diff --git a/.forgejo/workflows/action.yml b/.forgejo/workflows/action.yml index 2c61087..684cfad 100644 --- a/.forgejo/workflows/action.yml +++ b/.forgejo/workflows/action.yml @@ -12,4 +12,4 @@ jobs: steps: - name: Echo run: | - nix --version + nix --version \ No newline at end of file diff --git a/.gitattributes b/.gitattributes deleted file mode 100644 index 780e15a..0000000 --- a/.gitattributes +++ /dev/null @@ -1,4 +0,0 @@ -* text=auto -core.autocrlf=false -core.eol=lf -core.filemode=false diff --git a/flake.lock b/flake.lock index 07a2120..9d38839 100644 --- a/flake.lock +++ b/flake.lock @@ -38,11 +38,11 @@ "base16-helix": { "flake": false, "locked": { - "lastModified": 1760703920, - "narHash": "sha256-m82fGUYns4uHd+ZTdoLX2vlHikzwzdu2s2rYM2bNwzw=", + "lastModified": 1752979451, + "narHash": "sha256-0CQM+FkYy0fOO/sMGhOoNL80ftsAzYCg9VhIrodqusM=", "owner": "tinted-theming", "repo": "base16-helix", - "rev": "d646af9b7d14bff08824538164af99d0c521b185", + "rev": "27cf1e66e50abc622fb76a3019012dc07c678fac", "type": "github" }, "original": { @@ -84,19 +84,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { -<<<<<<< HEAD - "lastModified": 1765033957, - "narHash": "sha256-yL5IjUOne+h6AodxxqoqwPgRy2HXle6+W4Aa2GVJruk=", - "rev": "9985ce76af367e7c9e3022c5b893418059a17491", + "lastModified": 1763547157, + "narHash": "sha256-lJcMap2uT+x1R8WUUKKQ6ndynysJ/JOkrMThMGz6DP0=", + "rev": "2cb2134a6ee32d427097077c4fb4c416b52ae988", "type": "tarball", - "url": "https://git.clan.lol/api/v1/repos/clan/clan-core/archive/9985ce76af367e7c9e3022c5b893418059a17491.tar.gz" -======= - "lastModified": 1764220269, - "narHash": "sha256-rSSmhTCjfZLZog3qO6Q5C58pINmDv8EheGUhcojxd6c=", - "rev": "c70c04d09477ceee5820a8da4d9c0d1b50eb6cc6", - "type": "tarball", - "url": "https://git.clan.lol/api/v1/repos/clan/clan-core/archive/c70c04d09477ceee5820a8da4d9c0d1b50eb6cc6.tar.gz" ->>>>>>> 122a796 (chore: update dependencies) + "url": "https://git.clan.lol/api/v1/repos/clan/clan-core/archive/2cb2134a6ee32d427097077c4fb4c416b52ae988.tar.gz" }, "original": { "type": "tarball", @@ -138,19 +130,11 @@ ] }, "locked": { -<<<<<<< HEAD - "lastModified": 1764627417, - "narHash": "sha256-D6xc3Rl8Ab6wucJWdvjNsGYGSxNjQHzRc2EZ6eeQ6l4=", + "lastModified": 1762276996, + "narHash": "sha256-TtcPgPmp2f0FAnc+DMEw4ardEgv1SGNR3/WFGH0N19M=", "owner": "nix-community", "repo": "disko", - "rev": "5a88a6eceb8fd732b983e72b732f6f4b8269bef3", -======= - "lastModified": 1764110879, - "narHash": "sha256-xanUzIb0tf3kJ+PoOFmXEXV1jM3PjkDT/TQ5DYeNYRc=", - "owner": "nix-community", - "repo": "disko", - "rev": "aecba248f9a7d68c5d1ed15de2d1c8a4c994a3c5", ->>>>>>> 122a796 (chore: update dependencies) + "rev": "af087d076d3860760b3323f6b583f4d828c1ac17", "type": "github" }, "original": { @@ -165,19 +149,11 @@ "nixpkgs": "nixpkgs" }, "locked": { -<<<<<<< HEAD - "lastModified": 1764775116, - "narHash": "sha256-S4fY3fytcqXBuOSbQjEVke2eqK9/e/6Jy3jp0JGM2X4=", + "lastModified": 1762360792, + "narHash": "sha256-YR7vqk+XEvFUQ/miuBAD3+p+97QUN86ya9Aw0K5feJE=", "owner": "emmanuelrosa", "repo": "erosanix", - "rev": "172661ccc78b1529a294eee5e99ca1616c934f37", -======= - "lastModified": 1763851335, - "narHash": "sha256-mmDc9dREBGGZW1iCB3AbMLBzsXrf48hJ+EzJ6g7Tdbk=", - "owner": "emmanuelrosa", - "repo": "erosanix", - "rev": "17407369c38ac2ade3be648666d30f6469908bdb", ->>>>>>> 122a796 (chore: update dependencies) + "rev": "9075dff5685d3e7269284e53ca496da0beb24596", "type": "github" }, "original": { @@ -194,19 +170,11 @@ "rust-analyzer-src": "rust-analyzer-src" }, "locked": { -<<<<<<< HEAD - "lastModified": 1764915802, - "narHash": "sha256-eHTucU43sRCpvvTt5eey9htcWipS7ZN3B7ts6MiXLxo=", + "lastModified": 1763534658, + "narHash": "sha256-i/51/Zi/1pM9hZxxSuA3nVPpyqlGoWwJwajyA/loOpo=", "owner": "nix-community", "repo": "fenix", - "rev": "a83a78fd3587d9f3388f0b459ad9c2bbd6d1b6d8", -======= - "lastModified": 1764226020, - "narHash": "sha256-FzUCFwXNjLnnZmVqYj/FjlBhUpat59SExflEaIGT62s=", - "owner": "nix-community", - "repo": "fenix", - "rev": "2d8176c02f7be6d13578d24d5fd5049f1b46a4c5", ->>>>>>> 122a796 (chore: update dependencies) + "rev": "69e40ddf45698d0115a62a7a15d8412f35dd4c09", "type": "github" }, "original": { @@ -222,19 +190,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { -<<<<<<< HEAD - "lastModified": 1765024561, - "narHash": "sha256-xtfg5gNfyiyBTfWwbKgatV1sPeJjEnUczHCaSWi+crY=", + "lastModified": 1763504432, + "narHash": "sha256-kpmPI67TdoTxiK7LsmgmkKW3iHoyvZJwZeiJhpwPfmw=", "owner": "nix-community", "repo": "flake-firefox-nightly", - "rev": "e6f559729459a7890f01b258c33c1025800f5dbb", -======= - "lastModified": 1764242161, - "narHash": "sha256-Yxeu6Zm85RwER/0z0fv3mX2xaBy38PZKgdAAE57huRU=", - "owner": "nix-community", - "repo": "flake-firefox-nightly", - "rev": "ca10e2ff1ec58b1a3722ccb3c052c57c5e070780", ->>>>>>> 122a796 (chore: update dependencies) + "rev": "49d5d8d42a7650e5353f8467c813839290cb7c9f", "type": "github" }, "original": { @@ -246,11 +206,11 @@ "firefox-gnome-theme": { "flake": false, "locked": { - "lastModified": 1764724327, - "narHash": "sha256-OkFLrD3pFR952TrjQi1+Vdj604KLcMnkpa7lkW7XskI=", + "lastModified": 1758112371, + "narHash": "sha256-lizRM2pj6PHrR25yimjyFn04OS4wcdbc38DCdBVa2rk=", "owner": "rafaelmardojai", "repo": "firefox-gnome-theme", - "rev": "66b7c635763d8e6eb86bd766de5a1e1fbfcc1047", + "rev": "0909cfe4a2af8d358ad13b20246a350e14c2473d", "type": "github" }, "original": { @@ -346,11 +306,11 @@ ] }, "locked": { - "lastModified": 1763759067, - "narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=", + "lastModified": 1762980239, + "narHash": "sha256-8oNVE8TrD19ulHinjaqONf9QWCKK+w4url56cdStMpM=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0", + "rev": "52a2caecc898d0b46b2b905f058ccc5081f842da", "type": "github" }, "original": { @@ -360,27 +320,6 @@ } }, "flake-parts_2": { - "inputs": { - "nixpkgs-lib": [ - "mydia", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1763759067, - "narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-parts_3": { "inputs": { "nixpkgs-lib": [ "nvf", @@ -401,7 +340,7 @@ "type": "github" } }, - "flake-parts_4": { + "flake-parts_3": { "inputs": { "nixpkgs-lib": [ "stylix", @@ -409,11 +348,11 @@ ] }, "locked": { - "lastModified": 1763759067, - "narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=", + "lastModified": 1756770412, + "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0", + "rev": "4524271976b625a4a605beefd893f270620fd751", "type": "github" }, "original": { @@ -422,7 +361,7 @@ "type": "github" } }, - "flake-parts_5": { + "flake-parts_4": { "inputs": { "nixpkgs-lib": [ "terranix", @@ -572,11 +511,11 @@ "flake": false, "locked": { "host": "gitlab.gnome.org", - "lastModified": 1764524476, - "narHash": "sha256-bTmNn3Q4tMQ0J/P0O5BfTQwqEnCiQIzOGef9/aqAZvk=", + "lastModified": 1762869044, + "narHash": "sha256-nwm/GJ2Syigf7VccLAZ66mFC8mZJFqpJmIxSGKl7+Ds=", "owner": "GNOME", "repo": "gnome-shell", - "rev": "c0e1ad9f0f703fd0519033b8f46c3267aab51a22", + "rev": "680e3d195a92203f28d4bf8c6e8bb537cc3ed4ad", "type": "gitlab" }, "original": { @@ -614,19 +553,11 @@ "rust-overlay": "rust-overlay" }, "locked": { -<<<<<<< HEAD - "lastModified": 1764617621, - "narHash": "sha256-Eq0TvWs6xhKZs5HXH1hlrNasrHD7AOEdeLkTis//X7w=", + "lastModified": 1763486183, + "narHash": "sha256-10EvBTF9ELezWg+KoKZJ3bxrPzT1Xz95ifurC6HixLY=", "owner": "himmelblau-idm", "repo": "himmelblau", - "rev": "c19494250d8c15e7c75e9301bdc271579a6dc77a", -======= - "lastModified": 1764184347, - "narHash": "sha256-xhzCn/rnBDTybHtuFV2IhCgjLMsCVpbzpEL0w//4Na8=", - "owner": "himmelblau-idm", - "repo": "himmelblau", - "rev": "9f0f6e27b6a9acdb12c4807cc1402132b21009f3", ->>>>>>> 122a796 (chore: update dependencies) + "rev": "fb27f4bee812e4b4df9df9f78bd5280f0aa2193c", "type": "github" }, "original": { @@ -642,11 +573,11 @@ ] }, "locked": { - "lastModified": 1764194569, - "narHash": "sha256-iUM9ktarEzThkayyZrzQ7oycPshAY2XRQqVKz0xX/L0=", + "lastModified": 1763416652, + "narHash": "sha256-8EBEEvtzQ11LCxpQHMNEBQAGtQiCu/pqP9zSovDSbNM=", "owner": "nix-community", "repo": "home-manager", - "rev": "9651819d75f6c7ffaf8a9227490ac704f29659f0", + "rev": "ea164b7c9ccdc2321379c2ff78fd4317b4c41312", "type": "github" }, "original": { @@ -684,11 +615,11 @@ ] }, "locked": { - "lastModified": 1764236397, - "narHash": "sha256-s/6WrJJryLI6BgphsY8l0s0UmGUg3mgkSFuvvsbN0FM=", + "lastModified": 1763453666, + "narHash": "sha256-Hu8lDUlbMFvcYX30LBXX7Gq5FbU35bERH0pSX5qHf/Q=", "owner": "Jovian-Experiments", "repo": "Jovian-NixOS", - "rev": "50026908d1501193afdcccdf7359d1a485074eda", + "rev": "b843b551415c7aecc97c8b3ab3fff26fd0cd8bbf", "type": "github" }, "original": { @@ -703,11 +634,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1764506612, - "narHash": "sha256-47a2OvGsq1AfffWQqKAGlB9GjmoVa1yXVyfZP3f3kog=", + "lastModified": 1754828166, + "narHash": "sha256-i7c+fpXVsnvj2+63Gl3YfU1hVyxbLeqeFj55ZBZACWI=", "owner": "nix-community", "repo": "lib-aggregate", - "rev": "f7208cc4a3200a2573fc566066ef4d3c041bc924", + "rev": "f01c8d121a3100230612be96e4ac668e15eafb77", "type": "github" }, "original": { @@ -731,25 +662,6 @@ "type": "github" } }, - "mydia": { - "inputs": { - "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs_5" - }, - "locked": { - "lastModified": 1764866402, - "narHash": "sha256-0NOWsPks+/vV5ZM9ti71hUPMLy3FzbEIlFI6vxARvuY=", - "owner": "chris-kruining", - "repo": "mydia", - "rev": "458fc9a21c6987d994bc7932efb6c49df25ba806", - "type": "github" - }, - "original": { - "owner": "chris-kruining", - "repo": "mydia", - "type": "github" - } - }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -758,11 +670,11 @@ ] }, "locked": { - "lastModified": 1764161084, - "narHash": "sha256-HN84sByg9FhJnojkGGDSrcjcbeioFWoNXfuyYfJ1kBE=", + "lastModified": 1763136804, + "narHash": "sha256-6p2ljK42s0S8zS0UU59EsEqupz0GVCaBYRylpUadeBM=", "owner": "nix-darwin", "repo": "nix-darwin", - "rev": "e95de00a471d07435e0527ff4db092c84998698e", + "rev": "973db96394513fd90270ea5a1211a82a4a0ba47f", "type": "github" }, "original": { @@ -797,14 +709,14 @@ "inputs": { "flake-compat": "flake-compat_3", "flake-utils": "flake-utils_3", - "nixpkgs": "nixpkgs_6" + "nixpkgs": "nixpkgs_5" }, "locked": { - "lastModified": 1764208886, - "narHash": "sha256-voOx8RsK3miw3EHw05nwuOS4ltzeH8tKJnVr+mxtTPQ=", + "lastModified": 1763171892, + "narHash": "sha256-6cg9zSiqKA89yJzVtYhBaBptqq6bX4pr4g7WLAHOD4Y=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "7da8a2d675f9cc56b3f6d654b4cccdca5016ac8e", + "rev": "316858c27d278b20e776cd4dd8f787812f587ba2", "type": "github" }, "original": { @@ -858,11 +770,11 @@ }, "nixos-facter-modules": { "locked": { - "lastModified": 1764252389, - "narHash": "sha256-3bbuneTKZBkYXlm0bE36kUjiDsasoIC1GWBw/UEJ9T4=", + "lastModified": 1762264948, + "narHash": "sha256-iaRf6n0KPl9hndnIft3blm1YTAyxSREV1oX0MFZ6Tk4=", "owner": "nix-community", "repo": "nixos-facter-modules", - "rev": "5ea68886d95218646d11d3551a476d458df00778", + "rev": "fa695bff9ec37fd5bbd7ee3181dbeb5f97f53c96", "type": "github" }, "original": { @@ -879,11 +791,11 @@ ] }, "locked": { - "lastModified": 1764234087, - "narHash": "sha256-NHF7QWa0ZPT8hsJrvijREW3+nifmF2rTXgS2v0tpcEA=", + "lastModified": 1751903740, + "narHash": "sha256-PeSkNMvkpEvts+9DjFiop1iT2JuBpyknmBUs0Un0a4I=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "032a1878682fafe829edfcf5fdfad635a2efe748", + "rev": "032decf9db65efed428afd2fa39d80f7089085eb", "type": "github" }, "original": { @@ -900,11 +812,11 @@ ] }, "locked": { - "lastModified": 1764072830, - "narHash": "sha256-ezkjlUCohD9o9c47Ey0/I4CamSS0QEORTqGvyGqMud0=", + "lastModified": 1763537456, + "narHash": "sha256-/WRqcqeE9C+mxxWgI7jy5blMrvg2lHFSlTFjC8pRWos=", "owner": "nix-community", "repo": "nixos-wsl", - "rev": "c7832dd786175e20f2697179e0e03efadffe4201", + "rev": "cd9eb5225fc91eb67629966844d2ff371824abb1", "type": "github" }, "original": { @@ -915,11 +827,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1764255304, - "narHash": "sha256-oQPux8afXmkbb88ceRtz1lgSGqL9auOgdYnBSqpVgSA=", + "lastModified": 1761828793, + "narHash": "sha256-xjdPwMD4wVuDD85U+3KST62VzFkJueI6oBwIzpzUHLY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6e86c955fc372d12face4a9c0d932a6e0f7bff4d", + "rev": "843859a08e114403f44aaf5b996b44c38094aa46", "type": "github" }, "original": { @@ -931,11 +843,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1764465291, - "narHash": "sha256-jJ/E4B9Hp7U2ZmT3E0tD1LtAfATw/xjVf8sueNyeYmc=", + "lastModified": 1754788789, + "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "e9537535ae8f4a2f78dbef0aaa0cbb6af4abd047", + "rev": "a73b9c743612e4244d865a2fdee11865283c04e6", "type": "github" }, "original": { @@ -944,29 +856,13 @@ "type": "github" } }, - "nixpkgs_10": { - "locked": { - "lastModified": 1764517877, - "narHash": "sha256-pp3uT4hHijIC8JUK5MEqeAWmParJrgBVzHLNfJDZxg4=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "2d293cbfa5a793b4c50d17c05ef9e385b90edf6c", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_2": { "locked": { - "lastModified": 1764201071, - "narHash": "sha256-ACX5IcJTSoZYBPVtgFAOHvo/FZ70n9AmaAhoeIF+O9Y=", + "lastModified": 1763469780, + "narHash": "sha256-IW67Db/wBNQwJ5e0fF9Yk4SmdivMcecrUVDs7QJoC/s=", "owner": "nixos", "repo": "nixpkgs", - "rev": "8c40e16ba896a3657226780454734265b0534f6a", + "rev": "a70b03ca5dc9d46294740f165abdef9f9bea5632", "type": "github" }, "original": { @@ -994,11 +890,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1764243589, - "narHash": "sha256-JoCEZJaU1Ex0MFG3A2DwTtu+jOCLigyXUAmlZLROBdg=", + "lastModified": 1763547551, + "narHash": "sha256-YOdXVAqEGmrPUgs71r8ziuu9qqpn3jJEiIxsIls+VQA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "57dcc6d4a389a7b6d1fb4cf20c9435f12b11f98d", + "rev": "06aa4d5f488875b6af46e10b45b8000ed0906860", "type": "github" }, "original": { @@ -1009,22 +905,6 @@ } }, "nixpkgs_5": { - "locked": { - "lastModified": 1764242076, - "narHash": "sha256-sKoIWfnijJ0+9e4wRvIgm/HgE27bzwQxcEmo2J/gNpI=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "2fad6eac6077f03fe109c4d4eb171cf96791faa4", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_6": { "locked": { "lastModified": 1748929857, "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=", @@ -1040,13 +920,13 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_6": { "locked": { - "lastModified": 1763966396, - "narHash": "sha256-6eeL1YPcY1MV3DDStIDIdy/zZCDKgHdkCmsrLJFiZf0=", + "lastModified": 1763421233, + "narHash": "sha256-Stk9ZYRkGrnnpyJ4eqt9eQtdFWRRIvMxpNRf4sIegnw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5ae3b07d8d6527c42f17c876e404993199144b6a", + "rev": "89c2b2330e733d6cdb5eae7b899326930c2c0648", "type": "github" }, "original": { @@ -1056,7 +936,7 @@ "type": "github" } }, - "nixpkgs_8": { + "nixpkgs_7": { "locked": { "lastModified": 1761880412, "narHash": "sha256-QoJjGd4NstnyOG4mm4KXF+weBzA2AH/7gn1Pmpfcb0A=", @@ -1072,13 +952,13 @@ "type": "github" } }, - "nixpkgs_9": { + "nixpkgs_8": { "locked": { - "lastModified": 1763618868, - "narHash": "sha256-v5afmLjn/uyD9EQuPBn7nZuaZVV9r+JerayK/4wvdWA=", + "lastModified": 1763191728, + "narHash": "sha256-esRhOS0APE6k40Hs/jjReXg+rx+J5LkWw7cuWFKlwYA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a8d610af3f1a5fb71e23e08434d8d61a466fc942", + "rev": "1d4c88323ac36805d09657d13a5273aea1b34f0c", "type": "github" }, "original": { @@ -1088,6 +968,22 @@ "type": "github" } }, + "nixpkgs_9": { + "locked": { + "lastModified": 1762977756, + "narHash": "sha256-4PqRErxfe+2toFJFgcRKZ0UI9NSIOJa+7RXVtBhy4KE=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "c5ae371f1a6a7fd27823bc500d9390b38c05fa55", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nur": { "inputs": { "flake-parts": [ @@ -1100,11 +996,11 @@ ] }, "locked": { - "lastModified": 1764773531, - "narHash": "sha256-mCBl7MD1WZ7yCG6bR9MmpPO2VydpNkWFgnslJRIT1YU=", + "lastModified": 1758998580, + "narHash": "sha256-VLx0z396gDCGSiowLMFz5XRO/XuNV+4EnDYjdJhHvUk=", "owner": "nix-community", "repo": "NUR", - "rev": "1d9616689e98beded059ad0384b9951e967a17fa", + "rev": "ba8d9c98f5f4630bcb0e815ab456afd90c930728", "type": "github" }, "original": { @@ -1116,17 +1012,17 @@ "nvf": { "inputs": { "flake-compat": "flake-compat_4", - "flake-parts": "flake-parts_3", + "flake-parts": "flake-parts_2", "mnw": "mnw", - "nixpkgs": "nixpkgs_8", + "nixpkgs": "nixpkgs_7", "systems": "systems_5" }, "locked": { - "lastModified": 1764904740, - "narHash": "sha256-TzqXUQlESmS5XGJ3tR1/xdoU0vySyp6YUUpmGF5F0kY=", + "lastModified": 1762622004, + "narHash": "sha256-NpzzgaoMK8aRHnndHWbYNKLcZN0r1y6icCoJvGoBsoE=", "owner": "notashelf", "repo": "nvf", - "rev": "249cabe0c5392c384c82fa9d28d3f49fbeb04266", + "rev": "09470524a214ed26633ddc2b6ec0c9bf31a8b909", "type": "github" }, "original": { @@ -1145,11 +1041,11 @@ ] }, "locked": { - "lastModified": 1763909441, - "narHash": "sha256-56LwV51TX/FhgX+5LCG6akQ5KrOWuKgcJa+eUsRMxsc=", + "lastModified": 1762784320, + "narHash": "sha256-odsk96Erywk5hs0dhArF38zb7Oe0q6LZ70gXbxAPKno=", "owner": "nix-community", "repo": "plasma-manager", - "rev": "b24ed4b272256dfc1cc2291f89a9821d5f9e14b4", + "rev": "7911a0f8a44c7e8b29d031be3149ee8943144321", "type": "github" }, "original": { @@ -1169,12 +1065,11 @@ "himmelblau": "himmelblau", "home-manager": "home-manager", "jovian": "jovian", - "mydia": "mydia", "nix-minecraft": "nix-minecraft", "nixos-boot": "nixos-boot", "nixos-generators": "nixos-generators", "nixos-wsl": "nixos-wsl", - "nixpkgs": "nixpkgs_7", + "nixpkgs": "nixpkgs_6", "nvf": "nvf", "plasma-manager": "plasma-manager", "snowfall-lib": "snowfall-lib", @@ -1187,11 +1082,11 @@ "rust-analyzer-src": { "flake": false, "locked": { - "lastModified": 1764175386, - "narHash": "sha256-LfgFqvPz3C80VjaffSjy8lLyRWfbThhB7gE7IWXHjYU=", + "lastModified": 1762860488, + "narHash": "sha256-rMfWMCOo/pPefM2We0iMBLi2kLBAnYoB9thi4qS7uk4=", "owner": "rust-lang", "repo": "rust-analyzer", - "rev": "71ddf07c1c75046df3bb496cf824de5c053d99ad", + "rev": "2efc80078029894eec0699f62ec8d5c1a56af763", "type": "github" }, "original": { @@ -1252,11 +1147,11 @@ ] }, "locked": { - "lastModified": 1764021963, - "narHash": "sha256-1m84V2ROwNEbqeS9t37/mkry23GBhfMt8qb6aHHmjuc=", + "lastModified": 1763264763, + "narHash": "sha256-N0BEoJIlJ+M6sWZJ8nnfAjGY9VLvM6MXMitRenmhBkY=", "owner": "Mic92", "repo": "sops-nix", - "rev": "c482a1c1bbe030be6688ed7dc84f7213f304f1ec", + "rev": "882e56c8293e44d57d882b800a82f8b2ee7a858f", "type": "github" }, "original": { @@ -1267,14 +1162,14 @@ }, "sops-nix_2": { "inputs": { - "nixpkgs": "nixpkgs_9" + "nixpkgs": "nixpkgs_8" }, "locked": { - "lastModified": 1764021963, - "narHash": "sha256-1m84V2ROwNEbqeS9t37/mkry23GBhfMt8qb6aHHmjuc=", + "lastModified": 1763509310, + "narHash": "sha256-s2WzTAD3vJtPACBCZXezNUMTG/wC6SFsU9DxazB9wDI=", "owner": "Mic92", "repo": "sops-nix", - "rev": "c482a1c1bbe030be6688ed7dc84f7213f304f1ec", + "rev": "3ee33c0ed7c5aa61b4e10484d2ebdbdc98afb03e", "type": "github" }, "original": { @@ -1290,9 +1185,9 @@ "base16-helix": "base16-helix", "base16-vim": "base16-vim", "firefox-gnome-theme": "firefox-gnome-theme", - "flake-parts": "flake-parts_4", + "flake-parts": "flake-parts_3", "gnome-shell": "gnome-shell", - "nixpkgs": "nixpkgs_10", + "nixpkgs": "nixpkgs_9", "nur": "nur", "systems": "systems_7", "tinted-foot": "tinted-foot", @@ -1302,11 +1197,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1764191810, - "narHash": "sha256-rofXPD/9TGpHveo1MTlUfpnF0MCG1/uHUB9f0rosdqc=", + "lastModified": 1763497248, + "narHash": "sha256-OGP6MYc+lVkLVQOTS6ORszDcCnZm7kDOGpFBdDoLd0k=", "owner": "nix-community", "repo": "stylix", - "rev": "70c444a10d0c9ef71a25580dfa79af9cd43f3a5e", + "rev": "f19ac46f6aa26188b2020ed40066a5b832be9c53", "type": "github" }, "original": { @@ -1437,7 +1332,7 @@ }, "terranix": { "inputs": { - "flake-parts": "flake-parts_5", + "flake-parts": "flake-parts_4", "nixpkgs": [ "nixpkgs" ], @@ -1493,11 +1388,11 @@ "tinted-schemes": { "flake": false, "locked": { - "lastModified": 1763914658, - "narHash": "sha256-Hju0WtMf3iForxtOwXqGp3Ynipo0EYx1AqMKLPp9BJw=", + "lastModified": 1757716333, + "narHash": "sha256-d4km8W7w2zCUEmPAPUoLk1NlYrGODuVa3P7St+UrqkM=", "owner": "tinted-theming", "repo": "schemes", - "rev": "0f6be815d258e435c9b137befe5ef4ff24bea32c", + "rev": "317a5e10c35825a6c905d912e480dfe8e71c7559", "type": "github" }, "original": { @@ -1509,11 +1404,11 @@ "tinted-tmux": { "flake": false, "locked": { - "lastModified": 1764465359, - "narHash": "sha256-lbSVPqLEk2SqMrnpvWuKYGCaAlfWFMA6MVmcOFJjdjE=", + "lastModified": 1757811970, + "narHash": "sha256-n5ZJgmzGZXOD9pZdAl1OnBu3PIqD+X3vEBUGbTi4JiI=", "owner": "tinted-theming", "repo": "tinted-tmux", - "rev": "edf89a780e239263cc691a987721f786ddc4f6aa", + "rev": "d217ba31c846006e9e0ae70775b0ee0f00aa6b1e", "type": "github" }, "original": { @@ -1525,11 +1420,11 @@ "tinted-zed": { "flake": false, "locked": { - "lastModified": 1764464512, - "narHash": "sha256-rCD/pAhkMdCx6blsFwxIyvBJbPZZ1oL2sVFrH07lmqg=", + "lastModified": 1757811247, + "narHash": "sha256-4EFOUyLj85NRL3OacHoLGEo0wjiRJzfsXtR4CZWAn6w=", "owner": "tinted-theming", "repo": "base16-zed", - "rev": "907dbba5fb8cf69ebfd90b00813418a412d0a29a", + "rev": "824fe0aacf82b3c26690d14e8d2cedd56e18404e", "type": "github" }, "original": { @@ -1567,11 +1462,11 @@ ] }, "locked": { - "lastModified": 1764217570, - "narHash": "sha256-vgqUC6lI/gW70uekA0bpNFU6yR0tcZRfLIZcxGfN76g=", + "lastModified": 1763521945, + "narHash": "sha256-Zcrafbe4niRJMbzaVOwg7+iedJhwBFttre2DpyCC6qA=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "3dc281d86044322f9182b20abbc21db8824c130a", + "rev": "24d7381b9231c23daceec5d372cc28e877f7785d", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 7ccab59..d7a7508 100644 --- a/flake.nix +++ b/flake.nix @@ -88,55 +88,49 @@ url = "https://git.clan.lol/clan/clan-core/archive/main.tar.gz"; inputs.nixpkgs.follows = "nixpkgs"; }; - - mydia = { - url = "github:chris-kruining/mydia"; - # url = "github:getmydia/mydia"; - }; }; - outputs = inputs: - inputs.snowfall-lib.mkFlake { - inherit inputs; - src = ./.; + outputs = inputs: inputs.snowfall-lib.mkFlake { + inherit inputs; + src = ./.; - snowfall = { - namespace = "sneeuwvlok"; + snowfall = { + namespace = "sneeuwvlok"; - meta = { - name = "sneeuwvlok"; - title = "Sneeuwvlok"; - }; + meta = { + name = "sneeuwvlok"; + title = "Sneeuwvlok"; }; + }; - channels-config = { - allowUnfree = true; - permittedInsecurePackages = [ - # Due to *arr stack - "dotnet-sdk-6.0.428" - "aspnetcore-runtime-6.0.36" + channels-config = { + allowUnfree = true; + permittedInsecurePackages = [ + # Due to *arr stack + "dotnet-sdk-6.0.428" + "aspnetcore-runtime-6.0.36" - # I think this is because of zen - "qtwebengine-5.15.19" + # I think this is because of zen + "qtwebengine-5.15.19" - # For Nheko, the matrix client - "olm-3.2.16" - ]; - }; - - overlays = with inputs; [ - fenix.overlays.default - nix-minecraft.overlay - flux.overlays.default - ]; - - systems.modules = with inputs; [ - clan-core.nixosModules.default - ]; - - homes.modules = with inputs; [ - stylix.homeModules.stylix - plasma-manager.homeModules.plasma-manager + # For Nheko, the matrix client + "olm-3.2.16" ]; }; + + overlays = with inputs; [ + fenix.overlays.default + nix-minecraft.overlay + flux.overlays.default + ]; + + systems.modules = with inputs; [ + clan-core.nixosModules.default + ]; + + homes.modules = with inputs; [ + stylix.homeModules.stylix + plasma-manager.homeModules.plasma-manager + ]; + }; } diff --git a/homes/x86_64-linux/chris@mandos/default.nix b/homes/x86_64-linux/chris@mandos/default.nix index ba87e73..6989314 100644 --- a/homes/x86_64-linux/chris@mandos/default.nix +++ b/homes/x86_64-linux/chris@mandos/default.nix @@ -1,11 +1,10 @@ -{osConfig, ...}: { +{ osConfig, ... }: +{ home.stateVersion = osConfig.system.stateVersion; programs.git = { - settings.user = { - name = "Chris Kruining"; - email = "chris@kruining.eu"; - }; + userName = "Chris Kruining"; + userEmail = "chris@kruining.eu"; }; sneeuwvlok = { diff --git a/homes/x86_64-linux/chris@manwe/default.nix b/homes/x86_64-linux/chris@manwe/default.nix index 0aced9b..9abe613 100644 --- a/homes/x86_64-linux/chris@manwe/default.nix +++ b/homes/x86_64-linux/chris@manwe/default.nix @@ -1,11 +1,10 @@ -{osConfig, ...}: { +{ osConfig, ... }: +{ home.stateVersion = osConfig.system.stateVersion; programs.git = { - settings.user = { - name = "Chris Kruining"; - email = "chris@kruining.eu"; - }; + userName = "Chris Kruining"; + userEmail = "chris@kruining.eu"; }; sneeuwvlok = { diff --git a/homes/x86_64-linux/chris@orome/default.nix b/homes/x86_64-linux/chris@orome/default.nix index 7a1dc43..dece506 100644 --- a/homes/x86_64-linux/chris@orome/default.nix +++ b/homes/x86_64-linux/chris@orome/default.nix @@ -1,11 +1,10 @@ -{osConfig, ...}: { +{ osConfig, ... }: +{ home.stateVersion = osConfig.system.stateVersion; programs.git = { - settings.user = { - name = "Chris Kruining"; - email = "chris@kruining.eu"; - }; + userName = "Chris Kruining"; + userEmail = "chris@kruining.eu"; }; sneeuwvlok = { diff --git a/homes/x86_64-linux/chris@tulkas/default.nix b/homes/x86_64-linux/chris@tulkas/default.nix index ba87e73..6989314 100644 --- a/homes/x86_64-linux/chris@tulkas/default.nix +++ b/homes/x86_64-linux/chris@tulkas/default.nix @@ -1,11 +1,10 @@ -{osConfig, ...}: { +{ osConfig, ... }: +{ home.stateVersion = osConfig.system.stateVersion; programs.git = { - settings.user = { - name = "Chris Kruining"; - email = "chris@kruining.eu"; - }; + userName = "Chris Kruining"; + userEmail = "chris@kruining.eu"; }; sneeuwvlok = { diff --git a/modules/home/application/onlyoffice/default.nix b/modules/home/application/onlyoffice/default.nix index 0479539..8153b68 100644 --- a/modules/home/application/onlyoffice/default.nix +++ b/modules/home/application/onlyoffice/default.nix @@ -1,20 +1,16 @@ -{ - inputs, - config, - lib, - pkgs, - namespace, - ... -}: let +{ inputs, config, lib, pkgs, namespace, ... }: +let inherit (lib) mkIf mkEnableOption; cfg = config.${namespace}.application.onlyoffice; -in { +in +{ options.${namespace}.application.onlyoffice = { enable = mkEnableOption "enable onlyoffice"; }; config = mkIf cfg.enable { - home.packages = with pkgs; [onlyoffice-desktopeditors]; + home.packages = with pkgs; [ onlyoffice-bin ]; + # fonts.packages = with pkgs; [ corefonts ]; }; } diff --git a/modules/home/application/steam/default.nix b/modules/home/application/steam/default.nix index 8c87b40..4e62c41 100644 --- a/modules/home/application/steam/default.nix +++ b/modules/home/application/steam/default.nix @@ -10,7 +10,7 @@ in }; config = mkIf cfg.enable { - home.packages = with pkgs; [ protonup-ng ]; + home.packages = with pkgs; [ protonup ]; home.sessionVariables = { STEAM_EXTRA_COMPAT_TOOLS_PATHS = "\${HOME}/.steam/root/compatibilitytools.d"; diff --git a/modules/home/application/teamspeak/default.nix b/modules/home/application/teamspeak/default.nix index d234e9a..e15bd96 100644 --- a/modules/home/application/teamspeak/default.nix +++ b/modules/home/application/teamspeak/default.nix @@ -10,6 +10,6 @@ in }; config = mkIf cfg.enable { - home.packages = with pkgs; [ teamspeak3 teamspeak6-client ]; + home.packages = with pkgs; [ teamspeak_client ]; }; } diff --git a/modules/home/shell/toolset/git/default.nix b/modules/home/shell/toolset/git/default.nix index dd138c8..299b2a6 100644 --- a/modules/home/shell/toolset/git/default.nix +++ b/modules/home/shell/toolset/git/default.nix @@ -1,14 +1,10 @@ -{ - config, - lib, - pkgs, - namespace, - ... -}: let +{ config, lib, pkgs, namespace, ... }: +let inherit (lib) mkEnableOption mkIf; cfg = config.${namespace}.shell.toolset.git; -in { +in +{ options.${namespace}.shell.toolset.git = { enable = mkEnableOption "version-control system"; }; @@ -16,7 +12,7 @@ in { config = mkIf cfg.enable { home.sessionVariables.GITHUB_TOKEN = "$(cat /run/agenix/tokenGH)"; - home.packages = with pkgs; [lazygit lazyjj jujutsu]; + home.packages = with pkgs; [ lazygit lazyjj jujutsu ]; programs = { zsh.initContent = '' @@ -33,6 +29,14 @@ in { git = { enable = true; package = pkgs.gitFull; + difftastic = { + enable = true; + options = { + background = "dark"; + color = "always"; + display = "inline"; + }; + }; ignores = [ # General: @@ -65,7 +69,7 @@ in { "*.elc" ]; - settings = { + extraConfig = { init.defaultBranch = "main"; core = { editor = "nvim"; @@ -102,16 +106,6 @@ in { }; }; }; - - difftastic = { - enable = true; - git.enable = true; - options = { - background = "dark"; - color = "always"; - display = "inline"; - }; - }; }; }; } diff --git a/modules/nixos/application/steam/default.nix b/modules/nixos/application/steam/default.nix index 735aa80..6170e8a 100644 --- a/modules/nixos/application/steam/default.nix +++ b/modules/nixos/application/steam/default.nix @@ -1,15 +1,10 @@ -{ - inputs, - config, - lib, - pkgs, - namespace, - ... -}: let +{ inputs, config, lib, pkgs, namespace, ... }: +let inherit (lib) mkIf mkEnableOption; cfg = config.${namespace}.application.steam; -in { +in +{ options.${namespace}.application.steam = { enable = mkEnableOption "enable steam"; }; @@ -18,7 +13,7 @@ in { programs = { steam = { enable = true; - package = pkgs.steam.override { + package = pkgs.steam-small.override { extraEnv = { DXVK_HUD = "compiler"; MANGOHUD = true; diff --git a/modules/nixos/services/authentication/himmelblau/default.nix b/modules/nixos/services/authentication/himmelblau/default.nix index d39d4cf..1228759 100644 --- a/modules/nixos/services/authentication/himmelblau/default.nix +++ b/modules/nixos/services/authentication/himmelblau/default.nix @@ -1,15 +1,10 @@ -{ - inputs, - lib, - config, - namespace, - ... -}: let +{ inputs, lib, config, namespace, ... }: let inherit (lib) mkEnableOption mkIf; cfg = config.${namespace}.services.authentication.himmelblau; -in { - imports = [inputs.himmelblau.nixosModules.himmelblau]; +in +{ + imports = [ inputs.himmelblau.nixosModules.himmelblau ]; options.