chris/sneeuwvlok
chris/sneeuwvlok
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: chris:11310fdfbd50eb3d3a902bd9e2a0d5583a440842
Branches Tags
chris:main
chris:feature/convex
chris:feature/nix-anywhere
..
compare: chris:f3e58541207a54fe4d836c70db3f0fd919f9ecc5
Branches Tags
chris:main
chris:feature/convex
chris:feature/nix-anywhere

12 commits
11310fdfbd ... f3e5854120

Author SHA1 Message Date
Chris Kruining
f3e5854120
start on poor man's clan vars
Some checks failed
Test action / kaas (push) Failing after 1s
Details
2026-02-24 15:55:08 +01:00
chris
6fde383844 chore(secrets): set secret "coturn/secret" for machine "ulmo" 2026-02-24 07:24:45 +00:00
chris
f98cc52d62 chore(secrets): set secret "grafana/secret_key" for machine "ulmo" 2026-02-23 07:25:55 +00:00
Chris Kruining
eed7d360c8
Add default value argument to input prompts in add recipe 2026-02-23 08:17:09 +01:00
Chris Kruining
e1614dc3f7
Fix formatting in Zitadel and PostgreSQL Nix modules 2026-02-23 08:17:01 +01:00
chris
625e79f042 chore: update dependencies 2026-02-23 07:16:15 +00:00
chris
0c778497a1 chore(secrets): set secret "zitadel/users" for machine "ulmo" 2026-02-17 16:35:02 +00:00
chris
7deb710db7 chore(secrets): set secret "zitadel/users" for machine "ulmo" 2026-02-17 16:06:04 +00:00
Chris Kruining
35e608ff9a
Add --build-host option to nixos-rebuild command 2026-02-17 15:40:08 +01:00
Chris Kruining
b72681ff63
Update user scripts and table formatting 
Add doc annotations to user scripts and refine prompts for user input.
Improve table.jq to use keys_unsorted for header generation.
 2026-02-17 15:39:55 +01:00
Chris Kruining
10a1a324ce
Fix table.jq to use correct index in to_line function 2026-02-17 15:39:36 +01:00
chris
fca97a534e chore(secrets): set secret "zitadel/users" for machine "ulmo" 2026-02-17 13:56:26 +00:00
8 changed files with 153 additions and 115 deletions
Download patch file Download diff file Expand all files Collapse all files

7
.jq/table.jq
View file

@ -24,13 +24,12 @@ def to_cells(sizes; fn):
def to_cells(sizes): to_cells(sizes; null); def to_cells(sizes): to_cells(sizes; null);
def to_line(left; joiner; right): def to_line(left; joiner; right):
[left, .[1], (.[1:] | map([joiner, .]) ), right] | flatten | join(""); [left, .[0], (.[1:] | map([joiner, .]) ), right] | flatten | join("");
def create(data; header_callback; cell_callback): def create(data; header_callback; cell_callback):
(data[0] | to_entries | map(.key)) as $keys (data[0] | keys_unsorted) as $keys
| ([$keys]) as $header
| (data | map(to_entries | map(.value))) as $rows | (data | map(to_entries | map(.value))) as $rows
| ($header + $rows) as $cells | ([$keys] + $rows) as $cells
| ( | (
$keys # Use keys so that we have an array of the correct size $keys # Use keys so that we have an array of the correct size
| to_entries | to_entries

2
.just/machine.just
View file

@ -8,4 +8,4 @@
[no-exit-message] [no-exit-message]
@update machine: @update machine:
just assert '-d "../systems/x86_64-linux/{{ machine }}"' "Machine {{ machine }} does not exist, must be one of: $(ls ../systems/x86_64-linux/ | sed ':a;N;$!ba;s/\n/, /g')" just assert '-d "../systems/x86_64-linux/{{ machine }}"' "Machine {{ machine }} does not exist, must be one of: $(ls ../systems/x86_64-linux/ | sed ':a;N;$!ba;s/\n/, /g')"
nixos-rebuild switch -L --sudo --target-host {{ machine }} --flake ..#{{ machine }} --log-format internal-json -v |& nom --json nixos-rebuild switch -L --sudo --target-host {{ machine }} --build-host {{ machine }} --flake ..#{{ machine }} --log-format internal-json -v |& nom --json

13
.just/users.just
View file

@ -2,8 +2,9 @@ set unstable := true
set quiet := true set quiet := true
_default: _default:
just --list just --list users
[doc('List available users')]
[script] [script]
list: list:
cd .. && just vars get ulmo zitadel/users | jq -r -C ' cd .. && just vars get ulmo zitadel/users | jq -r -C '
@ -25,6 +26,7 @@ list:
| join("\n\n┄┄┄\n\n") | join("\n\n┄┄┄\n\n")
'; ';
[doc('Add a new user')]
[script] [script]
add: add:
exec 5>&1 exec 5>&1
@ -47,10 +49,10 @@ add:
jq -r 'to_entries | map(.key)[]' <<< "$data" \ jq -r 'to_entries | map(.key)[]' <<< "$data" \
| gum choose --header 'Which organisation to save to?' --select-if-one | gum choose --header 'Which organisation to save to?' --select-if-one
` `
username=`input 'user name' 'new-user'` username=`input 'user name' ''`
email=`input 'email' 'new.user@example.com'` email=`input 'email' ''`
first_name=`input 'first name' 'John'` first_name=`input 'first name' ''`
last_name=`input 'last name' 'Doe'` last_name=`input 'last name' ''`
user_exists=`jq --arg 'org' "$org" --arg 'username' "$username" '.[$org][$username]? | . != null' <<< "$data"` user_exists=`jq --arg 'org' "$org" --arg 'username' "$username" '.[$org][$username]? | . != null' <<< "$data"`
@ -72,6 +74,7 @@ add:
gum spin --title "saving..." -- echo "$(cd .. && just vars set ulmo 'zitadel/users' "$next")" gum spin --title "saving..." -- echo "$(cd .. && just vars set ulmo 'zitadel/users' "$next")"
[doc('Remove a new user')]
[script] [script]
remove: remove:
data=`cd .. && just vars get ulmo zitadel/users | jq fromjson` data=`cd .. && just vars get ulmo zitadel/users | jq fromjson`

