://localhost:9001/login/generic_oauth"]; + # grantTypes = ["authorizationCode"]; + # responseTypes = ["code"]; + # }; + # }; + # }; + + # convex = { + # projectRoleCheck = true; + # projectRoleAssertion = true; + # hasProjectCheck = true; + + # application = { + # scry = { + # redirectUris = ["https://nautical-salamander-320.eu-west-1.convex.cloud/api/auth/callback/zitadel"]; + # grantTypes = ["authorizationCode"]; + # responseTypes = ["code"]; + # }; + # }; + # }; + # }; + + # action = { + # flattenRoles = { + # script = '' + # (ctx, api) => { + # if (ctx.v1.user.grants == undefined || ctx.v1.user.grants.count == 0) { + # return; + # } + + # const roles = ctx.v1.user.grants.grants.flatMap(({ roles, projectId }) => roles.map(role => projectId + ':' + role)); + + # api.v1.claims.setClaim('nix:zitadel:custom', JSON.stringify({ roles })); + # }; + # ''; + # }; + # }; + + # triggers = [ + # { + # flowType = "customiseToken"; + # triggerType = "preUserinfoCreation"; + # actions = ["flattenRoles"]; + # } + # { + # flowType = "customiseToken"; + # triggerType = "preAccessTokenCreation"; + # actions = ["flattenRoles"]; + # } + # ]; + # }; + # }; + # }; + + # communication.matrix.enable = true; + + # development.forgejo.enable = true; + + # networking.ssh.enable = true; + # networking.caddy.hosts = { + # # Expose amarht cloud stuff like this until I have a proper solution + # "auth.amarth.cloud" = '' + # reverse_proxy http://192.168.1.223:9092 + # ''; + + # "amarth.cloud" = '' + # reverse_proxy http://192.168.1.223:8080 + # ''; + # }; + + # media.enable = true; + # media.glance.enable = true; + # media.mydia.enable = true; + # media.nfs.enable = true; + # media.jellyfin.enable = true; + # # media.servarr = { + # # radarr = { + # # enable = true; + # # port = 2001; + # # rootFolders = [ + # # "/var/media/movies" + # # ]; + # # }; + + # # sonarr = { + # # enable = true; + # # # debug = true; + # # port = 2002; + # # rootFolders = [ + # # "/var/media/series" + # # ]; + # # }; + + # # lidarr = { + # # enable = true; + # # debug = true; + # # port = 2003; + # # rootFolders = [ + # # "/var/media/music" + # # ]; + # # }; + + # # prowlarr = { + # # enable = true; + # # # debug = true; + # # port = 2004; + # # }; + # # }; + + # observability = { + # grafana.enable = true; + # prometheus.enable = true; + # loki.enable = true; + # promtail.enable = true; + # # uptime-kuma.enable = true; + # }; + + # security.vaultwarden = { + # enable = true; + # database = { + # # type = "sqlite"; + # # file = "/var/lib/vaultwarden/state.db"; + + # type = "postgresql"; + # host = "localhost"; + # port = 5432; + # sslMode = "disabled"; + # }; + # }; + # }; + + # editor = { + # nano.enable = true; + # }; + # }; +} diff --git a/systems/x86_64-linux/ulmo/disks.nix b/machines/ulmo/disks.nix similarity index 100% rename from systems/x86_64-linux/ulmo/disks.nix rename to machines/ulmo/disks.nix diff --git a/machines/ulmo/hardware.nix b/machines/ulmo/hardware.nix new file mode 100644 index 0000000..77439d0 --- /dev/null +++ b/machines/ulmo/hardware.nix @@ -0,0 +1,20 @@ +{ + config, + pkgs, + lib, + modulesPath, + ... +}: let + inherit (lib.modules) mkDefault; +in { + boot = { + initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"]; + initrd.kernelModules = []; + kernelModules = ["kvm-intel"]; + kernelParams = []; + extraModulePackages = []; + }; + + nixpkgs.hostPlatform = "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/systems/x86_64-linux/varda/README.md b/machines/varda/README.md similarity index 100% rename from systems/x86_64-linux/varda/README.md rename to machines/varda/README.md diff --git a/machines/varda/configuration.nix b/machines/varda/configuration.nix new file mode 100644 index 0000000..e75bc1c --- /dev/null +++ b/machines/varda/configuration.nix @@ -0,0 +1,3 @@ +{ ... }: { + nixpkgs.hostPlatform = "x86_64-linux"; +} diff --git a/systems/x86_64-linux/yavanna/README.md b/machines/yavanna/README.md similarity index 100% rename from systems/x86_64-linux/yavanna/README.md rename to machines/yavanna/README.md diff --git a/machines/yavanna/configuration.nix b/machines/yavanna/configuration.nix new file mode 100644 index 0000000..e75bc1c --- /dev/null +++ b/machines/yavanna/configuration.nix @@ -0,0 +1,3 @@ +{ ... }: { + nixpkgs.hostPlatform = "x86_64-linux"; +} diff --git a/modules/home/application/bitwarden.nix b/modules/home/application/bitwarden.nix new file mode 100644 index 0000000..bd9c02d --- /dev/null +++ b/modules/home/application/bitwarden.nix @@ -0,0 +1,19 @@ +{ + inputs, + config, + lib, + pkgs, + ... +}: let + inherit (lib) mkIf mkEnableOption; + + cfg = config.sneeuwvlok.application.bitwarden; +in { + options.sneeuwvlok.application.bitwarden = { + enable = mkEnableOption "enable bitwarden"; + }; + + config = mkIf cfg.enable { + home.packages = with pkgs; [bitwarden-desktop]; + }; +} diff --git a/modules/home/application/bitwarden/default.nix b/modules/home/application/bitwarden/default.nix deleted file mode 100644 index f2cd869..0000000 --- a/modules/home/application/bitwarden/default.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ inputs, config, lib, pkgs, namespace, ... }: -let - inherit (lib) mkIf mkEnableOption; - - cfg = config.${namespace}.application.bitwarden; -in -{ - options.${namespace}.application.bitwarden = { - enable = mkEnableOption "enable bitwarden"; - }; - - config = mkIf cfg.enable { - home.packages = with pkgs; [ bitwarden-desktop ]; - }; -} diff --git a/modules/home/application/chrome/default.nix b/modules/home/application/chrome.nix similarity index 94% rename from modules/home/application/chrome/default.nix rename to modules/home/application/chrome.nix index ac9f5ef..142abaa 100644 --- a/modules/home/application/chrome/default.nix +++ b/modules/home/application/chrome.nix @@ -1,11 +1,15 @@ -{ inputs, config, lib, pkgs, namespace, ... }: -let +{ + inputs, + config, + lib, + pkgs, + ... +}: let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.application.chrome; -in -{ - options.${namespace}.application.chrome = { + cfg = config.sneeuwvlok.application.chrome; +in { + options.sneeuwvlok.application.chrome = { enable = mkEnableOption "enable chrome"; }; diff --git a/modules/home/application/discord.nix b/modules/home/application/discord.nix new file mode 100644 index 0000000..f459cae --- /dev/null +++ b/modules/home/application/discord.nix @@ -0,0 +1,19 @@ +{ + inputs, + config, + lib, + pkgs, + ... +}: let + inherit (lib) mkIf mkEnableOption; + + cfg = config.sneeuwvlok.application.discord; +in { + options.sneeuwvlok.application.discord = { + enable = mkEnableOption "enable discord (vesktop)"; + }; + + config = mkIf cfg.enable { + home.packages = with pkgs; [vesktop]; + }; +} diff --git a/modules/home/application/discord/default.nix b/modules/home/application/discord/default.nix deleted file mode 100644 index a736b37..0000000 --- a/modules/home/application/discord/default.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ inputs, config, lib, pkgs, namespace, ... }: -let - inherit (lib) mkIf mkEnableOption; - - cfg = config.${namespace}.application.discord; -in -{ - options.${namespace}.application.discord = { - enable = mkEnableOption "enable discord (vesktop)"; - }; - - config = mkIf cfg.enable { - home.packages = with pkgs; [ vesktop ]; - }; -} diff --git a/modules/home/application/ladybird.nix b/modules/home/application/ladybird.nix new file mode 100644 index 0000000..9d4d3d3 --- /dev/null +++ b/modules/home/application/ladybird.nix @@ -0,0 +1,19 @@ +{ + inputs, + config, + lib, + pkgs, + ... +}: let + inherit (lib) mkIf mkEnableOption; + + cfg = config.sneeuwvlok.application.ladybird; +in { + options.sneeuwvlok.application.ladybird = { + enable = mkEnableOption "enable ladybird"; + }; + + config = mkIf cfg.enable { + home.packages = with pkgs; [ladybird]; + }; +} diff --git a/modules/home/application/ladybird/default.nix b/modules/home/application/ladybird/default.nix deleted file mode 100644 index 31d7c17..0000000 --- a/modules/home/application/ladybird/default.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ inputs, config, lib, pkgs, namespace, ... }: -let - inherit (lib) mkIf mkEnableOption; - - cfg = config.${namespace}.application.ladybird; -in -{ - options.${namespace}.application.ladybird = { - enable = mkEnableOption "enable ladybird"; - }; - - config = mkIf cfg.enable { - home.packages = with pkgs; [ ladybird ]; - }; -} diff --git a/modules/home/application/matix.nix b/modules/home/application/matix.nix new file mode 100644 index 0000000..1164ad6 --- /dev/null +++ b/modules/home/application/matix.nix @@ -0,0 +1,23 @@ +{ + config, + lib, + pkgs, + osConfig ? {}, + ... +}: let + inherit (lib) mkIf mkEnableOption; + + cfg = config.sneeuwvlok.application.matrix; +in { + options.sneeuwvlok.application.matrix = { + enable = mkEnableOption "enable Matrix client (Fractal)"; + }; + + config = mkIf cfg.enable { + home.packages = with pkgs; [fractal element-desktop]; + + programs.element-desktop = { + enable = true; + }; + }; +} diff --git a/modules/home/application/matrix/default.nix b/modules/home/application/matrix/default.nix deleted file mode 100644 index 867a94f..0000000 --- a/modules/home/application/matrix/default.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ config, lib, pkgs, namespace, osConfig ? {}, ... }: -let - inherit (lib) mkIf mkEnableOption; - - cfg = config.${namespace}.application.matrix; -in -{ - options.${namespace}.application.matrix = { - enable = mkEnableOption "enable Matrix client (Fractal)"; - }; - - config = mkIf cfg.enable { - home.packages = with pkgs; [ fractal element-desktop ]; - - programs.element-desktop = { - enable = true; - }; - }; -} diff --git a/modules/home/application/obs/default.nix b/modules/home/application/obs.nix similarity index 79% rename from modules/home/application/obs/default.nix rename to modules/home/application/obs.nix index a2be203..40a3c54 100644 --- a/modules/home/application/obs/default.nix +++ b/modules/home/application/obs.nix @@ -1,11 +1,15 @@ -{ config, lib, pkgs, namespace, osConfig ? {}, ... }: -let +{ + config, + lib, + pkgs, + osConfig ? {}, + ... +}: let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.application.obs; -in -{ - options.${namespace}.application.obs = { + cfg = config.sneeuwvlok.application.obs; +in { + options.sneeuwvlok.application.obs = { enable = mkEnableOption "enable obs"; }; diff --git a/modules/home/application/onlyoffice/default.nix b/modules/home/application/onlyoffice.nix similarity index 67% rename from modules/home/application/onlyoffice/default.nix rename to modules/home/application/onlyoffice.nix index 0479539..33706ee 100644 --- a/modules/home/application/onlyoffice/default.nix +++ b/modules/home/application/onlyoffice.nix @@ -3,14 +3,13 @@ config, lib, pkgs, - namespace, ... }: let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.application.onlyoffice; + cfg = config.sneeuwvlok.application.onlyoffice; in { - options.${namespace}.application.onlyoffice = { + options.sneeuwvlok.application.onlyoffice = { enable = mkEnableOption "enable onlyoffice"; }; diff --git a/modules/home/application/signal.nix b/modules/home/application/signal.nix new file mode 100644 index 0000000..5377795 --- /dev/null +++ b/modules/home/application/signal.nix @@ -0,0 +1,19 @@ +{ + inputs, + config, + lib, + pkgs, + ... +}: let + inherit (lib) mkIf mkEnableOption; + + cfg = config.sneeuwvlok.application.signal; +in { + options.sneeuwvlok.application.signal = { + enable = mkEnableOption "enable signal"; + }; + + config = mkIf cfg.enable { + home.packages = with pkgs; [signal-desktop]; + }; +} diff --git a/modules/home/application/signal/default.nix b/modules/home/application/signal/default.nix deleted file mode 100644 index f4eb1d0..0000000 --- a/modules/home/application/signal/default.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ inputs, config, lib, pkgs, namespace, ... }: -let - inherit (lib) mkIf mkEnableOption; - - cfg = config.${namespace}.application.signal; -in -{ - options.${namespace}.application.signal = { - enable = mkEnableOption "enable signal"; - }; - - config = mkIf cfg.enable { - home.packages = with pkgs; [ signal-desktop ]; - }; -} diff --git a/modules/home/application/steam/default.nix b/modules/home/application/steam.nix similarity index 84% rename from modules/home/application/steam/default.nix rename to modules/home/application/steam.nix index 8c87b40..80b6321 100644 --- a/modules/home/application/steam/default.nix +++ b/modules/home/application/steam.nix @@ -1,16 +1,20 @@ -{ inputs, config, lib, pkgs, namespace, ... }: -let +{ + inputs, + config, + lib, + pkgs, + ... +}: let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.application.steam; -in -{ - options.${namespace}.application.steam = { + cfg = config.sneeuwvlok.application.steam; +in { + options.sneeuwvlok.application.steam = { enable = mkEnableOption "enable steam"; }; config = mkIf cfg.enable { - home.packages = with pkgs; [ protonup-ng ]; + home.packages = with pkgs; [protonup-ng]; home.sessionVariables = { STEAM_EXTRA_COMPAT_TOOLS_PATHS = "\${HOME}/.steam/root/compatibilitytools.d"; diff --git a/modules/home/application/studio.nix b/modules/home/application/studio.nix new file mode 100644 index 0000000..1b4dc27 --- /dev/null +++ b/modules/home/application/studio.nix @@ -0,0 +1,18 @@ +{ + config, + lib, + self, + ... +}: let + inherit (lib) mkIf mkEnableOption; + + cfg = config.sneeuwvlok.application.studio; +in { + options.sneeuwvlok.application.studio = { + enable = mkEnableOption "enable Bricklink Studio"; + }; + + config = mkIf cfg.enable { + home.packages = [self.packages.studio]; + }; +} diff --git a/modules/home/application/studio/default.nix b/modules/home/application/studio/default.nix deleted file mode 100644 index 7f8173a..0000000 --- a/modules/home/application/studio/default.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ config, lib, pkgs, namespace, ... }: -let - inherit (lib) mkIf mkEnableOption; - - cfg = config.${namespace}.application.studio; -in -{ - options.${namespace}.application.studio = { - enable = mkEnableOption "enable Bricklink Studio"; - }; - - config = mkIf cfg.enable { - home.packages = with pkgs.${namespace}; [ studio ]; - }; -} diff --git a/modules/home/application/teamspeak/default.nix b/modules/home/application/teamspeak.nix similarity index 58% rename from modules/home/application/teamspeak/default.nix rename to modules/home/application/teamspeak.nix index 3e5e530..7ff7bf2 100644 --- a/modules/home/application/teamspeak/default.nix +++ b/modules/home/application/teamspeak.nix @@ -1,11 +1,15 @@ -{ inputs, config, lib, pkgs, namespace, ... }: -let +{ + inputs, + config, + lib, + pkgs, + ... +}: let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.application.teamspeak; -in -{ - options.${namespace}.application.teamspeak = { + cfg = config.sneeuwvlok.application.teamspeak; +in { + options.sneeuwvlok.application.teamspeak = { enable = mkEnableOption "enable teamspeak"; }; diff --git a/modules/home/application/thunderbird/default.nix b/modules/home/application/thunderbird.nix similarity index 74% rename from modules/home/application/thunderbird/default.nix rename to modules/home/application/thunderbird.nix index c05f57b..f21cb4a 100644 --- a/modules/home/application/thunderbird/default.nix +++ b/modules/home/application/thunderbird.nix @@ -1,11 +1,15 @@ -{ inputs, config, lib, pkgs, namespace, ... }: -let +{ + inputs, + config, + lib, + pkgs, + ... +}: let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.application.thunderbird; -in -{ - options.${namespace}.application.thunderbird = { + cfg = config.sneeuwvlok.application.thunderbird; +in { + options.sneeuwvlok.application.thunderbird = { enable = mkEnableOption "enable thunderbird"; }; @@ -14,7 +18,7 @@ in enable = true; package = pkgs.thunderbird-latest; - profiles.${config.snowfallorg.user.name} = { + profiles.chris = { isDefault = true; }; }; @@ -30,7 +34,7 @@ in }; thunderbird = { enable = true; - profiles = [ config.snowfallorg.user.name ]; + profiles = ["chris"]; }; }; diff --git a/modules/home/application/zen/default.nix b/modules/home/application/zen.nix similarity index 85% rename from modules/home/application/zen/default.nix rename to modules/home/application/zen.nix index b7cec03..e018ea6 100644 --- a/modules/home/application/zen/default.nix +++ b/modules/home/application/zen.nix @@ -1,15 +1,14 @@ -{ inputs, config, lib, pkgs, namespace, ... }: -let +{ + config, + lib, + pkgs, + ... +}: let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.application.zen; -in -{ - imports = [ - inputs.zen-browser.homeModules.default - ]; - - options.${namespace}.application.zen = { + cfg = config.sneeuwvlok.application.zen; +in { + options.sneeuwvlok.application.zen = { enable = mkEnableOption "enable zen"; }; @@ -54,8 +53,7 @@ in install_url = "https://addons.mozilla.org/firefox/downloads/latest/${builtins.toString id}/latest.xpi"; installation_mode = "force_installed"; }; - in - { + in { ublock_origin = 4531307; ghostry = 4562168; bitwarden = 4562769; diff --git a/modules/home/default.nix b/modules/home/default.nix index 6dc81b5..8140c1b 100644 --- a/modules/home/default.nix +++ b/modules/home/default.nix @@ -1,34 +1,38 @@ -{ pkgs, config, lib, namespace, ... }: -let +{ + pkgs, + config, + lib, + ... +}: let inherit (lib) mkOption; inherit (lib.types) enum; - cfg = config.${namespace}.defaults; + cfg = config.sneeuwvlok.defaults; in { - options.${namespace}.defaults = { + options.sneeuwvlok.defaults = { editor = mkOption { - type = enum [ "nano" "nvim" "zed" ]; + type = enum ["nano" "nvim" "zed"]; default = "nano"; description = "Default editor for text manipulation"; example = "nvim"; }; shell = mkOption { - type = enum [ "fish" "zsh" "bash" ]; + type = enum ["fish" "zsh" "bash"]; default = "zsh"; description = "Default shell"; example = "zsh"; }; terminal = mkOption { - type = enum [ "ghostty" "alacritty" ]; + type = enum ["ghostty" "alacritty"]; default = "ghostty"; description = "Default terminal"; example = "ghostty"; }; browser = mkOption { - type = enum [ "chrome" "ladybird" "zen" ]; + type = enum ["chrome" "ladybird" "zen"]; default = "zen"; description = "Default terminal"; example = "zen"; diff --git a/modules/home/desktop/plasma/default.nix b/modules/home/desktop/plasma/default.nix index 0b679a0..368dc41 100644 --- a/modules/home/desktop/plasma/default.nix +++ b/modules/home/desktop/plasma/default.nix @@ -1,13 +1,15 @@ -{ config, lib, namespace, osConfig ? {}, ... }: -let +{ + config, + lib, + osConfig ? {}, + ... +}: let inherit (lib) mkIf; - cfg = config.${namespace}.desktop.plasma; - osCfg = osConfig.${namespace}.desktop.plasma or { enable = false; }; -in -{ - options.${namespace}.desktop.plasma = { - + cfg = config.sneeuwvlok.desktop.plasma; + osCfg = osConfig.sneeuwvlok.desktop.plasma or {enable = false;}; +in { + options.sneeuwvlok.desktop.plasma = { }; config = mkIf osCfg.enable { diff --git a/modules/home/development/dotnet.nix b/modules/home/development/dotnet.nix new file mode 100644 index 0000000..0f2d0b9 --- /dev/null +++ b/modules/home/development/dotnet.nix @@ -0,0 +1,18 @@ +{ + config, + lib, + pkgs, + ... +}: let + inherit (lib) mkEnableOption mkIf; + + cfg = config.sneeuwvlok.development.dotnet; +in { + options.sneeuwvlok.development.dotnet = { + enable = mkEnableOption "Enable dotnet development tools"; + }; + + config = mkIf cfg.enable { + home.packages = with pkgs; [dotnet-sdk_8]; + }; +} diff --git a/modules/home/development/dotnet/default.nix b/modules/home/development/dotnet/default.nix deleted file mode 100644 index 7ed848e..0000000 --- a/modules/home/development/dotnet/default.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ config, lib, pkgs, namespace, ... }: -let - inherit (lib) mkEnableOption mkIf; - - cfg = config.${namespace}.development.dotnet; -in -{ - options.${namespace}.development.dotnet = { - enable = mkEnableOption "Enable dotnet development tools"; - }; - - config = mkIf cfg.enable { - home.packages = with pkgs; [ dotnet-sdk_8 ]; - }; -} diff --git a/modules/home/development/javascript.nix b/modules/home/development/javascript.nix new file mode 100644 index 0000000..9dfc3be --- /dev/null +++ b/modules/home/development/javascript.nix @@ -0,0 +1,18 @@ +{ + config, + lib, + pkgs, + ... +}: let + inherit (lib) mkEnableOption mkIf; + + cfg = config.sneeuwvlok.development.javascript; +in { + options.sneeuwvlok.development.javascript = { + enable = mkEnableOption "Enable javascript development tools"; + }; + + config = mkIf cfg.enable { + home.packages = with pkgs; [bun nodejs nodePackages_latest.typescript-language-server]; + }; +} diff --git a/modules/home/development/javascript/default.nix b/modules/home/development/javascript/default.nix deleted file mode 100644 index e649c86..0000000 --- a/modules/home/development/javascript/default.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ config, lib, pkgs, namespace, ... }: -let - inherit (lib) mkEnableOption mkIf; - - cfg = config.