${namespace}.services.authentication.himmelblau = { enable = mkEnableOption "enable azure entra ID authentication"; @@ -19,7 +14,7 @@ in { services.himmelblau = { enable = true; settings = { - domain = ""; + domains = []; pam_allow_groups = []; local_groups = []; }; diff --git a/modules/nixos/services/authentication/zitadel/default.nix b/modules/nixos/services/authentication/zitadel/default.nix index c0d9dc5..9a02f01 100644 --- a/modules/nixos/services/authentication/zitadel/default.nix +++ b/modules/nixos/services/authentication/zitadel/default.nix @@ -13,7 +13,7 @@ in organization = mkOption { type = types.attrsOf (types.submodule ({ name, ... }: { - options = + options = let org = name; in @@ -23,11 +23,11 @@ in default = false; example = "true"; description = '' - True sets the '${org}' org as default org for the instance. Only one org can be default org. + True sets the org as default org for the instance. Only one org can be default org. Nothing happens if you set it to false until you set another org as default org. ''; }; - + project = mkOption { default = {}; type = types.attrsOf (types.submodule { @@ -46,7 +46,7 @@ in default = null; example = "enforceProjectResourceOwnerPolicy"; description = '' - Defines from where the private labeling should be triggered, + Defines from where the private labeling should be triggered, supported values: - unspecified @@ -54,7 +54,7 @@ in - allowLoginUserResourceOwnerPolicy ''; }; - + projectRoleAssertion = mkOption { type = types.bool; default = false; @@ -63,7 +63,7 @@ in Describes if roles of user should be added in token. ''; }; - + projectRoleCheck = mkOption { type = types.bool; default = false; @@ -72,11 +72,11 @@ in ZITADEL checks if the user has at least one on this project. ''; }; - + role = mkOption { default = {}; type = types.attrsOf (types.submodule ({ name, ... }: { - options = + options = let roleName = name; in @@ -101,12 +101,12 @@ in }; })); }; - + assign = mkOption { default = {}; type = types.attrsOf (types.listOf types.str); }; - + application = mkOption { default = {}; type = types.attrsOf (types.submodule { @@ -141,8 +141,8 @@ in ''; }; - exportMap = - let + exportMap = + let strOpt = mkOption { type = types.nullOr types.str; default = null; }; in mkOption { @@ -164,11 +164,11 @@ in }; }); }; - + user = mkOption { default = {}; type = types.attrsOf (types.submodule ({ name, ... }: { - options = + options = let username = name; in @@ -226,7 +226,7 @@ in }; })); }; - + action = mkOption { default = {}; type = types.attrsOf (types.submodule ({ name, ... }: { @@ -263,7 +263,7 @@ in }; })); }; - + triggers = mkOption { default = []; type = types.listOf (types.submodule { @@ -321,20 +321,28 @@ in accessTokenType = mapEnum "OIDC_TOKEN_TYPE" value; }."${type}" or value); - toResource = name: value: nameValuePair + toResource = name: value: nameValuePair (toSnakeCase name) (lib.mapAttrs' (k: v: nameValuePair (toSnakeCase k) (mapValue k v)) value); withRef = type: name: attrs: attrs // (mapRef type name); select = keys: callback: set: - if (length keys) == 0 then + if (length keys) == 0 then mapAttrs' callback set else let key = head keys; in concatMapAttrs (k: v: select (drop 1 keys) (callback k) (v.${key} or {})) set ; append = attrList: set: set // (listToAttrs attrList); + forEach = src: key: set: + let + _key = concatMapStringsSep "_" (k: "\${item.${k}}") key; + in + { + forEach = "{ for item in ${src} : \"${_key}\" => item }"; + } + // set; config' = config; @@ -344,21 +352,7 @@ in modules = [ ({ config, lib, ... }: { - config = - let - forEach = src: key: set: - let - _key = concatMapStringsSep "_" (k: "\${item.${k}}") key; - in - { - forEach = lib.tfRef ''{ - for item in ${src} : - "''${item.org}_''${item.name}" => item - }''; - } - // set; - in - { + config = { terraform.required_providers.zitadel = { source = "zitadel/zitadel"; version = "2.2.0"; @@ -382,18 +376,18 @@ in } ] ]) "; - orgs = cfg.organization |> mapAttrs (org: _: lib.tfRef "resource.zitadel_org.${org}.id"); + orgs = cfg.organization |> mapAttrs (org: _: lib.tfRef "resource.zitadel_org.${org}.id"); }; resource = { # Organizations - zitadel_org = cfg.organization |> select [] (name: { isDefault, ... }: + zitadel_org = cfg.organization |> select [] (name: { isDefault, ... }: { inherit name isDefault; } |> toResource name ); # Projects per organization - zitadel_project = cfg.organization |> select [ "project" ] (org: name: { hasProjectCheck, privateLabelingSetting, projectRoleAssertion, projectRoleCheck, ... }: + zitadel_project = cfg.organization |> select [ "project" ] (org: name: { hasProjectCheck, privateLabelingSetting, projectRoleAssertion, projectRoleCheck, ... }: { inherit name hasProjectCheck privateLabelingSetting projectRoleAssertion projectRoleCheck; } @@ -402,7 +396,7 @@ in ); # Each OIDC app per project - zitadel_application_oidc = cfg.organization |> select [ "project" "application" ] (org: project: name: { redirectUris, grantTypes, responseTypes, ...}: + zitadel_application_oidc = cfg.organization |> select [ "project" "application" ] (org: project: name: { redirectUris, grantTypes, responseTypes, ...}: { inherit name redirectUris grantTypes responseTypes; @@ -410,41 +404,41 @@ in idTokenRoleAssertion = true; accessTokenType = "JWT"; } - |> withRef "org" org - |> withRef "project" "${org}_${project}" + |> withRef "org" org + |> withRef "project" "${org}_${project}" |> toResource "${org}_${project}_${name}" ); # Each project role - zitadel_project_role = cfg.organization |> select [ "project" "role" ] (org: project: name: value: + zitadel_project_role = cfg.organization |> select [ "project" "role" ] (org: project: name: value: { inherit (value) displayName group; roleKey = name; } - |> withRef "org" org - |> withRef "project" "${org}_${project}" + |> withRef "org" org + |> withRef "project" "${org}_${project}" |> toResource "${org}_${project}_${name}" ); # Each project role assignment zitadel_user_grant = cfg.organization |> select [ "project" "assign" ] (org: project: user: roles: { roleKeys = roles; } - |> withRef "org" org - |> withRef "project" "${org}_${project}" - |> withRef "user" "${org}_${user}" + |> withRef "org" org + |> withRef "project" "${org}_${project}" + |> withRef "user" "${org}_${user}" |> toResource "${org}_${project}_${user}" ); # Users - zitadel_human_user = - cfg.organization - |> select [ "user" ] (org: name: { email, userName, firstName, lastName, ... }: + zitadel_human_user = + cfg.organization + |> select [ "user" ] (org: name: { email, userName, firstName, lastName, ... }: { inherit email userName firstName lastName; isEmailVerified = true; - } + } |> withRef "org" org |> toResource "${org}_${name}" ) - |> append + |> append [ (forEach "local.extra_users" [ "org" "name" ] { orgId = lib.tfRef "local.orgs[each.value.org]"; @@ -452,7 +446,7 @@ in email = lib.tfRef "each.value.email"; firstName = lib.tfRef "each.value.firstName"; lastName = lib.tfRef "each.value.lastName"; - + isEmailVerified = true; } |> toResource "extraUsers") @@ -460,20 +454,20 @@ in ; # Global user roles - zitadel_instance_member = - cfg.organization + zitadel_instance_member = + cfg.organization |> filterAttrsRecursive (n: v: !(v ? "instanceRoles" && (length v.instanceRoles) == 0)) - |> select [ "user" ] (org: name: { instanceRoles, ... }: - { roles = instanceRoles; } + |> select [ "user" ] (org: name: { instanceRoles, ... }: + { roles = instanceRoles; } |> withRef "user" "${org}_${name}" |> toResource "${org}_${name}" ); # Organazation specific roles - zitadel_org_member = + zitadel_org_member = cfg.organization |> filterAttrsRecursive (n: v: !(v ? "roles" && (length v.roles) == 0)) - |> select [ "user" ] (org: name: { roles, ... }: + |> select [ "user" ] (org: name: { roles, ... }: { inherit roles; } |> withRef "org" org |> withRef "user" "${org}_${name}" @@ -481,9 +475,9 @@ in ); # Organazation's actions - zitadel_action = cfg.organization |> select [ "action" ] (org: name: { timeout, allowedToFail, script, ...}: - { - inherit allowedToFail name; + zitadel_action = cfg.organization |> select [ "action" ] (org: name: { timeout, allowedToFail, script, ...}: + { + inherit allowedToFail name; timeout = "${toString timeout}s"; script = "const ${name} = ${script}"; } @@ -492,20 +486,20 @@ in ); # Organazation's action assignments - zitadel_trigger_actions = + zitadel_trigger_actions = cfg.organization |> concatMapAttrs (org: { triggers, ... }: triggers |> imap0 (i: { flowType, triggerType, actions, ... }: (let name = "trigger_${toString i}"; in { - inherit flowType triggerType; + inherit flowType triggerType; - actionIds = - actions + actionIds = + actions |> map (action: (lib.tfRef "zitadel_action.${org}_${toSnakeCase action}.id")); - } - |> withRef "org" org - |> toResource "${org}_${name}" + } + |> withRef "org" org + |> toResource "${org}_${name}" )) |> listToAttrs ); @@ -522,7 +516,7 @@ in }; # Client credentials per app - local_sensitive_file = cfg.organization |> select [ "project" "application" ] (org: project: name: { exportMap, ... }: + local_sensitive_file = cfg.organization |> select [ "project" "application" ] (org: project: name: { exportMap, ... }: nameValuePair "${org}_${project}_${name}" { content = '' ${if exportMap.client_id != null then exportMap.client_id else "CLIENT_ID"}=${lib.tfRef "resource.zitadel_application_oidc.${org}_${project}_${name}.client_id"} @@ -536,7 +530,7 @@ in }) ]; }; - in + in mkIf cfg.enable { ${namespace}.services.persistance.postgresql.enable = true; @@ -554,12 +548,10 @@ in wantedBy = [ "multi-user.target" ]; wants = [ "zitadel.service" ]; + + script = '' + #!