33
.just/vars.just
View file

@ -4,15 +4,17 @@ set quiet := true
base_path := invocation_directory() / "systems/x86_64-linux" base_path := invocation_directory() / "systems/x86_64-linux"
_default: _default:
just --list just --list vars
[doc('list all vars of the target machine')] [doc('List all vars of {machine}')]
list machine: list machine:
sops decrypt {{ base_path }}/{{ machine }}/secrets.yml sops decrypt {{ base_path }}/{{ machine }}/secrets.yml
[doc('Edit all vars of {machine} in your editor')]
edit machine: edit machine:
sops edit {{ base_path }}/{{ machine }}/secrets.yml sops edit {{ base_path }}/{{ machine }}/secrets.yml
[doc('Set var {value} by {key} for {machine}')]
@set machine key value: @set machine key value:
sops set {{ base_path }}/{{ machine }}/secrets.yml "$(printf '%s\n' '["{{ key }}"]' | sed -E 's#/#"]["#g; s/\["([0-9]+)"\]/[\1]/g')" "\"$(echo '{{ value }}' | sed 's/\"/\\\"/g')\"" sops set {{ base_path }}/{{ machine }}/secrets.yml "$(printf '%s\n' '["{{ key }}"]' | sed -E 's#/#"]["#g; s/\["([0-9]+)"\]/[\1]/g')" "\"$(echo '{{ value }}' | sed 's/\"/\\\"/g')\""
@ -21,9 +23,11 @@ edit machine:
echo "Done" echo "Done"
[doc('Get var value by {key} of {machine}')]
get machine key: get machine key:
sops decrypt {{ base_path }}/{{ machine }}/secrets.yml | yq ".$(echo "{{ key }}" | sed -E 's/\//./g')" sops decrypt {{ base_path }}/{{ machine }}/secrets.yml | yq ".$(echo "{{ key }}" | sed -E 's/\//./g')"
[doc('Remove var by {key} for {machine}')]
remove machine key: remove machine key:
sops unset {{ base_path }}/{{ machine }}/secrets.yml "$(printf '%s\n' '["{{ key }}"]' | sed -E 's#/#"]["#g; s/\["([0-9]+)"\]/[\1]/g')" sops unset {{ base_path }}/{{ machine }}/secrets.yml "$(printf '%s\n' '["{{ key }}"]' | sed -E 's#/#"]["#g; s/\["([0-9]+)"\]/[\1]/g')"
@ -31,3 +35,28 @@ remove machine key:
git commit -m 'chore(secrets): removed secret "{{ key }}" from machine "{{ machine }}"' -- {{ base_path }}/{{ machine }}/secrets.yml > /dev/null git commit -m 'chore(secrets): removed secret "{{ key }}" from machine "{{ machine }}"' -- {{ base_path }}/{{ machine }}/secrets.yml > /dev/null
echo "Done" echo "Done"
[script]
check:
for machine in $(ls {{ base_path }}); do
[ -f "{{ base_path }}/$machine/secrets.yml" ] || continue
[ -f "{{ base_path }}/$machine/default.nix" ] || continue
echo "Processing $machine"
mapfile -t missing < <(jq -nr \
--rawfile defined <(nix eval --json --apply 'builtins.attrNames' ..#nixosConfigurations.$machine.config.sops.secrets 2>/dev/null) \
--rawfile configured <(sops decrypt {{ base_path }}/$machine/secrets.yml | yq '.') \
'
$defined | fromjson as $def
| $configured
| fromjson
| paths(scalars)
| join("/")
| select(. | IN($def[]) | not)
')
if (( ${#missing[@]} > 0 )); then
printf 'missing the following %d secret(s):\n%s\n\n' "${#missing[@]}" "$(printf -- '- %s\n' "${missing[@]}")"
fi
done