${namespace}.development.javascript; -in -{ - options.${namespace}.development.javascript = { - enable = mkEnableOption "Enable javascript development tools"; - }; - - config = mkIf cfg.enable { - home.packages = with pkgs; [ bun nodejs nodePackages_latest.typescript-language-server ]; - }; -} diff --git a/modules/home/development/rust.nix b/modules/home/development/rust.nix new file mode 100644 index 0000000..3a56f2a --- /dev/null +++ b/modules/home/development/rust.nix @@ -0,0 +1,18 @@ +{ + config, + lib, + pkgs, + ... +}: let + inherit (lib) mkEnableOption mkIf; + + cfg = config.sneeuwvlok.development.rust; +in { + options.sneeuwvlok.development.rust = { + enable = mkEnableOption "Enable rust development tools"; + }; + + config = + mkIf cfg.enable { + }; +} diff --git a/modules/home/development/rust/default.nix b/modules/home/development/rust/default.nix deleted file mode 100644 index 4208c68..0000000 --- a/modules/home/development/rust/default.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ config, lib, pkgs, namespace, ... }: -let - inherit (lib) mkEnableOption mkIf; - - cfg = config.${namespace}.development.rust; -in -{ - options.${namespace}.development.rust = { - enable = mkEnableOption "Enable rust development tools"; - }; - - config = mkIf cfg.enable { - - }; -} diff --git a/modules/home/editor/nano/default.nix b/modules/home/editor/nano.nix similarity index 71% rename from modules/home/editor/nano/default.nix rename to modules/home/editor/nano.nix index 870db8e..270549b 100644 --- a/modules/home/editor/nano/default.nix +++ b/modules/home/editor/nano.nix @@ -1,16 +1,20 @@ -{ config, options, lib, pkgs, namespace, ... }: -let +{ + config, + options, + lib, + pkgs, + ... +}: let inherit (lib) mkEnableOption mkIf; - cfg = config.${namespace}.editor.nano; -in -{ - options.${namespace}.editor.nano = { + cfg = config.sneeuwvlok.editor.nano; +in { + options.sneeuwvlok.editor.nano = { enable = mkEnableOption "nano"; }; config = mkIf cfg.enable { - home.packages = with pkgs; [ nano ]; + home.packages = with pkgs; [nano]; # programs.nano = { # enable = true; diff --git a/modules/home/editor/nvim/default.nix b/modules/home/editor/nvim.nix similarity index 85% rename from modules/home/editor/nvim/default.nix rename to modules/home/editor/nvim.nix index 162772f..9b3e523 100644 --- a/modules/home/editor/nvim/default.nix +++ b/modules/home/editor/nvim.nix @@ -1,15 +1,19 @@ -{ inputs, config, lib, pkgs, namespace, ... }: -let +{ + inputs, + config, + lib, + pkgs, + ... +}: let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.editor.nvim; -in -{ + cfg = config.sneeuwvlok.editor.nvim; +in { # imports = [ # inputs.nvf.nixosModules.default # ]; - options.${namespace}.editor.nvim = { + options.sneeuwvlok.editor.nvim = { enable = mkEnableOption "enable nvim via nvf on user level"; }; diff --git a/modules/home/editor/zed/default.nix b/modules/home/editor/zed.nix similarity index 86% rename from modules/home/editor/zed/default.nix rename to modules/home/editor/zed.nix index f0fe7fa..7bc2ad7 100644 --- a/modules/home/editor/zed/default.nix +++ b/modules/home/editor/zed.nix @@ -1,21 +1,29 @@ -{ config, lib, pkgs, namespace, ... }: let +{ + config, + lib, + pkgs, + ... +}: let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.editor.zed; + cfg = config.sneeuwvlok.editor.zed; in { - options.${namespace}.editor.zed = { + options.sneeuwvlok.editor.zed = { enable = mkEnableOption "zed"; }; config = mkIf cfg.enable { home.packages = with pkgs; [ - zed-editor nixd nil alejandra + zed-editor + nixd + nil + alejandra ]; programs.zed-editor = { enable = true; - extensions = [ "nix" "toml" "html" "just-ls" ]; + extensions = ["nix" "toml" "html" "just-ls"]; userSettings = { assistant.enabled = false; diff --git a/modules/home/game/minecraft/default.nix b/modules/home/game/minecraft/default.nix deleted file mode 100644 index e5dedc6..0000000 --- a/modules/home/game/minecraft/default.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ inputs, config, lib, pkgs, namespace, ... }: -let - inherit (lib) mkIf mkEnableOption; - - cfg = config.${namespace}.game.minecraft; -in -{ - options.${namespace}.game.minecraft = { - enable = mkEnableOption "enable minecraft"; - }; - - config = mkIf cfg.enable { - home.packages = with pkgs; [ prismlauncher ]; - }; -} diff --git a/modules/home/game/minescraft.nix b/modules/home/game/minescraft.nix new file mode 100644 index 0000000..384142e --- /dev/null +++ b/modules/home/game/minescraft.nix @@ -0,0 +1,19 @@ +{ + inputs, + config, + lib, + pkgs, + ... +}: let + inherit (lib) mkIf mkEnableOption; + + cfg = config.sneeuwvlok.game.minecraft; +in { + options.sneeuwvlok.game.minecraft = { + enable = mkEnableOption "enable minecraft"; + }; + + config = mkIf cfg.enable { + home.packages = with pkgs; [prismlauncher]; + }; +} diff --git a/modules/home/shell/default.nix b/modules/home/shell/default.nix index 9968e54..98a2054 100644 --- a/modules/home/shell/default.nix +++ b/modules/home/shell/default.nix @@ -1,17 +1,20 @@ -{ config, lib, pkgs, namespace, ... }: -let +{ + config, + lib, + pkgs, + ... +}: let inherit (lib) mkIf mkMerge mkEnableOption mkDefault; - cfg = config.${namespace}.shell; -in -{ - options.${namespace}.shell = { + cfg = config.sneeuwvlok.shell; +in { + options.sneeuwvlok.shell = { corePkgs.enable = mkEnableOption "core shell packages"; }; config = mkMerge [ (mkIf (cfg.corePkgs.enable) { - ${namespace}.shell.toolset = mkDefault { + sneeuwvlok.shell.toolset = mkDefault { bat.enable = true; btop.enable = true; eza.enable = true; @@ -25,8 +28,8 @@ in }; }) - ({ - home.packages = with pkgs; [ any-nix-shell pwgen yt-dlp ripdrag fd (ripgrep.override {withPCRE2 = true;}) ]; + { + home.packages = with pkgs; [any-nix-shell pwgen yt-dlp ripdrag fd (ripgrep.override {withPCRE2 = true;})]; programs = { direnv = { @@ -40,6 +43,6 @@ in config.whitelist.prefix = ["/home"]; }; }; - }) + } ]; } diff --git a/modules/home/shell/toolset/bat/default.nix b/modules/home/shell/toolset/bat.nix similarity index 50% rename from modules/home/shell/toolset/bat/default.nix rename to modules/home/shell/toolset/bat.nix index 78899df..101e3d8 100644 --- a/modules/home/shell/toolset/bat/default.nix +++ b/modules/home/shell/toolset/bat.nix @@ -1,16 +1,19 @@ -{ config, lib, pkgs, namespace, ... }: -let +{ + config, + lib, + pkgs, + ... +}: let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.shell.toolset.bat; -in -{ - options.${namespace}.shell.toolset.bat = { + cfg = config.sneeuwvlok.shell.toolset.bat; +in { + options.sneeuwvlok.shell.toolset.bat = { enable = mkEnableOption "cat replacement"; }; config = mkIf cfg.enable { - home.packages = with pkgs; [ bat ]; + home.packages = with pkgs; [bat]; programs.bat = { enable = true; diff --git a/modules/home/shell/toolset/btop/default.nix b/modules/home/shell/toolset/btop.nix similarity index 92% rename from modules/home/shell/toolset/btop/default.nix rename to modules/home/shell/toolset/btop.nix index b490acc..cbcddde 100644 --- a/modules/home/shell/toolset/btop/default.nix +++ b/modules/home/shell/toolset/btop.nix @@ -1,17 +1,20 @@ -{ config, lib, pkgs, namespace, ... }: -let +{ + config, + lib, + pkgs, + ... +}: let inherit (lib) mkIf mkEnableOption; inherit (lib.strings) concatStringsSep; - cfg = config.${namespace}.shell.toolset.btop; -in -{ - options.${namespace}.shell.toolset.btop = { + cfg = config.sneeuwvlok.shell.toolset.btop; +in { + options.sneeuwvlok.shell.toolset.btop = { enable = mkEnableOption "system-monitor"; }; config = mkIf cfg.enable { - home.packages = with pkgs; [ btop ]; + home.packages = with pkgs; [btop]; programs.btop = { enable = true; diff --git a/modules/home/shell/toolset/eza/default.nix b/modules/home/shell/toolset/eza.nix similarity index 64% rename from modules/home/shell/toolset/eza/default.nix rename to modules/home/shell/toolset/eza.nix index 00026cf..f0d7b94 100644 --- a/modules/home/shell/toolset/eza/default.nix +++ b/modules/home/shell/toolset/eza.nix @@ -1,16 +1,19 @@ -{ config, lib, pkgs, namespace, ... }: -let +{ + config, + lib, + pkgs, + ... +}: let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.shell.toolset.eza; -in -{ - options.${namespace}.shell.toolset.eza = { + cfg = config.sneeuwvlok.shell.toolset.eza; +in { + options.sneeuwvlok.shell.toolset.eza = { enable = mkEnableOption "system-monitor"; }; config = mkIf cfg.enable { - home.packages = with pkgs; [ eza ]; + home.packages = with pkgs; [eza]; programs.eza = { enable = true; diff --git a/modules/home/shell/toolset/fzf/default.nix b/modules/home/shell/toolset/fzf.nix similarity index 80% rename from modules/home/shell/toolset/fzf/default.nix rename to modules/home/shell/toolset/fzf.nix index e2f0313..7054e4a 100644 --- a/modules/home/shell/toolset/fzf/default.nix +++ b/modules/home/shell/toolset/fzf.nix @@ -1,16 +1,19 @@ -{ config, lib, pkgs, namespace, ... }: -let +{ + config, + lib, + pkgs, + ... +}: let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.shell.toolset.fzf; -in -{ - options.${namespace}.shell.toolset.fzf = { + cfg = config.sneeuwvlok.shell.toolset.fzf; +in { + options.sneeuwvlok.shell.toolset.fzf = { enable = mkEnableOption "TUI Fuzzy Finder."; }; config = mkIf cfg.enable { - home.packages = with pkgs; [ fzf ]; + home.packages = with pkgs; [fzf]; programs.fzf = { enable = true; diff --git a/modules/home/shell/toolset/git/default.nix b/modules/home/shell/toolset/git.nix similarity index 95% rename from modules/home/shell/toolset/git/default.nix rename to modules/home/shell/toolset/git.nix index dd138c8..7412ce1 100644 --- a/modules/home/shell/toolset/git/default.nix +++ b/modules/home/shell/toolset/git.nix @@ -2,14 +2,13 @@ config, lib, pkgs, - namespace, ... }: let inherit (lib) mkEnableOption mkIf; - cfg = config.${namespace}.shell.toolset.git; + cfg = config.sneeuwvlok.shell.toolset.git; in { - options.${namespace}.shell.toolset.git = { + options.sneeuwvlok.shell.toolset.git = { enable = mkEnableOption "version-control system"; }; diff --git a/modules/home/shell/toolset/gnugpg/default.nix b/modules/home/shell/toolset/gnupgp.nix similarity index 83% rename from modules/home/shell/toolset/gnugpg/default.nix rename to modules/home/shell/toolset/gnupgp.nix index 8b6ae38..1f4dc1e 100644 --- a/modules/home/shell/toolset/gnugpg/default.nix +++ b/modules/home/shell/toolset/gnupgp.nix @@ -1,11 +1,14 @@ -{ config, lib, pkgs, namespace, ... }: -let +{ + config, + lib, + pkgs, + ... +}: let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.shell.toolset.gnupg; -in -{ - options.${namespace}.shell.toolset.gnupg = { + cfg = config.sneeuwvlok.shell.toolset.gnupg; +in { + options.sneeuwvlok.shell.toolset.gnupg = { enable = mkEnableOption "cryptographic suite"; }; diff --git a/modules/home/shell/toolset/just.nix b/modules/home/shell/toolset/just.nix new file mode 100644 index 0000000..6f7e67e --- /dev/null +++ b/modules/home/shell/toolset/just.nix @@ -0,0 +1,18 @@ +{ + config, + lib, + pkgs, + ... +}: let + inherit (lib) mkEnableOption mkIf; + + cfg = config.sneeuwvlok.shell.toolset.just; +in { + options.sneeuwvlok.shell.toolset.just = { + enable = mkEnableOption "version-control system"; + }; + + config = mkIf cfg.enable { + home.packages = with pkgs; [just gum]; + }; +} diff --git a/modules/home/shell/toolset/just/default.nix b/modules/home/shell/toolset/just/default.nix deleted file mode 100644 index e956b2a..0000000 --- a/modules/home/shell/toolset/just/default.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ config, lib, pkgs, namespace, ... }: -let - inherit (lib) mkEnableOption mkIf; - - cfg = config.${namespace}.shell.toolset.just; -in -{ - options.${namespace}.shell.toolset.just = { - enable = mkEnableOption "version-control system"; - }; - - config = mkIf cfg.enable { - home.packages = with pkgs; [ just gum ]; - }; -} diff --git a/modules/home/shell/toolset/starship/default.nix b/modules/home/shell/toolset/starship.nix similarity index 91% rename from modules/home/shell/toolset/starship/default.nix rename to modules/home/shell/toolset/starship.nix index 28d57f7..3a99fdd 100644 --- a/modules/home/shell/toolset/starship/default.nix +++ b/modules/home/shell/toolset/starship.nix @@ -1,16 +1,19 @@ -{ config, lib, pkgs, namespace, ... }: -let +{ + config, + lib, + pkgs, + ... +}: let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.shell.toolset.starship; -in -{ - options.${namespace}.shell.toolset.starship = { + cfg = config.sneeuwvlok.shell.toolset.starship; +in { + options.sneeuwvlok.shell.toolset.starship = { enable = mkEnableOption "fancy pansy shell prompt"; }; config = mkIf cfg.enable { - home.packages = with pkgs; [ starship ]; + home.packages = with pkgs; [starship]; programs.starship = { enable = true; diff --git a/modules/home/shell/toolset/tmux/default.nix b/modules/home/shell/toolset/tmux.nix similarity index 92% rename from modules/home/shell/toolset/tmux/default.nix rename to modules/home/shell/toolset/tmux.nix index ed14ba6..34e20dd 100644 --- a/modules/home/shell/toolset/tmux/default.nix +++ b/modules/home/shell/toolset/tmux.nix @@ -1,16 +1,19 @@ -{ config, lib, pkgs, namespace, ... }: -let +{ + config, + lib, + pkgs, + ... +}: let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.shell.toolset.tmux; -in -{ - options.${namespace}.shell.toolset.tmux = { - enable = mkEnableOption "terminal multiplexer"; + cfg = config.sneeuwvlok.shell.toolset.tmux; +in { + options.sneeuwvlok.shell.toolset.tmux = { + enable = mkEnableOption "terminal multiplexer"; }; config = mkIf cfg.enable { - home.packages = with pkgs; [ tmux ]; + home.packages = with pkgs; [tmux]; programs.tmux = { enable = true; diff --git a/modules/home/shell/toolset/yazi/default.nix b/modules/home/shell/toolset/yazi.nix similarity index 50% rename from modules/home/shell/toolset/yazi/default.nix rename to modules/home/shell/toolset/yazi.nix index 37138a0..6ad6519 100644 --- a/modules/home/shell/toolset/yazi/default.nix +++ b/modules/home/shell/toolset/yazi.nix @@ -1,16 +1,19 @@ -{ config, lib, pkgs, namespace, ... }: -let +{ + config, + lib, + pkgs, + ... +}: let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.shell.toolset.yazi; -in -{ - options.${namespace}.shell.toolset.yazi = { + cfg = config.sneeuwvlok.shell.toolset.yazi; +in { + options.sneeuwvlok.shell.toolset.yazi = { enable = mkEnableOption "cli file browser"; }; config = mkIf cfg.enable { - home.packages = with pkgs; [ yazi ]; + home.packages = with pkgs; [yazi]; programs.yazi = { enable = true; diff --git a/modules/home/shell/toolset/zellij/default.nix b/modules/home/shell/toolset/zellij.nix similarity index 56% rename from modules/home/shell/toolset/zellij/default.nix rename to modules/home/shell/toolset/zellij.nix index db5b7bd..52e69f4 100644 --- a/modules/home/shell/toolset/zellij/default.nix +++ b/modules/home/shell/toolset/zellij.nix @@ -1,16 +1,19 @@ -{ config, lib, pkgs, namespace, ... }: -let +{ + config, + lib, + pkgs, + ... +}: let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.shell.toolset.zellij; -in -{ - options.${namespace}.shell.toolset.zellij = { + cfg = config.sneeuwvlok.shell.toolset.zellij; +in { + options.sneeuwvlok.shell.toolset.zellij = { enable = mkEnableOption "terminal multiplexer"; }; config = mkIf cfg.enable { - home.packages = with pkgs; [ zellij ]; + home.packages = with pkgs; [zellij]; programs.zellij = { enable = true; diff --git a/modules/home/shell/toolset/zoxide.nix b/modules/home/shell/toolset/zoxide.nix new file mode 100644 index 0000000..25f4508 --- /dev/null +++ b/modules/home/shell/toolset/zoxide.nix @@ -0,0 +1,22 @@ +{ + config, + lib, + pkgs, + ... +}: let + inherit (lib) mkIf mkEnableOption; + + cfg = config.sneeuwvlok.shell.toolset.zoxide; +in { + options.sneeuwvlok.shell.toolset.zoxide = { + enable = mkEnableOption "cd replacement"; + }; + + config = mkIf cfg.enable { + home.packages = with pkgs; [zoxide]; + + programs.zoxide = { + enable = true; + }; + }; +} diff --git a/modules/home/shell/toolset/zoxide/default.nix b/modules/home/shell/toolset/zoxide/default.nix deleted file mode 100644 index 5b8acb6..0000000 --- a/modules/home/shell/toolset/zoxide/default.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ config, lib, pkgs, namespace, ... }: -let - inherit (lib) mkIf mkEnableOption; - - cfg = config.${namespace}.shell.toolset.zoxide; -in -{ - options.${namespace}.shell.toolset.zoxide = { - enable = mkEnableOption "cd replacement"; - }; - - config = mkIf cfg.enable { - home.packages = with pkgs; [ zoxide ]; - - programs.zoxide = { - enable = true; - }; - }; -} diff --git a/modules/home/shell/zsh/default.nix b/modules/home/shell/zsh.nix similarity index 93% rename from modules/home/shell/zsh/default.nix rename to modules/home/shell/zsh.nix index b37cc4c..a202fa3 100644 --- a/modules/home/shell/zsh/default.nix +++ b/modules/home/shell/zsh.nix @@ -1,16 +1,19 @@ -{ config, lib, pkgs, namespace, ... }: -let +{ + config, + lib, + pkgs, + ... +}: let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.shell.zsh; -in -{ - options.${namespace}.shell.zsh = { + cfg = config.sneeuwvlok.shell.zsh; +in { + options.sneeuwvlok.shell.zsh = { enable = mkEnableOption "enable ZSH"; }; config = mkIf cfg.enable { - # ${namespace}.shell = { + # sneeuwvlok.shell = { # zsh.enable = true; # }; diff --git a/modules/home/terminal/alacritty/default.nix b/modules/home/terminal/alacritty.nix similarity index 84% rename from modules/home/terminal/alacritty/default.nix rename to modules/home/terminal/alacritty.nix index b6e5822..6b46514 100644 --- a/modules/home/terminal/alacritty/default.nix +++ b/modules/home/terminal/alacritty.nix @@ -1,11 +1,13 @@ -{ config, lib, namespace, ... }: -let +{ + config, + lib, + ... +}: let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.terminal.alacritty; -in -{ - options.${namespace}.terminal.alacritty = { + cfg = config.sneeuwvlok.terminal.alacritty; +in { + options.sneeuwvlok.terminal.alacritty = { enable = mkEnableOption "enable alacritty"; }; diff --git a/modules/home/terminal/ghostty/default.nix b/modules/home/terminal/ghostty.nix similarity index 58% rename from modules/home/terminal/ghostty/default.nix rename to modules/home/terminal/ghostty.nix index 4681b53..65487a9 100644 --- a/modules/home/terminal/ghostty/default.nix +++ b/modules/home/terminal/ghostty.nix @@ -1,11 +1,13 @@ -{ config, lib, namespace, ... }: -let +{ + config, + lib, + ... +}: let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.terminal.ghostty; -in -{ - options.${namespace}.terminal.ghostty = { + cfg = config.sneeuwvlok.terminal.ghostty; +in { + options.sneeuwvlok.terminal.ghostty = { enable = mkEnableOption "enable ghostty"; }; @@ -13,10 +15,10 @@ in programs.ghostty = { enable = true; settings = { - command = config.${namespace}.defaults.shell; + command = config.sneeuwvlok.defaults.shell; background-blur-radius = 20; theme = "dark:stylix,light:stylix"; - window-theme = (config.${namespace}.themes.polarity or "dark"); + window-theme = config.sneeuwvlok.themes.polarity or "dark"; background-opacity = 0.8; minimum-contrast = 1.1; }; diff --git a/modules/home/themes/default.nix b/modules/home/themes/default.nix index d338b88..37dcb39 100644 --- a/modules/home/themes/default.nix +++ b/modules/home/themes/default.nix @@ -1,24 +1,29 @@ -{ config, lib, pkgs, namespace, osConfig ? {}, ... }: -let +{ + config, + lib, + pkgs, + osConfig ? {}, + ... +}: let inherit (lib) mkIf mkDefault; inherit (lib.options) mkOption mkEnableOption; inherit (lib.types) nullOr enum; - cfg = config.${namespace}.themes; - osCfg = osConfig.${namespace}.theming; + cfg = config.sneeuwvlok.themes; + osCfg = osConfig.sneeuwvlok.theming; in { - options.${namespace}.themes = { + options.sneeuwvlok.themes = { enable = mkEnableOption "Theming (Stylix)"; theme = mkOption { - type = nullOr (enum [ "everforest" "catppuccin-latte" "chalk" ]); + type = nullOr (enum ["everforest" "catppuccin-latte" "chalk"]); default = "everforest"; description = "The theme to set the system to"; example = "everforest"; }; polarity = mkOption { - type = nullOr (enum [ "dark" "light" ]); + type = nullOr (enum ["dark" "light"]); default = "dark"; description = "determine if system is in dark or light mode"; }; @@ -33,7 +38,7 @@ in { polarity = cfg.polarity; targets.qt.platform = mkDefault "kde"; - targets.zen-browser.profileNames = [ "Chris" ]; + targets.zen-browser.profileNames = ["Chris"]; fonts = { serif = { diff --git a/modules/nixos/application/steam.nix b/modules/nixos/application/steam.nix new file mode 100644 index 0000000..6b6319b --- /dev/null +++ b/modules/nixos/application/steam.nix @@ -0,0 +1,29 @@ +{ + lib, + pkgs, + config, + ... +}: let + inherit (lib) mkIf mkEnableOption; + + cfg = config.sneeuwvlok.application.steam; +in { + options.sneeuwvlok.application.steam = { + enable = mkEnableOption "enable steam"; + }; + config = mkIf cfg.enable { + # environment.systemPackages = with pkgs; [steam]; + + programs = { + steam = { + enable = true; + remotePlay.openFirewall = true; + dedicatedServer.openFirewall = true; + localNetworkGameTransfers.openFirewall = true; + extraCompatPackages = with pkgs; [ + proton-ge-bin + ]; + }; + }; + }; +} diff --git a/modules/nixos/application/steam/default.nix b/modules/nixos/application/steam/default.nix deleted file mode 100644 index 061765e..0000000 --- a/modules/nixos/application/steam/default.nix +++ /dev/null @@ -1,64 +0,0 @@ -{ - inputs, - config, - lib, - pkgs, - namespace, - ... -}: let - inherit (lib) mkIf mkEnableOption; - - cfg = config.