/usr/bin/env bash - script = - let - tofu = lib.getExe pkgs.opentofu; - in - '' if [ "$(systemctl is-active zitadel)" != "active" ]; then echo "Zitadel is not running" exit 1 @@ -572,11 +564,11 @@ in cp -f ${terraformConfiguration} config.tf.json # Initialize OpenTofu - ${tofu} init + ${lib.getExe pkgs.opentofu} init # Run the infrastructure code - ${tofu} plan -refresh=false -out=tfplan - ${tofu} apply -auto-approve tfplan + # ${lib.getExe pkgs.opentofu} plan + ${lib.getExe pkgs.opentofu} apply -auto-approve ''; serviceConfig = { @@ -636,7 +628,7 @@ in Org = { Name = "kruining"; - + Human = { UserName = "chris"; FirstName = "Chris"; @@ -647,7 +639,7 @@ in }; Password = "KaasIsAwesome1!"; }; - + Machine = { Machine = { Username = "terraform-service-user"; @@ -656,7 +648,7 @@ in MachineKey = { ExpirationDate = "2026-01-01T00:00:00Z"; Type = 1; }; # Pat = { ExpirationDate = "2026-01-01T00:00:00Z"; }; }; - + # LoginClient.Machine = { # Username = "terraform-service-user"; # Name = "Terraform"; @@ -697,7 +689,7 @@ in ''; }; }; - + networking.firewall.allowedTCPPorts = [ 80 443 ]; # Secrets diff --git a/modules/nixos/services/communication/matrix/default.nix b/modules/nixos/services/communication/matrix/default.nix index 6405932..ce92df4 100644 --- a/modules/nixos/services/communication/matrix/default.nix +++ b/modules/nixos/services/communication/matrix/default.nix @@ -1,10 +1,5 @@ -{ - config, - lib, - pkgs, - namespace, - ... -}: let +{ config, lib, pkgs, namespace, ... }: +let inherit (builtins) toString toJSON; inherit (lib) mkIf mkEnableOption; @@ -15,7 +10,8 @@ port = 4001; database = "synapse"; -in { +in +{ options.${namespace}.services.communication.matrix = { enable = mkEnableOption "Matrix server (Synapse)"; }; @@ -26,13 +22,13 @@ in { # virtualisation.podman.enable = true; }; - networking.firewall.allowedTCPPorts = [4001]; + networking.firewall.allowedTCPPorts = [ 4001 ]; services = { matrix-synapse = { enable = true; - extras = ["oidc"]; + extras = [ "oidc" ]; extraConfigFiles = [ config.sops.templates."synapse-oidc.yaml".path @@ -56,7 +52,7 @@ in { backchannel_logout_enabled = true; sso = { - client_whitelist = ["http://[::1]:9092"]; + client_whitelist = [ "http://[::1]:9092" ]; update_profile_information = true; }; @@ -79,7 +75,7 @@ in { resources = [ { - names = ["client" "federation" "openid" "metrics" "media" "health"]; + names = [ "client" "federation" "openid" "metrics" "media" "health" ]; compress = true; } ]; @@ -136,7 +132,7 @@ in { postgresql = { enable = true; - ensureDatabases = [database]; + ensureDatabases = [ database ]; ensureUsers = [ { name = database; @@ -196,7 +192,7 @@ in { localpart_template: "{{ user.preferred_username }}" display_name_template: "{{ user.name }}" ''; - restartUnits = ["matrix-synapse.service"]; + restartUnits = [ "matrix-synapse.service" ]; }; }; }; diff --git a/modules/nixos/services/development/forgejo/default.nix b/modules/nixos/services/development/forgejo/default.nix index 114726e..52f026f 100644 --- a/modules/nixos/services/development/forgejo/default.nix +++ b/modules/nixos/services/development/forgejo/default.nix @@ -1,16 +1,12 @@ -{ - config, - lib, - pkgs, - namespace, - ... -}: let +{ config, lib, pkgs, namespace, ... }: +let inherit (builtins) toString; inherit (lib) mkIf mkEnableOption mkOption; cfg = config.${namespace}.services.development.forgejo; domain = "git.amarth.cloud"; -in { +in +{ options.${namespace}.services.development.forgejo = { enable = mkEnableOption "Forgejo"; @@ -30,7 +26,7 @@ in { virtualisation.podman.enable = true; }; - environment.systemPackages = with pkgs; [forgejo]; + environment.systemPackages = with pkgs; [ forgejo ]; services = { forgejo = { @@ -145,7 +141,7 @@ in { }; }; - openssh.settings.AllowUsers = ["forgejo"]; + openssh.settings.AllowUsers = [ "forgejo" ]; gitea-actions-runner = { package = pkgs.forgejo-runner; @@ -184,26 +180,18 @@ in { }; }; - users = { - users."gitea-runner" = { - isSystemUser = true; - group = "gitea-runner"; - }; - groups."gitea-runner" = {}; - }; - sops.secrets = { "forgejo/action_runner_token" = { owner = "gitea-runner"; group = "gitea-runner"; - restartUnits = ["gitea-runner-default.service"]; + restartUnits = [ "gitea-runner-default.service" ]; }; "forgejo/email" = { owner = "forgejo"; group = "forgejo"; key = "email/chris_kruining_eu"; - restartUnits = ["forgejo.service"]; + restartUnits = [ "forgejo.service" ]; }; }; }; diff --git a/modules/nixos/services/media/default.nix b/modules/nixos/services/media/default.nix index d257aea..1950bf0 100644 --- a/modules/nixos/services/media/default.nix +++ b/modules/nixos/services/media/default.nix @@ -1,15 +1,13 @@ -{ - pkgs, - lib, - namespace, - config, - ... -}: let +{ pkgs, lib, namespace, config, inputs, system, ... }: +let inherit (lib) mkIf mkEnableOption mkOption; inherit (lib.types) str; cfg = config.${namespace}.services.media; -in { + + arr = ["radarr" ]; +in +{ options.${namespace}.services.media = { enable = mkEnableOption "Enable media services"; @@ -56,19 +54,56 @@ in { }; systemd.tmpfiles.rules = [ - # "d '${cfg.path}/series' 0770 ${cfg.user} ${cfg.group} - -" - # "d '${cfg.path}/movies' 0770 ${cfg.user} ${cfg.group} - -" - # "d '${cfg.path}/music' 0770 ${cfg.user} ${cfg.group} - -" - "d '${cfg.path}/qbittorrent' 0770 ${cfg.user} ${cfg.group} - -" - "d '${cfg.path}/sabnzbd' 0770 ${cfg.user} ${cfg.group} - -" - "d '${cfg.path}/downloads/incomplete' 0770 ${cfg.user} ${cfg.group} - -" - "d '${cfg.path}/downloads/done' 0770 ${cfg.user} ${cfg.group} - -" + "d '${cfg.path}/series' 0700 ${cfg.user} ${cfg.group} - -" + "d '${cfg.path}/movies' 0700 ${cfg.user} ${cfg.group} - -" + "d '${cfg.path}/music' 0700 ${cfg.user} ${cfg.group} - -" + "d '${cfg.path}/qbittorrent' 0700 ${cfg.user} ${cfg.group} - -" + "d '${cfg.path}/sabnzbd' 0700 ${cfg.user} ${cfg.group} - -" + "d '${cfg.path}/reiverr/config' 0700 ${cfg.user} ${cfg.group} - -" + "d '${cfg.path}/downloads/incomplete' 0700 ${cfg.user} ${cfg.group} - -" + "d '${cfg.path}/downloads/done' 0700 ${cfg.user} ${cfg.group} - -" + "d /var/lib/radarrApplyTerraform 0755 ${cfg.user} ${cfg.group} -" ]; #========================================================================= # Services #========================================================================= - services = { + services = let + arr-services = + arr + |> lib.imap (i: service: { + name = service; + value = { + enable = true; + openFirewall = true; + + environmentFiles = [ + config.sops.templates."${service}/config.env".path + ]; + + settings = { + auth.authenticationMethod = "External"; + + server = { + bindaddress = "0.0.0.0"; + port = 2000 + i; + }; + + postgres = { + host = "localhost"; + port = "5432"; + user = service; + maindb = service; + logdb = service; + }; + }; + } + // (if service != "prowlarr" then { user = cfg.user; group = cfg.group; } else {}); + }) + |> lib.listToAttrs + ; + in + arr-services // { bazarr = { enable = true; openFirewall = true; @@ -77,12 +112,6 @@ in { listenPort = 2005; }; - flaresolverr = { - enable = true; - openFirewall = true; - port = 2007; - }; - # port is harcoded in nixpkgs module jellyfin = { enable = true; @@ -91,8 +120,46 @@ in { group = cfg.group; }; - postgresql = { + flaresolverr = { enable = true; + openFirewall = true; + port = 2007; + }; + + qbittorrent = { + enable = true; + openFirewall = true; + webuiPort = 2008; + + serverConfig = { + LegalNotice.Accepted = true; + }; + + user = cfg.user; + group = cfg.group; + }; + + # port is harcoded in nixpkgs module + sabnzbd = { + enable = true; + openFirewall = true; + configFile = "${cfg.path}/sabnzbd/config.ini"; + + user = cfg.user; + group = cfg.group; + }; + + postgresql = + let + databases = arr |> lib.concatMap (s: [ s "${s}-log" ]); + in + { + enable = true; + ensureDatabases = arr; + ensureUsers = arr |> lib.map (service: { + name = service; + ensureDBOwnership = true; + }); }; caddy = { @@ -105,26 +172,136 @@ in { }; }; + systemd.services.radarrApplyTerraform = + let + # this is a nix package, the generated json file to be exact + terraformConfiguration = inputs.terranix.lib.terranixConfiguration { + inherit system; + + modules = [ + ({ config, lib, ... }: { + config = { + variable = { + api_key = { + type = "string"; + description = "Radarr api key"; + }; + }; + + terraform.required_providers.radarr = { + source = "devopsarr/radarr"; + version = "2.2.0"; + }; + + provider.radarr = { + url = "http://127.0.0.1:2001"; + api_key = lib.tfRef "var.api_key"; + }; + + resource = { + radarr_root_folder.local = { + path = "/var/media/movies"; + }; + }; + }; + }) + ]; + }; + in + { + description = "Radarr terraform apply"; + + wantedBy = [ "multi-user.target" ]; + wants = [ "radarr.service" ]; + + script = '' + #!/usr/bin/env bash + + if [ "$(systemctl is-active radarr)" != "active" ]; then + echo "Radarr is not running" + exit 1 + fi + + # Sleep for a bit to give radarr the chance to start up + sleep 5s + + # Print the path to the source for easier debugging + echo "config location: ${terraformConfiguration}" + + # Copy infra code into workspace + cp -f ${terraformConfiguration} config.tf.json + + # Initialize OpenTofu + ${lib.getExe pkgs.opentofu} init + + # Run the infrastructure code + # ${lib.getExe pkgs.opentofu} plan -var-file='${config.sops.templates."radarr/config.tfvars".path}' + ${lib.getExe pkgs.opentofu} apply -auto-approve -var-file='${config.sops.templates."radarr/config.tfvars".path}' + ''; + + serviceConfig = { + Type = "oneshot"; + User = cfg.user; + Group = cfg.group; + + WorkingDirectory = "/var/lib/radarrApplyTerraform"; + + EnvironmentFile = [ + config.sops.templates."radarr/config.env".path + ]; + }; + }; + systemd.services.jellyfin.serviceConfig.killSignal = lib.mkForce "SIGKILL"; sops = { - secrets = { - # "qbittorrent/password" = {}; - "qbittorrent/password_hash" = {}; - }; + secrets = + arr + |> lib.map (service: { + name = "${service}/apikey"; + value = { + owner = cfg.user; + group = cfg.group; + restartUnits = [ "${service}.service" ]; + }; + }) + |> lib.listToAttrs + ; - templates = { - "qbittorrent/password.conf" = { - owner = cfg.user; - group = cfg.group; - restartUnits = ["qbittorrent.service"]; - path = "${config.services.qbittorrent.profileDir}/qBittorrent/config/password.conf"; - content = '' - [Preferences] - WebUI\Password_PBKDF2="${config.sops.placeholder."qbittorrent/password_hash"}" - ''; - }; - }; + templates = + let + apikeys = + arr + |> lib.map (service: { + name = "${service}/config.env"; + value = { + owner = cfg.user; + group = cfg.group; + restartUnits = [ "${service}.service" ]; + content = '' + ${lib.toUpper service}__AUTH__APIKEY="${config.sops.placeholder."${service}/apikey"}" + ''; + }; + }) + |> lib.listToAttrs; + + tfvars = + arr + |> lib.map(service: { + name = "${service}/config.tfvars"; + value = { + owner = cfg.user; + group = cfg.group; + restartUnits = [ "${service}ApplyTerraform.service" ]; + content = '' + api_key = "${config.sops.placeholder."