188
flake.lock generated
View file

@ -83,11 +83,11 @@
"treefmt-nix": "treefmt-nix" "treefmt-nix": "treefmt-nix"
}, },
"locked": { "locked": {
"lastModified": 1770634898, "lastModified": 1771802456,
"narHash": "sha256-v05MDDR9Sv8adHsMTNoCHOy4DH5nqOtvaGMeKk4sC4s=", "narHash": "sha256-Ku3vdfRr0JBcTbcu8oNSVYNLLDVrIlDXvuYv0qZaJvg=",
"rev": "5edc04cc6a1183ad85322deed75a9d4824f7e9f7", "rev": "e1f0211652ba266dc0ca504fe3c4775d8cad16f8",
"type": "tarball", "type": "tarball",
"url": "https://git.clan.lol/api/v1/repos/clan/clan-core/archive/5edc04cc6a1183ad85322deed75a9d4824f7e9f7.tar.gz" "url": "https://git.clan.lol/api/v1/repos/clan/clan-core/archive/e1f0211652ba266dc0ca504fe3c4775d8cad16f8.tar.gz"
}, },
"original": { "original": {
"type": "tarball", "type": "tarball",
@ -125,11 +125,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1770409579, "lastModified": 1771586574,
"narHash": "sha256-reWzIb3dxJnLcwBEuT6khzEDvCiBCVTiqBR9C4vH/jg=", "narHash": "sha256-Nzay8rHhCrlFaIiDqlTpEiKZZTUOQsdZJ8wdB+lrJro=",
"rev": "5065ddc67a7009fb81a29f43aa056b2a4552ed96", "rev": "17da134c02b2e92e10ffcbcb4870e5cde0a6c6f7",
"type": "tarball", "type": "tarball",
"url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/5065ddc67a7009fb81a29f43aa056b2a4552ed96.tar.gz" "url": "https://git.clan.lol/api/v1/repos/clan/data-mesher/archive/17da134c02b2e92e10ffcbcb4870e5cde0a6c6f7.tar.gz"
}, },
"original": { "original": {
"type": "tarball", "type": "tarball",
@ -144,11 +144,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1769524058, "lastModified": 1771469470,
"narHash": "sha256-zygdD6X1PcVNR2PsyK4ptzrVEiAdbMqLos7utrMDEWE=", "narHash": "sha256-GnqdqhrguKNN3HtVfl6z+zbV9R9jhHFm3Z8nu7R6ml0=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "71a3fc97d80881e91710fe721f1158d3b96ae14d", "rev": "4707eec8d1d2db5182ea06ed48c820a86a42dc13",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -164,11 +164,11 @@
"tiny-audio-player": "tiny-audio-player" "tiny-audio-player": "tiny-audio-player"
}, },
"locked": { "locked": {
"lastModified": 1770584961, "lastModified": 1771529616,
"narHash": "sha256-5/ZAb9j1ih+14Ma34iNOgotA3BjQpayqg1O9+e2d7jU=", "narHash": "sha256-FiVKf4ZSHCcHOKkQAaIcjQGWiTnlepv5462Djk10BeY=",
"owner": "emmanuelrosa", "owner": "emmanuelrosa",
"repo": "erosanix", "repo": "erosanix",
"rev": "394debf46a32b883dc572472cbda18482eb2de92", "rev": "ed5217725bf19acfb594be8a4a653e3f576a3397",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -185,11 +185,11 @@
"rust-analyzer-src": "rust-analyzer-src" "rust-analyzer-src": "rust-analyzer-src"
}, },
"locked": { "locked": {
"lastModified": 1770621632, "lastModified": 1771743970,
"narHash": "sha256-pp7visGpp5SYL1O/eF1ZyiSqk4AJ5xkEJXw7pw0f4EI=", "narHash": "sha256-eri4eY0fUouYxBgWxJAJzG+xTGXVI7VeNJGcJrqpEt0=",
"owner": "nix-community", "owner": "nix-community",
"repo": "fenix", "repo": "fenix",
"rev": "de681afb16166786926b05a0b528545ad511507a", "rev": "2af8ae8bbe91833a54bd3b9cc24c326b66972a8e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -205,11 +205,11 @@
"nixpkgs": "nixpkgs_2" "nixpkgs": "nixpkgs_2"
}, },
"locked": { "locked": {
"lastModified": 1770642320, "lastModified": 1771811831,
"narHash": "sha256-CgL4Y8mdt7ty4uxp4NfUXKhrSar6TMUtCgmh0M16JGo=", "narHash": "sha256-adtW0jeSg/uZ6anL1mhK+kHAPpYR1+X5kmL6ZtDrQkw=",
"owner": "nix-community", "owner": "nix-community",
"repo": "flake-firefox-nightly", "repo": "flake-firefox-nightly",
"rev": "aef5ff9c6122e50fcef4e06d73435cb6cbfbc888", "rev": "0cd9d065adab3b7d12747ba54cbf0e9b4154351f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -363,11 +363,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1768135262, "lastModified": 1769996383,
"narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=", "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac", "rev": "57928607ea566b5db3ad13af0e57e921e6b12381",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -552,11 +552,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1770420941, "lastModified": 1771538633,