${namespace}.application.steam; -in { - options.${namespace}.application.steam = { - enable = mkEnableOption "enable steam"; - }; - - config = mkIf cfg.enable { - # environment.systemPackages = with pkgs; [ steam ]; - - programs = { - steam = { - enable = true; - remotePlay.openFirewall = true; - dedicatedServer.openFirewall = true; - localNetworkGameTransfers.openFirewall = true; - - extraCompatPackages = with pkgs; [ - proton-ge-bin - ]; - - # package = pkgs.steam.override { - # extraEnv = { - # DXVK_HUD = "compiler"; - # MANGOHUD = true; - # }; - # }; - - # gamescopeSession = { - # enable = true; - # args = ["--immediate-flips"]; - # }; - }; - - # https://github.com/FeralInteractive/gamemode - # gamemode = { - # enable = true; - # enableRenice = true; - # settings = {}; - # }; - - # gamescope = { - # enable = true; - # capSysNice = true; - # env = { - # DXVK_HDR = "1"; - # ENABLE_GAMESCOPE_WSI = "1"; - # WINE_FULLSCREEN_FSR = "1"; - # WLR_RENDERER = "vulkan"; - # }; - # args = ["--hdr-enabled"]; - # }; - }; - }; -} diff --git a/modules/nixos/boot/default.nix b/modules/nixos/boot.nix similarity index 80% rename from modules/nixos/boot/default.nix rename to modules/nixos/boot.nix index 1f844d1..8a8a204 100644 --- a/modules/nixos/boot/default.nix +++ b/modules/nixos/boot.nix @@ -1,14 +1,18 @@ -{ lib, namespace, config, pkgs, ... }: -let +{ + inputs, + lib, + config, + pkgs, + ... +}: let inherit (lib) mkIf mkMerge mkDefault mkOption; inherit (lib.types) enum bool; - cfg = config.${namespace}.boot; -in -{ - options.${namespace}.boot = { + cfg = config.sneeuwvlok.boot; +in { + options.sneeuwvlok.boot = { type = mkOption { - type = enum [ "bios" "uefi" ]; + type = enum ["bios" "uefi"]; default = "uefi"; }; @@ -24,7 +28,7 @@ in }; config = mkMerge [ - ({ + { boot = { kernelPackages = pkgs.linuxPackages_latest; @@ -32,16 +36,16 @@ in systemd-boot.enable = false; grub.enable = mkDefault true; - grub2-theme = { - enable = true; - theme = "vimix"; - footer = true; - }; + # grub2-theme = { + # enable = true; + # theme = "vimix"; + # footer = true; + # }; }; - supportedFilesystems = [ "nfs" ]; + supportedFilesystems = ["nfs"]; }; - }) + } (mkIf (cfg.type == "bios") { boot.loader.grub.efiSupport = false; @@ -87,7 +91,7 @@ in theme = mkDefault "pixels"; themePackages = with pkgs; [ (adi1090x-plymouth-themes.override { - selected_themes = [ "pixels" ]; + selected_themes = ["pixels"]; }) ]; }; diff --git a/modules/nixos/desktop/cosmic/default.nix b/modules/nixos/desktop/cosmic.nix similarity index 66% rename from modules/nixos/desktop/cosmic/default.nix rename to modules/nixos/desktop/cosmic.nix index cba6955..78e0bc4 100644 --- a/modules/nixos/desktop/cosmic/default.nix +++ b/modules/nixos/desktop/cosmic.nix @@ -1,19 +1,18 @@ { lib, config, - namespace, inputs, ... }: let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.desktop.cosmic; + cfg = config.sneeuwvlok.desktop.cosmic; in { - options.${namespace}.desktop.cosmic = { + options.sneeuwvlok.desktop.cosmic = { enable = mkEnableOption "Enable Cosmic desktop" // { - default = config.${namespace}.desktop.use == "cosmic"; + default = config.sneeuwvlok.desktop.use == "cosmic"; }; }; diff --git a/modules/nixos/desktop/default.nix b/modules/nixos/desktop/default.nix index 13ef881..7aa6b57 100644 --- a/modules/nixos/desktop/default.nix +++ b/modules/nixos/desktop/default.nix @@ -1,20 +1,14 @@ { lib, config, - namespace, - inputs, ... }: let inherit (lib) mkIf mkOption mkEnableOption mkMerge; inherit (lib.types) nullOr enum; - cfg = config.${namespace}.desktop; + cfg = config.sneeuwvlok.desktop; in { - imports = [ - inputs.grub2-themes.nixosModules.default - ]; - - options.${namespace}.desktop = { + options.sneeuwvlok.desktop = { use = mkOption { type = nullOr (enum ["plasma" "gamescope" "gnome" "cosmic"]); default = null; @@ -31,7 +25,7 @@ in { } # (mkIf (cfg.use != null) { - # ${namespace}.desktop.${cfg.use}.enable = true; + # sneeuwvlok.desktop.${cfg.use}.enable = true; # }) ]; } diff --git a/modules/nixos/desktop/gamescope/default.nix b/modules/nixos/desktop/gamescope.nix similarity index 54% rename from modules/nixos/desktop/gamescope/default.nix rename to modules/nixos/desktop/gamescope.nix index 80e6099..2ccd631 100644 --- a/modules/nixos/desktop/gamescope/default.nix +++ b/modules/nixos/desktop/gamescope.nix @@ -1,20 +1,22 @@ -{ lib, config, namespace, inputs, ... }: -let +{ + lib, + config, + ... +}: let inherit (lib) mkIf mkEnableOption mkForce; - cfg = config.${namespace}.desktop.gamescope; -in -{ - imports = [ inputs.jovian.nixosModules.default ]; - - options.${namespace}.desktop.gamescope = { - enable = mkEnableOption "Enable Steamdeck ui" // { - default = (config.${namespace}.desktop.use == "gamescope"); - }; + cfg = config.sneeuwvlok.desktop.gamescope; +in { + options.sneeuwvlok.desktop.gamescope = { + enable = + mkEnableOption "Enable Steamdeck ui" + // { + default = config.sneeuwvlok.desktop.use == "gamescope"; + }; }; config = mkIf cfg.enable { - ${namespace}.desktop.plasma.enable = true; + sneeuwvlok.desktop.plasma.enable = true; services.displayManager.sddm.enable = mkForce false; services.displayManager.gdm.enable = mkForce false; diff --git a/modules/nixos/desktop/gnome.nix b/modules/nixos/desktop/gnome.nix new file mode 100644 index 0000000..3deb9be --- /dev/null +++ b/modules/nixos/desktop/gnome.nix @@ -0,0 +1,21 @@ +{ + lib, + config, + ... +}: let + inherit (lib) mkIf mkEnableOption; + + cfg = config.sneeuwvlok.desktop.gnome; +in { + options.sneeuwvlok.desktop.gnome = { + enable = + mkEnableOption "Enable Gnome" + // { + default = config.sneeuwvlok.desktop.use == "gnome"; + }; + }; + + config = + mkIf cfg.enable { + }; +} diff --git a/modules/nixos/desktop/gnome/default.nix b/modules/nixos/desktop/gnome/default.nix deleted file mode 100644 index 979587f..0000000 --- a/modules/nixos/desktop/gnome/default.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ lib, config, namespace, ... }: -let - inherit (lib) mkIf mkEnableOption; - - cfg = config.${namespace}.desktop.gnome; -in -{ - options.${namespace}.desktop.gnome = { - enable = mkEnableOption "Enable Gnome" // { - default = (config.${namespace}.desktop.use == "gnome"); - }; - }; - - config = mkIf cfg.enable { - }; -} diff --git a/modules/nixos/desktop/plasma/default.nix b/modules/nixos/desktop/plasma.nix similarity index 70% rename from modules/nixos/desktop/plasma/default.nix rename to modules/nixos/desktop/plasma.nix index aa1e497..06bc31d 100644 --- a/modules/nixos/desktop/plasma/default.nix +++ b/modules/nixos/desktop/plasma.nix @@ -1,14 +1,19 @@ -{ pkgs, lib, config, namespace, ... }: -let +{ + pkgs, + lib, + config, + ... +}: let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.desktop.plasma; -in -{ - options.${namespace}.desktop.plasma = { - enable = mkEnableOption "Enable KDE Plasma" // { - default = (config.${namespace}.desktop.use == "plasma"); - }; + cfg = config.sneeuwvlok.desktop.plasma; +in { + options.sneeuwvlok.desktop.plasma = { + enable = + mkEnableOption "Enable KDE Plasma" + // { + default = config.sneeuwvlok.desktop.use == "plasma"; + }; }; config = mkIf cfg.enable { diff --git a/modules/nixos/editor/nano/default.nix b/modules/nixos/editor/nano.nix similarity index 75% rename from modules/nixos/editor/nano/default.nix rename to modules/nixos/editor/nano.nix index 1cb7ff1..26ec1db 100644 --- a/modules/nixos/editor/nano/default.nix +++ b/modules/nixos/editor/nano.nix @@ -1,11 +1,15 @@ -{ config, options, lib, pkgs, namespace, ... }: -let +{ + config, + options, + lib, + pkgs, + ... +}: let inherit (lib) mkEnableOption mkIf; - cfg = config.${namespace}.editor.nano; -in -{ - options.${namespace}.editor.nano = { + cfg = config.sneeuwvlok.editor.nano; +in { + options.sneeuwvlok.editor.nano = { enable = mkEnableOption "nano"; }; diff --git a/modules/nixos/editor/nvim.nix b/modules/nixos/editor/nvim.nix new file mode 100644 index 0000000..1179957 --- /dev/null +++ b/modules/nixos/editor/nvim.nix @@ -0,0 +1,18 @@ +{ + config, + lib, + pkgs, + ... +}: let + inherit (lib) mkIf mkEnableOption; + + cfg = config.sneeuwvlok.editor.nvim; +in { + options.sneeuwvlok.editor.nvim = { + enable = mkEnableOption "enable nvim via nvf on system level"; + }; + + config = + mkIf cfg.enable { + }; +} diff --git a/modules/nixos/editor/nvim/default.nix b/modules/nixos/editor/nvim/default.nix deleted file mode 100644 index c29de0f..0000000 --- a/modules/nixos/editor/nvim/default.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ inputs, config, lib, pkgs, namespace, ... }: -let - inherit (lib) mkIf mkEnableOption; - - cfg = config.${namespace}.editor.nvim; -in -{ - imports = [ - inputs.nvf.nixosModules.default - ]; - - options.${namespace}.editor.nvim = { - enable = mkEnableOption "enable nvim via nvf on system level"; - }; - - config = mkIf cfg.enable { - }; -} diff --git a/modules/nixos/hardware/audio/default.nix b/modules/nixos/hardware/audio.nix similarity index 72% rename from modules/nixos/hardware/audio/default.nix rename to modules/nixos/hardware/audio.nix index d3f340f..e507417 100644 --- a/modules/nixos/hardware/audio/default.nix +++ b/modules/nixos/hardware/audio.nix @@ -1,11 +1,14 @@ -{ pkgs, lib, namespace, config, ... }: -let +{ + pkgs, + lib, + config, + ... +}: let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.hardware.has.audio; -in -{ - options.${namespace}.hardware.has.audio = mkEnableOption "Enable bluetooth"; + cfg = config.sneeuwvlok.hardware.has.audio; +in { + options.sneeuwvlok.hardware.has.audio = mkEnableOption "Enable bluetooth"; config = mkIf cfg { environment.systemPackages = with pkgs; [ diff --git a/modules/nixos/hardware/bluetooth/default.nix b/modules/nixos/hardware/bluetooth.nix similarity index 67% rename from modules/nixos/hardware/bluetooth/default.nix rename to modules/nixos/hardware/bluetooth.nix index 98fc678..720d121 100644 --- a/modules/nixos/hardware/bluetooth/default.nix +++ b/modules/nixos/hardware/bluetooth.nix @@ -1,11 +1,13 @@ -{ lib, namespace, config, ... }: -let +{ + lib, + config, + ... +}: let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.hardware.has.bluetooth; -in -{ - options.${namespace}.hardware.has.bluetooth = mkEnableOption "Enable bluetooth"; + cfg = config.sneeuwvlok.hardware.has.bluetooth; +in { + options.sneeuwvlok.hardware.has.bluetooth = mkEnableOption "Enable bluetooth"; config = mkIf cfg { hardware.bluetooth = { @@ -21,7 +23,7 @@ in "bluez5.enable-sbc-xq" = true; "bluez5.enable-msbc" = true; "bluez5.enable-hw-volume" = true; - "bluez5.roles" = [ "hsp_hs" "hsp_ag" "hfp_hf" "hfp_ag" ]; + "bluez5.roles" = ["hsp_hs" "hsp_ag" "hfp_hf" "hfp_ag"]; }; }; }; diff --git a/modules/nixos/hardware/gpu/amd/default.nix b/modules/nixos/hardware/gpu/amd.nix similarity index 50% rename from modules/nixos/hardware/gpu/amd/default.nix rename to modules/nixos/hardware/gpu/amd.nix index cdc9d1e..58ddd6a 100644 --- a/modules/nixos/hardware/gpu/amd/default.nix +++ b/modules/nixos/hardware/gpu/amd.nix @@ -1,14 +1,17 @@ -{ pkgs, lib, namespace, config, ... }: -let +{ + pkgs, + lib, + config, + ... +}: let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.hardware.has.gpu; -in -{ - options.${namespace}.hardware.has.gpu.amd = mkEnableOption "Enable AMD gpu configuration"; + cfg = config.sneeuwvlok.hardware.has.gpu; +in { + options.sneeuwvlok.hardware.has.gpu.amd = mkEnableOption "Enable AMD gpu configuration"; config = mkIf cfg.amd { - services.xserver.videoDrivers = [ "amd" ]; + services.xserver.videoDrivers = ["amd"]; hardware = { graphics = { diff --git a/modules/nixos/hardware/gpu/nvidia.nix b/modules/nixos/hardware/gpu/nvidia.nix index e8ac542..ec875be 100644 --- a/modules/nixos/hardware/gpu/nvidia.nix +++ b/modules/nixos/hardware/gpu/nvidia.nix @@ -1,14 +1,17 @@ -{ pkgs, lib, namespace, config, ... }: -let +{ + pkgs, + lib, + config, + ... +}: let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.hardware.has.gpu.nvidia; -in -{ - options.${namespace}.hardware.has.gpu.nvidia = mkEnableOption "Enable NVidia gpu configuration"; + cfg = config.sneeuwvlok.hardware.has.gpu; +in { + options.sneeuwvlok.hardware.has.gpu.nvidia = mkEnableOption "Enable NVidia gpu configuration"; - config = mkIf cfg { - services.xserver.videoDrivers = [ "nvidia" ]; + config = mkIf cfg.nvidia { + services.xserver.videoDrivers = ["nvidia"]; hardware = { graphics = { diff --git a/modules/nixos/hardware/gpu/nvidia/default.nix b/modules/nixos/hardware/gpu/nvidia/default.nix deleted file mode 100644 index ab7c087..0000000 --- a/modules/nixos/hardware/gpu/nvidia/default.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ pkgs, lib, namespace, config, ... }: -let - inherit (lib) mkIf mkEnableOption; - - cfg = config.${namespace}.hardware.has.gpu; -in -{ - options.${namespace}.hardware.has.gpu.nvidia = mkEnableOption "Enable NVidia gpu configuration"; - - config = mkIf cfg.nvidia { - services.xserver.videoDrivers = [ "nvidia" ]; - - hardware = { - graphics = { - enable = true; - enable32Bit = true; - }; - - nvidia = { - modesetting.enable = true; - open = false; - nvidiaSettings = true; - - powerManagement = { - enable = true; - finegrained = false; - }; - - # package = config.boot.kernelPackages.nvidiaPackages.vulkan_beta; - - # package = let - # rcu_patch = pkgs.fetchpatch { - # url = "https://github.com/gentoo/gentoo/raw/c64caf53/x11-drivers/nvidia-drivers/files/nvidia-drivers-470.223.02-gpl-pfn_valid.patch"; - # hash = "sha256-eZiQQp2S/asE7MfGvfe6dA/kdCvek9SYa/FFGp24dVg="; - # }; - # in config.boot.kernelPackages.nvidiaPackages.mkDriver { - # version = "550.40.07"; - # sha256_64bit = "sha256-KYk2xye37v7ZW7h+uNJM/u8fNf7KyGTZjiaU03dJpK0="; - # sha256_aarch64 = "sha256-AV7KgRXYaQGBFl7zuRcfnTGr8rS5n13nGUIe3mJTXb4="; - # openSha256 = "sha256-mRUTEWVsbjq+psVe+kAT6MjyZuLkG2yRDxCMvDJRL1I="; - # settingsSha256 = "sha256-c30AQa4g4a1EHmaEu1yc05oqY01y+IusbBuq+P6rMCs="; - # persistencedSha256 = "sha256-11tLSY8uUIl4X/roNnxf5yS2PQvHvoNjnd2CB67e870="; - - # patches = [ rcu_patch ]; - # }; - }; - }; - }; -} diff --git a/modules/nixos/hardware/keyboard/voyager.nix b/modules/nixos/hardware/keyboard/voyager.nix index fd470f8..a7823f9 100644 --- a/modules/nixos/hardware/keyboard/voyager.nix +++ b/modules/nixos/hardware/keyboard/voyager.nix @@ -1,12 +1,15 @@ -{ lib, config, pkgs, namespace, ... }: -let +{ + lib, + config, + pkgs, + ... +}: let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.hardware.keyboard.voyager; -in -{ - options.${namespace}.hardware.keyboard.voyager = { - enble = mkEnableOption "Enable tools for ZSA Voyager"; + cfg = config.sneeuwvlok.hardware.keyboard.voyager; +in { + options.sneeuwvlok.hardware.keyboard.voyager = { + enable = mkEnableOption "Enable tools for ZSA Voyager"; }; config = mkIf cfg.enable { diff --git a/modules/nixos/home-manager/default.nix b/modules/nixos/home-manager.nix similarity index 100% rename from modules/nixos/home-manager/default.nix rename to modules/nixos/home-manager.nix diff --git a/modules/nixos/nix/default.nix b/modules/nixos/nix.nix similarity index 73% rename from modules/nixos/nix/default.nix rename to modules/nixos/nix.nix index bf96f59..870dd24 100644 --- a/modules/nixos/nix/default.nix +++ b/modules/nixos/nix.nix @@ -1,9 +1,12 @@ -{ pkgs, lib, namespace, config, ... }: -let - cfg = config.${namespace}.nix; -in { - options.${namespace}.nix = {}; + pkgs, + lib, + config, + ... +}: let + cfg = config.sneeuwvlok.nix; +in { + options.sneeuwvlok.nix = {}; config = { programs.git.enable = true; @@ -14,9 +17,9 @@ in extraOptions = "experimental-features = nix-command flakes pipe-operators"; settings = { - experimental-features = [ "nix-command" "flakes" "pipe-operators" ]; - allowed-users = [ "@wheel" ]; - trusted-users = [ "@wheel" ]; + experimental-features = ["nix-command" "flakes" "pipe-operators"]; + allowed-users = ["@wheel"]; + trusted-users = ["@wheel"]; auto-optimise-store = true; connect-timeout = 5; diff --git a/modules/nixos/services/authentication/authelia/default.nix b/modules/nixos/services/authentication/authelia.nix similarity index 97% rename from modules/nixos/services/authentication/authelia/default.nix rename to modules/nixos/services/authentication/authelia.nix index 7aea103..1a1b8ff 100644 --- a/modules/nixos/services/authentication/authelia/default.nix +++ b/modules/nixos/services/authentication/authelia.nix @@ -2,20 +2,19 @@ config, lib, pkgs, - namespace, ... }: let inherit (lib) mkIf mkEnableOption; user = "authelia-testing"; - cfg = config.${namespace}.services.authentication.authelia; + cfg = config.sneeuwvlok.services.authentication.authelia; in { - options.${namespace}.services.authentication.authelia = { + options.sneeuwvlok.services.authentication.authelia = { enable = mkEnableOption "Authelia"; }; config = mkIf cfg.enable { - ${namespace}.services.networking.caddy = { + sneeuwvlok.services.networking.caddy = { hosts = { "auth.kruining.eu".extraConfig = '' reverse_proxy http://127.0.0.1:9091 diff --git a/modules/nixos/services/authentication/himmelblau/default.nix b/modules/nixos/services/authentication/himmelblau.nix similarity index 62% rename from modules/nixos/services/authentication/himmelblau/default.nix rename to modules/nixos/services/authentication/himmelblau.nix index d39d4cf..4a52840 100644 --- a/modules/nixos/services/authentication/himmelblau/default.nix +++ b/modules/nixos/services/authentication/himmelblau.nix @@ -1,17 +1,13 @@ { - inputs, lib, config, - namespace, ... }: let inherit (lib) mkEnableOption mkIf; - cfg = config.${namespace}.services.authentication.himmelblau; + cfg = config.sneeuwvlok.services.authentication.himmelblau; in { - imports = [inputs.himmelblau.nixosModules.himmelblau]; - - options.${namespace}.services.authentication.himmelblau = { + options.sneeuwvlok.services.authentication.himmelblau = { enable = mkEnableOption "enable azure entra ID authentication"; }; diff --git a/modules/nixos/services/authentication/zitadel/default.nix b/modules/nixos/services/authentication/zitadel.nix similarity index 97% rename from modules/nixos/services/authentication/zitadel/default.nix rename to modules/nixos/services/authentication/zitadel.nix index 7674835..e120d32 100644 --- a/modules/nixos/services/authentication/zitadel/default.nix +++ b/modules/nixos/services/authentication/zitadel.nix @@ -1,14 +1,14 @@ -{ config, lib, pkgs, namespace, system, inputs, ... }: +{ config, lib, pkgs, self, ... }: let inherit (lib) mkIf mkEnableOption mkOption types toUpper toSentenceCase nameValuePair mapAttrs mapAttrs' concatMapAttrs concatMapStringsSep filterAttrsRecursive listToAttrs imap0 head drop length literalExpression attrNames; - inherit (lib.${namespace}.strings) toSnakeCase; + inherit ((import ../../../../../lib/strings { inherit lib;}).strings) toSnakeCase; - cfg = config.${namespace}.services.authentication.zitadel; + cfg = config.sneeuwvlok.services.authentication.zitadel; database = "zitadel"; in { - options.${namespace}.services.authentication.zitadel = { + options.sneeuwvlok.services.authentication.zitadel = { enable = mkEnableOption "Zitadel"; organization = mkOption { @@ -339,8 +339,8 @@ in config' = config; # this is a nix package, the generated json file to be exact - terraformConfiguration = inputs.terranix.lib.terranixConfiguration { - inherit system; + terraformConfiguration = self.inputs.terranix.lib.terranixConfiguration { + system = pkgs.stdenv.hostPlatform.system; modules = [ ({ config, lib, ... }: { @@ -355,8 +355,7 @@ in for item in ${src} : "''${item.org}_''${item.name}" => item }''; - } - // set; + } // set; in { terraform.required_providers.zitadel = { @@ -537,8 +536,8 @@ in }; in mkIf cfg.enable { - ${namespace}.services = { - persistance.postgresql.enable = true; + sneeuwvlok.services = { + persistence.postgresql.enable = true; networking.caddy = { hosts = { @@ -566,17 +565,16 @@ in "d /var/lib/zitadel/clients 0755 zitadel zitadel -" ]; - systemd.services.zitadelApplyTerraform = { + systemd.services.zitadelApplyTerraform = + let + tofu = lib.getExe pkgs.opentofu; + in { description = "Zitadel terraform apply"; wantedBy = [ "multi-user.target" ]; wants = [ "zitadel.service" ]; - script = - let - tofu = lib.getExe pkgs.opentofu; - in - '' + script = '' if [ "$(systemctl is-active zitadel)" != "active" ]; then echo "Zitadel is not running" exit 1 diff --git a/modules/nixos/services/backup/borg/default.nix b/modules/nixos/services/backup/borg.nix similarity index 83% rename from modules/nixos/services/backup/borg/default.nix rename to modules/nixos/services/backup/borg.nix index 9cbbea0..417c911 100644 --- a/modules/nixos/services/backup/borg/default.nix +++ b/modules/nixos/services/backup/borg.nix @@ -1,11 +1,14 @@ -{ config, lib, pkgs, namespace, ... }: -let +{ + config, + lib, + pkgs, + ... +}: let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.services.backup.borg; -in -{ - options.