${service}/apikey"}" + ''; + }; + }) + |> lib.listToAttrs; + in + apikeys // tfvars + ; }; }; } diff --git a/modules/nixos/services/media/glance/default.nix b/modules/nixos/services/media/glance/default.nix deleted file mode 100644 index 333035d..0000000 --- a/modules/nixos/services/media/glance/default.nix +++ /dev/null @@ -1,183 +0,0 @@ -{ - config, - lib, - namespace, - ... -}: let - inherit (lib) mkIf mkEnableOption; - - cfg = config.${namespace}.services.media.glance; -in { - options.${namespace}.services.media.glance = { - enable = mkEnableOption "Enable Glance"; - }; - - config = mkIf cfg.enable { - services.glance = { - enable = true; - openFirewall = true; - - environmentFile = config.sops.templates."glance/secrets.env".path; - - settings = { - server = { - host = "0.0.0.0"; - port = 2000; - }; - - theme = { - # Teal city predefined theme (https://github.com/glanceapp/glance/blob/main/docs/themes.md#teal-city) - background-color = "225 14 15"; - primary-color = "157 47 65"; - contrast-multiplier = 1.1; - }; - - pages = [ - { - name = "Home"; - columns = [ - { - size = "small"; - widgets = [ - { - type = "calendar"; - first-day-of-the-week = "monday"; - } - ]; - } - - { - size = "full"; - widgets = [ - { - type = "monitor"; - cache = "1m"; - title = "Services"; - sites = [ - { - title = "Zitadel"; - url = "https://auth.kruining.eu"; - icon = "sh:zitadel"; - } - { - title = "Forgejo"; - url = "https://git.amarth.cloud/chris"; - icon = "sh:forgejo"; - } - { - title = "Vaultwarden"; - url = "https://vault.kruining.eu"; - icon = "sh:vaultwarden"; - } - ]; - } - { - type = "monitor"; - cache = "1m"; - title = "Observability"; - sites = [ - { - title = "Grafana"; - url = "http://${config.networking.hostName}:${builtins.toString config.services.grafana.settings.server.http_port}"; - icon = "sh:grafana"; - } - { - title = "Prometheus"; - url = "http://${config.networking.hostName}:${builtins.toString config.services.prometheus.port}"; - icon = "sh:prometheus"; - } - ]; - } - { - type = "monitor"; - cache = "1m"; - title = "Media"; - sites = [ - { - title = "Jellyfin"; - url = "http://${config.networking.hostName}:8096"; - icon = "sh:jellyfin"; - } - { - title = "Radarr"; - url = "http://${config.networking.hostName}:2001"; - icon = "sh:radarr"; - } - { - title = "Sonarr"; - url = "http://${config.networking.hostName}:2002"; - icon = "sh:sonarr"; - } - { - title = "Lidarr"; - url = "http://${config.networking.hostName}:2003"; - icon = "sh:lidarr"; - } - { - title = "Prowlarr"; - url = "http://${config.networking.hostName}:2004"; - icon = "sh:prowlarr"; - } - { - title = "qBittorrent"; - url = "http://${config.networking.hostName}:${builtins.toString config.services.qbittorrent.webuiPort}"; - icon = "sh:qbittorrent"; - } - { - title = "SABnzbd"; - url = "http://${config.networking.hostName}:8080"; - icon = "sh:sabnzbd"; - } - ]; - } - { - type = "videos"; - channels = [ - "UCXuqSBlHAE6Xw-yeJA0Tunw" # Linus Tech Tips - "UCR-DXc1voovS8nhAvccRZhg" # Jeff Geerling - "UCsBjURrPoezykLs9EqgamOA" # Fireship - "UCBJycsmduvYEL83R_U4JriQ" # Marques Brownlee - "UCHnyfMqiRRG1u-2MsSQLbXA" # Veritasium - ]; - } - ]; - } - - { - size = "small"; - widgets = [ - { - type = "weather"; - location = "Amsterdam, The Netherlands"; - units = "metric"; - hour-format = "24h"; - } - - { - type = "server-stats"; - servers = [ - { - type = "local"; - name = "Ulmo"; - } - ]; - } - ]; - } - ]; - } - ]; - }; - }; - - sops.templates."glance/secrets.env" = { - # owner = config.services.glance.user; - # group = config.services.glance.group; - content = '' - RADARR_KEY="${config.sops.placeholder."radarr/apikey"}" - SONARR_KEY="${config.sops.placeholder."sonarr/apikey"}" - LIDARR_KEY="${config.sops.placeholder."lidarr/apikey"}" - ''; - }; - }; -} diff --git a/modules/nixos/services/media/homer/default.nix b/modules/nixos/services/media/homer/default.nix new file mode 100644 index 0000000..79633ab --- /dev/null +++ b/modules/nixos/services/media/homer/default.nix @@ -0,0 +1,161 @@ +{ config, lib, namespace, ... }: +let + inherit (lib) mkIf mkEnableOption; + + cfg = config.${namespace}.services.media.homer; +in +{ + options.${namespace}.services.media.homer = { + enable = mkEnableOption "Enable homer"; + }; + + config = mkIf cfg.enable { + networking.firewall.allowedTCPPorts = [ 2000 ]; + + services = { + homer = { + enable = true; + + virtualHost = { + caddy.enable = true; + domain = "http://:2000"; + }; + + settings = { + title = "Ulmo dashboard"; + + columns = 4; + connectivityCheck = true; + + links = []; + + services = [ + { + name = "Services"; + items = [ + { + name = "Zitadel"; + logo = "https://cdn.jsdelivr.net/gh/selfhst/icons/svg/zitadel.svg"; + tag = "app"; + url = "https://auth.kruining.eu"; + target = "_blank"; + } + + { + name = "Forgejo"; + logo = "https://cdn.jsdelivr.net/gh/selfhst/icons/svg/forgejo.svg"; + tag = "app"; + type = "Gitea"; + url = "https://git.amarth.cloud"; + target = "_blank"; + } + + { + name = "Vaultwarden"; + logo = "https://cdn.jsdelivr.net/gh/selfhst/icons/svg/vaultwarden.svg"; + type = "Vaultwarden"; + tag = "app"; + url = "https://vault.kruining.eu"; + target = "_blank"; + } + ]; + } + + { + name = "Observability"; + items = [ + { + name = "Grafana"; + type = "Grafana"; + logo = "https://cdn.jsdelivr.net/gh/selfhst/icons/svg/grafana.svg"; + tag = "app"; + url = "http://${config.networking.hostName}:${builtins.toString config.services.grafana.settings.server.http_port}"; + target = "_blank"; + } + + { + name = "Prometheus"; + type = "Prometheus"; + logo = "https://cdn.jsdelivr.net/gh/selfhst/icons/svg/prometheus.svg"; + tag = "app"; + url = "http://${config.networking.hostName}:${builtins.toString config.services.prometheus.port}"; + target = "_blank"; + } + ]; + } + + { + name = "Media"; + items = [ + { + name = "Jellyfin (Movies)"; + logo = "https://cdn.jsdelivr.net/gh/selfhst/icons/svg/jellyfin.svg"; + tag = "app"; + type = "Emby"; + url = "http://${config.networking.hostName}:8096"; + apikey = "e3ceed943eeb409ba8342738db7cc1f5"; + libraryType = "movies"; + target = "_blank"; + } + + { + name = "Radarr"; + type = "Radarr"; + logo = "https://cdn.jsdelivr.net/gh/selfhst/icons/svg/radarr.svg"; + tag = "app"; + url = "http://${config.networking.hostName}:2001"; + target = "_blank"; + } + + { + name = "Sonarr"; + type = "Sonarr"; + logo = "https://cdn.jsdelivr.net/gh/selfhst/icons/svg/sonarr.svg"; + tag = "app"; + url = "http://${config.networking.hostName}:2002"; + target = "_blank"; + } + + { + name = "Lidarr"; + type = "Lidarr"; + logo = "https://cdn.jsdelivr.net/gh/selfhst/icons/svg/lidarr.svg"; + tag = "app"; + url = "http://${config.networking.hostName}:2003"; + target = "_blank"; + } + + { + name = "Prowlarr"; + type = "Prowlarr"; + logo = "https://cdn.jsdelivr.net/gh/selfhst/icons/svg/prowlarr.svg"; + tag = "app"; + url = "http://${config.networking.hostName}:2004"; + target = "_blank"; + } + + { + name = "qBittorrent"; + type = "qBittorrent"; + logo = "https://cdn.jsdelivr.net/gh/selfhst/icons/svg/qbittorrent.svg"; + tag = "app"; + url = "http://${config.networking.hostName}:${builtins.toString config.services.qbittorrent.webuiPort}"; + target = "_blank"; + } + + { + name = "SABnzbd"; + type = "SABnzbd"; + logo = "https://cdn.jsdelivr.net/gh/selfhst/icons/svg/sabnzdb-light.svg"; + tag = "app"; + url = "http://${config.networking.hostName}:8080"; + target = "_blank"; + } + ]; + } + ]; + }; + }; + }; + }; +} diff --git a/modules/nixos/services/media/mydia/default.nix b/modules/nixos/services/media/mydia/default.nix deleted file mode 100644 index 2bee38a..0000000 --- a/modules/nixos/services/media/mydia/default.nix +++ /dev/null @@ -1,86 +0,0 @@ -{ - config, - lib, - namespace, - inputs, - system, - ... -}: let - inherit (lib) mkIf mkEnableOption; - - cfg = config.${namespace}.services.media.mydia; -in { - imports = [ - inputs.mydia.nixosModules.default - ]; - - options.${namespace}.services.media.mydia = { - enable = mkEnableOption "Enable Mydia"; - }; - - config = mkIf cfg.enable { - services.mydia = { - enable = true; - - port = 2010; - listenAddress = "0.0.0.0"; - openFirewall = true; - - mediaLibraries = [ - "/var/mydia/movies" - "/var/mydia/series" - ]; - - database = { - # type = "sqlite"; - # uri = "file:///var/lib/mydia/mydia.db"; - type = "postgres"; - uri = "postgres://mydia@localhost:5432/mydia?sslmode=disable"; - passwordFile = config.sops.secrets."mydia/qbittorrent_password".path; - }; - - secretKeyBaseFile = config.sops.secrets."mydia/secret_key_base".path; - guardianSecretKeyFile = config.sops.secrets."mydia/guardian_secret".path; - - oidc = { - enable = true; - issuer = "https://auth.kruining.eu"; - clientIdFile = config.sops.secrets."mydia/oidc_id".path; - clientSecretFile = config.sops.secrets."mydia/oidc_secret".path; - scopes = ["openid" "profile" "email"]; - }; - - downloadClients = { - qbittorrent = { - type = "qbittorrent"; - host = "localhost"; - port = 2008; - username = "admin"; - passwordFile = config.sops.secrets."mydia/qbittorrent_password".path; - useSsl = false; - }; - }; - }; - - sops.secrets = let - base = - ["secret_key_base" "guardian_secret" "oidc_id" "oidc_secret"] - |> lib.map (name: - lib.nameValuePair "mydia/${name}" { - owner = config.services.mydia.user; - group = config.services.mydia.group; - restartUnits = ["mydia.service"]; - }) - |> lib.listToAttrs; - in - base - // { - "mydia/qbittorrent_password" = { - owner = config.services.mydia.user; - group = config.services.mydia.group; - restartUnits = ["mydia.service"]; - key = "qbittorrent/password"; - }; - }; - }; -} diff --git a/modules/nixos/services/media/servarr/default.nix b/modules/nixos/services/media/servarr/default.nix index 373e09b..097a36b 100644 --- a/modules/nixos/services/media/servarr/default.nix +++ b/modules/nixos/services/media/servarr/default.nix @@ -1,20 +1,14 @@ -{ - pkgs, - config, - lib, - namespace, - inputs, - system, - ... -}: let +{ pkgs, config, lib, namespace, inputs, system, ... }: +let inherit (builtins) toString; inherit (lib) mkIf mkEnableOption mkOption types; cfg = config.