"narHash": "sha256-aWgduwwaVAgdbGInybYpD7zWY1WXs1ZM7vQkkpfWKyk=", "narHash": "sha256-MBA5xFLd4dXdNwCYintpO7yBm2xj92PagsNmYpw+tSg=",
"owner": "himmelblau-idm", "owner": "himmelblau-idm",
"repo": "himmelblau", "repo": "himmelblau",
"rev": "a6a15bc28852010c2aaa643991123d0e4ab06692", "rev": "a734234d38833fc4d0522e79e308daf99bd5f1e1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -572,11 +572,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1770642890, "lastModified": 1771756436,
"narHash": "sha256-XWWHZEy5ZYMOx5hVuz+oeKtKDfv7syl7dwKCBx0LqzA=", "narHash": "sha256-Tl2I0YXdhSTufGqAaD1ySh8x+cvVsEI1mJyJg12lxhI=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "13a1beb7c9962e0d2ba35a4d5c87546509b89b7d", "rev": "5bd3589390b431a63072868a90c0f24771ff4cbb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -593,11 +593,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1769872935, "lastModified": 1771756436,
"narHash": "sha256-07HMIGQ/WJeAQJooA7Kkg1SDKxhAiV6eodvOwTX6WKI=", "narHash": "sha256-Tl2I0YXdhSTufGqAaD1ySh8x+cvVsEI1mJyJg12lxhI=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "f4ad5068ee8e89e4a7c2e963e10dd35cd77b37b7", "rev": "5bd3589390b431a63072868a90c0f24771ff4cbb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -614,11 +614,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1770620462, "lastModified": 1771587792,
"narHash": "sha256-6oT0qd5nRpn+smwnUWgiYgN8+PCyNxjRCiaWkqlijAc=", "narHash": "sha256-XGFLdlLOez7f0rmjlF+1TLXyBguy8gx2aBHx/Q5JXxs=",
"owner": "Jovian-Experiments", "owner": "Jovian-Experiments",
"repo": "Jovian-NixOS", "repo": "Jovian-NixOS",
"rev": "d58e0f3603bca6caf57aff6bf3c7705004e46f93", "rev": "b49fc54950e251f166a2240799315033ab7a8916",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -633,11 +633,11 @@
"nixpkgs-lib": "nixpkgs-lib" "nixpkgs-lib": "nixpkgs-lib"
}, },
"locked": { "locked": {
"lastModified": 1770555544, "lastModified": 1771765102,
"narHash": "sha256-ebtYu7XDrNMKgQ1ZStwHbD53uofYKVZudhuvMCXR3NA=", "narHash": "sha256-RLvOaBEoxgPnGZn9ULbb6xXs98AgiOyPZQpB44XyLvA=",
"owner": "nix-community", "owner": "nix-community",
"repo": "lib-aggregate", "repo": "lib-aggregate",
"rev": "724c7b7f76794102b60482233a0e226056ca5b0c", "rev": "55efa4ba1ddbbe046a4afd17b51867c5348bdce8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -667,11 +667,11 @@
}, },
"mnw": { "mnw": {
"locked": { "locked": {
"lastModified": 1769981889, "lastModified": 1770419553,
"narHash": "sha256-ndI7AxL/6auelkLHngdUGVImBiHkG8w2N2fOTKZKn4k=", "narHash": "sha256-b1XqsH7AtVf2dXmq2iyRr2NC1yG7skY7Z6N2MpWHlK4=",
"owner": "Gerg-L", "owner": "Gerg-L",
"repo": "mnw", "repo": "mnw",
"rev": "332fed8f43b77149c582f1782683d6aeee1f07cf", "rev": "2aaffa8030d0b262176146adbb6b0e6374ce2957",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -729,11 +729,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1770184146, "lastModified": 1771520882,
"narHash": "sha256-DsqnN6LvXmohTRaal7tVZO/AKBuZ02kPBiZKSU4qa/k=", "narHash": "sha256-9SeTZ4Pwr730YfT7V8Azb8GFbwk1ZwiQDAwft3qAD+o=",
"owner": "nix-darwin", "owner": "nix-darwin",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "0d7874ef7e3ba02d58bebb871e6e29da36fa1b37", "rev": "6a7fdcd5839ec8b135821179eea3b58092171bcf",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -771,11 +771,11 @@
"systems": "systems_3" "systems": "systems_3"
}, },
"locked": { "locked": {
"lastModified": 1770520993, "lastModified": 1771641457,
"narHash": "sha256-ks1ZFBYlBmQ4CAM4WSmCFUtkUJzbmJ0VJH/JkKVMPqY=", "narHash": "sha256-TIekRGfeCwuEmYcWex40RTx0Gd46pqmyUtxdFKb5juI=",
"owner": "Infinidoge", "owner": "Infinidoge",
"repo": "nix-minecraft", "repo": "nix-minecraft",
"rev": "b32f4325880b4fac47b8736161a8f032dd248b70", "rev": "c4e2b8969e09067da9d44b6b5762e1e896418f40",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -856,11 +856,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1770645108, "lastModified": 1771563879,