${namespace}.services.backup.borg = { + cfg = config.sneeuwvlok.services.backup.borg; +in { + options.sneeuwvlok.services.backup.borg = { enable = mkEnableOption "Borg Backup"; }; diff --git a/modules/nixos/services/communication/matrix/default.nix b/modules/nixos/services/communication/matrix.nix similarity index 98% rename from modules/nixos/services/communication/matrix/default.nix rename to modules/nixos/services/communication/matrix.nix index d2e47b0..1d1df2a 100644 --- a/modules/nixos/services/communication/matrix/default.nix +++ b/modules/nixos/services/communication/matrix.nix @@ -2,13 +2,12 @@ config, lib, pkgs, - namespace, ... }: let inherit (builtins) toString toJSON; inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.services.communication.matrix; + cfg = config.sneeuwvlok.services.communication.matrix; domain = "kruining.eu"; fqn = "matrix.${domain}"; @@ -17,13 +16,13 @@ database = "synapse"; keyFile = "/var/lib/element-call/key"; in { - options.${namespace}.services.communication.matrix = { + options.sneeuwvlok.services.communication.matrix = { enable = mkEnableOption "Matrix server (Synapse)"; }; config = mkIf cfg.enable { - ${namespace}.services = { - persistance.postgresql.enable = true; + sneeuwvlok.services = { + persistence.postgresql.enable = true; # virtualisation.podman.enable = true; networking.caddy = { diff --git a/modules/nixos/services/development/forgejo/default.nix b/modules/nixos/services/development/forgejo.nix similarity index 96% rename from modules/nixos/services/development/forgejo/default.nix rename to modules/nixos/services/development/forgejo.nix index f190b0c..c468137 100644 --- a/modules/nixos/services/development/forgejo/default.nix +++ b/modules/nixos/services/development/forgejo.nix @@ -2,16 +2,15 @@ config, lib, pkgs, - namespace, ... }: let inherit (builtins) toString; inherit (lib) mkIf mkEnableOption mkOption; - cfg = config.${namespace}.services.development.forgejo; + cfg = config.sneeuwvlok.services.development.forgejo; domain = "git.amarth.cloud"; in { - options.${namespace}.services.development.forgejo = { + options.sneeuwvlok.services.development.forgejo = { enable = mkEnableOption "Forgejo"; port = mkOption { @@ -25,8 +24,8 @@ in { }; config = mkIf cfg.enable { - ${namespace}.services = { - persistance.postgresql.enable = true; + sneeuwvlok.services = { + persistence.postgresql.enable = true; virtualisation.podman.enable = true; networking.caddy = { diff --git a/modules/nixos/services/games/minecraft/default.nix b/modules/nixos/services/games/minecraft.nix similarity index 96% rename from modules/nixos/services/games/minecraft/default.nix rename to modules/nixos/services/games/minecraft.nix index 84567b3..4d9b8b9 100644 --- a/modules/nixos/services/games/minecraft/default.nix +++ b/modules/nixos/services/games/minecraft.nix @@ -1,21 +1,15 @@ { - inputs, config, lib, pkgs, - namespace, ... }: let inherit (lib) mkIf mkEnableOption mkOption; inherit (lib.types) str; - cfg = config.${namespace}.services.games.minecraft; + cfg = config.sneeuwvlok.services.games.minecraft; in { - imports = [ - inputs.nix-minecraft.nixosModules.minecraft-servers - ]; - - options.${namespace}.services.games.minecraft = { + options.sneeuwvlok.services.games.minecraft = { enable = mkEnableOption "Minecraft"; user = mkOption { diff --git a/modules/nixos/services/games/openrct.nix b/modules/nixos/services/games/openrct.nix index a36f0fb..196ae12 100644 --- a/modules/nixos/services/games/openrct.nix +++ b/modules/nixos/services/games/openrct.nix @@ -1,11 +1,14 @@ -{ config, lib, pkgs, namespace, ... }: -let +{ + config, + lib, + pkgs, + ... +}: let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.services.games.openrct; -in -{ - options.${namespace}.services.games.openrct = { + cfg = config.sneeuwvlok.services.games.openrct; +in { + options.sneeuwvlok.services.games.openrct = { enable = mkEnableOption "OpenRCT2"; }; @@ -16,7 +19,7 @@ in systemd.services.openrct = { enable = true; - after = [ "network.target"]; + after = ["network.target"]; description = "OpenRCT2 Server"; serviceConfig = { Type = ""; diff --git a/modules/nixos/services/games/palworld/default.nix b/modules/nixos/services/games/palworld.nix similarity index 83% rename from modules/nixos/services/games/palworld/default.nix rename to modules/nixos/services/games/palworld.nix index 152891d..d6de43b 100644 --- a/modules/nixos/services/games/palworld/default.nix +++ b/modules/nixos/services/games/palworld.nix @@ -1,14 +1,13 @@ { config, lib, - namespace, ... }: let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.services.games.palworld; + cfg = config.sneeuwvlok.services.games.palworld; in { - options.${namespace}.services.games.palworld = { + options.sneeuwvlok.services.games.palworld = { enable = mkEnableOption "Palworld"; }; diff --git a/modules/nixos/services/media/default.nix b/modules/nixos/services/media/default.nix index c10a08e..0db854f 100644 --- a/modules/nixos/services/media/default.nix +++ b/modules/nixos/services/media/default.nix @@ -1,16 +1,15 @@ { pkgs, lib, - namespace, config, ... }: let inherit (lib) mkIf mkEnableOption mkOption; inherit (lib.types) str; - cfg = config.${namespace}.services.media; + cfg = config.sneeuwvlok.services.media; in { - options.${namespace}.services.media = { + options.sneeuwvlok.services.media = { enable = mkEnableOption "Enable media services"; user = mkOption { diff --git a/modules/nixos/services/media/glance/default.nix b/modules/nixos/services/media/glance.nix similarity index 97% rename from modules/nixos/services/media/glance/default.nix rename to modules/nixos/services/media/glance.nix index b042297..29e4cc6 100644 --- a/modules/nixos/services/media/glance/default.nix +++ b/modules/nixos/services/media/glance.nix @@ -1,19 +1,18 @@ { config, lib, - namespace, ... }: let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.services.media.glance; + cfg = config.sneeuwvlok.services.media.glance; in { - options.${namespace}.services.media.glance = { + options.sneeuwvlok.services.media.glance = { enable = mkEnableOption "Enable Glance"; }; config = mkIf cfg.enable { - ${namespace}.services.networking.caddy.hosts = { + sneeuwvlok.services.networking.caddy.hosts = { "https://${config.networking.hostName}:443" = '' reverse_proxy http://[::1]:2000 ''; diff --git a/modules/nixos/services/media/jellyfin/default.nix b/modules/nixos/services/media/jellyfin.nix similarity index 81% rename from modules/nixos/services/media/jellyfin/default.nix rename to modules/nixos/services/media/jellyfin.nix index de19896..315838c 100644 --- a/modules/nixos/services/media/jellyfin/default.nix +++ b/modules/nixos/services/media/jellyfin.nix @@ -2,22 +2,20 @@ pkgs, config, lib, - namespace, inputs, - system, ... }: let inherit (builtins) toString; inherit (lib) mkIf mkEnableOption mkOption types; - cfg = config.${namespace}.services.media.jellyfin; + cfg = config.sneeuwvlok.services.media.jellyfin; in { - options.${namespace}.services.media.jellyfin = { + options.sneeuwvlok.services.media.jellyfin = { enable = mkEnableOption "Enable jellyfin server"; }; config = mkIf cfg.enable { - ${namespace}.services.networking.caddy = { + sneeuwvlok.services.networking.caddy = { hosts = { "jellyfin.kruining.eu" = '' reverse_proxy http://[::1]:8096 diff --git a/modules/nixos/services/media/mydia/default.nix b/modules/nixos/services/media/mydia.nix similarity index 92% rename from modules/nixos/services/media/mydia/default.nix rename to modules/nixos/services/media/mydia.nix index 7e082a3..9c305c9 100644 --- a/modules/nixos/services/media/mydia/default.nix +++ b/modules/nixos/services/media/mydia.nix @@ -1,20 +1,13 @@ { config, lib, - namespace, - inputs, - system, ... }: let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.services.media.mydia; + cfg = config.sneeuwvlok.services.media.mydia; in { - imports = [ - inputs.mydia.nixosModules.default - ]; - - options.${namespace}.services.media.mydia = { + options.sneeuwvlok.services.media.mydia = { enable = mkEnableOption "Enable Mydia"; }; diff --git a/modules/nixos/services/media/nextcloud/default.nix b/modules/nixos/services/media/nextcloud.nix similarity index 83% rename from modules/nixos/services/media/nextcloud/default.nix rename to modules/nixos/services/media/nextcloud.nix index 06904c6..eb8c9da 100644 --- a/modules/nixos/services/media/nextcloud/default.nix +++ b/modules/nixos/services/media/nextcloud.nix @@ -2,15 +2,14 @@ config, lib, pkgs, - namespace, ... }: let inherit (lib) mkIf mkEnableOption mkOption; inherit (lib.types) str; - cfg = config.${namespace}.services.media.nextcloud; + cfg = config.sneeuwvlok.services.media.nextcloud; in { - options.${namespace}.services.media.nextcloud = { + options.sneeuwvlok.services.media.nextcloud = { enable = mkEnableOption "Nextcloud"; user = mkOption { @@ -25,7 +24,7 @@ in { }; config = mkIf cfg.enable { - ${namespace}.services.networking.caddy = { + sneeuwvlok.services.networking.caddy = { hosts."cloud.kruining.eu" = '' php_fastcgi unix//run/phpfpm/nextcloud.sock { env front_controller_active true @@ -41,14 +40,14 @@ in { groups.${cfg.group} = {}; }; - home-manager.users.${cfg.user}.home = { - stateVersion = config.system.stateVersion; + # home-manager.users.${cfg.user}.home = { + # stateVersion = config.system.stateVersion; - file.".netrc".text = '' - login root - password KaasIsAwesome! - ''; - }; + # file.".netrc".text = '' + # login root + # password KaasIsAwesome! + # ''; + # }; services.nextcloud = { enable = true; diff --git a/modules/nixos/services/media/nfs/default.nix b/modules/nixos/services/media/nfs.nix similarity index 59% rename from modules/nixos/services/media/nfs/default.nix rename to modules/nixos/services/media/nfs.nix index 54b58e7..1028c73 100644 --- a/modules/nixos/services/media/nfs/default.nix +++ b/modules/nixos/services/media/nfs.nix @@ -1,16 +1,18 @@ -{ config, lib, namespace, ... }: -let +{ + config, + lib, + ... +}: let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.services.media.nfs; -in -{ - options.${namespace}.services.media.nfs = { + cfg = config.sneeuwvlok.services.media.nfs; +in { + options.sneeuwvlok.services.media.nfs = { enable = mkEnableOption "Enable NFS"; }; config = mkIf cfg.enable { - networking.firewall.allowedTCPPorts = [ 2049 ]; + networking.firewall.allowedTCPPorts = [2049]; services.nfs.server = { enable = true; diff --git a/modules/nixos/services/media/servarr/default.nix b/modules/nixos/services/media/servarr.nix similarity index 97% rename from modules/nixos/services/media/servarr/default.nix rename to modules/nixos/services/media/servarr.nix index c7a066c..2c6125d 100644 --- a/modules/nixos/services/media/servarr/default.nix +++ b/modules/nixos/services/media/servarr.nix @@ -2,19 +2,17 @@ pkgs, config, lib, - namespace, - inputs, - system, + self, ... }: let inherit (builtins) toString; inherit (lib) mkIf mkEnableOption mkOption types; - cfg = config.${namespace}.services.media.servarr; + cfg = config.sneeuwvlok.services.media.servarr; servarr = import ./lib.nix {inherit lib;}; anyEnabled = cfg |> lib.attrNames |> lib.length |> (l: l > 0); in { - options.${namespace}.services.media = { + options.sneeuwvlok.services.media = { servarr = mkOption { type = types.attrsOf (types.submodule ({name, ...}: { options = { @@ -155,8 +153,8 @@ in { config' = config; lib' = lib; - terraformConfiguration = inputs.terranix.lib.terranixConfiguration { - inherit system; + terraformConfiguration = self.inputs.terranix.lib.terranixConfiguration { + system = pkgs.stdenv.hostPlatform.system; modules = [ ({ @@ -341,11 +339,11 @@ in { } ''; - script = '' + script = lib.replaceStrings ["\r"] [""] '' # Sleep for a bit to give the service a chance to start up sleep 5s - if [ "$(systemctl is-active "${service}")" != "active" ]; then + if [ "$(systemctl is-active ${lib.escapeShellArg service})" != "active" ]; then echo "${service} is not running" exit 1 fi diff --git a/modules/nixos/services/media/servarr/lib.nix b/modules/nixos/services/media/servarr/lib.nix deleted file mode 100644 index 8ee412b..0000000 --- a/modules/nixos/services/media/servarr/lib.nix +++ /dev/null @@ -1,2 +0,0 @@ -{lib, ...}: { -} diff --git a/modules/nixos/services/networking/caddy/default.nix b/modules/nixos/services/networking/caddy.nix similarity index 58% rename from modules/nixos/services/networking/caddy/default.nix rename to modules/nixos/services/networking/caddy.nix index ec9df3a..6194808 100644 --- a/modules/nixos/services/networking/caddy/default.nix +++ b/modules/nixos/services/networking/caddy.nix @@ -2,33 +2,29 @@ config, pkgs, lib, - namespace, ... }: let inherit (builtins) length; inherit (lib) mkIf mkEnableOption mkOption types attrNames mapAttrs; - cfg = config.${namespace}.services.networking.caddy; + cfg = config.sneeuwvlok.services.networking.caddy; hasHosts = (cfg.hosts |> attrNames |> length) > 0; - caddyBase = pkgs.callPackage "${pkgs.path}/pkgs/by-name/ca/caddy/package.nix" { - buildGo125Module = pkgs.buildGo126Module; - caddy = caddyBase; + caddyPackage = pkgs.caddy.withPlugins { + plugins = ["github.com/corazawaf/coraza-caddy/v2@v2.1.0"]; + hash = "sha256-pSXjLaZoRtKV3eFl2ySRSjl3yxi514G1Cb7pfrpxxtE="; }; - caddyPackage = - caddyBase.withPlugins { - plugins = ["github.com/corazawaf/coraza-caddy/v2@v2.1.0"]; - hash = "sha256-pSXjLaZoRtKV3eFl2ySRSjl3yxi514G1Cb7pfrpxxtE="; - }; in { - options.${namespace}.services.networking.caddy = { + options.sneeuwvlok.services.networking.caddy = { enable = mkEnableOption "enable caddy" // {default = true;}; hosts = mkOption { type = types.attrsOf types.str; + default = {}; }; extraConfig = mkOption { type = types.str; + default = ""; }; }; diff --git a/modules/nixos/services/networking/ssh/default.nix b/modules/nixos/services/networking/ssh.nix similarity index 67% rename from modules/nixos/services/networking/ssh/default.nix rename to modules/nixos/services/networking/ssh.nix index 5ebdfd2..60ca00a 100644 --- a/modules/nixos/services/networking/ssh/default.nix +++ b/modules/nixos/services/networking/ssh.nix @@ -1,12 +1,14 @@ -{ config, lib, namespace, ... }: -let +{ + config, + lib, + ... +}: let inherit (lib.modules) mkIf; inherit (lib.options) mkEnableOption; - cfg = config.${namespace}.services.networking.ssh; -in -{ - options.${namespace}.services.networking.ssh = { + cfg = config.sneeuwvlok.services.networking.ssh; +in { + options.sneeuwvlok.services.networking.ssh = { enable = mkEnableOption "enable ssh"; }; @@ -14,10 +16,10 @@ in services.openssh = { enable = true; openFirewall = true; - ports = [ 22 ]; + ports = [22]; settings = { PasswordAuthentication = true; - AllowUsers = [ "chris" "root" ]; + AllowUsers = ["chris" "root"]; UseDns = true; UsePAM = true; PermitRootLogin = "prohibit-password"; diff --git a/modules/nixos/services/networking/wireguard/default.nix b/modules/nixos/services/networking/wireguard.nix similarity index 79% rename from modules/nixos/services/networking/wireguard/default.nix rename to modules/nixos/services/networking/wireguard.nix index 0cf5320..364395b 100644 --- a/modules/nixos/services/networking/wireguard/default.nix +++ b/modules/nixos/services/networking/wireguard.nix @@ -2,17 +2,16 @@ config, pkgs, lib, - namespace, ... }: let inherit (builtins) length; inherit (lib) mkIf mkEnableOption mkOption types attrNames attrsToList listToAttrs; - cfg = config.${namespace}.services.networking.wireguard; + cfg = config.sneeuwvlok.services.networking.wireguard; hasPeers = (cfg.peer |> attrNames |> length) > 0; in { - options.${namespace}.services.networking.wireguard = { - # enable = mkEnableOption "enable wireguard" // {default = true;}; + options.sneeuwvlok.services.networking.wireguard = { + enable = mkEnableOption "enable wireguard" // {default = true;}; peer = mkOption { type = types.attrsOf (types.submodule { @@ -29,10 +28,11 @@ in { }; }; }); + default = {}; }; }; - config = mkIf hasPeers { + config = mkIf (cfg.enable && hasPeers) { # networking.firewall.allowedUDPPorts = cfg.peer |> lib.attrValues |> lib.map (p: p.port); # networking.wq-quick = { # # enable = cfg.enable; diff --git a/modules/nixos/services/observability/grafana/default.nix b/modules/nixos/services/observability/grafana/default.nix index a867351..c3a5f9a 100644 --- a/modules/nixos/services/observability/grafana/default.nix +++ b/modules/nixos/services/observability/grafana/default.nix @@ -2,18 +2,17 @@ pkgs, config, lib, - namespace, ... }: let inherit (lib.modules) mkIf; inherit (lib.options) mkEnableOption; - cfg = config.${namespace}.services.observability.grafana; + cfg = config.sneeuwvlok.services.observability.grafana; db_user = "grafana"; db_name = "grafana"; in { - options.${namespace}.services.observability.grafana = { + options.sneeuwvlok.services.observability.grafana = { enable = mkEnableOption "enable Grafana"; }; diff --git a/modules/nixos/services/observability/loki/default.nix b/modules/nixos/services/observability/loki.nix similarity index 80% rename from modules/nixos/services/observability/loki/default.nix rename to modules/nixos/services/observability/loki.nix index d4774ac..e45d680 100644 --- a/modules/nixos/services/observability/loki/default.nix +++ b/modules/nixos/services/observability/loki.nix @@ -1,12 +1,15 @@ -{ pkgs, config, lib, namespace, ... }: -let +{ + pkgs, + config, + lib, + ... +}: let inherit (lib.modules) mkIf; inherit (lib.options) mkEnableOption; - cfg = config.${namespace}.services.observability.loki; -in -{ - options.${namespace}.services.observability.loki = { + cfg = config.sneeuwvlok.services.observability.loki; +in { + options.sneeuwvlok.services.observability.loki = { enable = mkEnableOption "enable Grafana Loki"; }; @@ -44,6 +47,6 @@ in }; }; - networking.firewall.allowedTCPPorts = [ 9003 ]; + networking.firewall.allowedTCPPorts = [9003]; }; } diff --git a/modules/nixos/services/observability/prometheus/default.nix b/modules/nixos/services/observability/prometheus.nix similarity index 60% rename from modules/nixos/services/observability/prometheus/default.nix rename to modules/nixos/services/observability/prometheus.nix index af5ee9d..06c496c 100644 --- a/modules/nixos/services/observability/prometheus/default.nix +++ b/modules/nixos/services/observability/prometheus.nix @@ -1,12 +1,15 @@ -{ pkgs, config, lib, namespace, ... }: -let +{ + pkgs, + config, + lib, + ... +}: let inherit (builtins) toString; inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.services.observability.prometheus; -in -{ - options.${namespace}.services.observability.prometheus = { + cfg = config.sneeuwvlok.services.observability.prometheus; +in { + options.sneeuwvlok.services.observability.prometheus = { enable = mkEnableOption "enable Prometheus"; }; @@ -21,14 +24,14 @@ in { job_name = "prometheus"; static_configs = [ - { targets = [ "localhost:9002" ]; } + {targets = ["localhost:9002"];} ]; } { job_name = "node"; static_configs = [ - { targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ]; } + {targets = ["localhost:${toString config.services.prometheus.exporters.node.port}"];} ]; } ]; @@ -37,12 +40,12 @@ in node = { enable = true; port = 9005; - enabledCollectors = [ "systemd" ]; + enabledCollectors = ["systemd"]; openFirewall = true; }; }; }; - networking.firewall.allowedTCPPorts = [ 9002 ]; + networking.firewall.allowedTCPPorts = [9002]; }; } diff --git a/modules/nixos/services/observability/promtail/default.nix b/modules/nixos/services/observability/promtail.nix similarity index 89% rename from modules/nixos/services/observability/promtail/default.nix rename to modules/nixos/services/observability/promtail.nix index 38dbbab..cf5e6c1 100644 --- a/modules/nixos/services/observability/promtail/default.nix +++ b/modules/nixos/services/observability/promtail.nix @@ -2,15 +2,14 @@ pkgs, config, lib, - namespace, ... }: let inherit (lib.modules) mkIf; inherit (lib.options) mkEnableOption; - cfg = config.${namespace}.services.observability.promtail; + cfg = config.sneeuwvlok.services.observability.promtail; in { - options.${namespace}.services.observability.promtail = { + options.sneeuwvlok.services.observability.promtail = { enable = mkEnableOption "enable Grafana Promtail"; }; diff --git a/modules/nixos/services/observability/uptime-kuma/default.nix b/modules/nixos/services/observability/uptime-kuma.nix similarity index 57% rename from modules/nixos/services/observability/uptime-kuma/default.nix rename to modules/nixos/services/observability/uptime-kuma.nix index c23977b..fc089fd 100644 --- a/modules/nixos/services/observability/uptime-kuma/default.nix +++ b/modules/nixos/services/observability/uptime-kuma.nix @@ -1,12 +1,15 @@ -{ pkgs, config, lib, namespace, ... }: -let +{ + pkgs, + config, + lib, + ... +}: let inherit (builtins) toString; inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.services.observability.uptime-kuma; -in -{ - options.