${namespace}.services.media.servarr; -in { +in +{ options.${namespace}.services.media = { servarr = mkOption { - type = types.attrsOf (types.submodule ({name, ...}: { + type = types.attrsOf (types.submodule ({ name, ... }: { options = { enable = mkEnableOption "Enable ${name}"; debug = mkEnableOption "Use tofu plan instead of tofu apply for ${name} "; @@ -34,106 +28,61 @@ in { }; config = { - services = + services = cfg - |> lib.mapAttrsToList (service: { - enable, - port, - ... - }: (mkIf enable { - "${service}" = - { - enable = true; - openFirewall = true; + |> lib.mapAttrsToList (service: { enable, port, ... }: (mkIf enable { + "${service}" = { + enable = true; + openFirewall = true; - environmentFiles = [ - config.sops.templates."${service}/config.env".path - ]; + environmentFiles = [ + config.sops.templates."${service}/config.env".path + ]; - settings = { - auth.authenticationMethod = "External"; + settings = { + auth.authenticationMethod = "External"; - server = { - bindaddress = "0.0.0.0"; - port = port; - }; - - postgres = { - host = "localhost"; - port = "5432"; - user = service; - maindb = service; - logdb = service; - }; + server = { + bindaddress = "0.0.0.0"; + port = port; }; - } - // (lib.optionalAttrs (service != "prowlarr") { - user = service; - group = "media"; - }); + + postgres = { + host = "localhost"; + port = "5432"; + user = service; + maindb = service; + logdb = service; + }; + }; + }; })) - |> lib.mkMerge - |> (set: - set - // { - qbittorrent = { - enable = true; - openFirewall = true; - webuiPort = 2008; + |> lib.mergeAttrsList + |> (set: set // { + postgres = { + ensureDatabases = cfg |> lib.attrNames; + ensureUsers = cfg |> lib.attrNames |> lib.map (service: { + name = service; + ensureDBOwnership = true; + }); + }; + }) + ; - serverConfig = { - LegalNotice.Accepted = true; - - Prefecences.WebUI = { - Username = "admin"; - }; - }; - - user = "qbittorrent"; - group = "media"; - }; - - # port is harcoded in nixpkgs module - sabnzbd = { - enable = true; - openFirewall = true; - configFile = "${cfg.path}/sabnzbd/config.ini"; - - user = "sabnzbd"; - group = "media"; - }; - - postgresql = { - ensureDatabases = cfg |> lib.attrNames; - ensureUsers = - cfg - |> lib.attrNames - |> lib.map (service: { - name = service; - ensureDBOwnership = true; - }); - }; - }); - - systemd.services = + systemd = cfg - |> lib.mapAttrsToList (service: { - enable, - debug, - port, - rootFolders, - ... - }: (mkIf enable { - "${service}ApplyTerraform" = let + |> lib.mapAttrsToList (service: { enable, debug, port, rootFolders, ... }: (mkIf enable { + tmpfiles.rules = [ + "d /var/lib/${service}ApplyTerraform 0755 ${service} ${service} -" + ]; + + services."${service}ApplyTerraform" = + let terraformConfiguration = inputs.terranix.lib.terranixConfiguration { inherit system; modules = [ - ({ - config, - lib, - ... - }: { + ({ config, lib, ... }: { config = { variable = { api_key = { @@ -144,17 +93,7 @@ in { terraform.required_providers.${service} = { source = "devopsarr/${service}"; - version = - { - radarr = "2.3.3"; - sonarr = "3.4.0"; - prowlarr = "3.1.0"; - lidarr = "1.13.0"; - readarr = "2.1.0"; - whisparr = "1.2.0"; - }.${ - service - }; + version = "2.2.0"; }; provider.${service} = { @@ -163,32 +102,26 @@ in { }; resource = { - "${service}_root_folder" = mkIf (lib.elem service ["radarr" "sonarr" "whisparr"]) ( + "${service}_root_folder" = rootFolders - |> lib.imap (i: f: lib.nameValuePair "local${toString i}" {path = f;}) + |> lib.imap (i: f: lib.nameValuePair "local${toString i}" { path = f; }) |> lib.listToAttrs - ); + ; }; }; }) ]; }; - in { + in + { description = "${service} terraform apply"; - wantedBy = ["multi-user.target"]; - wants = ["${service}.service"]; - - preStart = '' - install -d -m 0770 -o ${service} -g media /var/lib/${service}ApplyTerraform - ${ - rootFolders - |> lib.map (folder: "install -d -m 0770 -o media -g media ${folder}") - |> lib.join "\n" - } - ''; - + wantedBy = [ "multi-user.target" ]; + wants = [ "${service}.service" ]; + script = '' + #!/usr/bin/env bash + # Sleep for a bit to give the service a chance to start up sleep 5s @@ -204,22 +137,18 @@ in { cp -f ${terraformConfiguration} config.tf.json # Initialize OpenTofu - ${lib.getExe pkgs.opentofu} init -upgrade + ${lib.getExe pkgs.opentofu} init # Run the infrastructure code ${lib.getExe pkgs.opentofu} \ - ${ - if debug - then "plan" - else "apply -auto-approve" - } \ + ${if debug then "plan" else "apply -auto-approve"} \ -var-file='${config.sops.templates."${service}/config.tfvars".path}' ''; serviceConfig = { Type = "oneshot"; User = service; - Group = "media"; + Group = service; WorkingDirectory = "/var/lib/${service}ApplyTerraform"; @@ -229,34 +158,31 @@ in { }; }; })) - |> lib.mkMerge; + |> lib.mergeAttrsList + ; - users = + users.users = cfg - |> lib.mapAttrsToList (service: {enable, ...}: (mkIf enable { - users.${service} = { - isSystemUser = true; - group = lib.mkDefault service; - extraGroups = ["media"]; - }; - groups.${service} = {}; + |> lib.mapAttrsToList (service: { enable, ... }: (mkIf enable { + "${service}".extraGroups = [ "media" ]; })) - |> lib.mkMerge; + |> lib.mergeAttrsList + ; - sops = + sops = cfg - |> lib.mapAttrsToList (service: {enable, ...}: (mkIf enable { + |> lib.mapAttrsToList (service: { enable, ... }: (mkIf enable { secrets."${service}/apikey" = { owner = service; - group = "media"; - restartUnits = ["${service}.service"]; + group = service; + restartUnits = [ "${service}.service" ]; }; templates = { "${service}/config.env" = { owner = service; - group = "media"; - restartUnits = ["${service}.service"]; + group = service; + restartUnits = [ "${service}.service" ]; content = '' ${lib.toUpper service}__AUTH__APIKEY="${config.sops.placeholder."${service}/apikey"}" ''; @@ -264,14 +190,25 @@ in { "${service}/config.tfvars" = { owner = service; - group = "media"; - restartUnits = ["${service}.service"]; + group = service; + restartUnits = [ "${service}.service" ]; content = '' api_key = "${config.sops.placeholder."${service}/apikey"}" ''; }; }; })) - |> lib.mkMerge; + |> lib.mergeAttrsList + ; }; + + + # cfg + # |> lib.mapAttrsToList (service: { enable, debug, port, rootFolders, ... }: (mkIf enable { + + # # sops = { + # # }; + # })) + # |> lib.mergeAttrsList + # ; } diff --git a/modules/nixos/services/security/vaultwarden/default.nix b/modules/nixos/services/security/vaultwarden/default.nix index 07f7058..abab566 100644 --- a/modules/nixos/services/security/vaultwarden/default.nix +++ b/modules/nixos/services/security/vaultwarden/default.nix @@ -1,31 +1,25 @@ -{ - pkgs, - config, - lib, - namespace, - ... -}: let +{ pkgs, config, lib, namespace, ... }: +let inherit (builtins) toString; inherit (lib) mkIf mkEnableOption mkOption types getAttrs toUpper concatMapAttrsStringSep; cfg = config.${namespace}.services.security.vaultwarden; - databaseProviderSqlite = types.submodule ({...}: { + databaseProviderSqlite = types.submodule ({ ... }: { options = { type = mkOption { - type = types.enum ["sqlite"]; + type = types.enum [ "sqlite" ]; }; file = mkOption { - type = types.path; - description = '' - Path to sqlite database file. - ''; + type = types.str; + description = ''''; }; }; }); - databaseProviderPostgresql = types.submodule ({...}: let + databaseProviderPostgresql = types.submodule ({ ... }: + let urlOptions = lib.${namespace}.options.mkUrlOptions { host = { description = '' @@ -46,36 +40,36 @@ example = "postgres"; }; }; - in { - options = - { - type = mkOption { - type = types.enum ["postgresql"]; - }; + in + { + options = { + type = mkOption { + type = types.enum [ "postgresql" ]; + }; - sslMode = mkOption { - type = types.enum ["verify-ca" "verify-full" "require" "prefer" "allow" "disabled"]; - default = "verify-full"; - example = "verify-ca"; - description = '' - How to verify the server's ssl + sslMode = mkOption { + type = types.enum [ "verify-ca" "verify-full" "require" "prefer" "allow" "disabled" ]; + default = "verify-full"; + example = "verify-ca"; + description = '' + How to verify the server's ssl - | mode | eavesdropping protection | MITM protection | Statement | - |-------------|--------------------------|----------------------|---------------------------------------------------------------------------------------------------------------------------------------------| - | disable | No | No | I don't care about security, and I don't want to pay the overhead of encryption. | - | allow | Maybe | No | I don't care about security, but I will pay the overhead of encryption if the server insists on it. | - | prefer | Maybe | No | I don't care about encryption, but I wish to pay the overhead of encryption if the server supports it. | - | require | Yes | No | I want my data to be encrypted, and I accept the overhead. I trust that the network will make sure I always connect to the server I want. | - | verify-ca | Yes | Depends on CA policy | I want my data encrypted, and I accept the overhead. I want to be sure that I connect to a server that I trust. | - | verify-full | Yes | Yes | I want my data encrypted, and I accept the overhead. I want to be sure that I connect to a server I trust, and that it's the one I specify. | - - [Source](https://www.postgresql.org/docs/current/libpq-ssl.html#LIBPQ-SSL-SSLMODE-STATEMENTS) - ''; - }; - } - // (urlOptions |> getAttrs ["protocol" "host" "port"]); + | mode | eavesdropping protection | MITM protection | Statement | + |-------------|--------------------------|----------------------|---------------------------------------------------------------------------------------------------------------------------------------------| + | disable | No | No | I don't care about security, and I don't want to pay the overhead of encryption. | + | allow | Maybe | No | I don't care about security, but I will pay the overhead of encryption if the server insists on it. | + | prefer | Maybe | No | I don't care about encryption, but I wish to pay the overhead of encryption if the server supports it. | + | require | Yes | No | I want my data to be encrypted, and I accept the overhead. I trust that the network will make sure I always connect to the server I want. | + | verify-ca | Yes | Depends on CA policy | I want my data encrypted, and I accept the overhead. I want to be sure that I connect to a server that I trust. | + | verify-full | Yes | Yes | I want my data encrypted, and I accept the overhead. I want to be sure that I connect to a server I trust, and that it's the one I specify. | + + [Source](https://www.postgresql.org/docs/current/libpq-ssl.html#LIBPQ-SSL-SSLMODE-STATEMENTS) + ''; + }; + } // (urlOptions |> getAttrs [ "protocol" "host" "port" ]); }); -in { +in +{ options.