"narHash": "sha256-j19Q1HZNfMxoG1WOGFUF1HPZ/wHkVlLDqjvNhrq5frA=", "narHash": "sha256-vA5hocvdGhr+jfBN7A7ogeZqIz2qx01EixXwdVsQcnE=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixos-wsl", "repo": "nixos-wsl",
"rev": "7cfb408f6a5cd243a727aa3397f4c04f5bfccf28", "rev": "379d20c55f552e91fb9f3f0382e4a97d3f452943",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -887,11 +887,11 @@
}, },
"nixpkgs-lib": { "nixpkgs-lib": {
"locked": { "locked": {
"lastModified": 1770515899, "lastModified": 1771723719,
"narHash": "sha256-hbmM5OSFCXIyoYvmZyQL9mjQ2mh/L1+2/4gf/BpXWNE=", "narHash": "sha256-e+/T/pmEkLP6BHhYjx6GmwP5ivonQQn0bJdH9YrRB+Q=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixpkgs.lib", "repo": "nixpkgs.lib",
"rev": "fd928847a8e03461e4b37699e6218539b610217d", "rev": "36b8fcb216736b0e1869740b324ae521e5df23d8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -902,11 +902,11 @@
}, },
"nixpkgs_10": { "nixpkgs_10": {
"locked": { "locked": {
"lastModified": 1770380644, "lastModified": 1771207753,
"narHash": "sha256-P7dWMHRUWG5m4G+06jDyThXO7kwSk46C1kgjEWcybkE=", "narHash": "sha256-b9uG8yN50DRQ6A7JdZBfzq718ryYrlmGgqkRm9OOwCE=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "ae67888ff7ef9dff69b3cf0cc0fbfbcd3a722abe", "rev": "d1c15b7d5806069da59e819999d70e1cec0760bf",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -934,11 +934,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1770625969, "lastModified": 1771742218,
"narHash": "sha256-3ESg5ra+raxilFcmJw1vihoGS7Abet1v0OpVn1MxPzU=", "narHash": "sha256-ofVOq6pFrLkIE6YanvUDElZJRwjSSJaTuilqhdnatMA=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "69ecaffa7deb4daa5a83cb813f8251665e3af93e", "rev": "aaf43e7c58bb8093a6325ef1d7b4af616779abc5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -981,11 +981,11 @@
}, },
"nixpkgs_5": { "nixpkgs_5": {
"locked": { "locked": {
"lastModified": 1770645638, "lastModified": 1771829251,
"narHash": "sha256-O0Saxnde4K+jWBkZzM+UBknFXlcCzrDXvJkTGZumEOo=", "narHash": "sha256-aCGm04/IRKKAy9qzvSOjSOkcYmNEjaoClo/9FygDp2Y=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "3ebfe71ecd51e74346d2cf863d0ff1d4a3ff69be", "rev": "cb31c55b2ba66c33f94d251251c37802ff5b1dab",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1029,11 +1029,11 @@
}, },
"nixpkgs_8": { "nixpkgs_8": {
"locked": { "locked": {
"lastModified": 1770562336, "lastModified": 1771369470,
"narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", "narHash": "sha256-0NBlEBKkN3lufyvFegY4TYv5mCNHbi5OmBDrzihbBMQ=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "d6c71932130818840fc8fe9509cf50be8c64634f", "rev": "0182a361324364ae3f436a63005877674cf45efb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1045,11 +1045,11 @@
}, },
"nixpkgs_9": { "nixpkgs_9": {
"locked": { "locked": {
"lastModified": 1769461804, "lastModified": 1771008912,
"narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=", "narHash": "sha256-gf2AmWVTs8lEq7z/3ZAsgnZDhWIckkb+ZnAo5RzSxJg=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d", "rev": "a82ccc39b39b621151d6732718e3e250109076fa",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1094,11 +1094,11 @@
"systems": "systems_4" "systems": "systems_4"
}, },
"locked": { "locked": {
"lastModified": 1770572967, "lastModified": 1771704400,
"narHash": "sha256-uQ4g+gypEXoNE6bgQq1UP3mrwUNuemhdD3A7G9tbchk=", "narHash": "sha256-8U9xnN4HdxPfAXAft3lBsArWSv1ZTTxJci1lOA/xpno=",
"owner": "notashelf", "owner": "notashelf",
"repo": "nvf", "repo": "nvf",
"rev": "7a2c7c23966122eac80620dd503bf2b1163ed6d4", "rev": "5c38b357da7e8c870350cd1847fb5b2602a28eb0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1117,11 +1117,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1769956244, "lastModified": 1770766818,