${namespace}.services.observability.uptime-kuma = { + cfg = config.sneeuwvlok.services.observability.uptime-kuma; +in { + options.sneeuwvlok.services.observability.uptime-kuma = { enable = mkEnableOption "enable uptime kuma"; }; @@ -19,7 +22,7 @@ in HOST = "0.0.0.0"; }; }; - - networking.firewall.allowedTCPPorts = [ 9006 ]; + + networking.firewall.allowedTCPPorts = [9006]; }; } diff --git a/modules/nixos/services/persistance/postgesql/default.nix b/modules/nixos/services/persistance/postgresql.nix similarity index 81% rename from modules/nixos/services/persistance/postgesql/default.nix rename to modules/nixos/services/persistance/postgresql.nix index 403c07c..f217dd5 100644 --- a/modules/nixos/services/persistance/postgesql/default.nix +++ b/modules/nixos/services/persistance/postgresql.nix @@ -2,14 +2,13 @@ config, lib, pkgs, - namespace, ... }: let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.services.persistance.postgresql; + cfg = config.sneeuwvlok.services.persistence.postgresql; in { - options.${namespace}.services.persistance.postgresql = { + options.sneeuwvlok.services.persistence.postgresql = { enable = mkEnableOption "Postgresql"; }; diff --git a/modules/nixos/services/security/vaultwarden/default.nix b/modules/nixos/services/security/vaultwarden.nix similarity index 62% rename from modules/nixos/services/security/vaultwarden/default.nix rename to modules/nixos/services/security/vaultwarden.nix index 7dce380..47fe178 100644 --- a/modules/nixos/services/security/vaultwarden/default.nix +++ b/modules/nixos/services/security/vaultwarden.nix @@ -2,13 +2,14 @@ pkgs, config, lib, - namespace, + self, ... }: let inherit (builtins) toString; inherit (lib) mkIf mkEnableOption mkOption types getAttrs toUpper concatMapAttrsStringSep; + inherit (import ../../../../../lib/strings {inherit lib;}) strings; - cfg = config.${namespace}.services.security.vaultwarden; + cfg = config.sneeuwvlok.services.security.vaultwarden; databaseProviderSqlite = types.submodule ({...}: { options = { @@ -25,15 +26,22 @@ }; }); - databaseProviderPostgresql = types.submodule ({...}: let - urlOptions = lib.${namespace}.options.mkUrlOptions { - host = { + databaseProviderPostgresql = types.submodule ({...}: { + options = { + type = mkOption { + type = types.enum ["postgresql"]; + }; + + host = mkOption { + type = types.str; + example = "host.tld"; description = '' Hostname of the postgresql server ''; }; - port = { + port = mkOption { + type = types.port; default = 5432; example = "5432"; description = '' @@ -42,41 +50,37 @@ }; protocol = mkOption { + type = types.str; default = "postgres"; example = "postgres"; + description = '' + Which protocol to use when creating a url string + ''; + }; + + sslMode = mkOption { + type = types.enum ["verify-ca" "verify-full" "require" "prefer" "allow" "disabled"]; + default = "verify-full"; + example = "verify-ca"; + description = '' + How to verify the server's ssl + + | mode | eavesdropping protection | MITM protection | Statement | + |-------------|--------------------------|----------------------|---------------------------------------------------------------------------------------------------------------------------------------------| + | disable | No | No | I don't care about security, and I don't want to pay the overhead of encryption. | + | allow | Maybe | No | I don't care about security, but I will pay the overhead of encryption if the server insists on it. | + | prefer | Maybe | No | I don't care about encryption, but I wish to pay the overhead of encryption if the server supports it. | + | require | Yes | No | I want my data to be encrypted, and I accept the overhead. I trust that the network will make sure I always connect to the server I want. | + | verify-ca | Yes | Depends on CA policy | I want my data encrypted, and I accept the overhead. I want to be sure that I connect to a server that I trust. | + | verify-full | Yes | Yes | I want my data encrypted, and I accept the overhead. I want to be sure that I connect to a server I trust, and that it's the one I specify. | + + [Source](https://www.postgresql.org/docs/current/libpq-ssl.html#LIBPQ-SSL-SSLMODE-STATEMENTS) + ''; }; }; - in { - options = - { - type = mkOption { - type = types.enum ["postgresql"]; - }; - - sslMode = mkOption { - type = types.enum ["verify-ca" "verify-full" "require" "prefer" "allow" "disabled"]; - default = "verify-full"; - example = "verify-ca"; - description = '' - How to verify the server's ssl - - | mode | eavesdropping protection | MITM protection | Statement | - |-------------|--------------------------|----------------------|---------------------------------------------------------------------------------------------------------------------------------------------| - | disable | No | No | I don't care about security, and I don't want to pay the overhead of encryption. | - | allow | Maybe | No | I don't care about security, but I will pay the overhead of encryption if the server insists on it. | - | prefer | Maybe | No | I don't care about encryption, but I wish to pay the overhead of encryption if the server supports it. | - | require | Yes | No | I want my data to be encrypted, and I accept the overhead. I trust that the network will make sure I always connect to the server I want. | - | verify-ca | Yes | Depends on CA policy | I want my data encrypted, and I accept the overhead. I want to be sure that I connect to a server that I trust. | - | verify-full | Yes | Yes | I want my data encrypted, and I accept the overhead. I want to be sure that I connect to a server I trust, and that it's the one I specify. | - - [Source](https://www.postgresql.org/docs/current/libpq-ssl.html#LIBPQ-SSL-SSLMODE-STATEMENTS) - ''; - }; - } - // (urlOptions |> getAttrs ["protocol" "host" "port"]); }); in { - options.${namespace}.services.security.vaultwarden = { + options.sneeuwvlok.services.security.vaultwarden = { enable = mkEnableOption "enable vaultwarden"; database = mkOption { @@ -91,7 +95,7 @@ in { }; config = mkIf cfg.enable { - ${namespace}.services.networking.caddy.hosts = { + sneeuwvlok.services.networking.caddy.hosts = { "vault.kruining.eu" = '' encode zstd gzip @@ -118,7 +122,7 @@ in { enable = true; dbBackend = "postgresql"; - package = pkgs.${namespace}.vaultwarden; + package = pkgs.vaultwarden-postgresql; config = { SIGNUPS_ALLOWED = false; @@ -196,7 +200,7 @@ in { else if type == "postgresql" then { inherit (db) type; - url = lib.${namespace}.strings.toUrl { + url = strings.toUrl { inherit (db) protocol host port; path = "vaultwarden"; query = { diff --git a/modules/nixos/services/virtualisation/podman/default.nix b/modules/nixos/services/virtualisation/podman.nix similarity index 67% rename from modules/nixos/services/virtualisation/podman/default.nix rename to modules/nixos/services/virtualisation/podman.nix index 0faf8ce..0d32495 100644 --- a/modules/nixos/services/virtualisation/podman/default.nix +++ b/modules/nixos/services/virtualisation/podman.nix @@ -1,11 +1,15 @@ -{ config, options, lib, pkgs, namespace, ... }: -let +{ + config, + options, + lib, + pkgs, + ... +}: let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.services.virtualisation.podman; -in -{ - options.${namespace}.services.virtualisation.podman = { + cfg = config.sneeuwvlok.services.virtualisation.podman; +in { + options.sneeuwvlok.services.virtualisation.podman = { enable = mkEnableOption "enable podman"; }; diff --git a/modules/nixos/shells/default.nix b/modules/nixos/shells/default.nix deleted file mode 100644 index ea8f50d..0000000 --- a/modules/nixos/shells/default.nix +++ /dev/null @@ -1,2 +0,0 @@ -{...}: { -} diff --git a/modules/nixos/shells/zsh/default.nix b/modules/nixos/shells/zsh.nix similarity index 62% rename from modules/nixos/shells/zsh/default.nix rename to modules/nixos/shells/zsh.nix index 399e7dd..bb70922 100644 --- a/modules/nixos/shells/zsh/default.nix +++ b/modules/nixos/shells/zsh.nix @@ -1,11 +1,15 @@ -{ inputs, config, lib, pkgs, namespace, ... }: -let +{ + inputs, + config, + lib, + pkgs, + ... +}: let inherit (lib) mkIf mkEnableOption; - cfg = config.${namespace}.shell.zsh; -in -{ - options.${namespace}.shell.zsh = { + cfg = config.sneeuwvlok.shell.zsh; +in { + options.sneeuwvlok.shell.zsh = { enable = mkEnableOption "enable zsh shell"; }; diff --git a/modules/nixos/system/networking/default.nix b/modules/nixos/system/networking.nix similarity index 69% rename from modules/nixos/system/networking/default.nix rename to modules/nixos/system/networking.nix index c61a81b..4bb580f 100644 --- a/modules/nixos/system/networking/default.nix +++ b/modules/nixos/system/networking.nix @@ -1,11 +1,14 @@ -{ config, lib, pkgs, namespace, ... }: -let +{ + config, + lib, + pkgs, + ... +}: let inherit (lib) mkDefault; - cfg = config.${namespace}.system.networking; -in -{ - options.${namespace}.system.networking = {}; + cfg = config.sneeuwvlok.system.networking; +in { + options.sneeuwvlok.system.networking = {}; config = { systemd.services.NetworkManager-wait-online.enable = false; diff --git a/modules/nixos/system/security/boot/default.nix b/modules/nixos/system/security/boot.nix similarity index 90% rename from modules/nixos/system/security/boot/default.nix rename to modules/nixos/system/security/boot.nix index ccf1f83..920ef16 100644 --- a/modules/nixos/system/security/boot/default.nix +++ b/modules/nixos/system/security/boot.nix @@ -1,13 +1,15 @@ -{ config, namespace, inputs, ... }: -let - cfg = config.${namespace}.system.security.boot; -in { - options.${namespace}.system.security.boot = {}; + config, + inputs, + ... +}: let + cfg = config.sneeuwvlok.system.security.boot; +in { + options.sneeuwvlok.system.security.boot = {}; config = { boot = { - kernelModules = [ "tcp_bbr" ]; + kernelModules = ["tcp_bbr"]; kernel.sysctl = { ## TCP hardening # Prevent bogus ICMP errors from filling up logs. @@ -43,4 +45,4 @@ in }; }; }; -} \ No newline at end of file +} diff --git a/modules/nixos/system/security/default.nix b/modules/nixos/system/security/default.nix index e168543..fdd3416 100644 --- a/modules/nixos/system/security/default.nix +++ b/modules/nixos/system/security/default.nix @@ -1,9 +1,11 @@ -{ config, namespace, inputs, ... }: -let - cfg = config.${namespace}.system.security; -in { - options.${namespace}.system.security = {}; + config, + inputs, + ... +}: let + cfg = config.sneeuwvlok.system.security; +in { + options.sneeuwvlok.system.security = {}; config = { security = { @@ -20,4 +22,4 @@ in programs.gnupg.agent.enable = true; }; -} \ No newline at end of file +} diff --git a/modules/nixos/system/security/sops.nix b/modules/nixos/system/security/sops.nix new file mode 100644 index 0000000..e682f2c --- /dev/null +++ b/modules/nixos/system/security/sops.nix @@ -0,0 +1,25 @@ +{ + pkgs, + config, + self, + ... +}: let + cfg = config.sneeuwvlok.system.security.sops; +in { + options.sneeuwvlok.system.security.sops = {}; + + config = { + environment.systemPackages = with pkgs; [sops]; + + sops = { + defaultSopsFormat = "yaml"; + defaultSopsFile = self + "/systems/${pkgs.stdenv.hostPlatform.system}/${config.networking.hostName}/secrets.yml"; + + age = { + # keyFile = "~/.config/sops/age/keys.txt"; + # sshKeyPaths = [ "~/.ssh/id_ed25519" ]; + # generateKey = true; + }; + }; + }; +} diff --git a/modules/nixos/system/security/sops/default.nix b/modules/nixos/system/security/sops/default.nix deleted file mode 100644 index bee7b3c..0000000 --- a/modules/nixos/system/security/sops/default.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ pkgs, config, namespace, inputs, system, ... }: -let - cfg = config.${namespace}.system.security.sops; -in -{ - imports = [ - inputs.sops-nix.nixosModules.sops - ]; - - options.${namespace}.system.security.sops = {}; - - config = { - environment.systemPackages = with pkgs; [ sops ]; - - sops = { - defaultSopsFormat = "yaml"; - defaultSopsFile = inputs.self + "/systems/${system}/${config.networking.hostName}/secrets.yml"; - - age = { - # keyFile = "~/.config/sops/age/keys.txt"; - # sshKeyPaths = [ "~/.ssh/id_ed25519" ]; - # generateKey = true; - }; - }; - }; -} \ No newline at end of file diff --git a/modules/nixos/system/security/sudo/default.nix b/modules/nixos/system/security/sudo.nix similarity index 65% rename from modules/nixos/system/security/sudo/default.nix rename to modules/nixos/system/security/sudo.nix index b79efbc..ef41f6e 100644 --- a/modules/nixos/system/security/sudo/default.nix +++ b/modules/nixos/system/security/sudo.nix @@ -1,9 +1,7 @@ -{ config, namespace, ... }: -let - cfg = config.${namespace}.system.security.sudo; -in -{ - options.${namespace}.system.security.sudo = {}; +{config, ...}: let + cfg = config.sneeuwvlok.system.security.sudo; +in { + options.sneeuwvlok.system.security.sudo = {}; config = { security = { @@ -11,7 +9,7 @@ in enable = false; execWheelOnly = true; }; - + sudo-rs = { enable = true; execWheelOnly = true; @@ -19,4 +17,4 @@ in }; }; }; -} \ No newline at end of file +} diff --git a/packages/flake-module.nix b/packages/flake-module.nix new file mode 100644 index 0000000..dfe7214 --- /dev/null +++ b/packages/flake-module.nix @@ -0,0 +1,13 @@ +{inputs, ...}: { + imports = []; + + perSystem = { + system, + pkgs, + ... + }: { + packages = { + studio = pkgs.callPackage ./studio {erosanix = inputs.erosanix.lib.${system};}; + }; + }; +} diff --git a/packages/studio/default.nix b/packages/studio/default.nix index cb628c9..10ae62c 100644 --- a/packages/studio/default.nix +++ b/packages/studio/default.nix @@ -1,18 +1,18 @@ { pkgs, - inputs, + erosanix, }: let - inherit (builtins) fetchurl; + inherit (builtins) fetchurl replaceStrings; inherit (pkgs) makeDesktopItem copyDesktopItems wineWow64Packages; - inherit (inputs.erosanix.lib.x86_64-linux) mkWindowsAppNoCC makeDesktopIcon copyDesktopIcons; + inherit (erosanix) mkWindowsAppNoCC makeDesktopIcon copyDesktopIcons; wine = wineWow64Packages.base; in mkWindowsAppNoCC rec { inherit wine; - pname = "studio"; - version = "2.25.12"; + pname = "studio"; + version = "2.25.12"; src = fetchurl { url = "https://studio.download.bricklink.info/Studio2.0+EarlyAccess/Archive/2.25.12_1/Studio+2.0+EarlyAccess.exe"; @@ -36,15 +36,6 @@ in persistRuntimeLayer = true; inputHashMethod = "version"; - # Can be used to precisely select the Direct3D implementation. - # - # | enableVulkan | rendererOverride | Direct3D implementation | - # |--------------|------------------|-------------------------| - # | false | null | OpenGL | - # | true | null | Vulkan (DXVK) | - # | * | dxvk-vulkan | Vulkan (DXVK) | - # | * | wine-opengl | OpenGL | - # | * | wine-vulkan | Vulkan (VKD3D) | enableVulkan = false; rendererOverride = null; @@ -56,24 +47,24 @@ in nativeBuildInputs = [copyDesktopIcons copyDesktopItems]; - winAppInstall = '' + winAppInstall = replaceStrings ["\r"] [""] '' wine64 ${src} wineserver -W wine64 reg add 'HKEY_CURRENT_USER\Software\Wine\X11 Driver' /t REG_SZ /v UseTakeFocus /d N /f ''; - winAppPreRun = '' + winAppPreRun = replaceStrings ["\r"] [""] '' wineserver -W wine64 reg add 'HKEY_CURRENT_USER\Software\Wine\X11 Driver' /t REG_SZ /v UseTakeFocus /d N /f ''; - winAppRun = '' + winAppRun = replaceStrings ["\r"] [""] '' wine64 "$WINEPREFIX/drive_c/Program Files/Studio 2.0/Studio.exe" "$ARGS" ''; winAppPostRun = ""; - installPhase = '' + installPhase = replaceStrings ["\r"] [""] '' runHook preInstall ln -s $out/bin/.launcher $out/bin/${pname} diff --git a/packages/vaultwarden/default.nix b/packages/vaultwarden/default.nix deleted file mode 100644 index 243288b..0000000 --- a/packages/vaultwarden/default.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ lib, stdenv, rustPlatform, fetchFromGitHub, openssl, pkg-config, postgresql, dbBackend ? "postgresql", ... }: -rustPlatform.buildRustPackage rec { - pname = "vaultwarden"; - version = "1.34.3"; - - src = fetchFromGitHub { - owner = "Timshel"; - repo = "vaultwarden"; - rev = "1.34.3"; - hash = "sha256-Dj0ySVRvBZ/57+UHas3VI8bi/0JBRqn0IW1Dq+405J0="; - }; - - cargoHash = "sha256-4sDagd2XGamBz1XvDj4ycRVJ0F+4iwHOPlj/RglNDqE="; - - # used for "Server Installed" version in admin panel - env.VW_VERSION = version; - - nativeBuildInputs = [ pkg-config ]; - buildInputs = - [ openssl ] - ++ lib.optional (dbBackend == "postgresql") postgresql; - - buildFeatures = dbBackend; - - meta = with lib; { - license = licenses.agpl3Only; - mainProgram = "vaultwarden"; - }; -} \ No newline at end of file diff --git a/scratchpad b/scratchpad new file mode 100644 index 0000000..afff9b8 --- /dev/null +++ b/scratchpad @@ -0,0 +1 @@ +--resume=18a19308-41c9-4898-ab01-594195fd75a1 diff --git a/script/.shared/pwgen b/script/.shared/pwgen deleted file mode 100644 index 85fc69f..0000000 --- a/script/.shared/pwgen +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -pwgen -s 128 1 diff --git a/script/qbittorrent/hash.py b/script/qbittorrent/hash.py deleted file mode 100644 index a92343f..0000000 --- a/script/qbittorrent/hash.py +++ /dev/null @@ -1,19 +0,0 @@ -#!/usr/bin/bash - -import base64 -import hashlib -import sys -import uuid - -password = sys.argv[1] -salt = uuid.uuid4() -salt_bytes = salt.bytes - -password = str.encode(password) -hashed_password = hashlib.pbkdf2_hmac("sha512", password, salt_bytes, 100000, dklen=64) -b64_salt = base64.b64encode(salt_bytes).decode("utf-8") -b64_password = base64.b64encode(hashed_password).decode("utf-8") -password_string = "@ByteArray({salt}:{password})".format( - salt=b64_salt, password=b64_password -) -print(password_string) diff --git a/script/qbittorrent/password b/script/qbittorrent/password deleted file mode 100644 index 85fc69f..0000000 --- a/script/qbittorrent/password +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -pwgen -s 128 1 diff --git a/script/qbittorrent/password_hash b/script/qbittorrent/password_hash deleted file mode 100644 index 86ba315..0000000 --- a/script/qbittorrent/password_hash +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -python ./hash.py "$(just vars get ulmo qbittorrent/password | jq -r)" diff --git a/shells/default/default.nix b/shells/default/default.nix deleted file mode 100644 index ed12b5c..0000000 --- a/shells/default/default.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ - mkShell, - inputs, - pkgs, - stdenv, - ... -}: -mkShell { - packages = with pkgs; [ - bash - sops - just - yq - pwgen - alejandra - nil - nixd - openssl - inputs.clan-core.packages.${stdenv.hostPlatform.system}.clan-cli - nix-output-monitor - ]; -} diff --git a/sops/machines/ulmo/key.json b/sops/machines/ulmo/key.json new file mode 100644 index 0000000..90b904f --- /dev/null +++ b/sops/machines/ulmo/key.json @@ -0,0 +1,6 @@ +[ + { + "publickey": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", + "type": "age" + } +] \ No newline at end of file diff --git a/sops/users/chris/key.json b/sops/users/chris/key.json new file mode 100644 index 0000000..90b904f --- /dev/null +++ b/sops/users/chris/key.json @@ -0,0 +1,6 @@ +[ + { + "publickey": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", + "type": "age" + } +] \ No newline at end of file diff --git a/systems/x86_64-install-iso/minimal/default.nix b/systems/x86_64-install-iso/minimal/default.nix deleted file mode 100644 index 7d80104..0000000 --- a/systems/x86_64-install-iso/minimal/default.nix +++ /dev/null @@ -1,121 +0,0 @@ -{ pkgs, lib, ... }: -let - inherit (lib) mkForce; -in -{ - boot = { - supportedFilesystems = mkForce ["btrfs" "reiserfs" "vfat" "f2fs" "xfs" "ntfs" "cifs"]; - - loader.efi.canTouchEfiVariables = true; - }; - - networking = { - wireless.enable = mkForce false; - networkmanager.enable = true; - }; - - nix = { - enable = true; - extraOptions = "experimental-features = nix-command flakes"; - channel.enable = false; - - settings = { - experimental-features = [ "nix-command" "flakes" ]; - allowed-users = [ "@wheel" ]; - trusted-users = [ "@wheel" ]; - - auto-optimise-store = true; - connect-timeout = 5; - http-connections = 50; - log-lines = 50; # more log lines in case of error - min-free = 1 * (1024 * 1024 * 1024); # GiB # start garbage collector - max-free = 50 * (1024 * 1024 * 1024); # GiB # until - warn-dirty = false; - }; - }; - - services = { - qemuGuest.enable = true; - openssh = { - enable = true; - settings.PermitRootLogin = mkForce "yes"; - }; - }; - - users.users.nixos = { - initialPassword = "kaas"; - initialHashedPassword = mkForce null; - extraGroups = [ "networkmanager" ]; - }; - - environment.systemPackages = with pkgs; [ - # sbctl - git - # gum - # ( - # writeShellScriptBin "rescue" '' - # #!/usr/bin/env bash - # set -euo pipefail - - # gum "device name" - - # sudo mkdir -p /mnt/{dev,proc,sys,boot} - # sudo mount -o bind /dev /mnt/dev - # sudo mount -o bind /proc /mnt/proc - # sudo mount -o bind /sys /mnt/sys - # sudo chroot /mnt /nix/var/nix/profiles/system/activate - # sudo chroot /mnt /run/current-system/sw/bin/bash - - # sudo mount /dev/vda1 /mnt/boot - # sudo cryptsetup open /dev/vda3 cryptroot - # sudo mount /dev/mapper/cryptroot /mnt/ - - # sudo nixos-enter - # '' - # ) - # ( - # writeShellScriptBin "nix_installer" - # '' - # #!