${namespace}.services.security.vaultwarden = { enable = mkEnableOption "enable vaultwarden"; @@ -142,7 +136,7 @@ in { postgresql = { enable = true; - ensureDatabases = ["vaultwarden"]; + ensureDatabases = [ "vaultwarden" ]; ensureUsers = [ { name = "vaultwarden"; @@ -177,7 +171,7 @@ in { owner = config.users.users.vaultwarden.name; group = config.users.users.vaultwarden.name; key = "email/chris_kruining_eu"; - restartUnits = ["vaultwarden.service"]; + restartUnits = [ "vaultwarden.service" ]; }; }; @@ -189,31 +183,34 @@ in { owner = config.users.users.vaultwarden.name; group = config.users.groups.vaultwarden.name; }; - temp-db-output.content = let - config = - cfg.database - |> ( - {type, ...} @ db: - if type == "sqlite" - then {inherit (db) type file;} - else if type == "postgresql" - then { - inherit (db) type; - url = lib.${namespace}.strings.toUrl { - inherit (db) protocol host port; - path = "vaultwarden"; - query = { - sslmode = db.sslMode; + temp-db-output.content = + let + config = + cfg.database + |> ({ type, ... }@db: + if type == "sqlite" then + { inherit (db) type file; } + else if type == "postgresql" then + { + inherit (db) type; + url = lib.${namespace}.strings.toUrl { + inherit (db) protocol host port; + path = "vaultwarden"; + query = { + sslmode = db.sslMode; + }; }; - }; - } - else {} - ) - |> concatMapAttrsStringSep "\n" (n: v: "${toUpper n}=${v}"); - in '' - # GENERATED VALUES - ${config} - ''; + } + else + {} + ) + |> concatMapAttrsStringSep "\n" (n: v: "${toUpper n}=${v}") + ; + in + '' + # GENERATED VALUES + ${config} + ''; }; }; }; diff --git a/modules/nixos/shells/default.nix b/modules/nixos/shells/default.nix index ea8f50d..6b5c058 100644 --- a/modules/nixos/shells/default.nix +++ b/modules/nixos/shells/default.nix @@ -1,2 +1,2 @@ -{...}: { -} +{ ... }: +{} \ No newline at end of file diff --git a/shells/default/default.nix b/shells/default/default.nix index 5bd5b5f..1749c48 100644 --- a/shells/default/default.nix +++ b/shells/default/default.nix @@ -1,10 +1,5 @@ -{ - mkShell, - inputs, - pkgs, - stdenv, - ... -}: +{ mkShell, inputs, pkgs, ... }: + mkShell { packages = with pkgs; [ bash @@ -12,10 +7,6 @@ mkShell { just yq pwgen - alejandra - nil - nixd - openssl - inputs.clan-core.packages.${stdenv.hostPlatform.system}.clan-cli + inputs.clan-core.packages.x86_64-linux.clan-cli ]; -} +} \ No newline at end of file diff --git a/systems/x86_64-linux/ulmo/default.nix b/systems/x86_64-linux/ulmo/default.nix index e8602b5..cb8f9cc 100644 --- a/systems/x86_64-linux/ulmo/default.nix +++ b/systems/x86_64-linux/ulmo/default.nix @@ -1,4 +1,5 @@ -{...}: { +{ ... }: +{ imports = [ ./disks.nix ./hardware.nix @@ -7,10 +8,7 @@ networking = { interfaces.enp2s0 = { ipv6.addresses = [ - { - address = "2a0d:6e00:1dc9:0::dead:beef"; - prefixLength = 64; - } + { address = "2a0d:6e00:1dc9:0::dead:beef"; prefixLength = 64; } ]; useDHCP = true; @@ -41,7 +39,7 @@ sneeuwvlok = { services = { backup.borg.enable = true; - + authentication.zitadel = { enable = true; @@ -53,8 +51,8 @@ firstName = "Chris"; lastName = "Kruining"; - roles = ["ORG_OWNER"]; - instanceRoles = ["IAM_OWNER"]; + roles = [ "ORG_OWNER" ]; + instanceRoles = [ "IAM_OWNER" ]; }; kaas = { @@ -80,27 +78,27 @@ }; assign = { - chris = ["jellyfin" "jellyfin_admin"]; - kaas = ["jellyfin"]; + chris = [ "jellyfin" "jellyfin_admin" ]; + kaas = [ "jellyfin" ]; }; application = { jellyfin = { - redirectUris = ["https://jellyfin.kruining.eu/sso/OID/redirect/zitadel"]; - grantTypes = ["authorizationCode"]; - responseTypes = ["code"]; + redirectUris = [ "https://jellyfin.kruining.eu/sso/OID/redirect/zitadel" ]; + grantTypes = [ "authorizationCode" ]; + responseTypes = [ "code" ]; }; forgejo = { - redirectUris = ["https://git.amarth.cloud/user/oauth2/zitadel/callback"]; - grantTypes = ["authorizationCode"]; - responseTypes = ["code"]; + redirectUris = [ "https://git.amarth.cloud/user/oauth2/zitadel/callback" ]; + grantTypes = [ "authorizationCode" ]; + responseTypes = [ "code" ]; }; vaultwarden = { - redirectUris = ["https://vault.kruining.eu/identity/connect/oidc-signin"]; - grantTypes = ["authorizationCode"]; - responseTypes = ["code"]; + redirectUris = [ "https://vault.kruining.eu/identity/connect/oidc-signin" ]; + grantTypes = [ "authorizationCode" ]; + responseTypes = [ "code" ]; exportMap = { client_id = "SSO_CLIENT_ID"; client_secret = "SSO_CLIENT_SECRET"; @@ -108,15 +106,9 @@ }; matrix = { - redirectUris = ["https://matrix.kruining.eu/_synapse/client/oidc/callback"]; - grantTypes = ["authorizationCode"]; - responseTypes = ["code"]; - }; - - mydia = { - redirectUris = ["http://localhost:2010/auth/oidc/callback"]; - grantTypes = ["authorizationCode"]; - responseTypes = ["code"]; + redirectUris = [ "https://matrix.kruining.eu/_synapse/client/oidc/callback" ]; + grantTypes = [ "authorizationCode" ]; + responseTypes = [ "code" ]; }; }; }; @@ -129,9 +121,9 @@ if (ctx.v1.user.grants == undefined || ctx.v1.user.grants.count == 0) { return; } - + const roles = ctx.v1.user.grants.grants.flatMap(({ roles, projectId }) => roles.map(role => projectId + ':' + role)); - + api.v1.claims.setClaim('nix:zitadel:custom', JSON.stringify({ roles })); }; ''; @@ -139,16 +131,8 @@ }; triggers = [ - { - flowType = "customiseToken"; - triggerType = "preUserinfoCreation"; - actions = ["flattenRoles"]; - } - { - flowType = "customiseToken"; - triggerType = "preAccessTokenCreation"; - actions = ["flattenRoles"]; - } + { flowType = "customiseToken"; triggerType = "preUserinfoCreation"; actions = [ "flattenRoles" ]; } + { flowType = "customiseToken"; triggerType = "preAccessTokenCreation"; actions = [ "flattenRoles" ]; } ]; }; }; @@ -161,17 +145,12 @@ networking.ssh.enable = true; media.enable = true; - media.glance.enable = true; - media.mydia.enable = true; + media.homer.enable = true; media.nfs.enable = true; media.servarr = { - radarr = { - enable = true; - port = 2001; - rootFolders = [ - "/var/media/movies" - ]; - }; + # radarr = { + # port = 2001; + # }; sonarr = { enable = true; @@ -213,7 +192,7 @@ database = { # type = "sqlite"; # file = "/var/lib/vaultwarden/state.db"; - + type = "postgresql"; host = "localhost"; port = 5432; diff --git a/systems/x86_64-linux/ulmo/secrets.yml b/systems/x86_64-linux/ulmo/secrets.yml index 086d86d..7a26401 100644 --- a/systems/x86_64-linux/ulmo/secrets.yml +++ b/systems/x86_64-linux/ulmo/secrets.yml @@ -19,14 +19,6 @@ lidarr: apikey: ENC[AES256_GCM,data:I2eKaxidmxem7C7ukmyIfwASNqrkS4vEOiCcU5kSNY6DR0pXsYg0PBdgu8vzK6llbXODLdG5t55BordIWvVRJGAauo0FMvtp59NSNpza7cK68tdKGvNefD6bqhUIR06BY11niQ==,iv:48AD7cd17TlWY5yAagepLOIVwgxhD/d13Pnup6GsWDA=,tag:teOVtW8opE99hqAXQwvlrA==,type:str] prowlarr: apikey: ENC[AES256_GCM,data:pyZ2WGEs/PlIdhDsQq2TPGJbplkd5fLF0ZkBjITqIJlnAzYHb+rl+KOM4rHqQcI6yAJM8X1Y3ymGrD7vG7GiRxB7yoEG13SKhZIWOddTnxIhbkz81RfrL2fUJIydOaP6sS//9Q==,iv:Tr6MWoC6nC7rdVTOjT1T2itT+lVL4GnUiAr5/+IHAs0=,tag:keIJNuGeVht8+xSN3FnBGA==,type:str] -mydia: - oidc_id: ENC[AES256_GCM,data:LfYWh9EC0aio3w1Xsj/jtU6z,iv:+dX9KkNtfQMYSX4yr83KyXalWMD/aWby7fC8aL4ZT3I=,tag:CvdbMoMTuC9FohTMIE5pmg==,type:str] - oidc_secret: ENC[AES256_GCM,data:PgI4hmP/3wt9uj+1QvCYcT8Wav0hgCRADouzWM3V695SSfXfbwDgez8tA/tm1/1jymAU2F2sZH8G2hZ1cdHyHQ==,iv:h3o3jsTmnoNE3+mGX12J3ZU0/6PlQNjdndEvaj/czj0=,tag:p3+p4E8fBtR7a8UpM8cUsg==,type:str] - secret_key_base: ENC[AES256_GCM,data:yG7HJ5r74Qtxbeyf8F6dA0uHv2pQ8YAJKlKiKjS+m24JRvJWQaTThJ+c5HbuUa6R3e9XtVHchhlVPkF0Is/b+g==,iv:v65xdRr4JdKZmBtjZ08/J3LLqnphSGt9QfVPNQ2x/xg=,tag:n7tD2dhr4IJn1LWM9WW8UA==,type:str] - guardian_secret: ENC[AES256_GCM,data:OjnNFSHlecL+qXwlhTm++itRM6ga5E5KrSJxbgIUpbMEkIWgu3xhRtnPdipXbedgall0XdO/s+jnWCagZX94BA==,iv:DukdKvm9vey8BWUiml20tgA/Vji1XVX4+sUPge9nTk0=,tag:q3HdvgUYqR0APiaFz0ul5Q==,type:str] -qbittorrent: - password_hash: ENC[AES256_GCM,data:QWuQYmfBn9eLDYztH7TmQvw74MvmzCQ98OlBtyjm1Icr2c63epRuHWzQbm+Q+1jrCSiQreOB3ZyjLzkeV6SlLonryUSD71uBWVwctgPXO0XDrxE1Vi6dkiwC3TF65JTMDhyjDLEj1YkiMP25Fz5NidJTP/r9GlXTfM7gjWo=,iv:bpgL5IoAv+1PUtgNIjLcbzN8C9z55ndypz4LEELAhLc=,tag:VB+XTCwLeIEYKnOr/0f7zA==,type:str] - password: ENC[AES256_GCM,data:UepYY6UjJV/jo2aXTOEnKRtsjSqOSYPQlKlrAa7rf9rdnt2UXGjCkvN+A72pICuIBCAmhXZBAUMvmWTV9trk6NREHe0cY1xTC7pNv3x9TM/ZQmH498pbT/95pYAKwouHp9heJQ==,iv:FzjF+xPoaOp+gplxpz940V2dkWSTWe8dWUxexCoxxHc=,tag:TDZsboq9fEmmBrwJN/HTpQ==,type:str] sops: age: - recipient: age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq @@ -47,7 +39,7 @@ sops: TTRWaHhpNWlkVDFmMFN4ZTNHMUxyNVkKV693pzTKRkZboQCMPr9IyMGSgxfuHXcb Y6BNcp6Qg6PWtX5QI7wRkPNINAK1TEbRBba+b8h6gMmVU4DliQyFiQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-12-04T11:24:52Z" - mac: ENC[AES256_GCM,data:jIgkl1lcVDSlKqJs9fjaHUAZsGL+22T86/qqKyDziHl0+VU763Ezwm8P+la+55jIIT2zLhFcUjhn2BabBi90OeEPztAC4rGpZj6+ZZ0GDCj/JhjPAAo3LgAKOCG0Xgf8MZWr/rXd6bLhW7Qj36PMJnap26rjEiUZeSvpWS2dz8g=,iv:CDx8fBI9Dl1uwrbMD1fa7/h3C7haK3xZxJI59mtL1LA=,tag:2UDRFJoevGEBKZA/9eUiOw==,type:str] + lastmodified: "2025-11-19T09:51:26Z" + mac: ENC[AES256_GCM,data:pMMkxHPochpI8si/oHhU7MHqC1JjNhMP7HCRNQQEkwBQI489xiC02t+qUwpmG4oIheqi8lEcZPpL4t9HzRN9sZImaI2LrJn3cHFojHzXzo7FPfvfUilZe1+JXLfm+wn+bflAEutIcfDiZc/MjiKOxRHwZy5Pr41Mj6uPIUr62zk=,iv:GwvMVgJ6m1DQcRZMVzshbuMK/Kx8vE8Ym83KbxuvYRg=,tag:wVSol9LDRzoFjQppB8J9gA==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0