"narHash": "sha256-12RCFLyAedyMOdenUi7cN3ioJPEGjA/ZG1BLjugfUVs=", "narHash": "sha256-12RCFLyAedyMOdenUi7cN3ioJPEGjA/ZG1BLjugfUVs=",
"owner": "nix-community", "owner": "nix-community",
"repo": "plasma-manager", "repo": "plasma-manager",
"rev": "fe54ea85c6e4413fba03b84d50f2b431d2f7c831", "rev": "44b928068359b7d2310a34de39555c63c93a2c90",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1159,11 +1159,11 @@
"rust-analyzer-src": { "rust-analyzer-src": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1770616416, "lastModified": 1771639390,
"narHash": "sha256-S6qG5sNG76JitdRRY0dyEq9+n+4TJuqKrFrtTpripAo=", "narHash": "sha256-igbphgls7JmrblWCIbgBGcL/ZWj0Iv+InySvuhLC5Ew=",
"owner": "rust-lang", "owner": "rust-lang",
"repo": "rust-analyzer", "repo": "rust-analyzer",
"rev": "c75729db6845c73605115b18d819917dbf6a8972", "rev": "af68fc6e782f218c262a8e7e5718ce7276f697a2",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1203,11 +1203,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1770526836, "lastModified": 1771735105,
"narHash": "sha256-xbvX5Ik+0inJcLJtJ/AajAt7xCk6FOCrm5ogpwwvVDg=", "narHash": "sha256-MJuVJeszZEziquykEHh/hmgIHYxUcuoG/1aowpLiSeU=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "d6e0e666048a5395d6ea4283143b7c9ac704720d", "rev": "d7755d820f5fa8acf7f223309c33e25d4f92e74f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1221,11 +1221,11 @@
"nixpkgs": "nixpkgs_10" "nixpkgs": "nixpkgs_10"
}, },
"locked": { "locked": {
"lastModified": 1770526836, "lastModified": 1771735105,
"narHash": "sha256-xbvX5Ik+0inJcLJtJ/AajAt7xCk6FOCrm5ogpwwvVDg=", "narHash": "sha256-MJuVJeszZEziquykEHh/hmgIHYxUcuoG/1aowpLiSeU=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "d6e0e666048a5395d6ea4283143b7c9ac704720d", "rev": "d7755d820f5fa8acf7f223309c33e25d4f92e74f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1253,11 +1253,11 @@
"tinted-zed": "tinted-zed" "tinted-zed": "tinted-zed"
}, },
"locked": { "locked": {
"lastModified": 1770587906, "lastModified": 1771787992,
"narHash": "sha256-N9ZTG3ia7l4iQO+9JlOj+sX4yu6gl7a3aozrlhSIJwQ=", "narHash": "sha256-Vg4bGwwenNYI8p3nJTl9FRyeIyrjATeZrZr+GyUSDrw=",
"owner": "nix-community", "owner": "nix-community",
"repo": "stylix", "repo": "stylix",
"rev": "72e6483a88d51471a6c55e1d43e7ed2bc47a76a4", "rev": "30054cca073b49b42a71289edec858f535b27fe9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1380,11 +1380,11 @@
"systems": "systems_7" "systems": "systems_7"
}, },
"locked": { "locked": {
"lastModified": 1762472226, "lastModified": 1771504637,
"narHash": "sha256-iVS4sxVgGn+T74rGJjEJbzx+kjsuaP3wdQVXBNJ79A0=", "narHash": "sha256-qPYBCcvws0cqVf4blYyxQ6JNxOdvUPK41s2sfqk6wL0=",
"owner": "terranix", "owner": "terranix",
"repo": "terranix", "repo": "terranix",
"rev": "3b5947a48da5694094b301a3b1ef7b22ec8b19fc", "rev": "f3d77064bd135823a30916a1e63b90b7fe4453ac",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1482,11 +1482,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1770584247, "lastModified": 1771529133,
"narHash": "sha256-awRLWslBvfUSreLt0IMyFYHJkvlb3roCtyMtKA47wmk=", "narHash": "sha256-nnd13UkxEGBNCJUpSinNyoDfB1BjhSGnWN8llDM9AW8=",
"owner": "emmanuelrosa", "owner": "emmanuelrosa",
"repo": "tiny_audio_player", "repo": "tiny_audio_player",
"rev": "1efef4ed191f4c9589ccd397b36feb9bc906c459", "rev": "21b191dce6be77dcf0f5baa69564b7e33905c653",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1524,11 +1524,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1770568363, "lastModified": 1771829403,
"narHash": "sha256-RJ/C24wN7LyuMmBgvIutA/PqXXceZtJtUCuZSaTjF/4=", "narHash": "sha256-y6SCyTHx3mfeJphVAP9IcYwmd81l7Owv1WObibVcexw=",
"owner": "0xc000022070", "owner": "0xc000022070",
"repo": "zen-browser-flake", "repo": "zen-browser-flake",
"rev": "2ada8a826ea88512387a5a17ee96f16369bcdd80", "rev": "16e6705c152f28f380aac601c705fbe905a58b44",
"type": "github" "type": "github"
}, },
"original": { "original": {