/usr/bin/env bash - # set -euo pipefail - - # if [ "$(id -u)" -eq 0 ]; then - # echo "ERROR! $(basename "$0") should be run as a regular user" - # exit 1 - # fi - - # if [ ! -d "$HOME/github/sneeuwvlok/.git" ]; then - # git clone https://github.com/chris-kruining/sneeuwvlok.git "$HOME/github/sneeuwvlok" - # fi - - # TARGET_HOST=$(ls -1 ~/github/sneeuwvlok/systems/*/default.nix | cut -d'/' -f6 | grep -v iso | gum choose) - - # if [ ! -e "$HOME/github/sneeuwvlok/hosts/$TARGET_HOST/disks.nix" ]; then - # echo "ERROR! $(basename "$0") could not find the required $HOME/github/sneeuwvlok/hosts/$TARGET_HOST/disks.nix" - # exit 1 - # fi - - # gum confirm --default=false \ - # "🔥 🔥 🔥 WARNING!!!! This will ERASE ALL DATA on the disk $TARGET_HOST. Are you sure you want to continue?" - - # echo "Partitioning Disks" - # sudo nix run github:nix-community/disko \ - # --extra-experimental-features "nix-command flakes" \ - # --no-write-lock-file \ - # -- \ - # --mode zap_create_mount \ - # "$HOME/dotfiles/hosts/$TARGET_HOST/disks.nix" - - # #echo "Creating blank volume" - # #sudo btrfs subvolume snapshot -r /mnt/ /mnt/root-blank - - # #echo "Set up attic binary cache" - # #attic use prod || true - - # sudo nixos-install --flake "$HOME/dotfiles#$TARGET_HOST" - # '' - # ) - ]; - - system.stateVersion = "23.11"; -} diff --git a/systems/x86_64-linux/mandos/default.nix b/systems/x86_64-linux/mandos/default.nix deleted file mode 100644 index b1605f8..0000000 --- a/systems/x86_64-linux/mandos/default.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ ... }: -{ - imports = [ - ./disks.nix - ./hardware.nix - ]; - - sneeuwvlok = { - hardware.has = { - gpu.nvidia = true; - audio = true; - }; - - boot = { - quiet = true; - animated = true; - }; - - desktop.use = "gamescope"; - - application = { - steam.enable = true; - }; - - editor = { - nano.enable = true; - }; - }; - - system.stateVersion = "23.11"; -} diff --git a/systems/x86_64-linux/manwe/default.nix b/systems/x86_64-linux/manwe/default.nix deleted file mode 100644 index a1b421b..0000000 --- a/systems/x86_64-linux/manwe/default.nix +++ /dev/null @@ -1,42 +0,0 @@ -{ pkgs, ...}: { - imports = [ - ./disks.nix - ./hardware.nix - ]; - - system.activationScripts.remove-gtkrc.text = "rm -f /home/chris/.gtkrc-2.0"; - - services.logrotate.checkConfig = false; - - environment.systemPackages = with pkgs; [ beyond-all-reason openrct2 ]; - - sneeuwvlok = { - hardware.has = { - gpu.amd = true; - bluetooth = true; - audio = true; - }; - - boot = { - quiet = true; - animated = true; - }; - - desktop.use = "plasma"; - - application = { - steam.enable = true; - }; - - editor = { - nano.enable = true; - }; - }; - - services.displayManager.autoLogin = { - enable = true; - user = "chris"; - }; - - system.stateVersion = "23.11"; -} diff --git a/systems/x86_64-linux/manwe/hardware.nix b/systems/x86_64-linux/manwe/hardware.nix deleted file mode 100644 index 33ae3b5..0000000 --- a/systems/x86_64-linux/manwe/hardware.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ config, lib, pkgs, modulesPath, system, ... }: -let - inherit (lib.modules) mkDefault; -in -{ - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - - boot = { - initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; - initrd.kernelModules = [ ]; - kernelModules = [ "kvm-amd" ]; - kernelParams = []; - extraModulePackages = [ ]; - }; - - nixpkgs.hostPlatform = mkDefault system; - hardware.cpu.amd.updateMicrocode = mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/systems/x86_64-linux/orome/default.nix b/systems/x86_64-linux/orome/default.nix deleted file mode 100644 index e155461..0000000 --- a/systems/x86_64-linux/orome/default.nix +++ /dev/null @@ -1,30 +0,0 @@ -{pkgs, ...}: { - imports = [ - ./disks.nix - ./hardware.nix - ]; - - environment.systemPackages = with pkgs; [ - azure-cli - github-copilot-cli - ]; - - sneeuwvlok = { - hardware.has = { - bluetooth = true; - audio = true; - }; - - authentication.himmelblau.enable = true; - - application = { - steam.enable = true; - }; - - editor = { - nano.enable = true; - }; - }; - - system.stateVersion = "23.11"; -} diff --git a/systems/x86_64-linux/tulkas/default.nix b/systems/x86_64-linux/tulkas/default.nix deleted file mode 100644 index 40d1673..0000000 --- a/systems/x86_64-linux/tulkas/default.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ ... }: -{ - imports = [ - ./disks.nix - ./hardware.nix - ]; - - sneeuwvlok = { - hardware.has = { - gpu.amd = true; - bluetooth = true; - audio = true; - }; - - boot = { - quiet = true; - animated = true; - }; - - desktop.use = "gamescope"; - - application = { - steam.enable = true; - }; - - editor = { - nano.enable = true; - }; - }; - - system.stateVersion = "23.11"; -} diff --git a/systems/x86_64-linux/ulmo/default.nix b/systems/x86_64-linux/ulmo/default.nix deleted file mode 100644 index 43a5760..0000000 --- a/systems/x86_64-linux/ulmo/default.nix +++ /dev/null @@ -1,274 +0,0 @@ -{...}: { - imports = [ - ./disks.nix - ./hardware.nix - ]; - - networking = { - interfaces.enp2s0 = { - ipv6.addresses = [ - { - address = "2a0d:6e00:1dc9:0::dead:beef"; - prefixLength = 64; - } - ]; - - useDHCP = true; - }; - - defaultGateway = { - address = "192.168.1.1"; - interface = "enp2s0"; - }; - - defaultGateway6 = { - address = "fe80::1"; - interface = "enp2s0"; - }; - }; - - # virtualisation = { - # containers.enable = true; - # podman = { - # enable = true; - # dockerCompat = true; - # }; - - # oci-containers = { - # backend = "podman"; - # containers = { - # homey = { - # image = "ghcr.io/athombv/homey-shs:latest"; - # autoStart = true; - # privileged = true; - # volumes = [ - # "/home/chris/.homey-shs:/homey/user" - # ]; - # ports = [ - # "4859:4859" - # ]; - # }; - # }; - # }; - # }; - - sneeuwvlok = { - services = { - backup.borg.enable = true; - - authentication.zitadel = { - enable = true; - - organization = { - nix = { - user = { - chris = { - email = "chris@kruining.eu"; - firstName = "Chris"; - lastName = "Kruining"; - - roles = ["ORG_OWNER"]; - instanceRoles = ["IAM_OWNER"]; - }; - - kaas = { - email = "chris+kaas@kruining.eu"; - firstName = "Kaas"; - lastName = "Kruining"; - }; - }; - - project = { - ulmo = { - projectRoleCheck = true; - projectRoleAssertion = true; - hasProjectCheck = true; - - role = { - jellyfin = { - group = "jellyfin"; - }; - jellyfin_admin = { - group = "jellyfin"; - }; - }; - - assign = { - chris = ["jellyfin" "jellyfin_admin"]; - kaas = ["jellyfin"]; - }; - - application = { - jellyfin = { - redirectUris = ["https://jellyfin.kruining.eu/sso/OID/redirect/zitadel"]; - grantTypes = ["authorizationCode"]; - responseTypes = ["code"]; - }; - - forgejo = { - redirectUris = ["https://git.amarth.cloud/user/oauth2/zitadel/callback"]; - grantTypes = ["authorizationCode"]; - responseTypes = ["code"]; - }; - - vaultwarden = { - redirectUris = ["https://vault.kruining.eu/identity/connect/oidc-signin"]; - grantTypes = ["authorizationCode"]; - responseTypes = ["code"]; - exportMap = { - client_id = "SSO_CLIENT_ID"; - client_secret = "SSO_CLIENT_SECRET"; - }; - }; - - matrix = { - redirectUris = ["https://matrix.kruining.eu/_synapse/client/oidc/callback"]; - grantTypes = ["authorizationCode"]; - responseTypes = ["code"]; - }; - - mydia = { - redirectUris = ["http://localhost:2010/auth/oidc/callback"]; - grantTypes = ["authorizationCode"]; - responseTypes = ["code"]; - }; - - grafana = { - redirectUris = ["http://localhost:9001/login/generic_oauth"]; - grantTypes = ["authorizationCode"]; - responseTypes = ["code"]; - }; - }; - }; - - convex = { - projectRoleCheck = true; - projectRoleAssertion = true; - hasProjectCheck = true; - - application = { - scry = { - redirectUris = ["https://nautical-salamander-320.eu-west-1.convex.cloud/api/auth/callback/zitadel"]; - grantTypes = ["authorizationCode"]; - responseTypes = ["code"]; - }; - }; - }; - }; - - action = { - flattenRoles = { - script = '' - (ctx, api) => { - if (ctx.v1.user.grants == undefined || ctx.v1.user.grants.count == 0) { - return; - } - - const roles = ctx.v1.user.grants.grants.flatMap(({ roles, projectId }) => roles.map(role => projectId + ':' + role)); - - api.v1.claims.setClaim('nix:zitadel:custom', JSON.stringify({ roles })); - }; - ''; - }; - }; - - triggers = [ - { - flowType = "customiseToken"; - triggerType = "preUserinfoCreation"; - actions = ["flattenRoles"]; - } - { - flowType = "customiseToken"; - triggerType = "preAccessTokenCreation"; - actions = ["flattenRoles"]; - } - ]; - }; - }; - }; - - communication.matrix.enable = true; - - development.forgejo.enable = true; - - networking.ssh.enable = true; - networking.caddy.hosts = { - # Expose amarht cloud stuff like this until I have a proper solution - "auth.amarth.cloud" = '' - reverse_proxy http://192.168.1.223:9092 - ''; - - "amarth.cloud" = '' - reverse_proxy http://192.168.1.223:8080 - ''; - }; - - media.enable = true; - media.glance.enable = true; - media.mydia.enable = true; - media.nfs.enable = true; - media.jellyfin.enable = true; - media.servarr = { - radarr = { - enable = true; - port = 2001; - rootFolders = [ - "/var/media/movies" - ]; - }; - - sonarr = { - enable = true; - # debug = true; - port = 2002; - rootFolders = [ - "/var/media/series" - ]; - }; - - lidarr = { - enable = true; - debug = true; - port = 2003; - rootFolders = [ - "/var/media/music" - ]; - }; - - prowlarr = { - enable = true; - # debug = true; - port = 2004; - }; - }; - - observability = { - grafana.enable = true; - prometheus.enable = true; - loki.enable = true; - promtail.enable = true; - # uptime-kuma.enable = true; - }; - - security.vaultwarden = { - enable = true; - database = { - # type = "sqlite"; - # file = "/var/lib/vaultwarden/state.db"; - - type = "postgresql"; - host = "localhost"; - port = 5432; - sslMode = "disabled"; - }; - }; - }; - - editor = { - nano.enable = true; - }; - }; - - system.stateVersion = "23.11"; -} diff --git a/systems/x86_64-linux/ulmo/hardware.nix b/systems/x86_64-linux/ulmo/hardware.nix deleted file mode 100644 index 4479a12..0000000 --- a/systems/x86_64-linux/ulmo/hardware.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ config, lib, pkgs, modulesPath, system, ... }: -let - inherit (lib.modules) mkDefault; -in -{ - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - - boot = { - initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; - initrd.kernelModules = [ ]; - kernelModules = [ "kvm-intel" ]; - kernelParams = []; - extraModulePackages = [ ]; - }; - - nixpkgs.hostPlatform = mkDefault system; - hardware.cpu.intel.updateMicrocode = mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/users/chris/mandos.nix b/users/chris/mandos.nix new file mode 100644 index 0000000..a883431 --- /dev/null +++ b/users/chris/mandos.nix @@ -0,0 +1,38 @@ +{...}: { + home-manager.users.chris = {osConfig, ...}: { + home.stateVersion = osConfig.system.stateVersion; + + programs.git = { + settings.user = { + name = "Chris Kruining"; + email = "chris@kruining.eu"; + }; + }; + + sneeuwvlok = { + defaults = { + shell = "zsh"; + terminal = "ghostty"; + browser = "zen"; + editor = "zed"; + }; + + shell = { + corePkgs.enable = true; + }; + + themes = { + enable = true; + theme = "everforest"; + polarity = "dark"; + }; + + application = { + bitwarden.enable = true; + teamspeak.enable = true; + steam.enable = true; + zen.enable = true; + }; + }; + }; +} diff --git a/users/chris/manwe.nix b/users/chris/manwe.nix new file mode 100644 index 0000000..a4f077b --- /dev/null +++ b/users/chris/manwe.nix @@ -0,0 +1,61 @@ +{...}: { + home-manager.users.chris = {osConfig, ...}: { + home.stateVersion = osConfig.system.stateVersion; + + programs.git = { + settings.user = { + name = "Chris Kruining"; + email = "chris@kruining.eu"; + }; + }; + + sneeuwvlok = { + defaults = { + shell = "zsh"; + terminal = "ghostty"; + browser = "zen"; + editor = "zed"; + }; + + shell = { + corePkgs.enable = true; + }; + + themes = { + enable = true; + theme = "everforest"; + polarity = "dark"; + }; + + development = { + rust.enable = true; + javascript.enable = true; + dotnet.enable = true; + }; + + application = { + bitwarden.enable = true; + discord.enable = true; + ladybird.enable = true; + matrix.enable = true; + obs.enable = true; + onlyoffice.enable = true; + signal.enable = true; + steam.enable = true; + studio.enable = true; + teamspeak.enable = true; + thunderbird.enable = true; + zen.enable = true; + }; + + shell.zsh.enable = true; + terminal.ghostty.enable = true; + + editor = { + zed.enable = true; + nvim.enable = true; + nano.enable = true; + }; + }; + }; +} diff --git a/users/chris/orome.nix b/users/chris/orome.nix new file mode 100644 index 0000000..ad588d0 --- /dev/null +++ b/users/chris/orome.nix @@ -0,0 +1,51 @@ +{...}: { + home-manager.users.chris = {osConfig, ...}: { + home.stateVersion = osConfig.system.stateVersion; + + programs.git = { + settings.user = { + name = "Chris Kruining"; + email = "chris@kruining.eu"; + }; + }; + + sneeuwvlok = { + defaults = { + shell = "zsh"; + terminal = "ghostty"; + browser = "zen"; + editor = "zed"; + }; + + shell = { + corePkgs.enable = true; + }; + + themes = { + enable = true; + theme = "everforest"; + polarity = "dark"; + }; + + development = { + javascript.enable = true; + dotnet.enable = true; + }; + + application = { + bitwarden.enable = true; + onlyoffice.enable = true; + signal.enable = true; + zen.enable = true; + }; + + shell.zsh.enable = true; + terminal.ghostty.enable = true; + + editor = { + zed.enable = true; + nano.enable = true; + }; + }; + }; +} diff --git a/users/chris/tulkas.nix b/users/chris/tulkas.nix new file mode 100644 index 0000000..a883431 --- /dev/null +++ b/users/chris/tulkas.nix @@ -0,0 +1,38 @@ +{...}: { + home-manager.users.chris = {osConfig, ...}: { + home.stateVersion = osConfig.system.stateVersion; + + programs.git = { + settings.user = { + name = "Chris Kruining"; + email = "chris@kruining.eu"; + }; + }; + + sneeuwvlok = { + defaults = { + shell = "zsh"; + terminal = "ghostty"; + browser = "zen"; + editor = "zed"; + }; + + shell = { + corePkgs.enable = true; + }; + + themes = { + enable = true; + theme = "everforest"; + polarity = "dark"; + }; + + application = { + bitwarden.enable = true; + teamspeak.enable = true; + steam.enable = true; + zen.enable = true; + }; + }; + }; +} diff --git a/users/default.nix b/users/default.nix new file mode 100644 index 0000000..c6867e1 --- /dev/null +++ b/users/default.nix @@ -0,0 +1,78 @@ +{ + config, + inputs, + lib, + mkPkgs, + sharedContext, + ... +}: let + inherit (lib) mkOption types; + + mkHomeUserModule = spec: + (import spec.path {}).home-manager.users.${spec.user}; +in { + options.localUsers = { + homeEntries = mkOption { + type = types.attrsOf types.raw; + default = {}; + }; + + homeSharedModules = mkOption { + type = types.listOf types.raw; + default = []; + }; + }; + + config = { + localUsers.homeEntries = { + "chris@mandos" = { + machine = "mandos"; + user = "chris"; + path = ../users/chris/mandos.nix; + }; + "chris@manwe" = { + machine = "manwe"; + user = "chris"; + path = ../users/chris/manwe.nix; + }; + "chris@orome" = { + machine = "orome"; + user = "chris"; + path = ../users/chris/orome.nix; + }; + "chris@tulkas" = { + machine = "tulkas"; + user = "chris"; + path = ../users/chris/tulkas.nix; + }; + }; + + localUsers.homeSharedModules = + [ + inputs.stylix.homeModules.stylix + inputs.plasma-manager.homeModules.plasma-manager + inputs.zen-browser.homeModules.default + ] + ++ [ ../modules/home ]; + + flake.homeConfigurations = lib.mapAttrs (_: spec: + inputs.home-manager.lib.homeManagerConfiguration { + pkgs = mkPkgs "x86_64-linux"; + extraSpecialArgs = + sharedContext + // { + osConfig = config.flake.nixosConfigurations.${spec.machine}.config; + }; + modules = + config.localUsers.homeSharedModules + ++ [ + { + home.username = spec.user; + home.homeDirectory = "/home/${spec.user}"; + } + (mkHomeUserModule spec) + ]; + }) + config.localUsers.homeEntries; + }; +} diff --git a/vars/per-machine/ulmo/lidarr/api_key/secret b/vars/per-machine/ulmo/lidarr/api_key/secret new file mode 100644 index 0000000..a1bfef9 --- /dev/null +++ b/vars/per-machine/ulmo/lidarr/api_key/secret @@ -0,0 +1,14 @@ +{ + "data": "ENC[AES256_GCM,data:o7q3dG3EYv6Cet3YSRUBtWD++epjsDvKDxlnvlDTV2BNNDmWEmWCmxIwpw37idRCSHSowuIdG9npYMu2cXXNAcDkRbRA5MveQZOLu8qODiSvJJstOrAGUh6oYMvogAEkoaeogRhPx4SgX0j4KPmxdCsgWIrCWEkaWF1OmhFY9ZUv,iv:rv4Q2OShrAmEcgUq9ch3KpQMQpqx7BoNj0zEqDkyaaY=,tag:EkuoxsqdbNSzhu8fwTaKJQ==,type:str]", + "sops": { + "age": [ + { + "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5Uzg0OVlTZjBGamwrcmNC\nODBhUVM1dFFhNWY3Y3VYRDRoMEZvOHFEQ1dzCjh1bm9MdG45LzEvcnZvb0FzRCtL\nWGhvampIQ3JYYUdKckhncGFVakk3aTAKLS0tIDRxZ2ZQNkhnZy90SUhhVDkwb0hD\neWhKQkF6ankrQ25uSW9QeEhiN1czTlEKnDr97KT9ULu+IJ93I+4noedX+O0MWsa/\nmTGLZA/F3k3OinMmKeFcYdv/grKda8L4QmbwQzUs8s2MjYDDtLNiBQ==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-04-02T09:25:49Z", + "mac": "ENC[AES256_GCM,data:nqC6JEmJavjeyz3OWSgsEdlT5oxzn5/N283VPwUaGz4ugUgTmKBn9eVEGKjeMPfmdd+wnExUzokT19z9vmVo/tWAopnTs9t0krGPjWHbSTLGXANNiR2DXGCHMLT0ebPiTcZNpIl3OUTQAF2bs4kBK/ImmD8Pbz228PmbLOE6H+A=,iv:2XT+wRTqw4VNJfJkWt7n0sNQINrt2AGMHIWN3nj3Kxc=,tag:ds/UsEG7fUnGIHxslotbOQ==,type:str]", + "version": "3.12.1" + } +} diff --git a/vars/per-machine/ulmo/lidarr/config.env/secret b/vars/per-machine/ulmo/lidarr/config.env/secret new file mode 100644 index 0000000..2b4b8b4 --- /dev/null +++ b/vars/per-machine/ulmo/lidarr/config.env/secret @@ -0,0 +1,14 @@ +{ + "data": "ENC[AES256_GCM,data:CGCmRQVpfm0GZVKXxABAAH5kgXuvKwG2ei2eIYm2zLqyzP5Vt0Z815uH5qdqwfhxb7/LaXd2i24yD9AgeX6kLjsg9VfLmoAvpeywrU1wFKdgosri5PES+0MEk7lsgXz8uI5JRvRohuFUXLB5cMkvAaj+zy9Rwc9B2nJdgz2tFimceP1ALsxu+pHGnG/CIiXjo0GVwX+2505OaRiGywB6LIDNxXYUzJ+6nZpqARI9Xy3eoQTAj+SJ4yVBFGclL1JJWddROqdLuEORXzcIeQc1aa0CkPI7Q6sH2xv3XJ33JxsT6CNCBQL/p6ngR855OY+Hpx1bvISsWV3SzyyW0IdI6hbPBEc6s0opM/w9llf1pvCfK13AWWf3F9A5gEnI4c4VZM61AzRg4OaHVId1GawzLhvwWq7E,iv:hfAMtVVY/Bnw79mFnU9d+fLEJqwuWHcb8dL5PLDp6oE=,tag:XuHrYsZjomVP9tRmP41Iqg==,type:str]", + "sops": { + "age": [ + { + "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaWnhkckxYaWpvakxJNHZB\ndVNGRHN4UHgwTkowTEEwMFI2OEhwajNBMGt3CitLWEd6UHl2b2kxMEgvRHRKaGxr\nWGluV29TTkNveXUyTEIvb05BSlE5QUUKLS0tIE1mTEZTYlBPLytEYXJWM2dwV2xz\nZFU0eWZxSlZFejlIMnBGNkFGdXBkNHMKvimcV4BI36cFwHvU+235npFgqzHrC+FI\nxy+oohK3XOaM3iZhpo4T1s++mCQx9hvsyHKG4z5Lt09BvkXw795tIw==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-04-02T09:25:49Z", + "mac": "ENC[AES256_GCM,data:wPehGqpajsKHixAH2HS2oYwc4oW+8vOI7OURyFJItBP3IhOz+HZzBC7I4XD0IvH3Nk7K1dFQuzCgqo/X3sFqWY6Qd6xzAf45ZBQyj+JeGQgbvPcrOzrGjEsnAsRv9EBrNtIWNFV+mt8G+thmmSvE23EqMWwQVBGzd5brq1ZXBoc=,iv:023iBpil4E1XA03HBM4DCaVCr8DFk+zRxf8+2UOGXzE=,tag:BfBDsHCfRTfDJX/3TGNGPA==,type:str]", + "version": "3.12.1" + } +} diff --git a/vars/per-machine/ulmo/postgresql/.pgpass/secret b/vars/per-machine/ulmo/postgresql/.pgpass/secret new file mode 100644 index 0000000..160c934 --- /dev/null +++ b/vars/per-machine/ulmo/postgresql/.pgpass/secret @@ -0,0 +1,14 @@ +{ + "data": "ENC[AES256_GCM,data:2U554h8cF6ua7k9ZSKBdUfv4RHy9B+qtwNoymyKcBPx5l+cjO+7V1d3fvT3zmflGhmCvhBUdu38QwnaOkL3+4cNpZjFlaqSeuiddXe6DGNMwFB+MKIIFfdNSb5hSi00vQS9Aucl+x8sPZ1K8bKETQSKnTJXw0cW/O8z0MPT+ixpw3PWZd/vGHyqOA31obokhfa8BloQ/NJcDm7X0/LM97vf0BqsdMSQE3jUMZ/MNZZ3SAgNj5jKuRJipWrDeOgVexie0CySWkmFZDFGK7j3jglfY9WQGJa1t8mDrkABTvEm3imXwxS4ahq6SgRf3UvW+6rqERb/u0h0/2WbjTGRbBEBtuh9rKRIHHVE7XIiiUsrGHiDI0yAjlggXDM45tKfYp5emPutjK/XOYJ1XF12J+q2dnbOz1hxFZV5o2W+b6mKSMWBqE6jttRTPPZrb54QyC63n+w0n7kf+uVvJHh56XqhHSvrXBU2l5TTTz+uGTGHsRiohTE1oMbTyUDr5U66Tc5LHRDdGgabLDbpjXvQTm7unhNM5uUI8fprzo0SYepmwq6fVEpRidoJ69qqH+tT0vDI/+58LuTQupBXqPQCon2B8qXLR6IFX/17imxv9F419CRqq0TOgeRu/mVLFz9cYn2N1sC+qWvOlM6nd6H0Xgb8lGzVFgt+ufy7SxGl784/TTZdxlAkSCn22f5yaejRGjkU11kzeUEo2UedTeNZc5PzoJc7wtp9tEkf/KsVIU68TKjGVEomfPGTBMBvMfKZj72GyXJ+daDTVwPvcKD47VI+CJpHIDznHHlzOqKqK2TJZ6htvtUxhUfO8KreSDZqQ1npwidrZ6W/4JmoV0JU=,iv:i5BmzaIRsxZDL+1s2Wv4BYYJdXCnShwPgq4aSzSaf+g=,tag:lvkS1GksA6RArl60Hsplsg==,type:str]", + "sops": { + "age": [ + { + "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhTXJLOXpaVDF4YzRUNmhB\nMHk3U0hxdkpBK3h3Rjdxd1U5ZUoySldnQWprCjYrTzdZQ3RzT0NtVituSnV2SWZ3\nc0xrTFdRVWlLdVpVNlQ4WllTclo3ejAKLS0tIGx5dnFHOUlwOFRKUS9vRDY0TS95\na3g3MEsxY0psd3dPaklRamNTUzcvNDAK+6Q/FZsRy6jKs4THvoctrF48hnK97TR6\neC6qSL2ix4pPt0BhPb+Ixcf7KMDR99wwved78qJioe7bt8859RXltg==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-04-02T09:25:42Z", + "mac": "ENC[AES256_GCM,data:8363f6CzLK1ZipGSVxaQcMMy+mTh1AL0U4W8FiqXuLZt6tzcLbVUqfSVzuzAmjFaiOldfriPiTghnQGqEZhe2wdbeOiSAv0AIw19GXTYsslbdeNSDXbxUZ+p6mMESkn2xi365mfF7UgNZulJLa+SvSHiuPkxb/ESauVrXw11ixk=,iv:8j2U9pgjsURZ4bAvBKzIJdix/FLml4METeoikTl7jE0=,tag:K1ycWq23HYT1PIbZM93zkg==,type:str]", + "version": "3.12.1" + } +} diff --git a/vars/per-machine/ulmo/postgresql/lidarr_hash/secret b/vars/per-machine/ulmo/postgresql/lidarr_hash/secret new file mode 100644 index 