3
modules/nixos/services/authentication/zitadel/default.nix
View file

@ -444,8 +444,7 @@ in
|> withRef "org" org |> withRef "org" org
|> toResource "${org}_${name}" |> toResource "${org}_${name}"
) )
|> append |> append [
[
(forEach "local.extra_users" [ "org" "name" ] { (forEach "local.extra_users" [ "org" "name" ] {
orgId = lib.tfRef "local.orgs[each.value.org]"; orgId = lib.tfRef "local.orgs[each.value.org]";
userName = lib.tfRef "each.value.name"; userName = lib.tfRef "each.value.name";

13
modules/nixos/services/persistance/postgesql/default.nix
View file

@ -1,14 +1,19 @@
{ config, lib, pkgs, namespace, ... }: {
let config,
lib,
pkgs,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.services.persistance.postgresql; cfg = config.${namespace}.services.persistance.postgresql;
in in {
{
options.${namespace}.services.persistance.postgresql = { options.${namespace}.services.persistance.postgresql = {
enable = mkEnableOption "Postgresql"; enable = mkEnableOption "Postgresql";
}; };
# Access db with `psql -U postgres`
config = mkIf cfg.enable { config = mkIf cfg.enable {
services = { services = {
postgresql = { postgresql = {

9
systems/x86_64-linux/ulmo/secrets.yml
View file

@ -4,7 +4,7 @@ email:
zitadel: zitadel:
masterKey: ENC[AES256_GCM,data:4MPvBo407qrS7NF4oUTf84tZoPkSRmiHdD7qpkYeHME=,iv:H2NIAN0xBUDqnyco9gA3zYAsKtSeA/JpqYrPhc1eqc0=,tag:6OFGDfsucG5gDerImgpuXA==,type:str] masterKey: ENC[AES256_GCM,data:4MPvBo407qrS7NF4oUTf84tZoPkSRmiHdD7qpkYeHME=,iv:H2NIAN0xBUDqnyco9gA3zYAsKtSeA/JpqYrPhc1eqc0=,tag:6OFGDfsucG5gDerImgpuXA==,type:str]
nix: {} nix: {}
users: ENC[AES256_GCM,data:yxdJ2PmOJXXCF2NaD1QWLSuwF9AhdIBhLiZDm4GhcTb4sA3zGTyJBw5saH6P5QAwk9ngbOgn8RH0vgeYEJ0z8VzUoCaLWK5xaqLggYgd75ewNQu7Jkh6V/oSHeVfv+6NCRoq4PckHvhBHwQQ4uToaCghUbjX6VJlFSKwSAy6laG30UMIa2Q4hTQHqgVcbjpQUJSu6/ajDz3Ap0MqhCTSOPWKZ9vWZpvRnFhLhsJrTNl0w6zlCuZcy8xqn/zZo4OEuexHr29yFFohbiD9L9CLd0N6NYDMX7eHRjjdB6Ysxfkic9JSWysma/7OwPzg/KK+pQDkNi7ciR+/cT9Gqn73IFpXPvuooe+7wxe4INfGq3iAoRIYSz8=,iv:opqL2iB3sqT+/a03tTzWphFGnwrEwdKybnj/3BNzL3U=,tag:2+CMLgKdsWpPsYrkKAP5hg==,type:str] users: ENC[AES256_GCM,data:GeuYaMNy5UICpYsJs95YCzKjtZxMQDpTTKjU9BDTTBToFir9Rn04QxNi6Wj1I3h2FcS63kbHWaP/W307kDoOQPBZrvrQMi2zSc8+/ivYGmAMhzt2kYXECKt7+YDf9cn9f3D6KV0NSh5UqlpZvDfYXSc/6q2gHOMV3bPvMEf+uxxUEf06kzLH7HpnjExgmUcOM6uVNAudf7HgJ1h/JzUzHq/XLPoVAuyj2TbaHwvRCk+YqLJZw1D+8z3MkpZsdNF57quEZfDPahg371l1wzvZMH5sfFuSzUajD3lbIGRiV0o9PpmBp4qwnU63EkFy1wqhMjXjoviPqouRyZb+fDzxkDoyMuhAYjHcIuSlAs3/5htO2CzOCQL1t6cfEGaxG5U4ocHH0b0C5wvqNG5u9NDLbP7AjBS3a9TLPfmjijNBd4xwt/eYCpDkXirv/m/PVQLvbNzzf+zDWDApldxmv5rCxTLR,iv:FqShjMhe8Yzh2RiC991mVhATYZD2rdW3m0js9gQsKC4=,tag:8P7nEFVVY32IFP9C5H4cZA==,type:str]
forgejo: forgejo:
action_runner_token: ENC[AES256_GCM,data:yJ6OnRq5kinbuhvH06K5o3l86EafuBoojMwg/qhP+cgeH+BwPeE+Ng==,iv:IeXJahPxgLNIUFmkgp495tLVh8UyQBmJ2SnVEUhlhHs=,tag:XYQi613CxSp8AQeilJMrsg==,type:str] action_runner_token: ENC[AES256_GCM,data:yJ6OnRq5kinbuhvH06K5o3l86EafuBoojMwg/qhP+cgeH+BwPeE+Ng==,iv:IeXJahPxgLNIUFmkgp495tLVh8UyQBmJ2SnVEUhlhHs=,tag:XYQi613CxSp8AQeilJMrsg==,type:str]
synapse: synapse:
@ -29,6 +29,7 @@ qbittorrent:
grafana: grafana:
oidc_id: ENC[AES256_GCM,data:NVdIgCQ6nz4BSUDJYCKyILtK,iv:tcljy9PzC/yyd7TSdngyJt+uh60uXi2PKu47czErbaQ=,tag:zE4q3dD4UQaHIpGeZ1L48Q==,type:str] oidc_id: ENC[AES256_GCM,data:NVdIgCQ6nz4BSUDJYCKyILtK,iv:tcljy9PzC/yyd7TSdngyJt+uh60uXi2PKu47czErbaQ=,tag:zE4q3dD4UQaHIpGeZ1L48Q==,type:str]