0000000..e18d52c --- /dev/null +++ b/vars/per-machine/ulmo/postgresql/lidarr_hash/secret @@ -0,0 +1,14 @@ +{ + "data": "ENC[AES256_GCM,data:Xeu4y5K4WbCig3U0e9wGZ8izK4nz6Su406XDU54RqcTg5pMvIZYUwBnubzwcezO2tQlRNkD6fUrF19Lg8C7VKKZcspLBZFgT+v9Q0wlLMFxcPSaccL/x2jEPS8aCRYIq0IxJ6YEM/52DXYq8lh94WwImXz4IyHny4cIBHsROnqnISeSGeGM=,iv:jdWF0xOnTXh31qOq6FqYsWt5RthCu8wQj10ByyqNTdc=,tag:l936Z/8YFGyHO6e2QqKbfw==,type:str]", + "sops": { + "age": [ + { + "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLNk1sN2tya05USHo0bko2\nUVZ5elJaeVVDeWk1WWo5MHIrbkJBeHcvb0dzCnJxUE9jaGlJdVFqTlBoUjRZVUxZ\nT1R5Ym44bC9CY3FaV0UvV1ZieXRPRm8KLS0tIGFabzFKQXYxOVJTSW1rNWlLZTUv\ncWpLaUN5RUJnc2pTem9pb0FqS29SU1EKUNIoNqv7djVOIahGFpTPx2r723cr2Nam\nfkSw75HkZQfap8Y2J+VMEVKSeBHFGudweZ3ifnl9p5W+WN12xb0btQ==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-04-02T08:04:41Z", + "mac": "ENC[AES256_GCM,data:cLBNG0UUn1D9CdPlhQrkDxety8/cKyuxZctPqzKiHUqOLb9Wm1RwlwfKz9zCQ+nl++jUp5ZSszbcBkwXl7zA9x0K28GVJiKOTL6od5+HkiaEAL/b+qKviYLrLgGbD3mUOyuG0V6gKua/22yvnowtJ02TSK+kxR/xzaL2whIJdAc=,iv:/rE7yeXQA30K/NwPoFlEQTi7THv7din0nzTM4rSfS00=,tag:1lZrzkXpcvNmmxkqbxl3fg==,type:str]", + "version": "3.12.1" + } +} diff --git a/vars/per-machine/ulmo/postgresql/lidarr_password/secret b/vars/per-machine/ulmo/postgresql/lidarr_password/secret new file mode 100644 index 0000000..35fb209 --- /dev/null +++ b/vars/per-machine/ulmo/postgresql/lidarr_password/secret @@ -0,0 +1,14 @@ +{ + "data": "ENC[AES256_GCM,data:gg2RWY7LWZatJHN5mWf0YQUIMHnM1NR9qao4WjNGZV3K1spzamyf8kZNyFC6vKxsIa73Ticf8WVHCheEPlAVWojcHqBiABIvxtD7tMdJO2w3T10RslKMW+NXGNh27mcSBBGepCb7a9/O5D0M+3/m0Pa8BX9gbvidRlJ82rW9baJf,iv:tx3HXIYzNOB7zeNs+tVt6Ti5Aa7/vvuhEAblv6E/Roo=,tag:ic/74zvvT3OJyC/sRbdKQg==,type:str]", + "sops": { + "age": [ + { + "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6S0dRVWpsM0ljbzFvNHk0\neE1DTWVWSk83YmFhZ3BOc0tjTWtJOUZVNzFBClM2eENWTlVEcVhNbThyZ3JwMnFK\ndjFLT2dKZXN1eGJvcFllVzVsNVNTTVkKLS0tIHkzZThXUGN2MWRmVE9rNTZEQnlj\nWERqd093dmFCeTBneTFZcm5oZU1HU0UKRs9RoYMB0FpqWIQwve4WYuKcH4KVkf+2\nl3npJK0gX0N6EUGUFtcOuXy+A5WSx31/SnwdaNo5wnH/9MCJT1wisg==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-04-02T09:25:42Z", + "mac": "ENC[AES256_GCM,data:IyQs9bLqyo+L7A0/9EU3LxBj8XplTbQn3Fo+/goZzpLW7ec3LQ0BpVo2I4OmXGBNg7FZxPWSRZGFBYY8wGIsnR/ds08klRiZAubeO2gG0mZGCf4HAywEJ+CL8aTv/fxm3tRAEidMd4eIXyul6AoYIwY54pOf0DBepgwieJQyBmM=,iv:7QNLVgVWlLmsa7Ol0sK7ugy2yLy9TNZapLpi1wMKTtM=,tag:VY9x0qKXyWp9JnSQu+k78Q==,type:str]", + "version": "3.12.1" + } +} diff --git a/vars/per-machine/ulmo/postgresql/prowlarr_hash/secret b/vars/per-machine/ulmo/postgresql/prowlarr_hash/secret new file mode 100644 index 0000000..796bbee --- /dev/null +++ b/vars/per-machine/ulmo/postgresql/prowlarr_hash/secret @@ -0,0 +1,14 @@ +{ + "data": "ENC[AES256_GCM,data:/J87IC/tXapUNAkQAc4h4efJtWd0CX0jQyqA0XeudiPiOACLs4DYxVMC87j9mkKk0ezPmaE0JENESs20XIzE8AoWjORslvoBKUCEyA0yd9Uzh52nEINZXtU3x6ABAlCgSa3TzCFU4VkuLj9AEJ2p7Y809nIFerz+QtVL+MqKxBP9q5nHiYc=,iv:ba1vRxlNJQ6KxGP6nHG6tkpNOAKkFN8bfzoeLcJqxnY=,tag:YrmOAl5HIs2glM2cQTgUOQ==,type:str]", + "sops": { + "age": [ + { + "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVYjN0REV3VzJBdlpGa2d2\nK3V2akpsUVlIbnNMVmt1STJLTHVoNXQrb3hNCjRMWE4wdjcwS0orYXhaeEx5QlhJ\nT3FBZStLVWtwcG5IRlpqbmQ3UWxka3MKLS0tIFNJeG0zZlkvOHlrSFgrQnBWV3hT\nQTBoZWU5U2pnZk5WM0owSEY5Z0dqZnMKbd38p09lTl+ZW+RFTTt+le/wU+KCq6Jy\n9q8KmRzWtpoQCrecqFAgNazFxpp236jo8Q8JeSqSiPn/zOuNXg5gog==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-04-02T08:04:41Z", + "mac": "ENC[AES256_GCM,data:AufJSGx+8KvZ/I8IgQgch8XvKchYOwrSCb+DMJNiGmx7H20DoZlvWW/dVafSFtSgHNyWek8le4wqB4yoTNs9UXLoGoShVGCTQOq+ZOTJkx3DTk76OOyLjcb2mnNo8TUYz1HjYZ0ox1//povwhO40c0i7DAT22XnTUONBQ2gko1s=,iv:cW19v2fR56IQbauUCf1tjOdI5tL/XfiGEqIumISbA8Q=,tag:690f4UNtT9lxGq0dWku7fQ==,type:str]", + "version": "3.12.1" + } +} diff --git a/vars/per-machine/ulmo/postgresql/prowlarr_password/secret b/vars/per-machine/ulmo/postgresql/prowlarr_password/secret new file mode 100644 index 0000000..6e5726a --- /dev/null +++ b/vars/per-machine/ulmo/postgresql/prowlarr_password/secret @@ -0,0 +1,14 @@ +{ + "data": "ENC[AES256_GCM,data:oKz9oMJcfmZ+3UdbzlErTRQ5Tfxcc1jO4XXZrPI14l+DZl9TuzgQ+bTpKu5pQ3eD6TDPb928pHvxhWunuX4/1mp8cZAQqQ4JsCbqIbqeqRnXFkLAodIBiLHrHYv6QWMHPadLt4zlxgy1Mxxhi5lUchBkWyPcMFddHnWWnw2wQyq7,iv:Sw97Mn3CDnyBs8z3zVKR4Hlc50KRz4Mx1KZt13JnhpM=,tag:HAwyjFkG1Rbk8lVs6QU/mg==,type:str]", + "sops": { + "age": [ + { + "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhWDlpa3NWcFNpMU9Rc3Yv\nbFZLUVIzRWJtZTl6VGtPZ3h3ZGQ4ME9Sc3hVCitjNXh2MEYxTGUycUpxRjFNUFgx\nZ2tHUFJybW1iK0xPcXdvcGgvd1lVdGMKLS0tIGtpVWwxdmpMR1ArcENpZnZSRm1S\nTndHM0RzeWpheStqSlZzaVp1RXVLNFEKPpp7JRibn9gc1QafRXqLEAxX73kx9Aki\nwnNXbN1fE+sAanBFKRATMDEZAYNHuAoCEQCJ85DtW3tCNrDyjZ0UhQ==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-04-02T09:25:43Z", + "mac": "ENC[AES256_GCM,data:TdbZGcbTkHwOmzu+y0MbERHp70FsHambcJU2lrGMZix+weC13c/zKbs91DbUlNSW1+ah6iSqJwubmSx5JAP8N3B6cKZRybF9XdOKaTycYgBJVdjHJOKyzlF7Puzxl17SEDWeT4kMlSXuARsJA8OPXHOPbE0PNowzhA8dCRpQeKU=,iv:TfL+8cnBXnscoYe+5B3+JBfjNC6J5QX2yXRh1tSo3D8=,tag:hRfs6efTh09N97P2Dmk0xA==,type:str]", + "version": "3.12.1" + } +} diff --git a/vars/per-machine/ulmo/postgresql/radarr_hash/secret b/vars/per-machine/ulmo/postgresql/radarr_hash/secret new file mode 100644 index 0000000..66926e3 --- /dev/null +++ b/vars/per-machine/ulmo/postgresql/radarr_hash/secret @@ -0,0 +1,14 @@ +{ + "data": "ENC[AES256_GCM,data:yUkkTf7xUyLoQd+aAykxhQwYnP/1Un9wFGss1MunpUQFjTQwYY8DIb27rknc/2V5haSDTZOqq2o7r/CzyTJ4gXROIu2zI2Nh7i8v3HP16nAoBUxcweTDMdGoLeBMtYSpbbA056eOsq4P1qj6UHl//x43gKIjDdl/nc78VQbEw157/7ln2AA=,iv:UxE+6/uUdGAr3AlH1TSvImi7JwpufNQ0sbVRsjVzXvA=,tag:snEnHNYafi3xi/qczfbl8g==,type:str]", + "sops": { + "age": [ + { + "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5MWdHUWxwem5UdHFKa2xK\nS3ZnQjNOc2RFQmtBY0FUVG9xYTVxMWg4R3hJCkxiS1dEZEVIV05vUXVTQWVaN3FV\nSDJkTlFJU1B4OVYzTWM0czA5YzBNQXcKLS0tIHlmQUIyemxVYVI2TmxkU1FuYml6\nNXY5d0JMQTJlWDJjTGgvSVpCUjkyNnMK3HhQo5yJOs/uA2Qbd2pazvQZzSiM/TVE\nAfwlO+h+co9snnlcwO1Uy9NxPGpv+6KqlEgtCnYdXR/V+NlbtPbzBg==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-04-02T08:04:41Z", + "mac": "ENC[AES256_GCM,data:D9s6HC1/5J/uHf4mI4b1wJySXGbQIrUazc3BmIVLdLfRAau+RiBRQ45BkNMIyNIVHk3QCFbKNN3SpL3VIgkJB+RsuIc1B3em62PV7GcpI07tT8rapCeKv6PFZTapBllltbFtVq0H3PGiAeymwB4C17YN4e7LcaqSfdSdDAKgZTU=,iv:s0AjDgdkR8ebA0mn694CzUywIv2mzgiHehJfs2Xbhpo=,tag:W5xvv/Pdv9oTtKseFzNzbA==,type:str]", + "version": "3.12.1" + } +} diff --git a/vars/per-machine/ulmo/postgresql/radarr_password/secret b/vars/per-machine/ulmo/postgresql/radarr_password/secret new file mode 100644 index 0000000..d9148b5 --- /dev/null +++ b/vars/per-machine/ulmo/postgresql/radarr_password/secret @@ -0,0 +1,14 @@ +{ + "data": "ENC[AES256_GCM,data:qWVsbRFZ5Tn8/6kOF/ejIvVTlmFjn7Ow83n141Ev8uR7KjyHtdrfliAm13RS/Sy6NvroADt48bYlzgchLMq3r5vKLwfmKqeoE7u3MSMO8OPdu8AGOaP/swYulrMgqPDFi6PeOUHZXTJuPL7+jf/zEF5DqVC6QV/EJoXMyZiUPAYs,iv:77opMiQpFJ3McSG2CQTU3ShIZvgm2NqNWjdqarwvM8E=,tag:dx6x90jNc5+eoLUDqtKZgA==,type:str]", + "sops": { + "age": [ + { + "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzbmlRSkVxSXBxNmI0WWxh\nS09sbE9DODJmYmJmMHJuV2pFQjU2TGZJQW04Cm1SN0hvSjExMjhSWURSRGdjZVFv\nUWZuVitaZlZUZER5ekJobUs5L2tBaVUKLS0tIDl0a0FLTm1RSlJLT0w1V1VHWHdn\nMmlpSWtubkNXckZCZjJ1cTJvL1hBRG8KDwZyVu4S8oIBzikYfpLI4vgngSAmHvjx\nuJvy2sHoGqcnczi530XHsmviBSMZNSqFhvbtcHzmxdVRbc2cxgewxA==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-04-02T09:25:43Z", + "mac": "ENC[AES256_GCM,data:OOFL6q5kMKMQV5NCvN2TFiDdumjgSGeyLmqDmdC2Q5/Q9tsM5PsCifySxZTZ1krhxzV6ZHpXNg+Po38MXc2VyIniDX7MMEIB+d3J0I5KWgHwsWIOaqkntyyy4dEXlbqwSeLP0bOKWBY2h3dtve4LY0lGB79V1iuOXxV2w7JPG5Y=,iv:Q2vFr1ETtrUoZ+hc6rAczBFoT2sbydPJ9y2uqgoqtfk=,tag:9O2gfeFs3/KjMMGPW1mHEA==,type:str]", + "version": "3.12.1" + } +} diff --git a/vars/per-machine/ulmo/postgresql/server.crt/secret b/vars/per-machine/ulmo/postgresql/server.crt/secret new file mode 100644 index 0000000..bac7194 --- /dev/null +++ b/vars/per-machine/ulmo/postgresql/server.crt/secret @@ -0,0 +1,14 @@ +{ + "data": "ENC[AES256_GCM,data:llIuY73eyaF3kPOR8gegnn3J9xyiqwjsrc+zqyYx07mTpVxMRGT+KKF3iqsP8NLAxMOa3afulk7qzdBlzkKhlJGpdy2lR1tPCOD2eCj35NlF7jtAqGrdb3jPe10FkSEuz4YBI8atmRZviAMyFV1h080P8kQ64p9lANijw/5sd/uU/sKFzlZPtpb5MgqliBPdQ140AZ0w/EJrI2vuyBMloFfm11MSMqt0Zrg9dTLWTrnKYbjVNSap8xys/gTkAkeuYsnUCTm4VSfD43obrn624jox4lpNLk+kTOgQfLO+JNfA5jeGXTbMF1Q0pahY0n1/LwENwGX712v32flpgJdEZii+Lb44AeYA+xMREQ9JWSbGfwigvznZDbTT/8NelZPJv7Os/M3O8PC1z9ImRA0q0hSWj2skDRqB+KbZ/+w9VPHll+D0VzoiprXRdhMX958P6Kfgr16lE0xA+f0dOmfVbzuWd4mOJKBI7EvfbeWjF3JRBJj0eVxDc8UQJ2V3FQJay62AeCIVsrix5jm6vz0omHsVIyBGzTLTxeLPs9tGe77AfIfg7Am6MJ77TS8LTHFmT5tFsllxXvGjolsJxynsGc7xGMEUdGq11vumq411ffLt5C9sYykoSyRnXJah2vIFkTtRO88VCvcEuFWB2GWcDQhAxuqnAK4EDbc7cuErCTJf4cgBIv7ODkUYrQBid6R/8l8es2RMnh2nybclqfn94uW4wQSKH3d3DVAMW15Es+H2cpYgKbdcFf0BTEhEvWP9ovpo5V+9utgz1vFnUrvsYQmGQeWmU1TwANcnZeiZO/2IJJCrXkiwUNkaSeWs2V9T5d6bEJFyMxFbXGfrO3uymO0nJzrv7Lq3sNy8hXcs6lxOO8g36jKuQ41kl9N1ZyhMo2lhWE6RdjW4/zbCsXxwEhMSnf86o2jB01y2/zpjCUfXBZVLb+7SbAtYYNCYx0IdL+KqcRi+kyNpsmjV156JEEFgxFkyTqGl0Vj1Y2BnVCDBfgBrovlq35xUIDmLDDBKI4zSe7mw0Va7jBiqP6W/ckCuK5BBVBI8WOc+qHvnh+EE8dCFGPeMlFktjxzJJPkp7vR2ZaPhyozl6uF5ZityZzF4aT61SiKcQxiS1k6Pd2rEih5Bp7E36PFn0EqBGAxtCNVWEcRG5QXFOCRUqOvj5r5/F+fYSvqftbqnPmRdi3VdeCAlVdeJ9LiaR2P8HHfYOLjbbbYFSybsu41oeSE0P0lfeiKbwLz8/wtReFNyPda+qDZr/ce6YbwrlqxieepTKOqLBlzGsOximsl10HuS1+3rf5HWgLBPQBmIKvYyAdg0msyQKFhY28XJksHfgtEIMoCz5sFVUX8m/CO0l4BGQ0pI8EUzGEonuviLlPkBL0VQzqiKI0iZ3LGH9PGIQ96+HpNGnPhiEnoqM3IH2gB3vWqcprgCjUKzzSIJl09DPtY4Ue+Ik3hJSPEa3853Xjh3FyBw52I2Fv2qR7wbv7//u48dObIvelyLxKrpt9Brsh6Z7a+KWK8xuWgqJXAMGk6zpJak/DpBqpPn1Rsclk4yWm5+w4pT7iORSyRIwt936mQESCRKq66aXOb3j/BE+2i2n2ZokA+DmzXHD6QDeJLWad3iw5/3GS81t6PR1tSGqRJ/6sEP3Gb9Fgxew/KoH+MCDKqwSA29Mk3rHfPddTp62+OSBFnIcyG5aAVCbJlzPDLl1SSaJLLibSpvr/z1i071gCPdjdpCatorIN/oNkBH4IWnaK/6s9eM/LE7vjUQJSz/E4WSFFKK1yCOEIBnG1LrP0xyDcTgkp1dM7GEx127gzY00KtUJyHhQsgnf/zO0DTH3T7RaDYIBMPChU5VvB9t3+NMThpZ59O4JXbVKDd1KtDgp0c/9GLyMTLUUxRKBzvZNpNK6ySFllNyZ0/JTADJ9tvmPA8inKJplOV+EbU4Eo7VH8B/VEBzO/Tj/uC3JqQLyVG+ZewFY2fnYp3JgEp300b9NZBcx+1Tq4DjMiEgYTiOFEsl2N+4m5VO5r0rsXELfVSgPlbLg1BIWL3JPKY5R/k1ql4GaNGSXoJ2DwfdvvVR5xHgGYZEbyBiXOmIS6yOS4UK6RVXmb47oFUWdqZKAOSioIHnAxc0/KQoqmBAihcL2sgUWnj725i0lH/ky5wLVFTNpldF0lohK8hw+5zZlO6qplr1nFPvO8N69KXdhWCjykOO4f+aLHyU3LqHpnBmozVfFR4/CisdehsXEaa4nh+6Yr2HxJkd7ar3V2n/L9dCvnMpovvau+gVvqUC/5yOVfF9ZFLz1M4Sp0zAikW9bfWNLM6MNZv20J/JHQseZRZY5ONRj109DItlgzS2axP8Le/2M06BNePa0MDSr/ogQv33eQ+urnY1ES9aYlqDzoJNQ5FHkFcnAfGBd4woWS5ocNrlDFBEjaZ5+6dWp/T54O//coHZE5JdnHO8oe+pwKboUFuyuAbbrVHXL/pe91cUpwHEJmRrfiDcOQgribRkO5a4wzvv8Vz8esUYpsUiO+0nkzXccJhzkICFDu+se8EioUjno0cfqAFvKIBP3diE43lshAAOE9mRxanvKzOz7fwe2hvKT9LZCcf8W81fw3+c7qnoTyNiEjm3Ift0xM+nE60UbtlyqY66P1eSK1dwcORfwrHo1rUwT97pN/FvSqdKPipVjEXz19DtIymfQghZU8pFwMdhRhVocDjXgz6ha+Uo+7zFTL7w4TC5B1MqfRuk9B+CbQ2dgqC1A/OBga+B2dYMb0J2etyOpUyg9rc53P12VIDQy4JI5KIE4I+bB9kxiLJrd+FQ4P5tWZbAnTWF4WPjrWdTLEn9Y/Au8tDqaTYMa42T0e4Yj21DCNU3KElm1Jv/xo7N1XAKYnCAcdQnhhVc67Xr1foKlsBMAClTk4FMKS5Cz3NLjT7nf96o2qvFbfADI1k8koJ2J599MdudxTqTfG27r1hWiuwSC8nGRlwNgt0wd+qDRj6A7OeJJyorZxwWlMo5P3jlUuiNvxWoCmGJ0XZlmhIjJqRqv6dh+hkGXfVrJ8F1nIad3MAs6rObXxr73+RzOufUdbXPj6wd9dbVsaIaoLPz4E25i2n3p0zFtfTyOHzb87Qu0tzzW6Ca9S3TqDoJq0Z+5/bJmz1GqwU7mXEYzmkTu0rF80GRH34plf8H0pd9aDV1E+4jgsS+AUpKP9WuiMmI73TML9Vbu1XCIne1nlfLLwAFxPn3oXnOjTnnxp4bZxvM0BYh0pXBevuAIYwTbiX7S5j7FTaK/0J15lqyHbFbfEL9MV8KYlV+yndu0EIYZlYM3qNqvIplXgdHh5XF2mxiSlkEz02bjyKakoK3oRwwXwK3bIsHD8DL58eSq9aaqYfXwFTiv8hqMHroDA24lt4FQ3EFXIy8NN6NKvtbUaNwJfmaP8pXuPugPTAhSR+kb6sEVXWQsaBcVZKp8ss+6Uy0BY5SLggu55zuJKvyS4KRyv2bAnvuebEyJIaer78nb6PArF2AQoJi+tNlcMfbW33z+RWmh5pr990xcRswtx+FMK6ze5UBwEiepAEOqJXiMnSsvo7Ary/JT1JcFz51zQpUlyuvqeVJ4m+PfcatAVp4z3BgF/NQGMMEvxpAWrbVYJ5EqxPQ5EZyBTzyO1vWZt622A1btEYNWvZFxupKPK9MvoV7SeYhf+0l22zXo62ZMKcG8vTPthoVsndeqEBa5HlwGxBXbltKyHEUm/zI+3J1pI9uL+HGH1UVQ+HYytDucWl45y/tq/AXBq6azMS43huv1+UwBS14vYYkRsGR4tmi3vHqKxyZnOugfRtn4YgtCe4TNjSaQ4E57D+wN0S0QCv0LH0Ny97CM+wp5TskJRvLwPOuxt5QRwms773uOF7JCDRyFaZskHVbcL3/P73mfVvO/eCQbgAGowNdNRO8dkveZldmHki8Aa8TBy4d2dtxfzLbol881LXjUNo87fABnB4UxuzSlyKOwnxcAYI3SA/Qe9WI7xe9Hj2HMtUhW/R7LZT1V5gLWKE6jrx+OigfB+FoxaUcya/hvtcACXSBusacE/SDQogrM35Wa1ZoiixyAR1iB3f+w9TDi1XKkHVE5ihwLQl+f3BcOYWgEji92xJmlEqQ7Pq5XvzetUsp1IWW1zsKME/rmkCnIVVqPjU/eBoDjWaS93qTFEnajwNVtFBQjo8paZgWPQRLKLASwBl4FCPNtZTUKO965oMekZIybB93ZwzP96qZR+sV5o5upljN+3FfDQYZa11z4jttmGm9/BKni26tQRfaMxqNhMkmiDUZjI8HU4L/DUP+abNfzARig7QW6gOSrXRKm2qlaPbrfuPapXT/yBLpzXxwVQj/oza8X0I39YF1QVbPG9MGz4RV7eGeblyPGQAyco4UYPUO2VSrvtj41x/PtFkOS0Uo3udymXHKSkl55+Pj3OkDnWpNOZaHkCiBPfO3cTTXVObzr77bm0aoeM/dkY9nhur8mbilZOGqyrVvqvo5k7Tz8zT7g6REmoQJmay6ouZeEwsYSpAcJchNYuXnVMu5ZAttg/fkO/pBub+XvGDNHkEcZvq2UtajGfIyQWJ782eoE136UpwJvbFPzR3LhVb2wagTui0sUmEuvYM5E8WhP/jXfcWpqSvR+Bn53fy317dKqOksrha7ceDma4tVQcYPSDbiWRh2gLpw+qoOxBYWkq/k8uvXfmNgoUohH3qUuFY74p8k/Tx/uRFGaAUXhhPk4vHIey6Jkd/5B5Fc96L5HWQsqOn6OU6qcw5rRcZQgIp/qvYiD9vlEQkzlUWGmLPsWgAKwcgIIUHmZ/b1pfEmWThJ4mSIQo+DZnfGCZpSXmKyxLyc9vWQqX17xY6aA3MYMNlqbu+UH+zw2+GCNfj2YhEkbZAZA49c5r3PYfnmxs5yyJorRjQbw8e1+h/8pEw/4pTmyanmy3tAFheJQPtwNkS8UMM8YREx1GsIWpZSzh+K4pouOcJ6acn5ZbBmFicw7Ru9W9Xhp2WKyNK2R5C4vzsihFXn7HwXOI458/11pfxliigSV/IYgScKY/hlnFGpjm32ytz1/vvciJgzoyO+ONW63TgGu/H/E2fjOsEQoxClQiwglmH40PMmoTjwROh+7pTKPhNL5ANZa53Um5DuJoKxhrnD9fkP6Ta0Uozuogg+/IXzuf3TGIIMRLnh797L6f2kn0L+hW/CakJKkKU2qi6qCU9/EkYvgUAVNMH/2Ob63uKG4KbMNyqjdCfKLao02uArMBtoaEvN+bHGETMm/jKZXqYlwI4NdIZqFXNcuIxEKnmMo5eR0g5IqJCmMw6bTJtakwygQW7ehDCBalxjIyuhbqDu3si1iMvLzh/I+JcpVfeBP+THRE/ns/28DwUveEwIQFXsHb2SdCyLv97gZc6R1wEeULai3RSGkcjZ9GzOfZtq1uiMURdgsbmNDgukhzLU49uDwOtT8IiD8hlMeCzrWmoffN6J5GVNFckpnhHthoJRHnkX5O7JDv/q6fNVP8i/H6QsGJ0V310VjbwnXAdawi01wgtkC4dJpai7,iv:bDfn9fe9reKcaDG0GkLAlmGHA8USqOTcGgAmUH1oz34=,tag:dNiFZkU5PyS//1ATdKK7Aw==,type:str]", + "sops": { + "age": [ + { + "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4czF3VjB1MWs3bjloRXI0\nWVdUYnR4dHdsczZxdXNaRFhVVTE3OW9KekhZCnJRQy9hbTc5U1hwNElqMFlNSmFj\nTXVjWlowQUZGaG5ZelN2cW54Q1NVeE0KLS0tIGUyOHFadUszWDhFQi9xczFMWG40\nWXhJRzZCbkhlQzZ3NDUxOXE1aURCVGcKA05+YfD2QCCeI/oKDvhU8hHC4ljgUJoZ\nEWS1F5D95GHEYeusViqQsQHFTuO8xtEkjBHKLt+TEJcsHGeTlTqTyA==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-04-02T09:25:43Z", + "mac": "ENC[AES256_GCM,data:CywKU/pXCcEwOKshnWl9/4C+lIvhLUJLPu4ly2bTUq1zpY5309c9+FdimXKHQwnTlmhGM2TqP4Kb544wpAmv+7+uH9cR4BuK3oGFUSuIQFpQ/xabMFSom1+eMpf1r5cdtUD6mvOvFSD/V3WX7H/asgRgJfnjppz25zDw3+/SLus=,iv:gPLGZUSLWSI+mUAzLnabHlejGmdb+Utt1y0J2wXqQvk=,tag:2Kcihhy4Tz7oPfSiAS+ONQ==,type:str]", + "version": "3.12.1" + } +} diff --git a/vars/per-machine/ulmo/postgresql/server.key/secret b/vars/per-machine/ulmo/postgresql/server.key/secret new file mode 100644 index 0000000..5d8f4fb --- /dev/null +++ b/vars/per-machine/ulmo/postgresql/server.key/secret @@ -0,0 +1,14 @@ +{ + "data": "ENC[AES256_GCM,data:i3O9P8heWlhBqlA+Xq8xxESlph80TdLmbX9pIKIQ86ugS2KRNXv+BMeP1nKamm1H/pUtjHCidMvALB2+PjlQBwm3gqeD+3UEJ2Wx4r0kvERsV2AGC9+esIIPOInJmhZDeeY8bGtsoUtRL+tprWJiBA0m4x4lINlpz8z+JO0lsYaw37wnhQLlnUA1rAW+E1CU4WHcVzl1PBtv2uvtQvQYaDF8ijWOP1SPCGWvFBMXqaERfBafTwlwvaUIm2A0kweot89fENooC+XAVmuVZkgW1D3lI7PpYIMg6dOtInXd/APgPYLRpeC3I7CqHJYw5v7lRdJRVkb6jJ9dTLQKodEW9SJsCdpNISqb7B7X/n3woBA2A1W5vScNUpUaFbGD5jXgALQfrJg92GzN28e/g4zI+EgmtB1wVxpD5RctBUWxnQUlYPNxFkZMDAiI4/jCC44xFijmePiTfFqzCTdIHCk0d3PCej3N6MLWviQ9uQsxVW6ePoQVsDV3vy+wrKJYzyy7subwxquO6EI5S0/tQTn++3HzArTvSjsPlROj4Yc/xaE0hPCnBYGcTnPel9hikkcWfZvis4HBepM4EWyivrgibH2OEtGNmEnLoypAxkmnhydelfiI0VYI1pyK2LyryLTj8agHEgCasnqLwYA5OPDRGOTrkuyFnGOi2Jtt1Rft3+4A45PH6KfRM5webdDsVcsKNVQpxJYU6Xbx2KHY5zmaWK/zl7eN6ELvSr6POUcMJLtcR0XqOogu2629A0VF7g1S5YXfHztrR9kq1gBMJyIlaHIpBnBG35UX49wFFDdZqkgncOsJ61UVwAQ4iS2QRhrGJmiKLITAX2ScYmVK09bOBbW8iNNvLlHbKnANwmA2H3wAw9PklUnjcNWsCLRr1Xf+5o2iD8J3Gm76tGhcy7zskleBP26o1pDDXVp6aSzlEnentKdJ/16nYf1CogHBcxC33U5p28KT8sn/7CtvoHbJ6mPf/pdPbBZ0eUrkg26SGax2FnFWUeyVnLeytOs7mtJKQDNV9OatjpLCO3g4IezGPc44AODSFlEll6nxC92zEotEucCMCtymgGFGXamzsTF2esoVDxqpcFKgffJhf3JURzZlGBt3IW7fEb/bcDEyzgbjgBpR4i+sTREIxrRcdgGsm7omizW+BAg/wr/TiyBYfdwiTtjI4yS3jj5kl/drqsqurjAxZUD9qqTtrJpB+nieHyPGfv2KZOGozMynq7XlpO1yHEwqebCB4o/GatuZiMUbiZpntt+SfwTA3XRxNKK9hzPxIGgcBxc41OdfwvLTJx3cAyefYxXOlboGEbRaZ7Yqo5QSy6BWV3DkcogqEksSriz9Fa1hP8LU8VBimniYgPY+ErPmLtbcp5n6hPWyCN2xiGvKb/EpyOpJNo7Kai2re/bKGJzCV/3BiDOiGdnnyPYhEjR77hR5C5ZIaF/UqMaX6tJQPSYm4xtQ8LH/byBhkKVOOzx8qJyioi8R+L7qyUbF8ySDMv5buKA1cWuDAtiY3awFe7MNsebiAXbNuE8KEUVnNF2sbiqQbxlot802TPBqRLbR/vyWiMcwsZtF1OUsIWSlS0vI5Ngvz0s4ruBimqZ65INf8LZYb/X6MpieVY6bj0G8MeK1/uY0ODo2WX3hUOq8SFFHLFd5bKiFs7dvuUs1XavTWoMub7HJkwimRkWGf3z3rsu6/O/vocfUyFg637TFOg+pTa015JId7LDBhKe0c0+Py6pmHc2ilwO3A9DO6EbqY+WQhJNz/sRut2cI/vR03+Eh4UdYjBYHEpKo7rPvAqyfmSwj6wuWmW1RmysgQL0uPwc/oyB7HOPDybMr02HT5QhOeVCI9lWOuHSE6dxYmpQhnurKZou1hsrI9JtKVFAFvs7KVGJeGbxoc9U50SVkpUXyWWiw/RTKff6nnlBSkt7RX0w/1Lz31AhK1WVrS+cjLK+MTywxjOUE3CIZFDYB0lYIT/Ogacz3e21+zk8mr634JKQ79rsSf5oSaqh1MBWvGhgP9j2KixbwavmlEteIEJlNJAqor9jzYkrugVBeCij3dnzfDEXPid6CiYptVk75XhIim8EmoDshIZdb1YablKQfYB2Ot3JgVA/Wicyl0RyaPTEnsNHCINnHQpM+oceBRGz/LD0W+hy7j0VGNfS5aKstCXsDNvTmwaREz72m0chduyz+GBq4sWiKMX7colf9P8wYoi2VCGa+2xt2rA5boEnxb3SwyWKyHYWrOVbR0JQHomuZJPHRfNvq1et22EPToFT8,iv:T197Ofh7nK/vjXVz35FLj5/NaLIaTVTsKVNDBtD/XwU=,tag:jscU6JYKIWH+dVIUrHGWTQ==,type:str]", + "sops": { + "age": [ + { + "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByS3EybHUzN3V3VnZGWmVN\nS002RG1yUktBa0NJVm01YkJNeWd2eXd0WFRBCjQrbDhOMFVuKzRYdGZwZTFqN1NP\nSmZpVWVzbkpRTnplNXZHWlBPUVVIa28KLS0tIDhYTy9zTjR6U3FyTEluS1RtKzd3\nY2pOWmtQWUJJWDVjOXRwQndWN2UzMjQKA6rqtGDHB9PpCTqva4h98MDibWdjqIxU\nqQVNisc0Hv4LhQMShR8//VRmupaIuDgI/6rcLi4L2xjIJPKtsXOlzg==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-04-02T09:25:43Z", + "mac": "ENC[AES256_GCM,data:Ur0QS5NfS9ffUfFCf5DOnkgrAedMX/15mm6CguMyJcnJpZ1vDGJ3Wzh+z0gsA3KwNPuQzujEuiiWxYVC/Oeikvj9m7loRz7udHDHKRJ50C/4lnLdVPYuUIf9tU7U1vyhfEO7qsKmDhlymds71OABZte2slKFS1Y3yHChEZozDSE=,iv:2swsqpEYFq8MSbKZlK/Y3zF872S60qck5IRmfX6JkDM=,tag:hSoRWI6PHlYO5ap6CSsm3g==,type:str]", + "version": "3.12.1" + } +} diff --git a/vars/per-machine/ulmo/postgresql/sonarr_hash/secret b/vars/per-machine/ulmo/postgresql/sonarr_hash/secret new file mode 100644 index 0000000..b8e12b6 --- /dev/null +++ b/vars/per-machine/ulmo/postgresql/sonarr_hash/secret @@ -0,0 +1,14 @@ +{ + "data": "ENC[AES256_GCM,data:vzXckwwFhF4wB84YLxDcK1XjyVt6tUgRFfBq8IyXBzTLsDmRlHT6SZwwdcCTQvOSwcHLaz9rEL5on410haOEGjrw5lbW830XUi0wKZs/We6av7JLNtye1amU4htCEb1mDDoyLzJi0z2nRC2vAGpwGwMjNykFZ11oRmxjALlivtWJtNvR78M=,iv:monIY0F7qlntov0L78G3pS2WWLRzKm2VAGC+QXJmVOI=,tag:L7KmaLETovL5eULz91s20Q==,type:str]", + "sops": { + "age": [ + { + "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOMk1JYkxTdzZyN3g0Y0lx\nTlhLUk5zd0JiM0Jtc2dGMndiMnpBaVZ0cGxnCm1INk1RL2ZsUSswVFRRdmtqNFN2\nT01tRVp4UThLeVlveXVGaVlnVnJWSDgKLS0tIEJhRnc3RFlES21SWkloTG84eWRt\nakpWckJzU1BPUTJMK1JBemUyb01tZmcK9L8xAgwfEla1sUpOIm4wY3dyyEjDf5wZ\n5dinJUepK1rj5M/O8J9EpxCG4hNcmwNNaH7jGLMRdpT0fQmLLBGH3w==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-04-02T08:04:42Z", + "mac": "ENC[AES256_GCM,data:mzPlHpBE6NE0LXPEvlz3MSH0AzjNUQOpGMawWdvtm9BiJ/SGpdn7B1gpCcCnBfOUPnYvTrYZHCiOQ0XAv8WLOj6EXGtqQMwvGKQzLc9ShSIfD0zqf4kNPQQP4c2uSkZpFIf4poLhWM6/k7oLeDFP77lzQNuKW1IugigK9xU153A=,iv:8jN/g8O9UIZF4EuOuEW4XOsnro31SHR0XgNm5IPhXbI=,tag:kY194TSK5OVVf7a3yt5+GA==,type:str]", + "version": "3.12.1" + } +} diff --git a/vars/per-machine/ulmo/postgresql/sonarr_password/secret b/vars/per-machine/ulmo/postgresql/sonarr_password/secret new file mode 100644 index 0000000..59e2cf8 --- /dev/null +++ b/vars/per-machine/ulmo/postgresql/sonarr_password/secret @@ -0,0 +1,14 @@ +{ + "data": "ENC[AES256_GCM,data:uGqwITMDYsOFdkGNqcmuS7cDxOyfsFd6FAThy1FrcCrei9G++XaRAQymaektzUebvOn/r1Je5hGSnCAwiLPgcL+3k253tOrLZbwqDFx7Hfns/ceKnD5CWs9Vp6JAO+6Md7VBRkcqBaZLBJ2oqdrGxpTqgkB3AyxWhNc8y+6L7m7X,iv:YFoLawKVZ90ZTvloCjQZfds7Z2pk1QkET3bBs/vWwo4=,tag:mU8rGiNASRBVAxcQj4ADvw==,type:str]", + "sops": { + "age": [ + { + "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2OHZiVEQrTFhUVVFNSmFR\naEdQMmxEaG0wMklURTZ4VWQwU3dOT0NHSWdnCi9LQWJoZkNMTzNWSTc1UTVpVTFU\nWUYxcUxSbGc5MkdYblVqZHYzTGhMK3MKLS0tIGhsMmZqeCtRSUZnTGxiNmttK2VV\nY3ljMnZXQTFBSldFQjhQYkxhbW1qV1EKm/XLLAu1QBxELCg56iSToLa2qTDSan91\ndvrlHkGiplG3w2lnufi/s6PvmmjHHvEbHuqiISavt9qUylsqAtfQrw==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-04-02T09:25:43Z", + "mac": "ENC[AES256_GCM,data:Nom2uZ0g5tORzhjApl5VlKEgIhjd5ehGTygBG0ycA29D2OtkRKxjcjbim8fiCn1Mo9O/lXwhXbcM9H5UpChMf8bIWHnVI8Z74/BTsCwfFuwNVF/hH75CKI0GR6XxRyCshhUDefHrHy1xZObJSHoAV1LJlenk59D+2zaExE6ATOM=,iv:TpqdOO+z4WPzyRW/Ze+39HNjlhDYCFltkycN0ly/Qqk=,tag:8PgBTtvb5NiffKXdQkDhkQ==,type:str]", + "version": "3.12.1" + } +} diff --git a/vars/per-machine/ulmo/prowlarr/api_key/secret b/vars/per-machine/ulmo/prowlarr/api_key/secret new file mode 100644 index 0000000..20fd3fa --- /dev/null +++ b/vars/per-machine/ulmo/prowlarr/api_key/secret @@ -0,0 +1,14 @@ +{ + "data": "ENC[AES256_GCM,data:DO1QVBMqPr4/CFEHpE7sWgGopxqJO3voovhKFr+NR1W0KHMDmaNH5hBwMWmUj9ocOEn3elvUC68LGibIGkqYGQORSnjZ4Z4ETViissg75V1CvTdNqIZ6wgSSoaZ7GV2RWPR7hKZ7Hji5KwLj8WYVOH/OfivVcFAFtLGSm/BtPDTf,iv:kiKwYLz9OeLrl62+V/Ur443etsJVlv8OuVMj+tClHSI=,tag:LZZvcxhoDKn9oJcFAV1iOg==,type:str]", + "sops": { + "age": [ + { + "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArQ2tNRDVaY25SbUxJOGda\nallxSklnYTFVazBkbFZ1ZEpQZDA0Rzl6aG1zCkI1cDhrNEpEU3AxSnB3QlZ3STVN\nWUMrMEdJbk9Lcm5WUG9kSjRLS0NjWTgKLS0tIFg2eUViUi9KU0FFcnRQTGNsaHRW\nRlp1a24yRWZMSVJvbVFYMjVFdi9Qa2cK+Ll5fdIbJeh/8IlMJIMnqKU6t3AnL5Uq\nBS+72/nSdGk7XVhZJSSa6L7ra4iejNJev+X+zkFXVhPeHiEO6sWQOA==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-04-02T09:25:52Z", + "mac": "ENC[AES256_GCM,data:2rPNs+BHnqXZNy82RBU74p3tA5tVpNLKxuU0r0xXmUEin5sIEXslVY9M5c7SHNNG2HKWtvH9dzB5tUXLM5PAf39gEjITUN1n6MQIrvirXVxNKfM2d6oSXX+v53tTBIC7zjVkr/DLJR0kk850oxElg/RjXzPaczisIEv622VXRbQ=,iv:fkJ/sv+ljdmHCxX+wiF/S38MIj6neC11q2mMFhyyPok=,tag:lIeelWnmYcyK44L+VcHIQg==,type:str]", + "version": "3.12.1" + } +} diff --git a/vars/per-machine/ulmo/prowlarr/config.env/secret b/vars/per-machine/ulmo/prowlarr/config.env/secret new file mode 100644 index 0000000..b5f8486 --- /dev/null +++ b/vars/per-machine/ulmo/prowlarr/config.env/secret @@ -0,0 +1,14 @@ +{ + "data": "ENC[AES256_GCM,data:pfVu0v6C7fq25CiToA+FI/JqC3sHjuG8jj9ZaBqwFS9mfsLnqL9cS+fk+UfMVvQpqrK/86pzvzdabIVhQBB5kHXuo613jXm/0DXSbKAOV84zxr8j6jEYtUseItcuuoKk4vJper5HFhtfb2umjieSWNUw7RTn30H3ifxbTN8n0+Ut8zV33ipeFLVdJzd4bBzU98axrYmy2lYR/p8EuEt0MohPkLIX/izjczApX7M3kIWn5u4ggYlnSvwaif2f63UGKxzk31aigB5uwHfhs0FjfA5kdIIdIm44SVidfp5rXTTJrrHMfukfHo+UgEgTl4qMpt80M3STXPNQmeK6GYwRJ0aTNT9uU9Lq+JlibWWof6IR8TEyUec/UAGoMfi6EwEFFOJgs7WhFsPGisvLg9YNYSTD4JRE8+EAQg==,iv:yeISxnSx9BsQCPlni6L0Cp9Ect0Lha7aKt1Nes12Vew=,tag:kela+RtMHvVqd/HEEb6NIg==,type:str]", + "sops": { + "age": [ + { + "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwd3FicHRoZ0poQ0pOVGRE\nK3B3VCt1VkJsNUFvVzdlR2kzQ2VObmc5QzJRClovN2ZNR2NLcGpDNmRWNjRFZDNz\nZW1YVC9JSFFCaGUyc3BYYTNMaitITWMKLS0tIGF1c3kvcE9ZSlVhTTRjZ1g4QXFD\ndXozRTBBcFc2VE5GTVN5U3JEcTZWY28KmQNuVk1bWKC6ZRDy1Eu6MXy8ENpaVvRv\nkIEl4iQfB7wt2eTF+/e/oHw/SzSJZ/mwBaxTDAWyBs0qPNelKxgC6w==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-04-02T09:25:52Z", + "mac": "ENC[AES256_GCM,data:5UHxsMrqyjqicGg3gajGj6qQEh3WSRCLOSLrbdGuFbWg0qS75QxyM8rz1/Z8JirMNRp+ACYHWXeP6RIt1ifZgmcEmZTv2xYFnuhelFkT5EOFmdBBETPB3EKbTP9DxKXhUPBQ0ObIyfJW3SAhPorBCRpW7+E9bxyaD3+sg4qElaE=,iv:SUNrGE6iEwV99jxBhViFvqoZx6XAdXdsCmMNSRNER4k=,tag:s4ebVBrkLXIddJG0DNSCdg==,type:str]", + "version": "3.12.1" + } +} diff --git a/vars/per-machine/ulmo/qbittorrent/password/secret b/vars/per-machine/ulmo/qbittorrent/password/secret new file mode 100644 index 0000000..f609b86 --- /dev/null +++ b/vars/per-machine/ulmo/qbittorrent/password/secret @@ -0,0 +1,14 @@ +{ + "data": "ENC[AES256_GCM,data:mM/ifrTA1aSOtCtVJvjF55WOu9SEgN96QqKK7N8Z+qWHHFpoEc1J9KpjKLH6X3pOQawxpSXHcfOr5iEE0tyeXK0+/G0o1w23YlARroqKIqjUK5NkVHH6BlOQEjuqlBX9D37O5N9rbs5BQ0urXUJ4TP1dmWUOABeEVFkWLeSBv1wa,iv:JUfoo7wmBA82SjpRBVGGR4N6SbURmA/raDFMcR+vyzE=,tag:cOu0oz3i1A33/Cc0BlSBMQ==,type:str]", + "sops": { + "age": [ + { + "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpSFUvRjNZOWJ1N250ODNH\nbXk5ZklvSFhGR3JFc2tKenZZYm5YRlVJSEVNCjdxK0R3dzFHcUdrb25MajRMVHpP\ncjZtT2FzZG5WS3l1TTRvczR3cHpIdmsKLS0tIHVKK1Nhb3kzRW4vNVV3MVVyNVIw\neVJsU2pRZTM0N0xPUTlKQWxQZ3Jab00K+07ETKcNVJ67in/yTRPadLOBMOt/assB\nRdiraOoaw1W7nKMZ81pw2teV8BUWrl2ZvWHGAk9B5M+LNm2U/nZ/zA==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-03-31T06:02:33Z", + "mac": "ENC[AES256_GCM,data:DSIFCYcpJFrIgLUmQ8M0gTFL3aKkwUJ5S46RYUgwn6Lu5BKJMVdpOGpYloinvRYlMHyK+Diva/tL/xnBtjG7Ug5gKqY4NAf/2yZLjO+y8+FMApn4KiTp7Nqe8Q93psJlIoe5ZUGxl2wERuXnmSnmFmfOjAYb6c/XtR+4oTVqvcg=,iv:wRrA2+eHduRpArHQ8ZghXf1LlezWZKuZkH4KGxJ/KcQ=,tag:RrVAzeL6aZEURY9DDLQu/Q==,type:str]", + "version": "3.12.1" + } +} diff --git a/vars/per-machine/ulmo/qbittorrent/password_hash/secret b/vars/per-machine/ulmo/qbittorrent/password_hash/secret new file mode 100644 index 0000000..d6ae7d3 --- /dev/null +++ b/vars/per-machine/ulmo/qbittorrent/password_hash/secret @@ -0,0 +1,14 @@ +{ + "data": "ENC[AES256_GCM,data:JBLJryQ1s+yY7ukjCdToghQrTEcE3DgEhMSl9eyKQPMARm7EX8/82H07CPHCjYGOb+NtZle3a+AAwv39XKUM6OybOiN484rDa2zV6lvFA5dcd/sbuJH6S6Y43iUbUHnScV7iYX2OGW85dSo3Wwcb5SKbXSb3+nhcXouRi0gn,iv:UQjJhIT4AbYACcmjkmeTnpXgXLAbhtDZoF8JUSfOdH8=,tag:928Qkgls5vGx5pBk0BJ1wQ==,type:str]", + "sops": { + "age": [ + { + "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnREhIZmJVTnUvd0hPbm5R\ndlp5aWE4V0doWDVzQzl6aW5rWU96QjZnNXkwCmV0SlM5NXFFeisyVTB3NDAvMXNz\nZzRMcmdyM0tyNkttVU1xN3E2cEtMYmMKLS0tIHJXWW9BRjIydlVmYStnZXIyZnBh\naCtYMWpwVWlJK0IxUWRPdEhVMnVYencKom7jxQwua8Poe4d9wR8sMXZCQQYM12YW\nR8hxaVFwXMIrg6qMRwTK2O1m/fkcVCV6qidjsLERb+laH+W8Nn/urQ==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-03-31T06:02:33Z", + "mac": "ENC[AES256_GCM,data:ikSkLjZtN+P5mOtljcOVo9oEIGlVi+mNO2nURtAgosN27TmQUA5lysUNAZLROD0UsnJAsghXCK4tt9vF68jAOPkBtAnWgL59hgoZcBSiOBr7oRxd4WIGXLhyqPlcDJV7VevNJWl0JLk1NA3+3HQZho4YUzQUNs0GtiBoJj67Uqc=,iv:nPLGU4UHCmY4MUP0j6ZXWyMmyAvs3xNMzKDcgoWo5qw=,tag:JMqKvVHVVfNOVt/TQu9kYQ==,type:str]", + "version": "3.12.1" + } +} diff --git a/vars/per-machine/ulmo/qbittorrent/qBittorrent.conf/secret b/vars/per-machine/ulmo/qbittorrent/qBittorrent.conf/secret new file mode 100644 index 0000000..054243b --- /dev/null +++ b/vars/per-machine/ulmo/qbittorrent/qBittorrent.conf/secret @@ -0,0 +1,14 @@ +{ + "data": "ENC[AES256_GCM,data:QmSqL0OQvu2l4NsJHfI/SaEk2Sdx1jMf0AKbbxmPaGnSnN3O3c2ATrIwgTHTumLankI/uXxbrV5vIXTpJU5oSXjbv+Rx0hU+c2Tic/E8ORX1/1SW50Y0ax4IxFat6mwhndte+4dX00KyCCnaRDvnFlR9Eag1C9wQY/GwAeMJY6Dqv9oWSBVRsIONatSogYZ9mTk5ueDrPbfBbVzLKs/5ZbA3RScxKOe5fiCiZ3RQCdPbrd356rGwCzD/k008zGxJkW7aeFxBhpTy7XRKhUUjw4gH7FOwZ71qFlYxvNkOu6QnpFXez3ks9fAIBL2uMHlQfARZGwm84MdEOHCPKq1TI6NmKsqEfXS91hW5iKvH9KUa0FOEhFHY5W6tR1gx0zfGvjv1ofqSMdUSBhHPOuc3HouBK96MzStfyNzePGuAMbsAC+ogn2Dsy55KQiHKvnAW4G1gvQ==,iv:4QN2aeK0jbbzR+qIHHSCLV7/OnZ3vQAHpUovlmnftno=,tag:vFMX8Ep5xJz8eBlQmKXCxw==,type:str]", + "sops": { + "age": [ + { + "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArRjlwVmpOU3l3aXIybU5N\nckJrb29rZE9OS1dQTzRSVitCZ3pIOExUM1JnCk1vMWZ3THFXR253L3Nmc1g5NnMz\nV2Jwc0VqYWx4eFJLcTRNMDh0V2M1bkUKLS0tIFFLdFJIclVZMmsvWTFKSm9BMDVj\nb3hrd1ZNL00rNHFTc1d6azYxT016NnMK06sT9B1bV3Cst+SQsZWhFAxxN9wEzQ62\nEMfKu8flDkpXOfYhT7O5gjMMYmC0m6UIt8Gth0E2PQsqx0WfcoshIw==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-03-31T06:02:33Z", + "mac": "ENC[AES256_GCM,data:JYeelZkxYyfciMcksE3b8YKfefzlTJc4Piua8A1Lg4O2Xqz5TpZ7sLyAiqdkKAQsorFYnIjGwhIHx9PrDme1+oioCHJqCsO9Kqs9RLcwVZbBIw+UKlFdc5wNLc55qvP3GSVMLO0/IuXETaOd6IVzFxX76EJT4LTOF4Vv1pz/ymU=,iv:Sll8IvjiGO5kPbdEDXry8j+0pSMIioeIx4LrcfpyUxo=,tag:tGnRLCXcCKlifLp8JNcE8g==,type:str]", + "version": "3.12.1" + } +} diff --git a/vars/per-machine/ulmo/radarr/api_key/secret b/vars/per-machine/ulmo/radarr/api_key/secret new file mode 100644 index 0000000..33bcc77 --- /dev/null +++ b/vars/per-machine/ulmo/radarr/api_key/secret @@ -0,0 +1,14 @@ +{ + "data": "ENC[AES256_GCM,data:aXUOYSlckxmajWwXgypF/ZR2zWIuenIdTLbntSuitbMj3JqiXa5+vb152w8cSz/7u4PCbri5sdoenGOV6LZar8ZpI937py7e93F0QIvuk629MTJMqFAkOtWxo/iW0u6SEH5TZXb+BaULJ42el/uQRKooumvC+R8oF6SAhG4Iw/xf,iv:wfSWMQcEjur4WgMyooAa2Mz30EW43/oCJKg7jVOUU/M=,tag:1wFqb/rkJpa2+QJuJcMerg==,type:str]", + "sops": { + "age": [ + { + "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvWm4rOC9KdHN6UkRBTkt2\nY1VTRkFORnUwVDk1Rll4SklmOWJnVXZpdGhFCkxZRzlZK2dVZGRSZHBqd0hoekdK\nUTNnNjFkNWdLR1dyc204dU9hZk43ZUUKLS0tIEpDYWFpeUUrV0Z0a0t3K2VyRUh6\ncG9YOVlqZ3hMVXhTUnM4L2xZcndnR2sKA8Yb2lU7MgrrtYqTbxLFFo8F+OX9Gz8P\nBm23AO8MrM13NDP+TydE+1cgg2DtFDxJVE9dVNCrZyVDOFvz0ymT9g==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-04-02T09:25:54Z", + "mac": "ENC[AES256_GCM,data:zg6RfqrPbVV61NkY+2diHRb4nY/Z4lmrIhdtc4l/Tp9im6tqDy3/mkybElX6qzEeT27x/kukqBL8IGDFKBcilfgXKzyV0uACvMRO4vntIpHr4sFjdsieECcLFEI4bGD0hSPEu9Pvq7QAKRYL+F8/C4MX8zopEA+fnXQ4HfWkBEQ=,iv:LIasq3mOq3ELb2xrWAMQ+V7TgD8XhZl3XTWZRDAIW+Y=,tag:YspXHQWp4g6ToALONfY/cw==,type:str]", + "version": "3.12.1" + } +} diff --git a/vars/per-machine/ulmo/radarr/config.env/secret b/vars/per-machine/ulmo/radarr/config.env/secret new file mode 100644 index 0000000..48d16b7 --- /dev/null +++ b/vars/per-machine/ulmo/radarr/config.env/secret @@ -0,0 +1,14 @@ +{ + "data": "ENC[AES256_GCM,data:f6GLpyp4xAFuocaf6tPbysWIbPQfzn9SCXZ1AyPOJ9T8B1+6ssM5zFGKGfcWvzm7A0S6fthV+uQrFvlJkpcx+/W9p8yt2ii1YpcmPGzL/2kOW5Ye3Vuo46kHfOzs2UqXoW/u/L1ymBnLaD8R0crdrLYrbKzDbSycGzuLS1Prn6XiSoGFRUp0WGhhqJL3fVuSSF6bXuJgt0cmwVcO7BvigCcKWuKYt1DfJevHbae666k5MNxWKphPNTeBkQM/eXSZtRrT3pBEt+RGssAqfU+vvxafdxGtzGEYINQZSRcPHGC4cBLWKBuJ67+T9tTNRE40bPu3RVF6luBjMiJETqPwQPnJU8PXcvy1k+vxo4/Mx4gExX8fB39yxL2cxYSDB3ttiS3+HbLr6i9MPIpJ2TPsMdY+eOhZ,iv:CGOI7PlHRQ/z+ocR4EL1iJ93BcQJxHNu0FF6VMx/bvM=,tag:8RwjHKLOZRgevWpAlbvkug==,type:str]", + "sops": { + "age": [ + { + "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxWTFPaGdaU1c1Q0RucjVZ\naU9GdlAvUHpIOXFtZ2czdWh0WUJzbVJTOHhrCnl1ZHpXR1hxWFljUW9JRTlicWZK\nLzdVckcwUzIzSzRZZy94ckNtaWxCbTgKLS0tIDZaQzdzZEFTUzN5cE9vVUphWnVL\nZEN2N0p4RTZwM0lRL093OTZlcUllOU0K6nrSoA89k+y7XZ1/Y4QWAoDt6hUfAC+c\n33IIKdjGd8hEHj7ThvqQQfOmfWDpPCzA0prHLzSW6FDTeUm5CQGxFQ==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-04-02T09:25:55Z", + "mac": "ENC[AES256_GCM,data:pLIVtYn6GOb0cWJRdQRo2YDnO8MteNeNx/hAzfxHgOAmBbz6NlMRAiGrqGro4H8KI+osaZ8NHcyCh4mnj9i/i4dV+pa3X8PSSxAnahK6vjA+B8sf85WPhsFcoBFCtjT6CR1CkR8ktTE+s3SbjdRVk0Hh25T7UzhmFZIgKFvexZ8=,iv:UKXwBVX0R3zmvz6QJuUPtX+WRuE/0L+JlItc7vqpY60=,tag:6SwncaLMWt70WcpDp5u7Qw==,type:str]", + "version": "3.12.1" + } +} diff --git a/vars/per-machine/ulmo/sabnzbd/api_key/secret b/vars/per-machine/ulmo/sabnzbd/api_key/secret new file mode 100644 index 0000000..74393fe --- /dev/null +++ b/vars/per-machine/ulmo/sabnzbd/api_key/secret @@ -0,0 +1,14 @@ +{ + "data": "ENC[AES256_GCM,data:Hjg1GjSENrhiqIa3E0bMsmVwKFBI5PtRu+FeCdhICpKUY5UIgdnf5DiM+hv2ZYIP6iP/t4KN2aOQsYBD7UgJeS1fNuDn9UD7ZhipJVqG0vR0CwnVl5/ynJaYAWpVQyA5v+jWpSXp5kNa+sSYfwPKJgoWwWnsji157iQ1CVQkQ43f,iv:y/loJ87JCFQv4hAfRmhFOG//qkYCB0iE6WLH+MOoeM8=,tag:X+N7M1sAv0fRKXE9pOyQkg==,type:str]", + "sops": { + "age": [ + { + "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsYjhvWTI1Y2FkOFQwMjUr\ncmd3eXN3SSt2NGN1eWp2RTZYd3AyaTQwSUQ4CnR2VURjLzcvdFRKbWlwc1dJYytZ\ndjUyT0o0eC8yQmpCU0orU3UwbS9BNmcKLS0tIHpaTDcrckJyZlF5cW5NeW1wOTdx\nMXQrZ3FzeDZFaUg5MmxoMGQzRTVpT2sKXUKhnjPqpIVDcJzV9BlCrc5hJhx6bsTs\nOpak6eXFkery72dZdOXvijQ8DGUl5tfLXmlHd77kszuSOOTHutqnmA==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-03-30T13:05:06Z", + "mac": "ENC[AES256_GCM,data:9ERg0A43TKDudtI5Vq4sNmBV1z/6WG8VcTHykVoRsSvEIESPxKveSFOvoa/2pifM7xsGqHabPcLBzJU+/sOKTLVK6IdL80EbCilZFCQsUYxc0zu41+NdTzLBmD50fW8G9H93B5osOcmcTtKPWgwvyEoJ+O/aVzQWlukEwDo+vcI=,iv:kJmOlShNhtF03CxjoQfUv65ricphC3KrbTfMvlUBa/s=,tag:huaI5sxj9JIKYEqrstw7KQ==,type:str]", + "version": "3.12.1" + } +} diff --git a/vars/per-machine/ulmo/sabnzbd/config.ini/secret b/vars/per-machine/ulmo/sabnzbd/config.ini/secret new file mode 100644 index 0000000..ddeebc8 --- /dev/null +++ b/vars/per-machine/ulmo/sabnzbd/config.ini/secret @@ -0,0 +1,14 @@ +{ + "data": "ENC[AES256_GCM,data:WVP52sevgJzYb4oB9N24uhKqo+YV/WFjHmmFDO80SNyARTueG0s2eXQ+UeXbodo0nGk/f7tTxYJRcmZyBLMGuks9YKKvn6zOZ7LZY72csO14XAI19P7sTupGOs43PpvQE8212/M18RMPNRIoj0od0HeDxhhFa61yhtZdclppJw3YIxyAfLGaCqV3LUrFIv3+hlM2zymJTi3QDucxL9h63tlv8ijwFg1ZOV/80tSQ4aEeMmic8LCbAbETtdYViQXHJLTNEEDFK/vL8eMHEwULPmw5yOjbWEyqVGO8FHDVbo6Aaj5EZGkiiEQccbJUbuM46J1LzLEjvobg8LKFcA/sVoiiqGp8b47qHbb+dswM5e5vQx11vqDI0UyQcxHuSxtSXJWqi9xKRf32sNhs2P/u1VDLBNCZDtc6z4cTzDHWKn5Dpm+G3oe9OtcA4Nzk/T49pGsb0AZ9WKSo2aAXlyoHfA3bfm+pWyAhEn5wvlhWojhJX/wRTg==,iv:Jdx8BJPx/Emszd/Y3y8y+j3Ogfp0I9fXdhAU5SToTj4=,tag:npMFKmFv+4dcp5Gi5Vyvkg==,type:str]", + "sops": { + "age": [ + { + "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXMmM0UmtEZ2JDMnFKaitk\nZjh4NXU5Sk15aGNBbVdJa2xSRTVmbUxFc2pBCkhPSjN1b2Z1Y01XYTlNaXpObFp4\ndSs3QlFXbTB5YnRNZzZaejFjVms4dncKLS0tIGwrckxId1F6OGVlZGg4UWI2cWdI\nKzBZU1gxNlpNN2FaTVRHd3FiV3ZzMkkKsi+bSSHNZ5UR//r7Md5Cds7ZjaAgHLqn\nh9gsf9q8Q1dM8LXyu7s0UEApcW9PVWoFAJKttn5mK0VMl0CkUlhTYw==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-03-30T13:05:07Z", + "mac": "ENC[AES256_GCM,data:U1oKfi5RKpLIJOS3mM5y/pQ+8cxGk3dmza2YXk9kfBuzV1LfjCpSoFFGkuLWESA2rbZZEjjqRYfcgi0n8bTzWN8JZFZ9ZTI1ffSjKhVWdC5vqW2XmBlUC3GvAg/huGLd4FGO02qJMcqmnH94pzAglH1uhB7sP6K54w6GEUNEBnQ=,iv:mt+DmM/V1u5mCXjRx7y5RDW0gkmKHC8jYFCrqmbeiWk=,tag:+0f7k/bLwHznNtDt7boRmQ==,type:str]", + "version": "3.12.1" + } +} diff --git a/vars/per-machine/ulmo/sabnzbd/nzb_key/secret b/vars/per-machine/ulmo/sabnzbd/nzb_key/secret new file mode 100644 index 0000000..9ef806a --- /dev/null +++ b/vars/per-machine/ulmo/sabnzbd/nzb_key/secret @@ -0,0 +1,14 @@ +{ + "data": "ENC[AES256_GCM,data:PconALoYtJ9/rw1rlo1jPAZTbcEYbBCHOC2Yt4V/gunFGOGoRZqENAJgOA8DICNvbv/04Mv2R9kJtHIwNXOfij0J0ySo20Tj6hTgTFIPOmNts/7lA3GFtCzsDWPokGmLwYzq/cowNTs2Vh2tZBJvL8qZtBBY607fmxlL9b44wjKm,iv:6BdN5nXBYtKHPdYn74AxetgllLFXIza/jktIGt6uMU0=,tag:riFepVvAaFcDSZHz48q5KA==,type:str]", + "sops": { + "age": [ + { + "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqd1B1eVBVUkVYZDV0NVlB\nUWNDYkZrbndOZkI3THJWa3YvV0dqc055c2tnClV6MGdsKzFRaTEwRlU4dHVXdGJR\nUzc1M3dKWkFPZ243UzA5ZnYvVzVjYjQKLS0tIHhhMnJ6MmcrTFZvc0ZQUDNLb1Bp\nbWdsOGhSYjJkZTRNTXpsV0hxV0I3cTQKjKfRJ7B4wDi0Z7ELkyosdxWPT4qdHtNu\njHDRfgmhD0EGgntwDohSCuxTyp04jQX0gO2/wF0oIFddP5cJQBZm+w==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-03-30T13:05:07Z", + "mac": "ENC[AES256_GCM,data:p6VDaZr2vq1As/qe8n+fjV31+IurhYcgctUTJ1Zh7QkQRKBRXqfHQAZIjJttKUbhEp7hJBVGT316lDNJ9uKLm2vkO3CKrb15Jd0nKBWIsAknOF+ldhADQ9+Vt2W+tW+RMvVjq09fyKihU+j/5NtoaFFnZoK6gPjCWOcKuDVYor4=,iv:3Mn5MDdZmYhS9d0C6IcV6OWxrIej+N9RmVwHRa3N5Ys=,tag:pWa4Cj/X2wZiuGsFrVbwYg==,type:str]", + "version": "3.12.1" + } +} diff --git a/vars/per-machine/ulmo/sabnzbd/password/secret b/vars/per-machine/ulmo/sabnzbd/password/secret new file mode 100644 index 0000000..757c532 --- /dev/null +++ b/vars/per-machine/ulmo/sabnzbd/password/secret @@ -0,0 +1,14 @@ +{ + "data": "ENC[AES256_GCM,data:SkOlXNgGnZ1w,iv:SL+wXz7Ifpinqbrlv6Z6Lw2OYugZviGK1yLyHkwY1xM=,tag:iebP8vOoFCTWesHbq/QKvw==,type:str]", + "sops": { + "age": [ + { + "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzV0VuUDh0K2l5bXYwMWJu\nVnJ0dnhncEtpU1JQTXNwSXZXczBvb25qRnk4CmZYUjJDYXAvTHZPSmtjQkdHYjlh\nbWxmaXFFZGY3b0ZDR3NQOTlBYnBVZmMKLS0tIExFTXVBUU5GOEJWdEZ3VnpWTU9Q\nWEg3TjBxM21EbWszSkh3c25oeEVNTEkK3FemB2jA6fVil0z2FA6u/4nH0CScrE2B\nKS37nP35ufv+m/5x00+WNOgppfj3X61mKLmeJZ+Vj01hr4tTPegddg==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-03-30T13:05:07Z", + "mac": "ENC[AES256_GCM,data:YVBRGtUoLSLl/B6JOwckAh2olXCrbbu7S/jE4DyHqO41KdSufQ1EUm+gzaXYnW64oiyKtMAHZPYJS8z9i91zGDs6oUOtW/2vr0LWyIkhEfXAB5Lbm4Im9SqJ8uOthjVQNVErMJOu87P16Ud37v71wkIXa6UImwPLtn5nf2lD5ho=,iv:L8BpU1VEWCtwTeXDwAMqWzKdvzxZbkYPC854g5Lfrs4=,tag:ILEjAo1f8i791ORUQgzGoA==,type:str]", + "version": "3.12.1" + } +} diff --git a/vars/per-machine/ulmo/sabnzbd/username/secret b/vars/per-machine/ulmo/sabnzbd/username/secret new file mode 100644 index 0000000..317403a --- /dev/null +++ b/vars/per-machine/ulmo/sabnzbd/username/secret @@ -0,0 +1,14 @@ +{ + "data": "ENC[AES256_GCM,data:GOtu+wDVCaCaOIcAjMZFpQOvwg==,iv:05f4WFx/u/zkBOfD3woUnlgoab8qqgCxc7tJvLd4FBI=,tag:0GcqnjlKC34dWWQdNDaVwA==,type:str]", + "sops": { + "age": [ + { + "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsVGJWMzVvdjZhM1Biam1P\nN2ZNY2dBSTBLejh0TTBkV2pVcVEyUEhxQ3dzCjRtTzY4NmI0UERTeThGMmZ4aUdI\nbVZ6eFNQZHNzNy9pTS9DYjROZGt6Y28KLS0tIExuVnp2V05iMHlBR1BqWE1scDFk\ndS96eWFSeEozTXJ2VWtJNUxFVXA5K2cKo/7Xybb8tzJQa2zUHmZMJir27ytBoCx2\nI2XBaM8L4eT+OJzO6PodSaQCfQlfEEVlqZupRA2YzeYXUGZqzPBgpg==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-03-30T13:05:08Z", + "mac": "ENC[AES256_GCM,data:X5V3TeZbT8YkYwL7blD8p70A8cER28DBNJT2EC3EdXfd3ATcGrwfpQYt6v18p0msSMRWHP0BIxKutDHUzWjERk7U2Lj221zm5GwjMevZDAXFNKKk4GXmCdpSeVpX43+37UzSKA78cEWca77Yor3fEBfusGux8fMG6XD1wFoRXqI=,iv:36IjknMbyu372BegqV1OBPS+8e3J5WaQ2WYAHQ93Jps=,tag:FWN4tkv4LXvelotNjD2ieA==,type:str]", + "version": "3.12.1" + } +} diff --git a/vars/per-machine/ulmo/servarr/config.tfvars/secret b/vars/per-machine/ulmo/servarr/config.tfvars/secret new file mode 100644 index 0000000..da73b4f --- /dev/null +++ b/vars/per-machine/ulmo/servarr/config.tfvars/secret @@ -0,0 +1,14 @@ +{ + "data": "ENC[AES256_GCM,data:51cLOUJ3H/3423I/GbU6hpcCTABxz73xLX6eJgf93+se/COTByNELcej9AI0pcVpBlkhe4Cun8rf8BRSMunZbt4RQl5LdXZdD+6MNAP/aAZUVv4I3ZcdEE0vS7IPcYx5IB6E1EdvQ4QjuCsit65wt9OeP0NqPULoNbvjitMaDrr1tWcJyLougLkKeTi525LbxFx+gNRaqCUdZT5yKlql+Xc+wUbiTCRKUOUFxOGh1uwx1/T24vnQWpqMFzEVe1NT6yKBIe4Vj4fAe+D5Xeg6YO5Adspq72jhMjMV0WJTAXoTPqmjnpRDqzk/HJglGWmZXgsMrsptn6SA20sn7Fersp0wi0n+1iINalQaS2okzGQItX+ouBj0VEBsauYhrrh/DLuEiWDH/EfMgkxCEBKmUrRPKm2sa5e4A2Hz86PFW1nzQJI9eIi6ibmMYwWILbqQgHwQeDw3sYFgtwIHpM9fei51KAdNT+fA6cLZPQKCzUxU8OIV0w5ZiNRu5FMmKXFoYIbOqUolGH9U5CqvD5Ep80d9140SkxPdX5gTdpYAhkIZvhGkIADIimk3YMuUSP5+IgATw1rX1bbwgEsCjdPZFzzS/i5jshxw3WcGNKFvmxeoeZbCu5jt2tISR1XXNa301r1lofGLKu2PneXotnuzjYZc4W/g6gDzrzh+kFV3X66p/4705m7td0KVw5ESgbCal1SZv5DQmvNaDXJutDGPz/zsfC98qSyWBK3ObRgO29TkcDzrrnkh8KyiUtbKelE1I/dRzoe2SGFKZNYJporomE949xsKsS6IcXjxCWTHw66AW5ETVqy2vGoW4zoWQimQj9FNYBMAGGXEHJUyORqHqqGAY80qxkC0r4DGfMI0P0F5IoFvELnuMKkSFJyzucJTxjv+I7Se4XdmGBzy3z7fASiFpiWxwOQi2CShRUypTHE+Lpa8hLRqnvEq5U7NvXSwNZEs9E0HLjoJrsQL8wfOq7eCtJtKVSCpTuz3HKldt7lMzF1Bt0J9qCNdvTgjm50UIDQeAAw0E54PdKDLBoaNV6G1brpYmlW0NY/0hloWmGlfTArhdh0REH0Pzb8P0b5F66yQsVNyMStGPMkRo5btgHMHaQPoL7cSXZxWPgvBXbw5nzusi2xy64mjrz7YRY/jRgNsxrjWICOYIFnAyX/3eqlSzga2H3MAeMGw6SCu5Zc=,iv:u/2+hqF3Z1rkfTtziaCYYphBNnQjRpm2/pOtatq2ku4=,tag:8Z2Ahw1rKfgElGKBfjZL8A==,type:str]", + "sops": { + "age": [ + { + "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCWTUwNzVwd0ZQZXJ1SjRq\nYUg1MHNBc3RiQm1iclg2cGhJd1YxNHE2bFRZCmlxTjRPeUI5ZkwyTTlLWitNM1Nh\nYS9CMVEvTWdqU2hQa1MvbUVrM0xqREUKLS0tIDVrcmloaFJaOWNHSFUyUFZ5eGtl\nNUFaRTBZbUZYU2d4bmh0R0E1eUxFeGsKh2kSO3CRjcHcP4QzaJOY01mHx+M5TGZJ\n58Fd4lAk9CAjdoXBvlNsn5WshYpPpCq6jX9gLffn2rDUMKMDl7wXNQ==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-04-02T09:26:02Z", + "mac": "ENC[AES256_GCM,data:O4HiHY1pm5Re/kIcI2vTPL8vFjTFcr1rFBW8ddBu4BGoFTaJLqFsaeTV2NzxWMr3Pag0JfSK4D9SsWn/n4bEO2R37aXTox2fH8UPJ90jqAkevAb85eJlC3Jk45W+fzQ2exCFBjqD7xIRtJ+r1Jyu4gGUZMHuRgAlR2rZllVHAbI=,iv:ePxwH2SfFe9U8zJqQE8P7lsBreSBcQc9qhPjFJw3e7I=,tag:Mcelz9XNBokPftpMqrsySA==,type:str]", + "version": "3.12.1" + } +} diff --git a/vars/per-machine/ulmo/sonarr/api_key/secret b/vars/per-machine/ulmo/sonarr/api_key/secret new file mode 100644 index 0000000..b8328cc --- /dev/null +++ b/vars/per-machine/ulmo/sonarr/api_key/secret @@ -0,0 +1,14 @@ +{ + "data": "ENC[AES256_GCM,data:C1ajlE0mhyVKJ4uKYLuwJyZCUUiox6gLoVz+4n2y44HE1pFMMgjhNa/i/Z95mjS5otAW5IbruDavhxpepzpKgddec1rmf5og2E8FQauZpED2PiyX6+/sbRa9rzoKP73aYwtlkL8i0KbyeSshKqXIVlJwv4RYqdrusVOnEWS4RgdM,iv:z5p8Bepg+wg0vgllQmqLa29Q3YJqg/V2FlIV04nc8Rc=,tag:PcHKoSHzI0AYsyKj9Mw4pg==,type:str]", + "sops": { + "age": [ + { + "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXZHljenNaRXZXd3ptWTdB\nYVlNeTV0RXU2RmM0T3ZlamsyR2d5WVlQZ0R3CnMvekMyb3pScUI0OVpqaDFGRmdY\nK3NBOE5XQTM1b3gzclFoYjNKNjVWZWMKLS0tIHZjaHVwOEwrTktPSllvb1o2VlBH\nT1BldzBDY2orenJKUnRZdk5MNWVqNWMKnw9mXQhaIiNC60YdDC6U6Vkn41fIlX0o\nGXKPpUwwkDrHD5ZmDrYm23C0Id5dlAAD8Typt6vowTqVR9E6plTDEg==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-04-02T09:25:58Z", + "mac": "ENC[AES256_GCM,data:/ebZBVAEEc5WkNbEoDwkak+MMALV0RpGb/gpOrp75QGliZvtaADgEhD0GekBv4c4v7f4jE06Ed/waYozF96lqRVmzUZVt9pBT5ugsF8UC9WaJAOCZyIgfgWiAGo2k/MdAhjw6efWWqpCb+TwyziqLHQfGUkqsn1LjYcTqO3iDUM=,iv:4K8rgHnrE6E5fQk8VqHT2bu6wD2NOrKtIFCIp7oLyxw=,tag:MhB4gbjdVPa8JEFHuIQmNQ==,type:str]", + "version": "3.12.1" + } +} diff --git a/vars/per-machine/ulmo/sonarr/config.env/secret b/vars/per-machine/ulmo/sonarr/config.env/secret new file mode 100644 index 0000000..9e5ffaa --- /dev/null +++ b/vars/per-machine/ulmo/sonarr/config.env/secret @@ -0,0 +1,14 @@ +{ + "data": "ENC[AES256_GCM,data:wHSARDRyTbBqReZ6xmcw0Mb6NfgP5dVztrYnRbQTjV/hpn+i5f/7MaM83MrkNAyrt0bd2p5sSWHhUqWczhv7EFVeioccIWHD7SSVHzw/2y4q2ptq5IZJ1KTsXQvTITdfwsGacN4K0OdG5BbMJhbE5QItI6OoV3B2qOP2llw0bVHivlwFsqx/AtIDSbAFGb+j2eMV8bIXpx3fcKeo2S+8V0931rD7kftreKEhtS5DRk+OUrT/YbJ1M+6kp4eGYUl0c4cC2BhIjnJcEufnxrqiCH+Q/1L3k0HgSZuaAMM15yVo+xv/wQZSpHBexHhIojdIKLdHsexsMf2alEi0JyAEMaMRJBriErRIlq1fj85MXNjI/dYUCdeBPk5CN/Kqw7UQIOOPxbjiepga5J+UYNa4y9myvHOT,iv:LpmsdRVgQNeligzICGdxliFr1ukqOHTaY1rcJJ11nvs=,tag:ZuRd3P3KeDBOoc1VKR4xPQ==,type:str]", + "sops": { + "age": [ + { + "recipient": "age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEeTdCZEg2cUxtNXFoTndJ\nQnZFWEYzbHp2WU9mT1BWUG5rMUVQU3F3TzNVClpTOTFCOWMrK0ovQjhybjI4TlEv\ndGZkekxZc1ZvbURrU3NTZFhwMkZCSkkKLS0tIHZYOU5DbHhiQ3lhOHZBaHgrTGdi\naW5ZTUFtZlkxQmVsZFBRd0pBcUpZc0kKB+dJmF88tlmFDOdG9BJCSwGFBG69Ja4b\nGV0bqJpiojcxYiscuvY1o98YlbhXqdIC5mDzLJqWARhsRORFCc17mg==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-04-02T09:25:58Z", + "mac": "ENC[AES256_GCM,data:zgmV6N1vUf0P6nRB3sGobaM6u81yg5HrQHLsIYZj/+4gTZWznuodX34r4uZ4csdOpmJ1MvvUie399CJrnESw5b2eaNvXBeSinBRlgKxamvPkj881VeW+vuFXb8w5E5gmaOs/Vi81BhaWC7Ifw+YbpfzvZIMGrs2UqtQGhRckZPE=,iv:y1JlvYj+eZo5vhgpADJk48aUAik5CRKlfmZKaDZts8w=,tag:8C29f8g5n4xUNKM6MpcUsw==,type:str]", + "version": "3.12.1" + } +} diff --git a/vars/per-machine/ulmo/state-version/version/value b/vars/per-machine/ulmo/state-version/version/value new file mode 100644 index 0000000..abbaa1c --- /dev/null +++ b/vars/per-machine/ulmo/state-version/version/value @@ -0,0 +1 @@ +23.11 \ No newline at end of file