oidc_secret: ENC[AES256_GCM,data:b7qILK9ZHW2khtM1Hl/KdjCv3Wq6eOo2Ym/cbjcMB8/3Hn2UelpP4K4lFyiV3bn1/GF6Jl5Z7A0EwMybOx0InA==,iv:3HL/7BiyObwT8DmFxzNPI9CdmCH/4j/4oc9x7qBE1k0=,tag:dBhcq1zLKy6N+jp/v42R4A==,type:str] oidc_secret: ENC[AES256_GCM,data:b7qILK9ZHW2khtM1Hl/KdjCv3Wq6eOo2Ym/cbjcMB8/3Hn2UelpP4K4lFyiV3bn1/GF6Jl5Z7A0EwMybOx0InA==,iv:3HL/7BiyObwT8DmFxzNPI9CdmCH/4j/4oc9x7qBE1k0=,tag:dBhcq1zLKy6N+jp/v42R4A==,type:str]
secret_key: ENC[AES256_GCM,data:u6IRFV1D/4g+eqQIUPW0QHlkoa+MliymThp34k+QCHqQ247er4bCdgftuWsXgPAPY7DtwFVLG7Do5eBqIiii7g==,iv:FY7LIW0O5/Cp2JvYu17ctInt0rgkzjaPHfxZBs0GTac=,tag:Gtu+ZGAgsi5vzILOKDac1g==,type:str]
sabnzbd: sabnzbd:
sunnyweb: sunnyweb:
password: ENC[AES256_GCM,data:flw8AahqO1Mx,iv:Qhu8iVWMzzqy18y8dj3aHoBnSZatm74/tYvZ456l2sA=,tag:sCYBdw7kD0zJZFFr5EyPIQ==,type:str] password: ENC[AES256_GCM,data:flw8AahqO1Mx,iv:Qhu8iVWMzzqy18y8dj3aHoBnSZatm74/tYvZ456l2sA=,tag:sCYBdw7kD0zJZFFr5EyPIQ==,type:str]
@ -36,6 +37,8 @@ sabnzbd:
apikey: ENC[AES256_GCM,data:j5sPXKbBhMdNHOuoTfZ+c8nGu5JameOgK2z428iLdP01Hi6MvHVaN8Zs8YxMoSBtOjdtIEC8MS+3m1S1rU/P4pCRfZpK5ua1DBHq4l0xROUqokFWjDcAmJJv3pYXl0cQxQcGKQ==,iv:v5hu3gmO1Zn1FfXkHLPGN9f7JOcQjzoQahdqJwfM+xY=,tag:uI1LFcTgcyRgAaTJ1kzKow==,type:str] apikey: ENC[AES256_GCM,data:j5sPXKbBhMdNHOuoTfZ+c8nGu5JameOgK2z428iLdP01Hi6MvHVaN8Zs8YxMoSBtOjdtIEC8MS+3m1S1rU/P4pCRfZpK5ua1DBHq4l0xROUqokFWjDcAmJJv3pYXl0cQxQcGKQ==,iv:v5hu3gmO1Zn1FfXkHLPGN9f7JOcQjzoQahdqJwfM+xY=,tag:uI1LFcTgcyRgAaTJ1kzKow==,type:str]
whisparr: whisparr:
apikey: ENC[AES256_GCM,data:kIGCsd4mszm90PoQMzlSEBKw9Ow0GvP1qdLtwXYKkAb6b65l89v8lMWJ2X1MyD2gJX+P+Bv1F/2BSjUFXErq/UYnp4dAjwKi/ezGCbhjMutDM1FvwFWEHRnR3gjd9uXPWJ8Xhg==,iv:98aPQlcZHJovpnzACDs6RtKblLnHg6wyi+Er5DAowj8=,tag:Tl8jz/pWYWAtBCfoztKdyw==,type:str] apikey: ENC[AES256_GCM,data:kIGCsd4mszm90PoQMzlSEBKw9Ow0GvP1qdLtwXYKkAb6b65l89v8lMWJ2X1MyD2gJX+P+Bv1F/2BSjUFXErq/UYnp4dAjwKi/ezGCbhjMutDM1FvwFWEHRnR3gjd9uXPWJ8Xhg==,iv:98aPQlcZHJovpnzACDs6RtKblLnHg6wyi+Er5DAowj8=,tag:Tl8jz/pWYWAtBCfoztKdyw==,type:str]
coturn:
secret: ENC[AES256_GCM,data:5RmLZ7vQIAvIzvax8oNJkImQ6vXR+MZ2eqxaBJCBlccnFC1rP16/6UtausXVf0eWysw+fpMW5yEmUtAdyxQoPiBCK8lziAZBdkekQnAvFouBaWy8WIZt6XRa71P4xDCDGudpMiGwGGNt+R9yylez+azaLrLyJM3481RPohDMoOM=,iv:2P83lgxGtHwYr+ApAdHopVfRWagxWlC+nt53API/SiQ=,tag:Qv+A03BE1QvEqJMtORiQVA==,type:str]
sops: sops:
age: age:
- recipient: age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq - recipient: age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq
@ -56,7 +59,7 @@ sops:
TTRWaHhpNWlkVDFmMFN4ZTNHMUxyNVkKV693pzTKRkZboQCMPr9IyMGSgxfuHXcb TTRWaHhpNWlkVDFmMFN4ZTNHMUxyNVkKV693pzTKRkZboQCMPr9IyMGSgxfuHXcb
Y6BNcp6Qg6PWtX5QI7wRkPNINAK1TEbRBba+b8h6gMmVU4DliQyFiQ== Y6BNcp6Qg6PWtX5QI7wRkPNINAK1TEbRBba+b8h6gMmVU4DliQyFiQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-12-28T21:28:31Z" lastmodified: "2026-02-24T07:24:41Z"
mac: ENC[AES256_GCM,data:vkGMgBkzmA2+xRIOfgUE01XG6jvTMTpm1vWXVHdZ5xE27s2mn8i6C64t1cia0n413qlKLB3y5qcbiHdRVhdLUoZFdBgFTjfixyIXOKZeVJskjJEqg2L0wZGtYIO8Y2KrfPb925qOffr7p0NcMf4c+d6bIqxHFEGb+jR/aWDOMNo=,iv:PK1FHycgOj2wtJt1UfWEAe0mKSBVksu8KWUxljSp2oo=,tag:F/xAAxJLUDqW9Dnwgrd0Rg==,type:str] mac: ENC[AES256_GCM,data:wmTua89j8OYC4lw5nmDgKQy2A31KbI5M8jQxqNicHUEZFnDjo2aloNrpwKz5/lM5EomPvvJEAm2eyV04EmfYqKqmAXbcj2wTl4f6Afzb1X/+uABCvlaHquTXbx6lU8IyA31nHKeBspRX0mED86wrXasOsG34YJdDTa/lAKymjzk=,iv:Qea6St+3XfoVHAuWczK/rF2lEeKQBguRGpfGybdf7lA=,tag:yFufTgb7AG5dhrQH47Y0tA==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.11.0 version: 3.11.0